Porteus Kernel Builder

Here is a place for your projects which are not officially supported by the Porteus Team. For example: your own kernel patched with extra features; desktops not included in the standard ISO like Gnome; base modules that are different than the standard ISO, etc...
neko
DEV Team
DEV Team
Posts: 1029
Joined: 09 Feb 2013, 09:55
Distribution: APorteus-FVWM-ja-x86_64.iso
Location: japan

Porteus Kernel Builder

Post#271 by neko » 07 Jan 2018, 14:47

Performance comparison
PAGE_TABLE_ISOLATION
"ON" VS "OFF"

==== PC ====

Code: Select all

Computer
Processor	4x Intel(R) Pentium(R) CPU N4200 @ 1.10GHz
Memory	3863MB (355MB used)
Operating System	Arch Linux
User Name	guest (Unknown)
Date/Time	Sun 07 Jan 2018 08:02:00 PM UTC
==== OS ====

Code: Select all

Operating System
Version
Kernel	Linux 4.15.0-rc6-porteus (x86_64)
Compiled	#1 SMP PREEMPT Sun Jan 7 15:55:13 UTC 2018
C Library	GNU C Library version 2.26 (stable)
Default C Compiler	Unknown
Distribution	Arch Linux

==== Measurement result with "hardinfo" tool ====
--------------------------------
"ON"

Code: Select all

CPU Blowfish
CPU Blowfish
This Machine	1672 MHz	3.233
Intel(R) Celeron(R) M processor 1.50GHz	(null)	26.1876862
PowerPC 740/750 (280.00MHz)	(null)	172.816713
CPU CryptoHash
CPU CryptoHash
This Machine	1672 MHz	123.983
CPU Fibonacci
CPU Fibonacci
This Machine	1672 MHz	3.394
Intel(R) Celeron(R) M processor 1.50GHz	(null)	8.1375674
PowerPC 740/750 (280.00MHz)	(null)	58.07682
CPU N-Queens
CPU N-Queens
This Machine	1672 MHz	17.254
FPU FFT
FPU FFT
This Machine	1672 MHz	1.992
FPU Raytracing
FPU Raytracing
This Machine	1672 MHz	17.346
Intel(R) Celeron(R) M processor 1.50GHz	(null)	40.8816714
PowerPC 740/750 (280.00MHz)	(null)	161.312647
"OFF"

Code: Select all

CPU Blowfish
CPU Blowfish
This Machine	2007 MHz	3.228
Intel(R) Celeron(R) M processor 1.50GHz	(null)	26.1876862
PowerPC 740/750 (280.00MHz)	(null)	172.816713
CPU CryptoHash
CPU CryptoHash
This Machine	2007 MHz	108.972
CPU Fibonacci
CPU Fibonacci
This Machine	2007 MHz	3.396
Intel(R) Celeron(R) M processor 1.50GHz	(null)	8.1375674
PowerPC 740/750 (280.00MHz)	(null)	58.07682
CPU N-Queens
CPU N-Queens
This Machine	2007 MHz	15.702
FPU FFT
FPU FFT
This Machine	2007 MHz	1.990
FPU Raytracing
FPU Raytracing
This Machine	2007 MHz	17.496
Intel(R) Celeron(R) M processor 1.50GHz	(null)	40.8816714
PowerPC 740/750 (280.00MHz)	(null)	161.312647
==== Kernel ====
ON_OFF.tar (133 M)
http://www.mediafire.com/file/jgaescps3 ... ON_OFF.tar
md5sum: 3345f95a6d0bcfde1da5da17522a958c ON_OFF.tar

Code: Select all

% su
# ls
ON_OFF.tar
# tar -xf ON_OFF.tar
# ls -R1
.:
OFF
ON

./OFF:
crippled_sources-4.15-rc6-64bit.xzm
v4.15-rc6.tar.xz

./ON:
crippled_sources-4.15-rc6-64bit.xzm
v4.15-rc6.tar.xz
# cd OFF
# xz -dc v4.15-rc6.tar.xz | tar -x
# cd ../ON
# xz -dc v4.15-rc6.tar.xz | tar -x
# cd ..
# ls */*/*/
OFF/v4.15-rc6/32/:
32bit.config

