dsanchez/spectre-meltdown-checker
1
0
Fork 0
mirror of https://github.com/speed47/spectre-meltdown-checker synced 2024-12-23 12:54:26 +01:00
Code Issues Releases Wiki Activity

chore: read_cpuid: use named constants

Browse Source
This commit is contained in:
Stéphane Lesimple 2022-03-20 00:08:17 +01:00
parent e8b3f498fc
commit 6e097cfe09
1 changed files with 119 additions and 95 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

214
spectre-meltdown-checker.sh
View File

@ -1451,6 +1451,9 @@ load_cpuid()
# shellcheck disable=SC2034 # shellcheck disable=SC2034
EAX=1; EBX=2; ECX=3; EDX=4; EAX=1; EBX=2; ECX=3; EDX=4;
READ_CPUID_RET_OK=0
READ_CPUID_RET_KO=1
READ_CPUID_RET_ERR=2
read_cpuid() read_cpuid()
{ {
# leaf is the value of the eax register when calling the cpuid instruction: # leaf is the value of the eax register when calling the cpuid instruction:
@ -1467,18 +1470,19 @@ read_cpuid()
_wanted="$6" _wanted="$6"
# in any case, the read value is globally available in $read_cpuid_value # in any case, the read value is globally available in $read_cpuid_value
read_cpuid_value='' read_cpuid_value=''
read_cpuid_msg=''
if [ $# -lt 5 ]; then if [ $# -lt 5 ]; then
echo "read_cpuid: missing arguments, got only $#, expected at least 5: $*" read_cpuid_msg="read_cpuid: missing arguments, got only $#, expected at least 5: $*"
return 2 return $READ_CPUID_RET_ERR
fi fi
if [ "$_register" -gt 4 ]; then if [ "$_register" -gt 4 ]; then
echo "read_cpuid: register must be 0-4, got $_register" read_cpuid_msg="read_cpuid: register must be 0-4, got $_register"
return 2 return $READ_CPUID_RET_ERR
fi fi
if [ "$_shift" -gt 32 ]; then if [ "$_shift" -gt 32 ]; then
echo "read_cpuid: shift must be 0-31, got $_shift" read_cpuid_msg="read_cpuid: shift must be 0-31, got $_shift"
return 2 return $READ_CPUID_RET_ERR
fi fi
if [ ! -e /dev/cpu/0/cpuid ] && [ ! -e /dev/cpuctl0 ]; then if [ ! -e /dev/cpu/0/cpuid ] && [ ! -e /dev/cpuctl0 ]; then
@ -1489,10 +1493,14 @@ read_cpuid()
if [ -e /dev/cpu/0/cpuid ]; then if [ -e /dev/cpu/0/cpuid ]; then
# Linux # Linux
if [ ! -r /dev/cpu/0/cpuid ]; then if [ ! -r /dev/cpu/0/cpuid ]; then
return 2 read_cpuid_msg="Couldn't load cpuid module"
return $READ_CPUID_RET_ERR
fi
# on some kernel versions, /dev/cpu/0/cpuid doesn't imply that the cpuid module is loaded, in that case dd returns an error,
# we use that fact to load the module if dd returns an error
if ! dd if=/dev/cpu/0/cpuid bs=16 count=1 >/dev/null 2>&1; then
load_cpuid
fi fi
# on some kernel versions, /dev/cpu/0/cpuid doesn't imply that the cpuid module is loaded, in that case dd returns an error
dd if=/dev/cpu/0/cpuid bs=16 count=1 >/dev/null 2>&1 || load_cpuid
