L1TF/Linux: remove dead code, fix --sysfs-only bug
We don't use $msg and $status. Also, by always initializing l1d_mode, we fix the following "crash", when running with `--sysfs-only`: ` CVE-2018-3646 aka 'Foreshadow-NG (VMM), L1 terminal fault' * Information from the /sys interface: VMX: vulnerable ./spectre-meltdown-checker.sh: line 3945: [: : integer expression expected `
This commit is contained in:
parent
fc4981bb94
commit
2cfae92cb0
|
@ -3783,10 +3783,8 @@ check_CVE_2018_3646_linux()
|
||||||
status=UNK
|
status=UNK
|
||||||
sys_interface_available=0
|
sys_interface_available=0
|
||||||
msg=''
|
msg=''
|
||||||
if sys_interface_check "/sys/devices/system/cpu/vulnerabilities/l1tf" 'VMX:.*' silent; then
|
l1d_mode=-1
|
||||||
# this kernel has the /sys interface, trust it over everything
|
|
||||||
sys_interface_available=1
|
|
||||||
fi
|
|
||||||
if [ "$opt_sysfs_only" != 1 ]; then
|
if [ "$opt_sysfs_only" != 1 ]; then
|
||||||
_info_nol "* This system is a host running a hypervisor: "
|
_info_nol "* This system is a host running a hypervisor: "
|
||||||
has_vmm=$opt_vmm
|
has_vmm=$opt_vmm
|
||||||
|
@ -3925,16 +3923,9 @@ check_CVE_2018_3646_linux()
|
||||||
else
|
else
|
||||||
pstatus yellow UNKNOWN
|
pstatus yellow UNKNOWN
|
||||||
fi
|
fi
|
||||||
|
|
||||||
elif [ "$sys_interface_available" = 0 ]; then
|
|
||||||
# we have no sysfs but were asked to use it only!
|
|
||||||
msg="/sys vulnerability interface use forced, but it's not available!"
|
|
||||||
status=UNK
|
|
||||||
l1d_mode=-1
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if ! is_cpu_vulnerable "$cve"; then
|
if ! is_cpu_vulnerable "$cve"; then
|
||||||
# override status & msg in case CPU is not vulnerable after all
|
|
||||||
pvulnstatus $cve OK "your CPU vendor reported your CPU model as not vulnerable"
|
pvulnstatus $cve OK "your CPU vendor reported your CPU model as not vulnerable"
|
||||||
elif [ "$has_vmm" = 0 ]; then
|
elif [ "$has_vmm" = 0 ]; then
|
||||||
pvulnstatus $cve OK "this system is not running a hypervisor"
|
pvulnstatus $cve OK "this system is not running a hypervisor"
|
||||||
|
|
Loading…
Reference in New Issue