pool/grub2
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
d6d145b71a
grub2/grub2-grubenv-in-btrfs-header.patch
Michael Chang 1f5e046570 Accepting request 823469 from home:michael-chang:branches:Base:System 
- Fix for CVE-2020-10713 (bsc#1168994)
  * 0001-yylex-Make-lexer-fatal-errors-actually-be-fatal.patch
- Fix for CVE-2020-14308 CVE-2020-14309, CVE-2020-14310, CVE-2020-14311
  (bsc#1173812)
  * 0002-safemath-Add-some-arithmetic-primitives-that-check-f.patch
  * 0003-calloc-Make-sure-we-always-have-an-overflow-checking.patch
  * 0004-calloc-Use-calloc-at-most-places.patch
  * 0005-malloc-Use-overflow-checking-primitives-where-we-do-.patch
  * 0006-iso9660-Don-t-leak-memory-on-realloc-failures.patch
  * 0007-font-Do-not-load-more-than-one-NAME-section.patch
- Fix CVE-2020-15706 (bsc#1174463)
  * 0008-script-Remove-unused-fields-from-grub_script_functio.patch
  * 0009-script-Avoid-a-use-after-free-when-redefining-a-func.patch
- Fix CVE-2020-15707 (bsc#1174570)
  * 0010-linux-Fix-integer-overflows-in-initrd-size-handling.patch
- Use overflow checking primitives where the arithmetic expression for buffer
  allocations may include unvalidated data
- Use grub_calloc for overflow check and return NULL when it would occur 
  * 0001-add-support-for-UEFI-network-protocols.patch
  * 0003-bootp-New-net_bootp6-command.patch
  * grub2-btrfs-01-add-ability-to-boot-from-subvolumes.patch
  * grub2-btrfs-09-get-default-subvolume.patch
  * grub2-gfxmenu-support-scrolling-menu-entry-s-text.patch
  * grub2-grubenv-in-btrfs-header.patch

OBS-URL: https://build.opensuse.org/request/show/823469
OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=358
2020-07-30 01:36:35 +00:00

505 lines
12 KiB
Diff
Raw Blame History

GRUB cannot write Btrfs file systems from the bootloader, so it cannot
modify values set from userspace (e.g. "next_entry" set by grub2-once).
As a workaround use the Btrfs header to store known data of the GRUB environment
block.
v2: export env_block and make sure to use the device of grubenv
v3:
* Use xcalloc for overflow check and return NULL when it would
occur.
---
Index: grub-2.04/grub-core/kern/fs.c
===================================================================
--- grub-2.04.orig/grub-core/kern/fs.c
+++ grub-2.04/grub-core/kern/fs.c
@@ -27,6 +27,7 @@
#include <grub/mm.h>
#include <grub/term.h>
#include <grub/i18n.h>
+#include <grub/partition.h>
grub_fs_t grub_fs_list = 0;
@@ -228,6 +229,13 @@ grub_fs_blocklist_read (grub_file_t file
size, buf) != GRUB_ERR_NONE)
return -1;
+ if (file->read_hook)
+ {
+ grub_disk_addr_t part_start;
+
+ part_start = grub_partition_get_start (file->device->disk->partition);
+ file->read_hook (p->offset + sector + part_start, (unsigned)offset, (unsigned)size, file->read_hook_data);
+ }
ret += size;
len -= size;
sector -= ((size + offset) >> GRUB_DISK_SECTOR_BITS);
Index: grub-2.04/util/grub-editenv.c
===================================================================
--- grub-2.04.orig/util/grub-editenv.c
+++ grub-2.04/util/grub-editenv.c
@@ -23,8 +23,11 @@
#include <grub/util/misc.h>
#include <grub/lib/envblk.h>
#include <grub/i18n.h>
-#include <grub/emu/hostfile.h>
+#include <grub/emu/hostdisk.h>
#include <grub/util/install.h>
+#include <grub/emu/getroot.h>
+#include <grub/fs.h>
+#include <grub/crypto.h>
#include <stdio.h>
#include <unistd.h>
@@ -120,6 +123,140 @@ block, use `rm %s'."),