# we need _leaf to be converted to decimal for dd # we need _leaf to be converted to decimal for dd
_leaf=$(( _leaf )) _leaf=$(( _leaf ))
_subleaf=$(( _subleaf )) _subleaf=$(( _subleaf ))
@ -1505,12 +1513,14 @@ read_cpuid()
elif [ -e /dev/cpuctl0 ]; then elif [ -e /dev/cpuctl0 ]; then
# BSD # BSD
if [ ! -r /dev/cpuctl0 ]; then if [ ! -r /dev/cpuctl0 ]; then
return 2 read_cpuid_msg="Couldn't read cpuid info from cpuctl"
return $READ_CPUID_RET_ERR
fi fi
_cpuid=$(cpucontrol -i "$_leaf","$_subleaf" /dev/cpuctl0 2>/dev/null | cut -d: -f2-) _cpuid=$(cpucontrol -i "$_leaf","$_subleaf" /dev/cpuctl0 2>/dev/null | cut -d: -f2-)
# cpuid level 0x4, level_type 0x2: 0x1c004143 0x01c0003f 0x000001ff 0x00000000 # cpuid level 0x4, level_type 0x2: 0x1c004143 0x01c0003f 0x000001ff 0x00000000
else else
return 2 read_cpuid_msg="Found no way to read cpuid info"
return $READ_CPUID_RET_ERR
fi fi
_debug "cpuid: leaf$_leaf subleaf$_subleaf on cpu0, eax-ebx-ecx-edx: $_cpuid" _debug "cpuid: leaf$_leaf subleaf$_subleaf on cpu0, eax-ebx-ecx-edx: $_cpuid"
@ -1522,7 +1532,11 @@ read_cpuid()
else else
mockme=$(printf "%b\n%b" "$mockme" "SMC_MOCK_CPUID_${_leaf}_${_subleaf}='$_cpuid'") mockme=$(printf "%b\n%b" "$mockme" "SMC_MOCK_CPUID_${_leaf}_${_subleaf}='$_cpuid'")
fi fi
[ -z "$_cpuid" ] && return 2 if [ -z "$_cpuid" ]; then
read_cpuid_msg="Failed to get cpuid data"
return $READ_CPUID_RET_ERR
fi
# get the value of the register we want # get the value of the register we want
_reg=$(echo "$_cpuid" | awk '{print $'"$_register"'}') _reg=$(echo "$_cpuid" | awk '{print $'"$_register"'}')
# Linux returns it as decimal, BSD as hex, normalize to decimal # Linux returns it as decimal, BSD as hex, normalize to decimal
@ -1538,13 +1552,13 @@ read_cpuid()
if [ -n "$_wanted" ]; then if [ -n "$_wanted" ]; then
_debug "cpuid: wanted $_wanted and got $read_cpuid_value" _debug "cpuid: wanted $_wanted and got $read_cpuid_value"
if [ "$read_cpuid_value" = "$_wanted" ]; then if [ "$read_cpuid_value" = "$_wanted" ]; then
return 0 return $READ_CPUID_RET_OK
else else
return 1 return $READ_CPUID_RET_KO
fi fi
fi fi
return 0 return $READ_CPUID_RET_OK
} }
dmesg_grep() dmesg_grep()
@ -2571,25 +2585,25 @@ check_cpu()
# amd: 8000_0008 EBX[14]=1 # amd: 8000_0008 EBX[14]=1
if is_intel; then if is_intel; then
read_cpuid 0x7 0x0 $EDX 26 1 1; ret=$? read_cpuid 0x7 0x0 $EDX 26 1 1; ret=$?
if [ $ret -eq 0 ]; then if [ $ret = $READ_CPUID_RET_OK ]; then
pstatus green YES "SPEC_CTRL feature bit" pstatus green YES "SPEC_CTRL feature bit"
cpuid_spec_ctrl=1 cpuid_spec_ctrl=1
cpuid_ibrs='SPEC_CTRL' cpuid_ibrs='SPEC_CTRL'
fi fi
elif is_amd || is_hygon; then elif is_amd || is_hygon; then
read_cpuid 0x80000008 0x0 $EBX 14 1 1; ret=$? read_cpuid 0x80000008 0x0 $EBX 14 1 1; ret=$?
