Compare commits
No commits in common. "c8" and "imports/c8s/microcode_ctl-20201112-1.el8" have entirely different histories.
c8
...
imports/c8
2
.gitignore
vendored
2
.gitignore
vendored
@ -4,4 +4,4 @@ SOURCES/06-55-04
|
|||||||
SOURCES/06-5e-03
|
SOURCES/06-5e-03
|
||||||
SOURCES/microcode-20190918.tar.gz
|
SOURCES/microcode-20190918.tar.gz
|
||||||
SOURCES/microcode-20191115.tar.gz
|
SOURCES/microcode-20191115.tar.gz
|
||||||
SOURCES/microcode-20240910.tar.gz
|
SOURCES/microcode-20201112.tar.gz
|
||||||
|
@ -4,4 +4,4 @@ bcf2173cd3dd499c37defbc2533703cfa6ec2430 SOURCES/06-2d-07
|
|||||||
86c60ee7d5d0d7115a4962c1c61ceecb0fd3a95a SOURCES/06-5e-03
|
86c60ee7d5d0d7115a4962c1c61ceecb0fd3a95a SOURCES/06-5e-03
|
||||||
bc20d6789e6614b9d9f88ee321ab82bed220f26f SOURCES/microcode-20190918.tar.gz
|
bc20d6789e6614b9d9f88ee321ab82bed220f26f SOURCES/microcode-20190918.tar.gz
|
||||||
774636f4d440623b0ee6a2dad65260e81208074d SOURCES/microcode-20191115.tar.gz
|
774636f4d440623b0ee6a2dad65260e81208074d SOURCES/microcode-20191115.tar.gz
|
||||||
2815182aa376dba6d534bc087a27fe9f27def1d2 SOURCES/microcode-20240910.tar.gz
|
010507b8a7ca0b5c4a01cd1f8a6adae5f0fd316d SOURCES/microcode-20201112.tar.gz
|
||||||
|
@ -1,3 +1,13 @@
|
|||||||
model GenuineIntel 06-2d-07
|
model GenuineIntel 06-2d-07
|
||||||
path intel-ucode/06-2d-07
|
path intel-ucode/06-2d-07
|
||||||
dependency required intel
|
## The "kernel_early" statements are carried over from the intel caveat config
|
||||||
|
## in order to avoid enabling this newer microcode on these problematic kernels;
|
||||||
|
## see the caveat description in /usr/share/doc/microcode_ctl/caveats/intel_readme
|
||||||
|
## (That also means that this caveat has to be enforced separately on these
|
||||||
|
## kernels.)
|
||||||
|
kernel_early 4.10.0
|
||||||
|
kernel_early 3.10.0-930
|
||||||
|
kernel_early 3.10.0-862.14.1
|
||||||
|
kernel_early 3.10.0-693.38.1
|
||||||
|
kernel_early 3.10.0-514.57.1
|
||||||
|
kernel_early 3.10.0-327.73.1
|
||||||
|
@ -1,4 +1,3 @@
|
|||||||
model GenuineIntel 06-4e-03
|
model GenuineIntel 06-4e-03
|
||||||
path intel-ucode/06-4e-03
|
path intel-ucode/06-4e-03
|
||||||
dependency required intel
|
|
||||||
disable early late
|
disable early late
|
||||||
|
@ -13,9 +13,6 @@ microcode revisions in question are listed below:
|
|||||||
* 06-4e-03, revision 0xd6: 06432a25053c823b0e2a6b8e84e2e2023ee3d43e
|
* 06-4e-03, revision 0xd6: 06432a25053c823b0e2a6b8e84e2e2023ee3d43e
|
||||||
* 06-4e-03, revision 0xdc: cd1733458d187486999337ff8b51eeaa0cfbca6c
|
* 06-4e-03, revision 0xdc: cd1733458d187486999337ff8b51eeaa0cfbca6c
|
||||||
* 06-4e-03, revision 0xe2: 41f4513cf563605bc85db38056ac430dec948366
|
* 06-4e-03, revision 0xe2: 41f4513cf563605bc85db38056ac430dec948366
|
||||||
* 06-4e-03, revision 0xea: 5a54cab9f22f69b819d663e5747ed6ea2a326c55
|
|
||||||
* 06-4e-03, revision 0xec: d949a8543d2464d955f5dc4b0777cac863f48729
|
|
||||||
* 06-4e-03, revision 0xf0: 37475bac70457ba8df2c1a32bba81bd7bd27d5e8
|
|
||||||
|
|
||||||
Please contact your system vendor for a BIOS/firmware update that contains
|
Please contact your system vendor for a BIOS/firmware update that contains
|
||||||
the latest microcode version. For the information regarding microcode versions
|
the latest microcode version. For the information regarding microcode versions
|
||||||
@ -43,20 +40,6 @@ to the following knowledge base articles:
|
|||||||
CVE-2020-8696 (Vector Register Leakage-Active),
|
CVE-2020-8696 (Vector Register Leakage-Active),
|
||||||
CVE-2020-8698 (Fast Forward Store Predictor):
|
CVE-2020-8698 (Fast Forward Store Predictor):
|
||||||
https://access.redhat.com/articles/5569051
|
https://access.redhat.com/articles/5569051
|
||||||
* CVE-2020-24489 (VT-d-related Privilege Escalation),
|
|
||||||
CVE-2020-24511 (Improper Isolation of Shared Resources),
|
|
||||||
CVE-2020-24512 (Observable Timing Discrepancy),
|
|
||||||
CVE-2020-24513 (Information Disclosure on Some Intel Atom Processors):
|
|
||||||
https://access.redhat.com/articles/6101171
|
|
||||||
* CVE-2021-0127 (Intel Processor Breakpoint Control Flow):
|
|
||||||
https://access.redhat.com/articles/6716541
|
|
||||||
* CVE-2022-0005 (Informational disclosure via JTAG),
|
|
||||||
CVE-2022-21123 (Shared Buffers Data Read),
|
|
||||||
CVE-2022-21125 (Shared Buffers Data Sampling),
|
|
||||||
CVE-2022-21127 (Update to Special Register Buffer Data Sampling),
|
|
||||||
CVE-2022-21151 (Optimization Removal-Induced Informational Disclosure),
|
|
||||||
CVE-2022-21166 (Device Register Partial Write):
|
|
||||||
https://access.redhat.com/articles/6963124
|
|
||||||
|
|
||||||
The information regarding enforcing microcode update is provided below.
|
The information regarding enforcing microcode update is provided below.
|
||||||
|
|
||||||
|
@ -11,5 +11,11 @@ kernel 2.6.32-573.58.1
|
|||||||
kernel 2.6.32-504.71.1
|
kernel 2.6.32-504.71.1
|
||||||
kernel 2.6.32-431.90.1
|
kernel 2.6.32-431.90.1
|
||||||
kernel 2.6.32-358.90.1
|
kernel 2.6.32-358.90.1
|
||||||
dependency required intel skip=success match-model-mode=off
|
kernel_early 4.10.0
|
||||||
|
kernel_early 3.10.0-930
|
||||||
|
kernel_early 3.10.0-862.14.1
|
||||||
|
kernel_early 3.10.0-693.38.1
|
||||||
|
kernel_early 3.10.0-514.57.1
|
||||||
|
kernel_early 3.10.0-327.73.1
|
||||||
|
mc_min_ver_late 0xb000019
|
||||||
disable early late
|
disable early late
|
||||||
|
@ -28,11 +28,6 @@ to the following knowledge base articles:
|
|||||||
* CVE-2018-12130, CVE-2018-12126, CVE-2018-12127, and CVE-2019-11091
|
* CVE-2018-12130, CVE-2018-12126, CVE-2018-12127, and CVE-2019-11091
|
||||||
("Microarchitectural Data Sampling"):
|
("Microarchitectural Data Sampling"):
|
||||||
https://access.redhat.com/articles/4138151
|
https://access.redhat.com/articles/4138151
|
||||||
* CVE-2020-24489 (VT-d-related Privilege Escalation),
|
|
||||||
CVE-2020-24511 (Improper Isolation of Shared Resources),
|
|
||||||
CVE-2020-24512 (Observable Timing Discrepancy),
|
|
||||||
CVE-2020-24513 (Information Disclosure on Some Intel Atom Processors):
|
|
||||||
https://access.redhat.com/articles/6101171
|
|
||||||
|
|
||||||
The information regarding enforcing microcode load is provided below.
|
The information regarding enforcing microcode load is provided below.
|
||||||
|
|
||||||
|
@ -9,4 +9,14 @@ path intel-ucode/06-55-04
|
|||||||
## are provided for speeding up the search only, VID:DID is the real selector.
|
## are provided for speeding up the search only, VID:DID is the real selector.
|
||||||
## Commented out since revision 0x2006906 seems to fix the issue.
|
## Commented out since revision 0x2006906 seems to fix the issue.
|
||||||
#pci_config_val mode=success-all device=0x1e function=3 vid=0x8086 did=0x2083 offset=0x84 size=4 mask=0x38 val=0x38,0x18,0x8
|
#pci_config_val mode=success-all device=0x1e function=3 vid=0x8086 did=0x2083 offset=0x84 size=4 mask=0x38 val=0x38,0x18,0x8
|
||||||
dependency required intel
|
## The "kernel_early" statements are carried over from the intel caveat config
|
||||||
|
## in order to avoid enabling this newer microcode on these problematic kernels;
|
||||||
|
## see the caveat description in /usr/share/doc/microcode_ctl/caveats/intel_readme
|
||||||
|
## (That also means that this caveat has to be enforced separately on these
|
||||||
|
## kernels.)
|
||||||
|
kernel_early 4.10.0
|
||||||
|
kernel_early 3.10.0-930
|
||||||
|
kernel_early 3.10.0-862.14.1
|
||||||
|
kernel_early 3.10.0-693.38.1
|
||||||
|
kernel_early 3.10.0-514.57.1
|
||||||
|
kernel_early 3.10.0-327.73.1
|
||||||
|
@ -18,13 +18,6 @@ microcode revisions in question are listed below:
|
|||||||
* 06-55-04, revision 0x2000065: f27f12b9d53f492c297afd856cdbc596786fad23
|
* 06-55-04, revision 0x2000065: f27f12b9d53f492c297afd856cdbc596786fad23
|
||||||
* 06-55-04, revision 0x2006906: 5f18f985f6d5ad369b5f6549b7f3ee55acaef967
|
* 06-55-04, revision 0x2006906: 5f18f985f6d5ad369b5f6549b7f3ee55acaef967
|
||||||
* 06-55-04, revision 0x2006a08: 4059fb1f60370297454177f63cd7cc20b3fa1212
|
* 06-55-04, revision 0x2006a08: 4059fb1f60370297454177f63cd7cc20b3fa1212
|
||||||
* 06-55-04, revision 0x2006a0a: 7ec27025329c82de9553c14a78733ad1013e5462
|
|
||||||
* 06-55-04, revision 0x2006b06: cb5bec976cb9754e3a22ab6828b3262a8f9eccf7
|
|
||||||
* 06-55-04, revision 0x2006c0a: 76b641375d136c08f5feb46aacebee40468ac085
|
|
||||||
* 06-55-04, revision 0x2006d05: dc4207cf4eb916ff34acbdddc474db0df781234f
|
|
||||||
* 06-55-04, revision 0x2006e05: bc67d247ad1c9a834bec5e452606db1381d6bc7e
|
|
||||||
* 06-55-04, revision 0x2006f05: c47277a6a47caedb518f311ce5d339528a8347e2
|
|
||||||
* 06-55-04, revision 0x2007006: 68ae0f321685ff97b50266bc20818f31563fc67c
|
|
||||||
|
|
||||||
Please contact your system vendor for a BIOS/firmware update that contains
|
Please contact your system vendor for a BIOS/firmware update that contains
|
||||||
the latest microcode version. For the information regarding microcode versions
|
the latest microcode version. For the information regarding microcode versions
|
||||||
@ -52,24 +45,6 @@ to the following knowledge base articles:
|
|||||||
CVE-2020-8696 (Vector Register Leakage-Active),
|
CVE-2020-8696 (Vector Register Leakage-Active),
|
||||||
CVE-2020-8698 (Fast Forward Store Predictor):
|
CVE-2020-8698 (Fast Forward Store Predictor):
|
||||||
https://access.redhat.com/articles/5569051
|
https://access.redhat.com/articles/5569051
|
||||||
* CVE-2020-24489 (VT-d-related Privilege Escalation),
|
|
||||||
CVE-2020-24511 (Improper Isolation of Shared Resources),
|
|
||||||
CVE-2020-24512 (Observable Timing Discrepancy),
|
|
||||||
CVE-2020-24513 (Information Disclosure on Some Intel Atom Processors):
|
|
||||||
https://access.redhat.com/articles/6101171
|
|
||||||
* CVE-2021-0127 (Intel Processor Breakpoint Control Flow):
|
|
||||||
https://access.redhat.com/articles/6716541
|
|
||||||
* CVE-2022-0005 (Informational disclosure via JTAG),
|
|
||||||
CVE-2022-21123 (Shared Buffers Data Read),
|
|
||||||
CVE-2022-21125 (Shared Buffers Data Sampling),
|
|
||||||
CVE-2022-21127 (Update to Special Register Buffer Data Sampling),
|
|
||||||
CVE-2022-21131 (Protected Processor Inventory Number (PPIN) access protection),
|
|
||||||
CVE-2022-21136 (Overclocking service access protection),
|
|
||||||
CVE-2022-21151 (Optimization Removal-Induced Informational Disclosure),
|
|
||||||
CVE-2022-21166 (Device Register Partial Write):
|
|
||||||
https://access.redhat.com/articles/6963124
|
|
||||||
* CVE-2022-21233 (Stale Data Read from legacy xAPIC):
|
|
||||||
https://access.redhat.com/articles/6976398
|
|
||||||
|
|
||||||
The information regarding disabling microcode update is provided below.
|
The information regarding disabling microcode update is provided below.
|
||||||
|
|
||||||
|
@ -1,3 +1,3 @@
|
|||||||
model GenuineIntel 06-5e-03
|
model GenuineIntel 06-5e-03
|
||||||
path intel-ucode/06-5e-03
|
path intel-ucode/06-5e-03
|
||||||
dependency required intel
|
disable early late
|
||||||
|
@ -1,24 +1,18 @@
|
|||||||
Some Intel Skylake CPU models (SKL-H/S/Xeon E3 v5, family 6, model 94,
|
Some Intel Skylake CPU models (SKL-H/S/Xeon E3 v5, family 6, model 94,
|
||||||
stepping 3) had reports of possible system hangs when revision 0xdc
|
stepping 3) have reports of possible system hangs when revision 0xdc
|
||||||
of microcode, that is included in microcode-20200609 update to address
|
of microcode, that is included in microcode-20200609 update to address
|
||||||
CVE-2020-0543, CVE-2020-0548, and CVE-2020-0549, was applied[1]. In order
|
CVE-2020-0543, CVE-2020-0548, and CVE-2020-0549, is applied[1]. In order
|
||||||
to address this, microcode updates to the newer revision had been disabled
|
to address this, microcode update to the newer revision has been disabled
|
||||||
by default on these systems, and the previously published microcode revision
|
by default on these systems, and the previously published microcode revision
|
||||||
0xd6 was used by default for the OS-driven microcode update. The revision
|
0xd6 is used by default for the OS-driven microcode update.
|
||||||
0xea seems[2] to have fixed the aforementioned issue, hence it is enabled
|
|
||||||
by default (but can be disabled explicitly; see below).
|
|
||||||
|
|
||||||
[1] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31#issuecomment-644885826
|
[1] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31#issuecomment-644885826
|
||||||
[2] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31#issuecomment-857806014
|
|
||||||
|
|
||||||
For the reference, SHA1 checksums of 06-5e-03 microcode files containing
|
For the reference, SHA1 checksums of 06-5e-03 microcode files containing
|
||||||
microcode revisions in question are listed below:
|
microcode revisions in question are listed below:
|
||||||
* 06-5e-03, revision 0xd6: 86c60ee7d5d0d7115a4962c1c61ceecb0fd3a95a
|
* 06-5e-03, revision 0xd6: 86c60ee7d5d0d7115a4962c1c61ceecb0fd3a95a
|
||||||
* 06-5e-03, revision 0xdc: 5e1020a10678cfc60980131c3d3a2cfd462b4dd7
|
* 06-5e-03, revision 0xdc: 5e1020a10678cfc60980131c3d3a2cfd462b4dd7
|
||||||
* 06-5e-03, revision 0xe2: 031e6e148b590d1c9cfdb6677539eeb4899e831c
|
* 06-5e-03, revision 0xe2: 031e6e148b590d1c9cfdb6677539eeb4899e831c
|
||||||
* 06-5e-03, revision 0xea: e6c37056a849fd281f2fdb975361a914e07b86c8
|
|
||||||
* 06-5e-03, revision 0xec: 6458bf25da4906479a01ffdcaa6d466e22722e01
|
|
||||||
* 06-5e-03, revision 0xf0: 0683706bbbf470abbdad4b9923aa9647bfec9616
|
|
||||||
|
|
||||||
Please contact your system vendor for a BIOS/firmware update that contains
|
Please contact your system vendor for a BIOS/firmware update that contains
|
||||||
the latest microcode version. For the information regarding microcode versions
|
the latest microcode version. For the information regarding microcode versions
|
||||||
@ -46,42 +40,32 @@ to the following knowledge base articles:
|
|||||||
CVE-2020-8696 (Vector Register Leakage-Active),
|
CVE-2020-8696 (Vector Register Leakage-Active),
|
||||||
CVE-2020-8698 (Fast Forward Store Predictor):
|
CVE-2020-8698 (Fast Forward Store Predictor):
|
||||||
https://access.redhat.com/articles/5569051
|
https://access.redhat.com/articles/5569051
|
||||||
* CVE-2020-24489 (VT-d-related Privilege Escalation),
|
|
||||||
CVE-2020-24511 (Improper Isolation of Shared Resources),
|
|
||||||
CVE-2020-24512 (Observable Timing Discrepancy),
|
|
||||||
CVE-2020-24513 (Information Disclosure on Some Intel Atom Processors):
|
|
||||||
https://access.redhat.com/articles/6101171
|
|
||||||
* CVE-2021-0127 (Intel Processor Breakpoint Control Flow):
|
|
||||||
https://access.redhat.com/articles/6716541
|
|
||||||
* CVE-2022-0005 (Informational disclosure via JTAG),
|
|
||||||
CVE-2022-21123 (Shared Buffers Data Read),
|
|
||||||
CVE-2022-21125 (Shared Buffers Data Sampling),
|
|
||||||
CVE-2022-21127 (Update to Special Register Buffer Data Sampling),
|
|
||||||
CVE-2022-21151 (Optimization Removal-Induced Informational Disclosure),
|
|
||||||
CVE-2022-21166 (Device Register Partial Write):
|
|
||||||
https://access.redhat.com/articles/6963124
|
|
||||||
|
|
||||||
The information regarding disabling microcode update is provided below.
|
The information regarding enforcing microcode update is provided below.
|
||||||
|
|
||||||
To prevent usage of the latest 06-5e-03 microcode revision for a specific kernel
|
To enforce usage of the latest 06-5e-03 microcode revision for a specific kernel
|
||||||
version, please create a file "disallow-intel-06-5e-03" inside
|
version, please create a file "force-intel-06-5e-03" inside
|
||||||
/lib/firmware/<kernel_version> directory, run
|
/lib/firmware/<kernel_version> directory, run
|
||||||
"/usr/libexec/microcode_ctl/update_ucode" to remove it to firmware directory
|
"/usr/libexec/microcode_ctl/update_ucode" to add it to firmware directory
|
||||||
where microcode is available for late microcode update, and run
|
where microcode will be available for late microcode update, and run
|
||||||
"dracut -f --kver <kernel_version>", so initramfs for this kernel version
|
"dracut -f --kver <kernel_version>", so initramfs for this kernel version
|
||||||
is regenerated, for example:
|
is regenerated and the microcode can be loaded early, for example:
|
||||||
|
|
||||||
touch /lib/firmware/3.10.0-862.9.1/disallow-intel-06-5e-03
|
touch /lib/firmware/3.10.0-862.9.1/force-intel-06-5e-03
|
||||||
/usr/libexec/microcode_ctl/update_ucode
|
/usr/libexec/microcode_ctl/update_ucode
|
||||||
dracut -f --kver 3.10.0-862.9.1
|
dracut -f --kver 3.10.0-862.9.1
|
||||||
|
|
||||||
To avoid addition of the latest microcode for all kernels, please create file
|
After that, it is possible to perform a late microcode update by executing
|
||||||
"/etc/microcode_ctl/ucode_with_caveats/disallow-intel-06-5e-03", run
|
"/usr/libexec/microcode_ctl/reload_microcode" or by writing value "1" to
|
||||||
"/usr/libexec/microcode_ctl/update_ucode" for late microcode updates,
|
"/sys/devices/system/cpu/microcode/reload" directly.
