update_ucode: cleanup dangling symlinks during update

Microcode is not supposed to be removed during updates,
so there are several possible code paths/situations when
it is possible that symlinks are not completely cleaned up;
as a result, when such a case occurs (for example, when
there is a microcode, that is not supposed to be OS-loadable
in the first place, added end then removed) a dangling symlinks
may appear during updates;  the most straightforward way to deal
with it, it seems, is to just treat the microcode directories
as being owned by the package (which they de-facto are) and simply
cleanup all the dangling symlinks during an update.

* update_ucode: Remove all the dangling symlinks at the end of common
microcode removal phase;  remove all the dangling symlinks in the
kernel-specific directories at the end of the update process.
* microcode_ctl.spec (Release): Bump to 2.
(%changelog): Add an entry.

Resolves: #2135376
Signed-off-by: Eugene Syromiatnikov <esyr@redhat.com>
This commit is contained in:
Eugene Syromiatnikov 2023-06-06 23:28:12 +02:00
parent 308f3271d0
commit 242b19d375
2 changed files with 30 additions and 1 deletions

View File

@ -13,7 +13,7 @@
Summary: CPU microcode updates for Intel x86 processors Summary: CPU microcode updates for Intel x86 processors
Name: microcode_ctl Name: microcode_ctl
Version: %{intel_ucode_version} Version: %{intel_ucode_version}
Release: 1%{?dist} Release: 2%{?dist}
Epoch: 4 Epoch: 4
License: CC0 and Redistributable, no modification permitted License: CC0 and Redistributable, no modification permitted
URL: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files URL: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files
@ -544,6 +544,9 @@ rm -rf %{buildroot}
%changelog %changelog
* Tue Jun 06 2023 Eugene Syromiatnikov <esyr@redhat.com> - 4:20230214-2
- Cleanup the dangling symlinks in update_ucode (#2135376).
* Wed Feb 15 2023 Eugene Syromiatnikov <esyr@redhat.com> - 4:20230214-1 * Wed Feb 15 2023 Eugene Syromiatnikov <esyr@redhat.com> - 4:20230214-1
- Update Intel CPU microcode to microcode-20230214 release, addresses - Update Intel CPU microcode to microcode-20230214 release, addresses
CVE-2022-21216, CVE-2022-33196, CVE-2022-33972, CVE-2022-38090 (#2171234, CVE-2022-21216, CVE-2022-33196, CVE-2022-33972, CVE-2022-38090 (#2171234,

View File

@ -151,6 +151,17 @@ while :; do
$cmd rm -f $verbose_opt "$name" $cmd rm -f $verbose_opt "$name"
done done
[ "xlist" = "x$action" ] || { [ "xlist" = "x$action" ] || {
# Removing possible dangling symlinks
find "${FW_DIR}/${INTEL_UCODE_DIR}" \
-maxdepth 1 -mindepth 1 \
-type l -printf '%p\n' \
| while read -r fname; do
[ -e "$fname" ] || {
debug " Removing danging symlink \"$fname\""
$cmd rm -f $verbose_opt "$fname"
}
done
$cmd rmdir -p $verbose_opt \ $cmd rmdir -p $verbose_opt \
"${FW_DIR}/${INTEL_UCODE_DIR}" 2>/dev/null \ "${FW_DIR}/${INTEL_UCODE_DIR}" 2>/dev/null \
|| true || true
@ -225,6 +236,7 @@ fi | while read -r i; do
fi fi
done done
if [ -e "$FW_DIR/$k/readme-$i" ]; then if [ -e "$FW_DIR/$k/readme-$i" ]; then
if [ "xlist" = "x$action" ]; then if [ "xlist" = "x$action" ]; then
echo "$FW_DIR/$k/readme-$i" echo "$FW_DIR/$k/readme-$i"
@ -288,3 +300,17 @@ fi | while read -r i; do
esac esac
done done
done done
# Removing possible dangling symlinks in kernel-specific directories
debug "Checking for dangling symlinks..."
for k in $(echo "$kernel"); do
debug " Processing kernel version \"$k\""
find "${FW_DIR}/${k}" \
-mindepth 1 -type l -printf '%p\n' \
| while read -r fname; do
[ -e "$fname" ] || {
debug " Removing danging symlink \"$fname\""
$cmd rm -f $verbose_opt "$fname"
}
done
done