packages/grub2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: packages:57780918d55542e88e00b551a23c2864c5c26332
Branches Tags
packages:main
..
compare: packages:c21d2ddacd2882b33b9d0851c08b2bfff2e8482f
Branches Tags
packages:main

10 Commits
57780918d5 ... c21d2ddacd

Author SHA1 Message Date
openeuler-ci-bot
c21d2ddacd
!531 [sync] PR-514: Disable the .package_note awfulness 
From: @openeuler-sync-bot 
Reviewed-by: @zhangqiumiao 
Signed-off-by: @zhangqiumiao
 2025-04-17 09:12:01 +00:00
Funda Wang
67537c84fe Disable the .package_note awfulness 
(cherry picked from commit 48aa8f51b1a8c31fc20d6055748e87badd12ecad)
 2025-04-17 15:02:29 +08:00
openeuler-ci-bot
6172bcf8c3
!523 [sync] PR-520: fix CVE-2024-56738 
From: @openeuler-sync-bot 
Reviewed-by: @zhangqiumiao 
Signed-off-by: @zhangqiumiao
 2025-04-08 01:46:47 +00:00
Qiumiao Zhang
e2ff5149fb fix CVE-2024-56738 
Signed-off-by: Qiumiao Zhang <zhangqiumiao1@huawei.com>
(cherry picked from commit aab76ae0eaebd92ac60f8c9f9b07728734b40bfb)
 2025-04-08 09:12:43 +08:00
openeuler-ci-bot
55cf2eaa58
!517 [sync] PR-511: add SW64 arch support 
From: @openeuler-sync-bot 
Reviewed-by: @t_feng 
Signed-off-by: @t_feng
 2025-03-12 02:45:01 +00:00
sunway_fw
e100bf4cab add SW64 arch support 
Signed-off-by: sunway_fw <sunway_fw@wxiat.com>
(cherry picked from commit c77b80a2ab9a7dc8f49fe33d54ea3a47d39c7d36)
 2025-03-11 20:36:59 +08:00
openeuler-ci-bot
edccaff157
!509 [sync] PR-504: fix the vulnerabilities announced on February 18th, 2025 
From: @openeuler-sync-bot 
Reviewed-by: @zhangqiumiao 
Signed-off-by: @zhangqiumiao
 2025-02-26 02:50:00 +00:00
Qiumiao Zhang
74f9c62794 fix the vulnerabilities announced on February 18th, 2025 
Signed-off-by: Qiumiao Zhang <zhangqiumiao1@huawei.com>
(cherry picked from commit c141a13130da5dca205b607533751a6ba6c9581e)
 2025-02-25 16:47:19 +08:00
openeuler-ci-bot
752edd5f84
!500 [sync] PR-499: disable fortyfy level based on new settings of openEuler-rpm-config 
From: @openeuler-sync-bot 
Reviewed-by: @zhangqiumiao 
Signed-off-by: @zhangqiumiao
 2025-02-07 02:12:53 +00:00
Funda Wang
9b12038bf4 disable fortify level based on new settings of openEuler-rpm-config 
(cherry picked from commit 87ca9070966068eb21fef68b8b4514d7b76b5afc)
 2025-02-06 19:06:31 +08:00
81 changed files with 10446 additions and 2 deletions
Show Stats Expand all files Collapse all files

68
backport-0001-misc-Implement-grub_strlcpy.patch Normal file
View File

@ -0,0 +1,68 @@
From ea703528a8581a2ea7e0bad424a70fdf0aec7d8f Mon Sep 17 00:00:00 2001
From: B Horn <b@horn.uk>
Date: Sat, 15 Jun 2024 02:33:08 +0100
Subject: [PATCH 01/73] misc: Implement grub_strlcpy()
grub_strlcpy() acts the same way as strlcpy() does on most *NIX,
returning the length of src and ensuring dest is always NUL
terminated except when size is 0.
Signed-off-by: B Horn <b@horn.uk>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
include/grub/misc.h | 39 +++++++++++++++++++++++++++++++++++++++
1 file changed, 39 insertions(+)
diff --git a/include/grub/misc.h b/include/grub/misc.h
index 1578f36c3..14d8f37ac 100644
--- a/include/grub/misc.h
+++ b/include/grub/misc.h
@@ -64,6 +64,45 @@ grub_stpcpy (char *dest, const char *src)
return d - 1;
}
+static inline grub_size_t
+grub_strlcpy (char *dest, const char *src, grub_size_t size)
+{
+ char *d = dest;
+ grub_size_t res = 0;
+ /*
+ * We do not subtract one from size here to avoid dealing with underflowing
+ * the value, which is why to_copy is always checked to be greater than one
+ * throughout this function.
+ */
+ grub_size_t to_copy = size;
+
+ /* Copy size - 1 bytes to dest. */
+ if (to_copy > 1)
+ while ((*d++ = *src++) != '\0' && ++res && --to_copy > 1)
+ ;
+
+ /*
+ * NUL terminate if size != 0. The previous step may have copied a NUL byte
+ * if it reached the end of the string, but we know dest[size - 1] must always
+ * be a NUL byte.
+ */
+ if (size != 0)
+ dest[size - 1] = '\0';
+
+ /* If there is still space in dest, but are here, we reached the end of src. */
+ if (to_copy > 1)
+ return res;
+
+ /*
+ * If we haven't reached the end of the string, iterate through to determine
+ * the strings total length.
+ */
+ while (*src++ != '\0' && ++res)
+ ;
+
+ return res;
+}
+
/* XXX: If grub_memmove is too slow, we must implement grub_memcpy. */
static inline void *
grub_memcpy (void *dest, const void *src, grub_size_t n)
--
2.33.0

34
backport-0002-fs-ufs-Fix-a-heap-OOB-write.patch Normal file
View File

@ -0,0 +1,34 @@
From c1a291b01f4f1dcd6a22b61f1c81a45a966d16ba Mon Sep 17 00:00:00 2001
From: B Horn <b@horn.uk>
Date: Sun, 12 May 2024 02:03:33 +0100
Subject: [PATCH 02/73] fs/ufs: Fix a heap OOB write
grub_strcpy() was used to copy a symlink name from the filesystem
image to a heap allocated buffer. This led to a OOB write to adjacent
heap allocations. Fix by using grub_strlcpy().
Fixes: CVE-2024-45781
Reported-by: B Horn <b@horn.uk>
Signed-off-by: B Horn <b@horn.uk>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/fs/ufs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/grub-core/fs/ufs.c b/grub-core/fs/ufs.c
index a354c92d9..01235101b 100644
--- a/grub-core/fs/ufs.c
+++ b/grub-core/fs/ufs.c
@@ -463,7 +463,7 @@ grub_ufs_lookup_symlink (struct grub_ufs_data *data, int ino)
/* Check against zero is paylindromic, no need to swap. */
if (data->inode.nblocks == 0
&& INODE_SIZE (data) <= sizeof (data->inode.symlink))
- grub_strcpy (symlink, (char *) data->inode.symlink);
+ grub_strlcpy (symlink, (char *) data->inode.symlink, sz);
else
{
if (grub_ufs_read_file (data, 0, 0, 0, sz, symlink) < 0)
--
2.33.0

34
backport-0003-fs-hfs-Fix-stack-OOB-write-with-grub_strcpy.patch Normal file
View File

@ -0,0 +1,34 @@
From 417547c10410b714e43f08f74137c24015f8f4c3 Mon Sep 17 00:00:00 2001
From: B Horn <b@horn.uk>
Date: Sun, 12 May 2024 02:48:33 +0100
Subject: [PATCH 03/73] fs/hfs: Fix stack OOB write with grub_strcpy()
Replaced with grub_strlcpy().
Fixes: CVE-2024-45782
Fixes: CVE-2024-56737
Fixes: https://savannah.gnu.org/bugs/?66599
Reported-by: B Horn <b@horn.uk>
Signed-off-by: B Horn <b@horn.uk>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/fs/hfs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/grub-core/fs/hfs.c b/grub-core/fs/hfs.c
index 91dc0e69c..920112b03 100644
--- a/grub-core/fs/hfs.c
+++ b/grub-core/fs/hfs.c
@@ -379,7 +379,7 @@ grub_hfs_mount (grub_disk_t disk)
volume name. */
key.parent_dir = grub_cpu_to_be32_compile_time (1);
key.strlen = data->sblock.volname[0];
- grub_strcpy ((char *) key.str, (char *) (data->sblock.volname + 1));
+ grub_strlcpy ((char *) key.str, (char *) (data->sblock.volname + 1), sizeof (key.str));
if (grub_hfs_find_node (data, (char *) &key, data->cat_root,
0, (char *) &dir, sizeof (dir)) == 0)
--
2.33.0

43
backport-0004-fs-tar-Initialize-name-in-grub_cpio_find_file.patch Normal file
View File

@ -0,0 +1,43 @@
From 2c8ac08c99466c0697f704242363fc687f492a0d Mon Sep 17 00:00:00 2001
From: B Horn <b@horn.uk>
Date: Sun, 12 May 2024 02:47:54 +0100
Subject: [PATCH 04/73] fs/tar: Initialize name in grub_cpio_find_file()
It was possible to iterate through grub_cpio_find_file() without
allocating name and not setting mode to GRUB_ARCHELP_ATTR_END, which
would cause the uninitialized value for name to be used as an argument
for canonicalize() in grub_archelp_dir().
Reported-by: B Horn <b@horn.uk>
Signed-off-by: B Horn <b@horn.uk>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/fs/tar.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/grub-core/fs/tar.c b/grub-core/fs/tar.c
index c551ed6b5..646bce5eb 100644
--- a/grub-core/fs/tar.c
+++ b/grub-core/fs/tar.c
@@ -78,6 +78,7 @@ grub_cpio_find_file (struct grub_archelp_data *data, char **name,
int reread = 0, have_longname = 0, have_longlink = 0;
data->hofs = data->next_hofs;
+ *name = NULL;
for (reread = 0; reread < 3; reread++)
{
@@ -202,6 +203,10 @@ grub_cpio_find_file (struct grub_archelp_data *data, char **name,
}
return GRUB_ERR_NONE;
}
+
+ if (*name == NULL)
+ return grub_error (GRUB_ERR_BAD_FS, "invalid tar archive");
+
return GRUB_ERR_NONE;
}
--
2.33.0

92
backport-0005-fs-tar-Integer-overflow-leads-to-heap-OOB-write.patch Normal file
View File

@ -0,0 +1,92 @@
From 0087bc6902182fe5cedce2d034c75a79cf6dd4f3 Mon Sep 17 00:00:00 2001
From: Lidong Chen <lidong.chen@oracle.com>
Date: Fri, 22 Nov 2024 06:27:58 +0000
Subject: [PATCH 05/73] fs/tar: Integer overflow leads to heap OOB write
Both namesize and linksize are derived from hd.size, a 12-digit octal
number parsed by read_number(). Later direct arithmetic calculation like
"namesize + 1" and "linksize + 1" may exceed the maximum value of
grub_size_t leading to heap OOB write. This patch fixes the issue by
using grub_add() and checking for an overflow.
Fixes: CVE-2024-45780
Reported-by: Nils Langius <nils@langius.de>
Signed-off-by: Lidong Chen <lidong.chen@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Reviewed-by: Alec Brown <alec.r.brown@oracle.com>
---
grub-core/fs/tar.c | 23 ++++++++++++++++++-----
1 file changed, 18 insertions(+), 5 deletions(-)
diff --git a/grub-core/fs/tar.c b/grub-core/fs/tar.c
index 646bce5eb..386c09022 100644
--- a/grub-core/fs/tar.c
+++ b/grub-core/fs/tar.c
@@ -25,6 +25,7 @@
#include <grub/mm.h>
#include <grub/dl.h>
#include <grub/i18n.h>
+#include <grub/safemath.h>
GRUB_MOD_LICENSE ("GPLv3+");
@@ -76,6 +77,7 @@ grub_cpio_find_file (struct grub_archelp_data *data, char **name,
{
struct head hd;
int reread = 0, have_longname = 0, have_longlink = 0;
+ grub_size_t sz;
data->hofs = data->next_hofs;
*name = NULL;
@@ -98,7 +100,11 @@ grub_cpio_find_file (struct grub_archelp_data *data, char **name,
{
grub_err_t err;
grub_size_t namesize = read_number (hd.size, sizeof (hd.size));
- *name = grub_malloc (namesize + 1);
+
+ if (grub_add (namesize, 1, &sz))
+ return grub_error (GRUB_ERR_BAD_FS, N_("name size overflow"));
+
+ *name = grub_malloc (sz);
if (*name == NULL)
return grub_errno;
err = grub_disk_read (data->disk, 0,
@@ -118,15 +124,19 @@ grub_cpio_find_file (struct grub_archelp_data *data, char **name,
{
grub_err_t err;
grub_size_t linksize = read_number (hd.size, sizeof (hd.size));
- if (data->linkname_alloc < linksize + 1)
+
+ if (grub_add (linksize, 1, &sz))
+ return grub_error (GRUB_ERR_BAD_FS, N_("link size overflow"));
+
+ if (data->linkname_alloc < sz)
{
char *n;
- n = grub_calloc (2, linksize + 1);
+ n = grub_calloc (2, sz);
if (!n)
return grub_errno;
grub_free (data->linkname);
data->linkname = n;
- data->linkname_alloc = 2 * (linksize + 1);
+ data->linkname_alloc = 2 * (sz);
}
err = grub_disk_read (data->disk, 0,
@@ -149,7 +159,10 @@ grub_cpio_find_file (struct grub_archelp_data *data, char **name,
while (extra_size < sizeof (hd.prefix)
&& hd.prefix[extra_size])
extra_size++;
- *name = grub_malloc (sizeof (hd.name) + extra_size + 2);
+
+ if (grub_add (sizeof (hd.name) + 2, extra_size, &sz))
+ return grub_error (GRUB_ERR_BAD_FS, N_("long name size overflow"));
+ *name = grub_malloc (sz);
if (*name == NULL)
return grub_errno;
if (hd.prefix[0])
--
2.33.0

34
backport-0006-fs-f2fs-Set-a-grub_errno-if-mount-fails.patch Normal file
View File

@ -0,0 +1,34 @@
From 563436258cde64da6b974880abff1bf0959f4da3 Mon Sep 17 00:00:00 2001
From: B Horn <b@horn.uk>
Date: Sun, 12 May 2024 06:15:03 +0100
Subject: [PATCH 06/73] fs/f2fs: Set a grub_errno if mount fails
It was previously possible for grub_errno to not be set when
grub_f2fs_mount() failed if nat_bitmap_ptr() returned NULL.
This issue is solved by ensuring a grub_errno is set in the fail case.
Reported-by: B Horn <b@horn.uk>
Signed-off-by: B Horn <b@horn.uk>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/fs/f2fs.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/grub-core/fs/f2fs.c b/grub-core/fs/f2fs.c
index 855e24618..db8a65f8d 100644
--- a/grub-core/fs/f2fs.c
+++ b/grub-core/fs/f2fs.c
@@ -872,6 +872,9 @@ grub_f2fs_mount (grub_disk_t disk)
return data;
fail:
+ if (grub_errno == GRUB_ERR_NONE)
+ grub_error (GRUB_ERR_BAD_FS, "not a F2FS filesystem");
+
grub_free (data);
return NULL;
--
2.33.0

38
backport-0007-fs-hfsplus-Set-a-grub_errno-if-mount-fails.patch Normal file
View File

@ -0,0 +1,38 @@
From f7c070a2e28dfab7137db0739fb8db1dc02d8898 Mon Sep 17 00:00:00 2001
From: B Horn <b@horn.uk>
Date: Sun, 12 May 2024 06:22:51 +0100
Subject: [PATCH 07/73] fs/hfsplus: Set a grub_errno if mount fails
It was possible for mount to fail but not set grub_errno. This led to
a possible double decrement of the module reference count if the NULL
page was mapped.
Fixing in general as a similar bug was fixed in commit 61b13c187
(fs/hfsplus: Set grub_errno to prevent NULL pointer access) and there
are likely more variants around.
Fixes: CVE-2024-45783
Reported-by: B Horn <b@horn.uk>
Signed-off-by: B Horn <b@horn.uk>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/fs/hfsplus.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/grub-core/fs/hfsplus.c b/grub-core/fs/hfsplus.c
index 295822f69..de71fd486 100644
--- a/grub-core/fs/hfsplus.c
+++ b/grub-core/fs/hfsplus.c
@@ -405,7 +405,7 @@ grub_hfsplus_mount (grub_disk_t disk)
fail:
- if (grub_errno == GRUB_ERR_OUT_OF_RANGE)
+ if (grub_errno == GRUB_ERR_OUT_OF_RANGE || grub_errno == GRUB_ERR_NONE)
grub_error (GRUB_ERR_BAD_FS, "not a HFS+ filesystem");
grub_free (data);
--
2.33.0

36
backport-0008-fs-iso9660-Set-a-grub_errno-if-mount-fails.patch Normal file
View File

@ -0,0 +1,36 @@
From 965db5970811d18069b34f28f5f31ddadde90a97 Mon Sep 17 00:00:00 2001
From: B Horn <b@horn.uk>
Date: Sun, 12 May 2024 06:37:08 +0100
Subject: [PATCH 08/73] fs/iso9660: Set a grub_errno if mount fails
It was possible for a grub_errno to not be set if mount of an ISO 9660
filesystem failed when set_rockridge() returned 0.
This isn't known to be exploitable as the other filesystems due to
filesystem helper checking the requested file type. Though fixing
as a precaution.
Reported-by: B Horn <b@horn.uk>
Signed-off-by: B Horn <b@horn.uk>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/fs/iso9660.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/grub-core/fs/iso9660.c b/grub-core/fs/iso9660.c
index 8c348b59a..8d480e602 100644
--- a/grub-core/fs/iso9660.c
+++ b/grub-core/fs/iso9660.c
@@ -551,6 +551,9 @@ grub_iso9660_mount (grub_disk_t disk)
return data;
fail:
+ if (grub_errno == GRUB_ERR_NONE)
+ grub_error (GRUB_ERR_BAD_FS, "not a ISO9660 filesystem");
+
grub_free (data);
return 0;
}
--
2.33.0

53
backport-0009-fs-iso9660-Fix-invalid-free.patch Normal file
View File

@ -0,0 +1,53 @@
From 1443833a9535a5873f7de3798cf4d8389f366611 Mon Sep 17 00:00:00 2001
From: Michael Chang <mchang@suse.com>
Date: Fri, 31 May 2024 15:14:42 +0800
Subject: [PATCH 09/73] fs/iso9660: Fix invalid free
The ctx->filename can point to either a string literal or a dynamically
allocated string. The ctx->filename_alloc field is used to indicate the
type of allocation.
An issue has been identified where ctx->filename is reassigned to
a string literal in susp_iterate_dir() but ctx->filename_alloc is not
correctly handled. This oversight causes a memory leak and an invalid
free operation later.
The fix involves checking ctx->filename_alloc, freeing the allocated
string if necessary and clearing ctx->filename_alloc for string literals.
Reported-by: Daniel Axtens <dja@axtens.net>
Signed-off-by: Michael Chang <mchang@suse.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/fs/iso9660.c | 14 ++++++++++++--
1 file changed, 12 insertions(+), 2 deletions(-)
diff --git a/grub-core/fs/iso9660.c b/grub-core/fs/iso9660.c
index 8d480e602..8e3c95c4f 100644
--- a/grub-core/fs/iso9660.c
+++ b/grub-core/fs/iso9660.c
@@ -628,9 +628,19 @@ susp_iterate_dir (struct grub_iso9660_susp_entry *entry,
filename type is stored. */
/* FIXME: Fix this slightly improper cast. */
if (entry->data[0] & GRUB_ISO9660_RR_DOT)
- ctx->filename = (char *) ".";
+ {
+ if (ctx->filename_alloc)
+ grub_free (ctx->filename);
+ ctx->filename_alloc = 0;
+ ctx->filename = (char *) ".";
+ }
else if (entry->data[0] & GRUB_ISO9660_RR_DOTDOT)
- ctx->filename = (char *) "..";
+ {
+ if (ctx->filename_alloc)
+ grub_free (ctx->filename);
+ ctx->filename_alloc = 0;
+ ctx->filename = (char *) "..";
+ }
else if (entry->len >= 5)
{
grub_size_t off = 0, csize = 1;
--
2.33.0

66
backport-0010-fs-jfs-Fix-OOB-read-in-jfs_getent.patch Normal file
View File

@ -0,0 +1,66 @@
From 66175696f3a385b14bdf1ebcda7755834bd2d5fb Mon Sep 17 00:00:00 2001
From: Lidong Chen <lidong.chen@oracle.com>
Date: Fri, 22 Nov 2024 06:27:59 +0000
Subject: [PATCH 10/73] fs/jfs: Fix OOB read in jfs_getent()
The JFS fuzzing revealed an OOB read in grub_jfs_getent(). The crash
was caused by an invalid leaf nodes count, diro->dirpage->header.count,
which was larger than the maximum number of leaf nodes allowed in an
inode. This fix is to ensure that the leaf nodes count is validated in
grub_jfs_opendir() before calling grub_jfs_getent().
On the occasion replace existing raw numbers with newly defined constant.
Signed-off-by: Lidong Chen <lidong.chen@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Reviewed-by: Alec Brown <alec.r.brown@oracle.com>
---
grub-core/fs/jfs.c | 17 +++++++++++++++--
1 file changed, 15 insertions(+), 2 deletions(-)
diff --git a/grub-core/fs/jfs.c b/grub-core/fs/jfs.c
index 62e20ef6f..e2fe2850c 100644
--- a/grub-core/fs/jfs.c
+++ b/grub-core/fs/jfs.c
@@ -41,6 +41,12 @@ GRUB_MOD_LICENSE ("GPLv3+");
#define GRUB_JFS_TREE_LEAF 2
+/*
+ * Define max entries stored in-line in an inode.
+ * https://jfs.sourceforge.net/project/pub/jfslayout.pdf
+ */
+#define GRUB_JFS_INODE_INLINE_ENTRIES 8
+
struct grub_jfs_sblock
{
/* The magic for JFS. It should contain the string "JFS1". */
@@ -203,9 +209,9 @@ struct grub_jfs_inode
grub_uint8_t freecnt;
grub_uint8_t freelist;
grub_uint32_t idotdot;
- grub_uint8_t sorted[8];
+ grub_uint8_t sorted[GRUB_JFS_INODE_INLINE_ENTRIES];
} header;
- struct grub_jfs_leaf_dirent dirents[8];
+ struct grub_jfs_leaf_dirent dirents[GRUB_JFS_INODE_INLINE_ENTRIES];
} GRUB_PACKED dir;
/* Fast symlink. */
struct
@@ -453,6 +459,13 @@ grub_jfs_opendir (struct grub_jfs_data *data, struct grub_jfs_inode *inode)
/* Check if the entire tree is contained within the inode. */
if (inode->file.tree.flags & GRUB_JFS_TREE_LEAF)
{
+ if (inode->dir.header.count > GRUB_JFS_INODE_INLINE_ENTRIES)
+ {
+ grub_free (diro);
+ grub_error (GRUB_ERR_BAD_FS, N_("invalid JFS inode"));
+ return 0;
+ }
+
diro->leaf = inode->dir.dirents;
diro->next_leaf = (struct grub_jfs_leaf_next_dirent *) de;
diro->sorted = inode->dir.header.sorted;
--
2.33.0

67
backport-0011-fs-jfs-Fix-OOB-read-caused-by-invalid-dir-slot-index.patch Normal file
View File

@ -0,0 +1,67 @@
From ab09fd0531f3523ac0ef833404526c98c08248f7 Mon Sep 17 00:00:00 2001
From: Lidong Chen <lidong.chen@oracle.com>
Date: Fri, 22 Nov 2024 06:28:00 +0000
Subject: [PATCH 11/73] fs/jfs: Fix OOB read caused by invalid dir slot index
While fuzz testing JFS with ASAN enabled an OOB read was detected in
grub_jfs_opendir(). The issue occurred due to an invalid directory slot
index in the first entry of the sorted directory slot array in the inode
directory header. The fix ensures the slot index is validated before
accessing it. Given that an internal or a leaf node in a directory B+
tree is a 4 KiB in size and each directory slot is always 32 bytes, the
max number of slots in a node is 128. The validation ensures that the
slot index doesn't exceed this limit.
[1] https://jfs.sourceforge.net/project/pub/jfslayout.pdf
JFS will allocate 4K of disk space for an internal node of the B+ tree.
An internal node looks the same as a leaf node.
- page 10
Fixed number of Directory Slots depending on the size of the node. These are
the slots to be used for storing the directory slot array and the directory
entries or router entries. A directory slot is always 32 bytes.
...
A Directory Slot Array which is a sorted array of indices to the directory
slots that are currently in use.
...
An internal or a leaf node in the directory B+ tree is a 4K page.
- page 25
Signed-off-by: Lidong Chen <lidong.chen@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Reviewed-by: Alec Brown <alec.r.brown@oracle.com>
---
grub-core/fs/jfs.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/grub-core/fs/jfs.c b/grub-core/fs/jfs.c
index e2fe2850c..7a68fcbe3 100644
--- a/grub-core/fs/jfs.c
+++ b/grub-core/fs/jfs.c
@@ -46,6 +46,7 @@ GRUB_MOD_LICENSE ("GPLv3+");
* https://jfs.sourceforge.net/project/pub/jfslayout.pdf
*/
#define GRUB_JFS_INODE_INLINE_ENTRIES 8
+#define GRUB_JFS_DIR_MAX_SLOTS 128
struct grub_jfs_sblock
{
@@ -481,6 +482,14 @@ grub_jfs_opendir (struct grub_jfs_data *data, struct grub_jfs_inode *inode)
return 0;
}
+ if (inode->dir.header.sorted[0] >= GRUB_JFS_DIR_MAX_SLOTS)
+ {
+ grub_error (GRUB_ERR_BAD_FS, N_("invalid directory slot index"));
+ grub_free (diro->dirpage);
+ grub_free (diro);
+ return 0;
+ }
+
blk = grub_le_to_cpu32 (de[inode->dir.header.sorted[0]].ex.blk2);
blk <<= (grub_le_to_cpu16 (data->sblock.log2_blksz) - GRUB_DISK_SECTOR_BITS);
--
2.33.0

132
backport-0012-fs-jfs-Use-full-40-bits-offset-and-address-for-a-dat.patch Normal file
View File

@ -0,0 +1,132 @@
From bd999310fe67f35a66de3bfa2836da91589d04ef Mon Sep 17 00:00:00 2001
From: Lidong Chen <lidong.chen@oracle.com>
Date: Mon, 16 Dec 2024 20:22:39 +0000
Subject: [PATCH 12/73] fs/jfs: Use full 40 bits offset and address for a data
extent
An extent's logical offset and address are represented as a 40-bit value
split into two parts: the most significant 8 bits and the least
significant 32 bits. Currently the JFS code uses only the least
significant 32 bits value for offsets and addresses assuming the data
size will never exceed the 32-bit range. This approach ignores the most
significant 8 bits potentially leading to incorrect offsets and
addresses for larger values. The patch fixes it by incorporating the
most significant 8 bits into the calculation to get the full 40-bits
value for offsets and addresses.
https://jfs.sourceforge.net/project/pub/jfslayout.pdf
"off1,off2 is a 40-bit field, containing the logical offset of the first
block in the extent.
...
addr1,addr2 is a 40-bit field, containing the address of the extent."
Signed-off-by: Lidong Chen <lidong.chen@oracle.com>
Reviewed-by: Alec Brown <alec.r.brown@oracle.com>
Reviewed-by: Ross Philipson <ross.philipson@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/fs/jfs.c | 41 +++++++++++++++++++++++++++++------------
1 file changed, 29 insertions(+), 12 deletions(-)
diff --git a/grub-core/fs/jfs.c b/grub-core/fs/jfs.c
index 7a68fcbe3..3026d5a0b 100644
--- a/grub-core/fs/jfs.c
+++ b/grub-core/fs/jfs.c
@@ -265,6 +265,20 @@ static grub_dl_t my_mod;
static grub_err_t grub_jfs_lookup_symlink (struct grub_jfs_data *data, grub_uint32_t ino);
+/*
+ * An extent's offset, physical and logical, is represented as a 40-bit value.
+ * This 40-bit value is split into two parts:
+ * - offset1: the most signficant 8 bits of the offset,
+ * - offset2: the least significant 32 bits of the offset.
+ *
+ * This function calculates and returns the 64-bit offset of an extent.
+ */
+static grub_uint64_t
+get_ext_offset (grub_uint8_t offset1, grub_uint32_t offset2)
+{
+ return (((grub_uint64_t) offset1 << 32) | grub_le_to_cpu32 (offset2));
+}
+
static grub_int64_t
getblk (struct grub_jfs_treehead *treehead,
struct grub_jfs_tree_extent *extents,
@@ -274,22 +288,25 @@ getblk (struct grub_jfs_treehead *treehead,
{
int found = -1;
int i;
+ grub_uint64_t ext_offset, ext_blk;
for (i = 0; i < grub_le_to_cpu16 (treehead->count) - 2 &&
i < max_extents; i++)
{
+ ext_offset = get_ext_offset (extents[i].offset1, extents[i].offset2);
+ ext_blk = get_ext_offset (extents[i].extent.blk1, extents[i].extent.blk2);
+
if (treehead->flags & GRUB_JFS_TREE_LEAF)
{
/* Read the leafnode. */
- if (grub_le_to_cpu32 (extents[i].offset2) <= blk
+ if (ext_offset <= blk
&& ((grub_le_to_cpu16 (extents[i].extent.length))
+ (extents[i].extent.length2 << 16)
- + grub_le_to_cpu32 (extents[i].offset2)) > blk)
- return (blk - grub_le_to_cpu32 (extents[i].offset2)
- + grub_le_to_cpu32 (extents[i].extent.blk2));
+ + ext_offset) > blk)
+ return (blk - ext_offset + ext_blk);
}
else
- if (blk >= grub_le_to_cpu32 (extents[i].offset2))
+ if (blk >= ext_offset)
found = i;
}
@@ -307,10 +324,9 @@ getblk (struct grub_jfs_treehead *treehead,
return -1;
if (!grub_disk_read (data->disk,
- ((grub_disk_addr_t) grub_le_to_cpu32 (extents[found].extent.blk2))
- << (grub_le_to_cpu16 (data->sblock.log2_blksz)
- - GRUB_DISK_SECTOR_BITS), 0,
- sizeof (*tree), (char *) tree))
+ (grub_disk_addr_t) ext_blk
+ << (grub_le_to_cpu16 (data->sblock.log2_blksz) - GRUB_DISK_SECTOR_BITS),
+ 0, sizeof (*tree), (char *) tree))
{
if (grub_memcmp (&tree->treehead, treehead, sizeof (struct grub_jfs_treehead)) ||
grub_memcmp (&tree->extents, extents, 254 * sizeof (struct grub_jfs_tree_extent)))
@@ -361,7 +377,7 @@ grub_jfs_read_inode (struct grub_jfs_data *data, grub_uint32_t ino,
sizeof (iag_inodes), &iag_inodes))
return grub_errno;
- inoblk = grub_le_to_cpu32 (iag_inodes[inoext].blk2);
+ inoblk = get_ext_offset (iag_inodes[inoext].blk1, iag_inodes[inoext].blk2);
inoblk <<= (grub_le_to_cpu16 (data->sblock.log2_blksz)
- GRUB_DISK_SECTOR_BITS);
inoblk += inonum;
@@ -490,7 +506,8 @@ grub_jfs_opendir (struct grub_jfs_data *data, struct grub_jfs_inode *inode)
return 0;
}
- blk = grub_le_to_cpu32 (de[inode->dir.header.sorted[0]].ex.blk2);
+ blk = get_ext_offset (de[inode->dir.header.sorted[0]].ex.blk1,
+ de[inode->dir.header.sorted[0]].ex.blk2);
blk <<= (grub_le_to_cpu16 (data->sblock.log2_blksz) - GRUB_DISK_SECTOR_BITS);
/* Read in the nodes until we are on the leaf node level. */
@@ -508,7 +525,7 @@ grub_jfs_opendir (struct grub_jfs_data *data, struct grub_jfs_inode *inode)
de = (struct grub_jfs_internal_dirent *) diro->dirpage->dirent;
index = diro->dirpage->sorted[diro->dirpage->header.sindex * 32];
- blk = (grub_le_to_cpu32 (de[index].ex.blk2)
+ blk = (get_ext_offset (de[index].ex.blk1, de[index].ex.blk2)
<< (grub_le_to_cpu16 (data->sblock.log2_blksz)
- GRUB_DISK_SECTOR_BITS));
} while (!(diro->dirpage->header.flags & GRUB_JFS_TREE_LEAF));
--
2.33.0

88
backport-0013-fs-jfs-Inconsistent-signed-unsigned-types-usage-in-r.patch Normal file
View File

@ -0,0 +1,88 @@
From edd995a26ec98654d907a9436a296c2d82bc4b28 Mon Sep 17 00:00:00 2001
From: Lidong Chen <lidong.chen@oracle.com>
Date: Mon, 16 Dec 2024 20:22:40 +0000
Subject: [PATCH 13/73] fs/jfs: Inconsistent signed/unsigned types usage in
return values
The getblk() returns a value of type grub_int64_t which is assigned to
iagblk and inoblk, both of type grub_uint64_t, in grub_jfs_read_inode()
via grub_jfs_blkno(). This patch fixes the type mismatch in the
functions. Additionally, the getblk() will return 0 instead of -1 on
failure cases. This change is safe because grub_errno is always set in
getblk() to indicate errors and it is later checked in the callers.
Signed-off-by: Lidong Chen <lidong.chen@oracle.com>
Reviewed-by: Alec Brown <alec.r.brown@oracle.com>
Reviewed-by: Ross Philipson <ross.philipson@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/fs/jfs.c | 15 +++++++++------
1 file changed, 9 insertions(+), 6 deletions(-)
diff --git a/grub-core/fs/jfs.c b/grub-core/fs/jfs.c
index 3026d5a0b..c06d174c9 100644
--- a/grub-core/fs/jfs.c
+++ b/grub-core/fs/jfs.c
@@ -279,7 +279,7 @@ get_ext_offset (grub_uint8_t offset1, grub_uint32_t offset2)
return (((grub_uint64_t) offset1 << 32) | grub_le_to_cpu32 (offset2));
}
-static grub_int64_t
+static grub_uint64_t
getblk (struct grub_jfs_treehead *treehead,
struct grub_jfs_tree_extent *extents,
int max_extents,
@@ -290,6 +290,8 @@ getblk (struct grub_jfs_treehead *treehead,
int i;
grub_uint64_t ext_offset, ext_blk;
+ grub_errno = GRUB_ERR_NONE;
+
for (i = 0; i < grub_le_to_cpu16 (treehead->count) - 2 &&
i < max_extents; i++)
{
@@ -312,7 +314,7 @@ getblk (struct grub_jfs_treehead *treehead,
if (found != -1)
{
- grub_int64_t ret = -1;
+ grub_uint64_t ret = 0;
struct
{
struct grub_jfs_treehead treehead;
@@ -321,7 +323,7 @@ getblk (struct grub_jfs_treehead *treehead,
tree = grub_zalloc (sizeof (*tree));
if (!tree)
- return -1;
+ return 0;
if (!grub_disk_read (data->disk,
(grub_disk_addr_t) ext_blk
@@ -334,19 +336,20 @@ getblk (struct grub_jfs_treehead *treehead,
else
{
grub_error (GRUB_ERR_BAD_FS, "jfs: infinite recursion detected");
- ret = -1;
+ ret = 0;
}
}
grub_free (tree);
return ret;
}
- return -1;
+ grub_error (GRUB_ERR_READ_ERROR, "jfs: block %" PRIuGRUB_UINT64_T " not found", blk);
+ return 0;
}
/* Get the block number for the block BLK in the node INODE in the
mounted filesystem DATA. */
-static grub_int64_t
+static grub_uint64_t
grub_jfs_blkno (struct grub_jfs_data *data, struct grub_jfs_inode *inode,
grub_uint64_t blk)
{
--
2.33.0

49
backport-0014-fs-ext2-Fix-out-of-bounds-read-for-inline-extents.patch Normal file
View File

@ -0,0 +1,49 @@
From 7e2f750f0a795c4d64ec7dc7591edac8da2e978c Mon Sep 17 00:00:00 2001
From: Michael Chang <mchang@suse.com>
Date: Fri, 31 May 2024 15:14:23 +0800
Subject: [PATCH 14/73] fs/ext2: Fix out-of-bounds read for inline extents
When inline extents are used, i.e. the extent tree depth equals zero,
a maximum of four entries can fit into the inode's data block. If the
extent header states a number of entries greater than four the current
ext2 implementation causes an out-of-bounds read. Fix this issue by
capping the number of extents to four when reading inline extents.
Reported-by: Daniel Axtens <dja@axtens.net>
Signed-off-by: Michael Chang <mchang@suse.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/fs/ext2.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/grub-core/fs/ext2.c b/grub-core/fs/ext2.c
index e1cc5e62a..3f9f6b208 100644
--- a/grub-core/fs/ext2.c
+++ b/grub-core/fs/ext2.c
@@ -495,6 +495,8 @@ grub_ext2_read_block (grub_fshelp_node_t node, grub_disk_addr_t fileblock)
struct grub_ext4_extent *ext;
int i;
grub_disk_addr_t ret;
+ grub_uint16_t nent;
+ const grub_uint16_t max_inline_ext = sizeof (inode->blocks) / sizeof (*ext) - 1; /* Minus 1 extent header. */
if (grub_ext4_find_leaf (data, (struct grub_ext4_extent_header *) inode->blocks.dir_blocks,
fileblock, &leaf) != GRUB_ERR_NONE)
@@ -508,7 +510,13 @@ grub_ext2_read_block (grub_fshelp_node_t node, grub_disk_addr_t fileblock)
return 0;
ext = (struct grub_ext4_extent *) (leaf + 1);
- for (i = 0; i < grub_le_to_cpu16 (leaf->entries); i++)
+
+ nent = grub_le_to_cpu16 (leaf->entries);
+
+ if (leaf->depth == 0)
+ nent = grub_min (nent, max_inline_ext);
+
+ for (i = 0; i < nent; i++)
{
if (fileblock < grub_le_to_cpu32 (ext[i].block))
break;
--
2.33.0

50
backport-0015-fs-ntfs-Fix-out-of-bounds-read.patch Normal file
View File

@ -0,0 +1,50 @@
From aff26318783a135562b904ff09e2359893885732 Mon Sep 17 00:00:00 2001
From: Michael Chang <mchang@suse.com>
Date: Mon, 3 Jun 2024 12:12:06 +0800
Subject: [PATCH 15/73] fs/ntfs: Fix out-of-bounds read
When parsing NTFS file records the presence of the 0xFF marker indicates
the end of the attribute list. This value signifies that there are no
more attributes to process.
However, when the end marker is missing due to corrupted metadata the
loop continues to read beyond the attribute list resulting in out-of-bounds
reads and potentially entering an infinite loop.
This patch adds a check to provide a stop condition for the loop ensuring
it stops at the end of the attribute list or at the end of the Master File
Table. This guards against out-of-bounds reads and prevents infinite loops.
Reported-by: Daniel Axtens <dja@axtens.net>
Signed-off-by: Michael Chang <mchang@suse.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/fs/ntfs.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/grub-core/fs/ntfs.c b/grub-core/fs/ntfs.c
index de435aa14..8a5384247 100644
--- a/grub-core/fs/ntfs.c
+++ b/grub-core/fs/ntfs.c
@@ -139,6 +139,8 @@ free_attr (struct grub_ntfs_attr *at)
static grub_uint8_t *
find_attr (struct grub_ntfs_attr *at, grub_uint8_t attr)
{
+ grub_uint8_t *mft_end;
+
if (at->flags & GRUB_NTFS_AF_ALST)
{
retry:
@@ -191,7 +193,8 @@ find_attr (struct grub_ntfs_attr *at, grub_uint8_t attr)
return NULL;
}
at->attr_cur = at->attr_nxt;
- while (*at->attr_cur != 0xFF)
+ mft_end = at->mft->buf + (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR);
+ while (at->attr_cur < mft_end && *at->attr_cur != 0xFF)
{
at->attr_nxt += u16at (at->attr_cur, 4);
if (*at->attr_cur == GRUB_NTFS_AT_ATTRIBUTE_LIST)
--
2.33.0

144
backport-0016-fs-ntfs-Track-the-end-of-the-MFT-attribute-buffer.patch Normal file
View File

@ -0,0 +1,144 @@
From 237a71184a32d1ef7732f5f49ed6a89c5fe1c99a Mon Sep 17 00:00:00 2001
From: B Horn <b@horn.uk>
Date: Tue, 7 Jan 2025 11:38:34 +0000
Subject: [PATCH 16/73] fs/ntfs: Track the end of the MFT attribute buffer
The end of the attribute buffer should be stored alongside the rest of
the attribute struct as right now it is not possible to implement bounds
checking when accessing attributes sequentially.
This is done via:
- updating init_attr() to set at->end and check is is not initially out of bounds,
- implementing checks as init_attr() had its type change in its callers,
- updating the value of at->end when needed.
Signed-off-by: B Horn <b@horn.uk>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/fs/ntfs.c | 34 ++++++++++++++++++++++++++++------
include/grub/ntfs.h | 1 +
2 files changed, 29 insertions(+), 6 deletions(-)
diff --git a/grub-core/fs/ntfs.c b/grub-core/fs/ntfs.c
index 8a5384247..dbda720e1 100644
--- a/grub-core/fs/ntfs.c
+++ b/grub-core/fs/ntfs.c
@@ -119,13 +119,20 @@ static grub_err_t read_data (struct grub_ntfs_attr *at, grub_uint8_t *pa,
grub_disk_read_hook_t read_hook,
void *read_hook_data);
-static void
+static grub_err_t
init_attr (struct grub_ntfs_attr *at, struct grub_ntfs_file *mft)
{
at->mft = mft;
at->flags = (mft == &mft->data->mmft) ? GRUB_NTFS_AF_MMFT : 0;
at->attr_nxt = mft->buf + first_attr_off (mft->buf);
+ at->end = mft->buf + (mft->data->mft_size << GRUB_NTFS_BLK_SHR);
+
+ if (at->attr_nxt > at->end)
+ return grub_error (GRUB_ERR_BAD_FS, "attributes start outside the MFT");
+
at->attr_end = at->emft_buf = at->edat_buf = at->sbuf = NULL;
+
+ return GRUB_ERR_NONE;
}
static void
@@ -239,6 +246,10 @@ find_attr (struct grub_ntfs_attr *at, grub_uint8_t attr)
pa_end = at->mft->buf + (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR);
}
at->flags |= GRUB_NTFS_AF_ALST;
+
+ /* From this point on pa_end is the end of the buffer */
+ at->end = pa_end;
+
while (at->attr_nxt < at->attr_end)
{
if ((*at->attr_nxt == attr) || (attr == 0))
@@ -298,7 +309,9 @@ locate_attr (struct grub_ntfs_attr *at, struct grub_ntfs_file *mft,
{
grub_uint8_t *pa;
- init_attr (at, mft);
+ if (init_attr (at, mft) != GRUB_ERR_NONE)
+ return NULL;
+
pa = find_attr (at, attr);
if (pa == NULL)
return NULL;
@@ -314,7 +327,8 @@ locate_attr (struct grub_ntfs_attr *at, struct grub_ntfs_file *mft,
}
grub_errno = GRUB_ERR_NONE;
free_attr (at);
- init_attr (at, mft);
+ if (init_attr (at, mft) != GRUB_ERR_NONE)
+ return NULL;
pa = find_attr (at, attr);
}
return pa;
@@ -585,7 +599,7 @@ init_file (struct grub_ntfs_file *mft, grub_uint64_t mftno)
mft->attr.attr_end = 0; /* Don't jump to attribute list */
}
else
- init_attr (&mft->attr, mft);
+ return init_attr (&mft->attr, mft);
return 0;
}
@@ -811,7 +825,9 @@ grub_ntfs_iterate_dir (grub_fshelp_node_t dir,
bmp = NULL;
at = &attr;
- init_attr (at, mft);
+ if (init_attr (at, mft) != GRUB_ERR_NONE)
+ return 0;
+
while (1)
{
cur_pos = find_attr (at, GRUB_NTFS_AT_INDEX_ROOT);
@@ -842,7 +858,9 @@ grub_ntfs_iterate_dir (grub_fshelp_node_t dir,
bitmap = NULL;
bitmap_len = 0;
free_attr (at);
+ /* No need to check errors here, as it will already be fine */
init_attr (at, mft);
+
while ((cur_pos = find_attr (at, GRUB_NTFS_AT_BITMAP)) != NULL)
{
int ofs;
@@ -1207,6 +1225,7 @@ grub_ntfs_label (grub_device_t device, char **label)
struct grub_ntfs_data *data = 0;
struct grub_fshelp_node *mft = 0;
grub_uint8_t *pa;
+ grub_err_t err;
grub_dl_ref (my_mod);
@@ -1232,7 +1251,10 @@ grub_ntfs_label (grub_device_t device, char **label)
goto fail;
}
- init_attr (&mft->attr, mft);
+ err = init_attr (&mft->attr, mft);
+ if (err != GRUB_ERR_NONE)
+ return err;
+
pa = find_attr (&mft->attr, GRUB_NTFS_AT_VOLUME_NAME);
if (pa >= mft->buf + (mft->data->mft_size << GRUB_NTFS_BLK_SHR))
diff --git a/include/grub/ntfs.h b/include/grub/ntfs.h
index d1a6af696..ec1c4db38 100644
--- a/include/grub/ntfs.h
+++ b/include/grub/ntfs.h
@@ -134,6 +134,7 @@ struct grub_ntfs_attr
grub_uint8_t *attr_cur, *attr_nxt, *attr_end;
grub_uint32_t save_pos;
grub_uint8_t *sbuf;
+ grub_uint8_t *end;
struct grub_ntfs_file *mft;
};
--
2.33.0

