Make sure biosdevname works on systems with enabled SecureBoot

Resolves: RHEL-18300
2024-05-16 12:17:46 +02:00 · 2024-05-16 12:17:46 +02:00 · 8a417ecb16
parent fb2ba88eb2
commit 8a417ecb16
5 changed files with 414 additions and 2 deletions
--- a/0001-Add-SMBIOS-3.x-support.patch
+++ b/0001-Add-SMBIOS-3.x-support.patch
@ -0,0 +1,63 @@
+From 495ab76e0d5f0eba83f9c86baf779a244ea1b60d Mon Sep 17 00:00:00 2001
+From: Takashi Iwai <tiwai@suse.de>
+Date: Mon, 24 Aug 2020 14:42:44 +0200
+Subject: [PATCH] Add SMBIOS 3.x support
+
+Handle only the path from sysfs for now.
+
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+CC: Thomas Renninger <trenn@suse.de>
+CC: Michal Suchanek <msuchanek@suse.com>
+---
+ src/dmidecode/dmidecode.c | 14 ++++++++++++--
+ 1 file changed, 12 insertions(+), 2 deletions(-)
+
+diff --git a/src/dmidecode/dmidecode.c b/src/dmidecode/dmidecode.c
+index f4c1269..f478cc5 100644
+--- a/src/dmidecode/dmidecode.c
+++ b/src/dmidecode/dmidecode.c
+@@ -236,7 +236,7 @@ static int dmi_table(u32 base, u16 len, u16 num, u16 ver, const char *devmem, co
+ 	int i=0;
+ 
+ 	/* Verify SMBIOS version */
+-	if (!isvalidsmbios(ver >> 8, ver & 0xFF)) {
+	if (ver && !isvalidsmbios(ver >> 8, ver & 0xFF)) {
+ 		return 0;
+ 	}
+ 
+@@ -253,7 +253,7 @@ static int dmi_table(u32 base, u16 len, u16 num, u16 ver, const char *devmem, co
+ 	}
+ 
+ 	data=buf;
+-	while(i<num && data+4<=buf+len) /* 4 is the length of an SMBIOS structure header */
+	while((!num || i<num) && data+4<=buf+len) /* 4 is the length of an SMBIOS structure header */
+ 	{
+ 		u8 *next;
+ 		struct dmi_header h;
+@@ -314,6 +314,14 @@ static int legacy_decode(u8 *buf, const char *devmem, const struct libbiosdevnam
+ 	return 0;
+ }
+ 
+/* only from sysfs, handle no base offset */
+static int smbios3_decode(u8 *buf, const char *devmem, const struct libbiosdevname_state *state)
+{
+	if (checksum(buf, 0x18))
+		return dmi_table(0, DWORD(buf + 0x0c), 0, 0, devmem, state, 1);
+	return 0;
+}
+
+ #define SYSFS_TABLE_SMBIOS	"/sys/firmware/dmi/tables/smbios_entry_point"
+ #define SYSFS_TABLE_DMI		"/sys/firmware/dmi/tables/DMI"
+ 
+@@ -330,6 +338,8 @@ static int smibios_decode_from_sysfs(const struct libbiosdevname_state *state)
+ 	fclose(fp);
+ 	if (len == 0x1f && memcmp(buf, "_SM_", 4) == 0)
+ 		return smbios_decode(buf, SYSFS_TABLE_DMI, state, 1);
+	if (len >= 0x18 && memcmp(buf, "_SM3_", 5) == 0)
+		return smbios3_decode(buf, SYSFS_TABLE_DMI, state);
+ 	return 0;
+ }
+ 
+-- 
+2.44.0
+
--- a/0001-Add-buffer-read-helper-using-read-explicitly.patch
+++ b/0001-Add-buffer-read-helper-using-read-explicitly.patch
@ -0,0 +1,168 @@
+From f64c3f549eda36d11b5690117173b0847535ebbe Mon Sep 17 00:00:00 2001
+From: Takashi Iwai <tiwai@suse.de>
+Date: Mon, 24 Aug 2020 14:40:17 +0200
+Subject: [PATCH] Add buffer read helper using read explicitly
+
+Since mmap can't work well with a sysfs file, we need to read the
+contents explicitly via read, even if USE_MMAP is enabled.
+Provide a new helper, __mem_cunk(), that does behave like mem_chunk()
+but with the extra use_mmap argument to specify the method to read a
+file.
