diff options
Diffstat (limited to 'runsc/mitigate')
-rw-r--r-- | runsc/mitigate/mitigate.go | 5 | ||||
-rw-r--r-- | runsc/mitigate/mitigate_test.go | 13 | ||||
-rw-r--r-- | runsc/mitigate/mock/mock.go | 31 |
3 files changed, 29 insertions, 20 deletions
diff --git a/runsc/mitigate/mitigate.go b/runsc/mitigate/mitigate.go index 24f67414c..88409af8f 100644 --- a/runsc/mitigate/mitigate.go +++ b/runsc/mitigate/mitigate.go @@ -50,7 +50,7 @@ const ( type CPUSet map[threadID]*ThreadGroup // NewCPUSet creates a CPUSet from data read from /proc/cpuinfo. -func NewCPUSet(data []byte, vulnerable func(Thread) bool) (CPUSet, error) { +func NewCPUSet(data []byte) (CPUSet, error) { processors, err := getThreads(string(data)) if err != nil { return nil, err @@ -67,7 +67,7 @@ func NewCPUSet(data []byte, vulnerable func(Thread) bool) (CPUSet, error) { core = &ThreadGroup{} set[p.id] = core } - core.isVulnerable = core.isVulnerable || vulnerable(p) + core.isVulnerable = core.isVulnerable || p.IsVulnerable() core.threads = append(core.threads, p) } @@ -446,6 +446,7 @@ func buildRegex(key, match string) *regexp.Regexp { func parseRegex(data, key, match string) (string, error) { r := buildRegex(key, match) matches := r.FindStringSubmatch(data) + if len(matches) < 2 { return "", fmt.Errorf("failed to match key %q: %q", key, data) } diff --git a/runsc/mitigate/mitigate_test.go b/runsc/mitigate/mitigate_test.go index bd5a2433f..890c65f05 100644 --- a/runsc/mitigate/mitigate_test.go +++ b/runsc/mitigate/mitigate_test.go @@ -54,14 +54,13 @@ func TestMockCPUSet(t *testing.T) { } { t.Run(tc.testCase.Name, func(t *testing.T) { data := tc.testCase.MakeCPUString() - vulnerable := func(t Thread) bool { - return t.IsVulnerable() - } - set, err := NewCPUSet([]byte(data), vulnerable) + set, err := NewCPUSet([]byte(data)) if err != nil { t.Fatalf("Failed to create cpuSet: %v", err) } + t.Logf("data: %s", data) + for _, tg := range set { if err := checkSorted(tg.threads); err != nil { t.Fatalf("Failed to sort cpuSet: %v", err) @@ -260,11 +259,7 @@ func TestReadFile(t *testing.T) { t.Fatalf("Failed to read cpuinfo: %v", err) } - vulnerable := func(t Thread) bool { - return t.IsVulnerable() - } - - set, err := NewCPUSet(data, vulnerable) + set, err := NewCPUSet(data) if err != nil { t.Fatalf("Failed to parse CPU data %v\n%s", err, data) } diff --git a/runsc/mitigate/mock/mock.go b/runsc/mitigate/mock/mock.go index 2db718cb9..12c59e356 100644 --- a/runsc/mitigate/mock/mock.go +++ b/runsc/mitigate/mock/mock.go @@ -82,6 +82,19 @@ var Haswell2core = CPU{ ThreadsPerCore: 1, } +// AMD2 is an two core AMD machine. +var AMD2 = CPU{ + Name: "AMD", + VendorID: "AuthenticAMD", + Family: 23, + Model: 49, + ModelName: "AMD EPYC 7B12", + Bugs: "sysret_ss_attrs spectre_v1 spectre_v2 spec_store_bypass", + PhysicalCores: 1, + Cores: 1, + ThreadsPerCore: 2, +} + // AMD8 is an eight core AMD machine. var AMD8 = CPU{ Name: "AMD", @@ -115,15 +128,15 @@ bugs : %s for k := 0; k < tc.ThreadsPerCore; k++ { processorNum := (i*tc.Cores+j)*tc.ThreadsPerCore + k ret += fmt.Sprintf(template, - processorNum, /*processor*/ - tc.VendorID, /*vendor_id*/ - tc.Family, /*cpu family*/ - tc.Model, /*model*/ - tc.ModelName, /*model name*/ - i, /*physical id*/ - j, /*core id*/ - tc.Cores*tc.PhysicalCores, /*cpu cores*/ - tc.Bugs, /*bugs*/ + processorNum, /*processor*/ + tc.VendorID, /*vendor_id*/ + tc.Family, /*cpu family*/ + tc.Model, /*model*/ + tc.ModelName, /*model name*/ + i, /*physical id*/ + j, /*core id*/ + k, /*cpu cores*/ + tc.Bugs, /*bugs*/ ) } } |