From a3bdb368a26b039ef042c2acc258fc017f3250d1390ef07edc65bfe4ad1f6b3e Mon Sep 17 00:00:00 2001 From: Michael Chang Date: Thu, 8 Jul 2021 09:03:14 +0000 Subject: [PATCH] Accepting request 904721 from home:michael-chang:grub:2.06 - Version bump to 2.06 * rediff - 0001-add-support-for-UEFI-network-protocols.patch - 0002-net-read-bracketed-ipv6-addrs-and-port-numbers.patch - 0003-Make-grub_error-more-verbose.patch - 0003-bootp-New-net_bootp6-command.patch - 0005-grub.texi-Add-net_bootp6-doument.patch - 0006-bootp-Add-processing-DHCPACK-packet-from-HTTP-Boot.patch - 0006-efi-Set-image-base-address-before-jumping-to-the-PE-.patch - 0008-efinet-Setting-DNS-server-from-UEFI-protocol.patch - 0046-squash-verifiers-Move-verifiers-API-to-kernel-image.patch - grub-install-force-journal-draining-to-ensure-data-i.patch - grub2-btrfs-01-add-ability-to-boot-from-subvolumes.patch - grub2-diskfilter-support-pv-without-metadatacopies.patch - grub2-efi-HP-workaround.patch - grub2-efi-xen-cfg-unquote.patch - grub2-efi-xen-chainload.patch - grub2-fix-menu-in-xen-host-server.patch - grub2-gfxmenu-support-scrolling-menu-entry-s-text.patch - grub2-install-remove-useless-check-PReP-partition-is-empty.patch - grub2-lvm-allocate-metadata-buffer-from-raw-contents.patch - grub2-mkconfig-default-entry-correction.patch - grub2-pass-corret-root-for-nfsroot.patch - grub2-s390x-03-output-7-bit-ascii.patch - grub2-s390x-04-grub2-install.patch - grub2-secureboot-install-signed-grub.patch - grub2-setup-try-fs-embed-if-mbr-gap-too-small.patch - use-grub2-as-a-package-name.patch * update by patch squashed: - 0001-Add-support-for-Linux-EFI-stub-loading-on-aarch64.patch OBS-URL: https://build.opensuse.org/request/show/904721 OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=386 --- ...are-fix-printf-format-with-null-byte.patch | 88 + ...or-Linux-EFI-stub-loading-on-aarch64.patch | 123 +- ...is-small-and-user-uses-advanced-modu.patch | 233 --- ...d-support-for-UEFI-network-protocols.patch | 132 +- ...6-linux.h-Include-missing-grub-types.patch | 39 - ...chainloaded-image-as-shim-s-verifiab.patch | 45 - ...-Fix-gcc10-error-Werror-array-bounds.patch | 52 - ...on-datetime-functions-out-of-the-nor.patch | 311 --- ...lexer-fatal-errors-actually-be-fatal.patch | 67 - ...m_lock-GUID-and-protocol-type-public.patch | 96 - ...Avoid-incompleted-install-on-i386-pc.patch | 97 - ...ern-Add-X-option-to-printf-functions.patch | 65 - ...racketed-ipv6-addrs-and-port-numbers.patch | 60 +- ...e-arithmetic-primitives-that-check-f.patch | 123 -- ...cc10-error-Werror-zero-length-bounds.patch | 87 - 0003-Make-grub_error-more-verbose.patch | 68 +- 0003-bootp-New-net_bootp6-command.patch | 40 +- ...-we-always-have-an-overflow-checking.patch | 239 --- ...efi_status_t-from-grub_efi_get_varia.patch | 146 -- ...ch-for-specific-config-files-for-net.patch | 228 -- 0004-calloc-Use-calloc-at-most-places.patch | 1825 ----------------- ...the-datetime-module-for-the-emu-plat.patch | 32 - ...on-to-read-EFI-variables-with-attrib.patch | 79 - ...ernel_header.hdr_offset-be-at-the-ri.patch | 75 - 0005-efi-Add-secure-boot-detection.patch | 210 -- 0005-grub.texi-Add-net_bootp6-doument.patch | 19 +- ...low-checking-primitives-where-we-do-.patch | 1319 ------------ ...essing-DHCPACK-packet-from-HTTP-Boot.patch | 30 +- ...r-shim_lock-verifier-if-shim_lock-pr.patch | 90 - ...se-address-before-jumping-to-the-PE-.patch | 21 +- ...on-t-leak-memory-on-realloc-failures.patch | 67 - ...-not-load-more-than-one-NAME-section.patch | 35 - ...s-Move-verifiers-API-to-kernel-image.patch | 129 -- ...-shim_lock-verifier-to-the-GRUB-core.patch | 368 ---- ...etting-DNS-server-from-UEFI-protocol.patch | 20 +- ...used-fields-from-grub_script_functio.patch | 33 - ...rt-for-Linux-EFI-stub-loading-on-aar.patch | 101 - 0009-kern-Add-lockdown-support.patch | 430 ---- ...se-after-free-when-redefining-a-func.patch | 107 - 0009-squash-Add-support-for-linuxefi.patch | 39 - ...t-a-variable-if-the-GRUB-is-locked-d.patch | 57 - ...er-overflows-in-initrd-size-handling.patch | 164 -- ...-GRUB-when-the-UEFI-Secure-Boot-is-e.patch | 49 - ...lockdown-instead-of-hardcoding-a-dis.patch | 231 --- ...ter-the-acpi-command-when-locked-dow.patch | 75 - ...ter-cutmem-and-badram-commands-when-.patch | 69 - ...t-commands-that-can-load-BIOS-or-DT-.patch | 104 - ...Restrict-setpci-command-when-locked-.patch | 37 - ...Restrict-hdparm-command-when-locked-.patch | 35 - ...Restrict-GDB-access-when-locked-down.patch | 61 - ...-allow-loading-extension-and-package.patch | 60 - ...loading-modules-that-are-not-depende.patch | 87 - ...le-out-of-bound-accesses-caused-by-m.patch | 115 -- ...peated-short-options-that-require-an.patch | 54 - ...ntry-Fix-quoting-in-setparams_prefix.patch | 46 - ...n-parser-Fix-resource-leak-if-argc-0.patch | 50 - 0025-kern-parser-Fix-a-memory-leak.patch | 76 - ...parser-Introduce-process_char-helper.patch | 119 -- ...arser-Introduce-terminate_arg-helper.patch | 65 - ...ctor-grub_parser_split_cmdline-clean.patch | 92 - ...uffer-Add-variable-sized-heap-buffer.patch | 307 --- ...n-parser-Fix-a-stack-buffer-overflow.patch | 247 --- ...emove-unused-code-to-add-BSS-section.patch | 60 - ...-grub_host_to_target32-instead-of-gr.patch | 112 - ...ays-use-grub_host_to_target32-to-ini.patch | 38 - ...fy-more-of-the-PE32-and-PE32-header-.patch | 169 -- ...rder-PE-optional-header-fields-set-u.patch | 72 - ...-Improve-data_size-value-calculation.patch | 49 - ...factor-section-setup-to-use-a-helper.patch | 220 -- ...-an-option-to-import-SBAT-metadata-i.patch | 263 --- ...-grub-install-common-Add-sbat-option.patch | 84 - ...kip-loading-shim_lock-verifier-with-.patch | 268 --- ...ecureboot-support-on-efi-chainloader.patch | 92 - 0042-squash-grub2-efi-chainload-harder.patch | 26 - ...ow-insmod-when-secure-boot-is-enable.patch | 88 - ...rt-for-Linux-EFI-stub-loading-on-aar.patch | 68 - ...s-Move-verifiers-API-to-kernel-image.patch | 69 +- grub-2.04.tar.xz | 3 - grub-2.06.tar.xz | 3 + ...l-define-default-platform-for-risc-v.patch | 34 - ...ce-journal-draining-to-ensure-data-i.patch | 47 +- ...-add-ability-to-boot-from-subvolumes.patch | 42 +- ...er-support-pv-without-metadatacopies.patch | 16 +- grub2-editenv-add-warning-message.patch | 36 - grub2-efi-HP-workaround.patch | 16 +- grub2-efi-chainload-harder.patch | 18 +- grub2-efi-gop-add-blt.patch | 59 - grub2-efi-uga-64bit-fb.patch | 104 - grub2-efi-xen-cfg-unquote.patch | 12 +- grub2-efi-xen-chainload.patch | 20 +- grub2-fix-menu-in-xen-host-server.patch | 26 +- ...-support-scrolling-menu-entry-s-text.patch | 50 +- ...seless-check-PReP-partition-is-empty.patch | 17 +- grub2-instdev-fixup.pl | 336 +++ ...te-metadata-buffer-from-raw-contents.patch | 82 +- grub2-mkconfig-default-entry-correction.patch | 14 +- grub2-pass-corret-root-for-nfsroot.patch | 52 +- grub2-s390x-03-output-7-bit-ascii.patch | 50 +- grub2-s390x-04-grub2-install.patch | 136 +- grub2-secureboot-add-linuxefi.patch | 41 +- grub2-secureboot-chainloader.patch | 85 +- grub2-secureboot-install-signed-grub.patch | 26 +- grub2-secureboot-no-insmod-on-sb.patch | 64 +- ...up-try-fs-embed-if-mbr-gap-too-small.patch | 14 +- ...s-fix-system-freeze-if-verify-failed.patch | 44 - grub2.changes | 117 ++ grub2.spec | 176 +- risc-v-add-clzdi2-symbol.patch | 46 - ...ion-of-pc-relative-relocation-offset.patch | 39 - use-grub2-as-a-package-name.patch | 16 +- 110 files changed, 1208 insertions(+), 11879 deletions(-) create mode 100644 0001-30_uefi-firmware-fix-printf-format-with-null-byte.patch delete mode 100644 0001-Warn-if-MBR-gap-is-small-and-user-uses-advanced-modu.patch delete mode 100644 0001-include-grub-i386-linux.h-Include-missing-grub-types.patch delete mode 100644 0001-kern-efi-sb-Add-chainloaded-image-as-shim-s-verifiab.patch delete mode 100644 0001-mdraid1x_linux-Fix-gcc10-error-Werror-array-bounds.patch delete mode 100644 0001-normal-Move-common-datetime-functions-out-of-the-nor.patch delete mode 100644 0001-yylex-Make-lexer-fatal-errors-actually-be-fatal.patch delete mode 100644 0002-efi-Make-shim_lock-GUID-and-protocol-type-public.patch delete mode 100644 0002-grub-install-Avoid-incompleted-install-on-i386-pc.patch delete mode 100644 0002-kern-Add-X-option-to-printf-functions.patch delete mode 100644 0002-safemath-Add-some-arithmetic-primitives-that-check-f.patch delete mode 100644 0002-zfs-Fix-gcc10-error-Werror-zero-length-bounds.patch delete mode 100644 0003-calloc-Make-sure-we-always-have-an-overflow-checking.patch delete mode 100644 0003-efi-Return-grub_efi_status_t-from-grub_efi_get_varia.patch delete mode 100644 0003-normal-main-Search-for-specific-config-files-for-net.patch delete mode 100644 0004-calloc-Use-calloc-at-most-places.patch delete mode 100644 0004-datetime-Enable-the-datetime-module-for-the-emu-plat.patch delete mode 100644 0004-efi-Add-a-function-to-read-EFI-variables-with-attrib.patch delete mode 100644 0005-Make-linux_arm_kernel_header.hdr_offset-be-at-the-ri.patch delete mode 100644 0005-efi-Add-secure-boot-detection.patch delete mode 100644 0005-malloc-Use-overflow-checking-primitives-where-we-do-.patch delete mode 100644 0006-efi-Only-register-shim_lock-verifier-if-shim_lock-pr.patch delete mode 100644 0006-iso9660-Don-t-leak-memory-on-realloc-failures.patch delete mode 100644 0007-font-Do-not-load-more-than-one-NAME-section.patch delete mode 100644 0007-verifiers-Move-verifiers-API-to-kernel-image.patch delete mode 100644 0008-efi-Move-the-shim_lock-verifier-to-the-GRUB-core.patch delete mode 100644 0008-script-Remove-unused-fields-from-grub_script_functio.patch delete mode 100644 0008-squash-Add-support-for-Linux-EFI-stub-loading-on-aar.patch delete mode 100644 0009-kern-Add-lockdown-support.patch delete mode 100644 0009-script-Avoid-a-use-after-free-when-redefining-a-func.patch delete mode 100644 0009-squash-Add-support-for-linuxefi.patch delete mode 100644 0010-kern-lockdown-Set-a-variable-if-the-GRUB-is-locked-d.patch delete mode 100644 0010-linux-Fix-integer-overflows-in-initrd-size-handling.patch delete mode 100644 0011-efi-Lockdown-the-GRUB-when-the-UEFI-Secure-Boot-is-e.patch delete mode 100644 0012-efi-Use-grub_is_lockdown-instead-of-hardcoding-a-dis.patch delete mode 100644 0013-acpi-Don-t-register-the-acpi-command-when-locked-dow.patch delete mode 100644 0014-mmap-Don-t-register-cutmem-and-badram-commands-when-.patch delete mode 100644 0015-commands-Restrict-commands-that-can-load-BIOS-or-DT-.patch delete mode 100644 0016-commands-setpci-Restrict-setpci-command-when-locked-.patch delete mode 100644 0017-commands-hdparm-Restrict-hdparm-command-when-locked-.patch delete mode 100644 0018-gdb-Restrict-GDB-access-when-locked-down.patch delete mode 100644 0019-loader-xnu-Don-t-allow-loading-extension-and-package.patch delete mode 100644 0020-dl-Only-allow-unloading-modules-that-are-not-depende.patch delete mode 100644 0021-usb-Avoid-possible-out-of-bound-accesses-caused-by-m.patch delete mode 100644 0022-lib-arg-Block-repeated-short-options-that-require-an.patch delete mode 100644 0023-commands-menuentry-Fix-quoting-in-setparams_prefix.patch delete mode 100644 0024-kern-parser-Fix-resource-leak-if-argc-0.patch delete mode 100644 0025-kern-parser-Fix-a-memory-leak.patch delete mode 100644 0026-kern-parser-Introduce-process_char-helper.patch delete mode 100644 0027-kern-parser-Introduce-terminate_arg-helper.patch delete mode 100644 0028-kern-parser-Refactor-grub_parser_split_cmdline-clean.patch delete mode 100644 0029-kern-buffer-Add-variable-sized-heap-buffer.patch delete mode 100644 0030-kern-parser-Fix-a-stack-buffer-overflow.patch delete mode 100644 0031-util-mkimage-Remove-unused-code-to-add-BSS-section.patch delete mode 100644 0032-util-mkimage-Use-grub_host_to_target32-instead-of-gr.patch delete mode 100644 0033-util-mkimage-Always-use-grub_host_to_target32-to-ini.patch delete mode 100644 0034-util-mkimage-Unify-more-of-the-PE32-and-PE32-header-.patch delete mode 100644 0035-util-mkimage-Reorder-PE-optional-header-fields-set-u.patch delete mode 100644 0036-util-mkimage-Improve-data_size-value-calculation.patch delete mode 100644 0037-util-mkimage-Refactor-section-setup-to-use-a-helper.patch delete mode 100644 0038-util-mkimage-Add-an-option-to-import-SBAT-metadata-i.patch delete mode 100644 0039-grub-install-common-Add-sbat-option.patch delete mode 100644 0040-shim_lock-Only-skip-loading-shim_lock-verifier-with-.patch delete mode 100644 0041-squash-Add-secureboot-support-on-efi-chainloader.patch delete mode 100644 0042-squash-grub2-efi-chainload-harder.patch delete mode 100644 0043-squash-Don-t-allow-insmod-when-secure-boot-is-enable.patch delete mode 100644 0045-squash-Add-support-for-Linux-EFI-stub-loading-on-aar.patch delete mode 100644 grub-2.04.tar.xz create mode 100644 grub-2.06.tar.xz delete mode 100644 grub-install-define-default-platform-for-risc-v.patch delete mode 100644 grub2-editenv-add-warning-message.patch delete mode 100644 grub2-efi-gop-add-blt.patch delete mode 100644 grub2-efi-uga-64bit-fb.patch create mode 100644 grub2-instdev-fixup.pl delete mode 100644 grub2-verifiers-fix-system-freeze-if-verify-failed.patch delete mode 100644 risc-v-add-clzdi2-symbol.patch delete mode 100644 risc-v-fix-computation-of-pc-relative-relocation-offset.patch diff --git a/0001-30_uefi-firmware-fix-printf-format-with-null-byte.patch b/0001-30_uefi-firmware-fix-printf-format-with-null-byte.patch new file mode 100644 index 0000000..dfb6b92 --- /dev/null +++ b/0001-30_uefi-firmware-fix-printf-format-with-null-byte.patch @@ -0,0 +1,88 @@ +From 47eddcfc6859f269bb3cfaf95d5b33502cafd9ec Mon Sep 17 00:00:00 2001 +From: Michael Chang +Date: Mon, 21 Jun 2021 05:11:18 +0000 +Subject: [PATCH] 30_uefi-firmware: fix printf format with null byte +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +On a Raspberry Pi 4, the OsIndications variable is set as following + + $ od -An -t u1 /sys/firmware/efi/efivars/OsIndicationsSupported-8be4df61-93ca-11d2-aa0d-00e098032b8c + 6 0 0 0 0 0 0 0 0 0 0 0 + +The fifth byte indicates there's no boot to uefi firmware support as no +bit is set. However the /etc/grub.d/30_uefi-firmware mistakenly detects +that from the grub-mkconfig output. + + /etc/grub.d/30_uefi-firmware: line 34: warning: command substitution: ignored null byte in input + Adding boot menu entry for UEFI Firmware Settings ... + +The warning has dictated that the null byte is ignored from the printf +input arguments so that the expression of + + rintf 0x%x \'"$(cat $OS_INDICATIONS | cut -b5)"\') + +becomes + + printf 0x%x \'""\' + 0x27 + +The numeric value of trailing character \' is outputted instead of the +null byte. + +From the printf manual, there's description to the synax of formatting +the numeric value ouput of a character. + +"If the leading character of a numeric argument is ‘"’ or ‘'’ then its +value is the numeric value of the immediately following character. Any +remaining characters are silently ignored if the POSIXLY_CORRECT +environment variable is set; otherwise, a warning is printed. For +example, ‘printf "%d" "'a"’ outputs ‘97’ on hosts that use the ASCII +character set, since ‘a’ has the numeric value 97 in ASCII." + +From the descrption the trailing \' appears to be superfluous and should +get removed to have correct output. + + printf 0x%x \'"" + 0x0 + +In additon to suppress the warning message of ignored null byte in +input, we can delete it so an empty string is used. + +To illustrate the problem using echo as example + + printf 0x%x \'"$(echo -e '\x00')" + -bash: warning: command substitution: ignored null byte in input + 0x0 + +And here using tr to delete the null character + + printf 0x%x \'"$(echo -e '\x00'| tr -d '\000')" + +The expression above is substituted to + + printf 0x%x \'"" + 0x0 + +Signed-off-by: Michael Chang +--- + util/grub.d/30_uefi-firmware.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/util/grub.d/30_uefi-firmware.in b/util/grub.d/30_uefi-firmware.in +index d344d3883..d069f2727 100644 +--- a/util/grub.d/30_uefi-firmware.in ++++ b/util/grub.d/30_uefi-firmware.in +@@ -31,7 +31,7 @@ EFI_GLOBAL_VARIABLE=8be4df61-93ca-11d2-aa0d-00e098032b8c + OS_INDICATIONS="$EFI_VARS_DIR/OsIndicationsSupported-$EFI_GLOBAL_VARIABLE" + + if [ -e "$OS_INDICATIONS" ] && \ +- [ "$(( $(printf 0x%x \'"$(cat $OS_INDICATIONS | cut -b5)"\') & 1 ))" = 1 ]; then ++ [ "$(( $(printf 0x%x \'"$(cat $OS_INDICATIONS | cut -b5 | tr -d '\000')") & 1 ))" = 1 ]; then + LABEL="UEFI Firmware Settings" + + gettext_printf "Adding boot menu entry for UEFI Firmware Settings ...\n" >&2 +-- +2.26.2 + diff --git a/0001-Add-support-for-Linux-EFI-stub-loading-on-aarch64.patch b/0001-Add-support-for-Linux-EFI-stub-loading-on-aarch64.patch index 54caf31..a687656 100644 --- a/0001-Add-support-for-Linux-EFI-stub-loading-on-aarch64.patch +++ b/0001-Add-support-for-Linux-EFI-stub-loading-on-aarch64.patch @@ -4,6 +4,17 @@ Date: Fri, 6 Nov 2020 08:36:36 +0000 Subject: [PATCH 1/9] Add support for Linux EFI stub loading on aarch64. Add support for Linux EFI stub loading on aarch64. + +v1: +Make efi handoff the default loader for arm64 platform. + +v2: +The efi shim_lock verifier has been moved to grub core so local +shim_lock protocol is no longer needed here for aarch64 efi to verify +the loaded kernel image. From now on the framework will take care the +verificaion, consolidating the integration of various security verifiers +like secure boot, gpg and tpm. + --- grub-core/Makefile.core.def | 4 +- grub-core/loader/arm64/efi/linux.c | 443 +++++++++++++++++++++++++++++ @@ -12,29 +23,33 @@ Add support for Linux EFI stub loading on aarch64. 4 files changed, 465 insertions(+), 1 deletion(-) create mode 100644 grub-core/loader/arm64/efi/linux.c -diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def -index 3ea9dace0..cfdd31431 100644 ---- a/grub-core/Makefile.core.def -+++ b/grub-core/Makefile.core.def -@@ -1854,9 +1854,11 @@ module = { +Index: grub-2.06~rc1/grub-core/Makefile.core.def +=================================================================== +--- grub-2.06~rc1.orig/grub-core/Makefile.core.def ++++ grub-2.06~rc1/grub-core/Makefile.core.def +@@ -1812,7 +1812,7 @@ module = { + arm_coreboot = loader/arm/linux.c; + arm_efi = loader/arm64/linux.c; + arm_uboot = loader/arm/linux.c; +- arm64 = loader/arm64/linux.c; ++ arm64 = loader/arm64/efi/linux.c; + riscv32 = loader/riscv/linux.c; + riscv64 = loader/riscv/linux.c; + emu = loader/emu/linux.c; +@@ -1879,7 +1879,7 @@ module = { module = { name = linuxefi; - efi = lib/fake_module.c; + x86 = lib/fake_module.c; -+ arm64 = loader/arm64/efi/linux.c; enable = i386_efi; enable = x86_64_efi; -+ enable = arm64_efi; }; - - module = { -diff --git a/grub-core/loader/arm64/efi/linux.c b/grub-core/loader/arm64/efi/linux.c -new file mode 100644 -index 000000000..d81a6d843 +Index: grub-2.06~rc1/grub-core/loader/arm64/efi/linux.c +=================================================================== --- /dev/null -+++ b/grub-core/loader/arm64/efi/linux.c -@@ -0,0 +1,443 @@ ++++ grub-2.06~rc1/grub-core/loader/arm64/efi/linux.c +@@ -0,0 +1,411 @@ +/* + * GRUB -- GRand Unified Bootloader + * Copyright (C) 2013 Free Software Foundation, Inc. @@ -86,32 +101,6 @@ index 000000000..d81a6d843 +static grub_addr_t initrd_start; +static grub_addr_t initrd_end; + -+#define SHIM_LOCK_GUID \ -+ { 0x605dab50, 0xe046, 0x4300, {0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23} } -+ -+struct grub_efi_shim_lock -+{ -+ grub_efi_status_t (*verify) (void *buffer, grub_uint32_t size); -+}; -+typedef struct grub_efi_shim_lock grub_efi_shim_lock_t; -+ -+static grub_efi_boolean_t -+grub_linuxefi_secure_validate (void *data, grub_uint32_t size) -+{ -+ grub_efi_guid_t guid = SHIM_LOCK_GUID; -+ grub_efi_shim_lock_t *shim_lock; -+ -+ shim_lock = grub_efi_locate_protocol(&guid, NULL); -+ -+ if (!shim_lock) -+ return 1; -+ -+ if (shim_lock->verify(data, size) == GRUB_EFI_SUCCESS) -+ return 1; -+ -+ return 0; -+} -+ +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wcast-align" + @@ -131,9 +120,8 @@ index 000000000..d81a6d843 + +#pragma GCC diagnostic pop + -+/* FIXME: This is copy of grub_arch_efi_linux_check_image () */ -+static grub_err_t -+grub_arch_efi_linux_check_image_XX (struct linux_arch_kernel_header * lh) ++grub_err_t ++grub_arch_efi_linux_check_image (struct linux_arch_kernel_header * lh) +{ + if (lh->magic != GRUB_LINUX_ARMXX_MAGIC_SIGNATURE) + return grub_error(GRUB_ERR_BAD_OS, "invalid magic number"); @@ -229,9 +217,10 @@ index 000000000..d81a6d843 + } +} + -+/* FIXME: This is to replace grub_arch_efi_linux_boot_image */ -+static grub_err_t -+grub_arch_efi_linux_boot_image_XX (grub_addr_t addr, char *args) ++grub_err_t ++grub_arch_efi_linux_boot_image (grub_addr_t addr, ++ grub_size_t size __attribute__ ((unused)), ++ char *args) +{ + grub_err_t retval; + @@ -251,7 +240,7 @@ index 000000000..d81a6d843 +static grub_err_t +grub_linux_boot (void) +{ -+ return (grub_arch_efi_linux_boot_image_XX ((grub_addr_t)kernel_addr, linux_args)); ++ return (grub_arch_efi_linux_boot_image ((grub_addr_t)kernel_addr, kernel_size, linux_args)); +} + +static grub_err_t @@ -385,7 +374,7 @@ index 000000000..d81a6d843 + if (grub_file_read (file, &lh, sizeof (lh)) < (long) sizeof (lh)) + return grub_errno; + -+ if (grub_arch_efi_linux_check_image_XX (&lh) != GRUB_ERR_NONE) ++ if (grub_arch_efi_linux_check_image (&lh) != GRUB_ERR_NONE) + goto fail; + + grub_loader_unset(); @@ -411,12 +400,6 @@ index 000000000..d81a6d843 + + grub_dprintf ("linux", "kernel @ %p\n", kernel_addr); + -+ if (!grub_linuxefi_secure_validate (kernel_addr, kernel_size)) -+ { -+ grub_error (GRUB_ERR_INVALID_COMMAND, N_("%s has invalid signature"), argv[0]); -+ goto fail; -+ } -+ + pe = (void *)((unsigned long)kernel_addr + lh.hdr_offset); + handover_offset = pe->opt.entry_addr; + @@ -466,9 +449,9 @@ index 000000000..d81a6d843 + +GRUB_MOD_INIT (linux) +{ -+ cmd_linux = grub_register_command ("linuxefi", grub_cmd_linux, 0, ++ cmd_linux = grub_register_command ("linux", grub_cmd_linux, 0, + N_("Load Linux.")); -+ cmd_initrd = grub_register_command ("initrdefi", grub_cmd_initrd, 0, ++ cmd_initrd = grub_register_command ("initrd", grub_cmd_initrd, 0, + N_("Load initrd.")); + my_mod = mod; +} @@ -478,10 +461,10 @@ index 000000000..d81a6d843 + grub_unregister_command (cmd_linux); + grub_unregister_command (cmd_initrd); +} -diff --git a/include/grub/arm/linux.h b/include/grub/arm/linux.h -index 2e98a6689..775297db8 100644 ---- a/include/grub/arm/linux.h -+++ b/include/grub/arm/linux.h +Index: grub-2.06~rc1/include/grub/arm/linux.h +=================================================================== +--- grub-2.06~rc1.orig/include/grub/arm/linux.h ++++ grub-2.06~rc1/include/grub/arm/linux.h @@ -20,6 +20,7 @@ #ifndef GRUB_ARM_LINUX_HEADER #define GRUB_ARM_LINUX_HEADER 1 @@ -508,20 +491,19 @@ index 2e98a6689..775297db8 100644 #endif #if defined GRUB_MACHINE_UBOOT -diff --git a/include/grub/arm64/linux.h b/include/grub/arm64/linux.h -index 4269adc6d..a3be9dd70 100644 ---- a/include/grub/arm64/linux.h -+++ b/include/grub/arm64/linux.h -@@ -19,6 +19,8 @@ - #ifndef GRUB_ARM64_LINUX_HEADER +Index: grub-2.06~rc1/include/grub/arm64/linux.h +=================================================================== +--- grub-2.06~rc1.orig/include/grub/arm64/linux.h ++++ grub-2.06~rc1/include/grub/arm64/linux.h +@@ -20,6 +20,7 @@ #define GRUB_ARM64_LINUX_HEADER 1 + #include +#include -+ + #define GRUB_LINUX_ARM64_MAGIC_SIGNATURE 0x644d5241 /* 'ARM\x64' */ - /* From linux/Documentation/arm64/booting.txt */ -@@ -36,9 +38,17 @@ struct linux_arm64_kernel_header +@@ -38,9 +39,17 @@ struct linux_arm64_kernel_header grub_uint32_t hdr_offset; /* Offset of PE/COFF header */ }; @@ -539,6 +521,3 @@ index 4269adc6d..a3be9dd70 100644 #endif #endif /* ! GRUB_ARM64_LINUX_HEADER */ --- -2.26.2 - diff --git a/0001-Warn-if-MBR-gap-is-small-and-user-uses-advanced-modu.patch b/0001-Warn-if-MBR-gap-is-small-and-user-uses-advanced-modu.patch deleted file mode 100644 index 88387e9..0000000 --- a/0001-Warn-if-MBR-gap-is-small-and-user-uses-advanced-modu.patch +++ /dev/null @@ -1,233 +0,0 @@ -From 53e9a353dbc5110039bc229e271ea60f7bc5bd69 Mon Sep 17 00:00:00 2001 -From: Vladimir 'phcoder' Serbinenko -Date: Mon, 27 Apr 2020 17:51:34 +0200 -Subject: [PATCH 1/2] Warn if MBR gap is small and user uses advanced modules - -We don't want to support small MBR gap in pair with anything but -the simplest config of biosdisk+part_msdos+simple filesystem. In this -path "simple filesystems" are all current filesystems except zfs and -btrfs. ---- - grub-core/partmap/gpt.c | 9 ++++++++- - grub-core/partmap/msdos.c | 7 ++++++- - include/grub/partition.h | 4 +++- - include/grub/util/install.h | 7 +++++-- - util/grub-install-common.c | 25 +++++++++++++++++++++++++ - util/grub-install.c | 13 +++++++++---- - util/grub-setup.c | 2 +- - util/setup.c | 5 +++-- - 8 files changed, 60 insertions(+), 12 deletions(-) - -diff --git a/grub-core/partmap/gpt.c b/grub-core/partmap/gpt.c -index 72a2e37cd..20cbcc7ff 100644 ---- a/grub-core/partmap/gpt.c -+++ b/grub-core/partmap/gpt.c -@@ -25,6 +25,9 @@ - #include - #include - #include -+#ifdef GRUB_UTIL -+#include -+#endif - - GRUB_MOD_LICENSE ("GPLv3+"); - -@@ -169,7 +172,8 @@ static grub_err_t - gpt_partition_map_embed (struct grub_disk *disk, unsigned int *nsectors, - unsigned int max_nsectors, - grub_embed_type_t embed_type, -- grub_disk_addr_t **sectors) -+ grub_disk_addr_t **sectors, -+ int warn_short) - { - struct gpt_partition_map_embed_ctx ctx = { - .start = 0, -@@ -191,6 +195,9 @@ gpt_partition_map_embed (struct grub_disk *disk, unsigned int *nsectors, - N_("this GPT partition label contains no BIOS Boot Partition;" - " embedding won't be possible")); - -+ if (ctx.len < GRUB_MIN_RECOMMENDED_MBRGAP) { -+ grub_util_warn("Your BIOS Boot Partition is under 1 MiB, please increase its size."); -+ } - if (ctx.len < *nsectors) - return grub_error (GRUB_ERR_OUT_OF_RANGE, - N_("your BIOS Boot Partition is too small;" -diff --git a/grub-core/partmap/msdos.c b/grub-core/partmap/msdos.c -index 508f0ff76..fb452d5fc 100644 ---- a/grub-core/partmap/msdos.c -+++ b/grub-core/partmap/msdos.c -@@ -243,7 +243,8 @@ static grub_err_t - pc_partition_map_embed (struct grub_disk *disk, unsigned int *nsectors, - unsigned int max_nsectors, - grub_embed_type_t embed_type, -- grub_disk_addr_t **sectors) -+ grub_disk_addr_t **sectors, -+ int warn_short) - { - grub_disk_addr_t end = ~0ULL; - struct grub_msdos_partition_mbr mbr; -@@ -397,6 +398,10 @@ pc_partition_map_embed (struct grub_disk *disk, unsigned int *nsectors, - return GRUB_ERR_NONE; - } - -+ if (end < GRUB_MIN_RECOMMENDED_MBRGAP && warn_short) { -+ grub_util_warn("You have a short MBR gap and use advanced config. Please increase post-MBR gap"); -+ } -+ - if (end <= 1) - return grub_error (GRUB_ERR_FILE_NOT_FOUND, - N_("this msdos-style partition label has no " -diff --git a/include/grub/partition.h b/include/grub/partition.h -index 7adb7ec6e..adc50d680 100644 ---- a/include/grub/partition.h -+++ b/include/grub/partition.h -@@ -52,10 +52,12 @@ struct grub_partition_map - grub_partition_iterate_hook_t hook, void *hook_data); - #ifdef GRUB_UTIL - /* Determine sectors available for embedding. */ -+#define GRUB_MIN_RECOMMENDED_MBRGAP 1900 - grub_err_t (*embed) (struct grub_disk *disk, unsigned int *nsectors, - unsigned int max_nsectors, - grub_embed_type_t embed_type, -- grub_disk_addr_t **sectors); -+ grub_disk_addr_t **sectors, -+ int warn_short); - #endif - }; - typedef struct grub_partition_map *grub_partition_map_t; -diff --git a/include/grub/util/install.h b/include/grub/util/install.h -index f56058111..1541ee233 100644 ---- a/include/grub/util/install.h -+++ b/include/grub/util/install.h -@@ -194,13 +194,13 @@ grub_util_bios_setup (const char *dir, - const char *boot_file, const char *core_file, - const char *dest, int force, - int fs_probe, int allow_floppy, -- int add_rs_codes); -+ int add_rs_codes, int warn_short_mbr_gap); - void - grub_util_sparc_setup (const char *dir, - const char *boot_file, const char *core_file, - const char *dest, int force, - int fs_probe, int allow_floppy, -- int add_rs_codes); -+ int add_rs_codes, int warn_short_mbr_gap); - - char * - grub_install_get_image_targets_string (void); -@@ -269,6 +269,9 @@ grub_util_get_target_name (const struct grub_install_image_target_desc *t); - extern char *grub_install_copy_buffer; - #define GRUB_INSTALL_COPY_BUFFER_SIZE 1048576 - -+int -+grub_install_is_short_mbrgap_supported(void); -+ - int - grub_install_sync_fs_journal (const char *path); - #endif -diff --git a/util/grub-install-common.c b/util/grub-install-common.c -index 9cc217d70..4c04b1bce 100644 ---- a/util/grub-install-common.c -+++ b/util/grub-install-common.c -@@ -234,6 +234,31 @@ char *grub_install_source_directory = NULL; - char *grub_install_locale_directory = NULL; - char *grub_install_themes_directory = NULL; - -+int -+grub_install_is_short_mbrgap_supported() -+{ -+ int i, j; -+ static const char *whitelist[] = -+ { -+ "part_msdos", "biosdisk", "affs", "afs", "bfs", "archelp", -+ "cpio", "cpio_be", "newc", "odc", "ext2", "fat", "exfat", -+ "f2fs", "fshelp", "hfs", "hfsplus", "hfspluscomp", -+ "iso9660", "jfs", "minix", "minix2", "minix3", "minix_be", -+ "minix2_be", "minix2_be", "nilfs2", "ntfs", "ntfscomp", -+ "reiserfs", "romfs", "sfs", "squash4", "tar", "udf", -+ "ufs1", "ufs1_be", "ufs2", "xfs" -+ }; -+ for (i = 0; i < modules.n_entries; i++) -+ { -+ for (j = 0; j < ARRAY_SIZE (whitelist); j++) -+ if (strcmp(modules.entries[i], whitelist[j]) == 0) -+ break; -+ if (j == ARRAY_SIZE (whitelist)) -+ return 0; -+ } -+ return 1; -+} -+ - void - grub_install_push_module (const char *val) - { -diff --git a/util/grub-install.c b/util/grub-install.c -index 8d18f2530..ac8f98552 100644 ---- a/util/grub-install.c -+++ b/util/grub-install.c -@@ -1956,9 +1956,14 @@ main (int argc, char *argv[]) - - /* Now perform the installation. */ - if (install_bootsector) -- grub_util_bios_setup (platdir, "boot.img", "core.img", -- install_drive, force, -- fs_probe, allow_floppy, add_rs_codes); -+ { -+ int warn_short_mbr_gap = !grub_install_is_short_mbrgap_supported(); -+ -+ grub_util_bios_setup (platdir, "boot.img", "core.img", -+ install_drive, force, -+ fs_probe, allow_floppy, add_rs_codes, -+ warn_short_mbr_gap); -+ } - break; - } - case GRUB_INSTALL_PLATFORM_SPARC64_IEEE1275: -@@ -1985,7 +1990,7 @@ main (int argc, char *argv[]) - grub_util_sparc_setup (platdir, "boot.img", "core.img", - install_drive, force, - fs_probe, allow_floppy, -- 0 /* unused */ ); -+ 0 /* unused */, 0 /* unused */ ); - break; - } - -diff --git a/util/grub-setup.c b/util/grub-setup.c -index 42b98ad3c..1783224dd 100644 ---- a/util/grub-setup.c -+++ b/util/grub-setup.c -@@ -315,7 +315,7 @@ main (int argc, char *argv[]) - arguments.core_file ? : DEFAULT_CORE_FILE, - dest_dev, arguments.force, - arguments.fs_probe, arguments.allow_floppy, -- arguments.add_rs_codes); -+ arguments.add_rs_codes, 0); - - /* Free resources. */ - grub_fini_all (); -diff --git a/util/setup.c b/util/setup.c -index 59b2b4b85..f34dcb0fe 100644 ---- a/util/setup.c -+++ b/util/setup.c -@@ -254,7 +254,8 @@ SETUP (const char *dir, - const char *boot_file, const char *core_file, - const char *dest, int force, - int fs_probe, int allow_floppy, -- int add_rs_codes __attribute__ ((unused))) /* unused on sparc64 */ -+ int add_rs_codes __attribute__ ((unused)), /* unused on sparc64 */ -+ int warn_small) - { - char *core_path; - char *boot_img, *core_img, *boot_path; -@@ -528,7 +529,7 @@ SETUP (const char *dir, - else if (ctx.dest_partmap) - { - err = ctx.dest_partmap->embed (dest_dev->disk, &nsec, maxsec, -- GRUB_EMBED_PCBIOS, §ors); -+ GRUB_EMBED_PCBIOS, §ors, warn_small); - #ifdef GRUB_SETUP_BIOS - if ((err == GRUB_ERR_OUT_OF_RANGE || err == GRUB_ERR_FILE_NOT_FOUND) - && dest_dev->disk->id == root_dev->disk->id --- -2.26.2 - diff --git a/0001-add-support-for-UEFI-network-protocols.patch b/0001-add-support-for-UEFI-network-protocols.patch index fd302d8..274c9e5 100644 --- a/0001-add-support-for-UEFI-network-protocols.patch +++ b/0001-add-support-for-UEFI-network-protocols.patch @@ -68,19 +68,11 @@ V6: create mode 100644 include/grub/efi/http.h create mode 100644 include/grub/net/efi.h -Index: grub-2.04/grub-core/Makefile.core.def +Index: grub-2.06/grub-core/Makefile.core.def =================================================================== ---- grub-2.04.orig/grub-core/Makefile.core.def -+++ grub-2.04/grub-core/Makefile.core.def -@@ -1854,7 +1854,6 @@ module = { - module = { - name = linuxefi; - efi = loader/i386/efi/linux.c; -- efi = lib/cmdline.c; - enable = i386_efi; - enable = x86_64_efi; - }; -@@ -2283,6 +2282,12 @@ module = { +--- grub-2.06.orig/grub-core/Makefile.core.def ++++ grub-2.06/grub-core/Makefile.core.def +@@ -2306,6 +2306,12 @@ module = { common = net/ethernet.c; common = net/arp.c; common = net/netbuff.c; @@ -93,10 +85,10 @@ Index: grub-2.04/grub-core/Makefile.core.def }; module = { -Index: grub-2.04/grub-core/io/bufio.c +Index: grub-2.06/grub-core/io/bufio.c =================================================================== ---- grub-2.04.orig/grub-core/io/bufio.c -+++ grub-2.04/grub-core/io/bufio.c +--- grub-2.06.orig/grub-core/io/bufio.c ++++ grub-2.06/grub-core/io/bufio.c @@ -139,7 +139,7 @@ grub_bufio_read (grub_file_t file, char return res; @@ -106,11 +98,11 @@ Index: grub-2.04/grub-core/io/bufio.c /* Now read between file->offset + res and bufio->buffer_at. */ if (file->offset + res < next_buf) { -Index: grub-2.04/grub-core/kern/efi/efi.c +Index: grub-2.06/grub-core/kern/efi/efi.c =================================================================== ---- grub-2.04.orig/grub-core/kern/efi/efi.c -+++ grub-2.04/grub-core/kern/efi/efi.c -@@ -722,7 +722,7 @@ grub_efi_print_device_path (grub_efi_dev +--- grub-2.06.orig/grub-core/kern/efi/efi.c ++++ grub-2.06/grub-core/kern/efi/efi.c +@@ -750,7 +750,7 @@ grub_efi_print_device_path (grub_efi_dev { grub_efi_ipv4_device_path_t *ipv4 = (grub_efi_ipv4_device_path_t *) dp; @@ -119,7 +111,7 @@ Index: grub-2.04/grub-core/kern/efi/efi.c (unsigned) ipv4->local_ip_address[0], (unsigned) ipv4->local_ip_address[1], (unsigned) ipv4->local_ip_address[2], -@@ -735,33 +735,60 @@ grub_efi_print_device_path (grub_efi_dev +@@ -763,33 +763,60 @@ grub_efi_print_device_path (grub_efi_dev (unsigned) ipv4->remote_port, (unsigned) ipv4->protocol, (unsigned) ipv4->static_ip_address); @@ -197,7 +189,7 @@ Index: grub-2.04/grub-core/kern/efi/efi.c } break; case GRUB_EFI_INFINIBAND_DEVICE_PATH_SUBTYPE: -@@ -801,6 +828,39 @@ grub_efi_print_device_path (grub_efi_dev +@@ -829,6 +856,39 @@ grub_efi_print_device_path (grub_efi_dev dump_vendor_path ("Messaging", (grub_efi_vendor_device_path_t *) dp); break; @@ -237,10 +229,10 @@ Index: grub-2.04/grub-core/kern/efi/efi.c default: grub_printf ("/UnknownMessaging(%x)", (unsigned) subtype); break; -Index: grub-2.04/grub-core/net/drivers/efi/efinet.c +Index: grub-2.06/grub-core/net/drivers/efi/efinet.c =================================================================== ---- grub-2.04.orig/grub-core/net/drivers/efi/efinet.c -+++ grub-2.04/grub-core/net/drivers/efi/efinet.c +--- grub-2.06.orig/grub-core/net/drivers/efi/efinet.c ++++ grub-2.06/grub-core/net/drivers/efi/efinet.c @@ -24,6 +24,7 @@ #include #include @@ -309,10 +301,10 @@ Index: grub-2.04/grub-core/net/drivers/efi/efinet.c + grub_efi_net_config = NULL; } -Index: grub-2.04/grub-core/net/efi/dhcp.c +Index: grub-2.06/grub-core/net/efi/dhcp.c =================================================================== --- /dev/null -+++ grub-2.04/grub-core/net/efi/dhcp.c ++++ grub-2.06/grub-core/net/efi/dhcp.c @@ -0,0 +1,399 @@ +#include +#include @@ -713,10 +705,10 @@ Index: grub-2.04/grub-core/net/efi/dhcp.c + +grub_command_func_t grub_efi_net_bootp = grub_cmd_efi_bootp; +grub_command_func_t grub_efi_net_bootp6 = grub_cmd_efi_bootp6; -Index: grub-2.04/grub-core/net/efi/http.c +Index: grub-2.06/grub-core/net/efi/http.c =================================================================== --- /dev/null -+++ grub-2.04/grub-core/net/efi/http.c ++++ grub-2.06/grub-core/net/efi/http.c @@ -0,0 +1,424 @@ + +#include @@ -904,7 +896,7 @@ Index: grub-2.04/grub-core/net/efi/http.c + if (status != GRUB_EFI_SUCCESS) + { + grub_free (request_data.url); -+ return grub_error (GRUB_ERR_IO, "Fail to create an event! status=0x%x\n", status); ++ return grub_error (GRUB_ERR_IO, "Fail to create an event! status=0x%" PRIxGRUB_SIZE, status); + } + + status = efi_call_2 (http->request, http, &request_token); @@ -913,7 +905,7 @@ Index: grub-2.04/grub-core/net/efi/http.c + { + efi_call_1 (b->close_event, request_token.event); + grub_free (request_data.url); -+ return grub_error (GRUB_ERR_IO, "Fail to send a request! status=0x%x\n", status); ++ return grub_error (GRUB_ERR_IO, "Fail to send a request! status=0x%" PRIxGRUB_SIZE, status); + } + /* TODO: Add Timeout */ + while (!request_callback_done) @@ -941,7 +933,7 @@ Index: grub-2.04/grub-core/net/efi/http.c + { + efi_call_1 (b->close_event, request_token.event); + grub_free (request_data.url); -+ return grub_error (GRUB_ERR_IO, "Fail to create an event! status=0x%x\n", status); ++ return grub_error (GRUB_ERR_IO, "Fail to create an event! status=0x%" PRIxGRUB_SIZE, status); + } + + response_token.status = GRUB_EFI_SUCCESS; @@ -1142,10 +1134,10 @@ Index: grub-2.04/grub-core/net/efi/http.c + .read = grub_efihttp_read, + .close = grub_efihttp_close + }; -Index: grub-2.04/grub-core/net/efi/ip4_config.c +Index: grub-2.06/grub-core/net/efi/ip4_config.c =================================================================== --- /dev/null -+++ grub-2.04/grub-core/net/efi/ip4_config.c ++++ grub-2.06/grub-core/net/efi/ip4_config.c @@ -0,0 +1,409 @@ + +#include @@ -1215,7 +1207,7 @@ Index: grub-2.04/grub-core/net/efi/ip4_config.c + for (i = 0; i < 4; i++) + { + unsigned long t; -+ t = grub_strtoul (ptr, (char **) &ptr, 0); ++ t = grub_strtoul (ptr, &ptr, 0); + if (grub_errno) + { + grub_errno = GRUB_ERR_NONE; @@ -1556,10 +1548,10 @@ Index: grub-2.04/grub-core/net/efi/ip4_config.c + .set_gateway = grub_efi_ip4_interface_set_gateway, + .set_dns = grub_efi_ip4_interface_set_dns + }; -Index: grub-2.04/grub-core/net/efi/ip6_config.c +Index: grub-2.06/grub-core/net/efi/ip6_config.c =================================================================== --- /dev/null -+++ grub-2.04/grub-core/net/efi/ip6_config.c ++++ grub-2.06/grub-core/net/efi/ip6_config.c @@ -0,0 +1,430 @@ +#include +#include @@ -1648,7 +1640,7 @@ Index: grub-2.04/grub-core/net/efi/ip6_config.c + ptr++; + continue; + } -+ t = grub_strtoul (ptr, (char **) &ptr, 16); ++ t = grub_strtoul (ptr, &ptr, 16); + if (grub_errno) + { + grub_errno = GRUB_ERR_NONE; @@ -1991,10 +1983,10 @@ Index: grub-2.04/grub-core/net/efi/ip6_config.c + .set_gateway = grub_efi_ip6_interface_set_gateway, + .set_dns = grub_efi_ip6_interface_set_dns + }; -Index: grub-2.04/grub-core/net/efi/net.c +Index: grub-2.06/grub-core/net/efi/net.c =================================================================== --- /dev/null -+++ grub-2.04/grub-core/net/efi/net.c ++++ grub-2.06/grub-core/net/efi/net.c @@ -0,0 +1,1440 @@ +#include +#include @@ -2711,7 +2703,7 @@ Index: grub-2.04/grub-core/net/efi/net.c + status = efi_call_2 (service->create_child, service, &child_dev); + if (status != GRUB_EFI_SUCCESS) + { -+ grub_error (GRUB_ERR_IO, N_("Failed to create child device of http service %x"), status); ++ grub_error (GRUB_ERR_IO, N_("Failed to create child device of http service %" PRIxGRUB_SIZE), status); + return NULL; + } + @@ -2734,7 +2726,7 @@ Index: grub-2.04/grub-core/net/efi/net.c + { + grub_uint32_t subnet_mask_size; + -+ subnet_mask_size = grub_strtoul (rest + 1, (char **) &rest, 0); ++ subnet_mask_size = grub_strtoul (rest + 1, &rest, 0); + + if (!grub_errno && subnet_mask_size <= 32 && *rest == 0) + { @@ -2763,7 +2755,7 @@ Index: grub-2.04/grub-core/net/efi/net.c + { + grub_efi_uint8_t prefix_length; + -+ prefix_length = grub_strtoul (rest + 1, (char **) &rest, 0); ++ prefix_length = grub_strtoul (rest + 1, &rest, 0); + if (!grub_errno && prefix_length <= 128 && *rest == 0) + { + ip6->prefix_length = prefix_length; @@ -3436,10 +3428,10 @@ Index: grub-2.04/grub-core/net/efi/net.c + grub_net_open = NULL; + grub_fs_unregister (&grub_efi_netfs); +} -Index: grub-2.04/grub-core/net/efi/pxe.c +Index: grub-2.06/grub-core/net/efi/pxe.c =================================================================== --- /dev/null -+++ grub-2.04/grub-core/net/efi/pxe.c ++++ grub-2.06/grub-core/net/efi/pxe.c @@ -0,0 +1,424 @@ + +#include @@ -3630,7 +3622,7 @@ Index: grub-2.04/grub-core/net/efi/pxe.c + ptr++; + continue; + } -+ t = grub_strtoul (ptr, (char **) &ptr, 16); ++ t = grub_strtoul (ptr, &ptr, 16); + if (grub_errno) + { + grub_errno = GRUB_ERR_NONE; @@ -3668,7 +3660,7 @@ Index: grub-2.04/grub-core/net/efi/pxe.c + int type __attribute__((unused))) +{ + int i; -+ char *p; ++ const char *p; + grub_efi_status_t status; + grub_efi_pxe_ip_address_t server_ip; + grub_efi_uint64_t file_size = 0; @@ -3756,7 +3748,7 @@ Index: grub-2.04/grub-core/net/efi/pxe.c + grub_size_t len) +{ + int i; -+ char *p; ++ const char *p; + grub_efi_status_t status; + grub_efi_pxe_t *pxe = (prefer_ip6) ? dev->ip6_pxe : dev->ip4_pxe; + grub_efi_uint64_t bufsz = len; @@ -3865,10 +3857,10 @@ Index: grub-2.04/grub-core/net/efi/pxe.c + .close = pxe_close + }; + -Index: grub-2.04/grub-core/net/net.c +Index: grub-2.06/grub-core/net/net.c =================================================================== ---- grub-2.04.orig/grub-core/net/net.c -+++ grub-2.04/grub-core/net/net.c +--- grub-2.06.orig/grub-core/net/net.c ++++ grub-2.06/grub-core/net/net.c @@ -32,6 +32,9 @@ #include #include @@ -3879,7 +3871,7 @@ Index: grub-2.04/grub-core/net/net.c GRUB_MOD_LICENSE ("GPLv3+"); -@@ -1817,8 +1820,49 @@ static grub_command_t cmd_addaddr, cmd_d +@@ -1954,8 +1957,49 @@ static grub_command_t cmd_addaddr, cmd_d static grub_command_t cmd_lsroutes, cmd_lscards; static grub_command_t cmd_lsaddr, cmd_slaac; @@ -3929,7 +3921,7 @@ Index: grub-2.04/grub-core/net/net.c grub_register_variable_hook ("net_default_server", defserver_get_env, defserver_set_env); grub_env_export ("net_default_server"); -@@ -1866,10 +1910,37 @@ GRUB_MOD_INIT(net) +@@ -2003,10 +2047,37 @@ GRUB_MOD_INIT(net) grub_net_restore_hw, GRUB_LOADER_PREBOOT_HOOK_PRIO_DISK); grub_net_poll_cards_idle = grub_net_poll_cards_idle_real; @@ -3967,7 +3959,7 @@ Index: grub-2.04/grub-core/net/net.c grub_register_variable_hook ("net_default_server", 0, 0); grub_register_variable_hook ("pxe_default_server", 0, 0); -@@ -1888,4 +1959,7 @@ GRUB_MOD_FINI(net) +@@ -2025,4 +2096,7 @@ GRUB_MOD_FINI(net) grub_net_fini_hw (0); grub_loader_unregister_preboot_hook (fini_hnd); grub_net_poll_cards_idle = grub_net_poll_cards_idle_real; @@ -3975,11 +3967,11 @@ Index: grub-2.04/grub-core/net/net.c + init_mode = INIT_MODE_NONE; +#endif } -Index: grub-2.04/include/grub/efi/api.h +Index: grub-2.06/include/grub/efi/api.h =================================================================== ---- grub-2.04.orig/include/grub/efi/api.h -+++ grub-2.04/include/grub/efi/api.h -@@ -588,6 +588,23 @@ typedef grub_uint16_t grub_efi_ipv6_addr +--- grub-2.06.orig/include/grub/efi/api.h ++++ grub-2.06/include/grub/efi/api.h +@@ -608,6 +608,23 @@ typedef grub_uint16_t grub_efi_ipv6_addr typedef grub_uint8_t grub_efi_ip_address_t[8] __attribute__ ((aligned(4))); typedef grub_efi_uint64_t grub_efi_physical_address_t; typedef grub_efi_uint64_t grub_efi_virtual_address_t; @@ -4003,7 +3995,7 @@ Index: grub-2.04/include/grub/efi/api.h struct grub_efi_guid { -@@ -851,6 +868,8 @@ struct grub_efi_ipv6_device_path +@@ -875,6 +892,8 @@ struct grub_efi_ipv6_device_path grub_efi_uint16_t remote_port; grub_efi_uint16_t protocol; grub_efi_uint8_t static_ip_address; @@ -4012,7 +4004,7 @@ Index: grub-2.04/include/grub/efi/api.h } GRUB_PACKED; typedef struct grub_efi_ipv6_device_path grub_efi_ipv6_device_path_t; -@@ -900,6 +919,15 @@ struct grub_efi_uri_device_path +@@ -924,6 +943,15 @@ struct grub_efi_uri_device_path } GRUB_PACKED; typedef struct grub_efi_uri_device_path grub_efi_uri_device_path_t; @@ -4028,7 +4020,7 @@ Index: grub-2.04/include/grub/efi/api.h #define GRUB_EFI_VENDOR_MESSAGING_DEVICE_PATH_SUBTYPE 10 /* Media Device Path. */ -@@ -982,6 +1010,23 @@ struct grub_efi_bios_device_path +@@ -1006,6 +1034,23 @@ struct grub_efi_bios_device_path } GRUB_PACKED; typedef struct grub_efi_bios_device_path grub_efi_bios_device_path_t; @@ -4052,7 +4044,7 @@ Index: grub-2.04/include/grub/efi/api.h struct grub_efi_open_protocol_information_entry { grub_efi_handle_t agent_handle; -@@ -1473,23 +1518,28 @@ typedef struct grub_efi_simple_text_outp +@@ -1497,23 +1542,28 @@ typedef struct grub_efi_simple_text_outp typedef grub_uint8_t grub_efi_pxe_packet_t[1472]; @@ -4095,7 +4087,7 @@ Index: grub-2.04/include/grub/efi/api.h #define GRUB_EFI_PXE_BASE_CODE_MAX_IPCNT 8 typedef struct { -@@ -1539,17 +1589,31 @@ typedef struct grub_efi_pxe_mode +@@ -1563,17 +1613,31 @@ typedef struct grub_efi_pxe_mode typedef struct grub_efi_pxe { grub_uint64_t rev; @@ -4131,7 +4123,7 @@ Index: grub-2.04/include/grub/efi/api.h void (*setpackets) (void); struct grub_efi_pxe_mode *mode; } grub_efi_pxe_t; -@@ -1791,6 +1855,44 @@ struct grub_efi_ip4_config2_protocol +@@ -1835,6 +1899,44 @@ struct grub_efi_ip4_config2_protocol }; typedef struct grub_efi_ip4_config2_protocol grub_efi_ip4_config2_protocol_t; @@ -4176,7 +4168,7 @@ Index: grub-2.04/include/grub/efi/api.h enum grub_efi_ip6_config_data_type { GRUB_EFI_IP6_CONFIG_DATA_TYPE_INTERFACEINFO, GRUB_EFI_IP6_CONFIG_DATA_TYPE_ALT_INTERFACEID, -@@ -1825,6 +1927,49 @@ struct grub_efi_ip6_config_protocol +@@ -1869,6 +1971,49 @@ struct grub_efi_ip6_config_protocol }; typedef struct grub_efi_ip6_config_protocol grub_efi_ip6_config_protocol_t; @@ -4226,10 +4218,10 @@ Index: grub-2.04/include/grub/efi/api.h #if (GRUB_TARGET_SIZEOF_VOID_P == 4) || defined (__ia64__) \ || defined (__aarch64__) || defined (__MINGW64__) || defined (__CYGWIN__) \ || defined(__riscv) -Index: grub-2.04/include/grub/efi/dhcp.h +Index: grub-2.06/include/grub/efi/dhcp.h =================================================================== --- /dev/null -+++ grub-2.04/include/grub/efi/dhcp.h ++++ grub-2.06/include/grub/efi/dhcp.h @@ -0,0 +1,343 @@ +#ifndef GRUB_EFI_DHCP_HEADER +#define GRUB_EFI_DHCP_HEADER 1 @@ -4574,10 +4566,10 @@ Index: grub-2.04/include/grub/efi/dhcp.h +}; + +#endif /* ! GRUB_EFI_DHCP_HEADER */ -Index: grub-2.04/include/grub/efi/http.h +Index: grub-2.06/include/grub/efi/http.h =================================================================== --- /dev/null -+++ grub-2.04/include/grub/efi/http.h ++++ grub-2.06/include/grub/efi/http.h @@ -0,0 +1,215 @@ +/* + * GRUB -- GRand Unified Bootloader @@ -4794,10 +4786,10 @@ Index: grub-2.04/include/grub/efi/http.h +typedef struct grub_efi_http grub_efi_http_t; + +#endif /* !GRUB_EFI_HTTP_HEADER */ -Index: grub-2.04/include/grub/net/efi.h +Index: grub-2.06/include/grub/net/efi.h =================================================================== --- /dev/null -+++ grub-2.04/include/grub/net/efi.h ++++ grub-2.06/include/grub/net/efi.h @@ -0,0 +1,144 @@ +#ifndef GRUB_NET_EFI_HEADER +#define GRUB_NET_EFI_HEADER 1 diff --git a/0001-include-grub-i386-linux.h-Include-missing-grub-types.patch b/0001-include-grub-i386-linux.h-Include-missing-grub-types.patch deleted file mode 100644 index be0c3f4..0000000 --- a/0001-include-grub-i386-linux.h-Include-missing-grub-types.patch +++ /dev/null @@ -1,39 +0,0 @@ -From f756ab3eac93346c3945eeb254773436ea3e1607 Mon Sep 17 00:00:00 2001 -From: Javier Martinez Canillas -Date: Thu, 3 Dec 2020 16:01:43 +0100 -Subject: [PATCH 01/46] include/grub/i386/linux.h: Include missing - header -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -This header uses types defined in but does not include it, -which leads to compile errors like the following: - -In file included from ../include/grub/cpu/linux.h:19, - from kern/efi/sb.c:21: -../include/grub/i386/linux.h:80:3: error: unknown type name ‘grub_uint64_t’ - 80 | grub_uint64_t addr; - -Signed-off-by: Javier Martinez Canillas -Reviewed-by: Daniel Kiper ---- - include/grub/i386/linux.h | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/include/grub/i386/linux.h b/include/grub/i386/linux.h -index ce30e7fb0..6da5f030f 100644 ---- a/include/grub/i386/linux.h -+++ b/include/grub/i386/linux.h -@@ -19,6 +19,8 @@ - #ifndef GRUB_I386_LINUX_HEADER - #define GRUB_I386_LINUX_HEADER 1 - -+#include -+ - #define GRUB_LINUX_I386_MAGIC_SIGNATURE 0x53726448 /* "HdrS" */ - #define GRUB_LINUX_DEFAULT_SETUP_SECTS 4 - #define GRUB_LINUX_INITRD_MAX_ADDRESS 0x37FFFFFF --- -2.26.2 - diff --git a/0001-kern-efi-sb-Add-chainloaded-image-as-shim-s-verifiab.patch b/0001-kern-efi-sb-Add-chainloaded-image-as-shim-s-verifiab.patch deleted file mode 100644 index 6805d64..0000000 --- a/0001-kern-efi-sb-Add-chainloaded-image-as-shim-s-verifiab.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 6d05264eeceaa2be991093d7fc31b78130bf5453 Mon Sep 17 00:00:00 2001 -From: Michael Chang -Date: Fri, 5 Mar 2021 21:48:53 +0800 -Subject: [PATCH] kern/efi/sb: Add chainloaded image as shim's verifiable - object - -While attempting to dual boot Microsoft Windows with UEFI chainloader, -it failed with below error when UEFI Secure Boot was enabled: - - error ../../grub-core/kern/verifiers.c:119:verification requested but - nobody cares: /EFI/Microsoft/Boot/bootmgfw.efi. - -It is a regression, as previously it worked without any problem. - -It turns out chainloading PE image has been locked down by commit -578c95298 (kern: Add lockdown support). However, we should consider it -as verifiable object by shim to allow booting in UEFI Secure Boot mode. -The chainloaded PE image could also have trusted signature created by -vendor with their pubkey cert in db. For that matters it's usage should -not be locked down under UEFI Secure Boot, and instead shim should be -allowed to validate a PE binary signature before running it. - -Fixes: 578c95298 (kern: Add lockdown support) - -Signed-off-by: Michael Chang -Reviewed-by: Daniel Kiper ---- - grub-core/kern/efi/sb.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/grub-core/kern/efi/sb.c b/grub-core/kern/efi/sb.c -index 41dadcd14..96d237722 100644 ---- a/grub-core/kern/efi/sb.c -+++ b/grub-core/kern/efi/sb.c -@@ -129,6 +129,7 @@ shim_lock_verifier_init (grub_file_t io __attribute__ ((unused)), - case GRUB_FILE_TYPE_BSD_KERNEL: - case GRUB_FILE_TYPE_XNU_KERNEL: - case GRUB_FILE_TYPE_PLAN9_KERNEL: -+ case GRUB_FILE_TYPE_EFI_CHAINLOADED_IMAGE: - *flags = GRUB_VERIFY_FLAGS_SINGLE_CHUNK; - - /* Fall through. */ --- -2.26.2 - diff --git a/0001-mdraid1x_linux-Fix-gcc10-error-Werror-array-bounds.patch b/0001-mdraid1x_linux-Fix-gcc10-error-Werror-array-bounds.patch deleted file mode 100644 index 8932ed3..0000000 --- a/0001-mdraid1x_linux-Fix-gcc10-error-Werror-array-bounds.patch +++ /dev/null @@ -1,52 +0,0 @@ -From fe8a83722bf1af7ea3949e6d96e7906407f78d5c Mon Sep 17 00:00:00 2001 -From: Michael Chang -Date: Wed, 25 Mar 2020 13:52:51 +0800 -Subject: [PATCH 1/2] mdraid1x_linux: Fix gcc10 error -Werror=array-bounds - -We bumped into the build error while testing gcc-10 pre-release. - -../../grub-core/disk/mdraid1x_linux.c: In function 'grub_mdraid_detect': -../../grub-core/disk/mdraid1x_linux.c:181:15: error: array subscript is outside array bounds of 'grub_uint16_t[0]' {aka 'short unsigned int[0]'} [-Werror=array-bounds] - 181 | (char *) &sb.dev_roles[grub_le_to_cpu32 (sb.dev_number)] - | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -../../grub-core/disk/mdraid1x_linux.c:98:17: note: while referencing 'dev_roles' - 98 | grub_uint16_t dev_roles[0]; /* Role in array, or 0xffff for a spare, or 0xfffe for faulty. */ - | ^~~~~~~~~ -../../grub-core/disk/mdraid1x_linux.c:127:33: note: defined here 'sb' - 127 | struct grub_raid_super_1x sb; - | ^~ -cc1: all warnings being treated as errors - -Apparently gcc issues the warning when trying to access sb.dev_roles -array's member, since it is a zero length array as the last element of -struct grub_raid_super_1x that is allocated sparsely without extra -chunks for the trailing bits, so the warning looks legitimate in this -regard. - -As the whole thing here is doing offset computation, it is undue to use -syntax that would imply array member access then take address from it -later. Instead we could accomplish the same thing through basic array -pointer arithmetic to pacify the warning. - -Signed-off-by: Michael Chang -Reviewed-by: Daniel Kiper ---- - grub-core/disk/mdraid1x_linux.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/grub-core/disk/mdraid1x_linux.c b/grub-core/disk/mdraid1x_linux.c -index 7cc80d3df..c980feba4 100644 ---- a/grub-core/disk/mdraid1x_linux.c -+++ b/grub-core/disk/mdraid1x_linux.c -@@ -178,7 +178,7 @@ grub_mdraid_detect (grub_disk_t disk, - return NULL; - - if (grub_disk_read (disk, sector, -- (char *) &sb.dev_roles[grub_le_to_cpu32 (sb.dev_number)] -+ (char *) (sb.dev_roles + grub_le_to_cpu32 (sb.dev_number)) - - (char *) &sb, - sizeof (role), &role)) - return NULL; --- -2.16.4 - diff --git a/0001-normal-Move-common-datetime-functions-out-of-the-nor.patch b/0001-normal-Move-common-datetime-functions-out-of-the-nor.patch deleted file mode 100644 index 34c5bf0..0000000 --- a/0001-normal-Move-common-datetime-functions-out-of-the-nor.patch +++ /dev/null @@ -1,311 +0,0 @@ -From aa096037ae013c553acf52f9e3aa3a49c91f3c57 Mon Sep 17 00:00:00 2001 -From: Javier Martinez Canillas -Date: Fri, 14 Feb 2020 12:44:14 +0100 -Subject: [PATCH] normal: Move common datetime functions out of the normal - module - -The common datetime helper functions are currently included in the normal -module, but this makes any other module that calls these functions to have -a dependency with the normal module only for this reason. - -Since the normal module does a lot of stuff, it calls functions from other -modules. But since other modules may depend on it for calling the datetime -helpers, this could lead to circular dependencies between modules. - -As an example, when platform == xen the grub_get_datetime() function from -the datetime module calls to the grub_unixtime2datetime() helper function -from the normal module. Which leads to the following module dependency: - - datetime -> normal - -and send_dhcp_packet() from the net module calls the grub_get_datetime() -function, which leads to the following module dependency: - - net -> datetime -> normal - -but that means that the normal module is not allowed to depend on net or -any other module that depends on it due the transitive dependency caused -by datetime. A recent patch attempted to add support to fetch the config -file over the network, which leads to the following circular dependency: - - normal -> net -> datetime -> normal - -So having the datetime helpers in the normal module makes it quite fragile -and easy to add circular dependencies like these, that break the build due -the genmoddep.awk script catching the issues. - -Fix this by taking the datetime helper functions out of the normal module -and instead add them to the datetime module itself. Besides fixing these -issues, it makes more sense to have these helper functions there anyways. - -Reported-by: Daniel Kiper -Signed-off-by: Javier Martinez Canillas -Reviewed-by: Daniel Kiper ---- - Makefile.util.def | 2 +- - grub-core/Makefile.core.def | 2 +- - grub-core/{normal => lib}/datetime.c | 0 - 3 files changed, 2 insertions(+), 2 deletions(-) - rename grub-core/{normal => lib}/datetime.c (100%) - -Index: grub-2.04/Makefile.util.def -=================================================================== ---- grub-2.04.orig/Makefile.util.def -+++ grub-2.04/Makefile.util.def -@@ -139,7 +139,7 @@ library = { - common = grub-core/lib/crc.c; - common = grub-core/lib/adler32.c; - common = grub-core/lib/crc64.c; -- common = grub-core/normal/datetime.c; -+ common = grub-core/lib/datetime.c; - common = grub-core/normal/misc.c; - common = grub-core/partmap/acorn.c; - common = grub-core/partmap/amiga.c; -Index: grub-2.04/grub-core/Makefile.core.def -=================================================================== ---- grub-2.04.orig/grub-core/Makefile.core.def -+++ grub-2.04/grub-core/Makefile.core.def -@@ -1657,6 +1657,7 @@ module = { - - module = { - name = datetime; -+ common = lib/datetime.c; - cmos = lib/cmos_datetime.c; - efi = lib/efi/datetime.c; - uboot = lib/dummy/datetime.c; -@@ -1903,7 +1904,6 @@ module = { - common = normal/autofs.c; - common = normal/color.c; - common = normal/completion.c; -- common = normal/datetime.c; - common = normal/menu.c; - common = normal/menu_entry.c; - common = normal/menu_text.c; -Index: grub-2.04/grub-core/lib/datetime.c -=================================================================== ---- /dev/null -+++ grub-2.04/grub-core/lib/datetime.c -@@ -0,0 +1,109 @@ -+/* datetime.c - Module for common datetime function. */ -+/* -+ * GRUB -- GRand Unified Bootloader -+ * Copyright (C) 2008 Free Software Foundation, Inc. -+ * -+ * GRUB is free software: you can redistribute it and/or modify -+ * it under the terms of the GNU General Public License as published by -+ * the Free Software Foundation, either version 3 of the License, or -+ * (at your option) any later version. -+ * -+ * GRUB is distributed in the hope that it will be useful, -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ * GNU General Public License for more details. -+ * -+ * You should have received a copy of the GNU General Public License -+ * along with GRUB. If not, see . -+ */ -+ -+#include -+#include -+ -+static const char *const grub_weekday_names[] = -+{ -+ N_("Sunday"), -+ N_("Monday"), -+ N_("Tuesday"), -+ N_("Wednesday"), -+ N_("Thursday"), -+ N_("Friday"), -+ N_("Saturday"), -+}; -+ -+int -+grub_get_weekday (struct grub_datetime *datetime) -+{ -+ unsigned a, y, m; -+ -+ if (datetime->month <= 2) -+ a = 1; -+ else -+ a = 0; -+ y = datetime->year - a; -+ m = datetime->month + 12 * a - 2; -+ -+ return (datetime->day + y + y / 4 - y / 100 + y / 400 + (31 * m / 12)) % 7; -+} -+ -+const char * -+grub_get_weekday_name (struct grub_datetime *datetime) -+{ -+ return _ (grub_weekday_names[grub_get_weekday (datetime)]); -+} -+ -+#define SECPERMIN 60 -+#define SECPERHOUR (60*SECPERMIN) -+#define SECPERDAY (24*SECPERHOUR) -+#define DAYSPERYEAR 365 -+#define DAYSPER4YEARS (4*DAYSPERYEAR+1) -+ -+ -+void -+grub_unixtime2datetime (grub_int32_t nix, struct grub_datetime *datetime) -+{ -+ int i; -+ grub_uint8_t months[12] = {31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31}; -+ /* In the period of validity of unixtime all years divisible by 4 -+ are bissextile*/ -+ /* Convenience: let's have 3 consecutive non-bissextile years -+ at the beginning of the counting date. So count from 1901. */ -+ int days_epoch; -+ /* Number of days since 1st Januar, 1901. */ -+ unsigned days; -+ /* Seconds into current day. */ -+ unsigned secs_in_day; -+ /* Transform C divisions and modulos to mathematical ones */ -+ if (nix < 0) -+ days_epoch = -(((unsigned) (SECPERDAY-nix-1)) / SECPERDAY); -+ else -+ days_epoch = ((unsigned) nix) / SECPERDAY; -+ secs_in_day = nix - days_epoch * SECPERDAY; -+ days = days_epoch + 69 * DAYSPERYEAR + 17; -+ -+ datetime->year = 1901 + 4 * (days / DAYSPER4YEARS); -+ days %= DAYSPER4YEARS; -+ /* On 31st December of bissextile years 365 days from the beginning -+ of the year elapsed but year isn't finished yet */ -+ if (days / DAYSPERYEAR == 4) -+ { -+ datetime->year += 3; -+ days -= 3*DAYSPERYEAR; -+ } -+ else -+ { -+ datetime->year += days / DAYSPERYEAR; -+ days %= DAYSPERYEAR; -+ } -+ for (i = 0; i < 12 -+ && days >= (i==1 && datetime->year % 4 == 0 -+ ? 29 : months[i]); i++) -+ days -= (i==1 && datetime->year % 4 == 0 -+ ? 29 : months[i]); -+ datetime->month = i + 1; -+ datetime->day = 1 + days; -+ datetime->hour = (secs_in_day / SECPERHOUR); -+ secs_in_day %= SECPERHOUR; -+ datetime->minute = secs_in_day / SECPERMIN; -+ datetime->second = secs_in_day % SECPERMIN; -+} -Index: grub-2.04/grub-core/normal/datetime.c -=================================================================== ---- grub-2.04.orig/grub-core/normal/datetime.c -+++ /dev/null -@@ -1,109 +0,0 @@ --/* datetime.c - Module for common datetime function. */ --/* -- * GRUB -- GRand Unified Bootloader -- * Copyright (C) 2008 Free Software Foundation, Inc. -- * -- * GRUB is free software: you can redistribute it and/or modify -- * it under the terms of the GNU General Public License as published by -- * the Free Software Foundation, either version 3 of the License, or -- * (at your option) any later version. -- * -- * GRUB is distributed in the hope that it will be useful, -- * but WITHOUT ANY WARRANTY; without even the implied warranty of -- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -- * GNU General Public License for more details. -- * -- * You should have received a copy of the GNU General Public License -- * along with GRUB. If not, see . -- */ -- --#include --#include -- --static const char *const grub_weekday_names[] = --{ -- N_("Sunday"), -- N_("Monday"), -- N_("Tuesday"), -- N_("Wednesday"), -- N_("Thursday"), -- N_("Friday"), -- N_("Saturday"), --}; -- --int --grub_get_weekday (struct grub_datetime *datetime) --{ -- unsigned a, y, m; -- -- if (datetime->month <= 2) -- a = 1; -- else -- a = 0; -- y = datetime->year - a; -- m = datetime->month + 12 * a - 2; -- -- return (datetime->day + y + y / 4 - y / 100 + y / 400 + (31 * m / 12)) % 7; --} -- --const char * --grub_get_weekday_name (struct grub_datetime *datetime) --{ -- return _ (grub_weekday_names[grub_get_weekday (datetime)]); --} -- --#define SECPERMIN 60 --#define SECPERHOUR (60*SECPERMIN) --#define SECPERDAY (24*SECPERHOUR) --#define DAYSPERYEAR 365 --#define DAYSPER4YEARS (4*DAYSPERYEAR+1) -- -- --void --grub_unixtime2datetime (grub_int32_t nix, struct grub_datetime *datetime) --{ -- int i; -- grub_uint8_t months[12] = {31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31}; -- /* In the period of validity of unixtime all years divisible by 4 -- are bissextile*/ -- /* Convenience: let's have 3 consecutive non-bissextile years -- at the beginning of the counting date. So count from 1901. */ -- int days_epoch; -- /* Number of days since 1st Januar, 1901. */ -- unsigned days; -- /* Seconds into current day. */ -- unsigned secs_in_day; -- /* Transform C divisions and modulos to mathematical ones */ -- if (nix < 0) -- days_epoch = -(((unsigned) (SECPERDAY-nix-1)) / SECPERDAY); -- else -- days_epoch = ((unsigned) nix) / SECPERDAY; -- secs_in_day = nix - days_epoch * SECPERDAY; -- days = days_epoch + 69 * DAYSPERYEAR + 17; -- -- datetime->year = 1901 + 4 * (days / DAYSPER4YEARS); -- days %= DAYSPER4YEARS; -- /* On 31st December of bissextile years 365 days from the beginning -- of the year elapsed but year isn't finished yet */ -- if (days / DAYSPERYEAR == 4) -- { -- datetime->year += 3; -- days -= 3*DAYSPERYEAR; -- } -- else -- { -- datetime->year += days / DAYSPERYEAR; -- days %= DAYSPERYEAR; -- } -- for (i = 0; i < 12 -- && days >= (i==1 && datetime->year % 4 == 0 -- ? 29 : months[i]); i++) -- days -= (i==1 && datetime->year % 4 == 0 -- ? 29 : months[i]); -- datetime->month = i + 1; -- datetime->day = 1 + days; -- datetime->hour = (secs_in_day / SECPERHOUR); -- secs_in_day %= SECPERHOUR; -- datetime->minute = secs_in_day / SECPERMIN; -- datetime->second = secs_in_day % SECPERMIN; --} diff --git a/0001-yylex-Make-lexer-fatal-errors-actually-be-fatal.patch b/0001-yylex-Make-lexer-fatal-errors-actually-be-fatal.patch deleted file mode 100644 index 655a4ef..0000000 --- a/0001-yylex-Make-lexer-fatal-errors-actually-be-fatal.patch +++ /dev/null @@ -1,67 +0,0 @@ -From a948ac01744f3490fa5af4b38039f7dade68bb3e Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Wed, 15 Apr 2020 15:45:02 -0400 -Subject: [PATCH EMBARGOED CVE-2020-10713] yylex: Make lexer fatal errors - actually be fatal - -When presented with a command that can't be tokenized to anything -smaller than YYLMAX characters, the parser calls YY_FATAL_ERROR(errmsg), -expecting that will stop further processing, as such: - - #define YY_DO_BEFORE_ACTION \ - yyg->yytext_ptr = yy_bp; \ - yyleng = (int) (yy_cp - yy_bp); \ - yyg->yy_hold_char = *yy_cp; \ - *yy_cp = '\0'; \ - if ( yyleng >= YYLMAX ) \ - YY_FATAL_ERROR( "token too large, exceeds YYLMAX" ); \ - yy_flex_strncpy( yytext, yyg->yytext_ptr, yyleng + 1 , yyscanner); \ - yyg->yy_c_buf_p = yy_cp; - -The code flex generates expects that YY_FATAL_ERROR() will either return -for it or do some form of longjmp(), or handle the error in some way at -least, and so the strncpy() call isn't in an "else" clause, and thus if -YY_FATAL_ERROR() is *not* actually fatal, it does the call with the -questionable limit, and predictable results ensue. - -Unfortunately, our implementation of YY_FATAL_ERROR() is: - - #define YY_FATAL_ERROR(msg) \ - do { \ - grub_printf (_("fatal error: %s\n"), _(msg)); \ - } while (0) - -The same pattern exists in yyless(), and similar problems exist in users -of YY_INPUT(), several places in the main parsing loop, -yy_get_next_buffer(), yy_load_buffer_state(), yyensure_buffer_stack, -yy_scan_buffer(), etc. - -All of these callers expect YY_FATAL_ERROR() to actually be fatal, and -the things they do if it returns after calling it are wildly unsafe. - -Signed-off-by: Peter Jones -Reviewed-by: Daniel Kiper ---- - grub-core/script/yylex.l | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/grub-core/script/yylex.l b/grub-core/script/yylex.l -index 7b44c37b7..b7203c823 100644 ---- a/grub-core/script/yylex.l -+++ b/grub-core/script/yylex.l -@@ -37,11 +37,11 @@ - - /* - * As we don't have access to yyscanner, we cannot do much except to -- * print the fatal error. -+ * print the fatal error and exit. - */ - #define YY_FATAL_ERROR(msg) \ - do { \ -- grub_printf (_("fatal error: %s\n"), _(msg)); \ -+ grub_fatal (_("fatal error: %s\n"), _(msg));\ - } while (0) - - #define COPY(str, hint) \ --- -2.11.0 diff --git a/0002-efi-Make-shim_lock-GUID-and-protocol-type-public.patch b/0002-efi-Make-shim_lock-GUID-and-protocol-type-public.patch deleted file mode 100644 index c629230..0000000 --- a/0002-efi-Make-shim_lock-GUID-and-protocol-type-public.patch +++ /dev/null @@ -1,96 +0,0 @@ -From 3b60f205de1450ed6bbe8655bfb59ea0dac4ad78 Mon Sep 17 00:00:00 2001 -From: Daniel Kiper -Date: Thu, 3 Dec 2020 16:01:45 +0100 -Subject: [PATCH 02/46] efi: Make shim_lock GUID and protocol type public - -The GUID will be used to properly detect and report UEFI Secure Boot -status to the x86 Linux kernel. The functionality will be added by -subsequent patches. The shim_lock protocol type is made public for -completeness. - -Additionally, fix formatting of four preceding GUIDs. - -Signed-off-by: Daniel Kiper -Signed-off-by: Marco A Benatto -Signed-off-by: Javier Martinez Canillas -Reviewed-by: Daniel Kiper ---- - grub-core/commands/efi/shim_lock.c | 12 ------------ - include/grub/efi/api.h | 19 +++++++++++++++---- - 2 files changed, 15 insertions(+), 16 deletions(-) - -diff --git a/grub-core/commands/efi/shim_lock.c b/grub-core/commands/efi/shim_lock.c -index 764098cfc..d8f52d721 100644 ---- a/grub-core/commands/efi/shim_lock.c -+++ b/grub-core/commands/efi/shim_lock.c -@@ -27,18 +27,6 @@ - - GRUB_MOD_LICENSE ("GPLv3+"); - --#define GRUB_EFI_SHIM_LOCK_GUID \ -- { 0x605dab50, 0xe046, 0x4300, \ -- { 0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23 } \ -- } -- --struct grub_efi_shim_lock_protocol --{ -- grub_efi_status_t -- (*verify) (void *buffer, grub_uint32_t size); --}; --typedef struct grub_efi_shim_lock_protocol grub_efi_shim_lock_protocol_t; -- - static grub_efi_guid_t shim_lock_guid = GRUB_EFI_SHIM_LOCK_GUID; - static grub_efi_shim_lock_protocol_t *sl; - -diff --git a/include/grub/efi/api.h b/include/grub/efi/api.h -index 21efee3f3..b5cef9a88 100644 ---- a/include/grub/efi/api.h -+++ b/include/grub/efi/api.h -@@ -316,22 +316,27 @@ - - #define GRUB_EFI_SAL_TABLE_GUID \ - { 0xeb9d2d32, 0x2d88, 0x11d3, \ -- { 0x9a, 0x16, 0x0, 0x90, 0x27, 0x3f, 0xc1, 0x4d } \ -+ { 0x9a, 0x16, 0x0, 0x90, 0x27, 0x3f, 0xc1, 0x4d } \ - } - - #define GRUB_EFI_HCDP_TABLE_GUID \ - { 0xf951938d, 0x620b, 0x42ef, \ -- { 0x82, 0x79, 0xa8, 0x4b, 0x79, 0x61, 0x78, 0x98 } \ -+ { 0x82, 0x79, 0xa8, 0x4b, 0x79, 0x61, 0x78, 0x98 } \ - } - - #define GRUB_EFI_DEVICE_TREE_GUID \ - { 0xb1b621d5, 0xf19c, 0x41a5, \ -- { 0x83, 0x0b, 0xd9, 0x15, 0x2c, 0x69, 0xaa, 0xe0 } \ -+ { 0x83, 0x0b, 0xd9, 0x15, 0x2c, 0x69, 0xaa, 0xe0 } \ - } - - #define GRUB_EFI_VENDOR_APPLE_GUID \ - { 0x2B0585EB, 0xD8B8, 0x49A9, \ -- { 0x8B, 0x8C, 0xE2, 0x1B, 0x01, 0xAE, 0xF2, 0xB7 } \ -+ { 0x8B, 0x8C, 0xE2, 0x1B, 0x01, 0xAE, 0xF2, 0xB7 } \ -+ } -+ -+#define GRUB_EFI_SHIM_LOCK_GUID \ -+ { 0x605dab50, 0xe046, 0x4300, \ -+ { 0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23 } \ - } - - #define GRUB_EFI_IP4_CONFIG2_PROTOCOL_GUID \ -@@ -1970,6 +1975,12 @@ struct grub_efi_ip6_config_manual_address { - }; - typedef struct grub_efi_ip6_config_manual_address grub_efi_ip6_config_manual_address_t; - -+struct grub_efi_shim_lock_protocol -+{ -+ grub_efi_status_t (*verify) (void *buffer, grub_uint32_t size); -+}; -+typedef struct grub_efi_shim_lock_protocol grub_efi_shim_lock_protocol_t; -+ - #if (GRUB_TARGET_SIZEOF_VOID_P == 4) || defined (__ia64__) \ - || defined (__aarch64__) || defined (__MINGW64__) || defined (__CYGWIN__) \ - || defined(__riscv) --- -2.26.2 - diff --git a/0002-grub-install-Avoid-incompleted-install-on-i386-pc.patch b/0002-grub-install-Avoid-incompleted-install-on-i386-pc.patch deleted file mode 100644 index 248e419..0000000 --- a/0002-grub-install-Avoid-incompleted-install-on-i386-pc.patch +++ /dev/null @@ -1,97 +0,0 @@ -From 4cf2e774557c782aa7156b2261d603212b24a64c Mon Sep 17 00:00:00 2001 -From: Michael Chang -Date: Sat, 26 Sep 2020 20:29:40 +0800 -Subject: [PATCH 2/2] grub-install: Avoid incompleted install on i386-pc - -If any error happens between grub_install_copy_files() and -grub_util_bios_setup(), the system would become unbootable with error -like undefined symbol as a result of incompleted install that leaves -behind images on disk from different build to the modules on /boot. - -This patch makes grub_install_copy_files() an adjecent call to -grub_util_bios_setup() to minimize the risk of running into any error in -between that would abort the process. - -V1: - * Create platform directory, /boot/grub2/i386-pc, which is required to - have existed in the process of setting up prefix for the core.img. - This fixed "failed to get canonical path of `/boot/grub2/i386-pc`" - error during grub-install. - -V2: Do not clean up core.img and boot.img in i386-pc platform directory. - The core.img is required by blocklist install that will load it from - platform directory. Both files can be used by grub2-bios-setup to - reinstall images to disk made by previous grub2-install. - -Signed-off-by: Michael Chang ---- - util/grub-install.c | 7 +++++-- - 1 file changed, 5 insertions(+), 2 deletions(-) - -Index: grub-2.04/util/grub-install.c -=================================================================== ---- grub-2.04.orig/util/grub-install.c -+++ grub-2.04/util/grub-install.c -@@ -1340,8 +1340,9 @@ main (int argc, char *argv[]) - } - } - -- grub_install_copy_files (grub_install_source_directory, -- grubdir, platform); -+ if (platform != GRUB_INSTALL_PLATFORM_I386_PC) -+ grub_install_copy_files (grub_install_source_directory, -+ grubdir, platform); - - char *envfile = grub_util_path_concat (2, grubdir, "grubenv"); - if (!grub_util_is_regular (envfile)) -@@ -1430,6 +1431,7 @@ main (int argc, char *argv[]) - { - char *t = grub_util_path_concat (2, grubdir, - platname); -+ grub_install_mkdir_p (t); - platdir = grub_canonicalize_file_name (t); - if (!platdir) - grub_util_error (_("failed to get canonical path of `%s'"), -@@ -1964,6 +1966,8 @@ main (int argc, char *argv[]) - fs_probe, allow_floppy, add_rs_codes, - warn_short_mbr_gap); - } -+ grub_install_copy_files (grub_install_source_directory, -+ grubdir, platform); - break; - } - case GRUB_INSTALL_PLATFORM_SPARC64_IEEE1275: -Index: grub-2.04/util/grub-install-common.c -=================================================================== ---- grub-2.04.orig/util/grub-install-common.c -+++ grub-2.04/util/grub-install-common.c -@@ -190,18 +190,28 @@ clean_grub_dir (const char *di) - { - grub_util_fd_dir_t d; - grub_util_fd_dirent_t de; -+ int skip_img = 0; - - d = grub_util_fd_opendir (di); - if (!d) - grub_util_error (_("cannot open directory `%s': %s"), - di, grub_util_fd_strerror ()); - -+ { -+ char *plat_i386_pc = grub_install_get_platform_name (GRUB_INSTALL_PLATFORM_I386_PC); -+ const char *plat = strrchr (di, '/'); -+ -+ if (plat && strcmp (plat + 1, plat_i386_pc) == 0) -+ skip_img = 1; -+ free (plat_i386_pc); -+ } -+ - while ((de = grub_util_fd_readdir (d))) - { - const char *ext = strrchr (de->d_name, '.'); - if ((ext && (strcmp (ext, ".mod") == 0 - || strcmp (ext, ".lst") == 0 -- || strcmp (ext, ".img") == 0 -+ || (!skip_img && strcmp (ext, ".img") == 0) - || strcmp (ext, ".mo") == 0) - && strcmp (de->d_name, "menu.lst") != 0) - || strcmp (de->d_name, "efiemu32.o") == 0 diff --git a/0002-kern-Add-X-option-to-printf-functions.patch b/0002-kern-Add-X-option-to-printf-functions.patch deleted file mode 100644 index 89d78ce..0000000 --- a/0002-kern-Add-X-option-to-printf-functions.patch +++ /dev/null @@ -1,65 +0,0 @@ -From 8c2c35dcc027a77aee48de89093d8770de0a8cf8 Mon Sep 17 00:00:00 2001 -From: Paulo Flabiano Smorigo -Date: Wed, 22 Jan 2020 12:01:52 +0100 -Subject: [PATCH] kern: Add %X option to printf functions - -The printf(3) function has support for the %X format specifier, to output -an unsigned hexadecimal integer in uppercase. - -This can be achived in GRUB using the %x format specifier in grub_printf() -and calling grub_toupper(), but it is more convenient if there is support -for %X in grub_printf(). - -Signed-off-by: Paulo Flabiano Smorigo -Signed-off-by: Javier Martinez Canillas -Reviewed-by: Daniel Kiper ---- - grub-core/kern/misc.c | 7 +++++-- - 1 file changed, 5 insertions(+), 2 deletions(-) - -Index: grub-2.04/grub-core/kern/misc.c -=================================================================== ---- grub-2.04.orig/grub-core/kern/misc.c -+++ grub-2.04/grub-core/kern/misc.c -@@ -588,7 +588,7 @@ grub_divmod64 (grub_uint64_t n, grub_uin - static inline char * - grub_lltoa (char *str, int c, unsigned long long n) - { -- unsigned base = (c == 'x') ? 