ATTN!...Intel CPU owners (Spectre,Meltdown,Foreshadow, flaws)

Chat about just about anything else
User avatar
ArtGirl
Level 4
Level 4
Posts: 388
Joined: Sat Apr 15, 2017 1:16 pm
Location: UK

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by ArtGirl » Tue Jan 09, 2018 7:02 pm

I just installed 4.4.0-108, and the system is fine. Is this the actual patched version?, as I can see 4.4.110 on https://www.kernel.org/. I'm running 4.13, so the 4.4.0-108 isn't active? Thanks.
18.3 Mate 64bit
Radeon R9 255, Mesa 17.2.8, 4.15.0-13,
Lenovo x310, intel i7-4790, 16 ram,
Ugee 2150


For any advice I've been able to add, eg re graphics tablets, please search forum.

Image

JeremyB
Level 20
Level 20
Posts: 10878
Joined: Fri Feb 21, 2014 8:17 am

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by JeremyB » Tue Jan 09, 2018 7:05 pm

Artgirl, you need to use grub menu at boot, select advanced options, then scroll down to the 4.4.0-108 kernel to boot into it
That is the patched one

User avatar
ArtGirl
Level 4
Level 4
Posts: 388
Joined: Sat Apr 15, 2017 1:16 pm
Location: UK

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by ArtGirl » Tue Jan 09, 2018 7:25 pm

JeremyB wrote:Artgirl, you need to use grub menu at boot, select advanced options, then scroll down to the 4.4.0-108 kernel to boot into it
That is the patched one
Thanks, JeremyB. Much appreciate.
EDIT: Krita's running just the same as when unpatched, on the patched 4.4. :)
Last edited by ArtGirl on Tue Jan 09, 2018 9:52 pm, edited 2 times in total.
18.3 Mate 64bit
Radeon R9 255, Mesa 17.2.8, 4.15.0-13,
Lenovo x310, intel i7-4790, 16 ram,
Ugee 2150


For any advice I've been able to add, eg re graphics tablets, please search forum.

Image

Laurent85
Level 16
Level 16
Posts: 6072
Joined: Tue May 26, 2015 10:11 am

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by Laurent85 » Tue Jan 09, 2018 7:30 pm

You can also check dmesg output for kpti status (kernel page table isolation) which fixes variant #3 Meltdown vulnerabilty:

Code: Select all

dmesg | grep isolation
[    0.000000] Kernel/User page tables isolation: enabled
Image

User avatar
ArtGirl
Level 4
Level 4
Posts: 388
Joined: Sat Apr 15, 2017 1:16 pm
Location: UK

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by ArtGirl » Tue Jan 09, 2018 10:37 pm

I've just installed 4.13.0-25 and the system is running perfectly (Krita, Wine/games incl large games, etc)! Thanks so much to everyone involved. Off to donate. :)
18.3 Mate 64bit
Radeon R9 255, Mesa 17.2.8, 4.15.0-13,
Lenovo x310, intel i7-4790, 16 ram,
Ugee 2150


For any advice I've been able to add, eg re graphics tablets, please search forum.

Image

User avatar
smurphos
Level 12
Level 12
Posts: 4086
Joined: Fri Sep 05, 2014 12:18 am
Location: Britisher
Contact:

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by smurphos » Wed Jan 10, 2018 12:33 am

For anyone on 4.10 please be aware that Update Manager is not picking up the patched 4.13.0-25.29~16.04.2 as a recommended security update as might be expected. It is there and can be manually installed from the kernel section of Update Manager.

I don't think this is a fault in Update Manager - this kernel is still flagged by Ubuntu devs as HWE-Edge for 16.04 and not HWE which I think prevents Update Manager recommending it.
For custom Nemo actions, useful scripts for the Cinnamon desktop, and Cinnamox themes visit my Github pages.

User avatar
michael louwe
Level 10
Level 10
Posts: 3297
Joined: Sun Sep 11, 2016 11:18 pm

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by michael louwe » Wed Jan 10, 2018 1:16 am

https://access.redhat.com/articles/3311301 (how to use the Terminal to disable the KPTI/Meltdown and Spectre patches, if needed)

https://www.theregister.co.uk/2018/01/0 ... _problems/ (dated 8 Jan 2018 - more problems from the Windows Meltdown patch)

User avatar
michael louwe
Level 10
Level 10
Posts: 3297
Joined: Sun Sep 11, 2016 11:18 pm

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by michael louwe » Wed Jan 10, 2018 1:43 am

As per https://wiki.ubuntu.com/SecurityTeam/Kn ... ndMeltdown (up to 9 Jan 2018), the KPTI/Meltdown patch has been released for Ubuntu and Ubuntu-based distros and is in Linux kernel 3.13.139, 4.4.108 and 4.13.25.
... Bear in mind that these kernels from Canonical-Ubuntu are different from those KPTI-patched kernels in kernel.org, even if they have the same numbering.

