fs: Disable many filesystems under lockdown

The idea is to permit the following: btrfs, cpio, exfat, ext, f2fs, fat,
hfsplus, iso9660, squash4, tar, xfs and zfs.

The JFS, ReiserFS, romfs, UDF and UFS security vulnerabilities were
reported by Jonathan Bar Or <jonathanbaror@gmail.com>.

Fixes: CVE-2025-0677
Fixes: CVE-2025-0684
Fixes: CVE-2025-0685
Fixes: CVE-2025-0686
Fixes: CVE-2025-0689
Suggested-by: Daniel Axtens <dja@axtens.net>
Signed-off-by: Daniel Axtens <dja@axtens.net>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>

diff --git a/grub-core/fs/affs.c b/grub-core/fs/affs.c
index 9b0afb9541ef23b94665274775de88e6eaed3c42..520a001c7572d761caaee579efa93c0cac81f025 100644 (file)
--- a/grub-core/fs/affs.c
+++ b/grub-core/fs/affs.c
@@ -26,6 +26,7 @@
 #include <grub/types.h>
 #include <grub/fshelp.h>
 #include <grub/charset.h>
+#include <grub/lockdown.h>
 
 GRUB_MOD_LICENSE ("GPLv3+");
 
@@ -703,12 +704,16 @@ static struct grub_fs grub_affs_fs =
 
 GRUB_MOD_INIT(affs)
 {
-  grub_affs_fs.mod = mod;
-  grub_fs_register (&grub_affs_fs);
+  if (!grub_is_lockdown ())
+    {
+      grub_affs_fs.mod = mod;
+      grub_fs_register (&grub_affs_fs);
+    }
   my_mod = mod;
 }
 
 GRUB_MOD_FINI(affs)
 {
-  grub_fs_unregister (&grub_affs_fs);
+  if (!grub_is_lockdown ())
+    grub_fs_unregister (&grub_affs_fs);
 }

diff --git a/grub-core/fs/cbfs.c b/grub-core/fs/cbfs.c
index 2332745fe8a53918f9adcc0d467aee6c77fcca2f..b62c8777cfc08c95df978e5a667b320581ab3dbd 100644 (file)
--- a/grub-core/fs/cbfs.c
+++ b/grub-core/fs/cbfs.c
@@ -26,6 +26,7 @@
 #include <grub/dl.h>
 #include <grub/i18n.h>
 #include <grub/cbfs_core.h>
+#include <grub/lockdown.h>
 
 GRUB_MOD_LICENSE ("GPLv3+");
 
@@ -390,13 +391,17 @@ GRUB_MOD_INIT (cbfs)
 #if (defined (__i386__) || defined (__x86_64__)) && !defined (GRUB_UTIL) && !defined (GRUB_MACHINE_EMU) && !defined (GRUB_MACHINE_XEN)
   init_cbfsdisk ();
 #endif
-  grub_cbfs_fs.mod = mod;
-  grub_fs_register (&grub_cbfs_fs);
+  if (!grub_is_lockdown ())
+    {
+      grub_cbfs_fs.mod = mod;
+      grub_fs_register (&grub_cbfs_fs);
+    }
 }
 
 GRUB_MOD_FINI (cbfs)
 {
-  grub_fs_unregister (&grub_cbfs_fs);
+  if (!grub_is_lockdown ())
+    grub_fs_unregister (&grub_cbfs_fs);
 #if (defined (__i386__) || defined (__x86_64__)) && !defined (GRUB_UTIL) && !defined (GRUB_MACHINE_EMU) && !defined (GRUB_MACHINE_XEN)
   fini_cbfsdisk ();
 #endif

diff --git a/grub-core/fs/jfs.c b/grub-core/fs/jfs.c
index a82800ac329261804b8a1a915409ae0fc4b291fe..03be9ef4cf505192a8da81e74de28ace463f9964 100644 (file)
--- a/grub-core/fs/jfs.c
+++ b/grub-core/fs/jfs.c
@@ -26,6 +26,7 @@
 #include <grub/types.h>
 #include <grub/charset.h>
 #include <grub/i18n.h>
+#include <grub/lockdown.h>
 
 GRUB_MOD_LICENSE ("GPLv3+");
 
@@ -1004,12 +1005,16 @@ static struct grub_fs grub_jfs_fs =
 
 GRUB_MOD_INIT(jfs)
 {
-  grub_jfs_fs.mod = mod;
-  grub_fs_register (&grub_jfs_fs);
+  if (!grub_is_lockdown ())
+    {
+      grub_jfs_fs.mod = mod;
+      grub_fs_register (&grub_jfs_fs);
+    }
   my_mod = mod;
 }
 
 GRUB_MOD_FINI(jfs)
 {
-  grub_fs_unregister (&grub_jfs_fs);
+  if (!grub_is_lockdown ())
+    grub_fs_unregister (&grub_jfs_fs);
 }

diff --git a/grub-core/fs/minix.c b/grub-core/fs/minix.c
index b7679c3e257f60e4c6843d46035e81be8b2cea86..4440fcca83ecec0356309121fa54146c614ca8e3 100644 (file)
--- a/grub-core/fs/minix.c
+++ b/grub-core/fs/minix.c
@@ -25,6 +25,7 @@
 #include <grub/dl.h>
 #include <grub/types.h>
 #include <grub/i18n.h>
+#include <grub/lockdown.h>
 