NULL, help_filter, NULL
};
+struct fs_envblk_spec {
+ const char *fs_name;
+ int offset;
+ int size;
+} fs_envblk_spec[] = {
+ { "btrfs", 256 * 1024, GRUB_DISK_SECTOR_SIZE },
+ { NULL, 0, 0 }
+};
+
+struct fs_envblk {
+ struct fs_envblk_spec *spec;
+ const char *dev;
+};
+
+typedef struct fs_envblk_spec *fs_envblk_spec_t;
+typedef struct fs_envblk *fs_envblk_t;
+
+fs_envblk_t fs_envblk = NULL;
+
+static int
+read_envblk_fs (const char *varname, const char *value, void *hook_data)
+{
+ grub_envblk_t *p_envblk = (grub_envblk_t *)hook_data;
+
+ if (!p_envblk || !fs_envblk)
+ return 0;
+
+ if (strcmp (varname, "env_block") == 0)
+ {
+ int off, sz;
+ char *p;
+
+ off = strtol (value, &p, 10);
+ if (*p == '+')
+ sz = strtol (p+1, &p, 10);
+
+ if (*p == '\0')
+ {
+ FILE *fp;
+ char *buf;
+
+ off <<= GRUB_DISK_SECTOR_BITS;
+ sz <<= GRUB_DISK_SECTOR_BITS;
+
+ fp = grub_util_fopen (fs_envblk->dev, "rb");
+ if (! fp)
+ grub_util_error (_("cannot open `%s': %s"), fs_envblk->dev,
+ strerror (errno));
+
+
+ if (fseek (fp, off, SEEK_SET) < 0)
+ grub_util_error (_("cannot seek `%s': %s"), fs_envblk->dev,
+ strerror (errno));
+
+ buf = xmalloc (sz);
+ if ((fread (buf, 1, sz, fp)) != sz)
+ grub_util_error (_("cannot read `%s': %s"), fs_envblk->dev,
+ strerror (errno));
+
+ fclose (fp);
+
+ *p_envblk = grub_envblk_open (buf, sz);
+ }
+ }
+
+ return 0;
+}
+
+static void
+create_envblk_fs (void)
+{
+ FILE *fp;
+ char *buf;
+ const char *device;
+ int offset, size;
+
+ if (!fs_envblk)
+ return;
+
+ device = fs_envblk->dev;
+ offset = fs_envblk->spec->offset;
+ size = fs_envblk->spec->size;
+
+ fp = grub_util_fopen (device, "r+b");
+ if (! fp)
+ grub_util_error (_("cannot open `%s': %s"), device, strerror (errno));
+
+ buf = xmalloc (size);
+ memcpy (buf, GRUB_ENVBLK_SIGNATURE, sizeof (GRUB_ENVBLK_SIGNATURE) - 1);
+ memset (buf + sizeof (GRUB_ENVBLK_SIGNATURE) - 1, '#', size - sizeof (GRUB_ENVBLK_SIGNATURE) + 1);
+
+ if (fseek (fp, offset, SEEK_SET) < 0)
+ grub_util_error (_("cannot seek `%s': %s"), device, strerror (errno));
+
+ if (fwrite (buf, 1, size, fp) != size)
+ grub_util_error (_("cannot write to `%s': %s"), device, strerror (errno));
+
+ grub_util_file_sync (fp);
+ free (buf);
+ fclose (fp);
+}
+
+static grub_envblk_t
+open_envblk_fs (grub_envblk_t envblk)
+{
+ grub_envblk_t envblk_fs = NULL;
+ char *val;
+ int offset, size;
+
+ if (!fs_envblk)
+ return NULL;
+
+ offset = fs_envblk->spec->offset;
+ size = fs_envblk->spec->size;
+
+ grub_envblk_iterate (envblk, &envblk_fs, read_envblk_fs);
+
+ if (envblk_fs && grub_envblk_size (envblk_fs) == size)
+ return envblk_fs;
+
+ create_envblk_fs ();
+
+ offset = offset >> GRUB_DISK_SECTOR_BITS;
+ size = (size + GRUB_DISK_SECTOR_SIZE - 1) >> GRUB_DISK_SECTOR_BITS;
+
+ val = xasprintf ("%d+%d", offset, size);
+ if (! grub_envblk_set (envblk, "env_block", val))
+ grub_util_error ("%s", _("environment block too small"));
+ grub_envblk_iterate (envblk, &envblk_fs, read_envblk_fs);
+ free (val);
+
+ return envblk_fs;
+}
+
static grub_envblk_t
open_envblk_file (const char *name)
{
@@ -176,10 +313,17 @@ static void
list_variables (const char *name)
{
grub_envblk_t envblk;
+ grub_envblk_t envblk_fs = NULL;
envblk = open_envblk_file (name);
+ grub_envblk_iterate (envblk, &envblk_fs, read_envblk_fs);
grub_envblk_iterate (envblk, NULL, print_var);
grub_envblk_close (envblk);
+ if (envblk_fs)
+ {