What about the BIOS/firmware/microcode updates to patch for the Spectre bug.? Do we get them from the OEMs or from Update/Driver Manager.?

User avatar
thx-1138
Level 7
Level 7
Posts: 1843
Joined: Fri Mar 10, 2017 12:15 pm
Location: Athens, Greece

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by thx-1138 » Wed Jan 10, 2018 2:42 am


User avatar
michael louwe
Level 10
Level 10
Posts: 3297
Joined: Sun Sep 11, 2016 11:18 pm

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by michael louwe » Wed Jan 10, 2018 3:09 am

@ thx-1138, .......
thx-1138 wrote:https://downloadcenter.intel.com/downlo ... -Data-File
For those interested...
Thx.

From the link, looks like, nearly all affected Intel processors up to 20+ years old can be patched for the Spectre bug through Linux.

The microcode fix is a tar.gz file = download, extract to a folder, go through the Read.me file for the installation instructions, install and reboot.

User avatar
ArtGirl
Level 4
Level 4
Posts: 388
Joined: Sat Apr 15, 2017 1:16 pm
Location: UK

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by ArtGirl » Wed Jan 10, 2018 4:01 am

michael louwe wrote: From the link, looks like, nearly all affected Intel processors up to 20+ years old can be patched for the Spectre bug through Linux.

The microcode fix is a tar.gz file = download, extract to a folder, go through the Read.me file for the installation instructions, install and reboot.
Eek, that's too complicated an install for me, but great that the update is available. Are there any very simple instructions, preferably with big pictures, lol? I'm thinking that with this microcode being a security update it may not be long before it's in the Drivers section?
18.3 Mate 64bit
Radeon R9 255, Mesa 17.2.8, 4.15.0-13,
Lenovo x310, intel i7-4790, 16 ram,
Ugee 2150


For any advice I've been able to add, eg re graphics tablets, please search forum.

Image

now3by
Level 2
Level 2
Posts: 65
Joined: Mon Jan 23, 2017 1:56 pm

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by now3by » Wed Jan 10, 2018 4:17 am

Old Intel CPU are not yet updated for Spectre & Meltdown !
Latest Intel microcode 20180108 update only 8 CPUs models:

!New_cpu306E4_platED_ver0000042A_2017-12-01_PRD_9B215C1F.bin
!New_cpu706A1_plat01_ver00000022_2017-12-26_PRD_CA264967.bin
!New_cpu806EA_platC0_ver00000080_2018-01-04_PRD_F6263DAE.bin
!New_cpu906EA_plat22_ver00000080_2018-01-04_PRD_84CABC68.bin
!New_cpu906EB_plat02_ver00000080_2018-01-04_PRD_D24EDB7F.bin
!New_cpu50654_platB7_ver0200003C_2017-12-08_PRD_A4059069.bin
!New_cpu50662_plat10_ver00000014_2017-12-16_PRD_9161527A.bin
!New_cpu50663_plat10_ver07000011_2017-12-16_PRD_B17C1102.bin
Linux...

User avatar
ArtGirl
Level 4
Level 4
Posts: 388
Joined: Sat Apr 15, 2017 1:16 pm
Location: UK

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by ArtGirl » Wed Jan 10, 2018 4:21 am

now3by wrote:Old Intel CPU are not yet updated for Spectre & Meltdown !
Latest Intel microcode 20180108 update only 8 CPUs models:

!New_cpu306E4_platED_ver0000042A_2017-12-01_PRD_9B215C1F.bin
!New_cpu706A1_plat01_ver00000022_2017-12-26_PRD_CA264967.bin
!New_cpu806EA_platC0_ver00000080_2018-01-04_PRD_F6263DAE.bin
!New_cpu906EA_plat22_ver00000080_2018-01-04_PRD_84CABC68.bin
!New_cpu906EB_plat02_ver00000080_2018-01-04_PRD_D24EDB7F.bin
!New_cpu50654_platB7_ver0200003C_2017-12-08_PRD_A4059069.bin
!New_cpu50662_plat10_ver00000014_2017-12-16_PRD_9161527A.bin
!New_cpu50663_plat10_ver07000011_2017-12-16_PRD_B17C1102.bin
There's a huge list that can be seen by following the link 3 posts above; I know, as I had to copy/paste them all into a text file to be able to search, with there being so many. Easier to search for your system that way ... look at System Settings/System Info first, loading it up into browser (github page).
18.3 Mate 64bit
Radeon R9 255, Mesa 17.2.8, 4.15.0-13,
Lenovo x310, intel i7-4790, 16 ram,
Ugee 2150


For any advice I've been able to add, eg re graphics tablets, please search forum.

