From c19986188f938c9298bbd252e6e64411cabe2032 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Lesimple?= <speed47_github@speed47.net>
Date: Sat, 19 May 2018 09:52:51 +0200
Subject: [PATCH 01/12] fix(variant2): adjust detection for SLES kernels

---
 spectre-meltdown-checker.sh | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/spectre-meltdown-checker.sh b/spectre-meltdown-checker.sh
index 6cfb1b8..c1829d0 100755
--- a/spectre-meltdown-checker.sh
+++ b/spectre-meltdown-checker.sh
@@ -2037,7 +2037,7 @@ check_variant2_linux()
 			fi
 			if [ -e "/sys/devices/system/cpu/vulnerabilities/spectre_v2" ]; then
 				# when IBPB is enabled on 4.15+, we can see it in sysfs
-				if grep -q ', IBPB' "/sys/devices/system/cpu/vulnerabilities/spectre_v2"; then
+				if grep -q 'IBPB' "/sys/devices/system/cpu/vulnerabilities/spectre_v2"; then
 					_debug "ibpb: found enabled in sysfs"
 					[ -z "$ibpb_supported" ] && ibpb_supported='IBPB found enabled in sysfs'
 					[ -z "$ibpb_enabled"   ] && ibpb_enabled=1
@@ -2049,7 +2049,7 @@ check_variant2_linux()
 					ibrs_fw_enabled=1
 				fi
 				# when IBRS is enabled on 4.15+, we can see it in sysfs
-				if grep -q 'Indirect Branch Restricted Speculation' "/sys/devices/system/cpu/vulnerabilities/spectre_v2"; then
+				if grep -q -e 'IBRS' -e 'Indirect Branch Restricted Speculation' "/sys/devices/system/cpu/vulnerabilities/spectre_v2"; then
 					_debug "ibrs: found IBRS in sysfs"
 					[ -z "$ibrs_supported" ] && ibrs_supported='found IBRS in sysfs'
 					[ -z "$ibrs_enabled"   ] && ibrs_enabled=3
@@ -2137,7 +2137,7 @@ check_variant2_linux()
 					1)	if [ "$ibrs_fw_enabled" = 1 ]; then pstatus green YES "for kernel space and firmware code"; else pstatus green YES "for kernel space"; fi;;
 					2)	if [ "$ibrs_fw_enabled" = 1 ]; then pstatus green YES "for kernel, user space, and firmware code" ; else pstatus green YES "for both kernel and user space"; fi;;
 					3)	if [ "$ibrs_fw_enabled" = 1 ]; then pstatus green YES "for kernel and firmware code"; else pstatus green YES; fi;;
-					*)	if [ ! "$cpuid_ibrs" = 'SPEC_CTRL' ] && [ ! "cpuid_ibrs" = 'IBRS_SUPPORT' ] && [ ! "cpuid_spec_ctrl" = -1 ]; 
+					*)	if [ ! "$cpuid_ibrs" = 'SPEC_CTRL' ] && [ ! "$cpuid_ibrs" = 'IBRS_SUPPORT' ] && [ ! "$cpuid_spec_ctrl" = -1 ];
 							then pstatus yellow NO; _debug "ibrs: known cpu not supporting SPEC-CTRL or IBRS"; 
 						else 
 							pstatus yellow UNKNOWN; fi;;

From f33d65ff7101761de6bf3e174033ccdef181d0e7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Lesimple?= <speed47_github@speed47.net>
Date: Tue, 22 May 2018 09:38:29 +0200
Subject: [PATCH 02/12] feat(variant3a): add information about
 microcode-sufficient mitigation

---
 spectre-meltdown-checker.sh | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/spectre-meltdown-checker.sh b/spectre-meltdown-checker.sh
index 032c42f..6c74c61 100755
--- a/spectre-meltdown-checker.sh
+++ b/spectre-meltdown-checker.sh
@@ -2886,12 +2886,19 @@ check_variant3a()
 {
 	_info "\033[1;34mCVE-2018-3640 [rogue system register read] aka 'Variant 3a'\033[0m"
 
