-2

Spectre protection (Retpoline) was released for Kernel 4.9.77 and 4.14.14 by the Linux Kernel team on January 15, 2018. The Ubuntu Kernel team only released kernel version 4.9.77 on January 17, 2018 and have not published kernel version 4.14.14.

For the Meltdown patches (KPTI->KAISER->KASLR) the Ubuntu Kernel team released the Mainline Kernel updates at the same time for 4.9 and 14.14 but the Spectre patch is missing in 4.14:

  • 4.9.74 Jan 2nd 9:10pm ....... 4.14.11 Jan 2nd 10:40pm
  • 4.9.75 Jan 5th 4:20pm ........ 4.14.12 Jan 5th 5:40pm
  • 4.9.76 Jan 10th 10:20am .... 4.14.13 Jan 10th 10:50am
  • 4.9.77 Jan 17th 10:20am .... 4.14.14 Missing

Mainline/Stable Ubuntu Kernel version 4.14.14 is still missing as of Jan 20th 5:46pm. Three days late and counting... I like to test the latest stable kernels and this is even more important now with the Spectre security hole.

I've googled for reasons but came up empty handed. Is there a newsletter or something that would explain why? Or is it as simple as someone forgot to push a button?

NOTE: Spectre protection is not being provided for LTS Kernels 4.4 and 3.18 by the Linux Kernel team however they have updated sysfs to indicate Spectre vulnerability. So far the only LTS Kernel versions offering Spectre protection are 4.9 and 4.14.

Current Release Candidate (experimental kernel) 4.15 will soon have Spectre protection. Ubuntu 18.04 (Bionic Beaver) will be based upon 4.15 in April when it is no longer a Release Candidate and becomes a Mainline/Stable Kernel.

End of Story

Thanks to Thomas Ward's help I got in touch with the Ubuntu Kernel Team and Mainline/Stable Ubuntu Kernel version 4.14.14 was published January 20, 2018 at 1:10pm.

Community
  • 1
WinEunuuchs2Unix
  • 102,282
  • Have you considered reaching out to the kernel team directly and asking? – Thomas Ward Jan 20 '18 at 01:21
  • @ThomasWard If I changed "Why" to "When" it would be worse. Not being an insider like yourself I have no idea how to email Ubuntu Kernel Team. 4.13 is in the repositories I think but has no Spectre protection. I have installed 4.9.77 but Skylake, NVMe and ATH10K Linux kernel support are better on the 4.14 LTS kernel branch. When it comes to kernel and drivers support the Linux team is important. When it comes to Unity, support is important from the Ubuntu team. I understand "no support" but, the devil is in the details. I have Ubuntu 16.04 LTS 4.4.0 kernels too I just want to test Spectre out. – WinEunuuchs2Unix Jan 20 '18 at 01:21
  • 1
    spits out a wiki link https://wiki.ubuntu.com/KernelTeam has mailing lists listed :p – Thomas Ward Jan 20 '18 at 01:30
  • Well at least that gets me out of /dev/null :p Thanks! I will email them. – WinEunuuchs2Unix Jan 20 '18 at 01:32
  • Voting to reopen. I've changed the title from Why only Spectre Protection for Ubuntu Mainline Kernel 4.9.77? which led some to close as a duplicate of Meltdown / Spectre status in Ubuntu. The new title Why was kernel 4.9.77 released but not 4.14.14 is more specific. – WinEunuuchs2Unix Jan 20 '18 at 18:23
  • it then becomes "offtopic" because the experimental mainline kernels are experimental and not supported so you can't get valid answers. – Thomas Ward Jan 20 '18 at 21:09
  • @ThomasWard I'm probably guilty of bending the rules but thanks to your help last night the problem was solved. So I guess the end justifies the means? Closing this as "off topic" makes more sense that the "duplicate" candidate currently selected. That said there are dozens of Mainline questions and answer in Ask Ubuntu going back many years that I know of. Also I view "Release Candidate" kernels as "experimental". I wouldn't classify Mainline/Stable Ubuntu kernels the same way. That said thank you very much for your help last night :) – WinEunuuchs2Unix Jan 20 '18 at 21:26

1 Answers1

2

The mainline builds are intended for debugging only. As such they are completely automated builds of the tags as they appear. I have reviewed the logs and the v4.14.14 build was requested from the build farm. It never appears to have been published. I have not found any evidence as to why. It has been re-requested.

Missing builds are best reported on IRC on freenode #ubuntu-kernel or on the Ubuntu Kernel Team mailing list.

Finally, just having patches for retpoline applied does not imply that those builds are built with sufficiently new enough compilers carrying the required patches to enable the retpoline thunk.

Andy
  • 852