How to update your kernel for Meltdown and Spectre

All Gurus once were Newbies
Forum rules
There are no such things as "stupid" questions. However if you think your question is a bit stupid, then this is the right place for you to post it. Please stick to easy to-the-point questions that you feel people can answer fast. For long and complicated questions prefer the other forums within the support section.
Before you post please read how to get help
User avatar
Sir Charles
Level 7
Level 7
Posts: 1897
Joined: Thu Jan 04, 2018 1:00 pm

Re: How to update your kernel for Meltdown and Spectre

Post by Sir Charles » Wed Mar 14, 2018 8:25 pm

ginahoy wrote:
Mon Mar 12, 2018 5:48 pm
Sorry for a quick OT question, but should I be concerned with upgrading to 4.15 kernel when it's offered in terms of VirtualBox compatibility, assuming I have latest VB release? I haven't set up a VM yet but VB will become critical for my work once I port my XP OS to VM and retire the XP machine.
Have a look at this article: VirtualBox 5.2.8 Released with Support for Linux 4.15
I suppose that's one of the ironies of life, doing the wrong thing at the right moment -C.C.

ginahoy
Level 3
Level 3
Posts: 188
Joined: Sun May 28, 2017 3:15 pm

Re: How to update your kernel for Meltdown and Spectre

Post by ginahoy » Wed Mar 14, 2018 9:37 pm

Marziano wrote:
Wed Mar 14, 2018 8:25 pm
Have a look at this article: VirtualBox 5.2.8 Released with Support for Linux 4.15
Thanks for that. After reviewing the original post in this thread, which was updated multiple times as recently as Feb 27, I suspected the advice given regarding VB was probably stale, even for kernel 4.13.
Linux Mint 18.2 Xfce x64 | ASRock Z270 Extreme4 | Core i7 7700K | Cryorig H7 cooler| 32GB DDR4 2400| modded legacy Evercase LE4252 | EVGA 450W B3 | Samsung 850 EVO SSD

Mr_Reed
Level 3
Level 3
Posts: 198
Joined: Tue Dec 23, 2014 12:27 am

Re: How to update your kernel for Meltdown and Spectre

Post by Mr_Reed » Tue Apr 03, 2018 9:44 pm

I'm using 18.3 xfce. In previous versions I believe 18.1 or 18.2, I never had the update manager constantly nagging me about updating kernels.

I have always been under the impression that kernel updates will break the computer especially for someone like myself that is somewhat new to the Linux world.

I sort of understood the need to get new kernels for the spectre/meltdown fiasco. Then again I'm using AMD, so I don't know how important it really was. Not sure of the facts on brands and models affected. Anyway, it seems that I'm still seeing new kernels being frequently released since the spectre/meltdown problem. This is somewhat reminding me of MS Windows 7 monthly quality rollups or whatever they're called now. It just seems serious, and I'm concerned that I'll break the computer with constant kernel updates.

User avatar
AZgl1500
Level 11
Level 11
Posts: 3536
Joined: Thu Dec 31, 2015 3:20 am
Location: Oklahoma where the wind comes sweeping down the plains
Contact:

Re: How to update your kernel for Meltdown and Spectre

Post by AZgl1500 » Wed Apr 04, 2018 12:51 am

I have been in the same camp as you.....

I used to build it, or buy it, and leave it alone........
I still will not "upgrade" the firmware for the cards in the PCs.....

I had a terribly bad experience with that on a HP laptop I used to own.
It worked beautifully, never ever, gave me a minutes worth of trouble....

and then one day, HP got to harping at me that the Graphics card "just has to have this upgrade".

well, that destroyed a good laptop..... how the heck do you go about fixing that problem when allyou see on the screen is jagged lines????

I brought home a Green Screen from my office, plugged that in, and then pushed the OEM software onto the laptop.... that put it back in business....

Now though, in today's rampant hacker/thievery world, and am a lot more prone to accept "Security Updates"..... the hardware though, I wait and let the other guys try it out first.....

that saved my bacon with the Virtualbox fiasco..... I wait a week before I do updates....
saw what was happening, and put a block on any updates for that.

giorgio33
Level 1
Level 1
Posts: 12
Joined: Sat Jan 13, 2018 3:43 am

Re: How to update your kernel for Meltdown and Spectre

Post by giorgio33 » Sun Apr 08, 2018 2:15 pm

br1anstorm wrote:
Wed Mar 14, 2018 2:25 pm
I guess this is a question which follows on from xenopeek's excellent guidance in the original post in this thread. It's on a point of detail.

I have Linux Mint XFCE 17.3 (Rosa) installed on a 4 year old (64 bit, Intel Core i5) laptop. Currently it has the 3.19.0-32 kernel. I have never (yet) changed or installed kernels. I'm a bit late in doing so in response to Spectre/Meltdown, because I had a problem over using Timeshift and have had to recover all my "lost" files. We are more or less back to normal now....

