I was never able to reproduce this issue on Ubuntu 14.04 but, after reviewing the Spectre V2 mitigations in the 3.13 based 14.04 kernel, I think the 14.04 kernel could be affected by this bug. Additionally, I didn't want the decision on when to make use of IBPB to be different in 14.04 than in all of the newer Ubuntu releases (16.04, 17.10, and soon to be 18.04). That's why I marked this bug as affecting 14.04 and submitted a fix for that kernel.
That being said, I don't think that we have any 14.04 users watching this bug so I did some SRU verification work myself. I installed sssd, the 3.13.0-145.194 kernel from trusty-proposed, and experienced no issues. I verified that the /proc/sys/kernel/ibpb_enabled file reported '1', indicating that IBPB was enabled. I also verified that the IBRS/IBPB/retpoline/spectre messages emitted from the kernel at boot time were as-expected. Retpoline was present, IBRS was disabled (due to retpoline), and IBPB was enabled. ** Tags removed: verification-needed-trusty ** Tags added: verification-done-trusty -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1759920 Title: intel-microcode 3.20180312.0 causes lockup at login screen(w/ linux- image-4.13.0-37-generic) Status in intel-microcode package in Ubuntu: Invalid Status in linux package in Ubuntu: Invalid Status in intel-microcode source package in Trusty: Invalid Status in linux source package in Trusty: Fix Committed Status in intel-microcode source package in Xenial: Invalid Status in linux source package in Xenial: Fix Committed Status in intel-microcode source package in Artful: Invalid Status in linux source package in Artful: Fix Committed Bug description: [Impact] * Some systems experience kernel lockups after updating to the latest intel-microcode package or when receiving updated microcode from a BIOS update. * In many cases, the lockups occur before users can reach the login screen which makes it very difficult to debug/workaround. [Test Case] * The most reliable test case currently known is to install the sssd package. Lockups may occur during package installation (disable IBPB by writing 0 to /proc/sys/kernel/ibpb_enabled to prevent this from happening). A lockup will most likely occur just after booting the system up as the lock screen is displayed. [Regression Potential] * The fix is in the task switching code of the kernel so complexity of the change is relatively high. [Original Report] I don't know if this is a problem with the kernel or the microcode, but we have a significant number of computers in our organization (on both 16.04 and 17.10) that fail if they have both updated. Booting with either linux-image-4.13.0-36-generic or intel-microcode 3.20180108.0+really20170707ubuntu17.10.1 allows all these computers to boot. ## Workaround ## 1. Boot the system with the dis_ucode_ldr kernel boot parameter to temporary avoid the problem: https://wiki.ubuntu.com/Kernel/KernelBootParameters 2. Install the previous version of package from https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa/+build/14261530/+files/intel-microcode_3.20180108.0+really20170707ubuntu16.04.1_amd64.deb 3. (Optional) Hold the package so that it won't be upgraded accidentally sudo apt-mark hold intel-microcode To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/intel-microcode/+bug/1759920/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp