Compare commits

...

No commits in common. "c10s" and "c8" have entirely different histories.
c10s ... c8

730 changed files with 80428 additions and 18831 deletions

View File

@ -1,15 +0,0 @@
*.dec
*.dsc.inc
*.dsc
*.fdf
*.inf
*.vfr
*.ac
*.def
*.c
*.h
*.S
*.mk
Makefile.*
Make.*
Makefile

1
.gitattributes vendored
View File

@ -1 +0,0 @@
po/exclude.pot binary

22
.gitignore vendored
View File

@ -1,13 +1,9 @@
grub-*.tar.?z
*.rpm
clog
/unifont-*.pcf.?z
/theme.tar.bz2
kojilogs
/grub-*/
.build*.log
.*.git/
tmp/
.*.sw?
results_grub2/
/gnulib-*.tar.?z
SOURCES/grub-2.02.tar.xz
SOURCES/redhatsecureboot301.cer
SOURCES/redhatsecureboot502.cer
SOURCES/redhatsecureboot601.cer
SOURCES/redhatsecureboot701.cer
SOURCES/redhatsecurebootca3.cer
SOURCES/redhatsecurebootca5.cer
SOURCES/theme.tar.bz2
SOURCES/unifont-5.1.20080820.pcf.gz

9
.grub2.metadata Normal file
View File

@ -0,0 +1,9 @@
3d7eb6eaab28b88cb969ba9ab24af959f4d1b178 SOURCES/grub-2.02.tar.xz
4a07b56e28741884b86da6ac91f8f9929541a1e4 SOURCES/redhatsecureboot301.cer
3f94c47f1d08bacc7cb29bdd912e286b8d2f6fcf SOURCES/redhatsecureboot502.cer
039357ef97aab3e484d1119edd4528156f5859e6 SOURCES/redhatsecureboot601.cer
e89890ca0ded2f9058651cc5fa838b78db2e6cc2 SOURCES/redhatsecureboot701.cer
cf9230e69000076727e5b784ec871d22716dc5da SOURCES/redhatsecurebootca3.cer
e6f506462069aa17d2e8610503635c20f3a995c3 SOURCES/redhatsecurebootca5.cer
cf0b7763c528902da7e8b05cfa248f20c8825ce5 SOURCES/theme.tar.bz2
87f8600ba24e521b5d20bdf6c4b71af8ae861e3a SOURCES/unifont-5.1.20080820.pcf.gz

View File

@ -1,24 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Javier Martinez Canillas <javierm@redhat.com>
Date: Fri, 11 Jun 2021 12:10:45 +0200
Subject: [PATCH] Revert "templates: Fix user-facing typo with an incorrect use
of "it's""
This reverts commit 722737630889607c3b5761f1f5a48f1674cd2821.
---
util/grub.d/30_os-prober.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/util/grub.d/30_os-prober.in b/util/grub.d/30_os-prober.in
index 656301eaf22..376ca47efe4 100644
--- a/util/grub.d/30_os-prober.in
+++ b/util/grub.d/30_os-prober.in
@@ -36,7 +36,7 @@ if ! command -v os-prober > /dev/null || ! command -v linux-boot-prober > /dev/n
exit 0
fi
-grub_warn "$(gettext_printf "os-prober will be executed to detect other bootable partitions.\nIts output will be used to detect bootable binaries on them and create new boot entries.")"
+grub_warn "$(gettext_printf "os-prober will be executed to detect other bootable partitions.\nIt's output will be used to detect bootable binaries on them and create new boot entries.")"
OSPROBED="`os-prober | tr ' ' '^' | paste -s -d ' '`"
if [ -z "${OSPROBED}" ] ; then

View File

@ -1,71 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Javier Martinez Canillas <javierm@redhat.com>
Date: Fri, 11 Jun 2021 12:10:54 +0200
Subject: [PATCH] Revert "templates: Properly disable the os-prober by default"
This reverts commit 54e0a1bbf1e9106901a557195bb35e5e20fb3925.
---
util/grub-mkconfig.in | 5 +----
util/grub.d/30_os-prober.in | 8 ++++----
2 files changed, 5 insertions(+), 8 deletions(-)
diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in
index 32c480daeb2..7516a015be0 100644
--- a/util/grub-mkconfig.in
+++ b/util/grub-mkconfig.in
@@ -140,9 +140,6 @@ GRUB_DEVICE_PARTUUID="`${grub_probe} --device ${GRUB_DEVICE} --target=partuuid 2
GRUB_DEVICE_BOOT="`${grub_probe} --target=device /boot`"
GRUB_DEVICE_BOOT_UUID="`${grub_probe} --device ${GRUB_DEVICE_BOOT} --target=fs_uuid 2> /dev/null`" || true
-# Disable os-prober by default due to security reasons.
-GRUB_DISABLE_OS_PROBER="true"
-
# Filesystem for the device containing our userland. Used for stuff like
# choosing Hurd filesystem module.
GRUB_FS="`${grub_probe} --device ${GRUB_DEVICE} --target=fs 2> /dev/null || echo unknown`"
@@ -204,7 +201,6 @@ export GRUB_DEVICE \
GRUB_DEVICE_PARTUUID \
GRUB_DEVICE_BOOT \
GRUB_DEVICE_BOOT_UUID \
- GRUB_DISABLE_OS_PROBER \
GRUB_FS \
GRUB_FONT \
GRUB_PRELOAD_MODULES \
@@ -250,6 +246,7 @@ export GRUB_DEFAULT \
GRUB_BACKGROUND \
GRUB_THEME \
GRUB_GFXPAYLOAD_LINUX \
+ GRUB_DISABLE_OS_PROBER \
GRUB_INIT_TUNE \
GRUB_SAVEDEFAULT \
GRUB_ENABLE_CRYPTODISK \
diff --git a/util/grub.d/30_os-prober.in b/util/grub.d/30_os-prober.in
index 376ca47efe4..30f27f15b83 100644
--- a/util/grub.d/30_os-prober.in
+++ b/util/grub.d/30_os-prober.in
@@ -26,8 +26,8 @@ export TEXTDOMAINDIR="@localedir@"
. "$pkgdatadir/grub-mkconfig_lib"
-if [ "x${GRUB_DISABLE_OS_PROBER}" = "xtrue" ]; then
- grub_warn "$(gettext_printf "os-prober will not be executed to detect other bootable partitions.\nSystems on them will not be added to the GRUB boot configuration.\nCheck GRUB_DISABLE_OS_PROBER documentation entry.")"
+if [ "x${GRUB_DISABLE_OS_PROBER}" = "xfalse" ]; then
+ gettext_printf "os-prober will not be executed to detect other bootable partitions.\nSystems on them will not be added to the GRUB boot configuration.\nCheck GRUB_DISABLE_OS_PROBER documentation entry.\n"
exit 0
fi
@@ -36,12 +36,12 @@ if ! command -v os-prober > /dev/null || ! command -v linux-boot-prober > /dev/n
exit 0
fi
-grub_warn "$(gettext_printf "os-prober will be executed to detect other bootable partitions.\nIt's output will be used to detect bootable binaries on them and create new boot entries.")"
-
OSPROBED="`os-prober | tr ' ' '^' | paste -s -d ' '`"
if [ -z "${OSPROBED}" ] ; then
# empty os-prober output, nothing doing
exit 0
+else
+ grub_warn "$(gettext_printf "os-prober was executed to detect other bootable partitions.\nIt's output will be used to detect bootable binaries on them and create new boot entries.")"
fi
osx_entry() {

View File

@ -1,70 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Javier Martinez Canillas <javierm@redhat.com>
Date: Fri, 11 Jun 2021 12:10:58 +0200
Subject: [PATCH] Revert "templates: Disable the os-prober by default"
This reverts commit e346414725a70e5c74ee87ca14e580c66f517666.
---
docs/grub.texi | 18 ++++++++----------
util/grub.d/30_os-prober.in | 5 +----
2 files changed, 9 insertions(+), 14 deletions(-)
diff --git a/docs/grub.texi b/docs/grub.texi
index a225f9a88d2..974bc0ddb07 100644
--- a/docs/grub.texi
+++ b/docs/grub.texi
@@ -1552,13 +1552,10 @@ boot sequence. If you have problems, set this option to @samp{text} and
GRUB will tell Linux to boot in normal text mode.
@item GRUB_DISABLE_OS_PROBER
-The @command{grub-mkconfig} has a feature to use the external
-@command{os-prober} program to discover other operating systems installed on
-the same machine and generate appropriate menu entries for them. It is disabled
-by default since automatic and silent execution of @command{os-prober}, and
-creating boot entries based on that data, is a potential attack vector. Set
-this option to @samp{false} to enable this feature in the
-@command{grub-mkconfig} command.
+Normally, @command{grub-mkconfig} will try to use the external
+@command{os-prober} program, if installed, to discover other operating
+systems installed on the same system and generate appropriate menu entries
+for them. Set this option to @samp{true} to disable this.
@item GRUB_OS_PROBER_SKIP_LIST
List of space-separated FS UUIDs of filesystems to be ignored from os-prober
@@ -1889,9 +1886,10 @@ than zero; otherwise 0.
@section Multi-boot manual config
Currently autogenerating config files for multi-boot environments depends on
-os-prober and has several shortcomings. Due to that it is disabled by default.
-It is advised to use the power of GRUB syntax and do it yourself. A possible
-configuration is detailed here, feel free to adjust to your needs.
+os-prober and has several shortcomings. While fixing it is scheduled for the
+next release, meanwhile you can make use of the power of GRUB syntax and do it
+yourself. A possible configuration is detailed here, feel free to adjust to your
+needs.
First create a separate GRUB partition, big enough to hold GRUB. Some of the
following entries show how to load OS installer images from this same partition,
diff --git a/util/grub.d/30_os-prober.in b/util/grub.d/30_os-prober.in
index 30f27f15b83..f300e46fc6a 100644
--- a/util/grub.d/30_os-prober.in
+++ b/util/grub.d/30_os-prober.in
@@ -26,8 +26,7 @@ export TEXTDOMAINDIR="@localedir@"
. "$pkgdatadir/grub-mkconfig_lib"
-if [ "x${GRUB_DISABLE_OS_PROBER}" = "xfalse" ]; then
- gettext_printf "os-prober will not be executed to detect other bootable partitions.\nSystems on them will not be added to the GRUB boot configuration.\nCheck GRUB_DISABLE_OS_PROBER documentation entry.\n"
+if [ "x${GRUB_DISABLE_OS_PROBER}" = "xtrue" ]; then
exit 0
fi
@@ -40,8 +39,6 @@ OSPROBED="`os-prober | tr ' ' '^' | paste -s -d ' '`"
if [ -z "${OSPROBED}" ] ; then
# empty os-prober output, nothing doing
exit 0
-else
- grub_warn "$(gettext_printf "os-prober was executed to detect other bootable partitions.\nIt's output will be used to detect bootable binaries on them and create new boot entries.")"
fi
osx_entry() {

View File

@ -1,246 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Mon, 8 Jul 2019 12:55:29 +0200
Subject: [PATCH] re-write .gitignore
---
.gitignore | 150 ++++++++++++++++++++++++++++++++++++++
docs/.gitignore | 5 ++
grub-core/.gitignore | 16 ++++
grub-core/lib/.gitignore | 1 +
include/grub/gcrypt/.gitignore | 2 +
po/.gitignore | 5 ++
util/bash-completion.d/.gitignore | 2 +
7 files changed, 181 insertions(+)
create mode 100644 docs/.gitignore
create mode 100644 grub-core/.gitignore
create mode 100644 grub-core/lib/.gitignore
create mode 100644 include/grub/gcrypt/.gitignore
create mode 100644 po/.gitignore
create mode 100644 util/bash-completion.d/.gitignore
diff --git a/.gitignore b/.gitignore
index 4d0dfb700e4..a18787dcfe6 100644
--- a/.gitignore
+++ b/.gitignore
@@ -279,3 +279,153 @@ widthspec.bin
/xfs_test
/xzcompress_test
/zfs_test
+=======
+# things ./autogen.sh will create
+/Makefile.utilgcry.def
+/ABOUT-NLS
+/aclocal.m4
+/autom4te.cache
+/build-aux
+/configure
+/gnulib
+/grub-core/lib/gnulib/
+/Makefile
+
+# things very common editors create that we never want
+*~
+.*.sw?
+*.patch
+
+# stuff you're likely to make while building test trees
+grub.cfg
+/build*/
+
+# built objects across the whole tree
+Makefile.in
+*.a
+*.am
+*.efi
+*.exec
+*.image
+*.img
+*.info
+*.lst
+*.marker
+/m4
+*.mod
+*.module
+*.o
+*.pf2
+*.yy.[ch]
+.deps/
+.deps-core/
+.deps-util/
+.dirstamp
+
+# next are things you get if you do ./configure in the topdir (for e.g.
+# "make dist" invocation.
+/config-util.h
+/config.h
+/include/grub/cpu
+/include/grub/machine
+/INSTALL
+/INSTALL.grub
+/po/Makefile.in.in
+/po/Makevars
+/po/Makevars.template
+/po/POTFILES
+/po/Rules-quot
+/stamp-h
+/stamp-h1
+bootstrap.log
+config.log
+config.status
+
+# stuff "make dist" creates
+ChangeLog
+grub-*.tar
+grub-*.tar.*
+
+# stuff "make" creates
+/[[:digit:]][[:digit:]]_?*
+/ascii.h
+/build-grub-gen-asciih
+/build-grub-gen-widthspec
+/build-grub-mkfont
+/config-util.h.in
+/garbage-gen
+/grub*-bios-setup
+/grub*-bios-setup.8
+/grub*-editenv
+/grub*-editenv.1
+/grub*-file
+/grub*-file.1
+/grub*-fs-tester
+/grub*-fstest
+/grub*-fstest.1
+/grub*-get-kernel-settings
+/grub*-get-kernel-settings.3
+/grub*-glue-efi
+/grub*-glue-efi.1
+/grub*-install
+/grub*-install.8
+/grub*-kbdcomp
+/grub*-kbdcomp.1
+/grub*-macbless
+/grub*-macbless.8
+/grub*-menulst2cfg
+/grub*-menulst2cfg.1
+/grub*-mount
+/grub*-mount.1
+/grub*-mkconfig
+/grub*-mkconfig.8
+/grub*-mkconfig_lib
+/grub*-mkfont
+/grub*-mkfont.1
+/grub*-mkimage
+/grub*-mkimage.1
+/grub*-mklayout
+/grub*-mklayout.1
+/grub*-mknetdir
+/grub*-mknetdir.1
+/grub*-mkpasswd-pbkdf2
+/grub*-mkpasswd-pbkdf2.1
+/grub*-mkrelpath
+/grub*-mkrelpath.1
+/grub*-mkrescue
+/grub*-mkrescue.1
+/grub*-mkstandalone
+/grub*-mkstandalone.1
+/grub*-ofpathname
+/grub*-ofpathname.8
+/grub*-probe
+/grub*-probe.8
+/grub*-reboot
+/grub*-reboot.8
+/grub*-render-label
+/grub*-render-label.1
+/grub*-script-check
+/grub*-script-check.1
+/grub*-set-bootflag
+/grub*-set-bootflag.1
+/grub*-set-default
+/grub*-set-default.8
+/grub*-set-password
+/grub*-set-password.8
+/grub*-shell
+/grub*-shell-tester
+/grub*-sparc64-setup
+/grub*-sparc64-setup.8
+/grub*-syslinux2cfg
+/grub*-syslinux2cfg.1
+/grub*-switch-to-blscfg
+/grub*-switch-to-blscfg.8
+/grub_fstest.pp
+/grub_fstest_init.c
+/grub_fstest_init.lst
+/grub_script.tab.[ch]
+/libgrub.pp
+/libgrub_a_init.c
+/libgrub_a_init.lst
+/stamp-h.in
+/widthspec.h
diff --git a/docs/.gitignore b/docs/.gitignore
new file mode 100644
index 00000000000..e1d849ef95b
--- /dev/null
+++ b/docs/.gitignore
@@ -0,0 +1,5 @@
+/*.in
+/Makefile
+/stamp-1
+/stamp-vti
+/version*.texi
diff --git a/grub-core/.gitignore b/grub-core/.gitignore
new file mode 100644
index 00000000000..2acce281159
--- /dev/null
+++ b/grub-core/.gitignore
@@ -0,0 +1,16 @@
+/*.lst
+/Makefile
+/Makefile.gcry.def
+/unidata.c
+/build-grub-module-verifier
+/gdb_grub
+/genmod.sh
+/gensyminfo.sh
+/gentrigtables
+/gmodule.pl
+/grub_script.tab.[ch]
+/modinfo.sh
+/rs_decoder.h
+/symlist.c
+/symlist.h
+/trigtables.c
diff --git a/grub-core/lib/.gitignore b/grub-core/lib/.gitignore
new file mode 100644
index 00000000000..68154591404
--- /dev/null
+++ b/grub-core/lib/.gitignore
@@ -0,0 +1 @@
+/libgcrypt-grub/
diff --git a/include/grub/gcrypt/.gitignore b/include/grub/gcrypt/.gitignore
new file mode 100644
index 00000000000..8fbf5646246
--- /dev/null
+++ b/include/grub/gcrypt/.gitignore
@@ -0,0 +1,2 @@
+g10lib.h
+gcrypt.h
diff --git a/po/.gitignore b/po/.gitignore
new file mode 100644
index 00000000000..f507e7741e3
--- /dev/null
+++ b/po/.gitignore
@@ -0,0 +1,5 @@
+/Makefile
+/POTFILES*.in
+/grub.pot
+/remove-potcdate.sed
+/stamp-po
diff --git a/util/bash-completion.d/.gitignore b/util/bash-completion.d/.gitignore
new file mode 100644
index 00000000000..6813a527ad3
--- /dev/null
+++ b/util/bash-completion.d/.gitignore
@@ -0,0 +1,2 @@
+Makefile
+grub

File diff suppressed because it is too large Load Diff

View File

@ -1,85 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Mon, 14 Mar 2011 14:27:42 -0400
Subject: [PATCH] Don't say "GNU/Linux" in generated menus.
[rharwood: say it even less]
---
grub-core/normal/main.c | 2 +-
tests/util/grub-shell-tester.in | 2 +-
tests/util/grub-shell.in | 2 +-
util/grub.d/10_linux.in | 4 ++--
util/grub.d/20_linux_xen.in | 4 ++--
5 files changed, 7 insertions(+), 7 deletions(-)
diff --git a/grub-core/normal/main.c b/grub-core/normal/main.c
index 1317279c081..568c2adfa16 100644
--- a/grub-core/normal/main.c
+++ b/grub-core/normal/main.c
@@ -218,7 +218,7 @@ grub_normal_init_page (struct grub_term_output *term,
grub_term_cls (term);
- msg_formatted = grub_xasprintf (_("GNU GRUB version %s"), PACKAGE_VERSION);
+ msg_formatted = grub_xasprintf (_("GRUB version %s"), PACKAGE_VERSION);
if (!msg_formatted)
return;
diff --git a/tests/util/grub-shell-tester.in b/tests/util/grub-shell-tester.in
index 8a87109b152..9a4319d4f4f 100644
--- a/tests/util/grub-shell-tester.in
+++ b/tests/util/grub-shell-tester.in
@@ -56,7 +56,7 @@ for option in "$@"; do
usage
exit 0 ;;
-v | --version)
- echo "$0 (GNU GRUB ${PACKAGE_VERSION})"
+ echo "$0 (GRUB ${PACKAGE_VERSION})"
exit 0 ;;
--modules=*)
ms=`echo "$option" | sed -e 's/--modules=//'`
diff --git a/tests/util/grub-shell.in b/tests/util/grub-shell.in
index 496e1bab33c..e0570c88e15 100644
--- a/tests/util/grub-shell.in
+++ b/tests/util/grub-shell.in
@@ -243,7 +243,7 @@ for option in "$@"; do
usage
exit 0 ;;
-v | --version)
- echo "$0 (GNU GRUB ${PACKAGE_VERSION})"
+ echo "$0 (GRUB ${PACKAGE_VERSION})"
exit 0 ;;
--trim)
trim=1 ;;
diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in
index 00d4b220ccb..901745707f1 100644
--- a/util/grub.d/10_linux.in
+++ b/util/grub.d/10_linux.in
@@ -29,9 +29,9 @@ export TEXTDOMAINDIR="@localedir@"
CLASS="--class gnu-linux --class gnu --class os"
if [ "x${GRUB_DISTRIBUTOR}" = "x" ] ; then
- OS=GNU/Linux
+ OS="$(sed 's, release .*$,,g' /etc/system-release)"
else
- OS="${GRUB_DISTRIBUTOR} GNU/Linux"
+ OS="${GRUB_DISTRIBUTOR}"
CLASS="--class $(echo ${GRUB_DISTRIBUTOR} | tr 'A-Z' 'a-z' | cut -d' ' -f1|LC_ALL=C sed 's,[^[:alnum:]_],_,g') ${CLASS}"
fi
diff --git a/util/grub.d/20_linux_xen.in b/util/grub.d/20_linux_xen.in
index 94dd8be1342..98ee5bc58dc 100644
--- a/util/grub.d/20_linux_xen.in
+++ b/util/grub.d/20_linux_xen.in
@@ -29,9 +29,9 @@ export TEXTDOMAINDIR="@localedir@"
CLASS="--class gnu-linux --class gnu --class os --class xen"
if [ "x${GRUB_DISTRIBUTOR}" = "x" ] ; then
- OS=GNU/Linux
+ OS="$(sed 's, release .*$,,g' /etc/system-release)"
else
- OS="${GRUB_DISTRIBUTOR} GNU/Linux"
+ OS="${GRUB_DISTRIBUTOR}"
CLASS="--class $(echo ${GRUB_DISTRIBUTOR} | tr 'A-Z' 'a-z' | cut -d' ' -f1|LC_ALL=C sed 's,[^[:alnum:]_],_,g') ${CLASS}"
fi

View File

@ -1,127 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Mon, 8 Jul 2019 17:33:22 +0200
Subject: [PATCH] Try mac/guid/etc before grub.cfg on tftp config files.
Signed-off-by: Peter Jones <pjones@redhat.com>
---
grub-core/normal/main.c | 97 ++++++++++++++++++++++++++-----------------------
1 file changed, 51 insertions(+), 46 deletions(-)
diff --git a/grub-core/normal/main.c b/grub-core/normal/main.c
index 0b2bbee19c3..4c89892fa70 100644
--- a/grub-core/normal/main.c
+++ b/grub-core/normal/main.c
@@ -345,61 +345,66 @@ grub_cmd_normal (struct grub_command *cmd __attribute__ ((unused)),
/* Guess the config filename. It is necessary to make CONFIG static,
so that it won't get broken by longjmp. */
char *config;
- const char *prefix, *fw_path;
-
- prefix = fw_path = grub_env_get ("fw_path");
- if (fw_path)
- {
- config = grub_xasprintf ("%s/grub.cfg", fw_path);
- if (config)
- {
- grub_file_t file;
-
- file = grub_file_open (config, GRUB_FILE_TYPE_CONFIG);
- if (file)
- {
- grub_file_close (file);
- grub_enter_normal_mode (config);
- }
- else
- {
- /* Ignore all errors. */
- grub_errno = 0;
- }
- grub_free (config);
- }
- }
+ const char *prefix;
+ const char *net_search_cfg;
+ int disable_net_search = 0;
+ prefix = grub_env_get ("fw_path");
if (! prefix)
prefix = grub_env_get ("prefix");
+
+ net_search_cfg = grub_env_get ("feature_net_search_cfg");
+ if (net_search_cfg && net_search_cfg[0] == 'n')
+ disable_net_search = 1;
+
if (prefix)
{
- grub_size_t config_len;
- int disable_net_search = 0;
- const char *net_search_cfg;
-
- config_len = grub_strlen (prefix) +
- sizeof ("/grub.cfg-XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX");
- config = grub_malloc (config_len);
-
- if (!config)
- goto quit;
-
- grub_snprintf (config, config_len, "%s/grub.cfg", prefix);
-
- net_search_cfg = grub_env_get ("feature_net_search_cfg");
- if (net_search_cfg && net_search_cfg[0] == 'n')
- disable_net_search = 1;
-
if (grub_strncmp (prefix + 1, "tftp", sizeof ("tftp") - 1) == 0 &&
!disable_net_search)
- grub_net_search_config_file (config);
+ {
+ grub_size_t config_len;
+ config_len = grub_strlen (prefix) +
+ sizeof ("/grub.cfg-XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX");
+ config = grub_malloc (config_len);
- grub_enter_normal_mode (config);
- grub_free (config);
- }
+ if (! config)
+ goto quit;
+
+ grub_snprintf (config, config_len, "%s/grub.cfg", prefix);
+
+ grub_net_search_configfile (config);
+
+ grub_enter_normal_mode (config);
+ grub_free (config);
+ config = NULL;
+ }
+
+ if (!config)
+ {
+ config = grub_xasprintf ("%s/grub.cfg", prefix);
+ if (config)
+ {
+ grub_file_t file;
+
+ file = grub_file_open (config, GRUB_FILE_TYPE_CONFIG);
+ if (file)
+ {
+ grub_file_close (file);
+ grub_enter_normal_mode (config);
+ }
+ else
+ {
+ /* Ignore all errors. */
+ grub_errno = 0;
+ }
+ grub_free (config);
+ }
+ }
+ }
else
- grub_enter_normal_mode (0);
+ {
+ grub_enter_normal_mode (0);
+ }
}
else
grub_enter_normal_mode (argv[0]);

View File

@ -1,40 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Mon, 8 Jan 2024 15:41:52 -0500
Subject: [PATCH] btrfs: fix a bad null check
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
current gcc complains:
grub-core/fs/btrfs.c: In function grub_cmd_btrfs_info:
grub-core/fs/btrfs.c:2745:7: error: the comparison will always evaluate as true for the address of label will never be NULL [-Werror=address]
2745 | if (data->sblock.label)
| ^~~~
grub-core/fs/btrfs.c:92:8: note: label declared here
92 | char label[0x100];
| ^~~~~
cc1: all warnings being treated as errors
Obviously this check should be on the first data byte instead of the
symbol itself.
Signed-off-by: Peter Jones <pjones@redhat.com>
---
grub-core/fs/btrfs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/grub-core/fs/btrfs.c b/grub-core/fs/btrfs.c
index f14fe9c1bda..8e2b1e9f7bc 100644
--- a/grub-core/fs/btrfs.c
+++ b/grub-core/fs/btrfs.c
@@ -2625,7 +2625,7 @@ grub_cmd_btrfs_info (grub_command_t cmd __attribute__ ((unused)), int argc,
return grub_error (GRUB_ERR_BAD_ARGUMENT, "failed to open fs");
}
- if (data->sblock.label)
+ if (data->sblock.label[0])
grub_printf("Label: '%s' ", data->sblock.label);
else
grub_printf("Label: none ");

View File

@ -1,36 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Thu, 1 Jun 2017 10:06:38 -0400
Subject: [PATCH] Use grub_efi_...() memory helpers where reasonable.
This uses grub_efi_allocate_pool(), grub_efi_free_pool(), and
grub_efi_free_pages() instead of open-coded efi_call_N() calls, so we
get more reasonable type checking.
Signed-off-by: Peter Jones <pjones@redhat.com>
---
grub-core/loader/efi/chainloader.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c
index 1de98f78313..2036924504b 100644
--- a/grub-core/loader/efi/chainloader.c
+++ b/grub-core/loader/efi/chainloader.c
@@ -95,7 +95,7 @@ grub_chainloader_boot (void *context)
}
if (exit_data)
- b->free_pool (exit_data);
+ grub_efi_free_pool (exit_data);
grub_loader_unset ();
@@ -419,7 +419,7 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)),
grub_free (file_path);
if (address)
- b->free_pages (address, pages);
+ grub_efi_free_pages (address, pages);
if (image_handle != NULL)
b->unload_image (image_handle);

View File

@ -1,33 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Thu, 1 Jun 2017 10:07:50 -0400
Subject: [PATCH] Add PRIxGRUB_EFI_STATUS and use it.
This avoids syntax checkers getting confused about if it's llx or lx.
Signed-off-by: Peter Jones <pjones@redhat.com>
---
include/grub/efi/api.h | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/include/grub/efi/api.h b/include/grub/efi/api.h
index c1b869db520..daa9268fdaa 100644
--- a/include/grub/efi/api.h
+++ b/include/grub/efi/api.h
@@ -577,7 +577,16 @@ typedef grub_uint64_t grub_efi_uint64_t;
typedef grub_uint8_t grub_efi_char8_t;
typedef grub_uint16_t grub_efi_char16_t;
+
typedef grub_efi_uintn_t grub_efi_status_t;
+/* Make grub_efi_status_t reasonably printable. */
+#if GRUB_CPU_SIZEOF_VOID_P == 8
+#define PRIxGRUB_EFI_STATUS "lx"
+#define PRIdGRUB_EFI_STATUS "ld"
+#else
+#define PRIxGRUB_EFI_STATUS "llx"
+#define PRIdGRUB_EFI_STATUS "lld"
+#endif
/*
* On x86, the EFI calling convention may deviate from the local one, so

View File

@ -1,47 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Tue, 9 Jul 2019 14:31:19 +0200
Subject: [PATCH] 20_linux_xen: load xen or multiboot{,2} modules as needed.
Signed-off-by: Peter Jones <pjones@redhat.com>
---
util/grub.d/20_linux_xen.in | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/util/grub.d/20_linux_xen.in b/util/grub.d/20_linux_xen.in
index efcded0fbb4..4ecf5deea17 100644
--- a/util/grub.d/20_linux_xen.in
+++ b/util/grub.d/20_linux_xen.in
@@ -156,6 +156,7 @@ linux_entry_xsm ()
else
xen_rm_opts="no-real-mode edd=off"
fi
+ insmod ${xen_module}
${xen_loader} ${rel_xen_dirname}/${xen_basename} placeholder ${xen_args} \${xen_rm_opts}
echo '$(echo "$lmessage" | grub_quote)'
${module_loader} ${rel_dirname}/${basename} placeholder root=${linux_root_device_thisversion} ro ${args}
@@ -168,6 +169,7 @@ EOF
initrd_path="${rel_dirname}/${i}"
sed "s/^/$submenu_indentation/" << EOF
echo '$(echo "$message" | grub_quote)'
+ insmod ${xen_module}
${module_loader} --nounzip $(echo $initrd_path)
EOF
done
@@ -269,13 +271,16 @@ for current_xen in ${reverse_sorted_xen_list}; do
echo " submenu '$(gettext_printf "Xen hypervisor, version %s" "${xen_version}" | grub_quote)' \$menuentry_id_option 'xen-hypervisor-$xen_version-$boot_device_id' {"
fi
if ($grub_file --is-arm64-efi $current_xen); then
+ xen_module="xen_boot"
xen_loader="xen_hypervisor"
module_loader="xen_module"
else
if ($grub_file --is-x86-multiboot2 $current_xen); then
+ xen_module="multiboot2"
xen_loader="multiboot2"
module_loader="module2"
else
+ xen_module="multiboot"
xen_loader="multiboot"
module_loader="module"
fi

