Glenn Washburn [Fri, 18 Mar 2022 06:51:32 +0000 (01:51 -0500)]
net/net: Avoid unnecessary calls to grub_net_tcp_retransmit()
In grub_net_poll_cards_idle_real(), only call grub_net_tcp_retransmit() if there
are network cards found. If there are no network card found, there can be no
tcp sockets to transmit on. So no need to go through that logic.
Signed-off-by: Glenn Washburn <development@efficientek.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Glenn Washburn [Fri, 18 Mar 2022 06:51:31 +0000 (01:51 -0500)]
net/net: Unset grub_net_poll_cards_idle when net module has been unloaded
This looks like it was a copy/paste error. If the net module is unloaded,
grub_net_poll_cards_idle should be NULL so that GRUB does not try to call
a function which now doesn't exist.
Signed-off-by: Glenn Washburn <development@efficientek.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Glenn Washburn [Fri, 18 Mar 2022 06:43:46 +0000 (01:43 -0500)]
INSTALL: Add information on using --build when cross-compiling
The autoconf 2.65 manual [1] strongly recommends specifying the --build
option when the --host is used. Add this to the example and add a note
that this is recommended.
Glenn Washburn [Fri, 18 Mar 2022 06:41:38 +0000 (01:41 -0500)]
configure: Remove unused CFLAGS definitions
These CFLAGS definitions are reset below them before they have a change to
affect anything. The exception is the *-emu case, which is put in the next
if block, which is the only place its used before getting reset.
Signed-off-by: Glenn Washburn <development@efficientek.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Glenn Washburn [Fri, 18 Mar 2022 06:41:37 +0000 (01:41 -0500)]
configure: Remove dead code
It appears as though the intent of this code is to define abort() and main()
symbols for some configure tests. However, it never gets used because the if
is only entered when not building for *-emu, but the next if block only runs
when building for *-emu. And the if block after that unconditionally resets
CFLAGS. So this code can have no effect.
Additionally, s/aclocal.m4/acinclude.m4/ and move grub_ASM_USCORE to put
with other marcos defined in acinclude.m4.
Signed-off-by: Glenn Washburn <development@efficientek.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Glenn Washburn [Fri, 18 Mar 2022 06:41:35 +0000 (01:41 -0500)]
configure: Allow HOST_CC to override CC
According to the INSTALL, "The HOST_* variables override not prefixed
variables". This change makes it so, instead of previous behavior, which
was to ignore the HOST_CC environment variable.
Signed-off-by: Glenn Washburn <development@efficientek.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Glenn Washburn [Fri, 18 Mar 2022 06:34:05 +0000 (01:34 -0500)]
gdb: Add malloc and free symbols to kernel.exec to improve gdb functionality
Add linker flags when linking kernel.exec to have malloc and free point to
grub_malloc() and grub_free() respectively. Some gdb functionality depends on
gdb locating the symbols "malloc" and "free", such as dynamically creating
strings for arguments to injected function calls. A trivial example would
the gdb command 'p strlen("astring")'. Make sure not to do this on emu
platforms, or an infinite loop occurs because emu has a special
grub_malloc() that calls malloc().
Signed-off-by: Glenn Washburn <development@efficientek.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Renaud Métrich [Mon, 7 Mar 2022 10:06:20 +0000 (11:06 +0100)]
commands/search: Add new --efidisk-only option for EFI systems
When using "search" on EFI systems, we sometimes want to exclude devices
that are not EFI disks, e.g. md, lvm. This is typically used when
wanting to chainload when having a software raid (md) for EFI partition:
with no option, "search --file /EFI/redhat/shimx64.efi" sets root envvar
to "md/boot_efi" which cannot be used for chainloading since there is no
effective EFI device behind.
Signed-off-by: Renaud Métrich <rmetrich@redhat.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Hans de Goede [Fri, 28 Jan 2022 10:30:33 +0000 (11:30 +0100)]
kern/main: Suppress the "Welcome to GRUB!" message in EFI builds
GRUB EFI builds are now often used in combination with flicker-free
boot, but this breaks with upstream GRUB because the "Welcome to GRUB!"
message will kick the EFI fb into text mode and show the msg, breaking
the flicker-free experience.
EFI systems are so fast, that when the menu or the countdown are
enabled the message will be immediately overwritten, so in these cases
not printing the message does not matter.
And in case when the timeout_style is set to TIMEOUT_STYLE_HIDDEN,
the user has asked GRUB to be quiet (for example to allow flickfree
boot) and thus the message should not be printed.
Signed-off-by: Hans de Goede <hdegoede@redhat.com> Reviewed-by: Robbie Harwood <rharwood@redhat.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Hans de Goede [Fri, 28 Jan 2022 10:30:32 +0000 (11:30 +0100)]
normal/menu: Don't show "Booting `%s'" msg when auto-booting with TIMEOUT_STYLE_HIDDEN
When the user has asked the menu code to be hidden/quiet and the current
entry is being autobooted because the timeout has expired don't show
the "Booting `%s'" msg.