The guidance in the OP suggests that as a user of Mint 17.3 I should install the 4.4.0-116 kernel. Fine - it is listed as available when I view the kernel list in Update Manager, so I could go ahead. BUT.... (here's my question):

My Update Manager already lists, as a level 5 update, Linux kernel 4.4.0-lts1. I haven't yet actioned that.

Now xenopeek's guidance in the OP recommends the installation of kernel 4.4.0-116, and it then goes on to say:

".....In the list of available updates you should also see (or have already installed) a level 5 security upgrade for linux-kernel to version 4.4.0-lts1. You may see level 5 security upgrades for linux (it may be for a lower version number than your kernel, which is fine and as expected if the upgrade contains the package linux-libc-dev). You should install all security updates."

My question is simple (and apologies if I'm being dumb!). Which should I do first? Should I choose to install kernel 4.4.0-116 from the kernel list, then reboot, refresh the Update Manager and see whether that level 5 update is still there and opt to go ahead with that? Or should I do that level 5 update (4.4.0-lts1) first in the Update Manager, then go looking in the kernel list to see whether 4.4.0-116 is still offered and if so, install that too?
Hi br1anstorm,
Did you have any answers?
I'd like to know what you decided to do.
Thanks for an answer!
George

br1anstorm
Level 4
Level 4
Posts: 360
Joined: Mon Nov 24, 2014 8:53 am

Re: How to update your kernel for Meltdown and Spectre

Post by br1anstorm » Sun Apr 08, 2018 4:35 pm

giorgio33 wrote:
Sun Apr 08, 2018 2:15 pm

Hi br1anstorm,
Did you have any answers?
I'd like to know what you decided to do.
Thanks for an answer!
George
Hello giorgio....

Since this thread was already so long and my question probably wasn't noticed, I re-posted it in a new thread at viewtopic.php?f=90&t=265811&p=1444425.

I got one or two answers. Some said go with what the update manager recommends. Others said go ahead with new kernel which xenopeek recommends. So I didn't really feel much the wiser. Until now I haven't done either, so my system is still running with an older kernel!

User avatar
dave8671
Level 3
Level 3
Posts: 140
Joined: Sat Jul 23, 2016 7:04 pm

Re: How to update your kernel for Meltdown and Spectre

Post by dave8671 » Wed May 30, 2018 2:24 am

I have been monitoring the post, Currently running 4.13.0-43-generic. and the code to check the patch which was

grep CONFIG_PAGE_TABLE_ISOLATION=y /boot/config-`uname -r` && echo "patched :)" || echo "unpatched :(

and the result was On my Thinkpad T520

CONFIG_PAGE_TABLE_ISOLATION=y
patched :)

But can I believe it?

User avatar
smurphos
Level 12
Level 12
Posts: 4396
Joined: Fri Sep 05, 2014 12:18 am
Location: Britisher
Contact:

Re: How to update your kernel for Meltdown and Spectre

Post by smurphos » Wed May 30, 2018 2:47 am

That command just confirms that your currently installed kernel is capable of KPTI - whether it's active or not will depend on your boot parameters in grub. If you haven't messed with the boot parameters the default behaviour is that it is active.

dmesg | grep isolation should return something like [ 0.000000] Kernel/User page tables isolation: enabled if it is active.

This is a good tool to confirm what mitigations are active for all the spectre/meltdown vulnerabilities - https://github.com/speed47/spectre-melt ... r/releases
For custom Nemo actions, useful scripts for the Cinnamon desktop, and Cinnamox themes visit my Github pages.

User avatar
dave8671
Level 3
Level 3
Posts: 140
Joined: Sat Jul 23, 2016 7:04 pm

Re: How to update your kernel for Meltdown and Spectre

Post by dave8671 » Wed May 30, 2018 8:59 pm

I used the command

dmesg | grep isolation and it was active. I do not do anything with the grub.

[ 0.000000] Kernel/User page tables isolation: enabled

I downloaded that link but I do not understand how to use it yet.

User avatar
dave8671
Level 3
Level 3
Posts: 140
Joined: Sat Jul 23, 2016 7:04 pm

Re: How to update your kernel for Meltdown and Spectre

Post by dave8671 » Sat Jun 23, 2018 10:45 am

I got to wondering how long the kernel 4.13 series is supported for? I am sure its not a LTS and Tera is going to be using 4.15 from what I read. When should a user upgrade the kernel in general?

User avatar
thx-1138
Level 7
Level 7
Posts: 1922
Joined: Fri Mar 10, 2017 12:15 pm
Location: Athens, Greece

Re: How to update your kernel for Meltdown and Spectre

Post by thx-1138 » Sat Jun 23, 2018 11:19 am

dave8671 wrote:
Sat Jun 23, 2018 10:45 am
I got to wondering how long the kernel 4.13 series is supported for? I am sure its not a LTS and Tera is going to be using 4.15 from what I read. When should a user upgrade the kernel in general?
4.13 is supported until August.

Post Reply

Return to “Newbie Questions”