Various bug fixes

- Fix grub.cfg boot counting snippet generation (lorbus)
  Resolves: rhbz#1614637
- Fix spurrious allocation error reporting on EFI boot
  Resolves: rhbz#1635319
- Stop doing TPM on BIOS *again*.  It just doesn't work.
  Related: rhbz#1579835
- Make blscfg module loadable on older grub2 i386-pc and powerpc-ieee1275
  builds
- Fix execstack cropping up in grub2-tools
- Ban stack trampolines with compiler flags.

Signed-off-by: Peter Jones <pjones@redhat.com>
This commit is contained in:
Peter Jones 2018-10-02 13:34:50 -04:00
parent ace3c257a6
commit a3bfe35d12
12 changed files with 806 additions and 20 deletions

View File

@ -7,14 +7,14 @@ This helps enable allocations above 4GB.
Signed-off-by: Peter Jones <pjones@redhat.com> Signed-off-by: Peter Jones <pjones@redhat.com>
--- ---
grub-core/loader/i386/efi/linux.c | 162 +++++++++++++++++++++----------------- grub-core/loader/i386/efi/linux.c | 167 +++++++++++++++++++++-----------------
1 file changed, 89 insertions(+), 73 deletions(-) 1 file changed, 94 insertions(+), 73 deletions(-)
diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c
index de5f839ff0f..36b3c989c39 100644 index de5f839ff0f..1811f4b3d56 100644
--- a/grub-core/loader/i386/efi/linux.c --- a/grub-core/loader/i386/efi/linux.c
+++ b/grub-core/loader/i386/efi/linux.c +++ b/grub-core/loader/i386/efi/linux.c
@@ -48,6 +48,60 @@ static char *linux_cmdline; @@ -48,6 +48,65 @@ static char *linux_cmdline;
#define BYTES_TO_PAGES(bytes) (((bytes) + 0xfff) >> 12) #define BYTES_TO_PAGES(bytes) (((bytes) + 0xfff) >> 12)
@ -66,6 +66,11 @@ index de5f839ff0f..36b3c989c39 100644
+ grub_dprintf ("linux", "Allocated at %p\n", addr); + grub_dprintf ("linux", "Allocated at %p\n", addr);
+ } + }
+ +
+ while (grub_error_pop ())
+ {
+ ;
+ }
+
+ if (addr == NULL) + if (addr == NULL)
+ grub_error (GRUB_ERR_OUT_OF_MEMORY, errmsg); + grub_error (GRUB_ERR_OUT_OF_MEMORY, errmsg);
+ +
@ -75,7 +80,7 @@ index de5f839ff0f..36b3c989c39 100644
static grub_err_t static grub_err_t
grub_linuxefi_boot (void) grub_linuxefi_boot (void)
{ {
@@ -63,19 +117,12 @@ grub_linuxefi_unload (void) @@ -63,19 +122,12 @@ grub_linuxefi_unload (void)
{ {
grub_dl_unref (my_mod); grub_dl_unref (my_mod);
loaded = 0; loaded = 0;
@ -101,7 +106,7 @@ index de5f839ff0f..36b3c989c39 100644
return GRUB_ERR_NONE; return GRUB_ERR_NONE;
} }
@@ -152,19 +199,13 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), @@ -152,19 +204,13 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)),
size += ALIGN_UP (grub_file_size (files[i]), 4); size += ALIGN_UP (grub_file_size (files[i]), 4);
} }
@ -126,7 +131,7 @@ index de5f839ff0f..36b3c989c39 100644
ptr = initrd_mem; ptr = initrd_mem;
@@ -225,7 +266,6 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), @@ -225,7 +271,6 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
filelen = grub_file_size (file); filelen = grub_file_size (file);
kernel = grub_malloc(filelen); kernel = grub_malloc(filelen);
@ -134,7 +139,7 @@ index de5f839ff0f..36b3c989c39 100644
if (!kernel) if (!kernel)
{ {
grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("cannot allocate kernel buffer")); grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("cannot allocate kernel buffer"));
@@ -281,7 +321,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), @@ -281,7 +326,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
goto fail; goto fail;
} }
@ -143,7 +148,7 @@ index de5f839ff0f..36b3c989c39 100644
grub_dprintf ("linux", "checking lh->xloadflags\n"); grub_dprintf ("linux", "checking lh->xloadflags\n");
if (!(lh->xloadflags & LINUX_XLF_KERNEL_64)) if (!(lh->xloadflags & LINUX_XLF_KERNEL_64))
{ {
@@ -300,17 +340,9 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), @@ -300,17 +345,9 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
} }
#endif #endif
@ -163,7 +168,7 @@ index de5f839ff0f..36b3c989c39 100644
grub_dprintf ("linux", "params = %p\n", params); grub_dprintf ("linux", "params = %p\n", params);
grub_memset (params, 0, sizeof(*params)); grub_memset (params, 0, sizeof(*params));
@@ -329,19 +361,10 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), @@ -329,19 +366,10 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
grub_dprintf ("linux", "new lh is at %p\n", lh); grub_dprintf ("linux", "new lh is at %p\n", lh);
grub_dprintf ("linux", "setting up cmdline\n"); grub_dprintf ("linux", "setting up cmdline\n");
@ -186,7 +191,7 @@ index de5f839ff0f..36b3c989c39 100644
grub_memcpy (linux_cmdline, LINUX_IMAGE, sizeof (LINUX_IMAGE)); grub_memcpy (linux_cmdline, LINUX_IMAGE, sizeof (LINUX_IMAGE));
grub_create_loader_cmdline (argc, argv, grub_create_loader_cmdline (argc, argv,
@@ -349,27 +372,24 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), @@ -349,27 +377,24 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
lh->cmdline_size - (sizeof (LINUX_IMAGE) - 1)); lh->cmdline_size - (sizeof (LINUX_IMAGE) - 1));
grub_dprintf ("linux", "cmdline:%s\n", linux_cmdline); grub_dprintf ("linux", "cmdline:%s\n", linux_cmdline);
@ -225,7 +230,7 @@ index de5f839ff0f..36b3c989c39 100644
grub_dprintf("linux", "kernel_mem = %p\n", kernel_mem); grub_dprintf("linux", "kernel_mem = %p\n", kernel_mem);
grub_loader_set (grub_linuxefi_boot, grub_linuxefi_unload, 0); grub_loader_set (grub_linuxefi_boot, grub_linuxefi_unload, 0);
@@ -404,18 +424,14 @@ fail: @@ -404,18 +429,14 @@ fail:
loaded = 0; loaded = 0;
} }

