Enhanced CPU bugs output in inxi!

Message
Author
User avatar
h2-1
Posts: 208
Joined: Sat Nov 15, 2008 3:16 pm

Enhanced CPU bugs output in inxi!

#1 Post by h2-1 »

By request, enhanced -C --admin to show full status/mitigation report. Requires kernel 4.14 or newer I believe. This is in latest pinxi, not yet in inxi, will be in 3.0.23 as soon as I verify it's working as expected, it should since the logic is pretty basic.

For readability I put each Vulnerability type on its own line.

Just update pinxi with -U, or install pinxi to test:

Code: Select all

cd /usr/local/bin; wget -Nc smxi.org/pinxi; chmod +x pinxi
Sample output, this is from an AMD cpu, which of course, does not suffer from several of the worst Intel problems.

Code: Select all

pinxi -Cxxx --admin 
CPU:       Topology: 6-Core model: AMD Ryzen 5 2600 bits: 64 type: MT MCP arch: Zen family: 17 (23) model-id: 8 
           stepping: 2 microcode: 8008204 L2 cache: 3072 KiB 
           flags: lm nx pae sse sse2 sse3 sse4_1 sse4_2 sse4a ssse3 svm bogomips: 81588 
           Speed: 1419 MHz min/max: 1550/3400 MHz boost: enabled Core speeds (MHz): 1: 1434 2: 1440 3: 1523 
           4: 1526 5: 1821 6: 2019 7: 1446 8: 1442 9: 1434 10: 1425 11: 1530 12: 1523 
           Vulnerabilities: Type: l1tf status: Not affected 
           Type: meltdown status: Not affected 
           Type: spec_store_bypass mitigation: Speculative Store Bypass disabled via prctl and seccomp 
           Type: spectre_v1 mitigation: __user pointer sanitization 
           Type: spectre_v2 mitigation: Full AMD retpoline, IBPB
From a not fully protected Intel system:

Code: Select all

pinxi -Cxxx --admin
CPU:       Topology: 2x 6-Core model: Intel Xeon E5-2630 v2 bits: 64 type: MT MCP SMP arch: Ivy Bridge 
           family: 6 model-id: 3E (62) stepping: 4 microcode: 42D L2 cache: 30.0 MiB 
           flags: lm nx pae sse sse2 sse3 sse4_1 sse4_2 ssse3 vmx bogomips: 124818 
           Speed: 1344 MHz min/max: 1200/3100 MHz Core speeds (MHz): 1: 1344 2: 1299 3: 1500 4: 2407 5: 1267 
           6: 1268 7: 2493 8: 1340 9: 2554 10: 2047 11: 1634 12: 1275 13: 1261 14: 1583 15: 2206 16: 1571 
           17: 1246 18: 2599 19: 1447 20: 1493 21: 1400 22: 1750 23: 1810 24: 1500 
           Vulnerabilities: Type: l1tf 
           mitigation: PTE Inversion; VMX: conditional cache flushes, SMT vulnerable 
           Type: meltdown mitigation: PTI 
           Type: spec_store_bypass mitigation: Speculative Store Bypass disabled via prctl and seccomp 
           Type: spectre_v1 mitigation: __user pointer sanitization 
           Type: spectre_v2 mitigation: Full generic retpoline, IBPB (Intel v4)
Last edited by h2-1 on Thu Sep 06, 2018 9:45 pm, edited 1 time in total.
smxi/sgfxi site (manuals, how-to's, faqs) :: script forums :: Check out inxi sys info script!

User avatar
Stevo
Developer
Posts: 12776
Joined: Fri Dec 15, 2006 8:07 pm

Re: Enhanced CPU bugs output in pinxi!

#2 Post by Stevo »

Works as advertised of my machine...I guess even the 4.18.5 kernel is still vulnerable to L1TF.

User avatar
Adrian
Developer
Posts: 8250
Joined: Wed Jul 12, 2006 1:42 am

Re: Enhanced CPU bugs output in inxi!

#3 Post by Adrian »

Pretty cool, here's my output from a VBox instance:

Code: Select all

$ pinxi -Cxxx --admin
CPU:       Topology: Single Core model: Intel Core i7-6500U bits: 64 type: MCP arch: Skylake family: 6 
           model-id: 4E (78) stepping: 3 microcode: N/A L2 cache: 4096 KiB 
           flags: lm nx pae sse sse2 sse3 sse4_1 sse4_2 ssse3 bogomips: 5184 
           Speed: 2592 MHz min/max: N/A Core speed (MHz): 1: 2592 
           Vulnerabilities: Type: meltdown mitigation: PTI 
           Type: spectre_v1 mitigation: __user pointer sanitization 
           Type: spectre_v2 mitigation: Full generic retpoline 

User avatar
Richard
Posts: 1577
Joined: Fri Dec 12, 2008 10:31 am

Re: Enhanced CPU bugs output in inxi!