|
||||||
and "dracut -f --regenerate-all" for early microcode updates:
|
|
||||||
|
To enforce addition of this microcode for all kernels, please create file
|
||||||
|
"/etc/microcode_ctl/ucode_with_caveats/force-intel-06-5e-03", run
|
||||||
|
"/usr/libexec/microcode_ctl/update_ucode" for enabling late microcode updates,
|
||||||
|
and "dracut -f --regenerate-all" for enabling early microcode updates:
|
||||||
|
|
||||||
mkdir -p /etc/microcode_ctl/ucode_with_caveats
|
mkdir -p /etc/microcode_ctl/ucode_with_caveats
|
||||||
touch /etc/microcode_ctl/ucode_with_caveats/disallow-intel-06-5e-03
|
touch /etc/microcode_ctl/ucode_with_caveats/force-intel-06-5e-03
|
||||||
/usr/libexec/microcode_ctl/update_ucode
|
/usr/libexec/microcode_ctl/update_ucode
|
||||||
dracut -f --regenerate-all
|
dracut -f --regenerate-all
|
||||||
|
|
||||||
|
@ -1,3 +1,3 @@
|
|||||||
model GenuineIntel 06-8c-01
|
model GenuineIntel 06-8c-01
|
||||||
path intel-ucode/06-8c-01
|
path intel-ucode/06-8c-01
|
||||||
dependency required intel skip=success match-model-mode=off
|
disable early late
|
||||||
|
@ -1,64 +1,38 @@
|
|||||||
Some Intel Tiger Lake-UP3/UP4 CPU models (TGL, family 6, model 140, stepping 1)
|
Some Intel Tiger Lake-UP3/UP4 CPU models (TGL, family 6, model 140, stepping 1)
|
||||||
had reports of system hangs when a microcode update, that was included
|
have reports of system hangs when a microcode update, that is included
|
||||||
since microcode-20201110 update, was applied[1]. In order to address this,
|
since microcode-20201110 update, is applied[1]. In order to address this,
|
||||||
microcode update had been disabled by default on these systems. The revision
|
microcode update has been disabled by default on these systems.
|
||||||
0x88 seems to have fixed the aforementioned issue, hence it is enabled
|
|
||||||
by default (but can be disabled explicitly; see below).
|
|
||||||
|
|
||||||
[1] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/44
|
[1] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/44
|
||||||
|
|
||||||
For the reference, SHA1 checksums of 06-8c-01 microcode files containing
|
|
||||||
microcode revisions in question are listed below:
|
|
||||||
* 06-8c-01, revision 0x68: 2204a6dee1688980cd228268fdf4b6ed5904fe04
|
|
||||||
* 06-8c-01, revision 0x88: 61b6590feb2769046d5b0c394179beaf2df51290
|
|
||||||
* 06-8c-01, revision 0x9a: 48b3ae8d27d8138b5b47052d2f8184bf555ad18e
|
|
||||||
* 06-8c-01, revision 0xa4: 70753f54f5be84376bdebeb710595e4dc2f6d92f
|
|
||||||
* 06-8c-01, revision 0xa6: fdcf89e3a15a20df8aeee215b78bf5d13d731044
|
|
||||||
* 06-8c-01, revision 0xaa: cf84883f6b3184690c25ccade0b10fa839ac8657
|
|
||||||
* 06-8c-01, revision 0xac: b9f342e564a0be372ed1f4709263bf811feb022a
|
|
||||||
* 06-8c-01, revision 0xb4: 6596bb8696cde85538bb833d090f0b7a42d6ae14
|
|
||||||
* 06-8c-01, revision 0xb6: 76556e8248a89f38cd55a6c83dccc995ba176091
|
|
||||||
* 06-8c-01, revision 0xb8: 6e9b138d1db2934479b179af4a3a19e843c4b4e4
|
|
||||||
|
|
||||||
Please contact your system vendor for a BIOS/firmware update that contains
|
Please contact your system vendor for a BIOS/firmware update that contains
|
||||||
the latest microcode version. For the information regarding microcode versions
|
the latest microcode version.
|
||||||
required for mitigating specific side-channel cache attacks, please refer
|
|
||||||
to the following knowledge base articles:
|
|
||||||
* CVE-2020-8695 (Information disclosure issue in Intel SGX via RAPL interface),
|
|
||||||
CVE-2020-8696 (Vector Register Leakage-Active),
|
|
||||||
CVE-2020-8698 (Fast Forward Store Predictor):
|
|
||||||
https://access.redhat.com/articles/5569051
|
|
||||||
* CVE-2020-24489 (VT-d-related Privilege Escalation),
|
|
||||||
CVE-2020-24511 (Improper Isolation of Shared Resources),
|
|
||||||
CVE-2020-24512 (Observable Timing Discrepancy),
|
|
||||||
CVE-2020-24513 (Information Disclosure on Some Intel Atom Processors):
|
|
||||||
https://access.redhat.com/articles/6101171
|
|
||||||
* CVE-2021-0145 (Fast store forward predictor - Cross Domain Training):
|
|
||||||
https://access.redhat.com/articles/6716541
|
|
||||||
* CVE-2022-21123 (Shared Buffers Data Read):
|
|
||||||
https://access.redhat.com/articles/6963124
|
|
||||||
|
|
||||||
The information regarding disabling microcode update is provided below.
|
The information regarding enforcing microcode update is provided below.
|
||||||
|
|
||||||
To disable 06-8c-01 microcode updates for a specific kernel
|
To enforce usage of the latest 06-8c-01 microcode revision for a specific kernel
|
||||||
version, please create a file "disallow-intel-06-8c-01" inside
|
version, please create a file "force-intel-06-8c-01" inside
|
||||||
/lib/firmware/<kernel_version> directory, run
|
/lib/firmware/<kernel_version> directory, run
|
||||||
"/usr/libexec/microcode_ctl/update_ucode" to remove it from the firmware
|
"/usr/libexec/microcode_ctl/update_ucode" to add it to firmware directory
|
||||||
directory where microcode is available for late microcode update, and run
|
where microcode will be available for late microcode update, and run
|
||||||
"dracut -f --kver <kernel_version>", so initramfs for this kernel version
|
"dracut -f --kver <kernel_version>", so initramfs for this kernel version
|
||||||
is regenerated, for example:
|
is regenerated and the microcode can be loaded early, for example:
|
||||||
|
|
||||||
touch /lib/firmware/3.10.0-862.9.1/disallow-intel-06-8c-01
|
touch /lib/firmware/3.10.0-862.9.1/force-intel-06-8c-01
|
||||||
/usr/libexec/microcode_ctl/update_ucode
|
/usr/libexec/microcode_ctl/update_ucode
|
||||||
dracut -f --kver 3.10.0-862.9.1
|
dracut -f --kver 3.10.0-862.9.1
|
||||||
|
|
||||||
To avoid addition of this microcode for all kernels, please create file
|
After that, it is possible to perform a late microcode update by executing
|
||||||
"/etc/microcode_ctl/ucode_with_caveats/disallow-intel-06-8c-01", run
|
"/usr/libexec/microcode_ctl/reload_microcode" or by writing value "1" to
|
||||||
"/usr/libexec/microcode_ctl/update_ucode" for late microcode updates,
|
"/sys/devices/system/cpu/microcode/reload" directly.
|
||||||
and "dracut -f --regenerate-all" for early microcode updates:
|
|
||||||
|
To enforce addition of this microcode for all kernels, please create file
|
||||||
|
"/etc/microcode_ctl/ucode_with_caveats/force-intel-06-8c-01", run
|
||||||
|
"/usr/libexec/microcode_ctl/update_ucode" for enabling late microcode updates,
|
||||||
|
and "dracut -f --regenerate-all" for enabling early microcode updates:
|
||||||
|
|
||||||
mkdir -p /etc/microcode_ctl/ucode_with_caveats
|
mkdir -p /etc/microcode_ctl/ucode_with_caveats
|
||||||
touch /etc/microcode_ctl/ucode_with_caveats/disallow-intel-06-8c-01
|
touch /etc/microcode_ctl/ucode_with_caveats/force-intel-06-8c-01
|
||||||
/usr/libexec/microcode_ctl/update_ucode
|
/usr/libexec/microcode_ctl/update_ucode
|
||||||
dracut -f --regenerate-all
|
dracut -f --regenerate-all
|
||||||
|
|
||||||
|
@ -1,5 +1,4 @@
|
|||||||
path intel-ucode/*
|
path intel-ucode/*
|
||||||
vendor GenuineIntel
|
vendor GenuineIntel
|
||||||
dmi mode=fail-equal key=bios_vendor val="Dell Inc."
|
dmi mode=fail-equal key=bios_vendor val="Dell Inc."
|
||||||
dependency required intel
|
|
||||||
disable early late
|
disable early late
|
||||||
|
@ -82,74 +82,6 @@ in question:
|
|||||||
* 06-9e-0c, revision 0xde: a95021a4e497e0bf3691ecf3d020728f25a3f542
|
* 06-9e-0c, revision 0xde: a95021a4e497e0bf3691ecf3d020728f25a3f542
|
||||||
* 06-9e-0d, revision 0xde: 03b20fdc2fa3f9586f93a7e40d3b61be5b7b788c
|
* 06-9e-0d, revision 0xde: 03b20fdc2fa3f9586f93a7e40d3b61be5b7b788c
|
||||||
|
|
||||||
* 06-8e-09, revision 0xea: caa7192fb2223e3e52389aca84930aee326b384d
|
|
||||||
* 06-8e-0a, revision 0xea: ab4d5d3b51445d055763796a0362f8ab249cf4c8
|
|
||||||
* 06-8e-0b, revision 0xea: 5406c513f90286c02476ee0d4a6c8010a263c3ac
|
|
||||||
* 06-8e-0c, revision 0xea: 8c045b9056443862c95573efd4646e331a2310d3
|
|
||||||
* 06-9e-09, revision 0xea: a9f8a14ca3808f6380d6dff92e1fd693cc909668
|
|
||||||
* 06-9e-0a, revision 0xea: b7726bdba2fe74d8f419c68f417d796d569b9ec4
|
|
||||||
* 06-9e-0b, revision 0xea: 963dca66aedf2bfb0613d0d9515c6bcfb0589e0c
|
|
||||||
* 06-9e-0c, revision 0xea: 1329a4d8166fe7d70833d21428936254e11efbb4
|
|
||||||
* 06-9e-0d, revision 0xea: 9c73f2ac6c4edbf8b0aefdd5d6780c7219be702a
|
|
||||||
|
|
||||||
* 06-8e-09, revision 0xec: 78eb624be5e8084e438318bdad99f9ddc082def7
|
|
||||||
* 06-8e-0a, revision 0xec: 6c41a6ad412f48f81a9d5edf59dcdecc358398bf
|
|
||||||
* 06-8e-0b, revision 0xec: 89dd0de598c83eb9714f6839499f322dfce2b693
|
|
||||||
* 06-8e-0c, revision 0xec: 225ea349b9cb3b1b94e237deb797e0c60d14a84c
|
|
||||||
* 06-9e-09, revision 0xec: fc5c0206fe392a0ddad4dc9363fde2d3e3d1e681
|
|
||||||
* 06-9e-0a, revision 0xec: 128002076e4ac3c75697fb4efdf1f8ddcc971fbe
|
|
||||||
* 06-9e-0b, revision 0xec: ac8c3865a143b2e03869f15a5b86e560f60ad632
|
|
||||||
* 06-9e-0c, revision 0xec: 6e3d695290def517857c8e743dc65161479f0c04
|
|
||||||
* 06-9e-0d, revision 0xec: 58b1ec5fee7dd1a761ed901b374ccb978737a979
|
|
||||||
|
|
||||||
* 06-8e-09, revision 0xf0: 219e2b9168a09451b17813b97995cc59cc78b414
|
|
||||||
* 06-8e-0a, revision 0xf0: 3c4241d0b9d1a1a1e82d03b365fdd3b843006a7c
|
|
||||||
* 06-8e-0b, revision 0xf0: 79b61f034cba86e61641114bbab49ec0166c0f35
|
|
||||||
* 06-8e-0c, revision 0xf0: 11d166de440dbe9c440e90cb610ef4b9d48242b1
|
|
||||||
* 06-9e-09, revision 0xf0: 49e142da74e7298b2db738ff7dd1a9b0fa4e0c3e
|
|
||||||
* 06-9e-0a, revision 0xf0: 8de1d4a80cd683bf09854c33905c69d3d7ac7730
|
|
||||||
* 06-9e-0b, revision 0xf0: ff092c6ac8333f0abcd94f7d2e2088f31d960e62
|
|
||||||
* 06-9e-0c, revision 0xf0: 3702f21e87b75bea6f4b1ee0407b941ef31d4ad1
|
|
||||||
* 06-9e-0d, revision 0xf0: 226feaaa431eb76e734ab68efc2ea7b07aa3c7d9
|
|
||||||
|
|
||||||
* 06-8e-0c, revision 0xf4: 6a5e140bf8c046acb6958bad1db1fee66c8601ad
|
|
||||||
* 06-9e-0d, revision 0xf4: 3433d4394b05a9c8aefb9c46674bad7b7e934f11
|
|
||||||
|
|
||||||
* 06-8e-09, revision 0xf2: 2e67e55d7b805edcfaac57898088323df7315b25
|
|
||||||
* 06-8e-0a, revision 0xf2: f9e1dbeb969ded845b726c62336f243099714bcf
|
|
||||||
* 06-8e-0b, revision 0xf2: 3d45fbcbefd92dbbedf0eed04aeb29c7430c7c0e
|
|
||||||
* 06-8e-0c, revision 0xf6: bd37be38dbd046d4d66f126cfaa79e43bfe88c0d
|
|
||||||
* 06-9e-09, revision 0xf2: 716257544acf2c871d74e4627e7de86ee1024185
|
|
||||||
* 06-9e-0a, revision 0xf2: 933c5d6710195336381e15a160d36aaa52d358fd
|
|
||||||
* 06-9e-0b, revision 0xf2: 92eaafdb72f6d4231046aadb92caa0038e94fca8
|
|
||||||
* 06-9e-0c, revision 0xf2: ad8922b4f91b5214dd88c56c0a12d15edb9cea5b
|
|
||||||
* 06-9e-0d, revision 0xf8: 8fdea727c6ce46b26e0cffa6ee4ff1ba0c45cf14
|
|
||||||
|
|
||||||
* 06-8e-09, revision 0xf4: e059ab6b168f3831d624acc153e18ab1c8488570
|
|
||||||
* 06-8e-0a, revision 0xf4: d1ade1ccfe5c6105d0786dfe887696808954f8b4
|
|
||||||
* 06-8e-0b, revision 0xf4: 0bc93736f3f5b8b6569bebac4e9627ab923621e0
|
|
||||||
* 06-8e-0c, revision 0xf8: be93b4826a3f40219a9fc4fc5afa87b320279f6e
|
|
||||||
* 06-9e-09, revision 0xf4: 317564f3ac7b99b5900b91e2be3e23b9b66bc2c0
|
|
||||||
* 06-9e-0a, revision 0xf4: 9659f73e2c6081eb5c146c5ed763fa5db21df901
|
|
||||||
* 06-9e-0b, revision 0xf4: e60b567ad54da129d05a77e305cae4488579979d
|
|
||||||
* 06-9e-0c, revision 0xf4: 74d52a11a905dd7b254fa72b014c3bab8022ba3d
|
|
||||||
* 06-9e-0d, revision 0xfa: 484738563e793d5b90b94869dc06edf0407182f1
|
|
||||||
|
|
||||||
* 06-8e-0c, revision 0xfa: d2c2ed4634b2f345382991237bedb90430fcc0b3
|
|
||||||
* 06-9e-09, revision 0xf8: 69b8a5435bfb976ef5ec5930dae870e26835442e
|
|
||||||
* 06-9e-0a, revision 0xf6: c1f0f556cd203aa6e1d0d1ffb0a65b32f32692be
|
|
||||||
* 06-9e-0c, revision 0xf6: a8dfddd009f750b6528f93556b67d4eeca1e5dfa
|
|
||||||
* 06-9e-0d, revision 0xfc: a0ad865fd2d3b9d955a889c96fabc67da0235dda
|
|
||||||
|
|
||||||
* 06-8e-09, revision 0xf6: c2786ef2eb4feb8ac3e3efae83c361de3ad8df0d
|
|
||||||
* 06-8e-0a, revision 0xf6: 9bb2839d451ecee40c1eb08f40e4baec9a159e90
|
|
||||||
* 06-8e-0b, revision 0xf6: 7b60fc7d44654976df32971a45399b3b910f3390
|
|
||||||
* 06-8e-0c, revision 0xfc: 34efc9a54dc32082b898116840c0a1a1cef59e69
|
|
||||||
* 06-9e-0a, revision 0xf8: 880163a2da13ed1eae1654535d751a788de6fa3f
|
|
||||||
* 06-9e-0b, revision 0xf6: ca90c9139d0c1554f6d17ae1bdcf94d0faa6ece7
|
|
||||||
* 06-9e-0c, revision 0xf8: 97dcc36772894619ab28be8c35c4ff9f15d684ae
|
|
||||||
* 06-9e-0d, revision 0x100: 1a00b6a4373b95811c6396f2a0d8d497f4006fb7
|
|
||||||
|
|
||||||
Please contact your system vendor for a BIOS/firmware update that contains
|
Please contact your system vendor for a BIOS/firmware update that contains
|
||||||
the latest microcode version. For the information regarding microcode versions
|
the latest microcode version. For the information regarding microcode versions
|
||||||
required for mitigating specific side-channel cache attacks, please refer
|
required for mitigating specific side-channel cache attacks, please refer
|
||||||
@ -176,20 +108,6 @@ to the following knowledge base articles:
|
|||||||
CVE-2020-8696 (Vector Register Leakage-Active),
|
CVE-2020-8696 (Vector Register Leakage-Active),
|
||||||
CVE-2020-8698 (Fast Forward Store Predictor):
|
CVE-2020-8698 (Fast Forward Store Predictor):
|
||||||
https://access.redhat.com/articles/5569051
|
https://access.redhat.com/articles/5569051
|
||||||
* CVE-2020-24489 (VT-d-related Privilege Escalation),
|
|
||||||
CVE-2020-24511 (Improper Isolation of Shared Resources),
|
|
||||||
CVE-2020-24512 (Observable Timing Discrepancy),
|
|
||||||
CVE-2020-24513 (Information Disclosure on Some Intel Atom Processors):
|
|
||||||
https://access.redhat.com/articles/6101171
|
|
||||||
* CVE-2021-0127 (Intel Processor Breakpoint Control Flow):
|
|
||||||
https://access.redhat.com/articles/6716541
|
|
||||||
* CVE-2022-0005 (Informational disclosure via JTAG),
|
|
||||||
CVE-2022-21123 (Shared Buffers Data Read),
|
|
||||||
CVE-2022-21125 (Shared Buffers Data Sampling),
|
|
||||||
CVE-2022-21127 (Update to Special Register Buffer Data Sampling),
|
|
||||||
CVE-2022-21151 (Optimization Removal-Induced Informational Disclosure),
|
|
||||||
CVE-2022-21166 (Device Register Partial Write):
|
|
||||||
https://access.redhat.com/articles/6963124
|
|
||||||
|
|
||||||
The information regarding disabling microcode update is provided below.
|
The information regarding disabling microcode update is provided below.
|
||||||
|
|
||||||
|
@ -4,4 +4,14 @@ vendor GenuineIntel
|
|||||||
## in cases where no model filter is used is too broad, hence
|
## in cases where no model filter is used is too broad, hence
|
||||||
## no-model-mode=success.
|
## no-model-mode=success.
|
||||||
dmi mode=fail-equal no-model-mode=success key=bios_vendor val="Dell Inc."
|
dmi mode=fail-equal no-model-mode=success key=bios_vendor val="Dell Inc."
