(address . guix-patches@gnu.org)(name . Hilton Chain)(address . hako@ultrarare.space)
* gnu/packages/patches/spectre-meltdown-checker-externalize-fwdb.patch: Update
patch.
* gnu/packages/patches/spectre-meltdown-checker-find-kernel.patch: Delete file
* gnu/local.mk (dist_patch_DATA): Remove it.
* gnu/packages/linux.scm (spectre-meltdown-checker): Update to 0.46.
[arguments]<#:phases>: Correct bunzip2, substitute lzop and mktemp.
---
gnu/local.mk | 1 -
gnu/packages/linux.scm | 13 +--
...re-meltdown-checker-externalize-fwdb.patch | 109 +++++++++++++++---
...spectre-meltdown-checker-find-kernel.patch | 26 -----
4 files changed, 96 insertions(+), 53 deletions(-)
delete mode 100644 gnu/packages/patches/spectre-meltdown-checker-find-kernel.patch
Toggle diff (299 lines)
diff --git a/gnu/local.mk b/gnu/local.mk
index ae2f3dd49f..85522d8b58 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1951,7 +1951,6 @@ dist_patch_DATA = \
%D%/packages/patches/source-highlight-gcc-compat.patch \
%D%/packages/patches/softhsm-fix-openssl3-tests.patch \
%D%/packages/patches/spectre-meltdown-checker-externalize-fwdb.patch \
- %D%/packages/patches/spectre-meltdown-checker-find-kernel.patch \
%D%/packages/patches/sphinxbase-fix-doxygen.patch \
%D%/packages/patches/sssd-system-directories.patch \
%D%/packages/patches/steghide-fixes.patch \
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 250e26cf09..379b8e6b63 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -10314,7 +10314,7 @@ (define-public edac-utils
(define-public spectre-meltdown-checker
(package
(name "spectre-meltdown-checker")
- (version "0.45")
+ (version "0.46")
(source (origin
(method git-fetch)
(uri (git-reference
@@ -10323,15 +10323,14 @@ (define-public spectre-meltdown-checker
(file-name (git-file-name name version))
(patches
(search-patches
- "spectre-meltdown-checker-externalize-fwdb.patch"
- "spectre-meltdown-checker-find-kernel.patch"))
+ "spectre-meltdown-checker-externalize-fwdb.patch"))
;; Remove builtin firmware database.
(modules '((guix build utils)))
(snippet '(substitute* "spectre-meltdown-checker.sh"
(("^# [AI],.*") "")))
(sha256
(base32
- "1xx8h5791lhc2xw0dcbzjkklzvlxwxkjzh8di4g8divfy24fqsn8"))))
+ "0j42p6dayb7k87kf8sqimxlaswis3qh0569a15zccyknv9vf129k"))))
(build-system copy-build-system)
(arguments
(list
@@ -10350,11 +10349,11 @@ (define-public spectre-meltdown-checker
(find-command inputs cmd))
;; Commands safe to substitute directly.
- (("\\<(awk|(base|dir)name|bunzip|g(un)?zip|lz4)\\>" all cmd)
+ (("\\<(awk|(base|dir)name|bunzip2|g(un)?zip|lz4)\\>" all cmd)
(find-command inputs cmd))
- (("\\<(modprobe|pgrep|rmmod|umount|unlzma)\\>" all cmd)
+ (("\\<(lzop|mktemp|modprobe|pgrep|rmmod|umount)\\>" all cmd)
(find-command inputs cmd))
- (("\\<(unxz|unzstd|uuencode)\\>" all cmd)
+ (("\\<(unlzma|unxz|unzstd|uuencode)\\>" all cmd)
(find-command inputs cmd))
;; Commands which should only be substituted based on their
diff --git a/gnu/packages/patches/spectre-meltdown-checker-externalize-fwdb.patch b/gnu/packages/patches/spectre-meltdown-checker-externalize-fwdb.patch
index cce70b880f..35673ceb91 100644
--- a/gnu/packages/patches/spectre-meltdown-checker-externalize-fwdb.patch
+++ b/gnu/packages/patches/spectre-meltdown-checker-externalize-fwdb.patch
@@ -1,27 +1,28 @@
-From 340b08737e552c3c186863d76d123808d853a159 Mon Sep 17 00:00:00 2001
+From 8caeb440a176cb7f8908403da51106c74e2b5cb8 Mon Sep 17 00:00:00 2001
From: Hilton Chain <hako@ultrarare.space>
-Date: Sat, 12 Nov 2022 22:45:24 +0800
+Date: Thu, 27 Jul 2023 14:45:14 +0800
Subject: [PATCH] Replace fwdb downloader with a local file option.
