enh: use g_mode to explicitly save/load the current running mode

2026-06-19 04:53:02 +02:00 · 2026-04-10 19:26:46 +02:00
parent f7ba617e16
commit e67c9e4265
24 changed files with 218 additions and 210 deletions
@@ -18,7 +18,7 @@ check_CVE_2018_3639_linux() {
    fi
    if [ "$opt_sysfs_only" != 1 ]; then
        pr_info_nol "* Kernel supports disabling speculative store bypass (SSB): "
-        if [ "$opt_runtime" = 1 ]; then
+        if [ "$g_mode" = live ]; then
            if grep -Eq 'Speculation.?Store.?Bypass:' "$g_procfs/self/status" 2>/dev/null; then
                kernel_ssb="found in $g_procfs/self/status"
                pr_debug "found Speculation.Store.Bypass: in $g_procfs/self/status"
@@ -57,7 +57,7 @@ check_CVE_2018_3639_linux() {
        fi

        kernel_ssbd_enabled=-1
-        if [ "$opt_runtime" = 1 ]; then
+        if [ "$g_mode" = live ]; then
            # https://elixir.bootlin.com/linux/v5.0/source/fs/proc/array.c#L340
            pr_info_nol "* SSB mitigation is enabled and active: "
            if grep -Eq 'Speculation.?Store.?Bypass:[[:space:]]+thread' "$g_procfs/self/status" 2>/dev/null; then
@@ -106,7 +106,7 @@ check_CVE_2018_3639_linux() {
        # if msg is empty, sysfs check didn't fill it, rely on our own test
        if [ -n "$cap_ssbd" ]; then
            if [ -n "$kernel_ssb" ]; then
-                if [ "$opt_runtime" = 1 ]; then
+                if [ "$g_mode" = live ]; then
                    if [ "$kernel_ssbd_enabled" -gt 0 ]; then
                        pvulnstatus "$cve" OK "your CPU and kernel both support SSBD and mitigation is enabled"
                    else