186
backport-0017-fs-ntfs-Use-a-helper-function-to-access-attributes.patch Normal file
View File

@ -0,0 +1,186 @@
From 048777bc29043403d077d41a81d0183767b8bc71 Mon Sep 17 00:00:00 2001
From: B Horn <b@horn.uk>
Date: Tue, 14 May 2024 12:39:56 +0100
Subject: [PATCH 17/73] fs/ntfs: Use a helper function to access attributes
Right now to access the next attribute the code reads the length of the
current attribute and adds that to the current pointer. This is error
prone as bounds checking needs to be performed all over the place. So,
implement a helper and ensure its used across find_attr() and read_attr().
This commit does *not* implement full bounds checking. It is just the
preparation work for this to be added into the helper.
Signed-off-by: B Horn <b@horn.uk>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/fs/ntfs.c | 69 ++++++++++++++++++++++++++++++++++++---------
include/grub/ntfs.h | 2 ++
2 files changed, 58 insertions(+), 13 deletions(-)
diff --git a/grub-core/fs/ntfs.c b/grub-core/fs/ntfs.c
index dbda720e1..1c678f3d0 100644
--- a/grub-core/fs/ntfs.c
+++ b/grub-core/fs/ntfs.c
@@ -70,6 +70,25 @@ res_attr_data_len (void *res_attr_ptr)
return u32at (res_attr_ptr, 0x10);
}
+/* Return the next attribute if it exists, otherwise return NULL. */
+static grub_uint8_t *
+next_attribute (grub_uint8_t *curr_attribute, void *end)
+{
+ grub_uint8_t *next = curr_attribute;
+
+ /*
+ * Need to verify we aren't exceeding the end of the buffer by reading the
+ * header for the current attribute
+ */
+ if (curr_attribute + GRUB_NTFS_ATTRIBUTE_HEADER_SIZE >= (grub_uint8_t *) end)
+ return NULL;
+
+ next += u16at (curr_attribute, 4);
+
+ return next;
+}
+
+
grub_ntfscomp_func_t grub_ntfscomp_func;
static grub_err_t
@@ -151,13 +170,13 @@ find_attr (struct grub_ntfs_attr *at, grub_uint8_t attr)
if (at->flags & GRUB_NTFS_AF_ALST)
{
retry:
- while (at->attr_nxt < at->attr_end)
+ while (at->attr_nxt)
{
at->attr_cur = at->attr_nxt;
- at->attr_nxt += u16at (at->attr_cur, 4);
+ at->attr_nxt = next_attribute (at->attr_cur, at->attr_end);
if ((*at->attr_cur == attr) || (attr == 0))
{
- grub_uint8_t *new_pos;
+ grub_uint8_t *new_pos, *end;
if (at->flags & GRUB_NTFS_AF_MMFT)
{
@@ -181,15 +200,36 @@ find_attr (struct grub_ntfs_attr *at, grub_uint8_t attr)
return NULL;
}
+ /*
+ * Only time emft_bufs is defined is in this function, with this
+ * size.
+ */
+ grub_size_t emft_buf_size =
+ at->mft->data->mft_size << GRUB_NTFS_BLK_SHR;
+
+ /*
+ * Needs to be enough space for the successful case to even
+ * bother.
+ */
+ if (first_attr_off (at->emft_buf) >= (emft_buf_size - 0x18 - 2))
+ {
+ grub_error (GRUB_ERR_BAD_FS,
+ "can\'t find 0x%X in attribute list",
+ (unsigned char) *at->attr_cur);
+ return NULL;
+ }
+
new_pos = &at->emft_buf[first_attr_off (at->emft_buf)];
- while (*new_pos != 0xFF)
+ end = &at->emft_buf[emft_buf_size];
+
+ while (new_pos && *new_pos != 0xFF)
{
if ((*new_pos == *at->attr_cur)
&& (u16at (new_pos, 0xE) == u16at (at->attr_cur, 0x18)))
{
return new_pos;
}
- new_pos += u16at (new_pos, 4);
+ new_pos = next_attribute (new_pos, end);
}
grub_error (GRUB_ERR_BAD_FS,
"can\'t find 0x%X in attribute list",
@@ -203,7 +243,7 @@ find_attr (struct grub_ntfs_attr *at, grub_uint8_t attr)
mft_end = at->mft->buf + (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR);
while (at->attr_cur < mft_end && *at->attr_cur != 0xFF)
{
- at->attr_nxt += u16at (at->attr_cur, 4);
+ at->attr_nxt = next_attribute (at->attr_cur, at->end);
if (*at->attr_cur == GRUB_NTFS_AT_ATTRIBUTE_LIST)
at->attr_end = at->attr_cur;
if ((*at->attr_cur == attr) || (attr == 0))
@@ -250,13 +290,14 @@ find_attr (struct grub_ntfs_attr *at, grub_uint8_t attr)
/* From this point on pa_end is the end of the buffer */
at->end = pa_end;
- while (at->attr_nxt < at->attr_end)
+ while (at->attr_nxt)
{
if ((*at->attr_nxt == attr) || (attr == 0))
break;
- at->attr_nxt += u16at (at->attr_nxt, 4);
+ at->attr_nxt = next_attribute (at->attr_nxt, pa_end);
}
- if (at->attr_nxt >= at->attr_end)
+
+ if (at->attr_nxt >= at->attr_end || at->attr_nxt == NULL)
return NULL;
if ((at->flags & GRUB_NTFS_AF_MMFT) && (attr == GRUB_NTFS_AT_DATA))
@@ -277,7 +318,8 @@ find_attr (struct grub_ntfs_attr *at, grub_uint8_t attr)
grub_cpu_to_le32 (at->mft->data->mft_start
+ 1));
pa = at->attr_nxt + u16at (pa, 4);
- while (pa < at->attr_end)
+
+ while (pa)
{
if (*pa != attr)
break;
@@ -293,7 +335,7 @@ find_attr (struct grub_ntfs_attr *at, grub_uint8_t attr)
u32at (pa, 0x10) * (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR),
at->mft->data->mft_size << GRUB_NTFS_BLK_SHR, 0, 0, 0))
return NULL;
- pa += u16at (pa, 4);
+ pa = next_attribute (pa, pa_end);
}
at->attr_nxt = at->attr_cur;
at->flags &= ~GRUB_NTFS_AF_GPOS;
@@ -530,14 +572,15 @@ read_attr (struct grub_ntfs_attr *at, grub_uint8_t *dest, grub_disk_addr_t ofs,
else
vcn = ofs >> (at->mft->data->log_spc + GRUB_NTFS_BLK_SHR);
pa = at->attr_nxt + u16at (at->attr_nxt, 4);
- while (pa < at->attr_end)
+
+ while (pa)
{
if (*pa != attr)
break;
if (u32at (pa, 8) > vcn)
break;
at->attr_nxt = pa;
- pa += u16at (pa, 4);
+ pa = next_attribute (pa, at->attr_end);
}
}
pp = find_attr (at, attr);
diff --git a/include/grub/ntfs.h b/include/grub/ntfs.h
index ec1c4db38..2c8078403 100644
--- a/include/grub/ntfs.h
+++ b/include/grub/ntfs.h
@@ -89,6 +89,8 @@ enum
#define GRUB_NTFS_COM_SEC (GRUB_NTFS_COM_LEN >> GRUB_NTFS_BLK_SHR)
#define GRUB_NTFS_LOG_COM_SEC (GRUB_NTFS_COM_LOG_LEN - GRUB_NTFS_BLK_SHR)
+#define GRUB_NTFS_ATTRIBUTE_HEADER_SIZE 16
+
enum
{
GRUB_NTFS_AF_ALST = 1,
--
2.33.0

248
backport-0018-fs-ntfs-Implement-attribute-verification.patch Normal file
View File

@ -0,0 +1,248 @@
From 067b6d225d482280abad03944f04e30abcbdafa1 Mon Sep 17 00:00:00 2001
From: B Horn <b@horn.uk>
Date: Tue, 14 May 2024 12:39:56 +0100
Subject: [PATCH 18/73] fs/ntfs: Implement attribute verification
It was possible to read OOB when an attribute had a size that exceeded
the allocated buffer. This resolves that by making sure all attributes
that get read are fully in the allocated space by implementing
a function to validate them.
Defining the offsets in include/grub/ntfs.h but they are only used in
the validation function and not across the rest of the NTFS code.
Signed-off-by: B Horn <b@horn.uk>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/fs/ntfs.c | 153 ++++++++++++++++++++++++++++++++++++++++++++
include/grub/ntfs.h | 22 +++++++
2 files changed, 175 insertions(+)
diff --git a/grub-core/fs/ntfs.c b/grub-core/fs/ntfs.c
index 1c678f3d0..64f4f2221 100644
--- a/grub-core/fs/ntfs.c
+++ b/grub-core/fs/ntfs.c
@@ -70,6 +70,149 @@ res_attr_data_len (void *res_attr_ptr)
return u32at (res_attr_ptr, 0x10);
}
+/*
+ * Check if the attribute is valid and doesn't exceed the allocated region.
+ * This accounts for resident and non-resident data.
+ *
+ * This is based off the documentation from the linux-ntfs project:
+ * https://flatcap.github.io/linux-ntfs/ntfs/concepts/attribute_header.html
+ */
+static bool
+validate_attribute (grub_uint8_t *attr, void *end)
+{
+ grub_size_t attr_size = 0;
+ grub_size_t min_size = 0;
+ grub_size_t spare = (grub_uint8_t *) end - attr;
+ /*
+ * Just used as a temporary variable to try and deal with cases where someone
+ * tries to overlap fields.
+ */
+ grub_size_t curr = 0;
+
+ /* Need verify we can entirely read the attributes header. */
+ if (attr + GRUB_NTFS_ATTRIBUTE_HEADER_SIZE >= (grub_uint8_t *) end)
+ goto fail;
+
+ /*
+ * So, the rest of this code uses a 16bit int for the attribute length but
+ * from reading the all the documentation I could find it says this field is
+ * actually 32bit. But let's be consistent with the rest of the code.
+ *
+ * https://elixir.bootlin.com/linux/v6.10.7/source/fs/ntfs3/ntfs.h#L370
+ */
+ attr_size = u16at (attr, GRUB_NTFS_ATTRIBUTE_LENGTH);
+
+ if (attr_size > spare)
+ goto fail;
+
+ /* Not an error case, just reached the end of the attributes. */
+ if (attr_size == 0)
+ return false;
+
+ /*
+ * Extra validation by trying to calculate a minimum possible size for this
+ * attribute. +8 from the size of the resident data struct which is the
+ * minimum that can be added.
+ */
+ min_size = GRUB_NTFS_ATTRIBUTE_HEADER_SIZE + 8;
+
+ if (min_size > attr_size)
+ goto fail;
+
+ /* Is the data is resident (0) or not (1). */
+ if (attr[GRUB_NTFS_ATTRIBUTE_RESIDENT] == 0)
+ {
+ /* Read the offset and size of the attribute. */
+ curr = u16at (attr, GRUB_NTFS_ATTRIBUTE_RES_OFFSET);
+ curr += u32at (attr, GRUB_NTFS_ATTRIBUTE_RES_LENGTH);
+ if (curr > min_size)
+ min_size = curr;
+ }
+ else
+ {
+ /*
+ * If the data is non-resident, the minimum size is 64 which is where
+ * the data runs start. We already have a minimum size of 24. So, just
+ * adding 40 to get to the real value.
+ */
+ min_size += 40;
+ if (min_size > attr_size)
+ goto fail;
+ /* If the compression unit size is > 0, +8 bytes*/
+ if (u16at (attr, GRUB_NTFS_ATTRIBUTE_COMPRESSION_UNIT_SIZE) > 0)
+ min_size += 8;
+
+ /*
+ * Need to consider the data runs now. Each member of the run has byte
+ * that describes the size of the data length and offset. Each being
+ * 4 bits in the byte.
+ */
+ curr = u16at (attr, GRUB_NTFS_ATTRIBUTE_DATA_RUNS);
+
+ if (curr + 1 > min_size)
+ min_size = curr + 1;
+
+ if (min_size > attr_size)
+ goto fail;
+
+ /*
+ * Each attribute can store multiple data runs which are stored
+ * continuously in the attribute. They exist as one header byte
+ * with up to 14 bytes following it depending on the lengths.
+ * We stop when we hit a header that is just a NUL byte.
+ *
+ * https://flatcap.github.io/linux-ntfs/ntfs/concepts/data_runs.html
+ */
+ while (attr[curr] != 0)
+ {
+ /*
+ * We stop when we hit a header that is just a NUL byte. The data
+ * run header is stored as a single byte where the top 4 bits refer
+ * to the number of bytes used to store the total length of the
+ * data run, and the number of bytes used to store the offset.
+ * These directly follow the header byte, so we use them to update
+ * the minimum size.
+ */
+ min_size += (attr[curr] & 0x7) + ((attr[curr] >> 4) & 0x7);
+ curr += min_size;
+ min_size++;
+ if (min_size > attr_size)
+ goto fail;
+ }
+ }
+
+ /* Name offset, doing this after data residence checks. */
+ if (u16at (attr, GRUB_NTFS_ATTRIBUTE_NAME_OFFSET) != 0)
+ {
+ curr = u16at (attr, GRUB_NTFS_ATTRIBUTE_NAME_OFFSET);
+ /*
+ * Multiple the name length by 2 as its UTF-16. Can be zero if this in an
+ * unamed attribute.
+ */
+ curr += attr[GRUB_NTFS_ATTRIBUTE_NAME_LENGTH] * 2;
+ if (curr > min_size)
+ min_size = curr;
+ }
+
+ /* Padded to 8 bytes. */
+ if (min_size % 8 != 0)
+ min_size += 8 - (min_size % 8);
+
+ /*
+ * At this point min_size should be exactly attr_size but being flexible
+ * here to avoid any issues.
+ */
+ if (min_size > attr_size)
+ goto fail;
+
+ return true;
+
+ fail:
+ grub_dprintf ("ntfs", "spare=%" PRIuGRUB_SIZE " min_size=%" PRIuGRUB_SIZE " attr_size=%" PRIuGRUB_SIZE "\n",
+ spare, min_size, attr_size);
+ return false;
+}
+
/* Return the next attribute if it exists, otherwise return NULL. */
static grub_uint8_t *
next_attribute (grub_uint8_t *curr_attribute, void *end)
@@ -84,6 +227,8 @@ next_attribute (grub_uint8_t *curr_attribute, void *end)
return NULL;
next += u16at (curr_attribute, 4);
+ if (validate_attribute (next, end) == false)
+ return NULL;
return next;
}
@@ -290,6 +435,9 @@ find_attr (struct grub_ntfs_attr *at, grub_uint8_t attr)
/* From this point on pa_end is the end of the buffer */
at->end = pa_end;
+ if (validate_attribute (at->attr_nxt, pa_end) == false)
+ return NULL;
+
while (at->attr_nxt)
{
if ((*at->attr_nxt == attr) || (attr == 0))
@@ -319,6 +467,9 @@ find_attr (struct grub_ntfs_attr *at, grub_uint8_t attr)
+ 1));
pa = at->attr_nxt + u16at (pa, 4);
+ if (validate_attribute (pa, pa_end) == true)
+ pa = NULL;
+
while (pa)
{
if (*pa != attr)
@@ -572,6 +723,8 @@ read_attr (struct grub_ntfs_attr *at, grub_uint8_t *dest, grub_disk_addr_t ofs,
else
vcn = ofs >> (at->mft->data->log_spc + GRUB_NTFS_BLK_SHR);
pa = at->attr_nxt + u16at (at->attr_nxt, 4);
+ if (validate_attribute (pa, at->attr_end) == false)
+ pa = NULL;
while (pa)
{
diff --git a/include/grub/ntfs.h b/include/grub/ntfs.h
index 2c8078403..77b182acf 100644
--- a/include/grub/ntfs.h
+++ b/include/grub/ntfs.h
@@ -91,6 +91,28 @@ enum
#define GRUB_NTFS_ATTRIBUTE_HEADER_SIZE 16
+/*
+ * To make attribute validation clearer the offsets for each value in the
+ * attribute headers are defined as macros.
+ *
+ * These offsets are all from:
+ * https://flatcap.github.io/linux-ntfs/ntfs/concepts/attribute_header.html
+ */
+
+/* These offsets are part of the attribute header. */
+#define GRUB_NTFS_ATTRIBUTE_LENGTH 4
+#define GRUB_NTFS_ATTRIBUTE_RESIDENT 8
+#define GRUB_NTFS_ATTRIBUTE_NAME_LENGTH 9
+#define GRUB_NTFS_ATTRIBUTE_NAME_OFFSET 10
+
+/* Offsets for values needed for resident data. */
+#define GRUB_NTFS_ATTRIBUTE_RES_LENGTH 16
+#define GRUB_NTFS_ATTRIBUTE_RES_OFFSET 20
+
+/* Offsets for values needed for non-resident data. */
+#define GRUB_NTFS_ATTRIBUTE_DATA_RUNS 32
+#define GRUB_NTFS_ATTRIBUTE_COMPRESSION_UNIT_SIZE 34
+
enum
{
GRUB_NTFS_AF_ALST = 1,
--
2.33.0

46
backport-0019-fs-xfs-Fix-out-of-bounds-read.patch Normal file
View File

@ -0,0 +1,46 @@
From 6ccc77b59d16578b10eaf8a4fe85c20b229f0d8a Mon Sep 17 00:00:00 2001
From: Michael Chang <mchang@suse.com>
Date: Fri, 31 May 2024 15:14:57 +0800
Subject: [PATCH 19/73] fs/xfs: Fix out-of-bounds read
The number of records in the root key array read from disk was not being
validated against the size of the root node. This could lead to an
out-of-bounds read.
This patch adds a check to ensure that the number of records in the root
key array does not exceed the expected size of a root node read from
disk. If this check detects an out-of-bounds condition the operation is
aborted to prevent random errors due to metadata corruption.
Reported-by: Daniel Axtens <dja@axtens.net>
Signed-off-by: Michael Chang <mchang@suse.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/fs/xfs.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/grub-core/fs/xfs.c b/grub-core/fs/xfs.c
index 8e02ab4a3..82ea33f40 100644
--- a/grub-core/fs/xfs.c
+++ b/grub-core/fs/xfs.c
@@ -595,6 +595,17 @@ grub_xfs_read_block (grub_fshelp_node_t node, grub_disk_addr_t fileblock)
do
{
grub_uint64_t i;
+ grub_addr_t keys_end, data_end;
+
+ if (grub_mul (sizeof (grub_uint64_t), nrec, &keys_end) ||
+ grub_add ((grub_addr_t) keys, keys_end, &keys_end) ||
+ grub_add ((grub_addr_t) node->data, node->data->data_size, &data_end) ||
+ keys_end > data_end)
+ {
+ grub_error (GRUB_ERR_BAD_FS, "invalid number of XFS root keys");
+ grub_free (leaf);
+ return 0;
+ }
for (i = 0; i < nrec; i++)
{
--
2.33.0

45
backport-0020-fs-xfs-Ensuring-failing-to-mount-sets-a-grub_errno.patch Normal file
View File

@ -0,0 +1,45 @@
From d1d6b7ea58aa5a80a4c4d0666b49460056c8ef0a Mon Sep 17 00:00:00 2001
From: B Horn <b@horn.uk>
Date: Sun, 12 May 2024 06:03:58 +0100
Subject: [PATCH 20/73] fs/xfs: Ensuring failing to mount sets a grub_errno
It was previously possible for grub_xfs_mount() to return NULL without
setting grub_errno if the XFS version was invalid. This resulted in it
being possible for grub_dl_unref() to be called twice allowing the XFS
module to be unloaded while there were still references to it.
Fixing this problem in general by ensuring a grub_errno is set if the
fail label is reached.
Reported-by: B Horn <b@horn.uk>
Signed-off-by: B Horn <b@horn.uk>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/fs/xfs.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/grub-core/fs/xfs.c b/grub-core/fs/xfs.c
index 82ea33f40..8c0d60f7d 100644
--- a/grub-core/fs/xfs.c
+++ b/grub-core/fs/xfs.c
@@ -327,6 +327,8 @@ static int grub_xfs_sb_valid(struct grub_xfs_data *data)
}
return 1;
}
+
+ grub_error (GRUB_ERR_BAD_FS, "unsupported XFS filesystem version");
return 0;
}
@@ -1068,7 +1070,7 @@ grub_xfs_mount (grub_disk_t disk)
return data;
fail:
- if (grub_errno == GRUB_ERR_OUT_OF_RANGE)
+ if (grub_errno == GRUB_ERR_OUT_OF_RANGE || grub_errno == GRUB_ERR_NONE)
grub_error (GRUB_ERR_BAD_FS, "not an XFS filesystem");
grub_free (data);
--
2.33.0

35
backport-0021-kern-file-Ensure-file-data-is-set.patch Normal file
View File

@ -0,0 +1,35 @@
From a7910687294b29288ac649e71b47493c93294f17 Mon Sep 17 00:00:00 2001
From: B Horn <b@horn.uk>
Date: Sun, 12 May 2024 03:01:40 +0100
Subject: [PATCH 21/73] kern/file: Ensure file->data is set
This is to avoid a generic issue were some filesystems would not set
data and also not set a grub_errno. This meant it was possible for many
filesystems to grub_dl_unref() themselves multiple times resulting in
it being possible to unload the filesystems while there were still
references to them, e.g., via a loopback.
Reported-by: B Horn <b@horn.uk>
Signed-off-by: B Horn <b@horn.uk>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/kern/file.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/grub-core/kern/file.c b/grub-core/kern/file.c
index 750177248..e990507fc 100644
--- a/grub-core/kern/file.c
+++ b/grub-core/kern/file.c
@@ -114,6 +114,9 @@ grub_file_open (const char *name, enum grub_file_type type)
if ((file->fs->fs_open) (file, file_name) != GRUB_ERR_NONE)
goto fail;
+ if (file->data == NULL)
+ goto fail;
+
file->name = grub_strdup (name);
grub_errno = GRUB_ERR_NONE;
--
2.33.0

443
backport-0022-kern-file-Implement-filesystem-reference-counting.patch Normal file
View File

@ -0,0 +1,443 @@
From dc58f3fa76342c15801b25d52055f975f33f9b7d Mon Sep 17 00:00:00 2001
From: B Horn <b@horn.uk>
Date: Sun, 12 May 2024 10:15:03 +0100
Subject: [PATCH 22/73] kern/file: Implement filesystem reference counting
The grub_file_open() and grub_file_close() should be the only places
that allow a reference to a filesystem to stay open. So, add grub_dl_t
to grub_fs_t and set this in the GRUB_MOD_INIT() for each filesystem to
avoid issues when filesystems forget to do it themselves or do not track
their own references, e.g. squash4.
The fs_label(), fs_uuid(), fs_mtime() and fs_read() should all ref and
unref in the same function but it is essentially redundant in GRUB
single threaded model.
Signed-off-by: B Horn <b@horn.uk>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/fs/affs.c | 1 +
grub-core/fs/bfs.c | 1 +
grub-core/fs/btrfs.c | 1 +
grub-core/fs/cbfs.c | 1 +
grub-core/fs/cpio.c | 1 +
grub-core/fs/cpio_be.c | 1 +
grub-core/fs/ext2.c | 1 +
grub-core/fs/f2fs.c | 1 +
grub-core/fs/fat.c | 1 +
grub-core/fs/hfs.c | 1 +
grub-core/fs/hfsplus.c | 1 +
grub-core/fs/iso9660.c | 1 +
grub-core/fs/jfs.c | 1 +
grub-core/fs/minix.c | 1 +
grub-core/fs/newc.c | 1 +
grub-core/fs/nilfs2.c | 1 +
grub-core/fs/ntfs.c | 1 +
grub-core/fs/odc.c | 1 +
grub-core/fs/proc.c | 1 +
grub-core/fs/reiserfs.c | 1 +
grub-core/fs/romfs.c | 1 +
grub-core/fs/sfs.c | 1 +
grub-core/fs/squash4.c | 1 +
grub-core/fs/tar.c | 1 +
grub-core/fs/udf.c | 1 +
grub-core/fs/ufs.c | 1 +
grub-core/fs/xfs.c | 1 +
grub-core/fs/zfs/zfs.c | 1 +
grub-core/kern/file.c | 7 +++++++
include/grub/fs.h | 4 ++++
30 files changed, 39 insertions(+)
diff --git a/grub-core/fs/affs.c b/grub-core/fs/affs.c
index ed606b3..9b0afb9 100644
--- a/grub-core/fs/affs.c
+++ b/grub-core/fs/affs.c
@@ -703,6 +703,7 @@ static struct grub_fs grub_affs_fs =
GRUB_MOD_INIT(affs)
{
+ grub_affs_fs.mod = mod;
grub_fs_register (&grub_affs_fs);
my_mod = mod;
}
diff --git a/grub-core/fs/bfs.c b/grub-core/fs/bfs.c
index 07cb3e3..f37b168 100644
--- a/grub-core/fs/bfs.c
+++ b/grub-core/fs/bfs.c
@@ -1106,6 +1106,7 @@ GRUB_MOD_INIT (bfs)
{
COMPILE_TIME_ASSERT (1 << LOG_EXTENT_SIZE ==
sizeof (struct grub_bfs_extent));
+ grub_bfs_fs.mod = mod;
grub_fs_register (&grub_bfs_fs);
}
diff --git a/grub-core/fs/btrfs.c b/grub-core/fs/btrfs.c
index 7e12dce..0dd9a81 100644
--- a/grub-core/fs/btrfs.c
+++ b/grub-core/fs/btrfs.c
@@ -3565,6 +3565,7 @@ relpath_set_env (struct grub_env_var *var,
GRUB_MOD_INIT (btrfs)
{
+ grub_btrfs_fs.mod = mod;
grub_fs_register (&grub_btrfs_fs);
cmd_info = grub_register_command("btrfs-info", grub_cmd_btrfs_info,
"DEVICE",
diff --git a/grub-core/fs/cbfs.c b/grub-core/fs/cbfs.c
index 8ab7106..2332745 100644
--- a/grub-core/fs/cbfs.c
+++ b/grub-core/fs/cbfs.c
@@ -390,6 +390,7 @@ GRUB_MOD_INIT (cbfs)
#if (defined (__i386__) || defined (__x86_64__)) && !defined (GRUB_UTIL) && !defined (GRUB_MACHINE_EMU) && !defined (GRUB_MACHINE_XEN)
init_cbfsdisk ();
#endif
+ grub_cbfs_fs.mod = mod;
grub_fs_register (&grub_cbfs_fs);
}
diff --git a/grub-core/fs/cpio.c b/grub-core/fs/cpio.c
index dab5f98..1799f7f 100644
--- a/grub-core/fs/cpio.c
+++ b/grub-core/fs/cpio.c
@@ -52,6 +52,7 @@ read_number (const grub_uint16_t *arr, grub_size_t size)
GRUB_MOD_INIT (cpio)
{
+ grub_cpio_fs.mod = mod;
grub_fs_register (&grub_cpio_fs);
}
diff --git a/grub-core/fs/cpio_be.c b/grub-core/fs/cpio_be.c
index 8465488..7bed1b8 100644
--- a/grub-core/fs/cpio_be.c
+++ b/grub-core/fs/cpio_be.c
@@ -52,6 +52,7 @@ read_number (const grub_uint16_t *arr, grub_size_t size)
GRUB_MOD_INIT (cpio_be)
{
+ grub_cpio_fs.mod = mod;
grub_fs_register (&grub_cpio_fs);
}
diff --git a/grub-core/fs/ext2.c b/grub-core/fs/ext2.c
index 3f9f6b2..c3058f7 100644
--- a/grub-core/fs/ext2.c
+++ b/grub-core/fs/ext2.c
@@ -1131,6 +1131,7 @@ static struct grub_fs grub_ext2_fs =
GRUB_MOD_INIT(ext2)
{
+ grub_ext2_fs.mod = mod;
grub_fs_register (&grub_ext2_fs);
my_mod = mod;
}
diff --git a/grub-core/fs/f2fs.c b/grub-core/fs/f2fs.c
index db8a65f..f6d6bea 100644
--- a/grub-core/fs/f2fs.c
+++ b/grub-core/fs/f2fs.c
@@ -1353,6 +1353,7 @@ static struct grub_fs grub_f2fs_fs = {
GRUB_MOD_INIT (f2fs)
{
+ grub_f2fs_fs.mod = mod;
grub_fs_register (&grub_f2fs_fs);
my_mod = mod;
}
diff --git a/grub-core/fs/fat.c b/grub-core/fs/fat.c
index c5efed7..6e62b91 100644
--- a/grub-core/fs/fat.c
+++ b/grub-core/fs/fat.c
@@ -1312,6 +1312,7 @@ GRUB_MOD_INIT(fat)
#endif
{
COMPILE_TIME_ASSERT (sizeof (struct grub_fat_dir_entry) == 32);
+ grub_fat_fs.mod = mod;
grub_fs_register (&grub_fat_fs);
my_mod = mod;
}
diff --git a/grub-core/fs/hfs.c b/grub-core/fs/hfs.c
index 920112b..ce7581d 100644
--- a/grub-core/fs/hfs.c
+++ b/grub-core/fs/hfs.c
@@ -1434,6 +1434,7 @@ static struct grub_fs grub_hfs_fs =
GRUB_MOD_INIT(hfs)
{
+ grub_hfs_fs.mod = mod;
if (!grub_is_lockdown ())
grub_fs_register (&grub_hfs_fs);
my_mod = mod;
diff --git a/grub-core/fs/hfsplus.c b/grub-core/fs/hfsplus.c
index de71fd4..3f203ab 100644
--- a/grub-core/fs/hfsplus.c
+++ b/grub-core/fs/hfsplus.c
@@ -1176,6 +1176,7 @@ static struct grub_fs grub_hfsplus_fs =
GRUB_MOD_INIT(hfsplus)
{
+ grub_hfsplus_fs.mod = mod;
grub_fs_register (&grub_hfsplus_fs);
my_mod = mod;
}
diff --git a/grub-core/fs/iso9660.c b/grub-core/fs/iso9660.c
index 8e3c95c..c73cb9c 100644
--- a/grub-core/fs/iso9660.c
+++ b/grub-core/fs/iso9660.c
@@ -1260,6 +1260,7 @@ static struct grub_fs grub_iso9660_fs =
GRUB_MOD_INIT(iso9660)
{
+ grub_iso9660_fs.mod = mod;
grub_fs_register (&grub_iso9660_fs);
my_mod = mod;
}
diff --git a/grub-core/fs/jfs.c b/grub-core/fs/jfs.c
index 70a2f49..b0283ac 100644
--- a/grub-core/fs/jfs.c
+++ b/grub-core/fs/jfs.c
@@ -1005,6 +1005,7 @@ static struct grub_fs grub_jfs_fs =
GRUB_MOD_INIT(jfs)
{
+ grub_jfs_fs.mod = mod;
grub_fs_register (&grub_jfs_fs);
my_mod = mod;
}
diff --git a/grub-core/fs/minix.c b/grub-core/fs/minix.c
index 5354951..b7679c3 100644
--- a/grub-core/fs/minix.c
+++ b/grub-core/fs/minix.c
@@ -734,6 +734,7 @@ GRUB_MOD_INIT(minix)
#endif
#endif
{
+ grub_minix_fs.mod = mod;
grub_fs_register (&grub_minix_fs);
my_mod = mod;
}
diff --git a/grub-core/fs/newc.c b/grub-core/fs/newc.c
index 4fb8b2e..43b7f8b 100644
--- a/grub-core/fs/newc.c
+++ b/grub-core/fs/newc.c
@@ -64,6 +64,7 @@ read_number (const char *str, grub_size_t size)
GRUB_MOD_INIT (newc)
{
+ grub_cpio_fs.mod = mod;
grub_fs_register (&grub_cpio_fs);
}
diff --git a/grub-core/fs/nilfs2.c b/grub-core/fs/nilfs2.c
index fc7374e..4e1e717 100644
--- a/grub-core/fs/nilfs2.c
+++ b/grub-core/fs/nilfs2.c
@@ -1231,6 +1231,7 @@ GRUB_MOD_INIT (nilfs2)
grub_nilfs2_dat_entry));
COMPILE_TIME_ASSERT (1 << LOG_INODE_SIZE
== sizeof (struct grub_nilfs2_inode));
+ grub_nilfs2_fs.mod = mod;
grub_fs_register (&grub_nilfs2_fs);
my_mod = mod;
}
diff --git a/grub-core/fs/ntfs.c b/grub-core/fs/ntfs.c
index 64f4f22..4e144cc 100644
--- a/grub-core/fs/ntfs.c
+++ b/grub-core/fs/ntfs.c
@@ -1541,6 +1541,7 @@ static struct grub_fs grub_ntfs_fs =
GRUB_MOD_INIT (ntfs)
{
+ grub_ntfs_fs.mod = mod;
grub_fs_register (&grub_ntfs_fs);
my_mod = mod;
}
diff --git a/grub-core/fs/odc.c b/grub-core/fs/odc.c
index 7900006..8e4e8ae 100644
--- a/grub-core/fs/odc.c
+++ b/grub-core/fs/odc.c
@@ -52,6 +52,7 @@ read_number (const char *str, grub_size_t size)
GRUB_MOD_INIT (odc)
{
+ grub_cpio_fs.mod = mod;
grub_fs_register (&grub_cpio_fs);
}
diff --git a/grub-core/fs/proc.c b/grub-core/fs/proc.c
index 5f51650..bcde433 100644
--- a/grub-core/fs/proc.c
+++ b/grub-core/fs/proc.c
@@ -192,6 +192,7 @@ static struct grub_fs grub_procfs_fs =
GRUB_MOD_INIT (procfs)
{
+ grub_procfs_fs.mod = mod;
grub_disk_dev_register (&grub_procfs_dev);
grub_fs_register (&grub_procfs_fs);
}
diff --git a/grub-core/fs/reiserfs.c b/grub-core/fs/reiserfs.c
index 36b26ac..c3850e0 100644
--- a/grub-core/fs/reiserfs.c
+++ b/grub-core/fs/reiserfs.c
@@ -1417,6 +1417,7 @@ static struct grub_fs grub_reiserfs_fs =
GRUB_MOD_INIT(reiserfs)
{
+ grub_reiserfs_fs.mod = mod;
grub_fs_register (&grub_reiserfs_fs);
my_mod = mod;
}
diff --git a/grub-core/fs/romfs.c b/grub-core/fs/romfs.c
index 1f7dcfc..56b0b2b 100644
--- a/grub-core/fs/romfs.c
+++ b/grub-core/fs/romfs.c
@@ -475,6 +475,7 @@ static struct grub_fs grub_romfs_fs =
GRUB_MOD_INIT(romfs)
{
+ grub_romfs_fs.mod = mod;
grub_fs_register (&grub_romfs_fs);
}
diff --git a/grub-core/fs/sfs.c b/grub-core/fs/sfs.c
index 983e880..f0d7cac 100644
--- a/grub-core/fs/sfs.c
+++ b/grub-core/fs/sfs.c
@@ -779,6 +779,7 @@ static struct grub_fs grub_sfs_fs =
GRUB_MOD_INIT(sfs)
{
+ grub_sfs_fs.mod = mod;
grub_fs_register (&grub_sfs_fs);
my_mod = mod;
}
diff --git a/grub-core/fs/squash4.c b/grub-core/fs/squash4.c
index a30e6eb..6e9d638 100644
--- a/grub-core/fs/squash4.c
+++ b/grub-core/fs/squash4.c
@@ -1044,6 +1044,7 @@ static struct grub_fs grub_squash_fs =
GRUB_MOD_INIT(squash4)
{
+ grub_squash_fs.mod = mod;
grub_fs_register (&grub_squash_fs);
}
diff --git a/grub-core/fs/tar.c b/grub-core/fs/tar.c
index 386c090..fd2ec1f 100644
--- a/grub-core/fs/tar.c
+++ b/grub-core/fs/tar.c
@@ -354,6 +354,7 @@ static struct grub_fs grub_cpio_fs = {
GRUB_MOD_INIT (tar)
{
+ grub_cpio_fs.mod = mod;
grub_fs_register (&grub_cpio_fs);
}
diff --git a/grub-core/fs/udf.c b/grub-core/fs/udf.c
index b836e61..8765c63 100644
--- a/grub-core/fs/udf.c
+++ b/grub-core/fs/udf.c
@@ -1455,6 +1455,7 @@ static struct grub_fs grub_udf_fs = {
GRUB_MOD_INIT (udf)
{
+ grub_udf_fs.mod = mod;
grub_fs_register (&grub_udf_fs);
my_mod = mod;
}
diff --git a/grub-core/fs/ufs.c b/grub-core/fs/ufs.c
index 0123510..e82d935 100644
--- a/grub-core/fs/ufs.c
+++ b/grub-core/fs/ufs.c
@@ -899,6 +899,7 @@ GRUB_MOD_INIT(ufs1)
#endif
#endif
{
+ grub_ufs_fs.mod = mod;
grub_fs_register (&grub_ufs_fs);
my_mod = mod;
}
diff --git a/grub-core/fs/xfs.c b/grub-core/fs/xfs.c
index 3c94ed1..f030c5b 100644
--- a/grub-core/fs/xfs.c
+++ b/grub-core/fs/xfs.c
@@ -1304,6 +1304,7 @@ static struct grub_fs grub_xfs_fs =
GRUB_MOD_INIT(xfs)
{
+ grub_xfs_fs.mod = mod;
grub_fs_register (&grub_xfs_fs);
my_mod = mod;
}
diff --git a/grub-core/fs/zfs/zfs.c b/grub-core/fs/zfs/zfs.c
index b5453e0..a497b18 100644
--- a/grub-core/fs/zfs/zfs.c
+++ b/grub-core/fs/zfs/zfs.c
@@ -4424,6 +4424,7 @@ static struct grub_fs grub_zfs_fs = {
GRUB_MOD_INIT (zfs)
{
COMPILE_TIME_ASSERT (sizeof (zap_leaf_chunk_t) == ZAP_LEAF_CHUNKSIZE);
+ grub_zfs_fs.mod = mod;
grub_fs_register (&grub_zfs_fs);
#ifndef GRUB_UTIL
my_mod = mod;
diff --git a/grub-core/kern/file.c b/grub-core/kern/file.c
index e990507..6e7efe8 100644
--- a/grub-core/kern/file.c
+++ b/grub-core/kern/file.c
@@ -25,6 +25,7 @@
#include <grub/fs.h>
#include <grub/device.h>
#include <grub/i18n.h>
+#include <grub/dl.h>
void (*EXPORT_VAR (grub_grubnet_fini)) (void);
@@ -117,6 +118,9 @@ grub_file_open (const char *name, enum grub_file_type type)
if (file->data == NULL)
goto fail;
+ if (file->fs->mod)
+ grub_dl_ref (file->fs->mod);
+
file->name = grub_strdup (name);
grub_errno = GRUB_ERR_NONE;
@@ -197,6 +201,9 @@ grub_file_read (grub_file_t file, void *buf, grub_size_t len)
grub_err_t
grub_file_close (grub_file_t file)
{
+ if (file->fs->mod)
+ grub_dl_unref (file->fs->mod);
+
if (file->fs->fs_close)
(file->fs->fs_close) (file);
diff --git a/include/grub/fs.h b/include/grub/fs.h
index 4c380e3..9c82061 100644
--- a/include/grub/fs.h
+++ b/include/grub/fs.h
@@ -23,6 +23,7 @@
#include <grub/device.h>
#include <grub/symbol.h>
#include <grub/types.h>
+#include <grub/dl.h>
#include <grub/list.h>
/* For embedding types. */
@@ -57,6 +58,9 @@ struct grub_fs
/* My name. */
const char *name;
+ /* My module */
+ grub_dl_t mod;
+
/* Call HOOK with each file under DIR. */
grub_err_t (*fs_dir) (grub_device_t device, const char *path,
grub_fs_dir_hook_t hook, void *hook_data);
--
2.33.0

341
backport-0023-disk-cryptodisk-Require-authentication-after-TPM-unl.patch Normal file
View File

