From 5e83e2cfa4f530a7a8fd0e45b136a731e331718c Mon Sep 17 00:00:00 2001
From: Dario Faggioli <dfaggioli@suse.com>
Date: Thu, 18 Apr 2019 17:22:44 +0200
Subject: [PATCH] L1TF/Linux: Fix "running an hypervisor" detection via sysfs

If we can look in `/sys/devices/system/cpu/vulnerabilities/l1tf`, and
we find 'VMX' in it, it means we can run KVM guests, and hence we are
running as an hypervisor.

Right now, on a system with VMX enabled, with KVM guests running, and
booted with "l1tf=off", I see this:
`
  CVE-2018-3646 aka 'Foreshadow-NG (VMM), L1 terminal fault'
  * Information from the /sys interface: VMX: vulnerable
  * This system is a host running a hypervisor:  NO
  ... ... ...
    * L1D flush enabled:  NO
  > STATUS:  NOT VULNERABLE  (this system is not running a hypervisor)
`
Which is wrong.

In fact, as said, guests are running, so we are an hypervisor,
and with "l1tf=off" (and hence L1D flush disabled) we are vulnerable.
---
 spectre-meltdown-checker.sh | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/spectre-meltdown-checker.sh b/spectre-meltdown-checker.sh
index 265a2c7..0c51387 100755
--- a/spectre-meltdown-checker.sh
+++ b/spectre-meltdown-checker.sh
@@ -3785,9 +3785,15 @@ check_CVE_2018_3646_linux()
 	msg=''
 	l1d_mode=-1
 
+	has_vmm=$opt_vmm
+	if sys_interface_check "/sys/devices/system/cpu/vulnerabilities/l1tf" 'VMX:.*' silent; then
+		# if we can use /sys, and it has 'VMX', we are can run VMs
+		if [ "$opt_vmm" != 0 ]; then
+			has_vmm=1;
+		fi
+	fi
 	if [ "$opt_sysfs_only" != 1 ]; then
 		_info_nol "* This system is a host running a hypervisor: "
-		has_vmm=$opt_vmm
 		if [ "$has_vmm" = -1 ]; then
 			# Assumed to be running on bare metal unless evidence of vm is found.
 			has_vmm=0