Also warn about non-free software.
---
- spectre-meltdown-checker.sh | 180 +++---------------------------------
- 1 file changed, 15 insertions(+), 165 deletions(-)
+ spectre-meltdown-checker.sh | 253 +++---------------------------------
+ 1 file changed, 17 insertions(+), 236 deletions(-)
diff --git a/spectre-meltdown-checker.sh b/spectre-meltdown-checker.sh
-index 30f760c..ce46970 100755
+index e7b6b33..33bdf71 100755
--- a/spectre-meltdown-checker.sh
+++ b/spectre-meltdown-checker.sh
-@@ -22,8 +22,6 @@ exit_cleanup()
+@@ -23,9 +23,6 @@ exit_cleanup()
[ -n "${dumped_config:-}" ] && [ -f "$dumped_config" ] && rm -f "$dumped_config"
[ -n "${kerneltmp:-}" ] && [ -f "$kerneltmp" ] && rm -f "$kerneltmp"
[ -n "${kerneltmp2:-}" ] && [ -f "$kerneltmp2" ] && rm -f "$kerneltmp2"
- [ -n "${mcedb_tmp:-}" ] && [ -f "$mcedb_tmp" ] && rm -f "$mcedb_tmp"
- [ -n "${intel_tmp:-}" ] && [ -d "$intel_tmp" ] && rm -rf "$intel_tmp"
+- [ -n "${linuxfw_tmp:-}" ] && [ -f "$linuxfw_tmp" ] && rm -f "$linuxfw_tmp"
[ "${mounted_debugfs:-}" = 1 ] && umount /sys/kernel/debug 2>/dev/null
[ "${mounted_procfs:-}" = 1 ] && umount "$procfs" 2>/dev/null
[ "${insmod_cpuid:-}" = 1 ] && rmmod cpuid 2>/dev/null
-@@ -93,9 +91,9 @@ show_usage()
+@@ -97,9 +94,9 @@ show_usage()
--vmm [auto,yes,no] override the detection of the presence of a hypervisor, default: auto
--allow-msr-write allow probing for write-only MSRs, this might produce kernel logs or be blocked by your system
--cpu [#,all] interact with CPUID and MSR of CPU core number #, or all (default: CPU core 0)
@@ -34,10 +35,33 @@ index 30f760c..ce46970 100755
--dump-mock-data used to mimick a CPU on an other system, mainly used to help debugging this script
Return codes:
-@@ -837,147 +833,6 @@ show_header()
+@@ -858,217 +855,6 @@ show_header()
_info
}
+-# Family-Model-Stepping to CPUID
+-# prints CPUID in base-10 to stdout
+-fms2cpuid()
+-{
+- _family="$1"
+- _model="$2"
+- _stepping="$3"
+-
+- if [ "$(( _family ))" -le 15 ]; then
+- _extfamily=0
+- _lowfamily=$(( _family ))
+- else
+- # when we have a family > 0xF, then lowfamily is stuck at 0xF
+- # and extfamily is ADDED to it (as in "+"), to ensure old software
+- # never sees a lowfamily < 0xF for newer families
+- _lowfamily=15
+- _extfamily=$(( (_family) - 15 ))
+- fi
+- _extmodel=$(( (_model & 0xF0 ) >> 4 ))
+- _lowmodel=$(( (_model & 0x0F ) >> 0 ))
+- echo $(( (_stepping & 0x0F) | (_lowmodel << 4) | (_lowfamily << 8) | (_extmodel << 16) | (_extfamily << 20) ))
+-}
+-
-[ -z "$HOME" ] && HOME="$(getent passwd "$(whoami)" | cut -d: -f6)"
-mcedb_cache="$HOME/.mcedb"
-update_fwdb()
