????

Your IP : 18.225.209.152

Current Path : /proc/324102/root/usr/bin/
Upload File :
Current File : //proc/324102/root/usr/bin/remove_meltdown_kernels_from_grub.py

#!/usr/bin/python

import os
import re
import subprocess
import sys


KERNELS_TO_REMOVE = ['3.10.0-714.10.2.lve1.5.9', '3.10.0-714.10.2.lve1.5.8',
                     '3.10.0-714.10.2.lve1.4.80', '3.10.0-714.10.2.lve1.4.79',
                     '2.6.32-896.16.1.lve1.4.50', '2.6.32-896.16.1.lve1.4.49',
                     '2.6.32-896.16.1.lve1.4.48', '2.6.32-896.16.1.lve1.4.51']

SUGGESTED_KERNELS = {'cl6': 'kernel-2.6.32-896.16.1.lve1.4.46.el6',
                     'cl7_reseller': 'kernel-3.10.0-714.10.2.lve1.5.7.el7',
                     'cl6h_reseller': 'kernel-3.10.0-714.10.2.lve1.5.7.el6h',
                     'cl7': 'kernel-3.10.0-714.10.2.lve1.4.78.el7'}


def run_shell_cmd(cmd):
    return subprocess.Popen(cmd, stdout=subprocess.PIPE, shell=True).communicate()


def remove_kernel_from_grub(kernel_ver):
    grubby_cmd = 'grubby --remove-kernel=/boot/vmlinuz-%s' % kernel_ver
    print u'Removing kernel %s as it contains Meltdown fix which currently doesn\'t work on Xen PV' % kernel_ver
    run_shell_cmd(grubby_cmd)


def detect_xen_pv():
    out, _ = run_shell_cmd('virt-what')
    if 'xen' in out:
        has_pci = os.listdir('/sys/bus/pci/devices')
        if not has_pci:
            return True
        return False
    return False


def get_kernel_versions():
    # We're assuming that every kernel should have its initramfs file
    initrd_re = re.compile('^initramfs-\w.+.img$')
    ver_re = re.compile('\d.+-\d.+lve\d.\d.\d+.el\w+.(x86_64|i686)')
    initrd_list = [item for item in os.listdir('/boot') if initrd_re.match(item)]
    ver_list = []
    for item in initrd_list:
        ver = ver_re.search(item)
        if ver:
            ver_list.append(ver.group())
    return set(ver_list)


def get_dist_version():
    current_kernel, _ = run_shell_cmd('uname -r')
    current_kernel = current_kernel.strip()
    if '2.6.32' in current_kernel:
        return 'cl6'
    elif '3.10.0' in current_kernel:
        if 'lve1.5' in current_kernel and '.el6h' in current_kernel:
            return 'cl6h_reseller'
        elif '.el6h' in current_kernel:
            return 'cl6h'
        elif 'lve1.5' in current_kernel:
            return 'cl7_reseller'
        else:
            return 'cl7'
    else:
        raise Exception('Unknown kernel version')


if __name__ == '__main__':
    is_xen_pv = detect_xen_pv()
    kernel_vers = get_kernel_versions()
    dist = get_dist_version()
    if is_xen_pv and kernel_vers and kernel_vers.issubset(KERNELS_TO_REMOVE):
        print u'WARNING: your system has only kernels with fix for Meltdown/Spectre attacks installed, you will not be able to boot after reboot'
        print u'Please install % kernel to avoid this problem' % SUGGESTED_KERNELS[dist]
        sys.exit(0)
    if is_xen_pv:
        print u'Your system is detected like Xen PV instance'
        print u'Checking if any kernels with Meltdown fix are installed on the system'
        for kernel_ver in kernel_vers:
            if any([item in kernel_ver for item in KERNELS_TO_REMOVE]):
                remove_kernel_from_grub(kernel_ver)