+	status=UNK
+	sys_interface_available=0
+	msg=''
+
+	_info_nol "  * CPU microcode mitigates the vulnerability:"
+	pstatus yellow UNKNOWN "an up to date microcode is sufficient to mitigate this vulnerability, detection will be implemented soon"
+
 	cve='CVE-2018-3640'
 	if ! is_cpu_vulnerable 3a; then
 		# override status & msg in case CPU is not vulnerable after all
 		pvulnstatus $cve OK "your CPU vendor reported your CPU model as not vulnerable"
 	else
-		pvulnstatus $cve UNK "new vulnerability, script will be updated when more technical information is available in the next hours/days"
+		pvulnstatus $cve VULN "a new microcode will mitigate this vulnerability"
 	fi
 }
 

From f75cc0bb6ff9ca78973a14c5ce342cfc437ea009 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Lesimple?= <speed47_github@speed47.net>
Date: Tue, 22 May 2018 09:39:11 +0200
Subject: [PATCH 03/12] feat(variant4): add sysfs mitigation hint and some
 explanation about the vuln

---
 spectre-meltdown-checker.sh | 22 +++++++++++++++++++++-
 1 file changed, 21 insertions(+), 1 deletion(-)

diff --git a/spectre-meltdown-checker.sh b/spectre-meltdown-checker.sh
index 6c74c61..5382d27 100755
--- a/spectre-meltdown-checker.sh
+++ b/spectre-meltdown-checker.sh
@@ -2906,12 +2906,32 @@ check_variant4()
 {
 	_info "\033[1;34mCVE-2018-3639 [speculative store bypass] aka 'Variant 4'\033[0m"
 
+	status=UNK
+	sys_interface_available=0
+	msg=''
+	if sys_interface_check "/sys/devices/system/cpu/vulnerabilities/spec_store_bypass"; then
+		# this kernel has the /sys interface, trust it over everything
+		sys_interface_available=1
+	fi
+	if [ "$opt_sysfs_only" != 1 ]; then
+		:
+	elif [ "$sys_interface_available" = 0 ]; then
+		# we have no sysfs but were asked to use it only!
+		msg="/sys vulnerability interface use forced, but it's not available!"
+		status=UNK
+	fi
+
 	cve='CVE-2018-3639'
 	if ! is_cpu_vulnerable 4; then
 		# override status & msg in case CPU is not vulnerable after all
 		pvulnstatus $cve OK "your CPU vendor reported your CPU model as not vulnerable"
+	elif [ -z "$msg" ]; then
+		# if msg is empty, sysfs check didn't fill it, rely on our own test
+		pvulnstatus $cve VULN "your CPU microcode needs to be updated"
+		explain "A new microcode is needed for your CPU to provide mitigation tools that software running on your machine can use to protect itself against the vulnerability."
 	else
-		pvulnstatus $cve UNK "new vulnerability, script will be updated when more technical information is available in the next hours/days"
+		pvulnstatus $cve "$status" "$msg"
+		[ "$msg" = "Vulnerable" ] && explain "A new microcode is needed for your CPU to provide mitigation tools that software running on your machine can use to protect itself against the vulnerability."
 	fi
 }
 

From 19be8f79ebb46a742d53cf84bd96319207013dad Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Lesimple?= <speed47_github@speed47.net>
Date: Tue, 22 May 2018 09:43:29 +0200
Subject: [PATCH 04/12] doc: update README with some info about variant3 and
 variant4

---
 README.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index e139f18..2948a12 100644
--- a/README.md
+++ b/README.md
@@ -86,13 +86,13 @@ sudo ./spectre-meltdown-checker.sh
 **CVE-2018-3640** rogue system register read (Variant 3a)
 
    - Impact: TBC
-   - Mitigation: TBC
+   - Mitigation: microcode update only
    - Performance impact of the mitigation: negligible
 
 **CVE-2018-3639** speculative store bypass (Variant 4)
 
    - Impact: software using JIT (no known exploitation against kernel)
-   - Mitigation: TBC
+   - Mitigation: microcode update + kernel update making possible for affected software to protect itself
    - Performance impact of the mitigation: low to medium
 
