Updates:

Forums updated to SMF version 2.1.1

Meltdown and Spectre (SOLVED)

Started by Rich J, January 23, 2018, 11:55:45 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1 2
User actions

Rich J

January 23, 2018, 11:55:45 AM Last Edit: January 30, 2018, 07:56:34 PM by Rich J
Hi Mark - maybe this should be in the Security section (feel free to move it) but I didn't want it missed by the general reader.

I got on to Mint about my kernel panic woes after installing Mint 18.3 updated kernels (neither will boot) and the best they could come up with is this -

"Well, your options are limited. You might wait for the (hopefully) redeeming update in the 4.4 series.

Or, and that's what I would do: perform a clean installation of Mint 17.3 Xfce and downgrade its kernel to the latest of the 3.13 series (currently: 3.13.0-139). And buy a new machine when Mint 17.x reaches EOL in May, 2019.

The whole bloody Meltdown/Spectre mess is probably too dangerous for continuing without a patched kernel...."

Not exactly the answer I was hoping for.............. >:(

So a downgrade followed by a new purchase?  Rather spoils the notion of running Linux on older hardware, don't you think?  And aren't the latest chips affected also, so no way would I invest in a new machine until that point was cleared up?

What, in your opinion are the risks of running a "vulnerable" set up until a patch is available?

Rich

Mark Greaves (PCNetSpec)

#1
January 23, 2018, 01:17:47 PM
So what exactly are these "woes" ? .. what makes you think it's a kernel panic ? .. what exactly is happening ? .. and which kernel are you talking about ?
WARNING: You are logged into reality as 'root'
logging in as 'insane' is the only safe option.
pcnetspec.co.uk

Rich J

#2
January 24, 2018, 09:51:26 AM
Hi Mark

As per my posts here - # 8 & 10

https://linuxforums.org.uk/index.php?topic=13284.msg108311#msg108311

To recap.  I made a fresh install of M18.3 64bit - all ok.  I ran the update manager which updated the shipped kernel (4.10.0-38-generic) to 4.13.0-26.  This kernel resulted in a 'panic' and weirdly, it wouldn't now boot from the previous kernel, even though it was listed in Grub, so I re-installed the OS.  From the Mint site, an alternative kernel, (4.4.0-109) was offered but this gave the same 'panic' but did allow the old kernel to boot.  So, I removed both alternative kernels and went back to 4.10.0-38 and am waiting for another possible update.  Not ideal but better a working system than none at all.

'Panic' - the system tried to boot but loaded a screen full of detail and then hung at something like........  'operating system not found........' can't remember the exact wording.  The cursor just sat flashing and no attempt at typing commands made any difference.

Mark Greaves (PCNetSpec)

#3
January 24, 2018, 08:46:28 PM
I thought the latest kernel was 4.13.0-31 not 4.13.0-26
WARNING: You are logged into reality as 'root'
logging in as 'insane' is the only safe option.
pcnetspec.co.uk

Rich J

#4
January 25, 2018, 07:15:22 PM
Quote from: Mark Greaves (PCNetSpec) on January 24, 2018, 08:46:28 PM
I thought the latest kernel was 4.13.0-31 not 4.13.0-26

That version has not yet appeared in my Update Manager - is it an Ubuntu one?  Mint does lag behind sometimes.

Mint has advised that after updating, all 4.10.x and 4.4.x kernels should be discarded but if I do that, I'll have an unusable system.

I'm ok with waiting for a usable update but a bit concerned about vulnerability in the meantime.

Mark Greaves (PCNetSpec)

#5
January 26, 2018, 12:03:35 AM Last Edit: January 26, 2018, 12:07:23 AM by Mark Greaves (PCNetSpec)
well the choice is yours .. stick with an upatched kernel, or try 4.13.0-31 ?