16 : 10; -+ unsigned base = ((c == 'x') || (c == 'X')) ? 16 : 10; - char *p; - - if ((long long) n < 0 && c == 'd') -@@ -603,7 +603,7 @@ grub_lltoa (char *str, int c, unsigned l - do - { - unsigned d = (unsigned) (n & 0xf); -- *p++ = (d > 9) ? d + 'a' - 10 : d + '0'; -+ *p++ = (d > 9) ? d + ((c == 'x') ? 'a' : 'A') - 10 : d + '0'; - } - while (n >>= 4); - else -@@ -676,6 +676,7 @@ parse_printf_args (const char *fmt0, str - { - case 'p': - case 'x': -+ case 'X': - case 'u': - case 'd': - case 'c': -@@ -762,6 +763,7 @@ parse_printf_args (const char *fmt0, str - switch (c) - { - case 'x': -+ case 'X': - case 'u': - args->ptr[curn].type = UNSIGNED_INT + longfmt; - break; -@@ -900,6 +902,7 @@ grub_vsnprintf_real (char *str, grub_siz - c = 'x'; - /* Fall through. */ - case 'x': -+ case 'X': - case 'u': - case 'd': - { diff --git a/0002-net-read-bracketed-ipv6-addrs-and-port-numbers.patch b/0002-net-read-bracketed-ipv6-addrs-and-port-numbers.patch index 35b1aa4..0ef43b1 100644 --- a/0002-net-read-bracketed-ipv6-addrs-and-port-numbers.patch +++ b/0002-net-read-bracketed-ipv6-addrs-and-port-numbers.patch @@ -15,11 +15,11 @@ number include/grub/net.h | 1 + 4 files changed, 104 insertions(+), 10 deletions(-) -diff --git a/grub-core/net/http.c b/grub-core/net/http.c -index 5aa4ad3..f182d7b 100644 ---- a/grub-core/net/http.c -+++ b/grub-core/net/http.c -@@ -312,12 +312,14 @@ http_establish (struct grub_file *file, grub_off_t offset, int initial) +Index: grub-2.06~rc1/grub-core/net/http.c +=================================================================== +--- grub-2.06~rc1.orig/grub-core/net/http.c ++++ grub-2.06~rc1/grub-core/net/http.c +@@ -312,12 +312,14 @@ http_establish (struct grub_file *file, int i; struct grub_net_buff *nb; grub_err_t err; @@ -35,7 +35,7 @@ index 5aa4ad3..f182d7b 100644 + sizeof ("\r\nUser-Agent: " PACKAGE_STRING "\r\n") - 1 + sizeof ("Range: bytes=XXXXXXXXXXXXXXXXXXXX" -@@ -356,7 +358,7 @@ http_establish (struct grub_file *file, grub_off_t offset, int initial) +@@ -356,7 +358,7 @@ http_establish (struct grub_file *file, sizeof (" HTTP/1.1\r\nHost: ") - 1); ptr = nb->tail; @@ -44,7 +44,7 @@ index 5aa4ad3..f182d7b 100644 if (err) { grub_netbuff_free (nb); -@@ -365,6 +367,15 @@ http_establish (struct grub_file *file, grub_off_t offset, int initial) +@@ -365,6 +367,15 @@ http_establish (struct grub_file *file, grub_memcpy (ptr, file->device->net->server, grub_strlen (file->device->net->server)); @@ -60,7 +60,7 @@ index 5aa4ad3..f182d7b 100644 ptr = nb->tail; err = grub_netbuff_put (nb, sizeof ("\r\nUser-Agent: " PACKAGE_STRING "\r\n") -@@ -390,8 +401,10 @@ http_establish (struct grub_file *file, grub_off_t offset, int initial) +@@ -390,8 +401,10 @@ http_establish (struct grub_file *file, grub_netbuff_put (nb, 2); grub_memcpy (ptr, "\r\n", 2); @@ -70,14 +70,14 @@ index 5aa4ad3..f182d7b 100644 + data->filename, server, port ? port : HTTP_PORT); + data->sock = grub_net_tcp_open (server, + port ? port : HTTP_PORT, http_receive, - http_err, http_err, + http_err, NULL, file); if (!data->sock) -diff --git a/grub-core/net/net.c b/grub-core/net/net.c -index 10773fc..5cc0d2f 100644 ---- a/grub-core/net/net.c -+++ b/grub-core/net/net.c -@@ -437,6 +437,12 @@ parse_ip6 (const char *val, grub_uint64_t *ip, const char **rest) +Index: grub-2.06~rc1/grub-core/net/net.c +=================================================================== +--- grub-2.06~rc1.orig/grub-core/net/net.c ++++ grub-2.06~rc1/grub-core/net/net.c +@@ -442,6 +442,12 @@ parse_ip6 (const char *val, grub_uint64_ grub_uint16_t newip[8]; const char *ptr = val; int word, quaddot = -1; @@ -90,7 +90,7 @@ index 10773fc..5cc0d2f 100644 if (ptr[0] == ':' && ptr[1] != ':') return 0; -@@ -475,6 +481,9 @@ parse_ip6 (const char *val, grub_uint64_t *ip, const char **rest) +@@ -480,6 +486,9 @@ parse_ip6 (const char *val, grub_uint64_ grub_memset (&newip[quaddot], 0, (7 - word) * sizeof (newip[0])); } grub_memcpy (ip, newip, 16); @@ -100,7 +100,7 @@ index 10773fc..5cc0d2f 100644 if (rest) *rest = ptr; return 1; -@@ -1260,8 +1269,10 @@ grub_net_open_real (const char *name) +@@ -1265,8 +1274,10 @@ grub_net_open_real (const char *name) { grub_net_app_level_t proto; const char *protname, *server; @@ -111,7 +111,7 @@ index 10773fc..5cc0d2f 100644 if (grub_strncmp (name, "pxe:", sizeof ("pxe:") - 1) == 0) { -@@ -1299,6 +1310,72 @@ grub_net_open_real (const char *name) +@@ -1304,6 +1315,72 @@ grub_net_open_real (const char *name) return NULL; } @@ -184,7 +184,7 @@ index 10773fc..5cc0d2f 100644 for (try = 0; try < 2; try++) { FOR_NET_APP_LEVEL (proto) -@@ -1308,14 +1385,13 @@ grub_net_open_real (const char *name) +@@ -1313,14 +1390,13 @@ grub_net_open_real (const char *name) { grub_net_t ret = grub_zalloc (sizeof (*ret)); if (!ret) @@ -203,11 +203,11 @@ index 10773fc..5cc0d2f 100644 ret->fs = &grub_net_fs; return ret; } -diff --git a/grub-core/net/tftp.c b/grub-core/net/tftp.c -index 7d90bf6..a0817a0 100644 ---- a/grub-core/net/tftp.c -+++ b/grub-core/net/tftp.c -@@ -314,6 +314,7 @@ tftp_open (struct grub_file *file, const char *filename) +Index: grub-2.06~rc1/grub-core/net/tftp.c +=================================================================== +--- grub-2.06~rc1.orig/grub-core/net/tftp.c ++++ grub-2.06~rc1/grub-core/net/tftp.c +@@ -295,6 +295,7 @@ tftp_open (struct grub_file *file, const grub_err_t err; grub_uint8_t *nbd; grub_net_network_level_address_t addr; @@ -215,14 +215,13 @@ index 7d90bf6..a0817a0 100644 data = grub_zalloc (sizeof (*data)); if (!data) -@@ -382,13 +383,16 @@ tftp_open (struct grub_file *file, const char *filename) +@@ -361,12 +362,15 @@ tftp_open (struct grub_file *file, const err = grub_net_resolve_address (file->device->net->server, &addr); if (err) { + grub_dprintf ("tftp", "file_size is %llu, block_size is %llu\n", + (unsigned long long)data->file_size, + (unsigned long long)data->block_size); - destroy_pq (data); grub_free (data); return err; } @@ -233,10 +232,10 @@ index 7d90bf6..a0817a0 100644 file); if (!data->sock) { -diff --git a/include/grub/net.h b/include/grub/net.h -index 2192fa1..ccc169c 100644 ---- a/include/grub/net.h -+++ b/include/grub/net.h +Index: grub-2.06~rc1/include/grub/net.h +=================================================================== +--- grub-2.06~rc1.orig/include/grub/net.h ++++ grub-2.06~rc1/include/grub/net.h @@ -270,6 +270,7 @@ typedef struct grub_net { char *server; @@ -245,6 +244,3 @@ index 2192fa1..ccc169c 100644 grub_net_app_level_t protocol; grub_net_packets_t packs; grub_off_t offset; --- -2.6.6 - diff --git a/0002-safemath-Add-some-arithmetic-primitives-that-check-f.patch b/0002-safemath-Add-some-arithmetic-primitives-that-check-f.patch deleted file mode 100644 index f33e367..0000000 --- a/0002-safemath-Add-some-arithmetic-primitives-that-check-f.patch +++ /dev/null @@ -1,123 +0,0 @@ -From de1c315841aa6f37357c72e196810484013291d6 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Mon, 15 Jun 2020 10:58:42 -0400 -Subject: [PATCH 2/7] safemath: Add some arithmetic primitives that check for - overflow - -This adds a new header, include/grub/safemath.h, that includes easy to -use wrappers for __builtin_{add,sub,mul}_overflow() declared like: - - bool OP(a, b, res) - -where OP is grub_add, grub_sub or grub_mul. OP() returns true in the -case where the operation would overflow and res is not modified. -Otherwise, false is returned and the operation is executed. - -These arithmetic primitives require newer compiler versions. So, bump -these requirements in the INSTALL file too. - -Signed-off-by: Peter Jones -Reviewed-by: Daniel Kiper ---- - INSTALL | 22 ++-------------------- - include/grub/compiler.h | 8 ++++++++ - include/grub/safemath.h | 37 +++++++++++++++++++++++++++++++++++++ - 3 files changed, 47 insertions(+), 20 deletions(-) - create mode 100644 include/grub/safemath.h - -diff --git a/INSTALL b/INSTALL -index dedf236a8..79a0af7d9 100644 ---- a/INSTALL -+++ b/INSTALL -@@ -11,27 +11,9 @@ GRUB depends on some software packages installed into your system. If - you don't have any of them, please obtain and install them before - configuring the GRUB. - --* GCC 4.1.3 or later -- Note: older versions may work but support is limited -- -- Experimental support for clang 3.3 or later (results in much bigger binaries) -+* GCC 5.1.0 or later -+ Experimental support for clang 3.8.0 or later (results in much bigger binaries) - for i386, x86_64, arm (including thumb), arm64, mips(el), powerpc, sparc64 -- Note: clang 3.2 or later works for i386 and x86_64 targets but results in -- much bigger binaries. -- earlier versions not tested -- Note: clang 3.2 or later works for arm -- earlier versions not tested -- Note: clang on arm64 is not supported due to -- https://llvm.org/bugs/show_bug.cgi?id=26030 -- Note: clang 3.3 or later works for mips(el) -- earlier versions fail to generate .reginfo and hence gprel relocations -- fail. -- Note: clang 3.2 or later works for powerpc -- earlier versions not tested -- Note: clang 3.5 or later works for sparc64 -- earlier versions return "error: unable to interface with target machine" -- Note: clang has no support for ia64 and hence you can't compile GRUB -- for ia64 with clang - * GNU Make - * GNU Bison 2.3 or later - * GNU gettext 0.17 or later -diff --git a/include/grub/compiler.h b/include/grub/compiler.h -index c9e1d7a73..8f3be3ae7 100644 ---- a/include/grub/compiler.h -+++ b/include/grub/compiler.h -@@ -48,4 +48,12 @@ - # define WARN_UNUSED_RESULT - #endif - -+#if defined(__clang__) && defined(__clang_major__) && defined(__clang_minor__) -+# define CLANG_PREREQ(maj,min) \ -+ ((__clang_major__ > (maj)) || \ -+ (__clang_major__ == (maj) && __clang_minor__ >= (min))) -+#else -+# define CLANG_PREREQ(maj,min) 0 -+#endif -+ - #endif /* ! GRUB_COMPILER_HEADER */ -diff --git a/include/grub/safemath.h b/include/grub/safemath.h -new file mode 100644 -index 000000000..c17b89bba ---- /dev/null -+++ b/include/grub/safemath.h -@@ -0,0 +1,37 @@ -+/* -+ * GRUB -- GRand Unified Bootloader -+ * Copyright (C) 2020 Free Software Foundation, Inc. -+ * -+ * GRUB is free software: you can redistribute it and/or modify -+ * it under the terms of the GNU General Public License as published by -+ * the Free Software Foundation, either version 3 of the License, or -+ * (at your option) any later version. -+ * -+ * GRUB is distributed in the hope that it will be useful, -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ * GNU General Public License for more details. -+ * -+ * You should have received a copy of the GNU General Public License -+ * along with GRUB. If not, see . -+ * -+ * Arithmetic operations that protect against overflow. -+ */ -+ -+#ifndef GRUB_SAFEMATH_H -+#define GRUB_SAFEMATH_H 1 -+ -+#include -+ -+/* These appear in gcc 5.1 and clang 3.8. */ -+#if GNUC_PREREQ(5, 1) || CLANG_PREREQ(3, 8) -+ -+#define grub_add(a, b, res) __builtin_add_overflow(a, b, res) -+#define grub_sub(a, b, res) __builtin_sub_overflow(a, b, res) -+#define grub_mul(a, b, res) __builtin_mul_overflow(a, b, res) -+ -+#else -+#error gcc 5.1 or newer or clang 3.8 or newer is required -+#endif -+ -+#endif /* GRUB_SAFEMATH_H */ --- -2.27.0 diff --git a/0002-zfs-Fix-gcc10-error-Werror-zero-length-bounds.patch b/0002-zfs-Fix-gcc10-error-Werror-zero-length-bounds.patch deleted file mode 100644 index 144cc29..0000000 --- a/0002-zfs-Fix-gcc10-error-Werror-zero-length-bounds.patch +++ /dev/null @@ -1,87 +0,0 @@ -From 30379c2280c5b4514abafc2492e081209a330cb0 Mon Sep 17 00:00:00 2001 -From: Michael Chang -Date: Wed, 25 Mar 2020 14:28:15 +0800 -Subject: [PATCH 2/2] zfs: Fix gcc10 error -Werror=zero-length-bounds - -We bumped into the build error while testing gcc-10 pre-release. - -In file included from ../../include/grub/file.h:22, - from ../../grub-core/fs/zfs/zfs.c:34: -../../grub-core/fs/zfs/zfs.c: In function 'zap_leaf_lookup': -../../grub-core/fs/zfs/zfs.c:2263:44: error: array subscript '' is outside the bounds of an interior zero-length array 'grub_uint16_t[0]' {aka 'short unsigned int[0]'} [-Werror=zero-length-bounds] -2263 | for (chunk = grub_zfs_to_cpu16 (l->l_hash[LEAF_HASH (blksft, h, l)], endian); -../../include/grub/types.h:241:48: note: in definition of macro 'grub_le_to_cpu16' - 241 | # define grub_le_to_cpu16(x) ((grub_uint16_t) (x)) - | ^ -../../grub-core/fs/zfs/zfs.c:2263:16: note: in expansion of macro 'grub_zfs_to_cpu16' -2263 | for (chunk = grub_zfs_to_cpu16 (l->l_hash[LEAF_HASH (blksft, h, l)], endian); - | ^~~~~~~~~~~~~~~~~ -In file included from ../../grub-core/fs/zfs/zfs.c:48: -../../include/grub/zfs/zap_leaf.h:72:16: note: while referencing 'l_hash' - 72 | grub_uint16_t l_hash[0]; - | ^~~~~~ - -Here I'd like to quote from the gcc document [1] which seems best to -explain what is going on here. - -"Although the size of a zero-length array is zero, an array member of -this kind may increase the size of the enclosing type as a result of -tail padding. The offset of a zero-length array member from the -beginning of the enclosing structure is the same as the offset of an -array with one or more elements of the same type. The alignment of a -zero-length array is the same as the alignment of its elements. - -Declaring zero-length arrays in other contexts, including as interior -members of structure objects or as non-member objects, is discouraged. -Accessing elements of zero-length arrays declared in such contexts is -undefined and may be diagnosed." - -The l_hash[0] is apparnetly an interior member to the enclosed structure -while l_entries[0] is the trailing member. And the offending code tries -to access members in l_hash[0] array that triggers the diagnose. - -Given that the l_entries[0] is used to get proper alignment to access -leaf chunks, we can accomplish the same thing through the ALIGN_UP macro -thus eliminating l_entries[0] from the structure. In this way we can -pacify the warning as l_hash[0] now becomes the last member to the -enclosed structure. - -[1] https://gcc.gnu.org/onlinedocs/gcc/Zero-Length.html - -Signed-off-by: Michael Chang ---- - grub-core/fs/zfs/zfs.c | 5 ++++- - include/grub/zfs/zap_leaf.h | 1 - - 2 files changed, 4 insertions(+), 2 deletions(-) - -diff --git a/grub-core/fs/zfs/zfs.c b/grub-core/fs/zfs/zfs.c -index 2f72e42bf..b5e10fd0b 100644 ---- a/grub-core/fs/zfs/zfs.c -+++ b/grub-core/fs/zfs/zfs.c -@@ -141,7 +141,10 @@ ZAP_LEAF_NUMCHUNKS (int bs) - static inline zap_leaf_chunk_t * - ZAP_LEAF_CHUNK (zap_leaf_phys_t *l, int bs, int idx) - { -- return &((zap_leaf_chunk_t *) (l->l_entries -+ grub_properly_aligned_t *l_entries; -+ -+ l_entries = (grub_properly_aligned_t *) ALIGN_UP((grub_addr_t)l->l_hash, sizeof (grub_properly_aligned_t)); -+ return &((zap_leaf_chunk_t *) (l_entries - + (ZAP_LEAF_HASH_NUMENTRIES(bs) * 2) - / sizeof (grub_properly_aligned_t)))[idx]; - } -diff --git a/include/grub/zfs/zap_leaf.h b/include/grub/zfs/zap_leaf.h -index 95c67dcba..11447c166 100644 ---- a/include/grub/zfs/zap_leaf.h -+++ b/include/grub/zfs/zap_leaf.h -@@ -70,7 +70,6 @@ typedef struct zap_leaf_phys { - */ - - grub_uint16_t l_hash[0]; -- grub_properly_aligned_t l_entries[0]; - } zap_leaf_phys_t; - - typedef union zap_leaf_chunk { --- -2.16.4 - diff --git a/0003-Make-grub_error-more-verbose.patch b/0003-Make-grub_error-more-verbose.patch index 1e5b580..c41317e 100644 --- a/0003-Make-grub_error-more-verbose.patch +++ b/0003-Make-grub_error-more-verbose.patch @@ -10,50 +10,11 @@ Signed-off-by: Peter Jones include/grub/err.h | 5 ++++- 3 files changed, 29 insertions(+), 6 deletions(-) -diff --git a/grub-core/kern/efi/mm.c b/grub-core/kern/efi/mm.c -index a9e37108c..15595a46e 100644 ---- a/grub-core/kern/efi/mm.c -+++ b/grub-core/kern/efi/mm.c -@@ -157,12 +157,20 @@ grub_efi_allocate_pages_real (grub_efi_physical_address_t address, - - /* Limit the memory access to less than 4GB for 32-bit platforms. */ - if (address > GRUB_EFI_MAX_USABLE_ADDRESS) -- return 0; -+ { -+ grub_error (GRUB_ERR_BAD_ARGUMENT, -+ N_("invalid memory address (0x%llx > 0x%llx)"), -+ address, GRUB_EFI_MAX_USABLE_ADDRESS); -+ return NULL; -+ } - - b = grub_efi_system_table->boot_services; - status = efi_call_4 (b->allocate_pages, alloctype, memtype, pages, &address); - if (status != GRUB_EFI_SUCCESS) -- return 0; -+ { -+ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory")); -+ return NULL; -+ } - - if (address == 0) - { -@@ -172,7 +180,10 @@ grub_efi_allocate_pages_real (grub_efi_physical_address_t address, - status = efi_call_4 (b->allocate_pages, alloctype, memtype, pages, &address); - grub_efi_free_pages (0, pages); - if (status != GRUB_EFI_SUCCESS) -- return 0; -+ { -+ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory")); -+ return NULL; -+ } - } - - grub_efi_store_alloc (address, pages); -diff --git a/grub-core/kern/err.c b/grub-core/kern/err.c -index 53c734de7..aebfe0cf8 100644 ---- a/grub-core/kern/err.c -+++ b/grub-core/kern/err.c -@@ -33,15 +33,24 @@ static struct grub_error_saved grub_error_stack_items[GRUB_ERROR_STACK_SIZE]; +Index: grub-2.06~rc1/grub-core/kern/err.c +=================================================================== +--- grub-2.06~rc1.orig/grub-core/kern/err.c ++++ grub-2.06~rc1/grub-core/kern/err.c +@@ -33,15 +33,24 @@ static struct grub_error_saved grub_erro static int grub_error_stack_pos; static int grub_error_stack_assert; @@ -80,22 +41,21 @@ index 53c734de7..aebfe0cf8 100644 va_end (ap); return n; -diff --git a/include/grub/err.h b/include/grub/err.h -index 24ba9f5f5..b68bbec3c 100644 ---- a/include/grub/err.h -+++ b/include/grub/err.h -@@ -85,7 +85,10 @@ struct grub_error_saved +Index: grub-2.06~rc1/include/grub/err.h +=================================================================== +--- grub-2.06~rc1.orig/include/grub/err.h ++++ grub-2.06~rc1/include/grub/err.h +@@ -85,8 +85,11 @@ struct grub_error_saved extern grub_err_t EXPORT_VAR(grub_errno); extern char EXPORT_VAR(grub_errmsg)[GRUB_MAX_ERRMSG]; --grub_err_t EXPORT_FUNC(grub_error) (grub_err_t n, const char *fmt, ...); -+grub_err_t EXPORT_FUNC(grub_error) (grub_err_t n, const char *file, const int line, const char *fmt, ...); +-grub_err_t EXPORT_FUNC(grub_error) (grub_err_t n, const char *fmt, ...) +- __attribute__ ((format (GNU_PRINTF, 2, 3))); ++grub_err_t EXPORT_FUNC(grub_error) (grub_err_t n, const char *file, const int line, const char *fmt, ...) ++ __attribute__ ((format (GNU_PRINTF, 4, 5))); + +#define grub_error(n, fmt, ...) grub_error (n, __FILE__, __LINE__, fmt, ##__VA_ARGS__) + void EXPORT_FUNC(grub_fatal) (const char *fmt, ...) __attribute__ ((noreturn)); void EXPORT_FUNC(grub_error_push) (void); int EXPORT_FUNC(grub_error_pop) (void); --- -2.26.2 - diff --git a/0003-bootp-New-net_bootp6-command.patch b/0003-bootp-New-net_bootp6-command.patch index 965719f..8ecdef6 100644 --- a/0003-bootp-New-net_bootp6-command.patch +++ b/0003-bootp-New-net_bootp6-command.patch @@ -19,10 +19,10 @@ V1: include/grub/net.h | 72 ++++ 3 files changed, 1018 insertions(+), 1 deletion(-) -Index: grub-2.04/grub-core/net/bootp.c +Index: grub-2.06/grub-core/net/bootp.c =================================================================== ---- grub-2.04.orig/grub-core/net/bootp.c -+++ grub-2.04/grub-core/net/bootp.c +--- grub-2.06.orig/grub-core/net/bootp.c ++++ grub-2.06/grub-core/net/bootp.c @@ -24,6 +24,98 @@ #include #include @@ -122,7 +122,7 @@ Index: grub-2.04/grub-core/net/bootp.c struct grub_dhcp_discover_options { -@@ -563,6 +655,578 @@ out: +@@ -607,6 +699,578 @@ out: return err; } @@ -427,7 +427,7 @@ Index: grub-2.04/grub-core/net/bootp.c + grub_dhcp6_session_t se; + struct grub_datetime date; + grub_err_t err; -+ grub_int32_t t = 0; ++ grub_int64_t t = 0; + + se = grub_malloc (sizeof (*se)); + @@ -701,7 +701,7 @@ Index: grub-2.04/grub-core/net/bootp.c /* * This is called directly from net/ip.c:handle_dgram(), because those * BOOTP/DHCP packets are a bit special due to their improper -@@ -631,6 +1295,77 @@ grub_net_process_dhcp (struct grub_net_b +@@ -675,6 +1339,77 @@ grub_net_process_dhcp (struct grub_net_b } } @@ -776,10 +776,10 @@ Index: grub-2.04/grub-core/net/bootp.c + return GRUB_ERR_NONE; +} + - static char - hexdigit (grub_uint8_t val) - { -@@ -864,7 +1599,174 @@ grub_cmd_bootp (struct grub_command *cmd + static grub_err_t + grub_cmd_dhcpopt (struct grub_command *cmd __attribute__ ((unused)), + int argc, char **args) +@@ -900,7 +1635,174 @@ grub_cmd_bootp (struct grub_command *cmd return err; } @@ -955,7 +955,7 @@ Index: grub-2.04/grub-core/net/bootp.c void grub_bootp_init (void) -@@ -878,6 +1780,9 @@ grub_bootp_init (void) +@@ -914,6 +1816,9 @@ grub_bootp_init (void) cmd_getdhcp = grub_register_command ("net_get_dhcp_option", grub_cmd_dhcpopt, N_("VAR INTERFACE NUMBER DESCRIPTION"), N_("retrieve DHCP option and save it into VAR. If VAR is - then print the value.")); @@ -965,16 +965,16 @@ Index: grub-2.04/grub-core/net/bootp.c } void -@@ -886,4 +1791,5 @@ grub_bootp_fini (void) +@@ -922,4 +1827,5 @@ grub_bootp_fini (void) grub_unregister_command (cmd_getdhcp); grub_unregister_command (cmd_bootp); grub_unregister_command (cmd_dhcp); + grub_unregister_command (cmd_bootp6); } -Index: grub-2.04/grub-core/net/ip.c +Index: grub-2.06/grub-core/net/ip.c =================================================================== ---- grub-2.04.orig/grub-core/net/ip.c -+++ grub-2.04/grub-core/net/ip.c +--- grub-2.06.orig/grub-core/net/ip.c ++++ grub-2.06/grub-core/net/ip.c @@ -239,6 +239,45 @@ handle_dgram (struct grub_net_buff *nb, { struct udphdr *udph; @@ -1021,10 +1021,10 @@ Index: grub-2.04/grub-core/net/ip.c if (proto == GRUB_NET_IP_UDP && grub_be_to_cpu16 (udph->dst) == 68) { const struct grub_net_bootp_packet *bootp; -Index: grub-2.04/include/grub/net.h +Index: grub-2.06/include/grub/net.h =================================================================== ---- grub-2.04.orig/include/grub/net.h -+++ grub-2.04/include/grub/net.h +--- grub-2.06.orig/include/grub/net.h ++++ grub-2.06/include/grub/net.h @@ -448,6 +448,66 @@ struct grub_net_bootp_packet grub_uint8_t vendor[0]; } GRUB_PACKED; @@ -1092,7 +1092,7 @@ Index: grub-2.04/include/grub/net.h #define GRUB_NET_BOOTP_RFC1048_MAGIC_0 0x63 #define GRUB_NET_BOOTP_RFC1048_MAGIC_1 0x82 #define GRUB_NET_BOOTP_RFC1048_MAGIC_2 0x53 -@@ -481,6 +541,14 @@ grub_net_configure_by_dhcp_ack (const ch +@@ -483,6 +543,14 @@ grub_net_configure_by_dhcp_ack (const ch grub_size_t size, int is_def, char **device, char **path); @@ -1107,7 +1107,7 @@ Index: grub-2.04/include/grub/net.h grub_err_t grub_net_add_ipv4_local (struct grub_net_network_level_interface *inf, int mask); -@@ -489,6 +557,10 @@ void +@@ -491,6 +559,10 @@ void grub_net_process_dhcp (struct grub_net_buff *nb, struct grub_net_network_level_interface *iface); diff --git a/0003-calloc-Make-sure-we-always-have-an-overflow-checking.patch b/0003-calloc-Make-sure-we-always-have-an-overflow-checking.patch deleted file mode 100644 index 5c3be53..0000000 --- a/0003-calloc-Make-sure-we-always-have-an-overflow-checking.patch +++ /dev/null @@ -1,239 +0,0 @@ -From 79e51ab7a9a56f60a14f89ef047fd669977b99d1 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Mon, 15 Jun 2020 12:15:29 -0400 -Subject: [PATCH 3/7] calloc: Make sure we always have an overflow-checking - calloc() available - -This tries to make sure that everywhere in this source tree, we always have -an appropriate version of calloc() (i.e. grub_calloc(), xcalloc(), etc.) -available, and that they all safely check for overflow and return NULL when -it would occur. - -Signed-off-by: Peter Jones -Reviewed-by: Daniel Kiper ---- - grub-core/kern/emu/misc.c | 12 +++++++++ - grub-core/kern/emu/mm.c | 10 ++++++++ - grub-core/kern/mm.c | 40 ++++++++++++++++++++++++++++++ - grub-core/lib/libgcrypt_wrap/mem.c | 11 ++++++-- - grub-core/lib/posix_wrap/stdlib.h | 8 +++++- - include/grub/emu/misc.h | 1 + - include/grub/mm.h | 6 +++++ - 7 files changed, 85 insertions(+), 3 deletions(-) - -Index: grub-2.04/grub-core/kern/emu/misc.c -=================================================================== ---- grub-2.04.orig/grub-core/kern/emu/misc.c -+++ grub-2.04/grub-core/kern/emu/misc.c -@@ -87,6 +87,18 @@ grub_util_error (const char *fmt, ...) - } - - void * -+xcalloc (grub_size_t nmemb, grub_size_t size) -+{ -+ void *p; -+ -+ p = calloc (nmemb, size); -+ if (!p) -+ grub_util_error ("%s", _("out of memory")); -+ -+ return p; -+} -+ -+void * - xmalloc (grub_size_t size) - { - void *p; -Index: grub-2.04/grub-core/kern/emu/mm.c -=================================================================== ---- grub-2.04.orig/grub-core/kern/emu/mm.c -+++ grub-2.04/grub-core/kern/emu/mm.c -@@ -26,6 +26,16 @@ - #include - - void * -+grub_calloc (grub_size_t nmemb, grub_size_t size) -+{ -+ void *ret; -+ ret = calloc (nmemb, size); -+ if (!ret) -+ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory")); -+ return ret; -+} -+ -+void * - grub_malloc (grub_size_t size) - { - void *ret; -Index: grub-2.04/grub-core/kern/mm.c -=================================================================== ---- grub-2.04.orig/grub-core/kern/mm.c -+++ grub-2.04/grub-core/kern/mm.c -@@ -67,8 +67,10 @@ - #include - #include - #include -+#include - - #ifdef MM_DEBUG -+# undef grub_calloc - # undef grub_malloc - # undef grub_zalloc - # undef grub_realloc -@@ -375,6 +377,30 @@ grub_memalign (grub_size_t align, grub_s - return 0; - } - -+/* -+ * Allocate NMEMB instances of SIZE bytes and return the pointer, or error on -+ * integer overflow. -+ */ -+void * -+grub_calloc (grub_size_t nmemb, grub_size_t size) -+{ -+ void *ret; -+ grub_size_t sz = 0; -+ -+ if (grub_mul (nmemb, size, &sz)) -+ { -+ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); -+ return NULL; -+ } -+ -+ ret = grub_memalign (0, sz); -+ if (!ret) -+ return NULL; -+ -+ grub_memset (ret, 0, sz); -+ return ret; -+} -+ - /* Allocate SIZE bytes and return the pointer. */ - void * - grub_malloc (grub_size_t size) -@@ -562,6 +588,20 @@ grub_mm_dump (unsigned lineno) - } - - void * -+grub_debug_calloc (const char *file, int line, grub_size_t nmemb, grub_size_t size) -+{ -+ void *ptr; -+ -+ if (grub_mm_debug) -+ grub_printf ("%s:%d: calloc (0x%" PRIxGRUB_SIZE ", 0x%" PRIxGRUB_SIZE ") = ", -+ file, line, size); -+ ptr = grub_calloc (nmemb, size); -+ if (grub_mm_debug) -+ grub_printf ("%p\n", ptr); -+ return ptr; -+} -+ -+void * - grub_debug_malloc (const char *file, int line, grub_size_t size) - { - void *ptr; -Index: grub-2.04/grub-core/lib/libgcrypt_wrap/mem.c -=================================================================== ---- grub-2.04.orig/grub-core/lib/libgcrypt_wrap/mem.c -+++ grub-2.04/grub-core/lib/libgcrypt_wrap/mem.c -@@ -4,6 +4,7 @@ - #include - #include - #include -+#include - - GRUB_MOD_LICENSE ("GPLv3+"); - -@@ -36,7 +37,10 @@ void * - gcry_xcalloc (size_t n, size_t m) - { - void *ret; -- ret = grub_zalloc (n * m); -+ size_t sz; -+ if (grub_mul (n, m, &sz)) -+ grub_fatal ("gcry_xcalloc would overflow"); -+ ret = grub_zalloc (sz); - if (!ret) - grub_fatal ("gcry_xcalloc failed"); - return ret; -@@ -56,7 +60,10 @@ void * - gcry_xcalloc_secure (size_t n, size_t m) - { - void *ret; -- ret = grub_zalloc (n * m); -+ size_t sz; -+ if (grub_mul (n, m, &sz)) -+ grub_fatal ("gcry_xcalloc would overflow"); -+ ret = grub_zalloc (sz); - if (!ret) - grub_fatal ("gcry_xcalloc failed"); - return ret; -Index: grub-2.04/grub-core/lib/posix_wrap/stdlib.h -=================================================================== ---- grub-2.04.orig/grub-core/lib/posix_wrap/stdlib.h -+++ grub-2.04/grub-core/lib/posix_wrap/stdlib.h -@@ -21,6 +21,7 @@ - - #include - #include -+#include - - static inline void - free (void *ptr) -@@ -37,7 +38,12 @@ malloc (grub_size_t size) - static inline void * - calloc (grub_size_t size, grub_size_t nelem) - { -- return grub_zalloc (size * nelem); -+ grub_size_t sz; -+ -+ if (grub_mul (size, nelem, &sz)) -+ return NULL; -+ -+ return grub_zalloc (sz); - } - - static inline void * -Index: grub-2.04/include/grub/emu/misc.h -=================================================================== ---- grub-2.04.orig/include/grub/emu/misc.h -+++ grub-2.04/include/grub/emu/misc.h -@@ -47,6 +47,7 @@ grub_util_device_is_mapped (const char * - #define GRUB_HOST_PRIuLONG_LONG "llu" - #define GRUB_HOST_PRIxLONG_LONG "llx" - -+void * EXPORT_FUNC(xcalloc) (grub_size_t nmemb, grub_size_t size) WARN_UNUSED_RESULT; - void * EXPORT_FUNC(xmalloc) (grub_size_t size) WARN_UNUSED_RESULT; - void * EXPORT_FUNC(xrealloc) (void *ptr, grub_size_t size) WARN_UNUSED_RESULT; - char * EXPORT_FUNC(xstrdup) (const char *str) WARN_UNUSED_RESULT; -Index: grub-2.04/include/grub/mm.h -=================================================================== ---- grub-2.04.orig/include/grub/mm.h -+++ grub-2.04/include/grub/mm.h -@@ -29,6 +29,7 @@ - #endif - - void grub_mm_init_region (void *addr, grub_size_t size); -+void *EXPORT_FUNC(grub_calloc) (grub_size_t nmemb, grub_size_t size); - void *EXPORT_FUNC(grub_malloc) (grub_size_t size); - void *EXPORT_FUNC(grub_zalloc) (grub_size_t size); - void EXPORT_FUNC(grub_free) (void *ptr); -@@ -48,6 +49,9 @@ extern int EXPORT_VAR(grub_mm_debug); - void grub_mm_dump_free (void); - void grub_mm_dump (unsigned lineno); - -+#define grub_calloc(nmemb, size) \ -+ grub_debug_calloc (GRUB_FILE, __LINE__, nmemb, size) -+ - #define grub_malloc(size) \ - grub_debug_malloc (GRUB_FILE, __LINE__, size) - -@@ -63,6 +67,8 @@ void grub_mm_dump (unsigned lineno); - #define grub_free(ptr) \ - grub_debug_free (GRUB_FILE, __LINE__, ptr) - -+void *EXPORT_FUNC(grub_debug_calloc) (const char *file, int line, -+ grub_size_t nmemb, grub_size_t size); - void *EXPORT_FUNC(grub_debug_malloc) (const char *file, int line, - grub_size_t size); - void *EXPORT_FUNC(grub_debug_zalloc) (const char *file, int line, diff --git a/0003-efi-Return-grub_efi_status_t-from-grub_efi_get_varia.patch b/0003-efi-Return-grub_efi_status_t-from-grub_efi_get_varia.patch deleted file mode 100644 index fc84360..0000000 --- a/0003-efi-Return-grub_efi_status_t-from-grub_efi_get_varia.patch +++ /dev/null @@ -1,146 +0,0 @@ -From 10ee52fd565c9a88d9428a837c7f753a6c7fac5b Mon Sep 17 00:00:00 2001 -From: Daniel Kiper -Date: Thu, 3 Dec 2020 16:01:46 +0100 -Subject: [PATCH 03/46] efi: Return grub_efi_status_t from - grub_efi_get_variable() - -This is needed to properly detect and report UEFI Secure Boot status -to the x86 Linux kernel. The functionality will be added by subsequent -patches. - -Signed-off-by: Daniel Kiper -Signed-off-by: Marco A Benatto -Signed-off-by: Javier Martinez Canillas -Reviewed-by: Daniel Kiper ---- - grub-core/commands/efi/efifwsetup.c | 8 ++++---- - grub-core/kern/efi/efi.c | 16 +++++++++------- - grub-core/video/efi_gop.c | 2 +- - include/grub/efi/efi.h | 7 ++++--- - 4 files changed, 18 insertions(+), 15 deletions(-) - -diff --git a/grub-core/commands/efi/efifwsetup.c b/grub-core/commands/efi/efifwsetup.c -index 7a137a72a..eaca03283 100644 ---- a/grub-core/commands/efi/efifwsetup.c -+++ b/grub-core/commands/efi/efifwsetup.c -@@ -38,8 +38,8 @@ grub_cmd_fwsetup (grub_command_t cmd __attribute__ ((unused)), - grub_size_t oi_size; - grub_efi_guid_t global = GRUB_EFI_GLOBAL_VARIABLE_GUID; - -- old_os_indications = grub_efi_get_variable ("OsIndications", &global, -- &oi_size); -+ grub_efi_get_variable ("OsIndications", &global, &oi_size, -+ (void **) &old_os_indications); - - if (old_os_indications != NULL && oi_size == sizeof (os_indications)) - os_indications |= *old_os_indications; -@@ -63,8 +63,8 @@ efifwsetup_is_supported (void) - grub_size_t oi_size = 0; - grub_efi_guid_t global = GRUB_EFI_GLOBAL_VARIABLE_GUID; - -- os_indications_supported = grub_efi_get_variable ("OsIndicationsSupported", -- &global, &oi_size); -+ grub_efi_get_variable ("OsIndicationsSupported", &global, &oi_size, -+ (void **) &os_indications_supported); - - if (!os_indications_supported) - return 0; -diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c -index 02d298b0c..9fd136694 100644 ---- a/grub-core/kern/efi/efi.c -+++ b/grub-core/kern/efi/efi.c -@@ -222,9 +222,9 @@ grub_efi_set_variable(const char *var, const grub_efi_guid_t *guid, - return grub_error (GRUB_ERR_IO, "could not set EFI variable `%s'", var); - } - --void * -+grub_efi_status_t - grub_efi_get_variable (const char *var, const grub_efi_guid_t *guid, -- grub_size_t *datasize_out) -+ grub_size_t *datasize_out, void **data_out) - { - grub_efi_status_t status; - grub_efi_uintn_t datasize = 0; -@@ -233,13 +233,14 @@ grub_efi_get_variable (const char *var, const grub_efi_guid_t *guid, - void *data; - grub_size_t len, len16; - -+ *data_out = NULL; - *datasize_out = 0; - - len = grub_strlen (var); - len16 = len * GRUB_MAX_UTF16_PER_UTF8; - var16 = grub_calloc (len16 + 1, sizeof (var16[0])); - if (!var16) -- return NULL; -+ return GRUB_EFI_OUT_OF_RESOURCES; - len16 = grub_utf8_to_utf16 (var16, len16, (grub_uint8_t *) var, len, NULL); - var16[len16] = 0; - -@@ -250,14 +251,14 @@ grub_efi_get_variable (const char *var, const grub_efi_guid_t *guid, - if (status != GRUB_EFI_BUFFER_TOO_SMALL || !datasize) - { - grub_free (var16); -- return NULL; -+ return status; - } - - data = grub_malloc (datasize); - if (!data) - { - grub_free (var16); -- return NULL; -+ return GRUB_EFI_OUT_OF_RESOURCES; - } - - status = efi_call_5 (r->get_variable, var16, guid, NULL, &datasize, data); -@@ -265,12 +266,13 @@ grub_efi_get_variable (const char *var, const grub_efi_guid_t *guid, - - if (status == GRUB_EFI_SUCCESS) - { -+ *data_out = data; - *datasize_out = datasize; -- return data; -+ return status; - } - - grub_free (data); -- return NULL; -+ return status; - } - - grub_efi_boolean_t -diff --git a/grub-core/video/efi_gop.c b/grub-core/video/efi_gop.c -index df29853f0..962f0eb8f 100644 ---- a/grub-core/video/efi_gop.c -+++ b/grub-core/video/efi_gop.c -@@ -310,7 +310,7 @@ grub_video_gop_get_edid (struct grub_video_edid_info *edid_info) - char edidname[] = "agp-internal-edid"; - grub_size_t datasize; - grub_uint8_t *data; -- data = grub_efi_get_variable (edidname, &efi_var_guid, &datasize); -+ grub_efi_get_variable (edidname, &efi_var_guid, &datasize, (void **) &data); - if (data && datasize > 16) - { - copy_size = datasize - 16; -diff --git a/include/grub/efi/efi.h b/include/grub/efi/efi.h -index 085ee0524..f27d3a365 100644 ---- a/include/grub/efi/efi.h -+++ b/include/grub/efi/efi.h -@@ -77,9 +77,10 @@ grub_err_t EXPORT_FUNC (grub_efi_set_virtual_address_map) (grub_efi_uintn_t memo - grub_efi_uintn_t descriptor_size, - grub_efi_uint32_t descriptor_version, - grub_efi_memory_descriptor_t *virtual_map); --void *EXPORT_FUNC (grub_efi_get_variable) (const char *variable, -- const grub_efi_guid_t *guid, -- grub_size_t *datasize_out); -+grub_efi_status_t EXPORT_FUNC (grub_efi_get_variable) (const char *variable, -+ const grub_efi_guid_t *guid, -+ grub_size_t *datasize_out, -+ void **data_out); - grub_err_t - EXPORT_FUNC (grub_efi_set_variable) (const char *var, - const grub_efi_guid_t *guid, --- -2.26.2 - diff --git a/0003-normal-main-Search-for-specific-config-files-for-net.patch b/0003-normal-main-Search-for-specific-config-files-for-net.patch deleted file mode 100644 index d2e9a42..0000000 --- a/0003-normal-main-Search-for-specific-config-files-for-net.patch +++ /dev/null @@ -1,228 +0,0 @@ -From cb2f15c544895e1f3d540dd39d36c4611bdf5b7b Mon Sep 17 00:00:00 2001 -From: Paulo Flabiano Smorigo -Date: Wed, 22 Jan 2020 12:01:55 +0100 -Subject: [PATCH] normal/main: Search for specific config files for netboot - -This patch implements a search for a specific configuration when the config -file is on a remoteserver. It uses the following order: - 1) DHCP client UUID option. - 2) MAC address (in lower case hexadecimal with dash separators); - 3) IP (in upper case hexadecimal) or IPv6; - 4) The original grub.cfg file. - -This procedure is similar to what is used by pxelinux and yaboot: -http://www.syslinux.org/wiki/index.php/PXELINUX#config - -It is enabled by default but can be disabled by setting the environment -variable "feature_net_search_cfg" to "n" in an embedded configuration. - -Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=873406 - -Signed-off-by: Paulo Flabiano Smorigo -Signed-off-by: Javier Martinez Canillas -Reviewed-by: Daniel Kiper ---- - grub-core/net/net.c | 131 ++++++++++++++++++++++++++++++++++++++++++++++++ - grub-core/normal/main.c | 26 ++++++++-- - include/grub/net.h | 2 + - 3 files changed, 155 insertions(+), 4 deletions(-) - -Index: grub-2.04/grub-core/net/net.c -=================================================================== ---- grub-2.04.orig/grub-core/net/net.c -+++ grub-2.04/grub-core/net/net.c -@@ -1814,6 +1814,137 @@ grub_net_restore_hw (void) - return GRUB_ERR_NONE; - } - -+grub_err_t -+grub_net_search_config_file (char *config) -+{ -+ grub_size_t config_len; -+ char *suffix; -+ -+ auto int search_through (grub_size_t num_tries, grub_size_t slice_size); -+ int search_through (grub_size_t num_tries, grub_size_t slice_size) -+ { -+ while (num_tries-- > 0) -+ { -+ grub_file_t file; -+ -+ grub_dprintf ("net", "attempt to fetch config %s\n", config); -+ -+ file = grub_file_open (config, GRUB_FILE_TYPE_CONFIG); -+ -+ if (file) -+ { -+ grub_file_close (file); -+ return 0; -+ } -+ else -+ { -+ if (grub_errno == GRUB_ERR_IO) -+ grub_errno = GRUB_ERR_NONE; -+ } -+ -+ if (grub_strlen (suffix) < slice_size) -+ break; -+ -+ config[grub_strlen (config) - slice_size] = '\0'; -+ } -+ -+ return 1; -+ } -+ -+ config_len = grub_strlen (config); -+ config[config_len] = '-'; -+ suffix = config + config_len + 1; -+ -+ struct grub_net_network_level_interface *inf; -+ FOR_NET_NETWORK_LEVEL_INTERFACES (inf) -+ { -+ /* By the Client UUID. */ -+ char *ptr; -+ int client_uuid_len; -+ char *client_uuid_var; -+ const char *client_uuid; -+ -+ client_uuid_len = sizeof ("net_") + grub_strlen (inf->name) + -+ sizeof ("_clientuuid") + 1; -+ -+ client_uuid_var = grub_zalloc (client_uuid_len); -+ if (!client_uuid_var) -+ return grub_errno; -+ -+ grub_snprintf (client_uuid_var, client_uuid_len, -+ "net_%s_clientuuid", inf->name); -+ -+ client_uuid = grub_env_get (client_uuid_var); -+ grub_free (client_uuid_var); -+ -+ if (client_uuid) -+ { -+ grub_strcpy (suffix, client_uuid); -+ if (search_through (1, 0) == 0) -+ return GRUB_ERR_NONE; -+ } -+ -+ /* By the MAC address. */ -+ -+ /* Add ethernet type */ -+ grub_strcpy (suffix, "01-"); -+ -+ grub_net_hwaddr_to_str (&inf->hwaddress, suffix + 3); -+ -+ for (ptr = suffix; *ptr; ptr++) -+ if (*ptr == ':') -+ *ptr = '-'; -+ -+ if (search_through (1, 0) == 0) -+ return GRUB_ERR_NONE; -+ -+ /* By IP address */ -+ -+ switch ((&inf->address)->type) -+ { -+ case GRUB_NET_NETWORK_LEVEL_PROTOCOL_IPV4: -+ { -+ grub_uint32_t n = grub_be_to_cpu32 ((&inf->address)->ipv4); -+ -+ grub_snprintf (suffix, GRUB_NET_MAX_STR_ADDR_LEN, "%02X%02X%02X%02X", \ -+ ((n >> 24) & 0xff), ((n >> 16) & 0xff), \ -+ ((n >> 8) & 0xff), ((n >> 0) & 0xff)); -+ -+ if (search_through (8, 1) == 0) -+ return GRUB_ERR_NONE; -+ break; -+ } -+ case GRUB_NET_NETWORK_LEVEL_PROTOCOL_IPV6: -+ { -+ char buf[GRUB_NET_MAX_STR_ADDR_LEN]; -+ struct grub_net_network_level_address base; -+ base.type = GRUB_NET_NETWORK_LEVEL_PROTOCOL_IPV6; -+ grub_memcpy (&base.ipv6, ((&inf->address)->ipv6), 16); -+ grub_net_addr_to_str (&base, buf); -+ -+ for (ptr = buf; *ptr; ptr++) -+ if (*ptr == ':') -+ *ptr = '-'; -+ -+ grub_snprintf (suffix, GRUB_NET_MAX_STR_ADDR_LEN, "%s", buf); -+ if (search_through (1, 0) == 0) -+ return GRUB_ERR_NONE; -+ break; -+ } -+ case GRUB_NET_NETWORK_LEVEL_PROTOCOL_DHCP_RECV: -+ return grub_error (GRUB_ERR_BUG, "shouldn't reach here"); -+ default: -+ return grub_error (GRUB_ERR_BUG, -+ "unsupported address type %d", (&inf->address)->type); -+ } -+ } -+ -+ /* Remove the remaining minus sign at the end. */ -+ config[config_len] = '\0'; -+ -+ return GRUB_ERR_NONE; -+} -+ - static struct grub_preboot *fini_hnd; - - static grub_command_t cmd_addaddr, cmd_deladdr, cmd_addroute, cmd_delroute; -Index: grub-2.04/grub-core/normal/main.c -=================================================================== ---- grub-2.04.orig/grub-core/normal/main.c -+++ grub-2.04/grub-core/normal/main.c -@@ -18,6 +18,7 @@ - */ - - #include -+#include - #include - #include - #include -@@ -341,10 +342,27 @@ grub_cmd_normal (struct grub_command *cm - - prefix = grub_env_get ("prefix"); - if (prefix) -- { -- config = grub_xasprintf ("%s/grub.cfg", prefix); -- if (! config) -- goto quit; -+ { -+ grub_size_t config_len; -+ int disable_net_search = 0; -+ const char *net_search_cfg; -+ -+ config_len = grub_strlen (prefix) + -+ sizeof ("/grub.cfg-XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"); -+ config = grub_malloc (config_len); -+ -+ if (!config) -+ goto quit; -+ -+ grub_snprintf (config, config_len, "%s/grub.cfg", prefix); -+ -+ net_search_cfg = grub_env_get ("feature_net_search_cfg"); -+ if (net_search_cfg && net_search_cfg[0] == 'n') -+ disable_net_search = 1; -+ -+ if (grub_strncmp (prefix + 1, "tftp", sizeof ("tftp") - 1) == 0 && -+ !disable_net_search) -+ grub_net_search_config_file (config); - - grub_enter_normal_mode (config); - grub_free (config); -Index: grub-2.04/include/grub/net.h -=================================================================== ---- grub-2.04.orig/include/grub/net.h -+++ grub-2.04/include/grub/net.h -@@ -641,6 +641,8 @@ grub_net_add_dns_server (const struct gr - void - grub_net_remove_dns_server (const struct grub_net_network_level_address *s); - -+grub_err_t -+grub_net_search_config_file (char *config); - - extern char *grub_net_default_server; - diff --git a/0004-calloc-Use-calloc-at-most-places.patch b/0004-calloc-Use-calloc-at-most-places.patch deleted file mode 100644 index b60d61c..0000000 --- a/0004-calloc-Use-calloc-at-most-places.patch +++ /dev/null @@ -1,1825 +0,0 @@ -From 48eeedf1e4bd2a38acb44943e02a8e8ffab2060e Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Mon, 15 Jun 2020 12:26:01 -0400 -Subject: [PATCH 4/7] calloc: Use calloc() at most places - -This modifies most of the places we do some form of: - - X = malloc(Y * Z); - -to use calloc(Y, Z) instead. - -Among other issues, this fixes: - - allocation of integer overflow in grub_png_decode_image_header() - reported by Chris Coulson, - - allocation of integer overflow in luks_recover_key() - reported by Chris Coulson, - - allocation of integer overflow in grub_lvm_detect() - reported by Chris Coulson. - -Fixes: CVE-2020-14308 - -Signed-off-by: Peter Jones -Reviewed-by: Daniel Kiper ---- - grub-core/bus/usb/usbhub.c | 8 ++++---- - grub-core/commands/efi/lsefisystab.c | 3 ++- - grub-core/commands/legacycfg.c | 6 +++--- - grub-core/commands/menuentry.c | 2 +- - grub-core/commands/nativedisk.c | 2 +- - grub-core/commands/parttool.c | 12 +++++++++--- - grub-core/commands/regexp.c | 2 +- - grub-core/commands/search_wrap.c | 2 +- - grub-core/disk/diskfilter.c | 4 ++-- - grub-core/disk/ieee1275/ofdisk.c | 2 +- - grub-core/disk/ldm.c | 14 +++++++------- - grub-core/disk/luks.c | 2 +- - grub-core/disk/lvm.c | 12 ++++++------ - grub-core/disk/xen/xendisk.c | 2 +- - grub-core/efiemu/loadcore.c | 2 +- - grub-core/efiemu/mm.c | 6 +++--- - grub-core/font/font.c | 3 +-- - grub-core/fs/affs.c | 6 +++--- - grub-core/fs/btrfs.c | 6 +++--- - grub-core/fs/hfs.c | 2 +- - grub-core/fs/hfsplus.c | 6 +++--- - grub-core/fs/iso9660.c | 2 +- - grub-core/fs/ntfs.c | 4 ++-- - grub-core/fs/sfs.c | 2 +- - grub-core/fs/tar.c | 2 +- - grub-core/fs/udf.c | 4 ++-- - grub-core/fs/zfs/zfs.c | 4 ++-- - grub-core/gfxmenu/gui_string_util.c | 2 +- - grub-core/gfxmenu/widget-box.c | 4 ++-- - grub-core/io/gzio.c | 2 +- - grub-core/kern/efi/efi.c | 6 +++--- - grub-core/kern/emu/hostdisk.c | 2 +- - grub-core/kern/fs.c | 2 +- - grub-core/kern/misc.c | 2 +- - grub-core/kern/parser.c | 2 +- - grub-core/kern/uboot/uboot.c | 2 +- - grub-core/lib/json/json.c | 2 +- - grub-core/lib/libgcrypt/cipher/ac.c | 8 ++++---- - grub-core/lib/libgcrypt/cipher/primegen.c | 4 ++-- - grub-core/lib/libgcrypt/cipher/pubkey.c | 4 ++-- - grub-core/lib/priority_queue.c | 2 +- - grub-core/lib/reed_solomon.c | 7 +++---- - grub-core/lib/relocator.c | 10 +++++----- - grub-core/lib/zstd/fse_decompress.c | 2 +- - grub-core/loader/arm/linux.c | 2 +- - grub-core/loader/efi/chainloader.c | 2 +- - grub-core/loader/i386/bsdXX.c | 2 +- - grub-core/loader/i386/xnu.c | 4 ++-- - grub-core/loader/macho.c | 2 +- - grub-core/loader/multiboot_elfxx.c | 2 +- - grub-core/loader/xnu.c | 2 +- - grub-core/mmap/mmap.c | 4 ++-- - grub-core/net/bootp.c | 2 +- - grub-core/net/dns.c | 10 +++++----- - grub-core/net/net.c | 4 ++-- - grub-core/normal/charset.c | 10 +++++----- - grub-core/normal/cmdline.c | 14 +++++++------- - grub-core/normal/menu_entry.c | 14 +++++++------- - grub-core/normal/menu_text.c | 4 ++-- - grub-core/normal/term.c | 4 ++-- - grub-core/osdep/linux/getroot.c | 6 +++--- - grub-core/osdep/unix/config.c | 2 +- - grub-core/osdep/windows/getroot.c | 2 +- - grub-core/osdep/windows/hostdisk.c | 4 ++-- - grub-core/osdep/windows/init.c | 2 +- - grub-core/osdep/windows/platform.c | 4 ++-- - grub-core/osdep/windows/relpath.c | 2 +- - grub-core/partmap/gpt.c | 2 +- - grub-core/partmap/msdos.c | 2 +- - grub-core/script/execute.c | 2 +- - grub-core/tests/fake_input.c | 2 +- - grub-core/tests/video_checksum.c | 6 +++--- - grub-core/video/capture.c | 2 +- - grub-core/video/emu/sdl.c | 2 +- - grub-core/video/i386/pc/vga.c | 2 +- - grub-core/video/readers/png.c | 2 +- - include/grub/unicode.h | 4 ++-- - util/getroot.c | 2 +- - util/grub-file.c | 2 +- - util/grub-fstest.c | 4 ++-- - util/grub-install-common.c | 2 +- - util/grub-install.c | 4 ++-- - util/grub-mkimagexx.c | 6 ++---- - util/grub-mkrescue.c | 4 ++-- - util/grub-mkstandalone.c | 2 +- - util/grub-pe2elf.c | 12 +++++------- - util/grub-probe.c | 4 ++-- - 87 files changed, 179 insertions(+), 178 deletions(-) - -Index: grub-2.04/grub-core/bus/usb/usbhub.c -=================================================================== ---- grub-2.04.orig/grub-core/bus/usb/usbhub.c -+++ grub-2.04/grub-core/bus/usb/usbhub.c -@@ -149,8 +149,8 @@ grub_usb_add_hub (grub_usb_device_t dev) - grub_usb_set_configuration (dev, 1); - - dev->nports = hubdesc.portcnt; -- dev->children = grub_zalloc (hubdesc.portcnt * sizeof (dev->children[0])); -- dev->ports = grub_zalloc (dev->nports * sizeof (dev->ports[0])); -+ dev->children = grub_calloc (hubdesc.portcnt, sizeof (dev->children[0])); -+ dev->ports = grub_calloc (dev->nports, sizeof (dev->ports[0])); - if (!dev->children || !dev->ports) - { - grub_free (dev->children); -@@ -268,8 +268,8 @@ grub_usb_controller_dev_register_iter (g - - /* Query the number of ports the root Hub has. */ - hub->nports = controller->dev->hubports (controller); -- hub->devices = grub_zalloc (sizeof (hub->devices[0]) * hub->nports); -- hub->ports = grub_zalloc (sizeof (hub->ports[0]) * hub->nports); -+ hub->devices = grub_calloc (hub->nports, sizeof (hub->devices[0])); -+ hub->ports = grub_calloc (hub->nports, sizeof (hub->ports[0])); - if (!hub->devices || !hub->ports) - { - grub_free (hub->devices); -Index: grub-2.04/grub-core/commands/efi/lsefisystab.c -=================================================================== ---- grub-2.04.orig/grub-core/commands/efi/lsefisystab.c -+++ grub-2.04/grub-core/commands/efi/lsefisystab.c -@@ -71,7 +71,8 @@ grub_cmd_lsefisystab (struct grub_comman - grub_printf ("Vendor: "); - - for (vendor_utf16 = st->firmware_vendor; *vendor_utf16; vendor_utf16++); -- vendor = grub_malloc (4 * (vendor_utf16 - st->firmware_vendor) + 1); -+ /* Allocate extra 3 bytes to simplify math. */ -+ vendor = grub_calloc (4, vendor_utf16 - st->firmware_vendor + 1); - if (!vendor) - return grub_errno; - *grub_utf16_to_utf8 ((grub_uint8_t *) vendor, st->firmware_vendor, -Index: grub-2.04/grub-core/commands/legacycfg.c -=================================================================== ---- grub-2.04.orig/grub-core/commands/legacycfg.c -+++ grub-2.04/grub-core/commands/legacycfg.c -@@ -314,7 +314,7 @@ grub_cmd_legacy_kernel (struct grub_comm - if (argc < 2) - return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected")); - -- cutargs = grub_malloc (sizeof (cutargs[0]) * (argc - 1)); -+ cutargs = grub_calloc (argc - 1, sizeof (cutargs[0])); - if (!cutargs) - return grub_errno; - cutargc = argc - 1; -@@ -436,7 +436,7 @@ grub_cmd_legacy_kernel (struct grub_comm - { - char rbuf[3] = "-r"; - bsdargc = cutargc + 2; -- bsdargs = grub_malloc (sizeof (bsdargs[0]) * bsdargc); -+ bsdargs = grub_calloc (bsdargc, sizeof (bsdargs[0])); - if (!bsdargs) - { - err = grub_errno; -@@ -559,7 +559,7 @@ grub_cmd_legacy_initrdnounzip (struct gr - return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("can't find command `%s'"), - "module"); - -- newargs = grub_malloc ((argc + 1) * sizeof (newargs[0])); -+ newargs = grub_calloc (argc + 1, sizeof (newargs[0])); - if (!newargs) - return grub_errno; - grub_memcpy (newargs + 1, args, argc * sizeof (newargs[0])); -Index: grub-2.04/grub-core/commands/menuentry.c -=================================================================== ---- grub-2.04.orig/grub-core/commands/menuentry.c -+++ grub-2.04/grub-core/commands/menuentry.c -@@ -154,7 +154,7 @@ grub_normal_add_menu_entry (int argc, co - goto fail; - - /* Save argc, args to pass as parameters to block arg later. */ -- menu_args = grub_malloc (sizeof (char*) * (argc + 1)); -+ menu_args = grub_calloc (argc + 1, sizeof (char *)); - if (! menu_args) - goto fail; - -Index: grub-2.04/grub-core/commands/nativedisk.c -=================================================================== ---- grub-2.04.orig/grub-core/commands/nativedisk.c -+++ grub-2.04/grub-core/commands/nativedisk.c -@@ -195,7 +195,7 @@ grub_cmd_nativedisk (grub_command_t cmd - else - path_prefix = prefix; - -- mods = grub_malloc (argc * sizeof (mods[0])); -+ mods = grub_calloc (argc, sizeof (mods[0])); - if (!mods) - return grub_errno; - -Index: grub-2.04/grub-core/commands/parttool.c -=================================================================== ---- grub-2.04.orig/grub-core/commands/parttool.c -+++ grub-2.04/grub-core/commands/parttool.c -@@ -59,7 +59,13 @@ grub_parttool_register(const char *part_ - for (nargs = 0; args[nargs].name != 0; nargs++); - cur->nargs = nargs; - cur->args = (struct grub_parttool_argdesc *) -- grub_malloc ((nargs + 1) * sizeof (struct grub_parttool_argdesc)); -+ grub_calloc (nargs + 1, sizeof (struct grub_parttool_argdesc)); -+ if (!cur->args) -+ { -+ grub_free (cur); -+ curhandle--; -+ return -1; -+ } - grub_memcpy (cur->args, args, - (nargs + 1) * sizeof (struct grub_parttool_argdesc)); - -@@ -257,7 +263,7 @@ grub_cmd_parttool (grub_command_t cmd __ - return err; - } - -- parsed = (int *) grub_zalloc (argc * sizeof (int)); -+ parsed = (int *) grub_calloc (argc, sizeof (int)); - - for (i = 1; i < argc; i++) - if (! parsed[i]) -@@ -290,7 +296,7 @@ grub_cmd_parttool (grub_command_t cmd __ - } - ptool = cur; - pargs = (struct grub_parttool_args *) -- grub_zalloc (ptool->nargs * sizeof (struct grub_parttool_args)); -+ grub_calloc (ptool->nargs, sizeof (struct grub_parttool_args)); - for (j = i; j < argc; j++) - if (! parsed[j]) - { -Index: grub-2.04/grub-core/commands/regexp.c -=================================================================== ---- grub-2.04.orig/grub-core/commands/regexp.c -+++ grub-2.04/grub-core/commands/regexp.c -@@ -116,7 +116,7 @@ grub_cmd_regexp (grub_extcmd_context_t c - if (ret) - goto fail; - -- matches = grub_zalloc (sizeof (*matches) * (regex.re_nsub + 1)); -+ matches = grub_calloc (regex.re_nsub + 1, sizeof (*matches)); - if (! matches) - goto fail; - -Index: grub-2.04/grub-core/commands/search_wrap.c -=================================================================== ---- grub-2.04.orig/grub-core/commands/search_wrap.c -+++ grub-2.04/grub-core/commands/search_wrap.c -@@ -122,7 +122,7 @@ grub_cmd_search (grub_extcmd_context_t c - for (i = 0; state[SEARCH_HINT_BAREMETAL].args[i]; i++) - nhints++; - -- hints = grub_malloc (sizeof (hints[0]) * nhints); -+ hints = grub_calloc (nhints, sizeof (hints[0])); - if (!hints) - return grub_errno; - j = 0; -Index: grub-2.04/grub-core/disk/diskfilter.c -=================================================================== ---- grub-2.04.orig/grub-core/disk/diskfilter.c -+++ grub-2.04/grub-core/disk/diskfilter.c -@@ -1230,7 +1230,7 @@ grub_diskfilter_make_raid (grub_size_t u - array->lvs->segments->node_count = nmemb; - array->lvs->segments->raid_member_size = disk_size; - array->lvs->segments->nodes -- = grub_zalloc (nmemb * sizeof (array->lvs->segments->nodes[0])); -+ = grub_calloc (nmemb, sizeof (array->lvs->segments->nodes[0])); - array->lvs->segments->stripe_size = stripe_size; - for (i = 0; i < nmemb; i++) - { -@@ -1322,7 +1322,7 @@ insert_array (grub_disk_t disk, const st - grub_partition_t p; - for (p = disk->partition; p; p = p->parent) - s++; -- pv->partmaps = xmalloc (s * sizeof (pv->partmaps[0])); -+ pv->partmaps = xcalloc (s, sizeof (pv->partmaps[0])); - s = 0; - for (p = disk->partition; p; p = p->parent) - pv->partmaps[s++] = xstrdup (p->partmap->name); -Index: grub-2.04/grub-core/disk/ieee1275/ofdisk.c -=================================================================== ---- grub-2.04.orig/grub-core/disk/ieee1275/ofdisk.c -+++ grub-2.04/grub-core/disk/ieee1275/ofdisk.c -@@ -297,7 +297,7 @@ dev_iterate (const struct grub_ieee1275_ - /* Power machines documentation specify 672 as maximum SAS disks in - one system. Using a slightly larger value to be safe. */ - table_size = 768; -- table = grub_malloc (table_size * sizeof (grub_uint64_t)); -+ table = grub_calloc (table_size, sizeof (grub_uint64_t)); - - if (!table) - { -Index: grub-2.04/grub-core/disk/ldm.c -=================================================================== ---- grub-2.04.orig/grub-core/disk/ldm.c -+++ grub-2.04/grub-core/disk/ldm.c -@@ -323,8 +323,8 @@ make_vg (grub_disk_t disk, - lv->segments->type = GRUB_DISKFILTER_MIRROR; - lv->segments->node_count = 0; - lv->segments->node_alloc = 8; -- lv->segments->nodes = grub_zalloc (sizeof (*lv->segments->nodes) -- * lv->segments->node_alloc); -+ lv->segments->nodes = grub_calloc (lv->segments->node_alloc, -+ sizeof (*lv->segments->nodes)); - if (!lv->segments->nodes) - goto fail2; - ptr = vblk[i].dynamic; -@@ -543,8 +543,8 @@ make_vg (grub_disk_t disk, - { - comp->segment_alloc = 8; - comp->segment_count = 0; -- comp->segments = grub_malloc (sizeof (*comp->segments) -- * comp->segment_alloc); -+ comp->segments = grub_calloc (comp->segment_alloc, -+ sizeof (*comp->segments)); - if (!comp->segments) - goto fail2; - } -@@ -590,8 +590,8 @@ make_vg (grub_disk_t disk, - } - comp->segments->node_count = read_int (ptr + 1, *ptr); - comp->segments->node_alloc = comp->segments->node_count; -- comp->segments->nodes = grub_zalloc (sizeof (*comp->segments->nodes) -- * comp->segments->node_alloc); -+ comp->segments->nodes = grub_calloc (comp->segments->node_alloc, -+ sizeof (*comp->segments->nodes)); - if (!lv->segments->nodes) - goto fail2; - } -@@ -1017,7 +1017,7 @@ grub_util_ldm_embed (struct grub_disk *d - *nsectors = lv->size; - if (*nsectors > max_nsectors) - *nsectors = max_nsectors; -- *sectors = grub_malloc (*nsectors * sizeof (**sectors)); -+ *sectors = grub_calloc (*nsectors, sizeof (**sectors)); - if (!*sectors) - return grub_errno; - for (i = 0; i < *nsectors; i++) -Index: grub-2.04/grub-core/disk/luks.c -=================================================================== ---- grub-2.04.orig/grub-core/disk/luks.c -+++ grub-2.04/grub-core/disk/luks.c -@@ -336,7 +336,7 @@ luks_recover_key (grub_disk_t source, - && grub_be_to_cpu32 (header.keyblock[i].stripes) > max_stripes) - max_stripes = grub_be_to_cpu32 (header.keyblock[i].stripes); - -- split_key = grub_malloc (keysize * max_stripes); -+ split_key = grub_calloc (keysize, max_stripes); - if (!split_key) - return grub_errno; - -Index: grub-2.04/grub-core/disk/lvm.c -=================================================================== ---- grub-2.04.orig/grub-core/disk/lvm.c -+++ grub-2.04/grub-core/disk/lvm.c -@@ -456,7 +456,7 @@ grub_lvm_detect (grub_disk_t disk, - #endif - goto lvs_fail; - } -- lv->segments = grub_zalloc (sizeof (*seg) * lv->segment_count); -+ lv->segments = grub_calloc (lv->segment_count, sizeof (*seg)); - seg = lv->segments; - - for (i = 0; i < lv->segment_count; i++) -@@ -513,8 +513,8 @@ grub_lvm_detect (grub_disk_t disk, - if (seg->node_count != 1) - seg->stripe_size = grub_lvm_getvalue (&p, "stripe_size = "); - -- seg->nodes = grub_zalloc (sizeof (*stripe) -- * seg->node_count); -+ seg->nodes = grub_calloc (seg->node_count, -+ sizeof (*stripe)); - stripe = seg->nodes; - - p = grub_strstr (p, "stripes = ["); -Index: grub-2.04/grub-core/disk/xen/xendisk.c -=================================================================== ---- grub-2.04.orig/grub-core/disk/xen/xendisk.c -+++ grub-2.04/grub-core/disk/xen/xendisk.c -@@ -426,7 +426,7 @@ grub_xendisk_init (void) - if (!ctr) - return; - -- virtdisks = grub_malloc (ctr * sizeof (virtdisks[0])); -+ virtdisks = grub_calloc (ctr, sizeof (virtdisks[0])); - if (!virtdisks) - return; - if (grub_xenstore_dir ("device/vbd", fill, &ctr)) -Index: grub-2.04/grub-core/efiemu/loadcore.c -=================================================================== ---- grub-2.04.orig/grub-core/efiemu/loadcore.c -+++ grub-2.04/grub-core/efiemu/loadcore.c -@@ -201,7 +201,7 @@ grub_efiemu_count_symbols (const Elf_Ehd - - grub_efiemu_nelfsyms = (unsigned) s->sh_size / (unsigned) s->sh_entsize; - grub_efiemu_elfsyms = (struct grub_efiemu_elf_sym *) -- grub_malloc (sizeof (struct grub_efiemu_elf_sym) * grub_efiemu_nelfsyms); -+ grub_calloc (grub_efiemu_nelfsyms, sizeof (struct grub_efiemu_elf_sym)); - - /* Relocators */ - for (i = 0, s = (Elf_Shdr *) ((char *) e + e->e_shoff); -Index: grub-2.04/grub-core/efiemu/mm.c -=================================================================== ---- grub-2.04.orig/grub-core/efiemu/mm.c -+++ grub-2.04/grub-core/efiemu/mm.c -@@ -554,11 +554,11 @@ grub_efiemu_mmap_sort_and_uniq (void) - /* Initialize variables*/ - grub_memset (present, 0, sizeof (int) * GRUB_EFI_MAX_MEMORY_TYPE); - scanline_events = (struct grub_efiemu_mmap_scan *) -- grub_malloc (sizeof (struct grub_efiemu_mmap_scan) * 2 * mmap_num); -+ grub_calloc (mmap_num, sizeof (struct grub_efiemu_mmap_scan) * 2); - - /* Number of chunks can't increase more than by factor of 2 */ - result = (grub_efi_memory_descriptor_t *) -- grub_malloc (sizeof (grub_efi_memory_descriptor_t) * 2 * mmap_num); -+ grub_calloc (mmap_num, sizeof (grub_efi_memory_descriptor_t) * 2); - if (!result || !scanline_events) - { - grub_free (result); -@@ -660,7 +660,7 @@ grub_efiemu_mm_do_alloc (void) - - /* Preallocate mmap */ - efiemu_mmap = (grub_efi_memory_descriptor_t *) -- grub_malloc (mmap_reserved_size * sizeof (grub_efi_memory_descriptor_t)); -+ grub_calloc (mmap_reserved_size, sizeof (grub_efi_memory_descriptor_t)); - if (!efiemu_mmap) - { - grub_efiemu_unload (); -Index: grub-2.04/grub-core/font/font.c -=================================================================== ---- grub-2.04.orig/grub-core/font/font.c -+++ grub-2.04/grub-core/font/font.c -@@ -293,8 +293,7 @@ load_font_index (grub_file_t file, grub_ - font->num_chars = sect_length / FONT_CHAR_INDEX_ENTRY_SIZE; - - /* Allocate the character index array. */ -- font->char_index = grub_malloc (font->num_chars -- * sizeof (struct char_index_entry)); -+ font->char_index = grub_calloc (font->num_chars, sizeof (struct char_index_entry)); - if (!font->char_index) - return 1; - font->bmp_idx = grub_malloc (0x10000 * sizeof (grub_uint16_t)); -Index: grub-2.04/grub-core/fs/affs.c -=================================================================== ---- grub-2.04.orig/grub-core/fs/affs.c -+++ grub-2.04/grub-core/fs/affs.c -@@ -301,7 +301,7 @@ grub_affs_read_symlink (grub_fshelp_node - return 0; - } - latin1[symlink_size] = 0; -- utf8 = grub_malloc (symlink_size * GRUB_MAX_UTF8_PER_LATIN1 + 1); -+ utf8 = grub_calloc (GRUB_MAX_UTF8_PER_LATIN1 + 1, symlink_size); - if (!utf8) - { - grub_free (latin1); -@@ -422,7 +422,7 @@ grub_affs_iterate_dir (grub_fshelp_node_ - return 1; - } - -- hashtable = grub_zalloc (data->htsize * sizeof (*hashtable)); -+ hashtable = grub_calloc (data->htsize, sizeof (*hashtable)); - if (!hashtable) - return 1; - -@@ -628,7 +628,7 @@ grub_affs_label (grub_device_t device, c - len = file.namelen; - if (len > sizeof (file.name)) - len = sizeof (file.name); -- *label = grub_malloc (len * GRUB_MAX_UTF8_PER_LATIN1 + 1); -+ *label = grub_calloc (GRUB_MAX_UTF8_PER_LATIN1 + 1, len); - if (*label) - *grub_latin1_to_utf8 ((grub_uint8_t *) *label, file.name, len) = '\0'; - } -Index: grub-2.04/grub-core/fs/btrfs.c -=================================================================== ---- grub-2.04.orig/grub-core/fs/btrfs.c -+++ grub-2.04/grub-core/fs/btrfs.c -@@ -450,7 +450,7 @@ lower_bound (struct grub_btrfs_data *dat - { - desc->allocated = 16; - desc->depth = 0; -- desc->data = grub_malloc (sizeof (desc->data[0]) * desc->allocated); -+ desc->data = grub_calloc (desc->allocated, sizeof (desc->data[0])); - if (!desc->data) - return grub_errno; - } -@@ -789,7 +789,7 @@ raid56_read_retry (struct grub_btrfs_dat - grub_err_t ret = GRUB_ERR_OUT_OF_MEMORY; - grub_uint64_t i, failed_devices; - -- buffers = grub_zalloc (sizeof(*buffers) * nstripes); -+ buffers = grub_calloc (nstripes, sizeof (*buffers)); - if (!buffers) - goto cleanup; - -@@ -2495,7 +2495,7 @@ grub_btrfs_embed (grub_device_t device _ - *nsectors = 64 * 2 - 1; - if (*nsectors > max_nsectors) - *nsectors = max_nsectors; -- *sectors = grub_malloc (*nsectors * sizeof (**sectors)); -+ *sectors = grub_calloc (*nsectors, sizeof (**sectors)); - if (!