|
||||||
dependency required intel
|
## The "kernel_early" statements are carried over from the intel caveat config
|
||||||
|
## in order to avoid enabling this newer microcode on these problematic kernels;
|
||||||
|
## see the caveat description in /usr/share/doc/microcode_ctl/caveats/intel_readme
|
||||||
|
## (That also means that this caveat has to be enforced separately on these
|
||||||
|
## kernels.)
|
||||||
|
kernel_early 4.10.0
|
||||||
|
kernel_early 3.10.0-930
|
||||||
|
kernel_early 3.10.0-862.14.1
|
||||||
|
kernel_early 3.10.0-693.38.1
|
||||||
|
kernel_early 3.10.0-514.57.1
|
||||||
|
kernel_early 3.10.0-327.73.1
|
||||||
|
@ -82,74 +82,6 @@ in question:
|
|||||||
* 06-9e-0c, revision 0xde: a95021a4e497e0bf3691ecf3d020728f25a3f542
|
* 06-9e-0c, revision 0xde: a95021a4e497e0bf3691ecf3d020728f25a3f542
|
||||||
* 06-9e-0d, revision 0xde: 03b20fdc2fa3f9586f93a7e40d3b61be5b7b788c
|
* 06-9e-0d, revision 0xde: 03b20fdc2fa3f9586f93a7e40d3b61be5b7b788c
|
||||||
|
|
||||||
* 06-8e-09, revision 0xea: caa7192fb2223e3e52389aca84930aee326b384d
|
|
||||||
* 06-8e-0a, revision 0xea: ab4d5d3b51445d055763796a0362f8ab249cf4c8
|
|
||||||
* 06-8e-0b, revision 0xea: 5406c513f90286c02476ee0d4a6c8010a263c3ac
|
|
||||||
* 06-8e-0c, revision 0xea: 8c045b9056443862c95573efd4646e331a2310d3
|
|
||||||
* 06-9e-09, revision 0xea: a9f8a14ca3808f6380d6dff92e1fd693cc909668
|
|
||||||
* 06-9e-0a, revision 0xea: b7726bdba2fe74d8f419c68f417d796d569b9ec4
|
|
||||||
* 06-9e-0b, revision 0xea: 963dca66aedf2bfb0613d0d9515c6bcfb0589e0c
|
|
||||||
* 06-9e-0c, revision 0xea: 1329a4d8166fe7d70833d21428936254e11efbb4
|
|
||||||
* 06-9e-0d, revision 0xea: 9c73f2ac6c4edbf8b0aefdd5d6780c7219be702a
|
|
||||||
|
|
||||||
* 06-8e-09, revision 0xec: 78eb624be5e8084e438318bdad99f9ddc082def7
|
|
||||||
* 06-8e-0a, revision 0xec: 6c41a6ad412f48f81a9d5edf59dcdecc358398bf
|
|
||||||
* 06-8e-0b, revision 0xec: 89dd0de598c83eb9714f6839499f322dfce2b693
|
|
||||||
* 06-8e-0c, revision 0xec: 225ea349b9cb3b1b94e237deb797e0c60d14a84c
|
|
||||||
* 06-9e-09, revision 0xec: fc5c0206fe392a0ddad4dc9363fde2d3e3d1e681
|
|
||||||
* 06-9e-0a, revision 0xec: 128002076e4ac3c75697fb4efdf1f8ddcc971fbe
|
|
||||||
* 06-9e-0b, revision 0xec: ac8c3865a143b2e03869f15a5b86e560f60ad632
|
|
||||||
* 06-9e-0c, revision 0xec: 6e3d695290def517857c8e743dc65161479f0c04
|
|
||||||
* 06-9e-0d, revision 0xec: 58b1ec5fee7dd1a761ed901b374ccb978737a979
|
|
||||||
|
|
||||||
* 06-8e-09, revision 0xf0: 219e2b9168a09451b17813b97995cc59cc78b414
|
|
||||||
* 06-8e-0a, revision 0xf0: 3c4241d0b9d1a1a1e82d03b365fdd3b843006a7c
|
|
||||||
* 06-8e-0b, revision 0xf0: 79b61f034cba86e61641114bbab49ec0166c0f35
|
|
||||||
* 06-8e-0c, revision 0xf0: 11d166de440dbe9c440e90cb610ef4b9d48242b1
|
|
||||||
* 06-9e-09, revision 0xf0: 49e142da74e7298b2db738ff7dd1a9b0fa4e0c3e
|
|
||||||
* 06-9e-0a, revision 0xf0: 8de1d4a80cd683bf09854c33905c69d3d7ac7730
|
|
||||||
* 06-9e-0b, revision 0xf0: ff092c6ac8333f0abcd94f7d2e2088f31d960e62
|
|
||||||
* 06-9e-0c, revision 0xf0: 3702f21e87b75bea6f4b1ee0407b941ef31d4ad1
|
|
||||||
* 06-9e-0d, revision 0xf0: 226feaaa431eb76e734ab68efc2ea7b07aa3c7d9
|
|
||||||
|
|
||||||
* 06-8e-0c, revision 0xf4: 6a5e140bf8c046acb6958bad1db1fee66c8601ad
|
|
||||||
* 06-9e-0d, revision 0xf4: 3433d4394b05a9c8aefb9c46674bad7b7e934f11
|
|
||||||
|
|
||||||
* 06-8e-09, revision 0xf2: 2e67e55d7b805edcfaac57898088323df7315b25
|
|
||||||
* 06-8e-0a, revision 0xf2: f9e1dbeb969ded845b726c62336f243099714bcf
|
|
||||||
* 06-8e-0b, revision 0xf2: 3d45fbcbefd92dbbedf0eed04aeb29c7430c7c0e
|
|
||||||
* 06-8e-0c, revision 0xf6: bd37be38dbd046d4d66f126cfaa79e43bfe88c0d
|
|
||||||
* 06-9e-09, revision 0xf2: 716257544acf2c871d74e4627e7de86ee1024185
|
|
||||||
* 06-9e-0a, revision 0xf2: 933c5d6710195336381e15a160d36aaa52d358fd
|
|
||||||
* 06-9e-0b, revision 0xf2: 92eaafdb72f6d4231046aadb92caa0038e94fca8
|
|
||||||
* 06-9e-0c, revision 0xf2: ad8922b4f91b5214dd88c56c0a12d15edb9cea5b
|
|
||||||
* 06-9e-0d, revision 0xf8: 8fdea727c6ce46b26e0cffa6ee4ff1ba0c45cf14
|
|
||||||
|
|
||||||
* 06-8e-09, revision 0xf4: e059ab6b168f3831d624acc153e18ab1c8488570
|
|
||||||
* 06-8e-0a, revision 0xf4: d1ade1ccfe5c6105d0786dfe887696808954f8b4
|
|
||||||
* 06-8e-0b, revision 0xf4: 0bc93736f3f5b8b6569bebac4e9627ab923621e0
|
|
||||||
* 06-8e-0c, revision 0xf8: be93b4826a3f40219a9fc4fc5afa87b320279f6e
|
|
||||||
* 06-9e-09, revision 0xf4: 317564f3ac7b99b5900b91e2be3e23b9b66bc2c0
|
|
||||||
* 06-9e-0a, revision 0xf4: 9659f73e2c6081eb5c146c5ed763fa5db21df901
|
|
||||||
* 06-9e-0b, revision 0xf4: e60b567ad54da129d05a77e305cae4488579979d
|
|
||||||
* 06-9e-0c, revision 0xf4: 74d52a11a905dd7b254fa72b014c3bab8022ba3d
|
|
||||||
* 06-9e-0d, revision 0xfa: 484738563e793d5b90b94869dc06edf0407182f1
|
|
||||||
|
|
||||||
* 06-8e-0c, revision 0xfa: d2c2ed4634b2f345382991237bedb90430fcc0b3
|
|
||||||
* 06-9e-09, revision 0xf8: 69b8a5435bfb976ef5ec5930dae870e26835442e
|
|
||||||
* 06-9e-0a, revision 0xf6: c1f0f556cd203aa6e1d0d1ffb0a65b32f32692be
|
|
||||||
* 06-9e-0c, revision 0xf6: a8dfddd009f750b6528f93556b67d4eeca1e5dfa
|
|
||||||
* 06-9e-0d, revision 0xfc: a0ad865fd2d3b9d955a889c96fabc67da0235dda
|
|
||||||
|
|
||||||
* 06-8e-09, revision 0xf6: c2786ef2eb4feb8ac3e3efae83c361de3ad8df0d
|
|
||||||
* 06-8e-0a, revision 0xf6: 9bb2839d451ecee40c1eb08f40e4baec9a159e90
|
|
||||||
* 06-8e-0b, revision 0xf6: 7b60fc7d44654976df32971a45399b3b910f3390
|
|
||||||
* 06-8e-0c, revision 0xfc: 34efc9a54dc32082b898116840c0a1a1cef59e69
|
|
||||||
* 06-9e-0a, revision 0xf8: 880163a2da13ed1eae1654535d751a788de6fa3f
|
|
||||||
* 06-9e-0b, revision 0xf6: ca90c9139d0c1554f6d17ae1bdcf94d0faa6ece7
|
|
||||||
* 06-9e-0c, revision 0xf8: 97dcc36772894619ab28be8c35c4ff9f15d684ae
|
|
||||||
* 06-9e-0d, revision 0x100: 1a00b6a4373b95811c6396f2a0d8d497f4006fb7
|
|
||||||
|
|
||||||
Please contact your system vendor for a BIOS/firmware update that contains
|
Please contact your system vendor for a BIOS/firmware update that contains
|
||||||
the latest microcode version. For the information regarding microcode versions
|
the latest microcode version. For the information regarding microcode versions
|
||||||
required for mitigating specific side-channel cache attacks, please refer
|
required for mitigating specific side-channel cache attacks, please refer
|
||||||
@ -176,20 +108,6 @@ to the following knowledge base articles:
|
|||||||
CVE-2020-8696 (Vector Register Leakage-Active),
|
CVE-2020-8696 (Vector Register Leakage-Active),
|
||||||
CVE-2020-8698 (Fast Forward Store Predictor):
|
CVE-2020-8698 (Fast Forward Store Predictor):
|
||||||
https://access.redhat.com/articles/5569051
|
https://access.redhat.com/articles/5569051
|
||||||
* CVE-2020-24489 (VT-d-related Privilege Escalation),
|
|
||||||
CVE-2020-24511 (Improper Isolation of Shared Resources),
|
|
||||||
CVE-2020-24512 (Observable Timing Discrepancy),
|
|
||||||
CVE-2020-24513 (Information Disclosure on Some Intel Atom Processors):
|
|
||||||
https://access.redhat.com/articles/6101171
|
|
||||||
* CVE-2021-0127 (Intel Processor Breakpoint Control Flow):
|
|
||||||
https://access.redhat.com/articles/6716541
|
|
||||||
* CVE-2022-0005 (Informational disclosure via JTAG),
|
|
||||||
CVE-2022-21123 (Shared Buffers Data Read),
|
|
||||||
CVE-2022-21125 (Shared Buffers Data Sampling),
|
|
||||||
CVE-2022-21127 (Update to Special Register Buffer Data Sampling),
|
|
||||||
CVE-2022-21151 (Optimization Removal-Induced Informational Disclosure),
|
|
||||||
CVE-2022-21166 (Device Register Partial Write):
|
|
||||||
https://access.redhat.com/articles/6963124
|
|
||||||
|
|
||||||
The information regarding disabling microcode update is provided below.
|
The information regarding disabling microcode update is provided below.
|
||||||
|
|
||||||
|
@ -22,30 +22,6 @@ microcode files and their usage.
|
|||||||
* SECURITY.intel-ucode
|
* SECURITY.intel-ucode
|
||||||
"security.md" file from the Intel x86 CPU microcode archive.
|
"security.md" file from the Intel x86 CPU microcode archive.
|
||||||
* SUMMARY.intel-ucode
|
* SUMMARY.intel-ucode
|
||||||
Information about supplied microcode files extracted from their headers,
|
Information about supplied microcode files extracted from their headers.
|
||||||
in a table form. Columns have the following meaning:
|
|
||||||
* "Path": path to the microcode file under one of the following directories:
|
|
||||||
* /usr/share/microcode_ctl/ucode_with_caveats/intel
|
|
||||||
* /usr/share/microcode_ctl/ucode_with_caveats
|
|
||||||
* /usr/share/microcode_ctl
|
|
||||||
* /lib/firmware
|
|
||||||
* /etc/firmware
|
|
||||||
* "Offset": offset of the microcode blob within the micocode file in bytes.
|
|
||||||
* "Ext. Offset": offset of the extended signature header within
|
|
||||||
the microcode file in bytes.
|
|
||||||
* "Data Size": size of microcode data in bytes. 0 means 2000 bytes.
|
|
||||||
* "Total Size": size of microcode blob in bytes, incuding headers.
|
|
||||||
0 means 2048 bytes.
|
|
||||||
* "CPUID": CPU ID signature (in format returned by the CPUID instruction).
|
|
||||||
* "Platform ID Mask": mask of suitable Platform IDs (provided in bits
|
|
||||||
52..50 of MSR 0x17).
|
|
||||||
* "Revision": microcode revision.
|
|
||||||
* "Date": microcode creation date.
|
|
||||||
* "Checksum": sum (in base 1<< 32) of all 32-bit values comprising
|
|
||||||
the microcode (from Offset up to Offset + Total Size).
|
|
||||||
* "Codenames": list of known CPU codenames associated with the CPUID
|
|
||||||
and Platform ID Mask combination.
|
|
||||||
Please refer to README.cavets, section "Microcode file structure"
|
|
||||||
for additional information regarding microcode header fields.
|
|
||||||
* caveats
|
* caveats
|
||||||
Directory that contains readme files for each specific caveat.
|
Directory that contains readme files for specific caveats.
|
||||||
|
@ -89,75 +89,6 @@ installation or removal of a kernel RPM in order to provide microcode files
|
|||||||
for newly installed kernels and cleanup symlinks for the uninstalled ones.
|
for newly installed kernels and cleanup symlinks for the uninstalled ones.
|
||||||
|
|
||||||
|
|
||||||
Microcode file structure
|
|
||||||
------------------------
|
|
||||||
Intel x86 CPU microcode file (that is, one that can be directly consumed
|
|
||||||
by the CPU/kernel, and not its text representation such as used in microcode.dat
|
|
||||||
files) is a bundle of concatenated microcode blobs. Each blob has a header,
|
|
||||||
payload, and an optional additional data, as follows (for additional information
|
|
||||||
please refer to "Intel® 64 and IA-32 Architectures Software Developer’s Manual"
|
|
||||||
[1], Volume 3A, Section 9.11.1 "Microcode Update"):
|
|
||||||
* Header (48 bytes)
|
|
||||||
* Header version (unsigned 32-bit integer): version number of the update
|
|
||||||
header. Must be 0x1.
|
|
||||||
* Microcode revision (signed 32-bit integer)
|
|
||||||
* Microcode date (unsigned 32-bit integer): encoded as BCD in mmddyyyy format
|
|
||||||
(0x03141592 is 1592-03-14 in ISO 8601)
|
|
||||||
* CPU signature (unsigned 32-bit integer): CPU ID, as provided
|
|
||||||
by the CPUID (EAX = 0x1) instruction in the EAX register:
|
|
||||||
* bits 31..28: reserved
|
|
||||||
* bits 27..20: "Extended Family", summed with the Family field value
|
|
||||||
* bits 19..16: "Extended Model", bits 7..4 of the CPU model
|
|
||||||
* bits 15..14: reserved
|
|
||||||
* bits 13..12: "Processor Type", non-zero value (other than the "primary
|
|
||||||
processor") so far used only for the Deschutes (Pentium II) CPU family,
|
|
||||||
with the processor type of 1, to signify it is an Overdrive processor:
|
|
||||||
CPUID 0x1632.
|
|
||||||
* bits 11..08: Family, summed with the Extended Family field value
|
|
||||||
* bits 07..04: Model (bits 3..0)
|
|
||||||
* bits 03..00: Stepping
|
|
||||||
In short, microcode file with Family-Model-Stepping of uv-wx-0z corresponds
|
|
||||||
to CPUID 0x0TUw0Vxz, where uv = TU + V, with V usually being 0xF when
|
|
||||||
uv >= 16; with Family being 6 on most of recent Intel CPUs this transforms
|
|
||||||
into 0x000w06xz. Please also refer to README.intel-ucode, section "About
|
|
||||||
Processor Signature, Family, Model, Stepping and Platform ID"
|
|
||||||
for additional information.
|
|
||||||
* Checksum (unsigned 32-bit integer): correct if sum (in base 1 << 32) of all
|
|
||||||
the 32-bit integers comprising the microcode amounts to 0.
|
|
||||||
* Loader version (unsigned 32-bit integer): 0x1.
|
|
||||||
* Platform ID mask (unsigned 32-bit integer): lower 8 bits indicate the set
|
|
||||||
of possible values of bits 52..50 of MSR 0x17 ("Platform ID"). In old
|
|
||||||
(up to Pentium II) microcode blobs the mask may be zero.
|
|
||||||
* Data size (unsigned 32-bit integer): size of the Payload in bytes,
|
|
||||||
has to be divisible by 4. 0 means 2000.
|
|
||||||
* Total size (unsigned 32-bit integer): total microcode blob size (including
|
|
||||||
header and extended header), has to be divisible by 1024. 0 means 2048.
|
|
||||||
* Reserved (12 bytes).
|
|
||||||
* Payload
|
|
||||||
* Additional data (optional, 20 + 12 * n bytes)
|
|
||||||
* Extended signature table header (20 bytes)
|
|
||||||
* Extended signature count (unsigned 32-bit integer)
|
|
||||||
* Checksum (unsigned 32-bit integer): correct if sum (in base 1 << 32)
|
|
||||||
of all the 32-bit integers comprising the extender signature table
|
|
||||||
amounts to 0.
|
|
||||||
* Reserved (12 bytes).
|
|
||||||
* Extended signature (12 bytes each)
|
|
||||||
* CPU signature (unsigned 32-bit integer): see the description of the CPU
|
|
||||||
signature field in the Header above.
|
|
||||||
* Platform ID mask (unsigned 32-bit integer): see the description
|
|
||||||
of the Platform ID mask field in the Header above.
|
|
||||||
* Checksum (unsigned 32-bit integer): correct if sum (in base 1<< 32)
|
|
||||||
of all the 32-bit integers comprising the Header (with CPU signature
|
|
||||||
and Platform ID mask fields replaced with the values from this signature)
|
|
||||||
and the Payload amounts to 0. Note that since External signature table
|
|
||||||
header has its own checksum, sum of all its 32-bit values amounts to 0,
|
|
||||||
so the Checksum in the Header and in the Extended signature will be
|
|
||||||
the same if the values of CPU signature and Platform ID mask fields
|
|
||||||
are the same,
|
|
||||||
|
|
||||||
[1] https://software.intel.com/content/www/us/en/develop/download/intel-64-and-ia-32-architectures-sdm-combined-volumes-1-2a-2b-2c-2d-3a-3b-3c-3d-and-4.html
|
|
||||||
|
|
||||||
|
|
||||||
Caveat configuration
|
Caveat configuration
|
||||||
--------------------
|
--------------------
|
||||||
There is a directory for each caveat under
|
There is a directory for each caveat under
|
||||||
@ -225,6 +156,10 @@ separated by white space. Currently, the following options are supported:
|
|||||||
configuration. Argument for the argument is a list of stages ("early",
|
configuration. Argument for the argument is a list of stages ("early",
|
||||||
"late") for which the caveat should be disable. The configuration option
|
"late") for which the caveat should be disable. The configuration option
|
||||||
can be provided multiple times in a configuration file.
|
can be provided multiple times in a configuration file.
|
||||||
|
* "blacklist" is a marker for a start of list of blacklisted model names,
|
||||||
|
one model name per line. The model name of the running CPU (as reported
|
||||||
|
in /proc/cpuinfo) is compared against the names in the provided list, and,
|
||||||
|
if there is a match, caveat check fails.
|
||||||
* "pci_config_val" performs check for specific values in selected parts
|
* "pci_config_val" performs check for specific values in selected parts
|
||||||
of configuration space of specified PCI devices. If "-m" option
|
of configuration space of specified PCI devices. If "-m" option
|
||||||
is not specified, then the actual check is skipped, and the check returns
|
is not specified, then the actual check is skipped, and the check returns
|
||||||
@ -269,9 +204,8 @@ separated by white space. Currently, the following options are supported:
|
|||||||
it fails (in accordance with "mode=success-all" semantics). This check fails
|
it fails (in accordance with "mode=success-all" semantics). This check fails
|
||||||
if "-m" option is not specified.
|
if "-m" option is not specified.
|
||||||
* "dmi" performs checks for specific values available in DMI sysfs files
|
* "dmi" performs checks for specific values available in DMI sysfs files
|
||||||
(present under /sys/devices/virtual/dmi/id/). The check (when it is actually
|
(present under /sys/devices/virtual/dmi/id/). The check fails if file
|
||||||
performed; see a not about "no-model-mode" below) fails if one of the files
|
is not readable. If "-m" option is specified, then the actual check
|
||||||
is not readable. If "-m" option is not specified, then the actual check
|
|
||||||
is skipped, and the check returns value in accordance with "no-model-mode"
|
is skipped, and the check returns value in accordance with "no-model-mode"
|
||||||
parameter value (see below). Check arguments are a white-space-separated
|
parameter value (see below). Check arguments are a white-space-separated
|
||||||
list of "key=value" pairs. The following keys are supported:
|
list of "key=value" pairs. The following keys are supported:
|
||||||
@ -281,30 +215,17 @@ separated by white space. Currently, the following options are supported:
|
|||||||
chassis_type, chassis_vendor, chassis_version, product_family,
|
chassis_type, chassis_vendor, chassis_version, product_family,
|
||||||
product_name, product_serial, product_uuid, product_version, sys_vendor.
|
product_name, product_serial, product_uuid, product_version, sys_vendor.
|
||||||
Default is empty string.
|
Default is empty string.
|
||||||
* "val" - a string to match DMI data present in "key" against.
|
* "val" - a string to match DMI data against. Can be enclosed in single
|
||||||
Can be enclosed in single or double quotes. Default is empty string.
|
or double quotes. Default is empty string.
|
||||||
* "keyval" - a pair of "key" and "val" values (with semantics described
|
* "mode" - check mode, the way matches are interpreted:
|
||||||
above), separated with either "=", ":", "!=", or "!:" characters. Enables
|
|
||||||
providing of multiple key-value pairs by means of supplying multiple
|
|
||||||
keyval= parameters. The exclamation sign ("!") character in separator
|
|
||||||
enables negated matching (so, non-equality of the value in DMI "key" file
|
|
||||||
and the value of "val" is). The match considered successful when all
|
|
||||||
the key/val (non-)equalities are in effect. This parameter works
|
|
||||||
in addition to the pair provided in "key" and "val" parameters
|
|
||||||
(but allows to avoid using them). Default is empty.
|
|
||||||
* "mode" - check mode, the way successful matches are interpreted:
|
|
||||||
* "success-equal" - returns 0 if the value present in the file
|
* "success-equal" - returns 0 if the value present in the file
|
||||||
with the name supplied via the "key" parameter file under
|
with the name supplied via the "key" parameter file under
|
||||||
/sys/devices/virtual/dmi/id/ is equal to the value supplied as a value
|
/sys/devices/virtual/dmi/id/ is equal to the value supplied as a value
|
||||||
of "val" parameter and all the pairs provided in "keyval" parameters
|
of "val" parameter, otherwise 1.