 ## Understanding what this script does and doesn't

From 68af5c5f92ff9b5d41e6372288d2a951e66032dd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Lesimple?= <speed47_github@speed47.net>
Date: Tue, 22 May 2018 12:05:46 +0200
Subject: [PATCH 05/12] feat(variant4): detect SSBD-aware kernel

---
 spectre-meltdown-checker.sh | 48 +++++++++++++++++++++++++++++++------
 1 file changed, 41 insertions(+), 7 deletions(-)

diff --git a/spectre-meltdown-checker.sh b/spectre-meltdown-checker.sh
index 5382d27..42dcb27 100755
--- a/spectre-meltdown-checker.sh
+++ b/spectre-meltdown-checker.sh
@@ -1673,7 +1673,7 @@ check_cpu()
 	_info_nol "    * CPU indicates SSBD capability: "
 	read_cpuid 0x7 $EDX 31 1 1; ret=$?
 	if [ $ret -eq 0 ]; then
-		#cpuid_ng1=1
+		cpuid_ssbd=1
 		pstatus green YES "SSBD feature bit"
 	elif [ $ret -eq 1 ]; then
 		pstatus yellow NO
@@ -2890,7 +2890,7 @@ check_variant3a()
 	sys_interface_available=0
 	msg=''
 
-	_info_nol "  * CPU microcode mitigates the vulnerability:"
+	_info_nol "  * CPU microcode mitigates the vulnerability: "
 	pstatus yellow UNKNOWN "an up to date microcode is sufficient to mitigate this vulnerability, detection will be implemented soon"
 
 	cve='CVE-2018-3640'
@@ -2914,7 +2914,28 @@ check_variant4()
 		sys_interface_available=1
 	fi
 	if [ "$opt_sysfs_only" != 1 ]; then
-		:
+		_info_nol "  * Kernel supports speculation store bypass: "
+		if [ "$opt_live" = 1 ]; then
+			if grep -q 'Speculation.Store.Bypass:' /proc/self/status 2>/dev/null; then
+				kernel_ssb='found in /proc/self/status'
+				_debug "found Speculation.Store.Bypass: in /proc/self/status"
+			fi
+		fi
+		if [ -z "$kernel_ssb" ] && [ -n "$kernel" ]; then
+			kernel_ssb=$("${opt_arch_prefix}strings" "$kernel" | grep spec_store_bypass | head -n1);
+			[ -n "$kernel_ssb" ] && _debug "found $kernel_ssb in kernel"
+		fi
+		if [ -z "$kernel_ssb" ] && [ -n "$opt_map" ]; then
+			kernel_ssb=$(grep spec_store_bypass "$opt_map" | head -n1)
+			[ -n "$kernel_ssb" ] && _debug "found $kernel_ssb in System.map"
+		fi
+
+		if [ -n "$kernel_ssb" ]; then
+			pstatus green YES "$kernel_ssb"
+		else
+			pstatus yellow NO
+		fi
+
 	elif [ "$sys_interface_available" = 0 ]; then
 		# we have no sysfs but were asked to use it only!
 		msg="/sys vulnerability interface use forced, but it's not available!"
@@ -2925,13 +2946,26 @@ check_variant4()
 	if ! is_cpu_vulnerable 4; then
 		# override status & msg in case CPU is not vulnerable after all
 		pvulnstatus $cve OK "your CPU vendor reported your CPU model as not vulnerable"
-	elif [ -z "$msg" ]; then
+	elif [ -z "$msg" ] || [ "$msg" = "Vulnerable" ]; then
 		# if msg is empty, sysfs check didn't fill it, rely on our own test
-		pvulnstatus $cve VULN "your CPU microcode needs to be updated"
-		explain "A new microcode is needed for your CPU to provide mitigation tools that software running on your machine can use to protect itself against the vulnerability."
+		if [ "$cpuid_ssbd" = 1 ]; then
+			if [ -n "$kernel_ssb" ]; then
+				pvulnstatus $cve OK "your system provides the necessary tools for software mitigation"
+			else
+				pvulnstatus $cve VULN "your kernel needs to be updated"
+				explain "You have a recent-enough microcode but your kernel is too old to use the new features exported by your CPU's microcode"
+			fi
+		else
+			if [ -n "$kernel_ssb" ]; then
+				pvulnstatus $cve VULN "Your CPU doesn't support SSBD"
+				explain "Your kernel is recent enough to be able to export features for mitigation, but your CPU microcode doesn't provide the necessary tools"
+			else
+				pvulnstatus $cve VULN "Neither your CPU nor your kernel support SSBD"
+				explain "You need to update your CPU microcode and use a more recent kernel to provide the necessary mitigation tools to the software running on your machine"
+			fi
+		fi
 	else
 		pvulnstatus $cve "$status" "$msg"
-		[ "$msg" = "Vulnerable" ] && explain "A new microcode is needed for your CPU to provide mitigation tools that software running on your machine can use to protect itself against the vulnerability."
 	fi
 }
 

