forked from pool/grub2
Accepting request 1067109 from home:michael-chang:branches:Base:System
- Fix out of memory error on lpar installation from virtual cdrom (bsc#1208024) * 0001-ieee1275-Further-increase-initially-allocated-heap-f.patch * 0002-tpm-Disable-tpm-verifier-if-tpm-is-not-present.patch - Fix lpar got hung at grub after inactive migration (bsc#1207684) * 0002-ieee1275-implement-vec5-for-cas-negotiation.patch - Rediff * safe_tpm_pcr_snapshot.patch - Patch supersceded * 0001-tpm-Disable-tpm-verifier-if-tpm-is-not-present.patch OBS-URL: https://build.opensuse.org/request/show/1067109 OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=441
This commit is contained in:
parent
03d713cc87
commit
23aa9ce4c5
@ -0,0 +1,46 @@
|
||||
From d44e0a892621a744e9a64e17ed5676470ef4f023 Mon Sep 17 00:00:00 2001
|
||||
From: Wen Xiong <wenxiong@linux.ibm.com>
|
||||
Date: Mon, 20 Feb 2023 15:58:14 -0500
|
||||
Subject: [PATCH 1/2] ieee1275: Further increase initially allocated heap from
|
||||
1/3 to 1/2
|
||||
|
||||
The memory increase to 1/3 of 391MB (~127MB) was still insufficient
|
||||
to boot the kernel and initrd of the SuSE distribution:
|
||||
|
||||
initrd 2023-Jan-18 04:27 114.9M
|
||||
linux 2023-Jan-17 05:23 45.9M
|
||||
|
||||
Therefore, further increase the initially allocated heap to 1/2
|
||||
of 391MB to ~191MB, which now allows to boot the system from an
|
||||
ISO.
|
||||
|
||||
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
|
||||
---
|
||||
grub-core/kern/ieee1275/init.c | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/grub-core/kern/ieee1275/init.c b/grub-core/kern/ieee1275/init.c
|
||||
index 2a2409d45..e1dbff86a 100644
|
||||
--- a/grub-core/kern/ieee1275/init.c
|
||||
+++ b/grub-core/kern/ieee1275/init.c
|
||||
@@ -47,7 +47,7 @@
|
||||
#include <grub/lockdown.h>
|
||||
|
||||
/* The maximum heap size we're going to claim. Not used by sparc.
|
||||
- We allocate 1/3 of the available memory under 4G, up to this limit. */
|
||||
+ We allocate 1/2 of the available memory under 4G, up to this limit. */
|
||||
#ifdef __i386__
|
||||
#define HEAP_MAX_SIZE (unsigned long) (64 * 1024 * 1024)
|
||||
#else // __powerpc__
|
||||
@@ -417,7 +417,7 @@ grub_claim_heap (void)
|
||||
|
||||
grub_machine_mmap_iterate (heap_size, &total);
|
||||
|
||||
- total = total / 3;
|
||||
+ total = total / 2;
|
||||
if (total > HEAP_MAX_SIZE)
|
||||
total = HEAP_MAX_SIZE;
|
||||
|
||||
--
|
||||
2.39.1
|
||||
|
@ -1,54 +1,62 @@
|
||||
From 6c7c4007ad621029295797b439158d36d0f62487 Mon Sep 17 00:00:00 2001
|
||||
From 03056f35a73258fa68a809fba4aeab654ff35734 Mon Sep 17 00:00:00 2001
|
||||
From: Diego Domingos <diegodo@linux.vnet.ibm.com>
|
||||
Date: Thu, 25 Aug 2022 11:37:56 -0400
|
||||
Subject: [PATCH 2/2] ieee1275: implement vec5 for cas negotiation
|
||||
Subject: [PATCH] ieee1275: implement vec5 for cas negotiation
|
||||
|
||||
As a legacy support, if the vector 5 is not implemented, Power
|
||||
Hypervisor will consider the max CPUs as 64 instead 256 currently
|
||||
supported during client-architecture-support negotiation.
|
||||
As a legacy support, if the vector 5 is not implemented, Power Hypervisor will
|
||||
consider the max CPUs as 64 instead 256 currently supported during
|
||||
client-architecture-support negotiation.
|
||||
|
||||
This patch implements the vector 5 and set the MAX CPUs to 256 while
|
||||
setting the others values to 0 (default).
|
||||
This patch implements the vector 5 and set the MAX CPUs to 256 while setting the
|
||||
others values to 0 (default).
