diff options
| author | Stéphane Lesimple <speed47_github@speed47.net> | 2018-01-31 14:21:29 +0100 |
|---|---|---|
| committer | Stéphane Lesimple <speed47_github@speed47.net> | 2018-01-31 16:15:20 +0100 |
| commit | 247b176882675b0ab63bbd6d067ba3cba7d4cc50 (patch) | |
| tree | 1f5a320a9eed0ee46a225de0180eb68a154a88fb | |
| parent | bcae8824ec8d4cecacd9d73fe579877342d1e55d (diff) | |
| download | spectre-meltdown-checker-247b176882675b0ab63bbd6d067ba3cba7d4cc50.tar.lz spectre-meltdown-checker-247b176882675b0ab63bbd6d067ba3cba7d4cc50.tar.xz spectre-meltdown-checker-247b176882675b0ab63bbd6d067ba3cba7d4cc50.zip | |
feat: detect known speculative-execution free CPUs
Based on a kernel patch that has been merged to Linus' tree.
Some of the detections we did by grepping the model name
will probably no longer be needed.
| -rwxr-xr-x | spectre-meltdown-checker.sh | 41 |
1 files changed, 40 insertions, 1 deletions
diff --git a/spectre-meltdown-checker.sh b/spectre-meltdown-checker.sh index fbc86d8..a33e35b 100755 --- a/spectre-meltdown-checker.sh +++ b/spectre-meltdown-checker.sh @@ -204,7 +204,11 @@ is_cpu_vulnerable() variant2='' variant3='' - if [ "$cpu_vendor" = GenuineIntel ]; then + if is_cpu_specex_free; then + variant1=immune + variant2=immune + variant3=immune + elif [ "$cpu_vendor" = GenuineIntel ]; then # Intel # Old Atoms are not vulnerable to spectre 2 nor meltdown # https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr @@ -297,6 +301,41 @@ is_cpu_vulnerable() return $? } +is_cpu_specex_free() +{ + # return true (0) if the CPU doesn't do speculative execution, false (1) if it does. + # if it's not in the list we know, return false (1). + # source: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/arch/x86/kernel/cpu/common.c#n882 + # { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_CEDARVIEW, X86_FEATURE_ANY }, + # { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_CLOVERVIEW, X86_FEATURE_ANY }, + # { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_LINCROFT, X86_FEATURE_ANY }, + # { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_PENWELL, X86_FEATURE_ANY }, + # { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_PINEVIEW, X86_FEATURE_ANY }, + # { X86_VENDOR_CENTAUR, 5 }, + # { X86_VENDOR_INTEL, 5 }, + # { X86_VENDOR_NSC, 5 }, + # { X86_VENDOR_ANY, 4 }, + set -u + if [ "$cpu_vendor" = GenuineIntel ]; then + if [ "$cpu_family" = 6 ]; then + if [ "$cpu_model" = "$INTEL_FAM6_ATOM_CEDARVIEW" ] || \ + [ "$cpu_model" = "$INTEL_FAM6_ATOM_CLOVERVIEW" ] || \ + [ "$cpu_model" = "$INTEL_FAM6_ATOM_LINCROFT" ] || \ + [ "$cpu_model" = "$INTEL_FAM6_ATOM_PENWELL" ] || \ + [ "$cpu_model" = "$INTEL_FAM6_ATOM_PINEVIEW" ]; then + set +u + return 0 + fi + elif [ "$cpu_family" = 5 ]; then + set +u + return 0 + fi + fi + set +u + [ "$cpu_family" -eq 4 ] && return 0 + return 1 +} + show_header() { _info "\033[1;34mSpectre and Meltdown mitigation detection tool v$VERSION\033[0m" |