This is necessary to let flicker-free boots really be flicker free,
otherwise the "Booting `%s'" msg will kick the EFI fb into text mode
and show the msg, breaking the flicker-free experience.
Signed-off-by: Hans de Goede <hdegoede@redhat.com> Reviewed-by: Robbie Harwood <rharwood@redhat.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Hans de Goede [Fri, 28 Jan 2022 11:43:49 +0000 (12:43 +0100)]
term/efi/console: Do not set cursor until the first text output
To allow flickerfree boot the EFI console code does not call
grub_efi_set_text_mode(1) until some text is actually output. Depending
on if the output text is because of an error loading, e.g. the .cfg
file, or because of showing the menu the cursor needs to be on or off
when the first text is shown. So far the cursor was hardcoded to being
on, but this is causing drawing artifacts + slow drawing of the menu as
reported here: https://bugzilla.redhat.com/show_bug.cgi?id=1946969
Handle the cursorstate in the same way as the colorstate to fix this,
when no text has been output yet, just cache the cursorstate and then
use the last set value when the first text is output.
Fixes: 2d7c3abd871f (efi/console: Do not set text-mode until we actually need it) Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1946969 Signed-off-by: Hans de Goede <hdegoede@redhat.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
which triggers a grub_term_setcolorstate() call. The original version
of the "efi/console: Do not set text-mode until we actually need it" patch,
https://lists.gnu.org/archive/html/grub-devel/2018-03/msg00125.html,
protected against this by caching the requested state in
grub_console_setcolorstate() and then only applying it when the first
text output actually happens. During refactoring to move the
grub_console_setcolorstate() up higher in the grub-core/term/efi/console.c
file the code to cache the color-state + bail early was accidentally dropped.
Restore the cache the color-state + bail early behavior from the original.
Fixes: 2d7c3abd871f (efi/console: Do not set text-mode until we actually need it) Cc: Javier Martinez Canillas <javierm@redhat.com> Signed-off-by: Hans de Goede <hdegoede@redhat.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Darren Kenny [Wed, 16 Mar 2022 17:25:05 +0000 (17:25 +0000)]
kern/rescue_parser: Ensure that parser allocated memory is not leaked
While it would appear unlikely that the memory allocated in *argv in
grub_parser_split_cmdline() would be leaked, we should try ensure that
it doesn't leak by calling grub_free() before we return from
grub_rescue_parse_line().
To avoid a possible double-free, grub_parser_split_cmdline() is being
changed to assign *argv = NULL when we've called grub_free() in the fail
section.
Fixes: CID 96680 Signed-off-by: Darren Kenny <darren.kenny@oracle.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Darren Kenny [Wed, 16 Mar 2022 17:25:04 +0000 (17:25 +0000)]
grub-mkimage: Only check aarch64 relocations when built for aarch64
Coverity flagged the switch checks for R_AARCH64_* as being logically
dead code, since it could never happen on x86 due to the masking of the
values earlier in the code.
A check for building on __arm__ (which gcc and clang define) and for
MKIMAGE_ELF64 (which GRUB defines) has been added to avoid this dead
code being built in.
Fixes: CID 158599 Signed-off-by: Darren Kenny <darren.kenny@oracle.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Daniel Kiper [Tue, 15 Mar 2022 18:05:45 +0000 (14:05 -0400)]
lib/posix_wrap/errno.h: Add __set_errno() macro
$ ./configure --target=x86_64-w64-mingw32 --with-platform=efi --host=x86_64-w64-mingw32
$ make
[...]
cat syminfo.lst | sort | gawk -f ./genmoddep.awk > moddep.lst || (rm -f moddep.lst; exit 1)
__imp__errno in regexp is not defined
This happens because grub-core/lib/gnulib/malloc/dynarray_resize.c and
grub-core/lib/gnulib/malloc/dynarray_emplace_enlarge.c (both are used by
regexp module) from the latest Gnulib call __set_errno() which originally
sets errno variable (Windows builds add __imp__ prefix). Of course it is
not defined and grub_errno should be used instead.
Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com> Signed-off-by: Robbie Harwood <rharwood@redhat.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Robbie Harwood [Tue, 15 Mar 2022 18:05:43 +0000 (14:05 -0400)]
gnulib: Handle warnings introduced by updated gnulib
- Fix type of size variable in luks2_verify_key()
- Avoid redefinition of SIZE_MAX and ATTRIBUTE_ERROR
- Work around gnulib's int types on older compilers
Signed-off-by: Robbie Harwood <rharwood@redhat.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Robbie Harwood [Tue, 15 Mar 2022 18:05:42 +0000 (14:05 -0400)]
gnulib: Update gnulib version and drop most gnulib patches
In addition to the changes carried in our gnulib patches, several
Coverity and code hygiene fixes that were previously downstream are also
included in this 3-year gnulib increment.
Unfortunately, fix-width.patch is retained.
