Meltdown and Spectre Patches Bricking Ubuntu 16.04 Computers

An anonymous reader writes: Ubuntu Xenial 16.04 users who updated to receive the Meltdown and Spectre patches are reporting they are unable to boot their systems and have been forced to roll back to an earlier Linux kernel image. The issues were reported by a large number of users on the Ubuntu forums and Ubuntu's Launchpad bug tracker. Only Ubuntu users running the Xenial 16.04 series appear to be affected.

All users who reported issues said they were unable to boot after upgrading to Ubuntu 16.04 with kernel image 4.4.0-108. Canonical, the company behind Ubuntu OS, deployed Linux kernel image 4.4.0-108 as part of a security update for Ubuntu Xenial 16.04 users, yesterday, on January 9. According to Ubuntu Security Notice USN-3522-1 and an Ubuntu Wiki page, this was the update that delivered the Meltdown and Spectre patches.

Baby out with the bathwater

[Lab+Rat+Jason]

It seems that these companies (Microsoft and Ubuntu and others) are forgetting everything about sound software development practices here. They're in such a hurry to deploy patches that they aren't taking the time to fully test them. The cure is worse than the ailment.

Re:Baby out with the bathwater

[king+neckbeard]

To be fair, there is a major security flaw covering the majority of desktop CPUs sold over the last two decades. You are correct that they have not done proper testing, but this is on a ridiculous scale.

Re:Baby out with the bathwater

Or javascript. Spectre's already got a javascript proof of concept.

Re:Baby out with the bathwater

[110010001000]

When you are connected to the Internet (especially through the web) you have many users of your system. For example, any website you visit can run a Javascript program on your machine. With this flaw it can "break out" of your browser. What a mess.

Re:Baby out with the bathwater

[Cajun+Hell]

The rest of the computer users... are almost always the ONLY users (+family) on those computers---so they're implementing this 30% performance penalty to protect users from themselves?

A typical desktop or laptop or tablet computer is no longer truly a single-user computer. Most of these computers have web browsers, which by default are configured to download and execute code written by other people to serve their interests. Perhaps your computers don't do this anymore, but your mom's neighbor's former roommate's computer does. So your mom's neighbor's former roommate's downloads and runs Javascript, which can make an array reference that is speculatively accessed prior to checking the array boundaries.

Your mom's neighbor's former roommate isn't the person who decided to read that memory; it was someone else: an adversary, another user on that multi-user computer. They just happen to log in as your mom's neighbor's former roommate, but it's really a different user.

Re:Baby out with the bathwater

[squiggleslash]

There are two bugs here:

Meltdown is Intel-only and requires the ability to run binaries on the victim's computer. If you can run binaries on the victim's computer, you probably already have enough access to do whatever it is you want to do that made you want to hack them in the first place. The extent to which Meltdown adds security issues is miniscule.

Spectre is cross platform and can be exploited with Javascript. With difficulty. But it can. Kinda. There's sorta a proof of concept out there. Which works with one JS engine. And doesn't extract any useful information. But in theory if you know the exact status of the user's browser and you're very lucky you might be able to extract some information from it that you wouldn't normally have access to.

So, what is the rush here? Especially with Meltdown?

The entire fucking industry has gone completely nuts. You'd think that we were back in the 1990s with no memory protection and ActiveX given the panic about this.

And before anyone goes "Yeah, but it's still a problem", so are kernel patches that brick computers. We're bricking computers, and slowing down the ones we don't brick, because we're panicking over this rather than doing this properly.

Re:Baby out with the bathwater

[ctilsie242]

With all the crap that runs on a machine, multiple users running at the same time is a must. The days of a cooperative multitasking OS are long gone. You can have a single user OS with preemptive multitasking (OS/2, for example), but you then run into issues where if one item gets infected, the whole machine is pwned. The fact that Windows has UAC has probably stopped/prevented a lot of infections, and is why Microsoft put it in after XP.

Operating systems need not just to be multiuser, but have varying contexts for each user. What is important is that web browsers run untrusted and potentially hostile code 24/7. Even if someone doesn't navigate to a malicious site, an ad server can easily serve up malware (malvertising is one of the biggest attack vectors). Web browser makers do a good job, but ideally, protection should be done by the OS, and even down to the CPU hardware to ensure that stuff running in the browser context does not get out barring authorized ways (downloads, etc.)

Eventually we will be moving to where machines use hypervisors for everything. For Windows 10 Enterprise, with CredentialGuard, that is already the case. Intel and AMD have done great strides (AMD especially with RAM page encryption to keep leaks from one VM from being readable by another), but we have a ways to go to ensure that code in one partition/VM/container cannot affect or see code anywhere else.

Re:Baby out with the bathwater

[Alumoi]

Why bother with testing when there are a lot of paying beta testers around? Windows 10 anyone?

Re:Baby out with the bathwater

[squiggleslash]

1. No, a web page cannot "own" your system. SPECTRE has a proof of concept that'd allow a Javascript program to be able to read data in the same process. It's almost impossible to exploit, but, sure, if you can, you might possibly find that downloading a rogue JS file could copy your bank website's session cookie, if you're not running a recent version of Firefox or Chrome. But nothing SPECTRE allows will allow your computer to be modified in any way.

2. The discussion here is about kernel patches, which are related to MELTDOWN, not SPECTRE. Meltdown cannot be exploited using Javascript. It requires binaries. If you don't run AWS style services, then your current level of security is unlikely to be made worse by Meltdown. And like SPECTRE, MELTDOWN is read only, although in theory it could leak passwords that could allow someone else to hack into your system if it's not properly firewalled.

