JFIFXX    $.' ",#(7),01444'9=82<.342  2!!22222222222222222222222222222222222222222222222222"4 ,PG"Z_4˷kjزZ,F+_z,© zh6٨icfu#ډb_N?wQ5-~I8TK<5oIv-k_U_~bMdӜUHh?]EwQk{_}qFW7HTՑYF?_'ϔ_Ջt=||I 6έ"D/[k9Y8ds|\Ҿp6Ҵ].6znopM[mei$[soᘨ˸ nɜG-ĨUycP3.DBli;hjx7Z^NhN3u{:jx힞#M&jL P@_ P&o89@Sz6t7#Oߋ s}YfTlmrZ)'Nk۞pw\Tȯ?8`Oi{wﭹW[r Q4F׊3m&L=h3z~#\l :F,j@ ʱwQT8"kJO6֚l}R>ډK]y&p}b;N1mr$|7>e@BTM*-iHgD) Em|ؘbҗaҾt4oG*oCNrPQ@z,|?W[0:n,jWiEW$~/hp\?{(0+Y8rΟ+>S-SVN;}s?. w9˟<Mq4Wv'{)01mBVW[8/< %wT^5b)iM pgN&ݝVO~qu9 !J27$O-! :%H ـyΠM=t{!S oK8txA& j0 vF Y|y ~6@c1vOpIg4lODL Rcj_uX63?nkWyf;^*B @~a`Eu+6L.ü>}y}_O6͐:YrGXkGl^w~㒶syIu! W XN7BVO!X2wvGRfT#t/?%8^WaTGcLMI(J1~8?aT ]ASE(*E} 2#I/׍qz^t̔bYz4xt){ OH+(EA&NXTo"XC')}Jzp ~5}^+6wcQ|LpdH}(.|kc4^"Z?ȕ a<L!039C EuCFEwç ;n?*oB8bʝ'#RqfM}7]s2tcS{\icTx;\7KPʇ Z O-~c>"?PEO8@8GQgaՎ󁶠䧘_%#r>1zaebqcPѵn#L =׀t L7`VA{C:ge@w1 Xp3c3ġpM"'-@n4fGB3DJ8[JoߐgK)ƛ$ 83+ 6ʻ SkI*KZlT _`?KQKdB`s}>`*>,*@JdoF*弝O}ks]yߘc1GV<=776qPTtXԀ!9*44Tހ3XΛex46YD  BdemDa\_l,G/֌7Y](xTt^%GE4}bTڹ;Y)BQu>J/J ⮶.XԄjݳ+Ed r5_D1 o Bx΢#<W8R6@gM. drD>(otU@x=~v2 ӣdoBd3eO6㣷ݜ66YQz`S{\P~z m5{J/L1xO\ZFu>ck#&:`$ai>2ΔloF[hlEܺΠk:)` $[69kOw\|8}ބ:񶐕IA1/=2[,!.}gN#ub ~݊}34qdELc$"[qU硬g^%B zrpJru%v\h1Yne`ǥ:gpQM~^Xi `S:V29.PV?Bk AEvw%_9CQwKekPؠ\;Io d{ ߞoc1eP\ `E=@KIRYK2NPlLɀ)&eB+ь( JTx_?EZ }@ 6U뙢طzdWIn` D噥[uV"G&Ú2g}&m?ċ"Om# {ON"SXNeysQ@FnVgdX~nj]J58up~.`r\O,ư0oS _Ml4kv\JSdxSW<AeIX$Iw:Sy›R9Q[,5;@]%u@ *rolbI  +%m:͇ZVủθau,RW33 dJeTYE.Mϧ-oj3+yy^cVO9NV\nd1 !͕_)av;թMlWR1)ElP;yوÏu 3k5Pr6<⒲l!˞*u־n!l:UNW %Chx8vL'X@*)̮ˍ D-M+JUkvK+x8cY?Ԡ~3mo|u@[XeYC\Kpx8oCC&N~3-H MXsu<`~"WL$8ξ3a)|:@m\^`@ҷ)5p+6p%i)P Mngc#0AruzRL+xSS?ʮ}()#tmˇ!0}}y$6Lt;$ʳ{^6{v6ķܰgVcnn ~zx«,2u?cE+ȘH؎%Za)X>uWTzNyosFQƤ$*&LLXL)1" LeOɟ9=:tZcŽY?ӭVwv~,Yrۗ|yGaFC.+ v1fήJ]STBn5sW}y$~z'c 8  ,! pVNSNNqy8z˱A4*'2n<s^ǧ˭PJޮɏUGLJ*#i}K%,)[z21z ?Nin1?TIR#m-1lA`fT5+ܐcq՝ʐ,3f2Uեmab#ŠdQy>\)SLYw#.ʑf ,"+w~N'cO3FN<)j&,- љ֊_zSTǦw>?nU仆Ve0$CdrP m׈eXmVu L.bֹ [Դaզ*\y8Է:Ez\0KqC b̘cөQ=0YsNS.3.Oo:#v7[#߫ 5܎LEr49nCOWlG^0k%;YߝZǓ:S#|}y,/kLd TA(AI$+I3;Y*Z}|ӧOdv..#:nf>>ȶITX 8y"dR|)0=n46ⲑ+ra ~]R̲c?6(q;5% |uj~z8R=XIV=|{vGj\gcqz؋%Mߍ1y#@f^^>N#x#۹6Y~?dfPO{P4Vu1E1J *|%JN`eWuzk M6q t[ gGvWIGu_ft5j"Y:Tɐ*; e54q$C2d} _SL#mYpO.C;cHi#֩%+) ӍƲVSYźg |tj38r|V1#;.SQA[S#`n+$$I P\[@s(EDzP])8G#0B[ىXIIq<9~[Z멜Z⊔IWU&A>P~#dp]9 "cP Md?٥Ifتuk/F9c*9Ǎ:ØFzn*@|Iށ9N3{'['ͬҲ4#}!V Fu,,mTIkv C7vB6kT91*l '~ƞFlU'M ][ΩũJ_{iIn$L jOdxkza۪#EClx˘oVɞljr)/,߬hL#^Lф,íMƁe̩NBLiLq}(q6IçJ$WE$:=#(KBzђ xlx?>Պ+>W,Ly!_DŌlQ![ SJ1ƐY}b,+Loxɓ)=yoh@꥟/Iѭ=Py9 ۍYӘe+pJnϱ?V\SO%(t =?MR[Șd/ nlB7j !;ӥ/[-A>dNsLj ,ɪv=1c.SQO3UƀܽE̻9GϷD7(}Ävӌ\y_0[w <΍>a_[0+LF.޺f>oNTq;y\bՃyjH<|q-eɏ_?_9+PHp$[uxK wMwNی'$Y2=qKBP~Yul:[<F12O5=d]Ysw:ϮEj,_QXz`H1,#II dwrP˂@ZJVy$\y{}^~[:NߌUOdؾe${p>G3cĖlʌ ת[`ϱ-WdgIig2 }s ؤ(%#sS@~3XnRG~\jc3vӍLM[JBTs3}jNʖW;7ç?=XF=-=qߚ#='c7ڑWI(O+=:uxqe2zi+kuGR0&eniT^J~\jyp'dtGsO39* b#Ɋ p[BwsT>d4ۧsnvnU_~,vƜJ1s QIz)(lv8MU=;56Gs#KMP=LvyGd}VwWBF'à ?MHUg2 !p7Qjڴ=ju JnA suMeƆҔ!)'8Ϣٔޝ(Vpצ֖d=ICJǠ{qkԭ߸i@Ku|p=..