Bump minimum autoconf version from 2.63 to 2.64 and automake from 1.11
to 1.14, as required by gnulib.
Sync bootstrap script itself with gnulib.
Update regexp module for new dynarray dependency.
Signed-off-by: Robbie Harwood <rharwood@redhat.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Robbie Harwood [Tue, 15 Mar 2022 18:05:41 +0000 (14:05 -0400)]
gnulib: Drop no-abort.patch
Originally added in commit db7337a3d (grub-core/lib/posix_wrap/stdlib.h
(abort): Removed), this patched out all relevant invocations of abort()
in gnulib. While it was not documented why at the time, testing suggests
that there's no abort() implementation available for gnulib to use.
gnulib's position is that the use of abort() is correct here, since it
happens when input violates a "shall" from POSIX. Additionally, the
code in question is probably not reachable. Since abort() is more
friendly to user-space, they prefer to make no change, so we can just
carry a define instead (suggested by Paul Eggert).
Signed-off-by: Robbie Harwood <rharwood@redhat.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Robbie Harwood [Tue, 15 Mar 2022 18:05:40 +0000 (14:05 -0400)]
gnulib: Drop fix-base64.patch
Originally added in commit 9fbdec2f (bootstrap: Add gnulib's base64
module) and subsequently modified in commit 552c9fd08 (gnulib: Fix build
of base64 when compiling with memory debugging), fix-base64.patch
handled two problems we have using gnulib, which are exercised by the
base64 module but not directly caused by it.
First, GRUB defines its own bool type, while gnulib expects the
equivalent of stdbool.h to be present. Rather than patching gnulib,
instead use gnulib's stdbool module to provide a bool type if needed
(suggested by Simon Josefsson).
Second, our config.h doesn't always inherit config-util.h, which is
where gnulib-related options like _GL_ATTRIBUTE_CONST end up.
fix-base64.h worked around this by defining the attribute away, but this
workaround is better placed in config.h itself, not a gnulib patch.
Signed-off-by: Robbie Harwood <rharwood@redhat.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
checking if __bss_start is defined by the compiler... no
checking if edata is defined by the compiler... no
checking if _edata is defined by the compiler... no
configure: error: none of __bss_start, edata or _edata is defined
This happens on machines with quite recent ld due to an error:
`edata' referenced in section `.text' of /tmp/cc72w9E4.o: defined in discarded section `.data' of conftest.exe
collect2: error: ld returned 1 exit status
So, we have to tell linker to not discard .data and .edata sections.
The trick comes from ld documentation:
3.6.7 Output Section Discarding
The linker will not normally create output sections with no contents.
This is for convenience when referring to input sections that may or may
not be present in any of the input files. For example:
.foo : { *(.foo) }
will only create a ‘.foo’ section in the output file if there is a
‘.foo’ section in at least one input file, and if the input sections are
not all empty. Other link script directives that allocate space in an
output section will also create the output section. So too will
assignments to dot even if the assignment does not create space, except
for ‘. = 0’, ‘. = . + 0’, ‘. = sym’, ‘. = . + sym’ and ‘. = ALIGN (. !=
0, expr, 1)’ when ‘sym’ is an absolute symbol of value 0 defined in the
script. This allows you to force output of an empty section with ‘. = .’.
This change does not impact generated binaries because the
conf/i386-cygwin-img-ld.sc linker script is used only when
you run configure.
Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com> Reviewed-by: Robbie Harwood <rharwood@redhat.com>
Daniel Kiper [Thu, 10 Mar 2022 15:48:50 +0000 (16:48 +0100)]
commands/i386/pc/sendkey: Fix "writing 1 byte into a region of size 0" build error
Latest GCC may complain in that way:
commands/i386/pc/sendkey.c: In function ‘grub_sendkey_postboot’:
commands/i386/pc/sendkey.c:223:21: error: writing 1 byte into a region of size 0 [-Werror=stringop-overflow=]
223 | *((char *) 0x41a) = 0x1e;
| ~~~~~~~~~~~~~~~~~~^~~~~~
The volatile keyword addition helps and additionally assures us the
compiler will not optimize out fixed assignments.
Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com> Reviewed-by: Robbie Harwood <rharwood@redhat.com>
Daniel Kiper [Thu, 10 Mar 2022 15:40:43 +0000 (16:40 +0100)]
loader/i386/bsd: Initialize ptr variable in grub_bsd_add_meta()
Latest GCC may complain in that way:
In file included from ../include/grub/disk.h:31,
from ../include/grub/file.h:26,
from ../include/grub/loader.h:23,
from loader/i386/bsd.c:19:
loader/i386/bsd.c: In function ‘grub_cmd_openbsd’:
../include/grub/misc.h:71:10: error: ‘ptr’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
71 | return grub_memmove (dest, src, n);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~
loader/i386/bsd.c:266:9: note: ‘ptr’ was declared here
266 | void *ptr;
| ^~~
So, let's fix it by assigning NULL to ptr in grub_bsd_add_meta().
Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com> Reviewed-by: Robbie Harwood <rharwood@redhat.com>
$ ./configure --target=x86_64-w64-mingw32 --with-platform=efi --host=x86_64-w64-mingw32
$ make
[...]
In file included from grub-core/osdep/platform.c:4:
grub-core/osdep/windows/platform.c: In function ‘grub_install_register_efi’:
grub-core/osdep/windows/platform.c:382:41: error: taking address of packed member of ‘struct grub_efi_file_path_device_path’ may result in an unaligned pointer value [-Werror=address-of-packed-member]
382 | path16_len = grub_utf8_to_utf16 (filep->path_name,
| ~~~~~^~~~~~~~~~~
Disable the -Wadress-of-packaed-member diagnostic for grub_utf8_to_utf16()
call which contains filep->path_name reference. It seems safe because the
structure is defined according to the UEFI spec and we hope authors did not
make any mistake... :-)
This fix is similar to the fix in the commit 8e8723a6b
(f2fs: Disable gcc9 -Waddress-of-packed-member).
Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com> Reviewed-by: Robbie Harwood <rharwood@redhat.com>
Glenn Washburn [Fri, 11 Mar 2022 07:08:32 +0000 (01:08 -0600)]
po: Un-transliterate the %zu format code
Commit 45bffae13 (util/resolve: Bail with error if moddep.lst file line is
too long) uses the %zu format specifier which has not been used in
any translated strings yet. So the sed scripts used for transliterating
certain languages need to be updated otherwise creation of the message
indexes will fail on an unknown format code. This is essentially the same
issue fixed for the %m format code in commit 2e246b6f (po: Fix replacement
of %m in sed programs).
Also reorder transliteration lines to be more lexicographically ordered.
Signed-off-by: Glenn Washburn <development@efficientek.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Daniel Axtens [Fri, 4 Mar 2022 13:39:04 +0000 (00:39 +1100)]
net: Check against nb->tail in grub_netbuff_pull()
GRUB netbuff structure members track 2 different things: the extent of memory
allocated for the packet, and the extent of memory currently being worked on.
This works out in the structure as follows:
nb->head: beginning of the allocation
nb->data: beginning of the working data
nb->tail: end of the working data
nb->end: end of the allocation
The head and end pointers are set in grub_netbuff_alloc() and do not change.
The data and tail pointers are initialised to point at start of the
allocation (that is, head == data == tail initially), and are then
manipulated by grub_netbuff_*() functions. Key functions are as follows:
- grub_netbuff_put(): "put" more data into the packet - advance nb->tail
- grub_netbuff_unput(): trim the tail of the packet - retract nb->tail
- grub_netbuff_pull(): "consume" some packet data - advance nb->data
- grub_netbuff_reserve(): reserve space for future headers - advance nb->data and nb->tail
- grub_netbuff_push(): "un-consume" data to allow headers to be written - retract nb->data
Each of those functions does some form of error checking. For example,
grub_netbuff_put() does not allow nb->tail to exceed nb->end, and
grub_netbuff_push() does not allow nb->data to be before nb->head.
However, grub_netbuff_pull()'s error checking is a bit weird. It advances nb->data
and checks that it does not exceed nb->end. That allows you to get into the
situation where nb->data > nb->tail, which should not be.
Make grub_netbuff_pull() check against both nb->tail and nb->end. In theory just
checking against ->tail should be sufficient but the extra check should be
cheap and seems like good defensive practice.
Signed-off-by: Daniel Axtens <dja@axtens.net> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Fabian Vogt [Mon, 17 Jan 2022 14:34:37 +0000 (15:34 +0100)]
grub-mount: Add support for libfuse3
The libfuse 3.0.0 got released in 2016, with some API changes compared to 2.x.
This commit introduces support for 3.x while keeping it compatible with 2.6
as a fallback still.
To detect fuse3, switch configure over to use pkg-config, which is simpler yet
more reliable than looking for library and header manually. Also set
FUSE_USE_VERSION that way, as it depends on the used libfuse version.
Now that the CFLAGS are read from pkg-config, use just <fuse.h>, which works
with 2.x as well as 3.x and is recommended by libfuse upstream.
One behavior change of libfuse3 is that FUSE_ATOMIC_O_TRUNC is set by default,
which means that open with O_TRUNC is passed as-is instead of calling the
truncate operation. With libfuse2, truncate failed with -ENOSYS and that was
returned to the application. To make O_TRUNC fail with libfuse3, return -EROFS
explicitly if writing was requested.
Signed-off-by: Fabian Vogt <fvogt@suse.de> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Chad Kimes [Wed, 2 Mar 2022 19:21:22 +0000 (14:21 -0500)]
net/ethernet: Fix VLAN networking on little-endian systems
VLAN configuration seems to have never worked on little-endian systems.
