From e04c6b985081b54477bf4c6002e5aaa5e3ae7f2f Mon Sep 17 00:00:00 2001 From: Rob Gill Date: Tue, 22 May 2018 20:40:57 +1000 Subject: [PATCH 1/3] Check for obsolete dd On linux systems which need dd, this check if the version is compatible before continuing with hardware checks. If the install of dd is obsolete, user is warnd, and hardware checks do not continue, any other requested checks performed as normal. (Old versions (before circa 2012) of dd do not support the iflag=skip_bytes option. They are therefore unable to read from cpuid, or msr, where read offset is used to pass the required page. To complicate matters, some versions of dd may not return an error code when this happens.) --- spectre-meltdown-checker.sh | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/spectre-meltdown-checker.sh b/spectre-meltdown-checker.sh index 032c42f..e499392 100755 --- a/spectre-meltdown-checker.sh +++ b/spectre-meltdown-checker.sh @@ -1453,6 +1453,21 @@ read_msr() return 0 } +check_dd() +{ + # Old versions of dd do not support iflag=skip_bytes so are unable to read cpuid and MSR + # also some versions may fail silently. + if [ "$os" = Linux ]; then + printf ddskipsupport | dd bs=2 skip=2 iflag=skip_bytes count=2 2>/dev/null | grep skip >/dev/null + dd_support=$? + if [ "$dd_support" != "0" ]; then + _debug "dd does not support iflag=skip_bytes" + _warn "Obsolete version of dd does not support required features" + _info + fi + fi +} + check_cpu() { _info "\033[1;34mHardware check\033[0m" @@ -1462,6 +1477,10 @@ check_cpu() fi _info "* Hardware support (CPU microcode) for mitigation techniques" + if [ "$dd_support" != "0" ]; then + pstatus yellow UNKNOWN "* Unable to determine Hardware support (CPU microcode) mitigation techniques" + return + fi _info " * Indirect Branch Restricted Speculation (IBRS)" _info_nol " * SPEC_CTRL MSR is available: " number_of_cpus @@ -1793,6 +1812,11 @@ check_cpu() check_cpu_vulnerabilities() { _info "* CPU vulnerability to the speculative execution attack variants" + if [ "$dd_support" != "0" ]; then + pstatus yellow UNKNOWN "* Unable to determine Hardware support (CPU microcode) mitigation techniques" + return + fi + for v in 1 2 3 3a 4; do _info_nol " * Vulnerable to Variant $v: " if is_cpu_vulnerable $v; then @@ -2909,6 +2933,7 @@ check_variant4() } if [ "$opt_no_hw" = 0 ] && [ -z "$opt_arch_prefix" ]; then + check_dd check_cpu check_cpu_vulnerabilities _info From 7451022f05d88480552504afc5574d341dda88d1 Mon Sep 17 00:00:00 2001 From: Rob Gill Date: Tue, 22 May 2018 20:46:49 +1000 Subject: [PATCH 2/3] Update spectre-meltdown-checker.sh --- spectre-meltdown-checker.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spectre-meltdown-checker.sh b/spectre-meltdown-checker.sh index e499392..ad14501 100755 --- a/spectre-meltdown-checker.sh +++ b/spectre-meltdown-checker.sh @@ -1813,7 +1813,7 @@ check_cpu_vulnerabilities() { _info "* CPU vulnerability to the speculative execution attack variants" if [ "$dd_support" != "0" ]; then - pstatus yellow UNKNOWN "* Unable to determine Hardware support (CPU microcode) mitigation techniques" + pstatus yellow UNKNOWN "* Unable to determine CPU vulnerability to the speculative execution attack variants" return fi From c40b2b31958ab2258b2a0fecbdb839ba92eb9977 Mon Sep 17 00:00:00 2001 From: Rob Gill Date: Tue, 22 May 2018 21:11:19 +1000 Subject: [PATCH 3/3] Update spectre-meltdown-checker.sh --- spectre-meltdown-checker.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/spectre-meltdown-checker.sh b/spectre-meltdown-checker.sh index ad14501..0e6c540 100755 --- a/spectre-meltdown-checker.sh +++ b/spectre-meltdown-checker.sh @@ -1465,6 +1465,8 @@ check_dd() _warn "Obsolete version of dd does not support required features" _info fi + else + dd_support="0" fi }