|
||||
|
||||
Signed-off-by: Diego Domingos <diegodo@linux.vnet.ibm.com>
|
||||
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
|
||||
Acked-by: Daniel Axtens <dja@axtens.net>
|
||||
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
|
||||
Signed-off-by: Avnish Chouhan <avnish@linux.vnet.ibm.com>
|
||||
---
|
||||
grub-core/kern/ieee1275/init.c | 20 +++++++++++++++++++-
|
||||
1 file changed, 19 insertions(+), 1 deletion(-)
|
||||
grub-core/kern/ieee1275/init.c | 28 ++++++++++++++++++++++++----
|
||||
1 file changed, 24 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/grub-core/kern/ieee1275/init.c b/grub-core/kern/ieee1275/init.c
|
||||
index 7d7178d3e..3aa40313f 100644
|
||||
index 7d7178d3e..0e902ff62 100644
|
||||
--- a/grub-core/kern/ieee1275/init.c
|
||||
+++ b/grub-core/kern/ieee1275/init.c
|
||||
@@ -311,6 +311,18 @@ struct option_vector2 {
|
||||
@@ -311,7 +311,21 @@ struct option_vector2 {
|
||||
grub_uint8_t max_pft_size;
|
||||
} __attribute__((packed));
|
||||
|
||||
+struct option_vector5 {
|
||||
+ grub_uint8_t byte1;
|
||||
+ grub_uint8_t byte2;
|
||||
+ grub_uint8_t byte3;
|
||||
+ grub_uint8_t cmo;
|
||||
+ grub_uint8_t associativity;
|
||||
+ grub_uint8_t bin_opts;
|
||||
+ grub_uint8_t micro_checkpoint;
|
||||
+ grub_uint8_t reserved0;
|
||||
+ grub_uint32_t max_cpus;
|
||||
+} __attribute__((packed));
|
||||
-struct pvr_entry {
|
||||
+struct option_vector5
|
||||
+{
|
||||
+ grub_uint8_t byte1;
|
||||
+ grub_uint8_t byte2;
|
||||
+ grub_uint8_t byte3;
|
||||
+ grub_uint8_t cmo;
|
||||
+ grub_uint8_t associativity;
|
||||
+ grub_uint8_t bin_opts;
|
||||
+ grub_uint8_t micro_checkpoint;
|
||||
+ grub_uint8_t reserved0;
|
||||
+ grub_uint32_t max_cpus;
|
||||
+} GRUB_PACKED;
|
||||
+
|
||||
struct pvr_entry {
|
||||
+struct pvr_entry
|
||||
+{
|
||||
grub_uint32_t mask;
|
||||
grub_uint32_t entry;
|
||||
@@ -329,6 +341,8 @@ struct cas_vector {
|
||||
};
|
||||
@@ -329,7 +343,9 @@ struct cas_vector {
|
||||
grub_uint16_t vec3;
|
||||
grub_uint8_t vec4_size;
|
||||
grub_uint16_t vec4;
|
||||
-} __attribute__((packed));
|
||||
+ grub_uint8_t vec5_size;
|
||||
+ struct option_vector5 vec5;
|
||||
} __attribute__((packed));
|
||||
+} GRUB_PACKED;
|
||||
|
||||
/* Call ibm,client-architecture-support to try to get more RMA.
|
||||
@@ -349,7 +363,7 @@ grub_ieee1275_ibm_cas (void)
|
||||
We ask for 512MB which should be enough to verify a distro kernel.
|
||||
@@ -349,7 +365,7 @@ grub_ieee1275_ibm_cas (void)
|
||||
} args;
|
||||
struct cas_vector vector = {
|
||||
.pvr_list = { { 0x00000000, 0xffffffff } }, /* any processor */
|
||||
@ -57,17 +65,19 @@ index 7d7178d3e..3aa40313f 100644
|
||||
.vec1_size = 0,
|
||||
.vec1 = 0x80, /* ignore */
|
||||
.vec2_size = 1 + sizeof(struct option_vector2) - 2,
|
||||
@@ -360,6 +374,10 @@ grub_ieee1275_ibm_cas (void)
|
||||
@@ -359,7 +375,11 @@ grub_ieee1275_ibm_cas (void)
|
||||
.vec3_size = 2 - 1,
|
||||
.vec3 = 0x00e0, // ask for FP + VMX + DFP but don't halt if unsatisfied
|
||||
.vec4_size = 2 - 1,
|
||||
.vec4 = 0x0001, // set required minimum capacity % to the lowest value
|
||||
+ .vec5_size = 1 + sizeof(struct option_vector5) - 2,
|
||||
- .vec4 = 0x0001, // set required minimum capacity % to the lowest value
|
||||
+ .vec4 = 0x0001, /* set required minimum capacity % to the lowest value */
|
||||
+ .vec5_size = 1 + sizeof (struct option_vector5) - 2,
|
||||
+ .vec5 = {
|
||||
+ 0, 0, 0, 0, 0, 0, 0, 0, 256
|
||||
+ 0, 192, 0, 128, 0, 0, 0, 0, 256
|
||||
+ }
|
||||
};
|
||||
|
||||
INIT_IEEE1275_COMMON (&args.common, "call-method", 3, 2);
|
||||
--
|
||||
2.35.3
|
||||
2.39.1
|
||||
|
||||
|
@ -1,28 +1,34 @@
|
||||
From 12378be5243c1c02ce28de2e5703e87197c69157 Mon Sep 17 00:00:00 2001
|
||||
From e5bba1012e34597215684aa948bbc30093faa750 Mon Sep 17 00:00:00 2001
|
||||
From: Michael Chang <mchang@suse.com>
|
||||
Date: Mon, 29 Aug 2022 11:28:28 +0800
|
||||
Subject: [PATCH] tpm: Disable tpm verifier if tpm is not present
|
||||
Date: Fri, 7 Oct 2022 13:37:10 +0800
|
||||
Subject: [PATCH 2/2] tpm: Disable tpm verifier if tpm is not present
|
||||
|
||||
This helps to prevent out of memory error when reading large files via disablig
|
||||
tpm device as verifier has to read all content into memory in one chunk to
|
||||
measure the hash and extend to tpm.
