diff options
author | Hilton Chain <hako@ultrarare.space> | 2023-07-27 14:42:59 +0800 |
---|---|---|
committer | Hilton Chain <hako@ultrarare.space> | 2023-10-03 20:21:42 +0800 |
commit | 99a46ecb2647148f64da3c7e4bd6bfee3b89cdd4 (patch) | |
tree | f58a4040740125e11c21715cdd9b1a8411c92049 /gnu | |
parent | 5f81d31aa46a64fc0fb7c1074a5b37ca735245d5 (diff) | |
download | guix-99a46ecb2647148f64da3c7e4bd6bfee3b89cdd4.tar.gz |
gnu: spectre-meltdown-checker: Update to 0.46.
* gnu/packages/patches/spectre-meltdown-checker-externalize-fwdb.patch: Update patch. * gnu/packages/patches/spectre-meltdown-checker-find-kernel.patch: Delete file * gnu/local.mk (dist_patch_DATA): Remove it. * gnu/packages/linux.scm (spectre-meltdown-checker): Update to 0.46. [#:phases]<fixpath>: Correct name for bunzip2. Substitute lzop and mktemp as well.
Diffstat (limited to 'gnu')
-rw-r--r-- | gnu/local.mk | 1 | ||||
-rw-r--r-- | gnu/packages/linux.scm | 13 | ||||
-rw-r--r-- | gnu/packages/patches/spectre-meltdown-checker-externalize-fwdb.patch | 109 | ||||
-rw-r--r-- | gnu/packages/patches/spectre-meltdown-checker-find-kernel.patch | 26 |
4 files changed, 96 insertions, 53 deletions
diff --git a/gnu/local.mk b/gnu/local.mk index 07feef909e..512d147ef3 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1984,7 +1984,6 @@ dist_patch_DATA = \ %D%/packages/patches/softhsm-fix-openssl3-tests.patch \ %D%/packages/patches/spectre-meltdown-checker-externalize-fwdb.patch \ %D%/packages/patches/spdlog-fix-tests.patch \ - %D%/packages/patches/spectre-meltdown-checker-find-kernel.patch \ %D%/packages/patches/sphinxbase-fix-doxygen.patch \ %D%/packages/patches/sssd-system-directories.patch \ %D%/packages/patches/steghide-fixes.patch \ diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index a3f74cd253..b08eb102fe 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -10349,7 +10349,7 @@ error detection and correction (EDAC).") (define-public spectre-meltdown-checker (package (name "spectre-meltdown-checker") - (version "0.45") + (version "0.46") (source (origin (method git-fetch) (uri (git-reference @@ -10358,15 +10358,14 @@ error detection and correction (EDAC).") (file-name (git-file-name name version)) (patches (search-patches - "spectre-meltdown-checker-externalize-fwdb.patch" - "spectre-meltdown-checker-find-kernel.patch")) + "spectre-meltdown-checker-externalize-fwdb.patch")) ;; Remove builtin firmware database. (modules '((guix build utils))) (snippet '(substitute* "spectre-meltdown-checker.sh" (("^# [AI],.*") ""))) (sha256 (base32 - "1xx8h5791lhc2xw0dcbzjkklzvlxwxkjzh8di4g8divfy24fqsn8")))) + "0j42p6dayb7k87kf8sqimxlaswis3qh0569a15zccyknv9vf129k")))) (build-system copy-build-system) (arguments (list @@ -10385,11 +10384,11 @@ error detection and correction (EDAC).") (find-command inputs cmd)) ;; Commands safe to substitute directly. - (("\\<(awk|(base|dir)name|bunzip|g(un)?zip|lz4)\\>" all cmd) + (("\\<(awk|(base|dir)name|bunzip2|g(un)?zip|lz4)\\>" all cmd) (find-command