mirror of
https://github.com/speed47/spectre-meltdown-checker.git
synced 2026-03-04 22:27:07 +01:00
Compare commits
1 Commits
master
...
f5d12b0f4a
| Author | SHA1 | Date | |
|---|---|---|---|
|
f5d12b0f4a |
2
.github/workflows/autoupdate.yml
vendored
2
.github/workflows/autoupdate.yml
vendored
@@ -18,7 +18,7 @@ jobs:
|
||||
id: diff
|
||||
run: |
|
||||
echo change="$(git diff spectre-meltdown-checker.sh | awk '/MCEDB/ { if(V) { print V" to "$4; exit } else { V=$4 } }')" >> "$GITHUB_OUTPUT"
|
||||
echo nbdiff="$(git diff spectre-meltdown-checker.sh | grep -cE -- '^\+# [AI],')" >> "$GITHUB_OUTPUT"
|
||||
echo nbdiff="$(git diff --numstat spectre-meltdown-checker.sh | awk '{print $1}')" >> "$GITHUB_OUTPUT"
|
||||
git diff
|
||||
cat "$GITHUB_OUTPUT"
|
||||
- name: Create Pull Request if needed
|
||||
|
||||
@@ -668,8 +668,6 @@ is_cpu_affected()
|
||||
_debug "checking cpu$i: <$cpupart> <$cpuarch>"
|
||||
# some kernels report AArch64 instead of 8
|
||||
[ "$cpuarch" = "AArch64" ] && cpuarch=8
|
||||
# some kernels report architecture with suffix (e.g. "5TEJ" for ARMv5TEJ), extract numeric prefix
|
||||
cpuarch=$(echo "$cpuarch" | grep -oE '^[0-9]+')
|
||||
if [ -n "$cpupart" ] && [ -n "$cpuarch" ]; then
|
||||
# Cortex-R7 and Cortex-R8 are real-time and only used in medical devices or such
|
||||
# I can't find their CPU part number, but it's probably not that useful anyway
|
||||
@@ -1891,11 +1889,11 @@ dmesg_grep()
|
||||
# grep for something in dmesg, ensuring that the dmesg buffer
|
||||
# has not been truncated
|
||||
dmesg_grepped=''
|
||||
if ! dmesg 2>/dev/null | grep -qE -e '(^|\] )Linux version [0-9]' -e '^FreeBSD is a registered' ; then
|
||||
if ! dmesg | grep -qE -e '(^|\] )Linux version [0-9]' -e '^FreeBSD is a registered' ; then
|
||||
# dmesg truncated
|
||||
return 2
|
||||
fi
|
||||
dmesg_grepped=$(dmesg 2>/dev/null | grep -E "$1" | head -n1)
|
||||
dmesg_grepped=$(dmesg | grep -E "$1" | head -n1)
|
||||
# not found:
|
||||
[ -z "$dmesg_grepped" ] && return 1
|
||||
# found, output is in $dmesg_grepped
|
||||
@@ -2022,13 +2020,13 @@ write_msr_one_core()
|
||||
msr_locked_down=1
|
||||
write_msr_msg="your kernel is configured to deny writes to MSRs from user space"
|
||||
return $WRITE_MSR_RET_LOCKDOWN
|
||||
elif dmesg 2>/dev/null | grep -qF "msr: Direct access to MSR"; then
|
||||
elif dmesg | grep -qF "msr: Direct access to MSR"; then
|
||||
_debug "write_msr: locked down kernel detected (Red Hat / Fedora)"
|
||||
mockme=$(printf "%b\n%b" "$mockme" "SMC_MOCK_WRMSR_${_msr}_RET=$WRITE_MSR_RET_LOCKDOWN")