View File

@ -14,7 +14,7 @@ Signed-off-by: Peter Jones <pjones@redhat.com>
2 files changed, 65 insertions(+), 8 deletions(-) 2 files changed, 65 insertions(+), 8 deletions(-)
diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c
index 36b3c989c39..09908b62644 100644 index 1811f4b3d56..65d1b5cc034 100644
--- a/grub-core/loader/i386/efi/linux.c --- a/grub-core/loader/i386/efi/linux.c
+++ b/grub-core/loader/i386/efi/linux.c +++ b/grub-core/loader/i386/efi/linux.c
@@ -53,13 +53,22 @@ struct allocation_choice { @@ -53,13 +53,22 @@ struct allocation_choice {
@ -53,7 +53,7 @@ index 36b3c989c39..09908b62644 100644
if (max == prev_max) if (max == prev_max)
continue; continue;
@@ -164,6 +178,9 @@ read(grub_file_t file, grub_uint8_t *bufp, grub_size_t len) @@ -169,6 +183,9 @@ read(grub_file_t file, grub_uint8_t *bufp, grub_size_t len)
return bufpos; return bufpos;
} }
@ -63,7 +63,7 @@ index 36b3c989c39..09908b62644 100644
static grub_err_t static grub_err_t
grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)),
int argc, char *argv[]) int argc, char *argv[])
@@ -204,8 +221,12 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), @@ -209,8 +226,12 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)),
goto fail; goto fail;
grub_dprintf ("linux", "initrd_mem = %p\n", initrd_mem); grub_dprintf ("linux", "initrd_mem = %p\n", initrd_mem);
@ -78,7 +78,7 @@ index 36b3c989c39..09908b62644 100644
ptr = initrd_mem; ptr = initrd_mem;
@@ -340,6 +361,18 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), @@ -345,6 +366,18 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
} }
#endif #endif
@ -97,7 +97,7 @@ index 36b3c989c39..09908b62644 100644
params = kernel_alloc (sizeof(*params), "cannot allocate kernel parameters"); params = kernel_alloc (sizeof(*params), "cannot allocate kernel parameters");
if (!params) if (!params)
goto fail; goto fail;
@@ -373,21 +406,40 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), @@ -378,21 +411,40 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
grub_dprintf ("linux", "cmdline:%s\n", linux_cmdline); grub_dprintf ("linux", "cmdline:%s\n", linux_cmdline);
grub_dprintf ("linux", "setting lh->cmd_line_ptr to 0x%08x\n", grub_dprintf ("linux", "setting lh->cmd_line_ptr to 0x%08x\n",
@ -140,13 +140,13 @@ index 36b3c989c39..09908b62644 100644
if (!kernel_mem) if (!kernel_mem)
goto fail; goto fail;
grub_dprintf("linux", "kernel_mem = %p\n", kernel_mem); grub_dprintf("linux", "kernel_mem = %p\n", kernel_mem);
@@ -396,8 +448,9 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), @@ -401,8 +453,9 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
loaded = 1; loaded = 1;
- grub_dprintf ("linux", "setting lh->code32_start to %p\n", kernel_mem); - grub_dprintf ("linux", "setting lh->code32_start to %p\n", kernel_mem);
- lh->code32_start = (grub_uint32_t)(grub_addr_t) kernel_mem; - lh->code32_start = (grub_uint32_t)(grub_addr_t) kernel_mem;
+ grub_dprintf ("linux", "setting lh->code32_start to %p\n", + grub_dprintf ("linux", "setting lh->code32_start to 0x%08x\n",
+ LOW_U32(kernel_mem)); + LOW_U32(kernel_mem));
+ lh->code32_start = LOW_U32(kernel_mem); + lh->code32_start = LOW_U32(kernel_mem);

