From e7aee52b19161da679328924af419750f33bd656 Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Tue, 19 Jul 2022 16:24:58 +0000 Subject: [PATCH] Handle FAT mtime of 0 Resolves: #2096192 Signed-off-by: Robbie Harwood --- ...-document-the-behavior-of-multiple-v.patch | 25 ++++++++ ...probe-dprint-errors-from-filesystems.patch | 43 +++++++++++++ 0269-fs-fat-don-t-error-when-mtime-is-0.patch | 64 +++++++++++++++++++ grub.patches | 3 + grub2.spec | 8 ++- 5 files changed, 141 insertions(+), 2 deletions(-) create mode 100644 0267-grub-probe-document-the-behavior-of-multiple-v.patch create mode 100644 0268-grub_fs_probe-dprint-errors-from-filesystems.patch create mode 100644 0269-fs-fat-don-t-error-when-mtime-is-0.patch diff --git a/0267-grub-probe-document-the-behavior-of-multiple-v.patch b/0267-grub-probe-document-the-behavior-of-multiple-v.patch new file mode 100644 index 0000000..4e9d7cc --- /dev/null +++ b/0267-grub-probe-document-the-behavior-of-multiple-v.patch @@ -0,0 +1,25 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Robbie Harwood +Date: Fri, 15 Jul 2022 15:49:25 -0400 +Subject: [PATCH] grub-probe: document the behavior of multiple -v + +Signed-off-by: Robbie Harwood +(cherry picked from commit 51a55233eed08f7f12276afd6b3724b807a0b680) +--- + util/grub-probe.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/util/grub-probe.c b/util/grub-probe.c +index c6fac732b4..ba867319a7 100644 +--- a/util/grub-probe.c ++++ b/util/grub-probe.c +@@ -732,7 +732,8 @@ static struct argp_option options[] = { + {"device-map", 'm', N_("FILE"), 0, + N_("use FILE as the device map [default=%s]"), 0}, + {"target", 't', N_("TARGET"), 0, 0, 0}, +- {"verbose", 'v', 0, 0, N_("print verbose messages."), 0}, ++ {"verbose", 'v', 0, 0, ++ N_("print verbose messages (pass twice to enable debug printing)."), 0}, + {0, '0', 0, 0, N_("separate items in output using ASCII NUL characters"), 0}, + { 0, 0, 0, 0, 0, 0 } + }; diff --git a/0268-grub_fs_probe-dprint-errors-from-filesystems.patch b/0268-grub_fs_probe-dprint-errors-from-filesystems.patch new file mode 100644 index 0000000..1455ae4 --- /dev/null +++ b/0268-grub_fs_probe-dprint-errors-from-filesystems.patch @@ -0,0 +1,43 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Robbie Harwood +Date: Fri, 15 Jul 2022 15:39:41 -0400 +Subject: [PATCH] grub_fs_probe(): dprint errors from filesystems + +When filesystem detection fails, all that's currently debug-logged is a +series of messages like: + + grub-core/kern/fs.c:56:fs: Detecting ntfs... + grub-core/kern/fs.c:76:fs: ntfs detection failed. + +repeated for each filesystem. Any messages provided to grub_error() by +the filesystem are lost, and one has to break out gdb to figure out what +went wrong. + +With this change, one instead sees: + + grub-core/kern/fs.c:56:fs: Detecting fat... + grub-core/osdep/hostdisk.c:357:hostdisk: reusing open device + `/path/to/device' + grub-core/kern/fs.c:77:fs: error: invalid modification timestamp for /. + grub-core/kern/fs.c:79:fs: fat detection failed. + +in the debug prints. + +Signed-off-by: Robbie Harwood +(cherry picked from commit 838c79d658797d0662ee7f9e033e38ee88059e02) +--- + grub-core/kern/fs.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/grub-core/kern/fs.c b/grub-core/kern/fs.c +index c698295bcb..b58e2ae1d2 100644 +--- a/grub-core/kern/fs.c ++++ b/grub-core/kern/fs.c +@@ -74,6 +74,7 @@ grub_fs_probe (grub_device_t device) + if (grub_errno == GRUB_ERR_NONE) + return p; + ++ grub_dprintf ("fs", _("error: %s.\n"), grub_errmsg); + grub_error_push (); + grub_dprintf ("fs", "%s detection failed.