@ -0,0 +1,341 @@
From d88f6f068ba813ebb3c62bdc7f3a8367ec13a1a5 Mon Sep 17 00:00:00 2001
From: Michael Chang <mchang@suse.com>
Date: Thu, 29 Aug 2024 13:27:30 +0800
Subject: [PATCH 23/73] disk/cryptodisk: Require authentication after TPM unlock for
CLI access
The GRUB may use TPM to verify the integrity of boot components and the
result can determine whether a previously sealed key can be released. If
everything checks out, showing nothing has been tampered with, the key
is released and GRUB unlocks the encrypted root partition for the next
stage of booting.
However, the liberal Command Line Interface (CLI) can be misused by
anyone in this case to access files in the encrypted partition one way
or another. Despite efforts to keep the CLI secure by preventing utility
command output from leaking file content, many techniques in the wild
could still be used to exploit the CLI, enabling attacks or learning
methods to attack. It's nearly impossible to account for all scenarios
where a hack could be applied.
Therefore, to mitigate potential misuse of the CLI after the root device
has been successfully unlocked via TPM, the user should be required to
authenticate using the LUKS password. This added layer of security
ensures that only authorized users can access the CLI reducing the risk
of exploitation or unauthorized access to the encrypted partition.
Fixes: CVE-2024-49504
Signed-off-by: Michael Chang <mchang@suse.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
docs/grub.texi | 29 ++++++++++++
grub-core/disk/cryptodisk.c | 84 +++++++++++++++++++++++++++++++++++
grub-core/kern/main.c | 13 ++++++
grub-core/normal/auth.c | 30 +++++++++++++
grub-core/normal/main.c | 4 ++
grub-core/normal/menu_entry.c | 4 ++
include/grub/auth.h | 1 +
include/grub/cryptodisk.h | 4 ++
include/grub/misc.h | 2 +
9 files changed, 171 insertions(+)
diff --git a/docs/grub.texi b/docs/grub.texi
index 1603432..7ea4fd1 100644
--- a/docs/grub.texi
+++ b/docs/grub.texi
@@ -6867,6 +6867,35 @@ sign-file SHA256 grub.key certificate.der core.elf.unsigned core.elf.signed
As with UEFI secure boot, it is necessary to build in the required modules,
or sign them separately.
+@subsection Command line and menuentry editor protection
+
+The TPM key protector provides full disk encryption support on servers or
+virtual machine images, meanwhile keeping the boot process unattended. This
+prevents service disruptions by eliminating the need for manual password input
+during startup, improving system uptime and continuity. It is achieved by TPM,
+which verifies the integrity of boot components by checking cryptographic
+hashes against securely stored values, to confirm the disks are unlocked in a
+trusted state.
+
+However, for users to access the system interactively, some form of
+authentication is still required, as the disks are not unlocked by an
+authorized user. This raised concerns about using an unprotected
+@samp{command-line interface} (@pxref{Command-line interface}), as anyone could
+execute commands to access decrypted data. To address this issue, the LUKS
+password is used to ensure that only authorized users are granted access to the
+interface. Additionally, the @samp{menu entry editor} (@pxref{Menu entry
+editor}) is also safeguarded by the LUKS password, as modifying a boot entry is
+effectively the same as altering the @file{grub.cfg} file read from encrypted
+files.
+
+It is worth mentioning that the built-in password support, as described in
+@samp{Authentication and Authorization in GRUB} (@pxref{Authentication and
+authorisation}), can also be used to protect the command-line interface from
+unauthorized access. However, it is not recommended to rely on this approach as
+it is an optional step. Setting it up requires additional manual intervention,
+which increases the risk of password leakage during the process. Moreover, the
+superuser list must be well maintained, and the password used cannot be
+synchronized with LUKS key rotation.
@node Platform limitations
@chapter Platform limitations
diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c
index 4d8deba..6c01837 100644
--- a/grub-core/disk/cryptodisk.c
+++ b/grub-core/disk/cryptodisk.c
@@ -1193,6 +1193,7 @@ grub_cryptodisk_scan_device_real (const char *name,
goto error;
#ifndef GRUB_UTIL
is_tpmkey = 1;
+ grub_cli_set_auth_needed ();
#endif
goto cleanup;
}
@@ -1762,6 +1763,89 @@ luks_script_get (grub_size_t *sz)
return ret;
}
+#ifdef GRUB_MACHINE_EFI
+grub_err_t
+grub_cryptodisk_challenge_password (void)
+{
+ grub_cryptodisk_t cr_dev;
+
+ for (cr_dev = cryptodisk_list; cr_dev != NULL; cr_dev = cr_dev->next)
+ {
+ grub_cryptodisk_dev_t cr;
+ grub_disk_t source = NULL;
+ grub_err_t ret = GRUB_ERR_NONE;
+ grub_cryptodisk_t dev = NULL;
+ char *part = NULL;
+ struct grub_cryptomount_args cargs = {0};
+
+ cargs.check_boot = 0;
+ cargs.search_uuid = cr_dev->uuid;
+
+ source = grub_disk_open (cr_dev->source);
+
+ if (source == NULL)
+ {
+ ret = grub_errno;
+ goto error_out;
+ }
+
+ FOR_CRYPTODISK_DEVS (cr)
+ {
+ dev = cr->scan (source, &cargs);
+ if (grub_errno)
+ {
+ ret = grub_errno;
+ goto error_out;
+ }
+ if (dev == NULL)
+ continue;
+ break;
+ }
+
+ if (dev == NULL)
+ {
+ ret = grub_error (GRUB_ERR_BAD_MODULE, "no cryptodisk module can handle this device");
+ goto error_out;
+ }
+
+ part = grub_partition_get_name (source->partition);
+ grub_printf_ (N_("Enter passphrase for %s%s%s (%s): "), source->name,
+ source->partition != NULL ? "," : "",
+ part != NULL ? part : N_("UNKNOWN"), cr_dev->uuid);
+ grub_free (part);
+
+ cargs.key_data = grub_malloc (GRUB_CRYPTODISK_MAX_PASSPHRASE);
+ if (cargs.key_data == NULL)
+ {
+ ret = grub_errno;
+ goto error_out;
+ }
+
+ if (!grub_password_get ((char *) cargs.key_data, GRUB_CRYPTODISK_MAX_PASSPHRASE))
+ {
+ ret = grub_error (GRUB_ERR_BAD_ARGUMENT, "passphrase not supplied");
+ goto error_out;
+ }
+ cargs.key_len = grub_strlen ((char *) cargs.key_data);
+ ret = cr->recover_key (source, dev, &cargs);
+
+ error_out:
+ grub_disk_close (source);
+ if (dev != NULL)
+ cryptodisk_close (dev);
+ if (cargs.key_data)
+ {
+ grub_memset (cargs.key_data, 0, cargs.key_len);
+ grub_free (cargs.key_data);
+ }
+
+ return ret;
+ }
+
+ return GRUB_ERR_NONE;
+}
+#endif /* GRUB_MACHINE_EFI */
+
struct grub_procfs_entry luks_script =
{
.name = "luks_script",
diff --git a/grub-core/kern/main.c b/grub-core/kern/main.c
index 37f936c..ea49650 100644
--- a/grub-core/kern/main.c
+++ b/grub-core/kern/main.c
@@ -35,6 +35,8 @@
#include <grub/machine/memory.h>
#endif
+static bool cli_need_auth = false;
+
grub_addr_t
grub_modules_get_end (void)
{
@@ -236,6 +238,17 @@ grub_load_normal_mode (void)
grub_command_execute ("normal", 0, 0);
}
+bool
+grub_is_cli_need_auth (void)
+{
+ return cli_need_auth;
+}
+
+void grub_cli_set_auth_needed (void)
+{
+ cli_need_auth = true;
+}
+
static void
reclaim_module_space (void)
{
diff --git a/grub-core/normal/auth.c b/grub-core/normal/auth.c
index 517fc62..2f6c7b0 100644
--- a/grub-core/normal/auth.c
+++ b/grub-core/normal/auth.c
@@ -25,6 +25,10 @@
#include <grub/time.h>
#include <grub/i18n.h>
+#ifdef GRUB_MACHINE_EFI
+#include <grub/cryptodisk.h>
+#endif
+
struct grub_auth_user
{
struct grub_auth_user *next;
@@ -200,6 +204,32 @@ grub_username_get (char buf[], unsigned buf_size)
return (key != GRUB_TERM_ESC);
}
+grub_err_t
+grub_auth_check_cli_access (void)
+{
+ if (grub_is_cli_need_auth () == true)
+ {
+#ifdef GRUB_MACHINE_EFI
+ static bool authenticated = false;
+
+ if (authenticated == false)
+ {
+ grub_err_t ret;
+
+ ret = grub_cryptodisk_challenge_password ();
+ if (ret == GRUB_ERR_NONE)
+ authenticated = true;
+ return ret;
+ }
+ return GRUB_ERR_NONE;
+#else
+ return GRUB_ACCESS_DENIED;
+#endif
+ }
+
+ return GRUB_ERR_NONE;
+}
+
grub_err_t
grub_auth_check_authentication (const char *userlist)
{
diff --git a/grub-core/normal/main.c b/grub-core/normal/main.c
index 06d91c0..1c87ad7 100644
--- a/grub-core/normal/main.c
+++ b/grub-core/normal/main.c
@@ -505,9 +505,13 @@ grub_cmdline_run (int nested, int force_auth)
}
while (err && force_auth);
+ if (err == GRUB_ERR_NONE)
+ err = grub_auth_check_cli_access ();
+
if (err)
{
grub_print_error ();
+ grub_wait_after_message ();
grub_errno = GRUB_ERR_NONE;
return;
}
diff --git a/grub-core/normal/menu_entry.c b/grub-core/normal/menu_entry.c
index e5ba91e..06682a3 100644
--- a/grub-core/normal/menu_entry.c
+++ b/grub-core/normal/menu_entry.c
@@ -1256,9 +1256,13 @@ grub_menu_entry_run (grub_menu_entry_t entry)
err = grub_auth_check_authentication (NULL);
+ if (err == GRUB_ERR_NONE)
+ err = grub_auth_check_cli_access ();
+
if (err)
{
grub_print_error ();
+ grub_wait_after_message ();
grub_errno = GRUB_ERR_NONE;
return;
}
diff --git a/include/grub/auth.h b/include/grub/auth.h
index 7473344..21d5190 100644
--- a/include/grub/auth.h
+++ b/include/grub/auth.h
@@ -33,5 +33,6 @@ grub_err_t grub_auth_unregister_authentication (const char *user);
grub_err_t grub_auth_authenticate (const char *user);
grub_err_t grub_auth_deauthenticate (const char *user);
grub_err_t grub_auth_check_authentication (const char *userlist);
+grub_err_t grub_auth_check_cli_access (void);
#endif /* ! GRUB_AUTH_HEADER */
diff --git a/include/grub/cryptodisk.h b/include/grub/cryptodisk.h
index d0804a7..f29b0dc 100644
--- a/include/grub/cryptodisk.h
+++ b/include/grub/cryptodisk.h
@@ -203,6 +203,10 @@ grub_util_get_geli_uuid (const char *dev);
grub_cryptodisk_t grub_cryptodisk_get_by_uuid (const char *uuid);
grub_cryptodisk_t grub_cryptodisk_get_by_source_disk (grub_disk_t disk);
+#ifdef GRUB_MACHINE_EFI
+grub_err_t grub_cryptodisk_challenge_password (void);
+#endif
+
struct grub_secret_entry {
/* as named list */
struct grub_secret_entry *next;
diff --git a/include/grub/misc.h b/include/grub/misc.h
index 1031754..2bd45ca 100644
--- a/include/grub/misc.h
+++ b/include/grub/misc.h
@@ -429,6 +429,8 @@ void EXPORT_FUNC(grub_abort) (void) __attribute__ ((noreturn));
grub_uint64_t EXPORT_FUNC(grub_divmod64) (grub_uint64_t n,
grub_uint64_t d,
grub_uint64_t *r);
+extern bool EXPORT_FUNC(grub_is_cli_need_auth) (void);
+extern void EXPORT_FUNC(grub_cli_set_auth_needed) (void);
/* Must match softdiv group in gentpl.py. */
#if !defined(GRUB_MACHINE_EMU) && (defined(__arm__) || defined(__ia64__) || \
--
2.33.0

104
backport-0024-disk-loopback-Reference-tracking-for-the-loopback.patch Normal file
View File

@ -0,0 +1,104 @@
From abff01c61155a33c22d259c224ce2d7f9fae54f7 Mon Sep 17 00:00:00 2001
From: B Horn <b@horn.uk>
Date: Sun, 12 May 2024 03:26:19 +0100
Subject: [PATCH 24/73] disk/loopback: Reference tracking for the loopback
It was possible to delete a loopback while there were still references
to it. This led to an exploitable use-after-free.
Fixed by implementing a reference counting in the grub_loopback struct.
Reported-by: B Horn <b@horn.uk>
Signed-off-by: B Horn <b@horn.uk>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/disk/loopback.c | 18 ++++++++++++++++++
include/grub/err.h | 1 +
2 files changed, 19 insertions(+)
diff --git a/grub-core/disk/loopback.c b/grub-core/disk/loopback.c
index 4635dcf..2bea4e9 100644
--- a/grub-core/disk/loopback.c
+++ b/grub-core/disk/loopback.c
@@ -24,6 +24,7 @@
#include <grub/mm.h>
#include <grub/extcmd.h>
#include <grub/i18n.h>
+#include <grub/safemath.h>
GRUB_MOD_LICENSE ("GPLv3+");
@@ -33,6 +34,7 @@ struct grub_loopback
grub_file_t file;
struct grub_loopback *next;
unsigned long id;
+ grub_uint64_t refcnt;
};
static struct grub_loopback *loopback_list;
@@ -64,6 +66,8 @@ delete_loopback (const char *name)
if (! dev)
return grub_error (GRUB_ERR_BAD_DEVICE, "device not found");
+ if (dev->refcnt > 0)
+ return grub_error (GRUB_ERR_STILL_REFERENCED, "device still referenced");
/* Remove the device from the list. */
*prev = dev->next;
@@ -120,6 +124,7 @@ grub_cmd_loopback (grub_extcmd_context_t ctxt, int argc, char **args)
newdev->file = file;
newdev->id = last_id++;
+ newdev->refcnt = 0;
/* Add the new entry to the list. */
newdev->next = loopback_list;
@@ -161,6 +166,9 @@ grub_loopback_open (const char *name, grub_disk_t disk)
if (! dev)
return grub_error (GRUB_ERR_UNKNOWN_DEVICE, "can't open device");
+ if (grub_add (dev->refcnt, 1, &dev->refcnt))
+ grub_fatal ("Reference count overflow");
+
/* Use the filesize for the disk size, round up to a complete sector. */
if (dev->file->size != GRUB_FILE_SIZE_UNKNOWN)
disk->total_sectors = ((dev->file->size + GRUB_DISK_SECTOR_SIZE - 1)
@@ -178,6 +186,15 @@ grub_loopback_open (const char *name, grub_disk_t disk)
return 0;
}
+static void
+grub_loopback_close (grub_disk_t disk)
+{
+ struct grub_loopback *dev = disk->data;
+
+ if (grub_sub (dev->refcnt, 1, &dev->refcnt))
+ grub_fatal ("Reference count underflow");
+}
+
static grub_err_t
grub_loopback_read (grub_disk_t disk, grub_disk_addr_t sector,
grub_size_t size, char *buf)
@@ -220,6 +237,7 @@ static struct grub_disk_dev grub_loopback_dev =
.id = GRUB_DISK_DEVICE_LOOPBACK_ID,
.disk_iterate = grub_loopback_iterate,
.disk_open = grub_loopback_open,
+ .disk_close = grub_loopback_close,
.disk_read = grub_loopback_read,
.disk_write = grub_loopback_write,
.next = 0
diff --git a/include/grub/err.h b/include/grub/err.h
index 322d067..7a20749 100644
--- a/include/grub/err.h
+++ b/include/grub/err.h
@@ -74,6 +74,7 @@ typedef enum
GRUB_ERR_EOF,
GRUB_ERR_BAD_SIGNATURE,
GRUB_ERR_BAD_FIRMWARE,
+ GRUB_ERR_STILL_REFERENCED,
GRUB_ERR_TPCM_VERIFY
}
grub_err_t;
--
2.33.0

121
backport-0025-kern-disk-Limit-recursion-depth.patch Normal file
View File

@ -0,0 +1,121 @@
From f0bf8bd744b17135bc5a65193706f6d7832aa306 Mon Sep 17 00:00:00 2001
From: B Horn <b@horn.uk>
Date: Sun, 12 May 2024 04:09:24 +0100
Subject: [PATCH 25/73] kern/disk: Limit recursion depth
The grub_disk_read() may trigger other disk reads, e.g. via loopbacks.
This may lead to very deep recursion which can corrupt the heap. So, fix
the issue by limiting reads depth.
Reported-by: B Horn <b@horn.uk>
Signed-off-by: B Horn <b@horn.uk>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/kern/disk.c | 27 ++++++++++++++++++++-------
include/grub/err.h | 1 +
2 files changed, 21 insertions(+), 7 deletions(-)
diff --git a/grub-core/kern/disk.c b/grub-core/kern/disk.c
index 1eda58f..82e04fd 100644
--- a/grub-core/kern/disk.c
+++ b/grub-core/kern/disk.c
@@ -28,6 +28,10 @@
#define GRUB_CACHE_TIMEOUT 2
+/* Disk reads may trigger other disk reads. So, limit recursion depth. */
+#define MAX_READ_RECURSION_DEPTH 16
+static unsigned int read_recursion_depth = 0;
+
/* The last time the disk was used. */
static grub_uint64_t grub_last_time = 0;
@@ -417,6 +421,8 @@ grub_err_t
grub_disk_read (grub_disk_t disk, grub_disk_addr_t sector,
grub_off_t offset, grub_size_t size, void *buf)
{
+ grub_err_t err = GRUB_ERR_NONE;
+
/* First of all, check if the region is within the disk. */
if (grub_disk_adjust_range (disk, &sector, &offset, size) != GRUB_ERR_NONE)
{
@@ -427,12 +433,17 @@ grub_disk_read (grub_disk_t disk, grub_disk_addr_t sector,
return grub_errno;
}
+ if (++read_recursion_depth >= MAX_READ_RECURSION_DEPTH)
+ {
+ grub_error (GRUB_ERR_RECURSION_DEPTH, "grub_disk_read(): Maximum recursion depth exceeded");
+ goto error;
+ }
+
/* First read until first cache boundary. */
if (offset || (sector & (GRUB_DISK_CACHE_SIZE - 1)))
{
grub_disk_addr_t start_sector;
grub_size_t pos;
- grub_err_t err;
grub_size_t len;
start_sector = sector & ~((grub_disk_addr_t) GRUB_DISK_CACHE_SIZE - 1);
@@ -444,7 +455,7 @@ grub_disk_read (grub_disk_t disk, grub_disk_addr_t sector,
err = grub_disk_read_small (disk, start_sector,
offset + pos, len, buf);
if (err)
- return err;
+ goto error;
buf = (char *) buf + len;
size -= len;
offset += len;
@@ -457,7 +468,6 @@ grub_disk_read (grub_disk_t disk, grub_disk_addr_t sector,
{
char *data = NULL;
grub_disk_addr_t agglomerate;
- grub_err_t err;
/* agglomerate read until we find a first cached entry. */
for (agglomerate = 0; agglomerate
@@ -493,7 +503,7 @@ grub_disk_read (grub_disk_t disk, grub_disk_addr_t sector,
- disk->log_sector_size),
buf);
if (err)
- return err;
+ goto error;
for (i = 0; i < agglomerate; i ++)
grub_disk_cache_store (disk->dev->id, disk->id,
@@ -527,13 +537,16 @@ grub_disk_read (grub_disk_t disk, grub_disk_addr_t sector,
/* And now read the last part. */
if (size)
{
- grub_err_t err;
err = grub_disk_read_small (disk, sector, 0, size, buf);
if (err)
- return err;
+ goto error;
}
- return grub_errno;
+ err = grub_errno;
+
+ error:
+ read_recursion_depth--;
+ return err;
}
grub_uint64_t
diff --git a/include/grub/err.h b/include/grub/err.h
index 7a20749..53e3e79 100644
--- a/include/grub/err.h
+++ b/include/grub/err.h
@@ -75,6 +75,7 @@ typedef enum
GRUB_ERR_BAD_SIGNATURE,
GRUB_ERR_BAD_FIRMWARE,
GRUB_ERR_STILL_REFERENCED,
+ GRUB_ERR_RECURSION_DEPTH,
GRUB_ERR_TPCM_VERIFY
}
grub_err_t;
--
2.33.0

47
backport-0026-kern-partition-Limit-recursion-in-part_iterate.patch Normal file
View File

@ -0,0 +1,47 @@
From 8a7103fddfd6664f41081f3bb88eebbf2871da2a Mon Sep 17 00:00:00 2001
From: B Horn <b@horn.uk>
Date: Sat, 16 Nov 2024 21:24:19 +0000
Subject: [PATCH 26/73] kern/partition: Limit recursion in part_iterate()
The part_iterate() is used by grub_partition_iterate() as a callback in
the partition iterate functions. However, part_iterate() may also call
the partition iterate functions which may lead to recursion. Fix potential
issue by limiting the recursion depth.
Signed-off-by: B Horn <b@horn.uk>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/kern/partition.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/grub-core/kern/partition.c b/grub-core/kern/partition.c
index edad9f9e4..704512a20 100644
--- a/grub-core/kern/partition.c
+++ b/grub-core/kern/partition.c
@@ -28,6 +28,9 @@
grub_partition_map_t grub_partition_map_list;
+#define MAX_RECURSION_DEPTH 32
+static unsigned int recursion_depth = 0;
+
/*
* Checks that disk->partition contains part. This function assumes that the
* start of part is relative to the start of disk->partition. Returns 1 if
@@ -208,7 +211,12 @@ part_iterate (grub_disk_t dsk, const grub_partition_t partition, void *data)
FOR_PARTITION_MAPS(partmap)
{
grub_err_t err;
- err = partmap->iterate (dsk, part_iterate, ctx);
+ recursion_depth++;
+ if (recursion_depth <= MAX_RECURSION_DEPTH)
+ err = partmap->iterate (dsk, part_iterate, ctx);
+ else
+ err = grub_error (GRUB_ERR_RECURSION_DEPTH, "maximum recursion depth exceeded");
+ recursion_depth--;
if (err)
grub_errno = GRUB_ERR_NONE;
if (ctx->ret)
--
2.33.0

58
backport-0027-script-execute-Limit-the-recursion-depth.patch Normal file
View File

@ -0,0 +1,58 @@
From d8a937ccae5c6d86dc4375698afca5cefdcd01e1 Mon Sep 17 00:00:00 2001
From: B Horn <b@horn.uk>
Date: Thu, 18 Apr 2024 19:04:13 +0100
Subject: [PATCH 27/73] script/execute: Limit the recursion depth
If unbounded recursion is allowed it becomes possible to collide the
stack with the heap. As UEFI firmware often lacks guard pages this
becomes an exploitable issue as it is possible in some cases to do
a controlled overwrite of a section of this heap region with
arbitrary data.
Reported-by: B Horn <b@horn.uk>
Signed-off-by: B Horn <b@horn.uk>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/script/execute.c | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/grub-core/script/execute.c b/grub-core/script/execute.c
index 14ff09094..e1450f45d 100644
--- a/grub-core/script/execute.c
+++ b/grub-core/script/execute.c
@@ -33,10 +33,18 @@
is sizeof (int) * 3, and one extra for a possible -ve sign. */
#define ERRNO_DIGITS_MAX (sizeof (int) * 3 + 1)
+/*
+ * A limit on recursion, to avoid colliding with the heap. UEFI defines a baseline
+ * stack size of 128 KiB. So, assuming at most 1-2 KiB per iteration this should
+ * keep us safe.
+ */
+#define MAX_RECURSION_DEPTH 64
+
static unsigned long is_continue;
static unsigned long active_loops;
static unsigned long active_breaks;
static unsigned long function_return;
+static unsigned long recursion_depth;
#define GRUB_SCRIPT_SCOPE_MALLOCED 1
#define GRUB_SCRIPT_SCOPE_ARGS_MALLOCED 2
@@ -816,7 +824,13 @@ grub_script_execute_cmd (struct grub_script_cmd *cmd)
if (cmd == 0)
return 0;
+ recursion_depth++;
+
+ if (recursion_depth >= MAX_RECURSION_DEPTH)
+ return grub_error (GRUB_ERR_RECURSION_DEPTH, N_("maximum recursion depth exceeded"));
+
ret = cmd->exec (cmd);
+ recursion_depth--;
grub_snprintf (errnobuf, sizeof (errnobuf), "%d", ret);
grub_env_set ("?", errnobuf);
--
2.33.0

32
backport-0028-net-Unregister-net_default_ip-and-net_default_mac-va.patch Normal file
View File

@ -0,0 +1,32 @@
From d271e744753f8aa863153a822ce673055be68b03 Mon Sep 17 00:00:00 2001
From: B Horn <b@horn.uk>
Date: Thu, 28 Nov 2024 04:05:04 +0000
Subject: [PATCH 28/73] net: Unregister net_default_ip and net_default_mac variables
hooks on unload
The net module is a dependency of normal. So, it shouldn't be possible
to unload the net. Though unregister variables hooks as a precaution.
It also gets in line with unregistering the other net module hooks.
Signed-off-by: B Horn <b@horn.uk>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/net/net.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/grub-core/net/net.c b/grub-core/net/net.c
index 58d0488..6f02cea 100644
--- a/grub-core/net/net.c
+++ b/grub-core/net/net.c
@@ -2143,6 +2143,8 @@ GRUB_MOD_FINI(net)
grub_register_variable_hook ("net_default_server", 0, 0);
grub_register_variable_hook ("pxe_default_server", 0, 0);
+ grub_register_variable_hook ("net_default_ip", 0, 0);
+ grub_register_variable_hook ("net_default_mac", 0, 0);
grub_bootp_fini ();
grub_dns_fini ();
--
2.33.0

87
backport-0029-net-Remove-variables-hooks-when-interface-is-unregis.patch Normal file
View File

@ -0,0 +1,87 @@
From aa8b4d7facef7b75a2703274b1b9d4e0e734c401 Mon Sep 17 00:00:00 2001
From: B Horn <b@horn.uk>
Date: Fri, 1 Nov 2024 23:49:48 +0000
Subject: [PATCH 29/73] net: Remove variables hooks when interface is
unregisted
The grub_net_network_level_interface_unregister(), previously
implemented in a header, did not remove the variables hooks that
were registered in grub_net_network_level_interface_register().
Fix this by implementing the same logic used to register the
variables and move the function into the grub-core/net/net.c.
Signed-off-by: B Horn <b@horn.uk>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/net/net.c | 32 ++++++++++++++++++++++++++++++++
include/grub/net.h | 11 +----------
2 files changed, 33 insertions(+), 10 deletions(-)
diff --git a/grub-core/net/net.c b/grub-core/net/net.c
index f69c67b64..0e41e21a5 100644
--- a/grub-core/net/net.c
+++ b/grub-core/net/net.c
@@ -984,6 +984,38 @@ grub_net_network_level_interface_register (struct grub_net_network_level_interfa
grub_net_network_level_interfaces = inter;
}
+void
+grub_net_network_level_interface_unregister (struct grub_net_network_level_interface *inter)
+{
+ char *name;
+
+ {
+ char buf[GRUB_NET_MAX_STR_HWADDR_LEN];
+
+ grub_net_hwaddr_to_str (&inter->hwaddress, buf);
+ name = grub_xasprintf ("net_%s_mac", inter->name);
+ if (name != NULL)
+ grub_register_variable_hook (name, NULL, NULL);
+ grub_free (name);
+ }
+
+ {
+ char buf[GRUB_NET_MAX_STR_ADDR_LEN];
+
+ grub_net_addr_to_str (&inter->address, buf);
+ name = grub_xasprintf ("net_%s_ip", inter->name);
+ if (name != NULL)
+ grub_register_variable_hook (name, NULL, NULL);
+ grub_free (name);
+ }
+
+ inter->card->num_ifaces--;
+ *inter->prev = inter->next;
+ if (inter->next)
+ inter->next->prev = inter->prev;
+ inter->next = 0;
+ inter->prev = 0;
+}
grub_err_t
grub_net_add_ipv4_local (struct grub_net_network_level_interface *inter,
diff --git a/include/grub/net.h b/include/grub/net.h
index 844e501c1..228d04963 100644
--- a/include/grub/net.h
+++ b/include/grub/net.h
@@ -540,16 +540,7 @@ void grub_bootp_fini (void);
void grub_dns_init (void);
void grub_dns_fini (void);
-static inline void
-grub_net_network_level_interface_unregister (struct grub_net_network_level_interface *inter)
-{
- inter->card->num_ifaces--;
- *inter->prev = inter->next;
- if (inter->next)
- inter->next->prev = inter->prev;
- inter->next = 0;
- inter->prev = 0;
-}
+void grub_net_network_level_interface_unregister (struct grub_net_network_level_interface *inter);
void
grub_net_tcp_retransmit (void);
--
2.33.0

83
backport-0030-net-Fix-OOB-write-in-grub_net_search_config_file.patch Normal file
View File

@ -0,0 +1,83 @@
From 387807749137edcb83f2e328959098aedceb29d1 Mon Sep 17 00:00:00 2001
From: B Horn <b@horn.uk>
Date: Fri, 15 Nov 2024 13:12:09 +0000
Subject: [PATCH 30/73] net: Fix OOB write in grub_net_search_config_file()
The function included a call to grub_strcpy() which copied data from an
environment variable to a buffer allocated in grub_cmd_normal(). The
grub_cmd_normal() didn't consider the length of the environment variable.
So, the copy operation could exceed the allocation and lead to an OOB
write. Fix the issue by replacing grub_strcpy() with grub_strlcpy() and
pass the underlying buffers size to the grub_net_search_config_file().
Fixes: CVE-2025-0624
Reported-by: B Horn <b@horn.uk>
Signed-off-by: B Horn <b@horn.uk>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/net/net.c | 7 ++++---
grub-core/normal/main.c | 2 +-
include/grub/net.h | 2 +-
3 files changed, 6 insertions(+), 5 deletions(-)
diff --git a/grub-core/net/net.c b/grub-core/net/net.c
index 5ca211f..b411b3a 100644
--- a/grub-core/net/net.c
+++ b/grub-core/net/net.c
@@ -1944,14 +1944,15 @@ grub_config_search_through (char *config, char *suffix,
}
grub_err_t
-grub_net_search_config_file (char *config)
+grub_net_search_config_file (char *config, grub_size_t config_buf_len)
{
- grub_size_t config_len;
+ grub_size_t config_len, suffix_len;
char *suffix;
config_len = grub_strlen (config);
config[config_len] = '-';
suffix = config + config_len + 1;
+ suffix_len = config_buf_len - (config_len + 1);
struct grub_net_network_level_interface *inf;
FOR_NET_NETWORK_LEVEL_INTERFACES (inf)
@@ -1977,7 +1978,7 @@ grub_net_search_config_file (char *config)
if (client_uuid)
{
- grub_strcpy (suffix, client_uuid);
+ grub_strlcpy (suffix, client_uuid, suffix_len);
if (grub_config_search_through (config, suffix, 1, 0) == 0)
return GRUB_ERR_NONE;
}
diff --git a/grub-core/normal/main.c b/grub-core/normal/main.c
index 1c87ad7..dd9aaae 100644
--- a/grub-core/normal/main.c
+++ b/grub-core/normal/main.c
@@ -364,7 +364,7 @@ grub_try_normal (const char *variable)
return GRUB_ERR_FILE_NOT_FOUND;
grub_snprintf (config, config_len, "%s/grub.cfg", prefix);
- err = grub_net_search_config_file (config);
+ err = grub_net_search_config_file (config, config_len);
}
if (err != GRUB_ERR_NONE)
diff --git a/include/grub/net.h b/include/grub/net.h
index aa198f3..8cc27bf 100644
--- a/include/grub/net.h
+++ b/include/grub/net.h
@@ -643,7 +643,7 @@ void
grub_net_remove_dns_server (const struct grub_net_network_level_address *s);
grub_err_t
-grub_net_search_config_file (char *config);
+grub_net_search_config_file (char *config, grub_size_t config_buf_len);
extern char *grub_net_default_server;
--
2.33.0

118
backport-0031-net-tftp-Fix-stack-buffer-overflow-in-tftp_open.patch Normal file
View File

@ -0,0 +1,118 @@
From 0707accab1b9be5d3645d4700dde3f99209f9367 Mon Sep 17 00:00:00 2001
From: B Horn <b@horn.uk>
Date: Thu, 18 Apr 2024 17:32:34 +0100
Subject: [PATCH 31/73] net/tftp: Fix stack buffer overflow in tftp_open()
An overly long filename can be passed to tftp_open() which would cause
grub_normalize_filename() to write out of bounds.
Fixed by adding an extra argument to grub_normalize_filename() for the
space available, making it act closer to a strlcpy(). As several fixed
strings are strcpy()'d after into the same buffer, their total length is
checked to see if they exceed the remaining space in the buffer. If so,
return an error.
On the occasion simplify code a bit by removing unneeded rrqlen zeroing.
Reported-by: B Horn <b@horn.uk>
Signed-off-by: B Horn <b@horn.uk>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/net/tftp.c | 38 ++++++++++++++++++++++++--------------
1 file changed, 24 insertions(+), 14 deletions(-)
diff --git a/grub-core/net/tftp.c b/grub-core/net/tftp.c
index 409b1d09b..336b78691 100644
--- a/grub-core/net/tftp.c
+++ b/grub-core/net/tftp.c
@@ -266,17 +266,19 @@ tftp_receive (grub_net_udp_socket_t sock __attribute__ ((unused)),
* forward slashes to a single forward slash.
*/
static void
-grub_normalize_filename (char *normalized, const char *filename)
+grub_normalize_filename (char *normalized, const char *filename, int c)
{
char *dest = normalized;
const char *src = filename;
- while (*src != '\0')
+ while (*src != '\0' && c > 0)
{
if (src[0] == '/' && src[1] == '/')
src++;
- else
+ else {
+ c--;
*dest++ = *src++;
+ }
}
*dest = '\0';
}
@@ -287,7 +289,7 @@ tftp_open (struct grub_file *file, const char *filename)
struct tftphdr *tftph;
char *rrq;
int i;
- int rrqlen;
+ int rrqlen, rrqsize;
int hdrlen;
grub_uint8_t open_data[1500];
struct grub_net_buff nb;
@@ -315,37 +317,45 @@ tftp_open (struct grub_file *file, const char *filename)
tftph = (struct tftphdr *) nb.data;
- rrq = (char *) tftph->u.rrq;
- rrqlen = 0;
-
tftph->opcode = grub_cpu_to_be16_compile_time (TFTP_RRQ);
+ rrq = (char *) tftph->u.rrq;
+ rrqsize = sizeof (tftph->u.rrq);
+
/*
* Copy and normalize the filename to work-around issues on some TFTP
* servers when file names are being matched for remapping.
*/
- grub_normalize_filename (rrq, filename);
- rrqlen += grub_strlen (rrq) + 1;
+ grub_normalize_filename (rrq, filename, rrqsize);
+
+ rrqlen = grub_strlen (rrq) + 1;
rrq += grub_strlen (rrq) + 1;
- grub_strcpy (rrq, "octet");
+ /* Verify there is enough space for the remaining components. */
rrqlen += grub_strlen ("octet") + 1;
+ rrqlen += grub_strlen ("blksize") + 1;
+ rrqlen += grub_strlen ("1024") + 1;
+ rrqlen += grub_strlen ("tsize") + 1;
+ rrqlen += grub_strlen ("0") + 1;
+
+ if (rrqlen >= rrqsize) {
+ grub_free (data);
+ return grub_error (GRUB_ERR_BAD_FILENAME, N_("filename too long"));
+ }
+
+ grub_strcpy (rrq, "octet");
rrq += grub_strlen ("octet") + 1;
grub_strcpy (rrq, "blksize");
- rrqlen += grub_strlen ("blksize") + 1;
rrq += grub_strlen ("blksize") + 1;
grub_strcpy (rrq, "1024");
- rrqlen += grub_strlen ("1024") + 1;
rrq += grub_strlen ("1024") + 1;
grub_strcpy (rrq, "tsize");
- rrqlen += grub_strlen ("tsize") + 1;
rrq += grub_strlen ("tsize") + 1;
grub_strcpy (rrq, "0");
- rrqlen += grub_strlen ("0") + 1;
rrq += grub_strlen ("0") + 1;
hdrlen = sizeof (tftph->opcode) + rrqlen;
--
2.33.0

36
backport-0032-video-readers-jpeg-Do-not-permit-duplicate-SOF0-mark.patch Normal file
View File

@ -0,0 +1,36 @@
From 2c34af908ebf4856051ed29e46d88abd2b20387f Mon Sep 17 00:00:00 2001
From: Daniel Axtens <dja@axtens.net>
Date: Fri, 8 Mar 2024 22:47:20 +1100
Subject: [PATCH 32/73] video/readers/jpeg: Do not permit duplicate SOF0
markers in JPEG
Otherwise a subsequent header could change the height and width
allowing future OOB writes.
Fixes: CVE-2024-45774
Reported-by: Nils Langius <nils@langius.de>
Signed-off-by: Daniel Axtens <dja@axtens.net>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/video/readers/jpeg.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/grub-core/video/readers/jpeg.c b/grub-core/video/readers/jpeg.c
index ae634fd41..631a89356 100644
--- a/grub-core/video/readers/jpeg.c
+++ b/grub-core/video/readers/jpeg.c
@@ -339,6 +339,10 @@ grub_jpeg_decode_sof (struct grub_jpeg_data *data)
if (grub_errno != GRUB_ERR_NONE)
return grub_errno;
+ if (data->image_height != 0 || data->image_width != 0)
+ return grub_error (GRUB_ERR_BAD_FILE_TYPE,
+ "jpeg: cannot have duplicate SOF0 markers");
+
if (grub_jpeg_get_byte (data) != 8)
return grub_error (GRUB_ERR_BAD_FILE_TYPE,
"jpeg: only 8-bit precision is supported");
--
2.33.0

141
backport-0033-kern-dl-Fix-for-an-integer-overflow-in-grub_dl_ref.patch Normal file
View File

@ -0,0 +1,141 @@
From 832604bba80220879b54c2ebc99489cb1bc2e03d Mon Sep 17 00:00:00 2001
From: B Horn <b@horn.uk>
Date: Thu, 18 Apr 2024 15:59:26 +0100
Subject: [PATCH 33/73] kern/dl: Fix for an integer overflow in grub_dl_ref()
It was possible to overflow the value of mod->ref_count, a signed
integer, by repeatedly invoking insmod on an already loaded module.
This led to a use-after-free. As once ref_count was overflowed it became
possible to unload the module while there was still references to it.
This resolves the issue by using grub_add() to check if the ref_count
will overflow and then stops further increments. Further changes were
also made to grub_dl_unref() to check for the underflow condition and
the reference count was changed to an unsigned 64-bit integer.
Reported-by: B Horn <b@horn.uk>
Signed-off-by: B Horn <b@horn.uk>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/commands/minicmd.c | 2 +-
grub-core/kern/dl.c | 17 ++++++++++++-----
include/grub/dl.h | 8 ++++----
util/misc.c | 4 ++--
4 files changed, 19 insertions(+), 12 deletions(-)
diff --git a/grub-core/commands/minicmd.c b/grub-core/commands/minicmd.c
index 8f2ac05..33cfff0 100644
--- a/grub-core/commands/minicmd.c
+++ b/grub-core/commands/minicmd.c
@@ -173,7 +173,7 @@ grub_mini_cmd_lsmod (struct grub_command *cmd __attribute__ ((unused)),
{
grub_dl_dep_t dep;
- grub_printf ("%s\t%d\t\t", mod->name, mod->ref_count);
+ grub_printf ("%s\t%" PRIuGRUB_UINT64_T "\t\t", mod->name, mod->ref_count);
for (dep = mod->dep; dep; dep = dep->next)
{
if (dep != mod->dep)
diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c
index 73a5b9e..1ba0b73 100644
--- a/grub-core/kern/dl.c
+++ b/grub-core/kern/dl.c
@@ -32,6 +32,7 @@
#include <grub/env.h>
#include <grub/cache.h>
#include <grub/i18n.h>
+#include <grub/safemath.h>
/* Platforms where modules are in a readonly area of memory. */
#if defined(GRUB_MACHINE_QEMU)
@@ -536,7 +537,7 @@ grub_dl_resolve_dependencies (grub_dl_t mod, Elf_Ehdr *e)
return GRUB_ERR_NONE;
}
-int
+grub_uint64_t
grub_dl_ref (grub_dl_t mod)
{
grub_dl_dep_t dep;
@@ -547,10 +548,13 @@ grub_dl_ref (grub_dl_t mod)
for (dep = mod->dep; dep; dep = dep->next)
grub_dl_ref (dep->mod);
- return ++mod->ref_count;
+ if (grub_add (mod->ref_count, 1, &mod->ref_count))
+ grub_fatal ("Module reference count overflow");
+
+ return mod->ref_count;
}
-int
+grub_uint64_t
grub_dl_unref (grub_dl_t mod)
{
grub_dl_dep_t dep;
@@ -561,10 +565,13 @@ grub_dl_unref (grub_dl_t mod)
for (dep = mod->dep; dep; dep = dep->next)
grub_dl_unref (dep->mod);
- return --mod->ref_count;
+ if (grub_sub (mod->ref_count, 1, &mod->ref_count))
+ grub_fatal ("Module reference count underflow");
+
+ return mod->ref_count;
}
-int
+grub_uint64_t
grub_dl_ref_count (grub_dl_t mod)
{
if (mod == NULL)
diff --git a/include/grub/dl.h b/include/grub/dl.h
index c5ab18c..644ecfd 100644
--- a/include/grub/dl.h
+++ b/include/grub/dl.h
@@ -174,7 +174,7 @@ typedef struct grub_dl_dep *grub_dl_dep_t;
struct grub_dl
{
char *name;
- int ref_count;
+ grub_uint64_t ref_count;
int persistent;
grub_dl_dep_t dep;
grub_dl_segment_t segment;
@@ -203,9 +203,9 @@ grub_dl_t EXPORT_FUNC(grub_dl_load) (const char *name);
grub_dl_t grub_dl_load_core (void *addr, grub_size_t size);
grub_dl_t EXPORT_FUNC(grub_dl_load_core_noinit) (void *addr, grub_size_t size);
int EXPORT_FUNC(grub_dl_unload) (grub_dl_t mod);
-extern int EXPORT_FUNC(grub_dl_ref) (grub_dl_t mod);
-extern int EXPORT_FUNC(grub_dl_unref) (grub_dl_t mod);
-extern int EXPORT_FUNC(grub_dl_ref_count) (grub_dl_t mod);
+extern grub_uint64_t EXPORT_FUNC(grub_dl_ref) (grub_dl_t mod);
+extern grub_uint64_t EXPORT_FUNC(grub_dl_unref) (grub_dl_t mod);
+extern grub_uint64_t EXPORT_FUNC(grub_dl_ref_count) (grub_dl_t mod);
extern grub_dl_t EXPORT_VAR(grub_dl_head);
diff --git a/util/misc.c b/util/misc.c
index d545212..0f928e5 100644
--- a/util/misc.c
+++ b/util/misc.c
@@ -190,14 +190,14 @@ grub_xputs_real (const char *str)
void (*grub_xputs) (const char *str) = grub_xputs_real;
-int
+grub_uint64_t
grub_dl_ref (grub_dl_t mod)
{
(void) mod;
return 0;
}
-int
+grub_uint64_t
grub_dl_unref (grub_dl_t mod)
{
(void) mod;
--
2.33.0

66
backport-0034-fs-ext2-Rework-out-of-bounds-read-for-inline-and-external.patch Normal file
View File

@ -0,0 +1,66 @@
From d72208423dcabf9eb4a3bcb17b6b31888396bd49 Mon Sep 17 00:00:00 2001
From: Michael Chang <mchang@suse.com>
Date: Fri, 21 Feb 2025 09:06:12 +0800
Subject: [PATCH 34/73] fs/ext2: Rework out-of-bounds read for inline and external
exten
Previously, the number of extent entries was not properly capped based
on the actual available space. This could lead to insufficient reads for
external extents, since the computation was based solely on the inline
extent layout.
In this patch, when processing the extent header, we determine whether
the header is stored inline (i.e., at inode->blocks.dir_blocks) or in an
external extent block. We then clamp the number of entries accordingly
(using max_inline_ext for inline extents and max_external_ext for
external extent blocks).
This change ensures that only the valid number of extent entries is
processed, preventing out-of-bound reads and potential filesystem
corruption.
Fixes: 7e2f750f0a (fs/ext2: Fix out-of-bounds read for inline extents)
Signed-off-by: Michael Chang <mchang@suse.com>
---
grub-core/fs/ext2.c | 15 ++++++++++++++-
1 file changed, 14 insertions(+), 1 deletion(-)
diff --git a/grub-core/fs/ext2.c b/grub-core/fs/ext2.c
index c3058f7..a5650c3 100644
--- a/grub-core/fs/ext2.c
+++ b/grub-core/fs/ext2.c
@@ -496,7 +496,10 @@ grub_ext2_read_block (grub_fshelp_node_t node, grub_disk_addr_t fileblock)
int i;
grub_disk_addr_t ret;
grub_uint16_t nent;
+ /* maximum number of extent entries in the inode's inline extent area */
const grub_uint16_t max_inline_ext = sizeof (inode->blocks) / sizeof (*ext) - 1; /* Minus 1 extent header. */
+ /* maximum number of extent entries in the external extent block */
+ const grub_uint16_t max_external_ext = EXT2_BLOCK_SIZE(data) / sizeof (*ext) - 1; /* Minus 1 extent header. */
if (grub_ext4_find_leaf (data, (struct grub_ext4_extent_header *) inode->blocks.dir_blocks,
fileblock, &leaf) != GRUB_ERR_NONE)
@@ -513,8 +516,18 @@ grub_ext2_read_block (grub_fshelp_node_t node, grub_disk_addr_t fileblock)
nent = grub_le_to_cpu16 (leaf->entries);
- if (leaf->depth == 0)
+ /*
+ * Determine the effective number of extent entries (nent) to process:
+ * If the extent header (leaf) is stored inline in the inodes block
+ * area (i.e. at inode->blocks.dir_blocks), then only max_inline_ext
+ * entries can fit.
+ * Otherwise, if the header was read from an external extent block, use
+ * the larger limit, max_external_ext, based on the full block size.
+ */
+ if (leaf == (struct grub_ext4_extent_header *) inode->blocks.dir_blocks)
nent = grub_min (nent, max_inline_ext);
+ else
+ nent = grub_min (nent, max_external_ext);
for (i = 0; i < nent; i++)
{
--
2.33.0

37
backport-0035-kern-dl-Check-for-the-SHF_INFO_LINK-flag-in-grub_dl_.patch Normal file
View File

