Blob Blame History Raw
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Daniel Kiper <daniel.kiper@oracle.com>
Date: Tue, 2 Oct 2018 18:49:26 +0200
Subject: [PATCH] dl: Add support for persistent modules

This type of modules cannot be unloaded. This is useful if a given
functionality, e.g. UEFI secure boot shim signature verification, should
not be disabled if it was enabled at some point in time. Somebody may
say that we can use standalone GRUB2 here. That is true. However, the
code is not so big nor complicated hence it make sense to support
modularized configs too.

Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com>
Reviewed-by: Ross Philipson <ross.philipson@oracle.com>
(cherry picked from commit ee7808e2197cbf5e8515d90ecbd81c9d0dd6fc15)
---
 grub-core/commands/minicmd.c |  3 +++
 include/grub/dl.h            | 13 +++++++++++++
 2 files changed, 16 insertions(+)

diff --git a/grub-core/commands/minicmd.c b/grub-core/commands/minicmd.c
index 46bf135e8..6d66b7c45 100644
--- a/grub-core/commands/minicmd.c
+++ b/grub-core/commands/minicmd.c
@@ -137,6 +137,9 @@ grub_mini_cmd_rmmod (struct grub_command *cmd __attribute__ ((unused)),
   if (! mod)
     return grub_error (GRUB_ERR_BAD_ARGUMENT, "no such module");
 
+  if (grub_dl_is_persistent (mod))
+    return grub_error (GRUB_ERR_BAD_ARGUMENT, "cannot unload persistent module");
+
   if (grub_dl_unref (mod) <= 0)
     grub_dl_unload (mod);
 
diff --git a/include/grub/dl.h b/include/grub/dl.h
index 7b5bfb07c..f7cfe6482 100644
--- a/include/grub/dl.h
+++ b/include/grub/dl.h
@@ -177,6 +177,7 @@ struct grub_dl
 {
   char *name;
   int ref_count;
+  int persistent;
   grub_dl_dep_t dep;
   grub_dl_segment_t segment;
   Elf_Sym *symtab;
@@ -242,6 +243,18 @@ grub_dl_get (const char *name)
   return 0;
 }
 
+static inline void
+grub_dl_set_persistent (grub_dl_t mod)
+{
+  mod->persistent = 1;
+}
+
+static inline int
+grub_dl_is_persistent (grub_dl_t mod)
+{
+  return mod->persistent;
+}
+
 #endif
 
 void * EXPORT_FUNC(grub_resolve_symbol) (const char *name);