aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* update README.md from upstreamHEADmasterJesús2019-07-311-10/+90
|
* update from upstreamJesús2019-07-311-1342/+4501
|
* minor fix | spaces removeJesús2018-02-211-3/+2
|
* release: bump to v0.35Jesús2018-02-211-2/+3
|
* feat(variant2): better explanation when kernel supports IBRS but CPU does notJesús2018-02-211-2/+3
|
* feat(readme): add quick run sectionJesús2018-02-211-0/+22
|
* feat(variant1): better detection for Red Hat/Ubuntu patchJesús2018-02-211-3/+44
|
* Remove the color in the titleJesús2018-02-211-1/+1
|
* fix(xen): declare Xen's PTI patch as a valid mitigation for variant3Jesús2018-02-141-1/+1
|
* fix(ucode): update blacklisted ucodes list from latest Intel infoJesús2018-02-141-6/+6
|
* fix name OS -> GNU/LinuxJesús Eduardo2018-02-111-2/+2
|
* fix indetationJesús Eduardo2018-02-111-1554/+1556
|
* Teach checker how to find kernels installed by systemd kernel-installCalvin Walton2018-02-101-0/+2
|
* fix(retpoline): remove the "retpoline enabled" testStéphane Lesimple2018-02-091-13/+0
| | | | | | | | This test worked for some early versions of the retpoline implementation in vanilla kernels, but the corresponding flag has been removed from /proc/cpuinfo in latest kernels. The full information is available in /sys instead, which was already implemented in the script.
* fix(ucode): update list of blacklisted ucodes from 2018-02-08 Intel documentStéphane Lesimple2018-02-091-2/+3
| | | | Removed 2 ucodes and added 2 other ones
* Update spectre-meltdown-checker.sh積丹尼 Dan Jacobson2018-02-061-1/+1
| | | Dots better than colon for indicating waiting.
* enh: show kernel version in offline modeStéphane Lesimple2018-02-021-1/+3
|
* feat: detect disrepancy between found kernel image and running kernelStéphane Lesimple2018-02-021-0/+12
|
* enh: speedup by not decompressing kernel on --sysfs-onlyStéphane Lesimple2018-02-021-0/+2
|
* feat: add skylake era cpu detection routineStéphane Lesimple2018-02-021-0/+26
|
* enh: lazy loading of cpu informationsStéphane Lesimple2018-02-021-18/+9
|
* feat: better cleanup routine on exit & interruptStéphane Lesimple2018-02-021-40/+12
|
* fix: ARM CPU display name & detectionStéphane Lesimple2018-02-021-5/+8
| | | | | | | Fix ARM CPU display name, and properly detect known vulnerable ARM CPUs when multiple different model cores are present (mostly Android phones)
* fix: --no-color workaround for android's sedStéphane Lesimple2018-02-021-2/+5
|
* release: bump to v0.34Stéphane Lesimple2018-01-311-1/+1
|
* enh: display ucode info even when not blacklistedStéphane Lesimple2018-01-311-3/+3
|
* cleanup: shellcheck passStéphane Lesimple2018-01-311-2/+5
|
* cleanup: remove superseded atom detection codeStéphane Lesimple2018-01-311-10/+1
| | | | | | This is now handled properly by checking the CPU vendor, family, model instead of looking for the commercial name of the CPU in /proc/cpuinfo
* feat: detect known speculative-execution free CPUsStéphane Lesimple2018-01-311-1/+40
| | | | | | Based on a kernel patch that has been merged to Linus' tree. Some of the detections we did by grepping the model name will probably no longer be needed.
* refacto: create a dedicated func to read cpuid bitsStéphane Lesimple2018-01-311-84/+63
|
* refacto: move cpu discovery bits to a dedicated functionStéphane Lesimple2018-01-311-35/+94
|
* fix(variant1): smarter lfence checkStéphane Lesimple2018-01-311-6/+8
| | | | | | Instead of just counting the number of LFENCE instructions, now we're only counting the those that directly follow a jump instruction.