*sectors) - return grub_errno; - for (i = 0; i < *nsectors; i++) -Index: grub-2.04/grub-core/fs/hfs.c -=================================================================== ---- grub-2.04.orig/grub-core/fs/hfs.c -+++ grub-2.04/grub-core/fs/hfs.c -@@ -1360,7 +1360,7 @@ grub_hfs_label (grub_device_t device, ch - grub_size_t len = data->sblock.volname[0]; - if (len > sizeof (data->sblock.volname) - 1) - len = sizeof (data->sblock.volname) - 1; -- *label = grub_malloc (len * MAX_UTF8_PER_MAC_ROMAN + 1); -+ *label = grub_calloc (MAX_UTF8_PER_MAC_ROMAN + 1, len); - if (*label) - macroman_to_utf8 (*label, data->sblock.volname + 1, - len + 1, 0); -Index: grub-2.04/grub-core/fs/hfsplus.c -=================================================================== ---- grub-2.04.orig/grub-core/fs/hfsplus.c -+++ grub-2.04/grub-core/fs/hfsplus.c -@@ -720,7 +720,7 @@ list_nodes (void *record, void *hook_arg - if (! filename) - return 0; - -- keyname = grub_malloc (grub_be_to_cpu16 (catkey->namelen) * sizeof (*keyname)); -+ keyname = grub_calloc (grub_be_to_cpu16 (catkey->namelen), sizeof (*keyname)); - if (!keyname) - { - grub_free (filename); -@@ -1007,7 +1007,7 @@ grub_hfsplus_label (grub_device_t device - grub_hfsplus_btree_recptr (&data->catalog_tree, node, ptr); - - label_len = grub_be_to_cpu16 (catkey->namelen); -- label_name = grub_malloc (label_len * sizeof (*label_name)); -+ label_name = grub_calloc (label_len, sizeof (*label_name)); - if (!label_name) - { - grub_free (node); -@@ -1029,7 +1029,7 @@ grub_hfsplus_label (grub_device_t device - } - } - -- *label = grub_malloc (label_len * GRUB_MAX_UTF8_PER_UTF16 + 1); -+ *label = grub_calloc (label_len, GRUB_MAX_UTF8_PER_UTF16 + 1); - if (! *label) - { - grub_free (label_name); -Index: grub-2.04/grub-core/fs/iso9660.c -=================================================================== ---- grub-2.04.orig/grub-core/fs/iso9660.c -+++ grub-2.04/grub-core/fs/iso9660.c -@@ -331,7 +331,7 @@ grub_iso9660_convert_string (grub_uint8_ - int i; - grub_uint16_t t[MAX_NAMELEN / 2 + 1]; - -- p = grub_malloc (len * GRUB_MAX_UTF8_PER_UTF16 + 1); -+ p = grub_calloc (len, GRUB_MAX_UTF8_PER_UTF16 + 1); - if (! p) - return NULL; - -Index: grub-2.04/grub-core/fs/ntfs.c -=================================================================== ---- grub-2.04.orig/grub-core/fs/ntfs.c -+++ grub-2.04/grub-core/fs/ntfs.c -@@ -556,8 +556,8 @@ get_utf8 (grub_uint8_t *in, grub_size_t - grub_uint16_t *tmp; - grub_size_t i; - -- buf = grub_malloc (len * GRUB_MAX_UTF8_PER_UTF16 + 1); -- tmp = grub_malloc (len * sizeof (tmp[0])); -+ buf = grub_calloc (len, GRUB_MAX_UTF8_PER_UTF16 + 1); -+ tmp = grub_calloc (len, sizeof (tmp[0])); - if (!buf || !tmp) - { - grub_free (buf); -Index: grub-2.04/grub-core/fs/sfs.c -=================================================================== ---- grub-2.04.orig/grub-core/fs/sfs.c -+++ grub-2.04/grub-core/fs/sfs.c -@@ -266,7 +266,7 @@ grub_sfs_read_block (grub_fshelp_node_t - node->next_extent = node->block; - node->cache_size = 0; - -- node->cache = grub_malloc (sizeof (node->cache[0]) * cache_size); -+ node->cache = grub_calloc (cache_size, sizeof (node->cache[0])); - if (!node->cache) - { - grub_errno = 0; -Index: grub-2.04/grub-core/fs/tar.c -=================================================================== ---- grub-2.04.orig/grub-core/fs/tar.c -+++ grub-2.04/grub-core/fs/tar.c -@@ -120,7 +120,7 @@ grub_cpio_find_file (struct grub_archelp - if (data->linkname_alloc < linksize + 1) - { - char *n; -- n = grub_malloc (2 * (linksize + 1)); -+ n = grub_calloc (2, linksize + 1); - if (!n) - return grub_errno; - grub_free (data->linkname); -Index: grub-2.04/grub-core/fs/udf.c -=================================================================== ---- grub-2.04.orig/grub-core/fs/udf.c -+++ grub-2.04/grub-core/fs/udf.c -@@ -873,7 +873,7 @@ read_string (const grub_uint8_t *raw, gr - { - unsigned i; - utf16len = sz - 1; -- utf16 = grub_malloc (utf16len * sizeof (utf16[0])); -+ utf16 = grub_calloc (utf16len, sizeof (utf16[0])); - if (!utf16) - return NULL; - for (i = 0; i < utf16len; i++) -@@ -883,7 +883,7 @@ read_string (const grub_uint8_t *raw, gr - { - unsigned i; - utf16len = (sz - 1) / 2; -- utf16 = grub_malloc (utf16len * sizeof (utf16[0])); -+ utf16 = grub_calloc (utf16len, sizeof (utf16[0])); - if (!utf16) - return NULL; - for (i = 0; i < utf16len; i++) -Index: grub-2.04/grub-core/fs/zfs/zfs.c -=================================================================== ---- grub-2.04.orig/grub-core/fs/zfs/zfs.c -+++ grub-2.04/grub-core/fs/zfs/zfs.c -@@ -3328,7 +3328,7 @@ dnode_get_fullpath (const char *fullpath - } - subvol->nkeys = 0; - zap_iterate (&keychain_dn, 8, count_zap_keys, &ctx, data); -- subvol->keyring = grub_zalloc (subvol->nkeys * sizeof (subvol->keyring[0])); -+ subvol->keyring = grub_calloc (subvol->nkeys, sizeof (subvol->keyring[0])); - if (!subvol->keyring) - { - grub_free (fsname); -@@ -4339,7 +4339,7 @@ grub_zfs_embed (grub_device_t device __a - *nsectors = (VDEV_BOOT_SIZE >> GRUB_DISK_SECTOR_BITS); - if (*nsectors > max_nsectors) - *nsectors = max_nsectors; -- *sectors = grub_malloc (*nsectors * sizeof (**sectors)); -+ *sectors = grub_calloc (*nsectors, sizeof (**sectors)); - if (!*sectors) - return grub_errno; - for (i = 0; i < *nsectors; i++) -Index: grub-2.04/grub-core/gfxmenu/gui_string_util.c -=================================================================== ---- grub-2.04.orig/grub-core/gfxmenu/gui_string_util.c -+++ grub-2.04/grub-core/gfxmenu/gui_string_util.c -@@ -55,7 +55,7 @@ canonicalize_path (const char *path) - if (*p == '/') - components++; - -- char **path_array = grub_malloc (components * sizeof (*path_array)); -+ char **path_array = grub_calloc (components, sizeof (*path_array)); - if (! path_array) - return 0; - -Index: grub-2.04/grub-core/gfxmenu/widget-box.c -=================================================================== ---- grub-2.04.orig/grub-core/gfxmenu/widget-box.c -+++ grub-2.04/grub-core/gfxmenu/widget-box.c -@@ -303,10 +303,10 @@ grub_gfxmenu_create_box (const char *pix - box->content_height = 0; - box->raw_pixmaps = - (struct grub_video_bitmap **) -- grub_malloc (BOX_NUM_PIXMAPS * sizeof (struct grub_video_bitmap *)); -+ grub_calloc (BOX_NUM_PIXMAPS, sizeof (struct grub_video_bitmap *)); - box->scaled_pixmaps = - (struct grub_video_bitmap **) -- grub_malloc (BOX_NUM_PIXMAPS * sizeof (struct grub_video_bitmap *)); -+ grub_calloc (BOX_NUM_PIXMAPS, sizeof (struct grub_video_bitmap *)); - - /* Initialize all pixmap pointers to NULL so that proper destruction can - be performed if an error is encountered partway through construction. */ -Index: grub-2.04/grub-core/io/gzio.c -=================================================================== ---- grub-2.04.orig/grub-core/io/gzio.c -+++ grub-2.04/grub-core/io/gzio.c -@@ -554,7 +554,7 @@ huft_build (unsigned *b, /* code lengths - z = 1 << j; /* table entries for j-bit table */ - - /* allocate and link in new table */ -- q = (struct huft *) grub_zalloc ((z + 1) * sizeof (struct huft)); -+ q = (struct huft *) grub_calloc (z + 1, sizeof (struct huft)); - if (! q) - { - if (h) -Index: grub-2.04/grub-core/kern/efi/efi.c -=================================================================== ---- grub-2.04.orig/grub-core/kern/efi/efi.c -+++ grub-2.04/grub-core/kern/efi/efi.c -@@ -202,7 +202,7 @@ grub_efi_set_variable(const char *var, c - - len = grub_strlen (var); - len16 = len * GRUB_MAX_UTF16_PER_UTF8; -- var16 = grub_malloc ((len16 + 1) * sizeof (var16[0])); -+ var16 = grub_calloc (len16 + 1, sizeof (var16[0])); - if (!var16) - return grub_errno; - len16 = grub_utf8_to_utf16 (var16, len16, (grub_uint8_t *) var, len, NULL); -@@ -237,7 +237,7 @@ grub_efi_get_variable (const char *var, - - len = grub_strlen (var); - len16 = len * GRUB_MAX_UTF16_PER_UTF8; -- var16 = grub_malloc ((len16 + 1) * sizeof (var16[0])); -+ var16 = grub_calloc (len16 + 1, sizeof (var16[0])); - if (!var16) - return NULL; - len16 = grub_utf8_to_utf16 (var16, len16, (grub_uint8_t *) var, len, NULL); -@@ -411,7 +411,7 @@ grub_efi_get_filename (grub_efi_device_p - while (len > 0 && fp->path_name[len - 1] == 0) - len--; - -- dup_name = grub_malloc (len * sizeof (*dup_name)); -+ dup_name = grub_calloc (len, sizeof (*dup_name)); - if (!dup_name) - { - grub_free (name); -Index: grub-2.04/grub-core/kern/emu/hostdisk.c -=================================================================== ---- grub-2.04.orig/grub-core/kern/emu/hostdisk.c -+++ grub-2.04/grub-core/kern/emu/hostdisk.c -@@ -615,7 +615,7 @@ static char * - grub_util_path_concat_real (size_t n, int ext, va_list ap) - { - size_t totlen = 0; -- char **l = xmalloc ((n + ext) * sizeof (l[0])); -+ char **l = xcalloc (n + ext, sizeof (l[0])); - char *r, *p, *pi; - size_t i; - int first = 1; -Index: grub-2.04/grub-core/kern/fs.c -=================================================================== ---- grub-2.04.orig/grub-core/kern/fs.c -+++ grub-2.04/grub-core/kern/fs.c -@@ -152,7 +152,7 @@ grub_fs_blocklist_open (grub_file_t file - while (p); - - /* Allocate a block list. */ -- blocks = grub_zalloc (sizeof (struct grub_fs_block) * (num + 1)); -+ blocks = grub_calloc (num + 1, sizeof (struct grub_fs_block)); - if (! blocks) - return 0; - -Index: grub-2.04/grub-core/kern/misc.c -=================================================================== ---- grub-2.04.orig/grub-core/kern/misc.c -+++ grub-2.04/grub-core/kern/misc.c -@@ -691,7 +691,7 @@ parse_printf_args (const char *fmt0, str - args->ptr = args->prealloc; - else - { -- args->ptr = grub_malloc (args->count * sizeof (args->ptr[0])); -+ args->ptr = grub_calloc (args->count, sizeof (args->ptr[0])); - if (!args->ptr) - { - grub_errno = GRUB_ERR_NONE; -Index: grub-2.04/grub-core/kern/parser.c -=================================================================== ---- grub-2.04.orig/grub-core/kern/parser.c -+++ grub-2.04/grub-core/kern/parser.c -@@ -213,7 +213,7 @@ grub_parser_split_cmdline (const char *c - return grub_errno; - grub_memcpy (args, buffer, bp - buffer); - -- *argv = grub_malloc (sizeof (char *) * (*argc + 1)); -+ *argv = grub_calloc (*argc + 1, sizeof (char *)); - if (!*argv) - { - grub_free (args); -Index: grub-2.04/grub-core/kern/uboot/uboot.c -=================================================================== ---- grub-2.04.orig/grub-core/kern/uboot/uboot.c -+++ grub-2.04/grub-core/kern/uboot/uboot.c -@@ -133,7 +133,7 @@ grub_uboot_dev_enum (void) - return num_devices; - - max_devices = 2; -- enum_devices = grub_malloc (sizeof(struct device_info) * max_devices); -+ enum_devices = grub_calloc (max_devices, sizeof(struct device_info)); - if (!enum_devices) - return 0; - -Index: grub-2.04/grub-core/lib/libgcrypt/cipher/ac.c -=================================================================== ---- grub-2.04.orig/grub-core/lib/libgcrypt/cipher/ac.c -+++ grub-2.04/grub-core/lib/libgcrypt/cipher/ac.c -@@ -185,7 +185,7 @@ ac_data_mpi_copy (gcry_ac_mpi_t *data_mp - gcry_mpi_t mpi; - char *label; - -- data_mpis_new = gcry_malloc (sizeof (*data_mpis_new) * data_mpis_n); -+ data_mpis_new = gcry_calloc (data_mpis_n, sizeof (*data_mpis_new)); - if (! data_mpis_new) - { - err = gcry_error_from_errno (errno); -@@ -572,7 +572,7 @@ _gcry_ac_data_to_sexp (gcry_ac_data_t da - } - - /* Add MPI list. */ -- arg_list = gcry_malloc (sizeof (*arg_list) * (data_n + 1)); -+ arg_list = gcry_calloc (data_n + 1, sizeof (*arg_list)); - if (! arg_list) - { - err = gcry_error_from_errno (errno); -@@ -1283,7 +1283,7 @@ ac_data_construct (const char *identifie - /* We build a list of arguments to pass to - gcry_sexp_build_array(). */ - data_length = _gcry_ac_data_length (data); -- arg_list = gcry_malloc (sizeof (*arg_list) * (data_length * 2)); -+ arg_list = gcry_calloc (data_length, sizeof (*arg_list) * 2); - if (! arg_list) - { - err = gcry_error_from_errno (errno); -@@ -1593,7 +1593,7 @@ _gcry_ac_key_pair_generate (gcry_ac_hand - arg_list_n += 2; - - /* Allocate list. */ -- arg_list = gcry_malloc (sizeof (*arg_list) * arg_list_n); -+ arg_list = gcry_calloc (arg_list_n, sizeof (*arg_list)); - if (! arg_list) - { - err = gcry_error_from_errno (errno); -Index: grub-2.04/grub-core/lib/libgcrypt/cipher/primegen.c -=================================================================== ---- grub-2.04.orig/grub-core/lib/libgcrypt/cipher/primegen.c -+++ grub-2.04/grub-core/lib/libgcrypt/cipher/primegen.c -@@ -383,7 +383,7 @@ prime_generate_internal (int need_q_fact - } - - /* Allocate an array to track pool usage. */ -- pool_in_use = gcry_malloc (n * sizeof *pool_in_use); -+ pool_in_use = gcry_calloc (n, sizeof *pool_in_use); - if (!pool_in_use) - { - err = gpg_err_code_from_errno (errno); -@@ -765,7 +765,7 @@ gen_prime (unsigned int nbits, int secre - if (nbits < 16) - log_fatal ("can't generate a prime with less than %d bits\n", 16); - -- mods = gcry_xmalloc( no_of_small_prime_numbers * sizeof *mods ); -+ mods = gcry_xcalloc( no_of_small_prime_numbers, sizeof *mods); - /* Make nbits fit into gcry_mpi_t implementation. */ - val_2 = mpi_alloc_set_ui( 2 ); - val_3 = mpi_alloc_set_ui( 3); -Index: grub-2.04/grub-core/lib/libgcrypt/cipher/pubkey.c -=================================================================== ---- grub-2.04.orig/grub-core/lib/libgcrypt/cipher/pubkey.c -+++ grub-2.04/grub-core/lib/libgcrypt/cipher/pubkey.c -@@ -2941,7 +2941,7 @@ gcry_pk_encrypt (gcry_sexp_t *r_ciph, gc - * array to a format string, so we have to do it this way :-(. */ - /* FIXME: There is now such a format specifier, so we can - change the code to be more clear. */ -- arg_list = malloc (nelem * sizeof *arg_list); -+ arg_list = calloc (nelem, sizeof *arg_list); - if (!arg_list) - { - rc = gpg_err_code_from_syserror (); -@@ -3233,7 +3233,7 @@ gcry_pk_sign (gcry_sexp_t *r_sig, gcry_s - } - strcpy (p, "))"); - -- arg_list = malloc (nelem * sizeof *arg_list); -+ arg_list = calloc (nelem, sizeof *arg_list); - if (!arg_list) - { - rc = gpg_err_code_from_syserror (); -Index: grub-2.04/grub-core/lib/priority_queue.c -=================================================================== ---- grub-2.04.orig/grub-core/lib/priority_queue.c -+++ grub-2.04/grub-core/lib/priority_queue.c -@@ -92,7 +92,7 @@ grub_priority_queue_new (grub_size_t els - { - struct grub_priority_queue *ret; - void *els; -- els = grub_malloc (elsize * 8); -+ els = grub_calloc (8, elsize); - if (!els) - return 0; - ret = (struct grub_priority_queue *) grub_malloc (sizeof (*ret)); -Index: grub-2.04/grub-core/lib/reed_solomon.c -=================================================================== ---- grub-2.04.orig/grub-core/lib/reed_solomon.c -+++ grub-2.04/grub-core/lib/reed_solomon.c -@@ -20,6 +20,7 @@ - #include - #include - #include -+#define xcalloc calloc - #define xmalloc malloc - #define grub_memset memset - #define grub_memcpy memcpy -@@ -158,11 +159,9 @@ rs_encode (gf_single_t *data, grub_size_ - gf_single_t *rs_polynomial; - int i, j; - gf_single_t *m; -- m = xmalloc ((s + rs) * sizeof (gf_single_t)); -+ m = xcalloc (s + rs, sizeof (gf_single_t)); - grub_memcpy (m, data, s * sizeof (gf_single_t)); -- grub_memset (m + s, 0, rs * sizeof (gf_single_t)); -- rs_polynomial = xmalloc ((rs + 1) * sizeof (gf_single_t)); -- grub_memset (rs_polynomial, 0, (rs + 1) * sizeof (gf_single_t)); -+ rs_polynomial = xcalloc (rs + 1, sizeof (gf_single_t)); - rs_polynomial[rs] = 1; - /* Multiply with X - a^r */ - for (j = 0; j < rs; j++) -Index: grub-2.04/grub-core/lib/relocator.c -=================================================================== ---- grub-2.04.orig/grub-core/lib/relocator.c -+++ grub-2.04/grub-core/lib/relocator.c -@@ -495,9 +495,9 @@ malloc_in_range (struct grub_relocator * - } - #endif - -- eventt = grub_malloc (maxevents * sizeof (events[0])); -+ eventt = grub_calloc (maxevents, sizeof (events[0])); - counter = grub_malloc ((DIGITSORT_MASK + 2) * sizeof (counter[0])); -- events = grub_malloc (maxevents * sizeof (events[0])); -+ events = grub_calloc (maxevents, sizeof (events[0])); - if (!events || !eventt || !counter) - { - grub_dprintf ("relocator", "events or counter allocation failed %d\n", -@@ -963,7 +963,7 @@ malloc_in_range (struct grub_relocator * - #endif - unsigned cural = 0; - int oom = 0; -- res->subchunks = grub_malloc (sizeof (res->subchunks[0]) * nallocs); -+ res->subchunks = grub_calloc (nallocs, sizeof (res->subchunks[0])); - if (!res->subchunks) - oom = 1; - res->nsubchunks = nallocs; -@@ -1562,8 +1562,8 @@ grub_relocator_prepare_relocs (struct gr - count[(chunk->src & 0xff) + 1]++; - } - } -- from = grub_malloc (nchunks * sizeof (sorted[0])); -- to = grub_malloc (nchunks * sizeof (sorted[0])); -+ from = grub_calloc (nchunks, sizeof (sorted[0])); -+ to = grub_calloc (nchunks, sizeof (sorted[0])); - if (!from || !to) - { - grub_free (from); -Index: grub-2.04/grub-core/lib/zstd/fse_decompress.c -=================================================================== ---- grub-2.04.orig/grub-core/lib/zstd/fse_decompress.c -+++ grub-2.04/grub-core/lib/zstd/fse_decompress.c -@@ -82,7 +82,7 @@ - FSE_DTable* FSE_createDTable (unsigned tableLog) - { - if (tableLog > FSE_TABLELOG_ABSOLUTE_MAX) tableLog = FSE_TABLELOG_ABSOLUTE_MAX; -- return (FSE_DTable*)malloc( FSE_DTABLE_SIZE_U32(tableLog) * sizeof (U32) ); -+ return (FSE_DTable*)calloc( FSE_DTABLE_SIZE_U32(tableLog), sizeof (U32) ); - } - - void FSE_freeDTable (FSE_DTable* dt) -Index: grub-2.04/grub-core/loader/arm/linux.c -=================================================================== ---- grub-2.04.orig/grub-core/loader/arm/linux.c -+++ grub-2.04/grub-core/loader/arm/linux.c -@@ -78,7 +78,7 @@ linux_prepare_atag (void *target_atag) - - /* some place for cmdline, initrd and terminator. */ - tmp_size = get_atag_size (atag_orig) + 20 + (arg_size) / 4; -- tmp_atag = grub_malloc (tmp_size * sizeof (grub_uint32_t)); -+ tmp_atag = grub_calloc (tmp_size, sizeof (grub_uint32_t)); - if (!tmp_atag) - return grub_errno; - -Index: grub-2.04/grub-core/loader/efi/chainloader.c -=================================================================== ---- grub-2.04.orig/grub-core/loader/efi/chainloader.c -+++ grub-2.04/grub-core/loader/efi/chainloader.c -@@ -133,7 +133,7 @@ copy_file_path (grub_efi_file_path_devic - fp->header.type = GRUB_EFI_MEDIA_DEVICE_PATH_TYPE; - fp->header.subtype = GRUB_EFI_FILE_PATH_DEVICE_PATH_SUBTYPE; - -- path_name = grub_malloc (len * GRUB_MAX_UTF16_PER_UTF8 * sizeof (*path_name)); -+ path_name = grub_calloc (len, GRUB_MAX_UTF16_PER_UTF8 * sizeof (*path_name)); - if (!path_name) - return; - -Index: grub-2.04/grub-core/loader/i386/bsdXX.c -=================================================================== ---- grub-2.04.orig/grub-core/loader/i386/bsdXX.c -+++ grub-2.04/grub-core/loader/i386/bsdXX.c -@@ -48,7 +48,7 @@ read_headers (grub_file_t file, const ch - if (e->e_ident[EI_CLASS] != SUFFIX (ELFCLASS)) - return grub_error (GRUB_ERR_BAD_OS, N_("invalid arch-dependent ELF magic")); - -- *shdr = grub_malloc ((grub_uint32_t) e->e_shnum * e->e_shentsize); -+ *shdr = grub_calloc (e->e_shnum, e->e_shentsize); - if (! *shdr) - return grub_errno; - -Index: grub-2.04/grub-core/loader/i386/xnu.c -=================================================================== ---- grub-2.04.orig/grub-core/loader/i386/xnu.c -+++ grub-2.04/grub-core/loader/i386/xnu.c -@@ -295,7 +295,7 @@ grub_xnu_devprop_add_property_utf8 (stru - return grub_errno; - - len = grub_strlen (name); -- utf16 = grub_malloc (sizeof (grub_uint16_t) * len); -+ utf16 = grub_calloc (len, sizeof (grub_uint16_t)); - if (!utf16) - { - grub_free (utf8); -@@ -331,7 +331,7 @@ grub_xnu_devprop_add_property_utf16 (str - grub_uint16_t *utf16; - grub_err_t err; - -- utf16 = grub_malloc (sizeof (grub_uint16_t) * namelen); -+ utf16 = grub_calloc (namelen, sizeof (grub_uint16_t)); - if (!utf16) - return grub_errno; - grub_memcpy (utf16, name, sizeof (grub_uint16_t) * namelen); -Index: grub-2.04/grub-core/loader/macho.c -=================================================================== ---- grub-2.04.orig/grub-core/loader/macho.c -+++ grub-2.04/grub-core/loader/macho.c -@@ -97,7 +97,7 @@ grub_macho_file (grub_file_t file, const - if (grub_file_seek (macho->file, sizeof (struct grub_macho_fat_header)) - == (grub_off_t) -1) - goto fail; -- archs = grub_malloc (sizeof (struct grub_macho_fat_arch) * narchs); -+ archs = grub_calloc (narchs, sizeof (struct grub_macho_fat_arch)); - if (!archs) - goto fail; - if (grub_file_read (macho->file, archs, -Index: grub-2.04/grub-core/loader/multiboot_elfxx.c -=================================================================== ---- grub-2.04.orig/grub-core/loader/multiboot_elfxx.c -+++ grub-2.04/grub-core/loader/multiboot_elfxx.c -@@ -217,7 +217,7 @@ CONCAT(grub_multiboot_load_elf, XX) (mbi - { - grub_uint8_t *shdr, *shdrptr; - -- shdr = grub_malloc ((grub_uint32_t) ehdr->e_shnum * ehdr->e_shentsize); -+ shdr = grub_calloc (ehdr->e_shnum, ehdr->e_shentsize); - if (!shdr) - return grub_errno; - -Index: grub-2.04/grub-core/loader/xnu.c -=================================================================== ---- grub-2.04.orig/grub-core/loader/xnu.c -+++ grub-2.04/grub-core/loader/xnu.c -@@ -800,7 +800,7 @@ grub_cmd_xnu_mkext (grub_command_t cmd _ - if (grub_be_to_cpu32 (head.magic) == GRUB_MACHO_FAT_MAGIC) - { - narchs = grub_be_to_cpu32 (head.nfat_arch); -- archs = grub_malloc (sizeof (struct grub_macho_fat_arch) * narchs); -+ archs = grub_calloc (narchs, sizeof (struct grub_macho_fat_arch)); - if (! archs) - { - grub_file_close (file); -Index: grub-2.04/grub-core/mmap/mmap.c -=================================================================== ---- grub-2.04.orig/grub-core/mmap/mmap.c -+++ grub-2.04/grub-core/mmap/mmap.c -@@ -143,9 +143,9 @@ grub_mmap_iterate (grub_memory_hook_t ho - - /* Initialize variables. */ - ctx.scanline_events = (struct grub_mmap_scan *) -- grub_malloc (sizeof (struct grub_mmap_scan) * 2 * mmap_num); -+ grub_calloc (mmap_num, sizeof (struct grub_mmap_scan) * 2); - -- present = grub_zalloc (sizeof (present[0]) * current_priority); -+ present = grub_calloc (current_priority, sizeof (present[0])); - - if (! ctx.scanline_events || !present) - { -Index: grub-2.04/grub-core/net/bootp.c -=================================================================== ---- grub-2.04.orig/grub-core/net/bootp.c -+++ grub-2.04/grub-core/net/bootp.c -@@ -1550,7 +1550,7 @@ grub_cmd_bootp (struct grub_command *cmd - if (ncards == 0) - return grub_error (GRUB_ERR_NET_NO_CARD, N_("no network card found")); - -- ifaces = grub_zalloc (ncards * sizeof (ifaces[0])); -+ ifaces = grub_calloc (ncards, sizeof (ifaces[0])); - if (!ifaces) - return grub_errno; - -Index: grub-2.04/grub-core/net/dns.c -=================================================================== ---- grub-2.04.orig/grub-core/net/dns.c -+++ grub-2.04/grub-core/net/dns.c -@@ -285,8 +285,8 @@ recv_hook (grub_net_udp_socket_t sock __ - ptr++; - ptr += 4; - } -- *data->addresses = grub_malloc (sizeof ((*data->addresses)[0]) -- * grub_be_to_cpu16 (head->ancount)); -+ *data->addresses = grub_calloc (grub_be_to_cpu16 (head->ancount), -+ sizeof ((*data->addresses)[0])); - if (!*data->addresses) - { - grub_errno = GRUB_ERR_NONE; -@@ -406,8 +406,8 @@ recv_hook (grub_net_udp_socket_t sock __ - dns_cache[h].addresses = 0; - dns_cache[h].name = grub_strdup (data->oname); - dns_cache[h].naddresses = *data->naddresses; -- dns_cache[h].addresses = grub_malloc (*data->naddresses -- * sizeof (dns_cache[h].addresses[0])); -+ dns_cache[h].addresses = grub_calloc (*data->naddresses, -+ sizeof (dns_cache[h].addresses[0])); - dns_cache[h].limit_time = grub_get_time_ms () + 1000 * ttl_all; - if (!dns_cache[h].addresses || !dns_cache[h].name) - { -@@ -479,7 +479,7 @@ grub_net_dns_lookup (const char *name, - } - } - -- sockets = grub_malloc (sizeof (sockets[0]) * n_servers); -+ sockets = grub_calloc (n_servers, sizeof (sockets[0])); - if (!sockets) - return grub_errno; - -Index: grub-2.04/grub-core/net/net.c -=================================================================== ---- grub-2.04.orig/grub-core/net/net.c -+++ grub-2.04/grub-core/net/net.c -@@ -336,8 +336,8 @@ grub_cmd_ipv6_autoconf (struct grub_comm - ncards++; - } - -- ifaces = grub_zalloc (ncards * sizeof (ifaces[0])); -- slaacs = grub_zalloc (ncards * sizeof (slaacs[0])); -+ ifaces = grub_calloc (ncards, sizeof (ifaces[0])); -+ slaacs = grub_calloc (ncards, sizeof (slaacs[0])); - if (!ifaces || !slaacs) - { - grub_free (ifaces); -Index: grub-2.04/grub-core/normal/charset.c -=================================================================== ---- grub-2.04.orig/grub-core/normal/charset.c -+++ grub-2.04/grub-core/normal/charset.c -@@ -203,7 +203,7 @@ grub_utf8_to_ucs4_alloc (const char *msg - { - grub_size_t msg_len = grub_strlen (msg); - -- *unicode_msg = grub_malloc (msg_len * sizeof (grub_uint32_t)); -+ *unicode_msg = grub_calloc (msg_len, sizeof (grub_uint32_t)); - - if (!*unicode_msg) - return -1; -@@ -488,7 +488,7 @@ grub_unicode_aglomerate_comb (const grub - } - else - { -- n = grub_malloc (sizeof (n[0]) * (out->ncomb + 1)); -+ n = grub_calloc (out->ncomb + 1, sizeof (n[0])); - if (!n) - { - grub_errno = GRUB_ERR_NONE; -@@ -842,7 +842,7 @@ grub_bidi_line_logical_to_visual (const - } \ - } - -- visual = grub_malloc (sizeof (visual[0]) * logical_len); -+ visual = grub_calloc (logical_len, sizeof (visual[0])); - if (!visual) - return -1; - -@@ -1165,8 +1165,8 @@ grub_bidi_logical_to_visual (const grub_ - { - const grub_uint32_t *line_start = logical, *ptr; - struct grub_unicode_glyph *visual_ptr; -- *visual_out = visual_ptr = grub_malloc (3 * sizeof (visual_ptr[0]) -- * (logical_len + 2)); -+ *visual_out = visual_ptr = grub_calloc (logical_len + 2, -+ 3 * sizeof (visual_ptr[0])); - if (!visual_ptr) - return -1; - for (ptr = logical; ptr <= logical + logical_len; ptr++) -Index: grub-2.04/grub-core/normal/cmdline.c -=================================================================== ---- grub-2.04.orig/grub-core/normal/cmdline.c -+++ grub-2.04/grub-core/normal/cmdline.c -@@ -41,7 +41,7 @@ grub_err_t - grub_set_history (int newsize) - { - grub_uint32_t **old_hist_lines = hist_lines; -- hist_lines = grub_malloc (sizeof (grub_uint32_t *) * newsize); -+ hist_lines = grub_calloc (newsize, sizeof (grub_uint32_t *)); - - /* Copy the old lines into the new buffer. */ - if (old_hist_lines) -@@ -114,7 +114,7 @@ static void - grub_history_set (int pos, grub_uint32_t *s, grub_size_t len) - { - grub_free (hist_lines[pos]); -- hist_lines[pos] = grub_malloc ((len + 1) * sizeof (grub_uint32_t)); -+ hist_lines[pos] = grub_calloc (len + 1, sizeof (grub_uint32_t)); - if (!hist_lines[pos]) - { - grub_print_error (); -@@ -349,7 +349,7 @@ grub_cmdline_get (const char *prompt_tra - char *ret; - unsigned nterms; - -- buf = grub_malloc (max_len * sizeof (grub_uint32_t)); -+ buf = grub_calloc (max_len, sizeof (grub_uint32_t)); - if (!buf) - return 0; - -@@ -377,7 +377,7 @@ grub_cmdline_get (const char *prompt_tra - FOR_ACTIVE_TERM_OUTPUTS(cur) - nterms++; - -- cl_terms = grub_malloc (sizeof (cl_terms[0]) * nterms); -+ cl_terms = grub_calloc (nterms, sizeof (cl_terms[0])); - if (!cl_terms) - { - grub_free (buf); -@@ -385,7 +385,7 @@ grub_cmdline_get (const char *prompt_tra - } - cl_term_cur = cl_terms; - -- unicode_msg = grub_malloc (msg_len * sizeof (grub_uint32_t)); -+ unicode_msg = grub_calloc (msg_len, sizeof (grub_uint32_t)); - if (!unicode_msg) - { - grub_free (buf); -@@ -495,7 +495,7 @@ grub_cmdline_get (const char *prompt_tra - grub_uint32_t *insert; - - insertlen = grub_strlen (insertu8); -- insert = grub_malloc ((insertlen + 1) * sizeof (grub_uint32_t)); -+ insert = grub_calloc (insertlen + 1, sizeof (grub_uint32_t)); - if (!insert) - { - grub_free (insertu8); -@@ -602,7 +602,7 @@ grub_cmdline_get (const char *prompt_tra - - grub_free (kill_buf); - -- kill_buf = grub_malloc ((n + 1) * sizeof(grub_uint32_t)); -+ kill_buf = grub_calloc (n + 1, sizeof (grub_uint32_t)); - if (grub_errno) - { - grub_print_error (); -Index: grub-2.04/grub-core/normal/menu_entry.c -=================================================================== ---- grub-2.04.orig/grub-core/normal/menu_entry.c -+++ grub-2.04/grub-core/normal/menu_entry.c -@@ -95,8 +95,8 @@ init_line (struct screen *screen, struct - { - linep->len = 0; - linep->max_len = 80; -- linep->buf = grub_malloc ((linep->max_len + 1) * sizeof (linep->buf[0])); -- linep->pos = grub_zalloc (screen->nterms * sizeof (linep->pos[0])); -+ linep->buf = grub_calloc (linep->max_len + 1, sizeof (linep->buf[0])); -+ linep->pos = grub_calloc (screen->nterms, sizeof (linep->pos[0])); - if (! linep->buf || !linep->pos) - { - grub_free (linep->buf); -@@ -287,7 +287,7 @@ update_screen (struct screen *screen, st - pos = linep->pos + (term_screen - screen->terms); - - if (!*pos) -- *pos = grub_zalloc ((linep->len + 1) * sizeof (**pos)); -+ *pos = grub_calloc (linep->len + 1, sizeof (**pos)); - - if (i == region_start || linep == screen->lines + screen->line - || (i > region_start && mode == ALL_LINES)) -@@ -471,7 +471,7 @@ insert_string (struct screen *screen, co - - /* Insert the string. */ - current_linep = screen->lines + screen->line; -- unicode_msg = grub_malloc ((p - s) * sizeof (grub_uint32_t)); -+ unicode_msg = grub_calloc (p - s, sizeof (grub_uint32_t)); - - if (!unicode_msg) - return 0; -@@ -1023,7 +1023,7 @@ complete (struct screen *screen, int con - if (completion_buffer.buf) - { - buflen = grub_strlen (completion_buffer.buf); -- ucs4 = grub_malloc (sizeof (grub_uint32_t) * (buflen + 1)); -+ ucs4 = grub_calloc (buflen + 1, sizeof (grub_uint32_t)); - - if (!ucs4) - { -@@ -1268,7 +1268,7 @@ grub_menu_entry_run (grub_menu_entry_t e - for (i = 0; i < (unsigned) screen->num_lines; i++) - { - grub_free (screen->lines[i].pos); -- screen->lines[i].pos = grub_zalloc (screen->nterms * sizeof (screen->lines[i].pos[0])); -+ screen->lines[i].pos = grub_calloc (screen->nterms, sizeof (screen->lines[i].pos[0])); - if (! screen->lines[i].pos) - { - grub_print_error (); -@@ -1278,7 +1278,7 @@ grub_menu_entry_run (grub_menu_entry_t e - } - } - -- screen->terms = grub_zalloc (screen->nterms * sizeof (screen->terms[0])); -+ screen->terms = grub_calloc (screen->nterms, sizeof (screen->terms[0])); - if (!screen->terms) - { - grub_print_error (); -Index: grub-2.04/grub-core/normal/menu_text.c -=================================================================== ---- grub-2.04.orig/grub-core/normal/menu_text.c -+++ grub-2.04/grub-core/normal/menu_text.c -@@ -78,7 +78,7 @@ grub_print_message_indented_real (const - grub_size_t msg_len = grub_strlen (msg) + 2; - int ret = 0; - -- unicode_msg = grub_malloc (msg_len * sizeof (grub_uint32_t)); -+ unicode_msg = grub_calloc (msg_len, sizeof (grub_uint32_t)); - - if (!unicode_msg) - return 0; -@@ -231,7 +231,7 @@ print_entry (int y, int highlight, grub_ - if ((data->term->flags & GRUB_TERM_DUMB) && title[0] == '\0') - return; - -- unicode_title = grub_malloc (title_len * sizeof (*unicode_title)); -+ unicode_title = grub_calloc (title_len, sizeof (*unicode_title)); - if (! unicode_title) - /* XXX How to show this error? */ - return; -Index: grub-2.04/grub-core/normal/term.c -=================================================================== ---- grub-2.04.orig/grub-core/normal/term.c -+++ grub-2.04/grub-core/normal/term.c -@@ -264,7 +264,7 @@ grub_term_save_pos (void) - FOR_ACTIVE_TERM_OUTPUTS(cur) - cnt++; - -- ret = grub_malloc (cnt * sizeof (ret[0])); -+ ret = grub_calloc (cnt, sizeof (ret[0])); - if (!ret) - return NULL; - -@@ -1013,7 +1013,7 @@ grub_xnputs (const char *str, grub_size_ - - grub_error_push (); - -- unicode_str = grub_malloc (msg_len * sizeof (grub_uint32_t)); -+ unicode_str = grub_calloc (msg_len, sizeof (grub_uint32_t)); - - grub_error_pop (); - -Index: grub-2.04/grub-core/osdep/linux/getroot.c -=================================================================== ---- grub-2.04.orig/grub-core/osdep/linux/getroot.c -+++ grub-2.04/grub-core/osdep/linux/getroot.c -@@ -176,7 +176,7 @@ grub_util_raid_getmembers (const char *n - if (ret != 0) - grub_util_error (_("ioctl GET_ARRAY_INFO error: %s"), strerror (errno)); - -- devicelist = xmalloc ((info.nr_disks + 1) * sizeof (char *)); -+ devicelist = xcalloc (info.nr_disks + 1, sizeof (char *)); - - for (i = 0, j = 0; j < info.nr_disks; i++) - { -@@ -249,7 +249,7 @@ grub_find_root_devices_from_btrfs (const - return NULL; - } - -- ret = xmalloc ((fsi.num_devices + 1) * sizeof (ret[0])); -+ ret = xcalloc (fsi.num_devices + 1, sizeof (ret[0])); - - for (i = 1; i <= fsi.max_id && j < fsi.num_devices; i++) - { -@@ -508,7 +508,7 @@ grub_find_root_devices_from_mountinfo (c - if (relroot) - *relroot = NULL; - -- entries = xmalloc (entry_max * sizeof (*entries)); -+ entries = xcalloc (entry_max, sizeof (*entries)); - - again: - fp = grub_util_fopen ("/proc/self/mountinfo", "r"); -Index: grub-2.04/grub-core/osdep/unix/config.c -=================================================================== ---- grub-2.04.orig/grub-core/osdep/unix/config.c -+++ grub-2.04/grub-core/osdep/unix/config.c -@@ -239,7 +239,7 @@ grub_util_load_config (struct grub_util_ - argv[0] = "sh"; - argv[1] = "-c"; - -- script = xmalloc (4 * strlen (cfgfile) + 300); -+ script = xcalloc (4, strlen (cfgfile) + 300); - - ptr = script; - memcpy (ptr, ". '", 3); -Index: grub-2.04/grub-core/osdep/windows/getroot.c -=================================================================== ---- grub-2.04.orig/grub-core/osdep/windows/getroot.c -+++ grub-2.04/grub-core/osdep/windows/getroot.c -@@ -59,7 +59,7 @@ grub_get_mount_point (const TCHAR *path) - - for (ptr = path; *ptr; ptr++); - allocsize = (ptr - path + 10) * 2; -- out = xmalloc (allocsize * sizeof (out[0])); -+ out = xcalloc (allocsize, sizeof (out[0])); - - /* When pointing to EFI system partition GetVolumePathName fails - for ESP root and returns abberant information for everything -Index: grub-2.04/grub-core/osdep/windows/hostdisk.c -=================================================================== ---- grub-2.04.orig/grub-core/osdep/windows/hostdisk.c -+++ grub-2.04/grub-core/osdep/windows/hostdisk.c -@@ -111,7 +111,7 @@ grub_util_get_windows_path_real (const c - - while (1) - { -- fpa = xmalloc (alloc * sizeof (fpa[0])); -+ fpa = xcalloc (alloc, sizeof (fpa[0])); - - len = GetFullPathName (tpath, alloc, fpa, NULL); - if (len >= alloc) -@@ -399,7 +399,7 @@ grub_util_fd_opendir (const char *name) - for (l = 0; name_windows[l]; l++); - for (l--; l >= 0 && (name_windows[l] == '\\' || name_windows[l] == '/'); l--); - l++; -- pattern = xmalloc ((l + 3) * sizeof (pattern[0])); -+ pattern = xcalloc (l + 3, sizeof (pattern[0])); - memcpy (pattern, name_windows, l * sizeof (pattern[0])); - pattern[l] = '\\'; - pattern[l + 1] = '*'; -Index: grub-2.04/grub-core/osdep/windows/init.c -=================================================================== ---- grub-2.04.orig/grub-core/osdep/windows/init.c -+++ grub-2.04/grub-core/osdep/windows/init.c -@@ -161,7 +161,7 @@ grub_util_host_init (int *argc __attribu - LPWSTR *targv; - - targv = CommandLineToArgvW (tcmdline, argc); -- *argv = xmalloc ((*argc + 1) * sizeof (argv[0])); -+ *argv = xcalloc (*argc + 1, sizeof (argv[0])); - - for (i = 0; i < *argc; i++) - (*argv)[i] = grub_util_tchar_to_utf8 (targv[i]); -Index: grub-2.04/grub-core/osdep/windows/platform.c -=================================================================== ---- grub-2.04.orig/grub-core/osdep/windows/platform.c -+++ grub-2.04/grub-core/osdep/windows/platform.c -@@ -225,8 +225,8 @@ grub_install_register_efi (grub_device_t - grub_util_error ("%s", _("no EFI routines are available when running in BIOS mode")); - - distrib8_len = grub_strlen (efi_distributor); -- distributor16 = xmalloc ((distrib8_len + 1) * GRUB_MAX_UTF16_PER_UTF8 -- * sizeof (grub_uint16_t)); -+ distributor16 = xcalloc (distrib8_len + 1, -+ GRUB_MAX_UTF16_PER_UTF8 * sizeof (grub_uint16_t)); - distrib16_len = grub_utf8_to_utf16 (distributor16, distrib8_len * GRUB_MAX_UTF16_PER_UTF8, - (const grub_uint8_t *) efi_distributor, - distrib8_len, 0); -Index: grub-2.04/grub-core/osdep/windows/relpath.c -=================================================================== ---- grub-2.04.orig/grub-core/osdep/windows/relpath.c -+++ grub-2.04/grub-core/osdep/windows/relpath.c -@@ -72,7 +72,7 @@ grub_make_system_path_relative_to_its_ro - if (dirwindows[0] && dirwindows[1] == ':') - offset = 2; - } -- ret = xmalloc (sizeof (ret[0]) * (flen - offset + 2)); -+ ret = xcalloc (flen - offset + 2, sizeof (ret[0])); - if (dirwindows[offset] != '\\' - && dirwindows[offset] != '/' - && dirwindows[offset]) -Index: grub-2.04/grub-core/partmap/gpt.c -=================================================================== ---- grub-2.04.orig/grub-core/partmap/gpt.c -+++ grub-2.04/grub-core/partmap/gpt.c -@@ -199,7 +199,7 @@ gpt_partition_map_embed (struct grub_dis - *nsectors = ctx.len; - if (*nsectors > max_nsectors) - *nsectors = max_nsectors; -- *sectors = grub_malloc (*nsectors * sizeof (**sectors)); -+ *sectors = grub_calloc (*nsectors, sizeof (**sectors)); - if (!*sectors) - return grub_errno; - for (i = 0; i < *nsectors; i++) -Index: grub-2.04/grub-core/partmap/msdos.c -=================================================================== ---- grub-2.04.orig/grub-core/partmap/msdos.c -+++ grub-2.04/grub-core/partmap/msdos.c -@@ -344,7 +344,7 @@ pc_partition_map_embed (struct grub_disk - avail_nsectors = *nsectors; - if (*nsectors > max_nsectors) - *nsectors = max_nsectors; -- *sectors = grub_malloc (*nsectors * sizeof (**sectors)); -+ *sectors = grub_calloc (*nsectors, sizeof (**sectors)); - if (!*sectors) - return grub_errno; - for (i = 0; i < *nsectors; i++) -Index: grub-2.04/grub-core/script/execute.c -=================================================================== ---- grub-2.04.orig/grub-core/script/execute.c -+++ grub-2.04/grub-core/script/execute.c -@@ -556,7 +556,7 @@ gettext_append (struct grub_script_argv - for (iptr = orig_str; *iptr; iptr++) - if (*iptr == '$') - dollar_cnt++; -- ctx.allowed_strings = grub_malloc (sizeof (ctx.allowed_strings[0]) * dollar_cnt); -+ ctx.allowed_strings = grub_calloc (dollar_cnt, sizeof (ctx.allowed_strings[0])); - - if (parse_string (orig_str, gettext_save_allow, &ctx, 0)) - goto fail; -Index: grub-2.04/grub-core/tests/fake_input.c -=================================================================== ---- grub-2.04.orig/grub-core/tests/fake_input.c -+++ grub-2.04/grub-core/tests/fake_input.c -@@ -49,7 +49,7 @@ grub_terminal_input_fake_sequence (int * - saved = grub_term_inputs; - if (seq) - grub_free (seq); -- seq = grub_malloc (nseq_in * sizeof (seq[0])); -+ seq = grub_calloc (nseq_in, sizeof (seq[0])); - if (!seq) - return; - -Index: grub-2.04/grub-core/tests/video_checksum.c -=================================================================== ---- grub-2.04.orig/grub-core/tests/video_checksum.c -+++ grub-2.04/grub-core/tests/video_checksum.c -@@ -336,7 +336,7 @@ grub_video_capture_write_bmp (const char - { - case 4: - { -- grub_uint8_t *buffer = xmalloc (mode_info->width * 3); -+ grub_uint8_t *buffer = xcalloc (3, mode_info->width); - grub_uint32_t rmask = ((1 << mode_info->red_mask_size) - 1); - grub_uint32_t gmask = ((1 << mode_info->green_mask_size) - 1); - grub_uint32_t bmask = ((1 << mode_info->blue_mask_size) - 1); -@@ -367,7 +367,7 @@ grub_video_capture_write_bmp (const char - } - case 3: - { -- grub_uint8_t *buffer = xmalloc (mode_info->width * 3); -+ grub_uint8_t *buffer = xcalloc (3, mode_info->width); - grub_uint32_t rmask = ((1 << mode_info->red_mask_size) - 1); - grub_uint32_t gmask = ((1 << mode_info->green_mask_size) - 1); - grub_uint32_t bmask = ((1 << mode_info->blue_mask_size) - 1); -@@ -407,7 +407,7 @@ grub_video_capture_write_bmp (const char - } - case 2: - { -- grub_uint8_t *buffer = xmalloc (mode_info->width * 3); -+ grub_uint8_t *buffer = xcalloc (3, mode_info->width); - grub_uint16_t rmask = ((1 << mode_info->red_mask_size) - 1); - grub_uint16_t gmask = ((1 << mode_info->green_mask_size) - 1); - grub_uint16_t bmask = ((1 << mode_info->blue_mask_size) - 1); -Index: grub-2.04/grub-core/video/capture.c -=================================================================== ---- grub-2.04.orig/grub-core/video/capture.c -+++ grub-2.04/grub-core/video/capture.c -@@ -89,7 +89,7 @@ grub_video_capture_start (const struct g - framebuffer.mode_info = *mode_info; - framebuffer.mode_info.blit_format = grub_video_get_blit_format (&framebuffer.mode_info); - -- framebuffer.ptr = grub_malloc (framebuffer.mode_info.height * framebuffer.mode_info.pitch); -+ framebuffer.ptr = grub_calloc (framebuffer.mode_info.height, framebuffer.mode_info.pitch); - if (!framebuffer.ptr) - return grub_errno; - -Index: grub-2.04/grub-core/video/emu/sdl.c -=================================================================== ---- grub-2.04.orig/grub-core/video/emu/sdl.c -+++ grub-2.04/grub-core/video/emu/sdl.c -@@ -172,7 +172,7 @@ grub_video_sdl_set_palette (unsigned int - if (start + count > mode_info.number_of_colors) - count = mode_info.number_of_colors - start; - -- tmp = grub_malloc (count * sizeof (tmp[0])); -+ tmp = grub_calloc (count, sizeof (tmp[0])); - for (i = 0; i < count; i++) - { - tmp[i].r = palette_data[i].r; -Index: grub-2.04/grub-core/video/i386/pc/vga.c -=================================================================== ---- grub-2.04.orig/grub-core/video/i386/pc/vga.c -+++ grub-2.04/grub-core/video/i386/pc/vga.c -@@ -127,7 +127,7 @@ grub_video_vga_setup (unsigned int width - - vga_height = height ? : 480; - -- framebuffer.temporary_buffer = grub_malloc (vga_height * VGA_WIDTH); -+ framebuffer.temporary_buffer = grub_calloc (vga_height, VGA_WIDTH); - framebuffer.front_page = 0; - framebuffer.back_page = 0; - if (!framebuffer.temporary_buffer) -Index: grub-2.04/grub-core/video/readers/png.c -=================================================================== ---- grub-2.04.orig/grub-core/video/readers/png.c -+++ grub-2.04/grub-core/video/readers/png.c -@@ -309,7 +309,7 @@ grub_png_decode_image_header (struct gru - if (data->is_16bit || data->is_gray || data->is_palette) - #endif - { -- data->image_data = grub_malloc (data->image_height * data->row_bytes); -+ data->image_data = grub_calloc (data->image_height, data->row_bytes); - if (grub_errno) - return grub_errno; - -Index: grub-2.04/include/grub/unicode.h -=================================================================== ---- grub-2.04.orig/include/grub/unicode.h -+++ grub-2.04/include/grub/unicode.h -@@ -293,7 +293,7 @@ grub_unicode_glyph_dup (const struct gru - grub_memcpy (out, in, sizeof (*in)); - if (in->ncomb > ARRAY_SIZE (out->combining_inline)) - { -- out->combining_ptr = grub_malloc (in->ncomb * sizeof (out->combining_ptr[0])); -+ out->combining_ptr = grub_calloc (in->ncomb, sizeof (out->combining_ptr[0])); - if (!out->combining_ptr) - { - grub_free (out); -@@ -315,7 +315,7 @@ grub_unicode_set_glyph (struct grub_unic - grub_memcpy (out, in, sizeof (*in)); - if (in->ncomb > ARRAY_SIZE (out->combining_inline)) - { -- out->combining_ptr = grub_malloc (in->ncomb * sizeof (out->combining_ptr[0])); -+ out->combining_ptr = grub_calloc (in->ncomb, sizeof (out->combining_ptr[0])); - if (!out->combining_ptr) - return; - grub_memcpy (out->combining_ptr, in->combining_ptr, -Index: grub-2.04/util/getroot.c -=================================================================== ---- grub-2.04.orig/util/getroot.c -+++ grub-2.04/util/getroot.c -@@ -200,7 +200,7 @@ make_device_name (const char *drive) - char *ret, *ptr; - const char *iptr; - -- ret = xmalloc (strlen (drive) * 2); -+ ret = xcalloc (2, strlen (drive)); - ptr = ret; - for (iptr = drive; *iptr; iptr++) - { -Index: grub-2.04/util/grub-file.c -=================================================================== ---- grub-2.04.orig/util/grub-file.c -+++ grub-2.04/util/grub-file.c -@@ -54,7 +54,7 @@ main (int argc, char *argv[]) - - grub_util_host_init (&argc, &argv); - -- argv2 = xmalloc (argc * sizeof (argv2[0])); -+ argv2 = xcalloc (argc, sizeof (argv2[0])); - - if (argc == 2 && strcmp (argv[1], "--version") == 0) - { -Index: grub-2.04/util/grub-fstest.c -=================================================================== ---- grub-2.04.orig/util/grub-fstest.c -+++ grub-2.04/util/grub-fstest.c -@@ -650,7 +650,7 @@ argp_parser (int key, char *arg, struct - if (args_count < num_disks) - { - if (args_count == 0) -- images = xmalloc (num_disks * sizeof (images[0])); -+ images = xcalloc (num_disks, sizeof (images[0])); - images[args_count] = grub_canonicalize_file_name (arg); - args_count++; - return 0; -@@ -734,7 +734,7 @@ main (int argc, char *argv[]) - - grub_util_host_init (&argc, &argv); - -- args = xmalloc (argc * sizeof (args[0])); -+ args = xcalloc (argc, sizeof (args[0])); - - argp_parse (&argp, argc, argv, 0, 0, 0); - -Index: grub-2.04/util/grub-install-common.c -=================================================================== ---- grub-2.04.orig/util/grub-install-common.c -+++ grub-2.04/util/grub-install-common.c -@@ -286,7 +286,7 @@ handle_install_list (struct install_list - il->n_entries++; - } - il->n_alloc = il->n_entries + 1; -- il->entries = xmalloc (il->n_alloc * sizeof (il->entries[0])); -+ il->entries = xcalloc (il->n_alloc, sizeof (il->entries[0])); - ptr = val; - for (ce = il->entries; ; ce++) - { -Index: grub-2.04/util/grub-install.c -=================================================================== ---- grub-2.04.orig/util/grub-install.c -+++ grub-2.04/util/grub-install.c -@@ -695,7 +695,7 @@ device_map_check_duplicates (const char - if (! fp) - return; - -- d = xmalloc (alloced * sizeof (d[0])); -+ d = xcalloc (alloced, sizeof (d[0])); - - while (fgets (buf, sizeof (buf), fp)) - { -@@ -1322,7 +1322,7 @@ main (int argc, char *argv[]) - ndev++; - } - -- grub_drives = xmalloc (sizeof (grub_drives[0]) * (ndev + 1)); -+ grub_drives = xcalloc (ndev + 1, sizeof (grub_drives[0])); - - for (curdev = grub_devices, curdrive = grub_drives; *curdev; curdev++, - curdrive++) -Index: grub-2.04/util/grub-mkimagexx.c -=================================================================== ---- grub-2.04.orig/util/grub-mkimagexx.c -+++ grub-2.04/util/grub-mkimagexx.c -@@ -2294,10 +2294,8 @@ SUFFIX (grub_mkimage_load_image) (const - + grub_host_to_target16 (e->e_shstrndx) * smd.section_entsize); - smd.strtab = (char *) e + grub_host_to_target_addr (s->sh_offset); - -- smd.addrs = xmalloc (sizeof (*smd.addrs) * smd.num_sections); -- memset (smd.addrs, 0, sizeof (*smd.addrs) * smd.num_sections); -- smd.vaddrs = xmalloc (sizeof (*smd.vaddrs) * smd.num_sections); -- memset (smd.vaddrs, 0, sizeof (*smd.vaddrs) * smd.num_sections); -+ smd.addrs = xcalloc (smd.num_sections, sizeof (*smd.addrs)); -+ smd.vaddrs = xcalloc (smd.num_sections, sizeof (*smd.vaddrs)); - - SUFFIX (locate_sections) (e, kernel_path, &smd, layout, image_target); - -Index: grub-2.04/util/grub-mkrescue.c -=================================================================== ---- grub-2.04.orig/util/grub-mkrescue.c -+++ grub-2.04/util/grub-mkrescue.c -@@ -441,8 +441,8 @@ main (int argc, char *argv[]) - xorriso = xstrdup ("xorriso"); - label_font = grub_util_path_concat (2, pkgdatadir, "unicode.pf2"); - -- argp_argv = xmalloc (sizeof (argp_argv[0]) * argc); -- xorriso_tail_argv = xmalloc (sizeof (argp_argv[0]) * argc); -+ argp_argv = xcalloc (argc, sizeof (argp_argv[0])); -+ xorriso_tail_argv = xcalloc (argc, sizeof (argp_argv[0])); - - xorriso_tail_argc = 0; - /* Program name */ -Index: grub-2.04/util/grub-mkstandalone.c -=================================================================== ---- grub-2.04.orig/util/grub-mkstandalone.c -+++ grub-2.04/util/grub-mkstandalone.c -@@ -296,7 +296,7 @@ main (int argc, char *argv[]) - grub_util_host_init (&argc, &argv); - grub_util_disable_fd_syncs (); - -- files = xmalloc ((argc + 1) * sizeof (files[0])); -+ files = xcalloc (argc + 1, sizeof (files[0])); - - argp_parse (&argp, argc, argv, 0, 0, 0); - -Index: grub-2.04/util/grub-pe2elf.c -=================================================================== ---- grub-2.04.orig/util/grub-pe2elf.c -+++ grub-2.04/util/grub-pe2elf.c -@@ -100,9 +100,9 @@ write_section_data (FILE* fp, const char - char *pe_strtab = (image + pe_chdr->symtab_offset - + pe_chdr->num_symbols * sizeof (struct grub_pe32_symbol)); - -- section_map = xmalloc ((2 * pe_chdr->num_sections + 5) * sizeof (int)); -+ section_map = xcalloc (2 * pe_chdr->num_sections + 5, sizeof (int)); - section_map[0] = 0; -- shdr = xmalloc ((2 * pe_chdr->num_sections + 5) * sizeof (shdr[0])); -+ shdr = xcalloc (2 * pe_chdr->num_sections + 5, sizeof (shdr[0])); - idx = 1; - idx_reloc = pe_chdr->num_sections + 1; - -@@ -233,7 +233,7 @@ write_reloc_section (FILE* fp, const cha - - pe_sec = pe_shdr + shdr[i].sh_link; - pe_rel = (struct grub_pe32_reloc *) (image + pe_sec->relocations_offset); -- rel = (elf_reloc_t *) xmalloc (pe_sec->num_relocations * sizeof (elf_reloc_t)); -+ rel = (elf_reloc_t *) xcalloc (pe_sec->num_relocations, sizeof (elf_reloc_t)); - num_rels = 0; - modified = 0; - -@@ -365,12 +365,10 @@ write_symbol_table (FILE* fp, const char - pe_symtab = (struct grub_pe32_symbol *) (image + pe_chdr->symtab_offset); - pe_strtab = (char *) (pe_symtab + pe_chdr->num_symbols); - -- symtab = (Elf_Sym *) xmalloc ((pe_chdr->num_symbols + 1) * -- sizeof (Elf_Sym)); -- memset (symtab, 0, (pe_chdr->num_symbols + 1) * sizeof (Elf_Sym)); -+ symtab = (Elf_Sym *) xcalloc (pe_chdr->num_symbols + 1, sizeof (Elf_Sym)); - num_syms = 1; - -- symtab_map = (int *) xmalloc (pe_chdr->num_symbols * sizeof (int)); -+ symtab_map = (int *) xcalloc (pe_chdr->num_symbols, sizeof (int)); - - for (i = 0; i < (int) pe_chdr->num_symbols; - i += pe_symtab->num_aux + 1, pe_symtab += pe_symtab->num_aux + 1) -Index: grub-2.04/util/grub-probe.c -=================================================================== ---- grub-2.04.orig/util/grub-probe.c -+++ grub-2.04/util/grub-probe.c -@@ -361,8 +361,8 @@ probe (const char *path, char **device_n - grub_util_pull_device (*curdev); - ndev++; - } -- -- drives_names = xmalloc (sizeof (drives_names[0]) * (ndev + 1)); -+ -+ drives_names = xcalloc (ndev + 1, sizeof (drives_names[0])); - - for (curdev = device_names, curdrive = drives_names; *curdev; curdev++, - curdrive++) diff --git a/0004-datetime-Enable-the-datetime-module-for-the-emu-plat.patch b/0004-datetime-Enable-the-datetime-module-for-the-emu-plat.patch deleted file mode 100644 index fa7ac2c..0000000 --- a/0004-datetime-Enable-the-datetime-module-for-the-emu-plat.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 1657e72f5bd6cdb9c35cbeb394c1d4329f8f024b Mon Sep 17 00:00:00 2001 -From: Mike Gilbert -Date: Thu, 5 Mar 2020 16:52:18 -0500 -Subject: [PATCH] datetime: Enable the datetime module for the emu platform - -Fixes a build failure: - - grub-core/commands/date.c:49: undefined reference to `grub_get_weekday_name' - grub-core/commands/ls.c:155: undefined reference to `grub_unixtime2datetime' - -Bug: https://bugs.gentoo.org/711512 - -Signed-off-by: Mike Gilbert -Reviewed-by: Javier Martinez Canillas -Tested-by: Javier Martinez Canillas -Reviewed-by: Daniel Kiper ---- - grub-core/Makefile.core.def | 1 - - 1 file changed, 1 deletion(-) - -Index: grub-2.04/grub-core/Makefile.core.def -=================================================================== ---- grub-2.04.orig/grub-core/Makefile.core.def -+++ grub-2.04/grub-core/Makefile.core.def -@@ -1670,7 +1670,6 @@ module = { - i386_xen_pvh = lib/xen/datetime.c; - - mips_arc = lib/arc/datetime.c; -- enable = noemu; - }; - - module = { diff --git a/0004-efi-Add-a-function-to-read-EFI-variables-with-attrib.patch b/0004-efi-Add-a-function-to-read-EFI-variables-with-attrib.patch deleted file mode 100644 index 282d414..0000000 --- a/0004-efi-Add-a-function-to-read-EFI-variables-with-attrib.patch +++ /dev/null @@ -1,79 +0,0 @@ -From 5f2d71f71bc62c5cffbe27a9ee247803a77dc032 Mon Sep 17 00:00:00 2001 -From: Daniel Kiper -Date: Thu, 3 Dec 2020 16:01:47 +0100 -Subject: [PATCH 04/46] efi: Add a function to read EFI variables with - attributes - -It will be used to properly detect and report UEFI Secure Boot status to -the x86 Linux kernel. The functionality will be added by subsequent patches. - -Signed-off-by: Ignat Korchagin -Signed-off-by: Daniel Kiper -Signed-off-by: Marco A Benatto -Signed-off-by: Javier Martinez Canillas -Reviewed-by: Daniel Kiper ---- - grub-core/kern/efi/efi.c | 16 +++++++++++++--- - include/grub/efi/efi.h | 5 +++++ - 2 files changed, 18 insertions(+), 3 deletions(-) - -diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c -index 9fd136694..92e99b441 100644 ---- a/grub-core/kern/efi/efi.c -+++ b/grub-core/kern/efi/efi.c -@@ -223,8 +223,11 @@ grub_efi_set_variable(const char *var, const grub_efi_guid_t *guid, - } - - grub_efi_status_t --grub_efi_get_variable (const char *var, const grub_efi_guid_t *guid, -- grub_size_t *datasize_out, void **data_out) -+grub_efi_get_variable_with_attributes (const char *var, -+ const grub_efi_guid_t *guid, -+ grub_size_t *datasize_out, -+ void **data_out, -+ grub_efi_uint32_t *attributes) - { - grub_efi_status_t status; - grub_efi_uintn_t datasize = 0; -@@ -261,7 +264,7 @@ grub_efi_get_variable (const char *var, const grub_efi_guid_t *guid, - return GRUB_EFI_OUT_OF_RESOURCES; - } - -- status = efi_call_5 (r->get_variable, var16, guid, NULL, &datasize, data); -+ status = efi_call_5 (r->get_variable, var16, guid, attributes, &datasize, data); - grub_free (var16); - - if (status == GRUB_EFI_SUCCESS) -@@ -303,6 +306,13 @@ grub_efi_secure_boot (void) - return ret; - } - -+grub_efi_status_t -+grub_efi_get_variable (const char *var, const grub_efi_guid_t *guid, -+ grub_size_t *datasize_out, void **data_out) -+{ -+ return grub_efi_get_variable_with_attributes (var, guid, datasize_out, data_out, NULL); -+} -+ - #pragma GCC diagnostic ignored "-Wcast-align" - - /* Search the mods section from the PE32/PE32+ image. This code uses -diff --git a/include/grub/efi/efi.h b/include/grub/efi/efi.h -index f27d3a365..568d80030 100644 ---- a/include/grub/efi/efi.h -+++ b/include/grub/efi/efi.h -@@ -77,6 +77,11 @@ grub_err_t EXPORT_FUNC (grub_efi_set_virtual_address_map) (grub_efi_uintn_t memo - grub_efi_uintn_t descriptor_size, - grub_efi_uint32_t descriptor_version, - grub_efi_memory_descriptor_t *virtual_map); -+grub_efi_status_t EXPORT_FUNC (grub_efi_get_variable_with_attributes) (const char *variable, -+ const grub_efi_guid_t *guid, -+ grub_size_t *datasize_out, -+ void **data_out, -+ grub_efi_uint32_t *attributes); - grub_efi_status_t EXPORT_FUNC (grub_efi_get_variable) (const char *variable, - const grub_efi_guid_t *guid, - grub_size_t *datasize_out, --- -2.26.2 - diff --git a/0005-Make-linux_arm_kernel_header.hdr_offset-be-at-the-ri.patch b/0005-Make-linux_arm_kernel_header.hdr_offset-be-at-the-ri.patch deleted file mode 100644 index dd22c30..0000000 --- a/0005-Make-linux_arm_kernel_header.hdr_offset-be-at-the-ri.patch +++ /dev/null @@ -1,75 +0,0 @@ -From 669aa440ca34f6d8982c92b79fa2ee84c20618c6 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Thu, 16 Aug 2018 11:08:11 -0400 -Subject: [PATCH 5/9] Make linux_arm_kernel_header.hdr_offset be at the right - place - -The kernel in front of me (slightly edited to make objdump work) looks like: - -00000000 4d 5a 10 13 4d 5a 10 13 4d 5a 10 13 4d 5a 10 13 |MZ..MZ..MZ..MZ..| -00000010 4d 5a 10 13 4d 5a 10 13 4d 5a 10 13 00 00 a0 e1 |MZ..MZ..MZ......| -00000020 f6 03 00 ea 18 28 6f 01 00 00 00 00 00 32 74 00 |.....(o......2t.| -00000030 01 02 03 04 45 45 45 45 74 a2 00 00 40 00 00 00 |....EEEEt...@...| -00000040 50 45 00 00 4c 01 04 00 00 00 00 00 00 00 00 00 |PE..L...........| -00000050 00 00 00 00 90 00 06 03 0b 01 02 14 00 20 74 00 |............. t.| -00000060 00 14 00 00 00 00 00 00 b4 19 00 00 00 10 00 00 |................| -00000070 00 30 74 00 00 00 00 00 00 10 00 00 00 02 00 00 |.0t.............| -00000080 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| -00000090 00 44 74 00 00 10 00 00 00 00 00 00 0a 00 00 00 |.Dt.............| -000000a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| -000000b0 00 00 00 00 06 00 00 00 00 00 00 00 00 00 00 00 |................| -000000c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| -* - -(I don't know why the MZ header is there 7 times, but the offsets work out, so -it's merely a surprising distraction.) - -If linux_arm_kernel_header.reserved2 is 16 bytes, that means hdr_offset is -here: - -00000030 01 02 03 04 45 45 45 45 74 a2 00 00 40 00 00 00 |....EEEEt...@...| -00000040 50 45 00 00 4c 01 04 00 00 00 00 00 00 00 00 00 |PE..L...........| - ^^^^^^^^^^^ - -But it's supposed to be 4 bytes before that. - -This patch makes the reserved field be 3*32 instead of 4*32, and that means we -can find the PE header correcrtly at 0x40 by reading the value at 0x3c. - -Signed-off-by: Peter Jones ---- - grub-core/loader/arm64/efi/linux.c | 3 +++ - include/grub/arm/linux.h | 2 +- - 2 files changed, 4 insertions(+), 1 deletion(-) - -diff --git a/grub-core/loader/arm64/efi/linux.c b/grub-core/loader/arm64/efi/linux.c -index 4d084950a..83d09b7e5 100644 ---- a/grub-core/loader/arm64/efi/linux.c -+++ b/grub-core/loader/arm64/efi/linux.c -@@ -86,7 +86,10 @@ grub_efi_linux_boot (void *kernel_address, grub_off_t offset, - { - handover_func hf; - -+ grub_dprintf ("linux", "kernel_addr: %p handover_offset: %p params: %p\n", -+ kernel_address, (void *)(grub_efi_uintn_t)offset, kernel_params); - hf = (handover_func)((char *)kernel_address + offset); -+ grub_dprintf ("linux", "handover_func() = %p\n", hf); - hf (grub_efi_image_handle, grub_efi_system_table, kernel_params); - - return GRUB_ERR_BUG; -diff --git a/include/grub/arm/linux.h b/include/grub/arm/linux.h -index 775297db8..b582f67f6 100644 ---- a/include/grub/arm/linux.h -+++ b/include/grub/arm/linux.h -@@ -31,7 +31,7 @@ struct linux_arm_kernel_header { - grub_uint32_t magic; - grub_uint32_t start; /* _start */ - grub_uint32_t end; /* _edata */ -- grub_uint32_t reserved2[4]; -+ grub_uint32_t reserved2[3]; - grub_uint32_t hdr_offset; - }; - --- -2.26.2 - diff --git a/0005-efi-Add-secure-boot-detection.patch b/0005-efi-Add-secure-boot-detection.patch deleted file mode 100644 index e7f2550..0000000 --- a/0005-efi-Add-secure-boot-detection.patch +++ /dev/null @@ -1,210 +0,0 @@ -From 12650d0953372674fb587c2e6331257fc7a90a94 Mon Sep 17 00:00:00 2001 -From: Daniel Kiper -Date: Thu, 3 Dec 2020 16:01:48 +0100 -Subject: [PATCH 05/46] efi: Add secure boot detection - -Introduce grub_efi_get_secureboot() function which returns whether -UEFI Secure Boot is enabled or not on UEFI systems. - -Signed-off-by: Ignat Korchagin -Signed-off-by: Daniel Kiper -Signed-off-by: Marco A Benatto -Signed-off-by: Javier Martinez Canillas -Reviewed-by: Daniel Kiper ---- - grub-core/Makefile.am | 1 + - grub-core/Makefile.core.def | 1 + - grub-core/kern/efi/sb.c | 109 ++++++++++++++++++++++++++++++++++++ - include/grub/efi/sb.h | 40 +++++++++++++ - 4 files changed, 151 insertions(+) - create mode 100644 grub-core/kern/efi/sb.c - create mode 100644 include/grub/efi/sb.h - -diff --git a/grub-core/Makefile.am b/grub-core/Makefile.am -index ede596170..5ff3afd62 100644 ---- a/grub-core/Makefile.am -+++ b/grub-core/Makefile.am -@@ -71,6 +71,7 @@ KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/command.h - KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/device.h - KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/disk.h - KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/dl.h -+KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/efi/sb.h - KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/env.h - KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/env_private.h - KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/err.h -diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def -index ce4f71ebe..072b1628c 100644 ---- a/grub-core/Makefile.core.def -+++ b/grub-core/Makefile.core.def -@@ -203,6 +203,7 @@ kernel = { - efi = term/efi/console.c; - efi = kern/acpi.c; - efi = kern/efi/acpi.c; -+ efi = kern/efi/sb.c; - i386_coreboot = kern/i386/pc/acpi.c; - i386_multiboot = kern/i386/pc/acpi.c; - i386_coreboot = kern/acpi.c; -diff --git a/grub-core/kern/efi/sb.c b/grub-core/kern/efi/sb.c -new file mode 100644 -index 000000000..19658d962 ---- /dev/null -+++ b/grub-core/kern/efi/sb.c -@@ -0,0 +1,109 @@ -+/* -+ * GRUB -- GRand Unified Bootloader -+ * Copyright (C) 2020 Free Software Foundation, Inc. -+ * -+ * GRUB is free software: you can redistribute it and/or modify -+ * it under the terms of the GNU General Public License as published by -+ * the Free Software Foundation, either version 3 of the License, or -+ * (at your option) any later version. -+ * -+ * GRUB is distributed in the hope that it will be useful, -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ * GNU General Public License for more details. -+ * -+ * You should have received a copy of the GNU General Public License -+ * along with GRUB. If not, see . -+ * -+ * UEFI Secure Boot related checkings. -+ */ -+ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+ -+/* -+ * Determine whether we're in secure boot mode. -+ * -+ * Please keep the logic in sync with the Linux kernel, -+ * drivers/firmware/efi/libstub/secureboot.c:efi_get_secureboot(). -+ */ -+grub_uint8_t -+grub_efi_get_secureboot (void) -+{ -+ static grub_efi_guid_t efi_variable_guid = GRUB_EFI_GLOBAL_VARIABLE_GUID; -+ static grub_efi_guid_t efi_shim_lock_guid = GRUB_EFI_SHIM_LOCK_GUID; -+ grub_efi_status_t status; -+ grub_efi_uint32_t attr = 0; -+ grub_size_t size = 0; -+ grub_uint8_t *secboot = NULL; -+ grub_uint8_t *setupmode = NULL; -+ grub_uint8_t *moksbstate = NULL; -+ grub_uint8_t secureboot = GRUB_EFI_SECUREBOOT_MODE_UNKNOWN; -+ const char *secureboot_str = "UNKNOWN"; -+ -+ status = grub_efi_get_variable ("SecureBoot", &efi_variable_guid, -+ &size, (void **) &secboot); -+ -+ if (status == GRUB_EFI_NOT_FOUND) -+ { -+ secureboot = GRUB_EFI_SECUREBOOT_MODE_DISABLED; -+ goto out; -+ } -+ -+ if (status != GRUB_EFI_SUCCESS) -+ goto out; -+ -+ status = grub_efi_get_variable ("SetupMode", &efi_variable_guid, -+ &size, (void **) &setupmode); -+ -+ if (status != GRUB_EFI_SUCCESS) -+ goto out; -+ -+ if ((*secboot == 0) || (*setupmode == 1)) -+ { -+ secureboot = GRUB_EFI_SECUREBOOT_MODE_DISABLED; -+ goto out; -+ } -+ -+ /* -+ * See if a user has put the shim into insecure mode. If so, and if the -+ * variable doesn't have the runtime attribute set, we might as well -+ * honor that. -+ */ -+ status = grub_efi_get_variable_with_attributes ("MokSBState", &efi_shim_lock_guid, -+ &size, (void **) &moksbstate, &attr); -+ -+ /* If it fails, we don't care why. Default to secure. */ -+ if (status != GRUB_EFI_SUCCESS) -+ { -+ secureboot = GRUB_EFI_SECUREBOOT_MODE_ENABLED; -+ goto out; -+ } -+ -+ if (!