chore: fix indentation

This commit is contained in:
Stéphane Lesimple 2020-06-09 22:43:36 +02:00
parent 62d3448a54
commit d8f0ddd7a5
1 changed files with 106 additions and 102 deletions

View File

@ -1,5 +1,6 @@
#! /bin/sh #! /bin/sh
# SPDX-License-Identifier: GPL-3.0-only # SPDX-License-Identifier: GPL-3.0-only
# vim: set ts=8 sw=8 sts=4 noet:
# #
# Spectre & Meltdown checker # Spectre & Meltdown checker
# #
@ -719,7 +720,10 @@ is_cpu_srbds_free()
# source: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/arch/x86/kernel/cpu/common.c # source: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/arch/x86/kernel/cpu/common.c
# #
# A processor is affected by SRBDS if its Family_Model and stepping is in the # A processor is affected by SRBDS if its Family_Model and stepping is in the
# following list: # following list, with the exception of the listed processors
# exporting MDS_NO while Intel TSX is available yet not enabled. The
# latter class of processors are only affected when Intel TSX is enabled
# by software using TSX_CTRL_MSR otherwise they are not affected.
# #
# ============= ============ ======== # ============= ============ ========
# common name Family_Model Stepping # common name Family_Model Stepping
@ -741,16 +745,16 @@ is_cpu_srbds_free()
# Kabylake 06_9EH <=0xD (MDS_NO) (INTEL_FAM6_KABYLAKE) # Kabylake 06_9EH <=0xD (MDS_NO) (INTEL_FAM6_KABYLAKE)
# ============= ============ ======== # ============= ============ ========
parse_cpu_details parse_cpu_details
if is_intel; then if is_intel; then
if [ "$cpu_family" = 6 ]; then if [ "$cpu_family" = 6 ]; then
if [ "$cpu_model" = "$INTEL_FAM6_IVYBRIDGE" ] || \ if [ "$cpu_model" = "$INTEL_FAM6_IVYBRIDGE" ] || \
[ "$cpu_model" = "$INTEL_FAM6_HASWELL" ] || \ [ "$cpu_model" = "$INTEL_FAM6_HASWELL" ] || \
[ "$cpu_model" = "$INTEL_FAM6_HASWELL_L" ] || \ [ "$cpu_model" = "$INTEL_FAM6_HASWELL_L" ] || \
[ "$cpu_model" = "$INTEL_FAM6_HASWELL_G" ] || \ [ "$cpu_model" = "$INTEL_FAM6_HASWELL_G" ] || \
[ "$cpu_model" = "$INTEL_FAM6_BROADWELL_G" ] || \ [ "$cpu_model" = "$INTEL_FAM6_BROADWELL_G" ] || \
[ "$cpu_model" = "$INTEL_FAM6_BROADWELL" ] || \ [ "$cpu_model" = "$INTEL_FAM6_BROADWELL" ] || \
[ "$cpu_model" = "$INTEL_FAM6_SKYLAKE_L" ] || \ [ "$cpu_model" = "$INTEL_FAM6_SKYLAKE_L" ] || \
[ "$cpu_model" = "$INTEL_FAM6_SKYLAKE" ]; then [ "$cpu_model" = "$INTEL_FAM6_SKYLAKE" ]; then
return 1 return 1
elif [ "$cpu_model" = "$INTEL_FAM6_KABYLAKE_L" ] && [ "$cpu_stepping" -le 12 ] || \ elif [ "$cpu_model" = "$INTEL_FAM6_KABYLAKE_L" ] && [ "$cpu_stepping" -le 12 ] || \
[ "$cpu_model" = "$INTEL_FAM6_KABYLAKE" ] && [ "$cpu_stepping" -le 13 ]; then [ "$cpu_model" = "$INTEL_FAM6_KABYLAKE" ] && [ "$cpu_stepping" -le 13 ]; then