|
||||
msr_locked_down=1
|
||||
write_msr_msg="your kernel is locked down (Fedora/Red Hat), please reboot without secure boot and retry"
|
||||
return $WRITE_MSR_RET_LOCKDOWN
|
||||
elif dmesg 2>/dev/null | grep -qF "raw MSR access is restricted"; then
|
||||
elif dmesg | grep -qF "raw MSR access is restricted"; then
|
||||
_debug "write_msr: locked down kernel detected (vanilla)"
|
||||
mockme=$(printf "%b\n%b" "$mockme" "SMC_MOCK_WRMSR_${_msr}_RET=$WRITE_MSR_RET_LOCKDOWN")
|
||||
msr_locked_down=1
|
||||
@@ -2219,12 +2217,12 @@ parse_cpu_details()
|
||||
cpu_stepping=$(grep '^stepping' "$procfs/cpuinfo" | awk '{print $3}' | grep -E '^[0-9]+$' | head -n1)
|
||||
cpu_ucode=$( grep '^microcode' "$procfs/cpuinfo" | awk '{print $3}' | head -n1)
|
||||
else
|
||||
cpu_vendor=$( dmesg 2>/dev/null | grep -i -m1 'Origin=' | cut -f2 -w | cut -f2 -d= | cut -f2 -d\" )
|
||||
cpu_family=$( dmesg 2>/dev/null | grep -i -m1 'Family=' | cut -f4 -w | cut -f2 -d= )
|
||||
cpu_vendor=$( dmesg | grep -i -m1 'Origin=' | cut -f2 -w | cut -f2 -d= | cut -f2 -d\" )
|
||||
cpu_family=$( dmesg | grep -i -m1 'Family=' | cut -f4 -w | cut -f2 -d= )
|
||||
cpu_family=$(( cpu_family ))
|
||||
cpu_model=$( dmesg 2>/dev/null | grep -i -m1 'Model=' | cut -f5 -w | cut -f2 -d= )
|
||||
cpu_model=$( dmesg | grep -i -m1 'Model=' | cut -f5 -w | cut -f2 -d= )
|
||||
cpu_model=$(( cpu_model ))
|
||||
cpu_stepping=$( dmesg 2>/dev/null | grep -i -m1 'Stepping=' | cut -f6 -w | cut -f2 -d= )
|
||||
cpu_stepping=$( dmesg | grep -i -m1 'Stepping=' | cut -f6 -w | cut -f2 -d= )
|
||||
cpu_friendly_name=$(sysctl -n hw.model 2>/dev/null)
|
||||
fi
|
||||
|
||||
@@ -2311,11 +2309,6 @@ parse_cpu_details()
|
||||
# if we got no cpu_ucode (e.g. we're in a vm), fall back to 0x0
|
||||
: "${cpu_ucode:=0x0}"
|
||||
|
||||
# on non-x86 systems (e.g. ARM), these fields may not exist in cpuinfo, fall back to 0
|
||||
: "${cpu_family:=0}"
|
||||
: "${cpu_model:=0}"
|
||||
: "${cpu_stepping:=0}"
|
||||
|
||||
if [ -n "${SMC_MOCK_CPU_UCODE:-}" ]; then
|
||||
cpu_ucode="$SMC_MOCK_CPU_UCODE"
|
||||
_debug "parse_cpu_details: MOCKING cpu ucode to $cpu_ucode"
|
||||
@@ -4865,7 +4858,7 @@ check_CVE_2017_5754_linux()
|
||||
kpti_enabled=$(cat /sys/kernel/debug/x86/pti_enabled 2>/dev/null)
|
||||
_debug "kpti_enabled: file /sys/kernel/debug/x86/pti_enabled exists and says: $kpti_enabled"
|
||||
elif is_xen_dom0; then
|
||||
pti_xen_pv_domU=$(xl dmesg 2>/dev/null | grep 'XPTI' | grep 'DomU enabled' | head -n1)
|
||||