+
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+CC: Thomas Renninger <trenn@suse.de>
+CC: Michal Suchanek <msuchanek@suse.com>
+---
+ src/dmidecode/util.c | 82 ++++++++++++++++++++++++++++----------------
+ src/dmidecode/util.h |  1 +
+ 2 files changed, 53 insertions(+), 30 deletions(-)
+
+diff --git a/src/dmidecode/util.c b/src/dmidecode/util.c
+index ea06663..09934ea 100644
+--- a/src/dmidecode/util.c
+++ b/src/dmidecode/util.c
+@@ -47,7 +47,6 @@
+ #include "types.h"
+ #include "util.h"
+ 
+-#ifndef USE_MMAP
+ static int myread(int fd, u8 *buf, size_t count, const char *prefix)
+ {
+ 	ssize_t r=1;
+@@ -78,7 +77,6 @@ static int myread(int fd, u8 *buf, size_t count, const char *prefix)
+ 	
+ 	return 0;
+ }
+-#endif
+ 
+ int checksum(const u8 *buf, size_t len)
+ {
+@@ -94,28 +92,13 @@ int checksum(const u8 *buf, size_t len)
+  * Copy a physical memory chunk into a memory buffer.
+  * This function allocates memory.
+  */
+-void *mem_chunk(size_t base, size_t len, const char *devmem)
+-{
+-	void *p;
+-	int fd;
+ #ifdef USE_MMAP
+static void *mem_chunk_mmap(size_t base, size_t len, const char *devmem,
+			    int fd, void *p)
+{
+ 	size_t mmoffset;
+ 	void *mmp;
+-#endif
+-	
+-	if((fd=open(devmem, O_RDONLY))==-1)
+-	{
+-		return NULL;
+-	}
+-	
+-	if((p=malloc(len))==NULL)
+-	{
+-		perror("malloc");
+-		close(fd);
+-		return NULL;
+-	}
+-	
+-#ifdef USE_MMAP
+
+ #ifdef _SC_PAGESIZE
+ 	mmoffset=base%sysconf(_SC_PAGESIZE);
+ #else
+@@ -129,8 +112,6 @@ void *mem_chunk(size_t base, size_t len, const char *devmem)
+ 	mmp=mmap(0, mmoffset+len, PROT_READ, MAP_SHARED, fd, base-mmoffset);
+ 	if(mmp==MAP_FAILED)
+ 	{
+-		free(p);
+-		close(fd);
+ 		return NULL;
+ 	}
+ 	
+@@ -141,26 +122,67 @@ void *mem_chunk(size_t base, size_t len, const char *devmem)
+ 		fprintf(stderr, "%s: ", devmem);
+ 		perror("munmap");
+ 	}
+-#else /* USE_MMAP */
+
+	return p;
+}
+#endif /* USE_MMAP */
+
+static void *mem_chunk_read(size_t base, size_t len, const char *devmem,
+			    int fd, void *p)
+{
+ 	if(lseek(fd, base, SEEK_SET)==-1)
+ 	{
+ 		fprintf(stderr, "%s: ", devmem);
+ 		perror("lseek");
+-		free(p);
+-		close(fd);
+ 		return NULL;
+ 	}
+ 	
+ 	if(myread(fd, p, len, devmem)==-1)
+ 	{
+-		free(p);
+-		close(fd);
+ 		return NULL;
+ 	}
+-#endif /* USE_MMAP */
+
+	return p;
+}
+
+void *__mem_chunk(size_t base, size_t len, const char *devmem, int use_mmap)
+{
+	void *ret;
+	void *p;
+	int fd;
+
+#ifndef USE_MMAP
+	use_mmap = 0;
+#endif
+
+	if((fd=open(devmem, O_RDONLY))==-1)
+	{
+		return NULL;
+	}
+ 	
+	if((p=malloc(len))==NULL)
+	{
+		perror("malloc");
+		close(fd);
+		return NULL;
+	}
+
+#ifdef USE_MMAP
+	if (use_mmap)
+		ret = mem_chunk_mmap(base, len, devmem, fd, p);
+	else
+#endif
+		ret = mem_chunk_read(base, len, devmem, fd, p);
+
+ 	if(close(fd)==-1)
+ 		perror(devmem);
+	if (!ret)
+		free(p);
+ 
+-	return p;
+	return ret;
+}
+
+void *mem_chunk(size_t base, size_t len, const char *devmem)
+{
+	return __mem_chunk(base, len, devmem, 1);
+ }
+diff --git a/src/dmidecode/util.h b/src/dmidecode/util.h
+index b546f64..90c411e 100644
+--- a/src/dmidecode/util.h
+++ b/src/dmidecode/util.h
+@@ -6,3 +6,4 @@
+ 
+ int checksum(const u8 *buf, size_t len);
+ void *mem_chunk(size_t base, size_t len, const char *devmem);
+void *__mem_chunk(size_t base, size_t len, const char *devmem, int use_mmap);
+-- 
+2.44.0
+
--- a/0001-Prevent-infinite-recursion-in-dmidecode.c-smbios_set.patch
+++ b/0001-Prevent-infinite-recursion-in-dmidecode.c-smbios_set.patch
@ -0,0 +1,29 @@
+From d6fa84f8a80d5e1c526fe675c345f709a700e33e Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Josef=20M=C3=B6llers?= <josef.moellers@suse.com>
+Date: Fri, 20 Jul 2018 08:56:48 +0200
+Subject: [PATCH] Prevent infinite recursion in dmidecode.c::smbios_setslot by
+ (#7)
+
+Checking that subordinate bus has a number greater than the
+current bus.