|
||||||
are equal and non-equal in accordance with their definition,
|
* "success-equal" - returns 1 if the value present in the file
|
||||||
otherwise 1.
|
|
||||||
* "fail-equal" - returns 1 if the value present in the file
|
|
||||||
with the name supplied via the "key" parameter file under
|
with the name supplied via the "key" parameter file under
|
||||||
/sys/devices/virtual/dmi/id/ is equal to the value supplied as a value
|
/sys/devices/virtual/dmi/id/ is equal to the value supplied as a value
|
||||||
of "val" parameter and all the pairs provided in "keyval" parameters
|
of "val" parameter, otherwise 0.
|
||||||
are equal and non-equal in accordance with their definition,
|
|
||||||
otherwise 0.
|
|
||||||
Default is "success-any".
|
Default is "success-any".
|
||||||
* "no-model-mode" - return value if model filter ("-m" option)
|
* "no-model-mode" - return value if model filter ("-m" option)
|
||||||
is not enabled:
|
is not enabled:
|
||||||
@ -316,61 +237,6 @@ separated by white space. Currently, the following options are supported:
|
|||||||
It checks file /sys/devices/virtual/dmi/id/bios_vendor and fails if its
|
It checks file /sys/devices/virtual/dmi/id/bios_vendor and fails if its
|
||||||
content is "Dell Inc." (without quotes). It succeeds if "-m" option
|
content is "Dell Inc." (without quotes). It succeeds if "-m" option
|
||||||
is not enabled.
|
is not enabled.
|
||||||
Another example:
|
|
||||||
dmi mode=fail-equal keyval="sys_vendor=Amazon EC2" keyval="product_name=u-18tb1.metal"
|
|
||||||
dmi mode=fail-equal keyval="sys_vendor=Lenovo" keyval="product_name=ThinkSystem SR950"
|
|
||||||
It blocks the caveat from using when either both
|
|
||||||
/sys/devices/virtual/dmi/id/sys_vendor contains the string "Amazon EC2"
|
|
||||||
and /sys/devices/virtual/dmi/id/product_name contains the string
|
|
||||||
"u-18tb1.metal" or both /sys/devices/virtual/dmi/id/sys_vendor contains
|
|
||||||
the string "Lenovo" and /sys/devices/virtual/dmi/id/product_name contains
|
|
||||||
the string "ThinkSystem SR950", but enables caveat loading for other products
|
|
||||||
with the aforementioned /sys/devices/virtual/dmi/id/sys_vendor values,
|
|
||||||
for example.
|
|
||||||
* "dependency" allows conditional enablement of a caveat based on the check
|
|
||||||
status of some other caveat(s). It has the following format:
|
|
||||||
dependency DEPENDENCY_TYPE DEPENDENCY_NAME [OPTION...]
|
|
||||||
where DEPENDENCY_NAME is the configuration to be checked, OPTIONs
|
|
||||||
are per-DEPENDENCY_TYPE, and the only DEPENDENCY_TYPE that is supported
|
|
||||||
currently is "required".
|
|
||||||
Options for the "required" dependency type:
|
|
||||||
* "match-model-mode" - whether model matching mode ("-m" option)
|
|
||||||
has to be used for the nested configuration check. Possible values:
|
|
||||||
* "on" - model-matching mode is always used during the nested check;
|
|
||||||
* "off" - model-matching mode is never used during the nested check;
|
|
||||||
* "same" - used the same model-matching mode as it is now.
|
|
||||||
Default is "same".
|
|
||||||
* "skip" - controls result of the check when the nested check indicated
|
|
||||||
skipping of the configuration.
|
|
||||||
* "fail" - the dependent check fails;
|
|
||||||
* "success" - the dependent check succeeds;
|
|
||||||
* "skip" - the dependent check indicates that the configuration
|
|
||||||
is to be skipped.
|
|
||||||
Default is "skip".
|
|
||||||
* "force-skip" - controls result of the check when the nested check
|
|
||||||
indicated skipping of the configuration caused by the presence
|
|
||||||
of an override file (see "check_caveats script" section for details).
|
|
||||||
* "fail" - the dependent check fails;
|
|
||||||
* "success" - the dependent check succeeds;
|
|
||||||
* "skip" - the dependent check indicates that the configuration
|
|
||||||
is to be skipped.
|
|
||||||
Default is "skip".
|
|
||||||
* "nesting-too-deep" - as a measure against dependency loop, configuration
|
|
||||||
checking logic implements nesting limit on dependency checks (currently
|
|
||||||
set at 8). This option controls the behaviour of the check
|
|
||||||
when the nested check cannot be performed due to this limit.
|
|
||||||
* "fail" - the dependent check fails;
|
|
||||||
* "success" - the dependent check succeeds;
|
|
||||||
* "skip" - the dependent check indicates that the configuration
|
|
||||||
is to be skipped.
|
|
||||||
Default is "fail".
|
|
||||||
An example of a check:
|
|
||||||
dependency required intel skip=success match-model-mode=off
|
|
||||||
It checks "intel" caveat configuration (see the "Early microcode load
|
|
||||||
inside a virtual machine" section) with model-matching mode being disabled,
|
|
||||||
treats skipping of the configuration as a success (unless the configuration
|
|
||||||
is forced to be skipped, in that case the dependent configuration
|
|
||||||
is to be skipped as well).
|
|
||||||
|
|
||||||
|
|
||||||
check_caveats script
|
check_caveats script
|
||||||
@ -607,8 +473,6 @@ Caveat name: intel-06-4f-01
|
|||||||
|
|
||||||
Affected microcode: intel-ucode/06-4f-01.
|
Affected microcode: intel-ucode/06-4f-01.
|
||||||
|
|
||||||
Dependencies: intel
|
|
||||||
|
|
||||||
Mitigation: microcode loading is disabled for the affected CPU model.
|
Mitigation: microcode loading is disabled for the affected CPU model.
|
||||||
|
|
||||||
Minimum versions of the kernel package that contain the aforementioned patch
|
Minimum versions of the kernel package that contain the aforementioned patch
|
||||||
@ -637,8 +501,6 @@ Caveat name: intel
|
|||||||
|
|
||||||
Affected microcode: all.
|
Affected microcode: all.
|
||||||
|
|
||||||
Dependencies: (none)
|
|
||||||
|
|
||||||
Mitigation: early microcode loading is disabled for all CPU models on kernels
|
Mitigation: early microcode loading is disabled for all CPU models on kernels
|
||||||
without the fix.
|
without the fix.
|
||||||
|
|
||||||
@ -675,8 +537,6 @@ Caveat name: intel-06-2d-07
|
|||||||
|
|
||||||
Affected microcode: intel-ucode/06-2d-07.
|
Affected microcode: intel-ucode/06-2d-07.
|
||||||
|
|
||||||
Dependencies: intel
|
|
||||||
|
|
||||||
Mitigation: None; the latest revision of the microcode file is used by default;
|
Mitigation: None; the latest revision of the microcode file is used by default;
|
||||||
previously published microcode revision 0x714 is still available as a fallback
|
previously published microcode revision 0x714 is still available as a fallback
|
||||||
as part of "intel" caveat.
|
as part of "intel" caveat.
|
||||||
@ -706,64 +566,35 @@ Caveat name: intel-06-55-04
|
|||||||
|
|
||||||
Affected microcode: intel-ucode/06-55-04.
|
Affected microcode: intel-ucode/06-55-04.
|
||||||
|
|
||||||
Dependencies: intel
|
|
||||||
|
|
||||||
Mitigation: None; the latest revision of the microcode file is used by default;
|
Mitigation: None; the latest revision of the microcode file is used by default;
|
||||||
previously published microcode revision 0x2000064 is still available
|
previously published microcode revision 0x2000064 is still available
|
||||||
as a fallback as part of "intel" caveat.
|
as a fallback as part of "intel" caveat.
|
||||||
|
|
||||||
|
|
||||||
Intel Skylake-U/Y caveat
|
Intel Skylake-U/Y/H/S/Xeon E3 v5 caveats
|
||||||
------------------------
|
----------------------------------------
|
||||||
Some Intel Skylake CPU models (SKL-U/Y, family 6, model 78, stepping 3)
|
Some Intel Skylake CPU models (SKL-U/Y, family 6, model 78, stepping 3;
|
||||||
have reports of system hangs when revision 0xdc of microcode, that is included
|
and SKL-H/S/Xeon E3 v5, family 6, model 94, stepping 3) have reports of system
|
||||||
in microcode-20200609 update to address CVE-2020-0543, CVE-2020-0548,
|
hangs when revision 0xdc of microcode, that is included in microcode-20200609
|
||||||
and CVE-2020-0549, is applied[1]. In order to address this, microcode update
|
update to address CVE-2020-0543, CVE-2020-0548, and CVE-2020-0549,
|
||||||
to the newer revision has been disabled by default on these systems,
|
is applied[1][2]. In order to address this, microcode update to the newer
|
||||||
and the previously published microcode revision 0xd6 is used instead; the newer
|
revision has been disabled by default on these systems, and the previously
|
||||||
microcode files, however, are still shipped as part of microcode_ctl package
|
published microcode revision 0xd6 is used instead; the newer microcode files,
|
||||||
and can be used for performing a microcode update if they are enforced
|
however, are still shipped as part of microcode_ctl package and can be used
|
||||||
via the aforementioned overrides. (See the sections "check_caveats script"
|
for performing a microcode update if they are enforced via the aforementioned
|
||||||
and "reload_microcode script" for details.)
|
overrides. (See the sections "check_caveats script" and "reload_microcode
|
||||||
|
script" for details.)
|
||||||
|
|
||||||
[1] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31
|
[1] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31
|
||||||
|
[2] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31#issuecomment-644885826
|
||||||
|
|
||||||
Caveat name: intel-06-4e-03
|
Caveat names: intel-06-4e-03, intel-06-5e-03
|
||||||
|
|
||||||
Affected microcode: intel-ucode/06-4e-03
|
Affected microcode: intel-ucode/06-4e-03, intel-ucode/06-5e-03.
|
||||||
|
|
||||||
Dependencies: intel
|
|
||||||
|
|
||||||
Mitigation: previously published microcode revision 0xd6 is used by default.
|
Mitigation: previously published microcode revision 0xd6 is used by default.
|
||||||
|
|
||||||
|
|
||||||
Intel Skylake-H/S/Xeon E3 v5 caveat
|
|
||||||
-----------------------------------
|
|
||||||
Some Intel Skylake CPU models (SKL-H/S/Xeon E3 v5, family 6, model 94,
|
|
||||||
stepping 3) had reports of system hangs when revision 0xdc of microcode,
|
|
||||||
that is included in microcode-20200609 update to address CVE-2020-0543,
|
|
||||||
CVE-2020-0548, and CVE-2020-0549, was applied[1]. In order to address this,
|
|
||||||
microcode update to the newer revision had been disabled by default on these
|
|
||||||
systems, and the previously published microcode revision 0xd6 was used instead.
|
|
||||||
The revision 0xea seems[2] to have fixed the aforementioned issue, hence
|
|
||||||
the latest microcode revision usage it is enabled by default,
|
|
||||||
but can be disabled explicitly via the aforementioned overrides. (See
|
|
||||||
the sections "check_caveats script" and "reload_microcode script" for details.)
|
|
||||||
|
|
||||||
[1] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31#issuecomment-644885826
|
|
||||||
[2] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31#issuecomment-857806014
|
|
||||||
|
|
||||||
Caveat names: intel-06-5e-03
|
|
||||||
|
|
||||||
Affected microcode: intel-ucode/06-5e-03.
|
|
||||||
|
|
||||||
Dependencies: intel
|
|
||||||
|
|
||||||
Mitigation: None; the latest revision of the microcode file is used by default;
|
|
||||||
previously published microcode revision 0xd6 is still available as a fallback
|
|
||||||
as part of "intel" caveat.
|
|
||||||
|
|
||||||
|
|
||||||
Dell caveats
|
Dell caveats
|
||||||
------------
|
------------
|
||||||
Some Dell systems that use some models of Intel CPUs are susceptible to hangs
|
Some Dell systems that use some models of Intel CPUs are susceptible to hangs
|
||||||
@ -792,8 +623,6 @@ Affected microcode: intel-ucode/06-8e-09, intel-ucode/06-8e-0a,
|
|||||||
intel-ucode/06-9e-0b, intel-ucode/06-9e-0c,
|
intel-ucode/06-9e-0b, intel-ucode/06-9e-0c,
|
||||||
intel-ucode/06-9e-0d.
|
intel-ucode/06-9e-0d.
|
||||||
|
|
||||||
Dependencies: intel
|
|
||||||
|
|
||||||
Mitigation: previously published microcode revision 0xac/0xb4/0xb8 is used
|
Mitigation: previously published microcode revision 0xac/0xb4/0xb8 is used
|
||||||
by default if /sys/devices/virtual/dmi/id/bios_vendor reports
|
by default if /sys/devices/virtual/dmi/id/bios_vendor reports
|
||||||
"Dell Inc."; otherwise, the latest microcode revision is used.
|
"Dell Inc."; otherwise, the latest microcode revision is used.
|
||||||
@ -804,12 +633,12 @@ Mitigation: previously published microcode revision 0xac/0xb4/0xb8 is used
|
|||||||
Intel Tiger Lake-UP3/UP4 caveat
|
Intel Tiger Lake-UP3/UP4 caveat
|
||||||
-------------------------------
|
-------------------------------
|
||||||
Some systems with Intel Tiger Lake-UP3/UP4 CPUs (TGL, family 6, model 140,
|
Some systems with Intel Tiger Lake-UP3/UP4 CPUs (TGL, family 6, model 140,
|
||||||
stepping 1) had reports of system hangs when a microcode update,
|
stepping 1) have reports of system hangs when a microcode update,
|
||||||
that was included since microcode-20201110 release, was applied[1].
|
that is included since microcode-20201110 release, is applied[1].
|
||||||
In order to address this, microcode update to a newer revision had been disabled
|
In order to address this, microcode update to a newer revision has been disabled
|
||||||
by default on these systems. The revision 0x88 seems to have fixed
|
by default on these systems; the newer microcode file, however, is still shipped
|
||||||
the aforementioned issue, hence it is enabled by default; however, it is still
|
as a part of microcode_ctl package and can be used for performing a microcode
|
||||||
can be disabled via the aforementioned overrides. (See the sections
|
update if it is enforced via the aforementioned overrides. (See the sections
|
||||||
"check_caveats script" and "reload_microcode script" for details.)
|
"check_caveats script" and "reload_microcode script" for details.)
|
||||||
|
|
||||||
[1] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/44
|
[1] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/44
|
||||||
@ -818,9 +647,7 @@ Caveat names: intel-06-8c-01
|
|||||||
|
|
||||||
Affected microcode: intel-ucode/06-8c-01.
|
Affected microcode: intel-ucode/06-8c-01.
|
||||||
|
|
||||||
Dependencies: intel
|
Mitigation: microcode loading is disabled for the affected CPU model.
|
||||||
|
|
||||||
Mitigation: None; the latest revision of the microcode file is used by default.
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@ -855,24 +682,3 @@ Intel CPU vulnerabilities is available in the following knowledge base articles:
|
|||||||
CVE-2020-8696 (Vector Register Leakage-Active),
|
CVE-2020-8696 (Vector Register Leakage-Active),
|
||||||
CVE-2020-8698 (Fast Forward Store Predictor):
|
CVE-2020-8698 (Fast Forward Store Predictor):
|
||||||
https://access.redhat.com/articles/5569051
|
https://access.redhat.com/articles/5569051
|
||||||
* CVE-2020-24489 (VT-d-related Privilege Escalation),
|
|
||||||
CVE-2020-24511 (Improper Isolation of Shared Resources),
|
|
||||||
CVE-2020-24512 (Observable Timing Discrepancy),
|
|
||||||
CVE-2020-24513 (Information Disclosure on Some Intel Atom Processors):
|
|
||||||
https://access.redhat.com/articles/6101171
|
|
||||||
* CVE-2021-0127 (Intel Processor Breakpoint Control Flow),
|
|
||||||
CVE-2021-0145 (Fast store forward predictor - Cross Domain Training),
|
|
||||||
CVE-2021-0146 (VT-d-related Privilege Escalation),
|
|
||||||
CVE-2021-33120 (Out of bounds read for some Intel Atom processors):
|
|
||||||
https://access.redhat.com/articles/6716541
|
|
||||||
* CVE-2022-0005 (Informational disclosure via JTAG),
|
|
||||||
CVE-2022-21123 (Shared Buffers Data Read),
|
|
||||||
CVE-2022-21125 (Shared Buffers Data Sampling),
|
|
||||||
CVE-2022-21127 (Update to Special Register Buffer Data Sampling),
|
|
||||||
CVE-2022-21131 (Protected Processor Inventory Number (PPIN) access protection),
|
|
||||||
CVE-2022-21136 (Overclocking service access protection),
|
|
||||||
CVE-2022-21151 (Optimization Removal-Induced Informational Disclosure),
|
|
||||||
CVE-2022-21166 (Device Register Partial Write):
|
|
||||||
https://access.redhat.com/articles/6963124
|
|
||||||
* CVE-2022-21233 (Stale Data Read from legacy xAPIC):
|
|
||||||
https://access.redhat.com/articles/6976398
|
|
||||||
|
@ -5,14 +5,10 @@
|
|||||||
#
|
#
|
||||||
# SPDX-License-Identifier: CC0-1.0
|
# SPDX-License-Identifier: CC0-1.0
|
||||||
|
|
||||||
export LC_ALL=C
|
|
||||||
|
|
||||||
: ${MC_CAVEATS_DATA_DIR=/usr/share/microcode_ctl/ucode_with_caveats}
|
: ${MC_CAVEATS_DATA_DIR=/usr/share/microcode_ctl/ucode_with_caveats}
|
||||||
: ${FW_DIR=/lib/firmware}
|
: ${FW_DIR=/lib/firmware}
|
||||||
: ${CFG_DIR=/etc/microcode_ctl/ucode_with_caveats}
|
: ${CFG_DIR=/etc/microcode_ctl/ucode_with_caveats}
|
||||||
|
|
||||||
MAX_NESTING_LEVEL=8
|
|
||||||
|
|
||||||
usage() {
|
usage() {
|
||||||
echo 'Usage: check_caveats [-d] [-e] [-k TARGET_KVER] [-c CONFIG]'
|
echo 'Usage: check_caveats [-d] [-e] [-k TARGET_KVER] [-c CONFIG]'
|
||||||
echo ' [-m] [-v]'
|
echo ' [-m] [-v]'
|
||||||
@ -169,7 +165,7 @@ check_pci_config_val()
|
|||||||
local checked=0 matched=0 path=''
|
local checked=0 matched=0 path=''
|
||||||
local dev_path dev_vid dev_did dev_val
|
local dev_path dev_vid dev_did dev_val
|
||||||
local opts="${1:-}"
|
local opts="${1:-}"
|
||||||
local match_model="${2:-0}"
|
local match_model="${2:0}"
|
||||||
|
|
||||||
set -- $1
|
set -- $1
|
||||||
while [ "$#" -gt 0 ]; do
|
while [ "$#" -gt 0 ]; do
|
||||||
@ -265,7 +261,7 @@ check_pci_config_val()
|
|||||||
# It is needed for filtering by BIOS vendor name that is available in DMI data
|
# It is needed for filtering by BIOS vendor name that is available in DMI data
|
||||||
#
|
#
|
||||||
# $1 - params in config file, space-separated, in key=value form:
|
# $1 - params in config file, space-separated, in key=value form:
|
||||||
# key= - DMI data record to check. Can be one of the following: bios_date,
|
# key= - DMI value to check. Can be one of the following: bios_date,
|
||||||
# bios_vendor, bios_version, board_asset_tag, board_name, board_serial,
|
# bios_vendor, bios_version, board_asset_tag, board_name, board_serial,
|
||||||
# board_vendor, board_version, chassis_asset_tag, chassis_serial,
|
# board_vendor, board_version, chassis_asset_tag, chassis_serial,
|
||||||
# chassis_type, chassis_vendor, chassis_version, product_family,
|
# chassis_type, chassis_vendor, chassis_version, product_family,
|
||||||
@ -273,33 +269,26 @@ check_pci_config_val()
