Skip to content

Commit

Permalink
fix: don't make IBPB mandatory when it's not there
Browse files Browse the repository at this point in the history 
On some kernels there could be IBRS support but not
IBPB support, in that case, don't report VULN just
because IBPB is not enabled when IBRS is
  • Loading branch information
@speed47
speed47 committed Jan 24, 2018
1 parent 3b0ec99 commit 53b9eda
Showing 1 changed file with 4 additions and 0 deletions.
4 changes: 4 additions & 0 deletions spectre-meltdown-checker.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1011,6 +1011,7 @@ check_variant2()
ibpb_enabled=$(cat "$dir/ibpb_enabled" 2>/dev/null)
_debug "ibpb: found $dir/ibpb_enabled=$ibpb_enabled"
else
ibpb_enabled=-1
_debug "ibpb: no ibpb_enabled file in $dir"
fi
break
Expand Down Expand Up @@ -1193,6 +1194,9 @@ check_variant2()
elif [ "$opt_live" = 1 ]; then
if [ "$ibrs_enabled" = 1 -o "$ibrs_enabled" = 2 ] && [ "$ibpb_enabled" = 1 ]; then
pvulnstatus $cve OK "IBRS/IBPB are mitigating the vulnerability"
elif [ "$ibrs_enabled" = 1 -o "$ibrs_enabled" = 2 ] && [ "$ibpb_enabled" = -1 ]; then
# IBPB doesn't seem here on this kernel
pvulnstatus $cve OK "IBRS is mitigating the vulnerability"
elif [ "$ibpb_enabled" = 2 ]; then
pvulnstatus $cve OK "Full IBPB is mitigating the vulnerability"
else
Expand Down

0 comments on commit 53b9eda

Please sign in to comment.