be3181b1eb
- VUL-0: grub2,shim: implement new SBAT method (bsc#1182057) * 0031-util-mkimage-Remove-unused-code-to-add-BSS-section.patch * 0032-util-mkimage-Use-grub_host_to_target32-instead-of-gr.patch * 0033-util-mkimage-Always-use-grub_host_to_target32-to-ini.patch * 0034-util-mkimage-Unify-more-of-the-PE32-and-PE32-header-.patch * 0035-util-mkimage-Reorder-PE-optional-header-fields-set-u.patch * 0036-util-mkimage-Improve-data_size-value-calculation.patch * 0037-util-mkimage-Refactor-section-setup-to-use-a-helper.patch * 0038-util-mkimage-Add-an-option-to-import-SBAT-metadata-i.patch * 0039-grub-install-common-Add-sbat-option.patch - Fix CVE-2021-20225 (bsc#1182262) * 0022-lib-arg-Block-repeated-short-options-that-require-an.patch - Fix CVE-2020-27749 (bsc#1179264) * 0024-kern-parser-Fix-resource-leak-if-argc-0.patch * 0025-kern-parser-Fix-a-memory-leak.patch * 0026-kern-parser-Introduce-process_char-helper.patch * 0027-kern-parser-Introduce-terminate_arg-helper.patch * 0028-kern-parser-Refactor-grub_parser_split_cmdline-clean.patch * 0029-kern-buffer-Add-variable-sized-heap-buffer.patch * 0030-kern-parser-Fix-a-stack-buffer-overflow.patch - Fix CVE-2021-20233 (bsc#1182263) * 0023-commands-menuentry-Fix-quoting-in-setparams_prefix.patch - Fix CVE-2020-25647 (bsc#1177883) * 0021-usb-Avoid-possible-out-of-bound-accesses-caused-by-m.patch - Fix CVE-2020-25632 (bsc#1176711) * 0020-dl-Only-allow-unloading-modules-that-are-not-depende.patch - Fix CVE-2020-27779, CVE-2020-14372 (bsc#1179265) (bsc#1175970) * 0001-include-grub-i386-linux.h-Include-missing-grub-types.patch * 0002-efi-Make-shim_lock-GUID-and-protocol-type-public.patch * 0003-efi-Return-grub_efi_status_t-from-grub_efi_get_varia.patch OBS-URL: https://build.opensuse.org/request/show/876326 OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=374
221 lines
9.0 KiB
Diff
221 lines
9.0 KiB
Diff
From aa25aa5d9ce91e862cc951225c5aabc78c4d4366 Mon Sep 17 00:00:00 2001
|
|
From: Peter Jones <pjones@redhat.com>
|
|
Date: Mon, 15 Feb 2021 14:58:06 +0100
|
|
Subject: [PATCH 37/46] util/mkimage: Refactor section setup to use a helper
|
|
|
|
Add a init_pe_section() helper function to setup PE sections. This makes
|
|
the code simpler and easier to read.
|
|
|
|
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
|
|
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
|
|
---
|
|
util/mkimage.c | 143 ++++++++++++++++++++++++++-----------------------
|
|
1 file changed, 77 insertions(+), 66 deletions(-)
|
|
|
|
diff --git a/util/mkimage.c b/util/mkimage.c
|
|
index 853a52179..8b475a691 100644
|
|
--- a/util/mkimage.c
|
|
+++ b/util/mkimage.c
|
|
@@ -816,6 +816,38 @@ grub_install_get_image_targets_string (void)
|
|
return formats;
|
|
}
|
|
|
|
+/*
|
|
+ * The image_target parameter is used by the grub_host_to_target32() macro.
