From c294fc47ee864415dc5dc7a1dee66e9de1714fbf Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Jul 29 2020 17:15:26 +0000 Subject: import grub2-2.02-87.el8_2 --- diff --git a/SOURCES/0216-Disable-multiboot-multiboot2-and-linux16-modules-on-.patch b/SOURCES/0216-Disable-multiboot-multiboot2-and-linux16-modules-on-.patch deleted file mode 100644 index 9dccf5a..0000000 --- a/SOURCES/0216-Disable-multiboot-multiboot2-and-linux16-modules-on-.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Wed, 11 Jul 2018 13:48:48 -0400 -Subject: [PATCH] Disable multiboot, multiboot2, and linux16 modules on EFI - builds. - -Signed-off-by: Peter Jones ---- - grub-core/Makefile.core.def | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def -index aa44d66aca4..d3e3bfd4d7a 100644 ---- a/grub-core/Makefile.core.def -+++ b/grub-core/Makefile.core.def -@@ -1680,7 +1680,7 @@ module = { - - common = loader/multiboot.c; - common = loader/multiboot_mbi2.c; -- enable = x86; -+ enable = i386_pc; - enable = mips; - }; - -@@ -1689,7 +1689,7 @@ module = { - common = loader/multiboot.c; - x86 = loader/i386/multiboot_mbi.c; - extra_dist = loader/multiboot_elfxx.c; -- enable = x86; -+ enable = i386_pc; - }; - - module = { diff --git a/SOURCES/0216-Force-everything-to-use-python3.patch b/SOURCES/0216-Force-everything-to-use-python3.patch new file mode 100644 index 0000000..b4b0d74 --- /dev/null +++ b/SOURCES/0216-Force-everything-to-use-python3.patch @@ -0,0 +1,42 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Tue, 10 Jul 2018 16:54:02 -0400 +Subject: [PATCH] Force everything to use python3 + +But this still means you need to do PYTHON=python=3 ./autogen.sh if you +run the world's worst tooling before you patch. + +Signed-off-by: Peter Jones +--- + conf/Makefile.common | 4 ++-- + gentpl.py | 2 +- + 2 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/conf/Makefile.common b/conf/Makefile.common +index c75848f5c06..1ecb921db65 100644 +--- a/conf/Makefile.common ++++ b/conf/Makefile.common +@@ -128,11 +128,11 @@ BUILT_SOURCES = + + .PRECIOUS: $(top_srcdir)/Makefile.util.am + $(top_srcdir)/Makefile.util.am: $(top_srcdir)/gentpl.py $(top_srcdir)/Makefile.util.def $(top_srcdir)/Makefile.utilgcry.def +- python $^ > $@.new || (rm -f $@.new; exit 1) ++ python3 $^ > $@.new || (rm -f $@.new; exit 1) + mv $@.new $@ + + .PRECIOUS: $(top_srcdir)/grub-core/Makefile.core.am + $(top_srcdir)/grub-core/Makefile.core.am: $(top_srcdir)/gentpl.py $(top_srcdir)/grub-core/Makefile.core.def $(top_srcdir)/grub-core/Makefile.gcry.def + if [ "x$$GRUB_CONTRIB" != x ]; then echo "You need to run ./autogen.sh manually." >&2; exit 1; fi +- python $^ > $@.new || (rm -f $@.new; exit 1) ++ python3 $^ > $@.new || (rm -f $@.new; exit 1) + mv $@.new $@ +diff --git a/gentpl.py b/gentpl.py +index baac6a2af69..6409736e81c 100644 +--- a/gentpl.py ++++ b/gentpl.py +@@ -1,4 +1,4 @@ +-#! /usr/bin/python ++#! /usr/bin/env python3 + # GRUB -- GRand Unified Bootloader + # Copyright (C) 2010,2011,2012,2013 Free Software Foundation, Inc. + # diff --git a/SOURCES/0217-Fix-an-8-year-old-typo.patch b/SOURCES/0217-Fix-an-8-year-old-typo.patch new file mode 100644 index 0000000..642e46a --- /dev/null +++ b/SOURCES/0217-Fix-an-8-year-old-typo.patch @@ -0,0 +1,23 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Thu, 26 Jul 2018 14:54:44 -0400 +Subject: [PATCH] Fix an 8 year old typo. + +Signed-off-by: Peter Jones +--- + configure.ac | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/configure.ac b/configure.ac +index 5f47a9265f3..9ab683fefac 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -307,7 +307,7 @@ fi + + AC_SUBST(bootdirname) + AC_DEFINE_UNQUOTED(GRUB_BOOT_DIR_NAME, "$bootdirname", +- [Default boot directory name]") ++ [Default boot directory name]) + + AC_ARG_WITH([grubdir], + AS_HELP_STRING([--with-grubdir=DIR], diff --git a/SOURCES/0217-Force-everything-to-use-python3.patch b/SOURCES/0217-Force-everything-to-use-python3.patch deleted file mode 100644 index b4b0d74..0000000 --- a/SOURCES/0217-Force-everything-to-use-python3.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Tue, 10 Jul 2018 16:54:02 -0400 -Subject: [PATCH] Force everything to use python3 - -But this still means you need to do PYTHON=python=3 ./autogen.sh if you -run the world's worst tooling before you patch. - -Signed-off-by: Peter Jones ---- - conf/Makefile.common | 4 ++-- - gentpl.py | 2 +- - 2 files changed, 3 insertions(+), 3 deletions(-) - -diff --git a/conf/Makefile.common b/conf/Makefile.common -index c75848f5c06..1ecb921db65 100644 ---- a/conf/Makefile.common -+++ b/conf/Makefile.common -@@ -128,11 +128,11 @@ BUILT_SOURCES = - - .PRECIOUS: $(top_srcdir)/Makefile.util.am - $(top_srcdir)/Makefile.util.am: $(top_srcdir)/gentpl.py $(top_srcdir)/Makefile.util.def $(top_srcdir)/Makefile.utilgcry.def -- python $^ > $@.new || (rm -f $@.new; exit 1) -+ python3 $^ > $@.new || (rm -f $@.new; exit 1) - mv $@.new $@ - - .PRECIOUS: $(top_srcdir)/grub-core/Makefile.core.am - $(top_srcdir)/grub-core/Makefile.core.am: $(top_srcdir)/gentpl.py $(top_srcdir)/grub-core/Makefile.core.def $(top_srcdir)/grub-core/Makefile.gcry.def - if [ "x$$GRUB_CONTRIB" != x ]; then echo "You need to run ./autogen.sh manually." >&2; exit 1; fi -- python $^ > $@.new || (rm -f $@.new; exit 1) -+ python3 $^ > $@.new || (rm -f $@.new; exit 1) - mv $@.new $@ -diff --git a/gentpl.py b/gentpl.py -index baac6a2af69..6409736e81c 100644 ---- a/gentpl.py -+++ b/gentpl.py -@@ -1,4 +1,4 @@ --#! /usr/bin/python -+#! /usr/bin/env python3 - # GRUB -- GRand Unified Bootloader - # Copyright (C) 2010,2011,2012,2013 Free Software Foundation, Inc. - # diff --git a/SOURCES/0218-Fix-an-8-year-old-typo.patch b/SOURCES/0218-Fix-an-8-year-old-typo.patch deleted file mode 100644 index 642e46a..0000000 --- a/SOURCES/0218-Fix-an-8-year-old-typo.patch +++ /dev/null @@ -1,23 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Thu, 26 Jul 2018 14:54:44 -0400 -Subject: [PATCH] Fix an 8 year old typo. - -Signed-off-by: Peter Jones ---- - configure.ac | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/configure.ac b/configure.ac -index 5f47a9265f3..9ab683fefac 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -307,7 +307,7 @@ fi - - AC_SUBST(bootdirname) - AC_DEFINE_UNQUOTED(GRUB_BOOT_DIR_NAME, "$bootdirname", -- [Default boot directory name]") -+ [Default boot directory name]) - - AC_ARG_WITH([grubdir], - AS_HELP_STRING([--with-grubdir=DIR], diff --git a/SOURCES/0218-autogen-don-t-run-autoreconf-in-the-topdir.patch b/SOURCES/0218-autogen-don-t-run-autoreconf-in-the-topdir.patch new file mode 100644 index 0000000..e5b7c33 --- /dev/null +++ b/SOURCES/0218-autogen-don-t-run-autoreconf-in-the-topdir.patch @@ -0,0 +1,21 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Thu, 26 Jul 2018 15:47:48 -0400 +Subject: [PATCH] autogen: don't run autoreconf in the topdir + +Signed-off-by: Peter Jones +--- + autogen.sh | 2 -- + 1 file changed, 2 deletions(-) + +diff --git a/autogen.sh b/autogen.sh +index 7537561ad0d..f608b9467a0 100755 +--- a/autogen.sh ++++ b/autogen.sh +@@ -82,6 +82,4 @@ done + echo "Saving timestamps..." + echo timestamp > stamp-h.in + +-echo "Running autoreconf..." +-autoreconf -vi + exit 0 diff --git a/SOURCES/0219-Make-it-so-we-can-tell-configure-which-cflags-utils-.patch b/SOURCES/0219-Make-it-so-we-can-tell-configure-which-cflags-utils-.patch new file mode 100644 index 0000000..292e565 --- /dev/null +++ b/SOURCES/0219-Make-it-so-we-can-tell-configure-which-cflags-utils-.patch @@ -0,0 +1,149 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Tue, 26 Jun 2018 17:16:06 -0400 +Subject: [PATCH] Make it so we can tell configure which cflags utils are built + with + +This lets us have kernel.img be built with TARGET_CFLAGS but grub-mkimage and +friends built with HOST_CFLAGS. That in turn lets us build with an ARM compiler +that only has hard-float ABI versions of crt*.o and libgcc*, but still use soft +float for grub.efi. + +Signed-off-by: Peter Jones +--- + configure.ac | 49 ++++++++++++++++++++++++++++++++++++++++++++++++- + conf/Makefile.common | 23 ++++++++++++----------- + gentpl.py | 8 ++++---- + 3 files changed, 64 insertions(+), 16 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 9ab683fefac..819212095ff 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -850,11 +850,23 @@ if ( test "x$target_cpu" = xi386 || test "x$target_cpu" = xx86_64 ) && test "x$p + TARGET_CFLAGS="$TARGET_CFLAGS -mno-mmx -mno-sse -mno-sse2 -mno-sse3 -mno-3dnow" + fi + ++# Should grub utils get the host CFLAGS, or the target CFLAGS? ++AC_ARG_WITH([utils], ++ AS_HELP_STRING([--with-utils=host|target|build], ++ [choose which flags to build utilities with. (default=target)]), ++ [have_with_utils=y], ++ [have_with_utils=n]) ++if test x"$have_with_utils" = xy ; then ++ with_utils="$withval" ++else ++ with_utils=target ++fi ++ + # GRUB doesn't use float or doubles at all. Yet some toolchains may decide + # that floats are a good fit to run instead of what's written in the code. + # Given that floating point unit is disabled (if present to begin with) + # when GRUB is running which may result in various hard crashes. +-if test x"$platform" != xemu ; then ++if test x"$platform" != xemu -a x"$with_utils" == xtarget ; then + AC_CACHE_CHECK([for options to get soft-float], grub_cv_target_cc_soft_float, [ + grub_cv_target_cc_soft_float=no + if test "x$target_cpu" = xarm64; then +@@ -1939,6 +1951,41 @@ HOST_CPPFLAGS="$HOST_CPPFLAGS -I\$(top_builddir)/include" + TARGET_CPPFLAGS="$TARGET_CPPFLAGS -I\$(top_srcdir)/include" + TARGET_CPPFLAGS="$TARGET_CPPFLAGS -I\$(top_builddir)/include" + ++case "$with_utils" in ++ host) ++ UTILS_CFLAGS=$HOST_CFLAGS ++ UTILS_CPPFLAGS=$HOST_CPPFLAGS ++ UTILS_CCASFLAGS=$HOST_CCASFLAGS ++ UTILS_LDFLAGS=$HOST_LDFLAGS ++ ;; ++ target) ++ UTILS_CFLAGS=$TARGET_CFLAGS ++ UTILS_CPPFLAGS=$TARGET_CPPFLAGS ++ UTILS_CCASFLAGS=$TARGET_CCASFLAGS ++ UTILS_LDFLAGS=$TARGET_LDFLAGS ++ ;; ++ build) ++ UTILS_CFLAGS=$BUILD_CFLAGS ++ UTILS_CPPFLAGS=$BUILD_CPPFLAGS ++ UTILS_CCASFLAGS=$BUILD_CCASFLAGS ++ UTILS_LDFLAGS=$BUILD_LDFLAGS ++ ;; ++ *) ++ AC_MSG_ERROR([--with-utils must be either host, target, or build]) ++ ;; ++esac ++AC_MSG_NOTICE([Using $with_utils flags for utilities.]) ++ ++unset CFLAGS ++unset CPPFLAGS ++unset CCASFLAGS ++unset LDFLAGS ++ ++AC_SUBST(UTILS_CFLAGS) ++AC_SUBST(UTILS_CPPFLAGS) ++AC_SUBST(UTILS_CCASFLAGS) ++AC_SUBST(UTILS_LDFLAGS) ++ + GRUB_TARGET_CPU="${target_cpu}" + GRUB_PLATFORM="${platform}" + +diff --git a/conf/Makefile.common b/conf/Makefile.common +index 1ecb921db65..b93879804c0 100644 +--- a/conf/Makefile.common ++++ b/conf/Makefile.common +@@ -40,24 +40,25 @@ CPPFLAGS_KERNEL = $(CPPFLAGS_CPU) $(CPPFLAGS_PLATFORM) -DGRUB_KERNEL=1 + CCASFLAGS_KERNEL = $(CCASFLAGS_CPU) $(CCASFLAGS_PLATFORM) + STRIPFLAGS_KERNEL = -R .eh_frame -R .rel.dyn -R .reginfo -R .note -R .comment -R .drectve -R .note.gnu.gold-version -R .MIPS.abiflags -R .ARM.exidx -R .note.gnu.property -R .gnu.build.attributes + +-CFLAGS_MODULE = $(CFLAGS_PLATFORM) -ffreestanding +-LDFLAGS_MODULE = $(LDFLAGS_PLATFORM) -nostdlib $(TARGET_LDFLAGS_OLDMAGIC) -Wl,-r,-d +-CPPFLAGS_MODULE = $(CPPFLAGS_CPU) $(CPPFLAGS_PLATFORM) +-CCASFLAGS_MODULE = $(CCASFLAGS_CPU) $(CCASFLAGS_PLATFORM) ++CFLAGS_MODULE = $(TARGET_CFLAGS) $(CFLAGS_PLATFORM) -ffreestanding ++LDFLAGS_MODULE = $(TARGET_LDFLAGS) $(LDFLAGS_PLATFORM) -nostdlib $(TARGET_LDFLAGS_OLDMAGIC) -Wl,-r,-d ++CPPFLAGS_MODULE = $(TARGET_CPPFLAGS) $(CPPFLAGS_DEFAULT) $(CPPFLAGS_CPU) $(CPPFLAGS_PLATFORM) ++CCASFLAGS_MODULE = $(TARGET_CCASFLAGS) $(CCASFLAGS_DEFAULT) $(CCASFLAGS_CPU) $(CCASFLAGS_PLATFORM) + + CFLAGS_IMAGE = $(CFLAGS_PLATFORM) -fno-builtin + LDFLAGS_IMAGE = $(LDFLAGS_PLATFORM) -nostdlib $(TARGET_LDFLAGS_OLDMAGIC) -Wl,-S + CPPFLAGS_IMAGE = $(CPPFLAGS_CPU) $(CPPFLAGS_PLATFORM) + CCASFLAGS_IMAGE = $(CCASFLAGS_CPU) $(CCASFLAGS_PLATFORM) + +-CFLAGS_PROGRAM = +-LDFLAGS_PROGRAM = +-CPPFLAGS_PROGRAM = +-CCASFLAGS_PROGRAM = ++CFLAGS_PROGRAM = $(UTILS_CFLAGS) ++LDFLAGS_PROGRAM = $(UTILS_LDFLAGS) ++CPPFLAGS_PROGRAM = $(UTILS_CPPFLAGS) ++CCASFLAGS_PROGRAM = $(UTILS_CCASFLAGS) + +-CFLAGS_LIBRARY = +-CPPFLAGS_LIBRARY = +-CCASFLAGS_LIBRARY = ++CFLAGS_LIBRARY = $(UTILS_CFLAGS) ++LDFLAGS_LIBRARY = $(UTILS_LDFLAGS) ++CPPFLAGS_LIBRARY = $(UTILS_CPPFLAGS) ++CCASFLAGS_LIBRARY = $(UTILS_CCASFLAGS) + + # Other variables + +diff --git a/gentpl.py b/gentpl.py +index 6409736e81c..1e4635f4426 100644 +--- a/gentpl.py ++++ b/gentpl.py +@@ -694,10 +694,10 @@ def module(defn, platform): + var_set(cname(defn) + "_SOURCES", platform_sources(defn, platform) + " ## platform sources") + var_set("nodist_" + cname(defn) + "_SOURCES", platform_nodist_sources(defn, platform) + " ## platform nodist sources") + var_set(cname(defn) + "_LDADD", platform_ldadd(defn, platform)) +- var_set(cname(defn) + "_CFLAGS", "$(AM_CFLAGS) $(CFLAGS_MODULE) " + platform_cflags(defn, platform)) +- var_set(cname(defn) + "_LDFLAGS", "$(AM_LDFLAGS) $(LDFLAGS_MODULE) " + platform_ldflags(defn, platform)) +- var_set(cname(defn) + "_CPPFLAGS", "$(AM_CPPFLAGS) $(CPPFLAGS_MODULE) " + platform_cppflags(defn, platform)) +- var_set(cname(defn) + "_CCASFLAGS", "$(AM_CCASFLAGS) $(CCASFLAGS_MODULE) " + platform_ccasflags(defn, platform)) ++ var_set(cname(defn) + "_CFLAGS", "$(CFLAGS_MODULE) " + platform_cflags(defn, platform)) ++ var_set(cname(defn) + "_LDFLAGS", "$(LDFLAGS_MODULE) " + platform_ldflags(defn, platform)) ++ var_set(cname(defn) + "_CPPFLAGS", "$(CPPFLAGS_MODULE) " + platform_cppflags(defn, platform)) ++ var_set(cname(defn) + "_CCASFLAGS", "$(CCASFLAGS_MODULE) " + platform_ccasflags(defn, platform)) + var_set(cname(defn) + "_DEPENDENCIES", "$(TARGET_OBJ2ELF) " + platform_dependencies(defn, platform)) + + gvar_add("dist_noinst_DATA", extra_dist(defn)) diff --git a/SOURCES/0219-autogen-don-t-run-autoreconf-in-the-topdir.patch b/SOURCES/0219-autogen-don-t-run-autoreconf-in-the-topdir.patch deleted file mode 100644 index e5b7c33..0000000 --- a/SOURCES/0219-autogen-don-t-run-autoreconf-in-the-topdir.patch +++ /dev/null @@ -1,21 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Thu, 26 Jul 2018 15:47:48 -0400 -Subject: [PATCH] autogen: don't run autoreconf in the topdir - -Signed-off-by: Peter Jones ---- - autogen.sh | 2 -- - 1 file changed, 2 deletions(-) - -diff --git a/autogen.sh b/autogen.sh -index 7537561ad0d..f608b9467a0 100755 ---- a/autogen.sh -+++ b/autogen.sh -@@ -82,6 +82,4 @@ done - echo "Saving timestamps..." - echo timestamp > stamp-h.in - --echo "Running autoreconf..." --autoreconf -vi - exit 0 diff --git a/SOURCES/0220-Make-it-so-we-can-tell-configure-which-cflags-utils-.patch b/SOURCES/0220-Make-it-so-we-can-tell-configure-which-cflags-utils-.patch deleted file mode 100644 index 292e565..0000000 --- a/SOURCES/0220-Make-it-so-we-can-tell-configure-which-cflags-utils-.patch +++ /dev/null @@ -1,149 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Tue, 26 Jun 2018 17:16:06 -0400 -Subject: [PATCH] Make it so we can tell configure which cflags utils are built - with - -This lets us have kernel.img be built with TARGET_CFLAGS but grub-mkimage and -friends built with HOST_CFLAGS. That in turn lets us build with an ARM compiler -that only has hard-float ABI versions of crt*.o and libgcc*, but still use soft -float for grub.efi. - -Signed-off-by: Peter Jones ---- - configure.ac | 49 ++++++++++++++++++++++++++++++++++++++++++++++++- - conf/Makefile.common | 23 ++++++++++++----------- - gentpl.py | 8 ++++---- - 3 files changed, 64 insertions(+), 16 deletions(-) - -diff --git a/configure.ac b/configure.ac -index 9ab683fefac..819212095ff 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -850,11 +850,23 @@ if ( test "x$target_cpu" = xi386 || test "x$target_cpu" = xx86_64 ) && test "x$p - TARGET_CFLAGS="$TARGET_CFLAGS -mno-mmx -mno-sse -mno-sse2 -mno-sse3 -mno-3dnow" - fi - -+# Should grub utils get the host CFLAGS, or the target CFLAGS? -+AC_ARG_WITH([utils], -+ AS_HELP_STRING([--with-utils=host|target|build], -+ [choose which flags to build utilities with. (default=target)]), -+ [have_with_utils=y], -+ [have_with_utils=n]) -+if test x"$have_with_utils" = xy ; then -+ with_utils="$withval" -+else -+ with_utils=target -+fi -+ - # GRUB doesn't use float or doubles at all. Yet some toolchains may decide - # that floats are a good fit to run instead of what's written in the code. - # Given that floating point unit is disabled (if present to begin with) - # when GRUB is running which may result in various hard crashes. --if test x"$platform" != xemu ; then -+if test x"$platform" != xemu -a x"$with_utils" == xtarget ; then - AC_CACHE_CHECK([for options to get soft-float], grub_cv_target_cc_soft_float, [ - grub_cv_target_cc_soft_float=no - if test "x$target_cpu" = xarm64; then -@@ -1939,6 +1951,41 @@ HOST_CPPFLAGS="$HOST_CPPFLAGS -I\$(top_builddir)/include" - TARGET_CPPFLAGS="$TARGET_CPPFLAGS -I\$(top_srcdir)/include" - TARGET_CPPFLAGS="$TARGET_CPPFLAGS -I\$(top_builddir)/include" - -+case "$with_utils" in -+ host) -+ UTILS_CFLAGS=$HOST_CFLAGS -+ UTILS_CPPFLAGS=$HOST_CPPFLAGS -+ UTILS_CCASFLAGS=$HOST_CCASFLAGS -+ UTILS_LDFLAGS=$HOST_LDFLAGS -+ ;; -+ target) -+ UTILS_CFLAGS=$TARGET_CFLAGS -+ UTILS_CPPFLAGS=$TARGET_CPPFLAGS -+ UTILS_CCASFLAGS=$TARGET_CCASFLAGS -+ UTILS_LDFLAGS=$TARGET_LDFLAGS -+ ;; -+ build) -+ UTILS_CFLAGS=$BUILD_CFLAGS -+ UTILS_CPPFLAGS=$BUILD_CPPFLAGS -+ UTILS_CCASFLAGS=$BUILD_CCASFLAGS -+ UTILS_LDFLAGS=$BUILD_LDFLAGS -+ ;; -+ *) -+ AC_MSG_ERROR([--with-utils must be either host, target, or build]) -+ ;; -+esac -+AC_MSG_NOTICE([Using $with_utils flags for utilities.]) -+ -+unset CFLAGS -+unset CPPFLAGS -+unset CCASFLAGS -+unset LDFLAGS -+ -+AC_SUBST(UTILS_CFLAGS) -+AC_SUBST(UTILS_CPPFLAGS) -+AC_SUBST(UTILS_CCASFLAGS) -+AC_SUBST(UTILS_LDFLAGS) -+ - GRUB_TARGET_CPU="${target_cpu}" - GRUB_PLATFORM="${platform}" - -diff --git a/conf/Makefile.common b/conf/Makefile.common -index 1ecb921db65..b93879804c0 100644 ---- a/conf/Makefile.common -+++ b/conf/Makefile.common -@@ -40,24 +40,25 @@ CPPFLAGS_KERNEL = $(CPPFLAGS_CPU) $(CPPFLAGS_PLATFORM) -DGRUB_KERNEL=1 - CCASFLAGS_KERNEL = $(CCASFLAGS_CPU) $(CCASFLAGS_PLATFORM) - STRIPFLAGS_KERNEL = -R .eh_frame -R .rel.dyn -R .reginfo -R .note -R .comment -R .drectve -R .note.gnu.gold-version -R .MIPS.abiflags -R .ARM.exidx -R .note.gnu.property -R .gnu.build.attributes - --CFLAGS_MODULE = $(CFLAGS_PLATFORM) -ffreestanding --LDFLAGS_MODULE = $(LDFLAGS_PLATFORM) -nostdlib $(TARGET_LDFLAGS_OLDMAGIC) -Wl,-r,-d --CPPFLAGS_MODULE = $(CPPFLAGS_CPU) $(CPPFLAGS_PLATFORM) --CCASFLAGS_MODULE = $(CCASFLAGS_CPU) $(CCASFLAGS_PLATFORM) -+CFLAGS_MODULE = $(TARGET_CFLAGS) $(CFLAGS_PLATFORM) -ffreestanding -+LDFLAGS_MODULE = $(TARGET_LDFLAGS) $(LDFLAGS_PLATFORM) -nostdlib $(TARGET_LDFLAGS_OLDMAGIC) -Wl,-r,-d -+CPPFLAGS_MODULE = $(TARGET_CPPFLAGS) $(CPPFLAGS_DEFAULT) $(CPPFLAGS_CPU) $(CPPFLAGS_PLATFORM) -+CCASFLAGS_MODULE = $(TARGET_CCASFLAGS) $(CCASFLAGS_DEFAULT) $(CCASFLAGS_CPU) $(CCASFLAGS_PLATFORM) - - CFLAGS_IMAGE = $(CFLAGS_PLATFORM) -fno-builtin - LDFLAGS_IMAGE = $(LDFLAGS_PLATFORM) -nostdlib $(TARGET_LDFLAGS_OLDMAGIC) -Wl,-S - CPPFLAGS_IMAGE = $(CPPFLAGS_CPU) $(CPPFLAGS_PLATFORM) - CCASFLAGS_IMAGE = $(CCASFLAGS_CPU) $(CCASFLAGS_PLATFORM) - --CFLAGS_PROGRAM = --LDFLAGS_PROGRAM = --CPPFLAGS_PROGRAM = --CCASFLAGS_PROGRAM = -+CFLAGS_PROGRAM = $(UTILS_CFLAGS) -+LDFLAGS_PROGRAM = $(UTILS_LDFLAGS) -+CPPFLAGS_PROGRAM = $(UTILS_CPPFLAGS) -+CCASFLAGS_PROGRAM = $(UTILS_CCASFLAGS) - --CFLAGS_LIBRARY = --CPPFLAGS_LIBRARY = --CCASFLAGS_LIBRARY = -+CFLAGS_LIBRARY = $(UTILS_CFLAGS) -+LDFLAGS_LIBRARY = $(UTILS_LDFLAGS) -+CPPFLAGS_LIBRARY = $(UTILS_CPPFLAGS) -+CCASFLAGS_LIBRARY = $(UTILS_CCASFLAGS) - - # Other variables - -diff --git a/gentpl.py b/gentpl.py -index 6409736e81c..1e4635f4426 100644 ---- a/gentpl.py -+++ b/gentpl.py -@@ -694,10 +694,10 @@ def module(defn, platform): - var_set(cname(defn) + "_SOURCES", platform_sources(defn, platform) + " ## platform sources") - var_set("nodist_" + cname(defn) + "_SOURCES", platform_nodist_sources(defn, platform) + " ## platform nodist sources") - var_set(cname(defn) + "_LDADD", platform_ldadd(defn, platform)) -- var_set(cname(defn) + "_CFLAGS", "$(AM_CFLAGS) $(CFLAGS_MODULE) " + platform_cflags(defn, platform)) -- var_set(cname(defn) + "_LDFLAGS", "$(AM_LDFLAGS) $(LDFLAGS_MODULE) " + platform_ldflags(defn, platform)) -- var_set(cname(defn) + "_CPPFLAGS", "$(AM_CPPFLAGS) $(CPPFLAGS_MODULE) " + platform_cppflags(defn, platform)) -- var_set(cname(defn) + "_CCASFLAGS", "$(AM_CCASFLAGS) $(CCASFLAGS_MODULE) " + platform_ccasflags(defn, platform)) -+ var_set(cname(defn) + "_CFLAGS", "$(CFLAGS_MODULE) " + platform_cflags(defn, platform)) -+ var_set(cname(defn) + "_LDFLAGS", "$(LDFLAGS_MODULE) " + platform_ldflags(defn, platform)) -+ var_set(cname(defn) + "_CPPFLAGS", "$(CPPFLAGS_MODULE) " + platform_cppflags(defn, platform)) -+ var_set(cname(defn) + "_CCASFLAGS", "$(CCASFLAGS_MODULE) " + platform_ccasflags(defn, platform)) - var_set(cname(defn) + "_DEPENDENCIES", "$(TARGET_OBJ2ELF) " + platform_dependencies(defn, platform)) - - gvar_add("dist_noinst_DATA", extra_dist(defn)) diff --git a/SOURCES/0220-module-verifier-make-it-possible-to-run-checkers-on-.patch b/SOURCES/0220-module-verifier-make-it-possible-to-run-checkers-on-.patch new file mode 100644 index 0000000..0bdfca1 --- /dev/null +++ b/SOURCES/0220-module-verifier-make-it-possible-to-run-checkers-on-.patch @@ -0,0 +1,58 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Wed, 1 Aug 2018 10:24:52 -0400 +Subject: [PATCH] module-verifier: make it possible to run checkers on + grub-module-verifierxx.c + +This makes it so you can treat grub-module-verifierxx.c as a file you can +build directly, so syntax checkers like vim's "syntastic" plugin, which uses +"gcc -x c -fsyntax-only" to build it, will work. + +One still has to do whatever setup is required to make it pick the right +include dirs, which -W options we use, etc., but this makes it so you can do +the checking on the file you're editing, rather than on a different file. + +v2: fix the typo in the #else clause in util/grub-module-verifierXX.c + +Signed-off-by: Peter Jones +--- + util/grub-module-verifier32.c | 2 ++ + util/grub-module-verifier64.c | 2 ++ + util/grub-module-verifierXX.c | 9 +++++++++ + 3 files changed, 13 insertions(+) + +diff --git a/util/grub-module-verifier32.c b/util/grub-module-verifier32.c +index 257229f8f08..ba7d41aafea 100644 +--- a/util/grub-module-verifier32.c ++++ b/util/grub-module-verifier32.c +@@ -1,2 +1,4 @@ + #define MODULEVERIFIER_ELF32 1 ++#ifndef GRUB_MODULE_VERIFIERXX + #include "grub-module-verifierXX.c" ++#endif +diff --git a/util/grub-module-verifier64.c b/util/grub-module-verifier64.c +index 4db6b4bedd1..fc23ef800b3 100644 +--- a/util/grub-module-verifier64.c ++++ b/util/grub-module-verifier64.c +@@ -1,2 +1,4 @@ + #define MODULEVERIFIER_ELF64 1 ++#ifndef GRUB_MODULE_VERIFIERXX + #include "grub-module-verifierXX.c" ++#endif +diff --git a/util/grub-module-verifierXX.c b/util/grub-module-verifierXX.c +index 1feaafc9b9e..597ded14362 100644 +--- a/util/grub-module-verifierXX.c ++++ b/util/grub-module-verifierXX.c +@@ -1,3 +1,12 @@ ++#define GRUB_MODULE_VERIFIERXX ++#if !defined(MODULEVERIFIER_ELF32) && !defined(MODULEVERIFIER_ELF64) ++#if __SIZEOF_POINTER__ == 8 ++#include "grub-module-verifier64.c" ++#else ++#include "grub-module-verifier32.c" ++#endif ++#endif ++ + #include + + #include diff --git a/SOURCES/0221-grub-module-verifier-report-the-filename-or-modname-.patch b/SOURCES/0221-grub-module-verifier-report-the-filename-or-modname-.patch new file mode 100644 index 0000000..c27d065 --- /dev/null +++ b/SOURCES/0221-grub-module-verifier-report-the-filename-or-modname-.patch @@ -0,0 +1,250 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Wed, 1 Aug 2018 10:12:47 -0400 +Subject: [PATCH] grub-module-verifier: report the filename or modname in + errors. + +Make it so that when grub-module-verifier complains of an issue, it tells you +which module the issue was with. + +Signed-off-by: Peter Jones +--- + util/grub-module-verifier.c | 6 ++--- + util/grub-module-verifierXX.c | 58 ++++++++++++++++++++++-------------------- + include/grub/module_verifier.h | 4 +-- + 3 files changed, 36 insertions(+), 32 deletions(-) + +diff --git a/util/grub-module-verifier.c b/util/grub-module-verifier.c +index a79271f6631..03ba1ab437a 100644 +--- a/util/grub-module-verifier.c ++++ b/util/grub-module-verifier.c +@@ -157,7 +157,7 @@ main (int argc, char **argv) + if (strcmp(archs[arch].name, argv[2]) == 0) + break; + if (arch == ARRAY_SIZE(archs)) +- grub_util_error("unknown arch: %s", argv[2]); ++ grub_util_error("%s: unknown arch: %s", argv[1], argv[2]); + + for (whitelist = 0; whitelist < ARRAY_SIZE(whitelists); whitelist++) + if (strcmp(whitelists[whitelist].arch, argv[2]) == 0 +@@ -169,8 +169,8 @@ main (int argc, char **argv) + module_size = grub_util_get_image_size (argv[1]); + module_img = grub_util_read_image (argv[1]); + if (archs[arch].voidp_sizeof == 8) +- grub_module_verify64(module_img, module_size, &archs[arch], whitelist_empty); ++ grub_module_verify64(argv[1], module_img, module_size, &archs[arch], whitelist_empty); + else +- grub_module_verify32(module_img, module_size, &archs[arch], whitelist_empty); ++ grub_module_verify32(argv[1], module_img, module_size, &archs[arch], whitelist_empty); + return 0; + } +diff --git a/util/grub-module-verifierXX.c b/util/grub-module-verifierXX.c +index 597ded14362..a98e2f9b1ac 100644 +--- a/util/grub-module-verifierXX.c ++++ b/util/grub-module-verifierXX.c +@@ -160,14 +160,15 @@ find_section (const struct grub_module_verifier_arch *arch, Elf_Ehdr *e, const c + } + + static void +-check_license (const struct grub_module_verifier_arch *arch, Elf_Ehdr *e) ++check_license (const char * const filename, ++ const struct grub_module_verifier_arch *arch, Elf_Ehdr *e) + { + Elf_Shdr *s = find_section (arch, e, ".module_license"); + if (s && (strcmp ((char *) e + grub_target_to_host(s->sh_offset), "LICENSE=GPLv3") == 0 + || strcmp ((char *) e + grub_target_to_host(s->sh_offset), "LICENSE=GPLv3+") == 0 + || strcmp ((char *) e + grub_target_to_host(s->sh_offset), "LICENSE=GPLv2+") == 0)) + return; +- grub_util_error ("incompatible license"); ++ grub_util_error ("%s: incompatible license", filename); + } + + static Elf_Sym * +@@ -233,10 +234,10 @@ check_symbols (const struct grub_module_verifier_arch *arch, + s = find_section (arch, e, ".moddeps"); + + if (!s) +- grub_util_error ("no symbol table and no .moddeps section"); ++ grub_util_error ("%s: no symbol table and no .moddeps section", modname); + + if (!s->sh_size) +- grub_util_error ("no symbol table and empty .moddeps section"); ++ grub_util_error ("%s: no symbol table and empty .moddeps section", modname); + + return; + } +@@ -257,7 +258,7 @@ check_symbols (const struct grub_module_verifier_arch *arch, + break; + + default: +- return grub_util_error ("unknown symbol type `%d'", (int) type); ++ return grub_util_error ("%s: unknown symbol type `%d'", modname, (int) type); + } + } + } +@@ -283,7 +284,8 @@ is_symbol_local(Elf_Sym *sym) + } + + static void +-section_check_relocations (const struct grub_module_verifier_arch *arch, void *ehdr, ++section_check_relocations (const char * const modname, ++ const struct grub_module_verifier_arch *arch, void *ehdr, + Elf_Shdr *s, size_t target_seg_size) + { + Elf_Rel *rel, *max; +@@ -292,7 +294,7 @@ section_check_relocations (const struct grub_module_verifier_arch *arch, void *e + + symtab = get_symtab (arch, ehdr, &symtabsize, &symtabentsize); + if (!symtab) +- grub_util_error ("relocation without symbol table"); ++ grub_util_error ("%s: relocation without symbol table", modname); + + for (rel = (Elf_Rel *) ((char *) ehdr + grub_target_to_host (s->sh_offset)), + max = (Elf_Rel *) ((char *) rel + grub_target_to_host (s->sh_size)); +@@ -303,7 +305,7 @@ section_check_relocations (const struct grub_module_verifier_arch *arch, void *e + unsigned i; + + if (target_seg_size < grub_target_to_host (rel->r_offset)) +- grub_util_error ("reloc offset is out of the segment"); ++ grub_util_error ("%s: reloc offset is out of the segment", modname); + + grub_uint32_t type = ELF_R_TYPE (grub_target_to_host (rel->r_info)); + +@@ -316,17 +318,17 @@ section_check_relocations (const struct grub_module_verifier_arch *arch, void *e + if (arch->supported_relocations[i] != -1) + continue; + if (!arch->short_relocations) +- grub_util_error ("unsupported relocation 0x%x", type); ++ grub_util_error ("%s: unsupported relocation 0x%x", modname, type); + for (i = 0; arch->short_relocations[i] != -1; i++) + if (type == arch->short_relocations[i]) + break; + if (arch->short_relocations[i] == -1) +- grub_util_error ("unsupported relocation 0x%x", type); ++ grub_util_error ("%s: unsupported relocation 0x%x", modname, type); + sym = (Elf_Sym *) ((char *) symtab + symtabentsize * ELF_R_SYM (grub_target_to_host (rel->r_info))); + + if (is_symbol_local (sym)) + continue; +- grub_util_error ("relocation 0x%x is not module-local", type); ++ grub_util_error ("%s: relocation 0x%x is not module-local", modname, type); + } + #if defined(MODULEVERIFIER_ELF64) + if (arch->machine == EM_AARCH64) +@@ -351,11 +353,11 @@ section_check_relocations (const struct grub_module_verifier_arch *arch, void *e + && ELF_R_TYPE (rel2->r_info) == R_AARCH64_LD64_GOT_LO12_NC) + break; + if (rel2 >= (Elf_Rela *) max) +- grub_util_error ("ADR_GOT_PAGE without matching LD64_GOT_LO12_NC"); ++ grub_util_error ("%s: ADR_GOT_PAGE without matching LD64_GOT_LO12_NC", modname); + break; + case R_AARCH64_LD64_GOT_LO12_NC: + if (unmatched_adr_got_page == 0) +- grub_util_error ("LD64_GOT_LO12_NC without matching ADR_GOT_PAGE"); ++ grub_util_error ("%s: LD64_GOT_LO12_NC without matching ADR_GOT_PAGE", modname); + unmatched_adr_got_page--; + break; + } +@@ -365,7 +367,8 @@ section_check_relocations (const struct grub_module_verifier_arch *arch, void *e + } + + static void +-check_relocations (const struct grub_module_verifier_arch *arch, Elf_Ehdr *e) ++check_relocations (const char * const modname, ++ const struct grub_module_verifier_arch *arch, Elf_Ehdr *e) + { + Elf_Shdr *s; + unsigned i; +@@ -378,21 +381,22 @@ check_relocations (const struct grub_module_verifier_arch *arch, Elf_Ehdr *e) + Elf_Shdr *ts; + + if (grub_target_to_host32 (s->sh_type) == SHT_REL && !(arch->flags & GRUB_MODULE_VERIFY_SUPPORTS_REL)) +- grub_util_error ("unsupported SHT_REL"); ++ grub_util_error ("%s: unsupported SHT_REL", modname); + if (grub_target_to_host32 (s->sh_type) == SHT_RELA && !(arch->flags & GRUB_MODULE_VERIFY_SUPPORTS_RELA)) +- grub_util_error ("unsupported SHT_RELA"); ++ grub_util_error ("%s: unsupported SHT_RELA", modname); + + /* Find the target segment. */ + if (grub_target_to_host32 (s->sh_info) >= grub_target_to_host16 (e->e_shnum)) +- grub_util_error ("orphaned reloc section"); ++ grub_util_error ("%s: orphaned reloc section", modname); + ts = (Elf_Shdr *) ((char *) e + grub_target_to_host (e->e_shoff) + grub_target_to_host32 (s->sh_info) * grub_target_to_host16 (e->e_shentsize)); + +- section_check_relocations (arch, e, s, grub_target_to_host (ts->sh_size)); ++ section_check_relocations (modname, arch, e, s, grub_target_to_host (ts->sh_size)); + } + } + + void +-SUFFIX(grub_module_verify) (void *module_img, size_t size, ++SUFFIX(grub_module_verify) (const char * const filename, ++ void *module_img, size_t size, + const struct grub_module_verifier_arch *arch, + const char **whitelist_empty) + { +@@ -400,7 +404,7 @@ SUFFIX(grub_module_verify) (void *module_img, size_t size, + + /* Check the header size. */ + if (size < sizeof (Elf_Ehdr)) +- grub_util_error ("ELF header smaller than expected"); ++ grub_util_error ("%s: ELF header smaller than expected", filename); + + /* Check the magic numbers. */ + if (e->e_ident[EI_MAG0] != ELFMAG0 +@@ -409,36 +413,36 @@ SUFFIX(grub_module_verify) (void *module_img, size_t size, + || e->e_ident[EI_MAG3] != ELFMAG3 + || e->e_ident[EI_VERSION] != EV_CURRENT + || grub_target_to_host32 (e->e_version) != EV_CURRENT) +- grub_util_error ("invalid arch-independent ELF magic"); ++ grub_util_error ("%s: invalid arch-independent ELF magic", filename); + + if (e->e_ident[EI_CLASS] != ELFCLASSXX + || e->e_ident[EI_DATA] != (arch->bigendian ? ELFDATA2MSB : ELFDATA2LSB) + || grub_target_to_host16 (e->e_machine) != arch->machine) +- grub_util_error ("invalid arch-dependent ELF magic"); ++ grub_util_error ("%s: invalid arch-dependent ELF magic", filename); + + if (grub_target_to_host16 (e->e_type) != ET_REL) + { +- grub_util_error ("this ELF file is not of the right type"); ++ grub_util_error ("%s: this ELF file is not of the right type", filename); + } + + /* Make sure that every section is within the core. */ + if (size < grub_target_to_host (e->e_shoff) + + (grub_uint32_t) grub_target_to_host16 (e->e_shentsize) * grub_target_to_host16(e->e_shnum)) + { +- grub_util_error ("ELF sections outside core"); ++ grub_util_error ("%s: ELF sections outside core", filename); + } + +- check_license (arch, e); ++ check_license (filename, arch, e); + + Elf_Shdr *s; + const char *modname; + + s = find_section (arch, e, ".modname"); + if (!s) +- grub_util_error ("no module name found"); ++ grub_util_error ("%s: no module name found", filename); + + modname = (const char *) e + grub_target_to_host (s->sh_offset); + + check_symbols(arch, e, modname, whitelist_empty); +- check_relocations(arch, e); ++ check_relocations(modname, arch, e); + } +diff --git a/include/grub/module_verifier.h b/include/grub/module_verifier.h +index f4870cb9c2d..ba21c75e2eb 100644 +--- a/include/grub/module_verifier.h ++++ b/include/grub/module_verifier.h +@@ -16,5 +16,5 @@ struct grub_module_verifier_arch { + const int *short_relocations; + }; + +-void grub_module_verify64(void *module_img, size_t module_size, const struct grub_module_verifier_arch *arch, const char **whitelist_empty); +-void grub_module_verify32(void *module_img, size_t module_size, const struct grub_module_verifier_arch *arch, const char **whitelist_empty); ++void grub_module_verify64(const char * const filename, void *module_img, size_t module_size, const struct grub_module_verifier_arch *arch, const char **whitelist_empty); ++void grub_module_verify32(const char * const filename, void *module_img, size_t module_size, const struct grub_module_verifier_arch *arch, const char **whitelist_empty); diff --git a/SOURCES/0221-module-verifier-make-it-possible-to-run-checkers-on-.patch b/SOURCES/0221-module-verifier-make-it-possible-to-run-checkers-on-.patch deleted file mode 100644 index 0bdfca1..0000000 --- a/SOURCES/0221-module-verifier-make-it-possible-to-run-checkers-on-.patch +++ /dev/null @@ -1,58 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Wed, 1 Aug 2018 10:24:52 -0400 -Subject: [PATCH] module-verifier: make it possible to run checkers on - grub-module-verifierxx.c - -This makes it so you can treat grub-module-verifierxx.c as a file you can -build directly, so syntax checkers like vim's "syntastic" plugin, which uses -"gcc -x c -fsyntax-only" to build it, will work. - -One still has to do whatever setup is required to make it pick the right -include dirs, which -W options we use, etc., but this makes it so you can do -the checking on the file you're editing, rather than on a different file. - -v2: fix the typo in the #else clause in util/grub-module-verifierXX.c - -Signed-off-by: Peter Jones ---- - util/grub-module-verifier32.c | 2 ++ - util/grub-module-verifier64.c | 2 ++ - util/grub-module-verifierXX.c | 9 +++++++++ - 3 files changed, 13 insertions(+) - -diff --git a/util/grub-module-verifier32.c b/util/grub-module-verifier32.c -index 257229f8f08..ba7d41aafea 100644 ---- a/util/grub-module-verifier32.c -+++ b/util/grub-module-verifier32.c -@@ -1,2 +1,4 @@ - #define MODULEVERIFIER_ELF32 1 -+#ifndef GRUB_MODULE_VERIFIERXX - #include "grub-module-verifierXX.c" -+#endif -diff --git a/util/grub-module-verifier64.c b/util/grub-module-verifier64.c -index 4db6b4bedd1..fc23ef800b3 100644 ---- a/util/grub-module-verifier64.c -+++ b/util/grub-module-verifier64.c -@@ -1,2 +1,4 @@ - #define MODULEVERIFIER_ELF64 1 -+#ifndef GRUB_MODULE_VERIFIERXX - #include "grub-module-verifierXX.c" -+#endif -diff --git a/util/grub-module-verifierXX.c b/util/grub-module-verifierXX.c -index 1feaafc9b9e..597ded14362 100644 ---- a/util/grub-module-verifierXX.c -+++ b/util/grub-module-verifierXX.c -@@ -1,3 +1,12 @@ -+#define GRUB_MODULE_VERIFIERXX -+#if !defined(MODULEVERIFIER_ELF32) && !defined(MODULEVERIFIER_ELF64) -+#if __SIZEOF_POINTER__ == 8 -+#include "grub-module-verifier64.c" -+#else -+#include "grub-module-verifier32.c" -+#endif -+#endif -+ - #include - - #include diff --git a/SOURCES/0222-Make-efi_netfs-not-duplicate-symbols-from-efinet.patch b/SOURCES/0222-Make-efi_netfs-not-duplicate-symbols-from-efinet.patch new file mode 100644 index 0000000..394ba2d --- /dev/null +++ b/SOURCES/0222-Make-efi_netfs-not-duplicate-symbols-from-efinet.patch @@ -0,0 +1,27 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Wed, 11 Jul 2018 13:50:00 -0400 +Subject: [PATCH] Make efi_netfs not duplicate symbols from efinet + +Signed-off-by: Peter Jones +--- + grub-core/Makefile.core.def | 6 ------ + 1 file changed, 6 deletions(-) + +diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def +index aa44d66aca4..e35217b8668 100644 +--- a/grub-core/Makefile.core.def ++++ b/grub-core/Makefile.core.def +@@ -2186,12 +2186,6 @@ module = { + module = { + name = efi_netfs; + common = net/efi/efi_netfs.c; +- common = net/efi/net.c; +- common = net/efi/http.c; +- common = net/efi/pxe.c; +- common = net/efi/ip4_config.c; +- common = net/efi/ip6_config.c; +- common = net/efi/dhcp.c; + enable = efi; + }; + diff --git a/SOURCES/0222-grub-module-verifier-report-the-filename-or-modname-.patch b/SOURCES/0222-grub-module-verifier-report-the-filename-or-modname-.patch deleted file mode 100644 index c27d065..0000000 --- a/SOURCES/0222-grub-module-verifier-report-the-filename-or-modname-.patch +++ /dev/null @@ -1,250 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Wed, 1 Aug 2018 10:12:47 -0400 -Subject: [PATCH] grub-module-verifier: report the filename or modname in - errors. - -Make it so that when grub-module-verifier complains of an issue, it tells you -which module the issue was with. - -Signed-off-by: Peter Jones ---- - util/grub-module-verifier.c | 6 ++--- - util/grub-module-verifierXX.c | 58 ++++++++++++++++++++++-------------------- - include/grub/module_verifier.h | 4 +-- - 3 files changed, 36 insertions(+), 32 deletions(-) - -diff --git a/util/grub-module-verifier.c b/util/grub-module-verifier.c -index a79271f6631..03ba1ab437a 100644 ---- a/util/grub-module-verifier.c -+++ b/util/grub-module-verifier.c -@@ -157,7 +157,7 @@ main (int argc, char **argv) - if (strcmp(archs[arch].name, argv[2]) == 0) - break; - if (arch == ARRAY_SIZE(archs)) -- grub_util_error("unknown arch: %s", argv[2]); -+ grub_util_error("%s: unknown arch: %s", argv[1], argv[2]); - - for (whitelist = 0; whitelist < ARRAY_SIZE(whitelists); whitelist++) - if (strcmp(whitelists[whitelist].arch, argv[2]) == 0 -@@ -169,8 +169,8 @@ main (int argc, char **argv) - module_size = grub_util_get_image_size (argv[1]); - module_img = grub_util_read_image (argv[1]); - if (archs[arch].voidp_sizeof == 8) -- grub_module_verify64(module_img, module_size, &archs[arch], whitelist_empty); -+ grub_module_verify64(argv[1], module_img, module_size, &archs[arch], whitelist_empty); - else -- grub_module_verify32(module_img, module_size, &archs[arch], whitelist_empty); -+ grub_module_verify32(argv[1], module_img, module_size, &archs[arch], whitelist_empty); - return 0; - } -diff --git a/util/grub-module-verifierXX.c b/util/grub-module-verifierXX.c -index 597ded14362..a98e2f9b1ac 100644 ---- a/util/grub-module-verifierXX.c -+++ b/util/grub-module-verifierXX.c -@@ -160,14 +160,15 @@ find_section (const struct grub_module_verifier_arch *arch, Elf_Ehdr *e, const c - } - - static void --check_license (const struct grub_module_verifier_arch *arch, Elf_Ehdr *e) -+check_license (const char * const filename, -+ const struct grub_module_verifier_arch *arch, Elf_Ehdr *e) - { - Elf_Shdr *s = find_section (arch, e, ".module_license"); - if (s && (strcmp ((char *) e + grub_target_to_host(s->sh_offset), "LICENSE=GPLv3") == 0 - || strcmp ((char *) e + grub_target_to_host(s->sh_offset), "LICENSE=GPLv3+") == 0 - || strcmp ((char *) e + grub_target_to_host(s->sh_offset), "LICENSE=GPLv2+") == 0)) - return; -- grub_util_error ("incompatible license"); -+ grub_util_error ("%s: incompatible license", filename); - } - - static Elf_Sym * -@@ -233,10 +234,10 @@ check_symbols (const struct grub_module_verifier_arch *arch, - s = find_section (arch, e, ".moddeps"); - - if (!s) -- grub_util_error ("no symbol table and no .moddeps section"); -+ grub_util_error ("%s: no symbol table and no .moddeps section", modname); - - if (!s->sh_size) -- grub_util_error ("no symbol table and empty .moddeps section"); -+ grub_util_error ("%s: no symbol table and empty .moddeps section", modname); - - return; - } -@@ -257,7 +258,7 @@ check_symbols (const struct grub_module_verifier_arch *arch, - break; - - default: -- return grub_util_error ("unknown symbol type `%d'", (int) type); -+ return grub_util_error ("%s: unknown symbol type `%d'", modname, (int) type); - } - } - } -@@ -283,7 +284,8 @@ is_symbol_local(Elf_Sym *sym) - } - - static void --section_check_relocations (const struct grub_module_verifier_arch *arch, void *ehdr, -+section_check_relocations (const char * const modname, -+ const struct grub_module_verifier_arch *arch, void *ehdr, - Elf_Shdr *s, size_t target_seg_size) - { - Elf_Rel *rel, *max; -@@ -292,7 +294,7 @@ section_check_relocations (const struct grub_module_verifier_arch *arch, void *e - - symtab = get_symtab (arch, ehdr, &symtabsize, &symtabentsize); - if (!symtab) -- grub_util_error ("relocation without symbol table"); -+ grub_util_error ("%s: relocation without symbol table", modname); - - for (rel = (Elf_Rel *) ((char *) ehdr + grub_target_to_host (s->sh_offset)), - max = (Elf_Rel *) ((char *) rel + grub_target_to_host (s->sh_size)); -@@ -303,7 +305,7 @@ section_check_relocations (const struct grub_module_verifier_arch *arch, void *e - unsigned i; - - if (target_seg_size < grub_target_to_host (rel->r_offset)) -- grub_util_error ("reloc offset is out of the segment"); -+ grub_util_error ("%s: reloc offset is out of the segment", modname); - - grub_uint32_t type = ELF_R_TYPE (grub_target_to_host (rel->r_info)); - -@@ -316,17 +318,17 @@ section_check_relocations (const struct grub_module_verifier_arch *arch, void *e - if (arch->supported_relocations[i] != -1) - continue; - if (!arch->short_relocations) -- grub_util_error ("unsupported relocation 0x%x", type); -+ grub_util_error ("%s: unsupported relocation 0x%x", modname, type); - for (i = 0; arch->short_relocations[i] != -1; i++) - if (type == arch->short_relocations[i]) - break; - if (arch->short_relocations[i] == -1) -- grub_util_error ("unsupported relocation 0x%x", type); -+ grub_util_error ("%s: unsupported relocation 0x%x", modname, type); - sym = (Elf_Sym *) ((char *) symtab + symtabentsize * ELF_R_SYM (grub_target_to_host (rel->r_info))); - - if (is_symbol_local (sym)) - continue; -- grub_util_error ("relocation 0x%x is not module-local", type); -+ grub_util_error ("%s: relocation 0x%x is not module-local", modname, type); - } - #if defined(MODULEVERIFIER_ELF64) - if (arch->machine == EM_AARCH64) -@@ -351,11 +353,11 @@ section_check_relocations (const struct grub_module_verifier_arch *arch, void *e - && ELF_R_TYPE (rel2->r_info) == R_AARCH64_LD64_GOT_LO12_NC) - break; - if (rel2 >= (Elf_Rela *) max) -- grub_util_error ("ADR_GOT_PAGE without matching LD64_GOT_LO12_NC"); -+ grub_util_error ("%s: ADR_GOT_PAGE without matching LD64_GOT_LO12_NC", modname); - break; - case R_AARCH64_LD64_GOT_LO12_NC: - if (unmatched_adr_got_page == 0) -- grub_util_error ("LD64_GOT_LO12_NC without matching ADR_GOT_PAGE"); -+ grub_util_error ("%s: LD64_GOT_LO12_NC without matching ADR_GOT_PAGE", modname); - unmatched_adr_got_page--; - break; - } -@@ -365,7 +367,8 @@ section_check_relocations (const struct grub_module_verifier_arch *arch, void *e - } - - static void --check_relocations (const struct grub_module_verifier_arch *arch, Elf_Ehdr *e) -+check_relocations (const char * const modname, -+ const struct grub_module_verifier_arch *arch, Elf_Ehdr *e) - { - Elf_Shdr *s; - unsigned i; -@@ -378,21 +381,22 @@ check_relocations (const struct grub_module_verifier_arch *arch, Elf_Ehdr *e) - Elf_Shdr *ts; - - if (grub_target_to_host32 (s->sh_type) == SHT_REL && !(arch->flags & GRUB_MODULE_VERIFY_SUPPORTS_REL)) -- grub_util_error ("unsupported SHT_REL"); -+ grub_util_error ("%s: unsupported SHT_REL", modname); - if (grub_target_to_host32 (s->sh_type) == SHT_RELA && !(arch->flags & GRUB_MODULE_VERIFY_SUPPORTS_RELA)) -- grub_util_error ("unsupported SHT_RELA"); -+ grub_util_error ("%s: unsupported SHT_RELA", modname); - - /* Find the target segment. */ - if (grub_target_to_host32 (s->sh_info) >= grub_target_to_host16 (e->e_shnum)) -- grub_util_error ("orphaned reloc section"); -+ grub_util_error ("%s: orphaned reloc section", modname); - ts = (Elf_Shdr *) ((char *) e + grub_target_to_host (e->e_shoff) + grub_target_to_host32 (s->sh_info) * grub_target_to_host16 (e->e_shentsize)); - -- section_check_relocations (arch, e, s, grub_target_to_host (ts->sh_size)); -+ section_check_relocations (modname, arch, e, s, grub_target_to_host (ts->sh_size)); - } - } - - void --SUFFIX(grub_module_verify) (void *module_img, size_t size, -+SUFFIX(grub_module_verify) (const char * const filename, -+ void *module_img, size_t size, - const struct grub_module_verifier_arch *arch, - const char **whitelist_empty) - { -@@ -400,7 +404,7 @@ SUFFIX(grub_module_verify) (void *module_img, size_t size, - - /* Check the header size. */ - if (size < sizeof (Elf_Ehdr)) -- grub_util_error ("ELF header smaller than expected"); -+ grub_util_error ("%s: ELF header smaller than expected", filename); - - /* Check the magic numbers. */ - if (e->e_ident[EI_MAG0] != ELFMAG0 -@@ -409,36 +413,36 @@ SUFFIX(grub_module_verify) (void *module_img, size_t size, - || e->e_ident[EI_MAG3] != ELFMAG3 - || e->e_ident[EI_VERSION] != EV_CURRENT - || grub_target_to_host32 (e->e_version) != EV_CURRENT) -- grub_util_error ("invalid arch-independent ELF magic"); -+ grub_util_error ("%s: invalid arch-independent ELF magic", filename); - - if (e->e_ident[EI_CLASS] != ELFCLASSXX - || e->e_ident[EI_DATA] != (arch->bigendian ? ELFDATA2MSB : ELFDATA2LSB) - || grub_target_to_host16 (e->e_machine) != arch->machine) -- grub_util_error ("invalid arch-dependent ELF magic"); -+ grub_util_error ("%s: invalid arch-dependent ELF magic", filename); - - if (grub_target_to_host16 (e->e_type) != ET_REL) - { -- grub_util_error ("this ELF file is not of the right type"); -+ grub_util_error ("%s: this ELF file is not of the right type", filename); - } - - /* Make sure that every section is within the core. */ - if (size < grub_target_to_host (e->e_shoff) - + (grub_uint32_t) grub_target_to_host16 (e->e_shentsize) * grub_target_to_host16(e->e_shnum)) - { -- grub_util_error ("ELF sections outside core"); -+ grub_util_error ("%s: ELF sections outside core", filename); - } - -- check_license (arch, e); -+ check_license (filename, arch, e); - - Elf_Shdr *s; - const char *modname; - - s = find_section (arch, e, ".modname"); - if (!s) -- grub_util_error ("no module name found"); -+ grub_util_error ("%s: no module name found", filename); - - modname = (const char *) e + grub_target_to_host (s->sh_offset); - - check_symbols(arch, e, modname, whitelist_empty); -- check_relocations(arch, e); -+ check_relocations(modname, arch, e); - } -diff --git a/include/grub/module_verifier.h b/include/grub/module_verifier.h -index f4870cb9c2d..ba21c75e2eb 100644 ---- a/include/grub/module_verifier.h -+++ b/include/grub/module_verifier.h -@@ -16,5 +16,5 @@ struct grub_module_verifier_arch { - const int *short_relocations; - }; - --void grub_module_verify64(void *module_img, size_t module_size, const struct grub_module_verifier_arch *arch, const char **whitelist_empty); --void grub_module_verify32(void *module_img, size_t module_size, const struct grub_module_verifier_arch *arch, const char **whitelist_empty); -+void grub_module_verify64(const char * const filename, void *module_img, size_t module_size, const struct grub_module_verifier_arch *arch, const char **whitelist_empty); -+void grub_module_verify32(const char * const filename, void *module_img, size_t module_size, const struct grub_module_verifier_arch *arch, const char **whitelist_empty); diff --git a/SOURCES/0223-Make-efi_netfs-not-duplicate-symbols-from-efinet.patch b/SOURCES/0223-Make-efi_netfs-not-duplicate-symbols-from-efinet.patch deleted file mode 100644 index e1b9bb4..0000000 --- a/SOURCES/0223-Make-efi_netfs-not-duplicate-symbols-from-efinet.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Wed, 11 Jul 2018 13:50:00 -0400 -Subject: [PATCH] Make efi_netfs not duplicate symbols from efinet - -Signed-off-by: Peter Jones ---- - grub-core/Makefile.core.def | 6 ------ - 1 file changed, 6 deletions(-) - -diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def -index d3e3bfd4d7a..715d3a3ec02 100644 ---- a/grub-core/Makefile.core.def -+++ b/grub-core/Makefile.core.def -@@ -2186,12 +2186,6 @@ module = { - module = { - name = efi_netfs; - common = net/efi/efi_netfs.c; -- common = net/efi/net.c; -- common = net/efi/http.c; -- common = net/efi/pxe.c; -- common = net/efi/ip4_config.c; -- common = net/efi/ip6_config.c; -- common = net/efi/dhcp.c; - enable = efi; - }; - diff --git a/SOURCES/0223-Rework-how-the-fdt-command-builds.patch b/SOURCES/0223-Rework-how-the-fdt-command-builds.patch new file mode 100644 index 0000000..e864a5e --- /dev/null +++ b/SOURCES/0223-Rework-how-the-fdt-command-builds.patch @@ -0,0 +1,118 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Thu, 12 Jul 2018 11:00:45 -0400 +Subject: [PATCH] Rework how the fdt command builds. + +Trying to avoid all variants of: +cat syminfo.lst | sort | gawk -f ../../grub-core/genmoddep.awk > moddep.lst || (rm -f moddep.lst; exit 1) +grub_fdt_install in linux is not defined +grub_fdt_load in linux is not defined +grub_fdt_unload in linux is not defined +grub_fdt_install in xen_boot is not defined +grub_fdt_load in xen_boot is not defined +grub_fdt_unload in xen_boot is not defined + +Signed-off-by: Peter Jones +--- + grub-core/Makefile.core.def | 5 ++--- + grub-core/lib/fdt.c | 2 -- + grub-core/loader/efi/fdt.c | 2 ++ + include/grub/fdt.h | 4 ++++ + grub-core/Makefile.am | 1 + + 5 files changed, 9 insertions(+), 5 deletions(-) + +diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def +index e35217b8668..cf3d549d212 100644 +--- a/grub-core/Makefile.core.def ++++ b/grub-core/Makefile.core.def +@@ -166,7 +166,6 @@ kernel = { + arm_coreboot = kern/arm/coreboot/init.c; + arm_coreboot = kern/arm/coreboot/timer.c; + arm_coreboot = kern/arm/coreboot/coreboot.S; +- arm_coreboot = lib/fdt.c; + arm_coreboot = bus/fdt.c; + arm_coreboot = term/ps2.c; + arm_coreboot = term/arm/pl050.c; +@@ -317,6 +316,8 @@ kernel = { + arm64 = kern/arm64/dl.c; + arm64 = kern/arm64/dl_helper.c; + ++ fdt = lib/fdt.c; ++ + emu = disk/host.c; + emu = kern/emu/cache_s.S; + emu = kern/emu/hostdisk.c; +@@ -1714,7 +1715,6 @@ module = { + arm_uboot = loader/arm/linux.c; + arm64 = loader/arm64/linux.c; + emu = loader/emu/linux.c; +- fdt = lib/fdt.c; + + common = loader/linux.c; + common = lib/cmdline.c; +@@ -1725,7 +1725,6 @@ module = { + module = { + name = fdt; + efi = loader/efi/fdt.c; +- common = lib/fdt.c; + enable = fdt; + }; + +diff --git a/grub-core/lib/fdt.c b/grub-core/lib/fdt.c +index 0d371c5633e..37e04bd69e7 100644 +--- a/grub-core/lib/fdt.c ++++ b/grub-core/lib/fdt.c +@@ -21,8 +21,6 @@ + #include + #include + +-GRUB_MOD_LICENSE ("GPLv3+"); +- + #define FDT_SUPPORTED_VERSION 17 + + #define FDT_BEGIN_NODE 0x00000001 +diff --git a/grub-core/loader/efi/fdt.c b/grub-core/loader/efi/fdt.c +index a4c6e803645..a9dbcfdfeaf 100644 +--- a/grub-core/loader/efi/fdt.c ++++ b/grub-core/loader/efi/fdt.c +@@ -26,6 +26,8 @@ + #include + #include + ++GRUB_MOD_LICENSE ("GPLv3+"); ++ + static void *loaded_fdt; + static void *fdt; + +diff --git a/include/grub/fdt.h b/include/grub/fdt.h +index 158b1bc4b3a..6ee57e11ab3 100644 +--- a/include/grub/fdt.h ++++ b/include/grub/fdt.h +@@ -19,6 +19,8 @@ + #ifndef GRUB_FDT_HEADER + #define GRUB_FDT_HEADER 1 + ++#if defined(__arm__) || defined(__aarch64__) ++ + #include + #include + +@@ -141,4 +143,6 @@ int EXPORT_FUNC(grub_fdt_set_prop) (void *fdt, unsigned int nodeoffset, const ch + grub_fdt_set_prop ((fdt), (nodeoffset), "reg", reg_64, 16); \ + }) + ++#endif /* defined(__arm__) || defined(__aarch64__) */ ++ + #endif /* ! GRUB_FDT_HEADER */ +diff --git a/grub-core/Makefile.am b/grub-core/Makefile.am +index 3781bb9cbb9..4062652506d 100644 +--- a/grub-core/Makefile.am ++++ b/grub-core/Makefile.am +@@ -76,6 +76,7 @@ KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/efi/sb.h + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/env.h + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/env_private.h + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/err.h ++KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/fdt.h + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/file.h + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/fs.h + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/i18n.h diff --git a/SOURCES/0224-Disable-non-wordsize-allocations-on-arm.patch b/SOURCES/0224-Disable-non-wordsize-allocations-on-arm.patch new file mode 100644 index 0000000..5c627a3 --- /dev/null +++ b/SOURCES/0224-Disable-non-wordsize-allocations-on-arm.patch @@ -0,0 +1,41 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Thu, 2 Aug 2018 10:56:38 -0400 +Subject: [PATCH] Disable non-wordsize allocations on arm + +Signed-off-by: Peter Jones +--- + configure.ac | 20 ++++++++++++++++++++ + 1 file changed, 20 insertions(+) + +diff --git a/configure.ac b/configure.ac +index 819212095ff..9323c125469 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -1234,6 +1234,26 @@ if test "x$target_cpu" = xarm; then + done + ]) + ++ AC_CACHE_CHECK([for options to disable movt and movw relocations], ++ grub_cv_target_cc_mword_relocations, ++ [grub_cv_target_cc_mword_relocations=no ++ for cand in "-mword-relocations" ; do ++ if test x"$grub_cv_target_cc_mword_relocations" != xno ; then ++ break ++ fi ++ CFLAGS="$TARGET_CFLAGS $cand -Werror" ++ CPPFLAGS="$TARGET_CPPFLAGS" ++ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[]])], ++ [grub_cv_target_cc_mword_relocations="$cand"], ++ []) ++ done ++ ]) ++ if test x"$grub_cv_target_cc_mword_relocations" = xno ; then ++ AC_MSG_ERROR(["your compiler doesn't support disabling movw/movt relocations"]) ++ else ++ TARGET_CFLAGS="$TARGET_CFLAGS $grub_cv_target_cc_mword_relocations" ++ fi ++ + if test x"$grub_cv_target_cc_mno_movt" != xno ; then + # A trick so that clang doesn't see it on link stage + TARGET_CPPFLAGS="$TARGET_CPPFLAGS $grub_cv_target_cc_mno_movt" diff --git a/SOURCES/0224-Rework-how-the-fdt-command-builds.patch b/SOURCES/0224-Rework-how-the-fdt-command-builds.patch deleted file mode 100644 index 5f66a7a..0000000 --- a/SOURCES/0224-Rework-how-the-fdt-command-builds.patch +++ /dev/null @@ -1,118 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Thu, 12 Jul 2018 11:00:45 -0400 -Subject: [PATCH] Rework how the fdt command builds. - -Trying to avoid all variants of: -cat syminfo.lst | sort | gawk -f ../../grub-core/genmoddep.awk > moddep.lst || (rm -f moddep.lst; exit 1) -grub_fdt_install in linux is not defined -grub_fdt_load in linux is not defined -grub_fdt_unload in linux is not defined -grub_fdt_install in xen_boot is not defined -grub_fdt_load in xen_boot is not defined -grub_fdt_unload in xen_boot is not defined - -Signed-off-by: Peter Jones ---- - grub-core/Makefile.core.def | 5 ++--- - grub-core/lib/fdt.c | 2 -- - grub-core/loader/efi/fdt.c | 2 ++ - include/grub/fdt.h | 4 ++++ - grub-core/Makefile.am | 1 + - 5 files changed, 9 insertions(+), 5 deletions(-) - -diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def -index 715d3a3ec02..203584fb00b 100644 ---- a/grub-core/Makefile.core.def -+++ b/grub-core/Makefile.core.def -@@ -166,7 +166,6 @@ kernel = { - arm_coreboot = kern/arm/coreboot/init.c; - arm_coreboot = kern/arm/coreboot/timer.c; - arm_coreboot = kern/arm/coreboot/coreboot.S; -- arm_coreboot = lib/fdt.c; - arm_coreboot = bus/fdt.c; - arm_coreboot = term/ps2.c; - arm_coreboot = term/arm/pl050.c; -@@ -317,6 +316,8 @@ kernel = { - arm64 = kern/arm64/dl.c; - arm64 = kern/arm64/dl_helper.c; - -+ fdt = lib/fdt.c; -+ - emu = disk/host.c; - emu = kern/emu/cache_s.S; - emu = kern/emu/hostdisk.c; -@@ -1714,7 +1715,6 @@ module = { - arm_uboot = loader/arm/linux.c; - arm64 = loader/arm64/linux.c; - emu = loader/emu/linux.c; -- fdt = lib/fdt.c; - - common = loader/linux.c; - common = lib/cmdline.c; -@@ -1725,7 +1725,6 @@ module = { - module = { - name = fdt; - efi = loader/efi/fdt.c; -- common = lib/fdt.c; - enable = fdt; - }; - -diff --git a/grub-core/lib/fdt.c b/grub-core/lib/fdt.c -index 0d371c5633e..37e04bd69e7 100644 ---- a/grub-core/lib/fdt.c -+++ b/grub-core/lib/fdt.c -@@ -21,8 +21,6 @@ - #include - #include - --GRUB_MOD_LICENSE ("GPLv3+"); -- - #define FDT_SUPPORTED_VERSION 17 - - #define FDT_BEGIN_NODE 0x00000001 -diff --git a/grub-core/loader/efi/fdt.c b/grub-core/loader/efi/fdt.c -index a4c6e803645..a9dbcfdfeaf 100644 ---- a/grub-core/loader/efi/fdt.c -+++ b/grub-core/loader/efi/fdt.c -@@ -26,6 +26,8 @@ - #include - #include - -+GRUB_MOD_LICENSE ("GPLv3+"); -+ - static void *loaded_fdt; - static void *fdt; - -diff --git a/include/grub/fdt.h b/include/grub/fdt.h -index 158b1bc4b3a..6ee57e11ab3 100644 ---- a/include/grub/fdt.h -+++ b/include/grub/fdt.h -@@ -19,6 +19,8 @@ - #ifndef GRUB_FDT_HEADER - #define GRUB_FDT_HEADER 1 - -+#if defined(__arm__) || defined(__aarch64__) -+ - #include - #include - -@@ -141,4 +143,6 @@ int EXPORT_FUNC(grub_fdt_set_prop) (void *fdt, unsigned int nodeoffset, const ch - grub_fdt_set_prop ((fdt), (nodeoffset), "reg", reg_64, 16); \ - }) - -+#endif /* defined(__arm__) || defined(__aarch64__) */ -+ - #endif /* ! GRUB_FDT_HEADER */ -diff --git a/grub-core/Makefile.am b/grub-core/Makefile.am -index 3781bb9cbb9..4062652506d 100644 ---- a/grub-core/Makefile.am -+++ b/grub-core/Makefile.am -@@ -76,6 +76,7 @@ KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/efi/sb.h - KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/env.h - KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/env_private.h - KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/err.h -+KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/fdt.h - KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/file.h - KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/fs.h - KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/i18n.h diff --git a/SOURCES/0225-Disable-non-wordsize-allocations-on-arm.patch b/SOURCES/0225-Disable-non-wordsize-allocations-on-arm.patch deleted file mode 100644 index 5c627a3..0000000 --- a/SOURCES/0225-Disable-non-wordsize-allocations-on-arm.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Thu, 2 Aug 2018 10:56:38 -0400 -Subject: [PATCH] Disable non-wordsize allocations on arm - -Signed-off-by: Peter Jones ---- - configure.ac | 20 ++++++++++++++++++++ - 1 file changed, 20 insertions(+) - -diff --git a/configure.ac b/configure.ac -index 819212095ff..9323c125469 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -1234,6 +1234,26 @@ if test "x$target_cpu" = xarm; then - done - ]) - -+ AC_CACHE_CHECK([for options to disable movt and movw relocations], -+ grub_cv_target_cc_mword_relocations, -+ [grub_cv_target_cc_mword_relocations=no -+ for cand in "-mword-relocations" ; do -+ if test x"$grub_cv_target_cc_mword_relocations" != xno ; then -+ break -+ fi -+ CFLAGS="$TARGET_CFLAGS $cand -Werror" -+ CPPFLAGS="$TARGET_CPPFLAGS" -+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[]])], -+ [grub_cv_target_cc_mword_relocations="$cand"], -+ []) -+ done -+ ]) -+ if test x"$grub_cv_target_cc_mword_relocations" = xno ; then -+ AC_MSG_ERROR(["your compiler doesn't support disabling movw/movt relocations"]) -+ else -+ TARGET_CFLAGS="$TARGET_CFLAGS $grub_cv_target_cc_mword_relocations" -+ fi -+ - if test x"$grub_cv_target_cc_mno_movt" != xno ; then - # A trick so that clang doesn't see it on link stage - TARGET_CPPFLAGS="$TARGET_CPPFLAGS $grub_cv_target_cc_mno_movt" diff --git a/SOURCES/0225-strip-R-.note.gnu.property-at-more-places.patch b/SOURCES/0225-strip-R-.note.gnu.property-at-more-places.patch new file mode 100644 index 0000000..0bd0be0 --- /dev/null +++ b/SOURCES/0225-strip-R-.note.gnu.property-at-more-places.patch @@ -0,0 +1,82 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Fri, 3 Aug 2018 15:07:23 -0400 +Subject: [PATCH] strip "-R .note.gnu.property" at more places. + +For whatever reason, sometimes I see: + + lzma_decompress.image: file format elf32-i386 + lzma_decompress.image + architecture: i386, flags 0x00000012: + EXEC_P, HAS_SYMS + start address 0x00008200 + + Program Header: + LOAD off 0x000000c0 vaddr 0x00008200 paddr 0x00008200 align 2**5 + filesz 0x00000b10 memsz 0x00000b10 flags rwx + LOAD off 0x00000bd0 vaddr 0x080480b4 paddr 0x080480b4 align 2**2 + filesz 0x0000001c memsz 0x0000001c flags r-- + NOTE off 0x00000bd0 vaddr 0x080480b4 paddr 0x080480b4 align 2**2 + filesz 0x0000001c memsz 0x0000001c flags r-- + STACK off 0x00000000 vaddr 0x00000000 paddr 0x00000000 align 2**4 + filesz 0x00000000 memsz 0x00000000 flags rw- + + Sections: + Idx Name Size VMA LMA File off Algn + 0 .note.gnu.property 0000001c 080480b4 080480b4 00000bd0 2**2 + CONTENTS, ALLOC, LOAD, READONLY, DATA + 1 .text 00000b10 00008200 00008200 000000c0 2**5 + CONTENTS, ALLOC, LOAD, CODE + SYMBOL TABLE: + 080480b4 l d .note.gnu.property 00000000 .note.gnu.property + 00008200 l d .text 00000000 .text + 00000000 l df *ABS* 00000000 startup_raw.S + ... + +Which just looks wrong no matter what to my eyes (seriously it's at +128M? Why?), and when we fail to strip it, we get: + +trillian:~/tmp/f29$ hexdump -C usr/lib/grub/i386-pc/lzma_decompress.img | tail -6 +00000b00 ff 45 e8 5a 83 c2 02 89 d1 e9 df fe ff ff 66 90 |.E.Z..........f.| +00000b10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +* +0803feb0 00 00 00 00 04 00 00 00 0c 00 00 00 05 00 00 00 |................| +0803fec0 47 4e 55 00 02 00 00 c0 04 00 00 00 03 00 00 00 |GNU.............| +0803fed0 + +Which is very very much not what we want. + +Cut it out. + +Signed-off-by: Peter Jones +--- + Makefile.am | 2 +- + gentpl.py | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/Makefile.am b/Makefile.am +index c7b0e6a9c46..287fff66b20 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -209,7 +209,7 @@ pc-chainloader.elf: $(srcdir)/grub-core/tests/boot/kernel-8086.S $(srcdir)/grub- + $(TARGET_CC) -o $@ $< -static -DTARGET_CHAINLOADER=1 -DSUCCESSFUL_BOOT_STRING=\"$(SUCCESSFUL_BOOT_STRING)\" -ffreestanding -nostdlib -nostdinc -Wl,--build-id=none -Wl,-N -Wl,-Ttext,0x7c00 -m32 + + pc-chainloader.bin: pc-chainloader.elf +- $(TARGET_OBJCOPY) -O binary --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .reginfo -R .rel.dyn -R .note.gnu.gold-version $< $@; ++ $(TARGET_OBJCOPY) -O binary --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .note.gnu.property $< $@; + + ntldr.elf: $(srcdir)/grub-core/tests/boot/kernel-8086.S $(srcdir)/grub-core/tests/boot/qemu-shutdown-x86.S + $(TARGET_CC) -o $@ $< -DTARGET_NTLDR=1 -DSUCCESSFUL_BOOT_STRING=\"$(SUCCESSFUL_BOOT_STRING)\" -static -ffreestanding -nostdlib -nostdinc -Wl,--build-id=none -Wl,-N -Wl,-Ttext,0 -m32 +diff --git a/gentpl.py b/gentpl.py +index 1e4635f4426..d662c305f66 100644 +--- a/gentpl.py ++++ b/gentpl.py +@@ -776,7 +776,7 @@ def image(defn, platform): + if test x$(TARGET_APPLE_LINKER) = x1; then \ + $(MACHO2IMG) $< $@; \ + else \ +- $(TARGET_OBJCOPY) $(""" + cname(defn) + """_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .ARM.exidx $< $@; \ ++ $(TARGET_OBJCOPY) $(""" + cname(defn) + """_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .ARM.exidx -R .note.gnu.property $< $@; \ + fi + """) + diff --git a/SOURCES/0226-Prepend-prefix-when-HTTP-path-is-relative.patch b/SOURCES/0226-Prepend-prefix-when-HTTP-path-is-relative.patch new file mode 100644 index 0000000..9e90636 --- /dev/null +++ b/SOURCES/0226-Prepend-prefix-when-HTTP-path-is-relative.patch @@ -0,0 +1,150 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Stephen Benjamin +Date: Thu, 16 Aug 2018 16:58:51 -0400 +Subject: [PATCH] Prepend prefix when HTTP path is relative + +This sets a couple of variables. With the url http://www.example.com/foo/bar : +http_path: /foo/bar +http_url: http://www.example.com/foo/bar + +Signed-off-by: Peter Jones +--- + grub-core/kern/main.c | 10 +++++- + grub-core/net/efi/http.c | 82 ++++++++++++++++++++++++++++++++++++------------ + 2 files changed, 71 insertions(+), 21 deletions(-) + +diff --git a/grub-core/kern/main.c b/grub-core/kern/main.c +index da47b18b50e..dcf48726d54 100644 +--- a/grub-core/kern/main.c ++++ b/grub-core/kern/main.c +@@ -130,11 +130,19 @@ grub_set_prefix_and_root (void) + if (fwdevice && fwpath) + { + char *fw_path; ++ char separator[3] = ")"; + +- fw_path = grub_xasprintf ("(%s)/%s", fwdevice, fwpath); ++ grub_dprintf ("fw_path", "\n"); ++ grub_dprintf ("fw_path", "fwdevice:\"%s\" fwpath:\"%s\"\n", fwdevice, fwpath); ++ ++ if (!grub_strncmp(fwdevice, "http", 4) && fwpath[0] != '/') ++ grub_strcpy(separator, ")/"); ++ ++ fw_path = grub_xasprintf ("(%s%s%s", fwdevice, separator, fwpath); + if (fw_path) + { + grub_env_set ("fw_path", fw_path); ++ grub_dprintf ("fw_path", "fw_path:\"%s\"\n", fw_path); + grub_free (fw_path); + } + } +diff --git a/grub-core/net/efi/http.c b/grub-core/net/efi/http.c +index 243acbaa35b..2a9624dacc4 100644 +--- a/grub-core/net/efi/http.c ++++ b/grub-core/net/efi/http.c +@@ -9,10 +9,52 @@ + static void + http_configure (struct grub_efi_net_device *dev, int prefer_ip6) + { ++ grub_efi_ipv6_address_t address; + grub_efi_http_config_data_t http_config; + grub_efi_httpv4_access_point_t httpv4_node; + grub_efi_httpv6_access_point_t httpv6_node; + grub_efi_status_t status; ++ int https; ++ char *http_url; ++ const char *rest, *http_server, *http_path = NULL; ++ ++ http_server = grub_env_get ("root"); ++ https = grub_strncmp (http_server, "https", 5) ? 1 : 0; ++ ++ /* extract http server + port */ ++ if (http_server) ++ { ++ http_server = grub_strchr (http_server, ','); ++ if (http_server) ++ http_server++; ++ } ++ ++ /* fw_path is like (http,192.168.1.1:8000)/httpboot, extract path part */ ++ http_path = grub_env_get ("fw_path"); ++ if (http_path) ++ { ++ http_path = grub_strchr (http_path, ')'); ++ if (http_path) ++ { ++ http_path++; ++ grub_env_unset ("http_path"); ++ grub_env_set ("http_path", http_path); ++ } ++ } ++ ++ if (http_server && http_path) ++ { ++ if (grub_efi_string_to_ip6_address (http_server, &address, &rest) && *rest == 0) ++ http_url = grub_xasprintf ("%s://[%s]%s", https ? "https" : "http", http_server, http_path); ++ else ++ http_url = grub_xasprintf ("%s://%s%s", https ? "https" : "http", http_server, http_path); ++ if (http_url) ++ { ++ grub_env_unset ("http_url"); ++ grub_env_set ("http_url", http_url); ++ grub_free (http_url); ++ } ++ } + + grub_efi_http_t *http = dev->http; + +@@ -352,32 +394,32 @@ grub_efihttp_open (struct grub_efi_net_device *dev, + grub_err_t err; + grub_off_t size; + char *buf; +- char *root_url; +- grub_efi_ipv6_address_t address; +- const char *rest; ++ char *file_name; ++ const char *http_path; + +- if (grub_efi_string_to_ip6_address (file->device->net->server, &address, &rest) && *rest == 0) +- root_url = grub_xasprintf ("%s://[%s]", type ? "https" : "http", file->device->net->server); ++ /* If path is relative, prepend http_path */ ++ http_path = grub_env_get ("http_path"); ++ if (http_path && file->device->net->name[0] != '/') ++ file_name = grub_xasprintf ("%s/%s", http_path, file->device->net->name); + else +- root_url = grub_xasprintf ("%s://%s", type ? "https" : "http", file->device->net->server); +- if (root_url) +- { +- grub_env_unset ("root_url"); +- grub_env_set ("root_url", root_url); +- grub_free (root_url); +- } +- else +- { +- return grub_errno; +- } ++ file_name = grub_strdup (file->device->net->name); + +- err = efihttp_request (dev->http, file->device->net->server, file->device->net->name, type, 1, 0); ++ if (!file_name) ++ return grub_errno; ++ ++ err = efihttp_request (dev->http, file->device->net->server, file_name, type, 1, 0); + if (err != GRUB_ERR_NONE) +- return err; ++ { ++ grub_free (file_name); ++ return err; ++ } + +- err = efihttp_request (dev->http, file->device->net->server, file->device->net->name, type, 0, &size); ++ err = efihttp_request (dev->http, file->device->net->server, file_name, type, 0, &size); ++ grub_free (file_name); + if (err != GRUB_ERR_NONE) +- return err; ++ { ++ return err; ++ } + + buf = grub_malloc (size); + efihttp_read (dev, buf, size); diff --git a/SOURCES/0226-strip-R-.note.gnu.property-at-more-places.patch b/SOURCES/0226-strip-R-.note.gnu.property-at-more-places.patch deleted file mode 100644 index 0bd0be0..0000000 --- a/SOURCES/0226-strip-R-.note.gnu.property-at-more-places.patch +++ /dev/null @@ -1,82 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Fri, 3 Aug 2018 15:07:23 -0400 -Subject: [PATCH] strip "-R .note.gnu.property" at more places. - -For whatever reason, sometimes I see: - - lzma_decompress.image: file format elf32-i386 - lzma_decompress.image - architecture: i386, flags 0x00000012: - EXEC_P, HAS_SYMS - start address 0x00008200 - - Program Header: - LOAD off 0x000000c0 vaddr 0x00008200 paddr 0x00008200 align 2**5 - filesz 0x00000b10 memsz 0x00000b10 flags rwx - LOAD off 0x00000bd0 vaddr 0x080480b4 paddr 0x080480b4 align 2**2 - filesz 0x0000001c memsz 0x0000001c flags r-- - NOTE off 0x00000bd0 vaddr 0x080480b4 paddr 0x080480b4 align 2**2 - filesz 0x0000001c memsz 0x0000001c flags r-- - STACK off 0x00000000 vaddr 0x00000000 paddr 0x00000000 align 2**4 - filesz 0x00000000 memsz 0x00000000 flags rw- - - Sections: - Idx Name Size VMA LMA File off Algn - 0 .note.gnu.property 0000001c 080480b4 080480b4 00000bd0 2**2 - CONTENTS, ALLOC, LOAD, READONLY, DATA - 1 .text 00000b10 00008200 00008200 000000c0 2**5 - CONTENTS, ALLOC, LOAD, CODE - SYMBOL TABLE: - 080480b4 l d .note.gnu.property 00000000 .note.gnu.property - 00008200 l d .text 00000000 .text - 00000000 l df *ABS* 00000000 startup_raw.S - ... - -Which just looks wrong no matter what to my eyes (seriously it's at -128M? Why?), and when we fail to strip it, we get: - -trillian:~/tmp/f29$ hexdump -C usr/lib/grub/i386-pc/lzma_decompress.img | tail -6 -00000b00 ff 45 e8 5a 83 c2 02 89 d1 e9 df fe ff ff 66 90 |.E.Z..........f.| -00000b10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| -* -0803feb0 00 00 00 00 04 00 00 00 0c 00 00 00 05 00 00 00 |................| -0803fec0 47 4e 55 00 02 00 00 c0 04 00 00 00 03 00 00 00 |GNU.............| -0803fed0 - -Which is very very much not what we want. - -Cut it out. - -Signed-off-by: Peter Jones ---- - Makefile.am | 2 +- - gentpl.py | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/Makefile.am b/Makefile.am -index c7b0e6a9c46..287fff66b20 100644 ---- a/Makefile.am -+++ b/Makefile.am -@@ -209,7 +209,7 @@ pc-chainloader.elf: $(srcdir)/grub-core/tests/boot/kernel-8086.S $(srcdir)/grub- - $(TARGET_CC) -o $@ $< -static -DTARGET_CHAINLOADER=1 -DSUCCESSFUL_BOOT_STRING=\"$(SUCCESSFUL_BOOT_STRING)\" -ffreestanding -nostdlib -nostdinc -Wl,--build-id=none -Wl,-N -Wl,-Ttext,0x7c00 -m32 - - pc-chainloader.bin: pc-chainloader.elf -- $(TARGET_OBJCOPY) -O binary --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .reginfo -R .rel.dyn -R .note.gnu.gold-version $< $@; -+ $(TARGET_OBJCOPY) -O binary --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .note.gnu.property $< $@; - - ntldr.elf: $(srcdir)/grub-core/tests/boot/kernel-8086.S $(srcdir)/grub-core/tests/boot/qemu-shutdown-x86.S - $(TARGET_CC) -o $@ $< -DTARGET_NTLDR=1 -DSUCCESSFUL_BOOT_STRING=\"$(SUCCESSFUL_BOOT_STRING)\" -static -ffreestanding -nostdlib -nostdinc -Wl,--build-id=none -Wl,-N -Wl,-Ttext,0 -m32 -diff --git a/gentpl.py b/gentpl.py -index 1e4635f4426..d662c305f66 100644 ---- a/gentpl.py -+++ b/gentpl.py -@@ -776,7 +776,7 @@ def image(defn, platform): - if test x$(TARGET_APPLE_LINKER) = x1; then \ - $(MACHO2IMG) $< $@; \ - else \ -- $(TARGET_OBJCOPY) $(""" + cname(defn) + """_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .ARM.exidx $< $@; \ -+ $(TARGET_OBJCOPY) $(""" + cname(defn) + """_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .ARM.exidx -R .note.gnu.property $< $@; \ - fi - """) - diff --git a/SOURCES/0227-Make-linux_arm_kernel_header.hdr_offset-be-at-the-ri.patch b/SOURCES/0227-Make-linux_arm_kernel_header.hdr_offset-be-at-the-ri.patch new file mode 100644 index 0000000..e0becd6 --- /dev/null +++ b/SOURCES/0227-Make-linux_arm_kernel_header.hdr_offset-be-at-the-ri.patch @@ -0,0 +1,71 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Thu, 16 Aug 2018 11:08:11 -0400 +Subject: [PATCH] Make linux_arm_kernel_header.hdr_offset be at the right place + +The kernel in front of me (slightly edited to make objdump work) looks like: + +00000000 4d 5a 10 13 4d 5a 10 13 4d 5a 10 13 4d 5a 10 13 |MZ..MZ..MZ..MZ..| +00000010 4d 5a 10 13 4d 5a 10 13 4d 5a 10 13 00 00 a0 e1 |MZ..MZ..MZ......| +00000020 f6 03 00 ea 18 28 6f 01 00 00 00 00 00 32 74 00 |.....(o......2t.| +00000030 01 02 03 04 45 45 45 45 74 a2 00 00 40 00 00 00 |....EEEEt...@...| +00000040 50 45 00 00 4c 01 04 00 00 00 00 00 00 00 00 00 |PE..L...........| +00000050 00 00 00 00 90 00 06 03 0b 01 02 14 00 20 74 00 |............. t.| +00000060 00 14 00 00 00 00 00 00 b4 19 00 00 00 10 00 00 |................| +00000070 00 30 74 00 00 00 00 00 00 10 00 00 00 02 00 00 |.0t.............| +00000080 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000090 00 44 74 00 00 10 00 00 00 00 00 00 0a 00 00 00 |.Dt.............| +000000a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +000000b0 00 00 00 00 06 00 00 00 00 00 00 00 00 00 00 00 |................| +000000c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +* + +(I don't know why the MZ header is there 7 times, but the offsets work out, so +it's merely a surprising distraction.) + +If linux_arm_kernel_header.reserved2 is 16 bytes, that means hdr_offset is +here: + +00000030 01 02 03 04 45 45 45 45 74 a2 00 00 40 00 00 00 |....EEEEt...@...| +00000040 50 45 00 00 4c 01 04 00 00 00 00 00 00 00 00 00 |PE..L...........| + ^^^^^^^^^^^ + +But it's supposed to be 4 bytes before that. + +This patch makes the reserved field be 3*32 instead of 4*32, and that means we +can find the PE header correcrtly at 0x40 by reading the value at 0x3c. + +Signed-off-by: Peter Jones +--- + grub-core/loader/efi/linux.c | 3 +++ + include/grub/arm/linux.h | 2 +- + 2 files changed, 4 insertions(+), 1 deletion(-) + +diff --git a/grub-core/loader/efi/linux.c b/grub-core/loader/efi/linux.c +index 0622dfa48d4..b56ea0bc041 100644 +--- a/grub-core/loader/efi/linux.c ++++ b/grub-core/loader/efi/linux.c +@@ -79,7 +79,10 @@ grub_efi_linux_boot (void *kernel_addr, grub_off_t handover_offset, + offset = 512; + #endif + ++ grub_dprintf ("linux", "kernel_addr: %p handover_offset: %p params: %p\n", ++ kernel_addr, (void *)(grub_efi_uintn_t)handover_offset, kernel_params); + hf = (handover_func)((char *)kernel_addr + handover_offset + offset); ++ grub_dprintf ("linux", "handover_func() = %p\n", hf); + hf (grub_efi_image_handle, grub_efi_system_table, kernel_params); + + return GRUB_ERR_BUG; +diff --git a/include/grub/arm/linux.h b/include/grub/arm/linux.h +index 5900fc8a40c..bed308f22cb 100644 +--- a/include/grub/arm/linux.h ++++ b/include/grub/arm/linux.h +@@ -31,7 +31,7 @@ struct linux_arm_kernel_header { + grub_uint32_t magic; + grub_uint32_t start; /* _start */ + grub_uint32_t end; /* _edata */ +- grub_uint32_t reserved2[4]; ++ grub_uint32_t reserved2[3]; + grub_uint32_t hdr_offset; + }; + diff --git a/SOURCES/0227-Prepend-prefix-when-HTTP-path-is-relative.patch b/SOURCES/0227-Prepend-prefix-when-HTTP-path-is-relative.patch deleted file mode 100644 index 9e90636..0000000 --- a/SOURCES/0227-Prepend-prefix-when-HTTP-path-is-relative.patch +++ /dev/null @@ -1,150 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Stephen Benjamin -Date: Thu, 16 Aug 2018 16:58:51 -0400 -Subject: [PATCH] Prepend prefix when HTTP path is relative - -This sets a couple of variables. With the url http://www.example.com/foo/bar : -http_path: /foo/bar -http_url: http://www.example.com/foo/bar - -Signed-off-by: Peter Jones ---- - grub-core/kern/main.c | 10 +++++- - grub-core/net/efi/http.c | 82 ++++++++++++++++++++++++++++++++++++------------ - 2 files changed, 71 insertions(+), 21 deletions(-) - -diff --git a/grub-core/kern/main.c b/grub-core/kern/main.c -index da47b18b50e..dcf48726d54 100644 ---- a/grub-core/kern/main.c -+++ b/grub-core/kern/main.c -@@ -130,11 +130,19 @@ grub_set_prefix_and_root (void) - if (fwdevice && fwpath) - { - char *fw_path; -+ char separator[3] = ")"; - -- fw_path = grub_xasprintf ("(%s)/%s", fwdevice, fwpath); -+ grub_dprintf ("fw_path", "\n"); -+ grub_dprintf ("fw_path", "fwdevice:\"%s\" fwpath:\"%s\"\n", fwdevice, fwpath); -+ -+ if (!grub_strncmp(fwdevice, "http", 4) && fwpath[0] != '/') -+ grub_strcpy(separator, ")/"); -+ -+ fw_path = grub_xasprintf ("(%s%s%s", fwdevice, separator, fwpath); - if (fw_path) - { - grub_env_set ("fw_path", fw_path); -+ grub_dprintf ("fw_path", "fw_path:\"%s\"\n", fw_path); - grub_free (fw_path); - } - } -diff --git a/grub-core/net/efi/http.c b/grub-core/net/efi/http.c -index 243acbaa35b..2a9624dacc4 100644 ---- a/grub-core/net/efi/http.c -+++ b/grub-core/net/efi/http.c -@@ -9,10 +9,52 @@ - static void - http_configure (struct grub_efi_net_device *dev, int prefer_ip6) - { -+ grub_efi_ipv6_address_t address; - grub_efi_http_config_data_t http_config; - grub_efi_httpv4_access_point_t httpv4_node; - grub_efi_httpv6_access_point_t httpv6_node; - grub_efi_status_t status; -+ int https; -+ char *http_url; -+ const char *rest, *http_server, *http_path = NULL; -+ -+ http_server = grub_env_get ("root"); -+ https = grub_strncmp (http_server, "https", 5) ? 1 : 0; -+ -+ /* extract http server + port */ -+ if (http_server) -+ { -+ http_server = grub_strchr (http_server, ','); -+ if (http_server) -+ http_server++; -+ } -+ -+ /* fw_path is like (http,192.168.1.1:8000)/httpboot, extract path part */ -+ http_path = grub_env_get ("fw_path"); -+ if (http_path) -+ { -+ http_path = grub_strchr (http_path, ')'); -+ if (http_path) -+ { -+ http_path++; -+ grub_env_unset ("http_path"); -+ grub_env_set ("http_path", http_path); -+ } -+ } -+ -+ if (http_server && http_path) -+ { -+ if (grub_efi_string_to_ip6_address (http_server, &address, &rest) && *rest == 0) -+ http_url = grub_xasprintf ("%s://[%s]%s", https ? "https" : "http", http_server, http_path); -+ else -+ http_url = grub_xasprintf ("%s://%s%s", https ? "https" : "http", http_server, http_path); -+ if (http_url) -+ { -+ grub_env_unset ("http_url"); -+ grub_env_set ("http_url", http_url); -+ grub_free (http_url); -+ } -+ } - - grub_efi_http_t *http = dev->http; - -@@ -352,32 +394,32 @@ grub_efihttp_open (struct grub_efi_net_device *dev, - grub_err_t err; - grub_off_t size; - char *buf; -- char *root_url; -- grub_efi_ipv6_address_t address; -- const char *rest; -+ char *file_name; -+ const char *http_path; - -- if (grub_efi_string_to_ip6_address (file->device->net->server, &address, &rest) && *rest == 0) -- root_url = grub_xasprintf ("%s://[%s]", type ? "https" : "http", file->device->net->server); -+ /* If path is relative, prepend http_path */ -+ http_path = grub_env_get ("http_path"); -+ if (http_path && file->device->net->name[0] != '/') -+ file_name = grub_xasprintf ("%s/%s", http_path, file->device->net->name); - else -- root_url = grub_xasprintf ("%s://%s", type ? "https" : "http", file->device->net->server); -- if (root_url) -- { -- grub_env_unset ("root_url"); -- grub_env_set ("root_url", root_url); -- grub_free (root_url); -- } -- else -- { -- return grub_errno; -- } -+ file_name = grub_strdup (file->device->net->name); - -- err = efihttp_request (dev->http, file->device->net->server, file->device->net->name, type, 1, 0); -+ if (!file_name) -+ return grub_errno; -+ -+ err = efihttp_request (dev->http, file->device->net->server, file_name, type, 1, 0); - if (err != GRUB_ERR_NONE) -- return err; -+ { -+ grub_free (file_name); -+ return err; -+ } - -- err = efihttp_request (dev->http, file->device->net->server, file->device->net->name, type, 0, &size); -+ err = efihttp_request (dev->http, file->device->net->server, file_name, type, 0, &size); -+ grub_free (file_name); - if (err != GRUB_ERR_NONE) -- return err; -+ { -+ return err; -+ } - - buf = grub_malloc (size); - efihttp_read (dev, buf, size); diff --git a/SOURCES/0228-Make-linux_arm_kernel_header.hdr_offset-be-at-the-ri.patch b/SOURCES/0228-Make-linux_arm_kernel_header.hdr_offset-be-at-the-ri.patch deleted file mode 100644 index e0becd6..0000000 --- a/SOURCES/0228-Make-linux_arm_kernel_header.hdr_offset-be-at-the-ri.patch +++ /dev/null @@ -1,71 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Thu, 16 Aug 2018 11:08:11 -0400 -Subject: [PATCH] Make linux_arm_kernel_header.hdr_offset be at the right place - -The kernel in front of me (slightly edited to make objdump work) looks like: - -00000000 4d 5a 10 13 4d 5a 10 13 4d 5a 10 13 4d 5a 10 13 |MZ..MZ..MZ..MZ..