peter/spectre-meltdown-checker
peter
/
spectre-meltdown-checker
mirror of https://github.com/speed47/spectre-meltdown-checker.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
315 Commits 1 Branch 46 Tags 1.3 MiB
Commit Graph

279 Commits

Author SHA1 Message Date
Rob Gill 0eb563adc6
Merge c40b2b3195 into 5962d20ba7 2018-05-27 20:40:50 +00:00
Rob Gill 5962d20ba7 fix(variant4): whitelist from common.c::cpu_no_spec_store_bypass (#202) 
* variant4 from common.c::cpu_no_spec_store_bypass

Variant 4 - Add function to 'whitelist' the hand-full of CPUs unaffected by speculative store bypass. 

This would allow improved determination of variant 4 status ( #189 ) of immune CPUs while waiting for the 4.17/stable patches to be backported to distro kernels.

Source of cpu list : https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/arch/x86/kernel/cpu/common.c#n945)
Modeled after is_cpu_specex_free()

* amd families fix

amd families are reported by parse_cpu_details() in decimal

* remove duplicates

Only list processors which speculate and are immune to variant 4.
Avoids duplication with non-speculating CPUs listed in is_cpu_specex_free()
 2018-05-27 15:14:29 +02:00
Rob Gill 17a3488505 fix(help): add missing references to variants 3a & 4 (#201) 2018-05-24 16:35:57 +02:00
Stéphane Lesimple e54e8b3e84 chore: remove warning in README, fix display indentation 2018-05-24 16:32:53 +02:00
Stéphane Lesimple 39c778e3ac fix(amd): AMD families 0x15-0x17 non-arch MSRs are a valid way to control SSB 2018-05-23 23:08:07 +02:00
Stéphane Lesimple 2cde6e4649 feat(ssbd): add detection of proper CPUID bits on AMD 2018-05-23 22:50:52 +02:00
Stéphane Lesimple f4d51e7e53 fix(variant4): add another detection way for Red Hat kernel 2018-05-23 22:47:54 +02:00
Stéphane Lesimple 85d46b2799 feat(variant4): add more detailed explanations 2018-05-23 21:08:58 +02:00
Stéphane Lesimple 61e02abd0c feat(variant3a): detect up to date microcode 2018-05-23 21:08:08 +02:00
Stéphane Lesimple 114756fab7 fix(amd): not vulnerable to variant3a 2018-05-23 20:38:43 +02:00
Rob Gill ea75969eb7 fix(help): Update variant options in usage message (#200) 2018-05-22 15:54:25 +02:00
Rob Gill c40b2b3195
Update spectre-meltdown-checker.sh 2018-05-22 21:11:19 +10:00
Rob Gill 7451022f05
Update spectre-meltdown-checker.sh 2018-05-22 20:46:49 +10:00
Rob Gill e04c6b9850
Check for obsolete dd 
On linux systems which need dd, this check if the version is compatible before continuing with hardware checks.
If the install of dd is obsolete, user is warnd, and hardware checks do not continue, any other requested checks performed as normal.

(Old versions (before circa 2012) of dd do not support the iflag=skip_bytes option. They are therefore unable to read from cpuid, or msr, where read offset is used to pass the required page. To complicate matters, some versions of dd may not return an error code when this happens.)
 2018-05-22 20:40:57 +10:00
Stéphane Lesimple ca391cbfc9 fix(variant2): correctly detect IBRS/IBPB in SLES kernels 2018-05-22 12:06:46 +02:00
Stéphane Lesimple 68af5c5f92 feat(variant4): detect SSBD-aware kernel 2018-05-22 12:05:46 +02:00
Stéphane Lesimple f75cc0bb6f feat(variant4): add sysfs mitigation hint and some explanation about the vuln 2018-05-22 09:39:11 +02:00
Stéphane Lesimple f33d65ff71 feat(variant3a): add information about microcode-sufficient mitigation 2018-05-22 09:38:29 +02:00
Stéphane Lesimple 725eaa8bf5 feat(arm): adjust vulnerable ARM CPUs for variant3a and variant4 2018-05-22 09:19:29 +02:00
Stéphane Lesimple c6ee0358d1 feat(variant4): report SSB_NO CPUs as not vulnerable 2018-05-22 09:18:30 +02:00
Stéphane Lesimple 22d0b203da fix(ssb_no): rename ssbd_no to ssb_no and fix shift 2018-05-22 00:38:31 +02:00
Stéphane Lesimple 3062a8416a fix(msg): add missing words 2018-05-22 00:10:08 +02:00
Stéphane Lesimple 6a4318addf feat(variant3a/4): initial support for 2 new CVEs 2018-05-22 00:06:56 +02:00
Stéphane Lesimple c19986188f fix(variant2): adjust detection for SLES kernels 2018-05-19 09:53:12 +02:00
Rob Gill 7e4899bcb8 ibrs can't be enabled on no ibrs cpu (#195) 
* ibrs can't be enabled on no ibrs cpu

