509 Commits

Author	SHA1	Message	Date
Stéphane Lesimple	22d0b203da	fix(ssb_no): rename ssbd_no to ssb_no and fix shift	2018-05-22 00:38:31 +02:00
Stéphane Lesimple	3062a8416a	fix(msg): add missing words	2018-05-22 00:10:08 +02:00
Stéphane Lesimple	6a4318addf	feat(variant3a/4): initial support for 2 new CVEs	2018-05-22 00:06:56 +02:00
Stéphane Lesimple	c19986188f	fix(variant2): adjust detection for SLES kernels	2018-05-19 09:53:12 +02:00
Rob Gill	7e4899bcb8	ibrs can't be enabled on no ibrs cpu (#195) ... * ibrs can't be enabled on no ibrs cpu If the cpu is identified, and does not support SPEC_CTRL or IBRS, then ibrs can't be enabled, even if supported by the kernel. Instead of reporting IBRS enabled and active UNKNOWN, report IBRS enabled and active NO.	2018-05-17 15:39:48 +02:00
rrobgill	5cc77741af	Update spectre-meltdown-checker.sh	2018-05-05 13:00:44 +02:00
rrobgill	1c0f6d9580	cpuid and msr module check ... This adds a check before loading the cpuid and msr modules under linux, ensuring they are not unloaded in exit_cleanup() if they were initially present.	2018-05-05 13:00:44 +02:00
Onno Zweers	4acd0f647a	Suggestion to change VM to a CPU with IBRS capability	2018-04-20 20:35:12 +02:00
Stéphane Lesimple	fb52dbe7bf	set master branch to v0.37+	2018-04-20 20:34:42 +02:00
Stéphane Lesimple	edebe4dcd4	bump to v0.37	2018-04-18 23:51:45 +02:00
Stéphane Lesimple	83ea78f523	fix: arm: also detect variant 1 mitigation when using native objdump	2018-04-17 18:50:32 +02:00
Stéphane Lesimple	602b68d493	fix(spectrev2): explain that retpoline is possible for Skylake+ if there is RSB filling, even if IBRS is still better	2018-04-16 09:27:28 +02:00
Stéphane Lesimple	97bccaa0d7	feat: rephrase IBPB warning when only retpoline is enabled in non-paranoid mode	2018-04-16 09:13:25 +02:00
Stéphane Lesimple	68e619b0d3	feat: show RSB filling capability for non-Skylake in verbose mode	2018-04-16 09:08:25 +02:00
Stéphane Lesimple	a6f4475cee	feat: make IBRS_FW blue instead of green	2018-04-16 09:07:54 +02:00
Stéphane Lesimple	223f5028df	feat: add --paranoid to choose whether we require IBPB	2018-04-15 23:05:30 +02:00
Stéphane Lesimple	c0108b9690	fix(spectre2): don't explain how to fix when NOT VULNERABLE	2018-04-15 20:55:55 +02:00
Stéphane Lesimple	a3016134bd	feat: make RSB filling support mandatory for Skylake+ CPUs	2018-04-15 20:55:31 +02:00
Stéphane Lesimple	59d85b39c9	feat: detect RSB filling capability in the kernel	2018-04-15 20:55:01 +02:00
Stéphane Lesimple	baaefb0c31	fix: remove shellcheck warnings	2018-04-11 22:24:03 +02:00
Igor Lubashev	d452aca03a	fix: invalid bash syntax when ibpb_enabled or ibrs_enabled are empty	2018-04-11 10:29:42 +02:00
Stéphane Lesimple	10b8d94724	feat: detect latest Red Hat kernels' RO ibpb_enabled knob	2018-04-10 22:51:45 +02:00
Stéphane Lesimple	8606e60ef7	refactor: no longer display the retoline-aware compiler test when we can't tell for sure	2018-04-10 22:51:45 +02:00
Stéphane Lesimple	6a48251647	fix: regression in 51aeae25, when retpoline & ibpb are enabled	2018-04-10 22:51:45 +02:00
