From 23aa9ce4c55f27a34004b490b16c89a481ff14a2741307e0634195605a063b66 Mon Sep 17 00:00:00 2001 From: Michael Chang Date: Fri, 24 Feb 2023 05:42:16 +0000 Subject: [PATCH] Accepting request 1067109 from home:michael-chang:branches:Base:System - Fix out of memory error on lpar installation from virtual cdrom (bsc#1208024) * 0001-ieee1275-Further-increase-initially-allocated-heap-f.patch * 0002-tpm-Disable-tpm-verifier-if-tpm-is-not-present.patch - Fix lpar got hung at grub after inactive migration (bsc#1207684) * 0002-ieee1275-implement-vec5-for-cas-negotiation.patch - Rediff * safe_tpm_pcr_snapshot.patch - Patch supersceded * 0001-tpm-Disable-tpm-verifier-if-tpm-is-not-present.patch OBS-URL: https://build.opensuse.org/request/show/1067109 OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=441 --- ...-increase-initially-allocated-heap-f.patch | 46 ++++++++++++ ...5-implement-vec5-for-cas-negotiation.patch | 74 +++++++++++-------- ...e-tpm-verifier-if-tpm-is-not-present.patch | 63 ++++++++++++---- grub2.changes | 13 ++++ grub2.spec | 4 +- safe_tpm_pcr_snapshot.patch | 28 +------ 6 files changed, 154 insertions(+), 74 deletions(-) create mode 100644 0001-ieee1275-Further-increase-initially-allocated-heap-f.patch rename 0001-tpm-Disable-tpm-verifier-if-tpm-is-not-present.patch => 0002-tpm-Disable-tpm-verifier-if-tpm-is-not-present.patch (52%) diff --git a/0001-ieee1275-Further-increase-initially-allocated-heap-f.patch b/0001-ieee1275-Further-increase-initially-allocated-heap-f.patch new file mode 100644 index 0000000..ddbc17b --- /dev/null +++ b/0001-ieee1275-Further-increase-initially-allocated-heap-f.patch @@ -0,0 +1,46 @@ +From d44e0a892621a744e9a64e17ed5676470ef4f023 Mon Sep 17 00:00:00 2001 +From: Wen Xiong +Date: Mon, 20 Feb 2023 15:58:14 -0500 +Subject: [PATCH 1/2] ieee1275: Further increase initially allocated heap from + 1/3 to 1/2 + +The memory increase to 1/3 of 391MB (~127MB) was still insufficient +to boot the kernel and initrd of the SuSE distribution: + +initrd 2023-Jan-18 04:27 114.9M +linux 2023-Jan-17 05:23 45.9M + +Therefore, further increase the initially allocated heap to 1/2 +of 391MB to ~191MB, which now allows to boot the system from an +ISO. + +Signed-off-by: Stefan Berger +--- + grub-core/kern/ieee1275/init.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/grub-core/kern/ieee1275/init.c b/grub-core/kern/ieee1275/init.c +index 2a2409d45..e1dbff86a 100644 +--- a/grub-core/kern/ieee1275/init.c ++++ b/grub-core/kern/ieee1275/init.c +@@ -47,7 +47,7 @@ + #include + + /* The maximum heap size we're going to claim. Not used by sparc. +- We allocate 1/3 of the available memory under 4G, up to this limit. */ ++ We allocate 1/2 of the available memory under 4G, up to this limit. */ + #ifdef __i386__ + #define HEAP_MAX_SIZE (unsigned long) (64 * 1024 * 1024) + #else // __powerpc__ +@@ -417,7 +417,7 @@ grub_claim_heap (void) + + grub_machine_mmap_iterate (heap_size, &total); + +- total = total / 3; ++ total = total / 2; + if (total > HEAP_MAX_SIZE) + total = HEAP_MAX_SIZE; + +-- +2.39.1 + diff --git a/0002-ieee1275-implement-vec5-for-cas-negotiation.patch b/0002-ieee1275-implement-vec5-for-cas-negotiation.patch index 27e05ab..8976b0a 100644 --- a/0002-ieee1275-implement-vec5-for-cas-negotiation.patch +++ b/0002-ieee1275-implement-vec5-for-cas-negotiation.patch @@ -1,54 +1,62 @@ -From 