539655
#! /bin/bash -eu
539655
539655
# Maintain kernel-version-specific symlinks in /lib/firmware based on
539655
# configuration present in /usr/share/microcode_ctl/ucode_with_caveats.
539655
#
539655
# SPDX-License-Identifier: CC0-1.0
539655
819a7b
export LC_ALL=C
819a7b
539655
usage()
539655
{
4eb1a6
	echo "Usage: update_ucode [--action {add|remove|refresh|list}]" \
539655
	     "[--kernel KERNELVER]* [--verbose] [--dry-run]" \
4eb1a6
	     "[--cleanup intel_ucode caveats_ucode]" \
4eb1a6
	     "[--skip-common] [--skip-kernel-specific]" >&2
539655
}
539655
539655
debug() { [ 0 = "$verbose" ] || echo "$*" >&2; }
539655
819a7b
# Calls find only if the first argument exists and is a directory.
819a7b
# Avoids spurious "find: '...' No such file or directory" for the directories
819a7b
# that may not exist.
819a7b
find_d() { [ \! -d "$1" ] || find "$@"; }
819a7b
539655
MC_DIR=/usr/share/microcode_ctl
539655
INTEL_UCODE_DIR=intel-ucode
539655
DATA_DIR=/usr/share/microcode_ctl/ucode_with_caveats
539655
FW_DIR=/lib/firmware
539655
check_caveats=/usr/libexec/microcode_ctl/check_caveats
539655
539655
action=refresh
539655
kernel=
539655
verbose=0
539655
verbose_opt=
539655
dry_run=0
539655
remove_cleanup=0
539655
cleanup_intel=
539655
cleanup_caveats=
4eb1a6
skip_common=0
4eb1a6
skip_caveats=0
539655
539655
while [ 1 -le "$#" ]; do
539655
	case "$1" in
4eb1a6
	-C|--skip-common)
4eb1a6
		skip_common=1
4eb1a6
		;;
4eb1a6
	-K|--skip-kernel-specific)
4eb1a6
		skip_caveats=1
4eb1a6
		;;
539655
	-a|--action)
539655
		shift
539655
		action="$1"
539655
		;;
539655
	-k|--kernel)
539655
		shift
539655
		kernel="$kernel $1"
539655
		;;
539655
	-v|--verbose)
539655
		verbose=1
539655
		verbose_opt="-v"
539655
		;;
539655
	-n|--dry-run)
539655
		dry_run=1
539655
		;;
539655
	-c|--cleanup)
539655
		remove_cleanup=1
539655
		shift
539655
		cleanup_intel="$1"
539655
		shift
539655
		cleanup_caveats="$1"
539655
		;;
539655
	*)
539655
		echo "Unknown argument \"$1\"" >&2
539655
		usage
539655
		exit 1
539655
	esac
539655
	shift
539655
done
539655
539655
cmd=
539655
[ 0 -eq "$dry_run" ] || cmd=echo
539655
539655
case "$action" in
4eb1a6
add|remove|refresh|list)
539655
	# Scan all directories in FW_DIR and all existing kernels
539655
	if [ -z "$kernel" ]; then
539655
		debug "No kernel versions provided, scanning..."
539655
819a7b
		kvers=$(find_d /lib/modules/ -name '[2-9].*' -print)
539655
		for k_dir in $kvers; do
539655
			k="${k_dir#/lib/modules/}"
539655
			[ ! -e "/boot/symvers-$k.gz" ] || {
539655
				debug "  Adding $k (from /lib/modules)"
539655
				kernel="$kernel $k"
539655
			}
539655
		done
539655
819a7b
		kvers=$(find_d /lib/firmware/ -name '[2-9].*' -print)
539655
		for k_dir in $kvers; do
539655
			k="${k_dir#/lib/firmware/}"
539655
			[ ! -d "$k_dir" ] || {
539655
				debug "  Adding $k (from /lib/firmware)"
539655
				kernel="$kernel $k"
539655
			}
539655
		done
4eb1a6
4eb1a6
		kernel=$(printf "%s" "$kernel" | xargs -n 1 | sort -u)
539655
	fi
539655
	;;
539655
*)
539655
	echo "Unknown action \"$action\"" >&2
539655
	usage
539655
	exit 1
539655
	;;
539655
esac
539655
539655
# Generic part: managing intel ucode
539655
debug "Running action \"$action\" on common Intel microcode directory"
539655
while :; do
4eb1a6