+Fixes SUSE bug#1093625
+---
+ src/dmidecode/dmidecode.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/dmidecode/dmidecode.c b/src/dmidecode/dmidecode.c
+index 1d805bb..a01a6ce 100644
+--- a/src/dmidecode/dmidecode.c
+++ b/src/dmidecode/dmidecode.c
+@@ -153,7 +153,7 @@ void smbios_setslot(const struct libbiosdevname_state *state,
+ 		}
+     
+ 		/* Found a PDEV, now is it a bridge? */
+-		if (pdev->sbus != -1) {
+		if (pdev->sbus != -1  && pdev->sbus > bus) {
+ 			smbios_setslot(state, domain, pdev->sbus, -1, -1, type, slot, index, label);
+ 		}
+ 	}
+-- 
+2.44.0
+
--- a/0001-Read-DMI-entries-from-sys-firmware-dmi-tables-DMI.patch
+++ b/0001-Read-DMI-entries-from-sys-firmware-dmi-tables-DMI.patch
@ -0,0 +1,145 @@
+From b3bb4ed21e8802cb38eb693952da058f52cf76b0 Mon Sep 17 00:00:00 2001
+From: Takashi Iwai <tiwai@suse.de>
+Date: Mon, 24 Aug 2020 14:41:54 +0200
+Subject: [PATCH] Read DMI entries from /sys/firmware/dmi/tables/DMI
+
+A kernel with Secure Boot lockdown may prohibit reading the contents
+of /dev/mem, hence biosdevname fails.  The recent kernel provides the
+DMI byte contents in /sys/firmware/dmi/tables/*, and we can use this
+instead of poking /dev/mem.
+
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+CC: Thomas Renninger <trenn@suse.de>
+CC: Michal Suchanek <msuchanek@suse.com>
+---
+ src/dmidecode/dmidecode.c | 54 +++++++++++++++++++++++++++++----------
+ 1 file changed, 41 insertions(+), 13 deletions(-)
+
+diff --git a/src/dmidecode/dmidecode.c b/src/dmidecode/dmidecode.c
+index a01a6ce..f4c1269 100644
+--- a/src/dmidecode/dmidecode.c
+++ b/src/dmidecode/dmidecode.c
+@@ -229,7 +229,7 @@ static int isvalidsmbios(int mjr, int mnr)
+ 	return 0;
+ }
+ 
+-static void dmi_table(u32 base, u16 len, u16 num, u16 ver, const char *devmem, const struct libbiosdevname_state *state)
+static int dmi_table(u32 base, u16 len, u16 num, u16 ver, const char *devmem, const struct libbiosdevname_state *state, int sysfs)
+ {
+ 	u8 *buf;
+ 	u8 *data;
+@@ -237,14 +237,19 @@ static void dmi_table(u32 base, u16 len, u16 num, u16 ver, const char *devmem, c
+ 
+ 	/* Verify SMBIOS version */
+ 	if (!isvalidsmbios(ver >> 8, ver & 0xFF)) {
+-		return;
+		return 0;
+ 	}
+-	if((buf=mem_chunk(base, len, devmem))==NULL)
+
+	if (sysfs)
+		buf = __mem_chunk(0, len, devmem, 0);
+	else
+		buf = mem_chunk(base, len, devmem);
+	if(buf == NULL)
+ 	{
+ #ifndef USE_MMAP
+ 		printf("Table is unreachable, sorry. Try compiling dmidecode with -DUSE_MMAP.\n");
+ #endif
+-		return;
+		return 0;
+ 	}
+ 
+ 	data=buf;
+@@ -280,18 +285,18 @@ static void dmi_table(u32 base, u16 len, u16 num, u16 ver, const char *devmem, c
+ 		i++;
+ 	}
+ 	free(buf);
+	return 1;
+ }
+ 
+-
+-static int smbios_decode(u8 *buf, const char *devmem, const struct libbiosdevname_state *state)
+static int smbios_decode(u8 *buf, const char *devmem, const struct libbiosdevname_state *state, int sysfs)
+ {
+ 	if(checksum(buf, buf[0x05])
+ 	   && memcmp(buf+0x10, "_DMI_", 5)==0
+ 	   && checksum(buf+0x10, 0x0F))
+ 	{
+-		dmi_table(DWORD(buf+0x18), WORD(buf+0x16), WORD(buf+0x1C),
+-			  (buf[0x06]<<8)+buf[0x07], devmem, state);