View File

@ -1,382 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Fri, 9 Dec 2016 15:40:29 -0500
Subject: [PATCH] Add BLS support to grub-mkconfig
GRUB now has BootLoaderSpec support, the user can choose to use this by
setting GRUB_ENABLE_BLSCFG to true in /etc/default/grub. On this setup,
the boot menu entries are not added to the grub.cfg, instead BLS config
files are parsed by blscfg command and the entries created dynamically.
A 10_linux_bls grub.d snippet to generate menu entries from BLS files
is also added that can be used on platforms where the bootloader doesn't
have BLS support and only can parse a normal grub configuration file.
Portions of the 10_linux_bls were taken from the ostree-grub-generator
script that's included in the OSTree project.
Fixes to support multi-devices and generate a BLS section even if no
kernels are found in the boot directory were proposed by Yclept Nemo
and Tom Gundersen respectively.
Signed-off-by: Peter Jones <pjones@redhat.com>
[javierm: remove outdated URL for BLS document]
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
[iwienand@redhat.com: skip machine ID check when updating entries]
Signed-off-by: Ian Wienand <iwienand@redhat.com>
[rharwood: use sort(1), commit message composits, drop man pages]
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
---
util/grub-mkconfig.in | 9 +-
util/grub-mkconfig_lib.in | 22 ++++-
util/grub.d/10_linux.in | 218 +++++++++++++++++++++++++++++++++++++++++++++-
3 files changed, 243 insertions(+), 6 deletions(-)
diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in
index 884e4d363ca..bec52e052fc 100644
--- a/util/grub-mkconfig.in
+++ b/util/grub-mkconfig.in
@@ -50,6 +50,8 @@ grub_get_kernel_settings="${sbindir}/@grub_get_kernel_settings@"
export TEXTDOMAIN=@PACKAGE@
export TEXTDOMAINDIR="@localedir@"
+export GRUB_GRUBENV_UPDATE="yes"
+
. "${pkgdatadir}/grub-mkconfig_lib"
# Usage: usage
@@ -59,6 +61,7 @@ usage () {
gettext "Generate a grub config file"; echo
echo
print_option_help "-o, --output=$(gettext FILE)" "$(gettext "output generated config to FILE [default=stdout]")"
+ print_option_help "--no-grubenv-update" "$(gettext "do not update variables in the grubenv file")"
print_option_help "-h, --help" "$(gettext "print this message and exit")"
print_option_help "-V, --version" "$(gettext "print the version information and exit")"
echo
@@ -94,6 +97,9 @@ do
--output=*)
grub_cfg=`echo "$option" | sed 's/--output=//'`
;;
+ --no-grubenv-update)
+ GRUB_GRUBENV_UPDATE="no"
+ ;;
-*)
gettext_printf "Unrecognized option \`%s'\n" "$option" 1>&2
usage
@@ -257,7 +263,8 @@ export GRUB_DEFAULT \
GRUB_OS_PROBER_SKIP_LIST \
GRUB_DISABLE_SUBMENU \
GRUB_DEFAULT_DTB \
- SUSE_BTRFS_SNAPSHOT_BOOTING
+ SUSE_BTRFS_SNAPSHOT_BOOTING \
+ GRUB_ENABLE_BLSCFG
if test "x${grub_cfg}" != "x"; then
rm -f "${grub_cfg}.new"
diff --git a/util/grub-mkconfig_lib.in b/util/grub-mkconfig_lib.in
index 0ba0e0e1c65..c2e107b41ab 100644
--- a/util/grub-mkconfig_lib.in
+++ b/util/grub-mkconfig_lib.in
@@ -30,6 +30,9 @@ fi
if test "x$grub_file" = x; then
grub_file="${bindir}/@grub_file@"
fi
+if test "x$grub_editenv" = x; then
+ grub_editenv="${bindir}/@grub_editenv@"
+fi
if test "x$grub_mkrelpath" = x; then
grub_mkrelpath="${bindir}/@grub_mkrelpath@"
fi
@@ -122,8 +125,19 @@ EOF
fi
}
+prepare_grub_to_access_device_with_variable ()
+{
+ device_variable="$1"
+ shift
+ prepare_grub_to_access_device "$@"
+ unset "device_variable"
+}
+
prepare_grub_to_access_device ()
{
+ if [ -z "$device_variable" ]; then
+ device_variable="root"
+ fi
old_ifs="$IFS"
IFS='
'
@@ -158,18 +172,18 @@ prepare_grub_to_access_device ()
# otherwise set root as per value in device.map.
fs_hint="`"${grub_probe}" --device $@ --target=compatibility_hint`"
if [ "x$fs_hint" != x ]; then
- echo "set root='$fs_hint'"
+ echo "set ${device_variable}='$fs_hint'"
fi
if [ "x${GRUB_DISABLE_UUID}" != "xtrue" ] && fs_uuid="`"${grub_probe}" --device $@ --target=fs_uuid 2> /dev/null`" ; then
hints="`"${grub_probe}" --device $@ --target=hints_string 2> /dev/null`" || hints=
if [ "x$hints" != x ]; then
echo "if [ x\$feature_platform_search_hint = xy ]; then"
- echo " search --no-floppy --fs-uuid --set=root ${hints} ${fs_uuid}"
+ echo " search --no-floppy --fs-uuid --set=${device_variable} ${hints} ${fs_uuid}"
echo "else"
- echo " search --no-floppy --fs-uuid --set=root ${fs_uuid}"
+ echo " search --no-floppy --fs-uuid --set=${device_variable} ${fs_uuid}"
echo "fi"
else
- echo "search --no-floppy --fs-uuid --set=root ${fs_uuid}"
+ echo "search --no-floppy --fs-uuid --set=${device_variable} ${fs_uuid}"
fi
fi
IFS="$old_ifs"
diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in
index 48ff32c1da4..cd9aea0cc01 100644
--- a/util/grub.d/10_linux.in
+++ b/util/grub.d/10_linux.in
@@ -84,6 +84,218 @@ case x"$GRUB_FS" in
;;
esac
+populate_header_warn()
+{
+if [ "x${BLS_POPULATE_MENU}" = "xtrue" ]; then
+ bls_parser="10_linux script"
+else
+ bls_parser="blscfg command"
+fi
+cat <<EOF
+
+# This section was generated by a script. Do not modify the generated file - all changes
+# will be lost the next time file is regenerated. Instead edit the BootLoaderSpec files.
+#
+# The $bls_parser parses the BootLoaderSpec files stored in /boot/loader/entries and
+# populates the boot menu. Please refer to the Boot Loader Specification documentation
+# for the files format: https://systemd.io/BOOT_LOADER_SPECIFICATION/.
+
+EOF
+}
+
+read_config()
+{
+ config_file=${1}
+ title=""
+ initrd=""
+ options=""
+ linux=""
+ grub_arg=""
+
+ while read -r line
+ do
+ record=$(echo ${line} | cut -f 1 -d ' ')
+ value=$(echo ${line} | cut -s -f2- -d ' ')
+ case "${record}" in
+ "title")
+ title=${value}
+ ;;
+ "initrd")
+ initrd=${value}
+ ;;
+ "linux")
+ linux=${value}
+ ;;
+ "options")
+ options=${value}
+ ;;
+ "grub_arg")
+ grub_arg=${value}
+ ;;
+ esac
+ done < ${config_file}
+}
+
+blsdir="/boot/loader/entries"
+
+get_sorted_bls()
+{
+ if ! [ -d "${blsdir}" ]; then
+ return
+ fi
+
+ local IFS=$'\n'
+
+ files=($(for bls in ${blsdir}/*.conf; do
+ if ! [[ -e "${bls}" ]] ; then
+ continue
+ fi
+ bls="${bls%.conf}"
+ bls="${bls##*/}"
+ echo "${bls}"
+ done | sort -Vr 2>/dev/null)) || :
+
+ echo "${files[@]}"
+}
+
+update_bls_cmdline()
+{
+ local cmdline="root=${LINUX_ROOT_DEVICE} ro ${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT}"
+ local -a files=($(get_sorted_bls))
+
+ for bls in "${files[@]}"; do
+ local options="${cmdline}"
+ if [ -z "${bls##*debug*}" ]; then
+ options="${options} ${GRUB_CMDLINE_LINUX_DEBUG}"
+ fi
+ options="$(echo "${options}" | sed -e 's/\//\\\//g')"
+ sed -i -e "s/^options.*/options ${options}/" "${blsdir}/${bls}.conf"
+ done
+}
+
+populate_menu()
+{
+ local -a files=($(get_sorted_bls))
+
+ gettext_printf "Generating boot entries from BLS files...\n" >&2
+
+ for bls in "${files[@]}"; do
+ read_config "${blsdir}/${bls}.conf"
+
+ menu="${menu}menuentry '${title}' ${grub_arg} --id=${bls} {\n"
+ menu="${menu}\t linux ${linux} ${options}\n"
+ if [ -n "${initrd}" ] ; then
+ menu="${menu}\t initrd ${boot_prefix}${initrd}\n"
+ fi
+ menu="${menu}}\n\n"
+ done
+ # The printf command seems to be more reliable across shells for special character (\n, \t) evaluation
+ printf "$menu"
+}
+
+# Make BLS the default if GRUB_ENABLE_BLSCFG was not set and grubby is not installed.
+if [ -z "${GRUB_ENABLE_BLSCFG}" ] && ! command -v new-kernel-pkg >/dev/null; then
+ GRUB_ENABLE_BLSCFG="true"
+fi
+
+if [ "x${GRUB_ENABLE_BLSCFG}" = "xtrue" ]; then
+ if [ x$dirname = x/ ]; then
+ if [ -z "${prepare_root_cache}" ]; then
+ prepare_grub_to_access_device ${GRUB_DEVICE}
+ fi
+ else
+ if [ -z "${prepare_boot_cache}" ]; then
+ prepare_grub_to_access_device ${GRUB_DEVICE_BOOT}
+ fi
+ fi
+
+ if [ -d /sys/firmware/efi ]; then
+ bootefi_device="`${grub_probe} --target=device /boot/efi/`"
+ prepare_grub_to_access_device_with_variable boot ${bootefi_device}
+ else
+ boot_device="`${grub_probe} --target=device /boot/`"
+ prepare_grub_to_access_device_with_variable boot ${boot_device}
+ fi
+
+ arch="$(uname -m)"
+ if [ "x${arch}" = "xppc64le" ] && [ -d /sys/firmware/opal ]; then
+
+ BLS_POPULATE_MENU="true"
+ petitboot_path="/sys/firmware/devicetree/base/ibm,firmware-versions/petitboot"
+
+ if test -e ${petitboot_path}; then
+ read -r -d '' petitboot_version < ${petitboot_path}
+ petitboot_version="$(echo ${petitboot_version//v})"
+
+ if test -n ${petitboot_version}; then
+ major_version="$(echo ${petitboot_version} | cut -d . -f1)"
+ minor_version="$(echo ${petitboot_version} | cut -d . -f2)"
+
+ re='^[0-9]+$'
+ if [[ $major_version =~ $re ]] && [[ $minor_version =~ $re ]] &&
+ ([[ ${major_version} -gt 1 ]] ||
+ [[ ${major_version} -eq 1 &&
+ ${minor_version} -ge 8 ]]); then
+ BLS_POPULATE_MENU="false"
+ fi
+ fi
+ fi
+ fi
+
+ populate_header_warn
+
+ cat << EOF
+# The kernelopts variable should be defined in the grubenv file. But to ensure that menu
+# entries populated from BootLoaderSpec files that use this variable work correctly even
+# without a grubenv file, define a fallback kernelopts variable if this has not been set.
+#
+# The kernelopts variable in the grubenv file can be modified using the grubby tool or by
+# executing the grub2-mkconfig tool. For the latter, the values of the GRUB_CMDLINE_LINUX
+# and GRUB_CMDLINE_LINUX_DEFAULT options from /etc/default/grub file are used to set both
+# the kernelopts variable in the grubenv file and the fallback kernelopts variable.
+if [ -z "\${kernelopts}" ]; then
+ set kernelopts="root=${LINUX_ROOT_DEVICE} ro ${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT}"
+fi
+EOF
+
+ update_bls_cmdline
+
+ if [ "x${BLS_POPULATE_MENU}" = "xtrue" ]; then
+ populate_menu
+ else
+ cat << EOF
+
+insmod blscfg
+blscfg
+EOF
+ fi
+
+ if [ "x${GRUB_GRUBENV_UPDATE}" = "xyes" ]; then
+ blsdir="/boot/loader/entries"
+ [ -d "${blsdir}" ] && GRUB_BLS_FS="$(${grub_probe} --target=fs ${blsdir})"
+ if [ "x${GRUB_BLS_FS}" = "xbtrfs" ] || [ "x${GRUB_BLS_FS}" = "xzfs" ]; then
+ blsdir=$(make_system_path_relative_to_its_root "${blsdir}")
+ if [ "x${blsdir}" != "x/loader/entries" ] && [ "x${blsdir}" != "x/boot/loader/entries" ]; then
+ ${grub_editenv} - set blsdir="${blsdir}"
+ fi
+ fi
+
+ if [ -n "${GRUB_EARLY_INITRD_LINUX_CUSTOM}" ]; then
+ ${grub_editenv} - set early_initrd="${GRUB_EARLY_INITRD_LINUX_CUSTOM}"
+ fi
+
+ if [ -n "${GRUB_DEFAULT_DTB}" ]; then
+ ${grub_editenv} - set devicetree="${GRUB_DEFAULT_DTB}"
+ fi
+
+ if [ -n "${GRUB_SAVEDEFAULT}" ]; then
+ ${grub_editenv} - set save_default="${GRUB_SAVEDEFAULT}"
+ fi
+ fi
+
+ exit 0
+fi
+
mktitle ()
{
local title_type
@@ -123,6 +335,7 @@ linux_entry ()
if [ -z "$boot_device_id" ]; then
boot_device_id="$(grub_get_device_id "${GRUB_DEVICE}")"
fi
+
if [ x$type != xsimple ] ; then
title=$(mktitle "$type" "$version")
if [ x"$title" = x"$GRUB_ACTUAL_DEFAULT" ] || [ x"Previous Linux versions>$title" = x"$GRUB_ACTUAL_DEFAULT" ]; then
@@ -243,6 +456,7 @@ fi
is_top_level=true
for linux in ${reverse_sorted_list}; do
gettext_printf "Found linux image: %s\n" "$linux" >&2
+
basename=`basename $linux`
dirname=`dirname $linux`
rel_dirname=`make_system_path_relative_to_its_root $dirname`
@@ -283,7 +497,9 @@ for linux in ${reverse_sorted_list}; do
for i in ${initrd}; do
initrd_display="${initrd_display} ${dirname}/${i}"
done
- gettext_printf "Found initrd image: %s\n" "$(echo $initrd_display)" >&2
+ if [ "x${GRUB_ENABLE_BLSCFG}" != "xtrue" ]; then
+ gettext_printf "Found initrd image: %s\n" "$(echo $initrd_display)" >&2
+ fi
fi
fdt=

View File

@ -1,22 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Thu, 10 May 2018 13:40:19 -0400
Subject: [PATCH] Fixup for newer compiler
---
grub-core/fs/btrfs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/grub-core/fs/btrfs.c b/grub-core/fs/btrfs.c
index 87e4dd1a07a..ad35e75750b 100644
--- a/grub-core/fs/btrfs.c
+++ b/grub-core/fs/btrfs.c
@@ -218,7 +218,7 @@ struct grub_btrfs_inode
grub_uint64_t size;
grub_uint8_t dummy2[0x70];
struct grub_btrfs_time mtime;
-} GRUB_PACKED;
+} GRUB_PACKED __attribute__ ((aligned(8)));
struct grub_btrfs_extent_data
{

View File

@ -1,108 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Michael Chang <mchang@suse.com>
Date: Wed, 10 Jul 2019 23:58:28 +0200
Subject: [PATCH] bootp: Add processing DHCPACK packet from HTTP Boot
The vendor class identifier with the string "HTTPClient" is used to denote the
packet as responding to HTTP boot request. In DHCP4 config, the filename for
HTTP boot is the URL of the boot file while for PXE boot it is the path to the
boot file. As a consequence, the next-server becomes obseleted because the HTTP
URL already contains the server address for the boot file. For DHCP6 config,
there's no difference definition in existing config as dhcp6.bootfile-url can
be used to specify URL for both HTTP and PXE boot file.
This patch adds processing for "HTTPClient" vendor class identifier in DHCPACK
packet by treating it as HTTP format, not as the PXE format.
Signed-off-by: Michael Chang <mchang@suse.com>
Signed-off-by: Ken Lin <ken.lin@hpe.com>
---
grub-core/net/bootp.c | 55 +++++++++++++++++++++++++++++++++++++++++++++++++++
include/grub/net.h | 1 +
2 files changed, 56 insertions(+)
diff --git a/grub-core/net/bootp.c b/grub-core/net/bootp.c
index 76e4c11a46f..f56b293ac72 100644
--- a/grub-core/net/bootp.c
+++ b/grub-core/net/bootp.c
@@ -20,6 +20,7 @@
#include <grub/env.h>
#include <grub/i18n.h>
#include <grub/command.h>
+#include <grub/net.h>
#include <grub/net/ip.h>
#include <grub/net/netbuff.h>
#include <grub/net/udp.h>
@@ -501,6 +502,60 @@ grub_net_configure_by_dhcp_ack (const char *name,
if (opt && opt_len)
grub_env_set_net_property (name, "rootpath", (const char *) opt, opt_len);
+ opt = find_dhcp_option (bp, size, GRUB_NET_BOOTP_VENDOR_CLASS_IDENTIFIER, &opt_len);
+ if (opt && opt_len)
+ {
+ grub_env_set_net_property (name, "vendor_class_identifier", (const char *) opt, opt_len);
+ if (opt && grub_strcmp (opt, "HTTPClient") == 0)
+ {
+ char *proto, *ip, *pa;
+
+ if (!dissect_url (bp->boot_file, &proto, &ip, &pa))
+ return inter;
+
+ grub_env_set_net_property (name, "boot_file", pa, grub_strlen (pa));
+ if (is_def)
+ {
+ grub_net_default_server = grub_strdup (ip);
+ grub_env_set ("net_default_interface", name);
+ grub_env_export ("net_default_interface");
+ }
+ if (device && !*device)
+ {
+ *device = grub_xasprintf ("%s,%s", proto, ip);
+ grub_print_error ();
+ }
+ if (path)
+ {
+ *path = grub_strdup (pa);
+ grub_print_error ();
+ if (*path)
+ {
+ char *slash;
+ slash = grub_strrchr (*path, '/');
+ if (slash)
+ *slash = 0;
+ else
+ **path = 0;
+ }
+ }
+ grub_net_add_ipv4_local (inter, mask);
+ inter->dhcp_ack = grub_malloc (size);
+ if (inter->dhcp_ack)
+ {
+ grub_memcpy (inter->dhcp_ack, bp, size);
+ inter->dhcp_acklen = size;
+ }
+ else
+ grub_errno = GRUB_ERR_NONE;
+
+ grub_free (proto);
+ grub_free (ip);
+ grub_free (pa);
+ return inter;
+ }
+ }
+
opt = find_dhcp_option (bp, size, GRUB_NET_BOOTP_EXTENSIONS_PATH, &opt_len);
if (opt && opt_len)
grub_env_set_net_property (name, "extensionspath", (const char *) opt, opt_len);
diff --git a/include/grub/net.h b/include/grub/net.h
index 1d76fd9a1f5..868c9a2ef29 100644
--- a/include/grub/net.h
+++ b/include/grub/net.h
@@ -533,6 +533,7 @@ enum
GRUB_NET_DHCP_MESSAGE_TYPE = 53,
GRUB_NET_DHCP_SERVER_IDENTIFIER = 54,
GRUB_NET_DHCP_PARAMETER_REQUEST_LIST = 55,
+ GRUB_NET_BOOTP_VENDOR_CLASS_IDENTIFIER = 60,
GRUB_NET_BOOTP_CLIENT_ID = 61,
GRUB_NET_DHCP_TFTP_SERVER_NAME = 66,
GRUB_NET_DHCP_BOOTFILE_NAME = 67,

View File

@ -1,37 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Mon, 20 Jul 2020 12:24:02 -0400
Subject: [PATCH] Fix const char ** pointers in grub-core/net/bootp.c
This will need to get folded back in the right place on the next rebase,
but it's before "Make grub_strtol() "end" pointers have safer const
qualifiers" currently, so for now I'm leaving it here instead of merging
it back with the original patch.
Signed-off-by: Peter Jones <pjones@redhat.com>
---
grub-core/net/bootp.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/grub-core/net/bootp.c b/grub-core/net/bootp.c
index f56b293ac72..9cbdc2264c9 100644
--- a/grub-core/net/bootp.c
+++ b/grub-core/net/bootp.c
@@ -329,7 +329,7 @@ grub_net_configure_by_dhcp_ack (const char *name,
struct grub_net_network_level_interface *inter;
int mask = -1;
char server_ip[sizeof ("xxx.xxx.xxx.xxx")];
- const grub_uint8_t *opt;
+ const char *opt;
grub_uint8_t opt_len, overload = 0;
const char *boot_file = 0, *server_name = 0;
grub_size_t boot_file_len, server_name_len;
@@ -506,7 +506,7 @@ grub_net_configure_by_dhcp_ack (const char *name,
if (opt && opt_len)
{
grub_env_set_net_property (name, "vendor_class_identifier", (const char *) opt, opt_len);
- if (opt && grub_strcmp (opt, "HTTPClient") == 0)
+ if (opt && grub_strcmp ((char *)opt, "HTTPClient") == 0)
{
char *proto, *ip, *pa;

View File

@ -1,40 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Fri, 31 Aug 2018 16:42:03 -0400
Subject: [PATCH] Make "reset" an alias for the "reboot" command.
I'm really tired of half the tools I get to use having one and the other half
having the other.
Signed-off-by: Peter Jones <pjones@redhat.com>
---
grub-core/commands/reboot.c | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/grub-core/commands/reboot.c b/grub-core/commands/reboot.c
index 46d364c99a9..f5cc2283636 100644
--- a/grub-core/commands/reboot.c
+++ b/grub-core/commands/reboot.c
@@ -32,15 +32,18 @@ grub_cmd_reboot (grub_command_t cmd __attribute__ ((unused)),
grub_reboot ();
}
-static grub_command_t cmd;
+static grub_command_t reboot_cmd, reset_cmd;
GRUB_MOD_INIT(reboot)
{
- cmd = grub_register_command ("reboot", grub_cmd_reboot,
- 0, N_("Reboot the computer."));
+ reboot_cmd = grub_register_command ("reboot", grub_cmd_reboot,
+ 0, N_("Reboot the computer."));
+ reset_cmd = grub_register_command ("reset", grub_cmd_reboot,
+ 0, N_("Reboot the computer."));
}
GRUB_MOD_FINI(reboot)
{
- grub_unregister_command (cmd);
+ grub_unregister_command (reboot_cmd);
+ grub_unregister_command (reset_cmd);
}

View File

@ -1,134 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Tue, 11 Sep 2018 14:20:37 -0400
Subject: [PATCH] Add a "version" command
This adds a command that shows you info about grub's version, the grub
target platform, the compiler version, and if you built with
--with-rpm-version=<string>, the rpm package version.
Signed-off-by: Peter Jones <pjones@redhat.com>
[rharwood: don't say GNU, commit message cleanup]
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
---
configure.ac | 13 ++++++++++
grub-core/Makefile.core.def | 5 ++++
grub-core/commands/version.c | 56 ++++++++++++++++++++++++++++++++++++++++++++
config.h.in | 1 +
4 files changed, 75 insertions(+)
create mode 100644 grub-core/commands/version.c
diff --git a/configure.ac b/configure.ac
index 3f3a170ab17..2175aa56997 100644
--- a/configure.ac
+++ b/configure.ac
@@ -289,6 +289,19 @@ AC_SUBST(target_cpu)
AC_SUBST(platform)
# Define default variables
+have_with_rpm_version=n
+AC_ARG_WITH([rpm_version],
+ AS_HELP_STRING([--with-rpm-version=VERSION],
+ [set the rpm package version [[guessed]]]),
+ [have_with_rpm_version=y],
+ [have_with_rpm_version=n])
+if test x$have_with_rpm_version = xy; then
+ rpm_version="$with_rpm_version"
+else
+ rpm_version=""
+fi
+GRUB_RPM_VERSION="$rpm_version"
+AC_SUBST(GRUB_RPM_VERSION)
have_with_bootdir=n
AC_ARG_WITH([bootdir],
diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def
index 4629c179e40..f26c689723c 100644
--- a/grub-core/Makefile.core.def
+++ b/grub-core/Makefile.core.def
@@ -598,6 +598,11 @@ image = {
enable = mips_loongson;
};
+module = {
+ name = version;
+ common = commands/version.c;
+};
+
module = {
name = disk;
common = lib/disk.c;
diff --git a/grub-core/commands/version.c b/grub-core/commands/version.c
new file mode 100644
index 00000000000..de0acb07ba2
--- /dev/null
+++ b/grub-core/commands/version.c
@@ -0,0 +1,56 @@
+/* version.c - Command to print the grub version and build info. */
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2006,2007,2008 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <grub/dl.h>
+#include <grub/term.h>
+#include <grub/time.h>
+#include <grub/types.h>
+#include <grub/misc.h>
+#include <grub/extcmd.h>
+#include <grub/i18n.h>
+
+GRUB_MOD_LICENSE ("GPLv3+");
+
+static grub_err_t
+grub_cmd_version (grub_command_t cmd UNUSED, int argc, char **args UNUSED)
+{
+ if (argc != 0)
+ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("no arguments expected"));
+
+ grub_printf (_("GRUB version %s\n"), PACKAGE_VERSION);
+ grub_printf (_("Platform %s-%s\n"), GRUB_TARGET_CPU, GRUB_PLATFORM);
+ if (grub_strlen(GRUB_RPM_VERSION) != 0)
+ grub_printf (_("RPM package version %s\n"), GRUB_RPM_VERSION);
+ grub_printf (_("Compiler version %s\n"), __VERSION__);
+
+ return 0;
+}
+
+static grub_command_t cmd;
+
+GRUB_MOD_INIT(version)
+{
+ cmd = grub_register_command ("version", grub_cmd_version, NULL,
+ N_("Print version and build information."));
+}
+
+GRUB_MOD_FINI(version)
+{
+ grub_unregister_command (cmd);
+}
diff --git a/config.h.in b/config.h.in
index 9b1d3997185..d294d2c653f 100644
--- a/config.h.in
+++ b/config.h.in
@@ -63,6 +63,7 @@
# define GRUB_TARGET_CPU "@GRUB_TARGET_CPU@"
# define GRUB_PLATFORM "@GRUB_PLATFORM@"
+# define GRUB_RPM_VERSION "@GRUB_RPM_VERSION@"
# define GRUB_STACK_PROTECTOR_INIT @GRUB_STACK_PROTECTOR_INIT@

View File

@ -1,74 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Tue, 11 Sep 2018 15:58:29 -0400
Subject: [PATCH] Add more dprintf, and nerf dprintf in script.c
Signed-off-by: Peter Jones <pjones@redhat.com>
---
grub-core/disk/diskfilter.c | 3 +++
grub-core/disk/efi/efidisk.c | 1 +
grub-core/kern/device.c | 1 +
grub-core/script/script.c | 5 +++++
4 files changed, 10 insertions(+)
diff --git a/grub-core/disk/diskfilter.c b/grub-core/disk/diskfilter.c
index 21e2395111a..c35ce8915b2 100644
--- a/grub-core/disk/diskfilter.c
+++ b/grub-core/disk/diskfilter.c
@@ -188,6 +188,8 @@ scan_disk (const char *name, int accept_diskfilter)
grub_disk_t disk;
static int scan_depth = 0;
+ grub_dprintf ("diskfilter", "scanning %s\n", name);
+
if (!accept_diskfilter && is_valid_diskfilter_name (name))
return 0;
@@ -1247,6 +1249,7 @@ insert_array (grub_disk_t disk, const struct grub_diskfilter_pv_id *id,
the same. */
if (pv->disk && grub_disk_native_sectors (disk) >= pv->part_size)
return GRUB_ERR_NONE;
+ grub_dprintf ("diskfilter", "checking %s\n", disk->name);
pv->disk = grub_disk_open (disk->name);
if (!pv->disk)
return grub_errno;
diff --git a/grub-core/disk/efi/efidisk.c b/grub-core/disk/efi/efidisk.c
index 3b5ed569133..822005456eb 100644
--- a/grub-core/disk/efi/efidisk.c
+++ b/grub-core/disk/efi/efidisk.c
@@ -865,6 +865,7 @@ grub_efidisk_get_device_name (grub_efi_handle_t *handle)
return 0;
}
+ grub_dprintf ("efidisk", "getting disk for %s\n", device_name);
parent = grub_disk_open (device_name);
grub_free (dup_dp);
diff --git a/grub-core/kern/device.c b/grub-core/kern/device.c
index 670e213cf3c..d019637470d 100644
--- a/grub-core/kern/device.c
+++ b/grub-core/kern/device.c
@@ -34,6 +34,7 @@ grub_device_open (const char *name)
{
grub_device_t dev = 0;
+ grub_dprintf ("device", "opening device %s\n", name);
if (! name)
{
name = grub_env_get ("root");
diff --git a/grub-core/script/script.c b/grub-core/script/script.c
index ec4d4337c66..844e8343ca7 100644
--- a/grub-core/script/script.c
+++ b/grub-core/script/script.c
@@ -22,6 +22,11 @@
#include <grub/parser.h>
#include <grub/mm.h>
+#ifdef grub_dprintf
+#undef grub_dprintf
+#endif
+#define grub_dprintf(no, fmt, ...)
+
/* It is not possible to deallocate the memory when a syntax error was
found. Because of that it is required to keep track of all memory
allocations. The memory is freed in case of an error, or assigned

View File

@ -1,185 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Thu, 11 Jul 2019 18:03:25 +0200
Subject: [PATCH] Attempt to fix up all the places -Wsign-compare=error finds.
Signed-off-by: Peter Jones <pjones@redhat.com>
---
grub-core/kern/emu/misc.c | 2 +-
grub-core/lib/reed_solomon.c | 4 ++--
grub-core/osdep/linux/blocklist.c | 2 +-
grub-core/osdep/linux/getroot.c | 2 +-
util/grub-fstest.c | 2 +-
util/grub-menulst2cfg.c | 2 +-
util/grub-mkfont.c | 13 +++++++------
util/grub-probe.c | 2 +-
util/setup.c | 2 +-
9 files changed, 16 insertions(+), 15 deletions(-)
diff --git a/grub-core/kern/emu/misc.c b/grub-core/kern/emu/misc.c
index 16c79bc9488..d145e5796b3 100644
--- a/grub-core/kern/emu/misc.c
+++ b/grub-core/kern/emu/misc.c
@@ -189,7 +189,7 @@ grub_util_get_image_size (const char *path)
sz = ftello (f);
if (sz < 0)
grub_util_error (_("cannot open `%s': %s"), path, strerror (errno));
- if (sz != (size_t) sz)
+ if (sz > (off_t)(GRUB_SIZE_MAX >> 1))
grub_util_error (_("file `%s' is too big"), path);
ret = (size_t) sz;
diff --git a/grub-core/lib/reed_solomon.c b/grub-core/lib/reed_solomon.c
index 562bd2e3e3f..5fee7f2a1a4 100644
--- a/grub-core/lib/reed_solomon.c
+++ b/grub-core/lib/reed_solomon.c
@@ -162,7 +162,7 @@ static void
rs_encode (gf_single_t *data, grub_size_t s, grub_size_t rs)
{
gf_single_t *rs_polynomial;
- int i, j;
+ unsigned int i, j;
gf_single_t *m;
m = xcalloc (s + rs, sizeof (gf_single_t));
grub_memcpy (m, data, s * sizeof (gf_single_t));
@@ -333,7 +333,7 @@ static void
encode_block (gf_single_t *ptr, grub_size_t s,
gf_single_t *rptr, grub_size_t rs)
{
- int i, j;
+ unsigned int i, j;
for (i = 0; i < SECTOR_SIZE; i++)
{
grub_size_t ds = (s + SECTOR_SIZE - 1 - i) / SECTOR_SIZE;
diff --git a/grub-core/osdep/linux/blocklist.c b/grub-core/osdep/linux/blocklist.c
index 2efee2c2aee..902cfee53ae 100644
--- a/grub-core/osdep/linux/blocklist.c
+++ b/grub-core/osdep/linux/blocklist.c
@@ -109,7 +109,7 @@ grub_install_get_blocklist (grub_device_t root_dev,
else
{
struct fiemap *fie2;
- int i;
+ unsigned int i;
fie2 = xmalloc (sizeof (*fie2)
+ fie1.fm_mapped_extents
* sizeof (fie1.fm_extents[1]));
diff --git a/grub-core/osdep/linux/getroot.c b/grub-core/osdep/linux/getroot.c
index 74a48c03026..477fb420992 100644
--- a/grub-core/osdep/linux/getroot.c
+++ b/grub-core/osdep/linux/getroot.c
@@ -233,7 +233,7 @@ grub_find_root_devices_from_btrfs (const char *dir)
{
int fd;
struct btrfs_ioctl_fs_info_args fsi;
- int i, j = 0;
+ unsigned int i, j = 0;
char **ret;
fd = open (dir, 0);
diff --git a/util/grub-fstest.c b/util/grub-fstest.c
index 25ae52ab6f4..982ce9ed7d8 100644
--- a/util/grub-fstest.c
+++ b/util/grub-fstest.c
@@ -329,7 +329,7 @@ cmd_cmp (char *src, char *dest)
read_file (src, cmp_hook, ff);
{
- grub_uint64_t pre;
+ long long pre;
pre = ftell (ff);
fseek (ff, 0, SEEK_END);
if (pre != ftell (ff))
diff --git a/util/grub-menulst2cfg.c b/util/grub-menulst2cfg.c
index b80e15cc36e..1ea2a86e129 100644
--- a/util/grub-menulst2cfg.c
+++ b/util/grub-menulst2cfg.c
@@ -34,7 +34,7 @@ main (int argc, char **argv)
char *buf = NULL;
size_t bufsize = 0;
char *suffix = xstrdup ("");
- int suffixlen = 0;
+ size_t suffixlen = 0;
const char *out_fname = 0;
grub_util_host_init (&argc, &argv);
diff --git a/util/grub-mkfont.c b/util/grub-mkfont.c
index 7624d7808b7..e8a914021b2 100644
--- a/util/grub-mkfont.c
+++ b/util/grub-mkfont.c
@@ -143,7 +143,8 @@ add_glyph (struct grub_font_info *font_info, FT_UInt glyph_idx, FT_Face face,
int width, height;
int cuttop, cutbottom, cutleft, cutright;
grub_uint8_t *data;
- int mask, i, j, bitmap_size;
+ int mask, i, bitmap_size;
+ unsigned int j;
FT_GlyphSlot glyph;
int flag = FT_LOAD_RENDER | FT_LOAD_MONOCHROME;
FT_Error err;
@@ -188,7 +189,7 @@ add_glyph (struct grub_font_info *font_info, FT_UInt glyph_idx, FT_Face face,
cuttop = cutbottom = cutleft = cutright = 0;
else
{
- for (cuttop = 0; cuttop < glyph->bitmap.rows; cuttop++)
+ for (cuttop = 0; cuttop < (long)glyph->bitmap.rows; cuttop++)
{
for (j = 0; j < glyph->bitmap.width; j++)
if (glyph->bitmap.buffer[j / 8 + cuttop * glyph->bitmap.pitch]
@@ -208,10 +209,10 @@ add_glyph (struct grub_font_info *font_info, FT_UInt glyph_idx, FT_Face face,
break;
}
cutbottom = glyph->bitmap.rows - 1 - cutbottom;
- if (cutbottom + cuttop >= glyph->bitmap.rows)
+ if (cutbottom + cuttop >= (long)glyph->bitmap.rows)
cutbottom = 0;
- for (cutleft = 0; cutleft < glyph->bitmap.width; cutleft++)
+ for (cutleft = 0; cutleft < (long)glyph->bitmap.width; cutleft++)
{
for (j = 0; j < glyph->bitmap.rows; j++)
if (glyph->bitmap.buffer[cutleft / 8 + j * glyph->bitmap.pitch]
@@ -230,7 +231,7 @@ add_glyph (struct grub_font_info *font_info, FT_UInt glyph_idx, FT_Face face,
break;
}
cutright = glyph->bitmap.width - 1 - cutright;
- if (cutright + cutleft >= glyph->bitmap.width)
+ if (cutright + cutleft >= (long)glyph->bitmap.width)
cutright = 0;
}
@@ -267,7 +268,7 @@ add_glyph (struct grub_font_info *font_info, FT_UInt glyph_idx, FT_Face face,
mask = 0;
data = &glyph_info->bitmap[0] - 1;
- for (j = cuttop; j < height + cuttop; j++)
+ for (j = cuttop; j < (long)height + cuttop; j++)
for (i = cutleft; i < width + cutleft; i++)
add_pixel (&data, &mask,
glyph->bitmap.buffer[i / 8 + j * glyph->bitmap.pitch] &
diff --git a/util/grub-probe.c b/util/grub-probe.c
index 65c1ca3f8b6..08ae915e8d7 100644
--- a/util/grub-probe.c
+++ b/util/grub-probe.c
@@ -799,7 +799,7 @@ argp_parser (int key, char *arg, struct argp_state *state)
case 't':
{
- int i;
+ unsigned int i;
for (i = PRINT_FS; i < ARRAY_SIZE (targets); i++)
if (strcmp (arg, targets[i]) == 0)
diff --git a/util/setup.c b/util/setup.c
index 87a889ff7e3..7aab468b0eb 100644
--- a/util/setup.c
+++ b/util/setup.c
@@ -406,7 +406,7 @@ SETUP (const char *dir,
int is_ldm;
grub_err_t err;
grub_disk_addr_t *sectors;
- int i;
+ unsigned int i;
grub_fs_t fs;
unsigned int nsec, maxsec;

View File

@ -1,47 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Thu, 11 Jul 2019 18:20:37 +0200
Subject: [PATCH] Don't use -Wno-sign-compare -Wno-conversion -Wno-error, do
use -Wextra.
Updated for grub-2.12 which introduced new sign comparison problems:
we're using -Wno-error=sign-compare
Signed-off-by: Peter Jones <pjones@redhat.com>
---
configure.ac | 8 ++++++++
conf/Makefile.common | 2 +-
2 files changed, 9 insertions(+), 1 deletion(-)
diff --git a/configure.ac b/configure.ac
index 2175aa56997..81240397384 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2147,6 +2147,14 @@ if test x"$enable_werror" != xno ; then
fi
fi
+AC_ARG_ENABLE([wextra],
+ [AS_HELP_STRING([--disable-wextra],
+ [do not use -Wextra when building GRUB])])
+if test x"$enable_wextra" != xno ; then
+ TARGET_CFLAGS="$TARGET_CFLAGS -Wextra"
+ HOST_CFLAGS="$HOST_CFLAGS -Wextra"
+fi
+
TARGET_CPP="$TARGET_CC -E"
TARGET_CCAS=$TARGET_CC
diff --git a/conf/Makefile.common b/conf/Makefile.common
index 54f0f7f7664..e53ff352407 100644
--- a/conf/Makefile.common
+++ b/conf/Makefile.common
@@ -76,7 +76,7 @@ grubconfdir = $(sysconfdir)/grub.d
platformdir = $(pkglibdir)/$(target_cpu)-$(platform)
starfielddir = $(pkgdatadir)/themes/starfield
-CFLAGS_GNULIB = -Wno-undef -Wno-sign-compare -Wno-unused -Wno-unused-parameter -Wno-redundant-decls -Wno-unreachable-code -Wno-conversion -Wno-error=attributes
+CFLAGS_GNULIB = -Wno-undef -Wno-error=sign-compare -Wno-unused -Wno-unused-parameter -Wno-redundant-decls -Wno-unreachable-code -Wno-error=attributes
CPPFLAGS_GNULIB = -I$(top_builddir)/grub-core/lib/gnulib -I$(top_srcdir)/grub-core/lib/gnulib
CFLAGS_POSIX = -fno-builtin

View File

@ -1,38 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Fri, 12 Jul 2019 10:06:50 +0200
Subject: [PATCH] Do not allow stack trampolines, anywhere.
Signed-off-by: Peter Jones <pjones@redhat.com>
---
configure.ac | 3 +++
conf/Makefile.common | 2 +-
2 files changed, 4 insertions(+), 1 deletion(-)
diff --git a/configure.ac b/configure.ac
index 81240397384..ae7683d0693 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2155,6 +2155,9 @@ if test x"$enable_wextra" != xno ; then
HOST_CFLAGS="$HOST_CFLAGS -Wextra"
fi
+TARGET_CFLAGS="$TARGET_CFLAGS -Werror=trampolines -fno-trampolines"
+HOST_CFLAGS="$HOST_CFLAGS -Werror=trampolines -fno-trampolines"
+
TARGET_CPP="$TARGET_CC -E"
TARGET_CCAS=$TARGET_CC
diff --git a/conf/Makefile.common b/conf/Makefile.common
index e53ff352407..91ff6c905fb 100644
--- a/conf/Makefile.common
+++ b/conf/Makefile.common
@@ -76,7 +76,7 @@ grubconfdir = $(sysconfdir)/grub.d
platformdir = $(pkglibdir)/$(target_cpu)-$(platform)
starfielddir = $(pkgdatadir)/themes/starfield
-CFLAGS_GNULIB = -Wno-undef -Wno-error=sign-compare -Wno-unused -Wno-unused-parameter -Wno-redundant-decls -Wno-unreachable-code -Wno-error=attributes
+CFLAGS_GNULIB = -Wno-undef -Wno-error=sign-compare -Wno-unused -Wno-unused-parameter -Wno-redundant-decls -Wno-unreachable-code -Wno-error=attributes -Werror=trampolines -fno-trampolines
CPPFLAGS_GNULIB = -I$(top_builddir)/grub-core/lib/gnulib -I$(top_srcdir)/grub-core/lib/gnulib
CFLAGS_POSIX = -fno-builtin

