mirror of
https://github.com/speed47/spectre-meltdown-checker.git
synced 2025-01-08 18:30:26 +01:00
fix: don't make IBPB mandatory when it's not there
On some kernels there could be IBRS support but not IBPB support, in that case, don't report VULN just because IBPB is not enabled when IBRS is
This commit is contained in:
parent
3b0ec998b1
commit
53b9eda040
@ -1011,6 +1011,7 @@ check_variant2()
|
|||||||
ibpb_enabled=$(cat "$dir/ibpb_enabled" 2>/dev/null)
|
ibpb_enabled=$(cat "$dir/ibpb_enabled" 2>/dev/null)
|
||||||
_debug "ibpb: found $dir/ibpb_enabled=$ibpb_enabled"
|
_debug "ibpb: found $dir/ibpb_enabled=$ibpb_enabled"
|
||||||
else
|
else
|
||||||
|
ibpb_enabled=-1
|
||||||
_debug "ibpb: no ibpb_enabled file in $dir"
|
_debug "ibpb: no ibpb_enabled file in $dir"
|
||||||
fi
|
fi
|
||||||
break
|
break
|
||||||
@ -1193,6 +1194,9 @@ check_variant2()
|
|||||||
elif [ "$opt_live" = 1 ]; then
|
elif [ "$opt_live" = 1 ]; then
|
||||||
if [ "$ibrs_enabled" = 1 -o "$ibrs_enabled" = 2 ] && [ "$ibpb_enabled" = 1 ]; then
|
if [ "$ibrs_enabled" = 1 -o "$ibrs_enabled" = 2 ] && [ "$ibpb_enabled" = 1 ]; then
|
||||||
pvulnstatus $cve OK "IBRS/IBPB are mitigating the vulnerability"
|
pvulnstatus $cve OK "IBRS/IBPB are mitigating the vulnerability"
|
||||||
|
elif [ "$ibrs_enabled" = 1 -o "$ibrs_enabled" = 2 ] && [ "$ibpb_enabled" = -1 ]; then
|
||||||
|
# IBPB doesn't seem here on this kernel
|
||||||
|
pvulnstatus $cve OK "IBRS is mitigating the vulnerability"
|
||||||
elif [ "$ibpb_enabled" = 2 ]; then
|
elif [ "$ibpb_enabled" = 2 ]; then
|
||||||
pvulnstatus $cve OK "Full IBPB is mitigating the vulnerability"
|
pvulnstatus $cve OK "Full IBPB is mitigating the vulnerability"
|
||||||
else
|
else
|
||||||
|
Loading…
Reference in New Issue
Block a user