This is likely because VLANTAG_IDENTIFIER is not byte-swapped before
copying into the net buffer, nor is inf->vlantag. We can resolve this by
using grub_cpu_to_be16{_compile_time}() and its inverse when copying
VLAN info to/from the net buffer.
Signed-off-by: Chad Kimes <chkimes@github.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
commands/efi/lsefisystab: Short text EFI_IMAGE_SECURITY_DATABASE_GUID
The EFI_IMAGE_SECURITY_DATABASE_GUID is used for the image execution
information table (cf. UEFI specification 2.9, 32.5.3.1 Using The Image
Execution Information Table).
The lsefisystab command is used to display installed EFI configuration
tables. Currently it only shows the GUID but not a short text for the
table.
Provide a short text for the EFI_IMAGE_SECURITY_DATABASE_GUID.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Peter Jones [Fri, 25 Feb 2022 16:28:42 +0000 (11:28 -0500)]
ChangeLog: Retire ChangeLog-2015
ChangeLog-2015 has been untouched for over 7 years now, and any
information in it is purely for historical purposes. At the same time,
grepping for code winds up matching this file quite a bit, almost never
accomplishing anything other than cluttering up your grep results. We
don't need this in the main repo, and "git show" will find it if you're
looking at the old history of commits on some file.
This patch deletes it and the Makefile.am rule to distribute it.
Signed-off-by: Peter Jones <pjones@redhat.com> Reviewed-by: Daniel Axtens <dja@axtens.net> Reviewed-by: Robbie Harwood <rharwood@redhat.com> Reviewed-by: Javier Martinez Canillas <javierm@redhat.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Glenn Washburn [Tue, 15 Feb 2022 18:36:43 +0000 (12:36 -0600)]
mm: Temporarily disable grub_mm_debug while calling grub_vprintf() in grub_printf()
To prevent infinite recursion when grub_mm_debug is on, disable it when
calling grub_vprintf(). One such call loop is:
grub_vprintf() -> parse_printf_args() -> parse_printf_arg_fmt() ->
grub_debug_calloc() -> grub_printf() -> grub_vprintf().
Signed-off-by: Glenn Washburn <development@efficientek.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Glenn Washburn [Tue, 15 Feb 2022 18:36:41 +0000 (12:36 -0600)]
configure: Properly handle MM_DEBUG
Define MM_DEBUG in config.h when --enable-mm-debug is passed to configure.
It was being defined in config-util.h which only gets used when building
GRUB utilities for the host side. The enabling of debugging for memory
management in include/grub/mm.h explicitly does not happen when compiling
for the GRUB utilities. So this debugging code effectively could never be
enabled. Note, that MM_DEBUG is defined in an #if directive because the
enabling of debugging checks if MM_DEBUG is defined, not what its value is.
So even if MM_DEBUG were defined to nothing, the debugging code would
still be enabled.
Signed-off-by: Glenn Washburn <development@efficientek.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Fangrui Song [Fri, 11 Feb 2022 18:13:23 +0000 (10:13 -0800)]
configure: Replace -Wl,-r,-d with -Wl,-r and add -fno-common
In GNU ld and ld.lld, -d is used with -r to allocate space to COMMON symbols.
This behavior is presumably to work around legacy projects which inspect
relocatable output by themselves and do not handle COMMON symbols. The GRUB
does not do this.
See https://github.com/llvm/llvm-project/issues/53660
-d is quite useless and ld.lld 15.0.0 will make -d no-op.
COMMON symbols have special symbol resolution semantics which can cause surprise
(see https://maskray.me/blog/2022-02-06-all-about-common-symbols). GCC<10 and
Clang<11 defaulted to -fcommon. Just use -fno-common to avoid COMMON symbols.
Signed-off-by: Fangrui Song <maskray@google.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Glenn Washburn [Tue, 8 Feb 2022 21:55:57 +0000 (15:55 -0600)]
tests: Add check-native and check-nonnative make targets
This allows for testing only tests that run directly on the build machine or
only tests that run in a virtualized environment. When testing multiple
targets on the same build machine the native tests only need to be run once
for all targets. Whereas, the nonnative tests must be run for each target
because the test is potentially compiled differently for each target.
Signed-off-by: Glenn Washburn <development@efficientek.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Glenn Washburn [Sun, 6 Feb 2022 22:00:10 +0000 (16:00 -0600)]
tests: Remove $((BASE#NUM)) bashism in grub-fs-tester
This bashism allows converting NUM in base BASE to decimal. Its not needed
because the only place its used is to convert from hexidecimal and this can
also be done with the more portable $((0xHEXNUM)) syntax.
Signed-off-by: Glenn Washburn <development@efficientek.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Glenn Washburn [Sun, 6 Feb 2022 22:00:09 +0000 (16:00 -0600)]
tests: Skip pata_test on i386-efi
In comparison to other i386 targets, on i386-efi the Q35 QEMU machine type
is used to do the testing to be able to make use of the EFI firmware in
QEMU. On the Q35 machine type there is no way to use ATA to communicate with
an IDE, only AHCI.