*+xz[Aqġ#s2aƊRR)*HRsi~a &fMP-KL@ZXy'x{}Zm+:)) IJ-iu ܒH'L(7yGӜq j 6ߌg1go,kرtY?W,pefOQS!K۟cҒA|սj>=⬒˧L[ ߿2JaB~Ru:Q] 0H~]7ƼI(}cq 'ήETq?fabӥvr )o-Q_'ᴎoK;Vo%~OK *bf:-ťIR`B5!RB@ï u ̯e\_U_ gES3QTaxU<~c?*#]MW,[8Oax]1bC|踤Plw5V%){t<d50iXSUm:Z┵i"1^B-PhJ&)O*DcWvM)}Pܗ-q\mmζZ-l@}aE6F@&Sg@ݚM ȹ 4#p\HdYDoH"\..RBHz_/5˘6KhJRPmƶim3,#ccoqa)*PtRmk7xDE\Y閣_X<~)c[[BP6YqS0%_;Àv~| VS؇ 'O0F0\U-d@7SJ*z3nyPOm~P3|Yʉr#CSN@ ƮRN)r"C:: #qbY. 6[2K2uǦHYRQMV G$Q+.>nNHq^ qmMVD+-#*U̒ p욳u:IBmPV@Or[b= 1UE_NmyKbNOU}the`|6֮P>\2PVIDiPO;9rmAHGWS]J*_G+kP2KaZH'KxWMZ%OYDRc+o?qGhmdSoh\D|:WUAQc yTq~^H/#pCZTI1ӏT4"ČZ}`w#*,ʹ 0i課Om*da^gJ݅{le9uF#Tֲ̲ٞC"qߍ ոޑo#XZTp@ o8(jdxw],f`~|,s^f1t|m򸄭/ctr5s79Q4H1꠲BB@l9@C+wpxu£Yc9?`@#omHs2)=2.ljg9$YS%*LRY7Z,*=䷘$armoϰUW.|rufIGwtZwo~5 YյhO+=8fF)W7L9lM̘·Y֘YLf큹pRF99.A "wz=E\Z'a 2Ǚ#;'}G*l^"q+2FQ hjkŦ${ޮ-T٭cf|3#~RJt$b(R(rdx >U b&9,>%E\ Άe$'q't*אެb-|dSBOO$R+H)܎K1m`;J2Y~9Og8=vqD`K[F)k[1m޼cn]skz$@)!I x՝"v9=ZA=`Ɠi :E)`7vI}dYI_ o:obo 3Q&D&2= Ά;>hy.*ⅥSӬ+q&j|UƧ}J0WW< ۋS)jQRjƯrN)Gű4Ѷ(S)Ǣ8iW52No˓ ۍ%5brOnL;n\G=^UdI8$&h'+(cȁ߫klS^cƗjԌEꭔgFȒ@}O*;evWVYJ\]X'5ղkFb 6Ro՜mi Ni>J?lPmU}>_Z&KKqrIDՉ~q3fL:Se>E-G{L6pe,8QIhaXaUA'ʂs+טIjP-y8ۈZ?J$WP Rs]|l(ԓsƊio(S0Y 8T97.WiLc~dxcE|2!XKƘਫ਼$((6~|d9u+qd^389Y6L.I?iIq9)O/뚅OXXVZF[یgQLK1RҖr@v#XlFНyS87kF!AsM^rkpjPDyS$Nqnxҍ!Uf!ehi2m`YI9r6 TFC}/y^Η5d'9A-J>{_l+`A['յϛ#w:݅%X}&PStQ"-\縵/$ƗhXb*yBS;Wջ_mcvt?2}1;qSdd~u:2k52R~z+|HE!)Ǟl7`0<,2*Hl-x^'_TVgZA'j ^2ΪN7t?w x1fIzC-ȖK^q;-WDvT78Z hK(P:Q- 8nZ܃e貾<1YT<,"6{/ ?͟|1:#gW>$dJdB=jf[%rE^il:BxSּ1հ,=*7 fcG#q eh?27,!7x6nLC4x},GeǝtC.vS F43zz\;QYC,6~;RYS/6|25vTimlv& nRh^ejRLGf? ۉҬܦƩ|Ȱ>3!viʯ>vオX3e_1zKȗ\qHS,EW[㺨uch⍸O}a>q6n6N6qN ! 1AQaq0@"2BRb#Pr3C`Scst$4D%Td ?Na3mCwxAmqmm$4n淿t'C"wzU=D\R+wp+YT&պ@ƃ3ޯ?AﶂaŘ@-Q=9Dռѻ@MVP܅G5fY6# ?0UQ,IX(6ڵ[DIMNލc&υj\XR|,4 jThAe^db#$]wOӪ1y%LYm뭛CUƃߜ}Cy1XνmF8jI]HۺиE@Ii;r8ӭVFՇ| &?3|xBMuSGe=Ӕ#BE5GY!z_eqр/W>|-Ci߇t1ޯќdR3ug=0 5[?#͏qcfH{ ?u=??ǯ}ZzhmΔBFTWPxs}G93 )gGR<>r h$'nchPBjJҧH -N1N?~}-q!=_2hcMlvY%UE@|vM2.Y[|y"EïKZF,ɯ?,q?vM 80jx";9vk+ ֧ ȺU?%vcVmA6Qg^MA}3nl QRNl8kkn'(M7m9وq%ޟ*h$Zk"$9: ?U8Sl,,|ɒxH(ѷGn/Q4PG%Ա8N! &7;eKM749R/%lc>x;>C:th?aKXbheᜋ^$Iհ hr7%F$EFdt5+(M6tÜUU|zW=aTsTgdqPQb'm1{|YXNb P~F^F:k6"j! Ir`1&-$Bevk:y#ywI0x=D4tUPZHڠ底taP6b>xaQ# WeFŮNjpJ* mQN*I-*ȩFg3 5Vʊɮa5FO@{NX?H]31Ri_uѕ 0 F~:60p͈SqX#a5>`o&+<2D: ڝ$nP*)N|yEjF5ټeihyZ >kbHavh-#!Po=@k̆IEN@}Ll?jO߭ʞQ|A07xwt!xfI2?Z<ץTcUj]陎Ltl }5ϓ$,Omˊ;@OjEj(ا,LXLOЦ90O .anA7j4 W_ٓzWjcBy՗+EM)dNg6y1_xp$Lv:9"zpʙ$^JԼ*ϭo=xLj6Ju82AH3$ٕ@=Vv]'qEz;I˼)=ɯx /W(Vp$ mu񶤑OqˎTr㠚xsrGCbypG1ߠw e8$⿄/M{*}W]˷.CK\ުx/$WPwr |i&}{X >$-l?-zglΆ(FhvS*b߲ڡn,|)mrH[a3ר[13o_U3TC$(=)0kgP u^=4 WYCҸ:vQרXàtkm,t*^,}D* "(I9R>``[~Q]#afi6l86:,ssN6j"A4IuQ6E,GnHzSHOuk5$I4ؤQ9@CwpBGv[]uOv0I4\yQѸ~>Z8Taqޣ;za/SI:ܫ_|>=Z8:SUIJ"IY8%b8H:QO6;7ISJҌAά3>cE+&jf$eC+z;V rʺmyeaQf&6ND.:NTvm<- uǝ\MvZYNNT-A>jr!SnO 13Ns%3D@`ܟ 1^c< aɽ̲Xë#w|ycW=9I*H8p^(4՗karOcWtO\ƍR8'KIQ?5>[}yUײ -h=% qThG2)"ו3]!kB*pFDlA,eEiHfPs5H:Փ~H0DتDIhF3c2E9H5zԑʚiX=:mxghd(v׊9iSOd@0ڽ:p5h-t&Xqӕ,ie|7A2O%PEhtjY1wЃ!  