1
0
mirror of https://github.com/speed47/spectre-meltdown-checker synced 2024-12-22 20:33:56 +01:00

chore: wording: model not vulnerable -> model not affected

This commit is contained in:
Stéphane Lesimple 2022-03-20 13:16:27 +01:00
parent eee3816757
commit 6682d72ada

View File

@ -3558,7 +3558,7 @@ check_CVE_2017_5753_linux()
# report status # report status
if ! is_cpu_vulnerable "$cve"; then if ! is_cpu_vulnerable "$cve"; then
# override status & msg in case CPU is not vulnerable after all # override status & msg in case CPU is not vulnerable after all
pvulnstatus $cve OK "your CPU vendor reported your CPU model as not vulnerable" pvulnstatus $cve OK "your CPU vendor reported your CPU model as not affected"
elif [ -z "$msg" ]; then elif [ -z "$msg" ]; then
# if msg is empty, sysfs check didn't fill it, rely on our own test # if msg is empty, sysfs check didn't fill it, rely on our own test
if [ -n "$v1_mask_nospec" ]; then if [ -n "$v1_mask_nospec" ]; then
@ -3593,7 +3593,7 @@ check_CVE_2017_5753_bsd()
{ {
if ! is_cpu_vulnerable "$cve"; then if ! is_cpu_vulnerable "$cve"; then
# override status & msg in case CPU is not vulnerable after all # override status & msg in case CPU is not vulnerable after all
pvulnstatus $cve OK "your CPU vendor reported your CPU model as not vulnerable" pvulnstatus $cve OK "your CPU vendor reported your CPU model as not affected"
else else
pvulnstatus $cve VULN "no mitigation for BSD yet" pvulnstatus $cve VULN "no mitigation for BSD yet"
fi fi
@ -4009,7 +4009,7 @@ check_CVE_2017_5715_linux()
if ! is_cpu_vulnerable "$cve"; then if ! is_cpu_vulnerable "$cve"; then
# override status & msg in case CPU is not vulnerable after all # override status & msg in case CPU is not vulnerable after all
pvulnstatus $cve OK "your CPU vendor reported your CPU model as not vulnerable" pvulnstatus $cve OK "your CPU vendor reported your CPU model as not affected"
else else
if [ "$retpoline" = 1 ] && [ "$retpoline_compiler" = 1 ] && [ "$retp_enabled" != 0 ] && [ -n "$ibpb_enabled" ] && [ "$ibpb_enabled" -ge 1 ] && ( ! is_vulnerable_to_empty_rsb || [ "$rsb_filling" = 1 ] ); then if [ "$retpoline" = 1 ] && [ "$retpoline_compiler" = 1 ] && [ "$retp_enabled" != 0 ] && [ -n "$ibpb_enabled" ] && [ "$ibpb_enabled" -ge 1 ] && ( ! is_vulnerable_to_empty_rsb || [ "$rsb_filling" = 1 ] ); then
pvulnstatus $cve OK "Full retpoline + IBPB are mitigating the vulnerability" pvulnstatus $cve OK "Full retpoline + IBPB are mitigating the vulnerability"
@ -4188,7 +4188,7 @@ check_CVE_2017_5715_bsd()
if ! is_cpu_vulnerable "$cve"; then if ! is_cpu_vulnerable "$cve"; then
# override status & msg in case CPU is not vulnerable after all # override status & msg in case CPU is not vulnerable after all
pvulnstatus $cve OK "your CPU vendor reported your CPU model as not vulnerable" pvulnstatus $cve OK "your CPU vendor reported your CPU model as not affected"
elif [ "$retpoline" = 1 ]; then elif [ "$retpoline" = 1 ]; then
pvulnstatus $cve OK "Retpoline mitigates the vulnerability" pvulnstatus $cve OK "Retpoline mitigates the vulnerability"
elif [ "$ibrs_active" = 1 ]; then elif [ "$ibrs_active" = 1 ]; then
@ -4393,7 +4393,7 @@ check_CVE_2017_5754_linux()
if ! is_cpu_vulnerable "$cve"; then if ! is_cpu_vulnerable "$cve"; then
