# vim: set ts=4 sw=4 sts=4 et:
###############################
# CVE-2018-3640, Variant 3a, Rogue System Register Read

check_CVE_2018_3640() {
    local status sys_interface_available msg cve arm_v3a_mitigation
    cve='CVE-2018-3640'
    pr_info "\033[1;34m$cve aka '$(cve2name "$cve")'\033[0m"

    status=UNK
    sys_interface_available=0
    msg=''

    if is_arm_kernel; then
        # ARM64: mitigation is via an EL2 indirect trampoline (spectre_v3a_enable_mitigation),
        # applied automatically at boot for affected CPUs (Cortex-A57, Cortex-A72).
        # No microcode update is involved.
        arm_v3a_mitigation=''
        if [ -n "$opt_map" ] && grep -qw spectre_v3a_enable_mitigation "$opt_map" 2>/dev/null; then
            arm_v3a_mitigation="found spectre_v3a_enable_mitigation in System.map"
        fi
        if [ -z "$arm_v3a_mitigation" ] && [ -n "$g_kernel" ]; then
            if "${opt_arch_prefix}strings" "$g_kernel" 2>/dev/null | grep -qw spectre_v3a_enable_mitigation; then
                arm_v3a_mitigation="found spectre_v3a_enable_mitigation in kernel image"
            fi
        fi

        pr_info_nol "* Kernel mitigates the vulnerability via EL2 hardening: "
        if [ -n "$arm_v3a_mitigation" ]; then
            pstatus green YES "$arm_v3a_mitigation"
        else
            pstatus yellow NO
        fi

        if ! is_cpu_affected "$cve"; then
            pvulnstatus "$cve" OK "your CPU vendor reported your CPU model as not affected"
        elif [ -n "$arm_v3a_mitigation" ]; then
            pvulnstatus "$cve" OK "your kernel mitigates the vulnerability via EL2 vector hardening"
        else
            pvulnstatus "$cve" VULN "your kernel does not include the EL2 vector hardening mitigation"
            explain "ARM64 Spectre v3a mitigation is provided by the kernel using an indirect trampoline for EL2 (hypervisor) vectors (spectre_v3a_enable_mitigation). Ensure you are running a recent kernel. If you're using a distro kernel, upgrading your distro should provide a kernel with this mitigation included."
        fi
    else
        # x86: microcodes that ship with SSBD are known to also fix variant 3a;
        # there is no specific CPUID bit for variant 3a as far as we know.
        pr_info_nol "* CPU microcode mitigates the vulnerability: "
        if [ -n "$cap_ssbd" ]; then
            pstatus green YES
        else
            pstatus yellow NO
        fi

        if ! is_cpu_affected "$cve"; then
            pvulnstatus "$cve" OK "your CPU vendor reported your CPU model as not affected"
        elif [ -n "$cap_ssbd" ]; then
            pvulnstatus "$cve" OK "your CPU microcode mitigates the vulnerability"
        else
            pvulnstatus "$cve" VULN "an up-to-date CPU microcode is needed to mitigate this vulnerability"
            explain "The microcode of your CPU needs to be upgraded to mitigate this vulnerability. This is usually done at boot time by your kernel (the upgrade is not persistent across reboots which is why it's done at each boot). If you're using a distro, make sure you are up to date, as microcode updates are usually shipped alongside with the distro kernel. Availability of a microcode update for you CPU model depends on your CPU vendor. You can usually find out online if a microcode update is available for your CPU by searching for your CPUID (indicated in the Hardware Check section). The microcode update is enough, there is no additional OS, kernel or software change needed."
        fi
    fi
}