|
|||||||
# sys_vendor.
|
# sys_vendor.
|
||||||
# val= - a string to match DMI data against. Can be enclosed in single
|
# val= - a string to match DMI data against. Can be enclosed in single
|
||||||
# or double quotes.
|
# or double quotes.
|
||||||
# keyval= - a string of format "KEY(!)?[=:]VAL" (so, one of "KEY=VAL",
|
|
||||||
# "KEY!=VAL", "KEY:VAL", "KEY!:VAL") that allows providing
|
|
||||||
# a key-value pair in a single parameter. It is possible to provide
|
|
||||||
# multiple keyval= parameters. "!" before :/= means negated match.
|
|
||||||
# The action supplied in the mode= parameter is executed upon
|
|
||||||
# successful (non-)matching of all the keyval pairs (as well
|
|
||||||
# as the pair provided in a pair of key= and val= parameters).
|
|
||||||
# mode=success-equal [ success-equal, fail-equal ] - matching mode:
|
# mode=success-equal [ success-equal, fail-equal ] - matching mode:
|
||||||
# success-equal: Returns 0 if the all values present in the corresponding
|
# success-equal: Returns 0 if the value present in the corresponding file
|
||||||
# files under /sys/devices/virtual/dmi/id/<KEY> are equal
|
# under /sys/devices/virtual/dmi/id/<key> is equal
|
||||||
# (or not equal in case of a keyval= with negated match)
|
# to the value supplied as a value of "val" parameter,
|
||||||
# to the respective values supplied as the values
|
# otherwise 1.
|
||||||
# of the keyval= parameters or the pair of key= vand val=
|
# fail-equal: Returns 1 if the value present in the corresponding file
|
||||||
# parameters, otherwise 1.
|
# under /sys/devices/virtual/dmi/id/<key> is equal
|
||||||
# fail-equal: Returns 1 if all the values present in DMI files in sysfs
|
# to the value supplied as a value of "val" parameter,
|
||||||
# match (as described above), otherwise 0.
|
# otherwise 0.
|
||||||
# no-model-mode=success [ success, fail ] - return value if model filter
|
# no-model-mode=success [ success, fail ] - return value if model filter
|
||||||
# is not enabled:
|
# is not enabled:
|
||||||
# success: Return 0.
|
# success: Return 0.
|
||||||
# fail: Return 1.
|
# fail: Return 1.
|
||||||
# $2 - whether model filter is engaged (if it is not '1', just return the result
|
# $2 - whether model filter is engaged (if it is not '1', just return the result
|
||||||
# based on "no-model-mode" value).
|
# based on "mode" value that assumes that the check has failed).
|
||||||
check_dmi_val()
|
check_dmi_val()
|
||||||
{
|
{
|
||||||
local key= val= keyval= keyvals= mode='success-equal' nm_mode='success'
|
local key= val= mode='success-equal' nm_mode='success'
|
||||||
local opts="${1:-}" opt= opt_=
|
local opts="${1:-}" opt= opt_=
|
||||||
local match_model="${2:-0}"
|
local match_model="${2:0}"
|
||||||
|
|
||||||
local valid_keys=" bios_date bios_vendor bios_version board_asset_tag board_name board_serial board_vendor board_version chassis_asset_tag chassis_serial chassis_type chassis_vendor chassis_version product_family product_name product_serial product_uuid product_version sys_vendor "
|
local valid_keys=" bios_date bios_vendor bios_version board_asset_tag board_name board_serial board_vendor board_version chassis_asset_tag chassis_serial chassis_type chassis_vendor chassis_version product_family product_name product_serial product_uuid product_version sys_vendor "
|
||||||
local success=1
|
local success=1
|
||||||
@ -316,44 +305,21 @@ check_dmi_val()
|
|||||||
# Handle possible quoting
|
# Handle possible quoting
|
||||||
[ "x${opt#val=}" = "x${opt}" ] || {
|
[ "x${opt#val=}" = "x${opt}" ] || {
|
||||||
case "${opt#val=}" in
|
case "${opt#val=}" in
|
||||||
[\']*) opt_="${opts#val=\'}"; val="${opt_%%\'*}"; opt="val='${val}'" ;;
|
[']*) opt_="${opts#val=\'}"; val="${opt_%%\'*}"; opt="val=\'${val}\'" ;;
|
||||||
[\"]*) opt_="${opts#val=\"}"; val="${opt_%%\"*}"; opt="val=\"${val}\"" ;;
|
["]*) opt_="${opts#val=\"}"; val="${opt_%%\"*}"; opt="val=\"${val}\"" ;;
|
||||||
*) val="${opt#val=}" ;;
|
*) val="${opt#val=}" ;;
|
||||||
esac
|
esac
|
||||||
}
|
}
|
||||||
[ "x${opt#keyval=}" = "x${opt}" ] || {
|
|
||||||
case "${opt#keyval=}" in
|
|
||||||
[\']*)
|
|
||||||
opt_="${opts#keyval=\'}"
|
|
||||||
keyval="${opt_%%\'*}"
|
|
||||||
opt="keyval='${keyval}'"
|
|
||||||
keyvals="${keyvals}
|
|
||||||
${keyval}"
|
|
||||||
;;
|
|
||||||
[\"]*)
|
|
||||||
opt_="${opts#keyval=\"}"
|
|
||||||
keyval="${opt_%%\"*}"
|
|
||||||
opt="keyval=\"${keyval}\""
|
|
||||||
keyvals="${keyvals}
|
|
||||||
${keyval}"
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
keyvals="${keyvals}
|
|
||||||
${opt#keyval=}"
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
}
|
|
||||||
|
|
||||||
opts="${opts#"${opt}"}"
|
opts="${opts#"${opt}"}"
|
||||||
continue
|
continue
|
||||||
done
|
done
|
||||||
|
|
||||||
[ -z "$key" -a -z "$val" ] || keyvals="${key}=${val}${keyvals}"
|
# Check key for validity
|
||||||
|
[ "x${valid_keys#* ${key} *}" != "x${valid_keys}" ] || {
|
||||||
[ -n "x${keyvals}" ] || {
|
debug "Invalid \"key\" parameter value: \"${key}\""
|
||||||
debug "Neither key=, val=, nor keyval= parameters were privoded"
|
|
||||||
echo 2
|
echo 2
|
||||||
return
|
exit
|
||||||
}
|
}
|
||||||
|
|
||||||
[ 1 = "$match_model" ] || {
|
[ 1 = "$match_model" ] || {
|
||||||
@ -366,171 +332,23 @@ check_dmi_val()
|
|||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
return
|
exit
|
||||||
}
|
}
|
||||||
|
|
||||||
|
[ -r "/sys/devices/virtual/dmi/id/${key}" ] || {
|
||||||
|
debug "Can't access /sys/devices/virtual/dmi/id/${key}"
|
||||||
|
echo 3
|
||||||
|
exit
|
||||||
|
}
|
||||||
|
|
||||||
|
file_val="$(cat "/sys/devices/virtual/dmi/id/${key}")"
|
||||||
|
|
||||||
|
[ "x${val}" = "x${file_val}" ] || success=0
|
||||||
|
|
||||||
case "$mode" in
|
case "$mode" in
|
||||||
success-equal|fail-equal) ;;
|
success-equal) echo "$((1 - $success))" ;;
|
||||||
*) debug "Invalid mode value: \"${nm_mode}\""; echo 2; return ;;
|
fail-equal) echo "${success}" ;;
|
||||||
esac
|
*) debug "Invalid mode value: \"${nm_mode}\""; echo 2 ;;
|
||||||
|
|
||||||
printf "%s\n" "${keyvals}" | (
|
|
||||||
while read l; do
|
|
||||||
[ -n "$l" ] || continue
|
|
||||||
key="${l%%[=:]*}"
|
|
||||||
val="${l#${key}[=:]}"
|
|
||||||
|
|
||||||
cmp="="
|
|
||||||
[ "x${key%!}" = "x${key}" ] || {
|
|
||||||
cmp="!="
|
|
||||||
key="${key%!}"
|
|
||||||
}
|
|
||||||
|
|
||||||
# Check key for validity
|
|
||||||
[ "x${valid_keys#* ${key} *}" != "x${valid_keys}" ] || {
|
|
||||||
debug "Invalid \"key\" parameter value: \"${key}\""
|
|
||||||
echo 2
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
[ -r "/sys/devices/virtual/dmi/id/${key}" ] || {
|
|
||||||
debug "Can't access /sys/devices/virtual/dmi/id/${key}"
|
|
||||||
echo 3
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
file_val="$(/bin/cat "/sys/devices/virtual/dmi/id/${key}")"
|
|
||||||
|
|
||||||
[ "x${val}" "${cmp}" "x${file_val}" ] || {
|
|
||||||
case "$mode" in
|
|
||||||
success-equal) echo 1 ;;
|
|
||||||
fail-equal) echo 0 ;;
|
|
||||||
esac
|
|
||||||
|
|
||||||
return
|
|
||||||
}
|
|
||||||
done
|
|
||||||
|
|
||||||
case "$mode" in
|
|
||||||
success-equal) echo 0 ;;
|
|
||||||
fail-equal) echo 1 ;;
|
|
||||||
esac
|
|
||||||
)
|
|
||||||
}
|
|
||||||
|
|
||||||
# check_dependency CURLEVEL DEP_TYPE DEP_NAME OPTS
|
|
||||||
# DEP_TYPE:
|
|
||||||
# required - caveat can be enabled only if dependency is enabled
|
|
||||||
# (is not forcefully disabled and meets caveat conditions)
|
|
||||||
# OPTS:
|
|
||||||
# match-model-mode=same [ on, off, same ] - what mode matching mode is to be used for dependency
|
|
||||||
# skip=skip [ fail, skip, success ]
|
|
||||||
# force-skip=skip [ fail, skip, success ]
|
|
||||||
# nesting-too-deep=fail [ fail, skip, success ]
|
|
||||||
# Return values:
|
|
||||||
# 0 - success
|
|
||||||
# 1 - fail
|
|
||||||
# 2 - skip
|
|
||||||
# 9 - error
|
|
||||||
check_dependency()
|
|
||||||
{
|
|
||||||
local cur_level="$1"
|
|
||||||
local dep_type="$2"
|
|
||||||
local dep_name="$3"
|
|
||||||
local match_model_mode=same old_match_model="${match_model}"
|
|
||||||
local skip=skip
|
|
||||||
local force_skip=skip
|
|
||||||
local nesting_too_deep=fail
|
|
||||||
|
|
||||||
local check="Dependency check for ${dep_type} ${dep_name}"
|
|
||||||
|
|
||||||
set -- ${4:-}
|
|
||||||
while [ "$#" -gt 0 ]; do
|
|
||||||
[ "x${1#match-model-mode=}" = "x${1}" ] || match_model_mode="${1#match-model-mode=}"
|
|
||||||
[ "x${1#skip=}" = "x${1}" ] || skip="${1#skip=}"
|
|
||||||
[ "x${1#force-skip=}" = "x${1}" ] || force_skip="${1#force-skip=}"
|
|
||||||
[ "x${1#nesting-too-deep=}" = "x${1}" ] || nesting_too_deep="${1#nesting-too-deep=}"
|
|
||||||
|
|
||||||
shift
|
|
||||||
done
|
|
||||||
|
|
||||||
case "${dep_type}" in
|
|
||||||
required)
|
|
||||||
[ "x${dep_name%/*}" = "x${dep_name}" ] || {
|
|
||||||
debug "${check} error: dependency name (${dep_name})" \
|
|
||||||
"cannot contain slashes"
|
|
||||||
echo 9
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
[ "${MAX_NESTING_LEVEL}" -ge "$cur_level" ] || {
|
|
||||||
local reason="nesting level is too deep (${cur_level}) and nesting-too-deep='${nesting_too_deep}'"
|
|
||||||
|
|
||||||
case "$nesting_too_deep" in
|
|
||||||
success) debug "${check} succeeded: ${reason}"; echo 0 ;;
|
|
||||||
fail) debug "${check} failed: ${reason}"; echo 1 ;;
|
|
||||||
skip) debug "${check} skipped: ${reason}"; echo 2 ;;
|
|
||||||
*) debug "${check} error: invalid" \
|
|
||||||
"nesting-too-deep mode" \
|
|
||||||
"(${nesting_too_deep})"; echo 9 ;;
|
|
||||||
esac
|
|
||||||
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
case "${match_model_mode}" in
|
|
||||||
same) ;;
|
|
||||||
on) match_model=1 ;;
|
|
||||||
off) match_model=0 ;;
|
|
||||||
*)
|
|
||||||
debug "${check} error: invalid match-model-mode" \
|
|
||||||
"(${match_model_mode})"
|
|
||||||
echo 9
|
|
||||||
return
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
|
|
||||||
local result=0
|
|
||||||
debug "${check}: calling check_caveat '${dep_name}'" \
|
|
||||||
"'$(($cur_level + 1))' match_model=${match_model}"
|
|
||||||
check_caveat "${dep_name}" "$(($cur_level + 1))" > /dev/null || result="$?"
|
|
||||||
|
|
||||||
match_model="${old_match_model}"
|
|
||||||
|
|
||||||
case "${result}" in
|
|
||||||
0) debug "${check} succeeded: result=${result}"; echo "${result}" ;;
|
|
||||||
1) debug "${check} failed: result=${result}"; echo "${result}" ;;
|
|
||||||
2)
|
|
||||||
local reason="result=${result} and skip='${skip}'"
|
|
||||||
|
|
||||||
case "${skip}" in
|
|
||||||
success) debug "${check} succeeded: ${reason}"; echo 0 ;;
|
|
||||||
fail) debug "${check} failed: ${reason}"; echo 1 ;;
|
|
||||||
skip) debug "${check} skipped: ${reason}"; echo 2 ;;
|
|
||||||
*) debug "${check} error: unexpected skip=" \
|
|
||||||
"setting (${skip})"; echo 9 ;;
|
|
||||||
esac
|
|
||||||
;;
|
|
||||||
3)
|
|
||||||
local reason="result=${result} and force_skip='${force_skip}'"
|
|
||||||
|
|
||||||
case "${force_skip}" in
|
|
||||||
success) debug "${check} succeeded: ${reason}"; echo 0 ;;
|
|
||||||
fail) debug "${check} failed: ${reason}"; echo 1 ;;
|
|
||||||
skip) debug "${check} skipped: ${reason}"; echo 2 ;;
|
|
||||||
*) debug "${check} error: unexpected force-skip=" \
|
|
||||||
"setting (${skip})"; echo 9 ;;
|
|
||||||
esac
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
debug "${check} error: unexpected check_caveat result" \
|
|
||||||
"(${result})"; echo 9 ;;
|
|
||||||
esac
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
debug "${check} error: unknown dependency type '${dep_type}'"
|
|
||||||
echo 9
|
|
||||||
;;
|
|
||||||
esac
|
esac
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -568,12 +386,6 @@ get_mc_path()
|
|||||||
AuthenticAMD)
|
AuthenticAMD)
|
||||||
echo "amd-ucode/$2"
|
echo "amd-ucode/$2"
|
||||||
;;
|
;;
|
||||||
*)
|
|
||||||
# We actually only support Intel ucode, but things may break
|
|
||||||
# if nothing is printed (input would be gotten from stdin
|
|
||||||
# otherwise).
|
|
||||||
echo "invalid"
|
|
||||||
;;
|
|
||||||
esac
|
esac
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -582,6 +394,19 @@ get_mc_ver()
|
|||||||
/bin/sed -rn '1,/^$/s/^microcode[[:space:]]*: (.*)$/\1/p' /proc/cpuinfo
|
/bin/sed -rn '1,/^$/s/^microcode[[:space:]]*: (.*)$/\1/p' /proc/cpuinfo
|
||||||
}
|
}
|
||||||
|
|
||||||
|
fail()
|
||||||
|
{
|
||||||
|
ret=1
|
||||||
|
|
||||||
|
fail_cfgs="$fail_cfgs $cfg"
|
||||||
|
fail_paths="$fail_paths $cfg_path"
|
||||||
|
|
||||||
|
[ 0 -eq "$print_disclaimers" ] || [ ! -e "${dir}/disclaimer" ] \
|
||||||
|
|| /bin/cat "${dir}/disclaimer"
|
||||||
|
}
|
||||||
|
|
||||||
|
#check_kver "$@"
|
||||||
|
#get_model_name
|
||||||
|
|
||||||
match_model=0
|
match_model=0
|
||||||
configs=
|
configs=
|
||||||
@ -642,44 +467,34 @@ else
|
|||||||
stage="late"
|
stage="late"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# check_caveat CFG [CHECK_LEVEL]
|
|
||||||
# changes ret_paths, ok_paths, fail_paths, ret_cfgs, ok_cfgs, fail_cfgs,
|
for cfg in $(echo "${configs}"); do
|
||||||
# skip_cfgs if CHECK_LEVEL is set to 0 (default).
|
dir="$MC_CAVEATS_DATA_DIR/$cfg"
|
||||||
# CHECK_LEVEL is used for recursive configuration dependency checks,
|
|
||||||
# and indicates nesting level.
|
# We add cfg to the skip list first and then, if we do not skip it,
|
||||||
# Return value:
|
# we remove the configuration from the list.
|
||||||
# 0 - check is successful
|
skip_cfgs="$skip_cfgs $cfg"
|
||||||
# 1 - check has been failed
|
|
||||||
# 2 - configuration has been skipped
|
|
||||||
# 3 - configuration has been skipped due to presence of an override file
|
|
||||||
check_caveat() {
|
|
||||||
local cfg="$1"
|
|
||||||
local check_level="${2:-0}"
|
|
||||||
local dir="$MC_CAVEATS_DATA_DIR/$cfg"
|
|
||||||
|
|
||||||
[ -r "${dir}/readme" ] || {
|
[ -r "${dir}/readme" ] || {
|
||||||
debug "File 'readme' in ${dir} is not found, skipping"
|
debug "File 'readme' in ${dir} is not found, skipping"
|
||||||
return 2
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
[ -r "${dir}/config" ] || {
|
[ -r "${dir}/config" ] || {
|
||||||
debug "File 'config' in ${dir} is not found, skipping"
|
debug "File 'config' in ${dir} is not found, skipping"
|
||||||
return 2
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
local cfg_model=
|
cfg_model=
|
||||||
local cfg_vendor=
|
cfg_vendor=
|
||||||
local cfg_path=
|
cfg_path=
|
||||||
local cfg_kvers=
|
cfg_kvers=
|
||||||
local cfg_kvers_early=
|
cfg_kvers_early=
|
||||||
local cfg_mc_min_ver_late=
|
cfg_blacklist=
|
||||||
local cfg_disable=
|
cfg_mc_min_ver_late=
|
||||||
local cfg_pci=
|
cfg_disable=
|
||||||
local cfg_dmi=
|
cfg_pci=
|
||||||
local cfg_dependency=
|
cfg_dmi=
|
||||||
|
|
||||||
local key
|
|
||||||
local value
|
|
||||||
|
|
||||||
while read -r key value; do
|
while read -r key value; do
|
||||||
case "$key" in
|
case "$key" in
|
||||||
@ -704,6 +519,13 @@ check_caveat() {
|
|||||||
disable)
|
disable)
|
||||||
cfg_disable="$cfg_disable $value "
|
cfg_disable="$cfg_disable $value "
|
||||||
;;
|
;;
|
||||||
|
blacklist)
|
||||||
|
cfg_blacklist=1
|
||||||
|
# "blacklist" is special: it stops entity parsing,
|
||||||
|
# and the rest of file is a list of blacklisted model
|
||||||
|
# names.
|
||||||
|
break
|
||||||
|
;;
|
||||||
pci_config_val)
|
pci_config_val)
|
||||||
cfg_pci="$cfg_pci
|
cfg_pci="$cfg_pci
|
||||||
$value"
|
$value"
|
||||||
@ -712,10 +534,6 @@ check_caveat() {
|
|||||||
cfg_dmi="$cfg_dmi
|
cfg_dmi="$cfg_dmi
|
||||||
$value"
|
$value"
|
||||||
;;
|
;;
|
||||||
dependency)
|
|
||||||
cfg_dependency="$cfg_dependency
|
|
||||||
$value"
|
|
||||||
;;
|
|
||||||
'#'*|'')
|
'#'*|'')
|
||||||
continue
|
continue
|
||||||
;;
|
;;
|
||||||
@ -726,8 +544,12 @@ check_caveat() {
|
|||||||
esac
|
esac
|
||||||
done < "${dir}/config"
|
done < "${dir}/config"
|
||||||
|
|
||||||
|
[ -z "${cfg_blacklist}" ] || \
|
||||||
|
cfg_blacklist=$(/bin/sed -n '/^blacklist$/,$p' "${dir}/config" |
|
||||||
|
/usr/bin/tail -n +2)
|
||||||
|
|
||||||
debug "${cfg}: model '$cfg_model', path '$cfg_path', kvers '$cfg_kvers'"
|
debug "${cfg}: model '$cfg_model', path '$cfg_path', kvers '$cfg_kvers'"
|
||||||
echo "$cfg_path"
|
debug "${cfg}: blacklist '$cfg_blacklist'"
|
||||||
|
|
||||||
# Check for override files in the following order:
|
# Check for override files in the following order:
|
||||||
# - disallow early/late specific caveat for specific kernel
|
# - disallow early/late specific caveat for specific kernel
|
||||||
@ -748,10 +570,10 @@ check_caveat() {
|
|||||||
# - force early/late everyhting
|
# - force early/late everyhting
|
||||||
# - disallow everything
|
# - disallow everything
|
||||||
# - force everyhting
|
# - force everyhting
|
||||||
local ignore_cfg=0
|
ignore_cfg=0
|
||||||
local force_cfg=0
|
force_cfg=0
|
||||||
local override_file=""
|
override_file=""
|
||||||
local overrides="
|
overrides="
|
||||||
0:$FW_DIR/$kver/disallow-$stage-$cfg
|
0:$FW_DIR/$kver/disallow-$stage-$cfg
|
||||||
1:$FW_DIR/$kver/force-$stage-$cfg
|
1:$FW_DIR/$kver/force-$stage-$cfg
|
||||||
0:$FW_DIR/$kver/disallow-$cfg
|
0:$FW_DIR/$kver/disallow-$cfg
|
||||||
@ -768,9 +590,6 @@ check_caveat() {
|
|||||||
1:$CFG_DIR/force-$stage
|
1:$CFG_DIR/force-$stage
|
||||||
0:$CFG_DIR/disallow
|
0:$CFG_DIR/disallow
|
||||||
1:$CFG_DIR/force"
|
1:$CFG_DIR/force"
|
||||||
local o
|
|
||||||
local o_force
|
|
||||||
local override_file
|
|
||||||
for o in $(echo "$overrides"); do
|
for o in $(echo "$overrides"); do
|
||||||
o_force=${o%%:*}
|
o_force=${o%%:*}
|
||||||
override_file=${o#$o_force:}
|
override_file=${o#$o_force:}
|
||||||
@ -789,7 +608,7 @@ check_caveat() {
|
|||||||
[ 0 -eq "$ignore_cfg" ] || {
|
[ 0 -eq "$ignore_cfg" ] || {
|
||||||
debug "Configuration \"$cfg\" is ignored due to presence of" \
|
debug "Configuration \"$cfg\" is ignored due to presence of" \
|
||||||
"\"$override_file\"."
