Linux from the command line -- Using Meltdown/Spectre to learn a few new command line tricksSo today I was getting ready to post a little trick about using egrep to highlight things you're looking for when I also discovered something really cool.
But let's start with the egrep trick.
By now if you've been following my "Linux from the command line" posts then you should have learned the basics of grep which let's you find things in other things. Like a word or phrase in a file or command output.
But what if the line grep returns is a long, cluttered line with a lot of kinda random words? egrep to the rescue.
Suppose you want to know if your CPU supports virtualization and you want the command to work with either an Intel or AMD CPU. Try this.
egrep --color -i "svm|vmx" /proc/cpuinfoIf your CPU supports either of those virtualization functions you'll see them highlighted in the output.
OK, now to the cool partSince Meltdown and Spectre the CPU manufacturers have been working hard along with the Linux kernel developers to fix these bugs. One place this is happening is in the CPU's microcode and another is in the kernel CPU tables.
SO, try this.
egrep --color -i "meltdown|spectre" /proc/cpuinfoThe Linux CPU identification process includes an entry for bugs which simply enough lists the known bugs for that CPU. If you're using any kind of modern CPU, that line should have returned some interesting info.
On one of my AMD systems I got this output
bugs : tlb_mmatch fxsave_leak sysret_ss_attrs spectre_v1 spectre_v2
and on an Intel system
bugs : cpu_meltdown spectre_v1 spectre_v2
Note that I can't show the egrep highlighting here on Google Plus but you should be seeing the Meltdown/Spectre bugs highlighted.
Now, lets check for the fix and see if your CPU has been patched yet.
egrep --color -i "retpoline|kaiser" /proc/cpuinfoflags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx lm constant_tsc arch_perfmon pebs bts nopl aperfmperf pni dtes64 monitor ds_cpl vmx smx est tm2 ssse3 cx16 xtpr pdcm sse4_1 xsave lahf_lm ida dtherm
retpoline kaiser tpr_shadow vnmi flexpriority
And there you go. The Intel system has both Meltdown and Spectre patches.
On my AMD system I get similar output, but only for Spectre (because the AMD's are only susceptible to Spectre).
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt pdpe1gb rdtscp lm 3dnowext 3dnow constant_tsc rep_good nopl nonstop_tsc extd_apicid pni monitor cx16 popcnt lahf_lm cmp_legacy svm extapic cr8_legacy abm sse4a misalignsse 3dnowprefetch osvw ibs skinit wdt hw_pstate rsb_ctxsw
retpoline retpoline_amd npt lbrv svm_lock nrip_save vmmcall
So I would recommend that you just look at your cpuinfo for your various CPU's and see what new info is in there.
cat /proc/cpuinfoBonus command - Let's throw it all in there at once.
egrep --color -i "retpoline|kaiser|meltdown|spectre" /proc/cpuinfoThat will show you what bugs your CPU has
and what fixes are applied.
If this command returns no output, your CPU and kernel have not been patched and you are vulnerable! In this case you need to update your system and try again. If you still get no output, you may need to do a full distro update to the newest release. If you are already running the latest version of your Linux distro and they have not patched yet, it may be time to consider switching distros.
Note: I assume most everyone out there has a CPU with at least two cores. Most of us even more. Because of this the output from most of the above commands will be repeated identically a number of times equal to the number of cores in your CPU. No biggie, just ignore all but the last entry.