(attr & GRUB_EFI_VARIABLE_RUNTIME_ACCESS) && *moksbstate == 1) -+ { -+ secureboot = GRUB_EFI_SECUREBOOT_MODE_DISABLED; -+ goto out; -+ } -+ -+ secureboot = GRUB_EFI_SECUREBOOT_MODE_ENABLED; -+ -+ out: -+ grub_free (moksbstate); -+ grub_free (setupmode); -+ grub_free (secboot); -+ -+ if (secureboot == GRUB_EFI_SECUREBOOT_MODE_DISABLED) -+ secureboot_str = "Disabled"; -+ else if (secureboot == GRUB_EFI_SECUREBOOT_MODE_ENABLED) -+ secureboot_str = "Enabled"; -+ -+ grub_dprintf ("efi", "UEFI Secure Boot state: %s\n", secureboot_str); -+ -+ return secureboot; -+} -diff --git a/include/grub/efi/sb.h b/include/grub/efi/sb.h -new file mode 100644 -index 000000000..a33d985e3 ---- /dev/null -+++ b/include/grub/efi/sb.h -@@ -0,0 +1,40 @@ -+/* -+ * GRUB -- GRand Unified Bootloader -+ * Copyright (C) 2020 Free Software Foundation, Inc. -+ * -+ * GRUB is free software: you can redistribute it and/or modify -+ * it under the terms of the GNU General Public License as published by -+ * the Free Software Foundation, either version 3 of the License, or -+ * (at your option) any later version. -+ * -+ * GRUB is distributed in the hope that it will be useful, -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ * GNU General Public License for more details. -+ * -+ * You should have received a copy of the GNU General Public License -+ * along with GRUB. If not, see . -+ */ -+ -+#ifndef GRUB_EFI_SB_H -+#define GRUB_EFI_SB_H 1 -+ -+#include -+#include -+ -+#define GRUB_EFI_SECUREBOOT_MODE_UNSET 0 -+#define GRUB_EFI_SECUREBOOT_MODE_UNKNOWN 1 -+#define GRUB_EFI_SECUREBOOT_MODE_DISABLED 2 -+#define GRUB_EFI_SECUREBOOT_MODE_ENABLED 3 -+ -+#ifdef GRUB_MACHINE_EFI -+extern grub_uint8_t -+EXPORT_FUNC (grub_efi_get_secureboot) (void); -+#else -+static inline grub_uint8_t -+grub_efi_get_secureboot (void) -+{ -+ return GRUB_EFI_SECUREBOOT_MODE_UNSET; -+} -+#endif -+#endif /* GRUB_EFI_SB_H */ --- -2.26.2 - diff --git a/0005-grub.texi-Add-net_bootp6-doument.patch b/0005-grub.texi-Add-net_bootp6-doument.patch index e097598..d1bae32 100644 --- a/0005-grub.texi-Add-net_bootp6-doument.patch +++ b/0005-grub.texi-Add-net_bootp6-doument.patch @@ -11,22 +11,23 @@ Signed-off-by: Ken Lin docs/grub.texi | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) -diff --git a/docs/grub.texi b/docs/grub.texi -index 82f6fa4..60b4aa0 100644 ---- a/docs/grub.texi -+++ b/docs/grub.texi -@@ -5173,6 +5173,7 @@ See @uref{http://wiki.xen.org/wiki/XSM} for more detail. +Index: grub-2.06~rc1/docs/grub.texi +=================================================================== +--- grub-2.06~rc1.orig/docs/grub.texi ++++ grub-2.06~rc1/docs/grub.texi +@@ -5477,6 +5477,7 @@ This command is only available on AArch6 * net_add_dns:: Add a DNS server * net_add_route:: Add routing entry - * net_bootp:: Perform a bootp autoconfiguration + * net_bootp:: Perform a bootp/DHCP autoconfiguration +* net_bootp6:: Perform a DHCPv6 autoconfiguration * net_del_addr:: Remove IP address from interface * net_del_dns:: Remove a DNS server * net_del_route:: Remove a route entry -@@ -5254,6 +5255,22 @@ Sets environment variable @samp{net_}@var{}@samp{_dhcp_extensionspath} +@@ -5533,6 +5534,24 @@ command (@pxref{net_dhcp}). @end deffn ++ +@node net_bootp6 +@subsection net_bootp6 + @@ -43,9 +44,7 @@ index 82f6fa4..60b4aa0 100644 +@end table + +@end deffn ++ @node net_del_addr @subsection net_del_addr --- -2.6.6 - diff --git a/0005-malloc-Use-overflow-checking-primitives-where-we-do-.patch b/0005-malloc-Use-overflow-checking-primitives-where-we-do-.patch deleted file mode 100644 index 910536d..0000000 --- a/0005-malloc-Use-overflow-checking-primitives-where-we-do-.patch +++ /dev/null @@ -1,1319 +0,0 @@ -From 790790798e8f0862d5ee64440acd424716030c86 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Mon, 15 Jun 2020 12:28:27 -0400 -Subject: [PATCH 5/7] malloc: Use overflow checking primitives where we do - complex allocations - -This attempts to fix the places where we do the following where -arithmetic_expr may include unvalidated data: - - X = grub_malloc(arithmetic_expr); - -It accomplishes this by doing the arithmetic ahead of time using grub_add(), -grub_sub(), grub_mul() and testing for overflow before proceeding. - -Among other issues, this fixes: - - allocation of integer overflow in grub_video_bitmap_create() - reported by Chris Coulson, - - allocation of integer overflow in grub_png_decode_image_header() - reported by Chris Coulson, - - allocation of integer overflow in grub_squash_read_symlink() - reported by Chris Coulson, - - allocation of integer overflow in grub_ext2_read_symlink() - reported by Chris Coulson, - - allocation of integer overflow in read_section_as_string() - reported by Chris Coulson. - -Fixes: CVE-2020-14309, CVE-2020-14310, CVE-2020-14311 - -Signed-off-by: Peter Jones -Reviewed-by: Daniel Kiper ---- - grub-core/commands/legacycfg.c | 29 +++++++++++++++---- - grub-core/commands/wildcard.c | 36 ++++++++++++++++++++---- - grub-core/disk/ldm.c | 32 +++++++++++++++------ - grub-core/font/font.c | 7 ++++- - grub-core/fs/btrfs.c | 28 +++++++++++++------ - grub-core/fs/ext2.c | 10 ++++++- - grub-core/fs/iso9660.c | 51 ++++++++++++++++++++++++---------- - grub-core/fs/sfs.c | 27 ++++++++++++++---- - grub-core/fs/squash4.c | 45 ++++++++++++++++++++++-------- - grub-core/fs/udf.c | 41 +++++++++++++++++---------- - grub-core/fs/xfs.c | 11 +++++--- - grub-core/fs/zfs/zfs.c | 22 ++++++++++----- - grub-core/fs/zfs/zfscrypt.c | 7 ++++- - grub-core/lib/arg.c | 20 +++++++++++-- - grub-core/loader/i386/bsd.c | 8 +++++- - grub-core/net/dns.c | 9 +++++- - grub-core/normal/charset.c | 10 +++++-- - grub-core/normal/cmdline.c | 14 ++++++++-- - grub-core/normal/menu_entry.c | 13 +++++++-- - grub-core/script/argv.c | 16 +++++++++-- - grub-core/script/lexer.c | 21 ++++++++++++-- - grub-core/video/bitmap.c | 25 +++++++++++------ - grub-core/video/readers/png.c | 13 +++++++-- - 23 files changed, 382 insertions(+), 113 deletions(-) - -Index: grub-2.04/grub-core/commands/legacycfg.c -=================================================================== ---- grub-2.04.orig/grub-core/commands/legacycfg.c -+++ grub-2.04/grub-core/commands/legacycfg.c -@@ -32,6 +32,7 @@ - #include - #include - #include -+#include - - GRUB_MOD_LICENSE ("GPLv3+"); - -@@ -104,13 +105,22 @@ legacy_file (const char *filename) - if (newsuffix) - { - char *t; -- -+ grub_size_t sz; -+ -+ if (grub_add (grub_strlen (suffix), grub_strlen (newsuffix), &sz) || -+ grub_add (sz, 1, &sz)) -+ { -+ grub_errno = GRUB_ERR_OUT_OF_RANGE; -+ goto fail_0; -+ } -+ - t = suffix; -- suffix = grub_realloc (suffix, grub_strlen (suffix) -- + grub_strlen (newsuffix) + 1); -+ suffix = grub_realloc (suffix, sz); - if (!suffix) - { - grub_free (t); -+ -+ fail_0: - grub_free (entrysrc); - grub_free (parsed); - grub_free (newsuffix); -@@ -154,13 +164,22 @@ legacy_file (const char *filename) - else - { - char *t; -+ grub_size_t sz; -+ -+ if (grub_add (grub_strlen (entrysrc), grub_strlen (parsed), &sz) || -+ grub_add (sz, 1, &sz)) -+ { -+ grub_errno = GRUB_ERR_OUT_OF_RANGE; -+ goto fail_1; -+ } - - t = entrysrc; -- entrysrc = grub_realloc (entrysrc, grub_strlen (entrysrc) -- + grub_strlen (parsed) + 1); -+ entrysrc = grub_realloc (entrysrc, sz); - if (!entrysrc) - { - grub_free (t); -+ -+ fail_1: - grub_free (parsed); - grub_free (suffix); - return grub_errno; -Index: grub-2.04/grub-core/commands/wildcard.c -=================================================================== ---- grub-2.04.orig/grub-core/commands/wildcard.c -+++ grub-2.04/grub-core/commands/wildcard.c -@@ -23,6 +23,7 @@ - #include - #include - #include -+#include - - #include - -@@ -48,6 +49,7 @@ merge (char **dest, char **ps) - int i; - int j; - char **p; -+ grub_size_t sz; - - if (! dest) - return ps; -@@ -60,7 +62,12 @@ merge (char **dest, char **ps) - for (j = 0; ps[j]; j++) - ; - -- p = grub_realloc (dest, sizeof (char*) * (i + j + 1)); -+ if (grub_add (i, j, &sz) || -+ grub_add (sz, 1, &sz) || -+ grub_mul (sz, sizeof (char *), &sz)) -+ return dest; -+ -+ p = grub_realloc (dest, sz); - if (! p) - { - grub_free (dest); -@@ -115,8 +122,15 @@ make_regex (const char *start, const cha - char ch; - int i = 0; - unsigned len = end - start; -- char *buffer = grub_malloc (len * 2 + 2 + 1); /* worst case size. */ -+ char *buffer; -+ grub_size_t sz; - -+ /* Worst case size is (len * 2 + 2 + 1). */ -+ if (grub_mul (len, 2, &sz) || -+ grub_add (sz, 3, &sz)) -+ return 1; -+ -+ buffer = grub_malloc (sz); - if (! buffer) - return 1; - -@@ -226,6 +240,7 @@ match_devices_iter (const char *name, vo - struct match_devices_ctx *ctx = data; - char **t; - char *buffer; -+ grub_size_t sz; - - /* skip partitions if asked to. */ - if (ctx->noparts && grub_strchr (name, ',')) -@@ -239,11 +254,16 @@ match_devices_iter (const char *name, vo - if (regexec (ctx->regexp, buffer, 0, 0, 0)) - { - grub_dprintf ("expand", "not matched\n"); -+ fail: - grub_free (buffer); - return 0; - } - -- t = grub_realloc (ctx->devs, sizeof (char*) * (ctx->ndev + 2)); -+ if (grub_add (ctx->ndev, 2, &sz) || -+ grub_mul (sz, sizeof (char *), &sz)) -+ goto fail; -+ -+ t = grub_realloc (ctx->devs, sz); - if (! t) - { - grub_free (buffer); -@@ -300,6 +320,7 @@ match_files_iter (const char *name, - struct match_files_ctx *ctx = data; - char **t; - char *buffer; -+ grub_size_t sz; - - /* skip . and .. names */ - if (grub_strcmp(".", name) == 0 || grub_strcmp("..", name) == 0) -@@ -315,9 +336,14 @@ match_files_iter (const char *name, - if (! buffer) - return 1; - -- t = grub_realloc (ctx->files, sizeof (char*) * (ctx->nfile + 2)); -- if (! t) -+ if (grub_add (ctx->nfile, 2, &sz) || -+ grub_mul (sz, sizeof (char *), &sz)) -+ goto fail; -+ -+ t = grub_realloc (ctx->files, sz); -+ if (!t) - { -+ fail: - grub_free (buffer); - return 1; - } -Index: grub-2.04/grub-core/disk/ldm.c -=================================================================== ---- grub-2.04.orig/grub-core/disk/ldm.c -+++ grub-2.04/grub-core/disk/ldm.c -@@ -25,6 +25,7 @@ - #include - #include - #include -+#include - - #ifdef GRUB_UTIL - #include -@@ -289,6 +290,7 @@ make_vg (grub_disk_t disk, - struct grub_ldm_vblk vblk[GRUB_DISK_SECTOR_SIZE - / sizeof (struct grub_ldm_vblk)]; - unsigned i; -+ grub_size_t sz; - err = grub_disk_read (disk, cursec, 0, - sizeof(vblk), &vblk); - if (err) -@@ -350,7 +352,13 @@ make_vg (grub_disk_t disk, - grub_free (lv); - goto fail2; - } -- lv->name = grub_malloc (*ptr + 1); -+ if (grub_add (*ptr, 1, &sz)) -+ { -+ grub_free (lv->internal_id); -+ grub_free (lv); -+ goto fail2; -+ } -+ lv->name = grub_malloc (sz); - if (!lv->name) - { - grub_free (lv->internal_id); -@@ -599,10 +607,13 @@ make_vg (grub_disk_t disk, - if (lv->segments->node_alloc == lv->segments->node_count) - { - void *t; -- lv->segments->node_alloc *= 2; -- t = grub_realloc (lv->segments->nodes, -- sizeof (*lv->segments->nodes) -- * lv->segments->node_alloc); -+ grub_size_t sz; -+ -+ if (grub_mul (lv->segments->node_alloc, 2, &lv->segments->node_alloc) || -+ grub_mul (lv->segments->node_alloc, sizeof (*lv->segments->nodes), &sz)) -+ goto fail2; -+ -+ t = grub_realloc (lv->segments->nodes, sz); - if (!t) - goto fail2; - lv->segments->nodes = t; -@@ -723,10 +734,13 @@ make_vg (grub_disk_t disk, - if (comp->segment_alloc == comp->segment_count) - { - void *t; -- comp->segment_alloc *= 2; -- t = grub_realloc (comp->segments, -- comp->segment_alloc -- * sizeof (*comp->segments)); -+ grub_size_t sz; -+ -+ if (grub_mul (comp->segment_alloc, 2, &comp->segment_alloc) || -+ grub_mul (comp->segment_alloc, sizeof (*comp->segments), &sz)) -+ goto fail2; -+ -+ t = grub_realloc (comp->segments, sz); - if (!t) - goto fail2; - comp->segments = t; -Index: grub-2.04/grub-core/font/font.c -=================================================================== ---- grub-2.04.orig/grub-core/font/font.c -+++ grub-2.04/grub-core/font/font.c -@@ -30,6 +30,7 @@ - #include - #include - #include -+#include - - GRUB_MOD_LICENSE ("GPLv3+"); - -@@ -360,9 +361,13 @@ static char * - read_section_as_string (struct font_file_section *section) - { - char *str; -+ grub_size_t sz; - grub_ssize_t ret; - -- str = grub_malloc (section->length + 1); -+ if (grub_add (section->length, 1, &sz)) -+ return NULL; -+ -+ str = grub_malloc (sz); - if (!str) - return 0; - -Index: grub-2.04/grub-core/fs/btrfs.c -=================================================================== ---- grub-2.04.orig/grub-core/fs/btrfs.c -+++ grub-2.04/grub-core/fs/btrfs.c -@@ -48,6 +48,7 @@ - #include - #include - #include -+#include - - GRUB_MOD_LICENSE ("GPLv3+"); - -@@ -366,9 +367,13 @@ save_ref (struct grub_btrfs_leaf_descrip - if (desc->allocated < desc->depth) - { - void *newdata; -- desc->allocated *= 2; -- newdata = grub_realloc (desc->data, sizeof (desc->data[0]) -- * desc->allocated); -+ grub_size_t sz; -+ -+ if (grub_mul (desc->allocated, 2, &desc->allocated) || -+ grub_mul (desc->allocated, sizeof (desc->data[0]), &sz)) -+ return GRUB_ERR_OUT_OF_RANGE; -+ -+ newdata = grub_realloc (desc->data, sz); - if (!newdata) - return grub_errno; - desc->data = newdata; -@@ -659,16 +664,21 @@ find_device (struct grub_btrfs_data *dat - if (data->n_devices_attached > data->n_devices_allocated) - { - void *tmp; -- data->n_devices_allocated = 2 * data->n_devices_attached + 1; -- data->devices_attached -- = grub_realloc (tmp = data->devices_attached, -- data->n_devices_allocated -- * sizeof (data->devices_attached[0])); -+ grub_size_t sz; -+ -+ if (grub_mul (data->n_devices_attached, 2, &data->n_devices_allocated) || -+ grub_add (data->n_devices_allocated, 1, &data->n_devices_allocated) || -+ grub_mul (data->n_devices_allocated, sizeof (data->devices_attached[0]), &sz)) -+ goto fail; -+ -+ data->devices_attached = grub_realloc (tmp = data->devices_attached, sz); - if (!data->devices_attached) - { -+ data->devices_attached = tmp; -+ -+ fail: - if (ctx.dev_found) - grub_device_close (ctx.dev_found); -- data->devices_attached = tmp; - return NULL; - } - } -Index: grub-2.04/grub-core/fs/ext2.c -=================================================================== ---- grub-2.04.orig/grub-core/fs/ext2.c -+++ grub-2.04/grub-core/fs/ext2.c -@@ -46,6 +46,7 @@ - #include - #include - #include -+#include - - GRUB_MOD_LICENSE ("GPLv3+"); - -@@ -703,6 +704,7 @@ grub_ext2_read_symlink (grub_fshelp_node - { - char *symlink; - struct grub_fshelp_node *diro = node; -+ grub_size_t sz; - - if (! diro->inode_read) - { -@@ -717,7 +719,13 @@ grub_ext2_read_symlink (grub_fshelp_node - } - } - -- symlink = grub_malloc (grub_le_to_cpu32 (diro->inode.size) + 1); -+ if (grub_add (grub_le_to_cpu32 (diro->inode.size), 1, &sz)) -+ { -+ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); -+ return NULL; -+ } -+ -+ symlink = grub_malloc (sz); - if (! symlink) - return 0; - -Index: grub-2.04/grub-core/fs/iso9660.c -=================================================================== ---- grub-2.04.orig/grub-core/fs/iso9660.c -+++ grub-2.04/grub-core/fs/iso9660.c -@@ -28,6 +28,7 @@ - #include - #include - #include -+#include - - GRUB_MOD_LICENSE ("GPLv3+"); - -@@ -531,8 +532,13 @@ add_part (struct iterate_dir_ctx *ctx, - int len2) - { - int size = ctx->symlink ? grub_strlen (ctx->symlink) : 0; -+ grub_size_t sz; - -- ctx->symlink = grub_realloc (ctx->symlink, size + len2 + 1); -+ if (grub_add (size, len2, &sz) || -+ grub_add (sz, 1, &sz)) -+ return; -+ -+ ctx->symlink = grub_realloc (ctx->symlink, sz); - if (! ctx->symlink) - return; - -@@ -560,17 +566,24 @@ susp_iterate_dir (struct grub_iso9660_su - { - grub_size_t off = 0, csize = 1; - char *old; -+ grub_size_t sz; -+ - csize = entry->len - 5; - old = ctx->filename; - if (ctx->filename_alloc) - { - off = grub_strlen (ctx->filename); -- ctx->filename = grub_realloc (ctx->filename, csize + off + 1); -+ if (grub_add (csize, off, &sz) || -+ grub_add (sz, 1, &sz)) -+ return GRUB_ERR_OUT_OF_RANGE; -+ ctx->filename = grub_realloc (ctx->filename, sz); - } - else - { - off = 0; -- ctx->filename = grub_zalloc (csize + 1); -+ if (grub_add (csize, 1, &sz)) -+ return GRUB_ERR_OUT_OF_RANGE; -+ ctx->filename = grub_zalloc (sz); - } - if (!ctx->filename) - { -@@ -776,14 +789,18 @@ grub_iso9660_iterate_dir (grub_fshelp_no - if (node->have_dirents >= node->alloc_dirents) - { - struct grub_fshelp_node *new_node; -- node->alloc_dirents *= 2; -- new_node = grub_realloc (node, -- sizeof (struct grub_fshelp_node) -- + ((node->alloc_dirents -- - ARRAY_SIZE (node->dirents)) -- * sizeof (node->dirents[0]))); -+ grub_size_t sz; -+ -+ if (grub_mul (node->alloc_dirents, 2, &node->alloc_dirents) || -+ grub_sub (node->alloc_dirents, ARRAY_SIZE (node->dirents), &sz) || -+ grub_mul (sz, sizeof (node->dirents[0]), &sz) || -+ grub_add (sz, sizeof (struct grub_fshelp_node), &sz)) -+ goto fail_0; -+ -+ new_node = grub_realloc (node, sz); - if (!new_node) - { -+ fail_0: - if (ctx.filename_alloc) - grub_free (ctx.filename); - grub_free (node); -@@ -799,14 +816,18 @@ grub_iso9660_iterate_dir (grub_fshelp_no - * sizeof (node->dirents[0]) < grub_strlen (ctx.symlink) + 1) - { - struct grub_fshelp_node *new_node; -- new_node = grub_realloc (node, -- sizeof (struct grub_fshelp_node) -- + ((node->alloc_dirents -- - ARRAY_SIZE (node->dirents)) -- * sizeof (node->dirents[0])) -- + grub_strlen (ctx.symlink) + 1); -+ grub_size_t sz; -+ -+ if (grub_sub (node->alloc_dirents, ARRAY_SIZE (node->dirents), &sz) || -+ grub_mul (sz, sizeof (node->dirents[0]), &sz) || -+ grub_add (sz, sizeof (struct grub_fshelp_node) + 1, &sz) || -+ grub_add (sz, grub_strlen (ctx.symlink), &sz)) -+ goto fail_1; -+ -+ new_node = grub_realloc (node, sz); - if (!new_node) - { -+ fail_1: - if (ctx.filename_alloc) - grub_free (ctx.filename); - grub_free (node); -Index: grub-2.04/grub-core/fs/sfs.c -=================================================================== ---- grub-2.04.orig/grub-core/fs/sfs.c -+++ grub-2.04/grub-core/fs/sfs.c -@@ -26,6 +26,7 @@ - #include - #include - #include -+#include - - GRUB_MOD_LICENSE ("GPLv3+"); - -@@ -307,10 +308,15 @@ grub_sfs_read_block (grub_fshelp_node_t - if (node->cache && node->cache_size >= node->cache_allocated) - { - struct cache_entry *e = node->cache; -- e = grub_realloc (node->cache,node->cache_allocated * 2 -- * sizeof (e[0])); -+ grub_size_t sz; -+ -+ if (grub_mul (node->cache_allocated, 2 * sizeof (e[0]), &sz)) -+ goto fail; -+ -+ e = grub_realloc (node->cache, sz); - if (!e) - { -+ fail: - grub_errno = 0; - grub_free (node->cache); - node->cache = 0; -@@ -477,10 +483,16 @@ grub_sfs_create_node (struct grub_fshelp - grub_size_t len = grub_strlen (name); - grub_uint8_t *name_u8; - int ret; -+ grub_size_t sz; -+ -+ if (grub_mul (len, GRUB_MAX_UTF8_PER_LATIN1, &sz) || -+ grub_add (sz, 1, &sz)) -+ return 1; -+ - *node = grub_malloc (sizeof (**node)); - if (!*node) - return 1; -- name_u8 = grub_malloc (len * GRUB_MAX_UTF8_PER_LATIN1 + 1); -+ name_u8 = grub_malloc (sz); - if (!name_u8) - { - grub_free (*node); -@@ -724,8 +736,13 @@ grub_sfs_label (grub_device_t device, ch - data = grub_sfs_mount (disk); - if (data) - { -- grub_size_t len = grub_strlen (data->label); -- *label = grub_malloc (len * GRUB_MAX_UTF8_PER_LATIN1 + 1); -+ grub_size_t sz, len = grub_strlen (data->label); -+ -+ if (grub_mul (len, GRUB_MAX_UTF8_PER_LATIN1, &sz) || -+ grub_add (sz, 1, &sz)) -+ return GRUB_ERR_OUT_OF_RANGE; -+ -+ *label = grub_malloc (sz); - if (*label) - *grub_latin1_to_utf8 ((grub_uint8_t *) *label, - (const grub_uint8_t *) data->label, -Index: grub-2.04/grub-core/fs/squash4.c -=================================================================== ---- grub-2.04.orig/grub-core/fs/squash4.c -+++ grub-2.04/grub-core/fs/squash4.c -@@ -26,6 +26,7 @@ - #include - #include - #include -+#include - #include - - #include "xz.h" -@@ -459,7 +460,17 @@ grub_squash_read_symlink (grub_fshelp_no - { - char *ret; - grub_err_t err; -- ret = grub_malloc (grub_le_to_cpu32 (node->ino.symlink.namelen) + 1); -+ grub_size_t sz; -+ -+ if (grub_add (grub_le_to_cpu32 (node->ino.symlink.namelen), 1, &sz)) -+ { -+ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); -+ return NULL; -+ } -+ -+ ret = grub_malloc (sz); -+ if (!ret) -+ return NULL; - - err = read_chunk (node->data, ret, - grub_le_to_cpu32 (node->ino.symlink.namelen), -@@ -506,11 +517,16 @@ grub_squash_iterate_dir (grub_fshelp_nod - - { - grub_fshelp_node_t node; -- node = grub_malloc (sizeof (*node) + dir->stsize * sizeof (dir->stack[0])); -+ grub_size_t sz; -+ -+ if (grub_mul (dir->stsize, sizeof (dir->stack[0]), &sz) || -+ grub_add (sz, sizeof (*node), &sz)) -+ return 0; -+ -+ node = grub_malloc (sz); - if (!node) - return 0; -- grub_memcpy (node, dir, -- sizeof (*node) + dir->stsize * sizeof (dir->stack[0])); -+ grub_memcpy (node, dir, sz); - if (hook (".", GRUB_FSHELP_DIR, node, hook_data)) - return 1; - -@@ -518,12 +534,15 @@ grub_squash_iterate_dir (grub_fshelp_nod - { - grub_err_t err; - -- node = grub_malloc (sizeof (*node) + dir->stsize * sizeof (dir->stack[0])); -+ if (grub_mul (dir->stsize, sizeof (dir->stack[0]), &sz) || -+ grub_add (sz, sizeof (*node), &sz)) -+ return 0; -+ -+ node = grub_malloc (sz); - if (!node) - return 0; - -- grub_memcpy (node, dir, -- sizeof (*node) + dir->stsize * sizeof (dir->stack[0])); -+ grub_memcpy (node, dir, sz); - - node->stsize--; - err = read_chunk (dir->data, &node->ino, sizeof (node->ino), -@@ -557,6 +576,7 @@ grub_squash_iterate_dir (grub_fshelp_nod - enum grub_fshelp_filetype filetype = GRUB_FSHELP_REG; - struct grub_squash_dirent di; - struct grub_squash_inode ino; -+ grub_size_t sz; - - err = read_chunk (dir->data, &di, sizeof (di), - grub_le_to_cpu64 (dir->data->sb.diroffset) -@@ -589,13 +609,16 @@ grub_squash_iterate_dir (grub_fshelp_nod - if (grub_le_to_cpu16 (di.type) == SQUASH_TYPE_SYMLINK) - filetype = GRUB_FSHELP_SYMLINK; - -- node = grub_malloc (sizeof (*node) -- + (dir->stsize + 1) * sizeof (dir->stack[0])); -+ if (grub_add (dir->stsize, 1, &sz) || -+ grub_mul (sz, sizeof (dir->stack[0]), &sz) || -+ grub_add (sz, sizeof (*node), &sz)) -+ return 0; -+ -+ node = grub_malloc (sz); - if (! node) - return 0; - -- grub_memcpy (node, dir, -- sizeof (*node) + dir->stsize * sizeof (dir->stack[0])); -+ grub_memcpy (node, dir, sz - sizeof(dir->stack[0])); - - node->ino = ino; - node->stack[node->stsize].ino_chunk = grub_le_to_cpu32 (dh.ino_chunk); -Index: grub-2.04/grub-core/fs/udf.c -=================================================================== ---- grub-2.04.orig/grub-core/fs/udf.c -+++ grub-2.04/grub-core/fs/udf.c -@@ -28,6 +28,7 @@ - #include - #include - #include -+#include - - GRUB_MOD_LICENSE ("GPLv3+"); - -@@ -890,9 +891,19 @@ read_string (const grub_uint8_t *raw, gr - utf16[i] = (raw[2 * i + 1] << 8) | raw[2*i + 2]; - } - if (!outbuf) -- outbuf = grub_malloc (utf16len * GRUB_MAX_UTF8_PER_UTF16 + 1); -+ { -+ grub_size_t size; -+ -+ if (grub_mul (utf16len, GRUB_MAX_UTF8_PER_UTF16, &size) || -+ grub_add (size, 1, &size)) -+ goto fail; -+ -+ outbuf = grub_malloc (size); -+ } - if (outbuf) - *grub_utf16_to_utf8 ((grub_uint8_t *) outbuf, utf16, utf16len) = '\0'; -+ -+ fail: - grub_free (utf16); - return outbuf; - } -@@ -1005,7 +1016,7 @@ grub_udf_read_symlink (grub_fshelp_node_ - grub_size_t sz = U64 (node->block.fe.file_size); - grub_uint8_t *raw; - const grub_uint8_t *ptr; -- char *out, *optr; -+ char *out = NULL, *optr; - - if (sz < 4) - return NULL; -@@ -1013,14 +1024,16 @@ grub_udf_read_symlink (grub_fshelp_node_ - if (!raw) - return NULL; - if (grub_udf_read_file (node, NULL, NULL, 0, sz, (char *) raw) < 0) -- { -- grub_free (raw); -- return NULL; -- } -+ goto fail_1; - -- out = grub_malloc (sz * 2 + 1); -+ if (grub_mul (sz, 2, &sz) || -+ grub_add (sz, 1, &sz)) -+ goto fail_0; -+ -+ out = grub_malloc (sz); - if (!out) - { -+ fail_0: - grub_free (raw); - return NULL; - } -@@ -1031,17 +1044,17 @@ grub_udf_read_symlink (grub_fshelp_node_ - { - grub_size_t s; - if ((grub_size_t) (ptr - raw + 4) > sz) -- goto fail; -+ goto fail_1; - if (!(ptr[2] == 0 && ptr[3] == 0)) -- goto fail; -+ goto fail_1; - s = 4 + ptr[1]; - if ((grub_size_t) (ptr - raw + s) > sz) -- goto fail; -+ goto fail_1; - switch (*ptr) - { - case 1: - if (ptr[1]) -- goto fail; -+ goto fail_1; - /* Fallthrough. */ - case 2: - /* in 4 bytes. out: 1 byte. */ -@@ -1066,11 +1079,11 @@ grub_udf_read_symlink (grub_fshelp_node_ - if (optr != out) - *optr++ = '/'; - if (!read_string (ptr + 4, s - 4, optr)) -- goto fail; -+ goto fail_1; - optr += grub_strlen (optr); - break; - default: -- goto fail; -+ goto fail_1; - } - ptr += s; - } -@@ -1078,7 +1091,7 @@ grub_udf_read_symlink (grub_fshelp_node_ - grub_free (raw); - return out; - -- fail: -+ fail_1: - grub_free (raw); - grub_free (out); - grub_error (GRUB_ERR_BAD_FS, "invalid symlink"); -Index: grub-2.04/grub-core/fs/xfs.c -=================================================================== ---- grub-2.04.orig/grub-core/fs/xfs.c -+++ grub-2.04/grub-core/fs/xfs.c -@@ -25,6 +25,7 @@ - #include - #include - #include -+#include - - GRUB_MOD_LICENSE ("GPLv3+"); - -@@ -899,6 +900,7 @@ static struct grub_xfs_data * - grub_xfs_mount (grub_disk_t disk) - { - struct grub_xfs_data *data = 0; -+ grub_size_t sz; - - data = grub_zalloc (sizeof (struct grub_xfs_data)); - if (!data) -@@ -913,10 +915,11 @@ grub_xfs_mount (grub_disk_t disk) - if (!grub_xfs_sb_valid(data)) - goto fail; - -- data = grub_realloc (data, -- sizeof (struct grub_xfs_data) -- - sizeof (struct grub_xfs_inode) -- + grub_xfs_inode_size(data) + 1); -+ if (grub_add (grub_xfs_inode_size (data), -+ sizeof (struct grub_xfs_data) - sizeof (struct grub_xfs_inode) + 1, &sz)) -+ goto fail; -+ -+ data = grub_realloc (data, sz); - - if (! data) - goto fail; -Index: grub-2.04/grub-core/fs/zfs/zfs.c -=================================================================== ---- grub-2.04.orig/grub-core/fs/zfs/zfs.c -+++ grub-2.04/grub-core/fs/zfs/zfs.c -@@ -55,6 +55,7 @@ - #include - #include - #include -+#include - - GRUB_MOD_LICENSE ("GPLv3+"); - -@@ -776,11 +777,14 @@ fill_vdev_info (struct grub_zfs_data *da - if (data->n_devices_attached > data->n_devices_allocated) - { - void *tmp; -- data->n_devices_allocated = 2 * data->n_devices_attached + 1; -- data->devices_attached -- = grub_realloc (tmp = data->devices_attached, -- data->n_devices_allocated -- * sizeof (data->devices_attached[0])); -+ grub_size_t sz; -+ -+ if (grub_mul (data->n_devices_attached, 2, &data->n_devices_allocated) || -+ grub_add (data->n_devices_allocated, 1, &data->n_devices_allocated) || -+ grub_mul (data->n_devices_allocated, sizeof (data->devices_attached[0]), &sz)) -+ return GRUB_ERR_OUT_OF_RANGE; -+ -+ data->devices_attached = grub_realloc (tmp = data->devices_attached, sz); - if (!data->devices_attached) - { - data->devices_attached = tmp; -@@ -3471,14 +3475,18 @@ grub_zfs_nvlist_lookup_nvlist (const cha - { - char *nvpair; - char *ret; -- grub_size_t size; -+ grub_size_t size, sz; - int found; - - found = nvlist_find_value (nvlist, name, DATA_TYPE_NVLIST, &nvpair, - &size, 0); - if (!found) - return 0; -- ret = grub_zalloc (size + 3 * sizeof (grub_uint32_t)); -+ -+ if (grub_add (size, 3 * sizeof (grub_uint32_t), &sz)) -+ return 0; -+ -+ ret = grub_zalloc (sz); - if (!ret) - return 0; - grub_memcpy (ret, nvlist, sizeof (grub_uint32_t)); -Index: grub-2.04/grub-core/fs/zfs/zfscrypt.c -=================================================================== ---- grub-2.04.orig/grub-core/fs/zfs/zfscrypt.c -+++ grub-2.04/grub-core/fs/zfs/zfscrypt.c -@@ -22,6 +22,7 @@ - #include - #include - #include -+#include - #include - #include - #include -@@ -82,9 +83,13 @@ grub_zfs_add_key (grub_uint8_t *key_in, - int passphrase) - { - struct grub_zfs_wrap_key *key; -+ grub_size_t sz; -+ - if (!passphrase && keylen > 32) - keylen = 32; -- key = grub_malloc (sizeof (*key) + keylen); -+ if (grub_add (sizeof (*key), keylen, &sz)) -+ return GRUB_ERR_OUT_OF_RANGE; -+ key = grub_malloc (sz); - if (!key) - return grub_errno; - key->is_passphrase = passphrase; -Index: grub-2.04/grub-core/lib/arg.c -=================================================================== ---- grub-2.04.orig/grub-core/lib/arg.c -+++ grub-2.04/grub-core/lib/arg.c -@@ -23,6 +23,7 @@ - #include - #include - #include -+#include - - /* Built-in parser for default options. */ - static const struct grub_arg_option help_options[] = -@@ -216,7 +217,13 @@ static inline grub_err_t - add_arg (char ***argl, int *num, char *s) - { - char **p = *argl; -- *argl = grub_realloc (*argl, (++(*num) + 1) * sizeof (char *)); -+ grub_size_t sz; -+ -+ if (grub_add (++(*num), 1, &sz) || -+ grub_mul (sz, sizeof (char *), &sz)) -+ return grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); -+ -+ *argl = grub_realloc (*argl, sz); - if (! *argl) - { - grub_free (p); -@@ -431,6 +438,7 @@ grub_arg_list_alloc(grub_extcmd_t extcmd - grub_size_t argcnt; - struct grub_arg_list *list; - const struct grub_arg_option *options; -+ grub_size_t sz0, sz1; - - options = extcmd->options; - if (! options) -@@ -443,7 +451,15 @@ grub_arg_list_alloc(grub_extcmd_t extcmd - argcnt += ((grub_size_t) argc + 1) / 2 + 1; /* max possible for any option */ - } - -- list = grub_zalloc (sizeof (*list) * i + sizeof (char*) * argcnt); -+ if (grub_mul (sizeof (*list), i, &sz0) || -+ grub_mul (sizeof (char *), argcnt, &sz1) || -+ grub_add (sz0, sz1, &sz0)) -+ { -+ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); -+ return 0; -+ } -+ -+ list = grub_zalloc (sz0); - if (! list) - return 0; - -Index: grub-2.04/grub-core/loader/i386/bsd.c -=================================================================== ---- grub-2.04.orig/grub-core/loader/i386/bsd.c -+++ grub-2.04/grub-core/loader/i386/bsd.c -@@ -35,6 +35,7 @@ - #include - #include - #include -+#include - #include - #ifdef GRUB_MACHINE_PCBIOS - #include -@@ -1012,11 +1013,16 @@ grub_netbsd_add_modules (void) - struct grub_netbsd_btinfo_modules *mods; - unsigned i; - grub_err_t err; -+ grub_size_t sz; - - for (mod = netbsd_mods; mod; mod = mod->next) - modcnt++; - -- mods = grub_malloc (sizeof (*mods) + sizeof (mods->mods[0]) * modcnt); -+ if (grub_mul (modcnt, sizeof (mods->mods[0]), &sz) || -+ grub_add (sz, sizeof (*mods), &sz)) -+ return GRUB_ERR_OUT_OF_RANGE; -+ -+ mods = grub_malloc (sz); - if (!mods) - return grub_errno; - -Index: grub-2.04/grub-core/net/dns.c -=================================================================== ---- grub-2.04.orig/grub-core/net/dns.c -+++ grub-2.04/grub-core/net/dns.c -@@ -22,6 +22,7 @@ - #include - #include - #include -+#include - - struct dns_cache_element - { -@@ -51,9 +52,15 @@ grub_net_add_dns_server (const struct gr - { - int na = dns_servers_alloc * 2; - struct grub_net_network_level_address *ns; -+ grub_size_t sz; -+ - if (na < 8) - na = 8; -- ns = grub_realloc (dns_servers, na * sizeof (ns[0])); -+ -+ if (grub_mul (na, sizeof (ns[0]), &sz)) -+ return GRUB_ERR_OUT_OF_RANGE; -+ -+ ns = grub_realloc (dns_servers, sz); - if (!ns) - return grub_errno; - dns_servers_alloc = na; -Index: grub-2.04/grub-core/normal/charset.c -=================================================================== ---- grub-2.04.orig/grub-core/normal/charset.c -+++ grub-2.04/grub-core/normal/charset.c -@@ -48,6 +48,7 @@ - #include - #include - #include -+#include - - #if HAVE_FONT_SOURCE - #include "widthspec.h" -@@ -464,6 +465,7 @@ grub_unicode_aglomerate_comb (const grub - { - struct grub_unicode_combining *n; - unsigned j; -+ grub_size_t sz; - - if (!haveout) - continue; -@@ -477,10 +479,14 @@ grub_unicode_aglomerate_comb (const grub - n = out->combining_inline; - else if (out->ncomb > (int) ARRAY_SIZE (out->combining_inline)) - { -- n = grub_realloc (out->combining_ptr, -- sizeof (n[0]) * (out->ncomb + 1)); -+ if (grub_add (out->ncomb, 1, &sz) || -+ grub_mul (sz, sizeof (n[0]), &sz)) -+ goto fail; -+ -+ n = grub_realloc (out->combining_ptr, sz); - if (!n) - { -+ fail: - grub_errno = GRUB_ERR_NONE; - continue; - } -Index: grub-2.04/grub-core/normal/cmdline.c -=================================================================== ---- grub-2.04.orig/grub-core/normal/cmdline.c -+++ grub-2.04/grub-core/normal/cmdline.c -@@ -28,6 +28,7 @@ - #include - #include - #include -+#include - - static grub_uint32_t *kill_buf; - -@@ -307,12 +308,21 @@ cl_insert (struct cmdline_term *cl_terms - if (len + (*llen) >= (*max_len)) - { - grub_uint32_t *nbuf; -- (*max_len) *= 2; -- nbuf = grub_realloc ((*buf), sizeof (grub_uint32_t) * (*max_len)); -+ grub_size_t sz; -+ -+ if (grub_mul (*max_len, 2, max_len) || -+ grub_mul (*max_len, sizeof (grub_uint32_t), &sz)) -+ { -+ grub_errno = GRUB_ERR_OUT_OF_RANGE; -+ goto fail; -+ } -+ -+ nbuf = grub_realloc ((*buf), sz); - if (nbuf) - (*buf) = nbuf; - else - { -+ fail: - grub_print_error (); - grub_errno = GRUB_ERR_NONE; - (*max_len) /= 2; -Index: grub-2.04/grub-core/normal/menu_entry.c -=================================================================== ---- grub-2.04.orig/grub-core/normal/menu_entry.c -+++ grub-2.04/grub-core/normal/menu_entry.c -@@ -27,6 +27,7 @@ - #include - #include - #include -+#include - - enum update_mode - { -@@ -113,10 +114,18 @@ ensure_space (struct line *linep, int ex - { - if (linep->max_len < linep->len + extra) - { -- linep->max_len = 2 * (linep->len + extra); -- linep->buf = grub_realloc (linep->buf, (linep->max_len + 1) * sizeof (linep->buf[0])); -+ grub_size_t sz0, sz1; -+ -+ if (grub_add (linep->len, extra, &sz0) || -+ grub_mul (sz0, 2, &sz0) || -+ grub_add (sz0, 1, &sz1) || -+ grub_mul (sz1, sizeof (linep->buf[0]), &sz1)) -+ return 0; -+ -+ linep->buf = grub_realloc (linep->buf, sz1); - if (! linep->buf) - return 0; -+ linep->max_len = sz0; - } - - return 1; -Index: grub-2.04/grub-core/script/argv.c -=================================================================== ---- grub-2.04.orig/grub-core/script/argv.c -+++ grub-2.04/grub-core/script/argv.c -@@ -20,6 +20,7 @@ - #include - #include - #include -+#include - - /* Return nearest power of two that is >= v. */ - static unsigned -@@ -81,11 +82,16 @@ int - grub_script_argv_next (struct grub_script_argv *argv) - { - char **p = argv->args; -+ grub_size_t sz; - - if (argv->args && argv->argc && argv->args[argv->argc - 1] == 0) - return 0; - -- p = grub_realloc (p, round_up_exp ((argv->argc + 2) * sizeof (char *))); -+ if (grub_add (argv->argc, 2, &sz) || -+ grub_mul (sz, sizeof (char *), &sz)) -+ return 1; -+ -+ p = grub_realloc (p, round_up_exp (sz)); - if (! p) - return 1; - -@@ -105,13 +111,19 @@ grub_script_argv_append (struct grub_scr - { - grub_size_t a; - char *p = argv->args[argv->argc - 1]; -+ grub_size_t sz; - - if (! s) - return 0; - - a = p ? grub_strlen (p) : 0; - -- p = grub_realloc (p, round_up_exp ((a + slen + 1) * sizeof (char))); -+ if (grub_add (a, slen, &sz) || -+ grub_add (sz, 1, &sz) || -+ grub_mul (sz, sizeof (char), &sz)) -+ return 1; -+ -+ p = grub_realloc (p, round_up_exp (sz)); - if (! p) - return 1; - -Index: grub-2.04/grub-core/script/lexer.c -=================================================================== ---- grub-2.04.orig/grub-core/script/lexer.c -+++ grub-2.04/grub-core/script/lexer.c -@@ -24,6 +24,7 @@ - #include - #include - #include -+#include - - #define yytext_ptr char * - #include "grub_script.tab.h" -@@ -110,10 +111,14 @@ grub_script_lexer_record (struct grub_pa - old = lexer->recording; - if (lexer->recordlen < len) - lexer->recordlen = len; -- lexer->recordlen *= 2; -+ -+ if (grub_mul (lexer->recordlen, 2, &lexer->recordlen)) -+ goto fail; -+ - lexer->recording = grub_realloc (lexer->recording, lexer->recordlen); - if (!lexer->recording) - { -+ fail: - grub_free (old); - lexer->recordpos = 0; - lexer->recordlen = 0; -@@ -130,7 +135,7 @@ int - grub_script_lexer_yywrap (struct grub_parser_param *parserstate, - const char *input) - { -- grub_size_t len = 0; -+ grub_size_t len = 0, sz; - char *p = 0; - char *line = 0; - YY_BUFFER_STATE buffer; -@@ -168,12 +173,22 @@ grub_script_lexer_yywrap (struct grub_pa - } - else if (len && line[len - 1] != '\n') - { -- p = grub_realloc (line, len + 2); -+ if (grub_add (len, 2, &sz)) -+ { -+ grub_free (line); -+ grub_script_yyerror (parserstate, N_("overflow is detected")); -+ return 1; -+ } -+ -+ p = grub_realloc (line, sz); - if (p) - { - p[len++] = '\n'; - p[len] = '\0'; - } -+ else -+ grub_free (line); -+ - line = p; - } - -Index: grub-2.04/grub-core/video/bitmap.c -=================================================================== ---- grub-2.04.orig/grub-core/video/bitmap.c -+++ grub-2.04/grub-core/video/bitmap.c -@@ -23,6 +23,7 @@ - #include - #include - #include -+#include - - GRUB_MOD_LICENSE ("GPLv3+"); - -@@ -58,7 +59,7 @@ grub_video_bitmap_create (struct grub_vi - enum grub_video_blit_format blit_format) - { - struct grub_video_mode_info *mode_info; -- unsigned int size; -+ grub_size_t size; - - if (!bitmap) - return grub_error (GRUB_ERR_BUG, "invalid argument"); -@@ -137,19 +138,25 @@ grub_video_bitmap_create (struct grub_vi - - mode_info->pitch = width * mode_info->bytes_per_pixel; - -- /* Calculate size needed for the data. */ -- size = (width * mode_info->bytes_per_pixel) * height; -+ /* Calculate size needed for the data. */ -+ if (grub_mul (width, mode_info->bytes_per_pixel, &size) || -+ grub_mul (size, height, &size)) -+ { -+ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); -+ goto fail; -+ } - - (*bitmap)->data = grub_zalloc (size); - if (! (*bitmap)->data) -- { -- grub_free (*bitmap); -- *bitmap = 0; -- -- return grub_errno; -- } -+ goto fail; - - return GRUB_ERR_NONE; -+ -+ fail: -+ grub_free (*bitmap); -+ *bitmap = NULL; -+ -+ return grub_errno; - } - - /* Frees all resources allocated by bitmap. */ -Index: grub-2.04/grub-core/video/readers/png.c -=================================================================== ---- grub-2.04.orig/grub-core/video/readers/png.c -+++ grub-2.04/grub-core/video/readers/png.c -@@ -23,6 +23,7 @@ - #include - #include - #include -+#include - - GRUB_MOD_LICENSE ("GPLv3+"); - -@@ -301,9 +302,17 @@ grub_png_decode_image_header (struct gru - data->bpp <<= 1; - - data->color_bits = color_bits; -- data->row_bytes = data->image_width * data->bpp; -+ -+ if (grub_mul (data->image_width, data->bpp, &data->row_bytes)) -+ return grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); -+ - if (data->color_bits <= 4) -- data->row_bytes = (data->image_width * data->color_bits + 7) / 8; -+ { -+ if (grub_mul (data->image_width, data->color_bits + 7, &data->row_bytes)) -+ return grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); -+ -+ data->row_bytes >>= 3; -+ } - - #ifndef GRUB_CPU_WORDS_BIGENDIAN - if (data->is_16bit || data->is_gray || data->is_palette) diff --git a/0006-bootp-Add-processing-DHCPACK-packet-from-HTTP-Boot.patch b/0006-bootp-Add-processing-DHCPACK-packet-from-HTTP-Boot.patch index a252ba4..306205e 100644 --- a/0006-bootp-Add-processing-DHCPACK-packet-from-HTTP-Boot.patch +++ b/0006-bootp-Add-processing-DHCPACK-packet-from-HTTP-Boot.patch @@ -21,11 +21,11 @@ Signed-off-by: Ken Lin include/grub/net.h | 1 + 2 files changed, 66 insertions(+), 2 deletions(-) -Index: grub-2.04~rc1/grub-core/net/bootp.c +Index: grub-2.06~rc1/grub-core/net/bootp.c =================================================================== ---- grub-2.04~rc1.orig/grub-core/net/bootp.c -+++ grub-2.04~rc1/grub-core/net/bootp.c -@@ -340,6 +340,53 @@ grub_net_configure_by_dhcp_ack (const ch +--- grub-2.06~rc1.orig/grub-core/net/bootp.c ++++ grub-2.06~rc1/grub-core/net/bootp.c +@@ -351,6 +351,53 @@ grub_net_configure_by_dhcp_ack (const ch if (!inter) return 0; @@ -79,7 +79,7 @@ Index: grub-2.04~rc1/grub-core/net/bootp.c opt = find_dhcp_option (bp, size, GRUB_NET_DHCP_OVERLOAD, &opt_len); if (opt && opt_len == 1) overload = *opt; -@@ -416,6 +463,8 @@ grub_net_configure_by_dhcp_ack (const ch +@@ -427,6 +474,8 @@ grub_net_configure_by_dhcp_ack (const ch } } @@ -88,15 +88,15 @@ Index: grub-2.04~rc1/grub-core/net/bootp.c if (boot_file) { grub_env_set_net_property (name, "boot_file", boot_file, boot_file_len); -Index: grub-2.04~rc1/include/grub/net.h +Index: grub-2.06~rc1/include/grub/net.h =================================================================== ---- grub-2.04~rc1.orig/include/grub/net.h -+++ grub-2.04~rc1/include/grub/net.h -@@ -523,6 +523,7 @@ enum - GRUB_NET_BOOTP_DOMAIN = 0x0f, - GRUB_NET_BOOTP_ROOT_PATH = 0x11, - GRUB_NET_BOOTP_EXTENSIONS_PATH = 0x12, -+ GRUB_NET_BOOTP_VENDOR_CLASS_IDENTIFIER = 0x3C, - GRUB_NET_DHCP_REQUESTED_IP_ADDRESS = 50, - GRUB_NET_DHCP_OVERLOAD = 52, +--- grub-2.06~rc1.orig/include/grub/net.h ++++ grub-2.06~rc1/include/grub/net.h +@@ -528,6 +528,7 @@ enum GRUB_NET_DHCP_MESSAGE_TYPE = 53, + GRUB_NET_DHCP_SERVER_IDENTIFIER = 54, + GRUB_NET_DHCP_PARAMETER_REQUEST_LIST = 55, ++ GRUB_NET_BOOTP_VENDOR_CLASS_IDENTIFIER = 60, + GRUB_NET_BOOTP_CLIENT_ID = 61, + GRUB_NET_DHCP_TFTP_SERVER_NAME = 66, + GRUB_NET_DHCP_BOOTFILE_NAME = 67, diff --git a/0006-efi-Only-register-shim_lock-verifier-if-shim_lock-pr.patch b/0006-efi-Only-register-shim_lock-verifier-if-shim_lock-pr.patch deleted file mode 100644 index f9f8663..0000000 --- a/0006-efi-Only-register-shim_lock-verifier-if-shim_lock-pr.patch +++ /dev/null @@ -1,90 +0,0 @@ -From a0659724e8fb6ddc9b6db68973e50637cf781605 Mon Sep 17 00:00:00 2001 -From: Javier Martinez Canillas -Date: Thu, 3 Dec 2020 16:01:49 +0100 -Subject: [PATCH 06/46] efi: Only register shim_lock verifier if shim_lock - protocol is found and SB enabled - -The shim_lock module registers a verifier to call shim's verify, but the -handler is registered even when the shim_lock protocol was not installed. - -This doesn't cause a NULL pointer dereference in shim_lock_write() because -the shim_lock_init() function just returns GRUB_ERR_NONE if sl isn't set. - -But in that case there's no point to even register the shim_lock verifier -since won't do anything. Additionally, it is only useful when Secure Boot -is enabled. - -Finally, don't assume that the shim_lock protocol will always be present -when the shim_lock_write() function is called, and check for it on every -call to this function. - -Reported-by: Michael Chang -Reported-by: Peter Jones -Signed-off-by: Javier Martinez Canillas -Reviewed-by: Daniel Kiper ---- - grub-core/commands/efi/shim_lock.c | 17 ++++++++++------- - 1 file changed, 10 insertions(+), 7 deletions(-) - -diff --git a/grub-core/commands/efi/shim_lock.c b/grub-core/commands/efi/shim_lock.c -index d8f52d721..f7f3109d6 100644 ---- a/grub-core/commands/efi/shim_lock.c -+++ b/grub-core/commands/efi/shim_lock.c -@@ -20,6 +20,7 @@ - - #include - #include -+#include - #include - #include - #include -@@ -28,7 +29,6 @@ - GRUB_MOD_LICENSE ("GPLv3+"); - - static grub_efi_guid_t shim_lock_guid = GRUB_EFI_SHIM_LOCK_GUID; --static grub_efi_shim_lock_protocol_t *sl; - - /* List of modules which cannot be loaded if UEFI secure boot mode is enabled. */ - static const char * const disabled_mods[] = {"iorw", "memrw", "wrmsr", NULL}; -@@ -43,9 +43,6 @@ shim_lock_init (grub_file_t io, enum grub_file_type type, - - *flags = GRUB_VERIFY_FLAGS_SKIP_VERIFICATION; - -- if (!sl) -- return GRUB_ERR_NONE; -- - switch (type & GRUB_FILE_TYPE_MASK) - { - case GRUB_FILE_TYPE_GRUB_MODULE: -@@ -100,6 +97,11 @@ shim_lock_init (grub_file_t io, enum grub_file_type type, - static grub_err_t - shim_lock_write (void *context __attribute__ ((unused)), void *buf, grub_size_t size) - { -+ grub_efi_shim_lock_protocol_t *sl = grub_efi_locate_protocol (&shim_lock_guid, 0); -+ -+ if (sl == NULL) -+ return grub_error (GRUB_ERR_ACCESS_DENIED, N_("shim_lock protocol not found")); -+ - if (sl->verify (buf, size) != GRUB_EFI_SUCCESS) - return grub_error (GRUB_ERR_BAD_SIGNATURE, N_("bad shim signature")); - -@@ -115,12 +117,13 @@ struct grub_file_verifier shim_lock = - - GRUB_MOD_INIT(shim_lock) - { -- sl = grub_efi_locate_protocol (&shim_lock_guid, 0); -- grub_verifier_register (&shim_lock); -+ grub_efi_shim_lock_protocol_t *sl = grub_efi_locate_protocol (&shim_lock_guid, 0); - -- if (!sl) -+ if (sl == NULL || grub_efi_get_secureboot () != GRUB_EFI_SECUREBOOT_MODE_ENABLED) - return; - -+ grub_verifier_register (&shim_lock); -+ - grub_dl_set_persistent (mod); - } - --- -2.26.2 - diff --git a/0006-efi-Set-image-base-address-before-jumping-to-the-PE-.patch b/0006-efi-Set-image-base-address-before-jumping-to-the-PE-.patch index f645df5..bfc7c3e 100644 --- a/0006-efi-Set-image-base-address-before-jumping-to-the-PE-.patch +++ b/0006-efi-Set-image-base-address-before-jumping-to-the-PE-.patch @@ -28,11 +28,11 @@ Signed-off-by: Javier Martinez Canillas grub-core/loader/arm64/efi/linux.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) -diff --git a/grub-core/loader/arm64/efi/linux.c b/grub-core/loader/arm64/efi/linux.c -index 83d09b7e5..a4041be5c 100644 ---- a/grub-core/loader/arm64/efi/linux.c -+++ b/grub-core/loader/arm64/efi/linux.c -@@ -84,8 +84,20 @@ static grub_err_t +Index: grub-2.06~rc1/grub-core/loader/arm64/efi/linux.c +=================================================================== +--- grub-2.06~rc1.orig/grub-core/loader/arm64/efi/linux.c ++++ grub-2.06~rc1/grub-core/loader/arm64/efi/linux.c +@@ -58,9 +58,24 @@ static grub_err_t grub_efi_linux_boot (void *kernel_address, grub_off_t offset, void *kernel_params) { @@ -50,9 +50,10 @@ index 83d09b7e5..a4041be5c 100644 + else + grub_dprintf ("linux", "Loaded Image base address could not be set\n"); + - grub_dprintf ("linux", "kernel_addr: %p handover_offset: %p params: %p\n", - kernel_address, (void *)(grub_efi_uintn_t)offset, kernel_params); ++ grub_dprintf ("linux", "kernel_addr: %p handover_offset: %p params: %p\n", ++ kernel_address, (void *)(grub_efi_uintn_t)offset, kernel_params); hf = (handover_func)((char *)kernel_address + offset); --- -2.26.2 - ++ grub_dprintf ("linux", "handover_func() = %p\n", hf); + hf (grub_efi_image_handle, grub_efi_system_table, kernel_params); + + return GRUB_ERR_BUG; diff --git a/0006-iso9660-Don-t-leak-memory-on-realloc-failures.patch b/0006-iso9660-Don-t-leak-memory-on-realloc-failures.patch deleted file mode 100644 index dc1f5e4..0000000 --- a/0006-iso9660-Don-t-leak-memory-on-realloc-failures.patch +++ /dev/null @@ -1,67 +0,0 @@ -From 30508bd4692d2e022eff2e7f9c4be9f8abf57977 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Sat, 4 Jul 2020 12:25:09 -0400 -Subject: [PATCH 6/7] iso9660: Don't leak memory on realloc() failures - -Signed-off-by: Peter Jones -Reviewed-by: Daniel Kiper ---- - grub-core/fs/iso9660.c | 24 ++++++++++++++++++++---- - 1 file changed, 20 insertions(+), 4 deletions(-) - -diff --git a/grub-core/fs/iso9660.c b/grub-core/fs/iso9660.c -index 7ba5b300b..5ec4433b8 100644 ---- a/grub-core/fs/iso9660.c -+++ b/grub-core/fs/iso9660.c -@@ -533,14 +533,20 @@ add_part (struct iterate_dir_ctx *ctx, - { - int size = ctx->symlink ? grub_strlen (ctx->symlink) : 0; - grub_size_t sz; -+ char *new; - - if (grub_add (size, len2, &sz) || - grub_add (sz, 1, &sz)) - return; - -- ctx->symlink = grub_realloc (ctx->symlink, sz); -- if (! ctx->symlink) -- return; -+ new = grub_realloc (ctx->symlink, sz); -+ if (!new) -+ { -+ grub_free (ctx->symlink); -+ ctx->symlink = NULL; -+ return; -+ } -+ ctx->symlink = new; - - grub_memcpy (ctx->symlink + size, part, len2); - ctx->symlink[size + len2] = 0; -@@ -634,7 +640,12 @@ susp_iterate_dir (struct grub_iso9660_susp_entry *entry, - is the length. Both are part of the `Component - Record'. */ - if (ctx->symlink && !ctx->was_continue) -- add_part (ctx, "/", 1); -+ { -+ add_part (ctx, "/", 1); -+ if (grub_errno) -+ return grub_errno; -+ } -+ - add_part (ctx, (char *) &entry->data[pos + 2], - entry->data[pos + 1]); - ctx->was_continue = (entry->data[pos] & 1); -@@ -653,6 +664,11 @@ susp_iterate_dir (struct grub_iso9660_susp_entry *entry, - add_part (ctx, "/", 1); - break; - } -+ -+ /* Check if grub_realloc() failed in add_part(). */ -+ if (grub_errno) -+ return grub_errno; -+ - /* In pos + 1 the length of the `Component Record' is - stored. */ - pos += entry->data[pos + 1] + 2; --- -2.27.0 diff --git a/0007-font-Do-not-load-more-than-one-NAME-section.patch b/0007-font-Do-not-load-more-than-one-NAME-section.patch deleted file mode 100644 index 34bc2b5..0000000 --- a/0007-font-Do-not-load-more-than-one-NAME-section.patch +++ /dev/null @@ -1,35 +0,0 @@ -From e2b5230126b340e1d88a079cd6a5c22dd4c00682 Mon Sep 17 00:00:00 2001 -From: Daniel Kiper -Date: Tue, 7 Jul 2020 15:36:26 +0200 -Subject: [PATCH 7/7] font: Do not load more than one NAME section - -The GRUB font file can have one NAME section only. Though if somebody -crafts a broken font file with many NAME sections and loads it then the -GRUB leaks memory. So, prevent against that by loading first NAME -section and failing in controlled way on following one. - -Reported-by: Chris Coulson -Signed-off-by: Daniel Kiper ---- - grub-core/font/font.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/grub-core/font/font.c b/grub-core/font/font.c -index 5edb477ac..d09bb38d8 100644 ---- a/grub-core/font/font.c -+++ b/grub-core/font/font.c -@@ -532,6 +532,12 @@ grub_font_load (const char *filename) - if (grub_memcmp (section.name, FONT_FORMAT_SECTION_NAMES_FONT_NAME, - sizeof (FONT_FORMAT_SECTION_NAMES_FONT_NAME) - 1) == 0) - { -+ if (font->name != NULL) -+ { -+ grub_error (GRUB_ERR_BAD_FONT, "invalid font file: too many NAME sections"); -+ goto fail; -+ } -+ - font->name = read_section_as_string (§ion); - if (!font->name) - goto fail; --- -2.27.0 diff --git a/0007-verifiers-Move-verifiers-API-to-kernel-image.patch b/0007-verifiers-Move-verifiers-API-to-kernel-image.patch deleted file mode 100644 index bad1957..0000000 --- a/0007-verifiers-Move-verifiers-API-to-kernel-image.patch +++ /dev/null @@ -1,129 +0,0 @@ -From ea5950d8597278ba9066f24d7abcee403f825668 Mon Sep 17 00:00:00 2001 -From: Marco A Benatto -Date: Wed, 23 Sep 2020 11:33:33 -0400 -Subject: [PATCH 07/46] verifiers: Move verifiers API to kernel image - -Move verifiers API from a module to the kernel image, so it can be -used there as well. There are no functional changes in this patch. - -Signed-off-by: Marco A Benatto -Signed-off-by: Javier Martinez Canillas -Reviewed-by: Daniel Kiper ---- - grub-core/Makefile.am | 1 + - grub-core/Makefile.core.def | 6 +----- - grub-core/kern/main.c | 4 ++++ - grub-core/{commands => kern}/verifiers.c | 8 ++------ - include/grub/verify.h | 9 ++++++--- - 5 files changed, 14 insertions(+), 14 deletions(-) - rename grub-core/{commands => kern}/verifiers.c (97%) - -diff --git a/grub-core/Makefile.am b/grub-core/Makefile.am -index 5ff3afd62..3569b7101 100644 ---- a/grub-core/Makefile.am -+++ b/grub-core/Makefile.am -@@ -91,6 +91,7 @@ KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/parser.h - KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/partition.h - KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/term.h - KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/time.h -+KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/verify.h - KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/mm_private.h - KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/net.h - KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/memory.h -diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def -index 072b1628c..5cb869f5b 100644 ---- a/grub-core/Makefile.core.def -+++ b/grub-core/Makefile.core.def -@@ -140,6 +140,7 @@ kernel = { - common = kern/rescue_parser.c; - common = kern/rescue_reader.c; - common = kern/term.c; -+ common = kern/verifiers.c; - - noemu = kern/compiler-rt.c; - noemu = kern/mm.c; -@@ -943,11 +944,6 @@ module = { - cppflags = '-I$(srcdir)/lib/posix_wrap'; - }; - --module = { -- name = verifiers; -- common = commands/verifiers.c; --}; -- - module = { - name = shim_lock; - common = commands/efi/shim_lock.c; -diff --git a/grub-core/kern/main.c b/grub-core/kern/main.c -index 9cad0c448..73967e2f5 100644 ---- a/grub-core/kern/main.c -+++ b/grub-core/kern/main.c -@@ -29,6 +29,7 @@ - #include - #include - #include -+#include - - #ifdef GRUB_MACHINE_PCBIOS - #include -@@ -274,6 +275,9 @@ grub_main (void) - grub_printf ("Welcome to GRUB!\n\n"); - grub_setcolorstate (GRUB_TERM_COLOR_STANDARD); - -+ /* Init verifiers API. */ -+ grub_verifiers_init (); -+ - grub_load_config (); - - grub_boot_time ("Before loading embedded modules."); -diff --git a/grub-core/commands/verifiers.c b/grub-core/kern/verifiers.c -similarity index 97% -rename from grub-core/commands/verifiers.c -rename to grub-core/kern/verifiers.c -index 7b9297cd3..3d19bffd1 100644 ---- a/grub-core/commands/verifiers.c -+++ b/grub-core/kern/verifiers.c -@@ -218,12 +218,8 @@ grub_verify_string (char *str, enum grub_verify_string_type type) - return GRUB_ERR_NONE; - } - --GRUB_MOD_INIT(verifiers) -+void -+grub_verifiers_init (void) - { - grub_file_filter_register (GRUB_FILE_FILTER_VERIFY, grub_verifiers_open); - } -- --GRUB_MOD_FINI(verifiers) --{ -- grub_file_filter_unregister (GRUB_FILE_FILTER_VERIFY); --} -diff --git a/include/grub/verify.h b/include/grub/verify.h -index ea0491433..cd129c398 100644 ---- a/include/grub/verify.h -+++ b/include/grub/verify.h -@@ -64,7 +64,10 @@ struct grub_file_verifier - grub_err_t (*verify_string) (char *str, enum grub_verify_string_type type); - }; - --extern struct grub_file_verifier *grub_file_verifiers; -+extern struct grub_file_verifier *EXPORT_VAR (grub_file_verifiers); -+ -+extern void -+grub_verifiers_init (void); - - static inline void - grub_verifier_register (struct grub_file_verifier *ver) -@@ -78,7 +81,7 @@ grub_verifier_unregister (struct grub_file_verifier *ver) - grub_list_remove (GRUB_AS_LIST (ver)); - } - --grub_err_t --grub_verify_string (char *str, enum grub_verify_string_type type); -+extern grub_err_t -+EXPORT_FUNC (grub_verify_string) (char *str, enum grub_verify_string_type type); - - #endif /* ! GRUB_VERIFY_HEADER */ --- -2.26.2 - diff --git a/0008-efi-Move-the-shim_lock-verifier-to-the-GRUB-core.patch b/0008-efi-Move-the-shim_lock-verifier-to-the-GRUB-core.patch deleted file mode 100644 index 7b06143..0000000 --- a/0008-efi-Move-the-shim_lock-verifier-to-the-GRUB-core.patch +++ /dev/null @@ -1,368 +0,0 @@ -From b16919b634129e377431e96bc3252179fed83a40 Mon Sep 17 00:00:00 2001 -From: Marco A Benatto -Date: Wed, 23 Sep 2020 14:21:14 -0400 -Subject: [PATCH 08/46] efi: Move the shim_lock verifier to the GRUB core - -Move the shim_lock verifier from its own module into the core image. The -Secure Boot lockdown mechanism has the intent to prevent the load of any -unsigned code or binary when Secure Boot is enabled. - -The reason is that GRUB must be able to prevent executing untrusted code -if UEFI Secure Boot is enabled, without depending on external modules. - -Signed-off-by: Marco A Benatto -Signed-off-by: Javier Martinez Canillas -Reviewed-by: Daniel Kiper ---- - docs/grub.texi | 9 +- - grub-core/Makefile.core.def | 6 -- - grub-core/commands/efi/shim_lock.c | 133 ----------------------------- - grub-core/kern/efi/init.c | 4 + - grub-core/kern/efi/sb.c | 105 +++++++++++++++++++++++ - include/grub/efi/sb.h | 3 + - 6 files changed, 117 insertions(+), 143 deletions(-) - delete mode 100644 grub-core/commands/efi/shim_lock.c - -diff --git a/docs/grub.texi b/docs/grub.texi -index bd0e02057..d3fbc81db 100644 ---- a/docs/grub.texi -+++ b/docs/grub.texi -@@ -5764,15 +5764,16 @@ secure boot chain. - @section UEFI secure boot and shim support - - The GRUB, except the @command{chainloader} command, works with the UEFI secure --boot and the shim. This functionality is provided by the shim_lock module. It --is recommend to build in this and other required modules into the @file{core.img}. -+boot and the shim. This functionality is provided by the shim_lock verifier. It -+is built into the @file{core.img} and is registered if the UEFI secure boot is -+enabled. -+ - All modules not stored in the @file{core.img} and the ACPI tables for the - @command{acpi} command have to be signed, e.g. using PGP. Additionally, the - @command{iorw}, the @command{memrw} and the @command{wrmsr} commands are - prohibited if the UEFI secure boot is enabled. This is done due to - security reasons. All above mentioned requirements are enforced by the --shim_lock module. And itself it is a persistent module which means that --it cannot be unloaded if it was loaded into the memory. -+shim_lock verifier logic. - - @node Measured Boot - @section Measuring boot components -diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def -index 5cb869f5b..8c8f8c579 100644 ---- a/grub-core/Makefile.core.def -+++ b/grub-core/Makefile.core.def -@@ -944,12 +944,6 @@ module = { - cppflags = '-I$(srcdir)/lib/posix_wrap'; - }; - --module = { -- name = shim_lock; -- common = commands/efi/shim_lock.c; -- enable = x86_64_efi; --}; -- - module = { - name = hdparm; - common = commands/hdparm.c; -diff --git a/grub-core/commands/efi/shim_lock.c b/grub-core/commands/efi/shim_lock.c -deleted file mode 100644 -index f7f3109d6..000000000 ---- a/grub-core/commands/efi/shim_lock.c -+++ /dev/null -@@ -1,133 +0,0 @@ --/* -- * GRUB -- GRand Unified Bootloader -- * Copyright (C) 2017 Free Software Foundation, Inc. -- * -- * GRUB is free software: you can redistribute it and/or modify -- * it under the terms of the GNU General Public License as published by -- * the Free Software Foundation, either version 3 of the License, or -- * (at your option) any later version. -- * -- * GRUB is distributed in the hope that it will be useful, -- * but WITHOUT ANY WARRANTY; without even the implied warranty of -- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -- * GNU General Public License for more details. -- * -- * You should have received a copy of the GNU General Public License -- * along with GRUB. If not, see . -- * -- * EFI shim lock verifier. -- */ -- --#include --#include --#include --#include --#include --#include --#include -- --GRUB_MOD_LICENSE ("GPLv3+"); -- --static grub_efi_guid_t shim_lock_guid = GRUB_EFI_SHIM_LOCK_GUID; -- --/* List of modules which cannot be loaded if UEFI secure boot mode is enabled. */ --static const char * const disabled_mods[] = {"iorw", "memrw", "wrmsr", NULL}; -- --static grub_err_t --shim_lock_init (grub_file_t io, enum grub_file_type type, -- void **context __attribute__ ((unused)), -- enum grub_verify_flags *flags) --{ -- const char *b, *e; -- int i; -- -- *flags = GRUB_VERIFY_FLAGS_SKIP_VERIFICATION; -- -- switch (type & GRUB_FILE_TYPE_MASK) -- { -- case GRUB_FILE_TYPE_GRUB_MODULE: -- /* Establish GRUB module name. */ -- b = grub_strrchr (io->name, '/'); -- e = grub_strrchr (io->name, '.'); -- -- b = b ? (b + 1) : io->name; -- e = e ? e : io->name + grub_strlen (io->name); -- e = (e > b) ? e : io->name + grub_strlen (io->name); -- -- for (i = 0; disabled_mods[i]; i++) -- if (!grub_strncmp (b, disabled_mods[i], grub_strlen (b) - grub_strlen (e))) -- { -- grub_error (GRUB_ERR_ACCESS_DENIED, -- N_("module cannot be loaded in UEFI secure boot mode: %s"), -- io->name); -- return GRUB_ERR_ACCESS_DENIED; -- } -- -- /* Fall through. */ -- -- case GRUB_FILE_TYPE_ACPI_TABLE: -- case GRUB_FILE_TYPE_DEVICE_TREE_IMAGE: -- *flags = GRUB_VERIFY_FLAGS_DEFER_AUTH; -- -- return GRUB_ERR_NONE; -- -- case GRUB_FILE_TYPE_LINUX_KERNEL: -- case GRUB_FILE_TYPE_MULTIBOOT_KERNEL: -- case GRUB_FILE_TYPE_BSD_KERNEL: -- case GRUB_FILE_TYPE_XNU_KERNEL: -- case GRUB_FILE_TYPE_PLAN9_KERNEL: -- for (i = 0; disabled_mods[i]; i++) -- if (grub_dl_get (disabled_mods[i])) -- { -- grub_error (GRUB_ERR_ACCESS_DENIED, -- N_("cannot boot due to dangerous module in memory: %s"), -- disabled_mods[i]); -- return GRUB_ERR_ACCESS_DENIED; -- } -- -- *flags = GRUB_VERIFY_FLAGS_SINGLE_CHUNK; -- -- /* Fall through. */ -- -- default: -- return GRUB_ERR_NONE; -- } --} -- --static grub_err_t --shim_lock_write (void *context __attribute__ ((unused)), void *buf, grub_size_t size) --{ -- grub_efi_shim_lock_protocol_t *sl = grub_efi_locate_protocol (&shim_lock_guid, 0); -- -- if (sl == NULL) -- return grub_error (GRUB_ERR_ACCESS_DENIED, N_("shim_lock protocol not found")); -- -- if (sl->verify (buf, size) != GRUB_EFI_SUCCESS) -- return grub_error (GRUB_ERR_BAD_SIGNATURE, N_("bad shim signature")); -- -- return GRUB_ERR_NONE; --} -- --struct grub_file_verifier shim_lock = -- { -- .name = "shim_lock", -- .init = shim_lock_init, -- .write = shim_lock_write -- }; -- --GRUB_MOD_INIT(shim_lock) --{ -- grub_efi_shim_lock_protocol_t *sl = grub_efi_locate_protocol (&shim_lock_guid, 0); -- -- if (sl == NULL || grub_efi_get_secureboot () != GRUB_EFI_SECUREBOOT_MODE_ENABLED) -- return; -- -- grub_verifier_register (&shim_lock); -- -- grub_dl_set_persistent (mod); --} -- --GRUB_MOD_FINI(shim_lock) --{ -- grub_verifier_unregister (&shim_lock); --} -diff --git a/grub-core/kern/efi/init.c b/grub-core/kern/efi/init.c -index 5c7876e42..9c143eed7 100644 ---- a/grub-core/kern/efi/init.c -+++ b/grub-core/kern/efi/init.c -@@ -20,6 +20,7 @@ - #include - #include - #include -+#include - #include - #include - #include -@@ -40,6 +41,9 @@ grub_efi_init (void) - /* Initialize the memory management system. */ - grub_efi_mm_init (); - -+ /* Register the shim_lock verifier if UEFI Secure Boot is enabled. */ -+ grub_shim_lock_verifier_setup (); -+ - efi_call_4 (grub_efi_system_table->boot_services->set_watchdog_timer, - 0, 0, 0, NULL); - -diff --git a/grub-core/kern/efi/sb.c b/grub-core/kern/efi/sb.c -index 19658d962..8bd5e936d 100644 ---- a/grub-core/kern/efi/sb.c -+++ b/grub-core/kern/efi/sb.c -@@ -22,9 +22,16 @@ - #include - #include - #include -+#include - #include - #include - #include -+#include -+ -+static grub_efi_guid_t shim_lock_guid = GRUB_EFI_SHIM_LOCK_GUID; -+ -+/* List of modules which cannot be loaded if UEFI secure boot mode is enabled. */ -+static const char * const disabled_mods[] = {"iorw", "memrw", "wrmsr", NULL}; - - /* - * Determine whether we're in secure boot mode. -@@ -107,3 +114,101 @@ grub_efi_get_secureboot (void) - - return secureboot; - } -+ -+static grub_err_t -+shim_lock_verifier_init (grub_file_t io __attribute__ ((unused)), -+ enum grub_file_type type, -+ void **context __attribute__ ((unused)), -+ enum grub_verify_flags *flags) -+{ -+ const char *b, *e; -+ int i; -+ -+ *flags = GRUB_VERIFY_FLAGS_SKIP_VERIFICATION; -+ -+ switch (type & GRUB_FILE_TYPE_MASK) -+ { -+ case GRUB_FILE_TYPE_GRUB_MODULE: -+ /* Establish GRUB module name. */ -+ b = grub_strrchr (io->name, '/'); -+ e = grub_strrchr (io->name, '.'); -+ -+ b = b ? (b + 1) : io->name; -+ e = e ? e : io->name + grub_strlen (io->name); -+ e = (e > b) ? e : io->name + grub_strlen (io->name); -+ -+ for (i = 0; disabled_mods[i]; i++) -+ if (!grub_strncmp (b, disabled_mods[i], grub_strlen (b) - grub_strlen (e))) -+ { -+ grub_error (GRUB_ERR_ACCESS_DENIED, -+ N_("module cannot be loaded in UEFI secure boot mode: %s"), -+ io->name); -+ return GRUB_ERR_ACCESS_DENIED; -+ } -+ -+ /* Fall through. */ -+ -+ case GRUB_FILE_TYPE_ACPI_TABLE: -+ case GRUB_FILE_TYPE_DEVICE_TREE_IMAGE: -+ *flags = GRUB_VERIFY_FLAGS_DEFER_AUTH; -+ -+ return GRUB_ERR_NONE; -+ -+ case GRUB_FILE_TYPE_LINUX_KERNEL: -+ case GRUB_FILE_TYPE_MULTIBOOT_KERNEL: -+ case GRUB_FILE_TYPE_BSD_KERNEL: -+ case GRUB_FILE_TYPE_XNU_KERNEL: -+ case GRUB_FILE_TYPE_PLAN9_KERNEL: -+ for (i = 0; disabled_mods[i]; i++) -+ if (grub_dl_get (disabled_mods[i])) -+ { -+ grub_error (GRUB_ERR_ACCESS_DENIED, -+ N_("cannot boot due to dangerous module in memory: %s"), -+ disabled_mods[i]); -+ return GRUB_ERR_ACCESS_DENIED; -+ } -+ -+ *flags = GRUB_VERIFY_FLAGS_SINGLE_CHUNK; -+ -+ /* Fall through. */ -+ -+ default: -+ return GRUB_ERR_NONE; -+ } -+} -+ -+static grub_err_t -+shim_lock_verifier_write (void *context __attribute__ ((unused)), void *buf, grub_size_t size) -+{ -+ grub_efi_shim_lock_protocol_t *sl = grub_efi_locate_protocol (&shim_lock_guid, 0); -+ -+ if (!sl) -+ return grub_error (GRUB_ERR_ACCESS_DENIED, N_("shim_lock protocol not found")); -+ -+ if (sl->verify (buf, size) != GRUB_EFI_SUCCESS) -+ return grub_error (GRUB_ERR_BAD_SIGNATURE, N_("bad shim signature")); -+ -+ return GRUB_ERR_NONE; -+} -+ -+struct grub_file_verifier shim_lock_verifier = -+ { -+ .name = "shim_lock_verifier", -+ .init = shim_lock_verifier_init, -+ .write = shim_lock_verifier_write -+ }; -+ -+void -+grub_shim_lock_verifier_setup (void) -+{ -+ grub_efi_shim_lock_protocol_t *sl = -+ grub_efi_locate_protocol (&shim_lock_guid, 0); -+ -+ if (!sl) -+ return; -+ -+ if (grub_efi_get_secureboot () != GRUB_EFI_SECUREBOOT_MODE_ENABLED) -+ return; -+ -+ grub_verifier_register (&shim_lock_verifier); -+} -diff --git a/include/grub/efi/sb.h b/include/grub/efi/sb.h -index a33d985e3..30c4335bb 100644 ---- a/include/grub/efi/sb.h -+++ b/include/grub/efi/sb.h -@@ -30,6 +30,9 @@ - #ifdef GRUB_MACHINE_EFI - extern grub_uint8_t - EXPORT_FUNC (grub_efi_get_secureboot) (void); -+ -+extern void -+grub_shim_lock_verifier_setup (void); - #else - static inline grub_uint8_t - grub_efi_get_secureboot (void) --- -2.26.2 - diff --git a/0008-efinet-Setting-DNS-server-from-UEFI-protocol.patch b/0008-efinet-Setting-DNS-server-from-UEFI-protocol.patch index f3aebb8..976dd84 100644 --- a/0008-efinet-Setting-DNS-server-from-UEFI-protocol.patch +++ b/0008-efinet-Setting-DNS-server-from-UEFI-protocol.patch @@ -32,10 +32,10 @@ Signed-off-by: Ken Lin include/grub/efi/api.h | 76 +++++++++++++++++ 2 files changed, 239 insertions(+) -Index: grub-2.04~rc1/grub-core/net/drivers/efi/efinet.c +Index: grub-2.06~rc1/grub-core/net/drivers/efi/efinet.c =================================================================== ---- grub-2.04~rc1.orig/grub-core/net/drivers/efi/efinet.c -+++ grub-2.04~rc1/grub-core/net/drivers/efi/efinet.c +--- grub-2.06~rc1.orig/grub-core/net/drivers/efi/efinet.c ++++ grub-2.06~rc1/grub-core/net/drivers/efi/efinet.c @@ -30,6 +30,8 @@ GRUB_MOD_LICENSE ("GPLv3+"); /* GUID. */ static grub_efi_guid_t net_io_guid = GRUB_EFI_SIMPLE_NETWORK_GUID; @@ -241,12 +241,12 @@ Index: grub-2.04~rc1/grub-core/net/drivers/efi/efinet.c *use_ipv6 = 1; } -Index: grub-2.04~rc1/include/grub/efi/api.h +Index: grub-2.06~rc1/include/grub/efi/api.h =================================================================== ---- grub-2.04~rc1.orig/include/grub/efi/api.h -+++ grub-2.04~rc1/include/grub/efi/api.h -@@ -334,6 +334,16 @@ - { 0x8B, 0x8C, 0xE2, 0x1B, 0x01, 0xAE, 0xF2, 0xB7 } \ +--- grub-2.06~rc1.orig/include/grub/efi/api.h ++++ grub-2.06~rc1/include/grub/efi/api.h +@@ -354,6 +354,16 @@ + { 0x86, 0x2e, 0xc0, 0x1c, 0xdc, 0x29, 0x1f, 0x44 } \ } +#define GRUB_EFI_IP4_CONFIG2_PROTOCOL_GUID \ @@ -262,9 +262,9 @@ Index: grub-2.04~rc1/include/grub/efi/api.h struct grub_efi_sal_system_table { grub_uint32_t signature; -@@ -1749,6 +1759,72 @@ struct grub_efi_block_io +@@ -1793,6 +1803,72 @@ struct grub_efi_rng_protocol }; - typedef struct grub_efi_block_io grub_efi_block_io_t; + typedef struct grub_efi_rng_protocol grub_efi_rng_protocol_t; +enum grub_efi_ip4_config2_data_type { + GRUB_EFI_IP4_CONFIG2_DATA_TYPE_INTERFACEINFO, diff --git a/0008-script-Remove-unused-fields-from-grub_script_functio.patch b/0008-script-Remove-unused-fields-from-grub_script_functio.patch deleted file mode 100644 index 12fc854..0000000 --- a/0008-script-Remove-unused-fields-from-grub_script_functio.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 1804acfd35cff2aab9ec9dc586f74f5e3aa83ef2 Mon Sep 17 00:00:00 2001 -From: Chris Coulson -Date: Fri, 10 Jul 2020 11:21:14 +0100 -Subject: [PATCH 18/27] script: Remove unused fields from grub_script_function - struct - -Signed-off-by: Chris Coulson -Reviewed-by: Daniel Kiper ---- - include/grub/script_sh.h | 5 ----- - 1 file changed, 5 deletions(-) - -diff --git a/include/grub/script_sh.h b/include/grub/script_sh.h -index 360c2be1f..b382bcf09 100644 ---- a/include/grub/script_sh.h -+++ b/include/grub/script_sh.h -@@ -359,13 +359,8 @@ struct grub_script_function - /* The script function. */ - struct grub_script *func; - -- /* The flags. */ -- unsigned flags; -- - /* The next element. */ - struct grub_script_function *next; -- -- int references; - }; - typedef struct grub_script_function *grub_script_function_t; - --- -2.27.0 - diff --git a/0008-squash-Add-support-for-Linux-EFI-stub-loading-on-aar.patch b/0008-squash-Add-support-for-Linux-EFI-stub-loading-on-aar.patch deleted file mode 100644 index 100a6b9..0000000 --- a/0008-squash-Add-support-for-Linux-EFI-stub-loading-on-aar.patch +++ /dev/null @@ -1,101 +0,0 @@ -From 5f98e139f74a1280dee4f1579eeab05e08541e8c Mon Sep 17 00:00:00 2001 -From: Michael Chang -Date: Tue, 10 Nov 2020 04:33:21 +0000 -Subject: [PATCH 8/9] squash! Add support for Linux EFI stub loading on - aarch64. - -Make efi handoff the default loader for arm64 platform. - -Signed-off-by: Michael Chang ---- - grub-core/Makefile.core.def | 4 +--- - grub-core/loader/arm64/efi/linux.c | 20 ++++++++++---------- - 2 files changed, 11 insertions(+), 13 deletions(-) - -diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def -index cfdd31431..ce4f71ebe 100644 ---- a/grub-core/Makefile.core.def -+++ b/grub-core/Makefile.core.def -@@ -1787,7 +1787,7 @@ module = { - arm_coreboot = loader/arm/linux.c; - arm_efi = loader/arm64/linux.c; - arm_uboot = loader/arm/linux.c; -- arm64 = loader/arm64/linux.c; -+ arm64 = loader/arm64/efi/linux.c; - riscv32 = loader/riscv/linux.c; - riscv64 = loader/riscv/linux.c; - emu = loader/emu/linux.c; -@@ -1855,10 +1855,8 @@ module = { - module = { - name = linuxefi; - x86 = lib/fake_module.c; -- arm64 = loader/arm64/efi/linux.c; - enable = i386_efi; - enable = x86_64_efi; -- enable = arm64_efi; - }; - - module = { -diff --git a/grub-core/loader/arm64/efi/linux.c b/grub-core/loader/arm64/efi/linux.c -index 0e5782caa..7a8c6dfe4 100644 ---- a/grub-core/loader/arm64/efi/linux.c -+++ b/grub-core/loader/arm64/efi/linux.c -@@ -123,9 +123,8 @@ grub_efi_linux_boot (void *kernel_address, grub_off_t offset, - - #pragma GCC diagnostic pop - --/* FIXME: This is copy of grub_arch_efi_linux_check_image () */ --static grub_err_t --grub_arch_efi_linux_check_image_XX (struct linux_arch_kernel_header * lh) -+grub_err_t -+grub_arch_efi_linux_check_image (struct linux_arch_kernel_header * lh) - { - if (lh->magic != GRUB_LINUX_ARMXX_MAGIC_SIGNATURE) - return grub_error(GRUB_ERR_BAD_OS, "invalid magic number"); -@@ -263,9 +262,10 @@ free_params (void) - } - } - --/* FIXME: This is to replace grub_arch_efi_linux_boot_image */ --static grub_err_t --grub_arch_efi_linux_boot_image_XX (grub_addr_t addr, char *args) -+grub_err_t -+grub_arch_efi_linux_boot_image (grub_addr_t addr, -+ grub_size_t size __attribute__ ((unused)), -+ char *args) - { - grub_err_t retval; - -@@ -285,7 +285,7 @@ grub_arch_efi_linux_boot_image_XX (grub_addr_t addr, char *args) - static grub_err_t - grub_linux_boot (void) - { -- return (grub_arch_efi_linux_boot_image_XX ((grub_addr_t)kernel_addr, linux_args)); -+ return (grub_arch_efi_linux_boot_image ((grub_addr_t)kernel_addr, kernel_size, linux_args)); - } - - static grub_err_t -@@ -432,7 +432,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - if (grub_file_read (file, &lh, sizeof (lh)) < (long) sizeof (lh)) - return grub_errno; - -- if (grub_arch_efi_linux_check_image_XX (&lh) != GRUB_ERR_NONE) -+ if (grub_arch_efi_linux_check_image (&lh) != GRUB_ERR_NONE) - goto fail; - - grub_loader_unset(); -@@ -518,9 +518,9 @@ static grub_command_t cmd_linux, cmd_initrd; - - GRUB_MOD_INIT (linux) - { -- cmd_linux = grub_register_command ("linuxefi", grub_cmd_linux, 0, -+ cmd_linux = grub_register_command ("linux", grub_cmd_linux, 0, - N_("Load Linux.")); -- cmd_initrd = grub_register_command ("initrdefi", grub_cmd_initrd, 0, -+ cmd_initrd = grub_register_command ("initrd", grub_cmd_initrd, 0, - N_("Load initrd.")); - my_mod = mod; - } --- -2.26.2 - diff --git a/0009-kern-Add-lockdown-support.patch b/0009-kern-Add-lockdown-support.patch deleted file mode 100644 index b1c5bac..0000000 --- a/0009-kern-Add-lockdown-support.patch +++ /dev/null @@ -1,430 +0,0 @@ -From 1aebb5645e749917034444b24b88825ea557cae9 Mon Sep 17 00:00:00 2001 -From: Javier Martinez Canillas -Date: Mon, 28 Sep 2020 20:08:02 +0200 -Subject: [PATCH 09/46] kern: Add lockdown support - -When the GRUB starts on a secure boot platform, some commands can be -used to subvert the protections provided by the verification mechanism and -could lead to booting untrusted system. - -To prevent that situation, allow GRUB to be locked down. That way the code -may check if GRUB has been locked down and further restrict the commands -that are registered or what subset of their functionality could be used. - -The lockdown support adds the following components: - -* The grub_lockdown() function which can be used to lockdown GRUB if, - e.g., UEFI Secure Boot is enabled. - -* The grub_is_lockdown() function which can be used to check if the GRUB - was locked down. - -* A verifier that flags OS kernels, the GRUB modules, Device Trees and ACPI - tables as GRUB_VERIFY_FLAGS_DEFER_AUTH to defer verification to other - verifiers. These files are only successfully verified if another registered - verifier returns success. Otherwise, the whole verification process fails. - - For example, PE/COFF binaries verification can be done by the shim_lock - verifier which validates the signatures using the shim_lock protocol. - However, the verification is not deferred directly to the shim_lock verifier. - The shim_lock verifier is hooked into the verification process instead. - -* A set of grub_{command,extcmd}_lockdown functions that can be used by - code registering command handlers, to only register unsafe commands if - the GRUB has not been locked down. - -Signed-off-by: Javier Martinez Canillas -Reviewed-by: Daniel Kiper ---- - conf/Makefile.common | 2 + - docs/grub-dev.texi | 27 +++++++++++++ - docs/grub.texi | 8 ++++ - grub-core/Makefile.am | 5 ++- - grub-core/Makefile.core.def | 1 + - grub-core/commands/extcmd.c | 23 +++++++++++ - grub-core/kern/command.c | 24 +++++++++++ - grub-core/kern/lockdown.c | 80 +++++++++++++++++++++++++++++++++++++ - include/grub/command.h | 5 +++ - include/grub/extcmd.h | 7 ++++ - include/grub/lockdown.h | 44 ++++++++++++++++++++ - 11 files changed, 225 insertions(+), 1 deletion(-) - create mode 100644 grub-core/kern/lockdown.c - create mode 100644 include/grub/lockdown.h - -diff --git a/conf/Makefile.common b/conf/Makefile.common -index 6cd71cbb2..2a1a886f6 100644 ---- a/conf/Makefile.common -+++ b/conf/Makefile.common -@@ -84,7 +84,9 @@ CPPFLAGS_PARTTOOL_LIST = -Dgrub_parttool_register=PARTTOOL_LIST_MARKER - CPPFLAGS_TERMINAL_LIST = '-Dgrub_term_register_input(...)=INPUT_TERMINAL_LIST_MARKER(__VA_ARGS__)' - CPPFLAGS_TERMINAL_LIST += '-Dgrub_term_register_output(...)=OUTPUT_TERMINAL_LIST_MARKER(__VA_ARGS__)' - CPPFLAGS_COMMAND_LIST = '-Dgrub_register_command(...)=COMMAND_LIST_MARKER(__VA_ARGS__)' -+CPPFLAGS_COMMAND_LIST += '-Dgrub_register_command_lockdown(...)=COMMAND_LOCKDOWN_LIST_MARKER(__VA_ARGS__)' - CPPFLAGS_COMMAND_LIST += '-Dgrub_register_extcmd(...)=EXTCOMMAND_LIST_MARKER(__VA_ARGS__)' -+CPPFLAGS_COMMAND_LIST += '-Dgrub_register_extcmd_lockdown(...)=EXTCOMMAND_LOCKDOWN_LIST_MARKER(__VA_ARGS__)' - CPPFLAGS_COMMAND_LIST += '-Dgrub_register_command_p1(...)=P1COMMAND_LIST_MARKER(__VA_ARGS__)' - CPPFLAGS_FDT_LIST := '-Dgrub_fdtbus_register(...)=FDT_DRIVER_LIST_MARKER(__VA_ARGS__)' - CPPFLAGS_MARKER = $(CPPFLAGS_FS_LIST) $(CPPFLAGS_VIDEO_LIST) \ -diff --git a/docs/grub-dev.texi b/docs/grub-dev.texi -index ee389fd83..635ec7231 100644 ---- a/docs/grub-dev.texi -+++ b/docs/grub-dev.texi -@@ -86,6 +86,7 @@ This edition documents version @value{VERSION}. - * PFF2 Font File Format:: - * Graphical Menu Software Design:: - * Verifiers framework:: -+* Lockdown framework:: - * Copying This Manual:: Copying This Manual - * Index:: - @end menu -@@ -2086,6 +2087,32 @@ Optionally at the end of the file @samp{fini}, if it exists, is called with just - the context. If you return no error during any of @samp{init}, @samp{write} and - @samp{fini} then the file is considered as having succeded verification. - -+@node Lockdown framework -+@chapter Lockdown framework -+ -+The GRUB can be locked down, which is a restricted mode where some operations -+are not allowed. For instance, some commands cannot be used when the GRUB is -+locked down. -+ -+The function -+@code{grub_lockdown()} is used to lockdown GRUB and the function -+@code{grub_is_lockdown()} function can be used to check whether lockdown is -+enabled or not. When enabled, the function returns @samp{GRUB_LOCKDOWN_ENABLED} -+and @samp{GRUB_LOCKDOWN_DISABLED} when is not enabled. -+ -+The following functions can be used to register the commands that can only be -+used when lockdown is disabled: -+ -+@itemize -+ -+@item @code{grub_cmd_lockdown()} registers command which should not run when the -+GRUB is in lockdown mode. -+ -+@item @code{grub_cmd_lockdown()} registers extended command which should not run -+when the GRUB is in lockdown mode. -+ -+@end itemize -+ - @node Copying This Manual - @appendix Copying This Manual - -diff --git a/docs/grub.texi b/docs/grub.texi -index d3fbc81db..a459a71e4 100644 ---- a/docs/grub.texi -+++ b/docs/grub.texi -@@ -5598,6 +5598,7 @@ environment variables and commands are listed in the same order. - * Using digital signatures:: Booting digitally signed code - * UEFI secure boot and shim:: Booting digitally signed PE files - * Measured Boot:: Measuring boot components -+* Lockdown:: Lockdown when booting on a secure setup - @end menu - - @node Authentication and authorisation -@@ -5812,6 +5813,13 @@ into @file{core.img} in order to avoid a potential gap in measurement between - - Measured boot is currently only supported on EFI platforms. - -+@node Lockdown -+@section Lockdown when booting on a secure setup -+ -+The GRUB can be locked down when booted on a secure boot environment, for example -+if the UEFI secure boot is enabled. On a locked down configuration, the GRUB will -+be restricted and some operations/commands cannot be executed. -+ - @node Platform limitations - @chapter Platform limitations - -diff --git a/grub-core/Makefile.am b/grub-core/Makefile.am -index 3569b7101..6b2e5e139 100644 ---- a/grub-core/Makefile.am -+++ b/grub-core/Makefile.am -@@ -80,6 +80,7 @@ KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/fs.h - KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/i18n.h - KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/kernel.h - KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/list.h -+KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/lockdown.h - KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/misc.h - if COND_emu - KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/compiler-rt-emu.h -@@ -378,8 +379,10 @@ command.lst: $(MARKER_FILES) - b=`basename $$pp .marker`; \ - sed -n \ - -e "/EXTCOMMAND_LIST_MARKER *( *\"/{s/.