1// Copyright 2019 The Prometheus Authors 2// Licensed under the Apache License, Version 2.0 (the "License"); 3// you may not use this file except in compliance with the License. 4// You may obtain a copy of the License at 5// 6// http://www.apache.org/licenses/LICENSE-2.0 7// 8// Unless required by applicable law or agreed to in writing, software 9// distributed under the License is distributed on an "AS IS" BASIS, 10// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11// See the License for the specific language governing permissions and 12// limitations under the License. 13 14package sysfs 15 16import ( 17 "fmt" 18 "io/ioutil" 19 "path/filepath" 20 "strings" 21) 22 23const ( 24 notAffected = "Not Affected" 25 vulnerable = "Vulnerable" 26 mitigation = "Mitigation" 27) 28 29// CPUVulnerabilities retrieves a map of vulnerability names to their mitigations. 30func (fs FS) CPUVulnerabilities() ([]Vulnerability, error) { 31 matches, err := filepath.Glob(fs.sys.Path("devices/system/cpu/vulnerabilities/*")) 32 if err != nil { 33 return nil, err 34 } 35 36 vulnerabilities := make([]Vulnerability, 0, len(matches)) 37 for _, match := range matches { 38 name := filepath.Base(match) 39 40 value, err := ioutil.ReadFile(match) 41 if err != nil { 42 return nil, err 43 } 44 45 v, err := parseVulnerability(name, string(value)) 46 if err != nil { 47 return nil, err 48 } 49 50 vulnerabilities = append(vulnerabilities, v) 51 } 52 53 return vulnerabilities, nil 54} 55 56// Vulnerability represents a single vulnerability extracted from /sys/devices/system/cpu/vulnerabilities/ 57type Vulnerability struct { 58 CodeName string 59 State string 60 Mitigation string 61} 62 63func parseVulnerability(name, value string) (Vulnerability, error) { 64 v := Vulnerability{CodeName: name} 65 value = strings.TrimSpace(value) 66 if value == notAffected { 67 v.State = notAffected 68 return v, nil 69 } 70 71 if strings.HasPrefix(value, vulnerable) { 72 v.State = vulnerable 73 v.Mitigation = strings.TrimPrefix(strings.TrimPrefix(value, vulnerable), ": ") 74 return v, nil 75 } 76 77 if strings.HasPrefix(value, mitigation) { 78 v.State = mitigation 79 v.Mitigation = strings.TrimPrefix(strings.TrimPrefix(value, mitigation), ": ") 80 return v, nil 81 } 82 83 return v, fmt.Errorf("unknown vulnerability state for %s: %s", name, value) 84} 85