OFF/v4.15-rc6/64/:
64bit.config  lib  repo_getFW-v4.15-rc6-64  vmlinuz

ON/v4.15-rc6/32/:
32bit.config

ON/v4.15-rc6/64/:
64bit.config  lib  repo_getFW-v4.15-rc6-64  vmlinuz
# diff OFF/v4.15-rc6/64/64bit.config ON/v4.15-rc6/64/64bit.config
6037c6037
< # CONFIG_PAGE_TABLE_ISOLATION is not set
---
> CONFIG_PAGE_TABLE_ISOLATION=y
Note: Changing "CONFIG_PAGE_TABLE_ISOLATION" by "make menuconfig"
Security options --> Remove the kernel mapping in user mode


Thanks.

neko
DEV Team
DEV Team
Posts: 1029
Joined: 09 Feb 2013, 09:55
Distribution: APorteus-FVWM-ja-x86_64.iso
Location: japan

Porteus Kernel Builder

Post#272 by neko » 08 Jan 2018, 15:20

1. current kernel version
[from https://www.kernel.org/finger_banner]
The latest mainline version of the Linux kernel is: 4.15-rc7 <---NEW
The latest stable 4.14 version of the Linux kernel is: 4.14.12
The latest longterm 4.9 version of the Linux kernel is: 4.9.75
The latest longterm 4.4 version of the Linux kernel is: 4.4.110
The latest longterm 4.1 version of the Linux kernel is: 4.1.48
The latest longterm 3.18 version of the Linux kernel is: 3.18.91 (EOL)
The latest linux-next version of the Linux kernel is: next-20180108


2. NEW Example of updated kernel that was built by "Porteus Kernel builder" were updated.

Refer to Porteus Kernel Builder (Post by neko #57468)
or
refer to Porteus Kernel Builder (Post by neko #52232)


"copy firmwares from firmware packages" function was used when build kernel even if includes "make firmware".


Example "kernel 4.15-rc7" includes 3 kind kernels;
32 bit kernel.
64 bit kernel built with prototype config "PAGE_TABLE_ISOLATION" OFF.
64 bit kernel built with prototype config "PAGE_TABLE_ISOLATION" ON.

If you update the kernel with the example of "PAGE_TABLE_ISOLATION ON" by using "Kernel builder",
please change the symbolic link from "v4.15-rc7/64 --> 64-off" to "v4.15-rc7/64 --> 64-on".


Thanks.

neko
DEV Team
DEV Team
Posts: 1029
Joined: 09 Feb 2013, 09:55
Distribution: APorteus-FVWM-ja-x86_64.iso
Location: japan

Porteus Kernel Builder

Post#273 by neko » 10 Jan 2018, 23:32

1. current kernel version
[from https://www.kernel.org/finger_banner]
The latest mainline version of the Linux kernel is: 4.15-rc7
The latest stable 4.14 version of the Linux kernel is: 4.14.13 <---NEW
The latest longterm 4.9 version of the Linux kernel is: 4.9.76 <---NEW
The latest longterm 4.4 version of the Linux kernel is: 4.4.111 <---NEW
The latest longterm 4.1 version of the Linux kernel is: 4.1.48
The latest longterm 3.18 version of the Linux kernel is: 3.18.91 (EOL)
The latest linux-next version of the Linux kernel is: next-20180110


2. NEW Example of updated kernel that was built by "Porteus Kernel builder" were updated.

Refer to Porteus Kernel Builder (Post by neko #57468)
or
refer to Porteus Kernel Builder (Post by neko #52232)


"copy firmwares from firmware packages" function was used when build kernel even if includes "make firmware".


Note 1:
"64 bit kernel 4.14.13/4.9.76/4.4.111" example was built with prototype config "PAGE_TABLE_ISOLATION ON".