if [ $ret -eq 0 ]; then if [ $ret = $READ_CPUID_RET_OK ]; then
pstatus green YES "IBRS_SUPPORT feature bit" pstatus green YES "IBRS_SUPPORT feature bit"
cpuid_ibrs='IBRS_SUPPORT' cpuid_ibrs='IBRS_SUPPORT'
fi fi
else else
ret=-1 ret=invalid
pstatus yellow UNKNOWN "unknown CPU" pstatus yellow NO "unknown CPU"
fi fi
if [ $ret -eq 1 ]; then if [ $ret = $READ_CPUID_RET_KO ]; then
pstatus yellow NO pstatus yellow NO
elif [ $ret -eq 2 ]; then elif [ $ret = $READ_CPUID_RET_ERR ]; then
pstatus yellow UNKNOWN "is cpuid kernel module available?" pstatus yellow UNKNOWN "$read_cpuid_msg"
cpuid_spec_ctrl=-1 cpuid_spec_ctrl=-1
fi fi
@ -2597,19 +2611,23 @@ check_cpu()
_info_nol " * CPU indicates preferring IBRS always-on: " _info_nol " * CPU indicates preferring IBRS always-on: "
# amd or hygon # amd or hygon
read_cpuid 0x80000008 0x0 $EBX 16 1 1; ret=$? read_cpuid 0x80000008 0x0 $EBX 16 1 1; ret=$?
if [ $ret -eq 0 ]; then if [ $ret = $READ_CPUID_RET_OK ]; then
pstatus green YES pstatus green YES
else elif [ $ret = $READ_CPUID_RET_KO ]; then
pstatus yellow NO pstatus yellow NO
else
pstatus yellow UNKNOWN "$read_cpuid_msg"
fi fi
_info_nol " * CPU indicates preferring IBRS over retpoline: " _info_nol " * CPU indicates preferring IBRS over retpoline: "
# amd or hygon # amd or hygon
read_cpuid 0x80000008 0x0 $EBX 18 1 1; ret=$? read_cpuid 0x80000008 0x0 $EBX 18 1 1; ret=$?
if [ $ret -eq 0 ]; then if [ $ret = $READ_CPUID_RET_OK ]; then
pstatus green YES pstatus green YES
else elif [ $ret = $READ_CPUID_RET_KO ]; then
pstatus yellow NO pstatus yellow NO
else
pstatus yellow UNKNOWN "$read_cpuid_msg"
fi fi
fi fi
@ -2670,13 +2688,13 @@ check_cpu()
fi fi
elif is_amd || is_hygon; then elif is_amd || is_hygon; then
read_cpuid 0x80000008 0x0 $EBX 12 1 1; ret=$? read_cpuid 0x80000008 0x0 $EBX 12 1 1; ret=$?
if [ $ret -eq 0 ]; then if [ $ret = $READ_CPUID_RET_OK ]; then
cpuid_ibpb='IBPB_SUPPORT' cpuid_ibpb='IBPB_SUPPORT'
pstatus green YES "IBPB_SUPPORT feature bit" pstatus green YES "IBPB_SUPPORT feature bit"
elif [ $ret -eq 1 ]; then elif [ $ret = $READ_CPUID_RET_KO ]; then
pstatus yellow NO pstatus yellow NO
else else
pstatus yellow UNKNOWN "is cpuid kernel module available?" pstatus yellow UNKNOWN "$read_cpuid_msg"
fi fi
fi fi
@ -2696,40 +2714,42 @@ check_cpu()
# amd: 8000_0008 EBX[15]=1 # amd: 8000_0008 EBX[15]=1
if is_intel; then if is_intel; then
read_cpuid 0x7 0x0 $EDX 27 1 1; ret=$? read_cpuid 0x7 0x0 $EDX 27 1 1; ret=$?
if [ $ret -eq 0 ]; then if [ $ret = $READ_CPUID_RET_OK ]; then
pstatus green YES "Intel STIBP feature bit" pstatus green YES "Intel STIBP feature bit"
#cpuid_stibp='Intel STIBP' #cpuid_stibp='Intel STIBP'
fi fi
elif is_amd; then elif is_amd; then
read_cpuid 0x80000008 0x0 $EBX 15 1 1; ret=$? read_cpuid 0x80000008 0x0 $EBX 15 1 1; ret=$?