|
"\"$override_file\"."
|
||||||
return 3
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
# Check model if model filter is enabled
|
# Check model if model filter is enabled
|
||||||
@ -798,22 +617,21 @@ check_caveat() {
|
|||||||
debug "Current CPU model '$cpu_model' doesn't" \
|
debug "Current CPU model '$cpu_model' doesn't" \
|
||||||
"match configuration CPU model '$cfg_model'," \
|
"match configuration CPU model '$cfg_model'," \
|
||||||
"skipping"
|
"skipping"
|
||||||
return 2
|
continue
|
||||||
}
|
}
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Check paths if model filter is enabled
|
# Check paths if model filter is enabled
|
||||||
local cpu_mc_path
|
|
||||||
local cfg_mc_present
|
|
||||||
if [ 1 -eq "$match_model" -a -n "$cfg_path" ]; then
|
if [ 1 -eq "$match_model" -a -n "$cfg_path" ]; then
|
||||||
cpu_mc_path="$MC_CAVEATS_DATA_DIR/$cfg/$(get_mc_path \
|
cpu_mc_path="$MC_CAVEATS_DATA_DIR/$cfg/$(get_mc_path \
|
||||||
"$cpu_vendor" "${cpu_model#* }")"
|
"$cpu_vendor" "${cpu_model#* }")"
|
||||||
cfg_mc_present=0
|
cfg_mc_present=0
|
||||||
|
|
||||||
for p in $(printf "%s" "$cfg_path"); do
|
for p in $(printf "%s" "$cfg_path"); do
|
||||||
/usr/bin/find "$MC_CAVEATS_DATA_DIR/$cfg" \
|
{ /usr/bin/find "$MC_CAVEATS_DATA_DIR/$cfg" \
|
||||||
-path "$MC_CAVEATS_DATA_DIR/$cfg/$p" -print0 \
|
-path "$MC_CAVEATS_DATA_DIR/$cfg/$p" -print0;
|
||||||
| /bin/grep -zFxc "$cpu_mc_path" > /dev/null \
|
/bin/true; } \
|
||||||
|
| /bin/grep -zFxq "$cpu_mc_path" \
|
||||||
|| continue
|
|| continue
|
||||||
|
|
||||||
cfg_mc_present=1
|
cfg_mc_present=1
|
||||||
@ -823,7 +641,7 @@ check_caveat() {
|
|||||||
[ 1 = "$cfg_mc_present" ] || {
|
[ 1 = "$cfg_mc_present" ] || {
|
||||||
debug "No matching microcode files in '$cfg_path'" \
|
debug "No matching microcode files in '$cfg_path'" \
|
||||||
"for CPU model '$cpu_model', skipping"
|
"for CPU model '$cpu_model', skipping"
|
||||||
return 2
|
continue
|
||||||
}
|
}
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@ -833,56 +651,30 @@ check_caveat() {
|
|||||||
debug "Current CPU vendor '$cpu_vendor' doesn't" \
|
debug "Current CPU vendor '$cpu_vendor' doesn't" \
|
||||||
"match configuration CPU vendor '$cfg_vendor'," \
|
"match configuration CPU vendor '$cfg_vendor'," \
|
||||||
"skipping"
|
"skipping"
|
||||||
return 2
|
continue
|
||||||
}
|
}
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Has to be performed before dependency checks
|
|
||||||
[ 0 -eq "$force_cfg" ] || {
|
|
||||||
debug "Checks for configuration \"$cfg\" are ignored due to" \
|
|
||||||
"presence of \"$override_file\"."
|
|
||||||
|
|
||||||
return 0
|
|
||||||
}
|
|
||||||
|
|
||||||
# Check dependencies
|
|
||||||
# It has to be performed here (before adding configuration
|
|
||||||
# to $ret_cfgs/$ret_paths) since it may be skipped.
|
|
||||||
if [ -n "$cfg_dependency" ]; then
|
|
||||||
dep_line="$(printf "%s\n" "$cfg_dependency" | \
|
|
||||||
while read -r dep_type dep_name dep_opts
|
|
||||||
do
|
|
||||||
[ -n "$dep_type" ] || continue
|
|
||||||
dep_res=$(check_dependency "$check_level" \
|
|
||||||
"$dep_type" \
|
|
||||||
"$dep_name" \
|
|
||||||
"$dep_opts")
|
|
||||||
[ 0 != "$dep_res" ] || continue
|
|
||||||
echo "$dep_res $dep_type $dep_name $dep_opts"
|
|
||||||
break
|
|
||||||
done
|
|
||||||
echo "0 ")"
|
|
||||||
|
|
||||||
case "${dep_line%% *}" in
|
|
||||||
0) ;;
|
|
||||||
2)
|
|
||||||
debug "Dependency check '${dep_line#* }'" \
|
|
||||||
"induced configuration skip"
|
|
||||||
return 2
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
debug "Dependency check '${dep_line#* }'" \
|
|
||||||
"failed (with return code ${dep_line%% *})"
|
|
||||||
return 1
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Check configuration files
|
# Check configuration files
|
||||||
|
|
||||||
|
ret_cfgs="$ret_cfgs $cfg"
|
||||||
|
ret_paths="$ret_paths $cfg_path"
|
||||||
|
skip_cfgs="${skip_cfgs% $cfg}"
|
||||||
|
|
||||||
|
[ 0 -eq "$force_cfg" ] || {
|
||||||
|
debug "Checks for configuration \"$cfg\" are ignored due to" \
|
||||||
|
"presence of \"$override_file\"."
|
||||||
|
|
||||||
|
ok_cfgs="$ok_cfgs $cfg"
|
||||||
|
ok_paths="$ok_paths $cfg_path"
|
||||||
|
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
|
||||||
[ "x${cfg_disable%%* $stage *}" = "x$cfg_disable" ] || {
|
[ "x${cfg_disable%%* $stage *}" = "x$cfg_disable" ] || {
|
||||||
debug "${cfg}: caveat is disabled in configuration"
|
debug "${cfg}: caveat is disabled in configuration"
|
||||||
return 1
|
fail
|
||||||
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
# Check late load kernel version
|
# Check late load kernel version
|
||||||
@ -890,7 +682,8 @@ check_caveat() {
|
|||||||
check_kver "$kver" $cfg_kvers || {
|
check_kver "$kver" $cfg_kvers || {
|
||||||
debug "${cfg}: late load kernel version check for" \
|
debug "${cfg}: late load kernel version check for" \
|
||||||
" '$kver' against '$cfg_kvers' failed"
|
" '$kver' against '$cfg_kvers' failed"
|
||||||
return 1
|
fail
|
||||||
|
continue
|
||||||
}
|
}
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@ -899,7 +692,17 @@ check_caveat() {
|
|||||||
check_kver "$kver" $cfg_kvers_early || {
|
check_kver "$kver" $cfg_kvers_early || {
|
||||||
debug "${cfg}: early load kernel version check for" \
|
debug "${cfg}: early load kernel version check for" \
|
||||||
"'$kver' against '$cfg_kvers_early' failed"
|
"'$kver' against '$cfg_kvers_early' failed"
|
||||||
return 1
|
fail
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Check model blacklist
|
||||||
|
if [ -n "$cfg_blacklist" ]; then
|
||||||
|
echo "$cfg_blacklist" | /bin/grep -vqFx "${cpu_model_name}" || {
|
||||||
|
debug "${cfg}: model '${cpu_model_name}' is blacklisted"
|
||||||
|
fail
|
||||||
|
continue
|
||||||
}
|
}
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@ -912,7 +715,8 @@ check_caveat() {
|
|||||||
debug "${cfg}: CPU microcode version $cpu_mc_ver" \
|
debug "${cfg}: CPU microcode version $cpu_mc_ver" \
|
||||||
"failed check (should be at least" \
|
"failed check (should be at least" \
|
||||||
"${cfg_mc_min_ver_late})"
|
"${cfg_mc_min_ver_late})"
|
||||||
return 1
|
fail
|
||||||
|
continue
|
||||||
}
|
}
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@ -933,14 +737,14 @@ check_caveat() {
|
|||||||
[ -z "${pci_line#* }" ] || {
|
[ -z "${pci_line#* }" ] || {
|
||||||
debug "PCI configuration word check '${pci_line#* }'" \
|
debug "PCI configuration word check '${pci_line#* }'" \
|
||||||
"failed (with return code ${pci_line%% *})"
|
"failed (with return code ${pci_line%% *})"
|
||||||
return 1
|
fail
|
||||||
|
continue
|
||||||
}
|
}
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Check DMI data if model filter is enabled
|
# Check DMI data if model filter is enabled
|
||||||
# Note that the model filter check is done inside check_dmi_val
|
# Note that the model filter check is done inside check_pci_config_val
|
||||||
# (which returns the value of 'no-model-mode=' parameter
|
# based on the 'mode=' parameter.
|
||||||
# if it is disenaged).
|
|
||||||
if [ -n "$cfg_dmi" ]; then
|
if [ -n "$cfg_dmi" ]; then
|
||||||
dmi_line="$(printf "%s\n" "$cfg_dmi" | while read -r dmi_line
|
dmi_line="$(printf "%s\n" "$cfg_dmi" | while read -r dmi_line
|
||||||
do
|
do
|
||||||
@ -956,43 +760,13 @@ check_caveat() {
|
|||||||
[ -z "${dmi_line#* }" ] || {
|
[ -z "${dmi_line#* }" ] || {
|
||||||
debug "DMI data check '${dmi_line#* }'" \
|
debug "DMI data check '${dmi_line#* }'" \
|
||||||
"failed (with return code ${dmi_line%% *})"
|
"failed (with return code ${dmi_line%% *})"
|
||||||
return 1
|
fail
|
||||||
|
continue
|
||||||
}
|
}
|
||||||
fi
|
fi
|
||||||
|
|
||||||
return 0
|
ok_cfgs="$ok_cfgs $cfg"
|
||||||
}
|
ok_paths="$ok_paths $cfg_path"
|
||||||
|
|
||||||
for cfg in $(echo "${configs}"); do
|
|
||||||
if cfg_path=$(check_caveat "$cfg"; exit "$?")
|
|
||||||
then
|
|
||||||
ret_cfgs="$ret_cfgs $cfg"
|
|
||||||
ret_paths="$ret_paths $cfg_path"
|
|
||||||
ok_cfgs="$ok_cfgs $cfg"
|
|
||||||
ok_paths="$ok_paths $cfg_path"
|
|
||||||
else
|
|
||||||
case "$?" in
|
|
||||||
1)
|
|
||||||
ret=1
|
|
||||||
|
|
||||||
ret_cfgs="$ret_cfgs $cfg"
|
|
||||||
ret_paths="$ret_paths $cfg_path"
|
|
||||||
fail_cfgs="$fail_cfgs $cfg"
|
|
||||||
fail_paths="$fail_paths $cfg_path"
|
|
||||||
|
|
||||||
[ 0 -eq "$print_disclaimers" ] \
|
|
||||||
|| [ ! -e "${MC_CAVEATS_DATA_DIR}/${cfg}/disclaimer" ] \
|
|
||||||
|| /bin/cat "${MC_CAVEATS_DATA_DIR}/${cfg}/disclaimer"
|
|
||||||
;;
|
|
||||||
2|3)
|
|
||||||
skip_cfgs="$skip_cfgs $cfg";
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
debug "Unexpected check_caveat return code '$?'" \
|
|
||||||
"for config '$cfg'"
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
fi
|
|
||||||
done
|
done
|
||||||
|
|
||||||
[ 0 -eq "$print_disclaimers" ] || exit 0
|
[ 0 -eq "$print_disclaimers" ] || exit 0
|
||||||
|
@ -242,7 +242,6 @@ Server;;Skylake;B1;97;50653;SKX;SP;Xeon Scalable;
|
|||||||
Desktop;;Skylake;H0,M0,U0;b7;50654;SKX;X;Core i9-7xxxX, i9-9xxxX;
|
Desktop;;Skylake;H0,M0,U0;b7;50654;SKX;X;Core i9-7xxxX, i9-9xxxX;
|
||||||
Server;;Skylake;H0,M0,U0;b7;50654;SKX;SP,W;Xeon Scalable;
|
Server;;Skylake;H0,M0,U0;b7;50654;SKX;SP,W;Xeon Scalable;
|
||||||
Server;;Skylake;M1;b7;50654;SKX;D;Xeon D-21xx;
|
Server;;Skylake;M1;b7;50654;SKX;D;Xeon D-21xx;
|
||||||
Server;;Cascade Lake;A0;b7;50655;CLX;SP;Xeon Scalable Gen2;
|
|
||||||
Server;;Cascade Lake;B0;bf;50656;CLX;SP;Xeon Scalable Gen2;
|
Server;;Cascade Lake;B0;bf;50656;CLX;SP;Xeon Scalable Gen2;
|
||||||
Desktop;;Cascade Lake;B1,L1;bf;50657;CLX;X;;
|
Desktop;;Cascade Lake;B1,L1;bf;50657;CLX;X;;
|
||||||
Server;;Cascade Lake;B1,L1;bf;50657;CLX;SP;Xeon Scalable Gen2;
|
Server;;Cascade Lake;B1,L1;bf;50657;CLX;SP;Xeon Scalable Gen2;
|
||||||
@ -263,20 +262,11 @@ Server;;Skylake;N0,R0,S0;36;506e3;SKL;Xeon E3;Xeon E3 v5;
|
|||||||
SOC;;Denverton;B0;01;506f1;DNV;;Atom C3xxx;
|
SOC;;Denverton;B0;01;506f1;DNV;;Atom C3xxx;
|
||||||
SOC;;XMM 7272 (SoFIA);;01;60650;;;XMM 7272
|
SOC;;XMM 7272 (SoFIA);;01;60650;;;XMM 7272
|
||||||
Mobile;;Cannon Lake;D0;80;60663;CNL;U;Core Gen8 Mobile;
|
Mobile;;Cannon Lake;D0;80;60663;CNL;U;Core Gen8 Mobile;
|
||||||
Server;;Ice Lake;C0;87;606a5;ICX;SP;Xeon Scalable Gen3;
|
|
||||||
Server;;Ice Lake;D0;87;606a6;ICX;SP;Xeon Scalable Gen3;
|
|
||||||
Server;;Ice Lake;B0;10;606c1;ICL;D;;Xeon D-17xx, D-27xx
|
|
||||||
SOC;;Gemini Lake;B0;01;706a1;GLK;;;Pentium J5005/N5000, Celeron J4005/J4105/N4000/N4100
|
SOC;;Gemini Lake;B0;01;706a1;GLK;;;Pentium J5005/N5000, Celeron J4005/J4105/N4000/N4100
|
||||||
SOC;;Gemini Lake;R0;01;706a8;GLK;R;;Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120
|
SOC;;Gemini Lake;R0;01;706a8;GLK;R;;Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120
|
||||||
Mobile;;Ice Lake;D1;80;706e5;ICL;U,Y;Core Gen10 Mobile;
|
Mobile;;Ice Lake;D1;80;706e5;ICL;U,Y;Core Gen10 Mobile;
|
||||||
Server;;Knights Mill;A0;08;80650;KNM;;Xeon Phi 72x5;Xeon Phi 7235, 7285, 7295
|
Server;;Knights Mill;A0;08;80650;KNM;;Xeon hi 72x5;Xeon Phi 7235, 7285, 7295
|
||||||
SOC;;Snow Ridge;B0;01;80664;SNR;;Atom P59xxB;
|
|
||||||
SOC;;Snow Ridge;B1;01;80665;SNR;;Atom P59xxB;
|
|
||||||
SOC;;Snow Ridge;C0;01;80667;SNR;;Atom P59xxB;
|
|
||||||
SOC;;Lakefield;B2,B3;10;806a1;LKF;;Core w/Hybrid Technology;
|
|
||||||
Mobile;;Tiger Lake;B1;80;806c1;TGL;UP3,UP4;Core Gen11 Mobile;
|
Mobile;;Tiger Lake;B1;80;806c1;TGL;UP3,UP4;Core Gen11 Mobile;
|
||||||
Mobile;;Tiger Lake Refresh;C0;80;806c2;TGL;R;Core Gen11 Mobile;
|
|
||||||
Mobile;;Tiger Lake;R0;c2;806d1;TGL;H;Core Gen11 Mobile;
|
|
||||||
Mobile;;Amber Lake;H0;10;806e9;AML;Y 2+2;Core Gen8 Mobile;
|
Mobile;;Amber Lake;H0;10;806e9;AML;Y 2+2;Core Gen8 Mobile;
|
||||||
Mobile;;Kaby Lake;H0;c0;806e9;KBL;U,Y;Core Gen7 Mobile;
|
Mobile;;Kaby Lake;H0;c0;806e9;KBL;U,Y;Core Gen7 Mobile;
|
||||||
Mobile;;Kaby Lake;J1;c0;806e9;KBL;U 2+3e;Core Gen7 Mobile;
|
Mobile;;Kaby Lake;J1;c0;806e9;KBL;U 2+3e;Core Gen7 Mobile;
|
||||||
@ -287,21 +277,6 @@ Mobile;;Comet Lake;V0;94;806ec;CML;U 4+2;Core Gen10 Mobile;
|
|||||||
Mobile;;Whiskey Lake;W0;d0;806eb;WHL;U;Core Gen8 Mobile;
|
Mobile;;Whiskey Lake;W0;d0;806eb;WHL;U;Core Gen8 Mobile;
|
||||||
Mobile;;Whiskey Lake;V0;94;806ec;WHL;U;Core Gen8 Mobile;
|
Mobile;;Whiskey Lake;V0;94;806ec;WHL;U;Core Gen8 Mobile;
|
||||||
Mobile;;Whiskey Lake;V0;94;806ed;WHL;U;Core Gen8 Mobile;
|
Mobile;;Whiskey Lake;V0;94;806ed;WHL;U;Core Gen8 Mobile;
|
||||||
Server;;Sapphire Rapids;E0,S1;87;806f4;SPR;SP;Xeon Scalable Gen4;
|
|
||||||
Server;;Sapphire Rapids;B1;10;806f5;SPR;HBM;Xeon Max;
|
|
||||||
Server;;Sapphire Rapids;E2;87;806f5;SPR;SP;Xeon Scalable Gen4;
|
|
||||||
Server;;Sapphire Rapids;E3;87;806f6;SPR;SP;Xeon Scalable Gen4;
|
|
||||||
Server;;Sapphire Rapids;E4,S2;87;806f7;SPR;SP;Xeon Scalable Gen4;
|
|
||||||
Server;;Sapphire Rapids;B3;10;806f8;SPR;HBM;Xeon Max;
|
|
||||||
Server;;Sapphire Rapids;E5,S3;87;806f8;SPR;SP;Xeon Scalable Gen4;
|
|
||||||
SOC;;Elkhart Rate;B1;01;90661;EHL;;Pentium J6426/N6415, Celeron J6412/J6413/N6210/N6211, Atom x6000E;
|
|
||||||
Desktop;;Alder Lake;C0;02;90672;ADL;S 8+8;Core Gen12;
|
|
||||||
Mobile;;Alder Lake;C0;03;90672;ADL;HX;Core Gen12 Mobile;
|
|
||||||
Desktop;;Alder Lake;K0;01;90675;ADL;S 6+0;Core Gen12;
|
|
||||||
Mobile;;Alder Lake;L0;82;906a3;ADL;P 6+8;Core Gen12 Mobile;
|
|
||||||
Mobile;;Alder Lake;R0;80;906a3;ADL;U 9W;Core Gen12 Mobile;
|
|
||||||
Mobile;;Arizona Beach;A0;40;906a4;AZB;;;Intel(R) Atom(R) C1100
|
|
||||||
Mobile;;Alder Lake;R0;82;906a4;ADL;P 2+8;Core Gen12 Mobile;
|
|
||||||
Desktop;;Kaby Lake;B0;2a;906e9;KBL;S,X;Core Gen7;
|
Desktop;;Kaby Lake;B0;2a;906e9;KBL;S,X;Core Gen7;
|
||||||
Mobile;;Kaby Lake;B0;2a;906e9;KBL;G,H;Core Gen7 Mobile;
|
Mobile;;Kaby Lake;B0;2a;906e9;KBL;G,H;Core Gen7 Mobile;
|
||||||
Server;;Kaby Lake;B0;2a;906e9;KBL;Xeon E3;Xeon E3 v6;
|
Server;;Kaby Lake;B0;2a;906e9;KBL;Xeon E3;Xeon E3 v6;
|
||||||
@ -317,22 +292,12 @@ Server;;Coffee Lake;P0;22;906ec;CFL;Xeon E;Xeon E;
|
|||||||
Desktop;;Coffee Lake;R0;22;906ed;CFL;S;Core Gen9 Desktop;
|
Desktop;;Coffee Lake;R0;22;906ed;CFL;S;Core Gen9 Desktop;
|
||||||
Mobile;;Coffee Lake;R0;22;906ed;CFL;H;Core Gen9 Mobile;
|
Mobile;;Coffee Lake;R0;22;906ed;CFL;H;Core Gen9 Mobile;
|
||||||
Server;;Coffee Lake;R0;22;906ed;CFL;Xeon E;Xeon E;
|
Server;;Coffee Lake;R0;22;906ed;CFL;Xeon E;Xeon E;
|
||||||
SOC;;Jasper Lake;A0,A1;01;906c0;JSL;;Pentium N6000/N6005, Celeron N4500/N4505/N5100/N5105;
|
|
||||||
Mobile;;Comet Lake;R1;20;a0652;CML;H;Core Gen10 Mobile;
|
Mobile;;Comet Lake;R1;20;a0652;CML;H;Core Gen10 Mobile;
|
||||||
Desktop;;Comet Lake;G1;22;a0653;CML;S 6+2;Core Gen10 Desktop;
|
Desktop;;Comet Lake;G1;22;a0653;CML;S 6+2;Core Gen10 Desktop;
|
||||||
Desktop;;Comet Lake;Q0;22;a0655;CML;S 10+2;Core Gen10 Desktop;
|
Desktop;;Comet Lake;Q0;22;a0655;CML;S 10+2;Core Gen10 Desktop;
|
||||||
Mobile;;Comet Lake;A0;80;a0660;CML;U 6+2;Core Gen10 Mobile;
|
Mobile;;Comet Lake;A0;80;a0660;CML;U 6+2;Core Gen10 Mobile;
|
||||||
Mobile;;Comet Lake;K1;80;a0661;CML;U 6+2 v2;Core Gen10 Mobile;
|
Mobile;;Comet Lake;K0;80;a0661;CML;U 6+2 v2;Core Gen10 Mobile;
|
||||||
Desktop;;Rocket Lake;B0;02;a0671;RKL;S;Core Gen11;
|
SOC;;Lakefield;B2,B3;10;806a1;LKF;;Core w/Hybrid Technology;
|
||||||
Mobile;;Meteor Lake;C0;e6;a06a4;MTL;H,U;Core™ Ultra Processor;
|
|
||||||
Desktop;;Raptor Lake;B0;32;b0671;RPL;S;Core Gen13;
|
|
||||||
Mobile;;Raptor Lake;J0;e0;b06a2;RPL;P 6+8,H 6+8;Core Gen13;
|
|
||||||
Mobile;;Raptor Lake;Q0;e0;b06a3;RPL;U 2+8;Core Gen13;
|
|
||||||
SOC;;Alder Lake;A0;01;b06e0;ADL;N;;Core i3-N305/N300, N50/N97/N100/N200, Atom x7211E/x7213E/x7425E
|
|
||||||
Desktop;;Alder Lake;C0;03;b06f2;ADL;;Core Gen12;
|
|
||||||
Desktop;;Alder Lake;C0;03;b06f5;ADL;;Core Gen12;
|
|
||||||
Server;;Emerald Rapids;A0;87;c06f1;EMR;SP;Xeon Scalable Gen5;
|
|
||||||
Server;;Emerald Rapids;A1;87;c06f2;EMR;SP;Xeon Scalable Gen5;
|
|
||||||
|
|
||||||
# sources:
|
# sources:
|
||||||
# https://en.wikichip.org/wiki/intel/cpuid
|
# https://en.wikichip.org/wiki/intel/cpuid
|
||||||
|
@ -13,7 +13,6 @@ install() {
|
|||||||
local DATA_DIR=/usr/share/microcode_ctl/ucode_with_caveats
|
local DATA_DIR=/usr/share/microcode_ctl/ucode_with_caveats
|
||||||
local CFG_DIR="/etc/microcode_ctl/ucode_with_caveats"
|
local CFG_DIR="/etc/microcode_ctl/ucode_with_caveats"
|
||||||
local check_caveats=/usr/libexec/microcode_ctl/check_caveats
|
local check_caveats=/usr/libexec/microcode_ctl/check_caveats
|
||||||
local fw_path_para=$(< /sys/module/firmware_class/parameters/path)