pti_xen_pv_domU=$(xl dmesg | grep 'XPTI' | grep 'DomU enabled' | head -n1)
|
||||
|
||||
[ -n "$pti_xen_pv_domU" ] && kpti_enabled=1
|
||||
fi
|
||||
@@ -5483,9 +5476,9 @@ check_CVE_2018_3646_linux()
|
||||
pstatus green YES "unconditional flushes"
|
||||
else
|
||||
if is_xen_dom0; then
|
||||
l1d_xen_hardware=$(xl dmesg 2>/dev/null | grep 'Hardware features:' | grep 'L1D_FLUSH' | head -n1)
|
||||
l1d_xen_hypervisor=$(xl dmesg 2>/dev/null | grep 'Xen settings:' | grep 'L1D_FLUSH' | head -n1)
|
||||
l1d_xen_pv_domU=$(xl dmesg 2>/dev/null | grep 'PV L1TF shadowing:' | grep 'DomU enabled' | head -n1)
|
||||
l1d_xen_hardware=$(xl dmesg | grep 'Hardware features:' | grep 'L1D_FLUSH' | head -n1)
|
||||
l1d_xen_hypervisor=$(xl dmesg | grep 'Xen settings:' | grep 'L1D_FLUSH' | head -n1)
|
||||
l1d_xen_pv_domU=$(xl dmesg | grep 'PV L1TF shadowing:' | grep 'DomU enabled' | head -n1)
|
||||
|
||||
if [ -n "$l1d_xen_hardware" ] && [ -n "$l1d_xen_hypervisor" ] && [ -n "$l1d_xen_pv_domU" ]; then
|
||||
l1d_mode=5
|
||||
@@ -6884,7 +6877,7 @@ exit 0 # ok
|
||||
# with X being either I for Intel, or A for AMD
|
||||
# When the date is unknown it defaults to 20000101
|
||||
|
||||
# %%% MCEDB v347+i20251110+615b
|
||||
# %%% MCEDB v344+i20250811+7486
|
||||
# I,0x00000611,0xFF,0x00000B27,19961218
|
||||
# I,0x00000612,0xFF,0x000000C6,19961210
|
||||
# I,0x00000616,0xFF,0x000000C6,19961210
|
||||
@@ -7256,28 +7249,28 @@ exit 0 # ok
|
||||
# I,0x000806F1,0xFF,0x800003C0,20220327
|
||||
# I,0x000806F2,0xFF,0x8C0004E0,20211112
|
||||
# I,0x000806F3,0xFF,0x8D000520,20220812
|
||||
# I,0x000806F4,0x10,0x2C000410,20250529
|
||||
# I,0x000806F4,0x87,0x2B000650,20250529
|
||||
# I,0x000806F5,0x10,0x2C000410,20250529
|
||||
# I,0x000806F5,0x87,0x2B000650,20250529
|
||||
# I,0x000806F6,0x10,0x2C000410,20250529
|
||||
# I,0x000806F6,0x87,0x2B000650,20250529
|
||||
# I,0x000806F7,0x87,0x2B000650,20250529
|
||||
# I,0x000806F8,0x10,0x2C000410,20250529
|
||||
# I,0x000806F8,0x87,0x2B000650,20250529
|
||||
# I,0x000806F4,0x10,0x2C000401,20250408
|
||||
# I,0x000806F4,0x87,0x2B000643,20250404
|
||||
# I,0x000806F5,0x10,0x2C000401,20250408
|
||||
# I,0x000806F5,0x87,0x2B000643,20250404
|
||||
# I,0x000806F6,0x10,0x2C000401,20250408
|
||||
# I,0x000806F6,0x87,0x2B000643,20250404
|
||||
# I,0x000806F7,0x87,0x2B000643,20250404
|
||||
# I,0x000806F8,0x10,0x2C000401,20250408
|
||||
# I,0x000806F8,0x87,0x2B000643,20250404
|
||||
# I,0x00090660,0xFF,0x00000009,20200617
|
||||
# I,0x00090661,0x01,0x0000001A,20240405
|
||||
