Enhanced CPU bugs output in inxi!

Message
Author
User avatar
fehlix
Developer
Posts: 10307
Joined: Wed Apr 11, 2018 5:09 pm

Re: Enhanced CPU bugs output in inxi!

#11 Post by fehlix »

Thanks, for this.

Code: Select all

$  pinxi --version
pinxi 3.0.22-16 (2018-09-06)
...
$ pinxi -SM -Cxxx --admin -c0
System:    Host: mx171 Kernel: 4.17.0-17.3-liquorix-amd64 x86_64 bits: 64 compiler: gcc v: 6.3.0 
           Desktop: Xfce 4.12.3 tk: Gtk 2.24.31 info: xfce4-panel wm: xfwm4 dm: LightDM 1.18.3 
           Distro: MX-17.1_x64 Horizon March 14  2018 base: Debian GNU/Linux 9 (stretch) 
Machine:   Type: Desktop System: Gigabyte product: N/A v: N/A serial: <root required> Chassis: type: 3 
           serial: <root required> 
           Mobo: Gigabyte model: Z77M-D3H v: x.x serial: <root required> BIOS: American Megatrends v: F15a 
           date: 12/31/2013 
CPU:       Topology: Quad Core model: Intel Xeon E3-1240 V2 bits: 64 type: MT MCP arch: Ivy Bridge family: 6 
           model-id: 3A (58) stepping: 9 microcode: 1F L2 cache: 8192 KiB 
           flags: lm nx pae sse sse2 sse3 sse4_1 sse4_2 ssse3 vmx bogomips: 54458 
           Speed: 1720 MHz min/max: 1600/3801 MHz boost: enabled Core speeds (MHz): 1: 2045 2: 1632 3: 2028 
           4: 1963 5: 1657 6: 1900 7: 1659 8: 1641 
           Vulnerabilities: Type: l1tf status: Vulnerable 
           Type: meltdown mitigation: PTI 
           Type: spec_store_bypass status: Vulnerable 
           Type: spectre_v1 mitigation: __user pointer sanitization 
           Type: spectre_v2 mitigation: Full generic retpoline, IBPB, IBRS_FW 
Gigabyte Z77M-D3H, Intel Xeon E3-1240 V2 (Quad core), 32GB RAM,
GeForce GTX 770, Samsung SSD 850 EVO 500GB, Seagate Barracuda 4TB

User avatar
oops
Posts: 1602
Joined: Tue Apr 10, 2018 5:07 pm

Re: Enhanced CPU bugs output in inxi!

#12 Post by oops »

Great.

Code: Select all

./pinxi -SM -Cxxx --admin -c0
System:    Host: TOF-XEON Kernel: 4.17.0-localmodconfig-01.efi x86_64 bits: 64 compiler: gcc v: 6.3.0 
           Desktop: Xfce 4.12.3 tk: Gtk 2.24.31 info: xfce4-panel wm: xfwm4 dm: LightDM 1.18.3 
           Distro: MX-17.1_x64 Horizon March 14  2018 base: Debian GNU/Linux 9 (stretch) 
Machine:   Type: Desktop Mobo: MSI model: B75MA-E33 (MS-7808) v: 1.0 serial: <root required> 
           UEFI: American Megatrends v: 1.7 date: 09/30/2013 
CPU:       Topology: Quad Core model: Intel Core i5-2320 bits: 64 type: MCP arch: Sandy Bridge family: 6 
           model-id: 2A (42) stepping: 7 microcode: 2D L2 cache: 6144 KiB 
           flags: lm nx pae sse sse2 sse3 sse4_1 sse4_2 ssse3 vmx bogomips: 23946 
           Speed: 1597 MHz min/max: 1600/3300 MHz Core speeds (MHz): 1: 1596 2: 1596 3: 1596 4: 1596 
           Vulnerabilities: Type: meltdown mitigation: PTI 
           Type: spec_store_bypass status: Vulnerable 
           Type: spectre_v1 mitigation: __user pointer sanitization 
           Type: spectre_v2 mitigation: Full generic retpoline, IBPB, IBRS_FW 
----

Code: Select all

./pinxi --full -v 8
I think Vulnerabilities should also be shown here, with the --full -v 8 option .
---
@h2_1 ... until now, you are the CPU winner :number1: :happy:
bogomips: 124818
Pour les nouveaux utilisateurs: Alt+F1 pour le manuel, ou FAQS, MX MANUEL, et Conseils Debian - Info. système “quick-system-info-mx” (QSI) ... Ici: System: MX-19_x64 & antiX19_x32

User avatar
h2-1
Posts: 208
Joined: Sat Nov 15, 2008 3:16 pm

Re: Enhanced CPU bugs output in inxi!

#13 Post by h2-1 »

oops, good timing, just checked this thread, I was debating adding --admin to -v8, was just about to commit to master, will do now, thanks.
smxi/sgfxi site (manuals, how-to's, faqs) :: script forums :: Check out inxi sys info script!

