1
0
mirror of https://github.com/speed47/spectre-meltdown-checker synced 2025-01-03 10:05:44 +01:00

Compare commits

...

2 Commits

Author SHA1 Message Date
Stéphane Lesimple
3beefc2587 enh: rsb filling: no longer need the 'strings' tool to check for kernel support in live mode 2020-03-10 22:29:54 +01:00
Stéphane Lesimple
27c36fdb80 fwdb: update to v135.20200303+i20200205 2020-03-10 22:29:39 +01:00

View File

@ -3682,19 +3682,28 @@ check_CVE_2017_5715_linux()
if is_vulnerable_to_empty_rsb || [ "$opt_verbose" -ge 2 ]; then
_info_nol " * Kernel supports RSB filling: "
if ! command -v "${opt_arch_prefix}strings" >/dev/null 2>&1; then
pstatus yellow UNKNOWN "missing '${opt_arch_prefix}strings' tool, please install it, usually it's in the binutils package"
elif [ -n "$kernel_err" ]; then
rsb_filling=0
if [ "$opt_live" = 1 ] && [ "$opt_no_sysfs" != 1 ]; then
# if we're live and we aren't denied looking into /sys, let's do it
if echo "$msg" | grep -qw RSB; then
rsb_filling=1
pstatus green YES
fi
fi
if [ "$rsb_filling" = 0 ]; then
if [ -n "$kernel_err" ]; then
pstatus yellow UNKNOWN "couldn't check ($kernel_err)"
else
rsb_filling=$("${opt_arch_prefix}strings" "$kernel" | grep -w 'Filling RSB on context switch')
if [ -n "$rsb_filling" ]; then
if grep -qw -e 'Filling RSB on context switch' "$kernel"; then
rsb_filling=1
pstatus green YES
else
rsb_filling=0
pstatus yellow NO
fi
fi
fi
fi
elif [ "$sys_interface_available" = 0 ]; then
# we have no sysfs but were asked to use it only!
@ -3706,9 +3715,9 @@ check_CVE_2017_5715_linux()
# override status & msg in case CPU is not vulnerable after all
pvulnstatus $cve OK "your CPU vendor reported your CPU model as not vulnerable"
else
if [ "$retpoline" = 1 ] && [ "$retpoline_compiler" = 1 ] && [ "$retp_enabled" != 0 ] && [ -n "$ibpb_enabled" ] && [ "$ibpb_enabled" -ge 1 ] && ( ! is_vulnerable_to_empty_rsb || [ -n "$rsb_filling" ] ); then
if [ "$retpoline" = 1 ] && [ "$retpoline_compiler" = 1 ] && [ "$retp_enabled" != 0 ] && [ -n "$ibpb_enabled" ] && [ "$ibpb_enabled" -ge 1 ] && ( ! is_vulnerable_to_empty_rsb || [ "$rsb_filling" = 1 ] ); then
pvulnstatus $cve OK "Full retpoline + IBPB are mitigating the vulnerability"
elif [ "$retpoline" = 1 ] && [ "$retpoline_compiler" = 1 ] && [ "$retp_enabled" != 0 ] && [ "$opt_paranoid" = 0 ] && ( ! is_vulnerable_to_empty_rsb || [ -n "$rsb_filling" ] ); then
elif [ "$retpoline" = 1 ] && [ "$retpoline_compiler" = 1 ] && [ "$retp_enabled" != 0 ] && [ "$opt_paranoid" = 0 ] && ( ! is_vulnerable_to_empty_rsb || [ "$rsb_filling" = 1 ] ); then
pvulnstatus $cve OK "Full retpoline is mitigating the vulnerability"
if [ -n "$cpuid_ibpb" ]; then
_warn "You should enable IBPB to complete retpoline as a Variant 2 mitigation"
@ -5295,7 +5304,7 @@ exit 0 # ok
# The builtin version follows, but the user can download an up-to-date copy (to be stored in his $HOME) by using --update-fwdb
# To update the builtin version itself (by *modifying* this very file), use --update-builtin-fwdb
# %%% MCEDB v132.20200108+i20191124
# %%% MCEDB v135.20200303+i20200205
# I,0x00000611,0x00000B27,19961218
# I,0x00000612,0x000000C6,19961210
# I,0x00000616,0x000000C6,19961210
@ -5486,11 +5495,11 @@ exit 0 # ok
# I,0x000306C0,0xFFFF0013,20111110
# I,0x000306C1,0xFFFF0014,20120725
# I,0x000306C2,0xFFFF0006,20121017
# I,0x000306C3,0x00000027,20190226
# I,0x000306C3,0x00000028,20191112
# I,0x000306D1,0xFFFF0009,20131015
# I,0x000306D2,0xFFFF0009,20131219
# I,0x000306D3,0xE3121338,20140825
# I,0x000306D4,0x0000002E,20190613
# I,0x000306D4,0x0000002F,20191112
# I,0x000306E0,0x00000008,20120726
# I,0x000306E2,0x0000020D,20130321
# I,0x000306E3,0x00000308,20130321
@ -5503,11 +5512,11 @@ exit 0 # ok