Image

now3by
Level 2
Level 2
Posts: 65
Joined: Mon Jan 23, 2017 1:56 pm

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by now3by » Wed Jan 10, 2018 4:25 am

That list show all CPU that have microcode update since they are released from factory with the default microcode included and not CPU that have microcode update for Spectre and Meltdown flaws !

It will take a log time to update all Intel CPUs for this Spectre & Meltdown flaw !
Linux...

User avatar
michael louwe
Level 10
Level 10
Posts: 3297
Joined: Sun Sep 11, 2016 11:18 pm

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by michael louwe » Wed Jan 10, 2018 4:27 am

@ Artgirl, .......
Artgirl wrote:...
Ensure that your Intel processor is covered by the microcode fix from Intel.
.
For an example of the GUI steps for a tar.gz file, please refer to ... https://askubuntu.com/questions/713734/ ... untu-14-04

Normally, you just need to double-click on the appropriate installation files to run them. In the above link, I think step 5 onwards are for a non-normal install in non-mainstream Linux distros.

User avatar
michael louwe
Level 10
Level 10
Posts: 3297
Joined: Sun Sep 11, 2016 11:18 pm

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by michael louwe » Wed Jan 10, 2018 5:03 am

@ now3by, .......
now3by wrote:...
.
These links ... https://news.ycombinator.com/item?id=16111433 and https://bugs.launchpad.net/ubuntu/+sour ... ug/1742364
confirm that the latest Intel microcode 20180108(courtesy of thx-1138) is for the Spectre bug and applies to nearly all Intel processors.

now3by
Level 2
Level 2
Posts: 65
Joined: Mon Jan 23, 2017 1:56 pm

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by now3by » Wed Jan 10, 2018 5:20 am

I tested myself few old CPUs in hw I have here: N3530, I5-520M, I5-3470, E8400, E8500, Q6600 with latest Intel microcode-20180108 and they have no new microcode update since microcode-20171117 and previous.
Tested new I5-7400 CPU and it have a microcode update.

Test yourself and let us know for what CPU you found microcode update that patch Spectre...
Linux...

User avatar
michael louwe
Level 10
Level 10
Posts: 3297
Joined: Sun Sep 11, 2016 11:18 pm

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by michael louwe » Wed Jan 10, 2018 5:42 am

@ now3by, .......
now3by wrote:...
.
According to this link ... https://downloadcenter.intel.com/produc ... 3-MHz-FSB- , the latest Intel microcode 20180108 can be applied to the Intel E8400 processors.

LM users may download the microcode tar.gz file, extract it, read the Release notes for installation instructions, install it through the Terminal and reboot.
... Or they can wait for the Intel microcode 20180108 update to appear in Driver Manager = easier to install.

now3by
Level 2
Level 2
Posts: 65
Joined: Mon Jan 23, 2017 1:56 pm

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by now3by » Wed Jan 10, 2018 5:49 am

now3by wrote:That list show all CPU that have microcode update since they are released from factory with the default microcode included and not CPU that have microcode update for Spectre and Meltdown flaws !

It will take a log time to update all Intel CPUs for this Spectre & Meltdown flaw !
why don't you compare microcode-20180108 and microcode-20171117 to see that only few files are updated ?
Linux...

kitaubila
Level 1
Level 1
Posts: 21
Joined: Tue Jan 03, 2017 7:03 am

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by kitaubila » Wed Jan 10, 2018 5:51 am

I'm completely lost with all this spectre/meltdown issue and the list of updates/patches that never ends :-(.
Also I'm a complete LM newbie :( . Can anyone explain what I should install or keep my eye out for these 2 systems.
I have 2 LMs in my VirtualBox:

RELEASE=17.3
CODENAME=rosa
EDITION="MATE 64-bit"
kernel:
3.19.0-32-generic #37~14.04.1-Ubuntu SMP

and

RELEASE=18.2
CODENAME=sonya
EDITION="Xfce 64-bit"
kernel:
4.10.0-32-generic #36~16.04.1-Ubuntu SMP


P.S. what is this microcode now? is this something like .inf (driver) in Win? So I need this in LM together with new kernel when they appear?
Is there any way to patch FireFox v56 for spectre/meltdown cos I really hate v57 and the thing that I can't use half of my add-ons :-(.

thanks

Post Reply

Return to “Open chat”