- Resolves: RHEL-23620, nvram help page and man page are not in sync

- Resolves: RHEL-23619, segault when running nvram --nvram-size 268435456 - Resolves: RHEL-23624, segault when running nvram --print-config
2024-06-29 12:09:32 +02:00 · 2024-06-29 12:09:32 +02:00 · 4f86b8edb0
commit 4f86b8edb0
parent 638fc9b38a
4 changed files with 164 additions and 2 deletions
--- a/powerpc-utils-1.3.10-nvram-manpage.patch
+++ b/powerpc-utils-1.3.10-nvram-manpage.patch
@ -0,0 +1,47 @@
+commit d604cc779741c29cbdc8da97cbfc1512fd21fc1b
+Author: Likhitha Korrapati <likhitha@linux.ibm.com>
+Date:   Fri Aug 11 00:41:14 2023 -0500
+
+    nvram man page and --help output are not in sync
+    
+    The nvram man page and the output from --help option are not in
+    sync and few of the options are missing in man page.
+    
+    The options that are missing are ascii, dump, nvram-size, zero.
+    These options are added through the commit ids [1], [2].
+    
+    This patch adds the above missing options to the nvram.
+    
+    [1] https://github.com/ibm-power-utilities/powerpc-utils/commit/0e09f4e2898e7dea556479b018a7f4bf12108099
+    [2] https://github.com/ibm-power-utilities/powerpc-utils/commit/976dbe9bb7b01b135cac3e7bbd1dce0cdc88636a
+    
+    Signed-off-by: Likhitha Korrapati <likhitha@linux.ibm.com>
+    Signed-off-by: Tyrel Datwyler <tyreld@linux.ibm.com>
+
+diff --git a/man/nvram.8 b/man/nvram.8
+index 2938e34..6071712 100644
+--- a/man/nvram.8
+++ b/man/nvram.8
+@@ -67,6 +67,22 @@ be more verbose.
+ \fB\--help
+ print usage information including other low level options useful for
+ debugging nvram.
+.TP
+\fB\--ascii \fIname
+print partition contents as ASCII text
+.TP
+\fB\--dump \fIname
+raw dump of partition (use --partitions to see names)
+.TP
+\fB\--nvram-size
+specify size of nvram data, must in multiples of 16 Bytes (for repair 
+operations)
+.TP
+\fB\--unzip \fIname
+decompress and print compressed data from partition
+.TP
+\fB\--zero | 0 \fR
+terminate config pairs with a NULL character
+ .SH FILES
+ /dev/nvram
+ .SH AUTHOR
--- a/powerpc-utils-1.3.10-nvram-print-config-crash.patch
+++ b/powerpc-utils-1.3.10-nvram-print-config-crash.patch
@ -0,0 +1,47 @@
+commit 3f72b8326a2fc9a9dffb4b31d0ce3abf12e24751
+Author: Likhitha Korrapati <likhitha@linux.ibm.com>
+Date:   Thu Jan 25 15:44:02 2024 +0530
+
+    powerpc/nvram: fix segmentation fault issue in print-config
+    
+    print-config option in nvram results in segmentation fault when the
+    user provides a very large value.
+    
+    without the patch:
+    [root@xxx powerpc-utils]# nvram --print-config=real-mode?
+    true
+    [root@xxx powerpc-utils]# nvram --print-config=$(perl -e 'p
+    rint "A"x1000000')
+    Segmentation fault (core dumped)
+    
+    The Segmentation fault occurs because the code tries to access memory
+    beyond the bounds of the data at index varlen. varlen is the length of
+    the string provided by the user.
+    
+    This patch adds a condition to check whether the length of the data is
+    greater than varlen to prevent accessing out of bounds.
+    
+    with the patch:
+    [root@xxx powerpc-utils]# ./src/nvram --print-config=real-m
+    ode?
+    true
+    [root@xxx powerpc-utils]# ./src/nvram --print-config=$(perl
+     -e 'print "A"x1000000')
+    
+    Reported-by: Shirisha Ganta <shirisha@linux.ibm.com>
+    Signed-off-by: Likhitha Korrapati <likhitha@linux.ibm.com>
+    Signed-off-by: Tyrel Datwyler <tyreld@linux.ibm.com>
+
+diff --git a/src/nvram.c b/src/nvram.c
+index f051e9c..095e747 100644
+--- a/src/nvram.c
+++ b/src/nvram.c
+@@ -1280,7 +1280,7 @@ print_of_config(struct nvram *nvram, char *config_var, char *pname,
+ 
+ 	data = (char *)phead + sizeof(*phead);
+ 	while (*data != '\0') {
+-	    if ((data[varlen] == '=') && 
+	    if (strlen(data) > varlen && (data[varlen] == '=') &&
+ 		strncmp(config_var, data, varlen) == 0) {
+ 		printf("%s%c", data + varlen + 1, terminator);
+ 		rc = 0;
--- a/powerpc-utils-1.3.10-nvram-size-crash.patch
+++ b/powerpc-utils-1.3.10-nvram-size-crash.patch
@ -0,0 +1,51 @@
+commit a6d31caf4eaa453d3ec879f02163b3a515789b85
+Author: Likhitha Korrapati <likhitha@linux.ibm.com>
+Date:   Mon Sep 11 05:23:37 2023 -0500
+
+    powerpc/nvram: Fix Segmentation fault issue in nvram-size.
+    
+    nvram-size option results in segmentation fault when the user
+    specifies value larger than the default nvram size
+    
+    Without the patch:
+    [root@xxx ~]# nvram --nvram-size 1048592
+    nvram: WARNING: expected 1048592 bytes, but only read 15360!
+    Segmentation fault (core dumped)
+    
+    Segmentation fault is caused because the phead->length is becoming 0.
+    And because of this the p_start doesn't get updated which makes the
+    while loop run infinitely resulting in segmentation fault.
+    This patch adds a condition check for phead->length to avoid infinite
+    while loop.
+    
+    With the patch:
+    [root@xxx src]# ./nvram --nvram-size 1048592
+    ./nvram: WARNING: expected 1048592 bytes, but only read 15360!
+    [root@xxx src]# ./nvram --nvram-size 268435456
+    ./nvram: WARNING: expected 268435456 bytes, but only read 15360!
+    [root@xxx src]#
+    
+    Reported-by: Shirisha Ganta <shirisha@linux.ibm.com>
+    Signed-off-by: Likhitha Korrapati <likhitha@linux.ibm.com>
+    [tyreld: fixed up else block]
+    Signed-off-by: Tyrel Datwyler <tyreld@linux.ibm.com>
+
+diff --git a/src/nvram.c b/src/nvram.c
+index 095e747..1987c3d 100644
+--- a/src/nvram.c
+++ b/src/nvram.c
+@@ -460,8 +460,12 @@ nvram_parse_partitions(struct nvram *nvram)
+ 	c_sum = checksum(phead);
+ 	if (c_sum != phead->checksum)
+ 	    warn_msg("this partition checksum should be %02x!\n", c_sum);
+-	phead->length = be16toh(phead->length);
+-	p_start += phead->length * NVRAM_BLOCK_SIZE;
+	if (phead->length != 0) {
+		phead->length = be16toh(phead->length);
+		p_start += phead->length * NVRAM_BLOCK_SIZE;
+	} else {
+		break;
+	}
+     }
+ 
+     if (verbose)
--- a/powerpc-utils.spec
+++ b/powerpc-utils.spec
@ -1,6 +1,6 @@
 Name: powerpc-utils
 Version: 1.3.10
-Release: 10%{?dist}
+Release: 11%{?dist}
 Summary: PERL-based scripts for maintaining and servicing PowerPC systems