|
||||
This helps to prevent out of memory error when reading large files via
|
||||
disabling tpm device as verifier has to read all content into memory in
|
||||
one chunk to measure the hash and extend to tpm.
|
||||
|
||||
For ibmvtpm driver support this change here would be needed. It helps to
|
||||
prevent much memory consuming tpm subsystem from being activated when no
|
||||
vtpm device present.
|
||||
|
||||
Signed-off-by: Michael Chang <mchang@suse.com>
|
||||
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
|
||||
---
|
||||
grub-core/commands/efi/tpm.c | 37 +++++++++++++++++++++++++++++++++++++
|
||||
grub-core/commands/tpm.c | 4 ++++
|
||||
include/grub/tpm.h | 1 +
|
||||
3 files changed, 42 insertions(+)
|
||||
grub-core/commands/efi/tpm.c | 37 +++++++++++++++++++++++++++
|
||||
grub-core/commands/ieee1275/ibmvtpm.c | 16 +++++++-----
|
||||
grub-core/commands/tpm.c | 4 +++
|
||||
include/grub/tpm.h | 1 +
|
||||
4 files changed, 52 insertions(+), 6 deletions(-)
|
||||
|
||||
--- a/grub-core/commands/efi/tpm.c
|
||||
+++ b/grub-core/commands/efi/tpm.c
|
||||
@@ -349,3 +349,40 @@
|
||||
@@ -397,3 +397,40 @@
|
||||
|
||||
return result;
|
||||
}
|
||||
+
|
||||
+int
|
||||
+grub_tpm_present ()
|
||||
+grub_tpm_present (void)
|
||||
+{
|
||||
+ grub_efi_handle_t tpm_handle;
|
||||
+ grub_efi_uint8_t protocol_version;
|
||||
@ -57,9 +63,38 @@ Signed-off-by: Michael Chang <mchang@suse.com>
|
||||
+ return grub_tpm2_present (tpm);
|
||||
+ }
|
||||
+}
|
||||
--- a/grub-core/commands/ieee1275/ibmvtpm.c
|
||||
+++ b/grub-core/commands/ieee1275/ibmvtpm.c
|
||||
@@ -136,12 +136,6 @@
|
||||
grub_tpm_measure (unsigned char *buf, grub_size_t size, grub_uint8_t pcr,
|
||||
const char *description)
|
||||
{
|
||||
- grub_err_t err = tpm_init();
|
||||
-
|
||||
- /* Absence of a TPM isn't a failure. */
|
||||
- if (err != GRUB_ERR_NONE)
|
||||
- return GRUB_ERR_NONE;
|
||||
-
|
||||
grub_dprintf ("tpm", "log_event, pcr = %d, size = 0x%" PRIxGRUB_SIZE ", %s\n",
|
||||
pcr, size, description);
|
||||
|
||||
@@ -150,3 +144,13 @@
|
||||
|
||||
return GRUB_ERR_NONE;
|
||||
}
|
||||
+
|
||||
+int
|
||||
+grub_tpm_present (void)
|
||||
+{
|
||||
+ /*
|
||||
+ * Call tpm_init() 'late' rather than from GRUB_MOD_INIT() so that device nodes
|
||||
+ * can be found.