Open a terminal and run:
Code Select
sudo apt-get update
then post the output from:
Code Select
sudo apt-get -s dist-upgrade
WARNING: You are logged into reality as 'root'
logging in as 'insane' is the only safe option.
pcnetspec.co.uk

Rich J

#6
January 26, 2018, 08:42:17 AM Last Edit: January 26, 2018, 08:49:56 AM by Rich J
Ok, thanks.

As requested

Code Select

[email protected] ~ $ sudo apt-get -s dist-upgrade
Reading package lists... Done
Building dependency tree       
Reading state information... Done
Calculating upgrade... Done
The following NEW packages will be installed
  libllvm5.0
The following packages will be upgraded:
  chromium-codecs-ffmpeg-extra firefox firefox-locale-en fwupdate libc-bin
  libc-dev-bin libc6 libc6-dbg libc6-dev libc6-i386 libcuda1-340 libegl1-mesa
  libfwup0 libgbm1 libgcab-1.0-0 libgl1-mesa-dri libgl1-mesa-glx libglapi-mesa
  libgles1-mesa libgles2-mesa libnemo-extension1 libtasn1-6
  libwayland-egl1-mesa libxatracker2 linux-firmware linux-libc-dev locales
  multiarch-support ndiswrapper ndiswrapper-dkms ndiswrapper-utils-1.9
  nvidia-340 nvidia-opencl-icd-340 rsync
34 to upgrade, 1 to newly install, 0 to remove and 0 not to upgrade.
Inst libc6-dbg [2.23-0ubuntu9] (2.23-0ubuntu10 Ubuntu:16.04/xenial-updates, Ubuntu:16.04/xenial-security [amd64]) []
Inst libc6-dev [2.23-0ubuntu9] (2.23-0ubuntu10 Ubuntu:16.04/xenial-updates, Ubuntu:16.04/xenial-security [amd64]) []
Inst libc-dev-bin [2.23-0ubuntu9] (2.23-0ubuntu10 Ubuntu:16.04/xenial-updates, Ubuntu:16.04/xenial-security [amd64]) []
Inst linux-libc-dev [4.4.0-98.121] (4.4.0-112.135 Ubuntu:16.04/xenial-updates, Ubuntu:16.04/xenial-security [amd64]) []
Inst libc6-i386 [2.23-0ubuntu9] (2.23-0ubuntu10 Ubuntu:16.04/xenial-updates, Ubuntu:16.04/xenial-security [amd64]) []
Inst libc6 [2.23-0ubuntu9] (2.23-0ubuntu10 Ubuntu:16.04/xenial-updates, Ubuntu:16.04/xenial-security [amd64])
Conf libc6 (2.23-0ubuntu10 Ubuntu:16.04/xenial-updates, Ubuntu:16.04/xenial-security [amd64])
Inst locales [2.23-0ubuntu9] (2.23-0ubuntu10 Ubuntu:16.04/xenial-updates, Ubuntu:16.04/xenial-security [all])
Inst libc-bin [2.23-0ubuntu9] (2.23-0ubuntu10 Ubuntu:16.04/xenial-updates, Ubuntu:16.04/xenial-security [amd64])
Conf libc-bin (2.23-0ubuntu10 Ubuntu:16.04/xenial-updates, Ubuntu:16.04/xenial-security [amd64])
Inst chromium-codecs-ffmpeg-extra [63.0.3239.84-0ubuntu0.16.04.1] (63.0.3239.132-0ubuntu0.16.04.1 Ubuntu:16.04/xenial-updates, Ubuntu:16.04/xenial-security [amd64])
Inst multiarch-support [2.23-0ubuntu9] (2.23-0ubuntu10 Ubuntu:16.04/xenial-updates, Ubuntu:16.04/xenial-security [amd64])
Conf multiarch-support (2.23-0ubuntu10 Ubuntu:16.04/xenial-updates, Ubuntu:16.04/xenial-security [amd64])
