Darren Kenny [Fri, 2 Jun 2023 18:08:44 +0000 (18:08 +0000)]
fs/xfs: Fix issues found while fuzzing the XFS filesystem
While performing fuzz testing with XFS filesystem images with ASAN
enabled, several issues were found where the memory accesses are made
beyond the data that is allocated into the struct grub_xfs_data
structure's data field.
The existing structure didn't store the size of the memory allocated into
the buffer in the data field and had no way to check it. To resolve these
issues, the data size is stored to enable checks into the data buffer.
With these checks in place, the fuzzing corpus no longer cause any crashes.
Signed-off-by: Darren Kenny <darren.kenny@oracle.com> Signed-off-by: Robbie Harwood <rharwood@redhat.com> Signed-off-by: Marta Lewandowska <mlewando@redhat.com> Signed-off-by: Lidong Chen <lidong.chen@oracle.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
grub-core/genmoddep.awk: Ensure output is deterministic
The output in moddep.lst generated from syminfo.lst using genmoddep.awk
is not deterministic since the order of the dependencies on each line
can vary depending on how awk sorts the values in the array.
Be deterministic in the output by sorting the dependencies on each line.
Signed-off-by: Alexander Kanavin <alex@linutronix.de> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
The output of the SOURCES lines in grub-core/Makefile.core.am, generated
from grub-core/Makefile.core.def with gentpl.py is not deterministic due to
missing sorting of the list used to generate it. Add such a sort.
Signed-off-by: Alexander Kanavin <alex@linutronix.de> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Glenn Washburn [Thu, 1 Jun 2023 04:25:55 +0000 (23:25 -0500)]
gdb: Add gdbinfo command for printing the load address of the EFI application
EFI firmware determines where to load the GRUB EFI at runtime, and so the
addresses of debug symbols are not known ahead of time. There is a command
defined in the gdb_grub script which will load the debug symbols at the
appropriate addresses, if given the application load address for GRUB.
So add a command named "gdbinfo" to allow the user to print this GDB command
string with the application load address on-demand. For the outputted GDB
command to have any effect when entered into a GDB session, GDB should have
been started with the script as an argument to the -x option or sourced into
an active GDB session before running the outputted command.
Documentation for the gdbinfo command is also added.
Co-developed-by: Peter Jones <pjones@redhat.com> Signed-off-by: Peter Jones <pjones@redhat.com> Signed-off-by: Glenn Washburn <development@efficientek.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Glenn Washburn [Thu, 1 Jun 2023 04:16:26 +0000 (23:16 -0500)]
loader/efi/chainloader: Do not require a $root visible to EFI firmware when chainloading
The EFI chainloader checks that a device path can be created for the $root
device before allowing chainloading to a given file. This is probably to
ensure that the given file can be accessed and loaded by the firmware.
However, since GRUB is loading the image itself, the firmware need not
be able to access the file location of the image. So remove this check.
Also, this fixes an issue where chainloading an image file on a location
that is accessible by the firmware, e.g. (hd0,1)/efi/boot.efi, would
fail when root is a location inaccessible by the firmware, e.g. memdisk.
Use GRUB_EFI_BYTES_TO_PAGES() instead of doing the calculation explicitly.
Add comment noting the section where the load options for the chainloaded
EFI application is constructed.
Glenn Washburn [Thu, 1 Jun 2023 04:16:25 +0000 (23:16 -0500)]
docs: Document extra arguments to chainloader on EFI
Extra arguments given to chainloader on EFI platforms will be sent to
the chainloaded application. Also, minor edit in the chainloading section
to note that chainloading can be a jump via the firmware and not
necessarily in real mode (which does not exist on some architectures).
Oliver Steffen [Fri, 26 May 2023 11:35:51 +0000 (13:35 +0200)]
bli: Add a module for the Boot Loader Interface
Add a new module named bli. It implements a small but quite useful part
of the Boot Loader Interface [0]. This interface uses EFI variables for
communication between the boot loader and the operating system.
When loaded, this module sets two EFI variables under the vendor GUID 4a67b082-0a4c-41cf-b6c7-440b29bb8c4f:
- LoaderInfo: contains GRUB + <version number>.
This allows the running operating system to identify the boot loader
used during boot.
- LoaderDevicePartUUID: contains the partition UUID of the EFI System
Partition (ESP). This is used by systemd-gpt-auto-generator [1] to
find the root partitions (and others too), via partition type IDs [2].
This module is available on EFI platforms only. The bli module relies on
the part_gpt module which has to be loaded beforehand to make the GPT
partitions discoverable.
Update the documentation, add a new chapter "Modules" and describe the
bli module there.
Oliver Steffen [Fri, 26 May 2023 11:35:49 +0000 (13:35 +0200)]
docs: Reword section headings
Reword some section headings, remove "The List of" from titles. While
grammatically correct, this phrase can be omitted to increase
readability, especially in the table of contents.
Signed-off-by: Oliver Steffen <osteffen@redhat.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Oliver Steffen [Fri, 26 May 2023 11:35:47 +0000 (13:35 +0200)]
kern/misc, kern/efi: Extract UTF-8 to UTF-16 code
Create a new function for UTF-8 to UTF-16 conversion called
grub_utf8_to_utf16_alloc() in the grub-code/kern/misc.c and replace
charset conversion code used in some places in the EFI code. It is
modeled after the grub_utf8_to_ucs4_alloc() like functions in
include/grub/charset.h. It can't live in include/grub/charset.h,
because it needs to be reachable from the kern/efi code.
Add a check for integer overflow and remove redundant NUL-termination.
Signed-off-by: Oliver Steffen <osteffen@redhat.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Oliver Steffen [Fri, 26 May 2023 11:35:44 +0000 (13:35 +0200)]
kern/misc: Add a format specifier GUIDs
Extend the printf format specifier for pointers (%p) to accept a suffix
specifier G to print GUIDs: %pG can be used to print grub_guid structs.
This does not interfere with the -Wformat checking of gcc. Note that
the data type is not checked though (%p accepts void *).
Signed-off-by: Oliver Steffen <osteffen@redhat.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Alec Brown [Mon, 22 May 2023 20:52:49 +0000 (16:52 -0400)]
kern/efi/mm: Fix use-after-free in finish boot services
In grub-core/kern/efi/mm.c, grub_efi_finish_boot_services() has an instance
where the memory for the variable finish_mmap_buf is freed, but on the next
iteration of a while loop, grub_efi_get_memory_map() uses finish_mmap_buf. To
prevent this, we can set finish_mmap_buf to NULL after the free.
Signed-off-by: Alec Brown <alec.r.brown@oracle.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Ard Biesheuvel [Wed, 24 May 2023 17:29:09 +0000 (19:29 +0200)]
efi: Handle NULL return value when getting loaded image protocol
The EFI spec mandates that the handle produced by the LoadImage boot
service has a LoadedImage protocol instance installed on it, but for
robustness, we should still deal with a NULL return value from the
helper routine that obtains this protocol pointer.
