1
0
mirror of https://github.com/speed47/spectre-meltdown-checker synced 2024-12-22 20:33:56 +01:00

Compare commits

...

3 Commits

Author SHA1 Message Date
Stéphane Lesimple
3a486e9985 arm64: variant 4: detect ssbd mitigation from kernel img, system.map or kconfig 2021-04-02 15:38:31 +02:00
Stéphane Lesimple
23564cda5d fix: variant4: added case where prctl ssbd status is tagged as 'unknown' 2021-04-02 15:38:31 +02:00
Stéphane Lesimple
0ea21d09bd fix: extract_kernel: don't overwrite kernel_err if already set
Fixes #395
2021-04-02 15:33:02 +02:00

View File

@ -1396,7 +1396,10 @@ extract_kernel()
try_decompress '(\265/\375' xxy unzstd '' zstd "$1" "$mode" "$pass" && return 0 try_decompress '(\265/\375' xxy unzstd '' zstd "$1" "$mode" "$pass" && return 0
done done
done done
kernel_err="kernel compression format is unknown or image is invalid" # kernel_err might already have been populated by try_decompress() if we're missing one of the tools
if [ -z "$kernel_err" ]; then
kernel_err="kernel compression format is unknown or image is invalid"
fi
_verbose "Couldn't extract the kernel image ($kernel_err), accuracy might be reduced" _verbose "Couldn't extract the kernel image ($kernel_err), accuracy might be reduced"
return 1 return 1
} }
@ -4412,14 +4415,31 @@ check_CVE_2018_3639_linux()
_debug "found Speculation.Store.Bypass: in $procfs/self/status" _debug "found Speculation.Store.Bypass: in $procfs/self/status"
fi fi
fi fi
if [ -z "$kernel_ssb" ] && [ -n "$kernel" ]; then # arm64 kernels can have cpu_show_spec_store_bypass with ARM64_SSBD, so exclude them
if [ -z "$kernel_ssb" ] && [ -n "$kernel" ] && ! grep -q 'arm64_sys_' "$kernel"; then
kernel_ssb=$("${opt_arch_prefix}strings" "$kernel" | grep spec_store_bypass | head -n1); kernel_ssb=$("${opt_arch_prefix}strings" "$kernel" | grep spec_store_bypass | head -n1);
[ -n "$kernel_ssb" ] && _debug "found $kernel_ssb in kernel" [ -n "$kernel_ssb" ] && kernel_ssb="found $kernel_ssb in kernel"
fi fi
# arm64 kernels can have cpu_show_spec_store_bypass with ARM64_SSBD, so exclude them
if [ -z "$kernel_ssb" ] && [ -n "$opt_map" ] && ! grep -q 'arm64_sys_' "$opt_map"; then
kernel_ssb=$(grep spec_store_bypass "$opt_map" | awk '{print $3}' | head -n1)
[ -n "$kernel_ssb" ] && kernel_ssb="found $kernel_ssb in System.map"
fi
# arm64 only:
if [ -z "$kernel_ssb" ] && [ -n "$opt_map" ]; then if [ -z "$kernel_ssb" ] && [ -n "$opt_map" ]; then
kernel_ssb=$(grep spec_store_bypass "$opt_map" | head -n1) kernel_ssb=$(grep -w cpu_enable_ssbs "$opt_map" | awk '{print $3}' | head -n1)
[ -n "$kernel_ssb" ] && _debug "found $kernel_ssb in System.map" [ -n "$kernel_ssb" ] && kernel_ssb="found $kernel_ssb in System.map"
fi fi
if [ -z "$kernel_ssb" ] && [ -n "$opt_config" ]; then
kernel_ssb=$(grep -w 'CONFIG_ARM64_SSBD=y' "$opt_config")
[ -n "$kernel_ssb" ] && kernel_ssb="CONFIG_ARM64_SSBD enabled in kconfig"
fi
if [ -z "$kernel_ssb" ] && [ -n "$kernel" ]; then
# this string only appears in kernel if CONFIG_ARM64_SSBD is set
kernel_ssb=$(grep -w "Speculative Store Bypassing Safe (SSBS)" "$kernel")
[ -n "$kernel_ssb" ] && kernel_ssb="found 'Speculative Store Bypassing Safe (SSBS)' in kernel"
fi
# /arm64 only
if [ -n "$kernel_ssb" ]; then if [ -n "$kernel_ssb" ]; then
pstatus green YES "$kernel_ssb" pstatus green YES "$kernel_ssb"
@ -4443,6 +4463,11 @@ check_CVE_2018_3639_linux()
elif grep -Eq 'Speculation.?Store.?Bypass:[[:space:]]+not vulnerable' "$procfs/self/status" 2>/dev/null; then elif grep -Eq 'Speculation.?Store.?Bypass:[[:space:]]+not vulnerable' "$procfs/self/status" 2>/dev/null; then
kernel_ssbd_enabled=-2 kernel_ssbd_enabled=-2
pstatus blue NO "not vulnerable" pstatus blue NO "not vulnerable"
elif grep -Eq 'Speculation.?Store.?Bypass:[[:space:]]+unknown' "$procfs/self/status" 2>/dev/null; then
kernel_ssbd_enabled=0
pstatus blue NO
else
pstatus blue UNKNOWN "unknown value: $(grep -E 'Speculation.?Store.?Bypass:' "$procfs/self/status" 2>/dev/null | cut -d: -f2-)"
fi fi
if [ "$kernel_ssbd_enabled" = 1 ]; then if [ "$kernel_ssbd_enabled" = 1 ]; then