\n", p->name); + grub_error_pop (); diff --git a/0269-fs-fat-don-t-error-when-mtime-is-0.patch b/0269-fs-fat-don-t-error-when-mtime-is-0.patch new file mode 100644 index 0000000..f014f6c --- /dev/null +++ b/0269-fs-fat-don-t-error-when-mtime-is-0.patch @@ -0,0 +1,64 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Robbie Harwood +Date: Fri, 15 Jul 2022 15:42:41 -0400 +Subject: [PATCH] fs/fat: don't error when mtime is 0 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +In the wild, we occasionally see valid ESPs where some file modification times +are 0. For instance: + + ├── [Dec 31 1979] EFI + │ ├── [Dec 31 1979] BOOT + │ │ ├── [Dec 31 1979] BOOTX64.EFI + │ │ └── [Dec 31 1979] fbx64.efi + │ └── [Jun 27 02:41] fedora + │ ├── [Dec 31 1979] BOOTX64.CSV + │ ├── [Dec 31 1979] fonts + │ ├── [Mar 14 03:35] fw + │ │ ├── [Mar 14 03:35] fwupd-359c1169-abd6-4a0d-8bce-e4d4713335c1.cap + │ │ ├── [Mar 14 03:34] fwupd-9d255c4b-2d88-4861-860d-7ee52ade9463.cap + │ │ └── [Mar 14 03:34] fwupd-b36438d8-9128-49d2-b280-487be02d948b.cap + │ ├── [Dec 31 1979] fwupdx64.efi + │ ├── [May 10 10:47] grub.cfg + │ ├── [Jun 3 12:38] grub.cfg.new.new + │ ├── [May 10 10:41] grub.cfg.old + │ ├── [Jun 27 02:41] grubenv + │ ├── [Dec 31 1979] grubx64.efi + │ ├── [Dec 31 1979] mmx64.efi + │ ├── [Dec 31 1979] shim.efi + │ ├── [Dec 31 1979] shimx64.efi + │ └── [Dec 31 1979] shimx64-fedora.efi + └── [Dec 31 1979] FSCK0000.REC + + 5 directories, 17 files + +This causes grub-probe failure, which in turn causes grub-mkconfig +failure. They are valid filesystems that appear intact, and the Linux +FAT stack is able to mount and manipulate them without complaint. + +The check for mtime of 0 has been present since +20def1a3c3952982395cd7c3ea7e78638527962b ("fat: support file +modification times"). + +Signed-off-by: Robbie Harwood +(cherry picked from commit 0615c4887352e32d7bb7198e9ad0d695f9dc2c31) +--- + grub-core/fs/fat.c | 3 --- + 1 file changed, 3 deletions(-) + +diff --git a/grub-core/fs/fat.c b/grub-core/fs/fat.c +index dd82e4ee35..ff6200c5be 100644 +--- a/grub-core/fs/fat.c ++++ b/grub-core/fs/fat.c +@@ -1027,9 +1027,6 @@ grub_fat_dir (grub_device_t device, const char *path, grub_fs_dir_hook_t hook, + grub_le_to_cpu16 (ctxt.dir.w_date), + &info.mtime); + #endif +- if (info.mtimeset == 0) +- grub_error (GRUB_ERR_OUT_OF_RANGE, +- "invalid modification timestamp for %s", path); + + if (hook (ctxt.filename, &info, hook_data)) + break; diff --git a/grub.patches b/grub.patches index f992ef2..ff3d92f 100644 --- a/grub.patches +++ b/grub.patches @@ -264,3 +264,6 @@ Patch0263: 0263-nx-add-memory-attribute-get-set-API.patch Patch0264: 0264-nx-set-page-permissions-for-loaded-modules.patch Patch0265: 0265-nx-set-attrs-in-our-kernel-loaders.patch Patch0266: 0266-nx-set-the-nx-compatible-flag-in-EFI-grub-images.patch +Patch0267: 0267-grub-probe-document-the-behavior-of-multiple-v.patch +Patch0268: 0268-grub_fs_probe-dprint-errors-from-filesystems.patch +Patch0269: 0269-fs-fat-don-t-error-when-mtime-is-0.patch diff --git a/grub2.spec b/grub2.spec index 569e0a1..8456134 100644 --- a/grub2.spec +++ b/grub2.spec @@ -17,7 +17,7 @@ Name: grub2 Epoch: 1 Version: 2.06 -Release: 42%{?dist} +Release: 43%{?dist} Summary: Bootloader with support for Linux, Multiboot and more License: GPLv3+ URL: http://www.gnu.org/software/grub/ @@ -530,7 +530,11 @@ mv ${EFI_HOME}/grub.cfg.stb ${EFI_HOME}/grub.cfg %endif %changelog -* Mon May 16 2022 Robbie Harwood 1:2.06-42 +* Tue Jul 19 2022 Robbie Harwood - 2.06-43 +- Handle FAT mtime of 0 +- Resolves: #2096192 + +* Mon May 16 2022 Robbie Harwood - 1:2.06-42 - CVE fixes for 2022-05-24 - Resolves: CVE-2022-28736 CVE-2022-28735 CVE-2022-28734 CVE-2022-28733 - Resolves: CVE-2021-3697 CVE-2021-3696 CVE-2021-3695