if [ $ret -eq 0 ]; then if [ $ret = $READ_CPUID_RET_OK ]; then
pstatus green YES "AMD STIBP feature bit" pstatus green YES "AMD STIBP feature bit"
#cpuid_stibp='AMD STIBP' #cpuid_stibp='AMD STIBP'
fi fi
elif is_hygon; then elif is_hygon; then
read_cpuid 0x80000008 0x0 $EBX 15 1 1; ret=$? read_cpuid 0x80000008 0x0 $EBX 15 1 1; ret=$?
if [ $ret -eq 0 ]; then if [ $ret = $READ_CPUID_RET_OK ]; then
pstatus green YES "HYGON STIBP feature bit" pstatus green YES "HYGON STIBP feature bit"
#cpuid_stibp='HYGON STIBP' #cpuid_stibp='HYGON STIBP'
fi fi
else else
ret=-1 ret=invalid
pstatus yellow UNKNOWN "unknown CPU" pstatus yellow UNKNOWN "unknown CPU"
fi fi
if [ $ret -eq 1 ]; then if [ $ret = $READ_CPUID_RET_KO ]; then
pstatus yellow NO pstatus yellow NO
elif [ $ret -eq 2 ]; then elif [ $ret = $READ_CPUID_RET_ERR ]; then
pstatus yellow UNKNOWN "is cpuid kernel module available?" pstatus yellow UNKNOWN "$read_cpuid_msg"
fi fi
if is_amd || is_hygon; then if is_amd || is_hygon; then
_info_nol " * CPU indicates preferring STIBP always-on: " _info_nol " * CPU indicates preferring STIBP always-on: "
read_cpuid 0x80000008 0x0 $EBX 17 1 1; ret=$? read_cpuid 0x80000008 0x0 $EBX 17 1 1; ret=$?
if [ $ret -eq 0 ]; then if [ $ret = $READ_CPUID_RET_OK ]; then
pstatus green YES pstatus green YES
else elif [ $ret = $READ_CPUID_RET_KO ]; then
pstatus yellow NO pstatus yellow NO
else
pstatus yellow UNKNOWN "$read_cpuid_msg"
fi fi
fi fi
@ -2738,7 +2758,7 @@ check_cpu()
_info " * Speculative Store Bypass Disable (SSBD)" _info " * Speculative Store Bypass Disable (SSBD)"
_info_nol " * CPU indicates SSBD capability: " _info_nol " * CPU indicates SSBD capability: "
read_cpuid 0x7 0x0 $EDX 31 1 1; ret24=$?; ret25=$ret24 read_cpuid 0x7 0x0 $EDX 31 1 1; ret24=$?; ret25=$ret24
if [ $ret24 -eq 0 ]; then if [ $ret24 = $READ_CPUID_RET_OK ]; then
cpuid_ssbd='Intel SSBD' cpuid_ssbd='Intel SSBD'
fi fi
elif is_amd; then elif is_amd; then
@ -2746,10 +2766,10 @@ check_cpu()
_info_nol " * CPU indicates SSBD capability: " _info_nol " * CPU indicates SSBD capability: "
read_cpuid 0x80000008 0x0 $EBX 24 1 1; ret24=$? read_cpuid 0x80000008 0x0 $EBX 24 1 1; ret24=$?
read_cpuid 0x80000008 0x0 $EBX 25 1 1; ret25=$? read_cpuid 0x80000008 0x0 $EBX 25 1 1; ret25=$?
