packages/grub2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!472 [sync] PR-466: 修复grub_acpi\xsdt_find_table()中的越界访问

Browse Source 
From: @openeuler-sync-bot 
Reviewed-by: @zhangqiumiao 
Signed-off-by: @zhangqiumiao
This commit is contained in:
openeuler-ci-bot 2024-11-21 06:33:07 +00:00 committed by Gitee
commit 3ce9cd3d61
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
3 changed files with 42 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
backport-acpi-Fix-out-of-bounds-access-in-grub_acpi_xsdt_find.patch Normal file
View File

@ -0,0 +1,34 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Date: Wed, 16 Oct 2024 16:20:24 +1100
Subject: [PATCH] acpi: Fix out of bounds access in grub_acpi_xsdt_find_table()
The calculation of the size of the table was incorrect (copy/pasta from
grub_acpi_rsdt_find_table() I assume...). The entries are 64-bit long.
This causes us to access beyond the end of the table which is causing
crashes during boot on some systems. Typically this is causing a crash
on VMWare when using UEFI and enabling serial autodetection, as
grub_acpi_find_table (GRUB_ACPI_SPCR_SIGNATURE);
Will goes past the end of the table (the SPCR table doesn't exits)
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
---
grub-core/kern/acpi.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/grub-core/kern/acpi.c b/grub-core/kern/acpi.c
index 48ded4e2ea6e..8ff0835d501f 100644
--- a/grub-core/kern/acpi.c
+++ b/grub-core/kern/acpi.c
@@ -75,7 +75,7 @@ grub_acpi_xsdt_find_table (struct grub_acpi_table_header *xsdt, const char *sig)
return 0;
ptr = (grub_unaligned_uint64_t *) (xsdt + 1);
- s = (xsdt->length - sizeof (*xsdt)) / sizeof (grub_uint32_t);
+ s = (xsdt->length - sizeof (*xsdt)) / sizeof (grub_uint64_t);
for (; s; s--, ptr++)
{
struct grub_acpi_table_header *tbl;

1
grub.patches
View File

@ -243,3 +243,4 @@ Patch242: 0001-newfeature-tpcm-add-hygon-tpcm-support.patch
Patch243: 10_linux-fix-missing-ro-in-kernel-boot-parameters.patch Patch243: 10_linux-fix-missing-ro-in-kernel-boot-parameters.patch
Patch244: 0001-cryptodisk-add-OS-provided-secret-support.patch Patch244: 0001-cryptodisk-add-OS-provided-secret-support.patch
Patch245: 0002-efi-Add-API-for-retrieving-the-EFI-secret-for-crypto.patch Patch245: 0002-efi-Add-API-for-retrieving-the-EFI-secret-for-crypto.patch
Patch246: backport-acpi-Fix-out-of-bounds-access-in-grub_acpi_xsdt_find.patch

8
grub2.spec
View File

@ -19,7 +19,7 @@
Name: grub2 Name: grub2
Epoch: 1 Epoch: 1
Version: 2.12 Version: 2.12
Release: 26 Release: 27
Summary: Bootloader with support for Linux, Multiboot and more Summary: Bootloader with support for Linux, Multiboot and more
License: GPLv3+ License: GPLv3+
URL: http://www.gnu.org/software/grub/ URL: http://www.gnu.org/software/grub/
@ -461,6 +461,12 @@ fi
%{_datadir}/man/man* %{_datadir}/man/man*
%changelog %changelog
* Wed Nov 13 2024 yueyuankun <yueyuankun@kylinos.cn> - 1:2.12-27
- Type:bugfix
- CVE:NA
- SUG:NA
- DESC:acpi: Fix out of bounds access in grub_acpi_xsdt_find_table()
* Wed Nov 13 2024 hanliyang <hanliyang@hygon.cn> - 1:2.12-26 * Wed Nov 13 2024 hanliyang <hanliyang@hygon.cn> - 1:2.12-26
- Type:requirement - Type:requirement
- CVE:NA - CVE:NA