Inst libtasn1-6 [4.7-3ubuntu0.16.04.2] (4.7-3ubuntu0.16.04.3 Ubuntu:16.04/xenial-updates, Ubuntu:16.04/xenial-security [amd64])
Conf libtasn1-6 (4.7-3ubuntu0.16.04.3 Ubuntu:16.04/xenial-updates, Ubuntu:16.04/xenial-security [amd64])
Inst libllvm5.0 (1:5.0-3~16.04.1 Ubuntu:16.04/xenial-updates [amd64])
Conf libllvm5.0 (1:5.0-3~16.04.1 Ubuntu:16.04/xenial-updates [amd64])
Inst libgl1-mesa-dri [17.0.7-0ubuntu0.16.04.2] (17.2.4-0ubuntu1~16.04.4 Ubuntu:16.04/xenial-updates [amd64]) [libegl1-mesa:amd64 ]
Conf libgl1-mesa-dri (17.2.4-0ubuntu1~16.04.4 Ubuntu:16.04/xenial-updates [amd64]) [libegl1-mesa:amd64 ]
Inst libgbm1 [17.0.7-0ubuntu0.16.04.2] (17.2.4-0ubuntu1~16.04.4 Ubuntu:16.04/xenial-updates [amd64]) [libegl1-mesa:amd64 ]
Conf libgbm1 (17.2.4-0ubuntu1~16.04.4 Ubuntu:16.04/xenial-updates [amd64]) [libegl1-mesa:amd64 ]
Inst libegl1-mesa [17.0.7-0ubuntu0.16.04.2] (17.2.4-0ubuntu1~16.04.4 Ubuntu:16.04/xenial-updates [amd64]) [libwayland-egl1-mesa:amd64 ]
Conf libegl1-mesa (17.2.4-0ubuntu1~16.04.4 Ubuntu:16.04/xenial-updates [amd64]) [libwayland-egl1-mesa:amd64 ]
Inst libwayland-egl1-mesa [17.0.7-0ubuntu0.16.04.2] (17.2.4-0ubuntu1~16.04.4 Ubuntu:16.04/xenial-updates [amd64])
Conf libwayland-egl1-mesa (17.2.4-0ubuntu1~16.04.4 Ubuntu:16.04/xenial-updates [amd64])
Inst libgl1-mesa-glx [17.0.7-0ubuntu0.16.04.2] (17.2.4-0ubuntu1~16.04.4 Ubuntu:16.04/xenial-updates [amd64]) []
Inst libgles2-mesa [17.0.7-0ubuntu0.16.04.2] (17.2.4-0ubuntu1~16.04.4 Ubuntu:16.04/xenial-updates [amd64]) []
Inst libglapi-mesa [17.0.7-0ubuntu0.16.04.2] (17.2.4-0ubuntu1~16.04.4 Ubuntu:16.04/xenial-updates [amd64])
Conf libglapi-mesa (17.2.4-0ubuntu1~16.04.4 Ubuntu:16.04/xenial-updates [amd64])
Inst rsync [3.1.1-3ubuntu1.1] (3.1.1-3ubuntu1.2 Ubuntu:16.04/xenial-updates, Ubuntu:16.04/xenial-security [amd64])
Inst firefox [57.0.4+linuxmint1+sylvia] (58.0+linuxmint2+sylvia linuxmint:18.3/sylvia [amd64])
Inst firefox-locale-en [57.0.4+linuxmint1+sylvia] (58.0+linuxmint2+sylvia linuxmint:18.3/sylvia [amd64])
Inst fwupdate [0.5-2ubuntu5] (0.5-2ubuntu7 Ubuntu:16.04/xenial-updates [amd64]) []
Inst libfwup0 [0.5-2ubuntu5] (0.5-2ubuntu7 Ubuntu:16.04/xenial-updates [amd64])
Inst libcuda1-340 [340.102-0ubuntu0.16.04.2] (340.104-0ubuntu0.16.04.1 Ubuntu:16.04/xenial-updates [amd64])
Inst libgcab-1.0-0 [0.7-1] (0.7-1ubuntu0.1 Ubuntu:16.04/xenial-updates, Ubuntu:16.04/xenial-security [amd64])
Inst libgles1-mesa [17.0.7-0ubuntu0.16.04.2] (17.2.4-0ubuntu1~16.04.4 Ubuntu:16.04/xenial-updates [all])
Inst libnemo-extension1 [3.6.4+sylvia] (3.6.5+sylvia linuxmint:18.3/sylvia [amd64])
Inst libxatracker2 [17.0.7-0ubuntu0.16.04.2] (17.2.4-0ubuntu1~16.04.4 Ubuntu:16.04/xenial-updates [amd64])
Inst linux-firmware [1.157.13] (1.157.15 Ubuntu:16.04/xenial-updates [all])