From ea75969eb7d46e684799ba9eff97dea88c388934 Mon Sep 17 00:00:00 2001
From: Rob Gill <rrobgill@protonmail.com>
Date: Tue, 22 May 2018 23:54:25 +1000
Subject: [PATCH 06/12] fix(help): Update variant options in usage message
 (#200)

---
 spectre-meltdown-checker.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/spectre-meltdown-checker.sh b/spectre-meltdown-checker.sh
index 918eb48..d984bcd 100755
--- a/spectre-meltdown-checker.sh
+++ b/spectre-meltdown-checker.sh
@@ -64,7 +64,7 @@ show_usage()
 		--batch nrpe		produce machine readable output formatted for NRPE
 		--batch prometheus      produce output for consumption by prometheus-node-exporter
 
-		--variant [1,2,3]	specify which variant you'd like to check, by default all variants are checked,
+		--variant [1,2,3,3a,4]	specify which variant you'd like to check, by default all variants are checked,
 					can be specified multiple times (e.g. --variant 2 --variant 3)
 		--hw-only		only check for CPU information, don't check for any variant
 		--no-hw			skip CPU information and checks, if you're inspecting a kernel not to be run on this host

From 114756fab7f58772efe6aad12614153bf2bc4cb9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Lesimple?= <speed47_github@speed47.net>
Date: Wed, 23 May 2018 20:38:43 +0200
Subject: [PATCH 07/12] fix(amd): not vulnerable to variant3a

---
 spectre-meltdown-checker.sh | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/spectre-meltdown-checker.sh b/spectre-meltdown-checker.sh
index d984bcd..9d99c19 100755
--- a/spectre-meltdown-checker.sh
+++ b/spectre-meltdown-checker.sh
@@ -309,7 +309,10 @@ is_cpu_vulnerable()
 		# https://www.amd.com/en/corporate/speculative-execution
 		variant1=vuln
 		variant2=vuln
-		[ -z "$variant3" ] && variant3=immune
+		[ -z "$variant3"  ] && variant3=immune
+		# https://www.amd.com/en/corporate/security-updates
+		# "We have not identified any AMD x86 products susceptible to the Variant 3a vulnerability in our analysis to-date."
+		[ -z "$variant3a" ] && variant3a=immune
 	elif [ "$cpu_vendor" = ARM ]; then
 		# ARM
 		# reference: https://developer.arm.com/support/security-update

From 61e02abd0ca1fbb3e893fefcfb5c0c872f15e946 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Lesimple?= <speed47_github@speed47.net>
Date: Wed, 23 May 2018 21:08:08 +0200
Subject: [PATCH 08/12] feat(variant3a): detect up to date microcode

---
 spectre-meltdown-checker.sh | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/spectre-meltdown-checker.sh b/spectre-meltdown-checker.sh
index 9d99c19..a8cf490 100755
--- a/spectre-meltdown-checker.sh
+++ b/spectre-meltdown-checker.sh
@@ -2894,14 +2894,23 @@ check_variant3a()
 	msg=''
 