View File

@ -1,346 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Wed, 16 Jan 2019 13:21:46 -0500
Subject: [PATCH] Add efi-export-env and efi-load-env commands
This adds "efi-export-env VARIABLE" and "efi-load-env", which manipulate the
environment block stored in the EFI variable
GRUB_ENV-91376aff-cba6-42be-949d-06fde81128e8.
Signed-off-by: Peter Jones <pjones@redhat.com>
---
grub-core/Makefile.core.def | 6 ++
grub-core/commands/efi/env.c | 168 +++++++++++++++++++++++++++++++++++++++++++
grub-core/kern/efi/efi.c | 3 +
grub-core/kern/efi/init.c | 5 --
grub-core/lib/envblk.c | 43 +++++++++++
util/grub-set-bootflag.c | 1 +
include/grub/efi/efi.h | 5 ++
include/grub/lib/envblk.h | 3 +
8 files changed, 229 insertions(+), 5 deletions(-)
create mode 100644 grub-core/commands/efi/env.c
diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def
index 08c0c67bcf2..4aa20cdfc13 100644
--- a/grub-core/Makefile.core.def
+++ b/grub-core/Makefile.core.def
@@ -842,6 +842,12 @@ module = {
enable = efi;
};
+module = {
+ name = efienv;
+ common = commands/efi/env.c;
+ enable = efi;
+};
+
module = {
name = efifwsetup;
efi = commands/efi/efifwsetup.c;
diff --git a/grub-core/commands/efi/env.c b/grub-core/commands/efi/env.c
new file mode 100644
index 00000000000..45f107ccd5b
--- /dev/null
+++ b/grub-core/commands/efi/env.c
@@ -0,0 +1,168 @@
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2012 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+ */
+#include <grub/dl.h>
+#include <grub/mm.h>
+#include <grub/misc.h>
+#include <grub/types.h>
+#include <grub/mm.h>
+#include <grub/misc.h>
+#include <grub/efi/api.h>
+#include <grub/efi/efi.h>
+#include <grub/env.h>
+#include <grub/lib/envblk.h>
+#include <grub/command.h>
+
+GRUB_MOD_LICENSE ("GPLv3+");
+
+static const grub_guid_t grub_env_guid = GRUB_EFI_GRUB_VARIABLE_GUID;
+
+static grub_err_t
+grub_efi_export_env(grub_command_t cmd __attribute__ ((unused)),
+ int argc, char *argv[])
+{
+ const char *value;
+ char *old_value;
+ struct grub_envblk envblk_s = { NULL, 0 };
+ grub_envblk_t envblk = &envblk_s;
+ grub_err_t err;
+ int changed = 1;
+ grub_efi_status_t status;
+
+ grub_dprintf ("efienv", "argc:%d\n", argc);
+ for (int i = 0; i < argc; i++)
+ grub_dprintf ("efienv", "argv[%d]: %s\n", i, argv[i]);
+
+ if (argc != 1)
+ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("variable name expected"));
+
+ grub_efi_get_variable ("GRUB_ENV", &grub_env_guid, &envblk_s.size,
+ (void **) &envblk_s.buf);
+ if (!envblk_s.buf || envblk_s.size < 1)
+ {
+ char *buf = grub_malloc (1025);
+ if (!buf)
+ return grub_errno;
+
+ grub_memcpy (buf, GRUB_ENVBLK_SIGNATURE, sizeof (GRUB_ENVBLK_SIGNATURE) - 1);
+ grub_memset (buf + sizeof (GRUB_ENVBLK_SIGNATURE) - 1, '#',
+ DEFAULT_ENVBLK_SIZE - sizeof (GRUB_ENVBLK_SIGNATURE) + 1);
+ buf[1024] = '\0';
+
+ envblk_s.buf = buf;
+ envblk_s.size = 1024;
+ }
+ else
+ {
+ char *buf = grub_realloc (envblk_s.buf, envblk_s.size + 1);
+ if (!buf)
+ return grub_errno;
+
+ envblk_s.buf = buf;
+ envblk_s.buf[envblk_s.size] = '\0';
+ }
+
+ err = grub_envblk_get(envblk, argv[0], &old_value);
+ if (err != GRUB_ERR_NONE)
+ {
+ grub_dprintf ("efienv", "grub_envblk_get returned %d\n", err);
+ return err;
+ }
+
+ value = grub_env_get(argv[0]);
+ if ((!value && !old_value) ||
+ (value && old_value && !grub_strcmp(old_value, value)))
+ changed = 0;
+
+ if (old_value)
+ grub_free(old_value);
+
+ if (changed == 0)
+ {
+ grub_dprintf ("efienv", "No changes necessary\n");
+ return 0;
+ }
+
+ if (value)
+ {
+ grub_dprintf ("efienv", "setting \"%s\" to \"%s\"\n", argv[0], value);
+ grub_envblk_set(envblk, argv[0], value);
+ }
+ else
+ {
+ grub_dprintf ("efienv", "deleting \"%s\" from envblk\n", argv[0]);
+ grub_envblk_delete(envblk, argv[0]);
+ }
+
+ grub_dprintf ("efienv", "envblk is %lu bytes:\n\"%s\"\n", envblk_s.size, envblk_s.buf);
+
+ grub_dprintf ("efienv", "removing GRUB_ENV\n");
+ status = grub_efi_set_variable ("GRUB_ENV", &grub_env_guid, NULL, 0);
+ if (status != GRUB_EFI_SUCCESS)
+ grub_dprintf ("efienv", "removal returned %ld\n", status);
+
+ grub_dprintf ("efienv", "setting GRUB_ENV\n");
+ status = grub_efi_set_variable ("GRUB_ENV", &grub_env_guid,
+ envblk_s.buf, envblk_s.size);
+ if (status != GRUB_EFI_SUCCESS)
+ grub_dprintf ("efienv", "setting GRUB_ENV returned %ld\n", status);
+
+ return 0;
+}
+
+static int
+set_var (const char *name, const char *value,
+ void *whitelist __attribute__((__unused__)))
+{
+ grub_env_set (name, value);
+ return 0;
+}
+
+static grub_err_t
+grub_efi_load_env(grub_command_t cmd __attribute__ ((unused)),
+ int argc, char *argv[] __attribute__((__unused__)))
+{
+ struct grub_envblk envblk_s = { NULL, 0 };
+ grub_envblk_t envblk = &envblk_s;
+
+ grub_efi_get_variable ("GRUB_ENV", &grub_env_guid, &envblk_s.size,
+ (void **) &envblk_s.buf);
+ if (!envblk_s.buf || envblk_s.size < 1)
+ return 0;
+
+ if (argc > 0)
+ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("unexpected argument"));
+
+ grub_envblk_iterate (envblk, NULL, set_var);
+ grub_free (envblk_s.buf);
+}
+
+static grub_command_t export_cmd, loadenv_cmd;
+
+GRUB_MOD_INIT(lsefi)
+{
+ export_cmd = grub_register_command ("efi-export-env", grub_efi_export_env,
+ N_("VARIABLE_NAME"), N_("Export environment variable to UEFI."));
+ loadenv_cmd = grub_register_command ("efi-load-env", grub_efi_load_env,
+ NULL, N_("Load the grub environment from UEFI."));
+}
+
+GRUB_MOD_FINI(lsefi)
+{
+ grub_unregister_command (export_cmd);
+ grub_unregister_command (loadenv_cmd);
+}
diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c
index bf16c4307bc..ef837387368 100644
--- a/grub-core/kern/efi/efi.c
+++ b/grub-core/kern/efi/efi.c
@@ -227,6 +227,9 @@ grub_efi_set_variable_with_attributes (const char *var, const grub_guid_t *guid,
if (status == GRUB_EFI_SUCCESS)
return GRUB_ERR_NONE;
+ if (status == GRUB_EFI_NOT_FOUND && datasize == 0)
+ return GRUB_ERR_NONE;
+
return grub_error (GRUB_ERR_IO, "could not set EFI variable `%s'", var);
}
diff --git a/grub-core/kern/efi/init.c b/grub-core/kern/efi/init.c
index b5201974a76..dee3918fd35 100644
--- a/grub-core/kern/efi/init.c
+++ b/grub-core/kern/efi/init.c
@@ -106,11 +106,6 @@ stack_protector_init (void)
grub_addr_t grub_modbase;
-#define GRUB_EFI_GRUB_VARIABLE_GUID \
- { 0x91376aff, 0xcba6, 0x42be, \
- { 0x94, 0x9d, 0x06, 0xfd, 0xe8, 0x11, 0x28, 0xe8 } \
- }
-
/* Helper for grub_efi_env_init */
static int
set_var (const char *name, const char *value,
diff --git a/grub-core/lib/envblk.c b/grub-core/lib/envblk.c
index 2e4e78b132d..874506da169 100644
--- a/grub-core/lib/envblk.c
+++ b/grub-core/lib/envblk.c
@@ -223,6 +223,49 @@ grub_envblk_delete (grub_envblk_t envblk, const char *name)
}
}
+struct get_var_state {
+ const char * const name;
+ char * value;
+ int found;
+};
+
+static int
+get_var (const char * const name, const char * const value, void *statep)
+{
+ struct get_var_state *state = (struct get_var_state *)statep;
+
+ if (!grub_strcmp(state->name, name))
+ {
+ state->found = 1;
+ state->value = grub_strdup(value);
+ if (!state->value)
+ grub_errno = grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory"));
+
+ return 1;
+ }
+
+ return 0;
+}
+
+grub_err_t
+grub_envblk_get (grub_envblk_t envblk, const char * const name, char ** const value)
+{
+ struct get_var_state state = {
+ .name = name,
+ .value = NULL,
+ .found = 0,
+ };
+
+ grub_envblk_iterate(envblk, (void *)&state, get_var);
+
+ *value = state.value;
+
+ if (state.found && !state.value)
+ return grub_errno;
+
+ return GRUB_ERR_NONE;
+}
+
void
grub_envblk_iterate (grub_envblk_t envblk,
void *hook_data,
diff --git a/util/grub-set-bootflag.c b/util/grub-set-bootflag.c
index d506f7e75bc..a6ccc113839 100644
--- a/util/grub-set-bootflag.c
+++ b/util/grub-set-bootflag.c
@@ -25,6 +25,7 @@
#include <config-util.h> /* For *_DIR_NAME defines */
#include <grub/types.h>
+#include <grub/err.h>
#include <grub/lib/envblk.h> /* For GRUB_ENVBLK_DEFCFG define */
#include <errno.h>
#include <stdio.h>
diff --git a/include/grub/efi/efi.h b/include/grub/efi/efi.h
index 8d98203a784..6c2c1f36e37 100644
--- a/include/grub/efi/efi.h
+++ b/include/grub/efi/efi.h
@@ -36,6 +36,11 @@ struct linux_arch_kernel_header {
struct grub_pe_image_header pe_image_header;
};
+#define GRUB_EFI_GRUB_VARIABLE_GUID \
+ { 0x91376aff, 0xcba6, 0x42be, \
+ { 0x94, 0x9d, 0x06, 0xfd, 0xe8, 0x11, 0x28, 0xe8 } \
+ }
+
/* Variables. */
extern grub_efi_system_table_t *EXPORT_VAR(grub_efi_system_table);
extern grub_efi_handle_t EXPORT_VAR(grub_efi_image_handle);
diff --git a/include/grub/lib/envblk.h b/include/grub/lib/envblk.h
index c3e65592170..ab969af2461 100644
--- a/include/grub/lib/envblk.h
+++ b/include/grub/lib/envblk.h
@@ -22,6 +22,8 @@
#define GRUB_ENVBLK_SIGNATURE "# GRUB Environment Block\n"
#define GRUB_ENVBLK_DEFCFG "grubenv"
+#define DEFAULT_ENVBLK_SIZE 1024
+
#ifndef ASM_FILE
struct grub_envblk
@@ -33,6 +35,7 @@ typedef struct grub_envblk *grub_envblk_t;
grub_envblk_t grub_envblk_open (char *buf, grub_size_t size);
int grub_envblk_set (grub_envblk_t envblk, const char *name, const char *value);
+grub_err_t grub_envblk_get (grub_envblk_t envblk, const char * const name, char ** const value);
void grub_envblk_delete (grub_envblk_t envblk, const char *name);
void grub_envblk_iterate (grub_envblk_t envblk,
void *hook_data,

View File

@ -1,44 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Javier Martinez Canillas <javierm@redhat.com>
Date: Tue, 22 Jan 2019 15:40:25 +0100
Subject: [PATCH] Export all variables from the initial context when creating a
submenu
When a submenu is created, only the exported variables are copied to the
new menu context. But we want the variables to be global, so export lets
export all variables to the new created submenu.
Also, don't unset the default variable when a new submenu is created.
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
---
grub-core/normal/context.c | 2 +-
grub-core/normal/menu.c | 2 --
2 files changed, 1 insertion(+), 3 deletions(-)
diff --git a/grub-core/normal/context.c b/grub-core/normal/context.c
index ba185e91599..b4baa4392cd 100644
--- a/grub-core/normal/context.c
+++ b/grub-core/normal/context.c
@@ -99,7 +99,7 @@ grub_env_new_context (int export_all)
grub_err_t
grub_env_context_open (void)
{
- return grub_env_new_context (0);
+ return grub_env_new_context (1);
}
int grub_extractor_level = 0;
diff --git a/grub-core/normal/menu.c b/grub-core/normal/menu.c
index b0cfa32ddd8..30ddcea0c11 100644
--- a/grub-core/normal/menu.c
+++ b/grub-core/normal/menu.c
@@ -375,8 +375,6 @@ grub_menu_execute_entry(grub_menu_entry_t entry, int auto_boot)
if (ptr && ptr[0] && ptr[1])
grub_env_set ("default", ptr + 1);
- else
- grub_env_unset ("default");
grub_script_execute_new_scope (entry->sourcecode, entry->argc, entry->args);

View File

@ -1,97 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Javier Martinez Canillas <javierm@redhat.com>
Date: Tue, 9 Apr 2019 13:12:40 +0200
Subject: [PATCH] Don't assume that boot commands will only return on fail
While it's true that for most loaders the boot command never returns, it
may be the case that it does. For example the GRUB emulator boot command
calls to systemctl kexec which in turn does an asynchonous call to kexec.
So in this case GRUB will wrongly assume that the boot command fails and
print a "Failed to boot both default and fallback entries" even when the
kexec call later succeeds.
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
---
grub-core/normal/menu.c | 23 +++++++++++++----------
1 file changed, 13 insertions(+), 10 deletions(-)
diff --git a/grub-core/normal/menu.c b/grub-core/normal/menu.c
index 30ddcea0c11..cda10fa8b3f 100644
--- a/grub-core/normal/menu.c
+++ b/grub-core/normal/menu.c
@@ -285,7 +285,7 @@ get_and_remove_first_entry_number (grub_menu_t menu, const char *name)
}
/* Run a menu entry. */
-static void
+static grub_err_t
grub_menu_execute_entry(grub_menu_entry_t entry, int auto_boot)
{
grub_err_t err = GRUB_ERR_NONE;
@@ -302,7 +302,7 @@ grub_menu_execute_entry(grub_menu_entry_t entry, int auto_boot)
{
grub_print_error ();
grub_errno = GRUB_ERR_NONE;
- return;
+ return grub_errno;
}
errs_before = grub_err_printed_errors;
@@ -315,7 +315,7 @@ grub_menu_execute_entry(grub_menu_entry_t entry, int auto_boot)
grub_env_context_open ();
menu = grub_zalloc (sizeof (*menu));
if (! menu)
- return;
+ return grub_errno;
grub_env_set_menu (menu);
if (auto_boot)
grub_env_set ("timeout", "0");
@@ -385,7 +385,7 @@ grub_menu_execute_entry(grub_menu_entry_t entry, int auto_boot)
if (grub_errno == GRUB_ERR_NONE && grub_loader_is_loaded ())
/* Implicit execution of boot, only if something is loaded. */
- grub_command_execute ("boot", 0, 0);
+ err = grub_command_execute ("boot", 0, 0);
if (errs_before != grub_err_printed_errors)
grub_wait_after_message ();
@@ -408,6 +408,8 @@ grub_menu_execute_entry(grub_menu_entry_t entry, int auto_boot)
else
grub_env_unset ("default");
grub_env_unset ("timeout");
+
+ return err;
}
/* Execute ENTRY from the menu MENU, falling back to entries specified
@@ -422,10 +424,13 @@ grub_menu_execute_with_fallback (grub_menu_t menu,
void *callback_data)
{
int fallback_entry;
+ grub_err_t err;
callback->notify_booting (entry, callback_data);
- grub_menu_execute_entry (entry, 1);
+ err = grub_menu_execute_entry (entry, 1);
+ if (err == GRUB_ERR_NONE)
+ return;
/* Deal with fallback entries. */
while ((fallback_entry = get_and_remove_first_entry_number (menu, "fallback"))
@@ -436,11 +441,9 @@ grub_menu_execute_with_fallback (grub_menu_t menu,
entry = grub_menu_get_entry (menu, fallback_entry);
callback->notify_fallback (entry, callback_data);
- grub_menu_execute_entry (entry, 1);
- /* If the function call to execute the entry returns at all, then this is
- taken to indicate a boot failure. For menu entries that do something
- other than actually boot an operating system, this could assume
- incorrectly that something failed. */
+ err = grub_menu_execute_entry (entry, 1);
+ if (err == GRUB_ERR_NONE)
+ return;
}
if (!autobooted)

View File

@ -1,28 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: David Abdurachmanov <david.abdurachmanov@sifive.com>
Date: Sat, 9 Nov 2019 19:51:57 +0000
Subject: [PATCH] Add start symbol for RISC-V
All other architectures have start symbol.
Hopefully this resolves:
BUILDSTDERR: ././grub-mkimage: error: undefined symbol start.
Signed-off-by: David Abdurachmanov <david.abdurachmanov@sifive.com>
---
grub-core/kern/riscv/efi/startup.S | 1 +
1 file changed, 1 insertion(+)
diff --git a/grub-core/kern/riscv/efi/startup.S b/grub-core/kern/riscv/efi/startup.S
index f2a7b2b1ede..781773136e8 100644
--- a/grub-core/kern/riscv/efi/startup.S
+++ b/grub-core/kern/riscv/efi/startup.S
@@ -29,6 +29,7 @@
.file "startup.S"
.text
+FUNCTION(start)
FUNCTION(_start)
/*
* EFI_SYSTEM_TABLE and EFI_HANDLE are passed in a1/a0.

View File

@ -1,33 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Javier Martinez Canillas <javierm@redhat.com>
Date: Wed, 15 Jan 2020 12:47:46 +0100
Subject: [PATCH] bootstrap.conf: Force autogen.sh to use python3
The python-unversioned-command package is not installed in the buildroot,
but the bootstrap script expects the python command to be present if one
is not defined. So building the package leads to the following error:
./autogen.sh: line 20: python: command not found
This is harmless since gnulib is included as a source anyways, because the
builders can't download. But still the issue should be fixed by forcing to
use python3 that's the default in Fedora now.
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
---
bootstrap.conf | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/bootstrap.conf b/bootstrap.conf
index 7a7813d2825..60de0597c50 100644
--- a/bootstrap.conf
+++ b/bootstrap.conf
@@ -94,7 +94,7 @@ bootstrap_post_import_hook () {
patch -d po -p3 \
< "po/gettext-patches/$patchname.patch"
done
- FROM_BOOTSTRAP=1 ./autogen.sh
+ PYTHON=python3 FROM_BOOTSTRAP=1 ./autogen.sh
set +e # bootstrap expects this
}

View File

@ -1,30 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Javier Martinez Canillas <javierm@redhat.com>
Date: Wed, 22 Apr 2020 12:41:52 +0200
Subject: [PATCH] kern/term: Also accept F8 as a user interrupt key
Make F8, which used to be the hotkey to show the Windows boot menu during
boot for a long long time, also interrupt sleeps / stop the menu countdown.
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
---
grub-core/kern/term.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/grub-core/kern/term.c b/grub-core/kern/term.c
index 14d59649832..4d61f4e9790 100644
--- a/grub-core/kern/term.c
+++ b/grub-core/kern/term.c
@@ -144,9 +144,10 @@ grub_key_is_interrupt (int key)
/*
* ESC sometimes is the BIOS setup hotkey and may be hard to discover, also
* check F4, which was chosen because is not used as a hotkey to enter the
- * BIOS setup by any vendor.
+ * BIOS setup by any vendor. Also, F8 which was the key to get the Windows
+ * bootmenu for a long time.
*/
- if (key == GRUB_TERM_ESC || key == GRUB_TERM_KEY_F4)
+ if (key == GRUB_TERM_ESC || key == GRUB_TERM_KEY_F4 || key == GRUB_TERM_KEY_F8)
return 1;
/*

View File

@ -1,47 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Javier Martinez Canillas <javierm@redhat.com>
Date: Tue, 2 Jun 2020 13:25:01 +0200
Subject: [PATCH] http: Prepend prefix when the HTTP path is relative as done
in efi/http
There are two different HTTP drivers that can be used when requesting an
HTTP resource: the efi/http that uses the EFI_HTTP_PROTOCOL and the http
that uses GRUB's HTTP and TCP/IP implementation.
The efi/http driver appends a prefix that is defined in the variable
http_path, but the http driver doesn't.
So using this driver and attempting to fetch a resource using a relative
path fails.
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
---
grub-core/net/http.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/grub-core/net/http.c b/grub-core/net/http.c
index af486198399..ce2b492c353 100644
--- a/grub-core/net/http.c
+++ b/grub-core/net/http.c
@@ -502,13 +502,20 @@ http_open (struct grub_file *file, const char *filename)
{
grub_err_t err;
struct http_data *data;
+ const char *http_path;
data = grub_zalloc (sizeof (*data));
if (!data)
return grub_errno;
file->size = GRUB_FILE_SIZE_UNKNOWN;
- data->filename = grub_strdup (filename);
+ /* If path is relative, prepend http_path */
+ http_path = grub_env_get ("http_path");
+ if (http_path && filename[0] != '/')
+ data->filename = grub_xasprintf ("%s/%s", http_path, filename);
+ else
+ data->filename = grub_strdup (filename);
+
if (!data->filename)
{
grub_free (data);

View File

@ -1,27 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Wed, 16 Jan 2019 13:21:46 -0500
Subject: [PATCH] Fix a missing return in efi-export-env and efi-load-env
commands
Somewhere along the way this got mis-merged to include a return without
a value. Fix it up.
Signed-off-by: Peter Jones <pjones@redhat.com>
---
grub-core/commands/efi/env.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/grub-core/commands/efi/env.c b/grub-core/commands/efi/env.c
index 45f107ccd5b..4080f24fdb8 100644
--- a/grub-core/commands/efi/env.c
+++ b/grub-core/commands/efi/env.c
@@ -149,6 +149,8 @@ grub_efi_load_env(grub_command_t cmd __attribute__ ((unused)),
grub_envblk_iterate (envblk, NULL, set_var);
grub_free (envblk_s.buf);
+
+ return GRUB_ERR_NONE;
}
static grub_command_t export_cmd, loadenv_cmd;

View File

@ -1,38 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Mon, 20 Jul 2020 12:24:02 -0400
Subject: [PATCH] Fix const char ** pointers in grub-core/net/efi/ip4_config.c
This will need to get folded back in the right place on the next rebase,
but it's before "Make grub_strtol() "end" pointers have safer const
qualifiers" currently, so for now I'm leaving it here instead of merging
it back with the original patch.
Signed-off-by: Peter Jones <pjones@redhat.com>
---
grub-core/net/efi/ip4_config.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/grub-core/net/efi/ip4_config.c b/grub-core/net/efi/ip4_config.c
index e9fc24865ec..85a090ec422 100644
--- a/grub-core/net/efi/ip4_config.c
+++ b/grub-core/net/efi/ip4_config.c
@@ -61,7 +61,8 @@ int
grub_efi_string_to_ip4_address (const char *val, grub_efi_ipv4_address_t *address, const char **rest)
{
grub_uint32_t newip = 0;
- int i, ncolon = 0;
+ grub_size_t i;
+ int ncolon = 0;
const char *ptr = val;
/* Check that is not an IPv6 address */
@@ -78,7 +79,7 @@ grub_efi_string_to_ip4_address (const char *val, grub_efi_ipv4_address_t *addres
for (i = 0; i < 4; i++)
{
unsigned long t;
- t = grub_strtoul (ptr, (char **) &ptr, 0);
+ t = grub_strtoul (ptr, &ptr, 0);
if (grub_errno)
{
grub_errno = GRUB_ERR_NONE;

View File

@ -1,28 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Mon, 20 Jul 2020 12:24:02 -0400
Subject: [PATCH] Fix const char ** pointers in grub-core/net/efi/ip6_config.c
This will need to get folded back in the right place on the next rebase,
but it's before "Make grub_strtol() "end" pointers have safer const
qualifiers" currently, so for now I'm leaving it here instead of merging
it back with the original patch.
Signed-off-by: Peter Jones <pjones@redhat.com>
---
grub-core/net/efi/ip6_config.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/grub-core/net/efi/ip6_config.c b/grub-core/net/efi/ip6_config.c
index 050af4fbfd1..952bda9fa74 100644
--- a/grub-core/net/efi/ip6_config.c
+++ b/grub-core/net/efi/ip6_config.c
@@ -85,7 +85,7 @@ grub_efi_string_to_ip6_address (const char *val, grub_efi_ipv6_address_t *addres
ptr++;
continue;
}
- t = grub_strtoul (ptr, (char **) &ptr, 16);
+ t = grub_strtoul (ptr, &ptr, 16);
if (grub_errno)
{
grub_errno = GRUB_ERR_NONE;

View File

@ -1,37 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Mon, 20 Jul 2020 12:24:02 -0400
Subject: [PATCH] Fix const char ** pointers in grub-core/net/efi/net.c
This will need to get folded back in the right place on the next rebase,
but it's before "Make grub_strtol() "end" pointers have safer const
qualifiers" currently, so for now I'm leaving it here instead of merging
it back with the original patch.
Signed-off-by: Peter Jones <pjones@redhat.com>
---
grub-core/net/efi/net.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/grub-core/net/efi/net.c b/grub-core/net/efi/net.c
index a9536c66550..0a1e604b5bd 100644
--- a/grub-core/net/efi/net.c
+++ b/grub-core/net/efi/net.c
@@ -729,7 +729,7 @@ grub_efi_net_parse_address (const char *address,
{
grub_uint32_t subnet_mask_size;
- subnet_mask_size = grub_strtoul (rest + 1, (char **) &rest, 0);
+ subnet_mask_size = grub_strtoul (rest + 1, &rest, 0);
if (!grub_errno && subnet_mask_size <= 32 && *rest == 0)
{
@@ -758,7 +758,7 @@ grub_efi_net_parse_address (const char *address,
{
grub_efi_uint8_t prefix_length;
- prefix_length = grub_strtoul (rest + 1, (char **) &rest, 0);
+ prefix_length = grub_strtoul (rest + 1, &rest, 0);
if (!grub_errno && prefix_length <= 128 && *rest == 0)
{
ip6->prefix_length = prefix_length;

View File

@ -1,46 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Mon, 20 Jul 2020 12:24:02 -0400
Subject: [PATCH] Fix const char ** pointers in grub-core/net/efi/pxe.c
This will need to get folded back in the right place on the next rebase,
but it's before "Make grub_strtol() "end" pointers have safer const
qualifiers" currently, so for now I'm leaving it here instead of merging
it back with the original patch.
Signed-off-by: Peter Jones <pjones@redhat.com>
---
grub-core/net/efi/pxe.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/grub-core/net/efi/pxe.c b/grub-core/net/efi/pxe.c
index b84f86ea470..e828fb23e96 100644
--- a/grub-core/net/efi/pxe.c
+++ b/grub-core/net/efi/pxe.c
@@ -187,7 +187,7 @@ parse_ip6 (const char *val, grub_uint64_t *ip, const char **rest)
ptr++;
continue;
}
- t = grub_strtoul (ptr, (char **) &ptr, 16);
+ t = grub_strtoul (ptr, &ptr, 16);
if (grub_errno)
{
grub_errno = GRUB_ERR_NONE;
@@ -225,7 +225,7 @@ pxe_open (struct grub_efi_net_device *dev,
int type __attribute__((unused)))
{
int i;
- char *p;
+ const char *p;
grub_efi_status_t status;
grub_efi_pxe_ip_address_t server_ip;
grub_efi_uint64_t file_size = 0;
@@ -313,7 +313,7 @@ pxe_read (struct grub_efi_net_device *dev,
grub_size_t len)
{
int i;
- char *p;
+ const char *p;
grub_efi_status_t status;
grub_efi_pxe_t *pxe = (prefer_ip6) ? dev->ip6_pxe : dev->ip4_pxe;
grub_efi_uint64_t bufsz = len;

View File

@ -1,190 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Hans de Goede <hdegoede@redhat.com>
Date: Wed, 22 Jul 2020 14:03:42 +0200
Subject: [PATCH] Add systemd integration scripts to make "systemctl reboot
--boot-loader-menu=xxx" work with grub
This commit adds a number of scripts / config files to make
"systemctl reboot --boot-loader-menu=xxx" work with grub:
1. /lib/systemd/system/systemd-logind.service.d/10-grub.conf
This sets SYSTEMD_REBOOT_TO_BOOT_LOADER_MENU in the env. for logind,
indicating that the boot-loader which is used supports this feature, see:
https://github.com/systemd/systemd/blob/master/docs/ENVIRONMENT.md
2. /lib/systemd/system/grub-systemd-integration.service
/lib/systemd/system/reboot.target.wants/grub-systemd-integration.service ->
../grub-systemd-integration.service
/usr/libexec/grub/grub-systemd-integration.sh
The symlink in the .wants dir causes the added service file to be started
by systemd just before rebooting the system.
If /run/systemd/reboot-to-boot-loader-menu exist then the service will run
the grub-systemd-integration.sh script.
This script sets the new menu_show_once_timeout grubenv variable to the
requested timeout in seconds.
3. /etc/grub.d/14_menu_show_once
This new grub-mkconfig snippet adds the necessary code to the generated
grub.conf to honor the new menu_show_once_timeout variable, and to
automatically clear it after consuming it.
Note the service and libexec script use grub-systemd-integration as name
because in the future they may be used to add further integration with
systemctl reboot --foo options, e.g. support for --boot-loader-entry=NAME.
A few notes about upstreaming this patch from the rhboot grub2 fork:
1. I have deliberately put the grub.conf bits for this in a new / separate
grub-mkconfig snippet generator for easy upstreaming
2. Even though the commit message mentions the .wants symlink for the .service
I have been unable to come up with a clean way to do this at "make install"
time, this should be fixed before upstreaming.
Downstream notes:
1. Since make install does not add the .wants symlink, this needs to be done
in grub2.spec %install
2. This is keeping support for the "old" Fedora specific menu_show_once env
variable, which has a hardcoded timeout of 60 sec in 12_menu_auto_hide in
place for now. This can be dropped (eventually) in a follow-up patch once
GNOME has been converted to use the systemd dbus API equivalent of
"systemctl reboot --boot-loader-menu=xxx".
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
---
Makefile.util.def | 27 ++++++++++++++++++++++++
conf/Makefile.common | 6 ++++++
util/grub.d/14_menu_show_once.in | 13 ++++++++++++
util/systemd/10-grub-logind-service.conf.in | 2 ++
util/systemd/grub-systemd-integration.service.in | 8 +++++++
util/systemd/systemd-integration.sh.in | 6 ++++++
6 files changed, 62 insertions(+)
create mode 100755 util/grub.d/14_menu_show_once.in
create mode 100644 util/systemd/10-grub-logind-service.conf.in
create mode 100644 util/systemd/grub-systemd-integration.service.in
create mode 100644 util/systemd/systemd-integration.sh.in
diff --git a/Makefile.util.def b/Makefile.util.def
index 885dc688a60..8e52e48c780 100644
--- a/Makefile.util.def
+++ b/Makefile.util.def
@@ -473,6 +473,12 @@ script = {
installdir = grubconf;
};
+script = {
+ name = '14_menu_show_once';
+ common = util/grub.d/14_menu_show_once.in;
+ installdir = grubconf;
+};
+
script = {
name = '01_users';
common = util/grub.d/01_users.in;
@@ -578,6 +584,27 @@ script = {
installdir = grubconf;
};
+script = {
+ name = 'grub-systemd-integration.service';
+ common = util/systemd/grub-systemd-integration.service.in;
+ installdir = systemdunit;
+ condition = COND_HOST_LINUX;
+};
+
+script = {
+ name = 'systemd-integration.sh';
+ common = util/systemd/systemd-integration.sh.in;
+ installdir = grublibexec;
+ condition = COND_HOST_LINUX;
+};
+
+script = {
+ name = '10-grub-logind-service.conf';
+ common = util/systemd/10-grub-logind-service.conf.in;
+ installdir = systemd_logind_service_d;
+ condition = COND_HOST_LINUX;
+};
+
program = {
mansection = 1;
name = grub-mkrescue;
diff --git a/conf/Makefile.common b/conf/Makefile.common
index 91ff6c905fb..c8756d8146f 100644
--- a/conf/Makefile.common
+++ b/conf/Makefile.common
@@ -73,8 +73,11 @@ CCASFLAGS_LIBRARY = $(UTILS_CCASFLAGS)
# Other variables
grubconfdir = $(sysconfdir)/grub.d
+grublibexecdir = $(libexecdir)/$(grubdirname)
platformdir = $(pkglibdir)/$(target_cpu)-$(platform)
starfielddir = $(pkgdatadir)/themes/starfield
+systemdunitdir = ${prefix}/lib/systemd/system
+systemd_logind_service_ddir = $(systemdunitdir)/systemd-logind.service.d
CFLAGS_GNULIB = -Wno-undef -Wno-error=sign-compare -Wno-unused -Wno-unused-parameter -Wno-redundant-decls -Wno-unreachable-code -Wno-error=attributes -Werror=trampolines -fno-trampolines
CPPFLAGS_GNULIB = -I$(top_builddir)/grub-core/lib/gnulib -I$(top_srcdir)/grub-core/lib/gnulib
@@ -133,6 +136,9 @@ platform_SCRIPTS =
platform_PROGRAMS =
sbin_SCRIPTS =
sbin_PROGRAMS =
+grublibexec_SCRIPTS =
+systemdunit_SCRIPTS =
+systemd_logind_service_d_SCRIPTS =
EXTRA_DIST =
CLEANFILES =
diff --git a/util/grub.d/14_menu_show_once.in b/util/grub.d/14_menu_show_once.in
new file mode 100755
index 00000000000..1cd7f36142b
--- /dev/null
+++ b/util/grub.d/14_menu_show_once.in
@@ -0,0 +1,13 @@
+#! /bin/sh
+# Force the menu to be shown once, with a timeout of ${menu_show_once_timeout}
+# if requested by ${menu_show_once_timeout} being set in the env.
+cat << EOF
+if [ x\$feature_timeout_style = xy ]; then
+ if [ "\${menu_show_once_timeout}" ]; then
+ set timeout_style=menu
+ set timeout="\${menu_show_once_timeout}"
+ unset menu_show_once_timeout
+ save_env menu_show_once_timeout
+ fi
+fi
+EOF
diff --git a/util/systemd/10-grub-logind-service.conf.in b/util/systemd/10-grub-logind-service.conf.in
new file mode 100644
index 00000000000..f2d4ac00732
--- /dev/null
+++ b/util/systemd/10-grub-logind-service.conf.in
@@ -0,0 +1,2 @@
+[Service]
+Environment=SYSTEMD_REBOOT_TO_BOOT_LOADER_MENU=true
diff --git a/util/systemd/grub-systemd-integration.service.in b/util/systemd/grub-systemd-integration.service.in
new file mode 100644
index 00000000000..c81fb594ce1
--- /dev/null
+++ b/util/systemd/grub-systemd-integration.service.in
@@ -0,0 +1,8 @@
+[Unit]
+Description=Grub2 systemctl reboot --boot-loader-menu=... support
+Before=umount.target systemd-reboot.service
+DefaultDependencies=no
+ConditionPathExists=/run/systemd/reboot-to-boot-loader-menu
+
+[Service]
+ExecStart=@libexecdir@/@grubdirname@/systemd-integration.sh
diff --git a/util/systemd/systemd-integration.sh.in b/util/systemd/systemd-integration.sh.in
new file mode 100644
index 00000000000..dc1218597bc
--- /dev/null
+++ b/util/systemd/systemd-integration.sh.in
@@ -0,0 +1,6 @@
+#!/bin/sh
+
+TIMEOUT_USEC=$(cat /run/systemd/reboot-to-boot-loader-menu)
+TIMEOUT=$(((TIMEOUT_USEC + 500000) / 1000000))
+
+@grub_editenv@ - set menu_show_once_timeout=$TIMEOUT

