1
0
mirror of https://github.com/speed47/spectre-meltdown-checker synced 2025-01-05 10:59:07 +01:00

feat: better cleanup routine on exit & interrupt

This commit is contained in:
Stéphane Lesimple 2018-02-02 11:09:36 +01:00
parent b7a10126d1
commit 07afd95b63

View File

@ -10,6 +10,18 @@
# #
VERSION='0.34+' VERSION='0.34+'
trap 'exit_cleanup' EXIT
trap '_warn "interrupted, cleaning up..."; exit_cleanup; exit 1' INT
exit_cleanup()
{
# cleanup the temp decompressed config & kernel image
[ -n "$dumped_config" ] && [ -f "$dumped_config" ] && rm -f "$dumped_config"
[ -n "$vmlinuxtmp" ] && [ -f "$vmlinuxtmp" ] && rm -f "$vmlinuxtmp"
[ "$mounted_debugfs" = 1 ] && umount /sys/kernel/debug 2>/dev/null
[ "$insmod_cpuid" = 1 ] && rmmod cpuid 2>/dev/null
[ "$insmod_msr" = 1 ] && rmmod msr 2>/dev/null
}
show_usage() show_usage()
{ {
# shellcheck disable=SC2086 # shellcheck disable=SC2086
@ -577,8 +589,6 @@ extract_vmlinux()
[ -n "$1" ] || return 1 [ -n "$1" ] || return 1
# Prepare temp files: # Prepare temp files:
vmlinuxtmp="$(mktemp /tmp/vmlinux-XXXXXX)" vmlinuxtmp="$(mktemp /tmp/vmlinux-XXXXXX)"
# single quotes in trap cmd: will be expanded when signalled
trap 'rm -f $vmlinuxtmp' EXIT INT
# Initial attempt for uncompressed images or objects: # Initial attempt for uncompressed images or objects:
if check_vmlinux "$1"; then if check_vmlinux "$1"; then
@ -607,44 +617,18 @@ mount_debugfs()
fi fi
} }
umount_debugfs()
{
if [ "$mounted_debugfs" = 1 ]; then
# umount debugfs if we did mount it ourselves
umount /sys/kernel/debug
fi
}
load_msr() load_msr()
{ {
modprobe msr 2>/dev/null && insmod_msr=1 modprobe msr 2>/dev/null && insmod_msr=1
_debug "attempted to load module msr, insmod_msr=$insmod_msr" _debug "attempted to load module msr, insmod_msr=$insmod_msr"
} }
unload_msr()
{
if [ "$insmod_msr" = 1 ]; then
# if we used modprobe ourselves, rmmod the module
rmmod msr 2>/dev/null
_debug "attempted to unload module msr, ret=$?"
fi
}
load_cpuid() load_cpuid()
{ {
modprobe cpuid 2>/dev/null && insmod_cpuid=1 modprobe cpuid 2>/dev/null && insmod_cpuid=1
_debug "attempted to load module cpuid, insmod_cpuid=$insmod_cpuid" _debug "attempted to load module cpuid, insmod_cpuid=$insmod_cpuid"
} }
unload_cpuid()
{
if [ "$insmod_cpuid" = 1 ]; then
# if we used modprobe ourselves, rmmod the module
rmmod cpuid 2>/dev/null
_debug "attempted to unload module cpuid, ret=$?"
fi
}
read_cpuid() read_cpuid()
{ {
_leaf="$1" _leaf="$1"
@ -859,9 +843,6 @@ if [ "$opt_coreos" = 1 ]; then
mount_debugfs mount_debugfs
toolbox --ephemeral --bind-ro /dev/cpu:/dev/cpu -- sh -c "dnf install -y binutils which && /media/root$PWD/$0 $* --coreos-within-toolbox" toolbox --ephemeral --bind-ro /dev/cpu:/dev/cpu -- sh -c "dnf install -y binutils which && /media/root$PWD/$0 $* --coreos-within-toolbox"
exitcode=$? exitcode=$?
mount_debugfs
unload_cpuid
unload_msr
exit $exitcode exit $exitcode
else else
if is_coreos; then if is_coreos; then
@ -1840,15 +1821,6 @@ fi
_info "A false sense of security is worse than no security at all, see --disclaimer" _info "A false sense of security is worse than no security at all, see --disclaimer"
# this'll umount only if we mounted debugfs ourselves
umount_debugfs
# same for modules
unload_msr
unload_cpuid
# cleanup the temp decompressed config
[ -n "$dumped_config" ] && [ -f "$dumped_config" ] && rm -f "$dumped_config"
if [ "$opt_batch" = 1 ] && [ "$opt_batch_format" = "nrpe" ]; then if [ "$opt_batch" = 1 ] && [ "$opt_batch_format" = "nrpe" ]; then
if [ ! -z "$nrpe_vuln" ]; then if [ ! -z "$nrpe_vuln" ]; then
echo "Vulnerable:$nrpe_vuln" echo "Vulnerable:$nrpe_vuln"