UNKNOWN (couldn't extract your kernel from /boot/vmlinuz-2.6.18-416.el5PAE)

[dbosanzio]

Hi, could you help me in fix this "UNKNOWN" problem?

Thanks:

Checking vulnerabilities against Linux 2.6.18-416.el5PAE #1 SMP Wed Oct 26 12:06:12 EDT 2016 i686

CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'

• Kernel compiled with LFENCE opcode inserted at the proper places: UNKNOWN (couldn't extract your kernel from /boot/vmlinuz-2.6.18-416.el5PAE)

  STATUS: UNKNOWN

[speed47]

does the file /boot/vmlinuz-2.6.18-416.el5PAE actually exist? If yes, what does file /boot/vmlinuz-2.6.18-416.el5PAE say?

I'm guessing it might be because you're missing some binaries to extract the kernel, @Alkorin is working on a PR to display a proper error+hint if this is the case.

[speed47]

Can you retry with the latest version (v0.16) ?

[pit65]

I have got the same in /boot/vmlinuz simply gzipped kernel

[Alkorin]

Which version of the script did you used @pit65 ? Could you upload the kernel somewhere ?

[dbosanzio]

Hi with the last version 0.17 i got now for variant 2 the following message:

Hardware (CPU microcode) support for mitigation: UNKNOWN (couldn't read /dev/cpu/0/msr, is msr support enabled in your kernel?)

./spectre-meltdown-checker.sh Spectre and Meltdown mitigation detection tool v0.17

Checking for vulnerabilities against live running kernel Linux 2.6.18-416.el5PAE #1 SMP Wed Oct 26 12:06:12 EDT 2016 i686 Will use vmlinux image /boot/vmlinuz-2.6.18-416.el5PAE Will use kconfig /boot/config-2.6.18-416.el5PAE Will use System.map file /boot/System.map-2.6.18-416.el5PAE

CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'

• Kernel compiled with LFENCE opcode inserted at the proper places: NO (only 0 opcodes found, should be >= 70)

  STATUS: VULNERABLE

CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'

• Mitigation 1
• Hardware (CPU microcode) support for mitigation: UNKNOWN (couldn't read /dev/cpu/0/msr, is msr support enabled in your kernel?)
• Kernel support for IBRS: NO
• IBRS enabled for Kernel space: NO
• IBRS enabled for User space: NO
• Mitigation 2
• Kernel compiled with retpoline option: NO
• Kernel compiled with a retpoline-aware compiler: NO

  STATUS: VULNERABLE (IBRS hardware + kernel support OR kernel with retpoline are needed to mitigate the vulnerability)

CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'

• Kernel supports Page Table Isolation (PTI): NO
• PTI enabled and active: NO

  STATUS: VULNERABLE (PTI is needed to mitigate the vulnerability)

[speed47]

So the couldn't extract your kernel from /boot/vmlinuz-2.6.18-416.el5PAE error seems to be fixed, good!

Your kernel seems old so I'm expecting to see NO on every check. The UNKNOWN you have about the MSR means the script can't access the available MSR list from your CPU. A quick look at the v2.6.18 source code seems to indicate that the msr module didn't exist back then, this would be why!

[speed47]

As the originally reported problem (can't extract kernel) has been fixed, and the vulnerable status of referenced kernel seems to be correct, I'm closing this issue.

Feel free to reopen if needed.

[dbosanzio]

Hi thanks for the first fix.

I think the smr is present in kernel 2.6,.18.X look at this:

https://github.com/lucyoa/kernel-exploits/tree/master/msr

https://www.exploit-db.com/exploits/27297/

Also in the source code of:

https://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.18.tar.gz

source code

```c linux-2.6.18/include/asm-x86_64/msr.h linux-2.6.18/include/asm-i386/msr.h linux-2.6.18/arch/i386/kernel/msr.c cat linux-2.6.18/include/asm-x86_64/msr.h #ifndef X86_64_MSR_H #define X86_64_MSR_H 1 #ifndef __ASSEMBLY__ /* * Access to machine-specific registers (available on 586 and better only) * Note: the rd* operations modify the parameters directly (without using * pointer indirection), this allows gcc to optimize better */ #define rdmsr(msr,val1,val2) \ __asm__ __volatile__("rdmsr" \ : "=a" (val1), "=d" (val2) \ : "c" (msr)) #define rdmsrl(msr,val) do { unsigned long a__,b__; \ __asm__ __volatile__("rdmsr" \ : "=a" (a__), "=d" (b__) \ : "c" (msr)); \ val = a__ | (b__<<32); \ } while(0) #define wrmsr(msr,val1,val2) \ __asm__ __volatile__("wrmsr" \ : /* no outputs */ \ : "c" (msr), "a" (val1), "d" (val2)) #define wrmsrl(msr,val) wrmsr(msr,(__u32)((__u64)(val)),((__u64)(val))>>32) /* wrmsr with exception handling */ #define wrmsr_safe(msr,a,b) ({ int ret__; \ asm volatile("2: wrmsr ; xorl %0,%0\n" \ "1:\n\t" \ ".section .fixup,\"ax\"\n\t" \ "3: movl %4,%0 ; jmp 1b\n\t" \ ".previous\n\t" \ ".section __ex_table,\"a\"\n" \ " .align 8\n\t" \ " .quad 2b,3b\n\t" \ ".previous" \ : "=a" (ret__) \ : "c" (msr), "0" (a), "d" (b), "i" (-EFAULT)); \ ret__; }) #define checking_wrmsrl(msr,val) wrmsr_safe(msr,(u32)(val),(u32)((val)>>32)) #define rdmsr_safe(msr,a,b) \ ({ int ret__; \ asm volatile ("1: rdmsr\n" \ "2:\n" \ ".section .fixup,\"ax\"\n" \ "3: movl %4,%0\n" \ " jmp 2b\n" \ ".previous\n" \ ".section __ex_table,\"a\"\n" \ " .align 8\n" \ " .quad 1b,3b\n" \ ".previous":"=&bDS" (ret__), "=a"(*(a)), "=d"(*(b))\ :"c"(msr), "i"(-EIO), "0"(0)); \ ret__; }) #define rdtsc(low,high) \ __asm__ __volatile__("rdtsc" : "=a" (low), "=d" (high)) #define rdtscl(low) \ __asm__ __volatile__ ("rdtsc" : "=a" (low) : : "edx") #define rdtscll(val) do { \ unsigned int __a,__d; \ asm volatile("rdtsc" : "=a" (__a), "=d" (__d)); \ (val) = ((unsigned long)__a) | (((unsigned long)__d)<<32); \ } while(0) #define write_tsc(val1,val2) wrmsr(0x10, val1, val2) #define rdpmc(counter,low,high) \ __asm__ __volatile__("rdpmc" \ : "=a" (low), "=d" (high) \ : "c" (counter)) static inline void cpuid(int op, unsigned int *eax, unsigned int *ebx, unsigned int *ecx, unsigned int *edx) { __asm__("cpuid" : "=a" (*eax), "=b" (*ebx), "=c" (*ecx), "=d" (*edx) : "0" (op)); } /* Some CPUID calls want 'count' to be placed in ecx */ static inline void cpuid_count(int op, int count, int *eax, int *ebx, int *ecx, int *edx) { __asm__("cpuid" : "=a" (*eax), "=b" (*ebx), "=c" (*ecx), "=d" (*edx) : "0" (op), "c" (count)); } /* * CPUID functions returning a single datum */ static inline unsigned int cpuid_eax(unsigned int op) { unsigned int eax; __asm__("cpuid" : "=a" (eax) : "0" (op) : "bx", "cx", "dx"); return eax; } static inline unsigned int cpuid_ebx(unsigned int op) { unsigned int eax, ebx; __asm__("cpuid" : "=a" (eax), "=b" (ebx) : "0" (op) : "cx", "dx" ); return ebx; } static inline unsigned int cpuid_ecx(unsigned int op) { unsigned int eax, ecx; __asm__("cpuid" : "=a" (eax), "=c" (ecx) : "0" (op) : "bx", "dx" ); return ecx; } static inline unsigned int cpuid_edx(unsigned int op) { unsigned int eax, edx; __asm__("cpuid" : "=a" (eax), "=d" (edx) : "0" (op) : "bx", "cx"); return edx; } #define MSR_IA32_UCODE_WRITE 0x79 #define MSR_IA32_UCODE_REV 0x8b #endif /* AMD/K8 specific MSRs */ #define MSR_EFER 0xc0000080 /* extended feature register */ #define MSR_STAR 0xc0000081 /* legacy mode SYSCALL target */ #define MSR_LSTAR 0xc0000082 /* long mode SYSCALL target */ #define MSR_CSTAR 0xc0000083 /* compatibility mode SYSCALL target */ #define MSR_SYSCALL_MASK 0xc0000084 /* EFLAGS mask for syscall */ #define MSR_FS_BASE 0xc0000100 /* 64bit GS base */ #define MSR_GS_BASE 0xc0000101 /* 64bit FS base */ #define MSR_KERNEL_GS_BASE 0xc0000102 /* SwapGS GS shadow (or USER_GS from kernel) */ /* EFER bits: */ #define _EFER_SCE 0 /* SYSCALL/SYSRET */ #define _EFER_LME 8 /* Long mode enable */ #define _EFER_LMA 10 /* Long mode active (read-only) */ #define _EFER_NX 11 /* No execute enable */ #define EFER_SCE (1<<_EFER_SCE) #define EFER_LME (1<<_EFER_LME) #define EFER_LMA (1<<_EFER_LMA) #define EFER_NX (1<<_EFER_NX) /* Intel MSRs. Some also available on other CPUs */ #define MSR_IA32_TSC 0x10 #define MSR_IA32_PLATFORM_ID 0x17 #define MSR_IA32_PERFCTR0 0xc1 #define MSR_IA32_PERFCTR1 0xc2 #define MSR_MTRRcap 0x0fe #define MSR_IA32_BBL_CR_CTL 0x119 #define MSR_IA32_SYSENTER_CS 0x174 #define MSR_IA32_SYSENTER_ESP 0x175 #define MSR_IA32_SYSENTER_EIP 0x176 #define MSR_IA32_MCG_CAP 0x179 #define MSR_IA32_MCG_STATUS 0x17a #define MSR_IA32_MCG_CTL 0x17b #define MSR_IA32_EVNTSEL0 0x186 #define MSR_IA32_EVNTSEL1 0x187 #define MSR_IA32_DEBUGCTLMSR 0x1d9 #define MSR_IA32_LASTBRANCHFROMIP 0x1db #define MSR_IA32_LASTBRANCHTOIP 0x1dc #define MSR_IA32_LASTINTFROMIP 0x1dd #define MSR_IA32_LASTINTTOIP 0x1de #define MSR_MTRRfix64K_00000 0x250 #define MSR_MTRRfix16K_80000 0x258 #define MSR_MTRRfix16K_A0000 0x259 #define MSR_MTRRfix4K_C0000 0x268 #define MSR_MTRRfix4K_C8000 0x269 #define MSR_MTRRfix4K_D0000 0x26a #define MSR_MTRRfix4K_D8000 0x26b #define MSR_MTRRfix4K_E0000 0x26c #define MSR_MTRRfix4K_E8000 0x26d #define MSR_MTRRfix4K_F0000 0x26e #define MSR_MTRRfix4K_F8000 0x26f #define MSR_MTRRdefType 0x2ff #define MSR_IA32_MC0_CTL 0x400 #define MSR_IA32_MC0_STATUS 0x401 #define MSR_IA32_MC0_ADDR 0x402 #define MSR_IA32_MC0_MISC 0x403 #define MSR_P6_PERFCTR0 0xc1 #define MSR_P6_PERFCTR1 0xc2 #define MSR_P6_EVNTSEL0 0x186 #define MSR_P6_EVNTSEL1 0x187 /* K7/K8 MSRs. Not complete. See the architecture manual for a more complete list. */ #define MSR_K7_EVNTSEL0 0xC0010000 #define MSR_K7_PERFCTR0 0xC0010004 #define MSR_K7_EVNTSEL1 0xC0010001 #define MSR_K7_PERFCTR1 0xC0010005 #define MSR_K7_EVNTSEL2 0xC0010002 #define MSR_K7_PERFCTR2 0xC0010006 #define MSR_K7_EVNTSEL3 0xC0010003 #define MSR_K7_PERFCTR3 0xC0010007 #define MSR_K8_TOP_MEM1 0xC001001A #define MSR_K8_TOP_MEM2 0xC001001D #define MSR_K8_SYSCFG 0xC0010010 #define MSR_K8_HWCR 0xC0010015 /* K6 MSRs */ #define MSR_K6_EFER 0xC0000080 #define MSR_K6_STAR 0xC0000081 #define MSR_K6_WHCR 0xC0000082 #define MSR_K6_UWCCR 0xC0000085 #define MSR_K6_PSOR 0xC0000087 #define MSR_K6_PFIR 0xC0000088 /* Centaur-Hauls/IDT defined MSRs. */ #define MSR_IDT_FCR1 0x107 #define MSR_IDT_FCR2 0x108 #define MSR_IDT_FCR3 0x109 #define MSR_IDT_FCR4 0x10a #define MSR_IDT_MCR0 0x110 #define MSR_IDT_MCR1 0x111 #define MSR_IDT_MCR2 0x112 #define MSR_IDT_MCR3 0x113 #define MSR_IDT_MCR4 0x114 #define MSR_IDT_MCR5 0x115 #define MSR_IDT_MCR6 0x116 #define MSR_IDT_MCR7 0x117 #define MSR_IDT_MCR_CTRL 0x120 /* VIA Cyrix defined MSRs*/ #define MSR_VIA_FCR 0x1107 #define MSR_VIA_LONGHAUL 0x110a #define MSR_VIA_RNG 0x110b #define MSR_VIA_BCR2 0x1147 /* Intel defined MSRs. */ #define MSR_IA32_P5_MC_ADDR 0 #define MSR_IA32_P5_MC_TYPE 1 #define MSR_IA32_PLATFORM_ID 0x17 #define MSR_IA32_EBL_CR_POWERON 0x2a #define MSR_IA32_APICBASE 0x1b #define MSR_IA32_APICBASE_BSP (1<<8) #define MSR_IA32_APICBASE_ENABLE (1<<11) #define MSR_IA32_APICBASE_BASE (0xfffff<<12) /* P4/Xeon+ specific */ #define MSR_IA32_MCG_EAX 0x180 #define MSR_IA32_MCG_EBX 0x181 #define MSR_IA32_MCG_ECX 0x182 #define MSR_IA32_MCG_EDX 0x183 #define MSR_IA32_MCG_ESI 0x184 #define MSR_IA32_MCG_EDI 0x185 #define MSR_IA32_MCG_EBP 0x186 #define MSR_IA32_MCG_ESP 0x187 #define MSR_IA32_MCG_EFLAGS 0x188 #define MSR_IA32_MCG_EIP 0x189 #define MSR_IA32_MCG_RESERVED 0x18A #define MSR_P6_EVNTSEL0 0x186 #define MSR_P6_EVNTSEL1 0x187 #define MSR_IA32_PERF_STATUS 0x198 #define MSR_IA32_PERF_CTL 0x199 #define MSR_IA32_THERM_CONTROL 0x19a #define MSR_IA32_THERM_INTERRUPT 0x19b #define MSR_IA32_THERM_STATUS 0x19c #define MSR_IA32_MISC_ENABLE 0x1a0 #define MSR_IA32_DEBUGCTLMSR 0x1d9 #define MSR_IA32_LASTBRANCHFROMIP 0x1db #define MSR_IA32_LASTBRANCHTOIP 0x1dc #define MSR_IA32_LASTINTFROMIP 0x1dd #define MSR_IA32_LASTINTTOIP 0x1de #define MSR_IA32_MC0_CTL 0x400 #define MSR_IA32_MC0_STATUS 0x401 #define MSR_IA32_MC0_ADDR 0x402 #define MSR_IA32_MC0_MISC 0x403 /* Pentium IV performance counter MSRs */ #define MSR_P4_BPU_PERFCTR0 0x300 #define MSR_P4_BPU_PERFCTR1 0x301 #define MSR_P4_BPU_PERFCTR2 0x302 #define MSR_P4_BPU_PERFCTR3 0x303 #define MSR_P4_MS_PERFCTR0 0x304 #define MSR_P4_MS_PERFCTR1 0x305 #define MSR_P4_MS_PERFCTR2 0x306 #define MSR_P4_MS_PERFCTR3 0x307 #define MSR_P4_FLAME_PERFCTR0 0x308 #define MSR_P4_FLAME_PERFCTR1 0x309 #define MSR_P4_FLAME_PERFCTR2 0x30a #define MSR_P4_FLAME_PERFCTR3 0x30b #define MSR_P4_IQ_PERFCTR0 0x30c #define MSR_P4_IQ_PERFCTR1 0x30d #define MSR_P4_IQ_PERFCTR2 0x30e #define MSR_P4_IQ_PERFCTR3 0x30f #define MSR_P4_IQ_PERFCTR4 0x310 #define MSR_P4_IQ_PERFCTR5 0x311 #define MSR_P4_BPU_CCCR0 0x360 #define MSR_P4_BPU_CCCR1 0x361 #define MSR_P4_BPU_CCCR2 0x362 #define MSR_P4_BPU_CCCR3 0x363 #define MSR_P4_MS_CCCR0 0x364 #define MSR_P4_MS_CCCR1 0x365 #define MSR_P4_MS_CCCR2 0x366 #define MSR_P4_MS_CCCR3 0x367 #define MSR_P4_FLAME_CCCR0 0x368 #define MSR_P4_FLAME_CCCR1 0x369 #define MSR_P4_FLAME_CCCR2 0x36a #define MSR_P4_FLAME_CCCR3 0x36b #define MSR_P4_IQ_CCCR0 0x36c #define MSR_P4_IQ_CCCR1 0x36d #define MSR_P4_IQ_CCCR2 0x36e #define MSR_P4_IQ_CCCR3 0x36f #define MSR_P4_IQ_CCCR4 0x370 #define MSR_P4_IQ_CCCR5 0x371 #define MSR_P4_ALF_ESCR0 0x3ca #define MSR_P4_ALF_ESCR1 0x3cb #define MSR_P4_BPU_ESCR0 0x3b2 #define MSR_P4_BPU_ESCR1 0x3b3 #define MSR_P4_BSU_ESCR0 0x3a0 #define MSR_P4_BSU_ESCR1 0x3a1 #define MSR_P4_CRU_ESCR0 0x3b8 #define MSR_P4_CRU_ESCR1 0x3b9 #define MSR_P4_CRU_ESCR2 0x3cc #define MSR_P4_CRU_ESCR3 0x3cd #define MSR_P4_CRU_ESCR4 0x3e0 #define MSR_P4_CRU_ESCR5 0x3e1 #define MSR_P4_DAC_ESCR0 0x3a8 #define MSR_P4_DAC_ESCR1 0x3a9 #define MSR_P4_FIRM_ESCR0 0x3a4 #define MSR_P4_FIRM_ESCR1 0x3a5 #define MSR_P4_FLAME_ESCR0 0x3a6 #define MSR_P4_FLAME_ESCR1 0x3a7 #define MSR_P4_FSB_ESCR0 0x3a2 #define MSR_P4_FSB_ESCR1 0x3a3 #define MSR_P4_IQ_ESCR0 0x3ba #define MSR_P4_IQ_ESCR1 0x3bb #define MSR_P4_IS_ESCR0 0x3b4 #define MSR_P4_IS_ESCR1 0x3b5 #define MSR_P4_ITLB_ESCR0 0x3b6 #define MSR_P4_ITLB_ESCR1 0x3b7 #define MSR_P4_IX_ESCR0 0x3c8 #define MSR_P4_IX_ESCR1 0x3c9 #define MSR_P4_MOB_ESCR0 0x3aa #define MSR_P4_MOB_ESCR1 0x3ab #define MSR_P4_MS_ESCR0 0x3c0 #define MSR_P4_MS_ESCR1 0x3c1 #define MSR_P4_PMH_ESCR0 0x3ac #define MSR_P4_PMH_ESCR1 0x3ad #define MSR_P4_RAT_ESCR0 0x3bc #define MSR_P4_RAT_ESCR1 0x3bd #define MSR_P4_SAAT_ESCR0 0x3ae #define MSR_P4_SAAT_ESCR1 0x3af #define MSR_P4_SSU_ESCR0 0x3be #define MSR_P4_SSU_ESCR1 0x3bf /* guess: not defined in manual */ #define MSR_P4_TBPU_ESCR0 0x3c2 #define MSR_P4_TBPU_ESCR1 0x3c3 #define MSR_P4_TC_ESCR0 0x3c4 #define MSR_P4_TC_ESCR1 0x3c5 #define MSR_P4_U2L_ESCR0 0x3b0 #define MSR_P4_U2L_ESCR1 0x3b1 #endif cat linux-2.6.18/include/asm-i386/msr.h #ifndef __ASM_MSR_H #define __ASM_MSR_H /* * Access to machine-specific registers (available on 586 and better only) * Note: the rd* operations modify the parameters directly (without using * pointer indirection), this allows gcc to optimize better */ #define rdmsr(msr,val1,val2) \ __asm__ __volatile__("rdmsr" \ : "=a" (val1), "=d" (val2) \ : "c" (msr)) #define wrmsr(msr,val1,val2) \ __asm__ __volatile__("wrmsr" \ : /* no outputs */ \ : "c" (msr), "a" (val1), "d" (val2)) #define rdmsrl(msr,val) do { \ unsigned long l__,h__; \ rdmsr (msr, l__, h__); \ val = l__; \ val |= ((u64)h__<<32); \ } while(0) static inline void wrmsrl (unsigned long msr, unsigned long long val) { unsigned long lo, hi; lo = (unsigned long) val; hi = val >> 32; wrmsr (msr, lo, hi); } /* wrmsr with exception handling */ #define wrmsr_safe(msr,a,b) ({ int ret__; \ asm volatile("2: wrmsr ; xorl %0,%0\n" \ "1:\n\t" \ ".section .fixup,\"ax\"\n\t" \ "3: movl %4,%0 ; jmp 1b\n\t" \ ".previous\n\t" \ ".section __ex_table,\"a\"\n" \ " .align 4\n\t" \ " .long 2b,3b\n\t" \ ".previous" \ : "=a" (ret__) \ : "c" (msr), "0" (a), "d" (b), "i" (-EFAULT));\ ret__; }) /* rdmsr with exception handling */ #define rdmsr_safe(msr,a,b) ({ int ret__; \ asm volatile("2: rdmsr ; xorl %0,%0\n" \ "1:\n\t" \ ".section .fixup,\"ax\"\n\t" \ "3: movl %4,%0 ; jmp 1b\n\t" \ ".previous\n\t" \ ".section __ex_table,\"a\"\n" \ " .align 4\n\t" \ " .long 2b,3b\n\t" \ ".previous" \ : "=r" (ret__), "=a" (*(a)), "=d" (*(b)) \ : "c" (msr), "i" (-EFAULT));\ ret__; }) #define rdtsc(low,high) \ __asm__ __volatile__("rdtsc" : "=a" (low), "=d" (high)) #define rdtscl(low) \ __asm__ __volatile__("rdtsc" : "=a" (low) : : "edx") #define rdtscll(val) \ __asm__ __volatile__("rdtsc" : "=A" (val)) #define write_tsc(val1,val2) wrmsr(0x10, val1, val2) #define rdpmc(counter,low,high) \ __asm__ __volatile__("rdpmc" \ : "=a" (low), "=d" (high) \ : "c" (counter)) /* symbolic names for some interesting MSRs */ /* Intel defined MSRs. */ #define MSR_IA32_P5_MC_ADDR 0 #define MSR_IA32_P5_MC_TYPE 1 #define MSR_IA32_PLATFORM_ID 0x17 #define MSR_IA32_EBL_CR_POWERON 0x2a #define MSR_IA32_APICBASE 0x1b #define MSR_IA32_APICBASE_BSP (1<<8) #define MSR_IA32_APICBASE_ENABLE (1<<11) #define MSR_IA32_APICBASE_BASE (0xfffff<<12) #define MSR_IA32_UCODE_WRITE 0x79 #define MSR_IA32_UCODE_REV 0x8b #define MSR_P6_PERFCTR0 0xc1 #define MSR_P6_PERFCTR1 0xc2 #define MSR_IA32_BBL_CR_CTL 0x119 #define MSR_IA32_SYSENTER_CS 0x174 #define MSR_IA32_SYSENTER_ESP 0x175 #define MSR_IA32_SYSENTER_EIP 0x176 #define MSR_IA32_MCG_CAP 0x179 #define MSR_IA32_MCG_STATUS 0x17a #define MSR_IA32_MCG_CTL 0x17b /* P4/Xeon+ specific */ #define MSR_IA32_MCG_EAX 0x180 #define MSR_IA32_MCG_EBX 0x181 #define MSR_IA32_MCG_ECX 0x182 #define MSR_IA32_MCG_EDX 0x183 #define MSR_IA32_MCG_ESI 0x184 #define MSR_IA32_MCG_EDI 0x185 #define MSR_IA32_MCG_EBP 0x186 #define MSR_IA32_MCG_ESP 0x187 #define MSR_IA32_MCG_EFLAGS 0x188 #define MSR_IA32_MCG_EIP 0x189 #define MSR_IA32_MCG_RESERVED 0x18A #define MSR_P6_EVNTSEL0 0x186 #define MSR_P6_EVNTSEL1 0x187 #define MSR_IA32_PERF_STATUS 0x198 #define MSR_IA32_PERF_CTL 0x199 #define MSR_IA32_THERM_CONTROL 0x19a #define MSR_IA32_THERM_INTERRUPT 0x19b #define MSR_IA32_THERM_STATUS 0x19c #define MSR_IA32_MISC_ENABLE 0x1a0 #define MSR_IA32_DEBUGCTLMSR 0x1d9 #define MSR_IA32_LASTBRANCHFROMIP 0x1db #define MSR_IA32_LASTBRANCHTOIP 0x1dc #define MSR_IA32_LASTINTFROMIP 0x1dd #define MSR_IA32_LASTINTTOIP 0x1de #define MSR_IA32_MC0_CTL 0x400 #define MSR_IA32_MC0_STATUS 0x401 #define MSR_IA32_MC0_ADDR 0x402 #define MSR_IA32_MC0_MISC 0x403 /* Pentium IV performance counter MSRs */ #define MSR_P4_BPU_PERFCTR0 0x300 #define MSR_P4_BPU_PERFCTR1 0x301 #define MSR_P4_BPU_PERFCTR2 0x302 #define MSR_P4_BPU_PERFCTR3 0x303 #define MSR_P4_MS_PERFCTR0 0x304 #define MSR_P4_MS_PERFCTR1 0x305 #define MSR_P4_MS_PERFCTR2 0x306 #define MSR_P4_MS_PERFCTR3 0x307 #define MSR_P4_FLAME_PERFCTR0 0x308 #define MSR_P4_FLAME_PERFCTR1 0x309 #define MSR_P4_FLAME_PERFCTR2 0x30a #define MSR_P4_FLAME_PERFCTR3 0x30b #define MSR_P4_IQ_PERFCTR0 0x30c #define MSR_P4_IQ_PERFCTR1 0x30d #define MSR_P4_IQ_PERFCTR2 0x30e #define MSR_P4_IQ_PERFCTR3 0x30f #define MSR_P4_IQ_PERFCTR4 0x310 #define MSR_P4_IQ_PERFCTR5 0x311 #define MSR_P4_BPU_CCCR0 0x360 #define MSR_P4_BPU_CCCR1 0x361 #define MSR_P4_BPU_CCCR2 0x362 #define MSR_P4_BPU_CCCR3 0x363 #define MSR_P4_MS_CCCR0 0x364 #define MSR_P4_MS_CCCR1 0x365 #define MSR_P4_MS_CCCR2 0x366 #define MSR_P4_MS_CCCR3 0x367 #define MSR_P4_FLAME_CCCR0 0x368 #define MSR_P4_FLAME_CCCR1 0x369 #define MSR_P4_FLAME_CCCR2 0x36a #define MSR_P4_FLAME_CCCR3 0x36b #define MSR_P4_IQ_CCCR0 0x36c #define MSR_P4_IQ_CCCR1 0x36d #define MSR_P4_IQ_CCCR2 0x36e #define MSR_P4_IQ_CCCR3 0x36f #define MSR_P4_IQ_CCCR4 0x370 #define MSR_P4_IQ_CCCR5 0x371 #define MSR_P4_ALF_ESCR0 0x3ca #define MSR_P4_ALF_ESCR1 0x3cb #define MSR_P4_BPU_ESCR0 0x3b2 #define MSR_P4_BPU_ESCR1 0x3b3 #define MSR_P4_BSU_ESCR0 0x3a0 #define MSR_P4_BSU_ESCR1 0x3a1 #define MSR_P4_CRU_ESCR0 0x3b8 #define MSR_P4_CRU_ESCR1 0x3b9 #define MSR_P4_CRU_ESCR2 0x3cc #define MSR_P4_CRU_ESCR3 0x3cd #define MSR_P4_CRU_ESCR4 0x3e0 #define MSR_P4_CRU_ESCR5 0x3e1 #define MSR_P4_DAC_ESCR0 0x3a8 #define MSR_P4_DAC_ESCR1 0x3a9 #define MSR_P4_FIRM_ESCR0 0x3a4 #define MSR_P4_FIRM_ESCR1 0x3a5 #define MSR_P4_FLAME_ESCR0 0x3a6 #define MSR_P4_FLAME_ESCR1 0x3a7 #define MSR_P4_FSB_ESCR0 0x3a2 #define MSR_P4_FSB_ESCR1 0x3a3 #define MSR_P4_IQ_ESCR0 0x3ba #define MSR_P4_IQ_ESCR1 0x3bb #define MSR_P4_IS_ESCR0 0x3b4 #define MSR_P4_IS_ESCR1 0x3b5 #define MSR_P4_ITLB_ESCR0 0x3b6 #define MSR_P4_ITLB_ESCR1 0x3b7 #define MSR_P4_IX_ESCR0 0x3c8 #define MSR_P4_IX_ESCR1 0x3c9 #define MSR_P4_MOB_ESCR0 0x3aa #define MSR_P4_MOB_ESCR1 0x3ab #define MSR_P4_MS_ESCR0 0x3c0 #define MSR_P4_MS_ESCR1 0x3c1 #define MSR_P4_PMH_ESCR0 0x3ac #define MSR_P4_PMH_ESCR1 0x3ad #define MSR_P4_RAT_ESCR0 0x3bc #define MSR_P4_RAT_ESCR1 0x3bd #define MSR_P4_SAAT_ESCR0 0x3ae #define MSR_P4_SAAT_ESCR1 0x3af #define MSR_P4_SSU_ESCR0 0x3be #define MSR_P4_SSU_ESCR1 0x3bf /* guess: not defined in manual */ #define MSR_P4_TBPU_ESCR0 0x3c2 #define MSR_P4_TBPU_ESCR1 0x3c3 #define MSR_P4_TC_ESCR0 0x3c4 #define MSR_P4_TC_ESCR1 0x3c5 #define MSR_P4_U2L_ESCR0 0x3b0 #define MSR_P4_U2L_ESCR1 0x3b1 /* AMD Defined MSRs */ #define MSR_K6_EFER 0xC0000080 #define MSR_K6_STAR 0xC0000081 #define MSR_K6_WHCR 0xC0000082 #define MSR_K6_UWCCR 0xC0000085 #define MSR_K6_EPMR 0xC0000086 #define MSR_K6_PSOR 0xC0000087 #define MSR_K6_PFIR 0xC0000088 #define MSR_K7_EVNTSEL0 0xC0010000 #define MSR_K7_EVNTSEL1 0xC0010001 #define MSR_K7_EVNTSEL2 0xC0010002 #define MSR_K7_EVNTSEL3 0xC0010003 #define MSR_K7_PERFCTR0 0xC0010004 #define MSR_K7_PERFCTR1 0xC0010005 #define MSR_K7_PERFCTR2 0xC0010006 #define MSR_K7_PERFCTR3 0xC0010007 #define MSR_K7_HWCR 0xC0010015 #define MSR_K7_CLK_CTL 0xC001001b #define MSR_K7_FID_VID_CTL 0xC0010041 #define MSR_K7_FID_VID_STATUS 0xC0010042 /* extended feature register */ #define MSR_EFER 0xc0000080 /* EFER bits: */ /* Execute Disable enable */ #define _EFER_NX 11 #define EFER_NX (1<<_EFER_NX) /* Centaur-Hauls/IDT defined MSRs. */ #define MSR_IDT_FCR1 0x107 #define MSR_IDT_FCR2 0x108 #define MSR_IDT_FCR3 0x109 #define MSR_IDT_FCR4 0x10a #define MSR_IDT_MCR0 0x110 #define MSR_IDT_MCR1 0x111 #define MSR_IDT_MCR2 0x112 #define MSR_IDT_MCR3 0x113 #define MSR_IDT_MCR4 0x114 #define MSR_IDT_MCR5 0x115 #define MSR_IDT_MCR6 0x116 #define MSR_IDT_MCR7 0x117 #define MSR_IDT_MCR_CTRL 0x120 /* VIA Cyrix defined MSRs*/ #define MSR_VIA_FCR 0x1107 #define MSR_VIA_LONGHAUL 0x110a #define MSR_VIA_RNG 0x110b #define MSR_VIA_BCR2 0x1147 /* Transmeta defined MSRs */ #define MSR_TMTA_LONGRUN_CTRL 0x80868010 #define MSR_TMTA_LONGRUN_FLAGS 0x80868011 #define MSR_TMTA_LRTI_READOUT 0x80868018 #define MSR_TMTA_LRTI_VOLT_MHZ 