@ -0,0 +1,37 @@
From 98ad84328dcabfa603dcf5bd217570aa6b4bdd99 Mon Sep 17 00:00:00 2001
From: B Horn <b@horn.uk>
Date: Thu, 7 Nov 2024 06:00:36 +0000
Subject: [PATCH 35/73] kern/dl: Check for the SHF_INFO_LINK flag in
grub_dl_relocate_symbols()
The grub_dl_relocate_symbols() iterates through the sections in
an ELF looking for relocation sections. According to the spec [1]
the SHF_INFO_LINK flag should be set if the sh_info field is meant
to be a section index.
[1] https://refspecs.linuxbase.org/elf/gabi4+/ch4.sheader.html
Reported-by: B Horn <b@horn.uk>
Signed-off-by: B Horn <b@horn.uk>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/kern/dl.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c
index acc6ccad6..de8c3aa8d 100644
--- a/grub-core/kern/dl.c
+++ b/grub-core/kern/dl.c
@@ -623,6 +623,9 @@ grub_dl_relocate_symbols (grub_dl_t mod, void *ehdr)
grub_dl_segment_t seg;
grub_err_t err;
+ if (!(s->sh_flags & SHF_INFO_LINK))
+ continue;
+
/* Find the target segment. */
for (seg = mod->segment; seg; seg = seg->next)
if (seg->section == s->sh_info)
--
2.33.0

37
backport-0036-commands-extcmd-Missing-check-for-failed-allocation.patch Normal file
View File

@ -0,0 +1,37 @@
From 05be856a8c3aae41f5df90cab7796ab7ee34b872 Mon Sep 17 00:00:00 2001
From: Lidong Chen <lidong.chen@oracle.com>
Date: Fri, 22 Nov 2024 06:27:55 +0000
Subject: [PATCH 36/73] commands/extcmd: Missing check for failed allocation
The grub_extcmd_dispatcher() calls grub_arg_list_alloc() to allocate
a grub_arg_list struct but it does not verify the allocation was successful.
In case of failed allocation the NULL state pointer can be accessed in
parse_option() through grub_arg_parse() which may lead to a security issue.
Fixes: CVE-2024-45775
Reported-by: Nils Langius <nils@langius.de>
Signed-off-by: Lidong Chen <lidong.chen@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Reviewed-by: Alec Brown <alec.r.brown@oracle.com>
---
grub-core/commands/extcmd.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/grub-core/commands/extcmd.c b/grub-core/commands/extcmd.c
index 90a5ca24a..c236be13a 100644
--- a/grub-core/commands/extcmd.c
+++ b/grub-core/commands/extcmd.c
@@ -49,6 +49,9 @@ grub_extcmd_dispatcher (struct grub_command *cmd, int argc, char **args,
}
state = grub_arg_list_alloc (ext, argc, args);
+ if (state == NULL)
+ return grub_errno;
+
if (grub_arg_parse (ext, argc, args, state, &new_args, &new_argc))
{
context.state = state;
--
2.33.0

35
backport-0037-commands-ls-Fix-NULL-dereference.patch Normal file
View File

@ -0,0 +1,35 @@
From 0bf56bce47489c059e50e61a3db7f682d8c44b56 Mon Sep 17 00:00:00 2001
From: B Horn <b@horn.uk>
Date: Sun, 12 May 2024 11:08:23 +0100
Subject: [PATCH 37/73] commands/ls: Fix NULL dereference
The grub_strrchr() may return NULL when the dirname do not contain "/".
This can happen on broken filesystems.
Reported-by: B Horn <b@horn.uk>
Signed-off-by: B Horn <b@horn.uk>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/commands/ls.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/grub-core/commands/ls.c b/grub-core/commands/ls.c
index 6a1c7f5d3..f660946a2 100644
--- a/grub-core/commands/ls.c
+++ b/grub-core/commands/ls.c
@@ -241,7 +241,11 @@ grub_ls_list_files (char *dirname, int longlist, int all, int human)
grub_file_close (file);
- p = grub_strrchr (dirname, '/') + 1;
+ p = grub_strrchr (dirname, '/');
+ if (p == NULL)
+ goto fail;
+ ++p;
+
ctx.dirname = grub_strndup (dirname, p - dirname);
if (ctx.dirname == NULL)
goto fail;
--
2.33.0

34
backport-0038-commands-pgp-Unregister-the-check_signatures-hooks-o.patch Normal file
View File

@ -0,0 +1,34 @@
From 2123c5bca7e21fbeb0263df4597ddd7054700726 Mon Sep 17 00:00:00 2001
From: B Horn <b@horn.uk>
Date: Fri, 1 Nov 2024 19:24:29 +0000
Subject: [PATCH 38/73] commands/pgp: Unregister the "check_signatures" hooks
on module unload
If the hooks are not removed they can be called after the module has
been unloaded leading to an use-after-free.
Fixes: CVE-2025-0622
Reported-by: B Horn <b@horn.uk>
Signed-off-by: B Horn <b@horn.uk>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/commands/pgp.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/grub-core/commands/pgp.c b/grub-core/commands/pgp.c
index c6766f044..5fadc33c4 100644
--- a/grub-core/commands/pgp.c
+++ b/grub-core/commands/pgp.c
@@ -1010,6 +1010,8 @@ GRUB_MOD_INIT(pgp)
GRUB_MOD_FINI(pgp)
{
+ grub_register_variable_hook ("check_signatures", NULL, NULL);
+ grub_env_unset ("check_signatures");
grub_verifier_unregister (&grub_pubkey_verifier);
grub_unregister_extcmd (cmd);
grub_unregister_extcmd (cmd_trust);
--
2.33.0

40
backport-0039-normal-Remove-variables-hooks-on-module-unload.patch Normal file
View File

@ -0,0 +1,40 @@
From 9c16197734ada8d0838407eebe081117799bfe67 Mon Sep 17 00:00:00 2001
From: B Horn <b@horn.uk>
Date: Fri, 1 Nov 2024 23:46:55 +0000
Subject: [PATCH 39/73] normal: Remove variables hooks on module unload
The normal module does not entirely cleanup after itself in
its GRUB_MOD_FINI() leaving a few variables hooks in place.
It is not possible to unload normal module now but fix the
issues for completeness.
On the occasion replace 0s with NULLs for "pager" variable
hooks unregister.
Fixes: CVE-2025-0622
Reported-by: B Horn <b@horn.uk>
Signed-off-by: B Horn <b@horn.uk>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/normal/main.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/grub-core/normal/main.c b/grub-core/normal/main.c
index 838f57fa5..04d058f55 100644
--- a/grub-core/normal/main.c
+++ b/grub-core/normal/main.c
@@ -586,7 +586,9 @@ GRUB_MOD_FINI(normal)
grub_xputs = grub_xputs_saved;
grub_set_history (0);
- grub_register_variable_hook ("pager", 0, 0);
+ grub_register_variable_hook ("pager", NULL, NULL);
+ grub_register_variable_hook ("color_normal", NULL, NULL);
+ grub_register_variable_hook ("color_highlight", NULL, NULL);
grub_fs_autoload_hook = 0;
grub_unregister_command (cmd_clear);
}
--
2.33.0

37
backport-0040-gettext-Remove-variables-hooks-on-module-unload.patch Normal file
View File

@ -0,0 +1,37 @@
From 7580addfc8c94cedb0cdfd7a1fd65b539215e637 Mon Sep 17 00:00:00 2001
From: B Horn <b@horn.uk>
Date: Fri, 1 Nov 2024 23:52:06 +0000
Subject: [PATCH 40/73] gettext: Remove variables hooks on module unload
The gettext module does not entirely cleanup after itself in
its GRUB_MOD_FINI() leaving a few variables hooks in place.
It is not possible to unload gettext module because normal
module depends on it. Though fix the issues for completeness.
Fixes: CVE-2025-0622
Reported-by: B Horn <b@horn.uk>
Signed-off-by: B Horn <b@horn.uk>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/gettext/gettext.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/grub-core/gettext/gettext.c b/grub-core/gettext/gettext.c
index 7a1c14e4f..e4f4f8ee6 100644
--- a/grub-core/gettext/gettext.c
+++ b/grub-core/gettext/gettext.c
@@ -535,6 +535,10 @@ GRUB_MOD_INIT (gettext)
GRUB_MOD_FINI (gettext)
{
+ grub_register_variable_hook ("locale_dir", NULL, NULL);
+ grub_register_variable_hook ("secondary_locale_dir", NULL, NULL);
+ grub_register_variable_hook ("lang", NULL, NULL);
+
grub_gettext_delete_list (&main_context);
grub_gettext_delete_list (&secondary_context);
--
2.33.0

39
backport-0041-gettext-Integer-overflow-leads-to-heap-OOB-write-or-.patch Normal file
View File

@ -0,0 +1,39 @@
From 09bd6eb58b0f71ec273916070fa1e2de16897a91 Mon Sep 17 00:00:00 2001
From: Lidong Chen <lidong.chen@oracle.com>
Date: Fri, 22 Nov 2024 06:27:56 +0000
Subject: [PATCH 41/73] gettext: Integer overflow leads to heap OOB write or
read
Calculation of ctx->grub_gettext_msg_list size in grub_mofile_open() may
overflow leading to subsequent OOB write or read. This patch fixes the
issue by replacing grub_zalloc() and explicit multiplication with
grub_calloc() which does the same thing in safe manner.
Fixes: CVE-2024-45776
Reported-by: Nils Langius <nils@langius.de>
Signed-off-by: Lidong Chen <lidong.chen@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Reviewed-by: Alec Brown <alec.r.brown@oracle.com>
---
grub-core/gettext/gettext.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/grub-core/gettext/gettext.c b/grub-core/gettext/gettext.c
index e4f4f8ee6..63bb1ab73 100644
--- a/grub-core/gettext/gettext.c
+++ b/grub-core/gettext/gettext.c
@@ -323,8 +323,8 @@ grub_mofile_open (struct grub_gettext_context *ctx,
for (ctx->grub_gettext_max_log = 0; ctx->grub_gettext_max >> ctx->grub_gettext_max_log;
ctx->grub_gettext_max_log++);
- ctx->grub_gettext_msg_list = grub_zalloc (ctx->grub_gettext_max
- * sizeof (ctx->grub_gettext_msg_list[0]));
+ ctx->grub_gettext_msg_list = grub_calloc (ctx->grub_gettext_max,
+ sizeof (ctx->grub_gettext_msg_list[0]));
if (!ctx->grub_gettext_msg_list)
{
grub_file_close (fd);
--
2.33.0

56
backport-0042-gettext-Integer-overflow-leads-to-heap-OOB-write.patch Normal file
View File

@ -0,0 +1,56 @@
From b970a5ed967816bbca8225994cd0ee2557bad515 Mon Sep 17 00:00:00 2001
From: Lidong Chen <lidong.chen@oracle.com>
Date: Fri, 22 Nov 2024 06:27:57 +0000
Subject: [PATCH 42/73] gettext: Integer overflow leads to heap OOB write
The size calculation of the translation buffer in
grub_gettext_getstr_from_position() may overflow
to 0 leading to heap OOB write. This patch fixes
the issue by using grub_add() and checking for
an overflow.
Fixes: CVE-2024-45777
Reported-by: Nils Langius <nils@langius.de>
Signed-off-by: Lidong Chen <lidong.chen@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Reviewed-by: Alec Brown <alec.r.brown@oracle.com>
---
grub-core/gettext/gettext.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/grub-core/gettext/gettext.c b/grub-core/gettext/gettext.c
index 63bb1ab73..9ffc73428 100644
--- a/grub-core/gettext/gettext.c
+++ b/grub-core/gettext/gettext.c
@@ -26,6 +26,7 @@
#include <grub/file.h>
#include <grub/kernel.h>
#include <grub/i18n.h>
+#include <grub/safemath.h>
GRUB_MOD_LICENSE ("GPLv3+");
@@ -99,6 +100,7 @@ grub_gettext_getstr_from_position (struct grub_gettext_context *ctx,
char *translation;
struct string_descriptor desc;
grub_err_t err;
+ grub_size_t alloc_sz;
internal_position = (off + position * sizeof (desc));
@@ -109,7 +111,10 @@ grub_gettext_getstr_from_position (struct grub_gettext_context *ctx,
length = grub_cpu_to_le32 (desc.length);
offset = grub_cpu_to_le32 (desc.offset);
- translation = grub_malloc (length + 1);
+ if (grub_add (length, 1, &alloc_sz))
+ return NULL;
+
+ translation = grub_malloc (alloc_sz);
if (!translation)
return NULL;
--
2.33.0

72
backport-0043-commands-read-Fix-an-integer-overflow-when-supplying.patch Normal file
View File

@ -0,0 +1,72 @@
From dad8f502974ed9ad0a70ae6820d17b4b142558fc Mon Sep 17 00:00:00 2001
From: Jonathan Bar Or <jonathanbaror@gmail.com>
Date: Thu, 23 Jan 2025 19:17:05 +0100
Subject: [PATCH 43/73] commands/read: Fix an integer overflow when supplying
more than 2^31 characters
The grub_getline() function currently has a signed integer variable "i"
that can be overflown when user supplies more than 2^31 characters.
It results in a memory corruption of the allocated line buffer as well
as supplying large negative values to grub_realloc().
Fixes: CVE-2025-0690
Reported-by: Jonathan Bar Or <jonathanbaror@gmail.com>
Signed-off-by: Jonathan Bar Or <jonathanbaror@gmail.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/commands/read.c | 19 +++++++++++++++----
1 file changed, 15 insertions(+), 4 deletions(-)
diff --git a/grub-core/commands/read.c b/grub-core/commands/read.c
index 597c90706..8d72e45c9 100644
--- a/grub-core/commands/read.c
+++ b/grub-core/commands/read.c
@@ -25,6 +25,7 @@
#include <grub/types.h>
#include <grub/extcmd.h>
#include <grub/i18n.h>
+#include <grub/safemath.h>
GRUB_MOD_LICENSE ("GPLv3+");
@@ -37,13 +38,14 @@ static const struct grub_arg_option options[] =
static char *
grub_getline (int silent)
{
- int i;
+ grub_size_t i;
char *line;
char *tmp;
int c;
+ grub_size_t alloc_size;
i = 0;
- line = grub_malloc (1 + i + sizeof('\0'));
+ line = grub_malloc (1 + sizeof('\0'));
if (! line)
return NULL;
@@ -59,8 +61,17 @@ grub_getline (int silent)
line[i] = (char) c;
if (!silent)
grub_printf ("%c", c);
- i++;
- tmp = grub_realloc (line, 1 + i + sizeof('\0'));
+ if (grub_add (i, 1, &i))
+ {
+ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected"));
+ return NULL;
+ }
+ if (grub_add (i, 1 + sizeof('\0'), &alloc_size))
+ {
+ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected"));
+ return NULL;
+ }
+ tmp = grub_realloc (line, alloc_size);
if (! tmp)
{
grub_free (line);
--
2.33.0

86
backport-0044-commands-test-Stack-overflow-due-to-unlimited-recurs.patch Normal file
View File

@ -0,0 +1,86 @@
From c68b7d23628a19da67ebe2e06f84165ee04961af Mon Sep 17 00:00:00 2001
From: Lidong Chen <lidong.chen@oracle.com>
Date: Mon, 16 Dec 2024 20:22:41 +0000
Subject: [PATCH 44/73] commands/test: Stack overflow due to unlimited
recursion depth
The test_parse() evaluates test expression recursively. Due to lack of
recursion depth check a specially crafted expression may cause a stack
overflow. The recursion is only triggered by the parentheses usage and
it can be unlimited. However, sensible expressions are unlikely to
contain more than a few parentheses. So, this patch limits the recursion
depth to 100, which should be sufficient.
Reported-by: Nils Langius <nils@langius.de>
Signed-off-by: Lidong Chen <lidong.chen@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/commands/test.c | 21 ++++++++++++++++++---
1 file changed, 18 insertions(+), 3 deletions(-)
diff --git a/grub-core/commands/test.c b/grub-core/commands/test.c
index 62d3fb398..b585c3d70 100644
--- a/grub-core/commands/test.c
+++ b/grub-core/commands/test.c
@@ -29,6 +29,9 @@
GRUB_MOD_LICENSE ("GPLv3+");
+/* Set a limit on recursion to avoid stack overflow. */
+#define MAX_TEST_RECURSION_DEPTH 100
+
/* A simple implementation for signed numbers. */
static int
grub_strtosl (char *arg, const char ** const end, int base)
@@ -150,7 +153,7 @@ get_fileinfo (char *path, struct test_parse_ctx *ctx)
/* Parse a test expression starting from *argn. */
static int
-test_parse (char **args, int *argn, int argc)
+test_parse (char **args, int *argn, int argc, int *depth)
{
struct test_parse_ctx ctx = {
.and = 1,
@@ -387,13 +390,24 @@ test_parse (char **args, int *argn, int argc)
if (grub_strcmp (args[*argn], ")") == 0)
{
(*argn)++;
+ if (*depth > 0)
+ (*depth)--;
+
return ctx.or || ctx.and;
}
/* Recursively invoke if parenthesis. */
if (grub_strcmp (args[*argn], "(") == 0)
{
(*argn)++;
- update_val (test_parse (args, argn, argc), &ctx);
+
+ if (++(*depth) > MAX_TEST_RECURSION_DEPTH)
+ {
+ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("max recursion depth exceeded"));
+ depth--;
+ return ctx.or || ctx.and;
+ }
+
+ update_val (test_parse (args, argn, argc, depth), &ctx);
continue;
}
@@ -428,11 +442,12 @@ grub_cmd_test (grub_command_t cmd __attribute__ ((unused)),
int argc, char **args)
{
int argn = 0;
+ int depth = 0;
if (argc >= 1 && grub_strcmp (args[argc - 1], "]") == 0)
argc--;
- return test_parse (args, &argn, argc) ? GRUB_ERR_NONE
+ return test_parse (args, &argn, argc, &depth) ? GRUB_ERR_NONE
: grub_error (GRUB_ERR_TEST_FAILURE, N_("false"));
}
--
2.33.0

37
backport-0045-commands-minicmd-Block-the-dump-command-in-lockdown-.patch Normal file
View File

@ -0,0 +1,37 @@
From 34824806ac6302f91e8cabaa41308eaced25725f Mon Sep 17 00:00:00 2001
From: B Horn <b@horn.uk>
Date: Thu, 18 Apr 2024 20:29:39 +0100
Subject: [PATCH 45/73] commands/minicmd: Block the dump command in lockdown
mode
The dump enables a user to read memory which should not be possible
in lockdown mode.
Fixes: CVE-2025-1118
Reported-by: B Horn <b@horn.uk>
Reported-by: Jonathan Bar Or <jonathanbaror@gmail.com>
Signed-off-by: B Horn <b@horn.uk>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/commands/minicmd.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/grub-core/commands/minicmd.c b/grub-core/commands/minicmd.c
index 286290866..8c5ee3e60 100644
--- a/grub-core/commands/minicmd.c
+++ b/grub-core/commands/minicmd.c
@@ -203,8 +203,8 @@ GRUB_MOD_INIT(minicmd)
grub_register_command ("help", grub_mini_cmd_help,
0, N_("Show this message."));
cmd_dump =
- grub_register_command ("dump", grub_mini_cmd_dump,
- N_("ADDR [SIZE]"), N_("Show memory contents."));
+ grub_register_command_lockdown ("dump", grub_mini_cmd_dump,
+ N_("ADDR [SIZE]"), N_("Show memory contents."));
cmd_rmmod =
grub_register_command ("rmmod", grub_mini_cmd_rmmod,
N_("MODULE"), N_("Remove a module."));
--
2.33.0

53
backport-0046-commands-memrw-Disable-memory-reading-in-lockdown-mo.patch Normal file
View File

@ -0,0 +1,53 @@
From 340e4d058f584534f4b90b7dbea2b64a9f8c418c Mon Sep 17 00:00:00 2001
From: B Horn <b@horn.uk>
Date: Thu, 18 Apr 2024 20:37:10 +0100
Subject: [PATCH 46/73] commands/memrw: Disable memory reading in lockdown mode
With the rest of module being blocked in lockdown mode it does not make
a lot of sense to leave memory reading enabled. This also goes in par
with disabling the dump command.
Reported-by: B Horn <b@horn.uk>
Signed-off-by: B Horn <b@horn.uk>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/commands/memrw.c | 21 ++++++++++++---------
1 file changed, 12 insertions(+), 9 deletions(-)
diff --git a/grub-core/commands/memrw.c b/grub-core/commands/memrw.c
index d401a6db0..3542683d1 100644
--- a/grub-core/commands/memrw.c
+++ b/grub-core/commands/memrw.c
@@ -122,17 +122,20 @@ grub_cmd_write (grub_command_t cmd, int argc, char **argv)
GRUB_MOD_INIT(memrw)
{
cmd_read_byte =
- grub_register_extcmd ("read_byte", grub_cmd_read, 0,
- N_("ADDR"), N_("Read 8-bit value from ADDR."),
- options);
+ grub_register_extcmd_lockdown ("read_byte", grub_cmd_read, 0,
+ N_("ADDR"),
+ N_("Read 8-bit value from ADDR."),
+ options);
cmd_read_word =
- grub_register_extcmd ("read_word", grub_cmd_read, 0,
- N_("ADDR"), N_("Read 16-bit value from ADDR."),
- options);
+ grub_register_extcmd_lockdown ("read_word", grub_cmd_read, 0,
+ N_("ADDR"),
+ N_("Read 16-bit value from ADDR."),
+ options);
cmd_read_dword =
- grub_register_extcmd ("read_dword", grub_cmd_read, 0,
- N_("ADDR"), N_("Read 32-bit value from ADDR."),
- options);
+ grub_register_extcmd_lockdown ("read_dword", grub_cmd_read, 0,
+ N_("ADDR"),
+ N_("Read 32-bit value from ADDR."),
+ options);
cmd_write_byte =
grub_register_command_lockdown ("write_byte", grub_cmd_write,
N_("ADDR VALUE [MASK]"),
--
2.33.0

41
backport-0047-commands-hexdump-Disable-memory-reading-in-lockdown-.patch Normal file
View File

@ -0,0 +1,41 @@
From 5f31164aed51f498957cdd6ed733ec71a8592c99 Mon Sep 17 00:00:00 2001
From: B Horn <b@horn.uk>
Date: Fri, 19 Apr 2024 22:31:45 +0100
Subject: [PATCH 47/73] commands/hexdump: Disable memory reading in lockdown
mode
Reported-by: B Horn <b@horn.uk>
Signed-off-by: B Horn <b@horn.uk>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/commands/hexdump.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/grub-core/commands/hexdump.c b/grub-core/commands/hexdump.c
index eaa12465b..d6f61d98a 100644
--- a/grub-core/commands/hexdump.c
+++ b/grub-core/commands/hexdump.c
@@ -24,6 +24,7 @@
#include <grub/lib/hexdump.h>
#include <grub/extcmd.h>
#include <grub/i18n.h>
+#include <grub/lockdown.h>
GRUB_MOD_LICENSE ("GPLv3+");
@@ -51,7 +52,11 @@ grub_cmd_hexdump (grub_extcmd_context_t ctxt, int argc, char **args)
length = (state[1].set) ? grub_strtoul (state[1].arg, 0, 0) : 256;
if (!grub_strcmp (args[0], "(mem)"))
- hexdump (skip, (char *) (grub_addr_t) skip, length);
+ {
+ if (grub_is_lockdown() == GRUB_LOCKDOWN_ENABLED)
+ return grub_error (GRUB_ERR_ACCESS_DENIED, N_("memory reading is disabled in lockdown mode"));
+ hexdump (skip, (char *) (grub_addr_t) skip, length);
+ }
else if ((args[0][0] == '(') && (args[0][namelen - 1] == ')'))
{
grub_disk_t disk;
--
2.33.0

55
backport-0048-fs-bfs-Disable-under-lockdown.patch Normal file
View File

@ -0,0 +1,55 @@
From 26db6605036bd9e5b16d9068a8cc75be63b8b630 Mon Sep 17 00:00:00 2001
From: Daniel Axtens <dja@axtens.net>
Date: Sat, 23 Mar 2024 15:59:43 +1100
Subject: [PATCH 48/73] fs/bfs: Disable under lockdown
The BFS is not fuzz-clean. Don't allow it to be loaded under lockdown.
This will also disable the AFS.
Fixes: CVE-2024-45778
Fixes: CVE-2024-45779
Reported-by: Nils Langius <nils@langius.de>
Signed-off-by: Daniel Axtens <dja@axtens.net>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/fs/bfs.c | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/grub-core/fs/bfs.c b/grub-core/fs/bfs.c
index 022f69fe2..78aeb051f 100644
--- a/grub-core/fs/bfs.c
+++ b/grub-core/fs/bfs.c
@@ -30,6 +30,7 @@
#include <grub/types.h>
#include <grub/i18n.h>
#include <grub/fshelp.h>
+#include <grub/lockdown.h>
GRUB_MOD_LICENSE ("GPLv3+");
@@ -1106,8 +1107,11 @@ GRUB_MOD_INIT (bfs)
{
COMPILE_TIME_ASSERT (1 << LOG_EXTENT_SIZE ==
sizeof (struct grub_bfs_extent));
- grub_bfs_fs.mod = mod;
- grub_fs_register (&grub_bfs_fs);
+ if (!grub_is_lockdown ())
+ {
+ grub_bfs_fs.mod = mod;
+ grub_fs_register (&grub_bfs_fs);
+ }
}
#ifdef MODE_AFS
@@ -1116,5 +1120,6 @@ GRUB_MOD_FINI (afs)
GRUB_MOD_FINI (bfs)
#endif
{
- grub_fs_unregister (&grub_bfs_fs);
+ if (!grub_is_lockdown ())
+ grub_fs_unregister (&grub_bfs_fs);
}
--
2.33.0

394
backport-0049-fs-Disable-many-filesystems-under-lockdown.patch Normal file
View File

@ -0,0 +1,394 @@
From c4bc55da28543d2522a939ba4ee0acde45f2fa74 Mon Sep 17 00:00:00 2001
From: Daniel Axtens <dja@axtens.net>
Date: Sat, 23 Mar 2024 16:20:45 +1100
Subject: [PATCH 49/73] fs: Disable many filesystems under lockdown
The idea is to permit the following: btrfs, cpio, exfat, ext, f2fs, fat,
hfsplus, iso9660, squash4, tar, xfs and zfs.
The JFS, ReiserFS, romfs, UDF and UFS security vulnerabilities were
reported by Jonathan Bar Or <jonathanbaror@gmail.com>.
Fixes: CVE-2025-0677
Fixes: CVE-2025-0684
Fixes: CVE-2025-0685
Fixes: CVE-2025-0686
Fixes: CVE-2025-0689
Suggested-by: Daniel Axtens <dja@axtens.net>
Signed-off-by: Daniel Axtens <dja@axtens.net>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/fs/affs.c | 11 ++++++++---
grub-core/fs/cbfs.c | 11 ++++++++---
grub-core/fs/jfs.c | 11 ++++++++---
grub-core/fs/minix.c | 11 ++++++++---
grub-core/fs/nilfs2.c | 11 ++++++++---
grub-core/fs/ntfs.c | 11 ++++++++---
grub-core/fs/reiserfs.c | 11 ++++++++---
grub-core/fs/romfs.c | 11 ++++++++---
grub-core/fs/sfs.c | 11 ++++++++---
grub-core/fs/udf.c | 11 ++++++++---
grub-core/fs/ufs.c | 11 ++++++++---
11 files changed, 88 insertions(+), 33 deletions(-)
diff --git a/grub-core/fs/affs.c b/grub-core/fs/affs.c
index 9b0afb954..520a001c7 100644
--- a/grub-core/fs/affs.c
+++ b/grub-core/fs/affs.c
@@ -26,6 +26,7 @@
#include <grub/types.h>
#include <grub/fshelp.h>
#include <grub/charset.h>
+#include <grub/lockdown.h>
GRUB_MOD_LICENSE ("GPLv3+");
@@ -703,12 +704,16 @@ static struct grub_fs grub_affs_fs =
GRUB_MOD_INIT(affs)
{
- grub_affs_fs.mod = mod;
- grub_fs_register (&grub_affs_fs);
+ if (!grub_is_lockdown ())
+ {
+ grub_affs_fs.mod = mod;
+ grub_fs_register (&grub_affs_fs);
+ }
my_mod = mod;
}
GRUB_MOD_FINI(affs)
{
- grub_fs_unregister (&grub_affs_fs);
+ if (!grub_is_lockdown ())
+ grub_fs_unregister (&grub_affs_fs);
}
diff --git a/grub-core/fs/cbfs.c b/grub-core/fs/cbfs.c
index 2332745fe..b62c8777c 100644
--- a/grub-core/fs/cbfs.c
+++ b/grub-core/fs/cbfs.c
@@ -26,6 +26,7 @@
#include <grub/dl.h>
#include <grub/i18n.h>
#include <grub/cbfs_core.h>
+#include <grub/lockdown.h>
GRUB_MOD_LICENSE ("GPLv3+");
@@ -390,13 +391,17 @@ GRUB_MOD_INIT (cbfs)
#if (defined (__i386__) || defined (__x86_64__)) && !defined (GRUB_UTIL) && !defined (GRUB_MACHINE_EMU) && !defined (GRUB_MACHINE_XEN)
init_cbfsdisk ();
#endif
- grub_cbfs_fs.mod = mod;
- grub_fs_register (&grub_cbfs_fs);
+ if (!grub_is_lockdown ())
+ {
+ grub_cbfs_fs.mod = mod;
+ grub_fs_register (&grub_cbfs_fs);
+ }
}
GRUB_MOD_FINI (cbfs)
{
- grub_fs_unregister (&grub_cbfs_fs);
+ if (!grub_is_lockdown ())
+ grub_fs_unregister (&grub_cbfs_fs);
#if (defined (__i386__) || defined (__x86_64__)) && !defined (GRUB_UTIL) && !defined (GRUB_MACHINE_EMU) && !defined (GRUB_MACHINE_XEN)
fini_cbfsdisk ();
#endif
diff --git a/grub-core/fs/jfs.c b/grub-core/fs/jfs.c
index a82800ac3..03be9ef4c 100644
--- a/grub-core/fs/jfs.c
+++ b/grub-core/fs/jfs.c
@@ -26,6 +26,7 @@
#include <grub/types.h>
#include <grub/charset.h>
#include <grub/i18n.h>
+#include <grub/lockdown.h>
GRUB_MOD_LICENSE ("GPLv3+");
@@ -1004,12 +1005,16 @@ static struct grub_fs grub_jfs_fs =
GRUB_MOD_INIT(jfs)
{
- grub_jfs_fs.mod = mod;
- grub_fs_register (&grub_jfs_fs);
+ if (!grub_is_lockdown ())
+ {
+ grub_jfs_fs.mod = mod;
+ grub_fs_register (&grub_jfs_fs);
+ }
my_mod = mod;
}
GRUB_MOD_FINI(jfs)
{
- grub_fs_unregister (&grub_jfs_fs);
+ if (!grub_is_lockdown ())
+ grub_fs_unregister (&grub_jfs_fs);
}
diff --git a/grub-core/fs/minix.c b/grub-core/fs/minix.c
index b7679c3e2..4440fcca8 100644
--- a/grub-core/fs/minix.c
+++ b/grub-core/fs/minix.c
@@ -25,6 +25,7 @@
#include <grub/dl.h>
#include <grub/types.h>
#include <grub/i18n.h>
+#include <grub/lockdown.h>
GRUB_MOD_LICENSE ("GPLv3+");
@@ -734,8 +735,11 @@ GRUB_MOD_INIT(minix)
#endif
#endif
{
- grub_minix_fs.mod = mod;
- grub_fs_register (&grub_minix_fs);
+ if (!grub_is_lockdown ())
+ {
+ grub_minix_fs.mod = mod;
+ grub_fs_register (&grub_minix_fs);
+ }
my_mod = mod;
}
@@ -757,5 +761,6 @@ GRUB_MOD_FINI(minix)
#endif
#endif
{
- grub_fs_unregister (&grub_minix_fs);
+ if (!grub_is_lockdown ())
+ grub_fs_unregister (&grub_minix_fs);
}
diff --git a/grub-core/fs/nilfs2.c b/grub-core/fs/nilfs2.c
index 4e1e71738..26e6077ff 100644
--- a/grub-core/fs/nilfs2.c
+++ b/grub-core/fs/nilfs2.c
@@ -34,6 +34,7 @@
#include <grub/dl.h>
#include <grub/types.h>
#include <grub/fshelp.h>
+#include <grub/lockdown.h>
GRUB_MOD_LICENSE ("GPLv3+");
@@ -1231,12 +1232,16 @@ GRUB_MOD_INIT (nilfs2)
grub_nilfs2_dat_entry));
COMPILE_TIME_ASSERT (1 << LOG_INODE_SIZE
== sizeof (struct grub_nilfs2_inode));
- grub_nilfs2_fs.mod = mod;
- grub_fs_register (&grub_nilfs2_fs);
+ if (!grub_is_lockdown ())
+ {
+ grub_nilfs2_fs.mod = mod;
+ grub_fs_register (&grub_nilfs2_fs);
+ }
my_mod = mod;
}
GRUB_MOD_FINI (nilfs2)
{
- grub_fs_unregister (&grub_nilfs2_fs);
+ if (!grub_is_lockdown ())
+ grub_fs_unregister (&grub_nilfs2_fs);
}
diff --git a/grub-core/fs/ntfs.c b/grub-core/fs/ntfs.c
index 4e144cc3c..e00349b1d 100644
--- a/grub-core/fs/ntfs.c
+++ b/grub-core/fs/ntfs.c
@@ -27,6 +27,7 @@
#include <grub/fshelp.h>
#include <grub/ntfs.h>
#include <grub/charset.h>
+#include <grub/lockdown.h>
GRUB_MOD_LICENSE ("GPLv3+");
@@ -1541,12 +1542,16 @@ static struct grub_fs grub_ntfs_fs =
GRUB_MOD_INIT (ntfs)
{
- grub_ntfs_fs.mod = mod;
- grub_fs_register (&grub_ntfs_fs);
+ if (!grub_is_lockdown ())
+ {
+ grub_ntfs_fs.mod = mod;
+ grub_fs_register (&grub_ntfs_fs);
+ }
my_mod = mod;
}
GRUB_MOD_FINI (ntfs)
{
- grub_fs_unregister (&grub_ntfs_fs);
+ if (!grub_is_lockdown ())
+ grub_fs_unregister (&grub_ntfs_fs);
}
diff --git a/grub-core/fs/reiserfs.c b/grub-core/fs/reiserfs.c
index c3850e013..5d3c85950 100644
--- a/grub-core/fs/reiserfs.c
+++ b/grub-core/fs/reiserfs.c
@@ -39,6 +39,7 @@
#include <grub/types.h>
#include <grub/fshelp.h>
#include <grub/i18n.h>
+#include <grub/lockdown.h>
GRUB_MOD_LICENSE ("GPLv3+");
@@ -1417,12 +1418,16 @@ static struct grub_fs grub_reiserfs_fs =
GRUB_MOD_INIT(reiserfs)
{
- grub_reiserfs_fs.mod = mod;
- grub_fs_register (&grub_reiserfs_fs);
+ if (!grub_is_lockdown ())
+ {
+ grub_reiserfs_fs.mod = mod;
+ grub_fs_register (&grub_reiserfs_fs);
+ }
my_mod = mod;
}
GRUB_MOD_FINI(reiserfs)
{
- grub_fs_unregister (&grub_reiserfs_fs);
+ if (!grub_is_lockdown ())
+ grub_fs_unregister (&grub_reiserfs_fs);
}
diff --git a/grub-core/fs/romfs.c b/grub-core/fs/romfs.c
index 56b0b2b2f..eafab03b2 100644
--- a/grub-core/fs/romfs.c
+++ b/grub-core/fs/romfs.c
@@ -23,6 +23,7 @@
#include <grub/disk.h>
#include <grub/fs.h>
#include <grub/fshelp.h>
+#include <grub/lockdown.h>
GRUB_MOD_LICENSE ("GPLv3+");
@@ -475,11 +476,15 @@ static struct grub_fs grub_romfs_fs =
GRUB_MOD_INIT(romfs)
{
- grub_romfs_fs.mod = mod;
- grub_fs_register (&grub_romfs_fs);
+ if (!grub_is_lockdown ())
+ {
+ grub_romfs_fs.mod = mod;
+ grub_fs_register (&grub_romfs_fs);
+ }
}
GRUB_MOD_FINI(romfs)
{
- grub_fs_unregister (&grub_romfs_fs);
+ if (!grub_is_lockdown ())
+ grub_fs_unregister (&grub_romfs_fs);
}
diff --git a/grub-core/fs/sfs.c b/grub-core/fs/sfs.c
index f0d7cac43..88705b3a2 100644
--- a/grub-core/fs/sfs.c
+++ b/grub-core/fs/sfs.c
@@ -26,6 +26,7 @@
#include <grub/types.h>
#include <grub/fshelp.h>
#include <grub/charset.h>
+#include <grub/lockdown.h>
#include <grub/safemath.h>
GRUB_MOD_LICENSE ("GPLv3+");
@@ -779,12 +780,16 @@ static struct grub_fs grub_sfs_fs =
GRUB_MOD_INIT(sfs)
{
- grub_sfs_fs.mod = mod;
- grub_fs_register (&grub_sfs_fs);
+ if (!grub_is_lockdown ())
+ {
+ grub_sfs_fs.mod = mod;
+ grub_fs_register (&grub_sfs_fs);
+ }
my_mod = mod;
}
GRUB_MOD_FINI(sfs)
{
- grub_fs_unregister (&grub_sfs_fs);
+ if (!grub_is_lockdown ())
+ grub_fs_unregister (&grub_sfs_fs);
}
diff --git a/grub-core/fs/udf.c b/grub-core/fs/udf.c
index 8765c633c..3d5ee5af5 100644
--- a/grub-core/fs/udf.c
+++ b/grub-core/fs/udf.c
@@ -27,6 +27,7 @@
#include <grub/fshelp.h>
#include <grub/charset.h>
#include <grub/datetime.h>
+#include <grub/lockdown.h>
#include <grub/udf.h>
#include <grub/safemath.h>
@@ -1455,12 +1456,16 @@ static struct grub_fs grub_udf_fs = {
GRUB_MOD_INIT (udf)
{
- grub_udf_fs.mod = mod;
- grub_fs_register (&grub_udf_fs);
+ if (!grub_is_lockdown ())
+ {
+ grub_udf_fs.mod = mod;
+ grub_fs_register (&grub_udf_fs);
+ }
my_mod = mod;
}
GRUB_MOD_FINI (udf)
{
- grub_fs_unregister (&grub_udf_fs);
+ if (!grub_is_lockdown ())
+ grub_fs_unregister (&grub_udf_fs);
}
diff --git a/grub-core/fs/ufs.c b/grub-core/fs/ufs.c
index e82d9356d..8b5adbd48 100644
--- a/grub-core/fs/ufs.c
+++ b/grub-core/fs/ufs.c
@@ -25,6 +25,7 @@
#include <grub/dl.h>
#include <grub/types.h>
#include <grub/i18n.h>
+#include <grub/lockdown.h>
GRUB_MOD_LICENSE ("GPLv3+");
@@ -899,8 +900,11 @@ GRUB_MOD_INIT(ufs1)
#endif
#endif
{
- grub_ufs_fs.mod = mod;
- grub_fs_register (&grub_ufs_fs);
+ if (!grub_is_lockdown ())
+ {
+ grub_ufs_fs.mod = mod;
+ grub_fs_register (&grub_ufs_fs);
+ }
my_mod = mod;
}
@@ -914,6 +918,7 @@ GRUB_MOD_FINI(ufs1)
#endif
#endif
{
- grub_fs_unregister (&grub_ufs_fs);
+ if (!grub_is_lockdown ())
+ grub_fs_unregister (&grub_ufs_fs);
}
--
2.33.0

551
backport-0050-disk-Use-safe-math-macros-to-prevent-overflows.patch Normal file
View File