# override status & msg in case CPU is not vulnerable after all # override status & msg in case CPU is not vulnerable after all
pvulnstatus $cve OK "your CPU vendor reported your CPU model as not vulnerable" pvulnstatus $cve OK "your CPU vendor reported your CPU model as not affected"
elif [ -z "$msg" ]; then elif [ -z "$msg" ]; then
# if msg is empty, sysfs check didn't fill it, rely on our own test # if msg is empty, sysfs check didn't fill it, rely on our own test
if [ "$opt_live" = 1 ]; then if [ "$opt_live" = 1 ]; then
@ -4480,7 +4480,7 @@ check_CVE_2017_5754_bsd()
if ! is_cpu_vulnerable "$cve"; then if ! is_cpu_vulnerable "$cve"; then
# override status & msg in case CPU is not vulnerable after all # override status & msg in case CPU is not vulnerable after all
pvulnstatus $cve OK "your CPU vendor reported your CPU model as not vulnerable" pvulnstatus $cve OK "your CPU vendor reported your CPU model as not affected"
elif [ "$kpti_enabled" = 1 ]; then elif [ "$kpti_enabled" = 1 ]; then
pvulnstatus $cve OK "PTI mitigates the vulnerability" pvulnstatus $cve OK "PTI mitigates the vulnerability"
elif [ -n "$kpti_enabled" ]; then elif [ -n "$kpti_enabled" ]; then
@ -4514,7 +4514,7 @@ check_CVE_2018_3640()
if ! is_cpu_vulnerable "$cve"; then if ! is_cpu_vulnerable "$cve"; then
# override status & msg in case CPU is not vulnerable after all # override status & msg in case CPU is not vulnerable after all
pvulnstatus $cve OK "your CPU vendor reported your CPU model as not vulnerable" pvulnstatus $cve OK "your CPU vendor reported your CPU model as not affected"
elif [ -n "$cpuid_ssbd" ]; then elif [ -n "$cpuid_ssbd" ]; then
pvulnstatus $cve OK "your CPU microcode mitigates the vulnerability" pvulnstatus $cve OK "your CPU microcode mitigates the vulnerability"
else else
@ -4634,7 +4634,7 @@ check_CVE_2018_3639_linux()
if ! is_cpu_vulnerable "$cve"; then if ! is_cpu_vulnerable "$cve"; then
# override status & msg in case CPU is not vulnerable after all # override status & msg in case CPU is not vulnerable after all
pvulnstatus $cve OK "your CPU vendor reported your CPU model as not vulnerable" pvulnstatus $cve OK "your CPU vendor reported your CPU model as not affected"
elif [ -z "$msg" ] || [ "$msg" = "Vulnerable" ]; then elif [ -z "$msg" ] || [ "$msg" = "Vulnerable" ]; then
# if msg is empty, sysfs check didn't fill it, rely on our own test # if msg is empty, sysfs check didn't fill it, rely on our own test
if [ -n "$cpuid_ssbd" ]; then if [ -n "$cpuid_ssbd" ]; then
@ -4696,7 +4696,7 @@ check_CVE_2018_3639_bsd()
esac esac
if ! is_cpu_vulnerable "$cve"; then if ! is_cpu_vulnerable "$cve"; then
pvulnstatus $cve OK "your CPU vendor reported your CPU model as not vulnerable" pvulnstatus $cve OK "your CPU vendor reported your CPU model as not affected"
else else
if [ "$ssb_active" = 1 ]; then if [ "$ssb_active" = 1 ]; then
pvulnstatus $cve OK "SSBD mitigates the vulnerability" pvulnstatus $cve OK "SSBD mitigates the vulnerability"
@ -4745,7 +4745,7 @@ check_CVE_2018_3615()
if ! is_cpu_vulnerable "$cve"; then if ! is_cpu_vulnerable "$cve"; then
# override status & msg in case CPU is not vulnerable after all # override status & msg in case CPU is not vulnerable after all
pvulnstatus $cve OK "your CPU vendor reported your CPU model as not vulnerable" pvulnstatus $cve OK "your CPU vendor reported your CPU model as not affected"
