mirror of
https://github.com/speed47/spectre-meltdown-checker
synced 2024-12-22 20:33:56 +01:00
Compare commits
3 Commits
08e30e156d
...
3a486e9985
Author | SHA1 | Date | |
---|---|---|---|
|
3a486e9985 | ||
|
23564cda5d | ||
|
0ea21d09bd |
@ -1396,7 +1396,10 @@ extract_kernel()
|
|||||||
try_decompress '(\265/\375' xxy unzstd '' zstd "$1" "$mode" "$pass" && return 0
|
try_decompress '(\265/\375' xxy unzstd '' zstd "$1" "$mode" "$pass" && return 0
|
||||||
done
|
done
|
||||||
done
|
done
|
||||||
kernel_err="kernel compression format is unknown or image is invalid"
|
# kernel_err might already have been populated by try_decompress() if we're missing one of the tools
|
||||||
|
if [ -z "$kernel_err" ]; then
|
||||||
|
kernel_err="kernel compression format is unknown or image is invalid"
|
||||||
|
fi
|
||||||
_verbose "Couldn't extract the kernel image ($kernel_err), accuracy might be reduced"
|
_verbose "Couldn't extract the kernel image ($kernel_err), accuracy might be reduced"
|
||||||
return 1
|
return 1
|
||||||
}
|
}
|
||||||
@ -4412,14 +4415,31 @@ check_CVE_2018_3639_linux()
|
|||||||
_debug "found Speculation.Store.Bypass: in $procfs/self/status"
|
_debug "found Speculation.Store.Bypass: in $procfs/self/status"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
if [ -z "$kernel_ssb" ] && [ -n "$kernel" ]; then
|
# arm64 kernels can have cpu_show_spec_store_bypass with ARM64_SSBD, so exclude them
|
||||||
|
if [ -z "$kernel_ssb" ] && [ -n "$kernel" ] && ! grep -q 'arm64_sys_' "$kernel"; then
|
||||||
kernel_ssb=$("${opt_arch_prefix}strings" "$kernel" | grep spec_store_bypass | head -n1);
|
kernel_ssb=$("${opt_arch_prefix}strings" "$kernel" | grep spec_store_bypass | head -n1);
|
||||||
[ -n "$kernel_ssb" ] && _debug "found $kernel_ssb in kernel"
|
[ -n "$kernel_ssb" ] && kernel_ssb="found $kernel_ssb in kernel"
|
||||||
fi
|
fi
|
||||||
|
# arm64 kernels can have cpu_show_spec_store_bypass with ARM64_SSBD, so exclude them
|
||||||
|
if [ -z "$kernel_ssb" ] && [ -n "$opt_map" ] && ! grep -q 'arm64_sys_' "$opt_map"; then
|
||||||
|
kernel_ssb=$(grep spec_store_bypass "$opt_map" | awk '{print $3}' | head -n1)
|
||||||
|
[ -n "$kernel_ssb" ] && kernel_ssb="found $kernel_ssb in System.map"
|
||||||
|
fi
|
||||||
|
# arm64 only:
|
||||||
if [ -z "$kernel_ssb" ] && [ -n "$opt_map" ]; then
|
if [ -z "$kernel_ssb" ] && [ -n "$opt_map" ]; then
|
||||||
kernel_ssb=$(grep spec_store_bypass "$opt_map" | head -n1)
|
kernel_ssb=$(grep -w cpu_enable_ssbs "$opt_map" | awk '{print $3}' | head -n1)
|
||||||
[ -n "$kernel_ssb" ] && _debug "found $kernel_ssb in System.map"
|
[ -n "$kernel_ssb" ] && kernel_ssb="found $kernel_ssb in System.map"
|
||||||
fi
|
fi
|
||||||
|
if [ -z "$kernel_ssb" ] && [ -n "$opt_config" ]; then
|
||||||
|
kernel_ssb=$(grep -w 'CONFIG_ARM64_SSBD=y' "$opt_config")
|
||||||
|
[ -n "$kernel_ssb" ] && kernel_ssb="CONFIG_ARM64_SSBD enabled in kconfig"
|
||||||
|
fi
|
||||||
|
if [ -z "$kernel_ssb" ] && [ -n "$kernel" ]; then
|
||||||
|
# this string only appears in kernel if CONFIG_ARM64_SSBD is set
|
||||||
|
kernel_ssb=$(grep -w "Speculative Store Bypassing Safe (SSBS)" "$kernel")
|
||||||
|
[ -n "$kernel_ssb" ] && kernel_ssb="found 'Speculative Store Bypassing Safe (SSBS)' in kernel"
|
||||||
|
fi
|
||||||
|
# /arm64 only
|
||||||
|
|
||||||
if [ -n "$kernel_ssb" ]; then
|
if [ -n "$kernel_ssb" ]; then
|
||||||
pstatus green YES "$kernel_ssb"
|
pstatus green YES "$kernel_ssb"
|
||||||
@ -4443,6 +4463,11 @@ check_CVE_2018_3639_linux()
|
|||||||
elif grep -Eq 'Speculation.?Store.?Bypass:[[:space:]]+not vulnerable' "$procfs/self/status" 2>/dev/null; then
|
elif grep -Eq 'Speculation.?Store.?Bypass:[[:space:]]+not vulnerable' "$procfs/self/status" 2>/dev/null; then
|
||||||
kernel_ssbd_enabled=-2
|
kernel_ssbd_enabled=-2
|
||||||
pstatus blue NO "not vulnerable"
|
pstatus blue NO "not vulnerable"
|
||||||
|
elif grep -Eq 'Speculation.?Store.?Bypass:[[:space:]]+unknown' "$procfs/self/status" 2>/dev/null; then
|
||||||
|
kernel_ssbd_enabled=0
|
||||||
|
pstatus blue NO
|
||||||
|
else
|
||||||
|
pstatus blue UNKNOWN "unknown value: $(grep -E 'Speculation.?Store.?Bypass:' "$procfs/self/status" 2>/dev/null | cut -d: -f2-)"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ "$kernel_ssbd_enabled" = 1 ]; then
|
if [ "$kernel_ssbd_enabled" = 1 ]; then
|
||||||
|
Loading…
Reference in New Issue
Block a user