From 4edb867def8597761eb9ecc91d6acee6d4376835 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Lesimple?= Date: Sun, 5 May 2019 19:57:59 +0200 Subject: [PATCH] fix(vmm): revert to checking the running processes to detect a hypervisor More information available on #278 --- spectre-meltdown-checker.sh | 36 ++++++++---------------------------- 1 file changed, 8 insertions(+), 28 deletions(-) diff --git a/spectre-meltdown-checker.sh b/spectre-meltdown-checker.sh index f5c3f17..e48577a 100755 --- a/spectre-meltdown-checker.sh +++ b/spectre-meltdown-checker.sh @@ -3854,37 +3854,17 @@ check_CVE_2018_3646_linux() # a hypervisor, as this requires more mitigations has_vmm=2 elif [ "$has_vmm" = -1 ]; then - # Assumed to be running on bare metal unless evidence of vm is found. - has_vmm=0 - # test for presence of hypervisor flag - definitive if set - if [ -e "$procfs/cpuinfo" ] && grep ^flags "$procfs/cpuinfo" | grep -qw hypervisor; then + # Here, we want to know if we are hosting a hypervisor, and running some VMs on it. + # If we find no evidence that this is the case, assume we're not (to avoid scaring users), + # this can always be overridden with --vmm in any case. + # ... ignore SC2009 as `ps ax` is actually used as a fallback if `pgrep` isn't installed + # shellcheck disable=SC2009 + if command -v pgrep >/dev/null 2>&1 && { pgrep qemu >/dev/null || pgrep kvm >/dev/null || pgrep libvirtd >/dev/null; }; then has_vmm=1 - _debug "hypervisor: present - hypervisor flag set in $procfs/cpuinfo" - else - _debug "hypervisor: unknown - hypervisor flag not set in $procfs/cpuinfo" - fi - # test for kernel detected hypervisor - dmesg_grep "Hypervisor detected:" ; ret=$? - if [ $ret -eq 0 ]; then - _debug "hypervisor: present - found in dmesg: $dmesg_grepped" + elif ps ax | grep -vw grep | grep -q -e '\