This arch/x86/events/intel/ds.c fix is unlikely to have rendered too many things unbootable. I missed ds.c entirely when doing the original implementation. I can't fault the nice folks at Canonical for mis-merging a tiny hunk like this. It really only affects pretty specific hardware anyway.
Would this entire Meltdown/Spectre thing count as the biggest mess-up of computing history? When yesterday the PoC repo was posted here, the spy.mp4 demo video gave me some chills. And now I can't update my OS before making an installation USB because Canonical can't just follow Linus' releases. Thanks.
(Copying my instructions from another post).
If kernel 4.4 doesn't work, I recommend compiling the 4.15 kernel. (Note, however, that you may need to apply a patch to NVIDIA drivers).
I've done this on Ubuntu 16.04 LTS, 17.10, and Debian 8 so far this week. To compile, set CONFIG_PAGE_TABLE_ISOLATION=y. That is:
sudo apt-get build-dep linux sudo apt-get install gcc-6-plugin-dev libelf-dev libncurses5-dev cd /usr/src wget https://git.kernel.org/torvalds/t/linux-4.15-rc7.tar.gz tar -xvf linux-4.15-rc7.tar.gz cd linux-4.15-rc7 cp /boot/config-`uname -r` .config make CONFIG_PAGE_TABLE_ISOLATION=y deb-pkg
Waiting a few days to patch my own servers... Not sure what is more dangerous right now: applying these rushed patches or the vuln itself.
See this is why you wait a day or two before patching :)
What was the problem?
All the notes say is that 109 fixes it.
any report of windows update messing with the bios rendering motherboard non bootable (powers on , but no post, not even an error beep)
I was under the impression that Ubuntu would automatically revert to last good kernel of the new one fails to boot. Was I mistaken?
This is a little bit sensationalist (is that a word?).
It's not like Windows that bricks your laptop. It's a handful of hardware config, and you can easily boot with an older kernel.
I just updated my Dell, but haven't restarted. Do we know how widespread the problem is and should I roll back the update?
Please look under "Meltdown - x86" section in GKH's (The Stable Kernel Maintainer) blog: http://www.kroah.com/log/
Sounds like one way to stop the bug. :P
So do we make snide remarks about fixes not being tested like we did when microsoft also had issues fixing CPU level bugs?
Did ubuntu botched an update again? Or is it the upstream kernel?
it's the fault of Intel, why don't they recall all the CPU? just like vehicle company
I haven't even seen a proof of concept exploit that has the same conditions as in the wild. All the POC exploits seems to have been given some assistance in various ways (such as being given root perms or a preknown memory address).