Inst ndiswrapper [1.60-3~ubuntu16.04.1] (1.60-3~ubuntu16.04.2 Ubuntu:16.04/xenial-updates [amd64])
Inst ndiswrapper-dkms [1.60-3~ubuntu16.04.1] (1.60-3~ubuntu16.04.2 Ubuntu:16.04/xenial-updates [all])
Inst ndiswrapper-utils-1.9 [1.60-3~ubuntu16.04.1] (1.60-3~ubuntu16.04.2 Ubuntu:16.04/xenial-updates [all])
Inst nvidia-340 [340.102-0ubuntu0.16.04.2] (340.104-0ubuntu0.16.04.1 Ubuntu:16.04/xenial-updates [amd64])
Inst nvidia-opencl-icd-340 [340.102-0ubuntu0.16.04.2] (340.104-0ubuntu0.16.04.1 Ubuntu:16.04/xenial-updates [amd64])
Conf libc6-dbg (2.23-0ubuntu10 Ubuntu:16.04/xenial-updates, Ubuntu:16.04/xenial-security [amd64])
Conf libc-dev-bin (2.23-0ubuntu10 Ubuntu:16.04/xenial-updates, Ubuntu:16.04/xenial-security [amd64])
Conf linux-libc-dev (4.4.0-112.135 Ubuntu:16.04/xenial-updates, Ubuntu:16.04/xenial-security [amd64])
Conf libc6-dev (2.23-0ubuntu10 Ubuntu:16.04/xenial-updates, Ubuntu:16.04/xenial-security [amd64])
Conf libc6-i386 (2.23-0ubuntu10 Ubuntu:16.04/xenial-updates, Ubuntu:16.04/xenial-security [amd64])
Conf locales (2.23-0ubuntu10 Ubuntu:16.04/xenial-updates, Ubuntu:16.04/xenial-security [all])
Conf chromium-codecs-ffmpeg-extra (63.0.3239.132-0ubuntu0.16.04.1 Ubuntu:16.04/xenial-updates, Ubuntu:16.04/xenial-security [amd64])
Conf libgl1-mesa-glx (17.2.4-0ubuntu1~16.04.4 Ubuntu:16.04/xenial-updates [amd64])
Conf libgles2-mesa (17.2.4-0ubuntu1~16.04.4 Ubuntu:16.04/xenial-updates [amd64])
Conf rsync (3.1.1-3ubuntu1.2 Ubuntu:16.04/xenial-updates, Ubuntu:16.04/xenial-security [amd64])
Conf firefox (58.0+linuxmint2+sylvia linuxmint:18.3/sylvia [amd64])
Conf firefox-locale-en (58.0+linuxmint2+sylvia linuxmint:18.3/sylvia [amd64])
Conf libfwup0 (0.5-2ubuntu7 Ubuntu:16.04/xenial-updates [amd64])
Conf fwupdate (0.5-2ubuntu7 Ubuntu:16.04/xenial-updates [amd64])
Conf libcuda1-340 (340.104-0ubuntu0.16.04.1 Ubuntu:16.04/xenial-updates [amd64])
Conf libgcab-1.0-0 (0.7-1ubuntu0.1 Ubuntu:16.04/xenial-updates, Ubuntu:16.04/xenial-security [amd64])
Conf libgles1-mesa (17.2.4-0ubuntu1~16.04.4 Ubuntu:16.04/xenial-updates [all])
Conf libnemo-extension1 (3.6.5+sylvia linuxmint:18.3/sylvia [amd64])
Conf libxatracker2 (17.2.4-0ubuntu1~16.04.4 Ubuntu:16.04/xenial-updates [amd64])
Conf linux-firmware (1.157.15 Ubuntu:16.04/xenial-updates [all])
Conf ndiswrapper (1.60-3~ubuntu16.04.2 Ubuntu:16.04/xenial-updates [amd64])
Conf ndiswrapper-dkms (1.60-3~ubuntu16.04.2 Ubuntu:16.04/xenial-updates [all])
Conf ndiswrapper-utils-1.9 (1.60-3~ubuntu16.04.2 Ubuntu:16.04/xenial-updates [all])
Conf nvidia-340 (340.104-0ubuntu0.16.04.1 Ubuntu:16.04/xenial-updates [amd64])
Conf nvidia-opencl-icd-340 (340.104-0ubuntu0.16.04.1 Ubuntu:16.04/xenial-updates [amd64])
[email protected] ~ $