If this happens, don't try to start the image but unload it and return
an error.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Ard Biesheuvel [Tue, 23 May 2023 15:31:45 +0000 (17:31 +0200)]
efi: Use generic EFI loader for x86_64 and i386
Switch the x86 based EFI platform builds to the generic EFI loader,
which exposes the initrd via the LoadFile2 protocol instead of the
x86-specific setup header. This will launch the Linux kernel via its EFI
stub, which performs its own initialization in the EFI boot services
context before calling ExitBootServices() and performing the bare metal
Linux boot.
Given that only Linux kernel versions v5.8 and later support this initrd
loading method, the existing x86 loader is retained as a fallback, which
will also be used for Linux kernels built without the EFI stub. In this
case, GRUB calls ExitBootServices() before entering the Linux kernel,
and all EFI related information is provided to the kernel via struct
boot_params in the setup header, as before.
Note that this means that booting EFI stub kernels older than v5.8 is
not supported even when not using an initrd at all. Also, the EFI
handover protocol, which has no basis in the UEFI specification, is not
implemented.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Ard Biesheuvel [Tue, 23 May 2023 15:31:43 +0000 (17:31 +0200)]
efi: Drop all uses of efi_call_XX() wrappers
Now that GCC can generate function calls using the correct calling
convention for us, we can stop using the efi_call_XX() wrappers, and
just dereference the function pointers directly.
This avoids the untyped variadic wrapper routines, which means better
type checking for the method calls.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Ard Biesheuvel [Tue, 23 May 2023 15:31:42 +0000 (17:31 +0200)]
efi: Add calling convention annotation to all prototypes
UEFI mandates MS calling convention on x86_64, which was not supported
on GCC when UEFI support was first introduced into GRUB. However, now we
can use the ms_abi function type attribute to annotate functions and
function pointers as adhering to the MS calling convention, and the
compiler will generate the correct instruction sequence for us.
So let's add the appropriate annotation to all the function prototypes.
This will allow us to drop the special call wrappers in a subsequent patch.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Ard Biesheuvel [Tue, 23 May 2023 15:31:41 +0000 (17:31 +0200)]
efi: Make EFI PXE protocol methods non-callable
The grub_efi_pxe_t struct definition has placeholders for the various
protocol method pointers, given that they are never called in the code,
and the prototypes have been omitted, and therefore do not comply with
the UEFI spec.
So let's convert them into void* pointers, so they cannot be called
inadvertently.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Alec Brown [Mon, 22 May 2023 20:52:48 +0000 (16:52 -0400)]
loader/multiboot_elfxx: Check program header offset doesn't exceed constraints
In grub-core/loader/multiboot_elfxx.c, we need to make sure that the program
header offset is less than the file size along with the MULTIBOOT_SEARCH
constant. We can do so by setting the variable phlimit to the minimum value of
the two limits and check it each time we change program header index to insure
that the program header offset isn't outside of the limits.
Fixes: CID 314029 Fixes: CID 314038 Signed-off-by: Alec Brown <alec.r.brown@oracle.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Alec Brown [Mon, 22 May 2023 20:52:47 +0000 (16:52 -0400)]
loader/multiboot_elfxx: Check section header region before allocating memory
In grub-core/loader/multiboot_elfxx.c, space is being allocated for the section
header region, but isn't verifying if the region is within the file's size.
Before calling grub_calloc(), we can add a conditional to check if the section
header region is smaller than the file size.
Fixes: CID 314029 Fixes: CID 314038 Signed-off-by: Alec Brown <alec.r.brown@oracle.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Alec Brown [Mon, 22 May 2023 20:52:46 +0000 (16:52 -0400)]
loader/multiboot_elfxx: Check program memory isn't larger than allocated memory size
In grub-core/loader/multiboot_elfxx.c, the code is filling an area of memory
with grub_memset() but doesn't check if there is space in the allocated memory
before doing so. To make sure we aren't zeroing memory past the allocated memory
region, we need to check that the offset into the allocated memory region plus
the memory size of the program is smaller than the allocated memory size.
Fixes: CID 314029 Fixes: CID 314038 Signed-off-by: Alec Brown <alec.r.brown@oracle.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
WANG Xuerui [Thu, 18 May 2023 02:52:57 +0000 (10:52 +0800)]
kern/loongarch64/dl_helper: Avoid undefined behavior when popping from an empty reloc stack
The return value of grub_loongarch64_stack_pop() is unsigned, so -1 should
not be used in the first place. Replacing with 0 is enough to avoid the
UB in this edge case.
Technically though, proper error handling is needed throughout the
management of the reloc stack, so no unexpected behavior will happen
even in case of malformed object code input (right now, pushes become
no-ops when the stack is full, and garbage results if the stack does not
contain enough operands for an op). The refactor would touch some more
places so would be best done in a separate series.
Fixes: CID 407777 Fixes: CID 407778 Signed-off-by: WANG Xuerui <git@xen0n.name> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Documentation is added to note that serial devices found on the PCI bus will
be exposed as "pci,XX:XX.X" and how to find serial terminal logical names.
Also, some minor documentation improvements were added.
This can be tested in QEMU by adding a pci-serial device, e.g. using the option
"-device pci-serial".
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Tested-by: Glenn Washburn <development@efficientek.com> Signed-off-by: Glenn Washburn <development@efficientek.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Glenn Washburn [Sun, 14 May 2023 04:52:56 +0000 (23:52 -0500)]
tests/util/grub-fs-tester: Avoid failing some file system tests due to file system filling up
On some systems /usr/share/dict/american-english can be larger than the
available space on the filesystem being tested (e.g. vfat12a). This
causes a failure of the filesystem test and is not a real test failure.
Instead, use dd to copy at most 1 MiB of data to the filesystem, which is
enough for our purposes and will not fill any of the tested filesystems.
Signed-off-by: Glenn Washburn <development@efficientek.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Roger Pau Monné [Fri, 12 May 2023 07:33:55 +0000 (09:33 +0200)]
lib/relocator: Always enforce the requested alignment in malloc_in_range()
On failure to allocate from grub_relocator_firmware_alloc_region() in
malloc_in_range() the function would stop enforcing the alignment, and
the following was returned:
lib/relocator.c:431: trying to allocate in 0x200000-0xffbf9fff aligned 0x200000 size 0x406000
lib/relocator.c:1197: allocated: 0x74de2000+0x406000
lib/relocator.c:1407: allocated 0x74de2000/0x74de2000
Fix this by making sure that target always contains a suitably aligned
address. After the change the return from the function is:
lib/relocator.c:431: trying to allocate in 0x200000-0xffb87fff aligned 0x200000 size 0x478000
lib/relocator.c:1204: allocated: 0x74c00000+0x478000
lib/relocator.c:1414: allocated 0x74c00000/0x74c00000
Fixes: 3a5768645c05 (First version of allocation from firmware) Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
The access_size is part of a union, so doesn't technically exist for
a PIO port (i.e., not MMIO), but we set it anyways.