Note 2: Changing "CONFIG_PAGE_TABLE_ISOLATION" by "make menuconfig"
Security options --> Remove the kernel mapping in user mode


Thanks.

neko
DEV Team
DEV Team
Posts: 1029
Joined: 09 Feb 2013, 09:55
Distribution: APorteus-FVWM-ja-x86_64.iso
Location: japan

Porteus Kernel Builder

Post#274 by neko » 15 Jan 2018, 07:38

1. "Porteus Kernel Builder" was updated to mkKernel-18.01.15-noarch-1.xzm
Please refer to viewtopic.php?p=52232#p52232

(1) Config prototypes were updated.

Code: Select all

[4.15-rc 32 Bit]
404a405
> CONFIG_RETPOLINE=y
1333a1335
> CONFIG_GENERIC_CPU_VULNERABILITIES=y

[4.15-rc 64 Bit]
221a222
> CONFIG_BPF_JIT_ALWAYS_ON=y
422a424
> CONFIG_RETPOLINE=y
1342a1345
> CONFIG_GENERIC_CPU_VULNERABILITIES=y
6037c6040
< # CONFIG_PAGE_TABLE_ISOLATION is not set
---
> CONFIG_PAGE_TABLE_ISOLATION=y

[4.14 64 Bit]
5999c5999
< # CONFIG_PAGE_TABLE_ISOLATION is not set
---
> CONFIG_PAGE_TABLE_ISOLATION=y

[4.9 64 Bit]
5753c5753
< # CONFIG_PAGE_TABLE_ISOLATION is not set
---
> CONFIG_PAGE_TABLE_ISOLATION=y

[4.4 64 Bit]
5305c5305
< # CONFIG_PAGE_TABLE_ISOLATION is not set
---
> CONFIG_PAGE_TABLE_ISOLATION=y
(2) "Kernel Builder" specification is not redesigned yet.
not fix the bug yet:
Please refer to viewtopic.php?p=61024#p61024


2. current kernel version
[from https://www.kernel.org/finger_banner]
The latest mainline version of the Linux kernel is: 4.15-rc8 <---NEW
The latest stable 4.14 version of the Linux kernel is: 4.14.13
The latest longterm 4.9 version of the Linux kernel is: 4.9.76
The latest longterm 4.4 version of the Linux kernel is: 4.4.111
The latest longterm 4.1 version of the Linux kernel is: 4.1.48
The latest longterm 3.18 version of the Linux kernel is: 3.18.91 (EOL)
The latest linux-next version of the Linux kernel is: next-20180112


3. NEW Example of updated kernel that was built by "Porteus Kernel builder" were updated.

Refer to viewtopic.php?p=57468#p57468
or
refer to viewtopic.php?p=52232#p52232


"copy firmwares from firmware packages" function was used when build kernel even if includes "make firmware".


Note: "4.15-rc8 64" config "CONFIG_RETPOLINE=y"
Please refer to
https://www.blog.google/topics/google-c ... rformance/

[Running report of "example 64 Bit 4.15-rc8" kernel]

Code: Select all

# dmesg | grep isolation
[    0.000000] Kernel/User page tables isolation: enabled
# 
# sh ./spectre-meltdown-checker.sh
Spectre and Meltdown mitigation detection tool v0.27

Checking for vulnerabilities against live running kernel Linux 4.15.0-rc8-porteus #1 SMP PREEMPT Mon Jan 15 10:51:29 UTC 2018 x86_64

CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Checking wheter we're safe according to the /sys interface:  NO  (kernel confirms your system is vulnerable)
> STATUS:  VULNERABLE  (Vulnerable)

CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Checking wheter we're safe according to the /sys interface:  NO  (kernel confirms your system is vulnerable)
> STATUS:  VULNERABLE  (Vulnerable: Minimal generic ASM retpoline)

CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Checking wheter we're safe according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
> STATUS:  NOT VULNERABLE  (Mitigation: PTI)

A false sense of security is worse than no security at all, see --disclaimer
#


Thanks.

Post Reply