Glenn Washburn [Mon, 14 Aug 2023 06:16:53 +0000 (01:16 -0500)]
commands/ls: Send correct dirname to print functions
For each non-directory path argument to the ls command, the full path was
being sent to the print functions, instead of the dirname. The long output
print function expected dirname to be the directory containing the file
and so could not open the file to get the file size because the generated
path was incorrect. This caused the output to be a blank line.
Signed-off-by: Glenn Washburn <development@efficientek.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Glenn Washburn [Mon, 14 Aug 2023 06:03:41 +0000 (01:03 -0500)]
fs/archelp: If path given to grub_archelp_dir() is not a directory return error
Specifically, return GRUB_ERR_BAD_FILE_TYPE because this is what is
expected by the ls command when it is given a path to a non-directory.
This fixes a bug where calling ls with a list of non-directory paths
outputs a blank line for each such argument.
Signed-off-by: Glenn Washburn <development@efficientek.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Glenn Washburn [Fri, 11 Aug 2023 21:30:04 +0000 (16:30 -0500)]
commands/videoinfo: Prevent crash when run while video driver already active
The videoinfo command will initialize all non-active video adapters. Video
drivers tend to zero out the global framebuffer object on initialization.
This is not a problem when there is no active video adapter. However, when
there is, then outputting to the video adapter will cause a crash because
methods in the framebuffer object are reinitialized. For example, this
command sequence will cause a crash.
terminal_output --append gfxterm; videoinfo
When running in a QEMU headless with GRUB built for the x86_64-efi target,
the first command initializes the Bochs video adapter, which, among
other things, sets the set_page() member function. Then when videoinfo is
run, all non-Bochs video adapters will be initialized, each one wiping
the framebuffer and thus setting set_page to NULL. Soon after the videoinfo
command finishes there will be a call to grub_refresh(), which will
ultimately call the framebuffer's set_page which will be NULL and cause
a crash when called.
Signed-off-by: Glenn Washburn <development@efficientek.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Glenn Washburn [Wed, 2 Aug 2023 00:58:51 +0000 (19:58 -0500)]
docs: Improve initrd documentation
A list of improvements:
* Remove reference to "initial ramdisk" and replace with "initrd". This
then covers the case of ramdisk and ramfs, which is the usual method
with kernels 2.6 and newer.
* Add sentence with URL to initrd documentation Linux kernel.
* Add a section documenting how to have the initrd command generate
a new-style initrd via a specially crafted argument and include an example.
* Update initrd16 to refer to the initrd section and make note that
initrd16 is only on the pc platform.
Signed-off-by: Glenn Washburn <development@efficientek.com> Reviewed-by: Oskari Pirhonen <xxc3ncoredxx@gmail.com> Reviewed-by: Paul Menzel <pmenzel@molgen.mpg.de> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
term/ns8250-spcr: Continue processing SPCR table even if revision is < 2
According to commit 0231d00082 (ACPI: SPCR: Make SPCR available to x86)
to the Linux kernel, "On x86, many systems have a valid SPCR table but the
table version is not 2 so the table version check must be a warning."
Signed-off-by: Glenn Washburn <development@efficientek.com> Reviewed-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
docs: A note to cat that hexdump should be used for binary data
The cat command should not be used to print binary data because it can
show bytes not in the binary data and not show bytes that are in the data,
which can lead to confusion. This happens because cat does some processing
of the data stream, namely trying to decode substrings as UTF-8.
Michał Grzelak [Tue, 18 Jul 2023 22:48:21 +0000 (00:48 +0200)]
configure: Fix SDL2 typo by referencing value
During configuration of SDL2, variable enable_grub_emu_sdl2 is checked
whether to throw an error message. However, error could not happen
because two unequal strings were compared. Fix this by referencing
value of enable_grub_emu_sdl2, not name.
Fixes: 17d6ac1a7 (emu: Add SDL2 support) Signed-off-by: Michał Grzelak <mchl.grzlk@gmail.com> Reviewed-by: Julian Andres Klode <julian.klode@canonical.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> Reviewed-by: Paul Menzel <pmenzel@molgen.mpg.de>
Daniel Kiper [Fri, 30 Jun 2023 14:02:15 +0000 (16:02 +0200)]
efi: Fallback to legacy mode if shim is loaded on x86 archs
The LoadImage() provided by the shim does not consult MOK when loading
an image. So, simply signature verification fails when it should not.