inputs cmd)) - (("\\<(modprobe|pgrep|rmmod|umount|unlzma)\\>" all cmd) + (("\\<(lzop|mktemp|modprobe|pgrep|rmmod|umount)\\>" all cmd) (find-command inputs cmd)) - (("\\<(unxz|unzstd|uuencode)\\>" all cmd) + (("\\<(unlzma|unxz|unzstd|uuencode)\\>" all cmd) (find-command inputs cmd)) ;; Commands which should only be substituted based on their diff --git a/gnu/packages/patches/spectre-meltdown-checker-externalize-fwdb.patch b/gnu/packages/patches/spectre-meltdown-checker-externalize-fwdb.patch index cce70b880f..35673ceb91 100644 --- a/gnu/packages/patches/spectre-meltdown-checker-externalize-fwdb.patch +++ b/gnu/packages/patches/spectre-meltdown-checker-externalize-fwdb.patch @@ -1,27 +1,28 @@ -From 340b08737e552c3c186863d76d123808d853a159 Mon Sep 17 00:00:00 2001 +From 8caeb440a176cb7f8908403da51106c74e2b5cb8 Mon Sep 17 00:00:00 2001 From: Hilton Chain <hako@ultrarare.space> -Date: Sat, 12 Nov 2022 22:45:24 +0800 +Date: Thu, 27 Jul 2023 14:45:14 +0800 Subject: [PATCH] Replace fwdb downloader with a local file option. Also warn about non-free software. --- - spectre-meltdown-checker.sh | 180 +++--------------------------------- - 1 file changed, 15 insertions(+), 165 deletions(-) + spectre-meltdown-checker.sh | 253 +++--------------------------------- + 1 file changed, 17 insertions(+), 236 deletions(-) diff --git a/spectre-meltdown-checker.sh b/spectre-meltdown-checker.sh -index 30f760c..ce46970 100755 +index e7b6b33..33bdf71 100755 --- a/spectre-meltdown-checker.sh +++ b/spectre-meltdown-checker.sh -@@ -22,8 +22,6 @@ exit_cleanup() +@@ -23,9 +23,6 @@ exit_cleanup() [ -n "${dumped_config:-}" ] && [ -f "$dumped_config" ] && rm -f "$dumped_config" [ -n "${kerneltmp:-}" ] && [ -f "$kerneltmp" ] && rm -f "$kerneltmp" [ -n "${kerneltmp2:-}" ] && [ -f "$kerneltmp2" ] && rm -f "$kerneltmp2" - [ -n "${mcedb_tmp:-}" ] && [ -f "$mcedb_tmp" ] && rm -f "$mcedb_tmp" - [ -n "${intel_tmp:-}" ] && [ -d "$intel_tmp" ] && rm -rf "$intel_tmp" +- [ -n "${linuxfw_tmp:-}" ] && [ -f "$linuxfw_tmp" ] && rm -f "$linuxfw_tmp" [ "${mounted_debugfs:-}" = 1 ] && umount /sys/kernel/debug 2>/dev/null [ "${mounted_procfs:-}" = 1 ] && umount "$procfs" 2>/dev/null [ "${insmod_cpuid:-}" = 1 ] && rmmod cpuid 2>/dev/null -@@ -93,9 +91,9 @@ show_usage() +@@ -97,9 +94,9 @@ show_usage() --vmm [auto,yes,no] override the detection of the presence of a hypervisor, default: auto --allow-msr-write allow probing for write-only MSRs, this might produce kernel logs or be blocked by your system --cpu [#,all] interact with CPUID and MSR of CPU core number #, or all (default: CPU core 0) @@ -34,10 +35,33 @@ index 30f760c..ce46970 100755 --dump-mock-data used to mimick a CPU on an other system, mainly used to help debugging this script Return codes: -@@ -837,147 +833,6 @@ show_header() +@@ -858,217 +855,6 @@ show_header() _info } +-# Family-Model-Stepping to CPUID +-# prints CPUID in base-10 to stdout +-fms2cpuid() +-{ +- _family="$1" +- _model="$2" +- _stepping="$3" +- +- if [ "$(( _family ))" -le 15 ]; then +- _extfamily=0 +- _lowfamily=$(( _family )) +- else +- # when we have a family > 0xF, then lowfamily is stuck at 0xF +- # and extfamily is ADDED to it (as in "+"), to ensure old software +- # never sees a lowfamily < 0xF for newer families +- _lowfamily=15 +- _extfamily=$(( (_family) - 15 )) +- fi +- _extmodel=$(( (_model & 0xF0 ) >> 4 )) +- _lowmodel=$(( (_model & 0x0F ) >> 0 )) +- echo $(( (_stepping & 0x0F) | (_lowmodel << 4) | (_lowfamily << 8) | (_extmodel << 16) | (_extfamily << 20) )) +-} +- -[ -z "$HOME" ] && HOME="$(getent passwd "$(whoami)" | cut -d: -f6)" -mcedb_cache="$HOME/.mcedb" -update_fwdb() @@ -97,13 +121,15 @@ index 30f760c..ce46970 100755 - echo ERROR "please install the \`sqlite3\` program" - return 1 - fi -- mcedb_revision=$(sqlite3 "$mcedb_tmp" "select revision from MCE") +- mcedb_revision=$(sqlite3 "$mcedb_tmp" "SELECT \"revision\" from \"MCE\"") - if [ -z "$mcedb_revision" ]; then - echo ERROR "downloaded file seems invalid" - return 1 - fi -- sqlite3 "$mcedb_tmp" "alter table Intel add column origin text" -- sqlite3 "$mcedb_tmp" "update Intel set origin='mce'" +- sqlite3 "$mcedb_tmp" "ALTER TABLE \"Intel\" ADD COLUMN \"origin\" TEXT" +- sqlite3 "$mcedb_tmp" "ALTER TABLE \"AMD\" ADD COLUMN \"origin\" TEXT" +- sqlite3 "$mcedb_tmp" "UPDATE \"Intel\" SET \"origin\"='mce'" +- sqlite3 "$mcedb_tmp" "UPDATE \"AMD\" SET \"origin\"='mce'" - - echo OK "MCExtractor database revision $mcedb_revision" - @@ -141,7 +167,7 @@ index 30f760c..ce46970 100755 - _version=$(echo "$_line" | awk '{print $8}') - _version=$(( _version )) - _version=$(printf "0x%08X" "$_version") -- _sqlstm="$(printf "INSERT INTO Intel (origin,cpuid,version,yyyymmdd) VALUES (\"%s\",\"%s\",\"%s\",\"%s\");" "intel" "$(printf "%08X" "$_cpuid")" "$(printf "%08X" "$_version")" "$_date")" +- _sqlstm="$(printf "INSERT INTO \"Intel\" (\"origin\",\"cpuid\",\"version\",\"yyyymmdd\") VALUES ('%s','%s','%s','%s');" "intel" "$(printf "%08X" "$_cpuid")" "$(printf "%08X" "$_version")" "$_date")" - sqlite3 "$mcedb_tmp" "$_sqlstm" - done - _intel_timestamp=$(stat -c %Y "$intel_tmp/Intel-Linux-Processor-Microcode-Data-Files-main/license" 2>/dev/null) @@ -150,10 +176,52 @@ index 30f760c..ce46970 100755 - _intel_latest_date=$(date +%Y%m%d -d @"$_intel_timestamp") - else - echo "Falling back to the latest microcode date" -- _intel_latest_date=$(sqlite3 "$mcedb_tmp" "SELECT yyyymmdd from Intel WHERE origin = 'intel' ORDER BY yyyymmdd DESC LIMIT 1;") +- _intel_latest_date=$(sqlite3 "$mcedb_tmp" "SELECT \"yyyymmdd\" FROM \"Intel\" WHERE \"origin\"='intel' ORDER BY \"yyyymmdd\" DESC LIMIT 1;") - fi - echo DONE "(version $_intel_latest_date)" - +- # now parse the most recent linux-firmware amd-ucode README file +- _info_nol "Fetching latest amd-ucode README from linux-firmware project... " +- linuxfw_url="https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tree/amd-ucode/README" +- linuxfw_tmp=$(mktemp -t smc-linuxfw-XXXXXX) +- if