 	_info_nol "  * CPU microcode mitigates the vulnerability: "
-	pstatus yellow UNKNOWN "an up to date microcode is sufficient to mitigate this vulnerability, detection will be implemented soon"
+	if [ "$cpuid_ssbd" = 1 ]; then
+		# microcodes that ship with SSBD are known to also fix variant3a
+		# there is no specific cpuid bit as far as we know
+		pstatus green YES
+	else
+		pstatus yellow NO
+	fi
 
 	cve='CVE-2018-3640'
 	if ! is_cpu_vulnerable 3a; then
 		# override status & msg in case CPU is not vulnerable after all
 		pvulnstatus $cve OK "your CPU vendor reported your CPU model as not vulnerable"
+	elif [ "$cpuid_ssbd" = 1 ]; then
+		pvulnstatus $cve OK "your CPU microcode mitigates the vulnerability"
 	else
-		pvulnstatus $cve VULN "a new microcode will mitigate this vulnerability"
+		pvulnstatus $cve VULN "an up-to-date CPU microcode is needed to mitigate this vulnerability"
+		explain "The microcode of your CPU needs to be upgraded to mitigate this vulnerability. This is usually done at boot time by your kernel (the upgrade is not persistent across reboots which is why it's done at each boot). If you're using a distro, make sure you are up to date, as microcode updates are usually shipped alongside with the distro kernel. Availability of a microcode update for you CPU model depends on your CPU vendor. You can usually find out online if a microcode update is available for your CPU by searching for your CPUID (indicated in the Hardware Check section). The microcode update is enough, there is no additional OS, kernel or software change needed."
 	fi
 }
 

From 85d46b2799e2733d1d1d9c45c736ebd0362ff4a3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Lesimple?= <speed47_github@speed47.net>
Date: Wed, 23 May 2018 21:08:58 +0200
Subject: [PATCH 09/12] feat(variant4): add more detailed explanations

---
 spectre-meltdown-checker.sh | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/spectre-meltdown-checker.sh b/spectre-meltdown-checker.sh
index a8cf490..0282ccb 100755
--- a/spectre-meltdown-checker.sh
+++ b/spectre-meltdown-checker.sh
@@ -2965,15 +2965,15 @@ check_variant4()
 				pvulnstatus $cve OK "your system provides the necessary tools for software mitigation"
 			else
 				pvulnstatus $cve VULN "your kernel needs to be updated"
-				explain "You have a recent-enough microcode but your kernel is too old to use the new features exported by your CPU's microcode"
+				explain "You have a recent-enough CPU microcode but your kernel is too old to use the new features exported by your CPU's microcode. If you're using a distro kernel, upgrade your distro to get the latest kernel available. Otherwise, recompile the kernel from recent-enough sources."
 			fi
 		else
 			if [ -n "$kernel_ssb" ]; then
 				pvulnstatus $cve VULN "Your CPU doesn't support SSBD"
-				explain "Your kernel is recent enough to be able to export features for mitigation, but your CPU microcode doesn't provide the necessary tools"
+				explain "Your kernel is recent enough to use the CPU microcode features for mitigation, but your CPU microcode doesn't actually provide the necessary features for the kernel to use. The microcode of your CPU hence needs to be upgraded. This is usually done at boot time by your kernel (the upgrade is not persistent across reboots which is why it's done at each boot). If you're using a distro, make sure you are up to date, as microcode updates are usually shipped alongside with the distro kernel. Availability of a microcode update for you CPU model depends on your CPU vendor. You can usually find out online if a microcode update is available for your CPU by searching for your CPUID (indicated in the Hardware Check section)."
 			else
 				pvulnstatus $cve VULN "Neither your CPU nor your kernel support SSBD"
-				explain "You need to update your CPU microcode and use a more recent kernel to provide the necessary mitigation tools to the software running on your machine"
+				explain "Both your CPU microcode and your kernel are lacking support for mitigation. If you're using a distro kernel, upgrade your distro to get the latest kernel available. Otherwise, recompile the kernel from recent-enough sources. The microcode of your CPU also needs to be upgraded. This is usually done at boot time by your kernel (the upgrade is not persistent across reboots which is why it's done at each boot). If you're using a distro, make sure you are up to date, as microcode updates are usually shipped alongside with the distro kernel. Availability of a microcode update for you CPU model depends on your CPU vendor. You can usually find out online if a microcode update is available for your CPU by searching for your CPUID (indicated in the Hardware Check section)."
 			fi
 		fi
 	else

From f4d51e7e53888dac049d0996c5c3c9df7f24f3d1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Lesimple?= <speed47_github@speed47.net>
Date: Wed, 23 May 2018 22:47:54 +0200
Subject: [PATCH 10/12] fix(variant4): add another detection way for Red Hat
 kernel