View File

@ -1,32 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Hans de Goede <hdegoede@redhat.com>
Date: Thu, 23 Jul 2020 09:27:36 +0200
Subject: [PATCH] systemd-integration.sh: Also set old menu_show_once grubenv
var
Downstream RH / Fedora patch for compatibility with old, not (yet)
regenerated grub.cfg files which miss the menu_show_once_timeout check.
This older grubenv variable leads to a fixed timeout of 60 seconds.
Note that the new menu_show_once_timeout will overrule these 60 seconds
if both are set and the grub.cfg does have the menu_show_once_timeout
check.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
---
util/systemd/systemd-integration.sh.in | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/util/systemd/systemd-integration.sh.in b/util/systemd/systemd-integration.sh.in
index dc1218597bc..a4c071c5b0c 100644
--- a/util/systemd/systemd-integration.sh.in
+++ b/util/systemd/systemd-integration.sh.in
@@ -4,3 +4,8 @@ TIMEOUT_USEC=$(cat /run/systemd/reboot-to-boot-loader-menu)
TIMEOUT=$(((TIMEOUT_USEC + 500000) / 1000000))
@grub_editenv@ - set menu_show_once_timeout=$TIMEOUT
+
+# Downstream RH / Fedora patch for compatibility with old, not (yet)
+# regenerated grub.cfg files which miss the menu_show_once_timeout check
+# this older grubenv variable leads to a fixed timeout of 60 seconds
+@grub_editenv@ - set menu_show_once=1

View File

@ -1,109 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Daniel Axtens <dja@axtens.net>
Date: Mon, 28 Sep 2020 11:11:17 +1000
Subject: [PATCH] ieee1275: enter lockdown based on /ibm,secure-boot
If the 'ibm,secure-boot' property of the root node is 2 or greater,
enter lockdown.
Signed-off-by: Daniel Axtens <dja@axtens.net>
---
grub-core/Makefile.core.def | 1 +
grub-core/kern/ieee1275/init.c | 27 +++++++++++++++++++++++++++
include/grub/lockdown.h | 3 ++-
docs/grub.texi | 4 ++--
4 files changed, 32 insertions(+), 3 deletions(-)
diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def
index c81c9107249..c748a37b4c5 100644
--- a/grub-core/Makefile.core.def
+++ b/grub-core/Makefile.core.def
@@ -337,6 +337,7 @@ kernel = {
powerpc_ieee1275 = kern/powerpc/cache.S;
powerpc_ieee1275 = kern/powerpc/dl.c;
powerpc_ieee1275 = kern/powerpc/compiler-rt.S;
+ powerpc_ieee1275 = kern/lockdown.c;
sparc64_ieee1275 = kern/sparc64/cache.S;
sparc64_ieee1275 = kern/sparc64/dl.c;
diff --git a/grub-core/kern/ieee1275/init.c b/grub-core/kern/ieee1275/init.c
index c4d6962197b..85d50e2965f 100644
--- a/grub-core/kern/ieee1275/init.c
+++ b/grub-core/kern/ieee1275/init.c
@@ -49,6 +49,7 @@
#if defined(__powerpc__) || defined(__i386__)
#include <grub/ieee1275/alloc.h>
#endif
+#include <grub/lockdown.h>
/* The maximum heap size we're going to claim at boot. Not used by sparc. */
#ifdef __i386__
@@ -893,6 +894,30 @@ grub_parse_cmdline (void)
}
}
+static void
+grub_get_ieee1275_secure_boot (void)
+{
+ grub_ieee1275_phandle_t root;
+ int rc;
+ grub_uint32_t is_sb;
+
+ grub_ieee1275_finddevice ("/", &root);
+
+ rc = grub_ieee1275_get_integer_property (root, "ibm,secure-boot", &is_sb,
+ sizeof (is_sb), 0);
+
+ /* ibm,secure-boot:
+ * 0 - disabled
+ * 1 - audit
+ * 2 - enforce
+ * 3 - enforce + OS-specific behaviour
+ *
+ * We only support enforce.
+ */
+ if (rc >= 0 && is_sb >= 2)
+ grub_lockdown ();
+}
+
grub_addr_t grub_modbase;
void
@@ -918,6 +943,8 @@ grub_machine_init (void)
#else
grub_install_get_time_ms (grub_rtc_get_time_ms);
#endif
+
+ grub_get_ieee1275_secure_boot ();
}
void
diff --git a/include/grub/lockdown.h b/include/grub/lockdown.h
index 40531fa823b..ebfee4bf06e 100644
--- a/include/grub/lockdown.h
+++ b/include/grub/lockdown.h
@@ -24,7 +24,8 @@
#define GRUB_LOCKDOWN_DISABLED 0
#define GRUB_LOCKDOWN_ENABLED 1
-#ifdef GRUB_MACHINE_EFI
+#if defined(GRUB_MACHINE_EFI) || \
+ (defined(__powerpc__) && defined(GRUB_MACHINE_IEEE1275))
extern void
EXPORT_FUNC (grub_lockdown) (void);
extern int
diff --git a/docs/grub.texi b/docs/grub.texi
index eab81718a59..096a3cde075 100644
--- a/docs/grub.texi
+++ b/docs/grub.texi
@@ -6814,8 +6814,8 @@ platforms.
@section Lockdown when booting on a secure setup
The GRUB can be locked down when booted on a secure boot environment, for example
-if the UEFI secure boot is enabled. On a locked down configuration, the GRUB will
-be restricted and some operations/commands cannot be executed.
+if UEFI or Power secure boot is enabled. On a locked down configuration, the
+GRUB will be restricted and some operations/commands cannot be executed.
The @samp{lockdown} variable is set to @samp{y} when the GRUB is locked down.
Otherwise it does not exit.

View File

@ -1,46 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Daniel Axtens <dja@axtens.net>
Date: Wed, 14 Apr 2021 20:10:23 +1000
Subject: [PATCH] ieee1275: drop HEAP_MAX_ADDR, HEAP_MIN_SIZE
HEAP_MAX_ADDR is confusing. Currently it is set to 32MB, except
on ieee1275 on x86, where it is 64MB.
There is a comment which purports to explain it:
/* If possible, we will avoid claiming heap above this address, because it
seems to cause relocation problems with OSes that link at 4 MiB */
This doesn't make a lot of sense when the constants are well above 4MB
already. It was not always this way. Prior to
commit 7b5d0fe4440c ("Increase heap limit") in 2010, HEAP_MAX_SIZE and
HEAP_MAX_ADDR were indeed 4MB. However, when the constants were increased
the comment was left unchanged.
It's been over a decade. It doesn't seem like we have problems with
claims over 4MB on powerpc or x86 ieee1275. (sparc does things completely
differently and never used the constant.)
Drop the constant and the check.
The only use of HEAP_MIN_SIZE was to potentially override the
HEAP_MAX_ADDR check. It is now unused. Remove it.
Signed-off-by: Daniel Axtens <dja@axtens.net>
---
grub-core/kern/ieee1275/init.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/grub-core/kern/ieee1275/init.c b/grub-core/kern/ieee1275/init.c
index 85d50e2965f..8ce1a0f09ee 100644
--- a/grub-core/kern/ieee1275/init.c
+++ b/grub-core/kern/ieee1275/init.c
@@ -51,7 +51,7 @@
#endif
#include <grub/lockdown.h>
-/* The maximum heap size we're going to claim at boot. Not used by sparc. */
+/* The maximum heap size we're going to claim. Not used by sparc. */
#ifdef __i386__
#define HEAP_MAX_SIZE (unsigned long) (64 * 1024 * 1024)
#else /* __powerpc__ */

View File

@ -1,36 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Javier Martinez Canillas <javierm@redhat.com>
Date: Thu, 17 Jun 2021 14:31:42 +0200
Subject: [PATCH] Don't update the cmdline when generating legacy menuentry
commands
On OPAL ppc64le machines with an old petitboot version that doesn't have
support to parse BLS snippets, the grub2-mkconfig script is executed to
generate menuentry commands from the BLS snippets.
In this case, the script is executed with the --no-grubenv-update option
that indicates that no side effects should happen when running the script.
But the options field in the BLS snippets are updated regardless, only do
the update if --no-grubenv-update was not used.
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
---
util/grub.d/10_linux.in | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in
index b8bc37e92aa..360ce26e5f9 100644
--- a/util/grub.d/10_linux.in
+++ b/util/grub.d/10_linux.in
@@ -258,7 +258,9 @@ if [ -z "\${kernelopts}" ]; then
fi
EOF
- update_bls_cmdline
+ if [ "x${GRUB_GRUBENV_UPDATE}" = "xyes" ]; then
+ update_bls_cmdline
+ fi
if [ "x${BLS_POPULATE_MENU}" = "xtrue" ]; then
populate_menu

View File

@ -1,33 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Paulo Flabiano Smorigo <pfsmorigo@br.ibm.com>
Date: Tue, 29 Jun 2021 13:17:42 +0200
Subject: [PATCH] Suppress gettext error message
Colin Watson's patch from comment #11 on the upstream bug:
https://savannah.gnu.org/bugs/?35880#comment11
Resolves: rhbz#1592124
Signed-off-by: Paulo Flabiano Smorigo <pfsmorigo@br.ibm.com>
---
grub-core/gettext/gettext.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/grub-core/gettext/gettext.c b/grub-core/gettext/gettext.c
index 7a1c14e4f33..631af7a946b 100644
--- a/grub-core/gettext/gettext.c
+++ b/grub-core/gettext/gettext.c
@@ -424,6 +424,13 @@ grub_gettext_init_ext (struct grub_gettext_context *ctx,
grub_free (lang);
}
+ /* If no translations are available, fall back to untranslated text. */
+ if (err == GRUB_ERR_FILE_NOT_FOUND)
+ {
+ grub_errno = GRUB_ERR_NONE;
+ return 0;
+ }
+
if (locale[0] == 'e' && locale[1] == 'n'
&& (locale[2] == '\0' || locale[2] == '_'))
grub_errno = err = GRUB_ERR_NONE;

View File

@ -1,42 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Javier Martinez Canillas <javierm@redhat.com>
Date: Mon, 5 Jul 2021 18:24:22 +0200
Subject: [PATCH] grub-set-password: Always use /boot/grub2/user.cfg as
password default
The GRUB configuration file is always placed in /boot/grub2/ now, even for
EFI. But the tool is still creating the user.cfg in the ESP and not there.
Resolves: rhbz#1955294
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
---
util/grub-set-password.in | 9 +--------
1 file changed, 1 insertion(+), 8 deletions(-)
diff --git a/util/grub-set-password.in b/util/grub-set-password.in
index c0b5ebbfdc5..d8005e5a142 100644
--- a/util/grub-set-password.in
+++ b/util/grub-set-password.in
@@ -1,11 +1,6 @@
#!/bin/sh -e
-EFIDIR=$(grep ^ID= /etc/os-release | sed -e 's/^ID=//' -e 's/rhel/redhat/' -e 's/\"//g')
-if [ -d /sys/firmware/efi/efivars/ ]; then
- grubdir=`echo "/@bootdirname@/efi/EFI/${EFIDIR}/" | sed 's,//*,/,g'`
-else
- grubdir=`echo "/@bootdirname@/@grubdirname@" | sed 's,//*,/,g'`
-fi
+grubdir=`echo "/@bootdirname@/@grubdirname@" | sed 's,//*,/,g'`
PACKAGE_VERSION="@PACKAGE_VERSION@"
PACKAGE_NAME="@PACKAGE_NAME@"
@@ -116,8 +111,6 @@ if [ -z "${MYPASS}" ]; then
exit 1
fi
-# on the ESP, these will fail to set the permissions, but it's okay because
-# the directory is protected.
install -m 0600 /dev/null "${OUTPUT_PATH}/user.cfg" 2>/dev/null || :
chmod 0600 "${OUTPUT_PATH}/user.cfg" 2>/dev/null || :
echo "GRUB2_PASSWORD=${MYPASS}" > "${OUTPUT_PATH}/user.cfg"

View File

@ -1,106 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Daniel Axtens <dja@axtens.net>
Date: Fri, 22 Oct 2021 09:53:15 +1100
Subject: [PATCH] powerpc-ieee1275: load grub at 4MB, not 2MB
This was first reported under PFW but reproduces under SLOF.
- The core.elf was 2126152 = 0x207148 bytes in size with the following
program headers (per readelf):
Entry point 0x200000
There are 4 program headers, starting at offset 52
Program Headers:
Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align
LOAD 0x000160 0x00200000 0x00200000 0x21f98 0x2971c RWE 0x8
GNU_STACK 0x0220f8 0x00000000 0x00000000 0x00000 0x00000 RWE 0x4
LOAD 0x0220f8 0x00232000 0x00232000 0x1e4e50 0x1e4e50 RWE 0x4
NOTE 0x206f48 0x00000000 0x00000000 0x00200 0x00000 R 0x4
- SLOF places the ELF file at 0x4000 (after the reserved space for
interrupt handlers etc.) upwards. The image was 2126152 = 0x207148
bytes in size, so it runs from 0x4000 - 0x20b148. We'll call 0x4000 the
load address.
0x0 0x4000 0x20b148
|----------|--------------|
| reserved | ELF contents |
- SLOF then copies the first LOAD program header (for .text). That runs
for 0x21f98 bytes. It runs from
(load addr + 0x160) to (load addr + 0x160 + 0x21f98)
= 0x4160 to 0x260f8
and we copy it to 0x200000 to 0x221f98. This overwrites the end of the
image:
0x0 0x4000 0x200000 0x221f98
|----------|------------|---------------|
| reserved | ELF cont.. | .text section |
- SLOF zeros the bss up to PhysAddr + MemSize = 0x22971c
0x0 0x4000 0x200000 0x221f98 0x22971c
|----------|------------|---------------|--------|
| reserved | ELF cont.. | .text section | bss 0s |
- SLOF then goes to fulfil the next LOAD header (for mods), which is
for 0x1e4e50 bytes. We copy from
(load addr + 0x220f8) to (load addr + 0x220f8 + 0x1e4e50)
= 0x260f8 to 0x20af48
and we copy it to 0x232000 to 0x416e50:
0x0 0x4000 0x200000 0x221f98 0x22971c
|----------|------------|---------------|--------|
| reserved | ELF cont.. | .text section | bss 0s |
|-------------|
| copied area |
0x260f8 0x20af48
This goes poorly:
0x0 0x4000 0x200000 0x221f98 0x22971c 0x232000 0x40bf08 0x416e50
|----------|------------|---------------|--------|-----|-----------|-------------|
| reserved | ELF cont.. | .text section | bss 0s | pad | some mods | .text start |
This matches the observations on the running system - 0x40bf08 was where
the contents of memory no longer matched the contents of the ELF file.
This was reported as a license verification failure on SLOF as the
last module's .module_license section fell past where the corruption
began.
Signed-off-by: Daniel Axtens <dja@axtens.net>
[rharwood@redhat.com: trim very detailed commit message]
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
---
grub-core/Makefile.core.def | 2 +-
include/grub/offsets.h | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def
index c748a37b4c5..ceb15879272 100644
--- a/grub-core/Makefile.core.def
+++ b/grub-core/Makefile.core.def
@@ -99,7 +99,7 @@ kernel = {
i386_xen_pvh_ldflags = '$(TARGET_IMG_BASE_LDOPT),0x100000';
mips_loongson_ldflags = '-Wl,-Ttext,0x80200000';
- powerpc_ieee1275_ldflags = '-Wl,-Ttext,0x200000';
+ powerpc_ieee1275_ldflags = '-Wl,-Ttext,0x400000';
sparc64_ieee1275_ldflags = '-Wl,-Ttext,0x4400';
mips_arc_ldflags = '-Wl,-Ttext,$(TARGET_LINK_ADDR)';
mips_qemu_mips_ldflags = '-Wl,-Ttext,0x80200000';
diff --git a/include/grub/offsets.h b/include/grub/offsets.h
index 871e1cd4c38..69211aa798b 100644
--- a/include/grub/offsets.h
+++ b/include/grub/offsets.h
@@ -63,7 +63,7 @@
#define GRUB_KERNEL_SPARC64_IEEE1275_LINK_ADDR 0x4400
#define GRUB_KERNEL_POWERPC_IEEE1275_LINK_ALIGN 4
-#define GRUB_KERNEL_POWERPC_IEEE1275_LINK_ADDR 0x200000
+#define GRUB_KERNEL_POWERPC_IEEE1275_LINK_ADDR 0x400000
#define GRUB_KERNEL_MIPS_LOONGSON_LINK_ADDR 0x80200000

View File

@ -1,30 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: fluteze <fluteze@gmail.com>
Date: Sat, 27 Nov 2021 10:54:44 -0600
Subject: [PATCH] Add Fedora location of DejaVu SANS font
In Fedora 35, and possibly earlier, grub would fail to configure with a
complaint about DejaVu being "not found" even though it was installed.
The DejaVu sans font search path is updated to reflect the
distribution's current install path.
Signed-off-by: Erik Edwards <fluteze@gmail.com>
[rharwood@redhat.com: slight commit message edits]
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
---
configure.ac | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/configure.ac b/configure.ac
index 016cd3d4e0e..d223fe3ef6e 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1924,7 +1924,7 @@ if test "x$with_dejavufont" = x; then
# search in well-known directories
if test x"$starfield_excuse" = x; then
for ext in pcf pcf.gz bdf bdf.gz ttf ttf.gz; do
- for dir in . /usr/src /usr/share/fonts/X11/misc /usr/share/fonts/truetype/ttf-dejavu /usr/share/fonts/dejavu /usr/share/fonts/truetype /usr/pkg/share/fonts/X11/TTF /usr/local/share/fonts/dejavu /usr/X11R6/lib/X11/fonts/TTF; do
+ for dir in . /usr/src /usr/share/fonts/X11/misc /usr/share/fonts/truetype/ttf-dejavu /usr/share/fonts/dejavu /usr/share/fonts/truetype /usr/pkg/share/fonts/X11/TTF /usr/local/share/fonts/dejavu /usr/X11R6/lib/X11/fonts/TTF /usr/share/fonts/dejavu-sans-fonts; do
if test -f "$dir/DejaVuSans.$ext"; then
DJVU_FONT_SOURCE="$dir/DejaVuSans.$ext"
break 2

View File

@ -1,43 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Fri, 15 Jul 2022 15:39:41 -0400
Subject: [PATCH] grub_fs_probe(): dprint errors from filesystems
When filesystem detection fails, all that's currently debug-logged is a
series of messages like:
grub-core/kern/fs.c:56:fs: Detecting ntfs...
grub-core/kern/fs.c:76:fs: ntfs detection failed.
repeated for each filesystem. Any messages provided to grub_error() by
the filesystem are lost, and one has to break out gdb to figure out what
went wrong.
With this change, one instead sees:
grub-core/kern/fs.c:56:fs: Detecting fat...
grub-core/osdep/hostdisk.c:357:hostdisk: reusing open device
`/path/to/device'
grub-core/kern/fs.c:77:fs: error: invalid modification timestamp for /.
grub-core/kern/fs.c:79:fs: fat detection failed.
in the debug prints.
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
(cherry picked from commit 838c79d658797d0662ee7f9e033e38ee88059e02)
---
grub-core/kern/fs.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/grub-core/kern/fs.c b/grub-core/kern/fs.c
index 7ad0aaf4e29..f25bace620b 100644
--- a/grub-core/kern/fs.c
+++ b/grub-core/kern/fs.c
@@ -74,6 +74,7 @@ grub_fs_probe (grub_device_t device)
if (grub_errno == GRUB_ERR_NONE)
return p;
+ grub_dprintf ("fs", _("error: %s.\n"), grub_errmsg);
grub_error_push ();
/* The grub_error_push() does not touch grub_errmsg. */
grub_dprintf ("fs", _("error: %s.\n"), grub_errmsg);

View File

@ -1,27 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Tue, 2 Aug 2022 15:56:28 -0400
Subject: [PATCH] BLS: create /etc/kernel/cmdline during mkconfig
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
---
util/grub.d/10_linux.in | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in
index 360ce26e5f9..a6568caf7d1 100644
--- a/util/grub.d/10_linux.in
+++ b/util/grub.d/10_linux.in
@@ -163,6 +163,12 @@ update_bls_cmdline()
local cmdline="root=${LINUX_ROOT_DEVICE} ro ${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT}"
local -a files=($(get_sorted_bls))
+ if [[ ! -f /etc/kernel/cmdline ]]; then
+ # anaconda has the correct information to do this during install;
+ # afterward, grubby will take care of syncing on updates.
+ echo "$cmdline rhgb quiet" > /etc/kernel/cmdline
+ fi
+
for bls in "${files[@]}"; do
local options="${cmdline}"
if [ -z "${bls##*debug*}" ]; then

View File

@ -1,35 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Wed, 17 Aug 2022 10:26:07 -0400
Subject: [PATCH] squish: don't dup rhgb quiet, check mtimes
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
---
util/grub.d/10_linux.in | 14 ++++++++++----
1 file changed, 10 insertions(+), 4 deletions(-)
diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in
index a6568caf7d1..079bb9a0961 100644
--- a/util/grub.d/10_linux.in
+++ b/util/grub.d/10_linux.in
@@ -163,10 +163,16 @@ update_bls_cmdline()
local cmdline="root=${LINUX_ROOT_DEVICE} ro ${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT}"
local -a files=($(get_sorted_bls))
- if [[ ! -f /etc/kernel/cmdline ]]; then
- # anaconda has the correct information to do this during install;
- # afterward, grubby will take care of syncing on updates.
- echo "$cmdline rhgb quiet" > /etc/kernel/cmdline
+ if [[ ! -f /etc/kernel/cmdline ]] ||
+ [[ /etc/kernel/cmdline -ot /etc/default/grub ]]; then
+ # anaconda has the correct information to create this during install;
+ # afterward, grubby will take care of syncing on updates. If the user
+ # has modified /etc/default/grub, try to cope.
+ if [[ ! "$cmdline" =~ "rhgb quiet" ]]; then
+ # ensure these only show up once
+ cmdline="$cmdline rhgb quiet"
+ fi
+ echo "$cmdline" > /etc/kernel/cmdline
fi
for bls in "${files[@]}"; do

View File

@ -1,25 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Wed, 17 Aug 2022 11:30:30 -0400
Subject: [PATCH] squish: give up on rhgb quiet
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
---
util/grub.d/10_linux.in | 4 ----
1 file changed, 4 deletions(-)
diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in
index 079bb9a0961..2dddc39816f 100644
--- a/util/grub.d/10_linux.in
+++ b/util/grub.d/10_linux.in
@@ -168,10 +168,6 @@ update_bls_cmdline()
# anaconda has the correct information to create this during install;
# afterward, grubby will take care of syncing on updates. If the user
# has modified /etc/default/grub, try to cope.
- if [[ ! "$cmdline" =~ "rhgb quiet" ]]; then
- # ensure these only show up once
- cmdline="$cmdline rhgb quiet"
- fi
echo "$cmdline" > /etc/kernel/cmdline
fi

View File

@ -1,57 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Jonathan Lebon <jonathan@jlebon.com>
Date: Wed, 17 Aug 2022 10:26:03 -0400
Subject: [PATCH] squish: BLS: only write /etc/kernel/cmdline if writable
On OSTree systems, `grub2-mkconfig` is run with `/etc` mounted read-only
because as part of the promise of transactional updates, we want to make
sure that we're not modifying the current deployment's state (`/etc` or
`/var`).
This conflicts with 0837dcdf1 ("BLS: create /etc/kernel/cmdline during
mkconfig") which wants to write to `/etc/kernel/cmdline`. I'm not
exactly sure on the background there, but based on the comment I think
the intent is to fulfill grubby's expectation that the file exists.
However, in systems like Silverblue, kernel arguments are managed by the
rpm-ostree stack and grubby is not shipped at all.
Adjust the script slightly so that we only write `/etc/kernel/cmdline`
if the parent directory is writable.
In the future, we're hoping to simplify things further on rpm-ostree
systems by not running `grub2-mkconfig` at all since libostree already
directly writes BLS entries. Doing that would also have avoided this,
but ratcheting it into existing systems needs more careful thought.
Signed-off-by: Jonathan Lebon <jonathan@jlebon.com>
Fixes: https://github.com/fedora-silverblue/issue-tracker/issues/322
---
util/grub.d/10_linux.in | 13 +++++++------
1 file changed, 7 insertions(+), 6 deletions(-)
diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in
index 2dddc39816f..11c19304f8b 100644
--- a/util/grub.d/10_linux.in
+++ b/util/grub.d/10_linux.in
@@ -163,12 +163,13 @@ update_bls_cmdline()
local cmdline="root=${LINUX_ROOT_DEVICE} ro ${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT}"
local -a files=($(get_sorted_bls))
- if [[ ! -f /etc/kernel/cmdline ]] ||
- [[ /etc/kernel/cmdline -ot /etc/default/grub ]]; then
- # anaconda has the correct information to create this during install;
- # afterward, grubby will take care of syncing on updates. If the user
- # has modified /etc/default/grub, try to cope.
- echo "$cmdline" > /etc/kernel/cmdline
+ if [ -w /etc/kernel ] &&
+ [[ ! -f /etc/kernel/cmdline ||
+ /etc/kernel/cmdline -ot /etc/default/grub ]]; then
+ # anaconda has the correct information to create this during install;
+ # afterward, grubby will take care of syncing on updates. If the user
+ # has modified /etc/default/grub, try to cope.
+ echo "$cmdline" > /etc/kernel/cmdline
fi
for bls in "${files[@]}"; do

View File

@ -1,27 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Thu, 25 Aug 2022 17:57:55 -0400
Subject: [PATCH] blscfg: Don't root device in emu builds
Otherwise, we end up looking for kernel/initrd in /boot/boot which
doesn't work at all. Non-emu builds need to be looking in
($root)/boot/, which is what this is for.
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
---
grub-core/commands/blscfg.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/grub-core/commands/blscfg.c b/grub-core/commands/blscfg.c
index e907a6a5d28..dbd0899acf3 100644
--- a/grub-core/commands/blscfg.c
+++ b/grub-core/commands/blscfg.c
@@ -41,7 +41,7 @@ GRUB_MOD_LICENSE ("GPLv3+");
#define GRUB_BLS_CONFIG_PATH "/loader/entries/"
#ifdef GRUB_MACHINE_EMU
-#define GRUB_BOOT_DEVICE "/boot"
+#define GRUB_BOOT_DEVICE ""
#else
#define GRUB_BOOT_DEVICE "($root)"
#endif

View File

@ -1,123 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Wed, 25 Jan 2023 16:10:58 -0500
Subject: [PATCH] ppc64le: signed boot media changes
Skip mdraid < 1.1 on isos since mdraid* can't even
Prior to this change, on ppc64le with part_msdos and the mdraid* modules
enabled, we see:
disk/diskfilter.c:191: scanning ieee1275/cdrom
kern/disk.c:196: Opening `ieee1275/cdrom'...
disk/ieee1275/ofdisk.c:477: Opening `cdrom'.
disk/ieee1275/ofdisk.c:502: MAX_RETRIES set to 20
kern/disk.c:288: Opening `ieee1275/cdrom' succeeded.
disk/diskfilter.c:136: Scanning for DISKFILTER devices on disk ieee1275/cdrom
partmap/msdos.c:184: partition 0: flag 0x80, type 0x96, start 0x0, len
0x6a5d70
disk/diskfilter.c:136: Scanning for DISKFILTER devices on disk ieee1275/cdrom
SCSI-DISK: Access beyond end of device !
SCSI-DISK: Access beyond end of device !
SCSI-DISK: Access beyond end of device !
SCSI-DISK: Access beyond end of device !
SCSI-DISK: Access beyond end of device !
disk/ieee1275/ofdisk.c:578: MAX_RETRIES set to 20
These latter two lines repeat many times, eventually ending in:
kern/disk.c:388: ieee1275/cdrom read failed
error: ../../grub-core/disk/ieee1275/ofdisk.c:608:failure reading sector
0x1a9720 from `ieee1275/cdrom'.
and the system drops to a "grub>" prompt.
Prior to 1.1, mdraid stored the superblock offset from the end of the
disk, and the firmware really doesn't like reads there. Best guess was
that the firmware and the iso image appear to diagree on the blocksize
(512 vs. 2048), and the diskfilter RAID probing is too much for it.
It's tempting to just skip probing for cdroms, but unfortunately isos
can be virtualized elsewhere - such as regular disks.
Also fix detection of root, and try the chrp path as a fallback if the
built prefix doesn't work.
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
wip
---
grub-core/disk/mdraid1x_linux.c | 6 ++++++
grub-core/disk/mdraid_linux.c | 5 +++++
grub-core/kern/ieee1275/openfw.c | 2 +-
grub-core/normal/main.c | 5 +++++
4 files changed, 17 insertions(+), 1 deletion(-)
diff --git a/grub-core/disk/mdraid1x_linux.c b/grub-core/disk/mdraid1x_linux.c
index 72e5cb6f481..3b5b6c42342 100644
--- a/grub-core/disk/mdraid1x_linux.c
+++ b/grub-core/disk/mdraid1x_linux.c
@@ -130,6 +130,12 @@ grub_mdraid_detect (grub_disk_t disk,
struct grub_diskfilter_vg *array;
char *uuid;
+#ifdef __powerpc__
+ /* Firmware will yell at us for reading too far. */
+ if (minor_version == 0)
+ continue;
+#endif
+
if (size == GRUB_DISK_SIZE_UNKNOWN && minor_version == 0)
continue;
diff --git a/grub-core/disk/mdraid_linux.c b/grub-core/disk/mdraid_linux.c
index e40216f5111..98fcfb1be69 100644
--- a/grub-core/disk/mdraid_linux.c
+++ b/grub-core/disk/mdraid_linux.c
@@ -189,6 +189,11 @@ grub_mdraid_detect (grub_disk_t disk,
grub_uint32_t level;
struct grub_diskfilter_vg *ret;
+#ifdef __powerpc__
+ /* Firmware will yell at us for reading too far. */
+ return NULL;
+#endif
+
/* The sector where the mdraid 0.90 superblock is stored, if available. */
size = grub_disk_native_sectors (disk);
if (size == GRUB_DISK_SIZE_UNKNOWN)
diff --git a/grub-core/kern/ieee1275/openfw.c b/grub-core/kern/ieee1275/openfw.c
index e2ecc65d2d8..65616254e02 100644
--- a/grub-core/kern/ieee1275/openfw.c
+++ b/grub-core/kern/ieee1275/openfw.c
@@ -499,7 +499,7 @@ grub_ieee1275_encode_devname (const char *path)
*optr++ ='\\';
*optr++ = *iptr++;
}
- if (partition && partition[0])
+ if (partition && partition[0] >= '0' && partition[0] <= '9')
{
unsigned int partno = grub_strtoul (partition, 0, 0);
diff --git a/grub-core/normal/main.c b/grub-core/normal/main.c
index fc3ed551cec..e903f291732 100644
--- a/grub-core/normal/main.c
+++ b/grub-core/normal/main.c
@@ -372,6 +372,7 @@ grub_try_normal_prefix (const char *prefix)
file = grub_file_open (config, GRUB_FILE_TYPE_CONFIG);
if (file)
{
+ grub_env_set ("prefix", prefix);
grub_file_close (file);
err = GRUB_ERR_NONE;
}
@@ -447,6 +448,10 @@ grub_cmd_normal (struct grub_command *cmd __attribute__ ((unused)),
err = grub_try_normal ("fw_path");
if (err == GRUB_ERR_FILE_NOT_FOUND)
err = grub_try_normal ("prefix");
+#ifdef __powerpc__
+ if (err == GRUB_ERR_FILE_NOT_FOUND)
+ err = grub_try_normal_prefix ("/boot/grub");
+#endif
if (err == GRUB_ERR_FILE_NOT_FOUND)
err = grub_try_normal_discover ();
if (err == GRUB_ERR_FILE_NOT_FOUND)

View File

@ -1,54 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Arjun Shankar <arjun@redhat.com>
Date: Sun, 5 Feb 2023 11:13:55 +0100
Subject: [PATCH] core: Fix several implicit function declarations
These #include lines ensure that grub2 continues to build with C99
where implicit function declarations are removed.
Related to:
<https://fedoraproject.org/wiki/Changes/PortingToModernC>
<https://fedoraproject.org/wiki/Toolchain/PortingToModernC>
---
grub-core/commands/efi/connectefi.c | 1 +
grub-core/net/http.c | 1 +
grub-core/term/at_keyboard.c | 1 +
3 files changed, 3 insertions(+)
diff --git a/grub-core/commands/efi/connectefi.c b/grub-core/commands/efi/connectefi.c
index 0f840ea0575..6c397f8f508 100644
--- a/grub-core/commands/efi/connectefi.c
+++ b/grub-core/commands/efi/connectefi.c
@@ -21,6 +21,7 @@
#include <grub/efi/api.h>
#include <grub/efi/pci.h>
#include <grub/efi/efi.h>
+#include <grub/efi/disk.h>
#include <grub/command.h>
#include <grub/err.h>
#include <grub/i18n.h>
diff --git a/grub-core/net/http.c b/grub-core/net/http.c
index ce2b492c353..40df19426c8 100644
--- a/grub-core/net/http.c
+++ b/grub-core/net/http.c
@@ -26,6 +26,7 @@
#include <grub/dl.h>
#include <grub/file.h>
#include <grub/i18n.h>
+#include <grub/env.h>
GRUB_MOD_LICENSE ("GPLv3+");
diff --git a/grub-core/term/at_keyboard.c b/grub-core/term/at_keyboard.c
index 378deb321d9..e667d0a862c 100644
--- a/grub-core/term/at_keyboard.c
+++ b/grub-core/term/at_keyboard.c
@@ -25,6 +25,7 @@
#include <grub/time.h>
#include <grub/loader.h>
#include <grub/ps2.h>
+#include <grub/env.h>
GRUB_MOD_LICENSE ("GPLv3+");