6c7c4007ad621029295797b439158d36d0f62487 Mon Sep 17 00:00:00 2001 +From 03056f35a73258fa68a809fba4aeab654ff35734 Mon Sep 17 00:00:00 2001 From: Diego Domingos Date: Thu, 25 Aug 2022 11:37:56 -0400 -Subject: [PATCH 2/2] ieee1275: implement vec5 for cas negotiation +Subject: [PATCH] ieee1275: implement vec5 for cas negotiation -As a legacy support, if the vector 5 is not implemented, Power -Hypervisor will consider the max CPUs as 64 instead 256 currently -supported during client-architecture-support negotiation. +As a legacy support, if the vector 5 is not implemented, Power Hypervisor will +consider the max CPUs as 64 instead 256 currently supported during +client-architecture-support negotiation. -This patch implements the vector 5 and set the MAX CPUs to 256 while -setting the others values to 0 (default). +This patch implements the vector 5 and set the MAX CPUs to 256 while setting the +others values to 0 (default). Signed-off-by: Diego Domingos -Signed-off-by: Robbie Harwood +Acked-by: Daniel Axtens +Signed-off-by: Stefan Berger +Signed-off-by: Avnish Chouhan --- - grub-core/kern/ieee1275/init.c | 20 +++++++++++++++++++- - 1 file changed, 19 insertions(+), 1 deletion(-) + grub-core/kern/ieee1275/init.c | 28 ++++++++++++++++++++++++---- + 1 file changed, 24 insertions(+), 4 deletions(-) diff --git a/grub-core/kern/ieee1275/init.c b/grub-core/kern/ieee1275/init.c -index 7d7178d3e..3aa40313f 100644 +index 7d7178d3e..0e902ff62 100644 --- a/grub-core/kern/ieee1275/init.c +++ b/grub-core/kern/ieee1275/init.c -@@ -311,6 +311,18 @@ struct option_vector2 { +@@ -311,7 +311,21 @@ struct option_vector2 { grub_uint8_t max_pft_size; } __attribute__((packed)); -+struct option_vector5 { -+ grub_uint8_t byte1; -+ grub_uint8_t byte2; -+ grub_uint8_t byte3; -+ grub_uint8_t cmo; -+ grub_uint8_t associativity; -+ grub_uint8_t bin_opts; -+ grub_uint8_t micro_checkpoint; -+ grub_uint8_t reserved0; -+ grub_uint32_t max_cpus; -+} __attribute__((packed)); +-struct pvr_entry { ++struct option_vector5 ++{ ++ grub_uint8_t byte1; ++ grub_uint8_t byte2; ++ grub_uint8_t byte3; ++ grub_uint8_t cmo; ++ grub_uint8_t associativity; ++ grub_uint8_t bin_opts; ++ grub_uint8_t micro_checkpoint; ++ grub_uint8_t reserved0; ++ grub_uint32_t max_cpus; ++} GRUB_PACKED; + - struct pvr_entry { ++struct pvr_entry ++{ grub_uint32_t mask; grub_uint32_t entry; -@@ -329,6 +341,8 @@ struct cas_vector { + }; +@@ -329,7 +343,9 @@ struct cas_vector { grub_uint16_t vec3; grub_uint8_t vec4_size; grub_uint16_t vec4; +-} __attribute__((packed)); + grub_uint8_t vec5_size; + struct option_vector5 vec5; - } __attribute__((packed)); ++} GRUB_PACKED; /* Call ibm,client-architecture-support to try to get more RMA. -@@ -349,7 +363,7 @@ grub_ieee1275_ibm_cas (void) + We ask for 512MB which should be enough to verify a distro kernel. +@@ -349,7 +365,7 @@ grub_ieee1275_ibm_cas (void) } args; struct cas_vector vector = { .pvr_list = { { 0x00000000, 0xffffffff } }, /* any processor */ @@ -57,17 +65,19 @@ index 7d7178d3e..3aa40313f 100644 .vec1_size = 0, .vec1 = 0x80, /* ignore */ .vec2_size = 1 + sizeof(struct option_vector2) - 2, -@@ -360,6 +374,10 @@ grub_ieee1275_ibm_cas (void) +@@ -359,7 +375,11 @@ grub_ieee1275_ibm_cas (void) + .vec3_size = 2 - 1, .vec3 = 0x00e0, // ask for FP + VMX + DFP but don't halt if unsatisfied .vec4_size = 2 - 1, - .vec4 = 0x0001, // set required