Choose style:

Author Topic: Linux 4.20-rc2 on 32-bit Peppermint 7 Box  (Read 449 times)

0 Members and 1 Guest are viewing this topic.

Offline VinDSL

  • Global Moderator
  • Hero
  • *****
  • Posts: 5314
  • Karma: 943
  • Peppermint Mod
    • View Profile
  • Peppermint version(s): Developmental Builds
Linux 4.20-rc2 on 32-bit Peppermint 7 Box
« on: November 18, 2018, 10:09:06 am »
First day I've had to myself, in a few weeks. YaY  ;D

I awoke, put on my bathrobe, and decided to install Linux 4.20-rc2 on my ancient 32-bit Peppermint 7  DFI LanPerty gamer box.


SPECS:
Intel P4 Extreme Edition 3.4 (Gallatin) || DFI LanParty PRO875B rev B1
Crucial Ballistix Tracer PC4000 2GB || Mountain Mods U2-UFO Opti-1203
XFX 7600GT 560M AGP (PV-T73A-UDF3) || Corsair HX520W Modular PSU

Will Peppermint OS Wonders never cease?


Code: [Select]
╭─vindsl@Boogaloo-6 ~  
╰─➤  sudo inxi -CDMSfm                                           
[sudo] password for vindsl:
System:    Host: Boogaloo-6 Kernel: 4.20.0-042000rc2-generic i686 (32 bit)
           Desktop: N/A Distro: Peppermint Seven
Machine:   Mobo: N/A model: Canterwood
           Bios: Phoenix v: 6.00 PG date: 04/09/2004
CPU:       Single core Intel Pentium 4 (-HT-) cache: 2048 KB
           clock speeds: max: 3407 MHz 1: 3407 MHz 2: 3407 MHz
           CPU Flags: acpi apic bts cid clflush cmov cpuid cx8 de dts fpu fxsr
           ht mca mce mmx msr mtrr pae pat pbe pebs pge pse pse36 pti sep ss
           sse sse2 tm tsc vme xtpr
Memory:    Array-1 capacity: 4 GB devices: 4 EC: None
           Device-1: A0 size: 512 MB speed: N/A type: SDRAM
           Device-2: A1 size: 512 MB speed: N/A type: SDRAM
           Device-3: A2 size: 512 MB speed: N/A type: SDRAM
           Device-4: A3 size: 512 MB speed: N/A type: SDRAM
Drives:    HDD Total Size: 1013.7GB (13.5% used)
           ID-1: /dev/sda model: Maxtor_91366U4 size: 13.5GB
           ID-2: /dev/sdb model: SAMSUNG_HD103SJ size: 1000.2GB
╭─vindsl@Boogaloo-6 ~ 
╰─➤

Code: [Select]
╭─vindsl@Boogaloo-6 ~  
╰─➤  sudo ./spectre-meltdown-checker.sh                           
Spectre and Meltdown mitigation detection tool v0.35

Checking for vulnerabilities on current system
Kernel is Linux 4.20.0-042000rc2-generic #201811121328 SMP Mon Nov 12 13:40:27 UTC 2018 i686
CPU is Intel(R) Pentium(R) 4 CPU 3.40GHz

Hardware check
* Hardware support (CPU microcode) for mitigation techniques
  * Indirect Branch Restricted Speculation (IBRS)
    * SPEC_CTRL MSR is available:  NO
    * CPU indicates IBRS capability:  NO
  * Indirect Branch Prediction Barrier (IBPB)
    * PRED_CMD MSR is available:  NO
    * CPU indicates IBPB capability:  NO
  * Single Thread Indirect Branch Predictors (STIBP)
    * SPEC_CTRL MSR is available:  NO
    * CPU indicates STIBP capability:  NO
  * Enhanced IBRS (IBRS_ALL)
    * CPU indicates ARCH_CAPABILITIES MSR availability:  NO
    * ARCH_CAPABILITIES MSR advertises IBRS_ALL capability:  NO
  * CPU explicitly indicates not being vulnerable to Meltdown (RDCL_NO):  NO
  * CPU microcode is known to cause stability problems:  NO
* CPU vulnerability to the three speculative execution attacks variants
  * Vulnerable to Variant 1:  YES
  * Vulnerable to Variant 2:  YES
  * Vulnerable to Variant 3:  YES

CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Mitigated according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
* Kernel has array_index_mask_nospec:  YES  (1 occurence(s) found of 32 bits array_index_mask_nospec())
* Kernel has the Red Hat/Ubuntu patch:  NO
> STATUS:  NOT VULNERABLE  (Mitigation: __user pointer sanitization)

CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigated according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
* Mitigation 1
  * Kernel is compiled with IBRS/IBPB support:  YES
  * Currently enabled features
    * IBRS enabled for Kernel space:  UNKNOWN
    * IBRS enabled for User space:  UNKNOWN
    * IBPB enabled:  UNKNOWN
* Mitigation 2
  * Kernel compiled with retpoline option:  YES
  * Kernel compiled with a retpoline-aware compiler:  YES  (kernel reports full retpoline compilation)
> STATUS:  NOT VULNERABLE  (Mitigation: Full generic retpoline, RSB filling)

CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Mitigated according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
* Kernel supports Page Table Isolation (PTI):  YES
* PTI enabled and active:  YES
* Running as a Xen PV DomU:  NO
> STATUS:  NOT VULNERABLE  (Mitigation: PTI)

A false sense of security is worse than no security at all, see --disclaimer
╭─vindsl@Boogaloo-6 ~ 
╰─➤

Offline VinDSL

  • Global Moderator
  • Hero
  • *****
  • Posts: 5314
  • Karma: 943
  • Peppermint Mod
    • View Profile
  • Peppermint version(s): Developmental Builds
Re: Linux 4.20-rc2 on 32-bit Peppermint 7 Box
« Reply #1 on: November 18, 2018, 10:28:00 am »
Looks like I haven't updated the Spectre and Meltdown mitigation detection tool in awhile.

Here are the results from the latest ver:

Code: [Select]
╭─vindsl@Boogaloo-6 ~  
╰─➤  sudo ./spectre-meltdown-checker.sh                                     2 ↵
Spectre and Meltdown mitigation detection tool v0.40

Checking for vulnerabilities on current system
Kernel is Linux 4.20.0-042000rc2-generic #201811121328 SMP Mon Nov 12 13:40:27 UTC 2018 i686
CPU is Intel(R) Pentium(R) 4 CPU 3.40GHz

Hardware check
* Hardware support (CPU microcode) for mitigation techniques
  * Indirect Branch Restricted Speculation (IBRS)
    * SPEC_CTRL MSR is available:  NO
    * CPU indicates IBRS capability:  NO
  * Indirect Branch Prediction Barrier (IBPB)
    * PRED_CMD MSR is available:  NO
    * CPU indicates IBPB capability:  NO
  * Single Thread Indirect Branch Predictors (STIBP)
    * SPEC_CTRL MSR is available:  NO
    * CPU indicates STIBP capability:  NO
  * Speculative Store Bypass Disable (SSBD)
    * CPU indicates SSBD capability:  NO
  * L1 data cache invalidation
    * FLUSH_CMD MSR is available:  NO
    * CPU indicates L1D flush capability:  NO
  * Enhanced IBRS (IBRS_ALL)
    * CPU indicates ARCH_CAPABILITIES MSR availability:  NO
    * ARCH_CAPABILITIES MSR advertises IBRS_ALL capability:  NO
  * CPU explicitly indicates not being vulnerable to Meltdown (RDCL_NO):  NO
  * CPU explicitly indicates not being vulnerable to Variant 4 (SSB_NO):  NO
  * CPU/Hypervisor indicates L1D flushing is not necessary on this system:  NO
  * Hypervisor indicates host CPU might be vulnerable to RSB underflow (RSBA):  NO
  * CPU supports Software Guard Extensions (SGX):  NO
  * CPU microcode is known to cause stability problems:  NO  (model 0x2 family 0xf stepping 0x5 ucode 0x2b cpuid 0xf25)
  * CPU microcode is the latest known available version:  NO  (latest version is 0x2c dated 2004/08/26 according to builtin MCExtractor DB v84 - 2018/09/27)
* CPU vulnerability to the speculative execution attack variants
  * Vulnerable to CVE-2017-5753 (Spectre Variant 1, bounds check bypass):  YES
  * Vulnerable to CVE-2017-5715 (Spectre Variant 2, branch target injection):  YES
  * Vulnerable to CVE-2017-5754 (Variant 3, Meltdown, rogue data cache load):  YES
  * Vulnerable to CVE-2018-3640 (Variant 3a, rogue system register read):  YES
  * Vulnerable to CVE-2018-3639 (Variant 4, speculative store bypass):  YES
  * Vulnerable to CVE-2018-3615 (Foreshadow (SGX), L1 terminal fault):  NO
  * Vulnerable to CVE-2018-3620 (Foreshadow-NG (OS), L1 terminal fault):  YES
  * Vulnerable to CVE-2018-3646 (Foreshadow-NG (VMM), L1 terminal fault):  YES