---
 spectre-meltdown-checker.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/spectre-meltdown-checker.sh b/spectre-meltdown-checker.sh
index 0282ccb..a4652fb 100755
--- a/spectre-meltdown-checker.sh
+++ b/spectre-meltdown-checker.sh
@@ -2928,7 +2928,7 @@ check_variant4()
 	if [ "$opt_sysfs_only" != 1 ]; then
 		_info_nol "  * Kernel supports speculation store bypass: "
 		if [ "$opt_live" = 1 ]; then
-			if grep -q 'Speculation.Store.Bypass:' /proc/self/status 2>/dev/null; then
+			if grep -Eq 'Speculation.?Store.?Bypass:' /proc/self/status 2>/dev/null; then
 				kernel_ssb='found in /proc/self/status'
 				_debug "found Speculation.Store.Bypass: in /proc/self/status"
 			fi

From 2cde6e46499b7b0647274d9b87497fa0ccaebc9d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Lesimple?= <speed47_github@speed47.net>
Date: Wed, 23 May 2018 22:50:52 +0200
Subject: [PATCH 11/12] feat(ssbd): add detection of proper CPUID bits on AMD

---
 spectre-meltdown-checker.sh | 65 +++++++++++++++++++++++++------------
 1 file changed, 45 insertions(+), 20 deletions(-)

diff --git a/spectre-meltdown-checker.sh b/spectre-meltdown-checker.sh
index a4652fb..0de92ff 100755
--- a/spectre-meltdown-checker.sh
+++ b/spectre-meltdown-checker.sh
@@ -1672,16 +1672,41 @@ check_cpu()
 	fi
 
 	# variant 4
-	_info     "  * Speculative Store Bypass Disable (SSBD)"
-	_info_nol "    * CPU indicates SSBD capability: "
-	read_cpuid 0x7 $EDX 31 1 1; ret=$?
-	if [ $ret -eq 0 ]; then
-		cpuid_ssbd=1
-		pstatus green YES "SSBD feature bit"
-	elif [ $ret -eq 1 ]; then
-		pstatus yellow NO
-	else
+	if is_intel; then
+		_info     "  * Speculative Store Bypass Disable (SSBD)"
+		_info_nol "    * CPU indicates SSBD capability: "
+		read_cpuid 0x7 $EDX 31 1 1; ret=$?
+		if [ $ret -eq 0 ]; then
+			cpuid_ssbd='Intel SSBD'
+		fi
+	elif is_amd; then
+		_info     "  * Speculative Store Bypass Disable (SSBD)"
+		_info_nol "    * CPU indicates SSBD capability: "
+		read_cpuid 0x80000008 $EBX 24 1 1; ret24=$?
+		read_cpuid 0x80000008 $EBX 25 1 1; ret25=$?
+		if [ $ret24 -eq 0 ]; then
+			cpuid_ssbd='AMD SSBD in SPEC_CTRL'
+			#cpuid_ssbd_spec_ctrl=1
+		elif [ $ret25 -eq 0 ]; then
+			cpuid_ssbd='AMD SSBD in VIRT_SPEC_CTRL'
+			#cpuid_ssbd_virt_spec_ctrl=1
+		fi
+	fi
+
+	if [ -n "$cpuid_ssbd" ]; then
+		pstatus green YES "$cpuid_ssbd"
+	elif [ "$ret24" = 2 ] && [ "$ret25" = 2 ]; then
 		pstatus yellow UNKNOWN "is cpuid kernel module available?"
+	else
+		pstatus yellow NO
+	fi
+
+	if is_amd; then
+		# similar to SSB_NO for intel
+		read_cpuid 0x80000008 $EBX 26 1 1; ret=$?
+		if [ $ret -eq 0 ]; then
+			amd_ssb_no=1
+		fi
 	fi
 
 	if is_intel; then
@@ -1768,15 +1793,15 @@ check_cpu()
 		else
 			pstatus yellow NO
 		fi
+	fi
 