 GRUB_MOD_LICENSE ("GPLv3+");
 
@@ -734,8 +735,11 @@ GRUB_MOD_INIT(minix)
 #endif
 #endif
 {
-  grub_minix_fs.mod = mod;
-  grub_fs_register (&grub_minix_fs);
+  if (!grub_is_lockdown ())
+    {
+      grub_minix_fs.mod = mod;
+      grub_fs_register (&grub_minix_fs);
+    }
   my_mod = mod;
 }
 
@@ -757,5 +761,6 @@ GRUB_MOD_FINI(minix)
 #endif
 #endif
 {
-  grub_fs_unregister (&grub_minix_fs);
+  if (!grub_is_lockdown ())
+    grub_fs_unregister (&grub_minix_fs);
 }

diff --git a/grub-core/fs/nilfs2.c b/grub-core/fs/nilfs2.c
index 4e1e7173866c280b30e695a7518e0e3e2da56ea0..26e6077ff2621b994288799a0e30109819d3c7a6 100644 (file)
--- a/grub-core/fs/nilfs2.c
+++ b/grub-core/fs/nilfs2.c
@@ -34,6 +34,7 @@
 #include <grub/dl.h>
 #include <grub/types.h>
 #include <grub/fshelp.h>
+#include <grub/lockdown.h>
 
 GRUB_MOD_LICENSE ("GPLv3+");
 
@@ -1231,12 +1232,16 @@ GRUB_MOD_INIT (nilfs2)
                                  grub_nilfs2_dat_entry));
   COMPILE_TIME_ASSERT (1 << LOG_INODE_SIZE
                       == sizeof (struct grub_nilfs2_inode));
-  grub_nilfs2_fs.mod = mod;
-  grub_fs_register (&grub_nilfs2_fs);
+  if (!grub_is_lockdown ())
+    {
+      grub_nilfs2_fs.mod = mod;
+      grub_fs_register (&grub_nilfs2_fs);
+    }
   my_mod = mod;
 }
 
 GRUB_MOD_FINI (nilfs2)
 {
-  grub_fs_unregister (&grub_nilfs2_fs);
+  if (!grub_is_lockdown ())
+    grub_fs_unregister (&grub_nilfs2_fs);
 }

diff --git a/grub-core/fs/ntfs.c b/grub-core/fs/ntfs.c
index 4e144cc3cd3f64d46f05344380921a79d39e838d..e00349b1dcc8e29d17cfadf1e6ce3ce3f5e2e7d4 100644 (file)
--- a/grub-core/fs/ntfs.c
+++ b/grub-core/fs/ntfs.c
@@ -27,6 +27,7 @@
 #include <grub/fshelp.h>
 #include <grub/ntfs.h>
 #include <grub/charset.h>
+#include <grub/lockdown.h>
 
 GRUB_MOD_LICENSE ("GPLv3+");
 
@@ -1541,12 +1542,16 @@ static struct grub_fs grub_ntfs_fs =
 
 GRUB_MOD_INIT (ntfs)
 {
-  grub_ntfs_fs.mod = mod;
-  grub_fs_register (&grub_ntfs_fs);
+  if (!grub_is_lockdown ())
+    {
+      grub_ntfs_fs.mod = mod;
+      grub_fs_register (&grub_ntfs_fs);
+    }
   my_mod = mod;
 }
 
 GRUB_MOD_FINI (ntfs)
 {
-  grub_fs_unregister (&grub_ntfs_fs);
+  if (!grub_is_lockdown ())
+    grub_fs_unregister (&grub_ntfs_fs);
 }

diff --git a/grub-core/fs/reiserfs.c b/grub-core/fs/reiserfs.c
index c3850e0138ed0f016816278480679fe084ab6bd8..5d3c859502adeec4cbdc335c345c1b2c9e8470d0 100644 (file)
--- a/grub-core/fs/reiserfs.c
+++ b/grub-core/fs/reiserfs.c
@@ -39,6 +39,7 @@
 #include <grub/types.h>
 #include <grub/fshelp.h>
 #include <grub/i18n.h>
+#include <grub/lockdown.h>
 
 GRUB_MOD_LICENSE ("GPLv3+");
 
@@ -1417,12 +1418,16 @@ static struct grub_fs grub_reiserfs_fs =
 
 GRUB_MOD_INIT(reiserfs)
 {
-  grub_reiserfs_fs.mod = mod;
-  grub_fs_register (&grub_reiserfs_fs);
+  if (!grub_is_lockdown ())
+    {
+      grub_reiserfs_fs.mod = mod;
+      grub_fs_register (&grub_reiserfs_fs);
+    }
   my_mod = mod;
 }
 
