fix: bsd: kernel version detection

spectre-meltdown-checker.sh

@@ -2441,13 +2441,6 @@ if [ "$opt_cpu" != all ] && [ "$opt_cpu" -gt "$max_core_id" ]; then
 fi
 
 if [ "$opt_live" = 1 ]; then
-	# root check (only for live mode, for offline mode, we already checked if we could read the files)
-	if [ "$(id -u)" -ne 0 ]; then
-		_warn "Note that you should launch this script with root privileges to get accurate information."
-		_warn "We'll proceed but you might see permission denied errors."
-		_warn "To run it as root, you can try the following command: sudo $0"
-		_warn
-	fi
 	_info "Checking for vulnerabilities on current system"
 	_info "Kernel is \033[35m$os $(uname -r) $(uname -v) $(uname -m)\033[0m"
 	_info "CPU is \033[35m$cpu_friendly_name\033[0m"
@@ -2607,7 +2600,7 @@ else
 	kernel_version=$("${opt_arch_prefix}strings" "$kernel" 2>/dev/null | grep -E \
 		-e '^Linux version ' \
 		-e '^[[:alnum:]][^[:space:]]+ \([^[:space:]]+\) #[0-9]+ .+ (19|20)[0-9][0-9]$' \
-		-e '^FreeBSD [0-9]' | head -1)
+		-e '^FreeBSD [0-9]' | grep -v 'ABI compat' | head -1)
 	if [ -z "$kernel_version" ]; then
 		# try even harder with some kernels (such as ARM) that split the release (uname -r) and version (uname -v) in 2 adjacent strings
 		kernel_version=$("${opt_arch_prefix}strings" "$kernel" 2>/dev/null | grep -E -B1 '^#[0-9]+ .+ (19|20)[0-9][0-9]$' | tr "\n" " ")
@@ -6236,17 +6229,30 @@ check_CVE_2022_40982_linux() {
 		fi
 
 		if [ -n "$kernel_gds" ]; then
-			_info_nol "* Is the kernel mitigation active: "
+			_info_nol "* Kernel has disabled AVX as a mitigation: "
 
 			# Check dmesg message to see whether AVX has been disabled
-			dmesg_grep 'Microcode update needed! Disabling AVX as mitigation'; ret=$?
+			dmesg_grep 'Microcode update needed! Disabling AVX as mitigation'; dmesgret=$?
-			if [ $ret -eq 2 ]; then
+			if [ $dmesgret -eq 0 ]; then
-				pstatus yellow UNKNOWN "dmesg truncated, AVX mitigation detection will be unreliable. Please reboot and relaunch this script"
+				kernel_avx_disabled="AVX disabled by the kernel (dmesg)"
-			elif [ $ret -eq 0 ]; then
-				kernel_avx_disabled="AVX disabled by the kernel"
 				pstatus green YES "$kernel_avx_disabled"
+			elif [ "$has_avx2" = 0 ]; then
+				# Find out by ourselves
+				# cpuinfo says we don't have AVX2, query
+				# the CPU directly about AVX2 support
+				read_cpuid 0x7 0x0 $EBX 5 1 1; ret=$?
+				if [ $ret -eq $READ_CPUID_RET_OK ]; then
+					kernel_avx_disabled="AVX disabled by the kernel (cpuid)"
+					pstatus green YES "$kernel_avx_disabled"
+				elif [ $ret -eq $READ_CPUID_RET_KO ]; then
+					pstatus yellow NO "CPU doesn't support AVX"
+				elif [ $dmesgret -eq 2 ]; then
+					pstatus yellow UNKNOWN "dmesg truncated, can't tell whether mitigation is active, please reboot and relaunch this script"
+				else
+					pstatus yellow UNKNOWN "No sign of mitigation in dmesg and couldn't read cpuid info"
+				fi
 			else
-				pstatus red NO "No trace of AVX mitigation in dmesg"
+					pstatus yellow NO "AVX support is enabled"
 			fi
 		fi
 
@@ -6326,6 +6332,13 @@ if [ -n "$mockme" ] && [ "$opt_mock" = 1 ]; then
 	_warn "To mock this CPU, set those vars: "$(echo "$mockme" | sort -u)
 fi
 
+# root check
+if [ "$(id -u)" -ne 0 ]; then
+	_warn "Note that you should launch this script with root privileges to get completely accurate information."
+	_warn "To run it as root, you can try the following command: sudo $0"
+	_warn
+fi
+
 if [ "$opt_explain" = 0 ]; then
 	_info "Need more detailed information about mitigation options? Use --explain"
 fi