User avatar
oops
Posts: 1602
Joined: Tue Apr 10, 2018 5:07 pm

Re: Enhanced CPU bugs output in inxi!

#14 Post by oops »

thanks mostly for you.
Pour les nouveaux utilisateurs: Alt+F1 pour le manuel, ou FAQS, MX MANUEL, et Conseils Debian - Info. système “quick-system-info-mx” (QSI) ... Ici: System: MX-19_x64 & antiX19_x32

User avatar
h2-1
Posts: 208
Joined: Sat Nov 15, 2008 3:16 pm

Re: Enhanced CPU bugs output in inxi!

#15 Post by h2-1 »

This is now in master as 3.0.23. I usually wait a few hours to tag the commit in case I missed some edits or fixes. Thanks for checking.
smxi/sgfxi site (manuals, how-to's, faqs) :: script forums :: Check out inxi sys info script!

User avatar
oops
Posts: 1602
Joined: Tue Apr 10, 2018 5:07 pm

Re: Enhanced CPU bugs output in inxi!

#16 Post by oops »

It's OK for me for the both command lines above.
Pour les nouveaux utilisateurs: Alt+F1 pour le manuel, ou FAQS, MX MANUEL, et Conseils Debian - Info. système “quick-system-info-mx” (QSI) ... Ici: System: MX-19_x64 & antiX19_x32

User avatar
h2-1
Posts: 208
Joined: Sat Nov 15, 2008 3:16 pm

Re: Enhanced CPU bugs output in inxi!

#17 Post by h2-1 »

A last minute change, I've added -a as a trigger for --admin, given that --admin will expand over time, it's easier to tell someone to type:

inxi -Fxxxaz
than
inxi -Fxxxz --admin

The output wasn't much to look at in the initial --admin so I didn't think it warranted using up one of the increasingly rare single lower case letter options, but I think -x and -a are good for future expansions of --admin.

Since I was forced to tag master branch, I've adopted the habit of pushing to master, then waiting a few hours, doing any last minute ideas, then when all done, tagging the master version. this seems to work ok.

thanks for feedback.
smxi/sgfxi site (manuals, how-to's, faqs) :: script forums :: Check out inxi sys info script!

User avatar
Stevo
Developer
Posts: 12774
Joined: Fri Dec 15, 2006 8:07 pm

Re: Enhanced CPU bugs output in inxi!

#18 Post by Stevo »

L1TF still vulnerable on the 4.18.6 kernel, though:

Code: Select all

CPU:       Topology: 6-Core model: Intel Core i7-8750H bits: 64 type: MT MCP arch: Skylake family: 6 
           model-id: 9E (158) stepping: A (10) microcode: 96 L2 cache: 9216 KiB 
           flags: lm nx pae sse sse2 sse3 sse4_1 sse4_2 ssse3 vmx bogomips: 52992 
           Speed: 800 MHz min/max: 800/4100 MHz Core speeds (MHz): 1: 800 2: 800 3: 800 4: 800 5: 800 6: 800 
           7: 800 8: 801 9: 800 10: 800 11: 800 12: 800 
           Vulnerabilities: Type: l1tf 
           mitigation: PTE Inversion; VMX: conditional cache flushes, SMT vulnerable 
           Type: meltdown mitigation: PTI 
           Type: spec_store_bypass mitigation: Speculative Store Bypass disabled via prctl and seccomp 
           Type: spectre_v1 mitigation: __user pointer sanitization 
           Type: spectre_v2 mitigation: Full generic retpoline, IBPB, IBRS_FW
For the Fedora Troll on Distrowatch...

Code: Select all

$ sudo spectre-meltdown-checker 
Spectre and Meltdown mitigation detection tool v0.39

Checking for vulnerabilities on current system
Kernel is Linux 4.18.0-1-amd64 #1 SMP Debian 4.18.6-1~mx17+1 (2018-09-07) x86_64
CPU is Intel(R) Core(TM) i7-8750H CPU @ 2.20GHz

Hardware check
* Hardware support (CPU microcode) for mitigation techniques
  * Indirect Branch Restricted Speculation (IBRS)
    * SPEC_CTRL MSR is available:  YES 
    * CPU indicates IBRS capability:  YES  (SPEC_CTRL feature bit)
  * Indirect Branch Prediction Barrier (IBPB)
    * PRED_CMD MSR is available:  YES 
    * CPU indicates IBPB capability:  YES  (SPEC_CTRL feature bit)
  * Single Thread Indirect Branch Predictors (STIBP)
    * SPEC_CTRL MSR is available:  YES 
    * CPU indicates STIBP capability:  YES  (Intel STIBP feature bit)
  * Speculative Store Bypass Disable (SSBD)
    * CPU indicates SSBD capability:  YES  (Intel SSBD)
  * Enhanced IBRS (IBRS_ALL)
    * CPU indicates ARCH_CAPABILITIES MSR availability:  NO 
    * ARCH_CAPABILITIES MSR advertises IBRS_ALL capability:  NO 
  * CPU explicitly indicates not being vulnerable to Meltdown (RDCL_NO):  NO 
  * CPU explicitly indicates not being vulnerable to Variant 4 (SSB_NO):  NO 
  * Hypervisor indicates host CPU might be vulnerable to RSB underflow (RSBA):  NO 
  * CPU microcode is known to cause stability problems:  NO  (model 0x9e family 0x6 stepping 0xa ucode 0x96 cpuid 0x906ea)
* CPU vulnerability to the speculative execution attack variants
  * Vulnerable to Variant 1:  YES 
  * Vulnerable to Variant 2:  YES 
  * Vulnerable to Variant 3:  YES 
  * Vulnerable to Variant 3a:  YES 
  * Vulnerable to Variant 4:  YES 

CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Mitigated according to the /sys interface:  YES  (Mitigation: __user pointer sanitization)
* Kernel has array_index_mask_nospec:  YES  (1 occurrence(s) found of x86 64 bits array_index_mask_nospec())
* Kernel has the Red Hat/Ubuntu patch:  NO 
* Kernel has mask_nospec64 (arm64):  NO 
> STATUS:  NOT VULNERABLE  (Mitigation: __user pointer sanitization)

CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigated according to the /sys interface:  YES  (Mitigation: Full generic retpoline, IBPB, IBRS_FW)
* Mitigation 1
  * Kernel is compiled with IBRS support:  YES 
    * IBRS enabled and active:  YES  (for kernel and firmware code)
  * Kernel is compiled with IBPB support:  YES 
    * IBPB enabled and active:  YES 
* Mitigation 2
  * Kernel has branch predictor hardening (arm):  NO 
  * Kernel compiled with retpoline option:  YES 
    * Kernel compiled with a retpoline-aware compiler:  YES  (kernel reports full retpoline compilation)
  * Kernel supports RSB filling:  YES 
> STATUS:  NOT VULNERABLE  (Full retpoline + IBPB are mitigating the vulnerability)

CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Mitigated according to the /sys interface:  YES  (Mitigation: PTI)
* Kernel supports Page Table Isolation (PTI):  YES 
  * PTI enabled and active:  YES 
  * Reduced performance impact of PTI:  YES  (CPU supports INVPCID, performance impact of PTI will be greatly reduced)
* Running as a Xen PV DomU:  NO 
> STATUS:  NOT VULNERABLE  (Mitigation: PTI)

CVE-2018-3640 [rogue system register read] aka 'Variant 3a'
* CPU microcode mitigates the vulnerability:  YES 
> STATUS:  NOT VULNERABLE  (your CPU microcode mitigates the vulnerability)

CVE-2018-3639 [speculative store bypass] aka 'Variant 4'
* Mitigated according to the /sys interface:  YES  (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)
* Kernel supports speculation store bypass:  YES  (found in /proc/self/status)
> STATUS:  NOT VULNERABLE  (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)

User avatar
h2-1
Posts: 208
Joined: Sat Nov 15, 2008 3:16 pm

Re: Enhanced CPU bugs output in inxi!

#19 Post by h2-1 »

SMT vulnerable I believe means you have to go into bios if you are concerned about it and disable multithreading, aka, hyperthreading.

However, be aware that some vulnerabilities are only relevant in very specific circumstances, like guest/host virtual machines. this is why -a/--admin is not a regular option, the data has to be understood to be useful, and further researched.

Intels are not going to be great, some require bios updates, if you can still get one for the system, it varies from what I understand. I guess some firmware for cpu can be loaded by os, but i don't know all the details.
smxi/sgfxi site (manuals, how-to's, faqs) :: script forums :: Check out inxi sys info script!

User avatar
ChrisUK
Qualified MX Guide
Posts: 299
Joined: Tue Dec 12, 2017 1:04 pm

Re: Enhanced CPU bugs output in inxi!

#20 Post by ChrisUK »

I already posted the result with the 4.9 series Kernel...

Here's the output with the 4.15 Kernel (Debian 4.15.4-1~mx17+1 (2018-02-23)) loaded:

Code: Select all

./pinxi -Cxxx --admin
CPU:       Topology: Dual Core model: Intel Core i3 M 380 bits: 64 type: MT MCP arch: Nehalem 
           family: 6 model-id: 25 (37) stepping: 5 microcode: 4 L2 cache: 3072 KiB 
           flags: lm nx pae sse sse2 sse3 sse4_1 sse4_2 ssse3 vmx bogomips: 20218 
           Speed: 1463 MHz min/max: 933/2533 MHz Core speeds (MHz): 1: 1463 2: 1463 3: 1463 
           4: 1382 
           Vulnerabilities: Type: meltdown mitigation: PTI 
           Type: spectre_v1 mitigation: __user pointer sanitization 
           Type: spectre_v2 mitigation: Full generic retpoline 
Chris

MX 18 MX 19 - Manjaro

Post Reply

Return to “antiX”