This means we cannot use Linux EFI stub to start the kernel when the
shim is loaded. We have to fallback to legacy mode on x86 architectures.
This is not possible on other architectures due to lack of legacy mode.
This is workaround which should disappear when the shim provides
LoadImage() which looks up MOK during signature verification.
On the occasion align constants in include/grub/efi/sb.h.
Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com> Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
Michał Grzelak [Thu, 29 Jun 2023 18:11:04 +0000 (20:11 +0200)]
configure.ac: Fix typo by adding missing $
During configuration of SDL, variable enable_grub_emu_sdl is checked
whether to throw an error message. However, error could not happen
because two unequal strings were compared. Fix this by referencing
value of enable_grub_emu_sdl, not name.
Fixes: 17d6ac1a7 (emu: Add SDL2 support) Signed-off-by: Michał Grzelak <mchl.grzlk@gmail.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Glenn Washburn [Wed, 28 Jun 2023 10:10:09 +0000 (05:10 -0500)]
docs: Minor corrections
When referring to initrd16 the link for initrd16 should be used, not a link
for initrd. Also, correct the spelling of additionally and add a comma after
it to correct its grammatical usage.
Signed-off-by: Glenn Washburn <development@efficientek.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Glenn Washburn [Wed, 28 Jun 2023 07:25:16 +0000 (02:25 -0500)]
loader/linux: Only emit newc directory once
When creating at runtime a newc initrd via arguments to initrd with "newc:"
prefixes, only emit a directory path record once. The original code
intended to do that by bailing out of emitting the record when the record
to be created matches an existing record. However, this does not happen
because grub_memcmp() is improperly checked.
Generating duplicate newc directory records does not cause any problems
because the Linux unpacker will skip it once it sees the directory already
exists. This fix saves a little processing and makes the generated newc
cpio archive a little smaller.
Fixes: 92750e4c60 (Add ability to generate newc additions on runtime.) Signed-off-by: Glenn Washburn <development@efficientek.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Glenn Washburn [Wed, 28 Jun 2023 06:19:48 +0000 (01:19 -0500)]
loader/efi/linux: Print EFI status as hex number instead of uint
EFI status codes are of different classes depending on the first byte and
all error status codes defined in appendix D of the main spec start from
1 and have the high bit set. When printing as a uint, the decimal is a very
large number that needs have the high bit cleared get the spec error code.
This can be easily visually done by a human if the number is printed as hex.
Signed-off-by: Glenn Washburn <development@efficientek.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
So all we did with the surface in SDL1 was split into window,
surface, renderer and texture. Instead of drawing into the
surface and then flipping, you build your pixels, then update
a texture and then copy the texture to the renderer.
Here we use an empty RGB surface to hold our pixels, which enables
us to keep most of the code the same. The SDL1 code has been adjusted
to refer to "surface" instead of "window" when trying to access the
properties of the surface.
This approaches the configuration by adding a new --enable-grub-emu-sdl2
argument. If set to yes, or auto detected, it disables SDL1 support
automatically.
This duplicates the sdl module block in Makefile.core.def which may
be something to be aware of, but we also don't want to build separate
module.
Fixes: https://bugs.debian.org/1038035 Signed-off-by: Julian Andres Klode <julian.klode@canonical.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Michał Grzelak [Thu, 15 Jun 2023 22:39:47 +0000 (00:39 +0200)]
tpm: Enable boot despite unknown firmware failure
Currently booting the system is prevented when call to EFI firmware
hash_log_extend_event() returns unknown error. Solve this by following
convention used in commit a4356538d (commands/tpm: Don't propagate
measurement failures to the verifiers layer).
Let the system to be bootable by default when unknown TPM error is
encountered. Check environment variable tpm_fail_fatal to fallback to
previous behaviour.
Signed-off-by: Michał Grzelak <mchl.grzlk@gmail.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Daniel Kiper [Thu, 15 Jun 2023 14:45:00 +0000 (16:45 +0200)]
efi: Add missing __grub_efi_api attributes
The commit bb4aa6e06 (efi: Drop all uses of efi_call_XX() wrappers) did
not add some __grub_efi_api attributes to the EFI calls. Lack of them
led to hangs on x86_64-efi target. So, let's add missing __grub_efi_api
attributes.