Stéphane Lesimple	f4bf5e95ec	fix: typos	2018-04-10 22:51:45 +02:00
Stéphane Lesimple	60eac1ad43	feat: also do PTI performance check with (inv)pcid for BSD	2018-04-10 22:51:45 +02:00
Stéphane Lesimple	b3cc06a6ad	fix regression introduced by 82c25dc	2018-04-10 22:51:45 +02:00
Stéphane Lesimple	5553576e31	feat(amd/zen): re-introduce IBRS for AMD except ZEN family	2018-04-10 22:51:45 +02:00
Stéphane Lesimple	e16ad802da	feat(ibpb=2): add detection of SMT before concluding the system is not vulnerable	2018-04-10 22:51:45 +02:00
Stéphane Lesimple	29c294edff	feat(bsd): explain how to mitigate variant2	2018-04-10 22:51:45 +02:00
Stéphane Lesimple	59714011db	refactor: IBRS_ALL & RDCL_NO are Intel-only	2018-04-10 22:51:45 +02:00
Stéphane Lesimple	51e8261a32	refactor: separate hw checks for Intel & AMD	2018-04-10 22:49:28 +02:00
Stéphane Lesimple	2a4bfad835	refactor: add is_amd and is_intel funcs	2018-04-10 22:49:28 +02:00
Stéphane Lesimple	7e52cea66e	feat(spectre2): refined how status of this vuln is decided and more precise explanations on how to fix	2018-04-10 22:49:28 +02:00
Benjamin Bouvier	417d7aab91	Fix trailing whitespace and mixed indent styles;	2018-04-10 22:42:47 +02:00
Sylvestre Ledru	67bf761029	Fix some user facing typos with codespell -w -q3 .	2018-04-08 18:44:13 +02:00
Stéphane Lesimple	0eabd266ad	refactor: decrease default verbosity for some tests	2018-04-05 22:20:16 +02:00
Stéphane Lesimple	b77fb0f226	fix: don't override ibrs/ibpb results with later tests	2018-04-05 22:04:20 +02:00
Stéphane Lesimple	89c2e0fb21	fix(amd): show cpuinfo and ucode details	2018-04-05 21:39:27 +02:00
Stéphane Lesimple	b88f32ed95	feat: print raw cpuid, and fetch ucode version under BSD	2018-04-05 00:07:12 +02:00
Stéphane Lesimple	7a4ebe8009	refactor: rewrite read_cpuid to get more common code parts between BSD and Linux	2018-04-05 00:06:24 +02:00
Stéphane Lesimple	0919f5c236	feat: add explanations of what to do when a vulnerability is not mitigated	2018-04-05 00:03:04 +02:00
Stéphane Lesimple	de02dad909	feat: rework Spectre V2 mitigations detection w/ latest vanilla & Red Hat 7 kernels	2018-04-05 00:01:54 +02:00
Stéphane Lesimple	07484d0ea7	add dump of variables at end of script in debug mode	2018-04-04 23:58:15 +02:00
Stéphane Lesimple	a8b557b9e2	fix(cpu): skip CPU checks if asked to (--no-hw) or if inspecting a kernel of another architecture	2018-04-03 19:36:28 +02:00
Stéphane Lesimple	619b2749d8	fix(sysfs): only check for sysfs for spectre2 when in live mode	2018-04-03 19:32:36 +02:00
Stéphane Lesimple	056ed00baa	feat(arm): detect spectre variant 1 mitigation	2018-04-03 15:52:25 +02:00
Stéphane Lesimple	aef99d20f3	fix(pti): when PTI activation is unknown, don't say we're vulnerable	2018-04-03 12:45:17 +02:00
Stéphane Lesimple	e2d7ed2243	feat(arm): support for variant2 and meltdown mitigation detection	2018-04-01 17:50:18 +02:00
Stéphane Lesimple	eeaeff8ec3	set version to v0.36+ for master branch between releases	2018-04-01 17:45:01 +02:00