From 04d5905f0e2fda3d4322d1b7a5d61075fb4446db Mon Sep 17 00:00:00 2001
From: Eugene Syromiatnikov <esyr@redhat.com>
Date: Tue, 6 Jun 2023 23:28:12 +0200
Subject: [PATCH] update_ucode: cleanup dangling symlinks during update

Microcode is not supposed to be removed during updates,
so there are several possible code paths/situations when
it is possible that symlinks are not completely cleaned up;
as a result, when such a case occurs (for example, when
there is a microcode, that is not supposed to be OS-loadable
in the first place, added end then removed) a dangling symlinks
may appear during updates;  the most straightforward way to deal
with it, it seems, is to just treat the microcode directories
as being owned by the package (which they de-facto are) and simply
cleanup all the dangling symlinks during an update.

* update_ucode: Remove all the dangling symlinks at the end of common
microcode removal phase;  remove all the dangling symlinks in the
kernel-specific directories at the end of the update process.
* microcode_ctl.spec (Release): Bump to 2.
(%changelog): Add an entry.

Resolves: #2213022
Signed-off-by: Eugene Syromiatnikov <esyr@redhat.com>
---
 microcode_ctl.spec |  5 ++++-
 update_ucode       | 26 ++++++++++++++++++++++++++
 2 files changed, 30 insertions(+), 1 deletion(-)

diff --git a/microcode_ctl.spec b/microcode_ctl.spec
index bffe0ce..7447b15 100644
--- a/microcode_ctl.spec
+++ b/microcode_ctl.spec
@@ -12,7 +12,7 @@
 Summary:        CPU microcode updates for Intel x86 processors
 Name:           microcode_ctl
 Version:        %{intel_ucode_version}
-Release:        1%{?dist}
+Release:        2%{?dist}
 Epoch:          4
 License:        CC0 and Redistributable, no modification permitted
 URL:            https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files
@@ -545,6 +545,9 @@ rm -rf %{buildroot}
 
 
 %changelog
+* Tue Jun 06 2023 Eugene Syromiatnikov <esyr@redhat.com> - 4:20230214-2
+- Cleanup the dangling symlinks in update_ucode (#2213022).
+
 * Wed Feb 15 2023 Eugene Syromiatnikov <esyr@redhat.com> - 4:20230214-1
 - Update Intel CPU microcode to microcode-20230214 release, addresses
   CVE-2022-21216, CVE-2022-33196, CVE-2022-33972, CVE-2022-38090 (#2171237,
diff --git a/update_ucode b/update_ucode
index 0d5038e..57705e0 100644
--- a/update_ucode
+++ b/update_ucode
@@ -151,6 +151,17 @@ while :; do
 			$cmd rm -f $verbose_opt "$name"
 		done
 		[ "xlist" = "x$action" ] || {
+			# Removing possible dangling symlinks
+			find "${FW_DIR}/${INTEL_UCODE_DIR}" \
+				-maxdepth 1 -mindepth 1 \
+				-type l -printf '%p\n' \
+			| while read -r fname; do
+				[ -e "$fname" ] || {
+					debug "    Removing danging symlink \"$fname\""
+					$cmd rm -f $verbose_opt "$fname"
+				}
+			done
+
 			$cmd rmdir -p $verbose_opt \
 				"${FW_DIR}/${INTEL_UCODE_DIR}" 2>/dev/null \
 				|| true
@@ -225,6 +236,7 @@ fi | while read -r i; do
 				fi
 			done
 
+
 			if [ -e "$FW_DIR/$k/readme-$i" ]; then
 				if [ "xlist" = "x$action" ]; then
 					echo "$FW_DIR/$k/readme-$i"
@@ -288,3 +300,17 @@ fi | while read -r i; do
 		esac
 	done
 done
+
+# Removing possible dangling symlinks in kernel-specific directories
+debug "Checking for dangling symlinks..."
+for k in $(echo "$kernel"); do
+	debug "  Processing kernel version \"$k\""
+	find "${FW_DIR}/${k}" \
+		-mindepth 1 -type l -printf '%p\n' \
+	| while read -r fname; do
+		[ -e "$fname" ] || {
+			debug "    Removing danging symlink \"$fname\""
+			$cmd rm -f $verbose_opt "$fname"
+		}
+	done
+done