mirror of
https://github.com/speed47/spectre-meltdown-checker.git
synced 2024-12-27 04:20:32 +01:00
enh: lazy loading of cpu informations
This commit is contained in:
parent
07afd95b63
commit
3d765bc703
@ -323,7 +323,7 @@ is_cpu_specex_free()
|
|||||||
# { X86_VENDOR_INTEL, 5 },
|
# { X86_VENDOR_INTEL, 5 },
|
||||||
# { X86_VENDOR_NSC, 5 },
|
# { X86_VENDOR_NSC, 5 },
|
||||||
# { X86_VENDOR_ANY, 4 },
|
# { X86_VENDOR_ANY, 4 },
|
||||||
set -u
|
parse_cpu_details
|
||||||
if [ "$cpu_vendor" = GenuineIntel ]; then
|
if [ "$cpu_vendor" = GenuineIntel ]; then
|
||||||
if [ "$cpu_family" = 6 ]; then
|
if [ "$cpu_family" = 6 ]; then
|
||||||
if [ "$cpu_model" = "$INTEL_FAM6_ATOM_CEDARVIEW" ] || \
|
if [ "$cpu_model" = "$INTEL_FAM6_ATOM_CEDARVIEW" ] || \
|
||||||
@ -331,15 +331,12 @@ is_cpu_specex_free()
|
|||||||
[ "$cpu_model" = "$INTEL_FAM6_ATOM_LINCROFT" ] || \
|
[ "$cpu_model" = "$INTEL_FAM6_ATOM_LINCROFT" ] || \
|
||||||
[ "$cpu_model" = "$INTEL_FAM6_ATOM_PENWELL" ] || \
|
[ "$cpu_model" = "$INTEL_FAM6_ATOM_PENWELL" ] || \
|
||||||
[ "$cpu_model" = "$INTEL_FAM6_ATOM_PINEVIEW" ]; then
|
[ "$cpu_model" = "$INTEL_FAM6_ATOM_PINEVIEW" ]; then
|
||||||
set +u
|
|
||||||
return 0
|
return 0
|
||||||
fi
|
fi
|
||||||
elif [ "$cpu_family" = 5 ]; then
|
elif [ "$cpu_family" = 5 ]; then
|
||||||
set +u
|
|
||||||
return 0
|
return 0
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
set +u
|
|
||||||
[ "$cpu_family" -eq 4 ] && return 0
|
[ "$cpu_family" -eq 4 ] && return 0
|
||||||
return 1
|
return 1
|
||||||
}
|
}
|
||||||
@ -683,6 +680,7 @@ is_coreos()
|
|||||||
|
|
||||||
parse_cpu_details()
|
parse_cpu_details()
|
||||||
{
|
{
|
||||||
|
[ "$parse_cpu_details_done" = 1 ] && return 0
|
||||||
cpu_vendor=$( grep '^vendor_id' /proc/cpuinfo | awk '{print $3}' | head -1)
|
cpu_vendor=$( grep '^vendor_id' /proc/cpuinfo | awk '{print $3}' | head -1)
|
||||||
cpu_friendly_name=$(grep '^model name' /proc/cpuinfo | cut -d: -f2- | head -1 | sed -e 's/^ *//')
|
cpu_friendly_name=$(grep '^model name' /proc/cpuinfo | cut -d: -f2- | head -1 | sed -e 's/^ *//')
|
||||||
# special case for ARM follows
|
# special case for ARM follows
|
||||||
@ -770,10 +768,12 @@ parse_cpu_details()
|
|||||||
INTEL_FAM6_XEON_PHI_KNL=$(( 0x57 ))
|
INTEL_FAM6_XEON_PHI_KNL=$(( 0x57 ))
|
||||||
INTEL_FAM6_XEON_PHI_KNM=$(( 0x85 ))
|
INTEL_FAM6_XEON_PHI_KNM=$(( 0x85 ))
|
||||||
}
|
}
|
||||||
|
parse_cpu_details_done=1
|
||||||
}
|
}
|
||||||
|
|
||||||
is_ucode_blacklisted()
|
is_ucode_blacklisted()
|
||||||
{
|
{
|
||||||
|
parse_cpu_details
|
||||||
# if it's not an Intel, don't bother: it's not blacklisted
|
# if it's not an Intel, don't bother: it's not blacklisted
|
||||||
[ "$cpu_vendor" = GenuineIntel ] || return 1
|
[ "$cpu_vendor" = GenuineIntel ] || return 1
|
||||||
# it also needs to be family=6
|
# it also needs to be family=6
|
||||||
@ -782,7 +782,6 @@ is_ucode_blacklisted()
|
|||||||
# source: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/arch/x86/kernel/cpu/intel.c#n105
|
# source: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/arch/x86/kernel/cpu/intel.c#n105
|
||||||
# model,stepping,microcode
|
# model,stepping,microcode
|
||||||
ucode_found="model $cpu_model stepping $cpu_stepping ucode $cpu_ucode"
|
ucode_found="model $cpu_model stepping $cpu_stepping ucode $cpu_ucode"
|
||||||
set -u
|
|
||||||
for tuple in \
|
for tuple in \
|
||||||
$INTEL_FAM6_KABYLAKE_DESKTOP,0x0B,0x84 \
|
$INTEL_FAM6_KABYLAKE_DESKTOP,0x0B,0x84 \
|
||||||
$INTEL_FAM6_KABYLAKE_DESKTOP,0x0A,0x84 \
|
$INTEL_FAM6_KABYLAKE_DESKTOP,0x0A,0x84 \
|
||||||
@ -813,11 +812,9 @@ is_ucode_blacklisted()
|
|||||||
ucode=$(echo $tuple | cut -d, -f3)
|
ucode=$(echo $tuple | cut -d, -f3)
|
||||||
if [ "$cpu_model" = "$model" ] && [ "$cpu_stepping" = "$stepping" ] && echo "$cpu_ucode" | grep -qi "^$ucode$"; then
