L1TF/Linux: fix EPT on/off detection against sysfs
Checking whether or not EPT is enabled, happens via /sys. We should therefore also make sure that we do that when being invoked with no options, and with `--sysfs-only`, and that we don't when invoked with `--no-sysfs`.
This commit is contained in:
parent
0421aea53f
commit
5e35f0a711
|
@ -3845,7 +3845,9 @@ check_CVE_2018_3646_linux()
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ "$opt_sysfs_only" != 1 ]; then
|
# until we find it is actually off, let's assume enabled
|
||||||
|
ept_disabled=0
|
||||||
|
if [ "$opt_no_sysfs" != 1 ]; then
|
||||||
_info "* Mitigation 1 (KVM)"
|
_info "* Mitigation 1 (KVM)"
|
||||||
_info_nol " * EPT is disabled: "
|
_info_nol " * EPT is disabled: "
|
||||||
if [ "$opt_live" = 1 ]; then
|
if [ "$opt_live" = 1 ]; then
|
||||||
|
@ -3860,7 +3862,9 @@ check_CVE_2018_3646_linux()
|
||||||
else
|
else
|
||||||
pstatus blue N/A "not testable in offline mode"
|
pstatus blue N/A "not testable in offline mode"
|
||||||
fi
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ "$opt_sysfs_only" != 1 ]; then
|
||||||
_info "* Mitigation 2"
|
_info "* Mitigation 2"
|
||||||
_info_nol " * L1D flush is supported by kernel: "
|
_info_nol " * L1D flush is supported by kernel: "
|
||||||
if [ "$opt_live" = 1 ] && grep -qw flush_l1d "$procfs/cpuinfo"; then
|
if [ "$opt_live" = 1 ] && grep -qw flush_l1d "$procfs/cpuinfo"; then
|
||||||
|
|
Loading…
Reference in New Issue