From ca135ed532314e1a858c6f282ebf17f7b362c14b Mon Sep 17 00:00:00 2001
From: Leo Sandoval <lsandova@redhat.com>
Date: Mon, 2 Jun 2025 16:54:10 -0600
Subject: [PATCH] Handle special kernel parameter characters properly

Resolves: #RHEL-64297
Signed-off-by: Leo Sandoval <lsandova@redhat.com>
---
 ...pe-kernel-option-characters-properly.patch | 45 +++++++++++++++++++
 ...variable-is-escaped-before-consideri.patch | 26 +++++++++++
 grub.patches                                  |  2 +
 grub2.spec                                    |  6 ++-
 4 files changed, 78 insertions(+), 1 deletion(-)
 create mode 100644 0477-10_linux.in-escape-kernel-option-characters-properly.patch
 create mode 100644 0478-blscfg-check-if-variable-is-escaped-before-consideri.patch

diff --git a/0477-10_linux.in-escape-kernel-option-characters-properly.patch b/0477-10_linux.in-escape-kernel-option-characters-properly.patch
new file mode 100644
index 0000000..1937cb9
--- /dev/null
+++ b/0477-10_linux.in-escape-kernel-option-characters-properly.patch
@@ -0,0 +1,45 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Leo Sandoval <lsandova@redhat.com>
+Date: Wed, 7 May 2025 13:23:37 -0600
+Subject: [PATCH] 10_linux.in: escape kernel option characters properly
+
+This handles cases where kernel options, specifically the values,
+contain special characters, in this case ';', '&' and '$'.
+
+For example, the user defines the following GRUB_CMDLINE_LINUX on the
+default grub file /etc/default/grub, note the dolar sign on the 'memmap'
+option
+
+    GRUB_CMDLINE_LINUX="console=ttyS0 memmap=32g\\\$0x2000000000"
+
+then regenerating the grub cfg and BLS options line with the
+grub2-mkconfig command, resulting into
+
+    options root=UUID=6baedf23-2510-499a-815d-48b58cf6e619 ro
+    rootflags=subvol=root console=ttyS0 memmap=32g\$0x2000000000
+
+without this patch, we would end up with
+
+    options root=UUID=6baedf23-2510-499a-815d-48b58cf6e619 ro
+    rootflags=subvol=root console=ttyS0 memmap=32g$0x2000000000
+
+Note the missing '\' which is required to escape the '$', otherwise
+it would be consider a variable by blscfg parser which is not the case.
+
+Signed-off-by: Leo Sandoval <lsandova@redhat.com>
+---
+ util/grub.d/10_linux.in | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in
+index fafdfbc4d3..4276d5e240 100755
+--- a/util/grub.d/10_linux.in
++++ b/util/grub.d/10_linux.in
+@@ -180,6 +180,7 @@ update_bls_cmdline()
+         options="$(echo "${options}" | sed -e 's/\//\\\//g')"
+         options="$(echo "${options}" | sed -e 's/\;/\\\;/g')"
+         options="$(echo "${options}" | sed -e 's/\\&/\\\\&/g')"
++        options="$(echo "${options}" | sed -e 's/\$/\\\$/g')"
+         sed -i -e "s/^options.*/options ${options}/" "${blsdir}/${bls}.conf"
+     done
+ }
diff --git a/0478-blscfg-check-if-variable-is-escaped-before-consideri.patch b/0478-blscfg-check-if-variable-is-escaped-before-consideri.patch
new file mode 100644
index 0000000..fba6906
--- /dev/null
+++ b/0478-blscfg-check-if-variable-is-escaped-before-consideri.patch
@@ -0,0 +1,26 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Leo Sandoval <lsandova@redhat.com>
+Date: Wed, 7 May 2025 13:49:47 -0600
+Subject: [PATCH] blscfg: check if variable is escaped before considering one
+
+Otherwise escaped variables are considered real variables.
+
+Signed-off-by: Leo Sandoval <lsandova@redhat.com>
+---
+ grub-core/commands/blscfg.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/grub-core/commands/blscfg.c b/grub-core/commands/blscfg.c
+index 6e398fc175..5d931b0c9b 100644
+--- a/grub-core/commands/blscfg.c
++++ b/grub-core/commands/blscfg.c
+@@ -695,7 +695,8 @@ static char *expand_val(const char *value)
+     return NULL;
+ 
+   while (*value) {
+-    if (*value == '$') {
++    /* It's a variable only when *value is '$' and it is not escaped with '\'*/
++    if (*value == '$' && *end != '\\') {
+       if (start != end) {
+ 	buffer = field_append(is_var, buffer, start, end);
+ 	if (!buffer)
diff --git a/grub.patches b/grub.patches
index dfb943d..adf9114 100644
--- a/grub.patches
+++ b/grub.patches
@@ -473,3 +473,5 @@ Patch0473: 0473-appendedsig-Reads-the-default-DB-keys-from-ELF-Note.patch
 Patch0474: 0474-appendedsig-The-grub-command-s-trusted-and-distruste.patch
 Patch0475: 0475-appendedsig-documentation.patch
 Patch0476: 0476-efi-Add-efitextmode-command-for-getting-setting-the-.patch
+Patch0477: 0477-10_linux.in-escape-kernel-option-characters-properly.patch
+Patch0478: 0478-blscfg-check-if-variable-is-escaped-before-consideri.patch
\ No newline at end of file
diff --git a/grub2.spec b/grub2.spec
index b6e9c65..71e47b4 100644
--- a/grub2.spec
+++ b/grub2.spec
@@ -16,7 +16,7 @@
 Name:		grub2
 Epoch:		1
 Version:	2.06
-Release:	108%{?dist}
+Release:	109%{?dist}
 Summary:	Bootloader with support for Linux, Multiboot and more
 License:	GPLv3+
 URL:		http://www.gnu.org/software/grub/
@@ -547,6 +547,10 @@ mv ${EFI_HOME}/grub.cfg.stb ${EFI_HOME}/grub.cfg
 %endif
 
 %changelog
+* Mon Jun 2 2025 Leo Sandoval <lsandova@redhat.com> 2.06-109
+- Handle special kernel parameter characters properly
+- Resolves: #RHEL-64297
+
 * Wed May 21 2025 Nicolas Frayer <nfrayer@redhat.com> - 2.06-108
 - ieee1275: Appended signature support
 - Resolves: #RHEL-24742