View File

@ -0,0 +1,401 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Javier Martinez Canillas <javierm@redhat.com>
Date: Fri, 21 Sep 2018 17:51:16 +0200
Subject: [PATCH] drop TPM support for legacy BIOS
Currently there's TPM support for both EFI and legacy BIOS.
A software interrupt call interface is used in legacy BIOS to communicate
with the TPM chips. But with some BIOS firmwares, the machine just hangs
after doing a BIOS interrupt call for the TCG_HashLogExtendEvent command.
It's hard to know what exactly is causing this, but the Trousers project
mentions in their docs that they don't use TCG_HashLogExtendEvent [0] due
the command not working reliable on some BIOS.
The TCG_CompactHashLogExtendEvent is less fragile, since it has a simpler
interface, doesn't require to setup any data structure and doesn't return
anything. So it could be used to do measurements and logs events instead.
But even when using this command can be a workaround on some systems, it
doesn't guarantee that could not fail on others. So since the TPM support
for some legacy BIOS don't work and can lead to machines failing to boot,
let's just drop it and only support TPM for EFI.
[0]: http://trousers.sourceforge.net/grub.html
Resolves: rhbz#1579835
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
---
grub-core/Makefile.core.def | 1 -
grub-core/kern/i386/pc/tpm.c | 145 --------------------------------------
grub-core/loader/i386/pc/linux.c | 4 --
include/grub/tpm.h | 2 +-
grub-core/boot/i386/pc/boot.S | 30 +-------
grub-core/boot/i386/pc/diskboot.S | 44 ------------
6 files changed, 2 insertions(+), 224 deletions(-)
delete mode 100644 grub-core/kern/i386/pc/tpm.c
diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def
index 701e5d32fa2..f33ff332079 100644
--- a/grub-core/Makefile.core.def
+++ b/grub-core/Makefile.core.def
@@ -246,7 +246,6 @@ kernel = {
i386_pc = kern/i386/pc/init.c;
i386_pc = kern/i386/pc/mmap.c;
- i386_pc = kern/i386/pc/tpm.c;
i386_pc = term/i386/pc/console.c;
i386_qemu = bus/pci.c;
diff --git a/grub-core/kern/i386/pc/tpm.c b/grub-core/kern/i386/pc/tpm.c
deleted file mode 100644
index f6f264aff2e..00000000000
--- a/grub-core/kern/i386/pc/tpm.c
+++ /dev/null
@@ -1,145 +0,0 @@
-#include <grub/err.h>
-#include <grub/i18n.h>
-#include <grub/mm.h>
-#include <grub/tpm.h>
-#include <grub/misc.h>
-#include <grub/i386/pc/int.h>
-
-#define TCPA_MAGIC 0x41504354
-
-static int tpm_presence = -1;
-
-int tpm_present(void);
-
-int tpm_present(void)
-{
- struct grub_bios_int_registers regs;
-
- if (tpm_presence != -1)
- return tpm_presence;
-
- regs.flags = GRUB_CPU_INT_FLAGS_DEFAULT;
- regs.eax = 0xbb00;
- regs.ebx = TCPA_MAGIC;
- grub_bios_interrupt (0x1a, &regs);
-
- if (regs.eax == 0)
- tpm_presence = 1;
- else
- tpm_presence = 0;
-
- return tpm_presence;
-}
-
-grub_err_t
-grub_tpm_execute(PassThroughToTPM_InputParamBlock *inbuf,
- PassThroughToTPM_OutputParamBlock *outbuf)
-{
- struct grub_bios_int_registers regs;
- grub_addr_t inaddr, outaddr;
-
- if (!tpm_present())
- return 0;
-
- inaddr = (grub_addr_t) inbuf;
- outaddr = (grub_addr_t) outbuf;
- regs.flags = GRUB_CPU_INT_FLAGS_DEFAULT;
- regs.eax = 0xbb02;
- regs.ebx = TCPA_MAGIC;
- regs.ecx = 0;
- regs.edx = 0;
- regs.es = (inaddr & 0xffff0000) >> 4;
- regs.edi = inaddr & 0xffff;
- regs.ds = outaddr >> 4;
- regs.esi = outaddr & 0xf;
-
- grub_bios_interrupt (0x1a, &regs);
-
- if (regs.eax)
- {
- tpm_presence = 0;
