mirror of
https://github.com/speed47/spectre-meltdown-checker
synced 2025-01-10 13:08:14 +01:00
enh: change colors and use red only to report vulnerability
This commit is contained in:
parent
c7892e3399
commit
7adb7661f3
@ -1249,7 +1249,7 @@ sys_interface_check()
|
|||||||
pstatus yellow NO "kernel confirms your system is vulnerable"
|
pstatus yellow NO "kernel confirms your system is vulnerable"
|
||||||
else
|
else
|
||||||
status=UNK
|
status=UNK
|
||||||
pstatus blue UNKNOWN "unknown value reported by kernel"
|
pstatus yellow UNKNOWN "unknown value reported by kernel"
|
||||||
fi
|
fi
|
||||||
msg=$(cat "$1")
|
msg=$(cat "$1")
|
||||||
_debug "sys_interface_check: $1=$msg"
|
_debug "sys_interface_check: $1=$msg"
|
||||||
@ -1278,8 +1278,12 @@ write_msr()
|
|||||||
else
|
else
|
||||||
# convert to decimal
|
# convert to decimal
|
||||||
_msrindex=$(( $1 ))
|
_msrindex=$(( $1 ))
|
||||||
|
if [ ! -w /dev/cpu/"$2"/msr ]; then
|
||||||
|
ret=200 # permission error
|
||||||
|
else
|
||||||
dd if=/dev/zero of=/dev/cpu/"$2"/msr bs=8 count=1 seek="$_msrindex" oflag=seek_bytes 2>/dev/null; ret=$?
|
dd if=/dev/zero of=/dev/cpu/"$2"/msr bs=8 count=1 seek="$_msrindex" oflag=seek_bytes 2>/dev/null; ret=$?
|
||||||
fi
|
fi
|
||||||
|
fi
|
||||||
_debug "write_msr: for cpu $2 on msr $1 ($_msrindex), ret=$ret"
|
_debug "write_msr: for cpu $2 on msr $1 ($_msrindex), ret=$ret"
|
||||||
return $ret
|
return $ret
|
||||||
}
|
}
|
||||||
@ -1301,6 +1305,9 @@ read_msr()
|
|||||||
else
|
else
|
||||||
# convert to decimal
|
# convert to decimal
|
||||||
_msrindex=$(( $1 ))
|
_msrindex=$(( $1 ))
|
||||||
|
if [ ! -r /dev/cpu/"$2"/msr ]; then
|
||||||
|
return 200 # permission error
|
||||||
|
fi
|
||||||
if ! dd if=/dev/cpu/"$2"/msr bs=8 count=1 skip="$_msrindex" iflag=skip_bytes 2>/dev/null; then
|
if ! dd if=/dev/cpu/"$2"/msr bs=8 count=1 skip="$_msrindex" iflag=skip_bytes 2>/dev/null; then
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
@ -1331,7 +1338,7 @@ check_cpu()
|
|||||||
fi
|
fi
|
||||||
if [ ! -e /dev/cpu/0/msr ] && [ ! -e /dev/cpuctl0 ]; then
|
if [ ! -e /dev/cpu/0/msr ] && [ ! -e /dev/cpuctl0 ]; then
|
||||||
spec_ctrl_msr=-1
|
spec_ctrl_msr=-1
|
||||||
pstatus blue UNKNOWN "is msr kernel module available?"
|
pstatus yellow UNKNOWN "is msr kernel module available?"
|
||||||
else
|
else
|
||||||
# the new MSR 'SPEC_CTRL' is at offset 0x48
|
# the new MSR 'SPEC_CTRL' is at offset 0x48
|
||||||
# here we use dd, it's the same as using 'rdmsr 0x48' but without needing the rdmsr tool
|
# here we use dd, it's the same as using 'rdmsr 0x48' but without needing the rdmsr tool
|
||||||
@ -1360,6 +1367,9 @@ check_cpu()
|
|||||||
spec_ctrl_msr=1
|
spec_ctrl_msr=1
|
||||||
pstatus green YES "But not in all CPUs"
|
pstatus green YES "But not in all CPUs"
|
||||||
fi
|
fi
|
||||||
|
elif [ $val -eq 200 ]; then
|
||||||
|
pstatus yellow UNKNOWN "is msr kernel module available?"
|
||||||
|
spec_ctrl_msr=-1
|
||||||
else
|
else
|
||||||
spec_ctrl_msr=0
|
spec_ctrl_msr=0
|
||||||
pstatus yellow NO
|
pstatus yellow NO
|
||||||
@ -1373,7 +1383,7 @@ check_cpu()
|
|||||||
pstatus green YES "SPEC_CTRL feature bit"
|
pstatus green YES "SPEC_CTRL feature bit"
|
||||||
cpuid_spec_ctrl=1
|
cpuid_spec_ctrl=1
|
||||||
elif [ $ret -eq 2 ]; then
|
elif [ $ret -eq 2 ]; then
|
||||||
pstatus blue UNKNOWN "is cpuid kernel module available?"