0x8086801a #endif /* __ASM_MSR_H */ cat linux-2.6.18/arch/i386/kernel/msr.c /* ----------------------------------------------------------------------- * * * Copyright 2000 H. Peter Anvin - All Rights Reserved * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, Inc., 675 Mass Ave, Cambridge MA 02139, * USA; either version 2 of the License, or (at your option) any later * version; incorporated herein by reference. * * ----------------------------------------------------------------------- */ /* * msr.c * * x86 MSR access device * * This device is accessed by lseek() to the appropriate register number * and then read/write in chunks of 8 bytes. A larger size means multiple * reads or writes of the same register. * * This driver uses /dev/cpu/%d/msr where %d is the minor number, and on * an SMP box will direct the access to CPU %d. */ #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static struct class *msr_class; static inline int wrmsr_eio(u32 reg, u32 eax, u32 edx) { int err; err = wrmsr_safe(reg, eax, edx); if (err) err = -EIO; return err; } static inline int rdmsr_eio(u32 reg, u32 *eax, u32 *edx) { int err; err = rdmsr_safe(reg, eax, edx); if (err) err = -EIO; return err; } #ifdef CONFIG_SMP struct msr_command { int cpu; int err; u32 reg; u32 data[2]; }; static void msr_smp_wrmsr(void *cmd_block) { struct msr_command *cmd = (struct msr_command *)cmd_block; if (cmd->cpu == smp_processor_id()) cmd->err = wrmsr_eio(cmd->reg, cmd->data[0], cmd->data[1]); } static void msr_smp_rdmsr(void *cmd_block) { struct msr_command *cmd = (struct msr_command *)cmd_block; if (cmd->cpu == smp_processor_id()) cmd->err = rdmsr_eio(cmd->reg, &cmd->data[0], &cmd->data[1]); } static inline int do_wrmsr(int cpu, u32 reg, u32 eax, u32 edx) { struct msr_command cmd; int ret; preempt_disable(); if (cpu == smp_processor_id()) { ret = wrmsr_eio(reg, eax, edx); } else { cmd.cpu = cpu; cmd.reg = reg; cmd.data[0] = eax; cmd.data[1] = edx; smp_call_function(msr_smp_wrmsr, &cmd, 1, 1); ret = cmd.err; } preempt_enable(); return ret; } static inline int do_rdmsr(int cpu, u32 reg, u32 * eax, u32 * edx) { struct msr_command cmd; int ret; preempt_disable(); if (cpu == smp_processor_id()) { ret = rdmsr_eio(reg, eax, edx); } else { cmd.cpu = cpu; cmd.reg = reg; smp_call_function(msr_smp_rdmsr, &cmd, 1, 1); *eax = cmd.data[0]; *edx = cmd.data[1]; ret = cmd.err; } preempt_enable(); return ret; } #else /* ! CONFIG_SMP */ static inline int do_wrmsr(int cpu, u32 reg, u32 eax, u32 edx) { return wrmsr_eio(reg, eax, edx); } static inline int do_rdmsr(int cpu, u32 reg, u32 *eax, u32 *edx) { return rdmsr_eio(reg, eax, edx); } #endif /* ! CONFIG_SMP */ static loff_t msr_seek(struct file *file, loff_t offset, int orig) { loff_t ret = -EINVAL; lock_kernel(); switch (orig) { case 0: file->f_pos = offset; ret = file->f_pos; break; case 1: file->f_pos += offset; ret = file->f_pos; } unlock_kernel(); return ret; } static ssize_t msr_read(struct file *file, char __user * buf, size_t count, loff_t * ppos) { u32 __user *tmp = (u32 __user *) buf; u32 data[2]; u32 reg = *ppos; int cpu = iminor(file->f_dentry->d_inode); int err; if (count % 8) return -EINVAL; /* Invalid chunk size */ for (; count; count -= 8) { err = do_rdmsr(cpu, reg, &data[0], &data[1]); if (err) return err; if (copy_to_user(tmp, &data, 8)) return -EFAULT; tmp += 2; } return ((char __user *)tmp) - buf; } static ssize_t msr_write(struct file *file, const char __user *buf, size_t count, loff_t *ppos) { const u32 __user *tmp = (const u32 __user *)buf; u32 data[2]; size_t rv; u32 reg = *ppos; int cpu = iminor(file->f_dentry->d_inode); int err; if (count % 8) return -EINVAL; /* Invalid chunk size */ for (rv = 0; count; count -= 8) { if (copy_from_user(&data, tmp, 8)) return -EFAULT; err = do_wrmsr(cpu, reg, data[0], data[1]); if (err) return err; tmp += 2; } return ((char __user *)tmp) - buf; } static int msr_open(struct inode *inode, struct file *file) { unsigned int cpu = iminor(file->f_dentry->d_inode); struct cpuinfo_x86 *c = &(cpu_data)[cpu]; if (cpu >= NR_CPUS || !cpu_online(cpu)) return -ENXIO; /* No such CPU */ if (!cpu_has(c, X86_FEATURE_MSR)) return -EIO; /* MSR not supported */ return 0; } /* * File operations we support */ static struct file_operations msr_fops = { .owner = THIS_MODULE, .llseek = msr_seek, .read = msr_read, .write = msr_write, .open = msr_open, }; static int msr_class_device_create(int i) { int err = 0; struct class_device *class_err; class_err = class_device_create(msr_class, NULL, MKDEV(MSR_MAJOR, i), NULL, "msr%d",i); if (IS_ERR(class_err)) err = PTR_ERR(class_err); return err; } #ifdef CONFIG_HOTPLUG_CPU static int msr_class_cpu_callback(struct notifier_block *nfb, unsigned long action, void *hcpu) { unsigned int cpu = (unsigned long)hcpu; switch (action) { case CPU_ONLINE: msr_class_device_create(cpu); break; case CPU_DEAD: class_device_destroy(msr_class, MKDEV(MSR_MAJOR, cpu)); break; } return NOTIFY_OK; } static struct notifier_block __cpuinitdata msr_class_cpu_notifier = { .notifier_call = msr_class_cpu_callback, }; #endif static int __init msr_init(void) { int i, err = 0; i = 0; if (register_chrdev(MSR_MAJOR, "cpu/msr", &msr_fops)) { printk(KERN_ERR "msr: unable to get major %d for msr\n", MSR_MAJOR); err = -EBUSY; goto out; } msr_class = class_create(THIS_MODULE, "msr"); if (IS_ERR(msr_class)) { err = PTR_ERR(msr_class); goto out_chrdev; } for_each_online_cpu(i) { err = msr_class_device_create(i); if (err != 0) goto out_class; } register_hotcpu_notifier(&msr_class_cpu_notifier); err = 0; goto out; out_class: i = 0; for_each_online_cpu(i) class_device_destroy(msr_class, MKDEV(MSR_MAJOR, i)); class_destroy(msr_class); out_chrdev: unregister_chrdev(MSR_MAJOR, "cpu/msr"); out: return err; } static void __exit msr_exit(void) { int cpu = 0; for_each_online_cpu(cpu) class_device_destroy(msr_class, MKDEV(MSR_MAJOR, cpu)); class_destroy(msr_class); unregister_chrdev(MSR_MAJOR, "cpu/msr"); unregister_hotcpu_notifier(&msr_class_cpu_notifier); } module_init(msr_init); module_exit(msr_exit) MODULE_AUTHOR("H. Peter Anvin "); MODULE_DESCRIPTION("x86 generic MSR driver"); MODULE_LICENSE("GPL"); ```

end in these files:

grep -rilw msr linux-2.6.18/*

file list