Re:Baby out with the bathwater

[Hal_Porter]

To be fair it must be a nightmare to fix something like this so the fix works on a wide variety of configurations and doesn't kill performance on any of them. Especially if news of the exploit gets leaked or discovered independently.

https://en.wikipedia.org/wiki/...

On March 27, 2017 researchers at Austria's Graz University of Technology developed a proof-of-concept that could grab RSA keys from Intel SGX enclaves running on the same system within five minutes by using certain CPU instructions in lieu of a fine-grained timer to exploit cache DRAM side-channels.

In June 2017, KASLR was found to have a large class of new vulnerabilities. Research at Graz University showed how to solve these vulnerabilities by preventing all access to unauthorized pages. A presentation on the resulting KAISER technique was submitted for the Black Hat congress in July 2017, but was rejected by the organizers. Nevertheless, this work led to kernel page-table isolation (KPTI, originally known as KAISER) in 2017, which was confirmed to eliminate a large class of security bugs, including the not-yet-discovered Meltdown - a fact confirmed by the Meltdown authors.

In July 2017, research made public on the CyberWTF website by security researcher Anders Fogh outlined the use of a cache timing attack to read kernel space data by observing the results of speculative operations conditioned on data fetched with invalid privileges.

Meltdown was discovered independently by Jann Horn from Google's Project Zero, Werner Haas and Thomas Prescher from Cyberus Technology, as well as Daniel Gruss, Moritz Lipp, Stefan Mangard and Michael Schwarz from Graz University of Technology. The same research teams that discovered Meltdown also discovered a related CPU security vulnerability now called Spectre.

On October 2017, Kernel ASLR support on amd64 was added in NetBSD-current, making NetBSD the first BSD system to support kernel address space layout randomization (KASLR).

On November 14, 2017, security researcher Alex Ionescu publicly mentioned changes in the new version of Windows 10 that would cause some speed degradation without explaining the necessity for the changes, just referring to similar changes in Linux.

After affected hardware and software vendors had been made aware of the issue on July 28, 2017, the two vulnerabilities were made public jointly, on January 3, 2018, several days ahead of the coordinated release date of January 9, 2018 as news sites started reporting about commits to the Linux kernel and mails to its mailing list. As a result, patches were not available for some platforms, such as Ubuntu, when the vulnerabilities were disclosed.

Re:Baby out with the bathwater

[chill]

Meltdown is Intel-only and requires the ability to run binaries on the victim's computer. If you can run binaries on the victim's computer, you probably already have enough access to do whatever it is you want to do that made you want to hack them in the first place. The extent to which Meltdown adds security issues is miniscule.

That isn't really accurate. Meltdown is potentially devastating for virtual machines and set-ups like shared hosting. Getting a VM slice on a much larger machine is where Meltdown scares cloud-deployed companies. Spin up a small VM, execute Meltdown exploit, and compromise who else is on that host. Ditto with a shared web host.

Re:Baby out with the bathwater

[thegarbz]

In a controlled environment or on a system that you already 0wn that would be a problem. However if I go to a website right now there's no reliable way of accessing a desired chunk of memory from another process without knowing where that memory is in the first place or without dumping absolutely everything and manually looking afterwards.

I.e. Yes javascript can read what it wants due to this bug, but good luck trying to get it to read what *you* want like the running encryption key.

This attack would work well for an NSA attempting to extract encryption keys style attack, but does bugger all for a script kiddie with a bit of javascript.

Re:Baby out with the bathwater

Meltdown is Intel-only and requires the ability to run binaries on the victim's computer. If you can run binaries on the victim's computer, you probably already have enough access to do whatever it is you want to do that made you want to hack them in the first place. The extent to which Meltdown adds security issues is miniscule.

That isn't really accurate. Meltdown is potentially devastating for virtual machines and set-ups like shared hosting. Getting a VM slice on a much larger machine is where Meltdown scares cloud-deployed companies. Spin up a small VM, execute Meltdown exploit, and compromise who else is on that host. Ditto with a shared web host.

You don't know how Meltdown works or it's impact. Meltdown uses the fact that Intel doesn't properly check the supervisor bit in page-tables during speculative execution and erroneously modifies the cache and doesn't roll it back before rolling back registers. Hypervisors doesn't share page-tables that way so the doesn't apply.

Re:Baby out with the bathwater

Do you have any reading comprehension? Firstly, meltdown affects some ARM processors too and is NOT just Intel-only. Secondly, these machines aren't bricked, the headlines are just using fun words that aren't accurate. Especially people on /. should use the correct terminology.

Re:Baby out with the bathwater

[Merk42]

You know what's pushing this on the average Joe? DRM. Microsoft can't let those DRM keys leak... and now that the flaw is known, that's exactly what *could* happen. This isn't about user's data falling into evil-hacker's hands...

Ah Slashdot, where a vulnerability from Intel and a bad patch from Canonical, is still, somehow, Microsoft's fault.

Re:Baby out with the bathwater

> "We're bricking computers, and slowing down the ones we don't brick, because we're panicking over this rather than doing this properly."

The article linked by OP says that it is bricking but a fix is to simply rollback the kernel. That is NOT a brick in any sense of the word. This is people overreacting and making false claims. If you can continue to use a device in ANYWAY at all much less simply rolling back the kernel version, it is absolutely not a bricking. Besides, that "NOT A BRICK" problem has already been fixed by Ubuntu and is already pushed out to users.

