mirror of
https://github.com/speed47/spectre-meltdown-checker
synced 2025-01-05 10:59:07 +01:00
Compare commits
2 Commits
a343bccb49
...
eec77e1ab9
Author | SHA1 | Date | |
---|---|---|---|
|
eec77e1ab9 | ||
|
5633d374de |
19
.github/workflows/check.yml
vendored
19
.github/workflows/check.yml
vendored
@ -10,7 +10,7 @@ jobs:
|
|||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v1
|
- uses: actions/checkout@v1
|
||||||
- name: install prerequisites
|
- name: install prerequisites
|
||||||
run: sudo apt-get install -y shellcheck jq
|
run: sudo apt-get update && sudo apt-get install -y shellcheck jq sqlite3 iucode-tool
|
||||||
- name: shellcheck
|
- name: shellcheck
|
||||||
run: shellcheck -s sh spectre-meltdown-checker.sh
|
run: shellcheck -s sh spectre-meltdown-checker.sh
|
||||||
- name: check indentation
|
- name: check indentation
|
||||||
@ -54,3 +54,20 @@ jobs:
|
|||||||
else
|
else
|
||||||
echo "OK $nb CVEs reported"
|
echo "OK $nb CVEs reported"
|
||||||
fi
|
fi
|
||||||
|
- name: check fwdb update
|
||||||
|
run: |
|
||||||
|
nbtmp1=$(find /tmp 2>/dev/null | wc -l)
|
||||||
|
./spectre-meltdown-checker.sh --update-fwdb; ret=$?
|
||||||
|
if [ "$ret" != 0 ]; then
|
||||||
|
echo "Non-zero return value: $ret"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
nbtmp2=$(find /tmp 2>/dev/null | wc -l)
|
||||||
|
if [ "$nbtmp1" != "$nbtmp2" ]; then
|
||||||
|
echo "Left temporary files!"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
if ! [ -e ~/.mcedb ]; then
|
||||||
|
echo "No .mcedb file found after updating fwdb"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
@ -22,7 +22,7 @@ exit_cleanup()
|
|||||||
[ -n "$kerneltmp" ] && [ -f "$kerneltmp" ] && rm -f "$kerneltmp"
|
[ -n "$kerneltmp" ] && [ -f "$kerneltmp" ] && rm -f "$kerneltmp"
|
||||||
[ -n "$kerneltmp2" ] && [ -f "$kerneltmp2" ] && rm -f "$kerneltmp2"
|
[ -n "$kerneltmp2" ] && [ -f "$kerneltmp2" ] && rm -f "$kerneltmp2"
|
||||||
[ -n "$mcedb_tmp" ] && [ -f "$mcedb_tmp" ] && rm -f "$mcedb_tmp"
|
[ -n "$mcedb_tmp" ] && [ -f "$mcedb_tmp" ] && rm -f "$mcedb_tmp"
|
||||||
[ -n "$intel_tmp" ] && [ -f "$intel_tmp" ] && rm -rf "$intel_tmp"
|
[ -n "$intel_tmp" ] && [ -d "$intel_tmp" ] && rm -rf "$intel_tmp"
|
||||||
[ "$mounted_debugfs" = 1 ] && umount /sys/kernel/debug 2>/dev/null
|
[ "$mounted_debugfs" = 1 ] && umount /sys/kernel/debug 2>/dev/null
|
||||||
[ "$mounted_procfs" = 1 ] && umount "$procfs" 2>/dev/null
|
[ "$mounted_procfs" = 1 ] && umount "$procfs" 2>/dev/null
|
||||||
[ "$insmod_cpuid" = 1 ] && rmmod cpuid 2>/dev/null
|
[ "$insmod_cpuid" = 1 ] && rmmod cpuid 2>/dev/null
|
||||||
@ -3051,10 +3051,22 @@ check_has_vmm()
|
|||||||
if command -v pgrep >/dev/null 2>&1; then
|
if command -v pgrep >/dev/null 2>&1; then
|
||||||
# remove xenbus and xenwatch, also present inside domU
|
# remove xenbus and xenwatch, also present inside domU
|
||||||
# remove libvirtd as it can also be used to manage containers and not VMs
|
# remove libvirtd as it can also be used to manage containers and not VMs
|
||||||
if pgrep qemu >/dev/null || pgrep kvm >/dev/null || \
|
# for each binary we want to grep, get the pids
|
||||||
pgrep xenstored >/dev/null || pgrep xenconsoled >/dev/null; then
|
for _binary in qemu kvm xenstored xenconsoled
|
||||||
has_vmm=1
|
do
|
||||||
fi
|
for _pid in $(pgrep $_binary)
|
||||||
|
do
|
||||||
|
# resolve the exe symlink, if it doesn't resolve with -m,
|
||||||
|
# which doesn't even need the dest to exist, it means the symlink
|
||||||
|
# is null, which is the case for kernel threads: ignore those to
|
||||||
|
# avoid false positives (such as [kvm-irqfd-clean] under at least RHEL 7.6/7.7)
|
||||||
|
if ! [ "$(readlink -m "/proc/$_pid/exe")" = "/proc/$_pid/exe" ]; then
|
||||||
|
_debug "has_vmm: found PID $_pid"
|
||||||
|
has_vmm=1
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
done
|
||||||
|
unset _binary _pid
|
||||||
else
|
else
|
||||||
# ignore SC2009 as `ps ax` is actually used as a fallback if `pgrep` isn't installed
|
# ignore SC2009 as `ps ax` is actually used as a fallback if `pgrep` isn't installed
|
||||||
# shellcheck disable=SC2009
|
# shellcheck disable=SC2009
|
||||||
|
Loading…
Reference in New Issue
Block a user