``` linux-2.6.18/arch/frv/kernel/asm-offsets.c linux-2.6.18/arch/frv/kernel/gdb-io.c linux-2.6.18/arch/frv/kernel/debug-stub.c linux-2.6.18/arch/frv/kernel/gdb-stub.c linux-2.6.18/arch/m68k/bvme6000/config.c linux-2.6.18/arch/m68k/bvme6000/rtc.c linux-2.6.18/arch/ppc/kernel/head_booke.h linux-2.6.18/arch/ppc/kernel/head_4xx.S linux-2.6.18/arch/ppc/kernel/asm-offsets.c linux-2.6.18/arch/ppc/kernel/cpu_setup_power4.S linux-2.6.18/arch/ppc/kernel/head_8xx.S linux-2.6.18/arch/ppc/kernel/misc.S linux-2.6.18/arch/ppc/kernel/head_44x.S linux-2.6.18/arch/ppc/kernel/entry.S linux-2.6.18/arch/ppc/kernel/ppc-stub.c linux-2.6.18/arch/ppc/kernel/head.S linux-2.6.18/arch/ppc/kernel/head_fsl_booke.S linux-2.6.18/arch/ppc/kernel/traps.c linux-2.6.18/arch/ppc/syslib/m8xx_setup.c linux-2.6.18/arch/ppc/xmon/xmon.c linux-2.6.18/arch/ppc/xmon/privinst.h linux-2.6.18/arch/ppc/boot/common/util.S linux-2.6.18/arch/ppc/boot/simple/rw4/rw4_init_brd.S linux-2.6.18/arch/ppc/boot/simple/misc-prep.c linux-2.6.18/arch/ppc/boot/simple/head.S linux-2.6.18/arch/ppc/platforms/ev64260.c linux-2.6.18/arch/ppc/platforms/spruce.c linux-2.6.18/arch/arm/kernel/setup.c linux-2.6.18/arch/arm/kernel/entry-armv.S linux-2.6.18/arch/arm/kernel/head-nommu.S linux-2.6.18/arch/arm/kernel/entry-common.S linux-2.6.18/arch/arm/kernel/head.S linux-2.6.18/arch/arm/kernel/fiq.c linux-2.6.18/arch/arm/kernel/crunch-bits.S linux-2.6.18/arch/arm/kernel/iwmmxt.S linux-2.6.18/arch/arm/mach-s3c2410/sleep.S linux-2.6.18/arch/arm/mach-sa1100/sleep.S linux-2.6.18/arch/arm/mach-pxa/sleep.S linux-2.6.18/arch/arm/boot/compressed/head-clps7500.S linux-2.6.18/arch/arm/boot/compressed/head.S linux-2.6.18/arch/arm/boot/compressed/head-shark.S linux-2.6.18/arch/arm/mm/proc-arm925.S linux-2.6.18/arch/arm/mm/proc-arm1020.S linux-2.6.18/arch/arm/mm/proc-xsc3.S linux-2.6.18/arch/arm/mm/proc-sa1100.S linux-2.6.18/arch/arm/mm/proc-arm920.S linux-2.6.18/arch/arm/mm/proc-arm1022.S linux-2.6.18/arch/arm/mm/proc-arm720.S linux-2.6.18/arch/arm/mm/proc-arm926.S linux-2.6.18/arch/arm/mm/proc-sa110.S linux-2.6.18/arch/arm/mm/proc-arm1026.S linux-2.6.18/arch/arm/mm/proc-arm922.S linux-2.6.18/arch/arm/mm/proc-arm6_7.S linux-2.6.18/arch/arm/mm/proc-xscale.S linux-2.6.18/arch/arm/mm/proc-arm1020e.S linux-2.6.18/arch/arm/lib/ecard.S linux-2.6.18/arch/powerpc/kernel/cpu_setup_6xx.S linux-2.6.18/arch/powerpc/kernel/head_booke.h linux-2.6.18/arch/powerpc/kernel/ptrace.c linux-2.6.18/arch/powerpc/kernel/head_4xx.S linux-2.6.18/arch/powerpc/kernel/ppc32.h linux-2.6.18/arch/powerpc/kernel/kprobes.c linux-2.6.18/arch/powerpc/kernel/misc_32.S linux-2.6.18/arch/powerpc/kernel/vdso32/sigtramp.S linux-2.6.18/arch/powerpc/kernel/swsusp_32.S linux-2.6.18/arch/powerpc/kernel/asm-offsets.c linux-2.6.18/arch/powerpc/kernel/cpu_setup_power4.S linux-2.6.18/arch/powerpc/kernel/ptrace-common.h linux-2.6.18/arch/powerpc/kernel/head_8xx.S linux-2.6.18/arch/powerpc/kernel/head_44x.S linux-2.6.18/arch/powerpc/kernel/signal_32.c linux-2.6.18/arch/powerpc/kernel/align.c linux-2.6.18/arch/powerpc/kernel/entry_32.S linux-2.6.18/arch/powerpc/kernel/process.c linux-2.6.18/arch/powerpc/kernel/head_64.S linux-2.6.18/arch/powerpc/kernel/sys_ppc32.c linux-2.6.18/arch/powerpc/kernel/entry_64.S linux-2.6.18/arch/powerpc/kernel/ptrace32.c linux-2.6.18/arch/powerpc/kernel/signal_64.c linux-2.6.18/arch/powerpc/kernel/udbg_16550.c linux-2.6.18/arch/powerpc/kernel/head_32.S linux-2.6.18/arch/powerpc/kernel/head_fsl_booke.S linux-2.6.18/arch/powerpc/kernel/l2cr_6xx.S linux-2.6.18/arch/powerpc/kernel/traps.c linux-2.6.18/arch/powerpc/kernel/vdso64/sigtramp.S linux-2.6.18/arch/powerpc/xmon/xmon.c linux-2.6.18/arch/powerpc/platforms/embedded6xx/mpc7448_hpc2.c linux-2.6.18/arch/powerpc/platforms/pseries/ras.c linux-2.6.18/arch/powerpc/platforms/powermac/cache.S linux-2.6.18/arch/powerpc/platforms/powermac/sleep.S linux-2.6.18/arch/powerpc/platforms/cell/pervasive.c linux-2.6.18/arch/powerpc/mm/fault.c linux-2.6.18/arch/powerpc/lib/sstep.c linux-2.6.18/arch/um/include/sysdep-ppc/ptrace.h linux-2.6.18/arch/mips/mips-boards/atlas/atlas_gdb.c linux-2.6.18/arch/mips/gt64120/ev64120/serialGT.c linux-2.6.18/arch/i386/mach-voyager/voyager_thread.c linux-2.6.18/arch/i386/kernel/msr.c linux-2.6.18/arch/i386/kernel/time.c linux-2.6.18/arch/i386/kernel/cpuid.c linux-2.6.18/arch/i386/kernel/microcode.c linux-2.6.18/arch/i386/kernel/sysenter.c linux-2.6.18/arch/i386/kernel/nmi.c linux-2.6.18/arch/i386/kernel/apic.c linux-2.6.18/arch/i386/kernel/cpu/transmeta.c linux-2.6.18/arch/i386/kernel/cpu/centaur.c linux-2.6.18/arch/i386/kernel/cpu/proc.c linux-2.6.18/arch/i386/kernel/cpu/intel.c linux-2.6.18/arch/i386/kernel/cpu/cpufreq/longrun.c linux-2.6.18/arch/i386/kernel/cpu/cpufreq/powernow-k8.c linux-2.6.18/arch/i386/kernel/cpu/cpufreq/p4-clockmod.c linux-2.6.18/arch/i386/kernel/cpu/cpufreq/elanfreq.c linux-2.6.18/arch/i386/kernel/cpu/cpufreq/longhaul.c linux-2.6.18/arch/i386/kernel/cpu/cpufreq/powernow-k8.h linux-2.6.18/arch/i386/kernel/cpu/cpufreq/sc520_freq.c