Signed-off-by: Glenn Washburn <development@efficientek.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Alec Brown [Thu, 3 Feb 2022 00:26:59 +0000 (19:26 -0500)]
util/grub-module-verifierXX: Validate elf section header table index for section name string table
In grub-module-verifierXX.c, the function find_section() uses the value from
grub_target_to_host16 (e->e_shstrndx) to obtain the section header table index
of the section name string table, but it wasn't being checked if the value was
there.
According to the elf(5) manual page,
"If the index of section name string table section is larger than or equal
to SHN_LORESERVE (0xff00), this member holds SHN_XINDEX (0xffff) and the real
index of the section name string table section is held in the sh_link member of
the initial entry in section header table. Otherwise, the sh_link member of the
initial entry in section header table contains the value zero."
Since this check wasn't being made, the function get_shstrndx() is being added
to make this check and use e_shstrndx if it doesn't have SHN_XINDEX as a value,
else use sh_link. We also need to make sure e_shstrndx isn't greater than or
equal to SHN_LORESERVE and sh_link isn't less than SHN_LORESERVE.
Note that it may look as though the argument *arch isn't being used, it's
actually required in order to use the macros grub_target_to_host*(x) which are
unwinded to grub_target_to_host*_real(arch, (x)) based on defines earlier in
the file.
Signed-off-by: Alec Brown <alec.r.brown@oracle.com> Reviewed-by: Darren Kenny <darren.kenny@oracle.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Alec Brown [Thu, 3 Feb 2022 00:26:58 +0000 (19:26 -0500)]
util/grub-module-verifierXX: Validate number of elf section header table entries
In grub-module-verifierXX.c, grub_target_to_host16 (e->e_shnum) is used to
obtain the number of section header table entries, but it wasn't being
checked if the value was there.
According to the elf(5) manual page,
"If the number of entries in the section header table is larger than or equal
to SHN_LORESERVE (0xff00), e_shnum holds the value zero and the real number of
entries in the section header table is held in the sh_size member of the intial
entry in section header table. Otherwise, the sh_size member of the initial
entry in the section header table holds the value zero."
Since this check wasn't being made, the function get_shnum() is being added to
make this check and use whichever member doesn't have a value of zero. If both
are zero, then we must return an error. We also need to make sure that e_shnum
doesn't have a value greater than or equal to SHN_LORESERVE and sh_size isn't
less than SHN_LORESERVE.
Note that it may look as though the argument *arch isn't being used, it's
actually required in order to use the macros grub_target_to_host*(x) which are
unwinded to grub_target_to_host*_real(arch, (x)) based on defines earlier in
the file.
Fixes: CID 314021 Fixes: CID 314027 Fixes: CID 314033 Signed-off-by: Alec Brown <alec.r.brown@oracle.com> Reviewed-by: Darren Kenny <darren.kenny@oracle.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Alec Brown [Thu, 3 Feb 2022 00:26:57 +0000 (19:26 -0500)]
util/grub-module-verifierXX: Add function to calculate section headers
Added the function get_shdr() which returns the section header at a given index
parameter passed into this function. This helps traverse the section header
table and reduces repeated calls to lengthy equations used to obtain section
headers.
Note that it may look as though the argument *arch isn't being used, it's
actually required in order to use the macros grub_target_to_host*(x) which are
unwinded to grub_target_to_host*_real(arch, (x)) based on defines earlier in the
file.
Signed-off-by: Alec Brown <alec.r.brown@oracle.com> Reviewed-by: Darren Kenny <darren.kenny@oracle.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Alec Brown [Thu, 3 Feb 2022 00:08:21 +0000 (19:08 -0500)]
fs/affs: Fix resource leaks
In commit 178ac5107389 (affs: Fix memory leaks), fixes were made to
grub_affs_iterate_dir() to prevent memory leaks from occurring after it
returns without freeing node. However, there were still some instances
where node was causing a memory leak when the function returns after
calling grub_affs_create_node(). In this function, new memory is
allocated to node but doesn't get freed until the hook() function is
called near the end. Before hook() is called, node should be freed in
grub_affs_create_node() before returning out of it.
Fixes: 178ac5107389 (affs: Fix memory leaks) Fixes: CID 73759 Signed-off-by: Alec Brown <alec.r.brown@oracle.com> Reviewed-by: Darren Kenny <darren.kenny@oracle.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
As of version 2.38 binutils defaults to ISA specification version
2019-12-13. This version of the specification has has separated the
the csr read/write (csrr*/csrw*) instructions and the fence.i from
the I extension and put them into separate Zicsr and Zifencei
extensions.
This implies that we have to adjust the -march flag passed to the
compiler accordingly.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
The UEFI specification defines that the EFI_BOOT_SERVICES.Exit(() service may return
EFI_SUCCESS or EFI_INVALID_PARAMETER. So it cannot be __attribute__((noreturn)).