@ -0,0 +1,551 @@
From cb558b33aeeb4d1ef58e706f12f349187c560297 Mon Sep 17 00:00:00 2001
From: Alec Brown <alec.r.brown@oracle.com>
Date: Wed, 22 Jan 2025 02:55:09 +0000
Subject: [PATCH 50/73] disk: Use safe math macros to prevent overflows
Replace direct arithmetic operations with macros from include/grub/safemath.h
to prevent potential overflow issues when calculating the memory sizes.
Signed-off-by: Alec Brown <alec.r.brown@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/disk/cryptodisk.c | 36 ++++++++++++++-----
grub-core/disk/diskfilter.c | 9 +++--
grub-core/disk/ieee1275/obdisk.c | 43 +++++++++++++++++++----
grub-core/disk/ieee1275/ofdisk.c | 59 +++++++++++++++++++++++++++-----
grub-core/disk/ldm.c | 36 ++++++++++++++++---
grub-core/disk/luks2.c | 7 +++-
grub-core/disk/memdisk.c | 7 +++-
grub-core/disk/plainmount.c | 9 +++--
8 files changed, 172 insertions(+), 34 deletions(-)
diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c
index 6c01837..b1b0e04 100644
--- a/grub-core/disk/cryptodisk.c
+++ b/grub-core/disk/cryptodisk.c
@@ -27,6 +27,7 @@
#include <grub/procfs.h>
#include <grub/partition.h>
#include <grub/protector.h>
+#include <grub/safemath.h>
#ifdef GRUB_UTIL
#include <grub/emu/hostdisk.h>
@@ -1660,7 +1661,7 @@ static char *
luks_script_get (grub_size_t *sz)
{
grub_cryptodisk_t i;
- grub_size_t size = 0;
+ grub_size_t size = 0, mul;
char *ptr, *ret;
*sz = 0;
@@ -1669,10 +1670,6 @@ luks_script_get (grub_size_t *sz)
if (grub_strcmp (i->modname, "luks") == 0 ||
grub_strcmp (i->modname, "luks2") == 0)
{
- size += grub_strlen (i->modname);
- size += sizeof ("_mount");
- size += grub_strlen (i->uuid);
- size += grub_strlen (i->cipher->cipher->name);
/*
* Add space in the line for (in order) spaces, cipher mode, cipher IV
* mode, sector offset, sector size and the trailing newline. This is
@@ -1680,14 +1677,35 @@ luks_script_get (grub_size_t *sz)
* in an earlier version of this code that are unaccounted for. It is
* left in the calculations in case it is needed. At worst, its short-
* lived wasted space.
+ *
+ * 60 = 5 + 5 + 8 + 20 + 6 + 1 + 15
*/
- size += 5 + 5 + 8 + 20 + 6 + 1 + 15;
+ if (grub_add (size, grub_strlen (i->modname), &size) ||
+ grub_add (size, sizeof ("_mount") + 60, &size) ||
+ grub_add (size, grub_strlen (i->uuid), &size) ||
+ grub_add (size, grub_strlen (i->cipher->cipher->name), &size) ||
+ grub_mul (i->keysize, 2, &mul) ||
+ grub_add (size, mul, &size))
+ {
+ grub_error (GRUB_ERR_OUT_OF_RANGE, "overflow detected while obtaining size of luks script");
+ return 0;
+ }
if (i->essiv_hash)
- size += grub_strlen (i->essiv_hash->name);
- size += i->keysize * 2;
+ {
+ if (grub_add (size, grub_strlen (i->essiv_hash->name), &size))
+ {
+ grub_error (GRUB_ERR_OUT_OF_RANGE, "overflow detected while obtaining size of luks script");
+ return 0;
+ }
+ }
}
+ if (grub_add (size, 1, &size))
+ {
+ grub_error (GRUB_ERR_OUT_OF_RANGE, "overflow detected while obtaining size of luks script");
+ return 0;
+ }
- ret = grub_malloc (size + 1);
+ ret = grub_malloc (size);
if (!ret)
return 0;
diff --git a/grub-core/disk/diskfilter.c b/grub-core/disk/diskfilter.c
index 1e44e3a..3d1aa1c 100644
--- a/grub-core/disk/diskfilter.c
+++ b/grub-core/disk/diskfilter.c
@@ -24,6 +24,7 @@
#include <grub/misc.h>
#include <grub/diskfilter.h>
#include <grub/partition.h>
+#include <grub/safemath.h>
#ifdef GRUB_UTIL
#include <grub/i18n.h>
#include <grub/util/misc.h>
@@ -1187,7 +1188,7 @@ grub_diskfilter_make_raid (grub_size_t uuidlen, char *uuid, int nmemb,
{
struct grub_diskfilter_vg *array;
int i;
- grub_size_t j;
+ grub_size_t j, sz;
grub_uint64_t totsize;
struct grub_diskfilter_pv *pv;
grub_err_t err;
@@ -1288,7 +1289,11 @@ grub_diskfilter_make_raid (grub_size_t uuidlen, char *uuid, int nmemb,
}
array->lvs->vg = array;
- array->lvs->idname = grub_malloc (sizeof ("mduuid/") + 2 * uuidlen);
+ if (grub_mul (uuidlen, 2, &sz) ||
+ grub_add (sz, sizeof ("mduuid/"), &sz))
+ goto fail;
+
+ array->lvs->idname = grub_malloc (sz);
if (!array->lvs->idname)
goto fail;
diff --git a/grub-core/disk/ieee1275/obdisk.c b/grub-core/disk/ieee1275/obdisk.c
index cd923b9..9d4c426 100644
--- a/grub-core/disk/ieee1275/obdisk.c
+++ b/grub-core/disk/ieee1275/obdisk.c
@@ -26,6 +26,7 @@
#include <grub/mm.h>
#include <grub/scsicmd.h>
#include <grub/time.h>
+#include <grub/safemath.h>
#include <grub/ieee1275/ieee1275.h>
#include <grub/ieee1275/obdisk.h>
@@ -128,9 +129,17 @@ count_commas (const char *src)
static char *
decode_grub_devname (const char *name)
{
- char *devpath = grub_malloc (grub_strlen (name) + 1);
+ char *devpath;
char *p, c;
+ grub_size_t sz;
+ if (grub_add (grub_strlen (name), 1, &sz))
+ {
+ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow detected while obtaining size of device name"));
+ return NULL;
+ }
+
+ devpath = grub_malloc (sz);
if (devpath == NULL)
return NULL;
@@ -156,12 +165,20 @@ static char *
encode_grub_devname (const char *path)
{
char *encoding, *optr;
+ grub_size_t sz;
if (path == NULL)
return NULL;
- encoding = grub_malloc (sizeof (IEEE1275_DEV) + count_commas (path) +
- grub_strlen (path) + 1);
+ if (grub_add (sizeof (IEEE1275_DEV) + 1, count_commas (path), &sz) ||
+ grub_add (sz, grub_strlen (path), &sz))
+ {
+ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow detected while obtaining encoding size"));
+ grub_print_error ();
+ return NULL;
+ }
+
+ encoding = grub_malloc (sz);
if (encoding == NULL)
{
@@ -396,6 +413,14 @@ canonicalise_disk (const char *devname)
real_unit_str_len = grub_strlen (op->name) + sizeof (IEEE1275_DISK_ALIAS)
+ grub_strlen (real_unit_address);
+ if (grub_add (grub_strlen (op->name), sizeof (IEEE1275_DISK_ALIAS), &real_unit_str_len) ||
+ grub_add (real_unit_str_len, grub_strlen (real_unit_address), &real_unit_str_len))
+ {
+ grub_free (parent);
+ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow detected while obtaining size of canonical name"));
+ grub_print_error ();
+ return NULL;
+ }
real_canon = grub_malloc (real_unit_str_len);
@@ -413,6 +438,7 @@ canonicalise_disk (const char *devname)
static struct disk_dev *
add_canon_disk (const char *cname)
{
+ grub_size_t sz;
struct disk_dev *dev;
dev = grub_zalloc (sizeof (struct disk_dev));
@@ -428,13 +454,18 @@ add_canon_disk (const char *cname)
* arguments and allows a client program to open
* the entire (raw) disk. Any disk label is ignored.
*/
- dev->raw_name = grub_malloc (grub_strlen (cname) + sizeof (":nolabel"));
+ if (grub_add (grub_strlen (cname), sizeof (":nolabel"), &sz))
+ {
+ grub_error (GRUB_ERR_OUT_OF_RANGE, "overflow detected while appending :nolabel to end of canonical name");
+ goto failed;
+ }
+
+ dev->raw_name = grub_malloc (sz);
if (dev->raw_name == NULL)
goto failed;
- grub_snprintf (dev->raw_name, grub_strlen (cname) + sizeof (":nolabel"),
- "%s:nolabel", cname);
+ grub_snprintf (dev->raw_name, sz, "%s:nolabel", cname);
}
/*
diff --git a/grub-core/disk/ieee1275/ofdisk.c b/grub-core/disk/ieee1275/ofdisk.c
index c5c20a5..04efe9d 100644
--- a/grub-core/disk/ieee1275/ofdisk.c
+++ b/grub-core/disk/ieee1275/ofdisk.c
@@ -26,6 +26,7 @@
#include <grub/time.h>
#include <grub/env.h>
#include <grub/command.h>
+#include <grub/safemath.h>
#define RETRY_DEFAULT_TIMEOUT 15
@@ -94,6 +95,7 @@ ofdisk_hash_add_real (char *devpath)
struct ofdisk_hash_ent **head = &ofdisk_hash[ofdisk_hash_fn(devpath)];
const char *iptr;
char *optr;
+ grub_size_t sz;
p = grub_zalloc (sizeof (*p));
if (!p)
@@ -101,8 +103,14 @@ ofdisk_hash_add_real (char *devpath)
p->devpath = devpath;
- p->grub_devpath = grub_malloc (sizeof ("ieee1275/")
- + 2 * grub_strlen (p->devpath));
+ if (grub_mul (grub_strlen (p->devpath), 2, &sz) ||
+ grub_add (sz, sizeof ("ieee1275/"), &sz))
+ {
+ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow detected while obtaining size of device path"));
+ return NULL;
+ }
+
+ p->grub_devpath = grub_malloc (sz);
if (!p->grub_devpath)
{
@@ -112,7 +120,13 @@ ofdisk_hash_add_real (char *devpath)
if (! grub_ieee1275_test_flag (GRUB_IEEE1275_FLAG_NO_PARTITION_0))
{
- p->open_path = grub_malloc (grub_strlen (p->devpath) + 3);
+ if (grub_add (grub_strlen (p->devpath), 3, &sz))
+ {
+ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow detected while obtaining size of an open path"));
+ return NULL;
+ }
+
+ p->open_path = grub_malloc (sz);
if (!p->open_path)
{
grub_free (p->grub_devpath);
@@ -571,6 +585,7 @@ dev_iterate (const struct grub_ieee1275_devalias *alias)
args;
char *buf, *bufptr;
unsigned i;
+ grub_size_t sz;
if (boot_type &&
grub_strcmp (boot_type, alias->type) != 0)
@@ -598,7 +613,14 @@ dev_iterate (const struct grub_ieee1275_devalias *alias)
return;
}
- buf = grub_malloc (grub_strlen (alias->path) + 32);
+ if (grub_add (grub_strlen (alias->path), 32, &sz))
+ {
+ grub_error (GRUB_ERR_OUT_OF_RANGE, "overflow detected while creating buffer for vscsi");
+ grub_ieee1275_close (ihandle);
+ return;
+ }
+
+ buf = grub_malloc (sz);
if (!buf)
return;
bufptr = grub_stpcpy (buf, alias->path);
@@ -642,6 +664,7 @@ dev_iterate (const struct grub_ieee1275_devalias *alias)
grub_uint64_t *table;
grub_uint16_t table_size;
grub_ieee1275_ihandle_t ihandle;
+ grub_size_t sz;
if (boot_type &&
grub_strcmp (boot_type, alias->type) != 0)
@@ -651,8 +674,13 @@ dev_iterate (const struct grub_ieee1275_devalias *alias)
goto iter_children;
}
- buf = grub_malloc (grub_strlen (alias->path) +
- sizeof ("/disk@7766554433221100"));
+ if (grub_add (grub_strlen (alias->path), sizeof ("/disk@7766554433221100"), &sz))
+ {
+ grub_error (GRUB_ERR_OUT_OF_RANGE, "overflow detected while creating buffer for sas_ioa");
+ return;
+ }
+
+ buf = grub_malloc (sz);
if (!buf)
return;
bufptr = grub_stpcpy (buf, alias->path);
@@ -798,9 +826,17 @@ grub_ofdisk_iterate (grub_disk_dev_iterate_hook_t hook, void *hook_data,
static char *
compute_dev_path (const char *name)
{
- char *devpath = grub_malloc (grub_strlen (name) + 3);
+ char *devpath;
char *p, c;
+ grub_size_t sz;
+ if (grub_add (grub_strlen (name), 3, &sz))
+ {
+ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow detected while obtaining size of device path"));
+ return NULL;
+ }
+
+ devpath = grub_malloc (sz);
if (!devpath)
return NULL;
@@ -1147,6 +1183,7 @@ insert_bootpath (void)
char *bootpath;
grub_ssize_t bootpath_size;
char *type;
+ grub_size_t sz;
if (grub_ieee1275_get_property_length (grub_ieee1275_chosen, "bootpath",
&bootpath_size)
@@ -1157,7 +1194,13 @@ insert_bootpath (void)
return;
}
- bootpath = (char *) grub_malloc ((grub_size_t) bootpath_size + 64);
+ if (grub_add (bootpath_size, 64, &sz))
+ {
+ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow detected while obtaining bootpath size"));
+ return;
+ }
+
+ bootpath = (char *) grub_malloc (sz);
if (! bootpath)
{
grub_print_error ();
diff --git a/grub-core/disk/ldm.c b/grub-core/disk/ldm.c
index 34bfe6b..4101b15 100644
--- a/grub-core/disk/ldm.c
+++ b/grub-core/disk/ldm.c
@@ -220,6 +220,7 @@ make_vg (grub_disk_t disk,
struct grub_ldm_vblk vblk[GRUB_DISK_SECTOR_SIZE
/ sizeof (struct grub_ldm_vblk)];
unsigned i;
+ grub_size_t sz;
err = grub_disk_read (disk, cursec, 0,
sizeof(vblk), &vblk);
if (err)
@@ -251,7 +252,13 @@ make_vg (grub_disk_t disk,
grub_free (pv);
goto fail2;
}
- pv->internal_id = grub_malloc (ptr[0] + 2);
+ if (grub_add (ptr[0], 2, &sz))
+ {
+ grub_free (pv);
+ goto fail2;
+ }
+
+ pv->internal_id = grub_malloc (sz);
if (!pv->internal_id)
{
grub_free (pv);
@@ -276,7 +283,15 @@ make_vg (grub_disk_t disk,
goto fail2;
}
pv->id.uuidlen = *ptr;
- pv->id.uuid = grub_malloc (pv->id.uuidlen + 1);
+
+ if (grub_add (pv->id.uuidlen, 1, &sz))
+ {
+ grub_free (pv->internal_id);
+ grub_free (pv);
+ goto fail2;
+ }
+
+ pv->id.uuid = grub_malloc (sz);
grub_memcpy (pv->id.uuid, ptr + 1, pv->id.uuidlen);
pv->id.uuid[pv->id.uuidlen] = 0;
@@ -343,7 +358,13 @@ make_vg (grub_disk_t disk,
grub_free (lv);
goto fail2;
}
- lv->internal_id = grub_malloc ((grub_size_t) ptr[0] + 2);
+ if (grub_add (ptr[0], 2, &sz))
+ {
+ grub_free (lv->segments);
+ grub_free (lv);
+ goto fail2;
+ }
+ lv->internal_id = grub_malloc (sz);
if (!lv->internal_id)
{
grub_free (lv);
@@ -455,6 +476,7 @@ make_vg (grub_disk_t disk,
struct grub_ldm_vblk vblk[GRUB_DISK_SECTOR_SIZE
/ sizeof (struct grub_ldm_vblk)];
unsigned i;
+ grub_size_t sz;
err = grub_disk_read (disk, cursec, 0,
sizeof(vblk), &vblk);
if (err)
@@ -490,7 +512,12 @@ make_vg (grub_disk_t disk,
grub_free (comp);
goto fail2;
}
- comp->internal_id = grub_malloc ((grub_size_t) ptr[0] + 2);
+ if (grub_add (ptr[0], 2, &sz))
+ {
+ grub_free (comp);
+ goto fail2;
+ }
+ comp->internal_id = grub_malloc (sz);
if (!comp->internal_id)
{
grub_free (comp);
@@ -640,7 +667,6 @@ make_vg (grub_disk_t disk,
if (lv->segments->node_alloc == lv->segments->node_count)
{
void *t;
- grub_size_t sz;
if (grub_mul (lv->segments->node_alloc, 2, &lv->segments->node_alloc) ||
grub_mul (lv->segments->node_alloc, sizeof (*lv->segments->nodes), &sz))
diff --git a/grub-core/disk/luks2.c b/grub-core/disk/luks2.c
index fe5ba77..a493942 100644
--- a/grub-core/disk/luks2.c
+++ b/grub-core/disk/luks2.c
@@ -26,6 +26,7 @@
#include <grub/crypto.h>
#include <grub/partition.h>
#include <grub/i18n.h>
+#include <grub/safemath.h>
#include <base64.h>
#include <json.h>
@@ -611,6 +612,7 @@ luks2_recover_key (grub_disk_t source,
gcry_err_code_t gcry_ret;
grub_json_t *json = NULL, keyslots, tokens;
grub_err_t ret;
+ grub_size_t sz;
if (cargs->key_data == NULL || cargs->key_len == 0)
return grub_error (GRUB_ERR_BAD_ARGUMENT, "no key data");
@@ -619,7 +621,10 @@ luks2_recover_key (grub_disk_t source,
if (ret)
return ret;
- json_header = grub_zalloc (grub_be_to_cpu64 (header.hdr_size) - sizeof (header));
+ if (grub_sub (grub_be_to_cpu64 (header.hdr_size), sizeof (header), &sz))
+ return grub_error (GRUB_ERR_OUT_OF_RANGE, "underflow detected while calculating json header size");
+
+ json_header = grub_zalloc (sz);
if (!json_header)
return GRUB_ERR_OUT_OF_MEMORY;
diff --git a/grub-core/disk/memdisk.c b/grub-core/disk/memdisk.c
index 613779c..36de3bf 100644
--- a/grub-core/disk/memdisk.c
+++ b/grub-core/disk/memdisk.c
@@ -23,6 +23,7 @@
#include <grub/misc.h>
#include <grub/mm.h>
#include <grub/types.h>
+#include <grub/safemath.h>
GRUB_MOD_LICENSE ("GPLv3+");
@@ -96,7 +97,11 @@ GRUB_MOD_INIT(memdisk)
grub_dprintf ("memdisk", "Found memdisk image at %p\n", memdisk_orig_addr);
- memdisk_size = header->size - sizeof (struct grub_module_header);
+ if (grub_sub (header->size, sizeof (struct grub_module_header), &memdisk_size))
+ {
+ grub_error (GRUB_ERR_OUT_OF_RANGE, "underflow detected while obtaining memdisk size");
+ return;
+ }
memdisk_addr = grub_malloc (memdisk_size);
grub_dprintf ("memdisk", "Copying memdisk image to dynamic memory\n");
diff --git a/grub-core/disk/plainmount.c b/grub-core/disk/plainmount.c
index 47e6480..21ec407 100644
--- a/grub-core/disk/plainmount.c
+++ b/grub-core/disk/plainmount.c
@@ -24,6 +24,7 @@
#include <grub/extcmd.h>
#include <grub/partition.h>
#include <grub/file.h>
+#include <grub/safemath.h>
GRUB_MOD_LICENSE ("GPLv3+");
@@ -126,7 +127,7 @@ plainmount_configure_password (grub_cryptodisk_t dev, const char *hash,
grub_uint8_t *derived_hash, *dh;
char *p;
unsigned int round, i, len, size;
- grub_size_t alloc_size;
+ grub_size_t alloc_size, sz;
grub_err_t err = GRUB_ERR_NONE;
/* Support none (plain) hash */
@@ -145,7 +146,11 @@ plainmount_configure_password (grub_cryptodisk_t dev, const char *hash,
* Allocate buffer for the password and for an added prefix character
* for each hash round ('alloc_size' may not be a multiple of 'len').
*/
- p = grub_zalloc (alloc_size + (alloc_size / len) + 1);
+ if (grub_add (alloc_size, (alloc_size / len), &sz) ||
+ grub_add (sz, 1, &sz))
+ return grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow detected while allocating size of password buffer"));
+
+ p = grub_zalloc (sz);
derived_hash = grub_zalloc (GRUB_CRYPTODISK_MAX_KEYLEN * 2);
if (p == NULL || derived_hash == NULL)
{
--
2.33.0

56
backport-0051-disk-Prevent-overflows-when-allocating-memory-for-ar.patch Normal file
View File

@ -0,0 +1,56 @@
From d8151f98331ee4d15fcca59edffa59246d8fc15f Mon Sep 17 00:00:00 2001
From: Alec Brown <alec.r.brown@oracle.com>
Date: Wed, 22 Jan 2025 02:55:10 +0000
Subject: [PATCH 51/73] disk: Prevent overflows when allocating memory for
arrays
Use grub_calloc() when allocating memory for arrays to ensure proper
overflow checks are in place.
Signed-off-by: Alec Brown <alec.r.brown@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/disk/cryptodisk.c | 2 +-
grub-core/disk/lvm.c | 6 ++----
2 files changed, 3 insertions(+), 5 deletions(-)
diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c
index 431db2fae..7a785a49c 100644
--- a/grub-core/disk/cryptodisk.c
+++ b/grub-core/disk/cryptodisk.c
@@ -1532,7 +1532,7 @@ grub_cmd_cryptomount (grub_extcmd_context_t ctxt, int argc, char **args)
if (state[OPTION_PROTECTOR].set) /* key protector(s) */
{
- cargs.key_cache = grub_zalloc (state[OPTION_PROTECTOR].set * sizeof (*cargs.key_cache));
+ cargs.key_cache = grub_calloc (state[OPTION_PROTECTOR].set, sizeof (*cargs.key_cache));
if (cargs.key_cache == NULL)
return grub_error (GRUB_ERR_OUT_OF_MEMORY,
"no memory for key protector key cache");
diff --git a/grub-core/disk/lvm.c b/grub-core/disk/lvm.c
index 0c32c95f9..b53c3b75e 100644
--- a/grub-core/disk/lvm.c
+++ b/grub-core/disk/lvm.c
@@ -671,8 +671,7 @@ grub_lvm_detect (grub_disk_t disk,
goto lvs_segment_fail;
}
- seg->nodes = grub_zalloc (sizeof (seg->nodes[0])
- * seg->node_count);
+ seg->nodes = grub_calloc (seg->node_count, sizeof (seg->nodes[0]));
p = grub_strstr (p, "mirrors = [");
if (p == NULL)
@@ -760,8 +759,7 @@ grub_lvm_detect (grub_disk_t disk,
}
}
- seg->nodes = grub_zalloc (sizeof (seg->nodes[0])
- * seg->node_count);
+ seg->nodes = grub_calloc (seg->node_count, sizeof (seg->nodes[0]));
p = grub_strstr (p, "raids = [");
if (p == NULL)
--
2.33.0

156
backport-0052-disk-Check-if-returned-pointer-for-allocated-memory-.patch Normal file
View File

@ -0,0 +1,156 @@
From 33bd6b5ac5c77b346769ab5284262f94e695e464 Mon Sep 17 00:00:00 2001
From: Alec Brown <alec.r.brown@oracle.com>
Date: Wed, 22 Jan 2025 02:55:11 +0000
Subject: [PATCH 52/73] disk: Check if returned pointer for allocated memory is
NULL
When using grub_malloc(), grub_zalloc() or grub_calloc(), these functions can
fail if we are out of memory. After allocating memory we should check if these
functions returned NULL and handle this error if they did.
On the occasion make a NULL check in ATA code more obvious.
Signed-off-by: Alec Brown <alec.r.brown@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/disk/ata.c | 4 ++--
grub-core/disk/ieee1275/obdisk.c | 6 ++++++
grub-core/disk/ldm.c | 6 ++++++
grub-core/disk/lvm.c | 14 ++++++++++++++
grub-core/disk/memdisk.c | 2 ++
5 files changed, 30 insertions(+), 2 deletions(-)
diff --git a/grub-core/disk/ata.c b/grub-core/disk/ata.c
index 7b6ac7bfc..a2433e29e 100644
--- a/grub-core/disk/ata.c
+++ b/grub-core/disk/ata.c
@@ -112,10 +112,10 @@ grub_ata_identify (struct grub_ata *dev)
return grub_atapi_identify (dev);
info64 = grub_malloc (GRUB_DISK_SECTOR_SIZE);
+ if (info64 == NULL)
+ return grub_errno;
info32 = (grub_uint32_t *) info64;
info16 = (grub_uint16_t *) info64;
- if (! info16)
- return grub_errno;
grub_memset (&parms, 0, sizeof (parms));
parms.buffer = info16;
diff --git a/grub-core/disk/ieee1275/obdisk.c b/grub-core/disk/ieee1275/obdisk.c
index 9d4c42665..fcc39e0a2 100644
--- a/grub-core/disk/ieee1275/obdisk.c
+++ b/grub-core/disk/ieee1275/obdisk.c
@@ -423,6 +423,12 @@ canonicalise_disk (const char *devname)
}
real_canon = grub_malloc (real_unit_str_len);
+ if (real_canon == NULL)
+ {
+ grub_free (parent);
+ grub_print_error ();
+ return NULL;
+ }
grub_snprintf (real_canon, real_unit_str_len, "%s/disk@%s",
op->name, real_unit_address);
diff --git a/grub-core/disk/ldm.c b/grub-core/disk/ldm.c
index 4101b15d8..048e29cd0 100644
--- a/grub-core/disk/ldm.c
+++ b/grub-core/disk/ldm.c
@@ -292,6 +292,12 @@ make_vg (grub_disk_t disk,
}
pv->id.uuid = grub_malloc (sz);
+ if (pv->id.uuid == NULL)
+ {
+ grub_free (pv->internal_id);
+ grub_free (pv);
+ goto fail2;
+ }
grub_memcpy (pv->id.uuid, ptr + 1, pv->id.uuidlen);
pv->id.uuid[pv->id.uuidlen] = 0;
diff --git a/grub-core/disk/lvm.c b/grub-core/disk/lvm.c
index b53c3b75e..d5af85482 100644
--- a/grub-core/disk/lvm.c
+++ b/grub-core/disk/lvm.c
@@ -370,6 +370,8 @@ grub_lvm_detect (grub_disk_t disk,
break;
pv = grub_zalloc (sizeof (*pv));
+ if (pv == NULL)
+ goto fail4;
q = p;
while (*q != ' ' && q < mda_end)
q++;
@@ -379,6 +381,8 @@ grub_lvm_detect (grub_disk_t disk,
s = q - p;
pv->name = grub_malloc (s + 1);
+ if (pv->name == NULL)
+ goto pvs_fail_noname;
grub_memcpy (pv->name, p, s);
pv->name[s] = '\0';
@@ -451,6 +455,8 @@ grub_lvm_detect (grub_disk_t disk,
break;
lv = grub_zalloc (sizeof (*lv));
+ if (lv == NULL)
+ goto fail4;
q = p;
while (*q != ' ' && q < mda_end)
@@ -545,6 +551,8 @@ grub_lvm_detect (grub_disk_t disk,
goto lvs_fail;
}
lv->segments = grub_calloc (lv->segment_count, sizeof (*seg));
+ if (lv->segments == NULL)
+ goto lvs_fail;
seg = lv->segments;
for (i = 0; i < lv->segment_count; i++)
@@ -612,6 +620,8 @@ grub_lvm_detect (grub_disk_t disk,
seg->nodes = grub_calloc (seg->node_count,
sizeof (*stripe));
+ if (seg->nodes == NULL)
+ goto lvs_segment_fail;
stripe = seg->nodes;
p = grub_strstr (p, "stripes = [");
@@ -672,6 +682,8 @@ grub_lvm_detect (grub_disk_t disk,
}
seg->nodes = grub_calloc (seg->node_count, sizeof (seg->nodes[0]));
+ if (seg->nodes == NULL)
+ goto lvs_segment_fail;
p = grub_strstr (p, "mirrors = [");
if (p == NULL)
@@ -760,6 +772,8 @@ grub_lvm_detect (grub_disk_t disk,
}
seg->nodes = grub_calloc (seg->node_count, sizeof (seg->nodes[0]));
+ if (seg->nodes == NULL)
+ goto lvs_segment_fail;
p = grub_strstr (p, "raids = [");
if (p == NULL)
diff --git a/grub-core/disk/memdisk.c b/grub-core/disk/memdisk.c
index 36de3bfab..2d7afaea3 100644
--- a/grub-core/disk/memdisk.c
+++ b/grub-core/disk/memdisk.c
@@ -103,6 +103,8 @@ GRUB_MOD_INIT(memdisk)
return;
}
memdisk_addr = grub_malloc (memdisk_size);
+ if (memdisk_addr == NULL)
+ return;
grub_dprintf ("memdisk", "Copying memdisk image to dynamic memory\n");
grub_memmove (memdisk_addr, memdisk_orig_addr, memdisk_size);
--
2.33.0

34
backport-0053-disk-ieee1275-ofdisk-Call-grub_ieee1275_close-when-g.patch Normal file
View File

@ -0,0 +1,34 @@
From fbaddcca541805c333f0fc792b82772594e73753 Mon Sep 17 00:00:00 2001
From: Alec Brown <alec.r.brown@oracle.com>
Date: Wed, 22 Jan 2025 02:55:12 +0000
Subject: [PATCH 53/73] disk/ieee1275/ofdisk: Call grub_ieee1275_close() when
grub_malloc() fails
In the dev_iterate() function a handle is opened but isn't closed when
grub_malloc() returns NULL. We should fix this by closing it on error.
Signed-off-by: Alec Brown <alec.r.brown@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/disk/ieee1275/ofdisk.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/grub-core/disk/ieee1275/ofdisk.c b/grub-core/disk/ieee1275/ofdisk.c
index 4c5b89cbc..dbc0f1aba 100644
--- a/grub-core/disk/ieee1275/ofdisk.c
+++ b/grub-core/disk/ieee1275/ofdisk.c
@@ -267,7 +267,10 @@ dev_iterate (const struct grub_ieee1275_devalias *alias)
buf = grub_malloc (sz);
if (!buf)
- return;
+ {
+ grub_ieee1275_close (ihandle);
+ return;
+ }
bufptr = grub_stpcpy (buf, alias->path);
for (i = 0; i < args.nentries; i++)
--
2.33.0

356
backport-0054-fs-Use-safe-math-macros-to-prevent-overflows.patch Normal file
View File

@ -0,0 +1,356 @@
From 60e45174f2783ed21463674b1847a26d38bf7d4c Mon Sep 17 00:00:00 2001
From: Lidong Chen <lidong.chen@oracle.com>
Date: Tue, 21 Jan 2025 19:02:36 +0000
Subject: [PATCH 54/73] fs: Use safe math macros to prevent overflows
Replace direct arithmetic operations with macros from include/grub/safemath.h
to prevent potential overflow issues when calculating the memory sizes.
Signed-off-by: Lidong Chen <lidong.chen@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/fs/archelp.c | 9 ++++++++-
grub-core/fs/btrfs.c | 34 ++++++++++++++++++++++++++++------
grub-core/fs/cpio_common.c | 16 ++++++++++++++--
grub-core/fs/f2fs.c | 17 +++++++++++++++--
grub-core/fs/ntfscomp.c | 9 ++++++++-
grub-core/fs/squash4.c | 12 +++++++++---
grub-core/fs/xfs.c | 17 +++++++++++++++--
7 files changed, 97 insertions(+), 17 deletions(-)
diff --git a/grub-core/fs/archelp.c b/grub-core/fs/archelp.c
index c1dcc62..0816b28 100644
--- a/grub-core/fs/archelp.c
+++ b/grub-core/fs/archelp.c
@@ -21,6 +21,7 @@
#include <grub/fs.h>
#include <grub/disk.h>
#include <grub/dl.h>
+#include <grub/safemath.h>
GRUB_MOD_LICENSE ("GPLv3+");
@@ -68,6 +69,7 @@ handle_symlink (struct grub_archelp_data *data,
char *rest;
char *linktarget;
grub_size_t linktarget_len;
+ grub_size_t sz;
*restart = 0;
@@ -98,7 +100,12 @@ handle_symlink (struct grub_archelp_data *data,
if (linktarget[0] == '\0')
return GRUB_ERR_NONE;
linktarget_len = grub_strlen (linktarget);
- target = grub_malloc (linktarget_len + grub_strlen (*name) + 2);
+
+ if (grub_add (linktarget_len, grub_strlen (*name), &sz) ||
+ grub_add (sz, 2, &sz))
+ return grub_error (GRUB_ERR_OUT_OF_RANGE, N_("link target length overflow"));
+
+ target = grub_malloc (sz);
if (!target)
return grub_errno;
diff --git a/grub-core/fs/btrfs.c b/grub-core/fs/btrfs.c
index 0dd9a81..6199e21 100644
--- a/grub-core/fs/btrfs.c
+++ b/grub-core/fs/btrfs.c
@@ -2037,6 +2037,7 @@ find_path (struct grub_btrfs_data *data,
char *path_alloc = NULL;
char *origpath = NULL;
unsigned symlinks_max = 32;
+ grub_size_t sz;
const char *relpath = grub_env_get ("btrfs_relative_path");
follow_default = 0;
@@ -2164,9 +2165,15 @@ find_path (struct grub_btrfs_data *data,
struct grub_btrfs_dir_item *cdirel;
if (elemsize > allocated)
{
- allocated = 2 * elemsize;
+ if (grub_mul (2, elemsize, &allocated) ||
+ grub_add (allocated, 1, &sz))
+ {
+ grub_free (path_alloc);
+ grub_free (origpath);
+ return grub_error (GRUB_ERR_OUT_OF_RANGE, N_("directory item size overflow"));
+ }
grub_free (direl);
- direl = grub_malloc (allocated + 1);
+ direl = grub_malloc (sz);
if (!direl)
{
grub_free (path_alloc);
@@ -2230,8 +2237,16 @@ find_path (struct grub_btrfs_data *data,
grub_free (origpath);
return err;
}
- tmp = grub_malloc (grub_le_to_cpu64 (inode.size)
- + grub_strlen (path) + 1);
+
+ if (grub_add (grub_le_to_cpu64 (inode.size), grub_strlen (path), &sz) ||
+ grub_add (sz, 1, &sz))
+ {
+ grub_free (direl);
+ grub_free (path_alloc);
+ grub_free (origpath);
+ return grub_error (GRUB_ERR_OUT_OF_RANGE, N_("buffer size overflow"));
+ }
+ tmp = grub_malloc (sz);
if (!tmp)
{
grub_free (direl);
@@ -2377,6 +2392,7 @@ grub_btrfs_dir (grub_device_t device, const char *path,
grub_uint64_t tree;
grub_uint8_t type;
grub_size_t est_size = 0;
+ grub_size_t sz;
char *new_path = NULL;
if (!data)
@@ -2427,9 +2443,15 @@ grub_btrfs_dir (grub_device_t device, const char *path,
}
if (elemsize > allocated)
{
- allocated = 2 * elemsize;
+ if (grub_mul (2, elemsize, &allocated) ||
+ grub_add (allocated, 1, &sz))
+ {
+ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("directory element size overflow"));
+ r = -grub_errno;
+ break;
+ }
grub_free (direl);
- direl = grub_malloc (allocated + 1);
+ direl = grub_malloc (sz);
if (!direl)
{
r = -grub_errno;
diff --git a/grub-core/fs/cpio_common.c b/grub-core/fs/cpio_common.c
index 5d41b6f..6ba58b3 100644
--- a/grub-core/fs/cpio_common.c
+++ b/grub-core/fs/cpio_common.c
@@ -24,6 +24,7 @@
#include <grub/dl.h>
#include <grub/i18n.h>
#include <grub/archelp.h>
+#include <grub/safemath.h>
GRUB_MOD_LICENSE ("GPLv3+");
@@ -48,6 +49,7 @@ grub_cpio_find_file (struct grub_archelp_data *data, char **name,
struct head hd;
grub_size_t namesize;
grub_uint32_t modeval;
+ grub_size_t sz;
data->hofs = data->next_hofs;
@@ -76,7 +78,10 @@ grub_cpio_find_file (struct grub_archelp_data *data, char **name,
*mode = modeval;
- *name = grub_malloc (namesize + 1);
+ if (grub_add (namesize, 1, &sz))
+ return grub_error (GRUB_ERR_OUT_OF_RANGE, N_("file name size overflow"));
+
+ *name = grub_malloc (sz);
if (*name == NULL)
return grub_errno;
@@ -110,10 +115,17 @@ grub_cpio_get_link_target (struct grub_archelp_data *data)
{
char *ret;
grub_err_t err;
+ grub_size_t sz;
if (data->size == 0)
return grub_strdup ("");
- ret = grub_malloc (data->size + 1);
+
+ if (grub_add (data->size, 1, &sz))
+ {
+ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("target data size overflow"));
+ return NULL;
+ }
+ ret = grub_malloc (sz);
if (!ret)
return NULL;
diff --git a/grub-core/fs/f2fs.c b/grub-core/fs/f2fs.c
index f6d6bea..72b4aa1 100644
--- a/grub-core/fs/f2fs.c
+++ b/grub-core/fs/f2fs.c
@@ -28,6 +28,7 @@
#include <grub/types.h>
#include <grub/charset.h>
#include <grub/fshelp.h>
+#include <grub/safemath.h>
GRUB_MOD_LICENSE ("GPLv3+");
@@ -958,6 +959,7 @@ grub_f2fs_read_symlink (grub_fshelp_node_t node)
char *symlink;
struct grub_fshelp_node *diro = node;
grub_uint64_t filesize;
+ grub_size_t sz;
if (!diro->inode_read)
{
@@ -968,7 +970,12 @@ grub_f2fs_read_symlink (grub_fshelp_node_t node)
filesize = grub_f2fs_file_size(&diro->inode.i);
- symlink = grub_malloc (filesize + 1);
+ if (grub_add (filesize, 1, &sz))
+ {
+ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("symlink size overflow"));
+ return 0;
+ }
+ symlink = grub_malloc (sz);
if (!symlink)
return 0;
@@ -997,6 +1004,7 @@ grub_f2fs_check_dentries (struct grub_f2fs_dir_iter_ctx *ctx)
enum FILE_TYPE ftype;
int name_len;
int ret;
+ int sz;
if (grub_f2fs_test_bit_le (i, ctx->bitmap) == 0)
{
@@ -1010,7 +1018,12 @@ grub_f2fs_check_dentries (struct grub_f2fs_dir_iter_ctx *ctx)
if (name_len >= F2FS_NAME_LEN)
return 0;
- filename = grub_malloc (name_len + 1);
+ if (grub_add (name_len, 1, &sz))
+ {
+ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("directory entry name length overflow"));
+ return 0;
+ }
+ filename = grub_malloc (sz);
if (!filename)
return 0;
diff --git a/grub-core/fs/ntfscomp.c b/grub-core/fs/ntfscomp.c
index a009f2c..f168a31 100644
--- a/grub-core/fs/ntfscomp.c
+++ b/grub-core/fs/ntfscomp.c
@@ -22,6 +22,7 @@
#include <grub/disk.h>
#include <grub/dl.h>
#include <grub/ntfs.h>
+#include <grub/safemath.h>
GRUB_MOD_LICENSE ("GPLv3+");
@@ -310,6 +311,7 @@ ntfscomp (grub_uint8_t *dest, grub_disk_addr_t ofs,
{
grub_err_t ret;
grub_disk_addr_t vcn;
+ int log_sz;
if (ctx->attr->sbuf)
{
@@ -349,7 +351,12 @@ ntfscomp (grub_uint8_t *dest, grub_disk_addr_t ofs,
}
ctx->comp.comp_head = ctx->comp.comp_tail = 0;
- ctx->comp.cbuf = grub_malloc (1 << (ctx->comp.log_spc + GRUB_NTFS_BLK_SHR));
+ if (grub_add (ctx->comp.log_spc, GRUB_NTFS_BLK_SHR, &log_sz))
+ {
+ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("compression buffer size overflow"));
+ return 0;
+ }
+ ctx->comp.cbuf = grub_malloc (1 << log_sz);
if (!ctx->comp.cbuf)
return 0;
diff --git a/grub-core/fs/squash4.c b/grub-core/fs/squash4.c
index 6e9d638..f91ff3b 100644
--- a/grub-core/fs/squash4.c
+++ b/grub-core/fs/squash4.c
@@ -460,11 +460,11 @@ grub_squash_read_symlink (grub_fshelp_node_t node)
{
char *ret;
grub_err_t err;
- grub_size_t sz;
+ grub_uint32_t sz;
if (grub_add (grub_le_to_cpu32 (node->ino.symlink.namelen), 1, &sz))
{
- grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected"));
+ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("symlink name length overflow"));
return NULL;
}
@@ -580,6 +580,7 @@ grub_squash_iterate_dir (grub_fshelp_node_t dir,
struct grub_squash_dirent di;
struct grub_squash_inode ino;
grub_size_t sz;
+ grub_uint16_t nlen;
err = read_chunk (dir->data, &di, sizeof (di),
grub_le_to_cpu64 (dir->data->sb.diroffset)
@@ -595,7 +596,12 @@ grub_squash_iterate_dir (grub_fshelp_node_t dir,
if (err)
return 0;
- buf = grub_malloc (grub_le_to_cpu16 (di.namelen) + 2);
+ if (grub_add (grub_le_to_cpu16 (di.namelen), 2, &nlen))
+ {
+ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("name length overflow"));
+ return 0;
+ }
+ buf = grub_malloc (nlen);
if (!buf)
return 0;
err = read_chunk (dir->data, buf,
diff --git a/grub-core/fs/xfs.c b/grub-core/fs/xfs.c
index f030c5b..0cf4c04 100644
--- a/grub-core/fs/xfs.c
+++ b/grub-core/fs/xfs.c
@@ -718,6 +718,7 @@ static char *
grub_xfs_read_symlink (grub_fshelp_node_t node)
{
grub_ssize_t size = grub_be_to_cpu64 (node->inode.size);
+ grub_size_t sz;
if (size < 0)
{
@@ -739,7 +740,12 @@ grub_xfs_read_symlink (grub_fshelp_node_t node)
if (node->data->hascrc)
off = 56;
- symlink = grub_malloc (size + 1);
+ if (grub_add (size, 1, &sz))
+ {
+ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("symlink size overflow"));
+ return 0;
+ }
+ symlink = grub_malloc (sz);
if (!symlink)
return 0;
@@ -789,8 +795,15 @@ static int iterate_dir_call_hook (grub_uint64_t ino, const char *filename,
{
struct grub_fshelp_node *fdiro;
grub_err_t err;
+ grub_size_t sz;
- fdiro = grub_malloc (grub_xfs_fshelp_size(ctx->diro->data) + 1);
+ if (grub_add (grub_xfs_fshelp_size(ctx->diro->data), 1, &sz))
+ {
+ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("directory data size overflow"));
+ grub_print_error ();
+ return 0;
+ }
+ fdiro = grub_malloc (sz);
if (!fdiro)
{
grub_print_error ();
--
2.33.0

85
backport-0055-fs-Prevent-overflows-when-allocating-memory-for-arra.patch Normal file
View File

@ -0,0 +1,85 @@
From 84bc0a9a68835952ae69165c11709811dae7634e Mon Sep 17 00:00:00 2001
From: Lidong Chen <lidong.chen@oracle.com>
Date: Tue, 21 Jan 2025 19:02:37 +0000
Subject: [PATCH 55/73] fs: Prevent overflows when allocating memory for arrays
Use grub_calloc() when allocating memory for arrays to ensure proper
overflow checks are in place.
The HFS+ and squash4 security vulnerabilities were reported by
Jonathan Bar Or <jonathanbaror@gmail.com>.
Fixes: CVE-2025-0678
Fixes: CVE-2025-1125
Signed-off-by: Lidong Chen <lidong.chen@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/fs/btrfs.c | 4 ++--
grub-core/fs/hfspluscomp.c | 9 +++++++--
grub-core/fs/squash4.c | 8 ++++----
3 files changed, 13 insertions(+), 8 deletions(-)
diff --git a/grub-core/fs/btrfs.c b/grub-core/fs/btrfs.c
index 0625b1166..9c1e925c9 100644
--- a/grub-core/fs/btrfs.c
+++ b/grub-core/fs/btrfs.c
@@ -1276,8 +1276,8 @@ grub_btrfs_mount (grub_device_t dev)
}
data->n_devices_allocated = 16;
- data->devices_attached = grub_malloc (sizeof (data->devices_attached[0])
- * data->n_devices_allocated);
+ data->devices_attached = grub_calloc (data->n_devices_allocated,
+ sizeof (data->devices_attached[0]));
if (!data->devices_attached)
{
grub_free (data);
diff --git a/grub-core/fs/hfspluscomp.c b/grub-core/fs/hfspluscomp.c
index 48ae438d8..a80954ee6 100644
--- a/grub-core/fs/hfspluscomp.c
+++ b/grub-core/fs/hfspluscomp.c
@@ -244,14 +244,19 @@ hfsplus_open_compressed_real (struct grub_hfsplus_file *node)
return 0;
}
node->compress_index_size = grub_le_to_cpu32 (index_size);
- node->compress_index = grub_malloc (node->compress_index_size
- * sizeof (node->compress_index[0]));
+ node->compress_index = grub_calloc (node->compress_index_size,
+ sizeof (node->compress_index[0]));
if (!node->compress_index)
{
node->compressed = 0;
grub_free (attr_node);
return grub_errno;
}
+
+ /*
+ * The node->compress_index_size * sizeof (node->compress_index[0]) is safe here
+ * due to relevant checks done in grub_calloc() above.
+ */
if (grub_hfsplus_read_file (node, 0, 0,
0x104 + sizeof (index_size),
node->compress_index_size
diff --git a/grub-core/fs/squash4.c b/grub-core/fs/squash4.c
index f91ff3bfa..cf2bca822 100644
--- a/grub-core/fs/squash4.c
+++ b/grub-core/fs/squash4.c
@@ -822,10 +822,10 @@ direct_read (struct grub_squash_data *data,
break;
}
total_blocks = ((total_size + data->blksz - 1) >> data->log2_blksz);
- ino->block_sizes = grub_malloc (total_blocks
- * sizeof (ino->block_sizes[0]));
- ino->cumulated_block_sizes = grub_malloc (total_blocks
- * sizeof (ino->cumulated_block_sizes[0]));
+ ino->block_sizes = grub_calloc (total_blocks,
+ sizeof (ino->block_sizes[0]));
+ ino->cumulated_block_sizes = grub_calloc (total_blocks,
+ sizeof (ino->cumulated_block_sizes[0]));
if (!ino->block_sizes || !ino->cumulated_block_sizes)
{
grub_free (ino->block_sizes);
--
2.33.0

108
backport-0056-fs-Prevent-overflows-when-assigning-returned-values-.patch Normal file
View File