|
||||
+ */
|
||||
+ return tpm_init() == GRUB_ERR_NONE;
|
||||
+}
|
||||
--- a/grub-core/commands/tpm.c
|
||||
+++ b/grub-core/commands/tpm.c
|
||||
@@ -291,6 +291,8 @@
|
||||
@@ -311,6 +311,8 @@
|
||||
|
||||
GRUB_MOD_INIT (tpm)
|
||||
{
|
||||
@ -68,7 +103,7 @@ Signed-off-by: Michael Chang <mchang@suse.com>
|
||||
grub_verifier_register (&grub_tpm_verifier);
|
||||
|
||||
cmd = grub_register_extcmd ("tpm_record_pcrs", grub_tpm_record_pcrs, 0,
|
||||
@@ -301,6 +303,8 @@
|
||||
@@ -321,6 +323,8 @@
|
||||
|
||||
GRUB_MOD_FINI (tpm)
|
||||
{
|
@ -1,3 +1,16 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed Feb 22 07:08:44 UTC 2023 - Michael Chang <mchang@suse.com>
|
||||
|
||||
- Fix out of memory error on lpar installation from virtual cdrom (bsc#1208024)
|
||||
* 0001-ieee1275-Further-increase-initially-allocated-heap-f.patch
|
||||
* 0002-tpm-Disable-tpm-verifier-if-tpm-is-not-present.patch
|
||||
- Fix lpar got hung at grub after inactive migration (bsc#1207684)
|
||||
* 0002-ieee1275-implement-vec5-for-cas-negotiation.patch
|
||||
- Rediff
|
||||
* safe_tpm_pcr_snapshot.patch
|
||||
- Patch supersceded
|
||||
* 0001-tpm-Disable-tpm-verifier-if-tpm-is-not-present.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Feb 15 07:09:39 UTC 2023 - Gary Ching-Pang Lin <glin@suse.com>
|
||||
|
||||
|
@ -438,7 +438,6 @@ Patch915: tpm-protector-export-secret-key.patch
|
||||
Patch916: grub-install-record-pcrs.patch
|
||||
Patch917: grub-unseal-debug.patch
|
||||
# efi mm
|
||||
Patch918: 0001-tpm-Disable-tpm-verifier-if-tpm-is-not-present.patch
|
||||
Patch919: 0001-mm-Allow-dynamically-requesting-additional-memory-re.patch
|
||||
Patch920: 0002-kern-efi-mm-Always-request-a-fixed-number-of-pages-o.patch
|
||||
Patch921: 0003-kern-efi-mm-Extract-function-to-add-memory-regions.patch
|
||||
@ -495,6 +494,9 @@ Patch968: 0012-tpm2-initialize-the-PCR-selection-list-early.patch
|
||||
Patch969: 0013-tpm2-support-unsealing-key-with-authorized-policy.patch
|
||||
# Set efi variables LoaderDevicePartUUID & LoaderInfo (needed for UKI)
|
||||
Patch970: grub2-add-module-for-boot-loader-interface.patch
|
||||
# Fix out of memory error on lpar installation from virtual cdrom (bsc#1208024)
|
||||
Patch971: 0001-ieee1275-Further-increase-initially-allocated-heap-f.patch
|
||||
Patch972: 0002-tpm-Disable-tpm-verifier-if-tpm-is-not-present.patch
|
||||
|
||||
Requires: gettext-runtime
|
||||
%if 0%{?suse_version} >= 1140
|
||||
|
@ -55,7 +55,7 @@
|
||||
if (argc == 0)
|
||||
pcr_bitmask = GRUB2_PCR_BITMASK_DEFAULT;
|
||||
else
|
||||
@@ -287,13 +295,28 @@
|
||||
@@ -287,6 +295,18 @@
|
||||
return rv;
|
||||
}
|
||||
|
||||
@ -74,32 +74,6 @@
|
||||
static grub_extcmd_t cmd;
|
||||
|
||||
GRUB_MOD_INIT (tpm)
|
||||
{
|
||||
- if (!grub_tpm_present())
|
||||
- return;
|
||||
+#ifdef GRUB_MACHINE_EFI
|
||||
+ if (grub_tpm_present())
|
||||
+ grub_verifier_register (&grub_tpm_verifier);
|
||||
+#else
|
||||
grub_verifier_register (&grub_tpm_verifier);
|
||||
+#endif
|
||||
|
||||
cmd = grub_register_extcmd ("tpm_record_pcrs", grub_tpm_record_pcrs, 0,
|
||||
N_("LIST_OF_PCRS"),
|
||||
@@ -303,8 +326,11 @@
|
||||
|
||||
GRUB_MOD_FINI (tpm)
|
||||
{
|
||||
- if (!grub_tpm_present())
|
||||
- return;
|
||||
+#ifdef GRUB_MACHINE_EFI
|
||||
+ if (grub_tpm_present())
|
||||
+ grub_verifier_unregister (&grub_tpm_verifier);
|
||||
+#else
|
||||
grub_verifier_unregister (&grub_tpm_verifier);
|
||||
+#endif
|
||||
grub_unregister_extcmd (cmd);
|
||||
}
|
||||
--- a/util/grub-install.c
|
||||
+++ b/util/grub-install.c
|
||||
@@ -1457,8 +1457,9 @@
|
||||
|
Loading…
Reference in New Issue
Block a user