* fix: regression introduced by previous commitStéphane Lesimple2018-01-311-0/+1
| | | | | | 449: ./spectre-meltdown-checker.sh: 3: parameter not set This happened only on blacklisted microcodes, fixed by adding set +u before the return
* update blacklisted ucode list from kernel sourceStéphane Lesimple2018-01-311-24/+28
|
* doc(disclaimer): Spectre affects all softwareStéphane Lesimple2018-01-302-4/+11
| | | | | | Add a paragraph in the disclaimer stating that this tool focuses on the kernel side of things, and that for Spectre, any software might be vulnerable.
* feat(variant1): detect vanilla mitigationStéphane Lesimple2018-01-301-26/+76
| | | | | | | | | | | Implement detection of mitigation for Variant 1 that is being pushed on vanilla kernel. Current name of the patch: "spectre variant1 mitigations for tip/x86/pti" (v6) Also detect some distros that already backported this patch without modifying the vulnerabilities sysfs hierarchy. This detection is more reliable than the LFENCE one, trust it and skip the LFENCE heuristic if a match is found.
* fix(cpu): Pentium Exxxx are vulnerable to MeltdownStéphane Lesimple2018-01-291-7/+9
|
* adjust: show how to enable IBRS/IBPB in -v onlyStéphane Lesimple2018-01-291-4/+19
|
* refacto: fix shellcheck warnings for better compatStéphane Lesimple2018-01-291-96/+140
| | | | | | Now `shellcheck -s sh` no longer shows any warnings. This should improve compatibility with exotic shells as long as they're POSIX compliant.
* Fix printing of microcode to use cpuinfo valuesJoseph Mulloy2018-01-261-3/+3
| | | | | | | | The values used should be the ones that come from cpuinfo instead of the test values. The following line will print the last tuple tested instead of the actual values of the CPU. Line 689: _debug "is_ucode_blacklisted: no ($model/$stepping/$ucode)"
* update: new screenshots for README.mdStéphane Lesimple2018-01-261-1/+11
|
* fix: report arch_capabilities as NO when no MSRStéphane Lesimple2018-01-261-2/+4
| | | | | | When the arch_capabilities MSR is not there, it means that all the features it might advertise can be considered as NO instead of UNKNOWN
* release: v0.33Stéphane Lesimple2018-01-261-1/+1
|
* feat: add blacklisted Intel ucode detectionStéphane Lesimple2018-01-261-0/+78
| | | | | | | Some Intel microcodes are known to cause instabilities such as random reboots. Intel advises to revert to a previous version if a newer one that fixes those issues is not available. Detect such known bad microcodes.
* fix: fallback to UNKNOWN when we get -EACCESStéphane Lesimple2018-01-261-8/+17
| | | | | For detection of IBRS_ALL and RDCL_NO, fallback to UNKNOWN when we were unable to read the CPUID or MSR.
* xen: detect if the host is a Xen Dom0 or PV DomU (fixes #83)Matthieu Cerda2018-01-251-22/+49
|
* fix(batch): fix regression introduced by acf12a6Stéphane Lesimple2018-01-241-14/+10
| | | | | | | In batch mode, $echo_cmd was not initialized early enough, and caused this error: ./spectre-meltdown-checker.sh: 899: ./spectre-meltdown-checker.sh: -ne: not found Fix it by initing echo_cmd unconditionally at the start
* feat(cpu) add STIBP, RDCL_NO, IBRS_ALL checksStéphane Lesimple2018-01-241-149/+235
| | | | | | | | | | Move all the CPU checks to their own section, for clarity. We now check for IBRS, IBPB, STIBP, RDCL_NO and IBRS_ALL. We also show whether the system CPU is vulnerable to the three variants, regardless of the fact that mitigations are in place or not, which is determined in each vuln- specific section.
* feat(stibp): add STIBP cpuid feature checkStéphane Lesimple2018-01-241-0/+38
|
* fix(cpuid): fix off-by-one SPEC_CTRL bit checkStéphane Lesimple2018-01-241-2/+2
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-04 06:58:34 +0000