# I,0x000306F3,0x0000000D,20160211
# I,0x000306F4,0x00000016,20190617
# I,0x00040650,0xFFFF000B,20121206
# I,0x00040651,0x00000025,20190226
# I,0x00040651,0x00000026,20191112
# I,0x00040660,0xFFFF0011,20121012
# I,0x00040661,0x0000001B,20190226
# I,0x00040661,0x0000001C,20191112
# I,0x00040670,0xFFFF0006,20140304
# I,0x00040671,0x00000021,20190613
# I,0x00040671,0x00000022,20191112
# I,0x000406A0,0x80124001,20130521
# I,0x000406A8,0x0000081F,20140812
# I,0x000406A9,0x0000081F,20140812
@ -5519,18 +5528,18 @@ exit 0 # ok
# I,0x000406D8,0x0000012D,20190916
# I,0x000406E1,0x00000020,20141111
# I,0x000406E2,0x0000002C,20150521
# I,0x000406E3,0x000000D6,20191003
# I,0x000406E3,0x800000DA,20200109
# I,0x000406E8,0x00000026,20160414
# I,0x000406F0,0x00000014,20150702
# I,0x000406F1,0x0B000038,20190618
# I,0x00050650,0x8000002B,20160208
# I,0x00050651,0x8000002B,20160208
# I,0x00050652,0x80000037,20170502
# I,0x00050653,0x01000151,20190909
# I,0x00050654,0x02000065,20190905
# I,0x00050653,0x01000154,20191220
# I,0x00050654,0x02000069,20191220
# I,0x00050655,0x03000012,20190412
# I,0x00050656,0x0400002C,20190905
# I,0x00050657,0x0500012C,20191124
# I,0x00050656,0x04002F00,20200114
# I,0x00050657,0x05002F00,20200114
# I,0x00050661,0xF1000008,20150130
# I,0x00050662,0x0000001C,20190617
# I,0x00050663,0x07000019,20190617
@ -5542,12 +5551,12 @@ exit 0 # ok
# I,0x000506C2,0x00000014,20180511
# I,0x000506C8,0x90011010,20160323
# I,0x000506C9,0x0000003C,20190722
# I,0x000506CA,0x0000001A,20190722
# I,0x000506CA,0x0000001C,20190812
# I,0x000506D1,0x00000102,20150605
# I,0x000506E0,0x00000018,20141119
# I,0x000506E1,0x0000002A,20150602
# I,0x000506E2,0x0000002E,20150815
# I,0x000506E3,0x000000D6,20191003
# I,0x000506E3,0x000000DA,20200109
# I,0x000506E8,0x00000034,20160710
# I,0x000506F0,0x00000010,20160607
# I,0x000506F1,0x0000002E,20190321
@ -5563,21 +5572,23 @@ exit 0 # ok
# I,0x000706E1,0x00000042,20190420
# I,0x000706E2,0x00000042,20190420
# I,0x000706E4,0x00000042,20190814
# I,0x000706E5,0x00000056,20191105
# I,0x000706E5,0x00000066,20200109
# I,0x00080650,0x00000018,20180108
# I,0x000806C0,0x00000034,20190913
# I,0x000806E9,0x000000CA,20191015
# I,0x000806EA,0x000000CA,20191003
# I,0x000806EB,0x000000CA,20191003
# I,0x000806EC,0x000000CA,20191003
# I,0x000906E9,0x000000CA,20191003
# I,0x000906EA,0x000000CA,20191003
# I,0x000906EB,0x000000CA,20191003
# I,0x000906EC,0x000000CA,20191003
# I,0x000906ED,0x000000CA,20191003
# I,0x000806E9,0x000000D2,20200109
# I,0x000806EA,0x000000D2,20200109
# I,0x000806EB,0x000000D2,20200109
# I,0x000806EC,0x000000D2,20200110
# I,0x000906E9,0x000000D2,20200109
# I,0x000906EA,0x000000D2,20200109
# I,0x000906EB,0x000000D2,20200109
# I,0x000906EC,0x000000D2,20200109
# I,0x000906ED,0x000000D2,20200109
# I,0x000A0650,0x000000BE,20191010
# I,0x000A0651,0x000000C2,20191113
# I,0x000A0654,0x000000C2,20191113
# I,0x000A0653,0x000000CA,20191126
# I,0x000A0654,0x000000C6,20200123
# I,0x000A0655,0x000000C8,20200205
# I,0x000A0660,0x000000CA,20191003
# A,0x00000F00,0x02000008,20070614
# A,0x00000F01,0x0000001C,20021031
@ -5657,7 +5668,7 @@ exit 0 # ok
# A,0x00820F00,0x08200002,20180214
# A,0x00820F01,0x08200103,20190417
# A,0x00830F00,0x08300027,20190401
# A,0x00830F10,0x08301025,20190711
# A,0x00830F10,0x08301034,20191024
# A,0x00860F00,0x0860000D,20190916
# A,0x00860F01,0x08600102,20191117
# A,0x00870F00,0x08700004,20181206