| -00000010 4d 5a 10 13 4d 5a 10 13 4d 5a 10 13 00 00 a0 e1 |MZ..MZ..MZ......| -00000020 f6 03 00 ea 18 28 6f 01 00 00 00 00 00 32 74 00 |.....(o......2t.| -00000030 01 02 03 04 45 45 45 45 74 a2 00 00 40 00 00 00 |....EEEEt...@...| -00000040 50 45 00 00 4c 01 04 00 00 00 00 00 00 00 00 00 |PE..L...........| -00000050 00 00 00 00 90 00 06 03 0b 01 02 14 00 20 74 00 |............. t.| -00000060 00 14 00 00 00 00 00 00 b4 19 00 00 00 10 00 00 |................| -00000070 00 30 74 00 00 00 00 00 00 10 00 00 00 02 00 00 |.0t.............| -00000080 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| -00000090 00 44 74 00 00 10 00 00 00 00 00 00 0a 00 00 00 |.Dt.............| -000000a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| -000000b0 00 00 00 00 06 00 00 00 00 00 00 00 00 00 00 00 |................| -000000c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| -* - -(I don't know why the MZ header is there 7 times, but the offsets work out, so -it's merely a surprising distraction.) - -If linux_arm_kernel_header.reserved2 is 16 bytes, that means hdr_offset is -here: - -00000030 01 02 03 04 45 45 45 45 74 a2 00 00 40 00 00 00 |....EEEEt...@...| -00000040 50 45 00 00 4c 01 04 00 00 00 00 00 00 00 00 00 |PE..L...........| - ^^^^^^^^^^^ - -But it's supposed to be 4 bytes before that. - -This patch makes the reserved field be 3*32 instead of 4*32, and that means we -can find the PE header correcrtly at 0x40 by reading the value at 0x3c. - -Signed-off-by: Peter Jones ---- - grub-core/loader/efi/linux.c | 3 +++ - include/grub/arm/linux.h | 2 +- - 2 files changed, 4 insertions(+), 1 deletion(-) - -diff --git a/grub-core/loader/efi/linux.c b/grub-core/loader/efi/linux.c -index 0622dfa48d4..b56ea0bc041 100644 ---- a/grub-core/loader/efi/linux.c -+++ b/grub-core/loader/efi/linux.c -@@ -79,7 +79,10 @@ grub_efi_linux_boot (void *kernel_addr, grub_off_t handover_offset, - offset = 512; - #endif - -+ grub_dprintf ("linux", "kernel_addr: %p handover_offset: %p params: %p\n", -+ kernel_addr, (void *)(grub_efi_uintn_t)handover_offset, kernel_params); - hf = (handover_func)((char *)kernel_addr + handover_offset + offset); -+ grub_dprintf ("linux", "handover_func() = %p\n", hf); - hf (grub_efi_image_handle, grub_efi_system_table, kernel_params); - - return GRUB_ERR_BUG; -diff --git a/include/grub/arm/linux.h b/include/grub/arm/linux.h -index 5900fc8a40c..bed308f22cb 100644 ---- a/include/grub/arm/linux.h -+++ b/include/grub/arm/linux.h -@@ -31,7 +31,7 @@ struct linux_arm_kernel_header { - grub_uint32_t magic; - grub_uint32_t start; /* _start */ - grub_uint32_t end; /* _edata */ -- grub_uint32_t reserved2[4]; -+ grub_uint32_t reserved2[3]; - grub_uint32_t hdr_offset; - }; - diff --git a/SOURCES/0228-Mark-some-unused-stuff-unused.patch b/SOURCES/0228-Mark-some-unused-stuff-unused.patch new file mode 100644 index 0000000..2561754 --- /dev/null +++ b/SOURCES/0228-Mark-some-unused-stuff-unused.patch @@ -0,0 +1,32 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Mon, 27 Aug 2018 13:10:08 -0400 +Subject: [PATCH] Mark some unused stuff unused + +Signed-off-by: Peter Jones +--- + grub-core/commands/blscfg.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/grub-core/commands/blscfg.c b/grub-core/commands/blscfg.c +index bdb1c5a95aa..abd6f00d0de 100644 +--- a/grub-core/commands/blscfg.c ++++ b/grub-core/commands/blscfg.c +@@ -434,7 +434,7 @@ finish: + + static grub_envblk_t saved_env = NULL; + +-static int ++static int UNUSED + save_var (const char *name, const char *value, void *whitelist UNUSED) + { + const char *val = grub_env_get (name); +@@ -446,7 +446,7 @@ save_var (const char *name, const char *value, void *whitelist UNUSED) + return 0; + } + +-static int ++static int UNUSED + unset_var (const char *name, const char *value UNUSED, void *whitelist) + { + grub_dprintf("blscfg", "restoring \"%s\"\n", name); diff --git a/SOURCES/0229-Make-grub_error-more-verbose.patch b/SOURCES/0229-Make-grub_error-more-verbose.patch new file mode 100644 index 0000000..6fffdeb --- /dev/null +++ b/SOURCES/0229-Make-grub_error-more-verbose.patch @@ -0,0 +1,98 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Mon, 27 Aug 2018 13:14:06 -0400 +Subject: [PATCH] Make grub_error() more verbose + +Signed-off-by: Peter Jones +--- + grub-core/kern/efi/mm.c | 17 ++++++++++++++--- + grub-core/kern/err.c | 13 +++++++++++-- + include/grub/err.h | 5 ++++- + 3 files changed, 29 insertions(+), 6 deletions(-) + +diff --git a/grub-core/kern/efi/mm.c b/grub-core/kern/efi/mm.c +index 5cdf6c943f2..7692e63ba24 100644 +--- a/grub-core/kern/efi/mm.c ++++ b/grub-core/kern/efi/mm.c +@@ -157,12 +157,20 @@ grub_efi_allocate_pages_real (grub_efi_physical_address_t address, + + /* Limit the memory access to less than 4GB for 32-bit platforms. */ + if (address > GRUB_EFI_MAX_USABLE_ADDRESS) +- return 0; ++ { ++ grub_error (GRUB_ERR_BAD_ARGUMENT, ++ N_("invalid memory address (0x%llx > 0x%llx)"), ++ address, GRUB_EFI_MAX_USABLE_ADDRESS); ++ return NULL; ++ } + + b = grub_efi_system_table->boot_services; + status = efi_call_4 (b->allocate_pages, alloctype, memtype, pages, &address); + if (status != GRUB_EFI_SUCCESS) +- return 0; ++ { ++ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory")); ++ return NULL; ++ } + + if (address == 0) + { +@@ -172,7 +180,10 @@ grub_efi_allocate_pages_real (grub_efi_physical_address_t address, + status = efi_call_4 (b->allocate_pages, alloctype, memtype, pages, &address); + grub_efi_free_pages (0, pages); + if (status != GRUB_EFI_SUCCESS) +- return 0; ++ { ++ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory")); ++ return NULL; ++ } + } + + grub_efi_store_alloc (address, pages); +diff --git a/grub-core/kern/err.c b/grub-core/kern/err.c +index 53c734de70e..aebfe0cf839 100644 +--- a/grub-core/kern/err.c ++++ b/grub-core/kern/err.c +@@ -33,15 +33,24 @@ static struct grub_error_saved grub_error_stack_items[GRUB_ERROR_STACK_SIZE]; + static int grub_error_stack_pos; + static int grub_error_stack_assert; + ++#ifdef grub_error ++#undef grub_error ++#endif ++ + grub_err_t +-grub_error (grub_err_t n, const char *fmt, ...) ++grub_error (grub_err_t n, const char *file, const int line, const char *fmt, ...) + { + va_list ap; ++ int m; + + grub_errno = n; + ++ m = grub_snprintf (grub_errmsg, sizeof (grub_errmsg), "%s:%d:", file, line); ++ if (m < 0) ++ m = 0; ++ + va_start (ap, fmt); +- grub_vsnprintf (grub_errmsg, sizeof (grub_errmsg), _(fmt), ap); ++ grub_vsnprintf (grub_errmsg + m, sizeof (grub_errmsg) - m, _(fmt), ap); + va_end (ap); + + return n; +diff --git a/include/grub/err.h b/include/grub/err.h +index 1590c688e1d..9b830757d35 100644 +--- a/include/grub/err.h ++++ b/include/grub/err.h +@@ -84,7 +84,10 @@ struct grub_error_saved + extern grub_err_t EXPORT_VAR(grub_errno); + extern char EXPORT_VAR(grub_errmsg)[GRUB_MAX_ERRMSG]; + +-grub_err_t EXPORT_FUNC(grub_error) (grub_err_t n, const char *fmt, ...); ++grub_err_t EXPORT_FUNC(grub_error) (grub_err_t n, const char *file, const int line, const char *fmt, ...); ++ ++#define grub_error(n, fmt, ...) grub_error (n, __FILE__, __LINE__, fmt, ##__VA_ARGS__) ++ + void EXPORT_FUNC(grub_fatal) (const char *fmt, ...) __attribute__ ((noreturn)); + void EXPORT_FUNC(grub_error_push) (void); + int EXPORT_FUNC(grub_error_pop) (void); diff --git a/SOURCES/0229-Mark-some-unused-stuff-unused.patch b/SOURCES/0229-Mark-some-unused-stuff-unused.patch deleted file mode 100644 index 2561754..0000000 --- a/SOURCES/0229-Mark-some-unused-stuff-unused.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Mon, 27 Aug 2018 13:10:08 -0400 -Subject: [PATCH] Mark some unused stuff unused - -Signed-off-by: Peter Jones ---- - grub-core/commands/blscfg.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/grub-core/commands/blscfg.c b/grub-core/commands/blscfg.c -index bdb1c5a95aa..abd6f00d0de 100644 ---- a/grub-core/commands/blscfg.c -+++ b/grub-core/commands/blscfg.c -@@ -434,7 +434,7 @@ finish: - - static grub_envblk_t saved_env = NULL; - --static int -+static int UNUSED - save_var (const char *name, const char *value, void *whitelist UNUSED) - { - const char *val = grub_env_get (name); -@@ -446,7 +446,7 @@ save_var (const char *name, const char *value, void *whitelist UNUSED) - return 0; - } - --static int -+static int UNUSED - unset_var (const char *name, const char *value UNUSED, void *whitelist) - { - grub_dprintf("blscfg", "restoring \"%s\"\n", name); diff --git a/SOURCES/0230-Make-grub_error-more-verbose.patch b/SOURCES/0230-Make-grub_error-more-verbose.patch deleted file mode 100644 index 6fffdeb..0000000 --- a/SOURCES/0230-Make-grub_error-more-verbose.patch +++ /dev/null @@ -1,98 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Mon, 27 Aug 2018 13:14:06 -0400 -Subject: [PATCH] Make grub_error() more verbose - -Signed-off-by: Peter Jones ---- - grub-core/kern/efi/mm.c | 17 ++++++++++++++--- - grub-core/kern/err.c | 13 +++++++++++-- - include/grub/err.h | 5 ++++- - 3 files changed, 29 insertions(+), 6 deletions(-) - -diff --git a/grub-core/kern/efi/mm.c b/grub-core/kern/efi/mm.c -index 5cdf6c943f2..7692e63ba24 100644 ---- a/grub-core/kern/efi/mm.c -+++ b/grub-core/kern/efi/mm.c -@@ -157,12 +157,20 @@ grub_efi_allocate_pages_real (grub_efi_physical_address_t address, - - /* Limit the memory access to less than 4GB for 32-bit platforms. */ - if (address > GRUB_EFI_MAX_USABLE_ADDRESS) -- return 0; -+ { -+ grub_error (GRUB_ERR_BAD_ARGUMENT, -+ N_("invalid memory address (0x%llx > 0x%llx)"), -+ address, GRUB_EFI_MAX_USABLE_ADDRESS); -+ return NULL; -+ } - - b = grub_efi_system_table->boot_services; - status = efi_call_4 (b->allocate_pages, alloctype, memtype, pages, &address); - if (status != GRUB_EFI_SUCCESS) -- return 0; -+ { -+ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory")); -+ return NULL; -+ } - - if (address == 0) - { -@@ -172,7 +180,10 @@ grub_efi_allocate_pages_real (grub_efi_physical_address_t address, - status = efi_call_4 (b->allocate_pages, alloctype, memtype, pages, &address); - grub_efi_free_pages (0, pages); - if (status != GRUB_EFI_SUCCESS) -- return 0; -+ { -+ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory")); -+ return NULL; -+ } - } - - grub_efi_store_alloc (address, pages); -diff --git a/grub-core/kern/err.c b/grub-core/kern/err.c -index 53c734de70e..aebfe0cf839 100644 ---- a/grub-core/kern/err.c -+++ b/grub-core/kern/err.c -@@ -33,15 +33,24 @@ static struct grub_error_saved grub_error_stack_items[GRUB_ERROR_STACK_SIZE]; - static int grub_error_stack_pos; - static int grub_error_stack_assert; - -+#ifdef grub_error -+#undef grub_error -+#endif -+ - grub_err_t --grub_error (grub_err_t n, const char *fmt, ...) -+grub_error (grub_err_t n, const char *file, const int line, const char *fmt, ...) - { - va_list ap; -+ int m; - - grub_errno = n; - -+ m = grub_snprintf (grub_errmsg, sizeof (grub_errmsg), "%s:%d:", file, line); -+ if (m < 0) -+ m = 0; -+ - va_start (ap, fmt); -- grub_vsnprintf (grub_errmsg, sizeof (grub_errmsg), _(fmt), ap); -+ grub_vsnprintf (grub_errmsg + m, sizeof (grub_errmsg) - m, _(fmt), ap); - va_end (ap); - - return n; -diff --git a/include/grub/err.h b/include/grub/err.h -index 1590c688e1d..9b830757d35 100644 ---- a/include/grub/err.h -+++ b/include/grub/err.h -@@ -84,7 +84,10 @@ struct grub_error_saved - extern grub_err_t EXPORT_VAR(grub_errno); - extern char EXPORT_VAR(grub_errmsg)[GRUB_MAX_ERRMSG]; - --grub_err_t EXPORT_FUNC(grub_error) (grub_err_t n, const char *fmt, ...); -+grub_err_t EXPORT_FUNC(grub_error) (grub_err_t n, const char *file, const int line, const char *fmt, ...); -+ -+#define grub_error(n, fmt, ...) grub_error (n, __FILE__, __LINE__, fmt, ##__VA_ARGS__) -+ - void EXPORT_FUNC(grub_fatal) (const char *fmt, ...) __attribute__ ((noreturn)); - void EXPORT_FUNC(grub_error_push) (void); - int EXPORT_FUNC(grub_error_pop) (void); diff --git a/SOURCES/0230-arm-arm64-loader-Better-memory-allocation-and-error-.patch b/SOURCES/0230-arm-arm64-loader-Better-memory-allocation-and-error-.patch new file mode 100644 index 0000000..a5cc064 --- /dev/null +++ b/SOURCES/0230-arm-arm64-loader-Better-memory-allocation-and-error-.patch @@ -0,0 +1,307 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Tue, 14 Aug 2018 14:07:44 -0400 +Subject: [PATCH] arm/arm64 loader: Better memory allocation and error + messages. + +On mustang, our memory map looks like: + +Type Physical start - end #Pages Size Attributes +reserved 0000004000000000-00000040001fffff 00000200 2MiB UC WC WT WB +conv-mem 0000004000200000-0000004393ffffff 00393e00 14654MiB UC WC WT WB +ldr-code 0000004394000000-00000043f7ffffff 00064000 1600MiB UC WC WT WB +BS-data 00000043f8000000-00000043f801ffff 00000020 128KiB UC WC WT WB +conv-mem 00000043f8020000-00000043fa15bfff 0000213c 34032KiB UC WC WT WB +ldr-code 00000043fa15c000-00000043fa2a1fff 00000146 1304KiB UC WC WT WB +ldr-data 00000043fa2a2000-00000043fa3e8fff 00000147 1308KiB UC WC WT WB +conv-mem 00000043fa3e9000-00000043fa3e9fff 00000001 4KiB UC WC WT WB +ldr-data 00000043fa3ea000-00000043fa3eafff 00000001 4KiB UC WC WT WB +ldr-code 00000043fa3eb000-00000043fa4affff 000000c5 788KiB UC WC WT WB +BS-code 00000043fa4b0000-00000043fa59ffff 000000f0 960KiB UC WC WT WB +RT-code 00000043fa5a0000-00000043fa5affff 00000010 64KiB RT UC WC WT WB +RT-data 00000043fa5b0000-00000043fa5bffff 00000010 64KiB RT UC WC WT WB +RT-code 00000043fa5c0000-00000043fa5cffff 00000010 64KiB RT UC WC WT WB +ldr-data 00000043fa5d0000-00000043fa5d0fff 00000001 4KiB UC WC WT WB +BS-code 00000043fa5d1000-00000043fa5ddfff 0000000d 52KiB UC WC WT WB +reserved 00000043fa5de000-00000043fa60ffff 00000032 200KiB UC WC WT WB +ACPI-rec 00000043fa610000-00000043fa6affff 000000a0 640KiB UC WC WT WB +ACPI-nvs 00000043fa6b0000-00000043fa6bffff 00000010 64KiB UC WC WT WB +ACPI-rec 00000043fa6c0000-00000043fa70ffff 00000050 320KiB UC WC WT WB +RT-code 00000043fa710000-00000043fa72ffff 00000020 128KiB RT UC WC WT WB +RT-data 00000043fa730000-00000043fa78ffff 00000060 384KiB RT UC WC WT WB +RT-code 00000043fa790000-00000043fa79ffff 00000010 64KiB RT UC WC WT WB +RT-data 00000043fa7a0000-00000043fa99ffff 00000200 2MiB RT UC WC WT WB +RT-code 00000043fa9a0000-00000043fa9affff 00000010 64KiB RT UC WC WT WB +RT-data 00000043fa9b0000-00000043fa9cffff 00000020 128KiB RT UC WC WT WB +BS-code 00000043fa9d0000-00000043fa9d9fff 0000000a 40KiB UC WC WT WB +reserved 00000043fa9da000-00000043fa9dbfff 00000002 8KiB UC WC WT WB +conv-mem 00000043fa9dc000-00000043fc29dfff 000018c2 25352KiB UC WC WT WB +BS-data 00000043fc29e000-00000043fc78afff 000004ed 5044KiB UC WC WT WB +conv-mem 00000043fc78b000-00000043fca01fff 00000277 2524KiB UC WC WT WB +BS-data 00000043fca02000-00000043fcea3fff 000004a2 4744KiB UC WC WT WB +conv-mem 00000043fcea4000-00000043fcea4fff 00000001 4KiB UC WC WT WB +BS-data 00000043fcea5000-00000043fd192fff 000002ee 3000KiB UC WC WT WB +conv-mem 00000043fd193000-00000043fd2b0fff 0000011e 1144KiB UC WC WT WB +BS-data 00000043fd2b1000-00000043ff80ffff 0000255f 38268KiB UC WC WT WB +BS-code 00000043ff810000-00000043ff99ffff 00000190 1600KiB UC WC WT WB +RT-code 00000043ff9a0000-00000043ff9affff 00000010 64KiB RT UC WC WT WB +conv-mem 00000043ff9b0000-00000043ff9bffff 00000010 64KiB UC WC WT WB +RT-data 00000043ff9c0000-00000043ff9effff 00000030 192KiB RT UC WC WT WB +conv-mem 00000043ff9f0000-00000043ffa05fff 00000016 88KiB UC WC WT WB +BS-data 00000043ffa06000-00000043ffffffff 000005fa 6120KiB UC WC WT WB +MMIO 0000000010510000-0000000010510fff 00000001 4KiB RT +MMIO 0000000010548000-0000000010549fff 00000002 8KiB RT +MMIO 0000000017000000-0000000017001fff 00000002 8KiB RT +MMIO 000000001c025000-000000001c025fff 00000001 4KiB RT + +When we're trying to find the base of ram, if we start with GRUB_UINT_MAX +(0xffffffff on all platforms) and always use min(), that means we eventually +decide that the base of ram is GRUB_UINT_MAX, which is lower than our first +memory address, and thus our allocation of the initramfs, which specifies this +value as the maximum possible address it can be at, fails. + +This patch changes it to start at GRUB_EFI_MAX_USABLE_ADDRESS, which is always +at least 0xffffffff on 32-bit platforms and at least 0x7ffffffffffffff on +64-bit platforms. Additionally, this adds a requirement that the memory we +choose is actually /allocatable/ conventional memory, not merely +write-combining. On this machine that means we wind up with an allocation +around 0x4392XXXXXX, which is a reasonable address. + +This also changes grub_efi_allocate_pages_real() so that if 0 is allocated, it +tries to allocate again starting with the same max address it did the first +time, rather than interposing GRUB_EFI_MAX_USABLE_ADDRESS there, so that any +per-platform constraints on its given address are maintained. + +Signed-off-by: Peter Jones +--- + grub-core/kern/efi/mm.c | 32 ++++++++++++----- + grub-core/loader/arm64/linux.c | 78 ++++++++++++++++++++++++++++++++---------- + 2 files changed, 82 insertions(+), 28 deletions(-) + +diff --git a/grub-core/kern/efi/mm.c b/grub-core/kern/efi/mm.c +index 7692e63ba24..306924f73a4 100644 +--- a/grub-core/kern/efi/mm.c ++++ b/grub-core/kern/efi/mm.c +@@ -154,6 +154,7 @@ grub_efi_allocate_pages_real (grub_efi_physical_address_t address, + { + grub_efi_status_t status; + grub_efi_boot_services_t *b; ++ grub_efi_physical_address_t ret = address; + + /* Limit the memory access to less than 4GB for 32-bit platforms. */ + if (address > GRUB_EFI_MAX_USABLE_ADDRESS) +@@ -165,19 +166,19 @@ grub_efi_allocate_pages_real (grub_efi_physical_address_t address, + } + + b = grub_efi_system_table->boot_services; +- status = efi_call_4 (b->allocate_pages, alloctype, memtype, pages, &address); ++ status = efi_call_4 (b->allocate_pages, alloctype, memtype, pages, &ret); + if (status != GRUB_EFI_SUCCESS) + { + grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory")); + return NULL; + } + +- if (address == 0) ++ if (ret == 0) + { + /* Uggh, the address 0 was allocated... This is too annoying, + so reallocate another one. */ +- address = GRUB_EFI_MAX_USABLE_ADDRESS; +- status = efi_call_4 (b->allocate_pages, alloctype, memtype, pages, &address); ++ ret = address; ++ status = efi_call_4 (b->allocate_pages, alloctype, memtype, pages, &ret); + grub_efi_free_pages (0, pages); + if (status != GRUB_EFI_SUCCESS) + { +@@ -186,9 +187,9 @@ grub_efi_allocate_pages_real (grub_efi_physical_address_t address, + } + } + +- grub_efi_store_alloc (address, pages); ++ grub_efi_store_alloc (ret, pages); + +- return (void *) ((grub_addr_t) address); ++ return (void *) ((grub_addr_t) ret); + } + + void * +@@ -696,11 +697,24 @@ grub_efi_get_ram_base(grub_addr_t *base_addr) + if (ret < 1) + return GRUB_ERR_BUG; + +- for (desc = memory_map, *base_addr = GRUB_UINT_MAX; ++ for (desc = memory_map, *base_addr = GRUB_EFI_MAX_USABLE_ADDRESS; + (grub_addr_t) desc < ((grub_addr_t) memory_map + memory_map_size); + desc = NEXT_MEMORY_DESCRIPTOR (desc, desc_size)) +- if (desc->attribute & GRUB_EFI_MEMORY_WB) +- *base_addr = grub_min (*base_addr, desc->physical_start); ++ { ++ if (desc->type == GRUB_EFI_CONVENTIONAL_MEMORY && ++ (desc->attribute & GRUB_EFI_MEMORY_WB)) ++ { ++ *base_addr = grub_min (*base_addr, desc->physical_start); ++ grub_dprintf ("efi", "setting base_addr=0x%016lx\n", *base_addr); ++ } ++ else ++ { ++ grub_dprintf ("efi", "ignoring address 0x%016lx\n", desc->physical_start); ++ } ++ } ++ ++ if (*base_addr == GRUB_EFI_MAX_USABLE_ADDRESS) ++ grub_dprintf ("efi", "base_addr 0x%016lx is probably wrong.\n", *base_addr); + + grub_free(memory_map); + +diff --git a/grub-core/loader/arm64/linux.c b/grub-core/loader/arm64/linux.c +index 93b5cd306eb..e1110749eb9 100644 +--- a/grub-core/loader/arm64/linux.c ++++ b/grub-core/loader/arm64/linux.c +@@ -70,13 +70,15 @@ finalize_params_linux (void) + { + grub_efi_loaded_image_t *loaded_image = NULL; + int node, retval, len; +- ++ grub_err_t err = GRUB_ERR_NONE; + void *fdt; + + fdt = grub_fdt_load (0x400); +- + if (!fdt) +- goto failure; ++ { ++ err = grub_error(GRUB_ERR_BAD_OS, "failed to load FDT"); ++ goto failure; ++ } + + node = grub_fdt_find_subnode (fdt, 0, "chosen"); + if (node < 0) +@@ -87,17 +89,26 @@ finalize_params_linux (void) + */ + retval = grub_fdt_set_prop32(fdt, 0, "#address-cells", 2); + if (retval) +- goto failure; ++ { ++ err = grub_error(retval, "Could not find #address-cells"); ++ goto failure; ++ } + + retval = grub_fdt_set_prop32(fdt, 0, "#size-cells", 2); + if (retval) +- goto failure; ++ { ++ err = grub_error(retval, "Could not find #size-cells"); ++ goto failure; ++ } + + node = grub_fdt_add_subnode (fdt, 0, "chosen"); + } + + if (node < 1) +- goto failure; ++ { ++ err = grub_error(grub_errno, "failed to load chosen fdt node."); ++ goto failure; ++ } + + /* Set initrd info */ + if (initrd_start && initrd_end > initrd_start) +@@ -108,15 +119,26 @@ finalize_params_linux (void) + retval = grub_fdt_set_prop64 (fdt, node, "linux,initrd-start", + initrd_start); + if (retval) +- goto failure; ++ { ++ err = grub_error(retval, "Failed to set linux,initrd-start property"); ++ goto failure; ++ } ++ + retval = grub_fdt_set_prop64 (fdt, node, "linux,initrd-end", + initrd_end); + if (retval) +- goto failure; ++ { ++ err = grub_error(retval, "Failed to set linux,initrd-end property"); ++ goto failure; ++ } + } + +- if (grub_fdt_install() != GRUB_ERR_NONE) +- goto failure; ++ retval = grub_fdt_install(); ++ if (retval != GRUB_ERR_NONE) ++ { ++ err = grub_error(retval, "Failed to install fdt"); ++ goto failure; ++ } + + grub_dprintf ("linux", "Installed/updated FDT configuration table @ %p\n", + fdt); +@@ -124,14 +146,20 @@ finalize_params_linux (void) + /* Convert command line to UCS-2 */ + loaded_image = grub_efi_get_loaded_image (grub_efi_image_handle); + if (!loaded_image) +- goto failure; ++ { ++ err = grub_error(grub_errno, "Failed to install fdt"); ++ goto failure; ++ } + + loaded_image->load_options_size = len = + (grub_strlen (linux_args) + 1) * sizeof (grub_efi_char16_t); + loaded_image->load_options = + grub_efi_allocate_any_pages (GRUB_EFI_BYTES_TO_PAGES (loaded_image->load_options_size)); + if (!loaded_image->load_options) +- return grub_error(GRUB_ERR_BAD_OS, "failed to create kernel parameters"); ++ { ++ err = grub_error(GRUB_ERR_BAD_OS, "failed to create kernel parameters"); ++ goto failure; ++ } + + loaded_image->load_options_size = + 2 * grub_utf8_to_utf16 (loaded_image->load_options, len, +@@ -141,7 +169,7 @@ finalize_params_linux (void) + + failure: + grub_fdt_unload(); +- return grub_error(GRUB_ERR_BAD_OS, "failed to install/update FDT"); ++ return err; + } + + static void +@@ -225,16 +253,28 @@ grub_linux_unload (void) + static void * + allocate_initrd_mem (int initrd_pages) + { +- grub_addr_t max_addr; ++ grub_addr_t max_addr = 0; ++ grub_err_t err; ++ void *ret; + +- if (grub_efi_get_ram_base (&max_addr) != GRUB_ERR_NONE) +- return NULL; ++ err = grub_efi_get_ram_base (&max_addr); ++ if (err != GRUB_ERR_NONE) ++ { ++ grub_error (err, "grub_efi_get_ram_base() failed"); ++ return NULL; ++ } ++ ++ grub_dprintf ("linux", "max_addr: 0x%016lx, INITRD_MAX_ADDRESS_OFFSET: 0x%016llx\n", ++ max_addr, INITRD_MAX_ADDRESS_OFFSET); + + max_addr += INITRD_MAX_ADDRESS_OFFSET - 1; ++ grub_dprintf ("linux", "calling grub_efi_allocate_pages_real (0x%016lx, 0x%08x, EFI_ALLOCATE_MAX_ADDRESS, EFI_LOADER_DATA)", max_addr, initrd_pages); + +- return grub_efi_allocate_pages_real (max_addr, initrd_pages, +- GRUB_EFI_ALLOCATE_MAX_ADDRESS, +- GRUB_EFI_LOADER_DATA); ++ ret = grub_efi_allocate_pages_real (max_addr, initrd_pages, ++ GRUB_EFI_ALLOCATE_MAX_ADDRESS, ++ GRUB_EFI_LOADER_DATA); ++ grub_dprintf ("linux", "got 0x%016llx\n", (unsigned long long)ret); ++ return ret; + } + + static grub_err_t diff --git a/SOURCES/0231-arm-arm64-loader-Better-memory-allocation-and-error-.patch b/SOURCES/0231-arm-arm64-loader-Better-memory-allocation-and-error-.patch deleted file mode 100644 index a5cc064..0000000 --- a/SOURCES/0231-arm-arm64-loader-Better-memory-allocation-and-error-.patch +++ /dev/null @@ -1,307 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Tue, 14 Aug 2018 14:07:44 -0400 -Subject: [PATCH] arm/arm64 loader: Better memory allocation and error - messages. - -On mustang, our memory map looks like: - -Type Physical start - end #Pages Size Attributes -reserved 0000004000000000-00000040001fffff 00000200 2MiB UC WC WT WB -conv-mem 0000004000200000-0000004393ffffff 00393e00 14654MiB UC WC WT WB -ldr-code 0000004394000000-00000043f7ffffff 00064000 1600MiB UC WC WT WB -BS-data 00000043f8000000-00000043f801ffff 00000020 128KiB UC WC WT WB -conv-mem 00000043f8020000-00000043fa15bfff 0000213c 34032KiB UC WC WT WB -ldr-code 00000043fa15c000-00000043fa2a1fff 00000146 1304KiB UC WC WT WB -ldr-data 00000043fa2a2000-00000043fa3e8fff 00000147 1308KiB UC WC WT WB -conv-mem 00000043fa3e9000-00000043fa3e9fff 00000001 4KiB UC WC WT WB -ldr-data 00000043fa3ea000-00000043fa3eafff 00000001 4KiB UC WC WT WB -ldr-code 00000043fa3eb000-00000043fa4affff 000000c5 788KiB UC WC WT WB -BS-code 00000043fa4b0000-00000043fa59ffff 000000f0 960KiB UC WC WT WB -RT-code 00000043fa5a0000-00000043fa5affff 00000010 64KiB RT UC WC WT WB -RT-data 00000043fa5b0000-00000043fa5bffff 00000010 64KiB RT UC WC WT WB -RT-code 00000043fa5c0000-00000043fa5cffff 00000010 64KiB RT UC WC WT WB -ldr-data 00000043fa5d0000-00000043fa5d0fff 00000001 4KiB UC WC WT WB -BS-code 00000043fa5d1000-00000043fa5ddfff 0000000d 52KiB UC WC WT WB -reserved 00000043fa5de000-00000043fa60ffff 00000032 200KiB UC WC WT WB -ACPI-rec 00000043fa610000-00000043fa6affff 000000a0 640KiB UC WC WT WB -ACPI-nvs 00000043fa6b0000-00000043fa6bffff 00000010 64KiB UC WC WT WB -ACPI-rec 00000043fa6c0000-00000043fa70ffff 00000050 320KiB UC WC WT WB -RT-code 00000043fa710000-00000043fa72ffff 00000020 128KiB RT UC WC WT WB -RT-data 00000043fa730000-00000043fa78ffff 00000060 384KiB RT UC WC WT WB -RT-code 00000043fa790000-00000043fa79ffff 00000010 64KiB RT UC WC WT WB -RT-data 00000043fa7a0000-00000043fa99ffff 00000200 2MiB RT UC WC WT WB -RT-code 00000043fa9a0000-00000043fa9affff 00000010 64KiB RT UC WC WT WB -RT-data 00000043fa9b0000-00000043fa9cffff 00000020 128KiB RT UC WC WT WB -BS-code 00000043fa9d0000-00000043fa9d9fff 0000000a 40KiB UC WC WT WB -reserved 00000043fa9da000-00000043fa9dbfff 00000002 8KiB UC WC WT WB -conv-mem 00000043fa9dc000-00000043fc29dfff 000018c2 25352KiB UC WC WT WB -BS-data 00000043fc29e000-00000043fc78afff 000004ed 5044KiB UC WC WT WB -conv-mem 00000043fc78b000-00000043fca01fff 00000277 2524KiB UC WC WT WB -BS-data 00000043fca02000-00000043fcea3fff 000004a2 4744KiB UC WC WT WB -conv-mem 00000043fcea4000-00000043fcea4fff 00000001 4KiB UC WC WT WB -BS-data 00000043fcea5000-00000043fd192fff 000002ee 3000KiB UC WC WT WB -conv-mem 00000043fd193000-00000043fd2b0fff 0000011e 1144KiB UC WC WT WB -BS-data 00000043fd2b1000-00000043ff80ffff 0000255f 38268KiB UC WC WT WB -BS-code 00000043ff810000-00000043ff99ffff 00000190 1600KiB UC WC WT WB -RT-code 00000043ff9a0000-00000043ff9affff 00000010 64KiB RT UC WC WT WB -conv-mem 00000043ff9b0000-00000043ff9bffff 00000010 64KiB UC WC WT WB -RT-data 00000043ff9c0000-00000043ff9effff 00000030 192KiB RT UC WC WT WB -conv-mem 00000043ff9f0000-00000043ffa05fff 00000016 88KiB UC WC WT WB -BS-data 00000043ffa06000-00000043ffffffff 000005fa 6120KiB UC WC WT WB -MMIO 0000000010510000-0000000010510fff 00000001 4KiB RT -MMIO 0000000010548000-0000000010549fff 00000002 8KiB RT -MMIO 0000000017000000-0000000017001fff 00000002 8KiB RT -MMIO 000000001c025000-000000001c025fff 00000001 4KiB RT - -When we're trying to find the base of ram, if we start with GRUB_UINT_MAX -(0xffffffff on all platforms) and always use min(), that means we eventually -decide that the base of ram is GRUB_UINT_MAX, which is lower than our first -memory address, and thus our allocation of the initramfs, which specifies this -value as the maximum possible address it can be at, fails. - -This patch changes it to start at GRUB_EFI_MAX_USABLE_ADDRESS, which is always -at least 0xffffffff on 32-bit platforms and at least 0x7ffffffffffffff on -64-bit platforms. Additionally, this adds a requirement that the memory we -choose is actually /allocatable/ conventional memory, not merely -write-combining. On this machine that means we wind up with an allocation -around 0x4392XXXXXX, which is a reasonable address. - -This also changes grub_efi_allocate_pages_real() so that if 0 is allocated, it -tries to allocate again starting with the same max address it did the first -time, rather than interposing GRUB_EFI_MAX_USABLE_ADDRESS there, so that any -per-platform constraints on its given address are maintained. - -Signed-off-by: Peter Jones ---- - grub-core/kern/efi/mm.c | 32 ++++++++++++----- - grub-core/loader/arm64/linux.c | 78 ++++++++++++++++++++++++++++++++---------- - 2 files changed, 82 insertions(+), 28 deletions(-) - -diff --git a/grub-core/kern/efi/mm.c b/grub-core/kern/efi/mm.c -index 7692e63ba24..306924f73a4 100644 ---- a/grub-core/kern/efi/mm.c -+++ b/grub-core/kern/efi/mm.c -@@ -154,6 +154,7 @@ grub_efi_allocate_pages_real (grub_efi_physical_address_t address, - { - grub_efi_status_t status; - grub_efi_boot_services_t *b; -+ grub_efi_physical_address_t ret = address; - - /* Limit the memory access to less than 4GB for 32-bit platforms. */ - if (address > GRUB_EFI_MAX_USABLE_ADDRESS) -@@ -165,19 +166,19 @@ grub_efi_allocate_pages_real (grub_efi_physical_address_t address, - } - - b = grub_efi_system_table->boot_services; -- status = efi_call_4 (b->allocate_pages, alloctype, memtype, pages, &address); -+ status = efi_call_4 (b->allocate_pages, alloctype, memtype, pages, &ret); - if (status != GRUB_EFI_SUCCESS) - { - grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory")); - return NULL; - } - -- if (address == 0) -+ if (ret == 0) - { - /* Uggh, the address 0 was allocated... This is too annoying, - so reallocate another one. */ -- address = GRUB_EFI_MAX_USABLE_ADDRESS; -- status = efi_call_4 (b->allocate_pages, alloctype, memtype, pages, &address); -+ ret = address; -+ status = efi_call_4 (b->allocate_pages, alloctype, memtype, pages, &ret); - grub_efi_free_pages (0, pages); - if (status != GRUB_EFI_SUCCESS) - { -@@ -186,9 +187,9 @@ grub_efi_allocate_pages_real (grub_efi_physical_address_t address, - } - } - -- grub_efi_store_alloc (address, pages); -+ grub_efi_store_alloc (ret, pages); - -- return (void *) ((grub_addr_t) address); -+ return (void *) ((grub_addr_t) ret); - } - - void * -@@ -696,11 +697,24 @@ grub_efi_get_ram_base(grub_addr_t *base_addr) - if (ret < 1) - return GRUB_ERR_BUG; - -- for (desc = memory_map, *base_addr = GRUB_UINT_MAX; -+ for (desc = memory_map, *base_addr = GRUB_EFI_MAX_USABLE_ADDRESS; - (grub_addr_t) desc < ((grub_addr_t) memory_map + memory_map_size); - desc = NEXT_MEMORY_DESCRIPTOR (desc, desc_size)) -- if (desc->attribute & GRUB_EFI_MEMORY_WB) -- *base_addr = grub_min (*base_addr, desc->physical_start); -+ { -+ if (desc->type == GRUB_EFI_CONVENTIONAL_MEMORY && -+ (desc->attribute & GRUB_EFI_MEMORY_WB)) -+ { -+ *base_addr = grub_min (*base_addr, desc->physical_start); -+ grub_dprintf ("efi", "setting base_addr=0x%016lx\n", *base_addr); -+ } -+ else -+ { -+ grub_dprintf ("efi", "ignoring address 0x%016lx\n", desc->physical_start); -+ } -+ } -+ -+ if (*base_addr == GRUB_EFI_MAX_USABLE_ADDRESS) -+ grub_dprintf ("efi", "base_addr 0x%016lx is probably wrong.\n", *base_addr); - - grub_free(memory_map); - -diff --git a/grub-core/loader/arm64/linux.c b/grub-core/loader/arm64/linux.c -index 93b5cd306eb..e1110749eb9 100644 ---- a/grub-core/loader/arm64/linux.c -+++ b/grub-core/loader/arm64/linux.c -@@ -70,13 +70,15 @@ finalize_params_linux (void) - { - grub_efi_loaded_image_t *loaded_image = NULL; - int node, retval, len; -- -+ grub_err_t err = GRUB_ERR_NONE; - void *fdt; - - fdt = grub_fdt_load (0x400); -- - if (!fdt) -- goto failure; -+ { -+ err = grub_error(GRUB_ERR_BAD_OS, "failed to load FDT"); -+ goto failure; -+ } - - node = grub_fdt_find_subnode (fdt, 0, "chosen"); - if (node < 0) -@@ -87,17 +89,26 @@ finalize_params_linux (void) - */ - retval = grub_fdt_set_prop32(fdt, 0, "#address-cells", 2); - if (retval) -- goto failure; -+ { -+ err = grub_error(retval, "Could not find #address-cells"); -+ goto failure; -+ } - - retval = grub_fdt_set_prop32(fdt, 0, "#size-cells", 2); - if (retval) -- goto failure; -+ { -+ err = grub_error(retval, "Could not find #size-cells"); -+ goto failure; -+ } - - node = grub_fdt_add_subnode (fdt, 0, "chosen"); - } - - if (node < 1) -- goto failure; -+ { -+ err = grub_error(grub_errno, "failed to load chosen fdt node."); -+ goto failure; -+ } - - /* Set initrd info */ - if (initrd_start && initrd_end > initrd_start) -@@ -108,15 +119,26 @@ finalize_params_linux (void) - retval = grub_fdt_set_prop64 (fdt, node, "linux,initrd-start", - initrd_start); - if (retval) -- goto failure; -+ { -+ err = grub_error(retval, "Failed to set linux,initrd-start property"); -+ goto failure; -+ } -+ - retval = grub_fdt_set_prop64 (fdt, node, "linux,initrd-end", - initrd_end); - if (retval) -- goto failure; -+ { -+ err = grub_error(retval, "Failed to set linux,initrd-end property"); -+ goto failure; -+ } - } - -- if (grub_fdt_install() != GRUB_ERR_NONE) -- goto failure; -+ retval = grub_fdt_install(); -+ if (retval != GRUB_ERR_NONE) -+ { -+ err = grub_error(retval, "Failed to install fdt"); -+ goto failure; -+ } - - grub_dprintf ("linux", "Installed/updated FDT configuration table @ %p\n", - fdt); -@@ -124,14 +146,20 @@ finalize_params_linux (void) - /* Convert command line to UCS-2 */ - loaded_image = grub_efi_get_loaded_image (grub_efi_image_handle); - if (!loaded_image) -- goto failure; -+ { -+ err = grub_error(grub_errno, "Failed to install fdt"); -+ goto failure; -+ } - - loaded_image->load_options_size = len = - (grub_strlen (linux_args) + 1) * sizeof (grub_efi_char16_t); - loaded_image->load_options = - grub_efi_allocate_any_pages (GRUB_EFI_BYTES_TO_PAGES (loaded_image->load_options_size)); - if (!loaded_image->load_options) -- return grub_error(GRUB_ERR_BAD_OS, "failed to create kernel parameters"); -+ { -+ err = grub_error(GRUB_ERR_BAD_OS, "failed to create kernel parameters"); -+ goto failure; -+ } - - loaded_image->load_options_size = - 2 * grub_utf8_to_utf16 (loaded_image->load_options, len, -@@ -141,7 +169,7 @@ finalize_params_linux (void) - - failure: - grub_fdt_unload(); -- return grub_error(GRUB_ERR_BAD_OS, "failed to install/update FDT"); -+ return err; - } - - static void -@@ -225,16 +253,28 @@ grub_linux_unload (void) - static void * - allocate_initrd_mem (int initrd_pages) - { -- grub_addr_t max_addr; -+ grub_addr_t max_addr = 0; -+ grub_err_t err; -+ void *ret; - -- if (grub_efi_get_ram_base (&max_addr) != GRUB_ERR_NONE) -- return NULL; -+ err = grub_efi_get_ram_base (&max_addr); -+ if (err != GRUB_ERR_NONE) -+ { -+ grub_error (err, "grub_efi_get_ram_base() failed"); -+ return NULL; -+ } -+ -+ grub_dprintf ("linux", "max_addr: 0x%016lx, INITRD_MAX_ADDRESS_OFFSET: 0x%016llx\n", -+ max_addr, INITRD_MAX_ADDRESS_OFFSET); - - max_addr += INITRD_MAX_ADDRESS_OFFSET - 1; -+ grub_dprintf ("linux", "calling grub_efi_allocate_pages_real (0x%016lx, 0x%08x, EFI_ALLOCATE_MAX_ADDRESS, EFI_LOADER_DATA)", max_addr, initrd_pages); - -- return grub_efi_allocate_pages_real (max_addr, initrd_pages, -- GRUB_EFI_ALLOCATE_MAX_ADDRESS, -- GRUB_EFI_LOADER_DATA); -+ ret = grub_efi_allocate_pages_real (max_addr, initrd_pages, -+ GRUB_EFI_ALLOCATE_MAX_ADDRESS, -+ GRUB_EFI_LOADER_DATA); -+ grub_dprintf ("linux", "got 0x%016llx\n", (unsigned long long)ret); -+ return ret; - } - - static grub_err_t diff --git a/SOURCES/0231-drop-TPM-support-for-legacy-BIOS.patch b/SOURCES/0231-drop-TPM-support-for-legacy-BIOS.patch new file mode 100644 index 0000000..e979dd2 --- /dev/null +++ b/SOURCES/0231-drop-TPM-support-for-legacy-BIOS.patch @@ -0,0 +1,401 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Fri, 21 Sep 2018 17:51:16 +0200 +Subject: [PATCH] drop TPM support for legacy BIOS + +Currently there's TPM support for both EFI and legacy BIOS. + +A software interrupt call interface is used in legacy BIOS to communicate +with the TPM chips. But with some BIOS firmwares, the machine just hangs +after doing a BIOS interrupt call for the TCG_HashLogExtendEvent command. + +It's hard to know what exactly is causing this, but the Trousers project +mentions in their docs that they don't use TCG_HashLogExtendEvent [0] due +the command not working reliable on some BIOS. + +The TCG_CompactHashLogExtendEvent is less fragile, since it has a simpler +interface, doesn't require to setup any data structure and doesn't return +anything. So it could be used to do measurements and logs events instead. + +But even when using this command can be a workaround on some systems, it +doesn't guarantee that could not fail on others. So since the TPM support +for some legacy BIOS don't work and can lead to machines failing to boot, +let's just drop it and only support TPM for EFI. + +[0]: http://trousers.sourceforge.net/grub.html + +Resolves: rhbz#1579835 + +Signed-off-by: Javier Martinez Canillas +--- + grub-core/Makefile.core.def | 1 - + grub-core/kern/i386/pc/tpm.c | 145 -------------------------------------- + grub-core/loader/i386/pc/linux.c | 4 -- + include/grub/tpm.h | 2 +- + grub-core/boot/i386/pc/boot.S | 30 +------- + grub-core/boot/i386/pc/diskboot.S | 44 ------------ + 6 files changed, 2 insertions(+), 224 deletions(-) + delete mode 100644 grub-core/kern/i386/pc/tpm.c + +diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def +index cf3d549d212..fb0a1e0babb 100644 +--- a/grub-core/Makefile.core.def ++++ b/grub-core/Makefile.core.def +@@ -246,7 +246,6 @@ kernel = { + + i386_pc = kern/i386/pc/init.c; + i386_pc = kern/i386/pc/mmap.c; +- i386_pc = kern/i386/pc/tpm.c; + i386_pc = term/i386/pc/console.c; + + i386_qemu = bus/pci.c; +diff --git a/grub-core/kern/i386/pc/tpm.c b/grub-core/kern/i386/pc/tpm.c +deleted file mode 100644 +index f6f264aff2e..00000000000 +--- a/grub-core/kern/i386/pc/tpm.c ++++ /dev/null +@@ -1,145 +0,0 @@ +-#include +-#include +-#include +-#include +-#include +-#include +- +-#define TCPA_MAGIC 0x41504354 +- +-static int tpm_presence = -1; +- +-int tpm_present(void); +- +-int tpm_present(void) +-{ +- struct grub_bios_int_registers regs; +- +- if (tpm_presence != -1) +- return tpm_presence; +- +- regs.flags = GRUB_CPU_INT_FLAGS_DEFAULT; +- regs.eax = 0xbb00; +- regs.ebx = TCPA_MAGIC; +- grub_bios_interrupt (0x1a, ®s); +- +- if (regs.eax == 0) +- tpm_presence = 1; +- else +- tpm_presence = 0; +- +- return tpm_presence; +-} +- +-grub_err_t +-grub_tpm_execute(PassThroughToTPM_InputParamBlock *inbuf, +- PassThroughToTPM_OutputParamBlock *outbuf) +-{ +- struct grub_bios_int_registers regs; +- grub_addr_t inaddr, outaddr; +- +- if (!tpm_present()) +- return 0; +- +- inaddr = (grub_addr_t) inbuf; +- outaddr = (grub_addr_t) outbuf; +- regs.flags = GRUB_CPU_INT_FLAGS_DEFAULT; +- regs.eax = 0xbb02; +- regs.ebx = TCPA_MAGIC; +- regs.ecx = 0; +- regs.edx = 0; +- regs.es = (inaddr & 0xffff0000) >> 4; +- regs.edi = inaddr & 0xffff; +- regs.ds = outaddr >> 4; +- regs.esi = outaddr & 0xf; +- +- grub_bios_interrupt (0x1a, ®s); +- +- if (regs.eax) +- { +- tpm_presence = 0; +- return grub_error (GRUB_ERR_IO, N_("TPM error %x, disabling TPM"), regs.eax); +- } +- +- return 0; +-} +- +-typedef struct { +- grub_uint32_t pcrindex; +- grub_uint32_t eventtype; +- grub_uint8_t digest[20]; +- grub_uint32_t eventdatasize; +- grub_uint8_t event[0]; +-} GRUB_PACKED Event; +- +-typedef struct { +- grub_uint16_t ipblength; +- grub_uint16_t reserved; +- grub_uint32_t hashdataptr; +- grub_uint32_t hashdatalen; +- grub_uint32_t pcr; +- grub_uint32_t reserved2; +- grub_uint32_t logdataptr; +- grub_uint32_t logdatalen; +-} GRUB_PACKED EventIncoming; +- +-typedef struct { +- grub_uint16_t opblength; +- grub_uint16_t reserved; +- grub_uint32_t eventnum; +- grub_uint8_t hashvalue[20]; +-} GRUB_PACKED EventOutgoing; +- +-grub_err_t +-grub_tpm_log_event(unsigned char *buf, grub_size_t size, grub_uint8_t pcr, +- const char *description) +-{ +- struct grub_bios_int_registers regs; +- EventIncoming incoming; +- EventOutgoing outgoing; +- Event *event; +- grub_uint32_t datalength; +- +- if (!tpm_present()) +- return 0; +- +- datalength = grub_strlen(description); +- event = grub_zalloc(datalength + sizeof(Event)); +- if (!event) +- return grub_error (GRUB_ERR_OUT_OF_MEMORY, +- N_("cannot allocate TPM event buffer")); +- +- event->pcrindex = pcr; +- event->eventtype = 0x0d; +- event->eventdatasize = grub_strlen(description); +- grub_memcpy(event->event, description, datalength); +- +- incoming.ipblength = sizeof(incoming); +- incoming.hashdataptr = (grub_uint32_t)buf; +- incoming.hashdatalen = size; +- incoming.pcr = pcr; +- incoming.logdataptr = (grub_uint32_t)event; +- incoming.logdatalen = datalength + sizeof(Event); +- +- regs.flags = GRUB_CPU_INT_FLAGS_DEFAULT; +- regs.eax = 0xbb01; +- regs.ebx = TCPA_MAGIC; +- regs.ecx = 0; +- regs.edx = 0; +- regs.es = (((grub_addr_t) &incoming) & 0xffff0000) >> 4; +- regs.edi = ((grub_addr_t) &incoming) & 0xffff; +- regs.ds = (((grub_addr_t) &outgoing) & 0xffff0000) >> 4; +- regs.esi = ((grub_addr_t) &outgoing) & 0xffff; +- +- grub_bios_interrupt (0x1a, ®s); +- +- grub_free(event); +- +- if (regs.eax) +- { +- tpm_presence = 0; +- return grub_error (GRUB_ERR_IO, N_("TPM error %x, disabling TPM"), regs.eax); +- } +- +- return 0; +-} +diff --git a/grub-core/loader/i386/pc/linux.c b/grub-core/loader/i386/pc/linux.c +index cfff25c21b5..783a3cd93bc 100644 +--- a/grub-core/loader/i386/pc/linux.c ++++ b/grub-core/loader/i386/pc/linux.c +@@ -36,7 +36,6 @@ + #include + #include + #include +-#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -162,9 +161,6 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + goto fail; + } + +- grub_tpm_measure (kernel, len, GRUB_BINARY_PCR, "grub_linux16", "Kernel"); +- grub_print_error(); +- + grub_memcpy (&lh, kernel, sizeof (lh)); + kernel_offset = sizeof (lh); + +diff --git a/include/grub/tpm.h b/include/grub/tpm.h +index 972a5edc836..ce52be4ff7f 100644 +--- a/include/grub/tpm.h ++++ b/include/grub/tpm.h +@@ -69,7 +69,7 @@ typedef struct { + grub_err_t EXPORT_FUNC(grub_tpm_measure) (unsigned char *buf, grub_size_t size, + grub_uint8_t pcr, const char *kind, + const char *description); +-#if defined (GRUB_MACHINE_EFI) || defined (GRUB_MACHINE_PCBIOS) ++#if defined (GRUB_MACHINE_EFI) + grub_err_t grub_tpm_execute(PassThroughToTPM_InputParamBlock *inbuf, + PassThroughToTPM_OutputParamBlock *outbuf); + grub_err_t grub_tpm_log_event(unsigned char *buf, grub_size_t size, +diff --git a/grub-core/boot/i386/pc/boot.S b/grub-core/boot/i386/pc/boot.S +index acab37369ae..ea167fe1206 100644 +--- a/grub-core/boot/i386/pc/boot.S ++++ b/grub-core/boot/i386/pc/boot.S +@@ -24,14 +24,11 @@ + * defines for the code go here + */ + +-#define TPM 1 +- + /* Print message string */ + #define MSG(x) movw $x, %si; call LOCAL(message) + #define ERR(x) movw $x, %si; jmp LOCAL(error_message) + + .macro floppy +-#ifndef TPM + part_start: + + LOCAL(probe_values): +@@ -88,7 +85,6 @@ fd_probe_error_string: .asciz "Floppy" + movb MACRO_DOLLAR(79), %ch + + jmp LOCAL(final_init) +-#endif + .endm + + .macro scratch +@@ -256,7 +252,6 @@ real_start: + /* set %si to the disk address packet */ + movw $disk_address_packet, %si + +-#ifndef TPM + /* check if LBA is supported */ + movb $0x41, %ah + movw $0x55aa, %bx +@@ -276,7 +271,6 @@ real_start: + + andw $1, %cx + jz LOCAL(chs_mode) +-#endif + + LOCAL(lba_mode): + xorw %ax, %ax +@@ -320,9 +314,6 @@ LOCAL(lba_mode): + jmp LOCAL(copy_buffer) + + LOCAL(chs_mode): +-#ifdef TPM +- jmp LOCAL(general_error) +-#else + /* + * Determine the hard disk geometry from the BIOS! + * We do this first, so that LS-120 IDE floppies work correctly. +@@ -434,7 +425,7 @@ setup_sectors: + jc LOCAL(read_error) + + movw %es, %bx +-#endif /* TPM */ ++ + LOCAL(copy_buffer): + /* + * We need to save %cx and %si because the startup code in +@@ -457,25 +448,6 @@ LOCAL(copy_buffer): + popw %ds + popa + +-#ifdef TPM +- pusha +- +- movw $0xBB00, %ax /* TCG_StatusCheck */ +- int $0x1A +- test %eax, %eax +- jnz boot /* No TPM or TPM deactivated */ +- +- movw $0xBB07, %ax /* TCG_CompactHashLogExtendEvent */ +- movw $GRUB_BOOT_MACHINE_KERNEL_ADDR, %di +- xorl %esi, %esi +- movl $0x41504354, %ebx /* TCPA */ +- movl $0x200, %ecx /* Measure 512 bytes */ +- movl $0x8, %edx /* PCR 8 */ +- int $0x1A +- +-boot: +- popa +-#endif + /* boot kernel */ + jmp *(LOCAL(kernel_address)) + +diff --git a/grub-core/boot/i386/pc/diskboot.S b/grub-core/boot/i386/pc/diskboot.S +index f4744ec6fcb..68d31de0c4c 100644 +--- a/grub-core/boot/i386/pc/diskboot.S ++++ b/grub-core/boot/i386/pc/diskboot.S +@@ -19,8 +19,6 @@ + #include + #include + +-#define TPM 1 +- + /* + * defines for the code go here + */ +@@ -55,21 +53,6 @@ _start: + /* this sets up for the first run through "bootloop" */ + movw $LOCAL(firstlist), %di + +-#ifdef TPM +- /* clear EAX to remove potential garbage */ +- xorl %eax, %eax +- /* 8(%di) = number of sectors to read */ +- movw 8(%di), %ax +- +- /* Multiply number of sectors to read with 512 bytes. EAX is 32bit +- * which is large enough to hold values of up to 4GB. I doubt there +- * will ever be a core.img larger than that. ;-) */ +- shll $9, %eax +- +- /* write result to bytes_to_measure var */ +- movl %eax, bytes_to_measure +-#endif +- + /* save the sector number of the second sector in %ebp */ + movl (%di), %ebp + +@@ -307,29 +290,6 @@ LOCAL(copy_buffer): + /* END OF MAIN LOOP */ + + LOCAL(bootit): +-#ifdef TPM +- pusha +- movw $0xBB07, %ax /* TCG_CompactHashLogExtendEvent */ +- +- movw $0x0, %bx +- movw %bx, %es +- +- /* We've already measured the first 512 bytes, now measure the rest */ +- xorl %edi, %edi +- movw $(GRUB_BOOT_MACHINE_KERNEL_ADDR + 0x200), %di +- +- movl $0x41504354, %ebx /* EBX = "TCPA" */ +- +- /* %ecx = The length, in bytes, of the buffer to measure */ +- movl $bytes_to_measure, %esi +- movl (%esi), %ecx +- xorl %esi, %esi +- movl $0x9, %edx /* PCR 9 */ +- +- int $0x1A +- +- popa +-#endif + /* print a newline */ + MSG(notification_done) + popw %dx /* this makes sure %dl is our "boot" drive */ +@@ -364,10 +324,6 @@ geometry_error_string: .asciz "Geom" + read_error_string: .asciz "Read" + general_error_string: .asciz " Error" + +-#ifdef TPM +-bytes_to_measure: .long 0 +-#endif +- + /* + * message: write the string pointed to by %si + * diff --git a/SOURCES/0232-Move-quicksort-function-from-kernel.exec-to-the-blsc.patch b/SOURCES/0232-Move-quicksort-function-from-kernel.exec-to-the-blsc.patch new file mode 100644 index 0000000..bd153f2 --- /dev/null +++ b/SOURCES/0232-Move-quicksort-function-from-kernel.exec-to-the-blsc.patch @@ -0,0 +1,148 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Thu, 27 Sep 2018 10:49:14 +0200 +Subject: [PATCH] Move quicksort function from kernel.exec to the blscfg module + +The qsort function is defined in the grub2 kernel and exported for modules +to use. But this prevents the blscfg.mod to be loaded by old grub2 kernels +that don't export this symbol. + +Loading the latest blscfg module might be useful on legacy BIOS systems to +avoid updating the first and second stage grub2 images in the boot device. + +Since the only caller of the qsort function is the blscfg module, move the +qsort function out of the grub2 kernel and only have it in the blscfg.mod. + +While being there, also remove the grub_bsearch() function that is unused. + +Related: rhbz#1633646 + +Signed-off-by: Javier Martinez Canillas +--- + grub-core/Makefile.core.def | 2 +- + grub-core/commands/blscfg.c | 3 ++- + grub-core/{kern/qsort.c => commands/bls_qsort.h} | 30 +++--------------------- + include/grub/misc.h | 15 ------------ + 4 files changed, 6 insertions(+), 44 deletions(-) + rename grub-core/{kern/qsort.c => commands/bls_qsort.h} (93%) + +diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def +index fb0a1e0babb..3346d1be658 100644 +--- a/grub-core/Makefile.core.def ++++ b/grub-core/Makefile.core.def +@@ -129,7 +129,6 @@ kernel = { + common = kern/rescue_parser.c; + common = kern/rescue_reader.c; + common = kern/term.c; +- common = kern/qsort.c; + common = kern/backtrace.c; + common = kern/tpm.c; + +@@ -781,6 +780,7 @@ module = { + module = { + name = blscfg; + common = commands/blscfg.c; ++ common = commands/bls_qsort.h; + common = commands/loadenv.h; + enable = efi; + enable = i386_pc; +diff --git a/grub-core/commands/blscfg.c b/grub-core/commands/blscfg.c +index abd6f00d0de..bec5a9ffe3e 100644 +--- a/grub-core/commands/blscfg.c ++++ b/grub-core/commands/blscfg.c +@@ -36,6 +36,7 @@ + + GRUB_MOD_LICENSE ("GPLv3+"); + ++#include "bls_qsort.h" + #include "loadenv.h" + + #define GRUB_BLS_CONFIG_PATH "/loader/entries/" +@@ -717,7 +718,7 @@ read_fallback: + use_version = false; + } + +- grub_qsort(&entries[0], nentries, sizeof (struct bls_entry *), bls_cmp, &use_version); ++ bls_qsort(&entries[0], nentries, sizeof (struct bls_entry *), bls_cmp, &use_version); + + grub_dprintf ("blscfg", "%s Creating %d entries from bls\n", __func__, nentries); + for (r = nentries - 1; r >= 0; r--) +diff --git a/grub-core/kern/qsort.c b/grub-core/commands/bls_qsort.h +similarity index 93% +rename from grub-core/kern/qsort.c +rename to grub-core/commands/bls_qsort.h +index 7f3fc9ffdae..572765fa3f2 100644 +--- a/grub-core/kern/qsort.c ++++ b/grub-core/commands/bls_qsort.h +@@ -64,6 +64,7 @@ typedef struct + #define POP(low, high) ((void) (--top, (low = top->lo), (high = top->hi))) + #define STACK_NOT_EMPTY (stack < top) + ++typedef int (*grub_compar_d_fn_t) (const void *p0, const void *p1, void *state); + + /* Order size using quicksort. This implementation incorporates + four optimizations discussed in Sedgewick: +@@ -89,8 +90,8 @@ typedef struct + smaller partition. This *guarantees* no more than log (total_elems) + stack size is needed (actually O(1) in this case)! */ + +-void +-grub_qsort (void *const pbase, grub_size_t total_elems, grub_size_t size, ++static inline void UNUSED ++bls_qsort (void *const pbase, grub_size_t total_elems, grub_size_t size, + grub_compar_d_fn_t cmp, void *arg) + { + char *base_ptr = (char *) pbase; +@@ -252,28 +253,3 @@ grub_qsort (void *const pbase, grub_size_t total_elems, grub_size_t size, + } + } + +-void * +-grub_bsearch (const void *key, const void *base, grub_size_t nmemb, grub_size_t size, +- grub_compar_d_fn_t compar, void *state) +-{ +- grub_size_t l, u, idx; +- const void *p; +- int comparison; +- +- l = 0; +- u = nmemb; +- while (l < u) +- { +- idx = (l + u) / 2; +- p = (void *) (((const char *) base) + (idx * size)); +- comparison = (*compar) (key, p, state); +- if (comparison < 0) +- u = idx; +- else if (comparison > 0) +- l = idx + 1; +- else +- return (void *) p; +- } +- +- return NULL; +-} +diff --git a/include/grub/misc.h b/include/grub/misc.h +index 5f1c1c1be4e..de9016ab709 100644 +--- a/include/grub/misc.h ++++ b/include/grub/misc.h +@@ -510,19 +510,4 @@ void EXPORT_FUNC(grub_real_boot_time) (const char *file, + #define grub_max(a, b) (((a) > (b)) ? (a) : (b)) + #define grub_min(a, b) (((a) < (b)) ? (a) : (b)) + +-typedef int (*grub_compar_d_fn_t) (const void *p0, const void *p1, void *state); +- +-void *EXPORT_FUNC(grub_bsearch) (const void *key, +- const void *base, +- grub_size_t nmemb, +- grub_size_t size, +- grub_compar_d_fn_t compar, +- void *state); +- +-void EXPORT_FUNC(grub_qsort) (void *const pbase, +- grub_size_t total_elems, +- grub_size_t size, +- grub_compar_d_fn_t cmp, +- void *state); +- + #endif /* ! GRUB_MISC_HEADER */ diff --git a/SOURCES/0232-drop-TPM-support-for-legacy-BIOS.patch b/SOURCES/0232-drop-TPM-support-for-legacy-BIOS.patch deleted file mode 100644 index ab7867b..0000000 --- a/SOURCES/0232-drop-TPM-support-for-legacy-BIOS.patch +++ /dev/null @@ -1,401 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Javier Martinez Canillas -Date: Fri, 21 Sep 2018 17:51:16 +0200 -Subject: [PATCH] drop TPM support for legacy BIOS - -Currently there's TPM support for both EFI and legacy BIOS. - -A software interrupt call interface is used in legacy BIOS to communicate -with the TPM chips. But with some BIOS firmwares, the machine just hangs -after doing a BIOS interrupt call for the TCG_HashLogExtendEvent command. - -It's hard to know what exactly is causing this, but the Trousers project -mentions in their docs that they don't use TCG_HashLogExtendEvent [0] due -the command not working reliable on some BIOS. - -The TCG_CompactHashLogExtendEvent is less fragile, since it has a simpler -interface, doesn't require to setup any data structure and doesn't return -anything. So it could be used to do measurements and logs events instead. - -But even when using this command can be a workaround on some systems, it -doesn't guarantee that could not fail on others. So since the TPM support -for some legacy BIOS don't work and can lead to machines failing to boot, -let's just drop it and only support TPM for EFI. - -[0]: http://trousers.sourceforge.net/grub.html - -Resolves: rhbz#1579835 - -Signed-off-by: Javier Martinez Canillas ---- - grub-core/Makefile.core.def | 1 - - grub-core/kern/i386/pc/tpm.c | 145 -------------------------------------- - grub-core/loader/i386/pc/linux.c | 4 -- - include/grub/tpm.h | 2 +- - grub-core/boot/i386/pc/boot.S | 30 +------- - grub-core/boot/i386/pc/diskboot.S | 44 ------------ - 6 files changed, 2 insertions(+), 224 deletions(-) - delete mode 100644 grub-core/kern/i386/pc/tpm.c - -diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def -index 203584fb00b..01c5f9ae351 100644 ---- a/grub-core/Makefile.core.def -+++ b/grub-core/Makefile.core.def -@@ -246,7 +246,6 @@ kernel = { - - i386_pc = kern/i386/pc/init.c; - i386_pc = kern/i386/pc/mmap.c; -- i386_pc = kern/i386/pc/tpm.c; - i386_pc = term/i386/pc/console.c; - - i386_qemu = bus/pci.c; -diff --git a/grub-core/kern/i386/pc/tpm.c b/grub-core/kern/i386/pc/tpm.c -deleted file mode 100644 -index f6f264aff2e..00000000000 ---- a/grub-core/kern/i386/pc/tpm.c -+++ /dev/null -@@ -1,145 +0,0 @@ --#include --#include --#include --#include --#include --#include -- --#define TCPA_MAGIC 0x41504354 -- --static int tpm_presence = -1; -- --int tpm_present(void); -- --int tpm_present(void) --{ -- struct grub_bios_int_registers regs; -- -- if (tpm_presence != -1) -- return tpm_presence; -- -- regs.flags = GRUB_CPU_INT_FLAGS_DEFAULT; -- regs.eax = 0xbb00; -- regs.ebx = TCPA_MAGIC; -- grub_bios_interrupt (0x1a, ®s); -- -- if (regs.eax == 0) -- tpm_presence = 1; -- else -- tpm_presence = 0; -- -- return tpm_presence; --} -- --grub_err_t --grub_tpm_execute(PassThroughToTPM_InputParamBlock *inbuf, -- PassThroughToTPM_OutputParamBlock *outbuf) --{ -- struct grub_bios_int_registers regs; -- grub_addr_t inaddr, outaddr; -- -- if (!tpm_present()) -- return 0; -- -- inaddr = (grub_addr_t) inbuf; -- outaddr = (grub_addr_t) outbuf; -- regs.flags = GRUB_CPU_INT_FLAGS_DEFAULT; -- regs.eax = 0xbb02; -- regs.ebx = TCPA_MAGIC; -- regs.ecx = 0; -- regs.edx = 0; -- regs.es = (inaddr & 0xffff0000) >> 4; -- regs.edi = inaddr & 0xffff; -- regs.ds = outaddr >> 4; -- regs.esi = outaddr & 0xf; -- -- grub_bios_interrupt (0x1a, ®s); -- -- if (regs.eax) -- { -- tpm_presence = 0; -- return grub_error (GRUB_ERR_IO, N_("TPM error %x, disabling TPM"), regs.eax); -- } -- -- return 0; --} -- --typedef struct { -- grub_uint32_t pcrindex; -- grub_uint32_t eventtype; -- grub_uint8_t digest[20]; -- grub_uint32_t eventdatasize; -- grub_uint8_t event[0]; --} GRUB_PACKED Event; -- --typedef struct { -- grub_uint16_t ipblength; -- grub_uint16_t reserved; -- grub_uint32_t hashdataptr; -- grub_uint32_t hashdatalen; -- grub_uint32_t pcr; -- grub_uint32_t reserved2; -- grub_uint32_t logdataptr; -- grub_uint32_t logdatalen; --} GRUB_PACKED EventIncoming; -- --typedef struct { -- grub_uint16_t opblength; -- grub_uint16_t reserved; -- grub_uint32_t eventnum; -- grub_uint8_t hashvalue[20]; --} GRUB_PACKED EventOutgoing; -- --grub_err_t --grub_tpm_log_event(unsigned char *buf, grub_size_t size, grub_uint8_t pcr, -- const char *description) --{ -- struct grub_bios_int_registers regs; -- EventIncoming incoming; -- EventOutgoing outgoing; -- Event *event; -- grub_uint32_t datalength; -- -- if (!tpm_present()) -- return 0; -- -- datalength = grub_strlen(description); -- event = grub_zalloc(datalength + sizeof(Event)); -- if (!event) -- return grub_error (GRUB_ERR_OUT_OF_MEMORY, -- N_("cannot allocate TPM event buffer")); -- -- event->pcrindex = pcr; -- event->eventtype = 0x0d; -- event->eventdatasize = grub_strlen(description); -- grub_memcpy(event->event, description, datalength); -- -- incoming.ipblength = sizeof(incoming); -- incoming.hashdataptr = (grub_uint32_t)buf; -- incoming.hashdatalen = size; -- incoming.pcr = pcr; -- incoming.logdataptr = (grub_uint32_t)event; -- incoming.logdatalen = datalength + sizeof(Event); -- -- regs.flags = GRUB_CPU_INT_FLAGS_DEFAULT; -- regs.eax = 0xbb01; -- regs.ebx = TCPA_MAGIC; -- regs.ecx = 0; -- regs.edx = 0; -- regs.es = (((grub_addr_t) &incoming) & 0xffff0000) >> 4; -- regs.edi = ((grub_addr_t) &incoming) & 0xffff; -- regs.ds = (((grub_addr_t) &outgoing) & 0xffff0000) >> 4; -- regs.esi = ((grub_addr_t) &outgoing) & 0xffff; -- -- grub_bios_interrupt (0x1a, ®s); -- -- grub_free(event); -- -- if (regs.eax) -- { -- tpm_presence = 0; -- return grub_error (GRUB_ERR_IO, N_("TPM error %x, disabling TPM"), regs.eax); -- } -- -- return 0; --} -diff --git a/grub-core/loader/i386/pc/linux.c b/grub-core/loader/i386/pc/linux.c -index cfff25c21b5..783a3cd93bc 100644 ---- a/grub-core/loader/i386/pc/linux.c -+++ b/grub-core/loader/i386/pc/linux.c -@@ -36,7 +36,6 @@ - #include - #include - #include --#include - - GRUB_MOD_LICENSE ("GPLv3+"); - -@@ -162,9 +161,6 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - goto fail; - } - -- grub_tpm_measure (kernel, len, GRUB_BINARY_PCR, "grub_linux16", "Kernel"); -- grub_print_error(); -- - grub_memcpy (&lh, kernel, sizeof (lh)); - kernel_offset = sizeof (lh); - -diff --git a/include/grub/tpm.h b/include/grub/tpm.h -index 972a5edc836..ce52be4ff7f 100644 ---- a/include/grub/tpm.h -+++ b/include/grub/tpm.h -@@ -69,7 +69,7 @@ typedef struct { - grub_err_t EXPORT_FUNC(grub_tpm_measure) (unsigned char *buf, grub_size_t size, - grub_uint8_t pcr, const char *kind, - const char *description); --#if defined (GRUB_MACHINE_EFI) || defined (GRUB_MACHINE_PCBIOS) -+#if defined (GRUB_MACHINE_EFI) - grub_err_t grub_tpm_execute(PassThroughToTPM_InputParamBlock *inbuf, - PassThroughToTPM_OutputParamBlock *outbuf); - grub_err_t grub_tpm_log_event(unsigned char *buf, grub_size_t size, -diff --git a/grub-core/boot/i386/pc/boot.S b/grub-core/boot/i386/pc/boot.S -index acab37369ae..ea167fe1206 100644 ---- a/grub-core/boot/i386/pc/boot.S -+++ b/grub-core/boot/i386/pc/boot.S -@@ -24,14 +24,11 @@ - * defines for the code go here - */ - --#define TPM 1 -- - /* Print message string */ - #define MSG(x) movw $x, %si; call LOCAL(message) - #define ERR(x) movw $x, %si; jmp LOCAL(error_message) - - .macro floppy --#ifndef TPM - part_start: - - LOCAL(probe_values): -@@ -88,7 +85,6 @@ fd_probe_error_string: .asciz "Floppy" - movb MACRO_DOLLAR(79), %ch - - jmp LOCAL(final_init) --#endif - .endm - - .macro scratch -@@ -256,7 +252,6 @@ real_start: - /* set %si to the disk address packet */ - movw $disk_address_packet, %si - --#ifndef TPM - /* check if LBA is supported */ - movb $0x41, %ah - movw $0x55aa, %bx -@@ -276,7 +271,6 @@ real_start: - - andw $1, %cx - jz LOCAL(chs_mode) --#endif - - LOCAL(lba_mode): - xorw %ax, %ax -@@ -320,9 +314,6 @@ LOCAL(lba_mode): - jmp LOCAL(copy_buffer) - - LOCAL(chs_mode): --#ifdef TPM -- jmp LOCAL(general_error) --#else - /* - * Determine the hard disk geometry from the BIOS! - * We do this first, so that LS-120 IDE floppies work correctly. -@@ -434,7 +425,7 @@ setup_sectors: - jc LOCAL(read_error) - - movw %es, %bx --#endif /* TPM */ -+ - LOCAL(copy_buffer): - /* - * We need to save %cx and %si because the startup code in -@@ -457,25 +448,6 @@ LOCAL(copy_buffer): - popw %ds - popa - --#ifdef TPM -- pusha -- -- movw $0xBB00, %ax /* TCG_StatusCheck */ -- int $0x1A -- test %eax, %eax -- jnz boot /* No TPM or TPM deactivated */ -- -- movw $0xBB07, %ax /* TCG_CompactHashLogExtendEvent */ -- movw $GRUB_BOOT_MACHINE_KERNEL_ADDR, %di -- xorl %esi, %esi -- movl $0x41504354, %ebx /* TCPA */ -- movl $0x200, %ecx /* Measure 512 bytes */ -- movl $0x8, %edx /* PCR 8 */ -- int $0x1A -- --boot: -- popa --#endif - /* boot kernel */ - jmp *(LOCAL(kernel_address)) - -diff --git a/grub-core/boot/i386/pc/diskboot.S b/grub-core/boot/i386/pc/diskboot.S -index f4744ec6fcb..68d31de0c4c 100644 ---- a/grub-core/boot/i386/pc/diskboot.S -+++ b/grub-core/boot/i386/pc/diskboot.S -@@ -19,8 +19,6 @@ - #include - #include - --#define TPM 1 -- - /* - * defines for the code go here - */ -@@ -55,21 +53,6 @@ _start: - /* this sets up for the first run through "bootloop" */ - movw $LOCAL(firstlist), %di - --#ifdef TPM -- /* clear EAX to remove potential garbage */ -- xorl %eax, %eax -- /* 8(%di) = number of sectors to read */ -- movw 8(%di), %ax -- -- /* Multiply number of sectors to read with 512 bytes. EAX is 32bit -- * which is large enough to hold values of up to 4GB. I doubt there -- * will ever be a core.img larger than that. ;-) */ -- shll $9, %eax -- -- /* write result to bytes_to_measure var */ -- movl %eax, bytes_to_measure --#endif -- - /* save the sector number of the second sector in %ebp */ - movl (%di), %ebp - -@@ -307,29 +290,6 @@ LOCAL(copy_buffer): - /* END OF MAIN LOOP */ - - LOCAL(bootit): --#ifdef TPM -- pusha -- movw $0xBB07, %ax /* TCG_CompactHashLogExtendEvent */ -- -- movw $0x0, %bx -- movw %bx, %es -- -- /* We've already measured the first 512 bytes, now measure the rest */ -- xorl %edi, %edi -- movw $(GRUB_BOOT_MACHINE_KERNEL_ADDR + 0x200), %di -- -- movl $0x41504354, %ebx /* EBX = "TCPA" */ -- -- /* %ecx = The length, in bytes, of the buffer to measure */ -- movl $bytes_to_measure, %esi -- movl (%esi), %ecx -- xorl %esi, %esi -- movl $0x9, %edx /* PCR 9 */ -- -- int $0x1A -- -- popa --#endif - /* print a newline */ - MSG(notification_done) - popw %dx /* this makes sure %dl is our "boot" drive */ -@@ -364,10 +324,6 @@ geometry_error_string: .asciz "Geom" - read_error_string: .asciz "Read" - general_error_string: .asciz " Error" - --#ifdef TPM --bytes_to_measure: .long 0 --#endif -- - /* - * message: write the string pointed to by %si - * diff --git a/SOURCES/0233-Include-blscfg-module-for-powerpc-ieee1275.patch b/SOURCES/0233-Include-blscfg-module-for-powerpc-ieee1275.patch new file mode 100644 index 0000000..1240713 --- /dev/null +++ b/SOURCES/0233-Include-blscfg-module-for-powerpc-ieee1275.patch @@ -0,0 +1,27 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Thu, 27 Sep 2018 19:03:43 +0200 +Subject: [PATCH] Include blscfg module for powerpc ieee1275 + +The blscfg module is currently not built for powerpc ieee1275, but this +is still needed when the machine is not booted in bare metal with OPAL. + +Related: rhbz#1633646 + +Signed-off-by: Javier Martinez Canillas +--- + grub-core/Makefile.core.def | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def +index 3346d1be658..6864e780fd4 100644 +--- a/grub-core/Makefile.core.def ++++ b/grub-core/Makefile.core.def +@@ -782,6 +782,7 @@ module = { + common = commands/blscfg.c; + common = commands/bls_qsort.h; + common = commands/loadenv.h; ++ enable = powerpc_ieee1275; + enable = efi; + enable = i386_pc; + enable = emu; diff --git a/SOURCES/0233-Move-quicksort-function-from-kernel.exec-to-the-blsc.patch b/SOURCES/0233-Move-quicksort-function-from-kernel.exec-to-the-blsc.patch deleted file mode 100644 index 61189da..0000000 --- a/SOURCES/0233-Move-quicksort-function-from-kernel.exec-to-the-blsc.patch +++ /dev/null @@ -1,148 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Javier Martinez Canillas -Date: Thu, 27 Sep 2018 10:49:14 +0200 -Subject: [PATCH] Move quicksort function from kernel.exec to the blscfg module - -The qsort function is defined in the grub2 kernel and exported for modules -to use. But this prevents the blscfg.mod to be loaded by old grub2 kernels -that don't export this symbol. - -Loading the latest blscfg module might be useful on legacy BIOS systems to -avoid updating the first and second stage grub2 images in the boot device. - -Since the only caller of the qsort function is the blscfg module, move the -qsort function out of the grub2 kernel and only have it in the blscfg.mod. - -While being there, also remove the grub_bsearch() function that is unused. - -Related: rhbz#1633646 - -Signed-off-by: Javier Martinez Canillas ---- - grub-core/Makefile.core.def | 2 +- - grub-core/commands/blscfg.c | 3 ++- - grub-core/{kern/qsort.c => commands/bls_qsort.h} | 30 +++--------------------- - include/grub/misc.h | 15 ------------ - 4 files changed, 6 insertions(+), 44 deletions(-) - rename grub-core/{kern/qsort.c => commands/bls_qsort.h} (93%) - -diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def -index 01c5f9ae351..f99fc994f6b 100644 ---- a/grub-core/Makefile.core.def -+++ b/grub-core/Makefile.core.def -@@ -129,7 +129,6 @@ kernel = { - common = kern/rescue_parser.c; - common = kern/rescue_reader.c; - common = kern/term.c; -- common = kern/qsort.c; - common = kern/backtrace.c; - common = kern/tpm.c; - -@@ -781,6 +780,7 @@ module = { - module = { - name = blscfg; - common = commands/blscfg.c; -+ common = commands/bls_qsort.h; - common = commands/loadenv.h; - enable = efi; - enable = i386_pc; -diff --git a/grub-core/commands/blscfg.c b/grub-core/commands/blscfg.c -index abd6f00d0de..bec5a9ffe3e 100644 ---- a/grub-core/commands/blscfg.c -+++ b/grub-core/commands/blscfg.c -@@ -36,6 +36,7 @@ - - GRUB_MOD_LICENSE ("GPLv3+"); - -+#include "bls_qsort.h" - #include "loadenv.h" - - #define GRUB_BLS_CONFIG_PATH "/loader/entries/" -@@ -717,7 +718,7 @@ read_fallback: - use_version = false; - } - -- grub_qsort(&entries[0], nentries, sizeof (struct bls_entry *), bls_cmp, &use_version); -+ bls_qsort(&entries[0], nentries, sizeof (struct bls_entry *), bls_cmp, &use_version); - - grub_dprintf ("blscfg", "%s Creating %d entries from bls\n", __func__, nentries); - for (r = nentries - 1; r >= 0; r--) -diff --git a/grub-core/kern/qsort.c b/grub-core/commands/bls_qsort.h -similarity index 93% -rename from grub-core/kern/qsort.c -rename to grub-core/commands/bls_qsort.h -index 7f3fc9ffdae..572765fa3f2 100644 ---- a/grub-core/kern/qsort.c -+++ b/grub-core/commands/bls_qsort.h -@@ -64,6 +64,7 @@ typedef struct - #define POP(low, high) ((void) (--top, (low = top->lo), (high = top->hi))) - #define STACK_NOT_EMPTY (stack < top) - -+typedef int (*grub_compar_d_fn_t) (const void *p0, const void *p1, void *state); - - /* Order size using quicksort. This implementation incorporates - four optimizations discussed in Sedgewick: -@@ -89,8 +90,8 @@ typedef struct - smaller partition. This *guarantees* no more than log (total_elems) - stack size is needed (actually O(1) in this case)! */ - --void --grub_qsort (void *const pbase, grub_size_t total_elems, grub_size_t size, -+static inline void UNUSED -+bls_qsort (void *const pbase, grub_size_t total_elems, grub_size_t size, - grub_compar_d_fn_t cmp, void *arg) - { - char *base_ptr = (char *) pbase; -@@ -252,28 +253,3 @@ grub_qsort (void *const pbase, grub_size_t total_elems, grub_size_t size, - } - } - --void * --grub_bsearch (const void *key, const void *base, grub_size_t nmemb, grub_size_t size, -- grub_compar_d_fn_t compar, void *state) --{ -- grub_size_t l, u, idx; -- const void *p; -- int comparison; -- -- l = 0; -- u = nmemb; -- while (l < u) -- { -- idx = (l + u) / 2; -- p = (void *) (((const char *) base) + (idx * size)); -- comparison = (*compar) (key, p, state); -- if (comparison < 0) -- u = idx; -- else if (comparison > 0) -- l = idx + 1; -- else -- return (void *) p; -- } -- -- return NULL; --} -diff --git a/include/grub/misc.h b/include/grub/misc.h -index 5f1c1c1be4e..de9016ab709 100644 ---- a/include/grub/misc.h -+++ b/include/grub/misc.h -@@ -510,19 +510,4 @@ void EXPORT_FUNC(grub_real_boot_time) (const char *file, - #define grub_max(a, b) (((a) > (b)) ? (a) : (b)) - #define grub_min(a, b) (((a) < (b)) ? (a) : (b)) - --typedef int (*grub_compar_d_fn_t) (const void *p0, const void *p1, void *state); -- --void *EXPORT_FUNC(grub_bsearch) (const void *key, -- const void *base, -- grub_size_t nmemb, -- grub_size_t size, -- grub_compar_d_fn_t compar, -- void *state); -- --void EXPORT_FUNC(grub_qsort) (void *const pbase, -- grub_size_t total_elems, -- grub_size_t size, -- grub_compar_d_fn_t cmp, -- void *state); -- - #endif /* ! GRUB_MISC_HEADER */ diff --git a/SOURCES/0234-Include-blscfg-module-for-powerpc-ieee1275.patch b/SOURCES/0234-Include-blscfg-module-for-powerpc-ieee1275.patch deleted file mode 100644 index a60299b..0000000 --- a/SOURCES/0234-Include-blscfg-module-for-powerpc-ieee1275.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Javier Martinez Canillas -Date: Thu, 27 Sep 2018 19:03:43 +0200 -Subject: [PATCH] Include blscfg module for powerpc ieee1275 - -The blscfg module is currently not built for powerpc ieee1275, but this -is still needed when the machine is not booted in bare metal with OPAL. - -Related: rhbz#1633646 - -Signed-off-by: Javier Martinez Canillas ---- - grub-core/Makefile.core.def | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def -index f99fc994f6b..5b4841e1f00 100644 ---- a/grub-core/Makefile.core.def -+++ b/grub-core/Makefile.core.def -@@ -782,6 +782,7 @@ module = { - common = commands/blscfg.c; - common = commands/bls_qsort.h; - common = commands/loadenv.h; -+ enable = powerpc_ieee1275; - enable = efi; - enable = i386_pc; - enable = emu; diff --git a/SOURCES/0234-grub-switch-to-blscfg-copy-blscfg-module-for-legacy-.patch b/SOURCES/0234-grub-switch-to-blscfg-copy-blscfg-module-for-legacy-.patch new file mode 100644 index 0000000..2559203 --- /dev/null +++ b/SOURCES/0234-grub-switch-to-blscfg-copy-blscfg-module-for-legacy-.patch @@ -0,0 +1,55 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Fri, 28 Sep 2018 10:35:38 +0200 +Subject: [PATCH] grub-switch-to-blscfg: copy blscfg module for legacy BIOS and + ppc ieee1275 + +On platforms that load the blscfg module the latest version should be used, +so copy the module to the boot directory to make sure that the grub2 kernel +will load the latest version of the BLS parsing code. + +Related: rhbz#1633646 + +Signed-off-by: Javier Martinez Canillas +--- + util/grub-switch-to-blscfg.in | 13 ++++++++++++- + 1 file changed, 12 insertions(+), 1 deletion(-) + +diff --git a/util/grub-switch-to-blscfg.in b/util/grub-switch-to-blscfg.in +index 9cf64f8e725..1c6bd1882a7 100644 +--- a/util/grub-switch-to-blscfg.in ++++ b/util/grub-switch-to-blscfg.in +@@ -53,6 +53,8 @@ blsdir=`echo "/@bootdirname@/loader/entries" | sed 's,//*,/,g'` + + backupsuffix=.bak + ++arch="$(uname -m)" ++ + export TEXTDOMAIN=@PACKAGE@ + export TEXTDOMAINDIR="@localedir@" + +@@ -248,7 +250,6 @@ for kernelver in $(cd /lib/modules/ ; ls -1) "" ; do + fi + + if [ "x$GRUB_LINUX_MAKE_DEBUG" = "xtrue" ]; then +- arch="$(uname -m)" + bls_debug="$(echo ${bls_target} | sed -e "s/\.${arch}/-debug.${arch}/")" + cp -aT "${bls_target}" "${bls_debug}" + title="$(grep '^title[ \t]' "${bls_debug}" | sed -e 's/^title[ \t]*//')" +@@ -282,6 +283,16 @@ elif ! grep -q '^GRUB_ENABLE_BLSCFG=.*' "${etcdefaultgrub}" ; then + fi + + if [ "${GENERATE}" -eq 1 ] ; then ++ if [ $arch = "x86_64" ] && [ ! -d /sys/firmware/efi ]; then ++ if ! cp ${prefix}/lib/grub//i386-pc/blscfg.mod ${grubdir}/i386-pc/ ; then ++ exit 1 ++ fi ++ elif [ $arch = "ppc64" -o $arch = "ppc64le" ] && [ ! -d /sys/firmware/opal ]; then ++ if ! cp ${prefix}/lib/grub/powerpc-ieee1275/blscfg.mod ${grubdir}/powerpc-ieee1275/ ; then ++ exit 1 ++ fi ++ fi ++ + cp -af "${GRUB_CONFIG_FILE}" "${GRUB_CONFIG_FILE}${backupsuffix}" + if ! grub2-mkconfig -o "${GRUB_CONFIG_FILE}" ; then + cp -af "${GRUB_CONFIG_FILE}${backupsuffix}" "${GRUB_CONFIG_FILE}" diff --git a/SOURCES/0235-Fix-getroot.c-s-trampolines.patch b/SOURCES/0235-Fix-getroot.c-s-trampolines.patch new file mode 100644 index 0000000..3a808f7 --- /dev/null +++ b/SOURCES/0235-Fix-getroot.c-s-trampolines.patch @@ -0,0 +1,49 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Fri, 28 Sep 2018 15:42:19 -0400 +Subject: [PATCH] Fix getroot.c's trampolines. + +This makes the stack executable on most of the grub utilities, which is +bad, and rpmdiff complains about it. + +Related: rhbz#1633646 + +Signed-off-by: Peter Jones +--- + grub-core/osdep/linux/getroot.c | 16 +++++++--------- + 1 file changed, 7 insertions(+), 9 deletions(-) + +diff --git a/grub-core/osdep/linux/getroot.c b/grub-core/osdep/linux/getroot.c +index 4c5a13022dc..388a0f70638 100644 +--- a/grub-core/osdep/linux/getroot.c ++++ b/grub-core/osdep/linux/getroot.c +@@ -1264,22 +1264,20 @@ grub_util_get_grub_dev_os (const char *os_dev) + return grub_dev; + } + ++static void *mp = NULL; ++static void ++btrfs_mount_path_hook(const char *m) ++{ ++ mp = strdup (m); ++} + + char * + grub_util_get_btrfs_subvol (const char *path, char **mount_path) + { +- char *mp = NULL; +- + if (mount_path) + *mount_path = NULL; + +- auto void +- mount_path_hook (const char *m) +- { +- mp = strdup (m); +- } +- +- grub_find_root_btrfs_mount_path_hook = mount_path_hook; ++ grub_find_root_btrfs_mount_path_hook = btrfs_mount_path_hook; + grub_free (grub_find_root_devices_from_mountinfo (path, NULL)); + grub_find_root_btrfs_mount_path_hook = NULL; + diff --git a/SOURCES/0235-grub-switch-to-blscfg-copy-blscfg-module-for-legacy-.patch b/SOURCES/0235-grub-switch-to-blscfg-copy-blscfg-module-for-legacy-.patch deleted file mode 100644 index 2559203..0000000 --- a/SOURCES/0235-grub-switch-to-blscfg-copy-blscfg-module-for-legacy-.patch +++ /dev/null @@ -1,55 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Javier Martinez Canillas -Date: Fri, 28 Sep 2018 10:35:38 +0200 -Subject: [PATCH] grub-switch-to-blscfg: copy blscfg module for legacy BIOS and - ppc ieee1275 - -On platforms that load the blscfg module the latest version should be used, -so copy the module to the boot directory to make sure that the grub2 kernel -will load the latest version of the BLS parsing code. - -Related: rhbz#1633646 - -Signed-off-by: Javier Martinez Canillas ---- - util/grub-switch-to-blscfg.in | 13 ++++++++++++- - 1 file changed, 12 insertions(+), 1 deletion(-) - -diff --git a/util/grub-switch-to-blscfg.in b/util/grub-switch-to-blscfg.in -index 9cf64f8e725..1c6bd1882a7 100644 ---- a/util/grub-switch-to-blscfg.in -+++ b/util/grub-switch-to-blscfg.in -@@ -53,6 +53,8 @@ blsdir=`echo "/@bootdirname@/loader/entries" | sed 's,//*,/,g'` - - backupsuffix=.bak - -+arch="$(uname -m)" -+ - export TEXTDOMAIN=@PACKAGE@ - export TEXTDOMAINDIR="@localedir@" - -@@ -248,7 +250,6 @@ for kernelver in $(cd /lib/modules/ ; ls -1) "" ; do - fi - - if [ "x$GRUB_LINUX_MAKE_DEBUG" = "xtrue" ]; then -- arch="$(uname -m)" - bls_debug="$(echo ${bls_target} | sed -e "s/\.${arch}/-debug.${arch}/")" - cp -aT "${bls_target}" "${bls_debug}" - title="$(grep '^title[ \t]' "${bls_debug}" | sed -e 's/^title[ \t]*//')" -@@ -282,6 +283,16 @@ elif ! grep -q '^GRUB_ENABLE_BLSCFG=.*' "${etcdefaultgrub}" ; then - fi - - if [ "${GENERATE}" -eq 1 ] ; then -+ if [ $arch = "x86_64" ] && [ ! -d /sys/firmware/efi ]; then -+ if ! cp ${prefix}/lib/grub//i386-pc/blscfg.mod ${grubdir}/i386-pc/ ; then -+ exit 1 -+ fi -+ elif [ $arch = "ppc64" -o $arch = "ppc64le" ] && [ ! -d /sys/firmware/opal ]; then -+ if ! cp ${prefix}/lib/grub/powerpc-ieee1275/blscfg.mod ${grubdir}/powerpc-ieee1275/ ; then -+ exit 1 -+ fi -+ fi -+ - cp -af "${GRUB_CONFIG_FILE}" "${GRUB_CONFIG_FILE}${backupsuffix}" - if ! grub2-mkconfig -o "${GRUB_CONFIG_FILE}" ; then - cp -af "${GRUB_CONFIG_FILE}${backupsuffix}" "${GRUB_CONFIG_FILE}" diff --git a/SOURCES/0236-Fix-getroot.c-s-trampolines.patch b/SOURCES/0236-Fix-getroot.c-s-trampolines.patch deleted file mode 100644 index 3a808f7..0000000 --- a/SOURCES/0236-Fix-getroot.c-s-trampolines.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Fri, 28 Sep 2018 15:42:19 -0400 -Subject: [PATCH] Fix getroot.c's trampolines. - -This makes the stack executable on most of the grub utilities, which is -bad, and rpmdiff complains about it. - -Related: rhbz#1633646 - -Signed-off-by: Peter Jones ---- - grub-core/osdep/linux/getroot.c | 16 +++++++--------- - 1 file changed, 7 insertions(+), 9 deletions(-) - -diff --git a/grub-core/osdep/linux/getroot.c b/grub-core/osdep/linux/getroot.c -index 4c5a13022dc..388a0f70638 100644 ---- a/grub-core/osdep/linux/getroot.c -+++ b/grub-core/osdep/linux/getroot.c -@@ -1264,22 +1264,20 @@ grub_util_get_grub_dev_os (const char *os_dev) - return grub_dev; - } - -+static void *mp = NULL; -+static void -+btrfs_mount_path_hook(const char *m) -+{ -+ mp = strdup (m); -+} - - char * - grub_util_get_btrfs_subvol (const char *path, char **mount_path) - { -- char *mp = NULL; -- - if (mount_path) - *mount_path = NULL; - -- auto void -- mount_path_hook (const char *m) -- { -- mp = strdup (m); -- } -- -- grub_find_root_btrfs_mount_path_hook = mount_path_hook; -+ grub_find_root_btrfs_mount_path_hook = btrfs_mount_path_hook; - grub_free (grub_find_root_devices_from_mountinfo (path, NULL)); - grub_find_root_btrfs_mount_path_hook = NULL; - diff --git a/SOURCES/0236-add-10_linux_bls-grub.d-snippet-to-generate-menu-ent.patch b/SOURCES/0236-add-10_linux_bls-grub.d-snippet-to-generate-menu-ent.patch new file mode 100644 index 0000000..bb1b012 --- /dev/null +++ b/SOURCES/0236-add-10_linux_bls-grub.d-snippet-to-generate-menu-ent.patch @@ -0,0 +1,485 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Wed, 3 Oct 2018 20:48:32 +0200 +Subject: [PATCH] add 10_linux_bls grub.d snippet to generate menu entries from + BLS files + +This grub.d snippet can be used on platforms where the bootloader doesn't +have BLS support and only can parse a normal grub configuration file. + +Portions of this script were taken from the ostree-grub-generator script +included in the OSTree project. + +Resolves: rhbz#1636013 + +Signed-off-by: Javier Martinez Canillas +--- + Makefile.util.def | 7 + + util/grub.d/10_linux_bls.in | 440 ++++++++++++++++++++++++++++++++++++++++++++ + 2 files changed, 447 insertions(+) + create mode 100644 util/grub.d/10_linux_bls.in + +diff --git a/Makefile.util.def b/Makefile.util.def +index cba4d500198..08cc98ddb8b 100644 +--- a/Makefile.util.def ++++ b/Makefile.util.def +@@ -502,6 +502,13 @@ script = { + condition = COND_HOST_LINUX; + }; + ++script = { ++ name = '10_linux_bls'; ++ common = util/grub.d/10_linux_bls.in; ++ installdir = grubconf; ++ condition = COND_HOST_LINUX; ++}; ++ + script = { + name = '10_xnu'; + common = util/grub.d/10_xnu.in; +diff --git a/util/grub.d/10_linux_bls.in b/util/grub.d/10_linux_bls.in +new file mode 100644 +index 00000000000..3cc7803c6a1 +--- /dev/null ++++ b/util/grub.d/10_linux_bls.in +@@ -0,0 +1,440 @@ ++#! /bin/sh ++set -e ++ ++# grub-mkconfig helper script. ++# Copyright (C) 2006,2007,2008,2009,2010 Free Software Foundation, Inc. ++# ++# GRUB is free software: you can redistribute it and/or modify ++# it under the terms of the GNU General Public License as published by ++# the Free Software Foundation, either version 3 of the License, or ++# (at your option) any later version. ++# ++# GRUB is distributed in the hope that it will be useful, ++# but WITHOUT ANY WARRANTY; without even the implied warranty of ++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++# GNU General Public License for more details. ++# ++# You should have received a copy of the GNU General Public License ++# along with GRUB. If not, see . ++ ++prefix="@prefix@" ++exec_prefix="@exec_prefix@" ++datarootdir="@datarootdir@" ++ ++. "$pkgdatadir/grub-mkconfig_lib" ++ ++export TEXTDOMAIN=@PACKAGE@ ++export TEXTDOMAINDIR="@localedir@" ++ ++CLASS="--class gnu-linux --class gnu --class os --unrestricted" ++ ++if [ "x${GRUB_DISTRIBUTOR}" = "x" ] ; then ++ OS="$(eval $(grep PRETTY_NAME /etc/os-release) ; echo ${PRETTY_NAME})" ++ CLASS="--class $(eval $(grep '^ID_LIKE=\|^ID=' /etc/os-release) ; [ -n "${ID_LIKE}" ] && echo ${ID_LIKE} || echo ${ID}) ${CLASS}" ++else ++ OS="${GRUB_DISTRIBUTOR}" ++ CLASS="--class $(echo ${GRUB_DISTRIBUTOR} | tr 'A-Z' 'a-z' | cut -d' ' -f1|LC_ALL=C sed 's,[^[:alnum:]_],_,g') ${CLASS}" ++fi ++ ++# loop-AES arranges things so that /dev/loop/X can be our root device, but ++# the initrds that Linux uses don't like that. ++case ${GRUB_DEVICE} in ++ /dev/loop/*|/dev/loop[0-9]) ++ GRUB_DEVICE=`losetup ${GRUB_DEVICE} | sed -e "s/^[^(]*(\([^)]\+\)).