ࢽMy7\a@ţJ 4ȻF@o̒?4wx)]P~u57X 9^ܩU;Iꭆ 5 eK27({|Y׎ V\"Z1 Z}(Ǝ"1S_vE30>p; ΝD%xW?W?vo^Vidr[/&>~`9Why;R ;;ɮT?r$g1KACcKl:'3 cﳯ*"t8~l)m+U,z`(>yJ?h>]vЍG*{`;y]IT ;cNUfo¾h/$|NS1S"HVT4uhǜ]v;5͠x'C\SBplh}N ABx%ޭl/Twʽ]D=Kžr㻠l4SO?=k M: cCa#ha)ѐxcsgPiG{+xQI= zԫ+ 8"kñj=|c yCF/*9жh{ ?4o kmQNx;Y4膚aw?6>e]Qr:g,i"ԩA*M7qB?ӕFhV25r[7 Y }LR}*sg+xr2U=*'WSZDW]WǞ<叓{$9Ou4y90-1'*D`c^o?(9uݐ'PI& fJݮ:wSjfP1F:X H9dԯ˝[_54 }*;@ܨ ðynT?ןd#4rGͨH1|-#MrS3G3).᧏3vz֑r$G"`j 1tx0<ƆWh6y6,œGagAyb)hDß_mü gG;evݝnQ C-*oyaMI><]obD":GA-\%LT8c)+y76oQ#*{(F⽕y=rW\p۩cA^e6KʐcVf5$'->ՉN"F"UQ@fGb~#&M=8טJNu9D[̤so~ G9TtW^g5y$bY'سǴ=U-2 #MCt(i lj@Q 5̣i*OsxKf}\M{EV{υƇ);HIfeLȣr2>WIȂ6ik 5YOxȺ>Yf5'|H+98pjn.OyjY~iw'l;s2Y:'lgꥴ)o#'SaaKZ m}`169n"xI *+ }FP"l45'ZgE8?[X7(.Q-*ތL@̲v.5[=t\+CNܛ,gSQnH}*FG16&:t4ُ"Ạ$b |#rsaT ]ӽDP7ո0y)e$ٕvIh'QEAm*HRI=: 4牢) %_iNݧl] NtGHL ɱg<1V,J~ٹ"KQ 9HS9?@kr;we݁]I!{ @G["`J:n]{cAEVʆ#U96j#Ym\qe4hB7Cdv\MNgmAyQL4uLjj9#44tl^}LnR!t±]rh6ٍ>yҏNfU  Fm@8}/ujb9he:AyծwGpΧh5l}3p468)Udc;Us/֔YX1O2uqs`hwgr~{ RmhN؎*q 42*th>#E#HvOq}6e\,Wk#Xb>p}դ3T5†6[@Py*n|'f֧>lư΂̺SU'*qp_SM 'c6m ySʨ;MrƋmKxo,GmPAG:iw9}M(^V$ǒѽ9| aJSQarB;}ٻ֢2%Uc#gNaݕ'v[OY'3L3;,p]@S{lsX'cjwk'a.}}& dP*bK=ɍ!;3ngΊUߴmt'*{,=SzfD Ako~Gaoq_mi}#mPXhύmxǍ΂巿zfQc|kc?WY$_Lvl߶c`?ljݲˏ!V6UЂ(A4y)HpZ_x>eR$/`^'3qˏ-&Q=?CFVR DfV9{8gnh(P"6[D< E~0<@`G6Hгcc cK.5DdB`?XQ2ٿyqo&+1^ DW0ꊩG#QnL3c/x 11[yxპCWCcUĨ80me4.{muI=f0QRls9f9~fǨa"@8ȁQ#cicG$Gr/$W(WV"m7[mAmboD j۳ l^kh׽ # iXnveTka^Y4BNĕ0 !01@Q"2AaPq3BR?@4QT3,㺠W[=JKϞ2r^7vc:9 EߴwS#dIxu:Hp9E! V 2;73|F9Y*ʬFDu&y؟^EAA(ɩ^GV:ݜDy`Jr29ܾ㝉[E;FzxYGUeYC v-txIsםĘqEb+P\ :>iC';k|zرny]#ǿbQw(r|ӹs[D2v-%@;8<a[\o[ϧwI!*0krs)[J9^ʜp1) "/_>o<1AEy^C`x1'ܣnps`lfQ):lb>MejH^?kl3(z:1ŠK&?Q~{ٺhy/[V|6}KbXmn[-75q94dmc^h X5G-}دBޟ |rtMV+]c?-#ڛ^ǂ}LkrOu>-Dry D?:ޞUǜ7V?瓮"#rչģVR;n/_ ؉vݶe5db9/O009G5nWJpA*r9>1.[tsFnQ V 77R]ɫ8_0<՜IFu(v4Fk3E)N:yڮeP`1}$WSJSQNjٺ޵#lј(5=5lǏmoWv-1v,Wmn߀$x_DȬ0¤#QR[Vkzmw"9ZG7'[=Qj8R?zf\a=OU*oBA|G254 p.w7  &ξxGHp B%$gtЏ򤵍zHNuЯ-'40;_3 !01"@AQa2Pq#3BR?ʩcaen^8F<7;EA{EÖ1U/#d1an.1ě0ʾRh|RAo3m3 % 28Q yφHTo7lW>#i`qca m,B-j݋'mR1Ήt>Vps0IbIC.1Rea]H64B>o]($Bma!=?B KǾ+Ծ"nK*+[T#{EJSQs5:U\wĐf3܆&)IԆwE TlrTf6Q|Rh:[K zc֧GC%\_a84HcObiؖV7H )*ģK~Xhչ04?0 E<}3#u? |gS6ꊤ|I#Hڛ աwX97Ŀ%SLy6č|Fa 8b$sקhb9RAu7˨pČ_\*w묦F 4D~f|("mNKiS>$d7SlA/²SL|6N}S˯g]6; #. 403WebShell
403Webshell
Server IP : 43.205.77.33  /  Your IP : 216.73.216.140
Web Server : Apache
System : Linux 43-205-77-33.cprapid.com 3.10.0-1160.119.1.el7.tuxcare.els13.x86_64 #1 SMP Fri Nov 22 06:29:45 UTC 2024 x86_64
User : ksclnmuac ( 1023)
PHP Version : 8.0.30
Disable Function : NONE
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : ON  |  Pkexec : ON
Directory :  /usr/libexec/microcode_ctl/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /usr/libexec/microcode_ctl/check_caveats
#! /bin/bash -eu

