L1TF/Linux: Fix "running an hypervisor" detection via sysfs

If we can look in `/sys/devices/system/cpu/vulnerabilities/l1tf`, and we find 'VMX' in it, it means we can run KVM guests, and hence we are running as an hypervisor. Right now, on a system with VMX enabled, with KVM guests running, and booted with "l1tf=off", I see this: ` CVE-2018-3646 aka 'Foreshadow-NG (VMM), L1 terminal fault' * Information from the /sys interface: VMX: vulnerable * This system is a host running a hypervisor: NO ... ... ... * L1D flush enabled: NO > STATUS: NOT VULNERABLE (this system is not running a hypervisor) ` Which is wrong. In fact, as said, guests are running, so we are an hypervisor, and with "l1tf=off" (and hence L1D flush disabled) we are vulnerable.
2019-04-18 17:22:44 +02:00 · 2019-04-18 17:22:44 +02:00 · 5e83e2cfa4
parent 2cfae92cb0
commit 5e83e2cfa4
1 changed files with 7 additions and 1 deletions
--- a/spectre-meltdown-checker.sh
+++ b/spectre-meltdown-checker.sh
@ -3785,9 +3785,15 @@ check_CVE_2018_3646_linux()
 	msg=''
 	l1d_mode=-1

+	has_vmm=$opt_vmm
+	if sys_interface_check "/sys/devices/system/cpu/vulnerabilities/l1tf" 'VMX:.*' silent; then
+		# if we can use /sys, and it has 'VMX', we are can run VMs
+		if [ "$opt_vmm" != 0 ]; then
+			has_vmm=1;
+		fi
+	fi
 	if [ "$opt_sysfs_only" != 1 ]; then
 		_info_nol "* This system is a host running a hypervisor: "
-		has_vmm=$opt_vmm
 		if [ "$has_vmm" = -1 ]; then
 			# Assumed to be running on bare metal unless evidence of vm is found.
 			has_vmm=0