minimum capacity % to the lowest value -+ .vec5_size = 1 + sizeof(struct option_vector5) - 2, +- .vec4 = 0x0001, // set required minimum capacity % to the lowest value ++ .vec4 = 0x0001, /* set required minimum capacity % to the lowest value */ ++ .vec5_size = 1 + sizeof (struct option_vector5) - 2, + .vec5 = { -+ 0, 0, 0, 0, 0, 0, 0, 0, 256 ++ 0, 192, 0, 128, 0, 0, 0, 0, 256 + } }; INIT_IEEE1275_COMMON (&args.common, "call-method", 3, 2); -- -2.35.3 +2.39.1 diff --git a/0001-tpm-Disable-tpm-verifier-if-tpm-is-not-present.patch b/0002-tpm-Disable-tpm-verifier-if-tpm-is-not-present.patch similarity index 52% rename from 0001-tpm-Disable-tpm-verifier-if-tpm-is-not-present.patch rename to 0002-tpm-Disable-tpm-verifier-if-tpm-is-not-present.patch index 1deb5b2..412e3f7 100644 --- a/0001-tpm-Disable-tpm-verifier-if-tpm-is-not-present.patch +++ b/0002-tpm-Disable-tpm-verifier-if-tpm-is-not-present.patch @@ -1,28 +1,34 @@ -From 12378be5243c1c02ce28de2e5703e87197c69157 Mon Sep 17 00:00:00 2001 +From e5bba1012e34597215684aa948bbc30093faa750 Mon Sep 17 00:00:00 2001 From: Michael Chang -Date: Mon, 29 Aug 2022 11:28:28 +0800 -Subject: [PATCH] tpm: Disable tpm verifier if tpm is not present +Date: Fri, 7 Oct 2022 13:37:10 +0800 +Subject: [PATCH 2/2] tpm: Disable tpm verifier if tpm is not present -This helps to prevent out of memory error when reading large files via disablig -tpm device as verifier has to read all content into memory in one chunk to -measure the hash and extend to tpm. +This helps to prevent out of memory error when reading large files via +disabling tpm device as verifier has to read all content into memory in +one chunk to measure the hash and extend to tpm. + +For ibmvtpm driver support this change here would be needed. It helps to +prevent much memory consuming tpm subsystem from being activated when no +vtpm device present. Signed-off-by: Michael Chang +Signed-off-by: Stefan Berger --- - grub-core/commands/efi/tpm.c | 37 +++++++++++++++++++++++++++++++++++++ - grub-core/commands/tpm.c | 4 ++++ - include/grub/tpm.h | 1 + - 3 files changed, 42 insertions(+) + grub-core/commands/efi/tpm.c | 37 +++++++++++++++++++++++++++ + grub-core/commands/ieee1275/ibmvtpm.c | 16 +++++++----- + grub-core/commands/tpm.c | 4 +++ + include/grub/tpm.h | 1 + + 4 files changed, 52 insertions(+), 6 deletions(-) --- a/grub-core/commands/efi/tpm.c +++ b/grub-core/commands/efi/tpm.c -@@ -349,3 +349,40 @@ +@@ -397,3 +397,40 @@ return result; } + +int -+grub_tpm_present () ++grub_tpm_present (void) +{ + grub_efi_handle_t tpm_handle; + grub_efi_uint8_t protocol_version; @@ -57,9 +63,38 @@ Signed-off-by: Michael Chang + return grub_tpm2_present (tpm); + } +} +--- a/grub-core/commands/ieee1275/ibmvtpm.c ++++ b/grub-core/commands/ieee1275/ibmvtpm.c +@@ -136,12 +136,6 @@ + grub_tpm_measure (unsigned char *buf, grub_size_t size, grub_uint8_t pcr, + const char *description) + { +- grub_err_t err = tpm_init(); +- +- /* Absence of a TPM isn't a failure. */ +- if (err != GRUB_ERR_NONE) +- return GRUB_ERR_NONE; +- + grub_dprintf ("tpm", "log_event, pcr = %d, size = 0x%" PRIxGRUB_SIZE ", %s\n", + pcr, size, description); + +@@ -150,3 +144,13 @@ + + return GRUB_ERR_NONE; + } ++ ++int ++grub_tpm_present (void) ++{ ++ /* ++ * Call tpm_init() 'late' rather than from GRUB_MOD_INIT() so that device nodes ++ * can be found. ++ */ ++ return