Choose style:

Author Topic: Post Meltdown, Spectre and other Intel issues  (Read 7607 times)

0 Members and 1 Guest are viewing this topic.

Offline VinDSL

  • Global Moderator
  • Hero
  • *****
  • Posts: 5418
  • Karma: 951
  • Peppermint Mod
    • View Profile
  • Peppermint version(s): Developmental Builds
Re: Post Meltdown, Spectre and other Intel issues
« Reply #75 on: January 30, 2018, 05:25:46 pm »
Seems the default kernel is the best for now :)

You've crystallized my thoughts exactly  :)

Offline DAMIEN1307

  • Member
  • ***
  • Posts: 154
  • Karma: 11
  • non illigitamus carborundum est
    • View Profile
  • Peppermint version(s): Peppermint 8.5 (Respin) 64 bit
Re: Post Meltdown, Spectre and other Intel issues
« Reply #76 on: January 31, 2018, 03:45:40 am »
hi pin....sorry pin...i meant vin when i was mentioning that kernel 4.15...tough getting old...lol...DAMIEN
ORDO AB CHAO

Offline pin

  • Trusted User
  • Veteran
  • *****
  • Posts: 1837
  • Karma: 258
    • View Profile
Re: Post Meltdown, Spectre and other Intel issues
« Reply #77 on: January 31, 2018, 12:43:04 pm »
On Peppermint 7
Code: [Select]
pedro@peppermint7 ~ $ uname -a
Linux peppermint7 4.4.0-112-generic #135-Ubuntu SMP Fri Jan 19 11:48:36 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
Code: [Select]
CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Kernel has array_index_mask_nospec:  NO
* Checking count of LFENCE instructions following a jump in kernel:  YES  (71 jump-then-lfence instructions found, which is >= 30 (heuristic))
> STATUS:  NOT VULNERABLE  (Kernel source has PROBABLY been patched to mitigate the vulnerability (jump-then-lfence instructions heuristic))

CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigation 1
  * Kernel is compiled with IBRS/IBPB support:  YES
  * Currently enabled features
    * IBRS enabled for Kernel space:  NO
    * IBRS enabled for User space:  NO
    * IBPB enabled:  NO
* Mitigation 2
  * Kernel compiled with retpoline option:  NO
  * Kernel compiled with a retpoline-aware compiler:  NO
  * Retpoline enabled:  NO
> STATUS:  VULNERABLE  (IBRS hardware + kernel support OR kernel with retpoline are needed to mitigate the vulnerability)

CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Kernel supports Page Table Isolation (PTI):  YES
* PTI enabled and active:  YES
* Running as a Xen PV DomU:  NO
> STATUS:  NOT VULNERABLE  (PTI mitigates the vulnerability)

A false sense of security is worse than no security at all, see --disclaimer
« Last Edit: January 31, 2018, 12:44:39 pm by pin »

Offline pin

  • Trusted User
  • Veteran
  • *****
  • Posts: 1837
  • Karma: 258
    • View Profile
Re: Post Meltdown, Spectre and other Intel issues
« Reply #78 on: February 01, 2018, 01:54:20 pm »
Apparently, one will hardly notice the impact on performance due to Meltdown and Spectre patches  :D
http://news.softpedia.com/news/linux-systems-running-newer-kernels-not-affected-by-meltdown-and-spectre-patches-519639.shtml

Online PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 26129
  • Karma: 2845
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 10
Re: Post Meltdown, Spectre and other Intel issues
« Reply #79 on: February 01, 2018, 03:29:01 pm »
Ubuntu have today (01-Feb-2018) added a new version of the 4.15 kernel (4.15.0-041500) to the mainline kernel PPA:
http://kernel.ubuntu.com/~kernel-ppa/mainline/v4.15/

Like the default 4.13.0-32 kernel it's mitigated against Meltdown and ONE of the two Spectre variants.