View File

@ -1,109 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Daniel Axtens <dja@axtens.net>
Date: Mon, 6 Feb 2023 10:03:20 -0500
Subject: [PATCH] ieee1275: request memory with ibm,
client-architecture-support
On PowerVM, the first time we boot a Linux partition, we may only get
256MB of real memory area, even if the partition has more memory.
This isn't enough to reliably verify a kernel. Fortunately, the Power
Architecture Platform Reference (PAPR) defines a method we can call to ask
for more memory: the broad and powerful ibm,client-architecture-support
(CAS) method.
CAS can do an enormous amount of things on a PAPR platform: as well as
asking for memory, you can set the supported processor level, the interrupt
controller, hash vs radix mmu, and so on.
If:
- we are running under what we think is PowerVM (compatible property of /
begins with "IBM"), and
- the full amount of RMA is less than 512MB (as determined by the reg
property of /memory)
then call CAS as follows: (refer to the Linux on Power Architecture
Reference, LoPAR, which is public, at B.5.2.3):
- Use the "any" PVR value and supply 2 option vectors.
- Set option vector 1 (PowerPC Server Processor Architecture Level)
to "ignore".
- Set option vector 2 with default or Linux-like options, including a
min-rma-size of 512MB.
- Set option vector 3 to request Floating Point, VMX and Decimal Floating
point, but don't abort the boot if we can't get them.
- Set option vector 4 to request a minimum VP percentage to 1%, which is
what Linux requests, and is below the default of 10%. Without this,
some systems with very large or very small configurations fail to boot.
This will cause a CAS reboot and the partition will restart with 512MB
of RMA. Importantly, grub will notice the 512MB and not call CAS again.
Notes about the choices of parameters:
- A partition can be configured with only 256MB of memory, which would
mean this request couldn't be satisfied, but PFW refuses to load with
only 256MB of memory, so it's a bit moot. SLOF will run fine with 256MB,
but we will never call CAS under qemu/SLOF because /compatible won't
begin with "IBM".)
- unspecified CAS vectors take on default values. Some of these values
might restrict the ability of certain hardware configurations to boot.
This is why we need to specify the VP percentage in vector 4, which is
in turn why we need to specify vector 3.
Finally, we should have enough memory to verify a kernel, and we will
reach Linux. One of the first things Linux does while still running under
OpenFirmware is to call CAS with a much fuller set of options (including
asking for 512MB of memory). Linux includes a much more restrictive set of
PVR values and processor support levels, and this CAS invocation will likely
induce another reboot. On this reboot grub will again notice the higher RMA,
and not call CAS. We will get to Linux again, Linux will call CAS again, but
because the values are now set for Linux this will not induce another CAS
reboot and we will finally boot all the way to userspace.
On all subsequent boots, everything will be configured with 512MB of RMA,
so there will be no further CAS reboots from grub. (phyp is super sticky
with the RMA size - it persists even on cold boots. So if you've ever booted
Linux in a partition, you'll probably never have grub call CAS. It'll only
ever fire the first time a partition loads grub, or if you deliberately lower
the amount of memory your partition has below 512MB.)
Signed-off-by: Daniel Axtens <dja@axtens.net>
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
(cherry picked from commit d5571590b7de61887efac1c298901455697ba307)
---
grub-core/kern/ieee1275/init.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/grub-core/kern/ieee1275/init.c b/grub-core/kern/ieee1275/init.c
index 8ce1a0f09ee..13e8a5b4bb8 100644
--- a/grub-core/kern/ieee1275/init.c
+++ b/grub-core/kern/ieee1275/init.c
@@ -850,6 +850,19 @@ grub_claim_heap (void)
}
#endif
+#if defined(__powerpc__)
+ if (grub_ieee1275_test_flag (GRUB_IEEE1275_FLAG_CAN_TRY_CAS_FOR_MORE_MEMORY))
+ {
+ grub_uint64_t rma_size;
+ grub_err_t err;
+
+ err = grub_ieee1275_total_mem (&rma_size);
+ /* if we have an error, don't call CAS, just hope for the best */
+ if (err == GRUB_ERR_NONE && rma_size < (512 * 1024 * 1024))
+ grub_ieee1275_ibm_cas ();
+ }
+#endif
+
grub_machine_mmap_iterate (heap_init, &total);
}
#endif

View File

@ -1,93 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Thu, 9 Mar 2023 11:18:19 -0500
Subject: [PATCH] hostdisk: work around /proc not reporting size
fstat(2) of files in /proc will yield st_size == 0 regardless of file
contents. Use a negative value in grub_file_t's size to denote "ignore"
and plumb through.
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
---
grub-core/kern/file.c | 28 ++++++++++++++++------------
grub-core/lib/progress.c | 2 +-
grub-core/osdep/unix/hostdisk.c | 6 ++++++
3 files changed, 23 insertions(+), 13 deletions(-)
diff --git a/grub-core/kern/file.c b/grub-core/kern/file.c
index 1794d022fb0..75510df7c92 100644
--- a/grub-core/kern/file.c
+++ b/grub-core/kern/file.c
@@ -172,26 +172,30 @@ grub_file_read (grub_file_t file, void *buf, grub_size_t len)
grub_disk_read_hook_t read_hook;
void *read_hook_data;
- if (file->offset > file->size)
- {
- grub_error (GRUB_ERR_OUT_OF_RANGE,
- N_("attempt to read past the end of file"));
- return -1;
- }
-
if (len == 0)
return 0;
- if (len > file->size - file->offset)
- len = file->size - file->offset;
+#ifdef GRUB_MACHINE_EMU
+ if (file->size >= 0)
+ {
+#endif
+ if (file->offset > file->size)
+ {
+ grub_error (GRUB_ERR_OUT_OF_RANGE,
+ N_("attempt to read past the end of file"));
+ return -1;
+ }
+
+ if (len > file->size - file->offset)
+ len = file->size - file->offset;
+#ifdef GRUB_MACHINE_EMU
+ }
+#endif
/* Prevent an overflow. */
if ((grub_ssize_t) len < 0)
len >>= 1;
- if (len == 0)
- return 0;
-
read_hook = file->read_hook;
read_hook_data = file->read_hook_data;
if (!file->read_hook)
diff --git a/grub-core/lib/progress.c b/grub-core/lib/progress.c
index 4f4389dd586..eb1b7d13cfd 100644
--- a/grub-core/lib/progress.c
+++ b/grub-core/lib/progress.c
@@ -72,7 +72,7 @@ grub_file_progress_hook_real (grub_disk_addr_t sector __attribute__ ((unused)),
* 100ULL * 1000ULL,
now - file->last_progress_time, 0);
- if (file->size == 0)
+ if (file->size <= 0)
percent = 100;
else
percent = grub_divmod64 (100 * file->progress_offset,
diff --git a/grub-core/osdep/unix/hostdisk.c b/grub-core/osdep/unix/hostdisk.c
index 3a00d7451a5..e5f4b4d5f9c 100644
--- a/grub-core/osdep/unix/hostdisk.c
+++ b/grub-core/osdep/unix/hostdisk.c
@@ -71,6 +71,12 @@ grub_util_get_fd_size (grub_util_fd_t fd, const char *name, unsigned *log_secsiz
if (log_secsize)
*log_secsize = 9;
+#ifdef GRUB_MACHINE_EMU
+ /* /proc doesn't behave itself and gives 0 for file sizes to stat. */
+ if (st.st_size == 0 && !grub_strncmp ("/proc", name, 5))
+ return -1;
+#endif
+
return st.st_size;
}

View File

@ -1,118 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Tue, 7 Mar 2023 18:59:40 -0500
Subject: [PATCH] blscfg: check for mounted /boot in emu
Irritatingly, BLS defines paths relatives to the mountpoint of the
filesystem which contains its snippets, not / or any other fixed
location. So grub2-emu needs to know whether /boot is a separate
filesysem from / and conditionally prepend a path.
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
---
grub-core/commands/blscfg.c | 54 ++++++++++++++++++++++++++++++++++++++++-----
1 file changed, 49 insertions(+), 5 deletions(-)
diff --git a/grub-core/commands/blscfg.c b/grub-core/commands/blscfg.c
index dbd0899acf3..6e398fc1757 100644
--- a/grub-core/commands/blscfg.c
+++ b/grub-core/commands/blscfg.c
@@ -40,8 +40,9 @@ GRUB_MOD_LICENSE ("GPLv3+");
#include "loadenv.h"
#define GRUB_BLS_CONFIG_PATH "/loader/entries/"
+
#ifdef GRUB_MACHINE_EMU
-#define GRUB_BOOT_DEVICE ""
+#define GRUB_BOOT_DEVICE "/boot"
#else
#define GRUB_BOOT_DEVICE "($root)"
#endif
@@ -54,8 +55,50 @@ struct keyval
static struct bls_entry *entries = NULL;
+/* Cache probing in frob_boot_device(). Used for linux entry also.
+ * Always true in non-emu, meaning to prefix things with GRUB_BOOT_DEVICE. */
+static int separate_boot = -1;
+
#define FOR_BLS_ENTRIES(var) FOR_LIST_ELEMENTS (var, entries)
+/* BLS appears to make paths relative to the filesystem that snippets are
+ * on, not /. Attempt to cope. */
+static char *frob_boot_device(char *tmp)
+{
+#ifdef GRUB_MACHINE_EMU
+ grub_file_t f;
+ char *line = NULL;
+
+ if (separate_boot != -1)
+ goto probed;
+
+ separate_boot = 0;
+
+ f = grub_file_open ("/proc/mounts", GRUB_FILE_TYPE_CONFIG);
+ if (f == NULL)
+ goto probed;
+
+ while ((line = grub_file_getline (f)))
+ {
+ if (grub_strstr (line, " " GRUB_BOOT_DEVICE " "))
+ {
+ separate_boot = 1;
+ grub_free (line);
+ break;
+ }
+
+ grub_free(line);
+ }
+
+ grub_file_close (f);
+ probed:
+ if (!separate_boot)
+ return grub_stpcpy (tmp, " ");
+#endif
+
+ return grub_stpcpy (tmp, " " GRUB_BOOT_DEVICE);
+}
+
static int bls_add_keyval(struct bls_entry *entry, char *key, char *val)
{
char *k, *v;
@@ -842,7 +885,7 @@ static void create_entry (struct bls_entry *entry)
for (i = 0; early_initrds != NULL && early_initrds[i] != NULL; i++)
{
grub_dprintf ("blscfg", "adding early initrd %s\n", early_initrds[i]);
- tmp = grub_stpcpy (tmp, " " GRUB_BOOT_DEVICE);
+ tmp = frob_boot_device (tmp);
tmp = grub_stpcpy (tmp, initrd_prefix);
tmp = grub_stpcpy (tmp, early_initrds[i]);
grub_free(early_initrds[i]);
@@ -851,7 +894,7 @@ static void create_entry (struct bls_entry *entry)
for (i = 0; initrds != NULL && initrds[i] != NULL; i++)
{
grub_dprintf ("blscfg", "adding initrd %s\n", initrds[i]);
- tmp = grub_stpcpy (tmp, " " GRUB_BOOT_DEVICE);
+ tmp = frob_boot_device (tmp);
tmp = grub_stpcpy (tmp, initrds[i]);
}
tmp = grub_stpcpy (tmp, "\n");
@@ -888,7 +931,7 @@ static void create_entry (struct bls_entry *entry)
}
char *tmp = dt;
tmp = grub_stpcpy (dt, "devicetree");
- tmp = grub_stpcpy (tmp, " " GRUB_BOOT_DEVICE);
+ tmp = frob_boot_device (tmp);
if (add_dt_prefix)
tmp = grub_stpcpy (tmp, prefix);
tmp = grub_stpcpy (tmp, devicetree);
@@ -907,7 +950,8 @@ static void create_entry (struct bls_entry *entry)
"linux %s%s%s%s\n"
"%s%s",
savedefault ? "savedefault\n" : "",
- GRUB_BOOT_DEVICE, clinux, options ? " " : "", options ? options : "",
+ separate_boot ? GRUB_BOOT_DEVICE : "",
+ clinux, options ? " " : "", options ? options : "",
initrd ? initrd : "", dt ? dt : "");
grub_normal_add_menu_entry (argc, argv, classes, id, users, hotkey, NULL, src, 0, &index, entry);

View File

@ -1,38 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Fri, 7 Apr 2023 14:54:35 +0200
Subject: [PATCH] grub_dl_set_mem_attrs(): fix format string
The grub_dprintf() call for printing the message
updating attributes for GOT and trampolines
passes the argument "mod->name", but the format string doesn't accept that
argument.
Print the module name too.
Example output:
> kern/dl.c:736: updating attributes for GOT and trampolines ("video_fb")
Fixes: ad1b904d325b (nx: set page permissions for loaded modules.)
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
---
grub-core/kern/dl.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c
index 25666ae383f..101e0794dd8 100644
--- a/grub-core/kern/dl.c
+++ b/grub-core/kern/dl.c
@@ -733,7 +733,8 @@ grub_dl_set_mem_attrs (grub_dl_t mod, void *ehdr)
{
tgsz = ALIGN_UP(tgsz, arch_addralign);
- grub_dprintf ("modules", "updating attributes for GOT and trampolines\n",
+ grub_dprintf ("modules",
+ "updating attributes for GOT and trampolines (\"%s\")\n",
mod->name);
grub_update_mem_attrs (tgaddr, tgsz, GRUB_MEM_ATTR_R|GRUB_MEM_ATTR_X,
GRUB_MEM_ATTR_W);

View File

@ -1,140 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Fri, 7 Apr 2023 16:21:54 +0200
Subject: [PATCH] grub_dl_set_mem_attrs(): add self-check for the tramp/GOT
sizes
On aarch64 UEFI, we currently have a crasher:
grub_dl_load_core()
grub_dl_load_core_noinit()
/* independent allocation: must remain writable */
mod = grub_zalloc();
/* allocates module image with incorrect tail alignment */
grub_dl_load_segments()
/* write-protecting the module image makes "mod" read-only! */
grub_dl_set_mem_attrs()
grub_update_mem_attrs()
grub_dl_init()
/* page fault, crash */
mod->next = ...;
- Commit 887f1d8fa976 ("modules: load module sections at page-aligned
addresses", 2023-02-08) forgot to page-align the allocation of the
trampolines and GOT areas of grub2 modules, in grub_dl_load_segments().
- Commit ad1b904d325b ("nx: set page permissions for loaded modules.",
2023-02-08) calculated a common bounding box for the trampolines and GOT
areas in grub_dl_set_mem_attrs(), rounded the box size up to a whole
multiple of EFI page size ("arch_addralign"), and write-protected the
resultant page range.
Consequently, grub_dl_load_segments() places the module image in memory
such that its tail -- the end of the trampolines and GOT areas -- lands at
the head of a page whose tail in turn contains independent memory
allocations, such as "mod". grub_dl_set_mem_attrs() will then unwittingly
write-protect these other allocations too.
But "mod" must remain writable: we assign "mod->next" in grub_dl_init()
subsequently. Currently we crash there with a page fault / permission
fault.
(The crash is not trivial to hit: the tramp/GOT areas are irrelevant on
x86_64, plus the page protection depends on the UEFI platform firmware
providing EFI_MEMORY_ATTRIBUTE_PROTOCOL. In practice, the crash is
restricted to aarch64 edk2 (ArmVirtQemu) builds containing commit
1c4dfadb4611, "ArmPkg/CpuDxe: Implement EFI memory attributes protocol",
2023-03-16.)
Example log before the patch:
> kern/dl.c:736: updating attributes for GOT and trampolines ("video_fb")
> kern/efi/mm.c:927: set +rx -w on 0x13b88b000-0x13b88bfff before:rwx after:r-x
> kern/dl.c:744: done updating module memory attributes for "video_fb"
> kern/dl.c:639: flushing 0xe4f0 bytes at 0x13b87d000
> kern/arm64/cache.c:42: D$ line size: 64
> kern/arm64/cache.c:43: I$ line size: 64
> kern/dl.c:839: module name: video_fb
> kern/dl.c:840: init function: 0x0
> kern/dl.c:865: Initing module video_fb
>
> Synchronous Exception at 0x000000013B8A76EC
> PC 0x00013B8A76EC
>
> X0 0x000000013B88B960 X1 0x0000000000000000 X2 0x000000013F93587C X3 0x0000000000000075
>
> SP 0x00000000470745C0 ELR 0x000000013B8A76EC SPSR 0x60000205 FPSR 0x00000000
> ESR 0x9600004F FAR 0x000000013B88B9D0
>
> ESR : EC 0x25 IL 0x1 ISS 0x0000004F
>
> Data abort: Permission fault, third level
Note the following:
- The whole 4K page at 0x1_3B88_B000 is write-protected.
- The "video_fb" module actually lives at [0x1_3B87_D000, 0x1_3B88_B4F0)
-- left-inclusive, right-exclusive --; that is, in the last page (at
0x1_3B88_B000), it only occupies the first 0x4F0 bytes.
- The instruction at 0x1_3B8A_76EC faults. Not shown here, but it is a
store instruction, which writes to the field at offset 0x70 of the
structure pointed-to by the X0 register. This is the "mod->next"
assignment from grub_dl_init().
- The faulting address is therefore (X0 + 0x70), i.e., 0x1_3B88_B9D0. This
is indeed the value held in the FAR register.
- The faulting address 0x1_3B88_B9D0 falls in the above-noted page (at
0x1_3B88_B000), namely at offset 0x9D0. This is *beyond* the first 0x4F0
bytes that the very tail of the "video_fb" module occupies at the front
of that page.
For now, add a self-check that reports this bug (and prevents the crash by
skipping the write protection).
Example log after the patch:
> kern/dl.c:742:BUG: trying to protect pages outside of module allocation
> ("video_fb"): module base 0x13b87d000, size 0xe4f0; tramp/GOT base
> 0x13b88b000, size 0x1000
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
---
grub-core/kern/dl.c | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c
index 101e0794dd8..bad0ad4b945 100644
--- a/grub-core/kern/dl.c
+++ b/grub-core/kern/dl.c
@@ -682,7 +682,7 @@ grub_dl_set_mem_attrs (grub_dl_t mod, void *ehdr)
#if !defined (__i386__) && !defined (__x86_64__) && !defined(__riscv)
grub_size_t arch_addralign = grub_arch_dl_min_alignment ();
grub_addr_t tgaddr;
- grub_uint64_t tgsz;
+ grub_size_t tgsz;
#endif
grub_dprintf ("modules", "updating memory attributes for \"%s\"\n",
@@ -736,6 +736,15 @@ grub_dl_set_mem_attrs (grub_dl_t mod, void *ehdr)
grub_dprintf ("modules",
"updating attributes for GOT and trampolines (\"%s\")\n",
mod->name);
+ if (tgaddr < (grub_addr_t)mod->base ||
+ tgsz > (grub_addr_t)-1 - tgaddr ||
+ tgaddr + tgsz > (grub_addr_t)mod->base + mod->sz)
+ return grub_error (GRUB_ERR_BUG,
+ "BUG: trying to protect pages outside of module "
+ "allocation (\"%s\"): module base %p, size 0x%"
+ PRIxGRUB_SIZE "; tramp/GOT base 0x%" PRIxGRUB_ADDR
+ ", size 0x%" PRIxGRUB_SIZE,
+ mod->name, mod->base, mod->sz, tgaddr, tgsz);
grub_update_mem_attrs (tgaddr, tgsz, GRUB_MEM_ATTR_R|GRUB_MEM_ATTR_X,
GRUB_MEM_ATTR_W);
}

View File

@ -1,70 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Fri, 7 Apr 2023 16:56:09 +0200
Subject: [PATCH] grub_dl_load_segments(): page-align the tramp/GOT areas too
The tramp/GOT write-protection in grub_dl_set_mem_attrs() requires that
the tramp/GOT areas of the module image *not* share a page with any other
memory allocations. Page-align the tramp/GOT areas, while satisfying their
intrinsic alignment requirements too.
Fixes: 887f1d8fa976 (modules: load module sections at page-aligned addresses)
Fixes: ad1b904d325b (nx: set page permissions for loaded modules.)
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
---
grub-core/kern/dl.c | 24 ++++++++++++++++--------
1 file changed, 16 insertions(+), 8 deletions(-)
diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c
index bad0ad4b945..c55f0ecf931 100644
--- a/grub-core/kern/dl.c
+++ b/grub-core/kern/dl.c
@@ -272,7 +272,9 @@ grub_dl_load_segments (grub_dl_t mod, const Elf_Ehdr *e)
#if !defined (__i386__) && !defined (__x86_64__) && !defined(__riscv) && \
!defined (__loongarch__)
grub_size_t tramp;
+ grub_size_t tramp_align;
grub_size_t got;
+ grub_size_t got_align;
grub_err_t err;
#endif
char *ptr;
@@ -304,12 +306,18 @@ grub_dl_load_segments (grub_dl_t mod, const Elf_Ehdr *e)
err = grub_arch_dl_get_tramp_got_size (e, &tramp, &got);
if (err)
return err;
- tsize += ALIGN_UP (tramp, GRUB_ARCH_DL_TRAMP_ALIGN);
- if (talign < GRUB_ARCH_DL_TRAMP_ALIGN)
- talign = GRUB_ARCH_DL_TRAMP_ALIGN;
- tsize += ALIGN_UP (got, GRUB_ARCH_DL_GOT_ALIGN);
- if (talign < GRUB_ARCH_DL_GOT_ALIGN)
- talign = GRUB_ARCH_DL_GOT_ALIGN;
+ tramp_align = GRUB_ARCH_DL_TRAMP_ALIGN;
+ if (tramp_align < arch_addralign)
+ tramp_align = arch_addralign;
+ tsize += ALIGN_UP (tramp, tramp_align);
+ if (talign < tramp_align)
+ talign = tramp_align;
+ got_align = GRUB_ARCH_DL_GOT_ALIGN;
+ if (got_align < arch_addralign)
+ got_align = arch_addralign;
+ tsize += ALIGN_UP (got, got_align);
+ if (talign < got_align)
+ talign = got_align;
#endif
#ifdef GRUB_MACHINE_EMU
@@ -370,11 +378,11 @@ grub_dl_load_segments (grub_dl_t mod, const Elf_Ehdr *e)
}
#if !defined (__i386__) && !defined (__x86_64__) && !defined(__riscv) && \
!defined (__loongarch__)
- ptr = (char *) ALIGN_UP ((grub_addr_t) ptr, GRUB_ARCH_DL_TRAMP_ALIGN);
+ ptr = (char *) ALIGN_UP ((grub_addr_t) ptr, tramp_align);
mod->tramp = ptr;
mod->trampptr = ptr;
ptr += tramp;
- ptr = (char *) ALIGN_UP ((grub_addr_t) ptr, GRUB_ARCH_DL_GOT_ALIGN);
+ ptr = (char *) ALIGN_UP ((grub_addr_t) ptr, got_align);
mod->got = ptr;
mod->gotptr = ptr;
ptr += got;

View File

@ -1,330 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Nicolas Frayer <nfrayer@redhat.com>
Date: Fri, 31 Mar 2023 20:47:58 +0200
Subject: [PATCH] emu: Add switch-root to grub-emu
If the kernel running grub emu is the same as the one we want to
boot, it makes sense that we just switch-root instead of kexec
the same kernel again by doing grub2-emu --switch-root
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
---
grub-core/kern/emu/main.c | 5 +-
grub-core/kern/emu/misc.c | 13 +++
grub-core/loader/emu/linux.c | 209 +++++++++++++++++++++++++++++++++++++++++--
include/grub/emu/exec.h | 2 +-
include/grub/emu/misc.h | 2 +
5 files changed, 223 insertions(+), 8 deletions(-)
diff --git a/grub-core/kern/emu/main.c b/grub-core/kern/emu/main.c
index 38c1576a2ef..61b3181775b 100644
--- a/grub-core/kern/emu/main.c
+++ b/grub-core/kern/emu/main.c
@@ -108,6 +108,7 @@ static struct argp_option options[] = {
{"verbose", 'v', 0, 0, N_("print verbose messages."), 0},
{"hold", 'H', N_("SECS"), OPTION_ARG_OPTIONAL, N_("wait until a debugger will attach"), 0},
{"kexec", 'X', 0, 0, N_("use kexec to boot Linux kernels via systemctl (pass twice to enable dangerous fallback to non-systemctl)."), 0},
+ {"switch-root", 'W', 0, 0, N_("use switch-root to only switch root filesystem without restarting the kernel."), 0},
{ 0, 0, 0, 0, 0, 0 }
};
@@ -168,7 +169,9 @@ argp_parser (int key, char *arg, struct argp_state *state)
case 'X':
grub_util_set_kexecute ();
break;
-
+ case 'W':
+ grub_util_set_switch_root ();
+ break;
case ARGP_KEY_ARG:
{
/* Too many arguments. */
diff --git a/grub-core/kern/emu/misc.c b/grub-core/kern/emu/misc.c
index d145e5796b3..7b9731b7efa 100644
--- a/grub-core/kern/emu/misc.c
+++ b/grub-core/kern/emu/misc.c
@@ -40,6 +40,7 @@
int verbosity;
int kexecute;
+int switchroot = 0;
void
grub_util_warn (const char *fmt, ...)
@@ -231,3 +232,15 @@ grub_util_get_kexecute (void)
{
return kexecute;
}
+
+void
+grub_util_set_switch_root (void)
+{
+ switchroot = 1;
+}
+
+int
+grub_util_get_switch_root (void)
+{
+ return switchroot;
+}
diff --git a/grub-core/loader/emu/linux.c b/grub-core/loader/emu/linux.c
index 7de3f7f8610..6feb0412c58 100644
--- a/grub-core/loader/emu/linux.c
+++ b/grub-core/loader/emu/linux.c
@@ -15,7 +15,6 @@
* You should have received a copy of the GNU General Public License
* along with GRUB. If not, see <http://www.gnu.org/licenses/>.
*/
-
#include <grub/loader.h>
#include <grub/dl.h>
#include <grub/command.h>
@@ -33,6 +32,196 @@ static char *kernel_path;
static char *initrd_path;
static char *boot_cmdline;
+static grub_err_t
+grub_switch_root (void)
+{
+ char *tmp = NULL;
+ char *options_cmd = NULL;
+ char *options = NULL;
+ char *subvol = NULL;
+ char *root_uuid = NULL;
+ char *kernel_release = NULL;
+ grub_err_t rc = GRUB_ERR_NONE;
+ const char *subvol_param = "subvol=";
+ const char *kernel_release_prefix = "/boot/vmlinuz-";
+ const char *root_prefix = "root=";
+ const char *systemctl[] = {"systemctl", "--force", "switch-root", "/sysroot", NULL};
+ const char *mountrootfs[] = {"mount", root_uuid, "/sysroot", options_cmd, options, NULL};
+ const char *unamer[] = {"uname", "-r", NULL};
+ char *uname_buf = NULL;
+ int i = 0;
+
+ /* Extract the kernel release tag from kernel_path */
+ if (!kernel_path)
+ {
+ rc = GRUB_ERR_BAD_ARGUMENT;
+ grub_dprintf ("linux", "switch_root: No kernel_path found\n");
+ goto out;
+ }
+
+ if ((kernel_release = grub_xasprintf ("%s", (kernel_path + grub_strlen (kernel_release_prefix)))) == NULL)
+ {
+ grub_dprintf ("linux", "switch_root: Failed to allocate memory\n");
+ rc = GRUB_ERR_BAD_ARGUMENT;
+ goto out;
+ }
+
+
+ /* Check for kernel mismatch */
+ /* Retrieve the current kernel relase tag */
+ grub_util_exec_redirect (unamer, NULL, "/tmp/version");
+
+ grub_file_t f = grub_file_open ("/tmp/version", GRUB_FILE_TYPE_FS_SEARCH);
+
+ if (f == NULL)
+ {
+ grub_dprintf ("linux", "failed opening file.\n");
+ rc = GRUB_ERR_FILE_NOT_FOUND;
+ goto out;
+ }
+
+ if ((uname_buf = grub_malloc (f->size)) == NULL)
+ {
+ grub_dprintf ("linux", "switch_root: Failed to allocate memory\n");
+ rc = GRUB_ERR_OUT_OF_MEMORY;
+ goto out;
+ }
+
+ if (grub_file_read (f, uname_buf, f->size) < 0)
+ {
+ grub_dprintf ("linux", "switch_root: failed to read from file\n");
+ rc = GRUB_ERR_FILE_READ_ERROR;
+ goto out;
+ }
+
+ grub_file_close (f);
+
+ if (grub_strstr (uname_buf, kernel_release) == NULL)
+ {
+ grub_dprintf ("linux", "switch_root: kernel mismatch, not performing switch-root ...\n");
+ rc = GRUB_ERR_NO_KERNEL;
+ goto out;
+ }
+
+ /* Extract the root partition from boot_cmdline */
+ if (!boot_cmdline)
+ {
+ rc = GRUB_ERR_BAD_ARGUMENT;
+ goto out;
+ }
+
+ tmp = grub_strdup (boot_cmdline);
+
+ if (tmp == NULL)
+ {
+ rc = GRUB_ERR_OUT_OF_MEMORY;
+ goto out;
+ }
+
+ if ((root_uuid = grub_strstr (tmp, root_prefix)) == NULL)
+ {
+ rc = GRUB_ERR_BAD_ARGUMENT;
+ grub_dprintf ("linux", "switch_root: Can't find rootfs\n");
+ goto out;
+ }
+
+ root_uuid += grub_strlen (root_prefix);
+
+ while (root_uuid[i] != ' ' && root_uuid[i] != '\0')
+ i++;
+
+ root_uuid[i] = '\0';
+
+ /* Allocate a new buffer holding root_uuid */
+ root_uuid = grub_xasprintf ("%s", root_uuid);
+
+ if (root_uuid == NULL)
+ {
+ grub_dprintf ("linux", "switch_root: Failed to allocated memory\n");
+ rc = GRUB_ERR_OUT_OF_MEMORY;
+ goto out;
+ }
+
+ /* Check for subvol parameter */
+ grub_strcpy (tmp, boot_cmdline);
+
+ if ((subvol = grub_strstr(tmp, subvol_param)) != NULL)
+ {
+ i = 0;
+
+ while (subvol[i] != ' ' && subvol[i] != '\0')
+ i++;
+
+ subvol[i] = '\0';
+
+ /* Allocate a new buffer holding subvol */
+ subvol = grub_xasprintf("%s", subvol);
+
+ if (subvol == NULL)
+ {
+ grub_dprintf ("linux", "switch_root: Failed to allocated memory\n");
+ rc = GRUB_ERR_OUT_OF_MEMORY;
+ goto out;
+ }
+
+ options_cmd = grub_xasprintf("%s", "-o");
+ options = grub_xasprintf("%s", subvol);
+ }
+
+ if (options == NULL)
+ {
+ mountrootfs[3] = NULL;
+ }
+ else
+ {
+ mountrootfs[3] = options_cmd;
+ mountrootfs[4] = options;
+ }
+
+ mountrootfs[1] = root_uuid;
+
+ grub_dprintf ("linux", "Executing:\n");
+ grub_dprintf ("linux", "%s %s %s %s %s\n", mountrootfs[0], mountrootfs[1],
+ mountrootfs[2], mountrootfs[3], mountrootfs[4]);
+
+ /* Mount the rootfs */
+ rc = grub_util_exec (mountrootfs);
+
+ if (rc != GRUB_ERR_NONE)
+ {
+ grub_dprintf ("linux", "switch_root: Failed.\n");
+ rc = GRUB_ERR_INVALID_COMMAND;
+ goto out;
+ }
+
+ grub_dprintf ("linux", "Done.\n");
+
+ grub_dprintf ("linux", "%s %s %s %s\n", systemctl[0], systemctl[1],
+ systemctl[2], systemctl[3]);
+
+ /* Switch root */
+ rc = grub_util_exec (systemctl);
+
+ if (rc != GRUB_ERR_NONE)
+ {
+ grub_dprintf ("linux", "switch_root: Failed.\n");
+ rc = GRUB_ERR_INVALID_COMMAND;
+ goto out;
+ }
+
+ grub_dprintf ("linux", "Done.\n");
+
+out:
+ grub_free (tmp);
+ grub_free (options_cmd);
+ grub_free (options);
+ grub_free (subvol);
+ grub_free (root_uuid);
+ grub_free (uname_buf);
+ grub_free (kernel_release);
+ return rc;
+}
+
static grub_err_t
grub_linux_boot (void)
{
@@ -51,12 +240,20 @@ grub_linux_boot (void)
else
initrd_param = grub_xasprintf ("%s", "");
- grub_dprintf ("linux", "%serforming 'kexec -la %s %s %s'\n",
- (kexecute) ? "P" : "Not p",
- kernel_path, initrd_param, boot_cmdline);
+ if (grub_util_get_switch_root() == 1)
+ {
+ rc = grub_switch_root();
+ if (rc != GRUB_ERR_NONE)
+ grub_fatal (N_("Failed to execute switch_root\n"));
+ }
+ else if (kexecute)
+ {
+ grub_dprintf ("linux", "%serforming 'kexec -la %s %s %s'\n",
+ (kexecute) ? "P" : "Not p",
+ kernel_path, initrd_param, boot_cmdline);
- if (kexecute)
- rc = grub_util_exec (kexec);
+ rc = grub_util_exec (kexec);
+ }
grub_free (initrd_param);
diff --git a/include/grub/emu/exec.h b/include/grub/emu/exec.h
index 1b61b4a2e5d..e82f13215e0 100644
--- a/include/grub/emu/exec.h
+++ b/include/grub/emu/exec.h
@@ -36,7 +36,7 @@ grub_util_exec_redirect_all (const char *const *argv, const char *stdin_file,
int
EXPORT_FUNC(grub_util_exec) (const char *const *argv);
int
-grub_util_exec_redirect (const char *const *argv, const char *stdin_file,
+EXPORT_FUNC(grub_util_exec_redirect) (const char *const *argv, const char *stdin_file,
const char *stdout_file);
int
grub_util_exec_redirect_null (const char *const *argv);
diff --git a/include/grub/emu/misc.h b/include/grub/emu/misc.h
index 01056954b96..f3a712a8b2f 100644
--- a/include/grub/emu/misc.h
+++ b/include/grub/emu/misc.h
@@ -59,6 +59,8 @@ void EXPORT_FUNC(grub_util_error) (const char *fmt, ...) __attribute__ ((format
void EXPORT_FUNC(grub_util_set_kexecute) (void);
int EXPORT_FUNC(grub_util_get_kexecute) (void) WARN_UNUSED_RESULT;
+void EXPORT_FUNC(grub_util_set_switch_root) (void);
+int EXPORT_FUNC(grub_util_get_switch_root) (void);
grub_uint64_t EXPORT_FUNC (grub_util_get_cpu_time_ms) (void);

View File

@ -1,52 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Christian Glombek <cglombek@redhat.com>
Date: Wed, 9 Aug 2023 18:11:25 +0200
Subject: [PATCH] Add [Install] section to aux systemd units
Currently in Fedora, these services are statically enabled by symlinks,
with no other way to disable them than to manually delete those symlinks.
This is problematic in Fedora IoT, where grub-boot-success.timer is
not supposed to be enabled.
This change adds `[Install]` sections to all systemd units that are
currently enabled statically, so that they can be enabled dynamically
via presets or manually instead.
---
docs/grub-boot-indeterminate.service | 3 +++
docs/grub-boot-success.timer | 3 +++
util/systemd/grub-systemd-integration.service.in | 3 +++
3 files changed, 9 insertions(+)
diff --git a/docs/grub-boot-indeterminate.service b/docs/grub-boot-indeterminate.service
index 6c8dcb186b6..5bcb474a3d3 100644
--- a/docs/grub-boot-indeterminate.service
+++ b/docs/grub-boot-indeterminate.service
@@ -9,3 +9,6 @@ Before=system-update-pre.target
[Service]
Type=oneshot
ExecStart=/usr/bin/grub2-editenv - incr boot_indeterminate
+
+[Install]
+WantedBy=system-update.target
diff --git a/docs/grub-boot-success.timer b/docs/grub-boot-success.timer
index 406f1720056..1d124cccc14 100644
--- a/docs/grub-boot-success.timer
+++ b/docs/grub-boot-success.timer
@@ -5,3 +5,6 @@ ConditionVirtualization=!container
[Timer]
OnActiveSec=2min
+
+[Install]
+WantedBy=timers.target
diff --git a/util/systemd/grub-systemd-integration.service.in b/util/systemd/grub-systemd-integration.service.in
index c81fb594ce1..22ca1ca4885 100644
--- a/util/systemd/grub-systemd-integration.service.in
+++ b/util/systemd/grub-systemd-integration.service.in
@@ -6,3 +6,6 @@ ConditionPathExists=/run/systemd/reboot-to-boot-loader-menu
[Service]
ExecStart=@libexecdir@/@grubdirname@/systemd-integration.sh
+
+[Install]
+WantedBy=reboot.target

