mirror of
https://github.com/speed47/spectre-meltdown-checker
synced 2024-12-22 12:23:36 +01:00
feat(inception): Zen1/2 IBPB and SMT checks
This commit is contained in:
parent
dc6921a1ac
commit
fb6933dc64
@ -6335,10 +6335,29 @@ check_CVE_2023_20569_linux() {
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
if [ -n "$kernel_sro" ]; then
|
if [ -n "$kernel_sro" ]; then
|
||||||
|
|
||||||
# TODO check mitigation
|
# TODO check mitigation
|
||||||
:
|
:
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# Zen & Zen2 : if the right IBPB microcode applied + SMT off --> not vuln
|
||||||
|
if [ "$cpu_family" = $(( 0x17 )) ]; then
|
||||||
|
_info_nol "* IBPB support: "
|
||||||
|
if [ -n "$cpuid_ibpb" ]; then
|
||||||
|
pstatus green YES "$cpuid_ibpb"
|
||||||
|
else
|
||||||
|
pstatus red NO
|
||||||
|
fi
|
||||||
|
|
||||||
|
_info_nol "* SMT is enabled: "
|
||||||
|
is_cpu_smt_enabled; smt_enabled=$?
|
||||||
|
if [ "$smt_enabled" = 0 ]; then
|
||||||
|
pstatus red YES
|
||||||
|
else
|
||||||
|
pstatus green NO
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
elif [ "$sys_interface_available" = 0 ]; then
|
elif [ "$sys_interface_available" = 0 ]; then
|
||||||
# we have no sysfs but were asked to use it only!
|
# we have no sysfs but were asked to use it only!
|
||||||
msg="/sys vulnerability interface use forced, but it's not available!"
|
msg="/sys vulnerability interface use forced, but it's not available!"
|
||||||
@ -6348,6 +6367,9 @@ check_CVE_2023_20569_linux() {
|
|||||||
if ! is_cpu_affected "$cve" ; then
|
if ! is_cpu_affected "$cve" ; then
|
||||||
# override status & msg in case CPU is not vulnerable after all
|
# override status & msg in case CPU is not vulnerable after all
|
||||||
pvulnstatus "$cve" OK "your CPU vendor reported your CPU model as not affected"
|
pvulnstatus "$cve" OK "your CPU vendor reported your CPU model as not affected"
|
||||||
|
elif [ "$cpu_family" = $(( 0x17 )) ] && [ "$smt_enabled" = 1 ] && [ -n "$cpuid_ibpb" ]; then
|
||||||
|
pvulnstatus "$cve" OK "IBPB supported and SMT is off"
|
||||||
|
explain "Zen1/2 with SMT off aren't vulnerable after the right IBPB microcode has been applied. (https://github.com/torvalds/linux/commit/138bcddb86d8a4f842e4ed6f0585abc9b1a764ff#diff-17bd24a7a7850613cced545790ac30646097e8d6207348c2bd1845f397acb390R2272)"
|
||||||
elif [ -z "$msg" ]; then
|
elif [ -z "$msg" ]; then
|
||||||
# if msg is empty, sysfs check didn't fill it, rely on our own test
|
# if msg is empty, sysfs check didn't fill it, rely on our own test
|
||||||
# TODO
|
# TODO
|
||||||
|
Loading…
Reference in New Issue
Block a user