But weirdly, according to the spectre-meltdown-checker.sh script 4.15 is vulnerable to Spectre variant 1, whereas the default 4.13 is vulnerable to variant 2

Default kernel 4.13.0-32
Code: [Select]
mark@Dell-E6530 ~ $ uname -a
Linux Dell-E6530 4.13.0-32-generic #35~16.04.1-Ubuntu SMP Thu Jan 25 10:13:43 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
mark@Dell-E6530 ~ $ sudo /home/$USER//Desktop/spectre-meltdown-checker.sh
Spectre and Meltdown mitigation detection tool v0.34

Checking for vulnerabilities on current system
Kernel is Linux 4.13.0-32-generic #35~16.04.1-Ubuntu SMP Thu Jan 25 10:13:43 UTC 2018 x86_64
CPU is Intel(R) Core(TM) i7-3740QM CPU @ 2.70GHz

Hardware check
* Hardware support (CPU microcode) for mitigation techniques
  * Indirect Branch Restricted Speculation (IBRS)
    * SPEC_CTRL MSR is available:  NO
    * CPU indicates IBRS capability:  NO
  * Indirect Branch Prediction Barrier (IBPB)
    * PRED_CMD MSR is available:  NO
    * CPU indicates IBPB capability:  NO
  * Single Thread Indirect Branch Predictors (STIBP)
    * SPEC_CTRL MSR is available:  NO
    * CPU indicates STIBP capability:  NO
  * Enhanced IBRS (IBRS_ALL)
    * CPU indicates ARCH_CAPABILITIES MSR availability:  NO
    * ARCH_CAPABILITIES MSR advertises IBRS_ALL capability:  NO
  * CPU explicitly indicates not being vulnerable to Meltdown (RDCL_NO):  NO
  * CPU microcode is known to cause stability problems:  NO  (model 58 stepping 9 ucode 0x1c)
* CPU vulnerability to the three speculative execution attacks variants
  * Vulnerable to Variant 1:  YES
  * Vulnerable to Variant 2:  YES
  * Vulnerable to Variant 3:  YES

CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Kernel has array_index_mask_nospec:  NO
* Checking count of LFENCE instructions following a jump in kernel:  YES  (68 jump-then-lfence instructions found, which is >= 30 (heuristic))
> STATUS:  NOT VULNERABLE  (Kernel source has PROBABLY been patched to mitigate the vulnerability (jump-then-lfence instructions heuristic))

CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigation 1
  * Kernel is compiled with IBRS/IBPB support:  YES
  * Currently enabled features
    * IBRS enabled for Kernel space:  NO
    * IBRS enabled for User space:  NO
    * IBPB enabled:  NO
* Mitigation 2
  * Kernel compiled with retpoline option:  NO
  * Kernel compiled with a retpoline-aware compiler:  NO
  * Retpoline enabled:  NO
> STATUS:  VULNERABLE  (IBRS hardware + kernel support OR kernel with retpoline are needed to mitigate the vulnerability)

CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Kernel supports Page Table Isolation (PTI):  YES
* PTI enabled and active:  YES
* Running as a Xen PV DomU:  NO
> STATUS:  NOT VULNERABLE  (PTI mitigates the vulnerability)

A false sense of security is worse than no security at all, see --disclaimer
NEW 4.15.0-041500 kernel
Code: [Select]
mark@Dell-E6530 ~ $ uname -a
Linux Dell-E6530 4.15.0-041500-generic #201802011154 SMP Thu Feb 1 11:55:45 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
mark@Dell-E6530 ~ $ sudo /home/$USER//Desktop/spectre-meltdown-checker.sh
[sudo] password for mark:
Spectre and Meltdown mitigation detection tool v0.34

Checking for vulnerabilities on current system
Kernel is Linux 4.15.0-041500-generic #201802011154 SMP Thu Feb 1 11:55:45 UTC 2018 x86_64
CPU is Intel(R) Core(TM) i7-3740QM CPU @ 2.70GHz

Hardware check
* Hardware support (CPU microcode) for mitigation techniques
  * Indirect Branch Restricted Speculation (IBRS)
    * SPEC_CTRL MSR is available:  NO
    * CPU indicates IBRS capability:  NO
  * Indirect Branch Prediction Barrier (IBPB)
    * PRED_CMD MSR is available:  NO
    * CPU indicates IBPB capability:  NO
  * Single Thread Indirect Branch Predictors (STIBP)
    * SPEC_CTRL MSR is available:  NO
    * CPU indicates STIBP capability:  NO
  * Enhanced IBRS (IBRS_ALL)
    * CPU indicates ARCH_CAPABILITIES MSR availability:  NO
    * ARCH_CAPABILITIES MSR advertises IBRS_ALL capability:  NO
  * CPU explicitly indicates not being vulnerable to Meltdown (RDCL_NO):  NO
  * CPU microcode is known to cause stability problems:  NO  (model 58 stepping 9 ucode 0x1c)
* CPU vulnerability to the three speculative execution attacks variants
  * Vulnerable to Variant 1:  YES
  * Vulnerable to Variant 2:  YES
  * Vulnerable to Variant 3:  YES

CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Mitigated according to the /sys interface:  NO  (kernel confirms your system is vulnerable)
* Kernel has array_index_mask_nospec:  NO
* Checking count of LFENCE instructions following a jump in kernel:  NO  (only 6 jump-then-lfence instructions found, should be >= 30 (heuristic))
> STATUS:  VULNERABLE  (Kernel source needs to be patched to mitigate the vulnerability)

CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigated according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
* Mitigation 1
  * Kernel is compiled with IBRS/IBPB support:  NO
  * Currently enabled features
    * IBRS enabled for Kernel space:  NO
    * IBRS enabled for User space:  NO
    * IBPB enabled:  NO
* Mitigation 2
  * Kernel compiled with retpoline option:  YES
  * Kernel compiled with a retpoline-aware compiler:  YES  (kernel reports full retpoline compilation)
  * Retpoline enabled:  YES
> STATUS:  NOT VULNERABLE  (Mitigation: Full generic retpoline)

CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Mitigated according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
* Kernel supports Page Table Isolation (PTI):  YES
* PTI enabled and active:  YES
* Running as a Xen PV DomU:  NO
> STATUS:  NOT VULNERABLE  (Mitigation: PTI)

A false sense of security is worse than no security at all, see --disclaimer
So make of that what you will, toss a coin, and take your pick ???
« Last Edit: February 01, 2018, 03:32:14 pm by PCNetSpec »
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec

Offline pin

  • Trusted User
  • Veteran
  • *****
  • Posts: 1837
  • Karma: 258
    • View Profile
Re: Post Meltdown, Spectre and other Intel issues
« Reply #80 on: February 01, 2018, 03:34:41 pm »
Yeap! That's it  ???
My Peppermint 7 system is vulnerable to v2 and not v1, but my Void system is vulnerable to v1 and not v2 (see above).
Hum! Why can't one get both?
« Last Edit: February 02, 2018, 12:18:57 am by pin »

Online PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 26129
  • Karma: 2845
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 10
Re: Post Meltdown, Spectre and other Intel issues
« Reply #81 on: February 01, 2018, 03:46:54 pm »
Good question.

Maybe the next 4.13 default kernel will be compiled with a retpoline aware compiler .. and/or 4.15 will get the jump-then-lfence patches.

My money's on the default 4.13 kernel being first .. but who knows ???
(unless 4.15 hits hwe-edge first)
« Last Edit: February 01, 2018, 04:09:28 pm by PCNetSpec »
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec

Offline pin

  • Trusted User
  • Veteran
  • *****
  • Posts: 1837
  • Karma: 258
    • View Profile
Re: Post Meltdown, Spectre and other Intel issues
« Reply #82 on: February 07, 2018, 01:50:40 pm »
 :-\ On January 31 the 4.4.0 was bumped to 4.4.0-114, http://news.softpedia.com/news/linux-kernels-4-14-16-4-9-79-4-4-114-and-3-18-93-are-now-available-to-download-519640.shtml
One week latter I'm still running the latest from the repos, i.e 4.4.0-112??

Is it possible to know when it will hit the repos?
On Void, I can trace a package build in real-time here, https://build.voidlinux.eu/waterfall

Is there something similar for Ubuntu?