This doesn't cause a bug today because the other leg of the union
doesn't have anything overlapping with it now, but it's bad, I will
punish myself for writing it that way :-) In the meantime, fix this
and actually name the struct inside the union for clarity of intent
and to avoid such issue in the future.
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Ákos Nagy [Fri, 5 May 2023 12:04:28 +0000 (14:04 +0200)]
util/grub-install-common: Fix the key of the --core-compress option
Commit f23bc6510 (Transform -C option to grub-mkstandalone to
--core-compress available in all grub-install flavours.) declared
a new long option for specifying the compression method to use for
the core image.
However, the option key has not been replaced in the parser function,
it still expects the old one formerly used by grub-mkstandalone.
Because of this the option is not recognized by any of the utils for
which it is listed as supported.
Signed-off-by: Ákos Nagy <nagyakos@outlook.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Lidong Chen [Wed, 3 May 2023 17:32:19 +0000 (17:32 +0000)]
fs/hfsplus: Set grub_errno to prevent NULL pointer access
When an invalid node size is detected in grub_hfsplus_mount(), data
pointer is freed. Thus, file->data is not set. The code should also
set the grub_errno when that happens to indicate an error and to avoid
accessing the uninitialized file->data in grub_file_close().
Signed-off-by: Lidong Chen <lidong.chen@oracle.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Lidong Chen [Wed, 3 May 2023 17:32:18 +0000 (17:32 +0000)]
fs/hfsplus: Prevent out of bound access in catalog file
A corrupted hfsplus can have a catalog key that is out of range. This
can lead to out of bound access when advancing the pointer to access
catalog file info. The valid range of a catalog key is specified in
HFS Plus Technical Note TN1150 [1].
Lidong Chen [Wed, 3 May 2023 17:32:17 +0000 (17:32 +0000)]
fs/hfsplus: Validate btree node size
The invalid btree node size can cause crashes when parsing the btree.
The fix is to ensure the btree node size is within the valid range
defined in the HFS Plus technical note, TN1150 [1].
Glenn Washburn [Sun, 14 May 2023 04:21:20 +0000 (23:21 -0500)]
INSTALL: Use exfat-utils package instead of exfatprogs
The exfat-utils package is an older package complementing exfat-fuse, and
was the only exfat tools for a long time. The exfat filesystem testing code
was written with these tools in mind. A newer project exfatprogs appears to
be of better quality and functionality and was written to complement the
somewhat new exfat kernel module. Ideally we should be using the newer
exfatprogs. However, the command line interface for mkfs.exfat is different
between the two. So we can't use the exfatprogs tools until the test scripts
have been updated to account for this. Recommend installing exfat-utils
instead of exfatprogs for now.
Signed-off-by: Glenn Washburn <development@efficientek.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Renaud Métrich [Wed, 3 May 2023 10:21:31 +0000 (12:21 +0200)]
net/dns: Fix lookup error when no IPv6 is returned
When trying to resolve DNS names into IP addresses, the DNS code fails
from time to time with the following error:
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
error: ../../grub-core/net/dns.c:688:no DNS record found.
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
This happens when both IPv4 and IPv6 queries are performed against the
DNS server (e.g. 8.8.8.8) but there is no IP returned for IPv6 query, as
shown below:
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
grub> net_del_dns 192.168.122.1
grub> net_add_dns 8.8.8.8
grub> net_nslookup ipv4.test-ipv6.com
error: ../../grub-core/net/dns.c:688:no DNS record found.
grub> net_nslookup ipv4.test-ipv6.com
216.218.228.115
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
The root cause is the code exiting prematurely when the data->addresses
buffer has been allocated in recv_hook(), even if there was no address
returned last time recv_hook() executed.
Signed-off-by: Renaud Métrich <rmetrich@redhat.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
When deleting the DNS server, we get the following error message:
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
grub> net_del_dns 192.168.122.1
error: ../../grub-core/net/dns.c:646:no DNS reply received.
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
This happens because the implementation is broken, it does a "add"
internally instead of a "delete".
Signed-off-by: Renaud Métrich <rmetrich@redhat.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
I ran the test suite on a 3A5000 desktop, a LoongArch architecture machine,
using Archlinux for LoongArch distro, see https://github.com/loongarchlinux.
Some software versions are:
* linux 6.3.0-rc4
* gcc 13.0.1 20230312
* binutils 2.40
* qemu 7.2.0
The test results of running "make check" with qemu 7.2 are as follows:
mount: /tmp/grub-fs-tester.20230418175640563815408.f2fs.UDs/f2fs_rw: unknown filesystem type 'f2fs'.
dmesg(1) may have more information after failed mount system call.
MOUNT FAILED.
ERROR f2fs_test (exit status: 99)
FAIL: hfs_test
==============
recode: Request `utf8..macroman' is erroneous
mkfs.hfs: name required with -v option
FAIL hfs_test (exit status: 1)
ERROR: zfs_test
===============
zpool not installed; cannot test zfs.
ERROR zfs_test (exit status: 99)
SKIP: pata_test
===============
SKIP pata_test (exit status: 77)
SKIP: ahci_test
===============
SKIP ahci_test (exit status: 77)
SKIP: uhci_test
===============
SKIP uhci_test (exit status: 77)
SKIP: ohci_test
===============
SKIP ohci_test (exit status: 77)
SKIP: ehci_test
===============
SKIP ehci_test (exit status: 77)
SKIP: fddboot_test
==================
SKIP fddboot_test (exit status: 77)
SKIP: netboot_test
==================
SKIP netboot_test (exit status: 77)
SKIP: pseries_test
==================
SKIP pseries_test (exit status: 77)
FAIL: grub_func_test
====================
WARNING: Image format was not specified for '/tmp/grub-shell.HeTAD8Ty3U/grub.iso' and probing guessed raw.
Automatically detecting the format is dangerous for raw images, write operations on block 0 will be restricted.
Specify the 'raw' format explicitly to remove the restrictions.
Functional test failure: shift_test:
...
gfxterm_menu_640x480xi16:3 failed: 0xce34981e vs 0xd9f04953
tests/video_checksum.c:checksum:615: assert failed: 0 Checksum
gfxterm_menu_640x480xi16:2 failed: 0xa8fb749d vs 0xbf3fa5d0
tests/video_checksum.c:checksum:615: assert failed: 0 Checksum
gfxterm_menu_640x480xi16:1 failed: 0xce34981e vs 0xd9f04953
gfxterm_menu: FAIL
...
videotest_checksum:
videotest_checksum: PASS
exfctest:
exfctest: PASS
TEST FAILURE
FAIL grub_func_test (exit status: 1)
We got 2 errors:
* f2fs_test
The kernel uses 16k pages, causing failures when loading the f2fs kernel module,
see https://github.com/torvalds/linux/blob/master/fs/f2fs/super.c#L4670
This error can be ignored.
* zfs_test
zfs does not support the LoongArch architecture and is not compatible with the
6.3 kernel.
This error can be ignored.