# I,0x00090670,0xFF,0x00000019,20201111
|
||||
# I,0x00090671,0xFF,0x0000001C,20210614
|
||||
# I,0x00090672,0x07,0x0000003D,20251012
|
||||
# I,0x00090672,0x07,0x0000003A,20241212
|
||||
# I,0x00090674,0xFF,0x00000219,20210425
|
||||
# I,0x00090675,0x07,0x0000003D,20251012
|
||||
# I,0x00090675,0x07,0x0000003A,20241212
|
||||
# I,0x000906A0,0xFF,0x0000001C,20210614
|
||||
# I,0x000906A1,0xFF,0x0000011F,20211104
|
||||
# I,0x000906A2,0xFF,0x00000315,20220102
|
||||
# I,0x000906A3,0x80,0x0000043A,20251012
|
||||
# I,0x000906A4,0x40,0x0000000B,20250613
|
||||
# I,0x000906A4,0x80,0x0000043A,20251012
|
||||
# I,0x000906A3,0x80,0x00000437,20241212
|
||||
# I,0x000906A4,0x40,0x0000000A,20241206
|
||||
# I,0x000906A4,0x80,0x00000437,20241212
|
||||
# I,0x000906C0,0x01,0x24000026,20230926
|
||||
# I,0x000906E9,0x2A,0x000000F8,20230928
|
||||
# I,0x000906EA,0x22,0x000000FA,20240728
|
||||
@@ -7301,32 +7294,32 @@ exit 0 # ok
|
||||
# I,0x000A06C0,0xFF,0x00000013,20230901
|
||||
# I,0x000A06C1,0xFF,0x00000005,20231201
|
||||
# I,0x000A06D0,0xFF,0x10000680,20240818
|
||||
# I,0x000A06D1,0x20,0x0A000124,20250829
|
||||
# I,0x000A06D1,0x95,0x010003F0,20250723
|
||||
# I,0x000A06E1,0x97,0x01000273,20250627
|
||||
# I,0x000A06D1,0x20,0x0A000100,20250515
|
||||
# I,0x000A06D1,0x95,0x010003D0,20250515
|
||||
# I,0x000A06E1,0xFF,0x01000263,20250529
|
||||
# I,0x000A06F0,0xFF,0x80000360,20240130
|
||||
# I,0x000A06F3,0x01,0x03000382,20250730
|
||||
# I,0x000A06F3,0x01,0x03000362,20250503
|
||||
# I,0x000B0650,0x80,0x0000000A,20250318
|
||||
# I,0x000B0670,0xFF,0x0000000E,20220220
|
||||
# I,0x000B0671,0x32,0x00000132,20251008
|
||||
# I,0x000B0674,0x32,0x00000132,20251008
|
||||
# I,0x000B06A2,0xE0,0x00006133,20251008
|
||||
# I,0x000B06A3,0xE0,0x00006133,20251008
|
||||
# I,0x000B06A8,0xE0,0x00006133,20251008
|
||||
# I,0x000B0671,0x32,0x0000012F,20250317
|
||||
# I,0x000B0674,0x32,0x0000012F,20250317
|
||||
# I,0x000B06A2,0xE0,0x00004129,20250224
|
||||
# I,0x000B06A3,0xE0,0x00004129,20250224
|
||||
# I,0x000B06A8,0xE0,0x00004129,20250224
|
||||
# I,0x000B06D0,0xFF,0x0000001A,20240610
|
||||
# I,0x000B06D1,0x80,0x00000125,20250828
|
||||
# I,0x000B06E0,0x19,0x0000001E,20250516
|
||||
# I,0x000B06F2,0x07,0x0000003D,20251012
|
||||
# I,0x000B06F5,0x07,0x0000003D,20251012
|
||||
# I,0x000B06F6,0x07,0x0000003D,20251012
|
||||
# I,0x000B06F7,0x07,0x0000003D,20251012
|
||||
# I,0x000C0652,0x82,0x0000011A,20250630
|
||||
# I,0x000B06D1,0x80,0x00000123,20250521
|
||||
# I,0x000B06E0,0x19,0x0000001D,20241206
|