- return grub_error (GRUB_ERR_IO, N_("TPM error %x, disabling TPM"), regs.eax);
- }
-
- return 0;
-}
-
-typedef struct {
- grub_uint32_t pcrindex;
- grub_uint32_t eventtype;
- grub_uint8_t digest[20];
- grub_uint32_t eventdatasize;
- grub_uint8_t event[0];
-} GRUB_PACKED Event;
-
-typedef struct {
- grub_uint16_t ipblength;
- grub_uint16_t reserved;
- grub_uint32_t hashdataptr;
- grub_uint32_t hashdatalen;
- grub_uint32_t pcr;
- grub_uint32_t reserved2;
- grub_uint32_t logdataptr;
- grub_uint32_t logdatalen;
-} GRUB_PACKED EventIncoming;
-
-typedef struct {
- grub_uint16_t opblength;
- grub_uint16_t reserved;
- grub_uint32_t eventnum;
- grub_uint8_t hashvalue[20];
-} GRUB_PACKED EventOutgoing;
-
-grub_err_t
-grub_tpm_log_event(unsigned char *buf, grub_size_t size, grub_uint8_t pcr,
- const char *description)
-{
- struct grub_bios_int_registers regs;
- EventIncoming incoming;
- EventOutgoing outgoing;
- Event *event;
- grub_uint32_t datalength;
-
- if (!tpm_present())
- return 0;
-
- datalength = grub_strlen(description);
- event = grub_zalloc(datalength + sizeof(Event));
- if (!event)
- return grub_error (GRUB_ERR_OUT_OF_MEMORY,
- N_("cannot allocate TPM event buffer"));
-
- event->pcrindex = pcr;
- event->eventtype = 0x0d;
- event->eventdatasize = grub_strlen(description);
- grub_memcpy(event->event, description, datalength);
-
- incoming.ipblength = sizeof(incoming);
- incoming.hashdataptr = (grub_uint32_t)buf;
- incoming.hashdatalen = size;
- incoming.pcr = pcr;
- incoming.logdataptr = (grub_uint32_t)event;
- incoming.logdatalen = datalength + sizeof(Event);
-
- regs.flags = GRUB_CPU_INT_FLAGS_DEFAULT;
- regs.eax = 0xbb01;
- regs.ebx = TCPA_MAGIC;
- regs.ecx = 0;
- regs.edx = 0;
- regs.es = (((grub_addr_t) &incoming) & 0xffff0000) >> 4;
- regs.edi = ((grub_addr_t) &incoming) & 0xffff;
- regs.ds = (((grub_addr_t) &outgoing) & 0xffff0000) >> 4;
- regs.esi = ((grub_addr_t) &outgoing) & 0xffff;
-
- grub_bios_interrupt (0x1a, &regs);
-
- grub_free(event);
-
- if (regs.eax)
- {
- tpm_presence = 0;
- return grub_error (GRUB_ERR_IO, N_("TPM error %x, disabling TPM"), regs.eax);
- }
-
- return 0;
-}
diff --git a/grub-core/loader/i386/pc/linux.c b/grub-core/loader/i386/pc/linux.c
index cfff25c21b5..783a3cd93bc 100644
--- a/grub-core/loader/i386/pc/linux.c
+++ b/grub-core/loader/i386/pc/linux.c
@@ -36,7 +36,6 @@
#include <grub/lib/cmdline.h>
#include <grub/linux.h>
#include <grub/efi/sb.h>
-#include <grub/tpm.h>
GRUB_MOD_LICENSE ("GPLv3+");
@@ -162,9 +161,6 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
goto fail;
}
- grub_tpm_measure (kernel, len, GRUB_BINARY_PCR, "grub_linux16", "Kernel");
- grub_print_error();
-
grub_memcpy (&lh, kernel, sizeof (lh));
kernel_offset = sizeof (lh);
diff --git a/include/grub/tpm.h b/include/grub/tpm.h
index 972a5edc836..ce52be4ff7f 100644
--- a/include/grub/tpm.h
+++ b/include/grub/tpm.h
@@ -69,7 +69,7 @@ typedef struct {
grub_err_t EXPORT_FUNC(grub_tpm_measure) (unsigned char *buf, grub_size_t size,
grub_uint8_t pcr, const char *kind,
const char *description);
-#if defined (GRUB_MACHINE_EFI) || defined (GRUB_MACHINE_PCBIOS)
+#if defined (GRUB_MACHINE_EFI)
grub_err_t grub_tpm_execute(PassThroughToTPM_InputParamBlock *inbuf,
PassThroughToTPM_OutputParamBlock *outbuf);
grub_err_t grub_tpm_log_event(unsigned char *buf, grub_size_t size,
diff --git a/grub-core/boot/i386/pc/boot.S b/grub-core/boot/i386/pc/boot.S
index acab37369ae..ea167fe1206 100644
--- a/grub-core/boot/i386/pc/boot.S
+++ b/grub-core/boot/i386/pc/boot.S
