shim-unsigned-x64/0031-Hook-exit-when-shim_lock-protocol-installed.patch
Peter Jones 34668cd0d4 Pull in the RHEL CVE fixes.
Related: rhbz#1915194

Signed-off-by: Peter Jones <pjones@redhat.com>
2021-08-06 13:10:11 -05:00

50 lines
1.4 KiB
Diff

From b5e10f70c7a495dc1788e3604803ee633f1e5f76 Mon Sep 17 00:00:00 2001
From: Stuart Hayes <stuart.w.hayes@gmail.com>
Date: Fri, 8 Feb 2019 15:48:20 -0500
Subject: [PATCH 31/62] Hook exit when shim_lock protocol installed
A recent commit moved where the shim_lock protocol is loaded and
unloaded, but did not move where exit was hooked and unhooked. Exit
needs to be hooked when the protocol is installed, so that the protocol
will be uninstalled on exit. Otherwise, the system can crash if, for
example, shim loads grub, the user exits grub, shim is run again, which
installs a second instance of the protocol, and then grub tries to use
the shim_lock protocol that was installed by the first instance of shim.
Signed-off-by: Stuart Hayes <stuart.w.hayes@gmail.com>
Upstream-commit-id: 06c92591e94
---
shim.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/shim.c b/shim.c
index f69e69487fc..16911a37b17 100644
--- a/shim.c
+++ b/shim.c
@@ -2474,9 +2474,9 @@ shim_init(void)
loader_is_participating = 0;
}
- hook_exit(systab);
}
+ hook_exit(systab);
return install_shim_protocols();
}
@@ -2494,9 +2494,10 @@ shim_fini(void)
* Remove our hooks from system services.
*/
unhook_system_services();
- unhook_exit();
}
+ unhook_exit();
+
/*
* Free the space allocated for the alternative 2nd stage loader
*/
--
2.26.2