Re:Baby out with the bathwater

[cyn1c77]

It seems that these companies (Microsoft and Ubuntu and others) are forgetting everything about sound software development practices here. They're in such a hurry to deploy patches that they aren't taking the time to fully test them. The cure is worse than the ailment.

Is it really that they are forgetting or do they just not care?

Re:Baby out with the bathwater

[ChunderDownunder]

That sounds like a pretty crappy sandbox.

NB: Mozilla released a security update for Firefox already.

Re:Baby out with the bathwater

[mysidia]

I.e. Yes javascript can read what it wants due to this bug, but good luck trying to get it to read what *you* want like the running encryption key.

Brute force read using an entropy estimation algorithm until you find an "interesting" blob of memory.

Once you find an interesting blob of memory start checking if that memory could be a valid secret key.

Re:Baby out with the bathwater

[SeaFox]

To be fair, there is a major security flaw covering the majority of desktop CPUs sold over the last two decades.

It's been around for two decades, and known about for years based on earlier reports, and the world did not some to an end during that time. Taking a few months for proper testing before deploying isn't going to be an issue.

People don't install Ubuntu to be on the bleeding edge.

Re:Baby out with the bathwater

[mysidia]

JavaScript CAN do this by inferring the memory values through the side-channel, first of all because JavaScript is assembled into machine language (Just-in-Time compilation). Did you see the Javascript POC for Spectre?

LISTING 2: Exploiting Speculative Execution via JavaScript
 

1 if (index < simpleByteArray.length) {
2 index = simpleByteArray[index | 0];
3 index = (((index * TABLE1_STRIDE)|0) & (TABLE1_BYTES-1))|0;
4 localJunk ^= probeTable[index|0]|0;
5 }

... To obtain the x86 disassembly of the JIT output during development, the command-line tool D8 was used.

Manual tweaking of the source code leading up to the snippet above was done to get the value of
simpleByteArray.length in local memory (instead of cached in a register or requiring multiple instructions to
fetch). See Listing 3 for the resulting disassembly output from D8 (which uses AT&T assembly syntax).
The clflush instruction is not accessible from JavaScript, so cache flushing was performed by reading
a series of addresses at 4096-byte intervals out of a large array. Because of the memory and cache
configuration on Intel processors, a series of 2000 such reads (depending on the processor’s
cache size) were adequate evict out the data from the processor’s caches for addresses having
the same value in address bits 11–6 [38]. The leaked results are conveyed via the cache status
of probeTable[n*4096] for n 0..255, so each attempt begins with a flushing pass consisting
of a series of reads made from probeTable[n*4096] using values of n > 256.

LISTING 3: Disassembly of Listing 2

1 cmpl r15,[rbp-0xe0] ; Compare index (r15) against simpleByteArray.length

2 jnc 0x24dd099bb870 ; If index >= length, branch to instruction after movq below

3 REX.W leaq rsi,[r12+rdx*1] ; Set rsi=r12+rdx=addr of first byte in simpleByteArray

4 movzxbl rsi,[rsi+r15*1] ; Read byte from address rsi+r15 (= base address+index)

5 shll rsi, 12 ; Multiply rsi by 4096 by shifting left 12 bits}\%\

6 andl rsi,0x1ffffff ; AND reassures JIT that next operation is in-bounds

7 movzxbl rsi,[rsi+r8*1] ; Read from probeTable

8 xorl rsi,rdi ; XOR the read result onto localJunk

9 REX.W movq rdi,rsi ; Copy localJunk into rdi

Re:Baby out with the bathwater

[Cajun+Hell]

Javascript can't do that is an interpreted language and checks array bounds, if javascript could do this, with or without these bugs it would be a security flaw in itself.
...
Javascript is not C or machine code.

This is common sense and it's what I used to believe too. I totally don't fault you for thinking that.

Now I direct you to section 4.3 of the Spectre paper. You need to read it. This isn't about "you're wrong," it's about "here's something very interesting."

And if you're anything like me, you will be stunned by Listing 3, where it shows the incredible job Chrome did, to compile Javascript to machine code. I had no idea.

Re:Baby out with the bathwater

[Technomancer]

Except when it is. Javascript is very often compiled with JIT to machine code and there exist Spectre exploits that can read whole browser process memory from Javascript. It needs high precision timers and JIT, but it works. Thats why MS in their Spectre mitigation for Edge reduces timer precision and introduces extra jitter.

Re:Baby out with the bathwater

[Eravnrekaree]

Meltdown is easier to exploit, The hacks will get better as well. So it is a very serious problem, information leaks can be very harmful, think passwords and encryption keys. These can then allow for write attacks. Don't underestimate the capabilities of people to find ways to exploit this. It may seem far fetched but time and time again far fetched things have a way of being turned into quite practical exploits.

Re:Baby out with the bathwater

[npslider]

No, they will login as your father’s brother’s nephew’s cousin’s former roommate. Which will give them access to absolutely nothing related to you. ;)

Re:Baby out with the bathwater

[ewibble]

I have read the white paper and now think I understand,

You are not doing an out of bounds memory access at all, what you are doing is making the predictive out of bounds check, that gets loaded into in bounds memory

the only thing that is an issue is getting an accurate enough time, if your machine is fast enough might not work, window.performance.now()

Re:Baby out with the bathwater

[bloodhawk]

The reality is their are hundreds of thousands if not millions of hardware and software combinations, no company or OSS provider can come even close to testing it all for such a significant system change. All they can do is make a best effort.

Re:Baby out with the bathwater

[Anne+Thwacks]

All they can do is make a best effort.

No: it would appear the standard alternative to a best effort is to make a fairly pathetic, half-assed effort.