@ -0,0 +1,108 @@
From cde9f7f338f8f5771777f0e7dfc423ddf952ad31 Mon Sep 17 00:00:00 2001
From: Lidong Chen <lidong.chen@oracle.com>
Date: Tue, 21 Jan 2025 19:02:38 +0000
Subject: [PATCH 56/73] fs: Prevent overflows when assigning returned values
from read_number()
The direct assignment of the unsigned long long value returned by
read_number() can potentially lead to an overflow on a 32-bit systems.
The fix replaces the direct assignments with calls to grub_cast()
which detects the overflows and safely assigns the values if no
overflow is detected.
Signed-off-by: Lidong Chen <lidong.chen@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/fs/cpio_common.c | 18 ++++++++++++++----
grub-core/fs/tar.c | 23 ++++++++++++++++-------
2 files changed, 30 insertions(+), 11 deletions(-)
diff --git a/grub-core/fs/cpio_common.c b/grub-core/fs/cpio_common.c
index 6ba58b354..45ac119a8 100644
--- a/grub-core/fs/cpio_common.c
+++ b/grub-core/fs/cpio_common.c
@@ -62,11 +62,21 @@ grub_cpio_find_file (struct grub_archelp_data *data, char **name,
#endif
)
return grub_error (GRUB_ERR_BAD_FS, "invalid cpio archive");
- data->size = read_number (hd.filesize, ARRAY_SIZE (hd.filesize));
+
+ if (grub_cast (read_number (hd.filesize, ARRAY_SIZE (hd.filesize)), &data->size))
+ return grub_error (GRUB_ERR_BAD_FS, N_("data size overflow"));
+
if (mtime)
- *mtime = read_number (hd.mtime, ARRAY_SIZE (hd.mtime));
- modeval = read_number (hd.mode, ARRAY_SIZE (hd.mode));
- namesize = read_number (hd.namesize, ARRAY_SIZE (hd.namesize));
+ {
+ if (grub_cast (read_number (hd.mtime, ARRAY_SIZE (hd.mtime)), mtime))
+ return grub_error (GRUB_ERR_BAD_FS, N_("mtime overflow"));
+ }
+
+ if (grub_cast (read_number (hd.mode, ARRAY_SIZE (hd.mode)), &modeval))
+ return grub_error (GRUB_ERR_BAD_FS, N_("mode overflow"));
+
+ if (grub_cast (read_number (hd.namesize, ARRAY_SIZE (hd.namesize)), &namesize))
+ return grub_error (GRUB_ERR_BAD_FS, N_("namesize overflow"));
/* Don't allow negative numbers. */
if (namesize >= 0x80000000)
diff --git a/grub-core/fs/tar.c b/grub-core/fs/tar.c
index fd2ec1f74..1eaa5349f 100644
--- a/grub-core/fs/tar.c
+++ b/grub-core/fs/tar.c
@@ -99,9 +99,10 @@ grub_cpio_find_file (struct grub_archelp_data *data, char **name,
if (hd.typeflag == 'L')
{
grub_err_t err;
- grub_size_t namesize = read_number (hd.size, sizeof (hd.size));
+ grub_size_t namesize;
- if (grub_add (namesize, 1, &sz))
+ if (grub_cast (read_number (hd.size, sizeof (hd.size)), &namesize) ||
+ grub_add (namesize, 1, &sz))
return grub_error (GRUB_ERR_BAD_FS, N_("name size overflow"));
*name = grub_malloc (sz);
@@ -123,9 +124,10 @@ grub_cpio_find_file (struct grub_archelp_data *data, char **name,
if (hd.typeflag == 'K')
{
grub_err_t err;
- grub_size_t linksize = read_number (hd.size, sizeof (hd.size));
+ grub_size_t linksize;
- if (grub_add (linksize, 1, &sz))
+ if (grub_cast (read_number (hd.size, sizeof (hd.size)), &linksize) ||
+ grub_add (linksize, 1, &sz))
return grub_error (GRUB_ERR_BAD_FS, N_("link size overflow"));
if (data->linkname_alloc < sz)
@@ -174,15 +176,22 @@ grub_cpio_find_file (struct grub_archelp_data *data, char **name,
(*name)[extra_size + sizeof (hd.name)] = 0;
}
- data->size = read_number (hd.size, sizeof (hd.size));
+ if (grub_cast (read_number (hd.size, sizeof (hd.size)), &data->size))
+ return grub_error (GRUB_ERR_BAD_FS, N_("data size overflow"));
+
data->dofs = data->hofs + GRUB_DISK_SECTOR_SIZE;
data->next_hofs = data->dofs + ((data->size + GRUB_DISK_SECTOR_SIZE - 1) &
~(GRUB_DISK_SECTOR_SIZE - 1));
if (mtime)
- *mtime = read_number (hd.mtime, sizeof (hd.mtime));
+ {
+ if (grub_cast (read_number (hd.mtime, sizeof (hd.mtime)), mtime))
+ return grub_error (GRUB_ERR_BAD_FS, N_("mtime overflow"));
+ }
if (mode)
{
- *mode = read_number (hd.mode, sizeof (hd.mode));
+ if (grub_cast (read_number (hd.mode, sizeof (hd.mode)), mode))
+ return grub_error (GRUB_ERR_BAD_FS, N_("mode overflow"));
+
switch (hd.typeflag)
{
/* Hardlink. */
--
2.33.0

141
backport-0057-fs-zfs-Use-safe-math-macros-to-prevent-overflows.patch Normal file
View File

@ -0,0 +1,141 @@
From 88e491a0f744c6b19b6d4caa300a576ba56db7c9 Mon Sep 17 00:00:00 2001
From: Lidong Chen <lidong.chen@oracle.com>
Date: Wed, 22 Jan 2025 07:17:02 +0000
Subject: [PATCH 57/73] fs/zfs: Use safe math macros to prevent overflows
Replace direct arithmetic operations with macros from include/grub/safemath.h
to prevent potential overflow issues when calculating the memory sizes.
Signed-off-by: Lidong Chen <lidong.chen@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/fs/zfs/zfs.c | 50 +++++++++++++++++++++++++++++++++++++-----
1 file changed, 44 insertions(+), 6 deletions(-)
diff --git a/grub-core/fs/zfs/zfs.c b/grub-core/fs/zfs/zfs.c
index 22ced4014..c77ab7ad3 100644
--- a/grub-core/fs/zfs/zfs.c
+++ b/grub-core/fs/zfs/zfs.c
@@ -2427,6 +2427,7 @@ fzap_iterate (dnode_end_t * zap_dnode, zap_phys_t * zap,
zap_dnode->endian) << DNODE_SHIFT);
grub_err_t err;
grub_zfs_endian_t endian;
+ grub_size_t sz;
if (zap_verify (zap, zap_dnode->endian))
return 0;
@@ -2488,8 +2489,14 @@ fzap_iterate (dnode_end_t * zap_dnode, zap_phys_t * zap,
if (le->le_type != ZAP_CHUNK_ENTRY)
continue;
- buf = grub_malloc (grub_zfs_to_cpu16 (le->le_name_length, endian)
- * name_elem_length + 1);
+ if (grub_mul (grub_zfs_to_cpu16 (le->le_name_length, endian), name_elem_length, &sz) ||
+ grub_add (sz, 1, &sz))
+ {
+ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("buffer size overflow"));
+ grub_free (l);
+ return grub_errno;
+ }
+ buf = grub_malloc (sz);
if (zap_leaf_array_get (l, endian, blksft,
grub_zfs_to_cpu16 (le->le_name_chunk,
endian),
@@ -2912,6 +2919,7 @@ dnode_get_path (struct subvolume *subvol, const char *path_in, dnode_end_t *dn,
&& ((grub_zfs_to_cpu64(((znode_phys_t *) DN_BONUS (&dnode_path->dn.dn))->zp_mode, dnode_path->dn.endian) >> 12) & 0xf) == 0xa)
{
char *sym_value;
+ grub_size_t sz;
grub_size_t sym_sz;
int free_symval = 0;
char *oldpath = path, *oldpathbuf = path_buf;
@@ -2963,7 +2971,18 @@ dnode_get_path (struct subvolume *subvol, const char *path_in, dnode_end_t *dn,
break;
free_symval = 1;
}
- path = path_buf = grub_malloc (sym_sz + grub_strlen (oldpath) + 1);
+
+ if (grub_add (sym_sz, grub_strlen (oldpath), &sz) ||
+ grub_add (sz, 1, &sz))
+ {
+ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("path buffer size overflow"));
+ grub_free (oldpathbuf);
+ if (free_symval)
+ grub_free (sym_value);
+ err = grub_errno;
+ break;
+ }
+ path = path_buf = grub_malloc (sz);
if (!path_buf)
{
grub_free (oldpathbuf);
@@ -3000,6 +3019,7 @@ dnode_get_path (struct subvolume *subvol, const char *path_in, dnode_end_t *dn,
{
void *sahdrp;
int hdrsize;
+ grub_size_t sz;
if (dnode_path->dn.dn.dn_bonuslen != 0)
{
@@ -3033,7 +3053,15 @@ dnode_get_path (struct subvolume *subvol, const char *path_in, dnode_end_t *dn,
+ SA_SIZE_OFFSET),
dnode_path->dn.endian);
char *oldpath = path, *oldpathbuf = path_buf;
- path = path_buf = grub_malloc (sym_sz + grub_strlen (oldpath) + 1);
+ if (grub_add (sym_sz, grub_strlen (oldpath), &sz) ||
+ grub_add (sz, 1, &sz))
+ {
+ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("path buffer size overflow"));
+ grub_free (oldpathbuf);
+ err = grub_errno;
+ break;
+ }
+ path = path_buf = grub_malloc (sz);
if (!path_buf)
{
grub_free (oldpathbuf);
@@ -3608,6 +3636,7 @@ grub_zfs_nvlist_lookup_nvlist_array (const char *nvlist, const char *name,
unsigned i;
grub_size_t nelm;
int elemsize = 0;
+ int sz;
found = nvlist_find_value (nvlist, name, DATA_TYPE_NVLIST_ARRAY, &nvpair,
&size, &nelm);
@@ -3642,7 +3671,12 @@ grub_zfs_nvlist_lookup_nvlist_array (const char *nvlist, const char *name,
return 0;
}
- ret = grub_zalloc (elemsize + sizeof (grub_uint32_t));
+ if (grub_add (elemsize, sizeof (grub_uint32_t), &sz))
+ {
+ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("elemsize overflow"));
+ return 0;
+ }
+ ret = grub_zalloc (sz);
if (!ret)
return 0;
grub_memcpy (ret, nvlist, sizeof (grub_uint32_t));
@@ -4233,6 +4267,7 @@ iterate_zap_snap (const char *name, grub_uint64_t val,
struct grub_dirhook_info info;
char *name2;
int ret;
+ grub_size_t sz;
dnode_end_t mdn;
@@ -4253,7 +4288,10 @@ iterate_zap_snap (const char *name, grub_uint64_t val,
return 0;
}
- name2 = grub_malloc (grub_strlen (name) + 2);
+ if (grub_add (grub_strlen (name), 2, &sz))
+ return grub_error (GRUB_ERR_OUT_OF_RANGE, N_("name length overflow"));
+
+ name2 = grub_malloc (sz);
name2[0] = '@';
grub_memcpy (name2 + 1, name, grub_strlen (name) + 1);
ret = ctx->hook (name2, &info, ctx->hook_data);
--
2.33.0

44
backport-0058-fs-zfs-Prevent-overflows-when-allocating-memory-for-.patch Normal file
View File

@ -0,0 +1,44 @@
From 7f38e32c7ebeaebb79e2c71e3c7d5ea367d3a39c Mon Sep 17 00:00:00 2001
From: Lidong Chen <lidong.chen@oracle.com>
Date: Wed, 22 Jan 2025 07:17:03 +0000
Subject: [PATCH 58/73] fs/zfs: Prevent overflows when allocating memory for
arrays
Use grub_calloc() when allocating memory for arrays to ensure proper
overflow checks are in place.
Signed-off-by: Lidong Chen <lidong.chen@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/fs/zfs/zfs.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/grub-core/fs/zfs/zfs.c b/grub-core/fs/zfs/zfs.c
index c77ab7ad3..474122ed2 100644
--- a/grub-core/fs/zfs/zfs.c
+++ b/grub-core/fs/zfs/zfs.c
@@ -763,8 +763,8 @@ fill_vdev_info_real (struct grub_zfs_data *data,
{
fill->n_children = nelm;
- fill->children = grub_zalloc (fill->n_children
- * sizeof (fill->children[0]));
+ fill->children = grub_calloc (fill->n_children,
+ sizeof (fill->children[0]));
}
for (i = 0; i < nelm; i++)
@@ -3752,8 +3752,8 @@ zfs_mount (grub_device_t dev)
#endif
data->n_devices_allocated = 16;
- data->devices_attached = grub_malloc (sizeof (data->devices_attached[0])
- * data->n_devices_allocated);
+ data->devices_attached = grub_calloc (data->n_devices_allocated,
+ sizeof (data->devices_attached[0]));
data->n_devices_attached = 0;
err = scan_disk (dev, data, 1, &inserted);
if (err)
--
2.33.0

91
backport-0059-fs-zfs-Check-if-returned-pointer-for-allocated-memor.patch Normal file
View File

@ -0,0 +1,91 @@
From 13065f69dae0eeb60813809026de5bd021051892 Mon Sep 17 00:00:00 2001
From: Lidong Chen <lidong.chen@oracle.com>
Date: Wed, 22 Jan 2025 07:17:01 +0000
Subject: [PATCH 59/73] fs/zfs: Check if returned pointer for allocated memory
is NULL
When using grub_malloc() or grub_zalloc(), these functions can fail if
we are out of memory. After allocating memory we should check if these
functions returned NULL and handle this error if they did.
Signed-off-by: Lidong Chen <lidong.chen@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/fs/zfs/zfs.c | 26 ++++++++++++++++++++++++++
1 file changed, 26 insertions(+)
diff --git a/grub-core/fs/zfs/zfs.c b/grub-core/fs/zfs/zfs.c
index 474122ed2..6a964974f 100644
--- a/grub-core/fs/zfs/zfs.c
+++ b/grub-core/fs/zfs/zfs.c
@@ -654,6 +654,8 @@ zfs_fetch_nvlist (struct grub_zfs_device_desc *diskdesc, char **nvlist)
return grub_error (GRUB_ERR_BUG, "member drive unknown");
*nvlist = grub_malloc (VDEV_PHYS_SIZE);
+ if (!*nvlist)
+ return grub_errno;
/* Read in the vdev name-value pair list (112K). */
err = grub_disk_read (diskdesc->dev->disk, diskdesc->vdev_phys_sector, 0,
@@ -765,6 +767,11 @@ fill_vdev_info_real (struct grub_zfs_data *data,
fill->children = grub_calloc (fill->n_children,
sizeof (fill->children[0]));
+ if (!fill->children)
+ {
+ grub_free (type);
+ return grub_errno;
+ }
}
for (i = 0; i < nelm; i++)
@@ -2497,6 +2504,11 @@ fzap_iterate (dnode_end_t * zap_dnode, zap_phys_t * zap,
return grub_errno;
}
buf = grub_malloc (sz);
+ if (!buf)
+ {
+ grub_free (l);
+ return grub_errno;
+ }
if (zap_leaf_array_get (l, endian, blksft,
grub_zfs_to_cpu16 (le->le_name_chunk,
endian),
@@ -2512,6 +2524,12 @@ fzap_iterate (dnode_end_t * zap_dnode, zap_phys_t * zap,
val_length = ((int) le->le_value_length
* (int) le->le_int_size);
val = grub_malloc (grub_zfs_to_cpu16 (val_length, endian));
+ if (!val)
+ {
+ grub_free (l);
+ grub_free (buf);
+ return grub_errno;
+ }
if (zap_leaf_array_get (l, endian, blksft,
grub_zfs_to_cpu16 (le->le_value_chunk,
endian),
@@ -3754,6 +3772,11 @@ zfs_mount (grub_device_t dev)
data->n_devices_allocated = 16;
data->devices_attached = grub_calloc (data->n_devices_allocated,
sizeof (data->devices_attached[0]));
+ if (!data->devices_attached)
+ {
+ grub_free (data);
+ return NULL;
+ }
data->n_devices_attached = 0;
err = scan_disk (dev, data, 1, &inserted);
if (err)
@@ -4292,6 +4315,9 @@ iterate_zap_snap (const char *name, grub_uint64_t val,
return grub_error (GRUB_ERR_OUT_OF_RANGE, N_("name length overflow"));
name2 = grub_malloc (sz);
+ if (!name2)
+ return grub_errno;
+
name2[0] = '@';
grub_memcpy (name2 + 1, name, grub_strlen (name) + 1);
ret = ctx->hook (name2, &info, ctx->hook_data);
--
2.33.0

27
backport-0060-fs-zfs-Add-missing-NULL-check-after-grub_strdup-call.patch Normal file
View File

@ -0,0 +1,27 @@
From dd6a4c8d10e02ca5056681e75795041a343636e4 Mon Sep 17 00:00:00 2001
From: Lidong Chen <lidong.chen@oracle.com>
Date: Wed, 22 Jan 2025 07:17:04 +0000
Subject: [PATCH 60/73] fs/zfs: Add missing NULL check after grub_strdup() call
Signed-off-by: Lidong Chen <lidong.chen@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/fs/zfs/zfs.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/grub-core/fs/zfs/zfs.c b/grub-core/fs/zfs/zfs.c
index 6a964974f..376042631 100644
--- a/grub-core/fs/zfs/zfs.c
+++ b/grub-core/fs/zfs/zfs.c
@@ -3349,6 +3349,8 @@ dnode_get_fullpath (const char *fullpath, struct subvolume *subvol,
filename = 0;
snapname = 0;
fsname = grub_strdup (fullpath);
+ if (!fsname)
+ return grub_errno;
}
else
{
--
2.33.0

243
backport-0061-net-Use-safe-math-macros-to-prevent-overflows.patch Normal file
View File

@ -0,0 +1,243 @@
From c0efc60fd470068fb2849adcab9db6719e4ab5c7 Mon Sep 17 00:00:00 2001
From: Lidong Chen <lidong.chen@oracle.com>
Date: Wed, 22 Jan 2025 18:04:42 +0000
Subject: [PATCH 61/73] net: Use safe math macros to prevent overflows
Replace direct arithmetic operations with macros from include/grub/safemath.h
to prevent potential overflow issues when calculating the memory sizes.
Signed-off-by: Lidong Chen <lidong.chen@oracle.com>
Signed-off-by: Alec Brown <alec.r.brown@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/net/bootp.c | 16 ++++++++--
grub-core/net/dns.c | 9 +++++-
grub-core/net/drivers/ieee1275/ofnet.c | 20 ++++++++++--
grub-core/net/net.c | 43 +++++++++++++++++++++-----
4 files changed, 75 insertions(+), 13 deletions(-)
diff --git a/grub-core/net/bootp.c b/grub-core/net/bootp.c
index 5d38a83..cad2676 100644
--- a/grub-core/net/bootp.c
+++ b/grub-core/net/bootp.c
@@ -26,6 +26,7 @@
#include <grub/datetime.h>
#include <grub/time.h>
#include <grub/list.h>
+#include <grub/safemath.h>
static int
dissect_url (const char *url, char **proto, char **host, char **path)
@@ -1470,6 +1471,7 @@ grub_cmd_dhcpopt (struct grub_command *cmd __attribute__ ((unused)),
unsigned num;
const grub_uint8_t *ptr;
grub_uint8_t taglength;
+ grub_uint8_t len;
if (argc < 4)
return grub_error (GRUB_ERR_BAD_ARGUMENT,
@@ -1511,7 +1513,12 @@ grub_cmd_dhcpopt (struct grub_command *cmd __attribute__ ((unused)),
if (grub_strcmp (args[3], "string") == 0)
{
grub_err_t err = GRUB_ERR_NONE;
- char *val = grub_malloc (taglength + 1);
+ char *val;
+
+ if (grub_add (taglength, 1, &len))
+ return grub_error (GRUB_ERR_OUT_OF_RANGE, N_("tag length overflow"));
+
+ val = grub_malloc (len);
if (!val)
return grub_errno;
grub_memcpy (val, ptr, taglength);
@@ -1544,7 +1551,12 @@ grub_cmd_dhcpopt (struct grub_command *cmd __attribute__ ((unused)),
if (grub_strcmp (args[3], "hex") == 0)
{
grub_err_t err = GRUB_ERR_NONE;
- char *val = grub_malloc (2 * taglength + 1);
+ char *val;
+
+ if (grub_mul (taglength, 2, &len) || grub_add (len, 1, &len))
+ return grub_error (GRUB_ERR_OUT_OF_RANGE, N_("tag length overflow"));
+
+ val = grub_malloc (len);
int i;
if (!val)
return grub_errno;
diff --git a/grub-core/net/dns.c b/grub-core/net/dns.c
index fcc09aa..39b0c46 100644
--- a/grub-core/net/dns.c
+++ b/grub-core/net/dns.c
@@ -224,10 +224,17 @@ get_name (const grub_uint8_t *name_at, const grub_uint8_t *head,
{
int length;
char *ret;
+ int len;
if (!check_name_real (name_at, head, tail, NULL, &length, NULL))
return NULL;
- ret = grub_malloc (length + 1);
+
+ if (grub_add (length, 1, &len))
+ {
+ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("name length overflow"));
+ return NULL;
+ }
+ ret = grub_malloc (len);
if (!ret)
return NULL;
if (!check_name_real (name_at, head, tail, NULL, NULL, ret))
diff --git a/grub-core/net/drivers/ieee1275/ofnet.c b/grub-core/net/drivers/ieee1275/ofnet.c
index 78f03df..c35b107 100644
--- a/grub-core/net/drivers/ieee1275/ofnet.c
+++ b/grub-core/net/drivers/ieee1275/ofnet.c
@@ -22,6 +22,7 @@
#include <grub/net.h>
#include <grub/time.h>
#include <grub/i18n.h>
+#include <grub/safemath.h>
GRUB_MOD_LICENSE ("GPLv3+");
@@ -391,6 +392,7 @@ search_net_devices (struct grub_ieee1275_devalias *alias)
grub_uint8_t *pprop;
char *shortname;
char need_suffix = 1;
+ grub_size_t sz;
if (grub_strcmp (alias->type, "network") != 0)
return 0;
@@ -448,9 +450,23 @@ search_net_devices (struct grub_ieee1275_devalias *alias)
}
if (need_suffix)
- ofdata->path = grub_malloc (grub_strlen (alias->path) + sizeof (SUFFIX));
+ {
+ if (grub_add (grub_strlen (alias->path), sizeof (SUFFIX), &sz))
+ {
+ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow detected while obatining size of ofdata path"));
+ grub_print_error ();
+ return 0;
+ }
+ }
else
- ofdata->path = grub_malloc (grub_strlen (alias->path) + 1);
+ {
+ if (grub_add (grub_strlen (alias->path), 1, &sz))
+ {
+ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow detected while obatining size of ofdata path"));
+ grub_print_error ();
+ return 0;
+ }
+ }
if (!ofdata->path)
{
grub_print_error ();
diff --git a/grub-core/net/net.c b/grub-core/net/net.c
index b411b3a..d907d0e 100644
--- a/grub-core/net/net.c
+++ b/grub-core/net/net.c
@@ -35,6 +35,7 @@
#ifdef GRUB_MACHINE_EFI
#include <grub/net/efi.h>
#endif
+#include <grub/safemath.h>
GRUB_MOD_LICENSE ("GPLv3+");
@@ -209,6 +210,7 @@ grub_net_ipv6_get_slaac (struct grub_net_card *card,
{
struct grub_net_slaac_mac_list *slaac;
char *ptr;
+ grub_size_t sz;
for (slaac = card->slaac_list; slaac; slaac = slaac->next)
if (grub_net_hwaddr_cmp (&slaac->address, hwaddr) == 0)
@@ -218,9 +220,16 @@ grub_net_ipv6_get_slaac (struct grub_net_card *card,
if (!slaac)
return NULL;
- slaac->name = grub_malloc (grub_strlen (card->name)
- + GRUB_NET_MAX_STR_HWADDR_LEN
- + sizeof (":slaac"));
+ if (grub_add (grub_strlen (card->name),
+ (GRUB_NET_MAX_STR_HWADDR_LEN + sizeof (":slaac")), &sz))
+ {
+ grub_free (slaac);
+ grub_error (GRUB_ERR_OUT_OF_RANGE,
+ "overflow detected while obtaining size of slaac name");
+ return NULL;
+ }
+
+ slaac->name = grub_malloc (sz);
ptr = grub_stpcpy (slaac->name, card->name);
if (grub_net_hwaddr_cmp (&card->default_address, hwaddr) != 0)
{
@@ -291,6 +300,7 @@ grub_net_ipv6_get_link_local (struct grub_net_card *card,
char *name;
char *ptr;
grub_net_network_level_address_t addr;
+ grub_size_t sz;
addr.type = GRUB_NET_NETWORK_LEVEL_PROTOCOL_IPV6;
addr.ipv6[0] = grub_cpu_to_be64_compile_time (0xfe80ULL << 48);
@@ -305,9 +315,14 @@ grub_net_ipv6_get_link_local (struct grub_net_card *card,
return inf;
}
- name = grub_malloc (grub_strlen (card->name)
- + GRUB_NET_MAX_STR_HWADDR_LEN
- + sizeof (":link"));
+ if (grub_add (grub_strlen (card->name),
+ (GRUB_NET_MAX_STR_HWADDR_LEN + sizeof (":link")), &sz))
+ {
+ grub_error (GRUB_ERR_OUT_OF_RANGE,
+ "overflow detected while obtaining size of link name");
+ return NULL;
+ }
+ name = grub_malloc (sz);
if (!name)
return NULL;
@@ -1437,9 +1452,15 @@ grub_net_open_real (const char *name)
if (grub_strchr (port_start + 1, ':'))
{
int iplen = grub_strlen (server);
+ grub_size_t sz;
/* Bracket bare IPv6 addr. */
- host = grub_malloc (iplen + 3);
+ if (grub_add (iplen, 3, &sz))
+ {
+ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow detected while obtaining length of host"));
+ return NULL;
+ }
+ host = grub_malloc (sz);
if (!host)
return NULL;
@@ -1694,6 +1715,7 @@ grub_env_set_net_property (const char *intername, const char *suffix,
{
char *varname, *varvalue;
char *ptr;
+ grub_size_t sz;
varname = grub_xasprintf ("net_%s_%s", intername, suffix);
if (!varname)
@@ -1701,7 +1723,12 @@ grub_env_set_net_property (const char *intername, const char *suffix,
for (ptr = varname; *ptr; ptr++)
if (*ptr == ':')
*ptr = '_';
- varvalue = grub_malloc (len + 1);
+ if (grub_add (len, 1, &sz))
+ {
+ grub_free (varname);
+ return grub_error (GRUB_ERR_OUT_OF_RANGE, "overflow detected while obtaining the size of an env variable");
+ }
+ varvalue = grub_malloc (sz);
if (!varvalue)
{
grub_free (varname);
--
2.33.0

49
backport-0062-net-Prevent-overflows-when-allocating-memory-for-arr.patch Normal file
View File

@ -0,0 +1,49 @@
From dee2c14fd66bc497cdc74c69fde8c9b84637c8eb Mon Sep 17 00:00:00 2001
From: Lidong Chen <lidong.chen@oracle.com>
Date: Wed, 22 Jan 2025 18:04:43 +0000
Subject: [PATCH 62/73] net: Prevent overflows when allocating memory for
arrays
Use grub_calloc() when allocating memory for arrays to ensure proper
overflow checks are in place.
Signed-off-by: Lidong Chen <lidong.chen@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/net/dns.c | 4 ++--
grub-core/net/net.c | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/grub-core/net/dns.c b/grub-core/net/dns.c
index 39b0c46cf..f20cd6f83 100644
--- a/grub-core/net/dns.c
+++ b/grub-core/net/dns.c
@@ -470,8 +470,8 @@ grub_net_dns_lookup (const char *name,
&& grub_get_time_ms () < dns_cache[h].limit_time)
{
grub_dprintf ("dns", "retrieved from cache\n");
- *addresses = grub_malloc (dns_cache[h].naddresses
- * sizeof ((*addresses)[0]));
+ *addresses = grub_calloc (dns_cache[h].naddresses,
+ sizeof ((*addresses)[0]));
if (!*addresses)
return grub_errno;
*naddresses = dns_cache[h].naddresses;
diff --git a/grub-core/net/net.c b/grub-core/net/net.c
index 3ca7e0796..1abdc097f 100644
--- a/grub-core/net/net.c
+++ b/grub-core/net/net.c
@@ -88,8 +88,8 @@ grub_net_link_layer_add_address (struct grub_net_card *card,
/* Add sender to cache table. */
if (card->link_layer_table == NULL)
{
- card->link_layer_table = grub_zalloc (LINK_LAYER_CACHE_SIZE
- * sizeof (card->link_layer_table[0]));
+ card->link_layer_table = grub_calloc (LINK_LAYER_CACHE_SIZE,
+ sizeof (card->link_layer_table[0]));
if (card->link_layer_table == NULL)
return;
}
--
2.33.0

35
backport-0063-net-Check-if-returned-pointer-for-allocated-memory-i.patch Normal file
View File

@ -0,0 +1,35 @@
From 1c06ec900591d1fab6fbacf80dc010541d0a5ec8 Mon Sep 17 00:00:00 2001
From: Alec Brown <alec.r.brown@oracle.com>
Date: Wed, 22 Jan 2025 18:04:44 +0000
Subject: [PATCH 63/73] net: Check if returned pointer for allocated memory is
NULL
When using grub_malloc(), the function can fail if we are out of memory.
After allocating memory we should check if this function returned NULL
and handle this error if it did.
Signed-off-by: Alec Brown <alec.r.brown@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/net/net.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/grub-core/net/net.c b/grub-core/net/net.c
index 1abdc097f..6ea33d1cd 100644
--- a/grub-core/net/net.c
+++ b/grub-core/net/net.c
@@ -227,6 +227,11 @@ grub_net_ipv6_get_slaac (struct grub_net_card *card,
}
slaac->name = grub_malloc (sz);
+ if (slaac->name == NULL)
+ {
+ grub_free (slaac);
+ return NULL;
+ }
ptr = grub_stpcpy (slaac->name, card->name);
if (grub_net_hwaddr_cmp (&card->default_address, hwaddr) != 0)
{
--
2.33.0

35
backport-0064-fs-sfs-Check-if-allocated-memory-is-NULL.patch Normal file
View File

@ -0,0 +1,35 @@
From e3c578a56f9294e286b6028ca7c1def997a17b15 Mon Sep 17 00:00:00 2001
From: Alec Brown <alec.r.brown@oracle.com>
Date: Tue, 28 Jan 2025 05:15:50 +0000
Subject: [PATCH 64/73] fs/sfs: Check if allocated memory is NULL
When using grub_zalloc(), if we are out of memory, this function can fail.
After allocating memory, we should check if grub_zalloc() returns NULL.
If so, we should handle this error.
Fixes: CID 473856
Signed-off-by: Alec Brown <alec.r.brown@oracle.com>
Reviewed-by: Ross Philipson <ross.philipson@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/fs/sfs.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/grub-core/fs/sfs.c b/grub-core/fs/sfs.c
index 88705b3a2..bad4ae8d1 100644
--- a/grub-core/fs/sfs.c
+++ b/grub-core/fs/sfs.c
@@ -429,6 +429,9 @@ grub_sfs_mount (grub_disk_t disk)
- 24 /* offsetof (struct grub_sfs_objc, objects) */
- 25); /* offsetof (struct grub_sfs_obj, filename) */
data->label = grub_zalloc (max_len + 1);
+ if (data->label == NULL)
+ goto fail;
+
grub_strncpy (data->label, (char *) rootobjc->objects[0].filename, max_len);
grub_free (rootobjc_data);
--
2.33.0

36
backport-0065-script-execute-Fix-potential-underflow-and-NULL-dere.patch Normal file
View File

@ -0,0 +1,36 @@
From d13b6e8ebd10b4eb16698a002aa40258cf6e6f0e Mon Sep 17 00:00:00 2001
From: Lidong Chen <lidong.chen@oracle.com>
Date: Wed, 29 Jan 2025 06:48:37 +0000
Subject: [PATCH 65/73] script/execute: Fix potential underflow and NULL
dereference
The result is initialized to 0 in grub_script_arglist_to_argv().
If the for loop condition is not met both result.args and result.argc
remain 0 causing result.argc - 1 to underflow and/or result.args NULL
dereference. Fix the issues by adding relevant checks.
Fixes: CID 473880
Signed-off-by: Lidong Chen <lidong.chen@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/script/execute.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/grub-core/script/execute.c b/grub-core/script/execute.c
index e1450f45d..a86e0051f 100644
--- a/grub-core/script/execute.c
+++ b/grub-core/script/execute.c
@@ -760,6 +760,9 @@ cleanup:
}
}
+ if (result.args == NULL || result.argc == 0)
+ goto fail;
+
if (! result.args[result.argc - 1])
result.argc--;
--
2.33.0

38
backport-0066-osdep-unix-getroot-Fix-potential-underflow.patch Normal file
View File

@ -0,0 +1,38 @@
From 66733f7c7dae889861ea3ef3ec0710811486019e Mon Sep 17 00:00:00 2001
From: Lidong Chen <lidong.chen@oracle.com>
Date: Wed, 29 Jan 2025 06:48:38 +0000
Subject: [PATCH 66/73] osdep/unix/getroot: Fix potential underflow
The entry_len is initialized in grub_find_root_devices_from_mountinfo()
to 0 before the while loop iterates through /proc/self/mountinfo. If the
file is empty or contains only invalid entries entry_len remains
0 causing entry_len - 1 in the subsequent for loop initialization
to underflow. To prevent this add a check to ensure entry_len > 0 before
entering the for loop.
Fixes: CID 473877
Signed-off-by: Lidong Chen <lidong.chen@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Reviewed-by: Ross Philipson <ross.philipson@oracle.com>
---
grub-core/osdep/linux/getroot.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/grub-core/osdep/linux/getroot.c b/grub-core/osdep/linux/getroot.c
index 7dd775d2a..527d4f0c5 100644
--- a/grub-core/osdep/linux/getroot.c
+++ b/grub-core/osdep/linux/getroot.c
@@ -484,6 +484,9 @@ again:
}
}
+ if (!entry_len)
+ goto out;
+
/* Now scan visible mounts for the ones we're interested in. */
for (i = entry_len - 1; i >= 0; i--)
{
--
2.33.0

58
backport-0067-misc-Ensure-consistent-overflow-error-messages.patch Normal file
View File

@ -0,0 +1,58 @@
From f8795cde217e21539c2f236bcbb1a4bf521086b3 Mon Sep 17 00:00:00 2001
From: Lidong Chen <lidong.chen@oracle.com>
Date: Tue, 21 Jan 2025 19:02:39 +0000
Subject: [PATCH 67/73] misc: Ensure consistent overflow error messages
Update the overflow error messages to make them consistent
across the GRUB code.
Signed-off-by: Lidong Chen <lidong.chen@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/fs/ntfs.c | 2 +-
grub-core/fs/ntfscomp.c | 2 +-
grub-core/video/readers/png.c | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/grub-core/fs/ntfs.c b/grub-core/fs/ntfs.c
index e00349b1d..960833a34 100644
--- a/grub-core/fs/ntfs.c
+++ b/grub-core/fs/ntfs.c
@@ -574,7 +574,7 @@ retry:
goto retry;
}
}
- return grub_error (GRUB_ERR_BAD_FS, "run list overflown");
+ return grub_error (GRUB_ERR_BAD_FS, "run list overflow");
}
ctx->curr_vcn = ctx->next_vcn;
ctx->next_vcn += read_run_data (run, c1, 0); /* length of current VCN */
diff --git a/grub-core/fs/ntfscomp.c b/grub-core/fs/ntfscomp.c
index f168a318e..b68bf5e40 100644
--- a/grub-core/fs/ntfscomp.c
+++ b/grub-core/fs/ntfscomp.c
@@ -30,7 +30,7 @@ static grub_err_t
decomp_nextvcn (struct grub_ntfs_comp *cc)
{
if (cc->comp_head >= cc->comp_tail)
- return grub_error (GRUB_ERR_BAD_FS, "compression block overflown");
+ return grub_error (GRUB_ERR_BAD_FS, "compression block overflow");
if (grub_disk_read
(cc->disk,
(cc->comp_table[cc->comp_head].next_lcn -
diff --git a/grub-core/video/readers/png.c b/grub-core/video/readers/png.c
index 3163e97bf..aa7524b7d 100644
--- a/grub-core/video/readers/png.c
+++ b/grub-core/video/readers/png.c
@@ -626,7 +626,7 @@ static grub_err_t
grub_png_output_byte (struct grub_png_data *data, grub_uint8_t n)
{
if (--data->raw_bytes < 0)
- return grub_error (GRUB_ERR_BAD_FILE_TYPE, "image size overflown");
+ return grub_error (GRUB_ERR_BAD_FILE_TYPE, "image size overflow");
if (data->cur_column == 0)
{
--
2.33.0

33
backport-0068-bus-usb-ehci-Define-GRUB_EHCI_TOGGLE-as-grub_uint32_.patch Normal file
View File

@ -0,0 +1,33 @@
From 9907d9c2723304b42cf6da74f1cc6c4601391956 Mon Sep 17 00:00:00 2001
From: Alec Brown <alec.r.brown@oracle.com>
Date: Tue, 4 Feb 2025 15:11:10 +0000
Subject: [PATCH 68/73] bus/usb/ehci: Define GRUB_EHCI_TOGGLE as grub_uint32_t
The Coverity indicates that GRUB_EHCI_TOGGLE is an int that contains
a negative value and we are using it for the variable token which is
grub_uint32_t. To remedy this we can cast the definition to grub_uint32_t.
Fixes: CID 473851
Signed-off-by: Alec Brown <alec.r.brown@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/bus/usb/ehci.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/grub-core/bus/usb/ehci.c b/grub-core/bus/usb/ehci.c
index 9abebc6bd..2db07c7c0 100644
--- a/grub-core/bus/usb/ehci.c
+++ b/grub-core/bus/usb/ehci.c
@@ -218,7 +218,7 @@ enum
#define GRUB_EHCI_TERMINATE (1<<0)
-#define GRUB_EHCI_TOGGLE (1<<31)
+#define GRUB_EHCI_TOGGLE ((grub_uint32_t) 1<<31)
enum
{
--
2.33.0

44
backport-0069-normal-menu-Use-safe-math-to-avoid-an-integer-overfl.patch Normal file
View File

@ -0,0 +1,44 @@
From 6feae07f953bee6ce82efda19a695d187a32f987 Mon Sep 17 00:00:00 2001
From: Alec Brown <alec.r.brown@oracle.com>
Date: Tue, 4 Feb 2025 15:11:11 +0000
Subject: [PATCH 69/73] normal/menu: Use safe math to avoid an integer overflow
The Coverity indicates that the variable current_entry might overflow.
To prevent this use safe math when adding GRUB_MENU_PAGE_SIZE to current_entry.
On the occasion fix limiting condition which was broken.
Fixes: CID 473853
Signed-off-by: Alec Brown <alec.r.brown@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/normal/menu.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/grub-core/normal/menu.c b/grub-core/normal/menu.c
index 47cfd93..c2d7bb5 100644
--- a/grub-core/normal/menu.c
+++ b/grub-core/normal/menu.c
@@ -33,6 +33,7 @@
#include <grub/gfxterm.h>
#include <grub/dl.h>
#include <grub/crypttab.h>
+#include <grub/safemath.h>
/* Time to delay after displaying an error message about a default/fallback
entry failing to boot. */
@@ -836,9 +837,7 @@ run_menu (grub_menu_t menu, int nested, int *auto_boot, int *notify_boot)
case GRUB_TERM_CTRL | 'c':
case GRUB_TERM_KEY_NPAGE:
- if (current_entry + GRUB_MENU_PAGE_SIZE < menu->size)
- current_entry += GRUB_MENU_PAGE_SIZE;
- else
+ if (grub_add (current_entry, GRUB_MENU_PAGE_SIZE, &current_entry) || current_entry >= menu->size)
current_entry = menu->size - 1;
menu_set_chosen_entry (current_entry);
break;
--
2.33.0

50
backport-0070-kern-partition-Add-sanity-check-after-grub_strtoul-c.patch Normal file
View File

@ -0,0 +1,50 @@
From 8e6e87e7923ca2ae880021cb42a35cc9bb4c8fe2 Mon Sep 17 00:00:00 2001
From: Lidong Chen <lidong.chen@oracle.com>
Date: Thu, 6 Feb 2025 18:16:56 +0000
Subject: [PATCH 70/73] kern/partition: Add sanity check after grub_strtoul()
call
The current code incorrectly assumes that both the input and the values
returned by grub_strtoul() are always valid which can lead to potential
errors. This fix ensures proper validation to prevent any unintended issues.
Fixes: CID 473843
Signed-off-by: Lidong Chen <lidong.chen@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/kern/partition.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/grub-core/kern/partition.c b/grub-core/kern/partition.c
index 704512a20..c6a578cf4 100644
--- a/grub-core/kern/partition.c
+++ b/grub-core/kern/partition.c
@@ -125,14 +125,22 @@ grub_partition_probe (struct grub_disk *disk, const char *str)
for (ptr = str; *ptr;)
{
grub_partition_map_t partmap;
- int num;
+ unsigned long num;
const char *partname, *partname_end;
partname = ptr;
while (*ptr && grub_isalpha (*ptr))
ptr++;
partname_end = ptr;
- num = grub_strtoul (ptr, &ptr, 0) - 1;
+
+ num = grub_strtoul (ptr, &ptr, 0);
+ if (*ptr != '\0' || num == 0 || num > GRUB_INT_MAX)
+ {
+ grub_error (GRUB_ERR_BAD_NUMBER, N_("invalid partition number"));
+ return 0;
+ }
+
+ num -= 1;
curpart = 0;
/* Use the first partition map type found. */
--
2.33.0

60
backport-0071-kern-misc-Add-sanity-check-after-grub_strtoul-call.patch Normal file
View File

@ -0,0 +1,60 @@
From a8d6b06331a75d75b46f3dd6cc6fcd40dcf604b7 Mon Sep 17 00:00:00 2001
From: Lidong Chen <lidong.chen@oracle.com>
Date: Thu, 6 Feb 2025 18:16:57 +0000
Subject: [PATCH 71/73] kern/misc: Add sanity check after grub_strtoul() call
When the format string, fmt0, includes a positional argument
grub_strtoul() or grub_strtoull() is called to extract the argument
position. However, the returned argument position isn't fully validated.
If the format is something like "%0$x" then these functions return
0 which leads to an underflow in the calculation of the args index, curn.
The fix is to add a check to ensure the extracted argument position is
greater than 0 before computing curn. Additionally, replace one
grub_strtoull() with grub_strtoul() and change curn type to make code
more correct.
Fixes: CID 473841
Signed-off-by: Lidong Chen <lidong.chen@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/kern/misc.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/grub-core/kern/misc.c b/grub-core/kern/misc.c
index 7cee5d75c..2b7922393 100644
--- a/grub-core/kern/misc.c
+++ b/grub-core/kern/misc.c
@@ -830,7 +830,7 @@ parse_printf_arg_fmt (const char *fmt0, struct printf_args *args,
while ((c = *fmt++) != 0)
{
int longfmt = 0;
- grub_size_t curn;
+ unsigned long curn;
const char *p;
if (c != '%')
@@ -848,7 +848,10 @@ parse_printf_arg_fmt (const char *fmt0, struct printf_args *args,
if (*fmt == '$')
{
- curn = grub_strtoull (p, 0, 10) - 1;
+ curn = grub_strtoul (p, 0, 10);
+ if (curn == 0)
+ continue;
+ curn--;
fmt++;
}
@@ -1034,6 +1037,8 @@ grub_vsnprintf_real (char *str, grub_size_t max_len, const char *fmt0,
if (*fmt == '$')
{
+ if (format1 == 0)
+ continue;
curn = format1 - 1;
fmt++;
format1 = 0;
--
2.33.0

33
backport-0072-loader-i386-linux-Cast-left-shift-to-grub_uint32_t.patch Normal file
View File

@ -0,0 +1,33 @@
From 490a6ab71cebd96fae7a1ceb9067484f5ccbec2a Mon Sep 17 00:00:00 2001
From: Alec Brown <alec.r.brown@oracle.com>
Date: Fri, 7 Feb 2025 01:47:57 +0000
Subject: [PATCH 72/73] loader/i386/linux: Cast left shift to grub_uint32_t
The Coverity complains that we might overflow into a negative value when
setting linux_params.kernel_alignment to (1 << align). We can remedy
this by casting it to grub_uint32_t.
Fixes: CID 473876
Signed-off-by: Alec Brown <alec.r.brown@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/loader/i386/linux.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/grub-core/loader/i386/linux.c b/grub-core/loader/i386/linux.c
index 977757f2c..b051600c8 100644
--- a/grub-core/loader/i386/linux.c
+++ b/grub-core/loader/i386/linux.c
@@ -806,7 +806,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
}
linux_params.code32_start = prot_mode_target + lh.code32_start - GRUB_LINUX_BZIMAGE_ADDR;
- linux_params.kernel_alignment = (1 << align);
+ linux_params.kernel_alignment = ((grub_uint32_t) 1 << align);
linux_params.ps_mouse = linux_params.padding11 = 0;
linux_params.type_of_loader = GRUB_LINUX_BOOT_LOADER_TYPE;
--
2.33.0

59
backport-0073-loader-i386-bsd-Use-safe-math-to-avoid-underflow.patch Normal file
View File