CVE-2017-5753 aka 'Spectre Variant 1, bounds check bypass'
* Mitigated according to the /sys interface:  YES  (Mitigation: __user pointer sanitization)
* Kernel has array_index_mask_nospec:  YES  (1 occurrence(s) found of x86 32 bits array_index_mask_nospec())
* Kernel has the Red Hat/Ubuntu patch:  NO
* Kernel has mask_nospec64 (arm64):  NO
> STATUS:  NOT VULNERABLE  (Mitigation: __user pointer sanitization)

CVE-2017-5715 aka 'Spectre Variant 2, branch target injection'
* Mitigated according to the /sys interface:  YES  (Mitigation: Full generic retpoline, RSB filling)
* Mitigation 1
  * Kernel is compiled with IBRS support:  YES
    * IBRS enabled and active:  NO
  * Kernel is compiled with IBPB support:  YES
    * IBPB enabled and active:  NO
* Mitigation 2
  * Kernel has branch predictor hardening (arm):  NO
  * Kernel compiled with retpoline option:  YES
    * Kernel compiled with a retpoline-aware compiler:  YES  (kernel reports full retpoline compilation)
> STATUS:  NOT VULNERABLE  (Full retpoline is mitigating the vulnerability)
IBPB is considered as a good addition to retpoline for Variant 2 mitigation, but your CPU microcode doesn't support it

CVE-2017-5754 aka 'Variant 3, Meltdown, rogue data cache load'
* Mitigated according to the /sys interface:  YES  (Mitigation: PTI)
* Kernel supports Page Table Isolation (PTI):  YES
  * PTI enabled and active:  YES
  * Reduced performance impact of PTI:  NO  (PCID/INVPCID not supported, performance impact of PTI will be significant)
* Running as a Xen PV DomU:  NO
> STATUS:  NOT VULNERABLE  (Mitigation: PTI)

CVE-2018-3640 aka 'Variant 3a, rogue system register read'
* CPU microcode mitigates the vulnerability:  NO
> STATUS:  VULNERABLE  (an up-to-date CPU microcode is needed to mitigate this vulnerability)

CVE-2018-3639 aka 'Variant 4, speculative store bypass'
* Mitigated according to the /sys interface:  NO  (Vulnerable)
* Kernel supports speculation store bypass:  YES  (found in /proc/self/status)
> STATUS:  VULNERABLE  (Your CPU doesn't support SSBD)

CVE-2018-3615 aka 'Foreshadow (SGX), L1 terminal fault'
* CPU microcode mitigates the vulnerability:  N/A
> STATUS:  NOT VULNERABLE  (your CPU vendor reported your CPU model as not vulnerable)

CVE-2018-3620 aka 'Foreshadow-NG (OS), L1 terminal fault'
* Mitigated according to the /sys interface:  YES  (Mitigation: PTE Inversion)
* Kernel supports PTE inversion:  YES  (found in kernel image)
* PTE inversion enabled and active:  YES
> STATUS:  NOT VULNERABLE  (Mitigation: PTE Inversion)