Offline VinDSL

  • Global Moderator
  • Hero
  • *****
  • Posts: 5418
  • Karma: 951
  • Peppermint Mod
    • View Profile
  • Peppermint version(s): Developmental Builds
Re: Post Meltdown, Spectre and other Intel issues
« Reply #83 on: February 08, 2018, 02:35:48 am »
Looks like they got out ...  8)


Spoiler (click here to view / hide)

----------------
NO VULNS
----------------

╭─vindsl@Boogaloo-5 ~ 
╰─➤  sudo /usr/bin/spectre-meltdown-checker                             
[sudo] password for vindsl:
Spectre and Meltdown mitigation detection tool v0.32

Checking for vulnerabilities against running kernel Linux 4.15.2-041502-generic #201802072230 SMP Wed Feb 7 22:32:02 UTC 2018 x86_64
CPU is  Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz

CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Checking whether we're safe according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
> STATUS:  NOT VULNERABLE  (Mitigation: __user pointer sanitization)

CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Checking whether we're safe according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
> STATUS:  NOT VULNERABLE  (Mitigation: Full generic retpoline - vulnerable module loaded)

CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Checking whether we're safe according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
> STATUS:  NOT VULNERABLE  (Mitigation: PTI)

A false sense of security is worse than no security at all, see --disclaimer

----------------------------------------
PEPPERMINT IS STILL FLYING
----------------------------------------

╭─vindsl@Boogaloo-5 ~ 
╰─➤  systemd-analyze time                               
Startup finished in 1.670s (kernel) + 2.144s (userspace) = 3.815s
╭─vindsl@Boogaloo-5 ~ 
╰─➤  systemd-analyze critical-chain                     
The time after the unit is active or started is printed after the "@" character.
The time the unit takes to start is printed after the "+" character.

graphical.target @2.141s
└─multi-user.target @2.141s
  └─smbd.service @1.994s +146ms
    └─nmbd.service @1.612s +381ms
      └─network-online.target @1.609s
        └─network.target @1.609s
          └─networking.service @1.332s +241ms
            └─network-pre.target @1.311s
              └─resolvconf.service @1.297s +3ms
                └─system.slice @105ms
                  └─-.slice @96ms

-----------
CONFIG
-----------

╭─vindsl@Boogaloo-5 ~ 
╰─➤  inxi -Fxz -v1 -c0                                   
System:    Host: Boogaloo-5 Kernel: 4.15.2-041502-generic x86_64 (64 bit gcc: 7.2.0) Desktop: N/A
           Distro: Peppermint Seven
Machine:   System: Dell product: OptiPlex 7010 v: 01
           Mobo: Dell model: 0GXM1W v: A02 Bios: Dell v: A25 date: 05/10/2017
CPU:       Quad core Intel Core i5-3470 (-MCP-) cache: 6144 KB
           flags: (lm nx sse sse2 sse3 sse4_1 sse4_2 ssse3 vmx) bmips: 25541
           clock speeds: max: 3600 MHz 1: 1596 MHz 2: 1596 MHz 3: 1596 MHz 4: 1596 MHz
Graphics:  Card: NVIDIA GK208 [GeForce GT 710B] bus-ID: 01:00.0
           Display Server: X.Org 1.19.5 drivers: nvidia (unloaded: fbdev,vesa,nouveau)
           Resolution: 1920x1080@60.00hz, 1920x1080@60.00hz, 2560x1080@60.00hz
           GLX Renderer: GeForce GT 710/PCIe/SSE2 GLX Version: 4.6.0 NVIDIA 390.25 Direct Rendering: Yes
Audio:     Card-1 Intel 7 Series/C210 Series Family High Definition Audio Controller
           driver: snd_hda_intel bus-ID: 00:1b.0
           Card-2 NVIDIA GK208 HDMI/DP Audio Controller driver: snd_hda_intel bus-ID: 01:00.1
           Sound: Advanced Linux Sound Architecture v: k4.15.2-041502-generic
Network:   Card: Intel 82579LM Gigabit Network Connection driver: e1000e v: 3.2.6-k port: f040 bus-ID: 00:19.0
           IF: eno1 state: up speed: 1000 Mbps duplex: full mac: <filter>
Drives:    HDD Total Size: 1250.3GB (11.7% used) ID-1: /dev/sda model: Samsung_SSD_850 size: 250.1GB temp: 0C
           ID-2: /dev/sdb model: HGST_HTS721010A9 size: 1000.2GB temp: 38C
Partition: ID-1: / size: 20G used: 9.2G (50%) fs: ext4 dev: /dev/sda5
           ID-2: /home size: 30G used: 13G (44%) fs: ext4 dev: /dev/sda6
           ID-3: swap-1 size: 0.54GB used: 0.00GB (0%) fs: swap dev: /dev/sda7
           ID-4: swap-2 size: 0.54GB used: 0.00GB (0%) fs: swap dev: /dev/sda10
RAID:      No RAID devices: /proc/mdstat, md_mod kernel module present
Sensors:   System Temperatures: cpu: 29.8C mobo: 27.8C gpu: 0.0:55C
           Fan Speeds (in rpm): cpu: N/A
Info:      Processes: 190 Uptime: 4 min Memory: 481.5/15995.9MB Init: systemd runlevel: 5 Gcc sys: 5.4.0
           Client: Shell (zsh 5.1.1) inxi: 2.2.35
[close]



