mirror of
https://github.com/speed47/spectre-meltdown-checker
synced 2024-11-07 06:33:38 +01:00
feat: rephrase IBPB warning when only retpoline is enabled in non-paranoid mode
This commit is contained in:
parent
68e619b0d3
commit
97bccaa0d7
@ -2329,7 +2329,11 @@ check_variant2_linux()
|
|||||||
pvulnstatus $cve OK "Full retpoline + IBPB are mitigating the vulnerability"
|
pvulnstatus $cve OK "Full retpoline + IBPB are mitigating the vulnerability"
|
||||||
elif [ "$retpoline" = 1 ] && [ "$retpoline_compiler" = 1 ] && [ "$retp_enabled" != 0 ] && [ "$opt_paranoid" = 0 ] && ( ! is_skylake_cpu || [ -n "$rsb_filling" ] ); then
|
elif [ "$retpoline" = 1 ] && [ "$retpoline_compiler" = 1 ] && [ "$retp_enabled" != 0 ] && [ "$opt_paranoid" = 0 ] && ( ! is_skylake_cpu || [ -n "$rsb_filling" ] ); then
|
||||||
pvulnstatus $cve OK "Full retpoline is mitigating the vulnerability"
|
pvulnstatus $cve OK "Full retpoline is mitigating the vulnerability"
|
||||||
_warn "You might want to enable IBPB to complete retpoline as a Variant 2 mitigation"
|
if [ -n "$cpuid_ibpb" ]; then
|
||||||
|
_warn "You should enable IBPB to complete retpoline as a Variant 2 mitigation"
|
||||||
|
else
|
||||||
|
_warn "IBPB is considered as a good addition to retpoline for Variant 2 mitigation, but your CPU microcode doesn't support it"
|
||||||
|
fi
|
||||||
elif [ -n "$ibrs_enabled" ] && [ -n "$ibpb_enabled" ] && [ "$ibrs_enabled" -ge 1 ] && [ "$ibpb_enabled" -ge 1 ]; then
|
elif [ -n "$ibrs_enabled" ] && [ -n "$ibpb_enabled" ] && [ "$ibrs_enabled" -ge 1 ] && [ "$ibpb_enabled" -ge 1 ]; then
|
||||||
pvulnstatus $cve OK "IBRS + IBPB are mitigating the vulnerability"
|
pvulnstatus $cve OK "IBRS + IBPB are mitigating the vulnerability"
|
||||||
elif [ "$ibpb_enabled" = 2 ] && ! is_cpu_smt_enabled; then
|
elif [ "$ibpb_enabled" = 2 ] && ! is_cpu_smt_enabled; then
|
||||||
|
Loading…
Reference in New Issue
Block a user