arm64: variant 4: detect ssbd mitigation from kernel img, system.map or kconfig

fix: variant4: added case where prctl ssbd status is tagged as 'unknown'
fix: extract_kernel: don't overwrite kernel_err if already set
2024-12-22 04:13:38 +01:00 · 2021-04-02 15:38:31 +02:00 · 2021-04-02 15:38:31 +02:00 · 2021-04-02 15:33:02 +02:00
1 changed files with 30 additions and 5 deletions
--- a/spectre-meltdown-checker.sh
+++ b/spectre-meltdown-checker.sh
@ -1396,7 +1396,10 @@ extract_kernel()
 			try_decompress '(\265/\375'       xxy   unzstd  ''      zstd        "$1" "$mode" "$pass" && return 0
 		done
 	done
-	kernel_err="kernel compression format is unknown or image is invalid"
+	# kernel_err might already have been populated by try_decompress() if we're missing one of the tools
+	if [ -z "$kernel_err" ]; then
+		kernel_err="kernel compression format is unknown or image is invalid"
+	fi
 	_verbose "Couldn't extract the kernel image ($kernel_err), accuracy might be reduced"
 	return 1
 }
@ -4412,14 +4415,31 @@ check_CVE_2018_3639_linux()
 				_debug "found Speculation.Store.Bypass: in $procfs/self/status"
 			fi
 		fi
-		if [ -z "$kernel_ssb" ] && [ -n "$kernel" ]; then
+		# arm64 kernels can have cpu_show_spec_store_bypass with ARM64_SSBD, so exclude them
+		if [ -z "$kernel_ssb" ] && [ -n "$kernel" ] && ! grep -q 'arm64_sys_' "$kernel"; then
 			kernel_ssb=$("${opt_arch_prefix}strings" "$kernel" | grep spec_store_bypass | head -n1);
-			[ -n "$kernel_ssb" ] && _debug "found $kernel_ssb in kernel"
+			[ -n "$kernel_ssb" ] && kernel_ssb="found $kernel_ssb in kernel"
 		fi
+		# arm64 kernels can have cpu_show_spec_store_bypass with ARM64_SSBD, so exclude them
+		if [ -z "$kernel_ssb" ] && [ -n "$opt_map" ] && ! grep -q 'arm64_sys_' "$opt_map"; then
+			kernel_ssb=$(grep spec_store_bypass "$opt_map" | awk '{print $3}' | head -n1)
+			[ -n "$kernel_ssb" ] && kernel_ssb="found $kernel_ssb in System.map"
+		fi
+		# arm64 only:
 		if [ -z "$kernel_ssb" ] && [ -n "$opt_map" ]; then
-			kernel_ssb=$(grep spec_store_bypass "$opt_map" | head -n1)
-			[ -n "$kernel_ssb" ] && _debug "found $kernel_ssb in System.map"
+			kernel_ssb=$(grep -w cpu_enable_ssbs "$opt_map" | awk '{print $3}' | head -n1)
+			[ -n "$kernel_ssb" ] && kernel_ssb="found $kernel_ssb in System.map"
 		fi
+		if [ -z "$kernel_ssb" ] && [ -n "$opt_config" ]; then
+			kernel_ssb=$(grep -w 'CONFIG_ARM64_SSBD=y' "$opt_config")
+			[ -n "$kernel_ssb" ] && kernel_ssb="CONFIG_ARM64_SSBD enabled in kconfig"
+		fi
+		if [ -z "$kernel_ssb" ] && [ -n "$kernel" ]; then
+			# this string only appears in kernel if CONFIG_ARM64_SSBD is set
+			kernel_ssb=$(grep -w "Speculative Store Bypassing Safe (SSBS)" "$kernel")
+			[ -n "$kernel_ssb" ] && kernel_ssb="found 'Speculative Store Bypassing Safe (SSBS)' in kernel"
+		fi
+		# /arm64 only

 		if [ -n "$kernel_ssb" ]; then
 			pstatus green YES "$kernel_ssb"
@ -4443,6 +4463,11 @@ check_CVE_2018_3639_linux()
 			elif grep -Eq 'Speculation.?Store.?Bypass:[[:space:]]+not vulnerable' "$procfs/self/status" 2>/dev/null; then
 				kernel_ssbd_enabled=-2
 				pstatus blue NO "not vulnerable"
+			elif grep -Eq 'Speculation.?Store.?Bypass:[[:space:]]+unknown' "$procfs/self/status" 2>/dev/null; then
+				kernel_ssbd_enabled=0
+				pstatus blue NO
+			else
+				pstatus blue UNKNOWN "unknown value: $(grep -E 'Speculation.?Store.?Bypass:' "$procfs/self/status" 2>/dev/null | cut -d: -f2-)"
 			fi

 			if [ "$kernel_ssbd_enabled" = 1 ]; then
Author	SHA1	Message	Date
Stéphane Lesimple	3a486e9985	arm64: variant 4: detect ssbd mitigation from kernel img, system.map or kconfig	2021-04-02 15:38:31 +02:00
Stéphane Lesimple	23564cda5d	fix: variant4: added case where prctl ssbd status is tagged as 'unknown'	2021-04-02 15:38:31 +02:00
Stéphane Lesimple	0ea21d09bd	fix: extract_kernel: don't overwrite kernel_err if already set Fixes #395	2021-04-02 15:33:02 +02:00