diff options
| author | Stéphane Lesimple <speed47_github@speed47.net> | 2018-01-22 10:48:48 +0100 |
|---|---|---|
| committer | Stéphane Lesimple <speed47_github@speed47.net> | 2018-01-24 09:04:25 +0100 |
| commit | ddc7197b868b8762217b6d0ba8ba10791caa6b9f (patch) | |
| tree | 2fce8b5e77fd26950e261eac76115ac3d32076d8 | |
| parent | e7aa3b9d167b9054cbd2c47be0ab593a11d0e213 (diff) | |
| download | spectre-meltdown-checker-ddc7197b868b8762217b6d0ba8ba10791caa6b9f.tar.lz spectre-meltdown-checker-ddc7197b868b8762217b6d0ba8ba10791caa6b9f.tar.xz spectre-meltdown-checker-ddc7197b868b8762217b6d0ba8ba10791caa6b9f.zip | |
fix(retpoline): retpoline-compiler detection
When kernel is not compiled with retpoline option, doesn't
have the sysfs vulnerability hierarchy and our heuristic to
detect a retpoline-aware compiler didn't match, change result
for retpoline-aware compiler detection from UNKNOWN to NO.
When CONFIG_RETPOLINE is not set, a retpoline-aware compiler
won't produce different asm than a standard one anyway.
| -rwxr-xr-x | spectre-meltdown-checker.sh | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/spectre-meltdown-checker.sh b/spectre-meltdown-checker.sh index a48716c..f73b92a 100755 --- a/spectre-meltdown-checker.sh +++ b/spectre-meltdown-checker.sh @@ -1131,7 +1131,7 @@ check_variant2() retpoline_compiler=1 pstatus green YES "kernel reports full retpoline compilation" else - pstatus yellow UNKNOWN + [ "$retpoline" = 1 ] && pstatus yellow UNKNOWN || pstatus red NO fi elif [ -n "$opt_map" ]; then # look for the symbol @@ -1139,7 +1139,7 @@ check_variant2() retpoline_compiler=1 pstatus green YES "noretpoline_setup symbol found in System.map" else - pstatus yellow UNKNOWN + [ "$retpoline" = 1 ] && pstatus yellow UNKNOWN || pstatus red NO fi elif [ -n "$vmlinux" ]; then # look for the symbol @@ -1149,7 +1149,7 @@ check_variant2() retpoline_compiler=1 pstatus green YES "noretpoline_setup found in vmlinux symbols" else - pstatus yellow UNKNOWN + [ "$retpoline" = 1 ] && pstatus yellow UNKNOWN || pstatus red NO fi elif grep -q noretpoline_setup "$vmlinux"; then # if we don't have nm, nevermind, the symbol name is long enough to not have @@ -1157,10 +1157,10 @@ check_variant2() retpoline_compiler=1 pstatus green YES "noretpoline_setup found in vmlinux" else - pstatus yellow UNKNOWN + [ "$retpoline" = 1 ] && pstatus yellow UNKNOWN || pstatus red NO fi else - pstatus yellow UNKNOWN "couldn't find your kernel image or System.map" + [ "$retpoline" = 1 ] && pstatus yellow UNKNOWN "couldn't find your kernel image or System.map" || pstatus red NO fi _info_nol "* Retpoline enabled: " |