Offline pin

  • Trusted User
  • Veteran
  • *****
  • Posts: 1837
  • Karma: 258
    • View Profile
Re: Post Meltdown, Spectre and other Intel issues
« Reply #84 on: February 08, 2018, 03:10:21 am »
Cheers Vin  :-*! Will update tonight.

Offline Slim.Fatz

  • Trusted User
  • Veteran
  • *****
  • Posts: 1807
  • Karma: 472
  • Where's the mouse?
    • View Profile
  • Peppermint version(s): Peppermint 7, 8.5 & 10 - 64bit
Re: Post Meltdown, Spectre and other Intel issues
« Reply #85 on: February 08, 2018, 03:54:02 am »
Hi everyone,

FYI -- I just installed kernel 4.14.18 from this site and then rebooted. The  script spectre-meltdown-checker.sh (version 34+) produced the following output:

Spoiler (click here to view / hide)
Spectre and Meltdown mitigation detection tool v0.34+

Checking for vulnerabilities on current system
Kernel is Linux 4.14.18-041418-generic #201802071730 SMP Wed Feb 7 22:32:33 UTC 2018 x86_64
CPU is Intel(R) Core(TM) i3-4030U CPU @ 1.90GHz

Hardware check
* Hardware support (CPU microcode) for mitigation techniques
  * Indirect Branch Restricted Speculation (IBRS)
    * SPEC_CTRL MSR is available:  NO
    * CPU indicates IBRS capability:  NO
  * Indirect Branch Prediction Barrier (IBPB)
    * PRED_CMD MSR is available:  NO
    * CPU indicates IBPB capability:  NO
  * Single Thread Indirect Branch Predictors (STIBP)
    * SPEC_CTRL MSR is available:  NO
    * CPU indicates STIBP capability:  NO
  * Enhanced IBRS (IBRS_ALL)
    * CPU indicates ARCH_CAPABILITIES MSR availability:  NO
    * ARCH_CAPABILITIES MSR advertises IBRS_ALL capability:  NO
  * CPU explicitly indicates not being vulnerable to Meltdown (RDCL_NO):  NO
  * CPU microcode is known to cause stability problems:  NO  (model 69 stepping 1 ucode 0x20)
* CPU vulnerability to the three speculative execution attacks variants
  * Vulnerable to Variant 1:  YES
  * Vulnerable to Variant 2:  YES
  * Vulnerable to Variant 3:  YES

CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Mitigated according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
* Kernel has array_index_mask_nospec:  YES  (1 occurence(s) found of 64 bits array_index_mask_nospec())
> STATUS:  NOT VULNERABLE  (Mitigation: __user pointer sanitization)

CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigated according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
* Mitigation 1
  * Kernel is compiled with IBRS/IBPB support:  NO
  * Currently enabled features
    * IBRS enabled for Kernel space:  NO
    * IBRS enabled for User space:  NO
    * IBPB enabled:  NO
* Mitigation 2
  * Kernel compiled with retpoline option:  YES
  * Kernel compiled with a retpoline-aware compiler:  YES  (kernel reports full retpoline compilation)
  * Retpoline enabled:  NO
> STATUS:  NOT VULNERABLE  (Mitigation: Full generic retpoline)

CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Mitigated according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
* Kernel supports Page Table Isolation (PTI):  YES
* PTI enabled and active:  YES
* Running as a Xen PV DomU:  NO
> STATUS:  NOT VULNERABLE  (Mitigation: PTI)