@ -5363,97 +5367,97 @@ check_CVE_2020_0543()
check_CVE_2020_0543_linux() check_CVE_2020_0543_linux()
{ {
status=UNK status=UNK
sys_interface_available=0 sys_interface_available=0
msg='' msg=''
if sys_interface_check "/sys/devices/system/cpu/vulnerabilities/srbds"; then if sys_interface_check "/sys/devices/system/cpu/vulnerabilities/srbds"; then
# this kernel has the /sys interface, trust it over everything # this kernel has the /sys interface, trust it over everything
sys_interface_available=1 sys_interface_available=1
fi fi
if [ "$opt_sysfs_only" != 1 ]; then if [ "$opt_sysfs_only" != 1 ]; then
_info_nol "* SRBDS mitigation control is supported by the kernel: " _info_nol "* SRBDS mitigation control is supported by the kernel: "
kernel_srbds='' kernel_srbds=''
if [ -n "$kernel_err" ]; then if [ -n "$kernel_err" ]; then
kernel_srbds_err="$kernel_err" kernel_srbds_err="$kernel_err"
elif grep -q 'Dependent on hypervisor' "$kernel"; then elif grep -q 'Dependent on hypervisor' "$kernel"; then
kernel_srbds="found SRBDS implementation evidence in kernel image. Your kernel is up to date for SRBDS mitigation" kernel_srbds="found SRBDS implementation evidence in kernel image. Your kernel is up to date for SRBDS mitigation"
fi fi
if [ -n "$kernel_srbds" ]; then if [ -n "$kernel_srbds" ]; then
pstatus green YES "$kernel_srbds" pstatus green YES "$kernel_srbds"
elif [ -n "$kernel_srbds_err" ]; then elif [ -n "$kernel_srbds_err" ]; then
pstatus yellow UNKNOWN "$kernel_srbds_err" pstatus yellow UNKNOWN "$kernel_srbds_err"
else else
pstatus yellow NO pstatus yellow NO
fi fi
_info_nol "* SRBDS mitigation control is enabled and active: " _info_nol "* SRBDS mitigation control is enabled and active: "
if [ "$opt_live" = 1 ]; then if [ "$opt_live" = 1 ]; then
if [ -n "$fullmsg" ]; then if [ -n "$fullmsg" ]; then
if echo "$fullmsg" | grep -qE '^Mitigation'; then if echo "$fullmsg" | grep -qE '^Mitigation'; then
pstatus green YES "$fullmsg" pstatus green YES "$fullmsg"
else else
pstatus yellow NO pstatus yellow NO
fi fi
else else
pstatus yellow NO "SRBDS not found in sysfs hierarchy" pstatus yellow NO "SRBDS not found in sysfs hierarchy"
fi fi
else else
pstatus blue N/A "not testable in offline mode" pstatus blue N/A "not testable in offline mode"
fi fi
elif [ "$sys_interface_available" = 0 ]; then elif [ "$sys_interface_available" = 0 ]; then
# we have no sysfs but were asked to use it only! # we have no sysfs but were asked to use it only!
msg="/sys vulnerability interface use forced, but it's not available!" msg="/sys vulnerability interface use forced, but it's not available!"