View File

@ -1,28 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Fri, 29 Sep 2023 10:56:11 -0400
Subject: [PATCH] Fix missing #include in ofdisk.c
Recently we started building with -Werror=implicit-function-declaration,
and discovered that ofdisk.c is missing an include to declare
grub_env_get().
This patch adds that #include.
Signed-off-by: Peter Jones <pjones@redhat.com>
---
grub-core/disk/ieee1275/ofdisk.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/grub-core/disk/ieee1275/ofdisk.c b/grub-core/disk/ieee1275/ofdisk.c
index b413822bb87..57624fde55c 100644
--- a/grub-core/disk/ieee1275/ofdisk.c
+++ b/grub-core/disk/ieee1275/ofdisk.c
@@ -24,6 +24,7 @@
#include <grub/ieee1275/ofdisk.h>
#include <grub/i18n.h>
#include <grub/time.h>
+#include <grub/env.h>
static char *last_devpath;
static grub_ieee1275_ihandle_t last_ihandle;

View File

@ -1,160 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Marta Lewandowska <mlewando@redhat.com>
Date: Mon, 9 Oct 2023 08:53:18 +0200
Subject: [PATCH] add flag to only search root dev
fixes bz#2223437
Signed-off-by: Marta Lewandowska <mlewando@redhat.com>
---
grub-core/commands/search.c | 36 ++++++++++++++++++++++++++++++++++++
grub-core/commands/search_wrap.c | 5 +++++
grub-core/kern/misc.c | 30 ++++++++++++++++++++++++++++++
include/grub/misc.h | 1 +
include/grub/search.h | 3 ++-
5 files changed, 74 insertions(+), 1 deletion(-)
diff --git a/grub-core/commands/search.c b/grub-core/commands/search.c
index 263f1501cdf..db8692ffbfb 100644
--- a/grub-core/commands/search.c
+++ b/grub-core/commands/search.c
@@ -86,6 +86,42 @@ iterate_device (const char *name, void *data)
grub_device_close (dev);
}
+ /* Skip it if it's not the root device when requested. */
+ if (ctx->flags & SEARCH_FLAGS_ROOTDEV_ONLY)
+ {
+ const char *root_dev;
+ root_dev = grub_env_get ("root");
+ if (root_dev != NULL && *root_dev != '\0')
+ {
+ char *root_disk = grub_malloc (grub_strlen(root_dev) + 1);
+ char *name_disk = grub_malloc (grub_strlen(name) + 1);
+ char *rem_1 = grub_malloc(grub_strlen(root_dev) + 1);
+ char *rem_2 = grub_malloc(grub_strlen(name) + 1);
+
+ if (root_disk != NULL && name_disk != NULL &&
+ rem_1 != NULL && rem_2 != NULL)
+ {
+ /* get just the disk name; partitions will be different. */
+ grub_str_sep (root_dev, root_disk, ',', rem_1);
+ grub_str_sep (name, name_disk, ',', rem_2);
+ if (root_disk != NULL && *root_disk != '\0' &&
+ name_disk != NULL && *name_disk != '\0')
+ if (grub_strcmp(root_disk, name_disk) != 0)
+ {
+ grub_free (root_disk);
+ grub_free (name_disk);
+ grub_free (rem_1);
+ grub_free (rem_2);
+ return 0;
+ }
+ }
+ grub_free (root_disk);
+ grub_free (name_disk);
+ grub_free (rem_1);
+ grub_free (rem_2);
+ }
+ }
+
#ifdef DO_SEARCH_FS_UUID
#define compare_fn grub_strcasecmp
#else
diff --git a/grub-core/commands/search_wrap.c b/grub-core/commands/search_wrap.c
index 318581f3b1e..4fe6440c65b 100644
--- a/grub-core/commands/search_wrap.c
+++ b/grub-core/commands/search_wrap.c
@@ -41,6 +41,7 @@ static const struct grub_arg_option options[] =
ARG_TYPE_STRING},
{"no-floppy", 'n', 0, N_("Do not probe any floppy drive."), 0, 0},
{"efidisk-only", 0, 0, N_("Only probe EFI disks."), 0, 0},
+ {"root-dev-only", 'r', 0, N_("Only probe root device."), 0, 0},
{"hint", 'h', GRUB_ARG_OPTION_REPEATABLE,
N_("First try the device HINT. If HINT ends in comma, "
"also try subpartitions"), N_("HINT"), ARG_TYPE_STRING},
@@ -75,6 +76,7 @@ enum options
SEARCH_SET,
SEARCH_NO_FLOPPY,
SEARCH_EFIDISK_ONLY,
+ SEARCH_ROOTDEV_ONLY,
SEARCH_HINT,
SEARCH_HINT_IEEE1275,
SEARCH_HINT_BIOS,
@@ -189,6 +191,9 @@ grub_cmd_search (grub_extcmd_context_t ctxt, int argc, char **args)
if (state[SEARCH_EFIDISK_ONLY].set)
flags |= SEARCH_FLAGS_EFIDISK_ONLY;
+ if (state[SEARCH_ROOTDEV_ONLY].set)
+ flags |= SEARCH_FLAGS_ROOTDEV_ONLY;
+
if (state[SEARCH_LABEL].set)
grub_search_label (id, var, flags, hints, nhints);
else if (state[SEARCH_FS_UUID].set)
diff --git a/grub-core/kern/misc.c b/grub-core/kern/misc.c
index f607244e7ae..96ab7c96b52 100644
--- a/grub-core/kern/misc.c
+++ b/grub-core/kern/misc.c
@@ -645,6 +645,36 @@ grub_reverse (char *str)
}
}
+/* Separate string into two parts, broken up by delimiter delim. */
+void
+grub_str_sep (const char *s, char *p, char delim, char *r)
+{
+ char* t = grub_strndup(s, grub_strlen(s));
+
+ if (t != NULL && *t != '\0')
+ {
+ char* tmp = t;
+
+ while (((*p = *t) != '\0') && ((*p = *t) != delim))
+ {
+ p++;
+ t++;
+ }
+ *p = '\0';
+
+ if (*t != '\0')
+ {
+ t++;
+ while ((*r++ = *t++) != '\0')
+ ;
+ *r = '\0';
+ }
+ grub_free (tmp);
+ }
+ else
+ grub_free (t);
+}
+
/* Divide N by D, return the quotient, and store the remainder in *R. */
grub_uint64_t
grub_divmod64 (grub_uint64_t n, grub_uint64_t d, grub_uint64_t *r)
diff --git a/include/grub/misc.h b/include/grub/misc.h
index c3c735371dc..3e9a00f0a9c 100644
--- a/include/grub/misc.h
+++ b/include/grub/misc.h
@@ -343,6 +343,7 @@ char *EXPORT_FUNC(grub_strdup) (const char *s) WARN_UNUSED_RESULT;
char *EXPORT_FUNC(grub_strndup) (const char *s, grub_size_t n) WARN_UNUSED_RESULT;
void *EXPORT_FUNC(grub_memset) (void *s, int c, grub_size_t n);
grub_size_t EXPORT_FUNC(grub_strlen) (const char *s) WARN_UNUSED_RESULT;
+void EXPORT_FUNC(grub_str_sep) (const char *s, char *p, char delim, char *r);
/* Replace all `ch' characters of `input' with `with' and copy the
result into `output'; return EOS address of `output'. */
diff --git a/include/grub/search.h b/include/grub/search.h
index ffd2411ca1a..9343c66b134 100644
--- a/include/grub/search.h
+++ b/include/grub/search.h
@@ -23,7 +23,8 @@ enum search_flags
{
SEARCH_FLAGS_NONE = 0,
SEARCH_FLAGS_NO_FLOPPY = 1,
- SEARCH_FLAGS_EFIDISK_ONLY = 2
+ SEARCH_FLAGS_EFIDISK_ONLY = 2,
+ SEARCH_FLAGS_ROOTDEV_ONLY = 4
};
void grub_search_fs_file (const char *key, const char *var,

View File

@ -1,28 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Mon, 8 Jan 2024 15:44:27 -0500
Subject: [PATCH] cryptdisk: fix incorrect sign comparison
grub_util_get_fd_size() returns a signed integer, but we're assigning it
to an unsigned integer and then testing against -1. That's wrong.
This patch makes the variable a signed integer.
Signed-off-by: Peter Jones <pjones@redhat.com>
---
grub-core/disk/cryptodisk.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c
index 2246af51b6a..98e176a139c 100644
--- a/grub-core/disk/cryptodisk.c
+++ b/grub-core/disk/cryptodisk.c
@@ -721,7 +721,7 @@ grub_cryptodisk_open (const char *name, grub_disk_t disk)
#ifdef GRUB_UTIL
if (dev->cheat)
{
- grub_uint64_t cheat_dev_size;
+ grub_int64_t cheat_dev_size;
unsigned int cheat_log_sector_size;
if (!GRUB_UTIL_FD_IS_VALID (dev->cheat_fd))

View File

@ -1,25 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Mon, 8 Jan 2024 15:45:57 -0500
Subject: [PATCH] grub-install: fix a sign comparison error
This is a trivial sign comparison fix.
Signed-off-by: Peter Jones <pjones@redhat.com>
---
util/grub-install-common.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/util/grub-install-common.c b/util/grub-install-common.c
index b58539111da..67afc2eedf4 100644
--- a/util/grub-install-common.c
+++ b/util/grub-install-common.c
@@ -368,7 +368,7 @@ char *grub_install_themes_directory = NULL;
int
grub_install_is_short_mbrgap_supported (void)
{
- int i, j;
+ unsigned int i, j;
static const char *whitelist[] =
{
"part_msdos", "biosdisk", "affs", "afs", "bfs", "archelp",

View File

@ -1,50 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Mon, 8 Jan 2024 15:54:31 -0500
Subject: [PATCH] grub-mount: work around bad integer comparison.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
gcc says:
util/grub-mount.c: In function fuse_read:
util/grub-mount.c:273:11: error: comparison of integer expressions of different signedness: off_t {aka long int} and grub_off_t {aka long unsigned int} [-Werror=sign-compare]
273 | if (off > file->size)
| ^
This is happening because grub_off_t is unsigned but the system's off_t is
signed.
That's too much work to fix today, so this patch works around it with
tests and typecasting.
Signed-off-by: Peter Jones <pjones@redhat.com>
---
util/grub-mount.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/util/grub-mount.c b/util/grub-mount.c
index bf4c8b891be..d369e21666e 100644
--- a/util/grub-mount.c
+++ b/util/grub-mount.c
@@ -269,11 +269,17 @@ fuse_read (const char *path, char *buf, size_t sz, off_t off,
{
grub_file_t file = files[fi->fh];
grub_ssize_t size;
+ grub_off_t offset;
- if (off > file->size)
+ if (off < 0)
return -EINVAL;
- file->offset = off;
+ if ((grub_off_t)off > file->size)
+ return -EINVAL;
+
+ offset = (grub_off_t)off;
+
+ file->offset = offset;
size = grub_file_read (file, buf, sz);
if (size < 0)

View File

@ -1,32 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Mon, 8 Jan 2024 16:03:54 -0500
Subject: [PATCH] power: Fix use after free in get_slave_from_dm()
Signed-off-by: Peter Jones <pjones@redhat.com>
---
grub-core/osdep/linux/ofpath.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/grub-core/osdep/linux/ofpath.c b/grub-core/osdep/linux/ofpath.c
index cc849d9c94c..72772c87a66 100644
--- a/grub-core/osdep/linux/ofpath.c
+++ b/grub-core/osdep/linux/ofpath.c
@@ -775,6 +775,8 @@ get_slave_from_dm(const char * device){
device_path = grub_xasprintf ("/sys/block/%s/slaves", curr_device);
dp = opendir(device_path);
+ if (dp == NULL)
+ grub_util_warn (_("cannot open directory `%s'"), device_path);
free(device_path);
if (dp != NULL)
@@ -800,8 +802,6 @@ get_slave_from_dm(const char * device){
}
closedir (dp);
}
- else
- grub_util_warn (_("cannot open directory `%s'"), device_path);
}
free (directory);

View File

@ -1,37 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Mon, 8 Jan 2024 19:08:33 -0500
Subject: [PATCH] Fix some sign comparison errors
Signed-off-by: Peter Jones <pjones@redhat.com>
---
grub-core/loader/i386/pc/truecrypt.c | 2 +-
grub-core/loader/multiboot_elfxx.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/grub-core/loader/i386/pc/truecrypt.c b/grub-core/loader/i386/pc/truecrypt.c
index bae1ad031b3..7bf801603f4 100644
--- a/grub-core/loader/i386/pc/truecrypt.c
+++ b/grub-core/loader/i386/pc/truecrypt.c
@@ -176,7 +176,7 @@ grub_cmd_truecrypt (grub_command_t cmd __attribute__ ((unused)),
edx = (dh << 8) | grub_get_root_biosnumber ();
- destaddr = ALIGN_DOWN (grub_min (0x90000, grub_mmap_get_lower ())
+ destaddr = ALIGN_DOWN (grub_min (0x90000ull, grub_mmap_get_lower ())
- truecryptmemsize, 64 * 1024);
{
diff --git a/grub-core/loader/multiboot_elfxx.c b/grub-core/loader/multiboot_elfxx.c
index 8d370b0b3f5..24480df5053 100644
--- a/grub-core/loader/multiboot_elfxx.c
+++ b/grub-core/loader/multiboot_elfxx.c
@@ -99,7 +99,7 @@ CONCAT(grub_multiboot_load_elf, XX) (mbi_load_data_t *mld)
return err;
/* FIXME: Should we support program headers at strange locations? */
- phlimit = grub_min (MULTIBOOT_SEARCH, grub_file_size (mld->file));
+ phlimit = grub_min ((grub_off_t)MULTIBOOT_SEARCH, grub_file_size (mld->file));
if ((grub_off_t) ehdr->e_phoff + phnum * ehdr->e_phentsize > phlimit)
return grub_error (GRUB_ERR_BAD_OS, "program header at a too high offset");

View File

@ -1,23 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Mon, 8 Jan 2024 19:12:15 -0500
Subject: [PATCH] normal: Fix a discarded const.
Signed-off-by: Peter Jones <pjones@redhat.com>
---
grub-core/normal/main.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/grub-core/normal/main.c b/grub-core/normal/main.c
index e903f291732..803b9656d36 100644
--- a/grub-core/normal/main.c
+++ b/grub-core/normal/main.c
@@ -406,7 +406,7 @@ grub_try_normal_dev (const char *name, void *data)
static grub_err_t
grub_try_normal_discover (void)
{
- char *prefix = grub_env_get ("prefix");
+ const char *prefix = grub_env_get ("prefix");
grub_err_t err = GRUB_ERR_FILE_NOT_FOUND;
if (!prefix)

View File

@ -1,35 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Mon, 8 Jan 2024 19:14:06 -0500
Subject: [PATCH] at_keyboard: mark grub_keyboard_controller_write unused
It's used sometimes and not others by #ifdef, so mark it unused so the
compiler doesn't complain.
Signed-off-by: Peter Jones <pjones@redhat.com>
---
grub-core/term/at_keyboard.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/grub-core/term/at_keyboard.c b/grub-core/term/at_keyboard.c
index e667d0a862c..d2b716b5b4f 100644
--- a/grub-core/term/at_keyboard.c
+++ b/grub-core/term/at_keyboard.c
@@ -93,7 +93,7 @@ at_command (grub_uint8_t data)
return (i != GRUB_AT_TRIES);
}
-static void
+static void __attribute__((__unused__))
grub_keyboard_controller_write (grub_uint8_t c)
{
at_command (KEYBOARD_COMMAND_WRITE);
@@ -170,7 +170,7 @@ query_mode (void)
grub_uint64_t endtime;
unsigned i;
int e;
- char *envvar;
+ const char *envvar;
for (i = 0; i < GRUB_AT_TRIES; i++) {
grub_dprintf ("atkeyb", "query_mode: sending command to controller\n");

View File

@ -1,23 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Tue, 9 Jan 2024 14:37:25 -0500
Subject: [PATCH] Fix another minor sign comparison error.
Signed-off-by: Peter Jones <pjones@redhat.com>
---
grub-core/kern/mm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/grub-core/kern/mm.c b/grub-core/kern/mm.c
index 1aeeba9e27e..819bc5126a6 100644
--- a/grub-core/kern/mm.c
+++ b/grub-core/kern/mm.c
@@ -505,7 +505,7 @@ grub_memalign (grub_size_t align, grub_size_t size)
goto fail;
/* Preallocate some extra space if heap growth is small. */
- grow = grub_max (grow, GRUB_MM_HEAP_GROW_EXTRA);
+ grow = grub_max (grow, (grub_size_t)GRUB_MM_HEAP_GROW_EXTRA);
/* Align up heap growth to make it friendly to CPU/MMU. */
if (grow > ~(grub_size_t) (GRUB_MM_HEAP_GROW_ALIGN - 1))

View File

@ -1,124 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Oliver Steffen <osteffen@redhat.com>
Date: Wed, 28 Feb 2024 13:36:00 +0100
Subject: [PATCH] Track explicit module dependencies in Makefile.core.def
Add a new keyword, "depends", to the module definition syntax
used in Makefile.core.def. This allows specifying explicit module
dependencies together with the module definition.
Make use of this new keyword in the bli module definition.
Signed-off-by: Oliver Steffen <osteffen@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Tested-by: Oskari Pirhonen <xxc3ncoredxx@gmail.com>
---
grub-core/Makefile.core.def | 1 +
.gitignore | 1 -
conf/Makefile.common | 1 +
gentpl.py | 7 +++++++
grub-core/Makefile.am | 9 ++++++---
grub-core/genmoddep.awk | 2 +-
6 files changed, 16 insertions(+), 5 deletions(-)
diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def
index c9dcfa00e85..a5a3ee31800 100644
--- a/grub-core/Makefile.core.def
+++ b/grub-core/Makefile.core.def
@@ -2670,6 +2670,7 @@ module = {
name = bli;
efi = commands/bli.c;
enable = efi;
+ depends = part_gpt;
};
module = {
diff --git a/.gitignore b/.gitignore
index f2e8e1e42d7..c603c15d66c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -11,7 +11,6 @@
*.img
*.log
*.lst
-!/grub-core/extra_deps.lst
*.marker
*.mod
*.o
diff --git a/conf/Makefile.common b/conf/Makefile.common
index c8756d8146f..9feac7434da 100644
--- a/conf/Makefile.common
+++ b/conf/Makefile.common
@@ -115,6 +115,7 @@ MOD_FILES =
MODULE_FILES =
MARKER_FILES =
KERNEL_HEADER_FILES =
+EXTRA_DEPS =
bin_SCRIPTS =
bin_PROGRAMS =
diff --git a/gentpl.py b/gentpl.py
index 5826a6b14e8..0f8d009ef21 100644
--- a/gentpl.py
+++ b/gentpl.py
@@ -642,6 +642,9 @@ def platform_values(defn, platform, suffix):
def extra_dist(defn):
return foreach_value(defn, "extra_dist", lambda value: value + " ")
+def extra_dep(defn):
+ return foreach_value(defn, "depends", lambda value: value + " ")
+
def platform_sources(defn, p): return platform_values(defn, p, "")
def platform_nodist_sources(defn, p): return platform_values(defn, p, "_nodist")
@@ -712,6 +715,10 @@ def module(defn, platform):
gvar_add("MOD_FILES", name + ".mod")
gvar_add("MARKER_FILES", name + ".marker")
gvar_add("CLEANFILES", name + ".marker")
+
+ for dep in defn.find_all("depends"):
+ gvar_add("EXTRA_DEPS", "depends " + name + " " + dep + ":")
+
output("""
""" + name + """.marker: $(""" + cname(defn) + """_SOURCES) $(nodist_""" + cname(defn) + """_SOURCES)
$(TARGET_CPP) -DGRUB_LST_GENERATOR $(CPPFLAGS_MARKER) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(""" + cname(defn) + """_CPPFLAGS) $(CPPFLAGS) $^ > $@.new || (rm -f $@; exit 1)
diff --git a/grub-core/Makefile.am b/grub-core/Makefile.am
index 7953ba95399..77f8329cd43 100644
--- a/grub-core/Makefile.am
+++ b/grub-core/Makefile.am
@@ -456,8 +456,11 @@ crypto.lst: $(srcdir)/lib/libgcrypt-grub/cipher/crypto.lst
platform_DATA += crypto.lst
CLEANFILES += crypto.lst
-syminfo.lst: gensyminfo.sh kernel_syms.lst $(top_srcdir)/grub-core/extra_deps.lst $(MODULE_FILES)
- cat kernel_syms.lst $(top_srcdir)/grub-core/extra_deps.lst > $@.new
+extra_deps.lst:
+ @echo $(EXTRA_DEPS) | sed "s/\s*:\s*/\n/g" > $@
+
+syminfo.lst: gensyminfo.sh kernel_syms.lst extra_deps.lst $(MODULE_FILES)
+ cat kernel_syms.lst extra_deps.lst > $@.new
for m in $(MODULE_FILES); do \
sh $< $$m >> $@.new || exit 1; \
done
@@ -467,7 +470,7 @@ syminfo.lst: gensyminfo.sh kernel_syms.lst $(top_srcdir)/grub-core/extra_deps.ls
moddep.lst: syminfo.lst genmoddep.awk video.lst
cat $< | sort | $(AWK) -f $(srcdir)/genmoddep.awk > $@ || (rm -f $@; exit 1)
platform_DATA += moddep.lst
-CLEANFILES += config.log syminfo.lst moddep.lst
+CLEANFILES += config.log syminfo.lst moddep.lst extra_deps.lst
$(MOD_FILES): %.mod : genmod.sh moddep.lst %.module$(EXEEXT) build-grub-module-verifier$(BUILD_EXEEXT)
TARGET_OBJ2ELF=@TARGET_OBJ2ELF@ sh $^ $@
diff --git a/grub-core/genmoddep.awk b/grub-core/genmoddep.awk
index cc987a53aa8..ab457cb2b56 100644
--- a/grub-core/genmoddep.awk
+++ b/grub-core/genmoddep.awk
@@ -35,7 +35,7 @@ BEGIN {
for (i = 3; i <= NF; i++) {
modtab[$2] = modtab[$2] " " $i;
}
- }
+ } else if ($1 == "") {} #Skip empty lines
else {
printf "error: %u: unrecognized input format\n", NR >"/dev/stderr";
error++;

View File

@ -1,75 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Leo Sandoval <lsandova@redhat.com>
Date: Fri, 8 Mar 2024 16:54:43 -0600
Subject: [PATCH] Revert "mm: Assert that we preserve header vs region
alignment"
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This reverts commit 1df8fe66c57087eb33bd6dc69f786ed124615aa7.
This is temporal while we find the reason for
In file included from ../../include/grub/mm_private.h:23,
from ../../include/grub/relocator_private.h:24,
from ../../grub-core/lib/efi/relocator.c:20:
../../include/grub/mm_private.h: In function grub_mm_size_sanity_check:
../../include/grub/misc.h:36:56: error: duplicate case value
36 | #define COMPILE_TIME_ASSERT(cond) switch (0) { case 1: case !(cond): ; }
| ^~~~
../../include/grub/mm_private.h:105:3: note: in expansion of macro COMPILE_TIME_ASSERT
105 | COMPILE_TIME_ASSERT ((sizeof (struct grub_mm_region) %
| ^~~~~~~~~~~~~~~~~~~
../../include/grub/misc.h:36:48: note: previously used here
36 | #define COMPILE_TIME_ASSERT(cond) switch (0) { case 1: case !(cond): ; }
| ^~~~
../../include/grub/mm_private.h:105:3: note: in expansion of macro COMPILE_TIME_ASSERT
105 | COMPILE_TIME_ASSERT ((sizeof (struct grub_mm_region) %
| ^~~~~~~~~~~~~~~~~~~
../../include/grub/misc.h:36:56: error: duplicate case value
36 | #define COMPILE_TIME_ASSERT(cond) switch (0) { case 1: case !(cond): ; }
| ^~~~
../../include/grub/mm_private.h:112:3: note: in expansion of macro COMPILE_TIME_ASSERT
112 | COMPILE_TIME_ASSERT (sizeof (struct grub_mm_header) == GRUB_MM_ALIGN);
| ^~~~~~~~~~~~~~~~~~~
../../include/grub/misc.h:36:48: note: previously used here
36 | #define COMPILE_TIME_ASSERT(cond) switch (0) { case 1: case !(cond): ; }
| ^~~~
../../include/grub/mm_private.h:112:3: note: in expansion of macro COMPILE_TIME_ASSERT
112 | COMPILE_TIME_ASSERT (sizeof (struct grub_mm_header) == GRUB_MM_ALIGN);
| ^~~~~~~~~~~~~~~~~~~
---
include/grub/mm_private.h | 14 --------------
1 file changed, 14 deletions(-)
diff --git a/include/grub/mm_private.h b/include/grub/mm_private.h
index 96c2d816be6..2481ee1fa20 100644
--- a/include/grub/mm_private.h
+++ b/include/grub/mm_private.h
@@ -20,7 +20,6 @@
#define GRUB_MM_PRIVATE_H 1
#include <grub/mm.h>
-#include <grub/misc.h>
/* For context, see kern/mm.c */
@@ -99,17 +98,4 @@ typedef struct grub_mm_region
extern grub_mm_region_t EXPORT_VAR (grub_mm_base);
#endif
-static inline void
-grub_mm_size_sanity_check (void) {
- /* Ensure we preserve alignment when doing h = (grub_mm_header_t) (r + 1). */
- COMPILE_TIME_ASSERT ((sizeof (struct grub_mm_region) %
- sizeof (struct grub_mm_header)) == 0);
-
- /*
- * GRUB_MM_ALIGN is supposed to represent cell size, and a mm_header is
- * supposed to be 1 cell.
- */
- COMPILE_TIME_ASSERT (sizeof (struct grub_mm_header) == GRUB_MM_ALIGN);
-}
-
#endif

View File

@ -1,38 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Wed, 13 Mar 2024 15:11:15 -0600
Subject: [PATCH] make: use the _CPU variety of build flags for PROGRAM and
LIBRARY
Signed-off-by: Peter Jones <pjones@redhat.com>
---
conf/Makefile.common | 15 +++++++--------
1 file changed, 7 insertions(+), 8 deletions(-)
diff --git a/conf/Makefile.common b/conf/Makefile.common
index 9feac7434da..f8c2f6bd881 100644
--- a/conf/Makefile.common
+++ b/conf/Makefile.common
@@ -60,15 +60,14 @@ LDFLAGS_IMAGE = $(LDFLAGS_PLATFORM) -nostdlib $(TARGET_LDFLAGS_OLDMAGIC) -Wl,-S
CPPFLAGS_IMAGE = $(CPPFLAGS_CPU) $(CPPFLAGS_PLATFORM)
CCASFLAGS_IMAGE = $(CCASFLAGS_CPU) $(CCASFLAGS_PLATFORM)
-CFLAGS_PROGRAM = $(UTILS_CFLAGS)
-LDFLAGS_PROGRAM = $(UTILS_LDFLAGS)
-CPPFLAGS_PROGRAM = $(UTILS_CPPFLAGS)
-CCASFLAGS_PROGRAM = $(UTILS_CCASFLAGS)
+CFLAGS_PROGRAM = $(CFLAGS_CPU)
+LDFLAGS_PROGRAM = $(LDFLAGS_CPU)
+CPPFLAGS_PROGRAM = $(CPPFLAGS_CPU)
+CCASFLAGS_PROGRAM = $(CCASFLAGS_CPU)
-CFLAGS_LIBRARY = $(UTILS_CFLAGS)
-LDFLAGS_LIBRARY = $(UTILS_LDFLAGS)
-CPPFLAGS_LIBRARY = $(UTILS_CPPFLAGS)
-CCASFLAGS_LIBRARY = $(UTILS_CCASFLAGS)
+CFLAGS_LIBRARY = $(CFLAGS_CPU)
+CPPFLAGS_LIBRARY = $(CPPFLAGS_CPU)
+CCASFLAGS_LIBRARY = $(CCASFLAGS_CPU)
# Other variables

View File

@ -1,24 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Wed, 13 Mar 2024 14:06:43 -0400
Subject: [PATCH] Work around extra_deps.lst issue
---
grub-core/Makefile.am | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/grub-core/Makefile.am b/grub-core/Makefile.am
index 77f8329cd43..aa172391fdf 100644
--- a/grub-core/Makefile.am
+++ b/grub-core/Makefile.am
@@ -460,6 +460,10 @@ extra_deps.lst:
@echo $(EXTRA_DEPS) | sed "s/\s*:\s*/\n/g" > $@
syminfo.lst: gensyminfo.sh kernel_syms.lst extra_deps.lst $(MODULE_FILES)
+ if ! [ -f extra_deps.lst ] ; then \
+ echo Missing extra_deps.lst ; \
+ echo $(EXTRA_DEPS) | sed "s/\s*:\s*/\n/g" > extra_deps.lst ; \
+ fi
cat kernel_syms.lst extra_deps.lst > $@.new
for m in $(MODULE_FILES); do \
sh $< $$m >> $@.new || exit 1; \

View File

@ -1,42 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Leo Sandoval <lsandova@redhat.com>
Date: Thu, 21 Mar 2024 16:27:25 -0600
Subject: [PATCH] include proper attribute for an EFI API call definition
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Otherwise we observe the following issue
../../grub-core/net/efi/http.c: In function efihttp_request:
../../grub-core/net/efi/http.c:233:28: error: passing argument 3 of b->create_event from incompatible pointer type [-Wincompatible-pointer-types]
233 | grub_efi_http_request_callback, NULL,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| |
| void (*)(void *, void *)
../../grub-core/net/efi/http.c:233:28: note: expected void (__attribute__((ms_abi)) *)(void *, void *) but argument is of type void (*)(void *, void *)
---
grub-core/net/efi/http.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/grub-core/net/efi/http.c b/grub-core/net/efi/http.c
index 0568ea5d43e..6fecb261c55 100644
--- a/grub-core/net/efi/http.c
+++ b/grub-core/net/efi/http.c
@@ -131,14 +131,14 @@ static grub_efi_boolean_t request_callback_done;
static grub_efi_boolean_t response_callback_done;
static void
-grub_efi_http_request_callback (grub_efi_event_t event __attribute__ ((unused)),
+__grub_efi_api grub_efi_http_request_callback (grub_efi_event_t event __attribute__ ((unused)),
void *context __attribute__ ((unused)))
{
request_callback_done = 1;
}
static void
-grub_efi_http_response_callback (grub_efi_event_t event __attribute__ ((unused)),
+__grub_efi_api grub_efi_http_response_callback (grub_efi_event_t event __attribute__ ((unused)),
void *context __attribute__ ((unused)))
{
response_callback_done = 1;

View File

@ -1,67 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Leo Sandoval <lsandova@redhat.com>
Date: Fri, 22 Mar 2024 12:12:02 -0600
Subject: [PATCH] cast grub_error status parameter
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
For some reason, the compiler concludes that the status variable is
ultimately a 'long unsigned int' but status is a 'unsigned' (not a
long) so temporally cast it to unsigned otherwise we see the following
../../grub-core/net/efi/http.c: In function efihttp_request:
../../grub-core/net/efi/http.c:251:39: warning: format %x expects argument of type unsigned int, but argument 5 has type grub_efi_status_t {aka long unsigned int} [-Wformat=]
251 | return grub_error (GRUB_ERR_IO, "Fail to send a request! status=0x%x\n", status);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~
| |
| grub_efi_status_t {aka long unsigned int}
---
grub-core/net/efi/http.c | 6 +++---
grub-core/net/efi/net.c | 2 +-
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/grub-core/net/efi/http.c b/grub-core/net/efi/http.c
index 6fecb261c55..5bdb47548f8 100644
--- a/grub-core/net/efi/http.c
+++ b/grub-core/net/efi/http.c
@@ -236,7 +236,7 @@ efihttp_request (grub_efi_http_t *http, char *server, char *name, int use_https,
if (status != GRUB_EFI_SUCCESS)
{
grub_free (request_data.url);
- return grub_error (GRUB_ERR_IO, "Fail to create an event! status=0x%x\n", status);
+ return grub_error (GRUB_ERR_IO, "Fail to create an event! status=0x%x\n", (unsigned) status);
}
status = http->request(http, &request_token);
@@ -248,7 +248,7 @@ efihttp_request (grub_efi_http_t *http, char *server, char *name, int use_https,
{
b->close_event(request_token.event);
grub_free (request_data.url);
- return grub_error (GRUB_ERR_IO, "Fail to send a request! status=0x%x\n", status);
+ return grub_error (GRUB_ERR_IO, "Fail to send a request! status=0x%x\n", (unsigned) status);
}
/* TODO: Add Timeout */
while (!request_callback_done)
@@ -273,7 +273,7 @@ efihttp_request (grub_efi_http_t *http, char *server, char *name, int use_https,
{
b->close_event(request_token.event);
grub_free (request_data.url);
- return grub_error (GRUB_ERR_IO, "Fail to create an event! status=0x%x\n", status);
+ return grub_error (GRUB_ERR_IO, "Fail to create an event! status=0x%x\n", (unsigned) status);
}
response_token.status = GRUB_EFI_SUCCESS;
diff --git a/grub-core/net/efi/net.c b/grub-core/net/efi/net.c
index 0a1e604b5bd..1b13603a63c 100644
--- a/grub-core/net/efi/net.c
+++ b/grub-core/net/efi/net.c
@@ -706,7 +706,7 @@ grub_efi_service_binding (grub_efi_handle_t dev, grub_guid_t *service_binding_gu
status = service->create_child(service, &child_dev);
if (status != GRUB_EFI_SUCCESS)
{
- grub_error (GRUB_ERR_IO, N_("Failed to create child device of http service %x"), status);
+ grub_error (GRUB_ERR_IO, N_("Failed to create child device of http service %x"), (unsigned) status);
return NULL;
}

View File

@ -1,31 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Leo Sandoval <lsandova@redhat.com>
Date: Fri, 22 Mar 2024 14:20:06 -0600
Subject: [PATCH] remove unused varible
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Otherwise compiler complains with:
../../grub-core/commands/efi/connectefi.c:143:20: error: unused variable j [-Werror=unused-variable]
143 | unsigned j;
| ^
Signed-off-by: Leo Sandoval <lsandova@redhat.com>
---
grub-core/commands/efi/connectefi.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/grub-core/commands/efi/connectefi.c b/grub-core/commands/efi/connectefi.c
index 6c397f8f508..9d02f2780f6 100644
--- a/grub-core/commands/efi/connectefi.c
+++ b/grub-core/commands/efi/connectefi.c
@@ -140,7 +140,6 @@ loop:
{
grub_efi_handle_t handle = handles[i];
grub_efi_status_t status;
- unsigned j;
/* Skip already handled handles */
if (is_in_list (handle))

View File

@ -1,42 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Leo Sandoval <lsandova@redhat.com>
Date: Fri, 22 Mar 2024 18:28:17 -0600
Subject: [PATCH] cast grub_net_bootp_packet pointer
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Otherwise compiler complains with:
../../grub-core/net/drivers/efi/efinet.c: In function grub_efi_net_config_real:
../../grub-core/net/drivers/efi/efinet.c:876:28: error: cannot convert to a pointer type
876 | dhcp_ack = (struct grub_net_bootp_packet *) pxe_mode->dhcp_ack;
| ^~~~~~~~~~~~~~~~~~~~~
../../grub-core/net/drivers/efi/efinet.c:881:57: error: initialization of struct grub_net_bootp_packet * from incompatible pointer type grub_efi_pxe_packet_t * [-Wincompatible-pointer-types]
881 | struct grub_net_bootp_packet *proxy_offer = &pxe_mode->proxy_offer;
| ^
Signed-off-by: Leo Sandoval <lsandova@redhat.com>
---
grub-core/net/drivers/efi/efinet.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/grub-core/net/drivers/efi/efinet.c b/grub-core/net/drivers/efi/efinet.c
index 83005ea9f88..4591d0757ec 100644
--- a/grub-core/net/drivers/efi/efinet.c
+++ b/grub-core/net/drivers/efi/efinet.c
@@ -872,12 +872,12 @@ grub_efi_net_config_real (grub_efi_handle_t hnd, char **device,
{
grub_dprintf ("efinet", "using ipv4 and dhcp\n");
- struct grub_net_bootp_packet *dhcp_ack = &pxe_mode->dhcp_ack;
+ struct grub_net_bootp_packet *dhcp_ack = (struct grub_net_bootp_packet *) &pxe_mode->dhcp_ack;
if (pxe_mode->proxy_offer_received)
{
grub_dprintf ("efinet", "proxy offer receive");
- struct grub_net_bootp_packet *proxy_offer = &pxe_mode->proxy_offer;
+ struct grub_net_bootp_packet *proxy_offer = (struct grub_net_bootp_packet *) &pxe_mode->proxy_offer;
if (proxy_offer && dhcp_ack->boot_file[0] == '\0')
{