	[ 0 -eq "$skip_common" ] || break
4eb1a6
539655
	[ ! -e "/etc/microcode_ctl/intel-ucode-disallow" ] || {
539655
		debug "  Skipping \"$i\":" \
539655
		      "\"/etc/microcode_ctl/intel-ucode-disallow\"" \
539655
		      "present"
539655
		break
539655
	}
539655
	[ ! -e "$FW_DIR/intel-ucode-disallow" ] || {
539655
		debug "  Found \"$FW_DIR/intel-ucode-disallow\"," \
539655
		      "skipping"
539655
		break
539655
	}
539655
539655
	# Removing old files
539655
	case "$action" in
4eb1a6
	refresh|remove|list)
4eb1a6
		debug "  Removing old files from ${FW_DIR}/${INTEL_UCODE_DIR}"
539655
		if [ 0 = "$remove_cleanup" ]; then
819a7b
			find_d "${MC_DIR}/${INTEL_UCODE_DIR}" \
539655
				-maxdepth 1 -mindepth 1 \
539655
				-type f -printf '%f\n'
539655
		else
539655
			cat "$cleanup_intel"
539655
		fi | while read -r fname; do
539655
			name="${FW_DIR}/${INTEL_UCODE_DIR}/${fname}"
539655
539655
			# Needed in case we downgrade to a version where
539655
			# no symlinks in /lib/firmware were used
539655
			if [ 1 = "$remove_cleanup" ]; then
539655
				[ -L "$name" ] || continue
539655
			fi
539655
4eb1a6
			[ "xlist" != "x$action" ] || {
4eb1a6
				echo "$name"
4eb1a6
				continue
4eb1a6
			}
4eb1a6
539655
			$cmd rm -f $verbose_opt "$name"
539655
		done
4eb1a6
		[ "xlist" = "x$action" ] || {
819a7b
			# Removing possible dangling symlinks
819a7b
			find_d "${FW_DIR}/${INTEL_UCODE_DIR}" \
819a7b
				-maxdepth 1 -mindepth 1 \
819a7b
				-type l -printf '%p\n' \
819a7b
			| while read -r fname; do
819a7b
				[ -e "$fname" ] || {
819a7b
					debug "    Removing danging symlink \"$fname\""
819a7b
					$cmd rm -f $verbose_opt "$fname"
819a7b
				}
819a7b
			done
819a7b
4eb1a6
			$cmd rmdir -p $verbose_opt \
4eb1a6
				"${FW_DIR}/${INTEL_UCODE_DIR}" 2>/dev/null \
4eb1a6
				|| true
4eb1a6
		}
539655
		;;
539655
	esac
539655
539655
	# Adding new ones
539655
	case "$action" in
539655
	add|refresh)
4eb1a6
		debug "  Creating symlinks in ${FW_DIR}/${INTEL_UCODE_DIR}"
539655
		$cmd mkdir -p $verbose_opt "${FW_DIR}/${INTEL_UCODE_DIR}"
539655
		$cmd find "${MC_DIR}/${INTEL_UCODE_DIR}" -maxdepth 1 -mindepth 1 \
742279
			-type f -exec bash -c 'ln -fs '"$verbose_opt"' '\''{}'\'' \
539655
				"'"${FW_DIR}/${INTEL_UCODE_DIR}/"'$(basename '\''{}'\'')"' \;
539655
		;;
539655
	esac
539655
539655
	break
539655
done
539655
539655
debug "Running action \"$action\" on kernels $kernel"
539655
539655
if [ 0 = "$remove_cleanup" ]; then
539655
	ls "$DATA_DIR"
539655
else
539655
	cat "$cleanup_caveats"
539655
fi | while read -r i; do
4eb1a6
	[ 0 -eq "$skip_caveats" ] || break
4eb1a6
539655
	debug "Processing data directory \"$i\"..."
539655
539655
	for k in $(echo "$kernel"); do
539655
		debug "    Processing kernel version \"$k\""
4eb1a6
		{
4eb1a6
			out=$($check_caveats -k "$k" -c "$i" $verbose_opt)
4eb1a6
			ret="$?"
4eb1a6
		} || :
4eb1a6
		paths=$(printf "%s" "$out" | sed -n 's/^paths //p')
4eb1a6
		ignore=$(printf "%s" "$out" | sed -n 's/^skip_cfgs //p')
4eb1a6
4eb1a6
		[ -z "$ignore" ] || {
4eb1a6
			debug "      Configuration is ignored, skipping"
539655
			continue
539655
		}
539655
539655
		case "$action" in
4eb1a6
		remove|refresh|list)
4eb1a6
			[ "xlist" = "x$action" ] || \
4eb1a6
				debug "    Removing \"$paths\" (part of $action)..."