# Script for checking various microcode caveats
#
#
# SPDX-License-Identifier: CC0-1.0

export LC_ALL=C

: ${MC_CAVEATS_DATA_DIR=/usr/share/microcode_ctl/ucode_with_caveats}
: ${FW_DIR=/lib/firmware}
: ${CFG_DIR=/etc/microcode_ctl/ucode_with_caveats}

MAX_NESTING_LEVEL=8

usage() {
	echo 'Usage: check_caveats [-d] [-e] [-k TARGET_KVER] [-c CONFIG]'
	echo '                     [-m] [-v]'
	echo
	echo '   -d - enables disclaimer printing mode'
	echo '   -e - check for early microcode load possibility (instead of'
	echo '        late microcode load)'
	echo '   -k - target version to check against, $(uname -r) is used'
	echo '        otherwise'
	echo '   -c - caveat config(s) to check, all configs are checked'
	echo '        otherwise'
	echo '   -m - check that caveats actually apply to the current model'
	echo '   -v - verbose output'
	echo
	echo 'Environment:'
	echo '  MC_CAVEATS_DATA_DIR - directory that contains caveats'
	echo '                        configuration data'
}

debug() { [ 0 = "$verbose" ] || echo "$*" >&2; }

# A simplified RPM version comparison that takes into account knowledge about
# Y- and Z-streams (so it compares versions inside Y-stram or Z-stream if
# the version against which comparison is performed has appropriate versioning
# scheme).
#
# $1 - kernel version to check
# $* - list of kernel versions to check against
check_kver()
{
	local t_major= t_minor= t_patch= t_y= t_z1= t_z2= t_rest=
	local m_major= m_minor= m_patch= m_y= m_z1= m_z2= m_rest=
	local cmp_type=

	# IFS=.- read -r t_major t_minor t_patch t_y t_z1 t_z2 t_rest <<<"$1"
	# "cannot create temp file for here-document: Read-only file system"
	# that's why we can't have nice things.
	t_major=${1%%.*}
	t_rest=${1#${t_major}}
	t_rest=${t_rest#.}
	t_minor=${t_rest%%.*}
	t_rest=${t_rest#${t_minor}}
	t_rest=${t_rest#.}
	t_patch=${t_rest%%-*}
	t_rest=${t_rest#${t_patch}}
	t_rest=${t_rest#-}
	t_y=${t_rest%%.*}
	t_rest=${t_rest#${t_y}}
	t_rest=${t_rest#.}
	t_z1=${t_rest%%.*}
	t_rest=${t_rest#${t_z1}}
	t_rest=${t_rest#.}
	t_z2=${t_rest%%.*}

	# minor/major/patch/y should be numeric
	[ -n "${t_major##*[!0-9]*}" ] || return 1
	[ -n "${t_minor##*[!0-9]*}" ] || return 1
	[ -n "${t_patch##*[!0-9]*}" ] || return 1
	[ -n "${t_y##*[!0-9]*}" ] || return 1
	# reset z1/z2 to zero if non-numeric
	[ -n "${t_z1##*[!0-9]*}" ] || t_z1=0
	[ -n "${t_z2##*[!0-9]*}" ] || t_z2=0

	while [ 1 -lt "$#" ]; do
		cmp_type=upstream

		shift
		m_major=${1%%.*}
		m_rest=${1#${m_major}}
		m_rest=${m_rest#.}
		m_minor=${m_rest%%.*}
		m_rest=${m_rest#${m_minor}}
		m_rest=${m_rest#.}
		m_patch=${m_rest%%-*}
		m_rest=${m_rest#${m_patch}}
		m_rest=${m_rest#-}
		m_y=${m_rest%%.*}
		m_rest=${m_rest#${m_y}}
		m_rest=${m_rest#.}
		m_z1=${m_rest%%.*}
		m_rest=${m_rest#${m_z1}}
		m_rest=${m_rest#.}
		m_z2=${m_rest%%.*}

		# minor/major/patch should be numeric
		[ -n "${m_major##*[!0-9]*}" ] || continue
		[ -n "${m_minor##*[!0-9]*}" ] || continue
		[ -n "${m_patch##*[!0-9]*}" ] || continue
		# reset z1/z2 to zero if non-numeric
		[ -n "${m_y##*[!0-9]*}" ] && cmp_type=y || m_y=0
		[ -n "${m_z1##*[!0-9]*}" ] && cmp_type=z || m_z1=0
		[ -n "${m_z2##*[!0-9]*}" ] && cmp_type=z || m_z2=0

		# Comparing versions
		case "$cmp_type" in
		upstream)
			[ "$t_major" -ge "$m_major" ] || continue
			[ "$t_minor" -ge "$m_minor" ] || continue
			[ "$t_patch" -ge "$m_patch" ] || continue
			return 0
			;;
		y)
			[ "$t_major" -eq "$m_major" ] || continue
			[ "$t_minor" -eq "$m_minor" ] || continue
			[ "$t_patch" -eq "$m_patch" ] || continue
			[ "$t_y" -ge "$m_y" ] || continue
			return 0
			;;
		z)
			[ "$t_major" -eq "$m_major" ] || continue
			[ "$t_minor" -eq "$m_minor" ] || continue
			[ "$t_patch" -eq "$m_patch" ] || continue
			[ "$t_y" -eq "$m_y" ] || continue
			[ "$t_z1" -ge "$m_z1" ] || continue
			[ "$t_z2" -ge "$m_z2" ] || continue
			return 0
			;;
		esac
	done

	return 1
}

# It is needed for SKX[1] for which different product segments
# are differentiated by a value in the CAPID0 field of PCU registers
# device[2].
# [1] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/21
# [2] https://www.intel.com/content/dam/www/public/us/en/documents/specification-updates/xeon-scalable-spec-update.pdf#page=13
#
# $1 - params in config file, space-separated, in key=value form:
#   domain=* - PCI domain, '*' or number
#   bus=* - PCI bus, '*' or number
#   device=* - PCI device, '*' or number
#   function=* - PCI function, '*' or number
#   vid= - PCI vendor ID, empty or number
#   did= - PCI device ID, empty or number
#   offset=0 - offset in configuration space
#   size=4 - field size
#   mask=0 - mask applied to the data read
#   val=0 - comma-separated list of possible values
#   mode=success-any [ success-ail, fail-any, fail-all ] - matching mode:
#     success-any: Returns 0 if there was at least one match, otherwise 1.
#     success-all: Returns 0 if there was at least one device checked and all
#                  the checked devices have matches, otherwise 1.
#     fail-any:    Returns 1 if there was at least one match, otherwise 0.
#     fail-all:    Returns 1 if there was at least one device checked and all
#                  the checked devices have matches, otherwise 0.
# $2 - whether model filter is engaged (if it is not '1', just return the result
#      based on "mode" value that assumes that there were 0 checks/0 matches).
check_pci_config_val()
{
	local domain='*' bus='*' device='*' func='*' vid= did=
	local offset=0 size=4 mask=0 val=0 mode=success-any
	local checked=0 matched=0 path=''
	local dev_path dev_vid dev_did dev_val
	local opts="${1:-}"
	local match_model="${2:-0}"