#4 Post by Richard »

More or less stock MX-17.1-x64

Code: Select all

$ pin
pinentry         pinentry-gnome3  pinentry-x11     ping4            pinky            
pinentry-curses  pinentry-gtk-2   ping             ping6            pinxi            
richard@mx171:~
$ pinxi -C --admin
CPU:       Topology: Dual Core model: Intel Core i5-3320M bits: 64 type: MT MCP family: 6 model-id: 3A (58) 
           stepping: 9 microcode: 1F L2 cache: 3072 KiB 
           Speed: 1324 MHz min/max: 1200/3300 MHz Core speeds (MHz): 1: 1213 2: 1247 3: 1197 4: 1290 
           Vulnerabilities: Type: meltdown mitigation: PTI 
           Type: spectre_v1 mitigation: __user pointer sanitization 
           Type: spectre_v2 mitigation: Full generic retpoline, IBPB, IBRS_FW 
richard@mx171:~
Thinkpad T430 & Dell Latitude E7450, both with MX-21.3.1
kernal 5.10.0-26-amd64 x86_64; Xfce-4.18.0; 8 GB RAM
Intel Core i5-3380M, Graphics, Audio, Video; & SSDs.

User avatar
h2-1
Posts: 208
Joined: Sat Nov 15, 2008 3:16 pm

Re: Enhanced CPU bugs output in inxi!

#5 Post by h2-1 »

All looking good, thanks. This feature doesn't have much challenging parsing or logic to it, as long as the text values per type are consistent. So far looks like they are.
smxi/sgfxi site (manuals, how-to's, faqs) :: script forums :: Check out inxi sys info script!

User avatar
timkb4cq
Developer
Posts: 3186
Joined: Wed Jul 12, 2006 4:05 pm

Re: Enhanced CPU bugs output in inxi!

#6 Post by timkb4cq »

Is there a reason it doesn't list l1tf status on older AMD processors but does on the Ryzen example you posted?

Code: Select all

tim@e-machine:~
$ pinxi -Cxxx --admin
CPU:       Topology: 6-Core model: AMD FX-6300 bits: 64 type: MCP arch: Bulldozer 
           family: 15 (21) model-id: 2 stepping: N/A microcode: 600084F L2 cache: 2048 KiB 
           flags: lm nx pae sse sse2 sse3 sse4_1 sse4_2 sse4a ssse3 svm bogomips: 42276 
           Speed: 1447 MHz min/max: 1400/3500 MHz boost: enabled Core speeds (MHz): 1: 1439 
           2: 1963 3: 1406 4: 1401 5: 2341 6: 1467 
           Vulnerabilities: Type: meltdown status: Not affected 
           Type: spectre_v1 mitigation: __user pointer sanitization 
           Type: spectre_v2 mitigation: Full AMD retpoline
tim@e-machine:~
$ pinxi -V
pinxi 3.0.22-15 (2018-09-06)
HP Pavillion TP01, AMD Ryzen 3 5300G (quad core), Crucial 500GB SSD, Toshiba 6TB 7200rpm
Dell Inspiron 15, AMD Ryzen 7 2700u (quad core). Sabrent 500GB nvme, Seagate 1TB

User avatar
h2-1
Posts: 208
Joined: Sat Nov 15, 2008 3:16 pm

Re: Enhanced CPU bugs output in inxi!

#7 Post by h2-1 »

I think I'd have to answer that one with a solid "I don't know", heh. Here's an older AMD cpu, newer kernel. The values come from the kernel, by the way, not the cpu, that is, an older unpatched kernel would not have this data. I believe the kernel 'knows' roughly what is going on with each cpu variant, sort of. So you'd want to check newer kernel if you are using an older (unpatched) one, but if a newer one still shows nothing, then there is nothing to show. However, amd cpus aren't vulnerable there anyway, so basically you're just missing: status: Not affected output for that item.

