mirror of
https://github.com/speed47/spectre-meltdown-checker
synced 2025-01-07 03:43:06 +01:00
Refactor RedHat support:
- Isolate file check to different elif (allowing to add more) - Do the PTI debugfs check first (faster and supposed to be dynamic) - If pti_enable is 0, don't trust dmesg (supposed to be dynamic)
This commit is contained in:
parent
34ef5ef21b
commit
66f7708095
@ -171,15 +171,20 @@ if [ ! -e /sys/kernel/debug/sched_features ]; then
|
|||||||
# try to mount the debugfs hierarchy ourselves and remember it to umount afterwards
|
# try to mount the debugfs hierarchy ourselves and remember it to umount afterwards
|
||||||
mount -t debugfs debugfs /sys/kernel/debug 2>/dev/null && mounted_debugfs=1
|
mount -t debugfs debugfs /sys/kernel/debug 2>/dev/null && mounted_debugfs=1
|
||||||
fi
|
fi
|
||||||
if [ -e /sys/kernel/debug/ibrs_enabled -o -e /sys/kernel/debug/x86/ibrs_enabled ]; then
|
if [ -e /sys/kernel/debug/ibrs_enabled ]; then
|
||||||
# if the file is there, we have IBRS compiled-in
|
# if the file is there, we have IBRS compiled-in
|
||||||
pstatus green YES
|
pstatus green YES
|
||||||
ibrs_supported=1
|
ibrs_supported=1
|
||||||
|
ibrs_enabled=$(cat /sys/kernel/debug/ibrs_enabled 2>/dev/null)
|
||||||
|
elif [ -e /sys/kernel/debug/x86/ibrs_enabled ]; then
|
||||||
|
# RedHat uses a different path (see https://access.redhat.com/articles/3311301)
|
||||||
|
pstatus green YES
|
||||||
|
ibrs_supported=1
|
||||||
|
ibrs_enabled=$(cat /sys/kernel/debug/x86/ibrs_enabled 2>/dev/null)
|
||||||
else
|
else
|
||||||
pstatus red NO
|
pstatus red NO
|
||||||
fi
|
fi
|
||||||
|
|
||||||
[ -f /sys/kernel/debug/ibrs_enabled ] && ibrs_enabled=$(cat /sys/kernel/debug/ibrs_enabled 2>/dev/null) || ibrs_enabled=$(cat /sys/kernel/debug/x86/ibrs_enabled 2>/dev/null)
|
|
||||||
/bin/echo -n "* IBRS enabled for Kernel space: "
|
/bin/echo -n "* IBRS enabled for Kernel space: "
|
||||||
# 0 means disabled
|
# 0 means disabled
|
||||||
# 1 is enabled only for kernel space
|
# 1 is enabled only for kernel space
|
||||||
@ -285,13 +290,17 @@ if grep ^flags /proc/cpuinfo | grep -qw pti; then
|
|||||||
# vanilla PTI patch sets the 'pti' flag in cpuinfo
|
# vanilla PTI patch sets the 'pti' flag in cpuinfo
|
||||||
pstatus green YES
|
pstatus green YES
|
||||||
kpti_enabled=1
|
kpti_enabled=1
|
||||||
|
elif [ -e /sys/kernel/debug/x86/pti_enabled ]; then
|
||||||
|
# RedHat Backport creates a dedicated file, see https://access.redhat.com/articles/3311301
|
||||||
|
kpti_enabled=$(cat /sys/kernel/debug/x86/pti_enabled 2>/dev/null)
|
||||||
elif dmesg | grep -Eq 'Kernel/User page tables isolation: enabled|Kernel page table isolation enabled'; then
|
elif dmesg | grep -Eq 'Kernel/User page tables isolation: enabled|Kernel page table isolation enabled'; then
|
||||||
# if we can't find the flag, grep in dmesg
|
# if we can't find the flag, grep in dmesg
|
||||||
pstatus green YES
|
|
||||||
kpti_enabled=1
|
kpti_enabled=1
|
||||||
elif [ -e /sys/kernel/debug/x86/pti_enabled -a "$(cat /sys/kernel/debug/x86/pti_enabled 2>/dev/null)" = 1 ]; then
|
else
|
||||||
|
kpti_enabled=0
|
||||||
|
fi
|
||||||
|
if [ "$kpti_enabled" = 1 ]; then
|
||||||
pstatus green YES
|
pstatus green YES
|
||||||
kpti_enabled=1
|
|
||||||
else
|
else
|
||||||
pstatus red NO
|
pstatus red NO
|
||||||
fi
|
fi
|
||||||
|
Loading…
Reference in New Issue
Block a user