mirror of
https://github.com/speed47/spectre-meltdown-checker
synced 2025-01-03 10:05:44 +01:00
On a (pre-SkyLake) system, where /sys/.../vulnerabilities/spectre_v2 is "Mitigation: Full generic retpoline, IBPB: conditional, IBRS_FW, RSB filling" the tool, incorrectly, reports, a couple of lines above: * IBRS enabled and active: YES (for kernel and firmware code) Use '\<IBRS\>', as suggested by @jirislaby, in upstream issue #275 (https://github.com/speed47/spectre-meltdown-checker/issues/275) when checking whether IBRS is enabled/active for the kernel. With that, the output becomes: * IBRS enabled and active: YES (for firmware code only) which is actually the case. I double checked that, if the same kernel is used on a post-SkyLake hardware, which on openSUSE uses IBRS as, even with this change, the tool (this time correctly) reports: * IBRS enabled and active: YES (for kernel and firmware code)
This commit is contained in:
parent
23e7db044e
commit
c4bae6ee6a
@ -2696,7 +2696,7 @@ check_CVE_2017_5715_linux()
|
|||||||
ibrs_fw_enabled=1
|
ibrs_fw_enabled=1
|
||||||
fi
|
fi
|
||||||
# when IBRS is enabled on 4.15+, we can see it in sysfs
|
# when IBRS is enabled on 4.15+, we can see it in sysfs
|
||||||
if grep -q -e 'IBRS' -e 'Indirect Branch Restricted Speculation' "/sys/devices/system/cpu/vulnerabilities/spectre_v2"; then
|
if grep -q -e '\<IBRS\>' -e 'Indirect Branch Restricted Speculation' "/sys/devices/system/cpu/vulnerabilities/spectre_v2"; then
|
||||||
_debug "ibrs: found IBRS in sysfs"
|
_debug "ibrs: found IBRS in sysfs"
|
||||||
[ -z "$ibrs_supported" ] && ibrs_supported='found IBRS in sysfs'
|
[ -z "$ibrs_supported" ] && ibrs_supported='found IBRS in sysfs'
|
||||||
[ -z "$ibrs_enabled" ] && ibrs_enabled=3
|
[ -z "$ibrs_enabled" ] && ibrs_enabled=3
|
||||||
|
Loading…
Reference in New Issue
Block a user