	set -- $1
	while [ "$#" -gt 0 ]; do
		[ "x${1#domain=}" = "x${1}" ] || domain="${1#domain=}"
		[ "x${1#bus=}" = "x${1}" ] || bus="${1#bus=}"
		[ "x${1#device=}" = "x${1}" ] || device="${1#device=}"
		[ "x${1#function=}" = "x${1}" ] || func="${1#function=}"
		[ "x${1#vid=}" = "x${1}" ] || vid="${1#vid=}"
		[ "x${1#did=}" = "x${1}" ] || did="${1#did=}"
		[ "x${1#offset=}" = "x${1}" ] || offset="${1#offset=}"
		[ "x${1#size=}" = "x${1}" ] || size="${1#size=}"
		[ "x${1#mask=}" = "x${1}" ] || mask="${1#mask=}"
		[ "x${1#val=}" = "x${1}" ] || val="${1#val=}"
		[ "x${1#mode=}" = "x${1}" ] || mode="${1#mode=}"

		shift
	done

	path="$domain"
	if [ "x$bus" = 'x*' ]; then
		path="$path:$bus";
	else
		path=$(printf '%s:%02x' "$path" "$bus")
	fi
	if [ "x$device" = 'x*' ]; then
		path="$path:$device";
	else
		path=$(printf '%s:%02x' "$path" "$device")
	fi
	if [ "x$func" = 'x*' ]; then
		path="$path.$func";
	else
		path=$(printf '%s.%01x' "$path" "$func")
	fi

	# Normalise VID, DID
	[ -n "$vid" ] || vid="$(printf '0x%04x' "$vid")"
	[ -n "$did" ] || did="$(printf '0x%04x' "$did")"

	( [ 1 != "$match_model" ] \
	  || /usr/bin/find /sys/bus/pci/devices/ -maxdepth 1 -name "$path" \
	  || : ) | (
		while read -r dev_path; do
			# Filter VID, DID
			if [ -n "$vid" ]; then
				dev_vid=$(/bin/cat "$dev_path/vendor")
				[ "x$vid" = "x$dev_vid" ] || continue
			fi
			if [ -n "$did" ]; then
				dev_did=$(/bin/cat "$dev_path/device")
				[ "x$did" = "x$dev_did" ] || continue
			fi

			checked="$((checked + 1))"

			dev_val="$(/usr/bin/od -j "$offset" -N "$size" -A n \
					       -t "u$size" "$dev_path/config")"

			val_rest="${val}"
			while :; do
				cur_val="${val_rest%%,*}"
				if [ "$((dev_val & mask))" = "$((cur_val & mask))" ]
				then
					matched="$((matched + 1))"
					break
				fi
				[ "x${val_rest}" != "x${val_rest#*,}" ] || break
				val_rest="${val_rest#*,}"
			done

			case "$mode" in
			success-any) [ "$matched" -eq 0 ] || { echo 0; exit; } ;;
			success-all) [ "$matched" -eq "$checked" ] || { echo 1; exit; } ;;
			fail-any)    [ "$matched" -eq 0 ] || { echo 1; exit; } ;;
			fail-all)    [ "$matched" -eq "$checked" ] || { echo 0; exit; } ;;
			*)           echo 2; exit;;
			esac
		done

		debug "PCI config value check ($opts): checked $checked," \
		      "matched $matched (model check is set to $match_model)"

		case "$mode" in
		success-any) if [ "$matched" -eq 0 ]; then echo 1; else echo 0; fi ;;
		success-all) if [ "$matched" -gt 0 -a "$matched" -eq "$checked" ]; then echo 0; else echo 1; fi ;;
		fail-any)    if [ "$matched" -eq 0 ]; then echo 0; else echo 1; fi  ;;
		fail-all)    if [ "$matched" -gt 0 -a "$matched" -eq "$checked" ]; then echo 1; else echo 0; fi ;;
		*)           echo 2; exit;;
		esac
	)
}

# It is needed for filtering by BIOS vendor name that is available in DMI data
#
# $1 - params in config file, space-separated, in key=value form:
#   key= - DMI data record to check. Can be one of the following: bios_date,
#          bios_vendor, bios_version, board_asset_tag, board_name, board_serial,
#          board_vendor, board_version, chassis_asset_tag, chassis_serial,
#          chassis_type, chassis_vendor, chassis_version, product_family,
#          product_name, product_serial, product_uuid, product_version,
#          sys_vendor.
#   val= - a string to match DMI data against.  Can be enclosed in single
#          or double quotes.
#   keyval= - a string of format "KEY(!)?[=:]VAL" (so, one of "KEY=VAL",
#             "KEY!=VAL", "KEY:VAL", "KEY!:VAL") that allows providing
#             a key-value pair in a single parameter.  It is possible to provide
#             multiple keyval= parameters.  "!" before :/= means negated match.
#             The action supplied in the mode= parameter is executed upon
#             successful (non-)matching of all the keyval pairs (as well
#             as the pair provided in a pair of key= and val= parameters).
#   mode=success-equal [ success-equal, fail-equal ] - matching mode:
#     success-equal: Returns 0 if the all values present in the corresponding
#                    files under /sys/devices/virtual/dmi/id/<KEY> are equal
#                    (or not equal in case of a keyval= with negated match)
#                    to the respective values supplied as the values
#                    of the keyval= parameters or the pair of key= vand val=
#                    parameters, otherwise 1.
#     fail-equal:    Returns 1 if all the values present in DMI files in sysfs
#                    match (as described above), otherwise 0.
#   no-model-mode=success [ success, fail ] - return value if model filter
#                                             is not enabled:
#     success: Return 0.
#     fail:    Return 1.
# $2 - whether model filter is engaged (if it is not '1', just return the result
#      based on "no-model-mode" value).
check_dmi_val()
{
	local key= val= keyval= keyvals= mode='success-equal' nm_mode='success'
	local opts="${1:-}" opt= opt_=
	local match_model="${2:-0}"

	local valid_keys=" bios_date bios_vendor bios_version board_asset_tag board_name board_serial board_vendor board_version chassis_asset_tag chassis_serial chassis_type chassis_vendor chassis_version product_family product_name product_serial product_uuid product_version sys_vendor "
	local success=1

	while [ -n "$opts" ]; do
		opt="${opts%%[ 	]*}"
		[ -n "${opt}" ] || { opts="${opts#[ 	]}"; continue; }

		[ "x${opt#key=}" = "x${opt}" ] || key="${opt#key=}"
		[ "x${opt#mode=}" = "x${opt}" ] || mode="${opt#mode=}"
		[ "x${opt#no-model-mode=}" = "x${opt}" ] || \
			nm_mode="${opt#no-model-mode=}"