|
|
+ */
|
|
+static struct grub_pe32_section_table *
|
|
+init_pe_section(const struct grub_install_image_target_desc *image_target,
|
|
+ struct grub_pe32_section_table *section,
|
|
+ const char * const name,
|
|
+ grub_uint32_t *vma, grub_uint32_t vsz, grub_uint32_t valign,
|
|
+ grub_uint32_t *rda, grub_uint32_t rsz,
|
|
+ grub_uint32_t characteristics)
|
|
+{
|
|
+ size_t len = strlen (name);
|
|
+
|
|
+ if (len > sizeof (section->name))
|
|
+ grub_util_error (_("section name %s length is bigger than %lu"),
|
|
+ name, (unsigned long) sizeof (section->name));
|
|
+
|
|
+ memcpy (section->name, name, len);
|
|
+
|
|
+ section->virtual_address = grub_host_to_target32 (*vma);
|
|
+ section->virtual_size = grub_host_to_target32 (vsz);
|
|
+ (*vma) = ALIGN_UP (*vma + vsz, valign);
|
|
+
|
|
+ section->raw_data_offset = grub_host_to_target32 (*rda);
|
|
+ section->raw_data_size = grub_host_to_target32 (rsz);
|
|
+ (*rda) = ALIGN_UP (*rda + rsz, GRUB_PE32_FILE_ALIGNMENT);
|
|
+
|
|
+ section->characteristics = grub_host_to_target32 (characteristics);
|
|
+
|
|
+ return section + 1;
|
|
+}
|
|
+
|
|
/*
|
|
* tmp_ is just here so the compiler knows we'll never derefernce a NULL.
|
|
* It should get fully optimized away.
|
|
@@ -1257,17 +1289,13 @@ grub_install_generate_image (const char *dir, const char *prefix,
|
|
break;
|
|
case IMAGE_EFI:
|
|
{
|
|
- void *pe_img;
|
|
- grub_uint8_t *header;
|
|
- void *sections;
|
|
+ char *pe_img, *header;
|
|
+ struct grub_pe32_section_table *section;
|
|
size_t scn_size;
|
|
- size_t pe_size;
|
|
+ grub_uint32_t vma, raw_data;
|
|
+ size_t pe_size, header_size;
|
|
struct grub_pe32_coff_header *c;
|
|
- struct grub_pe32_section_table *text_section, *data_section;
|
|
- struct grub_pe32_section_table *mods_section, *reloc_section;
|
|
static const grub_uint8_t stub[] = GRUB_PE32_MSDOS_STUB;
|
|
- int header_size;
|
|
- int reloc_addr;
|
|
struct grub_pe32_optional_header *o32 = NULL;
|
|
struct grub_pe64_optional_header *o64 = NULL;
|
|
|
|
@@ -1276,17 +1304,12 @@ grub_install_generate_image (const char *dir, const char *prefix,
|
|
else
|
|
header_size = EFI64_HEADER_SIZE;
|
|
|
|
- reloc_addr = ALIGN_UP (header_size + core_size,
|
|
- GRUB_PE32_FILE_ALIGNMENT);
|
|
+ vma = raw_data = header_size;
|
|
+ pe_size = ALIGN_UP (header_size + core_size, GRUB_PE32_FILE_ALIGNMENT) +
|
|
+ ALIGN_UP (layout.reloc_size, GRUB_PE32_FILE_ALIGNMENT);
|
|
+ header = pe_img = xcalloc (1, pe_size);
|
|
|
|
- pe_size = ALIGN_UP (reloc_addr + layout.reloc_size,
|
|
- GRUB_PE32_FILE_ALIGNMENT);
|
|
- pe_img = xmalloc (reloc_addr + layout.reloc_size);
|
|
- memset (pe_img, 0, header_size);
|
|
- memcpy ((char *) pe_img + header_size, core_img, core_size);
|
|
- memset ((char *) pe_img + header_size + core_size, 0, reloc_addr - (header_size + core_size));
|
|
- memcpy ((char *) pe_img + reloc_addr, layout.reloc_section, layout.reloc_size);