command -v wget >/dev/null 2>&1; then +- wget -q "$linuxfw_url" -O "$linuxfw_tmp"; ret=$? +- elif command -v curl >/dev/null 2>&1; then +- curl -sL "$linuxfw_url" -o "$linuxfw_tmp"; ret=$? +- elif command -v fetch >/dev/null 2>&1; then +- fetch -q "$linuxfw_url" -o "$linuxfw_tmp"; ret=$? +- else +- echo ERROR "please install one of \`wget\`, \`curl\` of \`fetch\` programs" +- return 1 +- fi +- if [ "$ret" != 0 ]; then +- echo ERROR "error $ret while downloading linux-firmware README" +- return $ret +- fi +- echo DONE +- +- _info_nol "Parsing the README... " +- nbfound=0 +- for line in $(grep -E 'Family=0x[0-9a-f]+ Model=0x[0-9a-f]+ Stepping=0x[0-9a-f]+: Patch=0x[0-9a-f]+' "$linuxfw_tmp" | tr " " ","); do +- _debug "Parsing line $line" +- _family=$( echo "$line" | grep -Eoi 'Family=0x[0-9a-f]+' | cut -d= -f2) +- _model=$( echo "$line" | grep -Eoi 'Model=0x[0-9a-f]+' | cut -d= -f2) +- _stepping=$(echo "$line" | grep -Eoi 'Stepping=0x[0-9a-f]+' | cut -d= -f2) +- _version=$( echo "$line" | grep -Eoi 'Patch=0x[0-9a-f]+' | cut -d= -f2) +- _version=$(printf "0x%08X" "$(( _version ))") +- _cpuid=$(fms2cpuid "$_family" "$_model" "$_stepping") +- _cpuid=$(printf "0x%08X" "$_cpuid") +- _date="20000101" +- _sqlstm="$(printf "INSERT INTO \"AMD\" (\"origin\",\"cpuid\",\"version\",\"yyyymmdd\") VALUES ('%s','%s','%s','%s');" "linux-firmware" "$(printf "%08X" "$_cpuid")" "$(printf "%08X" "$_version")" "$_date")" +- _debug "family $_family model $_model stepping $_stepping cpuid $_cpuid" +- _debug "$_sqlstm" +- sqlite3 "$mcedb_tmp" "$_sqlstm" +- nbfound=$((nbfound + 1)) +- unset _family _model _stepping _version _cpuid _date _sqlstm +- done +- echo "found $nbfound microcodes" +- unset nbfound +- - dbversion="$mcedb_revision+i$_intel_latest_date" - - if [ "$1" != builtin ] && [ -n "$previous_dbversion" ] && [ "$previous_dbversion" = "v$dbversion" ]; then @@ -165,8 +233,11 @@ index 30f760c..ce46970 100755 - { - echo "# Spectre & Meltdown Checker"; - echo "# %%% MCEDB v$dbversion"; -- sqlite3 "$mcedb_tmp" "SELECT '# I,0x'||t1.cpuid||',0x'||MAX(t1.version)||','||t1.yyyymmdd FROM Intel AS t1 LEFT OUTER JOIN Intel AS t2 ON t2.cpuid=t1.cpuid AND t2.yyyymmdd > t1.yyyymmdd WHERE t2.yyyymmdd IS NULL GROUP BY t1.cpuid ORDER BY t1.cpuid ASC;" | grep -v '^# .,0x00000000,'; -- sqlite3 "$mcedb_tmp" "SELECT '# A,0x'||t1.cpuid||',0x'||MAX(t1.version)||','||t1.yyyymmdd FROM AMD AS t1 LEFT OUTER JOIN AMD AS t2 ON t2.cpuid=t1.cpuid AND t2.yyyymmdd > t1.yyyymmdd WHERE t2.yyyymmdd IS NULL GROUP BY t1.cpuid ORDER BY t1.cpuid ASC;" | grep -v '^# .,0x00000000,'; +- # ensure the official Intel DB always has precedence over mcedb, even if mcedb has seen a more recent fw +- sqlite3 "$mcedb_tmp" "DELETE FROM \"Intel\" WHERE \"origin\"!='intel' AND \"cpuid\" IN (SELECT \"cpuid\" FROM \"Intel\" WHERE \"origin\"='intel' GROUP BY \"cpuid\" ORDER BY \"cpuid\" ASC);" +- # we'll use the more recent fw for Intel and AMD +- sqlite3 "$mcedb_tmp" "SELECT '# I,0x'||\"t1\".