e04c6b9850
Check for obsolete dd
...
On linux systems which need dd, this check if the version is compatible before continuing with hardware checks.
If the install of dd is obsolete, user is warnd, and hardware checks do not continue, any other requested checks performed as normal.
(Old versions (before circa 2012) of dd do not support the iflag=skip_bytes option. They are therefore unable to read from cpuid, or msr, where read offset is used to pass the required page. To complicate matters, some versions of dd may not return an error code when this happens.)
2018-05-22 20:40:57 +10:00
65c123f309
Merge pull request #3 from speed47/master
...
merge
2018-05-22 18:14:24 +10:00
725eaa8bf5
feat(arm): adjust vulnerable ARM CPUs for variant3a and variant4
2018-05-22 09:19:29 +02:00
c6ee0358d1
feat(variant4): report SSB_NO CPUs as not vulnerable
2018-05-22 09:18:30 +02:00
0230ce23b1
Merge pull request #2 from speed47/master
...
merge
2018-05-22 14:57:29 +10:00
22d0b203da
fix(ssb_no): rename ssbd_no to ssb_no and fix shift
2018-05-22 00:38:31 +02:00
3062a8416a
fix(msg): add missing words
2018-05-22 00:10:08 +02:00
6a4318addf
feat(variant3a/4): initial support for 2 new CVEs
2018-05-22 00:06:56 +02:00
7e4899bcb8
ibrs can't be enabled on no ibrs cpu ( #195 )
...
* ibrs can't be enabled on no ibrs cpu
If the cpu is identified, and does not support SPEC_CTRL or IBRS, then ibrs can't be enabled, even if supported by the kernel.
Instead of reporting IBRS enabled and active UNKNOWN, report IBRS enabled and active NO.
2018-05-17 15:39:48 +02:00
3568293570
Merge pull request #1 from speed47/master
...
merge
2018-05-06 14:44:12 +10:00
5cc77741af
Update spectre-meltdown-checker.sh
2018-05-05 13:00:44 +02:00
1c0f6d9580
cpuid and msr module check
...
This adds a check before loading the cpuid and msr modules under linux, ensuring they are not unloaded in exit_cleanup() if they were initially present.
2018-05-05 13:00:44 +02:00
4acd0f647a
Suggestion to change VM to a CPU with IBRS capability
2018-04-20 20:35:12 +02:00
fb52dbe7bf
set master branch to v0.37+
2018-04-20 20:34:42 +02:00
edebe4dcd4
bump to v0.37
2018-04-18 23:51:45 +02:00
83ea78f523
fix: arm: also detect variant 1 mitigation when using native objdump
2018-04-17 18:50:32 +02:00
602b68d493
fix(spectrev2): explain that retpoline is possible for Skylake+ if there is RSB filling, even if IBRS is still better
2018-04-16 09:27:28 +02:00
97bccaa0d7
feat: rephrase IBPB warning when only retpoline is enabled in non-paranoid mode
2018-04-16 09:13:25 +02:00
68e619b0d3
feat: show RSB filling capability for non-Skylake in verbose mode
2018-04-16 09:08:25 +02:00
a6f4475cee
feat: make IBRS_FW blue instead of green
2018-04-16 09:07:54 +02:00
223f5028df
feat: add --paranoid to choose whether we require IBPB
2018-04-15 23:05:30 +02:00
c0108b9690
fix(spectre2): don't explain how to fix when NOT VULNERABLE
2018-04-15 20:55:55 +02:00
a3016134bd
feat: make RSB filling support mandatory for Skylake+ CPUs
2018-04-15 20:55:31 +02:00
59d85b39c9
feat: detect RSB filling capability in the kernel
2018-04-15 20:55:01 +02:00
baaefb0c31
fix: remove shellcheck warnings
2018-04-11 22:24:03 +02:00
d452aca03a
fix: invalid bash syntax when ibpb_enabled or ibrs_enabled are empty
2018-04-11 10:29:42 +02:00
10b8d94724
feat: detect latest Red Hat kernels' RO ibpb_enabled knob
2018-04-10 22:51:45 +02:00
8606e60ef7
refactor: no longer display the retoline-aware compiler test when we can't tell for sure
2018-04-10 22:51:45 +02:00
6a48251647
fix: regression in 51aeae25, when retpoline & ibpb are enabled
2018-04-10 22:51:45 +02:00
f4bf5e95ec
fix: typos
2018-04-10 22:51:45 +02:00
60eac1ad43
feat: also do PTI performance check with (inv)pcid for BSD
2018-04-10 22:51:45 +02:00
b3cc06a6ad
fix regression introduced by 82c25dc
2018-04-10 22:51:45 +02:00
5553576e31
feat(amd/zen): re-introduce IBRS for AMD except ZEN family
2018-04-10 22:51:45 +02:00
e16ad802da
feat(ibpb=2): add detection of SMT before concluding the system is not vulnerable
2018-04-10 22:51:45 +02:00
29c294edff
feat(bsd): explain how to mitigate variant2
2018-04-10 22:51:45 +02:00
59714011db
refactor: IBRS_ALL & RDCL_NO are Intel-only
2018-04-10 22:51:45 +02:00
51e8261a32
refactor: separate hw checks for Intel & AMD
2018-04-10 22:49:28 +02:00
2a4bfad835
refactor: add is_amd and is_intel funcs
2018-04-10 22:49:28 +02:00
7e52cea66e
feat(spectre2): refined how status of this vuln is decided and more precise explanations on how to fix
2018-04-10 22:49:28 +02:00
417d7aab91
Fix trailing whitespace and mixed indent styles;
2018-04-10 22:42:47 +02:00
67bf761029
Fix some user facing typos with codespell -w -q3 .
2018-04-08 18:44:13 +02:00
0eabd266ad
refactor: decrease default verbosity for some tests
2018-04-05 22:20:16 +02:00
b77fb0f226
fix: don't override ibrs/ibpb results with later tests
2018-04-05 22:04:20 +02:00
89c2e0fb21
fix(amd): show cpuinfo and ucode details
2018-04-05 21:39:27 +02:00
b88f32ed95
feat: print raw cpuid, and fetch ucode version under BSD
2018-04-05 00:07:12 +02:00
7a4ebe8009
refactor: rewrite read_cpuid to get more common code parts between BSD and Linux
2018-04-05 00:06:24 +02:00
0919f5c236
feat: add explanations of what to do when a vulnerability is not mitigated
2018-04-05 00:03:04 +02:00
de02dad909
feat: rework Spectre V2 mitigations detection w/ latest vanilla & Red Hat 7 kernels
2018-04-05 00:01:54 +02:00
07484d0ea7
add dump of variables at end of script in debug mode
2018-04-04 23:58:15 +02:00
a8b557b9e2
fix(cpu): skip CPU checks if asked to (--no-hw) or if inspecting a kernel of another architecture
2018-04-03 19:36:28 +02:00
Rob Gill
Stéphane Lesimple
rrobgill
Onno Zweers
Igor Lubashev
Benjamin Bouvier
Sylvestre Ledru