		# Handle possible quoting
		[ "x${opt#val=}" = "x${opt}" ] || {
			case "${opt#val=}" in
			[\']*) opt_="${opts#val=\'}"; val="${opt_%%\'*}"; opt="val='${val}'" ;;
			[\"]*) opt_="${opts#val=\"}"; val="${opt_%%\"*}"; opt="val=\"${val}\"" ;;
			*)    val="${opt#val=}" ;;
			esac
		}
		[ "x${opt#keyval=}" = "x${opt}" ] || {
			case "${opt#keyval=}" in
			[\']*)
				opt_="${opts#keyval=\'}"
				keyval="${opt_%%\'*}"
				opt="keyval='${keyval}'"
				keyvals="${keyvals}
					${keyval}"
				;;
			[\"]*)
				opt_="${opts#keyval=\"}"
				keyval="${opt_%%\"*}"
				opt="keyval=\"${keyval}\""
				keyvals="${keyvals}
					${keyval}"
				;;
			*)
				keyvals="${keyvals}
					${opt#keyval=}"
				;;
			esac
		}

		opts="${opts#"${opt}"}"
		continue
	done

	[ -z "$key" -a -z "$val" ] || keyvals="${key}=${val}${keyvals}"

	[ -n "x${keyvals}" ] || {
		debug "Neither key=, val=, nor keyval= parameters were privoded"
		echo 2
		return
	}

	[ 1 = "$match_model" ] || {
		case "$nm_mode" in
		success) echo 0 ;;
		fail)    echo 1 ;;
		*)
			debug "Invalid no-model-mode value: \"${nm_mode}\""
			echo 2
			;;
		esac

		return
	}

	case "$mode" in
	success-equal|fail-equal) ;;
	*) debug "Invalid mode value: \"${nm_mode}\""; echo 2; return ;;
	esac

	printf "%s\n" "${keyvals}" | (
		while read l; do
			[ -n "$l" ] || continue
			key="${l%%[=:]*}"
			val="${l#${key}[=:]}"

			cmp="="
			[ "x${key%!}" = "x${key}" ] || {
				cmp="!="
				key="${key%!}"
			}

			# Check key for validity
			[ "x${valid_keys#* ${key} *}" != "x${valid_keys}" ] || {
				debug "Invalid \"key\" parameter value: \"${key}\""
				echo 2
				return
			}

			[ -r "/sys/devices/virtual/dmi/id/${key}" ] || {
				debug "Can't access /sys/devices/virtual/dmi/id/${key}"
				echo 3
				return
			}

			file_val="$(/bin/cat "/sys/devices/virtual/dmi/id/${key}")"

			[ "x${val}" "${cmp}" "x${file_val}" ] || {
				case "$mode" in
				success-equal) echo 1 ;;
				fail-equal)    echo 0 ;;
				esac

				return
			}
		done

		case "$mode" in
		success-equal) echo 0 ;;
		fail-equal)    echo 1 ;;
		esac
	)
}

# check_dependency CURLEVEL DEP_TYPE DEP_NAME OPTS
# DEP_TYPE:
#   required - caveat can be enabled only if dependency is enabled
#              (is not forcefully disabled and meets caveat conditions)
# OPTS:
#   match-model-mode=same [ on, off, same ] - what mode matching mode is to be used for dependency
#   skip=skip [ fail, skip, success ]
#   force-skip=skip [ fail, skip, success ]
#   nesting-too-deep=fail [ fail, skip, success ]
# Return values:
#   0 - success
#   1 - fail
#   2 - skip
#   9 - error
check_dependency()
{
	local cur_level="$1"
	local dep_type="$2"
	local dep_name="$3"
	local match_model_mode=same old_match_model="${match_model}"
	local skip=skip
	local force_skip=skip
	local nesting_too_deep=fail

	local check="Dependency check for ${dep_type} ${dep_name}"

	set -- ${4:-}
	while [ "$#" -gt 0 ]; do
		[ "x${1#match-model-mode=}" = "x${1}" ] || match_model_mode="${1#match-model-mode=}"
		[ "x${1#skip=}" = "x${1}" ] || skip="${1#skip=}"
		[ "x${1#force-skip=}" = "x${1}" ] || force_skip="${1#force-skip=}"
		[ "x${1#nesting-too-deep=}" = "x${1}" ] || nesting_too_deep="${1#nesting-too-deep=}"

		shift
	done

	case "${dep_type}" in
	required)
		[ "x${dep_name%/*}" = "x${dep_name}" ] || {
			debug "${check} error: dependency name (${dep_name})" \
			      "cannot contain slashes"
			echo 9
			return
		}

		[ "${MAX_NESTING_LEVEL}" -ge "$cur_level" ] || {
			local reason="nesting level is too deep (${cur_level}) and nesting-too-deep='${nesting_too_deep}'"

			case "$nesting_too_deep" in
			success) debug "${check} succeeded: ${reason}"; echo 0 ;;
			fail)    debug "${check} failed: ${reason}"; echo 1 ;;
			skip)    debug "${check} skipped: ${reason}"; echo 2 ;;
			*)       debug "${check} error: invalid" \
				       "nesting-too-deep mode" \
				       "(${nesting_too_deep})"; echo 9 ;;
			esac

			return
		}

		case "${match_model_mode}" in
		same) ;;
		on)   match_model=1 ;;
		off)  match_model=0 ;;
		*)
			debug "${check} error: invalid match-model-mode" \
			      "(${match_model_mode})"
			echo 9
			return
			;;
		esac

		local result=0
		debug "${check}: calling check_caveat '${dep_name}'" \
		      "'$(($cur_level + 1))' match_model=${match_model}"
		check_caveat "${dep_name}" "$(($cur_level + 1))" > /dev/null || result="$?"

		match_model="${old_match_model}"

		case "${result}" in
		0) debug "${check} succeeded: result=${result}"; echo "${result}" ;;
		1) debug "${check} failed: result=${result}"; echo "${result}" ;;
		2)
			local reason="result=${result} and skip='${skip}'"

			case "${skip}" in
			success) debug "${check} succeeded: ${reason}"; echo 0 ;;
			fail)    debug "${check} failed: ${reason}"; echo 1 ;;
			skip)    debug "${check} skipped: ${reason}"; echo 2 ;;
			*)       debug "${check} error: unexpected skip=" \
				       "setting (${skip})"; echo 9 ;;
			esac
			;;
		3)
			local reason="result=${result} and force_skip='${force_skip}'"

			case "${force_skip}" in
			success) debug "${check} succeeded: ${reason}"; echo 0 ;;
			fail)    debug "${check} failed: ${reason}"; echo 1 ;;
			skip)    debug "${check} skipped: ${reason}"; echo 2 ;;
			*)       debug "${check} error: unexpected force-skip=" \
				       "setting (${skip})"; echo 9 ;;
			esac
			;;
		*)
			debug "${check} error: unexpected check_caveat result" \
			      "(${result})"; echo 9 ;;
		esac
		;;
	*)
		debug "${check} error: unknown dependency type '${dep_type}'"
		echo 9
		;;
	esac
}