elif [ "$cpu_flush_cmd" = 1 ] || { [ "$msr_locked_down" = 1 ] && [ "$cpuid_l1df" = 1 ]; } ; then elif [ "$cpu_flush_cmd" = 1 ] || { [ "$msr_locked_down" = 1 ] && [ "$cpuid_l1df" = 1 ]; } ; then
pvulnstatus $cve OK "your CPU microcode mitigates the vulnerability" pvulnstatus $cve OK "your CPU microcode mitigates the vulnerability"
else else
@ -4820,7 +4820,7 @@ check_CVE_2018_3620_linux()
if ! is_cpu_vulnerable "$cve"; then if ! is_cpu_vulnerable "$cve"; then
# override status & msg in case CPU is not vulnerable after all # override status & msg in case CPU is not vulnerable after all
pvulnstatus $cve OK "your CPU vendor reported your CPU model as not vulnerable" pvulnstatus $cve OK "your CPU vendor reported your CPU model as not affected"
elif [ -z "$msg" ]; then elif [ -z "$msg" ]; then
# if msg is empty, sysfs check didn't fill it, rely on our own test # if msg is empty, sysfs check didn't fill it, rely on our own test
if [ "$pteinv_supported" = 1 ]; then if [ "$pteinv_supported" = 1 ]; then
@ -4859,7 +4859,7 @@ check_CVE_2018_3620_bsd()
fi fi
if ! is_cpu_vulnerable "$cve"; then if ! is_cpu_vulnerable "$cve"; then
pvulnstatus $cve OK "your CPU vendor reported your CPU model as not vulnerable" pvulnstatus $cve OK "your CPU vendor reported your CPU model as not affected"
else else
if [ "$bsd_zero_reserved" = 1 ]; then if [ "$bsd_zero_reserved" = 1 ]; then
pvulnstatus $cve OK "kernel mitigates the vulnerability" pvulnstatus $cve OK "kernel mitigates the vulnerability"
@ -5015,10 +5015,10 @@ check_CVE_2018_3646_linux()
if ! is_cpu_vulnerable "$cve"; then if ! is_cpu_vulnerable "$cve"; then
# override status & msg in case CPU is not vulnerable after all # override status & msg in case CPU is not vulnerable after all
pvulnstatus $cve OK "your CPU vendor reported your CPU model as not vulnerable" pvulnstatus $cve OK "your CPU vendor reported your CPU model as not affected"
elif [ "$fullmsg" = "Not affected" ]; then elif [ "$fullmsg" = "Not affected" ]; then
# just in case a very recent kernel knows better than we do # just in case a very recent kernel knows better than we do
pvulnstatus $cve OK "your kernel reported your CPU model as not vulnerable" pvulnstatus $cve OK "your kernel reported your CPU model as not affected"
elif [ "$has_vmm" = 0 ]; then elif [ "$has_vmm" = 0 ]; then
pvulnstatus $cve OK "this system is not running a hypervisor" pvulnstatus $cve OK "this system is not running a hypervisor"
else else
@ -5077,7 +5077,7 @@ check_CVE_2018_3646_bsd()
esac esac
if ! is_cpu_vulnerable "$cve"; then if ! is_cpu_vulnerable "$cve"; then
pvulnstatus $cve OK "your CPU vendor reported your CPU model as not vulnerable" pvulnstatus $cve OK "your CPU vendor reported your CPU model as not affected"
else else
if [ "$kernel_l1d_enabled" = 1 ]; then if [ "$kernel_l1d_enabled" = 1 ]; then
pvulnstatus $cve OK "L1D flushing mitigates the vulnerability" pvulnstatus $cve OK "L1D flushing mitigates the vulnerability"
@ -5205,7 +5205,7 @@ check_mds_bsd()
esac esac
if ! is_cpu_vulnerable "$cve"; then if ! is_cpu_vulnerable "$cve"; then
pvulnstatus "$cve" OK "your CPU vendor reported your CPU model as not vulnerable" pvulnstatus "$cve" OK "your CPU vendor reported your CPU model as not affected"
else else