@@ -24,14 +24,11 @@
* defines for the code go here
*/
-#define TPM 1
-
/* Print message string */
#define MSG(x) movw $x, %si; call LOCAL(message)
#define ERR(x) movw $x, %si; jmp LOCAL(error_message)
.macro floppy
-#ifndef TPM
part_start:
LOCAL(probe_values):
@@ -88,7 +85,6 @@ fd_probe_error_string: .asciz "Floppy"
movb MACRO_DOLLAR(79), %ch
jmp LOCAL(final_init)
-#endif
.endm
.macro scratch
@@ -256,7 +252,6 @@ real_start:
/* set %si to the disk address packet */
movw $disk_address_packet, %si
-#ifndef TPM
/* check if LBA is supported */
movb $0x41, %ah
movw $0x55aa, %bx
@@ -276,7 +271,6 @@ real_start:
andw $1, %cx
jz LOCAL(chs_mode)
-#endif
LOCAL(lba_mode):
xorw %ax, %ax
@@ -320,9 +314,6 @@ LOCAL(lba_mode):
jmp LOCAL(copy_buffer)
LOCAL(chs_mode):
-#ifdef TPM
- jmp LOCAL(general_error)
-#else
/*
* Determine the hard disk geometry from the BIOS!
* We do this first, so that LS-120 IDE floppies work correctly.
@@ -434,7 +425,7 @@ setup_sectors:
jc LOCAL(read_error)
movw %es, %bx
-#endif /* TPM */
+
LOCAL(copy_buffer):
/*
* We need to save %cx and %si because the startup code in
@@ -457,25 +448,6 @@ LOCAL(copy_buffer):
popw %ds
popa
-#ifdef TPM
- pusha
-
- movw $0xBB00, %ax /* TCG_StatusCheck */
- int $0x1A
- test %eax, %eax
- jnz boot /* No TPM or TPM deactivated */
-
- movw $0xBB07, %ax /* TCG_CompactHashLogExtendEvent */
- movw $GRUB_BOOT_MACHINE_KERNEL_ADDR, %di
- xorl %esi, %esi
- movl $0x41504354, %ebx /* TCPA */
- movl $0x200, %ecx /* Measure 512 bytes */
- movl $0x8, %edx /* PCR 8 */
- int $0x1A
-
-boot:
- popa
-#endif
/* boot kernel */
jmp *(LOCAL(kernel_address))
diff --git a/grub-core/boot/i386/pc/diskboot.S b/grub-core/boot/i386/pc/diskboot.S
index f4744ec6fcb..68d31de0c4c 100644
--- a/grub-core/boot/i386/pc/diskboot.S
+++ b/grub-core/boot/i386/pc/diskboot.S
@@ -19,8 +19,6 @@
#include <grub/symbol.h>
#include <grub/machine/boot.h>
-#define TPM 1
-
/*
* defines for the code go here
*/
@@ -55,21 +53,6 @@ _start:
/* this sets up for the first run through "bootloop" */
movw $LOCAL(firstlist), %di
-#ifdef TPM
- /* clear EAX to remove potential garbage */
- xorl %eax, %eax
- /* 8(%di) = number of sectors to read */
- movw 8(%di), %ax
-
- /* Multiply number of sectors to read with 512 bytes. EAX is 32bit
- * which is large enough to hold values of up to 4GB. I doubt there
- * will ever be a core.img larger than that. ;-) */
- shll $9, %eax
-
- /* write result to bytes_to_measure var */
- movl %eax, bytes_to_measure
-#endif
-
/* save the sector number of the second sector in %ebp */
movl (%di), %ebp
@@ -307,29 +290,6 @@ LOCAL(copy_buffer):
/* END OF MAIN LOOP */
LOCAL(bootit):
-#ifdef TPM
- pusha
- movw $0xBB07, %ax /* TCG_CompactHashLogExtendEvent */
-
- movw $0x0, %bx
- movw %bx, %es
-
- /* We've already measured the first 512 bytes, now measure the rest */
- xorl %edi, %edi
- movw $(GRUB_BOOT_MACHINE_KERNEL_ADDR + 0x200), %di
-
- movl $0x41504354, %ebx /* EBX = "TCPA" */
-
- /* %ecx = The length, in bytes, of the buffer to measure */
- movl $bytes_to_measure, %esi
- movl (%esi), %ecx
- xorl %esi, %esi
- movl $0x9, %edx /* PCR 9 */
-
- int $0x1A
-
- popa
-#endif
/* print a newline */
MSG(notification_done)
popw %dx /* this makes sure %dl is our "boot" drive */
@@ -364,10 +324,6 @@ geometry_error_string: .asciz "Geom"
read_error_string: .asciz "Read"
general_error_string: .asciz " Error"
-#ifdef TPM
-bytes_to_measure: .long 0
-#endif
-
/*
* message: write the string pointed to by %si
*