linux-2.6.18/arch/i386/kernel/cpu/cpufreq/speedstep-lib.c linux-2.6.18/arch/i386/kernel/cpu/cpufreq/speedstep-centrino.c linux-2.6.18/arch/i386/kernel/cpu/cpufreq/powernow-k7.c linux-2.6.18/arch/i386/kernel/cpu/cpufreq/powernow-k6.c linux-2.6.18/arch/i386/kernel/cpu/mtrr/generic.c linux-2.6.18/arch/i386/kernel/cpu/mtrr/centaur.c linux-2.6.18/arch/i386/kernel/cpu/mtrr/state.c linux-2.6.18/arch/i386/kernel/cpu/mtrr/amd.c linux-2.6.18/arch/i386/kernel/cpu/mtrr/main.c linux-2.6.18/arch/i386/kernel/cpu/mtrr/cyrix.c linux-2.6.18/arch/i386/kernel/cpu/mcheck/p4.c linux-2.6.18/arch/i386/kernel/cpu/mcheck/non-fatal.c linux-2.6.18/arch/i386/kernel/cpu/mcheck/p5.c linux-2.6.18/arch/i386/kernel/cpu/mcheck/k7.c linux-2.6.18/arch/i386/kernel/cpu/mcheck/winchip.c linux-2.6.18/arch/i386/kernel/cpu/mcheck/p6.c linux-2.6.18/arch/i386/kernel/cpu/common.c linux-2.6.18/arch/i386/kernel/cpu/amd.c linux-2.6.18/arch/i386/kernel/Makefile linux-2.6.18/arch/i386/oprofile/op_model_athlon.c linux-2.6.18/arch/i386/oprofile/op_x86_model.h linux-2.6.18/arch/i386/oprofile/op_model_ppro.c linux-2.6.18/arch/i386/oprofile/nmi_int.c linux-2.6.18/arch/i386/oprofile/op_model_p4.c linux-2.6.18/arch/i386/Kconfig linux-2.6.18/arch/x86_64/kernel/mce_amd.c linux-2.6.18/arch/x86_64/kernel/setup.c linux-2.6.18/arch/x86_64/kernel/mce.c linux-2.6.18/arch/x86_64/kernel/acpi/wakeup.S linux-2.6.18/arch/x86_64/kernel/mce_intel.c linux-2.6.18/arch/x86_64/kernel/entry.S linux-2.6.18/arch/x86_64/kernel/nmi.c linux-2.6.18/arch/x86_64/kernel/head.S linux-2.6.18/arch/x86_64/kernel/early_printk.c linux-2.6.18/arch/x86_64/kernel/pmtimer.c linux-2.6.18/arch/x86_64/kernel/Makefile linux-2.6.18/arch/x86_64/Kconfig linux-2.6.18/arch/x86_64/lib/delay.c linux-2.6.18/Documentation/devices.txt linux-2.6.18/drivers/net/82596.c linux-2.6.18/drivers/net/tokenring/smctr.h linux-2.6.18/drivers/net/tokenring/smctr.c linux-2.6.18/drivers/net/hamradio/yam.c linux-2.6.18/drivers/net/hamradio/baycom_epp.c linux-2.6.18/drivers/net/hamradio/baycom_ser_hdx.c linux-2.6.18/drivers/net/hamradio/baycom_ser_fdx.c linux-2.6.18/drivers/net/wireless/atmel.c linux-2.6.18/drivers/char/hw_random/via-rng.c linux-2.6.18/drivers/char/mxser.c linux-2.6.18/drivers/char/ip2/i2lib.c linux-2.6.18/drivers/char/ip2/i2cmd.h linux-2.6.18/drivers/char/ftape/lowlevel/fdc-io.c linux-2.6.18/drivers/char/ftape/lowlevel/ftape-calibr.c linux-2.6.18/drivers/char/ftape/lowlevel/fdc-io.h linux-2.6.18/drivers/char/ftape/lowlevel/fdc-isr.c linux-2.6.18/drivers/char/ec3104_keyb.c linux-2.6.18/drivers/char/ChangeLog linux-2.6.18/drivers/isdn/i4l/isdn_tty.c linux-2.6.18/drivers/isdn/hisax/elsa_ser.c linux-2.6.18/drivers/bluetooth/dtl1_cs.c linux-2.6.18/drivers/mtd/nand/cs553x_nand.c linux-2.6.18/drivers/macintosh/via-pmu68k.c linux-2.6.18/drivers/usb/net/rtl8150.c linux-2.6.18/drivers/usb/serial/io_edgeport.c linux-2.6.18/drivers/usb/serial/io_ti.c linux-2.6.18/drivers/usb/serial/ChangeLog.history linux-2.6.18/drivers/usb/serial/ti_usb_3410_5052.c linux-2.6.18/drivers/usb/serial/io_16654.h linux-2.6.18/drivers/usb/serial/mct_u232.c linux-2.6.18/drivers/usb/serial/io_ionsp.h linux-2.6.18/drivers/usb/serial/io_ti.h linux-2.6.18/drivers/usb/serial/whiteheat.h linux-2.6.18/drivers/usb/serial/mct_u232.h linux-2.6.18/drivers/usb/serial/keyspan_usa90msg.h linux-2.6.18/drivers/video/cg14.c linux-2.6.18/drivers/video/i810/i810_gtf.c linux-2.6.18/drivers/video/i810/i810_dvt.c linux-2.6.18/drivers/video/i810/i810.h linux-2.6.18/drivers/video/i810/i810_main.c linux-2.6.18/drivers/video/geode/video_gx.c linux-2.6.18/drivers/serial/vr41xx_siu.c linux-2.6.18/drivers/serial/8250.h linux-2.6.18/drivers/serial/jsm/jsm.h linux-2.6.18/drivers/serial/jsm/jsm_neo.c linux-2.6.18/drivers/serial/8250.c linux-2.6.18/include/asm-x86_64/bugs.h linux-2.6.18/include/asm-x86_64/cpufeature.h linux-2.6.18/include/asm-x86_64/Kbuild linux-2.6.18/include/asm-x86_64/processor.h linux-2.6.18/include/asm-x86_64/msr.h linux-2.6.18/include/asm-x86_64/timex.h linux-2.6.18/include/asm-m68k/bvme6000hw.h linux-2.6.18/include/linux/isdn.h linux-2.6.18/include/asm-xtensa/xtensa/xt2000-uart.h linux-2.6.18/include/asm-arm/locks.h linux-2.6.18/include/asm-arm/assembler.h linux-2.6.18/include/asm-arm/system.h linux-2.6.18/include/asm-frv/spr-regs.h linux-2.6.18/include/asm-frv/registers.h linux-2.6.18/include/asm-sh/se/smc37c93x.h linux-2.6.18/include/asm-sh/mpc1211/m1543c.h linux-2.6.18/include/asm-powerpc/hw_irq.h linux-2.6.18/include/asm-powerpc/ptrace.h linux-2.6.18/include/asm-powerpc/reg.h linux-2.6.18/include/asm-powerpc/hvcall.h linux-2.6.18/include/asm-powerpc/paca.h linux-2.6.18/include/asm-powerpc/elf.h linux-2.6.18/include/asm-mips/mips-boards/saa9730_uart.h linux-2.6.18/include/asm-i386/bugs.h linux-2.6.18/include/asm-i386/cpufeature.h linux-2.6.18/include/asm-i386/processor.h linux-2.6.18/include/asm-i386/msr.h linux-2.6.18/include/asm-i386/hpet.h linux-2.6.18/include/asm-sparc64/floppy.h linux-2.6.18/include/asm-ppc/reg_booke.h linux-2.6.18/include/asm-um/elf-ppc.h linux-2.6.18/ipc/msg.c linux-2.6.18/MAINTAINERS ```