||||
# I,0x000B06F2,0x07,0x0000003A,20241212
|
||||
# I,0x000B06F5,0x07,0x0000003A,20241212
|
||||
# I,0x000B06F6,0x07,0x0000003A,20241212
|
||||
# I,0x000B06F7,0x07,0x0000003A,20241212
|
||||
# I,0x000C0652,0x82,0x00000119,20250514
|
||||
# I,0x000C0660,0xFF,0x00000018,20240516
|
||||
# I,0x000C0662,0x82,0x0000011A,20250630
|
||||
# I,0x000C0664,0x82,0x0000011A,20250630
|
||||
# I,0x000C06A2,0x82,0x0000011A,20250630
|
||||
# I,0x000C06F1,0x87,0x210002C0,20250529
|
||||
# I,0x000C06F2,0x87,0x210002C0,20250529
|
||||
# I,0x000C0662,0x82,0x00000119,20250514
|
||||
# I,0x000C0664,0x82,0x00000119,20250514
|
||||
# I,0x000C06A2,0x82,0x00000119,20250514
|
||||
# I,0x000C06F1,0x87,0x210002B3,20250415
|
||||
# I,0x000C06F2,0x87,0x210002B3,20250415
|
||||
# I,0x000D06D0,0xFF,0x00000340,20250807
|
||||
# I,0x00FF0671,0xFF,0x0000010E,20220907
|
||||
# I,0x00FF0672,0xFF,0x0000000D,20210816
|
||||
@@ -7404,7 +7397,7 @@ exit 0 # ok
|
||||
# A,0x00800F00,0xFF,0x0800002A,20161006
|
||||
# A,0x00800F10,0xFF,0x0800100C,20170131
|
||||
# A,0x00800F11,0xFF,0x08001139,20240822
|
||||
# A,0x00800F12,0xFF,0x08001279,20241111
|
||||
# A,0x00800F12,0xFF,0x08001278,20241111
|
||||
# A,0x00800F82,0xFF,0x0800820E,20240815
|
||||
# A,0x00810F00,0xFF,0x08100004,20161120
|
||||
# A,0x00810F10,0xFF,0x0810101B,20240716
|
||||
@@ -7469,15 +7462,15 @@ exit 0 # ok
|
||||
# A,0x00B00F00,0xFF,0x0B00004D,20240318
|
||||
# A,0x00B00F10,0xFF,0x0B001016,20240318
|
||||
# A,0x00B00F20,0xFF,0x0B002032,20241003
|
||||
# A,0x00B00F21,0xFF,0x0B002161,20251105
|
||||
# A,0x00B00F21,0xFF,0x0B002152,20250616
|
||||
# A,0x00B00F80,0xFF,0x0B008011,20241211
|
||||
# A,0x00B00F81,0xFF,0x0B008121,20251020
|
||||
# A,0x00B00F81,0xFF,0x0B008114,20250515
|
||||
# A,0x00B10F00,0xFF,0x0B10000F,20240320
|
||||
# A,0x00B10F10,0xFF,0x0B101058,20251105
|
||||
# A,0x00B20F40,0xFF,0x0B204037,20251019
|
||||
# A,0x00B10F10,0xFF,0x0B10104F,20250616
|
||||
# A,0x00B20F40,0xFF,0x0B204032,20250225
|
||||
# A,0x00B40F00,0xFF,0x0B400034,20240318
|
||||
# A,0x00B40F40,0xFF,0x0B404035,20251020
|
||||
# A,0x00B40F41,0xFF,0x0B404108,20251020
|
||||
# A,0x00B60F00,0xFF,0x0B600037,20251019
|
||||
# A,0x00B60F80,0xFF,0x0B608038,20251019
|
||||
# A,0x00B70F00,0xFF,0x0B700037,20251019
|
||||
# A,0x00B40F40,0xFF,0x0B404032,20250221
|
||||
# A,0x00B40F41,0xFF,0x0B404102,20250415
|
||||
# A,0x00B60F00,0xFF,0x0B600032,20250225
|
||||
# A,0x00B60F80,0xFF,0x0B608035,20250422
|
||||
# A,0x00B70F00,0xFF,0x0B700032,20250221
|
||||
|
||||
Reference in New Issue
Block a user