*/\1/"` ++ ;; ++esac ++ ++# Default to disabling partition uuid support to maintian compatibility with ++# older kernels. ++GRUB_DISABLE_LINUX_PARTUUID=${GRUB_DISABLE_LINUX_PARTUUID-true} ++ ++# btrfs may reside on multiple devices. We cannot pass them as value of root= parameter ++# and mounting btrfs requires user space scanning, so force UUID in this case. ++if ( [ "x${GRUB_DEVICE_UUID}" = "x" ] && [ "x${GRUB_DEVICE_PARTUUID}" = "x" ] ) \ ++ || ( [ "x${GRUB_DISABLE_LINUX_UUID}" = "xtrue" ] \ ++ && [ "x${GRUB_DISABLE_LINUX_PARTUUID}" = "xtrue" ] ) \ ++ || ( ! test -e "/dev/disk/by-uuid/${GRUB_DEVICE_UUID}" \ ++ && ! test -e "/dev/disk/by-partuuid/${GRUB_DEVICE_PARTUUID}" ) \ ++ || ( test -e "${GRUB_DEVICE}" && uses_abstraction "${GRUB_DEVICE}" lvm ); then ++ LINUX_ROOT_DEVICE=${GRUB_DEVICE} ++elif [ "x${GRUB_DEVICE_UUID}" = "x" ] \ ++ || [ "x${GRUB_DISABLE_LINUX_UUID}" = "xtrue" ]; then ++ LINUX_ROOT_DEVICE=PARTUUID=${GRUB_DEVICE_PARTUUID} ++else ++ LINUX_ROOT_DEVICE=UUID=${GRUB_DEVICE_UUID} ++fi ++ ++case x"$GRUB_FS" in ++ xbtrfs) ++ if [ "x${SUSE_BTRFS_SNAPSHOT_BOOTING}" = "xtrue" ]; then ++ GRUB_CMDLINE_LINUX="${GRUB_CMDLINE_LINUX} \${extra_cmdline}" ++ else ++ rootsubvol="`make_system_path_relative_to_its_root /`" ++ rootsubvol="${rootsubvol#/}" ++ if [ "x${rootsubvol}" != x ]; then ++ GRUB_CMDLINE_LINUX="rootflags=subvol=${rootsubvol} ${GRUB_CMDLINE_LINUX}" ++ fi ++ fi;; ++ xzfs) ++ rpool=`${grub_probe} --device ${GRUB_DEVICE} --target=fs_label 2>/dev/null || true` ++ bootfs="`make_system_path_relative_to_its_root / | sed -e "s,@$,,"`" ++ LINUX_ROOT_DEVICE="ZFS=${rpool}${bootfs}" ++ ;; ++esac ++ ++mktitle () ++{ ++ local title_type ++ local version ++ local OS_NAME ++ local OS_VERS ++ ++ title_type=$1 && shift ++ version=$1 && shift ++ ++ OS_NAME="$(eval $(grep ^NAME= /etc/os-release) ; echo ${NAME})" ++ OS_VERS="$(eval $(grep ^VERSION= /etc/os-release) ; echo ${VERSION})" ++ ++ case $title_type in ++ recovery) ++ title=$(printf '%s (%s) %s (recovery mode)' \ ++ "${OS_NAME}" "${version}" "${OS_VERS}") ++ ;; ++ *) ++ title=$(printf '%s (%s) %s' \ ++ "${OS_NAME}" "${version}" "${OS_VERS}") ++ ;; ++ esac ++ echo -n ${title} ++} ++ ++title_correction_code= ++ ++populate_header_warn() ++{ ++cat <&2 ++ for config in $(ls -v -r $entries_path/*.conf); do ++ read_config ${config} ++ menu="${menu}menuentry '${title}' {\n" ++ menu="${menu}\t linux ${linux} ${options}\n" ++ if [ -n "${initrd}" ] ; then ++ menu="${menu}\t initrd ${boot_prefix}${initrd}\n" ++ fi ++ menu="${menu}}\n\n" ++ done ++ # The printf command seems to be more reliable across shells for special character (\n, \t) evaluation ++ printf "$menu" ++} ++ ++linux_entry () ++{ ++ os="$1" ++ version="$2" ++ type="$3" ++ isdebug="$4" ++ args="$5" ++ ++ if [ -z "$boot_device_id" ]; then ++ boot_device_id="$(grub_get_device_id "${GRUB_DEVICE}")" ++ fi ++ ++ if [ "x${GRUB_ENABLE_BLSCFG}" = "xtrue" ]; then ++ if [ x$dirname = x/ ]; then ++ if [ -z "${prepare_root_cache}" ]; then ++ prepare_grub_to_access_device ${GRUB_DEVICE} ++ fi ++ else ++ if [ -z "${prepare_boot_cache}" ]; then ++ prepare_grub_to_access_device ${GRUB_DEVICE_BOOT} ++ fi ++ fi ++ ++ if [ -d /sys/firmware/efi ]; then ++ bootefi_device="`${grub_probe} --target=device /boot/efi/`" ++ prepare_grub_to_access_device ${bootefi_device} boot ++ else ++ boot_device="`${grub_probe} --target=device /boot/`" ++ prepare_grub_to_access_device ${boot_device} boot ++ fi ++ ++ populate_header_warn ++ populate_menu ++ ++ ${grub_editenv} - set saved_entry=0 ++ ${grub_editenv} - set kernelopts="root=${linux_root_device_thisversion} ro ${args}" ++ ++ exit 0 ++ fi ++ ++ if [ x$type != xsimple ] ; then ++ title=$(mktitle "$type" "$version") ++ if [ x"$title" = x"$GRUB_ACTUAL_DEFAULT" ] || [ x"Previous Linux versions>$title" = x"$GRUB_ACTUAL_DEFAULT" ]; then ++ replacement_title="$(echo "Advanced options for ${OS}" | sed 's,>,>>,g')>$(echo "$title" | sed 's,>,>>,g')" ++ quoted="$(echo "$GRUB_ACTUAL_DEFAULT" | grub_quote)" ++ title_correction_code="${title_correction_code}if [ \"x\$default\" = '$quoted' ]; then default='$(echo "$replacement_title" | grub_quote)'; fi;" ++ fi ++ if [ x$isdebug = xdebug ]; then ++ title="$title${GRUB_LINUX_DEBUG_TITLE_POSTFIX}" ++ fi ++ echo "menuentry '$(echo "$title" | grub_quote)' ${CLASS} \$menuentry_id_option 'gnulinux-$version-$type-$boot_device_id' {" | sed "s/^/$submenu_indentation/" ++ else ++ echo "menuentry '$(echo "$os" | grub_quote)' ${CLASS} \$menuentry_id_option 'gnulinux-simple-$boot_device_id' {" | sed "s/^/$submenu_indentation/" ++ fi ++ if [ x$type != xrecovery ] ; then ++ save_default_entry | grub_add_tab ++ fi ++ ++ # Use ELILO's generic "efifb" when it's known to be available. ++ # FIXME: We need an interface to select vesafb in case efifb can't be used. ++ if [ "x$GRUB_GFXPAYLOAD_LINUX" = x ]; then ++ echo " load_video" | sed "s/^/$submenu_indentation/" ++ if grep -qx "CONFIG_FB_EFI=y" "${config}" 2> /dev/null \ ++ && grep -qx "CONFIG_VT_HW_CONSOLE_BINDING=y" "${config}" 2> /dev/null; then ++ echo " set gfxpayload=keep" | sed "s/^/$submenu_indentation/" ++ fi ++ else ++ if [ "x$GRUB_GFXPAYLOAD_LINUX" != xtext ]; then ++ echo " load_video" | sed "s/^/$submenu_indentation/" ++ fi ++ echo " set gfxpayload=$GRUB_GFXPAYLOAD_LINUX" | sed "s/^/$submenu_indentation/" ++ fi ++ ++ echo " insmod gzio" | sed "s/^/$submenu_indentation/" ++ ++ if [ x$dirname = x/ ]; then ++ if [ -z "${prepare_root_cache}" ]; then ++ prepare_root_cache="$(prepare_grub_to_access_device ${GRUB_DEVICE} | grub_add_tab)" ++ fi ++ printf '%s\n' "${prepare_root_cache}" | sed "s/^/$submenu_indentation/" ++ else ++ if [ -z "${prepare_boot_cache}" ]; then ++ prepare_boot_cache="$(prepare_grub_to_access_device ${GRUB_DEVICE_BOOT} | grub_add_tab)" ++ fi ++ printf '%s\n' "${prepare_boot_cache}" | sed "s/^/$submenu_indentation/" ++ fi ++ sed "s/^/$submenu_indentation/" << EOF ++ linux ${rel_dirname}/${basename} root=${linux_root_device_thisversion} ro ${args} ++EOF ++ if test -n "${initrd}" ; then ++ initrd_path= ++ for i in ${initrd}; do ++ initrd_path="${initrd_path} ${rel_dirname}/${i}" ++ done ++ sed "s/^/$submenu_indentation/" << EOF ++ initrd $(echo $initrd_path) ++EOF ++ fi ++ if test -n "${fdt}" ; then ++ sed "s/^/$submenu_indentation/" << EOF ++ devicetree ${rel_dirname}/${fdt} ++EOF ++ fi ++ sed "s/^/$submenu_indentation/" << EOF ++} ++EOF ++} ++ ++machine=`uname -m` ++case "x$machine" in ++ xi?86 | xx86_64) ++ list= ++ for i in /boot/vmlinuz-* /vmlinuz-* /boot/kernel-* ; do ++ if grub_file_is_not_garbage "$i" ; then list="$list $i" ; fi ++ done ;; ++ *) ++ list= ++ for i in /boot/vmlinuz-* /boot/vmlinux-* /vmlinuz-* /vmlinux-* /boot/kernel-* ; do ++ if grub_file_is_not_garbage "$i" ; then list="$list $i" ; fi ++ done ;; ++esac ++ ++if [ "x${GRUB_ENABLE_BLSCFG}" = "xtrue" ]; then ++ for i in /boot/ostree/*/vmlinuz-* ; do ++ if grub_file_is_not_garbage "$i" ; then list="$list $i" ; fi ++ done ++fi ++ ++case "$machine" in ++ i?86) GENKERNEL_ARCH="x86" ;; ++ mips|mips64) GENKERNEL_ARCH="mips" ;; ++ mipsel|mips64el) GENKERNEL_ARCH="mipsel" ;; ++ arm*) GENKERNEL_ARCH="arm" ;; ++ *) GENKERNEL_ARCH="$machine" ;; ++esac ++ ++prepare_boot_cache= ++prepare_root_cache= ++boot_device_id= ++title_correction_code= ++ ++# Extra indentation to add to menu entries in a submenu. We're not in a submenu ++# yet, so it's empty. In a submenu it will be equal to '\t' (one tab). ++submenu_indentation="" ++ ++is_top_level=true ++while [ "x$list" != "x" ] ; do ++ linux=`version_find_latest $list` ++ if [ "x${GRUB_ENABLE_BLSCFG}" != "xtrue" ]; then ++ gettext_printf "Found linux image: %s\n" "$linux" >&2 ++ fi ++ ++ basename=`basename $linux` ++ dirname=`dirname $linux` ++ rel_dirname=`make_system_path_relative_to_its_root $dirname` ++ version=`echo $basename | sed -e "s,^[^0-9]*-,,g"` ++ alt_version=`echo $version | sed -e "s,\.old$,,g"` ++ linux_root_device_thisversion="${LINUX_ROOT_DEVICE}" ++ ++ initrd_early= ++ for i in ${GRUB_EARLY_INITRD_LINUX_STOCK} \ ++ ${GRUB_EARLY_INITRD_LINUX_CUSTOM}; do ++ if test -e "${dirname}/${i}" ; then ++ initrd_early="${initrd_early} ${i}" ++ fi ++ done ++ ++ initrd_real= ++ for i in "initrd.img-${version}" "initrd-${version}.img" "initrd-${version}.gz" \ ++ "initrd-${version}" "initramfs-${version}.img" \ ++ "initrd.img-${alt_version}" "initrd-${alt_version}.img" \ ++ "initrd-${alt_version}" "initramfs-${alt_version}.img" \ ++ "initramfs-genkernel-${version}" \ ++ "initramfs-genkernel-${alt_version}" \ ++ "initramfs-genkernel-${GENKERNEL_ARCH}-${version}" \ ++ "initramfs-genkernel-${GENKERNEL_ARCH}-${alt_version}"; do ++ if test -e "${dirname}/${i}" ; then ++ initrd_real="${i}" ++ break ++ fi ++ done ++ ++ initrd= ++ if test -n "${initrd_early}" || test -n "${initrd_real}"; then ++ initrd="${initrd_early} ${initrd_real}" ++ ++ initrd_display= ++ for i in ${initrd}; do ++ initrd_display="${initrd_display} ${dirname}/${i}" ++ done ++ if [ "x${GRUB_ENABLE_BLSCFG}" != "xtrue" ]; then ++ gettext_printf "Found initrd image: %s\n" "$(echo $initrd_display)" >&2 ++ fi ++ fi ++ ++ fdt= ++ for i in "dtb-${version}" "dtb-${alt_version}"; do ++ if test -f "${dirname}/${i}/${GRUB_DEFAULT_DTB}" ; then ++ fdt="${i}/${GRUB_DEFAULT_DTB}" ++ break ++ fi ++ done ++ ++ config= ++ for i in "${dirname}/config-${version}" "${dirname}/config-${alt_version}" "/etc/kernels/kernel-config-${version}" ; do ++ if test -e "${i}" ; then ++ config="${i}" ++ break ++ fi ++ done ++ ++ initramfs= ++ if test -n "${config}" ; then ++ initramfs=`grep CONFIG_INITRAMFS_SOURCE= "${config}" | cut -f2 -d= | tr -d \"` ++ fi ++ ++ if test -z "${initramfs}" && test -z "${initrd_real}" ; then ++ # "UUID=" and "ZFS=" magic is parsed by initrd or initramfs. Since there's ++ # no initrd or builtin initramfs, it can't work here. ++ if [ "x${GRUB_DEVICE_PARTUUID}" = "x" ] \ ++ || [ "x${GRUB_DISABLE_LINUX_PARTUUID}" = "xtrue" ]; then ++ ++ linux_root_device_thisversion=${GRUB_DEVICE} ++ else ++ linux_root_device_thisversion=PARTUUID=${GRUB_DEVICE_PARTUUID} ++ fi ++ fi ++ ++ if [ "x${GRUB_DISABLE_SUBMENU}" = "xyes" ] || [ "x${GRUB_DISABLE_SUBMENU}" = "xy" ]; then ++ GRUB_DISABLE_SUBMENU="true" ++ fi ++ ++ if [ "x$is_top_level" = xtrue ] && [ "x${GRUB_DISABLE_SUBMENU}" != xtrue ]; then ++ linux_entry "${OS}" "${version}" simple standard \ ++ "${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT}" ++ if [ "x$GRUB_LINUX_MAKE_DEBUG" = "xtrue" ]; then ++ linux_entry "${OS}" "${version}" simple debug \ ++ "${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT} ${GRUB_CMDLINE_LINUX_DEBUG}" ++ fi ++ ++ submenu_indentation="$grub_tab" ++ ++ if [ -z "$boot_device_id" ]; then ++ boot_device_id="$(grub_get_device_id "${GRUB_DEVICE}")" ++ fi ++ # TRANSLATORS: %s is replaced with an OS name ++ echo "submenu '$(gettext_printf "Advanced options for %s" "${OS}" | grub_quote)' \$menuentry_id_option 'gnulinux-advanced-$boot_device_id' {" ++ is_top_level=false ++ fi ++ ++ linux_entry "${OS}" "${version}" advanced standard \ ++ "${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT}" ++ if [ "x$GRUB_LINUX_MAKE_DEBUG" = "xtrue" ]; then ++ linux_entry "${OS}" "${version}" advanced debug \ ++ "${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT} ${GRUB_CMDLINE_LINUX_DEBUG}" ++ fi ++ ++ if [ "x${GRUB_DISABLE_RECOVERY}" != "xtrue" ]; then ++ linux_entry "${OS}" "${version}" recovery standard \ ++ "single ${GRUB_CMDLINE_LINUX}" ++ fi ++ ++ list=`echo $list | tr ' ' '\n' | fgrep -vx "$linux" | tr '\n' ' '` ++done ++ ++# If at least one kernel was found, then we need to ++# add a closing '}' for the submenu command. ++if [ x"$is_top_level" != xtrue ]; then ++ echo '}' ++fi ++ ++echo "$title_correction_code" diff --git a/SOURCES/0237-Only-set-kernelopts-in-grubenv-if-it-wasn-t-set-befo.patch b/SOURCES/0237-Only-set-kernelopts-in-grubenv-if-it-wasn-t-set-befo.patch new file mode 100644 index 0000000..be3c867 --- /dev/null +++ b/SOURCES/0237-Only-set-kernelopts-in-grubenv-if-it-wasn-t-set-befo.patch @@ -0,0 +1,79 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Fri, 5 Oct 2018 16:29:47 +0200 +Subject: [PATCH] Only set kernelopts in grubenv if it wasn't set before + +Users may want to use a different command line parameters, so if there's +a kernelopts var set in grubenv, grub2-mkconfig shouldn't reset it. + +While being there, print a warning so users know that they shouldn't edit +the grub config file and instead edit the BootLoaderSpec config files. + +Resolves: rhbz#1636466 + +Signed-off-by: Javier Martinez Canillas +--- + util/grub.d/10_linux.in | 20 +++++++++++++++++++- + util/grub.d/10_linux_bls.in | 4 +++- + 2 files changed, 22 insertions(+), 2 deletions(-) + +diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in +index 9682e97b7f5..01e66e5fc74 100644 +--- a/util/grub.d/10_linux.in ++++ b/util/grub.d/10_linux.in +@@ -82,6 +82,20 @@ case x"$GRUB_FS" in + ;; + esac + ++populate_header_warn() ++{ ++cat < -Date: Wed, 3 Oct 2018 20:48:32 +0200 -Subject: [PATCH] add 10_linux_bls grub.d snippet to generate menu entries from - BLS files - -This grub.d snippet can be used on platforms where the bootloader doesn't -have BLS support and only can parse a normal grub configuration file. - -Portions of this script were taken from the ostree-grub-generator script -included in the OSTree project. - -Resolves: rhbz#1636013 - -Signed-off-by: Javier Martinez Canillas ---- - Makefile.util.def | 7 + - util/grub.d/10_linux_bls.in | 440 ++++++++++++++++++++++++++++++++++++++++++++ - 2 files changed, 447 insertions(+) - create mode 100644 util/grub.d/10_linux_bls.in - -diff --git a/Makefile.util.def b/Makefile.util.def -index cba4d500198..08cc98ddb8b 100644 ---- a/Makefile.util.def -+++ b/Makefile.util.def -@@ -502,6 +502,13 @@ script = { - condition = COND_HOST_LINUX; - }; - -+script = { -+ name = '10_linux_bls'; -+ common = util/grub.d/10_linux_bls.in; -+ installdir = grubconf; -+ condition = COND_HOST_LINUX; -+}; -+ - script = { - name = '10_xnu'; - common = util/grub.d/10_xnu.in; -diff --git a/util/grub.d/10_linux_bls.in b/util/grub.d/10_linux_bls.in -new file mode 100644 -index 00000000000..3cc7803c6a1 ---- /dev/null -+++ b/util/grub.d/10_linux_bls.in -@@ -0,0 +1,440 @@ -+#! /bin/sh -+set -e -+ -+# grub-mkconfig helper script. -+# Copyright (C) 2006,2007,2008,2009,2010 Free Software Foundation, Inc. -+# -+# GRUB is free software: you can redistribute it and/or modify -+# it under the terms of the GNU General Public License as published by -+# the Free Software Foundation, either version 3 of the License, or -+# (at your option) any later version. -+# -+# GRUB is distributed in the hope that it will be useful, -+# but WITHOUT ANY WARRANTY; without even the implied warranty of -+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+# GNU General Public License for more details. -+# -+# You should have received a copy of the GNU General Public License -+# along with GRUB. If not, see . -+ -+prefix="@prefix@" -+exec_prefix="@exec_prefix@" -+datarootdir="@datarootdir@" -+ -+. "$pkgdatadir/grub-mkconfig_lib" -+ -+export TEXTDOMAIN=@PACKAGE@ -+export TEXTDOMAINDIR="@localedir@" -+ -+CLASS="--class gnu-linux --class gnu --class os --unrestricted" -+ -+if [ "x${GRUB_DISTRIBUTOR}" = "x" ] ; then -+ OS="$(eval $(grep PRETTY_NAME /etc/os-release) ; echo ${PRETTY_NAME})" -+ CLASS="--class $(eval $(grep '^ID_LIKE=\|^ID=' /etc/os-release) ; [ -n "${ID_LIKE}" ] && echo ${ID_LIKE} || echo ${ID}) ${CLASS}" -+else -+ OS="${GRUB_DISTRIBUTOR}" -+ CLASS="--class $(echo ${GRUB_DISTRIBUTOR} | tr 'A-Z' 'a-z' | cut -d' ' -f1|LC_ALL=C sed 's,[^[:alnum:]_],_,g') ${CLASS}" -+fi -+ -+# loop-AES arranges things so that /dev/loop/X can be our root device, but -+# the initrds that Linux uses don't like that. -+case ${GRUB_DEVICE} in -+ /dev/loop/*|/dev/loop[0-9]) -+ GRUB_DEVICE=`losetup ${GRUB_DEVICE} | sed -e "s/^[^(]*(\([^)]\+\)).*/\1/"` -+ ;; -+esac -+ -+# Default to disabling partition uuid support to maintian compatibility with -+# older kernels. -+GRUB_DISABLE_LINUX_PARTUUID=${GRUB_DISABLE_LINUX_PARTUUID-true} -+ -+# btrfs may reside on multiple devices. We cannot pass them as value of root= parameter -+# and mounting btrfs requires user space scanning, so force UUID in this case. -+if ( [ "x${GRUB_DEVICE_UUID}" = "x" ] && [ "x${GRUB_DEVICE_PARTUUID}" = "x" ] ) \ -+ || ( [ "x${GRUB_DISABLE_LINUX_UUID}" = "xtrue" ] \ -+ && [ "x${GRUB_DISABLE_LINUX_PARTUUID}" = "xtrue" ] ) \ -+ || ( ! test -e "/dev/disk/by-uuid/${GRUB_DEVICE_UUID}" \ -+ && ! test -e "/dev/disk/by-partuuid/${GRUB_DEVICE_PARTUUID}" ) \ -+ || ( test -e "${GRUB_DEVICE}" && uses_abstraction "${GRUB_DEVICE}" lvm ); then -+ LINUX_ROOT_DEVICE=${GRUB_DEVICE} -+elif [ "x${GRUB_DEVICE_UUID}" = "x" ] \ -+ || [ "x${GRUB_DISABLE_LINUX_UUID}" = "xtrue" ]; then -+ LINUX_ROOT_DEVICE=PARTUUID=${GRUB_DEVICE_PARTUUID} -+else -+ LINUX_ROOT_DEVICE=UUID=${GRUB_DEVICE_UUID} -+fi -+ -+case x"$GRUB_FS" in -+ xbtrfs) -+ if [ "x${SUSE_BTRFS_SNAPSHOT_BOOTING}" = "xtrue" ]; then -+ GRUB_CMDLINE_LINUX="${GRUB_CMDLINE_LINUX} \${extra_cmdline}" -+ else -+ rootsubvol="`make_system_path_relative_to_its_root /`" -+ rootsubvol="${rootsubvol#/}" -+ if [ "x${rootsubvol}" != x ]; then -+ GRUB_CMDLINE_LINUX="rootflags=subvol=${rootsubvol} ${GRUB_CMDLINE_LINUX}" -+ fi -+ fi;; -+ xzfs) -+ rpool=`${grub_probe} --device ${GRUB_DEVICE} --target=fs_label 2>/dev/null || true` -+ bootfs="`make_system_path_relative_to_its_root / | sed -e "s,@$,,"`" -+ LINUX_ROOT_DEVICE="ZFS=${rpool}${bootfs}" -+ ;; -+esac -+ -+mktitle () -+{ -+ local title_type -+ local version -+ local OS_NAME -+ local OS_VERS -+ -+ title_type=$1 && shift -+ version=$1 && shift -+ -+ OS_NAME="$(eval $(grep ^NAME= /etc/os-release) ; echo ${NAME})" -+ OS_VERS="$(eval $(grep ^VERSION= /etc/os-release) ; echo ${VERSION})" -+ -+ case $title_type in -+ recovery) -+ title=$(printf '%s (%s) %s (recovery mode)' \ -+ "${OS_NAME}" "${version}" "${OS_VERS}") -+ ;; -+ *) -+ title=$(printf '%s (%s) %s' \ -+ "${OS_NAME}" "${version}" "${OS_VERS}") -+ ;; -+ esac -+ echo -n ${title} -+} -+ -+title_correction_code= -+ -+populate_header_warn() -+{ -+cat <&2 -+ for config in $(ls -v -r $entries_path/*.conf); do -+ read_config ${config} -+ menu="${menu}menuentry '${title}' {\n" -+ menu="${menu}\t linux ${linux} ${options}\n" -+ if [ -n "${initrd}" ] ; then -+ menu="${menu}\t initrd ${boot_prefix}${initrd}\n" -+ fi -+ menu="${menu}}\n\n" -+ done -+ # The printf command seems to be more reliable across shells for special character (\n, \t) evaluation -+ printf "$menu" -+} -+ -+linux_entry () -+{ -+ os="$1" -+ version="$2" -+ type="$3" -+ isdebug="$4" -+ args="$5" -+ -+ if [ -z "$boot_device_id" ]; then -+ boot_device_id="$(grub_get_device_id "${GRUB_DEVICE}")" -+ fi -+ -+ if [ "x${GRUB_ENABLE_BLSCFG}" = "xtrue" ]; then -+ if [ x$dirname = x/ ]; then -+ if [ -z "${prepare_root_cache}" ]; then -+ prepare_grub_to_access_device ${GRUB_DEVICE} -+ fi -+ else -+ if [ -z "${prepare_boot_cache}" ]; then -+ prepare_grub_to_access_device ${GRUB_DEVICE_BOOT} -+ fi -+ fi -+ -+ if [ -d /sys/firmware/efi ]; then -+ bootefi_device="`${grub_probe} --target=device /boot/efi/`" -+ prepare_grub_to_access_device ${bootefi_device} boot -+ else -+ boot_device="`${grub_probe} --target=device /boot/`" -+ prepare_grub_to_access_device ${boot_device} boot -+ fi -+ -+ populate_header_warn -+ populate_menu -+ -+ ${grub_editenv} - set saved_entry=0 -+ ${grub_editenv} - set kernelopts="root=${linux_root_device_thisversion} ro ${args}" -+ -+ exit 0 -+ fi -+ -+ if [ x$type != xsimple ] ; then -+ title=$(mktitle "$type" "$version") -+ if [ x"$title" = x"$GRUB_ACTUAL_DEFAULT" ] || [ x"Previous Linux versions>$title" = x"$GRUB_ACTUAL_DEFAULT" ]; then -+ replacement_title="$(echo "Advanced options for ${OS}" | sed 's,>,>>,g')>$(echo "$title" | sed 's,>,>>,g')" -+ quoted="$(echo "$GRUB_ACTUAL_DEFAULT" | grub_quote)" -+ title_correction_code="${title_correction_code}if [ \"x\$default\" = '$quoted' ]; then default='$(echo "$replacement_title" | grub_quote)'; fi;" -+ fi -+ if [ x$isdebug = xdebug ]; then -+ title="$title${GRUB_LINUX_DEBUG_TITLE_POSTFIX}" -+ fi -+ echo "menuentry '$(echo "$title" | grub_quote)' ${CLASS} \$menuentry_id_option 'gnulinux-$version-$type-$boot_device_id' {" | sed "s/^/$submenu_indentation/" -+ else -+ echo "menuentry '$(echo "$os" | grub_quote)' ${CLASS} \$menuentry_id_option 'gnulinux-simple-$boot_device_id' {" | sed "s/^/$submenu_indentation/" -+ fi -+ if [ x$type != xrecovery ] ; then -+ save_default_entry | grub_add_tab -+ fi -+ -+ # Use ELILO's generic "efifb" when it's known to be available. -+ # FIXME: We need an interface to select vesafb in case efifb can't be used. -+ if [ "x$GRUB_GFXPAYLOAD_LINUX" = x ]; then -+ echo " load_video" | sed "s/^/$submenu_indentation/" -+ if grep -qx "CONFIG_FB_EFI=y" "${config}" 2> /dev/null \ -+ && grep -qx "CONFIG_VT_HW_CONSOLE_BINDING=y" "${config}" 2> /dev/null; then -+ echo " set gfxpayload=keep" | sed "s/^/$submenu_indentation/" -+ fi -+ else -+ if [ "x$GRUB_GFXPAYLOAD_LINUX" != xtext ]; then -+ echo " load_video" | sed "s/^/$submenu_indentation/" -+ fi -+ echo " set gfxpayload=$GRUB_GFXPAYLOAD_LINUX" | sed "s/^/$submenu_indentation/" -+ fi -+ -+ echo " insmod gzio" | sed "s/^/$submenu_indentation/" -+ -+ if [ x$dirname = x/ ]; then -+ if [ -z "${prepare_root_cache}" ]; then -+ prepare_root_cache="$(prepare_grub_to_access_device ${GRUB_DEVICE} | grub_add_tab)" -+ fi -+ printf '%s\n' "${prepare_root_cache}" | sed "s/^/$submenu_indentation/" -+ else -+ if [ -z "${prepare_boot_cache}" ]; then -+ prepare_boot_cache="$(prepare_grub_to_access_device ${GRUB_DEVICE_BOOT} | grub_add_tab)" -+ fi -+ printf '%s\n' "${prepare_boot_cache}" | sed "s/^/$submenu_indentation/" -+ fi -+ sed "s/^/$submenu_indentation/" << EOF -+ linux ${rel_dirname}/${basename} root=${linux_root_device_thisversion} ro ${args} -+EOF -+ if test -n "${initrd}" ; then -+ initrd_path= -+ for i in ${initrd}; do -+ initrd_path="${initrd_path} ${rel_dirname}/${i}" -+ done -+ sed "s/^/$submenu_indentation/" << EOF -+ initrd $(echo $initrd_path) -+EOF -+ fi -+ if test -n "${fdt}" ; then -+ sed "s/^/$submenu_indentation/" << EOF -+ devicetree ${rel_dirname}/${fdt} -+EOF -+ fi -+ sed "s/^/$submenu_indentation/" << EOF -+} -+EOF -+} -+ -+machine=`uname -m` -+case "x$machine" in -+ xi?86 | xx86_64) -+ list= -+ for i in /boot/vmlinuz-* /vmlinuz-* /boot/kernel-* ; do -+ if grub_file_is_not_garbage "$i" ; then list="$list $i" ; fi -+ done ;; -+ *) -+ list= -+ for i in /boot/vmlinuz-* /boot/vmlinux-* /vmlinuz-* /vmlinux-* /boot/kernel-* ; do -+ if grub_file_is_not_garbage "$i" ; then list="$list $i" ; fi -+ done ;; -+esac -+ -+if [ "x${GRUB_ENABLE_BLSCFG}" = "xtrue" ]; then -+ for i in /boot/ostree/*/vmlinuz-* ; do -+ if grub_file_is_not_garbage "$i" ; then list="$list $i" ; fi -+ done -+fi -+ -+case "$machine" in -+ i?86) GENKERNEL_ARCH="x86" ;; -+ mips|mips64) GENKERNEL_ARCH="mips" ;; -+ mipsel|mips64el) GENKERNEL_ARCH="mipsel" ;; -+ arm*) GENKERNEL_ARCH="arm" ;; -+ *) GENKERNEL_ARCH="$machine" ;; -+esac -+ -+prepare_boot_cache= -+prepare_root_cache= -+boot_device_id= -+title_correction_code= -+ -+# Extra indentation to add to menu entries in a submenu. We're not in a submenu -+# yet, so it's empty. In a submenu it will be equal to '\t' (one tab). -+submenu_indentation="" -+ -+is_top_level=true -+while [ "x$list" != "x" ] ; do -+ linux=`version_find_latest $list` -+ if [ "x${GRUB_ENABLE_BLSCFG}" != "xtrue" ]; then -+ gettext_printf "Found linux image: %s\n" "$linux" >&2 -+ fi -+ -+ basename=`basename $linux` -+ dirname=`dirname $linux` -+ rel_dirname=`make_system_path_relative_to_its_root $dirname` -+ version=`echo $basename | sed -e "s,^[^0-9]*-,,g"` -+ alt_version=`echo $version | sed -e "s,\.old$,,g"` -+ linux_root_device_thisversion="${LINUX_ROOT_DEVICE}" -+ -+ initrd_early= -+ for i in ${GRUB_EARLY_INITRD_LINUX_STOCK} \ -+ ${GRUB_EARLY_INITRD_LINUX_CUSTOM}; do -+ if test -e "${dirname}/${i}" ; then -+ initrd_early="${initrd_early} ${i}" -+ fi -+ done -+ -+ initrd_real= -+ for i in "initrd.img-${version}" "initrd-${version}.img" "initrd-${version}.gz" \ -+ "initrd-${version}" "initramfs-${version}.img" \ -+ "initrd.img-${alt_version}" "initrd-${alt_version}.img" \ -+ "initrd-${alt_version}" "initramfs-${alt_version}.img" \ -+ "initramfs-genkernel-${version}" \ -+ "initramfs-genkernel-${alt_version}" \ -+ "initramfs-genkernel-${GENKERNEL_ARCH}-${version}" \ -+ "initramfs-genkernel-${GENKERNEL_ARCH}-${alt_version}"; do -+ if test -e "${dirname}/${i}" ; then -+ initrd_real="${i}" -+ break -+ fi -+ done -+ -+ initrd= -+ if test -n "${initrd_early}" || test -n "${initrd_real}"; then -+ initrd="${initrd_early} ${initrd_real}" -+ -+ initrd_display= -+ for i in ${initrd}; do -+ initrd_display="${initrd_display} ${dirname}/${i}" -+ done -+ if [ "x${GRUB_ENABLE_BLSCFG}" != "xtrue" ]; then -+ gettext_printf "Found initrd image: %s\n" "$(echo $initrd_display)" >&2 -+ fi -+ fi -+ -+ fdt= -+ for i in "dtb-${version}" "dtb-${alt_version}"; do -+ if test -f "${dirname}/${i}/${GRUB_DEFAULT_DTB}" ; then -+ fdt="${i}/${GRUB_DEFAULT_DTB}" -+ break -+ fi -+ done -+ -+ config= -+ for i in "${dirname}/config-${version}" "${dirname}/config-${alt_version}" "/etc/kernels/kernel-config-${version}" ; do -+ if test -e "${i}" ; then -+ config="${i}" -+ break -+ fi -+ done -+ -+ initramfs= -+ if test -n "${config}" ; then -+ initramfs=`grep CONFIG_INITRAMFS_SOURCE= "${config}" | cut -f2 -d= | tr -d \"` -+ fi -+ -+ if test -z "${initramfs}" && test -z "${initrd_real}" ; then -+ # "UUID=" and "ZFS=" magic is parsed by initrd or initramfs. Since there's -+ # no initrd or builtin initramfs, it can't work here. -+ if [ "x${GRUB_DEVICE_PARTUUID}" = "x" ] \ -+ || [ "x${GRUB_DISABLE_LINUX_PARTUUID}" = "xtrue" ]; then -+ -+ linux_root_device_thisversion=${GRUB_DEVICE} -+ else -+ linux_root_device_thisversion=PARTUUID=${GRUB_DEVICE_PARTUUID} -+ fi -+ fi -+ -+ if [ "x${GRUB_DISABLE_SUBMENU}" = "xyes" ] || [ "x${GRUB_DISABLE_SUBMENU}" = "xy" ]; then -+ GRUB_DISABLE_SUBMENU="true" -+ fi -+ -+ if [ "x$is_top_level" = xtrue ] && [ "x${GRUB_DISABLE_SUBMENU}" != xtrue ]; then -+ linux_entry "${OS}" "${version}" simple standard \ -+ "${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT}" -+ if [ "x$GRUB_LINUX_MAKE_DEBUG" = "xtrue" ]; then -+ linux_entry "${OS}" "${version}" simple debug \ -+ "${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT} ${GRUB_CMDLINE_LINUX_DEBUG}" -+ fi -+ -+ submenu_indentation="$grub_tab" -+ -+ if [ -z "$boot_device_id" ]; then -+ boot_device_id="$(grub_get_device_id "${GRUB_DEVICE}")" -+ fi -+ # TRANSLATORS: %s is replaced with an OS name -+ echo "submenu '$(gettext_printf "Advanced options for %s" "${OS}" | grub_quote)' \$menuentry_id_option 'gnulinux-advanced-$boot_device_id' {" -+ is_top_level=false -+ fi -+ -+ linux_entry "${OS}" "${version}" advanced standard \ -+ "${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT}" -+ if [ "x$GRUB_LINUX_MAKE_DEBUG" = "xtrue" ]; then -+ linux_entry "${OS}" "${version}" advanced debug \ -+ "${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT} ${GRUB_CMDLINE_LINUX_DEBUG}" -+ fi -+ -+ if [ "x${GRUB_DISABLE_RECOVERY}" != "xtrue" ]; then -+ linux_entry "${OS}" "${version}" recovery standard \ -+ "single ${GRUB_CMDLINE_LINUX}" -+ fi -+ -+ list=`echo $list | tr ' ' '\n' | fgrep -vx "$linux" | tr '\n' ' '` -+done -+ -+# If at least one kernel was found, then we need to -+# add a closing '}' for the submenu command. -+if [ x"$is_top_level" != xtrue ]; then -+ echo '}' -+fi -+ -+echo "$title_correction_code" diff --git a/SOURCES/0238-Only-set-kernelopts-in-grubenv-if-it-wasn-t-set-befo.patch b/SOURCES/0238-Only-set-kernelopts-in-grubenv-if-it-wasn-t-set-befo.patch deleted file mode 100644 index be3c867..0000000 --- a/SOURCES/0238-Only-set-kernelopts-in-grubenv-if-it-wasn-t-set-befo.patch +++ /dev/null @@ -1,79 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Javier Martinez Canillas -Date: Fri, 5 Oct 2018 16:29:47 +0200 -Subject: [PATCH] Only set kernelopts in grubenv if it wasn't set before - -Users may want to use a different command line parameters, so if there's -a kernelopts var set in grubenv, grub2-mkconfig shouldn't reset it. - -While being there, print a warning so users know that they shouldn't edit -the grub config file and instead edit the BootLoaderSpec config files. - -Resolves: rhbz#1636466 - -Signed-off-by: Javier Martinez Canillas ---- - util/grub.d/10_linux.in | 20 +++++++++++++++++++- - util/grub.d/10_linux_bls.in | 4 +++- - 2 files changed, 22 insertions(+), 2 deletions(-) - -diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in -index 9682e97b7f5..01e66e5fc74 100644 ---- a/util/grub.d/10_linux.in -+++ b/util/grub.d/10_linux.in -@@ -82,6 +82,20 @@ case x"$GRUB_FS" in - ;; - esac - -+populate_header_warn() -+{ -+cat < +Date: Thu, 11 Oct 2018 15:30:13 -0400 +Subject: [PATCH] blscfg: don't include ".conf" at the end of our "id". + +Related: rhbz#1638117 + +Signed-off-by: Peter Jones +--- + grub-core/commands/blscfg.c | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +diff --git a/grub-core/commands/blscfg.c b/grub-core/commands/blscfg.c +index bec5a9ffe3e..3847572dabd 100644 +--- a/grub-core/commands/blscfg.c ++++ b/grub-core/commands/blscfg.c +@@ -575,6 +575,7 @@ static void create_entry (struct bls_entry *entry) + char **initrds = NULL; + char *initrd = NULL; + char *id = entry->filename; ++ char *dotconf = id; + char *hotkey = NULL; + + char *users = NULL; +@@ -593,6 +594,16 @@ static void create_entry (struct bls_entry *entry) + goto finish; + } + ++ /* ++ * strip the ".conf" off the end before we make it our "id" field. ++ */ ++ do ++ { ++ dotconf = grub_strstr(dotconf, ".conf"); ++ } while (dotconf != NULL && dotconf[5] != '\0'); ++ if (dotconf) ++ dotconf[0] = '\0'; ++ + title = bls_get_val (entry, "title", NULL); + options = expand_val (bls_get_val (entry, "options", NULL)); + initrds = bls_make_list (entry, "initrd", NULL); diff --git a/SOURCES/0239-blscfg-don-t-include-.conf-at-the-end-of-our-id.patch b/SOURCES/0239-blscfg-don-t-include-.conf-at-the-end-of-our-id.patch deleted file mode 100644 index 59adb84..0000000 --- a/SOURCES/0239-blscfg-don-t-include-.conf-at-the-end-of-our-id.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Thu, 11 Oct 2018 15:30:13 -0400 -Subject: [PATCH] blscfg: don't include ".conf" at the end of our "id". - -Related: rhbz#1638117 - -Signed-off-by: Peter Jones ---- - grub-core/commands/blscfg.c | 11 +++++++++++ - 1 file changed, 11 insertions(+) - -diff --git a/grub-core/commands/blscfg.c b/grub-core/commands/blscfg.c -index bec5a9ffe3e..3847572dabd 100644 ---- a/grub-core/commands/blscfg.c -+++ b/grub-core/commands/blscfg.c -@@ -575,6 +575,7 @@ static void create_entry (struct bls_entry *entry) - char **initrds = NULL; - char *initrd = NULL; - char *id = entry->filename; -+ char *dotconf = id; - char *hotkey = NULL; - - char *users = NULL; -@@ -593,6 +594,16 @@ static void create_entry (struct bls_entry *entry) - goto finish; - } - -+ /* -+ * strip the ".conf" off the end before we make it our "id" field. -+ */ -+ do -+ { -+ dotconf = grub_strstr(dotconf, ".conf"); -+ } while (dotconf != NULL && dotconf[5] != '\0'); -+ if (dotconf) -+ dotconf[0] = '\0'; -+ - title = bls_get_val (entry, "title", NULL); - options = expand_val (bls_get_val (entry, "options", NULL)); - initrds = bls_make_list (entry, "initrd", NULL); diff --git a/SOURCES/0239-grub-get-kernel-settings-expose-some-more-config-var.patch b/SOURCES/0239-grub-get-kernel-settings-expose-some-more-config-var.patch new file mode 100644 index 0000000..2471e5f --- /dev/null +++ b/SOURCES/0239-grub-get-kernel-settings-expose-some-more-config-var.patch @@ -0,0 +1,32 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Thu, 11 Oct 2018 15:31:04 -0400 +Subject: [PATCH] grub-get-kernel-settings: expose some more config variables + +This exposes MAKEDEFAULT as GRUB_UPDATE_DEFAULT_KERNEL and DEFAULTDEBUG as +GRUB_DEFAULT_TO_DEBUG + +Related: rhbz#1638117 +Signed-off-by: Peter Jones +--- + util/grub-get-kernel-settings.in | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/util/grub-get-kernel-settings.in b/util/grub-get-kernel-settings.in +index 12046219878..7e87dfccc0e 100644 +--- a/util/grub-get-kernel-settings.in ++++ b/util/grub-get-kernel-settings.in +@@ -76,3 +76,13 @@ if [ "$MAKEDEBUG" = "yes" ]; then + echo GRUB_LINUX_DEBUG_TITLE_POSTFIX=\" with debugging\" + echo export GRUB_LINUX_DEBUG_TITLE_POSTFIX + fi ++if [ "$DEFAULTDEBUG" = "yes" ]; then ++ echo GRUB_DEFAULT_TO_DEBUG=true ++else ++ echo GRUB_DEFAULT_TO_DEBUG=false ++fi ++echo export GRUB_DEFAULT_TO_DEBUG ++if [ "$UPDATEDEFAULT" = "yes" ]; then ++ echo GRUB_UPDATE_DEFAULT_KERNEL=true ++ echo export GRUB_UPDATE_DEFAULT_KERNEL ++fi diff --git a/SOURCES/0240-blscfg-sort-everything-with-rpm-package-comparison.patch b/SOURCES/0240-blscfg-sort-everything-with-rpm-package-comparison.patch new file mode 100644 index 0000000..f1d848c --- /dev/null +++ b/SOURCES/0240-blscfg-sort-everything-with-rpm-package-comparison.patch @@ -0,0 +1,161 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Mon, 15 Oct 2018 15:08:33 -0400 +Subject: [PATCH] blscfg: sort everything with rpm *package* comparison + +This makes comparisons use the n-v-r tuple, and compare name with name, +version with version, and release with release. + +Related: rhbz#1638103 + +Signed-off-by: Peter Jones +--- + grub-core/commands/blscfg.c | 118 ++++++++++++++++++++++++++++++++++++++++---- + 1 file changed, 108 insertions(+), 10 deletions(-) + +diff --git a/grub-core/commands/blscfg.c b/grub-core/commands/blscfg.c +index 3847572dabd..347128c9ddd 100644 +--- a/grub-core/commands/blscfg.c ++++ b/grub-core/commands/blscfg.c +@@ -206,7 +206,7 @@ static int vercmp(const char * a, const char * b) + int isnum; + int ret = 0; + +- grub_dprintf("blscfg", "%s got here\n", __func__); ++ grub_dprintf("blscfg", "%s got here\n", __func__); + if (!grub_strcmp(a, b)) + return 0; + +@@ -315,6 +315,81 @@ finish: + return ret; + } + ++/* returns name/version/release */ ++/* NULL string pointer returned if nothing found */ ++static void ++split_package_string (char *package_string, char **name, ++ char **version, char **release) ++{ ++ char *package_version, *package_release; ++ ++ /* Release */ ++ package_release = grub_strrchr (package_string, '-'); ++ ++ if (package_release != NULL) ++ *package_release++ = '\0'; ++ ++ *release = package_release; ++ ++ if (name == NULL) ++ { ++ *version = package_string; ++ } ++ else ++ { ++ /* Version */ ++ package_version = grub_strrchr(package_string, '-'); ++ ++ if (package_version != NULL) ++ *package_version++ = '\0'; ++ ++ *version = package_version; ++ /* Name */ ++ *name = package_string; ++ } ++ ++ /* Bubble up non-null values from release to name */ ++ if (name != NULL && *name == NULL) ++ { ++ *name = (*version == NULL ? *release : *version); ++ *version = *release; ++ *release = NULL; ++ } ++ if (*version == NULL) ++ { ++ *version = *release; ++ *release = NULL; ++ } ++} ++ ++static int ++split_cmp(char *nvr0, char *nvr1, int has_name) ++{ ++ int ret = 0; ++ char *name0, *version0, *release0; ++ char *name1, *version1, *release1; ++ ++ split_package_string(nvr0, has_name ? &name0 : NULL, &version0, &release0); ++ split_package_string(nvr1, has_name ? &name1 : NULL, &version1, &release1); ++ ++ if (has_name) ++ { ++ ret = vercmp(name0 == NULL ? "" : name0, ++ name1 == NULL ? "" : name1); ++ if (ret != 0) ++ return ret; ++ } ++ ++ ret = vercmp(version0 == NULL ? "" : version0, ++ version1 == NULL ? "" : version1); ++ if (ret != 0) ++ return ret; ++ ++ ret = vercmp(release0 == NULL ? "" : release0, ++ release1 == NULL ? "" : release1); ++ return ret; ++} ++ + /* return 1: p0 is newer than p1 */ + /* 0: p0 and p1 are the same version */ + /* -1: p1 is newer than p0 */ +@@ -323,18 +398,41 @@ static int bls_cmp(const void *p0, const void *p1, void *state) + struct bls_entry * e0 = *(struct bls_entry **)p0; + struct bls_entry * e1 = *(struct bls_entry **)p1; + bool use_version = *(bool *)state; +- const char *v0, *v1; +- int r; ++ char *v0, *v1; ++ char *id0, *id1; ++ int l, r; + +- if (use_version) { +- v0 = bls_get_val(e0, "version", NULL); +- v1 = bls_get_val(e1, "version", NULL); ++ if (use_version) ++ { ++ v0 = grub_strdup(bls_get_val(e0, "version", NULL)); ++ v1 = grub_strdup(bls_get_val(e1, "version", NULL)); + +- if ((r = vercmp(v0, v1)) != 0) +- return r; +- } ++ r = split_cmp(v0, v1, 0); + +- return vercmp(e0->filename, e1->filename); ++ grub_free(v0); ++ grub_free(v1); ++ ++ if (r != 0) ++ return r; ++ } ++ ++ id0 = grub_strdup(e0->filename); ++ id1 = grub_strdup(e1->filename); ++ ++ l = grub_strlen(id0); ++ if (l > 5 && grub_strcmp(id0 + l - 5, ".conf")) ++ id0[l-5] = '\0'; ++ ++ l = grub_strlen(id1); ++ if (l > 5 && grub_strcmp(id1 + l - 5, ".conf")) ++ id1[l-5] = '\0'; ++ ++ r = split_cmp(id0, id1, 1); ++ ++ grub_free(id0); ++ grub_free(id1); ++ ++ return r; + } + + struct read_entry_info { diff --git a/SOURCES/0240-grub-get-kernel-settings-expose-some-more-config-var.patch b/SOURCES/0240-grub-get-kernel-settings-expose-some-more-config-var.patch deleted file mode 100644 index 2471e5f..0000000 --- a/SOURCES/0240-grub-get-kernel-settings-expose-some-more-config-var.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Thu, 11 Oct 2018 15:31:04 -0400 -Subject: [PATCH] grub-get-kernel-settings: expose some more config variables - -This exposes MAKEDEFAULT as GRUB_UPDATE_DEFAULT_KERNEL and DEFAULTDEBUG as -GRUB_DEFAULT_TO_DEBUG - -Related: rhbz#1638117 -Signed-off-by: Peter Jones ---- - util/grub-get-kernel-settings.in | 10 ++++++++++ - 1 file changed, 10 insertions(+) - -diff --git a/util/grub-get-kernel-settings.in b/util/grub-get-kernel-settings.in -index 12046219878..7e87dfccc0e 100644 ---- a/util/grub-get-kernel-settings.in -+++ b/util/grub-get-kernel-settings.in -@@ -76,3 +76,13 @@ if [ "$MAKEDEBUG" = "yes" ]; then - echo GRUB_LINUX_DEBUG_TITLE_POSTFIX=\" with debugging\" - echo export GRUB_LINUX_DEBUG_TITLE_POSTFIX - fi -+if [ "$DEFAULTDEBUG" = "yes" ]; then -+ echo GRUB_DEFAULT_TO_DEBUG=true -+else -+ echo GRUB_DEFAULT_TO_DEBUG=false -+fi -+echo export GRUB_DEFAULT_TO_DEBUG -+if [ "$UPDATEDEFAULT" = "yes" ]; then -+ echo GRUB_UPDATE_DEFAULT_KERNEL=true -+ echo export GRUB_UPDATE_DEFAULT_KERNEL -+fi diff --git a/SOURCES/0241-10_linux_bls-use-grub2-rpm-sort-instead-of-ls-vr-to-.patch b/SOURCES/0241-10_linux_bls-use-grub2-rpm-sort-instead-of-ls-vr-to-.patch new file mode 100644 index 0000000..f23cd47 --- /dev/null +++ b/SOURCES/0241-10_linux_bls-use-grub2-rpm-sort-instead-of-ls-vr-to-.patch @@ -0,0 +1,43 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Tue, 16 Oct 2018 15:48:15 +0200 +Subject: [PATCH] 10_linux_bls: use grub2-rpm-sort instead of ls -vr to sort + entries + +Using ls -vr is wrong since it's not the same than the RPM sort algorithm. + +Signed-off-by: Javier Martinez Canillas +--- + util/grub.d/10_linux_bls.in | 18 +++++++++++++++--- + 1 file changed, 15 insertions(+), 3 deletions(-) + +diff --git a/util/grub.d/10_linux_bls.in b/util/grub.d/10_linux_bls.in +index 8a3379578bd..1bc97f29898 100644 +--- a/util/grub.d/10_linux_bls.in ++++ b/util/grub.d/10_linux_bls.in +@@ -151,10 +151,22 @@ read_config() + + populate_menu() + { +- entries_path="/boot/loader/entries" ++ blsdir="/boot/loader/entries" ++ local -a files ++ local IFS=$'\n' + gettext_printf "Generating boot entries from BLS files...\n" >&2 +- for config in $(ls -v -r $entries_path/*.conf); do +- read_config ${config} ++ ++ files=($(for bls in ${blsdir}/*.conf ; do ++ if ! [[ -e "${bls}" ]] ; then ++ continue ++ fi ++ bls="${bls%.conf}" ++ bls="${bls##*/}" ++ echo "${bls}" ++ done | ${kernel_sort} | tac)) || : ++ ++ for bls in "${files[@]}" ; do ++ read_config "${blsdir}/${bls}.conf" + menu="${menu}menuentry '${title}' {\n" + menu="${menu}\t linux ${linux} ${options}\n" + if [ -n "${initrd}" ] ; then diff --git a/SOURCES/0241-blscfg-sort-everything-with-rpm-package-comparison.patch b/SOURCES/0241-blscfg-sort-everything-with-rpm-package-comparison.patch deleted file mode 100644 index f1d848c..0000000 --- a/SOURCES/0241-blscfg-sort-everything-with-rpm-package-comparison.patch +++ /dev/null @@ -1,161 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Mon, 15 Oct 2018 15:08:33 -0400 -Subject: [PATCH] blscfg: sort everything with rpm *package* comparison - -This makes comparisons use the n-v-r tuple, and compare name with name, -version with version, and release with release. - -Related: rhbz#1638103 - -Signed-off-by: Peter Jones ---- - grub-core/commands/blscfg.c | 118 ++++++++++++++++++++++++++++++++++++++++---- - 1 file changed, 108 insertions(+), 10 deletions(-) - -diff --git a/grub-core/commands/blscfg.c b/grub-core/commands/blscfg.c -index 3847572dabd..347128c9ddd 100644 ---- a/grub-core/commands/blscfg.c -+++ b/grub-core/commands/blscfg.c -@@ -206,7 +206,7 @@ static int vercmp(const char * a, const char * b) - int isnum; - int ret = 0; - -- grub_dprintf("blscfg", "%s got here\n", __func__); -+ grub_dprintf("blscfg", "%s got here\n", __func__); - if (!grub_strcmp(a, b)) - return 0; - -@@ -315,6 +315,81 @@ finish: - return ret; - } - -+/* returns name/version/release */ -+/* NULL string pointer returned if nothing found */ -+static void -+split_package_string (char *package_string, char **name, -+ char **version, char **release) -+{ -+ char *package_version, *package_release; -+ -+ /* Release */ -+ package_release = grub_strrchr (package_string, '-'); -+ -+ if (package_release != NULL) -+ *package_release++ = '\0'; -+ -+ *release = package_release; -+ -+ if (name == NULL) -+ { -+ *version = package_string; -+ } -+ else -+ { -+ /* Version */ -+ package_version = grub_strrchr(package_string, '-'); -+ -+ if (package_version != NULL) -+ *package_version++ = '\0'; -+ -+ *version = package_version; -+ /* Name */ -+ *name = package_string; -+ } -+ -+ /* Bubble up non-null values from release to name */ -+ if (name != NULL && *name == NULL) -+ { -+ *name = (*version == NULL ? *release : *version); -+ *version = *release; -+ *release = NULL; -+ } -+ if (*version == NULL) -+ { -+ *version = *release; -+ *release = NULL; -+ } -+} -+ -+static int -+split_cmp(char *nvr0, char *nvr1, int has_name) -+{ -+ int ret = 0; -+ char *name0, *version0, *release0; -+ char *name1, *version1, *release1; -+ -+ split_package_string(nvr0, has_name ? &name0 : NULL, &version0, &release0); -+ split_package_string(nvr1, has_name ? &name1 : NULL, &version1, &release1); -+ -+ if (has_name) -+ { -+ ret = vercmp(name0 == NULL ? "" : name0, -+ name1 == NULL ? "" : name1); -+ if (ret != 0) -+ return ret; -+ } -+ -+ ret = vercmp(version0 == NULL ? "" : version0, -+ version1 == NULL ? "" : version1); -+ if (ret != 0) -+ return ret; -+ -+ ret = vercmp(release0 == NULL ? "" : release0, -+ release1 == NULL ? "" : release1); -+ return ret; -+} -+ - /* return 1: p0 is newer than p1 */ - /* 0: p0 and p1 are the same version */ - /* -1: p1 is newer than p0 */ -@@ -323,18 +398,41 @@ static int bls_cmp(const void *p0, const void *p1, void *state) - struct bls_entry * e0 = *(struct bls_entry **)p0; - struct bls_entry * e1 = *(struct bls_entry **)p1; - bool use_version = *(bool *)state; -- const char *v0, *v1; -- int r; -+ char *v0, *v1; -+ char *id0, *id1; -+ int l, r; - -- if (use_version) { -- v0 = bls_get_val(e0, "version", NULL); -- v1 = bls_get_val(e1, "version", NULL); -+ if (use_version) -+ { -+ v0 = grub_strdup(bls_get_val(e0, "version", NULL)); -+ v1 = grub_strdup(bls_get_val(e1, "version", NULL)); - -- if ((r = vercmp(v0, v1)) != 0) -- return r; -- } -+ r = split_cmp(v0, v1, 0); - -- return vercmp(e0->filename, e1->filename); -+ grub_free(v0); -+ grub_free(v1); -+ -+ if (r != 0) -+ return r; -+ } -+ -+ id0 = grub_strdup(e0->filename); -+ id1 = grub_strdup(e1->filename); -+ -+ l = grub_strlen(id0); -+ if (l > 5 && grub_strcmp(id0 + l - 5, ".conf")) -+ id0[l-5] = '\0'; -+ -+ l = grub_strlen(id1); -+ if (l > 5 && grub_strcmp(id1 + l - 5, ".conf")) -+ id1[l-5] = '\0'; -+ -+ r = split_cmp(id0, id1, 1); -+ -+ grub_free(id0); -+ grub_free(id1); -+ -+ return r; - } - - struct read_entry_info { diff --git a/SOURCES/0242-10_linux_bls-use-grub2-rpm-sort-instead-of-ls-vr-to-.patch b/SOURCES/0242-10_linux_bls-use-grub2-rpm-sort-instead-of-ls-vr-to-.patch deleted file mode 100644 index f23cd47..0000000 --- a/SOURCES/0242-10_linux_bls-use-grub2-rpm-sort-instead-of-ls-vr-to-.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Javier Martinez Canillas -Date: Tue, 16 Oct 2018 15:48:15 +0200 -Subject: [PATCH] 10_linux_bls: use grub2-rpm-sort instead of ls -vr to sort - entries - -Using ls -vr is wrong since it's not the same than the RPM sort algorithm. - -Signed-off-by: Javier Martinez Canillas ---- - util/grub.d/10_linux_bls.in | 18 +++++++++++++++--- - 1 file changed, 15 insertions(+), 3 deletions(-) - -diff --git a/util/grub.d/10_linux_bls.in b/util/grub.d/10_linux_bls.in -index 8a3379578bd..1bc97f29898 100644 ---- a/util/grub.d/10_linux_bls.in -+++ b/util/grub.d/10_linux_bls.in -@@ -151,10 +151,22 @@ read_config() - - populate_menu() - { -- entries_path="/boot/loader/entries" -+ blsdir="/boot/loader/entries" -+ local -a files -+ local IFS=$'\n' - gettext_printf "Generating boot entries from BLS files...\n" >&2 -- for config in $(ls -v -r $entries_path/*.conf); do -- read_config ${config} -+ -+ files=($(for bls in ${blsdir}/*.conf ; do -+ if ! [[ -e "${bls}" ]] ; then -+ continue -+ fi -+ bls="${bls%.conf}" -+ bls="${bls##*/}" -+ echo "${bls}" -+ done | ${kernel_sort} | tac)) || : -+ -+ for bls in "${files[@]}" ; do -+ read_config "${blsdir}/${bls}.conf" - menu="${menu}menuentry '${title}' {\n" - menu="${menu}\t linux ${linux} ${options}\n" - if [ -n "${initrd}" ] ; then diff --git a/SOURCES/0242-don-t-set-saved_entry-on-grub2-mkconfig.patch b/SOURCES/0242-don-t-set-saved_entry-on-grub2-mkconfig.patch new file mode 100644 index 0000000..8e3ea47 --- /dev/null +++ b/SOURCES/0242-don-t-set-saved_entry-on-grub2-mkconfig.patch @@ -0,0 +1,42 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Fri, 19 Oct 2018 14:42:41 +0200 +Subject: [PATCH] don't set saved_entry on grub2-mkconfig + +The original plan was for grub2 to rely on the BLS sort criteria to choose +the default entry to boot, to avoid modifying any files when a new kernel +was installed. But that was changed and now 20-grub.install changes the +default, so 10_linux{,bls} shouldn't overwrite this. + +Resolves: rhbz#1636466 + +Signed-off-by: Javier Martinez Canillas +--- + util/grub.d/10_linux.in | 1 - + util/grub.d/10_linux_bls.in | 1 - + 2 files changed, 2 deletions(-) + +diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in +index 01e66e5fc74..b54d2774a7d 100644 +--- a/util/grub.d/10_linux.in ++++ b/util/grub.d/10_linux.in +@@ -165,7 +165,6 @@ if [ -s \$prefix/grubenv ]; then + fi + EOF + +- ${grub_editenv} - set saved_entry=0 + if ! grub2-editenv - list | grep -q kernelopts; then + ${grub_editenv} - set kernelopts="root=${linux_root_device_thisversion} ro ${args}" + fi +diff --git a/util/grub.d/10_linux_bls.in b/util/grub.d/10_linux_bls.in +index 1bc97f29898..8745e598d0e 100644 +--- a/util/grub.d/10_linux_bls.in ++++ b/util/grub.d/10_linux_bls.in +@@ -212,7 +212,6 @@ linux_entry () + populate_header_warn + populate_menu + +- ${grub_editenv} - set saved_entry=0 + if ! grub2-editenv - list | grep -q kernelopts; then + ${grub_editenv} - set kernelopts="root=${linux_root_device_thisversion} ro ${args}" + fi diff --git a/SOURCES/0243-don-t-set-saved_entry-on-grub2-mkconfig.patch b/SOURCES/0243-don-t-set-saved_entry-on-grub2-mkconfig.patch deleted file mode 100644 index 8e3ea47..0000000 --- a/SOURCES/0243-don-t-set-saved_entry-on-grub2-mkconfig.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Javier Martinez Canillas -Date: Fri, 19 Oct 2018 14:42:41 +0200 -Subject: [PATCH] don't set saved_entry on grub2-mkconfig - -The original plan was for grub2 to rely on the BLS sort criteria to choose -the default entry to boot, to avoid modifying any files when a new kernel -was installed. But that was changed and now 20-grub.install changes the -default, so 10_linux{,bls} shouldn't overwrite this. - -Resolves: rhbz#1636466 - -Signed-off-by: Javier Martinez Canillas ---- - util/grub.d/10_linux.in | 1 - - util/grub.d/10_linux_bls.in | 1 - - 2 files changed, 2 deletions(-) - -diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in -index 01e66e5fc74..b54d2774a7d 100644 ---- a/util/grub.d/10_linux.in -+++ b/util/grub.d/10_linux.in -@@ -165,7 +165,6 @@ if [ -s \$prefix/grubenv ]; then - fi - EOF - -- ${grub_editenv} - set saved_entry=0 - if ! grub2-editenv - list | grep -q kernelopts; then - ${grub_editenv} - set kernelopts="root=${linux_root_device_thisversion} ro ${args}" - fi -diff --git a/util/grub.d/10_linux_bls.in b/util/grub.d/10_linux_bls.in -index 1bc97f29898..8745e598d0e 100644 ---- a/util/grub.d/10_linux_bls.in -+++ b/util/grub.d/10_linux_bls.in -@@ -212,7 +212,6 @@ linux_entry () - populate_header_warn - populate_menu - -- ${grub_editenv} - set saved_entry=0 - if ! grub2-editenv - list | grep -q kernelopts; then - ${grub_editenv} - set kernelopts="root=${linux_root_device_thisversion} ro ${args}" - fi diff --git a/SOURCES/0243-grub-switch-to-blscfg-use-debug-instead-of-debug-as-.patch b/SOURCES/0243-grub-switch-to-blscfg-use-debug-instead-of-debug-as-.patch new file mode 100644 index 0000000..9256c23 --- /dev/null +++ b/SOURCES/0243-grub-switch-to-blscfg-use-debug-instead-of-debug-as-.patch @@ -0,0 +1,31 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Fri, 19 Oct 2018 18:48:27 +0200 +Subject: [PATCH] grub-switch-to-blscfg: use ~debug instead of -debug as suffix + to sort correctly + +For the debug BLS entries a -debug suffix was added so they are sorted after +the kernel entries, but that only works with version sort and not rpm sort. + +So instead use ~debug prefix so rpm sort algorithm could sort it correctly. + +Related: rhbz#1638103 + +Signed-off-by: Javier Martinez Canillas +--- + util/grub-switch-to-blscfg.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/util/grub-switch-to-blscfg.in b/util/grub-switch-to-blscfg.in +index 1c6bd1882a7..60cd6ca63cc 100644 +--- a/util/grub-switch-to-blscfg.in ++++ b/util/grub-switch-to-blscfg.in +@@ -250,7 +250,7 @@ for kernelver in $(cd /lib/modules/ ; ls -1) "" ; do + fi + + if [ "x$GRUB_LINUX_MAKE_DEBUG" = "xtrue" ]; then +- bls_debug="$(echo ${bls_target} | sed -e "s/\.${arch}/-debug.${arch}/")" ++ bls_debug="$(echo ${bls_target} | sed -e "s/${kernelver}/${kernelver}~debug/")" + cp -aT "${bls_target}" "${bls_debug}" + title="$(grep '^title[ \t]' "${bls_debug}" | sed -e 's/^title[ \t]*//')" + blsid="$(grep '^id[ \t]' "${bls_debug}" | sed -e "s/\.${ARCH}/-debug.${arch}/")" diff --git a/SOURCES/0244-Make-blscfg-debug-messages-more-useful.patch b/SOURCES/0244-Make-blscfg-debug-messages-more-useful.patch new file mode 100644 index 0000000..9a05606 --- /dev/null +++ b/SOURCES/0244-Make-blscfg-debug-messages-more-useful.patch @@ -0,0 +1,175 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Fri, 19 Oct 2018 10:03:28 -0400 +Subject: [PATCH] Make blscfg debug messages more useful + +Related: rhbz#1640979 +Signed-off-by: Peter Jones +--- + grub-core/commands/blscfg.c | 12 +++++------- + grub-core/commands/legacycfg.c | 4 ++-- + grub-core/commands/menuentry.c | 18 ++++++++++++++---- + include/grub/normal.h | 2 +- + 4 files changed, 22 insertions(+), 14 deletions(-) + +diff --git a/grub-core/commands/blscfg.c b/grub-core/commands/blscfg.c +index 347128c9ddd..42892cbfd55 100644 +--- a/grub-core/commands/blscfg.c ++++ b/grub-core/commands/blscfg.c +@@ -46,8 +46,6 @@ GRUB_MOD_LICENSE ("GPLv3+"); + #define GRUB_BOOT_DEVICE "($root)" + #endif + +-#define grub_free(x) ({grub_dprintf("blscfg", "%s freeing %p\n", __func__, x); grub_free(x); }) +- + struct keyval + { + const char *key; +@@ -134,7 +132,7 @@ static int bls_add_keyval(struct bls_entry *entry, char *key, char *val) + kv->val = v; + + entry->keyvals[entry->nkeyvals] = kv; +- grub_dprintf("blscfg", "new keyval at %p:%p:%p\n", entry->keyvals[entry->nkeyvals], k, v); ++ grub_dprintf("blscfg", "new keyval at %p:%s:%s\n", entry->keyvals[entry->nkeyvals], k, v); + entry->nkeyvals = new_n; + + return 0; +@@ -144,7 +142,6 @@ static void bls_free_entry(struct bls_entry *entry) + { + int i; + +- grub_dprintf("blscfg", "%s got here\n", __func__); + for (i = 0; i < entry->nkeyvals; i++) + { + struct keyval *kv = entry->keyvals[i]; +@@ -206,7 +203,7 @@ static int vercmp(const char * a, const char * b) + int isnum; + int ret = 0; + +- grub_dprintf("blscfg", "%s got here\n", __func__); ++ grub_dprintf("blscfg", "%s comparing %s and %s\n", __func__, a, b); + if (!grub_strcmp(a, b)) + return 0; + +@@ -682,7 +679,7 @@ static void create_entry (struct bls_entry *entry) + char **args = NULL; + + char *src = NULL; +- int i; ++ int i, index; + + grub_dprintf("blscfg", "%s got here\n", __func__); + clinux = bls_get_val (entry, "linux", NULL); +@@ -756,7 +753,8 @@ static void create_entry (struct bls_entry *entry) + GRUB_BOOT_DEVICE, clinux, options ? " " : "", options ? options : "", + initrd ? initrd : ""); + +- grub_normal_add_menu_entry (argc, argv, classes, id, users, hotkey, NULL, src, 0); ++ grub_normal_add_menu_entry (argc, argv, classes, id, users, hotkey, NULL, src, 0, &index); ++ grub_dprintf ("blscfg", "Added entry %d id:\"%s\"\n", index, id); + + finish: + grub_free (initrd); +diff --git a/grub-core/commands/legacycfg.c b/grub-core/commands/legacycfg.c +index b32f3c74cb1..f9d7627bdc3 100644 +--- a/grub-core/commands/legacycfg.c ++++ b/grub-core/commands/legacycfg.c +@@ -133,7 +133,7 @@ legacy_file (const char *filename) + args[0] = oldname; + grub_normal_add_menu_entry (1, args, NULL, NULL, "legacy", + NULL, NULL, +- entrysrc, 0); ++ entrysrc, 0, NULL); + grub_free (args); + entrysrc[0] = 0; + grub_free (oldname); +@@ -186,7 +186,7 @@ legacy_file (const char *filename) + } + args[0] = entryname; + grub_normal_add_menu_entry (1, args, NULL, NULL, NULL, +- NULL, NULL, entrysrc, 0); ++ NULL, NULL, entrysrc, 0, NULL); + grub_free (args); + } + +diff --git a/grub-core/commands/menuentry.c b/grub-core/commands/menuentry.c +index 2c5363da7f5..8d242b0187e 100644 +--- a/grub-core/commands/menuentry.c ++++ b/grub-core/commands/menuentry.c +@@ -78,7 +78,7 @@ grub_normal_add_menu_entry (int argc, const char **args, + char **classes, const char *id, + const char *users, const char *hotkey, + const char *prefix, const char *sourcecode, +- int submenu) ++ int submenu, int *index) + { + int menu_hotkey = 0; + char **menu_args = NULL; +@@ -149,9 +149,12 @@ grub_normal_add_menu_entry (int argc, const char **args, + if (! menu_title) + goto fail; + ++ grub_dprintf ("menu", "id:\"%s\"\n", id); ++ grub_dprintf ("menu", "title:\"%s\"\n", menu_title); + menu_id = grub_strdup (id ? : menu_title); + if (! menu_id) + goto fail; ++ grub_dprintf ("menu", "menu_id:\"%s\"\n", menu_id); + + /* Save argc, args to pass as parameters to block arg later. */ + menu_args = grub_malloc (sizeof (char*) * (argc + 1)); +@@ -170,8 +173,12 @@ grub_normal_add_menu_entry (int argc, const char **args, + } + + /* Add the menu entry at the end of the list. */ ++ int ind=0; + while (*last) +- last = &(*last)->next; ++ { ++ ind++; ++ last = &(*last)->next; ++ } + + *last = grub_zalloc (sizeof (**last)); + if (! *last) +@@ -190,6 +197,8 @@ grub_normal_add_menu_entry (int argc, const char **args, + (*last)->submenu = submenu; + + menu->size++; ++ if (index) ++ *index = ind; + return GRUB_ERR_NONE; + + fail: +@@ -286,7 +295,8 @@ grub_cmd_menuentry (grub_extcmd_context_t ctxt, int argc, char **args) + users, + ctxt->state[2].arg, 0, + ctxt->state[3].arg, +- ctxt->extcmd->cmd->name[0] == 's'); ++ ctxt->extcmd->cmd->name[0] == 's', ++ NULL); + + src = args[argc - 1]; + args[argc - 1] = NULL; +@@ -303,7 +313,7 @@ grub_cmd_menuentry (grub_extcmd_context_t ctxt, int argc, char **args) + ctxt->state[0].args, ctxt->state[4].arg, + users, + ctxt->state[2].arg, prefix, src + 1, +- ctxt->extcmd->cmd->name[0] == 's'); ++ ctxt->extcmd->cmd->name[0] == 's', NULL); + + src[len - 1] = ch; + args[argc - 1] = src; +diff --git a/include/grub/normal.h b/include/grub/normal.h +index 218cbabccaf..cb9901f41b3 100644 +--- a/include/grub/normal.h ++++ b/include/grub/normal.h +@@ -145,7 +145,7 @@ grub_normal_add_menu_entry (int argc, const char **args, char **classes, + const char *id, + const char *users, const char *hotkey, + const char *prefix, const char *sourcecode, +- int submenu); ++ int submenu, int *index); + + grub_err_t + grub_normal_set_password (const char *user, const char *password); diff --git a/SOURCES/0244-grub-switch-to-blscfg-use-debug-instead-of-debug-as-.patch b/SOURCES/0244-grub-switch-to-blscfg-use-debug-instead-of-debug-as-.patch deleted file mode 100644 index 9256c23..0000000 --- a/SOURCES/0244-grub-switch-to-blscfg-use-debug-instead-of-debug-as-.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Javier Martinez Canillas -Date: Fri, 19 Oct 2018 18:48:27 +0200 -Subject: [PATCH] grub-switch-to-blscfg: use ~debug instead of -debug as suffix - to sort correctly - -For the debug BLS entries a -debug suffix was added so they are sorted after -the kernel entries, but that only works with version sort and not rpm sort. - -So instead use ~debug prefix so rpm sort algorithm could sort it correctly. - -Related: rhbz#1638103 - -Signed-off-by: Javier Martinez Canillas ---- - util/grub-switch-to-blscfg.in | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/util/grub-switch-to-blscfg.in b/util/grub-switch-to-blscfg.in -index 1c6bd1882a7..60cd6ca63cc 100644 ---- a/util/grub-switch-to-blscfg.in -+++ b/util/grub-switch-to-blscfg.in -@@ -250,7 +250,7 @@ for kernelver in $(cd /lib/modules/ ; ls -1) "" ; do - fi - - if [ "x$GRUB_LINUX_MAKE_DEBUG" = "xtrue" ]; then -- bls_debug="$(echo ${bls_target} | sed -e "s/\.${arch}/-debug.${arch}/")" -+ bls_debug="$(echo ${bls_target} | sed -e "s/${kernelver}/${kernelver}~debug/")" - cp -aT "${bls_target}" "${bls_debug}" - title="$(grep '^title[ \t]' "${bls_debug}" | sed -e 's/^title[ \t]*//')" - blsid="$(grep '^id[ \t]' "${bls_debug}" | sed -e "s/\.${ARCH}/-debug.${arch}/")" diff --git a/SOURCES/0245-Make-blscfg-debug-messages-more-useful.patch b/SOURCES/0245-Make-blscfg-debug-messages-more-useful.patch deleted file mode 100644 index 9a05606..0000000 --- a/SOURCES/0245-Make-blscfg-debug-messages-more-useful.patch +++ /dev/null @@ -1,175 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Fri, 19 Oct 2018 10:03:28 -0400 -Subject: [PATCH] Make blscfg debug messages more useful - -Related: rhbz#1640979 -Signed-off-by: Peter Jones ---- - grub-core/commands/blscfg.c | 12 +++++------- - grub-core/commands/legacycfg.c | 4 ++-- - grub-core/commands/menuentry.c | 18 ++++++++++++++---- - include/grub/normal.h | 2 +- - 4 files changed, 22 insertions(+), 14 deletions(-) - -diff --git a/grub-core/commands/blscfg.c b/grub-core/commands/blscfg.c -index 347128c9ddd..42892cbfd55 100644 ---- a/grub-core/commands/blscfg.c -+++ b/grub-core/commands/blscfg.c -@@ -46,8 +46,6 @@ GRUB_MOD_LICENSE ("GPLv3+"); - #define GRUB_BOOT_DEVICE "($root)" - #endif - --#define grub_free(x) ({grub_dprintf("blscfg", "%s freeing %p\n", __func__, x); grub_free(x); }) -- - struct keyval - { - const char *key; -@@ -134,7 +132,7 @@ static int bls_add_keyval(struct bls_entry *entry, char *key, char *val) - kv->val = v; - - entry->keyvals[entry->nkeyvals] = kv; -- grub_dprintf("blscfg", "new keyval at %p:%p:%p\n", entry->keyvals[entry->nkeyvals], k, v); -+ grub_dprintf("blscfg", "new keyval at %p:%s:%s\n", entry->keyvals[entry->nkeyvals], k, v); - entry->nkeyvals = new_n; - - return 0; -@@ -144,7 +142,6 @@ static void bls_free_entry(struct bls_entry *entry) - { - int i; - -- grub_dprintf("blscfg", "%s got here\n", __func__); - for (i = 0; i < entry->nkeyvals; i++) - { - struct keyval *kv = entry->keyvals[i]; -@@ -206,7 +203,7 @@ static int vercmp(const char * a, const char * b) - int isnum; - int ret = 0; - -- grub_dprintf("blscfg", "%s got here\n", __func__); -+ grub_dprintf("blscfg", "%s comparing %s and %s\n", __func__, a, b); - if (!grub_strcmp(a, b)) - return 0; - -@@ -682,7 +679,7 @@ static void create_entry (struct bls_entry *entry) - char **args = NULL; - - char *src = NULL; -- int i; -+ int i, index; - - grub_dprintf("blscfg", "%s got here\n", __func__); - clinux = bls_get_val (entry, "linux", NULL); -@@ -756,7 +753,8 @@ static void create_entry (struct bls_entry *entry) - GRUB_BOOT_DEVICE, clinux, options ? " " : "", options ? options : "", - initrd ? initrd : ""); - -- grub_normal_add_menu_entry (argc, argv, classes, id, users, hotkey, NULL, src, 0); -+ grub_normal_add_menu_entry (argc, argv, classes, id, users, hotkey, NULL, src, 0, &index); -+ grub_dprintf ("blscfg", "Added entry %d id:\"%s\"\n", index, id); - - finish: - grub_free (initrd); -diff --git a/grub-core/commands/legacycfg.c b/grub-core/commands/legacycfg.c -index b32f3c74cb1..f9d7627bdc3 100644 ---- a/grub-core/commands/legacycfg.c -+++ b/grub-core/commands/legacycfg.c -@@ -133,7 +133,7 @@ legacy_file (const char *filename) - args[0] = oldname; - grub_normal_add_menu_entry (1, args, NULL, NULL, "legacy", - NULL, NULL, -- entrysrc, 0); -+ entrysrc, 0, NULL); - grub_free (args); - entrysrc[0] = 0; - grub_free (oldname); -@@ -186,7 +186,7 @@ legacy_file (const char *filename) - } - args[0] = entryname; - grub_normal_add_menu_entry (1, args, NULL, NULL, NULL, -- NULL, NULL, entrysrc, 0); -+ NULL, NULL, entrysrc, 0, NULL); - grub_free (args); - } - -diff --git a/grub-core/commands/menuentry.c b/grub-core/commands/menuentry.c -index 2c5363da7f5..8d242b0187e 100644 ---- a/grub-core/commands/menuentry.c -+++ b/grub-core/commands/menuentry.c -@@ -78,7 +78,7 @@ grub_normal_add_menu_entry (int argc, const char **args, - char **classes, const char *id, - const char *users, const char *hotkey, - const char *prefix, const char *sourcecode, -- int submenu) -+ int submenu, int *index) - { - int menu_hotkey = 0; - char **menu_args = NULL; -@@ -149,9 +149,12 @@ grub_normal_add_menu_entry (int argc, const char **args, - if (! menu_title) - goto fail; - -+ grub_dprintf ("menu", "id:\"%s\"\n", id); -+ grub_dprintf ("menu", "title:\"%s\"\n", menu_title); - menu_id = grub_strdup (id ? : menu_title); - if (! menu_id) - goto fail; -+ grub_dprintf ("menu", "menu_id:\"%s\"\n", menu_id); - - /* Save argc, args to pass as parameters to block arg later. */ - menu_args = grub_malloc (sizeof (char*) * (argc + 1)); -@@ -170,8 +173,12 @@ grub_normal_add_menu_entry (int argc, const char **args, - } - - /* Add the menu entry at the end of the list. */ -+ int ind=0; - while (*last) -- last = &(*last)->next; -+ { -+ ind++; -+ last = &(*last)->next; -+ } - - *last = grub_zalloc (sizeof (**last)); - if (! *last) -@@ -190,6 +197,8 @@ grub_normal_add_menu_entry (int argc, const char **args, - (*last)->submenu = submenu; - - menu->size++; -+ if (index) -+ *index = ind; - return GRUB_ERR_NONE; - - fail: -@@ -286,7 +295,8 @@ grub_cmd_menuentry (grub_extcmd_context_t ctxt, int argc, char **args) - users, - ctxt->state[2].arg, 0, - ctxt->state[3].arg, -- ctxt->extcmd->cmd->name[0] == 's'); -+ ctxt->extcmd->cmd->name[0] == 's', -+ NULL); - - src = args[argc - 1]; - args[argc - 1] = NULL; -@@ -303,7 +313,7 @@ grub_cmd_menuentry (grub_extcmd_context_t ctxt, int argc, char **args) - ctxt->state[0].args, ctxt->state[4].arg, - users, - ctxt->state[2].arg, prefix, src + 1, -- ctxt->extcmd->cmd->name[0] == 's'); -+ ctxt->extcmd->cmd->name[0] == 's', NULL); - - src[len - 1] = ch; - args[argc - 1] = src; -diff --git a/include/grub/normal.h b/include/grub/normal.h -index 218cbabccaf..cb9901f41b3 100644 ---- a/include/grub/normal.h -+++ b/include/grub/normal.h -@@ -145,7 +145,7 @@ grub_normal_add_menu_entry (int argc, const char **args, char **classes, - const char *id, - const char *users, const char *hotkey, - const char *prefix, const char *sourcecode, -- int submenu); -+ int submenu, int *index); - - grub_err_t - grub_normal_set_password (const char *user, const char *password); diff --git a/SOURCES/0245-Make-grub_strtoul-end-pointer-have-the-right-constif.patch b/SOURCES/0245-Make-grub_strtoul-end-pointer-have-the-right-constif.patch new file mode 100644 index 0000000..99787bd --- /dev/null +++ b/SOURCES/0245-Make-grub_strtoul-end-pointer-have-the-right-constif.patch @@ -0,0 +1,391 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Fri, 19 Oct 2018 13:41:48 -0400 +Subject: [PATCH] Make grub_strtoul "end" pointer have the right + constification. + +Related: rhbz#1640979 +Signed-off-by: Peter Jones +--- + grub-core/kern/fs.c | 2 +- + grub-core/kern/misc.c | 8 ++++---- + grub-core/kern/partition.c | 2 +- + grub-core/lib/legacy_parse.c | 2 +- + grub-core/lib/syslinux_parse.c | 6 +++--- + grub-core/loader/i386/xen_fileXX.c | 2 +- + grub-core/net/efi/ip4_config.c | 2 +- + grub-core/net/efi/ip6_config.c | 2 +- + grub-core/net/efi/net.c | 4 ++-- + grub-core/net/efi/pxe.c | 6 +++--- + grub-core/net/http.c | 4 ++-- + grub-core/net/net.c | 8 ++++---- + grub-core/net/url.c | 2 +- + grub-core/script/execute.c | 6 +++--- + grub-core/term/serial.c | 2 +- + grub-core/term/terminfo.c | 2 +- + grub-core/tests/strtoull_test.c | 2 +- + include/grub/misc.h | 6 +++--- + 18 files changed, 34 insertions(+), 34 deletions(-) + +diff --git a/grub-core/kern/fs.c b/grub-core/kern/fs.c +index 9085895b6fe..1bd748be83b 100644 +--- a/grub-core/kern/fs.c ++++ b/grub-core/kern/fs.c +@@ -134,7 +134,7 @@ struct grub_fs_block + static grub_err_t + grub_fs_blocklist_open (grub_file_t file, const char *name) + { +- char *p = (char *) name; ++ const char *p = name; + unsigned num = 0; + unsigned i; + grub_disk_t disk = file->device->disk; +diff --git a/grub-core/kern/misc.c b/grub-core/kern/misc.c +index 5c3899f0e5b..aaae9aa0ab7 100644 +--- a/grub-core/kern/misc.c ++++ b/grub-core/kern/misc.c +@@ -383,7 +383,7 @@ grub_isspace (int c) + } + + unsigned long +-grub_strtoul (const char *str, char **end, int base) ++grub_strtoul (const char *str, const char ** const end, int base) + { + unsigned long long num; + +@@ -400,7 +400,7 @@ grub_strtoul (const char *str, char **end, int base) + } + + unsigned long long +-grub_strtoull (const char *str, char **end, int base) ++grub_strtoull (const char *str, const char ** const end, int base) + { + unsigned long long num = 0; + int found = 0; +@@ -901,14 +901,14 @@ grub_vsnprintf_real (char *str, grub_size_t max_len, const char *fmt0, + { + if (fmt[0] == '0') + zerofill = '0'; +- format1 = grub_strtoul (fmt, (char **) &fmt, 10); ++ format1 = grub_strtoul (fmt, &fmt, 10); + } + + if (*fmt == '.') + fmt++; + + if (grub_isdigit (*fmt)) +- format2 = grub_strtoul (fmt, (char **) &fmt, 10); ++ format2 = grub_strtoul (fmt, &fmt, 10); + + if (*fmt == '$') + { +diff --git a/grub-core/kern/partition.c b/grub-core/kern/partition.c +index e499147cbcb..2c401b866c4 100644 +--- a/grub-core/kern/partition.c ++++ b/grub-core/kern/partition.c +@@ -126,7 +126,7 @@ grub_partition_probe (struct grub_disk *disk, const char *str) + while (*ptr && grub_isalpha (*ptr)) + ptr++; + partname_end = ptr; +- num = grub_strtoul (ptr, (char **) &ptr, 0) - 1; ++ num = grub_strtoul (ptr, &ptr, 0) - 1; + + curpart = 0; + /* Use the first partition map type found. */ +diff --git a/grub-core/lib/legacy_parse.c b/grub-core/lib/legacy_parse.c +index ef56150ac77..05719ab2ccb 100644 +--- a/grub-core/lib/legacy_parse.c ++++ b/grub-core/lib/legacy_parse.c +@@ -418,7 +418,7 @@ adjust_file (const char *in, grub_size_t len) + } + if (*comma != ',') + return grub_legacy_escape (in, len); +- part = grub_strtoull (comma + 1, (char **) &rest, 0); ++ part = grub_strtoull (comma + 1, &rest, 0); + if (rest[0] == ',' && rest[1] >= 'a' && rest[1] <= 'z') + { + subpart = rest[1] - 'a'; +diff --git a/grub-core/lib/syslinux_parse.c b/grub-core/lib/syslinux_parse.c +index 28ba3aef0bb..21ca040ada7 100644 +--- a/grub-core/lib/syslinux_parse.c ++++ b/grub-core/lib/syslinux_parse.c +@@ -1058,7 +1058,7 @@ write_entry (struct output_buffer *outbuf, + if (ptr[0] == 'h' && ptr[1] == 'd') + { + is_fd = 0; +- devn = grub_strtoul (ptr + 2, &ptr, 0); ++ devn = grub_strtoul (ptr + 2, (const char **)&ptr, 0); + continue; + } + if (grub_strncasecmp (ptr, "file=", 5) == 0) +@@ -1082,12 +1082,12 @@ write_entry (struct output_buffer *outbuf, + if (ptr[0] == 'f' && ptr[1] == 'd') + { + is_fd = 1; +- devn = grub_strtoul (ptr + 2, &ptr, 0); ++ devn = grub_strtoul (ptr + 2, (const char **)&ptr, 0); + continue; + } + if (grub_isdigit (ptr[0])) + { +- part = grub_strtoul (ptr, &ptr, 0); ++ part = grub_strtoul (ptr, (const char **)&ptr, 0); + continue; + } + /* FIXME: isolinux, ntldr, cmldr, *dos, seg, hide +diff --git a/grub-core/loader/i386/xen_fileXX.c b/grub-core/loader/i386/xen_fileXX.c +index fb66e66fe96..293f1ad5c3e 100644 +--- a/grub-core/loader/i386/xen_fileXX.c ++++ b/grub-core/loader/i386/xen_fileXX.c +@@ -25,7 +25,7 @@ parse_xen_guest (grub_elf_t elf, struct grub_xen_file_info *xi, + grub_off_t off, grub_size_t sz) + { + char *buf; +- char *ptr; ++ const char *ptr; + int has_paddr = 0; + + grub_errno = GRUB_ERR_NONE; +diff --git a/grub-core/net/efi/ip4_config.c b/grub-core/net/efi/ip4_config.c +index b711a5d9457..38e2a04747a 100644 +--- a/grub-core/net/efi/ip4_config.c ++++ b/grub-core/net/efi/ip4_config.c +@@ -62,7 +62,7 @@ grub_efi_string_to_ip4_address (const char *val, grub_efi_ipv4_address_t *addres + for (i = 0; i < 4; i++) + { + unsigned long t; +- t = grub_strtoul (ptr, (char **) &ptr, 0); ++ t = grub_strtoul (ptr, &ptr, 0); + if (grub_errno) + { + grub_errno = GRUB_ERR_NONE; +diff --git a/grub-core/net/efi/ip6_config.c b/grub-core/net/efi/ip6_config.c +index 017c4d05bc7..e0e00c23d21 100644 +--- a/grub-core/net/efi/ip6_config.c ++++ b/grub-core/net/efi/ip6_config.c +@@ -84,7 +84,7 @@ grub_efi_string_to_ip6_address (const char *val, grub_efi_ipv6_address_t *addres + ptr++; + continue; + } +- t = grub_strtoul (ptr, (char **) &ptr, 16); ++ t = grub_strtoul (ptr, &ptr, 16); + if (grub_errno) + { + grub_errno = GRUB_ERR_NONE; +diff --git a/grub-core/net/efi/net.c b/grub-core/net/efi/net.c +index f208d1b180c..4c70fc4da2a 100644 +--- a/grub-core/net/efi/net.c ++++ b/grub-core/net/efi/net.c +@@ -729,7 +729,7 @@ grub_efi_net_parse_address (const char *address, + { + grub_uint32_t subnet_mask_size; + +- subnet_mask_size = grub_strtoul (rest + 1, (char **) &rest, 0); ++ subnet_mask_size = grub_strtoul (rest + 1, &rest, 0); + + if (!grub_errno && subnet_mask_size <= 32 && *rest == 0) + { +@@ -758,7 +758,7 @@ grub_efi_net_parse_address (const char *address, + { + grub_efi_uint8_t prefix_length; + +- prefix_length = grub_strtoul (rest + 1, (char **) &rest, 0); ++ prefix_length = grub_strtoul (rest + 1, &rest, 0); + if (!grub_errno && prefix_length <= 128 && *rest == 0) + { + ip6->prefix_length = prefix_length; +diff --git a/grub-core/net/efi/pxe.c b/grub-core/net/efi/pxe.c +index 531949cba5c..73e2bb01c1b 100644 +--- a/grub-core/net/efi/pxe.c ++++ b/grub-core/net/efi/pxe.c +@@ -187,7 +187,7 @@ parse_ip6 (const char *val, grub_uint64_t *ip, const char **rest) + ptr++; + continue; + } +- t = grub_strtoul (ptr, (char **) &ptr, 16); ++ t = grub_strtoul (ptr, &ptr, 16); + if (grub_errno) + { + grub_errno = GRUB_ERR_NONE; +@@ -225,7 +225,7 @@ pxe_open (struct grub_efi_net_device *dev, + int type __attribute__((unused))) + { + int i; +- char *p; ++ const char *p; + grub_efi_status_t status; + grub_efi_pxe_ip_address_t server_ip; + grub_efi_uint64_t file_size = 0; +@@ -313,7 +313,7 @@ pxe_read (struct grub_efi_net_device *dev, + grub_size_t len) + { + int i; +- char *p; ++ const char *p; + grub_efi_status_t status; + grub_efi_pxe_t *pxe = (prefer_ip6) ? dev->ip6_pxe : dev->ip4_pxe; + grub_efi_uint64_t bufsz = len; +diff --git a/grub-core/net/http.c b/grub-core/net/http.c +index c9c59690a98..b52b558d631 100644 +--- a/grub-core/net/http.c ++++ b/grub-core/net/http.c +@@ -110,7 +110,7 @@ parse_line (grub_file_t file, http_data_t data, char *ptr, grub_size_t len) + return GRUB_ERR_NONE; + } + ptr += sizeof ("HTTP/1.1 ") - 1; +- code = grub_strtoul (ptr, &ptr, 10); ++ code = grub_strtoul (ptr, (const char **)&ptr, 10); + if (grub_errno) + return grub_errno; + switch (code) +@@ -137,7 +137,7 @@ parse_line (grub_file_t file, http_data_t data, char *ptr, grub_size_t len) + == 0 && !data->size_recv) + { + ptr += sizeof ("Content-Length: ") - 1; +- file->size = grub_strtoull (ptr, &ptr, 10); ++ file->size = grub_strtoull (ptr, (const char **)&ptr, 10); + data->size_recv = 1; + return GRUB_ERR_NONE; + } +diff --git a/grub-core/net/net.c b/grub-core/net/net.c +index a571ee92efa..a011b940100 100644 +--- a/grub-core/net/net.c ++++ b/grub-core/net/net.c +@@ -411,7 +411,7 @@ parse_ip (const char *val, grub_uint32_t *ip, const char **rest) + for (i = 0; i < 4; i++) + { + unsigned long t; +- t = grub_strtoul (ptr, (char **) &ptr, 0); ++ t = grub_strtoul (ptr, &ptr, 0); + if (grub_errno) + { + grub_errno = GRUB_ERR_NONE; +@@ -465,7 +465,7 @@ parse_ip6 (const char *val, grub_uint64_t *ip, const char **rest) + ptr++; + continue; + } +- t = grub_strtoul (ptr, (char **) &ptr, 16); ++ t = grub_strtoul (ptr, &ptr, 16); + if (grub_errno) + { + grub_errno = GRUB_ERR_NONE; +@@ -577,7 +577,7 @@ grub_net_resolve_net_address (const char *name, + addr->type = GRUB_NET_NETWORK_LEVEL_PROTOCOL_IPV4; + if (*rest == '/') + { +- addr->ipv4.masksize = grub_strtoul (rest + 1, (char **) &rest, 0); ++ addr->ipv4.masksize = grub_strtoul (rest + 1, &rest, 0); + if (!grub_errno && *rest == 0) + return GRUB_ERR_NONE; + grub_errno = GRUB_ERR_NONE; +@@ -593,7 +593,7 @@ grub_net_resolve_net_address (const char *name, + addr->type = GRUB_NET_NETWORK_LEVEL_PROTOCOL_IPV6; + if (*rest == '/') + { +- addr->ipv6.masksize = grub_strtoul (rest + 1, (char **) &rest, 0); ++ addr->ipv6.masksize = grub_strtoul (rest + 1, &rest, 0); + if (!grub_errno && *rest == 0) + return GRUB_ERR_NONE; + grub_errno = GRUB_ERR_NONE; +diff --git a/grub-core/net/url.c b/grub-core/net/url.c +index 146858284cd..d9d2fc9a9dc 100644 +--- a/grub-core/net/url.c ++++ b/grub-core/net/url.c +@@ -235,7 +235,7 @@ extract_http_url_info (char *url, int ssl, + c = *port_end; + *port_end = '\0'; + +- portul = grub_strtoul (port_off, &separator, 10); ++ portul = grub_strtoul (port_off, (const char **)&separator, 10); + *port_end = c; + #ifdef URL_TEST + if (portul == ULONG_MAX && errno == ERANGE) +diff --git a/grub-core/script/execute.c b/grub-core/script/execute.c +index 93965777138..7d327f59d92 100644 +--- a/grub-core/script/execute.c ++++ b/grub-core/script/execute.c +@@ -146,7 +146,7 @@ replace_scope (struct grub_script_scope *new_scope) + grub_err_t + grub_script_break (grub_command_t cmd, int argc, char *argv[]) + { +- char *p = 0; ++ const char *p = NULL; + unsigned long count; + + if (argc == 0) +@@ -178,7 +178,7 @@ grub_err_t + grub_script_shift (grub_command_t cmd __attribute__((unused)), + int argc, char *argv[]) + { +- char *p = 0; ++ const char *p = NULL; + unsigned long n = 0; + + if (! scope) +@@ -239,7 +239,7 @@ grub_err_t + grub_script_return (grub_command_t cmd __attribute__((unused)), + int argc, char *argv[]) + { +- char *p; ++ const char *p = NULL; + unsigned long n; + + if (! scope || argc > 1) +diff --git a/grub-core/term/serial.c b/grub-core/term/serial.c +index db80b3ba0fb..f9271b09239 100644 +--- a/grub-core/term/serial.c ++++ b/grub-core/term/serial.c +@@ -269,7 +269,7 @@ grub_cmd_serial (grub_extcmd_context_t ctxt, int argc, char **args) + + if (state[OPTION_BASE_CLOCK].set) + { +- char *ptr; ++ const char *ptr; + config.base_clock = grub_strtoull (state[OPTION_BASE_CLOCK].arg, &ptr, 0); + if (grub_errno) + return grub_errno; +diff --git a/grub-core/term/terminfo.c b/grub-core/term/terminfo.c +index 29df35e6d20..537a5c0cb0b 100644 +--- a/grub-core/term/terminfo.c ++++ b/grub-core/term/terminfo.c +@@ -737,7 +737,7 @@ grub_cmd_terminfo (grub_extcmd_context_t ctxt, int argc, char **args) + + if (state[OPTION_GEOMETRY].set) + { +- char *ptr = state[OPTION_GEOMETRY].arg; ++ const char *ptr = state[OPTION_GEOMETRY].arg; + w = grub_strtoul (ptr, &ptr, 0); + if (grub_errno) + return grub_errno; +diff --git a/grub-core/tests/strtoull_test.c b/grub-core/tests/strtoull_test.c +index 7da615ff33e..5488ab26b43 100644 +--- a/grub-core/tests/strtoull_test.c ++++ b/grub-core/tests/strtoull_test.c +@@ -25,7 +25,7 @@ static void + strtoull_testcase (const char *input, int base, unsigned long long expected, + int num_digits, grub_err_t error) + { +- char *output; ++ const char *output; + unsigned long long value; + grub_errno = 0; + value = grub_strtoull(input, &output, base); +diff --git a/include/grub/misc.h b/include/grub/misc.h +index de9016ab709..1258ec6bbf3 100644 +--- a/include/grub/misc.h ++++ b/include/grub/misc.h +@@ -288,11 +288,11 @@ grub_strncasecmp (const char *s1, const char *s2, grub_size_t n) + - (int) grub_tolower ((grub_uint8_t) *s2); + } + +-unsigned long EXPORT_FUNC(grub_strtoul) (const char *str, char **end, int base); +-unsigned long long EXPORT_FUNC(grub_strtoull) (const char *str, char **end, int base); ++unsigned long EXPORT_FUNC(grub_strtoul) (const char *str, const char ** const end, int base); ++unsigned long long EXPORT_FUNC(grub_strtoull) (const char *str, const char ** const end, int base); + + static inline long +-grub_strtol (const char *str, char **end, int base) ++grub_strtol (const char *str, const char ** const end, int base) + { + int negative = 0; + unsigned long long magnitude; diff --git a/SOURCES/0246-Fix-menu-entry-selection-based-on-ID-and-title.patch b/SOURCES/0246-Fix-menu-entry-selection-based-on-ID-and-title.patch new file mode 100644 index 0000000..065765c --- /dev/null +++ b/SOURCES/0246-Fix-menu-entry-selection-based-on-ID-and-title.patch @@ -0,0 +1,235 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Fri, 19 Oct 2018 10:57:52 -0400 +Subject: [PATCH] Fix menu entry selection based on ID and title + +Currently if grub_strtoul(saved_entry_value, NULL, 0) does not return an +error, we assume the value it has produced is a correct index into our +menu entry list, and do not try to interpret the value as the "id" or +"title" . In cases where "id" or "title" start with a numeral, this +makes them impossible to use as selection criteria. + +This patch splits the search into three phases - matching id, matching +title, and only once those have been exhausted, trying to interpret the +ID as a numeral. In that case, we also require that the entire string +is numeric, not merely a string with leading numeric characters. + +Resolves: rhbz#1640979 +--- + grub-core/normal/menu.c | 146 +++++++++++++++++++++++++----------------------- + 1 file changed, 75 insertions(+), 71 deletions(-) + +diff --git a/grub-core/normal/menu.c b/grub-core/normal/menu.c +index 6cb2a071490..95f7abaf2fd 100644 +--- a/grub-core/normal/menu.c ++++ b/grub-core/normal/menu.c +@@ -164,12 +164,12 @@ grub_menu_set_timeout (int timeout) + } + + static int +-menuentry_eq (const char *id, const char *spec) ++menuentry_eq (const char *id, const char *spec, int limit) + { + const char *ptr1, *ptr2; + ptr1 = id; + ptr2 = spec; +- while (1) ++ while (limit == -1 || ptr1 - id <= limit) + { + if (*ptr2 == '>' && ptr2[1] != '>' && *ptr1 == 0) + return ptr2 - spec; +@@ -178,7 +178,11 @@ menuentry_eq (const char *id, const char *spec) + if (*ptr2 == '>') + ptr2++; + if (*ptr1 != *ptr2) +- return 0; ++ { ++ if (limit > -1 && ptr1 - id == limit && !*ptr1 && grub_isspace(*ptr2)) ++ return ptr1 -id -1; ++ return 0; ++ } + if (*ptr1 == 0) + return ptr1 - id; + ptr1++; +@@ -187,6 +191,61 @@ menuentry_eq (const char *id, const char *spec) + return 0; + } + ++static int ++get_entry_number_helper(grub_menu_t menu, ++ const char * const val, const char ** const tail) ++{ ++ /* See if the variable matches the title of a menu entry. */ ++ int entry = -1; ++ grub_menu_entry_t e; ++ int i; ++ ++ for (i = 0, e = menu->entry_list; e; i++) ++ { ++ int l = 0; ++ while (val[l] && !grub_isspace(val[l])) ++ l++; ++ ++ if (menuentry_eq (e->id, val, l)) ++ { ++ if (tail) ++ *tail = val + l; ++ return i; ++ } ++ e = e->next; ++ } ++ ++ for (i = 0, e = menu->entry_list; e; i++) ++ { ++ int l = 0; ++ while (val[l] && !grub_isspace(val[l])) ++ l++; ++ ++ if (menuentry_eq (e->title, val, l)) ++ { ++ if (tail) ++ *tail = val + l; ++ return i; ++ } ++ e = e->next; ++ } ++ ++ if (tail) ++ *tail = NULL; ++ ++ entry = (int) grub_strtoul (val, tail, 0); ++ if (grub_errno == GRUB_ERR_BAD_NUMBER || ++ (*tail && **tail && !grub_isspace(**tail))) ++ { ++ entry = -1; ++ if (tail) ++ *tail = NULL; ++ grub_errno = GRUB_ERR_NONE; ++ } ++ ++ return entry; ++} ++ + /* Get the first entry number from the value of the environment variable NAME, + which is a space-separated list of non-negative integers. The entry number + which is returned is stripped from the value of NAME. If no entry number +@@ -195,9 +254,8 @@ static int + get_and_remove_first_entry_number (grub_menu_t menu, const char *name) + { + const char *val; +- char *tail; ++ const char *tail; + int entry; +- int sz = 0; + + val = grub_env_get (name); + if (! val) +@@ -205,50 +263,24 @@ get_and_remove_first_entry_number (grub_menu_t menu, const char *name) + + grub_error_push (); + +- entry = (int) grub_strtoul (val, &tail, 0); ++ entry = get_entry_number_helper(menu, val, &tail); ++ if (!