Home United States USA — software Meltdown and Spectre patches re-issued by Canonical following Ubuntu 16.04 boot problems

Meltdown and Spectre patches re-issued by Canonical following Ubuntu 16.04 boot problems

199
0
SHARE

More haste, less speed?
Canonical, the company behind the popular Ubuntu distribution of Linux, has been forced to reissue its hastily released patch for Spectre and Meltdown after users of the 16.04 LTS version of its Linux operating system complained that it borked their systems
The company was one of the first to issue a patch, but users of the operating system code-named Xenial Xerus found that they weren’t able to boot-up following the update (4.4.0-108). Fortunately, they were able to fix the problem with a rollback.
Canonical has rapidly released a new patch – this one has a new kernel image 4.4.0-109.
The latest advisory reads:
“USN-3522-1 fixed a vulnerability in the Linux kernel to address Meltdown ( CVE-2017-5754). Unfortunately, that update introduced a regression where a few systems failed to boot successfully. This update fixes the problem.”
The Meltdown/Spectre vulnerabilities revealed last week has made it a less than happy new year for Intel, in particular, which has an intrinsic physical flaw (labelled Meltdown) in most of its CPUs that can only be patched at a software level.
These patches, though, are causing ongoing performance issues for both desktop PCs and servers, especially in cloud computing environments .
IBM is preparing to release its own patches and firmware upgrades, while AMD CPUs have been affected less seriously – by the Spectre flaw, not Meltdown – and its patches should be out very soon.
Nvidia has added that it, too is affected and is working to roll out updates, and the Linux Mint distro is patched up to kernel 3.16. A fix for 3.17 and 3.18 is incoming so stay tuned.
It should be noted that if you have a gaming machine with an Intel CPU, a Nvidia GPU and two partitions, you need to get both patches for both partitions before you can consider your machine fully patched.
This is the esence of the problem, especially for Intel: you can’t fix the chip. Every chip that is vulnerable will always be vulnerable. It’s how they interact with the rest of the machine that gets changed at a software level, and that will take more than just one patch.
It could take 18 months for the flaw to be designed out of new CPUs, given the lead times for designing, testing and manufacturing new chips. In the meantime, launch schedules for both AMD and Intel (in particular) could be affected.

Continue reading...