@ -0,0 +1,59 @@
From 4dc6166571645780c459dde2cdc1b001a5ec844c Mon Sep 17 00:00:00 2001
From: Alec Brown <alec.r.brown@oracle.com>
Date: Wed, 5 Feb 2025 22:04:08 +0000
Subject: [PATCH 73/73] loader/i386/bsd: Use safe math to avoid underflow
The operation kern_end - kern_start may underflow when we input it into
grub_relocator_alloc_chunk_addr() call. To avoid this we can use safe
math for this subtraction.
Fixes: CID 73845
Signed-off-by: Alec Brown <alec.r.brown@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/loader/i386/bsd.c | 14 ++++++++++----
1 file changed, 10 insertions(+), 4 deletions(-)
diff --git a/grub-core/loader/i386/bsd.c b/grub-core/loader/i386/bsd.c
index 1f9128f6f..578433402 100644
--- a/grub-core/loader/i386/bsd.c
+++ b/grub-core/loader/i386/bsd.c
@@ -1340,6 +1340,7 @@ static grub_err_t
grub_bsd_load_elf (grub_elf_t elf, const char *filename)
{
grub_err_t err;
+ grub_size_t sz;
kern_end = 0;
kern_start = ~0;
@@ -1370,8 +1371,11 @@ grub_bsd_load_elf (grub_elf_t elf, const char *filename)
if (grub_errno)
return grub_errno;
- err = grub_relocator_alloc_chunk_addr (relocator, &ch,
- kern_start, kern_end - kern_start);
+
+ if (grub_sub (kern_end, kern_start, &sz))
+ return grub_error (GRUB_ERR_OUT_OF_RANGE, "underflow detected while determining size of kernel for relocator");
+
+ err = grub_relocator_alloc_chunk_addr (relocator, &ch, kern_start, sz);
if (err)
return err;
@@ -1431,8 +1435,10 @@ grub_bsd_load_elf (grub_elf_t elf, const char *filename)
{
grub_relocator_chunk_t ch;
- err = grub_relocator_alloc_chunk_addr (relocator, &ch, kern_start,
- kern_end - kern_start);
+ if (grub_sub (kern_end, kern_start, &sz))
+ return grub_error (GRUB_ERR_OUT_OF_RANGE, "underflow detected while determining size of kernel for relocator");
+
+ err = grub_relocator_alloc_chunk_addr (relocator, &ch, kern_start, sz);
if (err)
return err;
kern_chunk_src = get_virtual_current_address (ch);
--
2.33.0

42
backport-fix-CVE-2024-56738.patch Normal file
View File

@ -0,0 +1,42 @@
From 8b1b47efd667ea3450681fa0c674045980e25360 Mon Sep 17 00:00:00 2001
From: Jonathan Bar Or <jonathanbaror@gmail.com>
Date: Mon, 7 Apr 2025 09:36:34 +0000
Subject: [PATCH] fix CVE-2024-56738
Reference:https://savannah.gnu.org/bugs/?66603
Conflict:NA
---
grub-core/lib/crypto.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/grub-core/lib/crypto.c b/grub-core/lib/crypto.c
index d53ddbe..653aab7 100644
--- a/grub-core/lib/crypto.c
+++ b/grub-core/lib/crypto.c
@@ -440,16 +440,16 @@ grub_crypto_gcry_error (gcry_err_code_t in)
int
grub_crypto_memcmp (const void *a, const void *b, grub_size_t n)
{
- register grub_size_t counter = 0;
- const grub_uint8_t *pa, *pb;
+ register grub_uint8_t indicator = 0;
+ const grub_uint8_t *pa = a, *pb = b;
+ grub_size_t i;
- for (pa = a, pb = b; n; pa++, pb++, n--)
+ for (i = 0; i < n; i++)
{
- if (*pa != *pb)
- counter++;
+ indicator |= (pa[i] ^ pb[i]);
}
- return !!counter;
+ return !!indicator;
}
#ifndef GRUB_UTIL
--
2.33.0

79
grub.patches
View File

@ -246,3 +246,82 @@ Patch246: backport-acpi-Fix-out-of-bounds-access-in-grub_acpi_xsdt_find.pa
Patch247: backport-commands-efi-tpm-Re-enable-measurements-on-confident.patch
Patch248: backport-commands-legacycfg-Avoid-closing-file-twice.patch
Patch249: bugfix-fix-not-verifying-grub-cfg-when-loading-it.patch
Patch250: backport-0001-misc-Implement-grub_strlcpy.patch
Patch251: backport-0002-fs-ufs-Fix-a-heap-OOB-write.patch
Patch252: backport-0003-fs-hfs-Fix-stack-OOB-write-with-grub_strcpy.patch
Patch253: backport-0004-fs-tar-Initialize-name-in-grub_cpio_find_file.patch
Patch254: backport-0005-fs-tar-Integer-overflow-leads-to-heap-OOB-write.patch
Patch255: backport-0006-fs-f2fs-Set-a-grub_errno-if-mount-fails.patch
Patch256: backport-0007-fs-hfsplus-Set-a-grub_errno-if-mount-fails.patch
Patch257: backport-0008-fs-iso9660-Set-a-grub_errno-if-mount-fails.patch
Patch258: backport-0009-fs-iso9660-Fix-invalid-free.patch
Patch259: backport-0010-fs-jfs-Fix-OOB-read-in-jfs_getent.patch
Patch260: backport-0011-fs-jfs-Fix-OOB-read-caused-by-invalid-dir-slot-index.patch
Patch261: backport-0012-fs-jfs-Use-full-40-bits-offset-and-address-for-a-dat.patch
Patch262: backport-0013-fs-jfs-Inconsistent-signed-unsigned-types-usage-in-r.patch
Patch263: backport-0014-fs-ext2-Fix-out-of-bounds-read-for-inline-extents.patch
Patch264: backport-0015-fs-ntfs-Fix-out-of-bounds-read.patch
Patch265: backport-0016-fs-ntfs-Track-the-end-of-the-MFT-attribute-buffer.patch
Patch266: backport-0017-fs-ntfs-Use-a-helper-function-to-access-attributes.patch
Patch267: backport-0018-fs-ntfs-Implement-attribute-verification.patch
Patch268: backport-0019-fs-xfs-Fix-out-of-bounds-read.patch
Patch269: backport-0020-fs-xfs-Ensuring-failing-to-mount-sets-a-grub_errno.patch
Patch270: backport-0021-kern-file-Ensure-file-data-is-set.patch
Patch271: backport-0022-kern-file-Implement-filesystem-reference-counting.patch
Patch272: backport-0023-disk-cryptodisk-Require-authentication-after-TPM-unl.patch
Patch273: backport-0024-disk-loopback-Reference-tracking-for-the-loopback.patch
Patch274: backport-0025-kern-disk-Limit-recursion-depth.patch
Patch275: backport-0026-kern-partition-Limit-recursion-in-part_iterate.patch
Patch276: backport-0027-script-execute-Limit-the-recursion-depth.patch
Patch277: backport-0028-net-Unregister-net_default_ip-and-net_default_mac-va.patch
Patch278: backport-0029-net-Remove-variables-hooks-when-interface-is-unregis.patch
Patch279: backport-0030-net-Fix-OOB-write-in-grub_net_search_config_file.patch
Patch280: backport-0031-net-tftp-Fix-stack-buffer-overflow-in-tftp_open.patch
Patch281: backport-0032-video-readers-jpeg-Do-not-permit-duplicate-SOF0-mark.patch
Patch282: backport-0033-kern-dl-Fix-for-an-integer-overflow-in-grub_dl_ref.patch
Patch283: backport-0034-fs-ext2-Rework-out-of-bounds-read-for-inline-and-external.patch
Patch284: backport-0035-kern-dl-Check-for-the-SHF_INFO_LINK-flag-in-grub_dl_.patch
Patch285: backport-0036-commands-extcmd-Missing-check-for-failed-allocation.patch
Patch286: backport-0037-commands-ls-Fix-NULL-dereference.patch
Patch287: backport-0038-commands-pgp-Unregister-the-check_signatures-hooks-o.patch
Patch288: backport-0039-normal-Remove-variables-hooks-on-module-unload.patch
Patch289: backport-0040-gettext-Remove-variables-hooks-on-module-unload.patch
Patch290: backport-0041-gettext-Integer-overflow-leads-to-heap-OOB-write-or-.patch
Patch291: backport-0042-gettext-Integer-overflow-leads-to-heap-OOB-write.patch
Patch292: backport-0043-commands-read-Fix-an-integer-overflow-when-supplying.patch
Patch293: backport-0044-commands-test-Stack-overflow-due-to-unlimited-recurs.patch
Patch294: backport-0045-commands-minicmd-Block-the-dump-command-in-lockdown-.patch
Patch295: backport-0046-commands-memrw-Disable-memory-reading-in-lockdown-mo.patch
Patch296: backport-0047-commands-hexdump-Disable-memory-reading-in-lockdown-.patch
Patch297: backport-0048-fs-bfs-Disable-under-lockdown.patch
Patch298: backport-0049-fs-Disable-many-filesystems-under-lockdown.patch
Patch299: backport-0050-disk-Use-safe-math-macros-to-prevent-overflows.patch
Patch300: backport-0051-disk-Prevent-overflows-when-allocating-memory-for-ar.patch
Patch301: backport-0052-disk-Check-if-returned-pointer-for-allocated-memory-.patch
Patch302: backport-0053-disk-ieee1275-ofdisk-Call-grub_ieee1275_close-when-g.patch
Patch303: backport-0054-fs-Use-safe-math-macros-to-prevent-overflows.patch
Patch304: backport-0055-fs-Prevent-overflows-when-allocating-memory-for-arra.patch
Patch305: backport-0056-fs-Prevent-overflows-when-assigning-returned-values-.patch
Patch306: backport-0057-fs-zfs-Use-safe-math-macros-to-prevent-overflows.patch
Patch307: backport-0058-fs-zfs-Prevent-overflows-when-allocating-memory-for-.patch
Patch308: backport-0059-fs-zfs-Check-if-returned-pointer-for-allocated-memor.patch
Patch309: backport-0060-fs-zfs-Add-missing-NULL-check-after-grub_strdup-call.patch
Patch310: backport-0061-net-Use-safe-math-macros-to-prevent-overflows.patch
Patch311: backport-0062-net-Prevent-overflows-when-allocating-memory-for-arr.patch
Patch312: backport-0063-net-Check-if-returned-pointer-for-allocated-memory-i.patch
Patch313: backport-0064-fs-sfs-Check-if-allocated-memory-is-NULL.patch
Patch314: backport-0065-script-execute-Fix-potential-underflow-and-NULL-dere.patch
Patch315: backport-0066-osdep-unix-getroot-Fix-potential-underflow.patch
Patch316: backport-0067-misc-Ensure-consistent-overflow-error-messages.patch
Patch317: backport-0068-bus-usb-ehci-Define-GRUB_EHCI_TOGGLE-as-grub_uint32_.patch
Patch318: backport-0069-normal-menu-Use-safe-math-to-avoid-an-integer-overfl.patch
Patch319: backport-0070-kern-partition-Add-sanity-check-after-grub_strtoul-c.patch
Patch320: backport-0071-kern-misc-Add-sanity-check-after-grub_strtoul-call.patch
Patch321: backport-0072-loader-i386-linux-Cast-left-shift-to-grub_uint32_t.patch
Patch322: backport-0073-loader-i386-bsd-Use-safe-math-to-avoid-underflow.patch
Patch323: sw64-Add-early-startup-code.patch
Patch324: sw64-Add-Linux-load-logic.patch
Patch325: sw64-Add-awareness-for-SW64-reloations.patch
Patch326: sw64-Add-auxiliary-files.patch
Patch327: sw64-Add-to-build-system.patch
Patch328: backport-fix-CVE-2024-56738.patch

65
grub2.spec
View File

@ -3,7 +3,11 @@
# Disable LTO
%global _lto_cflags %{nil}
# disable fortify level
%global _fortify_level 0
%undefine _hardened_build
%undefine _package_note_flags
%global tarversion 2.12
%if "0%{?product_family}" == "0"
@ -19,7 +23,7 @@
Name: grub2
Epoch: 1
Version: 2.12
Release: 31
Release: 40
Summary: Bootloader with support for Linux, Multiboot and more
License: GPLv3+
URL: http://www.gnu.org/software/grub/
@ -348,7 +352,6 @@ fi
%{_prefix}/lib/kernel/install.d/99-grub-mkconfig.install
%{_sysconfdir}/kernel/install.d/*.install
%dir %attr(0700,root,root) %{efi_esp_dir}
%{_datadir}/locale/*
%files tools
%defattr(-,root,root)
@ -461,6 +464,64 @@ fi
%{_datadir}/man/man*
%changelog
* Tue Apr 08 2025 Funda Wang <fundawang@yeah.net> - 1:2.12-40
- requirement
- CVE:NA
- SUG:NA
- DESC: Disable the .package_note awfulness
- DESC: drop duplicate list of locale files
* Thu Feb 20 2025 zhangqiumiao <zhangqiumiao1@huawei.com> - 1:2.12-39
- Type:CVE
- CVE:CVE-2024-56738
- SUG:NA
- DESC:fix CVE-2024-56738
* Mon Mar 10 2025 sunway_fw <sunway_fw@wxiat.com> - 1:2.12-38
- Type:requirement
- CVE:NA
- SUG:NA
- DESC: adds SW64 to the GRUB build system and various tools
* Mon Mar 10 2025 sunway_fw <sunway_fw@wxiat.com> - 1:2.12-37
- Type:requirement
- CVE:NA
- SUG:NA
- DESC:add helper functions of memory, cache, timer, etc support for SW64 arch
* Mon Mar 10 2025 sunway_fw <sunway_fw@wxiat.com> - 1:2.12-36
- Type:requirement
- CVE:NA
- SUG:NA
- DESC:add awareness of SW64 relocations throughout the grub tools and elf->PE relocation conversion support
* Mon Mar 10 2025 sunway_fw <sunway_fw@wxiat.com> - 1:2.12-35
- Type:requirement
- CVE:NA
- SUG:NA
- DESC:add support running Linux underneath as UEFI payload for SW64 arch
* Mon Mar 10 2025 sunway_fw <sunway_fw@wxiat.com> - 1:2.12-34
- Type:requirement
- CVE:NA
- SUG:NA
- DESC: add SW64 early startup code
* Thu Feb 20 2025 zhangqiumiao <zhangqiumiao1@huawei.com> - 1:2.12-33
- Type:CVE
- CVE:CVE-2024-45781,CVE-2024-45782,CVE-2024-56737,CVE-2024-45780,CVE-2024-45783,CVE-2024-49504,CVE-2025-0624,CVE-20
24-45774,CVE-2024-45775,CVE-2025-0622,CVE-2025-0622,CVE-2025-0622,CVE-2024-45776,CVE-2024-45777,CVE-2025-0690,CVE-20
25-1118,CVE-2024-45778,CVE-2024-45779,CVE-2025-0677,CVE-2025-0684,CVE-2025-0685,CVE-2025-0686,CVE-2025-0689,CVE-2025
-0678,CVE-2025-1125
- SUG:NA
- DESC:fix the vulnerabilities announced on February 18th, 2025
* Thu Feb 06 2025 Funda Wang <fundawang@yeah.net> - 1:2.12-32
- Type:requirement
- CVE:NA
- SUG:NA
- DESC:disable fortify level based on new settings of openEuler-rpm-config
* Mon Dec 23 2024 zhangqiumiao <zhangqiumiao1@huawei.com> - 1:2.12-31
- Type:bugfix
- CVE:NA

593
sw64-Add-Linux-load-logic.patch Normal file
View File

@ -0,0 +1,593 @@
From 6b08e04d1a8e52d0880140b83470c53bb0c8b566 Mon Sep 17 00:00:00 2001
From: sunway_fw <sunway_fw@wxiat.com>
Date: Tue, 18 Feb 2025 14:58:36 +0800
Subject: [PATCH 2/5] sw64: Add Linux load logic
We currently only support to run grub on SW64 as UEFI payload. Ideally,
we also only want to support running Linux underneath as UEFI payload.
Signed-off-by: sunway_fw <sunway_fw@wxiat.com>
---
grub-core/loader/sw64/efi/linux.c | 515 ++++++++++++++++++++++++++++++
include/grub/sw64/linux.h | 47 +++
2 files changed, 562 insertions(+)
create mode 100644 grub-core/loader/sw64/efi/linux.c
create mode 100644 include/grub/sw64/linux.h
diff --git a/grub-core/loader/sw64/efi/linux.c b/grub-core/loader/sw64/efi/linux.c
new file mode 100644
index 0000000..88db8ea
--- /dev/null
+++ b/grub-core/loader/sw64/efi/linux.c
@@ -0,0 +1,515 @@
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2018 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <grub/loader.h>
+#include <grub/file.h>
+#include <grub/disk.h>
+#include <grub/err.h>
+#include <grub/misc.h>
+#include <grub/types.h>
+#include <grub/command.h>
+#include <grub/dl.h>
+#include <grub/mm.h>
+#include <grub/cache.h>
+#include <grub/kernel.h>
+#include <grub/efi/api.h>
+#include <grub/efi/fdtload.h>
+#include <grub/efi/efi.h>
+#include <grub/elf.h>
+#include <grub/elfload.h>
+#include <grub/i18n.h>
+#include <grub/env.h>
+#include <grub/cpu/linux.h>
+#include <grub/cpu/pal.h>
+#include <grub/lib/cmdline.h>
+#include <grub/linux.h>
+#include <grub/fdt.h>
+#include <grub/efi/memory.h>
+
+GRUB_MOD_LICENSE ("GPLv3+");
+
+#pragma GCC diagnostic ignored "-Wcast-align"
+
+#define GRUB_EFI_SW64_FIRMWARE_INFO { 0xc47a23c3, 0xcebb, 0x4cc9, \
+ { 0xa5, 0xe2, 0xde, 0xd0, 0x8f, 0xe4, 0x20, 0xb5 } }
+
+#define GRUB_EFI_SW64_MEMORY_ATTRIBUTES { 0xdcfa911d, 0x26eb, 0x469f, \
+ { 0xa2, 0x20, 0x38, 0xb7, 0xdc, 0x46, 0x12, 0x20 } }
+
+#define SW64_EFI_FIRMWARE_INFO_SIGNATURE \
+ ('S' << 24 | 'H' << 16 | 'I' << 8 | 'F')
+
+static grub_dl_t my_mod;
+static int loaded;
+static char *linux_args;
+
+/* Initrd base and size. */
+static void *initrd_mem;
+static grub_efi_uintn_t initrd_pages;
+static grub_addr_t initrd_start;
+static grub_efi_uintn_t initrd_size;
+static grub_uint64_t linux_entry;
+
+struct sw64_firmware_info_head
+{
+ grub_uint32_t signature;
+ grub_uint32_t revision;
+ grub_uint32_t length;
+};
+
+struct sw64_firmware_info
+{
+ struct sw64_firmware_info_head firmware_info_head;
+ grub_uint32_t reserved;
+ grub_uint32_t need_boot_param;
+};
+
+void *raw_fdt;
+static struct boot_param *sunway_boot_params = (struct boot_param *)BOOT_PARAM_START;
+
+static grub_efi_uint32_t
+sw64_efi_get_boot_param (void)
+{
+ unsigned i;
+ struct sw64_firmware_info_head *firmware_info_head;
+ static grub_packed_guid_t info_guid = GRUB_EFI_SW64_FIRMWARE_INFO;
+
+ for (i = 0; i < grub_efi_system_table->num_table_entries; i++)
+ {
+ grub_packed_guid_t *guid =
+ (grub_packed_guid_t *)&grub_efi_system_table->configuration_table[i].vendor_guid;
+
+ if (! grub_memcmp (guid, &info_guid, sizeof (grub_packed_guid_t)))
+ {
+ firmware_info_head = grub_efi_system_table->configuration_table[i].vendor_table;
+ if (firmware_info_head->signature != SW64_EFI_FIRMWARE_INFO_SIGNATURE) {
+ grub_printf ("Get a legacy firmware info\n");
+ return 1;
+ }
+
+ if (firmware_info_head->revision == 1) {
+ return ((struct sw64_firmware_info *)firmware_info_head)->need_boot_param;
+ }
+ }
+ }
+ return 1;
+}
+
+static void
+sw64_efi_memattr_repair (void)
+{
+ unsigned i;
+ static grub_packed_guid_t info_guid = GRUB_EFI_SW64_MEMORY_ATTRIBUTES;
+
+ for (i = 0; i < grub_efi_system_table->num_table_entries; i++) {
+ grub_packed_guid_t *guid = (grub_packed_guid_t *)&grub_efi_system_table->configuration_table[i].vendor_guid;
+
+ if (! grub_memcmp (guid, &info_guid, sizeof (grub_packed_guid_t))) {
+ grub_efi_system_table->configuration_table[i].vendor_table = (void *)grub_virt_to_phys((grub_uint64_t)grub_efi_system_table->configuration_table[i].vendor_table);
+ }
+ }
+}
+
+typedef
+void
+(*jump_to_kernel) (
+ grub_uint64_t magic,
+ grub_uint64_t device_tree_base
+ );
+
+static grub_err_t
+finalize_params_linux (void)
+{
+ int retval;
+ int node;
+ grub_efi_uintn_t mmap_size;
+ grub_efi_uintn_t map_key;
+ grub_efi_uintn_t desc_size;
+ grub_efi_uint32_t desc_version;
+ grub_efi_memory_descriptor_t *mmap_buf;
+ grub_efi_uintn_t i;
+ grub_uint32_t bootargs_size;
+ const char *last_bootargs;
+ static char *temp_linux_args;
+
+ mmap_buf = 0;
+
+ raw_fdt = grub_fdt_load (GRUB_EFI_LINUX_FDT_EXTRA_SPACE);
+
+ if (!raw_fdt || grub_fdt_check_header_nosize(raw_fdt)) {
+ goto failure;
+ }
+
+ node = grub_fdt_find_subnode (raw_fdt, 0, "chosen");
+ if (node < 0)
+ node = grub_fdt_add_subnode (raw_fdt, 0, "chosen");
+
+ if (node < 1)
+ goto failure;
+
+ initrd_start = grub_virt_to_phys (initrd_start);
+
+ if (initrd_start) {
+ retval = grub_fdt_set_prop64 (raw_fdt, node, "linux,initrd-start", initrd_start);
+ if (retval)
+ goto failure;
+
+ retval = grub_fdt_set_prop64 (raw_fdt, node, "linux,initrd-end", initrd_start + initrd_size);
+ if (retval)
+ goto failure;
+ }
+
+ last_bootargs = grub_fdt_get_prop (raw_fdt, node, "bootargs", &bootargs_size);
+ if (last_bootargs && grub_strlen (last_bootargs) > 1) {
+ temp_linux_args = grub_malloc (grub_strlen (linux_args) + bootargs_size + 1);
+ if (!temp_linux_args)
+ {
+ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory in finalize_params_linux"));
+ goto failure;
+ }
+ grub_memcpy (temp_linux_args, last_bootargs, bootargs_size - 1);
+ *(temp_linux_args + bootargs_size - 1) = ' ';
+ grub_memcpy (temp_linux_args + bootargs_size, linux_args, grub_strlen (linux_args) + 1);
+ grub_free (linux_args);
+ linux_args = temp_linux_args;
+ }
+
+ retval = grub_fdt_set_prop (raw_fdt, node, "bootargs", linux_args, grub_strlen (linux_args) + 1);
+ if (retval)
+ goto failure;
+
+ retval = grub_fdt_set_prop64 (raw_fdt, node, "linux,uefi-system-table",
+ grub_virt_to_phys((grub_uint64_t)grub_efi_system_table));
+ if (retval)
+ goto failure;
+
+ mmap_size = grub_efi_find_mmap_size ();
+ if (! mmap_size)
+ goto failure;
+
+ mmap_buf = grub_efi_allocate_any_pages (GRUB_EFI_BYTES_TO_PAGES (mmap_size));
+ if (! mmap_buf)
+ goto failure;
+
+ grub_efi_finish_boot_services (&mmap_size, mmap_buf, &map_key, &desc_size, &desc_version);
+
+ retval = grub_fdt_set_prop64 (raw_fdt, node, "linux,uefi-mmap-start",
+ grub_virt_to_phys((grub_uint64_t)mmap_buf));
+
+ retval = grub_fdt_set_prop64 (raw_fdt, node, "linux,uefi-mmap-size", mmap_size);
+ if (retval)
+ goto failure_without_dprintf;
+
+ retval = grub_fdt_set_prop64 (raw_fdt, node, "linux,uefi-mmap-desc-size", desc_size);
+ if (retval)
+ goto failure_without_dprintf;
+
+ retval = grub_fdt_set_prop64 (raw_fdt, node, "linux,uefi-mmap-desc-ver", desc_version);
+ if (retval)
+ goto failure_without_dprintf;
+
+ for (i = 0; i < mmap_size / desc_size; i++) {
+ grub_efi_memory_descriptor_t *curdesc = (grub_efi_memory_descriptor_t *)
+ ((char *) mmap_buf + desc_size * i);
+
+ curdesc->physical_start = grub_virt_to_phys(curdesc->physical_start);
+ }
+
+ sw64_efi_memattr_repair();
+
+ return GRUB_ERR_NONE;
+
+failure:
+ grub_dprintf ("linux", "some wrong in finalize_params_linux\n");
+
+failure_without_dprintf:
+ grub_printf ("some wrong in finalize_params_linux\n");
+ raw_fdt = 0;
+ return GRUB_ERR_BAD_OS;
+}
+
+static grub_err_t
+legacy_finalize_params_linux (void)
+{
+ grub_efi_uintn_t mmap_size;
+ grub_efi_uintn_t map_key;
+ grub_efi_uintn_t desc_size;
+ grub_efi_uint32_t desc_version;
+ grub_efi_memory_descriptor_t *mmap_buf;
+ grub_err_t err;
+ grub_efi_uintn_t i;
+
+ /* Initrd. */
+ sunway_boot_params->initrd_start = (grub_uint64_t)initrd_start;
+ sunway_boot_params->initrd_size = (grub_uint64_t)initrd_size;
+
+ /* DTB. */
+ raw_fdt = grub_fdt_load (GRUB_EFI_LINUX_FDT_EXTRA_SPACE);
+
+ if (!raw_fdt)
+ {
+ sunway_boot_params->dtb_start = 0;
+ grub_dprintf ("linux", "not found registered FDT\n");
+ }
+
+ if (raw_fdt)
+ {
+ err = grub_fdt_check_header_nosize(raw_fdt);
+ if (err)
+ grub_dprintf ("linux", "illegal FDT file\n");
+
+ sunway_boot_params->dtb_start = (grub_uint64_t)raw_fdt;
+ grub_dprintf ("linux", "dtb: [addr=0x%lx, size=0x%x]\n",
+ (grub_uint64_t) raw_fdt, grub_fdt_get_totalsize(raw_fdt));
+ }
+
+ /* MDT.
+ Must be done after grub_machine_fini because map_key is used by
+ exit_boot_services. */
+ mmap_size = grub_efi_find_mmap_size ();
+ if (! mmap_size) {
+ grub_dprintf ("linux", "unable to get mmap_size\n");
+ return GRUB_ERR_BAD_OS;
+ }
+ mmap_buf = grub_efi_allocate_any_pages (GRUB_EFI_BYTES_TO_PAGES (mmap_size));
+ if (! mmap_buf) {
+ grub_dprintf ("linux", "cannot allocate memory map\n");
+ return GRUB_ERR_BAD_OS;
+ }
+ err = grub_efi_finish_boot_services (&mmap_size, mmap_buf, &map_key,
+ &desc_size, &desc_version);
+ for (i = 0; i < mmap_size / desc_size; i++)
+ {
+ grub_efi_memory_descriptor_t *curdesc = (grub_efi_memory_descriptor_t *)
+ ((char *) mmap_buf + desc_size * i);
+
+ curdesc->physical_start = grub_virt_to_phys(curdesc->physical_start);
+ }
+
+ sw64_efi_memattr_repair();
+
+ sunway_boot_params->command_line = (grub_uint64_t) linux_args;
+ sunway_boot_params->efi_systab = grub_virt_to_phys((grub_uint64_t)grub_efi_system_table);
+ sunway_boot_params->efi_memmap = grub_virt_to_phys((grub_uint64_t)mmap_buf);
+ sunway_boot_params->efi_memmap_size = mmap_size;
+ sunway_boot_params->efi_memdesc_size = desc_size;
+ sunway_boot_params->efi_memdesc_version = desc_version;
+
+ return GRUB_ERR_NONE;
+}
+static void
+start_kernel(void)
+{
+ local_irq_disable ();
+ grub_dprintf ("linux", "Jump to entry: %lx\n", linux_entry);
+
+ jump_to_kernel jump = (jump_to_kernel) linux_entry;
+ if (sw64_efi_get_boot_param()) {
+ jump (0, 0);
+ } else {
+ jump (0xdeed2024, (grub_uint64_t)raw_fdt);
+ }
+}
+
+static grub_err_t
+grub_linux_boot (void)
+{
+ if (sw64_efi_get_boot_param()) {
+ legacy_finalize_params_linux();
+ } else {
+ finalize_params_linux();
+ }
+
+ start_kernel ();
+ return GRUB_ERR_NONE;
+}
+
+static grub_err_t
+grub_linux_unload (void)
+{
+ grub_dl_unref (my_mod);
+ return GRUB_ERR_NONE;
+}
+
+static grub_err_t
+grub_load_elf64 (grub_elf_t elf, const char *filename)
+{
+ Elf64_Addr base_addr;
+ grub_size_t linux_size;
+ grub_uint64_t align;
+
+ if (elf->ehdr.ehdr64.e_ident[EI_MAG0] != ELFMAG0
+ || elf->ehdr.ehdr64.e_ident[EI_MAG1] != ELFMAG1
+ || elf->ehdr.ehdr64.e_ident[EI_MAG2] != ELFMAG2
+ || elf->ehdr.ehdr64.e_ident[EI_MAG3] != ELFMAG3
+ || elf->ehdr.ehdr64.e_ident[EI_DATA] != ELFDATA2LSB)
+ return grub_error(GRUB_ERR_UNKNOWN_OS,
+ N_("invalid arch-independent ELF magic"));
+
+ if (elf->ehdr.ehdr64.e_ident[EI_CLASS] != ELFCLASS64
+ || elf->ehdr.ehdr64.e_version != EV_CURRENT
+ || elf->ehdr.ehdr64.e_machine != EM_SW_64)
+ return grub_error (GRUB_ERR_UNKNOWN_OS,
+ N_("invalid arch-dependent ELF magic"));
+
+ if (elf->ehdr.ehdr64.e_type != ET_EXEC)
+ return grub_error (GRUB_ERR_UNKNOWN_OS,
+ N_("this ELF file is not of the right type"));
+
+ /* FIXME: Should we support program headers at strange locations? */
+ if (elf->ehdr.ehdr64.e_phoff + elf->ehdr.ehdr64.e_phnum * elf->ehdr.ehdr64.e_phentsize > GRUB_ELF_SEARCH)
+ return grub_error (GRUB_ERR_BAD_OS, "program header at a too high offset");
+
+ linux_size = grub_elf64_size (elf, &base_addr, &align);
+ if (linux_size == 0)
+ return grub_error (GRUB_ERR_BAD_OS, "linux size is 0");
+
+ linux_entry = (grub_uint64_t)elf->ehdr.ehdr64.e_entry;
+ grub_dprintf ("linux", "Segment phy_addr: %lx entry: %lx\n", (grub_uint64_t)base_addr,(grub_uint64_t)elf->ehdr.ehdr64.e_entry);
+
+ /* Now load the segments into the area we claimed. */
+ return grub_elf64_load (elf, filename, (void *) (grub_addr_t) (0), GRUB_ELF_LOAD_FLAGS_NONE, 0, 0);
+}
+
+static grub_err_t
+grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
+ int argc, char *argv[])
+{
+ grub_ssize_t size;
+ grub_elf_t elf = 0;
+
+ grub_dl_ref (my_mod);
+
+ grub_loader_unset ();
+
+ if (argc == 0)
+ {
+ grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected"));
+ goto fail;
+ }
+
+ elf = grub_elf_open (argv[0], GRUB_FILE_TYPE_LINUX_KERNEL);
+ if (! elf)
+ goto fail;
+
+ grub_dprintf ("linux", "Loading linux: %s\n", argv[0]);
+
+ if (grub_load_elf64 (elf, argv[0]))
+ goto fail;
+
+ grub_memset (sunway_boot_params, 0, sizeof(*sunway_boot_params));
+ size = grub_loader_cmdline_size(argc, argv);
+
+ linux_args = grub_malloc (size + sizeof (LINUX_IMAGE));
+ if (!linux_args)
+ {
+ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory"));
+ goto fail;
+ }
+
+ /* Create kernel command line. */
+ grub_memcpy (linux_args, LINUX_IMAGE, sizeof (LINUX_IMAGE));
+ grub_create_loader_cmdline (argc, argv, linux_args + sizeof (LINUX_IMAGE) - 1,
+ size, GRUB_VERIFY_KERNEL_CMDLINE);
+
+ grub_dprintf ("linux", "linux_args: '%s'\n", linux_args);
+ grub_errno = GRUB_ERR_NONE;
+
+ grub_loader_set (grub_linux_boot, grub_linux_unload, 0);
+
+ fail:
+ if (elf)
+ grub_elf_close (elf);
+
+ if (grub_errno != GRUB_ERR_NONE)
+ {
+ grub_dl_unref (my_mod);
+ loaded = 0;
+ }
+ else
+ loaded = 1;
+
+ return grub_errno;
+}
+
+static grub_err_t
+grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)),
+ int argc, char *argv[])
+{
+ struct grub_linux_initrd_context initrd_ctx = { 0, 0, 0 };
+
+ if (argc == 0)
+ {
+ grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected"));
+ goto fail;
+ }
+
+ if (! loaded)
+ {
+ grub_error (GRUB_ERR_BAD_ARGUMENT, N_("you need to load the kernel first"));
+ goto fail;
+ }
+
+ if (grub_initrd_init (argc, argv, &initrd_ctx))
+ goto fail;
+
+ initrd_size = grub_get_initrd_size (&initrd_ctx);
+ grub_dprintf ("linux", "Loading initrd %s\n", argv[0]);
+
+ initrd_pages = (GRUB_EFI_BYTES_TO_PAGES (initrd_size));
+ initrd_mem = grub_efi_allocate_any_pages (initrd_pages);
+ if (! initrd_mem)
+ {
+ grub_error (GRUB_ERR_OUT_OF_MEMORY, "cannot allocate pages");
+ goto fail;
+ }
+
+ grub_dprintf ("linux", "initrd: [addr=0x%lx, size=0x%lx]\n",
+ (grub_uint64_t) initrd_mem, initrd_size);
+
+ if (grub_initrd_load (&initrd_ctx, initrd_mem))
+ goto fail;
+
+ initrd_start = (grub_addr_t) initrd_mem;
+
+ fail:
+ grub_initrd_close (&initrd_ctx);
+ if (initrd_mem && !initrd_start)
+ grub_efi_free_pages ((grub_addr_t) initrd_mem, initrd_pages);
+
+ return grub_errno;
+}
+
+static grub_command_t cmd_linux, cmd_initrd;
+
+GRUB_MOD_INIT (linux)
+{
+ cmd_linux = grub_register_command ("linux", grub_cmd_linux,
+ N_("FILE [ARGS...]"), N_("Load Linux."));
+
+ cmd_initrd = grub_register_command ("initrd", grub_cmd_initrd,
+ N_("FILE"), N_("Load initrd."));
+
+ my_mod = mod;
+}
+
+GRUB_MOD_FINI (linux)
+{
+ grub_unregister_command (cmd_linux);
+ grub_unregister_command (cmd_initrd);
+}
diff --git a/include/grub/sw64/linux.h b/include/grub/sw64/linux.h
new file mode 100644
index 0000000..c4d0907
--- /dev/null
+++ b/include/grub/sw64/linux.h
@@ -0,0 +1,47 @@
+#ifndef GRUB_SW_H
+#define GRUB_SW_H 1
+#define PAGE_OFFSET 0xfff0000000000000UL
+#define KTEXT_OFFSET 0xffffffff80000000UL
+#define GRUB_PRINTK_START (PAGE_OFFSET | 0x800000)
+#define GRUB_PRINTK_SIZE (0x20000)
+#define BOOT_PARAM_START 0xfff000000090a100ULL
+
+#define GRUB_ELF_SEARCH 1024
+#define IPL_MIN 0
+#define IPL_MAX 7
+#define barrier() __asm__ __volatile__("": : :"memory")
+#define local_irq_disable() do { swpipl(IPL_MAX); barrier(); } while(0)
+#define local_irq_enable() do { barrier(); swpipl(IPL_MIN); } while(0)
+
+static inline
+grub_uint64_t
+grub_virt_to_phys(grub_uint64_t x)
+{
+ if (x >= KTEXT_OFFSET)
+ x -= KTEXT_OFFSET;
+ else if (x >= PAGE_OFFSET)
+ x -= PAGE_OFFSET;
+
+ return x;
+}
+
+struct boot_param
+{
+ grub_uint64_t initrd_start; /* logical address of initrd */
+ grub_uint64_t initrd_size; /* size of initrd */
+ grub_uint64_t dtb_start; /* logical address of dtb */
+ grub_uint64_t efi_systab; /* logical address of EFI system table */
+ grub_uint64_t efi_memmap; /* logical address of EFI memory map */
+ grub_uint64_t efi_memmap_size; /* size of EFI memory map */
+ grub_uint64_t efi_memdesc_size; /* size of an EFI memory map descriptor */
+ grub_uint64_t efi_memdesc_version; /* memory descriptor version */
+ grub_uint64_t command_line; /* logical address of cmdline */
+};
+
+struct linux_sw64_kernel_header
+{
+};
+
+#define linux_arch_kernel_header linux_sw64_kernel_header
+
+#endif
--
2.33.0

