From 5f650faffc3977282c7e4a41f5a2e57e5ef97b74 Mon Sep 17 00:00:00 2001 From: Thomas Merz Date: Wed, 30 Mar 2022 16:22:16 +0200 Subject: [PATCH 1/2] testing sh_checker_comment in PR --- spectre-meltdown-checker.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/spectre-meltdown-checker.sh b/spectre-meltdown-checker.sh index cbfe49c..3bacc6d 100755 --- a/spectre-meltdown-checker.sh +++ b/spectre-meltdown-checker.sh @@ -5652,9 +5652,9 @@ check_CVE_2018_12207_bsd() { if ! is_cpu_affected "$cve"; then # override status & msg in case CPU is not vulnerable after all pvulnstatus $cve OK "your CPU vendor reported your CPU model as not affected" - elif [ -z "$kernel_2m_x_ept" ]; then +elif [ -z "$kernel_2m_x_ept" ]; then pvulnstatus $cve VULN "Your kernel doesn't support mitigating this CVE, you should update it" - elif [ "$kernel_2m_x_ept" != 0 ]; then + elif [ $kernel_2m_x_ept != 0 ]; then pvulnstatus $cve VULN "Your kernel supports mitigating this CVE, but the mitigation is disabled" explain "To enable the mitigation, use 'sysctl vm.pmap.allow_2m_x_ept=0'" else From 3b62fba8468b9af7412270fabc76179a0469223f Mon Sep 17 00:00:00 2001 From: Thomas Merz Date: Wed, 30 Mar 2022 16:26:08 +0200 Subject: [PATCH 2/2] fix pipeline --- spectre-meltdown-checker.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/spectre-meltdown-checker.sh b/spectre-meltdown-checker.sh index 3bacc6d..cbfe49c 100755 --- a/spectre-meltdown-checker.sh +++ b/spectre-meltdown-checker.sh @@ -5652,9 +5652,9 @@ check_CVE_2018_12207_bsd() { if ! is_cpu_affected "$cve"; then # override status & msg in case CPU is not vulnerable after all pvulnstatus $cve OK "your CPU vendor reported your CPU model as not affected" -elif [ -z "$kernel_2m_x_ept" ]; then + elif [ -z "$kernel_2m_x_ept" ]; then pvulnstatus $cve VULN "Your kernel doesn't support mitigating this CVE, you should update it" - elif [ $kernel_2m_x_ept != 0 ]; then + elif [ "$kernel_2m_x_ept" != 0 ]; then pvulnstatus $cve VULN "Your kernel supports mitigating this CVE, but the mitigation is disabled" explain "To enable the mitigation, use 'sysctl vm.pmap.allow_2m_x_ept=0'" else