status=UNK status=UNK
fi fi
if ! is_cpu_vulnerable "$cve" ; then if ! is_cpu_vulnerable "$cve" ; then
# override status & msg in case CPU is not vulnerable after all # override status & msg in case CPU is not vulnerable after all
pvulnstatus "$cve" OK "your CPU vendor reported your CPU model as not vulnerable" pvulnstatus "$cve" OK "your CPU vendor reported your CPU model as not vulnerable"
else else
if [ "$opt_sysfs_only" != 1 ]; then if [ "$opt_sysfs_only" != 1 ]; then
if [ "$cpuid_srbds" = 1 ]; then if [ "$cpuid_srbds" = 1 ]; then
# SRBDS mitigation control exists # SRBDS mitigation control exists
if [ "$srbds_on" = 1 ]; then if [ "$srbds_on" = 1 ]; then
# SRBDS mitigation control is enabled # SRBDS mitigation control is enabled
if [ -z "$msg" ]; then if [ -z "$msg" ]; then
# if msg is empty, sysfs check didn't fill it, rely on our own test # if msg is empty, sysfs check didn't fill it, rely on our own test
if [ "$opt_live" = 1 ]; then if [ "$opt_live" = 1 ]; then
# if we're in live mode and $msg is empty, sysfs file is not there so kernel is too old # if we're in live mode and $msg is empty, sysfs file is not there so kernel is too old
pvulnstatus "$cve" OK "Your microcode is up to date for SRBDS mitigation control. The kernel needs to be updated" pvulnstatus "$cve" OK "Your microcode is up to date for SRBDS mitigation control. The kernel needs to be updated"
fi fi
else else
if [ -n "$kernel_srbds" ]; then if [ -n "$kernel_srbds" ]; then
pvulnstatus "$cve" OK "Your microcode and kernel are both up to date for SRBDS mitigation control. Mitigation is enabled" pvulnstatus "$cve" OK "Your microcode and kernel are both up to date for SRBDS mitigation control. Mitigation is enabled"
else else
pvulnstatus "$cve" OK "Your microcode is up to date for SRBDS mitigation control. The kernel needs to be updated" pvulnstatus "$cve" OK "Your microcode is up to date for SRBDS mitigation control. The kernel needs to be updated"
fi fi
fi fi
elif [ "$srbds_on" = 0 ]; then elif [ "$srbds_on" = 0 ]; then
# SRBDS mitigation control is disabled # SRBDS mitigation control is disabled
if [ -z "$msg" ]; then if [ -z "$msg" ]; then
if [ "$opt_live" = 1 ]; then if [ "$opt_live" = 1 ]; then
# if we're in live mode and $msg is empty, sysfs file is not there so kernel is too old # if we're in live mode and $msg is empty, sysfs file is not there so kernel is too old
pvulnstatus "$cve" VULN "Your microcode is up to date for SRBDS mitigation control. The kernel needs to be updated. Mitigation is disabled" pvulnstatus "$cve" VULN "Your microcode is up to date for SRBDS mitigation control. The kernel needs to be updated. Mitigation is disabled"
fi fi
else else
if [ -n "$kernel_srbds" ]; then if [ -n "$kernel_srbds" ]; then
pvulnstatus "$cve" VULN "Your microcode and kernel are both up to date for SRBDS mitigation control. Mitigation is disabled" pvulnstatus "$cve" VULN "Your microcode and kernel are both up to date for SRBDS mitigation control. Mitigation is disabled"
else else
pvulnstatus "$cve" VULN "Your microcode is up to date for SRBDS mitigation control. The kernel needs to be updated. Mitigation is disabled" pvulnstatus "$cve" VULN "Your microcode is up to date for SRBDS mitigation control. The kernel needs to be updated. Mitigation is disabled"
fi fi
fi fi
else else
# rdmsr: CPU 0 cannot read MSR 0x00000123 # rdmsr: CPU 0 cannot read MSR 0x00000123
pvulnstatus "$cve" UNK "Not able to enumerate MSR for SRBDS mitigation control" pvulnstatus "$cve" UNK "Not able to enumerate MSR for SRBDS mitigation control"
fi fi
else else
# [ $cpuid_srbds != 1 ] # [ $cpuid_srbds != 1 ]
pvulnstatus "$cve" VULN "Your CPU microcode may need to be updated to mitigate the vulnerability" pvulnstatus "$cve" VULN "Your CPU microcode may need to be updated to mitigate the vulnerability"
fi fi
else else
# sysfs only: return the status/msg we got # sysfs only: return the status/msg we got
pvulnstatus "$cve" "$status" "$fullmsg" pvulnstatus "$cve" "$status" "$fullmsg"
return return
fi fi
fi fi
} }
####################### #######################