Edit:  I've just checked Update Manager and kernel v.4.13.0-32.35~16.04.1 has been issued.  I could allow that to install but will wait for your further advice to be on the safe side.

Mark Greaves (PCNetSpec)

#7
January 26, 2018, 01:57:34 PM
Yeah, install it .. and also before rebooting run:
Code Select
sudo apt-get dist-upgrade
then reboot to test.

Remembering you should still be able to boot the earlier kernel.
WARNING: You are logged into reality as 'root'
logging in as 'insane' is the only safe option.
pcnetspec.co.uk

Rich J

#8
January 27, 2018, 11:34:40 AM Last Edit: January 27, 2018, 11:38:06 AM by Rich J
Quote from: Mark Greaves (PCNetSpec) on January 26, 2018, 01:57:34 PM
Yeah, install it .. and also before rebooting run:
Code Select
sudo apt-get dist-upgrade
then reboot to test.

Remembering you should still be able to boot the earlier kernel.  Sadly not!

I've done all that you've advised and I'm back with a kernel panic.........  kernel v.4.13.0-32.35~16.04.1 won't boot and neither will my previous one, 4.10.0-38-generic.  Both boots end with this -

........ end Kernel panic - not syncing: VFS unable to mount root fs on unknown-block (0,0) then the cursor hangs blinking.

I'm wondering if Grub is being overwritten perhaps?  I have the M18.3 installation disk to reinstall Grub and/or remove the latest kernel if you can advise, please?

EDIT:  I'm posting this from M18.2 which is still on my 2nd disk and is unaffected - thankfully!!

Mark Greaves (PCNetSpec)

#9
January 27, 2018, 04:46:02 PM
Can you boot to the LiveDVD/LiveUSB and post the output from:
Code Select
sudo fdisk -l
and
Code Select
sudo blkid
WARNING: You are logged into reality as 'root'
logging in as 'insane' is the only safe option.
pcnetspec.co.uk

Rich J

#10
January 27, 2018, 05:19:59 PM Last Edit: January 27, 2018, 05:21:52 PM by Rich J
Quote from: Mark Greaves (PCNetSpec) on January 27, 2018, 04:46:02 PM
Can you boot to the LiveDVD/LiveUSB and post the output from:
Code Select
sudo fdisk -l
and
Code Select
sudo blkid

Code Select

[email protected] ~ $ sudo fdisk -l
Disk /dev/loop0: 1.8 GiB, 1867780096 bytes, 3648008 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes


Disk /dev/sda: 149.1 GiB, 160041885696 bytes, 312581808 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0x0001ba51

Device     Boot     Start       End   Sectors   Size Id Type
/dev/sda1  *         2048   3905535   3903488   1.9G 83 Linux
/dev/sda2         3907582 312580095 308672514 147.2G  5 Extended
/dev/sda5         3907584  42967039  39059456  18.6G 83 Linux
/dev/sda6       304769024 312580095   7811072   3.7G 82 Linux swap / Solaris
/dev/sda7        42969088 304752639 261783552 124.8G 83 Linux

Partition table entries are not in disk order.
[email protected] ~ $

[email protected] ~ $ sudo blkid
/dev/sda1: UUID="a26bc950-d260-4a63-a445-4740125cf628" TYPE="ext4" PARTUUID="0001ba51-01"
/dev/sda5: UUID="de5ae2cf-f7c1-4f91-a9c5-949295740ba2" TYPE="ext4" PARTUUID="0001ba51-05"
/dev/sda7: UUID="9b884754-f604-421e-a4a1-e0c4bb30c64c" TYPE="ext4" PARTUUID="0001ba51-07"
/dev/sr0: UUID="2017-11-24-14-47-32-00" LABEL="Linux Mint 18.3 MATE 64-bit" TYPE="iso9660" PTUUID="568a6b74" PTTYPE="dos"
/dev/loop0: TYPE="squashfs"
/dev/sda6: UUID="43554194-1663-4a37-95c7-0724c4d0aa2e" TYPE="swap" PARTUUID="0001ba51-06"
[email protected] ~ $


As a precaution, I've disconnected 2nd disk with M18.2 on it.

Mark Greaves (PCNetSpec)

#11
January 27, 2018, 08:29:03 PM
Why are there 3 Linux partitions (as well as a swap partition) ?
WARNING: You are logged into reality as 'root'
logging in as 'insane' is the only safe option.
pcnetspec.co.uk

Rich J

#12
January 27, 2018, 09:11:58 PM
Because I've had boot-up issues in the past when there has been just one, large partition - no idea why, something to do with my hardware/BIOS?  (And it was on your advice that I tried a small boot partition to see if it solved the problem - it did  ;))

I chose a home partition also, on this occasion, to try and avoid the problem of losing data on future re-installs.  Everything has worked perfectly up to this latest security mess and the faffing with patched kernels.  I don't understand why - I've used Mint more or less full time since version 12 and never had an issue before with updating the latest kernel.  And I can't remember not being able to boot to a previous kernel either after such an update........

Mark Greaves (PCNetSpec)

#13
January 27, 2018, 10:41:30 PM
When you have both drives installed and you turn on your PC, which OS boots automatically .. 18.3 or 18.2 ?

And do you know which of sda1, sda5, and sda7 are which partitions ?
WARNING: You are logged into reality as 'root'
logging in as 'insane' is the only safe option.
pcnetspec.co.uk

Rich J

#14
January 28, 2018, 08:41:16 AM
Quote from: Mark Greaves (PCNetSpec) on January 27, 2018, 10:41:30 PM
When you have both drives installed and you turn on your PC, which OS boots automatically .. 18.3 or 18.2 ?

And do you know which of sda1, sda5, and sda7 are which partitions ?

18.3 is the default and will auto boot - normally. 

I deliberately disconnected 18.2 when installing 18.3 to preserve it's integrity if an occurrence such as this happened.  They are both listed in Grub and 18.2 booted ok the last time I reconnected it.  At the moment, 18.2 is still disconnected and I'm working from the 18.3 install disk.

sda1 is the boot partition of 2GiB,  sda5 is root (/) of 20GiB, sda7 is home using the rest (less swap area)

Hope this helps

Rich
Print
Go Up Pages1 2
User actions