Re:Baby out with the bathwater

[vivian]

I prefer a car analogy - it's like finding out that you can unlock a car door with a screwdriver, and the patch to fix it welds the door shut.

Re:Baby out with the bathwater

[sjames]

If you're running on a VM in the cloud, it's not that hard for someone else to run an executable (in their own VM) on the same server. Meltdown can cross VMs.

That's why the big rush to a workaround patch.

Re:Baby out with the bathwater

[hcs_$reboot]

Ubuntu case is different. 16.04 is LTS and is supposed to be supported until 2021. In reality, when something is fixed in the latest version (17.10) that could be fixed in 16.04 as well, that's not always the case. And today these patches prove that even security fixes are botched on an older 16.04 version.

Re:Baby out with the bathwater

[OneAhead]

"Major security flaw" is relative. IMHO, the kernel component of the recent speculative execution flaws doesn't come close to heartbleed, shellshock or even krack in terms of being an imminent thread to online safety. It's more in the league of a local privillege escalation, of which close to a dozen get patched per year in the average distro. Sure, it's serious and needs to be patched ASAP, but the sky won't come falling down because of spending a couple more days testing the patches on different machines.

I speculate (obligatory pun) that this panicky response is more driven by be the fear that a major cloud vendor will switch to the competition.

Re:Baby out with the bathwater

[sjames]

I was just pointing out that this isn't the big nothing squiggleslash was claiming. The problem is real and the exploit is practical in several very large environments.

People not in those environments probably should have had a better way to sit back a few days and wait for bug reports.

Re:Running this very thing in AWS right now

[moogied]

Running something on a hypervisor is not the same as running it on bare metal.

Bricked!!?!?! Oh wow!

"have been forced to roll back to an earlier Linux kernel image."

So, not actually bricked then...

WORDS MEAN THINGS!

Re:Bricked!!?!?! Oh wow!

[Antiocheian]

Not even close. A bricked system is useless, unless some software or hardware hack -- not standard recovery procedures -- can restore it.

Re:Bricked!!?!?! Oh wow!

Not even close. A bricked system is useless, unless some software or hardware hack -- not standard recovery procedures -- can restore it.

Rollback to 4.4.0-104 until 4.4.0-109 was released is not a "standard recovery procedure"?

Re:Bricked!!?!?! Oh wow!

[AvitarX]

Doesn't this just mean pressing down in grub once, then setting it to use that kernel by default?

This is barely even a slight annoyance.

Re:Bricked!!?!?! Oh wow!

[El_Muerte_TDS]

It's 2018, we have SmartBricks now. You can change the software of your SmartBricks.

Re:Bricked!!?!?! Oh wow!

[billyoc903]

Yeah, but who's going to click on a link that says "Ubuntu kernels rolled back to the one from the day before yesterday"? Do you know ANYTHING about social media marketing strategies? It's like you're not even trying.

Re:Bricked!!?!?! Oh wow!

[ThanatosMinor]

Article title updated because we used the term "bricking" incorrectly. Bleeping Computer regrets the error.

We apologise for the fault in the title. Those responsible have been sacked.

Re:Bricked!!?!?! Oh wow!

[GameboyRMH]

I would say that if a software hack, or even a simple hardware hack with common tools can fix it, it's not bricked. If you have to get out a JTAG adapter, then it's bricked.

Re:Bricked!!?!?! Oh wow!

No when Microsoft did it, it was not bricking. Several people even pointed it out in the very comments of that Slashdot article.

On the other hand, you have selective memory or didn't even bother to check, because your are a Microsoft fanboi/shill.

Re:Bricked!!?!?! Oh wow!

[celeb8]

YES THANK YOU came here to post this

Re:Bricked!!?!?! Oh wow!

[religionofpeas]

We apologise for the fault in the title. Those responsible have been sacked.

You mean, they've been bricked.

Re:Bricked!!?!?! Oh wow!

[fibonacci8]

We apologise for the fault in the title. Those responsible have been sacked.

You mean, they've been bricked.

A brick once bit my sister.

Re:Bricked!!?!?! Oh wow!

[Cajun+Hell]

It's still in the Slashdot article title. Those responsible for bricking should be bricked.

Re:Bricked!!?!?! Oh wow!

[k.a.f.]

Close, but no cigar. When you have to throw the device away, then it's bricked.

Re:Bricked!!?!?! Oh wow!

[rla3rd]

Those responsible for sacking those have been sacked have been sacked.

Re:Bricked!!?!?! Oh wow!

[TeknoHog]

Most people wouldn't know about JTAG. Bricking could mean different things to different people. I don't usually throw entire devices away because there are always some working components you can salvage. Still, I think it's safe to say that if you can reinstall the OS the usual way, it's definitely not bricked.

Re:Bricked!!?!?! Oh wow!

[greenwow]

That depends on what your definition of meaning means.

Re:Bricked!!?!?! Oh wow!

[ctilsie242]

Exactly. If the kernel scrambled the UEFI files or hosed the firmware beyond recovery, that is a bricking. Having to boot from an earlier kernel in GRUB2... well, that is just an "oh shit", like anything else on the OS side. Definitely not good, but it doesn't mean that you have to buy a new motherboard.

I think part of the confusion come in with a lot of appliances blurring the line between BIOS and OS, combined with the lack of control of the OS. A kernel panic on a phone preventing it from starting could be a "bricking", especially if there is no way to boot a recovery ROM. However, on desktop/server PCs, we still have the option (for now...) to go back to a previous kernel.

