Yeah, there must have been some screwup on the Ubuntu maintainer side, which is why I am/was flaming Ubuntu.

Ah I didn't even click the link. I assumed it was people crapping on Ubuntu 17.10 for an Intel problem again. Apologies.

Though the kernel patches are hardly Ubuntu specific.

Uh no. His link was talking about a backporting issue on the Ubuntu side.
Patches to workaround Meltdown/Spectre are not supposed to break the kernel and make it unbootable.

It's an Intel problem though, not specific to Ubuntu.

Back to typewriter then.



Your main issue is that you are using Ubuntu, please stop.

Spectre does not require shared memory mappings and is not limited to just within the current process. Spectre is an attack which tricks the victim into speculatively executing code within its own memory domain in a way that allows the attacker to figure out the contents of memory in the Victim's domain. The attacker accomplishes this by passing data to the victim through normal APIs and by massaging data and branch caches such that it can detect whether the speculative execution occurred or not via timing.

So there are only really three requirements for a Spectre attack: (1) A normal API / IPC mechanism to communicate with the victim, and (2) Knowledge of code paths in the victim that might be vulnerable to speculative execution based on arguments and data the Attacker supplies through the API / IPC mechanism, and (3) That the code the victim winds up executing speculatively can be leveraged by the attacker's arguments to address any memory location within the Victim's address space.

The most common spectre attack that we are likely to see in the near future will be a Javascript attack against the browser. This is indeed an attack that stays within the process. It's the easiest Spectre attack vector so that is what we are likely to see first. But Spectre itself is not limited to just the current process.

If you use chrome, use the experimental --site-per-process option to reduce the impact.

-Matt

Microsoft released a powershell script to check if you have the meltdown/spectre updates https://support.microsoft.com/en-us/...erabilities-in

What updates are needed on LInux
kernel > 4.14.11, 4.15rc6 (check)
updated ucode intel, ucode amd, kernel firmware (check)

what else is necessary?

yes as I understand it's not actually disabling it just exposing it??

spectre requires shared memory mapping. most software can not be affected

I've heard back from AMD.... At least this PR person is saying: . “Disabling branch prediction” is definitely not an accurate description and we are working to address with SUSE now.