SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
32 - gawk above doesn't say anything that helpful apart from "not affected" on all counts. This is more helpful:
Code:
root@lysurfer_viii:/home/lysander/spectre-meltdown-checker-master/newversion# ./spectre-meltdown-checker.sh
Spectre and Meltdown mitigation detection tool v0.37+
Checking for vulnerabilities on current system
Kernel is Linux 4.4.153-smp #1 SMP Tue Aug 28 14:22:38 CDT 2018 i686
CPU is Intel(R) Atom(TM) CPU N270 @ 1.60GHz
Hardware check
* Hardware support (CPU microcode) for mitigation techniques
* Indirect Branch Restricted Speculation (IBRS)
* SPEC_CTRL MSR is available: NO
* CPU indicates IBRS capability: NO
* Indirect Branch Prediction Barrier (IBPB)
* PRED_CMD MSR is available: NO
* CPU indicates IBPB capability: NO
* Single Thread Indirect Branch Predictors (STIBP)
* SPEC_CTRL MSR is available: NO
* CPU indicates STIBP capability: NO
* Speculative Store Bypass Disable (SSBD)
* CPU indicates SSBD capability: NO
* Enhanced IBRS (IBRS_ALL)
* CPU indicates ARCH_CAPABILITIES MSR availability: NO
* ARCH_CAPABILITIES MSR advertises IBRS_ALL capability: NO
* CPU explicitly indicates not being vulnerable to Meltdown (RDCL_NO): NO
* CPU explicitly indicates not being vulnerable to Variant 4 (SSB_NO): NO
* CPU microcode is known to cause stability problems: NO (model 0x1c family 0x6 stepping 0x2 ucode 0x20a cpuid 0x106c2)
* CPU vulnerability to the speculative execution attack variants
* Vulnerable to Variant 1: NO
* Vulnerable to Variant 2: NO
* Vulnerable to Variant 3: NO
* Vulnerable to Variant 3a: NO
* Vulnerable to Variant 4: NO
CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Mitigated according to the /sys interface: YES (Not affected)
* Kernel has array_index_mask_nospec (x86): NO
* Kernel has the Red Hat/Ubuntu patch: NO
* Kernel has mask_nospec64 (arm): NO
* Checking count of LFENCE instructions following a jump in kernel... NO (only 0 jump-then-lfence instructions found, should be >= 30 (heuristic))
> STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigated according to the /sys interface: YES (Not affected)
* Mitigation 1
* Kernel is compiled with IBRS support: YES
* IBRS enabled and active: NO
* Kernel is compiled with IBPB support: YES
* IBPB enabled and active: NO
* Mitigation 2
* Kernel has branch predictor hardening (arm): NO
* Kernel compiled with retpoline option: YES
> STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Mitigated according to the /sys interface: YES (Not affected)
* Kernel supports Page Table Isolation (PTI): NO
* PTI enabled and active: NO
* Reduced performance impact of PTI: NO (PCID/INVPCID not supported, performance impact of PTI will be significant)
* Running as a Xen PV DomU: NO
> STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
CVE-2018-3640 [rogue system register read] aka 'Variant 3a'
* CPU microcode mitigates the vulnerability: NO
> STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
CVE-2018-3639 [speculative store bypass] aka 'Variant 4'
* Mitigated according to the /sys interface: YES (Not affected)
* Kernel supports speculation store bypass: YES (found in /proc/self/status)
> STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)
A false sense of security is worse than no security at all, see --disclaimer
Last edited by Lysander666; 08-29-2018 at 01:37 PM.
The security patched 4.4.153 kernel for Slackware-14.2 is now available.
Can you please provide me with a link from where you got that changelog snippet? I'm curios about the actual commit(s) that are mitigating the CVE-2018-3615/3620/3546 and maybe I can find this info in the changelog. Just want to look at the code and see if it checks the microcode capabilities & stuff. I got confused by the recent kernel devs efforts for mitigating these issues and I remember editing several times the post in the Slackware security thread, just because I was not sure anymore about what patch was actually approved&released.
Thanks! EDIT
Sorry! Never mind, it was from the Slackware Changelog.
I was looking at: https://cdn.kernel.org/pub/linux/ker...ngeLog-4.4.153
And couldn't find the explicit enumeration of the CVEs but only some references about L1TF and the commit adaba23ccd7d1625942f2c27612d2b416c87e011. Will follow that path now.
I recently installed Slackware64 14.2 and wanted to update the kernel to 4.4.153, but a then very slow X11 made me reinstall the original 4.4.14 kernel (kernel driver is nouveau and my graphic card is a GeForce GTX 980M).
Is it possible that I could be experiencing significantly improved battery life on 4.4.153? I noticed this within about 15 mins of turning the netbook on today. Now, I know that acpi just estimates things, but this is very good.
On previous kernels, esp 4.4.144, I think on average I would get about 4.5 hours of battery life out of the netbook. Now, neofetch says it's been up for four hours so far, but shave two of those off for being on suspend on public transport... and apparently another four or so to go at ~70%. To be realistic I'll call that around six or so. I'm sure this is better than normal for this machine.
Ok not arguing because I agree that it will probably be a LTS kernel. but right now it says "TBD" to be determined, so that tell me there is no official response that 4.19 will be long term.
"We have asked to GregKH. Does 4.19 will be next LTS? Answer was YES. LTS version will be end of year release. So it will be 4.19. We expected 4.20 in June but some delay happened actually." @LinuxLTSI 11:54 pm 29 Aug 2018
they have not been announced yet on kernel.org, but kernels 4.4.154, 4.9.125, 4.14.68 and 4.18.6 are already available since some hours on https://kernel.org/pub/linux/kernel/v4.x/
Built ; installed ; booted 4.4.154 on my Main Slackware64 14.2 + MultiLib Laptop and all is well.
I also installed it on a ZOTAC ZBOX BI325 to see if there were any changes ( there have been no Firmware Files for the Celeron B3160 - ( Family + Model + Stepping ) = 06-4c-04 )) -- no change ...
-- kjh
These are the S&M related commits in 4.4.154 ...
Lysander666 -- note that the last three are 32-bit commits.
Code:
./.get-commit -i -a 'cve-' -e l1tf -e speculat -e spectre linux-4.4.154-ChangeLog
# Title | Search Linux ChangeLogs
# Command | /home/dld/slackware/kjh-kernel/dld/.get-commit -i -a cve- -e l1tf -e speculat -e spectre linux-4.4.154-ChangeLog
# Ignore Case | is ON
# SynopsisREx | 'l1tf' -or- 'speculat' -or- 'spectre'
# Generic REx | 'cve-'
# Run Date | Wed Sep 5 10:48:04 CDT 2018
#
# FileName | Commit | Date | Synopsys
linux-4.4.154-ChangeLog | 2edb10cbf21fca9b220a2bdf0b87b7bbeaf1e1e9 | Fri Aug 24 10:03:51 2018 -0700 | x86/spectre: Add missing family 6 check to microcode check
linux-4.4.154-ChangeLog | 72f6531162bd2f1b57e8114c8358fca507090f41 | Thu Aug 23 16:21:29 2018 +0200 | x86/speculation/l1tf: Suggest what to do on systems with too much RAM
linux-4.4.154-ChangeLog | 7b69cd6fa088e473869512672969e6c490cac1b6 | Thu Aug 23 15:44:18 2018 +0200 | x86/speculation/l1tf: Fix off-by-one error when warning that system has too much RAM
linux-4.4.154-ChangeLog | 6a56bd7f2ea31d4c86849b8f67d4e2dc1cb5b788 | Mon Aug 20 11:58:35 2018 +0200 | x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