(*tail == 0 || grub_isspace(*tail))) ++ entry = -1; + +- if (grub_errno == GRUB_ERR_BAD_NUMBER) ++ if (entry >= 0) + { +- /* See if the variable matches the title of a menu entry. */ +- grub_menu_entry_t e = menu->entry_list; +- int i; +- +- for (i = 0; e; i++) +- { +- sz = menuentry_eq (e->title, val); +- if (sz < 1) +- sz = menuentry_eq (e->id, val); +- +- if (sz >= 1) +- { +- entry = i; +- break; +- } +- e = e->next; +- } +- +- if (sz > 0) +- grub_errno = GRUB_ERR_NONE; +- +- if (! e) +- entry = -1; +- } +- +- if (grub_errno == GRUB_ERR_NONE) +- { +- if (sz > 0) +- tail += sz; +- + /* Skip whitespace to find the next entry. */ + while (*tail && grub_isspace (*tail)) + tail++; +- grub_env_set (name, tail); ++ if (*tail) ++ grub_env_set (name, tail); ++ else ++ grub_env_unset (name); + } + else + { + grub_env_unset (name); + grub_errno = GRUB_ERR_NONE; +- entry = -1; + } + + grub_error_pop (); +@@ -525,6 +557,7 @@ static int + get_entry_number (grub_menu_t menu, const char *name) + { + const char *val; ++ const char *tail; + int entry; + + val = grub_env_get (name); +@@ -532,38 +565,9 @@ get_entry_number (grub_menu_t menu, const char *name) + return -1; + + grub_error_push (); +- +- entry = (int) grub_strtoul (val, 0, 0); +- +- if (grub_errno == GRUB_ERR_BAD_NUMBER) +- { +- /* See if the variable matches the title of a menu entry. */ +- grub_menu_entry_t e = menu->entry_list; +- int i; +- +- grub_errno = GRUB_ERR_NONE; +- +- for (i = 0; e; i++) +- { +- if (menuentry_eq (e->title, val) +- || menuentry_eq (e->id, val)) +- { +- entry = i; +- break; +- } +- e = e->next; +- } +- +- if (! e) +- entry = -1; +- } +- +- if (grub_errno != GRUB_ERR_NONE) +- { +- grub_errno = GRUB_ERR_NONE; +- entry = -1; +- } +- ++ entry = get_entry_number_helper(menu, val, &tail); ++ if (*tail != '\0') ++ entry = -1; + grub_error_pop (); + + return entry; diff --git a/SOURCES/0246-Make-grub_strtoul-end-pointer-have-the-right-constif.patch b/SOURCES/0246-Make-grub_strtoul-end-pointer-have-the-right-constif.patch deleted file mode 100644 index 99787bd..0000000 --- a/SOURCES/0246-Make-grub_strtoul-end-pointer-have-the-right-constif.patch +++ /dev/null @@ -1,391 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Fri, 19 Oct 2018 13:41:48 -0400 -Subject: [PATCH] Make grub_strtoul "end" pointer have the right - constification. - -Related: rhbz#1640979 -Signed-off-by: Peter Jones ---- - grub-core/kern/fs.c | 2 +- - grub-core/kern/misc.c | 8 ++++---- - grub-core/kern/partition.c | 2 +- - grub-core/lib/legacy_parse.c | 2 +- - grub-core/lib/syslinux_parse.c | 6 +++--- - grub-core/loader/i386/xen_fileXX.c | 2 +- - grub-core/net/efi/ip4_config.c | 2 +- - grub-core/net/efi/ip6_config.c | 2 +- - grub-core/net/efi/net.c | 4 ++-- - grub-core/net/efi/pxe.c | 6 +++--- - grub-core/net/http.c | 4 ++-- - grub-core/net/net.c | 8 ++++---- - grub-core/net/url.c | 2 +- - grub-core/script/execute.c | 6 +++--- - grub-core/term/serial.c | 2 +- - grub-core/term/terminfo.c | 2 +- - grub-core/tests/strtoull_test.c | 2 +- - include/grub/misc.h | 6 +++--- - 18 files changed, 34 insertions(+), 34 deletions(-) - -diff --git a/grub-core/kern/fs.c b/grub-core/kern/fs.c -index 9085895b6fe..1bd748be83b 100644 ---- a/grub-core/kern/fs.c -+++ b/grub-core/kern/fs.c -@@ -134,7 +134,7 @@ struct grub_fs_block - static grub_err_t - grub_fs_blocklist_open (grub_file_t file, const char *name) - { -- char *p = (char *) name; -+ const char *p = name; - unsigned num = 0; - unsigned i; - grub_disk_t disk = file->device->disk; -diff --git a/grub-core/kern/misc.c b/grub-core/kern/misc.c -index 5c3899f0e5b..aaae9aa0ab7 100644 ---- a/grub-core/kern/misc.c -+++ b/grub-core/kern/misc.c -@@ -383,7 +383,7 @@ grub_isspace (int c) - } - - unsigned long --grub_strtoul (const char *str, char **end, int base) -+grub_strtoul (const char *str, const char ** const end, int base) - { - unsigned long long num; - -@@ -400,7 +400,7 @@ grub_strtoul (const char *str, char **end, int base) - } - - unsigned long long --grub_strtoull (const char *str, char **end, int base) -+grub_strtoull (const char *str, const char ** const end, int base) - { - unsigned long long num = 0; - int found = 0; -@@ -901,14 +901,14 @@ grub_vsnprintf_real (char *str, grub_size_t max_len, const char *fmt0, - { - if (fmt[0] == '0') - zerofill = '0'; -- format1 = grub_strtoul (fmt, (char **) &fmt, 10); -+ format1 = grub_strtoul (fmt, &fmt, 10); - } - - if (*fmt == '.') - fmt++; - - if (grub_isdigit (*fmt)) -- format2 = grub_strtoul (fmt, (char **) &fmt, 10); -+ format2 = grub_strtoul (fmt, &fmt, 10); - - if (*fmt == '$') - { -diff --git a/grub-core/kern/partition.c b/grub-core/kern/partition.c -index e499147cbcb..2c401b866c4 100644 ---- a/grub-core/kern/partition.c -+++ b/grub-core/kern/partition.c -@@ -126,7 +126,7 @@ grub_partition_probe (struct grub_disk *disk, const char *str) - while (*ptr && grub_isalpha (*ptr)) - ptr++; - partname_end = ptr; -- num = grub_strtoul (ptr, (char **) &ptr, 0) - 1; -+ num = grub_strtoul (ptr, &ptr, 0) - 1; - - curpart = 0; - /* Use the first partition map type found. */ -diff --git a/grub-core/lib/legacy_parse.c b/grub-core/lib/legacy_parse.c -index ef56150ac77..05719ab2ccb 100644 ---- a/grub-core/lib/legacy_parse.c -+++ b/grub-core/lib/legacy_parse.c -@@ -418,7 +418,7 @@ adjust_file (const char *in, grub_size_t len) - } - if (*comma != ',') - return grub_legacy_escape (in, len); -- part = grub_strtoull (comma + 1, (char **) &rest, 0); -+ part = grub_strtoull (comma + 1, &rest, 0); - if (rest[0] == ',' && rest[1] >= 'a' && rest[1] <= 'z') - { - subpart = rest[1] - 'a'; -diff --git a/grub-core/lib/syslinux_parse.c b/grub-core/lib/syslinux_parse.c -index 28ba3aef0bb..21ca040ada7 100644 ---- a/grub-core/lib/syslinux_parse.c -+++ b/grub-core/lib/syslinux_parse.c -@@ -1058,7 +1058,7 @@ write_entry (struct output_buffer *outbuf, - if (ptr[0] == 'h' && ptr[1] == 'd') - { - is_fd = 0; -- devn = grub_strtoul (ptr + 2, &ptr, 0); -+ devn = grub_strtoul (ptr + 2, (const char **)&ptr, 0); - continue; - } - if (grub_strncasecmp (ptr, "file=", 5) == 0) -@@ -1082,12 +1082,12 @@ write_entry (struct output_buffer *outbuf, - if (ptr[0] == 'f' && ptr[1] == 'd') - { - is_fd = 1; -- devn = grub_strtoul (ptr + 2, &ptr, 0); -+ devn = grub_strtoul (ptr + 2, (const char **)&ptr, 0); - continue; - } - if (grub_isdigit (ptr[0])) - { -- part = grub_strtoul (ptr, &ptr, 0); -+ part = grub_strtoul (ptr, (const char **)&ptr, 0); - continue; - } - /* FIXME: isolinux, ntldr, cmldr, *dos, seg, hide -diff --git a/grub-core/loader/i386/xen_fileXX.c b/grub-core/loader/i386/xen_fileXX.c -index fb66e66fe96..293f1ad5c3e 100644 ---- a/grub-core/loader/i386/xen_fileXX.c -+++ b/grub-core/loader/i386/xen_fileXX.c -@@ -25,7 +25,7 @@ parse_xen_guest (grub_elf_t elf, struct grub_xen_file_info *xi, - grub_off_t off, grub_size_t sz) - { - char *buf; -- char *ptr; -+ const char *ptr; - int has_paddr = 0; - - grub_errno = GRUB_ERR_NONE; -diff --git a/grub-core/net/efi/ip4_config.c b/grub-core/net/efi/ip4_config.c -index b711a5d9457..38e2a04747a 100644 ---- a/grub-core/net/efi/ip4_config.c -+++ b/grub-core/net/efi/ip4_config.c -@@ -62,7 +62,7 @@ grub_efi_string_to_ip4_address (const char *val, grub_efi_ipv4_address_t *addres - for (i = 0; i < 4; i++) - { - unsigned long t; -- t = grub_strtoul (ptr, (char **) &ptr, 0); -+ t = grub_strtoul (ptr, &ptr, 0); - if (grub_errno) - { - grub_errno = GRUB_ERR_NONE; -diff --git a/grub-core/net/efi/ip6_config.c b/grub-core/net/efi/ip6_config.c -index 017c4d05bc7..e0e00c23d21 100644 ---- a/grub-core/net/efi/ip6_config.c -+++ b/grub-core/net/efi/ip6_config.c -@@ -84,7 +84,7 @@ grub_efi_string_to_ip6_address (const char *val, grub_efi_ipv6_address_t *addres - ptr++; - continue; - } -- t = grub_strtoul (ptr, (char **) &ptr, 16); -+ t = grub_strtoul (ptr, &ptr, 16); - if (grub_errno) - { - grub_errno = GRUB_ERR_NONE; -diff --git a/grub-core/net/efi/net.c b/grub-core/net/efi/net.c -index f208d1b180c..4c70fc4da2a 100644 ---- a/grub-core/net/efi/net.c -+++ b/grub-core/net/efi/net.c -@@ -729,7 +729,7 @@ grub_efi_net_parse_address (const char *address, - { - grub_uint32_t subnet_mask_size; - -- subnet_mask_size = grub_strtoul (rest + 1, (char **) &rest, 0); -+ subnet_mask_size = grub_strtoul (rest + 1, &rest, 0); - - if (!grub_errno && subnet_mask_size <= 32 && *rest == 0) - { -@@ -758,7 +758,7 @@ grub_efi_net_parse_address (const char *address, - { - grub_efi_uint8_t prefix_length; - -- prefix_length = grub_strtoul (rest + 1, (char **) &rest, 0); -+ prefix_length = grub_strtoul (rest + 1, &rest, 0); - if (!grub_errno && prefix_length <= 128 && *rest == 0) - { - ip6->prefix_length = prefix_length; -diff --git a/grub-core/net/efi/pxe.c b/grub-core/net/efi/pxe.c -index 531949cba5c..73e2bb01c1b 100644 ---- a/grub-core/net/efi/pxe.c -+++ b/grub-core/net/efi/pxe.c -@@ -187,7 +187,7 @@ parse_ip6 (const char *val, grub_uint64_t *ip, const char **rest) - ptr++; - continue; - } -- t = grub_strtoul (ptr, (char **) &ptr, 16); -+ t = grub_strtoul (ptr, &ptr, 16); - if (grub_errno) - { - grub_errno = GRUB_ERR_NONE; -@@ -225,7 +225,7 @@ pxe_open (struct grub_efi_net_device *dev, - int type __attribute__((unused))) - { - int i; -- char *p; -+ const char *p; - grub_efi_status_t status; - grub_efi_pxe_ip_address_t server_ip; - grub_efi_uint64_t file_size = 0; -@@ -313,7 +313,7 @@ pxe_read (struct grub_efi_net_device *dev, - grub_size_t len) - { - int i; -- char *p; -+ const char *p; - grub_efi_status_t status; - grub_efi_pxe_t *pxe = (prefer_ip6) ? dev->ip6_pxe : dev->ip4_pxe; - grub_efi_uint64_t bufsz = len; -diff --git a/grub-core/net/http.c b/grub-core/net/http.c -index c9c59690a98..b52b558d631 100644 ---- a/grub-core/net/http.c -+++ b/grub-core/net/http.c -@@ -110,7 +110,7 @@ parse_line (grub_file_t file, http_data_t data, char *ptr, grub_size_t len) - return GRUB_ERR_NONE; - } - ptr += sizeof ("HTTP/1.1 ") - 1; -- code = grub_strtoul (ptr, &ptr, 10); -+ code = grub_strtoul (ptr, (const char **)&ptr, 10); - if (grub_errno) - return grub_errno; - switch (code) -@@ -137,7 +137,7 @@ parse_line (grub_file_t file, http_data_t data, char *ptr, grub_size_t len) - == 0 && !data->size_recv) - { - ptr += sizeof ("Content-Length: ") - 1; -- file->size = grub_strtoull (ptr, &ptr, 10); -+ file->size = grub_strtoull (ptr, (const char **)&ptr, 10); - data->size_recv = 1; - return GRUB_ERR_NONE; - } -diff --git a/grub-core/net/net.c b/grub-core/net/net.c -index a571ee92efa..a011b940100 100644 ---- a/grub-core/net/net.c -+++ b/grub-core/net/net.c -@@ -411,7 +411,7 @@ parse_ip (const char *val, grub_uint32_t *ip, const char **rest) - for (i = 0; i < 4; i++) - { - unsigned long t; -- t = grub_strtoul (ptr, (char **) &ptr, 0); -+ t = grub_strtoul (ptr, &ptr, 0); - if (grub_errno) - { - grub_errno = GRUB_ERR_NONE; -@@ -465,7 +465,7 @@ parse_ip6 (const char *val, grub_uint64_t *ip, const char **rest) - ptr++; - continue; - } -- t = grub_strtoul (ptr, (char **) &ptr, 16); -+ t = grub_strtoul (ptr, &ptr, 16); - if (grub_errno) - { - grub_errno = GRUB_ERR_NONE; -@@ -577,7 +577,7 @@ grub_net_resolve_net_address (const char *name, - addr->type = GRUB_NET_NETWORK_LEVEL_PROTOCOL_IPV4; - if (*rest == '/') - { -- addr->ipv4.masksize = grub_strtoul (rest + 1, (char **) &rest, 0); -+ addr->ipv4.masksize = grub_strtoul (rest + 1, &rest, 0); - if (!grub_errno && *rest == 0) - return GRUB_ERR_NONE; - grub_errno = GRUB_ERR_NONE; -@@ -593,7 +593,7 @@ grub_net_resolve_net_address (const char *name, - addr->type = GRUB_NET_NETWORK_LEVEL_PROTOCOL_IPV6; - if (*rest == '/') - { -- addr->ipv6.masksize = grub_strtoul (rest + 1, (char **) &rest, 0); -+ addr->ipv6.masksize = grub_strtoul (rest + 1, &rest, 0); - if (!grub_errno && *rest == 0) - return GRUB_ERR_NONE; - grub_errno = GRUB_ERR_NONE; -diff --git a/grub-core/net/url.c b/grub-core/net/url.c -index 146858284cd..d9d2fc9a9dc 100644 ---- a/grub-core/net/url.c -+++ b/grub-core/net/url.c -@@ -235,7 +235,7 @@ extract_http_url_info (char *url, int ssl, - c = *port_end; - *port_end = '\0'; - -- portul = grub_strtoul (port_off, &separator, 10); -+ portul = grub_strtoul (port_off, (const char **)&separator, 10); - *port_end = c; - #ifdef URL_TEST - if (portul == ULONG_MAX && errno == ERANGE) -diff --git a/grub-core/script/execute.c b/grub-core/script/execute.c -index 93965777138..7d327f59d92 100644 ---- a/grub-core/script/execute.c -+++ b/grub-core/script/execute.c -@@ -146,7 +146,7 @@ replace_scope (struct grub_script_scope *new_scope) - grub_err_t - grub_script_break (grub_command_t cmd, int argc, char *argv[]) - { -- char *p = 0; -+ const char *p = NULL; - unsigned long count; - - if (argc == 0) -@@ -178,7 +178,7 @@ grub_err_t - grub_script_shift (grub_command_t cmd __attribute__((unused)), - int argc, char *argv[]) - { -- char *p = 0; -+ const char *p = NULL; - unsigned long n = 0; - - if (! scope) -@@ -239,7 +239,7 @@ grub_err_t - grub_script_return (grub_command_t cmd __attribute__((unused)), - int argc, char *argv[]) - { -- char *p; -+ const char *p = NULL; - unsigned long n; - - if (! scope || argc > 1) -diff --git a/grub-core/term/serial.c b/grub-core/term/serial.c -index db80b3ba0fb..f9271b09239 100644 ---- a/grub-core/term/serial.c -+++ b/grub-core/term/serial.c -@@ -269,7 +269,7 @@ grub_cmd_serial (grub_extcmd_context_t ctxt, int argc, char **args) - - if (state[OPTION_BASE_CLOCK].set) - { -- char *ptr; -+ const char *ptr; - config.base_clock = grub_strtoull (state[OPTION_BASE_CLOCK].arg, &ptr, 0); - if (grub_errno) - return grub_errno; -diff --git a/grub-core/term/terminfo.c b/grub-core/term/terminfo.c -index 29df35e6d20..537a5c0cb0b 100644 ---- a/grub-core/term/terminfo.c -+++ b/grub-core/term/terminfo.c -@@ -737,7 +737,7 @@ grub_cmd_terminfo (grub_extcmd_context_t ctxt, int argc, char **args) - - if (state[OPTION_GEOMETRY].set) - { -- char *ptr = state[OPTION_GEOMETRY].arg; -+ const char *ptr = state[OPTION_GEOMETRY].arg; - w = grub_strtoul (ptr, &ptr, 0); - if (grub_errno) - return grub_errno; -diff --git a/grub-core/tests/strtoull_test.c b/grub-core/tests/strtoull_test.c -index 7da615ff33e..5488ab26b43 100644 ---- a/grub-core/tests/strtoull_test.c -+++ b/grub-core/tests/strtoull_test.c -@@ -25,7 +25,7 @@ static void - strtoull_testcase (const char *input, int base, unsigned long long expected, - int num_digits, grub_err_t error) - { -- char *output; -+ const char *output; - unsigned long long value; - grub_errno = 0; - value = grub_strtoull(input, &output, base); -diff --git a/include/grub/misc.h b/include/grub/misc.h -index de9016ab709..1258ec6bbf3 100644 ---- a/include/grub/misc.h -+++ b/include/grub/misc.h -@@ -288,11 +288,11 @@ grub_strncasecmp (const char *s1, const char *s2, grub_size_t n) - - (int) grub_tolower ((grub_uint8_t) *s2); - } - --unsigned long EXPORT_FUNC(grub_strtoul) (const char *str, char **end, int base); --unsigned long long EXPORT_FUNC(grub_strtoull) (const char *str, char **end, int base); -+unsigned long EXPORT_FUNC(grub_strtoul) (const char *str, const char ** const end, int base); -+unsigned long long EXPORT_FUNC(grub_strtoull) (const char *str, const char ** const end, int base); - - static inline long --grub_strtol (const char *str, char **end, int base) -+grub_strtol (const char *str, const char ** const end, int base) - { - int negative = 0; - unsigned long long magnitude; diff --git a/SOURCES/0247-Fix-menu-entry-selection-based-on-ID-and-title.patch b/SOURCES/0247-Fix-menu-entry-selection-based-on-ID-and-title.patch deleted file mode 100644 index 065765c..0000000 --- a/SOURCES/0247-Fix-menu-entry-selection-based-on-ID-and-title.patch +++ /dev/null @@ -1,235 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Fri, 19 Oct 2018 10:57:52 -0400 -Subject: [PATCH] Fix menu entry selection based on ID and title - -Currently if grub_strtoul(saved_entry_value, NULL, 0) does not return an -error, we assume the value it has produced is a correct index into our -menu entry list, and do not try to interpret the value as the "id" or -"title" . In cases where "id" or "title" start with a numeral, this -makes them impossible to use as selection criteria. - -This patch splits the search into three phases - matching id, matching -title, and only once those have been exhausted, trying to interpret the -ID as a numeral. In that case, we also require that the entire string -is numeric, not merely a string with leading numeric characters. - -Resolves: rhbz#1640979 ---- - grub-core/normal/menu.c | 146 +++++++++++++++++++++++++----------------------- - 1 file changed, 75 insertions(+), 71 deletions(-) - -diff --git a/grub-core/normal/menu.c b/grub-core/normal/menu.c -index 6cb2a071490..95f7abaf2fd 100644 ---- a/grub-core/normal/menu.c -+++ b/grub-core/normal/menu.c -@@ -164,12 +164,12 @@ grub_menu_set_timeout (int timeout) - } - - static int --menuentry_eq (const char *id, const char *spec) -+menuentry_eq (const char *id, const char *spec, int limit) - { - const char *ptr1, *ptr2; - ptr1 = id; - ptr2 = spec; -- while (1) -+ while (limit == -1 || ptr1 - id <= limit) - { - if (*ptr2 == '>' && ptr2[1] != '>' && *ptr1 == 0) - return ptr2 - spec; -@@ -178,7 +178,11 @@ menuentry_eq (const char *id, const char *spec) - if (*ptr2 == '>') - ptr2++; - if (*ptr1 != *ptr2) -- return 0; -+ { -+ if (limit > -1 && ptr1 - id == limit && !*ptr1 && grub_isspace(*ptr2)) -+ return ptr1 -id -1; -+ return 0; -+ } - if (*ptr1 == 0) - return ptr1 - id; - ptr1++; -@@ -187,6 +191,61 @@ menuentry_eq (const char *id, const char *spec) - return 0; - } - -+static int -+get_entry_number_helper(grub_menu_t menu, -+ const char * const val, const char ** const tail) -+{ -+ /* See if the variable matches the title of a menu entry. */ -+ int entry = -1; -+ grub_menu_entry_t e; -+ int i; -+ -+ for (i = 0, e = menu->entry_list; e; i++) -+ { -+ int l = 0; -+ while (val[l] && !grub_isspace(val[l])) -+ l++; -+ -+ if (menuentry_eq (e->id, val, l)) -+ { -+ if (tail) -+ *tail = val + l; -+ return i; -+ } -+ e = e->next; -+ } -+ -+ for (i = 0, e = menu->entry_list; e; i++) -+ { -+ int l = 0; -+ while (val[l] && !grub_isspace(val[l])) -+ l++; -+ -+ if (menuentry_eq (e->title, val, l)) -+ { -+ if (tail) -+ *tail = val + l; -+ return i; -+ } -+ e = e->next; -+ } -+ -+ if (tail) -+ *tail = NULL; -+ -+ entry = (int) grub_strtoul (val, tail, 0); -+ if (grub_errno == GRUB_ERR_BAD_NUMBER || -+ (*tail && **tail && !grub_isspace(**tail))) -+ { -+ entry = -1; -+ if (tail) -+ *tail = NULL; -+ grub_errno = GRUB_ERR_NONE; -+ } -+ -+ return entry; -+} -+ - /* Get the first entry number from the value of the environment variable NAME, - which is a space-separated list of non-negative integers. The entry number - which is returned is stripped from the value of NAME. If no entry number -@@ -195,9 +254,8 @@ static int - get_and_remove_first_entry_number (grub_menu_t menu, const char *name) - { - const char *val; -- char *tail; -+ const char *tail; - int entry; -- int sz = 0; - - val = grub_env_get (name); - if (! val) -@@ -205,50 +263,24 @@ get_and_remove_first_entry_number (grub_menu_t menu, const char *name) - - grub_error_push (); - -- entry = (int) grub_strtoul (val, &tail, 0); -+ entry = get_entry_number_helper(menu, val, &tail); -+ if (!(*tail == 0 || grub_isspace(*tail))) -+ entry = -1; - -- if (grub_errno == GRUB_ERR_BAD_NUMBER) -+ if (entry >= 0) - { -- /* See if the variable matches the title of a menu entry. */ -- grub_menu_entry_t e = menu->entry_list; -- int i; -- -- for (i = 0; e; i++) -- { -- sz = menuentry_eq (e->title, val); -- if (sz < 1) -- sz = menuentry_eq (e->id, val); -- -- if (sz >= 1) -- { -- entry = i; -- break; -- } -- e = e->next; -- } -- -- if (sz > 0) -- grub_errno = GRUB_ERR_NONE; -- -- if (! e) -- entry = -1; -- } -- -- if (grub_errno == GRUB_ERR_NONE) -- { -- if (sz > 0) -- tail += sz; -- - /* Skip whitespace to find the next entry. */ - while (*tail && grub_isspace (*tail)) - tail++; -- grub_env_set (name, tail); -+ if (*tail) -+ grub_env_set (name, tail); -+ else -+ grub_env_unset (name); - } - else - { - grub_env_unset (name); - grub_errno = GRUB_ERR_NONE; -- entry = -1; - } - - grub_error_pop (); -@@ -525,6 +557,7 @@ static int - get_entry_number (grub_menu_t menu, const char *name) - { - const char *val; -+ const char *tail; - int entry; - - val = grub_env_get (name); -@@ -532,38 +565,9 @@ get_entry_number (grub_menu_t menu, const char *name) - return -1; - - grub_error_push (); -- -- entry = (int) grub_strtoul (val, 0, 0); -- -- if (grub_errno == GRUB_ERR_BAD_NUMBER) -- { -- /* See if the variable matches the title of a menu entry. */ -- grub_menu_entry_t e = menu->entry_list; -- int i; -- -- grub_errno = GRUB_ERR_NONE; -- -- for (i = 0; e; i++) -- { -- if (menuentry_eq (e->title, val) -- || menuentry_eq (e->id, val)) -- { -- entry = i; -- break; -- } -- e = e->next; -- } -- -- if (! e) -- entry = -1; -- } -- -- if (grub_errno != GRUB_ERR_NONE) -- { -- grub_errno = GRUB_ERR_NONE; -- entry = -1; -- } -- -+ entry = get_entry_number_helper(menu, val, &tail); -+ if (*tail != '\0') -+ entry = -1; - grub_error_pop (); - - return entry; diff --git a/SOURCES/0247-Remove-quotes-when-reading-ID-value-from-etc-os-rele.patch b/SOURCES/0247-Remove-quotes-when-reading-ID-value-from-etc-os-rele.patch new file mode 100644 index 0000000..b81f46f --- /dev/null +++ b/SOURCES/0247-Remove-quotes-when-reading-ID-value-from-etc-os-rele.patch @@ -0,0 +1,46 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Wed, 21 Nov 2018 15:37:32 +0100 +Subject: [PATCH] Remove quotes when reading ID value from /etc/os-release + +The field is used to obtain the path to the GRUB directory in the ESP for +UEFI installs. But in some OS the ID value is quoted, which leads to some +of the scripts to fail: + + $ grub2-setpassword + /boot/efi/EFI/"redhat"/ does not exist. + Usage: /usr/sbin/grub2-setpassword [OPTION] + +Related: rhbz#1650706 + +Signed-off-by: Javier Martinez Canillas +--- + util/grub-set-password.in | 2 +- + util/grub-switch-to-blscfg.in | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/util/grub-set-password.in b/util/grub-set-password.in +index 5ebf50576d6..c0b5ebbfdc5 100644 +--- a/util/grub-set-password.in ++++ b/util/grub-set-password.in +@@ -1,6 +1,6 @@ + #!/bin/sh -e + +-EFIDIR=$(grep ^ID= /etc/os-release | sed -e 's/^ID=//' -e 's/rhel/redhat/') ++EFIDIR=$(grep ^ID= /etc/os-release | sed -e 's/^ID=//' -e 's/rhel/redhat/' -e 's/\"//g') + if [ -d /sys/firmware/efi/efivars/ ]; then + grubdir=`echo "/@bootdirname@/efi/EFI/${EFIDIR}/" | sed 's,//*,/,g'` + else +diff --git a/util/grub-switch-to-blscfg.in b/util/grub-switch-to-blscfg.in +index 60cd6ca63cc..d353370cc51 100644 +--- a/util/grub-switch-to-blscfg.in ++++ b/util/grub-switch-to-blscfg.in +@@ -40,7 +40,7 @@ etcdefaultgrub=/etc/default/grub + + eval "$("${grub_get_kernel_settings}")" || true + +-EFIDIR=$(grep ^ID= /etc/os-release | sed -e 's/^ID=//' -e 's/rhel/redhat/') ++EFIDIR=$(grep ^ID= /etc/os-release | sed -e 's/^ID=//' -e 's/rhel/redhat/' -e 's/\"//g') + if [ -d /sys/firmware/efi/efivars/ ]; then + startlink=/etc/grub2-efi.cfg + grubdir=`echo "/@bootdirname@/efi/EFI/${EFIDIR}/" | sed 's,//*,/,g'` diff --git a/SOURCES/0248-Remove-quotes-when-reading-ID-value-from-etc-os-rele.patch b/SOURCES/0248-Remove-quotes-when-reading-ID-value-from-etc-os-rele.patch deleted file mode 100644 index b81f46f..0000000 --- a/SOURCES/0248-Remove-quotes-when-reading-ID-value-from-etc-os-rele.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Javier Martinez Canillas -Date: Wed, 21 Nov 2018 15:37:32 +0100 -Subject: [PATCH] Remove quotes when reading ID value from /etc/os-release - -The field is used to obtain the path to the GRUB directory in the ESP for -UEFI installs. But in some OS the ID value is quoted, which leads to some -of the scripts to fail: - - $ grub2-setpassword - /boot/efi/EFI/"redhat"/ does not exist. - Usage: /usr/sbin/grub2-setpassword [OPTION] - -Related: rhbz#1650706 - -Signed-off-by: Javier Martinez Canillas ---- - util/grub-set-password.in | 2 +- - util/grub-switch-to-blscfg.in | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/util/grub-set-password.in b/util/grub-set-password.in -index 5ebf50576d6..c0b5ebbfdc5 100644 ---- a/util/grub-set-password.in -+++ b/util/grub-set-password.in -@@ -1,6 +1,6 @@ - #!/bin/sh -e - --EFIDIR=$(grep ^ID= /etc/os-release | sed -e 's/^ID=//' -e 's/rhel/redhat/') -+EFIDIR=$(grep ^ID= /etc/os-release | sed -e 's/^ID=//' -e 's/rhel/redhat/' -e 's/\"//g') - if [ -d /sys/firmware/efi/efivars/ ]; then - grubdir=`echo "/@bootdirname@/efi/EFI/${EFIDIR}/" | sed 's,//*,/,g'` - else -diff --git a/util/grub-switch-to-blscfg.in b/util/grub-switch-to-blscfg.in -index 60cd6ca63cc..d353370cc51 100644 ---- a/util/grub-switch-to-blscfg.in -+++ b/util/grub-switch-to-blscfg.in -@@ -40,7 +40,7 @@ etcdefaultgrub=/etc/default/grub - - eval "$("${grub_get_kernel_settings}")" || true - --EFIDIR=$(grep ^ID= /etc/os-release | sed -e 's/^ID=//' -e 's/rhel/redhat/') -+EFIDIR=$(grep ^ID= /etc/os-release | sed -e 's/^ID=//' -e 's/rhel/redhat/' -e 's/\"//g') - if [ -d /sys/firmware/efi/efivars/ ]; then - startlink=/etc/grub2-efi.cfg - grubdir=`echo "/@bootdirname@/efi/EFI/${EFIDIR}/" | sed 's,//*,/,g'` diff --git a/SOURCES/0248-blscfg-expand-grub_users-before-passing-to-grub_norm.patch b/SOURCES/0248-blscfg-expand-grub_users-before-passing-to-grub_norm.patch new file mode 100644 index 0000000..d5951b4 --- /dev/null +++ b/SOURCES/0248-blscfg-expand-grub_users-before-passing-to-grub_norm.patch @@ -0,0 +1,38 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Wed, 21 Nov 2018 15:38:50 +0100 +Subject: [PATCH] blscfg: expand grub_users before passing to + grub_normal_add_menu_entry() + +The "grub_users" field from the BLS snippet file is used to specifcy the +users that are allowed to execute a given menu entry if the "superusers" +environment variable is set. + +If the "grub_users" isn't set, the menu entry is unrestricted and it can +be executed without any authentication and if is set then only the users +defined in "grub_users" can execute the menu entry after authentication. + +But this field can contain an environment variable so has to be expanded +or otherwise grub2 will wrongly assume that the user is "$var", and will +populate a menu entry that it's resctrited even when "$var" isn't set. + +Resolves: rhbz#1650706 + +Signed-off-by: Javier Martinez Canillas +--- + grub-core/commands/blscfg.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/grub-core/commands/blscfg.c b/grub-core/commands/blscfg.c +index 42892cbfd55..c432c6ba27a 100644 +--- a/grub-core/commands/blscfg.c ++++ b/grub-core/commands/blscfg.c +@@ -704,7 +704,7 @@ static void create_entry (struct bls_entry *entry) + initrds = bls_make_list (entry, "initrd", NULL); + + hotkey = bls_get_val (entry, "grub_hotkey", NULL); +- users = bls_get_val (entry, "grub_users", NULL); ++ users = expand_val (bls_get_val (entry, "grub_users", NULL)); + classes = bls_make_list (entry, "grub_class", NULL); + args = bls_make_list (entry, "grub_arg", &argc); + diff --git a/SOURCES/0249-Make-the-menu-entry-users-option-argument-to-be-opti.patch b/SOURCES/0249-Make-the-menu-entry-users-option-argument-to-be-opti.patch new file mode 100644 index 0000000..50479ce --- /dev/null +++ b/SOURCES/0249-Make-the-menu-entry-users-option-argument-to-be-opti.patch @@ -0,0 +1,46 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Mon, 26 Nov 2018 10:06:42 +0100 +Subject: [PATCH] Make the menu entry users option argument to be optional + +The --users option is used to restrict the access to specific menu entries +only to a set of users. But the option requires an argument to either be a +constant or a variable that has been set. So for example the following: + + menuentry "May be run by superusers or users in $users" --users $users { + linux /vmlinuz + } + +Would fail if $users is not defined and grub would discard the menu entry. +Instead, allow the --users option to have an optional argument and ignore +the option if the argument was not set. + +Related: rhbz#1652434 + +Signed-off-by: Javier Martinez Canillas +--- + grub-core/commands/menuentry.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/grub-core/commands/menuentry.c b/grub-core/commands/menuentry.c +index 8d242b0187e..7004e08ce78 100644 +--- a/grub-core/commands/menuentry.c ++++ b/grub-core/commands/menuentry.c +@@ -29,7 +29,7 @@ static const struct grub_arg_option options[] = + { + {"class", 1, GRUB_ARG_OPTION_REPEATABLE, + N_("Menu entry type."), N_("STRING"), ARG_TYPE_STRING}, +- {"users", 2, 0, ++ {"users", 2, GRUB_ARG_OPTION_OPTIONAL, + N_("List of users allowed to boot this entry."), N_("USERNAME[,USERNAME]"), + ARG_TYPE_STRING}, + {"hotkey", 3, 0, +@@ -280,7 +280,7 @@ grub_cmd_menuentry (grub_extcmd_context_t ctxt, int argc, char **args) + if (! ctxt->state[3].set && ! ctxt->script) + return grub_error (GRUB_ERR_BAD_ARGUMENT, "no menuentry definition"); + +- if (ctxt->state[1].set) ++ if (ctxt->state[1].set && ctxt->state[1].arg) + users = ctxt->state[1].arg; + else if (ctxt->state[5].set) + users = NULL; diff --git a/SOURCES/0249-blscfg-expand-grub_users-before-passing-to-grub_norm.patch b/SOURCES/0249-blscfg-expand-grub_users-before-passing-to-grub_norm.patch deleted file mode 100644 index d5951b4..0000000 --- a/SOURCES/0249-blscfg-expand-grub_users-before-passing-to-grub_norm.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Javier Martinez Canillas -Date: Wed, 21 Nov 2018 15:38:50 +0100 -Subject: [PATCH] blscfg: expand grub_users before passing to - grub_normal_add_menu_entry() - -The "grub_users" field from the BLS snippet file is used to specifcy the -users that are allowed to execute a given menu entry if the "superusers" -environment variable is set. - -If the "grub_users" isn't set, the menu entry is unrestricted and it can -be executed without any authentication and if is set then only the users -defined in "grub_users" can execute the menu entry after authentication. - -But this field can contain an environment variable so has to be expanded -or otherwise grub2 will wrongly assume that the user is "$var", and will -populate a menu entry that it's resctrited even when "$var" isn't set. - -Resolves: rhbz#1650706 - -Signed-off-by: Javier Martinez Canillas ---- - grub-core/commands/blscfg.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/grub-core/commands/blscfg.c b/grub-core/commands/blscfg.c -index 42892cbfd55..c432c6ba27a 100644 ---- a/grub-core/commands/blscfg.c -+++ b/grub-core/commands/blscfg.c -@@ -704,7 +704,7 @@ static void create_entry (struct bls_entry *entry) - initrds = bls_make_list (entry, "initrd", NULL); - - hotkey = bls_get_val (entry, "grub_hotkey", NULL); -- users = bls_get_val (entry, "grub_users", NULL); -+ users = expand_val (bls_get_val (entry, "grub_users", NULL)); - classes = bls_make_list (entry, "grub_class", NULL); - args = bls_make_list (entry, "grub_arg", &argc); - diff --git a/SOURCES/0250-10_linux_bls-add-missing-menu-entries-options.patch b/SOURCES/0250-10_linux_bls-add-missing-menu-entries-options.patch new file mode 100644 index 0000000..620c55d --- /dev/null +++ b/SOURCES/0250-10_linux_bls-add-missing-menu-entries-options.patch @@ -0,0 +1,56 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Thu, 22 Nov 2018 16:12:19 +0100 +Subject: [PATCH] 10_linux_bls: add missing menu entries options + +The script that generates menu entries in the grub.cfg from BLS snippets +wasn't filling some important options, like the --id, --class and --user +if these were defined in the BLS. + +Resolves: rhbz#1652434 + +Signed-off-by: Javier Martinez Canillas +--- + util/grub.d/10_linux_bls.in | 15 ++++++++++++++- + 1 file changed, 14 insertions(+), 1 deletion(-) + +diff --git a/util/grub.d/10_linux_bls.in b/util/grub.d/10_linux_bls.in +index 8745e598d0e..8cff4c58ab5 100644 +--- a/util/grub.d/10_linux_bls.in ++++ b/util/grub.d/10_linux_bls.in +@@ -127,6 +127,9 @@ read_config() + initrd="" + options="" + linux="" ++ grub_users="" ++ grub_arg="" ++ grub_class="" + + while read -r line + do +@@ -145,6 +148,15 @@ read_config() + "options") + options=${value} + ;; ++ "grub_users") ++ grub_users=${value} ++ ;; ++ "grub_arg") ++ grub_arg=${value} ++ ;; ++ "grub_class") ++ grub_class=${value} ++ ;; + esac + done < ${config_file} + } +@@ -167,7 +179,8 @@ populate_menu() + + for bls in "${files[@]}" ; do + read_config "${blsdir}/${bls}.conf" +- menu="${menu}menuentry '${title}' {\n" ++ ++ menu="${menu}menuentry '${title}' --class ${grub_class} ${grub_arg} --users ${grub_users} --id ${bls} {\n" + menu="${menu}\t linux ${linux} ${options}\n" + if [ -n "${initrd}" ] ; then + menu="${menu}\t initrd ${boot_prefix}${initrd}\n" diff --git a/SOURCES/0250-Make-the-menu-entry-users-option-argument-to-be-opti.patch b/SOURCES/0250-Make-the-menu-entry-users-option-argument-to-be-opti.patch deleted file mode 100644 index 50479ce..0000000 --- a/SOURCES/0250-Make-the-menu-entry-users-option-argument-to-be-opti.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Javier Martinez Canillas -Date: Mon, 26 Nov 2018 10:06:42 +0100 -Subject: [PATCH] Make the menu entry users option argument to be optional - -The --users option is used to restrict the access to specific menu entries -only to a set of users. But the option requires an argument to either be a -constant or a variable that has been set. So for example the following: - - menuentry "May be run by superusers or users in $users" --users $users { - linux /vmlinuz - } - -Would fail if $users is not defined and grub would discard the menu entry. -Instead, allow the --users option to have an optional argument and ignore -the option if the argument was not set. - -Related: rhbz#1652434 - -Signed-off-by: Javier Martinez Canillas ---- - grub-core/commands/menuentry.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/grub-core/commands/menuentry.c b/grub-core/commands/menuentry.c -index 8d242b0187e..7004e08ce78 100644 ---- a/grub-core/commands/menuentry.c -+++ b/grub-core/commands/menuentry.c -@@ -29,7 +29,7 @@ static const struct grub_arg_option options[] = - { - {"class", 1, GRUB_ARG_OPTION_REPEATABLE, - N_("Menu entry type."), N_("STRING"), ARG_TYPE_STRING}, -- {"users", 2, 0, -+ {"users", 2, GRUB_ARG_OPTION_OPTIONAL, - N_("List of users allowed to boot this entry."), N_("USERNAME[,USERNAME]"), - ARG_TYPE_STRING}, - {"hotkey", 3, 0, -@@ -280,7 +280,7 @@ grub_cmd_menuentry (grub_extcmd_context_t ctxt, int argc, char **args) - if (! ctxt->state[3].set && ! ctxt->script) - return grub_error (GRUB_ERR_BAD_ARGUMENT, "no menuentry definition"); - -- if (ctxt->state[1].set) -+ if (ctxt->state[1].set && ctxt->state[1].arg) - users = ctxt->state[1].arg; - else if (ctxt->state[5].set) - users = NULL; diff --git a/SOURCES/0251-10_linux_bls-add-missing-menu-entries-options.patch b/SOURCES/0251-10_linux_bls-add-missing-menu-entries-options.patch deleted file mode 100644 index 620c55d..0000000 --- a/SOURCES/0251-10_linux_bls-add-missing-menu-entries-options.patch +++ /dev/null @@ -1,56 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Javier Martinez Canillas -Date: Thu, 22 Nov 2018 16:12:19 +0100 -Subject: [PATCH] 10_linux_bls: add missing menu entries options - -The script that generates menu entries in the grub.cfg from BLS snippets -wasn't filling some important options, like the --id, --class and --user -if these were defined in the BLS. - -Resolves: rhbz#1652434 - -Signed-off-by: Javier Martinez Canillas ---- - util/grub.d/10_linux_bls.in | 15 ++++++++++++++- - 1 file changed, 14 insertions(+), 1 deletion(-) - -diff --git a/util/grub.d/10_linux_bls.in b/util/grub.d/10_linux_bls.in -index 8745e598d0e..8cff4c58ab5 100644 ---- a/util/grub.d/10_linux_bls.in -+++ b/util/grub.d/10_linux_bls.in -@@ -127,6 +127,9 @@ read_config() - initrd="" - options="" - linux="" -+ grub_users="" -+ grub_arg="" -+ grub_class="" - - while read -r line - do -@@ -145,6 +148,15 @@ read_config() - "options") - options=${value} - ;; -+ "grub_users") -+ grub_users=${value} -+ ;; -+ "grub_arg") -+ grub_arg=${value} -+ ;; -+ "grub_class") -+ grub_class=${value} -+ ;; - esac - done < ${config_file} - } -@@ -167,7 +179,8 @@ populate_menu() - - for bls in "${files[@]}" ; do - read_config "${blsdir}/${bls}.conf" -- menu="${menu}menuentry '${title}' {\n" -+ -+ menu="${menu}menuentry '${title}' --class ${grub_class} ${grub_arg} --users ${grub_users} --id ${bls} {\n" - menu="${menu}\t linux ${linux} ${options}\n" - if [ -n "${initrd}" ] ; then - menu="${menu}\t initrd ${boot_prefix}${initrd}\n" diff --git a/SOURCES/0251-Fix-menu-entry-selection-based-on-title.patch b/SOURCES/0251-Fix-menu-entry-selection-based-on-title.patch new file mode 100644 index 0000000..31825b0 --- /dev/null +++ b/SOURCES/0251-Fix-menu-entry-selection-based-on-title.patch @@ -0,0 +1,41 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Fri, 30 Nov 2018 16:39:09 +0100 +Subject: [PATCH] Fix menu entry selection based on title + +The get_entry_number_helper() function assumes that there could be a set +of entries identifiers in a variable (i.e: as used in the fallback case) +so iterates over the string until it finds a space to get the first id. + +But this should only be done for indexes or entries id, since the title +can contain spaces. In the case of title, the complete string should be +used to select a given entry. + +Resolves: rhbz#1654936 + +Signed-off-by: Javier Martinez Canillas +--- + grub-core/normal/menu.c | 7 ++----- + 1 file changed, 2 insertions(+), 5 deletions(-) + +diff --git a/grub-core/normal/menu.c b/grub-core/normal/menu.c +index 95f7abaf2fd..fc25c702f3c 100644 +--- a/grub-core/normal/menu.c ++++ b/grub-core/normal/menu.c +@@ -217,14 +217,11 @@ get_entry_number_helper(grub_menu_t menu, + + for (i = 0, e = menu->entry_list; e; i++) + { +- int l = 0; +- while (val[l] && !grub_isspace(val[l])) +- l++; + +- if (menuentry_eq (e->title, val, l)) ++ if (menuentry_eq (e->title, val, -1)) + { + if (tail) +- *tail = val + l; ++ *tail = NULL; + return i; + } + e = e->next; diff --git a/SOURCES/0252-BLS-files-should-only-be-copied-by-grub-switch-to-bl.patch b/SOURCES/0252-BLS-files-should-only-be-copied-by-grub-switch-to-bl.patch new file mode 100644 index 0000000..1fc6e2d --- /dev/null +++ b/SOURCES/0252-BLS-files-should-only-be-copied-by-grub-switch-to-bl.patch @@ -0,0 +1,120 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Tue, 4 Dec 2018 10:48:45 +0100 +Subject: [PATCH] BLS files should only be copied by grub-switch-to-blscfg if + BLS isn't set + +Currently the grub-switch-to-blscfg script doesn't update the grub.cfg if +GRUB_ENABLE_BLSCFG=true is already set in /etc/default/grub. But it still +copies the BLS files which may overwrite fields modified by the user. + +Related: rhbz#1638117 + +Signed-off-by: Javier Martinez Canillas +--- + util/grub-switch-to-blscfg.in | 80 +++++++++++++++++++++++-------------------- + 1 file changed, 42 insertions(+), 38 deletions(-) + +diff --git a/util/grub-switch-to-blscfg.in b/util/grub-switch-to-blscfg.in +index d353370cc51..eeea1307706 100644 +--- a/util/grub-switch-to-blscfg.in ++++ b/util/grub-switch-to-blscfg.in +@@ -220,49 +220,51 @@ EOF + ) | cat + } + +-for kernelver in $(cd /lib/modules/ ; ls -1) "" ; do +- bls_target="${blsdir}/${MACHINE_ID}-${kernelver}.conf" +- linux="/vmlinuz-${kernelver}" +- linux_path="/boot${linux}" +- kernel_dir="/lib/modules/${kernelver}" ++copy_bls() { ++ for kernelver in $(cd /lib/modules/ ; ls -1) "" ; do ++ bls_target="${blsdir}/${MACHINE_ID}-${kernelver}.conf" ++ linux="/vmlinuz-${kernelver}" ++ linux_path="/boot${linux}" ++ kernel_dir="/lib/modules/${kernelver}" + +- if [ ! -d "${kernel_dir}" ] ; then +- continue +- fi +- if [ ! -f "${linux_path}" ]; then +- continue +- fi ++ if [ ! -d "${kernel_dir}" ] ; then ++ continue ++ fi ++ if [ ! -f "${linux_path}" ]; then ++ continue ++ fi + +- linux_relpath="$("${grub_mkrelpath}" "${linux_path}")" +- bootprefix="${linux_relpath%%"${linux}"}" ++ linux_relpath="$("${grub_mkrelpath}" "${linux_path}")" ++ bootprefix="${linux_relpath%%"${linux}"}" + +- if [ -f "${kernel_dir}/bls.conf" ] ; then +- cp -af "${kernel_dir}/bls.conf" "${bls_target}" +- if [ -n "${bootprefix}" ]; then +- sed -i -e "s,^\(linux[^ \t]*[ \t]\+\).*,\1${bootprefix}${linux},g" "${bls_target}" +- sed -i -e "/^initrd/ s,\([ \t]\+\)\([^ \t]\+\),\1${bootprefix}\2,g" "${bls_target}" +- fi +- else +- mkbls "${kernelver}" \ +- "$(date -u +%Y%m%d%H%M%S -d "$(stat -c '%y' "${kernel_dir}")")" \ +- "${bootprefix}" \ +- >"${bls_target}" +- fi ++ if [ -f "${kernel_dir}/bls.conf" ] ; then ++ cp -af "${kernel_dir}/bls.conf" "${bls_target}" ++ if [ -n "${bootprefix}" ]; then ++ sed -i -e "s,^\(linux[^ \t]*[ \t]\+\).*,\1${bootprefix}${linux},g" "${bls_target}" ++ sed -i -e "/^initrd/ s,\([ \t]\+\)\([^ \t]\+\),\1${bootprefix}\2,g" "${bls_target}" ++ fi ++ else ++ mkbls "${kernelver}" \ ++ "$(date -u +%Y%m%d%H%M%S -d "$(stat -c '%y' "${kernel_dir}")")" \ ++ "${bootprefix}" \ ++ >"${bls_target}" ++ fi + +- if [ "x$GRUB_LINUX_MAKE_DEBUG" = "xtrue" ]; then +- bls_debug="$(echo ${bls_target} | sed -e "s/${kernelver}/${kernelver}~debug/")" +- cp -aT "${bls_target}" "${bls_debug}" +- title="$(grep '^title[ \t]' "${bls_debug}" | sed -e 's/^title[ \t]*//')" +- blsid="$(grep '^id[ \t]' "${bls_debug}" | sed -e "s/\.${ARCH}/-debug.${arch}/")" +- sed -i -e "s/^title.*/title ${title}${GRUB_LINUX_DEBUG_TITLE_POSTFIX}/" "${bls_debug}" +- sed -i -e "s/^id.*/${blsid}/" "${bls_debug}" +- sed -i -e "s/^options.*/options \$kernelopts ${GRUB_CMDLINE_LINUX_DEBUG}/" "${bls_debug}" +- fi +-done ++ if [ "x$GRUB_LINUX_MAKE_DEBUG" = "xtrue" ]; then ++ bls_debug="$(echo ${bls_target} | sed -e "s/${kernelver}/${kernelver}~debug/")" ++ cp -aT "${bls_target}" "${bls_debug}" ++ title="$(grep '^title[ \t]' "${bls_debug}" | sed -e 's/^title[ \t]*//')" ++ blsid="$(grep '^id[ \t]' "${bls_debug}" | sed -e "s/\.${ARCH}/-debug.${arch}/")" ++ sed -i -e "s/^title.*/title ${title}${GRUB_LINUX_DEBUG_TITLE_POSTFIX}/" "${bls_debug}" ++ sed -i -e "s/^id.*/${blsid}/" "${bls_debug}" ++ sed -i -e "s/^options.*/options \$kernelopts ${GRUB_CMDLINE_LINUX_DEBUG}/" "${bls_debug}" ++ fi ++ done + +-if [ -f "/boot/vmlinuz-0-rescue-${MACHINE_ID}" ]; then +- mkbls "0-rescue-${MACHINE_ID}" "0" "${bootprefix}" >"${blsdir}/${MACHINE_ID}-0-rescue.conf" +-fi ++ if [ -f "/boot/vmlinuz-0-rescue-${MACHINE_ID}" ]; then ++ mkbls "0-rescue-${MACHINE_ID}" "0" "${bootprefix}" >"${blsdir}/${MACHINE_ID}-0-rescue.conf" ++ fi ++} + + GENERATE=0 + if grep '^GRUB_ENABLE_BLSCFG=.*' "${etcdefaultgrub}" \ +@@ -283,6 +285,8 @@ elif ! grep -q '^GRUB_ENABLE_BLSCFG=.*' "${etcdefaultgrub}" ; then + fi + + if [ "${GENERATE}" -eq 1 ] ; then ++ copy_bls ++ + if [ $arch = "x86_64" ] && [ ! -d /sys/firmware/efi ]; then + if ! cp ${prefix}/lib/grub//i386-pc/blscfg.mod ${grubdir}/i386-pc/ ; then + exit 1 diff --git a/SOURCES/0252-Fix-menu-entry-selection-based-on-title.patch b/SOURCES/0252-Fix-menu-entry-selection-based-on-title.patch deleted file mode 100644 index 31825b0..0000000 --- a/SOURCES/0252-Fix-menu-entry-selection-based-on-title.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Javier Martinez Canillas -Date: Fri, 30 Nov 2018 16:39:09 +0100 -Subject: [PATCH] Fix menu entry selection based on title - -The get_entry_number_helper() function assumes that there could be a set -of entries identifiers in a variable (i.e: as used in the fallback case) -so iterates over the string until it finds a space to get the first id. - -But this should only be done for indexes or entries id, since the title -can contain spaces. In the case of title, the complete string should be -used to select a given entry. - -Resolves: rhbz#1654936 - -Signed-off-by: Javier Martinez Canillas ---- - grub-core/normal/menu.c | 7 ++----- - 1 file changed, 2 insertions(+), 5 deletions(-) - -diff --git a/grub-core/normal/menu.c b/grub-core/normal/menu.c -index 95f7abaf2fd..fc25c702f3c 100644 ---- a/grub-core/normal/menu.c -+++ b/grub-core/normal/menu.c -@@ -217,14 +217,11 @@ get_entry_number_helper(grub_menu_t menu, - - for (i = 0, e = menu->entry_list; e; i++) - { -- int l = 0; -- while (val[l] && !grub_isspace(val[l])) -- l++; - -- if (menuentry_eq (e->title, val, l)) -+ if (menuentry_eq (e->title, val, -1)) - { - if (tail) -- *tail = val + l; -+ *tail = NULL; - return i; - } - e = e->next; diff --git a/SOURCES/0253-BLS-files-should-only-be-copied-by-grub-switch-to-bl.patch b/SOURCES/0253-BLS-files-should-only-be-copied-by-grub-switch-to-bl.patch deleted file mode 100644 index 1fc6e2d..0000000 --- a/SOURCES/0253-BLS-files-should-only-be-copied-by-grub-switch-to-bl.patch +++ /dev/null @@ -1,120 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Javier Martinez Canillas -Date: Tue, 4 Dec 2018 10:48:45 +0100 -Subject: [PATCH] BLS files should only be copied by grub-switch-to-blscfg if - BLS isn't set - -Currently the grub-switch-to-blscfg script doesn't update the grub.cfg if -GRUB_ENABLE_BLSCFG=true is already set in /etc/default/grub. But it still -copies the BLS files which may overwrite fields modified by the user. - -Related: rhbz#1638117 - -Signed-off-by: Javier Martinez Canillas ---- - util/grub-switch-to-blscfg.in | 80 +++++++++++++++++++++++-------------------- - 1 file changed, 42 insertions(+), 38 deletions(-) - -diff --git a/util/grub-switch-to-blscfg.in b/util/grub-switch-to-blscfg.in -index d353370cc51..eeea1307706 100644 ---- a/util/grub-switch-to-blscfg.in -+++ b/util/grub-switch-to-blscfg.in -@@ -220,49 +220,51 @@ EOF - ) | cat - } - --for kernelver in $(cd /lib/modules/ ; ls -1) "" ; do -- bls_target="${blsdir}/${MACHINE_ID}-${kernelver}.conf" -- linux="/vmlinuz-${kernelver}" -- linux_path="/boot${linux}" -- kernel_dir="/lib/modules/${kernelver}" -+copy_bls() { -+ for kernelver in $(cd /lib/modules/ ; ls -1) "" ; do -+ bls_target="${blsdir}/${MACHINE_ID}-${kernelver}.conf" -+ linux="/vmlinuz-${kernelver}" -+ linux_path="/boot${linux}" -+ kernel_dir="/lib/modules/${kernelver}" - -- if [ ! -d "${kernel_dir}" ] ; then -- continue -- fi -- if [ ! -f "${linux_path}" ]; then -- continue -- fi -+ if [ ! -d "${kernel_dir}" ] ; then -+ continue -+ fi -+ if [ ! -f "${linux_path}" ]; then -+ continue -+ fi - -- linux_relpath="$("${grub_mkrelpath}" "${linux_path}")" -- bootprefix="${linux_relpath%%"${linux}"}" -+ linux_relpath="$("${grub_mkrelpath}" "${linux_path}")" -+ bootprefix="${linux_relpath%%"${linux}"}" - -- if [ -f "${kernel_dir}/bls.conf" ] ; then -- cp -af "${kernel_dir}/bls.conf" "${bls_target}" -- if [ -n "${bootprefix}" ]; then -- sed -i -e "s,^\(linux[^ \t]*[ \t]\+\).*,\1${bootprefix}${linux},g" "${bls_target}" -- sed -i -e "/^initrd/ s,\([ \t]\+\)\([^ \t]\+\),\1${bootprefix}\2,g" "${bls_target}" -- fi -- else -- mkbls "${kernelver}" \ -- "$(date -u +%Y%m%d%H%M%S -d "$(stat -c '%y' "${kernel_dir}")")" \ -- "${bootprefix}" \ -- >"${bls_target}" -- fi -+ if [ -f "${kernel_dir}/bls.conf" ] ; then -+ cp -af "${kernel_dir}/bls.conf" "${bls_target}" -+ if [ -n "${bootprefix}" ]; then -+ sed -i -e "s,^\(linux[^ \t]*[ \t]\+\).*,\1${bootprefix}${linux},g" "${bls_target}" -+ sed -i -e "/^initrd/ s,\([ \t]\+\)\([^ \t]\+\),\1${bootprefix}\2,g" "${bls_target}" -+ fi -+ else -+ mkbls "${kernelver}" \ -+ "$(date -u +%Y%m%d%H%M%S -d "$(stat -c '%y' "${kernel_dir}")")" \ -+ "${bootprefix}" \ -+ >"${bls_target}" -+ fi - -- if [ "x$GRUB_LINUX_MAKE_DEBUG" = "xtrue" ]; then -- bls_debug="$(echo ${bls_target} | sed -e "s/${kernelver}/${kernelver}~debug/")" -- cp -aT "${bls_target}" "${bls_debug}" -- title="$(grep '^title[ \t]' "${bls_debug}" | sed -e 's/^title[ \t]*//')" -- blsid="$(grep '^id[ \t]' "${bls_debug}" | sed -e "s/\.${ARCH}/-debug.${arch}/")" -- sed -i -e "s/^title.*/title ${title}${GRUB_LINUX_DEBUG_TITLE_POSTFIX}/" "${bls_debug}" -- sed -i -e "s/^id.*/${blsid}/" "${bls_debug}" -- sed -i -e "s/^options.*/options \$kernelopts ${GRUB_CMDLINE_LINUX_DEBUG}/" "${bls_debug}" -- fi --done -+ if [ "x$GRUB_LINUX_MAKE_DEBUG" = "xtrue" ]; then -+ bls_debug="$(echo ${bls_target} | sed -e "s/${kernelver}/${kernelver}~debug/")" -+ cp -aT "${bls_target}" "${bls_debug}" -+ title="$(grep '^title[ \t]' "${bls_debug}" | sed -e 's/^title[ \t]*//')" -+ blsid="$(grep '^id[ \t]' "${bls_debug}" | sed -e "s/\.${ARCH}/-debug.${arch}/")" -+ sed -i -e "s/^title.*/title ${title}${GRUB_LINUX_DEBUG_TITLE_POSTFIX}/" "${bls_debug}" -+ sed -i -e "s/^id.*/${blsid}/" "${bls_debug}" -+ sed -i -e "s/^options.*/options \$kernelopts ${GRUB_CMDLINE_LINUX_DEBUG}/" "${bls_debug}" -+ fi -+ done - --if [ -f "/boot/vmlinuz-0-rescue-${MACHINE_ID}" ]; then -- mkbls "0-rescue-${MACHINE_ID}" "0" "${bootprefix}" >"${blsdir}/${MACHINE_ID}-0-rescue.conf" --fi -+ if [ -f "/boot/vmlinuz-0-rescue-${MACHINE_ID}" ]; then -+ mkbls "0-rescue-${MACHINE_ID}" "0" "${bootprefix}" >"${blsdir}/${MACHINE_ID}-0-rescue.conf" -+ fi -+} - - GENERATE=0 - if grep '^GRUB_ENABLE_BLSCFG=.*' "${etcdefaultgrub}" \ -@@ -283,6 +285,8 @@ elif ! grep -q '^GRUB_ENABLE_BLSCFG=.*' "${etcdefaultgrub}" ; then - fi - - if [ "${GENERATE}" -eq 1 ] ; then -+ copy_bls -+ - if [ $arch = "x86_64" ] && [ ! -d /sys/firmware/efi ]; then - if ! cp ${prefix}/lib/grub//i386-pc/blscfg.mod ${grubdir}/i386-pc/ ; then - exit 1 diff --git a/SOURCES/0253-Fix-get_entry_number-wrongly-dereferencing-the-tail-.patch b/SOURCES/0253-Fix-get_entry_number-wrongly-dereferencing-the-tail-.patch new file mode 100644 index 0000000..f1667a1 --- /dev/null +++ b/SOURCES/0253-Fix-get_entry_number-wrongly-dereferencing-the-tail-.patch @@ -0,0 +1,34 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Tue, 4 Dec 2018 10:53:49 +0100 +Subject: [PATCH] Fix get_entry_number() wrongly dereferencing the tail pointer + +The get_entry_number_helper() function attempts to lookup a boot entry by +either title or id matching the value of an environment variable. If they +are a substring of the variable, the tail pointer is set to the first char +of the remainder of the string. + +When get_entry_number() calls this function, it checks if this first char +is a NUL byte, to know if the variable matched correctly. But tail can be +set to NULL as well to indicate that there isn't a remainder in the string. + +Resolves: rhbz#1654936 + +Signed-off-by: Javier Martinez Canillas +--- + grub-core/normal/menu.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/grub-core/normal/menu.c b/grub-core/normal/menu.c +index fc25c702f3c..7e32c498aa8 100644 +--- a/grub-core/normal/menu.c ++++ b/grub-core/normal/menu.c +@@ -563,7 +563,7 @@ get_entry_number (grub_menu_t menu, const char *name) + + grub_error_push (); + entry = get_entry_number_helper(menu, val, &tail); +- if (*tail != '\0') ++ if (tail && *tail != '\0') + entry = -1; + grub_error_pop (); + diff --git a/SOURCES/0254-Fix-get_entry_number-wrongly-dereferencing-the-tail-.patch b/SOURCES/0254-Fix-get_entry_number-wrongly-dereferencing-the-tail-.patch deleted file mode 100644 index f1667a1..0000000 --- a/SOURCES/0254-Fix-get_entry_number-wrongly-dereferencing-the-tail-.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Javier Martinez Canillas -Date: Tue, 4 Dec 2018 10:53:49 +0100 -Subject: [PATCH] Fix get_entry_number() wrongly dereferencing the tail pointer - -The get_entry_number_helper() function attempts to lookup a boot entry by -either title or id matching the value of an environment variable. If they -are a substring of the variable, the tail pointer is set to the first char -of the remainder of the string. - -When get_entry_number() calls this function, it checks if this first char -is a NUL byte, to know if the variable matched correctly. But tail can be -set to NULL as well to indicate that there isn't a remainder in the string. - -Resolves: rhbz#1654936 - -Signed-off-by: Javier Martinez Canillas ---- - grub-core/normal/menu.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/grub-core/normal/menu.c b/grub-core/normal/menu.c -index fc25c702f3c..7e32c498aa8 100644 ---- a/grub-core/normal/menu.c -+++ b/grub-core/normal/menu.c -@@ -563,7 +563,7 @@ get_entry_number (grub_menu_t menu, const char *name) - - grub_error_push (); - entry = get_entry_number_helper(menu, val, &tail); -- if (*tail != '\0') -+ if (tail && *tail != '\0') - entry = -1; - grub_error_pop (); - diff --git a/SOURCES/0254-Make-grub2-mkconfig-to-honour-GRUB_CMDLINE_LINUX-in-.patch b/SOURCES/0254-Make-grub2-mkconfig-to-honour-GRUB_CMDLINE_LINUX-in-.patch new file mode 100644 index 0000000..71fbd51 --- /dev/null +++ b/SOURCES/0254-Make-grub2-mkconfig-to-honour-GRUB_CMDLINE_LINUX-in-.patch @@ -0,0 +1,99 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Mon, 10 Dec 2018 13:11:58 +0100 +Subject: [PATCH] Make grub2-mkconfig to honour GRUB_CMDLINE_LINUX in + /etc/default/grub + +The kernelopts grub environment variable is set with the GRUB_CMDLINE_LINUX +value only if wasn't set before. This is because the kernel cmdline params +of the entries are not in the grub.cfg anymore so grub2-mkconfig shouldn't +have side effects on neither the entries nor their kernel cmdline params. + +But there's a lot of documentation pointing at modifying GRUB_CMDLINE_LINUX +to change the kernel cmdline params and users have built a muscle memory on +it, so the BLS support should be compatible. + +Make the grub2-mkconfig script update the $kernelopts environment variable +unless the --no-grubenv-update option is used. + +Resolves: rhbz#1637875 + +Signed-off-by: Javier Martinez Canillas +--- + util/grub-mkconfig.8 | 4 ++++ + util/grub-mkconfig.in | 6 ++++++ + util/grub.d/10_linux.in | 2 +- + util/grub.d/10_linux_bls.in | 2 +- + 4 files changed, 12 insertions(+), 2 deletions(-) + +diff --git a/util/grub-mkconfig.8 b/util/grub-mkconfig.8 +index a2d1f577b9b..434fa4deda4 100644 +--- a/util/grub-mkconfig.8 ++++ b/util/grub-mkconfig.8 +@@ -13,5 +13,9 @@ + \fB--output\fR=\fIFILE\fR + Write generated output to \fIFILE\fR. + ++.TP ++\fB--no-grubenv-update\fR ++Do not update variables in the grubenv file. ++ + .SH SEE ALSO + .BR "info grub" +diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in +index c20171919d9..5e643e16973 100644 +--- a/util/grub-mkconfig.in ++++ b/util/grub-mkconfig.in +@@ -50,6 +50,8 @@ grub_get_kernel_settings="${sbindir}/@grub_get_kernel_settings@" + export TEXTDOMAIN=@PACKAGE@ + export TEXTDOMAINDIR="@localedir@" + ++export GRUB_GRUBENV_UPDATE="yes" ++ + . "${pkgdatadir}/grub-mkconfig_lib" + + # Usage: usage +@@ -59,6 +61,7 @@ usage () { + gettext "Generate a grub config file"; echo + echo + print_option_help "-o, --output=$(gettext FILE)" "$(gettext "output generated config to FILE [default=stdout]")" ++ print_option_help "--no-grubenv-update" "$(gettext "do not update variables in the grubenv file")" + print_option_help "-h, --help" "$(gettext "print this message and exit")" + print_option_help "-v, --version" "$(gettext "print the version information and exit")" + echo +@@ -94,6 +97,9 @@ do + --output=*) + grub_cfg=`echo "$option" | sed 's/--output=//'` + ;; ++ --no-grubenv-update) ++ GRUB_GRUBENV_UPDATE="no" ++ ;; + -*) + gettext_printf "Unrecognized option \`%s'\n" "$option" 1>&2 + usage +diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in +index b54d2774a7d..da2992ac9f1 100644 +--- a/util/grub.d/10_linux.in ++++ b/util/grub.d/10_linux.in +@@ -165,7 +165,7 @@ if [ -s \$prefix/grubenv ]; then + fi + EOF + +- if ! grub2-editenv - list | grep -q kernelopts; then ++ if [ "x${GRUB_GRUBENV_UPDATE}" = "xyes" ]; then + ${grub_editenv} - set kernelopts="root=${linux_root_device_thisversion} ro ${args}" + fi + +diff --git a/util/grub.d/10_linux_bls.in b/util/grub.d/10_linux_bls.in +index 8cff4c58ab5..175bedd0763 100644 +--- a/util/grub.d/10_linux_bls.in ++++ b/util/grub.d/10_linux_bls.in +@@ -225,7 +225,7 @@ linux_entry () + populate_header_warn + populate_menu + +- if ! grub2-editenv - list | grep -q kernelopts; then ++ if [ "x${GRUB_GRUBENV_UPDATE}" = "xyes" ]; then + ${grub_editenv} - set kernelopts="root=${linux_root_device_thisversion} ro ${args}" + fi + diff --git a/SOURCES/0255-Make-grub2-mkconfig-to-honour-GRUB_CMDLINE_LINUX-in-.patch b/SOURCES/0255-Make-grub2-mkconfig-to-honour-GRUB_CMDLINE_LINUX-in-.patch deleted file mode 100644 index 71fbd51..0000000 --- a/SOURCES/0255-Make-grub2-mkconfig-to-honour-GRUB_CMDLINE_LINUX-in-.patch +++ /dev/null @@ -1,99 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Javier Martinez Canillas -Date: Mon, 10 Dec 2018 13:11:58 +0100 -Subject: [PATCH] Make grub2-mkconfig to honour GRUB_CMDLINE_LINUX in - /etc/default/grub - -The kernelopts grub environment variable is set with the GRUB_CMDLINE_LINUX -value only if wasn't set before. This is because the kernel cmdline params -of the entries are not in the grub.cfg anymore so grub2-mkconfig shouldn't -have side effects on neither the entries nor their kernel cmdline params. - -But there's a lot of documentation pointing at modifying GRUB_CMDLINE_LINUX -to change the kernel cmdline params and users have built a muscle memory on -it, so the BLS support should be compatible. - -Make the grub2-mkconfig script update the $kernelopts environment variable -unless the --no-grubenv-update option is used. - -Resolves: rhbz#1637875 - -Signed-off-by: Javier Martinez Canillas ---- - util/grub-mkconfig.8 | 4 ++++ - util/grub-mkconfig.in | 6 ++++++ - util/grub.d/10_linux.in | 2 +- - util/grub.d/10_linux_bls.in | 2 +- - 4 files changed, 12 insertions(+), 2 deletions(-) - -diff --git a/util/grub-mkconfig.8 b/util/grub-mkconfig.8 -index a2d1f577b9b..434fa4deda4 100644 ---- a/util/grub-mkconfig.8 -+++ b/util/grub-mkconfig.8 -@@ -13,5 +13,9 @@ - \fB--output\fR=\fIFILE\fR - Write generated output to \fIFILE\fR. - -+.TP -+\fB--no-grubenv-update\fR -+Do not update variables in the grubenv file. -+ - .SH SEE ALSO - .BR "info grub" -diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in -index c20171919d9..5e643e16973 100644 ---- a/util/grub-mkconfig.in -+++ b/util/grub-mkconfig.in -@@ -50,6 +50,8 @@ grub_get_kernel_settings="${sbindir}/@grub_get_kernel_settings@" - export TEXTDOMAIN=@PACKAGE@ - export TEXTDOMAINDIR="@localedir@" - -+export GRUB_GRUBENV_UPDATE="yes" -+ - . "${pkgdatadir}/grub-mkconfig_lib" - - # Usage: usage -@@ -59,6 +61,7 @@ usage () { - gettext "Generate a grub config file"; echo - echo - print_option_help "-o, --output=$(gettext FILE)" "$(gettext "output generated config to FILE [default=stdout]")" -+ print_option_help "--no-grubenv-update" "$(gettext "do not update variables in the grubenv file")" - print_option_help "-h, --help" "$(gettext "print this message and exit")" - print_option_help "-v, --version" "$(gettext "print the version information and exit")" - echo -@@ -94,6 +97,9 @@ do - --output=*) - grub_cfg=`echo "$option" | sed 's/--output=//'` - ;; -+ --no-grubenv-update) -+ GRUB_GRUBENV_UPDATE="no" -+ ;; - -*) - gettext_printf "Unrecognized option \`%s'\n" "$option" 1>&2 - usage -diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in -index b54d2774a7d..da2992ac9f1 100644 ---- a/util/grub.d/10_linux.in -+++ b/util/grub.d/10_linux.in -@@ -165,7 +165,7 @@ if [ -s \$prefix/grubenv ]; then - fi - EOF - -- if ! grub2-editenv - list | grep -q kernelopts; then -+ if [ "x${GRUB_GRUBENV_UPDATE}" = "xyes" ]; then - ${grub_editenv} - set kernelopts="root=${linux_root_device_thisversion} ro ${args}" - fi - -diff --git a/util/grub.d/10_linux_bls.in b/util/grub.d/10_linux_bls.in -index 8cff4c58ab5..175bedd0763 100644 ---- a/util/grub.d/10_linux_bls.in -+++ b/util/grub.d/10_linux_bls.in -@@ -225,7 +225,7 @@ linux_entry () - populate_header_warn - populate_menu - -- if ! grub2-editenv - list | grep -q kernelopts; then -+ if [ "x${GRUB_GRUBENV_UPDATE}" = "xyes" ]; then - ${grub_editenv} - set kernelopts="root=${linux_root_device_thisversion} ro ${args}" - fi - diff --git a/SOURCES/0255-grub-boot-success.timer-Add-a-few-Conditions-for-run.patch b/SOURCES/0255-grub-boot-success.timer-Add-a-few-Conditions-for-run.patch new file mode 100644 index 0000000..4f82ba2 --- /dev/null +++ b/SOURCES/0255-grub-boot-success.timer-Add-a-few-Conditions-for-run.patch @@ -0,0 +1,33 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Hans de Goede +Date: Mon, 3 Sep 2018 13:01:58 +0200 +Subject: [PATCH] grub-boot-success.timer: Add a few Conditions for running the + timer + +Add 2 Conditions for running the boot-success timer / service: + +1) Do not run it for system users, this fixes errors about gdm not being +allowed to use pkexec when the greeter session lasts for more then 2 minutes: +https://bugzilla.redhat.com/show_bug.cgi?id=1592201#c6 + +2) Do not run the timer when pkexec is not available (on minimal installs) +since then it will just lead to a bunch of errors without doing anything: +https://bugzilla.redhat.com/show_bug.cgi?id=1619445 + +Signed-off-by: Hans de Goede +--- + docs/grub-boot-success.timer | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/docs/grub-boot-success.timer b/docs/grub-boot-success.timer +index 221b532781b..67bd829b795 100644 +--- a/docs/grub-boot-success.timer ++++ b/docs/grub-boot-success.timer +@@ -1,5 +1,7 @@ + [Unit] + Description=Mark boot as successful after the user session has run 2 minutes ++ConditionUser=!@system ++ConditionPathExists=/usr/bin/pkexec + + [Timer] + OnActiveSec=2min diff --git a/SOURCES/0256-docs-Stop-using-polkit-pkexec-for-grub-boot-success..patch b/SOURCES/0256-docs-Stop-using-polkit-pkexec-for-grub-boot-success..patch new file mode 100644 index 0000000..bf4ad27 --- /dev/null +++ b/SOURCES/0256-docs-Stop-using-polkit-pkexec-for-grub-boot-success..patch @@ -0,0 +1,69 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Hans de Goede +Date: Fri, 14 Sep 2018 16:39:40 +0200 +Subject: [PATCH] docs: Stop using polkit / pkexec for grub-boot-success.timer + / service + +We also want to call grub2-set-bootflag under gdm and pkexec does not +work under gdm because the gdm user has /sbin/nologin as shell. + +So instead we are going to install grub2-set-bootflag as suid root, +grub2-set-bootflag was written with this usage in mind, so is safe +to be made suid root. + +Signed-off-by: Hans de Goede +--- + docs/grub-boot-success.service | 2 +- + docs/grub-boot-success.timer | 1 - + docs/org.gnu.grub.policy | 20 -------------------- + 3 files changed, 1 insertion(+), 22 deletions(-) + delete mode 100644 docs/org.gnu.grub.policy + +diff --git a/docs/grub-boot-success.service b/docs/grub-boot-success.service +index c8c91c34d49..80e79584c91 100644 +--- a/docs/grub-boot-success.service ++++ b/docs/grub-boot-success.service +@@ -3,4 +3,4 @@ Description=Mark boot as successful + + [Service] + Type=oneshot +-ExecStart=/usr/bin/pkexec /usr/sbin/grub2-set-bootflag boot_success ++ExecStart=/usr/sbin/grub2-set-bootflag boot_success +diff --git a/docs/grub-boot-success.timer b/docs/grub-boot-success.timer +index 67bd829b795..5d8fcba21aa 100644 +--- a/docs/grub-boot-success.timer ++++ b/docs/grub-boot-success.timer +@@ -1,7 +1,6 @@ + [Unit] + Description=Mark boot as successful after the user session has run 2 minutes + ConditionUser=!@system +-ConditionPathExists=/usr/bin/pkexec + + [Timer] + OnActiveSec=2min +diff --git a/docs/org.gnu.grub.policy b/docs/org.gnu.grub.policy +deleted file mode 100644 +index 18391efc8e7..00000000000 +--- a/docs/org.gnu.grub.policy ++++ /dev/null +@@ -1,20 +0,0 @@ +- +- +- +- GNU GRUB +- https://www.gnu.org/software/grub/ +- +- +- Set GRUB bootflags +- Authentication is required to modify the bootloaders bootflags +- +- no +- no +- yes +- +- /usr/sbin/grub2-set-bootflag +- +- diff --git a/SOURCES/0256-grub-boot-success.timer-Add-a-few-Conditions-for-run.patch b/SOURCES/0256-grub-boot-success.timer-Add-a-few-Conditions-for-run.patch deleted file mode 100644 index 4f82ba2..0000000 --- a/SOURCES/0256-grub-boot-success.timer-Add-a-few-Conditions-for-run.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Hans de Goede -Date: Mon, 3 Sep 2018 13:01:58 +0200 -Subject: [PATCH] grub-boot-success.timer: Add a few Conditions for running the - timer - -Add 2 Conditions for running the boot-success timer / service: - -1) Do not run it for system users, this fixes errors about gdm not being -allowed to use pkexec when the greeter session lasts for more then 2 minutes: -https://bugzilla.redhat.com/show_bug.cgi?id=1592201#c6 - -2) Do not run the timer when pkexec is not available (on minimal installs) -since then it will just lead to a bunch of errors without doing anything: -https://bugzilla.redhat.com/show_bug.cgi?id=1619445 - -Signed-off-by: Hans de Goede ---- - docs/grub-boot-success.timer | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/docs/grub-boot-success.timer b/docs/grub-boot-success.timer -index 221b532781b..67bd829b795 100644 ---- a/docs/grub-boot-success.timer -+++ b/docs/grub-boot-success.timer -@@ -1,5 +1,7 @@ - [Unit] - Description=Mark boot as successful after the user session has run 2 minutes -+ConditionUser=!@system -+ConditionPathExists=/usr/bin/pkexec - - [Timer] - OnActiveSec=2min diff --git a/SOURCES/0257-Fix-the-looking-up-grub.cfg-XXX-while-tftp-booting.patch b/SOURCES/0257-Fix-the-looking-up-grub.cfg-XXX-while-tftp-booting.patch new file mode 100644 index 0000000..3469f7a --- /dev/null +++ b/SOURCES/0257-Fix-the-looking-up-grub.cfg-XXX-while-tftp-booting.patch @@ -0,0 +1,42 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Masayoshi Mizuma +Date: Tue, 18 Dec 2018 21:27:45 -0500 +Subject: [PATCH] Fix the looking up grub.cfg-XXX while tftp booting. + +Currently, grub doesn't look up grub.cfg-UUID, grub.cfg-MAC and grub.cfg-IP +while the boot is from tftp. That is because the uuid size is got by +grub_snprintf(, 0, ,), but the grub_snprintf() always returns 0, +so grub judges there's no available uuid in the client and give up +the looking up grub.cfg-XXX. + +This issue can be fixed by changing grub_snprintf(, 0, ,) behaivior +to like as snprintf() from glibc, however, somewhere may expect +such argument as the error, so it's risky. + +Let's use sizeof() and grub_strlen() to calculate the uuid size +instead of grub_snprintf(). + +Resolves: rhbz#1658500 +--- + grub-core/net/net.c | 8 +++----- + 1 file changed, 3 insertions(+), 5 deletions(-) + +diff --git a/grub-core/net/net.c b/grub-core/net/net.c +index a011b940100..19ff2d486a1 100644 +--- a/grub-core/net/net.c ++++ b/grub-core/net/net.c +@@ -1942,11 +1942,9 @@ grub_net_search_configfile (char *config) + char *client_uuid_var; + grub_size_t client_uuid_var_size; + +- client_uuid_var_size = grub_snprintf (NULL, 0, +- "net_%s_clientuuid", inf->name); +- if (client_uuid_var_size <= 0) +- continue; +- client_uuid_var_size += 1; ++ client_uuid_var_size = sizeof ("net_") + grub_strlen (inf->name) + ++ sizeof ("_clientuuid") + 1; ++ + client_uuid_var = grub_malloc(client_uuid_var_size); + if (!client_uuid_var) + continue; diff --git a/SOURCES/0257-docs-Stop-using-polkit-pkexec-for-grub-boot-success..patch b/SOURCES/0257-docs-Stop-using-polkit-pkexec-for-grub-boot-success..patch deleted file mode 100644 index bf4ad27..0000000 --- a/SOURCES/0257-docs-Stop-using-polkit-pkexec-for-grub-boot-success..patch +++ /dev/null @@ -1,69 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Hans de Goede -Date: Fri, 14 Sep 2018 16:39:40 +0200 -Subject: [PATCH] docs: Stop using polkit / pkexec for grub-boot-success.timer - / service - -We also want to call grub2-set-bootflag under gdm and pkexec does not -work under gdm because the gdm user has /sbin/nologin as shell. - -So instead we are going to install grub2-set-bootflag as suid root, -grub2-set-bootflag was written with this usage in mind, so is safe -to be made suid root. - -Signed-off-by: Hans de Goede ---- - docs/grub-boot-success.service | 2 +- - docs/grub-boot-success.timer | 1 - - docs/org.gnu.grub.policy | 20 -------------------- - 3 files changed, 1 insertion(+), 22 deletions(-) - delete mode 100644 docs/org.gnu.grub.policy - -diff --git a/docs/grub-boot-success.service b/docs/grub-boot-success.service -index c8c91c34d49..80e79584c91 100644 ---- a/docs/grub-boot-success.service -+++ b/docs/grub-boot-success.service -@@ -3,4 +3,4 @@ Description=Mark boot as successful - - [Service] - Type=oneshot --ExecStart=/usr/bin/pkexec /usr/sbin/grub2-set-bootflag boot_success -+ExecStart=/usr/sbin/grub2-set-bootflag boot_success -diff --git a/docs/grub-boot-success.timer b/docs/grub-boot-success.timer -index 67bd829b795..5d8fcba21aa 100644 ---- a/docs/grub-boot-success.timer -+++ b/docs/grub-boot-success.timer -@@ -1,7 +1,6 @@ - [Unit] - Description=Mark boot as successful after the user session has run 2 minutes - ConditionUser=!@system --ConditionPathExists=/usr/bin/pkexec - - [Timer] - OnActiveSec=2min -diff --git a/docs/org.gnu.grub.policy b/docs/org.gnu.grub.policy -deleted file mode 100644 -index 18391efc8e7..00000000000 ---- a/docs/org.gnu.grub.policy -+++ /dev/null -@@ -1,20 +0,0 @@ -- -- -- -- GNU GRUB -- https://www.gnu.org/software/grub/ -- -- -- Set GRUB bootflags -- Authentication is required to modify the bootloaders bootflags -- -- no -- no -- yes -- -- /usr/sbin/grub2-set-bootflag -- -- diff --git a/SOURCES/0258-Fix-the-looking-up-grub.cfg-XXX-while-tftp-booting.patch b/SOURCES/0258-Fix-the-looking-up-grub.cfg-XXX-while-tftp-booting.patch deleted file mode 100644 index 3469f7a..0000000 --- a/SOURCES/0258-Fix-the-looking-up-grub.cfg-XXX-while-tftp-booting.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Masayoshi Mizuma -Date: Tue, 18 Dec 2018 21:27:45 -0500 -Subject: [PATCH] Fix the looking up grub.cfg-XXX while tftp booting. - -Currently, grub doesn't look up grub.cfg-UUID, grub.cfg-MAC and grub.cfg-IP -while the boot is from tftp. That is because the uuid size is got by -grub_snprintf(, 0, ,), but the grub_snprintf() always returns 0, -so grub judges there's no available uuid in the client and give up -the looking up grub.cfg-XXX. - -This issue can be fixed by changing grub_snprintf(, 0, ,) behaivior -to like as snprintf() from glibc, however, somewhere may expect -such argument as the error, so it's risky. - -Let's use sizeof() and grub_strlen() to calculate the uuid size -instead of grub_snprintf(). - -Resolves: rhbz#1658500 ---- - grub-core/net/net.c | 8 +++----- - 1 file changed, 3 insertions(+), 5 deletions(-) - -diff --git a/grub-core/net/net.c b/grub-core/net/net.c -index a011b940100..19ff2d486a1 100644 ---- a/grub-core/net/net.c -+++ b/grub-core/net/net.c -@@ -1942,11 +1942,9 @@ grub_net_search_configfile (char *config) - char *client_uuid_var; - grub_size_t client_uuid_var_size; - -- client_uuid_var_size = grub_snprintf (NULL, 0, -- "net_%s_clientuuid", inf->name); -- if (client_uuid_var_size <= 0) -- continue; -- client_uuid_var_size += 1; -+ client_uuid_var_size = sizeof ("net_") + grub_strlen (inf->name) + -+ sizeof ("_clientuuid") + 1; -+ - client_uuid_var = grub_malloc(client_uuid_var_size); - if (!client_uuid_var) - continue; diff --git a/SOURCES/0258-HTTP-boot-strncmp-returns-0-on-equal.patch b/SOURCES/0258-HTTP-boot-strncmp-returns-0-on-equal.patch new file mode 100644 index 0000000..e3edefb --- /dev/null +++ b/SOURCES/0258-HTTP-boot-strncmp-returns-0-on-equal.patch @@ -0,0 +1,23 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Stephen Benjamin +Date: Fri, 12 Apr 2019 10:43:13 -0400 +Subject: [PATCH] HTTP boot: strncmp returns 0 on equal + +Resolves: rhbz#1490991 +--- + grub-core/net/efi/http.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/grub-core/net/efi/http.c b/grub-core/net/efi/http.c +index 2a9624dacc4..484e0c68cee 100644 +--- a/grub-core/net/efi/http.c ++++ b/grub-core/net/efi/http.c +@@ -19,7 +19,7 @@ http_configure (struct grub_efi_net_device *dev, int prefer_ip6) + const char *rest, *http_server, *http_path = NULL; + + http_server = grub_env_get ("root"); +- https = grub_strncmp (http_server, "https", 5) ? 1 : 0; ++ https = (grub_strncmp (http_server, "https", 5) == 0) ? 1 : 0; + + /* extract http server + port */ + if (http_server) diff --git a/SOURCES/0259-Don-t-duplicate-net-name-string-if-not-needed.patch b/SOURCES/0259-Don-t-duplicate-net-name-string-if-not-needed.patch new file mode 100644 index 0000000..f890e90 --- /dev/null +++ b/SOURCES/0259-Don-t-duplicate-net-name-string-if-not-needed.patch @@ -0,0 +1,53 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Thu, 25 Apr 2019 17:50:23 +0200 +Subject: [PATCH] Don't duplicate net->name string if not needed + +Related: rhbz#1490991 + +Signed-off-by: Javier Martinez Canillas +--- + grub-core/net/efi/http.c | 18 +++++++++--------- + 1 file changed, 9 insertions(+), 9 deletions(-) + +diff --git a/grub-core/net/efi/http.c b/grub-core/net/efi/http.c +index 484e0c68cee..de351b2cd03 100644 +--- a/grub-core/net/efi/http.c ++++ b/grub-core/net/efi/http.c +@@ -394,27 +394,27 @@ grub_efihttp_open (struct grub_efi_net_device *dev, + grub_err_t err; + grub_off_t size; + char *buf; +- char *file_name; ++ char *file_name = NULL; + const char *http_path; + + /* If path is relative, prepend http_path */ + http_path = grub_env_get ("http_path"); +- if (http_path && file->device->net->name[0] != '/') ++ if (http_path && file->device->net->name[0] != '/') { + file_name = grub_xasprintf ("%s/%s", http_path, file->device->net->name); +- else +- file_name = grub_strdup (file->device->net->name); ++ if (!file_name) ++ return grub_errno; ++ } + +- if (!file_name) +- return grub_errno; +- +- err = efihttp_request (dev->http, file->device->net->server, file_name, type, 1, 0); ++ err = efihttp_request (dev->http, file->device->net->server, ++ file_name ? file_name : file->device->net->name, type, 1, 0); + if (err != GRUB_ERR_NONE) + { + grub_free (file_name); + return err; + } + +- err = efihttp_request (dev->http, file->device->net->server, file_name, type, 0, &size); ++ err = efihttp_request (dev->http, file->device->net->server, ++ file_name ? file_name : file->device->net->name, type, 0, &size); + grub_free (file_name); + if (err != GRUB_ERR_NONE) + { diff --git a/SOURCES/0259-HTTP-boot-strncmp-returns-0-on-equal.patch b/SOURCES/0259-HTTP-boot-strncmp-returns-0-on-equal.patch deleted file mode 100644 index e3edefb..0000000 --- a/SOURCES/0259-HTTP-boot-strncmp-returns-0-on-equal.patch +++ /dev/null @@ -1,23 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Stephen Benjamin -Date: Fri, 12 Apr 2019 10:43:13 -0400 -Subject: [PATCH] HTTP boot: strncmp returns 0 on equal - -Resolves: rhbz#1490991 ---- - grub-core/net/efi/http.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/grub-core/net/efi/http.c b/grub-core/net/efi/http.c -index 2a9624dacc4..484e0c68cee 100644 ---- a/grub-core/net/efi/http.c -+++ b/grub-core/net/efi/http.c -@@ -19,7 +19,7 @@ http_configure (struct grub_efi_net_device *dev, int prefer_ip6) - const char *rest, *http_server, *http_path = NULL; - - http_server = grub_env_get ("root"); -- https = grub_strncmp (http_server, "https", 5) ? 1 : 0; -+ https = (grub_strncmp (http_server, "https", 5) == 0) ? 1 : 0; - - /* extract http server + port */ - if (http_server) diff --git a/SOURCES/0260-Don-t-duplicate-net-name-string-if-not-needed.patch b/SOURCES/0260-Don-t-duplicate-net-name-string-if-not-needed.patch deleted file mode 100644 index f890e90..0000000 --- a/SOURCES/0260-Don-t-duplicate-net-name-string-if-not-needed.patch +++ /dev/null @@ -1,53 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Javier Martinez Canillas -Date: Thu, 25 Apr 2019 17:50:23 +0200 -Subject: [PATCH] Don't duplicate net->name string if not needed - -Related: rhbz#1490991 - -Signed-off-by: Javier Martinez Canillas ---- - grub-core/net/efi/http.c | 18 +++++++++--------- - 1 file changed, 9 insertions(+), 9 deletions(-) - -diff --git a/grub-core/net/efi/http.c b/grub-core/net/efi/http.c -index 484e0c68cee..de351b2cd03 100644 ---- a/grub-core/net/efi/http.c -+++ b/grub-core/net/efi/http.c -@@ -394,27 +394,27 @@ grub_efihttp_open (struct grub_efi_net_device *dev, - grub_err_t err; - grub_off_t size; - char *buf; -- char *file_name; -+ char *file_name = NULL; - const char *http_path; - - /* If path is relative, prepend http_path */ - http_path = grub_env_get ("http_path"); -- if (http_path && file->device->net->name[0] != '/') -+ if (http_path && file->device->net->name[0] != '/') { - file_name = grub_xasprintf ("%s/%s", http_path, file->device->net->name); -- else -- file_name = grub_strdup (file->device->net->name); -+ if (!file_name) -+ return grub_errno; -+ } - -- if (!file_name) -- return grub_errno; -- -- err = efihttp_request (dev->http, file->device->net->server, file_name, type, 1, 0); -+ err = efihttp_request (dev->http, file->device->net->server, -+ file_name ? file_name : file->device->net->name, type, 1, 0); - if (err != GRUB_ERR_NONE) - { - grub_free (file_name); - return err; - } - -- err = efihttp_request (dev->http, file->device->net->server, file_name, type, 0, &size); -+ err = efihttp_request (dev->http, file->device->net->server, -+ file_name ? file_name : file->device->net->name, type, 0, &size); - grub_free (file_name); - if (err != GRUB_ERR_NONE) - { diff --git a/SOURCES/0260-Try-to-set-fPIE-and-friends-on-libgnu.a.patch b/SOURCES/0260-Try-to-set-fPIE-and-friends-on-libgnu.a.patch new file mode 100644 index 0000000..17f5179 --- /dev/null +++ b/SOURCES/0260-Try-to-set-fPIE-and-friends-on-libgnu.a.patch @@ -0,0 +1,39 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Tue, 15 Jan 2019 14:57:25 -0500 +Subject: [PATCH] Try to set -fPIE and friends on libgnu.a + +In order to make sure UTIL_CFLAGS and UTIL_LDFLAGS can correctly get +-Wl,-z,relro,-z,now , we need everything going in them to be built with at +least -fPIC (and preferably -fPIE) wherever we can, or else we get relocations +in some component object that can't be used with the link type that's being +used for the final ELF object. + +So this makes sure libgnu.a gets built with HOST_CFLAGS and HOST_LDFLAGS, +which are what is later used to define UTIL_CFLAGS and UTIL_LDFLAGS, and +includes -fPIE. + +Fixes an rpmdiff check. + +Related: rhbz#1658500 + +Signed-off-by: Peter Jones +--- + grub-core/gnulib/Makefile.am | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/grub-core/gnulib/Makefile.am b/grub-core/gnulib/Makefile.am +index b7c5e60e1c3..bd3621930ff 100644 +--- a/grub-core/gnulib/Makefile.am ++++ b/grub-core/gnulib/Makefile.am +@@ -38,8 +38,8 @@ CLEANFILES = + DISTCLEANFILES = + MAINTAINERCLEANFILES = + +-AM_CPPFLAGS = +-AM_CFLAGS = ++AM_CPPFLAGS = $(HOST_CPPFLAGS) ++AM_CFLAGS = $(HOST_CFLAGS) + + noinst_LIBRARIES += libgnu.a + diff --git a/SOURCES/0261-Try-to-set-fPIE-and-friends-on-libgnu.a.patch b/SOURCES/0261-Try-to-set-fPIE-and-friends-on-libgnu.a.patch deleted file mode 100644 index 17f5179..0000000 --- a/SOURCES/0261-Try-to-set-fPIE-and-friends-on-libgnu.a.