peter/spectre-meltdown-checker
peter
/
spectre-meltdown-checker
mirror of https://github.com/speed47/spectre-meltdown-checker.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

fix(cpu): trust is_cpu_vulnerable even w/ debugfs 

For variant3 under AMD, the debugfs vulnerabilities hierarchy
flags the system as Vulnerable, which is wrong. Trust our own
is_cpu_vulnerable() func in that case
This commit is contained in:
Stéphane Lesimple 2018-01-22 11:00:54 +01:00
parent 147462c0ab
commit d55bafde19
1 changed files with 6 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
spectre-meltdown-checker.sh
View File

@ -851,8 +851,7 @@ check_variant1()
status=UNK
fi
# if we have the /sys interface, don't even check is_cpu_vulnerable ourselves, the kernel already does it
if [ "$sys_interface_available" = 0 ] && ! is_cpu_vulnerable 1; then
if ! is_cpu_vulnerable 1; then
# override status & msg in case CPU is not vulnerable after all
msg="your CPU vendor reported your CPU model as not vulnerable"
status=OK
@ -1183,8 +1182,7 @@ check_variant2()
fi
cve='CVE-2017-5715'
# if we have the /sys interface, don't even check is_cpu_vulnerable ourselves, the kernel already does it
if [ "$sys_interface_available" = 0 ] && ! is_cpu_vulnerable 2; then
if ! is_cpu_vulnerable 2; then
# override status & msg in case CPU is not vulnerable after all
pvulnstatus $cve OK "your CPU vendor reported your CPU model as not vulnerable"
elif [ -z "$msg" ]; then
@ -1359,9 +1357,8 @@ check_variant3()
status=UNK
fi
# if we have the /sys interface, don't even check is_cpu_vulnerable ourselves, the kernel already does it
cve='CVE-2017-5754'
if [ "$sys_interface_available" = 0 ] && ! is_cpu_vulnerable 3; then
if ! is_cpu_vulnerable 3; then
# override status & msg in case CPU is not vulnerable after all
pvulnstatus $cve OK "your CPU vendor reported your CPU model as not vulnerable"
elif [ -z "$msg" ]; then