if [ $ret24 -eq 0 ]; then if [ $ret24 = $READ_CPUID_RET_OK ]; then
cpuid_ssbd='AMD SSBD in SPEC_CTRL' cpuid_ssbd='AMD SSBD in SPEC_CTRL'
#cpuid_ssbd_spec_ctrl=1 #cpuid_ssbd_spec_ctrl=1
elif [ $ret25 -eq 0 ]; then elif [ $ret25 = $READ_CPUID_RET_OK ]; then
cpuid_ssbd='AMD SSBD in VIRT_SPEC_CTRL' cpuid_ssbd='AMD SSBD in VIRT_SPEC_CTRL'
#cpuid_ssbd_virt_spec_ctrl=1 #cpuid_ssbd_virt_spec_ctrl=1
elif [ "$cpu_family" -ge 21 ] && [ "$cpu_family" -le 23 ]; then elif [ "$cpu_family" -ge 21 ] && [ "$cpu_family" -le 23 ]; then
@ -2761,10 +2781,10 @@ check_cpu()
read_cpuid 0x80000008 0x0 $EBX 24 1 1; ret24=$? read_cpuid 0x80000008 0x0 $EBX 24 1 1; ret24=$?
read_cpuid 0x80000008 0x0 $EBX 25 1 1; ret25=$? read_cpuid 0x80000008 0x0 $EBX 25 1 1; ret25=$?
if [ $ret24 -eq 0 ]; then if [ $ret24 = $READ_CPUID_RET_OK ]; then
cpuid_ssbd='HYGON SSBD in SPEC_CTRL' cpuid_ssbd='HYGON SSBD in SPEC_CTRL'
#hygon cpuid_ssbd_spec_ctrl=1 #hygon cpuid_ssbd_spec_ctrl=1
elif [ $ret25 -eq 0 ]; then elif [ $ret25 = $READ_CPUID_RET_OK ]; then
cpuid_ssbd='HYGON SSBD in VIRT_SPEC_CTRL' cpuid_ssbd='HYGON SSBD in VIRT_SPEC_CTRL'
#hygon cpuid_ssbd_virt_spec_ctrl=1 #hygon cpuid_ssbd_virt_spec_ctrl=1
elif [ "$cpu_family" -ge 24 ]; then elif [ "$cpu_family" -ge 24 ]; then
@ -2774,8 +2794,8 @@ check_cpu()
if [ -n "$cpuid_ssbd" ]; then if [ -n "$cpuid_ssbd" ]; then
pstatus green YES "$cpuid_ssbd" pstatus green YES "$cpuid_ssbd"
elif [ "$ret24" = 2 ] && [ "$ret25" = 2 ]; then elif [ "$ret24" = $READ_CPUID_RET_ERR ] && [ "$ret25" = $READ_CPUID_RET_ERR ]; then
pstatus yellow UNKNOWN "is cpuid kernel module available?" pstatus yellow UNKNOWN "$read_cpuid_msg"
else else
pstatus yellow NO pstatus yellow NO
fi fi
@ -2783,13 +2803,13 @@ check_cpu()
if is_amd; then if is_amd; then
# similar to SSB_NO for intel # similar to SSB_NO for intel
read_cpuid 0x80000008 0x0 $EBX 26 1 1; ret=$? read_cpuid 0x80000008 0x0 $EBX 26 1 1; ret=$?
if [ $ret -eq 0 ]; then if [ $ret = $READ_CPUID_RET_OK ]; then
amd_ssb_no=1 amd_ssb_no=1
fi fi
elif is_hygon; then elif is_hygon; then
# indicate when speculative store bypass disable is no longer needed to prevent speculative loads bypassing older stores # indicate when speculative store bypass disable is no longer needed to prevent speculative loads bypassing older stores
read_cpuid 0x80000008 0x0 $EBX 26 1 1; ret=$? read_cpuid 0x80000008 0x0 $EBX 26 1 1; ret=$?
if [ $ret -eq 0 ]; then if [ $ret = $READ_CPUID_RET_OK ]; then
hygon_ssb_no=1 hygon_ssb_no=1
_debug "hygon_ssb_no=1" _debug "hygon_ssb_no=1"
fi fi
@ -2840,28 +2860,28 @@ check_cpu()
# CPUID of L1D # CPUID of L1D
_info_nol " * CPU indicates L1D flush capability: " _info_nol " * CPU indicates L1D flush capability: "
read_cpuid 0x7 0x0 $EDX 28 1 1; ret=$? read_cpuid 0x7 0x0 $EDX 28 1 1; ret=$?