*( *\"\([^\"]*\)\".*/*\1: $$b/;p;}" \ -+ -e "/EXTCOMMAND_LOCKDOWN_LIST_MARKER *( *\"/{s/.*( *\"\([^\"]*\)\".*/*\1: $$b/;p;}" \ - -e "/P1COMMAND_LIST_MARKER *( *\"/{s/.*( *\"\([^\"]*\)\".*/*\1: $$b/;p;}" \ -- -e "/COMMAND_LIST_MARKER *( *\"/{s/.*( *\"\([^\"]*\)\".*/\1: $$b/;p;}" $$pp; \ -+ -e "/COMMAND_LIST_MARKER *( *\"/{s/.*( *\"\([^\"]*\)\".*/\1: $$b/;p;}" \ -+ -e "/COMMAND_LOCKDOWN_LIST_MARKER *( *\"/{s/.*( *\"\([^\"]*\)\".*/\1: $$b/;p;}" $$pp; \ - done) | sort -u > $@ - platform_DATA += command.lst - CLEANFILES += command.lst -diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def -index 8c8f8c579..a00e7f983 100644 ---- a/grub-core/Makefile.core.def -+++ b/grub-core/Makefile.core.def -@@ -205,6 +205,7 @@ kernel = { - efi = kern/acpi.c; - efi = kern/efi/acpi.c; - efi = kern/efi/sb.c; -+ efi = kern/lockdown.c; - i386_coreboot = kern/i386/pc/acpi.c; - i386_multiboot = kern/i386/pc/acpi.c; - i386_coreboot = kern/acpi.c; -diff --git a/grub-core/commands/extcmd.c b/grub-core/commands/extcmd.c -index 69574e2b0..90a5ca24a 100644 ---- a/grub-core/commands/extcmd.c -+++ b/grub-core/commands/extcmd.c -@@ -19,6 +19,7 @@ - - #include - #include -+#include - #include - #include - #include -@@ -110,6 +111,28 @@ grub_register_extcmd (const char *name, grub_extcmd_func_t func, - summary, description, parser, 1); - } - -+static grub_err_t -+grub_extcmd_lockdown (grub_extcmd_context_t ctxt __attribute__ ((unused)), -+ int argc __attribute__ ((unused)), -+ char **argv __attribute__ ((unused))) -+{ -+ return grub_error (GRUB_ERR_ACCESS_DENIED, -+ N_("%s: the command is not allowed when lockdown is enforced"), -+ ctxt->extcmd->cmd->name); -+} -+ -+grub_extcmd_t -+grub_register_extcmd_lockdown (const char *name, grub_extcmd_func_t func, -+ grub_command_flags_t flags, const char *summary, -+ const char *description, -+ const struct grub_arg_option *parser) -+{ -+ if (grub_is_lockdown () == GRUB_LOCKDOWN_ENABLED) -+ func = grub_extcmd_lockdown; -+ -+ return grub_register_extcmd (name, func, flags, summary, description, parser); -+} -+ - void - grub_unregister_extcmd (grub_extcmd_t ext) - { -diff --git a/grub-core/kern/command.c b/grub-core/kern/command.c -index acd721879..4aabcd4b5 100644 ---- a/grub-core/kern/command.c -+++ b/grub-core/kern/command.c -@@ -17,6 +17,7 @@ - * along with GRUB. If not, see . - */ - -+#include - #include - #include - -@@ -77,6 +78,29 @@ grub_register_command_prio (const char *name, - return cmd; - } - -+static grub_err_t -+grub_cmd_lockdown (grub_command_t cmd __attribute__ ((unused)), -+ int argc __attribute__ ((unused)), -+ char **argv __attribute__ ((unused))) -+ -+{ -+ return grub_error (GRUB_ERR_ACCESS_DENIED, -+ N_("%s: the command is not allowed when lockdown is enforced"), -+ cmd->name); -+} -+ -+grub_command_t -+grub_register_command_lockdown (const char *name, -+ grub_command_func_t func, -+ const char *summary, -+ const char *description) -+{ -+ if (grub_is_lockdown () == GRUB_LOCKDOWN_ENABLED) -+ func = grub_cmd_lockdown; -+ -+ return grub_register_command_prio (name, func, summary, description, 0); -+} -+ - void - grub_unregister_command (grub_command_t cmd) - { -diff --git a/grub-core/kern/lockdown.c b/grub-core/kern/lockdown.c -new file mode 100644 -index 000000000..1e56c0b80 ---- /dev/null -+++ b/grub-core/kern/lockdown.c -@@ -0,0 +1,80 @@ -+/* -+ * GRUB -- GRand Unified Bootloader -+ * Copyright (C) 2020 Free Software Foundation, Inc. -+ * -+ * GRUB is free software: you can redistribute it and/or modify -+ * it under the terms of the GNU General Public License as published by -+ * the Free Software Foundation, either version 3 of the License, or -+ * (at your option) any later version. -+ * -+ * GRUB is distributed in the hope that it will be useful, -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ * GNU General Public License for more details. -+ * -+ * You should have received a copy of the GNU General Public License -+ * along with GRUB. If not, see . -+ * -+ */ -+ -+#include -+#include -+#include -+#include -+ -+static int lockdown = GRUB_LOCKDOWN_DISABLED; -+ -+static grub_err_t -+lockdown_verifier_init (grub_file_t io __attribute__ ((unused)), -+ enum grub_file_type type, -+ void **context __attribute__ ((unused)), -+ enum grub_verify_flags *flags) -+{ -+ *flags = GRUB_VERIFY_FLAGS_SKIP_VERIFICATION; -+ -+ switch (type & GRUB_FILE_TYPE_MASK) -+ { -+ case GRUB_FILE_TYPE_GRUB_MODULE: -+ case GRUB_FILE_TYPE_LINUX_KERNEL: -+ case GRUB_FILE_TYPE_MULTIBOOT_KERNEL: -+ case GRUB_FILE_TYPE_XEN_HYPERVISOR: -+ case GRUB_FILE_TYPE_BSD_KERNEL: -+ case GRUB_FILE_TYPE_XNU_KERNEL: -+ case GRUB_FILE_TYPE_PLAN9_KERNEL: -+ case GRUB_FILE_TYPE_NTLDR: -+ case GRUB_FILE_TYPE_TRUECRYPT: -+ case GRUB_FILE_TYPE_FREEDOS: -+ case GRUB_FILE_TYPE_PXECHAINLOADER: -+ case GRUB_FILE_TYPE_PCCHAINLOADER: -+ case GRUB_FILE_TYPE_COREBOOT_CHAINLOADER: -+ case GRUB_FILE_TYPE_EFI_CHAINLOADED_IMAGE: -+ case GRUB_FILE_TYPE_ACPI_TABLE: -+ case GRUB_FILE_TYPE_DEVICE_TREE_IMAGE: -+ *flags = GRUB_VERIFY_FLAGS_DEFER_AUTH; -+ -+ /* Fall through. */ -+ -+ default: -+ return GRUB_ERR_NONE; -+ } -+} -+ -+struct grub_file_verifier lockdown_verifier = -+ { -+ .name = "lockdown_verifier", -+ .init = lockdown_verifier_init, -+ }; -+ -+void -+grub_lockdown (void) -+{ -+ lockdown = GRUB_LOCKDOWN_ENABLED; -+ -+ grub_verifier_register (&lockdown_verifier); -+} -+ -+int -+grub_is_lockdown (void) -+{ -+ return lockdown; -+} -diff --git a/include/grub/command.h b/include/grub/command.h -index eee4e847e..2a6f7f846 100644 ---- a/include/grub/command.h -+++ b/include/grub/command.h -@@ -86,6 +86,11 @@ EXPORT_FUNC(grub_register_command_prio) (const char *name, - const char *summary, - const char *description, - int prio); -+grub_command_t -+EXPORT_FUNC(grub_register_command_lockdown) (const char *name, -+ grub_command_func_t func, -+ const char *summary, -+ const char *description); - void EXPORT_FUNC(grub_unregister_command) (grub_command_t cmd); - - static inline grub_command_t -diff --git a/include/grub/extcmd.h b/include/grub/extcmd.h -index 19fe59266..fe9248b8b 100644 ---- a/include/grub/extcmd.h -+++ b/include/grub/extcmd.h -@@ -62,6 +62,13 @@ grub_extcmd_t EXPORT_FUNC(grub_register_extcmd) (const char *name, - const char *description, - const struct grub_arg_option *parser); - -+grub_extcmd_t EXPORT_FUNC(grub_register_extcmd_lockdown) (const char *name, -+ grub_extcmd_func_t func, -+ grub_command_flags_t flags, -+ const char *summary, -+ const char *description, -+ const struct grub_arg_option *parser); -+ - grub_extcmd_t EXPORT_FUNC(grub_register_extcmd_prio) (const char *name, - grub_extcmd_func_t func, - grub_command_flags_t flags, -diff --git a/include/grub/lockdown.h b/include/grub/lockdown.h -new file mode 100644 -index 000000000..40531fa82 ---- /dev/null -+++ b/include/grub/lockdown.h -@@ -0,0 +1,44 @@ -+/* -+ * GRUB -- GRand Unified Bootloader -+ * Copyright (C) 2020 Free Software Foundation, Inc. -+ * -+ * GRUB is free software: you can redistribute it and/or modify -+ * it under the terms of the GNU General Public License as published by -+ * the Free Software Foundation, either version 3 of the License, or -+ * (at your option) any later version. -+ * -+ * GRUB is distributed in the hope that it will be useful, -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ * GNU General Public License for more details. -+ * -+ * You should have received a copy of the GNU General Public License -+ * along with GRUB. If not, see . -+ */ -+ -+#ifndef GRUB_LOCKDOWN_H -+#define GRUB_LOCKDOWN_H 1 -+ -+#include -+ -+#define GRUB_LOCKDOWN_DISABLED 0 -+#define GRUB_LOCKDOWN_ENABLED 1 -+ -+#ifdef GRUB_MACHINE_EFI -+extern void -+EXPORT_FUNC (grub_lockdown) (void); -+extern int -+EXPORT_FUNC (grub_is_lockdown) (void); -+#else -+static inline void -+grub_lockdown (void) -+{ -+} -+ -+static inline int -+grub_is_lockdown (void) -+{ -+ return GRUB_LOCKDOWN_DISABLED; -+} -+#endif -+#endif /* ! GRUB_LOCKDOWN_H */ --- -2.26.2 - diff --git a/0009-script-Avoid-a-use-after-free-when-redefining-a-func.patch b/0009-script-Avoid-a-use-after-free-when-redefining-a-func.patch deleted file mode 100644 index 7b670ed..0000000 --- a/0009-script-Avoid-a-use-after-free-when-redefining-a-func.patch +++ /dev/null @@ -1,107 +0,0 @@ -From 809f3a26897f5f648325c5741e72dc1b3db828ee Mon Sep 17 00:00:00 2001 -From: Chris Coulson -Date: Fri, 10 Jul 2020 14:41:45 +0100 -Subject: [PATCH 19/27] script: Avoid a use-after-free when redefining a - function during execution - -Defining a new function with the same name as a previously defined -function causes the grub_script and associated resources for the -previous function to be freed. If the previous function is currently -executing when a function with the same name is defined, this results -in use-after-frees when processing subsequent commands in the original -function. - -Instead, reject a new function definition if it has the same name as -a previously defined function, and that function is currently being -executed. Although a behavioural change, this should be backwards -compatible with existing configurations because they can't be -dependent on the current behaviour without being broken. - -Signed-off-by: Chris Coulson -Reviewed-by: Daniel Kiper ---- - grub-core/script/execute.c | 2 ++ - grub-core/script/function.c | 16 +++++++++++++--- - grub-core/script/parser.y | 3 ++- - include/grub/script_sh.h | 2 ++ - 4 files changed, 19 insertions(+), 4 deletions(-) - -diff --git a/grub-core/script/execute.c b/grub-core/script/execute.c -index 8a9161cc8..ce83edd4b 100644 ---- a/grub-core/script/execute.c -+++ b/grub-core/script/execute.c -@@ -838,7 +838,9 @@ grub_script_function_call (grub_script_function_t func, int argc, char **args) - old_scope = scope; - scope = &new_scope; - -+ func->executing++; - ret = grub_script_execute (func->func); -+ func->executing--; - - function_return = 0; - active_loops = loops; -diff --git a/grub-core/script/function.c b/grub-core/script/function.c -index d36655e51..3aad04bf9 100644 ---- a/grub-core/script/function.c -+++ b/grub-core/script/function.c -@@ -34,6 +34,7 @@ grub_script_function_create (struct grub_script_arg *functionname_arg, - func = (grub_script_function_t) grub_malloc (sizeof (*func)); - if (! func) - return 0; -+ func->executing = 0; - - func->name = grub_strdup (functionname_arg->str); - if (! func->name) -@@ -60,10 +61,19 @@ grub_script_function_create (struct grub_script_arg *functionname_arg, - grub_script_function_t q; - - q = *p; -- grub_script_free (q->func); -- q->func = cmd; - grub_free (func); -- func = q; -+ if (q->executing > 0) -+ { -+ grub_error (GRUB_ERR_BAD_ARGUMENT, -+ N_("attempt to redefine a function being executed")); -+ func = NULL; -+ } -+ else -+ { -+ grub_script_free (q->func); -+ q->func = cmd; -+ func = q; -+ } - } - else - { -diff --git a/grub-core/script/parser.y b/grub-core/script/parser.y -index 4f0ab8319..f80b86b6f 100644 ---- a/grub-core/script/parser.y -+++ b/grub-core/script/parser.y -@@ -289,7 +289,8 @@ function: "function" "name" - grub_script_mem_free (state->func_mem); - else { - script->children = state->scripts; -- grub_script_function_create ($2, script); -+ if (!grub_script_function_create ($2, script)) -+ grub_script_free (script); - } - - state->scripts = $3; -diff --git a/include/grub/script_sh.h b/include/grub/script_sh.h -index b382bcf09..6c48e0751 100644 ---- a/include/grub/script_sh.h -+++ b/include/grub/script_sh.h -@@ -361,6 +361,8 @@ struct grub_script_function - - /* The next element. */ - struct grub_script_function *next; -+ -+ unsigned executing; - }; - typedef struct grub_script_function *grub_script_function_t; - --- -2.27.0 - diff --git a/0009-squash-Add-support-for-linuxefi.patch b/0009-squash-Add-support-for-linuxefi.patch deleted file mode 100644 index f57a7db..0000000 --- a/0009-squash-Add-support-for-linuxefi.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 5d72f1ccbedcfc883e5f4cda60ea456cdc2b5dcd Mon Sep 17 00:00:00 2001 -From: Michael Chang -Date: Sat, 30 Jan 2021 12:34:17 +0800 -Subject: [PATCH 9/9] squash! Add support for linuxefi - -The upstream commit - -df84d6e94 efi: Print error messages to grub_efi_allocate_pages_real() - -adds grub_error() to set error message and return grub_errno. We have to -unset the grub_errno if we want to ignore the error and proceed, or -the inadvertently provoked error handler would lead to unspecified -consequence. - -Signed-off-by: Michael Chang ---- - grub-core/loader/i386/efi/linux.c | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c -index 3f6d51519..742b215a3 100644 ---- a/grub-core/loader/i386/efi/linux.c -+++ b/grub-core/loader/i386/efi/linux.c -@@ -283,8 +283,11 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - BYTES_TO_PAGES(lh.init_size)); - - if (!kernel_mem) -- kernel_mem = grub_efi_allocate_pages_max(0x3fffffff, -+ { -+ grub_errno = GRUB_ERR_NONE; -+ kernel_mem = grub_efi_allocate_pages_max(0x3fffffff, - BYTES_TO_PAGES(lh.init_size)); -+ } - - if (!kernel_mem) - { --- -2.26.2 - diff --git a/0010-kern-lockdown-Set-a-variable-if-the-GRUB-is-locked-d.patch b/0010-kern-lockdown-Set-a-variable-if-the-GRUB-is-locked-d.patch deleted file mode 100644 index d23f3ef..0000000 --- a/0010-kern-lockdown-Set-a-variable-if-the-GRUB-is-locked-d.patch +++ /dev/null @@ -1,57 +0,0 @@ -From 959db537b12c5e76c244ccc51cbbed7f27b0abe2 Mon Sep 17 00:00:00 2001 -From: Javier Martinez Canillas -Date: Tue, 2 Feb 2021 19:59:48 +0100 -Subject: [PATCH 10/46] kern/lockdown: Set a variable if the GRUB is locked - down - -It may be useful for scripts to determine whether the GRUB is locked -down or not. Add the lockdown variable which is set to "y" when the GRUB -is locked down. - -Suggested-by: Dimitri John Ledkov -Signed-off-by: Javier Martinez Canillas -Reviewed-by: Daniel Kiper ---- - docs/grub.texi | 3 +++ - grub-core/kern/lockdown.c | 4 ++++ - 2 files changed, 7 insertions(+) - -diff --git a/docs/grub.texi b/docs/grub.texi -index a459a71e4..3a4d18e06 100644 ---- a/docs/grub.texi -+++ b/docs/grub.texi -@@ -5820,6 +5820,9 @@ The GRUB can be locked down when booted on a secure boot environment, for exampl - if the UEFI secure boot is enabled. On a locked down configuration, the GRUB will - be restricted and some operations/commands cannot be executed. - -+The @samp{lockdown} variable is set to @samp{y} when the GRUB is locked down. -+Otherwise it does not exit. -+ - @node Platform limitations - @chapter Platform limitations - -diff --git a/grub-core/kern/lockdown.c b/grub-core/kern/lockdown.c -index 1e56c0b80..0bc70fd42 100644 ---- a/grub-core/kern/lockdown.c -+++ b/grub-core/kern/lockdown.c -@@ -18,6 +18,7 @@ - */ - - #include -+#include - #include - #include - #include -@@ -71,6 +72,9 @@ grub_lockdown (void) - lockdown = GRUB_LOCKDOWN_ENABLED; - - grub_verifier_register (&lockdown_verifier); -+ -+ grub_env_set ("lockdown", "y"); -+ grub_env_export ("lockdown"); - } - - int --- -2.26.2 - diff --git a/0010-linux-Fix-integer-overflows-in-initrd-size-handling.patch b/0010-linux-Fix-integer-overflows-in-initrd-size-handling.patch deleted file mode 100644 index 4868791..0000000 --- a/0010-linux-Fix-integer-overflows-in-initrd-size-handling.patch +++ /dev/null @@ -1,164 +0,0 @@ -commit a59b854381d1148d32f74fbb9cf0f384972a5b4b -Author: Colin Watson -Date: Sat Jul 25 12:15:37 2020 +0100 - - linux: Fix integer overflows in initrd size handling - - These could be triggered by a crafted filesystem with very large files. - - Fixes: CVE-2020-15707 - - Signed-off-by: Colin Watson - Reviewed-by: Jan Setje-Eilers - -diff --git a/grub-core/loader/linux.c b/grub-core/loader/linux.c -index 25624ebc1..e9f819ee9 100644 ---- a/grub-core/loader/linux.c -+++ b/grub-core/loader/linux.c -@@ -4,6 +4,7 @@ - #include - #include - #include -+#include - - struct newc_head - { -@@ -98,13 +99,13 @@ free_dir (struct dir *root) - grub_free (root); - } - --static grub_size_t -+static grub_err_t - insert_dir (const char *name, struct dir **root, -- grub_uint8_t *ptr) -+ grub_uint8_t *ptr, grub_size_t *size) - { - struct dir *cur, **head = root; - const char *cb, *ce = name; -- grub_size_t size = 0; -+ *size = 0; - while (1) - { - for (cb = ce; *cb == '/'; cb++); -@@ -130,14 +131,22 @@ insert_dir (const char *name, struct dir **root, - ptr = make_header (ptr, name, ce - name, - 040777, 0); - } -- size += ALIGN_UP ((ce - (char *) name) -- + sizeof (struct newc_head), 4); -+ if (grub_add (*size, -+ ALIGN_UP ((ce - (char *) name) -+ + sizeof (struct newc_head), 4), -+ size)) -+ { -+ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); -+ grub_free (n->name); -+ grub_free (n); -+ return grub_errno; -+ } - *head = n; - cur = n; - } - root = &cur->next; - } -- return size; -+ return GRUB_ERR_NONE; - } - - grub_err_t -@@ -173,26 +182,33 @@ grub_initrd_init (int argc, char *argv[], - eptr = grub_strchr (ptr, ':'); - if (eptr) - { -+ grub_size_t dir_size, name_len; -+ - initrd_ctx->components[i].newc_name = grub_strndup (ptr, eptr - ptr); -- if (!initrd_ctx->components[i].newc_name) -+ if (!initrd_ctx->components[i].newc_name || -+ insert_dir (initrd_ctx->components[i].newc_name, &root, 0, -+ &dir_size)) - { - grub_initrd_close (initrd_ctx); - return grub_errno; - } -- initrd_ctx->size -- += ALIGN_UP (sizeof (struct newc_head) -- + grub_strlen (initrd_ctx->components[i].newc_name), -- 4); -- initrd_ctx->size += insert_dir (initrd_ctx->components[i].newc_name, -- &root, 0); -+ name_len = grub_strlen (initrd_ctx->components[i].newc_name); -+ if (grub_add (initrd_ctx->size, -+ ALIGN_UP (sizeof (struct newc_head) + name_len, 4), -+ &initrd_ctx->size) || -+ grub_add (initrd_ctx->size, dir_size, &initrd_ctx->size)) -+ goto overflow; - newc = 1; - fname = eptr + 1; - } - } - else if (newc) - { -- initrd_ctx->size += ALIGN_UP (sizeof (struct newc_head) -- + sizeof ("TRAILER!!!") - 1, 4); -+ if (grub_add (initrd_ctx->size, -+ ALIGN_UP (sizeof (struct newc_head) -+ + sizeof ("TRAILER!!!") - 1, 4), -+ &initrd_ctx->size)) -+ goto overflow; - free_dir (root); - root = 0; - newc = 0; -@@ -208,19 +224,29 @@ grub_initrd_init (int argc, char *argv[], - initrd_ctx->nfiles++; - initrd_ctx->components[i].size - = grub_file_size (initrd_ctx->components[i].file); -- initrd_ctx->size += initrd_ctx->components[i].size; -+ if (grub_add (initrd_ctx->size, initrd_ctx->components[i].size, -+ &initrd_ctx->size)) -+ goto overflow; - } - - if (newc) - { - initrd_ctx->size = ALIGN_UP (initrd_ctx->size, 4); -- initrd_ctx->size += ALIGN_UP (sizeof (struct newc_head) -- + sizeof ("TRAILER!!!") - 1, 4); -+ if (grub_add (initrd_ctx->size, -+ ALIGN_UP (sizeof (struct newc_head) -+ + sizeof ("TRAILER!!!") - 1, 4), -+ &initrd_ctx->size)) -+ goto overflow; - free_dir (root); - root = 0; - } - - return GRUB_ERR_NONE; -+ -+overflow: -+ free_dir (root); -+ grub_initrd_close (initrd_ctx); -+ return grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); - } - - grub_size_t -@@ -261,8 +287,16 @@ grub_initrd_load (struct grub_linux_initrd_context *initrd_ctx, - - if (initrd_ctx->components[i].newc_name) - { -- ptr += insert_dir (initrd_ctx->components[i].newc_name, -- &root, ptr); -+ grub_size_t dir_size; -+ -+ if (insert_dir (initrd_ctx->components[i].newc_name, &root, ptr, -+ &dir_size)) -+ { -+ free_dir (root); -+ grub_initrd_close (initrd_ctx); -+ return grub_errno; -+ } -+ ptr += dir_size; - ptr = make_header (ptr, initrd_ctx->components[i].newc_name, - grub_strlen (initrd_ctx->components[i].newc_name), - 0100777, - diff --git a/0011-efi-Lockdown-the-GRUB-when-the-UEFI-Secure-Boot-is-e.patch b/0011-efi-Lockdown-the-GRUB-when-the-UEFI-Secure-Boot-is-e.patch deleted file mode 100644 index 2f886b1..0000000 --- a/0011-efi-Lockdown-the-GRUB-when-the-UEFI-Secure-Boot-is-e.patch +++ /dev/null @@ -1,49 +0,0 @@ -From a255fd33e08015335aeac619348536b5fda8303e Mon Sep 17 00:00:00 2001 -From: Javier Martinez Canillas -Date: Mon, 28 Sep 2020 20:08:29 +0200 -Subject: [PATCH 11/46] efi: Lockdown the GRUB when the UEFI Secure Boot is - enabled - -If the UEFI Secure Boot is enabled then the GRUB must be locked down -to prevent executing code that can potentially be used to subvert its -verification mechanisms. - -Signed-off-by: Javier Martinez Canillas -Reviewed-by: Daniel Kiper ---- - grub-core/kern/efi/init.c | 12 ++++++++++-- - 1 file changed, 10 insertions(+), 2 deletions(-) - -diff --git a/grub-core/kern/efi/init.c b/grub-core/kern/efi/init.c -index 9c143eed7..08ef2b8f4 100644 ---- a/grub-core/kern/efi/init.c -+++ b/grub-core/kern/efi/init.c -@@ -21,6 +21,7 @@ - #include - #include - #include -+#include - #include - #include - #include -@@ -41,8 +42,15 @@ grub_efi_init (void) - /* Initialize the memory management system. */ - grub_efi_mm_init (); - -- /* Register the shim_lock verifier if UEFI Secure Boot is enabled. */ -- grub_shim_lock_verifier_setup (); -+ /* -+ * Lockdown the GRUB and register the shim_lock verifier -+ * if the UEFI Secure Boot is enabled. -+ */ -+ if (grub_efi_get_secureboot () == GRUB_EFI_SECUREBOOT_MODE_ENABLED) -+ { -+ grub_lockdown (); -+ grub_shim_lock_verifier_setup (); -+ } - - efi_call_4 (grub_efi_system_table->boot_services->set_watchdog_timer, - 0, 0, 0, NULL); --- -2.26.2 - diff --git a/0012-efi-Use-grub_is_lockdown-instead-of-hardcoding-a-dis.patch b/0012-efi-Use-grub_is_lockdown-instead-of-hardcoding-a-dis.patch deleted file mode 100644 index 1f94953..0000000 --- a/0012-efi-Use-grub_is_lockdown-instead-of-hardcoding-a-dis.patch +++ /dev/null @@ -1,231 +0,0 @@ -From fd04f7a20cffb4bde9deb688f4e33e5ff2c80181 Mon Sep 17 00:00:00 2001 -From: Javier Martinez Canillas -Date: Mon, 28 Sep 2020 20:08:33 +0200 -Subject: [PATCH 12/46] efi: Use grub_is_lockdown() instead of hardcoding a - disabled modules list - -Now the GRUB can check if it has been locked down and this can be used to -prevent executing commands that can be utilized to circumvent the UEFI -Secure Boot mechanisms. So, instead of hardcoding a list of modules that -have to be disabled, prevent the usage of commands that can be dangerous. - -This not only allows the commands to be disabled on other platforms, but -also properly separate the concerns. Since the shim_lock verifier logic -should be only about preventing to run untrusted binaries and not about -defining these kind of policies. - -Signed-off-by: Javier Martinez Canillas -Reviewed-by: Daniel Kiper ---- - docs/grub.texi | 15 +++++++----- - grub-core/commands/i386/wrmsr.c | 5 ++-- - grub-core/commands/iorw.c | 19 +++++++-------- - grub-core/commands/memrw.c | 19 +++++++-------- - grub-core/kern/efi/sb.c | 41 --------------------------------- - 5 files changed, 32 insertions(+), 67 deletions(-) - -diff --git a/docs/grub.texi b/docs/grub.texi -index 3a4d18e06..6d8d32b0b 100644 ---- a/docs/grub.texi -+++ b/docs/grub.texi -@@ -5256,6 +5256,9 @@ only applies to the particular cpu/core/thread that runs the command. - Also, if you specify a reserved or unimplemented MSR address, it will - cause a general protection exception (which is not currently being handled) - and the system will reboot. -+ -+Note: The command is not allowed when lockdown is enforced (@pxref{Lockdown}). -+ This is done to prevent subverting various security mechanisms. - @end deffn - - @node xen_hypervisor -@@ -5769,12 +5772,12 @@ boot and the shim. This functionality is provided by the shim_lock verifier. It - is built into the @file{core.img} and is registered if the UEFI secure boot is - enabled. - --All modules not stored in the @file{core.img} and the ACPI tables for the --@command{acpi} command have to be signed, e.g. using PGP. Additionally, the --@command{iorw}, the @command{memrw} and the @command{wrmsr} commands are --prohibited if the UEFI secure boot is enabled. This is done due to --security reasons. All above mentioned requirements are enforced by the --shim_lock verifier logic. -+All GRUB modules not stored in the @file{core.img}, OS kernels, ACPI tables, -+Device Trees, etc. have to be signed, e.g, using PGP. Additionally, the commands -+that can be used to subvert the UEFI secure boot mechanism, such as @command{iorw} -+and @command{memrw} will not be available when the UEFI secure boot is enabled. -+This is done for security reasons and are enforced by the GRUB Lockdown mechanism -+(@pxref{Lockdown}). - - @node Measured Boot - @section Measuring boot components -diff --git a/grub-core/commands/i386/wrmsr.c b/grub-core/commands/i386/wrmsr.c -index 9c5e510eb..56a29c29f 100644 ---- a/grub-core/commands/i386/wrmsr.c -+++ b/grub-core/commands/i386/wrmsr.c -@@ -24,6 +24,7 @@ - #include - #include - #include -+#include - #include - #include - #include -@@ -83,8 +84,8 @@ grub_cmd_msr_write (grub_command_t cmd __attribute__ ((unused)), int argc, char - - GRUB_MOD_INIT(wrmsr) - { -- cmd_write = grub_register_command ("wrmsr", grub_cmd_msr_write, N_("ADDR VALUE"), -- N_("Write a value to a CPU model specific register.")); -+ cmd_write = grub_register_command_lockdown ("wrmsr", grub_cmd_msr_write, N_("ADDR VALUE"), -+ N_("Write a value to a CPU model specific register.")); - } - - GRUB_MOD_FINI(wrmsr) -diff --git a/grub-core/commands/iorw.c b/grub-core/commands/iorw.c -index a0c164e54..584baec8f 100644 ---- a/grub-core/commands/iorw.c -+++ b/grub-core/commands/iorw.c -@@ -23,6 +23,7 @@ - #include - #include - #include -+#include - - GRUB_MOD_LICENSE ("GPLv3+"); - -@@ -131,17 +132,17 @@ GRUB_MOD_INIT(memrw) - N_("PORT"), N_("Read 32-bit value from PORT."), - options); - cmd_write_byte = -- grub_register_command ("outb", grub_cmd_write, -- N_("PORT VALUE [MASK]"), -- N_("Write 8-bit VALUE to PORT.")); -+ grub_register_command_lockdown ("outb", grub_cmd_write, -+ N_("PORT VALUE [MASK]"), -+ N_("Write 8-bit VALUE to PORT.")); - cmd_write_word = -- grub_register_command ("outw", grub_cmd_write, -- N_("PORT VALUE [MASK]"), -- N_("Write 16-bit VALUE to PORT.")); -+ grub_register_command_lockdown ("outw", grub_cmd_write, -+ N_("PORT VALUE [MASK]"), -+ N_("Write 16-bit VALUE to PORT.")); - cmd_write_dword = -- grub_register_command ("outl", grub_cmd_write, -- N_("ADDR VALUE [MASK]"), -- N_("Write 32-bit VALUE to PORT.")); -+ grub_register_command_lockdown ("outl", grub_cmd_write, -+ N_("ADDR VALUE [MASK]"), -+ N_("Write 32-bit VALUE to PORT.")); - } - - GRUB_MOD_FINI(memrw) -diff --git a/grub-core/commands/memrw.c b/grub-core/commands/memrw.c -index 98769eadb..d401a6db0 100644 ---- a/grub-core/commands/memrw.c -+++ b/grub-core/commands/memrw.c -@@ -22,6 +22,7 @@ - #include - #include - #include -+#include - - GRUB_MOD_LICENSE ("GPLv3+"); - -@@ -133,17 +134,17 @@ GRUB_MOD_INIT(memrw) - N_("ADDR"), N_("Read 32-bit value from ADDR."), - options); - cmd_write_byte = -- grub_register_command ("write_byte", grub_cmd_write, -- N_("ADDR VALUE [MASK]"), -- N_("Write 8-bit VALUE to ADDR.")); -+ grub_register_command_lockdown ("write_byte", grub_cmd_write, -+ N_("ADDR VALUE [MASK]"), -+ N_("Write 8-bit VALUE to ADDR.")); - cmd_write_word = -- grub_register_command ("write_word", grub_cmd_write, -- N_("ADDR VALUE [MASK]"), -- N_("Write 16-bit VALUE to ADDR.")); -+ grub_register_command_lockdown ("write_word", grub_cmd_write, -+ N_("ADDR VALUE [MASK]"), -+ N_("Write 16-bit VALUE to ADDR.")); - cmd_write_dword = -- grub_register_command ("write_dword", grub_cmd_write, -- N_("ADDR VALUE [MASK]"), -- N_("Write 32-bit VALUE to ADDR.")); -+ grub_register_command_lockdown ("write_dword", grub_cmd_write, -+ N_("ADDR VALUE [MASK]"), -+ N_("Write 32-bit VALUE to ADDR.")); - } - - GRUB_MOD_FINI(memrw) -diff --git a/grub-core/kern/efi/sb.c b/grub-core/kern/efi/sb.c -index 8bd5e936d..5d7210a82 100644 ---- a/grub-core/kern/efi/sb.c -+++ b/grub-core/kern/efi/sb.c -@@ -30,9 +30,6 @@ - - static grub_efi_guid_t shim_lock_guid = GRUB_EFI_SHIM_LOCK_GUID; - --/* List of modules which cannot be loaded if UEFI secure boot mode is enabled. */ --static const char * const disabled_mods[] = {"iorw", "memrw", "wrmsr", NULL}; -- - /* - * Determine whether we're in secure boot mode. - * -@@ -121,53 +118,15 @@ shim_lock_verifier_init (grub_file_t io __attribute__ ((unused)), - void **context __attribute__ ((unused)), - enum grub_verify_flags *flags) - { -- const char *b, *e; -- int i; -- - *flags = GRUB_VERIFY_FLAGS_SKIP_VERIFICATION; - - switch (type & GRUB_FILE_TYPE_MASK) - { -- case GRUB_FILE_TYPE_GRUB_MODULE: -- /* Establish GRUB module name. */ -- b = grub_strrchr (io->name, '/'); -- e = grub_strrchr (io->name, '.'); -- -- b = b ? (b + 1) : io->name; -- e = e ? e : io->name + grub_strlen (io->name); -- e = (e > b) ? e : io->name + grub_strlen (io->name); -- -- for (i = 0; disabled_mods[i]; i++) -- if (!grub_strncmp (b, disabled_mods[i], grub_strlen (b) - grub_strlen (e))) -- { -- grub_error (GRUB_ERR_ACCESS_DENIED, -- N_("module cannot be loaded in UEFI secure boot mode: %s"), -- io->name); -- return GRUB_ERR_ACCESS_DENIED; -- } -- -- /* Fall through. */ -- -- case GRUB_FILE_TYPE_ACPI_TABLE: -- case GRUB_FILE_TYPE_DEVICE_TREE_IMAGE: -- *flags = GRUB_VERIFY_FLAGS_DEFER_AUTH; -- -- return GRUB_ERR_NONE; -- - case GRUB_FILE_TYPE_LINUX_KERNEL: - case GRUB_FILE_TYPE_MULTIBOOT_KERNEL: - case GRUB_FILE_TYPE_BSD_KERNEL: - case GRUB_FILE_TYPE_XNU_KERNEL: - case GRUB_FILE_TYPE_PLAN9_KERNEL: -- for (i = 0; disabled_mods[i]; i++) -- if (grub_dl_get (disabled_mods[i])) -- { -- grub_error (GRUB_ERR_ACCESS_DENIED, -- N_("cannot boot due to dangerous module in memory: %s"), -- disabled_mods[i]); -- return GRUB_ERR_ACCESS_DENIED; -- } -- - *flags = GRUB_VERIFY_FLAGS_SINGLE_CHUNK; - - /* Fall through. */ --- -2.26.2 - diff --git a/0013-acpi-Don-t-register-the-acpi-command-when-locked-dow.patch b/0013-acpi-Don-t-register-the-acpi-command-when-locked-dow.patch deleted file mode 100644 index d1e9553..0000000 --- a/0013-acpi-Don-t-register-the-acpi-command-when-locked-dow.patch +++ /dev/null @@ -1,75 +0,0 @@ -From 08c63ad119ce0c0d0de56d9878f0be6811f623d4 Mon Sep 17 00:00:00 2001 -From: Javier Martinez Canillas -Date: Mon, 28 Sep 2020 20:08:41 +0200 -Subject: [PATCH 13/46] acpi: Don't register the acpi command when locked down -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -The command is not allowed when lockdown is enforced. Otherwise an -attacker can instruct the GRUB to load an SSDT table to overwrite -the kernel lockdown configuration and later load and execute -unsigned code. - -Fixes: CVE-2020-14372 - -Reported-by: Máté Kukri -Signed-off-by: Javier Martinez Canillas -Reviewed-by: Daniel Kiper ---- - docs/grub.texi | 5 +++++ - grub-core/commands/acpi.c | 15 ++++++++------- - 2 files changed, 13 insertions(+), 7 deletions(-) - -diff --git a/docs/grub.texi b/docs/grub.texi -index 6d8d32b0b..2ee8721a1 100644 ---- a/docs/grub.texi -+++ b/docs/grub.texi -@@ -3986,6 +3986,11 @@ Normally, this command will replace the Root System Description Pointer - (RSDP) in the Extended BIOS Data Area to point to the new tables. If the - @option{--no-ebda} option is used, the new tables will be known only to - GRUB, but may be used by GRUB's EFI emulation. -+ -+Note: The command is not allowed when lockdown is enforced (@pxref{Lockdown}). -+ Otherwise an attacker can instruct the GRUB to load an SSDT table to -+ overwrite the kernel lockdown configuration and later load and execute -+ unsigned code. - @end deffn - - -diff --git a/grub-core/commands/acpi.c b/grub-core/commands/acpi.c -index 5a1499aa0..1215f2a62 100644 ---- a/grub-core/commands/acpi.c -+++ b/grub-core/commands/acpi.c -@@ -27,6 +27,7 @@ - #include - #include - #include -+#include - - #ifdef GRUB_MACHINE_EFI - #include -@@ -775,13 +776,13 @@ static grub_extcmd_t cmd; - - GRUB_MOD_INIT(acpi) - { -- cmd = grub_register_extcmd ("acpi", grub_cmd_acpi, 0, -- N_("[-1|-2] [--exclude=TABLE1,TABLE2|" -- "--load-only=TABLE1,TABLE2] FILE1" -- " [FILE2] [...]"), -- N_("Load host ACPI tables and tables " -- "specified by arguments."), -- options); -+ cmd = grub_register_extcmd_lockdown ("acpi", grub_cmd_acpi, 0, -+ N_("[-1|-2] [--exclude=TABLE1,TABLE2|" -+ "--load-only=TABLE1,TABLE2] FILE1" -+ " [FILE2] [...]"), -+ N_("Load host ACPI tables and tables " -+ "specified by arguments."), -+ options); - } - - GRUB_MOD_FINI(acpi) --- -2.26.2 - diff --git a/0014-mmap-Don-t-register-cutmem-and-badram-commands-when-.patch b/0014-mmap-Don-t-register-cutmem-and-badram-commands-when-.patch deleted file mode 100644 index 9e182c3..0000000 --- a/0014-mmap-Don-t-register-cutmem-and-badram-commands-when-.patch +++ /dev/null @@ -1,69 +0,0 @@ -From cbd4d630728847bcc3eb82c4a1667fc7ba6de73a Mon Sep 17 00:00:00 2001 -From: Javier Martinez Canillas -Date: Wed, 14 Oct 2020 16:33:42 +0200 -Subject: [PATCH 14/46] mmap: Don't register cutmem and badram commands when - lockdown is enforced - -The cutmem and badram commands can be used to remove EFI memory regions -and potentially disable the UEFI Secure Boot. Prevent the commands to be -registered if the GRUB is locked down. - -Fixes: CVE-2020-27779 - -Reported-by: Teddy Reed -Signed-off-by: Javier Martinez Canillas -Reviewed-by: Daniel Kiper ---- - docs/grub.texi | 4 ++++ - grub-core/mmap/mmap.c | 13 +++++++------ - 2 files changed, 11 insertions(+), 6 deletions(-) - -diff --git a/docs/grub.texi b/docs/grub.texi -index 2ee8721a1..70bf91f40 100644 ---- a/docs/grub.texi -+++ b/docs/grub.texi -@@ -4051,6 +4051,10 @@ this page is to be filtered. This syntax makes it easy to represent patterns - that are often result of memory damage, due to physical distribution of memory - cells. - -+Note: The command is not allowed when lockdown is enforced (@pxref{Lockdown}). -+ This prevents removing EFI memory regions to potentially subvert the -+ security mechanisms provided by the UEFI secure boot. -+ - @node blocklist - @subsection blocklist - -diff --git a/grub-core/mmap/mmap.c b/grub-core/mmap/mmap.c -index 57b4e9a72..7ebf32e1e 100644 ---- a/grub-core/mmap/mmap.c -+++ b/grub-core/mmap/mmap.c -@@ -20,6 +20,7 @@ - #include - #include - #include -+#include - #include - #include - #include -@@ -534,12 +535,12 @@ static grub_command_t cmd, cmd_cut; - - GRUB_MOD_INIT(mmap) - { -- cmd = grub_register_command ("badram", grub_cmd_badram, -- N_("ADDR1,MASK1[,ADDR2,MASK2[,...]]"), -- N_("Declare memory regions as faulty (badram).")); -- cmd_cut = grub_register_command ("cutmem", grub_cmd_cutmem, -- N_("FROM[K|M|G] TO[K|M|G]"), -- N_("Remove any memory regions in specified range.")); -+ cmd = grub_register_command_lockdown ("badram", grub_cmd_badram, -+ N_("ADDR1,MASK1[,ADDR2,MASK2[,...]]"), -+ N_("Declare memory regions as faulty (badram).")); -+ cmd_cut = grub_register_command_lockdown ("cutmem", grub_cmd_cutmem, -+ N_("FROM[K|M|G] TO[K|M|G]"), -+ N_("Remove any memory regions in specified range.")); - - } - --- -2.26.2 - diff --git a/0015-commands-Restrict-commands-that-can-load-BIOS-or-DT-.patch b/0015-commands-Restrict-commands-that-can-load-BIOS-or-DT-.patch deleted file mode 100644 index 3dfa27f..0000000 --- a/0015-commands-Restrict-commands-that-can-load-BIOS-or-DT-.patch +++ /dev/null @@ -1,104 +0,0 @@ -From d1a40f870dbcb55280f57673c1d9c2c7110df42a Mon Sep 17 00:00:00 2001 -From: Javier Martinez Canillas -Date: Wed, 24 Feb 2021 09:00:05 +0100 -Subject: [PATCH 15/46] commands: Restrict commands that can load BIOS or DT - blobs when locked down - -There are some more commands that should be restricted when the GRUB is -locked down. Following is the list of commands and reasons to restrict: - - * fakebios: creates BIOS-like structures for backward compatibility with - existing OSes. This should not be allowed when locked down. - - * loadbios: reads a BIOS dump from storage and loads it. This action - should not be allowed when locked down. - - * devicetree: loads a Device Tree blob and passes it to the OS. It replaces - any Device Tree provided by the firmware. This also should - not be allowed when locked down. - -Signed-off-by: Javier Martinez Canillas -Reviewed-by: Daniel Kiper ---- - docs/grub.texi | 3 +++ - grub-core/commands/efi/loadbios.c | 16 ++++++++-------- - grub-core/loader/arm/linux.c | 6 +++--- - grub-core/loader/efi/fdt.c | 4 ++-- - 4 files changed, 16 insertions(+), 13 deletions(-) - -diff --git a/docs/grub.texi b/docs/grub.texi -index 70bf91f40..cf29a1797 100644 ---- a/docs/grub.texi -+++ b/docs/grub.texi -@@ -4236,6 +4236,9 @@ Load a device tree blob (.dtb) from a filesystem, for later use by a Linux - kernel. Does not perform merging with any device tree supplied by firmware, - but rather replaces it completely. - @ref{GNU/Linux}. -+ -+Note: The command is not allowed when lockdown is enforced (@pxref{Lockdown}). -+ This is done to prevent subverting various security mechanisms. - @end deffn - - @node distrust -diff --git a/grub-core/commands/efi/loadbios.c b/grub-core/commands/efi/loadbios.c -index d41d521a4..5c7725f8b 100644 ---- a/grub-core/commands/efi/loadbios.c -+++ b/grub-core/commands/efi/loadbios.c -@@ -205,14 +205,14 @@ static grub_command_t cmd_fakebios, cmd_loadbios; - - GRUB_MOD_INIT(loadbios) - { -- cmd_fakebios = grub_register_command ("fakebios", grub_cmd_fakebios, -- 0, N_("Create BIOS-like structures for" -- " backward compatibility with" -- " existing OS.")); -- -- cmd_loadbios = grub_register_command ("loadbios", grub_cmd_loadbios, -- N_("BIOS_DUMP [INT10_DUMP]"), -- N_("Load BIOS dump.")); -+ cmd_fakebios = grub_register_command_lockdown ("fakebios", grub_cmd_fakebios, -+ 0, N_("Create BIOS-like structures for" -+ " backward compatibility with" -+ " existing OS.")); -+ -+ cmd_loadbios = grub_register_command_lockdown ("loadbios", grub_cmd_loadbios, -+ N_("BIOS_DUMP [INT10_DUMP]"), -+ N_("Load BIOS dump.")); - } - - GRUB_MOD_FINI(loadbios) -diff --git a/grub-core/loader/arm/linux.c b/grub-core/loader/arm/linux.c -index d70c17486..ed23dc71e 100644 ---- a/grub-core/loader/arm/linux.c -+++ b/grub-core/loader/arm/linux.c -@@ -493,9 +493,9 @@ GRUB_MOD_INIT (linux) - 0, N_("Load Linux.")); - cmd_initrd = grub_register_command ("initrd", grub_cmd_initrd, - 0, N_("Load initrd.")); -- cmd_devicetree = grub_register_command ("devicetree", grub_cmd_devicetree, -- /* TRANSLATORS: DTB stands for device tree blob. */ -- 0, N_("Load DTB file.")); -+ cmd_devicetree = grub_register_command_lockdown ("devicetree", grub_cmd_devicetree, -+ /* TRANSLATORS: DTB stands for device tree blob. */ -+ 0, N_("Load DTB file.")); - my_mod = mod; - current_fdt = (const void *) grub_arm_firmware_get_boot_data (); - machine_type = grub_arm_firmware_get_machine_type (); -diff --git a/grub-core/loader/efi/fdt.c b/grub-core/loader/efi/fdt.c -index ee9c5592c..003d07cd8 100644 ---- a/grub-core/loader/efi/fdt.c -+++ b/grub-core/loader/efi/fdt.c -@@ -165,8 +165,8 @@ static grub_command_t cmd_devicetree; - GRUB_MOD_INIT (fdt) - { - cmd_devicetree = -- grub_register_command ("devicetree", grub_cmd_devicetree, 0, -- N_("Load DTB file.")); -+ grub_register_command_lockdown ("devicetree", grub_cmd_devicetree, 0, -+ N_("Load DTB file.")); - } - - GRUB_MOD_FINI (fdt) --- -2.26.2 - diff --git a/0016-commands-setpci-Restrict-setpci-command-when-locked-.patch b/0016-commands-setpci-Restrict-setpci-command-when-locked-.patch deleted file mode 100644 index 69902d5..0000000 --- a/0016-commands-setpci-Restrict-setpci-command-when-locked-.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 3e5b0593346fde8d92dd4e87ce15ff07e0cacf88 Mon Sep 17 00:00:00 2001 -From: Javier Martinez Canillas -Date: Wed, 24 Feb 2021 22:59:59 +0100 -Subject: [PATCH 16/46] commands/setpci: Restrict setpci command when locked - down - -This command can set PCI devices register values, which makes it dangerous -in a locked down configuration. Restrict it so can't be used on this setup. - -Signed-off-by: Javier Martinez Canillas -Reviewed-by: Daniel Kiper ---- - grub-core/commands/setpci.c | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/grub-core/commands/setpci.c b/grub-core/commands/setpci.c -index d5bc97d60..fa2ba7d89 100644 ---- a/grub-core/commands/setpci.c -+++ b/grub-core/commands/setpci.c -@@ -329,10 +329,10 @@ static grub_extcmd_t cmd; - - GRUB_MOD_INIT(setpci) - { -- cmd = grub_register_extcmd ("setpci", grub_cmd_setpci, 0, -- N_("[-s POSITION] [-d DEVICE] [-v VAR] " -- "REGISTER[=VALUE[:MASK]]"), -- N_("Manipulate PCI devices."), options); -+ cmd = grub_register_extcmd_lockdown ("setpci", grub_cmd_setpci, 0, -+ N_("[-s POSITION] [-d DEVICE] [-v VAR] " -+ "REGISTER[=VALUE[:MASK]]"), -+ N_("Manipulate PCI devices."), options); - } - - GRUB_MOD_FINI(setpci) --- -2.26.2 - diff --git a/0017-commands-hdparm-Restrict-hdparm-command-when-locked-.patch b/0017-commands-hdparm-Restrict-hdparm-command-when-locked-.patch deleted file mode 100644 index d11e21a..0000000 --- a/0017-commands-hdparm-Restrict-hdparm-command-when-locked-.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 75dd393392f16194904c8958a22fe12034f915a3 Mon Sep 17 00:00:00 2001 -From: Javier Martinez Canillas -Date: Wed, 24 Feb 2021 12:59:29 +0100 -Subject: [PATCH 17/46] commands/hdparm: Restrict hdparm command when locked - down - -The command can be used to get/set ATA disk parameters. Some of these can -be dangerous since change the disk behavior. Restrict it when locked down. - -Signed-off-by: Javier Martinez Canillas -Reviewed-by: Daniel Kiper ---- - grub-core/commands/hdparm.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/grub-core/commands/hdparm.c b/grub-core/commands/hdparm.c -index d3fa9661e..2e2319e64 100644 ---- a/grub-core/commands/hdparm.c -+++ b/grub-core/commands/hdparm.c -@@ -436,9 +436,9 @@ static grub_extcmd_t cmd; - - GRUB_MOD_INIT(hdparm) - { -- cmd = grub_register_extcmd ("hdparm", grub_cmd_hdparm, 0, -- N_("[OPTIONS] DISK"), -- N_("Get/set ATA disk parameters."), options); -+ cmd = grub_register_extcmd_lockdown ("hdparm", grub_cmd_hdparm, 0, -+ N_("[OPTIONS] DISK"), -+ N_("Get/set ATA disk parameters."), options); - } - - GRUB_MOD_FINI(hdparm) --- -2.26.2 - diff --git a/0018-gdb-Restrict-GDB-access-when-locked-down.patch b/0018-gdb-Restrict-GDB-access-when-locked-down.patch deleted file mode 100644 index 50eaa1b..0000000 --- a/0018-gdb-Restrict-GDB-access-when-locked-down.patch +++ /dev/null @@ -1,61 +0,0 @@ -From a4df9a0d74376aa4fc82f8c86c280cb087de01be Mon Sep 17 00:00:00 2001 -From: Javier Martinez Canillas -Date: Wed, 24 Feb 2021 15:03:26 +0100 -Subject: [PATCH 18/46] gdb: Restrict GDB access when locked down - -The gdbstub* commands allow to start and control a GDB stub running on -local host that can be used to connect from a remote debugger. Restrict -this functionality when the GRUB is locked down. - -Signed-off-by: Javier Martinez Canillas -Reviewed-by: Daniel Kiper ---- - grub-core/gdb/gdb.c | 32 ++++++++++++++++++-------------- - 1 file changed, 18 insertions(+), 14 deletions(-) - -diff --git a/grub-core/gdb/gdb.c b/grub-core/gdb/gdb.c -index 847a1e1e3..1818cb6f8 100644 ---- a/grub-core/gdb/gdb.c -+++ b/grub-core/gdb/gdb.c -@@ -75,20 +75,24 @@ static grub_command_t cmd, cmd_stop, cmd_break; - GRUB_MOD_INIT (gdb) - { - grub_gdb_idtinit (); -- cmd = grub_register_command ("gdbstub", grub_cmd_gdbstub, -- N_("PORT"), -- /* TRANSLATORS: GDB stub is a small part of -- GDB functionality running on local host -- which allows remote debugger to -- connect to it. */ -- N_("Start GDB stub on given port")); -- cmd_break = grub_register_command ("gdbstub_break", grub_cmd_gdb_break, -- /* TRANSLATORS: this refers to triggering -- a breakpoint so that the user will land -- into GDB. */ -- 0, N_("Break into GDB")); -- cmd_stop = grub_register_command ("gdbstub_stop", grub_cmd_gdbstop, -- 0, N_("Stop GDB stub")); -+ cmd = grub_register_command_lockdown ("gdbstub", grub_cmd_gdbstub, -+ N_("PORT"), -+ /* -+ * TRANSLATORS: GDB stub is a small part of -+ * GDB functionality running on local host -+ * which allows remote debugger to -+ * connect to it. -+ */ -+ N_("Start GDB stub on given port")); -+ cmd_break = grub_register_command_lockdown ("gdbstub_break", grub_cmd_gdb_break, -+ /* -+ * TRANSLATORS: this refers to triggering -+ * a breakpoint so that the user will land -+ * into GDB. -+ */ -+ 0, N_("Break into GDB")); -+ cmd_stop = grub_register_command_lockdown ("gdbstub_stop", grub_cmd_gdbstop, -+ 0, N_("Stop GDB stub")); - } - - GRUB_MOD_FINI (gdb) --- -2.26.2 - diff --git a/0019-loader-xnu-Don-t-allow-loading-extension-and-package.patch b/0019-loader-xnu-Don-t-allow-loading-extension-and-package.patch deleted file mode 100644 index 47a816a..0000000 --- a/0019-loader-xnu-Don-t-allow-loading-extension-and-package.patch +++ /dev/null @@ -1,60 +0,0 @@ -From da75051bd36ce97b94254f17a6a94b5cbdf77d48 Mon Sep 17 00:00:00 2001 -From: Javier Martinez Canillas -Date: Wed, 24 Feb 2021 14:44:38 +0100 -Subject: [PATCH 19/46] loader/xnu: Don't allow loading extension and packages - when locked down - -The shim_lock verifier validates the XNU kernels but no its extensions -and packages. Prevent these to be loaded when the GRUB is locked down. - -Signed-off-by: Javier Martinez Canillas -Reviewed-by: Daniel Kiper ---- - grub-core/loader/xnu.c | 31 +++++++++++++++++-------------- - 1 file changed, 17 insertions(+), 14 deletions(-) - -diff --git a/grub-core/loader/xnu.c b/grub-core/loader/xnu.c -index 77d7060e1..07232d2a1 100644 ---- a/grub-core/loader/xnu.c -+++ b/grub-core/loader/xnu.c -@@ -1482,20 +1482,23 @@ GRUB_MOD_INIT(xnu) - N_("Load XNU image.")); - cmd_kernel64 = grub_register_command ("xnu_kernel64", grub_cmd_xnu_kernel64, - 0, N_("Load 64-bit XNU image.")); -- cmd_mkext = grub_register_command ("xnu_mkext", grub_cmd_xnu_mkext, 0, -- N_("Load XNU extension package.")); -- cmd_kext = grub_register_command ("xnu_kext", grub_cmd_xnu_kext, 0, -- N_("Load XNU extension.")); -- cmd_kextdir = grub_register_command ("xnu_kextdir", grub_cmd_xnu_kextdir, -- /* TRANSLATORS: OSBundleRequired is a -- variable name in xnu extensions -- manifests. It behaves mostly like -- GNU/Linux runlevels. -- */ -- N_("DIRECTORY [OSBundleRequired]"), -- /* TRANSLATORS: There are many extensions -- in extension directory. */ -- N_("Load XNU extension directory.")); -+ cmd_mkext = grub_register_command_lockdown ("xnu_mkext", grub_cmd_xnu_mkext, 0, -+ N_("Load XNU extension package.")); -+ cmd_kext = grub_register_command_lockdown ("xnu_kext", grub_cmd_xnu_kext, 0, -+ N_("Load XNU extension.")); -+ cmd_kextdir = grub_register_command_lockdown ("xnu_kextdir", grub_cmd_xnu_kextdir, -+ /* -+ * TRANSLATORS: OSBundleRequired is -+ * a variable name in xnu extensions -+ * manifests. It behaves mostly like -+ * GNU/Linux runlevels. -+ */ -+ N_("DIRECTORY [OSBundleRequired]"), -+ /* -+ * TRANSLATORS: There are many extensions -+ * in extension directory. -+ */ -+ N_("Load XNU extension directory.")); - cmd_ramdisk = grub_register_command ("xnu_ramdisk", grub_cmd_xnu_ramdisk, 0, - /* TRANSLATORS: ramdisk here isn't identifier. It can be translated. */ - N_("Load XNU ramdisk. " --- -2.26.2 - diff --git a/0020-dl-Only-allow-unloading-modules-that-are-not-depende.patch b/0020-dl-Only-allow-unloading-modules-that-are-not-depende.patch deleted file mode 100644 index 0b9861d..0000000 --- a/0020-dl-Only-allow-unloading-modules-that-are-not-depende.patch +++ /dev/null @@ -1,87 +0,0 @@ -From 01df3544dd3ea226e2832735c0284fc6d9157347 Mon Sep 17 00:00:00 2001 -From: Javier Martinez Canillas -Date: Tue, 29 Sep 2020 14:08:55 +0200 -Subject: [PATCH 20/46] dl: Only allow unloading modules that are not - dependencies - -When a module is attempted to be removed its reference counter is always -decremented. This means that repeated rmmod invocations will cause the -module to be unloaded even if another module depends on it. - -This may lead to a use-after-free scenario allowing an attacker to execute -arbitrary code and by-pass the UEFI Secure Boot protection. - -While being there, add the extern keyword to some function declarations in -that header file. - -Fixes: CVE-2020-25632 - -Reported-by: Chris Coulson -Signed-off-by: Javier Martinez Canillas -Reviewed-by: Daniel Kiper ---- - grub-core/commands/minicmd.c | 7 +++++-- - grub-core/kern/dl.c | 9 +++++++++ - include/grub/dl.h | 8 +++++--- - 3 files changed, 19 insertions(+), 5 deletions(-) - -diff --git a/grub-core/commands/minicmd.c b/grub-core/commands/minicmd.c -index 6bbce3128..fa498931e 100644 ---- a/grub-core/commands/minicmd.c -+++ b/grub-core/commands/minicmd.c -@@ -140,8 +140,11 @@ grub_mini_cmd_rmmod (struct grub_command *cmd __attribute__ ((unused)), - if (grub_dl_is_persistent (mod)) - return grub_error (GRUB_ERR_BAD_ARGUMENT, "cannot unload persistent module"); - -- if (grub_dl_unref (mod) <= 0) -- grub_dl_unload (mod); -+ if (grub_dl_ref_count (mod) > 1) -+ return grub_error (GRUB_ERR_BAD_ARGUMENT, "cannot unload referenced module"); -+ -+ grub_dl_unref (mod); -+ grub_dl_unload (mod); - - return 0; - } -diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c -index 2a8372e14..e02f2afc5 100644 ---- a/grub-core/kern/dl.c -+++ b/grub-core/kern/dl.c -@@ -553,6 +553,15 @@ grub_dl_unref (grub_dl_t mod) - return --mod->ref_count; - } - -+int -+grub_dl_ref_count (grub_dl_t mod) -+{ -+ if (mod == NULL) -+ return 0; -+ -+ return mod->ref_count; -+} -+ - static void - grub_dl_flush_cache (grub_dl_t mod) - { -diff --git a/include/grub/dl.h b/include/grub/dl.h -index f03c03561..b3753c9ca 100644 ---- a/include/grub/dl.h -+++ b/include/grub/dl.h -@@ -203,9 +203,11 @@ grub_dl_t EXPORT_FUNC(grub_dl_load) (const char *name); - grub_dl_t grub_dl_load_core (void *addr, grub_size_t size); - grub_dl_t EXPORT_FUNC(grub_dl_load_core_noinit) (void *addr, grub_size_t size); - int EXPORT_FUNC(grub_dl_unload) (grub_dl_t mod); --void grub_dl_unload_unneeded (void); --int EXPORT_FUNC(grub_dl_ref) (grub_dl_t mod); --int EXPORT_FUNC(grub_dl_unref) (grub_dl_t mod); -+extern void grub_dl_unload_unneeded (void); -+extern int EXPORT_FUNC(grub_dl_ref) (grub_dl_t mod); -+extern int EXPORT_FUNC(grub_dl_unref) (grub_dl_t mod); -+extern int EXPORT_FUNC(grub_dl_ref_count) (grub_dl_t mod); -+ - extern grub_dl_t EXPORT_VAR(grub_dl_head); - - #ifndef GRUB_UTIL --- -2.26.2 - diff --git a/0021-usb-Avoid-possible-out-of-bound-accesses-caused-by-m.patch b/0021-usb-Avoid-possible-out-of-bound-accesses-caused-by-m.patch deleted file mode 100644 index 0fe7a45..0000000 --- a/0021-usb-Avoid-possible-out-of-bound-accesses-caused-by-m.patch +++ /dev/null @@ -1,115 +0,0 @@ -From 6f8f29ca383eaa60a0eab00d4a934a072190c128 Mon Sep 17 00:00:00 2001 -From: Javier Martinez Canillas -Date: Fri, 11 Dec 2020 19:19:21 +0100 -Subject: [PATCH 21/46] usb: Avoid possible out-of-bound accesses caused by - malicious devices - -The maximum number of configurations and interfaces are fixed but there is -no out-of-bound checking to prevent a malicious USB device to report large -values for these and cause accesses outside the arrays' memory. - -Fixes: CVE-2020-25647 - -Reported-by: Joseph Tartaro (IOActive) -Reported-by: Ilja Van Sprundel -Signed-off-by: Javier Martinez Canillas -Reviewed-by: Daniel Kiper ---- - grub-core/bus/usb/usb.c | 15 ++++++++++++--- - include/grub/usb.h | 10 +++++++--- - 2 files changed, 19 insertions(+), 6 deletions(-) - -diff --git a/grub-core/bus/usb/usb.c b/grub-core/bus/usb/usb.c -index 8da5e4c74..7cb3cc230 100644 ---- a/grub-core/bus/usb/usb.c -+++ b/grub-core/bus/usb/usb.c -@@ -75,6 +75,9 @@ grub_usb_controller_iterate (grub_usb_controller_iterate_hook_t hook, - grub_usb_err_t - grub_usb_clear_halt (grub_usb_device_t dev, int endpoint) - { -+ if (endpoint >= GRUB_USB_MAX_TOGGLE) -+ return GRUB_USB_ERR_BADDEVICE; -+ - dev->toggle[endpoint] = 0; - return grub_usb_control_msg (dev, (GRUB_USB_REQTYPE_OUT - | GRUB_USB_REQTYPE_STANDARD -@@ -134,10 +137,10 @@ grub_usb_device_initialize (grub_usb_device_t dev) - return err; - descdev = &dev->descdev; - -- for (i = 0; i < 8; i++) -+ for (i = 0; i < GRUB_USB_MAX_CONF; i++) - dev->config[i].descconf = NULL; - -- if (descdev->configcnt == 0) -+ if (descdev->configcnt == 0 || descdev->configcnt > GRUB_USB_MAX_CONF) - { - err = GRUB_USB_ERR_BADDEVICE; - goto fail; -@@ -172,6 +175,12 @@ grub_usb_device_initialize (grub_usb_device_t dev) - /* Skip the configuration descriptor. */ - pos = dev->config[i].descconf->length; - -+ if (dev->config[i].descconf->numif > GRUB_USB_MAX_IF) -+ { -+ err = GRUB_USB_ERR_BADDEVICE; -+ goto fail; -+ } -+ - /* Read all interfaces. */ - for (currif = 0; currif < dev->config[i].descconf->numif; currif++) - { -@@ -217,7 +226,7 @@ grub_usb_device_initialize (grub_usb_device_t dev) - - fail: - -- for (i = 0; i < 8; i++) -+ for (i = 0; i < GRUB_USB_MAX_CONF; i++) - grub_free (dev->config[i].descconf); - - return err; -diff --git a/include/grub/usb.h b/include/grub/usb.h -index 512ae1dd0..6475c552f 100644 ---- a/include/grub/usb.h -+++ b/include/grub/usb.h -@@ -23,6 +23,10 @@ - #include - #include - -+#define GRUB_USB_MAX_CONF 8 -+#define GRUB_USB_MAX_IF 32 -+#define GRUB_USB_MAX_TOGGLE 256 -+ - typedef struct grub_usb_device *grub_usb_device_t; - typedef struct grub_usb_controller *grub_usb_controller_t; - typedef struct grub_usb_controller_dev *grub_usb_controller_dev_t; -@@ -167,7 +171,7 @@ struct grub_usb_configuration - struct grub_usb_desc_config *descconf; - - /* Interfaces associated to this configuration. */ -- struct grub_usb_interface interf[32]; -+ struct grub_usb_interface interf[GRUB_USB_MAX_IF]; - }; - - struct grub_usb_hub_port -@@ -191,7 +195,7 @@ struct grub_usb_device - struct grub_usb_controller controller; - - /* Device configurations (after opening the device). */ -- struct grub_usb_configuration config[8]; -+ struct grub_usb_configuration config[GRUB_USB_MAX_CONF]; - - /* Device address. */ - int addr; -@@ -203,7 +207,7 @@ struct grub_usb_device - int initialized; - - /* Data toggle values (used for bulk transfers only). */ -- int toggle[256]; -+ int toggle[GRUB_USB_MAX_TOGGLE]; - - /* Used by libusb wrapper. Schedulded for removal. */ - void *data; --- -2.26.2 - diff --git a/0022-lib-arg-Block-repeated-short-options-that-require-an.patch b/0022-lib-arg-Block-repeated-short-options-that-require-an.patch deleted file mode 100644 index dc80d76..0000000 --- a/0022-lib-arg-Block-repeated-short-options-that-require-an.patch +++ /dev/null @@ -1,54 +0,0 @@ -From fafede32c0ed3bc1953c5663b58036a58fb7b6bd Mon Sep 17 00:00:00 2001 -From: Daniel Axtens -Date: Fri, 22 Jan 2021 16:07:29 +1100 -Subject: [PATCH 22/46] lib/arg: Block repeated short options that require an - argument - -Fuzzing found the following crash: - - search -hhhhhhhhhhhhhf - -We didn't allocate enough option space for 13 hints because the -allocation code counts the number of discrete arguments (i.e. argc). -However, the shortopt parsing code will happily keep processing -a combination of short options without checking if those short -options require an argument. This means you can easily end writing -past the allocated option space. - -This fixes a OOB write which can cause heap corruption. - -Fixes: CVE-2021-20225 - -Signed-off-by: Daniel Axtens -Reviewed-by: Daniel Kiper ---- - grub-core/lib/arg.c | 13 +++++++++++++ - 1 file changed, 13 insertions(+) - -diff --git a/grub-core/lib/arg.c b/grub-core/lib/arg.c -index 3288609a5..537c5e94b 100644 ---- a/grub-core/lib/arg.c -+++ b/grub-core/lib/arg.c -@@ -299,6 +299,19 @@ grub_arg_parse (grub_extcmd_t cmd, int argc, char **argv, - it can have an argument value. */ - if (*curshort) - { -+ /* -+ * Only permit further short opts if this one doesn't -+ * require a value. -+ */ -+ if (opt->type != ARG_TYPE_NONE && -+ !(opt->flags & GRUB_ARG_OPTION_OPTIONAL)) -+ { -+ grub_error (GRUB_ERR_BAD_ARGUMENT, -+ N_("missing mandatory option for `%s'"), -+ opt->longarg); -+ goto fail; -+ } -+ - if (parse_option (cmd, opt, 0, usr) || grub_errno) - goto fail; - } --- -2.26.2 - diff --git a/0023-commands-menuentry-Fix-quoting-in-setparams_prefix.patch b/0023-commands-menuentry-Fix-quoting-in-setparams_prefix.patch deleted file mode 100644 index ad4911a..0000000 --- a/0023-commands-menuentry-Fix-quoting-in-setparams_prefix.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 833324355ed1c88b509a2c5e8632a190ce11bf40 Mon Sep 17 00:00:00 2001 -From: Daniel Axtens -Date: Fri, 22 Jan 2021 17:10:48 +1100 -Subject: [PATCH 23/46] commands/menuentry: Fix quoting in setparams_prefix() - -Commit 9acdcbf32542 (use single quotes in menuentry setparams command) -says that expressing a quoted single quote will require 3 characters. It -actually requires (and always did require!) 4 characters: - - str: a'b => a'\''b - len: 3 => 6 (2 for the letters + 4 for the quote) - -This leads to not allocating enough memory and thus out of bounds writes -that have been observed to cause heap corruption. - -Allocate 4 bytes for each single quote. - -Commit 22e7dbb2bb81 (Fix quoting in legacy parser.) does the same -quoting, but it adds 3 as extra overhead on top of the single byte that -the quote already needs. So it's correct. - -Fixes: CVE-2021-20233 -Fixes: 9acdcbf32542 (use single quotes in menuentry setparams command) - -Signed-off-by: Daniel Axtens -Reviewed-by: Daniel Kiper ---- - grub-core/commands/menuentry.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/grub-core/commands/menuentry.c b/grub-core/commands/menuentry.c -index 348d72dac..c36913752 100644 ---- a/grub-core/commands/menuentry.c -+++ b/grub-core/commands/menuentry.c -@@ -233,7 +233,7 @@ setparams_prefix (int argc, char **args) - len += 3; /* 3 = 1 space + 2 quotes */ - p = args[i]; - while (*p) -- len += (*p++ == '\'' ? 3 : 1); -+ len += (*p++ == '\'' ? 4 : 1); - } - - result = grub_malloc (len + 2); --- -2.26.2 - diff --git a/0024-kern-parser-Fix-resource-leak-if-argc-0.patch b/0024-kern-parser-Fix-resource-leak-if-argc-0.patch deleted file mode 100644 index 4bdedb0..0000000 --- a/0024-kern-parser-Fix-resource-leak-if-argc-0.patch +++ /dev/null @@ -1,50 +0,0 @@ -From 61aebf1dd8213cd8e3d4b3493f4bb4c221331c17 Mon Sep 17 00:00:00 2001 -From: Darren Kenny -Date: Fri, 22 Jan 2021 12:32:41 +0000 -Subject: [PATCH 24/46] kern/parser: Fix resource leak if argc == 0 - -After processing the command-line yet arriving at the point where we are -setting argv, we are allocating memory, even if argc == 0, which makes -no sense since we never put anything into the allocated argv. - -The solution is to simply return that we've successfully processed the -arguments but that argc == 0, and also ensure that argv is NULL when -we're not allocating anything in it. - -There are only 2 callers of this function, and both are handling a zero -value in argc assuming nothing is allocated in argv. - -Fixes: CID 96680 - -Signed-off-by: Darren Kenny -Reviewed-by: Daniel Kiper ---- - grub-core/kern/parser.c | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/grub-core/kern/parser.c b/grub-core/kern/parser.c -index 619db3122..d1cf061ad 100644 ---- a/grub-core/kern/parser.c -+++ b/grub-core/kern/parser.c -@@ -146,6 +146,7 @@ grub_parser_split_cmdline (const char *cmdline, - int i; - - *argc = 0; -+ *argv = NULL; - do - { - if (!rd || !*rd) -@@ -207,6 +208,10 @@ grub_parser_split_cmdline (const char *cmdline, - (*argc)++; - } - -+ /* If there are no args, then we're done. */ -+ if (!*argc) -+ return 0; -+ - /* Reserve memory for the return values. */ - args = grub_malloc (bp - buffer); - if (!args) --- -2.26.2 - diff --git a/0025-kern-parser-Fix-a-memory-leak.patch b/0025-kern-parser-Fix-a-memory-leak.patch deleted file mode 100644 index 3d4866b..0000000 --- a/0025-kern-parser-Fix-a-memory-leak.patch +++ /dev/null @@ -1,76 +0,0 @@ -From b6e9ddb100e90665d090d7f92cdc69f03f0a6498 Mon Sep 17 00:00:00 2001 -From: Chris Coulson -Date: Wed, 18 Nov 2020 00:59:24 +0000 -Subject: [PATCH 25/46] kern/parser: Fix a memory leak - -The getline() function supplied to grub_parser_split_cmdline() returns -a newly allocated buffer and can be called multiple times, but the -returned buffer is never freed. - -Signed-off-by: Chris Coulson -Reviewed-by: Daniel Kiper ---- - grub-core/kern/parser.c | 20 ++++++++++++++++---- - 1 file changed, 16 insertions(+), 4 deletions(-) - -diff --git a/grub-core/kern/parser.c b/grub-core/kern/parser.c -index d1cf061ad..39e4df65b 100644 ---- a/grub-core/kern/parser.c -+++ b/grub-core/kern/parser.c -@@ -140,6 +140,7 @@ grub_parser_split_cmdline (const char *cmdline, - char buffer[1024]; - char *bp = buffer; - char *rd = (char *) cmdline; -+ char *rp = rd; - char varname[200]; - char *vp = varname; - char *args; -@@ -149,10 +150,18 @@ grub_parser_split_cmdline (const char *cmdline, - *argv = NULL; - do - { -- if (!rd || !*rd) -+ if (rp == NULL || *rp == '\0') - { -+ if (rd != cmdline) -+ { -+ grub_free (rd); -+ rd = rp = NULL; -+ } - if (getline) -- getline (&rd, 1, getline_data); -+ { -+ getline (&rd, 1, getline_data); -+ rp = rd; -+ } - else - break; - } -@@ -160,12 +169,12 @@ grub_parser_split_cmdline (const char *cmdline, - if (!rd) - break; - -- for (; *rd; rd++) -+ for (; *rp != '\0'; rp++) - { - grub_parser_state_t newstate; - char use; - -- newstate = grub_parser_cmdline_state (state, *rd, &use); -+ newstate = grub_parser_cmdline_state (state, *rp, &use); - - /* If a variable was being processed and this character does - not describe the variable anymore, write the variable to -@@ -198,6 +207,9 @@ grub_parser_split_cmdline (const char *cmdline, - } - while (state != GRUB_PARSER_STATE_TEXT && !check_varstate (state)); - -+ if (rd != cmdline) -+ grub_free (rd); -+ - /* A special case for when the last character was part of a - variable. */ - add_var (varname, &bp, &vp, state, GRUB_PARSER_STATE_TEXT); --- -2.26.2 - diff --git a/0026-kern-parser-Introduce-process_char-helper.patch b/0026-kern-parser-Introduce-process_char-helper.patch deleted file mode 100644 index 418b8dd..0000000 --- a/0026-kern-parser-Introduce-process_char-helper.patch +++ /dev/null @@ -1,119 +0,0 @@ -From 80b048e51705c78638afecac539e53e80647f8bd Mon Sep 17 00:00:00 2001 -From: Chris Coulson -Date: Tue, 5 Jan 2021 22:17:28 +0000 -Subject: [PATCH 26/46] kern/parser: Introduce process_char() helper - -grub_parser_split_cmdline() iterates over each command line character. -In order to add error checking and to simplify the subsequent error -handling, split the character processing in to a separate function. - -Signed-off-by: Chris Coulson -Reviewed-by: Daniel Kiper ---- - grub-core/kern/parser.c | 74 +++++++++++++++++++++++++---------------- - 1 file changed, 46 insertions(+), 28 deletions(-) - -diff --git a/grub-core/kern/parser.c b/grub-core/kern/parser.c -index 39e4df65b..0d3582bd8 100644 ---- a/grub-core/kern/parser.c -+++ b/grub-core/kern/parser.c -@@ -1,7 +1,7 @@ - /* parser.c - the part of the parser that can return partial tokens */ - /* - * GRUB -- GRand Unified Bootloader -- * Copyright (C) 2005,2007,2009 Free Software Foundation, Inc. -+ * Copyright (C) 2005,2007,2009,2021 Free Software Foundation, Inc. - * - * GRUB is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by -@@ -129,6 +129,46 @@ add_var (char *varname, char **bp, char **vp, - *((*bp)++) = *val; - } - -+static grub_err_t -+process_char (char c, char *buffer, char **bp, char *varname, char **vp, -+ grub_parser_state_t state, int *argc, -+ grub_parser_state_t *newstate) -+{ -+ char use; -+ -+ *newstate = grub_parser_cmdline_state (state, c, &use); -+ -+ /* -+ * If a variable was being processed and this character does -+ * not describe the variable anymore, write the variable to -+ * the buffer. -+ */ -+ add_var (varname, bp, vp, state, *newstate); -+ -+ if (check_varstate (*newstate)) -+ { -+ if (use) -+ *((*vp)++) = use; -+ } -+ else if (*newstate == GRUB_PARSER_STATE_TEXT && -+ state != GRUB_PARSER_STATE_ESC && grub_isspace (use)) -+ { -+ /* -+ * Don't add more than one argument if multiple -+ * spaces are used. -+ */ -+ if (*bp != buffer && *((*bp) - 1) != '\0') -+ { -+ *((*bp)++) = '\0'; -+ (*argc)++; -+ } -+ } -+ else if (use) -+ *((*bp)++) = use; -+ -+ return GRUB_ERR_NONE; -+} -+ - grub_err_t - grub_parser_split_cmdline (const char *cmdline, - grub_reader_getline_t getline, void *getline_data, -@@ -172,35 +212,13 @@ grub_parser_split_cmdline (const char *cmdline, - for (; *rp != '\0'; rp++) - { - grub_parser_state_t newstate; -- char use; -- -- newstate = grub_parser_cmdline_state (state, *rp, &use); - -- /* If a variable was being processed and this character does -- not describe the variable anymore, write the variable to -- the buffer. */ -- add_var (varname, &bp, &vp, state, newstate); -- -- if (check_varstate (newstate)) -- { -- if (use) -- *(vp++) = use; -- } -- else -+ if (process_char (*rp, buffer, &bp, varname, &vp, state, argc, -+ &newstate) != GRUB_ERR_NONE) - { -- if (newstate == GRUB_PARSER_STATE_TEXT -- && state != GRUB_PARSER_STATE_ESC && grub_isspace (use)) -- { -- /* Don't add more than one argument if multiple -- spaces are used. */ -- if (bp != buffer && *(bp - 1)) -- { -- *(bp++) = '\0'; -- (*argc)++; -- } -- } -- else if (use) -- *(bp++) = use; -+ if (rd != cmdline) -+ grub_free (rd); -+ return grub_errno; - } - state = newstate; - } --- -2.26.2 - diff --git a/0027-kern-parser-Introduce-terminate_arg-helper.patch b/0027-kern-parser-Introduce-terminate_arg-helper.patch deleted file mode 100644 index 4794dbd..0000000 --- a/0027-kern-parser-Introduce-terminate_arg-helper.patch +++ /dev/null @@ -1,65 +0,0 @@ -From b4086b4baa1412fc962b9f88aa5e2a982afee0da Mon Sep 17 00:00:00 2001 -From: Chris Coulson -Date: Thu, 7 Jan 2021 19:53:55 +0000 -Subject: [PATCH 27/46] kern/parser: Introduce terminate_arg() helper - -process_char() and grub_parser_split_cmdline() use similar code for -terminating the most recent argument. Add a helper function for this. - -Signed-off-by: Chris Coulson -Reviewed-by: Daniel Kiper ---- - grub-core/kern/parser.c | 23 +++++++++++++---------- - 1 file changed, 13 insertions(+), 10 deletions(-) - -diff --git a/grub-core/kern/parser.c b/grub-core/kern/parser.c -index 0d3582bd8..572c67089 100644 ---- a/grub-core/kern/parser.c -+++ b/grub-core/kern/parser.c -@@ -129,6 +129,16 @@ add_var (char *varname, char **bp, char **vp, - *((*bp)++) = *val; - } - -+static void -+terminate_arg (char *buffer, char **bp, int *argc) -+{ -+ if (*bp != buffer && *((*bp) - 1) != '\0') -+ { -+ *((*bp)++) = '\0'; -+ (*argc)++; -+ } -+} -+ - static grub_err_t - process_char (char c, char *buffer, char **bp, char *varname, char **vp, - grub_parser_state_t state, int *argc, -@@ -157,11 +167,7 @@ process_char (char c, char *buffer, char **bp, char *varname, char **vp, - * Don't add more than one argument if multiple - * spaces are used. - */ -- if (*bp != buffer && *((*bp) - 1) != '\0') -- { -- *((*bp)++) = '\0'; -- (*argc)++; -- } -+ terminate_arg (buffer, bp, argc); - } - else if (use) - *((*bp)++) = use; -@@ -232,11 +238,8 @@ grub_parser_split_cmdline (const char *cmdline, - variable. */ - add_var (varname, &bp, &vp, state, GRUB_PARSER_STATE_TEXT); - -- if (bp != buffer && *(bp - 1)) -- { -- *(bp++) = '\0'; -- (*argc)++; -- } -+ /* Ensure that the last argument is terminated. */ -+ terminate_arg (buffer, &bp, argc); - - /* If there are no args, then we're done. */ - if (!