A false sense of security is worse than no security at all, see --disclaimer
[close]

Note: finally Spectre Variant 1, Spectre Variant 2 and Meltdown (aka Variant 3) all came out as

STATUS: NOT VULNERABLE

Hooray !! First time I have seen all three with this result !!  8)

My machine:

Spoiler (click here to view / hide)
$ inxi -Fz
System:    Host: x10 Kernel: 4.14.18-041418-generic x86_64 (64 bit) Desktop: N/A
           Distro: Peppermint Eight
Machine:   Mobo: Acer model: BA50_HB v: V1.09 Bios: Insyde v: V1.09 date: 07/11/2014
CPU:       Dual core Intel Core i3-4030U (-HT-MCP-) cache: 3072 KB
           clock speeds: max: 1900 MHz 1: 1011 MHz 2: 934 MHz 3: 931 MHz 4: 949 MHz
Graphics:  Card: Intel Haswell-ULT Integrated Graphics Controller
           Display Server: X.Org 1.19.5 drivers: (unloaded: fbdev,vesa)
           Resolution: 1366x768@60.00hz
           GLX Renderer: Mesa DRI Intel Haswell Mobile GLX Version: 3.0 Mesa 17.0.2
Audio:     Card-1 Intel 8 Series HD Audio Controller driver: snd_hda_intel
           Card-2 Intel Haswell-ULT HD Audio Controller driver: snd_hda_intel
           Sound: Advanced Linux Sound Architecture v: k4.14.18-041418-generic
Network:   Card-1: Realtek RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller
           driver: r8169
           IF: enp1s0f1 state: down mac: <filter>
           Card-2: Qualcomm Atheros QCA9565 / AR9565 Wireless Network Adapter
           driver: ath9k
           IF: wlp2s0 state: up mac: <filter>
Drives:    HDD Total Size: 500.1GB (5.6% used)
           ID-1: /dev/sda model: WDC_WD5000LPVX size: 500.1GB
Partition: ID-1: / size: 30G used: 6.4G (23%) fs: ext4 dev: /dev/sda8
           ID-2: swap-1 size: 4.22GB used: 0.00GB (0%) fs: swap dev: /dev/sda6
RAID:      No RAID devices: /proc/mdstat, md_mod kernel module present
Sensors:   System Temperatures: cpu: 47.0C mobo: N/A
           Fan Speeds (in rpm): cpu: N/A
Info:      Processes: 172 Uptime: 8 min Memory: 743.0/3868.7MB
           Client: Shell (bash) inxi: 2.2.35
[close]

 8)

Regards,

-- Slim
« Last Edit: February 08, 2018, 05:57:29 am by Slim.Fatz »
"Life first -- Peppermint a close 2nd!" -- Zeb

Tread lightly: Fluxbox, JWM, i3, Openbox, awesome

Offline Slim.Fatz

  • Trusted User
  • Veteran
  • *****
  • Posts: 1807
  • Karma: 472
  • Where's the mouse?
    • View Profile
  • Peppermint version(s): Peppermint 7, 8.5 & 10 - 64bit
Re: Post Meltdown, Spectre and other Intel issues
« Reply #86 on: February 08, 2018, 05:56:35 am »
Hi again,

Now a little update to the previous post: On the same machine I also have Peppermint 7 installed. It is sort of my experimental Peppermint  ;D

So, from the same site linked to in the previous post, I fetched kernel-4.15.2 and installed it, ran the sm-checker script and got basically the same result:

Spoiler (click here to view / hide)
Spectre and Meltdown mitigation detection tool v0.34+

Checking for vulnerabilities on current system
Kernel is Linux 4.15.2-041502-generic #201802072230 SMP Wed Feb 7 22:32:02 UTC 2018 x86_64
CPU is Intel(R) Core(TM) i3-4030U CPU @ 1.90GHz

