diff options
| author | Stéphane Lesimple <speed47_github@speed47.net> | 2018-01-07 16:25:50 +0100 |
|---|---|---|
| committer | Stéphane Lesimple <speed47_github@speed47.net> | 2018-01-07 16:25:50 +0100 |
| commit | 30de4f63362d15fd5e8f92fef45fa8d95ef4ecdf (patch) | |
| tree | 1ac88141c8bb1b7dbb3c64c6ad54a1665f01f1c8 | |
| parent | 9ed1fcd98aeb9cd27915ad37cf93e3e58ca28749 (diff) | |
| download | spectre-meltdown-checker-30de4f63362d15fd5e8f92fef45fa8d95ef4ecdf.tar.lz spectre-meltdown-checker-30de4f63362d15fd5e8f92fef45fa8d95ef4ecdf.tar.xz spectre-meltdown-checker-30de4f63362d15fd5e8f92fef45fa8d95ef4ecdf.zip | |
remove hardcoded kernel image path
| -rwxr-xr-x | spectre-meltdown-checker.sh | 35 |
1 files changed, 21 insertions, 14 deletions
diff --git a/spectre-meltdown-checker.sh b/spectre-meltdown-checker.sh index 214267d..49dc406 100755 --- a/spectre-meltdown-checker.sh +++ b/spectre-meltdown-checker.sh @@ -1,7 +1,7 @@ #! /bin/sh # Spectre & Meltdown checker # Stephane Lesimple -VERSION=0.02 +VERSION=0.03 pstatus() { @@ -73,22 +73,29 @@ extract_vmlinux() /bin/echo -e "\033[1;34mCVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'\033[0m" /bin/echo -n "* Kernel compiled with LFENCE opcode inserted at the proper places: " -vmlinux=$(extract_vmlinux /boot/vmlinuz-4.4.110) -status=0 -if [ -z "$vmlinux" -o ! -r "$vmlinux" ]; then - pstatus yellow UNKNOWN "couldn't extract your kernel" -elif ! which objdump >/dev/null 2>&1; then - pstatus yellow UNKNOWN "missing 'objdump' tool, please install it, usually it's in the binutils package" +img='' +[ -e /boot/vmlinuz-$(uname -r) ] && img=/boot/vmlinuz-$(uname -r) +[ -e /boot/vmlinux-$(uname -r) ] && img=/boot/vmlinux-$(uname -r) +[ -e /boot/bzImage-$(uname -r) ] && img=/boot/bzImage-$(uname -r) +if [ -z "$img" ]; then + pstatus yellow UNKNOWN "couldn't find your kernel image in /boot" else - nb_lfence=$(objdump -D "$vmlinux" | grep -wc lfence) - if [ "$nb_lfence" -lt 60 ]; then - pstatus red NO "only $nb_lfence opcodes found, should be >= 60" - status=1 + vmlinux=$(extract_vmlinux $img) + if [ -z "$vmlinux" -o ! -r "$vmlinux" ]; then + pstatus yellow UNKNOWN "couldn't extract your kernel" + elif ! which objdump >/dev/null 2>&1; then + pstatus yellow UNKNOWN "missing 'objdump' tool, please install it, usually it's in the binutils package" else - pstatus green YES "$nb_lfence opcodes found, which is >= 60" - status=2 + nb_lfence=$(objdump -D "$vmlinux" | grep -wc lfence) + if [ "$nb_lfence" -lt 60 ]; then + pstatus red NO "only $nb_lfence opcodes found, should be >= 60" + status=1 + else + pstatus green YES "$nb_lfence opcodes found, which is >= 60" + status=2 + fi + rm -f $vmlinux fi - rm -f $vmlinux fi /bin/echo -ne "> \033[46m\033[30mSTATUS:\033[0m " |