If the cpu is identified, and does not support SPEC_CTRL or IBRS, then ibrs can't be enabled, even if supported by the kernel.
Instead of reporting IBRS enabled and active UNKNOWN, report IBRS enabled and active NO.
 2018-05-17 15:39:48 +02:00
rrobgill 5cc77741af Update spectre-meltdown-checker.sh 2018-05-05 13:00:44 +02:00
rrobgill 1c0f6d9580 cpuid and msr module check 
This adds a check before loading the cpuid and msr modules under linux, ensuring they are not unloaded in exit_cleanup() if they were initially present.
 2018-05-05 13:00:44 +02:00
Onno Zweers 4acd0f647a Suggestion to change VM to a CPU with IBRS capability 2018-04-20 20:35:12 +02:00
Stéphane Lesimple fb52dbe7bf set master branch to v0.37+ 2018-04-20 20:34:42 +02:00
Stéphane Lesimple edebe4dcd4 bump to v0.37 2018-04-18 23:51:45 +02:00
Stéphane Lesimple 83ea78f523 fix: arm: also detect variant 1 mitigation when using native objdump 2018-04-17 18:50:32 +02:00
Stéphane Lesimple 602b68d493 fix(spectrev2): explain that retpoline is possible for Skylake+ if there is RSB filling, even if IBRS is still better 2018-04-16 09:27:28 +02:00
Stéphane Lesimple 97bccaa0d7 feat: rephrase IBPB warning when only retpoline is enabled in non-paranoid mode 2018-04-16 09:13:25 +02:00
Stéphane Lesimple 68e619b0d3 feat: show RSB filling capability for non-Skylake in verbose mode 2018-04-16 09:08:25 +02:00
Stéphane Lesimple a6f4475cee feat: make IBRS_FW blue instead of green 2018-04-16 09:07:54 +02:00
Stéphane Lesimple 223f5028df feat: add --paranoid to choose whether we require IBPB 2018-04-15 23:05:30 +02:00
Stéphane Lesimple c0108b9690 fix(spectre2): don't explain how to fix when NOT VULNERABLE 2018-04-15 20:55:55 +02:00
Stéphane Lesimple a3016134bd feat: make RSB filling support mandatory for Skylake+ CPUs 2018-04-15 20:55:31 +02:00
Stéphane Lesimple 59d85b39c9 feat: detect RSB filling capability in the kernel 2018-04-15 20:55:01 +02:00
Stéphane Lesimple baaefb0c31 fix: remove shellcheck warnings 2018-04-11 22:24:03 +02:00
Igor Lubashev d452aca03a fix: invalid bash syntax when ibpb_enabled or ibrs_enabled are empty 2018-04-11 10:29:42 +02:00
Stéphane Lesimple 10b8d94724 feat: detect latest Red Hat kernels' RO ibpb_enabled knob 2018-04-10 22:51:45 +02:00
Stéphane Lesimple 8606e60ef7 refactor: no longer display the retoline-aware compiler test when we can't tell for sure 2018-04-10 22:51:45 +02:00
Stéphane Lesimple 6a48251647 fix: regression in 51aeae25, when retpoline & ibpb are enabled 2018-04-10 22:51:45 +02:00
Stéphane Lesimple f4bf5e95ec fix: typos 2018-04-10 22:51:45 +02:00
Stéphane Lesimple 60eac1ad43 feat: also do PTI performance check with (inv)pcid for BSD 2018-04-10 22:51:45 +02:00
Stéphane Lesimple b3cc06a6ad fix regression introduced by 82c25dc 2018-04-10 22:51:45 +02:00
Stéphane Lesimple 5553576e31 feat(amd/zen): re-introduce IBRS for AMD except ZEN family 2018-04-10 22:51:45 +02:00
Stéphane Lesimple e16ad802da feat(ibpb=2): add detection of SMT before concluding the system is not vulnerable 2018-04-10 22:51:45 +02:00
Stéphane Lesimple 29c294edff feat(bsd): explain how to mitigate variant2 2018-04-10 22:51:45 +02:00