# Provides model in format "VENDOR_ID FAMILY-MODEL-STEPPING"
#
# We check only the first processor as we don't expect non-symmetrical setups
# with CPUs with caveats
get_model_string()
{
	/usr/bin/printf "%s %02x-%02x-%02x" \
		$(/bin/sed -rn '1,/^$/{
			s/^vendor_id[[:space:]]*: (.*)$/\1/p;
			s/^cpu family[[:space:]]*: (.*)$/\1/p;
			s/^model[[:space:]]*: (.*)$/\1/p;
			s/^stepping[[:space:]]*: (.*)$/\1/p;
		}' /proc/cpuinfo)
}

get_model_name()
{
	/bin/sed -rn '1,/^$/s/^model name[[:space:]]*: (.*)$/\1/p' /proc/cpuinfo
}

get_vendor_id()
{
	/bin/sed -rn '1,/^$/s/^vendor_id[[:space:]]*: (.*)$/\1/p' /proc/cpuinfo
}

get_mc_path()
{
	case "$1" in
	GenuineIntel)
		echo "intel-ucode/$2"
		;;
	AuthenticAMD)
		echo "amd-ucode/$2"
		;;
	*)
		# We actually only support Intel ucode, but things may break
		# if nothing is printed (input would be gotten from stdin
		# otherwise).
		echo "invalid"
		;;
	esac
}

get_mc_ver()
{
	/bin/sed -rn '1,/^$/s/^microcode[[:space:]]*: (.*)$/\1/p' /proc/cpuinfo
}


match_model=0
configs=
kver=$(/bin/uname -r)
verbose=0
early_check=0
print_disclaimers=0

ret=0

while getopts "dek:c:mv" opt; do
	case "${opt}" in
	d)
		print_disclaimers=1
		early_check=2
		;;
	e)
		early_check=1
		;;
	k)
		kver="$OPTARG"
		;;
	c)
		configs="$configs $OPTARG"
		;;
	m)
		match_model=1
		;;
	v)
		verbose=1
		;;
	*)
		usage
		exit 1;
		;;
	esac
done

: "${configs:=$(find "${MC_CAVEATS_DATA_DIR}" -maxdepth 1 -mindepth 1 -type d -printf "%f\n")}"

cpu_model=$(get_model_string)
cpu_model_name=$(get_model_name)
cpu_vendor=$(get_vendor_id)

ret_paths=""
ok_paths=""
fail_paths=""

ret_cfgs=""
ok_cfgs=""
fail_cfgs=""

skip_cfgs=""

if [ 1 -eq "$early_check" ]; then
	stage="early"
else
	stage="late"
fi

# check_caveat CFG [CHECK_LEVEL]
# changes ret_paths, ok_paths, fail_paths, ret_cfgs, ok_cfgs, fail_cfgs,
# skip_cfgs if CHECK_LEVEL is set to 0 (default).
# CHECK_LEVEL is used for recursive configuration dependency checks,
# and indicates nesting level.
# Return value:
#  0 - check is successful
#  1 - check has been failed
#  2 - configuration has been skipped
#  3 - configuration has been skipped due to presence of an override file
check_caveat() {
	local cfg="$1"
	local check_level="${2:-0}"
	local dir="$MC_CAVEATS_DATA_DIR/$cfg"

	[ -r "${dir}/readme" ] || {
		debug "File 'readme' in ${dir} is not found, skipping"
		return 2
	}

	[ -r "${dir}/config" ] || {
		debug "File 'config' in ${dir} is not found, skipping"
		return 2
	}

	local cfg_model=
	local cfg_vendor=
	local cfg_path=
	local cfg_kvers=
	local cfg_kvers_early=
	local cfg_mc_min_ver_late=
	local cfg_disable=
	local cfg_pci=
	local cfg_dmi=
	local cfg_dependency=

	local key
	local value

	while read -r key value; do
		case "$key" in
		model)
			cfg_model="$value"
			;;
		vendor)
			cfg_vendor="$value"
			;;
		path)
			cfg_path="$cfg_path $value"
			;;
		kernel)
			cfg_kvers="$cfg_kvers $value"
			;;
		kernel_early)
			cfg_kvers_early="$cfg_kvers_early $value"
			;;
		mc_min_ver_late)
			cfg_mc_min_ver_late="$value"
			;;
		disable)
			cfg_disable="$cfg_disable $value "
			;;
		pci_config_val)
			cfg_pci="$cfg_pci
				$value"
			;;
		dmi)
			cfg_dmi="$cfg_dmi
				$value"
			;;
		dependency)
			cfg_dependency="$cfg_dependency
				$value"
			;;
		'#'*|'')
			continue
			;;
		*)
			debug "Unknown key '$key' (value '$value') in config" \
			      "'$cfg'"
			;;
		esac
	done < "${dir}/config"

	debug "${cfg}: model '$cfg_model', path '$cfg_path', kvers '$cfg_kvers'"
	echo "$cfg_path"

	# Check for override files in the following order:
	#  - disallow early/late specific caveat for specific kernel
	#  - force early/late specific caveat for specific kernel
	#  - disallow specific caveat for specific kernel
	#  - force specific caveat for specific kernel
	#
	#  - disallow early/late specific caveat for any kernel
	#  - disallow early/late any caveat for specific kernel
	#  - force early/late specific caveat for any kernel
	#  - force early/late any caveat for specific kernel
	#  - disallow specific caveat for any kernel
	#  - disallow any caveat for specific kernel
	#  - force specific caveat for any kernel
	#  - force any caveat for specific kernel
	#
	#  - disallow early/late everything
	#  - force early/late everyhting
	#  - disallow everything
	#  - force everyhting
	local ignore_cfg=0
	local force_cfg=0
	local override_file=""
	local overrides="
	0:$FW_DIR/$kver/disallow-$stage-$cfg
	1:$FW_DIR/$kver/force-$stage-$cfg
	0:$FW_DIR/$kver/disallow-$cfg
	1:$FW_DIR/$kver/force-$cfg
	0:$FW_DIR/$kver/disallow-$stage
	0:$CFG_DIR/disallow-$stage-$cfg
	1:$FW_DIR/$kver/force-$stage
	1:$CFG_DIR/force-$stage-$cfg
	0:$FW_DIR/$kver/disallow
	0:$CFG_DIR/disallow-$cfg
	1:$FW_DIR/$kver/force
	1:$CFG_DIR/force-$cfg
	0:$CFG_DIR/disallow-$stage
	1:$CFG_DIR/force-$stage
	0:$CFG_DIR/disallow
	1:$CFG_DIR/force"
	local o
	local o_force
	local override_file
	for o in $(echo "$overrides"); do
		o_force=${o%%:*}
		override_file=${o#$o_force:}

		[ -e "$override_file" ] || continue

		if [ 0 -eq "$o_force" ]; then
			ignore_cfg=1
		else
			force_cfg=1
		fi

		break
	done

	[ 0 -eq "$ignore_cfg" ] || {
		debug "Configuration \"$cfg\" is ignored due to presence of" \
		      "\"$override_file\"."
		return 3
	}

	# Check model if model filter is enabled
	if [ 1 -eq "$match_model" -a  -n "$cfg_model" ]; then
		[ "x$cpu_model" = "x$cfg_model" ] || {
			debug "Current CPU model '$cpu_model' doesn't" \
			      "match configuration CPU model '$cfg_model'," \
			      "skipping"
			return 2
		}
	fi

