1
0
mirror of https://github.com/speed47/spectre-meltdown-checker synced 2024-12-31 16:45:45 +01:00

fix: fallback to UNKNOWN when we get -EACCES

For detection of IBRS_ALL and RDCL_NO, fallback to
UNKNOWN when we were unable to read the CPUID or MSR.
This commit is contained in:
Stéphane Lesimple 2018-01-26 14:16:34 +01:00
parent 7f0d80b305
commit 9f00ffa5af

View File

@ -963,6 +963,7 @@ check_cpu()
_info " * Enhanced IBRS (IBRS_ALL)" _info " * Enhanced IBRS (IBRS_ALL)"
_info_nol " * CPU indicates ARCH_CAPABILITIES MSR availability: " _info_nol " * CPU indicates ARCH_CAPABILITIES MSR availability: "
cpuid_arch_capabilities=-1
if [ ! -e /dev/cpu/0/cpuid ]; then if [ ! -e /dev/cpu/0/cpuid ]; then
pstatus yellow UNKNOWN "couldn't read /dev/cpu/0/cpuid, is cpuid support enabled in your kernel?" pstatus yellow UNKNOWN "couldn't read /dev/cpu/0/cpuid, is cpuid support enabled in your kernel?"
else else
@ -983,11 +984,16 @@ check_cpu()
cpuid_arch_capabilities=1 cpuid_arch_capabilities=1
else else
pstatus red NO pstatus red NO
cpuid_arch_capabilities=0
fi fi
fi fi
_info_nol " * ARCH_CAPABILITIES MSR advertises IBRS_ALL capability: " _info_nol " * ARCH_CAPABILITIES MSR advertises IBRS_ALL capability: "
if [ "$cpuid_arch_capabilities" != 1 ]; then capabilities_rdcl_no=-1
capabilities_ibrs_all=-1
if [ "$cpuid_arch_capabilities" = -1 ]; then
pstatus yellow UNKNOWN
elif [ "$cpuid_arch_capabilities" != 1 ]; then
pstatus red NO pstatus red NO
elif [ ! -e /dev/cpu/0/msr ]; then elif [ ! -e /dev/cpu/0/msr ]; then
spec_ctrl_msr=-1 spec_ctrl_msr=-1
@ -1000,6 +1006,7 @@ check_cpu()
if [ $? -eq 0 ]; then if [ $? -eq 0 ]; then
_debug "capabilities MSR lower byte is $capabilities (decimal)" _debug "capabilities MSR lower byte is $capabilities (decimal)"
capabilities_rdcl_no=0 capabilities_rdcl_no=0
capabilities_ibrs_all=0
[ $(( capabilities & 1 )) -eq 1 ] && capabilities_rdcl_no=1 [ $(( capabilities & 1 )) -eq 1 ] && capabilities_rdcl_no=1
[ $(( capabilities & 2 )) -eq 2 ] && capabilities_ibrs_all=1 [ $(( capabilities & 2 )) -eq 2 ] && capabilities_ibrs_all=1
_debug "capabilities says rdcl_no=$capabilities_rdcl_no ibrs_all=$capabilities_ibrs_all" _debug "capabilities says rdcl_no=$capabilities_rdcl_no ibrs_all=$capabilities_ibrs_all"
@ -1014,7 +1021,9 @@ check_cpu()
fi fi
_info_nol " * CPU explicitly indicates not being vulnerable to Meltdown (RDCL_NO): " _info_nol " * CPU explicitly indicates not being vulnerable to Meltdown (RDCL_NO): "
if [ "$capabilities_rdcl_no" = 1 ]; then if [ "$capabilities_rdcl_no" = -1 ]; then
pstatus yellow UNKNOWN
elif [ "$capabilities_rdcl_no" = 1 ]; then
pstatus green YES pstatus green YES
else else
pstatus blue NO pstatus blue NO