|
pstatus yellow UNKNOWN "is cpuid kernel module available?"
|
||||||
else
|
else
|
||||||
pstatus yellow NO
|
pstatus yellow NO
|
||||||
fi
|
fi
|
||||||
@ -1386,7 +1396,7 @@ check_cpu()
|
|||||||
_verbose_nol " * Kernel has set the spec_ctrl flag in cpuinfo: "
|
_verbose_nol " * Kernel has set the spec_ctrl flag in cpuinfo: "
|
||||||
if [ "$opt_live" = 1 ]; then
|
if [ "$opt_live" = 1 ]; then
|
||||||
if grep ^flags "$procfs/cpuinfo" | grep -qw spec_ctrl; then
|
if grep ^flags "$procfs/cpuinfo" | grep -qw spec_ctrl; then
|
||||||
pstatus green YES
|
pstatus blue YES
|
||||||
else
|
else
|
||||||
pstatus blue NO
|
pstatus blue NO
|
||||||
fi
|
fi
|
||||||
@ -1426,6 +1436,8 @@ check_cpu()
|
|||||||
else
|
else
|
||||||
pstatus green YES "But not in all CPUs"
|
pstatus green YES "But not in all CPUs"
|
||||||
fi
|
fi
|
||||||
|
elif [ $val -eq 200 ]; then
|
||||||
|
pstatus yellow UNKNOWN "is msr kernel module available?"
|
||||||
else
|
else
|
||||||
pstatus yellow NO
|
pstatus yellow NO
|
||||||
fi
|
fi
|
||||||
@ -1452,7 +1464,7 @@ check_cpu()
|
|||||||
elif [ "$spec_ctrl_msr" = 0 ]; then
|
elif [ "$spec_ctrl_msr" = 0 ]; then
|
||||||
pstatus yellow NO
|
pstatus yellow NO
|
||||||
else
|
else
|
||||||
pstatus yellow UNKNOWN "is cpuid kernel module available?"
|
pstatus yellow UNKNOWN "is msr kernel module available?"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
_info_nol " * CPU indicates STIBP capability: "
|
_info_nol " * CPU indicates STIBP capability: "
|
||||||
@ -1532,8 +1544,10 @@ check_cpu()
|
|||||||
else
|
else
|
||||||
pstatus yellow NO
|
pstatus yellow NO
|
||||||
fi
|
fi
|
||||||
|
elif [ $val -eq 200 ]; then
|
||||||
|
pstatus yellow UNKNOWN "is msr kernel module available?"
|
||||||
else
|
else
|
||||||
pstatus yellow UNKNOWN
|
pstatus yellow NO
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@ -1543,7 +1557,7 @@ check_cpu()
|
|||||||
elif [ "$capabilities_rdcl_no" = 1 ]; then
|
elif [ "$capabilities_rdcl_no" = 1 ]; then
|
||||||
pstatus green YES
|
pstatus green YES
|
||||||
else
|
else
|
||||||
pstatus blue NO
|
pstatus yellow NO
|
||||||
fi
|
fi
|
||||||
|
|
||||||
_info_nol " * CPU microcode is known to cause stability problems: "
|
_info_nol " * CPU microcode is known to cause stability problems: "
|
||||||
@ -1566,7 +1580,7 @@ check_cpu_vulnerabilities()
|
|||||||
for v in 1 2 3; do
|
for v in 1 2 3; do
|
||||||
_info_nol " * Vulnerable to Variant $v: "
|
_info_nol " * Vulnerable to Variant $v: "
|
||||||
if is_cpu_vulnerable $v; then
|
if is_cpu_vulnerable $v; then
|
||||||
pstatus red YES
|
pstatus yellow YES
|
||||||
else
|
else
|
||||||
pstatus green NO
|
pstatus green NO
|
||||||
fi
|
fi
|
||||||
@ -2241,7 +2255,7 @@ check_variant3_linux()
|
|||||||
# (unless we are a Dom0)
|
# (unless we are a Dom0)
|
||||||
_info_nol "* Running as a Xen PV DomU: "
|
_info_nol "* Running as a Xen PV DomU: "
|
||||||
if [ "$xen_pv_domu" = 1 ]; then
|
if [ "$xen_pv_domu" = 1 ]; then
|
||||||
pstatus red YES
|
pstatus yellow YES
|
||||||
else
|
else
|
||||||
pstatus blue NO
|
pstatus blue NO
|
||||||
fi
|
fi
|
||||||
|
Loading…
Reference in New Issue
Block a user