Fixes: bb4aa6e06 (efi: Drop all uses of efi_call_XX() wrappers) Reported-by: Christian Hesse <list@eworm.de> Reported-by: Robin Candau <antiz@archlinux.org> Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com> Tested-by: Robin Candau <antiz@archlinux.org> Tested-by: Christian Hesse <list@eworm.de> Reviewed-by: Peter Jones <pjones@redhat.com>
disk: Generalize MD_MAX_DISKS to GRUB_MDRAID_MAX_DISKS
Move the constant from grub-core/osdep/linux/getroot.c to
include/grub/disk.h and then reuse it in place of the
hardcoded 1024 limit in diskfilter.
Fixes: 2a5e3c1f2 (disk/diskfilter: Don't make a RAID array with more than 1024 disks) Cc: Daniel Axtens <dja@axtens.net> Cc: Kees Cook <keescook@chromium.org> Signed-off-by: Julian Andres Klode <julian.klode@canonical.com> Reviewed-by: Kees Cook <keescook@chromium.org> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Xiaotian Wu [Thu, 15 Jun 2023 12:10:38 +0000 (20:10 +0800)]
loongarch: Disable relaxation relocations
A working GRUB cannot be built with upcoming binutils and GCC, because linker
relaxation was added [1] causing new unsupported relocations to appear in modules.
So we pass -mno-relax to GCC if it is supported, to disable relaxation and make
GRUB forward-compatible with new toolchains.
While similar code already exists for sparc64 in configure.ac, sparc64 sets
LDFLAGS while LoongArch requires CFLAGS to be set. If we only set LDFLAGS on
LoongArch, GCC will still generate relaxation relocations in the .o files, so
the sparc64 code cannot be reused.
Xiaotian Wu [Tue, 13 Jun 2023 09:06:33 +0000 (17:06 +0800)]
loongarch: Rename function names
According to the relocation documentation, the following function names are
renamed to show their exact meaning:
- from grub_loongarch64_xxx64_hi12() to grub_loongarch64_abs64_hi12(),
- from grub_loongarch64_xxx64_hi12() to grub_loongarch64_abs64_lo20().
Signed-off-by: Xiaotian Wu <wuxiaotian@loongson.cn> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Qiumiao Zhang [Tue, 13 Jun 2023 03:20:51 +0000 (11:20 +0800)]
kern/acpi: Use xsdt_addr if present
According to the ACPI specification, in ACPI 2.0 or later, an
ACPI-compatible OS must use the XSDT if present. So, we should
use xsdt_addr instead of rsdt_addr if xsdt_addr is valid.
Signed-off-by: Qiumiao Zhang <zhangqiumiao1@huawei.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Qiumiao Zhang [Tue, 13 Jun 2023 03:17:36 +0000 (11:17 +0800)]
commands/acpi: Use xsdt_addr if present
According to the ACPI specification, in ACPI 2.0 or later, an
ACPI-compatible OS must use the XSDT if present. So, we should
use xsdt_addr instead of rsdt_addr if xsdt_addr is valid.
Signed-off-by: Qiumiao Zhang <zhangqiumiao1@huawei.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Glenn Washburn [Tue, 6 Jun 2023 05:48:39 +0000 (00:48 -0500)]
docs: Add debugging chapter to development documentation
Debugging GRUB can be tricky and require arcane knowledge. This will
help those unfamiliar with the process to get started debugging GRUB
with less effort.
Signed-off-by: Glenn Washburn <development@efficientek.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Darren Kenny [Fri, 2 Jun 2023 18:08:44 +0000 (18:08 +0000)]
fs/xfs: Fix issues found while fuzzing the XFS filesystem
While performing fuzz testing with XFS filesystem images with ASAN
enabled, several issues were found where the memory accesses are made
beyond the data that is allocated into the struct grub_xfs_data
structure's data field.
The existing structure didn't store the size of the memory allocated into
the buffer in the data field and had no way to check it. To resolve these
issues, the data size is stored to enable checks into the data buffer.
With these checks in place, the fuzzing corpus no longer cause any crashes.
Signed-off-by: Darren Kenny <darren.kenny@oracle.com> Signed-off-by: Robbie Harwood <rharwood@redhat.com> Signed-off-by: Marta Lewandowska <mlewando@redhat.com> Signed-off-by: Lidong Chen <lidong.chen@oracle.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
grub-core/genmoddep.awk: Ensure output is deterministic
The output in moddep.lst generated from syminfo.lst using genmoddep.awk
is not deterministic since the order of the dependencies on each line
can vary depending on how awk sorts the values in the array.
