detect kpti directly in vmlinux if option is not there

README.md

@@ -28,7 +28,7 @@ Example of the output of the script:
 
 ```
 $ sudo ./spectre-meltdown-checker.sh
-Spectre and Meltdown mitigation detection tool v0.02
+Spectre and Meltdown mitigation detection tool v0.07
 
 CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
 * Kernel compiled with LFENCE opcode inserted at the proper places:  NO  (only 38 opcodes found, should be >= 60)
@@ -41,8 +41,8 @@ CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
 *   IBRS enabled for Kernel space:  NO
 *   IBRS enabled for User space:  NO
 * Mitigation 2
-*   Kernel recompiled with retpolines: UNKNOWN (check not yet implemented)
-> STATUS: VULNERABLE (IBRS hardware + kernel support OR retpolines-compiled kernel are needed to mitigate the vulnerability)
+*   Kernel compiled with retpolines:  NO
+> STATUS:  VULNERABLE  (IBRS hardware + kernel support OR kernel with retpolines are needed to mitigate the vulnerability)
 
 CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
 * Kernel supports Page Table Isolation (PTI):  YES

spectre-meltdown-checker.sh

@@ -1,7 +1,7 @@
 #! /bin/sh
 # Spectre & Meltdown checker
 # Stephane Lesimple
-VERSION=0.05
+VERSION=0.08
 
 pstatus()
 {
@@ -95,7 +95,6 @@ else
 			pstatus green YES "$nb_lfence opcodes found, which is >= 60"
 			status=2
 		fi
-		rm -f $vmlinux
 	fi
 fi
 
@@ -116,23 +115,13 @@ fi
 if [ ! -e /dev/cpu/0/msr ]; then
 	pstatus yellow UNKNOWN "couldn't read /dev/cpu/0/msr, is msr support enabled in your kernel?"
 else
-	if which rdmsr >/dev/null 2>&1; then
-		rdmsr 0x48 >/dev/null 2>&1
+	# same that rdmsr 0x48 but without needing the rdmsr tool
+	dd if=/dev/cpu/0/msr of=/dev/null bs=8 count=1 skip=9 2>/dev/null
 	if [ $? -eq 0 ]; then
 		pstatus green YES
 	else
 		pstatus red NO
 	fi
-	else
-		pstatus yellow UNKNOWN "missing 'rdmsr' tool, please install it, usually it's in the msr-tools package"
-		# doesn't work:
-		#dd if=/dev/cpu/0/msr of=/dev/null bs=1 count=8 skip=72 2>/dev/null
-		#if [ $? -eq 0 ]; then
-		#	pstatus green YES
-		#else
-		#	pstatus red NO
-		#fi
-	fi
 fi
 
 if [ "$insmod_msr" = 1 ]; then
@@ -172,7 +161,7 @@ if [ "$mounted_debugfs" = 1 ]; then
 fi
 
 /bin/echo "* Mitigation 2"
-/bin/echo -n "*   Kernel recompiled with retpolines: "
+/bin/echo -n "*   Kernel compiled with retpolines: "
 # XXX this doesn't mean the kernel has been compiled with a retpoline-aware gcc
 if [ -e /proc/config.gz ]; then
 	if zgrep -q '^CONFIG_RETPOLINE=y' /proc/config.gz; then
@@ -188,6 +177,8 @@ elif [ -e /boot/config-$(uname -r) ]; then
 	else
 		pstatus red NO
 	fi
+else
+	pstatus yellow UNKNOWN "couldn't read your kernel configuration"
 fi
 
 /bin/echo -ne "> \033[46m\033[30mSTATUS:\033[0m "
@@ -226,15 +217,23 @@ elif [ -e /boot/System.map-$(uname -r) ]; then
 	else
 		pstatus red NO
 	fi
+elif [ -n "$vmlinux" ]; then
+	# some backports don't have the option but still have the patch, try to find out
+	if strings "$vmlinux" | grep -qw nopti; then
+		pstatus green YES
+		kpti_support=1
 	else
-	pstatus yellow UNKNOWN
+		pstatus red NO
+	fi
+else
+	pstatus yellow UNKNOWN "couldn't read your kernel configuration"
 fi
 
 /bin/echo -n "* PTI enabled and active: "
 if grep ^flags /proc/cpuinfo | grep -qw pti; then
 	pstatus green YES
 	kpti_enabled=1
-elif dmesg | grep -q 'Kernel/User page tables isolation: enabled'; then
+elif dmesg | grep -Eq 'Kernel/User page tables isolation: enabled|Kernel page table isolation enabled'; then
 	pstatus green YES
 	kpti_enabled=1
 else
@@ -257,3 +256,5 @@ if [ "$USER" != root ]; then
 	/bin/echo "You can try the following command: sudo $0"
 fi
 
+[ -n "$vmlinux" ] && rm -f "$vmlinux"
+