View File

@ -0,0 +1,146 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Javier Martinez Canillas <javierm@redhat.com>
Date: Thu, 27 Sep 2018 10:49:14 +0200
Subject: [PATCH] Move quicksort function from kernel.exec to the blscfg module
The qsort function is defined in the grub2 kernel and exported for modules
to use. But this prevents the blscfg.mod to be loaded by old grub2 kernels
that don't export this symbol.
Loading the latest blscfg module might be useful on legacy BIOS systems to
avoid updating the first and second stage grub2 images in the boot device.
Since the only caller of the qsort function is the blscfg module, move the
qsort function out of the grub2 kernel and only have it in the blscfg.mod.
While being there, also remove the grub_bsearch() function that is unused.
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
---
grub-core/Makefile.core.def | 2 +-
grub-core/commands/blscfg.c | 3 ++-
grub-core/{kern/qsort.c => commands/bls_qsort.h} | 30 +++---------------------
include/grub/misc.h | 15 ------------
4 files changed, 6 insertions(+), 44 deletions(-)
rename grub-core/{kern/qsort.c => commands/bls_qsort.h} (93%)
diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def
index f33ff332079..18d4ec20cdf 100644
--- a/grub-core/Makefile.core.def
+++ b/grub-core/Makefile.core.def
@@ -129,7 +129,6 @@ kernel = {
common = kern/rescue_parser.c;
common = kern/rescue_reader.c;
common = kern/term.c;
- common = kern/qsort.c;
common = kern/backtrace.c;
common = kern/tpm.c;
@@ -786,6 +785,7 @@ module = {
module = {
name = blscfg;
common = commands/blscfg.c;
+ common = commands/bls_qsort.h;
common = commands/loadenv.h;
enable = efi;
enable = i386_pc;
diff --git a/grub-core/commands/blscfg.c b/grub-core/commands/blscfg.c
index abd6f00d0de..bec5a9ffe3e 100644
--- a/grub-core/commands/blscfg.c
+++ b/grub-core/commands/blscfg.c
@@ -36,6 +36,7 @@
GRUB_MOD_LICENSE ("GPLv3+");
+#include "bls_qsort.h"
#include "loadenv.h"
#define GRUB_BLS_CONFIG_PATH "/loader/entries/"
@@ -717,7 +718,7 @@ read_fallback:
use_version = false;
}
- grub_qsort(&entries[0], nentries, sizeof (struct bls_entry *), bls_cmp, &use_version);
+ bls_qsort(&entries[0], nentries, sizeof (struct bls_entry *), bls_cmp, &use_version);
grub_dprintf ("blscfg", "%s Creating %d entries from bls\n", __func__, nentries);
for (r = nentries - 1; r >= 0; r--)
diff --git a/grub-core/kern/qsort.c b/grub-core/commands/bls_qsort.h
similarity index 93%
rename from grub-core/kern/qsort.c
rename to grub-core/commands/bls_qsort.h
index 7f3fc9ffdae..572765fa3f2 100644
--- a/grub-core/kern/qsort.c
+++ b/grub-core/commands/bls_qsort.h
@@ -64,6 +64,7 @@ typedef struct
#define POP(low, high) ((void) (--top, (low = top->lo), (high = top->hi)))
#define STACK_NOT_EMPTY (stack < top)
+typedef int (*grub_compar_d_fn_t) (const void *p0, const void *p1, void *state);
/* Order size using quicksort. This implementation incorporates
four optimizations discussed in Sedgewick:
@@ -89,8 +90,8 @@ typedef struct
smaller partition. This *guarantees* no more than log (total_elems)
stack size is needed (actually O(1) in this case)! */
-void
-grub_qsort (void *const pbase, grub_size_t total_elems, grub_size_t size,
+static inline void UNUSED
+bls_qsort (void *const pbase, grub_size_t total_elems, grub_size_t size,
grub_compar_d_fn_t cmp, void *arg)
{
char *base_ptr = (char *) pbase;
@@ -252,28 +253,3 @@ grub_qsort (void *const pbase, grub_size_t total_elems, grub_size_t size,
}
}
-void *
-grub_bsearch (const void *key, const void *base, grub_size_t nmemb, grub_size_t size,
- grub_compar_d_fn_t compar, void *state)
-{
- grub_size_t l, u, idx;
- const void *p;
- int comparison;
-
- l = 0;
- u = nmemb;
- while (l < u)
- {
- idx = (l + u) / 2;
- p = (void *) (((const char *) base) + (idx * size));
- comparison = (*compar) (key, p, state);
- if (comparison < 0)
- u = idx;
- else if (comparison > 0)
- l = idx + 1;
- else
- return (void *) p;
- }
-
- return NULL;
-}
diff --git a/include/grub/misc.h b/include/grub/misc.h
index 5f1c1c1be4e..de9016ab709 100644
--- a/include/grub/misc.h
+++ b/include/grub/misc.h
@@ -510,19 +510,4 @@ void EXPORT_FUNC(grub_real_boot_time) (const char *file,
#define grub_max(a, b) (((a) > (b)) ? (a) : (b))
#define grub_min(a, b) (((a) < (b)) ? (a) : (b))
-typedef int (*grub_compar_d_fn_t) (const void *p0, const void *p1, void *state);
-
-void *EXPORT_FUNC(grub_bsearch) (const void *key,
- const void *base,
- grub_size_t nmemb,
- grub_size_t size,
- grub_compar_d_fn_t compar,
- void *state);
-
-void EXPORT_FUNC(grub_qsort) (void *const pbase,
- grub_size_t total_elems,
- grub_size_t size,
- grub_compar_d_fn_t cmp,
- void *state);
-
#endif /* ! GRUB_MISC_HEADER */

View File

@ -0,0 +1,25 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Javier Martinez Canillas <javierm@redhat.com>
Date: Thu, 27 Sep 2018 19:03:43 +0200
Subject: [PATCH] Include blscfg module for powerpc ieee1275
The blscfg module is currently not built for powerpc ieee1275, but this
is still needed when the machine is not booted in bare metal with OPAL.
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
---
grub-core/Makefile.core.def | 1 +
1 file changed, 1 insertion(+)
diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def
index 18d4ec20cdf..30c2ac8f3c8 100644
--- a/grub-core/Makefile.core.def
+++ b/grub-core/Makefile.core.def
@@ -787,6 +787,7 @@ module = {
common = commands/blscfg.c;
common = commands/bls_qsort.h;
common = commands/loadenv.h;
+ enable = powerpc_ieee1275;
enable = efi;
enable = i386_pc;
enable = emu;