@@ -97,13 +121,15 @@ index 30f760c..ce46970 100755
- echo ERROR "please install the \`sqlite3\` program"
- return 1
- fi
-- mcedb_revision=$(sqlite3 "$mcedb_tmp" "select revision from MCE")
+- mcedb_revision=$(sqlite3 "$mcedb_tmp" "SELECT \"revision\" from \"MCE\"")
- if [ -z "$mcedb_revision" ]; then
- echo ERROR "downloaded file seems invalid"
- return 1
- fi
-- sqlite3 "$mcedb_tmp" "alter table Intel add column origin text"
-- sqlite3 "$mcedb_tmp" "update Intel set origin='mce'"
+- sqlite3 "$mcedb_tmp" "ALTER TABLE \"Intel\" ADD COLUMN \"origin\" TEXT"
+- sqlite3 "$mcedb_tmp" "ALTER TABLE \"AMD\" ADD COLUMN \"origin\" TEXT"
+- sqlite3 "$mcedb_tmp" "UPDATE \"Intel\" SET \"origin\"='mce'"
+- sqlite3 "$mcedb_tmp" "UPDATE \"AMD\" SET \"origin\"='mce'"
-
- echo OK "MCExtractor database revision $mcedb_revision"
-
@@ -141,7 +167,7 @@ index 30f760c..ce46970 100755
- _version=$(echo "$_line" | awk '{print $8}')
- _version=$(( _version ))
- _version=$(printf "0x%08X" "$_version")
-- _sqlstm="$(printf "INSERT INTO Intel (origin,cpuid,version,yyyymmdd) VALUES (\"%s\",\"%s\",\"%s\",\"%s\");" "intel" "$(printf "%08X" "$_cpuid")" "$(printf "%08X" "$_version")" "$_date")"
+- _sqlstm="$(printf "INSERT INTO \"Intel\" (\"origin\",\"cpuid\",\"version\",\"yyyymmdd\") VALUES ('%s','%s','%s','%s');" "intel" "$(printf "%08X" "$_cpuid")" "$(printf "%08X" "$_version")" "$_date")"
- sqlite3 "$mcedb_tmp" "$_sqlstm"
- done
- _intel_timestamp=$(stat -c %Y "$intel_tmp/Intel-Linux-Processor-Microcode-Data-Files-main/license" 2>/dev/null)
@@ -150,10 +176,52 @@ index 30f760c..ce46970 100755
- _intel_latest_date=$(date +%Y%m%d -d @"$_intel_timestamp")
- else
- echo "Falling back to the latest microcode date"
-- _intel_latest_date=$(sqlite3 "$mcedb_tmp" "SELECT yyyymmdd from Intel WHERE origin = 'intel' ORDER BY yyyymmdd DESC LIMIT 1;")
+- _intel_latest_date=$(sqlite3 "$mcedb_tmp" "SELECT \"yyyymmdd\" FROM \"Intel\" WHERE \"origin\"='intel' ORDER BY \"yyyymmdd\" DESC LIMIT 1;")
- fi
- echo DONE "(version $_intel_latest_date)"
-
+- # now parse the most recent linux-firmware amd-ucode README file
+- _info_nol "Fetching latest amd-ucode README from linux-firmware project... "
+- linuxfw_url="https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tree/amd-ucode/README"
+- linuxfw_tmp=$(mktemp -t smc-linuxfw-XXXXXX)
+- if command -v wget >/dev/null 2>&1; then
+- wget -q "$linuxfw_url" -O "$linuxfw_tmp"; ret=$?
+- elif command -v curl >/dev/null 2>&1; then
+- curl -sL "$linuxfw_url" -o "$linuxfw_tmp"; ret=$?
+- elif command -v fetch >/dev/null 2>&1; then
+- fetch -q "$linuxfw_url" -o "$linuxfw_tmp"; ret=$?