\"cpuid\"||',0x'||MAX(\"t1\".\"version\")||','||\"t1\".\"yyyymmdd\" FROM \"Intel\" AS \"t1\" LEFT OUTER JOIN \"Intel\" AS \"t2\" ON \"t2\".\"cpuid\"=\"t1\".\"cpuid\" AND \"t2\".\"yyyymmdd\" > \"t1\".\"yyyymmdd\" WHERE \"t2\".\"yyyymmdd\" IS NULL GROUP BY \"t1\".\"cpuid\" ORDER BY \"t1\".\"cpuid\" ASC;" | grep -v '^# .,0x00000000,'; +- sqlite3 "$mcedb_tmp" "SELECT '# A,0x'||\"t1\".\"cpuid\"||',0x'||MAX(\"t1\".\"version\")||','||\"t1\".\"yyyymmdd\" FROM \"AMD\" AS \"t1\" LEFT OUTER JOIN \"AMD\" AS \"t2\" ON \"t2\".\"cpuid\"=\"t1\".\"cpuid\" AND \"t2\".\"yyyymmdd\" > \"t1\".\"yyyymmdd\" WHERE \"t2\".\"yyyymmdd\" IS NULL GROUP BY \"t1\".\"cpuid\" ORDER BY \"t1\".\"cpuid\" ASC;" | grep -v '^# .,0x00000000,'; - } > "$mcedb_cache" - echo DONE "(version $dbversion)" - @@ -182,7 +253,7 @@ index 30f760c..ce46970 100755 parse_opt_file() { # parse_opt_file option_name option_value -@@ -1067,12 +922,15 @@ while [ -n "${1:-}" ]; do +@@ -1158,12 +944,15 @@ while [ -n "${1:-}" ]; do # deprecated, kept for compatibility opt_explain=0 shift @@ -204,7 +275,7 @@ index 30f760c..ce46970 100755 elif [ "$1" = "--dump-mock-data" ]; then opt_mock=1 shift -@@ -2033,21 +1891,11 @@ is_xen_domU() +@@ -2192,21 +1981,11 @@ is_xen_domU() fi } @@ -228,7 +299,7 @@ index 30f760c..ce46970 100755 fi read_mcedb() { -@@ -2063,7 +1911,9 @@ is_latest_known_ucode() +@@ -2222,7 +2001,9 @@ is_latest_known_ucode() return 2 fi ucode_latest="latest microcode version for your CPU model is unknown" @@ -240,5 +311,5 @@ index 30f760c..ce46970 100755 elif is_amd; then cpu_brand_prefix=A -- -2.38.1 +2.41.0 diff --git a/gnu/packages/patches/spectre-meltdown-checker-find-kernel.patch b/gnu/packages/patches/spectre-meltdown-checker-find-kernel.patch deleted file mode 100644 index c0e24d8eed..0000000000 --- a/gnu/packages/patches/spectre-meltdown-checker-find-kernel.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 5b757d930ec0cf102b03fb9817d17e06c72e74b3 Mon Sep 17 00:00:00 2001 -From: Hilton Chain <hako@ultrarare.space> -Date: Sat, 5 Nov 2022 23:22:31 +0800 -Subject: [PATCH] Locate the kernel bzimage used by Guix System - ---- - spectre-meltdown-checker.sh | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/spectre-meltdown-checker.sh b/spectre-meltdown-checker.sh -index 248a444..855a090 100755 ---- a/spectre-meltdown-checker.sh -+++ b/spectre-meltdown-checker.sh -@@ -2251,6 +2251,8 @@ if [ "$opt_live" = 1 ]; then - [ -e "/boot/kernel-genkernel-$(uname -m)-$(uname -r)" ] && opt_kernel="/boot/kernel-genkernel-$(uname -m)-$(uname -r)" - # NixOS: - [ -e "/run/booted-system/kernel" ] && opt_kernel="/run/booted-system/kernel" -+ # Guix System: -+ [ -e "/run/booted-system/kernel/bzImage" ] && opt_kernel="/run/booted-system/kernel/bzImage" - # systemd kernel-install: - [ -e "/etc/machine-id" ] && [ -e "/boot/$(cat /etc/machine-id)/$(uname -r)/linux" ] && opt_kernel="/boot/$(cat /etc/machine-id)/$(uname -r)/linux" - # Clear Linux: - -base-commit: a6c943d38f315f339697ec26e7374a09b88f2183 --- -2.38.0 |