Re: Bricked!!?!?! Oh wow!

[AvitarX]

I guess that's a slight annoyance if it doesn't display for a couple seconds during boot.

Re:Bricked!!?!?! Oh wow!

[viperidaenz]

Nah, if you have to press a key during the boot process to bring up a boot menu and select the previous kernel, then it's bricked.

Re:Bricked!!?!?! Oh wow!

[thegarbz]

No, when an end user can't bring the device back to life without spending money going out and buying a JTAG programmer, THEN it is bricked.
If the software problem can't be recovered from the software domain it is bricked. Just because the manufacturer can revive it doesn't make it any less bricked.

Re:Bricked!!?!?! Oh wow!

[innocent_white_lamb]

If you're running a remote machine hundreds of miles away from your own location, or one without a keyboard/monitor on top of an inaccessible rack, then it's more than a slight annoyance. Tell the guy who can no longer log into the remote computer that he just rebooted how slightly he's annoyed.

Re:Bricked!!?!?! Oh wow!

[AvitarX]

Fair point.

It'd be nice if it could fall back to a last known good config like on Windows (not that that ever works, but the way Ubuntu seems to keep old ones seems like it could be made to work).

Re:Bricked!!?!?! Oh wow!

[eneville]

Fair point.

It'd be nice if it could fall back to a last known good config like on Windows (not that that ever works, but the way Ubuntu seems to keep old ones seems like it could be made to work).

Exactly. The headline is rubbish. Part of the kernel installation is to leave the last one in the menu. It's just the new one is a default. If grub is configured with 'savedefault', then the last picked kernel will be chosen for future boots.

Re:Bricked!!?!?! Oh wow!

[dmesg0]

People who run remote machines usually have a way to remotely access the console (e.g. IPMI serial-over-lan, terminal server, virtual KVM, VM instance console etc).
The only exception is the retarded Amazon AWS which still doesn't have an interactive console. If AWS instance doesn't boot you have to mount its storage elsewhere to fix it or restore from a snapshot (really a lot of trouble).

Re:Bricked!!?!?! Oh wow!

[Anne+Thwacks]

if you have to press a key during the boot process to bring up a boot menu and select the previous kernel, then it's bricked.

No. That is trashed, but not bricked. Bricked is when it is not recoverable by means available to members of the general public - not just "stupid Lusers". Bricked is not just when it won't boot a bootable image, but when it does not even appear to try.

Re:Bricked!!?!?! Oh wow!

[Anne+Thwacks]

In words of one syllable: NO. Brick is not a synonym for break in English (except maybe in your house), and most definitely not in relation to computer systems.

YMMV

Re:Bricked!!?!?! Oh wow!

"Bricked" literally means to use it as window key, door stop or boat anchor. If something is "Bricked" then that is ALL it is good for.

Re:Bricked!!?!?! Oh wow!

[viperidaenz]

I must have forgot the </sarcasm>

Re:Bricked!!?!?! Oh wow!

[LesFerg]

That was mean

Re: Bricked!!?!?! Oh wow!

[Monster_user]

That requires advanced knowledge. Selecting a previous kernel is fairly intuitive, and fairly simple. The menus are usually displayed or otherwise made apparent to even the more novice users. Grub boot parameters, particularly those which resulted from changes to the kernel, and this are either new, or their impact is new, are typically not presented nor explained to a user by a b0rked machine.

Re:Bricked!!?!?! Oh wow!

[Hognoxious]

However, on desktop/server PCs, we still have the option (for now...) to go back to a previous kernel.

Shhh! Lennart might be lurking.

Re:Bricked!!?!?! Oh wow!

[Waccoon]

By that reasoning, only [effective] kill switches or DRM will brick a device. Remarkably, most devices these days can still be repaired with a hot air gun.

Ultimate security

[OrangeTide]

Let those hackers try and get into my system now!

Re:Ultimate security

The ME's probably still working...

Re:Ultimate security

[OrangeTide]

That hardly seems fair, because I struggled for years to get MINIX drivers for my WiFi chipset.

Re:Ultimate security

[hcs_$reboot]

A picky one: spectre & meltdown do not help entering your system (not directly at least), the attacker has to be connected to run the programs.

Please stop using bricking incorrectly.

Choosing a different kernel on boot is hardly bricking

Meaning creep

It's not bricking if you can revert to an older kernel. For it to be bricked it has to be completely unusable and only restorable by using another system (for phones, a JTAG programmer).

Re:More bricking...

[Luthair]

Unlike last time this article is click bait, if you can roll back the PC it isn't bricked.

That's not what "bricked" means

[lorien420]

If there's a way to recover the device, then it's not bricked. Picking the previous image in grub, while annoying, is a pretty simple workaround.

Already fixed...

Kernel 4.4.0-109, which fixes this problem, has already been pushed out.
Apparently, the PTI fix was not quite backported correctly.
For details, see https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1741934

Re: Already fixed...

[Likes+Microsoft]

I have the exact same symptom using the -109 update, i.e., attempting to boot that kernel ends up doing a system reboot. Said reboot happens after I've successfully entered my full disk encryption password.

Re: Already fixed...

Try using the "nopti" kernel command-line option. If it boots, then you may want to add a comment to the linked bug report telling them that their fix is not necessarily complete.

Re:Already fixed...

On a Dell Insperon 1750 Kernel 4.4.0-104 boots up OK, but on a shutdown hangs before powering off the PC, leaving it in a running - not shutdown state.
Kernel 4.4.0-109 fixes this. -

Re: Already fixed...

