1
0
mirror of https://github.com/speed47/spectre-meltdown-checker synced 2025-01-03 18:15:57 +01:00

feat: implement detection for MCEPSC under BSD

This commit is contained in:
Stéphane Lesimple 2022-03-20 13:05:48 +01:00
parent 88a1381e96
commit eee3816757

View File

@ -5461,8 +5461,8 @@ check_CVE_2018_12207()
_info "\033[1;34m$cve aka '$(cve2name "$cve")'\033[0m" _info "\033[1;34m$cve aka '$(cve2name "$cve")'\033[0m"
if [ "$os" = Linux ]; then if [ "$os" = Linux ]; then
check_CVE_2018_12207_linux check_CVE_2018_12207_linux
#elif echo "$os" | grep -q BSD; then elif echo "$os" | grep -q BSD; then
# check_CVE_2018_12207_bsd check_CVE_2018_12207_bsd
else else
_warn "Unsupported OS ($os)" _warn "Unsupported OS ($os)"
fi fi
@ -5538,6 +5538,36 @@ check_CVE_2018_12207_linux()
fi fi
} }
check_CVE_2018_12207_bsd()
{
_info_nol "* Kernel supports disabling superpages for executable mappings under EPT: "
kernel_2m_x_ept=$(sysctl -n vm.pmap.allow_2m_x_ept 2>/dev/null)
if [ -z "$kernel_2m_x_ept" ]; then
pstatus yellow NO
else
pstatus green YES
fi
_info_nol "* Superpages are disabled for executable mappings under EPT: "
if [ "$kernel_2m_x_ept" = 0 ]; then
pstatus green YES
else
pstatus yellow NO
fi
if ! is_cpu_vulnerable "$cve"; then
# override status & msg in case CPU is not vulnerable after all
pvulnstatus $cve OK "your CPU vendor reported your CPU model as not vulnerable"
elif [ -z "$kernel_2m_x_ept" ]; then
pvulnstatus $cve VULN "Your kernel doesn't support mitigating this CVE, you should update it"
elif [ "$kernel_2m_x_ept" != 0 ]; then
pvulnstatus $cve VULN "Your kernel supports mitigating this CVE, but the mitigation is disabled"
explain "To enable the mitigation, use \`sysctl vm.pmap.allow_2m_x_ept=0\`"
else
pvulnstatus $cve OK "Your kernel has support for mitigation and the mitigation is enabled"
fi
}
################### ###################
# SRBDS SECTION # SRBDS SECTION