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Glenn Washburn [Thu, 13 Jan 2022 03:40:21 +0000 (21:40 -0600)]
Makefile: Only look for @MARKER@ at the start of a line when generating libgrub_a_init.lst
Under certain conditions libgrub.pp gets generated with a such that it
contains a bunch of CPP defines, at least one of which contains "@MARKER@".
This line should not be used when generating libgrub_a_init.lst, otherwise
we get compiler errors like:
libgrub_a_init.c:22:18: error: stray ‘#’ in program
22 | extern void grub_#define_init (void);
| ^
libgrub_a_init.c:22:19: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘define_init’
22 | extern void grub_#define_init (void);
| ^~~~~~~~~~~
libgrub_a_init.c:23:18: error: stray ‘#’ in program
23 | extern void grub_#define_fini (void);
| ^
libgrub_a_init.c:23:19: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘define_fini’
23 | extern void grub_#define_fini (void);
| ^~~~~~~~~~~
...
When generating libgrub_a_init.lst only lines starting with "@MARKER@"
are desired.
Signed-off-by: Glenn Washburn <development@efficientek.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Glenn Washburn [Thu, 13 Jan 2022 03:40:20 +0000 (21:40 -0600)]
gentpl.py: Fix issue where sometimes marker files have CPP defines
When generating video.lst, modules whose marker file contains the string
VIDEO_LIST_MARKER are selected. But when the marker file contains the CPP
defines, one of the defines is VIDEO_LIST_MARKER and is present in all
marker files, so they are all selected. By removing the defines, the correct
modules are selected.
Signed-off-by: Glenn Washburn <development@efficientek.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Glenn Washburn [Thu, 13 Jan 2022 02:55:01 +0000 (20:55 -0600)]
util/resolve: Bail with error if moddep.lst file line is too long
The code reads each line into a buffer of size 1024 and does not check if
the line is longer. So a line longer than 1024 will be read as a valid line
followed by an invalid line. Then an error confusing to the user is sent
with the test "invalid line format". But the line format is perfectly fine,
the problem is in GRUB's parser. Check if we've hit a line longer than the
size of the buffer, and if so send a more correct and reasonable error.
Signed-off-by: Glenn Washburn <development@efficientek.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Glenn Washburn [Thu, 13 Jan 2022 02:55:00 +0000 (20:55 -0600)]
util/resolve: Do not read past the end of the array in read_dep_list()
If the last non-NULL byte of "buf" is not a white-space character (such as
when a read line is longer than the size of "buf"), then "p" will eventually
point to the byte after the last byte in "buf". After which "p" will be
dereferenced in the while conditional leading to an out of bounds read. Make
sure that "p" is inside "buf" before dereferencing it.
Signed-off-by: Glenn Washburn <development@efficientek.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Glenn Washburn [Sun, 2 Jan 2022 05:02:59 +0000 (23:02 -0600)]
kern/misc: Allow selective disabling of debug facility names
Sometimes you only know which debug logging facility names you want to
turn off, not necessarily all the ones you want enabled. This patch allows
the debug string to contain facility names in the $debug variable which are
prefixed with a "-" to disable debug log messages for that conditional. Say
you want all debug logging on except for btrfs and scripting, then do:
"set debug=all,-btrfs,-scripting"
Note, that only the last occurrence of the facility name with or without a
leading "-" is considered. So simply appending ",-facilityname" to the
$debug variable will disable that conditional. To illustrate, the command
"set debug=all,-btrfs,-scripting,btrfs" will enable btrfs.
Also, add documentation explaining this new behavior.
Signed-off-by: Glenn Washburn <development@efficientek.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Here the "dev" variable can point to a freed cryptodisk device if the
function grub_cryptodisk_insert() fails. This can happen only on a OOM
condition, but when this happens grub_cryptodisk_insert() calls grub_free on
the passed device. Since grub_cryptodisk_scan_device_real() assumes that
grub_cryptodisk_insert() is always successful, it will return the device,
though the device was freed.
Change grub_cryptodisk_insert() to not free the passed device on failure.
Then on grub_cryptodisk_insert() failure, free the device pointer. This is
done by going to the label "error", which will call cryptodisk_close() to
free the device and set the device pointer to NULL, so that a pointer to
freed memory is not returned.
Daniel Axtens [Wed, 24 Nov 2021 15:22:47 +0000 (02:22 +1100)]
mm: grub_real_malloc(): Make small allocs comment match code
Small allocations move the region's *first pointer. The comment
says that this happens for allocations under 64K. The code says
it's for allocations under 32K. Commit 45bf8b3a7549 changed the
code intentionally: make the comment match.
Fixes: 45bf8b3a7549 (* grub-core/kern/mm.c (grub_real_malloc): Decrease cut-off of moving the) Signed-off-by: Daniel Axtens <dja@axtens.net> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Daniel Axtens [Wed, 24 Nov 2021 15:22:46 +0000 (02:22 +1100)]
mm: Clarify grub_real_malloc()
When iterating through the singly linked list of free blocks,
grub_real_malloc() uses p and q for the current and previous blocks
respectively. This isn't super clear, so swap to using prev and cur.