[jrumney]

I don't think that is the same symptom. I updated three servers yesterday - one Skylake, one Broadwell, one Sandy Bridge. The first two went OK, the Sandy Bridge one just locked up part way through the boot - even Ctrl-Alt-Del was non functional, and required a power cycle to reboot and select the old -104 kernel.

Re:This command also bricks Linux computers

[mykepredko]

Really? Let me try i...***Signal Lost***

It is *NOT* bricking!

[Qbertino]

Bricking is the equivalent of applying a killpoke. A software action that makes the hardware henceforth unusable.

This just screws up the kernel and requires you to set up a fresh one, perhaps reinstalling the core system. On Linux this is usually nothing more than a minor annoyance.

Again: it's not bricking. Bricking is when a software update or piece of code renders my smartphone not more useful than a brick and irreversibly so.

Stop using the word just because it's new and describes something significant. It doesn't make your news more interesting, it makes your news false.

Thank you.

Re:It is *NOT* bricking!

It's part of a larger Millennial Trend to make their stupid, worthless "contributions" seem much more impressive.

"literally" -> absolutely, positively NOT literally
"hacking" -> doing something differently, like putting avocado on toast
"crypto" -> some retarded cartoon-backed pseudo currency

Re:It is *NOT* bricking!

You are 100% correct. But your efforts are in vain. The majority of people don't care about that level of linguistic precision. They have usurped the term to simply mean "break" in a more vague and general sense.

They are wrong. But there are more of them than there are of you. So, you are outvoted, and that makes them right.

The world will continue to use "brick" even when it does not apply, no matter how many times you plead for it to stop. It will eventually land in dictionaries as a simple synonym for "break." And there is nothing you can do to stop it.

The truth is sometimes a bitter pill, but once you swallow it, you are better for it.

Mint 18.2 w/ 4.4.0-108.131

[ArhcAngel]

Upgraded my kernel yesterday without issue. Got a notice this morning 4.4.0-109.132 was available.

Not bricked #2305473

[Fly+Swatter]

Press down arrow at boot menu screen.

Re:Not bricked #2305473

[Antique+Geekmeister]

Not all environments allow access to boot menue screens. In particular, virtualized hosts do not allow access unless the owner of the virtual server elects to allow graphical access to the hypervisor. This is technologically feasible but proscribed for basic security reasons by various virtualization providers, such as AWS and many locally administered virtualiztion toolkits.

You keep using that word...

[yorgasor]

I don't think it means what you think it means. If working around the bug means selecting a different item from the menu to boot, it's not really bricked.

Re:You keep using that word...

[hcs_$reboot]

Or maybe the meaning of "bricked" changed over time?

Failed reboot is not "bricking"

[Antique+Geekmeister]

Failing to use a particular new kernel is not "bricking". Bricking, as commonly used, means the physical hardware is unrecoverable and needs to be replaced. Recovering a failed Ubuntu kernel means being able to select a different kernel to boot with. This means console access or access to the disk image. These are problematic and can disable production servers. But it's much less destructive than ruining the physical hardware.

Re: Failed reboot is not "bricking"

[Monster_user]

What I understood the word "brick" to originally mean, was that a device had been rendered so completely unusable that it had no more value or functionality than a brick, as there was no means for anyone other than the manufacturer to restore the device to any form of operation. Usually this was in spite of the fact that the hardware itself was fully functional.

As most of these devices were locked down regarding firmware and encryption, to limit rooting the device, etc., most of the causes were software related, corrupt operating systems and firmware, etc. The manufacturer's design choices made them impossible for a third party to repair. Rarely was it a hardware malfuction or failure.

No problem with 16.04.3 LTS

[BeemerBoy]

Wow! Guess I'm fortunate to have a newer kernel. I was running the 4.10 kernel and the update upgraded me to the 4.13 kernel. All my computers (including one running the equivalent level of Linux Mint) booted just fine with the 4.13.0-26 kernel.

Re:More bricking...

[scumdamn]

It was the same thing with Windows and AMD processors. The PC wouldn't boot the first time but after you hard power it off it boots right up and tells you there was a problem with the update. That's not bricking either.

Not "bricked" - Misleading title

[michaelcole]

From the article comments moments ago:

> Technically, if you are able to boot with an older kernel, your computer is not bricked. ;-)

> You are right. I've updated the title.

I had this problem...

on my Intel desktop running Mint (Ubuntu derivative). I updated the kernel and got a black screen upon reboot. Investigated and found it was freezing the system exactly when the kernel loads. I simply booted the previous kernel and removed this version. A few hours later, I noticed an even newer kernel update was available and updated... problem solved. Total non-issue.

Meltdown and Spectre are serious issues. I see problem this as a bump on the way to a fix. Rarely have I had problems with updating Mint or Ubuntu. But it does happen. The fix was lightning fast.

Not everyone is affected/Nobody "Bricked"

[mykepredko]

Just saw the headline and panicked, checking my Linux systems (all running ubuntu 16.04 LTS) and did a quick check:

myke@mimeticsL01:~$ uname -a
Linux mimeticsL01 4.4.0-108-generic #131-Ubuntu SMP Sun Jan 7 14:34:49 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
myke@mimeticsL01:~$

I've never had a problem with Ubuntu updates (although I RFTA, it sounds like all Ubuntu users have an issue at one time or another). I suspect that the kernel update was tested before it was released so this updates affects some subset of the systems out there.

Like many other people, I was very concerned when i saw the headline saying the updated was "bricking" systems - whoever wrote the headline needs to have the term "bricking" explained to them (ideally with an actual brick).