We got 2 failures:
* hfs_test
I use recode 3.7.14-1 on Archlinux, running `recode -l` gives no output `MacRoman`,
so we get this error.
On Linux systems that support LoongArch, there is currently no need to use HFS,
so this failure can be ignored.
* grub_func_test
I don't know the reason for this failure. I guess it may be related to qemu's edk2.
In the previous review, I was told that the failure here is the expected behavior.
So, we can ignore this failure.
Signed-off-by: Xiaotian Wu <wuxiaotian@loongson.cn> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
loongarch: Add support for ELF psABI v2.00 relocations
A new set of relocation types was added in the LoongArch ELF psABI v2.00
spec [1], [2] to replace the stack-based scheme in v1.00. Toolchain
support is available from binutils 2.40 and gcc 13 onwards.
This patch adds support for the new relocation types, that are simpler
to handle (in particular, stack operations are gone). Support for the
v1.00 relocs are kept for now, for compatibility with older toolchains.
loongarch: Add support for ELF psABI v1.00 relocations
This patch adds support of the stack-based LoongArch relocations
throughout GRUB, including tools, dynamic linkage, and support for
conversion of ELF relocations into PE ones. A stack machine is required
to handle these per the spec [1] (see the R_LARCH_SOP types), of which
a simple implementation is included.
These relocations are produced by binutils 2.38 and 2.39, while the newer
v2.00 relocs require more recent toolchain (binutils 2.40+ & gcc 13+, or
LLVM 16+). GCC 13 has not been officially released as of early 2023, so
support for v1.00 relocs are expected to stay relevant for a while.
On entry, we need to save the system table pointer as well as our image
handle. Add an early startup file that saves them and then brings us
into our main function.
Signed-off-by: Zhou Yang <zhouyang@loongson.cn> Signed-off-by: Xiaotian Wu <wuxiaotian@loongson.cn> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Chris Coulson [Wed, 26 Apr 2023 10:06:52 +0000 (12:06 +0200)]
font: Try opening fonts from the bundled memdisk
GRUB since 93a786a00 (kern/efi/sb: Enforce verification of font files)
has enforced verification of font files in secure boot mode. In order to
continue to be able to load some default fonts, vendors may bundle them
with their signed EFI image by adding them to the built-in memdisk.
This change makes the font loader try loading fonts from the memdisk
before the prefix path when attempting to load a font file by specifying
its filename, which avoids having to make changes to GRUB configurations
in order to accommodate memdisk bundled fonts. It expects the directory
structure to be the same as fonts stored in the prefix path,
i.e. /fonts/<name>.pf2.
Signed-off-by: Chris Coulson <chris.coulson@canonical.com> Reviewed-by: Steve McIntyre <93sam@debian.org> Tested-by: Steve McIntyre <93sam@debian.org> Reviewed-by: Robbie Harwood <rharwood@redhat.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Allow specifying port numbers for http and tftp paths and allow IPv6
addresses to be recognized with brackets around them, which is required
to specify a port number.
Co-authored-by: Aaron Miller <aaronmiller@fb.com> Signed-off-by: Aaron Miller <aaronmiller@fb.com> Co-authored-by: Peter Jones <pjones@redhat.com> Signed-off-by: Peter Jones <pjones@redhat.com> Signed-off-by: Robbie Harwood <rharwood@redhat.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Revert "net/http: Allow use of non-standard TCP/IP ports"
The notation introduced in ac8a37dda (net/http: Allow use of non-standard
TCP/IP ports) contradicts that used in downstream distributions including
Fedora, RHEL, Debian, Ubuntu, and others. Revert it and apply the downstream
notation which was originally proposed to the GRUB in 2016.
This reverts commit ac8a37dda (net/http: Allow use of non-standard TCP/IP ports).
Signed-off-by: Robbie Harwood <rharwood@redhat.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
tests/util/grub-fs-tester: Add missing redirect to /dev/null
In filesystem timestamp test, a check is done to verify that the timestamp
for a file as reported in Linux by the filesystem is within a few seconds
of the timestamp as reported by GRUB. This is done by grepping the output
of GRUB's ls command for the timestamp as reported by the filesystem in
Linux and for each of 3 seconds past that timestamp. All of these checks
except one redirect the output of grep to /dev/null. Fix this exception
to behave as the other checks.
Signed-off-by: Glenn Washburn <development@efficientek.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
disk: Replace transform_sector() function with grub_disk_to_native_sector()
The transform_sector() function is not very clear in what it's doing
and confusing. The GRUB already has a function which is doing the same
thing in a very self explanatory way, i.e., grub_disk_to_native_sector().
So, it's much better to use self explanatory one than transform_sector().
Signed-off-by: Mukesh Kumar Chaurasiya <mchauras@linux.vnet.ibm.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Thomas Schmitt [Tue, 7 Mar 2023 16:56:51 +0000 (17:56 +0100)]
tests: Add test for iso9660 delayed CE hop
The ISO filesystem image iso9660_early_ce.iso exposes the unusual
situation that the Rock Ridge name entry of its only file is located
after a CE entry which points to the next continuation area.
The correct behavior is to read the Rock Ridge name and to only then
load the next continuation area. If GRUB performs this correctly, then
the name "RockRidgeName:x" will be read and reported by grub-fstest.
If GRUB wrongly performs the CE hop immediately when encountering the CE
entry, then the dull ISO 9660 name "rockridg" will not be overridden and
be put out by grub-fstest.
Signed-off-by: Thomas Schmitt <scdbackup@gmx.net> Tested-by: Lidong Chen <lidong.chen@oracle.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Thomas Schmitt [Tue, 7 Mar 2023 16:56:50 +0000 (17:56 +0100)]
fs/iso9660: Delay CE hop until end of current SUSP area
The SUSP specs demand that the reading of the next SUSP area which is
depicted by a CE entry shall be delayed until reading of the current
SUSP area is completed. Up to now GRUB immediately ends reading of the
current area and loads the new one. So, buffer the parameters of a found
CE entry and perform checks and reading of new data only after the
reader loop has ended.
Signed-off-by: Thomas Schmitt <scdbackup@gmx.net> Tested-by: Lidong Chen <lidong.chen@oracle.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Avnish Chouhan [Mon, 27 Mar 2023 06:55:40 +0000 (12:25 +0530)]
kern/ieee1275/init: Extended support in Vec5
This patch enables multiple options in Vec5 which are required and
solves the boot issues seen on some machines which are looking for
these specific options.
1. LPAR: Client program supports logical partitioning and
associated hcall()s.
2. SPLPAR: Client program supports the Shared
Processor LPAR Option.
3. DYN_RCON_MEM: Client program supports the
“ibm,dynamic-reconfiguration-memory” property and it may be
presented in the device tree.
4. LARGE_PAGES: Client supports pages larger than 4 KB.
5. DONATE_DCPU_CLS: Client supports donating dedicated processor cycles.
6. PCI_EXP: Client supports PCI Express implementations
utilizing Message Signaled Interrupts (MSIs).