View File

@ -1,56 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Leo Sandoval <lsandova@redhat.com>
Date: Thu, 11 Jan 2024 12:05:20 -0600
Subject: [PATCH] libtasn1: fix string overflow warning
Patched also at the libtasn1 project with commit
c54e523d9dacdb7eec7f20964df12df9b80f467c
Author: Simo Sorce <simo@redhat.com>
AuthorDate: Tue May 11 14:18:10 2021 -0400
Commit: Simo Sorce <simo@redhat.com>
CommitDate: Tue May 11 14:26:04 2021 -0400
Parent: 890a8a9 Fix resource leak (node)
Contained: master
Follows: v4.16.0 (48)
Precedes: v4.17.0 (5)
Fix String overflow warning
Scanner Output
--------------
rror: COMPILER_WARNING (CWE-758): [#def2]
libtasn1-4.16.0/lib/element.c: scope_hint: In function '_asn1_append_sequence_set'
libtasn1-4.16.0/lib/element.c:186:7: warning[-Wstringop-overflow=]: '_asn1_ltostr' accessing 22 bytes in a region of size 21
# 186 | _asn1_ltostr (n, temp + 1);
# | ^~~~~~~~~~~~~~~~~~~~~~~~~~
libtasn1-4.16.0/lib/element.c:186:7: note: referencing argument 2 of type 'char *'
libtasn1-4.16.0/lib/element.c:30: included_from: Included from here.
libtasn1-4.16.0/lib/parser_aux.h:70:7: note: in a call to function '_asn1_ltostr'
# 70 | char *_asn1_ltostr (int64_t v, char str[LTOSTR_MAX_SIZE]);
# | ^~~~~~~~~~~~
# 184| n++;
# 185| temp[0] = '?';
# 186|-> _asn1_ltostr (n, temp + 1);
# 187| }
# 188| _asn1_set_name (p2, temp);
Signed-off-by: Leo Sandoval <lsandova@redhat.com>
---
grub-core/lib/libtasn1/lib/element.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/grub-core/lib/libtasn1/lib/element.c b/grub-core/lib/libtasn1/lib/element.c
index ed761ff56bd..8cc73455aee 100644
--- a/grub-core/lib/libtasn1/lib/element.c
+++ b/grub-core/lib/libtasn1/lib/element.c
@@ -143,7 +143,7 @@ int
_asn1_append_sequence_set (asn1_node node, struct node_tail_cache_st *pcache)
{
asn1_node p, p2;
- char temp[LTOSTR_MAX_SIZE];
+ char temp[LTOSTR_MAX_SIZE + 1];
long n;
if (!node || !(node->down))

View File

@ -1,21 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Leo Sandoval <lsandova@redhat.com>
Date: Tue, 2 Apr 2024 12:59:10 -0600
Subject: [PATCH] fix i386_pc on legacycfg module
---
grub-core/Makefile.core.def | 1 +
1 file changed, 1 insertion(+)
diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def
index 3f6e944d6a5..b045aac7c91 100644
--- a/grub-core/Makefile.core.def
+++ b/grub-core/Makefile.core.def
@@ -2459,6 +2459,7 @@ module = {
common = commands/legacycfg.c;
common = lib/legacy_parse.c;
emu = lib/i386/pc/vesa_modes_table.c;
+ i386_pc = lib/i386/pc/vesa_modes_table.c;
i386_efi = lib/i386/pc/vesa_modes_table.c;
x86_64_efi = lib/i386/pc/vesa_modes_table.c;
xen = lib/i386/pc/vesa_modes_table.c;

View File

@ -1,317 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Tue, 13 Feb 2024 16:30:24 -0600
Subject: [PATCH] Make any of the loaders that link in efi mode honor secure
boot.
And in this case "honor" means "even if somebody does link this in, they
won't register commands if SB is enabled."
Signed-off-by: Peter Jones <pjones@redhat.com>
---
grub-core/commands/iorw.c | 7 +++++++
grub-core/commands/memrw.c | 7 +++++++
grub-core/kern/dl.c | 4 ++--
grub-core/loader/efi/appleloader.c | 7 +++++++
grub-core/loader/i386/bsd.c | 7 +++++++
grub-core/loader/i386/linux.c | 7 +++++++
grub-core/loader/i386/pc/linux.c | 7 +++++++
grub-core/loader/multiboot.c | 7 +++++++
grub-core/loader/xnu.c | 7 +++++++
include/grub/ia64/linux.h | 0
include/grub/mips/linux.h | 0
include/grub/powerpc/linux.h | 0
include/grub/sparc64/linux.h | 0
13 files changed, 58 insertions(+), 2 deletions(-)
create mode 100644 include/grub/ia64/linux.h
create mode 100644 include/grub/mips/linux.h
create mode 100644 include/grub/powerpc/linux.h
create mode 100644 include/grub/sparc64/linux.h
diff --git a/grub-core/commands/iorw.c b/grub-core/commands/iorw.c
index 584baec8f91..7b2999b14b5 100644
--- a/grub-core/commands/iorw.c
+++ b/grub-core/commands/iorw.c
@@ -24,6 +24,7 @@
#include <grub/cpu/io.h>
#include <grub/i18n.h>
#include <grub/lockdown.h>
+#include <grub/efi/sb.h>
GRUB_MOD_LICENSE ("GPLv3+");
@@ -119,6 +120,9 @@ grub_cmd_write (grub_command_t cmd, int argc, char **argv)
GRUB_MOD_INIT(memrw)
{
+ if (grub_efi_get_secureboot () == GRUB_EFI_SECUREBOOT_MODE_ENABLED)
+ return;
+
cmd_read_byte =
grub_register_extcmd ("inb", grub_cmd_read, 0,
N_("PORT"), N_("Read 8-bit value from PORT."),
@@ -147,6 +151,9 @@ GRUB_MOD_INIT(memrw)
GRUB_MOD_FINI(memrw)
{
+ if (grub_efi_get_secureboot () == GRUB_EFI_SECUREBOOT_MODE_ENABLED)
+ return;
+
grub_unregister_extcmd (cmd_read_byte);
grub_unregister_extcmd (cmd_read_word);
grub_unregister_extcmd (cmd_read_dword);
diff --git a/grub-core/commands/memrw.c b/grub-core/commands/memrw.c
index d401a6db0ef..39cf3a06dbd 100644
--- a/grub-core/commands/memrw.c
+++ b/grub-core/commands/memrw.c
@@ -23,6 +23,7 @@
#include <grub/env.h>
#include <grub/i18n.h>
#include <grub/lockdown.h>
+#include <grub/efi/sb.h>
GRUB_MOD_LICENSE ("GPLv3+");
@@ -121,6 +122,9 @@ grub_cmd_write (grub_command_t cmd, int argc, char **argv)
GRUB_MOD_INIT(memrw)
{
+ if (grub_efi_get_secureboot () == GRUB_EFI_SECUREBOOT_MODE_ENABLED)
+ return;
+
cmd_read_byte =
grub_register_extcmd ("read_byte", grub_cmd_read, 0,
N_("ADDR"), N_("Read 8-bit value from ADDR."),
@@ -149,6 +153,9 @@ GRUB_MOD_INIT(memrw)
GRUB_MOD_FINI(memrw)
{
+ if (grub_efi_get_secureboot () == GRUB_EFI_SECUREBOOT_MODE_ENABLED)
+ return;
+
grub_unregister_extcmd (cmd_read_byte);
grub_unregister_extcmd (cmd_read_word);
grub_unregister_extcmd (cmd_read_dword);
diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c
index d48d4131ba7..2a9ae9fc894 100644
--- a/grub-core/kern/dl.c
+++ b/grub-core/kern/dl.c
@@ -871,13 +871,13 @@ grub_dl_load_file (const char *filename)
grub_dl_t mod = 0;
#ifdef GRUB_MACHINE_EFI
- if (grub_efi_get_secureboot ())
+ if (grub_efi_get_secureboot () == GRUB_EFI_SECUREBOOT_MODE_ENABLED)
{
#if 0
/* This is an error, but grub2-mkconfig still generates a pile of
* insmod commands, so emitting it would be mostly just obnoxious. */
grub_error (GRUB_ERR_ACCESS_DENIED,
- "Secure Boot forbids loading module from %s", filename);
+ "Secure Boot forbids loading module from %s", filename);
#endif
return 0;
}
diff --git a/grub-core/loader/efi/appleloader.c b/grub-core/loader/efi/appleloader.c
index a0b61a240b7..35d53c5f85d 100644
--- a/grub-core/loader/efi/appleloader.c
+++ b/grub-core/loader/efi/appleloader.c
@@ -24,6 +24,7 @@
#include <grub/misc.h>
#include <grub/efi/api.h>
#include <grub/efi/efi.h>
+#include <grub/efi/sb.h>
#include <grub/command.h>
#include <grub/i18n.h>
@@ -227,6 +228,9 @@ static grub_command_t cmd;
GRUB_MOD_INIT(appleloader)
{
+ if (grub_efi_get_secureboot () == GRUB_EFI_SECUREBOOT_MODE_ENABLED)
+ return;
+
cmd = grub_register_command ("appleloader", grub_cmd_appleloader,
N_("[OPTS]"),
/* TRANSLATORS: This command is used on EFI to
@@ -238,5 +242,8 @@ GRUB_MOD_INIT(appleloader)
GRUB_MOD_FINI(appleloader)
{
+ if (grub_efi_get_secureboot () == GRUB_EFI_SECUREBOOT_MODE_ENABLED)
+ return;
+
grub_unregister_command (cmd);
}
diff --git a/grub-core/loader/i386/bsd.c b/grub-core/loader/i386/bsd.c
index 1f9128f6f20..8075ac9b06a 100644
--- a/grub-core/loader/i386/bsd.c
+++ b/grub-core/loader/i386/bsd.c
@@ -40,6 +40,7 @@
#ifdef GRUB_MACHINE_PCBIOS
#include <grub/machine/int.h>
#endif
+#include <grub/efi/sb.h>
GRUB_MOD_LICENSE ("GPLv3+");
@@ -2137,6 +2138,9 @@ static grub_command_t cmd_netbsd_module_elf, cmd_openbsd_ramdisk;
GRUB_MOD_INIT (bsd)
{
+ if (grub_efi_get_secureboot () == GRUB_EFI_SECUREBOOT_MODE_ENABLED)
+ return;
+
/* Net and OpenBSD kernels are often compressed. */
grub_dl_load ("gzio");
@@ -2176,6 +2180,9 @@ GRUB_MOD_INIT (bsd)
GRUB_MOD_FINI (bsd)
{
+ if (grub_efi_get_secureboot () == GRUB_EFI_SECUREBOOT_MODE_ENABLED)
+ return;
+
grub_unregister_extcmd (cmd_freebsd);
grub_unregister_extcmd (cmd_openbsd);
grub_unregister_extcmd (cmd_netbsd);
diff --git a/grub-core/loader/i386/linux.c b/grub-core/loader/i386/linux.c
index 10f967f2563..5a257552234 100644
--- a/grub-core/loader/i386/linux.c
+++ b/grub-core/loader/i386/linux.c
@@ -37,6 +37,7 @@
#include <grub/linux.h>
#include <grub/machine/kernel.h>
#include <grub/safemath.h>
+#include <grub/efi/sb.h>
GRUB_MOD_LICENSE ("GPLv3+");
@@ -1164,6 +1165,9 @@ static grub_command_t cmd_linux, cmd_initrd;
GRUB_MOD_INIT(linux)
{
+ if (grub_efi_get_secureboot () == GRUB_EFI_SECUREBOOT_MODE_ENABLED)
+ return;
+
cmd_linux = grub_register_command ("linux", grub_cmd_linux,
0, N_("Load Linux."));
cmd_initrd = grub_register_command ("initrd", grub_cmd_initrd,
@@ -1173,6 +1177,9 @@ GRUB_MOD_INIT(linux)
GRUB_MOD_FINI(linux)
{
+ if (grub_efi_get_secureboot () == GRUB_EFI_SECUREBOOT_MODE_ENABLED)
+ return;
+
grub_unregister_command (cmd_linux);
grub_unregister_command (cmd_initrd);
}
diff --git a/grub-core/loader/i386/pc/linux.c b/grub-core/loader/i386/pc/linux.c
index 8593d74737f..54a76504a79 100644
--- a/grub-core/loader/i386/pc/linux.c
+++ b/grub-core/loader/i386/pc/linux.c
@@ -36,6 +36,7 @@
#include <grub/lib/cmdline.h>
#include <grub/linux.h>
#include <grub/safemath.h>
+#include <grub/efi/sb.h>
GRUB_MOD_LICENSE ("GPLv3+");
@@ -487,6 +488,9 @@ static grub_command_t cmd_linux, cmd_linux16, cmd_initrd, cmd_initrd16;
GRUB_MOD_INIT(linux16)
{
+ if (grub_efi_get_secureboot () == GRUB_EFI_SECUREBOOT_MODE_ENABLED)
+ return;
+
cmd_linux =
grub_register_command ("linux", grub_cmd_linux,
0, N_("Load Linux."));
@@ -504,6 +508,9 @@ GRUB_MOD_INIT(linux16)
GRUB_MOD_FINI(linux16)
{
+ if (grub_efi_get_secureboot () == GRUB_EFI_SECUREBOOT_MODE_ENABLED)
+ return;
+
grub_unregister_command (cmd_linux);
grub_unregister_command (cmd_linux16);
grub_unregister_command (cmd_initrd);
diff --git a/grub-core/loader/multiboot.c b/grub-core/loader/multiboot.c
index 94be512c4d0..94c112a29d4 100644
--- a/grub-core/loader/multiboot.c
+++ b/grub-core/loader/multiboot.c
@@ -50,6 +50,7 @@
#include <grub/video.h>
#include <grub/memory.h>
#include <grub/i18n.h>
+#include <grub/efi/sb.h>
GRUB_MOD_LICENSE ("GPLv3+");
@@ -444,6 +445,9 @@ static grub_command_t cmd_multiboot, cmd_module;
GRUB_MOD_INIT(multiboot)
{
+ if (grub_efi_get_secureboot () == GRUB_EFI_SECUREBOOT_MODE_ENABLED)
+ return;
+
cmd_multiboot =
#ifdef GRUB_USE_MULTIBOOT2
grub_register_command ("multiboot2", grub_cmd_multiboot,
@@ -464,6 +468,9 @@ GRUB_MOD_INIT(multiboot)
GRUB_MOD_FINI(multiboot)
{
+ if (grub_efi_get_secureboot () == GRUB_EFI_SECUREBOOT_MODE_ENABLED)
+ return;
+
grub_unregister_command (cmd_multiboot);
grub_unregister_command (cmd_module);
}
diff --git a/grub-core/loader/xnu.c b/grub-core/loader/xnu.c
index 4cca55df92d..f76f511ac2d 100644
--- a/grub-core/loader/xnu.c
+++ b/grub-core/loader/xnu.c
@@ -35,6 +35,7 @@
#include <grub/i18n.h>
#include <grub/verify.h>
#include <grub/safemath.h>
+#include <grub/efi/sb.h>
GRUB_MOD_LICENSE ("GPLv3+");
@@ -1497,6 +1498,9 @@ static grub_extcmd_t cmd_splash;
GRUB_MOD_INIT(xnu)
{
+ if (grub_efi_get_secureboot () == GRUB_EFI_SECUREBOOT_MODE_ENABLED)
+ return;
+
cmd_kernel = grub_register_command ("xnu_kernel", grub_cmd_xnu_kernel, 0,
N_("Load XNU image."));
cmd_kernel64 = grub_register_command ("xnu_kernel64", grub_cmd_xnu_kernel64,
@@ -1540,6 +1544,9 @@ GRUB_MOD_INIT(xnu)
GRUB_MOD_FINI(xnu)
{
+ if (grub_efi_get_secureboot () == GRUB_EFI_SECUREBOOT_MODE_ENABLED)
+ return;
+
#ifndef GRUB_MACHINE_EMU
grub_unregister_command (cmd_resume);
#endif
diff --git a/include/grub/ia64/linux.h b/include/grub/ia64/linux.h
new file mode 100644
index 00000000000..e69de29bb2d
diff --git a/include/grub/mips/linux.h b/include/grub/mips/linux.h
new file mode 100644
index 00000000000..e69de29bb2d
diff --git a/include/grub/powerpc/linux.h b/include/grub/powerpc/linux.h
new file mode 100644
index 00000000000..e69de29bb2d
diff --git a/include/grub/sparc64/linux.h b/include/grub/sparc64/linux.h
new file mode 100644
index 00000000000..e69de29bb2d

View File

@ -1,83 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Thu, 4 Apr 2024 11:57:54 -0600
Subject: [PATCH] Make a "gdb" dprintf that tells us load addresses.
This makes a grub_dprintf() call during platform init and during module
loading that tells us the virtual addresses of the .text and .data
sections of grub-core/kernel.exec and any modules it loads.
Specifically, it displays them in the gdb "add-symbol-file" syntax, with
the presumption that there's a variable $grubdir that reflects the path
to any such binaries.
Signed-off-by: Peter Jones <pjones@redhat.com>
---
grub-core/kern/dl.c | 34 ++++++++++++++++++++++++++++++++++
grub-core/kern/efi/init.c | 1 +
2 files changed, 35 insertions(+)
diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c
index 2a9ae9fc894..2eaef7150ed 100644
--- a/grub-core/kern/dl.c
+++ b/grub-core/kern/dl.c
@@ -690,6 +690,38 @@ grub_dl_relocate_symbols (grub_dl_t mod, void *ehdr)
return GRUB_ERR_NONE;
}
+static void
+grub_dl_print_gdb_info (grub_dl_t mod, Elf_Ehdr *e)
+{
+ void *text, *data = NULL;
+ long idx;
+
+ idx = grub_dl_find_section_index (e, ".text");
+ if (idx < 0)
+ return;
+
+ text = grub_dl_get_section_addr (mod, idx);
+ if (!text)
+ return;
+
+ idx = grub_dl_find_section_index (e, ".data");
+ if (idx >= 0)
+ data = grub_dl_get_section_addr (mod, idx);
+
+ if (data)
+ grub_qdprintf ("gdb", "add-symbol-file \\\n"
+ "/usr/lib/debug/usr/lib/grub/%s-%s/%s.debug "
+ "\\\n %p -s .data %p\n",
+ GRUB_TARGET_CPU, GRUB_PLATFORM,
+ mod->name, text, data);
+ else
+ grub_qdprintf ("gdb", "add-symbol-file \\\n"
+ "/usr/lib/debug/usr/lib/grub/%s-%s/%s.debug "
+ "\\\n%p\n",
+ GRUB_TARGET_CPU, GRUB_PLATFORM,
+ mod->name, text);
+}
+
static grub_err_t
grub_dl_set_mem_attrs (grub_dl_t mod, void *ehdr)
{
@@ -833,6 +865,8 @@ grub_dl_load_core_noinit (void *addr, grub_size_t size)
grub_dprintf ("modules", "module name: %s\n", mod->name);
grub_dprintf ("modules", "init function: %p\n", mod->init);
+ grub_dl_print_gdb_info (mod, e);
+
if (grub_dl_add (mod))
{
grub_dl_unload (mod);
diff --git a/grub-core/kern/efi/init.c b/grub-core/kern/efi/init.c
index dee3918fd35..d35d6974734 100644
--- a/grub-core/kern/efi/init.c
+++ b/grub-core/kern/efi/init.c
@@ -157,6 +157,7 @@ grub_efi_init (void)
grub_efi_system_table->boot_services->set_watchdog_timer (0, 0, 0, NULL);
grub_efi_env_init ();
+ grub_efi_print_gdb_info ();
grub_efidisk_init ();
grub_efi_register_debug_commands ();

View File

@ -1,139 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Dimitri John Ledkov <xnox@ubuntu.com>
Date: Fri, 11 Jun 2021 13:51:20 +0200
Subject: [PATCH] Allow chainloading EFI apps from loop mounts.
Signed-off-by: Dimitri John Ledkov <Dimitri.ledkov@canonical.com>
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
---
grub-core/disk/loopback.c | 9 +--------
grub-core/loader/efi/chainloader.c | 24 ++++++++++++++++++++++++
include/grub/loopback.h | 30 ++++++++++++++++++++++++++++++
3 files changed, 55 insertions(+), 8 deletions(-)
create mode 100644 include/grub/loopback.h
diff --git a/grub-core/disk/loopback.c b/grub-core/disk/loopback.c
index 4635dcfdeec..11a5e0cbd02 100644
--- a/grub-core/disk/loopback.c
+++ b/grub-core/disk/loopback.c
@@ -21,20 +21,13 @@
#include <grub/misc.h>
#include <grub/file.h>
#include <grub/disk.h>
+#include <grub/loopback.h>
#include <grub/mm.h>
#include <grub/extcmd.h>
#include <grub/i18n.h>
GRUB_MOD_LICENSE ("GPLv3+");
-struct grub_loopback
-{
- char *devname;
- grub_file_t file;
- struct grub_loopback *next;
- unsigned long id;
-};
-
static struct grub_loopback *loopback_list;
static unsigned long last_id = 0;
diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c
index 0ec682e2988..efbe2bd38aa 100644
--- a/grub-core/loader/efi/chainloader.c
+++ b/grub-core/loader/efi/chainloader.c
@@ -24,6 +24,7 @@
#include <grub/err.h>
#include <grub/device.h>
#include <grub/disk.h>
+#include <grub/loopback.h>
#include <grub/misc.h>
#include <grub/charset.h>
#include <grub/mm.h>
@@ -907,6 +908,7 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)),
grub_efi_status_t status;
grub_efi_boot_services_t *b;
grub_device_t dev = 0;
+ grub_device_t orig_dev = 0;
grub_efi_device_path_t *dp = NULL;
char *filename;
void *boot_image = 0;
@@ -963,6 +965,16 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)),
dev = grub_device_open (devname);
if (devname)
grub_free (devname);
+
+ /* if device is loopback, use underlying dev */
+ if (dev && dev->disk->dev->id == GRUB_DISK_DEVICE_LOOPBACK_ID)
+ {
+ struct grub_loopback *d;
+ orig_dev = dev;
+ d = dev->disk->data;
+ dev = d->file->device;
+ }
+
if (dev == NULL)
;
else if (dev->disk)
@@ -1069,6 +1081,12 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)),
}
#endif
+ if (orig_dev)
+ {
+ dev = orig_dev;
+ orig_dev = 0;
+ }
+
rc = grub_linuxefi_secure_validate((void *)(unsigned long)address, fsize);
grub_dprintf ("chain", "linuxefi_secure_validate: %d\n", rc);
if (rc > 0)
@@ -1092,6 +1110,12 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)),
fail:
+ if (orig_dev)
+ {
+ dev = orig_dev;
+ orig_dev = 0;
+ }
+
if (dev)
grub_device_close (dev);
diff --git a/include/grub/loopback.h b/include/grub/loopback.h
new file mode 100644
index 00000000000..3b9a9e32e80
--- /dev/null
+++ b/include/grub/loopback.h
@@ -0,0 +1,30 @@
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2019 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef GRUB_LOOPBACK_HEADER
+#define GRUB_LOOPBACK_HEADER 1
+
+struct grub_loopback
+{
+ char *devname;
+ grub_file_t file;
+ struct grub_loopback *next;
+ unsigned long id;
+};
+
+#endif /* ! GRUB_LOOPBACK_HEADER */

View File

@ -1,73 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Dimitri John Ledkov <dimitri.ledkov@canonical.com>
Date: Thu, 3 Mar 2022 13:10:56 +0100
Subject: [PATCH] grub-core/loader/i386/efi/linux.c: do not validate kernels
twice
On codebases that have shim-lock-verifier built into the grub core
(like 2.06 upstream), shim-lock-verifier is in enforcing mode when
booted with secureboot. It means that grub_cmd_linux() command
attempts to perform shim validate upon opening linux kernel image,
including kernel measurement. And the verifier correctly returns file
open error when shim validate protocol is not present or shim fails to
validate the kernel.
This makes the call to grub_linuxefi_secure_validate() redundant, but
also harmful. As validating the kernel image twice, extends the PCRs
with the same measurement twice. Which breaks existing sealing
policies when upgrading from grub2.04+rhboot+sb+linuxefi to
grub2.06+rhboot+sb+linuxefi builds. It is also incorrect to measure
the kernel twice.
This patch must not be ported to older editions of grub code bases
that do not have verifiers framework, or it is not builtin, or
shim-lock-verifier is an optional module.
This patch is tested to ensure that unsigned kernels are not possible
to boot in secureboot mode when shim rejects kernel, or shim protocol
is missing, and that the measurements become stable once again. The
above also ensures that CVE-2020-15705 is not reintroduced.
Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com>
---
grub-core/loader/i386/efi/linux.c | 13 -------------
1 file changed, 13 deletions(-)
diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c
index 97484bbe24d..1dd787081f2 100644
--- a/grub-core/loader/i386/efi/linux.c
+++ b/grub-core/loader/i386/efi/linux.c
@@ -30,7 +30,6 @@
#include <grub/cpu/efi/memory.h>
#include <grub/tpm.h>
#include <grub/safemath.h>
-#include <grub/efi/sb.h>
GRUB_MOD_LICENSE ("GPLv3+");
@@ -278,7 +277,6 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
grub_ssize_t start, filelen;
void *kernel = NULL;
int setup_header_end_offset;
- int rc;
grub_dl_ref (my_mod);
@@ -308,17 +306,6 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
goto fail;
}
- if (grub_efi_get_secureboot () == GRUB_EFI_SECUREBOOT_MODE_ENABLED)
- {
- rc = grub_linuxefi_secure_validate (kernel, filelen);
- if (rc <= 0)
- {
- grub_error (GRUB_ERR_INVALID_COMMAND,
- N_("%s has invalid signature"), argv[0]);
- goto fail;
- }
- }
-
lh = (struct linux_i386_kernel_header *)kernel;
grub_dprintf ("linux", "original lh is at %p\n", kernel);

View File

@ -1,80 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Dimitri John Ledkov <dimitri.ledkov@canonical.com>
Date: Fri, 4 Mar 2022 09:31:43 +0100
Subject: [PATCH] grub-core/loader/efi/chainloader.c: do not validate
chainloader twice
On secureboot systems, with shimlock verifier, call to
grub_file_open(, GRUB_FILE_TYPE_EFI_CHAINLOADED_IMAGE) will already
pass the chainloader target through shim-lock protocol verify
call. And create a TPM measurement. If verification fails,
grub_cmd_chainloader will fail at file open time.
This makes previous code paths for negative, and zero return codes
from grub_linuxefi_secure_validate unreachable under secureboot. But
also breaking measurements compatibility with 2.04+linuxefi codebases,
as the chainloader file is passed through shim_lock->verify() twice
(via verifier & direct call to grub_linuxefi_secure_validate)
extending the PCRs twice.
This reduces grub_loader options to perform
grub_secureboot_chainloader when secureboot is on, and otherwise
attempt grub_chainloader_boot.
It means that booting with secureboot off, yet still with shim (which
always verifies things successfully), will stop choosing
grub_secureboot_chainloader, and opting for a more regular
loadimage/startimage codepath. If we want to use the
grub_secureboot_chainloader codepath in such scenarios we should adapt
the code to simply check for shim_lock protocol presence /
shim_lock->context() success?! But I am not sure if that is necessary.
This patch must not be ported to older editions of grub code bases
that do not have verifiers framework, or it is not builtin, or
shim-lock-verifier is an optional module.
Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com>
---
grub-core/loader/efi/chainloader.c | 8 ++------
1 file changed, 2 insertions(+), 6 deletions(-)
diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c
index efbe2bd38aa..3a3b55c1d61 100644
--- a/grub-core/loader/efi/chainloader.c
+++ b/grub-core/loader/efi/chainloader.c
@@ -912,7 +912,6 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)),
grub_efi_device_path_t *dp = NULL;
char *filename;
void *boot_image = 0;
- int rc;
file_path = NULL;
address = 0;
@@ -1087,9 +1086,7 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)),
orig_dev = 0;
}
- rc = grub_linuxefi_secure_validate((void *)(unsigned long)address, fsize);
- grub_dprintf ("chain", "linuxefi_secure_validate: %d\n", rc);
- if (rc > 0)
+ if (grub_efi_get_secureboot () == GRUB_EFI_SECUREBOOT_MODE_ENABLED)
{
grub_file_close (file);
grub_device_close (dev);
@@ -1097,7 +1094,7 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)),
grub_secureboot_chainloader_unload, 0);
return 0;
}
- else if (rc == 0)
+ else
{
grub_load_and_start_image(boot_image);
grub_file_close (file);
@@ -1106,7 +1103,6 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)),
return 0;
}
- // -1 fall-through to fail
fail:

View File

@ -1,85 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Leo Sandoval <lsandova@redhat.com>
Date: Mon, 8 Apr 2024 10:59:25 -0600
Subject: [PATCH] grub-core/loader/efi/linux.c: drop now unused
grub_linuxefi_secure_validate
Drop the now unused grub_linuxefi_secure_validate() as all prior users
of this API now rely on the shim-lock-verifier codepath instead.
This patch must not be ported to older editions of grub code bases
that do not have verifiers framework, or it is not builtin, or
shim-lock-verifier is an optional module.
Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com>
---
grub-core/loader/efi/linux.c | 42 ------------------------------------------
include/grub/efi/linux.h | 2 --
2 files changed, 44 deletions(-)
diff --git a/grub-core/loader/efi/linux.c b/grub-core/loader/efi/linux.c
index ecb6d593cef..f5ab0128991 100644
--- a/grub-core/loader/efi/linux.c
+++ b/grub-core/loader/efi/linux.c
@@ -89,48 +89,6 @@ static grub_efi_load_file2_t initrd_lf2 = {
grub_efi_initrd_load_file2
};
-#define SHIM_LOCK_GUID \
- { 0x605dab50, 0xe046, 0x4300, {0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23} }
-
-struct grub_efi_shim_lock
-{
- grub_efi_status_t (*verify) (void *buffer, grub_uint32_t size);
-};
-typedef struct grub_efi_shim_lock grub_efi_shim_lock_t;
-
-// Returns 1 on success, -1 on error, 0 when not available
-int
-grub_linuxefi_secure_validate (void *data, grub_uint32_t size)
-{
- grub_guid_t guid = SHIM_LOCK_GUID;
- grub_efi_shim_lock_t *shim_lock;
- grub_efi_status_t status;
-
- shim_lock = grub_efi_locate_protocol(&guid, NULL);
-
- grub_dprintf ("secureboot", "shim_lock: %p\n", shim_lock);
- if (!shim_lock)
- {
- grub_dprintf ("secureboot", "shim not available\n");
- return 0;
- }
-
- grub_dprintf ("secureboot", "Asking shim to verify kernel signature\n");
- status = shim_lock->verify (data, size);
- grub_dprintf ("secureboot", "shim_lock->verify(): %ld\n", (long int)status);
- if (status == GRUB_EFI_SUCCESS)
- {
- grub_dprintf ("secureboot", "Kernel signature verification passed\n");
- return 1;
- }
-
- grub_dprintf ("secureboot", "Kernel signature verification failed (0x%lx)\n",
- (unsigned long) status);
-
- return -1;
-
-}
-
#pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Wcast-align"
diff --git a/include/grub/efi/linux.h b/include/grub/efi/linux.h
index b2cfd8c1f44..c806a7757f3 100644
--- a/include/grub/efi/linux.h
+++ b/include/grub/efi/linux.h
@@ -22,8 +22,6 @@
#include <grub/err.h>
#include <grub/symbol.h>
-int
-EXPORT_FUNC(grub_linuxefi_secure_validate) (void *data, grub_uint32_t size);
grub_err_t
EXPORT_FUNC(grub_efi_linux_boot) (void *kernel_address, grub_off_t offset,
void *kernel_param);

View File

@ -1,57 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Mon, 1 Aug 2022 14:07:50 -0400
Subject: [PATCH] efi: allocate the initrd within the bounds expressed by the
kernel
Currently on x86, only linux kernels built with CONFIG_RELOCATABLE for
x86_64 can be loaded above 4G, but the maximum address for the initramfs
is specified via a HdrS field. This allows us to utilize that value,
and unless loading the kernel above 4G, uses the value present there.
If loading kernel above 4G is allowed, we assume loading the initramfs
above 4G also works; in practice this has been true in the kernel code
for quite some time.
Resolves: rhbz#2112134
Signed-off-by: Peter Jones <pjones@redhat.com>
---
grub-core/loader/i386/efi/linux.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c
index 1d7ced3d1f8..a798da334ab 100644
--- a/grub-core/loader/i386/efi/linux.c
+++ b/grub-core/loader/i386/efi/linux.c
@@ -182,6 +182,8 @@ grub_linuxefi_unload (void *data)
cmd_initrdefi->data = 0;
grub_free (context);
+ max_addresses[INITRD_MAX_ADDRESS].addr = GRUB_EFI_MAX_ALLOCATION_ADDRESS;
+
return GRUB_ERR_NONE;
}
@@ -409,11 +411,13 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
}
#endif
+ max_addresses[INITRD_MAX_ADDRESS].addr = lh->initrd_addr_max;
#if defined(__x86_64__)
if (lh->xloadflags & LINUX_XLF_CAN_BE_LOADED_ABOVE_4G)
{
grub_dprintf ("linux", "Loading kernel above 4GB is supported; enabling.\n");
max_addresses[KERNEL_NO_LIMIT].addr = GRUB_EFI_MAX_USABLE_ADDRESS;
+ max_addresses[INITRD_MAX_ADDRESS].addr = GRUB_EFI_MAX_USABLE_ADDRESS;
}
else
{
@@ -542,6 +546,8 @@ fail:
grub_dl_unref (my_mod);
+ max_addresses[INITRD_MAX_ADDRESS].addr = GRUB_EFI_MAX_ALLOCATION_ADDRESS;
+
if (lh)
kernel_free (cmdline, lh->cmdline_size + 1);