+- else
+- echo ERROR "please install one of \`wget\`, \`curl\` of \`fetch\` programs"
+- return 1
+- fi
+- if [ "$ret" != 0 ]; then
+- echo ERROR "error $ret while downloading linux-firmware README"
+- return $ret
+- fi
+- echo DONE
+-
+- _info_nol "Parsing the README... "
+- nbfound=0
+- for line in $(grep -E 'Family=0x[0-9a-f]+ Model=0x[0-9a-f]+ Stepping=0x[0-9a-f]+: Patch=0x[0-9a-f]+' "$linuxfw_tmp" | tr " " ","); do
+- _debug "Parsing line $line"
+- _family=$( echo "$line" | grep -Eoi 'Family=0x[0-9a-f]+' | cut -d= -f2)
+- _model=$( echo "$line" | grep -Eoi 'Model=0x[0-9a-f]+' | cut -d= -f2)
+- _stepping=$(echo "$line" | grep -Eoi 'Stepping=0x[0-9a-f]+' | cut -d= -f2)
+- _version=$( echo "$line" | grep -Eoi 'Patch=0x[0-9a-f]+' | cut -d= -f2)
+- _version=$(printf "0x%08X" "$(( _version ))")
+- _cpuid=$(fms2cpuid "$_family" "$_model" "$_stepping")
+- _cpuid=$(printf "0x%08X" "$_cpuid")
+- _date="20000101"
+- _sqlstm="$(printf "INSERT INTO \"AMD\" (\"origin\",\"cpuid\",\"version\",\"yyyymmdd\") VALUES ('%s','%s','%s','%s');" "linux-firmware" "$(printf "%08X" "$_cpuid")" "$(printf "%08X" "$_version")" "$_date")"
+- _debug "family $_family model $_model stepping $_stepping cpuid $_cpuid"
+- _debug "$_sqlstm"
+- sqlite3 "$mcedb_tmp" "$_sqlstm"
+- nbfound=$((nbfound + 1))
+- unset _family _model _stepping _version _cpuid _date _sqlstm
+- done
+- echo "found $nbfound microcodes"
+- unset nbfound
+-
- dbversion="$mcedb_revision+i$_intel_latest_date"
-
- if [ "$1" != builtin ] && [ -n "$previous_dbversion" ] && [ "$previous_dbversion" = "v$dbversion" ]; then
@@ -165,8 +233,11 @@ index 30f760c..ce46970 100755
- {
- echo "# Spectre & Meltdown Checker";
- echo "# %%% MCEDB v$dbversion";
-- sqlite3 "$mcedb_tmp" "SELECT '# I,0x'||t1.cpuid||',0x'||MAX(t1.version)||','||t1.yyyymmdd FROM Intel AS t1 LEFT OUTER JOIN Intel AS t2 ON t2.cpuid=t1.cpuid AND t2.yyyymmdd > t1.yyyymmdd WHERE t2.yyyymmdd IS NULL GROUP BY t1.cpuid ORDER BY t1.cpuid ASC;" | grep -v '^# .,0x00000000,';
-- sqlite3 "$mcedb_tmp" "SELECT '# A,0x'||t1.cpuid||',0x'||MAX(t1.version)||','||t1.yyyymmdd FROM AMD AS t1 LEFT OUTER JOIN AMD AS t2 ON t2.cpuid=t1.cpuid AND t2.yyyymmdd > t1.yyyymmdd WHERE t2.yyyymmdd IS NULL GROUP BY t1.cpuid ORDER BY t1.cpuid ASC;" | grep -v '^# .,0x00000000,';
+- # ensure the official Intel DB always has precedence over mcedb, even if mcedb has seen a more recent fw
+- sqlite3 "$mcedb_tmp" "DELETE FROM \"Intel\" WHERE \"origin\"!='intel' AND \"cpuid\" IN (SELECT \"cpuid\" FROM \"Intel\" WHERE \"origin\"='intel' GROUP BY \"cpuid\" ORDER BY \"cpuid\" ASC);"
+- # we'll use the more recent fw for Intel and AMD
+- sqlite3 "$mcedb_tmp" "SELECT '# I,0x'||\"t1\".\"cpuid\"||',0x'||MAX(\"t1\".\"version\")||','||\"t1\".\"yyyymmdd\" FROM \"Intel\" AS \"t1\" LEFT OUTER JOIN \"Intel\" AS \"t2\" ON \"t2\".\"cpuid\"=\"t1\".\"cpuid\" AND \"t2\".\"yyyymmdd\" > \"t1\".\"yyyymmdd\" WHERE \"t2\".\"yyyymmdd\" IS NULL GROUP BY \"t1\".\"cpuid\" ORDER BY \"t1\".\"cpuid\" ASC;" | grep -v '^# .,0x00000000,';