In the future, msmash, you might want to be a bit less sensational in the headlines and make sure you understand if the terms used in it are correct.

Re:Not everyone is affected/Nobody "Bricked"

[TimMD909]

Just saw the headline and panicked, checking my Linux systems (all running ubuntu 16.04 LTS) and did a quick check:

myke@mimeticsL01:~$ uname -a Linux mimeticsL01 4.4.0-108-generic #131-Ubuntu SMP Sun Jan 7 14:34:49 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux myke@mimeticsL01:~$

I've never had a problem with Ubuntu updates (although I RFTA, it sounds like all Ubuntu users have an issue at one time or another). I suspect that the kernel update was tested before it was released so this updates affects some subset of the systems out there.

Like many other people, I was very concerned when i saw the headline saying the updated was "bricking" systems - whoever wrote the headline needs to have the term "bricking" explained to them (ideally with an actual brick).

In the future, msmash, you might want to be a bit less sensational in the headlines and make sure you understand if the terms used in it are correct.

Asking Ms. Mash to not be sensational is like asking Mike Tyson to pronounce words correctly. Not gonna happen. As Ms. Mash never seems to get the headlines or blurb right, it makes sense that said person's name is a homonym for "mismatch". Got a story about how a guy with cancer went into remission then got a female wiener dog? You'll end up with a headline like "Wiener Dogs Successfully Used to Fight Cancer and Sexism".

"Bricking"

[TheDarkener]

This is not what "bricking" is. If you can fix it (i.e. roll back to an earlier kernel image in this case), it's simply a botched kernel update.

C'mon, msmash.

Re:i have an AMD Ryzen-7 1700 & Radeon RX-580

General advice: Run memtest86, run burn-in programs for CPU and GPU to see if you have an overheating issue.

In linux, watch your GPU fans, for some reason mine wouldn't turn on when needed and I was having overheating issues. As always, if you have problems with radeon cards in linux, install a distro that allows you to use the proprietary drivers from AMD and try that. That fixed my fan issue.

Vast permutations of hardware, 3rd party driver ?

[perpenso]

It seems that these companies (Microsoft and Ubuntu and others) are forgetting everything about sound software development practices here. They're in such a hurry to deploy patches that they aren't taking the time to fully test them. The cure is worse than the ailment.

Both Microsoft and Ubuntu are plagued by the vast permutations of hardware out there, all the combinations of motherboard, cpu, video, etc. Aren't there identified problems with various anti-virus software? Did some driver developer out there try something tricky too that is incompatible with the fix(es)? Historically various problems with Windows came from 3rd party drivers not necessarily Microsoft itself, perhaps Ubuntu is having similar problems?

A web page can now own your system

... so they're implementing this 30% performance penalty to protect users from themselves? ...

Yes, because the flaws can be exploited by sandboxed javascript code; a web page can now own your system.

Re:A web page can now own your system

Meltdown cannot be exploited using Javascript. Spectre can, but is very hard to exploit, and access is limited to the web browser's own process memory. And most browsers are moving to limit the number of web pages that are handled per process, so even this is limited.

Everyone needs to stop blowing this out of proportion. Meltdown is a major issue if you sell VPSes; for the rest it's only an issue if you allow unvetted third party binaries to run on your computer, and even then it only slightly makes security worse (how many people seriously need access to more than your user area to exploit you?) Spectre isn't an issue yet, it's very hard to exploit, and it'll become harder now web browser makers know about it.

Re:A web page can now own your system

[scdeimos]

Meltdown cannot be exploited using Javascript.

Yes it can, even WebKit says so...

Meltdown means that userland code, such as JavaScript running in a web browser, can read kernel memory. Not all CPUs are affected by Meltdown and Meltdown is being mitigated by operating system changes. Mounting a Meltdown attack via JavaScript running in WebKit requires first bypassing branch-based security checks, like in the case of a Spectre attack. Therefore, Spectre mitigations that fix the branch problem also prevent an attacker from using WebKit as the starting point for Meltdown.

REF: https://webkit.org/blog/8048/w...

Most browser vendors are implementing many changes to mitigate Meltdown and Spectre, including things like reducing the precision of high-fidelity timers from 5us to 20us +/- 20us, disabling SharedArrayBuffers and recompiling with Spectre-aware compilers.

No bricking here! Just..

[forgottenusername]

All new crashes:

[ 22.462856] kernel BUG at /build/linux-J4_1pC/linux-4.4.0/mm/slub.c:3627!
[ 22.462874] invalid opcode: 0000 [#1] SMP

Yay for regressions.

Not when it's horribly exaggerated

[raymorris]

If Microsoft released an update that required two key presses to fix and some moron claimed in the headline that it "bricked" computers, we'd have chorus of people saying "the author is an idiot. That's not bricked.". I imagine we'll get the same response today.

It's like most of MD Solar's submissions. There may be a kernel of truth somewhere in them, but they are so wildly exaggerated that the appropriate response is an outpouring of derision for the misleading articles and headlines, not hunting for so hint of something kinda true among the bullshit.

Thank the FSM...

[sconeu]

I'd previously upgraded to 4.10.x (for some hardware support). Xenial still wanted me to do the 4.4.0-108 kernel. Needless to say, I didn't do it.

Re:More bricking...

[sinij]

Unlike last time this article is click bait, if you can roll back the PC it isn't bricked.

My patching script includes purging of all old kernel versions.

... but what about...

I said ALL! It bricked. I need a new laptop now. Can't be helped.