This makes another quirk more obvious. The comment at the top of
grub_real_malloc() might lead you to believe that the function will
allocate from *first if there is space in that block.
It actually doesn't do that, and it can't do that with the current
data structures. If we used up all of *first, we would need to change
the ->next of the previous block to point to *first->next, but we
can't do that because it's a singly linked list and we don't have
access to *first's previous block.
What grub_real_malloc() actually does is set *first to the initial
previous block, and *first->next is the block we try to allocate
from. That allows us to keep all the data structures consistent.
Document that.
Signed-off-by: Daniel Axtens <dja@axtens.net> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Michael Chang [Mon, 13 Dec 2021 06:25:49 +0000 (14:25 +0800)]
fs/btrfs: Use full btrfs bootloader area
Up to now GRUB can only embed to the first 64 KiB before primary
superblock of btrfs, effectively limiting the GRUB core size. That
could consequently pose restrictions to feature enablement like
advanced zstd compression.
This patch attempts to utilize full unused area reserved by btrfs for
the bootloader outlined in the document [1]:
The first 1MiB on each device is unused with the exception of primary
superblock that is on the offset 64KiB and spans 4KiB.
Apart from that, adjacent sectors to superblock and first block group
are not used for embedding in case of overflow and logged access to
adjacent sectors could be useful for tracing it up.
This patch has been tested to provide out of the box support for btrfs
zstd compression with which GRUB has been installed to the partition.
Glenn Washburn [Fri, 10 Dec 2021 08:41:44 +0000 (02:41 -0600)]
tests: Refactor building xorriso command for iso9660 tests
The iso9660 tests test creating isos with different combinations of
Joliet, Rock Ridge, and ISO 9660 conformance level. Refactor xorriso
argument generation for more readability and extensibility.
Signed-off-by: Glenn Washburn <development@efficientek.com> Reviewed-by: Thomas Schmitt <scdbackup@gmx.net> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Glenn Washburn [Thu, 9 Dec 2021 17:14:58 +0000 (11:14 -0600)]
cryptodisk: Improve handling of partition name in cryptomount password prompt
Call grub_partition_get_name() unconditionally to initialize the part
variable. Then part will only be NULL when grub_partition_get_name() errors.
Note that when source->partition is NULL, then grub_partition_get_name()
returns an allocated empty string. So no comma or partition will be printed,
as desired.
Signed-off-by: Glenn Washburn <development@efficientek.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Glenn Washburn [Thu, 9 Dec 2021 17:14:57 +0000 (11:14 -0600)]
cryptodisk: Move global variables into grub_cryptomount_args struct
Note that cargs.search_uuid does not need to be initialized in various parts
of the cryptomount argument parsing, just once when cargs is declared with
a struct initializer. The previous code used a global variable which would
retain the value across cryptomount invocations.
Signed-off-by: Glenn Washburn <development@efficientek.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Glenn Washburn [Thu, 9 Dec 2021 17:14:56 +0000 (11:14 -0600)]
cryptodisk: Refactor password input out of crypto dev modules into cryptodisk
The crypto device modules should only be setting up the crypto devices and
not getting user input. This has the added benefit of simplifying the code
such that three essentially duplicate pieces of code are merged into one.
Add documentation of passphrase option for cryptomount as it is now usable.
Signed-off-by: Glenn Washburn <development@efficientek.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Glenn Washburn [Thu, 9 Dec 2021 17:14:55 +0000 (11:14 -0600)]
cryptodisk: Add infrastructure to pass data from cryptomount to cryptodisk modules
Previously, the cryptomount arguments were passed by global variable and
function call argument, neither of which are ideal. This change passes data
via a grub_cryptomount_args struct, which can be added to over time as
opposed to continually adding arguments to the cryptodisk scan and
recover_key.
As an example, passing a password as a cryptomount argument is implemented.
However, the backends are not implemented, so testing this will return a not
implemented error.
Also, add comments to cryptomount argument parsing to make it more obvious
which argument states are being handled.
Signed-off-by: Glenn Washburn <development@efficientek.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Glenn Washburn [Thu, 9 Dec 2021 17:14:54 +0000 (11:14 -0600)]
cryptodisk: Improve cryptomount -u error message
When a cryptmount is specified with a UUID, but no cryptodisk backends find
a disk with that UUID, return a more detailed message giving telling the
user that they might not have a needed cryptobackend module loaded.
Signed-off-by: Glenn Washburn <development@efficientek.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Glenn Washburn [Thu, 9 Dec 2021 17:14:53 +0000 (11:14 -0600)]
cryptodisk: Improve error messaging in cryptomount invocations
Update such that "cryptomount -u UUID" will not print two error messages
when an invalid passphrase is given and the most relevant error message
will be displayed.
Signed-off-by: Glenn Washburn <development@efficientek.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
projects / thirdparty / grub.git / log
