From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001

From: Daniel Axtens <dja@axtens.net>

Date: Thu, 21 Apr 2022 15:24:14 +1000

Subject: [PATCH] mm: Assert that we preserve header vs region alignment

grub_mm_region_init() does:

  h = (grub_mm_header_t) (r + 1);

where h is a grub_mm_header_t and r is a grub_mm_region_t.

Cells are supposed to be GRUB_MM_ALIGN aligned, but while grub_mm_dump

ensures this vs the region header, grub_mm_region_init() does not.

It's better to be explicit than implicit here: rather than changing

grub_mm_region_init() to ALIGN_UP(), require that the struct is

explicitly a multiple of the header size.

Signed-off-by: Daniel Axtens <dja@axtens.net>

Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>

Tested-by: Patrick Steinhardt <ps@pks.im>

(cherry picked from commit 1df8fe66c57087eb33bd6dc69f786ed124615aa7)

---

 include/grub/mm_private.h | 14 ++++++++++++++

 1 file changed, 14 insertions(+)

diff --git a/include/grub/mm_private.h b/include/grub/mm_private.h

index 203533cc3d..a688b92a83 100644

--- a/include/grub/mm_private.h

+++ b/include/grub/mm_private.h

@@ -20,6 +20,7 @@

 #define GRUB_MM_PRIVATE_H	1

 #include <grub/mm.h>

+#include <grub/misc.h>

 /* For context, see kern/mm.c */

@@ -89,4 +90,17 @@ typedef struct grub_mm_region

 extern grub_mm_region_t EXPORT_VAR (grub_mm_base);

 #endif

+static inline void

+grub_mm_size_sanity_check (void) {

+  /* Ensure we preserve alignment when doing h = (grub_mm_header_t) (r + 1). */

+  COMPILE_TIME_ASSERT ((sizeof (struct grub_mm_region) %

+		        sizeof (struct grub_mm_header)) == 0);

+

+  /*

+   * GRUB_MM_ALIGN is supposed to represent cell size, and a mm_header is

+   * supposed to be 1 cell.

+   */

+  COMPILE_TIME_ASSERT (sizeof (struct grub_mm_header) == GRUB_MM_ALIGN);

+}

+

 #endif