+ grub_envblk_iterate (envblk_fs, NULL, print_var);
+ grub_envblk_close (envblk_fs);
+ }
}
static void
@@ -203,6 +347,38 @@ write_envblk (const char *name, grub_env
}
static void
+write_envblk_fs (grub_envblk_t envblk)
+{
+ FILE *fp;
+ const char *device;
+ int offset, size;
+
+ if (!fs_envblk)
+ return;
+
+ device = fs_envblk->dev;
+ offset = fs_envblk->spec->offset;
+ size = fs_envblk->spec->size;
+
+ if (grub_envblk_size (envblk) > size)
+ grub_util_error ("%s", _("environment block too small"));
+
+ fp = grub_util_fopen (device, "r+b");
+
+ if (! fp)
+ grub_util_error (_("cannot open `%s': %s"), device, strerror (errno));
+
+ if (fseek (fp, offset, SEEK_SET) < 0)
+ grub_util_error (_("cannot seek `%s': %s"), device, strerror (errno));
+
+ if (fwrite (grub_envblk_buffer (envblk), 1, grub_envblk_size (envblk), fp) != grub_envblk_size (envblk))
+ grub_util_error (_("cannot write to `%s': %s"), device, strerror (errno));
+
+ grub_util_file_sync (fp);
+ fclose (fp);
+}
+
+static void
set_variables (const char *name, int argc, char *argv[])
{
grub_envblk_t envblk;
@@ -218,8 +394,27 @@ set_variables (const char *name, int arg
*(p++) = 0;
- if (! grub_envblk_set (envblk, argv[0], p))
- grub_util_error ("%s", _("environment block too small"));
+ if ((strcmp (argv[0], "next_entry") == 0 ||
+ strcmp (argv[0], "health_checker_flag") == 0) && fs_envblk)
+ {
+ grub_envblk_t envblk_fs;
+ envblk_fs = open_envblk_fs (envblk);
+ if (!envblk_fs)
+ grub_util_error ("%s", _("can't open fs environment block"));
+ if (! grub_envblk_set (envblk_fs, argv[0], p))
+ grub_util_error ("%s", _("environment block too small"));
+ write_envblk_fs (envblk_fs);
+ grub_envblk_close (envblk_fs);
+ }
+ else if (strcmp (argv[0], "env_block") == 0)
+ {
+ grub_util_warn ("can't set env_block as it's read-only");
+ }
+ else
+ {
+ if (! grub_envblk_set (envblk, argv[0], p))
+ grub_util_error ("%s", _("environment block too small"));
+ }
argc--;
argv++;
@@ -227,26 +422,158 @@ set_variables (const char *name, int arg
write_envblk (name, envblk);
grub_envblk_close (envblk);
+
}
static void
unset_variables (const char *name, int argc, char *argv[])
{
grub_envblk_t envblk;
+ grub_envblk_t envblk_fs;
envblk = open_envblk_file (name);
+
+ envblk_fs = NULL;
+ if (fs_envblk)
+ envblk_fs = open_envblk_fs (envblk);
+
while (argc)
{
grub_envblk_delete (envblk, argv[0]);
+ if (envblk_fs)
+ grub_envblk_delete (envblk_fs, argv[0]);
+
argc--;
argv++;
}
write_envblk (name, envblk);
grub_envblk_close (envblk);
+
+ if (envblk_fs)
+ {
+ write_envblk_fs (envblk_fs);
+ grub_envblk_close (envblk_fs);
+ }
+}
+
+int have_abstraction = 0;
+static void
+probe_abstraction (grub_disk_t disk)
+{
+ if (disk->partition == NULL)
+ grub_util_info ("no partition map found for %s", disk->name);
+
+ if (disk->dev->id == GRUB_DISK_DEVICE_DISKFILTER_ID ||
+ disk->dev->id == GRUB_DISK_DEVICE_CRYPTODISK_ID)
+ {
+ have_abstraction = 1;
+ }
}
+static fs_envblk_t
+probe_fs_envblk (fs_envblk_spec_t spec)
+{
+ char **grub_devices;
+ char **curdev, **curdrive;
+ size_t ndev = 0;
+ char **grub_drives;
+ grub_device_t grub_dev = NULL;
+ grub_fs_t grub_fs;
+ const char *fs_envblk_device;
+
+#ifdef __s390x__
+ return NULL;
+#endif
+
+ grub_util_biosdisk_init (DEFAULT_DEVICE_MAP);
+ grub_init_all ();
+ grub_gcry_init_all ();
+
+ grub_lvm_fini ();
+ grub_mdraid09_fini ();
+ grub_mdraid1x_fini ();
+ grub_diskfilter_fini ();