View File

@ -0,0 +1,53 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Javier Martinez Canillas <javierm@redhat.com>
Date: Fri, 28 Sep 2018 10:35:38 +0200
Subject: [PATCH] grub-switch-to-blscfg: copy blscfg module for legacy BIOS and
ppc ieee1275
On platforms that load the blscfg module the latest version should be used,
so copy the module to the boot directory to make sure that the grub2 kernel
will load the latest version of the BLS parsing code.
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
---
util/grub-switch-to-blscfg.in | 13 ++++++++++++-
1 file changed, 12 insertions(+), 1 deletion(-)
diff --git a/util/grub-switch-to-blscfg.in b/util/grub-switch-to-blscfg.in
index 9cf64f8e725..1c6bd1882a7 100644
--- a/util/grub-switch-to-blscfg.in
+++ b/util/grub-switch-to-blscfg.in
@@ -53,6 +53,8 @@ blsdir=`echo "/@bootdirname@/loader/entries" | sed 's,//*,/,g'`
backupsuffix=.bak
+arch="$(uname -m)"
+
export TEXTDOMAIN=@PACKAGE@
export TEXTDOMAINDIR="@localedir@"
@@ -248,7 +250,6 @@ for kernelver in $(cd /lib/modules/ ; ls -1) "" ; do
fi
if [ "x$GRUB_LINUX_MAKE_DEBUG" = "xtrue" ]; then
- arch="$(uname -m)"
bls_debug="$(echo ${bls_target} | sed -e "s/\.${arch}/-debug.${arch}/")"
cp -aT "${bls_target}" "${bls_debug}"
title="$(grep '^title[ \t]' "${bls_debug}" | sed -e 's/^title[ \t]*//')"
@@ -282,6 +283,16 @@ elif ! grep -q '^GRUB_ENABLE_BLSCFG=.*' "${etcdefaultgrub}" ; then
fi
if [ "${GENERATE}" -eq 1 ] ; then
+ if [ $arch = "x86_64" ] && [ ! -d /sys/firmware/efi ]; then
+ if ! cp ${prefix}/lib/grub//i386-pc/blscfg.mod ${grubdir}/i386-pc/ ; then
+ exit 1
+ fi
+ elif [ $arch = "ppc64" -o $arch = "ppc64le" ] && [ ! -d /sys/firmware/opal ]; then
+ if ! cp ${prefix}/lib/grub/powerpc-ieee1275/blscfg.mod ${grubdir}/powerpc-ieee1275/ ; then
+ exit 1
+ fi
+ fi
+
cp -af "${GRUB_CONFIG_FILE}" "${GRUB_CONFIG_FILE}${backupsuffix}"
if ! grub2-mkconfig -o "${GRUB_CONFIG_FILE}" ; then
cp -af "${GRUB_CONFIG_FILE}${backupsuffix}" "${GRUB_CONFIG_FILE}"

View File

@ -0,0 +1,47 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Fri, 28 Sep 2018 15:42:19 -0400
Subject: [PATCH] Fix getroot.c's trampolines.
This makes the stack executable on most of the grub utilities, which is
bad, and rpmdiff complains about it.
Signed-off-by: Peter Jones <pjones@redhat.com>
---
grub-core/osdep/linux/getroot.c | 16 +++++++---------
1 file changed, 7 insertions(+), 9 deletions(-)
diff --git a/grub-core/osdep/linux/getroot.c b/grub-core/osdep/linux/getroot.c
index 2b7a626d5ea..36429a7cd25 100644
--- a/grub-core/osdep/linux/getroot.c
+++ b/grub-core/osdep/linux/getroot.c
@@ -1264,22 +1264,20 @@ grub_util_get_grub_dev_os (const char *os_dev)
return grub_dev;
}
+static void *mp = NULL;
+static void
+btrfs_mount_path_hook(const char *m)
+{
+ mp = strdup (m);
+}
char *
grub_util_get_btrfs_subvol (const char *path, char **mount_path)
{
- char *mp = NULL;
-
if (mount_path)
*mount_path = NULL;
- auto void
- mount_path_hook (const char *m)
- {
- mp = strdup (m);
- }
-
- grub_find_root_btrfs_mount_path_hook = mount_path_hook;
+ grub_find_root_btrfs_mount_path_hook = btrfs_mount_path_hook;
grub_free (grub_find_root_devices_from_mountinfo (path, NULL));
grub_find_root_btrfs_mount_path_hook = NULL;

View File

@ -0,0 +1,38 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Fri, 28 Sep 2018 15:48:09 -0400
Subject: [PATCH] Do not allow stack trampolines, anywhere.
Signed-off-by: Peter Jones <pjones@redhat.com>
---
configure.ac | 3 +++
conf/Makefile.common | 2 +-
2 files changed, 4 insertions(+), 1 deletion(-)
diff --git a/configure.ac b/configure.ac
index 40fcf567ae7..077df917593 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1983,6 +1983,9 @@ if test x"$enable_wextra" != xno ; then
HOST_CFLAGS="$HOST_CFLAGS -Wextra"
fi
+TARGET_CFLAGS="$TARGET_CFLAGS -Werror=trampolines -fno-trampolines"
+HOST_CFLAGS="$HOST_CFLAGS -Werror=trampolines -fno-trampolines"
+
TARGET_CPP="$TARGET_CC -E"
TARGET_CCAS=$TARGET_CC
diff --git a/conf/Makefile.common b/conf/Makefile.common
index 0d9910d7875..38375a7891c 100644
--- a/conf/Makefile.common
+++ b/conf/Makefile.common
@@ -66,7 +66,7 @@ grubconfdir = $(sysconfdir)/grub.d
platformdir = $(pkglibdir)/$(target_cpu)-$(platform)
starfielddir = $(pkgdatadir)/themes/starfield
-CFLAGS_GNULIB = -Wno-undef -Wno-unused -Wno-unused-parameter -Wno-redundant-decls -Wno-unreachable-code
+CFLAGS_GNULIB = -Wno-undef -Wno-unused -Wno-unused-parameter -Wno-redundant-decls -Wno-unreachable-code -Werror=trampolines -fno-trampolines
CPPFLAGS_GNULIB = -I$(top_builddir)/grub-core/gnulib -I$(top_srcdir)/grub-core/gnulib
CFLAGS_POSIX = -fno-builtin

