mirror of
https://github.com/speed47/spectre-meltdown-checker.git
synced 2025-01-09 19:00:29 +01:00
refactor: no longer display the retoline-aware compiler test when we can't tell for sure
This commit is contained in:
parent
6a48251647
commit
8606e60ef7
@ -2207,7 +2207,7 @@ check_variant2_linux()
|
|||||||
pstatus yellow UNKNOWN "couldn't read your kernel configuration"
|
pstatus yellow UNKNOWN "couldn't read your kernel configuration"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
_info_nol " * Kernel compiled with a retpoline-aware compiler: "
|
if [ "$retpoline" = 1 ]; then
|
||||||
# Now check if the compiler used to compile the kernel knows how to insert retpolines in generated asm
|
# Now check if the compiler used to compile the kernel knows how to insert retpolines in generated asm
|
||||||
# For gcc, this is -mindirect-branch=thunk-extern (detected by the kernel makefiles)
|
# For gcc, this is -mindirect-branch=thunk-extern (detected by the kernel makefiles)
|
||||||
# See gcc commit https://github.com/hjl-tools/gcc/commit/23b517d4a67c02d3ef80b6109218f2aadad7bd79
|
# See gcc commit https://github.com/hjl-tools/gcc/commit/23b517d4a67c02d3ef80b6109218f2aadad7bd79
|
||||||
@ -2219,29 +2219,18 @@ check_variant2_linux()
|
|||||||
if [ "$opt_live" = 1 ] && [ -e "/sys/devices/system/cpu/vulnerabilities/spectre_v2" ]; then
|
if [ "$opt_live" = 1 ] && [ -e "/sys/devices/system/cpu/vulnerabilities/spectre_v2" ]; then
|
||||||
if grep -qwi retpoline /sys/devices/system/cpu/vulnerabilities/spectre_v2; then
|
if grep -qwi retpoline /sys/devices/system/cpu/vulnerabilities/spectre_v2; then
|
||||||
if grep -qwi minimal /sys/devices/system/cpu/vulnerabilities/spectre_v2; then
|
if grep -qwi minimal /sys/devices/system/cpu/vulnerabilities/spectre_v2; then
|
||||||
pstatus yellow NO "kernel reports minimal retpoline compilation"
|
retpoline_compiler=0
|
||||||
|
retpoline_compiler_reason="kernel reports minimal retpoline compilation"
|
||||||
else
|
else
|
||||||
retpoline_compiler=1
|
retpoline_compiler=1
|
||||||
pstatus green YES "kernel reports full retpoline compilation"
|
retpoline_compiler_reason="kernel reports full retpoline compilation"
|
||||||
fi
|
|
||||||
else
|
|
||||||
if [ "$retpoline" = 1 ]; then
|
|
||||||
pstatus yellow UNKNOWN
|
|
||||||
else
|
|
||||||
pstatus yellow NO
|
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
elif [ -n "$opt_map" ]; then
|
elif [ -n "$opt_map" ]; then
|
||||||
# look for the symbol
|
# look for the symbol
|
||||||
if grep -qw noretpoline_setup "$opt_map"; then
|
if grep -qw noretpoline_setup "$opt_map"; then
|
||||||
retpoline_compiler=1
|
retpoline_compiler=1
|
||||||
pstatus green YES "noretpoline_setup symbol found in System.map"
|
retpoline_compiler_reason="noretpoline_setup symbol found in System.map"
|
||||||
else
|
|
||||||
if [ "$retpoline" = 1 ]; then
|
|
||||||
pstatus yellow UNKNOWN
|
|
||||||
else
|
|
||||||
pstatus yellow NO
|
|
||||||
fi
|
|
||||||
fi
|
fi
|
||||||
elif [ -n "$kernel" ]; then
|
elif [ -n "$kernel" ]; then
|
||||||
# look for the symbol
|
# look for the symbol
|
||||||
@ -2249,31 +2238,30 @@ check_variant2_linux()
|
|||||||
# the proper way: use nm and look for the symbol
|
# the proper way: use nm and look for the symbol
|
||||||
if "${opt_arch_prefix}nm" "$kernel" 2>/dev/null | grep -qw 'noretpoline_setup'; then
|
if "${opt_arch_prefix}nm" "$kernel" 2>/dev/null | grep -qw 'noretpoline_setup'; then
|
||||||
retpoline_compiler=1
|
retpoline_compiler=1
|
||||||
pstatus green YES "noretpoline_setup found in kernel symbols"
|
retpoline_compiler_reason="noretpoline_setup found in kernel symbols"
|
||||||
else
|
|
||||||
if [ "$retpoline" = 1 ]; then
|
|
||||||
pstatus yellow UNKNOWN
|
|
||||||
else
|
|
||||||
pstatus yellow NO
|
|
||||||
fi
|
|
||||||
fi
|
fi
|
||||||