+ grub_diskfilter_init ();
+ grub_mdraid09_init ();
+ grub_mdraid1x_init ();
+ grub_lvm_init ();
+
+ grub_devices = grub_guess_root_devices (DEFAULT_DIRECTORY);
+
+ if (!grub_devices || !grub_devices[0])
+ grub_util_error (_("cannot find a device for %s (is /dev mounted?)"), DEFAULT_DIRECTORY);
+
+ fs_envblk_device = grub_devices[0];
+
+ for (curdev = grub_devices; *curdev; curdev++)
+ {
+ grub_util_pull_device (*curdev);
+ ndev++;
+ }
+
+ grub_drives = xcalloc ((ndev + 1), sizeof (grub_drives[0]));
+
+ for (curdev = grub_devices, curdrive = grub_drives; *curdev; curdev++,
+ curdrive++)
+ {
+ *curdrive = grub_util_get_grub_dev (*curdev);
+ if (! *curdrive)
+ grub_util_error (_("cannot find a GRUB drive for %s. Check your device.map"),
+ *curdev);
+ }
+ *curdrive = 0;
+
+ grub_dev = grub_device_open (grub_drives[0]);
+ if (! grub_dev)
+ grub_util_error ("%s", grub_errmsg);
+
+ grub_fs = grub_fs_probe (grub_dev);
+ if (! grub_fs)
+ grub_util_error ("%s", grub_errmsg);
+
+ if (grub_dev->disk)
+ {
+ probe_abstraction (grub_dev->disk);
+ }
+ for (curdrive = grub_drives + 1; *curdrive; curdrive++)
+ {
+ grub_device_t dev = grub_device_open (*curdrive);
+ if (!dev)
+ continue;
+ if (dev->disk)
+ probe_abstraction (dev->disk);
+ grub_device_close (dev);
+ }
+
+ free (grub_drives);
+ grub_device_close (grub_dev);
+ grub_gcry_fini_all ();
+ grub_fini_all ();
+ grub_util_biosdisk_fini ();
+
+ fs_envblk_spec_t p;
+
+ for (p = spec; p->fs_name; p++)
+ {
+ if (strcmp (grub_fs->name, p->fs_name) == 0 && !have_abstraction)
+ {
+ if (p->offset % GRUB_DISK_SECTOR_SIZE == 0 &&
+ p->size % GRUB_DISK_SECTOR_SIZE == 0)
+ {
+ fs_envblk = xmalloc (sizeof (fs_envblk_t));
+ fs_envblk->spec = p;
+ fs_envblk->dev = strdup(fs_envblk_device);
+ return fs_envblk;
+ }
+ }
+ }
+
+ return NULL;
+}
+
+
int
main (int argc, char *argv[])
{
@@ -278,6 +605,9 @@ main (int argc, char *argv[])
command = argv[curindex++];
}
+ if (strcmp (filename, DEFAULT_ENVBLK_PATH) == 0)
+ fs_envblk = probe_fs_envblk (fs_envblk_spec);
+
if (strcmp (command, "create") == 0)
grub_util_create_envblk_file (filename);
else if (strcmp (command, "list") == 0)
Index: grub-2.04/util/grub.d/00_header.in
===================================================================
--- grub-2.04.orig/util/grub.d/00_header.in
+++ grub-2.04/util/grub.d/00_header.in
@@ -46,6 +46,13 @@ cat << EOF
if [ -s \$prefix/grubenv ]; then
load_env
fi
+
+if [ "\${env_block}" ] ; then
+ set env_block="(\${root})\${env_block}"
+ export env_block
+ load_env -f "\${env_block}"
+fi
+
EOF
if [ "x$GRUB_BUTTON_CMOS_ADDRESS" != "x" ]; then
cat <<EOF
@@ -55,6 +62,9 @@ elif [ "\${next_entry}" ] ; then
set default="\${next_entry}"
set next_entry=
save_env next_entry
+ if [ "\${env_block}" ] ; then
+ save_env -f "\${env_block}" next_entry
+ fi
set boot_once=true
else
set default="${GRUB_DEFAULT}"
@@ -66,6 +76,9 @@ if [ "\${next_entry}" ] ; then
set default="\${next_entry}"
set next_entry=
save_env next_entry
+ if [ "\${env_block}" ] ; then
+ save_env -f "\${env_block}" next_entry
+ fi
set boot_once=true
else
set default="${GRUB_DEFAULT}"
@@ -93,7 +106,12 @@ fi
function savedefault {
if [ -z "\${boot_once}" ]; then
saved_entry="\${chosen}"
- save_env saved_entry
+ if [ "\${env_block}" ] ; then
+ save_env -f "\${env_block}" saved_entry
+ else
+ save_env saved_entry
+ fi
+
fi
}
Reference in New Issue View Git Blame Copy Permalink