1797
sw64-Add-auxiliary-files.patch Normal file
View File

File diff suppressed because it is too large Load Diff

557
sw64-Add-awareness-for-SW64-reloations.patch Normal file
View File

@ -0,0 +1,557 @@
From aebda5e118748d819291f21fc11d5cc8f20de2bb Mon Sep 17 00:00:00 2001
From: sunway_fw <sunway_fw@wxiat.com>
Date: Tue, 18 Feb 2025 15:13:24 +0800
Subject: [PATCH 3/5] sw64: Add awareness for SW64 reloations
This patch adds awareness of SW64 relocations throughout the grub tools
as well as dynamic linkage and elf->PE relocation conversion support.
Signed-off-by: sunway_fw <sunway_fw@wxiat.com>
---
grub-core/kern/sw64/dl.c | 214 ++++++++++++++++++++++++++++++++++++
include/grub/dl.h | 16 ++-
include/grub/elf.h | 39 +++++++
util/grub-mkimagexx.c | 146 +++++++++++++++++++++++-
util/grub-module-verifier.c | 18 +++
5 files changed, 430 insertions(+), 3 deletions(-)
create mode 100644 grub-core/kern/sw64/dl.c
diff --git a/grub-core/kern/sw64/dl.c b/grub-core/kern/sw64/dl.c
new file mode 100644
index 0000000..8e3cac2
--- /dev/null
+++ b/grub-core/kern/sw64/dl.c
@@ -0,0 +1,214 @@
+/* dl.c - arch-dependent part of loadable module support */
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2018 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <grub/dl.h>
+#include <grub/elf.h>
+#include <grub/misc.h>
+#include <grub/err.h>
+#include <grub/mm.h>
+#include <grub/i18n.h>
+#include <grub/elf.h>
+
+/*
+ * Check if EHDR is a valid ELF header.
+ */
+grub_err_t
+grub_arch_dl_check_header (void *ehdr)
+{
+ Elf_Ehdr *e = ehdr;
+
+ /* Check the magic numbers. */
+ if (e->e_ident[EI_DATA] != ELFDATA2LSB || e->e_machine != EM_SW_64)
+ return grub_error (GRUB_ERR_BAD_OS,
+ N_("invalid arch-dependent ELF magic"));
+
+ return GRUB_ERR_NONE;
+}
+
+#pragma GCC diagnostic ignored "-Wcast-align"
+
+/* Relocate symbols. */
+grub_err_t
+grub_arch_dl_relocate_symbols (grub_dl_t mod, void *ehdr,
+ Elf_Shdr *s, grub_dl_segment_t seg)
+{
+ Elf_Rela *rel, *max;
+ grub_uint64_t *gpptr, *gotptr;
+
+ gotptr = (grub_uint64_t *) mod->got;
+ gpptr = (grub_uint64_t *) ((grub_uint64_t) mod->got + 0x8000);
+
+ for (rel = (Elf_Rela *) ((char *) ehdr + s->sh_offset),
+ max = (Elf_Rela *) ((char *) rel + s->sh_size);
+ rel < max;
+ rel = (Elf_Rela *) ((char *) rel + s->sh_entsize))
+ {
+ grub_addr_t addr;
+ Elf_Sym *sym;
+ grub_uint64_t value;
+
+ if (seg->size < (rel->r_offset & ~3))
+ return grub_error (GRUB_ERR_BAD_MODULE,
+ "reloc offset is out of the segment");
+
+ addr = (grub_addr_t) seg->addr + rel->r_offset;
+ sym = (Elf_Sym *) ((char *) mod->symtab
+ + mod->symsize * ELF_R_SYM (rel->r_info));
+
+ /* On the PPC the value does not have an explicit
+ addend, add it. */
+ value = sym->st_value + rel->r_addend;
+
+ switch (ELF_R_TYPE (rel->r_info))
+ {
+ case R_SW64_NONE:
+ break;
+ case R_SW64_REFLONG:
+ *(grub_uint32_t *)addr = value;
+ break;
+ case R_SW64_REFQUAD:
+ {
+ *(grub_uint32_t *)addr = value;
+ *((grub_uint32_t *)addr + 1) = value >> 32;
+ break;
+ }
+ case R_SW64_GPREL32:
+ {
+ value -= (grub_uint64_t)gpptr;
+ if ((grub_int32_t)value != value)
+ return grub_error (GRUB_ERR_BAD_MODULE,
+ "R_SW64_GPREL32 relocation out of range");
+ *(grub_uint32_t *) addr = value;
+ break;
+ }
+ case R_SW64_LITERAL:
+ {
+ grub_uint64_t li_hi;
+ grub_uint64_t li_lo;
+
+ li_hi = (grub_uint64_t) gotptr + (((grub_uint64_t)ELF_R_TYPE(rel->r_info)) >> 8 );
+ li_lo = li_hi - ((grub_uint64_t) gpptr);
+ if ((grub_int16_t)li_lo != li_lo)
+ return grub_error (GRUB_ERR_BAD_MODULE,
+ "R_SW64_LITERAL relocation out of range");
+
+ *(grub_uint16_t *) addr = (li_lo & 0xffff);
+ *(grub_uint64_t *) (li_hi) = value;
+ gotptr++;
+ break;
+ }
+ case R_SW64_LITERAL_GOT:
+ break;
+ case R_SW64_LITUSE:
+ break;
+ case R_SW64_GPDISP:
+ {
+ grub_uint64_t hi;
+ grub_uint64_t lo;
+ grub_uint64_t gpoffset = (grub_int64_t)gpptr - addr;
+ lo = (grub_int16_t) gpoffset;
+ hi = (grub_int32_t) (gpoffset - lo);
+ if (hi + lo != gpoffset)
+ return grub_error (GRUB_ERR_BAD_MODULE,
+ "R_SW64_GPDISP relocation out of range");
+
+ if (gpoffset & 0x8000) {
+ hi = ((gpoffset + 0x8000) >> 16) & 0xffff;
+ lo = gpoffset & 0xffff;
+ } else {
+ hi = (gpoffset >> 16) & 0xffff;
+ lo = gpoffset & 0xffff;
+ }
+
+ *(grub_uint32_t *) addr = ( *(grub_uint32_t *)addr & 0xffff0000) | (hi & 0xffff);
+ *(grub_uint32_t *) ((unsigned long)addr + rel->r_addend) =
+ (((*(grub_uint32_t *)((unsigned long)addr + rel->r_addend)) & 0xffff0000) | (lo & 0xffff));
+ break;
+ }
+ case R_SW64_BRADDR:
+ {
+ grub_uint64_t braddr = (*(grub_uint64_t *)addr) + value - ((grub_uint64_t)addr + 4);
+ braddr = (grub_int64_t)braddr >> 2;
+ if (braddr + (1<<21) >= 1<<21)
+ return grub_error (GRUB_ERR_BAD_MODULE,
+ "R_SW64_BRADDR relocation out of range");
+
+ *(grub_uint32_t *) addr = (*(grub_uint32_t *)addr & (~0x1fffff)) | (braddr & 0x1fffff);
+ break;
+ }
+ case R_SW64_HINT:
+ break;
+ case R_SW64_SREL32:
+ {
+ value -= (grub_uint64_t)addr;
+ if ((grub_int32_t)value != value)
+ return grub_error (GRUB_ERR_BAD_MODULE,
+ "R_SW64_SREL32 relocation out of range");
+
+ *(grub_uint32_t *) addr = value;
+ break;
+ }
+ case R_SW64_SREL64:
+ {
+ grub_uint64_t srel64 = *(grub_uint64_t *)addr + value;;
+ srel64 -= (grub_uint64_t)addr;
+ *(grub_uint64_t *) addr = srel64;
+ break;
+ }
+ case R_SW64_GPRELHIGH:
+ {
+ grub_uint64_t gprel_hi = (grub_int64_t)(value - (grub_uint64_t)gpptr);
+
+ if (gprel_hi & 0x8000)
+ gprel_hi = (grub_int64_t)(((grub_int64_t)gprel_hi + 0x8000) >> 16);
+ else
+ gprel_hi = (grub_int64_t)gprel_hi >> 16;
+
+ if ((grub_int16_t)gprel_hi != gprel_hi)
+ return grub_error (GRUB_ERR_BAD_MODULE,
+ "GPRELHIGH out of range\n");
+
+ *(grub_uint32_t *) addr = (*(grub_uint32_t *)addr & 0xffff0000) | (gprel_hi & 0xffff);
+ break;
+ }
+ case R_SW64_GPRELLOW:
+ {
+ grub_uint64_t gprel_lo = value - (grub_uint64_t)gpptr;
+ *(grub_uint32_t *) addr = (*(grub_uint32_t *)addr & 0xffff0000) | (gprel_lo & 0xffff);
+ break;
+ }
+ case R_SW64_GPREL16:
+ {
+ grub_uint64_t gprel16 = (*(grub_uint64_t *)addr + value);
+ gprel16 = (grub_uint64_t)(gprel16 - (grub_uint64_t)gpptr);
+ if ((grub_int16_t)gprel16 != gprel16)
+ return grub_error (GRUB_ERR_BAD_MODULE,
+ "R_SW64_GPREL16 relocation out of range");
+ *(grub_uint16_t *) addr = gprel16;
+ break;
+ }
+ default:
+ return grub_error (GRUB_ERR_NOT_IMPLEMENTED_YET,
+ N_("relocation 0x%lx is not implemented yet"),
+ ELF_R_TYPE (rel->r_info));
+ }
+ }
+
+ return GRUB_ERR_NONE;
+}
diff --git a/include/grub/dl.h b/include/grub/dl.h
index c5ab18c..a4cb287 100644
--- a/include/grub/dl.h
+++ b/include/grub/dl.h
@@ -292,17 +292,31 @@ grub_err_t
grub_arm64_dl_get_tramp_got_size (const void *ehdr, grub_size_t *tramp,
grub_size_t *got);
+#if defined (__sw_64__)
+#define GRUB_SW64_DL_TRAMP_ALIGN 16
+#define GRUB_SW64_DL_GOT_ALIGN 16
+
+grub_err_t
+grub_sw64_dl_get_tramp_got_size (const void *ehdr, grub_size_t *tramp,
+ grub_size_t *got);
+#endif
+
#if defined (__ia64__)
#define GRUB_ARCH_DL_TRAMP_ALIGN GRUB_IA64_DL_TRAMP_ALIGN
#define GRUB_ARCH_DL_GOT_ALIGN GRUB_IA64_DL_GOT_ALIGN
#define grub_arch_dl_get_tramp_got_size grub_ia64_dl_get_tramp_got_size
#elif defined (__aarch64__)
#define grub_arch_dl_get_tramp_got_size grub_arm64_dl_get_tramp_got_size
+#elif defined (__sw_64__)
+#define GRUB_ARCH_DL_TRAMP_ALIGN GRUB_SW64_DL_TRAMP_ALIGN
+#define GRUB_ARCH_DL_GOT_ALIGN GRUB_SW64_DL_GOT_ALIGN
+#define grub_arch_dl_get_tramp_got_size grub_sw64_dl_get_tramp_got_size
#else
grub_err_t
grub_arch_dl_get_tramp_got_size (const void *ehdr, grub_size_t *tramp,
grub_size_t *got);
#endif
+#endif
#if defined (__powerpc__) || defined (__mips__) || defined (__arm__) || \
(defined(__riscv) && (__riscv_xlen == 32))
@@ -317,6 +331,4 @@ grub_arch_dl_get_tramp_got_size (const void *ehdr, grub_size_t *tramp,
#define GRUB_ARCH_DL_GOT_ALIGN 8
#endif
-#endif
-
#endif /* ! GRUB_DL_H */
diff --git a/include/grub/elf.h b/include/grub/elf.h
index bd313a7..2af59fe 100644
--- a/include/grub/elf.h
+++ b/include/grub/elf.h
@@ -259,6 +259,7 @@ typedef struct
chances of collision with official or non-GNU unofficial values. */
#define EM_ALPHA 0x9026
+#define EM_SW_64 0x9916
/* Legal values for e_version (version). */
@@ -2537,6 +2538,44 @@ typedef Elf32_Addr Elf32_Conflict;
#define R_RISCV_SET32 56
#define R_RISCV_32_PCREL 57
+/*
+ * SW-64 ELF relocation types
+ */
+#define R_SW64_NONE 0 /* No reloc */
+#define R_SW64_REFLONG 1 /* Direct 32 bit */
+#define R_SW64_REFQUAD 2 /* Direct 64 bit */
+#define R_SW64_GPREL32 3 /* GP relative 32 bit */
+#define R_SW64_LITERAL 4 /* GP relative 16 bit w/optimization */
+#define R_SW64_LITUSE 5 /* Optimization hint for LITERAL */
+#define R_SW64_GPDISP 6 /* Add displacement to GP */
+#define R_SW64_BRADDR 7 /* PC+4 relative 23 bit shifted */
+#define R_SW64_HINT 8 /* PC+4 relative 16 bit shifted */
+#define R_SW64_SREL16 9 /* PC relative 16 bit */
+#define R_SW64_SREL32 10 /* PC relative 32 bit */
+#define R_SW64_SREL64 11 /* PC relative 64 bit */
+#define R_SW64_GPRELHIGH 17 /* GP relative 32 bit, high 16 bits */
+#define R_SW64_GPRELLOW 18 /* GP relative 32 bit, low 16 bits */
+#define R_SW64_GPREL16 19 /* GP relative 16 bit */
+#define R_SW64_COPY 24 /* Copy symbol at runtime */
+#define R_SW64_GLOB_DAT 25 /* Create GOT entry */
+#define R_SW64_JMP_SLOT 26 /* Create PLT entry */
+#define R_SW64_RELATIVE 27 /* Adjust by program base */
+#define R_SW64_BRSGP 28
+#define R_SW64_TLSGD 29
+#define R_SW64_TLS_LDM 30
+#define R_SW64_DTPMOD64 31
+#define R_SW64_GOTDTPREL 32
+#define R_SW64_DTPREL64 33
+#define R_SW64_DTPRELHI 34
+#define R_SW64_DTPRELLO 35
+#define R_SW64_DTPREL16 36
+#define R_SW64_GOTTPREL 37
+#define R_SW64_TPREL64 38
+#define R_SW64_TPRELHI 39
+#define R_SW64_TPRELLO 40
+#define R_SW64_TPREL16 41
+#define R_SW64_LITERAL_GOT 43
+
/* LoongArch relocations */
#define R_LARCH_NONE 0
#define R_LARCH_64 2
diff --git a/util/grub-mkimagexx.c b/util/grub-mkimagexx.c
index 9488f05..f327e26 100644
--- a/util/grub-mkimagexx.c
+++ b/util/grub-mkimagexx.c
@@ -819,8 +819,14 @@ SUFFIX (relocate_addrs) (Elf_Ehdr *e, struct section_metadata *smd,
Elf_Half i;
Elf_Shdr *s;
#ifdef MKIMAGE_ELF64
+ grub_uint64_t got_offset = 0;
+
struct grub_ia64_trampoline *tr = (void *) (pe_target + tramp_off);
grub_uint64_t *gpptr = (void *) (pe_target + got_off);
+ if (image_target->elf_target == EM_SW_64) {
+ got_offset = got_off;
+ gpptr = (void *) (pe_target + got_offset + 0x8000);
+ }
unsigned unmatched_adr_got_page = 0;
struct grub_loongarch64_stack stack;
grub_loongarch64_stack_init (&stack);
@@ -1163,6 +1169,119 @@ SUFFIX (relocate_addrs) (Elf_Ehdr *e, struct section_metadata *smd,
}
break;
}
+ case EM_SW_64:
+ {
+ sym_addr += addend;
+ switch (ELF_R_TYPE (info))
+ {
+ case R_SW64_NONE:
+ break;
+ case R_SW64_REFLONG:
+ *(grub_uint32_t *)target = grub_host_to_target32 (sym_addr);
+ break;
+ case R_SW64_REFQUAD:
+ {
+ *(grub_uint32_t *)target = grub_host_to_target32(sym_addr);
+ *((grub_uint32_t *)target + 1) = grub_host_to_target32(sym_addr >> 32);
+ break;
+ }
+ case R_SW64_GPREL32:
+ {
+ *(grub_uint32_t *) target = (grub_host_to_target64 (sym_addr) -
+ ((char *) gpptr - (char *)pe_target + image_target->vaddr_offset )) & 0xffffffff;
+ break;
+ }
+ case R_SW64_LITERAL:
+ {
+ grub_uint64_t li_hi;
+ grub_uint64_t li_lo;
+
+ li_hi = (grub_uint64_t)pe_target + got_offset + (((grub_uint64_t)ELF_R_TYPE(r->r_info)) >> 8 );
+ li_lo = li_hi - ((grub_uint64_t) gpptr);
+ *(grub_uint16_t *) target = (li_lo & 0xffff);
+ *(grub_uint64_t *) (li_hi) = grub_host_to_target64(grub_host_to_target64 (sym_addr));
+ got_offset += 8;
+ break;
+ }
+ case R_SW64_LITERAL_GOT:
+ break;
+ case R_SW64_LITUSE:
+ break;
+ case R_SW64_GPDISP:
+ {
+ grub_uint64_t hi;
+ grub_uint64_t lo;
+ grub_int64_t gpoffset = (((char *) gpptr - (char *) pe_target + image_target->vaddr_offset))
+ - ((offset + target_section_addr + image_target->vaddr_offset));
+ if (gpoffset & 0x8000) {
+ hi = ((gpoffset + 0x8000) >> 16) & 0xffff;
+ lo = gpoffset & 0xffff;
+ } else {
+ hi = (gpoffset >> 16) & 0xffff;
+ lo = gpoffset & 0xffff;
+ }
+ *(grub_uint32_t *) target = grub_host_to_target32 ((grub_target_to_host32 (*target) & 0xffff0000) | (hi & 0xffff));
+ *(grub_uint32_t *) ((unsigned long)target + addend) =
+ grub_host_to_target32 ((grub_target_to_host32 (*(grub_uint32_t *)
+ ((unsigned long)target + addend)) & 0xffff0000) | (lo & 0xffff));
+ break;
+
+ }
+ case R_SW64_BRADDR:
+ {
+ grub_uint64_t braddr = grub_host_to_target64 (grub_target_to_host64 (*target) + sym_addr) - ((grub_uint64_t)target + 4);
+ braddr = braddr >> 2;
+ *(grub_uint32_t *) target = (*(grub_uint32_t *)target & (~0x1fffff)) | (braddr & 0x1fffff);
+ break;
+ }
+ case R_SW64_HINT:
+ break;
+ case R_SW64_SREL32:
+ {
+ grub_uint64_t srel32 = grub_host_to_target64 (grub_target_to_host64 (*target) + sym_addr);
+ srel32 -= (grub_uint64_t)target;
+ *(grub_uint32_t *) target = srel32;
+ break;
+ }
+ case R_SW64_SREL64:
+ {
+ grub_uint64_t srel64 = grub_host_to_target64 (grub_target_to_host64 (*target) + sym_addr);
+ srel64 -= (grub_uint64_t)target;
+ *(grub_uint64_t *) target = srel64;
+ break;
+ }
+ case R_SW64_GPRELHIGH:
+ {
+ grub_uint64_t gprel_hi = ((grub_host_to_target64 (sym_addr) - (((char *) gpptr - (char *)pe_target + image_target->vaddr_offset) + 0x0)));
+
+ if (gprel_hi & 0x8000)
+ gprel_hi = ((gprel_hi + 0x8000) >> 16) & 0xffff;
+ else
+ gprel_hi = (gprel_hi >> 16) & 0xffff;
+
+ *(grub_uint32_t *) target = grub_host_to_target32 ((grub_target_to_host32 (*target) & 0xffff0000) | (gprel_hi & 0xffff));
+ break;
+ }
+ case R_SW64_GPRELLOW:
+ {
+ grub_uint64_t gprel_lo = (grub_host_to_target64 (sym_addr) - ((char *) gpptr - (char *)pe_target + image_target->vaddr_offset));
+ *(grub_uint32_t *) target = grub_host_to_target32 ((grub_target_to_host32 (*target) & 0xffff0000) | (gprel_lo & 0xffff));
+ break;
+ }
+ case R_SW64_GPREL16:
+ {
+ grub_uint64_t gprel16 = grub_host_to_target64 (grub_target_to_host64 (*target) + sym_addr);
+ gprel16 = (grub_uint64_t)(gprel16 - (grub_uint64_t)gpptr);
+ *(grub_uint16_t *) target = gprel16;
+ break;
+ }
+ default:
+ grub_util_error (_("relocation 0x%lx is not implemented yet"),
+ ELF_R_TYPE (info));
+ break;
+ }
+ break;
+ }
case EM_LOONGARCH:
{
grub_int64_t pc;
@@ -1700,6 +1819,19 @@ translate_relocation_pe (struct translate_context *ctx,
image_target);
}
break;
+ case EM_SW_64:
+ if (ELF_R_TYPE (info) == R_SW64_REFQUAD)
+ {
+ grub_util_info ("adding a relocation entry for 0x%llx",
+ (unsigned long long) addr);
+ ctx->current_address
+ = add_fixup_entry (&ctx->lst,
+ GRUB_PE32_REL_BASED_DIR64,
+ addr,
+ 0, ctx->current_address,
+ image_target);
+ }
+ break;
case EM_IA_64:
switch (ELF_R_TYPE (info))
{
@@ -2181,7 +2313,8 @@ make_reloc_section (Elf_Ehdr *e, struct grub_mkimage_layout *layout,
+ image_target->vaddr_offset,
2 * layout->ia64jmpnum,
image_target);
- if (image_target->elf_target == EM_IA_64 || image_target->elf_target == EM_AARCH64)
+ if (image_target->elf_target == EM_IA_64 || image_target->elf_target == EM_AARCH64 ||
+ image_target->elf_target == EM_SW_64)
create_u64_fixups (&ctx,
layout->got_off
+ image_target->vaddr_offset,
@@ -2550,6 +2683,17 @@ SUFFIX (grub_mkimage_load_image) (const char *kernel_path,
grub_arm64_dl_get_tramp_got_size (e, &tramp, &layout->got_size);
+ layout->got_off = layout->kernel_size;
+ layout->kernel_size += ALIGN_UP (layout->got_size, 16);
+ }
+ else if (image_target->elf_target == EM_SW_64)
+ {
+ grub_size_t tramp;
+
+ layout->kernel_size = ALIGN_UP (layout->kernel_size, 16);
+
+ grub_sw64_dl_get_tramp_got_size (e, &tramp, &layout->got_size);
+
layout->got_off = layout->kernel_size;
layout->kernel_size += ALIGN_UP (layout->got_size, 16);
}
diff --git a/util/grub-module-verifier.c b/util/grub-module-verifier.c
index 91d9e8f..37fd0f6 100644
--- a/util/grub-module-verifier.c
+++ b/util/grub-module-verifier.c
@@ -209,6 +209,24 @@ struct grub_module_verifier_arch archs[] = {
-1
}
},
+ { "sw64", 8, 0, EM_SW_64, GRUB_MODULE_VERIFY_SUPPORTS_REL | GRUB_MODULE_VERIFY_SUPPORTS_RELA, (int[]){
+ R_SW64_NONE,
+ R_SW64_REFQUAD,
+ R_SW64_GPREL32,
+ R_SW64_LITERAL,
+ R_SW64_LITERAL_GOT,
+ R_SW64_LITUSE,
+ R_SW64_GPDISP,
+ R_SW64_BRSGP,
+ R_SW64_BRADDR,
+ R_SW64_HINT,
+ R_SW64_SREL32,
+ R_SW64_SREL64,
+ R_SW64_GPRELHIGH,
+ R_SW64_GPRELLOW,
+ R_SW64_GPREL16,
+ -1
+ } },
};
struct platform_whitelist {
--
2.33.0

59
sw64-Add-early-startup-code.patch Normal file
View File

@ -0,0 +1,59 @@
From d8825597e923d22c8f901c63a51ffd8253eb427d Mon Sep 17 00:00:00 2001
From: sunway_fw <sunway_fw@wxiat.com>
Date: Tue, 18 Feb 2025 14:50:17 +0800
Subject: [PATCH 1/5] sw64: Add early startup code
On entry, we need to save the system table pointer as well as our image
handle. Add an early startup file that saves them and then brings us
into our main function.
Signed-off-by: sunway_fw <sunway_fw@wxiat.com>
---
grub-core/kern/sw64/efi/startup.S | 35 +++++++++++++++++++++++++++++++
1 file changed, 35 insertions(+)
create mode 100644 grub-core/kern/sw64/efi/startup.S
diff --git a/grub-core/kern/sw64/efi/startup.S b/grub-core/kern/sw64/efi/startup.S
new file mode 100644
index 0000000..8143f75
--- /dev/null
+++ b/grub-core/kern/sw64/efi/startup.S
@@ -0,0 +1,35 @@
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2018 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <grub/symbol.h>
+#include <grub/sw64/regdef.h>
+
+ .file "startup.S"
+ .text
+FUNCTION(_start)
+ /*
+ * EFI_SYSTEM_TABLE and EFI_HANDLE are passed in a1/a0.
+ */
+ ldih $29,0($27) !gpdisp!1
+ ldi $29,0($29) !gpdisp!1
+ ldi $20, EXT_C(grub_efi_image_handle)
+ stl a0, 0($20)
+ ldi $20, EXT_C(grub_efi_system_table)
+ stl a1, 0($20)
+ call $31, grub_main
+ ret
--
2.33.0

516
sw64-Add-to-build-system.patch Normal file
View File

@ -0,0 +1,516 @@
From 3c31404703e92f675a71ab83bfb1e5c6f27e9070 Mon Sep 17 00:00:00 2001
From: sunway_fw <sunway_fw@wxiat.com>
Date: Tue, 18 Feb 2025 15:59:36 +0800
Subject: [PATCH 5/5] sw64: Add to build system
This patch adds SW64 to the GRUB build system and various tools, so GRUB
can be built on SW64 as a UEFI application.
Signed-off-by: sunway_fw <sunway_fw@wxiat.com>
---
Makefile.util.def | 1 +
conf/Makefile.common | 3 +++
configure.ac | 4 ++++
gentpl.py | 8 +++++---
grub-core/Makefile.am | 7 +++++++
grub-core/Makefile.core.def | 18 ++++++++++++++++++
grub-core/commands/file.c | 11 ++++++++++-
grub-core/kern/compiler-rt.c | 2 +-
grub-core/lib/setjmp.S | 2 ++
include/grub/compiler-rt.h | 2 +-
include/grub/efi/pe32.h | 1 +
include/grub/util/install.h | 1 +
util/grub-install-common.c | 1 +
util/grub-install.c | 16 ++++++++++++++++
util/grub-mknetdir.c | 1 +
util/grub-mkrescue.c | 10 ++++++++--
util/mkimage.c | 16 ++++++++++++++++
17 files changed, 96 insertions(+), 8 deletions(-)
diff --git a/Makefile.util.def b/Makefile.util.def
index ae3df11..aef0613 100644
--- a/Makefile.util.def
+++ b/Makefile.util.def
@@ -148,6 +148,7 @@ library = {
common = grub-core/kern/arm/dl_helper.c;
common = grub-core/kern/arm64/dl_helper.c;
common = grub-core/kern/loongarch64/dl_helper.c;
+ common = grub-core/kern/sw64/dl_helper.c;
common = grub-core/lib/minilzo/minilzo.c;
common = grub-core/lib/xzembed/xz_dec_bcj.c;
common = grub-core/lib/xzembed/xz_dec_lzma2.c;
diff --git a/conf/Makefile.common b/conf/Makefile.common
index b8f216f..f3ab6b9 100644
--- a/conf/Makefile.common
+++ b/conf/Makefile.common
@@ -23,6 +23,9 @@ endif
if COND_HAVE_PCI
CFLAGS_PLATFORM += -DGRUB_HAS_PCI
endif
+if COND_sw_64_efi
+ CFLAGS_PLATFORM += -Wno-packed-not-aligned -Wno-cast-align -Wno-sign-compare
+endif
# Other options
diff --git a/configure.ac b/configure.ac
index 96f4f5e..89626d3 100644
--- a/configure.ac
+++ b/configure.ac
@@ -151,6 +151,7 @@ case "$target_cpu" in
;;
riscv32*) target_cpu=riscv32 ;;
riscv64*) target_cpu=riscv64 ;;
+ sw_64*) target_cpu=sw64;;
esac
# Specify the platform (such as firmware).
@@ -177,6 +178,7 @@ if test "x$with_platform" = x; then
loongarch64-*) platform=efi;;
riscv32-*) platform=efi ;;
riscv64-*) platform=efi ;;
+ sw64-*) platform=efi ;;
*)
AC_MSG_WARN([unsupported CPU: "$target_cpu" - only building utilities])
platform=none
@@ -228,6 +230,7 @@ case "$target_cpu"-"$platform" in
loongarch64-efi) ;;
riscv32-efi) ;;
riscv64-efi) ;;
+ sw64-efi) ;;
*-emu) ;;
*-none) ;;
*) AC_MSG_ERROR([platform "$platform" is not supported for target CPU "$target_cpu"]) ;;
@@ -2192,6 +2195,7 @@ AM_CONDITIONAL([COND_riscv32], [test x$target_cpu = xriscv32 ])
AM_CONDITIONAL([COND_riscv64], [test x$target_cpu = xriscv64 ])
AM_CONDITIONAL([COND_riscv32_efi], [test x$target_cpu = xriscv32 -a x$platform = xefi])
AM_CONDITIONAL([COND_riscv64_efi], [test x$target_cpu = xriscv64 -a x$platform = xefi])
+AM_CONDITIONAL([COND_sw_64_efi], [test x$target_cpu = xsw64 -a x$platform = xefi])
AM_CONDITIONAL([COND_sparc64_ieee1275], [test x$target_cpu = xsparc64 -a x$platform = xieee1275])
AM_CONDITIONAL([COND_sparc64_emu], [test x$target_cpu = xsparc64 -a x$platform = xemu])
AM_CONDITIONAL([COND_x86_64_efi], [test x$target_cpu = xx86_64 -a x$platform = xefi])
diff --git a/gentpl.py b/gentpl.py
index 3dc607c..af6ce15 100644
--- a/gentpl.py
+++ b/gentpl.py
@@ -32,7 +32,8 @@ GRUB_PLATFORMS = [ "emu", "i386_pc", "i386_efi", "i386_qemu", "i386_coreboot",
"mips_loongson", "sparc64_ieee1275",
"powerpc_ieee1275", "mips_arc", "ia64_efi",
"mips_qemu_mips", "arm_uboot", "arm_efi", "arm64_efi",
- "arm_coreboot", "loongarch64_efi", "riscv32_efi", "riscv64_efi" ]
+ "arm_coreboot", "loongarch64_efi", "riscv32_efi", "riscv64_efi",
+ "sw_64_efi" ]
GROUPS = {}
@@ -50,10 +51,11 @@ GROUPS["arm64"] = [ "arm64_efi" ]
GROUPS["loongarch64"] = [ "loongarch64_efi" ]
GROUPS["riscv32"] = [ "riscv32_efi" ]
GROUPS["riscv64"] = [ "riscv64_efi" ]
+GROUPS["sw_64"] = [ "sw_64_efi" ]
# Groups based on firmware
GROUPS["efi"] = [ "i386_efi", "x86_64_efi", "ia64_efi", "arm_efi", "arm64_efi",
- "loongarch64_efi", "riscv32_efi", "riscv64_efi" ]
+ "loongarch64_efi", "riscv32_efi", "riscv64_efi", "sw_64_efi" ]
GROUPS["ieee1275"] = [ "i386_ieee1275", "sparc64_ieee1275", "powerpc_ieee1275" ]
GROUPS["uboot"] = [ "arm_uboot" ]
GROUPS["xen"] = [ "i386_xen", "x86_64_xen" ]
@@ -80,7 +82,7 @@ GROUPS["terminfomodule"] = GRUB_PLATFORMS[:];
for i in GROUPS["terminfoinkernel"]: GROUPS["terminfomodule"].remove(i)
# Flattened Device Trees (FDT)
-GROUPS["fdt"] = [ "arm64_efi", "arm_uboot", "arm_efi", "loongarch64_efi", "riscv32_efi", "riscv64_efi" ]
+GROUPS["fdt"] = [ "arm64_efi", "arm_uboot", "arm_efi", "loongarch64_efi", "riscv32_efi", "riscv64_efi", "sw_64_efi" ]
# Needs software helpers for division
# Must match GRUB_DIVISION_IN_SOFTWARE in misc.h
diff --git a/grub-core/Makefile.am b/grub-core/Makefile.am
index b524445..b6b1390 100644
--- a/grub-core/Makefile.am
+++ b/grub-core/Makefile.am
@@ -309,6 +309,13 @@ KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/efi/disk.h
KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/acpi.h
endif
+if COND_sw_64_efi
+KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/efi/efi.h
+KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/efi/disk.h
+KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/sw64/divide.h
+KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/acpi.h
+endif
+
if COND_emu
KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/datetime.h
KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/emu/misc.h
diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def
index 1329b81..e781677 100644
--- a/grub-core/Makefile.core.def
+++ b/grub-core/Makefile.core.def
@@ -103,6 +103,8 @@ kernel = {
sparc64_ieee1275_ldflags = '-Wl,-Ttext,0x4400';
mips_arc_ldflags = '-Wl,-Ttext,$(TARGET_LINK_ADDR)';
mips_qemu_mips_ldflags = '-Wl,-Ttext,0x80200000';
+ sw_64_efi_ldflags = '-Wl,-r,-d';
+ sw_64_efi_stripflags = '--strip-unneeded -K start -R .note -R .comment -R .note.gnu.gold-version';
mips_arc_cppflags = '-DGRUB_DECOMPRESSOR_LINK_ADDR=$(TARGET_DECOMPRESSOR_LINK_ADDR)';
i386_qemu_cppflags = '-DGRUB_BOOT_MACHINE_LINK_ADDR=$(GRUB_BOOT_MACHINE_LINK_ADDR)';
@@ -133,6 +135,7 @@ kernel = {
loongarch64_efi_startup = kern/loongarch64/efi/startup.S;
riscv32_efi_startup = kern/riscv/efi/startup.S;
riscv64_efi_startup = kern/riscv/efi/startup.S;
+ sw_64_efi_startup = kern/sw64/efi/startup.S;
common = kern/buffer.c;
common = kern/command.c;
@@ -328,6 +331,15 @@ kernel = {
extra_dist = video/sm712_init.c;
extra_dist = video/sis315_init.c;
mips_loongson = commands/keylayouts.c;
+ sw_64_efi = kern/sw64/dl.c;
+ sw_64_efi = kern/sw64/dl_helper.c;
+ sw_64_efi = kern/sw64/efi/init.c;
+ sw_64_efi = kern/efi/fdt.c;
+ sw_64_efi = lib/sw64/divide.S;
+ sw_64_efi = kern/sw64/efi/callwrap.S;
+ sw_64_efi = kern/sw64/cache.c;
+ sw_64_efi = kern/sw64/cache_flush.S;
+ sw_64_efi = commands/keylayouts.c;
powerpc_ieee1275 = kern/powerpc/cache.S;
powerpc_ieee1275 = kern/powerpc/dl.c;
@@ -881,6 +893,7 @@ module = {
enable = loongarch64_efi;
enable = riscv32_efi;
enable = riscv64_efi;
+ enable = sw_64_efi;
};
module = {
@@ -958,6 +971,7 @@ module = {
i386_multiboot = commands/acpihalt.c;
i386_efi = commands/acpihalt.c;
x86_64_efi = commands/acpihalt.c;
+ sw_64_efi = commands/acpihalt.c;
i386_multiboot = lib/i386/halt.c;
i386_coreboot = lib/i386/halt.c;
i386_qemu = lib/i386/halt.c;
@@ -1794,6 +1808,8 @@ module = {
extra_dist = lib/arm64/setjmp.S;
extra_dist = lib/riscv/setjmp.S;
extra_dist = lib/loongarch64/setjmp.S;
+ extra_dist = lib/sw64/setjmp.S;
+ extra_dist = lib/sw64/divide.S;
};
module = {
@@ -1902,6 +1918,7 @@ module = {
loongarch64 = loader/loongarch64/linux-elf.c;
riscv32 = loader/efi/linux.c;
riscv64 = loader/efi/linux.c;
+ sw_64_efi = loader/sw64/efi/linux.c;
emu = loader/emu/linux.c;
common = loader/linux.c;
i386_efi = loader/efi/linux_boot.c;
@@ -2009,6 +2026,7 @@ module = {
enable = riscv32_efi;
enable = riscv64_efi;
enable = mips;
+ enable = sw_64;
};
module = {
diff --git a/grub-core/commands/file.c b/grub-core/commands/file.c
index 7c13e97..42b25e5 100644
--- a/grub-core/commands/file.c
+++ b/grub-core/commands/file.c
@@ -94,6 +94,8 @@ static const struct grub_arg_option options[] = {
N_("Check if FILE is RISC-V 32bit EFI file"), 0, 0},
{"is-riscv64-efi", 0, 0,
N_("Check if FILE is RISC-V 64bit EFI file"), 0, 0},
+ {"is-sw64-efi", 0, 0,
+ N_("Check if FILE is SW64 EFI file"), 0, 0},
{"is-hibernated-hiberfil", 0, 0,
N_("Check if FILE is hiberfil.sys in hibernated state"), 0, 0},
{"is-x86_64-xnu", 0, 0,
@@ -136,6 +138,7 @@ enum
IS_ARM_EFI,
IS_RISCV32_EFI,
IS_RISCV64_EFI,
+ IS_SW64_EFI,
IS_HIBERNATED,
IS_XNU64,
IS_XNU32,
@@ -590,6 +593,7 @@ grub_cmd_file (grub_extcmd_context_t ctxt, int argc, char **args)
case IS_ARM_EFI:
case IS_RISCV32_EFI:
case IS_RISCV64_EFI:
+ case IS_SW64_EFI:
{
char signature[4];
grub_uint32_t pe_offset;
@@ -640,8 +644,13 @@ grub_cmd_file (grub_extcmd_context_t ctxt, int argc, char **args)
grub_cpu_to_le16_compile_time (GRUB_PE32_MACHINE_RISCV64))
/* TODO: Determine bitness dynamically */
break;
+ if (type == IS_SW64_EFI
+ && coff_head.machine !=
+ grub_cpu_to_le16_compile_time (GRUB_PE32_MACHINE_SW_64))
+ /* TODO: Determine bitness dynamically */
+ break;
if (type == IS_IA_EFI || type == IS_64_EFI || type == IS_ARM64_EFI ||
- type == IS_RISCV32_EFI || type == IS_RISCV64_EFI)
+ type == IS_RISCV32_EFI || type == IS_RISCV64_EFI || type == IS_SW64_EFI)
{
struct grub_pe64_optional_header o64;
if (grub_file_read (file, &o64, sizeof (o64)) != sizeof (o64))
diff --git a/grub-core/kern/compiler-rt.c b/grub-core/kern/compiler-rt.c
index eda689a..5dbada2 100644
--- a/grub-core/kern/compiler-rt.c
+++ b/grub-core/kern/compiler-rt.c
@@ -335,7 +335,7 @@ __ucmpdi2 (grub_uint64_t a, grub_uint64_t b)
#endif
#if defined (__powerpc__) || defined(__mips__) || defined(__sparc__) || \
- defined(__arm__) || defined(__riscv)
+ defined(__arm__) || defined(__riscv) || defined(__sw_64__)
/* Based on libgcc2.c from gcc suite. */
grub_uint32_t
diff --git a/grub-core/lib/setjmp.S b/grub-core/lib/setjmp.S
index 5723ae0..9ab5aec 100644
--- a/grub-core/lib/setjmp.S
+++ b/grub-core/lib/setjmp.S
@@ -25,6 +25,8 @@
#include "./riscv/setjmp.S"
#elif defined(__s390x__)
#include "./s390x/setjmp.S"
+#elif defined(__sw_64__)
+#include "./sw64/setjmp.S"
#else
#error "Unknown target cpu type"
#endif
diff --git a/include/grub/compiler-rt.h b/include/grub/compiler-rt.h
index 17828b3..a8782fc 100644
--- a/include/grub/compiler-rt.h
+++ b/include/grub/compiler-rt.h
@@ -178,7 +178,7 @@ EXPORT_FUNC (__lshrdi3) (grub_uint64_t u, int b);
#endif
#if defined (__powerpc__) || defined(__mips__) || defined(__sparc__) || \
- defined (__arm__) || defined(__riscv)
+ defined (__arm__) || defined(__riscv) || defined(__sw_64__)
grub_uint32_t
EXPORT_FUNC(__bswapsi2) (grub_uint32_t u);
diff --git a/include/grub/efi/pe32.h b/include/grub/efi/pe32.h
index 4e6e9d2..993792b 100644
--- a/include/grub/efi/pe32.h
+++ b/include/grub/efi/pe32.h
@@ -92,6 +92,7 @@ struct grub_pe32_coff_header
#define GRUB_PE32_MACHINE_LOONGARCH64 0x6264
#define GRUB_PE32_MACHINE_RISCV32 0x5032
#define GRUB_PE32_MACHINE_RISCV64 0x5064
+#define GRUB_PE32_MACHINE_SW_64 0x0284
#define GRUB_PE32_RELOCS_STRIPPED 0x0001
#define GRUB_PE32_EXECUTABLE_IMAGE 0x0002
diff --git a/include/grub/util/install.h b/include/grub/util/install.h
index 38c6da7..0f80ca2 100644
--- a/include/grub/util/install.h
+++ b/include/grub/util/install.h
@@ -116,6 +116,7 @@ enum grub_install_plat
GRUB_INSTALL_PLATFORM_RISCV32_EFI,
GRUB_INSTALL_PLATFORM_RISCV64_EFI,
GRUB_INSTALL_PLATFORM_S390X_EMU,
+ GRUB_INSTALL_PLATFORM_SW64_EFI,
GRUB_INSTALL_PLATFORM_MAX
};
diff --git a/util/grub-install-common.c b/util/grub-install-common.c
index 75fa039..c186293 100644
--- a/util/grub-install-common.c
+++ b/util/grub-install-common.c
@@ -955,6 +955,7 @@ static struct
[GRUB_INSTALL_PLATFORM_RISCV32_EFI] = { "riscv32", "efi" },
[GRUB_INSTALL_PLATFORM_RISCV64_EFI] = { "riscv64", "efi" },
[GRUB_INSTALL_PLATFORM_S390X_EMU] = { "s390x", "emu" },
+ [GRUB_INSTALL_PLATFORM_SW64_EFI] = { "sw64", "efi" },
};
char *
diff --git a/util/grub-install.c b/util/grub-install.c
index 09c5bba..fb1c874 100644
--- a/util/grub-install.c
+++ b/util/grub-install.c
@@ -378,6 +378,8 @@ get_default_platform (void)
#endif
#elif defined (__s390x__)
return "s390x-emu";
+#elif defined (__sw_64__)
+ return "sw64-efi";
#else
return NULL;
#endif
@@ -572,6 +574,7 @@ have_bootdev (enum grub_install_plat pl)
case GRUB_INSTALL_PLATFORM_I386_XEN_PVH:
case GRUB_INSTALL_PLATFORM_S390X_EMU:
+ case GRUB_INSTALL_PLATFORM_SW64_EFI:
return 0;
/* pacify warning. */
@@ -1014,6 +1017,7 @@ main (int argc, char *argv[])
case GRUB_INSTALL_PLATFORM_X86_64_XEN:
case GRUB_INSTALL_PLATFORM_I386_XEN_PVH:
case GRUB_INSTALL_PLATFORM_S390X_EMU:
+ case GRUB_INSTALL_PLATFORM_SW64_EFI:
break;
case GRUB_INSTALL_PLATFORM_I386_QEMU:
@@ -1066,6 +1070,7 @@ main (int argc, char *argv[])
case GRUB_INSTALL_PLATFORM_X86_64_XEN:
case GRUB_INSTALL_PLATFORM_I386_XEN_PVH:
case GRUB_INSTALL_PLATFORM_S390X_EMU:
+ case GRUB_INSTALL_PLATFORM_SW64_EFI:
free (install_device);
install_device = NULL;
break;
@@ -1163,6 +1168,7 @@ main (int argc, char *argv[])
case GRUB_INSTALL_PLATFORM_RISCV32_EFI:
case GRUB_INSTALL_PLATFORM_RISCV64_EFI:
case GRUB_INSTALL_PLATFORM_IA64_EFI:
+ case GRUB_INSTALL_PLATFORM_SW64_EFI:
is_efi = 1;
break;
default:
@@ -1304,6 +1310,9 @@ main (int argc, char *argv[])
case GRUB_INSTALL_PLATFORM_RISCV64_EFI:
efi_file = "BOOTRISCV64.EFI";
break;
+ case GRUB_INSTALL_PLATFORM_SW64_EFI:
+ efi_file = "BOOTSW64.EFI";
+ break;
default:
grub_util_error ("%s", _("You've found a bug"));
break;
@@ -1340,6 +1349,9 @@ main (int argc, char *argv[])
case GRUB_INSTALL_PLATFORM_RISCV64_EFI:
efi_file = "grubriscv64.efi";
break;
+ case GRUB_INSTALL_PLATFORM_SW64_EFI:
+ efi_file = "grubsw64.efi";
+ break;
default:
efi_file = "grub.efi";
break;
@@ -1682,6 +1694,7 @@ main (int argc, char *argv[])
case GRUB_INSTALL_PLATFORM_RISCV32_EFI:
case GRUB_INSTALL_PLATFORM_RISCV64_EFI:
case GRUB_INSTALL_PLATFORM_IA64_EFI:
+ case GRUB_INSTALL_PLATFORM_SW64_EFI:
g = grub_util_guess_efi_drive (*curdev);
break;
case GRUB_INSTALL_PLATFORM_SPARC64_IEEE1275:
@@ -1874,6 +1887,7 @@ main (int argc, char *argv[])
case GRUB_INSTALL_PLATFORM_RISCV32_EFI:
case GRUB_INSTALL_PLATFORM_RISCV64_EFI:
case GRUB_INSTALL_PLATFORM_IA64_EFI:
+ case GRUB_INSTALL_PLATFORM_SW64_EFI:
core_name = "core.efi";
snprintf (mkimage_target, sizeof (mkimage_target),
"%s-%s",
@@ -2087,6 +2101,7 @@ main (int argc, char *argv[])
case GRUB_INSTALL_PLATFORM_I386_XEN:
case GRUB_INSTALL_PLATFORM_X86_64_XEN:
case GRUB_INSTALL_PLATFORM_I386_XEN_PVH:
+ case GRUB_INSTALL_PLATFORM_SW64_EFI:
break;
/* pacify warning. */
case GRUB_INSTALL_PLATFORM_MAX:
@@ -2361,6 +2376,7 @@ main (int argc, char *argv[])
case GRUB_INSTALL_PLATFORM_RISCV32_EFI:
case GRUB_INSTALL_PLATFORM_RISCV64_EFI:
case GRUB_INSTALL_PLATFORM_IA64_EFI:
+ case GRUB_INSTALL_PLATFORM_SW64_EFI:
{
char *dst = grub_util_path_concat (2, efidir, efi_file);
grub_install_copy_file (imgfile, dst, 1);
diff --git a/util/grub-mknetdir.c b/util/grub-mknetdir.c
index 46f304c..d277de0 100644
--- a/util/grub-mknetdir.c
+++ b/util/grub-mknetdir.c
@@ -111,6 +111,7 @@ static const struct
[GRUB_INSTALL_PLATFORM_LOONGARCH64_EFI] = { "loongarch64-efi", "efinet", ".efi" },
[GRUB_INSTALL_PLATFORM_RISCV32_EFI] = { "riscv32-efi", "efinet", ".efi" },
[GRUB_INSTALL_PLATFORM_RISCV64_EFI] = { "riscv64-efi", "efinet", ".efi" },
+ [GRUB_INSTALL_PLATFORM_SW64_EFI] = { "sw64-efi", "efinet", ".efi" },
};
static void
diff --git a/util/grub-mkrescue.c b/util/grub-mkrescue.c
index abcc1c2..168d6dd 100644
--- a/util/grub-mkrescue.c
+++ b/util/grub-mkrescue.c
@@ -564,7 +564,8 @@ main (int argc, char *argv[])
|| source_dirs[GRUB_INSTALL_PLATFORM_LOONGARCH64_EFI]
|| source_dirs[GRUB_INSTALL_PLATFORM_RISCV32_EFI]
|| source_dirs[GRUB_INSTALL_PLATFORM_RISCV64_EFI]
- || source_dirs[GRUB_INSTALL_PLATFORM_X86_64_EFI])
+ || source_dirs[GRUB_INSTALL_PLATFORM_X86_64_EFI]
+ || source_dirs[GRUB_INSTALL_PLATFORM_SW64_EFI])
system_area = SYS_AREA_COMMON;
else if (source_dirs[GRUB_INSTALL_PLATFORM_SPARC64_IEEE1275])
system_area = SYS_AREA_SPARC;
@@ -764,7 +765,8 @@ main (int argc, char *argv[])
|| source_dirs[GRUB_INSTALL_PLATFORM_ARM64_EFI]
|| source_dirs[GRUB_INSTALL_PLATFORM_LOONGARCH64_EFI]
|| source_dirs[GRUB_INSTALL_PLATFORM_RISCV32_EFI]
- || source_dirs[GRUB_INSTALL_PLATFORM_RISCV64_EFI])
+ || source_dirs[GRUB_INSTALL_PLATFORM_RISCV64_EFI]
+ || source_dirs[GRUB_INSTALL_PLATFORM_SW64_EFI])
{
FILE *f;
char *efidir_efi = grub_util_path_concat (2, iso9660_dir, "efi");
@@ -826,6 +828,10 @@ main (int argc, char *argv[])
make_image_abs (GRUB_INSTALL_PLATFORM_RISCV64_EFI, "riscv64-efi", imgname);
free (imgname);
+ imgname = grub_util_path_concat (2, efidir_efi_boot, "bootsw64.efi");
+ make_image_fwdisk_abs (GRUB_INSTALL_PLATFORM_SW64_EFI, "sw64-efi", imgname);
+ free (imgname);
+
if (source_dirs[GRUB_INSTALL_PLATFORM_I386_EFI])
{
imgname = grub_util_path_concat (2, efidir_efi_boot, "boot.efi");
diff --git a/util/mkimage.c b/util/mkimage.c
index 0737935..c4af2db 100644
--- a/util/mkimage.c
+++ b/util/mkimage.c
@@ -425,6 +425,22 @@ static const struct grub_install_image_target_desc image_targets[] =
.pe_target = GRUB_PE32_MACHINE_IA64,
.elf_target = EM_IA_64,
},
+ {
+ .dirname = "sw64-efi",
+ .names = {"sw64-efi", NULL},
+ .voidp_sizeof = 8,
+ .bigendian = 0,
+ .id = IMAGE_EFI,
+ .flags = PLATFORM_FLAGS_NONE,
+ .total_module_size = TARGET_NO_FIELD,
+ .decompressor_compressed_size = TARGET_NO_FIELD,
+ .decompressor_uncompressed_size = TARGET_NO_FIELD,
+ .decompressor_uncompressed_addr = TARGET_NO_FIELD,
+ .section_align = GRUB_PE32_SECTION_ALIGNMENT,
+ .vaddr_offset = EFI64_HEADER_SIZE,
+ .pe_target = GRUB_PE32_MACHINE_SW_64,
+ .elf_target = EM_SW_64,
+ },
{
.dirname = "mips-arc",
.names = {"mips-arc", NULL},
--
2.33.0