mirror of
https://github.com/speed47/spectre-meltdown-checker
synced 2024-12-22 12:23:36 +01:00
feat(mock): add mocking functionality to help reproducing issues under specific CPUs
This commit is contained in:
parent
77b34d48c6
commit
afbb26277f
@ -1211,6 +1211,12 @@ read_cpuid()
|
||||
fi
|
||||
|
||||
_debug "cpuid: leaf$_leaf on cpu0, eax-ebx-ecx-edx: $_cpuid"
|
||||
_mockvarname="SMC_MOCK_CPUID_${_leaf}"
|
||||
if [ -n "$(eval echo \$$_mockvarname)" ]; then
|
||||
_cpuid="$(eval echo \$$_mockvarname)"
|
||||
_debug "read_cpuid: MOCKING enabled for leaf $_leaf, will return $_cpuid"
|
||||
mocked=1
|
||||
fi
|
||||
[ -z "$_cpuid" ] && return 2
|
||||
# get the value of the register we want
|
||||
_reg=$(echo "$_cpuid" | awk '{print $'"$_register"'}')
|
||||
@ -1294,6 +1300,32 @@ parse_cpu_details()
|
||||
cpu_friendly_name=$(sysctl -n hw.model)
|
||||
fi
|
||||
|
||||
if [ -n "$SMC_MOCK_CPU_FRIENDLY_NAME" ]; then
|
||||
cpu_friendly_name="$SMC_MOCK_CPU_FRIENDLY_NAME"
|
||||
_debug "parse_cpu_details: MOCKING cpu friendly name to $cpu_friendly_name"
|
||||
mocked=1
|
||||
fi
|
||||
if [ -n "$SMC_MOCK_CPU_VENDOR" ]; then
|
||||
cpu_vendor="$SMC_MOCK_CPU_VENDOR"
|
||||
_debug "parse_cpu_details: MOCKING cpu vendor to $cpu_vendor"
|
||||
mocked=1
|
||||
fi
|
||||
if [ -n "$SMC_MOCK_CPU_FAMILY" ]; then
|
||||
cpu_family="$SMC_MOCK_CPU_FAMILY"
|
||||
_debug "parse_cpu_details: MOCKING cpu family to $cpu_family"
|
||||
mocked=1
|
||||
fi
|
||||
if [ -n "$SMC_MOCK_CPU_MODEL" ]; then
|
||||
cpu_model="$SMC_MOCK_CPU_MODEL"
|
||||
_debug "parse_cpu_details: MOCKING cpu model to $cpu_model"
|
||||
mocked=1
|
||||
fi
|
||||
if [ -n "$SMC_MOCK_CPU_STEPPING" ]; then
|
||||
cpu_stepping="$SMC_MOCK_CPU_STEPPING"
|
||||
_debug "parse_cpu_details: MOCKING cpu stepping to $cpu_stepping"
|
||||
mocked=1
|
||||
fi
|
||||
|
||||
# get raw cpuid, it's always useful (referenced in the Intel doc for firmware updates for example)
|
||||
if read_cpuid 0x1 $EAX 0 0xFFFFFFFF; then
|
||||
cpu_cpuid="$read_cpuid_value"
|
||||
@ -1321,6 +1353,12 @@ parse_cpu_details()
|
||||
# if we got no cpu_ucode (e.g. we're in a vm), fall back to 0x0
|
||||
[ -z "$cpu_ucode" ] && cpu_ucode=0x0
|
||||
|
||||
if [ -n "$SMC_MOCK_CPU_UCODE" ]; then
|
||||
cpu_ucode="$SMC_MOCK_CPU_UCODE"
|
||||
_debug "parse_cpu_details: MOCKING cpu ucode to $cpu_ucode"
|
||||
mocked=1
|
||||
fi
|
||||
|
||||
echo "$cpu_ucode" | grep -q ^0x && cpu_ucode=$(( cpu_ucode ))
|
||||
ucode_found=$(printf "model 0x%x family 0x%x stepping 0x%x ucode 0x%x cpuid 0x%x" "$cpu_model" "$cpu_family" "$cpu_stepping" "$cpu_ucode" "$cpu_cpuid")
|
||||
|
||||
@ -1874,8 +1912,17 @@ sys_interface_check()
|
||||
mode="$3"
|
||||
[ "$opt_live" = 1 ] && [ "$opt_no_sysfs" = 0 ] && [ -r "$file" ] || return 1
|
||||
[ -n "$regex" ] || regex='.*'
|
||||
fullmsg=$(cat "$file")
|
||||
msg=$(grep -Eo "$regex" "$file")
|
||||
_mockvarname="SMC_MOCK_SYSFS_$(basename "$file")"
|
||||
# shellcheck disable=SC2086
|
||||
if [ -n "$(eval echo \$$_mockvarname)" ]; then
|
||||
fullmsg="$(eval echo \$$_mockvarname)"
|
||||
msg=$(echo "$fullmsg" | grep -Eo "$regex")
|
||||
_debug "sysfs: MOCKING enabled for $file, will return $fullmsg"
|
||||
mocked=1
|
||||
else
|
||||
fullmsg=$(cat "$file")
|
||||
msg=$(grep -Eo "$regex" "$file")
|
||||
fi
|
||||
if [ "$mode" = silent ]; then
|
||||
_info "* Information from the /sys interface: $msg"
|
||||
return 0
|
||||
@ -1961,7 +2008,13 @@ read_msr()
|
||||
# cpu index, starting from 0:
|
||||
_cpu="$2"
|
||||
read_msr_value=''
|
||||
if [ "$os" != Linux ]; then
|
||||
_mockvarname="SMC_MOCK_MSR_${_msr}"
|
||||
# shellcheck disable=SC2086
|
||||
if [ -n "$(eval echo \$$_mockvarname)" ]; then
|
||||
read_msr_value="$(eval echo \$$_mockvarname)"
|
||||
_debug "read_msr: MOCKING enabled for msr $_msr, returning $read_msr_value"
|
||||
mocked=1
|
||||
elif [ "$os" != Linux ]; then
|
||||
_msr=$(cpucontrol -m "$_msr" "/dev/cpuctl$_cpu" 2>/dev/null); ret=$?
|
||||
[ $ret -ne 0 ] && return 1
|
||||
# MSR 0x10: 0x000003e1 0xb106dded
|
||||
@ -4422,6 +4475,12 @@ fi
|
||||
|
||||
_info "A false sense of security is worse than no security at all, see --disclaimer"
|
||||
|
||||
if [ "$mocked" = 1 ]; then
|
||||
_info ""
|
||||
_warn "One or several values have been mocked. This should only be done when debugging/testing this script."
|
||||
_warn "The results do NOT reflect the actual status of the system we're running on."
|
||||
fi
|
||||
|
||||
if [ "$opt_batch" = 1 ] && [ "$opt_batch_format" = "nrpe" ]; then
|
||||
if [ -n "$nrpe_vuln" ]; then
|
||||
echo "Vulnerable:$nrpe_vuln"
|
||||
|
Loading…
Reference in New Issue
Block a user