7. CMOC: Enables the Cooperative Memory Over-commitment Option.
8. EXT_CMO: Enables the Extended Cooperative Memory Over-commit Option.
14. MAX_CPU: Defines maximum number of CPUs supported.
15. PFO_HWRNG: Supports Random Number Generator.
16. PFO_HW_COMP: Supports Compression Engine.
17. PFO_ENCRYPT: Supports Encryption Engine.
18. SUB_PROCESSORS: Supports Sub-Processors.
19. DY_MEM_V2: Client program supports the “ibm,dynamic-memory-v2” property in the
“ibm,dynamic-reconfiguration-memory” node and it may be presented in the device tree.
20. DRC_INFO: Client program supports the “ibm,drc-info” property definition and it may be
presented in the device tree.
Signed-off-by: Avnish Chouhan <avnish@linux.vnet.ibm.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Avnish Chouhan [Mon, 27 Mar 2023 06:55:39 +0000 (12:25 +0530)]
kern/ieee1275/init: Convert plain numbers to constants in Vec5
This patch converts the plain numbers used in Vec5 properties to constants.
1. LPAR: Client program supports logical partitioning and
associated hcall()s.
2. SPLPAR: Client program supports the Shared
Processor LPAR Option.
3. CMO: Enables the Cooperative Memory Over-commitment Option.
4. MAX_CPU: Defines maximum number of CPUs supported.
Signed-off-by: Avnish Chouhan <avnish@linux.vnet.ibm.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Robbie Harwood [Thu, 23 Mar 2023 15:59:51 +0000 (11:59 -0400)]
loader/emu/linux: Work around systemctl kexec returning
Per systemctl(1), it "is asynchronous; it will return after the reboot
operation is enqueued, without waiting for it to complete". This differs
from kexec(8), which calls reboot(2) and therefore does not return.
When not using fallback, this confusingly results in:
error trying to perform 'systemctl kexec': 0
Aborted. Press any key to exit.
on screen for a bit, followed by successful kexec.
To reduce the likelihood of hitting this case, add a delay on successful
return. Ultimately, the systemd interface is racy: we can't avoid it
entirely unless we never fallback on success.
Signed-off-by: Robbie Harwood <rharwood@redhat.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Michael Chang [Wed, 22 Mar 2023 04:25:43 +0000 (12:25 +0800)]
tpm: Disable the tpm verifier if the TPM device is not present
When the tpm module is loaded, the verifier reads entire file into
memory, measures it and uses verified content as a backing buffer for
file accesses. However, this process may result in high memory
utilization for file operations, sometimes causing a system to run out
of memory which may finally lead to boot failure. To address this issue,
among others, the commit 887f98f0d (mm: Allow dynamically requesting
additional memory regions) have optimized memory management by
dynamically allocating heap space to maximize memory usage and reduce
threat of memory exhaustion. But in some cases problems may still arise,
e.g., when large ISO images are mounted using loopback or when dealing
with embedded systems with limited memory resources.
Unfortunately current implementation of the tpm module doesn't allow
elimination of the back buffer once it is loaded. Even if the TPM device
is not present or it has been explicitly disabled. This may unnecessary
allocate a lot memory. To solve this issue, a patch has been developed
to detect the TPM status at module load and skip verifier registration
if the device is missing or deactivated. This prevents allocation of
memory for the back buffer, avoiding wasting memory when no real measure
boot functionality is performed. Disabling the TPM device in the system
can reduce memory usage in the GRUB. It is useful in scenarios where
high memory utilization is a concern and measurements of loaded
artifacts are not necessary.
Signed-off-by: Michael Chang <mchang@suse.com> Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Glenn Washburn [Wed, 15 Mar 2023 04:03:11 +0000 (04:03 +0000)]
INSTALL: Document programs and packages needed for using gdb_grub script
Now that the gdb_grub script uses the Python API in GDB, a GDB with Python
support must be used. Note that this means a GDB with version greater than
7.0 must be used. This should not be an issue since that was released over
a decade ago. Also, the minimum version of Python must be 3.5, which was
released around 8 years ago.
Signed-off-by: Glenn Washburn <development@efficientek.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Atish Patra [Thu, 9 Mar 2023 23:59:53 +0000 (15:59 -0800)]
RISC-V: Use common linux loader
RISC-V doesn't have to do anything very different from other architectures
to loader EFI stub linux kernel. As a result, just use the common linux
loader instead of defining a RISC-V specific linux loader.
Signed-off-by: Atish Patra <atishp@rivosinc.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Atish Patra [Thu, 9 Mar 2023 23:59:52 +0000 (15:59 -0800)]
efi: Remove arch specific image headers for RISC-V, ARM64 and ARM
The arch specific image header details are not very useful as most of
the GRUB just looks at the PE/COFF spec parameters (PE32 magic and
header offset).
Remove the arch specific images headers and define a generic arch
headers that provide enough PE/COFF fields for the GRUB to parse
kernel images correctly.
Signed-off-by: Atish Patra <atishp@rivosinc.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Atish Patra [Thu, 9 Mar 2023 23:59:51 +0000 (15:59 -0800)]
loader/efi: Move ARM64 linux loader to common code
ARM64 linux loader code is written in such a way that it can be reused
across different architectures without much change. Move it to common
code so that RISC-V doesn't have to define a separate loader.
Signed-off-by: Atish Patra <atishp@rivosinc.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Alec Brown [Thu, 9 Mar 2023 19:43:59 +0000 (14:43 -0500)]
util/grub-module-verifierXX: Add module_size parameter to functions for sanity checking
In grub-module-verifierXX.c, the function grub_module_verifyXX() performs an
initial check that the ELF section headers are within the module's size, but
doesn't check if the sections being accessed have contents that are within the
module's size. In particular, we need to check that sh_offset and sh_size are
less than the module's size. However, for some section header types we don't
need to make these checks. For the type SHT_NULL, the section header is marked
as inactive and the rest of the members within the section header have undefined
values, so we don't need to check for sh_offset or sh_size. In the case of the
type SHT_NOBITS, sh_offset has a conceptual offset which may be beyond the
module size. Also, this type's sh_size may have a non-zero size, but a section
of this type will take up no space in the module. This can all be checked in the
function get_shdr(), but in order to do so, the parameter module_size must be
added to functions so that the value of the module size can be used in
get_shdr() from grub_module_verifyXX().
Also, had to rework some for loops to ensure the index passed to get_shdr() is
within bounds.
Signed-off-by: Alec Brown <alec.r.brown@oracle.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Glenn Washburn [Mon, 27 Feb 2023 21:15:38 +0000 (15:15 -0600)]
gdb: Add extra early initialization symbols for i386-pc
Add symbols for boot.image, disk.image, and lzma_decompress.image if the
target is i386-pc. This is only done for i386-pc because that is the only
target that uses the images. By loading the symbols for these images,
these images can be more easily debugged by allowing the setting of break-
points in that code and to see easily get the value of data symbols.