if [ "$cpuid_md_clear" = 1 ]; then if [ "$cpuid_md_clear" = 1 ]; then
if [ "$kernel_md_clear" = 1 ]; then if [ "$kernel_md_clear" = 1 ]; then
@ -5299,7 +5299,7 @@ check_mds_linux()
if ! is_cpu_vulnerable "$cve"; then if ! is_cpu_vulnerable "$cve"; then
# override status & msg in case CPU is not vulnerable after all # override status & msg in case CPU is not vulnerable after all
pvulnstatus "$cve" OK "your CPU vendor reported your CPU model as not vulnerable" pvulnstatus "$cve" OK "your CPU vendor reported your CPU model as not affected"
else else
if [ "$opt_sysfs_only" != 1 ]; then if [ "$opt_sysfs_only" != 1 ]; then
# compute mystatus and mymsg from our own logic # compute mystatus and mymsg from our own logic
@ -5423,7 +5423,7 @@ check_CVE_2019_11135_linux()
if ! is_cpu_vulnerable "$cve" ; then if ! is_cpu_vulnerable "$cve" ; then
# override status & msg in case CPU is not vulnerable after all # override status & msg in case CPU is not vulnerable after all
pvulnstatus "$cve" OK "your CPU vendor reported your CPU model as not vulnerable" pvulnstatus "$cve" OK "your CPU vendor reported your CPU model as not affected"
elif [ -z "$msg" ]; then elif [ -z "$msg" ]; then
# if msg is empty, sysfs check didn't fill it, rely on our own test # if msg is empty, sysfs check didn't fill it, rely on our own test
if [ "$opt_live" = 1 ]; then if [ "$opt_live" = 1 ]; then
@ -5518,7 +5518,7 @@ check_CVE_2018_12207_linux()
if ! is_cpu_vulnerable "$cve" ; then if ! is_cpu_vulnerable "$cve" ; then
# override status & msg in case CPU is not vulnerable after all # override status & msg in case CPU is not vulnerable after all
pvulnstatus "$cve" OK "your CPU vendor reported your CPU model as not vulnerable" pvulnstatus "$cve" OK "your CPU vendor reported your CPU model as not affected"
elif [ "$has_vmm" = 0 ]; then elif [ "$has_vmm" = 0 ]; then
pvulnstatus "$cve" OK "this system is not running a hypervisor" pvulnstatus "$cve" OK "this system is not running a hypervisor"
elif [ -z "$msg" ]; then elif [ -z "$msg" ]; then
@ -5557,7 +5557,7 @@ check_CVE_2018_12207_bsd()
if ! is_cpu_vulnerable "$cve"; then if ! is_cpu_vulnerable "$cve"; then
# override status & msg in case CPU is not vulnerable after all # override status & msg in case CPU is not vulnerable after all
pvulnstatus $cve OK "your CPU vendor reported your CPU model as not vulnerable" pvulnstatus $cve OK "your CPU vendor reported your CPU model as not affected"
elif [ -z "$kernel_2m_x_ept" ]; then elif [ -z "$kernel_2m_x_ept" ]; then
pvulnstatus $cve VULN "Your kernel doesn't support mitigating this CVE, you should update it" pvulnstatus $cve VULN "Your kernel doesn't support mitigating this CVE, you should update it"
elif [ "$kernel_2m_x_ept" != 0 ]; then elif [ "$kernel_2m_x_ept" != 0 ]; then
@ -5628,7 +5628,7 @@ check_CVE_2020_0543_linux()
fi fi
if ! is_cpu_vulnerable "$cve" ; then if ! is_cpu_vulnerable "$cve" ; then
# override status & msg in case CPU is not vulnerable after all # override status & msg in case CPU is not vulnerable after all
pvulnstatus "$cve" OK "your CPU vendor reported your CPU model as not vulnerable" pvulnstatus "$cve" OK "your CPU vendor reported your CPU model as not affected"
else else
if [ "$opt_sysfs_only" != 1 ]; then if [ "$opt_sysfs_only" != 1 ]; then
if [ "$cpuid_srbds" = 1 ]; then if [ "$cpuid_srbds" = 1 ]; then