peter/spectre-meltdown-checker
1
0
Fork 0
mirror of https://github.com/speed47/spectre-meltdown-checker.git synced 2026-04-01 12:47:07 +02:00
Code Issues Projects Releases Wiki Activity

fix: cap_rdcl_no, cap_gds_no, cap_tsa_*_no were not setting the current CPU status as immune for their respective vulns

Browse Source 
built from commit 278989d550
 dated 2026-04-01 00:47:41 +0200
 by Stéphane Lesimple (speed47_github@speed47.net)
This commit is contained in:
github-actions[bot]
2026-03-31 22:48:56 +00:00
parent 15ea90f312
commit 151dd12e3e
1 changed files with 5 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
spectre-meltdown-checker.sh
View File

@@ -13,7 +13,7 @@
# #
# Stephane Lesimple # Stephane Lesimple
# #
VERSION='26.21.0331932' VERSION='26.21.0331950'
# --- Common paths and basedirs --- # --- Common paths and basedirs ---
readonly VULN_SYSFS_BASE="/sys/devices/system/cpu/vulnerabilities" readonly VULN_SYSFS_BASE="/sys/devices/system/cpu/vulnerabilities"
@@ -546,7 +546,7 @@ is_cpu_affected() {
[ -z "$affected_variantl1tf" ] && affected_variantl1tf=immune [ -z "$affected_variantl1tf" ] && affected_variantl1tf=immune
else else
pr_debug "is_cpu_affected: intel family 6 is vuln to l1tf" pr_debug "is_cpu_affected: intel family 6 is vuln to l1tf"
affected_variantl1tf=vuln [ -z "$affected_variantl1tf" ] && affected_variantl1tf=vuln
fi fi
elif [ "$cpu_family" -lt 6 ]; then elif [ "$cpu_family" -lt 6 ]; then
pr_debug "is_cpu_affected: intel family < 6 is immune to l1tf" pr_debug "is_cpu_affected: intel family < 6 is immune to l1tf"
@@ -558,6 +558,7 @@ is_cpu_affected() {
# that they're unaffected by GDS. Also set by hypervisors on virtual CPUs # that they're unaffected by GDS. Also set by hypervisors on virtual CPUs
# so that the guest kernel doesn't try to mitigate GDS when it's already mitigated on the host # so that the guest kernel doesn't try to mitigate GDS when it's already mitigated on the host
pr_debug "is_cpu_affected: downfall: not affected (GDS_NO)" pr_debug "is_cpu_affected: downfall: not affected (GDS_NO)"
affected_downfall=immune
elif [ "$cpu_family" = 6 ]; then elif [ "$cpu_family" = 6 ]; then
# list from https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=64094e7e3118aff4b0be8ff713c242303e139834 # list from https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=64094e7e3118aff4b0be8ff713c242303e139834
set -u set -u
@@ -669,6 +670,7 @@ is_cpu_affected() {
# they're not affected to TSA-SQ and TSA-L1 # they're not affected to TSA-SQ and TSA-L1
# these vars are set in check_cpu() # these vars are set in check_cpu()
pr_debug "is_cpu_affected: TSA_SQ_NO and TSA_L1_NO are set so not vuln to TSA" pr_debug "is_cpu_affected: TSA_SQ_NO and TSA_L1_NO are set so not vuln to TSA"
affected_tsa=immune
elif [ "$cpu_family" = $((0x19)) ]; then elif [ "$cpu_family" = $((0x19)) ]; then
affected_tsa=vuln affected_tsa=vuln
fi fi
@@ -5881,6 +5883,7 @@ check_CVE_2018_3620_linux() {
# this kernel has the /sys interface, trust it over everything # this kernel has the /sys interface, trust it over everything
sys_interface_available=1 sys_interface_available=1
status=$ret_sys_interface_check_status status=$ret_sys_interface_check_status
msg=$ret_sys_interface_check_fullmsg
fi fi
if [ "$opt_sysfs_only" != 1 ]; then if [ "$opt_sysfs_only" != 1 ]; then
pr_info_nol "* Kernel supports PTE inversion: " pr_info_nol "* Kernel supports PTE inversion: "