 License: GPLv2
@ -45,13 +45,25 @@ Patch18: powerpc-utils-372599ed28d65a79d4c3b3405a8e04034eb58e09.patch
 Patch19: powerpc-utils-e0928dc5e5375591a4cff6ffabc6063771288f59.patch
 Patch20: powerpc-utils-d0bc79aedaf76eff09a5d1f399da09561a4d4d7d.patch
 Patch21: powerpc-utils-7698adc945372e901c2bc3f7066a5a1c219bf1d8.patch
+
 # lpar can't boot up after installation if nsid of nvme device is greater than 10.
 Patch22: powerpc-utils-8a7aa61c5f520df03e53e6f7e1d63b7d5c432376.patch
+
 # rtas_dbg -l returns large negativ value
 Patch23: powerpc-utils-rtas_dbg_return_negativ_value.patch
+
 # Support multiple dev paths for a nvme boot device
 Patch24: 0001-scripts-bootlist-Support-multiple-dev-paths-for-a-nv.patch

+# segault when running nvram --print-config
+Patch25: powerpc-utils-1.3.10-nvram-print-config-crash.patch
+
+# segault when running nvram --nvram-size 268435456
+Patch26: powerpc-utils-1.3.10-nvram-size-crash.patch
+
+# nvram help page and man page are not in sync
+Patch27: powerpc-utils-1.3.10-nvram-manpage.patch
+
 ExclusiveArch: ppc %{power64}

 BuildRequires: gcc
@ -168,7 +180,7 @@ systemctl enable hcn-init.service >/dev/null 2>&1 || :
 %license COPYING
 %dir %{_localstatedir}/lib/powerpc-utils
 %dir /etc/drmgr.d/pmig
-%config(noreplace) %{_localstatedir}/lib/powerpc-utils/smt.state
+%verify(not md5 size mtime) %config(noreplace) %{_localstatedir}/lib/powerpc-utils/smt.state
 %{_unitdir}/smtstate.service
 %{_unitdir}/smt_off.service
 %{_unitdir}/hcn-init.service
@ -245,6 +257,11 @@ systemctl enable hcn-init.service >/dev/null 2>&1 || :


 %changelog
+* Sat Jun 29 2024 Than Ngo <than@redhat.com> - 1.3.10-11
+- Resolves: RHEL-23620, nvram help page and man page are not in sync
+- Resolves: RHEL-23619, segault when running nvram --nvram-size 268435456
+- Resolves: RHEL-23624, segault when running nvram --print-config
+
 * Tue Jan 30 2024 Than Ngo <than@redhat.com> - 1.3.10-10
 - Resolves: RHEL-22830, Support multiple dev paths for a nvme boot device