Signed-off-by: Glenn Washburn <development@efficientek.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Glenn Washburn [Mon, 27 Feb 2023 21:15:36 +0000 (15:15 -0600)]
gdb: Allow running user-defined commands at GRUB start
A new command, run_on_start, for things to do before GRUB starts executing.
Currently, this is setting up the loading of module symbols as they are
loaded and allowing user-defined script to be run if a command named
"onstart" exists.
On some platforms, notably x86, software breakpoints set in GDB before
the GRUB image is loaded will be cleared when the image is loaded. This
is because the breakpoints work by overwriting the memory of the break-
point location with a special instruction which when hit will cause the
debugger to stop execution. Just before execution is resumed by the
debugger, the original instruction bytes are put back. When a breakpoint
is set before the GRUB image is loaded, the special debugger instruction
will be written to memory and when the GRUB image is loaded by the
firmware, which has no knowledge of the debugger, the debugger instruction
is overwritten. To the GDB user, GDB will show the breakpoint as set, but
it will never be hit. Furthermore, GDB now becomes confused, such that
even deleting and re-setting the breakpoint after the GRUB image is loaded
will not allow for a working breakpoint.
To work around this, in run_on_start, first a watchpoint is set on _start,
which will be triggered when the firmware starts loading the GRUB image.
When the _start watchpoint is hit, the current breakpoints are saved to a
file and then deleted by GDB before they can be overwritten by the firmware
and confuse GDB. Then a temporary software breakpoint is set on _start,
which will get triggered when the firmware hands off to GRUB to execute. In
that breakpoint load the previously saved and deleted breakpoints now that
there is no worry of them getting overwritten by the firmware. This is
needed for runtime_load_module to work when it is run before the GRUB image
is loaded.
Note that watchpoints are generally types of hardware breakpoints on x86, so
its deleted as soon as it gets triggered so that a minimal set of hardware
breakpoints are used, allowing more for the user.
Signed-off-by: Glenn Washburn <development@efficientek.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Glenn Washburn [Mon, 27 Feb 2023 21:15:35 +0000 (15:15 -0600)]
gdb: Add functions to make loading from dynamically positioned targets easier
Many targets, such as EFI, load GRUB at addresses that are determined at
runtime. So the load addresses in kernel.exec will almost certainly be
wrong. Given the address of the start of the text segment, these
functions will tell GDB to load the symbols at the proper locations. It
is left up to the user to determine how to get the text address of the
loaded GRUB image.
Signed-off-by: Glenn Washburn <development@efficientek.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Glenn Washburn [Mon, 27 Feb 2023 21:15:34 +0000 (15:15 -0600)]
gdb: Replace module symbol loading implementation with Python one
Remove gmodule.pl and rewrite as a python in gdb_helper.py. This removes
Perl dependency for the GRUB GDB script, but adds Python as a dependency.
This is more desirable because Python is tightly integrated with GDB and
can do things not even available to GDB native scripting language. GDB must
be built with Python, however this is not a major limitation because every
major distro non-end-of-life versions build GDB with Python support. And GDB
has had support for Python since around 7.1-ish, which is about a decade.
This re-implementation has an added feature. If there is a user defined
command named "onload_<module name>", then that command will be executed
after the symbols for the specified module are loaded. When debugging a
module it can be desirable to set break points on code in the module.
This is difficult in GRUB because, at GDB start, the module is not loaded
and on EFI platforms its not known ahead of time where the module will
be loaded. So allow users to create an "onload_<modname>" command which
will be run when the module with name "modname" is loaded.
Another addition is a new convenience function is defined
$is_user_command(), which returns true if its string argument is
the name of a user-defined command.
A secondary benefit of these changes is that the script does not write
temporary files and has better error handling capabilities.
Signed-off-by: Glenn Washburn <development@efficientek.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Glenn Washburn [Mon, 27 Feb 2023 21:15:33 +0000 (15:15 -0600)]
gdb: Only connect to remote target once when first sourced
The gdb_grub script was originally meant to be run once when GDB first
starts up via the -x argument. So it runs commands unconditionally
assuming that the script has not been run before. Its nice to be able
to source the script again when developing the script to modify/add
commands. So only run the commands not defined in user-defined commands,
if a variable $runonce has already been set and when those commands have
been run to set $runonce.
Signed-off-by: Glenn Washburn <development@efficientek.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Glenn Washburn [Mon, 27 Feb 2023 21:15:32 +0000 (15:15 -0600)]
gdb: Conditionally run GDB script logic for dynamically or statically positioned GRUB
There are broadly two classes of targets to consider when loading symbols
for GRUB, targets that determine where to load GRUB at runtime
(dynamically positioned) and those that do not (statically positioned).
For statically positioned targets, symbol loading is determined at link
time, so nothing more needs to be known to load the symbols. For
dynamically positioned targets, such as EFI targets, at runtime symbols
should be offset by an amount that depends on where the runtime chose to
load GRUB.
It is important to not load symbols statically for dynamic targets
because then when subsequently loading the symbols correctly one must
take care to remove the existing static symbols, otherwise there will be
two sets of symbols and GDB seems to prefer the ones loaded first (i.e.
the static ones).
Use autoconf variables to generate a gdb_grub for a particular target,
which conditionally run startup code depending on if the target uses
static or dynamic loading.
Signed-off-by: Glenn Washburn <development@efficientek.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Glenn Washburn [Mon, 27 Feb 2023 21:15:31 +0000 (15:15 -0600)]
gdb: Move runtime module loading into runtime_load_module
By moving this code into a function, it can be run re-utilized while gdb is
running, not just when loading the script. This will also be useful in
some following changes which will make a separate script path for targets
which statically vs dynamically position GRUB code.
Signed-off-by: Glenn Washburn <development@efficientek.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Michael Chang [Wed, 1 Mar 2023 09:23:08 +0000 (17:23 +0800)]
osdep/devmapper/getroot: Fix build error on 32-bit host
The gcc build has failed for 32-bit host (e.g. i386-emu and arm-emu)
due to mismatch between format specifier and data type.
../grub-core/osdep/devmapper/getroot.c: In function
'grub_util_pull_devmapper':
../grub-core/osdep/devmapper/getroot.c:265:75: error: format '%lu'
expects argument of type 'long unsigned int', but argument 2 has type
'int' [-Werror=format=]
../grub-core/osdep/devmapper/getroot.c:276:80: error: format '%lu'
expects argument of type 'long unsigned int', but argument 2 has type
'int' [-Werror=format=]
This patch fixes the problem by casting the type of calculated offset to
grub_size_t and use platform PRIuGRUB_SIZE as format specifier.
Signed-off-by: Michael Chang <mchang@suse.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Stefan Berger [Mon, 6 Feb 2023 15:03:25 +0000 (10:03 -0500)]
commands/ieee1275/ibmvtpm: Add support for trusted boot using a vTPM 2.0
Add support for trusted boot using a vTPM 2.0 on the IBM IEEE1275
PowerPC platform. With this patch grub now measures text and binary data
into the TPM's PCRs 8 and 9 in the same way as the x86_64 platform
does.