539655
4eb1a6
			for p in $(printf "%s" "$paths"); do
819a7b
				find_d "$DATA_DIR/$i" -path "$DATA_DIR/$i/$p" \
4eb1a6
					-printf "%P\n"
4eb1a6
			done | while read -r path; do
4eb1a6
				[ -e "$FW_DIR/$k/readme-$i" ] || {
4eb1a6
					debug "      \"$FW_DIR/$k/readme-$i\"" \
4eb1a6
					      "is not found, skipping" \
4eb1a6
					      "\"$paths\" removal"
4eb1a6
4eb1a6
					break
539655
				}
4eb1a6
4eb1a6
				if [ "xlist" = "x$action" ]; then
4eb1a6
					echo "$FW_DIR/$k/$path"
4eb1a6
				else
4eb1a6
					debug "      Removing \"$FW_DIR/$k/$path\""
4eb1a6
					$cmd rm -f $verbose_opt "$FW_DIR/$k/$path"
4eb1a6
					$cmd rmdir -p $verbose_opt \
4eb1a6
						"$FW_DIR/$k/$(dirname $path)" 2>/dev/null \
4eb1a6
						|| true
4eb1a6
				fi
4eb1a6
			done
4eb1a6
819a7b
4eb1a6
			if [ -e "$FW_DIR/$k/readme-$i" ]; then
4eb1a6
				if [ "xlist" = "x$action" ]; then
4eb1a6
					echo "$FW_DIR/$k/readme-$i"
4eb1a6
				else
4eb1a6
					$cmd rm -f $verbose_opt \
4eb1a6
						"$FW_DIR/$k/readme-$i"
4eb1a6
					$cmd rmdir -p $verbose_opt \
4eb1a6
						"$FW_DIR/$k" 2>/dev/null || true
4eb1a6
				fi
539655
			fi
539655
			;;
539655
		esac
539655
4eb1a6
		[ 0 -eq "$ret" ] || {
4eb1a6
			debug "    Checking for caveats failed" \
4eb1a6
			      "(kernel version \"$k\"), skipping"
4eb1a6
			continue
4eb1a6
		}
4eb1a6
4eb1a6
		[ -n "$paths" ] || {
4eb1a6
			debug "    List of paths to add is empty, skipping"
4eb1a6
			continue
4eb1a6
		}
4eb1a6
539655
		case "$action" in
539655
		add|refresh)
4eb1a6
			debug "    Adding $paths (part of $action)..."
539655
539655
			[ -e "/boot/symvers-$k.gz" ] || {
539655
				debug "      \"/boot/symvers-$k.gz\"" \
539655
				      "does not exist, skipping"
539655
				continue
539655
			}
539655
4eb1a6
			for p in $(printf "%s" "$paths"); do
819a7b
				find_d "$DATA_DIR/$i" -path "$DATA_DIR/$i/$p" \
4eb1a6
					-printf "%P\n"
4eb1a6
			done | while read -r path; do
4eb1a6
				[ ! -e "$FW_DIR/$k/$path" ] || {
4eb1a6
					debug "      $FW_DIR/$k/$path already" \
4eb1a6
					      "exists, skipping"
4eb1a6
					continue
4eb1a6
				}
4eb1a6
4eb1a6
				debug "      Adding \"$FW_DIR/$k/$path\""
4eb1a6
				$cmd mkdir -p $verbose_opt \
4eb1a6
					"$(dirname "$FW_DIR/$k/$path")"
742279
				$cmd ln -fs $verbose_opt "$DATA_DIR/$i/$path" \
4eb1a6
					"$FW_DIR/$k/$path"
4eb1a6
			done
539655
4eb1a6
			if [ -e "$FW_DIR/$k/readme-$i" ]; then
4eb1a6
				debug "        $FW_DIR/$k/readme-$i already" \
4eb1a6
				      "exists, skipping creation"
4eb1a6
			else
4eb1a6
				$cmd cp $verbose_opt "$DATA_DIR/$i/readme" \
4eb1a6
					"$FW_DIR/$k/readme-$i"
4eb1a6
			fi
539655
			;;
539655
		remove)
539655
		esac
539655
	done
539655
done
819a7b
819a7b
# Removing possible dangling symlinks in kernel-specific directories
819a7b
debug "Checking for dangling symlinks..."
819a7b
for k in $(echo "$kernel"); do
819a7b
	debug "  Processing kernel version \"$k\""
819a7b
	find_d "${FW_DIR}/${k}" \
819a7b
		-mindepth 1 -type l -printf '%p\n' \
819a7b
	| while read -r fname; do
819a7b
		[ -e "$fname" ] || {
819a7b
			debug "    Removing danging symlink \"$fname\""
819a7b
			$cmd rm -f $verbose_opt "$fname"
819a7b
		}
819a7b
	done
819a7b
done