From dbe1c5b34ce1768973d46ec0d0e4f98ad0f570c0 Mon Sep 17 00:00:00 2001 From: Stanislav Kholmanskikh Date: Tue, 28 Aug 2018 04:35:44 -0700 Subject: [PATCH 1/2] Fix a typo in check_variant3_linux() Signed-off-by: Stanislav Kholmanskikh --- spectre-meltdown-checker.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spectre-meltdown-checker.sh b/spectre-meltdown-checker.sh index 229a414..f1845c3 100755 --- a/spectre-meltdown-checker.sh +++ b/spectre-meltdown-checker.sh @@ -3163,7 +3163,7 @@ check_variant3_linux() if [ -n "$kpti_support" ]; then if [ -e "/sys/kernel/debug/x86/pti_enabled" ]; then explain "Your kernel supports PTI but it's disabled, you can enable it with \`echo 1 > /sys/kernel/debug/x86/pti_enabled\`" - elif grep -q -w nopti -w pti=off /proc/cmdline; then + elif grep -q -w -e nopti -e pti=off /proc/cmdline; then explain "Your kernel supports PTI but it has been disabled on command-line, remove the nopti or pti=off option from your bootloader configuration" else explain "Your kernel supports PTI but it has been disabled, check \`dmesg\` right after boot to find clues why the system disabled it" From bdfcba4dae86aa6d4c7889fa28c8826699bb7323 Mon Sep 17 00:00:00 2001 From: Stanislav Kholmanskikh Date: Wed, 29 Aug 2018 05:40:52 -0700 Subject: [PATCH 2/2] Correct aarch64 KPTI dmesg message As it's seen in unmap_kernel_at_el0 (both the function definition and its usage in arm64_features[]) from arch/arm64/kernel/cpufeature.c the kernel reports this string: CPU features: detected: Kernel page table isolation (KPTI) or (before commit e0f6429dc1c0 ("arm64: cpufeature: Remove redundant "feature" in reports")): CPU features: detected feature: Kernel page table isolation (KPTI) if KPTI is enabled on the system. So on let's adjust check_variant3_linux() to make it grep these strings if executed on an aarch64 platform. Tested on a Cavium ThunderX2 machine. Signed-off-by: Stanislav Kholmanskikh --- spectre-meltdown-checker.sh | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/spectre-meltdown-checker.sh b/spectre-meltdown-checker.sh index f1845c3..3f99b1e 100755 --- a/spectre-meltdown-checker.sh +++ b/spectre-meltdown-checker.sh @@ -3061,9 +3061,14 @@ check_variant3_linux() mount_debugfs _info_nol " * PTI enabled and active: " if [ "$opt_live" = 1 ]; then - dmesg_grep="Kernel/User page tables isolation: enabled" - dmesg_grep="$dmesg_grep|Kernel page table isolation enabled" - dmesg_grep="$dmesg_grep|x86/pti: Unmapping kernel while in userspace" + if [ "$(uname -m)" = "aarch64" ]; then + dmesg_grep="CPU features: detected: Kernel page table isolation \(KPTI\)" + dmesg_grep="$dmesg_grep|CPU features: detected feature: Kernel page table isolation \(KPTI\)" + else + dmesg_grep="Kernel/User page tables isolation: enabled" + dmesg_grep="$dmesg_grep|Kernel page table isolation enabled" + dmesg_grep="$dmesg_grep|x86/pti: Unmapping kernel while in userspace" + fi if grep ^flags "$procfs/cpuinfo" | grep -qw pti; then # vanilla PTI patch sets the 'pti' flag in cpuinfo _debug "kpti_enabled: found 'pti' flag in $procfs/cpuinfo"