+- sqlite3 "$mcedb_tmp" "SELECT '# A,0x'||\"t1\".\"cpuid\"||',0x'||MAX(\"t1\".\"version\")||','||\"t1\".\"yyyymmdd\" FROM \"AMD\" AS \"t1\" LEFT OUTER JOIN \"AMD\" AS \"t2\" ON \"t2\".\"cpuid\"=\"t1\".\"cpuid\" AND \"t2\".\"yyyymmdd\" > \"t1\".\"yyyymmdd\" WHERE \"t2\".\"yyyymmdd\" IS NULL GROUP BY \"t1\".\"cpuid\" ORDER BY \"t1\".\"cpuid\" ASC;" | grep -v '^# .,0x00000000,';
- } > "$mcedb_cache"
- echo DONE "(version $dbversion)"
-
@@ -182,7 +253,7 @@ index 30f760c..ce46970 100755
parse_opt_file()
{
# parse_opt_file option_name option_value
-@@ -1067,12 +922,15 @@ while [ -n "${1:-}" ]; do
+@@ -1158,12 +944,15 @@ while [ -n "${1:-}" ]; do
# deprecated, kept for compatibility
opt_explain=0
shift
@@ -204,7 +275,7 @@ index 30f760c..ce46970 100755
elif [ "$1" = "--dump-mock-data" ]; then
opt_mock=1
shift
-@@ -2033,21 +1891,11 @@ is_xen_domU()
+@@ -2192,21 +1981,11 @@ is_xen_domU()
fi
}
@@ -228,7 +299,7 @@ index 30f760c..ce46970 100755
fi
read_mcedb()
{
-@@ -2063,7 +1911,9 @@ is_latest_known_ucode()
+@@ -2222,7 +2001,9 @@ is_latest_known_ucode()
return 2
fi
ucode_latest="latest microcode version for your CPU model is unknown"
@@ -240,5 +311,5 @@ index 30f760c..ce46970 100755
elif is_amd; then
cpu_brand_prefix=A
--
-2.38.1
+2.41.0
diff --git a/gnu/packages/patches/spectre-meltdown-checker-find-kernel.patch b/gnu/packages/patches/spectre-meltdown-checker-find-kernel.patch
deleted file mode 100644
index c0e24d8eed..0000000000
--- a/gnu/packages/patches/spectre-meltdown-checker-find-kernel.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From 5b757d930ec0cf102b03fb9817d17e06c72e74b3 Mon Sep 17 00:00:00 2001
-From: Hilton Chain <hako@ultrarare.space>
-Date: Sat, 5 Nov 2022 23:22:31 +0800
-Subject: [PATCH] Locate the kernel bzimage used by Guix System
-
----
- spectre-meltdown-checker.sh | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/spectre-meltdown-checker.sh b/spectre-meltdown-checker.sh
-index 248a444..855a090 100755
---- a/spectre-meltdown-checker.sh
-+++ b/spectre-meltdown-checker.sh
-@@ -2251,6 +2251,8 @@ if [ "$opt_live" = 1 ]; then
- [ -e "/boot/kernel-genkernel-$(uname -m)-$(uname -r)" ] && opt_kernel="/boot/kernel-genkernel-$(uname -m)-$(uname -r)"
- # NixOS:
- [ -e "/run/booted-system/kernel" ] && opt_kernel="/run/booted-system/kernel"
-+ # Guix System:
-+ [ -e "/run/booted-system/kernel/bzImage" ] && opt_kernel="/run/booted-system/kernel/bzImage"
- # systemd kernel-install:
- [ -e "/etc/machine-id" ] && [ -e "/boot/$(cat /etc/machine-id)/$(uname -r)/linux" ] && opt_kernel="/boot/$(cat /etc/machine-id)/$(uname -r)/linux"
- # Clear Linux:
-
-base-commit: a6c943d38f315f339697ec26e7374a09b88f2183
---
-2.38.0
base-commit: c7e45139faa27b60f2c7d0a4bc140f9793d97d47
--
2.41.0