 GRUB_MOD_FINI(reiserfs)
 {
-  grub_fs_unregister (&grub_reiserfs_fs);
+  if (!grub_is_lockdown ())
+    grub_fs_unregister (&grub_reiserfs_fs);
 }

diff --git a/grub-core/fs/romfs.c b/grub-core/fs/romfs.c
index 56b0b2b2f3d02d2c22960208077637606f492512..eafab03b25b88d39d09e6abd2ce3d4401de77995 100644 (file)
--- a/grub-core/fs/romfs.c
+++ b/grub-core/fs/romfs.c
@@ -23,6 +23,7 @@
 #include <grub/disk.h>
 #include <grub/fs.h>
 #include <grub/fshelp.h>
+#include <grub/lockdown.h>
 
 GRUB_MOD_LICENSE ("GPLv3+");
 
@@ -475,11 +476,15 @@ static struct grub_fs grub_romfs_fs =
 
 GRUB_MOD_INIT(romfs)
 {
-  grub_romfs_fs.mod = mod;
-  grub_fs_register (&grub_romfs_fs);
+  if (!grub_is_lockdown ())
+    {
+      grub_romfs_fs.mod = mod;
+      grub_fs_register (&grub_romfs_fs);
+    }
 }
 
 GRUB_MOD_FINI(romfs)
 {
-  grub_fs_unregister (&grub_romfs_fs);
+  if (!grub_is_lockdown ())
+    grub_fs_unregister (&grub_romfs_fs);
 }

diff --git a/grub-core/fs/sfs.c b/grub-core/fs/sfs.c
index f0d7cac435f71fe1e769028a1b2349f279ff50b7..88705b3a29cab98d51e3373541d2478cbdfe4d88 100644 (file)
--- a/grub-core/fs/sfs.c
+++ b/grub-core/fs/sfs.c
@@ -26,6 +26,7 @@
 #include <grub/types.h>
 #include <grub/fshelp.h>
 #include <grub/charset.h>
+#include <grub/lockdown.h>
 #include <grub/safemath.h>
 
 GRUB_MOD_LICENSE ("GPLv3+");
@@ -779,12 +780,16 @@ static struct grub_fs grub_sfs_fs =
 
 GRUB_MOD_INIT(sfs)
 {
-  grub_sfs_fs.mod = mod;
-  grub_fs_register (&grub_sfs_fs);
+  if (!grub_is_lockdown ())
+    {
+      grub_sfs_fs.mod = mod;
+      grub_fs_register (&grub_sfs_fs);
+    }
   my_mod = mod;
 }
 
 GRUB_MOD_FINI(sfs)
 {
-  grub_fs_unregister (&grub_sfs_fs);
+  if (!grub_is_lockdown ())
+    grub_fs_unregister (&grub_sfs_fs);
 }

diff --git a/grub-core/fs/udf.c b/grub-core/fs/udf.c
index 8765c633c6f116ddc2b6600099b1a1e885bbc662..3d5ee5af5016aa77473ce9a74a6b5eb8dfc9463e 100644 (file)
--- a/grub-core/fs/udf.c
+++ b/grub-core/fs/udf.c
@@ -27,6 +27,7 @@
 #include <grub/fshelp.h>
 #include <grub/charset.h>
 #include <grub/datetime.h>
+#include <grub/lockdown.h>
 #include <grub/udf.h>
 #include <grub/safemath.h>
 
@@ -1455,12 +1456,16 @@ static struct grub_fs grub_udf_fs = {
 
 GRUB_MOD_INIT (udf)
 {
-  grub_udf_fs.mod = mod;
-  grub_fs_register (&grub_udf_fs);
+  if (!grub_is_lockdown ())
+    {
+      grub_udf_fs.mod = mod;
+      grub_fs_register (&grub_udf_fs);
+    }
   my_mod = mod;
 }
 
 GRUB_MOD_FINI (udf)
 {
-  grub_fs_unregister (&grub_udf_fs);
+  if (!grub_is_lockdown ())
+    grub_fs_unregister (&grub_udf_fs);
 }

diff --git a/grub-core/fs/ufs.c b/grub-core/fs/ufs.c
index e82d9356d7df1bb1d4418f5d3fe4f2ab450e3ff8..8b5adbd48d439972d0252ef35552fd671b927929 100644 (file)
--- a/grub-core/fs/ufs.c
+++ b/grub-core/fs/ufs.c
@@ -25,6 +25,7 @@
 #include <grub/dl.h>
 #include <grub/types.h>
 #include <grub/i18n.h>
+#include <grub/lockdown.h>
 
 GRUB_MOD_LICENSE ("GPLv3+");
 
@@ -899,8 +900,11 @@ GRUB_MOD_INIT(ufs1)
 #endif
 #endif
 {
-  grub_ufs_fs.mod = mod;
-  grub_fs_register (&grub_ufs_fs);
+  if (!grub_is_lockdown ())
+    {
+      grub_ufs_fs.mod = mod;
+      grub_fs_register (&grub_ufs_fs);
+    }
   my_mod = mod;
 }
 
@@ -914,6 +918,7 @@ GRUB_MOD_FINI(ufs1)
 #endif
 #endif
 {
-  grub_fs_unregister (&grub_ufs_fs);
+  if (!grub_is_lockdown ())
+    grub_fs_unregister (&grub_ufs_fs);
 }