tpm_init() == GRUB_ERR_NONE; ++} --- a/grub-core/commands/tpm.c +++ b/grub-core/commands/tpm.c -@@ -291,6 +291,8 @@ +@@ -311,6 +311,8 @@ GRUB_MOD_INIT (tpm) { @@ -68,7 +103,7 @@ Signed-off-by: Michael Chang grub_verifier_register (&grub_tpm_verifier); cmd = grub_register_extcmd ("tpm_record_pcrs", grub_tpm_record_pcrs, 0, -@@ -301,6 +303,8 @@ +@@ -321,6 +323,8 @@ GRUB_MOD_FINI (tpm) { diff --git a/grub2.changes b/grub2.changes index e9e657e..2780a05 100644 --- a/grub2.changes +++ b/grub2.changes @@ -1,3 +1,16 @@ +------------------------------------------------------------------- +Wed Feb 22 07:08:44 UTC 2023 - Michael Chang + +- Fix out of memory error on lpar installation from virtual cdrom (bsc#1208024) + * 0001-ieee1275-Further-increase-initially-allocated-heap-f.patch + * 0002-tpm-Disable-tpm-verifier-if-tpm-is-not-present.patch +- Fix lpar got hung at grub after inactive migration (bsc#1207684) + * 0002-ieee1275-implement-vec5-for-cas-negotiation.patch +- Rediff + * safe_tpm_pcr_snapshot.patch +- Patch supersceded + * 0001-tpm-Disable-tpm-verifier-if-tpm-is-not-present.patch + ------------------------------------------------------------------- Wed Feb 15 07:09:39 UTC 2023 - Gary Ching-Pang Lin diff --git a/grub2.spec b/grub2.spec index b38a111..e5c1566 100644 --- a/grub2.spec +++ b/grub2.spec @@ -438,7 +438,6 @@ Patch915: tpm-protector-export-secret-key.patch Patch916: grub-install-record-pcrs.patch Patch917: grub-unseal-debug.patch # efi mm -Patch918: 0001-tpm-Disable-tpm-verifier-if-tpm-is-not-present.patch Patch919: 0001-mm-Allow-dynamically-requesting-additional-memory-re.patch Patch920: 0002-kern-efi-mm-Always-request-a-fixed-number-of-pages-o.patch Patch921: 0003-kern-efi-mm-Extract-function-to-add-memory-regions.patch @@ -495,6 +494,9 @@ Patch968: 0012-tpm2-initialize-the-PCR-selection-list-early.patch Patch969: 0013-tpm2-support-unsealing-key-with-authorized-policy.patch # Set efi variables LoaderDevicePartUUID & LoaderInfo (needed for UKI) Patch970: grub2-add-module-for-boot-loader-interface.patch +# Fix out of memory error on lpar installation from virtual cdrom (bsc#1208024) +Patch971: 0001-ieee1275-Further-increase-initially-allocated-heap-f.patch +Patch972: 0002-tpm-Disable-tpm-verifier-if-tpm-is-not-present.patch Requires: gettext-runtime %if 0%{?suse_version} >= 1140 diff --git a/safe_tpm_pcr_snapshot.patch b/safe_tpm_pcr_snapshot.patch index 40f729e..5a1f6c5 100644 --- a/safe_tpm_pcr_snapshot.patch +++ b/safe_tpm_pcr_snapshot.patch @@ -55,7 +55,7 @@ if (argc == 0) pcr_bitmask = GRUB2_PCR_BITMASK_DEFAULT; else -@@ -287,13 +295,28 @@ +@@ -287,6 +295,18 @@ return rv; } @@ -74,32 +74,6 @@ static grub_extcmd_t cmd; GRUB_MOD_INIT (tpm) - { -- if (!grub_tpm_present()) -- return; -+#ifdef GRUB_MACHINE_EFI -+ if (grub_tpm_present()) -+ grub_verifier_register (&grub_tpm_verifier); -+#else - grub_verifier_register (&grub_tpm_verifier); -+#endif - - cmd = grub_register_extcmd ("tpm_record_pcrs", grub_tpm_record_pcrs, 0, - N_("LIST_OF_PCRS"), -@@ -303,8 +326,11 @@ - - GRUB_MOD_FINI (tpm) - { -- if (!grub_tpm_present()) -- return; -+#ifdef GRUB_MACHINE_EFI -+ if (grub_tpm_present()) -+ grub_verifier_unregister (&grub_tpm_verifier); -+#else - grub_verifier_unregister (&grub_tpm_verifier); -+#endif - grub_unregister_extcmd (cmd); - } --- a/util/grub-install.c +++ b/util/grub-install.c @@ -1457,8 +1457,9 @@