#! /bin/bash -eu
# Script for checking various microcode caveats
#
#
# SPDX-License-Identifier: CC0-1.0
: ${MC_CAVEATS_DATA_DIR=/usr/share/microcode_ctl/ucode_with_caveats}
usage() {
echo 'Usage: check_caveats [-k TARGET_KVER] [-c CONFIG] [-m] [-v]'
echo
echo ' -k - target version to check against, $(uname -r) is used'
echo ' otherwise'
echo ' -c - caveat config(s) to check, all configs are checked'
echo ' otherwise'
echo ' -m - check that caveats actually apply to the current model'
echo ' -v - verbose output'
echo
echo 'Environment:'
echo ' MC_CAVEATS_DATA_DIR - directory that contains caveats'
echo ' configuration data'
}
debug() { [ 0 = "$verbose" ] || echo "$*" >&2; }
# A simplified RPM version comparison that takes into account knowledge about
# Y- and Z-streams (so it compares versions inside Y-stram or Z-stream if
# the version against which comparison is performed has appropriate versioning
# scheme).
#
# $1 - kernel version to check
# $* - list of kernel versions to check against
check_kver()
{
local t_major= t_minor= t_patch= t_y= t_z1= t_z2= t_rest=
local m_major= m_minor= m_patch= m_y= m_z1= m_z2= m_rest=
local cmp_type=
# IFS=.- read -r t_major t_minor t_patch t_y t_z1 t_z2 t_rest <<<"$1"
# "cannot create temp file for here-document: Read-only file system"
# that's why we can't have nice things.
t_major=${1%%[.-]*}
t_rest=${1#${t_major}}
t_rest=${t_rest#[.-]}
t_minor=${t_rest%%[.-]*}
t_rest=${t_rest#${t_minor}}
t_rest=${t_rest#[.-]}
t_patch=${t_rest%%[.-]*}
t_rest=${t_rest#${t_patch}}
t_rest=${t_rest#[.-]}
t_y=${t_rest%%[.-]*}
t_rest=${t_rest#${t_y}}
t_rest=${t_rest#[.-]}
t_z1=${t_rest%%[.-]*}
t_rest=${t_rest#${t_z1}}
t_rest=${t_rest#[.-]}
t_z2=${t_rest%%[.-]*}
# minor/major/patch/y should be numeric
[ -n "${t_major##*[!0-9]*}" ] || return 1
[ -n "${t_minor##*[!0-9]*}" ] || return 1
[ -n "${t_patch##*[!0-9]*}" ] || return 1
[ -n "${t_y##*[!0-9]*}" ] || return 1
# reset z1/z2 to zero if non-numeric
[ -n "${t_z1##*[!0-9]*}" ] || t_z1=0
[ -n "${t_z2##*[!0-9]*}" ] || t_z2=0
while [ 1 -lt "$#" ]; do
cmp_type=upstream
shift
m_major=${1%%[.-]*}
m_rest=${1#${m_major}}
m_rest=${m_rest#[.-]}
m_minor=${m_rest%%[.-]*}
m_rest=${m_rest#${m_minor}}
m_rest=${m_rest#[.-]}
m_patch=${m_rest%%[.-]*}
m_rest=${m_rest#${m_patch}}
m_rest=${m_rest#[.-]}
m_y=${m_rest%%[.-]*}
m_rest=${m_rest#${m_y}}
m_rest=${m_rest#[.-]}
m_z1=${m_rest%%[.-]*}
m_rest=${m_rest#${m_z1}}
m_rest=${m_rest#[.-]}
m_z2=${m_rest%%[.-]*}
# minor/major/patch should be numeric
[ -n "${m_major##*[!0-9]*}" ] || continue
[ -n "${m_minor##*[!0-9]*}" ] || continue
[ -n "${m_patch##*[!0-9]*}" ] || continue
# reset z1/z2 to zero if non-numeric
[ -n "${m_y##*[!0-9]*}" ] && cmp_type=y || m_y=0
[ -n "${m_z1##*[!0-9]*}" ] && cmp_type=z || m_z1=0
[ -n "${m_z2##*[!0-9]*}" ] && cmp_type=z || m_z2=0
# Comparing versions
case "$cmp_type" in
