1
0
mirror of https://github.com/speed47/spectre-meltdown-checker synced 2024-12-22 04:13:38 +01:00

feat: implement detection for MCEPSC under BSD

This commit is contained in:
Stéphane Lesimple 2022-03-20 13:05:48 +01:00
parent 4e7c52767d
commit b7c8c4115a

View File

@ -5464,8 +5464,8 @@ check_CVE_2018_12207()
_info "\033[1;34m$cve aka '$(cve2name "$cve")'\033[0m"
if [ "$os" = Linux ]; then
check_CVE_2018_12207_linux
#elif echo "$os" | grep -q BSD; then
# check_CVE_2018_12207_bsd
elif echo "$os" | grep -q BSD; then
check_CVE_2018_12207_bsd
else
_warn "Unsupported OS ($os)"
fi
@ -5541,6 +5541,36 @@ check_CVE_2018_12207_linux()
fi
}
check_CVE_2018_12207_bsd()
{
_info_nol "* Kernel supports disabling superpages for executable mappings under EPT: "
kernel_2m_x_ept=$(sysctl -n vm.pmap.allow_2m_x_ept 2>/dev/null)
if [ -z "$kernel_2m_x_ept" ]; then
pstatus yellow NO
else
pstatus green YES
fi
_info_nol "* Superpages are disabled for executable mappings under EPT: "
if [ "$kernel_2m_x_ept" = 0 ]; then
pstatus green YES
else
pstatus yellow NO
fi
if ! is_cpu_vulnerable "$cve"; then
# override status & msg in case CPU is not vulnerable after all
pvulnstatus $cve OK "your CPU vendor reported your CPU model as not vulnerable"
elif [ -z "$kernel_2m_x_ept" ]; then
pvulnstatus $cve VULN "Your kernel doesn't support mitigating this CVE, you should update it"
elif [ "$kernel_2m_x_ept" != 0 ]; then
pvulnstatus $cve VULN "Your kernel supports mitigating this CVE, but the mitigation is disabled"
explain "To enable the mitigation, use \`sysctl vm.pmap.allow_2m_x_ept=0\`"
else
pvulnstatus $cve OK "Your kernel has support for mitigation and the mitigation is enabled"
fi
}
###################
# SRBDS SECTION