*argc) --- -2.26.2 - diff --git a/0028-kern-parser-Refactor-grub_parser_split_cmdline-clean.patch b/0028-kern-parser-Refactor-grub_parser_split_cmdline-clean.patch deleted file mode 100644 index 30aa57f..0000000 --- a/0028-kern-parser-Refactor-grub_parser_split_cmdline-clean.patch +++ /dev/null @@ -1,92 +0,0 @@ -From 550c0e6582b6be09b0af2fb2775a149f51c51bbc Mon Sep 17 00:00:00 2001 -From: Chris Coulson -Date: Wed, 6 Jan 2021 13:54:26 +0000 -Subject: [PATCH 28/46] kern/parser: Refactor grub_parser_split_cmdline() - cleanup - -Introduce a common function epilogue used for cleaning up on all -return paths, which will simplify additional error handling to be -introduced in a subsequent commit. - -Signed-off-by: Chris Coulson -Reviewed-by: Daniel Kiper ---- - grub-core/kern/parser.c | 35 ++++++++++++++++++++--------------- - 1 file changed, 20 insertions(+), 15 deletions(-) - -diff --git a/grub-core/kern/parser.c b/grub-core/kern/parser.c -index 572c67089..e010eaa1f 100644 ---- a/grub-core/kern/parser.c -+++ b/grub-core/kern/parser.c -@@ -221,19 +221,13 @@ grub_parser_split_cmdline (const char *cmdline, - - if (process_char (*rp, buffer, &bp, varname, &vp, state, argc, - &newstate) != GRUB_ERR_NONE) -- { -- if (rd != cmdline) -- grub_free (rd); -- return grub_errno; -- } -+ goto fail; -+ - state = newstate; - } - } - while (state != GRUB_PARSER_STATE_TEXT && !check_varstate (state)); - -- if (rd != cmdline) -- grub_free (rd); -- - /* A special case for when the last character was part of a - variable. */ - add_var (varname, &bp, &vp, state, GRUB_PARSER_STATE_TEXT); -@@ -243,20 +237,20 @@ grub_parser_split_cmdline (const char *cmdline, - - /* If there are no args, then we're done. */ - if (!*argc) -- return 0; -+ { -+ grub_errno = GRUB_ERR_NONE; -+ goto out; -+ } - - /* Reserve memory for the return values. */ - args = grub_malloc (bp - buffer); - if (!args) -- return grub_errno; -+ goto fail; - grub_memcpy (args, buffer, bp - buffer); - - *argv = grub_calloc (*argc + 1, sizeof (char *)); - if (!*argv) -- { -- grub_free (args); -- return grub_errno; -- } -+ goto fail; - - /* The arguments are separated with 0's, setup argv so it points to - the right values. */ -@@ -269,7 +263,18 @@ grub_parser_split_cmdline (const char *cmdline, - bp++; - } - -- return 0; -+ grub_errno = GRUB_ERR_NONE; -+ -+ out: -+ if (rd != cmdline) -+ grub_free (rd); -+ -+ return grub_errno; -+ -+ fail: -+ grub_free (*argv); -+ grub_free (args); -+ goto out; - } - - /* Helper for grub_parser_execute. */ --- -2.26.2 - diff --git a/0029-kern-buffer-Add-variable-sized-heap-buffer.patch b/0029-kern-buffer-Add-variable-sized-heap-buffer.patch deleted file mode 100644 index db1a209..0000000 --- a/0029-kern-buffer-Add-variable-sized-heap-buffer.patch +++ /dev/null @@ -1,307 +0,0 @@ -From 6fa7584551965d6e444ca1a934839c6538646d0d Mon Sep 17 00:00:00 2001 -From: Chris Coulson -Date: Thu, 7 Jan 2021 15:15:43 +0000 -Subject: [PATCH 29/46] kern/buffer: Add variable sized heap buffer - -Add a new variable sized heap buffer type (grub_buffer_t) with simple -operations for appending data, accessing the data and maintaining -a read cursor. - -Signed-off-by: Chris Coulson -Reviewed-by: Daniel Kiper ---- - grub-core/Makefile.core.def | 1 + - grub-core/kern/buffer.c | 117 +++++++++++++++++++++++++++++ - include/grub/buffer.h | 144 ++++++++++++++++++++++++++++++++++++ - 3 files changed, 262 insertions(+) - create mode 100644 grub-core/kern/buffer.c - create mode 100644 include/grub/buffer.h - -diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def -index a00e7f983..eac42a7b7 100644 ---- a/grub-core/Makefile.core.def -+++ b/grub-core/Makefile.core.def -@@ -123,6 +123,7 @@ kernel = { - riscv32_efi_startup = kern/riscv/efi/startup.S; - riscv64_efi_startup = kern/riscv/efi/startup.S; - -+ common = kern/buffer.c; - common = kern/command.c; - common = kern/corecmd.c; - common = kern/device.c; -diff --git a/grub-core/kern/buffer.c b/grub-core/kern/buffer.c -new file mode 100644 -index 000000000..9f5f8b867 ---- /dev/null -+++ b/grub-core/kern/buffer.c -@@ -0,0 +1,117 @@ -+/* -+ * GRUB -- GRand Unified Bootloader -+ * Copyright (C) 2021 Free Software Foundation, Inc. -+ * -+ * GRUB is free software: you can redistribute it and/or modify -+ * it under the terms of the GNU General Public License as published by -+ * the Free Software Foundation, either version 3 of the License, or -+ * (at your option) any later version. -+ * -+ * GRUB is distributed in the hope that it will be useful, -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ * GNU General Public License for more details. -+ * -+ * You should have received a copy of the GNU General Public License -+ * along with GRUB. If not, see . -+ */ -+ -+#include -+#include -+#include -+#include -+#include -+#include -+ -+grub_buffer_t -+grub_buffer_new (grub_size_t sz) -+{ -+ struct grub_buffer *ret; -+ -+ ret = (struct grub_buffer *) grub_malloc (sizeof (*ret)); -+ if (ret == NULL) -+ return NULL; -+ -+ ret->data = (grub_uint8_t *) grub_malloc (sz); -+ if (ret->data == NULL) -+ { -+ grub_free (ret); -+ return NULL; -+ } -+ -+ ret->sz = sz; -+ ret->pos = 0; -+ ret->used = 0; -+ -+ return ret; -+} -+ -+void -+grub_buffer_free (grub_buffer_t buf) -+{ -+ grub_free (buf->data); -+ grub_free (buf); -+} -+ -+grub_err_t -+grub_buffer_ensure_space (grub_buffer_t buf, grub_size_t req) -+{ -+ grub_uint8_t *d; -+ grub_size_t newsz = 1; -+ -+ /* Is the current buffer size adequate? */ -+ if (buf->sz >= req) -+ return GRUB_ERR_NONE; -+ -+ /* Find the smallest power-of-2 size that satisfies the request. */ -+ while (newsz < req) -+ { -+ if (newsz == 0) -+ return grub_error (GRUB_ERR_OUT_OF_RANGE, -+ N_("requested buffer size is too large")); -+ newsz <<= 1; -+ } -+ -+ d = (grub_uint8_t *) grub_realloc (buf->data, newsz); -+ if (d == NULL) -+ return grub_errno; -+ -+ buf->data = d; -+ buf->sz = newsz; -+ -+ return GRUB_ERR_NONE; -+} -+ -+void * -+grub_buffer_take_data (grub_buffer_t buf) -+{ -+ void *data = buf->data; -+ -+ buf->data = NULL; -+ buf->sz = buf->pos = buf->used = 0; -+ -+ return data; -+} -+ -+void -+grub_buffer_reset (grub_buffer_t buf) -+{ -+ buf->pos = buf->used = 0; -+} -+ -+grub_err_t -+grub_buffer_advance_read_pos (grub_buffer_t buf, grub_size_t n) -+{ -+ grub_size_t newpos; -+ -+ if (grub_add (buf->pos, n, &newpos)) -+ return grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); -+ -+ if (newpos > buf->used) -+ return grub_error (GRUB_ERR_OUT_OF_RANGE, -+ N_("new read is position beyond the end of the written data")); -+ -+ buf->pos = newpos; -+ -+ return GRUB_ERR_NONE; -+} -diff --git a/include/grub/buffer.h b/include/grub/buffer.h -new file mode 100644 -index 000000000..f4b10cf28 ---- /dev/null -+++ b/include/grub/buffer.h -@@ -0,0 +1,144 @@ -+/* -+ * GRUB -- GRand Unified Bootloader -+ * Copyright (C) 2021 Free Software Foundation, Inc. -+ * -+ * GRUB is free software: you can redistribute it and/or modify -+ * it under the terms of the GNU General Public License as published by -+ * the Free Software Foundation, either version 3 of the License, or -+ * (at your option) any later version. -+ * -+ * GRUB is distributed in the hope that it will be useful, -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ * GNU General Public License for more details. -+ * -+ * You should have received a copy of the GNU General Public License -+ * along with GRUB. If not, see . -+ */ -+ -+#ifndef GRUB_BUFFER_H -+#define GRUB_BUFFER_H 1 -+ -+#include -+#include -+#include -+#include -+#include -+ -+struct grub_buffer -+{ -+ grub_uint8_t *data; -+ grub_size_t sz; -+ grub_size_t pos; -+ grub_size_t used; -+}; -+ -+/* -+ * grub_buffer_t represents a simple variable sized byte buffer with -+ * read and write cursors. It currently only implements -+ * functionality required by the only user in GRUB (append byte[s], -+ * peeking data at a specified position and updating the read cursor. -+ * Some things that this doesn't do yet are: -+ * - Reading a portion of the buffer by copying data from the current -+ * read position in to a caller supplied destination buffer and then -+ * automatically updating the read cursor. -+ * - Dropping the read part at the start of the buffer when an append -+ * requires more space. -+ */ -+typedef struct grub_buffer *grub_buffer_t; -+ -+/* Allocate a new buffer with the specified initial size. */ -+extern grub_buffer_t grub_buffer_new (grub_size_t sz); -+ -+/* Free the buffer and its resources. */ -+extern void grub_buffer_free (grub_buffer_t buf); -+ -+/* Return the number of unread bytes in this buffer. */ -+static inline grub_size_t -+grub_buffer_get_unread_bytes (grub_buffer_t buf) -+{ -+ return buf->used - buf->pos; -+} -+ -+/* -+ * Ensure that the buffer size is at least the requested -+ * number of bytes. -+ */ -+extern grub_err_t grub_buffer_ensure_space (grub_buffer_t buf, grub_size_t req); -+ -+/* -+ * Append the specified number of bytes from the supplied -+ * data to the buffer. -+ */ -+static inline grub_err_t -+grub_buffer_append_data (grub_buffer_t buf, const void *data, grub_size_t len) -+{ -+ grub_size_t req; -+ -+ if (grub_add (buf->used, len, &req)) -+ return grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); -+ -+ if (grub_buffer_ensure_space (buf, req) != GRUB_ERR_NONE) -+ return grub_errno; -+ -+ grub_memcpy (&buf->data[buf->used], data, len); -+ buf->used = req; -+ -+ return GRUB_ERR_NONE; -+} -+ -+/* Append the supplied character to the buffer. */ -+static inline grub_err_t -+grub_buffer_append_char (grub_buffer_t buf, char c) -+{ -+ return grub_buffer_append_data (buf, &c, 1); -+} -+ -+/* -+ * Forget and return the underlying data buffer. The caller -+ * becomes the owner of this buffer, and must free it when it -+ * is no longer required. -+ */ -+extern void *grub_buffer_take_data (grub_buffer_t buf); -+ -+/* Reset this buffer. Note that this does not deallocate any resources. */ -+void grub_buffer_reset (grub_buffer_t buf); -+ -+/* -+ * Return a pointer to the underlying data buffer at the specified -+ * offset from the current read position. Note that this pointer may -+ * become invalid if the buffer is mutated further. -+ */ -+static inline void * -+grub_buffer_peek_data_at (grub_buffer_t buf, grub_size_t off) -+{ -+ if (grub_add (buf->pos, off, &off)) -+ { -+ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected.")); -+ return NULL; -+ } -+ -+ if (off >= buf->used) -+ { -+ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("peek out of range")); -+ return NULL; -+ } -+ -+ return &buf->data[off]; -+} -+ -+/* -+ * Return a pointer to the underlying data buffer at the current -+ * read position. Note that this pointer may become invalid if the -+ * buffer is mutated further. -+ */ -+static inline void * -+grub_buffer_peek_data (grub_buffer_t buf) -+{ -+ return grub_buffer_peek_data_at (buf, 0); -+} -+ -+/* Advance the read position by the specified number of bytes. */ -+extern grub_err_t grub_buffer_advance_read_pos (grub_buffer_t buf, grub_size_t n); -+ -+#endif /* GRUB_BUFFER_H */ --- -2.26.2 - diff --git a/0030-kern-parser-Fix-a-stack-buffer-overflow.patch b/0030-kern-parser-Fix-a-stack-buffer-overflow.patch deleted file mode 100644 index 597d8fc..0000000 --- a/0030-kern-parser-Fix-a-stack-buffer-overflow.patch +++ /dev/null @@ -1,247 +0,0 @@ -From e26b56b819c65d251d12175dd82fab4679cfbc87 Mon Sep 17 00:00:00 2001 -From: Chris Coulson -Date: Thu, 7 Jan 2021 19:21:03 +0000 -Subject: [PATCH 30/46] kern/parser: Fix a stack buffer overflow - -grub_parser_split_cmdline() expands variable names present in the supplied -command line in to their corresponding variable contents and uses a 1 kiB -stack buffer for temporary storage without sufficient bounds checking. If -the function is called with a command line that references a variable with -a sufficiently large payload, it is possible to overflow the stack -buffer via tab completion, corrupt the stack frame and potentially -control execution. - -Fixes: CVE-2020-27749 - -Reported-by: Chris Coulson -Signed-off-by: Chris Coulson -Signed-off-by: Darren Kenny -Reviewed-by: Daniel Kiper ---- - grub-core/kern/parser.c | 110 ++++++++++++++++++++++++---------------- - 1 file changed, 67 insertions(+), 43 deletions(-) - -diff --git a/grub-core/kern/parser.c b/grub-core/kern/parser.c -index e010eaa1f..6ab7aa427 100644 ---- a/grub-core/kern/parser.c -+++ b/grub-core/kern/parser.c -@@ -18,6 +18,7 @@ - */ - - #include -+#include - #include - #include - #include -@@ -107,8 +108,8 @@ check_varstate (grub_parser_state_t s) - } - - --static void --add_var (char *varname, char **bp, char **vp, -+static grub_err_t -+add_var (grub_buffer_t varname, grub_buffer_t buf, - grub_parser_state_t state, grub_parser_state_t newstate) - { - const char *val; -@@ -116,31 +117,41 @@ add_var (char *varname, char **bp, char **vp, - /* Check if a variable was being read in and the end of the name - was reached. */ - if (!(check_varstate (state) && !check_varstate (newstate))) -- return; -+ return GRUB_ERR_NONE; -+ -+ if (grub_buffer_append_char (varname, '\0') != GRUB_ERR_NONE) -+ return grub_errno; - -- *((*vp)++) = '\0'; -- val = grub_env_get (varname); -- *vp = varname; -+ val = grub_env_get ((const char *) grub_buffer_peek_data (varname)); -+ grub_buffer_reset (varname); - if (!val) -- return; -+ return GRUB_ERR_NONE; - - /* Insert the contents of the variable in the buffer. */ -- for (; *val; val++) -- *((*bp)++) = *val; -+ return grub_buffer_append_data (buf, val, grub_strlen (val)); - } - --static void --terminate_arg (char *buffer, char **bp, int *argc) -+static grub_err_t -+terminate_arg (grub_buffer_t buffer, int *argc) - { -- if (*bp != buffer && *((*bp) - 1) != '\0') -- { -- *((*bp)++) = '\0'; -- (*argc)++; -- } -+ grub_size_t unread = grub_buffer_get_unread_bytes (buffer); -+ -+ if (unread == 0) -+ return GRUB_ERR_NONE; -+ -+ if (*(const char *) grub_buffer_peek_data_at (buffer, unread - 1) == '\0') -+ return GRUB_ERR_NONE; -+ -+ if (grub_buffer_append_char (buffer, '\0') != GRUB_ERR_NONE) -+ return grub_errno; -+ -+ (*argc)++; -+ -+ return GRUB_ERR_NONE; - } - - static grub_err_t --process_char (char c, char *buffer, char **bp, char *varname, char **vp, -+process_char (char c, grub_buffer_t buffer, grub_buffer_t varname, - grub_parser_state_t state, int *argc, - grub_parser_state_t *newstate) - { -@@ -153,12 +164,13 @@ process_char (char c, char *buffer, char **bp, char *varname, char **vp, - * not describe the variable anymore, write the variable to - * the buffer. - */ -- add_var (varname, bp, vp, state, *newstate); -+ if (add_var (varname, buffer, state, *newstate) != GRUB_ERR_NONE) -+ return grub_errno; - - if (check_varstate (*newstate)) - { - if (use) -- *((*vp)++) = use; -+ return grub_buffer_append_char (varname, use); - } - else if (*newstate == GRUB_PARSER_STATE_TEXT && - state != GRUB_PARSER_STATE_ESC && grub_isspace (use)) -@@ -167,10 +179,10 @@ process_char (char c, char *buffer, char **bp, char *varname, char **vp, - * Don't add more than one argument if multiple - * spaces are used. - */ -- terminate_arg (buffer, bp, argc); -+ return terminate_arg (buffer, argc); - } - else if (use) -- *((*bp)++) = use; -+ return grub_buffer_append_char (buffer, use); - - return GRUB_ERR_NONE; - } -@@ -181,19 +193,22 @@ grub_parser_split_cmdline (const char *cmdline, - int *argc, char ***argv) - { - grub_parser_state_t state = GRUB_PARSER_STATE_TEXT; -- /* XXX: Fixed size buffer, perhaps this buffer should be dynamically -- allocated. */ -- char buffer[1024]; -- char *bp = buffer; -+ grub_buffer_t buffer, varname; - char *rd = (char *) cmdline; - char *rp = rd; -- char varname[200]; -- char *vp = varname; -- char *args; - int i; - - *argc = 0; - *argv = NULL; -+ -+ buffer = grub_buffer_new (1024); -+ if (buffer == NULL) -+ return grub_errno; -+ -+ varname = grub_buffer_new (200); -+ if (varname == NULL) -+ goto fail; -+ - do - { - if (rp == NULL || *rp == '\0') -@@ -219,7 +234,7 @@ grub_parser_split_cmdline (const char *cmdline, - { - grub_parser_state_t newstate; - -- if (process_char (*rp, buffer, &bp, varname, &vp, state, argc, -+ if (process_char (*rp, buffer, varname, state, argc, - &newstate) != GRUB_ERR_NONE) - goto fail; - -@@ -230,10 +245,12 @@ grub_parser_split_cmdline (const char *cmdline, - - /* A special case for when the last character was part of a - variable. */ -- add_var (varname, &bp, &vp, state, GRUB_PARSER_STATE_TEXT); -+ if (add_var (varname, buffer, state, GRUB_PARSER_STATE_TEXT) != GRUB_ERR_NONE) -+ goto fail; - - /* Ensure that the last argument is terminated. */ -- terminate_arg (buffer, &bp, argc); -+ if (terminate_arg (buffer, argc) != GRUB_ERR_NONE) -+ goto fail; - - /* If there are no args, then we're done. */ - if (!*argc) -@@ -242,38 +259,45 @@ grub_parser_split_cmdline (const char *cmdline, - goto out; - } - -- /* Reserve memory for the return values. */ -- args = grub_malloc (bp - buffer); -- if (!args) -- goto fail; -- grub_memcpy (args, buffer, bp - buffer); -- - *argv = grub_calloc (*argc + 1, sizeof (char *)); - if (!*argv) - goto fail; - - /* The arguments are separated with 0's, setup argv so it points to - the right values. */ -- bp = args; - for (i = 0; i < *argc; i++) - { -- (*argv)[i] = bp; -- while (*bp) -- bp++; -- bp++; -+ char *arg; -+ -+ if (i > 0) -+ { -+ if (grub_buffer_advance_read_pos (buffer, 1) != GRUB_ERR_NONE) -+ goto fail; -+ } -+ -+ arg = (char *) grub_buffer_peek_data (buffer); -+ if (arg == NULL || -+ grub_buffer_advance_read_pos (buffer, grub_strlen (arg)) != GRUB_ERR_NONE) -+ goto fail; -+ -+ (*argv)[i] = arg; - } - -+ /* Keep memory for the return values. */ -+ grub_buffer_take_data (buffer); -+ - grub_errno = GRUB_ERR_NONE; - - out: - if (rd != cmdline) - grub_free (rd); -+ grub_buffer_free (buffer); -+ grub_buffer_free (varname); - - return grub_errno; - - fail: - grub_free (*argv); -- grub_free (args); - goto out; - } - --- -2.26.2 - diff --git a/0031-util-mkimage-Remove-unused-code-to-add-BSS-section.patch b/0031-util-mkimage-Remove-unused-code-to-add-BSS-section.patch deleted file mode 100644 index ef4a9d9..0000000 --- a/0031-util-mkimage-Remove-unused-code-to-add-BSS-section.patch +++ /dev/null @@ -1,60 +0,0 @@ -From 88862305f889d23a176c936ff337a8f3ec492efd Mon Sep 17 00:00:00 2001 -From: Javier Martinez Canillas -Date: Thu, 11 Feb 2021 17:06:49 +0100 -Subject: [PATCH 31/46] util/mkimage: Remove unused code to add BSS section - -The code is compiled out so there is no reason to keep it. - -Additionally, don't set bss_size field since we do not add a BSS section. - -Signed-off-by: Javier Martinez Canillas -Reviewed-by: Daniel Kiper ---- - util/mkimage.c | 17 ----------------- - 1 file changed, 17 deletions(-) - -diff --git a/util/mkimage.c b/util/mkimage.c -index 37d6249f1..32bb8ea68 100644 ---- a/util/mkimage.c -+++ b/util/mkimage.c -@@ -1304,7 +1304,6 @@ grub_install_generate_image (const char *dir, const char *prefix, - o->code_size = grub_host_to_target32 (layout.exec_size); - o->data_size = grub_cpu_to_le32 (reloc_addr - layout.exec_size - - header_size); -- o->bss_size = grub_cpu_to_le32 (layout.bss_size); - o->entry_addr = grub_cpu_to_le32 (layout.start_address); - o->code_base = grub_cpu_to_le32 (header_size); - -@@ -1342,7 +1341,6 @@ grub_install_generate_image (const char *dir, const char *prefix, - o->code_size = grub_host_to_target32 (layout.exec_size); - o->data_size = grub_cpu_to_le32 (reloc_addr - layout.exec_size - - header_size); -- o->bss_size = grub_cpu_to_le32 (layout.bss_size); - o->entry_addr = grub_cpu_to_le32 (layout.start_address); - o->code_base = grub_cpu_to_le32 (header_size); - o->image_base = 0; -@@ -1387,21 +1385,6 @@ grub_install_generate_image (const char *dir, const char *prefix, - = grub_cpu_to_le32_compile_time (GRUB_PE32_SCN_CNT_INITIALIZED_DATA - | GRUB_PE32_SCN_MEM_READ - | GRUB_PE32_SCN_MEM_WRITE); -- --#if 0 -- bss_section = data_section + 1; -- strcpy (bss_section->name, ".bss"); -- bss_section->virtual_size = grub_cpu_to_le32 (layout.bss_size); -- bss_section->virtual_address = grub_cpu_to_le32 (header_size + layout.kernel_size); -- bss_section->raw_data_size = 0; -- bss_section->raw_data_offset = 0; -- bss_section->characteristics -- = grub_cpu_to_le32_compile_time (GRUB_PE32_SCN_MEM_READ -- | GRUB_PE32_SCN_MEM_WRITE -- | GRUB_PE32_SCN_ALIGN_64BYTES -- | GRUB_PE32_SCN_CNT_INITIALIZED_DATA -- | 0x80); --#endif - - mods_section = data_section + 1; - strcpy (mods_section->name, "mods"); --- -2.26.2 - diff --git a/0032-util-mkimage-Use-grub_host_to_target32-instead-of-gr.patch b/0032-util-mkimage-Use-grub_host_to_target32-instead-of-gr.patch deleted file mode 100644 index c5fc163..0000000 --- a/0032-util-mkimage-Use-grub_host_to_target32-instead-of-gr.patch +++ /dev/null @@ -1,112 +0,0 @@ -From 6e003a43373e87683f3c5b783cdc8e423e1a6bc3 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Mon, 15 Feb 2021 13:59:21 +0100 -Subject: [PATCH 32/46] util/mkimage: Use grub_host_to_target32() instead of - grub_cpu_to_le32() - -The latter doesn't take into account the target image endianness. There is -a grub_cpu_to_le32_compile_time() but no compile time variant for function -grub_host_to_target32(). So, let's keep using the other one for this case. - -Signed-off-by: Peter Jones -Signed-off-by: Javier Martinez Canillas -Reviewed-by: Daniel Kiper ---- - util/mkimage.c | 44 ++++++++++++++++++++++---------------------- - 1 file changed, 22 insertions(+), 22 deletions(-) - -diff --git a/util/mkimage.c b/util/mkimage.c -index 32bb8ea68..02944f28e 100644 ---- a/util/mkimage.c -+++ b/util/mkimage.c -@@ -1302,10 +1302,10 @@ grub_install_generate_image (const char *dir, const char *prefix, - + sizeof (struct grub_pe32_coff_header)); - o->magic = grub_host_to_target16 (GRUB_PE32_PE32_MAGIC); - o->code_size = grub_host_to_target32 (layout.exec_size); -- o->data_size = grub_cpu_to_le32 (reloc_addr - layout.exec_size -+ o->data_size = grub_host_to_target32 (reloc_addr - layout.exec_size - - header_size); -- o->entry_addr = grub_cpu_to_le32 (layout.start_address); -- o->code_base = grub_cpu_to_le32 (header_size); -+ o->entry_addr = grub_host_to_target32 (layout.start_address); -+ o->code_base = grub_host_to_target32 (header_size); - - o->data_base = grub_host_to_target32 (header_size + layout.exec_size); - -@@ -1339,10 +1339,10 @@ grub_install_generate_image (const char *dir, const char *prefix, - + sizeof (struct grub_pe32_coff_header)); - o->magic = grub_host_to_target16 (GRUB_PE32_PE64_MAGIC); - o->code_size = grub_host_to_target32 (layout.exec_size); -- o->data_size = grub_cpu_to_le32 (reloc_addr - layout.exec_size -+ o->data_size = grub_host_to_target32 (reloc_addr - layout.exec_size - - header_size); -- o->entry_addr = grub_cpu_to_le32 (layout.start_address); -- o->code_base = grub_cpu_to_le32 (header_size); -+ o->entry_addr = grub_host_to_target32 (layout.start_address); -+ o->code_base = grub_host_to_target32 (header_size); - o->image_base = 0; - o->section_alignment = grub_host_to_target32 (image_target->section_align); - o->file_alignment = grub_host_to_target32 (GRUB_PE32_FILE_ALIGNMENT); -@@ -1366,10 +1366,10 @@ grub_install_generate_image (const char *dir, const char *prefix, - /* The sections. */ - text_section = sections; - strcpy (text_section->name, ".text"); -- text_section->virtual_size = grub_cpu_to_le32 (layout.exec_size); -- text_section->virtual_address = grub_cpu_to_le32 (header_size); -- text_section->raw_data_size = grub_cpu_to_le32 (layout.exec_size); -- text_section->raw_data_offset = grub_cpu_to_le32 (header_size); -+ text_section->virtual_size = grub_host_to_target32 (layout.exec_size); -+ text_section->virtual_address = grub_host_to_target32 (header_size); -+ text_section->raw_data_size = grub_host_to_target32 (layout.exec_size); -+ text_section->raw_data_offset = grub_host_to_target32 (header_size); - text_section->characteristics = grub_cpu_to_le32_compile_time ( - GRUB_PE32_SCN_CNT_CODE - | GRUB_PE32_SCN_MEM_EXECUTE -@@ -1377,10 +1377,10 @@ grub_install_generate_image (const char *dir, const char *prefix, - - data_section = text_section + 1; - strcpy (data_section->name, ".data"); -- data_section->virtual_size = grub_cpu_to_le32 (layout.kernel_size - layout.exec_size); -- data_section->virtual_address = grub_cpu_to_le32 (header_size + layout.exec_size); -- data_section->raw_data_size = grub_cpu_to_le32 (layout.kernel_size - layout.exec_size); -- data_section->raw_data_offset = grub_cpu_to_le32 (header_size + layout.exec_size); -+ data_section->virtual_size = grub_host_to_target32 (layout.kernel_size - layout.exec_size); -+ data_section->virtual_address = grub_host_to_target32 (header_size + layout.exec_size); -+ data_section->raw_data_size = grub_host_to_target32 (layout.kernel_size - layout.exec_size); -+ data_section->raw_data_offset = grub_host_to_target32 (header_size + layout.exec_size); - data_section->characteristics - = grub_cpu_to_le32_compile_time (GRUB_PE32_SCN_CNT_INITIALIZED_DATA - | GRUB_PE32_SCN_MEM_READ -@@ -1388,10 +1388,10 @@ grub_install_generate_image (const char *dir, const char *prefix, - - mods_section = data_section + 1; - strcpy (mods_section->name, "mods"); -- mods_section->virtual_size = grub_cpu_to_le32 (reloc_addr - layout.kernel_size - header_size); -- mods_section->virtual_address = grub_cpu_to_le32 (header_size + layout.kernel_size + layout.bss_size); -- mods_section->raw_data_size = grub_cpu_to_le32 (reloc_addr - layout.kernel_size - header_size); -- mods_section->raw_data_offset = grub_cpu_to_le32 (header_size + layout.kernel_size); -+ mods_section->virtual_size = grub_host_to_target32 (reloc_addr - layout.kernel_size - header_size); -+ mods_section->virtual_address = grub_host_to_target32 (header_size + layout.kernel_size + layout.bss_size); -+ mods_section->raw_data_size = grub_host_to_target32 (reloc_addr - layout.kernel_size - header_size); -+ mods_section->raw_data_offset = grub_host_to_target32 (header_size + layout.kernel_size); - mods_section->characteristics - = grub_cpu_to_le32_compile_time (GRUB_PE32_SCN_CNT_INITIALIZED_DATA - | GRUB_PE32_SCN_MEM_READ -@@ -1399,10 +1399,10 @@ grub_install_generate_image (const char *dir, const char *prefix, - - reloc_section = mods_section + 1; - strcpy (reloc_section->name, ".reloc"); -- reloc_section->virtual_size = grub_cpu_to_le32 (layout.reloc_size); -- reloc_section->virtual_address = grub_cpu_to_le32 (reloc_addr + layout.bss_size); -- reloc_section->raw_data_size = grub_cpu_to_le32 (layout.reloc_size); -- reloc_section->raw_data_offset = grub_cpu_to_le32 (reloc_addr); -+ reloc_section->virtual_size = grub_host_to_target32 (layout.reloc_size); -+ reloc_section->virtual_address = grub_host_to_target32 (reloc_addr + layout.bss_size); -+ reloc_section->raw_data_size = grub_host_to_target32 (layout.reloc_size); -+ reloc_section->raw_data_offset = grub_host_to_target32 (reloc_addr); - reloc_section->characteristics - = grub_cpu_to_le32_compile_time (GRUB_PE32_SCN_CNT_INITIALIZED_DATA - | GRUB_PE32_SCN_MEM_DISCARDABLE --- -2.26.2 - diff --git a/0033-util-mkimage-Always-use-grub_host_to_target32-to-ini.patch b/0033-util-mkimage-Always-use-grub_host_to_target32-to-ini.patch deleted file mode 100644 index e25b3d5..0000000 --- a/0033-util-mkimage-Always-use-grub_host_to_target32-to-ini.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 4bf74d11396e0adde218a3129599f145459852f3 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Mon, 15 Feb 2021 14:14:24 +0100 -Subject: [PATCH 33/46] util/mkimage: Always use grub_host_to_target32() to - initialize PE stack and heap stuff - -This change does not impact final result of initialization itself. -However, it eases PE code unification in subsequent patches. - -Signed-off-by: Peter Jones -Signed-off-by: Javier Martinez Canillas -Reviewed-by: Daniel Kiper ---- - util/mkimage.c | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/util/mkimage.c b/util/mkimage.c -index 02944f28e..b94bfb781 100644 ---- a/util/mkimage.c -+++ b/util/mkimage.c -@@ -1351,10 +1351,10 @@ grub_install_generate_image (const char *dir, const char *prefix, - o->subsystem = grub_host_to_target16 (GRUB_PE32_SUBSYSTEM_EFI_APPLICATION); - - /* Do these really matter? */ -- o->stack_reserve_size = grub_host_to_target64 (0x10000); -- o->stack_commit_size = grub_host_to_target64 (0x10000); -- o->heap_reserve_size = grub_host_to_target64 (0x10000); -- o->heap_commit_size = grub_host_to_target64 (0x10000); -+ o->stack_reserve_size = grub_host_to_target32 (0x10000); -+ o->stack_commit_size = grub_host_to_target32 (0x10000); -+ o->heap_reserve_size = grub_host_to_target32 (0x10000); -+ o->heap_commit_size = grub_host_to_target32 (0x10000); - - o->num_data_directories - = grub_host_to_target32 (GRUB_PE32_NUM_DATA_DIRECTORIES); --- -2.26.2 - diff --git a/0034-util-mkimage-Unify-more-of-the-PE32-and-PE32-header-.patch b/0034-util-mkimage-Unify-more-of-the-PE32-and-PE32-header-.patch deleted file mode 100644 index 1f63c9a..0000000 --- a/0034-util-mkimage-Unify-more-of-the-PE32-and-PE32-header-.patch +++ /dev/null @@ -1,169 +0,0 @@ -From 17db90317938d492561af63f0cc7356c6dadb46a Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Mon, 15 Feb 2021 14:19:31 +0100 -Subject: [PATCH 34/46] util/mkimage: Unify more of the PE32 and PE32+ header - set-up - -There's quite a bit of code duplication in the code that sets the optional -header for PE32 and PE32+. The two are very similar with the exception of -a few fields that have type grub_uint64_t instead of grub_uint32_t. - -Factor out the common code and add a PE_OHDR() macro that simplifies the -set-up and make the code more readable. - -Signed-off-by: Peter Jones -Signed-off-by: Javier Martinez Canillas -Reviewed-by: Daniel Kiper ---- - util/mkimage.c | 111 +++++++++++++++++++++++-------------------------- - 1 file changed, 51 insertions(+), 60 deletions(-) - -diff --git a/util/mkimage.c b/util/mkimage.c -index b94bfb781..a039039db 100644 ---- a/util/mkimage.c -+++ b/util/mkimage.c -@@ -816,6 +816,21 @@ grub_install_get_image_targets_string (void) - return formats; - } - -+/* -+ * tmp_ is just here so the compiler knows we'll never derefernce a NULL. -+ * It should get fully optimized away. -+ */ -+#define PE_OHDR(o32, o64, field) (*( \ -+{ \ -+ __typeof__((o64)->field) tmp_; \ -+ __typeof__((o64)->field) *ret_ = &tmp_; \ -+ if (o32) \ -+ ret_ = (void *)(&((o32)->field)); \ -+ else if (o64) \ -+ ret_ = (void *)(&((o64)->field)); \ -+ ret_; \ -+})) -+ - void - grub_install_generate_image (const char *dir, const char *prefix, - FILE *out, const char *outname, char *mods[], -@@ -1252,6 +1267,8 @@ grub_install_generate_image (const char *dir, const char *prefix, - static const grub_uint8_t stub[] = GRUB_PE32_MSDOS_STUB; - int header_size; - int reloc_addr; -+ struct grub_pe32_optional_header *o32 = NULL; -+ struct grub_pe64_optional_header *o64 = NULL; - - if (image_target->voidp_sizeof == 4) - header_size = EFI32_HEADER_SIZE; -@@ -1293,76 +1310,50 @@ grub_install_generate_image (const char *dir, const char *prefix, - /* The PE Optional header. */ - if (image_target->voidp_sizeof == 4) - { -- struct grub_pe32_optional_header *o; -- - c->optional_header_size = grub_host_to_target16 (sizeof (struct grub_pe32_optional_header)); - -- o = (struct grub_pe32_optional_header *) -- (header + GRUB_PE32_MSDOS_STUB_SIZE + GRUB_PE32_SIGNATURE_SIZE -- + sizeof (struct grub_pe32_coff_header)); -- o->magic = grub_host_to_target16 (GRUB_PE32_PE32_MAGIC); -- o->code_size = grub_host_to_target32 (layout.exec_size); -- o->data_size = grub_host_to_target32 (reloc_addr - layout.exec_size -- - header_size); -- o->entry_addr = grub_host_to_target32 (layout.start_address); -- o->code_base = grub_host_to_target32 (header_size); -- -- o->data_base = grub_host_to_target32 (header_size + layout.exec_size); -- -- o->image_base = 0; -- o->section_alignment = grub_host_to_target32 (image_target->section_align); -- o->file_alignment = grub_host_to_target32 (GRUB_PE32_FILE_ALIGNMENT); -- o->image_size = grub_host_to_target32 (pe_size); -- o->header_size = grub_host_to_target32 (header_size); -- o->subsystem = grub_host_to_target16 (GRUB_PE32_SUBSYSTEM_EFI_APPLICATION); -- -- /* Do these really matter? */ -- o->stack_reserve_size = grub_host_to_target32 (0x10000); -- o->stack_commit_size = grub_host_to_target32 (0x10000); -- o->heap_reserve_size = grub_host_to_target32 (0x10000); -- o->heap_commit_size = grub_host_to_target32 (0x10000); -- -- o->num_data_directories = grub_host_to_target32 (GRUB_PE32_NUM_DATA_DIRECTORIES); -+ o32 = (struct grub_pe32_optional_header *) -+ (header + GRUB_PE32_MSDOS_STUB_SIZE + GRUB_PE32_SIGNATURE_SIZE + -+ sizeof (struct grub_pe32_coff_header)); -+ o32->magic = grub_host_to_target16 (GRUB_PE32_PE32_MAGIC); -+ o32->data_base = grub_host_to_target32 (header_size + layout.exec_size); - -- o->base_relocation_table.rva = grub_host_to_target32 (reloc_addr); -- o->base_relocation_table.size = grub_host_to_target32 (layout.reloc_size); -- sections = o + 1; -+ sections = o32 + 1; - } - else - { -- struct grub_pe64_optional_header *o; -- - c->optional_header_size = grub_host_to_target16 (sizeof (struct grub_pe64_optional_header)); - -- o = (struct grub_pe64_optional_header *) -- (header + GRUB_PE32_MSDOS_STUB_SIZE + GRUB_PE32_SIGNATURE_SIZE -- + sizeof (struct grub_pe32_coff_header)); -- o->magic = grub_host_to_target16 (GRUB_PE32_PE64_MAGIC); -- o->code_size = grub_host_to_target32 (layout.exec_size); -- o->data_size = grub_host_to_target32 (reloc_addr - layout.exec_size -- - header_size); -- o->entry_addr = grub_host_to_target32 (layout.start_address); -- o->code_base = grub_host_to_target32 (header_size); -- o->image_base = 0; -- o->section_alignment = grub_host_to_target32 (image_target->section_align); -- o->file_alignment = grub_host_to_target32 (GRUB_PE32_FILE_ALIGNMENT); -- o->image_size = grub_host_to_target32 (pe_size); -- o->header_size = grub_host_to_target32 (header_size); -- o->subsystem = grub_host_to_target16 (GRUB_PE32_SUBSYSTEM_EFI_APPLICATION); -- -- /* Do these really matter? */ -- o->stack_reserve_size = grub_host_to_target32 (0x10000); -- o->stack_commit_size = grub_host_to_target32 (0x10000); -- o->heap_reserve_size = grub_host_to_target32 (0x10000); -- o->heap_commit_size = grub_host_to_target32 (0x10000); -- -- o->num_data_directories -- = grub_host_to_target32 (GRUB_PE32_NUM_DATA_DIRECTORIES); -+ o64 = (struct grub_pe64_optional_header *) -+ (header + GRUB_PE32_MSDOS_STUB_SIZE + GRUB_PE32_SIGNATURE_SIZE + -+ sizeof (struct grub_pe32_coff_header)); -+ o64->magic = grub_host_to_target16 (GRUB_PE32_PE64_MAGIC); - -- o->base_relocation_table.rva = grub_host_to_target32 (reloc_addr); -- o->base_relocation_table.size = grub_host_to_target32 (layout.reloc_size); -- sections = o + 1; -+ sections = o64 + 1; - } -+ -+ PE_OHDR (o32, o64, code_size) = grub_host_to_target32 (layout.exec_size); -+ PE_OHDR (o32, o64, data_size) = grub_host_to_target32 (reloc_addr - layout.exec_size - header_size); -+ PE_OHDR (o32, o64, entry_addr) = grub_host_to_target32 (layout.start_address); -+ PE_OHDR (o32, o64, code_base) = grub_host_to_target32 (header_size); -+ -+ PE_OHDR (o32, o64, image_base) = 0; -+ PE_OHDR (o32, o64, section_alignment) = grub_host_to_target32 (image_target->section_align); -+ PE_OHDR (o32, o64, file_alignment) = grub_host_to_target32 (GRUB_PE32_FILE_ALIGNMENT); -+ PE_OHDR (o32, o64, image_size) = grub_host_to_target32 (pe_size); -+ PE_OHDR (o32, o64, header_size) = grub_host_to_target32 (header_size); -+ PE_OHDR (o32, o64, subsystem) = grub_host_to_target16 (GRUB_PE32_SUBSYSTEM_EFI_APPLICATION); -+ -+ /* Do these really matter? */ -+ PE_OHDR (o32, o64, stack_reserve_size) = grub_host_to_target32 (0x10000); -+ PE_OHDR (o32, o64, stack_commit_size) = grub_host_to_target32 (0x10000); -+ PE_OHDR (o32, o64, heap_reserve_size) = grub_host_to_target32 (0x10000); -+ PE_OHDR (o32, o64, heap_commit_size) = grub_host_to_target32 (0x10000); -+ -+ PE_OHDR (o32, o64, num_data_directories) = grub_host_to_target32 (GRUB_PE32_NUM_DATA_DIRECTORIES); -+ PE_OHDR (o32, o64, base_relocation_table.rva) = grub_host_to_target32 (reloc_addr); -+ PE_OHDR (o32, o64, base_relocation_table.size) = grub_host_to_target32 (layout.reloc_size); -+ - /* The sections. */ - text_section = sections; - strcpy (text_section->name, ".text"); --- -2.26.2 - diff --git a/0035-util-mkimage-Reorder-PE-optional-header-fields-set-u.patch b/0035-util-mkimage-Reorder-PE-optional-header-fields-set-u.patch deleted file mode 100644 index 4c4db2d..0000000 --- a/0035-util-mkimage-Reorder-PE-optional-header-fields-set-u.patch +++ /dev/null @@ -1,72 +0,0 @@ -From fbacfa8211adbd1acaf264f7b1292781121a7195 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Mon, 15 Feb 2021 14:21:48 +0100 -Subject: [PATCH 35/46] util/mkimage: Reorder PE optional header fields set-up - -This makes the PE32 and PE32+ header fields set-up easier to follow by -setting them closer to the initialization of their related sections. - -Signed-off-by: Peter Jones -Signed-off-by: Javier Martinez Canillas -Reviewed-by: Daniel Kiper ---- - util/mkimage.c | 16 ++++++++-------- - 1 file changed, 8 insertions(+), 8 deletions(-) - -diff --git a/util/mkimage.c b/util/mkimage.c -index a039039db..deaef5666 100644 ---- a/util/mkimage.c -+++ b/util/mkimage.c -@@ -1332,16 +1332,12 @@ grub_install_generate_image (const char *dir, const char *prefix, - sections = o64 + 1; - } - -- PE_OHDR (o32, o64, code_size) = grub_host_to_target32 (layout.exec_size); -- PE_OHDR (o32, o64, data_size) = grub_host_to_target32 (reloc_addr - layout.exec_size - header_size); -+ PE_OHDR (o32, o64, header_size) = grub_host_to_target32 (header_size); - PE_OHDR (o32, o64, entry_addr) = grub_host_to_target32 (layout.start_address); -- PE_OHDR (o32, o64, code_base) = grub_host_to_target32 (header_size); -- - PE_OHDR (o32, o64, image_base) = 0; -+ PE_OHDR (o32, o64, image_size) = grub_host_to_target32 (pe_size); - PE_OHDR (o32, o64, section_alignment) = grub_host_to_target32 (image_target->section_align); - PE_OHDR (o32, o64, file_alignment) = grub_host_to_target32 (GRUB_PE32_FILE_ALIGNMENT); -- PE_OHDR (o32, o64, image_size) = grub_host_to_target32 (pe_size); -- PE_OHDR (o32, o64, header_size) = grub_host_to_target32 (header_size); - PE_OHDR (o32, o64, subsystem) = grub_host_to_target16 (GRUB_PE32_SUBSYSTEM_EFI_APPLICATION); - - /* Do these really matter? */ -@@ -1351,10 +1347,10 @@ grub_install_generate_image (const char *dir, const char *prefix, - PE_OHDR (o32, o64, heap_commit_size) = grub_host_to_target32 (0x10000); - - PE_OHDR (o32, o64, num_data_directories) = grub_host_to_target32 (GRUB_PE32_NUM_DATA_DIRECTORIES); -- PE_OHDR (o32, o64, base_relocation_table.rva) = grub_host_to_target32 (reloc_addr); -- PE_OHDR (o32, o64, base_relocation_table.size) = grub_host_to_target32 (layout.reloc_size); - - /* The sections. */ -+ PE_OHDR (o32, o64, code_base) = grub_host_to_target32 (header_size); -+ PE_OHDR (o32, o64, code_size) = grub_host_to_target32 (layout.exec_size); - text_section = sections; - strcpy (text_section->name, ".text"); - text_section->virtual_size = grub_host_to_target32 (layout.exec_size); -@@ -1366,6 +1362,8 @@ grub_install_generate_image (const char *dir, const char *prefix, - | GRUB_PE32_SCN_MEM_EXECUTE - | GRUB_PE32_SCN_MEM_READ); - -+ PE_OHDR (o32, o64, data_size) = grub_host_to_target32 (reloc_addr - layout.exec_size - header_size); -+ - data_section = text_section + 1; - strcpy (data_section->name, ".data"); - data_section->virtual_size = grub_host_to_target32 (layout.kernel_size - layout.exec_size); -@@ -1388,6 +1386,8 @@ grub_install_generate_image (const char *dir, const char *prefix, - | GRUB_PE32_SCN_MEM_READ - | GRUB_PE32_SCN_MEM_WRITE); - -+ PE_OHDR (o32, o64, base_relocation_table.rva) = grub_host_to_target32 (reloc_addr); -+ PE_OHDR (o32, o64, base_relocation_table.size) = grub_host_to_target32 (layout.reloc_size); - reloc_section = mods_section + 1; - strcpy (reloc_section->name, ".reloc"); - reloc_section->virtual_size = grub_host_to_target32 (layout.reloc_size); --- -2.26.2 - diff --git a/0036-util-mkimage-Improve-data_size-value-calculation.patch b/0036-util-mkimage-Improve-data_size-value-calculation.patch deleted file mode 100644 index be62027..0000000 --- a/0036-util-mkimage-Improve-data_size-value-calculation.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 805d58de7a06687572fba8f8d0f4110204246f2d Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Thu, 11 Feb 2021 17:07:33 +0100 -Subject: [PATCH 36/46] util/mkimage: Improve data_size value calculation - -According to "Microsoft Portable Executable and Common Object File Format -Specification", the Optional Header SizeOfInitializedData field contains: - - Size of the initialized data section, or the sum of all such sections if - there are multiple data sections. - -Make this explicit by adding the GRUB kernel data size to the sum of all -the modules sizes. The ALIGN_UP() is not required by the PE spec but do -it to avoid alignment issues. - -Signed-off-by: Peter Jones -Signed-off-by: Javier Martinez Canillas -Reviewed-by: Daniel Kiper ---- - util/mkimage.c | 6 +++++- - 1 file changed, 5 insertions(+), 1 deletion(-) - -diff --git a/util/mkimage.c b/util/mkimage.c -index deaef5666..853a52179 100644 ---- a/util/mkimage.c -+++ b/util/mkimage.c -@@ -1260,6 +1260,7 @@ grub_install_generate_image (const char *dir, const char *prefix, - void *pe_img; - grub_uint8_t *header; - void *sections; -+ size_t scn_size; - size_t pe_size; - struct grub_pe32_coff_header *c; - struct grub_pe32_section_table *text_section, *data_section; -@@ -1362,7 +1363,10 @@ grub_install_generate_image (const char *dir, const char *prefix, - | GRUB_PE32_SCN_MEM_EXECUTE - | GRUB_PE32_SCN_MEM_READ); - -- PE_OHDR (o32, o64, data_size) = grub_host_to_target32 (reloc_addr - layout.exec_size - header_size); -+ scn_size = ALIGN_UP (layout.kernel_size - layout.exec_size, GRUB_PE32_FILE_ALIGNMENT); -+ PE_OHDR (o32, o64, data_size) = grub_host_to_target32 (scn_size + -+ ALIGN_UP (total_module_size, -+ GRUB_PE32_FILE_ALIGNMENT)); - - data_section = text_section + 1; - strcpy (data_section->name, ".data"); --- -2.26.2 - diff --git a/0037-util-mkimage-Refactor-section-setup-to-use-a-helper.patch b/0037-util-mkimage-Refactor-section-setup-to-use-a-helper.patch deleted file mode 100644 index 35ac99c..0000000 --- a/0037-util-mkimage-Refactor-section-setup-to-use-a-helper.patch +++ /dev/null @@ -1,220 +0,0 @@ -From aa25aa5d9ce91e862cc951225c5aabc78c4d4366 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Mon, 15 Feb 2021 14:58:06 +0100 -Subject: [PATCH 37/46] util/mkimage: Refactor section setup to use a helper - -Add a init_pe_section() helper function to setup PE sections. This makes -the code simpler and easier to read. - -Signed-off-by: Peter Jones -Signed-off-by: Javier Martinez Canillas -Reviewed-by: Daniel Kiper ---- - util/mkimage.c | 143 ++++++++++++++++++++++++++----------------------- - 1 file changed, 77 insertions(+), 66 deletions(-) - -diff --git a/util/mkimage.c b/util/mkimage.c -index 853a52179..8b475a691 100644 ---- a/util/mkimage.c -+++ b/util/mkimage.c -@@ -816,6 +816,38 @@ grub_install_get_image_targets_string (void) - return formats; - } - -+/* -+ * The image_target parameter is used by the grub_host_to_target32() macro. -+ */ -+static struct grub_pe32_section_table * -+init_pe_section(const struct grub_install_image_target_desc *image_target, -+ struct grub_pe32_section_table *section, -+ const char * const name, -+ grub_uint32_t *vma, grub_uint32_t vsz, grub_uint32_t valign, -+ grub_uint32_t *rda, grub_uint32_t rsz, -+ grub_uint32_t characteristics) -+{ -+ size_t len = strlen (name); -+ -+ if (len > sizeof (section->name)) -+ grub_util_error (_("section name %s length is bigger than %lu"), -+ name, (unsigned long) sizeof (section->name)); -+ -+ memcpy (section->name, name, len); -+ -+ section->virtual_address = grub_host_to_target32 (*vma); -+ section->virtual_size = grub_host_to_target32 (vsz); -+ (*vma) = ALIGN_UP (*vma + vsz, valign); -+ -+ section->raw_data_offset = grub_host_to_target32 (*rda); -+ section->raw_data_size = grub_host_to_target32 (rsz); -+ (*rda) = ALIGN_UP (*rda + rsz, GRUB_PE32_FILE_ALIGNMENT); -+ -+ section->characteristics = grub_host_to_target32 (characteristics); -+ -+ return section + 1; -+} -+ - /* - * tmp_ is just here so the compiler knows we'll never derefernce a NULL. - * It should get fully optimized away. -@@ -1257,17 +1289,13 @@ grub_install_generate_image (const char *dir, const char *prefix, - break; - case IMAGE_EFI: - { -- void *pe_img; -- grub_uint8_t *header; -- void *sections; -+ char *pe_img, *header; -+ struct grub_pe32_section_table *section; - size_t scn_size; -- size_t pe_size; -+ grub_uint32_t vma, raw_data; -+ size_t pe_size, header_size; - struct grub_pe32_coff_header *c; -- struct grub_pe32_section_table *text_section, *data_section; -- struct grub_pe32_section_table *mods_section, *reloc_section; - static const grub_uint8_t stub[] = GRUB_PE32_MSDOS_STUB; -- int header_size; -- int reloc_addr; - struct grub_pe32_optional_header *o32 = NULL; - struct grub_pe64_optional_header *o64 = NULL; - -@@ -1276,17 +1304,12 @@ grub_install_generate_image (const char *dir, const char *prefix, - else - header_size = EFI64_HEADER_SIZE; - -- reloc_addr = ALIGN_UP (header_size + core_size, -- GRUB_PE32_FILE_ALIGNMENT); -+ vma = raw_data = header_size; -+ pe_size = ALIGN_UP (header_size + core_size, GRUB_PE32_FILE_ALIGNMENT) + -+ ALIGN_UP (layout.reloc_size, GRUB_PE32_FILE_ALIGNMENT); -+ header = pe_img = xcalloc (1, pe_size); - -- pe_size = ALIGN_UP (reloc_addr + layout.reloc_size, -- GRUB_PE32_FILE_ALIGNMENT); -- pe_img = xmalloc (reloc_addr + layout.reloc_size); -- memset (pe_img, 0, header_size); -- memcpy ((char *) pe_img + header_size, core_img, core_size); -- memset ((char *) pe_img + header_size + core_size, 0, reloc_addr - (header_size + core_size)); -- memcpy ((char *) pe_img + reloc_addr, layout.reloc_section, layout.reloc_size); -- header = pe_img; -+ memcpy (pe_img + raw_data, core_img, core_size); - - /* The magic. */ - memcpy (header, stub, GRUB_PE32_MSDOS_STUB_SIZE); -@@ -1319,18 +1342,17 @@ grub_install_generate_image (const char *dir, const char *prefix, - o32->magic = grub_host_to_target16 (GRUB_PE32_PE32_MAGIC); - o32->data_base = grub_host_to_target32 (header_size + layout.exec_size); - -- sections = o32 + 1; -+ section = (struct grub_pe32_section_table *)(o32 + 1); - } - else - { - c->optional_header_size = grub_host_to_target16 (sizeof (struct grub_pe64_optional_header)); -- - o64 = (struct grub_pe64_optional_header *) - (header + GRUB_PE32_MSDOS_STUB_SIZE + GRUB_PE32_SIGNATURE_SIZE + - sizeof (struct grub_pe32_coff_header)); - o64->magic = grub_host_to_target16 (GRUB_PE32_PE64_MAGIC); - -- sections = o64 + 1; -+ section = (struct grub_pe32_section_table *)(o64 + 1); - } - - PE_OHDR (o32, o64, header_size) = grub_host_to_target32 (header_size); -@@ -1350,58 +1372,47 @@ grub_install_generate_image (const char *dir, const char *prefix, - PE_OHDR (o32, o64, num_data_directories) = grub_host_to_target32 (GRUB_PE32_NUM_DATA_DIRECTORIES); - - /* The sections. */ -- PE_OHDR (o32, o64, code_base) = grub_host_to_target32 (header_size); -+ PE_OHDR (o32, o64, code_base) = grub_host_to_target32 (vma); - PE_OHDR (o32, o64, code_size) = grub_host_to_target32 (layout.exec_size); -- text_section = sections; -- strcpy (text_section->name, ".text"); -- text_section->virtual_size = grub_host_to_target32 (layout.exec_size); -- text_section->virtual_address = grub_host_to_target32 (header_size); -- text_section->raw_data_size = grub_host_to_target32 (layout.exec_size); -- text_section->raw_data_offset = grub_host_to_target32 (header_size); -- text_section->characteristics = grub_cpu_to_le32_compile_time ( -- GRUB_PE32_SCN_CNT_CODE -- | GRUB_PE32_SCN_MEM_EXECUTE -- | GRUB_PE32_SCN_MEM_READ); -+ section = init_pe_section (image_target, section, ".text", -+ &vma, layout.exec_size, -+ image_target->section_align, -+ &raw_data, layout.exec_size, -+ GRUB_PE32_SCN_CNT_CODE | -+ GRUB_PE32_SCN_MEM_EXECUTE | -+ GRUB_PE32_SCN_MEM_READ); - - scn_size = ALIGN_UP (layout.kernel_size - layout.exec_size, GRUB_PE32_FILE_ALIGNMENT); - PE_OHDR (o32, o64, data_size) = grub_host_to_target32 (scn_size + - ALIGN_UP (total_module_size, - GRUB_PE32_FILE_ALIGNMENT)); - -- data_section = text_section + 1; -- strcpy (data_section->name, ".data"); -- data_section->virtual_size = grub_host_to_target32 (layout.kernel_size - layout.exec_size); -- data_section->virtual_address = grub_host_to_target32 (header_size + layout.exec_size); -- data_section->raw_data_size = grub_host_to_target32 (layout.kernel_size - layout.exec_size); -- data_section->raw_data_offset = grub_host_to_target32 (header_size + layout.exec_size); -- data_section->characteristics -- = grub_cpu_to_le32_compile_time (GRUB_PE32_SCN_CNT_INITIALIZED_DATA -- | GRUB_PE32_SCN_MEM_READ -- | GRUB_PE32_SCN_MEM_WRITE); -- -- mods_section = data_section + 1; -- strcpy (mods_section->name, "mods"); -- mods_section->virtual_size = grub_host_to_target32 (reloc_addr - layout.kernel_size - header_size); -- mods_section->virtual_address = grub_host_to_target32 (header_size + layout.kernel_size + layout.bss_size); -- mods_section->raw_data_size = grub_host_to_target32 (reloc_addr - layout.kernel_size - header_size); -- mods_section->raw_data_offset = grub_host_to_target32 (header_size + layout.kernel_size); -- mods_section->characteristics -- = grub_cpu_to_le32_compile_time (GRUB_PE32_SCN_CNT_INITIALIZED_DATA -- | GRUB_PE32_SCN_MEM_READ -- | GRUB_PE32_SCN_MEM_WRITE); -- -- PE_OHDR (o32, o64, base_relocation_table.rva) = grub_host_to_target32 (reloc_addr); -- PE_OHDR (o32, o64, base_relocation_table.size) = grub_host_to_target32 (layout.reloc_size); -- reloc_section = mods_section + 1; -- strcpy (reloc_section->name, ".reloc"); -- reloc_section->virtual_size = grub_host_to_target32 (layout.reloc_size); -- reloc_section->virtual_address = grub_host_to_target32 (reloc_addr + layout.bss_size); -- reloc_section->raw_data_size = grub_host_to_target32 (layout.reloc_size); -- reloc_section->raw_data_offset = grub_host_to_target32 (reloc_addr); -- reloc_section->characteristics -- = grub_cpu_to_le32_compile_time (GRUB_PE32_SCN_CNT_INITIALIZED_DATA -- | GRUB_PE32_SCN_MEM_DISCARDABLE -- | GRUB_PE32_SCN_MEM_READ); -+ section = init_pe_section (image_target, section, ".data", -+ &vma, scn_size, image_target->section_align, -+ &raw_data, scn_size, -+ GRUB_PE32_SCN_CNT_INITIALIZED_DATA | -+ GRUB_PE32_SCN_MEM_READ | -+ GRUB_PE32_SCN_MEM_WRITE); -+ -+ scn_size = pe_size - layout.reloc_size - raw_data; -+ section = init_pe_section (image_target, section, "mods", -+ &vma, scn_size, image_target->section_align, -+ &raw_data, scn_size, -+ GRUB_PE32_SCN_CNT_INITIALIZED_DATA | -+ GRUB_PE32_SCN_MEM_READ | -+ GRUB_PE32_SCN_MEM_WRITE); -+ -+ scn_size = layout.reloc_size; -+ PE_OHDR (o32, o64, base_relocation_table.rva) = grub_host_to_target32 (vma); -+ PE_OHDR (o32, o64, base_relocation_table.size) = grub_host_to_target32 (scn_size); -+ memcpy (pe_img + raw_data, layout.reloc_section, scn_size); -+ init_pe_section (image_target, section, ".reloc", -+ &vma, scn_size, image_target->section_align, -+ &raw_data, scn_size, -+ GRUB_PE32_SCN_CNT_INITIALIZED_DATA | -+ GRUB_PE32_SCN_MEM_DISCARDABLE | -+ GRUB_PE32_SCN_MEM_READ); -+ - free (core_img); - core_img = pe_img; - core_size = pe_size; --- -2.26.2 - diff --git a/0038-util-mkimage-Add-an-option-to-import-SBAT-metadata-i.patch b/0038-util-mkimage-Add-an-option-to-import-SBAT-metadata-i.patch deleted file mode 100644 index 4b49058..0000000 --- a/0038-util-mkimage-Add-an-option-to-import-SBAT-metadata-i.patch +++ /dev/null @@ -1,263 +0,0 @@ -From c128817e4493836b9877e573820782036dea2163 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Mon, 15 Feb 2021 17:07:00 +0100 -Subject: [PATCH 38/46] util/mkimage: Add an option to import SBAT metadata - into a .sbat section - -Add a --sbat option to the grub-mkimage tool which allows us to import -an SBAT metadata formatted as a CSV file into a .sbat section of the -EFI binary. - -Signed-off-by: Peter Jones -Signed-off-by: Javier Martinez Canillas -Reviewed-by: Daniel Kiper ---- - docs/grub.texi | 19 ++++++++++++++++ - include/grub/util/install.h | 3 ++- - include/grub/util/mkimage.h | 1 + - util/grub-install-common.c | 2 +- - util/grub-mkimage.c | 15 ++++++++++++- - util/mkimage.c | 43 +++++++++++++++++++++++++++++++------ - 6 files changed, 73 insertions(+), 10 deletions(-) - -diff --git a/docs/grub.texi b/docs/grub.texi -index cf29a1797..fa0b49737 100644 ---- a/docs/grub.texi -+++ b/docs/grub.texi -@@ -5612,6 +5612,7 @@ environment variables and commands are listed in the same order. - * Authentication and authorisation:: Users and access control - * Using digital signatures:: Booting digitally signed code - * UEFI secure boot and shim:: Booting digitally signed PE files -+* Secure Boot Advanced Targeting:: Embedded information for generation number based revocation - * Measured Boot:: Measuring boot components - * Lockdown:: Lockdown when booting on a secure setup - @end menu -@@ -5791,6 +5792,24 @@ and @command{memrw} will not be available when the UEFI secure boot is enabled. - This is done for security reasons and are enforced by the GRUB Lockdown mechanism - (@pxref{Lockdown}). - -+@node Secure Boot Advanced Targeting -+@section Embedded information for generation number based revocation -+ -+The Secure Boot Advanced Targeting (SBAT) is a mechanism to allow the revocation -+of components in the boot path by using generation numbers embedded into the EFI -+binaries. The SBAT metadata is located in an .sbat data section that has set of -+UTF-8 strings as comma-separated values (CSV). See -+@uref{https://github.com/rhboot/shim/blob/main/SBAT.md} for more details. -+ -+To add a data section containing the SBAT information into the binary, the -+@option{--sbat} option of @command{grub-mkimage} command should be used. The content -+of a CSV file, encoded with UTF-8, is copied as is to the .sbat data section into -+the generated EFI binary. The CSV file can be stored anywhere on the file system. -+ -+@example -+grub-mkimage -O x86_64-efi -o grubx64.efi -p '(tftp)/grub' --sbat sbat.csv efinet tftp -+@end example -+ - @node Measured Boot - @section Measuring boot components - -diff --git a/include/grub/util/install.h b/include/grub/util/install.h -index 1541ee233..6ee3b4516 100644 ---- a/include/grub/util/install.h -+++ b/include/grub/util/install.h -@@ -184,7 +184,8 @@ grub_install_generate_image (const char *dir, const char *prefix, - char *config_path, - const struct grub_install_image_target_desc *image_target, - int note, -- grub_compression_t comp, const char *dtb_file); -+ grub_compression_t comp, const char *dtb_file, -+ const char *sbat_path); - - const struct grub_install_image_target_desc * - grub_install_get_image_target (const char *arg); -diff --git a/include/grub/util/mkimage.h b/include/grub/util/mkimage.h -index ba9f568f6..3819a6744 100644 ---- a/include/grub/util/mkimage.h -+++ b/include/grub/util/mkimage.h -@@ -24,6 +24,7 @@ struct grub_mkimage_layout - size_t exec_size; - size_t kernel_size; - size_t bss_size; -+ size_t sbat_size; - grub_uint64_t start_address; - void *reloc_section; - size_t reloc_size; -diff --git a/util/grub-install-common.c b/util/grub-install-common.c -index d1894f7c1..052f3ef3d 100644 ---- a/util/grub-install-common.c -+++ b/util/grub-install-common.c -@@ -546,7 +546,7 @@ grub_install_make_image_wrap_file (const char *dir, const char *prefix, - grub_install_generate_image (dir, prefix, fp, outname, - modules.entries, memdisk_path, - pubkeys, npubkeys, config_path, tgt, -- note, compression, dtb); -+ note, compression, dtb, NULL); - while (dc--) - grub_install_pop_module (); - } -diff --git a/util/grub-mkimage.c b/util/grub-mkimage.c -index 912564e36..75b884710 100644 ---- a/util/grub-mkimage.c -+++ b/util/grub-mkimage.c -@@ -81,6 +81,7 @@ static struct argp_option options[] = { - {"output", 'o', N_("FILE"), 0, N_("output a generated image to FILE [default=stdout]"), 0}, - {"format", 'O', N_("FORMAT"), 0, 0, 0}, - {"compression", 'C', "(xz|none|auto)", 0, N_("choose the compression to use for core image"), 0}, -+ {"sbat", 's', N_("FILE"), 0, N_("SBAT metadata"), 0}, - {"verbose", 'v', 0, 0, N_("print verbose messages."), 0}, - { 0, 0, 0, 0, 0, 0 } - }; -@@ -123,6 +124,7 @@ struct arguments - size_t npubkeys; - char *font; - char *config; -+ char *sbat; - int note; - const struct grub_install_image_target_desc *image_target; - grub_compression_t comp; -@@ -224,6 +226,13 @@ argp_parser (int key, char *arg, struct argp_state *state) - arguments->prefix = xstrdup (arg); - break; - -+ case 's': -+ if (arguments->sbat) -+ free (arguments->sbat); -+ -+ arguments->sbat = xstrdup (arg); -+ break; -+ - case 'v': - verbosity++; - break; -@@ -309,7 +318,8 @@ main (int argc, char *argv[]) - arguments.memdisk, arguments.pubkeys, - arguments.npubkeys, arguments.config, - arguments.image_target, arguments.note, -- arguments.comp, arguments.dtb); -+ arguments.comp, arguments.dtb, -+ arguments.sbat); - - if (grub_util_file_sync (fp) < 0) - grub_util_error (_("cannot sync `%s': %s"), arguments.output ? : "stdout", -@@ -328,5 +338,8 @@ main (int argc, char *argv[]) - if (arguments.output) - free (arguments.output); - -+ if (arguments.sbat) -+ free (arguments.sbat); -+ - return 0; - } -diff --git a/util/mkimage.c b/util/mkimage.c -index 8b475a691..b354ec1d9 100644 ---- a/util/mkimage.c -+++ b/util/mkimage.c -@@ -869,12 +869,13 @@ grub_install_generate_image (const char *dir, const char *prefix, - char *memdisk_path, char **pubkey_paths, - size_t npubkeys, char *config_path, - const struct grub_install_image_target_desc *image_target, -- int note, grub_compression_t comp, const char *dtb_path) -+ int note, grub_compression_t comp, const char *dtb_path, -+ const char *sbat_path) - { - char *kernel_img, *core_img; - size_t total_module_size, core_size; - size_t memdisk_size = 0, config_size = 0; -- size_t prefix_size = 0, dtb_size = 0; -+ size_t prefix_size = 0, dtb_size = 0, sbat_size = 0; - char *kernel_path; - size_t offset; - struct grub_util_path_list *path_list, *p; -@@ -925,6 +926,9 @@ grub_install_generate_image (const char *dir, const char *prefix, - total_module_size += dtb_size + sizeof (struct grub_module_header); - } - -+ if (sbat_path != NULL && image_target->id != IMAGE_EFI) -+ grub_util_error (_(".sbat section can be embedded into EFI images only")); -+ - if (config_path) - { - config_size = ALIGN_ADDR (grub_util_get_image_size (config_path) + 1); -@@ -1289,8 +1293,9 @@ grub_install_generate_image (const char *dir, const char *prefix, - break; - case IMAGE_EFI: - { -- char *pe_img, *header; -+ char *pe_img, *pe_sbat, *header; - struct grub_pe32_section_table *section; -+ size_t n_sections = 4; - size_t scn_size; - grub_uint32_t vma, raw_data; - size_t pe_size, header_size; -@@ -1305,8 +1310,15 @@ grub_install_generate_image (const char *dir, const char *prefix, - header_size = EFI64_HEADER_SIZE; - - vma = raw_data = header_size; -+ -+ if (sbat_path != NULL) -+ { -+ sbat_size = ALIGN_ADDR (grub_util_get_image_size (sbat_path)); -+ sbat_size = ALIGN_UP (sbat_size, GRUB_PE32_FILE_ALIGNMENT); -+ } -+ - pe_size = ALIGN_UP (header_size + core_size, GRUB_PE32_FILE_ALIGNMENT) + -- ALIGN_UP (layout.reloc_size, GRUB_PE32_FILE_ALIGNMENT); -+ ALIGN_UP (layout.reloc_size, GRUB_PE32_FILE_ALIGNMENT) + sbat_size; - header = pe_img = xcalloc (1, pe_size); - - memcpy (pe_img + raw_data, core_img, core_size); -@@ -1321,7 +1333,10 @@ grub_install_generate_image (const char *dir, const char *prefix, - + GRUB_PE32_SIGNATURE_SIZE); - c->machine = grub_host_to_target16 (image_target->pe_target); - -- c->num_sections = grub_host_to_target16 (4); -+ if (sbat_path != NULL) -+ n_sections++; -+ -+ c->num_sections = grub_host_to_target16 (n_sections); - c->time = grub_host_to_target32 (STABLE_EMBEDDING_TIMESTAMP); - c->characteristics = grub_host_to_target16 (GRUB_PE32_EXECUTABLE_IMAGE - | GRUB_PE32_LINE_NUMS_STRIPPED -@@ -1383,7 +1398,8 @@ grub_install_generate_image (const char *dir, const char *prefix, - GRUB_PE32_SCN_MEM_READ); - - scn_size = ALIGN_UP (layout.kernel_size - layout.exec_size, GRUB_PE32_FILE_ALIGNMENT); -- PE_OHDR (o32, o64, data_size) = grub_host_to_target32 (scn_size + -+ /* ALIGN_UP (sbat_size, GRUB_PE32_FILE_ALIGNMENT) is done earlier. */ -+ PE_OHDR (o32, o64, data_size) = grub_host_to_target32 (scn_size + sbat_size + - ALIGN_UP (total_module_size, - GRUB_PE32_FILE_ALIGNMENT)); - -@@ -1394,7 +1410,7 @@ grub_install_generate_image (const char *dir, const char *prefix, - GRUB_PE32_SCN_MEM_READ | - GRUB_PE32_SCN_MEM_WRITE); - -- scn_size = pe_size - layout.reloc_size - raw_data; -+ scn_size = pe_size - layout.reloc_size - sbat_size - raw_data; - section = init_pe_section (image_target, section, "mods", - &vma, scn_size, image_target->section_align, - &raw_data, scn_size, -@@ -1402,6 +1418,19 @@ grub_install_generate_image (const char *dir, const char *prefix, - GRUB_PE32_SCN_MEM_READ | - GRUB_PE32_SCN_MEM_WRITE); - -+ if (sbat_path != NULL) -+ { -+ pe_sbat = pe_img + raw_data; -+ grub_util_load_image (sbat_path, pe_sbat); -+ -+ section = init_pe_section (image_target, section, ".sbat", -+ &vma, sbat_size, -+ image_target->section_align, -+ &raw_data, sbat_size, -+ GRUB_PE32_SCN_CNT_INITIALIZED_DATA | -+ GRUB_PE32_SCN_MEM_READ); -+ } -+ - scn_size = layout.reloc_size; - PE_OHDR (o32, o64, base_relocation_table.rva) = grub_host_to_target32 (vma); - PE_OHDR (o32, o64, base_relocation_table.size) = grub_host_to_target32 (scn_size); --- -2.26.2 - diff --git a/0039-grub-install-common-Add-sbat-option.patch b/0039-grub-install-common-Add-sbat-option.patch deleted file mode 100644 index 6e2e1dd..0000000 --- a/0039-grub-install-common-Add-sbat-option.patch +++ /dev/null @@ -1,84 +0,0 @@ -From 427bbc05c7fe8c01872cdba3d1d59d27fc1b9e5b Mon Sep 17 00:00:00 2001 -From: Dimitri John Ledkov -Date: Mon, 22 Feb 2021 17:05:25 +0000 -Subject: [PATCH 39/46] grub-install-common: Add --sbat option - -Signed-off-by: Dimitri John Ledkov -Reviewed-by: Daniel Kiper ---- - include/grub/util/install.h | 5 ++++- - util/grub-install-common.c | 12 ++++++++++-- - 2 files changed, 14 insertions(+), 3 deletions(-) - -diff --git a/include/grub/util/install.h b/include/grub/util/install.h -index 6ee3b4516..2207b54d7 100644 ---- a/include/grub/util/install.h -+++ b/include/grub/util/install.h -@@ -63,6 +63,8 @@ - /* TRANSLATORS: "embed" is a verb (command description). "*/ \ - { "pubkey", 'k', N_("FILE"), 0, \ - N_("embed FILE as public key for signature checking"), 0}, \ -+ { "sbat", GRUB_INSTALL_OPTIONS_SBAT, N_("FILE"), 0, \ -+ N_("SBAT metadata"), 0 }, \ - { "verbose", 'v', 0, 0, \ - N_("print verbose messages."), 1 } - -@@ -123,7 +125,8 @@ enum grub_install_options { - GRUB_INSTALL_OPTIONS_THEMES_DIRECTORY, - GRUB_INSTALL_OPTIONS_GRUB_MKIMAGE, - GRUB_INSTALL_OPTIONS_INSTALL_CORE_COMPRESS, -- GRUB_INSTALL_OPTIONS_DTB -+ GRUB_INSTALL_OPTIONS_DTB, -+ GRUB_INSTALL_OPTIONS_SBAT - }; - - extern char *grub_install_source_directory; -diff --git a/util/grub-install-common.c b/util/grub-install-common.c -index 052f3ef3d..4efee002f 100644 ---- a/util/grub-install-common.c -+++ b/util/grub-install-common.c -@@ -342,6 +342,7 @@ handle_install_list (struct install_list *il, const char *val, - - static char **pubkeys; - static size_t npubkeys; -+static char *sbat; - static grub_compression_t compression; - - int -@@ -372,6 +373,12 @@ grub_install_parse (int key, char *arg) - * (npubkeys + 1)); - pubkeys[npubkeys++] = xstrdup (arg); - return 1; -+ case GRUB_INSTALL_OPTIONS_SBAT: -+ if (sbat) -+ free (sbat); -+ -+ sbat = xstrdup (arg); -+ return 1; - - case GRUB_INSTALL_OPTIONS_VERBOSITY: - verbosity++; -@@ -533,9 +540,10 @@ grub_install_make_image_wrap_file (const char *dir, const char *prefix, - grub_util_info ("grub-mkimage --directory '%s' --prefix '%s'" - " --output '%s' " - " --dtb '%s' " -+ "--sbat '%s' " - "--format '%s' --compression '%s' %s %s\n", - dir, prefix, -- outname, dtb ? : "", mkimage_target, -+ outname, dtb ? : "", sbat ? : "", mkimage_target, - compnames[compression], note ? "--note" : "", s); - free (s); - -@@ -546,7 +554,7 @@ grub_install_make_image_wrap_file (const char *dir, const char *prefix, - grub_install_generate_image (dir, prefix, fp, outname, - modules.entries, memdisk_path, - pubkeys, npubkeys, config_path, tgt, -- note, compression, dtb, NULL); -+ note, compression, dtb, sbat); - while (dc--) - grub_install_pop_module (); - } --- -2.26.2 - diff --git a/0040-shim_lock-Only-skip-loading-shim_lock-verifier-with-.patch b/0040-shim_lock-Only-skip-loading-shim_lock-verifier-with-.patch deleted file mode 100644 index 855fdbf..0000000 --- a/0040-shim_lock-Only-skip-loading-shim_lock-verifier-with-.patch +++ /dev/null @@ -1,268 +0,0 @@ -From d9f12b9f37280aa54e8ef4b8c2a2163721d28360 Mon Sep 17 00:00:00 2001 -From: Dimitri John Ledkov -Date: Sat, 20 Feb 2021 17:10:34 +0000 -Subject: [PATCH 40/46] shim_lock: Only skip loading shim_lock verifier with - explicit consent - -Commit 32ddc42c (efi: Only register shim_lock verifier if shim_lock -protocol is found and SB enabled) reintroduced CVE-2020-15705 which -previously only existed in the out-of-tree linuxefi patches and was -fixed as part of the BootHole patch series. - -Under Secure Boot enforce loading shim_lock verifier. Allow skipping -shim_lock verifier if SecureBoot/MokSBState EFI variables indicate -skipping validations, or if GRUB image is built with --disable-shim-lock. - -Fixes: 132ddc42c (efi: Only register shim_lock verifier if shim_lock - protocol is found and SB enabled) -Fixes: CVE-2020-15705 - -Reported-by: Dimitri John Ledkov -Signed-off-by: Dimitri John Ledkov -Reviewed-by: Daniel Kiper ---- - docs/grub.texi | 5 ++++- - grub-core/kern/efi/sb.c | 17 ++++++++++++++++- - include/grub/kernel.h | 3 ++- - include/grub/util/install.h | 7 +++++-- - util/grub-install-common.c | 12 +++++++++--- - util/grub-mkimage.c | 8 +++++++- - util/mkimage.c | 15 ++++++++++++++- - 7 files changed, 57 insertions(+), 10 deletions(-) - -diff --git a/docs/grub.texi b/docs/grub.texi -index fa0b49737..b82f32382 100644 ---- a/docs/grub.texi -+++ b/docs/grub.texi -@@ -5783,7 +5783,10 @@ secure boot chain. - The GRUB, except the @command{chainloader} command, works with the UEFI secure - boot and the shim. This functionality is provided by the shim_lock verifier. It - is built into the @file{core.img} and is registered if the UEFI secure boot is --enabled. -+enabled. The @samp{shim_lock} variable is set to @samp{y} when shim_lock verifier -+is registered. If it is desired to use UEFI secure boot without shim, one can -+disable shim_lock by disabling shim verification with MokSbState UEFI variable -+or by building grub image with @samp{--disable-shim-lock} option. - - All GRUB modules not stored in the @file{core.img}, OS kernels, ACPI tables, - Device Trees, etc. have to be signed, e.g, using PGP. Additionally, the commands -diff --git a/grub-core/kern/efi/sb.c b/grub-core/kern/efi/sb.c -index 5d7210a82..41dadcd14 100644 ---- a/grub-core/kern/efi/sb.c -+++ b/grub-core/kern/efi/sb.c -@@ -21,9 +21,11 @@ - #include - #include - #include -+#include - #include - #include - #include -+#include - #include - #include - #include -@@ -160,14 +162,27 @@ struct grub_file_verifier shim_lock_verifier = - void - grub_shim_lock_verifier_setup (void) - { -+ struct grub_module_header *header; - grub_efi_shim_lock_protocol_t *sl = - grub_efi_locate_protocol (&shim_lock_guid, 0); - -+ /* shim_lock is missing, check if GRUB image is built with --disable-shim-lock. */ - if (!sl) -- return; -+ { -+ FOR_MODULES (header) -+ { -+ if (header->type == OBJ_TYPE_DISABLE_SHIM_LOCK) -+ return; -+ } -+ } - -+ /* Secure Boot is off. Do not load shim_lock. */ - if (grub_efi_get_secureboot () != GRUB_EFI_SECUREBOOT_MODE_ENABLED) - return; - -+ /* Enforce shim_lock_verifier. */ - grub_verifier_register (&shim_lock_verifier); -+ -+ grub_env_set ("shim_lock", "y"); -+ grub_env_export ("shim_lock"); - } -diff --git a/include/grub/kernel.h b/include/grub/kernel.h -index 133a37c8d..abbca5ea3 100644 ---- a/include/grub/kernel.h -+++ b/include/grub/kernel.h -@@ -29,7 +29,8 @@ enum - OBJ_TYPE_CONFIG, - OBJ_TYPE_PREFIX, - OBJ_TYPE_PUBKEY, -- OBJ_TYPE_DTB -+ OBJ_TYPE_DTB, -+ OBJ_TYPE_DISABLE_SHIM_LOCK - }; - - /* The module header. */ -diff --git a/include/grub/util/install.h b/include/grub/util/install.h -index 2207b54d7..0992aecbe 100644 ---- a/include/grub/util/install.h -+++ b/include/grub/util/install.h -@@ -65,6 +65,8 @@ - N_("embed FILE as public key for signature checking"), 0}, \ - { "sbat", GRUB_INSTALL_OPTIONS_SBAT, N_("FILE"), 0, \ - N_("SBAT metadata"), 0 }, \ -+ { "disable-shim-lock", GRUB_INSTALL_OPTIONS_DISABLE_SHIM_LOCK, 0, 0, \ -+ N_("disable shim_lock verifier"), 0 }, \ - { "verbose", 'v', 0, 0, \ - N_("print verbose messages."), 1 } - -@@ -126,7 +128,8 @@ enum grub_install_options { - GRUB_INSTALL_OPTIONS_GRUB_MKIMAGE, - GRUB_INSTALL_OPTIONS_INSTALL_CORE_COMPRESS, - GRUB_INSTALL_OPTIONS_DTB, -- GRUB_INSTALL_OPTIONS_SBAT -+ GRUB_INSTALL_OPTIONS_SBAT, -+ GRUB_INSTALL_OPTIONS_DISABLE_SHIM_LOCK - }; - - extern char *grub_install_source_directory; -@@ -188,7 +191,7 @@ grub_install_generate_image (const char *dir, const char *prefix, - const struct grub_install_image_target_desc *image_target, - int note, - grub_compression_t comp, const char *dtb_file, -- const char *sbat_path); -+ const char *sbat_path, const int disable_shim_lock); - - const struct grub_install_image_target_desc * - grub_install_get_image_target (const char *arg); -diff --git a/util/grub-install-common.c b/util/grub-install-common.c -index 4efee002f..c7b824789 100644 ---- a/util/grub-install-common.c -+++ b/util/grub-install-common.c -@@ -343,6 +343,7 @@ handle_install_list (struct install_list *il, const char *val, - static char **pubkeys; - static size_t npubkeys; - static char *sbat; -+static int disable_shim_lock; - static grub_compression_t compression; - - int -@@ -379,6 +380,9 @@ grub_install_parse (int key, char *arg) - - sbat = xstrdup (arg); - return 1; -+ case GRUB_INSTALL_OPTIONS_DISABLE_SHIM_LOCK: -+ disable_shim_lock = 1; -+ return 1; - - case GRUB_INSTALL_OPTIONS_VERBOSITY: - verbosity++; -@@ -541,10 +545,11 @@ grub_install_make_image_wrap_file (const char *dir, const char *prefix, - " --output '%s' " - " --dtb '%s' " - "--sbat '%s' " -- "--format '%s' --compression '%s' %s %s\n", -+ "--format '%s' --compression '%s' %s %s %s\n", - dir, prefix, - outname, dtb ? : "", sbat ? : "", mkimage_target, -- compnames[compression], note ? "--note" : "", s); -+ compnames[compression], note ? "--note" : "", -+ disable_shim_lock ? "--disable-shim-lock" : "", s); - free (s); - - tgt = grub_install_get_image_target (mkimage_target); -@@ -554,7 +559,8 @@ grub_install_make_image_wrap_file (const char *dir, const char *prefix, - grub_install_generate_image (dir, prefix, fp, outname, - modules.entries, memdisk_path, - pubkeys, npubkeys, config_path, tgt, -- note, compression, dtb, sbat); -+ note, compression, dtb, sbat, -+ disable_shim_lock); - while (dc--) - grub_install_pop_module (); - } -diff --git a/util/grub-mkimage.c b/util/grub-mkimage.c -index 75b884710..c0d559937 100644 ---- a/util/grub-mkimage.c -+++ b/util/grub-mkimage.c -@@ -82,6 +82,7 @@ static struct argp_option options[] = { - {"format", 'O', N_("FORMAT"), 0, 0, 0}, - {"compression", 'C', "(xz|none|auto)", 0, N_("choose the compression to use for core image"), 0}, - {"sbat", 's', N_("FILE"), 0, N_("SBAT metadata"), 0}, -+ {"disable-shim-lock", GRUB_INSTALL_OPTIONS_DISABLE_SHIM_LOCK, 0, 0, N_("disable shim_lock verifier"), 0}, - {"verbose", 'v', 0, 0, N_("print verbose messages."), 0}, - { 0, 0, 0, 0, 0, 0 } - }; -@@ -126,6 +127,7 @@ struct arguments - char *config; - char *sbat; - int note; -+ int disable_shim_lock; - const struct grub_install_image_target_desc *image_target; - grub_compression_t comp; - }; -@@ -233,6 +235,10 @@ argp_parser (int key, char *arg, struct argp_state *state) - arguments->sbat = xstrdup (arg); - break; - -+ case GRUB_INSTALL_OPTIONS_DISABLE_SHIM_LOCK: -+ arguments->disable_shim_lock = 1; -+ break; -+ - case 'v': - verbosity++; - break; -@@ -319,7 +325,7 @@ main (int argc, char *argv[]) - arguments.npubkeys, arguments.config, - arguments.image_target, arguments.note, - arguments.comp, arguments.dtb, -- arguments.sbat); -+ arguments.sbat, arguments.disable_shim_lock); - - if (grub_util_file_sync (fp) < 0) - grub_util_error (_("cannot sync `%s': %s"), arguments.output ? : "stdout", -diff --git a/util/mkimage.c b/util/mkimage.c -index b354ec1d9..a26cf76f7 100644 ---- a/util/mkimage.c -+++ b/util/mkimage.c -@@ -870,7 +870,7 @@ grub_install_generate_image (const char *dir, const char *prefix, - size_t npubkeys, char *config_path, - const struct grub_install_image_target_desc *image_target, - int note, grub_compression_t comp, const char *dtb_path, -- const char *sbat_path) -+ const char *sbat_path, int disable_shim_lock) - { - char *kernel_img, *core_img; - size_t total_module_size, core_size; -@@ -929,6 +929,9 @@ grub_install_generate_image (const char *dir, const char *prefix, - if (sbat_path != NULL && image_target->id != IMAGE_EFI) - grub_util_error (_(".sbat section can be embedded into EFI images only")); - -+ if (disable_shim_lock) -+ total_module_size += sizeof (struct grub_module_header); -+ - if (config_path) - { - config_size = ALIGN_ADDR (grub_util_get_image_size (config_path) + 1); -@@ -1065,6 +1068,16 @@ grub_install_generate_image (const char *dir, const char *prefix, - offset += dtb_size; - } - -+ if (disable_shim_lock) -+ { -+ struct grub_module_header *header; -+ -+ header = (struct grub_module_header *) (kernel_img + offset); -+ header->type = grub_host_to_target32 (OBJ_TYPE_DISABLE_SHIM_LOCK); -+ header->size = grub_host_to_target32 (sizeof (*header)); -+ offset += sizeof (*header); -+ } -+ - if (config_path) - { - struct grub_module_header *header; --- -2.26.2 - diff --git a/0041-squash-Add-secureboot-support-on-efi-chainloader.patch b/0041-squash-Add-secureboot-support-on-efi-chainloader.patch deleted file mode 100644 index a38749e..0000000 --- a/0041-squash-Add-secureboot-support-on-efi-chainloader.patch +++ /dev/null @@ -1,92 +0,0 @@ -From 50f063f61eec3a99565db5f964970a872b642b27 Mon Sep 17 00:00:00 2001 -From: Michael Chang -Date: Fri, 11 Dec 2020 22:33:52 +0800 -Subject: [PATCH 41/46] squash! Add secureboot support on efi chainloader - -Use grub_efi_get_secureboot to get secure boot status ---- - grub-core/loader/efi/chainloader.c | 54 ++---------------------------- - 1 file changed, 2 insertions(+), 52 deletions(-) - -diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c -index 8272df3cd..559247abf 100644 ---- a/grub-core/loader/efi/chainloader.c -+++ b/grub-core/loader/efi/chainloader.c -@@ -46,6 +46,7 @@ - - #ifdef SUPPORT_SECURE_BOOT - #include -+#include - #endif - - GRUB_MOD_LICENSE ("GPLv3+"); -@@ -282,57 +283,6 @@ grub_secure_validate (void *data, grub_efi_uint32_t size) - return 0; - } - --static grub_efi_boolean_t --grub_secure_mode (void) --{ -- grub_efi_guid_t efi_var_guid = GRUB_EFI_GLOBAL_VARIABLE_GUID; -- grub_uint8_t *data; -- grub_size_t datasize; -- -- data = grub_efi_get_variable ("SecureBoot", &efi_var_guid, &datasize); -- -- if (data) -- { -- grub_dprintf ("chain", "SecureBoot: %d, datasize %d\n", (int)*data, (int)datasize); -- } -- -- if (data && (datasize == 1)) -- { -- if (*data != 1) -- { -- grub_dprintf ("chain", "secure boot not enabled\n"); -- return 0; -- } -- } -- else -- { -- grub_dprintf ("chain", "unknown secure boot status\n"); -- return 0; -- } -- -- grub_free (data); -- -- data = grub_efi_get_variable ("SetupMode", &efi_var_guid, &datasize); -- -- if (data) -- { -- grub_dprintf ("chain", "SetupMode: %d, datasize %d\n", (int)*data, (int)datasize); -- } -- -- if (data && (datasize == 1)) -- { -- if (*data == 1) -- { -- grub_dprintf ("chain", "platform in setup mode\n"); -- return 0; -- } -- } -- -- grub_free (data); -- -- return 1; --} -- - static grub_efi_boolean_t - read_header (void *data, grub_efi_uint32_t size, pe_coff_loader_image_context_t *context) - { -@@ -837,7 +787,7 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), - - #ifdef SUPPORT_SECURE_BOOT - /* FIXME is secure boot possible also with universal binaries? */ -- if (debug_secureboot || (grub_secure_mode() && grub_secure_validate ((void *)address, fsize))) -+ if (debug_secureboot || (grub_efi_get_secureboot () == GRUB_EFI_SECUREBOOT_MODE_ENABLED && grub_secure_validate ((void *)address, fsize))) - { - grub_file_close (file); - grub_loader_set (grub_secureboot_chainloader_boot, grub_secureboot_chainloader_unload, 0); --- -2.26.2 - diff --git a/0042-squash-grub2-efi-chainload-harder.patch b/0042-squash-grub2-efi-chainload-harder.patch deleted file mode 100644 index fcb8832..0000000 --- a/0042-squash-grub2-efi-chainload-harder.