This patch requires Daniel Axtens's patches for claiming more memory.
Note: The tpm_init() function cannot be called from GRUB_MOD_INIT() since
it does not find the device nodes upon module initialization and
therefore the call to tpm_init() must be deferred to grub_tpm_measure().
For vTPM support to work on PowerVM, system driver levels 1010.30
or 1020.00 are required.
Note: Previous versions of firmware levels with the 2hash-ext-log
API call have a bug that, once this API call is invoked, has the
effect of disabling the vTPM driver under Linux causing an error
message to be displayed in the Linux kernel log. Those users will
have to update their machines to the firmware levels mentioned
above.
Cc: Eric Snowberg <eric.snowberg@oracle.com> Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> Signed-off-by: Daniel Axtens <dja@axtens.net> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> Tested-by: Nageswara R Sastry <rnsastry@linux.ibm.com> Reviewed-by: Robbie Harwood <rharwood@redhat.com>
Daniel Axtens [Mon, 6 Feb 2023 15:03:24 +0000 (10:03 -0500)]
commands/memtools: Add memtool module with memory allocation stress-test
When working on memory, it's nice to be able to test your work.
Add a memtest module. When compiled with --enable-mm-debug, it exposes
3 commands:
* lsmem - print all allocations and free space in all regions
* lsfreemem - print free space in all regions
* stress_big_allocs - stress test large allocations:
- how much memory can we allocate in one chunk?
- how many 1MB chunks can we allocate?
- check that gap-filling works with a 1MB aligned 900kB alloc + a
100kB alloc.
Signed-off-by: Daniel Axtens <dja@axtens.net> Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> Tested-by: Nageswara R Sastry <rnsastry@linux.ibm.com> Reviewed-by: Robbie Harwood <rharwood@redhat.com>
Diego Domingos [Mon, 6 Feb 2023 15:03:23 +0000 (10:03 -0500)]
ieee1275: Implement vec5 for cas negotiation
As a legacy support, if the vector 5 is not implemented, Power Hypervisor will
consider the max CPUs as 64 instead 256 currently supported during
client-architecture-support negotiation.
This patch implements the vector 5 and set the MAX CPUs to 256 while setting the
others values to 0 (default).
Signed-off-by: Diego Domingos <diegodo@linux.vnet.ibm.com> Acked-by: Daniel Axtens <dja@axtens.net> Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> Signed-off-by: Avnish Chouhan <avnish@linux.vnet.ibm.com> Tested-by: Nageswara R Sastry <rnsastry@linux.ibm.com> Reviewed-by: Robbie Harwood <rharwood@redhat.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Daniel Axtens [Mon, 6 Feb 2023 15:03:22 +0000 (10:03 -0500)]
ieee1275: Support runtime memory claiming
On powerpc-ieee1275, we are running out of memory trying to verify
anything. This is because:
- we have to load an entire file into memory to verify it. This is
difficult to change with appended signatures.
- We only have 32MB of heap.
- Distro kernels are now often around 30MB.
So we want to be able to claim more memory from OpenFirmware for our heap
at runtime.
There are some complications:
- The grub mm code isn't the only thing that will make claims on
memory from OpenFirmware:
* PFW/SLOF will have claimed some for their own use.
* The ieee1275 loader will try to find other bits of memory that we
haven't claimed to place the kernel and initrd when we go to boot.
* Once we load Linux, it will also try to claim memory. It claims
memory without any reference to /memory/available, it just starts
at min(top of RMO, 768MB) and works down. So we need to avoid this
area. See arch/powerpc/kernel/prom_init.c as of v5.11.
- The smallest amount of memory a ppc64 KVM guest can have is 256MB.
It doesn't work with distro kernels but can work with custom kernels.
We should maintain support for that. (ppc32 can boot with even less,
and we shouldn't break that either.)
- Even if a VM has more memory, the memory OpenFirmware makes available
as Real Memory Area can be restricted. Even with our CAS work, an LPAR
on a PowerVM box is likely to have only 512MB available to OpenFirmware
even if it has many gigabytes of memory allocated.
What should we do?
We don't know in advance how big the kernel and initrd are going to be,
which makes figuring out how much memory we can take a bit tricky.
To figure out how much memory we should leave unused, I looked at:
So to give us a little wriggle room, I think we want to leave at least
128MB for the loader to put vmlinux and initrd in memory and leave Linux
with space to satisfy its early allocations.
Allow other space to be allocated at runtime.
Tested-by: Stefan Berger <stefanb@linux.ibm.com> Signed-off-by: Daniel Axtens <dja@axtens.net> Tested-by: Nageswara R Sastry <rnsastry@linux.ibm.com> Reviewed-by: Robbie Harwood <rharwood@redhat.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Daniel Axtens [Mon, 6 Feb 2023 15:03:21 +0000 (10:03 -0500)]
ieee1275: Drop len -= 1 quirk in heap_init
This was apparently "required by some firmware": commit dc9468500919
(2007-02-12 Hollis Blanchard <hollis@penguinppc.org>).
It's not clear what firmware that was, and what platform from 14 years ago
which exhibited the bug then is still both in use and buggy now.
It doesn't cause issues on qemu (mac99 or pseries) or under PFW for Power8.
I don't have access to old Mac hardware, but if anyone feels especially
strongly we can put it under some feature flag. I really want to disable
it under pseries because it will mess with region merging.
Signed-off-by: Daniel Axtens <dja@axtens.net> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> Tested-by: Nageswara R Sastry <rnsastry@linux.ibm.com> Reviewed-by: Robbie Harwood <rharwood@redhat.com>
Daniel Axtens [Mon, 6 Feb 2023 15:03:20 +0000 (10:03 -0500)]
ieee1275: Request memory with ibm, client-architecture-support
On PowerVM, the first time we boot a Linux partition, we may only get
256MB of real memory area, even if the partition has more memory.
This isn't enough to reliably verify a kernel. Fortunately, the Power
Architecture Platform Reference (PAPR) defines a method we can call to ask
for more memory: the broad and powerful ibm,client-architecture-support
(CAS) method.
CAS can do an enormous amount of things on a PAPR platform: as well as
asking for memory, you can set the supported processor level, the interrupt
controller, hash vs radix mmu, and so on.
If:
- we are running under what we think is PowerVM (compatible property of /
begins with "IBM"), and
- the full amount of RMA is less than 512MB (as determined by the reg
property of /memory)
then call CAS as follows: (refer to the Linux on Power Architecture
Reference, LoPAR, which is public, at B.5.2.3):
- Use the "any" PVR value and supply 2 option vectors.
- Set option vector 1 (PowerPC Server Processor Architecture Level)
to "ignore".
- Set option vector 2 with default or Linux-like options, including a
min-rma-size of 512MB.
- Set option vector 3 to request Floating Point, VMX and Decimal Floating
point, but don't abort the boot if we can't get them.
- Set option vector 4 to request a minimum VP percentage to 1%, which is
what Linux requests, and is below the default of 10%. Without this,
some systems with very large or very small configurations fail to boot.