View File

@ -1,80 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Marta Lewandowska <mlewando@redhat.com>
Date: Tue, 6 Feb 2024 17:42:47 -0600
Subject: [PATCH] grub-install on EFI if forced
UEFI Secure Boot requires signed grub binaries to work, so grub-
install should not be used. However, users who have Secure Boot
disabled and wish to use the command should not be prevented from
doing so if they invoke --force.
fixes bz#1917213 / bz#2240994
Signed-off-by: Marta Lewandowska <mlewando@redhat.com>
---
util/grub-install.c | 38 +++++++++++++++++++-------------------
1 file changed, 19 insertions(+), 19 deletions(-)
diff --git a/util/grub-install.c b/util/grub-install.c
index 828e8722ba5..314b6143b8e 100644
--- a/util/grub-install.c
+++ b/util/grub-install.c
@@ -915,25 +915,6 @@ main (int argc, char *argv[])
platform = grub_install_get_target (grub_install_source_directory);
- switch (platform)
- {
- case GRUB_INSTALL_PLATFORM_ARM_EFI:
- case GRUB_INSTALL_PLATFORM_ARM64_EFI:
- case GRUB_INSTALL_PLATFORM_I386_EFI:
- case GRUB_INSTALL_PLATFORM_IA64_EFI:
- case GRUB_INSTALL_PLATFORM_LOONGARCH64_EFI:
- case GRUB_INSTALL_PLATFORM_RISCV32_EFI:
- case GRUB_INSTALL_PLATFORM_RISCV64_EFI:
- case GRUB_INSTALL_PLATFORM_X86_64_EFI:
- is_efi = 1;
- grub_util_error (_("this utility cannot be used for EFI platforms"
- " because it does not support UEFI Secure Boot"));
- break;
- default:
- is_efi = 0;
- break;
- }
-
{
char *platname = grub_install_get_platform_name (platform);
fprintf (stderr, _("Installing for %s platform.\n"), platname);
@@ -1050,6 +1031,22 @@ main (int argc, char *argv[])
switch (platform)
{
+ case GRUB_INSTALL_PLATFORM_ARM_EFI:
+ case GRUB_INSTALL_PLATFORM_ARM64_EFI:
+ case GRUB_INSTALL_PLATFORM_I386_EFI:
+ case GRUB_INSTALL_PLATFORM_IA64_EFI:
+ case GRUB_INSTALL_PLATFORM_LOONGARCH64_EFI:
+ case GRUB_INSTALL_PLATFORM_RISCV32_EFI:
+ case GRUB_INSTALL_PLATFORM_RISCV64_EFI:
+ case GRUB_INSTALL_PLATFORM_X86_64_EFI:
+ is_efi = 1;
+ if (!force)
+ grub_util_error (_("This utility should not be used for EFI platforms"
+ " because it does not support UEFI Secure Boot."
+ " If you really wish to proceed, invoke the --force"
+ " option.\nMake sure Secure Boot is disabled before"
+ " proceeding"));
+ break;
case GRUB_INSTALL_PLATFORM_I386_IEEE1275:
case GRUB_INSTALL_PLATFORM_POWERPC_IEEE1275:
#ifdef __linux__
@@ -1058,6 +1055,9 @@ main (int argc, char *argv[])
try_open ("/dev/nvram");
#endif
break;
+ /* pacify warning. */
+ case GRUB_INSTALL_PLATFORM_MAX:
+ break;
default:
break;
}

View File

@ -1,33 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Christian Glombek <cglombek@redhat.com>
Date: Tue, 14 Nov 2023 07:54:59 +0100
Subject: [PATCH] Remove [Install] section from aux systemd units
See https://bugzilla.redhat.com/show_bug.cgi?id=2247635#c7
---
docs/grub-boot-indeterminate.service | 3 ---
util/systemd/grub-systemd-integration.service.in | 3 ---
2 files changed, 6 deletions(-)
diff --git a/docs/grub-boot-indeterminate.service b/docs/grub-boot-indeterminate.service
index 5bcb474a3d3..6c8dcb186b6 100644
--- a/docs/grub-boot-indeterminate.service
+++ b/docs/grub-boot-indeterminate.service
@@ -9,6 +9,3 @@ Before=system-update-pre.target
[Service]
Type=oneshot
ExecStart=/usr/bin/grub2-editenv - incr boot_indeterminate
-
-[Install]
-WantedBy=system-update.target
diff --git a/util/systemd/grub-systemd-integration.service.in b/util/systemd/grub-systemd-integration.service.in
index 22ca1ca4885..c81fb594ce1 100644
--- a/util/systemd/grub-systemd-integration.service.in
+++ b/util/systemd/grub-systemd-integration.service.in
@@ -6,6 +6,3 @@ ConditionPathExists=/run/systemd/reboot-to-boot-loader-menu
[Service]
ExecStart=@libexecdir@/@grubdirname@/systemd-integration.sh
-
-[Install]
-WantedBy=reboot.target

View File

@ -1,25 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: raravind <raravind@redhat.com>
Date: Tue, 9 May 2023 11:29:35 +0200
Subject: [PATCH] chainloader: remove device path debug message
Remove the debug message "/EndEntire" while using GRUB chainloader command.
Signed-off-by: raravind <raravind@redhat.com>
(cherry picked from commit f75f5386b7a6a7cb2e10d30f817a3564c0a28dd7)
---
grub-core/loader/efi/chainloader.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c
index b40acdeda80..badff5e50b5 100644
--- a/grub-core/loader/efi/chainloader.c
+++ b/grub-core/loader/efi/chainloader.c
@@ -212,7 +212,6 @@ make_file_path (grub_efi_device_path_t *dp, const char *filename)
/* Fill the file path for the directory. */
d = (grub_efi_device_path_t *) ((char *) file_path
+ ((char *) d - (char *) dp));
- grub_efi_print_device_path (d);
if (copy_file_path ((grub_efi_file_path_device_path_t *) d,
dir_start, dir_end - dir_start) != GRUB_ERR_NONE)
{

View File

@ -1,61 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Leo Sandoval <lsandova@redhat.com>
Date: Mon, 15 Apr 2024 09:24:47 -0600
Subject: [PATCH] Makefile.core.def: fix linux module
Set EFI source file targets specifically for i386 and x86_64 archs,
otherwise we observe build failures at aarch64
../../grub-core/tests/videotest_checksum.c > videotest_checksum.marker.new || (rm -f videotest_checksum.marker; exit 1)
../../grub-core/loader/efi/linux.c:28:10: fatal error: grub/cpu/linux.h: No such file or directory
28 | #include <grub/cpu/linux.h>
| ^~~~~~~~~~~~~~~~~~
compilation terminated.
.
.
.
../../grub-core/loader/i386/linux.c:30:10: fatal error: grub/cpu/linux.h: No such file or directory
30 | #include <grub/cpu/linux.h>
| ^~~~~~~~~~~~~~~~~~
compilation terminated.
Signed-off-by: Leo Sandoval <lsandova@redhat.com>
---
grub-core/Makefile.core.def | 7 ++++---
grub-core/loader/efi/linux.c | 1 -
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def
index b045aac7c91..6ff4835340d 100644
--- a/grub-core/Makefile.core.def
+++ b/grub-core/Makefile.core.def
@@ -1902,13 +1902,14 @@ module = {
riscv32 = loader/efi/linux.c;
riscv64 = loader/efi/linux.c;
i386_efi = loader/i386/efi/linux.c;
+ i386_efi = loader/efi/linux.c;
+ i386_efi = loader/i386/linux.c;
x86_64_efi = loader/i386/efi/linux.c;
+ x86_64_efi = loader/efi/linux.c;
+ x86_64_efi = loader/i386/linux.c;
emu = loader/emu/linux.c;
- fdt = lib/fdt.c;
common = loader/linux.c;
common = lib/cmdline.c;
- efi = loader/efi/linux.c;
- efi = loader/i386/linux.c;
};
module = {
diff --git a/grub-core/loader/efi/linux.c b/grub-core/loader/efi/linux.c
index f5ab0128991..44587df3858 100644
--- a/grub-core/loader/efi/linux.c
+++ b/grub-core/loader/efi/linux.c
@@ -25,7 +25,6 @@
#include <grub/loader.h>
#include <grub/mm.h>
#include <grub/types.h>
-#include <grub/cpu/linux.h>
#include <grub/efi/efi.h>
#include <grub/efi/fdtload.h>
#include <grub/efi/memory.h>

View File

@ -1,270 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Matthew Garrett <mjg@redhat.com>
Date: Mon, 15 Apr 2024 11:19:31 -0600
Subject: [PATCH] Add support for Linux EFI stub loading on arm architectures
---
grub-core/loader/arm64/xen_boot.c | 1 -
grub-core/loader/efi/linux.c | 116 ++++++++++++++++++--------------------
include/grub/efi/efi.h | 28 ++++++++-
3 files changed, 80 insertions(+), 65 deletions(-)
diff --git a/grub-core/loader/arm64/xen_boot.c b/grub-core/loader/arm64/xen_boot.c
index 26e1472c9d2..9838a0f878b 100644
--- a/grub-core/loader/arm64/xen_boot.c
+++ b/grub-core/loader/arm64/xen_boot.c
@@ -252,7 +252,6 @@ xen_boot (void)
return err;
return grub_arch_efi_linux_boot_image (xen_hypervisor->start,
- xen_hypervisor->size,
xen_hypervisor->cmdline);
}
diff --git a/grub-core/loader/efi/linux.c b/grub-core/loader/efi/linux.c
index 44587df3858..8742e303d85 100644
--- a/grub-core/loader/efi/linux.c
+++ b/grub-core/loader/efi/linux.c
@@ -28,6 +28,7 @@
#include <grub/efi/efi.h>
#include <grub/efi/fdtload.h>
#include <grub/efi/memory.h>
+#include <grub/efi/linux.h>
#include <grub/efi/pe32.h>
#include <grub/efi/linux.h>
#include <grub/efi/sb.h>
@@ -42,6 +43,7 @@ static int loaded;
static void *kernel_addr;
static grub_uint64_t kernel_size;
+static grub_uint32_t handover_offset;
static char *linux_args;
static grub_uint32_t cmdline_size;
@@ -94,7 +96,7 @@ static grub_efi_load_file2_t initrd_lf2 = {
typedef void (*handover_func) (void *, grub_efi_system_table_t *, void *);
grub_err_t
-grub_efi_linux_boot (void *kernel_address, grub_off_t handover_offset,
+grub_efi_linux_boot (void *kernel_address, grub_off_t ho_offset,
void *kernel_params)
{
grub_efi_loaded_image_t *loaded_image = NULL;
@@ -117,8 +119,8 @@ grub_efi_linux_boot (void *kernel_address, grub_off_t handover_offset,
grub_dprintf ("linux", "Loaded Image base address could not be set\n");
grub_dprintf ("linux", "kernel_address: %p handover_offset: %p params: %p\n",
- kernel_address, (void *)(grub_efi_uintn_t)handover_offset, kernel_params);
- hf = (handover_func)((char *)kernel_address + handover_offset + offset);
+ kernel_address, (void *)(grub_efi_uintn_t)ho_offset, kernel_params);
+ hf = (handover_func)((char *)kernel_address + ho_offset + offset);
hf (grub_efi_image_handle, grub_efi_system_table, kernel_params);
return GRUB_ERR_BUG;
@@ -178,7 +180,8 @@ grub_arch_efi_linux_load_image_header (grub_file_t file,
static grub_err_t
finalize_params_linux (void)
{
- int node, retval;
+ grub_efi_loaded_image_t *loaded_image = NULL;
+ int node, retval, len;
void *fdt;
@@ -213,79 +216,65 @@ finalize_params_linux (void)
if (grub_fdt_install() != GRUB_ERR_NONE)
goto failure;
- return GRUB_ERR_NONE;
-
-failure:
- grub_fdt_unload();
- return grub_error(GRUB_ERR_BAD_OS, "failed to install/update FDT");
-}
-#endif
-
-grub_err_t
-grub_arch_efi_linux_boot_image (grub_addr_t addr, grub_size_t size, char *args)
-{
- grub_efi_memory_mapped_device_path_t *mempath;
- grub_efi_handle_t image_handle;
- grub_efi_boot_services_t *b;
- grub_efi_status_t status;
- grub_efi_loaded_image_t *loaded_image;
- int len;
-
- mempath = grub_malloc (2 * sizeof (grub_efi_memory_mapped_device_path_t));
- if (!mempath)
- return grub_errno;
-
- mempath[0].header.type = GRUB_EFI_HARDWARE_DEVICE_PATH_TYPE;
- mempath[0].header.subtype = GRUB_EFI_MEMORY_MAPPED_DEVICE_PATH_SUBTYPE;
- mempath[0].header.length = grub_cpu_to_le16_compile_time (sizeof (*mempath));
- mempath[0].memory_type = GRUB_EFI_LOADER_DATA;
- mempath[0].start_address = addr;
- mempath[0].end_address = addr + size;
-
- mempath[1].header.type = GRUB_EFI_END_DEVICE_PATH_TYPE;
- mempath[1].header.subtype = GRUB_EFI_END_ENTIRE_DEVICE_PATH_SUBTYPE;
- mempath[1].header.length = sizeof (grub_efi_device_path_t);
-
- b = grub_efi_system_table->boot_services;
- status = b->load_image (0, grub_efi_image_handle,
- (grub_efi_device_path_t *) mempath,
- (void *) addr, size, &image_handle);
- if (status != GRUB_EFI_SUCCESS)
- return grub_error (GRUB_ERR_BAD_OS, "cannot load image");
-
- grub_dprintf ("linux", "linux command line: '%s'\n", args);
+ grub_dprintf ("linux", "Installed/updated FDT configuration table @ %p\n",
+ fdt);
/* Convert command line to UCS-2 */
- loaded_image = grub_efi_get_loaded_image (image_handle);
+ loaded_image = grub_efi_get_loaded_image (grub_efi_image_handle);
if (loaded_image == NULL)
{
grub_error (GRUB_ERR_BAD_FIRMWARE, "missing loaded_image proto");
- goto unload;
+ goto failure;
}
loaded_image->load_options_size = len =
- (grub_strlen (args) + 1) * sizeof (grub_efi_char16_t);
+ (grub_strlen (linux_args) + 1) * sizeof (grub_efi_char16_t);
loaded_image->load_options =
grub_efi_allocate_any_pages (GRUB_EFI_BYTES_TO_PAGES (loaded_image->load_options_size));
if (!loaded_image->load_options)
- return grub_errno;
+ return grub_error(GRUB_ERR_BAD_OS, "failed to create kernel parameters");
loaded_image->load_options_size =
2 * grub_utf8_to_utf16 (loaded_image->load_options, len,
- (grub_uint8_t *) args, len, NULL);
+ (grub_uint8_t *) linux_args, len, NULL);
- grub_dprintf ("linux", "starting image %p\n", image_handle);
- status = b->start_image (image_handle, 0, NULL);
+ return GRUB_ERR_NONE;
- /* When successful, not reached */
- grub_error (GRUB_ERR_BAD_OS, "start_image() returned 0x%" PRIxGRUB_EFI_UINTN_T, status);
- grub_efi_free_pages ((grub_addr_t) loaded_image->load_options,
- GRUB_EFI_BYTES_TO_PAGES (loaded_image->load_options_size));
-unload:
- b->unload_image (image_handle);
+failure:
+ grub_fdt_unload();
+ return grub_error(GRUB_ERR_BAD_OS, "failed to install/update FDT");
+}
+#endif
+
+static void
+free_params (void)
+{
+ grub_efi_loaded_image_t *loaded_image = NULL;
- return grub_errno;
+ loaded_image = grub_efi_get_loaded_image (grub_efi_image_handle);
+ if (loaded_image)
+ {
+ if (loaded_image->load_options)
+ grub_efi_free_pages ((grub_efi_physical_address_t)(grub_efi_uintn_t)loaded_image->load_options,
+ GRUB_EFI_BYTES_TO_PAGES (loaded_image->load_options_size));
+ loaded_image->load_options = NULL;
+ loaded_image->load_options_size = 0;
+ }
}
+grub_err_t
+grub_arch_efi_linux_boot_image (grub_addr_t addr, char *args)
+{
+ grub_err_t retval;
+
+ grub_dprintf ("linux", "linux command line: '%s'\n", args);
+
+ retval = grub_efi_linux_boot ((char *)addr, handover_offset, (void *)addr);
+
+ /* Never reached... */
+ free_params();
+ return retval;
+ }
+
static grub_err_t
grub_linux_boot (void)
{
@@ -294,8 +283,7 @@ grub_linux_boot (void)
return grub_errno;
#endif
- return grub_arch_efi_linux_boot_image ((grub_addr_t) kernel_addr,
- kernel_size, linux_args);
+ return grub_arch_efi_linux_boot_image ((grub_addr_t) kernel_addr, linux_args);
}
static grub_err_t
@@ -572,6 +560,12 @@ fallback:
grub_dprintf ("linux", "kernel @ %p\n", kernel_addr);
+#if !defined(__i386__) && !defined(__x86_64__)
+ struct grub_armxx_linux_pe_header *pe;
+ pe = (void *)((unsigned long)kernel_addr + lh.hdr_offset);
+ handover_offset = pe->opt.entry_addr;
+#endif
+
cmdline_size = grub_loader_cmdline_size (argc, argv) + sizeof (LINUX_IMAGE);
linux_args = grub_malloc (cmdline_size);
if (!linux_args)
diff --git a/include/grub/efi/efi.h b/include/grub/efi/efi.h
index 83ddbe26e57..bff833468ee 100644
--- a/include/grub/efi/efi.h
+++ b/include/grub/efi/efi.h
@@ -20,6 +20,7 @@
#ifndef GRUB_EFI_EFI_HEADER
#define GRUB_EFI_EFI_HEADER 1
+#include <grub/efi/pe32.h>
#include <grub/types.h>
#include <grub/dl.h>
#include <grub/efi/api.h>
@@ -36,7 +37,29 @@ struct linux_arch_kernel_header {
struct grub_pe_image_header pe_image_header;
};
-#define GRUB_EFI_GRUB_VARIABLE_GUID \
+struct grub_arm_linux_pe_header
+{
+ grub_uint32_t magic;
+ struct grub_pe32_coff_header coff;
+ struct grub_pe32_optional_header opt;
+};
+
+struct grub_arm64_linux_pe_header
+{
+ grub_uint32_t magic;
+ struct grub_pe32_coff_header coff;
+ struct grub_pe64_optional_header opt;
+};
+
+#if defined(__arm__)
+# define grub_armxx_linux_pe_header grub_arm_linux_pe_header
+#endif
+
+#if defined(__aarch64__)
+# define grub_armxx_linux_pe_header grub_arm64_linux_pe_header
+#endif
+
+#define GRUB_EFI_GRUB_VARIABLE_GUID \
{ 0x91376aff, 0xcba6, 0x42be, \
{ 0x94, 0x9d, 0x06, 0xfd, 0xe8, 0x11, 0x28, 0xe8 } \
}
@@ -173,8 +196,7 @@ grub_err_t EXPORT_FUNC(grub_efi_get_ram_base)(grub_addr_t *);
#include <grub/file.h>
grub_err_t grub_arch_efi_linux_load_image_header(grub_file_t file,
struct linux_arch_kernel_header *lh);
-grub_err_t grub_arch_efi_linux_boot_image(grub_addr_t addr, grub_size_t size,
- char *args);
+grub_err_t grub_arch_efi_linux_boot_image(grub_addr_t addr, char *args);
grub_addr_t grub_efi_section_addr (const char *section);

View File

@ -1,209 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Date: Tue, 16 Apr 2024 12:22:54 -0600
Subject: [PATCH] arm64: Fix EFI loader kernel image allocation
We are currently allocating just enough memory for the file size,
which means that the kernel BSS is in limbo (and not even zeroed).
We are also not honoring the alignment specified in the image
PE header.
This makes us use the PE optional header in which the kernel puts the
actual size it needs, including BSS, and make sure we clear it, and
honors the specified alignment for the image.
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
[pjones: arm: check for the PE magic for the compiled arch]
Signed-off-by: Peter Jones <pjones@redhat.com>
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
---
grub-core/loader/efi/linux.c | 93 +++++++++++++++++++++++++++++++-------------
include/grub/efi/efi.h | 3 +-
2 files changed, 68 insertions(+), 28 deletions(-)
diff --git a/grub-core/loader/efi/linux.c b/grub-core/loader/efi/linux.c
index ddb27834131..cb9de5565de 100644
--- a/grub-core/loader/efi/linux.c
+++ b/grub-core/loader/efi/linux.c
@@ -41,6 +41,8 @@ GRUB_MOD_LICENSE ("GPLv3+");
static grub_dl_t my_mod;
static int loaded;
+static void *kernel_alloc_addr;
+static grub_uint32_t kernel_alloc_pages;
static void *kernel_addr;
static grub_uint64_t kernel_size;
static grub_uint32_t handover_offset;
@@ -319,9 +321,8 @@ grub_linux_unload (void)
GRUB_EFI_BYTES_TO_PAGES (initrd_end - initrd_start));
initrd_start = initrd_end = 0;
grub_free (linux_args);
- if (kernel_addr)
- grub_efi_free_pages ((grub_addr_t) kernel_addr,
- GRUB_EFI_BYTES_TO_PAGES (kernel_size));
+ if (kernel_alloc_addr)
+ grub_efi_free_pages ((grub_addr_t) kernel_alloc_addr, kernel_alloc_pages);
#if !defined(__i386__) && !defined(__x86_64__)
grub_fdt_unload ();
#endif
@@ -512,12 +513,37 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)),
return grub_errno;
}
+#if !defined(__i386__) && !defined(__x86_64__)
+static grub_err_t
+parse_pe_header (void *kernel, grub_uint64_t *total_size,
+ grub_uint32_t *entry_offset,
+ grub_uint32_t *alignment)
+{
+ struct linux_arch_kernel_header *lh = kernel;
+ struct grub_armxx_linux_pe_header *pe;
+
+ pe = (void *)((unsigned long)kernel + lh->hdr_offset);
+
+ if (pe->opt.magic != GRUB_PE32_PEXX_MAGIC)
+ return grub_error(GRUB_ERR_BAD_OS, "Invalid PE optional header magic");
+
+ *total_size = pe->opt.image_size;
+ *entry_offset = pe->opt.entry_addr;
+ *alignment = pe->opt.section_alignment;
+
+ return GRUB_ERR_NONE;
+}
+#endif
+
static grub_err_t
grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
int argc, char *argv[])
{
grub_file_t file = 0;
struct linux_arch_kernel_header lh;
+ grub_off_t filelen;
+ grub_uint32_t align;
+ void *kernel = NULL;
grub_err_t err;
grub_dl_ref (my_mod);
@@ -548,8 +574,6 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
if (!file)
goto fail;
- kernel_size = grub_file_size (file);
-
if (grub_arch_efi_linux_load_image_header (file, &lh) != GRUB_ERR_NONE)
#if !defined(__i386__) && !defined(__x86_64__)
goto fail;
@@ -570,33 +594,46 @@ fallback:
}
#endif
+ filelen = grub_file_size (file);
+ kernel = grub_malloc(filelen);
+ if (!kernel)
+ {
+ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("cannot allocate kernel load buffer"));
+ goto fail;
+ }
+
+ if (grub_file_read (file, kernel, filelen) < (grub_ssize_t)filelen)
+ {
+ grub_error (GRUB_ERR_FILE_READ_ERROR, N_("Can't read kernel %s"),
+ argv[0]);
+ goto fail;
+ }
+
+#if !defined(__i386__) && !defined(__x86_64__)
+ if (parse_pe_header (kernel, &kernel_size, &handover_offset, &align) != GRUB_ERR_NONE)
+ goto fail;
+ grub_dprintf ("linux", "kernel mem size : %lld\n", (long long) kernel_size);
+ grub_dprintf ("linux", "kernel entry offset : %d\n", handover_offset);
+ grub_dprintf ("linux", "kernel alignment : 0x%x\n", align);
+
grub_loader_unset();
- grub_dprintf ("linux", "kernel file size: %lld\n", (long long) kernel_size);
- kernel_addr = grub_efi_allocate_any_pages (GRUB_EFI_BYTES_TO_PAGES (kernel_size));
- grub_dprintf ("linux", "kernel numpages: %lld\n",
- (long long) GRUB_EFI_BYTES_TO_PAGES (kernel_size));
- if (!kernel_addr)
+ kernel_alloc_pages = GRUB_EFI_BYTES_TO_PAGES (kernel_size + align - 1);
+ kernel_alloc_addr = grub_efi_allocate_any_pages (kernel_alloc_pages);
+ grub_dprintf ("linux", "kernel numpages: %d\n", kernel_alloc_pages);
+ if (!kernel_alloc_addr)
{
grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory"));
goto fail;
}
-
- grub_file_seek (file, 0);
- if (grub_file_read (file, kernel_addr, kernel_size)
- < (grub_int64_t) kernel_size)
- {
- if (!grub_errno)
- grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"), argv[0]);
- goto fail;
- }
+ kernel_addr = (void *)ALIGN_UP((grub_uint64_t)kernel_alloc_addr, align);
grub_dprintf ("linux", "kernel @ %p\n", kernel_addr);
-
-#if !defined(__i386__) && !defined(__x86_64__)
- struct grub_armxx_linux_pe_header *pe;
- pe = (void *)((unsigned long)kernel_addr + lh.hdr_offset);
- handover_offset = pe->opt.entry_addr;
+ grub_memcpy (kernel_addr, kernel, grub_min(filelen, kernel_size));
+ if (kernel_size > filelen)
+ grub_memset ((char *)kernel_addr + filelen, 0, kernel_size - filelen);
+ grub_free(kernel);
+ kernel = NULL;
#endif
cmdline_size = grub_loader_cmdline_size (argc, argv) + sizeof (LINUX_IMAGE);
@@ -621,6 +658,9 @@ fallback:
}
fail:
+ if (kernel)
+ grub_free (kernel);
+
if (file)
grub_file_close (file);
@@ -633,9 +673,8 @@ fail:
if (linux_args && !loaded)
grub_free (linux_args);
- if (kernel_addr && !loaded)
- grub_efi_free_pages ((grub_addr_t) kernel_addr,
- GRUB_EFI_BYTES_TO_PAGES (kernel_size));
+ if (kernel_alloc_addr && !loaded)
+ grub_efi_free_pages ((grub_addr_t) kernel_alloc_addr, kernel_alloc_pages);
return grub_errno;
}
diff --git a/include/grub/efi/efi.h b/include/grub/efi/efi.h
index bff833468ee..c40684821e1 100644
--- a/include/grub/efi/efi.h
+++ b/include/grub/efi/efi.h
@@ -20,7 +20,6 @@
#ifndef GRUB_EFI_EFI_HEADER
#define GRUB_EFI_EFI_HEADER 1
-#include <grub/efi/pe32.h>
#include <grub/types.h>
#include <grub/dl.h>
#include <grub/efi/api.h>
@@ -52,10 +51,12 @@ struct grub_arm64_linux_pe_header
};
#if defined(__arm__)
+# define GRUB_PE32_PEXX_MAGIC GRUB_PE32_PE32_MAGIC
# define grub_armxx_linux_pe_header grub_arm_linux_pe_header
#endif
#if defined(__aarch64__)
+# define GRUB_PE32_PEXX_MAGIC GRUB_PE32_PE64_MAGIC
# define grub_armxx_linux_pe_header grub_arm64_linux_pe_header
#endif

View File

@ -1,95 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Jeremy Linton <jeremy.linton@arm.com>
Date: Tue, 16 Apr 2024 13:26:55 -0600
Subject: [PATCH] Correct BSS zeroing on aarch64
The aarch64 loader doesn't use efi bootservices, and
therefor it has a very minimal loader which makes a lot
of assumptions about the kernel layout. With the ZBOOT
changes, the layout has changed a bit and we not should
really be parsing the PE sections to determine how much
data to copy, otherwise the BSS won't be setup properly.
This code still makes a lot of assumptions about the
the kernel layout, so its far from ideal, but it works.
Resolves: rhbz#2125069
Signed-off-by: Jeremy Linton <jeremy.linton@arm.com>
---
grub-core/loader/efi/linux.c | 27 ++++++++++++++++++++++-----
1 file changed, 22 insertions(+), 5 deletions(-)
diff --git a/grub-core/loader/efi/linux.c b/grub-core/loader/efi/linux.c
index ecaa8c18c4d..55c5c8600d4 100644
--- a/grub-core/loader/efi/linux.c
+++ b/grub-core/loader/efi/linux.c
@@ -517,10 +517,12 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)),
static grub_err_t
parse_pe_header (void *kernel, grub_uint64_t *total_size,
grub_uint32_t *entry_offset,
- grub_uint32_t *alignment)
+ grub_uint32_t *alignment, grub_uint32_t *code_size)
{
struct linux_arch_kernel_header *lh = kernel;
struct grub_armxx_linux_pe_header *pe;
+ grub_uint16_t i;
+ struct grub_pe32_section_table *sections;
pe = (void *)((unsigned long)kernel + lh->hdr_offset);
@@ -530,6 +532,19 @@ parse_pe_header (void *kernel, grub_uint64_t *total_size,
*total_size = pe->opt.image_size;
*entry_offset = pe->opt.entry_addr;
*alignment = pe->opt.section_alignment;
+ *code_size = pe->opt.section_alignment;
+
+ sections = (struct grub_pe32_section_table *) ((char *)&pe->opt +
+ pe->coff.optional_header_size);
+ grub_dprintf ("linux", "num_sections : %d\n", pe->coff.num_sections );
+ for (i = 0 ; i < pe->coff.num_sections; i++)
+ {
+ grub_dprintf ("linux", "raw_size : %lld\n",
+ (long long) sections[i].raw_data_size);
+ grub_dprintf ("linux", "virt_size : %lld\n",
+ (long long) sections[i].virtual_size);
+ *code_size += sections[i].raw_data_size;
+ }
return GRUB_ERR_NONE;
}
@@ -543,6 +558,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
struct linux_arch_kernel_header lh;
grub_off_t filelen;
grub_uint32_t align;
+ grub_uint32_t code_size;
void *kernel = NULL;
grub_err_t err;
@@ -610,11 +626,12 @@ fallback:
}
#if !defined(__i386__) && !defined(__x86_64__)
- if (parse_pe_header (kernel, &kernel_size, &handover_offset, &align) != GRUB_ERR_NONE)
+ if (parse_pe_header (kernel, &kernel_size, &handover_offset, &align, &code_size) != GRUB_ERR_NONE)
goto fail;
grub_dprintf ("linux", "kernel mem size : %lld\n", (long long) kernel_size);
grub_dprintf ("linux", "kernel entry offset : %d\n", handover_offset);
grub_dprintf ("linux", "kernel alignment : 0x%x\n", align);
+ grub_dprintf ("linux", "kernel size : 0x%x\n", code_size);
grub_loader_unset();
@@ -629,9 +646,9 @@ fallback:
kernel_addr = (void *)ALIGN_UP((grub_uint64_t)kernel_alloc_addr, align);
grub_dprintf ("linux", "kernel @ %p\n", kernel_addr);
- grub_memcpy (kernel_addr, kernel, grub_min(filelen, kernel_size));
- if (kernel_size > filelen)
- grub_memset ((char *)kernel_addr + filelen, 0, kernel_size - filelen);
+ grub_memcpy (kernel_addr, kernel, grub_min(code_size, kernel_size));
+ if (kernel_size > code_size)
+ grub_memset ((char *)kernel_addr + code_size, 0, kernel_size - code_size);
grub_free(kernel);
kernel = NULL;
#endif

View File

@ -1,44 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Maximilian Luz <luzmaximilian@gmail.com>
Date: Tue, 16 Apr 2024 14:21:49 -0600
Subject: [PATCH] arm64: Use proper memory type for kernel allocation
Currently, the kernel pages are allocated with type EFI_LOADER_DATA.
While the vast majority of systems will happily execute code from those
pages (i.e. don't care about memory protection), the Microsoft Surface
Pro X stalls, as this memory is not designated as "executable".
Therefore, allocate the kernel pages as EFI_LOADER_CODE to request
memory that is actually executable.
Signed-off-by: Maximilian Luz <luzmaximilian@gmail.com>
---
grub-core/loader/efi/linux.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/grub-core/loader/efi/linux.c b/grub-core/loader/efi/linux.c
index 55c5c8600d4..d9ded7c4f12 100644
--- a/grub-core/loader/efi/linux.c
+++ b/grub-core/loader/efi/linux.c
@@ -25,7 +25,9 @@
#include <grub/loader.h>
#include <grub/mm.h>
#include <grub/types.h>
+#include <grub/efi/api.h>
#include <grub/efi/efi.h>
+#include <grub/cpu/efi/memory.h>
#include <grub/efi/fdtload.h>
#include <grub/efi/memory.h>
#include <grub/efi/linux.h>
@@ -636,7 +638,10 @@ fallback:
grub_loader_unset();
kernel_alloc_pages = GRUB_EFI_BYTES_TO_PAGES (kernel_size + align - 1);
- kernel_alloc_addr = grub_efi_allocate_any_pages (kernel_alloc_pages);
+ kernel_alloc_addr = grub_efi_allocate_pages_real (GRUB_EFI_MAX_USABLE_ADDRESS,
+ kernel_alloc_pages,
+ GRUB_EFI_ALLOCATE_MAX_ADDRESS,
+ GRUB_EFI_LOADER_CODE);
grub_dprintf ("linux", "kernel numpages: %d\n", kernel_alloc_pages);
if (!kernel_alloc_addr)
{

View File

@ -1,27 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Nicolas Frayer <nfrayer@redhat.com>
Date: Tue, 19 Dec 2023 16:52:05 +0100
Subject: [PATCH] normal: Remove grub_env_set prefix in grub_try_normal_prefix
Commit de735a453aa35 added a grub_env_set where the prefix contains
the arch name in the pathname. This create issues when trying to
load modules using this prefix as the pathname contains a "doubled"
arch name in it (ie .../powerpc-ieee1275/powerpc-ieee1275/).
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
---
grub-core/normal/main.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/grub-core/normal/main.c b/grub-core/normal/main.c
index 803b9656d36..26872ce9477 100644
--- a/grub-core/normal/main.c
+++ b/grub-core/normal/main.c
@@ -372,7 +372,6 @@ grub_try_normal_prefix (const char *prefix)
file = grub_file_open (config, GRUB_FILE_TYPE_CONFIG);
if (file)
{
- grub_env_set ("prefix", prefix);
grub_file_close (file);
err = GRUB_ERR_NONE;
}

View File

@ -1,54 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Jon DeVree <nuxi@vault24.org>
Date: Sun, 11 Feb 2024 10:34:58 -0500
Subject: [PATCH] fs/xfs: Handle non-continuous data blocks in directory
extents
The directory extent list does not have to be a continuous list of data
blocks. When GRUB tries to read a non-existant member of the list,
grub_xfs_read_file() will return a block of zero'ed memory. Checking for
a zero'ed magic number is sufficient to skip this non-existant data block.
Prior to commit 07318ee7e (fs/xfs: Fix XFS directory extent parsing)
this was handled as a subtle side effect of reading the (non-existant)
tail data structure. Since the block was zero'ed the computation of the
number of directory entries in the block would return 0 as well.
Fixes: 07318ee7e (fs/xfs: Fix XFS directory extent parsing)
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2254370
Signed-off-by: Jon DeVree <nuxi@vault24.org>
Reviewed-By: Vladimir Serbinenko <phcoder@gmail.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/fs/xfs.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/grub-core/fs/xfs.c b/grub-core/fs/xfs.c
index bc2224dbb46..8e02ab4a301 100644
--- a/grub-core/fs/xfs.c
+++ b/grub-core/fs/xfs.c
@@ -902,6 +902,7 @@ grub_xfs_iterate_dir (grub_fshelp_node_t dir,
grub_xfs_first_de(dir->data, dirblock);
int entries = -1;
char *end = dirblock + dirblk_size;
+ grub_uint32_t magic;
numread = grub_xfs_read_file (dir, 0, 0,
blk << dirblk_log2,
@@ -912,6 +913,15 @@ grub_xfs_iterate_dir (grub_fshelp_node_t dir,
return 0;
}
+ /*
+ * If this data block isn't actually part of the extent list then
+ * grub_xfs_read_file() returns a block of zeros. So, if the magic
+ * number field is all zeros then this block should be skipped.
+ */
+ magic = *(grub_uint32_t *)(void *) dirblock;
+ if (!magic)
+ continue;
+
/*
* Leaf and tail information are only in the data block if the number
* of extents is 1.

View File

@ -1,28 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Nicolas Frayer <nfrayer@redhat.com>
Date: Wed, 17 Jan 2024 21:15:14 +0100
Subject: [PATCH] Ignore warnings for incompatible types
Add -Wno-incompatible-pointer-types to ignore warnings for incompatible
types
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
---
configure.ac | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/configure.ac b/configure.ac
index d223fe3ef6e..4788f3d6adc 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2166,8 +2166,8 @@ if test x"$enable_wextra" != xno ; then
HOST_CFLAGS="$HOST_CFLAGS -Wextra"
fi
-TARGET_CFLAGS="$TARGET_CFLAGS -Werror=trampolines -fno-trampolines"
-HOST_CFLAGS="$HOST_CFLAGS -Werror=trampolines -fno-trampolines"
+TARGET_CFLAGS="$TARGET_CFLAGS -Werror=trampolines -fno-trampolines -Wno-incompatible-pointer-types"
+HOST_CFLAGS="$HOST_CFLAGS -Werror=trampolines -fno-trampolines -Wno-incompatible-pointer-types"
TARGET_CPP="$TARGET_CC -E"
TARGET_CCAS=$TARGET_CC

Some files were not shown because too many files have changed in this diff Show More