if [ $ret -eq 0 ]; then if [ $ret = $READ_CPUID_RET_OK ]; then
pstatus green YES "L1D flush feature bit" pstatus green YES "L1D flush feature bit"
cpuid_l1df=1 cpuid_l1df=1
elif [ $ret -eq 1 ]; then elif [ $ret = $READ_CPUID_RET_KO ]; then
pstatus yellow NO pstatus yellow NO
elif [ $ret -eq 2 ]; then else
pstatus yellow UNKNOWN "is cpuid kernel module available?" pstatus yellow UNKNOWN "$read_cpuid_msg"
fi fi
if is_intel; then if is_intel; then
_info " * Microarchitectural Data Sampling" _info " * Microarchitectural Data Sampling"
_info_nol " * VERW instruction is available: " _info_nol " * VERW instruction is available: "
read_cpuid 0x7 0x0 $EDX 10 1 1; ret=$? read_cpuid 0x7 0x0 $EDX 10 1 1; ret=$?
if [ $ret -eq 0 ]; then if [ $ret = $READ_CPUID_RET_OK ]; then
cpuid_md_clear=1 cpuid_md_clear=1
pstatus green YES "MD_CLEAR feature bit" pstatus green YES "MD_CLEAR feature bit"
elif [ $ret -eq 2 ]; then elif [ $ret = $READ_CPUID_RET_KO ]; then
cpuid_md_clear=-1
pstatus yellow UNKNOWN "is cpuid kernel module available?"
else
cpuid_md_clear=0 cpuid_md_clear=0
pstatus yellow NO pstatus yellow NO
else
cpuid_md_clear=-1
pstatus yellow UNKNOWN "$read_cpuid_msg"
fi fi
fi fi
@ -2869,41 +2889,41 @@ check_cpu()
_info " * Indirect Branch Predictor Controls" _info " * Indirect Branch Predictor Controls"
_info_nol " * Indirect Predictor Disable feature is available: " _info_nol " * Indirect Predictor Disable feature is available: "
read_cpuid 0x7 0x2 $EDX 1 1 1; ret=$? read_cpuid 0x7 0x2 $EDX 1 1 1; ret=$?
if [ $ret -eq 0 ]; then if [ $ret = $READ_CPUID_RET_OK ]; then
cpuid_ipred_ctrl=1 cpuid_ipred_ctrl=1
pstatus green YES "IPRED_CTRL feature bit" pstatus green YES "IPRED_CTRL feature bit"
elif [ $ret -eq 2 ]; then elif [ $ret = $READ_CPUID_RET_KO ]; then
cpuid_ipred_ctrl=-1
pstatus yellow UNKNOWN "is cpuid kernel module available?"
else
cpuid_ipred_ctrl=0 cpuid_ipred_ctrl=0
pstatus yellow NO pstatus yellow NO
else
cpuid_ipred_ctrl=-1
pstatus yellow UNKNOWN "$read_cpuid_msg"
fi fi
_info_nol " * Bottomless RSB Disable feature is available: " _info_nol " * Bottomless RSB Disable feature is available: "
read_cpuid 0x7 0x2 $EDX 2 1 1; ret=$? read_cpuid 0x7 0x2 $EDX 2 1 1; ret=$?
if [ $ret -eq 0 ]; then if [ $ret = $READ_CPUID_RET_OK ]; then
cpuid_rrsba=1 cpuid_rrsba=1
pstatus green YES "RRSBA_CTRL feature bit" pstatus green YES "RRSBA_CTRL feature bit"
elif [ $ret -eq 2 ]; then elif [ $ret = $READ_CPUID_RET_KO ]; then
cpuid_rrsba=-1
pstatus yellow UNKNOWN "is cpuid kernel module available?"
