aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorStéphane Lesimple <speed47_github@speed47.net>2018-01-24 08:53:33 +0100
committerStéphane Lesimple <speed47_github@speed47.net>2018-01-24 09:04:25 +0100
commit53b9eda0406019ad09987b4b08c390b2e94282ba (patch)
tree5183b679f23bbfef1688acdcd17df9816c814e3c
parent3b0ec998b1ae5fa25a32573ec647fabade96cdb4 (diff)
downloadspectre-meltdown-checker-53b9eda0406019ad09987b4b08c390b2e94282ba.tar.lz
spectre-meltdown-checker-53b9eda0406019ad09987b4b08c390b2e94282ba.tar.xz
spectre-meltdown-checker-53b9eda0406019ad09987b4b08c390b2e94282ba.zip
fix: don't make IBPB mandatory when it's not there
On some kernels there could be IBRS support but not IBPB support, in that case, don't report VULN just because IBPB is not enabled when IBRS is
Diffstat
-rwxr-xr-xspectre-meltdown-checker.sh4
1 files changed, 4 insertions, 0 deletions
diff --git a/spectre-meltdown-checker.sh b/spectre-meltdown-checker.sh
index c3f9202..a275c5d 100755
--- a/spectre-meltdown-checker.sh
+++ b/spectre-meltdown-checker.sh
@@ -1011,6 +1011,7 @@ check_variant2()
ibpb_enabled=$(cat "$dir/ibpb_enabled" 2>/dev/null)
_debug "ibpb: found $dir/ibpb_enabled=$ibpb_enabled"
else
+ ibpb_enabled=-1
_debug "ibpb: no ibpb_enabled file in $dir"
fi
break
@@ -1193,6 +1194,9 @@ check_variant2()
elif [ "$opt_live" = 1 ]; then
if [ "$ibrs_enabled" = 1 -o "$ibrs_enabled" = 2 ] && [ "$ibpb_enabled" = 1 ]; then
pvulnstatus $cve OK "IBRS/IBPB are mitigating the vulnerability"
+ elif [ "$ibrs_enabled" = 1 -o "$ibrs_enabled" = 2 ] && [ "$ibpb_enabled" = -1 ]; then
+ # IBPB doesn't seem here on this kernel
+ pvulnstatus $cve OK "IBRS is mitigating the vulnerability"
elif [ "$ibpb_enabled" = 2 ]; then
pvulnstatus $cve OK "Full IBPB is mitigating the vulnerability"
else
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-07 02:43:05 +0000