|
|
- header = pe_img;
|
|
+ memcpy (pe_img + raw_data, core_img, core_size);
|
|
|
|
/* The magic. */
|
|
memcpy (header, stub, GRUB_PE32_MSDOS_STUB_SIZE);
|
|
@@ -1319,18 +1342,17 @@ grub_install_generate_image (const char *dir, const char *prefix,
|
|
o32->magic = grub_host_to_target16 (GRUB_PE32_PE32_MAGIC);
|
|
o32->data_base = grub_host_to_target32 (header_size + layout.exec_size);
|
|
|
|
- sections = o32 + 1;
|
|
+ section = (struct grub_pe32_section_table *)(o32 + 1);
|
|
}
|
|
else
|
|
{
|
|
c->optional_header_size = grub_host_to_target16 (sizeof (struct grub_pe64_optional_header));
|
|
-
|
|
o64 = (struct grub_pe64_optional_header *)
|
|
(header + GRUB_PE32_MSDOS_STUB_SIZE + GRUB_PE32_SIGNATURE_SIZE +
|
|
sizeof (struct grub_pe32_coff_header));
|
|
o64->magic = grub_host_to_target16 (GRUB_PE32_PE64_MAGIC);
|
|
|
|
- sections = o64 + 1;
|
|
+ section = (struct grub_pe32_section_table *)(o64 + 1);
|
|
}
|
|
|
|
PE_OHDR (o32, o64, header_size) = grub_host_to_target32 (header_size);
|
|
@@ -1350,58 +1372,47 @@ grub_install_generate_image (const char *dir, const char *prefix,
|
|
PE_OHDR (o32, o64, num_data_directories) = grub_host_to_target32 (GRUB_PE32_NUM_DATA_DIRECTORIES);
|
|
|
|
/* The sections. */
|
|
- PE_OHDR (o32, o64, code_base) = grub_host_to_target32 (header_size);
|
|
+ PE_OHDR (o32, o64, code_base) = grub_host_to_target32 (vma);
|
|
PE_OHDR (o32, o64, code_size) = grub_host_to_target32 (layout.exec_size);
|
|
- text_section = sections;
|
|
- strcpy (text_section->name, ".text");
|
|
- text_section->virtual_size = grub_host_to_target32 (layout.exec_size);
|
|
- text_section->virtual_address = grub_host_to_target32 (header_size);
|
|
- text_section->raw_data_size = grub_host_to_target32 (layout.exec_size);
|
|
- text_section->raw_data_offset = grub_host_to_target32 (header_size);
|
|
- text_section->characteristics = grub_cpu_to_le32_compile_time (
|
|
- GRUB_PE32_SCN_CNT_CODE
|
|
- | GRUB_PE32_SCN_MEM_EXECUTE
|
|
- | GRUB_PE32_SCN_MEM_READ);
|
|
+ section = init_pe_section (image_target, section, ".text",
|
|
+ &vma, layout.exec_size,
|
|
+ image_target->section_align,
|
|
+ &raw_data, layout.exec_size,
|
|
+ GRUB_PE32_SCN_CNT_CODE |
|
|
+ GRUB_PE32_SCN_MEM_EXECUTE |
|
|
+ GRUB_PE32_SCN_MEM_READ);
|
|
|
|
scn_size = ALIGN_UP (layout.kernel_size - layout.exec_size, GRUB_PE32_FILE_ALIGNMENT);
|
|
PE_OHDR (o32, o64, data_size) = grub_host_to_target32 (scn_size +
|
|
ALIGN_UP (total_module_size,
|
|
GRUB_PE32_FILE_ALIGNMENT));
|
|
|
|
- data_section = text_section + 1;
|
|
- strcpy (data_section->name, ".data");
|
|
- data_section->virtual_size = grub_host_to_target32 (layout.kernel_size - layout.exec_size);
|
|
- data_section->virtual_address = grub_host_to_target32 (header_size + layout.exec_size);
|
|
- data_section->raw_data_size = grub_host_to_target32 (layout.kernel_size - layout.exec_size);
|
|