upstream)
[ "$t_major" -ge "$m_major" ] || continue
[ "$t_minor" -ge "$m_minor" ] || continue
[ "$t_patch" -ge "$m_patch" ] || continue
return 0
;;
y)
[ "$t_major" -eq "$m_major" ] || continue
[ "$t_minor" -eq "$m_minor" ] || continue
[ "$t_patch" -eq "$m_patch" ] || continue
[ "$t_y" -ge "$m_y" ] || continue
return 0
;;
z)
[ "$t_major" -eq "$m_major" ] || continue
[ "$t_minor" -eq "$m_minor" ] || continue
[ "$t_patch" -eq "$m_patch" ] || continue
[ "$t_y" -eq "$m_y" ] || continue
[ "$t_z1" -ge "$m_z1" ] || continue
[ "$t_z2" -ge "$m_z2" ] || continue
return 0
;;
esac
done
return 1
}
# Provides model in format "VENDOR_ID FAMILY-MODEL-STEPPING"
#
# We check only the first processor as we don't expect non-symmetrical setups
# with CPUs with caveats
get_model_string()
{
/usr/bin/printf "%s %02x-%02x-%02x" \
$(/bin/sed -rn '1,/^$/{
s/^vendor_id[[:space:]]*: (.*)$/\1/p;
s/^cpu family[[:space:]]*: (.*)$/\1/p;
s/^model[[:space:]]*: (.*)$/\1/p;
s/^stepping[[:space:]]*: (.*)$/\1/p;
}' /proc/cpuinfo)
}
get_model_name()
{
/bin/sed -rn '1,/^$/s/^model name[[:space:]]*: (.*)$/\1/p' /proc/cpuinfo
}
#check_kver "$@"
#get_model_name
match_model=0
configs=
kver=$(/bin/uname -r)
verbose=0
while getopts "k:c:mv" opt; do
case "${opt}" in
k)
kver="$OPTARG"
;;
c)
configs="$configs $OPTARG"
;;
m)
match_model=1
;;
v)
verbose=1
;;
*)
usage
exit 1;
;;
esac
done
: ${configs:=$(find "${MC_CAVEATS_DATA_DIR}" -maxdepth 1 -mindepth 1 -type d -printf "%f\n")}
cpu_model=$(get_model_string)
cpu_model_name=$(get_model_name)
for cfg in $(echo "${configs}"); do
dir="$MC_CAVEATS_DATA_DIR/$cfg"
[ -r "${dir}/config" ] || {
debug "File 'config' in ${dir} is not found, skipping"
continue
}
cfg_model=
cfg_path=
cfg_kvers=
cfg_blacklist=
while read -r key value; do
case "$key" in
model)
cfg_model="$value"
;;
path)
cfg_path="$cfg_path $value"
;;
kernel)
cfg_kvers="$cfg_kvers $value"
;;
blacklist)
cfg_blacklist=1
break
;;
esac
done < "${dir}/config"
[ -z "${cfg_blacklist}" ] || \
cfg_blacklist=$(/bin/sed -n '/^blacklist$/,$p' "${dir}/config" |
/usr/bin/tail -n +2)
debug "${cfg}: model '$cfg_model', path '$cfg_path', kvers '$cfg_kvers'"
debug "${cfg}: blacklist '$cfg_blacklist'"
if [ -n "$cfg_model" ]; then
[ 0 -eq "$match_model" ] || {
[ "x$cpu_model" = "x$cfg_model" ] || {
debug "Current CPU model '$cpu_model' doesn't" \
"match config CPU model '$cfg_model'," \
"skipping"
continue
}
}
fi
if [ -n "$cfg_kvers" ]; then
check_kver "$kver" $cfg_kvers || {
debug "${cfg}: kernel version check for '$kver'" \
"against '$cfg_kvers' failed"
exit 1
}
fi
if [ -n "$cfg_blacklist" ]; then
echo "$cfg_blacklist" | /bin/grep -vqFx "${cpu_model_name}" || {
debug "${cfg}: model '${cpu_model_name}' is blacklisted"
exit 1
}
fi
#printf "%s " "$cfg"
#[ 0 -eq "$match_model" ] || printf "%s " "$cpu_model"
echo $cfg_path
done
exit 0