|
if [ "$cpu_model" = "$model" ] && [ "$cpu_stepping" = "$stepping" ] && echo "$cpu_ucode" | grep -qi "^$ucode$"; then
|
||||||
_debug "is_ucode_blacklisted: we have a match! ($cpu_model/$cpu_stepping/$cpu_ucode)"
|
_debug "is_ucode_blacklisted: we have a match! ($cpu_model/$cpu_stepping/$cpu_ucode)"
|
||||||
set +u
|
|
||||||
return 0
|
return 0
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
set +u
|
|
||||||
_debug "is_ucode_blacklisted: no ($cpu_model/$cpu_stepping/$cpu_ucode)"
|
_debug "is_ucode_blacklisted: no ($cpu_model/$cpu_stepping/$cpu_ucode)"
|
||||||
return 1
|
return 1
|
||||||
}
|
}
|
||||||
@ -851,10 +848,9 @@ else
|
|||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# root check (only for live mode, for offline mode, we already checked if we could read the files)
|
|
||||||
|
|
||||||
parse_cpu_details
|
parse_cpu_details
|
||||||
if [ "$opt_live" = 1 ]; then
|
if [ "$opt_live" = 1 ]; then
|
||||||
|
# root check (only for live mode, for offline mode, we already checked if we could read the files)
|
||||||
if [ "$(id -u)" -ne 0 ]; then
|
if [ "$(id -u)" -ne 0 ]; then
|
||||||
_warn "Note that you should launch this script with root privileges to get accurate information."
|
_warn "Note that you should launch this script with root privileges to get accurate information."
|
||||||
_warn "We'll proceed but you might see permission denied errors."
|
_warn "We'll proceed but you might see permission denied errors."
|
||||||
@ -920,6 +916,7 @@ if [ "$opt_live" = 1 ]; then
|
|||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
_info "Checking for vulnerabilities against specified kernel"
|
_info "Checking for vulnerabilities against specified kernel"
|
||||||
|
_info "CPU is \033[35m$cpu_friendly_name\033[0m"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ -n "$opt_kernel" ]; then
|
if [ -n "$opt_kernel" ]; then
|
||||||
@ -1405,9 +1402,7 @@ check_variant2()
|
|||||||
;;
|
;;
|
||||||
0)
|
0)
|
||||||
pstatus red NO
|
pstatus red NO
|
||||||
if [ "$opt_verbose" -ge 2 ]; then
|
_verbose " - To enable, \`echo 1 > $ibrs_knob_dir/ibrs_enabled' as root. If you don't have hardware support, you'll get an error."
|
||||||
_info " - To enable, \`echo 1 > $ibrs_knob_dir/ibrs_enabled' as root. If you don't have hardware support, you'll get an error."
|
|
||||||
fi
|
|
||||||
;;
|
;;
|
||||||
1 | 2) pstatus green YES;;
|
1 | 2) pstatus green YES;;
|
||||||
*) pstatus yellow UNKNOWN;;
|
*) pstatus yellow UNKNOWN;;
|
||||||
@ -1433,9 +1428,7 @@ check_variant2()
|
|||||||
;;
|
;;
|
||||||
0 | 1)
|
0 | 1)
|
||||||
pstatus red NO
|
pstatus red NO
|
||||||
if [ "$opt_verbose" -ge 2 ]; then
|
_verbose " - To enable, \`echo 2 > $ibrs_knob_dir/ibrs_enabled' as root. If you don't have hardware support, you'll get an error."
|
||||||
_info " - To enable, \`echo 2 > $ibrs_knob_dir/ibrs_enabled' as root. If you don't have hardware support, you'll get an error."
|
|
||||||
fi
|
|
||||||
;;
|
;;
|
||||||
2) pstatus green YES;;
|
2) pstatus green YES;;
|
||||||
*) pstatus yellow UNKNOWN;;
|
*) pstatus yellow UNKNOWN;;
|
||||||
@ -1457,9 +1450,7 @@ check_variant2()
|
|||||||
;;
|
;;
|
||||||
0)
|
0)
|
||||||
pstatus red NO
|
pstatus red NO
|
||||||
if [ "$opt_verbose" -ge 2 ]; then
|
_verbose " - To enable, \`echo 1 > $ibrs_knob_dir/ibpb_enabled' as root. If you don't have hardware support, you'll get an error."
|
||||||
_info " - To enable, \`echo 1 > $ibrs_knob_dir/ibpb_enabled' as root. If you don't have hardware support, you'll get an error."
|
|
||||||
fi
|
|
||||||
;;
|
;;
|
||||||
1) pstatus green YES;;
|
1) pstatus green YES;;
|
||||||
2) pstatus green YES "IBPB used instead of IBRS in all kernel entrypoints";;
|
2) pstatus green YES "IBPB used instead of IBRS in all kernel entrypoints";;
|
||||||
|
Loading…
Reference in New Issue
Block a user