peter/spectre-meltdown-checker
1
0
Fork 0
mirror of https://github.com/speed47/spectre-meltdown-checker.git synced 2026-06-07 23:23:01 +02:00
Code Issues Projects Releases Wiki Activity

hw: detect VM guest via hypervisor CPUID flag, warn on unreliable microcode

Browse Source 
Addresses issue #336: when running inside a VM (KVM, VMware, ESXi,
Hyper-V, VirtualBox), the hypervisor can present a fake CPUID and
microcode version to the guest, making the microcode up-to-date check
meaningless or misleading.

Changes:
- Add is_running_as_guest() to 370_hw_vmm.sh: detects VM guest status
  by checking for the 'hypervisor' CPUID flag in /proc/cpuinfo, which
  is exposed by KVM, VMware, Hyper-V, VirtualBox and most other
  hypervisors. Result is cached in g_is_guest_vm / g_is_guest_vm_reason.

- Add "Running as VM guest: YES/NO" line to the CPU details block in
  check_cpu() (400_hw_check.sh), shown for both x86 and ARM guests.

- Add a pr_warn block after the microcode-is-latest check in check_cpu()
  advising the user to verify microcode information on the hypervisor
  host when a VM guest is detected.

- Add minimal ARM CPU details block in check_cpu(): vendor, model name,
  implementer(s), part(s), architecture(s), and VM guest status. ARM CPUs
  previously got no output from check_cpu() due to the x86-only early
  return guard.

- Expose guest VM status in JSON output (250_output_emitters.sh):
  - system section: guest_vm (bool) and guest_vm_reason (string)
  - cpu_microcode section: unreliable_in_vm (bool)
This commit is contained in:
Stéphane Lesimple
2026-04-22 00:08:11 +02:00
parent 7329c1fd2f
commit 43bbfabc34
3 changed files with 66 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/libs/370_hw_vmm.sh
+18
View File
@@ -55,3 +55,21 @@ is_xen_domU() {
return 1
fi
}
# Check whether the system is running as a guest inside a virtual machine.
# Uses the 'hypervisor' CPUID feature flag exposed in /proc/cpuinfo by KVM,
# VMware, Hyper-V, VirtualBox, and most other type-1 and type-2 hypervisors.
# Returns: 0 if running as a VM guest, 1 otherwise
# Sets: g_is_guest_vm (1=guest, 0=not a guest), g_is_guest_vm_reason
is_running_as_guest() {
if [ "${g_is_guest_vm_cached:-0}" != 1 ]; then
g_is_guest_vm=0
g_is_guest_vm_reason=''
if [ -e "$g_procfs/cpuinfo" ] && grep -qw 'hypervisor' "$g_procfs/cpuinfo" 2>/dev/null; then
g_is_guest_vm=1
g_is_guest_vm_reason="'hypervisor' flag in $g_procfs/cpuinfo"
fi
g_is_guest_vm_cached=1
fi
[ "$g_is_guest_vm" = 1 ]
}