-		_info_nol "  * CPU explicitly indicates not being vulnerable to Variant 4 (SSB_NO): "
-		if [ "$capabilities_ssb_no" = -1 ]; then
-			pstatus yellow UNKNOWN
-		elif [ "$capabilities_ssb_no" = 1 ]; then
-			pstatus green YES
-		else
-			pstatus yellow NO
-		fi
+	_info_nol "  * CPU explicitly indicates not being vulnerable to Variant 4 (SSB_NO): "
+	if [ "$capabilities_ssb_no" = -1 ]; then
+		pstatus yellow UNKNOWN
+	elif [ "$capabilities_ssb_no" = 1 ] || [ "$amd_ssb_no" = 1 ]; then
+		pstatus green YES
+	else
+		pstatus yellow NO
 	fi
 
 	_info_nol "  * CPU microcode is known to cause stability problems: "
@@ -2894,7 +2919,7 @@ check_variant3a()
 	msg=''
 
 	_info_nol "  * CPU microcode mitigates the vulnerability: "
-	if [ "$cpuid_ssbd" = 1 ]; then
+	if [ -n "$cpuid_ssbd" ]; then
 		# microcodes that ship with SSBD are known to also fix variant3a
 		# there is no specific cpuid bit as far as we know
 		pstatus green YES
@@ -2906,7 +2931,7 @@ check_variant3a()
 	if ! is_cpu_vulnerable 3a; then
 		# override status & msg in case CPU is not vulnerable after all
 		pvulnstatus $cve OK "your CPU vendor reported your CPU model as not vulnerable"
-	elif [ "$cpuid_ssbd" = 1 ]; then
+	elif [ -n "$cpuid_ssbd" ]; then
 		pvulnstatus $cve OK "your CPU microcode mitigates the vulnerability"
 	else
 		pvulnstatus $cve VULN "an up-to-date CPU microcode is needed to mitigate this vulnerability"
@@ -2960,7 +2985,7 @@ check_variant4()
 		pvulnstatus $cve OK "your CPU vendor reported your CPU model as not vulnerable"
 	elif [ -z "$msg" ] || [ "$msg" = "Vulnerable" ]; then
 		# if msg is empty, sysfs check didn't fill it, rely on our own test
-		if [ "$cpuid_ssbd" = 1 ]; then
+		if [ -n "$cpuid_ssbd" ]; then
 			if [ -n "$kernel_ssb" ]; then
 				pvulnstatus $cve OK "your system provides the necessary tools for software mitigation"
 			else

From 39c778e3ac08fdffd4fb578fd41942a6fb5ac880 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Lesimple?= <speed47_github@speed47.net>
Date: Wed, 23 May 2018 23:08:07 +0200
Subject: [PATCH 12/12] fix(amd): AMD families 0x15-0x17 non-arch MSRs are a
 valid way to control SSB

---
 spectre-meltdown-checker.sh | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/spectre-meltdown-checker.sh b/spectre-meltdown-checker.sh
index 0de92ff..90d9a9a 100755
--- a/spectre-meltdown-checker.sh
+++ b/spectre-meltdown-checker.sh
@@ -953,7 +953,7 @@ parse_cpu_details()
 	fi
 
 	echo "$cpu_ucode" | grep -q ^0x && cpu_ucode_decimal=$(( cpu_ucode ))
-	ucode_found="model $cpu_model stepping $cpu_stepping ucode $cpu_ucode cpuid "$(printf "0x%x" "$cpuid")
+	ucode_found=$(printf "model 0x%x family 0x%x stepping 0x%x ucode 0x%x cpuid 0x%x" "$cpu_model" "$cpu_family" "$cpu_stepping" "$cpu_ucode" "$cpuid")
 
 	# also define those that we will need in other funcs
 	# taken from ttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/arch/x86/include/asm/intel-family.h
@@ -1690,6 +1690,8 @@ check_cpu()
 		elif [ $ret25 -eq 0 ]; then
 			cpuid_ssbd='AMD SSBD in VIRT_SPEC_CTRL'
 			#cpuid_ssbd_virt_spec_ctrl=1
+		elif [ "$cpu_family" -ge 21 ] && [ "$cpu_family" -le 23 ]; then
+			cpuid_ssbd='AMD non-architectural MSR'
 		fi
 	fi