mirror of
https://github.com/speed47/spectre-meltdown-checker
synced 2024-12-22 04:13:38 +01:00
Compare commits
3 Commits
7fbaa610d6
...
f802daf6a7
Author | SHA1 | Date | |
---|---|---|---|
|
f802daf6a7 | ||
|
388d44edbd | ||
|
ea304a14c2 |
2
.github/workflows/check.yml
vendored
2
.github/workflows/check.yml
vendored
@ -8,7 +8,7 @@ jobs:
|
|||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v1
|
- uses: actions/checkout@v4
|
||||||
- name: install prerequisites
|
- name: install prerequisites
|
||||||
run: sudo apt-get update && sudo apt-get install -y shellcheck jq sqlite3 iucode-tool
|
run: sudo apt-get update && sudo apt-get install -y shellcheck jq sqlite3 iucode-tool
|
||||||
- name: shellcheck
|
- name: shellcheck
|
||||||
|
@ -4394,11 +4394,11 @@ check_CVE_2017_5715_linux()
|
|||||||
# We check the RETPOLINE kernel options
|
# We check the RETPOLINE kernel options
|
||||||
retpoline=0
|
retpoline=0
|
||||||
if [ -r "$opt_config" ]; then
|
if [ -r "$opt_config" ]; then
|
||||||
if grep -q '^CONFIG_RETPOLINE=y' "$opt_config"; then
|
if grep -q '^CONFIG_\(MITIGATION_\)\?RETPOLINE=y' "$opt_config"; then
|
||||||
pstatus green YES
|
pstatus green YES
|
||||||
retpoline=1
|
retpoline=1
|
||||||
# shellcheck disable=SC2046
|
# shellcheck disable=SC2046
|
||||||
_debug 'retpoline: found '$(grep '^CONFIG_RETPOLINE' "$opt_config")" in $opt_config"
|
_debug 'retpoline: found '$(grep '^CONFIG_\(MITIGATION_\)\?RETPOLINE' "$opt_config")" in $opt_config"
|
||||||
else
|
else
|
||||||
pstatus yellow NO
|
pstatus yellow NO
|
||||||
fi
|
fi
|
||||||
@ -4410,8 +4410,9 @@ check_CVE_2017_5715_linux()
|
|||||||
# Now check if the compiler used to compile the kernel knows how to insert retpolines in generated asm
|
# Now check if the compiler used to compile the kernel knows how to insert retpolines in generated asm
|
||||||
# For gcc, this is -mindirect-branch=thunk-extern (detected by the kernel makefiles)
|
# For gcc, this is -mindirect-branch=thunk-extern (detected by the kernel makefiles)
|
||||||
# See gcc commit https://github.com/hjl-tools/gcc/commit/23b517d4a67c02d3ef80b6109218f2aadad7bd79
|
# See gcc commit https://github.com/hjl-tools/gcc/commit/23b517d4a67c02d3ef80b6109218f2aadad7bd79
|
||||||
# In latest retpoline LKML patches, the noretpoline_setup symbol exists only if CONFIG_RETPOLINE is set
|
# In latest retpoline LKML patches, the noretpoline_setup symbol exists only if CONFIG_MITIGATION_RETPOLINE is set
|
||||||
# *AND* if the compiler is retpoline-compliant, so look for that symbol
|
# *AND* if the compiler is retpoline-compliant, so look for that symbol. The name of this kernel config
|
||||||
|
# option before version 6.9-rc1 is CONFIG_RETPOLINE.
|
||||||
#
|
#
|
||||||
# if there is "retpoline" in the file and NOT "minimal", then it's full retpoline
|
# if there is "retpoline" in the file and NOT "minimal", then it's full retpoline
|
||||||
# (works for vanilla and Red Hat variants)
|
# (works for vanilla and Red Hat variants)
|
||||||
@ -4637,7 +4638,7 @@ check_CVE_2017_5715_linux()
|
|||||||
# RETPOLINE (amd & intel &hygon )
|
# RETPOLINE (amd & intel &hygon )
|
||||||
if is_amd || is_intel || is_hygon; then
|
if is_amd || is_intel || is_hygon; then
|
||||||
if [ "$retpoline" = 0 ]; then
|
if [ "$retpoline" = 0 ]; then
|
||||||
explain "Your kernel is not compiled with retpoline support, so you need to either upgrade your kernel (if you're using a distro) or recompile your kernel with the CONFIG_RETPOLINE option enabled. You also need to compile your kernel with a retpoline-aware compiler (re-run this script with -v to know if your version of gcc is retpoline-aware)."
|
explain "Your kernel is not compiled with retpoline support, so you need to either upgrade your kernel (if you're using a distro) or recompile your kernel with the CONFIG_MITIGATION_RETPOLINE option enabled (was named CONFIG_RETPOLINE before kernel 6.9-rc1). You also need to compile your kernel with a retpoline-aware compiler (re-run this script with -v to know if your version of gcc is retpoline-aware)."
|
||||||
elif [ "$retpoline" = 1 ] && [ "$retpoline_compiler" = 0 ]; then
|
elif [ "$retpoline" = 1 ] && [ "$retpoline_compiler" = 0 ]; then
|
||||||
explain "Your kernel is compiled with retpoline, but without a retpoline-aware compiler (re-run this script with -v to know if your version of gcc is retpoline-aware)."
|
explain "Your kernel is compiled with retpoline, but without a retpoline-aware compiler (re-run this script with -v to know if your version of gcc is retpoline-aware)."
|
||||||
elif [ "$retpoline" = 1 ] && [ "$retpoline_compiler" = 1 ] && [ "$retp_enabled" = 0 ]; then
|
elif [ "$retpoline" = 1 ] && [ "$retpoline_compiler" = 1 ] && [ "$retp_enabled" = 0 ]; then
|
||||||
|
Loading…
Reference in New Issue
Block a user