There are still 32 bit Intel systems that have out-of-order execution still out there and still running in back rooms Pentium 6 (686/Pentium Pro not Core generation) and later have out-of-order execution and are vulnerable to speculative attacks.

It irritates me that part of the core kernel team is so dismissive of other people's hardware like that. It comes across as "I don't care what you have, I'll do what I want." which is a definite problem in open source development. Before people jump all over me pointing out the selfishness of that attitude, Greg Kroah-Hartman is paid by the Linux Foundation to do this work. It's literally his job to make sure the Linux kernel runs correctly and securely. He's not an unpaid volunteer. If he doesn't want to actually do his job and properly fix the kernel for all affected systems then maybe he should quit.

Now, saying that, I'm not entirely sure people that still have 32 bit x86 systems running actually care about speculative level attacks on them. I doubt many of them are even running Linux.

Not quite the right question about actually care about speculation level attacks. Yes there are parties still with 32 bit x86 systems running Linux.

Intel Quark lanuched in 2013 and end production 2019 yes this is 32 bit x86 system but its a inorder system. Yes the default OS for the Intel Quark was Linux. So anyone using these solution don't need to care about speculation level attacks because that class of attack is not possible.

Embedded systems using 32 bit only intel atom cpu again inorder CPU. Again does not have the problem.

The reality is any 32 bit only x86 cpu released in the last 15 years is the inorder type.

Yes 1995-2006 this is the time frame of 32 bit x86 only cpus with speculation level attacks being possible. That time frame is little shorter as well.


We all like to forgot the Capacitor plague. So there is roughly 6-8 years of production that was still there at the end of 2008 not the full 10 due to the. Remember we are talking about systems that have to be 15 years old here and are 32 bit only to have this problem. Remember you can run a 32 bit user space on a 64 bit Linux kernel.

stormcrow the reality here is the Linux foundation is paid by companies and if they don't have any of the old hardware in use any more with the problem why should Greg Kroah-Hartman spend his time working on it.

At least he is openly documenting that this work is not on his list to see done.

Yes, Pentium Pro / Pentium II / Pentium III are 32 bits with some out-of-order introduced in their arch's generation.
And yes, you're going to find a few around, e.g.: because these are the last one that can run on a 440BX chipset, which is the last one to have a true ISA bus that is widely compatible with large swaths of legacy hardware.
So if you have some old and expensive piece of scientific hardware that relies on some legacy data acquisition card that can only be plugged in such an old machine, you're going to need such old machines around.
You're not merely limited to legacy 32bit code that require 32bit userspace, you're limited to decades-old hardware because that's the last machine you'll be able to connect your insanely expensive piece of scientific equipment.
(At least until a thunderstrike (EMP ?) irreversibly fries the data acquisition board. But's a story for another time).

BUT.

The big two questions are:

- Are those CPU specifically affected by Retbleed? I mean the actual Retbleed exploit that is concerned by this fix. Not just in theory these being out-of-order CPUs, but actual proof-of-concept existing? I have the impression that successfully exploiting most of the recent speculative execution exploits requires extremely deep pipeline that (speculatively) run sufficiently far ahead that you can actually generate exploitable construct. If your pipeline has at best a couple of ops in-flight in the pipeline you're not going to be able to make a large enough speculative return-oriented piece. You'd probably need at least Pentium IV and their extremely deep pipeline, and those are able to run 64bit kernel (which in turn will be able to run whatever 32bit legacy code you have).

- Are such delicate pieces of legacy hardware going to be connected to the internet? I would expect that at best the data will be exchange in air gapped fashion over an USB stick, at worse you'll connect them to a dedicated private network.

i.e.: yes hardware that can only exclusively 32bit kernel still exist in dwindling numbers. But these machines can't be Retbleeded anyway.
Any machine potentially affected by Retbleed in the real world already has an usable workaround in the form of switching to the 64bit kernel, even if you keep the 32bit userlanddue to legacy apps.

Or in short: there is no real-world use case that could justify the effort to port and test a 32bit version of the Retbleed mitigation.
All the people complaining about the absence of a 32bit port of the mitigation are only whining on ideological grounds, none of them are affected in a way that doesn't have a workaround.

Catch is they are not the last x86 processors that has ISA. https://www.vortex86.com/products/Vortex86DX3 Big thing here the latest Vortex86DX3 give you DDR3 ram with ecc that is lot simple ram to get than the what the 440BX has and you go from 1G of ram limit to a 2G of ram limit. Remember this is a chip you can get today new off the production line.

This is not the case. The reality here you buy a brand new inorder vortex86 board for basically all those cases. Being new its highly reliable.

The reality you are not as limited to decades old hardware as you think.

That the thing all parts die in the end.

The realities you don't find as many "Pentium Pro / Pentium II / Pentium III" as you would think. Lot the embedded use cases boards of those chips have been replaced by Vortex86DX drop in replacement boards. There are a long list of things that go wrong. Ram coming defective and the replacement ram being more expensive than buying a vortex board with ram to replace it. The realtime clock battery leaking bricking the motherboard. Power issues breaking stuff.

Another thing the vortex86dx3 soc uses less power to do the same things as you old systems.

What do past vortex86dx3 that when you get into https://www.iwavejapan.co.jp/product...A%20Bridge.pdf and other bridges.

I suspect we will not see vortex86 cpus support ddr4 and ddr5 memory. I could be wrong.

Yeah right. Completely forgot about those, even though I've seen youtube review of retro-gaming oriented setups.
So yes, you can save the horrendously expensive but antedeluvian lab equipment with modern boards.

Though from the product tab its pipeline is 6-stage only (which makes sense given the target market. You don't necessarily want to shave as much performance as possible as you're probably replacing industrial 486 or Pentiums. You want low power and reliable while staying cheap enough). Compare this with original Pentium's 5 stage, Pentium III's 10, and since then most of the CPU have been roughly around ~15-ish long pipeline, except Pentium 4 which infamously had pipelines up to twice as deep.

So the original reasoning in my post remains: it's not going to be necessarily affected by most speculative exploits.

So in summary it's indeed more modern than my "old Pentium II box powering ancient lab equipment", but it's an example of a computer than can only run 32bit kernel, but will not be affected by RetBleed.
The only affected machines still are exclusively modern machines that can run 64bits kernels, the machine that are limited to 32bits-only kernel aren't affected (though as you point out, not all of them have been made decades ago), thus the absence of a 32bit port of RetBleed isn't a problem with no solution.
Your dusty old Pentium III / shiny brand new Vortex86 32bits-only CPU doesn't need a back part of the mitigation.
Whereas your vulnerable CPU is most likely able to be switched to a 64bit kernel while keeping the legacy 32bit apps that required you to run 32bit initially.


Sadly that old piece of insanely expensive delicate and highly presise equipment eventually died in a thunderstorm. And I'm not working there anymore.
So we'll never know if that would have been a viable upgrade path.
Before writing it off, my colleague managed to buy a Pentium 4 boards with an ISA slots (one of these Intel 8xx chipset based) and the ISA compatibility was apparently good enough to install the DOS-based low-level driver, install the Windows 95 controlling software, and have it successfully recognize and self-test the board. (Sadly the instrument itself never managed to succeed simple tests once plugged into the ISA board).
But given that limited success with Intel 8xx, perhaps these boards could have been also successfully recognized in such a bridge. Linux drivers did exist for the two ISA boards. But obviously no dedicated Linux software to talk to the lab equipment itself.