Be deterministic in the output by sorting the dependencies on each line.
Signed-off-by: Alexander Kanavin <alex@linutronix.de> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
The output of the SOURCES lines in grub-core/Makefile.core.am, generated
from grub-core/Makefile.core.def with gentpl.py is not deterministic due to
missing sorting of the list used to generate it. Add such a sort.
Signed-off-by: Alexander Kanavin <alex@linutronix.de> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Glenn Washburn [Thu, 1 Jun 2023 04:25:55 +0000 (23:25 -0500)]
gdb: Add gdbinfo command for printing the load address of the EFI application
EFI firmware determines where to load the GRUB EFI at runtime, and so the
addresses of debug symbols are not known ahead of time. There is a command
defined in the gdb_grub script which will load the debug symbols at the
appropriate addresses, if given the application load address for GRUB.
So add a command named "gdbinfo" to allow the user to print this GDB command
string with the application load address on-demand. For the outputted GDB
command to have any effect when entered into a GDB session, GDB should have
been started with the script as an argument to the -x option or sourced into
an active GDB session before running the outputted command.
Documentation for the gdbinfo command is also added.
Co-developed-by: Peter Jones <pjones@redhat.com> Signed-off-by: Peter Jones <pjones@redhat.com> Signed-off-by: Glenn Washburn <development@efficientek.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Glenn Washburn [Thu, 1 Jun 2023 04:16:26 +0000 (23:16 -0500)]
loader/efi/chainloader: Do not require a $root visible to EFI firmware when chainloading
The EFI chainloader checks that a device path can be created for the $root
device before allowing chainloading to a given file. This is probably to
ensure that the given file can be accessed and loaded by the firmware.
However, since GRUB is loading the image itself, the firmware need not
be able to access the file location of the image. So remove this check.
Also, this fixes an issue where chainloading an image file on a location
that is accessible by the firmware, e.g. (hd0,1)/efi/boot.efi, would
fail when root is a location inaccessible by the firmware, e.g. memdisk.
Use GRUB_EFI_BYTES_TO_PAGES() instead of doing the calculation explicitly.
Add comment noting the section where the load options for the chainloaded
EFI application is constructed.
Glenn Washburn [Thu, 1 Jun 2023 04:16:25 +0000 (23:16 -0500)]
docs: Document extra arguments to chainloader on EFI
Extra arguments given to chainloader on EFI platforms will be sent to
the chainloaded application. Also, minor edit in the chainloading section
to note that chainloading can be a jump via the firmware and not
necessarily in real mode (which does not exist on some architectures).
Oliver Steffen [Fri, 26 May 2023 11:35:51 +0000 (13:35 +0200)]
bli: Add a module for the Boot Loader Interface
Add a new module named bli. It implements a small but quite useful part
of the Boot Loader Interface [0]. This interface uses EFI variables for
communication between the boot loader and the operating system.
When loaded, this module sets two EFI variables under the vendor GUID 4a67b082-0a4c-41cf-b6c7-440b29bb8c4f:
- LoaderInfo: contains GRUB + <version number>.
This allows the running operating system to identify the boot loader
used during boot.
- LoaderDevicePartUUID: contains the partition UUID of the EFI System
Partition (ESP). This is used by systemd-gpt-auto-generator [1] to
find the root partitions (and others too), via partition type IDs [2].
This module is available on EFI platforms only. The bli module relies on
the part_gpt module which has to be loaded beforehand to make the GPT
partitions discoverable.
Update the documentation, add a new chapter "Modules" and describe the
bli module there.
Oliver Steffen [Fri, 26 May 2023 11:35:49 +0000 (13:35 +0200)]
docs: Reword section headings
Reword some section headings, remove "The List of" from titles. While
grammatically correct, this phrase can be omitted to increase
readability, especially in the table of contents.