else
cpuid_rrsba=0 cpuid_rrsba=0
pstatus yellow NO pstatus yellow NO
else
cpuid_rrsba=-1
pstatus yellow UNKNOWN "$read_cpuid_msg"
fi fi
_info_nol " * BHB-Focused Indirect Predictor Disable feature is available: " _info_nol " * BHB-Focused Indirect Predictor Disable feature is available: "
read_cpuid 0x7 0x2 $EDX 2 1 1; ret=$? read_cpuid 0x7 0x2 $EDX 2 1 1; ret=$?
if [ $ret -eq 0 ]; then if [ $ret = $READ_CPUID_RET_OK ]; then
cpuid_bhi=1 cpuid_bhi=1
pstatus green YES "BHI_CTRL feature bit" pstatus green YES "BHI_CTRL feature bit"
elif [ $ret -eq 2 ]; then elif [ $ret = $READ_CPUID_RET_KO ]; then
cpuid_bhi=-1
pstatus yellow UNKNOWN "is cpuid kernel module available?"
else
cpuid_bhi=0 cpuid_bhi=0
pstatus yellow NO pstatus yellow NO
else
cpuid_bhi=-1
pstatus yellow UNKNOWN "$read_cpuid_msg"
fi fi
fi fi
@ -2913,14 +2933,14 @@ check_cpu()
cpuid_arch_capabilities=-1 cpuid_arch_capabilities=-1
# A processor supports the ARCH_CAPABILITIES MSR if it enumerates CPUID (EAX=7H,ECX=0):EDX[29] as 1 # A processor supports the ARCH_CAPABILITIES MSR if it enumerates CPUID (EAX=7H,ECX=0):EDX[29] as 1
read_cpuid 0x7 0x0 $EDX 29 1 1; ret=$? read_cpuid 0x7 0x0 $EDX 29 1 1; ret=$?
if [ $ret -eq 0 ]; then if [ $ret = $READ_CPUID_RET_OK ]; then
pstatus green YES pstatus green YES
cpuid_arch_capabilities=1 cpuid_arch_capabilities=1
elif [ $ret -eq 2 ]; then elif [ $ret = $READ_CPUID_RET_KO ]; then
pstatus yellow UNKNOWN "is cpuid kernel module available?"
else
pstatus yellow NO pstatus yellow NO
cpuid_arch_capabilities=0 cpuid_arch_capabilities=0
else
pstatus yellow UNKNOWN "$read_cpuid_msg"
fi fi
_info_nol " * ARCH_CAPABILITIES MSR advertises IBRS_ALL capability: " _info_nol " * ARCH_CAPABILITIES MSR advertises IBRS_ALL capability: "
@ -3114,47 +3134,47 @@ check_cpu()
fi fi
_info_nol " * CPU supports Transactional Synchronization Extensions (TSX): " _info_nol " * CPU supports Transactional Synchronization Extensions (TSX): "
ret=1 ret=$READ_CPUID_RET_KO
cpuid_rtm=0 cpuid_rtm=0
if is_intel; then if is_intel; then
read_cpuid 0x7 0x0 $EBX 11 1 1; ret=$? read_cpuid 0x7 0x0 $EBX 11 1 1; ret=$?
fi fi
if [ $ret -eq 0 ]; then if [ $ret = $READ_CPUID_RET_OK ]; then
cpuid_rtm=1 cpuid_rtm=1
pstatus green YES "RTM feature bit" pstatus green YES "RTM feature bit"
elif [ $ret -eq 2 ]; then elif [ $ret = $READ_CPUID_RET_KO ]; then
cpuid_rtm=-1
pstatus yellow UNKNOWN "is cpuid kernel module available?"