- data_section->raw_data_offset = grub_host_to_target32 (header_size + layout.exec_size);
|
|
- data_section->characteristics
|
|
- = grub_cpu_to_le32_compile_time (GRUB_PE32_SCN_CNT_INITIALIZED_DATA
|
|
- | GRUB_PE32_SCN_MEM_READ
|
|
- | GRUB_PE32_SCN_MEM_WRITE);
|
|
-
|
|
- mods_section = data_section + 1;
|
|
- strcpy (mods_section->name, "mods");
|
|
- mods_section->virtual_size = grub_host_to_target32 (reloc_addr - layout.kernel_size - header_size);
|
|
- mods_section->virtual_address = grub_host_to_target32 (header_size + layout.kernel_size + layout.bss_size);
|
|
- mods_section->raw_data_size = grub_host_to_target32 (reloc_addr - layout.kernel_size - header_size);
|
|
- mods_section->raw_data_offset = grub_host_to_target32 (header_size + layout.kernel_size);
|
|
- mods_section->characteristics
|
|
- = grub_cpu_to_le32_compile_time (GRUB_PE32_SCN_CNT_INITIALIZED_DATA
|
|
- | GRUB_PE32_SCN_MEM_READ
|
|
- | GRUB_PE32_SCN_MEM_WRITE);
|
|
-
|
|
- PE_OHDR (o32, o64, base_relocation_table.rva) = grub_host_to_target32 (reloc_addr);
|
|
- PE_OHDR (o32, o64, base_relocation_table.size) = grub_host_to_target32 (layout.reloc_size);
|
|
- reloc_section = mods_section + 1;
|
|
- strcpy (reloc_section->name, ".reloc");
|
|
- reloc_section->virtual_size = grub_host_to_target32 (layout.reloc_size);
|
|
- reloc_section->virtual_address = grub_host_to_target32 (reloc_addr + layout.bss_size);
|
|
- reloc_section->raw_data_size = grub_host_to_target32 (layout.reloc_size);
|
|
- reloc_section->raw_data_offset = grub_host_to_target32 (reloc_addr);
|
|
- reloc_section->characteristics
|
|
- = grub_cpu_to_le32_compile_time (GRUB_PE32_SCN_CNT_INITIALIZED_DATA
|
|
- | GRUB_PE32_SCN_MEM_DISCARDABLE
|
|
- | GRUB_PE32_SCN_MEM_READ);
|
|
+ section = init_pe_section (image_target, section, ".data",
|
|
+ &vma, scn_size, image_target->section_align,
|
|
+ &raw_data, scn_size,
|
|
+ GRUB_PE32_SCN_CNT_INITIALIZED_DATA |
|
|
+ GRUB_PE32_SCN_MEM_READ |
|
|
+ GRUB_PE32_SCN_MEM_WRITE);
|
|
+
|
|
+ scn_size = pe_size - layout.reloc_size - raw_data;
|
|
+ section = init_pe_section (image_target, section, "mods",
|
|
+ &vma, scn_size, image_target->section_align,
|
|
+ &raw_data, scn_size,
|
|
+ GRUB_PE32_SCN_CNT_INITIALIZED_DATA |
|
|
+ GRUB_PE32_SCN_MEM_READ |
|
|
+ GRUB_PE32_SCN_MEM_WRITE);
|
|
+
|
|
+ scn_size = layout.reloc_size;
|
|
+ PE_OHDR (o32, o64, base_relocation_table.rva) = grub_host_to_target32 (vma);
|
|
+ PE_OHDR (o32, o64, base_relocation_table.size) = grub_host_to_target32 (scn_size);
|
|
+ memcpy (pe_img + raw_data, layout.reloc_section, scn_size);
|
|
+ init_pe_section (image_target, section, ".reloc",
|
|
+ &vma, scn_size, image_target->section_align,
|
|
+ &raw_data, scn_size,
|
|
+ GRUB_PE32_SCN_CNT_INITIALIZED_DATA |
|
|
+ GRUB_PE32_SCN_MEM_DISCARDABLE |
|
|
+ GRUB_PE32_SCN_MEM_READ);
|
|
+
|
|
free (core_img);
|
|
core_img = pe_img;
|
|
core_size = pe_size;
|
|
--
|
|
2.26.2
|
|
|