Signed-off-by: Oliver Steffen <osteffen@redhat.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Oliver Steffen [Fri, 26 May 2023 11:35:47 +0000 (13:35 +0200)]
kern/misc, kern/efi: Extract UTF-8 to UTF-16 code
Create a new function for UTF-8 to UTF-16 conversion called
grub_utf8_to_utf16_alloc() in the grub-code/kern/misc.c and replace
charset conversion code used in some places in the EFI code. It is
modeled after the grub_utf8_to_ucs4_alloc() like functions in
include/grub/charset.h. It can't live in include/grub/charset.h,
because it needs to be reachable from the kern/efi code.
Add a check for integer overflow and remove redundant NUL-termination.
Signed-off-by: Oliver Steffen <osteffen@redhat.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Oliver Steffen [Fri, 26 May 2023 11:35:44 +0000 (13:35 +0200)]
kern/misc: Add a format specifier GUIDs
Extend the printf format specifier for pointers (%p) to accept a suffix
specifier G to print GUIDs: %pG can be used to print grub_guid structs.
This does not interfere with the -Wformat checking of gcc. Note that
the data type is not checked though (%p accepts void *).
Signed-off-by: Oliver Steffen <osteffen@redhat.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Alec Brown [Mon, 22 May 2023 20:52:49 +0000 (16:52 -0400)]
kern/efi/mm: Fix use-after-free in finish boot services
In grub-core/kern/efi/mm.c, grub_efi_finish_boot_services() has an instance
where the memory for the variable finish_mmap_buf is freed, but on the next
iteration of a while loop, grub_efi_get_memory_map() uses finish_mmap_buf. To
prevent this, we can set finish_mmap_buf to NULL after the free.
Signed-off-by: Alec Brown <alec.r.brown@oracle.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Ard Biesheuvel [Wed, 24 May 2023 17:29:09 +0000 (19:29 +0200)]
efi: Handle NULL return value when getting loaded image protocol
The EFI spec mandates that the handle produced by the LoadImage boot
service has a LoadedImage protocol instance installed on it, but for
robustness, we should still deal with a NULL return value from the
helper routine that obtains this protocol pointer.
If this happens, don't try to start the image but unload it and return
an error.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Ard Biesheuvel [Tue, 23 May 2023 15:31:45 +0000 (17:31 +0200)]
efi: Use generic EFI loader for x86_64 and i386
Switch the x86 based EFI platform builds to the generic EFI loader,
which exposes the initrd via the LoadFile2 protocol instead of the
x86-specific setup header. This will launch the Linux kernel via its EFI
stub, which performs its own initialization in the EFI boot services
context before calling ExitBootServices() and performing the bare metal
Linux boot.
Given that only Linux kernel versions v5.8 and later support this initrd
loading method, the existing x86 loader is retained as a fallback, which
will also be used for Linux kernels built without the EFI stub. In this
case, GRUB calls ExitBootServices() before entering the Linux kernel,
and all EFI related information is provided to the kernel via struct
boot_params in the setup header, as before.
Note that this means that booting EFI stub kernels older than v5.8 is
not supported even when not using an initrd at all. Also, the EFI
handover protocol, which has no basis in the UEFI specification, is not
implemented.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Ard Biesheuvel [Tue, 23 May 2023 15:31:43 +0000 (17:31 +0200)]
efi: Drop all uses of efi_call_XX() wrappers
Now that GCC can generate function calls using the correct calling
convention for us, we can stop using the efi_call_XX() wrappers, and
just dereference the function pointers directly.
This avoids the untyped variadic wrapper routines, which means better
type checking for the method calls.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Ard Biesheuvel [Tue, 23 May 2023 15:31:42 +0000 (17:31 +0200)]
efi: Add calling convention annotation to all prototypes
UEFI mandates MS calling convention on x86_64, which was not supported
on GCC when UEFI support was first introduced into GRUB. However, now we
can use the ms_abi function type attribute to annotate functions and
function pointers as adhering to the MS calling convention, and the
compiler will generate the correct instruction sequence for us.
So let's add the appropriate annotation to all the function prototypes.
This will allow us to drop the special call wrappers in a subsequent patch.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Ard Biesheuvel [Tue, 23 May 2023 15:31:41 +0000 (17:31 +0200)]
efi: Make EFI PXE protocol methods non-callable
The grub_efi_pxe_t struct definition has placeholders for the various
protocol method pointers, given that they are never called in the code,
and the prototypes have been omitted, and therefore do not comply with
the UEFI spec.