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Tue, 15 Jan 2019 14:57:25 -0500 -Subject: [PATCH] Try to set -fPIE and friends on libgnu.a - -In order to make sure UTIL_CFLAGS and UTIL_LDFLAGS can correctly get --Wl,-z,relro,-z,now , we need everything going in them to be built with at -least -fPIC (and preferably -fPIE) wherever we can, or else we get relocations -in some component object that can't be used with the link type that's being -used for the final ELF object. - -So this makes sure libgnu.a gets built with HOST_CFLAGS and HOST_LDFLAGS, -which are what is later used to define UTIL_CFLAGS and UTIL_LDFLAGS, and -includes -fPIE. - -Fixes an rpmdiff check. - -Related: rhbz#1658500 - -Signed-off-by: Peter Jones ---- - grub-core/gnulib/Makefile.am | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/grub-core/gnulib/Makefile.am b/grub-core/gnulib/Makefile.am -index b7c5e60e1c3..bd3621930ff 100644 ---- a/grub-core/gnulib/Makefile.am -+++ b/grub-core/gnulib/Makefile.am -@@ -38,8 +38,8 @@ CLEANFILES = - DISTCLEANFILES = - MAINTAINERCLEANFILES = - --AM_CPPFLAGS = --AM_CFLAGS = -+AM_CPPFLAGS = $(HOST_CPPFLAGS) -+AM_CFLAGS = $(HOST_CFLAGS) - - noinst_LIBRARIES += libgnu.a - diff --git a/SOURCES/0261-blscfg-fallback-to-default_kernelopts-if-BLS-option-.patch b/SOURCES/0261-blscfg-fallback-to-default_kernelopts-if-BLS-option-.patch new file mode 100644 index 0000000..13e589f --- /dev/null +++ b/SOURCES/0261-blscfg-fallback-to-default_kernelopts-if-BLS-option-.patch @@ -0,0 +1,60 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Tue, 26 Feb 2019 20:11:27 +0100 +Subject: [PATCH] blscfg: fallback to default_kernelopts if BLS option field + isn't set + +If the $kernelopts variable isn't found, then the entry will fail to boot +since there won't be a kernel command line params set. This makes the BLS +configuration more fragile than a non-BLS one, since in that case it will +boot even without a correct grubenv file. + +So set a $default_kernelopts in the GRUB config file that will be used as +a fallback if the value in the BLS options field can't be resolved. + +Related: rhbz#1625124 + +Signed-off-by: Javier Martinez Canillas +--- + grub-core/commands/blscfg.c | 7 +++++++ + util/grub.d/10_linux.in | 2 ++ + 2 files changed, 9 insertions(+) + +diff --git a/grub-core/commands/blscfg.c b/grub-core/commands/blscfg.c +index c432c6ba27a..11cc82b6f31 100644 +--- a/grub-core/commands/blscfg.c ++++ b/grub-core/commands/blscfg.c +@@ -628,6 +628,9 @@ static char *expand_val(char *value) + char *end = value; + bool is_var = false; + ++ if (!value) ++ return NULL; ++ + while (*value) { + if (*value == '$') { + if (start != end) { +@@ -701,6 +704,10 @@ static void create_entry (struct bls_entry *entry) + + title = bls_get_val (entry, "title", NULL); + options = expand_val (bls_get_val (entry, "options", NULL)); ++ ++ if (!options) ++ options = expand_val (grub_env_get("default_kernelopts")); ++ + initrds = bls_make_list (entry, "initrd", NULL); + + hotkey = bls_get_val (entry, "grub_hotkey", NULL); +diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in +index da2992ac9f1..04fd8953f40 100644 +--- a/util/grub.d/10_linux.in ++++ b/util/grub.d/10_linux.in +@@ -158,6 +158,8 @@ linux_entry () + populate_header_warn + + cat << EOF ++set default_kernelopts="root=${linux_root_device_thisversion} ro ${args}" ++ + insmod blscfg + blscfg + if [ -s \$prefix/grubenv ]; then diff --git a/SOURCES/0262-Remove-bogus-load_env-after-blscfg-command-in-10_lin.patch b/SOURCES/0262-Remove-bogus-load_env-after-blscfg-command-in-10_lin.patch new file mode 100644 index 0000000..7b09d5f --- /dev/null +++ b/SOURCES/0262-Remove-bogus-load_env-after-blscfg-command-in-10_lin.patch @@ -0,0 +1,27 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Tue, 14 May 2019 20:37:44 +0200 +Subject: [PATCH] Remove bogus load_env after blscfg command in 10_linux + +The grubenv is already loaded in the 00_header snippet, so there's +no need to load it anywhere else. + +Signed-off-by: Javier Martinez Canillas +--- + util/grub.d/10_linux.in | 3 --- + 1 file changed, 3 deletions(-) + +diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in +index 04fd8953f40..58d18504790 100644 +--- a/util/grub.d/10_linux.in ++++ b/util/grub.d/10_linux.in +@@ -162,9 +162,6 @@ set default_kernelopts="root=${linux_root_device_thisversion} ro ${args}" + + insmod blscfg + blscfg +-if [ -s \$prefix/grubenv ]; then +- load_env +-fi + EOF + + if [ "x${GRUB_GRUBENV_UPDATE}" = "xyes" ]; then diff --git a/SOURCES/0262-blscfg-fallback-to-default_kernelopts-if-BLS-option-.patch b/SOURCES/0262-blscfg-fallback-to-default_kernelopts-if-BLS-option-.patch deleted file mode 100644 index 13e589f..0000000 --- a/SOURCES/0262-blscfg-fallback-to-default_kernelopts-if-BLS-option-.patch +++ /dev/null @@ -1,60 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Javier Martinez Canillas -Date: Tue, 26 Feb 2019 20:11:27 +0100 -Subject: [PATCH] blscfg: fallback to default_kernelopts if BLS option field - isn't set - -If the $kernelopts variable isn't found, then the entry will fail to boot -since there won't be a kernel command line params set. This makes the BLS -configuration more fragile than a non-BLS one, since in that case it will -boot even without a correct grubenv file. - -So set a $default_kernelopts in the GRUB config file that will be used as -a fallback if the value in the BLS options field can't be resolved. - -Related: rhbz#1625124 - -Signed-off-by: Javier Martinez Canillas ---- - grub-core/commands/blscfg.c | 7 +++++++ - util/grub.d/10_linux.in | 2 ++ - 2 files changed, 9 insertions(+) - -diff --git a/grub-core/commands/blscfg.c b/grub-core/commands/blscfg.c -index c432c6ba27a..11cc82b6f31 100644 ---- a/grub-core/commands/blscfg.c -+++ b/grub-core/commands/blscfg.c -@@ -628,6 +628,9 @@ static char *expand_val(char *value) - char *end = value; - bool is_var = false; - -+ if (!value) -+ return NULL; -+ - while (*value) { - if (*value == '$') { - if (start != end) { -@@ -701,6 +704,10 @@ static void create_entry (struct bls_entry *entry) - - title = bls_get_val (entry, "title", NULL); - options = expand_val (bls_get_val (entry, "options", NULL)); -+ -+ if (!options) -+ options = expand_val (grub_env_get("default_kernelopts")); -+ - initrds = bls_make_list (entry, "initrd", NULL); - - hotkey = bls_get_val (entry, "grub_hotkey", NULL); -diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in -index da2992ac9f1..04fd8953f40 100644 ---- a/util/grub.d/10_linux.in -+++ b/util/grub.d/10_linux.in -@@ -158,6 +158,8 @@ linux_entry () - populate_header_warn - - cat << EOF -+set default_kernelopts="root=${linux_root_device_thisversion} ro ${args}" -+ - insmod blscfg - blscfg - if [ -s \$prefix/grubenv ]; then diff --git a/SOURCES/0263-10_linux_bls-use-to-separate-id-argument-due-a-Petit.patch b/SOURCES/0263-10_linux_bls-use-to-separate-id-argument-due-a-Petit.patch new file mode 100644 index 0000000..2ea8828 --- /dev/null +++ b/SOURCES/0263-10_linux_bls-use-to-separate-id-argument-due-a-Petit.patch @@ -0,0 +1,33 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Wed, 19 Jun 2019 15:57:17 +0200 +Subject: [PATCH] 10_linux_bls: use '=' to separate --id argument due a + Petitboot bug + +The GRUB menuentry command allows to separate the arguments for options +using either a '=' or a ' '. The latter is the convention used when the +menu entries are defined in the GRUB config file, but this is currently +not supported by Petitboot. + +So as a workaround define the menu entries using '--id=${bls}' instead. + +Resolves: rhbz#1721815 + +Signed-off-by: Javier Martinez Canillas +--- + util/grub.d/10_linux_bls.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/util/grub.d/10_linux_bls.in b/util/grub.d/10_linux_bls.in +index 175bedd0763..8e07a79322b 100644 +--- a/util/grub.d/10_linux_bls.in ++++ b/util/grub.d/10_linux_bls.in +@@ -180,7 +180,7 @@ populate_menu() + for bls in "${files[@]}" ; do + read_config "${blsdir}/${bls}.conf" + +- menu="${menu}menuentry '${title}' --class ${grub_class} ${grub_arg} --users ${grub_users} --id ${bls} {\n" ++ menu="${menu}menuentry '${title}' --class ${grub_class} ${grub_arg} --users ${grub_users} --id=${bls} {\n" + menu="${menu}\t linux ${linux} ${options}\n" + if [ -n "${initrd}" ] ; then + menu="${menu}\t initrd ${boot_prefix}${initrd}\n" diff --git a/SOURCES/0263-Remove-bogus-load_env-after-blscfg-command-in-10_lin.patch b/SOURCES/0263-Remove-bogus-load_env-after-blscfg-command-in-10_lin.patch deleted file mode 100644 index 7b09d5f..0000000 --- a/SOURCES/0263-Remove-bogus-load_env-after-blscfg-command-in-10_lin.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Javier Martinez Canillas -Date: Tue, 14 May 2019 20:37:44 +0200 -Subject: [PATCH] Remove bogus load_env after blscfg command in 10_linux - -The grubenv is already loaded in the 00_header snippet, so there's -no need to load it anywhere else. - -Signed-off-by: Javier Martinez Canillas ---- - util/grub.d/10_linux.in | 3 --- - 1 file changed, 3 deletions(-) - -diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in -index 04fd8953f40..58d18504790 100644 ---- a/util/grub.d/10_linux.in -+++ b/util/grub.d/10_linux.in -@@ -162,9 +162,6 @@ set default_kernelopts="root=${linux_root_device_thisversion} ro ${args}" - - insmod blscfg - blscfg --if [ -s \$prefix/grubenv ]; then -- load_env --fi - EOF - - if [ "x${GRUB_GRUBENV_UPDATE}" = "xyes" ]; then diff --git a/SOURCES/0264-10_linux_bls-don-t-add-users-option-to-generated-men.patch b/SOURCES/0264-10_linux_bls-don-t-add-users-option-to-generated-men.patch new file mode 100644 index 0000000..5b5ecdc --- /dev/null +++ b/SOURCES/0264-10_linux_bls-don-t-add-users-option-to-generated-men.patch @@ -0,0 +1,37 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Thu, 28 Mar 2019 16:34:42 +0100 +Subject: [PATCH] 10_linux_bls: don't add --users option to generated menu + entries + +The generated menu entries have a --users $grub_users option but this will +fail on old versions of GRUB, since it expects the --users option argument +to either be a constant or a variable that has been set. + +The latest GRUB version fix this but the GRUB core isn't updated on a GRUB +package update, so this will cause the entries to not be shown in the menu +after a system upgrade. + +Since can cause issues and because the entries that weren't generated from +the BLS snippets didn't have the --users option either, just don't add it. + +Resolves: rhbz#1755815 + +Signed-off-by: Javier Martinez Canillas +--- + util/grub.d/10_linux_bls.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/util/grub.d/10_linux_bls.in b/util/grub.d/10_linux_bls.in +index 8e07a79322b..855dbdd190b 100644 +--- a/util/grub.d/10_linux_bls.in ++++ b/util/grub.d/10_linux_bls.in +@@ -180,7 +180,7 @@ populate_menu() + for bls in "${files[@]}" ; do + read_config "${blsdir}/${bls}.conf" + +- menu="${menu}menuentry '${title}' --class ${grub_class} ${grub_arg} --users ${grub_users} --id=${bls} {\n" ++ menu="${menu}menuentry '${title}' --class ${grub_class} ${grub_arg} --id=${bls} {\n" + menu="${menu}\t linux ${linux} ${options}\n" + if [ -n "${initrd}" ] ; then + menu="${menu}\t initrd ${boot_prefix}${initrd}\n" diff --git a/SOURCES/0264-10_linux_bls-use-to-separate-id-argument-due-a-Petit.patch b/SOURCES/0264-10_linux_bls-use-to-separate-id-argument-due-a-Petit.patch deleted file mode 100644 index 2ea8828..0000000 --- a/SOURCES/0264-10_linux_bls-use-to-separate-id-argument-due-a-Petit.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Javier Martinez Canillas -Date: Wed, 19 Jun 2019 15:57:17 +0200 -Subject: [PATCH] 10_linux_bls: use '=' to separate --id argument due a - Petitboot bug - -The GRUB menuentry command allows to separate the arguments for options -using either a '=' or a ' '. The latter is the convention used when the -menu entries are defined in the GRUB config file, but this is currently -not supported by Petitboot. - -So as a workaround define the menu entries using '--id=${bls}' instead. - -Resolves: rhbz#1721815 - -Signed-off-by: Javier Martinez Canillas ---- - util/grub.d/10_linux_bls.in | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/util/grub.d/10_linux_bls.in b/util/grub.d/10_linux_bls.in -index 175bedd0763..8e07a79322b 100644 ---- a/util/grub.d/10_linux_bls.in -+++ b/util/grub.d/10_linux_bls.in -@@ -180,7 +180,7 @@ populate_menu() - for bls in "${files[@]}" ; do - read_config "${blsdir}/${bls}.conf" - -- menu="${menu}menuentry '${title}' --class ${grub_class} ${grub_arg} --users ${grub_users} --id ${bls} {\n" -+ menu="${menu}menuentry '${title}' --class ${grub_class} ${grub_arg} --users ${grub_users} --id=${bls} {\n" - menu="${menu}\t linux ${linux} ${options}\n" - if [ -n "${initrd}" ] ; then - menu="${menu}\t initrd ${boot_prefix}${initrd}\n" diff --git a/SOURCES/0265-10_linux_bls-don-t-add-users-option-to-generated-men.patch b/SOURCES/0265-10_linux_bls-don-t-add-users-option-to-generated-men.patch deleted file mode 100644 index 5b5ecdc..0000000 --- a/SOURCES/0265-10_linux_bls-don-t-add-users-option-to-generated-men.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Javier Martinez Canillas -Date: Thu, 28 Mar 2019 16:34:42 +0100 -Subject: [PATCH] 10_linux_bls: don't add --users option to generated menu - entries - -The generated menu entries have a --users $grub_users option but this will -fail on old versions of GRUB, since it expects the --users option argument -to either be a constant or a variable that has been set. - -The latest GRUB version fix this but the GRUB core isn't updated on a GRUB -package update, so this will cause the entries to not be shown in the menu -after a system upgrade. - -Since can cause issues and because the entries that weren't generated from -the BLS snippets didn't have the --users option either, just don't add it. - -Resolves: rhbz#1755815 - -Signed-off-by: Javier Martinez Canillas ---- - util/grub.d/10_linux_bls.in | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/util/grub.d/10_linux_bls.in b/util/grub.d/10_linux_bls.in -index 8e07a79322b..855dbdd190b 100644 ---- a/util/grub.d/10_linux_bls.in -+++ b/util/grub.d/10_linux_bls.in -@@ -180,7 +180,7 @@ populate_menu() - for bls in "${files[@]}" ; do - read_config "${blsdir}/${bls}.conf" - -- menu="${menu}menuentry '${title}' --class ${grub_class} ${grub_arg} --users ${grub_users} --id=${bls} {\n" -+ menu="${menu}menuentry '${title}' --class ${grub_class} ${grub_arg} --id=${bls} {\n" - menu="${menu}\t linux ${linux} ${options}\n" - if [ -n "${initrd}" ] ; then - menu="${menu}\t initrd ${boot_prefix}${initrd}\n" diff --git a/SOURCES/0265-grub-set-bootflag-Update-comment-about-running-as-ro.patch b/SOURCES/0265-grub-set-bootflag-Update-comment-about-running-as-ro.patch new file mode 100644 index 0000000..e1fb2b5 --- /dev/null +++ b/SOURCES/0265-grub-set-bootflag-Update-comment-about-running-as-ro.patch @@ -0,0 +1,27 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Hans de Goede +Date: Wed, 13 Nov 2019 12:15:43 +0100 +Subject: [PATCH] grub-set-bootflag: Update comment about running as root + through pkexec + +We have stopped using pkexec for grub-set-bootflag, instead it is now +installed suid root, update the comment accordingly. + +Signed-off-by: Hans de Goede +--- + util/grub-set-bootflag.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/util/grub-set-bootflag.c b/util/grub-set-bootflag.c +index f8dc310909a..32f1c104a2b 100644 +--- a/util/grub-set-bootflag.c ++++ b/util/grub-set-bootflag.c +@@ -18,7 +18,7 @@ + */ + + /* +- * NOTE this gets run by users as root (through pkexec), so this does not ++ * NOTE this gets run by users as root (its suid root), so this does not + * use any grub library / util functions to allow for easy auditing. + * The grub headers are only included to get certain defines. + */ diff --git a/SOURCES/0266-grub-set-bootflag-Update-comment-about-running-as-ro.patch b/SOURCES/0266-grub-set-bootflag-Update-comment-about-running-as-ro.patch deleted file mode 100644 index e1fb2b5..0000000 --- a/SOURCES/0266-grub-set-bootflag-Update-comment-about-running-as-ro.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Hans de Goede -Date: Wed, 13 Nov 2019 12:15:43 +0100 -Subject: [PATCH] grub-set-bootflag: Update comment about running as root - through pkexec - -We have stopped using pkexec for grub-set-bootflag, instead it is now -installed suid root, update the comment accordingly. - -Signed-off-by: Hans de Goede ---- - util/grub-set-bootflag.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/util/grub-set-bootflag.c b/util/grub-set-bootflag.c -index f8dc310909a..32f1c104a2b 100644 ---- a/util/grub-set-bootflag.c -+++ b/util/grub-set-bootflag.c -@@ -18,7 +18,7 @@ - */ - - /* -- * NOTE this gets run by users as root (through pkexec), so this does not -+ * NOTE this gets run by users as root (its suid root), so this does not - * use any grub library / util functions to allow for easy auditing. - * The grub headers are only included to get certain defines. - */ diff --git a/SOURCES/0266-grub-set-bootflag-Write-new-env-to-tmpfile-and-then-.patch b/SOURCES/0266-grub-set-bootflag-Write-new-env-to-tmpfile-and-then-.patch new file mode 100644 index 0000000..32e07d5 --- /dev/null +++ b/SOURCES/0266-grub-set-bootflag-Write-new-env-to-tmpfile-and-then-.patch @@ -0,0 +1,152 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Hans de Goede +Date: Fri, 22 Nov 2019 11:54:27 +0100 +Subject: [PATCH] grub-set-bootflag: Write new env to tmpfile and then rename + +Make the grubenv writing code in grub-set-bootflag more robust by +writing the modified grubenv to a tmpfile first and then renaming the +tmpfile over the old grubenv (following symlinks). + +Signed-off-by: Hans de Goede +--- + util/grub-set-bootflag.c | 87 +++++++++++++++++++++++++++++++++++++++++++----- + 1 file changed, 78 insertions(+), 9 deletions(-) + +diff --git a/util/grub-set-bootflag.c b/util/grub-set-bootflag.c +index 32f1c104a2b..d3b80a0d204 100644 +--- a/util/grub-set-bootflag.c ++++ b/util/grub-set-bootflag.c +@@ -26,7 +26,9 @@ + #include /* For *_DIR_NAME defines */ + #include + #include /* For GRUB_ENVBLK_DEFCFG define */ ++#include + #include ++#include + #include + #include + +@@ -52,8 +54,10 @@ int main(int argc, char *argv[]) + { + /* NOTE buf must be at least the longest bootflag length + 4 bytes */ + char env[GRUBENV_SIZE + 1], buf[64], *s; ++ /* +1 for 0 termination, +6 for "XXXXXX" in tmp filename */ ++ char env_filename[PATH_MAX + 1], tmp_filename[PATH_MAX + 6 + 1]; + const char *bootflag; +- int i, len, ret; ++ int i, fd, len, ret; + FILE *f; + + if (argc != 2) +@@ -75,7 +79,32 @@ int main(int argc, char *argv[]) + bootflag = bootflags[i]; + len = strlen (bootflag); + +- f = fopen (GRUBENV, "r"); ++ /* ++ * Really become root. setuid avoids an user killing us, possibly leaking ++ * the tmpfile. setgid avoids the new grubenv's gid being that of the user. ++ */ ++ ret = setuid(0); ++ if (ret) ++ { ++ perror ("Error setuid(0) failed"); ++ return 1; ++ } ++ ++ ret = setgid(0); ++ if (ret) ++ { ++ perror ("Error setgid(0) failed"); ++ return 1; ++ } ++ ++ /* Canonicalize GRUBENV filename, resolving symlinks, etc. */ ++ if (!realpath(GRUBENV, env_filename)) ++ { ++ perror ("Error canonicalizing " GRUBENV " filename"); ++ return 1; ++ } ++ ++ f = fopen (env_filename, "r"); + if (!f) + { + perror ("Error opening " GRUBENV " for reading"); +@@ -129,30 +158,70 @@ int main(int argc, char *argv[]) + snprintf(buf, sizeof(buf), "%s=1\n", bootflag); + memcpy(s, buf, len + 3); + +- /* "r+", don't truncate so that the diskspace stays reserved */ +- f = fopen (GRUBENV, "r+"); ++ ++ /* ++ * Create a tempfile for writing the new env. Use the canonicalized filename ++ * for the template so that the tmpfile is in the same dir / on same fs. ++ */ ++ snprintf(tmp_filename, sizeof(tmp_filename), "%sXXXXXX", env_filename); ++ fd = mkstemp(tmp_filename); ++ if (fd == -1) ++ { ++ perror ("Creating tmpfile failed"); ++ return 1; ++ } ++ ++ f = fdopen (fd, "w"); + if (!f) + { +- perror ("Error opening " GRUBENV " for writing"); ++ perror ("Error fdopen of tmpfile failed"); ++ unlink(tmp_filename); + return 1; + } + + ret = fwrite (env, 1, GRUBENV_SIZE, f); + if (ret != GRUBENV_SIZE) + { +- perror ("Error writing to " GRUBENV); ++ perror ("Error writing tmpfile"); ++ unlink(tmp_filename); + return 1; + } + + ret = fflush (f); + if (ret) + { +- perror ("Error flushing " GRUBENV); ++ perror ("Error flushing tmpfile"); ++ unlink(tmp_filename); + return 1; + } + +- fsync (fileno (f)); +- fclose (f); ++ ret = fsync (fileno (f)); ++ if (ret) ++ { ++ perror ("Error syncing tmpfile"); ++ unlink(tmp_filename); ++ return 1; ++ } ++ ++ ret = fclose (f); ++ if (ret) ++ { ++ perror ("Error closing tmpfile"); ++ unlink(tmp_filename); ++ return 1; ++ } ++ ++ /* ++ * And finally rename the tmpfile with the new env over the old env, the ++ * linux kernel guarantees that this is atomic (from a syscall pov). ++ */ ++ ret = rename(tmp_filename, env_filename); ++ if (ret) ++ { ++ perror ("Error renaming tmpfile to " GRUBENV " failed"); ++ unlink(tmp_filename); ++ return 1; ++ } + + return 0; + } diff --git a/SOURCES/0267-Fix-PRIxGRUB_EFI_STATUS-definition.patch b/SOURCES/0267-Fix-PRIxGRUB_EFI_STATUS-definition.patch new file mode 100644 index 0000000..fd71d99 --- /dev/null +++ b/SOURCES/0267-Fix-PRIxGRUB_EFI_STATUS-definition.patch @@ -0,0 +1,48 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Thu, 28 Nov 2019 13:23:59 +0100 +Subject: [PATCH] Fix PRIxGRUB_EFI_STATUS definition + +The type specifiers were wrongly defined when GRUB_CPU_SIZEOF_VOID_P != 8 +since in that case the grub_efi_status_t is a grub_int32_t typedef. This +leads to the following covscan warnings: + +grub-2.02/include/grub/dl.h:29: included_from: Included from here. +grub-2.02/include/grub/efi/efi.h:24: included_from: Included from here. +grub-2.02/grub-core/kern/efi/tpm.c:4: included_from: Included from here. +grub-2.02/grub-core/kern/efi/tpm.c: scope_hint: In function 'grub_tpm_dprintf' +grub-2.02/grub-core/kern/efi/tpm.c:170:26: warning: format '%llx' expects argument of type 'long long unsigned int', but argument 5 has type 'grub_efi_status_t' {aka 'int'} [-Wformat=] +grub-2.02/include/grub/misc.h:38:88: note: in definition of macro 'grub_dprintf' + +Related: rhbz#1761811 + +Signed-off-by: Javier Martinez Canillas +--- + include/grub/efi/api.h | 13 +++++++++---- + 1 file changed, 9 insertions(+), 4 deletions(-) + +diff --git a/include/grub/efi/api.h b/include/grub/efi/api.h +index b337e1a193d..6c440c61316 100644 +--- a/include/grub/efi/api.h ++++ b/include/grub/efi/api.h +@@ -539,11 +539,16 @@ typedef grub_uint16_t grub_efi_char16_t; + typedef grub_efi_intn_t grub_efi_status_t; + /* Make grub_efi_status_t reasonably printable. */ + #if GRUB_CPU_SIZEOF_VOID_P == 8 +-#define PRIxGRUB_EFI_STATUS "lx" +-#define PRIdGRUB_EFI_STATUS "ld" ++# if GRUB_CPU_SIZEOF_LONG == 8 ++# define PRIxGRUB_EFI_STATUS "lx" ++# define PRIdGRUB_EFI_STATUS "ld" ++# else ++# define PRIxGRUB_EFI_STATUS "llx" ++# define PRIdGRUB_EFI_STATUS "lld" ++# endif + #else +-#define PRIxGRUB_EFI_STATUS "llx" +-#define PRIdGRUB_EFI_STATUS "lld" ++# define PRIxGRUB_EFI_STATUS "x" ++# define PRIdGRUB_EFI_STATUS "d" + #endif + + #define GRUB_EFI_ERROR_CODE(value) \ diff --git a/SOURCES/0267-grub-set-bootflag-Write-new-env-to-tmpfile-and-then-.patch b/SOURCES/0267-grub-set-bootflag-Write-new-env-to-tmpfile-and-then-.patch deleted file mode 100644 index 32e07d5..0000000 --- a/SOURCES/0267-grub-set-bootflag-Write-new-env-to-tmpfile-and-then-.patch +++ /dev/null @@ -1,152 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Hans de Goede -Date: Fri, 22 Nov 2019 11:54:27 +0100 -Subject: [PATCH] grub-set-bootflag: Write new env to tmpfile and then rename - -Make the grubenv writing code in grub-set-bootflag more robust by -writing the modified grubenv to a tmpfile first and then renaming the -tmpfile over the old grubenv (following symlinks). - -Signed-off-by: Hans de Goede ---- - util/grub-set-bootflag.c | 87 +++++++++++++++++++++++++++++++++++++++++++----- - 1 file changed, 78 insertions(+), 9 deletions(-) - -diff --git a/util/grub-set-bootflag.c b/util/grub-set-bootflag.c -index 32f1c104a2b..d3b80a0d204 100644 ---- a/util/grub-set-bootflag.c -+++ b/util/grub-set-bootflag.c -@@ -26,7 +26,9 @@ - #include /* For *_DIR_NAME defines */ - #include - #include /* For GRUB_ENVBLK_DEFCFG define */ -+#include - #include -+#include - #include - #include - -@@ -52,8 +54,10 @@ int main(int argc, char *argv[]) - { - /* NOTE buf must be at least the longest bootflag length + 4 bytes */ - char env[GRUBENV_SIZE + 1], buf[64], *s; -+ /* +1 for 0 termination, +6 for "XXXXXX" in tmp filename */ -+ char env_filename[PATH_MAX + 1], tmp_filename[PATH_MAX + 6 + 1]; - const char *bootflag; -- int i, len, ret; -+ int i, fd, len, ret; - FILE *f; - - if (argc != 2) -@@ -75,7 +79,32 @@ int main(int argc, char *argv[]) - bootflag = bootflags[i]; - len = strlen (bootflag); - -- f = fopen (GRUBENV, "r"); -+ /* -+ * Really become root. setuid avoids an user killing us, possibly leaking -+ * the tmpfile. setgid avoids the new grubenv's gid being that of the user. -+ */ -+ ret = setuid(0); -+ if (ret) -+ { -+ perror ("Error setuid(0) failed"); -+ return 1; -+ } -+ -+ ret = setgid(0); -+ if (ret) -+ { -+ perror ("Error setgid(0) failed"); -+ return 1; -+ } -+ -+ /* Canonicalize GRUBENV filename, resolving symlinks, etc. */ -+ if (!realpath(GRUBENV, env_filename)) -+ { -+ perror ("Error canonicalizing " GRUBENV " filename"); -+ return 1; -+ } -+ -+ f = fopen (env_filename, "r"); - if (!f) - { - perror ("Error opening " GRUBENV " for reading"); -@@ -129,30 +158,70 @@ int main(int argc, char *argv[]) - snprintf(buf, sizeof(buf), "%s=1\n", bootflag); - memcpy(s, buf, len + 3); - -- /* "r+", don't truncate so that the diskspace stays reserved */ -- f = fopen (GRUBENV, "r+"); -+ -+ /* -+ * Create a tempfile for writing the new env. Use the canonicalized filename -+ * for the template so that the tmpfile is in the same dir / on same fs. -+ */ -+ snprintf(tmp_filename, sizeof(tmp_filename), "%sXXXXXX", env_filename); -+ fd = mkstemp(tmp_filename); -+ if (fd == -1) -+ { -+ perror ("Creating tmpfile failed"); -+ return 1; -+ } -+ -+ f = fdopen (fd, "w"); - if (!f) - { -- perror ("Error opening " GRUBENV " for writing"); -+ perror ("Error fdopen of tmpfile failed"); -+ unlink(tmp_filename); - return 1; - } - - ret = fwrite (env, 1, GRUBENV_SIZE, f); - if (ret != GRUBENV_SIZE) - { -- perror ("Error writing to " GRUBENV); -+ perror ("Error writing tmpfile"); -+ unlink(tmp_filename); - return 1; - } - - ret = fflush (f); - if (ret) - { -- perror ("Error flushing " GRUBENV); -+ perror ("Error flushing tmpfile"); -+ unlink(tmp_filename); - return 1; - } - -- fsync (fileno (f)); -- fclose (f); -+ ret = fsync (fileno (f)); -+ if (ret) -+ { -+ perror ("Error syncing tmpfile"); -+ unlink(tmp_filename); -+ return 1; -+ } -+ -+ ret = fclose (f); -+ if (ret) -+ { -+ perror ("Error closing tmpfile"); -+ unlink(tmp_filename); -+ return 1; -+ } -+ -+ /* -+ * And finally rename the tmpfile with the new env over the old env, the -+ * linux kernel guarantees that this is atomic (from a syscall pov). -+ */ -+ ret = rename(tmp_filename, env_filename); -+ if (ret) -+ { -+ perror ("Error renaming tmpfile to " GRUBENV " failed"); -+ unlink(tmp_filename); -+ return 1; -+ } - - return 0; - } diff --git a/SOURCES/0268-Fix-PRIxGRUB_EFI_STATUS-definition.patch b/SOURCES/0268-Fix-PRIxGRUB_EFI_STATUS-definition.patch deleted file mode 100644 index fd71d99..0000000 --- a/SOURCES/0268-Fix-PRIxGRUB_EFI_STATUS-definition.patch +++ /dev/null @@ -1,48 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Javier Martinez Canillas -Date: Thu, 28 Nov 2019 13:23:59 +0100 -Subject: [PATCH] Fix PRIxGRUB_EFI_STATUS definition - -The type specifiers were wrongly defined when GRUB_CPU_SIZEOF_VOID_P != 8 -since in that case the grub_efi_status_t is a grub_int32_t typedef. This -leads to the following covscan warnings: - -grub-2.02/include/grub/dl.h:29: included_from: Included from here. -grub-2.02/include/grub/efi/efi.h:24: included_from: Included from here. -grub-2.02/grub-core/kern/efi/tpm.c:4: included_from: Included from here. -grub-2.02/grub-core/kern/efi/tpm.c: scope_hint: In function 'grub_tpm_dprintf' -grub-2.02/grub-core/kern/efi/tpm.c:170:26: warning: format '%llx' expects argument of type 'long long unsigned int', but argument 5 has type 'grub_efi_status_t' {aka 'int'} [-Wformat=] -grub-2.02/include/grub/misc.h:38:88: note: in definition of macro 'grub_dprintf' - -Related: rhbz#1761811 - -Signed-off-by: Javier Martinez Canillas ---- - include/grub/efi/api.h | 13 +++++++++---- - 1 file changed, 9 insertions(+), 4 deletions(-) - -diff --git a/include/grub/efi/api.h b/include/grub/efi/api.h -index b337e1a193d..6c440c61316 100644 ---- a/include/grub/efi/api.h -+++ b/include/grub/efi/api.h -@@ -539,11 +539,16 @@ typedef grub_uint16_t grub_efi_char16_t; - typedef grub_efi_intn_t grub_efi_status_t; - /* Make grub_efi_status_t reasonably printable. */ - #if GRUB_CPU_SIZEOF_VOID_P == 8 --#define PRIxGRUB_EFI_STATUS "lx" --#define PRIdGRUB_EFI_STATUS "ld" -+# if GRUB_CPU_SIZEOF_LONG == 8 -+# define PRIxGRUB_EFI_STATUS "lx" -+# define PRIdGRUB_EFI_STATUS "ld" -+# else -+# define PRIxGRUB_EFI_STATUS "llx" -+# define PRIdGRUB_EFI_STATUS "lld" -+# endif - #else --#define PRIxGRUB_EFI_STATUS "llx" --#define PRIdGRUB_EFI_STATUS "lld" -+# define PRIxGRUB_EFI_STATUS "x" -+# define PRIdGRUB_EFI_STATUS "d" - #endif - - #define GRUB_EFI_ERROR_CODE(value) \ diff --git a/SOURCES/0268-TPM-Print-messages-if-measuraments-fail-as-debug-ins.patch b/SOURCES/0268-TPM-Print-messages-if-measuraments-fail-as-debug-ins.patch new file mode 100644 index 0000000..45dd94b --- /dev/null +++ b/SOURCES/0268-TPM-Print-messages-if-measuraments-fail-as-debug-ins.patch @@ -0,0 +1,100 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Wed, 16 Oct 2019 15:32:04 +0200 +Subject: [PATCH] TPM: Print messages if measuraments fail as debug instead of + error + +If the calls to EFI services to do TPM measuraments fail, currently error +messages are printed. But this is not a fatal error and just pollutes the +output, so instead just print them as debug messages. + +Resolves: rhbz#1761811 + +Signed-off-by: Javier Martinez Canillas +--- + grub-core/kern/efi/tpm.c | 58 +++++++++++++++++++++++++----------------------- + 1 file changed, 30 insertions(+), 28 deletions(-) + +diff --git a/grub-core/kern/efi/tpm.c b/grub-core/kern/efi/tpm.c +index 0d3ebe22e57..5dc90865242 100644 +--- a/grub-core/kern/efi/tpm.c ++++ b/grub-core/kern/efi/tpm.c +@@ -161,6 +161,34 @@ grub_tpm_execute(PassThroughToTPM_InputParamBlock *inbuf, + } + } + ++static inline grub_err_t grub_tpm_dprintf(grub_efi_status_t status) ++{ ++ switch (status) { ++ case GRUB_EFI_SUCCESS: ++ return 0; ++ case GRUB_EFI_DEVICE_ERROR: ++ grub_dprintf ("tpm", "Command failed: 0x%"PRIxGRUB_EFI_STATUS"\n", ++ status); ++ return GRUB_ERR_IO; ++ case GRUB_EFI_INVALID_PARAMETER: ++ grub_dprintf ("tpm", "Invalid parameter: 0x%"PRIxGRUB_EFI_STATUS"\n", ++ status); ++ return GRUB_ERR_BAD_ARGUMENT; ++ case GRUB_EFI_BUFFER_TOO_SMALL: ++ grub_dprintf ("tpm", "Output buffer too small: 0x%"PRIxGRUB_EFI_STATUS"\n", ++ status); ++ return GRUB_ERR_BAD_ARGUMENT; ++ case GRUB_EFI_NOT_FOUND: ++ grub_dprintf ("tpm", "TPM unavailable: 0x%"PRIxGRUB_EFI_STATUS"\n", ++ status); ++ return GRUB_ERR_UNKNOWN_DEVICE; ++ default: ++ grub_dprintf ("tpm", "Unknown TPM error: 0x%"PRIxGRUB_EFI_STATUS"\n", ++ status); ++ return GRUB_ERR_UNKNOWN_DEVICE; ++ } ++} ++ + static grub_err_t + grub_tpm1_log_event(grub_efi_handle_t tpm_handle, unsigned char *buf, + grub_size_t size, grub_uint8_t pcr, +@@ -194,20 +222,7 @@ grub_tpm1_log_event(grub_efi_handle_t tpm_handle, unsigned char *buf, + (unsigned long) buf, (grub_uint64_t) size, + algorithm, event, &eventnum, &lastevent); + +- switch (status) { +- case GRUB_EFI_SUCCESS: +- return 0; +- case GRUB_EFI_DEVICE_ERROR: +- return grub_error (GRUB_ERR_IO, N_("Command failed")); +- case GRUB_EFI_INVALID_PARAMETER: +- return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Invalid parameter")); +- case GRUB_EFI_BUFFER_TOO_SMALL: +- return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Output buffer too small")); +- case GRUB_EFI_NOT_FOUND: +- return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("TPM unavailable")); +- default: +- return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("Unknown TPM error")); +- } ++ return grub_tpm_dprintf(status); + } + + static grub_err_t +@@ -240,20 +255,7 @@ grub_tpm2_log_event(grub_efi_handle_t tpm_handle, unsigned char *buf, + status = efi_call_5 (tpm->hash_log_extend_event, tpm, 0, (unsigned long) buf, + (grub_uint64_t) size, event); + +- switch (status) { +- case GRUB_EFI_SUCCESS: +- return 0; +- case GRUB_EFI_DEVICE_ERROR: +- return grub_error (GRUB_ERR_IO, N_("Command failed")); +- case GRUB_EFI_INVALID_PARAMETER: +- return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Invalid parameter")); +- case GRUB_EFI_BUFFER_TOO_SMALL: +- return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Output buffer too small")); +- case GRUB_EFI_NOT_FOUND: +- return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("TPM unavailable")); +- default: +- return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("Unknown TPM error")); +- } ++ return grub_tpm_dprintf(status); + } + + grub_err_t diff --git a/SOURCES/0269-TPM-Print-messages-if-measuraments-fail-as-debug-ins.patch b/SOURCES/0269-TPM-Print-messages-if-measuraments-fail-as-debug-ins.patch deleted file mode 100644 index 45dd94b..0000000 --- a/SOURCES/0269-TPM-Print-messages-if-measuraments-fail-as-debug-ins.patch +++ /dev/null @@ -1,100 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Javier Martinez Canillas -Date: Wed, 16 Oct 2019 15:32:04 +0200 -Subject: [PATCH] TPM: Print messages if measuraments fail as debug instead of - error - -If the calls to EFI services to do TPM measuraments fail, currently error -messages are printed. But this is not a fatal error and just pollutes the -output, so instead just print them as debug messages. - -Resolves: rhbz#1761811 - -Signed-off-by: Javier Martinez Canillas ---- - grub-core/kern/efi/tpm.c | 58 +++++++++++++++++++++++++----------------------- - 1 file changed, 30 insertions(+), 28 deletions(-) - -diff --git a/grub-core/kern/efi/tpm.c b/grub-core/kern/efi/tpm.c -index 0d3ebe22e57..5dc90865242 100644 ---- a/grub-core/kern/efi/tpm.c -+++ b/grub-core/kern/efi/tpm.c -@@ -161,6 +161,34 @@ grub_tpm_execute(PassThroughToTPM_InputParamBlock *inbuf, - } - } - -+static inline grub_err_t grub_tpm_dprintf(grub_efi_status_t status) -+{ -+ switch (status) { -+ case GRUB_EFI_SUCCESS: -+ return 0; -+ case GRUB_EFI_DEVICE_ERROR: -+ grub_dprintf ("tpm", "Command failed: 0x%"PRIxGRUB_EFI_STATUS"\n", -+ status); -+ return GRUB_ERR_IO; -+ case GRUB_EFI_INVALID_PARAMETER: -+ grub_dprintf ("tpm", "Invalid parameter: 0x%"PRIxGRUB_EFI_STATUS"\n", -+ status); -+ return GRUB_ERR_BAD_ARGUMENT; -+ case GRUB_EFI_BUFFER_TOO_SMALL: -+ grub_dprintf ("tpm", "Output buffer too small: 0x%"PRIxGRUB_EFI_STATUS"\n", -+ status); -+ return GRUB_ERR_BAD_ARGUMENT; -+ case GRUB_EFI_NOT_FOUND: -+ grub_dprintf ("tpm", "TPM unavailable: 0x%"PRIxGRUB_EFI_STATUS"\n", -+ status); -+ return GRUB_ERR_UNKNOWN_DEVICE; -+ default: -+ grub_dprintf ("tpm", "Unknown TPM error: 0x%"PRIxGRUB_EFI_STATUS"\n", -+ status); -+ return GRUB_ERR_UNKNOWN_DEVICE; -+ } -+} -+ - static grub_err_t - grub_tpm1_log_event(grub_efi_handle_t tpm_handle, unsigned char *buf, - grub_size_t size, grub_uint8_t pcr, -@@ -194,20 +222,7 @@ grub_tpm1_log_event(grub_efi_handle_t tpm_handle, unsigned char *buf, - (unsigned long) buf, (grub_uint64_t) size, - algorithm, event, &eventnum, &lastevent); - -- switch (status) { -- case GRUB_EFI_SUCCESS: -- return 0; -- case GRUB_EFI_DEVICE_ERROR: -- return grub_error (GRUB_ERR_IO, N_("Command failed")); -- case GRUB_EFI_INVALID_PARAMETER: -- return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Invalid parameter")); -- case GRUB_EFI_BUFFER_TOO_SMALL: -- return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Output buffer too small")); -- case GRUB_EFI_NOT_FOUND: -- return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("TPM unavailable")); -- default: -- return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("Unknown TPM error")); -- } -+ return grub_tpm_dprintf(status); - } - - static grub_err_t -@@ -240,20 +255,7 @@ grub_tpm2_log_event(grub_efi_handle_t tpm_handle, unsigned char *buf, - status = efi_call_5 (tpm->hash_log_extend_event, tpm, 0, (unsigned long) buf, - (grub_uint64_t) size, event); - -- switch (status) { -- case GRUB_EFI_SUCCESS: -- return 0; -- case GRUB_EFI_DEVICE_ERROR: -- return grub_error (GRUB_ERR_IO, N_("Command failed")); -- case GRUB_EFI_INVALID_PARAMETER: -- return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Invalid parameter")); -- case GRUB_EFI_BUFFER_TOO_SMALL: -- return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Output buffer too small")); -- case GRUB_EFI_NOT_FOUND: -- return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("TPM unavailable")); -- default: -- return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("Unknown TPM error")); -- } -+ return grub_tpm_dprintf(status); - } - - grub_err_t diff --git a/SOURCES/0269-unix-platform-Initialize-variable-to-fix-grub-instal.patch b/SOURCES/0269-unix-platform-Initialize-variable-to-fix-grub-instal.patch new file mode 100644 index 0000000..8044070 --- /dev/null +++ b/SOURCES/0269-unix-platform-Initialize-variable-to-fix-grub-instal.patch @@ -0,0 +1,66 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Paul Menzel +Date: Tue, 23 Oct 2018 15:00:13 +0200 +Subject: [PATCH] unix/platform: Initialize variable to fix grub-install on + UEFI system +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +On a UEFI system, were no boot entry *grub* is present, currently, +`grub-install` fails with an error. + + $ efibootmgr + BootCurrent: 0000 + Timeout: 0 seconds + BootOrder: 0001,0006,0003,0004,0005 + Boot0001 Diskette Drive + Boot0003* USB Storage Device + Boot0004* CD/DVD/CD-RW Drive + Boot0005 Onboard NIC + Boot0006* WDC WD2500AAKX-75U6AA0 + $ sudo grub-install /dev/sda + Installing for x86_64-efi platform. + grub-install: error: efibootmgr failed to register the boot entry: Unknown error 22020. + +The error code is always different, and the error message (incorrectly) +points to efibootmgr. + +But, the error is in GRUB’s function +`grub_install_remove_efi_entries_by_distributor()`, where the variable +`rc` for the return value, is uninitialized and never set, when no boot +entry for the distributor is found. + +The content of that uninitialized variable is then returned as the error +code of efibootmgr. + +Set the variable to 0, so that success is returned, when no entry needs +to be deleted. + +Tested on Dell OptiPlex 7010 with firmware A28. + + $ sudo ./grub-install /dev/sda + Installing for x86_64-efi platform. + Installation finished. No error reported. + +[1]: https://github.com/rhboot/efibootmgr/issues/100 + +Signed-off-by: Paul Menzel +Reviewed-by: Daniel Kiper +--- + grub-core/osdep/unix/platform.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/grub-core/osdep/unix/platform.c b/grub-core/osdep/unix/platform.c +index ca448bc11a0..55b8f401624 100644 +--- a/grub-core/osdep/unix/platform.c ++++ b/grub-core/osdep/unix/platform.c +@@ -85,7 +85,7 @@ grub_install_remove_efi_entries_by_distributor (const char *efi_distributor) + pid_t pid = grub_util_exec_pipe ((const char * []){ "efibootmgr", NULL }, &fd); + char *line = NULL; + size_t len = 0; +- int rc; ++ int rc = 0; + + if (!pid) + { diff --git a/SOURCES/0270-blscfg-add-a-space-char-when-appending-fields-for-va.patch b/SOURCES/0270-blscfg-add-a-space-char-when-appending-fields-for-va.patch new file mode 100644 index 0000000..80225c2 --- /dev/null +++ b/SOURCES/0270-blscfg-add-a-space-char-when-appending-fields-for-va.patch @@ -0,0 +1,76 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Tue, 26 Nov 2019 09:51:41 +0100 +Subject: [PATCH] blscfg: add a space char when appending fields for variable + expansion + +The GRUB variables are expanded and replaced by their values before adding +menu entries, but they didn't include space characters after the values so +the result was not correct. + +For the common case this wasn't a problem but it is if there are variables +that are part of the values of other variables. + +Resolves: rhbz#1669252 + +Signed-off-by: Javier Martinez Canillas +--- + grub-core/commands/blscfg.c | 31 ++++++++++++++++++------------- + 1 file changed, 18 insertions(+), 13 deletions(-) + +diff --git a/grub-core/commands/blscfg.c b/grub-core/commands/blscfg.c +index 11cc82b6f31..c92e1c84543 100644 +--- a/grub-core/commands/blscfg.c ++++ b/grub-core/commands/blscfg.c +@@ -597,26 +597,29 @@ static char **bls_make_list (struct bls_entry *entry, const char *key, int *num) + + static char *field_append(bool is_var, char *buffer, char *start, char *end) + { +- char *temp = grub_strndup(start, end - start + 1); +- const char *field = temp; ++ char *tmp = grub_strndup(start, end - start + 1); ++ const char *field = tmp; ++ int term = is_var ? 2 : 1; + + if (is_var) { +- field = grub_env_get (temp); ++ field = grub_env_get (tmp); + if (!field) + return buffer; + } + +- if (!buffer) { +- buffer = grub_strdup(field); +- if (!buffer) +- return NULL; +- } else { +- buffer = grub_realloc (buffer, grub_strlen(buffer) + grub_strlen(field)); +- if (!buffer) +- return NULL; ++ if (!buffer) ++ buffer = grub_zalloc (grub_strlen(field) + term); ++ else ++ buffer = grub_realloc (buffer, grub_strlen(buffer) + grub_strlen(field) + term); + +- grub_stpcpy (buffer + grub_strlen(buffer), field); +- } ++ if (!buffer) ++ return NULL; ++ ++ tmp = buffer + grub_strlen(buffer); ++ tmp = grub_stpcpy (tmp, field); ++ ++ if (is_var) ++ tmp = grub_stpcpy (tmp, " "); + + return buffer; + } +@@ -646,6 +649,8 @@ static char *expand_val(char *value) + buffer = field_append(is_var, buffer, start, end); + is_var = false; + start = value; ++ if (*start == ' ') ++ start++; + } + } + diff --git a/SOURCES/0270-unix-platform-Initialize-variable-to-fix-grub-instal.patch b/SOURCES/0270-unix-platform-Initialize-variable-to-fix-grub-instal.patch deleted file mode 100644 index 8044070..0000000 --- a/SOURCES/0270-unix-platform-Initialize-variable-to-fix-grub-instal.patch +++ /dev/null @@ -1,66 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Paul Menzel -Date: Tue, 23 Oct 2018 15:00:13 +0200 -Subject: [PATCH] unix/platform: Initialize variable to fix grub-install on - UEFI system -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -On a UEFI system, were no boot entry *grub* is present, currently, -`grub-install` fails with an error. - - $ efibootmgr - BootCurrent: 0000 - Timeout: 0 seconds - BootOrder: 0001,0006,0003,0004,0005 - Boot0001 Diskette Drive - Boot0003* USB Storage Device - Boot0004* CD/DVD/CD-RW Drive - Boot0005 Onboard NIC - Boot0006* WDC WD2500AAKX-75U6AA0 - $ sudo grub-install /dev/sda - Installing for x86_64-efi platform. - grub-install: error: efibootmgr failed to register the boot entry: Unknown error 22020. - -The error code is always different, and the error message (incorrectly) -points to efibootmgr. - -But, the error is in GRUB’s function -`grub_install_remove_efi_entries_by_distributor()`, where the variable -`rc` for the return value, is uninitialized and never set, when no boot -entry for the distributor is found. - -The content of that uninitialized variable is then returned as the error -code of efibootmgr. - -Set the variable to 0, so that success is returned, when no entry needs -to be deleted. - -Tested on Dell OptiPlex 7010 with firmware A28. - - $ sudo ./grub-install /dev/sda - Installing for x86_64-efi platform. - Installation finished. No error reported. - -[1]: https://github.com/rhboot/efibootmgr/issues/100 - -Signed-off-by: Paul Menzel -Reviewed-by: Daniel Kiper ---- - grub-core/osdep/unix/platform.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/grub-core/osdep/unix/platform.c b/grub-core/osdep/unix/platform.c -index ca448bc11a0..55b8f401624 100644 ---- a/grub-core/osdep/unix/platform.c -+++ b/grub-core/osdep/unix/platform.c -@@ -85,7 +85,7 @@ grub_install_remove_efi_entries_by_distributor (const char *efi_distributor) - pid_t pid = grub_util_exec_pipe ((const char * []){ "efibootmgr", NULL }, &fd); - char *line = NULL; - size_t len = 0; -- int rc; -+ int rc = 0; - - if (!pid) - { diff --git a/SOURCES/0271-blscfg-add-a-space-char-when-appending-fields-for-va.patch b/SOURCES/0271-blscfg-add-a-space-char-when-appending-fields-for-va.patch deleted file mode 100644 index 80225c2..0000000 --- a/SOURCES/0271-blscfg-add-a-space-char-when-appending-fields-for-va.patch +++ /dev/null @@ -1,76 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Javier Martinez Canillas -Date: Tue, 26 Nov 2019 09:51:41 +0100 -Subject: [PATCH] blscfg: add a space char when appending fields for variable - expansion - -The GRUB variables are expanded and replaced by their values before adding -menu entries, but they didn't include space characters after the values so -the result was not correct. - -For the common case this wasn't a problem but it is if there are variables -that are part of the values of other variables. - -Resolves: rhbz#1669252 - -Signed-off-by: Javier Martinez Canillas ---- - grub-core/commands/blscfg.c | 31 ++++++++++++++++++------------- - 1 file changed, 18 insertions(+), 13 deletions(-) - -diff --git a/grub-core/commands/blscfg.c b/grub-core/commands/blscfg.c -index 11cc82b6f31..c92e1c84543 100644 ---- a/grub-core/commands/blscfg.c -+++ b/grub-core/commands/blscfg.c -@@ -597,26 +597,29 @@ static char **bls_make_list (struct bls_entry *entry, const char *key, int *num) - - static char *field_append(bool is_var, char *buffer, char *start, char *end) - { -- char *temp = grub_strndup(start, end - start + 1); -- const char *field = temp; -+ char *tmp = grub_strndup(start, end - start + 1); -+ const char *field = tmp; -+ int term = is_var ? 2 : 1; - - if (is_var) { -- field = grub_env_get (temp); -+ field = grub_env_get (tmp); - if (!field) - return buffer; - } - -- if (!buffer) { -- buffer = grub_strdup(field); -- if (!buffer) -- return NULL; -- } else { -- buffer = grub_realloc (buffer, grub_strlen(buffer) + grub_strlen(field)); -- if (!buffer) -- return NULL; -+ if (!buffer) -+ buffer = grub_zalloc (grub_strlen(field) + term); -+ else -+ buffer = grub_realloc (buffer, grub_strlen(buffer) + grub_strlen(field) + term); - -- grub_stpcpy (buffer + grub_strlen(buffer), field); -- } -+ if (!buffer) -+ return NULL; -+ -+ tmp = buffer + grub_strlen(buffer); -+ tmp = grub_stpcpy (tmp, field); -+ -+ if (is_var) -+ tmp = grub_stpcpy (tmp, " "); - - return buffer; - } -@@ -646,6 +649,8 @@ static char *expand_val(char *value) - buffer = field_append(is_var, buffer, start, end); - is_var = false; - start = value; -+ if (*start == ' ') -+ start++; - } - } - diff --git a/SOURCES/0271-efi-http-Export-fw-http-_path-variables-to-make-them.patch b/SOURCES/0271-efi-http-Export-fw-http-_path-variables-to-make-them.patch new file mode 100644 index 0000000..125ff1b --- /dev/null +++ b/SOURCES/0271-efi-http-Export-fw-http-_path-variables-to-make-them.patch @@ -0,0 +1,50 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Thu, 5 Mar 2020 16:21:47 +0100 +Subject: [PATCH] efi/http: Export {fw,http}_path variables to make them global + +The fw_path environment variable is used by http_configure() function to +determine the HTTP path that should be used as prefix when using relative +HTTP paths. And this is stored in the http_path environment variable. + +Later, that variable is looked up by grub_efihttp_open() to generate the +complete path to be used in the HTTP request. + +But these variables are not exported, which means that are not global and +so are only found in the initial context. + +This can cause commands like configfile that create a new context to fail +because the fw_path and http_path variables will not be found. + +Resolves: rhbz#1811561 + +Signed-off-by: Javier Martinez Canillas +--- + grub-core/kern/main.c | 1 + + grub-core/net/efi/http.c | 1 + + 2 files changed, 2 insertions(+) + +diff --git a/grub-core/kern/main.c b/grub-core/kern/main.c +index dcf48726d54..9bf6a8b231a 100644 +--- a/grub-core/kern/main.c ++++ b/grub-core/kern/main.c +@@ -142,6 +142,7 @@ grub_set_prefix_and_root (void) + if (fw_path) + { + grub_env_set ("fw_path", fw_path); ++ grub_env_export ("fw_path"); + grub_dprintf ("fw_path", "fw_path:\"%s\"\n", fw_path); + grub_free (fw_path); + } +diff --git a/grub-core/net/efi/http.c b/grub-core/net/efi/http.c +index de351b2cd03..755b7a6d054 100644 +--- a/grub-core/net/efi/http.c ++++ b/grub-core/net/efi/http.c +@@ -39,6 +39,7 @@ http_configure (struct grub_efi_net_device *dev, int prefer_ip6) + http_path++; + grub_env_unset ("http_path"); + grub_env_set ("http_path", http_path); ++ grub_env_export ("http_path"); + } + } + diff --git a/SOURCES/0272-efi-http-Enclose-literal-IPv6-addresses-in-square-br.patch b/SOURCES/0272-efi-http-Enclose-literal-IPv6-addresses-in-square-br.patch new file mode 100644 index 0000000..4756853 --- /dev/null +++ b/SOURCES/0272-efi-http-Enclose-literal-IPv6-addresses-in-square-br.patch @@ -0,0 +1,114 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Thu, 5 Mar 2020 16:21:58 +0100 +Subject: [PATCH] efi/http: Enclose literal IPv6 addresses in square brackets + +According to RFC 2732 (https://www.ietf.org/rfc/rfc2732.txt), literal IPv6 +addresses must be enclosed in square brackets. But GRUB currently does not +do this and is causing HTTP servers to send Bad Request (400) responses. + +For example, the following is the HTTP stream when fetching a config file: + +HEAD /EFI/BOOT/grub.cfg HTTP/1.1 +Host: 2000:dead:beef:a::1 +Accept: */* +User-Agent: UefiHttpBoot/1.0 + +HTTP/1.1 400 Bad Request +Date: Thu, 05 Mar 2020 14:46:02 GMT +Server: Apache/2.4.41 (Fedora) OpenSSL/1.1.1d +Connection: close +Content-Type: text/html; charset=iso-8859-1 + +and after enclosing the IPv6 address the HTTP request is successful: + +HEAD /EFI/BOOT/grub.cfg HTTP/1.1 +Host: [2000:dead:beef:a::1] +Accept: */* +User-Agent: UefiHttpBoot/1.0 + +HTTP/1.1 200 OK +Date: Thu, 05 Mar 2020 14:48:04 GMT +Server: Apache/2.4.41 (Fedora) OpenSSL/1.1.1d +Last-Modified: Thu, 27 Feb 2020 17:45:58 GMT +ETag: "206-59f924b24b1da" +Accept-Ranges: bytes +Content-Length: 518 + +Resolves: rhbz#1811560 + +Signed-off-by: Javier Martinez Canillas +--- + grub-core/net/efi/http.c | 37 ++++++++++++++++++++++++++++--------- + 1 file changed, 28 insertions(+), 9 deletions(-) + +diff --git a/grub-core/net/efi/http.c b/grub-core/net/efi/http.c +index 755b7a6d054..fc8cb25ae0a 100644 +--- a/grub-core/net/efi/http.c ++++ b/grub-core/net/efi/http.c +@@ -158,13 +158,7 @@ efihttp_request (grub_efi_http_t *http, char *server, char *name, int use_https, + grub_efi_status_t status; + grub_efi_boot_services_t *b = grub_efi_system_table->boot_services; + char *url = NULL; +- +- request_headers[0].field_name = (grub_efi_char8_t *)"Host"; +- request_headers[0].field_value = (grub_efi_char8_t *)server; +- request_headers[1].field_name = (grub_efi_char8_t *)"Accept"; +- request_headers[1].field_value = (grub_efi_char8_t *)"*/*"; +- request_headers[2].field_name = (grub_efi_char8_t *)"User-Agent"; +- request_headers[2].field_value = (grub_efi_char8_t *)"UefiHttpBoot/1.0"; ++ char *hostname = NULL; + + { + grub_efi_ipv6_address_t address; +@@ -174,9 +168,24 @@ efihttp_request (grub_efi_http_t *http, char *server, char *name, int use_https, + const char *protocol = (use_https == 1) ? "https" : "http"; + + if (grub_efi_string_to_ip6_address (server, &address, &rest) && *rest == 0) +- url = grub_xasprintf ("%s://[%s]%s", protocol, server, name); ++ { ++ hostname = grub_xasprintf ("[%s]", server); ++ if (!hostname) ++ return GRUB_ERR_OUT_OF_MEMORY; ++ ++ server = hostname; ++ ++ url = grub_xasprintf ("%s://%s%s", protocol, server, name); ++ if (!url) ++ { ++ grub_free (hostname); ++ return GRUB_ERR_OUT_OF_MEMORY; ++ } ++ } + else +- url = grub_xasprintf ("%s://%s%s", protocol, server, name); ++ { ++ url = grub_xasprintf ("%s://%s%s", protocol, server, name); ++ } + + if (!url) + { +@@ -199,6 +208,13 @@ efihttp_request (grub_efi_http_t *http, char *server, char *name, int use_https, + request_data.url = ucs2_url; + } + ++ request_headers[0].field_name = (grub_efi_char8_t *)"Host"; ++ request_headers[0].field_value = (grub_efi_char8_t *)server; ++ request_headers[1].field_name = (grub_efi_char8_t *)"Accept"; ++ request_headers[1].field_value = (grub_efi_char8_t *)"*/*"; ++ request_headers[2].field_name = (grub_efi_char8_t *)"User-Agent"; ++ request_headers[2].field_value = (grub_efi_char8_t *)"UefiHttpBoot/1.0"; ++ + request_data.method = (headeronly > 0) ? GRUB_EFI_HTTPMETHODHEAD : GRUB_EFI_HTTPMETHODGET; + + request_message.data.request = &request_data; +@@ -228,6 +244,9 @@ efihttp_request (grub_efi_http_t *http, char *server, char *name, int use_https, + + status = efi_call_2 (http->request, http, &request_token); + ++ if (hostname) ++ grub_free (hostname); ++ + if (status != GRUB_EFI_SUCCESS) + { + efi_call_1 (b->close_event, request_token.event); diff --git a/SOURCES/0272-envblk-Fix-buffer-overrun-when-attempting-to-shrink-.patch b/SOURCES/0272-envblk-Fix-buffer-overrun-when-attempting-to-shrink-.patch deleted file mode 100644 index 293500b..0000000 --- a/SOURCES/0272-envblk-Fix-buffer-overrun-when-attempting-to-shrink-.patch +++ /dev/null @@ -1,62 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Javier Martinez Canillas -Date: Tue, 12 May 2020 01:00:51 +0200 -Subject: [PATCH] envblk: Fix buffer overrun when attempting to shrink a - variable value -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -If an existing variable is set with a value whose length is smaller than -the current value, a memory corruption can happen due copying padding '#' -characters outside of the environment block buffer. - -This is caused by a wrong calculation of the previous free space position -after moving backward the characters that followed the old variable value. - -That position is calculated to fill the remaining of the buffer with the -padding '#' characters. But since isn't calculated correctly, it can lead -to copies outside of the buffer. - -The issue can be reproduced by creating a variable with a large value and -then try to set a new value that is much smaller: - -$ grub2-editenv --version -grub2-editenv (GRUB) 2.04 - -$ grub2-editenv env create - -$ grub2-editenv env set a="$(for i in {1..500}; do var="b$var"; done; echo $var)" - -$ wc -c env -1024 grubenv - -$ grub2-editenv env set a="$(for i in {1..50}; do var="b$var"; done; echo $var)" -malloc(): corrupted top size -Aborted (core dumped) - -$ wc -c env -0 grubenv - -Resolves: rhbz#1836196 - -Reported-by: Renaud Métrich -Signed-off-by: Javier Martinez Canillas -Patch-cc: Daniel Kiper ---- - grub-core/lib/envblk.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/grub-core/lib/envblk.c b/grub-core/lib/envblk.c -index 230e0e9d9ab..2e4e78b132d 100644 ---- a/grub-core/lib/envblk.c -+++ b/grub-core/lib/envblk.c -@@ -143,7 +143,7 @@ grub_envblk_set (grub_envblk_t envblk, const char *name, const char *value) - /* Move the following characters backward, and fill the new - space with harmless characters. */ - grub_memmove (p + vl, p + len, pend - (p + len)); -- grub_memset (space + len - vl, '#', len - vl); -+ grub_memset (space - (len - vl), '#', len - vl); - } - else - /* Move the following characters forward. */ diff --git a/SOURCES/0273-efi-net-Allow-to-specify-a-port-number-in-addresses.patch b/SOURCES/0273-efi-net-Allow-to-specify-a-port-number-in-addresses.patch new file mode 100644 index 0000000..7d5220f --- /dev/null +++ b/SOURCES/0273-efi-net-Allow-to-specify-a-port-number-in-addresses.patch @@ -0,0 +1,48 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Mon, 9 Mar 2020 15:29:45 +0100 +Subject: [PATCH] efi/net: Allow to specify a port number in addresses + +The grub_efi_net_parse_address() function is not covering the case where a +port number is specified in an IPv4 or IPv6 address, so will fail to parse +the network address. + +For most cases the issue is harmless, because the function is only used to +match an address with a network interface and if fails the default is used. + +But still is a bug that has to be fixed and it causes error messages to be +printed like the following: + +error: net/efi/net.c:782:unrecognised network address '192.168.122.1:8080' + +error: net/efi/net.c:781:unrecognised network address '[2000:dead:beef:a::1]:8080' + +Resolves: rhbz#1811560 + +Signed-off-by: Javier Martinez Canillas +--- + grub-core/net/efi/net.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/grub-core/net/efi/net.c b/grub-core/net/efi/net.c +index 4c70fc4da2a..c74854a82b7 100644 +--- a/grub-core/net/efi/net.c ++++ b/grub-core/net/efi/net.c +@@ -742,7 +742,7 @@ grub_efi_net_parse_address (const char *address, + return GRUB_ERR_NONE; + } + } +- else if (*rest == 0) ++ else if (*rest == 0 || *rest == ':') + { + grub_uint32_t subnet_mask = 0xffffffffU; + grub_memcpy (ip4->subnet_mask, &subnet_mask, sizeof (ip4->subnet_mask)); +@@ -768,7 +768,7 @@ grub_efi_net_parse_address (const char *address, + return GRUB_ERR_NONE; + } + } +- else if (*rest == 0) ++ else if (*rest == 0 || *rest == ':') + { + ip6->prefix_length = 128; + ip6->is_anycast = 0; diff --git a/SOURCES/0274-efi-ip4_config-Improve-check-to-detect-literal-IPv6-.patch b/SOURCES/0274-efi-ip4_config-Improve-check-to-detect-literal-IPv6-.patch new file mode 100644 index 0000000..31d30a8 --- /dev/null +++ b/SOURCES/0274-efi-ip4_config-Improve-check-to-detect-literal-IPv6-.patch @@ -0,0 +1,48 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Mon, 9 Mar 2020 15:30:05 +0100 +Subject: [PATCH] efi/ip4_config: Improve check to detect literal IPv6 + addresses + +The grub_efi_string_to_ip4_address() function wrongly assumes that an IPv6 +address is an IPv4 address, because it doesn't take into account the case +of a caller passing an IPv6 address as a string. + +This leads to the grub_efi_net_parse_address() function to fail and print +the following error message: + +error: net/efi/net.c:785:unrecognised network address '2000:dead:beef:a::1' + +Resolves: rhbz#1811560 + +Signed-off-by: Javier Martinez Canillas +--- + grub-core/net/efi/ip4_config.c | 13 ++++++++++++- + 1 file changed, 12 insertions(+), 1 deletion(-) + +diff --git a/grub-core/net/efi/ip4_config.c b/grub-core/net/efi/ip4_config.c +index 38e2a04747a..6117e60ab12 100644 +--- a/grub-core/net/efi/ip4_config.c ++++ b/grub-core/net/efi/ip4_config.c +@@ -56,9 +56,20 @@ int + grub_efi_string_to_ip4_address (const char *val, grub_efi_ipv4_address_t *address, const char **rest) + { + grub_uint32_t newip = 0; +- int i; ++ int i, ncolon = 0; + const char *ptr = val; + ++ /* Check that is not an IPv6 address */ ++ for (i = 0; i < grub_strlen(ptr); i++) ++ { ++ if (ptr[i] == '[' && i == 0) ++ return 0; ++ ++ if (ptr[i] == ':') ++ if (i == 0 || ++ncolon == 2) ++ return 0; ++ } ++ + for (i = 0; i < 4; i++) + { + unsigned long t; diff --git a/SOURCES/0275-efi-net-Print-a-debug-message-if-parsing-the-address.patch b/SOURCES/0275-efi-net-Print-a-debug-message-if-parsing-the-address.patch new file mode 100644 index 0000000..50a9af4 --- /dev/null +++ b/SOURCES/0275-efi-net-Print-a-debug-message-if-parsing-the-address.patch @@ -0,0 +1,68 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Tue, 10 Mar 2020 11:23:49 +0100 +Subject: [PATCH] efi/net: Print a debug message if parsing the address fails + +Currently if parsing the address fails an error message is printed. But in +most cases this isn't a fatal error since the grub_efi_net_parse_address() +function is only used to match an address with a network interface to use. + +And if this fails, the default interface is used which is good enough for +most cases. So instead of printing an error that would pollute the console +just print a debug message if the address is not parsed correctly. + +A user can enable debug messages for the efinet driver to have information +about the failure and the fact that the default interface is being used. + +Related: rhbz#1811560 + +Signed-off-by: Javier Martinez Canillas +--- + grub-core/net/efi/net.c | 18 +++++++++++------- + 1 file changed, 11 insertions(+), 7 deletions(-) + +diff --git a/grub-core/net/efi/net.c b/grub-core/net/efi/net.c +index c74854a82b7..3ae1fbbe3c8 100644 +--- a/grub-core/net/efi/net.c ++++ b/grub-core/net/efi/net.c +@@ -778,9 +778,9 @@ grub_efi_net_parse_address (const char *address, + } + } + +- return grub_error (GRUB_ERR_NET_BAD_ADDRESS, +- N_("unrecognised network address `%s'"), +- address); ++ grub_dprintf ("efinet", "unrecognised network address '%s'\n", address); ++ ++ return GRUB_ERR_NET_BAD_ADDRESS; + } + + static grub_efi_net_interface_t * +@@ -795,10 +795,7 @@ match_route (const char *server) + err = grub_efi_net_parse_address (server, &ip4, &ip6, &is_ip6, 0); + + if (err) +- { +- grub_print_error (); + return NULL; +- } + + if (is_ip6) + { +@@ -1233,8 +1230,15 @@ grub_net_open_real (const char *name __attribute__ ((unused))) + /*FIXME: Use DNS translate name to address */ + net_interface = match_route (server); + ++ if (!net_interface && net_default_interface) ++ { ++ net_interface = net_default_interface; ++ grub_dprintf ("efinet", "interface lookup failed, using default '%s'\n", ++ net_interface->name); ++ } ++ + /*XXX: should we check device with default gateway ? */ +- if (!net_interface && !(net_interface = net_default_interface)) ++ if (!net_interface) + { + grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("disk `%s' no route found"), + name); diff --git a/SOURCES/0276-efi-Set-image-base-address-before-jumping-to-the-PE-.patch b/SOURCES/0276-efi-Set-image-base-address-before-jumping-to-the-PE-.patch new file mode 100644 index 0000000..4c5a2e2 --- /dev/null +++ b/SOURCES/0276-efi-Set-image-base-address-before-jumping-to-the-PE-.patch @@ -0,0 +1,60 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Thu, 23 Apr 2020 15:06:46 +0200 +Subject: [PATCH] efi: Set image base address before jumping to the PE/COFF + entry point + +Upstream GRUB uses the EFI LoadImage() and StartImage() to boot the Linux +kernel. But our custom EFI loader that supports Secure Boot instead uses +the EFI handover protocol (for x86) or jumping directly to the PE/COFF +entry point (for aarch64). + +This is done to allow the bootloader to verify the images using the shim +lock protocol to avoid booting untrusted binaries. + +Since the bootloader loads the kernel from the boot media instead of using +LoadImage(), it is responsible to set the Loaded Image base address before +booting the kernel. + +Otherwise the kernel EFI stub will complain that it was not set correctly +and print the following warning message: + +EFI stub: ERROR: FIRMWARE BUG: efi_loaded_image_t::image_base has bogus value + +Resolves: rhbz#1819624 + +Signed-off-by: Javier Martinez Canillas +--- + grub-core/loader/efi/linux.c | 12 ++++++++++++ + 1 file changed, 12 insertions(+) + +diff --git a/grub-core/loader/efi/linux.c b/grub-core/loader/efi/linux.c +index b56ea0bc041..e09f824862b 100644 +--- a/grub-core/loader/efi/linux.c ++++ b/grub-core/loader/efi/linux.c +@@ -72,6 +72,7 @@ grub_err_t + grub_efi_linux_boot (void *kernel_addr, grub_off_t handover_offset, + void *kernel_params) + { ++ grub_efi_loaded_image_t *loaded_image = NULL; + handover_func hf; + int offset = 0; + +@@ -79,6 +80,17 @@ grub_efi_linux_boot (void *kernel_addr, grub_off_t handover_offset, + offset = 512; + #endif + ++ /* ++ * Since the EFI loader is not calling the LoadImage() and StartImage() ++ * services for loading the kernel and booting respectively, it has to ++ * set the Loaded Image base address. ++ */ ++ loaded_image = grub_efi_get_loaded_image (grub_efi_image_handle); ++ if (loaded_image) ++ loaded_image->image_base = kernel_addr; ++ else ++ grub_dprintf ("linux", "Loaded Image base address could not be set\n"); ++ + grub_dprintf ("linux", "kernel_addr: %p handover_offset: %p params: %p\n", + kernel_addr, (void *)(grub_efi_uintn_t)handover_offset, kernel_params); + hf = (handover_func)((char *)kernel_addr + handover_offset + offset); diff --git a/SOURCES/0277-envblk-Fix-buffer-overrun-when-attempting-to-shrink-.patch b/SOURCES/0277-envblk-Fix-buffer-overrun-when-attempting-to-shrink-.patch new file mode 100644 index 0000000..293500b --- /dev/null +++ b/SOURCES/0277-envblk-Fix-buffer-overrun-when-attempting-to-shrink-.patch @@ -0,0 +1,62 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Tue, 12 May 2020 01:00:51 +0200 +Subject: [PATCH] envblk: Fix buffer overrun when attempting to shrink a + variable value +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +If an existing variable is set with a value whose length is smaller than +the current value, a memory corruption can happen due copying padding '#' +characters outside of the environment block buffer. + +This is caused by a wrong calculation of the previous free space position +after moving backward the characters that followed the old variable value. + +That position is calculated to fill the remaining of the buffer with the +padding '#' characters. But since isn't calculated correctly, it can lead +to copies outside of the buffer. + +The issue can be reproduced by creating a variable with a large value and +then try to set a new value that is much smaller: + +$ grub2-editenv --version +grub2-editenv (GRUB) 2.04 + +$ grub2-editenv env create + +$ grub2-editenv env set a="$(for i in {1..500}; do var="b$var"; done; echo $var)" + +$ wc -c env +1024 grubenv + +$ grub2-editenv env set a="$(for i in {1..50}; do var="b$var"; done; echo $var)" +malloc(): corrupted top size +Aborted (core dumped) + +$ wc -c env +0 grubenv + +Resolves: rhbz#1836196 + +Reported-by: Renaud Métrich +Signed-off-by: Javier Martinez Canillas +Patch-cc: Daniel Kiper +--- + grub-core/lib/envblk.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/grub-core/lib/envblk.c b/grub-core/lib/envblk.c +index 230e0e9d9ab..2e4e78b132d 100644 +--- a/grub-core/lib/envblk.c ++++ b/grub-core/lib/envblk.c +@@ -143,7 +143,7 @@ grub_envblk_set (grub_envblk_t envblk, const char *name, const char *value) + /* Move the following characters backward, and fill the new + space with harmless characters. */ + grub_memmove (p + vl, p + len, pend - (p + len)); +- grub_memset (space + len - vl, '#', len - vl); ++ grub_memset (space - (len - vl), '#', len - vl); + } + else + /* Move the following characters forward. */ diff --git a/SOURCES/0278-Reimplement-boot_counter.patch b/SOURCES/0278-Reimplement-boot_counter.patch new file mode 100644 index 0000000..3be1786 --- /dev/null +++ b/SOURCES/0278-Reimplement-boot_counter.patch @@ -0,0 +1,196 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Thu, 4 Oct 2018 14:22:09 -0400 +Subject: [PATCH] Reimplement boot_counter + +This adds "increment" and "decrement" commands, and uses them to maintain our +variables in 01_fallback_counter. It also simplifies the counter logic, so +that there are no nested tests that conflict with each other. + +Apparently, this *really* wasn't tested well enough. + +Resolves: rhbz#1614637 +Signed-off-by: Peter Jones +[lorbus: add comments and revert logic changes in 01_fallback_counting] +Signed-off-by: Christian Glombek +--- + Makefile.util.def | 6 +++ + grub-core/Makefile.core.def | 5 ++ + grub-core/commands/increment.c | 105 ++++++++++++++++++++++++++++++++++++ + util/grub.d/01_fallback_counting.in | 22 ++++++++ + 4 files changed, 138 insertions(+) + create mode 100644 grub-core/commands/increment.c + create mode 100644 util/grub.d/01_fallback_counting.in + +diff --git a/Makefile.util.def b/Makefile.util.def +index 08cc98ddb8b..eca3dfa753f 100644 +--- a/Makefile.util.def ++++ b/Makefile.util.def +@@ -448,6 +448,12 @@ script = { + installdir = grubconf; + }; + ++script = { ++ name = '01_fallback_counting'; ++ common = util/grub.d/01_fallback_counting.in; ++ installdir = grubconf; ++}; ++ + script = { + name = '01_menu_auto_hide'; + common = util/grub.d/01_menu_auto_hide.in; +diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def +index 6864e780fd4..c8a50b4fcfa 100644 +--- a/grub-core/Makefile.core.def ++++ b/grub-core/Makefile.core.def +@@ -362,6 +362,11 @@ kernel = { + extra_dist = kern/mips/cache_flush.S; + }; + ++module = { ++ name = increment; ++ common = commands/increment.c; ++}; ++ + program = { + name = grub-emu; + mansection = 1; +diff --git a/grub-core/commands/increment.c b/grub-core/commands/increment.c +new file mode 100644 +index 00000000000..79cf137656c +--- /dev/null ++++ b/grub-core/commands/increment.c +@@ -0,0 +1,105 @@ ++/* increment.c - Commands to increment and decrement variables. */ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2006,2007,2008 Free Software Foundation, Inc. ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ */ ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++GRUB_MOD_LICENSE ("GPLv3+"); ++ ++typedef enum { ++ INCREMENT, ++ DECREMENT, ++} operation; ++ ++static grub_err_t ++incr_decr(operation op, int argc, char **args) ++{ ++ const char *old; ++ char *new; ++ long value; ++ ++ if (argc < 1) ++ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_ ("no variable specified")); ++ if (argc > 1) ++ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_ ("too many arguments")); ++ ++ old = grub_env_get (*args); ++ if (!old) ++ return grub_error (GRUB_ERR_FILE_NOT_FOUND, N_("No such variable \"%s\""), ++ *args); ++ ++ value = grub_strtol (old, NULL, 0); ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; ++ ++ switch (op) ++ { ++ case INCREMENT: ++ value += 1; ++ break; ++ case DECREMENT: ++ value -= 1; ++ break; ++ } ++ ++ new = grub_xasprintf ("%ld", value); ++ if (!new) ++ return grub_errno; ++ ++ grub_env_set (*args, new); ++ grub_free (new); ++ ++ return GRUB_ERR_NONE; ++} ++ ++static grub_err_t ++grub_cmd_incr(struct grub_command *cmd UNUSED, ++ int argc, char **args) ++{ ++ return incr_decr(INCREMENT, argc, args); ++} ++ ++static grub_err_t ++grub_cmd_decr(struct grub_command *cmd UNUSED, ++ int argc, char **args) ++{ ++ return incr_decr(DECREMENT, argc, args); ++} ++ ++static grub_command_t cmd_incr, cmd_decr; ++ ++GRUB_MOD_INIT(increment) ++{ ++ cmd_incr = grub_register_command ("increment", grub_cmd_incr, N_("VARIABLE"), ++ N_("increment VARIABLE")); ++ cmd_decr = grub_register_command ("decrement", grub_cmd_decr, N_("VARIABLE"), ++ N_("decrement VARIABLE")); ++} ++ ++GRUB_MOD_FINI(increment) ++{ ++ grub_unregister_command (cmd_incr); ++ grub_unregister_command (cmd_decr); ++} +diff --git a/util/grub.d/01_fallback_counting.in b/util/grub.d/01_fallback_counting.in +new file mode 100644 +index 00000000000..be0e770ea82 +--- /dev/null ++++ b/util/grub.d/01_fallback_counting.in +@@ -0,0 +1,22 @@ ++#! /bin/sh -e ++ ++# Boot Counting ++# The boot_counter env var can be used to count down boot attempts after an ++# OSTree upgrade and choose the rollback deployment when 0 is reached. Both ++# boot_counter and boot_success need to be (re-)set from userspace. ++cat << EOF ++insmod increment ++# Check if boot_counter exists and boot_success=0 to activate this behaviour. ++if [ -n "\${boot_counter}" -a "\${boot_success}" = "0" ]; then ++ # if countdown has ended, choose to boot rollback deployment (default=1 on ++ # OSTree-based systems) ++ if [ "\${boot_counter}" = "0" -o "\${boot_counter}" = "-1" ]; then ++ set default=1 ++ set boot_counter=-1 ++ # otherwise decrement boot_counter ++ else ++ decrement boot_counter ++ fi ++ save_env boot_counter ++fi ++EOF diff --git a/SOURCES/0279-grub.d-Split-out-boot-success-reset-from-menu-auto-h.patch b/SOURCES/0279-grub.d-Split-out-boot-success-reset-from-menu-auto-h.patch new file mode 100644 index 0000000..82df575 --- /dev/null +++ b/SOURCES/0279-grub.d-Split-out-boot-success-reset-from-menu-auto-h.patch @@ -0,0 +1,165 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Christian Glombek +Date: Tue, 2 Apr 2019 16:22:21 +0200 +Subject: [PATCH] grub.d: Split out boot success reset from menu auto hide + script + +Also rename fallback and menu auto hide script to be executed +before and after boot success reset script. +In menu auto hide script, rename last_boot_ok var to menu_hide_ok +--- + Makefile.util.def | 14 ++++++++---- + ...allback_counting.in => 08_fallback_counting.in} | 14 ++++++------ + util/grub.d/10_reset_boot_success.in | 25 ++++++++++++++++++++++ + .../{01_menu_auto_hide.in => 12_menu_auto_hide.in} | 23 +++++--------------- + 4 files changed, 48 insertions(+), 28 deletions(-) + rename util/grub.d/{01_fallback_counting.in => 08_fallback_counting.in} (65%) + create mode 100644 util/grub.d/10_reset_boot_success.in + rename util/grub.d/{01_menu_auto_hide.in => 12_menu_auto_hide.in} (58%) + +diff --git a/Makefile.util.def b/Makefile.util.def +index eca3dfa753f..5062a0e50fa 100644 +--- a/Makefile.util.def ++++ b/Makefile.util.def +@@ -449,14 +449,14 @@ script = { + }; + + script = { +- name = '01_fallback_counting'; +- common = util/grub.d/01_fallback_counting.in; ++ name = '08_fallback_counting'; ++ common = util/grub.d/08_fallback_counting.in; + installdir = grubconf; + }; + + script = { +- name = '01_menu_auto_hide'; +- common = util/grub.d/01_menu_auto_hide.in; ++ name = '12_menu_auto_hide'; ++ common = util/grub.d/12_menu_auto_hide.in; + installdir = grubconf; + }; + +@@ -515,6 +515,12 @@ script = { + condition = COND_HOST_LINUX; + }; + ++script = { ++ name = '10_reset_boot_success'; ++ common = util/grub.d/10_reset_boot_success.in; ++ installdir = grubconf; ++}; ++ + script = { + name = '10_xnu'; + common = util/grub.d/10_xnu.in; +diff --git a/util/grub.d/01_fallback_counting.in b/util/grub.d/08_fallback_counting.in +similarity index 65% +rename from util/grub.d/01_fallback_counting.in +rename to util/grub.d/08_fallback_counting.in +index be0e770ea82..2e2c3ff7d31 100644 +--- a/util/grub.d/01_fallback_counting.in ++++ b/util/grub.d/08_fallback_counting.in +@@ -1,15 +1,17 @@ + #! /bin/sh -e +- +-# Boot Counting ++# Fallback Countdown ++# ++# This snippet depends on 10_reset_boot_success and needs to be kept in sync. ++# + # The boot_counter env var can be used to count down boot attempts after an +-# OSTree upgrade and choose the rollback deployment when 0 is reached. Both +-# boot_counter and boot_success need to be (re-)set from userspace. ++# OSTree upgrade and choose the rollback deployment when 0 is reached. ++# Both boot_counter=X and boot_success=1 need to be set from userspace. + cat << EOF + insmod increment + # Check if boot_counter exists and boot_success=0 to activate this behaviour. + if [ -n "\${boot_counter}" -a "\${boot_success}" = "0" ]; then +- # if countdown has ended, choose to boot rollback deployment (default=1 on +- # OSTree-based systems) ++ # if countdown has ended, choose to boot rollback deployment, ++ # i.e. default=1 on OSTree-based systems. + if [ "\${boot_counter}" = "0" -o "\${boot_counter}" = "-1" ]; then + set default=1 + set boot_counter=-1 +diff --git a/util/grub.d/10_reset_boot_success.in b/util/grub.d/10_reset_boot_success.in +new file mode 100644 +index 00000000000..6c88d933dde +--- /dev/null ++++ b/util/grub.d/10_reset_boot_success.in +@@ -0,0 +1,25 @@ ++#! /bin/sh -e ++# Reset Boot Success ++# ++# The 08_fallback_counting and 12_menu_auto_hide snippets rely on this one ++# and need to be kept in sync. ++# ++# The boot_success var needs to be set to 1 from userspace to mark a boot successful. ++cat << EOF ++insmod increment ++# Hiding the menu is ok if last boot was ok or if this is a first boot attempt to boot the entry ++if [ "\${boot_success}" = "1" -o "\${boot_indeterminate}" = "1" ]; then ++ set menu_hide_ok=1 ++else ++ set menu_hide_ok=0 ++fi ++# Reset boot_indeterminate after a successful boot, increment otherwise ++if [ "\${boot_success}" = "1" ] ; then ++ set boot_indeterminate=0 ++else ++ increment boot_indeterminate ++fi ++# Reset boot_success for current boot ++set boot_success=0 ++save_env boot_success boot_indeterminate ++EOF +diff --git a/util/grub.d/01_menu_auto_hide.in b/util/grub.d/12_menu_auto_hide.in +similarity index 58% +rename from util/grub.d/01_menu_auto_hide.in +rename to util/grub.d/12_menu_auto_hide.in +index ad175870a54..6a7c0fa0d43 100644 +--- a/util/grub.d/01_menu_auto_hide.in ++++ b/util/grub.d/12_menu_auto_hide.in +@@ -1,5 +1,8 @@ + #! /bin/sh +- ++# Menu Auto Hide ++# ++# This snippet depends on 10_reset_boot_success and needs to be kept in sync. ++# + # Disable / skip generating menu-auto-hide config parts on serial terminals + for x in ${GRUB_TERMINAL_INPUT} ${GRUB_TERMINAL_OUTPUT}; do + case "$x" in +@@ -10,29 +13,13 @@ for x in ${GRUB_TERMINAL_INPUT} ${GRUB_TERMINAL_OUTPUT}; do + done + + cat << EOF +-if [ "\${boot_success}" = "1" -o "\${boot_indeterminate}" = "1" ]; then +- set last_boot_ok=1 +-else +- set last_boot_ok=0 +-fi +- +-# Reset boot_indeterminate after a successful boot +-if [ "\${boot_success}" = "1" ] ; then +- set boot_indeterminate=0 +-# Avoid boot_indeterminate causing the menu to be hidden more then once +-elif [ "\${boot_indeterminate}" = "1" ]; then +- set boot_indeterminate=2 +-fi +-set boot_success=0 +-save_env boot_success boot_indeterminate +- + if [ x\$feature_timeout_style = xy ] ; then + if [ "\${menu_show_once}" ]; then + unset menu_show_once + save_env menu_show_once + set timeout_style=menu + set timeout=60 +- elif [ "\${menu_auto_hide}" -a "\${last_boot_ok}" = "1" ]; then ++ elif [ "\${menu_auto_hide}" -a "\${menu_hide_ok}" = "1" ]; then + set orig_timeout_style=\${timeout_style} + set orig_timeout=\${timeout} + if [ "\${fastboot}" = "1" ]; then diff --git a/SOURCES/0280-grub.d-Fix-boot_indeterminate-getting-set-on-boot_su.patch b/SOURCES/0280-grub.d-Fix-boot_indeterminate-getting-set-on-boot_su.patch new file mode 100644 index 0000000..54b73e6 --- /dev/null +++ b/SOURCES/0280-grub.d-Fix-boot_indeterminate-getting-set-on-boot_su.patch @@ -0,0 +1,75 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Hans de Goede +Date: Tue, 26 Nov 2019 09:51:41 +0100 +Subject: [PATCH] grub.d: Fix boot_indeterminate getting set on boot_success=0 + boot + +The "grub.d: Split out boot success reset from menu auto hide script" +not only moved the code to clear boot_success and boot_indeterminate +but for some reason also mixed in some broken changes to the +boot_indeterminate handling. + +The boot_indeterminate var is meant to suppress the boot menu after +a reboot from either a selinux-relabel or offline-updates. These +2 special boot scenarios do not set boot_success since there is no +successfull interaction with the user. Instead they increment +boot_indeterminate, and if it is 1 and only when it is 1, so the +first reboot after a "special" boot we suppress the menu. + +To ensure that we do show the menu if we somehow get stuck in a +"special" boot loop where we do special-boots without them +incrementing boot_indeterminate, the code before the +"grub.d: Split out boot success reset from menu auto hide script" +commit would increment boot_indeterminate once when it is 1, so that +even if the "special" boot reboot-loop immediately we would show the +menu on the next boot. + +That commit broke this however, because it not only moves the code, +it also changes it from only "incrementing" boot_indeterminate once to +always incrementing it, except when boot_success == 1 (and we reset it). + +This broken behavior causes the following problem: + +1. Boot a broken kernel, system hangs, power-cycle +2. boot_success now != 1, so we increment boot_indeterminate from 0 + (unset!) to 1. User either simply tries again, or makes some changes + but the end-result still is a system hang, power-cycle +3. Now boot_indeterminate==1 so we do not show the menu even though the + previous boot failed -> BAD + +This commit fixes this by restoring the behavior of setting +boot_indeterminate to 2 when it was 1 before. + +Fixes: "grub.d: Split out boot success reset from menu auto hide script" +Signed-off-by: Hans de Goede +--- + util/grub.d/10_reset_boot_success.in | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/util/grub.d/10_reset_boot_success.in b/util/grub.d/10_reset_boot_success.in +index 6c88d933dde..737e1ae5b68 100644 +--- a/util/grub.d/10_reset_boot_success.in ++++ b/util/grub.d/10_reset_boot_success.in +@@ -6,18 +6,18 @@ + # + # The boot_success var needs to be set to 1 from userspace to mark a boot successful. + cat << EOF +-insmod increment + # Hiding the menu is ok if last boot was ok or if this is a first boot attempt to boot the entry + if [ "\${boot_success}" = "1" -o "\${boot_indeterminate}" = "1" ]; then + set menu_hide_ok=1 + else + set menu_hide_ok=0 + fi +-# Reset boot_indeterminate after a successful boot, increment otherwise ++# Reset boot_indeterminate after a successful boot + if [ "\${boot_success}" = "1" ] ; then + set boot_indeterminate=0 +-else +- increment boot_indeterminate ++# Avoid boot_indeterminate causing the menu to be hidden more then once ++elif [ "\${boot_indeterminate}" = "1" ]; then ++ set boot_indeterminate=2 + fi + # Reset boot_success for current boot + set boot_success=0 diff --git a/SOURCES/0281-yylex-Make-lexer-fatal-errors-actually-be-fatal.patch b/SOURCES/0281-yylex-Make-lexer-fatal-errors-actually-be-fatal.patch new file mode 100644 index 0000000..586f55c --- /dev/null +++ b/SOURCES/0281-yylex-Make-lexer-fatal-errors-actually-be-fatal.patch @@ -0,0 +1,70 @@ +From 0bde74dcdf9de128317a28796e2690f92214db0d Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Wed, 15 Apr 2020 15:45:02 -0400 +Subject: [PATCH 281/314] yylex: Make lexer fatal errors actually be fatal + +When presented with a command that can't be tokenized to anything +smaller than YYLMAX characters, the parser calls YY_FATAL_ERROR(errmsg), +expecting that will stop further processing, as such: + + #define YY_DO_BEFORE_ACTION \ + yyg->yytext_ptr = yy_bp; \ + yyleng = (int) (yy_cp - yy_bp); \ + yyg->yy_hold_char = *yy_cp; \ + *yy_cp = '\0'; \ + if ( yyleng >= YYLMAX ) \ + YY_FATAL_ERROR( "token too large, exceeds YYLMAX" ); \ + yy_flex_strncpy( yytext, yyg->yytext_ptr, yyleng + 1 , yyscanner); \ + yyg->yy_c_buf_p = yy_cp; + +The code flex generates expects that YY_FATAL_ERROR() will either return +for it or do some form of longjmp(), or handle the error in some way at +least, and so the strncpy() call isn't in an "else" clause, and thus if +YY_FATAL_ERROR() is *not* actually fatal, it does the call with the +questionable limit, and predictable results ensue. + +Unfortunately, our implementation of YY_FATAL_ERROR() is: + + #define YY_FATAL_ERROR(msg) \ + do { \ + grub_printf (_("fatal error: %s\n"), _(msg)); \ + } while (0) + +The same pattern exists in yyless(), and similar problems exist in users +of YY_INPUT(), several places in the main parsing loop, +yy_get_next_buffer(), yy_load_buffer_state(), yyensure_buffer_stack, +yy_scan_buffer(), etc. + +All of these callers expect YY_FATAL_ERROR() to actually be fatal, and +the things they do if it returns after calling it are wildly unsafe. + +Fixes: CVE-2020-10713 + +Signed-off-by: Peter Jones +Reviewed-by: Daniel Kiper +Upstream-commit-id: 926df817dc8 +--- + grub-core/script/yylex.l | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/grub-core/script/yylex.l b/grub-core/script/yylex.l +index 7b44c37b76f..b7203c82309 100644 +--- a/grub-core/script/yylex.l ++++ b/grub-core/script/yylex.l +@@ -37,11 +37,11 @@ + + /* + * As we don't have access to yyscanner, we cannot do much except to +- * print the fatal error. ++ * print the fatal error and exit. + */ + #define YY_FATAL_ERROR(msg) \ + do { \ +- grub_printf (_("fatal error: %s\n"), _(msg)); \ ++ grub_fatal (_("fatal error: %s\n"), _(msg));\ + } while (0) + + #define COPY(str, hint) \ +-- +2.26.2 + diff --git a/SOURCES/0282-safemath-Add-some-arithmetic-primitives-that-check-f.patch b/SOURCES/0282-safemath-Add-some-arithmetic-primitives-that-check-f.patch new file mode 100644 index 0000000..24490bd --- /dev/null +++ b/SOURCES/0282-safemath-Add-some-arithmetic-primitives-that-check-f.patch @@ -0,0 +1,127 @@ +From 42b76ec749c30cb11cad7c070d0b03a7d4f1f7d6 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Mon, 15 Jun 2020 10:58:42 -0400 +Subject: [PATCH 282/314] safemath: Add some arithmetic primitives that check + for overflow + +This adds a new header, include/grub/safemath.h, that includes easy to +use wrappers for __builtin_{add,sub,mul}_overflow() declared like: + + bool OP(a, b, res) + +where OP is grub_add, grub_sub or grub_mul. OP() returns true in the +case where the operation would overflow and res is not modified. +Otherwise, false is returned and the operation is executed. + +These arithmetic primitives require newer compiler versions. So, bump +these requirements in the INSTALL file too. + +Signed-off-by: Peter Jones +Reviewed-by: Daniel Kiper +Upstream-commit-id: de1c315841a +--- + include/grub/compiler.h | 8 ++++++++ + include/grub/safemath.h | 37 +++++++++++++++++++++++++++++++++++++ + INSTALL | 22 ++-------------------- + 3 files changed, 47 insertions(+), 20 deletions(-) + create mode 100644 include/grub/safemath.h + +diff --git a/include/grub/compiler.h b/include/grub/compiler.h +index 9859ff4cc79..ebafec68957 100644 +--- a/include/grub/compiler.h ++++ b/include/grub/compiler.h +@@ -48,6 +48,14 @@ + # define WARN_UNUSED_RESULT + #endif + ++#if defined(__clang__) && defined(__clang_major__) && defined(__clang_minor__) ++# define CLANG_PREREQ(maj,min) \ ++ ((__clang_major__ > (maj)) || \ ++ (__clang_major__ == (maj) && __clang_minor__ >= (min))) ++#else ++# define CLANG_PREREQ(maj,min) 0 ++#endif ++ + #define UNUSED __attribute__((__unused__)) + + #endif /* ! GRUB_COMPILER_HEADER */ +diff --git a/include/grub/safemath.h b/include/grub/safemath.h +new file mode 100644 +index 00000000000..c17b89bba17 +--- /dev/null ++++ b/include/grub/safemath.h +@@ -0,0 +1,37 @@ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2020 Free Software Foundation, Inc. ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ * ++ * Arithmetic operations that protect against overflow. ++ */ ++ ++#ifndef GRUB_SAFEMATH_H ++#define GRUB_SAFEMATH_H 1 ++ ++#include ++ ++/* These appear in gcc 5.1 and clang 3.8. */ ++#if GNUC_PREREQ(5, 1) || CLANG_PREREQ(3, 8) ++ ++#define grub_add(a, b, res) __builtin_add_overflow(a, b, res) ++#define grub_sub(a, b, res) __builtin_sub_overflow(a, b, res) ++#define grub_mul(a, b, res) __builtin_mul_overflow(a, b, res) ++ ++#else ++#error gcc 5.1 or newer or clang 3.8 or newer is required ++#endif ++ ++#endif /* GRUB_SAFEMATH_H */ +diff --git a/INSTALL b/INSTALL +index f3c20edc844..f8bd9116480 100644 +--- a/INSTALL ++++ b/INSTALL +@@ -11,27 +11,9 @@ GRUB depends on some software packages installed into your system. If + you don't have any of them, please obtain and install them before + configuring the GRUB. + +-* GCC 4.1.3 or later +- Note: older versions may work but support is limited +- +- Experimental support for clang 3.3 or later (results in much bigger binaries) ++* GCC 5.1.0 or later ++ Experimental support for clang 3.8.0 or later (results in much bigger binaries) + for i386, x86_64, arm (including thumb), arm64, mips(el), powerpc, sparc64 +- Note: clang 3.2 or later works for i386 and x86_64 targets but results in +- much bigger binaries. +- earlier versions not tested +- Note: clang 3.2 or later works for arm +- earlier versions not tested +- Note: clang on arm64 is not supported due to +- https://llvm.org/bugs/show_bug.cgi?id=26030 +- Note: clang 3.3 or later works for mips(el) +- earlier versions fail to generate .reginfo and hence gprel relocations +- fail. +- Note: clang 3.2 or later works for powerpc +- earlier versions not tested +- Note: clang 3.5 or later works for sparc64 +- earlier versions return "error: unable to interface with target machine" +- Note: clang has no support for ia64 and hence you can't compile GRUB +- for ia64 with clang + * GNU Make + * GNU Bison 2.3 or later + * GNU gettext 0.17 or later +-- +2.26.2 + diff --git a/SOURCES/0283-calloc-Make-sure-we-always-have-an-overflow-checking.patch b/SOURCES/0283-calloc-Make-sure-we-always-have-an-overflow-checking.patch new file mode 100644 index 0000000..2950557 --- /dev/null +++ b/SOURCES/0283-calloc-Make-sure-we-always-have-an-overflow-checking.patch @@ -0,0 +1,243 @@ +From 832189364ee0c85a94f670952c951252e54d3d1c Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Mon, 15 Jun 2020 12:15:29 -0400 +Subject: [PATCH 283/314] calloc: Make sure we always have an overflow-checking + calloc() available + +This tries to make sure that everywhere in this source tree, we always have +an appropriate version of calloc() (i.e. grub_calloc(), xcalloc(), etc.) +available, and that they all safely check for overflow and return NULL when +it would occur. + +Signed-off-by: Peter Jones +Reviewed-by: Daniel Kiper +Upstream-commit-id: 79e51ab7a9a +--- + grub-core/kern/emu/misc.c | 12 +++++++++ + grub-core/kern/emu/mm.c | 10 ++++++++ + grub-core/kern/mm.c | 40 ++++++++++++++++++++++++++++++ + grub-core/lib/libgcrypt_wrap/mem.c | 11 ++++++-- + grub-core/lib/posix_wrap/stdlib.h | 8 +++++- + include/grub/emu/misc.h | 1 + + include/grub/mm.h | 6 +++++ + 7 files changed, 85 insertions(+), 3 deletions(-) + +diff --git a/grub-core/kern/emu/misc.c b/grub-core/kern/emu/misc.c +index 3d3a4a4a975..b4072767391 100644 +--- a/grub-core/kern/emu/misc.c ++++ b/grub-core/kern/emu/misc.c +@@ -84,6 +84,18 @@ grub_util_error (const char *fmt, ...) + grub_exit (1); + } + ++void * ++xcalloc (grub_size_t nmemb, grub_size_t size) ++{ ++ void *p; ++ ++ p = calloc (nmemb, size); ++ if (!p) ++ grub_util_error ("%s", _("out of memory")); ++ ++ return p; ++} ++ + void * + xmalloc (grub_size_t size) + { +diff --git a/grub-core/kern/emu/mm.c b/grub-core/kern/emu/mm.c +index f262e95e388..145b01d3719 100644 +--- a/grub-core/kern/emu/mm.c ++++ b/grub-core/kern/emu/mm.c +@@ -25,6 +25,16 @@ + #include + #include + ++void * ++grub_calloc (grub_size_t nmemb, grub_size_t size) ++{ ++ void *ret; ++ ret = calloc (nmemb, size); ++ if (!ret) ++ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory")); ++ return ret; ++} ++ + void * + grub_malloc (grub_size_t size) + { +diff --git a/grub-core/kern/mm.c b/grub-core/kern/mm.c +index 002cbfa4f3d..80d0720d005 100644 +--- a/grub-core/kern/mm.c ++++ b/grub-core/kern/mm.c +@@ -67,8 +67,10 @@ + #include + #include + #include ++#include + + #ifdef MM_DEBUG ++# undef grub_calloc + # undef grub_malloc + # undef grub_zalloc + # undef grub_realloc +@@ -375,6 +377,30 @@ grub_memalign (grub_size_t align, grub_size_t size) + return 0; + } + ++/* ++ * Allocate NMEMB instances of SIZE bytes and return the pointer, or error on ++ * integer overflow. ++ */ ++void * ++grub_calloc (grub_size_t nmemb, grub_size_t size) ++{ ++ void *ret; ++ grub_size_t sz = 0; ++ ++ if (grub_mul (nmemb, size, &sz)) ++ { ++ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); ++ return NULL; ++ } ++ ++ ret = grub_memalign (0, sz); ++ if (!ret) ++ return NULL; ++ ++ grub_memset (ret, 0, sz); ++ return ret; ++} ++ + /* Allocate SIZE bytes and return the pointer. */ + void * + grub_malloc (grub_size_t size) +@@ -561,6 +587,20 @@ grub_mm_dump (unsigned lineno) + grub_printf ("\n"); + } + ++void * ++grub_debug_calloc (const char *file, int line, grub_size_t nmemb, grub_size_t size) ++{ ++ void *ptr; ++ ++ if (grub_mm_debug) ++ grub_printf ("%s:%d: calloc (0x%" PRIxGRUB_SIZE ", 0x%" PRIxGRUB_SIZE ") = ", ++ file, line, size); ++ ptr = grub_calloc (nmemb, size); ++ if (grub_mm_debug) ++ grub_printf ("%p\n", ptr); ++ return ptr; ++} ++ + void * + grub_debug_malloc (const char *file, int line, grub_size_t size) + { +diff --git a/grub-core/lib/libgcrypt_wrap/mem.c b/grub-core/lib/libgcrypt_wrap/mem.c +index beeb661a3c8..74c6eafe525 100644 +--- a/grub-core/lib/libgcrypt_wrap/mem.c ++++ b/grub-core/lib/libgcrypt_wrap/mem.c +@@ -4,6 +4,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -36,7 +37,10 @@ void * + gcry_xcalloc (size_t n, size_t m) + { + void *ret; +- ret = grub_zalloc (n * m); ++ size_t sz; ++ if (grub_mul (n, m, &sz)) ++ grub_fatal ("gcry_xcalloc would overflow"); ++ ret = grub_zalloc (sz); + if (!ret) + grub_fatal ("gcry_xcalloc failed"); + return ret; +@@ -56,7 +60,10 @@ void * + gcry_xcalloc_secure (size_t n, size_t m) + { + void *ret; +- ret = grub_zalloc (n * m); ++ size_t sz; ++ if (grub_mul (n, m, &sz)) ++ grub_fatal ("gcry_xcalloc would overflow"); ++ ret = grub_zalloc (sz); + if (!ret) + grub_fatal ("gcry_xcalloc failed"); + return ret; +diff --git a/grub-core/lib/posix_wrap/stdlib.h b/grub-core/lib/posix_wrap/stdlib.h +index 3b46f47ff50..7a8d385e973 100644 +--- a/grub-core/lib/posix_wrap/stdlib.h ++++ b/grub-core/lib/posix_wrap/stdlib.h +@@ -21,6 +21,7 @@ + + #include + #include ++#include + + static inline void + free (void *ptr) +@@ -37,7 +38,12 @@ malloc (grub_size_t size) + static inline void * + calloc (grub_size_t size, grub_size_t nelem) + { +- return grub_zalloc (size * nelem); ++ grub_size_t sz; ++ ++ if (grub_mul (size, nelem, &sz)) ++ return NULL; ++ ++ return grub_zalloc (sz); + } + + static inline void * +diff --git a/include/grub/emu/misc.h b/include/grub/emu/misc.h +index a653132e36a..09e1f1065f6 100644 +--- a/include/grub/emu/misc.h ++++ b/include/grub/emu/misc.h +@@ -51,6 +51,7 @@ grub_util_device_is_mapped (const char *dev); + #define GRUB_HOST_PRIxLONG_LONG "llx" + #endif + ++void * EXPORT_FUNC(xcalloc) (grub_size_t nmemb, grub_size_t size) WARN_UNUSED_RESULT; + void * EXPORT_FUNC(xmalloc) (grub_size_t size) WARN_UNUSED_RESULT; + void * EXPORT_FUNC(xrealloc) (void *ptr, grub_size_t size) WARN_UNUSED_RESULT; + char * EXPORT_FUNC(xstrdup) (const char *str) WARN_UNUSED_RESULT; +diff --git a/include/grub/mm.h b/include/grub/mm.h +index 28e2e53eb32..9c38dd3ca5d 100644 +--- a/include/grub/mm.h ++++ b/include/grub/mm.h +@@ -29,6 +29,7 @@ + #endif + + void grub_mm_init_region (void *addr, grub_size_t size); ++void *EXPORT_FUNC(grub_calloc) (grub_size_t nmemb, grub_size_t size); + void *EXPORT_FUNC(grub_malloc) (grub_size_t size); + void *EXPORT_FUNC(grub_zalloc) (grub_size_t size); + void EXPORT_FUNC(grub_free) (void *ptr); +@@ -48,6 +49,9 @@ extern int EXPORT_VAR(grub_mm_debug); + void grub_mm_dump_free (void); + void grub_mm_dump (unsigned lineno); + ++#define grub_calloc(nmemb, size) \ ++ grub_debug_calloc (GRUB_FILE, __LINE__, nmemb, size) ++ + #define grub_malloc(size) \ + grub_debug_malloc (GRUB_FILE, __LINE__, size) + +@@ -63,6 +67,8 @@ void grub_mm_dump (unsigned lineno); + #define grub_free(ptr) \ + grub_debug_free (GRUB_FILE, __LINE__, ptr) + ++void *EXPORT_FUNC(grub_debug_calloc) (const char *file, int line, ++ grub_size_t nmemb, grub_size_t size); + void *EXPORT_FUNC(grub_debug_malloc) (const char *file, int line, + grub_size_t size); + void *EXPORT_FUNC(grub_debug_zalloc) (const char *file, int line, +-- +2.26.2 + diff --git a/SOURCES/0284-calloc-Use-calloc-at-most-places.patch b/SOURCES/0284-calloc-Use-calloc-at-most-places.patch new file mode 100644 index 0000000..00f1f34 --- /dev/null +++ b/SOURCES/0284-calloc-Use-calloc-at-most-places.patch @@ -0,0 +1,1945 @@ +From 778ddaeac8a8a821f6844ec8b8c404d0e437991f Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Mon, 15 Jun 2020 12:26:01 -0400 +Subject: [PATCH 284/314] calloc: Use calloc() at most places + +This modifies most of the places we do some form of: + + X = malloc(Y * Z); + +to use calloc(Y, Z) instead. + +Among other issues, this fixes: + - allocation of integer overflow in grub_png_decode_image_header() + reported by Chris Coulson, + - allocation of integer overflow in luks_recover_key() + reported by Chris Coulson, + - allocation of integer overflow in grub_lvm_detect() + reported by Chris Coulson. + +Fixes: CVE-2020-14308 + +Signed-off-by: Peter Jones +Reviewed-by: Daniel Kiper +Upstream-commit-id: 48eeedf1e4b +--- + grub-core/bus/usb/usbhub.c | 8 ++-- + grub-core/commands/efi/lsefisystab.c | 3 +- + grub-core/commands/legacycfg.c | 6 +-- + grub-core/commands/menuentry.c | 2 +- + grub-core/commands/nativedisk.c | 2 +- + grub-core/commands/parttool.c | 12 ++++-- + grub-core/commands/regexp.c | 2 +- + grub-core/commands/search_wrap.c | 2 +- + grub-core/disk/diskfilter.c | 4 +- + grub-core/disk/ieee1275/ofdisk.c | 2 +- + grub-core/disk/ldm.c | 14 +++---- + grub-core/disk/luks.c | 2 +- + grub-core/disk/lvm.c | 8 ++-- + grub-core/disk/xen/xendisk.c | 2 +- + grub-core/efiemu/loadcore.c | 2 +- + grub-core/efiemu/mm.c | 6 +-- + grub-core/font/font.c | 3 +- + grub-core/fs/affs.c | 6 +-- + grub-core/fs/btrfs.c | 4 +- + grub-core/fs/hfs.c | 2 +- + grub-core/fs/hfsplus.c | 45 +++++++++++++++-------- + grub-core/fs/iso9660.c | 2 +- + grub-core/fs/ntfs.c | 4 +- + grub-core/fs/sfs.c | 2 +- + grub-core/fs/tar.c | 2 +- + grub-core/fs/udf.c | 4 +- + grub-core/fs/zfs/zfs.c | 4 +- + grub-core/gfxmenu/gui_string_util.c | 2 +- + grub-core/gfxmenu/widget-box.c | 4 +- + grub-core/io/gzio.c | 2 +- + grub-core/kern/efi/efi.c | 33 ++++++++++++++--- + grub-core/kern/emu/hostdisk.c | 2 +- + grub-core/kern/fs.c | 2 +- + grub-core/kern/misc.c | 2 +- + grub-core/kern/parser.c | 2 +- + grub-core/kern/uboot/uboot.c | 2 +- + grub-core/lib/libgcrypt/cipher/ac.c | 8 ++-- + grub-core/lib/libgcrypt/cipher/primegen.c | 4 +- + grub-core/lib/libgcrypt/cipher/pubkey.c | 4 +- + grub-core/lib/priority_queue.c | 2 +- + grub-core/lib/reed_solomon.c | 7 ++-- + grub-core/lib/relocator.c | 10 ++--- + grub-core/loader/arm/linux.c | 2 +- + grub-core/loader/efi/chainloader.c | 11 ++++-- + grub-core/loader/i386/bsdXX.c | 2 +- + grub-core/loader/i386/xnu.c | 4 +- + grub-core/loader/macho.c | 2 +- + grub-core/loader/multiboot_elfxx.c | 2 +- + grub-core/loader/xnu.c | 2 +- + grub-core/mmap/mmap.c | 4 +- + grub-core/net/bootp.c | 2 +- + grub-core/net/dns.c | 10 ++--- + grub-core/net/net.c | 4 +- + grub-core/normal/charset.c | 10 ++--- + grub-core/normal/cmdline.c | 14 +++---- + grub-core/normal/menu_entry.c | 14 +++---- + grub-core/normal/menu_text.c | 4 +- + grub-core/normal/term.c | 4 +- + grub-core/osdep/linux/getroot.c | 6 +-- + grub-core/osdep/unix/config.c | 2 +- + grub-core/osdep/windows/getroot.c | 2 +- + grub-core/osdep/windows/hostdisk.c | 4 +- + grub-core/osdep/windows/init.c | 2 +- + grub-core/osdep/windows/platform.c | 4 +- + grub-core/osdep/windows/relpath.c | 2 +- + grub-core/partmap/gpt.c | 2 +- + grub-core/partmap/msdos.c | 2 +- + grub-core/script/execute.c | 2 +- + grub-core/tests/fake_input.c | 2 +- + grub-core/tests/video_checksum.c | 6 +-- + grub-core/video/capture.c | 2 +- + grub-core/video/emu/sdl.c | 2 +- + grub-core/video/i386/pc/vga.c | 2 +- + grub-core/video/readers/png.c | 2 +- + util/getroot.c | 2 +- + util/grub-file.c | 2 +- + util/grub-fstest.c | 4 +- + util/grub-install-common.c | 2 +- + util/grub-install.c | 4 +- + util/grub-mkimagexx.c | 6 +-- + util/grub-mkrescue.c | 4 +- + util/grub-mkstandalone.c | 2 +- + util/grub-pe2elf.c | 12 +++--- + util/grub-probe.c | 4 +- + include/grub/unicode.h | 4 +- + 85 files changed, 231 insertions(+), 191 deletions(-) + +diff --git a/grub-core/bus/usb/usbhub.c b/grub-core/bus/usb/usbhub.c +index 34a7ff1b5f8..a06cce302d2 100644 +--- a/grub-core/bus/usb/usbhub.c ++++ b/grub-core/bus/usb/usbhub.c +@@ -149,8 +149,8 @@ grub_usb_add_hub (grub_usb_device_t dev) + grub_usb_set_configuration (dev, 1); + + dev->nports = hubdesc.portcnt; +- dev->children = grub_zalloc (hubdesc.portcnt * sizeof (dev->children[0])); +- dev->ports = grub_zalloc (dev->nports * sizeof (dev->ports[0])); ++ dev->children = grub_calloc (hubdesc.portcnt, sizeof (dev->children[0])); ++ dev->ports = grub_calloc (dev->nports, sizeof (dev->ports[0])); + if (!dev->children || !dev->ports) + { + grub_free (dev->children); +@@ -268,8 +268,8 @@ grub_usb_controller_dev_register_iter (grub_usb_controller_t controller, void *d + + /* Query the number of ports the root Hub has. */ + hub->nports = controller->dev->hubports (controller); +- hub->devices = grub_zalloc (sizeof (hub->devices[0]) * hub->nports); +- hub->ports = grub_zalloc (sizeof (hub->ports[0]) * hub->nports); ++ hub->devices = grub_calloc (hub->nports, sizeof (hub->devices[0])); ++ hub->ports = grub_calloc (hub->nports, sizeof (hub->ports[0])); + if (!hub->devices || !hub->ports) + { + grub_free (hub->devices); +diff --git a/grub-core/commands/efi/lsefisystab.c b/grub-core/commands/efi/lsefisystab.c +index df103022188..cd81507f5d4 100644 +--- a/grub-core/commands/efi/lsefisystab.c ++++ b/grub-core/commands/efi/lsefisystab.c +@@ -71,7 +71,8 @@ grub_cmd_lsefisystab (struct grub_command *cmd __attribute__ ((unused)), + grub_printf ("Vendor: "); + + for (vendor_utf16 = st->firmware_vendor; *vendor_utf16; vendor_utf16++); +- vendor = grub_malloc (4 * (vendor_utf16 - st->firmware_vendor) + 1); ++ /* Allocate extra 3 bytes to simplify math. */ ++ vendor = grub_calloc (4, vendor_utf16 - st->firmware_vendor + 1); + if (!vendor) + return grub_errno; + *grub_utf16_to_utf8 ((grub_uint8_t *) vendor, st->firmware_vendor, +diff --git a/grub-core/commands/legacycfg.c b/grub-core/commands/legacycfg.c +index f9d7627bdc3..da66a8927c4 100644 +--- a/grub-core/commands/legacycfg.c ++++ b/grub-core/commands/legacycfg.c +@@ -314,7 +314,7 @@ grub_cmd_legacy_kernel (struct grub_command *mycmd __attribute__ ((unused)), + if (argc < 2) + return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected")); + +- cutargs = grub_malloc (sizeof (cutargs[0]) * (argc - 1)); ++ cutargs = grub_calloc (argc - 1, sizeof (cutargs[0])); + if (!cutargs) + return grub_errno; + cutargc = argc - 1; +@@ -436,7 +436,7 @@ grub_cmd_legacy_kernel (struct grub_command *mycmd __attribute__ ((unused)), + { + char rbuf[3] = "-r"; + bsdargc = cutargc + 2; +- bsdargs = grub_malloc (sizeof (bsdargs[0]) * bsdargc); ++ bsdargs = grub_calloc (bsdargc, sizeof (bsdargs[0])); + if (!bsdargs) + { + err = grub_errno; +@@ -559,7 +559,7 @@ grub_cmd_legacy_initrdnounzip (struct grub_command *mycmd __attribute__ ((unused + return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("can't find command `%s'"), + "module"); + +- newargs = grub_malloc ((argc + 1) * sizeof (newargs[0])); ++ newargs = grub_calloc (argc + 1, sizeof (newargs[0])); + if (!newargs) + return grub_errno; + grub_memcpy (newargs + 1, args, argc * sizeof (newargs[0])); +diff --git a/grub-core/commands/menuentry.c b/grub-core/commands/menuentry.c +index 7004e08ce78..4b5fcf2ce9a 100644 +--- a/grub-core/commands/menuentry.c ++++ b/grub-core/commands/menuentry.c +@@ -157,7 +157,7 @@ grub_normal_add_menu_entry (int argc, const char **args, + grub_dprintf ("menu", "menu_id:\"%s\"\n", menu_id); + + /* Save argc, args to pass as parameters to block arg later. */ +- menu_args = grub_malloc (sizeof (char*) * (argc + 1)); ++ menu_args = grub_calloc (argc + 1, sizeof (char *)); + if (! menu_args) + goto fail; + +diff --git a/grub-core/commands/nativedisk.c b/grub-core/commands/nativedisk.c +index 2f56a870e68..d69214f6de0 100644 +--- a/grub-core/commands/nativedisk.c ++++ b/grub-core/commands/nativedisk.c +@@ -194,7 +194,7 @@ grub_cmd_nativedisk (grub_command_t cmd __attribute__ ((unused)), + else + path_prefix = prefix; + +- mods = grub_malloc (argc * sizeof (mods[0])); ++ mods = grub_calloc (argc, sizeof (mods[0])); + if (!mods) + return grub_errno; + +diff --git a/grub-core/commands/parttool.c b/grub-core/commands/parttool.c +index 693e2cb42fc..36dadc0b1db 100644 +--- a/grub-core/commands/parttool.c ++++ b/grub-core/commands/parttool.c +@@ -59,7 +59,13 @@ grub_parttool_register(const char *part_name, + for (nargs = 0; args[nargs].name != 0; nargs++); + cur->nargs = nargs; + cur->args = (struct grub_parttool_argdesc *) +- grub_malloc ((nargs + 1) * sizeof (struct grub_parttool_argdesc)); ++ grub_calloc (nargs + 1, sizeof (struct grub_parttool_argdesc)); ++ if (!cur->args) ++ { ++ grub_free (cur); ++ curhandle--; ++ return -1; ++ } + grub_memcpy (cur->args, args, + (nargs + 1) * sizeof (struct grub_parttool_argdesc)); + +@@ -257,7 +263,7 @@ grub_cmd_parttool (grub_command_t cmd __attribute__ ((unused)), + return err; + } + +- parsed = (int *) grub_zalloc (argc * sizeof (int)); ++ parsed = (int *) grub_calloc (argc, sizeof (int)); + + for (i = 1; i < argc; i++) + if (! parsed[i]) +@@ -290,7 +296,7 @@ grub_cmd_parttool (grub_command_t cmd __attribute__ ((unused)), + } + ptool = cur; + pargs = (struct grub_parttool_args *) +- grub_zalloc (ptool->nargs * sizeof (struct grub_parttool_args)); ++ grub_calloc (ptool->nargs, sizeof (struct grub_parttool_args)); + for (j = i; j < argc; j++) + if (! parsed[j]) + { +diff --git a/grub-core/commands/regexp.c b/grub-core/commands/regexp.c +index f00b184c81e..4019164f365 100644 +--- a/grub-core/commands/regexp.c ++++ b/grub-core/commands/regexp.c +@@ -116,7 +116,7 @@ grub_cmd_regexp (grub_extcmd_context_t ctxt, int argc, char **args) + if (ret) + goto fail; + +- matches = grub_zalloc (sizeof (*matches) * (regex.re_nsub + 1)); ++ matches = grub_calloc (regex.re_nsub + 1, sizeof (*matches)); + if (! matches) + goto fail; + +diff --git a/grub-core/commands/search_wrap.c b/grub-core/commands/search_wrap.c +index d7fd26b9405..47fc8eb9966 100644 +--- a/grub-core/commands/search_wrap.c ++++ b/grub-core/commands/search_wrap.c +@@ -122,7 +122,7 @@ grub_cmd_search (grub_extcmd_context_t ctxt, int argc, char **args) + for (i = 0; state[SEARCH_HINT_BAREMETAL].args[i]; i++) + nhints++; + +- hints = grub_malloc (sizeof (hints[0]) * nhints); ++ hints = grub_calloc (nhints, sizeof (hints[0])); + if (!hints) + return grub_errno; + j = 0; +diff --git a/grub-core/disk/diskfilter.c b/grub-core/disk/diskfilter.c +index 6f901c0adf7..2be019269b1 100644 +--- a/grub-core/disk/diskfilter.c ++++ b/grub-core/disk/diskfilter.c +@@ -1134,7 +1134,7 @@ grub_diskfilter_make_raid (grub_size_t uuidlen, char *uuid, int nmemb, + array->lvs->segments->node_count = nmemb; + array->lvs->segments->raid_member_size = disk_size; + array->lvs->segments->nodes +- = grub_zalloc (nmemb * sizeof (array->lvs->segments->nodes[0])); ++ = grub_calloc (nmemb, sizeof (array->lvs->segments->nodes[0])); + array->lvs->segments->stripe_size = stripe_size; + for (i = 0; i < nmemb; i++) + { +@@ -1226,7 +1226,7 @@ insert_array (grub_disk_t disk, const struct grub_diskfilter_pv_id *id, + grub_partition_t p; + for (p = disk->partition; p; p = p->parent) + s++; +- pv->partmaps = xmalloc (s * sizeof (pv->partmaps[0])); ++ pv->partmaps = xcalloc (s, sizeof (pv->partmaps[0])); + s = 0; + for (p = disk->partition; p; p = p->parent) + pv->partmaps[s++] = xstrdup (p->partmap->name); +diff --git a/grub-core/disk/ieee1275/ofdisk.c b/grub-core/disk/ieee1275/ofdisk.c +index 235c0fe2c76..d887d4b6eee 100644 +--- a/grub-core/disk/ieee1275/ofdisk.c ++++ b/grub-core/disk/ieee1275/ofdisk.c +@@ -297,7 +297,7 @@ dev_iterate (const struct grub_ieee1275_devalias *alias) + /* Power machines documentation specify 672 as maximum SAS disks in + one system. Using a slightly larger value to be safe. */ + table_size = 768; +- table = grub_malloc (table_size * sizeof (grub_uint64_t)); ++ table = grub_calloc (table_size, sizeof (grub_uint64_t)); + + if (!table) + { +diff --git a/grub-core/disk/ldm.c b/grub-core/disk/ldm.c +index 2a22d2d6c1c..e6323701ab3 100644 +--- a/grub-core/disk/ldm.c ++++ b/grub-core/disk/ldm.c +@@ -323,8 +323,8 @@ make_vg (grub_disk_t disk, + lv->segments->type = GRUB_DISKFILTER_MIRROR; + lv->segments->node_count = 0; + lv->segments->node_alloc = 8; +- lv->segments->nodes = grub_zalloc (sizeof (*lv->segments->nodes) +- * lv->segments->node_alloc); ++ lv->segments->nodes = grub_calloc (lv->segments->node_alloc, ++ sizeof (*lv->segments->nodes)); + if (!lv->segments->nodes) + goto fail2; + ptr = vblk[i].dynamic; +@@ -543,8 +543,8 @@ make_vg (grub_disk_t disk, + { + comp->segment_alloc = 8; + comp->segment_count = 0; +- comp->segments = grub_malloc (sizeof (*comp->segments) +- * comp->segment_alloc); ++ comp->segments = grub_calloc (comp->segment_alloc, ++ sizeof (*comp->segments)); + if (!comp->segments) + goto fail2; + } +@@ -590,8 +590,8 @@ make_vg (grub_disk_t disk, + } + comp->segments->node_count = read_int (ptr + 1, *ptr); + comp->segments->node_alloc = comp->segments->node_count; +- comp->segments->nodes = grub_zalloc (sizeof (*comp->segments->nodes) +- * comp->segments->node_alloc); ++ comp->segments->nodes = grub_calloc (comp->segments->node_alloc, ++ sizeof (*comp->segments->nodes)); + if (!lv->segments->nodes) + goto fail2; + } +@@ -1017,7 +1017,7 @@ grub_util_ldm_embed (struct grub_disk *disk, unsigned int *nsectors, + *nsectors = lv->size; + if (*nsectors > max_nsectors) + *nsectors = max_nsectors; +- *sectors = grub_malloc (*nsectors * sizeof (**sectors)); ++ *sectors = grub_calloc (*nsectors, sizeof (**sectors)); + if (!*sectors) + return grub_errno; + for (i = 0; i < *nsectors; i++) +diff --git a/grub-core/disk/luks.c b/grub-core/disk/luks.c +index 86c50c61217..18b3a8bb1d3 100644 +--- a/grub-core/disk/luks.c ++++ b/grub-core/disk/luks.c +@@ -336,7 +336,7 @@ luks_recover_key (grub_disk_t source, + && grub_be_to_cpu32 (header.keyblock[i].stripes) > max_stripes) + max_stripes = grub_be_to_cpu32 (header.keyblock[i].stripes); + +- split_key = grub_malloc (keysize * max_stripes); ++ split_key = grub_calloc (keysize, max_stripes); + if (!split_key) + return grub_errno; + +diff --git a/grub-core/disk/lvm.c b/grub-core/disk/lvm.c +index 7b265c780c3..d1df640b311 100644 +--- a/grub-core/disk/lvm.c ++++ b/grub-core/disk/lvm.c +@@ -173,7 +173,7 @@ grub_lvm_detect (grub_disk_t disk, + first one. */ + + /* Allocate buffer space for the circular worst-case scenario. */ +- metadatabuf = grub_malloc (2 * mda_size); ++ metadatabuf = grub_calloc (2, mda_size); + if (! metadatabuf) + goto fail; + +@@ -426,7 +426,7 @@ grub_lvm_detect (grub_disk_t disk, + #endif + goto lvs_fail; + } +- lv->segments = grub_zalloc (sizeof (*seg) * lv->segment_count); ++ lv->segments = grub_calloc (lv->segment_count, sizeof (*seg)); + seg = lv->segments; + + for (i = 0; i < lv->segment_count; i++) +@@ -483,8 +483,8 @@ grub_lvm_detect (grub_disk_t disk, + if (seg->node_count != 1) + seg->stripe_size = grub_lvm_getvalue (&p, "stripe_size = "); + +- seg->nodes = grub_zalloc (sizeof (*stripe) +- * seg->node_count); ++ seg->nodes = grub_calloc (seg->node_count, ++ sizeof (*stripe)); + stripe = seg->nodes; + + p = grub_strstr (p, "stripes = ["); +diff --git a/grub-core/disk/xen/xendisk.c b/grub-core/disk/xen/xendisk.c +index b18a9238d87..c1b331edba7 100644 +--- a/grub-core/disk/xen/xendisk.c ++++ b/grub-core/disk/xen/xendisk.c +@@ -426,7 +426,7 @@ grub_xendisk_init (void) + if (!ctr) + return; + +- virtdisks = grub_malloc (ctr * sizeof (virtdisks[0])); ++ virtdisks = grub_calloc (ctr, sizeof (virtdisks[0])); + if (!virtdisks) + return; + if (grub_xenstore_dir ("device/vbd", fill, &ctr)) +diff --git a/grub-core/efiemu/loadcore.c b/grub-core/efiemu/loadcore.c +index 44085ef818e..2b924623f51 100644 +--- a/grub-core/efiemu/loadcore.c ++++ b/grub-core/efiemu/loadcore.c +@@ -201,7 +201,7 @@ grub_efiemu_count_symbols (const Elf_Ehdr *e) + + grub_efiemu_nelfsyms = (unsigned) s->sh_size / (unsigned) s->sh_entsize; + grub_efiemu_elfsyms = (struct grub_efiemu_elf_sym *) +- grub_malloc (sizeof (struct grub_efiemu_elf_sym) * grub_efiemu_nelfsyms); ++ grub_calloc (grub_efiemu_nelfsyms, sizeof (struct grub_efiemu_elf_sym)); + + /* Relocators */ + for (i = 0, s = (Elf_Shdr *) ((char *) e + e->e_shoff); +diff --git a/grub-core/efiemu/mm.c b/grub-core/efiemu/mm.c +index 52a032f7b2e..9b8e0d0ad1a 100644 +--- a/grub-core/efiemu/mm.c ++++ b/grub-core/efiemu/mm.c +@@ -554,11 +554,11 @@ grub_efiemu_mmap_sort_and_uniq (void) + /* Initialize variables*/ + grub_memset (present, 0, sizeof (int) * GRUB_EFI_MAX_MEMORY_TYPE); + scanline_events = (struct grub_efiemu_mmap_scan *) +- grub_malloc (sizeof (struct grub_efiemu_mmap_scan) * 2 * mmap_num); ++ grub_calloc (mmap_num, sizeof (struct grub_efiemu_mmap_scan) * 2); + + /* Number of chunks can't increase more than by factor of 2 */ + result = (grub_efi_memory_descriptor_t *) +- grub_malloc (sizeof (grub_efi_memory_descriptor_t) * 2 * mmap_num); ++ grub_calloc (mmap_num, sizeof (grub_efi_memory_descriptor_t) * 2); + if (!result || !scanline_events) + { + grub_free (result); +@@ -660,7 +660,7 @@ grub_efiemu_mm_do_alloc (void) + + /* Preallocate mmap */ + efiemu_mmap = (grub_efi_memory_descriptor_t *) +- grub_malloc (mmap_reserved_size * sizeof (grub_efi_memory_descriptor_t)); ++ grub_calloc (mmap_reserved_size, sizeof (grub_efi_memory_descriptor_t)); + if (!efiemu_mmap) + { + grub_efiemu_unload (); +diff --git a/grub-core/font/font.c b/grub-core/font/font.c +index 53d76a64d04..68967dc1c2b 100644 +--- a/grub-core/font/font.c ++++ b/grub-core/font/font.c +@@ -293,8 +293,7 @@ load_font_index (grub_file_t file, grub_uint32_t sect_length, struct + font->num_chars = sect_length / FONT_CHAR_INDEX_ENTRY_SIZE; + + /* Allocate the character index array. */ +- font->char_index = grub_malloc (font->num_chars +- * sizeof (struct char_index_entry)); ++ font->char_index = grub_calloc (font->num_chars, sizeof (struct char_index_entry)); + if (!font->char_index) + return 1; + font->bmp_idx = grub_malloc (0x10000 * sizeof (grub_uint16_t)); +diff --git a/grub-core/fs/affs.c b/grub-core/fs/affs.c +index f673897e0fd..91073795f90 100644 +--- a/grub-core/fs/affs.c ++++ b/grub-core/fs/affs.c +@@ -301,7 +301,7 @@ grub_affs_read_symlink (grub_fshelp_node_t node) + return 0; + } + latin1[symlink_size] = 0; +- utf8 = grub_malloc (symlink_size * GRUB_MAX_UTF8_PER_LATIN1 + 1); ++ utf8 = grub_calloc (GRUB_MAX_UTF8_PER_LATIN1 + 1, symlink_size); + if (!utf8) + { + grub_free (latin1); +@@ -422,7 +422,7 @@ grub_affs_iterate_dir (grub_fshelp_node_t dir, + return 1; + } + +- hashtable = grub_zalloc (data->htsize * sizeof (*hashtable)); ++ hashtable = grub_calloc (data->htsize, sizeof (*hashtable)); + if (!hashtable) + return 1; + +@@ -628,7 +628,7 @@ grub_affs_label (grub_device_t device, char **label) + len = file.namelen; + if (len > sizeof (file.name)) + len = sizeof (file.name); +- *label = grub_malloc (len * GRUB_MAX_UTF8_PER_LATIN1 + 1); ++ *label = grub_calloc (GRUB_MAX_UTF8_PER_LATIN1 + 1, len); + if (*label) + *grub_latin1_to_utf8 ((grub_uint8_t *) *label, file.name, len) = '\0'; + } +diff --git a/grub-core/fs/btrfs.c b/grub-core/fs/btrfs.c +index dac73b2fa8b..8c8aa9c3103 100644 +--- a/grub-core/fs/btrfs.c ++++ b/grub-core/fs/btrfs.c +@@ -404,7 +404,7 @@ lower_bound (struct grub_btrfs_data *data, + { + desc->allocated = 16; + desc->depth = 0; +- desc->data = grub_malloc (sizeof (desc->data[0]) * desc->allocated); ++ desc->data = grub_calloc (desc->allocated, sizeof (desc->data[0])); + if (!desc->data) + return grub_errno; + } +@@ -2056,7 +2056,7 @@ grub_btrfs_embed (grub_device_t device __attribute__ ((unused)), + *nsectors = 64 * 2 - 1; + if (*nsectors > max_nsectors) + *nsectors = max_nsectors; +- *sectors = grub_malloc (*nsectors * sizeof (**sectors)); ++ *sectors = grub_calloc (*nsectors, sizeof (**sectors)); + if (!*sectors) + return grub_errno; + for (i = 0; i < *nsectors; i++) +diff --git a/grub-core/fs/hfs.c b/grub-core/fs/hfs.c +index fc36831789c..3fd4eec202c 100644 +--- a/grub-core/fs/hfs.c ++++ b/grub-core/fs/hfs.c +@@ -1360,7 +1360,7 @@ grub_hfs_label (grub_device_t device, char **label) + grub_size_t len = data->sblock.volname[0]; + if (len > sizeof (data->sblock.volname) - 1) + len = sizeof (data->sblock.volname) - 1; +- *label = grub_malloc (len * MAX_UTF8_PER_MAC_ROMAN + 1); ++ *label = grub_calloc (MAX_UTF8_PER_MAC_ROMAN + 1, len); + if (*label) + macroman_to_utf8 (*label, data->sblock.volname + 1, + len + 1, 0); +diff --git a/grub-core/fs/hfsplus.c b/grub-core/fs/hfsplus.c +index 21159e858ab..f1cd72398ec 100644 +--- a/grub-core/fs/hfsplus.c ++++ b/grub-core/fs/hfsplus.c +@@ -661,6 +661,7 @@ list_nodes (void *record, void *hook_arg) + char *filename; + int i; + struct grub_fshelp_node *node; ++ grub_uint16_t *keyname; + struct grub_hfsplus_catfile *fileinfo; + enum grub_fshelp_filetype type = GRUB_FSHELP_UNKNOWN; + struct list_nodes_ctx *ctx = hook_arg; +@@ -719,32 +720,34 @@ list_nodes (void *record, void *hook_arg) + if (! filename) + return 0; + ++ keyname = grub_calloc (grub_be_to_cpu16 (catkey->namelen), sizeof (*keyname)); ++ if (!keyname) ++ { ++ grub_free (filename); ++ return 0; ++ } ++ + /* Make sure the byte order of the UTF16 string is correct. */ + for (i = 0; i < grub_be_to_cpu16 (catkey->namelen); i++) + { +- catkey->name[i] = grub_be_to_cpu16 (catkey->name[i]); ++ keyname[i] = grub_be_to_cpu16 (catkey->name[i]); + +- if (catkey->name[i] == '/') +- catkey->name[i] = ':'; ++ if (keyname[i] == '/') ++ keyname[i] = ':'; + + /* If the name is obviously invalid, skip this node. */ +- if (catkey->name[i] == 0) ++ if (keyname[i] == 0) + { + grub_free (filename); ++ grub_free (keyname); + return 0; + } + } + +- *grub_utf16_to_utf8 ((grub_uint8_t *) filename, catkey->name, ++ *grub_utf16_to_utf8 ((grub_uint8_t *) filename, keyname, + grub_be_to_cpu16 (catkey->namelen)) = '\0'; + +- /* Restore the byte order to what it was previously. */ +- for (i = 0; i < grub_be_to_cpu16 (catkey->namelen); i++) +- { +- if (catkey->name[i] == ':') +- catkey->name[i] = '/'; +- catkey->name[i] = grub_be_to_cpu16 (catkey->name[i]); +- } ++ grub_free (keyname); + + /* hfs+ is case insensitive. */ + if (! ctx->dir->data->case_sensitive) +@@ -975,6 +978,7 @@ grub_hfsplus_label (grub_device_t device, char **label) + grub_disk_t disk = device->disk; + struct grub_hfsplus_catkey *catkey; + int i, label_len; ++ grub_uint16_t *label_name; + struct grub_hfsplus_key_internal intern; + struct grub_hfsplus_btnode *node = NULL; + grub_disk_addr_t ptr = 0; +@@ -1003,22 +1007,31 @@ grub_hfsplus_label (grub_device_t device, char **label) + grub_hfsplus_btree_recptr (&data->catalog_tree, node, ptr); + + label_len = grub_be_to_cpu16 (catkey->namelen); ++ label_name = grub_calloc (label_len, sizeof (*label_name)); ++ if (!label_name) ++ { ++ grub_free (node); ++ grub_free (data); ++ return grub_errno; ++ } ++ + for (i = 0; i < label_len; i++) + { +- catkey->name[i] = grub_be_to_cpu16 (catkey->name[i]); ++ label_name[i] = grub_be_to_cpu16 (catkey->name[i]); + + /* If the name is obviously invalid, skip this node. */ +- if (catkey->name[i] == 0) ++ if (label_name[i] == 0) + return 0; + } + +- *label = grub_malloc (label_len * GRUB_MAX_UTF8_PER_UTF16 + 1); ++ *label = grub_calloc (label_len, GRUB_MAX_UTF8_PER_UTF16 + 1); + if (! *label) + return grub_errno; + +- *grub_utf16_to_utf8 ((grub_uint8_t *) (*label), catkey->name, ++ *grub_utf16_to_utf8 ((grub_uint8_t *) (*label), label_name, + label_len) = '\0'; + ++ grub_free (label_name); + grub_free (node); + grub_free (data); + +diff --git a/grub-core/fs/iso9660.c b/grub-core/fs/iso9660.c +index c9c8374bf61..092b8f409ec 100644 +--- a/grub-core/fs/iso9660.c ++++ b/grub-core/fs/iso9660.c +@@ -331,7 +331,7 @@ grub_iso9660_convert_string (grub_uint8_t *us, int len) + int i; + grub_uint16_t t[MAX_NAMELEN / 2 + 1]; + +- p = grub_malloc (len * GRUB_MAX_UTF8_PER_UTF16 + 1); ++ p = grub_calloc (len, GRUB_MAX_UTF8_PER_UTF16 + 1); + if (! p) + return NULL; + +diff --git a/grub-core/fs/ntfs.c b/grub-core/fs/ntfs.c +index 6f846886262..9827f9bb8c4 100644 +--- a/grub-core/fs/ntfs.c ++++ b/grub-core/fs/ntfs.c +@@ -556,8 +556,8 @@ get_utf8 (grub_uint8_t *in, grub_size_t len) + grub_uint16_t *tmp; + grub_size_t i; + +- buf = grub_malloc (len * GRUB_MAX_UTF8_PER_UTF16 + 1); +- tmp = grub_malloc (len * sizeof (tmp[0])); ++ buf = grub_calloc (len, GRUB_MAX_UTF8_PER_UTF16 + 1); ++ tmp = grub_calloc (len, sizeof (tmp[0])); + if (!buf || !tmp) + { + grub_free (buf); +diff --git a/grub-core/fs/sfs.c b/grub-core/fs/sfs.c +index 57b8d8da60b..663931717fd 100644 +--- a/grub-core/fs/sfs.c ++++ b/grub-core/fs/sfs.c +@@ -266,7 +266,7 @@ grub_sfs_read_block (grub_fshelp_node_t node, grub_disk_addr_t fileblock) + node->next_extent = node->block; + node->cache_size = 0; + +- node->cache = grub_malloc (sizeof (node->cache[0]) * cache_size); ++ node->cache = grub_calloc (cache_size, sizeof (node->cache[0])); + if (!node->cache) + { + grub_errno = 0; +diff --git a/grub-core/fs/tar.c b/grub-core/fs/tar.c +index 39bf197aabe..4864451e19b 100644 +--- a/grub-core/fs/tar.c ++++ b/grub-core/fs/tar.c +@@ -120,7 +120,7 @@ grub_cpio_find_file (struct grub_archelp_data *data, char **name, + if (data->linkname_alloc < linksize + 1) + { + char *n; +- n = grub_malloc (2 * (linksize + 1)); ++ n = grub_calloc (2, linksize + 1); + if (!n) + return grub_errno; + grub_free (data->linkname); +diff --git a/grub-core/fs/udf.c b/grub-core/fs/udf.c +index 00a16098b47..44481da7c6d 100644 +--- a/grub-core/fs/udf.c ++++ b/grub-core/fs/udf.c +@@ -873,7 +873,7 @@ read_string (const grub_uint8_t *raw, grub_size_t sz, char *outbuf) + { + unsigned i; + utf16len = sz - 1; +- utf16 = grub_malloc (utf16len * sizeof (utf16[0])); ++ utf16 = grub_calloc (utf16len, sizeof (utf16[0])); + if (!utf16) + return NULL; + for (i = 0; i < utf16len; i++) +@@ -883,7 +883,7 @@ read_string (const grub_uint8_t *raw, grub_size_t sz, char *outbuf) + { + unsigned i; + utf16len = (sz - 1) / 2; +- utf16 = grub_malloc (utf16len * sizeof (utf16[0])); ++ utf16 = grub_calloc (utf16len, sizeof (utf16[0])); + if (!utf16) + return NULL; + for (i = 0; i < utf16len; i++) +diff --git a/grub-core/fs/zfs/zfs.c b/grub-core/fs/zfs/zfs.c +index 6e1fff9e9ae..f6b95d4fb02 100644 +--- a/grub-core/fs/zfs/zfs.c ++++ b/grub-core/fs/zfs/zfs.c +@@ -3325,7 +3325,7 @@ dnode_get_fullpath (const char *fullpath, struct subvolume *subvol, + } + subvol->nkeys = 0; + zap_iterate (&keychain_dn, 8, count_zap_keys, &ctx, data); +- subvol->keyring = grub_zalloc (subvol->nkeys * sizeof (subvol->keyring[0])); ++ subvol->keyring = grub_calloc (subvol->nkeys, sizeof (subvol->keyring[0])); + if (!subvol->keyring) + { + grub_free (fsname); +@@ -4336,7 +4336,7 @@ grub_zfs_embed (grub_device_t device __attribute__ ((unused)), + *nsectors = (VDEV_BOOT_SIZE >> GRUB_DISK_SECTOR_BITS); + if (*nsectors > max_nsectors) + *nsectors = max_nsectors; +- *sectors = grub_malloc (*nsectors * sizeof (**sectors)); ++ *sectors = grub_calloc (*nsectors, sizeof (**sectors)); + if (!*sectors) + return grub_errno; + for (i = 0; i < *nsectors; i++) +diff --git a/grub-core/gfxmenu/gui_string_util.c b/grub-core/gfxmenu/gui_string_util.c +index a9a415e3129..ba1e1eab319 100644 +--- a/grub-core/gfxmenu/gui_string_util.c ++++ b/grub-core/gfxmenu/gui_string_util.c +@@ -55,7 +55,7 @@ canonicalize_path (const char *path) + if (*p == '/') + components++; + +- char **path_array = grub_malloc (components * sizeof (*path_array)); ++ char **path_array = grub_calloc (components, sizeof (*path_array)); + if (! path_array) + return 0; + +diff --git a/grub-core/gfxmenu/widget-box.c b/grub-core/gfxmenu/widget-box.c +index b6060288914..470597ded2b 100644 +--- a/grub-core/gfxmenu/widget-box.c ++++ b/grub-core/gfxmenu/widget-box.c +@@ -303,10 +303,10 @@ grub_gfxmenu_create_box (const char *pixmaps_prefix, + box->content_height = 0; + box->raw_pixmaps = + (struct grub_video_bitmap **) +- grub_malloc (BOX_NUM_PIXMAPS * sizeof (struct grub_video_bitmap *)); ++ grub_calloc (BOX_NUM_PIXMAPS, sizeof (struct grub_video_bitmap *)); + box->scaled_pixmaps = + (struct grub_video_bitmap **) +- grub_malloc (BOX_NUM_PIXMAPS * sizeof (struct grub_video_bitmap *)); ++ grub_calloc (BOX_NUM_PIXMAPS, sizeof (struct grub_video_bitmap *)); + + /* Initialize all pixmap pointers to NULL so that proper destruction can + be performed if an error is encountered partway through construction. */ +diff --git a/grub-core/io/gzio.c b/grub-core/io/gzio.c +index 86ea8cfdea2..7024cda84ea 100644 +--- a/grub-core/io/gzio.c ++++ b/grub-core/io/gzio.c +@@ -554,7 +554,7 @@ huft_build (unsigned *b, /* code lengths in bits (all assumed <= BMAX) */ + z = 1 << j; /* table entries for j-bit table */ + + /* allocate and link in new table */ +- q = (struct huft *) grub_zalloc ((z + 1) * sizeof (struct huft)); ++ q = (struct huft *) grub_calloc (z + 1, sizeof (struct huft)); + if (! q) + { + if (h) +diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c +index 4d36fe31177..b1379b92fb8 100644 +--- a/grub-core/kern/efi/efi.c ++++ b/grub-core/kern/efi/efi.c +@@ -207,7 +207,7 @@ grub_efi_set_variable(const char *var, const grub_efi_guid_t *guid, + + len = grub_strlen (var); + len16 = len * GRUB_MAX_UTF16_PER_UTF8; +- var16 = grub_malloc ((len16 + 1) * sizeof (var16[0])); ++ var16 = grub_calloc (len16 + 1, sizeof (var16[0])); + if (!var16) + return grub_errno; + len16 = grub_utf8_to_utf16 (var16, len16, (grub_uint8_t *) var, len, NULL); +@@ -242,7 +242,7 @@ grub_efi_get_variable (const char *var, const grub_efi_guid_t *guid, + + len = grub_strlen (var); + len16 = len * GRUB_MAX_UTF16_PER_UTF8; +- var16 = grub_malloc ((len16 + 1) * sizeof (var16[0])); ++ var16 = grub_calloc (len16 + 1, sizeof (var16[0])); + if (!var16) + return NULL; + len16 = grub_utf8_to_utf16 (var16, len16, (grub_uint8_t *) var, len, NULL); +@@ -384,6 +384,7 @@ grub_efi_get_filename (grub_efi_device_path_t *dp0) + { + grub_efi_file_path_device_path_t *fp; + grub_efi_uint16_t len; ++ grub_efi_char16_t *dup_name; + + *p++ = '/'; + +@@ -394,7 +395,16 @@ grub_efi_get_filename (grub_efi_device_path_t *dp0) + while (len > 0 && fp->path_name[len - 1] == 0) + len--; + +- p = (char *) grub_utf16_to_utf8 ((unsigned char *) p, fp->path_name, len); ++ dup_name = grub_calloc (len, sizeof (*dup_name)); ++ if (!dup_name) ++ { ++ grub_free (name); ++ return NULL; ++ } ++ p = (char *) grub_utf16_to_utf8 ((unsigned char *) p, ++ grub_memcpy (dup_name, fp->path_name, len * sizeof (*dup_name)), ++ len); ++ grub_free (dup_name); + } + + dp = GRUB_EFI_NEXT_DEVICE_PATH (dp); +@@ -884,9 +894,20 @@ grub_efi_print_device_path (grub_efi_device_path_t *dp) + fp = (grub_efi_file_path_device_path_t *) dp; + buf = grub_malloc ((len - 4) * 2 + 1); + if (buf) +- *grub_utf16_to_utf8 (buf, fp->path_name, +- (len - 4) / sizeof (grub_efi_char16_t)) +- = '\0'; ++ { ++ grub_efi_char16_t *dup_name = grub_malloc (len - 4); ++ if (!dup_name) ++ { ++ grub_errno = GRUB_ERR_NONE; ++ grub_printf ("/File((null))"); ++ grub_free (buf); ++ break; ++ } ++ *grub_utf16_to_utf8 (buf, grub_memcpy (dup_name, fp->path_name, len - 4), ++ (len - 4) / sizeof (grub_efi_char16_t)) ++ = '\0'; ++ grub_free (dup_name); ++ } + else + grub_errno = GRUB_ERR_NONE; + grub_printf ("/File(%s)", buf); +diff --git a/grub-core/kern/emu/hostdisk.c b/grub-core/kern/emu/hostdisk.c +index 87e3e251204..f57bd334c9e 100644 +--- a/grub-core/kern/emu/hostdisk.c ++++ b/grub-core/kern/emu/hostdisk.c +@@ -615,7 +615,7 @@ static char * + grub_util_path_concat_real (size_t n, int ext, va_list ap) + { + size_t totlen = 0; +- char **l = xmalloc ((n + ext) * sizeof (l[0])); ++ char **l = xcalloc (n + ext, sizeof (l[0])); + char *r, *p, *pi; + size_t i; + int first = 1; +diff --git a/grub-core/kern/fs.c b/grub-core/kern/fs.c +index 1bd748be83b..730d21770f2 100644 +--- a/grub-core/kern/fs.c ++++ b/grub-core/kern/fs.c +@@ -151,7 +151,7 @@ grub_fs_blocklist_open (grub_file_t file, const char *name) + while (p); + + /* Allocate a block list. */ +- blocks = grub_zalloc (sizeof (struct grub_fs_block) * (num + 1)); ++ blocks = grub_calloc (num + 1, sizeof (struct grub_fs_block)); + if (! blocks) + return 0; + +diff --git a/grub-core/kern/misc.c b/grub-core/kern/misc.c +index aaae9aa0ab7..c034f49f97c 100644 +--- a/grub-core/kern/misc.c ++++ b/grub-core/kern/misc.c +@@ -737,7 +737,7 @@ parse_printf_args (const char *fmt0, struct printf_args *args, + args->ptr = args->prealloc; + else + { +- args->ptr = grub_malloc (args->count * sizeof (args->ptr[0])); ++ args->ptr = grub_calloc (args->count, sizeof (args->ptr[0])); + if (!args->ptr) + { + grub_errno = GRUB_ERR_NONE; +diff --git a/grub-core/kern/parser.c b/grub-core/kern/parser.c +index 78175aac2d3..619db3122a0 100644 +--- a/grub-core/kern/parser.c ++++ b/grub-core/kern/parser.c +@@ -213,7 +213,7 @@ grub_parser_split_cmdline (const char *cmdline, + return grub_errno; + grub_memcpy (args, buffer, bp - buffer); + +- *argv = grub_malloc (sizeof (char *) * (*argc + 1)); ++ *argv = grub_calloc (*argc + 1, sizeof (char *)); + if (!*argv) + { + grub_free (args); +diff --git a/grub-core/kern/uboot/uboot.c b/grub-core/kern/uboot/uboot.c +index cf0168e62dd..efa10f2849d 100644 +--- a/grub-core/kern/uboot/uboot.c ++++ b/grub-core/kern/uboot/uboot.c +@@ -133,7 +133,7 @@ grub_uboot_dev_enum (void) + return num_devices; + + max_devices = 2; +- enum_devices = grub_malloc (sizeof(struct device_info) * max_devices); ++ enum_devices = grub_calloc (max_devices, sizeof(struct device_info)); + if (!enum_devices) + return 0; + +diff --git a/grub-core/lib/libgcrypt/cipher/ac.c b/grub-core/lib/libgcrypt/cipher/ac.c +index f5e946a2d8f..63f6fcd11ef 100644 +--- a/grub-core/lib/libgcrypt/cipher/ac.c ++++ b/grub-core/lib/libgcrypt/cipher/ac.c +@@ -185,7 +185,7 @@ ac_data_mpi_copy (gcry_ac_mpi_t *data_mpis, unsigned int data_mpis_n, + gcry_mpi_t mpi; + char *label; + +- data_mpis_new = gcry_malloc (sizeof (*data_mpis_new) * data_mpis_n); ++ data_mpis_new = gcry_calloc (data_mpis_n, sizeof (*data_mpis_new)); + if (! data_mpis_new) + { + err = gcry_error_from_errno (errno); +@@ -572,7 +572,7 @@ _gcry_ac_data_to_sexp (gcry_ac_data_t data, gcry_sexp_t *sexp, + } + + /* Add MPI list. */ +- arg_list = gcry_malloc (sizeof (*arg_list) * (data_n + 1)); ++ arg_list = gcry_calloc (data_n + 1, sizeof (*arg_list)); + if (! arg_list) + { + err = gcry_error_from_errno (errno); +@@ -1283,7 +1283,7 @@ ac_data_construct (const char *identifier, int include_flags, + /* We build a list of arguments to pass to + gcry_sexp_build_array(). */ + data_length = _gcry_ac_data_length (data); +- arg_list = gcry_malloc (sizeof (*arg_list) * (data_length * 2)); ++ arg_list = gcry_calloc (data_length, sizeof (*arg_list) * 2); + if (! arg_list) + { + err = gcry_error_from_errno (errno); +@@ -1593,7 +1593,7 @@ _gcry_ac_key_pair_generate (gcry_ac_handle_t handle, unsigned int nbits, + arg_list_n += 2; + + /* Allocate list. */ +- arg_list = gcry_malloc (sizeof (*arg_list) * arg_list_n); ++ arg_list = gcry_calloc (arg_list_n, sizeof (*arg_list)); + if (! arg_list) + { + err = gcry_error_from_errno (errno); +diff --git a/grub-core/lib/libgcrypt/cipher/primegen.c b/grub-core/lib/libgcrypt/cipher/primegen.c +index 2788e349fa9..b12e79b1922 100644 +--- a/grub-core/lib/libgcrypt/cipher/primegen.c ++++ b/grub-core/lib/libgcrypt/cipher/primegen.c +@@ -383,7 +383,7 @@ prime_generate_internal (int need_q_factor, + } + + /* Allocate an array to track pool usage. */ +- pool_in_use = gcry_malloc (n * sizeof *pool_in_use); ++ pool_in_use = gcry_calloc (n, sizeof *pool_in_use); + if (!pool_in_use) + { + err = gpg_err_code_from_errno (errno); +@@ -765,7 +765,7 @@ gen_prime (unsigned int nbits, int secret, int randomlevel, + if (nbits < 16) + log_fatal ("can't generate a prime with less than %d bits\n", 16); + +- mods = gcry_xmalloc( no_of_small_prime_numbers * sizeof *mods ); ++ mods = gcry_xcalloc( no_of_small_prime_numbers, sizeof *mods); + /* Make nbits fit into gcry_mpi_t implementation. */ + val_2 = mpi_alloc_set_ui( 2 ); + val_3 = mpi_alloc_set_ui( 3); +diff --git a/grub-core/lib/libgcrypt/cipher/pubkey.c b/grub-core/lib/libgcrypt/cipher/pubkey.c +index 910982141e0..ca087ad75b9 100644 +--- a/grub-core/lib/libgcrypt/cipher/pubkey.c ++++ b/grub-core/lib/libgcrypt/cipher/pubkey.c +@@ -2941,7 +2941,7 @@ gcry_pk_encrypt (gcry_sexp_t *r_ciph, gcry_sexp_t s_data, gcry_sexp_t s_pkey) + * array to a format string, so we have to do it this way :-(. */ + /* FIXME: There is now such a format specifier, so we can + change the code to be more clear. */ +- arg_list = malloc (nelem * sizeof *arg_list); ++ arg_list = calloc (nelem, sizeof *arg_list); + if (!arg_list) + { + rc = gpg_err_code_from_syserror (); +@@ -3233,7 +3233,7 @@ gcry_pk_sign (gcry_sexp_t *r_sig, gcry_sexp_t s_hash, gcry_sexp_t s_skey) + } + strcpy (p, "))"); + +- arg_list = malloc (nelem * sizeof *arg_list); ++ arg_list = calloc (nelem, sizeof *arg_list); + if (!arg_list) + { + rc = gpg_err_code_from_syserror (); +diff --git a/grub-core/lib/priority_queue.c b/grub-core/lib/priority_queue.c +index 659be0b7f40..7d5e7c05aab 100644 +--- a/grub-core/lib/priority_queue.c ++++ b/grub-core/lib/priority_queue.c +@@ -92,7 +92,7 @@ grub_priority_queue_new (grub_size_t elsize, + { + struct grub_priority_queue *ret; + void *els; +- els = grub_malloc (elsize * 8); ++ els = grub_calloc (8, elsize); + if (!els) + return 0; + ret = (struct grub_priority_queue *) grub_malloc (sizeof (*ret)); +diff --git a/grub-core/lib/reed_solomon.c b/grub-core/lib/reed_solomon.c +index ee9fa7b4feb..467305b46ab 100644 +--- a/grub-core/lib/reed_solomon.c ++++ b/grub-core/lib/reed_solomon.c +@@ -20,6 +20,7 @@ + #include + #include + #include ++#define xcalloc calloc + #define xmalloc malloc + #define grub_memset memset + #define grub_memcpy memcpy +@@ -158,11 +159,9 @@ rs_encode (gf_single_t *data, grub_size_t s, grub_size_t rs) + gf_single_t *rs_polynomial; + int i, j; + gf_single_t *m; +- m = xmalloc ((s + rs) * sizeof (gf_single_t)); ++ m = xcalloc (s + rs, sizeof (gf_single_t)); + grub_memcpy (m, data, s * sizeof (gf_single_t)); +- grub_memset (m + s, 0, rs * sizeof (gf_single_t)); +- rs_polynomial = xmalloc ((rs + 1) * sizeof (gf_single_t)); +- grub_memset (rs_polynomial, 0, (rs + 1) * sizeof (gf_single_t)); ++ rs_polynomial = xcalloc (rs + 1, sizeof (gf_single_t)); + rs_polynomial[rs] = 1; + /* Multiply with X - a^r */ + for (j = 0; j < rs; j++) +diff --git a/grub-core/lib/relocator.c b/grub-core/lib/relocator.c +index ea3ebc719b1..5847aac3643 100644 +--- a/grub-core/lib/relocator.c ++++ b/grub-core/lib/relocator.c +@@ -495,9 +495,9 @@ malloc_in_range (struct grub_relocator *rel, + } + #endif + +- eventt = grub_malloc (maxevents * sizeof (events[0])); ++ eventt = grub_calloc (maxevents, sizeof (events[0])); + counter = grub_malloc ((DIGITSORT_MASK + 2) * sizeof (counter[0])); +- events = grub_malloc (maxevents * sizeof (events[0])); ++ events = grub_calloc (maxevents, sizeof (events[0])); + if (!events || !eventt || !counter) + { + grub_dprintf ("relocator", "events or counter allocation failed %d\n", +@@ -963,7 +963,7 @@ malloc_in_range (struct grub_relocator *rel, + #endif + unsigned cural = 0; + int oom = 0; +- res->subchunks = grub_malloc (sizeof (res->subchunks[0]) * nallocs); ++ res->subchunks = grub_calloc (nallocs, sizeof (res->subchunks[0])); + if (!res->subchunks) + oom = 1; + res->nsubchunks = nallocs; +@@ -1562,8 +1562,8 @@ grub_relocator_prepare_relocs (struct grub_relocator *rel, grub_addr_t addr, + count[(chunk->src & 0xff) + 1]++; + } + } +- from = grub_malloc (nchunks * sizeof (sorted[0])); +- to = grub_malloc (nchunks * sizeof (sorted[0])); ++ from = grub_calloc (nchunks, sizeof (sorted[0])); ++ to = grub_calloc (nchunks, sizeof (sorted[0])); + if (!from || !to) + { + grub_free (from); +diff --git a/grub-core/loader/arm/linux.c b/grub-core/loader/arm/linux.c +index b4f609d2d01..ea29d7a724a 100644 +--- a/grub-core/loader/arm/linux.c ++++ b/grub-core/loader/arm/linux.c +@@ -77,7 +77,7 @@ linux_prepare_atag (void *target_atag) + + /* some place for cmdline, initrd and terminator. */ + tmp_size = get_atag_size (atag_orig) + 20 + (arg_size) / 4; +- tmp_atag = grub_malloc (tmp_size * sizeof (grub_uint32_t)); ++ tmp_atag = grub_calloc (tmp_size, sizeof (grub_uint32_t)); + if (!tmp_atag) + return grub_errno; + +diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c +index 3630b0cbf2d..2da119ad513 100644 +--- a/grub-core/loader/efi/chainloader.c ++++ b/grub-core/loader/efi/chainloader.c +@@ -119,18 +119,23 @@ static void + copy_file_path (grub_efi_file_path_device_path_t *fp, + const char *str, grub_efi_uint16_t len) + { +- grub_efi_char16_t *p; ++ grub_efi_char16_t *p, *path_name; + grub_efi_uint16_t size; + + fp->header.type = GRUB_EFI_MEDIA_DEVICE_PATH_TYPE; + fp->header.subtype = GRUB_EFI_FILE_PATH_DEVICE_PATH_SUBTYPE; + +- size = grub_utf8_to_utf16 (fp->path_name, len * GRUB_MAX_UTF16_PER_UTF8, ++ path_name = grub_calloc (len, GRUB_MAX_UTF16_PER_UTF8 * sizeof (*path_name)); ++ if (!path_name) ++ return; ++ ++ size = grub_utf8_to_utf16 (path_name, len * GRUB_MAX_UTF16_PER_UTF8, + (const grub_uint8_t *) str, len, 0); +- for (p = fp->path_name; p < fp->path_name + size; p++) ++ for (p = path_name; p < path_name + size; p++) + if (*p == '/') + *p = '\\'; + ++ grub_memcpy (fp->path_name, path_name, size * sizeof (*fp->path_name)); + /* File Path is NULL terminated */ + fp->path_name[size++] = '\0'; + fp->header.length = size * sizeof (grub_efi_char16_t) + sizeof (*fp); +diff --git a/grub-core/loader/i386/bsdXX.c b/grub-core/loader/i386/bsdXX.c +index af6741d157c..a8d8bf7daed 100644 +--- a/grub-core/loader/i386/bsdXX.c ++++ b/grub-core/loader/i386/bsdXX.c +@@ -48,7 +48,7 @@ read_headers (grub_file_t file, const char *filename, Elf_Ehdr *e, char **shdr) + if (e->e_ident[EI_CLASS] != SUFFIX (ELFCLASS)) + return grub_error (GRUB_ERR_BAD_OS, N_("invalid arch-dependent ELF magic")); + +- *shdr = grub_malloc ((grub_uint32_t) e->e_shnum * e->e_shentsize); ++ *shdr = grub_calloc (e->e_shnum, e->e_shentsize); + if (! *shdr) + return grub_errno; + +diff --git a/grub-core/loader/i386/xnu.c b/grub-core/loader/i386/xnu.c +index 59ef73a7385..ee0eaadc4ee 100644 +--- a/grub-core/loader/i386/xnu.c ++++ b/grub-core/loader/i386/xnu.c +@@ -295,7 +295,7 @@ grub_xnu_devprop_add_property_utf8 (struct grub_xnu_devprop_device_descriptor *d + return grub_errno; + + len = grub_strlen (name); +- utf16 = grub_malloc (sizeof (grub_uint16_t) * len); ++ utf16 = grub_calloc (len, sizeof (grub_uint16_t)); + if (!utf16) + { + grub_free (utf8); +@@ -331,7 +331,7 @@ grub_xnu_devprop_add_property_utf16 (struct grub_xnu_devprop_device_descriptor * + grub_uint16_t *utf16; + grub_err_t err; + +- utf16 = grub_malloc (sizeof (grub_uint16_t) * namelen); ++ utf16 = grub_calloc (namelen, sizeof (grub_uint16_t)); + if (!utf16) + return grub_errno; + grub_memcpy (utf16, name, sizeof (grub_uint16_t) * namelen); +diff --git a/grub-core/loader/macho.c b/grub-core/loader/macho.c +index 59b195e27ea..f61341af515 100644 +--- a/grub-core/loader/macho.c ++++ b/grub-core/loader/macho.c +@@ -97,7 +97,7 @@ grub_macho_file (grub_file_t file, const char *filename, int is_64bit) + if (grub_file_seek (macho->file, sizeof (struct grub_macho_fat_header)) + == (grub_off_t) -1) + goto fail; +- archs = grub_malloc (sizeof (struct grub_macho_fat_arch) * narchs); ++ archs = grub_calloc (narchs, sizeof (struct grub_macho_fat_arch)); + if (!archs) + goto fail; + if (grub_file_read (macho->file, archs, +diff --git a/grub-core/loader/multiboot_elfxx.c b/grub-core/loader/multiboot_elfxx.c +index 70cd1db513e..cc6853692a8 100644 +--- a/grub-core/loader/multiboot_elfxx.c ++++ b/grub-core/loader/multiboot_elfxx.c +@@ -217,7 +217,7 @@ CONCAT(grub_multiboot_load_elf, XX) (mbi_load_data_t *mld) + { + grub_uint8_t *shdr, *shdrptr; + +- shdr = grub_malloc ((grub_uint32_t) ehdr->e_shnum * ehdr->e_shentsize); ++ shdr = grub_calloc (ehdr->e_shnum, ehdr->e_shentsize); + if (!shdr) + return grub_errno; + +diff --git a/grub-core/loader/xnu.c b/grub-core/loader/xnu.c +index df8dfdb4ba0..dc7d5409e1e 100644 +--- a/grub-core/loader/xnu.c ++++ b/grub-core/loader/xnu.c +@@ -792,7 +792,7 @@ grub_cmd_xnu_mkext (grub_command_t cmd __attribute__ ((unused)), + if (grub_be_to_cpu32 (head.magic) == GRUB_MACHO_FAT_MAGIC) + { + narchs = grub_be_to_cpu32 (head.nfat_arch); +- archs = grub_malloc (sizeof (struct grub_macho_fat_arch) * narchs); ++ archs = grub_calloc (narchs, sizeof (struct grub_macho_fat_arch)); + if (! archs) + { + grub_file_close (file); +diff --git a/grub-core/mmap/mmap.c b/grub-core/mmap/mmap.c +index 6a31cbae325..57b4e9a72a9 100644 +--- a/grub-core/mmap/mmap.c ++++ b/grub-core/mmap/mmap.c +@@ -143,9 +143,9 @@ grub_mmap_iterate (grub_memory_hook_t hook, void *hook_data) + + /* Initialize variables. */ + ctx.scanline_events = (struct grub_mmap_scan *) +- grub_malloc (sizeof (struct grub_mmap_scan) * 2 * mmap_num); ++ grub_calloc (mmap_num, sizeof (struct grub_mmap_scan) * 2); + +- present = grub_zalloc (sizeof (present[0]) * current_priority); ++ present = grub_calloc (current_priority, sizeof (present[0])); + + if (! ctx.scanline_events || !present) + { +diff --git a/grub-core/net/bootp.c b/grub-core/net/bootp.c +index 8b6fc9f2411..adf36fa4a9d 100644 +--- a/grub-core/net/bootp.c ++++ b/grub-core/net/bootp.c +@@ -1326,7 +1326,7 @@ grub_cmd_bootp (struct grub_command *cmd __attribute__ ((unused)), + if (ncards == 0) + return grub_error (GRUB_ERR_NET_NO_CARD, N_("no network card found")); + +- ifaces = grub_zalloc (ncards * sizeof (ifaces[0])); ++ ifaces = grub_calloc (ncards, sizeof (ifaces[0])); + if (!ifaces) + return grub_errno; + +diff --git a/grub-core/net/dns.c b/grub-core/net/dns.c +index 5d9afe093c0..e332d5eb4a4 100644 +--- a/grub-core/net/dns.c ++++ b/grub-core/net/dns.c +@@ -285,8 +285,8 @@ recv_hook (grub_net_udp_socket_t sock __attribute__ ((unused)), + ptr++; + ptr += 4; + } +- *data->addresses = grub_malloc (sizeof ((*data->addresses)[0]) +- * grub_be_to_cpu16 (head->ancount)); ++ *data->addresses = grub_calloc (grub_be_to_cpu16 (head->ancount), ++ sizeof ((*data->addresses)[0])); + if (!*data->addresses) + { + grub_errno = GRUB_ERR_NONE; +@@ -406,8 +406,8 @@ recv_hook (grub_net_udp_socket_t sock __attribute__ ((unused)), + dns_cache[h].addresses = 0; + dns_cache[h].name = grub_strdup (data->oname); + dns_cache[h].naddresses = *data->naddresses; +- dns_cache[h].addresses = grub_malloc (*data->naddresses +- * sizeof (dns_cache[h].addresses[0])); ++ dns_cache[h].addresses = grub_calloc (*data->naddresses, ++ sizeof (dns_cache[h].addresses[0])); + dns_cache[h].limit_time = grub_get_time_ms () + 1000 * ttl_all; + if (!dns_cache[h].addresses || !dns_cache[h].name) + { +@@ -479,7 +479,7 @@ grub_net_dns_lookup (const char *name, + } + } + +- sockets = grub_malloc (sizeof (sockets[0]) * n_servers); ++ sockets = grub_calloc (n_servers, sizeof (sockets[0])); + if (!sockets) + return grub_errno; + +diff --git a/grub-core/net/net.c b/grub-core/net/net.c +index 19ff2d486a1..0e72bbb9b39 100644 +--- a/grub-core/net/net.c ++++ b/grub-core/net/net.c +@@ -338,8 +338,8 @@ grub_cmd_ipv6_autoconf (struct grub_command *cmd __attribute__ ((unused)), + ncards++; + } + +- ifaces = grub_zalloc (ncards * sizeof (ifaces[0])); +- slaacs = grub_zalloc (ncards * sizeof (slaacs[0])); ++ ifaces = grub_calloc (ncards, sizeof (ifaces[0])); ++ slaacs = grub_calloc (ncards, sizeof (slaacs[0])); + if (!ifaces || !slaacs) + { + grub_free (ifaces); +diff --git a/grub-core/normal/charset.c b/grub-core/normal/charset.c +index b0ab47d73fd..d57fb72faa8 100644 +--- a/grub-core/normal/charset.c ++++ b/grub-core/normal/charset.c +@@ -203,7 +203,7 @@ grub_utf8_to_ucs4_alloc (const char *msg, grub_uint32_t **unicode_msg, + { + grub_size_t msg_len = grub_strlen (msg); + +- *unicode_msg = grub_malloc (msg_len * sizeof (grub_uint32_t)); ++ *unicode_msg = grub_calloc (msg_len, sizeof (grub_uint32_t)); + + if (!*unicode_msg) + return -1; +@@ -488,7 +488,7 @@ grub_unicode_aglomerate_comb (const grub_uint32_t *in, grub_size_t inlen, + } + else + { +- n = grub_malloc (sizeof (n[0]) * (out->ncomb + 1)); ++ n = grub_calloc (out->ncomb + 1, sizeof (n[0])); + if (!n) + { + grub_errno = GRUB_ERR_NONE; +@@ -842,7 +842,7 @@ grub_bidi_line_logical_to_visual (const grub_uint32_t *logical, + } \ + } + +- visual = grub_malloc (sizeof (visual[0]) * logical_len); ++ visual = grub_calloc (logical_len, sizeof (visual[0])); + if (!visual) + return -1; + +@@ -1165,8 +1165,8 @@ grub_bidi_logical_to_visual (const grub_uint32_t *logical, + { + const grub_uint32_t *line_start = logical, *ptr; + struct grub_unicode_glyph *visual_ptr; +- *visual_out = visual_ptr = grub_malloc (3 * sizeof (visual_ptr[0]) +- * (logical_len + 2)); ++ *visual_out = visual_ptr = grub_calloc (logical_len + 2, ++ 3 * sizeof (visual_ptr[0])); + if (!visual_ptr) + return -1; + for (ptr = logical; ptr <= logical + logical_len; ptr++) +diff --git a/grub-core/normal/cmdline.c b/grub-core/normal/cmdline.c +index c037d5050ed..c57242e2ea9 100644 +--- a/grub-core/normal/cmdline.c ++++ b/grub-core/normal/cmdline.c +@@ -41,7 +41,7 @@ grub_err_t + grub_set_history (int newsize) + { + grub_uint32_t **old_hist_lines = hist_lines; +- hist_lines = grub_malloc (sizeof (grub_uint32_t *) * newsize); ++ hist_lines = grub_calloc (newsize, sizeof (grub_uint32_t *)); + + /* Copy the old lines into the new buffer. */ + if (old_hist_lines) +@@ -114,7 +114,7 @@ static void + grub_history_set (int pos, grub_uint32_t *s, grub_size_t len) + { + grub_free (hist_lines[pos]); +- hist_lines[pos] = grub_malloc ((len + 1) * sizeof (grub_uint32_t)); ++ hist_lines[pos] = grub_calloc (len + 1, sizeof (grub_uint32_t)); + if (!hist_lines[pos]) + { + grub_print_error (); +@@ -349,7 +349,7 @@ grub_cmdline_get (const char *prompt_translated) + char *ret; + unsigned nterms; + +- buf = grub_malloc (max_len * sizeof (grub_uint32_t)); ++ buf = grub_calloc (max_len, sizeof (grub_uint32_t)); + if (!buf) + return 0; + +@@ -377,7 +377,7 @@ grub_cmdline_get (const char *prompt_translated) + FOR_ACTIVE_TERM_OUTPUTS(cur) + nterms++; + +- cl_terms = grub_malloc (sizeof (cl_terms[0]) * nterms); ++ cl_terms = grub_calloc (nterms, sizeof (cl_terms[0])); + if (!cl_terms) + { + grub_free (buf); +@@ -385,7 +385,7 @@ grub_cmdline_get (const char *prompt_translated) + } + cl_term_cur = cl_terms; + +- unicode_msg = grub_malloc (msg_len * sizeof (grub_uint32_t)); ++ unicode_msg = grub_calloc (msg_len, sizeof (grub_uint32_t)); + if (!unicode_msg) + { + grub_free (buf); +@@ -495,7 +495,7 @@ grub_cmdline_get (const char *prompt_translated) + grub_uint32_t *insert; + + insertlen = grub_strlen (insertu8); +- insert = grub_malloc ((insertlen + 1) * sizeof (grub_uint32_t)); ++ insert = grub_calloc (insertlen + 1, sizeof (grub_uint32_t)); + if (!insert) + { + grub_free (insertu8); +@@ -602,7 +602,7 @@ grub_cmdline_get (const char *prompt_translated) + + grub_free (kill_buf); + +- kill_buf = grub_malloc ((n + 1) * sizeof(grub_uint32_t)); ++ kill_buf = grub_calloc (n + 1, sizeof (grub_uint32_t)); + if (grub_errno) + { + grub_print_error (); +diff --git a/grub-core/normal/menu_entry.c b/grub-core/normal/menu_entry.c +index 5785f67ee1c..f31487c1f58 100644 +--- a/grub-core/normal/menu_entry.c ++++ b/grub-core/normal/menu_entry.c +@@ -95,8 +95,8 @@ init_line (struct screen *screen, struct line *linep) + { + linep->len = 0; + linep->max_len = 80; +- linep->buf = grub_malloc ((linep->max_len + 1) * sizeof (linep->buf[0])); +- linep->pos = grub_zalloc (screen->nterms * sizeof (linep->pos[0])); ++ linep->buf = grub_calloc (linep->max_len + 1, sizeof (linep->buf[0])); ++ linep->pos = grub_calloc (screen->nterms, sizeof (linep->pos[0])); + if (! linep->buf || !linep->pos) + { + grub_free (linep->buf); +@@ -287,7 +287,7 @@ update_screen (struct screen *screen, struct per_term_screen *term_screen, + pos = linep->pos + (term_screen - screen->terms); + + if (!*pos) +- *pos = grub_zalloc ((linep->len + 1) * sizeof (**pos)); ++ *pos = grub_calloc (linep->len + 1, sizeof (**pos)); + + if (i == region_start || linep == screen->lines + screen->line + || (i > region_start && mode == ALL_LINES)) +@@ -471,7 +471,7 @@ insert_string (struct screen *screen, const char *s, int update) + + /* Insert the string. */ + current_linep = screen->lines + screen->line; +- unicode_msg = grub_malloc ((p - s) * sizeof (grub_uint32_t)); ++ unicode_msg = grub_calloc (p - s, sizeof (grub_uint32_t)); + + if (!unicode_msg) + return 0; +@@ -1023,7 +1023,7 @@ complete (struct screen *screen, int continuous, int update) + if (completion_buffer.buf) + { + buflen = grub_strlen (completion_buffer.buf); +- ucs4 = grub_malloc (sizeof (grub_uint32_t) * (buflen + 1)); ++ ucs4 = grub_calloc (buflen + 1, sizeof (grub_uint32_t)); + + if (!ucs4) + { +@@ -1265,7 +1265,7 @@ grub_menu_entry_run (grub_menu_entry_t entry) + for (i = 0; i < (unsigned) screen->num_lines; i++) + { + grub_free (screen->lines[i].pos); +- screen->lines[i].pos = grub_zalloc (screen->nterms * sizeof (screen->lines[i].pos[0])); ++ screen->lines[i].pos = grub_calloc (screen->nterms, sizeof (screen->lines[i].pos[0])); + if (! screen->lines[i].pos) + { + grub_print_error (); +@@ -1275,7 +1275,7 @@ grub_menu_entry_run (grub_menu_entry_t entry) + } + } + +- screen->terms = grub_zalloc (screen->nterms * sizeof (screen->terms[0])); ++ screen->terms = grub_calloc (screen->nterms, sizeof (screen->terms[0])); + if (!screen->terms) + { + grub_print_error (); +diff --git a/grub-core/normal/menu_text.c b/grub-core/normal/menu_text.c +index 7681f7d2893..ca135624356 100644 +--- a/grub-core/normal/menu_text.c ++++ b/grub-core/normal/menu_text.c +@@ -78,7 +78,7 @@ grub_print_message_indented_real (const char *msg, int margin_left, + grub_size_t msg_len = grub_strlen (msg) + 2; + int ret = 0; + +- unicode_msg = grub_malloc (msg_len * sizeof (grub_uint32_t)); ++ unicode_msg = grub_calloc (msg_len, sizeof (grub_uint32_t)); + + if (!unicode_msg) + return 0; +@@ -167,7 +167,7 @@ print_entry (int y, int highlight, grub_menu_entry_t entry, + + title = entry ? entry->title : ""; + title_len = grub_strlen (title); +- unicode_title = grub_malloc (title_len * sizeof (*unicode_title)); ++ unicode_title = grub_calloc (title_len, sizeof (*unicode_title)); + if (! unicode_title) + /* XXX How to show this error? */ + return; +diff --git a/grub-core/normal/term.c b/grub-core/normal/term.c +index ac5d69f0fb5..93a3a0d912e 100644 +--- a/grub-core/normal/term.c ++++ b/grub-core/normal/term.c +@@ -264,7 +264,7 @@ grub_term_save_pos (void) + FOR_ACTIVE_TERM_OUTPUTS(cur) + cnt++; + +- ret = grub_malloc (cnt * sizeof (ret[0])); ++ ret = grub_calloc (cnt, sizeof (ret[0])); + if (!ret) + return NULL; + +@@ -1013,7 +1013,7 @@ grub_xnputs (const char *str, grub_size_t msg_len) + + grub_error_push (); + +- unicode_str = grub_malloc (msg_len * sizeof (grub_uint32_t)); ++ unicode_str = grub_calloc (msg_len, sizeof (grub_uint32_t)); + + grub_error_pop (); + +diff --git a/grub-core/osdep/linux/getroot.c b/grub-core/osdep/linux/getroot.c +index 388a0f70638..e450f5f0a4c 100644 +--- a/grub-core/osdep/linux/getroot.c ++++ b/grub-core/osdep/linux/getroot.c +@@ -176,7 +176,7 @@ grub_util_raid_getmembers (const char *name, int bootable) + if (ret != 0) + grub_util_error (_("ioctl GET_ARRAY_INFO error: %s"), strerror (errno)); + +- devicelist = xmalloc ((info.nr_disks + 1) * sizeof (char *)); ++ devicelist = xcalloc (info.nr_disks + 1, sizeof (char *)); + + for (i = 0, j = 0; j < info.nr_disks; i++) + { +@@ -249,7 +249,7 @@ grub_find_root_devices_from_btrfs (const char *dir) + return NULL; + } + +- ret = xmalloc ((fsi.num_devices + 1) * sizeof (ret[0])); ++ ret = xcalloc (fsi.num_devices + 1, sizeof (ret[0])); + + for (i = 1; i <= fsi.max_id && j < fsi.num_devices; i++) + { +@@ -508,7 +508,7 @@ grub_find_root_devices_from_mountinfo (const char *dir, char **relroot) + if (relroot) + *relroot = NULL; + +- entries = xmalloc (entry_max * sizeof (*entries)); ++ entries = xcalloc (entry_max, sizeof (*entries)); + + again: + fp = grub_util_fopen ("/proc/self/mountinfo", "r"); +diff --git a/grub-core/osdep/unix/config.c b/grub-core/osdep/unix/config.c +index b637c58efb7..46a881530c0 100644 +--- a/grub-core/osdep/unix/config.c ++++ b/grub-core/osdep/unix/config.c +@@ -102,7 +102,7 @@ grub_util_load_config (struct grub_util_config *cfg) + argv[0] = "sh"; + argv[1] = "-c"; + +- script = xmalloc (4 * strlen (cfgfile) + 300); ++ script = xcalloc (4, strlen (cfgfile) + 300); + + ptr = script; + memcpy (ptr, ". '", 3); +diff --git a/grub-core/osdep/windows/getroot.c b/grub-core/osdep/windows/getroot.c +index 661d9546192..eada663b261 100644 +--- a/grub-core/osdep/windows/getroot.c ++++ b/grub-core/osdep/windows/getroot.c +@@ -59,7 +59,7 @@ grub_get_mount_point (const TCHAR *path) + + for (ptr = path; *ptr; ptr++); + allocsize = (ptr - path + 10) * 2; +- out = xmalloc (allocsize * sizeof (out[0])); ++ out = xcalloc (allocsize, sizeof (out[0])); + + /* When pointing to EFI system partition GetVolumePathName fails + for ESP root and returns abberant information for everything +diff --git a/grub-core/osdep/windows/hostdisk.c b/grub-core/osdep/windows/hostdisk.c +index 6f49df465d7..580b3f2dae7 100644 +--- a/grub-core/osdep/windows/hostdisk.c ++++ b/grub-core/osdep/windows/hostdisk.c +@@ -111,7 +111,7 @@ grub_util_get_windows_path_real (const char *path) + + while (1) + { +- fpa = xmalloc (alloc * sizeof (fpa[0])); ++ fpa = xcalloc (alloc, sizeof (fpa[0])); + + len = GetFullPathName (tpath, alloc, fpa, NULL); + if (len >= alloc) +@@ -393,7 +393,7 @@ grub_util_fd_opendir (const char *name) + for (l = 0; name_windows[l]; l++); + for (l--; l >= 0 && (name_windows[l] == '\\' || name_windows[l] == '/'); l--); + l++; +- pattern = xmalloc ((l + 3) * sizeof (pattern[0])); ++ pattern = xcalloc (l + 3, sizeof (pattern[0])); + memcpy (pattern, name_windows, l * sizeof (pattern[0])); + pattern[l] = '\\'; + pattern[l + 1] = '*'; +diff --git a/grub-core/osdep/windows/init.c b/grub-core/osdep/windows/init.c +index e8ffd62c6a0..6297de6326a 100644 +--- a/grub-core/osdep/windows/init.c ++++ b/grub-core/osdep/windows/init.c +@@ -161,7 +161,7 @@ grub_util_host_init (int *argc __attribute__ ((unused)), + LPWSTR *targv; + + targv = CommandLineToArgvW (tcmdline, argc); +- *argv = xmalloc ((*argc + 1) * sizeof (argv[0])); ++ *argv = xcalloc (*argc + 1, sizeof (argv[0])); + + for (i = 0; i < *argc; i++) + (*argv)[i] = grub_util_tchar_to_utf8 (targv[i]); +diff --git a/grub-core/osdep/windows/platform.c b/grub-core/osdep/windows/platform.c +index 912269191eb..04e0eda9aeb 100644 +--- a/grub-core/osdep/windows/platform.c ++++ b/grub-core/osdep/windows/platform.c +@@ -225,8 +225,8 @@ grub_install_register_efi (grub_device_t efidir_grub_dev, + grub_util_error ("%s", _("no EFI routines are available when running in BIOS mode")); + + distrib8_len = grub_strlen (efi_distributor); +- distributor16 = xmalloc ((distrib8_len + 1) * GRUB_MAX_UTF16_PER_UTF8 +- * sizeof (grub_uint16_t)); ++ distributor16 = xcalloc (distrib8_len + 1, ++ GRUB_MAX_UTF16_PER_UTF8 * sizeof (grub_uint16_t)); + distrib16_len = grub_utf8_to_utf16 (distributor16, distrib8_len * GRUB_MAX_UTF16_PER_UTF8, + (const grub_uint8_t *) efi_distributor, + distrib8_len, 0); +diff --git a/grub-core/osdep/windows/relpath.c b/grub-core/osdep/windows/relpath.c +index cb0861744ae..478e8ef14d5 100644 +--- a/grub-core/osdep/windows/relpath.c ++++ b/grub-core/osdep/windows/relpath.c +@@ -72,7 +72,7 @@ grub_make_system_path_relative_to_its_root (const char *path) + if (dirwindows[0] && dirwindows[1] == ':') + offset = 2; + } +- ret = xmalloc (sizeof (ret[0]) * (flen - offset + 2)); ++ ret = xcalloc (flen - offset + 2, sizeof (ret[0])); + if (dirwindows[offset] != '\\' + && dirwindows[offset] != '/' + && dirwindows[offset]) +diff --git a/grub-core/partmap/gpt.c b/grub-core/partmap/gpt.c +index 103f6796f39..72a2e37cd48 100644 +--- a/grub-core/partmap/gpt.c ++++ b/grub-core/partmap/gpt.c +@@ -199,7 +199,7 @@ gpt_partition_map_embed (struct grub_disk *disk, unsigned int *nsectors, + *nsectors = ctx.len; + if (*nsectors > max_nsectors) + *nsectors = max_nsectors; +- *sectors = grub_malloc (*nsectors * sizeof (**sectors)); ++ *sectors = grub_calloc (*nsectors, sizeof (**sectors)); + if (!*sectors) + return grub_errno; + for (i = 0; i < *nsectors; i++) +diff --git a/grub-core/partmap/msdos.c b/grub-core/partmap/msdos.c +index 6d4b455a19c..81ca6b90e67 100644 +--- a/grub-core/partmap/msdos.c ++++ b/grub-core/partmap/msdos.c +@@ -337,7 +337,7 @@ pc_partition_map_embed (struct grub_disk *disk, unsigned int *nsectors, + avail_nsectors = *nsectors; + if (*nsectors > max_nsectors) + *nsectors = max_nsectors; +- *sectors = grub_malloc (*nsectors * sizeof (**sectors)); ++ *sectors = grub_calloc (*nsectors, sizeof (**sectors)); + if (!