else
pstatus yellow NO pstatus yellow NO
else
cpuid_rtm=-1
pstatus yellow UNKNOWN "$read_cpuid_msg"
fi fi
_info_nol " * CPU supports Software Guard Extensions (SGX): " _info_nol " * CPU supports Software Guard Extensions (SGX): "
ret=1 ret=$READ_CPUID_RET_KO
cpuid_sgx=0 cpuid_sgx=0
if is_intel; then if is_intel; then
read_cpuid 0x7 0x0 $EBX 2 1 1; ret=$? read_cpuid 0x7 0x0 $EBX 2 1 1; ret=$?
fi fi
if [ $ret -eq 0 ]; then if [ $ret = $READ_CPUID_RET_OK ]; then
pstatus blue YES pstatus blue YES
cpuid_sgx=1 cpuid_sgx=1
elif [ $ret -eq 2 ]; then elif [ $ret = $READ_CPUID_RET_KO ]; then
pstatus yellow UNKNOWN "is cpuid kernel module available?"
cpuid_sgx=-1
else
pstatus green NO pstatus green NO
else
cpuid_sgx=-1
pstatus yellow UNKNOWN "$read_cpuid_msg"
fi fi
_info_nol " * CPU supports Special Register Buffer Data Sampling (SRBDS): " _info_nol " * CPU supports Special Register Buffer Data Sampling (SRBDS): "
# A processor supports SRBDS if it enumerates CPUID (EAX=7H,ECX=0):EDX[9] as 1 # A processor supports SRBDS if it enumerates CPUID (EAX=7H,ECX=0):EDX[9] as 1
# That means the mitigation disabling SRBDS exists # That means the mitigation disabling SRBDS exists
ret=1 ret=$READ_CPUID_RET_KO
cpuid_srbds=0 cpuid_srbds=0
srbds_on=0 srbds_on=0
if is_intel; then if is_intel; then
read_cpuid 0x7 0x0 $EDX 9 1 1; ret=$? read_cpuid 0x7 0x0 $EDX 9 1 1; ret=$?
fi fi
if [ $ret -eq 0 ]; then if [ $ret = $READ_CPUID_RET_OK ]; then
pstatus blue YES pstatus blue YES
cpuid_srbds=1 cpuid_srbds=1
read_msr 0x123 0; ret=$? read_msr 0x123 0; ret=$?
@ -3169,11 +3189,11 @@ check_cpu()
else else
srbds_on=-1 srbds_on=-1
fi fi
elif [ $ret -eq 2 ]; then elif [ $ret = $READ_CPUID_RET_KO ]; then
pstatus yellow UNKNOWN "is cpuid kernel module available?"
cpuid_srbds=0
else
pstatus green NO pstatus green NO
else
pstatus yellow UNKNOWN "$read_cpuid_msg"
cpuid_srbds=0
fi fi
_info_nol " * CPU microcode is known to cause stability problems: " _info_nol " * CPU microcode is known to cause stability problems: "
@ -4153,14 +4173,18 @@ pti_performance_check()
cpu_pcid=1 cpu_pcid=1
else else
read_cpuid 0x1 0x0 $ECX 17 1 1; ret=$? read_cpuid 0x1 0x0 $ECX 17 1 1; ret=$?
[ $ret -eq 0 ] && cpu_pcid=1 if [ $ret = $READ_CPUID_RET_OK ]; then
cpu_pcid=1
fi
fi fi
if [ -e "$procfs/cpuinfo" ] && grep ^flags "$procfs/cpuinfo" | grep -qw invpcid; then if [ -e "$procfs/cpuinfo" ] && grep ^flags "$procfs/cpuinfo" | grep -qw invpcid; then
cpu_invpcid=1 cpu_invpcid=1
else else
read_cpuid 0x7 0x0 $EBX 10 1 1; ret=$? read_cpuid 0x7 0x0 $EBX 10 1 1; ret=$?
[ $ret -eq 0 ] && cpu_invpcid=1 if [ $ret = $READ_CPUID_RET_OK ]; then
cpu_invpcid=1
fi
fi fi
if [ "$cpu_invpcid" = 1 ]; then if [ "$cpu_invpcid" = 1 ]; then