	# Check paths if model filter is enabled
	local cpu_mc_path
	local cfg_mc_present
	if [ 1 -eq "$match_model" -a  -n "$cfg_path" ]; then
		cpu_mc_path="$MC_CAVEATS_DATA_DIR/$cfg/$(get_mc_path \
			"$cpu_vendor" "${cpu_model#* }")"
		cfg_mc_present=0

		for p in $(printf "%s" "$cfg_path"); do
			/usr/bin/find "$MC_CAVEATS_DATA_DIR/$cfg" \
				-path "$MC_CAVEATS_DATA_DIR/$cfg/$p" -print0 \
			    | /bin/grep -zFxc "$cpu_mc_path" > /dev/null \
			    || continue

			cfg_mc_present=1
			break
		done

		[ 1 = "$cfg_mc_present" ] || {
			debug "No matching microcode files in '$cfg_path'" \
			      "for CPU model '$cpu_model', skipping"
			return 2
		}
	fi

	# Check vendor if model filter is enabled
	if [ 1 -eq "$match_model" -a  -n "$cfg_vendor" ]; then
		[ "x$cpu_vendor" = "x$cfg_vendor" ] || {
			debug "Current CPU vendor '$cpu_vendor' doesn't" \
			      "match configuration CPU vendor '$cfg_vendor'," \
			      "skipping"
			return 2
		}
	fi

	# Has to be performed before dependency checks
	[ 0 -eq "$force_cfg" ] || {
		debug "Checks for configuration \"$cfg\" are ignored due to" \
		      "presence of \"$override_file\"."

		return 0
	}

	# Check dependencies
	# It has to be performed here (before adding configuration
	# to $ret_cfgs/$ret_paths) since it may be skipped.
	if [ -n "$cfg_dependency" ]; then
		dep_line="$(printf "%s\n" "$cfg_dependency" | \
			while read -r dep_type dep_name dep_opts
			do
				[ -n "$dep_type" ] || continue
				dep_res=$(check_dependency "$check_level" \
							   "$dep_type" \
							   "$dep_name" \
							   "$dep_opts")
				[ 0 != "$dep_res" ] || continue
				echo "$dep_res $dep_type $dep_name $dep_opts"
				break
			done
			echo "0 ")"

		case "${dep_line%% *}" in
		0) ;;
		2)
			debug "Dependency check '${dep_line#* }'" \
			      "induced configuration skip"
			return 2
			;;
		*)
			debug "Dependency check '${dep_line#* }'" \
			      "failed (with return code ${dep_line%% *})"
			return 1
			;;
		esac
	fi

	# Check configuration files

	[ "x${cfg_disable%%* $stage *}" = "x$cfg_disable" ] || {
		debug "${cfg}: caveat is disabled in configuration"
		return 1
	}

	# Check late load kernel version
	if [ 1 -ne "$early_check" -a -n "$cfg_kvers" ]; then
		check_kver "$kver" $cfg_kvers || {
			debug "${cfg}: late load kernel version check for" \
			      " '$kver' against '$cfg_kvers' failed"
			return 1
		}
	fi

	# Check early load kernel version
	if [ 0 -ne "$early_check" -a -n "$cfg_kvers_early" ]; then
		check_kver "$kver" $cfg_kvers_early || {
			debug "${cfg}: early load kernel version check for" \
			      "'$kver' against '$cfg_kvers_early' failed"
			return 1
		}
	fi

	# Check current microcode version for the late update
	if [ -n "$cfg_mc_min_ver_late" -a 1 -ne "$early_check" -a \
	   "x$cpu_model" = "x$cfg_model" ]; then
		cpu_mc_ver="$(get_mc_ver)"

		[ 1 -eq $((cpu_mc_ver >= cfg_mc_min_ver_late)) ] || {
			debug "${cfg}: CPU microcode version $cpu_mc_ver" \
			      "failed check (should be at least" \
			      "${cfg_mc_min_ver_late})"
			return 1
		}
	fi

	# Check PCI devices if model filter is enabled
	# Note that the model filter check is done inside check_pci_config_val
	# based on the 'mode=' parameter.
	if [ -n "$cfg_pci" ]; then
		pci_line="$(printf "%s\n" "$cfg_pci" | while read -r pci_line; do
				[ -n "$pci_line" ] || continue
				pci_res=$(check_pci_config_val "$pci_line" \
							       "$match_model")
				[ 0 != "$pci_res" ] || continue
				echo "$pci_res $pci_line"
				break
			done
			echo "0 ")"

		[ -z "${pci_line#* }" ] || {
			debug "PCI configuration word check '${pci_line#* }'" \
			      "failed (with return code ${pci_line%% *})"
			return 1
		}
	fi

	# Check DMI data if model filter is enabled
	# Note that the model filter check is done inside check_dmi_val
	# (which returns the value of 'no-model-mode=' parameter
	# if it is disenaged).
	if [ -n "$cfg_dmi" ]; then
		dmi_line="$(printf "%s\n" "$cfg_dmi" | while read -r dmi_line
			do
				[ -n "$dmi_line" ] || continue
				dmi_res=$(check_dmi_val "$dmi_line" \
							"$match_model")
				[ 0 != "$dmi_res" ] || continue
				echo "$dmi_res $dmi_line"
				break
			done
			echo "0 ")"

		[ -z "${dmi_line#* }" ] || {
			debug "DMI data check '${dmi_line#* }'" \
			      "failed (with return code ${dmi_line%% *})"
			return 1
		}
	fi

	return 0
}

for cfg in $(echo "${configs}"); do
	if cfg_path=$(check_caveat "$cfg"; exit "$?")
	then
		ret_cfgs="$ret_cfgs $cfg"
		ret_paths="$ret_paths $cfg_path"
		ok_cfgs="$ok_cfgs $cfg"
		ok_paths="$ok_paths $cfg_path"
	else
		case "$?" in
		1)
			ret=1

			ret_cfgs="$ret_cfgs $cfg"
			ret_paths="$ret_paths $cfg_path"
			fail_cfgs="$fail_cfgs $cfg"
			fail_paths="$fail_paths $cfg_path"

			[ 0 -eq "$print_disclaimers" ] \
				|| [ ! -e "${MC_CAVEATS_DATA_DIR}/${cfg}/disclaimer" ] \
				|| /bin/cat "${MC_CAVEATS_DATA_DIR}/${cfg}/disclaimer"
			;;
		2|3)
			skip_cfgs="$skip_cfgs $cfg";
			;;
		*)
			debug "Unexpected check_caveat return code '$?'" \
			      "for config '$cfg'"
			;;
		esac
	fi
done

[ 0 -eq "$print_disclaimers" ] || exit 0

echo "cfgs$ret_cfgs"
echo "skip_cfgs$skip_cfgs"
echo "paths$ret_paths"
echo "ok_cfgs$ok_cfgs"
echo "ok_paths$ok_paths"
echo "fail_cfgs$fail_cfgs"
echo "fail_paths$fail_paths"

exit $ret

Youez - 2016 - github.com/yon3zu
LinuXploit