*sectors) + return grub_errno; + for (i = 0; i < *nsectors; i++) +diff --git a/grub-core/script/execute.c b/grub-core/script/execute.c +index 7d327f59d92..528ddfd36f0 100644 +--- a/grub-core/script/execute.c ++++ b/grub-core/script/execute.c +@@ -587,7 +587,7 @@ gettext_append (struct grub_script_argv *result, const char *orig_str) + for (iptr = orig_str; *iptr; iptr++) + if (*iptr == '$') + dollar_cnt++; +- ctx.allowed_strings = grub_malloc (sizeof (ctx.allowed_strings[0]) * dollar_cnt); ++ ctx.allowed_strings = grub_calloc (dollar_cnt, sizeof (ctx.allowed_strings[0])); + + if (parse_string (orig_str, gettext_save_allow, &ctx, 0)) + goto fail; +diff --git a/grub-core/tests/fake_input.c b/grub-core/tests/fake_input.c +index 2d60852989c..b5eb516be2d 100644 +--- a/grub-core/tests/fake_input.c ++++ b/grub-core/tests/fake_input.c +@@ -49,7 +49,7 @@ grub_terminal_input_fake_sequence (int *seq_in, int nseq_in) + saved = grub_term_inputs; + if (seq) + grub_free (seq); +- seq = grub_malloc (nseq_in * sizeof (seq[0])); ++ seq = grub_calloc (nseq_in, sizeof (seq[0])); + if (!seq) + return; + +diff --git a/grub-core/tests/video_checksum.c b/grub-core/tests/video_checksum.c +index 74d5b65e5c7..44d0810698a 100644 +--- a/grub-core/tests/video_checksum.c ++++ b/grub-core/tests/video_checksum.c +@@ -336,7 +336,7 @@ grub_video_capture_write_bmp (const char *fname, + { + case 4: + { +- grub_uint8_t *buffer = xmalloc (mode_info->width * 3); ++ grub_uint8_t *buffer = xcalloc (3, mode_info->width); + grub_uint32_t rmask = ((1 << mode_info->red_mask_size) - 1); + grub_uint32_t gmask = ((1 << mode_info->green_mask_size) - 1); + grub_uint32_t bmask = ((1 << mode_info->blue_mask_size) - 1); +@@ -367,7 +367,7 @@ grub_video_capture_write_bmp (const char *fname, + } + case 3: + { +- grub_uint8_t *buffer = xmalloc (mode_info->width * 3); ++ grub_uint8_t *buffer = xcalloc (3, mode_info->width); + grub_uint32_t rmask = ((1 << mode_info->red_mask_size) - 1); + grub_uint32_t gmask = ((1 << mode_info->green_mask_size) - 1); + grub_uint32_t bmask = ((1 << mode_info->blue_mask_size) - 1); +@@ -407,7 +407,7 @@ grub_video_capture_write_bmp (const char *fname, + } + case 2: + { +- grub_uint8_t *buffer = xmalloc (mode_info->width * 3); ++ grub_uint8_t *buffer = xcalloc (3, mode_info->width); + grub_uint16_t rmask = ((1 << mode_info->red_mask_size) - 1); + grub_uint16_t gmask = ((1 << mode_info->green_mask_size) - 1); + grub_uint16_t bmask = ((1 << mode_info->blue_mask_size) - 1); +diff --git a/grub-core/video/capture.c b/grub-core/video/capture.c +index 4f83c744116..4d3195e017b 100644 +--- a/grub-core/video/capture.c ++++ b/grub-core/video/capture.c +@@ -89,7 +89,7 @@ grub_video_capture_start (const struct grub_video_mode_info *mode_info, + framebuffer.mode_info = *mode_info; + framebuffer.mode_info.blit_format = grub_video_get_blit_format (&framebuffer.mode_info); + +- framebuffer.ptr = grub_malloc (framebuffer.mode_info.height * framebuffer.mode_info.pitch); ++ framebuffer.ptr = grub_calloc (framebuffer.mode_info.height, framebuffer.mode_info.pitch); + if (!framebuffer.ptr) + return grub_errno; + +diff --git a/grub-core/video/emu/sdl.c b/grub-core/video/emu/sdl.c +index a2f639f66de..0ebab6f57dd 100644 +--- a/grub-core/video/emu/sdl.c ++++ b/grub-core/video/emu/sdl.c +@@ -172,7 +172,7 @@ grub_video_sdl_set_palette (unsigned int start, unsigned int count, + if (start + count > mode_info.number_of_colors) + count = mode_info.number_of_colors - start; + +- tmp = grub_malloc (count * sizeof (tmp[0])); ++ tmp = grub_calloc (count, sizeof (tmp[0])); + for (i = 0; i < count; i++) + { + tmp[i].r = palette_data[i].r; +diff --git a/grub-core/video/i386/pc/vga.c b/grub-core/video/i386/pc/vga.c +index 01f47112d37..b2f776c997b 100644 +--- a/grub-core/video/i386/pc/vga.c ++++ b/grub-core/video/i386/pc/vga.c +@@ -127,7 +127,7 @@ grub_video_vga_setup (unsigned int width, unsigned int height, + + vga_height = height ? : 480; + +- framebuffer.temporary_buffer = grub_malloc (vga_height * VGA_WIDTH); ++ framebuffer.temporary_buffer = grub_calloc (vga_height, VGA_WIDTH); + framebuffer.front_page = 0; + framebuffer.back_page = 0; + if (!framebuffer.temporary_buffer) +diff --git a/grub-core/video/readers/png.c b/grub-core/video/readers/png.c +index e1a01e99fd0..e85df3c1b04 100644 +--- a/grub-core/video/readers/png.c ++++ b/grub-core/video/readers/png.c +@@ -309,7 +309,7 @@ grub_png_decode_image_header (struct grub_png_data *data) + if (data->is_16bit || data->is_gray || data->is_palette) + #endif + { +- data->image_data = grub_malloc (data->image_height * data->row_bytes); ++ data->image_data = grub_calloc (data->image_height, data->row_bytes); + if (grub_errno) + return grub_errno; + +diff --git a/util/getroot.c b/util/getroot.c +index fa3460d6cd8..6feb2a4de40 100644 +--- a/util/getroot.c ++++ b/util/getroot.c +@@ -219,7 +219,7 @@ make_device_name (const char *drive) + char *ret, *ptr; + const char *iptr; + +- ret = xmalloc (strlen (drive) * 2); ++ ret = xcalloc (2, strlen (drive)); + ptr = ret; + for (iptr = drive; *iptr; iptr++) + { +diff --git a/util/grub-file.c b/util/grub-file.c +index 50c18b6835a..b2e7dd69f4c 100644 +--- a/util/grub-file.c ++++ b/util/grub-file.c +@@ -54,7 +54,7 @@ main (int argc, char *argv[]) + + grub_util_host_init (&argc, &argv); + +- argv2 = xmalloc (argc * sizeof (argv2[0])); ++ argv2 = xcalloc (argc, sizeof (argv2[0])); + + if (argc == 2 && strcmp (argv[1], "--version") == 0) + { +diff --git a/util/grub-fstest.c b/util/grub-fstest.c +index a358ae47152..793aefa02b1 100644 +--- a/util/grub-fstest.c ++++ b/util/grub-fstest.c +@@ -650,7 +650,7 @@ argp_parser (int key, char *arg, struct argp_state *state) + if (args_count < num_disks) + { + if (args_count == 0) +- images = xmalloc (num_disks * sizeof (images[0])); ++ images = xcalloc (num_disks, sizeof (images[0])); + images[args_count] = grub_canonicalize_file_name (arg); + args_count++; + return 0; +@@ -734,7 +734,7 @@ main (int argc, char *argv[]) + + grub_util_host_init (&argc, &argv); + +- args = xmalloc (argc * sizeof (args[0])); ++ args = xcalloc (argc, sizeof (args[0])); + + argp_parse (&argp, argc, argv, 0, 0, 0); + +diff --git a/util/grub-install-common.c b/util/grub-install-common.c +index 0a2e24a79f1..cf993c059ad 100644 +--- a/util/grub-install-common.c ++++ b/util/grub-install-common.c +@@ -281,7 +281,7 @@ handle_install_list (struct install_list *il, const char *val, + il->n_entries++; + } + il->n_alloc = il->n_entries + 1; +- il->entries = xmalloc (il->n_alloc * sizeof (il->entries[0])); ++ il->entries = xcalloc (il->n_alloc, sizeof (il->entries[0])); + ptr = val; + for (ce = il->entries; ; ce++) + { +diff --git a/util/grub-install.c b/util/grub-install.c +index 16f137ca854..3bf0e063a86 100644 +--- a/util/grub-install.c ++++ b/util/grub-install.c +@@ -623,7 +623,7 @@ device_map_check_duplicates (const char *dev_map) + if (! fp) + return; + +- d = xmalloc (alloced * sizeof (d[0])); ++ d = xcalloc (alloced, sizeof (d[0])); + + while (fgets (buf, sizeof (buf), fp)) + { +@@ -1232,7 +1232,7 @@ main (int argc, char *argv[]) + ndev++; + } + +- grub_drives = xmalloc (sizeof (grub_drives[0]) * (ndev + 1)); ++ grub_drives = xcalloc (ndev + 1, sizeof (grub_drives[0])); + + for (curdev = grub_devices, curdrive = grub_drives; *curdev; curdev++, + curdrive++) +diff --git a/util/grub-mkimagexx.c b/util/grub-mkimagexx.c +index a483c674c49..f9aa1a033b5 100644 +--- a/util/grub-mkimagexx.c ++++ b/util/grub-mkimagexx.c +@@ -1999,10 +1999,8 @@ SUFFIX (grub_mkimage_load_image) (const char *kernel_path, + + grub_host_to_target16 (e->e_shstrndx) * smd.section_entsize); + smd.strtab = (char *) e + grub_host_to_target_addr (s->sh_offset); + +- smd.addrs = xmalloc (sizeof (*smd.addrs) * smd.num_sections); +- memset (smd.addrs, 0, sizeof (*smd.addrs) * smd.num_sections); +- smd.vaddrs = xmalloc (sizeof (*smd.vaddrs) * smd.num_sections); +- memset (smd.vaddrs, 0, sizeof (*smd.vaddrs) * smd.num_sections); ++ smd.addrs = xcalloc (smd.num_sections, sizeof (*smd.addrs)); ++ smd.vaddrs = xcalloc (smd.num_sections, sizeof (*smd.vaddrs)); + + SUFFIX (locate_sections) (e, kernel_path, &smd, layout, image_target); + +diff --git a/util/grub-mkrescue.c b/util/grub-mkrescue.c +index 9545945d8f3..21e72bde474 100644 +--- a/util/grub-mkrescue.c ++++ b/util/grub-mkrescue.c +@@ -441,8 +441,8 @@ main (int argc, char *argv[]) + xorriso = xstrdup ("xorriso"); + label_font = grub_util_path_concat (2, pkgdatadir, "unicode.pf2"); + +- argp_argv = xmalloc (sizeof (argp_argv[0]) * argc); +- xorriso_tail_argv = xmalloc (sizeof (argp_argv[0]) * argc); ++ argp_argv = xcalloc (argc, sizeof (argp_argv[0])); ++ xorriso_tail_argv = xcalloc (argc, sizeof (argp_argv[0])); + + xorriso_tail_argc = 0; + /* Program name */ +diff --git a/util/grub-mkstandalone.c b/util/grub-mkstandalone.c +index 4907d44c0bd..edf309717c3 100644 +--- a/util/grub-mkstandalone.c ++++ b/util/grub-mkstandalone.c +@@ -296,7 +296,7 @@ main (int argc, char *argv[]) + grub_util_host_init (&argc, &argv); + grub_util_disable_fd_syncs (); + +- files = xmalloc ((argc + 1) * sizeof (files[0])); ++ files = xcalloc (argc + 1, sizeof (files[0])); + + argp_parse (&argp, argc, argv, 0, 0, 0); + +diff --git a/util/grub-pe2elf.c b/util/grub-pe2elf.c +index 0d4084a108e..11331294f1b 100644 +--- a/util/grub-pe2elf.c ++++ b/util/grub-pe2elf.c +@@ -100,9 +100,9 @@ write_section_data (FILE* fp, const char *name, char *image, + char *pe_strtab = (image + pe_chdr->symtab_offset + + pe_chdr->num_symbols * sizeof (struct grub_pe32_symbol)); + +- section_map = xmalloc ((2 * pe_chdr->num_sections + 5) * sizeof (int)); ++ section_map = xcalloc (2 * pe_chdr->num_sections + 5, sizeof (int)); + section_map[0] = 0; +- shdr = xmalloc ((2 * pe_chdr->num_sections + 5) * sizeof (shdr[0])); ++ shdr = xcalloc (2 * pe_chdr->num_sections + 5, sizeof (shdr[0])); + idx = 1; + idx_reloc = pe_chdr->num_sections + 1; + +@@ -233,7 +233,7 @@ write_reloc_section (FILE* fp, const char *name, char *image, + + pe_sec = pe_shdr + shdr[i].sh_link; + pe_rel = (struct grub_pe32_reloc *) (image + pe_sec->relocations_offset); +- rel = (elf_reloc_t *) xmalloc (pe_sec->num_relocations * sizeof (elf_reloc_t)); ++ rel = (elf_reloc_t *) xcalloc (pe_sec->num_relocations, sizeof (elf_reloc_t)); + num_rels = 0; + modified = 0; + +@@ -365,12 +365,10 @@ write_symbol_table (FILE* fp, const char *name, char *image, + pe_symtab = (struct grub_pe32_symbol *) (image + pe_chdr->symtab_offset); + pe_strtab = (char *) (pe_symtab + pe_chdr->num_symbols); + +- symtab = (Elf_Sym *) xmalloc ((pe_chdr->num_symbols + 1) * +- sizeof (Elf_Sym)); +- memset (symtab, 0, (pe_chdr->num_symbols + 1) * sizeof (Elf_Sym)); ++ symtab = (Elf_Sym *) xcalloc (pe_chdr->num_symbols + 1, sizeof (Elf_Sym)); + num_syms = 1; + +- symtab_map = (int *) xmalloc (pe_chdr->num_symbols * sizeof (int)); ++ symtab_map = (int *) xcalloc (pe_chdr->num_symbols, sizeof (int)); + + for (i = 0; i < (int) pe_chdr->num_symbols; + i += pe_symtab->num_aux + 1, pe_symtab += pe_symtab->num_aux + 1) +diff --git a/util/grub-probe.c b/util/grub-probe.c +index e45dbf9e049..2a8c2cdffd5 100644 +--- a/util/grub-probe.c ++++ b/util/grub-probe.c +@@ -361,8 +361,8 @@ probe (const char *path, char **device_names, char delim) + grub_util_pull_device (*curdev); + ndev++; + } +- +- drives_names = xmalloc (sizeof (drives_names[0]) * (ndev + 1)); ++ ++ drives_names = xcalloc (ndev + 1, sizeof (drives_names[0])); + + for (curdev = device_names, curdrive = drives_names; *curdev; curdev++, + curdrive++) +diff --git a/include/grub/unicode.h b/include/grub/unicode.h +index a0403e91f9a..4de986a8576 100644 +--- a/include/grub/unicode.h ++++ b/include/grub/unicode.h +@@ -293,7 +293,7 @@ grub_unicode_glyph_dup (const struct grub_unicode_glyph *in) + grub_memcpy (out, in, sizeof (*in)); + if (in->ncomb > ARRAY_SIZE (out->combining_inline)) + { +- out->combining_ptr = grub_malloc (in->ncomb * sizeof (out->combining_ptr[0])); ++ out->combining_ptr = grub_calloc (in->ncomb, sizeof (out->combining_ptr[0])); + if (!out->combining_ptr) + { + grub_free (out); +@@ -315,7 +315,7 @@ grub_unicode_set_glyph (struct grub_unicode_glyph *out, + grub_memcpy (out, in, sizeof (*in)); + if (in->ncomb > ARRAY_SIZE (out->combining_inline)) + { +- out->combining_ptr = grub_malloc (in->ncomb * sizeof (out->combining_ptr[0])); ++ out->combining_ptr = grub_calloc (in->ncomb, sizeof (out->combining_ptr[0])); + if (!out->combining_ptr) + return; + grub_memcpy (out->combining_ptr, in->combining_ptr, +-- +2.26.2 + diff --git a/SOURCES/0285-malloc-Use-overflow-checking-primitives-where-we-do-.patch b/SOURCES/0285-malloc-Use-overflow-checking-primitives-where-we-do-.patch new file mode 100644 index 0000000..063510f --- /dev/null +++ b/SOURCES/0285-malloc-Use-overflow-checking-primitives-where-we-do-.patch @@ -0,0 +1,1323 @@ +From 05c062003cff8dbbf1b394fa836378e88522e29c Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Mon, 15 Jun 2020 12:28:27 -0400 +Subject: [PATCH 285/314] malloc: Use overflow checking primitives where we do + complex allocations + +This attempts to fix the places where we do the following where +arithmetic_expr may include unvalidated data: + + X = grub_malloc(arithmetic_expr); + +It accomplishes this by doing the arithmetic ahead of time using grub_add(), +grub_sub(), grub_mul() and testing for overflow before proceeding. + +Among other issues, this fixes: + - allocation of integer overflow in grub_video_bitmap_create() + reported by Chris Coulson, + - allocation of integer overflow in grub_png_decode_image_header() + reported by Chris Coulson, + - allocation of integer overflow in grub_squash_read_symlink() + reported by Chris Coulson, + - allocation of integer overflow in grub_ext2_read_symlink() + reported by Chris Coulson, + - allocation of integer overflow in read_section_as_string() + reported by Chris Coulson. + +Fixes: CVE-2020-14309, CVE-2020-14310, CVE-2020-14311 + +Signed-off-by: Peter Jones +Reviewed-by: Daniel Kiper +Upstream-commit-id: 5fb2befbf04 +--- + grub-core/commands/legacycfg.c | 29 +++++++++++++++---- + grub-core/commands/wildcard.c | 36 ++++++++++++++++++++---- + grub-core/disk/ldm.c | 32 +++++++++++++++------ + grub-core/font/font.c | 7 ++++- + grub-core/fs/btrfs.c | 29 +++++++++++++------ + grub-core/fs/ext2.c | 10 ++++++- + grub-core/fs/iso9660.c | 51 ++++++++++++++++++++++++---------- + grub-core/fs/sfs.c | 27 ++++++++++++++---- + grub-core/fs/squash4.c | 45 ++++++++++++++++++++++-------- + grub-core/fs/udf.c | 41 +++++++++++++++++---------- + grub-core/fs/xfs.c | 11 +++++--- + grub-core/fs/zfs/zfs.c | 22 ++++++++++----- + grub-core/fs/zfs/zfscrypt.c | 7 ++++- + grub-core/lib/arg.c | 20 +++++++++++-- + grub-core/loader/i386/bsd.c | 8 +++++- + grub-core/net/dns.c | 9 +++++- + grub-core/normal/charset.c | 10 +++++-- + grub-core/normal/cmdline.c | 14 ++++++++-- + grub-core/normal/menu_entry.c | 13 +++++++-- + grub-core/script/argv.c | 16 +++++++++-- + grub-core/script/lexer.c | 21 ++++++++++++-- + grub-core/video/bitmap.c | 25 +++++++++++------ + grub-core/video/readers/png.c | 13 +++++++-- + 23 files changed, 383 insertions(+), 113 deletions(-) + +diff --git a/grub-core/commands/legacycfg.c b/grub-core/commands/legacycfg.c +index da66a8927c4..0de070eacc4 100644 +--- a/grub-core/commands/legacycfg.c ++++ b/grub-core/commands/legacycfg.c +@@ -32,6 +32,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -104,13 +105,22 @@ legacy_file (const char *filename) + if (newsuffix) + { + char *t; +- ++ grub_size_t sz; ++ ++ if (grub_add (grub_strlen (suffix), grub_strlen (newsuffix), &sz) || ++ grub_add (sz, 1, &sz)) ++ { ++ grub_errno = GRUB_ERR_OUT_OF_RANGE; ++ goto fail_0; ++ } ++ + t = suffix; +- suffix = grub_realloc (suffix, grub_strlen (suffix) +- + grub_strlen (newsuffix) + 1); ++ suffix = grub_realloc (suffix, sz); + if (!suffix) + { + grub_free (t); ++ ++ fail_0: + grub_free (entrysrc); + grub_free (parsed); + grub_free (newsuffix); +@@ -154,13 +164,22 @@ legacy_file (const char *filename) + else + { + char *t; ++ grub_size_t sz; ++ ++ if (grub_add (grub_strlen (entrysrc), grub_strlen (parsed), &sz) || ++ grub_add (sz, 1, &sz)) ++ { ++ grub_errno = GRUB_ERR_OUT_OF_RANGE; ++ goto fail_1; ++ } + + t = entrysrc; +- entrysrc = grub_realloc (entrysrc, grub_strlen (entrysrc) +- + grub_strlen (parsed) + 1); ++ entrysrc = grub_realloc (entrysrc, sz); + if (!entrysrc) + { + grub_free (t); ++ ++ fail_1: + grub_free (parsed); + grub_free (suffix); + return grub_errno; +diff --git a/grub-core/commands/wildcard.c b/grub-core/commands/wildcard.c +index 02c46f9fdfa..c223411371e 100644 +--- a/grub-core/commands/wildcard.c ++++ b/grub-core/commands/wildcard.c +@@ -23,6 +23,7 @@ + #include + #include + #include ++#include + + #include + +@@ -48,6 +49,7 @@ merge (char **dest, char **ps) + int i; + int j; + char **p; ++ grub_size_t sz; + + if (! dest) + return ps; +@@ -60,7 +62,12 @@ merge (char **dest, char **ps) + for (j = 0; ps[j]; j++) + ; + +- p = grub_realloc (dest, sizeof (char*) * (i + j + 1)); ++ if (grub_add (i, j, &sz) || ++ grub_add (sz, 1, &sz) || ++ grub_mul (sz, sizeof (char *), &sz)) ++ return dest; ++ ++ p = grub_realloc (dest, sz); + if (! p) + { + grub_free (dest); +@@ -115,8 +122,15 @@ make_regex (const char *start, const char *end, regex_t *regexp) + char ch; + int i = 0; + unsigned len = end - start; +- char *buffer = grub_malloc (len * 2 + 2 + 1); /* worst case size. */ ++ char *buffer; ++ grub_size_t sz; + ++ /* Worst case size is (len * 2 + 2 + 1). */ ++ if (grub_mul (len, 2, &sz) || ++ grub_add (sz, 3, &sz)) ++ return 1; ++ ++ buffer = grub_malloc (sz); + if (! buffer) + return 1; + +@@ -226,6 +240,7 @@ match_devices_iter (const char *name, void *data) + struct match_devices_ctx *ctx = data; + char **t; + char *buffer; ++ grub_size_t sz; + + /* skip partitions if asked to. */ + if (ctx->noparts && grub_strchr (name, ',')) +@@ -239,11 +254,16 @@ match_devices_iter (const char *name, void *data) + if (regexec (ctx->regexp, buffer, 0, 0, 0)) + { + grub_dprintf ("expand", "not matched\n"); ++ fail: + grub_free (buffer); + return 0; + } + +- t = grub_realloc (ctx->devs, sizeof (char*) * (ctx->ndev + 2)); ++ if (grub_add (ctx->ndev, 2, &sz) || ++ grub_mul (sz, sizeof (char *), &sz)) ++ goto fail; ++ ++ t = grub_realloc (ctx->devs, sz); + if (! t) + { + grub_free (buffer); +@@ -300,6 +320,7 @@ match_files_iter (const char *name, + struct match_files_ctx *ctx = data; + char **t; + char *buffer; ++ grub_size_t sz; + + /* skip . and .. names */ + if (grub_strcmp(".", name) == 0 || grub_strcmp("..", name) == 0) +@@ -315,9 +336,14 @@ match_files_iter (const char *name, + if (! buffer) + return 1; + +- t = grub_realloc (ctx->files, sizeof (char*) * (ctx->nfile + 2)); +- if (! t) ++ if (grub_add (ctx->nfile, 2, &sz) || ++ grub_mul (sz, sizeof (char *), &sz)) ++ goto fail; ++ ++ t = grub_realloc (ctx->files, sz); ++ if (!t) + { ++ fail: + grub_free (buffer); + return 1; + } +diff --git a/grub-core/disk/ldm.c b/grub-core/disk/ldm.c +index e6323701ab3..58f8a53e1ab 100644 +--- a/grub-core/disk/ldm.c ++++ b/grub-core/disk/ldm.c +@@ -25,6 +25,7 @@ + #include + #include + #include ++#include + + #ifdef GRUB_UTIL + #include +@@ -289,6 +290,7 @@ make_vg (grub_disk_t disk, + struct grub_ldm_vblk vblk[GRUB_DISK_SECTOR_SIZE + / sizeof (struct grub_ldm_vblk)]; + unsigned i; ++ grub_size_t sz; + err = grub_disk_read (disk, cursec, 0, + sizeof(vblk), &vblk); + if (err) +@@ -350,7 +352,13 @@ make_vg (grub_disk_t disk, + grub_free (lv); + goto fail2; + } +- lv->name = grub_malloc (*ptr + 1); ++ if (grub_add (*ptr, 1, &sz)) ++ { ++ grub_free (lv->internal_id); ++ grub_free (lv); ++ goto fail2; ++ } ++ lv->name = grub_malloc (sz); + if (!lv->name) + { + grub_free (lv->internal_id); +@@ -599,10 +607,13 @@ make_vg (grub_disk_t disk, + if (lv->segments->node_alloc == lv->segments->node_count) + { + void *t; +- lv->segments->node_alloc *= 2; +- t = grub_realloc (lv->segments->nodes, +- sizeof (*lv->segments->nodes) +- * lv->segments->node_alloc); ++ grub_size_t sz; ++ ++ if (grub_mul (lv->segments->node_alloc, 2, &lv->segments->node_alloc) || ++ grub_mul (lv->segments->node_alloc, sizeof (*lv->segments->nodes), &sz)) ++ goto fail2; ++ ++ t = grub_realloc (lv->segments->nodes, sz); + if (!t) + goto fail2; + lv->segments->nodes = t; +@@ -723,10 +734,13 @@ make_vg (grub_disk_t disk, + if (comp->segment_alloc == comp->segment_count) + { + void *t; +- comp->segment_alloc *= 2; +- t = grub_realloc (comp->segments, +- comp->segment_alloc +- * sizeof (*comp->segments)); ++ grub_size_t sz; ++ ++ if (grub_mul (comp->segment_alloc, 2, &comp->segment_alloc) || ++ grub_mul (comp->segment_alloc, sizeof (*comp->segments), &sz)) ++ goto fail2; ++ ++ t = grub_realloc (comp->segments, sz); + if (!t) + goto fail2; + comp->segments = t; +diff --git a/grub-core/font/font.c b/grub-core/font/font.c +index 68967dc1c2b..d63354fb51b 100644 +--- a/grub-core/font/font.c ++++ b/grub-core/font/font.c +@@ -30,6 +30,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -360,9 +361,13 @@ static char * + read_section_as_string (struct font_file_section *section) + { + char *str; ++ grub_size_t sz; + grub_ssize_t ret; + +- str = grub_malloc (section->length + 1); ++ if (grub_add (section->length, 1, &sz)) ++ return NULL; ++ ++ str = grub_malloc (sz); + if (!str) + return 0; + +diff --git a/grub-core/fs/btrfs.c b/grub-core/fs/btrfs.c +index 8c8aa9c3103..1d801f6c9ee 100644 +--- a/grub-core/fs/btrfs.c ++++ b/grub-core/fs/btrfs.c +@@ -33,6 +33,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -321,9 +322,13 @@ save_ref (struct grub_btrfs_leaf_descriptor *desc, + if (desc->allocated < desc->depth) + { + void *newdata; +- desc->allocated *= 2; +- newdata = grub_realloc (desc->data, sizeof (desc->data[0]) +- * desc->allocated); ++ grub_size_t sz; ++ ++ if (grub_mul (desc->allocated, 2, &desc->allocated) || ++ grub_mul (desc->allocated, sizeof (desc->data[0]), &sz)) ++ return GRUB_ERR_OUT_OF_RANGE; ++ ++ newdata = grub_realloc (desc->data, sz); + if (!newdata) + return grub_errno; + desc->data = newdata; +@@ -618,15 +623,21 @@ find_device (struct grub_btrfs_data *data, grub_uint64_t id, int do_rescan) + if (data->n_devices_attached > data->n_devices_allocated) + { + void *tmp; +- data->n_devices_allocated = 2 * data->n_devices_attached + 1; +- data->devices_attached +- = grub_realloc (tmp = data->devices_attached, +- data->n_devices_allocated +- * sizeof (data->devices_attached[0])); ++ grub_size_t sz; ++ ++ if (grub_mul (data->n_devices_attached, 2, &data->n_devices_allocated) || ++ grub_add (data->n_devices_allocated, 1, &data->n_devices_allocated) || ++ grub_mul (data->n_devices_allocated, sizeof (data->devices_attached[0]), &sz)) ++ goto fail; ++ ++ data->devices_attached = grub_realloc (tmp = data->devices_attached, sz); + if (!data->devices_attached) + { +- grub_device_close (ctx.dev_found); + data->devices_attached = tmp; ++ ++ fail: ++ if (ctx.dev_found) ++ grub_device_close (ctx.dev_found); + return NULL; + } + } +diff --git a/grub-core/fs/ext2.c b/grub-core/fs/ext2.c +index b8ad75a0ff7..b4bd019f49a 100644 +--- a/grub-core/fs/ext2.c ++++ b/grub-core/fs/ext2.c +@@ -46,6 +46,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -703,6 +704,7 @@ grub_ext2_read_symlink (grub_fshelp_node_t node) + { + char *symlink; + struct grub_fshelp_node *diro = node; ++ grub_size_t sz; + + if (! diro->inode_read) + { +@@ -717,7 +719,13 @@ grub_ext2_read_symlink (grub_fshelp_node_t node) + } + } + +- symlink = grub_malloc (grub_le_to_cpu32 (diro->inode.size) + 1); ++ if (grub_add (grub_le_to_cpu32 (diro->inode.size), 1, &sz)) ++ { ++ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); ++ return NULL; ++ } ++ ++ symlink = grub_malloc (sz); + if (! symlink) + return 0; + +diff --git a/grub-core/fs/iso9660.c b/grub-core/fs/iso9660.c +index 092b8f409ec..f45841e2b47 100644 +--- a/grub-core/fs/iso9660.c ++++ b/grub-core/fs/iso9660.c +@@ -28,6 +28,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -531,8 +532,13 @@ add_part (struct iterate_dir_ctx *ctx, + int len2) + { + int size = ctx->symlink ? grub_strlen (ctx->symlink) : 0; ++ grub_size_t sz; + +- ctx->symlink = grub_realloc (ctx->symlink, size + len2 + 1); ++ if (grub_add (size, len2, &sz) || ++ grub_add (sz, 1, &sz)) ++ return; ++ ++ ctx->symlink = grub_realloc (ctx->symlink, sz); + if (! ctx->symlink) + return; + +@@ -560,17 +566,24 @@ susp_iterate_dir (struct grub_iso9660_susp_entry *entry, + { + grub_size_t off = 0, csize = 1; + char *old; ++ grub_size_t sz; ++ + csize = entry->len - 5; + old = ctx->filename; + if (ctx->filename_alloc) + { + off = grub_strlen (ctx->filename); +- ctx->filename = grub_realloc (ctx->filename, csize + off + 1); ++ if (grub_add (csize, off, &sz) || ++ grub_add (sz, 1, &sz)) ++ return GRUB_ERR_OUT_OF_RANGE; ++ ctx->filename = grub_realloc (ctx->filename, sz); + } + else + { + off = 0; +- ctx->filename = grub_zalloc (csize + 1); ++ if (grub_add (csize, 1, &sz)) ++ return GRUB_ERR_OUT_OF_RANGE; ++ ctx->filename = grub_zalloc (sz); + } + if (!ctx->filename) + { +@@ -776,14 +789,18 @@ grub_iso9660_iterate_dir (grub_fshelp_node_t dir, + if (node->have_dirents >= node->alloc_dirents) + { + struct grub_fshelp_node *new_node; +- node->alloc_dirents *= 2; +- new_node = grub_realloc (node, +- sizeof (struct grub_fshelp_node) +- + ((node->alloc_dirents +- - ARRAY_SIZE (node->dirents)) +- * sizeof (node->dirents[0]))); ++ grub_size_t sz; ++ ++ if (grub_mul (node->alloc_dirents, 2, &node->alloc_dirents) || ++ grub_sub (node->alloc_dirents, ARRAY_SIZE (node->dirents), &sz) || ++ grub_mul (sz, sizeof (node->dirents[0]), &sz) || ++ grub_add (sz, sizeof (struct grub_fshelp_node), &sz)) ++ goto fail_0; ++ ++ new_node = grub_realloc (node, sz); + if (!new_node) + { ++ fail_0: + if (ctx.filename_alloc) + grub_free (ctx.filename); + grub_free (node); +@@ -799,14 +816,18 @@ grub_iso9660_iterate_dir (grub_fshelp_node_t dir, + * sizeof (node->dirents[0]) < grub_strlen (ctx.symlink) + 1) + { + struct grub_fshelp_node *new_node; +- new_node = grub_realloc (node, +- sizeof (struct grub_fshelp_node) +- + ((node->alloc_dirents +- - ARRAY_SIZE (node->dirents)) +- * sizeof (node->dirents[0])) +- + grub_strlen (ctx.symlink) + 1); ++ grub_size_t sz; ++ ++ if (grub_sub (node->alloc_dirents, ARRAY_SIZE (node->dirents), &sz) || ++ grub_mul (sz, sizeof (node->dirents[0]), &sz) || ++ grub_add (sz, sizeof (struct grub_fshelp_node) + 1, &sz) || ++ grub_add (sz, grub_strlen (ctx.symlink), &sz)) ++ goto fail_1; ++ ++ new_node = grub_realloc (node, sz); + if (!new_node) + { ++ fail_1: + if (ctx.filename_alloc) + grub_free (ctx.filename); + grub_free (node); +diff --git a/grub-core/fs/sfs.c b/grub-core/fs/sfs.c +index 663931717fd..3ddc6b5e287 100644 +--- a/grub-core/fs/sfs.c ++++ b/grub-core/fs/sfs.c +@@ -26,6 +26,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -307,10 +308,15 @@ grub_sfs_read_block (grub_fshelp_node_t node, grub_disk_addr_t fileblock) + if (node->cache && node->cache_size >= node->cache_allocated) + { + struct cache_entry *e = node->cache; +- e = grub_realloc (node->cache,node->cache_allocated * 2 +- * sizeof (e[0])); ++ grub_size_t sz; ++ ++ if (grub_mul (node->cache_allocated, 2 * sizeof (e[0]), &sz)) ++ goto fail; ++ ++ e = grub_realloc (node->cache, sz); + if (!e) + { ++ fail: + grub_errno = 0; + grub_free (node->cache); + node->cache = 0; +@@ -477,10 +483,16 @@ grub_sfs_create_node (struct grub_fshelp_node **node, + grub_size_t len = grub_strlen (name); + grub_uint8_t *name_u8; + int ret; ++ grub_size_t sz; ++ ++ if (grub_mul (len, GRUB_MAX_UTF8_PER_LATIN1, &sz) || ++ grub_add (sz, 1, &sz)) ++ return 1; ++ + *node = grub_malloc (sizeof (**node)); + if (!*node) + return 1; +- name_u8 = grub_malloc (len * GRUB_MAX_UTF8_PER_LATIN1 + 1); ++ name_u8 = grub_malloc (sz); + if (!name_u8) + { + grub_free (*node); +@@ -724,8 +736,13 @@ grub_sfs_label (grub_device_t device, char **label) + data = grub_sfs_mount (disk); + if (data) + { +- grub_size_t len = grub_strlen (data->label); +- *label = grub_malloc (len * GRUB_MAX_UTF8_PER_LATIN1 + 1); ++ grub_size_t sz, len = grub_strlen (data->label); ++ ++ if (grub_mul (len, GRUB_MAX_UTF8_PER_LATIN1, &sz) || ++ grub_add (sz, 1, &sz)) ++ return GRUB_ERR_OUT_OF_RANGE; ++ ++ *label = grub_malloc (sz); + if (*label) + *grub_latin1_to_utf8 ((grub_uint8_t *) *label, + (const grub_uint8_t *) data->label, +diff --git a/grub-core/fs/squash4.c b/grub-core/fs/squash4.c +index 2c967c65a42..f9bef38fc42 100644 +--- a/grub-core/fs/squash4.c ++++ b/grub-core/fs/squash4.c +@@ -26,6 +26,7 @@ + #include + #include + #include ++#include + #include + + #include "xz.h" +@@ -459,7 +460,17 @@ grub_squash_read_symlink (grub_fshelp_node_t node) + { + char *ret; + grub_err_t err; +- ret = grub_malloc (grub_le_to_cpu32 (node->ino.symlink.namelen) + 1); ++ grub_size_t sz; ++ ++ if (grub_add (grub_le_to_cpu32 (node->ino.symlink.namelen), 1, &sz)) ++ { ++ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); ++ return NULL; ++ } ++ ++ ret = grub_malloc (sz); ++ if (!ret) ++ return NULL; + + err = read_chunk (node->data, ret, + grub_le_to_cpu32 (node->ino.symlink.namelen), +@@ -506,11 +517,16 @@ grub_squash_iterate_dir (grub_fshelp_node_t dir, + + { + grub_fshelp_node_t node; +- node = grub_malloc (sizeof (*node) + dir->stsize * sizeof (dir->stack[0])); ++ grub_size_t sz; ++ ++ if (grub_mul (dir->stsize, sizeof (dir->stack[0]), &sz) || ++ grub_add (sz, sizeof (*node), &sz)) ++ return 0; ++ ++ node = grub_malloc (sz); + if (!node) + return 0; +- grub_memcpy (node, dir, +- sizeof (*node) + dir->stsize * sizeof (dir->stack[0])); ++ grub_memcpy (node, dir, sz); + if (hook (".", GRUB_FSHELP_DIR, node, hook_data)) + return 1; + +@@ -518,12 +534,15 @@ grub_squash_iterate_dir (grub_fshelp_node_t dir, + { + grub_err_t err; + +- node = grub_malloc (sizeof (*node) + dir->stsize * sizeof (dir->stack[0])); ++ if (grub_mul (dir->stsize, sizeof (dir->stack[0]), &sz) || ++ grub_add (sz, sizeof (*node), &sz)) ++ return 0; ++ ++ node = grub_malloc (sz); + if (!node) + return 0; + +- grub_memcpy (node, dir, +- sizeof (*node) + dir->stsize * sizeof (dir->stack[0])); ++ grub_memcpy (node, dir, sz); + + node->stsize--; + err = read_chunk (dir->data, &node->ino, sizeof (node->ino), +@@ -557,6 +576,7 @@ grub_squash_iterate_dir (grub_fshelp_node_t dir, + enum grub_fshelp_filetype filetype = GRUB_FSHELP_REG; + struct grub_squash_dirent di; + struct grub_squash_inode ino; ++ grub_size_t sz; + + err = read_chunk (dir->data, &di, sizeof (di), + grub_le_to_cpu64 (dir->data->sb.diroffset) +@@ -589,13 +609,16 @@ grub_squash_iterate_dir (grub_fshelp_node_t dir, + if (grub_le_to_cpu16 (di.type) == SQUASH_TYPE_SYMLINK) + filetype = GRUB_FSHELP_SYMLINK; + +- node = grub_malloc (sizeof (*node) +- + (dir->stsize + 1) * sizeof (dir->stack[0])); ++ if (grub_add (dir->stsize, 1, &sz) || ++ grub_mul (sz, sizeof (dir->stack[0]), &sz) || ++ grub_add (sz, sizeof (*node), &sz)) ++ return 0; ++ ++ node = grub_malloc (sz); + if (! node) + return 0; + +- grub_memcpy (node, dir, +- sizeof (*node) + dir->stsize * sizeof (dir->stack[0])); ++ grub_memcpy (node, dir, sz - sizeof(dir->stack[0])); + + node->ino = ino; + node->stack[node->stsize].ino_chunk = grub_le_to_cpu32 (dh.ino_chunk); +diff --git a/grub-core/fs/udf.c b/grub-core/fs/udf.c +index 44481da7c6d..be41b48f913 100644 +--- a/grub-core/fs/udf.c ++++ b/grub-core/fs/udf.c +@@ -28,6 +28,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -890,9 +891,19 @@ read_string (const grub_uint8_t *raw, grub_size_t sz, char *outbuf) + utf16[i] = (raw[2 * i + 1] << 8) | raw[2*i + 2]; + } + if (!outbuf) +- outbuf = grub_malloc (utf16len * GRUB_MAX_UTF8_PER_UTF16 + 1); ++ { ++ grub_size_t size; ++ ++ if (grub_mul (utf16len, GRUB_MAX_UTF8_PER_UTF16, &size) || ++ grub_add (size, 1, &size)) ++ goto fail; ++ ++ outbuf = grub_malloc (size); ++ } + if (outbuf) + *grub_utf16_to_utf8 ((grub_uint8_t *) outbuf, utf16, utf16len) = '\0'; ++ ++ fail: + grub_free (utf16); + return outbuf; + } +@@ -1005,7 +1016,7 @@ grub_udf_read_symlink (grub_fshelp_node_t node) + grub_size_t sz = U64 (node->block.fe.file_size); + grub_uint8_t *raw; + const grub_uint8_t *ptr; +- char *out, *optr; ++ char *out = NULL, *optr; + + if (sz < 4) + return NULL; +@@ -1013,14 +1024,16 @@ grub_udf_read_symlink (grub_fshelp_node_t node) + if (!raw) + return NULL; + if (grub_udf_read_file (node, NULL, NULL, 0, sz, (char *) raw) < 0) +- { +- grub_free (raw); +- return NULL; +- } ++ goto fail_1; + +- out = grub_malloc (sz * 2 + 1); ++ if (grub_mul (sz, 2, &sz) || ++ grub_add (sz, 1, &sz)) ++ goto fail_0; ++ ++ out = grub_malloc (sz); + if (!out) + { ++ fail_0: + grub_free (raw); + return NULL; + } +@@ -1031,17 +1044,17 @@ grub_udf_read_symlink (grub_fshelp_node_t node) + { + grub_size_t s; + if ((grub_size_t) (ptr - raw + 4) > sz) +- goto fail; ++ goto fail_1; + if (!(ptr[2] == 0 && ptr[3] == 0)) +- goto fail; ++ goto fail_1; + s = 4 + ptr[1]; + if ((grub_size_t) (ptr - raw + s) > sz) +- goto fail; ++ goto fail_1; + switch (*ptr) + { + case 1: + if (ptr[1]) +- goto fail; ++ goto fail_1; + /* Fallthrough. */ + case 2: + /* in 4 bytes. out: 1 byte. */ +@@ -1066,11 +1079,11 @@ grub_udf_read_symlink (grub_fshelp_node_t node) + if (optr != out) + *optr++ = '/'; + if (!read_string (ptr + 4, s - 4, optr)) +- goto fail; ++ goto fail_1; + optr += grub_strlen (optr); + break; + default: +- goto fail; ++ goto fail_1; + } + ptr += s; + } +@@ -1078,7 +1091,7 @@ grub_udf_read_symlink (grub_fshelp_node_t node) + grub_free (raw); + return out; + +- fail: ++ fail_1: + grub_free (raw); + grub_free (out); + grub_error (GRUB_ERR_BAD_FS, "invalid symlink"); +diff --git a/grub-core/fs/xfs.c b/grub-core/fs/xfs.c +index 3b00c744e23..66e66dd58cc 100644 +--- a/grub-core/fs/xfs.c ++++ b/grub-core/fs/xfs.c +@@ -25,6 +25,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -899,6 +900,7 @@ static struct grub_xfs_data * + grub_xfs_mount (grub_disk_t disk) + { + struct grub_xfs_data *data = 0; ++ grub_size_t sz; + + data = grub_zalloc (sizeof (struct grub_xfs_data)); + if (!data) +@@ -913,10 +915,11 @@ grub_xfs_mount (grub_disk_t disk) + if (!grub_xfs_sb_valid(data)) + goto fail; + +- data = grub_realloc (data, +- sizeof (struct grub_xfs_data) +- - sizeof (struct grub_xfs_inode) +- + grub_xfs_inode_size(data) + 1); ++ if (grub_add (grub_xfs_inode_size (data), ++ sizeof (struct grub_xfs_data) - sizeof (struct grub_xfs_inode) + 1, &sz)) ++ goto fail; ++ ++ data = grub_realloc (data, sz); + + if (! data) + goto fail; +diff --git a/grub-core/fs/zfs/zfs.c b/grub-core/fs/zfs/zfs.c +index f6b95d4fb02..c6204367e78 100644 +--- a/grub-core/fs/zfs/zfs.c ++++ b/grub-core/fs/zfs/zfs.c +@@ -55,6 +55,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -773,11 +774,14 @@ fill_vdev_info (struct grub_zfs_data *data, + if (data->n_devices_attached > data->n_devices_allocated) + { + void *tmp; +- data->n_devices_allocated = 2 * data->n_devices_attached + 1; +- data->devices_attached +- = grub_realloc (tmp = data->devices_attached, +- data->n_devices_allocated +- * sizeof (data->devices_attached[0])); ++ grub_size_t sz; ++ ++ if (grub_mul (data->n_devices_attached, 2, &data->n_devices_allocated) || ++ grub_add (data->n_devices_allocated, 1, &data->n_devices_allocated) || ++ grub_mul (data->n_devices_allocated, sizeof (data->devices_attached[0]), &sz)) ++ return GRUB_ERR_OUT_OF_RANGE; ++ ++ data->devices_attached = grub_realloc (tmp = data->devices_attached, sz); + if (!data->devices_attached) + { + data->devices_attached = tmp; +@@ -3468,14 +3472,18 @@ grub_zfs_nvlist_lookup_nvlist (const char *nvlist, const char *name) + { + char *nvpair; + char *ret; +- grub_size_t size; ++ grub_size_t size, sz; + int found; + + found = nvlist_find_value (nvlist, name, DATA_TYPE_NVLIST, &nvpair, + &size, 0); + if (!found) + return 0; +- ret = grub_zalloc (size + 3 * sizeof (grub_uint32_t)); ++ ++ if (grub_add (size, 3 * sizeof (grub_uint32_t), &sz)) ++ return 0; ++ ++ ret = grub_zalloc (sz); + if (!ret) + return 0; + grub_memcpy (ret, nvlist, sizeof (grub_uint32_t)); +diff --git a/grub-core/fs/zfs/zfscrypt.c b/grub-core/fs/zfs/zfscrypt.c +index 87eef621d6d..f8488c35344 100644 +--- a/grub-core/fs/zfs/zfscrypt.c ++++ b/grub-core/fs/zfs/zfscrypt.c +@@ -22,6 +22,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -82,9 +83,13 @@ grub_zfs_add_key (grub_uint8_t *key_in, + int passphrase) + { + struct grub_zfs_wrap_key *key; ++ grub_size_t sz; ++ + if (!passphrase && keylen > 32) + keylen = 32; +- key = grub_malloc (sizeof (*key) + keylen); ++ if (grub_add (sizeof (*key), keylen, &sz)) ++ return GRUB_ERR_OUT_OF_RANGE; ++ key = grub_malloc (sz); + if (!key) + return grub_errno; + key->is_passphrase = passphrase; +diff --git a/grub-core/lib/arg.c b/grub-core/lib/arg.c +index fd7744a6ff6..3288609a5e1 100644 +--- a/grub-core/lib/arg.c ++++ b/grub-core/lib/arg.c +@@ -23,6 +23,7 @@ + #include + #include + #include ++#include + + /* Built-in parser for default options. */ + static const struct grub_arg_option help_options[] = +@@ -216,7 +217,13 @@ static inline grub_err_t + add_arg (char ***argl, int *num, char *s) + { + char **p = *argl; +- *argl = grub_realloc (*argl, (++(*num) + 1) * sizeof (char *)); ++ grub_size_t sz; ++ ++ if (grub_add (++(*num), 1, &sz) || ++ grub_mul (sz, sizeof (char *), &sz)) ++ return grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); ++ ++ *argl = grub_realloc (*argl, sz); + if (! *argl) + { + grub_free (p); +@@ -431,6 +438,7 @@ grub_arg_list_alloc(grub_extcmd_t extcmd, int argc, + grub_size_t argcnt; + struct grub_arg_list *list; + const struct grub_arg_option *options; ++ grub_size_t sz0, sz1; + + options = extcmd->options; + if (! options) +@@ -443,7 +451,15 @@ grub_arg_list_alloc(grub_extcmd_t extcmd, int argc, + argcnt += ((grub_size_t) argc + 1) / 2 + 1; /* max possible for any option */ + } + +- list = grub_zalloc (sizeof (*list) * i + sizeof (char*) * argcnt); ++ if (grub_mul (sizeof (*list), i, &sz0) || ++ grub_mul (sizeof (char *), argcnt, &sz1) || ++ grub_add (sz0, sz1, &sz0)) ++ { ++ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); ++ return 0; ++ } ++ ++ list = grub_zalloc (sz0); + if (! list) + return 0; + +diff --git a/grub-core/loader/i386/bsd.c b/grub-core/loader/i386/bsd.c +index 87709aa23e8..0f317632a3b 100644 +--- a/grub-core/loader/i386/bsd.c ++++ b/grub-core/loader/i386/bsd.c +@@ -35,6 +35,7 @@ + #include + #include + #include ++#include + #ifdef GRUB_MACHINE_PCBIOS + #include + #endif +@@ -1007,11 +1008,16 @@ grub_netbsd_add_modules (void) + struct grub_netbsd_btinfo_modules *mods; + unsigned i; + grub_err_t err; ++ grub_size_t sz; + + for (mod = netbsd_mods; mod; mod = mod->next) + modcnt++; + +- mods = grub_malloc (sizeof (*mods) + sizeof (mods->mods[0]) * modcnt); ++ if (grub_mul (modcnt, sizeof (mods->mods[0]), &sz) || ++ grub_add (sz, sizeof (*mods), &sz)) ++ return GRUB_ERR_OUT_OF_RANGE; ++ ++ mods = grub_malloc (sz); + if (!mods) + return grub_errno; + +diff --git a/grub-core/net/dns.c b/grub-core/net/dns.c +index e332d5eb4a4..906ec7d6782 100644 +--- a/grub-core/net/dns.c ++++ b/grub-core/net/dns.c +@@ -22,6 +22,7 @@ + #include + #include + #include ++#include + + struct dns_cache_element + { +@@ -51,9 +52,15 @@ grub_net_add_dns_server (const struct grub_net_network_level_address *s) + { + int na = dns_servers_alloc * 2; + struct grub_net_network_level_address *ns; ++ grub_size_t sz; ++ + if (na < 8) + na = 8; +- ns = grub_realloc (dns_servers, na * sizeof (ns[0])); ++ ++ if (grub_mul (na, sizeof (ns[0]), &sz)) ++ return GRUB_ERR_OUT_OF_RANGE; ++ ++ ns = grub_realloc (dns_servers, sz); + if (!ns) + return grub_errno; + dns_servers_alloc = na; +diff --git a/grub-core/normal/charset.c b/grub-core/normal/charset.c +index d57fb72faa8..4dfcc31078d 100644 +--- a/grub-core/normal/charset.c ++++ b/grub-core/normal/charset.c +@@ -48,6 +48,7 @@ + #include + #include + #include ++#include + + #if HAVE_FONT_SOURCE + #include "widthspec.h" +@@ -464,6 +465,7 @@ grub_unicode_aglomerate_comb (const grub_uint32_t *in, grub_size_t inlen, + { + struct grub_unicode_combining *n; + unsigned j; ++ grub_size_t sz; + + if (!haveout) + continue; +@@ -477,10 +479,14 @@ grub_unicode_aglomerate_comb (const grub_uint32_t *in, grub_size_t inlen, + n = out->combining_inline; + else if (out->ncomb > (int) ARRAY_SIZE (out->combining_inline)) + { +- n = grub_realloc (out->combining_ptr, +- sizeof (n[0]) * (out->ncomb + 1)); ++ if (grub_add (out->ncomb, 1, &sz) || ++ grub_mul (sz, sizeof (n[0]), &sz)) ++ goto fail; ++ ++ n = grub_realloc (out->combining_ptr, sz); + if (!n) + { ++ fail: + grub_errno = GRUB_ERR_NONE; + continue; + } +diff --git a/grub-core/normal/cmdline.c b/grub-core/normal/cmdline.c +index c57242e2ea9..de03fe63b3d 100644 +--- a/grub-core/normal/cmdline.c ++++ b/grub-core/normal/cmdline.c +@@ -28,6 +28,7 @@ + #include + #include + #include ++#include + + static grub_uint32_t *kill_buf; + +@@ -307,12 +308,21 @@ cl_insert (struct cmdline_term *cl_terms, unsigned nterms, + if (len + (*llen) >= (*max_len)) + { + grub_uint32_t *nbuf; +- (*max_len) *= 2; +- nbuf = grub_realloc ((*buf), sizeof (grub_uint32_t) * (*max_len)); ++ grub_size_t sz; ++ ++ if (grub_mul (*max_len, 2, max_len) || ++ grub_mul (*max_len, sizeof (grub_uint32_t), &sz)) ++ { ++ grub_errno = GRUB_ERR_OUT_OF_RANGE; ++ goto fail; ++ } ++ ++ nbuf = grub_realloc ((*buf), sz); + if (nbuf) + (*buf) = nbuf; + else + { ++ fail: + grub_print_error (); + grub_errno = GRUB_ERR_NONE; + (*max_len) /= 2; +diff --git a/grub-core/normal/menu_entry.c b/grub-core/normal/menu_entry.c +index f31487c1f58..de64a367c4e 100644 +--- a/grub-core/normal/menu_entry.c ++++ b/grub-core/normal/menu_entry.c +@@ -27,6 +27,7 @@ + #include + #include + #include ++#include + + enum update_mode + { +@@ -113,10 +114,18 @@ ensure_space (struct line *linep, int extra) + { + if (linep->max_len < linep->len + extra) + { +- linep->max_len = 2 * (linep->len + extra); +- linep->buf = grub_realloc (linep->buf, (linep->max_len + 1) * sizeof (linep->buf[0])); ++ grub_size_t sz0, sz1; ++ ++ if (grub_add (linep->len, extra, &sz0) || ++ grub_mul (sz0, 2, &sz0) || ++ grub_add (sz0, 1, &sz1) || ++ grub_mul (sz1, sizeof (linep->buf[0]), &sz1)) ++ return 0; ++ ++ linep->buf = grub_realloc (linep->buf, sz1); + if (! linep->buf) + return 0; ++ linep->max_len = sz0; + } + + return 1; +diff --git a/grub-core/script/argv.c b/grub-core/script/argv.c +index 217ec5d1e1b..5751fdd5708 100644 +--- a/grub-core/script/argv.c ++++ b/grub-core/script/argv.c +@@ -20,6 +20,7 @@ + #include + #include + #include ++#include + + /* Return nearest power of two that is >= v. */ + static unsigned +@@ -81,11 +82,16 @@ int + grub_script_argv_next (struct grub_script_argv *argv) + { + char **p = argv->args; ++ grub_size_t sz; + + if (argv->args && argv->argc && argv->args[argv->argc - 1] == 0) + return 0; + +- p = grub_realloc (p, round_up_exp ((argv->argc + 2) * sizeof (char *))); ++ if (grub_add (argv->argc, 2, &sz) || ++ grub_mul (sz, sizeof (char *), &sz)) ++ return 1; ++ ++ p = grub_realloc (p, round_up_exp (sz)); + if (! p) + return 1; + +@@ -105,13 +111,19 @@ grub_script_argv_append (struct grub_script_argv *argv, const char *s, + { + grub_size_t a; + char *p = argv->args[argv->argc - 1]; ++ grub_size_t sz; + + if (! s) + return 0; + + a = p ? grub_strlen (p) : 0; + +- p = grub_realloc (p, round_up_exp ((a + slen + 1) * sizeof (char))); ++ if (grub_add (a, slen, &sz) || ++ grub_add (sz, 1, &sz) || ++ grub_mul (sz, sizeof (char), &sz)) ++ return 1; ++ ++ p = grub_realloc (p, round_up_exp (sz)); + if (! p) + return 1; + +diff --git a/grub-core/script/lexer.c b/grub-core/script/lexer.c +index c6bd3172fab..5fb0cbd0bc9 100644 +--- a/grub-core/script/lexer.c ++++ b/grub-core/script/lexer.c +@@ -24,6 +24,7 @@ + #include + #include + #include ++#include + + #define yytext_ptr char * + #include "grub_script.tab.h" +@@ -110,10 +111,14 @@ grub_script_lexer_record (struct grub_parser_param *parser, char *str) + old = lexer->recording; + if (lexer->recordlen < len) + lexer->recordlen = len; +- lexer->recordlen *= 2; ++ ++ if (grub_mul (lexer->recordlen, 2, &lexer->recordlen)) ++ goto fail; ++ + lexer->recording = grub_realloc (lexer->recording, lexer->recordlen); + if (!lexer->recording) + { ++ fail: + grub_free (old); + lexer->recordpos = 0; + lexer->recordlen = 0; +@@ -130,7 +135,7 @@ int + grub_script_lexer_yywrap (struct grub_parser_param *parserstate, + const char *input) + { +- grub_size_t len = 0; ++ grub_size_t len = 0, sz; + char *p = 0; + char *line = 0; + YY_BUFFER_STATE buffer; +@@ -168,12 +173,22 @@ grub_script_lexer_yywrap (struct grub_parser_param *parserstate, + } + else if (len && line[len - 1] != '\n') + { +- p = grub_realloc (line, len + 2); ++ if (grub_add (len, 2, &sz)) ++ { ++ grub_free (line); ++ grub_script_yyerror (parserstate, N_("overflow is detected")); ++ return 1; ++ } ++ ++ p = grub_realloc (line, sz); + if (p) + { + p[len++] = '\n'; + p[len] = '\0'; + } ++ else ++ grub_free (line); ++ + line = p; + } + +diff --git a/grub-core/video/bitmap.c b/grub-core/video/bitmap.c +index b2e0315665b..6256e209a6b 100644 +--- a/grub-core/video/bitmap.c ++++ b/grub-core/video/bitmap.c +@@ -23,6 +23,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -58,7 +59,7 @@ grub_video_bitmap_create (struct grub_video_bitmap **bitmap, + enum grub_video_blit_format blit_format) + { + struct grub_video_mode_info *mode_info; +- unsigned int size; ++ grub_size_t size; + + if (!bitmap) + return grub_error (GRUB_ERR_BUG, "invalid argument"); +@@ -137,19 +138,25 @@ grub_video_bitmap_create (struct grub_video_bitmap **bitmap, + + mode_info->pitch = width * mode_info->bytes_per_pixel; + +- /* Calculate size needed for the data. */ +- size = (width * mode_info->bytes_per_pixel) * height; ++ /* Calculate size needed for the data. */ ++ if (grub_mul (width, mode_info->bytes_per_pixel, &size) || ++ grub_mul (size, height, &size)) ++ { ++ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); ++ goto fail; ++ } + + (*bitmap)->data = grub_zalloc (size); + if (! (*bitmap)->data) +- { +- grub_free (*bitmap); +- *bitmap = 0; +- +- return grub_errno; +- } ++ goto fail; + + return GRUB_ERR_NONE; ++ ++ fail: ++ grub_free (*bitmap); ++ *bitmap = NULL; ++ ++ return grub_errno; + } + + /* Frees all resources allocated by bitmap. */ +diff --git a/grub-core/video/readers/png.c b/grub-core/video/readers/png.c +index e85df3c1b04..719e647e44f 100644 +--- a/grub-core/video/readers/png.c ++++ b/grub-core/video/readers/png.c +@@ -23,6 +23,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -301,9 +302,17 @@ grub_png_decode_image_header (struct grub_png_data *data) + data->bpp <<= 1; + + data->color_bits = color_bits; +- data->row_bytes = data->image_width * data->bpp; ++ ++ if (grub_mul (data->image_width, data->bpp, &data->row_bytes)) ++ return grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); ++ + if (data->color_bits <= 4) +- data->row_bytes = (data->image_width * data->color_bits + 7) / 8; ++ { ++ if (grub_mul (data->image_width, data->color_bits + 7, &data->row_bytes)) ++ return grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); ++ ++ data->row_bytes >>= 3; ++ } + + #ifndef GRUB_CPU_WORDS_BIGENDIAN + if (data->is_16bit || data->is_gray || data->is_palette) +-- +2.26.2 + diff --git a/SOURCES/0286-iso9660-Don-t-leak-memory-on-realloc-failures.patch b/SOURCES/0286-iso9660-Don-t-leak-memory-on-realloc-failures.patch new file mode 100644 index 0000000..39680b4 --- /dev/null +++ b/SOURCES/0286-iso9660-Don-t-leak-memory-on-realloc-failures.patch @@ -0,0 +1,69 @@ +From c37e76df9c58c3f170e838c42527ef8544bf4468 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Sat, 4 Jul 2020 12:25:09 -0400 +Subject: [PATCH 286/314] iso9660: Don't leak memory on realloc() failures + +Signed-off-by: Peter Jones +Reviewed-by: Daniel Kiper +Upstream-commit-id: f2bd30b2fe7 +--- + grub-core/fs/iso9660.c | 24 ++++++++++++++++++++---- + 1 file changed, 20 insertions(+), 4 deletions(-) + +diff --git a/grub-core/fs/iso9660.c b/grub-core/fs/iso9660.c +index f45841e2b47..6fc9302bce3 100644 +--- a/grub-core/fs/iso9660.c ++++ b/grub-core/fs/iso9660.c +@@ -533,14 +533,20 @@ add_part (struct iterate_dir_ctx *ctx, + { + int size = ctx->symlink ? grub_strlen (ctx->symlink) : 0; + grub_size_t sz; ++ char *new; + + if (grub_add (size, len2, &sz) || + grub_add (sz, 1, &sz)) + return; + +- ctx->symlink = grub_realloc (ctx->symlink, sz); +- if (! ctx->symlink) +- return; ++ new = grub_realloc (ctx->symlink, sz); ++ if (!new) ++ { ++ grub_free (ctx->symlink); ++ ctx->symlink = NULL; ++ return; ++ } ++ ctx->symlink = new; + + grub_memcpy (ctx->symlink + size, part, len2); + ctx->symlink[size + len2] = 0; +@@ -634,7 +640,12 @@ susp_iterate_dir (struct grub_iso9660_susp_entry *entry, + is the length. Both are part of the `Component + Record'. */ + if (ctx->symlink && !ctx->was_continue) +- add_part (ctx, "/", 1); ++ { ++ add_part (ctx, "/", 1); ++ if (grub_errno) ++ return grub_errno; ++ } ++ + add_part (ctx, (char *) &entry->data[pos + 2], + entry->data[pos + 1]); + ctx->was_continue = (entry->data[pos] & 1); +@@ -653,6 +664,11 @@ susp_iterate_dir (struct grub_iso9660_susp_entry *entry, + add_part (ctx, "/", 1); + break; + } ++ ++ /* Check if grub_realloc() failed in add_part(). */ ++ if (grub_errno) ++ return grub_errno; ++ + /* In pos + 1 the length of the `Component Record' is + stored. */ + pos += entry->data[pos + 1] + 2; +-- +2.26.2 + diff --git a/SOURCES/0287-font-Do-not-load-more-than-one-NAME-section.patch b/SOURCES/0287-font-Do-not-load-more-than-one-NAME-section.patch new file mode 100644 index 0000000..467c058 --- /dev/null +++ b/SOURCES/0287-font-Do-not-load-more-than-one-NAME-section.patch @@ -0,0 +1,38 @@ +From 0b3c4b90e1b928a2606f0801e6e872dd6cb85c42 Mon Sep 17 00:00:00 2001 +From: Daniel Kiper +Date: Tue, 7 Jul 2020 15:36:26 +0200 +Subject: [PATCH 287/314] font: Do not load more than one NAME section + +The GRUB font file can have one NAME section only. Though if somebody +crafts a broken font file with many NAME sections and loads it then the +GRUB leaks memory. So, prevent against that by loading first NAME +section and failing in controlled way on following one. + +Reported-by: Chris Coulson +Signed-off-by: Daniel Kiper +Reviewed-by: Jan Setje-Eilers +Upstream-commit-id: 482814113dc +--- + grub-core/font/font.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/grub-core/font/font.c b/grub-core/font/font.c +index d63354fb51b..a7b955a1a74 100644 +--- a/grub-core/font/font.c ++++ b/grub-core/font/font.c +@@ -532,6 +532,12 @@ grub_font_load (const char *filename) + if (grub_memcmp (section.name, FONT_FORMAT_SECTION_NAMES_FONT_NAME, + sizeof (FONT_FORMAT_SECTION_NAMES_FONT_NAME) - 1) == 0) + { ++ if (font->name != NULL) ++ { ++ grub_error (GRUB_ERR_BAD_FONT, "invalid font file: too many NAME sections"); ++ goto fail; ++ } ++ + font->name = read_section_as_string (§ion); + if (!font->name) + goto fail; +-- +2.26.2 + diff --git a/SOURCES/0288-gfxmenu-Fix-double-free-in-load_image.patch b/SOURCES/0288-gfxmenu-Fix-double-free-in-load_image.patch new file mode 100644 index 0000000..8673385 --- /dev/null +++ b/SOURCES/0288-gfxmenu-Fix-double-free-in-load_image.patch @@ -0,0 +1,36 @@ +From 583a48bca23f7c4e0d691f0e6d065dac61bbfca1 Mon Sep 17 00:00:00 2001 +From: Alexey Makhalov +Date: Wed, 8 Jul 2020 20:41:56 +0000 +Subject: [PATCH 288/314] gfxmenu: Fix double free in load_image() + +self->bitmap should be zeroed after free. Otherwise, there is a chance +to double free (USE_AFTER_FREE) it later in rescale_image(). + +Fixes: CID 292472 + +Signed-off-by: Alexey Makhalov +Reviewed-by: Daniel Kiper +Upstream-commit-id: 5d3e84b15a4 +--- + grub-core/gfxmenu/gui_image.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/grub-core/gfxmenu/gui_image.c b/grub-core/gfxmenu/gui_image.c +index 29784ed2d9a..6b2e976f16e 100644 +--- a/grub-core/gfxmenu/gui_image.c ++++ b/grub-core/gfxmenu/gui_image.c +@@ -195,7 +195,10 @@ load_image (grub_gui_image_t self, const char *path) + return grub_errno; + + if (self->bitmap && (self->bitmap != self->raw_bitmap)) +- grub_video_bitmap_destroy (self->bitmap); ++ { ++ grub_video_bitmap_destroy (self->bitmap); ++ self->bitmap = 0; ++ } + if (self->raw_bitmap) + grub_video_bitmap_destroy (self->raw_bitmap); + +-- +2.26.2 + diff --git a/SOURCES/0289-xnu-Fix-double-free-in-grub_xnu_devprop_add_property.patch b/SOURCES/0289-xnu-Fix-double-free-in-grub_xnu_devprop_add_property.patch new file mode 100644 index 0000000..291e6a6 --- /dev/null +++ b/SOURCES/0289-xnu-Fix-double-free-in-grub_xnu_devprop_add_property.patch @@ -0,0 +1,57 @@ +From 301523f584d9aa624424c68ab3f085a9b7eca417 Mon Sep 17 00:00:00 2001 +From: Alexey Makhalov +Date: Wed, 8 Jul 2020 21:30:43 +0000 +Subject: [PATCH 289/314] xnu: Fix double free in + grub_xnu_devprop_add_property() + +grub_xnu_devprop_add_property() should not free utf8 and utf16 as it get +allocated and freed in the caller. + +Minor improvement: do prop fields initialization after memory allocations. + +Fixes: CID 292442, CID 292457, CID 292460, CID 292466 + +Signed-off-by: Alexey Makhalov +Reviewed-by: Daniel Kiper +Upstream-commit-id: 4d5e2d13519 +--- + grub-core/loader/i386/xnu.c | 19 +++++++++---------- + 1 file changed, 9 insertions(+), 10 deletions(-) + +diff --git a/grub-core/loader/i386/xnu.c b/grub-core/loader/i386/xnu.c +index ee0eaadc4ee..c760db30fc0 100644 +--- a/grub-core/loader/i386/xnu.c ++++ b/grub-core/loader/i386/xnu.c +@@ -262,20 +262,19 @@ grub_xnu_devprop_add_property (struct grub_xnu_devprop_device_descriptor *dev, + if (!prop) + return grub_errno; + ++ prop->data = grub_malloc (datalen); ++ if (!prop->data) ++ { ++ grub_free (prop); ++ return grub_errno; ++ } ++ grub_memcpy (prop->data, data, datalen); ++ + prop->name = utf8; + prop->name16 = utf16; + prop->name16len = utf16len; +- + prop->length = datalen; +- prop->data = grub_malloc (prop->length); +- if (!prop->data) +- { +- grub_free (prop->name); +- grub_free (prop->name16); +- grub_free (prop); +- return grub_errno; +- } +- grub_memcpy (prop->data, data, prop->length); ++ + grub_list_push (GRUB_AS_LIST_P (&dev->properties), + GRUB_AS_LIST (prop)); + return GRUB_ERR_NONE; +-- +2.26.2 + diff --git a/SOURCES/0290-lzma-Make-sure-we-don-t-dereference-past-array.patch b/SOURCES/0290-lzma-Make-sure-we-don-t-dereference-past-array.patch new file mode 100644 index 0000000..41cef60 --- /dev/null +++ b/SOURCES/0290-lzma-Make-sure-we-don-t-dereference-past-array.patch @@ -0,0 +1,52 @@ +From 656e3376d52c7244edac9264454c0fadac835749 Mon Sep 17 00:00:00 2001 +From: Konrad Rzeszutek Wilk +Date: Thu, 9 Jul 2020 03:05:23 +0000 +Subject: [PATCH 290/314] lzma: Make sure we don't dereference past array + +The two dimensional array p->posSlotEncoder[4][64] is being dereferenced +using the GetLenToPosState() macro which checks if len is less than 5, +and if so subtracts 2 from it. If len = 0, that is 0 - 2 = 4294967294. +Obviously we don't want to dereference that far out so we check if the +position found is greater or equal kNumLenToPosStates (4) and bail out. + +N.B.: Upstream LZMA 18.05 and later has this function completely rewritten +without any history. + +Fixes: CID 51526 + +Signed-off-by: Konrad Rzeszutek Wilk +Reviewed-by: Daniel Kiper +Upstream-commit-id: f91e043bda4 +--- + grub-core/lib/LzmaEnc.c | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) + +diff --git a/grub-core/lib/LzmaEnc.c b/grub-core/lib/LzmaEnc.c +index f2ec04a8c28..753e56a95e3 100644 +--- a/grub-core/lib/LzmaEnc.c ++++ b/grub-core/lib/LzmaEnc.c +@@ -1877,13 +1877,19 @@ static SRes LzmaEnc_CodeOneBlock(CLzmaEnc *p, Bool useLimits, UInt32 maxPackSize + } + else + { +- UInt32 posSlot; ++ UInt32 posSlot, lenToPosState; + RangeEnc_EncodeBit(&p->rc, &p->isRep[p->state], 0); + p->state = kMatchNextStates[p->state]; + LenEnc_Encode2(&p->lenEnc, &p->rc, len - LZMA_MATCH_LEN_MIN, posState, !p->fastMode, p->ProbPrices); + pos -= LZMA_NUM_REPS; + GetPosSlot(pos, posSlot); +- RcTree_Encode(&p->rc, p->posSlotEncoder[GetLenToPosState(len)], kNumPosSlotBits, posSlot); ++ lenToPosState = GetLenToPosState(len); ++ if (lenToPosState >= kNumLenToPosStates) ++ { ++ p->result = SZ_ERROR_DATA; ++ return CheckErrors(p); ++ } ++ RcTree_Encode(&p->rc, p->posSlotEncoder[lenToPosState], kNumPosSlotBits, posSlot); + + if (posSlot >= kStartPosModelIndex) + { +-- +2.26.2 + diff --git a/SOURCES/0291-term-Fix-overflow-on-user-inputs.patch b/SOURCES/0291-term-Fix-overflow-on-user-inputs.patch new file mode 100644 index 0000000..c5cc556 --- /dev/null +++ b/SOURCES/0291-term-Fix-overflow-on-user-inputs.patch @@ -0,0 +1,66 @@ +From 6df814d4f43a47ffe2b354b9fa683ed4022fa5f1 Mon Sep 17 00:00:00 2001 +From: Konrad Rzeszutek Wilk +Date: Tue, 7 Jul 2020 15:12:25 -0400 +Subject: [PATCH 291/314] term: Fix overflow on user inputs + +This requires a very weird input from the serial interface but can cause +an overflow in input_buf (keys) overwriting the next variable (npending) +with the user choice: + +(pahole output) + +struct grub_terminfo_input_state { + int input_buf[6]; /* 0 24 */ + int npending; /* 24 4 */ <- CORRUPT + ...snip... + +The magic string requires causing this is "ESC,O,],0,1,2,q" and we overflow +npending with "q" (aka increase npending to 161). The simplest fix is to +just to disallow overwrites input_buf, which exactly what this patch does. + +Fixes: CID 292449 + +Signed-off-by: Konrad Rzeszutek Wilk +Reviewed-by: Daniel Kiper +Upstream-commit-id: 98dfa546777 +--- + grub-core/term/terminfo.c | 9 ++++++--- + 1 file changed, 6 insertions(+), 3 deletions(-) + +diff --git a/grub-core/term/terminfo.c b/grub-core/term/terminfo.c +index 537a5c0cb0b..44d0b3b19fb 100644 +--- a/grub-core/term/terminfo.c ++++ b/grub-core/term/terminfo.c +@@ -398,7 +398,7 @@ grub_terminfo_getwh (struct grub_term_output *term) + } + + static void +-grub_terminfo_readkey (struct grub_term_input *term, int *keys, int *len, ++grub_terminfo_readkey (struct grub_term_input *term, int *keys, int *len, int max_len, + int (*readkey) (struct grub_term_input *term)) + { + int c; +@@ -414,6 +414,9 @@ grub_terminfo_readkey (struct grub_term_input *term, int *keys, int *len, + if (c == -1) \ + return; \ + \ ++ if (*len >= max_len) \ ++ return; \ ++ \ + keys[*len] = c; \ + (*len)++; \ + } +@@ -602,8 +605,8 @@ grub_terminfo_getkey (struct grub_term_input *termi) + return ret; + } + +- grub_terminfo_readkey (termi, data->input_buf, +- &data->npending, data->readkey); ++ grub_terminfo_readkey (termi, data->input_buf, &data->npending, ++ GRUB_TERMINFO_READKEY_MAX_LEN, data->readkey); + + #if defined(__powerpc__) && defined(GRUB_MACHINE_IEEE1275) + if (data->npending == 1 && data->input_buf[0] == GRUB_TERM_ESC +-- +2.26.2 + diff --git a/SOURCES/0292-udf-Fix-memory-leak.patch b/SOURCES/0292-udf-Fix-memory-leak.patch new file mode 100644 index 0000000..b5589cd --- /dev/null +++ b/SOURCES/0292-udf-Fix-memory-leak.patch @@ -0,0 +1,56 @@ +From 1864839f0e0eeb2b93a5b20e4e36f9b80abc3c23 Mon Sep 17 00:00:00 2001 +From: Konrad Rzeszutek Wilk +Date: Tue, 7 Jul 2020 22:02:31 -0400 +Subject: [PATCH 292/314] udf: Fix memory leak + +Fixes: CID 73796 + +Signed-off-by: Konrad Rzeszutek Wilk +Reviewed-by: Daniel Kiper +Reviewed-by: Jan Setje-Eilers +Upstream-commit-id: 8da62d8183c +--- + grub-core/fs/udf.c | 17 +++++++++++++---- + 1 file changed, 13 insertions(+), 4 deletions(-) + +diff --git a/grub-core/fs/udf.c b/grub-core/fs/udf.c +index be41b48f913..6670beb5665 100644 +--- a/grub-core/fs/udf.c ++++ b/grub-core/fs/udf.c +@@ -965,8 +965,10 @@ grub_udf_iterate_dir (grub_fshelp_node_t dir, + return 0; + + if (grub_udf_read_icb (dir->data, &dirent.icb, child)) +- return 0; +- ++ { ++ grub_free (child); ++ return 0; ++ } + if (dirent.characteristics & GRUB_UDF_FID_CHAR_PARENT) + { + /* This is the parent directory. */ +@@ -988,11 +990,18 @@ grub_udf_iterate_dir (grub_fshelp_node_t dir, + dirent.file_ident_length, + (char *) raw)) + != dirent.file_ident_length) +- return 0; ++ { ++ grub_free (child); ++ return 0; ++ } + + filename = read_string (raw, dirent.file_ident_length, 0); + if (!filename) +- grub_print_error (); ++ { ++ /* As the hook won't get called. */ ++ grub_free (child); ++ grub_print_error (); ++ } + + if (filename && hook (filename, type, child, hook_data)) + { +-- +2.26.2 + diff --git a/SOURCES/0293-multiboot2-Fix-memory-leak-if-grub_create_loader_cmd.patch b/SOURCES/0293-multiboot2-Fix-memory-leak-if-grub_create_loader_cmd.patch new file mode 100644 index 0000000..60bb19d --- /dev/null +++ b/SOURCES/0293-multiboot2-Fix-memory-leak-if-grub_create_loader_cmd.patch @@ -0,0 +1,47 @@ +From 9b970d31434e3fd6a8de36a6adef5cc721b265a8 Mon Sep 17 00:00:00 2001 +From: Konrad Rzeszutek Wilk +Date: Fri, 26 Jun 2020 10:51:43 -0400 +Subject: [PATCH 293/314] multiboot2: Fix memory leak if + grub_create_loader_cmdline() fails + +Fixes: CID 292468 + +Signed-off-by: Konrad Rzeszutek Wilk +Reviewed-by: Daniel Kiper +Upstream-commit-id: cd6760b6289 +--- + grub-core/loader/multiboot_mbi2.c | 11 +++++++++-- + 1 file changed, 9 insertions(+), 2 deletions(-) + +diff --git a/grub-core/loader/multiboot_mbi2.c b/grub-core/loader/multiboot_mbi2.c +index 54078455e2f..872dcd42e97 100644 +--- a/grub-core/loader/multiboot_mbi2.c ++++ b/grub-core/loader/multiboot_mbi2.c +@@ -1089,6 +1089,7 @@ grub_multiboot2_add_module (grub_addr_t start, grub_size_t size, + { + struct module *newmod; + grub_size_t len = 0; ++ grub_err_t err = 0; + + newmod = grub_malloc (sizeof (*newmod)); + if (!newmod) +@@ -1107,8 +1108,14 @@ grub_multiboot2_add_module (grub_addr_t start, grub_size_t size, + newmod->cmdline_size = len; + total_modcmd += ALIGN_UP (len, MULTIBOOT_TAG_ALIGN); + +- grub_create_loader_cmdline (argc, argv, newmod->cmdline, +- newmod->cmdline_size); ++ err = grub_create_loader_cmdline (argc, argv, newmod->cmdline, ++ newmod->cmdline_size); ++ if (err) ++ { ++ grub_free (newmod->cmdline); ++ grub_free (newmod); ++ return err; ++ } + + if (modules_last) + modules_last->next = newmod; +-- +2.26.2 + diff --git a/SOURCES/0294-tftp-Do-not-use-priority-queue.patch b/SOURCES/0294-tftp-Do-not-use-priority-queue.patch new file mode 100644 index 0000000..7b73129 --- /dev/null +++ b/SOURCES/0294-tftp-Do-not-use-priority-queue.patch @@ -0,0 +1,289 @@ +From 0ecb57c7bc38cb5de4a1b23909203a3331f5c84b Mon Sep 17 00:00:00 2001 +From: Alexey Makhalov +Date: Thu, 9 Jul 2020 08:10:40 +0000 +Subject: [PATCH 294/314] tftp: Do not use priority queue + +There is not need to reassemble the order of blocks. Per RFC 1350, +server must wait for the ACK, before sending next block. Data packets +can be served immediately without putting them to priority queue. + +Logic to handle incoming packet is this: + - if packet block id equal to expected block id, then + process the packet, + - if packet block id is less than expected - this is retransmit + of old packet, then ACK it and drop the packet, + - if packet block id is more than expected - that shouldn't + happen, just drop the packet. + +It makes the tftp receive path code simpler, smaller and faster. +As a benefit, this change fixes CID# 73624 and CID# 96690, caused +by following while loop: + + while (cmp_block (grub_be_to_cpu16 (tftph->u.data.block), data->block + 1) == 0) + +where tftph pointer is not moving from one iteration to another, causing +to serve same packet again. Luckily, double serving didn't happen due to +data->block++ during the first iteration. + +Fixes: CID 73624, CID 96690 + +Signed-off-by: Alexey Makhalov +Reviewed-by: Daniel Kiper +Upstream-commit-id: 8316694c4f7 +--- + grub-core/net/tftp.c | 174 ++++++++++++++----------------------------- + 1 file changed, 54 insertions(+), 120 deletions(-) + +diff --git a/grub-core/net/tftp.c b/grub-core/net/tftp.c +index e267af354f4..79c16f9b041 100644 +--- a/grub-core/net/tftp.c ++++ b/grub-core/net/tftp.c +@@ -25,7 +25,6 @@ + #include + #include + #include +-#include + #include + + GRUB_MOD_LICENSE ("GPLv3+"); +@@ -106,31 +105,8 @@ typedef struct tftp_data + int have_oack; + struct grub_error_saved save_err; + grub_net_udp_socket_t sock; +- grub_priority_queue_t pq; + } *tftp_data_t; + +-static int +-cmp_block (grub_uint16_t a, grub_uint16_t b) +-{ +- grub_int16_t i = (grub_int16_t) (a - b); +- if (i > 0) +- return +1; +- if (i < 0) +- return -1; +- return 0; +-} +- +-static int +-cmp (const void *a__, const void *b__) +-{ +- struct grub_net_buff *a_ = *(struct grub_net_buff **) a__; +- struct grub_net_buff *b_ = *(struct grub_net_buff **) b__; +- struct tftphdr *a = (struct tftphdr *) a_->data; +- struct tftphdr *b = (struct tftphdr *) b_->data; +- /* We want the first elements to be on top. */ +- return -cmp_block (grub_be_to_cpu16 (a->u.data.block), grub_be_to_cpu16 (b->u.data.block)); +-} +- + static grub_err_t + ack (tftp_data_t data, grub_uint64_t block) + { +@@ -207,73 +183,60 @@ tftp_receive (grub_net_udp_socket_t sock __attribute__ ((unused)), + return GRUB_ERR_NONE; + } + +- err = grub_priority_queue_push (data->pq, &nb); +- if (err) +- return err; ++ /* Ack old/retransmitted block. */ ++ if (grub_be_to_cpu16 (tftph->u.data.block) < data->block + 1) ++ ack (data, grub_be_to_cpu16 (tftph->u.data.block)); ++ /* Ignore unexpected block. */ ++ else if (grub_be_to_cpu16 (tftph->u.data.block) > data->block + 1) ++ grub_dprintf ("tftp", "TFTP unexpected block # %d\n", tftph->u.data.block); ++ else ++ { ++ unsigned size; + +- { +- struct grub_net_buff **nb_top_p, *nb_top; +- while (1) +- { +- nb_top_p = grub_priority_queue_top (data->pq); +- if (!nb_top_p) +- return GRUB_ERR_NONE; +- nb_top = *nb_top_p; +- tftph = (struct tftphdr *) nb_top->data; +- if (cmp_block (grub_be_to_cpu16 (tftph->u.data.block), data->block + 1) >= 0) +- break; +- ack (data, grub_be_to_cpu16 (tftph->u.data.block)); +- grub_netbuff_free (nb_top); +- grub_priority_queue_pop (data->pq); +- } +- while (cmp_block (grub_be_to_cpu16 (tftph->u.data.block), data->block + 1) == 0) +- { +- unsigned size; +- +- grub_priority_queue_pop (data->pq); +- +- if (file->device->net->packs.count < 50) ++ if (file->device->net->packs.count < 50) ++ { + err = ack (data, data->block + 1); +- else +- { +- file->device->net->stall = 1; +- err = 0; +- } +- if (err) +- return err; ++ if (err) ++ return err; ++ } ++ else ++ file->device->net->stall = 1; + +- err = grub_netbuff_pull (nb_top, sizeof (tftph->opcode) + +- sizeof (tftph->u.data.block)); +- if (err) +- return err; +- size = nb_top->tail - nb_top->data; ++ err = grub_netbuff_pull (nb, sizeof (tftph->opcode) + ++ sizeof (tftph->u.data.block)); ++ if (err) ++ return err; ++ size = nb->tail - nb->data; + +- data->block++; +- if (size < data->block_size) +- { +- if (data->ack_sent < data->block) +- ack (data, data->block); +- file->device->net->eof = 1; +- file->device->net->stall = 1; +- grub_net_udp_close (data->sock); +- data->sock = NULL; +- } +- /* Prevent garbage in broken cards. Is it still necessary +- given that IP implementation has been fixed? +- */ +- if (size > data->block_size) +- { +- err = grub_netbuff_unput (nb_top, size - data->block_size); +- if (err) +- return err; +- } +- /* If there is data, puts packet in socket list. */ +- if ((nb_top->tail - nb_top->data) > 0) +- grub_net_put_packet (&file->device->net->packs, nb_top); +- else +- grub_netbuff_free (nb_top); +- } +- } ++ data->block++; ++ if (size < data->block_size) ++ { ++ if (data->ack_sent < data->block) ++ ack (data, data->block); ++ file->device->net->eof = 1; ++ file->device->net->stall = 1; ++ grub_net_udp_close (data->sock); ++ data->sock = NULL; ++ } ++ /* ++ * Prevent garbage in broken cards. Is it still necessary ++ * given that IP implementation has been fixed? ++ */ ++ if (size > data->block_size) ++ { ++ err = grub_netbuff_unput (nb, size - data->block_size); ++ if (err) ++ return err; ++ } ++ /* If there is data, puts packet in socket list. */ ++ if ((nb->tail - nb->data) > 0) ++ { ++ grub_net_put_packet (&file->device->net->packs, nb); ++ /* Do not free nb. */ ++ return GRUB_ERR_NONE; ++ } ++ } ++ grub_netbuff_free (nb); + return GRUB_ERR_NONE; + case TFTP_ERROR: + data->have_oack = 1; +@@ -287,22 +250,10 @@ tftp_receive (grub_net_udp_socket_t sock __attribute__ ((unused)), + } + } + +-static void +-destroy_pq (tftp_data_t data) +-{ +- struct grub_net_buff **nb_p; +- while ((nb_p = grub_priority_queue_top (data->pq))) +- { +- grub_netbuff_free (*nb_p); +- grub_priority_queue_pop (data->pq); +- } +- +- grub_priority_queue_destroy (data->pq); +-} +- +-/* Create a normalized copy of the filename. +- Compress any string of consecutive forward slashes to a single forward +- slash. */ ++/* ++ * Create a normalized copy of the filename. Compress any string of consecutive ++ * forward slashes to a single forward slash. ++ */ + static void + grub_normalize_filename (char *normalized, const char *filename) + { +@@ -395,22 +346,9 @@ tftp_open (struct grub_file *file, const char *filename) + file->not_easily_seekable = 1; + file->data = data; + +- data->pq = grub_priority_queue_new (sizeof (struct grub_net_buff *), cmp); +- if (!data->pq) +- { +- grub_free (data); +- return grub_errno; +- } +- +- grub_dprintf("tftp", "resolving address for %s\n", file->device->net->server); + err = grub_net_resolve_address (file->device->net->server, &addr); + if (err) + { +- grub_dprintf ("tftp", "Address resolution failed: %d\n", err); +- grub_dprintf ("tftp", "file_size is %llu, block_size is %llu\n", +- (unsigned long long)data->file_size, +- (unsigned long long)data->block_size); +- destroy_pq (data); + grub_free (data); + return err; + } +@@ -422,7 +360,6 @@ tftp_open (struct grub_file *file, const char *filename) + if (!data->sock) + { + grub_dprintf("tftp", "connection failed\n"); +- destroy_pq (data); + grub_free (data); + return grub_errno; + } +@@ -436,7 +373,6 @@ tftp_open (struct grub_file *file, const char *filename) + if (err) + { + grub_net_udp_close (data->sock); +- destroy_pq (data); + grub_free (data); + return err; + } +@@ -453,7 +389,6 @@ tftp_open (struct grub_file *file, const char *filename) + if (grub_errno) + { + grub_net_udp_close (data->sock); +- destroy_pq (data); + grub_free (data); + return grub_errno; + } +@@ -496,7 +431,6 @@ tftp_close (struct grub_file *file) + grub_print_error (); + grub_net_udp_close (data->sock); + } +- destroy_pq (data); + grub_free (data); + return GRUB_ERR_NONE; + } +-- +2.26.2 + diff --git a/SOURCES/0295-relocator-Protect-grub_relocator_alloc_chunk_addr-in.patch b/SOURCES/0295-relocator-Protect-grub_relocator_alloc_chunk_addr-in.patch new file mode 100644 index 0000000..f4f82ea --- /dev/null +++ b/SOURCES/0295-relocator-Protect-grub_relocator_alloc_chunk_addr-in.patch @@ -0,0 +1,150 @@ +From 320fe69ffff39f90169f793402de4d4223a1a64c Mon Sep 17 00:00:00 2001 +From: Alexey Makhalov +Date: Wed, 15 Jul 2020 06:42:37 +0000 +Subject: [PATCH 295/314] relocator: Protect grub_relocator_alloc_chunk_addr() + input args against integer underflow/overflow + +Use arithmetic macros from safemath.h to accomplish it. In this commit, +I didn't want to be too paranoid to check every possible math equation +for overflow/underflow. Only obvious places (with non zero chance of +overflow/underflow) were refactored. + +Signed-off-by: Alexey Makhalov +Reviewed-by: Daniel Kiper +Upstream-commit-id: ebb15735f10 +--- + grub-core/loader/i386/linux.c | 9 +++++++-- + grub-core/loader/i386/pc/linux.c | 9 +++++++-- + grub-core/loader/i386/xen.c | 12 ++++++++++-- + grub-core/loader/xnu.c | 11 +++++++---- + 4 files changed, 31 insertions(+), 10 deletions(-) + +diff --git a/grub-core/loader/i386/linux.c b/grub-core/loader/i386/linux.c +index 76304f05700..b4a30f607fa 100644 +--- a/grub-core/loader/i386/linux.c ++++ b/grub-core/loader/i386/linux.c +@@ -37,6 +37,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -593,9 +594,13 @@ grub_linux_boot (void) + + { + grub_relocator_chunk_t ch; ++ grub_size_t sz; ++ ++ if (grub_add (ctx.real_size, efi_mmap_size, &sz)) ++ return GRUB_ERR_OUT_OF_RANGE; ++ + err = grub_relocator_alloc_chunk_addr (relocator, &ch, +- ctx.real_mode_target, +- (ctx.real_size + efi_mmap_size)); ++ ctx.real_mode_target, sz); + if (err) + return err; + real_mode_mem = get_virtual_current_address (ch); +diff --git a/grub-core/loader/i386/pc/linux.c b/grub-core/loader/i386/pc/linux.c +index 783a3cd93bc..540891371f9 100644 +--- a/grub-core/loader/i386/pc/linux.c ++++ b/grub-core/loader/i386/pc/linux.c +@@ -36,6 +36,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -231,8 +232,12 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + setup_sects = GRUB_LINUX_DEFAULT_SETUP_SECTS; + + real_size = setup_sects << GRUB_DISK_SECTOR_BITS; +- grub_linux16_prot_size = grub_file_size (file) +- - real_size - GRUB_DISK_SECTOR_SIZE; ++ if (grub_sub (grub_file_size (file), real_size, &grub_linux16_prot_size) || ++ grub_sub (grub_linux16_prot_size, GRUB_DISK_SECTOR_SIZE, &grub_linux16_prot_size)) ++ { ++ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); ++ goto fail; ++ } + + if (! grub_linux_is_bzimage + && GRUB_LINUX_ZIMAGE_ADDR + grub_linux16_prot_size +diff --git a/grub-core/loader/i386/xen.c b/grub-core/loader/i386/xen.c +index 3073f64d5e5..85b93347b25 100644 +--- a/grub-core/loader/i386/xen.c ++++ b/grub-core/loader/i386/xen.c +@@ -40,6 +40,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -635,6 +636,7 @@ grub_cmd_xen (grub_command_t cmd __attribute__ ((unused)), + grub_relocator_chunk_t ch; + grub_addr_t kern_start; + grub_addr_t kern_end; ++ grub_size_t sz; + + if (argc == 0) + return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected")); +@@ -699,8 +701,14 @@ grub_cmd_xen (grub_command_t cmd __attribute__ ((unused)), + + xen_state.max_addr = ALIGN_UP (kern_end, PAGE_SIZE); + +- err = grub_relocator_alloc_chunk_addr (xen_state.relocator, &ch, kern_start, +- kern_end - kern_start); ++ ++ if (grub_sub (kern_end, kern_start, &sz)) ++ { ++ err = GRUB_ERR_OUT_OF_RANGE; ++ goto fail; ++ } ++ ++ err = grub_relocator_alloc_chunk_addr (xen_state.relocator, &ch, kern_start, sz); + if (err) + goto fail; + kern_chunk_src = get_virtual_current_address (ch); +diff --git a/grub-core/loader/xnu.c b/grub-core/loader/xnu.c +index dc7d5409e1e..2bf02489bad 100644 +--- a/grub-core/loader/xnu.c ++++ b/grub-core/loader/xnu.c +@@ -34,6 +34,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -59,15 +60,17 @@ grub_xnu_heap_malloc (int size, void **src, grub_addr_t *target) + { + grub_err_t err; + grub_relocator_chunk_t ch; ++ grub_addr_t tgt; ++ ++ if (grub_add (grub_xnu_heap_target_start, grub_xnu_heap_size, &tgt)) ++ return GRUB_ERR_OUT_OF_RANGE; + +- err = grub_relocator_alloc_chunk_addr (grub_xnu_relocator, &ch, +- grub_xnu_heap_target_start +- + grub_xnu_heap_size, size); ++ err = grub_relocator_alloc_chunk_addr (grub_xnu_relocator, &ch, tgt, size); + if (err) + return err; + + *src = get_virtual_current_address (ch); +- *target = grub_xnu_heap_target_start + grub_xnu_heap_size; ++ *target = tgt; + grub_xnu_heap_size += size; + grub_dprintf ("xnu", "val=%p\n", *src); + return GRUB_ERR_NONE; +-- +2.26.2 + diff --git a/SOURCES/0296-relocator-Protect-grub_relocator_alloc_chunk_align-m.patch b/SOURCES/0296-relocator-Protect-grub_relocator_alloc_chunk_align-m.patch new file mode 100644 index 0000000..b1d067e --- /dev/null +++ b/SOURCES/0296-relocator-Protect-grub_relocator_alloc_chunk_align-m.patch @@ -0,0 +1,338 @@ +From 93d697a46b43ee13e0343c79777af5ce23c313b7 Mon Sep 17 00:00:00 2001 +From: Alexey Makhalov +Date: Wed, 8 Jul 2020 01:44:38 +0000 +Subject: [PATCH 296/314] relocator: Protect grub_relocator_alloc_chunk_align() + max_addr against integer underflow + +This commit introduces integer underflow mitigation in max_addr calculation +in grub_relocator_alloc_chunk_align() invocation. + +It consists of 2 fixes: + 1. Introduced grub_relocator_alloc_chunk_align_safe() wrapper function to perform + sanity check for min/max and size values, and to make safe invocation of + grub_relocator_alloc_chunk_align() with validated max_addr value. Replace all + invocations such as grub_relocator_alloc_chunk_align(..., min_addr, max_addr - size, size, ...) + by grub_relocator_alloc_chunk_align_safe(..., min_addr, max_addr, size, ...). + 2. Introduced UP_TO_TOP32(s) macro for the cases where max_addr is 32-bit top + address (0xffffffff - size + 1) or similar. + +Signed-off-by: Alexey Makhalov +Reviewed-by: Daniel Kiper +Upstream-commit-id: 10498c8ba17 +--- + grub-core/lib/i386/relocator.c | 28 ++++++++++---------------- + grub-core/lib/mips/relocator.c | 6 ++---- + grub-core/lib/powerpc/relocator.c | 6 ++---- + grub-core/lib/x86_64/efi/relocator.c | 7 +++---- + grub-core/loader/i386/linux.c | 5 ++--- + grub-core/loader/i386/multiboot_mbi.c | 7 +++---- + grub-core/loader/i386/pc/linux.c | 6 ++---- + grub-core/loader/mips/linux.c | 9 +++------ + grub-core/loader/multiboot.c | 2 +- + grub-core/loader/multiboot_elfxx.c | 10 ++++----- + grub-core/loader/multiboot_mbi2.c | 10 ++++----- + grub-core/loader/xnu_resume.c | 2 +- + include/grub/relocator.h | 29 +++++++++++++++++++++++++++ + 13 files changed, 69 insertions(+), 58 deletions(-) + +diff --git a/grub-core/lib/i386/relocator.c b/grub-core/lib/i386/relocator.c +index 71dd4f0ab0c..34cbe834fa3 100644 +--- a/grub-core/lib/i386/relocator.c ++++ b/grub-core/lib/i386/relocator.c +@@ -83,11 +83,10 @@ grub_relocator32_boot (struct grub_relocator *rel, + /* Specific memory range due to Global Descriptor Table for use by payload + that we will store in returned chunk. The address range and preference + are based on "THE LINUX/x86 BOOT PROTOCOL" specification. */ +- err = grub_relocator_alloc_chunk_align (rel, &ch, 0x1000, +- 0x9a000 - RELOCATOR_SIZEOF (32), +- RELOCATOR_SIZEOF (32), 16, +- GRUB_RELOCATOR_PREFERENCE_LOW, +- avoid_efi_bootservices); ++ err = grub_relocator_alloc_chunk_align_safe (rel, &ch, 0x1000, 0x9a000, ++ RELOCATOR_SIZEOF (32), 16, ++ GRUB_RELOCATOR_PREFERENCE_LOW, ++ avoid_efi_bootservices); + if (err) + return err; + +@@ -125,13 +124,10 @@ grub_relocator16_boot (struct grub_relocator *rel, + grub_relocator_chunk_t ch; + + /* Put it higher than the byte it checks for A20 check. */ +- err = grub_relocator_alloc_chunk_align (rel, &ch, 0x8010, +- 0xa0000 - RELOCATOR_SIZEOF (16) +- - GRUB_RELOCATOR16_STACK_SIZE, +- RELOCATOR_SIZEOF (16) +- + GRUB_RELOCATOR16_STACK_SIZE, 16, +- GRUB_RELOCATOR_PREFERENCE_NONE, +- 0); ++ err = grub_relocator_alloc_chunk_align_safe (rel, &ch, 0x8010, 0xa0000, ++ RELOCATOR_SIZEOF (16) + ++ GRUB_RELOCATOR16_STACK_SIZE, 16, ++ GRUB_RELOCATOR_PREFERENCE_NONE, 0); + if (err) + return err; + +@@ -183,11 +179,9 @@ grub_relocator64_boot (struct grub_relocator *rel, + void *relst; + grub_relocator_chunk_t ch; + +- err = grub_relocator_alloc_chunk_align (rel, &ch, min_addr, +- max_addr - RELOCATOR_SIZEOF (64), +- RELOCATOR_SIZEOF (64), 16, +- GRUB_RELOCATOR_PREFERENCE_NONE, +- 0); ++ err = grub_relocator_alloc_chunk_align_safe (rel, &ch, min_addr, max_addr, ++ RELOCATOR_SIZEOF (64), 16, ++ GRUB_RELOCATOR_PREFERENCE_NONE, 0); + if (err) + return err; + +diff --git a/grub-core/lib/mips/relocator.c b/grub-core/lib/mips/relocator.c +index 9d5f49cb93a..743b213e695 100644 +--- a/grub-core/lib/mips/relocator.c ++++ b/grub-core/lib/mips/relocator.c +@@ -120,10 +120,8 @@ grub_relocator32_boot (struct grub_relocator *rel, + unsigned i; + grub_addr_t vtarget; + +- err = grub_relocator_alloc_chunk_align (rel, &ch, 0, +- (0xffffffff - stateset_size) +- + 1, stateset_size, +- sizeof (grub_uint32_t), ++ err = grub_relocator_alloc_chunk_align (rel, &ch, 0, UP_TO_TOP32 (stateset_size), ++ stateset_size, sizeof (grub_uint32_t), + GRUB_RELOCATOR_PREFERENCE_NONE, 0); + if (err) + return err; +diff --git a/grub-core/lib/powerpc/relocator.c b/grub-core/lib/powerpc/relocator.c +index bdf2b111be7..8ffb8b68683 100644 +--- a/grub-core/lib/powerpc/relocator.c ++++ b/grub-core/lib/powerpc/relocator.c +@@ -115,10 +115,8 @@ grub_relocator32_boot (struct grub_relocator *rel, + unsigned i; + grub_relocator_chunk_t ch; + +- err = grub_relocator_alloc_chunk_align (rel, &ch, 0, +- (0xffffffff - stateset_size) +- + 1, stateset_size, +- sizeof (grub_uint32_t), ++ err = grub_relocator_alloc_chunk_align (rel, &ch, 0, UP_TO_TOP32 (stateset_size), ++ stateset_size, sizeof (grub_uint32_t), + GRUB_RELOCATOR_PREFERENCE_NONE, 0); + if (err) + return err; +diff --git a/grub-core/lib/x86_64/efi/relocator.c b/grub-core/lib/x86_64/efi/relocator.c +index 3caef7a4021..7d200a125ee 100644 +--- a/grub-core/lib/x86_64/efi/relocator.c ++++ b/grub-core/lib/x86_64/efi/relocator.c +@@ -50,10 +50,9 @@ grub_relocator64_efi_boot (struct grub_relocator *rel, + * 64-bit relocator code may live above 4 GiB quite well. + * However, I do not want ask for problems. Just in case. + */ +- err = grub_relocator_alloc_chunk_align (rel, &ch, 0, +- 0x100000000 - RELOCATOR_SIZEOF (64_efi), +- RELOCATOR_SIZEOF (64_efi), 16, +- GRUB_RELOCATOR_PREFERENCE_NONE, 1); ++ err = grub_relocator_alloc_chunk_align_safe (rel, &ch, 0, 0x100000000, ++ RELOCATOR_SIZEOF (64_efi), 16, ++ GRUB_RELOCATOR_PREFERENCE_NONE, 1); + if (err) + return err; + +diff --git a/grub-core/loader/i386/linux.c b/grub-core/loader/i386/linux.c +index b4a30f607fa..191f1631e88 100644 +--- a/grub-core/loader/i386/linux.c ++++ b/grub-core/loader/i386/linux.c +@@ -231,9 +231,8 @@ allocate_pages (grub_size_t prot_size, grub_size_t *align, + for (; err && *align + 1 > min_align; (*align)--) + { + grub_errno = GRUB_ERR_NONE; +- err = grub_relocator_alloc_chunk_align (relocator, &ch, +- 0x1000000, +- 0xffffffff & ~prot_size, ++ err = grub_relocator_alloc_chunk_align (relocator, &ch, 0x1000000, ++ UP_TO_TOP32 (prot_size), + prot_size, 1 << *align, + GRUB_RELOCATOR_PREFERENCE_LOW, + 1); +diff --git a/grub-core/loader/i386/multiboot_mbi.c b/grub-core/loader/i386/multiboot_mbi.c +index ca85358f771..9d3466d6ace 100644 +--- a/grub-core/loader/i386/multiboot_mbi.c ++++ b/grub-core/loader/i386/multiboot_mbi.c +@@ -470,10 +470,9 @@ grub_multiboot_make_mbi (grub_uint32_t *target) + + bufsize = grub_multiboot_get_mbi_size (); + +- err = grub_relocator_alloc_chunk_align (grub_multiboot_relocator, &ch, +- 0x10000, 0xa0000 - bufsize, +- bufsize, 4, +- GRUB_RELOCATOR_PREFERENCE_NONE, 0); ++ err = grub_relocator_alloc_chunk_align_safe (grub_multiboot_relocator, &ch, ++ 0x10000, 0xa0000, bufsize, 4, ++ GRUB_RELOCATOR_PREFERENCE_NONE, 0); + if (err) + return err; + ptrorig = get_virtual_current_address (ch); +diff --git a/grub-core/loader/i386/pc/linux.c b/grub-core/loader/i386/pc/linux.c +index 540891371f9..63736fae950 100644 +--- a/grub-core/loader/i386/pc/linux.c ++++ b/grub-core/loader/i386/pc/linux.c +@@ -460,10 +460,8 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), + + { + grub_relocator_chunk_t ch; +- err = grub_relocator_alloc_chunk_align (relocator, &ch, +- addr_min, addr_max - size, +- size, 0x1000, +- GRUB_RELOCATOR_PREFERENCE_HIGH, 0); ++ err = grub_relocator_alloc_chunk_align_safe (relocator, &ch, addr_min, addr_max, size, ++ 0x1000, GRUB_RELOCATOR_PREFERENCE_HIGH, 0); + if (err) + return err; + initrd_chunk = get_virtual_current_address (ch); +diff --git a/grub-core/loader/mips/linux.c b/grub-core/loader/mips/linux.c +index 5f383be3d07..27c1db84a44 100644 +--- a/grub-core/loader/mips/linux.c ++++ b/grub-core/loader/mips/linux.c +@@ -434,12 +434,9 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), + { + grub_relocator_chunk_t ch; + +- err = grub_relocator_alloc_chunk_align (relocator, &ch, +- (target_addr & 0x1fffffff) +- + linux_size + 0x10000, +- (0x10000000 - size), +- size, 0x10000, +- GRUB_RELOCATOR_PREFERENCE_NONE, 0); ++ err = grub_relocator_alloc_chunk_align_safe (relocator, &ch, (target_addr & 0x1fffffff) + ++ linux_size + 0x10000, 0x10000000, size, ++ 0x10000, GRUB_RELOCATOR_PREFERENCE_NONE, 0); + + if (err) + goto fail; +diff --git a/grub-core/loader/multiboot.c b/grub-core/loader/multiboot.c +index 9a8dae5565b..f455e803910 100644 +--- a/grub-core/loader/multiboot.c ++++ b/grub-core/loader/multiboot.c +@@ -407,7 +407,7 @@ grub_cmd_module (grub_command_t cmd __attribute__ ((unused)), + { + grub_relocator_chunk_t ch; + err = grub_relocator_alloc_chunk_align (GRUB_MULTIBOOT (relocator), &ch, +- lowest_addr, (0xffffffff - size) + 1, ++ lowest_addr, UP_TO_TOP32 (size), + size, MULTIBOOT_MOD_ALIGN, + GRUB_RELOCATOR_PREFERENCE_NONE, 1); + if (err) +diff --git a/grub-core/loader/multiboot_elfxx.c b/grub-core/loader/multiboot_elfxx.c +index cc6853692a8..f2318e0d165 100644 +--- a/grub-core/loader/multiboot_elfxx.c ++++ b/grub-core/loader/multiboot_elfxx.c +@@ -109,10 +109,10 @@ CONCAT(grub_multiboot_load_elf, XX) (mbi_load_data_t *mld) + if (load_size > mld->max_addr || mld->min_addr > mld->max_addr - load_size) + return grub_error (GRUB_ERR_BAD_OS, "invalid min/max address and/or load size"); + +- err = grub_relocator_alloc_chunk_align (GRUB_MULTIBOOT (relocator), &ch, +- mld->min_addr, mld->max_addr - load_size, +- load_size, mld->align ? mld->align : 1, +- mld->preference, mld->avoid_efi_boot_services); ++ err = grub_relocator_alloc_chunk_align_safe (GRUB_MULTIBOOT (relocator), &ch, ++ mld->min_addr, mld->max_addr, ++ load_size, mld->align ? mld->align : 1, ++ mld->preference, mld->avoid_efi_boot_services); + + if (err) + { +@@ -256,7 +256,7 @@ CONCAT(grub_multiboot_load_elf, XX) (mbi_load_data_t *mld) + continue; + + err = grub_relocator_alloc_chunk_align (GRUB_MULTIBOOT (relocator), &ch, 0, +- (0xffffffff - sh->sh_size) + 1, ++ UP_TO_TOP32 (sh->sh_size), + sh->sh_size, sh->sh_addralign, + GRUB_RELOCATOR_PREFERENCE_NONE, + mld->avoid_efi_boot_services); +diff --git a/grub-core/loader/multiboot_mbi2.c b/grub-core/loader/multiboot_mbi2.c +index 872dcd42e97..3cfb47650a0 100644 +--- a/grub-core/loader/multiboot_mbi2.c ++++ b/grub-core/loader/multiboot_mbi2.c +@@ -298,10 +298,10 @@ grub_multiboot2_load (grub_file_t file, const char *filename) + return grub_error (GRUB_ERR_BAD_OS, "invalid min/max address and/or load size"); + } + +- err = grub_relocator_alloc_chunk_align (grub_multiboot2_relocator, &ch, +- mld.min_addr, mld.max_addr - code_size, +- code_size, mld.align ? mld.align : 1, +- mld.preference, keep_bs); ++ err = grub_relocator_alloc_chunk_align_safe (grub_multiboot2_relocator, &ch, ++ mld.min_addr, mld.max_addr, ++ code_size, mld.align ? mld.align : 1, ++ mld.preference, keep_bs); + } + else + err = grub_relocator_alloc_chunk_addr (grub_multiboot2_relocator, +@@ -747,7 +747,7 @@ grub_multiboot2_make_mbi (grub_uint32_t *target) + COMPILE_TIME_ASSERT (MULTIBOOT_TAG_ALIGN % sizeof (grub_properly_aligned_t) == 0); + + err = grub_relocator_alloc_chunk_align (grub_multiboot2_relocator, &ch, +- 0, 0xffffffff - bufsize, ++ 0, UP_TO_TOP32 (bufsize), + bufsize, MULTIBOOT_TAG_ALIGN, + GRUB_RELOCATOR_PREFERENCE_NONE, 1); + if (err) +diff --git a/grub-core/loader/xnu_resume.c b/grub-core/loader/xnu_resume.c +index 534a74438b2..99119558d21 100644 +--- a/grub-core/loader/xnu_resume.c ++++ b/grub-core/loader/xnu_resume.c +@@ -129,7 +129,7 @@ grub_xnu_resume (char *imagename) + { + grub_relocator_chunk_t ch; + err = grub_relocator_alloc_chunk_align (grub_xnu_relocator, &ch, 0, +- (0xffffffff - hibhead.image_size) + 1, ++ UP_TO_TOP32 (hibhead.image_size), + hibhead.image_size, + GRUB_XNU_PAGESIZE, + GRUB_RELOCATOR_PREFERENCE_NONE, 0); +diff --git a/include/grub/relocator.h b/include/grub/relocator.h +index 24d8672d22c..1b3bdd92ac6 100644 +--- a/include/grub/relocator.h ++++ b/include/grub/relocator.h +@@ -49,6 +49,35 @@ grub_relocator_alloc_chunk_align (struct grub_relocator *rel, + int preference, + int avoid_efi_boot_services); + ++/* ++ * Wrapper for grub_relocator_alloc_chunk_align() with purpose of ++ * protecting against integer underflow. ++ * ++ * Compare to its callee, max_addr has different meaning here. ++ * It covers entire chunk and not just start address of the chunk. ++ */ ++static inline grub_err_t ++grub_relocator_alloc_chunk_align_safe (struct grub_relocator *rel, ++ grub_relocator_chunk_t *out, ++ grub_phys_addr_t min_addr, ++ grub_phys_addr_t max_addr, ++ grub_size_t size, grub_size_t align, ++ int preference, ++ int avoid_efi_boot_services) ++{ ++ /* Sanity check and ensure following equation (max_addr - size) is safe. */ ++ if (max_addr < size || (max_addr - size) < min_addr) ++ return GRUB_ERR_OUT_OF_RANGE; ++ ++ return grub_relocator_alloc_chunk_align (rel, out, min_addr, ++ max_addr - size, ++ size, align, preference, ++ avoid_efi_boot_services); ++} ++ ++/* Top 32-bit address minus s bytes and plus 1 byte. */ ++#define UP_TO_TOP32(s) ((~(s) & 0xffffffff) + 1) ++ + #define GRUB_RELOCATOR_PREFERENCE_NONE 0 + #define GRUB_RELOCATOR_PREFERENCE_LOW 1 + #define GRUB_RELOCATOR_PREFERENCE_HIGH 2 +-- +2.26.2 + diff --git a/SOURCES/0297-script-Remove-unused-fields-from-grub_script_functio.patch b/SOURCES/0297-script-Remove-unused-fields-from-grub_script_functio.patch new file mode 100644 index 0000000..6a1074d --- /dev/null +++ b/SOURCES/0297-script-Remove-unused-fields-from-grub_script_functio.patch @@ -0,0 +1,34 @@ +From 19d627a430f6917afeee167daa9190d1ec83d7b7 Mon Sep 17 00:00:00 2001 +From: Chris Coulson +Date: Fri, 10 Jul 2020 11:21:14 +0100 +Subject: [PATCH 297/314] script: Remove unused fields from + grub_script_function struct + +Signed-off-by: Chris Coulson +Reviewed-by: Daniel Kiper +Upstream-commit-id: d04089c8e52 +--- + include/grub/script_sh.h | 5 ----- + 1 file changed, 5 deletions(-) + +diff --git a/include/grub/script_sh.h b/include/grub/script_sh.h +index 360c2be1f05..b382bcf09bc 100644 +--- a/include/grub/script_sh.h ++++ b/include/grub/script_sh.h +@@ -359,13 +359,8 @@ struct grub_script_function + /* The script function. */ + struct grub_script *func; + +- /* The flags. */ +- unsigned flags; +- + /* The next element. */ + struct grub_script_function *next; +- +- int references; + }; + typedef struct grub_script_function *grub_script_function_t; + +-- +2.26.2 + diff --git a/SOURCES/0298-script-Avoid-a-use-after-free-when-redefining-a-func.patch b/SOURCES/0298-script-Avoid-a-use-after-free-when-redefining-a-func.patch new file mode 100644 index 0000000..718e456 --- /dev/null +++ b/SOURCES/0298-script-Avoid-a-use-after-free-when-redefining-a-func.patch @@ -0,0 +1,108 @@ +From c1de65c0e3d630f33160d34e1e85925f01966b0d Mon Sep 17 00:00:00 2001 +From: Chris Coulson +Date: Fri, 10 Jul 2020 14:41:45 +0100 +Subject: [PATCH 298/314] script: Avoid a use-after-free when redefining a + function during execution + +Defining a new function with the same name as a previously defined +function causes the grub_script and associated resources for the +previous function to be freed. If the previous function is currently +executing when a function with the same name is defined, this results +in use-after-frees when processing subsequent commands in the original +function. + +Instead, reject a new function definition if it has the same name as +a previously defined function, and that function is currently being +executed. Although a behavioural change, this should be backwards +compatible with existing configurations because they can't be +dependent on the current behaviour without being broken. + +Signed-off-by: Chris Coulson +Reviewed-by: Daniel Kiper +Upstream-commit-id: f6253a1f540 +--- + grub-core/script/execute.c | 2 ++ + grub-core/script/function.c | 16 +++++++++++++--- + include/grub/script_sh.h | 2 ++ + grub-core/script/parser.y | 3 ++- + 4 files changed, 19 insertions(+), 4 deletions(-) + +diff --git a/grub-core/script/execute.c b/grub-core/script/execute.c +index 528ddfd36f0..a1aadb9ee05 100644 +--- a/grub-core/script/execute.c ++++ b/grub-core/script/execute.c +@@ -872,7 +872,9 @@ grub_script_function_call (grub_script_function_t func, int argc, char **args) + old_scope = scope; + scope = &new_scope; + ++ func->executing++; + ret = grub_script_execute (func->func); ++ func->executing--; + + function_return = 0; + active_loops = loops; +diff --git a/grub-core/script/function.c b/grub-core/script/function.c +index d36655e510f..3aad04bf9dd 100644 +--- a/grub-core/script/function.c ++++ b/grub-core/script/function.c +@@ -34,6 +34,7 @@ grub_script_function_create (struct grub_script_arg *functionname_arg, + func = (grub_script_function_t) grub_malloc (sizeof (*func)); + if (! func) + return 0; ++ func->executing = 0; + + func->name = grub_strdup (functionname_arg->str); + if (! func->name) +@@ -60,10 +61,19 @@ grub_script_function_create (struct grub_script_arg *functionname_arg, + grub_script_function_t q; + + q = *p; +- grub_script_free (q->func); +- q->func = cmd; + grub_free (func); +- func = q; ++ if (q->executing > 0) ++ { ++ grub_error (GRUB_ERR_BAD_ARGUMENT, ++ N_("attempt to redefine a function being executed")); ++ func = NULL; ++ } ++ else ++ { ++ grub_script_free (q->func); ++ q->func = cmd; ++ func = q; ++ } + } + else + { +diff --git a/include/grub/script_sh.h b/include/grub/script_sh.h +index b382bcf09bc..6c48e075122 100644 +--- a/include/grub/script_sh.h ++++ b/include/grub/script_sh.h +@@ -361,6 +361,8 @@ struct grub_script_function + + /* The next element. */ + struct grub_script_function *next; ++ ++ unsigned executing; + }; + typedef struct grub_script_function *grub_script_function_t; + +diff --git a/grub-core/script/parser.y b/grub-core/script/parser.y +index 4f0ab8319e3..f80b86b6f15 100644 +--- a/grub-core/script/parser.y ++++ b/grub-core/script/parser.y +@@ -289,7 +289,8 @@ function: "function" "name" + grub_script_mem_free (state->func_mem); + else { + script->children = state->scripts; +- grub_script_function_create ($2, script); ++ if (!grub_script_function_create ($2, script)) ++ grub_script_free (script); + } + + state->scripts = $3; +-- +2.26.2 + diff --git a/SOURCES/0299-relocator-Fix-grub_relocator_alloc_chunk_align-top-m.patch b/SOURCES/0299-relocator-Fix-grub_relocator_alloc_chunk_align-top-m.patch new file mode 100644 index 0000000..d4eed6b --- /dev/null +++ b/SOURCES/0299-relocator-Fix-grub_relocator_alloc_chunk_align-top-m.patch @@ -0,0 +1,46 @@ +From 7de922a99acd0521b99cd0dd81fe62643ce734a5 Mon Sep 17 00:00:00 2001 +From: Alexey Makhalov +Date: Fri, 17 Jul 2020 05:17:26 +0000 +Subject: [PATCH 299/314] relocator: Fix grub_relocator_alloc_chunk_align() top + memory allocation + +Current implementation of grub_relocator_alloc_chunk_align() +does not allow allocation of the top byte. + +Assuming input args are: + max_addr = 0xfffff000; + size = 0x1000; + +And this is valid. But following overflow protection will +unnecessarily move max_addr one byte down (to 0xffffefff): + if (max_addr > ~size) + max_addr = ~size; + +~size + 1 will fix the situation. In addition, check size +for non zero to do not zero max_addr. + +Signed-off-by: Alexey Makhalov +Reviewed-by: Daniel Kiper +Upstream-commit-id: ab80a97eb1f +--- + grub-core/lib/relocator.