CVE-2018-3646 aka 'Foreshadow-NG (VMM), L1 terminal fault'
* Information from the /sys interface:
* This system is a host running an hypervisor:  NO
* Mitigation 1 (KVM)
  * EPT is disabled:  N/A  (the kvm_intel module is not loaded)
* Mitigation 2
  * L1D flush is supported by kernel:  YES  (found flush_l1d in kernel image)
  * L1D flush enabled:  UNKNOWN  (unrecognized mode)
  * Hardware-backed L1D flush supported:  NO  (flush will be done in software, this is slower)
  * Hyper-Threading (SMT) is enabled:  YES
> STATUS:  NOT VULNERABLE  (this system is not running an hypervisor)

> SUMMARY: CVE-2017-5753:OK CVE-2017-5715:OK CVE-2017-5754:OK CVE-2018-3640:KO CVE-2018-3639:KO CVE-2018-3615:OK CVE-2018-3620:OK CVE-2018-3646:OK

Need more detailed information about mitigation options? Use --explain
A false sense of security is worse than no security at all, see --disclaimer
╭─vindsl@Boogaloo-6 ~ 
╰─➤                     

Offline VinDSL

  • Global Moderator
  • Hero
  • *****
  • Posts: 5314
  • Karma: 943
  • Peppermint Mod
    • View Profile
  • Peppermint version(s): Developmental Builds
Re: Linux 4.20-rc2 on 32-bit Peppermint 9 Box
« Reply #2 on: November 18, 2018, 11:45:50 am »
Just repeated the obligatory updates, plus the 32-bit 4.20-rc2 install, on my ancient 'Ultimate Doorstop' Peppermint 9 test machine.

This 32-bit Dell Dimension 3000 doorstop actually got less warnings, than my custom 32-bit DFI LanParty gamer machine.

32-bit Peppermint 9 is only using 217mb RAM, sitting idle at the desktop  :o

Code: [Select]
╭─vindsl@Fenris-2 ~  
╰─$ sudo inxi -CDMSfm               
[sudo] password for vindsl:
System:    Host: Fenris-2 Kernel: 4.20.0-042000rc2-generic i686 bits: 32
           Console: tty 0 Distro: Peppermint Nine
Machine:   Device: desktop System: Dell product: Dimension 3000 serial: CKYBY51
           Mobo: Dell model: 0N6381 serial: ..CN4811148L04H2.
           BIOS: Dell v: A03 date: 01/05/2006
CPU:       Single core Intel Pentium 4 (-MT-) cache: 1024 KB
           clock speeds: max: 2992 MHz 1: 2992 MHz 2: 2992 MHz
           CPU Flags: acpi apic bts cid clflush cmov constant_tsc cpuid cx8 de
           ds_cpl dtes64 dts fpu fxsr ht mca mce mmx monitor msr mtrr pae pat pbe
           pebs pge pni pse pse36 pti sep ss sse sse2 tm tsc vme xtpr
Memory:    Used/Total: 228.3/1941.0MB
           Array-1 capacity: 4 GB devices: 2 EC: None
           Device-1: DIMM_1 size: 1 GB speed: 400 MT/s type: SDRAM
           Device-2: DIMM_2 size: 1 GB speed: 400 MT/s type: SDRAM
Drives:    HDD Total Size: 60.0GB (11.3% used)
           ID-1: /dev/sda model: Patriot_Flare size: 60.0GB
╭─vindsl@Fenris-2 ~ 
╰─$

Amazing!

Anyway, come on in... the water's fine.  ;D

Offline pin

  • Trusted User
  • Veteran
  • *****
  • Posts: 1829
  • Karma: 256
    • View Profile
Re: Linux 4.20-rc2 on 32-bit Peppermint 7 Box
« Reply #3 on: November 18, 2018, 12:03:32 pm »
 :-*
Been using it for one week and, yes the "water is fine"  :D


Offline VinDSL

  • Global Moderator
  • Hero
  • *****
  • Posts: 5314
  • Karma: 943
  • Peppermint Mod
    • View Profile
  • Peppermint version(s): Developmental Builds
Re: Linux 4.20-rc2 on 32-bit Peppermint 7 Box
« Reply #4 on: November 18, 2018, 12:17:45 pm »
Yeah, I was reading your posts, when I was on the trot. But, I had to lace 4 one-way connecting flights together with <= half-hour layovers.

It wasn't the time to get distracted with installing Linux rc's, you know?

Been there, done, it - got the scars to prove it... LoL  ;D