mirror of
https://github.com/speed47/spectre-meltdown-checker
synced 2024-11-06 22:23:41 +01:00
feat(variant2): better explanation when kernel supports IBRS but CPU does not
This commit is contained in:
parent
fef380d66f
commit
b4ac5fcbe3
@ -1223,7 +1223,7 @@ check_cpu()
|
|||||||
_warn "the mitigations for Spectre), or upgrade to a newer one if available."
|
_warn "the mitigations for Spectre), or upgrade to a newer one if available."
|
||||||
_warn
|
_warn
|
||||||
else
|
else
|
||||||
pstatus green NO "$ucode_found"
|
pstatus blue NO "$ucode_found"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
_info "* CPU vulnerability to the three speculative execution attacks variants"
|
_info "* CPU vulnerability to the three speculative execution attacks variants"
|
||||||
@ -1648,6 +1648,8 @@ check_variant2()
|
|||||||
pvulnstatus $cve OK "IBRS is mitigating the vulnerability"
|
pvulnstatus $cve OK "IBRS is mitigating the vulnerability"
|
||||||
elif [ "$ibpb_enabled" = 2 ]; then
|
elif [ "$ibpb_enabled" = 2 ]; then
|
||||||
pvulnstatus $cve OK "Full IBPB is mitigating the vulnerability"
|
pvulnstatus $cve OK "Full IBPB is mitigating the vulnerability"
|
||||||
|
elif [ "$ibrs_supported" = 1 ] && [ "$cpuid_spec_ctrl" != 1 ]; then
|
||||||
|
pvulnstatus $cve VULN "Your kernel is compiled with IBRS but your CPU microcode is lacking support to successfully mitigate the vulnerability"
|
||||||
else
|
else
|
||||||
pvulnstatus $cve VULN "IBRS hardware + kernel support OR kernel with retpoline are needed to mitigate the vulnerability"
|
pvulnstatus $cve VULN "IBRS hardware + kernel support OR kernel with retpoline are needed to mitigate the vulnerability"
|
||||||
fi
|
fi
|
||||||
|
Loading…
Reference in New Issue
Block a user