This will cause a CAS reboot and the partition will restart with 512MB
of RMA. Importantly, grub will notice the 512MB and not call CAS again.
Notes about the choices of parameters:
- A partition can be configured with only 256MB of memory, which would
mean this request couldn't be satisfied, but PFW refuses to load with
only 256MB of memory, so it's a bit moot. SLOF will run fine with 256MB,
but we will never call CAS under qemu/SLOF because /compatible won't
begin with "IBM".)
- unspecified CAS vectors take on default values. Some of these values
might restrict the ability of certain hardware configurations to boot.
This is why we need to specify the VP percentage in vector 4, which is
in turn why we need to specify vector 3.
Finally, we should have enough memory to verify a kernel, and we will
reach Linux. One of the first things Linux does while still running under
OpenFirmware is to call CAS with a much fuller set of options (including
asking for 512MB of memory). Linux includes a much more restrictive set of
PVR values and processor support levels, and this CAS invocation will likely
induce another reboot. On this reboot grub will again notice the higher RMA,
and not call CAS. We will get to Linux again, Linux will call CAS again, but
because the values are now set for Linux this will not induce another CAS
reboot and we will finally boot all the way to userspace.
On all subsequent boots, everything will be configured with 512MB of RMA,
so there will be no further CAS reboots from grub. (phyp is super sticky
with the RMA size - it persists even on cold boots. So if you've ever booted
Linux in a partition, you'll probably never have grub call CAS. It'll only
ever fire the first time a partition loads grub, or if you deliberately lower
the amount of memory your partition has below 512MB.)
Signed-off-by: Daniel Axtens <dja@axtens.net> Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> Tested-by: Nageswara R Sastry <rnsastry@linux.ibm.com> Reviewed-by: Robbie Harwood <rharwood@redhat.com>
Khem Raj [Thu, 23 Feb 2023 21:15:08 +0000 (13:15 -0800)]
RISC-V: Handle R_RISCV_CALL_PLT reloc
GNU assembler starting 2.40 release always generates R_RISCV_CALL_PLT
reloc for call in assembler [1], similarly LLVM does not make
distinction between R_RISCV_CALL_PLT and R_RISCV_CALL [2].
Fixes "grub-mkimage: error: relocation 0x13 is not implemented yet.".
osdep/hurd/getroot: Remove unused variables in grub_util_find_hurd_root_device()
Found during a test build on Debian/hurd-i386 with --disable-werror enabled:
In file included from grub-core/osdep/getroot.c:12:
grub-core/osdep/hurd/getroot.c: In function ‘grub_util_find_hurd_root_device’:
grub-core/osdep/hurd/getroot.c:126:13: error: unused variable ‘next’ [-Werror=unused-variable]
126 | char *next;
| ^~~~
grub-core/osdep/hurd/getroot.c:125:14: error: unused variable ‘size’ [-Werror=unused-variable]
125 | size_t size;
| ^~~~
Fixes: e981b0a24 (osdep/hurd/getroot: Use "part:" qualifier) Signed-off-by: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de> Reviewed-by: Samuel Thibault <samuel.thibault@ens-lyon.org> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Glenn Washburn [Tue, 21 Feb 2023 18:28:48 +0000 (12:28 -0600)]
gdb: If no modules have been loaded, do not try to load module symbols
This prevents load_all_modules from failing when called before any
modules have been loaded. Failures in GDB user-defined functions cause
any function which called them to also fail.
Signed-off-by: Glenn Washburn <development@efficientek.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Glenn Washburn [Tue, 21 Feb 2023 18:28:47 +0000 (12:28 -0600)]
gdb: Prevent wrapping when writing to .segments.tmp
GDB logging is redirected to write .segments.tmp, which means that GDB
will wrap lines longer than what it thinks is the screen width
(typically 80 characters). When wrapping does occur it causes gmodule.pl
to misbehave. So disable line wrapping by using GDB's "with" command so
that its guaranteed to return the width to the previous value upon
command completion.
Also disable command tracing when dumping the module sections because that
output will go to .segments.tmp and thus cause gmodule.pl to misbehave.
Signed-off-by: Glenn Washburn <development@efficientek.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Glenn Washburn [Tue, 21 Feb 2023 18:28:46 +0000 (12:28 -0600)]
gdb: Fix redirection issue in dump_module_sections
An error in any GDB command causes it to immediately abort with an error,
this includes any command that calls that command. This leads to an issue
in dump_module_sections where an error causes the command to exit without
turning off file redirection. The user then ends up with a GDB command
line where commands output nothing to the console.
Instead do the work of dump_module_sections in the command
dump_module_sections_helper and run the command using GDB's pipe command
which does the redirection and undoes the redirection when it finishes
regardless of any errors in the command.
Also, remove .segments.tmp file prior to loading modules in case one was
left from a previous run.
Signed-off-by: Glenn Washburn <development@efficientek.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Glenn Washburn [Tue, 21 Feb 2023 18:20:32 +0000 (12:20 -0600)]
efi: Allow expression as func argument to efi_call_* macros on all platforms
On EFI platforms where EFI calls do not require a wrapper (notably i386-efi
and arm64-efi), the func argument needs to be wrapped in parenthesis to
allow valid syntax when func is an expression which evaluates to a function
pointer. On EFI platforms that do need a wrapper, this was never an issue
because func is passed to the C function wrapper as an argument and thus
does not need parenthesis to be evaluated.
Signed-off-by: Glenn Washburn <development@efficientek.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Jeremy Szu [Mon, 20 Feb 2023 23:42:51 +0000 (07:42 +0800)]
loader/i386/linux: Correct wrong initrd address for debug
The "addr" is used to request the memory with specific ranges but the real
loadable address come from the relocator. Thus, print the final retrieved
addresses, virtual and physical, for initrd.
On the occasion migrate to PRIxGRUB_ADDR and PRIxGRUB_SIZE format specifiers.
Signed-off-by: Jeremy Szu <jeremy.szu@canonical.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Glenn Washburn [Thu, 16 Feb 2023 07:04:37 +0000 (01:04 -0600)]
tests: Add pathological iso9660 filesystem tests
These are not added to grub-fs-tester because they are not generated and
none of the filesystem tests are run on these ISOs. The test is to run the
command "ls /" on the ISO, and a failure is determined if the command
times out, has non-zero return value or has any output.
Signed-off-by: Glenn Washburn <development@efficientek.com> Tested-by: Thomas Schmitt <scdbackup@gmx.net> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
osdep/linux/hostdisk: Modify sector by sysfs as disk sector
The disk sector size provided by sysfs file system considers the sector
size of 512 irrespective of disk sector size, thus causing the read by
the GRUB to an incorrect offset from what was originally intended.
Considering the 512 sector size of sysfs data the actual sector needs to
be modified corresponding to disk sector size.
Signed-off-by: Mukesh Kumar Chaurasiya <mchauras@linux.vnet.ibm.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
projects / thirdparty / grub.git / log
