Real fixes for Spectre and Meltdown?

Discussion in 'General Linux Discussion' started by cloasters, Jan 9, 2018.

  1. ThunderRd

    ThunderRd Irreverent Query Chairman Staff Member

    Joined:
    Dec 17, 2012
    Messages:
    2,762
    Likes Received:
    88
    Trophy Points:
    48
    Location:
    Northern Thailand, the Land of Smiles
    Home page:
  2. Kaitain

    Kaitain Active Member

    Joined:
    Jul 24, 2016
    Messages:
    373
    Likes Received:
    34
    Trophy Points:
    28
    The fixes for Mint 17.x are also out, along with various other bits... https://blog.linuxmint.com/?p=3496

    Um... I may have misread but if you're trying to upgrade in place from 17.x to 18.x, that's, er, brave?
  3. porporme

    porporme Member

    Joined:
    Dec 21, 2017
    Messages:
    235
    Likes Received:
    7
    Trophy Points:
    18
    Location:
    Othello,Wa
    Yea-what he said!
  4. cloasters

    cloasters Moderator

    Joined:
    Jul 3, 2013
    Messages:
    8,383
    Likes Received:
    82
    Trophy Points:
    48
    Thank you Kaitain! You are da man!
  5. Kaitain

    Kaitain Active Member

    Joined:
    Jul 24, 2016
    Messages:
    373
    Likes Received:
    34
    Trophy Points:
    28
    ... of course, knowing that the fixes are out doesn't mean I've applied any of them :p
  6. cloasters

    cloasters Moderator

    Joined:
    Jul 3, 2013
    Messages:
    8,383
    Likes Received:
    82
    Trophy Points:
    48
    Same goes for me, as well! With very great help from ThunderRd I've been doing a few typing in the scary Terminal zone thangs.

    Saw a very recent squib saying how, yet again, or perhaps still how terrible Intel has been with its ""updates"" to fix Intel's stupidity/underhanded greed from Linus Torvalds himself.
  7. Kaitain

    Kaitain Active Member

    Joined:
    Jul 24, 2016
    Messages:
    373
    Likes Received:
    34
    Trophy Points:
    28
    Oh, this one? https://lkml.org/lkml/2018/1/21/192

    Not his finest work. Needs more ****. Also read https://lkml.org/lkml/2018/1/22/598 and https://security.googleblog.com/2018/01/more-details-about-mitigations-for-cpu_4.html

    Anyway, I'm not falling over myself to apply patches to either of my laptops. Ignoring the fact that my main laptop is now 8 years old, with the family's "new" laptop turning six in April, it seems to me that the more immediately effective solution is, as ever, is to control who gets to run what on my machine. If that means blocking javascript, and only whitelisting particular scrips on particular sites... well, I already do that.
  8. ThunderRd

    ThunderRd Irreverent Query Chairman Staff Member

    Joined:
    Dec 17, 2012
    Messages:
    2,762
    Likes Received:
    88
    Trophy Points:
    48
    Location:
    Northern Thailand, the Land of Smiles
    Home page:
  9. Kaitain

    Kaitain Active Member

    Joined:
    Jul 24, 2016
    Messages:
    373
    Likes Received:
    34
    Trophy Points:
    28
    I wonder whether the family 6 model 37 westmere unit in my main laptop will see some love...
  10. cloasters

    cloasters Moderator

    Joined:
    Jul 3, 2013
    Messages:
    8,383
    Likes Received:
    82
    Trophy Points:
    48
    Scheisse du Mensch! I have not done any "updates" for my processor. Looks like that was the right move. Fscking Intel. Learning to hate you, learning to hate all about you!

    Yes, that was the Linus post I was referring to. The latest from David Woodhouse adds more confusion. The CUTE .pdf from Intel seems to mean I have a Skylake proc. The info is undecipherable for me. Maybe I should just stop using computers--I surely can't understand what I'm supposed to.

    I know, starting tomorrow I'm building my own CPU! How hard can it be?
  11. ThunderRd

    ThunderRd Irreverent Query Chairman Staff Member

    Joined:
    Dec 17, 2012
    Messages:
    2,762
    Likes Received:
    88
    Trophy Points:
    48
    Location:
    Northern Thailand, the Land of Smiles
    Home page:
    George, show me the output of this:

    apt-get install -s intel-microcode
  12. ThunderRd

    ThunderRd Irreverent Query Chairman Staff Member

    Joined:
    Dec 17, 2012
    Messages:
    2,762
    Likes Received:
    88
    Trophy Points:
    48
    Location:
    Northern Thailand, the Land of Smiles
    Home page:
    An interesting overview by a well-known security geek named Colin Percival, of FreeBSD. Pay attention to the section called
    Understanding the attacks. It explains the nature of the security holes present in Meltdown and Spectre, for non-experts:

    http://www.daemonology.net/blog/2018-01-17-some-thoughts-on-spectre-and-meltdown.html
    FWIW, Percival is a certified expert in this area, known to have gone toe to toe with Linus a few times over the years. Linus was a bit dismissive when Percival discovered a similar vulnerability in the Pentium 4 some years ago, and there were some flames as a result.
    Last edited: Jan 26, 2018
  13. cloasters

    cloasters Moderator

    Joined:
    Jul 3, 2013
    Messages:
    8,383
    Likes Received:
    82
    Trophy Points:
    48
    Thanks a lot for providing further info about this "fun" in your post, Thunder! Clearer as mud, sorry for the un-intelligence on my part.

    $ sudo apt-get install -s intel microcode
    [sudo] password for myname:
    Reading package lists... Done
    Building dependency tree
    Reading state information... Done
    E: Unable to locate package intel
    E: Unable to locate package microcode

    Er, that's:
    [sudo] password for my name:
    Reading package lists... Done
    Building dependency tree
    Reading state information... Done
    The following extra packages will be installed:
    iucode-tool
    The following NEW packages will be installed:
    intel-microcode iucode-tool
    0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded.
    Inst iucode-tool (1.0.1-1 Ubuntu:14.04/trusty [amd64])
    Inst intel-microcode (3.20180108.0+really20170707ubuntu14.04.1 Ubuntu:14.04/trusty-updates [amd64])
    Conf iucode-tool (1.0.1-1 Ubuntu:14.04/trusty [amd64])
    Conf intel-microcode (3.20180108.0+really20170707ubuntu14.04.1 Ubuntu:14.04/trusty-updates [amd64])
    Last edited: Jan 27, 2018
  14. Kaitain

    Kaitain Active Member

    Joined:
    Jul 24, 2016
    Messages:
    373
    Likes Received:
    34
    Trophy Points:
    28
    There needs to be a hyphen between "intel" and "microcode"

    sudo apt-get install -s intel-microcode
  15. cloasters

    cloasters Moderator

    Joined:
    Jul 3, 2013
    Messages:
    8,383
    Likes Received:
    82
    Trophy Points:
    48
    Thank you very much, Kaitain! Your suggestion did the trick.
  16. ThunderRd

    ThunderRd Irreverent Query Chairman Staff Member

    Joined:
    Dec 17, 2012
    Messages:
    2,762
    Likes Received:
    88
    Trophy Points:
    48
    Location:
    Northern Thailand, the Land of Smiles
    Home page:
    And...?
  17. cloasters

    cloasters Moderator

    Joined:
    Jul 3, 2013
    Messages:
    8,383
    Likes Received:
    82
    Trophy Points:
    48
    Er, that's:
    [sudo] password for my name:
    Reading package lists... Done
    Building dependency tree
    Reading state information... Done
    The following extra packages will be installed:
    iucode-tool
    The following NEW packages will be installed:
    intel-microcode iucode-tool
    0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded.
    Inst iucode-tool (1.0.1-1 Ubuntu:14.04/trusty [amd64])
    Inst intel-microcode (3.20180108.0+really20170707ubuntu14.04.1 Ubuntu:14.04/trusty-updates [amd64])
    Conf iucode-tool (1.0.1-1 Ubuntu:14.04/trusty [amd64])
    Conf intel-microcode (3.20180108.0+really20170707ubuntu14.04.1 Ubuntu:14.04/trusty-updates [amd64])
    Last edited: Yesterday at 9:44 PM


    Put it in the wrong place. My bad. Thank you TR!
  18. ThunderRd

    ThunderRd Irreverent Query Chairman Staff Member

    Joined:
    Dec 17, 2012
    Messages:
    2,762
    Likes Received:
    88
    Trophy Points:
    48
    Location:
    Northern Thailand, the Land of Smiles
    Home page:
    Show me:

    Code:
    dmesg | grep "microcode updated"
  19. cloasters

    cloasters Moderator

    Joined:
    Jul 3, 2013
    Messages:
    8,383
    Likes Received:
    82
    Trophy Points:
    48
    OK
    myname@myname~ $ dmesg | grep "microcode updated"
    myname@myname ~ $


    Thank you ThunderRd!
  20. Kaitain

    Kaitain Active Member

    Joined:
    Jul 24, 2016
    Messages:
    373
    Likes Received:
    34
    Trophy Points:
    28
    Do you get a "microcode updated" string on Mint?

    For added confirmation, do:

    dmesg | grep - i "microcode"

    It should spit out a few lines showing that the microcode driver has loaded and confirming which version of microcode is in use. Although the same info is also available in /proc/cpuinfo.

Share This Page