update_ucode: cleanup dangling symlinks during update

Microcode is not supposed to be removed during updates, so there are several possible code paths/situations when it is possible that symlinks are not completely cleaned up; as a result, when such a case occurs (for example, when there is a microcode, that is not supposed to be OS-loadable in the first place, added end then removed) a dangling symlinks may appear during updates; the most straightforward way to deal with it, it seems, is to just treat the microcode directories as being owned by the package (which they de-facto are) and simply cleanup all the dangling symlinks during an update. * update_ucode: Remove all the dangling symlinks at the end of common microcode removal phase; remove all the dangling symlinks in the kernel-specific directories at the end of the update process. * microcode_ctl.spec (Release): Bump to 2. (%changelog): Add an entry. Resolves: #2135376 Signed-off-by: Eugene Syromiatnikov <esyr@redhat.com>
2023-06-06 23:28:12 +02:00 · 2023-06-06 23:28:12 +02:00 · 242b19d375
commit 242b19d375
parent 308f3271d0
2 changed files with 30 additions and 1 deletions
--- a/microcode_ctl.spec
+++ b/microcode_ctl.spec
@ -13,7 +13,7 @@
 Summary:        CPU microcode updates for Intel x86 processors
 Name:           microcode_ctl
 Version:        %{intel_ucode_version}
-Release:        1%{?dist}
+Release:        2%{?dist}
 Epoch:          4
 License:        CC0 and Redistributable, no modification permitted
 URL:            https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files
@ -544,6 +544,9 @@ rm -rf %{buildroot}


 %changelog
+* Tue Jun 06 2023 Eugene Syromiatnikov <esyr@redhat.com> - 4:20230214-2
+- Cleanup the dangling symlinks in update_ucode (#2135376).
+
 * Wed Feb 15 2023 Eugene Syromiatnikov <esyr@redhat.com> - 4:20230214-1
 - Update Intel CPU microcode to microcode-20230214 release, addresses
  CVE-2022-21216, CVE-2022-33196, CVE-2022-33972, CVE-2022-38090 (#2171234,
--- a/26
+++ b/26
@ -151,6 +151,17 @@ while :; do
 			$cmd rm -f $verbose_opt "$name"
 		done
 		[ "xlist" = "x$action" ] || {
+			# Removing possible dangling symlinks
+			find "${FW_DIR}/${INTEL_UCODE_DIR}" \
+				-maxdepth 1 -mindepth 1 \
+				-type l -printf '%p\n' \
+			| while read -r fname; do
+				[ -e "$fname" ] || {
+					debug "    Removing danging symlink \"$fname\""
+					$cmd rm -f $verbose_opt "$fname"
+				}
+			done
+
 			$cmd rmdir -p $verbose_opt \
 				"${FW_DIR}/${INTEL_UCODE_DIR}" 2>/dev/null \
 				|| true
@ -225,6 +236,7 @@ fi | while read -r i; do
 				fi
 			done

+
 			if [ -e "$FW_DIR/$k/readme-$i" ]; then
 				if [ "xlist" = "x$action" ]; then
 					echo "$FW_DIR/$k/readme-$i"
@ -288,3 +300,17 @@ fi | while read -r i; do
 		esac
 	done
 done
+
+# Removing possible dangling symlinks in kernel-specific directories
+debug "Checking for dangling symlinks..."
+for k in $(echo "$kernel"); do
+	debug "  Processing kernel version \"$k\""
+	find "${FW_DIR}/${k}" \
+		-mindepth 1 -type l -printf '%p\n' \
+	| while read -r fname; do
+		[ -e "$fname" ] || {
+			debug "    Removing danging symlink \"$fname\""
+			$cmd rm -f $verbose_opt "$fname"
+		}
+	done
+done