Re:i have an AMD Ryzen-7 1700 & Radeon RX-580

[sa666_666]

I had to add "rcu_nocbs=0-15" to the grub kernel arguments. I'm running an 1800x and RX480, so not too different from yours. Previously it was locking up at least twice a day, now it hasn't had one lockup in over a month.

NOT "Bricking", read TFA

[old_skul]

A bricked machine is completely useless. If you can roll back to an earlier kernel, you are not bricked. Read the article and don't just parrot a clickbait headline.

Re:More bricking...

[lactose99]

If you thought you're PC was bricked, you REALLY want to see this...

Bricking vs Bricking

[Cro+Magnon]

IMO, there's a difference between bricking a Linux box vs a Windows box. Unless you have a System 76, you probably installed Linux yourself, or had your nephew do it. That means you have the install media and can reinstall the damn thing.

OTOH, Windows machines don't come with install disks. If Windows is foobar, then for all intensive porpoises, it's bricked (short of taking it to a PC repair place that will unbrick it for what you can pay for a new one).

Kernel 4.4.0-109.132 has been issued to fix this

[w1zz4]

Kernel 4.4.0-109.132 has been issued to fix this

Re:Blame The Register for early story release

[sl3xd]

Anybody actually paying attention knew well before The Register printed anything.

The flaw was spelled out reasonably well by LWN as far back as November 15th, and it was noted that it was highly unusual for the patchset to be fast-tracked as it was. LWN also mentioned the initial KPTI patchset (then called KAISER) about a week earlier than that (Nov 10th). A month later, LWN followed up (including notes that ARM64 was affected) - more than a week before The Resister printed anything.

It was clear that something monumental was on the horizon, and that it was related to memory protection.

It was even clear that there was an information embargo in place, because comments were scrubbed from the associated patches.

It's been reasonably public for close to two months now.

The unknowns were more along the lines of "How deep is this pool of excrement," and "Which animal made it." Major OS patches were a fargone conclusion.

Thank God for Slashdot...

[dbreeze]

...and a slow ISP(Frontier). I was actually in the process of downloading the update when I stumbled across this article and canceled the update. It is the xxxx.109.x kernel update but I've seen at least 1 report of that still having an issue here. I'll just wait a couple of days for this to get sorted out....

Re:Thank God for Slashdot...

[dbreeze]

https://news.slashdot.org/comm...

might be 4.4

[btroy]

I ran into a similar issue on an old AMD machine in another distro. Changed a kernel option to noapic and it worked.

Re: More bricking...

[Monster_user]

Swap HDD, install a copy of the OS with the kernel that boots, then copy the kernel files from the new hdd to the old one running the b0rked OS. Correct the links in the root of the drive, and it boots.

Or you could just boot the new HDD, and pull the data off the old drive into the new install. Presto! Laptop works again.

Re: Microsoft's problem?

[Monster_user]

I'm surprised that I am agreeing with the AC here.

Ubuntu may be a "free" OS, built around what was once a hobby for a bunch of nerds. That doesn't excuse where it is strategically positioned. Ubuntu is now included with Microsoft Windows. It is a part of a truly commercial desktop system. They are backed by a commercial entity in Canonical, which provides enterprise level support to compete with RedHat, etc.

In my experience, kernel updates, which deploy as part of the normal update process, are not trivial. I stopped using, and eventually deleted Ubuntu from my PC altogether, due to non-trivial kernel updates b0rking my system every single time I updated from one release to the next. Literally, every single time. At work I'm running into the other problem of inodes and/or disk space filling up on volumes containing the kernels or kernel sources, resulting in failed kernel upgrades and non-booting servers. I put up with it because Microsoft needs some competition, but I'm burned out on Ubuntu.

Re:Running this very thing in AWS right now

[fizzer06]

uname -a
******* 4.13.0-26-generic #29~16.04.2-Ubuntu SMP Tue Jan 9 22:00:44 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux

My CPU is: Intel Core i3-2120 CPU @ 3.30Ghz

Updated my Linux Mint 18.3 Cinnamon 64 bit this afternoon and all is well after reboot.
Ran sysbench tests on CPU and File IO before and after and noticed no difference.

BRICKING???

[OneAhead]

You keep on using that word... Are you telling me that nobody knows that in the default Ubuntu boot menu, on can select an older (non-freezing) kernel image with a few keypresses in an extremely user-friendly fashion. This isn't even remotely close to "bricking". Heck, "bricking" resides in another galaxy.

Updated

[TuxThePenguin2205]

4.4.0-109 was released to fix the regression last night https://usn.ubuntu.com/usn/usn... for me 4.4.0-108 booted successfully and OOPSed on shutdown

Ubuntu 16.04.3 with kernel 4.4.0-109-generic

[jjohn_h]

Absolutely no disturbances with Ubuntu 16.04.3 with kernel 4.4.0-109-generic.

Hysterical headline

[Tough+Love]

The headline: "Meltdown and Spectre Patches Bricking Ubuntu"

The reality: The new kernel you upgraded to won't boot. So at the grub menu, scroll down to your old kernel and boot that. Good thing this kind of issue was anticipated and is easy to deal with as a result.

It's not bricking

[Tighe_L]

Bricking is when you cannot interact with the device, making it the equivalent of a brick. Please stop saying when a OS install is messed up it is bricked.

NOT A BRICK

[p0larity]

If you can roll back, it's not a brick. Can we stop inappropriately using the term brick? Brick means no reasonable way of installing working software as an end user.

When something is bricked you need to JTAG flash it using extra hardware, or it's simply dead.

How to know something will not be bricked in 2018: it says it'll be bricked on /.

smh