Code: Select all

System:    Kernel: 4.17.0-17.1-liquorix-amd64 x86_64 bits: 64 compiler: gcc v: 7.3.0 
           Desktop: Xfce 4.12.4 tk: Gtk 2.24.31 info: xfce4-panel wm: xfwm4 dm: LightDM 1.18.3 
           Distro: Debian GNU/Linux buster/sid 
Machine:   Type: Desktop Mobo: Gigabyte model: GA-MA770-UD3 serial: <root required> BIOS: Award v: F8 date: 08/12/2009 
CPU:       Topology: Dual Core model: AMD Athlon 64 X2 5200+ bits: 64 type: MCP arch: K8 rev.F+ family: F (15) 
           model-id: 6B (107) stepping: 2 microcode: N/A L2 cache: 1024 KiB bogomips: 4018 
           Speed: 1000 MHz min/max: 1000/2700 MHz Core speeds (MHz): 1: 1000 2: 2700 
           Flags: 3dnow 3dnowext 3dnowprefetch apic clflush cmov cmp_legacy cpuid cr8_legacy cx16 cx8 de extapic 
           extd_apicid fpu fxsr fxsr_opt ht lahf_lm lbrv lm mca mce mmx mmxext msr mtrr nopl nx pae pat pge pni pse 
           pse36 rdtscp rep_good sep sse sse2 svm syscall tsc vme vmmcall 
           Vulnerabilities: Type: l1tf status: Not affected 
           Type: meltdown status: Not affected 
           Type: spec_store_bypass status: Not affected 
           Type: spectre_v1 mitigation: __user pointer sanitization 
           Type: spectre_v2 mitigation: Full generic retpoline
Here's an AMD SOC variant:

Code: Select all

pinxi -SxxxC --no-host --admin
System:    Kernel: 4.9.0-8-amd64 x86_64 bits: 64 compiler: gcc v: 6.3.0 Console: tty 0 dm: N/A 
           Distro: Debian GNU/Linux 9 (stretch) 
CPU:       Topology: Quad Core model: AMD GX-412TC SOC bits: 64 type: MCP arch: Puma family: 16 (22) 
           model-id: 30 (48) stepping: 1 microcode: 7030105 L2 cache: 2048 KiB 
           flags: lm nx pae sse sse2 sse3 sse4_1 sse4_2 sse4a ssse3 svm bogomips: 7985 
           Speed: 600 MHz min/max: 600/1000 MHz boost: enabled Core speeds (MHz): 1: 600 2: 600 3: 600 4: 600 
           Vulnerabilities: Type: l1tf status: Not affected 
           Type: meltdown status: Not affected 
           Type: spec_store_bypass mitigation: Speculative Store Bypass disabled via prctl and seccomp 
           Type: spectre_v1 mitigation: __user pointer sanitization 
           Type: spectre_v2 mitigation: Full AMD retpoline
It looks like they rolled these kernel things back into the distro stable kernels too, since 4.9 did not know about this stuff. That would be that is a patched stable branch kernel.
Last edited by h2-1 on Fri Sep 07, 2018 2:59 am, edited 4 times in total.
smxi/sgfxi site (manuals, how-to's, faqs) :: script forums :: Check out inxi sys info script!

User avatar
ChrisUK
Qualified MX Guide
Posts: 299
Joined: Tue Dec 12, 2017 1:04 pm

Re: Enhanced CPU bugs output in inxi!

#8 Post by ChrisUK »

Code: Select all

pinxi -Cxxx --admin
CPU:       Topology: Dual Core model: Intel Core i3 M 380 bits: 64 type: MT MCP arch: Nehalem 
           family: 6 model-id: 25 (37) stepping: 5 microcode: 4 L2 cache: 3072 KiB 
           flags: lm nx pae sse sse2 sse3 sse4_1 sse4_2 ssse3 vmx bogomips: 20215 
           Speed: 933 MHz min/max: 933/2533 MHz Core speeds (MHz): 1: 933 2: 933 3: 933 4: 933 
           Vulnerabilities: Type: l1tf 
           mitigation: PTE Inversion; VMX: conditional cache flushes, SMT vulnerable 
           Type: meltdown mitigation: PTI 
           Type: spec_store_bypass status: Vulnerable 
           Type: spectre_v1 mitigation: __user pointer sanitization 
           Type: spectre_v2 mitigation: Full generic retpoline 
(I'm using 4.9 series Kernel... 4.9.0-8-amd64 #1 SMP Debian 4.9.110-3+deb9u4 (2018-08-21))
Chris

MX 18 MX 19 - Manjaro

User avatar
h2-1
Posts: 208
Joined: Sat Nov 15, 2008 3:16 pm

Re: Enhanced CPU bugs output in inxi!

#9 Post by h2-1 »

I believe all the distros patched their stable branches for all these things, so I guess they also added the vulnerability stuff to them as well. That's good to know, I didn't realize that, I'll have to update the man page to indicate that.
smxi/sgfxi site (manuals, how-to's, faqs) :: script forums :: Check out inxi sys info script!

User avatar
h2-1
Posts: 208
Joined: Sat Nov 15, 2008 3:16 pm

Re: Enhanced CPU bugs output in inxi!

#10 Post by h2-1 »

By the way, I also shuffled around --usb output to make it more consistent, I'm not really sure what I was thinking when I made the initial orderings, but now the orderings for Hubs and Devices are roughly the same, looks more consistent, and the different field name/values appear in roughly the same spot for hubs and devices.
smxi/sgfxi site (manuals, how-to's, faqs) :: script forums :: Check out inxi sys info script!

Post Reply

Return to “antiX”