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/grub-core/lib/relocator.c b/grub-core/lib/relocator.c +index 5847aac3643..f2c1944c28d 100644 +--- a/grub-core/lib/relocator.c ++++ b/grub-core/lib/relocator.c +@@ -1386,8 +1386,8 @@ grub_relocator_alloc_chunk_align (struct grub_relocator *rel, + }; + grub_addr_t min_addr2 = 0, max_addr2; + +- if (max_addr > ~size) +- max_addr = ~size; ++ if (size && (max_addr > ~size)) ++ max_addr = ~size + 1; + + #ifdef GRUB_MACHINE_PCBIOS + if (min_addr < 0x1000) +-- +2.26.2 + diff --git a/SOURCES/0300-hfsplus-fix-two-more-overflows.patch b/SOURCES/0300-hfsplus-fix-two-more-overflows.patch new file mode 100644 index 0000000..72d35b7 --- /dev/null +++ b/SOURCES/0300-hfsplus-fix-two-more-overflows.patch @@ -0,0 +1,57 @@ +From 3a60f2bfd8ab98484a7d8ba52748795f7b225ddc Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Sun, 19 Jul 2020 14:43:31 -0400 +Subject: [PATCH 300/314] hfsplus: fix two more overflows + +Both node->size and node->namelen come from the supplied filesystem, +which may be user-supplied. We can't trust them for the math unless we +know they don't overflow; making sure they go through calloc() first +will give us that. + +Signed-off-by: Peter Jones +Reviewed-by: Darren Kenny +Upstream-commit-id: b4915078903 +--- + grub-core/fs/hfsplus.c | 11 ++++++++--- + 1 file changed, 8 insertions(+), 3 deletions(-) + +diff --git a/grub-core/fs/hfsplus.c b/grub-core/fs/hfsplus.c +index f1cd72398ec..8b17ebba296 100644 +--- a/grub-core/fs/hfsplus.c ++++ b/grub-core/fs/hfsplus.c +@@ -31,6 +31,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -475,8 +476,12 @@ grub_hfsplus_read_symlink (grub_fshelp_node_t node) + { + char *symlink; + grub_ssize_t numread; ++ grub_size_t sz = node->size; + +- symlink = grub_malloc (node->size + 1); ++ if (grub_add (sz, 1, &sz)) ++ return NULL; ++ ++ symlink = grub_malloc (sz); + if (!symlink) + return 0; + +@@ -715,8 +720,8 @@ list_nodes (void *record, void *hook_arg) + if (type == GRUB_FSHELP_UNKNOWN) + return 0; + +- filename = grub_malloc (grub_be_to_cpu16 (catkey->namelen) +- * GRUB_MAX_UTF8_PER_UTF16 + 1); ++ filename = grub_calloc (grub_be_to_cpu16 (catkey->namelen), ++ GRUB_MAX_UTF8_PER_UTF16 + 1); + if (! filename) + return 0; + +-- +2.26.2 + diff --git a/SOURCES/0301-lvm-fix-two-more-potential-data-dependent-alloc-over.patch b/SOURCES/0301-lvm-fix-two-more-potential-data-dependent-alloc-over.patch new file mode 100644 index 0000000..fd99079 --- /dev/null +++ b/SOURCES/0301-lvm-fix-two-more-potential-data-dependent-alloc-over.patch @@ -0,0 +1,113 @@ +From 5c219ca7ec3b481573309245e3b7399c2f19a99c Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Sun, 19 Jul 2020 15:48:20 -0400 +Subject: [PATCH 301/314] lvm: fix two more potential data-dependent alloc + overflows + +It appears to be possible to make a (possibly invalid) lvm PV with a +metadata size field that overflows our type when adding it to the +address we've allocated. Even if it doesn't, it may be possible to do +so with the math using the outcome of that as an operand. Check them +both. + +Signed-off-by: Peter Jones +Signed-off-by: Darren Kenny +Upstream-commit-id: 45ec6046ea0 +--- + grub-core/disk/lvm.c | 48 ++++++++++++++++++++++++++++++++++++-------- + 1 file changed, 40 insertions(+), 8 deletions(-) + +diff --git a/grub-core/disk/lvm.c b/grub-core/disk/lvm.c +index d1df640b311..ca09d469990 100644 +--- a/grub-core/disk/lvm.c ++++ b/grub-core/disk/lvm.c +@@ -25,6 +25,7 @@ + #include + #include + #include ++#include + + #ifdef GRUB_UTIL + #include +@@ -102,10 +103,12 @@ grub_lvm_detect (grub_disk_t disk, + { + grub_err_t err; + grub_uint64_t mda_offset, mda_size; ++ grub_size_t ptr; + char buf[GRUB_LVM_LABEL_SIZE]; + char vg_id[GRUB_LVM_ID_STRLEN+1]; + char pv_id[GRUB_LVM_ID_STRLEN+1]; +- char *metadatabuf, *p, *q, *vgname; ++ char *metadatabuf, *mda_end, *vgname; ++ char *p, *q; + struct grub_lvm_label_header *lh = (struct grub_lvm_label_header *) buf; + struct grub_lvm_pv_header *pvh; + struct grub_lvm_disk_locn *dlocn; +@@ -205,19 +208,31 @@ grub_lvm_detect (grub_disk_t disk, + grub_le_to_cpu64 (rlocn->size) - + grub_le_to_cpu64 (mdah->size)); + } +- p = q = metadatabuf + grub_le_to_cpu64 (rlocn->offset); + +- while (*q != ' ' && q < metadatabuf + mda_size) +- q++; +- +- if (q == metadatabuf + mda_size) ++ if (grub_add ((grub_size_t)metadatabuf, ++ (grub_size_t)grub_le_to_cpu64 (rlocn->offset), ++ &ptr)) + { ++error_parsing_metadata: + #ifdef GRUB_UTIL + grub_util_info ("error parsing metadata"); + #endif + goto fail2; + } + ++ p = q = (char *)ptr; ++ ++ if (grub_add ((grub_size_t)metadatabuf, (grub_size_t)mda_size, &ptr)) ++ goto error_parsing_metadata; ++ ++ mda_end = (char *)ptr; ++ ++ while (*q != ' ' && q < mda_end) ++ q++; ++ ++ if (q == mda_end) ++ goto error_parsing_metadata; ++ + vgname_len = q - p; + vgname = grub_malloc (vgname_len + 1); + if (!vgname) +@@ -367,8 +382,25 @@ grub_lvm_detect (grub_disk_t disk, + { + const char *iptr; + char *optr; +- lv->fullname = grub_malloc (sizeof ("lvm/") - 1 + 2 * vgname_len +- + 1 + 2 * s + 1); ++ ++ /* this is kind of hard to read with our safe (but rather ++ * baroque) math primatives, but it boils down to: ++ * ++ * sz0 = vgname_len * 2 + 1 ++ * + s * 2 + 1 ++ * + sizeof ("lvm/") - 1; ++ */ ++ grub_size_t sz0 = vgname_len, sz1 = s; ++ ++ if (grub_mul (sz0, 2, &sz0) || ++ grub_add (sz0, 1, &sz0) || ++ grub_mul (sz1, 2, &sz1) || ++ grub_add (sz1, 1, &sz1) || ++ grub_add (sz0, sz1, &sz0) || ++ grub_add (sz0, sizeof ("lvm/") - 1, &sz0)) ++ goto lvs_fail; ++ ++ lv->fullname = grub_malloc (sz0); + if (!lv->fullname) + goto lvs_fail; + +-- +2.26.2 + diff --git a/SOURCES/0302-emu-make-grub_free-NULL-safe.patch b/SOURCES/0302-emu-make-grub_free-NULL-safe.patch new file mode 100644 index 0000000..868dce1 --- /dev/null +++ b/SOURCES/0302-emu-make-grub_free-NULL-safe.patch @@ -0,0 +1,34 @@ +From d38b6703c0668e5d99e6f00aeef5d1b1d7458f9a Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Sun, 19 Jul 2020 16:08:08 -0400 +Subject: [PATCH 302/314] emu: make grub_free(NULL) safe + +The grub_free() implementation in kern/mm.c safely handles NULL +pointers, and code at many places depends on this. We don't know that +the same is true on all host OSes, so we need to handle the same +behavior in grub-emu's implementation. + +Signed-off-by: Peter Jones +Reviewed-by: Darren Kenny +Upstream-commit-id: 96bb109e658 +--- + grub-core/kern/emu/mm.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/grub-core/kern/emu/mm.c b/grub-core/kern/emu/mm.c +index 145b01d3719..4d1046a219e 100644 +--- a/grub-core/kern/emu/mm.c ++++ b/grub-core/kern/emu/mm.c +@@ -60,7 +60,8 @@ grub_zalloc (grub_size_t size) + void + grub_free (void *ptr) + { +- free (ptr); ++ if (ptr) ++ free (ptr); + } + + void * +-- +2.26.2 + diff --git a/SOURCES/0303-efi-fix-some-malformed-device-path-arithmetic-errors.patch b/SOURCES/0303-efi-fix-some-malformed-device-path-arithmetic-errors.patch new file mode 100644 index 0000000..50d2444 --- /dev/null +++ b/SOURCES/0303-efi-fix-some-malformed-device-path-arithmetic-errors.patch @@ -0,0 +1,252 @@ +From 3ca105b5d77e292517091da4777484068848da6d Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Sun, 19 Jul 2020 16:53:27 -0400 +Subject: [PATCH 303/314] efi: fix some malformed device path arithmetic + errors. + +Several places we take the length of a device path and subtract 4 from +it, without ever checking that it's >= 4. There are also cases where +this kind of malformation will result in unpredictable iteration, +including treating the length from one dp node as the type in the next +node. These are all errors, no matter where the data comes from. + +This patch adds a checking macro, GRUB_EFI_DEVICE_PATH_VALID(), which +can be used in several places, and makes GRUB_EFI_NEXT_DEVICE_PATH() +return NULL and GRUB_EFI_END_ENTIRE_DEVICE_PATH() evaluate as true when +the length is too small. Additionally, it makes several places in the +code check for and return errors in these cases. + +Signed-off-by: Peter Jones +Upstream-commit-id: 23e68a83990 +--- + grub-core/kern/efi/efi.c | 67 +++++++++++++++++++++++++----- + grub-core/loader/efi/chainloader.c | 19 ++++++++- + grub-core/loader/i386/xnu.c | 9 ++-- + include/grub/efi/api.h | 14 ++++--- + 4 files changed, 88 insertions(+), 21 deletions(-) + +diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c +index b1379b92fb8..03de9cb14e7 100644 +--- a/grub-core/kern/efi/efi.c ++++ b/grub-core/kern/efi/efi.c +@@ -344,7 +344,7 @@ grub_efi_get_filename (grub_efi_device_path_t *dp0) + + dp = dp0; + +- while (1) ++ while (dp) + { + grub_efi_uint8_t type = GRUB_EFI_DEVICE_PATH_TYPE (dp); + grub_efi_uint8_t subtype = GRUB_EFI_DEVICE_PATH_SUBTYPE (dp); +@@ -354,9 +354,15 @@ grub_efi_get_filename (grub_efi_device_path_t *dp0) + if (type == GRUB_EFI_MEDIA_DEVICE_PATH_TYPE + && subtype == GRUB_EFI_FILE_PATH_DEVICE_PATH_SUBTYPE) + { +- grub_efi_uint16_t len; +- len = ((GRUB_EFI_DEVICE_PATH_LENGTH (dp) - 4) +- / sizeof (grub_efi_char16_t)); ++ grub_efi_uint16_t len = GRUB_EFI_DEVICE_PATH_LENGTH (dp); ++ ++ if (len < 4) ++ { ++ grub_error (GRUB_ERR_OUT_OF_RANGE, ++ "malformed EFI Device Path node has length=%d", len); ++ return NULL; ++ } ++ len = (len - 4) / sizeof (grub_efi_char16_t); + filesize += GRUB_MAX_UTF8_PER_UTF16 * len + 2; + } + +@@ -372,7 +378,7 @@ grub_efi_get_filename (grub_efi_device_path_t *dp0) + if (!name) + return NULL; + +- while (1) ++ while (dp) + { + grub_efi_uint8_t type = GRUB_EFI_DEVICE_PATH_TYPE (dp); + grub_efi_uint8_t subtype = GRUB_EFI_DEVICE_PATH_SUBTYPE (dp); +@@ -388,8 +394,15 @@ grub_efi_get_filename (grub_efi_device_path_t *dp0) + + *p++ = '/'; + +- len = ((GRUB_EFI_DEVICE_PATH_LENGTH (dp) - 4) +- / sizeof (grub_efi_char16_t)); ++ len = GRUB_EFI_DEVICE_PATH_LENGTH (dp); ++ if (len < 4) ++ { ++ grub_error (GRUB_ERR_OUT_OF_RANGE, ++ "malformed EFI Device Path node has length=%d", len); ++ return NULL; ++ } ++ ++ len = (len - 4) / sizeof (grub_efi_char16_t); + fp = (grub_efi_file_path_device_path_t *) dp; + /* According to EFI spec Path Name is NULL terminated */ + while (len > 0 && fp->path_name[len - 1] == 0) +@@ -464,7 +477,26 @@ grub_efi_duplicate_device_path (const grub_efi_device_path_t *dp) + ; + p = GRUB_EFI_NEXT_DEVICE_PATH (p)) + { +- total_size += GRUB_EFI_DEVICE_PATH_LENGTH (p); ++ grub_size_t len = GRUB_EFI_DEVICE_PATH_LENGTH (p); ++ ++ /* ++ * In the event that we find a node that's completely garbage, for ++ * example if we get to 0x7f 0x01 0x02 0x00 ... (EndInstance with a size ++ * of 2), GRUB_EFI_END_ENTIRE_DEVICE_PATH() will be true and ++ * GRUB_EFI_NEXT_DEVICE_PATH() will return NULL, so we won't continue, ++ * and neither should our consumers, but there won't be any error raised ++ * even though the device path is junk. ++ * ++ * This keeps us from passing junk down back to our caller. ++ */ ++ if (len < 4) ++ { ++ grub_error (GRUB_ERR_OUT_OF_RANGE, ++ "malformed EFI Device Path node has length=%d", len); ++ return NULL; ++ } ++ ++ total_size += len; + if (GRUB_EFI_END_ENTIRE_DEVICE_PATH (p)) + break; + } +@@ -509,7 +541,7 @@ dump_vendor_path (const char *type, grub_efi_vendor_device_path_t *vendor) + void + grub_efi_print_device_path (grub_efi_device_path_t *dp) + { +- while (1) ++ while (GRUB_EFI_DEVICE_PATH_VALID (dp)) + { + grub_efi_uint8_t type = GRUB_EFI_DEVICE_PATH_TYPE (dp); + grub_efi_uint8_t subtype = GRUB_EFI_DEVICE_PATH_SUBTYPE (dp); +@@ -981,7 +1013,11 @@ grub_efi_compare_device_paths (const grub_efi_device_path_t *dp1, + /* Return non-zero. */ + return 1; + +- while (1) ++ if (dp1 == dp2) ++ return 0; ++ ++ while (GRUB_EFI_DEVICE_PATH_VALID (dp1) ++ && GRUB_EFI_DEVICE_PATH_VALID (dp2)) + { + grub_efi_uint8_t type1, type2; + grub_efi_uint8_t subtype1, subtype2; +@@ -1017,5 +1053,16 @@ grub_efi_compare_device_paths (const grub_efi_device_path_t *dp1, + dp2 = (grub_efi_device_path_t *) ((char *) dp2 + len2); + } + ++ /* ++ * There's no "right" answer here, but we probably don't want to call a valid ++ * dp and an invalid dp equal, so pick one way or the other. ++ */ ++ if (GRUB_EFI_DEVICE_PATH_VALID (dp1) && ++ !GRUB_EFI_DEVICE_PATH_VALID (dp2)) ++ return 1; ++ else if (!GRUB_EFI_DEVICE_PATH_VALID (dp1) && ++ GRUB_EFI_DEVICE_PATH_VALID (dp2)) ++ return -1; ++ + return 0; + } +diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c +index 2da119ad513..c2411b6dab2 100644 +--- a/grub-core/loader/efi/chainloader.c ++++ b/grub-core/loader/efi/chainloader.c +@@ -125,6 +125,12 @@ copy_file_path (grub_efi_file_path_device_path_t *fp, + fp->header.type = GRUB_EFI_MEDIA_DEVICE_PATH_TYPE; + fp->header.subtype = GRUB_EFI_FILE_PATH_DEVICE_PATH_SUBTYPE; + ++ if (!GRUB_EFI_DEVICE_PATH_VALID ((grub_efi_device_path_t *)fp)) ++ { ++ grub_error (GRUB_ERR_BAD_ARGUMENT, "EFI Device Path is invalid"); ++ return; ++ } ++ + path_name = grub_calloc (len, GRUB_MAX_UTF16_PER_UTF8 * sizeof (*path_name)); + if (!path_name) + return; +@@ -164,9 +170,18 @@ make_file_path (grub_efi_device_path_t *dp, const char *filename) + + size = 0; + d = dp; +- while (1) ++ while (d) + { +- size += GRUB_EFI_DEVICE_PATH_LENGTH (d); ++ grub_size_t len = GRUB_EFI_DEVICE_PATH_LENGTH (d); ++ ++ if (len < 4) ++ { ++ grub_error (GRUB_ERR_OUT_OF_RANGE, ++ "malformed EFI Device Path node has length=%d", len); ++ return NULL; ++ } ++ ++ size += len; + if ((GRUB_EFI_END_ENTIRE_DEVICE_PATH (d))) + break; + d = GRUB_EFI_NEXT_DEVICE_PATH (d); +diff --git a/grub-core/loader/i386/xnu.c b/grub-core/loader/i386/xnu.c +index c760db30fc0..44f7ebfa2b6 100644 +--- a/grub-core/loader/i386/xnu.c ++++ b/grub-core/loader/i386/xnu.c +@@ -515,14 +515,15 @@ grub_cmd_devprop_load (grub_command_t cmd __attribute__ ((unused)), + + devhead = buf; + buf = devhead + 1; +- dpstart = buf; ++ dp = dpstart = buf; + +- do ++ while (GRUB_EFI_DEVICE_PATH_VALID (dp) && buf < bufend) + { +- dp = buf; + buf = (char *) buf + GRUB_EFI_DEVICE_PATH_LENGTH (dp); ++ if (GRUB_EFI_END_ENTIRE_DEVICE_PATH (dp)) ++ break; ++ dp = buf; + } +- while (!GRUB_EFI_END_ENTIRE_DEVICE_PATH (dp) && buf < bufend); + + dev = grub_xnu_devprop_add_device (dpstart, (char *) buf + - (char *) dpstart); +diff --git a/include/grub/efi/api.h b/include/grub/efi/api.h +index 6c440c61316..a092fddb629 100644 +--- a/include/grub/efi/api.h ++++ b/include/grub/efi/api.h +@@ -671,6 +671,7 @@ typedef struct grub_efi_device_path grub_efi_device_path_protocol_t; + #define GRUB_EFI_DEVICE_PATH_TYPE(dp) ((dp)->type & 0x7f) + #define GRUB_EFI_DEVICE_PATH_SUBTYPE(dp) ((dp)->subtype) + #define GRUB_EFI_DEVICE_PATH_LENGTH(dp) ((dp)->length) ++#define GRUB_EFI_DEVICE_PATH_VALID(dp) ((dp) != NULL && GRUB_EFI_DEVICE_PATH_LENGTH (dp) >= 4) + + /* The End of Device Path nodes. */ + #define GRUB_EFI_END_DEVICE_PATH_TYPE (0xff & 0x7f) +@@ -679,13 +680,16 @@ typedef struct grub_efi_device_path grub_efi_device_path_protocol_t; + #define GRUB_EFI_END_THIS_DEVICE_PATH_SUBTYPE 0x01 + + #define GRUB_EFI_END_ENTIRE_DEVICE_PATH(dp) \ +- (GRUB_EFI_DEVICE_PATH_TYPE (dp) == GRUB_EFI_END_DEVICE_PATH_TYPE \ +- && (GRUB_EFI_DEVICE_PATH_SUBTYPE (dp) \ +- == GRUB_EFI_END_ENTIRE_DEVICE_PATH_SUBTYPE)) ++ (!GRUB_EFI_DEVICE_PATH_VALID (dp) || \ ++ (GRUB_EFI_DEVICE_PATH_TYPE (dp) == GRUB_EFI_END_DEVICE_PATH_TYPE \ ++ && (GRUB_EFI_DEVICE_PATH_SUBTYPE (dp) \ ++ == GRUB_EFI_END_ENTIRE_DEVICE_PATH_SUBTYPE))) + + #define GRUB_EFI_NEXT_DEVICE_PATH(dp) \ +- ((grub_efi_device_path_t *) ((char *) (dp) \ +- + GRUB_EFI_DEVICE_PATH_LENGTH (dp))) ++ (GRUB_EFI_DEVICE_PATH_VALID (dp) \ ++ ? ((grub_efi_device_path_t *) \ ++ ((char *) (dp) + GRUB_EFI_DEVICE_PATH_LENGTH (dp))) \ ++ : NULL) + + /* Hardware Device Path. */ + #define GRUB_EFI_HARDWARE_DEVICE_PATH_TYPE 1 +-- +2.26.2 + diff --git a/SOURCES/0304-Fix-a-regression-caused-by-efi-fix-some-malformed-de.patch b/SOURCES/0304-Fix-a-regression-caused-by-efi-fix-some-malformed-de.patch new file mode 100644 index 0000000..b087f46 --- /dev/null +++ b/SOURCES/0304-Fix-a-regression-caused-by-efi-fix-some-malformed-de.patch @@ -0,0 +1,88 @@ +From cab9214c4caad2ad95ce8bd456c68bc08def0833 Mon Sep 17 00:00:00 2001 +From: Chris Coulson +Date: Wed, 22 Jul 2020 17:06:04 +0100 +Subject: [PATCH 304/314] Fix a regression caused by "efi: fix some malformed + device path arithmetic errors" + +This commit introduced a bogus check inside copy_file_path to +determine whether the destination grub_efi_file_path_device_path_t +was valid before anything was copied to it. Depending on the +contents of the heap buffer, this check could fail which would +result in copy_file_path returning early. + +Without any error propagated to the caller, make_file_path would +then try to advance the invalid device path node with +GRUB_EFI_NEXT_DEVICE_PATH, which would also fail, returning a NULL +pointer that would subsequently be dereferenced. + +Remove the bogus check, and also propagate errors from copy_file_path. +--- + grub-core/loader/efi/chainloader.c | 26 ++++++++++++++------------ + 1 file changed, 14 insertions(+), 12 deletions(-) + +diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c +index c2411b6dab2..8b99cf23e9d 100644 +--- a/grub-core/loader/efi/chainloader.c ++++ b/grub-core/loader/efi/chainloader.c +@@ -115,7 +115,7 @@ grub_chainloader_boot (void) + return grub_errno; + } + +-static void ++static grub_err_t + copy_file_path (grub_efi_file_path_device_path_t *fp, + const char *str, grub_efi_uint16_t len) + { +@@ -125,15 +125,9 @@ copy_file_path (grub_efi_file_path_device_path_t *fp, + fp->header.type = GRUB_EFI_MEDIA_DEVICE_PATH_TYPE; + fp->header.subtype = GRUB_EFI_FILE_PATH_DEVICE_PATH_SUBTYPE; + +- if (!GRUB_EFI_DEVICE_PATH_VALID ((grub_efi_device_path_t *)fp)) +- { +- grub_error (GRUB_ERR_BAD_ARGUMENT, "EFI Device Path is invalid"); +- return; +- } +- + path_name = grub_calloc (len, GRUB_MAX_UTF16_PER_UTF8 * sizeof (*path_name)); + if (!path_name) +- return; ++ return grub_error (GRUB_ERR_OUT_OF_MEMORY, "failed to allocate path buffer"); + + size = grub_utf8_to_utf16 (path_name, len * GRUB_MAX_UTF16_PER_UTF8, + (const grub_uint8_t *) str, len, 0); +@@ -145,6 +139,8 @@ copy_file_path (grub_efi_file_path_device_path_t *fp, + /* File Path is NULL terminated */ + fp->path_name[size++] = '\0'; + fp->header.length = size * sizeof (grub_efi_char16_t) + sizeof (*fp); ++ grub_free (path_name); ++ return GRUB_ERR_NONE; + } + + static grub_efi_device_path_t * +@@ -202,13 +198,19 @@ make_file_path (grub_efi_device_path_t *dp, const char *filename) + /* Fill the file path for the directory. */ + d = (grub_efi_device_path_t *) ((char *) file_path + + ((char *) d - (char *) dp)); +- copy_file_path ((grub_efi_file_path_device_path_t *) d, +- dir_start, dir_end - dir_start); ++ if (copy_file_path ((grub_efi_file_path_device_path_t *) d, ++ dir_start, dir_end - dir_start) != GRUB_ERR_NONE) ++ { ++ fail: ++ grub_free (file_path); ++ return 0; ++ } + + /* Fill the file path for the file. */ + d = GRUB_EFI_NEXT_DEVICE_PATH (d); +- copy_file_path ((grub_efi_file_path_device_path_t *) d, +- dir_end + 1, grub_strlen (dir_end + 1)); ++ if (copy_file_path ((grub_efi_file_path_device_path_t *) d, ++ dir_end + 1, grub_strlen (dir_end + 1)) != GRUB_ERR_NONE) ++ goto fail; + + /* Fill the end of device path nodes. */ + d = GRUB_EFI_NEXT_DEVICE_PATH (d); +-- +2.26.2 + diff --git a/SOURCES/0305-update-safemath-with-fallback-code-for-gcc-older-tha.patch b/SOURCES/0305-update-safemath-with-fallback-code-for-gcc-older-tha.patch new file mode 100644 index 0000000..dc83ba1 --- /dev/null +++ b/SOURCES/0305-update-safemath-with-fallback-code-for-gcc-older-tha.patch @@ -0,0 +1,151 @@ +From 0bfbb0c63ccc73d8508d1a402f53f9f6a64de903 Mon Sep 17 00:00:00 2001 +From: Alexander Burmashev +Date: Wed, 22 Jul 2020 06:04:38 -0700 +Subject: [PATCH 305/314] update safemath with fallback code for gcc older than + 5.1 + +The code used in the header was taken from linux kernel commit +f0907827a8a9152aedac2833ed1b674a7b2a44f2. Rasmus Villemoes +, the original author of the patch, was +contacted directly, confirmed his authorship of the code, and gave his +permission on treating that dual license as MIT and including into GRUB2 +sources + +Signed-off-by: Alex Burmashev +--- + include/grub/safemath.h | 119 +++++++++++++++++++++++++++++++++++++++- + 1 file changed, 118 insertions(+), 1 deletion(-) + +diff --git a/include/grub/safemath.h b/include/grub/safemath.h +index c17b89bba17..1ccac276b59 100644 +--- a/include/grub/safemath.h ++++ b/include/grub/safemath.h +@@ -31,7 +31,124 @@ + #define grub_mul(a, b, res) __builtin_mul_overflow(a, b, res) + + #else +-#error gcc 5.1 or newer or clang 3.8 or newer is required ++/* ++ * Copyright 2020 Rasmus Villemoes ++ * ++ * Permission is hereby granted, free of charge, to any person obtaining a copy ++ * of this software and associated documentation files (the "Software"), to ++ * deal in the Software without restriction, including without limitation the ++ * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or ++ * sell copies of the Software, and to permit persons to whom the Software is ++ * furnished to do so, subject to the following conditions: ++ * ++ * The above copyright notice and this permission notice shall be included in ++ * all copies or substantial portions of the Software. ++ ++ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR ++ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, ++ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE ++ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER ++ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING ++ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS ++ * IN THE SOFTWARE. ++ */ ++/* ++ * The code used in this header was taken from linux kernel commit ++ * f0907827a8a9152aedac2833ed1b674a7b2a44f2 ++ * Rasmus Villemoes , the original author of the ++ * patch, was contacted directly, confirmed his authorship of the code, and ++ * gave his permission on treating that dual license as MIT and including into ++ * GRUB2 sources ++ */ ++ ++#include ++#define is_signed_type(type) (((type)(-1)) < (type)1) ++#define __type_half_max(type) ((type)1 << (8*sizeof(type) - 1 - is_signed_type(type))) ++#define type_max(T) ((T)((__type_half_max(T) - 1) + __type_half_max(T))) ++#define type_min(T) ((T)((T)-type_max(T)-(T)1)) ++ ++#define __unsigned_add_overflow(a, b, d) ({ \ ++ typeof(+(a)) __a = (a); \ ++ typeof(+(b)) __b = (b); \ ++ typeof(d) __d = (d); \ ++ (void) (&__a == &__b); \ ++ (void) (&__a == __d); \ ++ *__d = __a + __b; \ ++ *__d < __a; \ ++}) ++#define __unsigned_sub_overflow(a, b, d) ({ \ ++ typeof(+(a)) __a = (a); \ ++ typeof(+(b)) __b = (b); \ ++ typeof(d) __d = (d); \ ++ (void) (&__a == &__b); \ ++ (void) (&__a == __d); \ ++ *__d = __a - __b; \ ++ __a < __b; \ ++}) ++#define __unsigned_mul_overflow(a, b, d) ({ \ ++ typeof(+(a)) __a = (a); \ ++ typeof(+(b)) __b = (b); \ ++ typeof(d) __d = (d); \ ++ (void) (&__a == &__b); \ ++ (void) (&__a == __d); \ ++ *__d = __a * __b; \ ++ __builtin_constant_p(__b) ? \ ++ __b > 0 && __a > type_max(typeof(__a)) / __b :\ ++ __a > 0 && __b > type_max(typeof(__b)) / __a; \ ++}) ++ ++#define __signed_add_overflow(a, b, d) ({ \ ++ typeof(+(a)) __a = (a); \ ++ typeof(+(b)) __b = (b); \ ++ typeof(d) __d = (d); \ ++ (void) (&__a == &__b); \ ++ (void) (&__a == __d); \ ++ *__d = (grub_uint64_t)__a + (grub_uint64_t)__b; \ ++ (((~(__a ^ __b)) & (*__d ^ __a)) \ ++ & type_min(typeof(__a))) != 0; \ ++}) ++ ++#define __signed_sub_overflow(a, b, d) ({ \ ++ typeof(+(a)) __a = (a); \ ++ typeof(+(b)) __b = (b); \ ++ typeof(d) __d = (d); \ ++ (void) (&__a == &__b); \ ++ (void) (&__a == __d); \ ++ *__d = (grub_uint64_t)__a - (grub_uint64_t)__b; \ ++ ((((__a ^ __b)) & (*__d ^ __a)) \ ++ & type_min(typeof(__a))) != 0; \ ++}) ++ ++#define __signed_mul_overflow(a, b, d) ({ \ ++ typeof(+(a)) __a = (a); \ ++ typeof(+(b)) __b = (b); \ ++ typeof(d) __d = (d); \ ++ typeof(+(a)) __tmax = type_max(typeof(+(a))); \ ++ typeof(+(a)) __tmin = type_min(typeof(+(a))); \ ++ (void) (&__a == &__b); \ ++ (void) (&__a == __d); \ ++ *__d = (grub_uint64_t)__a * (grub_uint64_t)__b; \ ++ (__b > 0 && (__a > __tmax/__b || __a < __tmin/__b)) ||\ ++ (__b < (typeof(__b))-1 && \ ++ (__a > __tmin/__b || __a < __tmax/__b)) || \ ++ (__b == (typeof(__b))-1 && __a == __tmin); \ ++}) ++ ++#define grub_add(a, b, d) \ ++ __builtin_choose_expr(is_signed_type(typeof(+(a))), \ ++ __signed_add_overflow(a, b, d), \ ++ __unsigned_add_overflow(a, b, d)) ++ ++#define grub_sub(a, b, d) \ ++ __builtin_choose_expr(is_signed_type(typeof(+(a))), \ ++ __signed_sub_overflow(a, b, d), \ ++ __unsigned_sub_overflow(a, b, d)) ++ ++#define grub_mul(a, b, d) \ ++ __builtin_choose_expr(is_signed_type(typeof(+(a))), \ ++ __signed_mul_overflow(a, b, d), \ ++ __unsigned_mul_overflow(a, b, d)) ++ + #endif + + #endif /* GRUB_SAFEMATH_H */ +-- +2.26.2 + diff --git a/SOURCES/0306-efi-Fix-use-after-free-in-halt-reboot-path.patch b/SOURCES/0306-efi-Fix-use-after-free-in-halt-reboot-path.patch new file mode 100644 index 0000000..ae4e5fc --- /dev/null +++ b/SOURCES/0306-efi-Fix-use-after-free-in-halt-reboot-path.patch @@ -0,0 +1,165 @@ +From 7a7d0278212dde624229dd6da973ccfdf60a7982 Mon Sep 17 00:00:00 2001 +From: Alexey Makhalov +Date: Mon, 20 Jul 2020 23:03:05 +0000 +Subject: [PATCH 306/314] efi: Fix use-after-free in halt/reboot path + +commit 92bfc33db984 ("efi: Free malloc regions on exit") +introduced memory freeing in grub_efi_fini(), which is +used not only by exit path but by halt/reboot one as well. +As result of memory freeing, code and data regions used by +modules, such as halt, reboot, acpi (used by halt) also got +freed. After return to module code, CPU executes, filled +by UEFI firmware (tested with edk2), 0xAFAFAFAF pattern as +a code. Which leads to #UD exception later. + +grub> halt +!!!! X64 Exception Type - 06(#UD - Invalid Opcode) CPU Apic ID - 00000000 !!!! +RIP - 0000000003F4EC28, CS - 0000000000000038, RFLAGS - 0000000000200246 +RAX - 0000000000000000, RCX - 00000000061DA188, RDX - 0A74C0854DC35D41 +RBX - 0000000003E10E08, RSP - 0000000007F0F860, RBP - 0000000000000000 +RSI - 00000000064DB768, RDI - 000000000832C5C3 +R8 - 0000000000000002, R9 - 0000000000000000, R10 - 00000000061E2E52 +R11 - 0000000000000020, R12 - 0000000003EE5C1F, R13 - 00000000061E0FF4 +R14 - 0000000003E10D80, R15 - 00000000061E2F60 +DS - 0000000000000030, ES - 0000000000000030, FS - 0000000000000030 +GS - 0000000000000030, SS - 0000000000000030 +CR0 - 0000000080010033, CR2 - 0000000000000000, CR3 - 0000000007C01000 +CR4 - 0000000000000668, CR8 - 0000000000000000 +DR0 - 0000000000000000, DR1 - 0000000000000000, DR2 - 0000000000000000 +DR3 - 0000000000000000, DR6 - 00000000FFFF0FF0, DR7 - 0000000000000400 +GDTR - 00000000079EEA98 0000000000000047, LDTR - 0000000000000000 +IDTR - 0000000007598018 0000000000000FFF, TR - 0000000000000000 +FXSAVE_STATE - 0000000007F0F4C0 + +Proposal here is to continue to free allocated memory for +exit boot services path but keep it for halt/reboot path +as it won't be much security concern here. +Introduced GRUB_LOADER_FLAG_EFI_KEEP_ALLOCATED_MEMORY +loader flag to be used by efi halt/reboot path. + +Signed-off-by: Alexey Makhalov +Reviewed-by: Darren Kenny +--- + grub-core/kern/arm/efi/init.c | 3 +++ + grub-core/kern/arm64/efi/init.c | 3 +++ + grub-core/kern/efi/efi.c | 3 ++- + grub-core/kern/efi/init.c | 1 - + grub-core/kern/i386/efi/init.c | 9 +++++++-- + grub-core/kern/ia64/efi/init.c | 9 +++++++-- + grub-core/lib/efi/halt.c | 3 ++- + include/grub/loader.h | 1 + + 8 files changed, 25 insertions(+), 7 deletions(-) + +diff --git a/grub-core/kern/arm/efi/init.c b/grub-core/kern/arm/efi/init.c +index 06df60e2f0e..40c3b467fc6 100644 +--- a/grub-core/kern/arm/efi/init.c ++++ b/grub-core/kern/arm/efi/init.c +@@ -71,4 +71,7 @@ grub_machine_fini (int flags) + efi_call_1 (b->close_event, tmr_evt); + + grub_efi_fini (); ++ ++ if (!(flags & GRUB_LOADER_FLAG_EFI_KEEP_ALLOCATED_MEMORY)) ++ grub_efi_memory_fini (); + } +diff --git a/grub-core/kern/arm64/efi/init.c b/grub-core/kern/arm64/efi/init.c +index 6224999ec9c..5010caefd66 100644 +--- a/grub-core/kern/arm64/efi/init.c ++++ b/grub-core/kern/arm64/efi/init.c +@@ -57,4 +57,7 @@ grub_machine_fini (int flags) + return; + + grub_efi_fini (); ++ ++ if (!(flags & GRUB_LOADER_FLAG_EFI_KEEP_ALLOCATED_MEMORY)) ++ grub_efi_memory_fini (); + } +diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c +index 03de9cb14e7..5dfcf943322 100644 +--- a/grub-core/kern/efi/efi.c ++++ b/grub-core/kern/efi/efi.c +@@ -157,7 +157,8 @@ grub_efi_get_loaded_image (grub_efi_handle_t image_handle) + void + grub_reboot (void) + { +- grub_machine_fini (GRUB_LOADER_FLAG_NORETURN); ++ grub_machine_fini (GRUB_LOADER_FLAG_NORETURN | ++ GRUB_LOADER_FLAG_EFI_KEEP_ALLOCATED_MEMORY); + efi_call_4 (grub_efi_system_table->runtime_services->reset_system, + GRUB_EFI_RESET_COLD, GRUB_EFI_SUCCESS, 0, NULL); + for (;;) ; +diff --git a/grub-core/kern/efi/init.c b/grub-core/kern/efi/init.c +index e6183a4c44d..79243b364a1 100644 +--- a/grub-core/kern/efi/init.c ++++ b/grub-core/kern/efi/init.c +@@ -136,5 +136,4 @@ grub_efi_fini (void) + { + grub_efidisk_fini (); + grub_console_fini (); +- grub_efi_memory_fini (); + } +diff --git a/grub-core/kern/i386/efi/init.c b/grub-core/kern/i386/efi/init.c +index a28316cc640..46476e27eae 100644 +--- a/grub-core/kern/i386/efi/init.c ++++ b/grub-core/kern/i386/efi/init.c +@@ -38,6 +38,11 @@ grub_machine_init (void) + void + grub_machine_fini (int flags) + { +- if (flags & GRUB_LOADER_FLAG_NORETURN) +- grub_efi_fini (); ++ if (!(flags & GRUB_LOADER_FLAG_NORETURN)) ++ return; ++ ++ grub_efi_fini (); ++ ++ if (!(flags & GRUB_LOADER_FLAG_EFI_KEEP_ALLOCATED_MEMORY)) ++ grub_efi_memory_fini (); + } +diff --git a/grub-core/kern/ia64/efi/init.c b/grub-core/kern/ia64/efi/init.c +index b5ecbd09121..f1965571b1d 100644 +--- a/grub-core/kern/ia64/efi/init.c ++++ b/grub-core/kern/ia64/efi/init.c +@@ -70,6 +70,11 @@ grub_machine_init (void) + void + grub_machine_fini (int flags) + { +- if (flags & GRUB_LOADER_FLAG_NORETURN) +- grub_efi_fini (); ++ if (!(flags & GRUB_LOADER_FLAG_NORETURN)) ++ return; ++ ++ grub_efi_fini (); ++ ++ if (!(flags & GRUB_LOADER_FLAG_EFI_KEEP_ALLOCATED_MEMORY)) ++ grub_efi_memory_fini (); + } +diff --git a/grub-core/lib/efi/halt.c b/grub-core/lib/efi/halt.c +index e9441c844ac..a69a77681e3 100644 +--- a/grub-core/lib/efi/halt.c ++++ b/grub-core/lib/efi/halt.c +@@ -28,7 +28,8 @@ + void + grub_halt (void) + { +- grub_machine_fini (GRUB_LOADER_FLAG_NORETURN); ++ grub_machine_fini (GRUB_LOADER_FLAG_NORETURN | ++ GRUB_LOADER_FLAG_EFI_KEEP_ALLOCATED_MEMORY); + #if !defined(__ia64__) && !defined(__arm__) && !defined(__aarch64__) + grub_acpi_halt (); + #endif +diff --git a/include/grub/loader.h b/include/grub/loader.h +index 7f82a499fd9..b208642821b 100644 +--- a/include/grub/loader.h ++++ b/include/grub/loader.h +@@ -33,6 +33,7 @@ enum + { + GRUB_LOADER_FLAG_NORETURN = 1, + GRUB_LOADER_FLAG_PXE_NOT_UNLOAD = 2, ++ GRUB_LOADER_FLAG_EFI_KEEP_ALLOCATED_MEMORY = 4, + }; + + void EXPORT_FUNC (grub_loader_set) (grub_err_t (*boot) (void), +-- +2.26.2 + diff --git a/SOURCES/0307-efi-dhcp-fix-some-allocation-error-checking.patch b/SOURCES/0307-efi-dhcp-fix-some-allocation-error-checking.patch new file mode 100644 index 0000000..11ed664 --- /dev/null +++ b/SOURCES/0307-efi-dhcp-fix-some-allocation-error-checking.patch @@ -0,0 +1,40 @@ +From c62652ca26ed1c145d0e820e0f108ce4e61b1f17 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Sun, 19 Jul 2020 17:11:06 -0400 +Subject: [PATCH 307/314] efi+dhcp: fix some allocation error checking. + +Signed-off-by: Peter Jones +--- + grub-core/net/efi/dhcp.c | 9 ++++++--- + 1 file changed, 6 insertions(+), 3 deletions(-) + +diff --git a/grub-core/net/efi/dhcp.c b/grub-core/net/efi/dhcp.c +index dbef63d8c08..e5c79b748b0 100644 +--- a/grub-core/net/efi/dhcp.c ++++ b/grub-core/net/efi/dhcp.c +@@ -80,7 +80,7 @@ grub_efi_dhcp4_parse_dns (grub_efi_dhcp4_protocol_t *dhcp4, grub_efi_dhcp4_packe + if (status != GRUB_EFI_BUFFER_TOO_SMALL) + return NULL; + +- option_list = grub_malloc (option_count * sizeof(*option_list)); ++ option_list = grub_calloc (option_count, sizeof(*option_list)); + if (!option_list) + return NULL; + +@@ -360,8 +360,11 @@ grub_cmd_efi_bootp6 (struct grub_command *cmd __attribute__ ((unused)), + + if (status == GRUB_EFI_BUFFER_TOO_SMALL && count) + { +- options = grub_malloc (count * sizeof(*options)); +- status = efi_call_4 (dev->dhcp6->parse, dev->dhcp6, mode.ia->reply_packet, &count, options); ++ options = grub_calloc (count, sizeof(*options)); ++ if (options) ++ status = efi_call_4 (dev->dhcp6->parse, dev->dhcp6, mode.ia->reply_packet, &count, options); ++ else ++ status = GRUB_EFI_OUT_OF_RESOURCES; + } + + if (status != GRUB_EFI_SUCCESS) +-- +2.26.2 + diff --git a/SOURCES/0308-efi-http-fix-some-allocation-error-checking.patch b/SOURCES/0308-efi-http-fix-some-allocation-error-checking.patch new file mode 100644 index 0000000..e512e99 --- /dev/null +++ b/SOURCES/0308-efi-http-fix-some-allocation-error-checking.patch @@ -0,0 +1,42 @@ +From 4436316229bc5b46016d61215b709ec434f4e0d3 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Sun, 19 Jul 2020 17:14:15 -0400 +Subject: [PATCH 308/314] efi+http: fix some allocation error checking. + +Signed-off-by: Peter Jones +--- + grub-core/net/efi/http.c | 11 +++++++---- + 1 file changed, 7 insertions(+), 4 deletions(-) + +diff --git a/grub-core/net/efi/http.c b/grub-core/net/efi/http.c +index fc8cb25ae0a..26647a50fa4 100644 +--- a/grub-core/net/efi/http.c ++++ b/grub-core/net/efi/http.c +@@ -412,8 +412,8 @@ grub_efihttp_open (struct grub_efi_net_device *dev, + int type) + { + grub_err_t err; +- grub_off_t size; +- char *buf; ++ grub_off_t size = 0; ++ char *buf = NULL; + char *file_name = NULL; + const char *http_path; + +@@ -441,8 +441,11 @@ grub_efihttp_open (struct grub_efi_net_device *dev, + return err; + } + +- buf = grub_malloc (size); +- efihttp_read (dev, buf, size); ++ if (size) ++ { ++ buf = grub_malloc (size); ++ efihttp_read (dev, buf, size); ++ } + + file->size = size; + file->data = buf; +-- +2.26.2 + diff --git a/SOURCES/0309-efi-ip-46-_config.c-fix-some-potential-allocation-ov.patch b/SOURCES/0309-efi-ip-46-_config.c-fix-some-potential-allocation-ov.patch new file mode 100644 index 0000000..c6b7a25 --- /dev/null +++ b/SOURCES/0309-efi-ip-46-_config.c-fix-some-potential-allocation-ov.patch @@ -0,0 +1,131 @@ +From 9f8ce6fac51e229a18ed2fa3321f7fc3d6d822a6 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Sun, 19 Jul 2020 17:27:00 -0400 +Subject: [PATCH 309/314] efi/ip[46]_config.c: fix some potential allocation + overflows + +In theory all of this data comes from the firmware stack and it should +be safe, but it's better to be paranoid. + +Signed-off-by: Peter Jones +--- + grub-core/net/efi/ip4_config.c | 25 ++++++++++++++++++------- + grub-core/net/efi/ip6_config.c | 13 ++++++++++--- + 2 files changed, 28 insertions(+), 10 deletions(-) + +diff --git a/grub-core/net/efi/ip4_config.c b/grub-core/net/efi/ip4_config.c +index 6117e60ab12..5ea5ed03925 100644 +--- a/grub-core/net/efi/ip4_config.c ++++ b/grub-core/net/efi/ip4_config.c +@@ -4,15 +4,20 @@ + #include + #include + #include ++#include + + char * + grub_efi_hw_address_to_string (grub_efi_uint32_t hw_address_size, grub_efi_mac_address_t hw_address) + { + char *hw_addr, *p; +- int sz, s; +- int i; ++ grub_size_t sz, s, i; + +- sz = (int)hw_address_size * (sizeof ("XX:") - 1) + 1; ++ if (grub_mul (hw_address_size, sizeof ("XX:") - 1, &sz) || ++ grub_add (sz, 1, &sz)) ++ { ++ grub_errno = GRUB_ERR_OUT_OF_RANGE; ++ return NULL; ++ } + + hw_addr = grub_malloc (sz); + if (!hw_addr) +@@ -20,7 +25,7 @@ grub_efi_hw_address_to_string (grub_efi_uint32_t hw_address_size, grub_efi_mac_a + + p = hw_addr; + s = sz; +- for (i = 0; i < (int)hw_address_size; i++) ++ for (i = 0; i < hw_address_size; i++) + { + grub_snprintf (p, sz, "%02x:", hw_address[i]); + p += sizeof ("XX:") - 1; +@@ -238,14 +243,20 @@ grub_efi_ip4_interface_route_table (struct grub_efi_net_device *dev) + { + grub_efi_ip4_config2_interface_info_t *interface_info; + char **ret; +- int i, id; ++ int id; ++ grub_size_t i, nmemb; + + interface_info = efi_ip4_config_interface_info (dev->ip4_config); + if (!interface_info) + return NULL; + +- ret = grub_malloc (sizeof (*ret) * (interface_info->route_table_size + 1)); ++ if (grub_add (interface_info->route_table_size, 1, &nmemb)) ++ { ++ grub_errno = GRUB_ERR_OUT_OF_RANGE; ++ return NULL; ++ } + ++ ret = grub_calloc (nmemb, sizeof (*ret)); + if (!ret) + { + grub_free (interface_info); +@@ -253,7 +264,7 @@ grub_efi_ip4_interface_route_table (struct grub_efi_net_device *dev) + } + + id = 0; +- for (i = 0; i < (int)interface_info->route_table_size; i++) ++ for (i = 0; i < interface_info->route_table_size; i++) + { + char *subnet, *gateway, *mask; + grub_uint32_t u32_subnet, u32_gateway; +diff --git a/grub-core/net/efi/ip6_config.c b/grub-core/net/efi/ip6_config.c +index e0e00c23d21..1c5415d7185 100644 +--- a/grub-core/net/efi/ip6_config.c ++++ b/grub-core/net/efi/ip6_config.c +@@ -3,6 +3,7 @@ + #include + #include + #include ++#include + + char * + grub_efi_ip6_address_to_string (grub_efi_pxe_ipv6_address_t *address) +@@ -228,14 +229,20 @@ grub_efi_ip6_interface_route_table (struct grub_efi_net_device *dev) + { + grub_efi_ip6_config_interface_info_t *interface_info; + char **ret; +- int i, id; ++ int id; ++ grub_size_t i, nmemb; + + interface_info = efi_ip6_config_interface_info (dev->ip6_config); + if (!interface_info) + return NULL; + +- ret = grub_malloc (sizeof (*ret) * (interface_info->route_count + 1)); ++ if (grub_add (interface_info->route_count, 1, &nmemb)) ++ { ++ grub_errno = GRUB_ERR_OUT_OF_RANGE; ++ return NULL; ++ } + ++ ret = grub_calloc (nmemb, sizeof (*ret)); + if (!ret) + { + grub_free (interface_info); +@@ -243,7 +250,7 @@ grub_efi_ip6_interface_route_table (struct grub_efi_net_device *dev) + } + + id = 0; +- for (i = 0; i < (int)interface_info->route_count ; i++) ++ for (i = 0; i < interface_info->route_count ; i++) + { + char *gateway, *destination; + grub_uint64_t u64_gateway[2]; +-- +2.26.2 + diff --git a/SOURCES/0310-Fix-up-some-types-for-gcc-4.8-compat-safemath.h.patch b/SOURCES/0310-Fix-up-some-types-for-gcc-4.8-compat-safemath.h.patch new file mode 100644 index 0000000..57b8caf --- /dev/null +++ b/SOURCES/0310-Fix-up-some-types-for-gcc-4.8-compat-safemath.h.patch @@ -0,0 +1,219 @@ +From e5ef076d3188c3389769a3bde72382db9b94dc97 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Thu, 23 Jul 2020 15:02:48 -0400 +Subject: [PATCH 310/314] Fix up some types for gcc 4.8 compat safemath.h + +The compat macros aren't as forgiving as __builtin_*_overflow(). + +Signed-off-by: Peter Jones +--- + grub-core/disk/lvm.c | 22 ++++++++++++---------- + grub-core/font/font.c | 4 ++-- + grub-core/fs/btrfs.c | 20 +++++++++++++++----- + grub-core/fs/ext2.c | 3 ++- + grub-core/fs/hfsplus.c | 2 +- + grub-core/fs/iso9660.c | 8 ++++---- + grub-core/normal/charset.c | 5 +++-- + 7 files changed, 39 insertions(+), 25 deletions(-) + +diff --git a/grub-core/disk/lvm.c b/grub-core/disk/lvm.c +index ca09d469990..4fbb3eac0ea 100644 +--- a/grub-core/disk/lvm.c ++++ b/grub-core/disk/lvm.c +@@ -103,7 +103,7 @@ grub_lvm_detect (grub_disk_t disk, + { + grub_err_t err; + grub_uint64_t mda_offset, mda_size; +- grub_size_t ptr; ++ grub_uint64_t ptr; + char buf[GRUB_LVM_LABEL_SIZE]; + char vg_id[GRUB_LVM_ID_STRLEN+1]; + char pv_id[GRUB_LVM_ID_STRLEN+1]; +@@ -209,9 +209,9 @@ grub_lvm_detect (grub_disk_t disk, + grub_le_to_cpu64 (mdah->size)); + } + +- if (grub_add ((grub_size_t)metadatabuf, +- (grub_size_t)grub_le_to_cpu64 (rlocn->offset), +- &ptr)) ++ grub_uint64_t mdb = (grub_uint64_t)metadatabuf; ++ grub_uint64_t addend = (grub_uint64_t)grub_le_to_cpu64 (rlocn->offset); ++ if (grub_add (mdb, addend, &ptr)) + { + error_parsing_metadata: + #ifdef GRUB_UTIL +@@ -222,7 +222,7 @@ error_parsing_metadata: + + p = q = (char *)ptr; + +- if (grub_add ((grub_size_t)metadatabuf, (grub_size_t)mda_size, &ptr)) ++ if (grub_add (mdb, mda_size, &ptr)) + goto error_parsing_metadata; + + mda_end = (char *)ptr; +@@ -391,13 +391,15 @@ error_parsing_metadata: + * + sizeof ("lvm/") - 1; + */ + grub_size_t sz0 = vgname_len, sz1 = s; ++ grub_size_t one = 1, two = 2; ++ grub_size_t lvm_str_sz = sizeof ("lvm/") - 1; + +- if (grub_mul (sz0, 2, &sz0) || +- grub_add (sz0, 1, &sz0) || +- grub_mul (sz1, 2, &sz1) || +- grub_add (sz1, 1, &sz1) || ++ if (grub_mul (sz0, two, &sz0) || ++ grub_add (sz0, one, &sz0) || ++ grub_mul (sz1, two, &sz1) || ++ grub_add (sz1, one, &sz1) || + grub_add (sz0, sz1, &sz0) || +- grub_add (sz0, sizeof ("lvm/") - 1, &sz0)) ++ grub_add (sz0, lvm_str_sz, &sz0)) + goto lvs_fail; + + lv->fullname = grub_malloc (sz0); +diff --git a/grub-core/font/font.c b/grub-core/font/font.c +index a7b955a1a74..b36a099b856 100644 +--- a/grub-core/font/font.c ++++ b/grub-core/font/font.c +@@ -361,10 +361,10 @@ static char * + read_section_as_string (struct font_file_section *section) + { + char *str; +- grub_size_t sz; ++ grub_size_t sz = section->length, one = 1; + grub_ssize_t ret; + +- if (grub_add (section->length, 1, &sz)) ++ if (grub_add (sz, one, &sz)) + return NULL; + + str = grub_malloc (sz); +diff --git a/grub-core/fs/btrfs.c b/grub-core/fs/btrfs.c +index 1d801f6c9ee..3faf9056c72 100644 +--- a/grub-core/fs/btrfs.c ++++ b/grub-core/fs/btrfs.c +@@ -323,10 +323,15 @@ save_ref (struct grub_btrfs_leaf_descriptor *desc, + { + void *newdata; + grub_size_t sz; ++ grub_size_t alloced, datasz, two = 2; + +- if (grub_mul (desc->allocated, 2, &desc->allocated) || +- grub_mul (desc->allocated, sizeof (desc->data[0]), &sz)) ++ alloced = desc->allocated; ++ datasz = sizeof (desc->data[0]); ++ ++ if (grub_mul (alloced, two, &alloced) || ++ grub_mul (alloced, datasz, &sz)) + return GRUB_ERR_OUT_OF_RANGE; ++ desc->allocated = alloced; + + newdata = grub_realloc (desc->data, sz); + if (!newdata) +@@ -624,12 +629,17 @@ find_device (struct grub_btrfs_data *data, grub_uint64_t id, int do_rescan) + { + void *tmp; + grub_size_t sz; ++ grub_size_t alloced = data->n_devices_allocated; ++ grub_size_t attached_sz = sizeof(data->devices_attached[0]); ++ grub_size_t attached = data->n_devices_attached; ++ const grub_size_t one = 1, two = 2; + +- if (grub_mul (data->n_devices_attached, 2, &data->n_devices_allocated) || +- grub_add (data->n_devices_allocated, 1, &data->n_devices_allocated) || +- grub_mul (data->n_devices_allocated, sizeof (data->devices_attached[0]), &sz)) ++ if (grub_mul (attached, two, &alloced) || ++ grub_add (alloced, one, &alloced) || ++ grub_mul (alloced, attached_sz, &sz)) + goto fail; + ++ data->n_devices_allocated = alloced; + data->devices_attached = grub_realloc (tmp = data->devices_attached, sz); + if (!data->devices_attached) + { +diff --git a/grub-core/fs/ext2.c b/grub-core/fs/ext2.c +index b4bd019f49a..3d59cf13125 100644 +--- a/grub-core/fs/ext2.c ++++ b/grub-core/fs/ext2.c +@@ -719,7 +719,8 @@ grub_ext2_read_symlink (grub_fshelp_node_t node) + } + } + +- if (grub_add (grub_le_to_cpu32 (diro->inode.size), 1, &sz)) ++ sz = grub_le_to_cpu32 (diro->inode.size); ++ if (grub_add (sz, (grub_size_t)1, &sz)) + { + grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); + return NULL; +diff --git a/grub-core/fs/hfsplus.c b/grub-core/fs/hfsplus.c +index 8b17ebba296..e06bcbb9ba3 100644 +--- a/grub-core/fs/hfsplus.c ++++ b/grub-core/fs/hfsplus.c +@@ -478,7 +478,7 @@ grub_hfsplus_read_symlink (grub_fshelp_node_t node) + grub_ssize_t numread; + grub_size_t sz = node->size; + +- if (grub_add (sz, 1, &sz)) ++ if (grub_add (sz, (grub_size_t)1, &sz)) + return NULL; + + symlink = grub_malloc (sz); +diff --git a/grub-core/fs/iso9660.c b/grub-core/fs/iso9660.c +index 6fc9302bce3..a4403e29dee 100644 +--- a/grub-core/fs/iso9660.c ++++ b/grub-core/fs/iso9660.c +@@ -536,7 +536,7 @@ add_part (struct iterate_dir_ctx *ctx, + char *new; + + if (grub_add (size, len2, &sz) || +- grub_add (sz, 1, &sz)) ++ grub_add (sz, (grub_size_t)1, &sz)) + return; + + new = grub_realloc (ctx->symlink, sz); +@@ -580,14 +580,14 @@ susp_iterate_dir (struct grub_iso9660_susp_entry *entry, + { + off = grub_strlen (ctx->filename); + if (grub_add (csize, off, &sz) || +- grub_add (sz, 1, &sz)) ++ grub_add (sz, (grub_size_t)1, &sz)) + return GRUB_ERR_OUT_OF_RANGE; + ctx->filename = grub_realloc (ctx->filename, sz); + } + else + { + off = 0; +- if (grub_add (csize, 1, &sz)) ++ if (grub_add (csize, (grub_size_t)1, &sz)) + return GRUB_ERR_OUT_OF_RANGE; + ctx->filename = grub_zalloc (sz); + } +@@ -807,7 +807,7 @@ grub_iso9660_iterate_dir (grub_fshelp_node_t dir, + struct grub_fshelp_node *new_node; + grub_size_t sz; + +- if (grub_mul (node->alloc_dirents, 2, &node->alloc_dirents) || ++ if (grub_mul (node->alloc_dirents, (grub_size_t)2, &node->alloc_dirents) || + grub_sub (node->alloc_dirents, ARRAY_SIZE (node->dirents), &sz) || + grub_mul (sz, sizeof (node->dirents[0]), &sz) || + grub_add (sz, sizeof (struct grub_fshelp_node), &sz)) +diff --git a/grub-core/normal/charset.c b/grub-core/normal/charset.c +index 4dfcc31078d..f902b13b44e 100644 +--- a/grub-core/normal/charset.c ++++ b/grub-core/normal/charset.c +@@ -479,8 +479,9 @@ grub_unicode_aglomerate_comb (const grub_uint32_t *in, grub_size_t inlen, + n = out->combining_inline; + else if (out->ncomb > (int) ARRAY_SIZE (out->combining_inline)) + { +- if (grub_add (out->ncomb, 1, &sz) || +- grub_mul (sz, sizeof (n[0]), &sz)) ++ grub_size_t ncomb = out->ncomb, one = 1, nsz = sizeof (n[0]); ++ if (grub_add (ncomb, one, &sz) || ++ grub_mul (sz, nsz, &sz)) + goto fail; + + n = grub_realloc (out->combining_ptr, sz); +-- +2.26.2 + diff --git a/SOURCES/0311-efilinux-Fix-integer-overflows-in-grub_cmd_initrd.patch b/SOURCES/0311-efilinux-Fix-integer-overflows-in-grub_cmd_initrd.patch new file mode 100644 index 0000000..892f2bf --- /dev/null +++ b/SOURCES/0311-efilinux-Fix-integer-overflows-in-grub_cmd_initrd.patch @@ -0,0 +1,51 @@ +From 0a9a828e88a2e14be684761afe582e7bb286676b Mon Sep 17 00:00:00 2001 +From: Colin Watson +Date: Fri, 24 Jul 2020 17:18:09 +0100 +Subject: [PATCH 311/314] efilinux: Fix integer overflows in grub_cmd_initrd + +These could be triggered by an extremely large number of arguments to +the initrd command on 32-bit architectures, or a crafted filesystem with +very large files on any architecture. + +Signed-off-by: Colin Watson +--- + grub-core/loader/i386/efi/linux.c | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c +index ea9f5134e67..ade7ab8f573 100644 +--- a/grub-core/loader/i386/efi/linux.c ++++ b/grub-core/loader/i386/efi/linux.c +@@ -28,6 +28,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -94,7 +95,7 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), + goto fail; + } + +- files = grub_zalloc (argc * sizeof (files[0])); ++ files = grub_calloc (argc, sizeof (files[0])); + if (!files) + goto fail; + +@@ -105,7 +106,11 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), + if (! files[i]) + goto fail; + nfiles++; +- size += ALIGN_UP (grub_file_size (files[i]), 4); ++ if (grub_add (size, ALIGN_UP (grub_file_size (files[i]), 4), &size)) ++ { ++ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); ++ goto fail; ++ } + } + + initrd_mem = grub_efi_allocate_pages_max (0x3fffffff, BYTES_TO_PAGES(size)); +-- +2.26.2 + diff --git a/SOURCES/0312-linux-loader-avoid-overflow-on-initrd-size-calculati.patch b/SOURCES/0312-linux-loader-avoid-overflow-on-initrd-size-calculati.patch new file mode 100644 index 0000000..6f5b9f0 --- /dev/null +++ b/SOURCES/0312-linux-loader-avoid-overflow-on-initrd-size-calculati.patch @@ -0,0 +1,29 @@ +From 9fa474528317c2311e2f2ac0fd626316ef7486d4 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Fri, 24 Jul 2020 13:57:27 -0400 +Subject: [PATCH 312/314] linux loader: avoid overflow on initrd size + calculation + +Signed-off-by: Peter Jones +--- + grub-core/loader/linux.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/grub-core/loader/linux.c b/grub-core/loader/linux.c +index c2c7cfcd0fd..61a2e144db0 100644 +--- a/grub-core/loader/linux.c ++++ b/grub-core/loader/linux.c +@@ -152,8 +152,8 @@ grub_initrd_init (int argc, char *argv[], + initrd_ctx->nfiles = 0; + initrd_ctx->components = 0; + +- initrd_ctx->components = grub_zalloc (argc +- * sizeof (initrd_ctx->components[0])); ++ initrd_ctx->components = grub_calloc (argc, ++ sizeof (initrd_ctx->components[0])); + if (!initrd_ctx->components) + return grub_errno; + +-- +2.26.2 + diff --git a/SOURCES/0313-linuxefi-fail-kernel-validation-without-shim-protoco.patch b/SOURCES/0313-linuxefi-fail-kernel-validation-without-shim-protoco.patch new file mode 100644 index 0000000..b4c1470 --- /dev/null +++ b/SOURCES/0313-linuxefi-fail-kernel-validation-without-shim-protoco.patch @@ -0,0 +1,101 @@ +From 2ba58823b68d5fbf8d625ed6d7e18b09bc556860 Mon Sep 17 00:00:00 2001 +From: Dimitri John Ledkov +Date: Wed, 22 Jul 2020 11:31:43 +0100 +Subject: [PATCH 313/314] linuxefi: fail kernel validation without shim + protocol. + +If certificates that signed grub are installed into db, grub can be +booted directly. It will then boot any kernel without signature +validation. The booted kernel will think it was booted in secureboot +mode and will implement lockdown, yet it could have been tampered. + +This version of the patch skips calling verification, when booted +without secureboot. And is indented with gnu ident. + +CVE-2020-15705 + +Reported-by: Mathieu Trudel-Lapierre +Signed-off-by: Dimitri John Ledkov +--- + grub-core/loader/arm64/linux.c | 12 ++++++++---- + grub-core/loader/efi/chainloader.c | 1 + + grub-core/loader/efi/linux.c | 1 + + grub-core/loader/i386/efi/linux.c | 13 ++++++++----- + 4 files changed, 18 insertions(+), 9 deletions(-) + +diff --git a/grub-core/loader/arm64/linux.c b/grub-core/loader/arm64/linux.c +index e1110749eb9..7a076c13171 100644 +--- a/grub-core/loader/arm64/linux.c ++++ b/grub-core/loader/arm64/linux.c +@@ -381,11 +381,15 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + + grub_dprintf ("linux", "kernel @ %p\n", kernel_addr); + +- rc = grub_linuxefi_secure_validate (kernel_addr, kernel_size); +- if (rc < 0) ++ if (grub_efi_secure_boot ()) + { +- grub_error (GRUB_ERR_INVALID_COMMAND, N_("%s has invalid signature"), argv[0]); +- goto fail; ++ rc = grub_linuxefi_secure_validate (kernel_addr, kernel_size); ++ if (rc <= 0) ++ { ++ grub_error (GRUB_ERR_INVALID_COMMAND, ++ N_("%s has invalid signature"), argv[0]); ++ goto fail; ++ } + } + + pe = (void *)((unsigned long)kernel_addr + lh.hdr_offset); +diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c +index 8b99cf23e9d..a93edc975cd 100644 +--- a/grub-core/loader/efi/chainloader.c ++++ b/grub-core/loader/efi/chainloader.c +@@ -1079,6 +1079,7 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), + + return 0; + } ++ // -1 fall-through to fail + + fail: + if (dev) +diff --git a/grub-core/loader/efi/linux.c b/grub-core/loader/efi/linux.c +index e09f824862b..927d89a90d7 100644 +--- a/grub-core/loader/efi/linux.c ++++ b/grub-core/loader/efi/linux.c +@@ -33,6 +33,7 @@ struct grub_efi_shim_lock + }; + typedef struct grub_efi_shim_lock grub_efi_shim_lock_t; + ++// Returns 1 on success, -1 on error, 0 when not available + int + grub_linuxefi_secure_validate (void *data, grub_uint32_t size) + { +diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c +index ade7ab8f573..361e503cb52 100644 +--- a/grub-core/loader/i386/efi/linux.c ++++ b/grub-core/loader/i386/efi/linux.c +@@ -206,12 +206,15 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + grub_tpm_measure (kernel, filelen, GRUB_BINARY_PCR, "grub_linuxefi", "Kernel"); + grub_print_error(); + +- rc = grub_linuxefi_secure_validate (kernel, filelen); +- if (rc < 0) ++ if (grub_efi_secure_boot ()) + { +- grub_error (GRUB_ERR_INVALID_COMMAND, N_("%s has invalid signature"), +- argv[0]); +- goto fail; ++ rc = grub_linuxefi_secure_validate (kernel, filelen); ++ if (rc <= 0) ++ { ++ grub_error (GRUB_ERR_INVALID_COMMAND, ++ N_("%s has invalid signature"), argv[0]); ++ goto fail; ++ } + } + + params = grub_efi_allocate_pages_max (0x3fffffff, +-- +2.26.2 + diff --git a/SOURCES/0314-linux-Fix-integer-overflows-in-initrd-size-handling.patch b/SOURCES/0314-linux-Fix-integer-overflows-in-initrd-size-handling.patch new file mode 100644 index 0000000..759f91d --- /dev/null +++ b/SOURCES/0314-linux-Fix-integer-overflows-in-initrd-size-handling.patch @@ -0,0 +1,168 @@ +From 9715e08cf30ebd8a24ca27b7c4dda8e949e100df Mon Sep 17 00:00:00 2001 +From: Colin Watson +Date: Sat, 25 Jul 2020 12:15:37 +0100 +Subject: [PATCH 314/314] linux: Fix integer overflows in initrd size handling + +These could be triggered by a crafted filesystem with very large files. + +Fixes: CVE-2020-15707 + +Signed-off-by: Colin Watson +Reviewed-by: Jan Setje-Eilers +--- + grub-core/loader/linux.c | 74 +++++++++++++++++++++++++++++----------- + 1 file changed, 54 insertions(+), 20 deletions(-) + +diff --git a/grub-core/loader/linux.c b/grub-core/loader/linux.c +index 61a2e144db0..0953f6d3266 100644 +--- a/grub-core/loader/linux.c ++++ b/grub-core/loader/linux.c +@@ -5,6 +5,7 @@ + #include + #include + #include ++#include + + struct newc_head + { +@@ -99,13 +100,13 @@ free_dir (struct dir *root) + grub_free (root); + } + +-static grub_size_t ++static grub_err_t + insert_dir (const char *name, struct dir **root, +- grub_uint8_t *ptr) ++ grub_uint8_t *ptr, grub_size_t *size) + { + struct dir *cur, **head = root; + const char *cb, *ce = name; +- grub_size_t size = 0; ++ *size = 0; + while (1) + { + for (cb = ce; *cb == '/'; cb++); +@@ -131,14 +132,22 @@ insert_dir (const char *name, struct dir **root, + ptr = make_header (ptr, name, ce - name, + 040777, 0); + } +- size += ALIGN_UP ((ce - (char *) name) +- + sizeof (struct newc_head), 4); ++ if (grub_add (*size, ++ ALIGN_UP ((ce - (char *) name) ++ + sizeof (struct newc_head), 4), ++ size)) ++ { ++ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); ++ grub_free (n->name); ++ grub_free (n); ++ return grub_errno; ++ } + *head = n; + cur = n; + } + root = &cur->next; + } +- return size; ++ return GRUB_ERR_NONE; + } + + grub_err_t +@@ -175,26 +184,33 @@ grub_initrd_init (int argc, char *argv[], + if (eptr) + { + grub_file_filter_disable_compression (); ++ grub_size_t dir_size, name_len; ++ + initrd_ctx->components[i].newc_name = grub_strndup (ptr, eptr - ptr); +- if (!initrd_ctx->components[i].newc_name) ++ if (!initrd_ctx->components[i].newc_name || ++ insert_dir (initrd_ctx->components[i].newc_name, &root, 0, ++ &dir_size)) + { + grub_initrd_close (initrd_ctx); + return grub_errno; + } +- initrd_ctx->size +- += ALIGN_UP (sizeof (struct newc_head) +- + grub_strlen (initrd_ctx->components[i].newc_name), +- 4); +- initrd_ctx->size += insert_dir (initrd_ctx->components[i].newc_name, +- &root, 0); ++ name_len = grub_strlen (initrd_ctx->components[i].newc_name); ++ if (grub_add (initrd_ctx->size, ++ ALIGN_UP (sizeof (struct newc_head) + name_len, 4), ++ &initrd_ctx->size) || ++ grub_add (initrd_ctx->size, dir_size, &initrd_ctx->size)) ++ goto overflow; + newc = 1; + fname = eptr + 1; + } + } + else if (newc) + { +- initrd_ctx->size += ALIGN_UP (sizeof (struct newc_head) +- + sizeof ("TRAILER!!!") - 1, 4); ++ if (grub_add (initrd_ctx->size, ++ ALIGN_UP (sizeof (struct newc_head) ++ + sizeof ("TRAILER!!!") - 1, 4), ++ &initrd_ctx->size)) ++ goto overflow; + free_dir (root); + root = 0; + newc = 0; +@@ -209,19 +225,29 @@ grub_initrd_init (int argc, char *argv[], + initrd_ctx->nfiles++; + initrd_ctx->components[i].size + = grub_file_size (initrd_ctx->components[i].file); +- initrd_ctx->size += initrd_ctx->components[i].size; ++ if (grub_add (initrd_ctx->size, initrd_ctx->components[i].size, ++ &initrd_ctx->size)) ++ goto overflow; + } + + if (newc) + { + initrd_ctx->size = ALIGN_UP (initrd_ctx->size, 4); +- initrd_ctx->size += ALIGN_UP (sizeof (struct newc_head) +- + sizeof ("TRAILER!!!") - 1, 4); ++ if (grub_add (initrd_ctx->size, ++ ALIGN_UP (sizeof (struct newc_head) ++ + sizeof ("TRAILER!!!") - 1, 4), ++ &initrd_ctx->size)) ++ goto overflow; + free_dir (root); + root = 0; + } + + return GRUB_ERR_NONE; ++ ++overflow: ++ free_dir (root); ++ grub_initrd_close (initrd_ctx); ++ return grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); + } + + grub_size_t +@@ -262,8 +288,16 @@ grub_initrd_load (struct grub_linux_initrd_context *initrd_ctx, + + if (initrd_ctx->components[i].newc_name) + { +- ptr += insert_dir (initrd_ctx->components[i].newc_name, +- &root, ptr); ++ grub_size_t dir_size; ++ ++ if (insert_dir (initrd_ctx->components[i].newc_name, &root, ptr, ++ &dir_size)) ++ { ++ free_dir (root); ++ grub_initrd_close (initrd_ctx); ++ return grub_errno; ++ } ++ ptr += dir_size; + ptr = make_header (ptr, initrd_ctx->components[i].newc_name, + grub_strlen (initrd_ctx->components[i].newc_name), + 0100777, +-- +2.26.2 + diff --git a/SOURCES/centos-ca-secureboot.der b/SOURCES/centos-ca-secureboot.der deleted file mode 100644 index 44a2563..0000000 Binary files a/SOURCES/centos-ca-secureboot.der and /dev/null differ diff --git a/SOURCES/centossecureboot001.crt b/SOURCES/centossecureboot001.crt deleted file mode 100644 index 321c4ec..0000000 --- a/SOURCES/centossecureboot001.crt +++ /dev/null @@ -1,81 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: - b6:16:15:71:72:fb:31:7e - Signature Algorithm: sha256WithRSAEncryption - Issuer: CN=CentOS Secure Boot (CA key 1)/emailAddress=security@centos.org - Validity - Not Before: Aug 1 11:47:30 2018 GMT - Not After : Dec 31 11:47:30 2037 GMT - Subject: CN=CentOS Secure Boot (key 1)/emailAddress=security@centos.org - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (2048 bit) - Modulus (2048 bit): - 00:c1:a3:6a:f4:2d:71:83:6c:21:ca:0c:b7:ac:fa: - 76:80:43:03:40:87:5d:de:e9:1e:df:ad:e7:2b:51: - cb:f8:31:0f:9a:db:ab:23:25:04:11:05:57:7d:f2: - 4b:8d:1e:b3:75:78:1d:b9:57:8b:18:0b:bb:7e:e3: - 24:0f:6a:40:5f:2b:4f:03:a5:85:94:d2:f9:08:a0: - bc:db:a5:ea:4f:7f:e8:7c:d1:a9:f8:f0:9c:25:18: - 00:14:c4:c4:35:7d:1d:4c:8a:8d:95:f8:ed:65:97: - a5:a4:da:7d:cb:f0:33:3b:b7:03:94:68:47:05:57: - 6c:96:91:ac:14:f2:e3:f6:6d:4a:18:cf:68:8a:35: - 6f:8e:26:99:7f:db:c9:83:54:c2:c3:bf:ad:45:a0: - aa:a0:86:5f:20:b1:86:1b:ae:b7:28:15:11:f9:65: - 53:5d:70:33:9b:a3:c7:b5:c8:11:ff:55:3b:e7:46: - f1:6c:6b:8c:bb:f2:9f:36:23:b1:2d:23:2f:8f:4f: - 6c:a8:cc:ae:f5:56:9e:22:6c:0e:9a:4a:b1:bd:b2: - 76:15:5c:05:85:b8:5e:dc:8c:a5:c3:e0:75:51:a4: - 94:9b:03:2e:7b:f8:d3:b9:dd:7f:88:ce:2e:2f:28: - 4c:b4:92:2f:e6:e0:67:0a:d0:ff:c5:d2:79:a6:ef: - 94:0f - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Basic Constraints: critical - CA:FALSE - X509v3 Key Usage: - Digital Signature - X509v3 Subject Key Identifier: - F0:37:C6:EA:EC:36:D4:05:7A:52:6C:0E:C6:D5:A9:5B:32:4E:E1:29 - X509v3 Authority Key Identifier: - keyid:54:EC:81:85:89:3E:E9:1A:DB:08:F7:44:88:54:7E:8E:3F:74:3A:F3 - - Signature Algorithm: sha256WithRSAEncryption - 97:97:ba:a6:0b:5b:bb:84:39:2e:ef:8b:51:9a:89:bb:65:3c: - dc:15:d0:5a:88:c5:af:ce:93:f5:c1:74:98:15:59:a9:38:da: - 11:fd:46:d5:4f:23:7c:03:1f:ae:0c:70:93:94:a7:61:2f:4b: - 2f:5f:bb:cc:8a:d7:4a:24:66:73:85:b4:19:13:fc:6a:61:4a: - 28:1f:a2:38:f4:72:90:03:c4:3e:64:63:8b:fb:15:22:22:4e: - b9:43:d9:b4:3d:3a:60:c1:4d:3a:09:85:68:7a:bc:3b:f9:ef: - f3:f5:e9:c9:4f:80:8c:c6:e9:cb:ef:28:44:b0:5d:d4:9e:4f: - 0f:02:9a:65:aa:98:35:b4:6f:d2:80:e3:08:ef:12:d0:17:56: - a6:a1:42:1e:1d:ab:e5:33:c0:fd:88:0d:40:42:81:c8:27:30: - 17:07:57:3e:05:9d:aa:05:0e:5b:3a:79:b4:29:aa:7c:42:5a: - ad:43:59:fb:34:4d:dc:62:58:63:e4:fb:de:bb:fd:6c:4e:97: - 58:f4:b9:99:4a:71:fe:7f:16:50:55:25:46:39:96:9b:88:6c: - 75:19:33:9e:70:b3:04:82:fe:16:a8:8e:22:47:83:6d:16:77: - da:26:ad:31:d8:06:6d:c5:7e:46:4b:21:ab:ae:ec:2a:93:71: - da:7f:89:1d ------BEGIN CERTIFICATE----- -MIIDdTCCAl2gAwIBAgIJALYWFXFy+zF+MA0GCSqGSIb3DQEBCwUAMEwxJjAkBgNV -BAMMHUNlbnRPUyBTZWN1cmUgQm9vdCAoQ0Ega2V5IDEpMSIwIAYJKoZIhvcNAQkB -FhNzZWN1cml0eUBjZW50b3Mub3JnMB4XDTE4MDgwMTExNDczMFoXDTM3MTIzMTEx -NDczMFowSTEjMCEGA1UEAxMaQ2VudE9TIFNlY3VyZSBCb290IChrZXkgMSkxIjAg -BgkqhkiG9w0BCQEWE3NlY3VyaXR5QGNlbnRvcy5vcmcwggEiMA0GCSqGSIb3DQEB -AQUAA4IBDwAwggEKAoIBAQDBo2r0LXGDbCHKDLes+naAQwNAh13e6R7frecrUcv4 -MQ+a26sjJQQRBVd98kuNHrN1eB25V4sYC7t+4yQPakBfK08DpYWU0vkIoLzbpepP -f+h80an48JwlGAAUxMQ1fR1Mio2V+O1ll6Wk2n3L8DM7twOUaEcFV2yWkawU8uP2 -bUoYz2iKNW+OJpl/28mDVMLDv61FoKqghl8gsYYbrrcoFRH5ZVNdcDObo8e1yBH/ -VTvnRvFsa4y78p82I7EtIy+PT2yozK71Vp4ibA6aSrG9snYVXAWFuF7cjKXD4HVR -pJSbAy57+NO53X+Izi4vKEy0ki/m4GcK0P/F0nmm75QPAgMBAAGjXTBbMAwGA1Ud -EwEB/wQCMAAwCwYDVR0PBAQDAgeAMB0GA1UdDgQWBBTwN8bq7DbUBXpSbA7G1alb -Mk7hKTAfBgNVHSMEGDAWgBRU7IGFiT7pGtsI90SIVH6OP3Q68zANBgkqhkiG9w0B -AQsFAAOCAQEAl5e6pgtbu4Q5Lu+LUZqJu2U83BXQWojFr86T9cF0mBVZqTjaEf1G -1U8jfAMfrgxwk5SnYS9LL1+7zIrXSiRmc4W0GRP8amFKKB+iOPRykAPEPmRji/sV -IiJOuUPZtD06YMFNOgmFaHq8O/nv8/XpyU+AjMbpy+8oRLBd1J5PDwKaZaqYNbRv -0oDjCO8S0BdWpqFCHh2r5TPA/YgNQEKByCcwFwdXPgWdqgUOWzp5tCmqfEJarUNZ -+zRN3GJYY+T73rv9bE6XWPS5mUpx/n8WUFUlRjmWm4hsdRkznnCzBIL+FqiOIkeD -bRZ32iatMdgGbcV+Rkshq67sKpNx2n+JHQ== ------END CERTIFICATE----- diff --git a/SOURCES/grub.macros b/SOURCES/grub.macros index 1e3705f..ee043da 100644 --- a/SOURCES/grub.macros +++ b/SOURCES/grub.macros @@ -370,8 +370,10 @@ done \ -p /EFI/%{efi_vendor} -d grub-core ${GRUB_MODULES} \ %{4}./grub-mkimage -O %{1} -o %{3}.orig \\\ -p /EFI/BOOT -d grub-core ${GRUB_MODULES} \ -%{expand:%%{pesign -s -i %%{2}.orig -o %%{2} -a %%{5} -c %%{6} -n %%{7}}} \ -%{expand:%%{pesign -s -i %%{3}.orig -o %%{3} -a %%{5} -c %%{6} -n %%{7}}} \ +%{expand:%%{pesign -s -i %%{2}.orig -o %%{2}.one -a %%{5} -c %%{6} -n %%{7}}} \ +%{expand:%%{pesign -s -i %%{3}.orig -o %%{3}.one -a %%{5} -c %%{6} -n %%{7}}} \ +%{expand:%%{pesign -s -i %%{2}.one -o %%{2} -a %%{8} -c %%{9} -n %%{10}}} \ +%{expand:%%{pesign -s -i %%{3}.one -o %%{3} -a %%{8} -c %%{9} -n %%{10}}} \ %{nil} %else %define mkimage() \ @@ -387,7 +389,7 @@ GRUB_MODULES=" all_video boot blscfg btrfs \\\ cat configfile \\\ echo efi_netfs efifwsetup efinet ext2 \\\ fat font gfxmenu gfxterm gzio \\\ - halt hfsplus http iso9660 jpeg \\\ + halt hfsplus http increment iso9660 jpeg \\\ loadenv loopback linux lvm lsefi lsefimmap \\\ mdraid09 mdraid1x minicmd net \\\ normal part_apple part_msdos part_gpt \\\ @@ -396,14 +398,14 @@ GRUB_MODULES=" all_video boot blscfg btrfs \\\ search_label serial sleep syslinuxcfg test tftp \\\ video xfs" \ GRUB_MODULES+=%{platform_modules} \ -%{expand:%%{mkimage %{1} %{2} %{3} %{4} %{5} %{6} %{7}}} \ +%{expand:%%{mkimage %{1} %{2} %{3} %{4} %{5} %{6} %{7} %{8} %{9} %{10}}} \ %{nil} %define do_primary_efi_build() \ cd grub-%{1}-%{tarversion} \ %{expand:%%do_efi_configure %%{4} %%{5} %%{6}} \ %do_efi_build_all \ -%{expand:%%do_efi_build_images %{grub_target_name} %{2} %{3} ./ %{7} %{8} %{9}} \ +%{expand:%%do_efi_build_images %{grub_target_name} %{2} %{3} ./ %{7} %{8} %{9} %{10} %{11} %{12}} \ cd .. \ %{nil} @@ -412,7 +414,7 @@ cd grub-%{1}-%{tarversion} \ %{expand:%%do_efi_configure %%{4} %%{5} %%{6}} \ %do_efi_build_modules \ %{expand:%%do_efi_link_utils %{grubefiarch}} \ -%{expand:%%do_efi_build_images %{alt_grub_target_name} %{2} %{3} ../grub-%{grubefiarch}-%{tarversion}/ %{7} %{8} %{9}} \ +%{expand:%%do_efi_build_images %{alt_grub_target_name} %{2} %{3} ../grub-%{grubefiarch}-%{tarversion}/ %{7} %{8} %{9} %{10} %{11} %{12}} \ cd .. \ %{nil} diff --git a/SOURCES/grub.patches b/SOURCES/grub.patches index 67bf4df..681d33d 100644 --- a/SOURCES/grub.patches +++ b/SOURCES/grub.patches @@ -213,60 +213,102 @@ Patch0212: 0212-blscfg-remove-logic-to-read-the-grubenv-file-and-set.patch Patch0213: 0213-Rename-00_menu_auto_hide.in-to-01_menu_auto_hide.in.patch Patch0214: 0214-efinet-also-use-the-firmware-acceleration-for-http.patch Patch0215: 0215-efi-http-Make-root_url-reflect-the-protocol-hostname.patch -Patch0216: 0216-Disable-multiboot-multiboot2-and-linux16-modules-on-.patch -Patch0217: 0217-Force-everything-to-use-python3.patch -Patch0218: 0218-Fix-an-8-year-old-typo.patch -Patch0219: 0219-autogen-don-t-run-autoreconf-in-the-topdir.patch -Patch0220: 0220-Make-it-so-we-can-tell-configure-which-cflags-utils-.patch -Patch0221: 0221-module-verifier-make-it-possible-to-run-checkers-on-.patch -Patch0222: 0222-grub-module-verifier-report-the-filename-or-modname-.patch -Patch0223: 0223-Make-efi_netfs-not-duplicate-symbols-from-efinet.patch -Patch0224: 0224-Rework-how-the-fdt-command-builds.patch -Patch0225: 0225-Disable-non-wordsize-allocations-on-arm.patch -Patch0226: 0226-strip-R-.note.gnu.property-at-more-places.patch -Patch0227: 0227-Prepend-prefix-when-HTTP-path-is-relative.patch -Patch0228: 0228-Make-linux_arm_kernel_header.hdr_offset-be-at-the-ri.patch -Patch0229: 0229-Mark-some-unused-stuff-unused.patch -Patch0230: 0230-Make-grub_error-more-verbose.patch -Patch0231: 0231-arm-arm64-loader-Better-memory-allocation-and-error-.patch -Patch0232: 0232-drop-TPM-support-for-legacy-BIOS.patch -Patch0233: 0233-Move-quicksort-function-from-kernel.exec-to-the-blsc.patch -Patch0234: 0234-Include-blscfg-module-for-powerpc-ieee1275.patch -Patch0235: 0235-grub-switch-to-blscfg-copy-blscfg-module-for-legacy-.patch -Patch0236: 0236-Fix-getroot.c-s-trampolines.patch -Patch0237: 0237-add-10_linux_bls-grub.d-snippet-to-generate-menu-ent.patch -Patch0238: 0238-Only-set-kernelopts-in-grubenv-if-it-wasn-t-set-befo.patch -Patch0239: 0239-blscfg-don-t-include-.conf-at-the-end-of-our-id.patch -Patch0240: 0240-grub-get-kernel-settings-expose-some-more-config-var.patch -Patch0241: 0241-blscfg-sort-everything-with-rpm-package-comparison.patch -Patch0242: 0242-10_linux_bls-use-grub2-rpm-sort-instead-of-ls-vr-to-.patch -Patch0243: 0243-don-t-set-saved_entry-on-grub2-mkconfig.patch -Patch0244: 0244-grub-switch-to-blscfg-use-debug-instead-of-debug-as-.patch -Patch0245: 0245-Make-blscfg-debug-messages-more-useful.patch -Patch0246: 0246-Make-grub_strtoul-end-pointer-have-the-right-constif.patch -Patch0247: 0247-Fix-menu-entry-selection-based-on-ID-and-title.patch -Patch0248: 0248-Remove-quotes-when-reading-ID-value-from-etc-os-rele.patch -Patch0249: 0249-blscfg-expand-grub_users-before-passing-to-grub_norm.patch -Patch0250: 0250-Make-the-menu-entry-users-option-argument-to-be-opti.patch -Patch0251: 0251-10_linux_bls-add-missing-menu-entries-options.patch -Patch0252: 0252-Fix-menu-entry-selection-based-on-title.patch -Patch0253: 0253-BLS-files-should-only-be-copied-by-grub-switch-to-bl.patch -Patch0254: 0254-Fix-get_entry_number-wrongly-dereferencing-the-tail-.patch -Patch0255: 0255-Make-grub2-mkconfig-to-honour-GRUB_CMDLINE_LINUX-in-.patch -Patch0256: 0256-grub-boot-success.timer-Add-a-few-Conditions-for-run.patch -Patch0257: 0257-docs-Stop-using-polkit-pkexec-for-grub-boot-success..patch -Patch0258: 0258-Fix-the-looking-up-grub.cfg-XXX-while-tftp-booting.patch -Patch0259: 0259-HTTP-boot-strncmp-returns-0-on-equal.patch -Patch0260: 0260-Don-t-duplicate-net-name-string-if-not-needed.patch -Patch0261: 0261-Try-to-set-fPIE-and-friends-on-libgnu.a.patch -Patch0262: 0262-blscfg-fallback-to-default_kernelopts-if-BLS-option-.patch -Patch0263: 0263-Remove-bogus-load_env-after-blscfg-command-in-10_lin.patch -Patch0264: 0264-10_linux_bls-use-to-separate-id-argument-due-a-Petit.patch -Patch0265: 0265-10_linux_bls-don-t-add-users-option-to-generated-men.patch -Patch0266: 0266-grub-set-bootflag-Update-comment-about-running-as-ro.patch -Patch0267: 0267-grub-set-bootflag-Write-new-env-to-tmpfile-and-then-.patch -Patch0268: 0268-Fix-PRIxGRUB_EFI_STATUS-definition.patch -Patch0269: 0269-TPM-Print-messages-if-measuraments-fail-as-debug-ins.patch -Patch0270: 0270-unix-platform-Initialize-variable-to-fix-grub-instal.patch -Patch0271: 0271-blscfg-add-a-space-char-when-appending-fields-for-va.patch -Patch0272: 0272-envblk-Fix-buffer-overrun-when-attempting-to-shrink-.patch +Patch0216: 0216-Force-everything-to-use-python3.patch +Patch0217: 0217-Fix-an-8-year-old-typo.patch +Patch0218: 0218-autogen-don-t-run-autoreconf-in-the-topdir.patch +Patch0219: 0219-Make-it-so-we-can-tell-configure-which-cflags-utils-.patch +Patch0220: 0220-module-verifier-make-it-possible-to-run-checkers-on-.patch +Patch0221: 0221-grub-module-verifier-report-the-filename-or-modname-.patch +Patch0222: 0222-Make-efi_netfs-not-duplicate-symbols-from-efinet.patch +Patch0223: 0223-Rework-how-the-fdt-command-builds.patch +Patch0224: 0224-Disable-non-wordsize-allocations-on-arm.patch +Patch0225: 0225-strip-R-.note.gnu.property-at-more-places.patch +Patch0226: 0226-Prepend-prefix-when-HTTP-path-is-relative.patch +Patch0227: 0227-Make-linux_arm_kernel_header.hdr_offset-be-at-the-ri.patch +Patch0228: 0228-Mark-some-unused-stuff-unused.patch +Patch0229: 0229-Make-grub_error-more-verbose.patch +Patch0230: 0230-arm-arm64-loader-Better-memory-allocation-and-error-.patch +Patch0231: 0231-drop-TPM-support-for-legacy-BIOS.patch +Patch0232: 0232-Move-quicksort-function-from-kernel.exec-to-the-blsc.patch +Patch0233: 0233-Include-blscfg-module-for-powerpc-ieee1275.patch +Patch0234: 0234-grub-switch-to-blscfg-copy-blscfg-module-for-legacy-.patch +Patch0235: 0235-Fix-getroot.c-s-trampolines.patch +Patch0236: 0236-add-10_linux_bls-grub.d-snippet-to-generate-menu-ent.patch +Patch0237: 0237-Only-set-kernelopts-in-grubenv-if-it-wasn-t-set-befo.patch +Patch0238: 0238-blscfg-don-t-include-.conf-at-the-end-of-our-id.patch +Patch0239: 0239-grub-get-kernel-settings-expose-some-more-config-var.patch +Patch0240: 0240-blscfg-sort-everything-with-rpm-package-comparison.patch +Patch0241: 0241-10_linux_bls-use-grub2-rpm-sort-instead-of-ls-vr-to-.patch +Patch0242: 0242-don-t-set-saved_entry-on-grub2-mkconfig.patch +Patch0243: 0243-grub-switch-to-blscfg-use-debug-instead-of-debug-as-.patch +Patch0244: 0244-Make-blscfg-debug-messages-more-useful.patch +Patch0245: 0245-Make-grub_strtoul-end-pointer-have-the-right-constif.patch +Patch0246: 0246-Fix-menu-entry-selection-based-on-ID-and-title.patch +Patch0247: 0247-Remove-quotes-when-reading-ID-value-from-etc-os-rele.patch +Patch0248: 0248-blscfg-expand-grub_users-before-passing-to-grub_norm.patch +Patch0249: 0249-Make-the-menu-entry-users-option-argument-to-be-opti.patch +Patch0250: 0250-10_linux_bls-add-missing-menu-entries-options.patch +Patch0251: 0251-Fix-menu-entry-selection-based-on-title.patch +Patch0252: 0252-BLS-files-should-only-be-copied-by-grub-switch-to-bl.patch +Patch0253: 0253-Fix-get_entry_number-wrongly-dereferencing-the-tail-.patch +Patch0254: 0254-Make-grub2-mkconfig-to-honour-GRUB_CMDLINE_LINUX-in-.patch +Patch0255: 0255-grub-boot-success.timer-Add-a-few-Conditions-for-run.patch +Patch0256: 0256-docs-Stop-using-polkit-pkexec-for-grub-boot-success..patch +Patch0257: 0257-Fix-the-looking-up-grub.cfg-XXX-while-tftp-booting.patch +Patch0258: 0258-HTTP-boot-strncmp-returns-0-on-equal.patch +Patch0259: 0259-Don-t-duplicate-net-name-string-if-not-needed.patch +Patch0260: 0260-Try-to-set-fPIE-and-friends-on-libgnu.a.patch +Patch0261: 0261-blscfg-fallback-to-default_kernelopts-if-BLS-option-.patch +Patch0262: 0262-Remove-bogus-load_env-after-blscfg-command-in-10_lin.patch +Patch0263: 0263-10_linux_bls-use-to-separate-id-argument-due-a-Petit.patch +Patch0264: 0264-10_linux_bls-don-t-add-users-option-to-generated-men.patch +Patch0265: 0265-grub-set-bootflag-Update-comment-about-running-as-ro.patch +Patch0266: 0266-grub-set-bootflag-Write-new-env-to-tmpfile-and-then-.patch +Patch0267: 0267-Fix-PRIxGRUB_EFI_STATUS-definition.patch +Patch0268: 0268-TPM-Print-messages-if-measuraments-fail-as-debug-ins.patch +Patch0269: 0269-unix-platform-Initialize-variable-to-fix-grub-instal.patch +Patch0270: 0270-blscfg-add-a-space-char-when-appending-fields-for-va.patch +Patch0271: 0271-efi-http-Export-fw-http-_path-variables-to-make-them.patch +Patch0272: 0272-efi-http-Enclose-literal-IPv6-addresses-in-square-br.patch +Patch0273: 0273-efi-net-Allow-to-specify-a-port-number-in-addresses.patch +Patch0274: 0274-efi-ip4_config-Improve-check-to-detect-literal-IPv6-.patch +Patch0275: 0275-efi-net-Print-a-debug-message-if-parsing-the-address.patch +Patch0276: 0276-efi-Set-image-base-address-before-jumping-to-the-PE-.patch +Patch0277: 0277-envblk-Fix-buffer-overrun-when-attempting-to-shrink-.patch +Patch0278: 0278-Reimplement-boot_counter.patch +Patch0279: 0279-grub.d-Split-out-boot-success-reset-from-menu-auto-h.patch +Patch0280: 0280-grub.d-Fix-boot_indeterminate-getting-set-on-boot_su.patch +Patch0281: 0281-yylex-Make-lexer-fatal-errors-actually-be-fatal.patch +Patch0282: 0282-safemath-Add-some-arithmetic-primitives-that-check-f.patch +Patch0283: 0283-calloc-Make-sure-we-always-have-an-overflow-checking.patch +Patch0284: 0284-calloc-Use-calloc-at-most-places.patch +Patch0285: 0285-malloc-Use-overflow-checking-primitives-where-we-do-.patch +Patch0286: 0286-iso9660-Don-t-leak-memory-on-realloc-failures.patch +Patch0287: 0287-font-Do-not-load-more-than-one-NAME-section.patch +Patch0288: 0288-gfxmenu-Fix-double-free-in-load_image.patch +Patch0289: 0289-xnu-Fix-double-free-in-grub_xnu_devprop_add_property.patch +Patch0290: 0290-lzma-Make-sure-we-don-t-dereference-past-array.patch +Patch0291: 0291-term-Fix-overflow-on-user-inputs.patch +Patch0292: 0292-udf-Fix-memory-leak.patch +Patch0293: 0293-multiboot2-Fix-memory-leak-if-grub_create_loader_cmd.patch +Patch0294: 0294-tftp-Do-not-use-priority-queue.patch +Patch0295: 0295-relocator-Protect-grub_relocator_alloc_chunk_addr-in.patch +Patch0296: 0296-relocator-Protect-grub_relocator_alloc_chunk_align-m.patch +Patch0297: 0297-script-Remove-unused-fields-from-grub_script_functio.patch +Patch0298: 0298-script-Avoid-a-use-after-free-when-redefining-a-func.patch +Patch0299: 0299-relocator-Fix-grub_relocator_alloc_chunk_align-top-m.patch +Patch0300: 0300-hfsplus-fix-two-more-overflows.patch +Patch0301: 0301-lvm-fix-two-more-potential-data-dependent-alloc-over.patch +Patch0302: 0302-emu-make-grub_free-NULL-safe.patch +Patch0303: 0303-efi-fix-some-malformed-device-path-arithmetic-errors.patch +Patch0304: 0304-Fix-a-regression-caused-by-efi-fix-some-malformed-de.patch +Patch0305: 0305-update-safemath-with-fallback-code-for-gcc-older-tha.patch +Patch0306: 0306-efi-Fix-use-after-free-in-halt-reboot-path.patch +Patch0307: 0307-efi-dhcp-fix-some-allocation-error-checking.patch +Patch0308: 0308-efi-http-fix-some-allocation-error-checking.patch +Patch0309: 0309-efi-ip-46-_config.c-fix-some-potential-allocation-ov.patch +Patch0310: 0310-Fix-up-some-types-for-gcc-4.8-compat-safemath.h.patch +Patch0311: 0311-efilinux-Fix-integer-overflows-in-grub_cmd_initrd.patch +Patch0312: 0312-linux-loader-avoid-overflow-on-initrd-size-calculati.patch +Patch0313: 0313-linuxefi-fail-kernel-validation-without-shim-protoco.patch +Patch0314: 0314-linux-Fix-integer-overflows-in-initrd-size-handling.patch diff --git a/SOURCES/redhatsecureboot301.cer b/SOURCES/redhatsecureboot301.cer new file mode 100644 index 0000000..4ff8b79 Binary files /dev/null and b/SOURCES/redhatsecureboot301.cer differ diff --git a/SOURCES/redhatsecureboot502.cer b/SOURCES/redhatsecureboot502.cer new file mode 100644 index 0000000..be0b5e2 Binary files /dev/null and b/SOURCES/redhatsecureboot502.cer differ diff --git a/SOURCES/redhatsecurebootca3.cer b/SOURCES/redhatsecurebootca3.cer new file mode 100644 index 0000000..b235400 Binary files /dev/null and b/SOURCES/redhatsecurebootca3.cer differ diff --git a/SOURCES/redhatsecurebootca5.cer b/SOURCES/redhatsecurebootca5.cer new file mode 100644 index 0000000..dfb0284 Binary files /dev/null and b/SOURCES/redhatsecurebootca5.cer differ diff --git a/SOURCES/secureboot.cer b/SOURCES/secureboot.cer deleted file mode 100644 index 4ff8b79..0000000 Binary files a/SOURCES/secureboot.cer and /dev/null differ diff --git a/SOURCES/securebootca.cer b/SOURCES/securebootca.cer deleted file mode 100644 index b235400..0000000 Binary files a/SOURCES/securebootca.cer and /dev/null differ diff --git a/SPECS/grub2.spec b/SPECS/grub2.spec index adf5895..ec045ab 100644 --- a/SPECS/grub2.spec +++ b/SPECS/grub2.spec @@ -7,7 +7,7 @@ Name: grub2 Epoch: 1 Version: 2.02 -Release: 82%{?dist}.1 +Release: 87%{?dist} Summary: Bootloader with support for Linux, Multiboot and more Group: System Environment/Base License: GPLv3+ @@ -24,8 +24,10 @@ Source6: gitignore Source8: strtoull_test.c Source9: 20-grub.install Source12: 99-grub-mkconfig.install -Source13: centos-ca-secureboot.der -Source14: centossecureboot001.crt +Source13: redhatsecurebootca3.cer +Source14: redhatsecureboot301.cer +Source15: redhatsecurebootca5.cer +Source16: redhatsecureboot502.cer %include %{SOURCE1} @@ -52,11 +54,7 @@ BuildRequires: pesign >= 0.99-8 BuildRequires: ccache %endif -%if 0%{?centos} -%global efidir centos -%endif - -ExcludeArch: s390 s390x +ExcludeArch: s390 s390x %{arm} Obsoletes: %{name} <= %{evr} %if 0%{with_legacy_arch} @@ -168,10 +166,10 @@ git commit -m "After making subdirs" %build %if 0%{with_efi_arch} -%{expand:%do_primary_efi_build %%{grubefiarch} %%{grubefiname} %%{grubeficdname} %%{_target_platform} %%{efi_target_cflags} %%{efi_host_cflags} %{SOURCE13} %{SOURCE14} centossecureboot001} +%{expand:%do_primary_efi_build %%{grubefiarch} %%{grubefiname} %%{grubeficdname} %%{_target_platform} %%{efi_target_cflags} %%{efi_host_cflags} %{SOURCE13} %{SOURCE14} redhatsecureboot301 %{SOURCE15} %{SOURCE16} redhatsecureboot502} %endif %if 0%{with_alt_efi_arch} -%{expand:%do_alt_efi_build %%{grubaltefiarch} %%{grubaltefiname} %%{grubalteficdname} %%{_alt_target_platform} %%{alt_efi_target_cflags} %%{alt_efi_host_cflags} %{SOURCE13} %{SOURCE14} centossecureboot001} +%{expand:%do_alt_efi_build %%{grubaltefiarch} %%{grubaltefiname} %%{grubalteficdname} %%{_alt_target_platform} %%{alt_efi_target_cflags} %%{alt_efi_host_cflags} %{SOURCE13} %{SOURCE14} redhatsecureboot301 %{SOURCE15} %{SOURCE16} redhatsecureboot502} %endif %if 0%{with_legacy_arch} %{expand:%do_legacy_build %%{grublegacyarch}} @@ -502,8 +500,13 @@ fi %endif %changelog -* Tue Jul 21 2020 CentOS Sources - 2.02-82.el8.centos.1 -- Apply debranding changes +* Tue Jul 28 2020 Peter Jones - 2.02-87 +- Fix several CVEs + Resolves: CVE-2020-10713 + Resolves: CVE-2020-14308 + Resolves: CVE-2020-14309 + Resolves: CVE-2020-14310 + Resolves: CVE-2020-14311 * Mon May 18 2020 Javier Martinez Canillas - 2.02-82.el8_2.1 - Fix a segfault in grub2-editenv when attempting to shrink a variable