Hardware check
* Hardware support (CPU microcode) for mitigation techniques
  * Indirect Branch Restricted Speculation (IBRS)
    * SPEC_CTRL MSR is available:  NO
    * CPU indicates IBRS capability:  NO
  * Indirect Branch Prediction Barrier (IBPB)
    * PRED_CMD MSR is available:  NO
    * CPU indicates IBPB capability:  NO
  * Single Thread Indirect Branch Predictors (STIBP)
    * SPEC_CTRL MSR is available:  NO
    * CPU indicates STIBP capability:  NO
  * Enhanced IBRS (IBRS_ALL)
    * CPU indicates ARCH_CAPABILITIES MSR availability:  NO
    * ARCH_CAPABILITIES MSR advertises IBRS_ALL capability:  NO
  * CPU explicitly indicates not being vulnerable to Meltdown (RDCL_NO):  NO
  * CPU microcode is known to cause stability problems:  NO  (model 69 stepping 1 ucode 0x20)
* CPU vulnerability to the three speculative execution attacks variants
  * Vulnerable to Variant 1:  YES
  * Vulnerable to Variant 2:  YES
  * Vulnerable to Variant 3:  YES

CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Mitigated according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
* Kernel has array_index_mask_nospec:  YES  (1 occurence(s) found of 64 bits array_index_mask_nospec())
> STATUS:  NOT VULNERABLE  (Mitigation: __user pointer sanitization)

CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigated according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
* Mitigation 1
  * Kernel is compiled with IBRS/IBPB support:  NO
  * Currently enabled features
    * IBRS enabled for Kernel space:  NO
    * IBRS enabled for User space:  NO
    * IBPB enabled:  NO
* Mitigation 2
  * Kernel compiled with retpoline option:  YES
  * Kernel compiled with a retpoline-aware compiler:  YES  (kernel reports full retpoline compilation)
  * Retpoline enabled:  NO
> STATUS:  NOT VULNERABLE  (Mitigation: Full generic retpoline)

CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Mitigated according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
* Kernel supports Page Table Isolation (PTI):  YES
* PTI enabled and active:  YES
* Running as a Xen PV DomU:  NO
> STATUS:  NOT VULNERABLE  (Mitigation: PTI)

A false sense of security is worse than no security at all, see --disclaimer
[close]

So I'm a happy dude at the moment !!  8)

Regards,

-- Slim
"Life first -- Peppermint a close 2nd!" -- Zeb

Tread lightly: Fluxbox, JWM, i3, Openbox, awesome

Offline pin

  • Trusted User
  • Veteran
  • *****
  • Posts: 1837
  • Karma: 258
    • View Profile
Re: Post Meltdown, Spectre and other Intel issues
« Reply #87 on: February 08, 2018, 06:03:16 am »
Great stuff slim

But, my PM7 is my stable machine. My experimental machine in my Void linux system

I'm currently recovering on more laptop, just need a new SSD... So, who knows? I was actually thinking about taking NetBSD for a spin

EDIT: If I install in legacy mode I'll be able to dual boot it with Peppermint. So, yeah... who knows?
« Last Edit: February 08, 2018, 06:08:54 am by pin »

Offline Slim.Fatz

  • Trusted User
  • Veteran
  • *****
  • Posts: 1807
  • Karma: 472
  • Where's the mouse?
    • View Profile
  • Peppermint version(s): Peppermint 7, 8.5 & 10 - 64bit
Re: Post Meltdown, Spectre and other Intel issues
« Reply #88 on: February 08, 2018, 07:42:54 am »
Hi pin,

I too have been tempted to try one of the BSD distros (again). I tried them maybe ten years ago but was not impressed and never looked back. But a lot can happen in ten years, so maybe I will check one out again someday.

Have fun!  :)

Regards,

-- Slim
"Life first -- Peppermint a close 2nd!" -- Zeb

Tread lightly: Fluxbox, JWM, i3, Openbox, awesome

Offline VinDSL

  • Global Moderator
  • Hero
  • *****
  • Posts: 5418
  • Karma: 951
  • Peppermint Mod
    • View Profile
  • Peppermint version(s): Developmental Builds
Re: Post Meltdown, Spectre and other Intel issues
« Reply #89 on: February 08, 2018, 02:55:54 pm »
Heh! I don't own a 'stable' machine. I love dangling over the edge of a precipice  :D

It's probably of my own doing - all the haxoring and unconventional hardware setup - but Linux 4.14.x occasionally hardlocks this machine when the power manager blanks my screens. I haven't run across this with any other ver, and it hasn't happened once on Linux 4.15.x

So, I'll be skipping over 4.14 ...