mirror of
https://github.com/speed47/spectre-meltdown-checker.git
synced 2025-07-15 15:21:23 +02:00
Compare commits
3 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| c792fa35bf | |||
| d1498fe03f | |||
| 0f50e04dab |
@ -1,7 +1,7 @@
|
|||||||
#! /bin/sh
|
#! /bin/sh
|
||||||
# Spectre & Meltdown checker
|
# Spectre & Meltdown checker
|
||||||
# Stephane Lesimple
|
# Stephane Lesimple
|
||||||
VERSION=0.11
|
VERSION=0.12
|
||||||
|
|
||||||
# print status function
|
# print status function
|
||||||
pstatus()
|
pstatus()
|
||||||
@ -84,12 +84,15 @@ extract_vmlinux()
|
|||||||
# root check
|
# root check
|
||||||
|
|
||||||
if [ "$(id -u)" -ne 0 ]; then
|
if [ "$(id -u)" -ne 0 ]; then
|
||||||
/bin/echo -e "\033[31mNote that you should launch this script with root privileges to get accurate information."
|
/bin/echo -e "\033[31mNote that you should launch this script with root privileges to get accurate information.\033[0m"
|
||||||
/bin/echo -e "\033[31mWe'll proceed but you might see permission denied errors."
|
/bin/echo -e "\033[31mWe'll proceed but you might see permission denied errors.\033[0m"
|
||||||
/bin/echo -e "\033[31mTo run it as root, you can try the following command: sudo $0"
|
/bin/echo -e "\033[31mTo run it as root, you can try the following command: sudo $0\033[0m"
|
||||||
/bin/echo
|
/bin/echo
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
/bin/echo -e "Checking vulnerabilities against \033[35m"$(uname -s) $(uname -r) $(uname -m)"\033[0m"
|
||||||
|
/bin/echo
|
||||||
|
|
||||||
###########
|
###########
|
||||||
# SPECTRE 1
|
# SPECTRE 1
|
||||||
/bin/echo -e "\033[1;34mCVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'\033[0m"
|
/bin/echo -e "\033[1;34mCVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'\033[0m"
|
||||||
@ -165,7 +168,7 @@ if [ -e /sys/kernel/debug/sched_features ]; then
|
|||||||
# try to mount the debugfs hierarchy ourselves and remember it to umount afterwards
|
# try to mount the debugfs hierarchy ourselves and remember it to umount afterwards
|
||||||
mount -t debugfs debugfs /sys/kernel/debug 2>/dev/null && mounted_debugfs=1
|
mount -t debugfs debugfs /sys/kernel/debug 2>/dev/null && mounted_debugfs=1
|
||||||
fi
|
fi
|
||||||
if [ -e /sys/kernel/debug/ibrs_enabled ]; then
|
if [ -e /sys/kernel/debug/ibrs_enabled -o -e /sys/kernel/debug/x86/ibrs_enabled ]; then
|
||||||
# if the file is there, we have IBRS compiled-in
|
# if the file is there, we have IBRS compiled-in
|
||||||
pstatus green YES
|
pstatus green YES
|
||||||
ibrs_supported=1
|
ibrs_supported=1
|
||||||
@ -173,7 +176,7 @@ else
|
|||||||
pstatus red NO
|
pstatus red NO
|
||||||
fi
|
fi
|
||||||
|
|
||||||
ibrs_enabled=$(cat /sys/kernel/debug/ibrs_enabled 2>/dev/null)
|
[ -f /sys/kernel/debug/ibrs_enabled ] && ibrs_enabled=$(cat /sys/kernel/debug/ibrs_enabled 2>/dev/null) || ibrs_enabled=$(cat /sys/kernel/debug/x86/ibrs_enabled 2>/dev/null)
|
||||||
/bin/echo -n "* IBRS enabled for Kernel space: "
|
/bin/echo -n "* IBRS enabled for Kernel space: "
|
||||||
# 0 means disabled
|
# 0 means disabled
|
||||||
# 1 is enabled only for kernel space
|
# 1 is enabled only for kernel space
|
||||||
@ -288,6 +291,9 @@ elif dmesg | grep -Eq 'Kernel/User page tables isolation: enabled|Kernel page ta
|
|||||||
# if we can't find the flag, grep in dmesg
|
# if we can't find the flag, grep in dmesg
|
||||||
pstatus green YES
|
pstatus green YES
|
||||||
kpti_enabled=1
|
kpti_enabled=1
|
||||||
|
elif [ -e /sys/kernel/debug/x86/pti_enabled -a "$(cat /sys/kernel/debug/x86/pti_enabled)" = 1 ]; then
|
||||||
|
pstatus green YES
|
||||||
|
kpti_enabled=1
|
||||||
else
|
else
|
||||||
pstatus red NO
|
pstatus red NO
|
||||||
fi
|
fi
|
||||||
|
|||||||
Reference in New Issue
Block a user