mirror of
https://github.com/speed47/spectre-meltdown-checker.git
synced 2024-12-05 02:38:04 +01:00
feat(l1tf): read & report ARCH_CAPABILITIES bit 3 (SKIP_VMENTRY_L1DFLUSH)
This commit is contained in:
parent
cbb18cb6b6
commit
3b2d529654
@ -2148,15 +2148,17 @@ check_cpu()
|
||||
_info_nol " * ARCH_CAPABILITIES MSR advertises IBRS_ALL capability: "
|
||||
capabilities_rdcl_no=-1
|
||||
capabilities_ibrs_all=-1
|
||||
capabilities_ssb_no=-1
|
||||
capabilities_rsba=-1
|
||||
capabilities_l1dflush_no=-1
|
||||
capabilities_ssb_no=-1
|
||||
if [ "$cpuid_arch_capabilities" = -1 ]; then
|
||||
pstatus yellow UNKNOWN
|
||||
elif [ "$cpuid_arch_capabilities" != 1 ]; then
|
||||
capabilities_rdcl_no=0
|
||||
capabilities_ibrs_all=0
|
||||
capabilities_ssb_no=0
|
||||
capabilities_rsba=0
|
||||
capabilities_l1dflush_no=0
|
||||
capabilities_ssb_no=0
|
||||
pstatus yellow NO
|
||||
elif [ ! -e /dev/cpu/0/msr ] && [ ! -e /dev/cpuctl0 ]; then
|
||||
spec_ctrl_msr=-1
|
||||
@ -2185,15 +2187,17 @@ check_cpu()
|
||||
capabilities=$val_cap_msr
|
||||
capabilities_rdcl_no=0
|
||||
capabilities_ibrs_all=0
|
||||
capabilities_ssb_no=0
|
||||
capabilities_rsba=0
|
||||
capabilities_l1dflush_no=0
|
||||
capabilities_ssb_no=0
|
||||
if [ $val -eq 0 ]; then
|
||||
_debug "capabilities MSR is $capabilities (decimal)"
|
||||
[ $(( capabilities >> 0 & 1 )) -eq 1 ] && capabilities_rdcl_no=1
|
||||
[ $(( capabilities >> 1 & 1 )) -eq 1 ] && capabilities_ibrs_all=1
|
||||
[ $(( capabilities >> 2 & 1 )) -eq 1 ] && capabilities_rsba=1
|
||||
[ $(( capabilities >> 3 & 1 )) -eq 1 ] && capabilities_l1dflush_no=1
|
||||
[ $(( capabilities >> 4 & 1 )) -eq 1 ] && capabilities_ssb_no=1
|
||||
_debug "capabilities says rdcl_no=$capabilities_rdcl_no ibrs_all=$capabilities_ibrs_all ssb_no=$capabilities_ssb_no rsba=$capabilities_rsba"
|
||||
_debug "capabilities says rdcl_no=$capabilities_rdcl_no ibrs_all=$capabilities_ibrs_all rsba=$capabilities_rsba l1dflush_no=$capabilities_l1dflush_no ssb_no=$capabilities_ssb_no"
|
||||
if [ "$capabilities_ibrs_all" = 1 ]; then
|
||||
if [ $cpu_mismatch -eq 0 ]; then
|
||||
pstatus green YES
|
||||
@ -2220,24 +2224,33 @@ check_cpu()
|
||||
else
|
||||
pstatus yellow NO
|
||||
fi
|
||||
fi
|
||||
|
||||
_info_nol " * CPU explicitly indicates not being vulnerable to Variant 4 (SSB_NO): "
|
||||
if [ "$capabilities_ssb_no" = -1 ]; then
|
||||
pstatus yellow UNKNOWN
|
||||
elif [ "$capabilities_ssb_no" = 1 ] || [ "$amd_ssb_no" = 1 ]; then
|
||||
pstatus green YES
|
||||
else
|
||||
pstatus yellow NO
|
||||
fi
|
||||
_info_nol " * CPU explicitly indicates not being vulnerable to Variant 4 (SSB_NO): "
|
||||
if [ "$capabilities_ssb_no" = -1 ]; then
|
||||
pstatus yellow UNKNOWN
|
||||
elif [ "$capabilities_ssb_no" = 1 ] || [ "$amd_ssb_no" = 1 ]; then
|
||||
pstatus green YES
|
||||
else
|
||||
pstatus yellow NO
|
||||
fi
|
||||
|
||||
_info_nol " * Hypervisor indicates host CPU might be vulnerable to RSB underflow (RSBA): "
|
||||
if [ "$capabilities_rsba" = -1 ]; then
|
||||
pstatus yellow UNKNOWN
|
||||
elif [ "$capabilities_rsba" = 1 ]; then
|
||||
pstatus yellow YES
|
||||
else
|
||||
pstatus blue NO
|
||||
_info_nol " * CPU/Hypervisor indicates L1D flushing is not necessary on this system: "
|
||||
if [ "$capabilities_l1dflush_no" = -1 ]; then
|
||||
pstatus yellow UNKNOWN
|
||||
elif [ "$capabilities_l1dflush_no" = 1 ]; then
|
||||
pstatus green YES
|
||||
else
|
||||
pstatus yellow NO
|
||||
fi
|
||||
|
||||
_info_nol " * Hypervisor indicates host CPU might be vulnerable to RSB underflow (RSBA): "
|
||||
if [ "$capabilities_rsba" = -1 ]; then
|
||||
pstatus yellow UNKNOWN
|
||||
elif [ "$capabilities_rsba" = 1 ]; then
|
||||
pstatus yellow YES
|
||||
else
|
||||
pstatus blue NO
|
||||
fi
|
||||
fi
|
||||
|
||||
_info_nol " * CPU supports Software Guard Extensions (SGX): "
|
||||
|
Loading…
Reference in New Issue
Block a user