|
|
||||||
|
|
||||||
local verbose_opt
|
local verbose_opt
|
||||||
local cc_out
|
local cc_out
|
||||||
@ -37,13 +36,9 @@ install() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
# Reset fw_dir to avoid inclusion of kernel-version-specific directories
|
# Reset fw_dir to avoid inclusion of kernel-version-specific directories
|
||||||
# populated with microcode for the late load, only in case it is set
|
# populated with microcode for the late load
|
||||||
# to the default value to avoid meddling with user-enforced changes.
|
[ "x$fw_dir" != \
|
||||||
# The second variant has been introduced in dracut-057~5.
|
"x/lib/firmware/updates /lib/firmware /lib/firmware/$kernel" ] || {
|
||||||
[ \( "x$fw_dir" != \
|
|
||||||
"x/lib/firmware/updates /lib/firmware /lib/firmware/$kernel" \) -a \
|
|
||||||
\( "x$fw_dir" != \
|
|
||||||
"x${fw_path_para:+$fw_path_para }/lib/firmware/updates/$kernel /lib/firmware/updates /lib/firmware/$kernel /lib/firmware" \) ] || {
|
|
||||||
fw_dir="/lib/firmware/updates /lib/firmware"
|
fw_dir="/lib/firmware/updates /lib/firmware"
|
||||||
dinfo " microcode_ctl: reset fw_dir to \"${fw_dir}\""
|
dinfo " microcode_ctl: reset fw_dir to \"${fw_dir}\""
|
||||||
}
|
}
|
||||||
|
@ -3,7 +3,6 @@
|
|||||||
|
|
||||||
import argparse
|
import argparse
|
||||||
import errno
|
import errno
|
||||||
import fnmatch
|
|
||||||
import io
|
import io
|
||||||
import itertools
|
import itertools
|
||||||
import os
|
import os
|
||||||
@ -11,7 +10,6 @@ import re
|
|||||||
import shutil
|
import shutil
|
||||||
import struct
|
import struct
|
||||||
import sys
|
import sys
|
||||||
import tarfile
|
|
||||||
import tempfile
|
import tempfile
|
||||||
from subprocess import PIPE, Popen, STDOUT
|
from subprocess import PIPE, Popen, STDOUT
|
||||||
|
|
||||||
@ -36,7 +34,6 @@ except:
|
|||||||
|
|
||||||
log_level = 0
|
log_level = 0
|
||||||
print_date = False
|
print_date = False
|
||||||
file_glob = ["*??-??-??", "*microcode*.dat"]
|
|
||||||
|
|
||||||
|
|
||||||
def log_status(msg, level=0):
|
def log_status(msg, level=0):
|
||||||
@ -99,15 +96,13 @@ def file_walk(args, yield_dirs=False):
|
|||||||
|
|
||||||
|
|
||||||
def cpuid_fname(c):
|
def cpuid_fname(c):
|
||||||
# Note that the Extended Family is summed up with the Family,
|
|
||||||
# while the Extended Model is concatenated with the Model.
|
|
||||||
return "%02x-%02x-%02x" % (
|
return "%02x-%02x-%02x" % (
|
||||||
((c >> 20) & 0xff) + ((c >> 8) & 0xf),
|
((c >> 16) & 0xff0) + ((c >> 8) & 0xf),
|
||||||
((c >> 12) & 0xf0) + ((c >> 4) & 0xf),
|
((c >> 12) & 0xf0) + ((c >> 4) & 0xf),
|
||||||
c & 0xf)
|
c & 0xf)
|
||||||
|
|
||||||
|
|
||||||
def read_revs_dir(path, args, src=None, ret=None):
|
def read_revs_dir(path, src=None, ret=None):
|
||||||
if ret is None:
|
if ret is None:
|
||||||
ret = []
|
ret = []
|
||||||
|
|
||||||
@ -161,24 +156,18 @@ def read_revs_dir(path, args, src=None, ret=None):
|
|||||||
while cur_offs < offs + hdr[8] \
|
while cur_offs < offs + hdr[8] \
|
||||||
and ext_sig_cnt <= ext_tbl[0]:
|
and ext_sig_cnt <= ext_tbl[0]:
|
||||||
ext_sig = struct.unpack("III", f.read(12))
|
ext_sig = struct.unpack("III", f.read(12))
|
||||||
ignore = args.ignore_ext_dups and \
|
ret.append({"path": rp, "src": src or path,
|
||||||
(ext_sig[0] == hdr[3])
|
"cpuid": ext_sig[0], "pf": ext_sig[1],
|
||||||
if not ignore:
|
"rev": hdr[1], "date": hdr[2],
|
||||||
ret.append({"path": rp, "src": src or path,
|
"offs": offs, "ext_offs": cur_offs,
|
||||||
"cpuid": ext_sig[0],
|
"cksum": hdr[4],
|
||||||
"pf": ext_sig[1],
|
"ext_cksum": ext_sig[2],
|
||||||
"rev": hdr[1], "date": hdr[2],
|
"data_size": hdr[7],
|
||||||
"offs": offs, "ext_offs": cur_offs,
|
"total_size": hdr[8]})
|
||||||
"cksum": hdr[4],
|
|
||||||
"ext_cksum": ext_sig[2],
|
|
||||||
"data_size": hdr[7],
|
|
||||||
"total_size": hdr[8]})
|
|
||||||
log_status(("Got ext sig %#x/%#x for " +
|
log_status(("Got ext sig %#x/%#x for " +
|
||||||
"%s:%#x:%#x/%#x%s") %
|
"%s:%#x:%#x/%#x") %
|
||||||
(ext_sig[0], ext_sig[1],
|
(ext_sig[0], ext_sig[1], rp, offs,
|
||||||
rp, offs, hdr[3], hdr[6],
|
hdr[3], hdr[6]), level=2)
|
||||||
" (ignored)" if ignore else ""),
|
|
||||||
level=2)
|
|
||||||
|
|
||||||
cur_offs += 12
|
cur_offs += 12
|
||||||
ext_sig_cnt += 1
|
ext_sig_cnt += 1
|
||||||
@ -191,7 +180,7 @@ def read_revs_dir(path, args, src=None, ret=None):
|
|||||||
return ret
|
return ret
|
||||||
|
|
||||||
|
|
||||||
def read_revs_rpm(path, args, ret=None):
|
def read_revs_rpm(path, ret=None):
|
||||||
if ret is None:
|
if ret is None:
|
||||||
ret = []
|
ret = []
|
||||||
|
|
||||||
@ -202,7 +191,7 @@ def read_revs_rpm(path, args, ret=None):
|
|||||||
|
|
||||||
rpm2cpio = Popen(args=["rpm2cpio", path], stdout=PIPE, stderr=PIPE,
|
rpm2cpio = Popen(args=["rpm2cpio", path], stdout=PIPE, stderr=PIPE,
|
||||||
close_fds=True)
|
close_fds=True)
|
||||||
cpio = Popen(args=["cpio", "-idmv"] + file_glob,
|
cpio = Popen(args=["cpio", "-idmv", "*??-??-??", "*microcode*.dat"],
|
||||||
cwd=dir_tmp, stdin=rpm2cpio.stdout,
|
cwd=dir_tmp, stdin=rpm2cpio.stdout,
|
||||||
stdout=PIPE, stderr=STDOUT)
|
stdout=PIPE, stderr=STDOUT)
|
||||||
out, cpio_stderr = cpio.communicate()
|
out, cpio_stderr = cpio.communicate()
|
||||||
@ -221,58 +210,20 @@ def read_revs_rpm(path, args, ret=None):
|
|||||||
log_info("cpio stderr:\n%s" % cpio_stderr, level=3)
|
log_info("cpio stderr:\n%s" % cpio_stderr, level=3)
|
||||||
|
|
||||||
if rpm2cpio_ret == 0 and cpio_ret == 0:
|
if rpm2cpio_ret == 0 and cpio_ret == 0:
|
||||||
ret = read_revs_dir(dir_tmp, args, path)
|
ret = read_revs_dir(dir_tmp, path)
|
||||||
|
|
||||||
shutil.rmtree(dir_tmp)
|
shutil.rmtree(dir_tmp)
|
||||||
|
|
||||||
return ret
|
return ret
|
||||||
|
|
||||||
|
|
||||||
def read_revs_tar(path, args, ret=None):
|
def read_revs(path, ret=None):
|
||||||
if ret is None:
|
|
||||||
ret = []
|
|
||||||
|
|
||||||
dir_tmp = tempfile.mkdtemp()
|
|
||||||
|
|
||||||
log_status("Trying to extract files from tarball \"%s\"..." % path,
|
|
||||||
level=1)
|
|
||||||
|
|
||||||
try:
|
|
||||||
with tarfile.open(path, "r:*") as tar:
|
|
||||||
for ti in tar:
|
|
||||||
if any(fnmatch.fnmatchcase(ti.name, p) for p in file_glob):
|
|
||||||
d = os.path.normpath(os.path.join("/",
|
|
||||||
os.path.dirname(ti.name)))
|
|
||||||
# For now, strip exactl one level
|
|
||||||
d = os.path.join(*(d.split(os.path.sep)[2:]))
|
|
||||||
n = os.path.join(d, os.path.basename(ti.name))
|
|
||||||
|
|
||||||
if not os.path.exists(d):
|
|
||||||
os.makedirs(d)
|
|
||||||
t = tar.extractfile(ti)
|
|
||||||
with open(n, "wb") as f:
|
|
||||||
shutil.copyfileobj(t, f)
|
|
||||||
t.close()
|
|
||||||
|
|
||||||
ret = read_revs_dir(dir_tmp, args, path)
|
|
||||||
except Exception as err:
|
|
||||||
log_error("Error while reading \"%s\" as a tarball: \"%s\"" %
|
|
||||||
(path, str(err)))
|
|
||||||
|
|
||||||
shutil.rmtree(dir_tmp)
|
|
||||||
|
|
||||||
return ret
|
|
||||||
|
|
||||||
|
|
||||||
def read_revs(path, args, ret=None):
|
|
||||||
if ret is None:
|
if ret is None:
|
||||||
ret = []
|
ret = []
|
||||||
if os.path.isdir(path):
|
if os.path.isdir(path):
|
||||||
return read_revs_dir(path, args, ret)
|
return read_revs_dir(path, ret)
|
||||||
elif tarfile.is_tarfile(path):
|
|
||||||
return read_revs_tar(path, args, ret)
|
|
||||||
else:
|
else:
|
||||||
return read_revs_rpm(path, args, ret)
|
return read_revs_rpm(path, ret)
|
||||||
|
|
||||||
|
|
||||||
def gen_mc_map(mc_data, merge=False, merge_path=False):
|
def gen_mc_map(mc_data, merge=False, merge_path=False):
|
||||||
@ -356,8 +307,7 @@ class mcnm:
|
|||||||
MCNM_CODENAME = 4
|
MCNM_CODENAME = 4
|
||||||
|
|
||||||
|
|
||||||
def get_mc_cnames(mc, cmap, mode=mcnm.MCNM_ABBREV, stringify=True,
|
def get_mc_cnames(mc, cmap, mode=mcnm.MCNM_ABBREV):
|
||||||
segment=False):
|
|
||||||
if not isinstance(mc, dict):
|
if not isinstance(mc, dict):
|
||||||
mc = mc_from_mc_key(mc)
|
mc = mc_from_mc_key(mc)
|
||||||
sig = mc["cpuid"]
|
sig = mc["cpuid"]
|
||||||
@ -400,9 +350,6 @@ def get_mc_cnames(mc, cmap, mode=mcnm.MCNM_ABBREV, stringify=True,
|
|||||||
else:
|
else:
|
||||||
cname = c["codename"]
|
cname = c["codename"]
|
||||||
|
|
||||||
if segment:
|
|
||||||
cname = c["segment"] + " " + cname
|
|
||||||
|
|
||||||
if cname not in suffices:
|
if cname not in suffices:
|
||||||
suffices[cname] = set()
|
suffices[cname] = set()
|
||||||
if "variant" in c and c["variant"]:
|
if "variant" in c and c["variant"]:
|
||||||
@ -414,28 +361,28 @@ def get_mc_cnames(mc, cmap, mode=mcnm.MCNM_ABBREV, stringify=True,
|
|||||||
steppings[cname] |= set(c["stepping"])
|
steppings[cname] |= set(c["stepping"])
|
||||||
|
|
||||||
for cname in sorted(steppings.keys()):
|
for cname in sorted(steppings.keys()):
|
||||||
cname_res = [cname]
|
cname_str = cname
|
||||||
if len(suffices[cname]):
|
if len(suffices[cname]):
|
||||||
cname_res[0] += "-" + "/".join(sorted(suffices[cname]))
|
cname_str += "-" + "/".join(sorted(suffices[cname]))
|
||||||
if len(steppings[cname]):
|
if len(steppings[cname]):
|
||||||
cname_res.append("/".join(sorted(steppings[cname])))
|
cname_str += " " + "/".join(sorted(steppings[cname]))
|
||||||
res.append(" ".join(cname_res) if stringify else cname_res)
|
res.append(cname_str)
|
||||||
|
|
||||||
return (", ".join(res) or None) if stringify else res
|
return ", ".join(res) or None
|
||||||
|
|
||||||
|
|
||||||
def mc_from_mc_key(k):
|
def mc_from_mc_key(k):
|
||||||
return dict(zip(("path", "cpuid", "pf"), k))
|
return dict(zip(("path", "cpuid", "pf"), k))
|
||||||
|
|
||||||
|
|
||||||
def mc_path(mc, pf_sfx=True, midword=None, cmap=None, cname_segment=False):
|
def mc_path(mc, pf_sfx=True, midword=None, cmap=None):
|
||||||
if not isinstance(mc, dict):
|
if not isinstance(mc, dict):
|
||||||
mc = mc_from_mc_key(mc)
|
mc = mc_from_mc_key(mc)
|
||||||
path = mc_stripped_path(mc) if mc["path"] is not None else None
|
path = mc_stripped_path(mc) if mc["path"] is not None else None
|
||||||
cpuid_fn = cpuid_fname(mc["cpuid"])
|
cpuid_fn = cpuid_fname(mc["cpuid"])
|
||||||
fname = os.path.basename(mc["path"] or cpuid_fn)
|
fname = os.path.basename(mc["path"] or cpuid_fn)
|
||||||
midword = "" if midword is None else " " + midword
|
midword = "" if midword is None else " " + midword
|
||||||
cname = get_mc_cnames(mc, cmap, segment=cname_segment)
|
cname = get_mc_cnames(mc, cmap)
|
||||||
cname_str = " (" + cname + ")" if cname else ""
|
cname_str = " (" + cname + ")" if cname else ""
|
||||||
|
|
||||||
if pf_sfx:
|
if pf_sfx:
|
||||||
@ -545,22 +492,22 @@ def mc_rev(mc, date=None):
|
|||||||
return "%#x" % rev
|
return "%#x" % rev
|
||||||
|
|
||||||
|
|
||||||
def print_changelog_rpm(clog, cmap, args):
|
def print_changelog(clog, cmap, args):
|
||||||
for e, old, new in clog:
|
for e, old, new in sorted(clog):
|
||||||
mc_str = mc_path(new if e == ChangeLogEntry.ADDED else old,
|
|
||||||
midword="microcode",
|
|
||||||
cmap=cmap, cname_segment=args.segment)
|
|
||||||
|
|
||||||
if e == ChangeLogEntry.ADDED:
|
if e == ChangeLogEntry.ADDED:
|
||||||
print("Addition of %s at revision %s" % (mc_str, mc_rev(new)))
|
print("Addition of %s at revision %s" %
|
||||||
|
(mc_path(new, midword="microcode", cmap=cmap), mc_rev(new)))
|
||||||
elif e == ChangeLogEntry.REMOVED:
|
elif e == ChangeLogEntry.REMOVED:
|
||||||
print("Removal of %s at revision %s" % (mc_str, mc_rev(old)))
|
print("Removal of %s at revision %s" %
|
||||||
|
(mc_path(old, midword="microcode", cmap=cmap), mc_rev(old)))
|
||||||
elif e == ChangeLogEntry.UPDATED:
|
elif e == ChangeLogEntry.UPDATED:
|
||||||
print("Update of %s from revision %s up to %s" %
|
print("Update of %s from revision %s up to %s" %
|
||||||
(mc_str, mc_rev(old), mc_rev(new)))
|
(mc_path(old, midword="microcode", cmap=cmap),
|
||||||
|
mc_rev(old), mc_rev(new)))
|
||||||
elif e == ChangeLogEntry.DOWNGRADED:
|
elif e == ChangeLogEntry.DOWNGRADED:
|
||||||
print("Downgrade of %s from revision %s down to %s" %
|
print("Downgrade of %s from revision %s down to %s" %
|
||||||
(mc_str, mc_rev(old), mc_rev(new)))
|
(mc_path(old, midword="microcode", cmap=cmap),
|
||||||
|
mc_rev(old), mc_rev(new)))
|
||||||
elif e == ChangeLogEntry.OTHER:
|
elif e == ChangeLogEntry.OTHER:
|
||||||
print("Other change in %s:" % old["path"])
|
print("Other change in %s:" % old["path"])
|
||||||
print(" old: %#x/%#x: rev %s (offs %#x)" %
|
print(" old: %#x/%#x: rev %s (offs %#x)" %
|
||||||
@ -569,70 +516,6 @@ def print_changelog_rpm(clog, cmap, args):
|
|||||||
(new["cpuid"], new["pf"], mc_rev(new), new["offs"]))
|
(new["cpuid"], new["pf"], mc_rev(new), new["offs"]))
|
||||||
|
|
||||||
|
|
||||||
def print_changelog_intel(clog, cmap, args):
|
|
||||||
def clog_sort_key(x):
|
|
||||||
res = str(x[0])
|
|
||||||
|
|
||||||
if x[0] != ChangeLogEntry.ADDED:
|
|
||||||
res += "%08x%02x" % (x[1]["cpuid"], x[1]["pf"])
|
|
||||||
else:
|
|
||||||
res += "0" * 10
|
|
||||||
|
|
||||||
if x[0] != ChangeLogEntry.REMOVED:
|
|
||||||
res += "%08x%02x" % (x[2]["cpuid"], x[2]["pf"])
|
|
||||||
else:
|
|
||||||
res += "0" * 10
|
|
||||||
|
|
||||||
return res
|
|
||||||
|
|
||||||
sorted_clog = sorted(clog, key=clog_sort_key)
|
|
||||||
sections = (("New Platforms", (ChangeLogEntry.ADDED, )),
|
|
||||||
("Updated Platforms", (ChangeLogEntry.UPDATED,
|
|
||||||
ChangeLogEntry.DOWNGRADED)),
|
|
||||||
("Removed Platforms", (ChangeLogEntry.REMOVED, )))
|
|
||||||
|
|
||||||
def print_line(e, old, new, types):
|
|
||||||
if e not in types:
|
|
||||||
return
|
|
||||||
|
|
||||||
if not print_line.hdr:
|
|
||||||
print("""
|
|
||||||
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|
|
||||||
|:---------------|:---------|:------------|:---------|:---------|:---------""")
|
|
||||||
print_line.hdr = True
|
|
||||||
|
|
||||||
mc = new if e == ChangeLogEntry.ADDED else old
|
|
||||||
cnames = get_mc_cnames(mc, cmap, stringify=False,
|
|
||||||
segment=args.segment) or (("???", ""), )
|
|
||||||
for cn in cnames:
|
|
||||||
