peter/spectre-meltdown-checker
1
0
Fork 0
mirror of https://github.com/speed47/spectre-meltdown-checker.git synced 2025-10-31 12:40:57 +01:00
Code Issues Projects Releases Wiki Activity

fix: detect Red Hat locked down kernels (impacts MSR writes)

Browse Source
This commit is contained in:
Stéphane Lesimple
2019-09-22 00:45:02 +02:00
parent e01f97ee75
commit a306757c22
1 changed files with 25 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
spectre-meltdown-checker.sh
View File

@@ -2200,6 +2200,18 @@ write_msr()
_debug "write_msr: using perl"
ret=1
perl -e "open(M,'>','/dev/cpu/$_cpu/msr') and seek(M,$_msr_dec,0) and exit(syswrite(M,pack('H16',0)))"; [ $? -eq 8 ] && ret=0
if [ "$ret" = 1 ]; then
# Fedora (and probably Red Hat) have a "kernel lock down" feature that prevents us to write to MSRs
# when this mode is enabled and EFI secure boot is enabled (see issue #303)
# https://src.fedoraproject.org/rpms/kernel/blob/master/f/efi-lockdown.patch
# when this happens, any write will fail and dmesg will have a msg printed "msr: Direct access to MSR"
# we don't use dmesg_grep() because we don't care if dmesg is truncated here, as the message has just been printed
if dmesg | grep -qF "msr: Direct access to MSR"; then
_debug "write_msr: locked down kernel detected"
mockme=$(printf "%b\n%b" "$mockme" "SMC_MOCK_WRMSR_${_msr}_RET=202")
return 202 # lockdown error
fi
fi
# fallback to dd if it supports seek_bytes
elif dd if=/dev/null of=/dev/null bs=8 count=1 seek="$_msr_dec" oflag=seek_bytes 2>/dev/null; then
_debug "write_msr: using dd"
@@ -2345,6 +2357,9 @@ check_cpu()
elif [ $val -eq 201 ]; then
pstatus yellow UNKNOWN "missing tool, install either msr-tools or perl"
spec_ctrl_msr=-1
elif [ $val -eq 202 ]; then
pstatus yellow UNKNOWN "your kernel is locked down (Fedora/Red Hat), please reboot without secure boot and retry"
spec_ctrl_msr=-1
else
spec_ctrl_msr=0
pstatus yellow NO
@@ -2433,6 +2448,10 @@ check_cpu()
fi
elif [ $val -eq 200 ]; then
pstatus yellow UNKNOWN "is msr kernel module available?"
elif [ $val -eq 201 ]; then
pstatus yellow UNKNOWN "missing tool, install either msr-tools or perl"
elif [ $val -eq 202 ]; then
pstatus yellow UNKNOWN "your kernel is locked down (Fedora/Red Hat), please reboot without secure boot and retry"
else
pstatus yellow NO
fi
@@ -2611,6 +2630,10 @@ check_cpu()
fi
elif [ $val -eq 200 ]; then
pstatus yellow UNKNOWN "is msr kernel module available?"
elif [ $val -eq 201 ]; then
pstatus yellow UNKNOWN "missing tool, install either msr-tools or perl"
elif [ $val -eq 202 ]; then
pstatus yellow UNKNOWN "your kernel is locked down (Fedora/Red Hat), please reboot without secure boot and retry"
else
pstatus yellow NO
fi
@@ -2748,6 +2771,8 @@ check_cpu()
pstatus yellow UNKNOWN "is msr kernel module available?"
elif [ $val -eq 201 ]; then
pstatus yellow UNKNOWN "missing tool, install either msr-tools or perl"
elif [ $val -eq 202 ]; then
pstatus yellow UNKNOWN "your kernel is locked down (Fedora/Red Hat), please reboot without secure boot and retry"
else
pstatus yellow NO
fi