+-		return 1;
+		return dmi_table(DWORD(buf+0x18), WORD(buf+0x16), WORD(buf+0x1C),
+				 (buf[0x06]<<8)+buf[0x07], devmem, state,
+				 sysfs);
+ 	}
+ 
+ 	return 0;
+@@ -302,13 +307,32 @@ static int legacy_decode(u8 *buf, const char *devmem, const struct libbiosdevnam
+ 	if(checksum(buf, 0x0F))
+ 	{
+ 		dmi_table(DWORD(buf+0x08), WORD(buf+0x06), WORD(buf+0x0C),
+-			  ((buf[0x0E]&0xF0)<<4)+(buf[0x0E]&0x0F), devmem, state);
+			  ((buf[0x0E]&0xF0)<<4)+(buf[0x0E]&0x0F), devmem, state, 0);
+ 		return 1;
+ 	}
+ 
+ 	return 0;
+ }
+ 
+#define SYSFS_TABLE_SMBIOS	"/sys/firmware/dmi/tables/smbios_entry_point"
+#define SYSFS_TABLE_DMI		"/sys/firmware/dmi/tables/DMI"
+
+static int smibios_decode_from_sysfs(const struct libbiosdevname_state *state)
+{
+	FILE *fp;
+	u8 buf[0x1f];
+	int len;
+
+	fp = fopen(SYSFS_TABLE_SMBIOS, "r");
+	if (!fp)
+		return 0;
+	len = fread(buf, 1, sizeof(buf), fp);
+	fclose(fp);
+	if (len == 0x1f && memcmp(buf, "_SM_", 4) == 0)
+		return smbios_decode(buf, SYSFS_TABLE_DMI, state, 1);
+	return 0;
+}
+
+ /*
+  * Probe for EFI interface
+  */
+@@ -417,7 +441,11 @@ int dmidecode_main(const struct libbiosdevname_state *state)
+ 	if (dmidecode_read_file(state))
+ 		return 0;
+ 
+-	/* First try EFI (ia64, Intel-based Mac) */
+	/* First try sysfs entries */
+	if (smibios_decode_from_sysfs(state))
+		return 0;
+
+	/* Next try EFI (ia64, Intel-based Mac) */
+ 	efi=address_from_efi(&fp);
+ 	switch(efi)
+ 	{
+@@ -434,7 +462,7 @@ int dmidecode_main(const struct libbiosdevname_state *state)
+ 		goto exit_free;
+ 	}
+ 
+-	if(smbios_decode(buf, devmem, state))
+	if(smbios_decode(buf, devmem, state, 0))
+ 		found++;
+ 	goto done;
+ 
+@@ -450,7 +478,7 @@ memory_scan:
+ 	{
+ 		if(memcmp(buf+fp, "_SM_", 4)==0 && fp<=0xFFE0)
+ 		{
+-			if(smbios_decode(buf+fp, devmem, state))
+			if(smbios_decode(buf+fp, devmem, state, 0))
+ 			{
+ 				found++;
+ 				fp+=16;
+-- 
+2.44.0
+
--- a/biosdevname.spec
+++ b/biosdevname.spec
@ -1,6 +1,6 @@
 Name:		biosdevname
 Version:	0.7.3
-Release:	9%{?dist}
+Release:	10%{?dist}
 Summary:	Udev helper for naming devices per BIOS names
 License:	GPLv2
 URL:		http://linux.dell.com/files/%{name}
@ -19,6 +19,10 @@ BuildRequires: make

 Patch1: 0001-Disable-biosdevname-by-default.patch
 Patch2: 0002-Place-udev-rules-to-usr-lib.patch
+Patch3: 0001-Prevent-infinite-recursion-in-dmidecode.c-smbios_set.patch
+Patch4: 0001-Add-buffer-read-helper-using-read-explicitly.patch
+Patch5: 0001-Read-DMI-entries-from-sys-firmware-dmi-tables-DMI.patch
+Patch6: 0001-Add-SMBIOS-3.x-support.patch

 %description
 biosdevname in its simplest form takes a kernel device name as an
@ -29,7 +33,7 @@ name (e.g. eth0).

 %prep
 %setup -q
-%autopatch
+%autopatch -p1

 %build
 autoreconf -fvi
@ -46,6 +50,9 @@ make install install-data DESTDIR=%{buildroot}
 %{_mandir}/man1/%{name}.1*

 %changelog
+* Thu May 16 2024 Michal Sekletar <msekleta@redhat.com> - 0.7.3-10
+- Make sure biosdevname works on systems with enabled SecureBoot (RHEL-18300)
+
 * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 0.7.3-9
 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
  Related: rhbz#1991688