cname = cn[0]
|
|
||||||
stepping = cn[1] if len(cn) > 1 else ""
|
|
||||||
print("| %-14s | %-8s | %8s/%02x | %8s | %8s | %s" %
|
|
||||||
(cname,
|
|
||||||
stepping,
|
|
||||||
cpuid_fname(mc["cpuid"]), mc["pf"],
|
|
||||||
("%08x" % old["rev"]) if e != ChangeLogEntry.ADDED else "",
|
|
||||||
("%08x" % new["rev"]) if e != ChangeLogEntry.REMOVED else "",
|
|
||||||
get_mc_cnames(mc, cmap, mode=mcnm.MCNM_FAMILIES,
|
|
||||||
segment=args.segment) or ""))
|
|
||||||
|
|
||||||
for h, types in sections:
|
|
||||||
print("\n### %s" % h)
|
|
||||||
print_line.hdr = False
|
|
||||||
for e, old, new in sorted_clog:
|
|
||||||
print_line(e, old, new, types)
|
|
||||||
|
|
||||||
|
|
||||||
def print_changelog(clog, cmap, args):
|
|
||||||
if args.format == "rpm":
|
|
||||||
print_changelog_rpm(clog, cmap, args)
|
|
||||||
elif args.format == "intel":
|
|
||||||
print_changelog_intel(clog, cmap, args)
|
|
||||||
else:
|
|
||||||
log_error(("unknown changelog format: \"%s\". " +
|
|
||||||
"Supported formats are: rpm, intel.") % args.format)
|
|
||||||
|
|
||||||
|
|
||||||
class TableStyles:
|
class TableStyles:
|
||||||
TS_CSV = 0
|
TS_CSV = 0
|
||||||
TS_FANCY = 1
|
TS_FANCY = 1
|
||||||
@ -669,9 +552,9 @@ def print_summary(revs, cmap, args):
|
|||||||
|
|
||||||
header = []
|
header = []
|
||||||
if args.header:
|
if args.header:
|
||||||
header.append(["Path", "Offset", "Ext. Offset", "Data Size",
|
header.append(["Path", "Offset", "Ext. Offset", "CPUID",
|
||||||
"Total Size", "CPUID", "Platform ID Mask", "Revision",
|
"Platform ID Mask", "Revision", "Date", "Checksum",
|
||||||
"Date", "Checksum", "Codenames"] +
|
"Codenames"] +
|
||||||
(["Models"] if args.models else []))
|
(["Models"] if args.models else []))
|
||||||
tbl = []
|
tbl = []
|
||||||
for k in sorted(m.keys()):
|
for k in sorted(m.keys()):
|
||||||
@ -679,19 +562,14 @@ def print_summary(revs, cmap, args):
|
|||||||
tbl.append([mc_stripped_path(mc),
|
tbl.append([mc_stripped_path(mc),
|
||||||
"0x%x" % mc["offs"],
|
"0x%x" % mc["offs"],
|
||||||
"0x%x" % mc["ext_offs"] if "ext_offs" in mc else "-",
|
"0x%x" % mc["ext_offs"] if "ext_offs" in mc else "-",
|
||||||
"0x%05x" % mc["data_size"],
|
|
||||||
"0x%05x" % mc["total_size"],
|
|
||||||
"0x%05x" % mc["cpuid"],
|
"0x%05x" % mc["cpuid"],
|
||||||
"0x%02x" % mc["pf"],
|
"0x%02x" % mc["pf"],
|
||||||
mc_rev(mc, date=False),
|
mc_rev(mc, date=False),
|
||||||
mc_date(mc),
|
mc_date(mc),
|
||||||
"0x%08x" % (mc["ext_cksum"]
|
"0x%08x" % mc["cksum"],
|
||||||
if "ext_cksum" in mc else mc["cksum"]),
|
get_mc_cnames(mc, cmap, cnames_mode) or ""] +
|
||||||
get_mc_cnames(mc, cmap, cnames_mode,
|
|
||||||
segment=args.segment) or ""] +
|
|
||||||
([get_mc_cnames(mc, cmap,
|
([get_mc_cnames(mc, cmap,
|
||||||
mcnm.MCNM_FAMILIES_MODELS,
|
mcnm.MCNM_FAMILIES_MODELS)]
|
||||||
segment=args.segment)]
|
|
||||||
if args.models else []))
|
if args.models else []))
|
||||||
|
|
||||||
print_table(tbl, header, style=TableStyles.TS_FANCY)
|
print_table(tbl, header, style=TableStyles.TS_FANCY)
|
||||||
@ -807,7 +685,7 @@ def print_discrepancies(rev_map, deps, cmap, args):
|
|||||||
|
|
||||||
if print_out and print_date:
|
if print_out and print_date:
|
||||||
if args.models:
|
if args.models:
|
||||||
out.append(get_mc_cnames(s, cmap, segment=args.segment) or "")
|
out.append(get_mc_cnames(s, cmap) or "")
|
||||||
tbl.append(out)
|
tbl.append(out)
|
||||||
|
|
||||||
print_table(tbl, header, style=TableStyles.TS_FANCY)
|
print_table(tbl, header, style=TableStyles.TS_FANCY)
|
||||||
@ -816,7 +694,7 @@ def print_discrepancies(rev_map, deps, cmap, args):
|
|||||||
def cmd_summary(args):
|
def cmd_summary(args):
|
||||||
revs = []
|
revs = []
|
||||||
for p in args.filelist:
|
for p in args.filelist:
|
||||||
revs = read_revs(p, args, ret=revs)
|
revs = read_revs(p, ret=revs)
|
||||||
|
|
||||||
codenames_map = read_codenames_file(args.codenames)
|
codenames_map = read_codenames_file(args.codenames)
|
||||||
|
|
||||||
@ -830,8 +708,8 @@ def cmd_changelog(args):
|
|||||||
base_path = args.filelist[0]
|
base_path = args.filelist[0]
|
||||||
upd_path = args.filelist[1]
|
upd_path = args.filelist[1]
|
||||||
|
|
||||||
base = read_revs(base_path, args)
|
base = read_revs(base_path)
|
||||||
upd = read_revs(upd_path, args)
|
upd = read_revs(upd_path)
|
||||||
|
|
||||||
print_changelog(gen_changelog(base, upd), codenames_map, args)
|
print_changelog(gen_changelog(base, upd), codenames_map, args)
|
||||||
|
|
||||||
@ -872,7 +750,7 @@ def cmd_discrepancies(args):
|
|||||||
(orig_path, dep))
|
(orig_path, dep))
|
||||||
return 1
|
return 1
|
||||||
deps.append((path, name, deps[dep][0] if dep is not None else None))
|
deps.append((path, name, deps[dep][0] if dep is not None else None))
|
||||||
rev_map[path] = gen_fn_map(read_revs(path, args), merge=args.merge,
|
rev_map[path] = gen_fn_map(read_revs(path), merge=args.merge,
|
||||||
merge_path=True)
|
merge_path=True)
|
||||||
|
|
||||||
print_discrepancies(rev_map, deps, codenames_map, args)
|
print_discrepancies(rev_map, deps, codenames_map, args)
|
||||||
@ -888,22 +766,6 @@ def parse_cli():
|
|||||||
help="Code names file")
|
help="Code names file")
|
||||||
root_parser.add_argument("-v", "--verbose", action="count", default=0,
|
root_parser.add_argument("-v", "--verbose", action="count", default=0,
|
||||||
help="Increase output verbosity")
|
help="Increase output verbosity")
|
||||||
root_parser.add_argument("-E", "--no-ignore-ext-duplicates",
|
|
||||||
action="store_const", dest="ignore_ext_dups",
|
|
||||||
default=False, const=False,
|
|
||||||
help="Do not ignore duplicates of the main " +
|
|
||||||
"signature in the extended signature header")
|
|
||||||
root_parser.add_argument("-e", "--ignore-ext-duplicates",
|
|
||||||
action="store_const", dest="ignore_ext_dups",
|
|
||||||
const=True,
|
|
||||||
help="Ignore duplicates of the main signature " +
|
|
||||||
"in the extended signature header")
|
|
||||||
root_parser.add_argument("-t", "--print-segment", action="store_const",
|
|
||||||
dest="segment", const=True,
|
|
||||||
help="Print model segment")
|
|
||||||
root_parser.add_argument("-T", "--no-print-segment", action="store_const",
|
|
||||||
dest="segment", const=False, default=False,
|
|
||||||
help="Do not print model segment")
|
|
||||||
|
|
||||||
cmdparsers = root_parser.add_subparsers(title="Commands",
|
cmdparsers = root_parser.add_subparsers(title="Commands",
|
||||||
help="main gen_updates commands")
|
help="main gen_updates commands")
|
||||||
@ -932,8 +794,6 @@ def parse_cli():
|
|||||||
|
|
||||||
parser_c = cmdparsers.add_parser("changelog",
|
parser_c = cmdparsers.add_parser("changelog",
|
||||||
help="Generate changelog")
|
help="Generate changelog")
|
||||||
parser_c.add_argument("-F", "--format", choices=["rpm", "intel"],
|
|
||||||
default="rpm", help="Changelog format")
|
|
||||||
parser_c.add_argument("filelist", nargs=2,
|
parser_c.add_argument("filelist", nargs=2,
|
||||||
help="RPMs/directories to compare")
|
help="RPMs/directories to compare")
|
||||||
parser_c.set_defaults(func=cmd_changelog)
|
parser_c.set_defaults(func=cmd_changelog)
|
||||||
@ -980,10 +840,6 @@ def parse_cli():
|
|||||||
if not hasattr(args, "func"):
|
if not hasattr(args, "func"):
|
||||||
root_parser.print_help()
|
root_parser.print_help()
|
||||||
return None
|
return None
|
||||||
|
|
||||||
global log_level
|
|
||||||
log_level = args.verbose
|
|
||||||
|
|
||||||
return args
|
return args
|
||||||
|
|
||||||
|
|
||||||
|
@ -5,8 +5,6 @@
|
|||||||
#
|
#
|
||||||
# SPDX-License-Identifier: CC0-1.0
|
# SPDX-License-Identifier: CC0-1.0
|
||||||
|
|
||||||
export LC_ALL=C
|
|
||||||
|
|
||||||
CHECK_CAVEATS=/usr/libexec/microcode_ctl/check_caveats
|
CHECK_CAVEATS=/usr/libexec/microcode_ctl/check_caveats
|
||||||
IGNORE_HYPERVISOR="/etc/microcode_ctl/ignore-hypervisor-flag"
|
IGNORE_HYPERVISOR="/etc/microcode_ctl/ignore-hypervisor-flag"
|
||||||
|
|
||||||
|
@ -5,8 +5,6 @@
|
|||||||
#
|
#
|
||||||
# SPDX-License-Identifier: CC0-1.0
|
# SPDX-License-Identifier: CC0-1.0
|
||||||
|
|
||||||
export LC_ALL=C
|
|
||||||
|
|
||||||
usage()
|
usage()
|
||||||
{
|
{
|
||||||
echo "Usage: update_ucode [--action {add|remove|refresh|list}]" \
|
echo "Usage: update_ucode [--action {add|remove|refresh|list}]" \
|
||||||
@ -17,11 +15,6 @@ usage()
|
|||||||
|
|
||||||
debug() { [ 0 = "$verbose" ] || echo "$*" >&2; }
|
debug() { [ 0 = "$verbose" ] || echo "$*" >&2; }
|
||||||
|
|
||||||
# Calls find only if the first argument exists and is a directory.
|
|
||||||
# Avoids spurious "find: '...' No such file or directory" for the directories
|
|
||||||
# that may not exist.
|
|
||||||
find_d() { [ \! -d "$1" ] || find "$@"; }
|
|
||||||
|
|
||||||
MC_DIR=/usr/share/microcode_ctl
|
MC_DIR=/usr/share/microcode_ctl
|
||||||
INTEL_UCODE_DIR=intel-ucode
|
INTEL_UCODE_DIR=intel-ucode
|
||||||
DATA_DIR=/usr/share/microcode_ctl/ucode_with_caveats
|
DATA_DIR=/usr/share/microcode_ctl/ucode_with_caveats
|
||||||
@ -86,16 +79,16 @@ add|remove|refresh|list)
|
|||||||
if [ -z "$kernel" ]; then
|
if [ -z "$kernel" ]; then
|
||||||
debug "No kernel versions provided, scanning..."
|
debug "No kernel versions provided, scanning..."
|
||||||
|
|
||||||
kvers=$(find_d /lib/modules/ -name '[2-9].*' -print)
|
kvers=$(find /lib/modules/ -name '[2-9].*' -print)
|
||||||
for k_dir in $kvers; do
|
for k_dir in $kvers; do
|
||||||
k="${k_dir#/lib/modules/}"
|
k="${k_dir#/lib/modules/}"
|
||||||
[ ! -e "${k_dir}/symvers.gz" -a ! -e "${k_dir}/symvers.xz" ] || {
|
[ ! -e "${k_dir}/symvers.gz" ] || {
|
||||||
debug " Adding $k (from /lib/modules)"
|
debug " Adding $k (from /lib/modules)"
|
||||||
kernel="$kernel $k"
|
kernel="$kernel $k"
|
||||||
}
|
}
|
||||||
done
|
done
|
||||||
|
|
||||||
kvers=$(find_d /lib/firmware/ -name '[2-9].*' -print)
|
kvers=$(find /lib/firmware/ -name '[2-9].*' -print)
|
||||||
for k_dir in $kvers; do
|
for k_dir in $kvers; do
|
||||||
k="${k_dir#/lib/firmware/}"
|
k="${k_dir#/lib/firmware/}"
|
||||||
[ ! -d "$k_dir" ] || {
|
[ ! -d "$k_dir" ] || {
|
||||||
@ -136,7 +129,7 @@ while :; do
|
|||||||
refresh|remove|list)
|
refresh|remove|list)
|
||||||
debug " Removing old files from ${FW_DIR}/${INTEL_UCODE_DIR}"
|
debug " Removing old files from ${FW_DIR}/${INTEL_UCODE_DIR}"
|
||||||
if [ 0 = "$remove_cleanup" ]; then
|
if [ 0 = "$remove_cleanup" ]; then
|
||||||
find_d "${MC_DIR}/${INTEL_UCODE_DIR}" \
|
find "${MC_DIR}/${INTEL_UCODE_DIR}" \
|
||||||
-maxdepth 1 -mindepth 1 \
|
-maxdepth 1 -mindepth 1 \
|
||||||
-type f -printf '%f\n'
|
-type f -printf '%f\n'
|
||||||
else
|
else
|
||||||
@ -158,17 +151,6 @@ while :; do
|
|||||||
$cmd rm -f $verbose_opt "$name"
|
$cmd rm -f $verbose_opt "$name"
|
||||||
done
|
done
|
||||||
[ "xlist" = "x$action" ] || {
|
[ "xlist" = "x$action" ] || {
|
||||||
# Removing possible dangling symlinks
|
|
||||||
find_d "${FW_DIR}/${INTEL_UCODE_DIR}" \
|
|
||||||
-maxdepth 1 -mindepth 1 \
|
|
||||||
-type l -printf '%p\n' \
|
|
||||||
| while read -r fname; do
|
|
||||||
[ -e "$fname" ] || {
|
|
||||||
debug " Removing danging symlink \"$fname\""
|
|
||||||
$cmd rm -f $verbose_opt "$fname"
|
|
||||||
}
|
|
||||||
done
|
|
||||||
|
|
||||||
$cmd rmdir -p $verbose_opt \
|
$cmd rmdir -p $verbose_opt \
|
||||||
"${FW_DIR}/${INTEL_UCODE_DIR}" 2>/dev/null \
|
"${FW_DIR}/${INTEL_UCODE_DIR}" 2>/dev/null \
|
||||||
|| true
|
|| true
|
||||||
@ -221,7 +203,7 @@ fi | while read -r i; do
|
|||||||
debug " Removing \"$paths\" (part of $action)..."
|
debug " Removing \"$paths\" (part of $action)..."
|
||||||
|
|
||||||
for p in $(printf "%s" "$paths"); do
|
for p in $(printf "%s" "$paths"); do
|
||||||
find_d "$DATA_DIR/$i" -path "$DATA_DIR/$i/$p" \
|
find "$DATA_DIR/$i" -path "$DATA_DIR/$i/$p" \
|
||||||
-printf "%P\n"
|
-printf "%P\n"
|
||||||
done | while read -r path; do
|
done | while read -r path; do
|
||||||
[ -e "$FW_DIR/$k/readme-$i" ] || {
|
[ -e "$FW_DIR/$k/readme-$i" ] || {
|
||||||
@ -243,7 +225,6 @@ fi | while read -r i; do
|
|||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
|
||||||
|
|
||||||
if [ -e "$FW_DIR/$k/readme-$i" ]; then
|
if [ -e "$FW_DIR/$k/readme-$i" ]; then
|
||||||
if [ "xlist" = "x$action" ]; then
|
if [ "xlist" = "x$action" ]; then
|
||||||
echo "$FW_DIR/$k/readme-$i"
|
echo "$FW_DIR/$k/readme-$i"
|
||||||
@ -272,14 +253,14 @@ fi | while read -r i; do
|
|||||||
add|refresh)
|
add|refresh)
|
||||||
debug " Adding $paths (part of $action)..."
|
debug " Adding $paths (part of $action)..."
|
||||||
|
|
||||||
[ -e "/lib/modules/$k/symvers.gz" -o -e "/lib/modules/$k/symvers.xz" ] || {
|
[ -e "/lib/modules/$k/symvers.gz" ] || {
|
||||||
debug " \"/lib/modules/$k/symvers.[gx]z\"" \
|
debug " \"/lib/modules/$k/symvers.gz\"" \
|
||||||
"does not exist, skipping"
|
"does not exist, skipping"
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
for p in $(printf "%s" "$paths"); do
|
for p in $(printf "%s" "$paths"); do
|
||||||
find_d "$DATA_DIR/$i" -path "$DATA_DIR/$i/$p" \
|
find "$DATA_DIR/$i" -path "$DATA_DIR/$i/$p" \
|
||||||
-printf "%P\n"
|
-printf "%P\n"
|
||||||
done | while read -r path; do
|
done | while read -r path; do
|
||||||
[ ! -e "$FW_DIR/$k/$path" ] || {
|
[ ! -e "$FW_DIR/$k/$path" ] || {
|
||||||
@ -307,17 +288,3 @@ fi | while read -r i; do
|
|||||||
esac
|
esac
|
||||||
done
|
done
|
||||||
done
|
done
|
||||||
|
|
||||||
# Removing possible dangling symlinks in kernel-specific directories
|
|
||||||
debug "Checking for dangling symlinks..."
|
|
||||||
for k in $(echo "$kernel"); do
|
|
||||||
debug " Processing kernel version \"$k\""
|
|
||||||
find_d "${FW_DIR}/${k}" \
|
|
||||||
-mindepth 1 -type l -printf '%p\n' \
|
|
||||||
| while read -r fname; do
|
|
||||||
[ -e "$fname" ] || {
|
|
||||||
debug " Removing danging symlink \"$fname\""
|
|
||||||
$cmd rm -f $verbose_opt "$fname"
|
|
||||||
}
|
|
||||||
done
|
|
||||||
done
|
|
||||||
|
File diff suppressed because it is too large
Load Diff
Loading…
Reference in New Issue
Block a user