[Meriipu]

Does not extract for me either. LZ4 compressed kernel.

[speed47]

@Meriipu I don't have an LZ4 compressed kernel at hand, would it be possible to upload your kernel image somewhere? My decompression code is based on Linus' extract-vmlinux script, but it hasn't been updated recently, so LZ4 probably didn't exist yet.

[Meriipu]

@speed47 [removed: was url to LZ4 kernel image]

[speed47]

@dbosanzio I used the LXR tool to quickly search for "msr" in 2.6.18 which returned no results, but it turns out there would have been, as per your message. I'll look into it, maybe the exposed "msr" file is in a different path under this version @Meriipu thanks, working on that

[arecki-biker]

For now for LZ4 compressed kernel I'm making the following modifications:

diff -c spectre-meltdown-checker.sh spectre-meltdown-checker_lz4.sh 
*** spectre-meltdown-checker.sh 2018-01-10 18:08:15.468346611 +0100
--- spectre-meltdown-checker_lz4.sh 2018-01-10 18:22:11.609732153 +0100
***************
*** 8,14 ****
  #
  # Stephane Lesimple
  #
! VERSION=0.23

  # Script configuration
  show_usage()
--- 8,14 ----
  #
  # Stephane Lesimple
  #
! VERSION=0.23 mod_lz4_arecki

  # Script configuration
  show_usage()
***************
*** 376,382 ****
    # Try to find the header ($1) and decompress from here
    for     pos in `tr "$1\n$2" "\n$2=" < "$5" | grep -abo "^$2"`
    do
!       if ! which $3 >/dev/null 2>&1; then
            vmlinux_err="missing '$3' tool, please install it, usually it's in the '$4' package"
            return 0
        fi
--- 376,382 ----
    # Try to find the header ($1) and decompress from here
    for     pos in `tr "$1\n$2" "\n$2=" < "$5" | grep -abo "^$2"`
    do
!       if ! which $4 >/dev/null 2>&1; then
            vmlinux_err="missing '$3' tool, please install it, usually it's in the '$4' package"
            return 0
        fi
***************
*** 403,412 ****

    # That didn't work, so retry after decompression.
    try_decompress '\037\213\010' xy    gunzip     gunzip   "$1" && return 0
!   try_decompress '\3757zXZ\000' abcde unxz       xz-utils "$1" && return 0
    try_decompress 'BZh'          xy    bunzip2    bzip2    "$1" && return 0
!   try_decompress '\135\0\0\0'   xxx   unlzma     xz-utils "$1" && return 0
    try_decompress '\211\114\132' xy    'lzop -d'  lzop "$1" && return 0
    return 1
  }

--- 403,413 ----

    # That didn't work, so retry after decompression.
    try_decompress '\037\213\010' xy    gunzip     gunzip   "$1" && return 0
!   try_decompress '\3757zXZ\000' abcde unxz       unxz "$1" && return 0
    try_decompress 'BZh'          xy    bunzip2    bzip2    "$1" && return 0
!   try_decompress '\135\0\0\0'   xxx   unlzma     unlzma   "$1" && return 0
    try_decompress '\211\114\132' xy    'lzop -d'  lzop "$1" && return 0
+   try_decompress '\002\041\114\030' xyy 'lz4 -d -l' lz4   "$1" && return 0
    return 1
  }

[speed47]

I actually just pushed a new version supporting lz4! Can you try it ?

[arecki-biker]

It's freezing for a while, like after my modifications, but it works. Tested on liquorix kernel.

[speed47]

if it seems to be freezing while checking variant 1, it's normal, that's the most expensive test : we need to disassemble the kernel image to get the count of lfence opcodes.

[arecki-biker]

Yes, it's freezing on variant1. I do not notice such behavior on Debian kernels.

[Meriipu]

Seems to work now for me. Thanks.

[arecki-biker]

Thank you too for modifying this cool script.

[speed47]

Good to know it works! :)

@dbosanzio I've booted a livecd of a CentOS 5 (which is more or less like your rhel5), and I can see that the /dev/cpu/0/msr does exist there.

Did you run the script as root? If yes, can you check if the file is there ? By running find /dev/cpu and pasting the results here?

[dbosanzio]

find /dev/cpu find: /dev/cpu: No such file or directory find . | grep -i cpu ./cpu_dma_latency

find . | grep -i msr

Is not present.

[speed47]

Could you try the following command?

modprobe cpuid
dd if=/dev/cpu/0/cpuid bs=16 skip=7 iflag=skip_bytes count=1 2>/dev/null | od -x

This would be another way to detect the microcode update without needing to try to read the MSR

[speed47]

Could you run the current version of the script (v0.31 or newer) in verbose mode ? (with -v -v)

[speed47]

Closing, as the script evolved a lot since this report. Feel free to reopen if the problematic behaviour can still be reproduced with the latest versions. Thanks!