So let's convert them into void* pointers, so they cannot be called
inadvertently.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Alec Brown [Mon, 22 May 2023 20:52:48 +0000 (16:52 -0400)]
loader/multiboot_elfxx: Check program header offset doesn't exceed constraints
In grub-core/loader/multiboot_elfxx.c, we need to make sure that the program
header offset is less than the file size along with the MULTIBOOT_SEARCH
constant. We can do so by setting the variable phlimit to the minimum value of
the two limits and check it each time we change program header index to insure
that the program header offset isn't outside of the limits.
Fixes: CID 314029 Fixes: CID 314038 Signed-off-by: Alec Brown <alec.r.brown@oracle.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Alec Brown [Mon, 22 May 2023 20:52:47 +0000 (16:52 -0400)]
loader/multiboot_elfxx: Check section header region before allocating memory
In grub-core/loader/multiboot_elfxx.c, space is being allocated for the section
header region, but isn't verifying if the region is within the file's size.
Before calling grub_calloc(), we can add a conditional to check if the section
header region is smaller than the file size.
Fixes: CID 314029 Fixes: CID 314038 Signed-off-by: Alec Brown <alec.r.brown@oracle.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Alec Brown [Mon, 22 May 2023 20:52:46 +0000 (16:52 -0400)]
loader/multiboot_elfxx: Check program memory isn't larger than allocated memory size
In grub-core/loader/multiboot_elfxx.c, the code is filling an area of memory
with grub_memset() but doesn't check if there is space in the allocated memory
before doing so. To make sure we aren't zeroing memory past the allocated memory
region, we need to check that the offset into the allocated memory region plus
the memory size of the program is smaller than the allocated memory size.
Fixes: CID 314029 Fixes: CID 314038 Signed-off-by: Alec Brown <alec.r.brown@oracle.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
WANG Xuerui [Thu, 18 May 2023 02:52:57 +0000 (10:52 +0800)]
kern/loongarch64/dl_helper: Avoid undefined behavior when popping from an empty reloc stack
The return value of grub_loongarch64_stack_pop() is unsigned, so -1 should
not be used in the first place. Replacing with 0 is enough to avoid the
UB in this edge case.
Technically though, proper error handling is needed throughout the
management of the reloc stack, so no unexpected behavior will happen
even in case of malformed object code input (right now, pushes become
no-ops when the stack is full, and garbage results if the stack does not
contain enough operands for an op). The refactor would touch some more
places so would be best done in a separate series.
Fixes: CID 407777 Fixes: CID 407778 Signed-off-by: WANG Xuerui <git@xen0n.name> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Documentation is added to note that serial devices found on the PCI bus will
be exposed as "pci,XX:XX.X" and how to find serial terminal logical names.
Also, some minor documentation improvements were added.
This can be tested in QEMU by adding a pci-serial device, e.g. using the option
"-device pci-serial".
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Tested-by: Glenn Washburn <development@efficientek.com> Signed-off-by: Glenn Washburn <development@efficientek.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Glenn Washburn [Sun, 14 May 2023 04:52:56 +0000 (23:52 -0500)]
tests/util/grub-fs-tester: Avoid failing some file system tests due to file system filling up
On some systems /usr/share/dict/american-english can be larger than the
available space on the filesystem being tested (e.g. vfat12a). This
causes a failure of the filesystem test and is not a real test failure.
Instead, use dd to copy at most 1 MiB of data to the filesystem, which is
enough for our purposes and will not fill any of the tested filesystems.
Signed-off-by: Glenn Washburn <development@efficientek.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Roger Pau Monné [Fri, 12 May 2023 07:33:55 +0000 (09:33 +0200)]
lib/relocator: Always enforce the requested alignment in malloc_in_range()
On failure to allocate from grub_relocator_firmware_alloc_region() in
malloc_in_range() the function would stop enforcing the alignment, and
the following was returned:
lib/relocator.c:431: trying to allocate in 0x200000-0xffbf9fff aligned 0x200000 size 0x406000
lib/relocator.c:1197: allocated: 0x74de2000+0x406000
lib/relocator.c:1407: allocated 0x74de2000/0x74de2000
Fix this by making sure that target always contains a suitably aligned
address. After the change the return from the function is:
lib/relocator.c:431: trying to allocate in 0x200000-0xffb87fff aligned 0x200000 size 0x478000
lib/relocator.c:1204: allocated: 0x74c00000+0x478000
lib/relocator.c:1414: allocated 0x74c00000/0x74c00000
Fixes: 3a5768645c05 (First version of allocation from firmware) Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
The access_size is part of a union, so doesn't technically exist for
a PIO port (i.e., not MMIO), but we set it anyways.
