spectre patch

Quick to answer questions about finding your way around Linux Mint as a new user.
Forum rules
There are no such things as "stupid" questions. However if you think your question is a bit stupid, then this is the right place for you to post it. Stick to easy to-the-point questions that you feel people can answer fast. For long and complicated questions use the other forums in the support section.
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
Locked
pegasis
Level 4
Level 4
Posts: 470
Joined: Fri Dec 26, 2014 12:56 pm

spectre patch

Post by pegasis »

Hello

how do I patch for Spectre?

I am currently: grep CONFIG_PAGE_TABLE_ISOLATION=y /boot/config-`uname -r` && echo "patched :)" || echo "unpatched :("

4.4.0-116-generic
Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 1 time in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Mattyboy

Re: spectre patch

Post by Mattyboy »

Update your Kernel to 4.13.

Should you actually do this depends on the system you're running as it may cause issues. Be sure that you understand how to revert, at boot, through grub to the earlier kernel versions.

Updating your microcode was recommended in the Linux blog, here https://blog.linuxmint.com/?s=spectre&submit=Search but that's subsequently been debated.

If unsure provide the results of

Code: Select all

inxi -Fxz
, to show the details of your system. You can also search these forums for lots of discussions on this issue.
pegasis
Level 4
Level 4
Posts: 470
Joined: Fri Dec 26, 2014 12:56 pm

Re: spectre patch

Post by pegasis »

inxi -Fxz
System: Host: BladeRunner Kernel: 4.4.0-116-generic x86_64 (64 bit gcc: 5.4.0)
Desktop: Cinnamon 3.0.7 (Gtk 3.18.9-1ubuntu3.3)
Distro: Linux Mint 18 Sarah
Machine: System: Gigabyte product: Z270X-UD3 v: Default string
Mobo: Gigabyte model: Z270X-UD3-CF v: x.x
Bios: American Megatrends v: F3 date: 01/13/2017
CPU: Quad core Intel Core i7-7700K (-HT-MCP-) cache: 8192 KB
flags: (lm nx sse sse2 sse3 sse4_1 sse4_2 ssse3 vmx) bmips: 33603
clock speeds: max: 4500 MHz 1: 1299 MHz 2: 1290 MHz 3: 1381 MHz
4: 1298 MHz 5: 1302 MHz 6: 1305 MHz 7: 1372 MHz 8: 2539 MHz
Graphics: Card: NVIDIA Device 1c81 bus-ID: 01:00.0
Display Server: X.Org 1.18.4 drivers: nvidia (unloaded: fbdev,vesa,nouveau)
Resolution: 1920x1080@60.00hz
GLX Renderer: GeForce GTX 1050/PCIe/SSE2
GLX Version: 4.5.0 NVIDIA 384.111 Direct Rendering: Yes
Audio: Card-1 Intel Device a2f0 driver: snd_hda_intel bus-ID: 00:1f.3
Card-2 NVIDIA Device 0fb9 driver: snd_hda_intel bus-ID: 01:00.1
Sound: Advanced Linux Sound Architecture v: k4.4.0-116-generic
Network: Card: Intel Ethernet Connection (2) I219-V
driver: e1000e v: 3.2.6-k bus-ID: 00:1f.6
IF: enp0s31f6 state: up speed: 100 Mbps duplex: full mac: <filter>
Drives: HDD Total Size: 5001.0GB (30.4% used)
ID-1: /dev/sda model: ST5000DM000 size: 5001.0GB
Partition: ID-1: / size: 55G used: 14G (26%) fs: ext4 dev: /dev/sda3
ID-2: /home size: 4.4T used: 1.4T (33%) fs: ext4 dev: /dev/sda4
ID-3: swap-1 size: 33.55GB used: 0.00GB (0%) fs: swap dev: /dev/sda2
RAID: No RAID devices: /proc/mdstat, md_mod kernel module present
Sensors: System Temperatures: cpu: 29.8C mobo: 27.8C gpu: 0.0:30C
Fan Speeds (in rpm): cpu: N/A
Info: Processes: 215 Uptime: 2:52 Memory: 1551.5/15998.6MB
Init: systemd runlevel: 5 Gcc sys: 5.4.0
Client: Shell (bash 4.3.481) inxi: 2.2.35
Mattyboy

Re: spectre patch

Post by Mattyboy »

You should be fine with updating your Kernel to 4.13x. I'm also running the intel microcode update with no notable loss in performance ( but that one is up to you ). Make sure you read all the recommendations in the blog post, particularly the section discussing chrome and chromium web browsers.

I have a very similar system.

Code: Select all

 Kernel: 4.13.0-37-generic x86_64 (64 bit gcc: 5.4.0)
           Desktop: Cinnamon 3.6.7 (Gtk 3.18.9-1ubuntu3.3)
           Distro: Linux Mint 18.3 Sylvia
Machine:   System: Gigabyte product: N/A
           Mobo: Gigabyte model: G1.SNIPER B7-CF v: x.x
           Bios: American Megatrends v: F4 date: 11/02/2015
CPU:       Dual core Intel Core i3-6100 (-HT-MCP-) cache: 3072 KB
           flags: (lm nx sse sse2 sse3 sse4_1 sse4_2 ssse3 vmx) bmips: 14784
           clock speeds: max: 3700 MHz 1: 3700 MHz 2: 3700 MHz 3: 3700 MHz
           4: 3700 MHz
Graphics:  Card: NVIDIA Device 1c03 bus-ID: 01:00.0
           Display Server: X.Org 1.18.4 drivers: nvidia (unloaded: fbdev,vesa,nouveau)
           Resolution: 1920x1080@60.00hz, 1920x1080@60.00hz
           GLX Renderer: GeForce GTX 1060 6GB/PCIe/SSE2
           GLX Version: 4.5.0 NVIDIA 384.111 Direct Rendering: Yes
Audio:     Card-1 NVIDIA Device 10f1 driver: snd_hda_intel bus-ID: 01:00.1
           Card-2 Intel Sunrise Point-H HD Audio
           driver: snd_hda_intel bus-ID: 00:1f.3
           Sound: Advanced Linux Sound Architecture v: k4.13.0-37-generic
Network:   Card-1: Intel Ethernet Connection (2) I219-V
           driver: e1000e v: 3.2.6-k bus-ID: 00:1f.6
           IF: enp0s31f6 state: down mac: <filter>
           Card-2: Qualcomm Atheros AR9287 Wireless Network Adapter (PCI-Express)
           driver: ath9k bus-ID: 03:00.0
           IF: wlp3s0 state: up mac: <filter>
           Card-3: Microsoft Xbox 360 Wireless Adapter usb-ID: 001-005
           IF: null-if-id state: N/A mac: N/A
User avatar
smurphos
Level 18
Level 18
Posts: 8501
Joined: Fri Sep 05, 2014 12:18 am
Location: Irish Brit in Portugal
Contact:

Re: spectre patch

Post by smurphos »

4.4.0-116.140 is already patched against spectre and meltdown. No need to jump to 4.13 unless you have other reasons to do so. 4.4 series will continue to get all security patches until 2021.

There is no microcode currently officially available that includes any spectre/meltdown patches. The patched microcode that intel provided in January was subsequently withdrawn as buggy. They have released new microcode recently - it's currently in testing over at Ubuntu. It may take a while.

Just make sure you are applying all other security updates - particularly your browsers.

https://wiki.ubuntu.com/SecurityTeam/Kn ... ndMeltdown
For custom Nemo actions, useful scripts for the Cinnamon desktop, and Cinnamox themes visit my Github pages.
Locked

Return to “Beginner Questions”