elif grep -q noretpoline_setup "$kernel"; then
|
elif grep -q noretpoline_setup "$kernel"; then
|
||||||
# if we don't have nm, nevermind, the symbol name is long enough to not have
|
# if we don't have nm, nevermind, the symbol name is long enough to not have
|
||||||
# any false positive using good old grep directly on the binary
|
# any false positive using good old grep directly on the binary
|
||||||
retpoline_compiler=1
|
retpoline_compiler=1
|
||||||
pstatus green YES "noretpoline_setup found in kernel"
|
retpoline_compiler_reason="noretpoline_setup found in kernel"
|
||||||
else
|
|
||||||
if [ "$retpoline" = 1 ]; then
|
|
||||||
pstatus yellow UNKNOWN
|
|
||||||
else
|
|
||||||
pstatus yellow NO
|
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
if [ -n "$retpoline_compiler" ]; then
|
||||||
|
_info_nol " * Kernel compiled with a retpoline-aware compiler: "
|
||||||
|
if [ "$retpoline_compiler" = 1 ]; then
|
||||||
|
if [ -n "$retpoline_compiler_reason" ]; then
|
||||||
|
pstatus green YES "$retpoline_compiler_reason"
|
||||||
else
|
else
|
||||||
if [ "$retpoline" = 1 ]; then
|
pstatus green YES
|
||||||
pstatus yellow UNKNOWN "couldn't find your kernel image or System.map"
|
fi
|
||||||
else
|
else
|
||||||
pstatus yellow NO
|
if [ -n "$retpoline_compiler_reason" ]; then
|
||||||
|
pstatus red NO "$retpoline_compiler_reason"
|
||||||
|
else
|
||||||
|
pstatus red NO
|
||||||
|
fi
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@ -2287,7 +2275,6 @@ check_variant2_linux()
|
|||||||
pstatus green YES
|
pstatus green YES
|
||||||
else
|
else
|
||||||
pstatus yellow NO
|
pstatus yellow NO
|
||||||
_verbose " - To enable, \`echo 1 > $specex_knob_dir/retp_enabled' as root."
|
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
@ -2408,7 +2395,7 @@ check_variant2_linux()
|
|||||||
if is_amd || ( is_intel && ! is_skylake_cpu ); then
|
if is_amd || ( is_intel && ! is_skylake_cpu ); then
|
||||||
if [ "$retpoline" = 0 ]; then
|
if [ "$retpoline" = 0 ]; then
|
||||||
explain "Your kernel is not compiled with retpoline support, so you need to either upgrade your kernel (if you're using a distro) or recompile your kernel with the CONFIG_RETPOLINE option enabled. You also need to compile your kernel with a retpoline-aware compiler (re-run this script with -v to know if your version of gcc is retpoline-aware)."
|
explain "Your kernel is not compiled with retpoline support, so you need to either upgrade your kernel (if you're using a distro) or recompile your kernel with the CONFIG_RETPOLINE option enabled. You also need to compile your kernel with a retpoline-aware compiler (re-run this script with -v to know if your version of gcc is retpoline-aware)."
|
||||||
elif [ "$retpoline" = 1 ] && [ "$retpoline_compiler" != 1 ]; then
|
elif [ "$retpoline" = 1 ] && [ "$retpoline_compiler" = 0 ]; then
|
||||||
explain "Your kernel is compiled with retpoline, but without a retpoline-aware compiler (re-run this script with -v to know if your version of gcc is retpoline-aware)."
|
explain "Your kernel is compiled with retpoline, but without a retpoline-aware compiler (re-run this script with -v to know if your version of gcc is retpoline-aware)."
|
||||||
elif [ "$retpoline" = 1 ] && [ "$retpoline_compiler" = 1 ] && [ "$retp_enabled" = 0 ]; then
|
elif [ "$retpoline" = 1 ] && [ "$retpoline_compiler" = 1 ] && [ "$retp_enabled" = 0 ]; then
|
||||||
explain "Your kernel has retpoline support and has been compiled with a retpoline-aware compiler, but retpoline is disabled. You should enable it with \`echo 1 > $specex_knob_dir/retp_enabled\`."
|
explain "Your kernel has retpoline support and has been compiled with a retpoline-aware compiler, but retpoline is disabled. You should enable it with \`echo 1 > $specex_knob_dir/retp_enabled\`."
|
||||||
|
Loading…
Reference in New Issue
Block a user