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 5673c583f3987350a51e39b64260a84342d9592a Mon Sep 17 00:00:00 2001 -From: Michael Chang -Date: Fri, 11 Dec 2020 22:39:54 +0800 -Subject: [PATCH 42/46] squash! grub2-efi-chainload-harder - -Use grub_efi_get_secureboot to get secure boot status ---- - grub-core/loader/efi/chainloader.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c -index 559247abf..7a910db44 100644 ---- a/grub-core/loader/efi/chainloader.c -+++ b/grub-core/loader/efi/chainloader.c -@@ -799,7 +799,7 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), - boot_image, fsize, - &image_handle); - #ifdef SUPPORT_SECURE_BOOT -- if (status == GRUB_EFI_SECURITY_VIOLATION && !grub_secure_mode()) -+ if (status == GRUB_EFI_SECURITY_VIOLATION && grub_efi_get_secureboot () != GRUB_EFI_SECUREBOOT_MODE_ENABLED) - { - /* If it failed with security violation while not in secure boot mode, - the firmware might be broken. We try to workaround on that by forcing --- -2.26.2 - diff --git a/0043-squash-Don-t-allow-insmod-when-secure-boot-is-enable.patch b/0043-squash-Don-t-allow-insmod-when-secure-boot-is-enable.patch deleted file mode 100644 index 1ee7ca1..0000000 --- a/0043-squash-Don-t-allow-insmod-when-secure-boot-is-enable.patch +++ /dev/null @@ -1,88 +0,0 @@ -From 768ab190a7c0a412bbec6142d12000655324daa0 Mon Sep 17 00:00:00 2001 -From: Michael Chang -Date: Fri, 11 Dec 2020 23:01:59 +0800 -Subject: [PATCH 43/46] squash! Don't allow insmod when secure boot is enabled. - -Use grub_efi_get_secureboot to get secure boot status ---- - grub-core/kern/dl.c | 4 ++-- - grub-core/kern/efi/efi.c | 28 ---------------------------- - include/grub/efi/efi.h | 1 - - 3 files changed, 2 insertions(+), 31 deletions(-) - -diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c -index e02f2afc5..93f08dfce 100644 ---- a/grub-core/kern/dl.c -+++ b/grub-core/kern/dl.c -@@ -39,7 +39,7 @@ - #endif - - #ifdef GRUB_MACHINE_EFI --#include -+#include - #endif - - -@@ -702,7 +702,7 @@ grub_dl_load_file (const char *filename) - grub_boot_time ("Loading module %s", filename); - - #ifdef GRUB_MACHINE_EFI -- if (grub_efi_secure_boot ()) -+ if (grub_efi_get_secureboot () == GRUB_EFI_SECUREBOOT_MODE_ENABLED) - { - #if 0 - /* This is an error, but grub2-mkconfig still generates a pile of -diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c -index 92e99b441..32f1b2ec7 100644 ---- a/grub-core/kern/efi/efi.c -+++ b/grub-core/kern/efi/efi.c -@@ -278,34 +278,6 @@ grub_efi_get_variable_with_attributes (const char *var, - return status; - } - --grub_efi_boolean_t --grub_efi_secure_boot (void) --{ -- grub_efi_guid_t efi_var_guid = GRUB_EFI_GLOBAL_VARIABLE_GUID; -- grub_size_t datasize; -- char *secure_boot = NULL; -- char *setup_mode = NULL; -- grub_efi_boolean_t ret = 0; -- -- secure_boot = grub_efi_get_variable("SecureBoot", &efi_var_guid, &datasize); -- -- if (datasize != 1 || !secure_boot) -- goto out; -- -- setup_mode = grub_efi_get_variable("SetupMode", &efi_var_guid, &datasize); -- -- if (datasize != 1 || !setup_mode) -- goto out; -- -- if (*secure_boot && !*setup_mode) -- ret = 1; -- -- out: -- grub_free (secure_boot); -- grub_free (setup_mode); -- return ret; --} -- - grub_efi_status_t - grub_efi_get_variable (const char *var, const grub_efi_guid_t *guid, - grub_size_t *datasize_out, void **data_out) -diff --git a/include/grub/efi/efi.h b/include/grub/efi/efi.h -index 568d80030..08f6ee00a 100644 ---- a/include/grub/efi/efi.h -+++ b/include/grub/efi/efi.h -@@ -91,7 +91,6 @@ EXPORT_FUNC (grub_efi_set_variable) (const char *var, - const grub_efi_guid_t *guid, - void *data, - grub_size_t datasize); --grub_efi_boolean_t EXPORT_FUNC (grub_efi_secure_boot) (void); - int - EXPORT_FUNC (grub_efi_compare_device_paths) (const grub_efi_device_path_t *dp1, - const grub_efi_device_path_t *dp2); --- -2.26.2 - diff --git a/0045-squash-Add-support-for-Linux-EFI-stub-loading-on-aar.patch b/0045-squash-Add-support-for-Linux-EFI-stub-loading-on-aar.patch deleted file mode 100644 index 7c315ad..0000000 --- a/0045-squash-Add-support-for-Linux-EFI-stub-loading-on-aar.patch +++ /dev/null @@ -1,68 +0,0 @@ -From 601c838c4cf3e6bd3e8e19b9e7aa4331cac0dc25 Mon Sep 17 00:00:00 2001 -From: Michael Chang -Date: Thu, 25 Feb 2021 20:44:58 +0800 -Subject: [PATCH 45/46] squash! Add support for Linux EFI stub loading on - aarch64. - -The efi shim_lock verifier has been moved to grub core so local -shim_lock protocol is no longer needed here for aarch64 efi to verify -the loaded kernel image. From now on the framework will take care the -verificaion, consolidating the integration of various security verifiers -like secure boot, gpg and tpm. ---- - grub-core/loader/arm64/efi/linux.c | 32 ------------------------------ - 1 file changed, 32 deletions(-) - -diff --git a/grub-core/loader/arm64/efi/linux.c b/grub-core/loader/arm64/efi/linux.c -index 8549e555b..b73105347 100644 ---- a/grub-core/loader/arm64/efi/linux.c -+++ b/grub-core/loader/arm64/efi/linux.c -@@ -49,32 +49,6 @@ static grub_uint32_t cmdline_size; - static grub_addr_t initrd_start; - static grub_addr_t initrd_end; - --#define SHIM_LOCK_GUID \ -- { 0x605dab50, 0xe046, 0x4300, {0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23} } -- --struct grub_efi_shim_lock --{ -- grub_efi_status_t (*verify) (void *buffer, grub_uint32_t size); --}; --typedef struct grub_efi_shim_lock grub_efi_shim_lock_t; -- --static grub_efi_boolean_t --grub_linuxefi_secure_validate (void *data, grub_uint32_t size) --{ -- grub_efi_guid_t guid = SHIM_LOCK_GUID; -- grub_efi_shim_lock_t *shim_lock; -- -- shim_lock = grub_efi_locate_protocol(&guid, NULL); -- -- if (!shim_lock) -- return 1; -- -- if (shim_lock->verify(data, size) == GRUB_EFI_SUCCESS) -- return 1; -- -- return 0; --} -- - #pragma GCC diagnostic push - #pragma GCC diagnostic ignored "-Wcast-align" - -@@ -443,12 +417,6 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - - grub_dprintf ("linux", "kernel @ %p\n", kernel_addr); - -- if (!grub_linuxefi_secure_validate (kernel_addr, kernel_size)) -- { -- grub_error (GRUB_ERR_INVALID_COMMAND, N_("%s has invalid signature"), argv[0]); -- goto fail; -- } -- - pe = (void *)((unsigned long)kernel_addr + lh.hdr_offset); - handover_offset = pe->opt.entry_addr; - --- -2.26.2 - diff --git a/0046-squash-verifiers-Move-verifiers-API-to-kernel-image.patch b/0046-squash-verifiers-Move-verifiers-API-to-kernel-image.patch index e3ab92f..ec6c4d3 100644 --- a/0046-squash-verifiers-Move-verifiers-API-to-kernel-image.patch +++ b/0046-squash-verifiers-Move-verifiers-API-to-kernel-image.patch @@ -15,11 +15,11 @@ as module for i386-pc to avoid potential issue of looking up symbols. include/grub/verify.h | 9 +++++++++ 6 files changed, 34 insertions(+), 1 deletion(-) -diff --git a/configure.ac b/configure.ac -index c39e8379f..530da4b01 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -1913,6 +1913,7 @@ AM_CONDITIONAL([COND_real_platform], [test x$platform != xnone]) +Index: grub-2.06~rc1/configure.ac +=================================================================== +--- grub-2.06~rc1.orig/configure.ac ++++ grub-2.06~rc1/configure.ac +@@ -1985,6 +1985,7 @@ AM_CONDITIONAL([COND_real_platform], [te AM_CONDITIONAL([COND_emu], [test x$platform = xemu]) AM_CONDITIONAL([COND_NOT_emu], [test x$platform != xemu]) AM_CONDITIONAL([COND_i386_pc], [test x$target_cpu = xi386 -a x$platform = xpc]) @@ -27,12 +27,12 @@ index c39e8379f..530da4b01 100644 AM_CONDITIONAL([COND_i386_efi], [test x$target_cpu = xi386 -a x$platform = xefi]) AM_CONDITIONAL([COND_ia64_efi], [test x$target_cpu = xia64 -a x$platform = xefi]) AM_CONDITIONAL([COND_i386_qemu], [test x$target_cpu = xi386 -a x$platform = xqemu]) -diff --git a/grub-core/Makefile.am b/grub-core/Makefile.am -index 6b2e5e139..47c91e35d 100644 ---- a/grub-core/Makefile.am -+++ b/grub-core/Makefile.am -@@ -92,7 +92,9 @@ KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/parser.h - KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/partition.h +Index: grub-2.06~rc1/grub-core/Makefile.am +=================================================================== +--- grub-2.06~rc1.orig/grub-core/Makefile.am ++++ grub-2.06~rc1/grub-core/Makefile.am +@@ -93,7 +93,9 @@ KERNEL_HEADER_FILES += $(top_srcdir)/inc + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/stack_protector.h KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/term.h KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/time.h +if COND_NOT_i386_pc @@ -41,10 +41,10 @@ index 6b2e5e139..47c91e35d 100644 KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/mm_private.h KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/net.h KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/memory.h -diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def -index eac42a7b7..893044538 100644 ---- a/grub-core/Makefile.core.def -+++ b/grub-core/Makefile.core.def +Index: grub-2.06~rc1/grub-core/Makefile.core.def +=================================================================== +--- grub-2.06~rc1.orig/grub-core/Makefile.core.def ++++ grub-2.06~rc1/grub-core/Makefile.core.def @@ -141,7 +141,7 @@ kernel = { common = kern/rescue_parser.c; common = kern/rescue_reader.c; @@ -54,23 +54,23 @@ index eac42a7b7..893044538 100644 noemu = kern/compiler-rt.c; noemu = kern/mm.c; -@@ -946,6 +946,12 @@ module = { - cppflags = '-I$(srcdir)/lib/posix_wrap'; +@@ -947,6 +947,12 @@ module = { }; -+module = { + module = { + name = verifiers; + common = kern/verifiers.c; + enable = i386_pc; +}; + - module = { ++module = { name = hdparm; common = commands/hdparm.c; -diff --git a/grub-core/kern/main.c b/grub-core/kern/main.c -index 73967e2f5..c7c6d2d0b 100644 ---- a/grub-core/kern/main.c -+++ b/grub-core/kern/main.c + enable = pci; +Index: grub-2.06~rc1/grub-core/kern/main.c +=================================================================== +--- grub-2.06~rc1.orig/grub-core/kern/main.c ++++ grub-2.06~rc1/grub-core/kern/main.c @@ -29,7 +29,9 @@ #include #include @@ -92,11 +92,11 @@ index 73967e2f5..c7c6d2d0b 100644 grub_load_config (); -diff --git a/grub-core/kern/verifiers.c b/grub-core/kern/verifiers.c -index 3d19bffd1..479253351 100644 ---- a/grub-core/kern/verifiers.c -+++ b/grub-core/kern/verifiers.c -@@ -218,8 +218,19 @@ grub_verify_string (char *str, enum grub_verify_string_type type) +Index: grub-2.06~rc1/grub-core/kern/verifiers.c +=================================================================== +--- grub-2.06~rc1.orig/grub-core/kern/verifiers.c ++++ grub-2.06~rc1/grub-core/kern/verifiers.c +@@ -221,8 +221,19 @@ grub_verify_string (char *str, enum grub return GRUB_ERR_NONE; } @@ -116,10 +116,10 @@ index 3d19bffd1..479253351 100644 + grub_file_filter_unregister (GRUB_FILE_FILTER_VERIFY); +} +#endif -diff --git a/include/grub/verify.h b/include/grub/verify.h -index cd129c398..6fde244fc 100644 ---- a/include/grub/verify.h -+++ b/include/grub/verify.h +Index: grub-2.06~rc1/include/grub/verify.h +=================================================================== +--- grub-2.06~rc1.orig/include/grub/verify.h ++++ grub-2.06~rc1/include/grub/verify.h @@ -64,10 +64,14 @@ struct grub_file_verifier grub_err_t (*verify_string) (char *str, enum grub_verify_string_type type); }; @@ -135,7 +135,7 @@ index cd129c398..6fde244fc 100644 static inline void grub_verifier_register (struct grub_file_verifier *ver) -@@ -81,7 +85,12 @@ grub_verifier_unregister (struct grub_file_verifier *ver) +@@ -81,7 +85,12 @@ grub_verifier_unregister (struct grub_fi grub_list_remove (GRUB_AS_LIST (ver)); } @@ -148,6 +148,3 @@ index cd129c398..6fde244fc 100644 +#endif #endif /* ! GRUB_VERIFY_HEADER */ --- -2.26.2 - diff --git a/grub-2.04.tar.xz b/grub-2.04.tar.xz deleted file mode 100644 index 2ac8876..0000000 --- a/grub-2.04.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:e5292496995ad42dabe843a0192cf2a2c502e7ffcc7479398232b10a472df77d -size 6393864 diff --git a/grub-2.06.tar.xz b/grub-2.06.tar.xz new file mode 100644 index 0000000..5a8cc3e --- /dev/null +++ b/grub-2.06.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:b79ea44af91b93d17cd3fe80bdae6ed43770678a9a5ae192ccea803ebb657ee1 +size 6581924 diff --git a/grub-install-define-default-platform-for-risc-v.patch b/grub-install-define-default-platform-for-risc-v.patch deleted file mode 100644 index 00315a4..0000000 --- a/grub-install-define-default-platform-for-risc-v.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 11268841e2e0130a862d15fce86d42cd6501bb49 Mon Sep 17 00:00:00 2001 -From: Andreas Schwab -Date: Thu, 15 Aug 2019 16:55:13 +0200 -Subject: [PATCH] grub-install: Define default platform for RISC-V - -Signed-off-by: Andreas Schwab -Reviewed-by: Daniel Kiper -Reviewed-by: Alexander Graf ---- - util/grub-install.c | 8 ++++++++ - 1 file changed, 8 insertions(+) - -diff --git a/util/grub-install.c b/util/grub-install.c -index 8a55ad4b8..8970b73aa 100644 ---- a/util/grub-install.c -+++ b/util/grub-install.c -@@ -324,6 +324,14 @@ get_default_platform (void) - return "arm64-efi"; - #elif defined (__amd64__) || defined (__x86_64__) || defined (__i386__) - return grub_install_get_default_x86_platform (); -+#elif defined (__riscv) -+#if __riscv_xlen == 32 -+ return "riscv32-efi"; -+#elif __riscv_xlen == 64 -+ return "riscv64-efi"; -+#else -+ return NULL; -+#endif - #elif defined (__s390x__) - return "s390x-emu"; - #else --- -2.23.0 - diff --git a/grub-install-force-journal-draining-to-ensure-data-i.patch b/grub-install-force-journal-draining-to-ensure-data-i.patch index f803cc0..2a7f66b 100644 --- a/grub-install-force-journal-draining-to-ensure-data-i.patch +++ b/grub-install-force-journal-draining-to-ensure-data-i.patch @@ -42,11 +42,11 @@ Signed-off-by: Michael Chang create mode 100644 grub-core/osdep/journaled_fs.c create mode 100644 grub-core/osdep/linux/journaled_fs.c -Index: grub-2.04/Makefile.util.def +Index: grub-2.06/Makefile.util.def =================================================================== ---- grub-2.04.orig/Makefile.util.def -+++ grub-2.04/Makefile.util.def -@@ -645,6 +645,7 @@ program = { +--- grub-2.06.orig/Makefile.util.def ++++ grub-2.06/Makefile.util.def +@@ -663,6 +663,7 @@ program = { emu_condition = COND_s390x; common = grub-core/kern/emu/argp_common.c; common = grub-core/osdep/init.c; @@ -54,10 +54,10 @@ Index: grub-2.04/Makefile.util.def ldadd = '$(LIBLZMA)'; ldadd = libgrubmods.a; -Index: grub-2.04/grub-core/osdep/basic/journaled_fs.c +Index: grub-2.06/grub-core/osdep/basic/journaled_fs.c =================================================================== --- /dev/null -+++ grub-2.04/grub-core/osdep/basic/journaled_fs.c ++++ grub-2.06/grub-core/osdep/basic/journaled_fs.c @@ -0,0 +1,26 @@ +/* + * GRUB -- GRand Unified Bootloader @@ -85,20 +85,20 @@ Index: grub-2.04/grub-core/osdep/basic/journaled_fs.c + return 1; +} + -Index: grub-2.04/grub-core/osdep/journaled_fs.c +Index: grub-2.06/grub-core/osdep/journaled_fs.c =================================================================== --- /dev/null -+++ grub-2.04/grub-core/osdep/journaled_fs.c ++++ grub-2.06/grub-core/osdep/journaled_fs.c @@ -0,0 +1,5 @@ +#ifdef __linux__ +#include "linux/journaled_fs.c" +#else +#include "basic/journaled_fs.c" +#endif -Index: grub-2.04/grub-core/osdep/linux/journaled_fs.c +Index: grub-2.06/grub-core/osdep/linux/journaled_fs.c =================================================================== --- /dev/null -+++ grub-2.04/grub-core/osdep/linux/journaled_fs.c ++++ grub-2.06/grub-core/osdep/linux/journaled_fs.c @@ -0,0 +1,48 @@ +/* + * GRUB -- GRand Unified Bootloader @@ -148,21 +148,21 @@ Index: grub-2.04/grub-core/osdep/linux/journaled_fs.c + return ret; +} + -Index: grub-2.04/include/grub/util/install.h +Index: grub-2.06/include/grub/util/install.h =================================================================== ---- grub-2.04.orig/include/grub/util/install.h -+++ grub-2.04/include/grub/util/install.h -@@ -269,4 +269,6 @@ grub_util_get_target_name (const struct - extern char *grub_install_copy_buffer; - #define GRUB_INSTALL_COPY_BUFFER_SIZE 1048576 +--- grub-2.06.orig/include/grub/util/install.h ++++ grub-2.06/include/grub/util/install.h +@@ -300,4 +300,6 @@ grub_set_install_backup_ponr (void) + } + #endif +int +grub_install_sync_fs_journal (const char *path); #endif -Index: grub-2.04/util/grub-install.c +Index: grub-2.06/util/grub-install.c =================================================================== ---- grub-2.04.orig/util/grub-install.c -+++ grub-2.04/util/grub-install.c +--- grub-2.06.orig/util/grub-install.c ++++ grub-2.06/util/grub-install.c @@ -42,6 +42,7 @@ #include #include @@ -171,7 +171,7 @@ Index: grub-2.04/util/grub-install.c #include -@@ -1997,6 +1998,25 @@ main (int argc, char *argv[]) +@@ -2025,6 +2026,24 @@ main (int argc, char *argv[]) break; } @@ -193,7 +193,6 @@ Index: grub-2.04/util/grub-install.c + break; + } + } -+ - fprintf (stderr, "%s\n", _("Installation finished. No error reported.")); - - /* Free resources. */ + /* + * Either there are no platform specific code, or it didn't raise + * ponr. Raise it here, because usually this is already past point diff --git a/grub2-btrfs-01-add-ability-to-boot-from-subvolumes.patch b/grub2-btrfs-01-add-ability-to-boot-from-subvolumes.patch index 7b5edd2..94eb20b 100644 --- a/grub2-btrfs-01-add-ability-to-boot-from-subvolumes.patch +++ b/grub2-btrfs-01-add-ability-to-boot-from-subvolumes.patch @@ -26,21 +26,21 @@ V1: grub-core/fs/btrfs.c | 529 +++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 518 insertions(+), 11 deletions(-) -Index: grub-2.04/grub-core/fs/btrfs.c +Index: grub-2.06~rc1/grub-core/fs/btrfs.c =================================================================== ---- grub-2.04.orig/grub-core/fs/btrfs.c -+++ grub-2.04/grub-core/fs/btrfs.c -@@ -40,6 +40,9 @@ - #include +--- grub-2.06~rc1.orig/grub-core/fs/btrfs.c ++++ grub-2.06~rc1/grub-core/fs/btrfs.c +@@ -41,6 +41,9 @@ #include #include + #include +#include +#include +#include GRUB_MOD_LICENSE ("GPLv3+"); -@@ -78,9 +81,11 @@ struct grub_btrfs_superblock +@@ -79,9 +82,11 @@ struct grub_btrfs_superblock grub_uint64_t generation; grub_uint64_t root_tree; grub_uint64_t chunk_tree; @@ -54,7 +54,7 @@ Index: grub-2.04/grub-core/fs/btrfs.c struct grub_btrfs_device this_device; char label[0x100]; grub_uint8_t dummy4[0x100]; -@@ -120,6 +125,7 @@ struct grub_btrfs_data +@@ -121,6 +126,7 @@ struct grub_btrfs_data grub_uint64_t exttree; grub_size_t extsize; struct grub_btrfs_extent_data *extent; @@ -62,7 +62,7 @@ Index: grub-2.04/grub-core/fs/btrfs.c }; struct grub_btrfs_chunk_item -@@ -188,6 +194,14 @@ struct grub_btrfs_leaf_descriptor +@@ -191,6 +197,14 @@ struct grub_btrfs_leaf_descriptor } *data; }; @@ -77,7 +77,7 @@ Index: grub-2.04/grub-core/fs/btrfs.c struct grub_btrfs_time { grub_int64_t sec; -@@ -233,6 +247,14 @@ struct grub_btrfs_extent_data +@@ -236,6 +250,14 @@ struct grub_btrfs_extent_data #define GRUB_BTRFS_OBJECT_ID_CHUNK 0x100 @@ -92,7 +92,7 @@ Index: grub-2.04/grub-core/fs/btrfs.c static grub_disk_addr_t superblock_sectors[] = { 64 * 2, 64 * 1024 * 2, 256 * 1048576 * 2, 1048576ULL * 1048576ULL * 2 }; -@@ -1153,6 +1175,62 @@ grub_btrfs_read_logical (struct grub_btr +@@ -1173,6 +1195,62 @@ grub_btrfs_read_logical (struct grub_btr return GRUB_ERR_NONE; } @@ -155,7 +155,7 @@ Index: grub-2.04/grub-core/fs/btrfs.c static struct grub_btrfs_data * grub_btrfs_mount (grub_device_t dev) { -@@ -1188,6 +1266,13 @@ grub_btrfs_mount (grub_device_t dev) +@@ -1208,6 +1286,13 @@ grub_btrfs_mount (grub_device_t dev) data->devices_attached[0].dev = dev; data->devices_attached[0].id = data->sblock.this_device.device_id; @@ -169,7 +169,7 @@ Index: grub-2.04/grub-core/fs/btrfs.c return data; } -@@ -1654,6 +1739,98 @@ get_root (struct grub_btrfs_data *data, +@@ -1674,6 +1759,98 @@ get_root (struct grub_btrfs_data *data, } static grub_err_t @@ -268,7 +268,7 @@ Index: grub-2.04/grub-core/fs/btrfs.c find_path (struct grub_btrfs_data *data, const char *path, struct grub_btrfs_key *key, grub_uint64_t *tree, grub_uint8_t *type) -@@ -1671,14 +1848,26 @@ find_path (struct grub_btrfs_data *data, +@@ -1691,14 +1868,26 @@ find_path (struct grub_btrfs_data *data, char *origpath = NULL; unsigned symlinks_max = 32; @@ -299,7 +299,7 @@ Index: grub-2.04/grub-core/fs/btrfs.c while (1) { while (path[0] == '/') -@@ -1851,9 +2040,21 @@ find_path (struct grub_btrfs_data *data, +@@ -1871,9 +2060,21 @@ find_path (struct grub_btrfs_data *data, path = path_alloc = tmp; if (path[0] == '/') { @@ -324,7 +324,7 @@ Index: grub-2.04/grub-core/fs/btrfs.c } continue; } -@@ -2094,6 +2295,20 @@ grub_btrfs_read (grub_file_t file, char +@@ -2114,6 +2315,20 @@ grub_btrfs_read (grub_file_t file, char data->tree, file->offset, buf, len); } @@ -345,7 +345,7 @@ Index: grub-2.04/grub-core/fs/btrfs.c static grub_err_t grub_btrfs_uuid (grub_device_t device, char **uuid) { -@@ -2105,15 +2320,7 @@ grub_btrfs_uuid (grub_device_t device, c +@@ -2125,15 +2340,7 @@ grub_btrfs_uuid (grub_device_t device, c if (!data) return grub_errno; @@ -362,7 +362,7 @@ Index: grub-2.04/grub-core/fs/btrfs.c grub_btrfs_unmount (data); -@@ -2170,6 +2377,248 @@ grub_btrfs_embed (grub_device_t device _ +@@ -2190,6 +2397,248 @@ grub_btrfs_embed (grub_device_t device _ } #endif @@ -611,7 +611,7 @@ Index: grub-2.04/grub-core/fs/btrfs.c static struct grub_fs grub_btrfs_fs = { .name = "btrfs", .fs_dir = grub_btrfs_dir, -@@ -2185,12 +2634,88 @@ static struct grub_fs grub_btrfs_fs = { +@@ -2205,12 +2654,88 @@ static struct grub_fs grub_btrfs_fs = { #endif }; @@ -700,10 +700,10 @@ Index: grub-2.04/grub-core/fs/btrfs.c } + +// vim: si et sw=2: -Index: grub-2.04/include/grub/btrfs.h +Index: grub-2.06~rc1/include/grub/btrfs.h =================================================================== ---- grub-2.04.orig/include/grub/btrfs.h -+++ grub-2.04/include/grub/btrfs.h +--- grub-2.06~rc1.orig/include/grub/btrfs.h ++++ grub-2.06~rc1/include/grub/btrfs.h @@ -29,6 +29,7 @@ enum GRUB_BTRFS_ITEM_TYPE_ROOT_ITEM = 0x84, GRUB_BTRFS_ITEM_TYPE_ROOT_BACKREF = 0x90, diff --git a/grub2-diskfilter-support-pv-without-metadatacopies.patch b/grub2-diskfilter-support-pv-without-metadatacopies.patch index a740d75..b74a3e6 100644 --- a/grub2-diskfilter-support-pv-without-metadatacopies.patch +++ b/grub2-diskfilter-support-pv-without-metadatacopies.patch @@ -30,10 +30,10 @@ Signed-off-by: Lidong Zhong grub-core/disk/lvm.c | 15 ++++-- 2 files changed, 121 insertions(+), 6 deletions(-) -Index: grub-2.02/grub-core/disk/diskfilter.c +Index: grub-2.06~rc1/grub-core/disk/diskfilter.c =================================================================== ---- grub-2.02.orig/grub-core/disk/diskfilter.c -+++ grub-2.02/grub-core/disk/diskfilter.c +--- grub-2.06~rc1.orig/grub-core/disk/diskfilter.c ++++ grub-2.06~rc1/grub-core/disk/diskfilter.c @@ -28,6 +28,7 @@ #include #include @@ -174,7 +174,7 @@ Index: grub-2.02/grub-core/disk/diskfilter.c return 0; } -@@ -1249,6 +1345,20 @@ insert_array (grub_disk_t disk, const st +@@ -1250,6 +1346,20 @@ insert_array (grub_disk_t disk, const st static void free_array (void) { @@ -195,11 +195,11 @@ Index: grub-2.02/grub-core/disk/diskfilter.c while (array_list) { struct grub_diskfilter_vg *vg; -Index: grub-2.02/grub-core/disk/lvm.c +Index: grub-2.06~rc1/grub-core/disk/lvm.c =================================================================== ---- grub-2.02.orig/grub-core/disk/lvm.c -+++ grub-2.02/grub-core/disk/lvm.c -@@ -182,11 +182,16 @@ grub_lvm_detect (grub_disk_t disk, +--- grub-2.06~rc1.orig/grub-core/disk/lvm.c ++++ grub-2.06~rc1/grub-core/disk/lvm.c +@@ -235,11 +235,16 @@ grub_lvm_detect (grub_disk_t disk, sizeof (mdah->magic))) || (grub_le_to_cpu32 (mdah->version) != GRUB_LVM_FMTT_VERSION)) { diff --git a/grub2-editenv-add-warning-message.patch b/grub2-editenv-add-warning-message.patch deleted file mode 100644 index 82674f4..0000000 --- a/grub2-editenv-add-warning-message.patch +++ /dev/null @@ -1,36 +0,0 @@ -Index: grub-2.02~beta2/util/editenv.c -=================================================================== ---- grub-2.02~beta2.orig/util/editenv.c -+++ grub-2.02~beta2/util/editenv.c -@@ -30,12 +30,14 @@ - #include - - #define DEFAULT_ENVBLK_SIZE 1024 -+#define GRUB_ENVBLK_MESSAGE "# WARNING: Do not edit this file other than by grub2-editenv\n" - - void - grub_util_create_envblk_file (const char *name) - { - FILE *fp; - char *buf; -+ char *pbuf; - char *namenew; - - buf = xmalloc (DEFAULT_ENVBLK_SIZE); -@@ -46,9 +48,13 @@ grub_util_create_envblk_file (const char - grub_util_error (_("cannot open `%s': %s"), namenew, - strerror (errno)); - -- memcpy (buf, GRUB_ENVBLK_SIGNATURE, sizeof (GRUB_ENVBLK_SIGNATURE) - 1); -- memset (buf + sizeof (GRUB_ENVBLK_SIGNATURE) - 1, '#', -- DEFAULT_ENVBLK_SIZE - sizeof (GRUB_ENVBLK_SIGNATURE) + 1); -+ pbuf = buf; -+ memcpy (pbuf, GRUB_ENVBLK_SIGNATURE, sizeof (GRUB_ENVBLK_SIGNATURE) - 1); -+ pbuf += sizeof (GRUB_ENVBLK_SIGNATURE) - 1; -+ memcpy (pbuf, GRUB_ENVBLK_MESSAGE, sizeof (GRUB_ENVBLK_MESSAGE) - 1); -+ pbuf += sizeof (GRUB_ENVBLK_MESSAGE) - 1; -+ memset (pbuf , '#', -+ DEFAULT_ENVBLK_SIZE - sizeof (GRUB_ENVBLK_SIGNATURE) - sizeof (GRUB_ENVBLK_MESSAGE) + 2); - - if (fwrite (buf, 1, DEFAULT_ENVBLK_SIZE, fp) != DEFAULT_ENVBLK_SIZE) - grub_util_error (_("cannot write to `%s': %s"), namenew, diff --git a/grub2-efi-HP-workaround.patch b/grub2-efi-HP-workaround.patch index 932f534..0d993cf 100644 --- a/grub2-efi-HP-workaround.patch +++ b/grub2-efi-HP-workaround.patch @@ -2,19 +2,19 @@ v2: Add GRUB_FILE_TYPE_CONFIG to grub_file_open, see also upstream commit ca0a4f689 verifiers: File type for fine-grained signature-verification controlling -Index: grub-2.04~rc1/grub-core/kern/efi/init.c +Index: grub-2.06~rc1/grub-core/kern/efi/init.c =================================================================== ---- grub-2.04~rc1.orig/grub-core/kern/efi/init.c -+++ grub-2.04~rc1/grub-core/kern/efi/init.c -@@ -25,6 +25,7 @@ +--- grub-2.06~rc1.orig/grub-core/kern/efi/init.c ++++ grub-2.06~rc1/grub-core/kern/efi/init.c +@@ -27,6 +27,7 @@ #include #include #include +#include + #include - grub_addr_t grub_modbase; - -@@ -48,6 +49,67 @@ grub_efi_init (void) + #ifdef GRUB_STACK_PROTECTOR +@@ -114,6 +115,67 @@ grub_efi_init (void) void (*grub_efi_net_config) (grub_efi_handle_t hnd, char **device, char **path); @@ -82,7 +82,7 @@ Index: grub-2.04~rc1/grub-core/kern/efi/init.c void grub_machine_get_bootlocation (char **device, char **path) -@@ -72,6 +134,12 @@ grub_machine_get_bootlocation (char **de +@@ -138,6 +200,12 @@ grub_machine_get_bootlocation (char **de p = grub_strrchr (*path, '/'); if (p) *p = '\0'; diff --git a/grub2-efi-chainload-harder.patch b/grub2-efi-chainload-harder.patch index b1557cf..cf26002 100644 --- a/grub2-efi-chainload-harder.patch +++ b/grub2-efi-chainload-harder.patch @@ -1,12 +1,16 @@ + +v2: +Use grub_efi_get_secureboot to get secure boot status + --- grub-core/loader/efi/chainloader.c | 62 +++++++++++++++++++++---------------- 1 file changed, 36 insertions(+), 26 deletions(-) -Index: grub-2.02~beta2/grub-core/loader/efi/chainloader.c +Index: grub-2.04/grub-core/loader/efi/chainloader.c =================================================================== ---- grub-2.02~beta2.orig/grub-core/loader/efi/chainloader.c -+++ grub-2.02~beta2/grub-core/loader/efi/chainloader.c -@@ -326,40 +326,41 @@ grub_secure_mode (void) +--- grub-2.04.orig/grub-core/loader/efi/chainloader.c ++++ grub-2.04/grub-core/loader/efi/chainloader.c +@@ -286,40 +286,41 @@ grub_secure_validate (void *data, grub_e static grub_efi_boolean_t read_header (void *data, grub_efi_uint32_t size, pe_coff_loader_image_context_t *context) { @@ -71,7 +75,7 @@ Index: grub-2.02~beta2/grub-core/loader/efi/chainloader.c } static void* -@@ -623,6 +624,9 @@ error_exit: +@@ -583,6 +584,9 @@ error_exit: if (buffer) efi_call_1 (b->free_pool, buffer); @@ -81,12 +85,12 @@ Index: grub-2.02~beta2/grub-core/loader/efi/chainloader.c return 0; } -@@ -845,6 +849,19 @@ grub_cmd_chainloader (grub_command_t cmd +@@ -790,6 +794,19 @@ grub_cmd_chainloader (grub_command_t cmd status = efi_call_6 (b->load_image, 0, grub_efi_image_handle, file_path, boot_image, fsize, &image_handle); +#ifdef SUPPORT_SECURE_BOOT -+ if (status == GRUB_EFI_SECURITY_VIOLATION && !grub_secure_mode()) ++ if (status == GRUB_EFI_SECURITY_VIOLATION && grub_efi_get_secureboot () != GRUB_EFI_SECUREBOOT_MODE_ENABLED) + { + /* If it failed with security violation while not in secure boot mode, + the firmware might be broken. We try to workaround on that by forcing diff --git a/grub2-efi-gop-add-blt.patch b/grub2-efi-gop-add-blt.patch deleted file mode 100644 index 7acf273..0000000 --- a/grub2-efi-gop-add-blt.patch +++ /dev/null @@ -1,59 +0,0 @@ -From dc56925653819582777ddc5c761a56f52dddd8f1 Mon Sep 17 00:00:00 2001 -From: Alexander Graf -Date: Wed, 1 Feb 2017 23:10:45 +0100 -Subject: [PATCH] grub-core/video/efi_gop.c: Add support for BLT_ONLY adapters - -EFI GOP has support for multiple different bitness types of frame buffers -and for a special "BLT only" type which is always defined to be RGBx. - -Because grub2 doesn't ever directly access the frame buffer but instead -only renders graphics via the BLT interface anyway, we can easily support -these adapters. - -The reason this has come up now is the emerging support for virtio-gpu -in OVMF. That adapter does not have the notion of a memory mapped frame -buffer and thus is BLT only. - -Signed-off-by: Alexander Graf ---- - grub-core/video/efi_gop.c | 2 ++ - include/grub/efi/graphics_output.h | 3 ++- - 2 files changed, 4 insertions(+), 1 deletion(-) - -diff --git a/grub-core/video/efi_gop.c b/grub-core/video/efi_gop.c -index 7f9d1c2..c9e40e8 100644 ---- a/grub-core/video/efi_gop.c -+++ b/grub-core/video/efi_gop.c -@@ -121,6 +121,7 @@ grub_video_gop_get_bpp (struct grub_efi_gop_mode_info *in) - { - case GRUB_EFI_GOT_BGRA8: - case GRUB_EFI_GOT_RGBA8: -+ case GRUB_EFI_GOT_BLT_ONLY: - return 32; - - case GRUB_EFI_GOT_BITMASK: -@@ -187,6 +188,7 @@ grub_video_gop_fill_real_mode_info (unsigned mode, - switch (in->pixel_format) - { - case GRUB_EFI_GOT_RGBA8: -+ case GRUB_EFI_GOT_BLT_ONLY: - out->red_mask_size = 8; - out->red_field_pos = 0; - out->green_mask_size = 8; -diff --git a/include/grub/efi/graphics_output.h b/include/grub/efi/graphics_output.h -index 1297774..e438812 100644 ---- a/include/grub/efi/graphics_output.h -+++ b/include/grub/efi/graphics_output.h -@@ -28,7 +28,8 @@ typedef enum - { - GRUB_EFI_GOT_RGBA8, - GRUB_EFI_GOT_BGRA8, -- GRUB_EFI_GOT_BITMASK -+ GRUB_EFI_GOT_BITMASK, -+ GRUB_EFI_GOT_BLT_ONLY, - } - grub_efi_gop_pixel_format_t; - --- -1.8.5.6 - diff --git a/grub2-efi-uga-64bit-fb.patch b/grub2-efi-uga-64bit-fb.patch deleted file mode 100644 index da99f8b..0000000 --- a/grub2-efi-uga-64bit-fb.patch +++ /dev/null @@ -1,104 +0,0 @@ -From: Andrei Borzenkov -Subject: [PATCH] efi/uga: use 64 bit for fb_base - -We get 64 bit from PCI BAR but then truncate by assigning to 32 bit. -Make sure to check that pointer does not overflow on 32 bit platform. - -Closes: 50931 - ---- - grub-core/video/efi_uga.c | 31 ++++++++++++++++--------------- - 1 file changed, 16 insertions(+), 15 deletions(-) - -Index: grub-2.02/grub-core/video/efi_uga.c -=================================================================== ---- grub-2.02.orig/grub-core/video/efi_uga.c -+++ grub-2.02/grub-core/video/efi_uga.c -@@ -34,7 +34,7 @@ GRUB_MOD_LICENSE ("GPLv3+"); - - static grub_efi_guid_t uga_draw_guid = GRUB_EFI_UGA_DRAW_GUID; - static struct grub_efi_uga_draw_protocol *uga; --static grub_uint32_t uga_fb; -+static grub_uint64_t uga_fb; - static grub_uint32_t uga_pitch; - - static struct -@@ -52,7 +52,7 @@ static struct - #define FBTEST_COUNT 8 - - static int --find_line_len (grub_uint32_t *fb_base, grub_uint32_t *line_len) -+find_line_len (grub_uint64_t *fb_base, grub_uint32_t *line_len) - { - grub_uint32_t *base = (grub_uint32_t *) (grub_addr_t) *fb_base; - int i; -@@ -67,7 +67,7 @@ find_line_len (grub_uint32_t *fb_base, g - { - if ((base[j] & RGB_MASK) == RGB_MAGIC) - { -- *fb_base = (grub_uint32_t) (grub_addr_t) base; -+ *fb_base = (grub_uint64_t) (grub_addr_t) base; - *line_len = j << 2; - - return 1; -@@ -84,7 +84,7 @@ find_line_len (grub_uint32_t *fb_base, g - /* Context for find_framebuf. */ - struct find_framebuf_ctx - { -- grub_uint32_t *fb_base; -+ grub_uint64_t *fb_base; - grub_uint32_t *line_len; - int found; - }; -@@ -120,7 +120,9 @@ find_card (grub_pci_device_t dev, grub_p - if (i == 5) - break; - -- old_bar2 = grub_pci_read (addr + 4); -+ i++; -+ addr += 4; -+ old_bar2 = grub_pci_read (addr); - } - else - old_bar2 = 0; -@@ -129,10 +131,15 @@ find_card (grub_pci_device_t dev, grub_p - base64 <<= 32; - base64 |= (old_bar1 & GRUB_PCI_ADDR_MEM_MASK); - -- grub_dprintf ("fb", "%s(%d): 0x%llx\n", -+ grub_dprintf ("fb", "%s(%d): 0x%" PRIxGRUB_UINT64_T "\n", - ((old_bar1 & GRUB_PCI_ADDR_MEM_PREFETCH) ? -- "VMEM" : "MMIO"), i, -- (unsigned long long) base64); -+ "VMEM" : "MMIO"), type == GRUB_PCI_ADDR_MEM_TYPE_64 ? i - 1 : i, -+ base64); -+ -+#if GRUB_CPU_SIZEOF_VOID_P == 4 -+ if (old_bar2) -+ continue; -+#endif - - if ((old_bar1 & GRUB_PCI_ADDR_MEM_PREFETCH) && (! ctx->found)) - { -@@ -140,12 +147,6 @@ find_card (grub_pci_device_t dev, grub_p - if (find_line_len (ctx->fb_base, ctx->line_len)) - ctx->found++; - } -- -- if (type == GRUB_PCI_ADDR_MEM_TYPE_64) -- { -- i++; -- addr += 4; -- } - } - } - -@@ -153,7 +154,7 @@ find_card (grub_pci_device_t dev, grub_p - } - - static int --find_framebuf (grub_uint32_t *fb_base, grub_uint32_t *line_len) -+find_framebuf (grub_uint64_t *fb_base, grub_uint32_t *line_len) - { - struct find_framebuf_ctx ctx = { - .fb_base = fb_base, diff --git a/grub2-efi-xen-cfg-unquote.patch b/grub2-efi-xen-cfg-unquote.patch index dd37de6..47e9f0f 100644 --- a/grub2-efi-xen-cfg-unquote.patch +++ b/grub2-efi-xen-cfg-unquote.patch @@ -17,11 +17,11 @@ Signed-off-by: Petr Tesarik util/grub.d/20_linux_xen.in | 54 ++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 52 insertions(+), 2 deletions(-) -Index: grub-2.02~rc1/util/grub.d/20_linux_xen.in +Index: grub-2.06~rc1/util/grub.d/20_linux_xen.in =================================================================== ---- grub-2.02~rc1.orig/util/grub.d/20_linux_xen.in -+++ grub-2.02~rc1/util/grub.d/20_linux_xen.in -@@ -122,6 +122,52 @@ else +--- grub-2.06~rc1.orig/util/grub.d/20_linux_xen.in ++++ grub-2.06~rc1/util/grub.d/20_linux_xen.in +@@ -137,6 +137,52 @@ else is_efi=false fi @@ -73,8 +73,8 @@ Index: grub-2.02~rc1/util/grub.d/20_linux_xen.in + linux_entry () { - os="$1" -@@ -174,11 +220,13 @@ linux_entry () + linux_entry_xsm "$@" false +@@ -205,11 +251,13 @@ linux_entry_xsm () else section="failsafe.$section_count" fi diff --git a/grub2-efi-xen-chainload.patch b/grub2-efi-xen-chainload.patch index 480bb50..776a5cf 100644 --- a/grub2-efi-xen-chainload.patch +++ b/grub2-efi-xen-chainload.patch @@ -26,8 +26,10 @@ V3: util/grub.d/20_linux_xen.in | 109 +++++++++++++++++++++++++++++++++++++++----- 1 file changed, 97 insertions(+), 12 deletions(-) ---- a/util/grub.d/20_linux_xen.in -+++ b/util/grub.d/20_linux_xen.in +Index: grub-2.06~rc1/util/grub.d/20_linux_xen.in +=================================================================== +--- grub-2.06~rc1.orig/util/grub.d/20_linux_xen.in ++++ grub-2.06~rc1/util/grub.d/20_linux_xen.in @@ -21,6 +21,8 @@ prefix="@prefix@" exec_prefix="@exec_prefix@" datarootdir="@datarootdir@" @@ -62,7 +64,7 @@ V3: # loop-AES arranges things so that /dev/loop/X can be our root device, but # the initrds that Linux uses don't like that. case ${GRUB_DEVICE} in -@@ -87,6 +101,32 @@ esac +@@ -97,6 +111,32 @@ esac title_correction_code= @@ -94,8 +96,8 @@ V3: + linux_entry () { - os="$1" -@@ -124,6 +164,40 @@ linux_entry () + linux_entry_xsm "$@" false +@@ -150,6 +190,40 @@ linux_entry_xsm () save_default_entry | grub_add_tab | sed "s/^/$submenu_indentation/" fi @@ -136,7 +138,7 @@ V3: if [ -z "${prepare_boot_cache}" ]; then prepare_boot_cache="$(prepare_grub_to_access_device ${GRUB_DEVICE_BOOT} | grub_add_tab)" fi -@@ -200,16 +274,6 @@ boot_device_id= +@@ -241,16 +315,6 @@ boot_device_id= title_correction_code= @@ -153,7 +155,7 @@ V3: # Extra indentation to add to menu entries in a submenu. We're not in a submenu # yet, so it's empty. In a submenu it will be equal to '\t' (one tab). submenu_indentation="" -@@ -223,6 +287,24 @@ while [ "x${xen_list}" != "x" ] ; do +@@ -264,6 +328,24 @@ while [ "x${xen_list}" != "x" ] ; do xen_dirname=`dirname ${current_xen}` rel_xen_dirname=`make_system_path_relative_to_its_root $xen_dirname` xen_version=`echo $xen_basename | sed -e "s,.gz$,,g;s,^xen-,,g"` @@ -178,7 +180,7 @@ V3: if [ -z "$boot_device_id" ]; then boot_device_id="$(grub_get_device_id "${GRUB_DEVICE}")" fi -@@ -287,7 +369,6 @@ while [ "x${xen_list}" != "x" ] ; do +@@ -373,7 +455,6 @@ while [ "x${xen_list}" != "x" ] ; do if [ x"$is_top_level" != xtrue ]; then echo ' }' fi @@ -186,7 +188,7 @@ V3: done # If at least one kernel was found, then we need to -@@ -297,3 +378,7 @@ if [ x"$is_top_level" != xtrue ]; then +@@ -383,3 +464,7 @@ if [ x"$is_top_level" != xtrue ]; then fi echo "$title_correction_code" diff --git a/grub2-fix-menu-in-xen-host-server.patch b/grub2-fix-menu-in-xen-host-server.patch index 895abdf..bd4106c 100644 --- a/grub2-fix-menu-in-xen-host-server.patch +++ b/grub2-fix-menu-in-xen-host-server.patch @@ -27,11 +27,11 @@ if you need any other custom entries. util/grub.d/20_linux_xen.in | 6 ++++-- 3 files changed, 19 insertions(+), 4 deletions(-) -Index: grub-2.02~beta2/util/grub-mkconfig_lib.in +Index: grub-2.06~rc1/util/grub-mkconfig_lib.in =================================================================== ---- grub-2.02~beta2.orig/util/grub-mkconfig_lib.in -+++ grub-2.02~beta2/util/grub-mkconfig_lib.in -@@ -248,6 +248,11 @@ version_test_gt () +--- grub-2.06~rc1.orig/util/grub-mkconfig_lib.in ++++ grub-2.06~rc1/util/grub-mkconfig_lib.in +@@ -253,6 +253,11 @@ version_test_gt () *.old:*.old) ;; *.old:*) version_test_gt_a="`echo "$version_test_gt_a" | sed -e 's/\.old$//'`" ; version_test_gt_cmp=gt ;; *:*.old) version_test_gt_b="`echo "$version_test_gt_b" | sed -e 's/\.old$//'`" ; version_test_gt_cmp=ge ;; @@ -43,10 +43,10 @@ Index: grub-2.02~beta2/util/grub-mkconfig_lib.in esac version_test_numeric "$version_test_gt_a" "$version_test_gt_cmp" "$version_test_gt_b" return "$?" -Index: grub-2.02~beta2/util/grub.d/20_linux_xen.in +Index: grub-2.06~rc1/util/grub.d/20_linux_xen.in =================================================================== ---- grub-2.02~beta2.orig/util/grub.d/20_linux_xen.in -+++ grub-2.02~beta2/util/grub.d/20_linux_xen.in +--- grub-2.06~rc1.orig/util/grub.d/20_linux_xen.in ++++ grub-2.06~rc1/util/grub.d/20_linux_xen.in @@ -26,6 +26,12 @@ datarootdir="@datarootdir@" export TEXTDOMAIN=@PACKAGE@ export TEXTDOMAINDIR="@localedir@" @@ -60,13 +60,13 @@ Index: grub-2.02~beta2/util/grub.d/20_linux_xen.in CLASS="--class gnu-linux --class gnu --class os --class xen" if [ "x${GRUB_DISTRIBUTOR}" = "x" ] ; then -@@ -166,10 +172,18 @@ file_is_not_sym () { +@@ -210,10 +216,18 @@ file_is_not_xen_garbage () { esac } -xen_list= -for i in /boot/xen*; do -- if grub_file_is_not_garbage "$i" && file_is_not_sym "$i" ; then xen_list="$xen_list $i" ; fi +- if grub_file_is_not_garbage "$i" && file_is_not_xen_garbage "$i" ; then xen_list="$xen_list $i" ; fi -done +# bnc#877040 - Duplicate entries for boot menu created +# only create /boot/xen.gz symlink boot entry @@ -83,11 +83,11 @@ Index: grub-2.02~beta2/util/grub.d/20_linux_xen.in prepare_boot_cache= boot_device_id= -Index: grub-2.02~beta2/util/grub.d/10_linux.in +Index: grub-2.06~rc1/util/grub.d/10_linux.in =================================================================== ---- grub-2.02~beta2.orig/util/grub.d/10_linux.in -+++ grub-2.02~beta2/util/grub.d/10_linux.in -@@ -209,6 +209,40 @@ while [ "x$list" != "x" ] ; do +--- grub-2.06~rc1.orig/util/grub.d/10_linux.in ++++ grub-2.06~rc1/util/grub.d/10_linux.in +@@ -244,6 +244,40 @@ while [ "x$list" != "x" ] ; do fi done diff --git a/grub2-gfxmenu-support-scrolling-menu-entry-s-text.patch b/grub2-gfxmenu-support-scrolling-menu-entry-s-text.patch index ee0677d..70f84bf 100644 --- a/grub2-gfxmenu-support-scrolling-menu-entry-s-text.patch +++ b/grub2-gfxmenu-support-scrolling-menu-entry-s-text.patch @@ -28,10 +28,10 @@ V1: include/grub/menu_viewer.h | 1 + 7 files changed, 112 insertions(+) -Index: grub-2.04/grub-core/gfxmenu/gfxmenu.c +Index: grub-2.06~rc1/grub-core/gfxmenu/gfxmenu.c =================================================================== ---- grub-2.04.orig/grub-core/gfxmenu/gfxmenu.c -+++ grub-2.04/grub-core/gfxmenu/gfxmenu.c +--- grub-2.06~rc1.orig/grub-core/gfxmenu/gfxmenu.c ++++ grub-2.06~rc1/grub-core/gfxmenu/gfxmenu.c @@ -108,6 +108,15 @@ grub_gfxmenu_try (int entry, grub_menu_t view->menu = menu; view->nested = nested; @@ -56,10 +56,10 @@ Index: grub-2.04/grub-core/gfxmenu/gfxmenu.c grub_menu_register_viewer (instance); -Index: grub-2.04/grub-core/gfxmenu/gui_label.c +Index: grub-2.06~rc1/grub-core/gfxmenu/gui_label.c =================================================================== ---- grub-2.04.orig/grub-core/gfxmenu/gui_label.c -+++ grub-2.04/grub-core/gfxmenu/gui_label.c +--- grub-2.06~rc1.orig/grub-core/gfxmenu/gui_label.c ++++ grub-2.06~rc1/grub-core/gfxmenu/gui_label.c @@ -192,6 +192,8 @@ label_set_property (void *vself, const c "or `c' for a command-line."); else if (grub_strcmp (value, "@KEYMAP_SHORT@") == 0) @@ -67,12 +67,12 @@ Index: grub-2.04/grub-core/gfxmenu/gui_label.c + else if (grub_strcmp (value, "@SUSE_KEYMAP_SCROLL_ENTRY@") == 0) + value = _("ctrl+l: scroll entry left, ctrl+r: scroll entry right"); /* FIXME: Add more templates here if needed. */ - self->template = grub_strdup (value); - self->text = grub_xasprintf (value, self->value); -Index: grub-2.04/grub-core/gfxmenu/gui_list.c + + if (grub_printf_fmt_check(value, "%d") != GRUB_ERR_NONE) +Index: grub-2.06~rc1/grub-core/gfxmenu/gui_list.c =================================================================== ---- grub-2.04.orig/grub-core/gfxmenu/gui_list.c -+++ grub-2.04/grub-core/gfxmenu/gui_list.c +--- grub-2.06~rc1.orig/grub-core/gfxmenu/gui_list.c ++++ grub-2.06~rc1/grub-core/gfxmenu/gui_list.c @@ -24,6 +24,7 @@ #include #include @@ -132,10 +132,10 @@ Index: grub-2.04/grub-core/gfxmenu/gui_list.c sviewport.y = item_top + top_pad; sviewport.width = viewport_width; grub_gui_set_viewport (&sviewport, &svpsave); -Index: grub-2.04/grub-core/gfxmenu/view.c +Index: grub-2.06~rc1/grub-core/gfxmenu/view.c =================================================================== ---- grub-2.04.orig/grub-core/gfxmenu/view.c -+++ grub-2.04/grub-core/gfxmenu/view.c +--- grub-2.06~rc1.orig/grub-core/gfxmenu/view.c ++++ grub-2.06~rc1/grub-core/gfxmenu/view.c @@ -37,6 +37,7 @@ #include #include @@ -213,11 +213,11 @@ Index: grub-2.04/grub-core/gfxmenu/view.c static void grub_gfxmenu_draw_terminal_box (void) { -Index: grub-2.04/grub-core/normal/menu.c +Index: grub-2.06~rc1/grub-core/normal/menu.c =================================================================== ---- grub-2.04.orig/grub-core/normal/menu.c -+++ grub-2.04/grub-core/normal/menu.c -@@ -401,6 +401,15 @@ menu_set_chosen_entry (int entry) +--- grub-2.06~rc1.orig/grub-core/normal/menu.c ++++ grub-2.06~rc1/grub-core/normal/menu.c +@@ -400,6 +400,15 @@ menu_set_chosen_entry (int entry) } static void @@ -233,7 +233,7 @@ Index: grub-2.04/grub-core/normal/menu.c menu_print_timeout (int timeout) { struct grub_menu_viewer *cur; -@@ -828,6 +837,13 @@ run_menu (grub_menu_t menu, int nested, +@@ -827,6 +836,13 @@ run_menu (grub_menu_t menu, int nested, menu_set_chosen_entry (current_entry); break; @@ -247,10 +247,10 @@ Index: grub-2.04/grub-core/normal/menu.c case '\n': case '\r': case GRUB_TERM_KEY_RIGHT: -Index: grub-2.04/include/grub/gfxmenu_view.h +Index: grub-2.06~rc1/include/grub/gfxmenu_view.h =================================================================== ---- grub-2.04.orig/include/grub/gfxmenu_view.h -+++ grub-2.04/include/grub/gfxmenu_view.h +--- grub-2.06~rc1.orig/include/grub/gfxmenu_view.h ++++ grub-2.06~rc1/include/grub/gfxmenu_view.h @@ -61,6 +61,8 @@ void grub_gfxmenu_print_timeout (int timeout, void *data); void @@ -269,10 +269,10 @@ Index: grub-2.04/include/grub/gfxmenu_view.h }; #endif /* ! GRUB_GFXMENU_VIEW_HEADER */ -Index: grub-2.04/include/grub/menu_viewer.h +Index: grub-2.06~rc1/include/grub/menu_viewer.h =================================================================== ---- grub-2.04.orig/include/grub/menu_viewer.h -+++ grub-2.04/include/grub/menu_viewer.h +--- grub-2.06~rc1.orig/include/grub/menu_viewer.h ++++ grub-2.06~rc1/include/grub/menu_viewer.h @@ -33,6 +33,7 @@ struct grub_menu_viewer void (*set_chosen_entry) (int entry, void *data); void (*print_timeout) (int timeout, void *data); diff --git a/grub2-install-remove-useless-check-PReP-partition-is-empty.patch b/grub2-install-remove-useless-check-PReP-partition-is-empty.patch index 9b7c876..9fbcf9e 100644 --- a/grub2-install-remove-useless-check-PReP-partition-is-empty.patch +++ b/grub2-install-remove-useless-check-PReP-partition-is-empty.patch @@ -16,11 +16,11 @@ Fixes: cd46aa6cefab ("Rewrite grub-install, grub-mkrescue, util/grub-install.c | 39 ++------------------------------------- 1 file changed, 2 insertions(+), 37 deletions(-) -diff --git a/util/grub-install.c b/util/grub-install.c -index 75e3e5ba6f07..ae859476e3da 100644 ---- a/util/grub-install.c -+++ b/util/grub-install.c -@@ -731,34 +731,6 @@ is_prep_partition (grub_device_t dev) +Index: grub-2.06~rc1/util/grub-install.c +=================================================================== +--- grub-2.06~rc1.orig/util/grub-install.c ++++ grub-2.06~rc1/util/grub-install.c +@@ -756,34 +756,6 @@ is_prep_partition (grub_device_t dev) return 0; } @@ -30,7 +30,7 @@ index 75e3e5ba6f07..ae859476e3da 100644 - grub_disk_addr_t dsize, addr; - grub_uint32_t buffer[32768]; - -- dsize = grub_disk_get_size (dev->disk); +- dsize = grub_disk_native_sectors (dev->disk); - for (addr = 0; addr < dsize; - addr += sizeof (buffer) / GRUB_DISK_SECTOR_SIZE) - { @@ -55,7 +55,7 @@ index 75e3e5ba6f07..ae859476e3da 100644 static void bless (grub_device_t dev, const char *path, int x86) { -@@ -1772,16 +1744,9 @@ main (int argc, char *argv[]) +@@ -1923,16 +1895,9 @@ main (int argc, char *argv[]) { grub_util_error ("%s", _("the chosen partition is not a PReP partition")); } @@ -74,6 +74,3 @@ index 75e3e5ba6f07..ae859476e3da 100644 } grub_device_close (ins_dev); if (update_nvram) --- -2.13.6 - diff --git a/grub2-instdev-fixup.pl b/grub2-instdev-fixup.pl new file mode 100644 index 0000000..dfd809b --- /dev/null +++ b/grub2-instdev-fixup.pl @@ -0,0 +1,336 @@ +#!/usr/bin/perl + +use strict; +use integer; +use bytes; +eval 'use File::Copy qw(copy move)'; +eval 'use File::Temp qw(mkstemp mktemp)'; +eval 'use POSIX qw(uname)'; +eval 'use Cwd qw(realpath)'; + +my $device; +my $diskboot; +my $instdev; +my $diskboot_start; +my $default_backup; +my $default = "/etc/default/grub_installdevice"; +my $debug = 0; + +$debug = 1 if ($ARGV[0] =~ m/^(--debug|-d)$/); + +sub is_part ($) { + my ($dev) = @_; + my $ret; + + $dev = realpath($dev); + if ($dev =~ qr{/dev/(.+)}) { + $ret = 1 if (-e "/sys/class/block/$1/partition"); + } + $ret; +} + +sub is_abstraction ($) { + my ($path) = @_; + my @abs; + + chomp( @abs = qx{grub2-probe --target=abstraction $path} ); + die "Failed to probe $path for target abstraction\n" if ($? != 0); + @abs; +} + +sub default_installdevice () { + my $ret; + + if ( -w $default ) { + open( IN, "< $default") || return; + while ( ) { + chomp; + (m{^/dev}) && ($ret = $_, last); + } + close ( IN ); + } + $ret; +} + +sub new_installdevice ($) { + my ($dev) = @_; + my $cfg; + + die unless (open( IN, "< $default")); + + while ( ) { + if (m{^/dev}) { + $cfg .= "${dev}\n"; + } else { + $cfg .= $_; + } + } + close ( IN ); + + my ($out, $newf) = mkstemp('/tmp/grub.installdevice.XXXXX'); + die unless (print ( $out $cfg)); + close ( $out ); + + $default_backup = mktemp("${default}.old.XXXXX"); + copy($default, $default_backup); + move($newf, $default); +} + +sub is_grub_drive ($$$) { + my ( $prefix, $path, $isdev ) = @_; + my $tgt; + my ($td, $tp); + my ($pd, $pp); + my $pattern = qr{\((hd[0-9]+)?,?((?:gpt|msdos)[0-9]+)?\)}; + + if ($isdev) { + chomp( $tgt = qx{grub2-probe --target=drive -d $path} ); + } else { + chomp( $tgt = qx{grub2-probe --target=drive $path} ); + } + + die "Failed to probe $path for target drive\n" if ($? != 0); + ( $tgt =~ $pattern ) && (($td, $tp) = ($1, $2)) || return ; + ( $prefix =~ $pattern ) && (($pd, $pp) = ($1, $2)) || return ; + return if ($pd && $pd ne $td); + return 1 unless ($tp); + ($pp eq $tp) ? 1 : 0; +} + +sub embed_part_start ($){ + my ($dev) = @_; + my @blk; + my $ret; + + chomp (@blk = qx{lsblk --list --ascii --noheadings --output PATH,PTTYPE,PARTTYPE $dev}); + die "Failed to get block device information for $dev\n" if ($? != 0); + foreach (@blk) { + my ($path, $pttype, $parttype) = split /\s+/; + if ($pttype eq 'dos') { + $ret = 1; + last; + } elsif ($pttype eq 'gpt' && $parttype eq '21686148-6449-6e6f-744e-656564454649') { + if ($path =~ qr{/dev/(.+)}) { + if ( -r "/sys/class/block/$1/start" ) { + chomp ($ret = qx{cat /sys/class/block/$1/start}); + last; + } + } + } + } + + $ret; +} + +sub check_mbr ($) { + my ($dev) = @_; + my $devh; + my $mbr; + + open( $devh, "< $dev" ) or die "$0: cannot open $dev: $!\n"; + sysread( $devh, $mbr, 512 ) == 512 or die "$0: $dev: read error\n"; + close( $devh ); + my( $magic ) = unpack('H4', $mbr); + return if ($magic ne 'eb63'); + + my( $version ) = unpack('x128H4', $mbr); + return if ($version ne '0020'); + + my( $sector_nr ) = unpack('x92L<', $mbr); + return if ($sector_nr ne embed_part_start($dev)); + + my( $drive_nr ) = unpack('x100H2', $mbr); + return if ($drive_nr ne 'ff'); + + $sector_nr; +} + +sub check_diskboot ($$) { + my ($dev, $sector_nr) = @_; + my $devh; + my $diskboot; + my @ret; + + open($devh, "< $dev" ) or die "$0: cannot open $dev: $!\n"; + # print "looks at sector $sector_nr of the same hard drive for core.img\n"; + sysseek($devh, $sector_nr*512, 0) or die "$0: $dev: $!\n"; + # grub-core/boot/i386/pc/diskboot.S + sysread($devh, $diskboot, 512 ) == 512 or die "$0: $dev: read error\n"; + close($devh); + + my( $magic ) = unpack('H8', $diskboot); + # print $magic , "\n"; + + # 5256be1b - upstream diskboot.S + # 5256be63 - trustedgrub2 1.4 + # 5256be56 - diskboot.S with mjg TPM patches (e.g. in openSUSE Tumbleweed) + return if ($magic !~ m/(5256be1b|5256be63|5256be56)/); + + for (1..3) { + my $nr; + my $s = 512 - 12 * $_; + my( $nr_low, $nr_high, $size ) = unpack("x${s}L 8192) ? 8192 : $size; + # Find the last 6 bytes of lzma_decode to find the offset of the lzma_stream: + $off = index( unpack( "H".($r<<1), $core ), 'd1e9dffeffff' ); + if ($off != -1) { + $off >>= 1; + $off += 8; + $off = (($off + 0b1111) >> 4) << 4; + } +} + +sub decomp_lzma ($$) { + my ($core, $off) = @_; + my $comp_size; + my $decomp_size; + my $lzma; + my $lzmah; + my $unlzma; + + # grub-core/boot/i386/pc/startup_raw.S + my $tmpf = "/tmp/lzma_grub.lzma"; + ($comp_size, $decomp_size) = unpack ("x8VV", $core); + $lzma = pack( "CVVx4", 0x5d, 0x00010000, $decomp_size ); + $lzma .= substr( $core, $off, $comp_size ); + + open($lzmah, "> $tmpf") or die "$0: cannot open $tmpf : $!\n"; + binmode $lzmah; + print $lzmah $lzma; + close($lzmah); + + $unlzma = qx{lzcat $tmpf}; + die if ($? != 0); + die "decompressed size mismatch\n" if (length($unlzma) != $decomp_size); + + ($unlzma, $decomp_size); +} + +sub search_prefix (@) { + my ($unlzma, $decomp_size) = @_; + + my ($mod_base) = unpack("x19V", $unlzma); + my ($mod_magic, $mod_off, $mod_sz) = unpack("x$mod_base A4 L< L<", $unlzma); + die "module magic mismatch\n" if ( $mod_magic ne "mimg" ); + die "module out of bound" if ($mod_base + $mod_sz > $decomp_size); + my $mod_start = $mod_base + $mod_off; + my $mod_end = $mod_base + $mod_sz; + my $embed; + my $prefix; + while ($mod_start < ($mod_end - 8)) { + my ($type, $sz) = unpack("x${mod_start} L< L<", $unlzma); + last if ($mod_start + $sz > $mod_end); + last if ($sz < 8); + if ($type == 2) { + ($embed) = unpack(join('', 'x', $mod_start + 8, 'A', $sz - 8), $unlzma); + } elsif ($type == 3) { + ($prefix) = unpack(join('', 'x', $mod_start + 8, 'A', $sz - 8), $unlzma); + } + $sz = (($sz + 0b11) >> 2) << 2; + $mod_start += $sz; + } + + $prefix; +} + +sub part_to_disk ($) { + my ($dev) = @_; + my $ret; + + if ($dev =~ m{/dev/disk/by-uuid/}) { + $dev = realpath($dev); + } + + my @regexp = ( + qr{(/dev/disk/(?:by-id|by-path)/.+)-part[0-9]+}, + qr{(/dev/[a-z]+d[a-z])[0-9]+}, + qr{(/dev/nvme[0-9]+n[0-9]+)p[0-9]+} + ); + + foreach (@regexp) { + if ($dev =~ $_) { + $ret = $1; + last; + } + } + + $ret; +} + +sub get_prefix ($@) { + my ($dev, ($sector_nr, $size)) = @_; + my $devh; + my $core; + my $off; + my $prefix; + + $size <<= 9; + $sector_nr <<= 9; + + open( $devh, "< $dev" ) or die "$0: cannot open $dev: $!\n"; + sysseek( $devh, $sector_nr, 0) or die "$0: $dev: $!\n"; + sysread( $devh, $core, $size ) == $size or die "$0: $dev: read error\n"; + close( $devh ); + + $off = lzma_start($core, $size); + return if ($off == -1); + + $prefix = search_prefix( decomp_lzma($core, $off) ); +} + +eval { + +my @uname = uname(); +die "machine hardware is not x86_64\n" if ($uname[4] ne 'x86_64'); + +die "no install device config or no permission to alter it\n" unless ($instdev = default_installdevice()); +die "/boot is abstraction\n" if (is_abstraction("/boot")); +die "$instdev is NOT partition\n" unless (is_part($instdev)); + +chomp ( $device = qx{grub2-probe --target=disk /boot} ); +die "no disk for /boot\n" unless ( $device ); + +my $sector_nr = check_mbr($device); + +die "$device mbr is not used for suse grub embedding\n" unless ($sector_nr); + +my @core_sectors = check_diskboot($device, $sector_nr); + +die "core image is not single continuous chunk\n" if (@core_sectors != 2); + +die "starting sector of startup_raw $core_sectors[0]" . +" did not follow diskboot $sector_nr\n" if ($core_sectors[0] != $sector_nr + 1); + +my $prefix = get_prefix($device, @core_sectors); + +die "$prefix is not pointing to /boot" unless ($prefix && is_grub_drive ($prefix, '/boot', 0)); + +my $instdisk = part_to_disk($instdev); + +die "cannot determine disk device for $instdev" unless ($instdisk); +die "$instdisk is not grub disk" unless (is_grub_drive($prefix, $instdisk, 1)); + +new_installdevice($instdisk); + +print "The system has been detected using grub in master boot record for booting this updated system with \$prefix=$prefix. However the $default has the install device set to the partition, $instdev. To avoid potential breakage in the application binary interface between grub image and modules, the install device of grub has been changed to use the disk device, $instdisk, to update the master boot record with new grub in order to keep up with the new binary.\n"; + +print "The backup of the original file is $default_backup\n"; + +}; + +print "No fixup required: $@" if ($debug && $@); diff --git a/grub2-lvm-allocate-metadata-buffer-from-raw-contents.patch b/grub2-lvm-allocate-metadata-buffer-from-raw-contents.patch index d8e2beb..be34d12 100644 --- a/grub2-lvm-allocate-metadata-buffer-from-raw-contents.patch +++ b/grub2-lvm-allocate-metadata-buffer-from-raw-contents.patch @@ -1,6 +1,5 @@ -From 87636b6eb33d10fad13739c39128029cde076c03 Mon Sep 17 00:00:00 2001 From: Michael Chang -Date: Mon, 20 Mar 2017 14:59:41 +0800 +Date: Fri, 9 Apr 2021 19:58:24 +0800 Subject: [PATCH] Allocate LVM metadata buffer from raw contents The size reserved for on disk LVM metadata area can be exceedingly large that @@ -10,26 +9,26 @@ within the metadata area as we only need to parse the JSON formatted contents rather than the entire metadata area. This reduced the size significantly and the likelihood to out of memory error. --- - grub-core/disk/lvm.c | 65 ++++++++++++++++++++++++++++++++++++---------------- - 1 file changed, 45 insertions(+), 20 deletions(-) + grub-core/disk/lvm.c | 79 ++++++++++++++++++++++++-------------------- + 1 file changed, 43 insertions(+), 36 deletions(-) diff --git a/grub-core/disk/lvm.c b/grub-core/disk/lvm.c -index 7b265c7..47aae05 100644 +index 8257159b3..1d1a3dcad 100644 --- a/grub-core/disk/lvm.c +++ b/grub-core/disk/lvm.c -@@ -102,9 +102,11 @@ grub_lvm_detect (grub_disk_t disk, - { +@@ -140,9 +140,11 @@ grub_lvm_detect (grub_disk_t disk, grub_err_t err; grub_uint64_t mda_offset, mda_size; + grub_size_t ptr; + grub_uint64_t mda_raw_offset, mda_raw_size; char buf[GRUB_LVM_LABEL_SIZE]; char vg_id[GRUB_LVM_ID_STRLEN+1]; char pv_id[GRUB_LVM_ID_STRLEN+1]; + char mdah_buf[sizeof (struct grub_lvm_mda_header) + sizeof (struct grub_lvm_raw_locn)]; - char *metadatabuf, *p, *q, *vgname; + char *metadatabuf, *mda_end, *vgname; + const char *p, *q; struct grub_lvm_label_header *lh = (struct grub_lvm_label_header *) buf; - struct grub_lvm_pv_header *pvh; -@@ -167,21 +169,15 @@ grub_lvm_detect (grub_disk_t disk, +@@ -220,21 +222,15 @@ grub_lvm_detect (grub_disk_t disk, dlocn++; mda_offset = grub_le_to_cpu64 (dlocn->offset); @@ -39,7 +38,7 @@ index 7b265c7..47aae05 100644 first one. */ - - /* Allocate buffer space for the circular worst-case scenario. */ -- metadatabuf = grub_malloc (2 * mda_size); +- metadatabuf = grub_calloc (2, mda_size); - if (! metadatabuf) + err = grub_disk_read (disk, 0, mda_offset, sizeof (mdah_buf), mdah_buf); + if (err) @@ -54,7 +53,7 @@ index 7b265c7..47aae05 100644 if ((grub_strncmp ((char *)mdah->magic, GRUB_LVM_FMTT_MAGIC, sizeof (mdah->magic))) || (grub_le_to_cpu32 (mdah->version) != GRUB_LVM_FMTT_VERSION)) -@@ -191,26 +187,55 @@ grub_lvm_detect (grub_disk_t disk, +@@ -244,42 +240,58 @@ grub_lvm_detect (grub_disk_t disk, #ifdef GRUB_UTIL grub_util_info ("unknown LVM metadata header"); #endif @@ -63,30 +62,46 @@ index 7b265c7..47aae05 100644 } rlocn = mdah->raw_locns; -- if (grub_le_to_cpu64 (rlocn->offset) + grub_le_to_cpu64 (rlocn->size) > -- grub_le_to_cpu64 (mdah->size)) +- if (grub_le_to_cpu64 (rlocn->offset) >= grub_le_to_cpu64 (mda_size)) + + mda_size = grub_le_to_cpu64 (mdah->size); + mda_raw_size = grub_le_to_cpu64 (rlocn->size); + mda_raw_offset = grub_le_to_cpu64 (rlocn->offset); + ++ if (mda_raw_offset >= mda_size) + { + #ifdef GRUB_UTIL + grub_util_info ("metadata offset is beyond end of metadata area"); + #endif +- goto fail2; ++ goto fail; + } + +- if (grub_le_to_cpu64 (rlocn->offset) + grub_le_to_cpu64 (rlocn->size) > +- grub_le_to_cpu64 (mdah->size)) + metadatabuf = grub_malloc (mda_raw_size); + + if (! metadatabuf) + goto fail; + -+ if (mda_raw_offset > mda_size) -+ goto fail2; -+ + if (mda_raw_offset + mda_raw_size > mda_size) { +- if (2 * mda_size < GRUB_LVM_MDA_HEADER_SIZE || +- (grub_le_to_cpu64 (rlocn->offset) + grub_le_to_cpu64 (rlocn->size) - +- grub_le_to_cpu64 (mdah->size) > mda_size - GRUB_LVM_MDA_HEADER_SIZE)) +- { +-#ifdef GRUB_UTIL +- grub_util_info ("cannot copy metadata wrap in circular buffer"); +-#endif +- goto fail2; +- } + err = grub_disk_read (disk, 0, + mda_offset + mda_raw_offset, + mda_size - mda_raw_offset, + metadatabuf); + if (err) + goto fail2; -+ + /* Metadata is circular. Copy the wrap in place. */ - grub_memcpy (metadatabuf + mda_size, - metadatabuf + GRUB_LVM_MDA_HEADER_SIZE, @@ -109,18 +124,25 @@ index 7b265c7..47aae05 100644 + if (err) + goto fail2; } -- p = q = metadatabuf + grub_le_to_cpu64 (rlocn->offset); + +- if (grub_add ((grub_size_t)metadatabuf, +- (grub_size_t)grub_le_to_cpu64 (rlocn->offset), +- &ptr)) + p = q = metadatabuf; - -- while (*q != ' ' && q < metadatabuf + mda_size) -+ while (*q != ' ' && q < metadatabuf + mda_raw_size) - q++; - -- if (q == metadatabuf + mda_size) -+ if (q == metadatabuf + mda_raw_size) ++ ++ if (grub_add ((grub_size_t)metadatabuf, (grub_size_t)mda_raw_size, &ptr)) { + error_parsing_metadata: #ifdef GRUB_UTIL - grub_util_info ("error parsing metadata"); --- -2.6.6 - +@@ -288,11 +300,6 @@ grub_lvm_detect (grub_disk_t disk, + goto fail2; + } + +- p = q = (char *)ptr; +- +- if (grub_add ((grub_size_t)metadatabuf, (grub_size_t)mda_size, &ptr)) +- goto error_parsing_metadata; +- + mda_end = (char *)ptr; + + while (*q != ' ' && q < mda_end) diff --git a/grub2-mkconfig-default-entry-correction.patch b/grub2-mkconfig-default-entry-correction.patch index 3f05a3a..65bd85f 100644 --- a/grub2-mkconfig-default-entry-correction.patch +++ b/grub2-mkconfig-default-entry-correction.patch @@ -1,12 +1,12 @@ -Index: grub-2.02~beta2/util/grub-mkconfig.in +Index: grub-2.06~rc1/util/grub-mkconfig.in =================================================================== ---- grub-2.02~beta2.orig/util/grub-mkconfig.in -+++ grub-2.02~beta2/util/grub-mkconfig.in -@@ -311,6 +311,11 @@ and /etc/grub.d/* files or please file a - else +--- grub-2.06~rc1.orig/util/grub-mkconfig.in ++++ grub-2.06~rc1/util/grub-mkconfig.in +@@ -347,6 +347,11 @@ and /etc/grub.d/* files or please file a # none of the children aborted with error, install the new grub.cfg - mv -f ${grub_cfg}.new ${grub_cfg} -+ # check if default entry need to be corrected for updated distributor version + cat ${grub_cfg}.new > ${grub_cfg} + rm -f ${grub_cfg}.new ++ # check if default entry need to be corrected for updated distributor version + # and/or use fallback entry if default kernel entry removed + if test -x /usr/sbin/grub2-check-default; then + /usr/sbin/grub2-check-default >&2 diff --git a/grub2-pass-corret-root-for-nfsroot.patch b/grub2-pass-corret-root-for-nfsroot.patch index 372a3fb..778a3cc 100644 --- a/grub2-pass-corret-root-for-nfsroot.patch +++ b/grub2-pass-corret-root-for-nfsroot.patch @@ -18,11 +18,11 @@ v2: Filter out autofs and securityfs from /proc/self/mountinfo (bsc#1069094) util/grub-mkconfig.in | 37 ++++++++++++++++++++++++++++++------- 1 files changed, 30 insertions(+), 7 deletions(-) -Index: grub-2.04~rc1/util/grub-mkconfig.in +Index: grub-2.06~rc1/util/grub-mkconfig.in =================================================================== ---- grub-2.04~rc1.orig/util/grub-mkconfig.in -+++ grub-2.04~rc1/util/grub-mkconfig.in -@@ -131,23 +131,51 @@ else +--- grub-2.06~rc1.orig/util/grub-mkconfig.in ++++ grub-2.06~rc1/util/grub-mkconfig.in +@@ -131,14 +131,27 @@ else exit 1 fi @@ -34,10 +34,7 @@ Index: grub-2.04~rc1/util/grub-mkconfig.in + while read line ; do + part1=`echo $line | sed -e 's! - .