View File

@ -0,0 +1,24 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Tue, 2 Oct 2018 13:26:42 -0400
Subject: [PATCH] fixup! arm/arm64 loader: Better memory allocation and error
messages.
---
grub-core/kern/efi/mm.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/grub-core/kern/efi/mm.c b/grub-core/kern/efi/mm.c
index a553f817edb..cac775fc935 100644
--- a/grub-core/kern/efi/mm.c
+++ b/grub-core/kern/efi/mm.c
@@ -169,6 +169,9 @@ grub_efi_allocate_pages_real (grub_efi_physical_address_t address,
status = efi_call_4 (b->allocate_pages, alloctype, memtype, pages, &ret);
if (status != GRUB_EFI_SUCCESS)
{
+ grub_dprintf ("efi",
+ "allocate_pages(%d, %d, 0x%0lx, 0x%016lx) = 0x%016lx\n",
+ alloctype, memtype, pages, address, status);
grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory"));
return NULL;
}

View File

@ -0,0 +1,27 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Christian Glombek <lorbus@fedoraproject.org>
Date: Tue, 2 Oct 2018 15:41:18 +0200
Subject: [PATCH] Fix boot counting grub.cfg snippet creation Fixes BZ1614637
---
util/grub.d/01_fallback_counting.in | 2 ++
1 file changed, 2 insertions(+)
diff --git a/util/grub.d/01_fallback_counting.in b/util/grub.d/01_fallback_counting.in
index ecfc7401474..afe06199a93 100644
--- a/util/grub.d/01_fallback_counting.in
+++ b/util/grub.d/01_fallback_counting.in
@@ -1,6 +1,7 @@
#! /bin/sh -e
# Boot Counting
+cat << EOF
if [ "\${boot_counter}" -a "\${boot_success}" = "0" ]; then
if [ "\${boot_counter}" = "0" -o "\${boot_counter}" = "-1" ]; then
set default=1
@@ -10,3 +11,4 @@ if [ "\${boot_counter}" -a "\${boot_success}" = "0" ]; then
fi
save_env boot_counter
fi
+EOF
\ No newline at end of file

View File

@ -245,3 +245,11 @@ Patch0244: 0244-x86-efi-Re-arrange-grub_cmd_linux-a-little-bit.patch
Patch0245: 0245-x86-efi-Make-our-own-allocator-for-kernel-stuff.patch Patch0245: 0245-x86-efi-Make-our-own-allocator-for-kernel-stuff.patch
Patch0246: 0246-x86-efi-Allow-initrd-params-cmdline-allocations-abov.patch Patch0246: 0246-x86-efi-Allow-initrd-params-cmdline-allocations-abov.patch
Patch0247: 0247-docs-Stop-using-polkit-pkexec-for-grub-boot-success..patch Patch0247: 0247-docs-Stop-using-polkit-pkexec-for-grub-boot-success..patch
Patch0248: 0248-drop-TPM-support-for-legacy-BIOS.patch
Patch0249: 0249-Move-quicksort-function-from-kernel.exec-to-the-blsc.patch
Patch0250: 0250-Include-blscfg-module-for-powerpc-ieee1275.patch
Patch0251: 0251-grub-switch-to-blscfg-copy-blscfg-module-for-legacy-.patch
Patch0252: 0252-Fix-getroot.c-s-trampolines.patch
Patch0253: 0253-Do-not-allow-stack-trampolines-anywhere.patch
Patch0254: 0254-fixup-arm-arm64-loader-Better-memory-allocation-and-.patch
Patch0255: 0255-Fix-boot-counting-grub.cfg-snippet-creation.patch

View File

@ -7,7 +7,7 @@
Name: grub2 Name: grub2
Epoch: 1 Epoch: 1
Version: 2.02 Version: 2.02
Release: 59%{?dist} Release: 60%{?dist}
Summary: Bootloader with support for Linux, Multiboot and more Summary: Bootloader with support for Linux, Multiboot and more
Group: System Environment/Base Group: System Environment/Base
License: GPLv3+ License: GPLv3+
@ -494,6 +494,18 @@ fi
%endif %endif
%changelog %changelog
* Tue Oct 02 2018 Peter Jones <pjones@redhat.com> - 2.02-60
- Fix grub.cfg boot counting snippet generation (lorbus)
Resolves: rhbz#1614637
- Fix spurrious allocation error reporting on EFI boot
Resolves: rhbz#1635319
- Stop doing TPM on BIOS *again*. It just doesn't work.
Related: rhbz#1579835
- Make blscfg module loadable on older grub2 i386-pc and powerpc-ieee1275
builds
- Fix execstack cropping up in grub2-tools
- Ban stack trampolines with compiler flags.
* Tue Sep 25 2018 Hans de Goede <hdegoede@redhat.com> - 2.02-59 * Tue Sep 25 2018 Hans de Goede <hdegoede@redhat.com> - 2.02-59
- Stop using pkexec for grub2-set-bootflag, it does not work under gdm - Stop using pkexec for grub2-set-bootflag, it does not work under gdm
instead make it suid root (it was written with this in mind) instead make it suid root (it was written with this in mind)