mirror of
https://github.com/speed47/spectre-meltdown-checker
synced 2025-01-05 10:59:07 +01:00
fix(opcodes): fix regression introduced in previous commit
We were saying unknown instead of vulnerable when the count of lfence opcodes was low This was not impacting batch mode or the final decision, just the human-readable output of the script.
This commit is contained in:
parent
62f8ed6f61
commit
bc4e39038a
@ -611,7 +611,7 @@ check_variant1()
|
|||||||
if [ "$nb_lfence" -lt 70 ]; then
|
if [ "$nb_lfence" -lt 70 ]; then
|
||||||
msg="only $nb_lfence opcodes found, should be >= 70, heuristic to be improved when official patches become available"
|
msg="only $nb_lfence opcodes found, should be >= 70, heuristic to be improved when official patches become available"
|
||||||
status=VULN
|
status=VULN
|
||||||
pstatus yellow UNKNOWN
|
pstatus red NO
|
||||||
else
|
else
|
||||||
msg="$nb_lfence opcodes found, which is >= 70, heuristic to be improved when official patches become available"
|
msg="$nb_lfence opcodes found, which is >= 70, heuristic to be improved when official patches become available"
|
||||||
status=OK
|
status=OK
|
||||||
@ -857,6 +857,9 @@ check_variant3()
|
|||||||
mount_debugfs
|
mount_debugfs
|
||||||
_info_nol "* PTI enabled and active: "
|
_info_nol "* PTI enabled and active: "
|
||||||
if [ "$opt_live" = 1 ]; then
|
if [ "$opt_live" = 1 ]; then
|
||||||
|
dmesg_grep="Kernel/User page tables isolation: enabled"
|
||||||
|
dmesg_grep="$dmesg_grep|Kernel page table isolation enabled"
|
||||||
|
dmesg_grep="$dmesg_grep|x86/pti: Unmapping kernel while in userspace"
|
||||||
if grep ^flags /proc/cpuinfo | grep -qw pti; then
|
if grep ^flags /proc/cpuinfo | grep -qw pti; then
|
||||||
# vanilla PTI patch sets the 'pti' flag in cpuinfo
|
# vanilla PTI patch sets the 'pti' flag in cpuinfo
|
||||||
kpti_enabled=1
|
kpti_enabled=1
|
||||||
@ -866,10 +869,10 @@ check_variant3()
|
|||||||
elif [ -e /sys/kernel/debug/x86/pti_enabled ]; then
|
elif [ -e /sys/kernel/debug/x86/pti_enabled ]; then
|
||||||
# RedHat Backport creates a dedicated file, see https://access.redhat.com/articles/3311301
|
# RedHat Backport creates a dedicated file, see https://access.redhat.com/articles/3311301
|
||||||
kpti_enabled=$(cat /sys/kernel/debug/x86/pti_enabled 2>/dev/null)
|
kpti_enabled=$(cat /sys/kernel/debug/x86/pti_enabled 2>/dev/null)
|
||||||
elif dmesg | grep -Eq 'Kernel/User page tables isolation: enabled|Kernel page table isolation enabled'; then
|
elif dmesg | grep -Eq "$dmesg_grep"; then
|
||||||
# if we can't find the flag, grep dmesg output
|
# if we can't find the flag, grep dmesg output
|
||||||
kpti_enabled=1
|
kpti_enabled=1
|
||||||
elif [ -r /var/log/dmesg ] && grep -Eq 'Kernel/User page tables isolation: enabled|Kernel page table isolation enabled' /var/log/dmesg; then
|
elif [ -r /var/log/dmesg ] && grep -Eq "$dmesg_grep" /var/log/dmesg; then
|
||||||
# if we can't find the flag in dmesg output, grep in /var/log/dmesg when readable
|
# if we can't find the flag in dmesg output, grep in /var/log/dmesg when readable
|
||||||
kpti_enabled=1
|
kpti_enabled=1
|
||||||
else
|
else
|
||||||
|
Loading…
Reference in New Issue
Block a user