*$!!'` + part2=`echo $line | sed -n -e 's! - \(.*\)$!\n\1!p' | sed 1d` - --# Device containing our /boot partition. Usually the same as GRUB_DEVICE. --GRUB_DEVICE_BOOT="`${grub_probe} --target=device /boot`" --GRUB_DEVICE_BOOT_UUID="`${grub_probe} --device ${GRUB_DEVICE_BOOT} --target=fs_uuid 2> /dev/null`" || true ++ + set -- $part1 + path=$5 + @@ -52,12 +49,21 @@ Index: grub-2.04~rc1/util/grub-mkconfig.in + fi + done +} -+ + +-# Device containing our /boot partition. Usually the same as GRUB_DEVICE. +-GRUB_DEVICE_BOOT="`${grub_probe} --target=device /boot`" +-GRUB_DEVICE_BOOT_UUID="`${grub_probe} --device ${GRUB_DEVICE_BOOT} --target=fs_uuid 2> /dev/null`" || true +NFSROOT_DEVICE="`awk '($9!="autofs")&&($9!="securityfs")' /proc/self/mountinfo | probe_nfsroot_device`" + # Disable os-prober by default due to security reasons. + GRUB_DISABLE_OS_PROBER="true" +@@ -146,11 +159,26 @@ GRUB_DISABLE_OS_PROBER="true" # Filesystem for the device containing our userland. Used for stuff like # choosing Hurd filesystem module. GRUB_FS="`${grub_probe} --device ${GRUB_DEVICE} --target=fs 2> /dev/null || echo unknown`" +- +-if [ x"$GRUB_FS" = xunknown ]; then +- GRUB_FS="$(stat -f -c %T / || echo unknown)" +if [ "x${NFSROOT_DEVICE}" != "x" ]; then + GRUB_DEVICE="" + GRUB_DEVICE_UUID="" @@ -68,9 +74,7 @@ Index: grub-2.04~rc1/util/grub-mkconfig.in + GRUB_DEVICE="`${grub_probe} --target=device /`" + GRUB_DEVICE_UUID="`${grub_probe} --device ${GRUB_DEVICE} --target=fs_uuid 2> /dev/null`" || true + GRUB_DEVICE_PARTUUID="`${grub_probe} --device ${GRUB_DEVICE} --target=partuuid 2> /dev/null`" || true - --if [ x"$GRUB_FS" = xunknown ]; then -- GRUB_FS="$(stat -f -c %T / || echo unknown)" ++ + if [ x"$GRUB_FS" = x ] || [ x"$GRUB_FS" = xunknown ]; then + GRUB_FS="$(stat -f -c %T / || echo unknown)" + fi @@ -83,10 +87,10 @@ Index: grub-2.04~rc1/util/grub-mkconfig.in # Provide a default set of stock linux early initrd images. # Define here so the list can be modified in the sourced config file. if [ "x${GRUB_EARLY_INITRD_LINUX_STOCK}" = "x" ]; then -Index: grub-2.04~rc1/util/grub.d/10_linux.in +Index: grub-2.06~rc1/util/grub.d/10_linux.in =================================================================== ---- grub-2.04~rc1.orig/util/grub.d/10_linux.in -+++ grub-2.04~rc1/util/grub.d/10_linux.in +--- grub-2.06~rc1.orig/util/grub.d/10_linux.in ++++ grub-2.06~rc1/util/grub.d/10_linux.in @@ -86,6 +86,12 @@ linux_entry () type="$3" args="$4" @@ -109,23 +113,23 @@ Index: grub-2.04~rc1/util/grub.d/10_linux.in EOF if test -n "${initrd}" ; then # TRANSLATORS: ramdisk isn't identifier. Should be translated. -Index: grub-2.04~rc1/util/grub.d/20_linux_xen.in +Index: grub-2.06~rc1/util/grub.d/20_linux_xen.in =================================================================== ---- grub-2.04~rc1.orig/util/grub.d/20_linux_xen.in -+++ grub-2.04~rc1/util/grub.d/20_linux_xen.in -@@ -101,6 +101,11 @@ linux_entry () - type="$4" +--- grub-2.06~rc1.orig/util/grub.d/20_linux_xen.in ++++ grub-2.06~rc1/util/grub.d/20_linux_xen.in +@@ -107,6 +107,11 @@ linux_entry_xsm () args="$5" xen_args="$6" + xsm="$7" + if [ -n "${linux_root_device_thisversion}" ]; then + root_device="root=${linux_root_device_thisversion}" + else + root_device="" + fi - if [ -z "$boot_device_id" ]; then - boot_device_id="$(grub_get_device_id "${GRUB_DEVICE}")" - fi -@@ -140,7 +145,7 @@ linux_entry () + # If user wants to enable XSM support, make sure there's + # corresponding policy file. + if ${xsm} ; then +@@ -157,7 +162,7 @@ linux_entry_xsm () fi ${xen_loader} ${rel_xen_dirname}/${xen_basename} placeholder ${xen_args} \${xen_rm_opts} echo '$(echo "$lmessage" | grub_quote)' diff --git a/grub2-s390x-03-output-7-bit-ascii.patch b/grub2-s390x-03-output-7-bit-ascii.patch index d834954..57177f3 100644 --- a/grub2-s390x-03-output-7-bit-ascii.patch +++ b/grub2-s390x-03-output-7-bit-ascii.patch @@ -13,8 +13,10 @@ Vn+2: include/grub/term.h | 4 5 files changed, 294 insertions(+), 12 deletions(-) ---- a/grub-core/osdep/unix/emuconsole.c -+++ b/grub-core/osdep/unix/emuconsole.c +Index: grub-2.06~rc1/grub-core/osdep/unix/emuconsole.c +=================================================================== +--- grub-2.06~rc1.orig/grub-core/osdep/unix/emuconsole.c ++++ grub-2.06~rc1/grub-core/osdep/unix/emuconsole.c @@ -39,17 +39,61 @@ #include @@ -325,8 +327,10 @@ Vn+2: + } saved_orig = 0; } ---- a/grub-core/normal/menu_text.c -+++ b/grub-core/normal/menu_text.c +Index: grub-2.06~rc1/grub-core/normal/menu_text.c +=================================================================== +--- grub-2.06~rc1.orig/grub-core/normal/menu_text.c ++++ grub-2.06~rc1/grub-core/normal/menu_text.c @@ -113,6 +113,7 @@ draw_border (struct grub_term_output *te { int i; @@ -393,7 +397,7 @@ Vn+2: + if ((data->term->flags & GRUB_TERM_DUMB) && title[0] == '\0') + return; + - unicode_title = grub_malloc (title_len * sizeof (*unicode_title)); + unicode_title = grub_calloc (title_len, sizeof (*unicode_title)); if (! unicode_title) /* XXX How to show this error? */ @@ -244,6 +264,14 @@ print_entry (int y, int highlight, grub_ @@ -411,7 +415,7 @@ Vn+2: grub_print_ucs4_menu (unicode_title, unicode_title + len, 0, -@@ -413,6 +441,8 @@ grub_menu_init_page (int nested, int edi +@@ -416,6 +444,8 @@ grub_menu_init_page (int nested, int edi grub_term_highlight_color = old_color_highlight; geo->timeout_y = geo->first_entry_y + geo->num_entries + geo->border + empty_lines; @@ -420,7 +424,7 @@ Vn+2: if (bottom_message) { grub_term_gotoxy (term, -@@ -422,6 +452,8 @@ grub_menu_init_page (int nested, int edi +@@ -425,6 +455,8 @@ grub_menu_init_page (int nested, int edi print_message (nested, edit, term, 0); geo->timeout_y += msg_num_lines; } @@ -429,7 +433,7 @@ Vn+2: geo->right_margin = grub_term_width (term) - geo->first_entry_x - geo->entry_width - 1; -@@ -433,12 +465,19 @@ menu_text_print_timeout (int timeout, vo +@@ -436,12 +468,19 @@ menu_text_print_timeout (int timeout, vo struct menu_viewer_data *data = dataptr; char *msg_translated = 0; @@ -451,7 +455,7 @@ Vn+2: else msg_translated = grub_xasprintf (_("The highlighted entry will be executed automatically in %ds."), timeout); if (!msg_translated) -@@ -468,6 +507,8 @@ menu_text_print_timeout (int timeout, vo +@@ -471,6 +510,8 @@ menu_text_print_timeout (int timeout, vo data->term); grub_free (msg_translated); @@ -460,7 +464,7 @@ Vn+2: grub_term_gotoxy (data->term, (struct grub_term_coordinate) { grub_term_cursor_x (&data->geo), -@@ -495,7 +536,7 @@ menu_text_set_chosen_entry (int entry, v +@@ -498,7 +539,7 @@ menu_text_set_chosen_entry (int entry, v data->first = entry; complete_redraw = 1; } @@ -469,7 +473,7 @@ Vn+2: print_entries (data->menu, data); else { -@@ -525,6 +566,9 @@ menu_text_clear_timeout (void *dataptr) +@@ -528,6 +569,9 @@ menu_text_clear_timeout (void *dataptr) struct menu_viewer_data *data = dataptr; int i; @@ -479,8 +483,10 @@ Vn+2: for (i = 0; i < data->geo.timeout_lines;i++) { grub_term_gotoxy (data->term, (struct grub_term_coordinate) { ---- a/grub-core/normal/term.c -+++ b/grub-core/normal/term.c +Index: grub-2.06~rc1/grub-core/normal/term.c +=================================================================== +--- grub-2.06~rc1.orig/grub-core/normal/term.c ++++ grub-2.06~rc1/grub-core/normal/term.c @@ -981,7 +981,7 @@ grub_print_ucs4_menu (const grub_uint32_ { print_ucs4_real (str, last_position, margin_left, margin_right, @@ -490,9 +496,11 @@ Vn+2: } void ---- a/grub-core/kern/emu/main.c -+++ b/grub-core/kern/emu/main.c -@@ -174,6 +174,12 @@ static struct argp argp = { +Index: grub-2.06~rc1/grub-core/kern/emu/main.c +=================================================================== +--- grub-2.06~rc1.orig/grub-core/kern/emu/main.c ++++ grub-2.06~rc1/grub-core/kern/emu/main.c +@@ -190,6 +190,12 @@ static struct argp argp = { NULL, help_filter, NULL }; @@ -505,7 +513,7 @@ Vn+2: #pragma GCC diagnostic ignored "-Wmissing-prototypes" -@@ -212,7 +218,7 @@ main (int argc, char *argv[]) +@@ -259,7 +265,7 @@ main (int argc, char *argv[]) sleep (1); } @@ -514,9 +522,11 @@ Vn+2: grub_console_init (); grub_host_init (); ---- a/include/grub/term.h -+++ b/include/grub/term.h -@@ -99,8 +99,10 @@ grub_term_color_state; +Index: grub-2.06~rc1/include/grub/term.h +=================================================================== +--- grub-2.06~rc1.orig/include/grub/term.h ++++ grub-2.06~rc1/include/grub/term.h +@@ -102,8 +102,10 @@ grub_term_color_state; #define GRUB_TERM_NO_EDIT (1 << 1) /* Set when the terminal cannot do fancy things. */ #define GRUB_TERM_DUMB (1 << 2) diff --git a/grub2-s390x-04-grub2-install.patch b/grub2-s390x-04-grub2-install.patch index 0549122..d62dcab 100644 --- a/grub2-s390x-04-grub2-install.patch +++ b/grub2-s390x-04-grub2-install.patch @@ -71,11 +71,11 @@ V19: util/s390x/zipl2grub.pl.in | 423 +++++++++++++++++++++++++++++++++ 14 files changed, 908 insertions(+), 3 deletions(-) -Index: grub-2.04~rc1/Makefile.util.def +Index: grub-2.06~rc1/Makefile.util.def =================================================================== ---- grub-2.04~rc1.orig/Makefile.util.def -+++ grub-2.04~rc1/Makefile.util.def -@@ -362,6 +362,7 @@ program = { +--- grub-2.06~rc1.orig/Makefile.util.def ++++ grub-2.06~rc1/Makefile.util.def +@@ -374,6 +374,7 @@ program = { ldadd = grub-core/lib/gnulib/libgnu.a; ldadd = '$(LIBINTL) $(LIBDEVMAPPER) $(LIBUTIL) $(LIBZFS) $(LIBNVPAIR) $(LIBGEOM)'; cppflags = '-DGRUB_SETUP_FUNC=grub_util_bios_setup'; @@ -83,7 +83,7 @@ Index: grub-2.04~rc1/Makefile.util.def }; program = { -@@ -382,6 +383,7 @@ program = { +@@ -394,6 +395,7 @@ program = { ldadd = grub-core/lib/gnulib/libgnu.a; ldadd = '$(LIBINTL) $(LIBDEVMAPPER) $(LIBUTIL) $(LIBZFS) $(LIBNVPAIR) $(LIBGEOM)'; cppflags = '-DGRUB_SETUP_FUNC=grub_util_sparc_setup'; @@ -91,7 +91,7 @@ Index: grub-2.04~rc1/Makefile.util.def }; program = { -@@ -397,6 +399,7 @@ program = { +@@ -409,6 +411,7 @@ program = { ldadd = libgrubkern.a; ldadd = grub-core/lib/gnulib/libgnu.a; ldadd = '$(LIBINTL) $(LIBDEVMAPPER) $(LIBUTIL) $(LIBZFS) $(LIBNVPAIR) $(LIBGEOM)'; @@ -99,7 +99,7 @@ Index: grub-2.04~rc1/Makefile.util.def }; program = { -@@ -427,6 +430,7 @@ program = { +@@ -439,6 +442,7 @@ program = { ldadd = libgrubkern.a; ldadd = grub-core/lib/gnulib/libgnu.a; ldadd = '$(LIBINTL) $(LIBDEVMAPPER) $(LIBUTIL) $(LIBZFS) $(LIBNVPAIR) $(LIBGEOM)'; @@ -107,7 +107,7 @@ Index: grub-2.04~rc1/Makefile.util.def }; data = { -@@ -638,6 +642,7 @@ program = { +@@ -656,6 +660,7 @@ program = { common = grub-core/disk/host.c; common = util/resolve.c; @@ -115,7 +115,7 @@ Index: grub-2.04~rc1/Makefile.util.def common = grub-core/kern/emu/argp_common.c; common = grub-core/osdep/init.c; -@@ -707,6 +712,46 @@ script = { +@@ -725,6 +730,46 @@ script = { }; script = { @@ -162,7 +162,7 @@ Index: grub-2.04~rc1/Makefile.util.def name = grub-mkconfig_lib; common = util/grub-mkconfig_lib.in; installdir = noinst; -@@ -1324,6 +1369,7 @@ program = { +@@ -1342,6 +1387,7 @@ program = { ldadd = libgrubkern.a; ldadd = grub-core/lib/gnulib/libgnu.a; ldadd = '$(LIBINTL) $(LIBDEVMAPPER) $(LIBZFS) $(LIBNVPAIR) $(LIBGEOM)'; @@ -170,11 +170,11 @@ Index: grub-2.04~rc1/Makefile.util.def }; program = { -Index: grub-2.04~rc1/configure.ac +Index: grub-2.06~rc1/configure.ac =================================================================== ---- grub-2.04~rc1.orig/configure.ac -+++ grub-2.04~rc1/configure.ac -@@ -197,9 +197,9 @@ if test x$platform != xemu ; then +--- grub-2.06~rc1.orig/configure.ac ++++ grub-2.06~rc1/configure.ac +@@ -206,9 +206,9 @@ if test x$platform != xemu ; then esac fi @@ -187,7 +187,7 @@ Index: grub-2.04~rc1/configure.ac case "$target_os" in windows* | mingw32*) target_os=cygwin ;; -@@ -1941,6 +1941,9 @@ AM_CONDITIONAL([COND_riscv32], [test x$t +@@ -1999,6 +1999,9 @@ AM_CONDITIONAL([COND_riscv32], [test x$t AM_CONDITIONAL([COND_riscv64], [test x$target_cpu = xriscv64 ]) AM_CONDITIONAL([COND_riscv32_efi], [test x$target_cpu = xriscv32 -a x$platform = xefi]) AM_CONDITIONAL([COND_riscv64_efi], [test x$target_cpu = xriscv64 -a x$platform = xefi]) @@ -197,11 +197,11 @@ Index: grub-2.04~rc1/configure.ac AM_CONDITIONAL([COND_HOST_HURD], [test x$host_kernel = xhurd]) AM_CONDITIONAL([COND_HOST_LINUX], [test x$host_kernel = xlinux]) -Index: grub-2.04~rc1/grub-core/Makefile.core.def +Index: grub-2.06~rc1/grub-core/Makefile.core.def =================================================================== ---- grub-2.04~rc1.orig/grub-core/Makefile.core.def -+++ grub-2.04~rc1/grub-core/Makefile.core.def -@@ -1139,6 +1139,7 @@ module = { +--- grub-2.06~rc1.orig/grub-core/Makefile.core.def ++++ grub-2.06~rc1/grub-core/Makefile.core.def +@@ -1147,6 +1147,7 @@ module = { module = { name = videotest; common = commands/videotest.c; @@ -209,7 +209,7 @@ Index: grub-2.04~rc1/grub-core/Makefile.core.def }; module = { -@@ -1571,6 +1572,7 @@ module = { +@@ -1596,6 +1597,7 @@ module = { common = gfxmenu/gui_progress_bar.c; common = gfxmenu/gui_util.c; common = gfxmenu/gui_string_util.c; @@ -217,7 +217,7 @@ Index: grub-2.04~rc1/grub-core/Makefile.core.def }; module = { -@@ -2006,11 +2008,13 @@ module = { +@@ -2030,11 +2032,13 @@ module = { name = gfxterm; common = term/gfxterm.c; enable = videomodules; @@ -231,7 +231,7 @@ Index: grub-2.04~rc1/grub-core/Makefile.core.def }; module = { -@@ -2131,6 +2135,7 @@ module = { +@@ -2155,6 +2159,7 @@ module = { enable = x86_64_efi; enable = emu; enable = xen; @@ -239,7 +239,7 @@ Index: grub-2.04~rc1/grub-core/Makefile.core.def }; module = { -@@ -2177,6 +2182,7 @@ module = { +@@ -2201,6 +2206,7 @@ module = { module = { name = gfxterm_menu; common = tests/gfxterm_menu.c; @@ -247,7 +247,7 @@ Index: grub-2.04~rc1/grub-core/Makefile.core.def }; module = { -@@ -2330,6 +2336,7 @@ module = { +@@ -2354,6 +2360,7 @@ module = { enable = x86_64_efi; enable = emu; enable = xen; @@ -255,10 +255,10 @@ Index: grub-2.04~rc1/grub-core/Makefile.core.def }; module = { -Index: grub-2.04~rc1/grub-core/osdep/basic/no_platform.c +Index: grub-2.06~rc1/grub-core/osdep/basic/no_platform.c =================================================================== ---- grub-2.04~rc1.orig/grub-core/osdep/basic/no_platform.c -+++ grub-2.04~rc1/grub-core/osdep/basic/no_platform.c +--- grub-2.06~rc1.orig/grub-core/osdep/basic/no_platform.c ++++ grub-2.06~rc1/grub-core/osdep/basic/no_platform.c @@ -44,3 +44,10 @@ grub_install_sgi_setup (const char *inst { grub_util_error ("%s", _("no SGI routines are available for your platform")); @@ -270,10 +270,10 @@ Index: grub-2.04~rc1/grub-core/osdep/basic/no_platform.c + grub_util_error ("%s", _("no zIPL routines are available for your platform")); +} + -Index: grub-2.04~rc1/grub-core/osdep/unix/platform.c +Index: grub-2.06~rc1/grub-core/osdep/unix/platform.c =================================================================== ---- grub-2.04~rc1.orig/grub-core/osdep/unix/platform.c -+++ grub-2.04~rc1/grub-core/osdep/unix/platform.c +--- grub-2.06~rc1.orig/grub-core/osdep/unix/platform.c ++++ grub-2.06~rc1/grub-core/osdep/unix/platform.c @@ -239,3 +239,14 @@ grub_install_sgi_setup (const char *inst imgfile, destname, NULL }); grub_util_warn ("%s", _("You will have to set `SystemPartition' and `OSLoader' manually.")); @@ -289,10 +289,10 @@ Index: grub-2.04~rc1/grub-core/osdep/unix/platform.c + "-z", dest, NULL })) + grub_util_error (_("`%s' failed.\n"), PACKAGE"-zipl-setup"); +} -Index: grub-2.04~rc1/grub-core/osdep/windows/platform.c +Index: grub-2.06~rc1/grub-core/osdep/windows/platform.c =================================================================== ---- grub-2.04~rc1.orig/grub-core/osdep/windows/platform.c -+++ grub-2.04~rc1/grub-core/osdep/windows/platform.c +--- grub-2.06~rc1.orig/grub-core/osdep/windows/platform.c ++++ grub-2.06~rc1/grub-core/osdep/windows/platform.c @@ -424,3 +424,9 @@ grub_install_sgi_setup (const char *inst { grub_util_error ("%s", _("no SGI routines are available for your platform")); @@ -303,11 +303,11 @@ Index: grub-2.04~rc1/grub-core/osdep/windows/platform.c +{ + grub_util_error ("%s", _("no zIPL routines are available for your platform")); +} -Index: grub-2.04~rc1/include/grub/util/install.h +Index: grub-2.06~rc1/include/grub/util/install.h =================================================================== ---- grub-2.04~rc1.orig/include/grub/util/install.h -+++ grub-2.04~rc1/include/grub/util/install.h -@@ -105,6 +105,7 @@ enum grub_install_plat +--- grub-2.06~rc1.orig/include/grub/util/install.h ++++ grub-2.06~rc1/include/grub/util/install.h +@@ -109,6 +109,7 @@ enum grub_install_plat GRUB_INSTALL_PLATFORM_ARM_COREBOOT, GRUB_INSTALL_PLATFORM_RISCV32_EFI, GRUB_INSTALL_PLATFORM_RISCV64_EFI, @@ -315,7 +315,7 @@ Index: grub-2.04~rc1/include/grub/util/install.h GRUB_INSTALL_PLATFORM_MAX }; -@@ -229,6 +230,9 @@ void +@@ -236,6 +237,9 @@ void grub_install_sgi_setup (const char *install_device, const char *imgfile, const char *destname); @@ -325,11 +325,11 @@ Index: grub-2.04~rc1/include/grub/util/install.h int grub_install_compress_gzip (const char *src, const char *dest); int -Index: grub-2.04~rc1/util/grub-install-common.c +Index: grub-2.06~rc1/util/grub-install-common.c =================================================================== ---- grub-2.04~rc1.orig/util/grub-install-common.c -+++ grub-2.04~rc1/util/grub-install-common.c -@@ -737,6 +737,7 @@ static struct +--- grub-2.06~rc1.orig/util/grub-install-common.c ++++ grub-2.06~rc1/util/grub-install-common.c +@@ -776,6 +776,7 @@ static struct [GRUB_INSTALL_PLATFORM_ARM_COREBOOT] = { "arm", "coreboot" }, [GRUB_INSTALL_PLATFORM_RISCV32_EFI] = { "riscv32", "efi" }, [GRUB_INSTALL_PLATFORM_RISCV64_EFI] = { "riscv64", "efi" }, @@ -337,10 +337,10 @@ Index: grub-2.04~rc1/util/grub-install-common.c }; char * -Index: grub-2.04~rc1/util/grub-install.c +Index: grub-2.06~rc1/util/grub-install.c =================================================================== ---- grub-2.04~rc1.orig/util/grub-install.c -+++ grub-2.04~rc1/util/grub-install.c +--- grub-2.06~rc1.orig/util/grub-install.c ++++ grub-2.06~rc1/util/grub-install.c @@ -66,6 +66,7 @@ static int force_file_id = 0; static char *disk_module = NULL; static char *efidir = NULL; @@ -378,16 +378,16 @@ Index: grub-2.04~rc1/util/grub-install.c {"label-font", OPTION_LABEL_FONT, N_("FILE"), 0, N_("use FILE as font for label"), 2}, {"label-color", OPTION_LABEL_COLOR, N_("COLOR"), 0, N_("use COLOR for label"), 2}, {"label-bgcolor", OPTION_LABEL_BGCOLOR, N_("COLOR"), 0, N_("use COLOR for label background"), 2}, -@@ -324,6 +333,8 @@ get_default_platform (void) - return "arm64-efi"; - #elif defined (__amd64__) || defined (__x86_64__) || defined (__i386__) - return grub_install_get_default_x86_platform (); +@@ -332,6 +341,8 @@ get_default_platform (void) + #else + return NULL; + #endif +#elif defined (__s390x__) + return "s390x-emu"; #else return NULL; #endif -@@ -499,6 +510,8 @@ have_bootdev (enum grub_install_plat pl) +@@ -507,6 +518,8 @@ have_bootdev (enum grub_install_plat pl) case GRUB_INSTALL_PLATFORM_I386_XEN: case GRUB_INSTALL_PLATFORM_X86_64_XEN: case GRUB_INSTALL_PLATFORM_I386_XEN_PVH: @@ -396,7 +396,7 @@ Index: grub-2.04~rc1/util/grub-install.c return 0; /* pacify warning. */ -@@ -914,6 +927,7 @@ main (int argc, char *argv[]) +@@ -922,6 +935,7 @@ main (int argc, char *argv[]) case GRUB_INSTALL_PLATFORM_I386_XEN: case GRUB_INSTALL_PLATFORM_X86_64_XEN: case GRUB_INSTALL_PLATFORM_I386_XEN_PVH: @@ -404,7 +404,7 @@ Index: grub-2.04~rc1/util/grub-install.c break; case GRUB_INSTALL_PLATFORM_I386_QEMU: -@@ -964,6 +978,7 @@ main (int argc, char *argv[]) +@@ -972,6 +986,7 @@ main (int argc, char *argv[]) case GRUB_INSTALL_PLATFORM_I386_XEN: case GRUB_INSTALL_PLATFORM_X86_64_XEN: case GRUB_INSTALL_PLATFORM_I386_XEN_PVH: @@ -412,7 +412,7 @@ Index: grub-2.04~rc1/util/grub-install.c free (install_device); install_device = NULL; break; -@@ -1239,6 +1254,20 @@ main (int argc, char *argv[]) +@@ -1247,6 +1262,20 @@ main (int argc, char *argv[]) } } @@ -433,7 +433,7 @@ Index: grub-2.04~rc1/util/grub-install.c grub_install_copy_files (grub_install_source_directory, grubdir, platform); -@@ -1488,6 +1517,7 @@ main (int argc, char *argv[]) +@@ -1496,6 +1525,7 @@ main (int argc, char *argv[]) case GRUB_INSTALL_PLATFORM_I386_XEN: case GRUB_INSTALL_PLATFORM_X86_64_XEN: case GRUB_INSTALL_PLATFORM_I386_XEN_PVH: @@ -441,7 +441,7 @@ Index: grub-2.04~rc1/util/grub-install.c grub_util_warn ("%s", _("no hints available for your platform. Expect reduced performance")); break; /* pacify warning. */ -@@ -1605,6 +1635,10 @@ main (int argc, char *argv[]) +@@ -1613,6 +1643,10 @@ main (int argc, char *argv[]) strcpy (mkimage_target, "sparc64-ieee1275-raw"); core_name = "core.img"; break; @@ -452,7 +452,7 @@ Index: grub-2.04~rc1/util/grub-install.c /* pacify warning. */ case GRUB_INSTALL_PLATFORM_MAX: break; -@@ -1620,6 +1654,7 @@ main (int argc, char *argv[]) +@@ -1628,6 +1662,7 @@ main (int argc, char *argv[]) core_name); char *prefix = xasprintf ("%s%s", prefix_drive ? : "", relative_grubdir); @@ -460,7 +460,7 @@ Index: grub-2.04~rc1/util/grub-install.c grub_install_make_image_wrap (/* source dir */ grub_install_source_directory, /*prefix */ prefix, /* output */ imgfile, -@@ -1658,6 +1693,10 @@ main (int argc, char *argv[]) +@@ -1666,6 +1701,10 @@ main (int argc, char *argv[]) /* image target */ mkimage_target, 0); } break; @@ -471,7 +471,7 @@ Index: grub-2.04~rc1/util/grub-install.c case GRUB_INSTALL_PLATFORM_ARM_EFI: case GRUB_INSTALL_PLATFORM_ARM64_EFI: case GRUB_INSTALL_PLATFORM_RISCV32_EFI: -@@ -1934,6 +1973,10 @@ main (int argc, char *argv[]) +@@ -1947,6 +1986,10 @@ main (int argc, char *argv[]) } break; @@ -482,10 +482,10 @@ Index: grub-2.04~rc1/util/grub-install.c case GRUB_INSTALL_PLATFORM_MIPSEL_LOONGSON: case GRUB_INSTALL_PLATFORM_MIPSEL_QEMU_MIPS: case GRUB_INSTALL_PLATFORM_MIPS_QEMU_MIPS: -Index: grub-2.04~rc1/util/s390x/dracut-grub2.sh.in +Index: grub-2.06~rc1/util/s390x/dracut-grub2.sh.in =================================================================== --- /dev/null -+++ grub-2.04~rc1/util/s390x/dracut-grub2.sh.in ++++ grub-2.06~rc1/util/s390x/dracut-grub2.sh.in @@ -0,0 +1,126 @@ +#!/bin/sh +# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*- @@ -613,10 +613,10 @@ Index: grub-2.04~rc1/util/s390x/dracut-grub2.sh.in + fi +fi + -Index: grub-2.04~rc1/util/s390x/dracut-module-setup.sh.in +Index: grub-2.06~rc1/util/s390x/dracut-module-setup.sh.in =================================================================== --- /dev/null -+++ grub-2.04~rc1/util/s390x/dracut-module-setup.sh.in ++++ grub-2.06~rc1/util/s390x/dracut-module-setup.sh.in @@ -0,0 +1,19 @@ +#!/bin/bash +# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*- @@ -637,10 +637,10 @@ Index: grub-2.04~rc1/util/s390x/dracut-module-setup.sh.in + #inst_multiple grub2-emu kexec +} + -Index: grub-2.04~rc1/util/s390x/zipl2grub.conf.in +Index: grub-2.06~rc1/util/s390x/zipl2grub.conf.in =================================================================== --- /dev/null -+++ grub-2.04~rc1/util/s390x/zipl2grub.conf.in ++++ grub-2.06~rc1/util/s390x/zipl2grub.conf.in @@ -0,0 +1,26 @@ +## This is the template for '@zipldir@/config' and is subject to +## rpm's %config file handling in case of grub2-s390x-emu package update. @@ -668,10 +668,10 @@ Index: grub-2.04~rc1/util/s390x/zipl2grub.conf.in + 1 = grub2 + 2 = skip-grub2 + -Index: grub-2.04~rc1/util/s390x/zipl2grub.pl.in +Index: grub-2.06~rc1/util/s390x/zipl2grub.pl.in =================================================================== --- /dev/null -+++ grub-2.04~rc1/util/s390x/zipl2grub.pl.in ++++ grub-2.06~rc1/util/s390x/zipl2grub.pl.in @@ -0,0 +1,423 @@ +#!/usr/bin/perl +use strict; @@ -1096,10 +1096,10 @@ Index: grub-2.04~rc1/util/s390x/zipl2grub.pl.in +System( @C); +exit( $miss); + -Index: grub-2.04~rc1/util/s390x/dracut-zipl-refresh.sh.in +Index: grub-2.06~rc1/util/s390x/dracut-zipl-refresh.sh.in =================================================================== --- /dev/null -+++ grub-2.04~rc1/util/s390x/dracut-zipl-refresh.sh.in ++++ grub-2.06~rc1/util/s390x/dracut-zipl-refresh.sh.in @@ -0,0 +1,183 @@ +#!/bin/bash +# ex: ts=8 sw=4 sts=4 et filetype=sh syntax=off diff --git a/grub2-secureboot-add-linuxefi.patch b/grub2-secureboot-add-linuxefi.patch index 2035b3b..9ae290d 100644 --- a/grub2-secureboot-add-linuxefi.patch +++ b/grub2-secureboot-add-linuxefi.patch @@ -12,6 +12,15 @@ v2: Adjust patch according to new upstream commits ca0a4f689 verifiers: File type for fine-grained signature-verification controlling 7d36709d5 i386: make struct linux_kernel_header architecture specific 4bc909bf8 Remove grub_efi_allocate_pages. +v3: +The upstream commit + +df84d6e94 efi: Print error messages to grub_efi_allocate_pages_real() + +adds grub_error() to set error message and return grub_errno. We have to +unset the grub_errno if we want to ignore the error and proceed, or +the inadvertently provoked error handler would lead to unspecified +consequence. --- grub-core/Makefile.core.def | 8 + @@ -22,17 +31,16 @@ ca0a4f689 verifiers: File type for fine-grained signature-verification controlli 5 files changed, 415 insertions(+), 0 deletions(-) create mode 100644 grub-core/loader/i386/efi/linux.c -Index: grub-2.04~rc1/grub-core/Makefile.core.def +Index: grub-2.06/grub-core/Makefile.core.def =================================================================== ---- grub-2.04~rc1.orig/grub-core/Makefile.core.def -+++ grub-2.04~rc1/grub-core/Makefile.core.def -@@ -1850,6 +1850,14 @@ module = { +--- grub-2.06.orig/grub-core/Makefile.core.def ++++ grub-2.06/grub-core/Makefile.core.def +@@ -1875,6 +1875,13 @@ module = { }; module = { + name = linuxefi; + efi = loader/i386/efi/linux.c; -+ efi = lib/cmdline.c; + enable = i386_efi; + enable = x86_64_efi; +}; @@ -41,10 +49,10 @@ Index: grub-2.04~rc1/grub-core/Makefile.core.def name = chain; efi = loader/efi/chainloader.c; i386_pc = loader/i386/pc/chainloader.c; -Index: grub-2.04~rc1/grub-core/kern/efi/mm.c +Index: grub-2.06/grub-core/kern/efi/mm.c =================================================================== ---- grub-2.04~rc1.orig/grub-core/kern/efi/mm.c -+++ grub-2.04~rc1/grub-core/kern/efi/mm.c +--- grub-2.06.orig/grub-core/kern/efi/mm.c ++++ grub-2.06/grub-core/kern/efi/mm.c @@ -113,6 +113,38 @@ grub_efi_drop_alloc (grub_efi_physical_a } } @@ -84,11 +92,11 @@ Index: grub-2.04~rc1/grub-core/kern/efi/mm.c /* Allocate pages. Return the pointer to the first of allocated pages. */ void * grub_efi_allocate_pages_real (grub_efi_physical_address_t address, -Index: grub-2.04~rc1/grub-core/loader/i386/efi/linux.c +Index: grub-2.06/grub-core/loader/i386/efi/linux.c =================================================================== --- /dev/null -+++ grub-2.04~rc1/grub-core/loader/i386/efi/linux.c -@@ -0,0 +1,342 @@ ++++ grub-2.06/grub-core/loader/i386/efi/linux.c +@@ -0,0 +1,345 @@ +/* + * GRUB -- GRand Unified Bootloader + * Copyright (C) 2012 Free Software Foundation, Inc. @@ -357,8 +365,11 @@ Index: grub-2.04~rc1/grub-core/loader/i386/efi/linux.c + BYTES_TO_PAGES(lh.init_size)); + + if (!kernel_mem) -+ kernel_mem = grub_efi_allocate_pages_max(0x3fffffff, ++ { ++ grub_errno = GRUB_ERR_NONE; ++ kernel_mem = grub_efi_allocate_pages_max(0x3fffffff, + BYTES_TO_PAGES(lh.init_size)); ++ } + + if (!kernel_mem) + { @@ -431,10 +442,10 @@ Index: grub-2.04~rc1/grub-core/loader/i386/efi/linux.c + grub_unregister_command (cmd_linux); + grub_unregister_command (cmd_initrd); +} -Index: grub-2.04~rc1/include/grub/efi/efi.h +Index: grub-2.06/include/grub/efi/efi.h =================================================================== ---- grub-2.04~rc1.orig/include/grub/efi/efi.h -+++ grub-2.04~rc1/include/grub/efi/efi.h +--- grub-2.06.orig/include/grub/efi/efi.h ++++ grub-2.06/include/grub/efi/efi.h @@ -47,6 +47,9 @@ EXPORT_FUNC(grub_efi_allocate_fixed) (gr grub_efi_uintn_t pages); void * diff --git a/grub2-secureboot-chainloader.patch b/grub2-secureboot-chainloader.patch index 2d9ef24..2fe0008 100644 --- a/grub2-secureboot-chainloader.patch +++ b/grub2-secureboot-chainloader.patch @@ -16,16 +16,19 @@ keys to verify the image. The chainloader module could be used to load other UEFI bootloaders, such as xen.efi, and could be signed by any of MOK, KEK or DB. +v1: +Use grub_efi_get_secureboot to get secure boot status + Signed-off-by: Michael Chang --- grub-core/loader/efi/chainloader.c | 538 +++++++++++++++++++++++++++++++++-- 1 files changed, 507 insertions(+), 31 deletions(-) -Index: grub-2.04~rc1/grub-core/loader/efi/chainloader.c +Index: grub-2.04/grub-core/loader/efi/chainloader.c =================================================================== ---- grub-2.04~rc1.orig/grub-core/loader/efi/chainloader.c -+++ grub-2.04~rc1/grub-core/loader/efi/chainloader.c -@@ -40,15 +40,31 @@ +--- grub-2.04.orig/grub-core/loader/efi/chainloader.c ++++ grub-2.04/grub-core/loader/efi/chainloader.c +@@ -40,15 +40,32 @@ #include #endif @@ -35,6 +38,7 @@ Index: grub-2.04~rc1/grub-core/loader/efi/chainloader.c + +#ifdef SUPPORT_SECURE_BOOT +#include ++#include +#endif + GRUB_MOD_LICENSE ("GPLv3+"); @@ -57,7 +61,7 @@ Index: grub-2.04~rc1/grub-core/loader/efi/chainloader.c static grub_err_t grub_chainloader_unload (void) -@@ -63,6 +79,7 @@ grub_chainloader_unload (void) +@@ -63,6 +80,7 @@ grub_chainloader_unload (void) grub_free (cmdline); cmdline = 0; file_path = 0; @@ -65,7 +69,7 @@ Index: grub-2.04~rc1/grub-core/loader/efi/chainloader.c grub_dl_unref (my_mod); return GRUB_ERR_NONE; -@@ -197,12 +214,460 @@ make_file_path (grub_efi_device_path_t * +@@ -197,12 +215,409 @@ make_file_path (grub_efi_device_path_t * return file_path; } @@ -138,57 +142,6 @@ Index: grub-2.04~rc1/grub-core/loader/efi/chainloader.c +} + +static grub_efi_boolean_t -+grub_secure_mode (void) -+{ -+ grub_efi_guid_t efi_var_guid = GRUB_EFI_GLOBAL_VARIABLE_GUID; -+ grub_uint8_t *data; -+ grub_size_t datasize; -+ -+ data = grub_efi_get_variable ("SecureBoot", &efi_var_guid, &datasize); -+ -+ if (data) -+ { -+ grub_dprintf ("chain", "SecureBoot: %d, datasize %d\n", (int)*data, (int)datasize); -+ } -+ -+ if (data && (datasize == 1)) -+ { -+ if (*data != 1) -+ { -+ grub_dprintf ("chain", "secure boot not enabled\n"); -+ return 0; -+ } -+ } -+ else -+ { -+ grub_dprintf ("chain", "unknown secure boot status\n"); -+ return 0; -+ } -+ -+ grub_free (data); -+ -+ data = grub_efi_get_variable ("SetupMode", &efi_var_guid, &datasize); -+ -+ if (data) -+ { -+ grub_dprintf ("chain", "SetupMode: %d, datasize %d\n", (int)*data, (int)datasize); -+ } -+ -+ if (data && (datasize == 1)) -+ { -+ if (*data == 1) -+ { -+ grub_dprintf ("chain", "platform in setup mode\n"); -+ return 0; -+ } -+ } -+ -+ grub_free (data); -+ -+ return 1; -+} -+ -+static grub_efi_boolean_t +read_header (void *data, grub_efi_uint32_t size, pe_coff_loader_image_context_t *context) +{ + grub_efi_guid_t guid = SHIM_LOCK_GUID; @@ -527,7 +480,7 @@ Index: grub-2.04~rc1/grub-core/loader/efi/chainloader.c grub_efi_status_t status; grub_efi_boot_services_t *b; grub_device_t dev = 0; -@@ -210,7 +675,6 @@ grub_cmd_chainloader (grub_command_t cmd +@@ -210,7 +625,6 @@ grub_cmd_chainloader (grub_command_t cmd grub_efi_loaded_image_t *loaded_image; char *filename; void *boot_image = 0; @@ -535,7 +488,7 @@ Index: grub-2.04~rc1/grub-core/loader/efi/chainloader.c if (argc == 0) return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected")); -@@ -222,9 +686,36 @@ grub_cmd_chainloader (grub_command_t cmd +@@ -222,9 +636,36 @@ grub_cmd_chainloader (grub_command_t cmd address = 0; image_handle = 0; file_path = 0; @@ -572,7 +525,7 @@ Index: grub-2.04~rc1/grub-core/loader/efi/chainloader.c file = grub_file_open (filename, GRUB_FILE_TYPE_EFI_CHAINLOADED_IMAGE); if (! file) goto fail; -@@ -270,14 +761,14 @@ grub_cmd_chainloader (grub_command_t cmd +@@ -270,14 +711,14 @@ grub_cmd_chainloader (grub_command_t cmd grub_printf ("file path: "); grub_efi_print_device_path (file_path); @@ -590,7 +543,7 @@ Index: grub-2.04~rc1/grub-core/loader/efi/chainloader.c status = efi_call_4 (b->allocate_pages, GRUB_EFI_ALLOCATE_ANY_PAGES, GRUB_EFI_LOADER_CODE, -@@ -291,7 +782,7 @@ grub_cmd_chainloader (grub_command_t cmd +@@ -291,7 +732,7 @@ grub_cmd_chainloader (grub_command_t cmd } boot_image = (void *) ((grub_addr_t) address); @@ -599,7 +552,7 @@ Index: grub-2.04~rc1/grub-core/loader/efi/chainloader.c { if (grub_errno == GRUB_ERR_NONE) grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"), -@@ -301,7 +792,7 @@ grub_cmd_chainloader (grub_command_t cmd +@@ -301,7 +742,7 @@ grub_cmd_chainloader (grub_command_t cmd } #if defined (__i386__) || defined (__x86_64__) @@ -608,7 +561,7 @@ Index: grub-2.04~rc1/grub-core/loader/efi/chainloader.c { struct grub_macho_fat_header *head = boot_image; if (head->magic -@@ -324,20 +815,30 @@ grub_cmd_chainloader (grub_command_t cmd +@@ -324,20 +765,30 @@ grub_cmd_chainloader (grub_command_t cmd > ~grub_cpu_to_le32 (archs[i].size) || grub_cpu_to_le32 (archs[i].offset) + grub_cpu_to_le32 (archs[i].size) @@ -628,7 +581,7 @@ Index: grub-2.04~rc1/grub-core/loader/efi/chainloader.c +#ifdef SUPPORT_SECURE_BOOT + /* FIXME is secure boot possible also with universal binaries? */ -+ if (debug_secureboot || (grub_secure_mode() && grub_secure_validate ((void *)address, fsize))) ++ if (debug_secureboot || (grub_efi_get_secureboot () == GRUB_EFI_SECUREBOOT_MODE_ENABLED && grub_secure_validate ((void *)address, fsize))) + { + grub_file_close (file); + grub_loader_set (grub_secureboot_chainloader_boot, grub_secureboot_chainloader_unload, 0); @@ -642,7 +595,7 @@ Index: grub-2.04~rc1/grub-core/loader/efi/chainloader.c &image_handle); if (status != GRUB_EFI_SUCCESS) { -@@ -360,33 +861,10 @@ grub_cmd_chainloader (grub_command_t cmd +@@ -360,33 +811,10 @@ grub_cmd_chainloader (grub_command_t cmd } loaded_image->device_handle = dev_handle; @@ -678,7 +631,7 @@ Index: grub-2.04~rc1/grub-core/loader/efi/chainloader.c } grub_file_close (file); -@@ -408,6 +886,9 @@ grub_cmd_chainloader (grub_command_t cmd +@@ -408,6 +836,9 @@ grub_cmd_chainloader (grub_command_t cmd if (address) efi_call_2 (b->free_pages, address, pages); diff --git a/grub2-secureboot-install-signed-grub.patch b/grub2-secureboot-install-signed-grub.patch index 1de90a9..9fc758b 100644 --- a/grub2-secureboot-install-signed-grub.patch +++ b/grub2-secureboot-install-signed-grub.patch @@ -17,11 +17,11 @@ Signed-off-by: Michael Chang util/grub-install.c | 86 ++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 85 insertions(+), 1 deletion(-) -Index: grub-2.04~rc1/util/grub-install.c +Index: grub-2.06/util/grub-install.c =================================================================== ---- grub-2.04~rc1.orig/util/grub-install.c -+++ grub-2.04~rc1/util/grub-install.c -@@ -84,6 +84,15 @@ static int suse_enable_tpm = 0; +--- grub-2.06.orig/util/grub-install.c ++++ grub-2.06/util/grub-install.c +@@ -85,6 +85,15 @@ static int suse_enable_tpm = 0; enum { @@ -37,7 +37,7 @@ Index: grub-2.04~rc1/util/grub-install.c OPTION_BOOT_DIRECTORY = 0x301, OPTION_ROOT_DIRECTORY, OPTION_TARGET, -@@ -108,6 +117,8 @@ enum +@@ -109,6 +118,8 @@ enum OPTION_NO_BOOTSECTOR, OPTION_NO_RS_CODES, OPTION_SUSE_ENABLE_TPM, @@ -46,7 +46,7 @@ Index: grub-2.04~rc1/util/grub-install.c OPTION_MACPPC_DIRECTORY, OPTION_ZIPL_DIRECTORY, OPTION_LABEL_FONT, -@@ -237,6 +248,14 @@ argp_parser (int key, char *arg, struct +@@ -238,6 +249,14 @@ argp_parser (int key, char *arg, struct suse_enable_tpm = 1; return 0; @@ -61,7 +61,7 @@ Index: grub-2.04~rc1/util/grub-install.c case OPTION_DEBUG: verbosity++; return 0; -@@ -299,7 +318,12 @@ static struct argp_option options[] = { +@@ -300,7 +319,12 @@ static struct argp_option options[] = { N_("Do not apply any reed-solomon codes when embedding core.img. " "This option is only available on x86 BIOS targets."), 0}, {"suse-enable-tpm", OPTION_SUSE_ENABLE_TPM, 0, 0, N_("install TPM modules"), 0}, @@ -75,7 +75,7 @@ Index: grub-2.04~rc1/util/grub-install.c {"debug", OPTION_DEBUG, 0, OPTION_HIDDEN, 0, 2}, {"no-floppy", OPTION_NO_FLOPPY, 0, OPTION_HIDDEN, 0, 2}, {"debug-image", OPTION_DEBUG_IMAGE, N_("STRING"), OPTION_HIDDEN, 0, 2}, -@@ -364,6 +388,22 @@ help_filter (int key, const char *text, +@@ -373,6 +397,22 @@ help_filter (int key, const char *text, free (plats); return ret; } @@ -98,7 +98,7 @@ Index: grub-2.04~rc1/util/grub-install.c case ARGP_KEY_HELP_POST_DOC: return xasprintf (text, program_name, GRUB_BOOT_DIR_NAME "/" GRUB_DIR_NAME); default: -@@ -1627,13 +1667,34 @@ main (int argc, char *argv[]) +@@ -1636,13 +1676,34 @@ main (int argc, char *argv[]) char mkimage_target[200]; const char *core_name = NULL; @@ -134,7 +134,7 @@ Index: grub-2.04~rc1/util/grub-install.c case GRUB_INSTALL_PLATFORM_RISCV32_EFI: case GRUB_INSTALL_PLATFORM_RISCV64_EFI: case GRUB_INSTALL_PLATFORM_IA64_EFI: -@@ -1703,13 +1764,75 @@ main (int argc, char *argv[]) +@@ -1712,13 +1773,75 @@ main (int argc, char *argv[]) core_name); char *prefix = xasprintf ("%s%s", prefix_drive ? : "", relative_grubdir); @@ -211,9 +211,9 @@ Index: grub-2.04~rc1/util/grub-install.c /* Backward-compatibility kludges. */ switch (platform) { -@@ -1985,6 +2108,13 @@ main (int argc, char *argv[]) - char *dst = grub_util_path_concat (2, efidir, efi_file); - grub_install_copy_file (imgfile, dst, 1); +@@ -2014,6 +2137,13 @@ main (int argc, char *argv[]) + grub_set_install_backup_ponr (); + free (dst); + if (grub_efi_cfg) + { diff --git a/grub2-secureboot-no-insmod-on-sb.patch b/grub2-secureboot-no-insmod-on-sb.patch index 68fec61..860f84b 100644 --- a/grub2-secureboot-no-insmod-on-sb.patch +++ b/grub2-secureboot-no-insmod-on-sb.patch @@ -6,6 +6,9 @@ Subject: [PATCH 449/482] Don't allow insmod when secure boot is enabled. References: fate#314485 Patch-Mainline: no +v2: +Use grub_efi_get_secureboot to get secure boot status + Signed-off-by: Michael Chang --- grub-core/kern/dl.c | 17 +++++++++++++++++ @@ -13,16 +16,16 @@ Signed-off-by: Michael Chang include/grub/efi/efi.h | 1 + 3 files changed, 46 insertions(+) -Index: grub-2.04~rc1/grub-core/kern/dl.c +Index: grub-2.04/grub-core/kern/dl.c =================================================================== ---- grub-2.04~rc1.orig/grub-core/kern/dl.c -+++ grub-2.04~rc1/grub-core/kern/dl.c +--- grub-2.04.orig/grub-core/kern/dl.c ++++ grub-2.04/grub-core/kern/dl.c @@ -38,6 +38,10 @@ #define GRUB_MODULES_MACHINE_READONLY #endif +#ifdef GRUB_MACHINE_EFI -+#include ++#include +#endif + @@ -33,7 +36,7 @@ Index: grub-2.04~rc1/grub-core/kern/dl.c grub_boot_time ("Loading module %s", filename); +#ifdef GRUB_MACHINE_EFI -+ if (grub_efi_secure_boot ()) ++ if (grub_efi_get_secureboot () == GRUB_EFI_SECUREBOOT_MODE_ENABLED) + { +#if 0 + /* This is an error, but grub2-mkconfig still generates a pile of @@ -48,54 +51,3 @@ Index: grub-2.04~rc1/grub-core/kern/dl.c file = grub_file_open (filename, GRUB_FILE_TYPE_GRUB_MODULE); if (! file) return 0; -Index: grub-2.04~rc1/grub-core/kern/efi/efi.c -=================================================================== ---- grub-2.04~rc1.orig/grub-core/kern/efi/efi.c -+++ grub-2.04~rc1/grub-core/kern/efi/efi.c -@@ -273,6 +273,34 @@ grub_efi_get_variable (const char *var, - return NULL; - } - -+grub_efi_boolean_t -+grub_efi_secure_boot (void) -+{ -+ grub_efi_guid_t efi_var_guid = GRUB_EFI_GLOBAL_VARIABLE_GUID; -+ grub_size_t datasize; -+ char *secure_boot = NULL; -+ char *setup_mode = NULL; -+ grub_efi_boolean_t ret = 0; -+ -+ secure_boot = grub_efi_get_variable("SecureBoot", &efi_var_guid, &datasize); -+ -+ if (datasize != 1 || !secure_boot) -+ goto out; -+ -+ setup_mode = grub_efi_get_variable("SetupMode", &efi_var_guid, &datasize); -+ -+ if (datasize != 1 || !setup_mode) -+ goto out; -+ -+ if (*secure_boot && !*setup_mode) -+ ret = 1; -+ -+ out: -+ grub_free (secure_boot); -+ grub_free (setup_mode); -+ return ret; -+} -+ - #pragma GCC diagnostic ignored "-Wcast-align" - - /* Search the mods section from the PE32/PE32+ image. This code uses -Index: grub-2.04~rc1/include/grub/efi/efi.h -=================================================================== ---- grub-2.04~rc1.orig/include/grub/efi/efi.h -+++ grub-2.04~rc1/include/grub/efi/efi.h -@@ -85,6 +85,7 @@ EXPORT_FUNC (grub_efi_set_variable) (con - const grub_efi_guid_t *guid, - void *data, - grub_size_t datasize); -+grub_efi_boolean_t EXPORT_FUNC (grub_efi_secure_boot) (void); - int - EXPORT_FUNC (grub_efi_compare_device_paths) (const grub_efi_device_path_t *dp1, - const grub_efi_device_path_t *dp2); diff --git a/grub2-setup-try-fs-embed-if-mbr-gap-too-small.patch b/grub2-setup-try-fs-embed-if-mbr-gap-too-small.patch index 4d35d12..5b97f27 100644 --- a/grub2-setup-try-fs-embed-if-mbr-gap-too-small.patch +++ b/grub2-setup-try-fs-embed-if-mbr-gap-too-small.patch @@ -1,19 +1,19 @@ V2: Add fs_ prefix to fs functions by upstream commit ad4bfee -Index: grub-2.04/util/setup.c +Index: grub-2.06~rc1/util/setup.c =================================================================== ---- grub-2.04.orig/util/setup.c -+++ grub-2.04/util/setup.c -@@ -526,8 +526,42 @@ SETUP (const char *dir, +--- grub-2.06~rc1.orig/util/setup.c ++++ grub-2.06~rc1/util/setup.c +@@ -530,8 +530,42 @@ SETUP (const char *dir, err = grub_util_ldm_embed (dest_dev->disk, &nsec, maxsec, GRUB_EMBED_PCBIOS, §ors); else if (ctx.dest_partmap) - err = ctx.dest_partmap->embed (dest_dev->disk, &nsec, maxsec, -- GRUB_EMBED_PCBIOS, §ors); +- GRUB_EMBED_PCBIOS, §ors, warn_small); + { + err = ctx.dest_partmap->embed (dest_dev->disk, &nsec, maxsec, -+ GRUB_EMBED_PCBIOS, §ors); ++ GRUB_EMBED_PCBIOS, §ors, warn_small); +#ifdef GRUB_SETUP_BIOS + if ((err == GRUB_ERR_OUT_OF_RANGE || err == GRUB_ERR_FILE_NOT_FOUND) + && dest_dev->disk->id == root_dev->disk->id @@ -50,7 +50,7 @@ Index: grub-2.04/util/setup.c else err = fs->fs_embed (dest_dev, &nsec, maxsec, GRUB_EMBED_PCBIOS, §ors); -@@ -639,7 +673,7 @@ SETUP (const char *dir, +@@ -643,7 +677,7 @@ SETUP (const char *dir, /* Write the core image onto the disk. */ for (i = 0; i < nsec; i++) diff --git a/grub2-verifiers-fix-system-freeze-if-verify-failed.patch b/grub2-verifiers-fix-system-freeze-if-verify-failed.patch deleted file mode 100644 index 01db5e9..0000000 --- a/grub2-verifiers-fix-system-freeze-if-verify-failed.patch +++ /dev/null @@ -1,44 +0,0 @@ -From d0de8b37f651e13886ef0e0fda285a1294adafe8 Mon Sep 17 00:00:00 2001 -From: Michael Chang -Date: Tue, 18 Feb 2020 18:08:18 +0800 -Subject: [PATCH] verifiers: Fix calling uninitialized function pointer - -The necessary check for NULL before use of function ver->close is not -taking place in the failure path. This patch simply adds the missing -check and fixes the problem that GRUB hangs indefinitely after booting -rogue image without valid signature if secure boot is turned on. - -Now it displays like this for booting rogue UEFI image: - - error: bad shim signature - error: you need to load the kernel first - - Press any key to continue... - -and then you can go back to boot menu by pressing any key or after a few -seconds expired. - -Signed-off-by: Michael Chang -Reviewed-by: Javier Martinez Canillas -Reviewed-by: Daniel Kiper ---- - grub-core/commands/verifiers.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/grub-core/commands/verifiers.c b/grub-core/commands/verifiers.c -index 0dde48182..7b9297cd3 100644 ---- a/grub-core/commands/verifiers.c -+++ b/grub-core/commands/verifiers.c -@@ -196,7 +196,8 @@ grub_verifiers_open (grub_file_t io, enum grub_file_type type) - return ret; - - fail: -- ver->close (context); -+ if (ver->close) -+ ver->close (context); - fail_noclose: - verified_free (verified); - grub_free (ret); --- -2.16.4 - diff --git a/grub2.changes b/grub2.changes index 31012a0..7596c98 100644 --- a/grub2.changes +++ b/grub2.changes @@ -1,3 +1,120 @@ +------------------------------------------------------------------- +Thu Jun 3 11:17:49 UTC 2021 - Michael Chang + +- Version bump to 2.06 + * rediff + - 0001-add-support-for-UEFI-network-protocols.patch + - 0002-net-read-bracketed-ipv6-addrs-and-port-numbers.patch + - 0003-Make-grub_error-more-verbose.patch + - 0003-bootp-New-net_bootp6-command.patch + - 0005-grub.texi-Add-net_bootp6-doument.patch + - 0006-bootp-Add-processing-DHCPACK-packet-from-HTTP-Boot.patch + - 0006-efi-Set-image-base-address-before-jumping-to-the-PE-.patch + - 0008-efinet-Setting-DNS-server-from-UEFI-protocol.patch + - 0046-squash-verifiers-Move-verifiers-API-to-kernel-image.patch + - grub-install-force-journal-draining-to-ensure-data-i.patch + - grub2-btrfs-01-add-ability-to-boot-from-subvolumes.patch + - grub2-diskfilter-support-pv-without-metadatacopies.patch + - grub2-efi-HP-workaround.patch + - grub2-efi-xen-cfg-unquote.patch + - grub2-efi-xen-chainload.patch + - grub2-fix-menu-in-xen-host-server.patch + - grub2-gfxmenu-support-scrolling-menu-entry-s-text.patch + - grub2-install-remove-useless-check-PReP-partition-is-empty.patch + - grub2-lvm-allocate-metadata-buffer-from-raw-contents.patch + - grub2-mkconfig-default-entry-correction.patch + - grub2-pass-corret-root-for-nfsroot.patch + - grub2-s390x-03-output-7-bit-ascii.patch + - grub2-s390x-04-grub2-install.patch + - grub2-secureboot-install-signed-grub.patch + - grub2-setup-try-fs-embed-if-mbr-gap-too-small.patch + - use-grub2-as-a-package-name.patch + * update by patch squashed: + - 0001-Add-support-for-Linux-EFI-stub-loading-on-aarch64.patch + - grub2-efi-chainload-harder.patch + - grub2-secureboot-no-insmod-on-sb.patch + - grub2-secureboot-chainloader.patch + - grub2-secureboot-add-linuxefi.patch + * remove squashed patches: + - 0008-squash-Add-support-for-Linux-EFI-stub-loading-on-aar.patch + - 0009-squash-Add-support-for-linuxefi.patch + - 0041-squash-Add-secureboot-support-on-efi-chainloader.patch + - 0042-squash-grub2-efi-chainload-harder.patch + - 0043-squash-Don-t-allow-insmod-when-secure-boot-is-enable.patch + - 0045-squash-Add-support-for-Linux-EFI-stub-loading-on-aar.patch + * drop upstream patches: + - 0001-Warn-if-MBR-gap-is-small-and-user-uses-advanced-modu.patch + - 0001-include-grub-i386-linux.h-Include-missing-grub-types.patch + - 0001-kern-efi-sb-Add-chainloaded-image-as-shim-s-verifiab.patch + - 0001-mdraid1x_linux-Fix-gcc10-error-Werror-array-bounds.patch + - 0001-normal-Move-common-datetime-functions-out-of-the-nor.patch + - 0001-yylex-Make-lexer-fatal-errors-actually-be-fatal.patch + - 0002-efi-Make-shim_lock-GUID-and-protocol-type-public.patch + - 0002-grub-install-Avoid-incompleted-install-on-i386-pc.patch + - 0002-kern-Add-X-option-to-printf-functions.patch + - 0002-safemath-Add-some-arithmetic-primitives-that-check-f.patch + - 0002-zfs-Fix-gcc10-error-Werror-zero-length-bounds.patch + - 0003-calloc-Make-sure-we-always-have-an-overflow-checking.patch + - 0003-efi-Return-grub_efi_status_t-from-grub_efi_get_varia.patch + - 0003-normal-main-Search-for-specific-config-files-for-net.patch + - 0004-calloc-Use-calloc-at-most-places.patch + - 0004-datetime-Enable-the-datetime-module-for-the-emu-plat.patch + - 0004-efi-Add-a-function-to-read-EFI-variables-with-attrib.patch + - 0005-Make-linux_arm_kernel_header.hdr_offset-be-at-the-ri.patch + - 0005-efi-Add-secure-boot-detection.patch + - 0005-malloc-Use-overflow-checking-primitives-where-we-do-.patch + - 0006-efi-Only-register-shim_lock-verifier-if-shim_lock-pr.patch + - 0006-iso9660-Don-t-leak-memory-on-realloc-failures.patch + - 0007-font-Do-not-load-more-than-one-NAME-section.patch + - 0007-verifiers-Move-verifiers-API-to-kernel-image.patch + - 0008-efi-Move-the-shim_lock-verifier-to-the-GRUB-core.patch + - 0008-script-Remove-unused-fields-from-grub_script_functio.patch + - 0009-kern-Add-lockdown-support.patch + - 0009-script-Avoid-a-use-after-free-when-redefining-a-func.patch + - 0010-kern-lockdown-Set-a-variable-if-the-GRUB-is-locked-d.patch + - 0010-linux-Fix-integer-overflows-in-initrd-size-handling.patch + - 0011-efi-Lockdown-the-GRUB-when-the-UEFI-Secure-Boot-is-e.patch + - 0012-efi-Use-grub_is_lockdown-instead-of-hardcoding-a-dis.patch + - 0013-acpi-Don-t-register-the-acpi-command-when-locked-dow.patch + - 0014-mmap-Don-t-register-cutmem-and-badram-commands-when-.patch + - 0015-commands-Restrict-commands-that-can-load-BIOS-or-DT-.patch + - 0016-commands-setpci-Restrict-setpci-command-when-locked-.patch + - 0017-commands-hdparm-Restrict-hdparm-command-when-locked-.patch + - 0018-gdb-Restrict-GDB-access-when-locked-down.patch + - 0019-loader-xnu-Don-t-allow-loading-extension-and-package.patch + - 0020-dl-Only-allow-unloading-modules-that-are-not-depende.patch + - 0021-usb-Avoid-possible-out-of-bound-accesses-caused-by-m.patch + - 0022-lib-arg-Block-repeated-short-options-that-require-an.patch + - 0023-commands-menuentry-Fix-quoting-in-setparams_prefix.patch + - 0024-kern-parser-Fix-resource-leak-if-argc-0.patch + - 0025-kern-parser-Fix-a-memory-leak.patch + - 0026-kern-parser-Introduce-process_char-helper.patch + - 0027-kern-parser-Introduce-terminate_arg-helper.patch + - 0028-kern-parser-Refactor-grub_parser_split_cmdline-clean.patch + - 0029-kern-buffer-Add-variable-sized-heap-buffer.patch + - 0030-kern-parser-Fix-a-stack-buffer-overflow.patch + - 0031-util-mkimage-Remove-unused-code-to-add-BSS-section.patch + - 0032-util-mkimage-Use-grub_host_to_target32-instead-of-gr.patch + - 0033-util-mkimage-Always-use-grub_host_to_target32-to-ini.patch + - 0034-util-mkimage-Unify-more-of-the-PE32-and-PE32-header-.patch + - 0035-util-mkimage-Reorder-PE-optional-header-fields-set-u.patch + - 0036-util-mkimage-Improve-data_size-value-calculation.patch + - 0037-util-mkimage-Refactor-section-setup-to-use-a-helper.patch + - 0038-util-mkimage-Add-an-option-to-import-SBAT-metadata-i.patch + - 0039-grub-install-common-Add-sbat-option.patch + - 0040-shim_lock-Only-skip-loading-shim_lock-verifier-with-.patch + - grub-install-define-default-platform-for-risc-v.patch + - grub2-editenv-add-warning-message.patch + - grub2-efi-gop-add-blt.patch + - grub2-efi-uga-64bit-fb.patch + - grub2-verifiers-fix-system-freeze-if-verify-failed.patch + - risc-v-add-clzdi2-symbol.patch + - risc-v-fix-computation-of-pc-relative-relocation-offset.patch +- Add grub2-instdev-fixup.pl for correcting /etc/default/grub_installdevice to + use disk devie if grub has been installed to it +- Add 0001-30_uefi-firmware-fix-printf-format-with-null-byte.patch to fix + detection of efi fwsetup support + ------------------------------------------------------------------- Mon May 31 07:18:56 UTC 2021 - Michael Chang diff --git a/grub2.spec b/grub2.spec index e3b4279..11005f2 100644 --- a/grub2.spec +++ b/grub2.spec @@ -148,7 +148,7 @@ BuildRequires: update-bootloader-rpm-macros %define only_x86_64 %{nil} %endif -Version: 2.04 +Version: 2.06 Release: 0 Summary: Bootloader with support for Linux, Multiboot and more License: GPL-3.0-or-later @@ -170,6 +170,7 @@ Source16: grub2-xen-pv-firmware.cfg # required hook for systemd-sleep (bsc#941758) Source17: grub2-systemd-sleep.sh Source18: grub2-check-default.sh +Source19: grub2-instdev-fixup.pl Source1000: PATCH_POLICY Patch1: rename-grub-info-file-to-grub2.patch Patch2: grub2-linux.patch @@ -202,7 +203,6 @@ Patch53: grub2-getroot-treat-mdadm-ddf-as-simple-device.patch Patch56: grub2-setup-try-fs-embed-if-mbr-gap-too-small.patch Patch58: grub2-xen-linux16.patch Patch59: grub2-efi-disable-video-cirrus-and-bochus.patch -Patch60: grub2-editenv-add-warning-message.patch Patch61: grub2-vbe-blacklist-preferred-1440x900x32.patch Patch64: grub2-grubenv-in-btrfs-header.patch Patch65: grub2-mkconfig-aarch64.patch @@ -217,13 +217,11 @@ Patch79: grub2-efi-chainload-harder.patch Patch80: grub2-emu-4-all.patch Patch81: grub2-lvm-allocate-metadata-buffer-from-raw-contents.patch Patch82: grub2-diskfilter-support-pv-without-metadatacopies.patch -Patch83: grub2-efi-uga-64bit-fb.patch Patch84: grub2-s390x-09-improve-zipl-setup.patch Patch85: grub2-getroot-scan-disk-pv.patch Patch92: grub2-util-30_os-prober-multiple-initrd.patch Patch93: grub2-getroot-support-nvdimm.patch Patch94: grub2-install-fix-not-a-directory-error.patch -Patch95: grub2-verifiers-fix-system-freeze-if-verify-failed.patch Patch96: grub-install-force-journal-draining-to-ensure-data-i.patch Patch97: grub2-s390x-skip-zfcpdump-image.patch # Btrfs snapshot booting related patches @@ -270,8 +268,6 @@ Patch284: 0005-grub.texi-Add-net_bootp6-doument.patch Patch285: 0006-bootp-Add-processing-DHCPACK-packet-from-HTTP-Boot.patch Patch286: 0007-efinet-Setting-network-from-UEFI-device-path.patch Patch287: 0008-efinet-Setting-DNS-server-from-UEFI-protocol.patch -# Fix GOP BLT support (FATE#322332) -Patch311: grub2-efi-gop-add-blt.patch # TPM Support (FATE#315831) Patch411: 0012-tpm-Build-tpm-as-module.patch # UEFI HTTP and related network protocol support (FATE#320130) @@ -289,37 +285,6 @@ Patch501: grub2-btrfs-help-on-snapper-rollback.patch Patch510: grub2-video-limit-the-resolution-for-fixed-bimap-font.patch # Support long menuentries (FATE#325760) Patch511: grub2-gfxmenu-support-scrolling-menu-entry-s-text.patch -# RISC-V fixes -Patch601: risc-v-fix-computation-of-pc-relative-relocation-offset.patch -Patch602: risc-v-add-clzdi2-symbol.patch -Patch603: grub-install-define-default-platform-for-risc-v.patch -# Fix gcc-10 build fail -Patch610: 0001-mdraid1x_linux-Fix-gcc10-error-Werror-array-bounds.patch -Patch611: 0002-zfs-Fix-gcc10-error-Werror-zero-length-bounds.patch -# bsc#1166409 - Grub netbooting does not search for grub.cfg files with mac -# address or ip address in filename -Patch700: 0001-normal-Move-common-datetime-functions-out-of-the-nor.patch -Patch701: 0002-kern-Add-X-option-to-printf-functions.patch -Patch702: 0003-normal-main-Search-for-specific-config-files-for-net.patch -Patch703: 0004-datetime-Enable-the-datetime-module-for-the-emu-plat.patch -# bsc#1168994 VUL-0: EMBARGOED: CVE-2020-10713: grub2: parsing overflows can -# bypass secure boot restrictions -Patch704: 0001-yylex-Make-lexer-fatal-errors-actually-be-fatal.patch -# bsc#1173812 VUL-0: EMBARGOED: CVE-2020-14308, CVE-2020-14309, CVE-2020-14310, -# CVE-2020-14311: grub2: avoid integer overflows -Patch705: 0002-safemath-Add-some-arithmetic-primitives-that-check-f.patch -Patch706: 0003-calloc-Make-sure-we-always-have-an-overflow-checking.patch -Patch707: 0004-calloc-Use-calloc-at-most-places.patch -Patch708: 0005-malloc-Use-overflow-checking-primitives-where-we-do-.patch -Patch709: 0006-iso9660-Don-t-leak-memory-on-realloc-failures.patch -Patch710: 0007-font-Do-not-load-more-than-one-NAME-section.patch -# bsc#1174463 VUL-0: EMBARGOED: CVE-2020-15706: grub2: script: Avoid a -# use-after-free when redefining a function during execution -Patch711: 0008-script-Remove-unused-fields-from-grub_script_functio.patch -Patch712: 0009-script-Avoid-a-use-after-free-when-redefining-a-func.patch -# bsc#1174570 VUL-0: EMBARGOED: CVE-2020-15707: grub2: linux: Fix integer -# overflows in initrd size handling -Patch713: 0010-linux-Fix-integer-overflows-in-initrd-size-handling.patch Patch714: 0001-kern-mm.c-Make-grub_calloc-inline.patch Patch716: 0002-cmdline-Provide-cmdline-functions-as-module.patch # bsc#1172745 L3: SLES 12 SP4 - Slow boot of system after updated kernel - @@ -328,71 +293,19 @@ Patch717: 0001-ieee1275-powerpc-implements-fibre-channel-discovery-.patch Patch718: 0002-ieee1275-powerpc-enables-device-mapper-discovery.patch Patch719: 0001-Unify-the-check-to-enable-btrfs-relative-path.patch Patch721: 0001-efi-linux-provide-linux-command.patch -# Improve the error handling when grub2-install fails with short mbr gap -# (bsc#1176062) -Patch722: 0001-Warn-if-MBR-gap-is-small-and-user-uses-advanced-modu.patch -Patch723: 0002-grub-install-Avoid-incompleted-install-on-i386-pc.patch # Secure Boot support in GRUB on aarch64 (jsc#SLE-15864) Patch730: 0001-Add-support-for-Linux-EFI-stub-loading-on-aarch64.patch Patch731: 0002-arm64-make-sure-fdt-has-address-cells-and-size-cells.patch Patch732: 0003-Make-grub_error-more-verbose.patch Patch733: 0004-arm-arm64-loader-Better-memory-allocation-and-error-.patch -Patch734: 0005-Make-linux_arm_kernel_header.hdr_offset-be-at-the-ri.patch Patch735: 0006-efi-Set-image-base-address-before-jumping-to-the-PE-.patch -Patch737: 0008-squash-Add-support-for-Linux-EFI-stub-loading-on-aar.patch -Patch738: 0009-squash-Add-support-for-linuxefi.patch Patch739: 0001-Fix-build-error-in-binutils-2.36.patch Patch740: 0001-emu-fix-executable-stack-marking.patch -# Boothole2 -Patch741: 0001-include-grub-i386-linux.h-Include-missing-grub-types.patch -Patch742: 0002-efi-Make-shim_lock-GUID-and-protocol-type-public.patch -Patch743: 0003-efi-Return-grub_efi_status_t-from-grub_efi_get_varia.patch -Patch744: 0004-efi-Add-a-function-to-read-EFI-variables-with-attrib.patch -Patch745: 0005-efi-Add-secure-boot-detection.patch -Patch746: 0006-efi-Only-register-shim_lock-verifier-if-shim_lock-pr.patch -Patch747: 0007-verifiers-Move-verifiers-API-to-kernel-image.patch -Patch748: 0008-efi-Move-the-shim_lock-verifier-to-the-GRUB-core.patch -Patch749: 0009-kern-Add-lockdown-support.patch -Patch750: 0010-kern-lockdown-Set-a-variable-if-the-GRUB-is-locked-d.patch -Patch751: 0011-efi-Lockdown-the-GRUB-when-the-UEFI-Secure-Boot-is-e.patch -Patch752: 0012-efi-Use-grub_is_lockdown-instead-of-hardcoding-a-dis.patch -Patch753: 0013-acpi-Don-t-register-the-acpi-command-when-locked-dow.patch -Patch754: 0014-mmap-Don-t-register-cutmem-and-badram-commands-when-.patch -Patch755: 0015-commands-Restrict-commands-that-can-load-BIOS-or-DT-.patch -Patch756: 0016-commands-setpci-Restrict-setpci-command-when-locked-.patch -Patch757: 0017-commands-hdparm-Restrict-hdparm-command-when-locked-.patch -Patch758: 0018-gdb-Restrict-GDB-access-when-locked-down.patch -Patch759: 0019-loader-xnu-Don-t-allow-loading-extension-and-package.patch -Patch760: 0020-dl-Only-allow-unloading-modules-that-are-not-depende.patch -Patch761: 0021-usb-Avoid-possible-out-of-bound-accesses-caused-by-m.patch -Patch762: 0022-lib-arg-Block-repeated-short-options-that-require-an.patch -Patch763: 0023-commands-menuentry-Fix-quoting-in-setparams_prefix.patch -Patch764: 0024-kern-parser-Fix-resource-leak-if-argc-0.patch -Patch765: 0025-kern-parser-Fix-a-memory-leak.patch -Patch766: 0026-kern-parser-Introduce-process_char-helper.patch -Patch767: 0027-kern-parser-Introduce-terminate_arg-helper.patch -Patch768: 0028-kern-parser-Refactor-grub_parser_split_cmdline-clean.patch -Patch769: 0029-kern-buffer-Add-variable-sized-heap-buffer.patch -Patch770: 0030-kern-parser-Fix-a-stack-buffer-overflow.patch -Patch771: 0031-util-mkimage-Remove-unused-code-to-add-BSS-section.patch -Patch772: 0032-util-mkimage-Use-grub_host_to_target32-instead-of-gr.patch -Patch773: 0033-util-mkimage-Always-use-grub_host_to_target32-to-ini.patch -Patch774: 0034-util-mkimage-Unify-more-of-the-PE32-and-PE32-header-.patch -Patch775: 0035-util-mkimage-Reorder-PE-optional-header-fields-set-u.patch -Patch776: 0036-util-mkimage-Improve-data_size-value-calculation.patch -Patch777: 0037-util-mkimage-Refactor-section-setup-to-use-a-helper.patch -Patch778: 0038-util-mkimage-Add-an-option-to-import-SBAT-metadata-i.patch -Patch779: 0039-grub-install-common-Add-sbat-option.patch -Patch780: 0040-shim_lock-Only-skip-loading-shim_lock-verifier-with-.patch -Patch781: 0041-squash-Add-secureboot-support-on-efi-chainloader.patch -Patch782: 0042-squash-grub2-efi-chainload-harder.patch -Patch783: 0043-squash-Don-t-allow-insmod-when-secure-boot-is-enable.patch Patch784: 0044-squash-kern-Add-lockdown-support.patch -Patch785: 0045-squash-Add-support-for-Linux-EFI-stub-loading-on-aar.patch Patch786: 0046-squash-verifiers-Move-verifiers-API-to-kernel-image.patch -Patch787: 0001-kern-efi-sb-Add-chainloaded-image-as-shim-s-verifiab.patch Patch788: 0001-ieee1275-Avoiding-many-unecessary-open-close.patch Patch789: 0001-Workaround-volatile-efi-boot-variable.patch +Patch790: 0001-30_uefi-firmware-fix-printf-format-with-null-byte.patch Requires: gettext-runtime %if 0%{?suse_version} >= 1140 @@ -617,7 +530,6 @@ swap partition while in resuming %patch56 -p1 %patch58 -p1 %patch59 -p1 -%patch60 -p1 %patch61 -p1 %patch64 -p1 %patch65 -p1 @@ -632,13 +544,11 @@ swap partition while in resuming %patch80 -p1 %patch81 -p1 %patch82 -p1 -%patch83 -p1 %patch84 -p1 %patch85 -p1 %patch92 -p1 %patch93 -p1 %patch94 -p1 -%patch95 -p1 %patch96 -p1 %patch97 -p1 %patch101 -p1 @@ -678,7 +588,6 @@ swap partition while in resuming %patch285 -p1 %patch286 -p1 %patch287 -p1 -%patch311 -p1 %patch411 -p1 %patch420 -p1 %patch421 -p1 @@ -689,92 +598,24 @@ swap partition while in resuming %patch501 -p1 %patch510 -p1 %patch511 -p1 -%patch601 -p1 -%patch602 -p1 -%patch603 -p1 -%patch610 -p1 -%patch611 -p1 -%patch700 -p1 -%patch701 -p1 -%patch702 -p1 -%patch703 -p1 -%patch704 -p1 -%patch705 -p1 -%patch706 -p1 -%patch707 -p1 -%patch708 -p1 -%patch709 -p1 -%patch710 -p1 -%patch711 -p1 -%patch712 -p1 -%patch713 -p1 %patch714 -p1 %patch716 -p1 %patch717 -p1 %patch718 -p1 %patch719 -p1 %patch721 -p1 -%patch722 -p1 -%patch723 -p1 %patch730 -p1 %patch731 -p1 %patch732 -p1 %patch733 -p1 -%patch734 -p1 %patch735 -p1 -%patch737 -p1 -%patch738 -p1 %patch739 -p1 %patch740 -p1 -%patch741 -p1 -%patch742 -p1 -%patch743 -p1 -%patch744 -p1 -%patch745 -p1 -%patch746 -p1 -%patch747 -p1 -%patch748 -p1 -%patch749 -p1 -%patch750 -p1 -%patch751 -p1 -%patch752 -p1 -%patch753 -p1 -%patch754 -p1 -%patch755 -p1 -%patch756 -p1 -%patch757 -p1 -%patch758 -p1 -%patch759 -p1 -%patch760 -p1 -%patch761 -p1 -%patch762 -p1 -%patch763 -p1 -%patch764 -p1 -%patch765 -p1 -%patch766 -p1 -%patch767 -p1 -%patch768 -p1 -%patch769 -p1 -%patch770 -p1 -%patch771 -p1 -%patch772 -p1 -%patch773 -p1 -%patch774 -p1 -%patch775 -p1 -%patch776 -p1 -%patch777 -p1 -%patch778 -p1 -%patch779 -p1 -%patch780 -p1 -%patch781 -p1 -%patch782 -p1 -%patch783 -p1 %patch784 -p1 -%patch785 -p1 %patch786 -p1 -%patch787 -p1 %patch788 -p1 %patch789 -p1 +%patch790 -p1 %build # collect evidence to debug spurious build failure on SLE15 @@ -872,7 +713,7 @@ make %{?_smp_mflags} FS_MODULES="btrfs ext2 xfs jfs reiserfs" CD_MODULES=" all_video boot cat chain configfile echo true \ - efinet font gfxmenu gfxterm gzio halt iso9660 \ + efifwsetup efinet font gfxmenu gfxterm gzio halt iso9660 \ jpeg minicmd normal part_apple part_msdos part_gpt \ password password_pbkdf2 png reboot search search_fs_uuid \ search_fs_file search_label sleep test video fat loadenv" @@ -1073,6 +914,9 @@ install -m 644 -D %{SOURCE15} %{buildroot}/%{_unitdir}/grub2-once.service install -m 755 -D %{SOURCE17} %{buildroot}/%{_libdir}/systemd/system-sleep/grub2.sleep %endif install -m 755 -D %{SOURCE18} %{buildroot}/%{_sbindir}/grub2-check-default +%ifarch %{ix86} x86_64 +install -m 755 -D %{SOURCE19} %{buildroot}/%{_libexecdir}/grub2-instdev-fixup.pl +%endif R="%{buildroot}" %ifarch %{ix86} x86_64 @@ -1287,6 +1131,7 @@ fi %config(noreplace) %{_sysconfdir}/grub.d/00_header %config(noreplace) %{_sysconfdir}/grub.d/10_linux %config(noreplace) %{_sysconfdir}/grub.d/20_linux_xen +%config(noreplace) %{_sysconfdir}/grub.d/30_uefi-firmware %config(noreplace) %{_sysconfdir}/grub.d/40_custom %config(noreplace) %{_sysconfdir}/grub.d/41_custom %config(noreplace) %{_sysconfdir}/grub.d/90_persistent @@ -1405,6 +1250,9 @@ fi %endif %{_datadir}/%{name}/%{grubarch}/kernel.exec %{_datadir}/%{name}/%{grubarch}/modinfo.sh +%ifarch %{ix86} x86_64 +%{_libexecdir}/%{name}-instdev-fixup.pl +%endif %files %{grubarch}-debug %defattr(-,root,root,-) diff --git a/risc-v-add-clzdi2-symbol.patch b/risc-v-add-clzdi2-symbol.patch deleted file mode 100644 index a42d38f..0000000 --- a/risc-v-add-clzdi2-symbol.patch +++ /dev/null @@ -1,46 +0,0 @@ -From a57977b5faf800ac68f7dfe6b84138208c7e6072 Mon Sep 17 00:00:00 2001 -From: Andreas Schwab -Date: Thu, 19 Sep 2019 09:39:04 +0200 -Subject: [PATCH] RISC-V: Add __clzdi2 symbol - -This is needed for the zstd module build for riscv64-emu. - -Signed-off-by: Andreas Schwab -Reviewed-by: Daniel Kiper ---- - configure.ac | 2 +- - include/grub/compiler-rt-emu.h | 5 +++++ - 2 files changed, 6 insertions(+), 1 deletion(-) - -diff --git a/configure.ac b/configure.ac -index e07ba4b56..7d74eba66 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -1370,7 +1370,7 @@ fi - - # Check for libgcc symbols - if test x"$platform" = xemu; then --AC_CHECK_FUNCS(__udivsi3 __umodsi3 __divsi3 __modsi3 __divdi3 __moddi3 __udivdi3 __umoddi3 __ctzdi2 __ctzsi2 __aeabi_uidiv __aeabi_uidivmod __aeabi_idiv __aeabi_idivmod __aeabi_ulcmp __muldi3 __aeabi_lmul __aeabi_memcpy __aeabi_memcpy4 __aeabi_memcpy8 __aeabi_memclr __aeabi_memclr4 __aeabi_memclr8 __aeabi_memset __aeabi_lasr __aeabi_llsl __aeabi_llsr _restgpr_14_x __ucmpdi2 __ashldi3 __ashrdi3 __lshrdi3 __bswapsi2 __bswapdi2 __bzero __register_frame_info __deregister_frame_info ___chkstk_ms __chkstk_ms) -+AC_CHECK_FUNCS(__udivsi3 __umodsi3 __divsi3 __modsi3 __divdi3 __moddi3 __udivdi3 __umoddi3 __ctzdi2 __ctzsi2 __clzdi2 __aeabi_uidiv __aeabi_uidivmod __aeabi_idiv __aeabi_idivmod __aeabi_ulcmp __muldi3 __aeabi_lmul __aeabi_memcpy __aeabi_memcpy4 __aeabi_memcpy8 __aeabi_memclr __aeabi_memclr4 __aeabi_memclr8 __aeabi_memset __aeabi_lasr __aeabi_llsl __aeabi_llsr _restgpr_14_x __ucmpdi2 __ashldi3 __ashrdi3 __lshrdi3 __bswapsi2 __bswapdi2 __bzero __register_frame_info __deregister_frame_info ___chkstk_ms __chkstk_ms) - fi - - if test "x$TARGET_APPLE_LINKER" = x1 ; then -diff --git a/include/grub/compiler-rt-emu.h b/include/grub/compiler-rt-emu.h -index b21425d9e..fde620ac1 100644 ---- a/include/grub/compiler-rt-emu.h -+++ b/include/grub/compiler-rt-emu.h -@@ -74,6 +74,11 @@ unsigned - EXPORT_FUNC (__ctzsi2) (grub_uint32_t x); - #endif - -+#ifdef HAVE___CLZDI2 -+int -+EXPORT_FUNC (__clzdi2) (grub_uint64_t x); -+#endif -+ - #ifdef HAVE___AEABI_UIDIV - grub_uint32_t - EXPORT_FUNC (__aeabi_uidiv) (grub_uint32_t a, grub_uint32_t b); --- -2.23.0 - diff --git a/risc-v-fix-computation-of-pc-relative-relocation-offset.patch b/risc-v-fix-computation-of-pc-relative-relocation-offset.patch deleted file mode 100644 index b77926a..0000000 --- a/risc-v-fix-computation-of-pc-relative-relocation-offset.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 2bf40e9e5be9808b17852e688eead87acff14420 Mon Sep 17 00:00:00 2001 -From: Andreas Schwab -Date: Wed, 26 Jun 2019 16:50:03 +0200 -Subject: [PATCH] RISC-V: Fix computation of pc-relative relocation offset - -The offset calculation was missing the relocation addend. - -Signed-off-by: Andreas Schwab -Tested-by: Chester Lin -Reviewed-by: Daniel Kiper ---- - util/grub-mkimagexx.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/util/grub-mkimagexx.c b/util/grub-mkimagexx.c -index bc087c2b5..d16ec63a1 100644 ---- a/util/grub-mkimagexx.c -+++ b/util/grub-mkimagexx.c -@@ -1232,8 +1232,7 @@ SUFFIX (relocate_addrs) (Elf_Ehdr *e, struct section_metadata *smd, - grub_uint32_t *t32 = (grub_uint32_t *) target; - grub_uint16_t *t16 = (grub_uint16_t *) target; - grub_uint8_t *t8 = (grub_uint8_t *) target; -- grub_int64_t off = (long)sym_addr - target_section_addr - offset -- - image_target->vaddr_offset; -+ grub_int64_t off; - - /* - * Instructions and instruction encoding are documented in the RISC-V -@@ -1243,6 +1242,7 @@ SUFFIX (relocate_addrs) (Elf_Ehdr *e, struct section_metadata *smd, - */ - - sym_addr += addend; -+ off = sym_addr - target_section_addr - offset - image_target->vaddr_offset; - - switch (ELF_R_TYPE (info)) - { --- -2.23.0 - diff --git a/use-grub2-as-a-package-name.patch b/use-grub2-as-a-package-name.patch index 9639a42..1eaa3fc 100644 --- a/use-grub2-as-a-package-name.patch +++ b/use-grub2-as-a-package-name.patch @@ -12,16 +12,16 @@ Signed-off-by: Jiri Slaby configure.ac | 2 +- 2 files changed, 13 insertions(+), 13 deletions(-) -Index: grub-2.04/configure.ac +Index: grub-2.06/configure.ac =================================================================== ---- grub-2.04.orig/configure.ac -+++ grub-2.04/configure.ac -@@ -31,7 +31,7 @@ dnl (such as BUILD_CC, BUILD_CFLAGS, etc - dnl with the prefix "TARGET_" (such as TARGET_CC, TARGET_CFLAGS, etc.) are - dnl used for the target type. See INSTALL for full list of variables. +--- grub-2.06.orig/configure.ac ++++ grub-2.06/configure.ac +@@ -34,7 +34,7 @@ dnl "TARGET_" (such as TARGET_CC, TARGET + dnl the target type. See INSTALL for full list of variables and + dnl description of the relationships between them. --AC_INIT([GRUB],[2.04],[bug-grub@gnu.org]) -+AC_INIT([GRUB2],[2.04],[bug-grub@gnu.org]) +-AC_INIT([GRUB],[2.06],[bug-grub@gnu.org]) ++AC_INIT([GRUB2],[2.06],[bug-grub@gnu.org]) AC_CONFIG_AUX_DIR([build-aux])