This doesn't cause a bug today because the other leg of the union
doesn't have anything overlapping with it now, but it's bad, I will
punish myself for writing it that way :-) In the meantime, fix this
and actually name the struct inside the union for clarity of intent
and to avoid such issue in the future.
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Ákos Nagy [Fri, 5 May 2023 12:04:28 +0000 (14:04 +0200)]
util/grub-install-common: Fix the key of the --core-compress option
Commit f23bc6510 (Transform -C option to grub-mkstandalone to
--core-compress available in all grub-install flavours.) declared
a new long option for specifying the compression method to use for
the core image.
However, the option key has not been replaced in the parser function,
it still expects the old one formerly used by grub-mkstandalone.
Because of this the option is not recognized by any of the utils for
which it is listed as supported.
Signed-off-by: Ákos Nagy <nagyakos@outlook.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Lidong Chen [Wed, 3 May 2023 17:32:19 +0000 (17:32 +0000)]
fs/hfsplus: Set grub_errno to prevent NULL pointer access
When an invalid node size is detected in grub_hfsplus_mount(), data
pointer is freed. Thus, file->data is not set. The code should also
set the grub_errno when that happens to indicate an error and to avoid
accessing the uninitialized file->data in grub_file_close().
Signed-off-by: Lidong Chen <lidong.chen@oracle.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Lidong Chen [Wed, 3 May 2023 17:32:18 +0000 (17:32 +0000)]
fs/hfsplus: Prevent out of bound access in catalog file
A corrupted hfsplus can have a catalog key that is out of range. This
can lead to out of bound access when advancing the pointer to access
catalog file info. The valid range of a catalog key is specified in
HFS Plus Technical Note TN1150 [1].
Lidong Chen [Wed, 3 May 2023 17:32:17 +0000 (17:32 +0000)]
fs/hfsplus: Validate btree node size
The invalid btree node size can cause crashes when parsing the btree.
The fix is to ensure the btree node size is within the valid range
defined in the HFS Plus technical note, TN1150 [1].
Glenn Washburn [Sun, 14 May 2023 04:21:20 +0000 (23:21 -0500)]
INSTALL: Use exfat-utils package instead of exfatprogs
The exfat-utils package is an older package complementing exfat-fuse, and
was the only exfat tools for a long time. The exfat filesystem testing code
was written with these tools in mind. A newer project exfatprogs appears to
be of better quality and functionality and was written to complement the
somewhat new exfat kernel module. Ideally we should be using the newer
exfatprogs. However, the command line interface for mkfs.exfat is different
between the two. So we can't use the exfatprogs tools until the test scripts
have been updated to account for this. Recommend installing exfat-utils
instead of exfatprogs for now.
Signed-off-by: Glenn Washburn <development@efficientek.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Renaud Métrich [Wed, 3 May 2023 10:21:31 +0000 (12:21 +0200)]
net/dns: Fix lookup error when no IPv6 is returned
When trying to resolve DNS names into IP addresses, the DNS code fails
from time to time with the following error:
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
error: ../../grub-core/net/dns.c:688:no DNS record found.
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
This happens when both IPv4 and IPv6 queries are performed against the
DNS server (e.g. 8.8.8.8) but there is no IP returned for IPv6 query, as
shown below:
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
grub> net_del_dns 192.168.122.1
grub> net_add_dns 8.8.8.8
grub> net_nslookup ipv4.test-ipv6.com
error: ../../grub-core/net/dns.c:688:no DNS record found.
grub> net_nslookup ipv4.test-ipv6.com
216.218.228.115
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
The root cause is the code exiting prematurely when the data->addresses
buffer has been allocated in recv_hook(), even if there was no address
returned last time recv_hook() executed.
Signed-off-by: Renaud Métrich <rmetrich@redhat.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
When deleting the DNS server, we get the following error message:
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
grub> net_del_dns 192.168.122.1
error: ../../grub-core/net/dns.c:646:no DNS reply received.
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
This happens because the implementation is broken, it does a "add"
internally instead of a "delete".
Signed-off-by: Renaud Métrich <rmetrich@redhat.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
projects / thirdparty / grub.git / log
