SHA256
1
0
forked from pool/grub2

Accepting request 1067109 from home:michael-chang:branches:Base:System

- Fix out of memory error on lpar installation from virtual cdrom (bsc#1208024)
  * 0001-ieee1275-Further-increase-initially-allocated-heap-f.patch
  * 0002-tpm-Disable-tpm-verifier-if-tpm-is-not-present.patch
- Fix lpar got hung at grub after inactive migration (bsc#1207684)
  * 0002-ieee1275-implement-vec5-for-cas-negotiation.patch
- Rediff
  * safe_tpm_pcr_snapshot.patch
- Patch supersceded
  * 0001-tpm-Disable-tpm-verifier-if-tpm-is-not-present.patch

OBS-URL: https://build.opensuse.org/request/show/1067109
OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=441
This commit is contained in:
Michael Chang 2023-02-24 05:42:16 +00:00 committed by Git OBS Bridge
parent 03d713cc87
commit 23aa9ce4c5
6 changed files with 154 additions and 74 deletions

View File

@ -0,0 +1,46 @@
From d44e0a892621a744e9a64e17ed5676470ef4f023 Mon Sep 17 00:00:00 2001
From: Wen Xiong <wenxiong@linux.ibm.com>
Date: Mon, 20 Feb 2023 15:58:14 -0500
Subject: [PATCH 1/2] ieee1275: Further increase initially allocated heap from
1/3 to 1/2
The memory increase to 1/3 of 391MB (~127MB) was still insufficient
to boot the kernel and initrd of the SuSE distribution:
initrd 2023-Jan-18 04:27 114.9M
linux 2023-Jan-17 05:23 45.9M
Therefore, further increase the initially allocated heap to 1/2
of 391MB to ~191MB, which now allows to boot the system from an
ISO.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
grub-core/kern/ieee1275/init.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/grub-core/kern/ieee1275/init.c b/grub-core/kern/ieee1275/init.c
index 2a2409d45..e1dbff86a 100644
--- a/grub-core/kern/ieee1275/init.c
+++ b/grub-core/kern/ieee1275/init.c
@@ -47,7 +47,7 @@
#include <grub/lockdown.h>
/* The maximum heap size we're going to claim. Not used by sparc.
- We allocate 1/3 of the available memory under 4G, up to this limit. */
+ We allocate 1/2 of the available memory under 4G, up to this limit. */
#ifdef __i386__
#define HEAP_MAX_SIZE (unsigned long) (64 * 1024 * 1024)
#else // __powerpc__
@@ -417,7 +417,7 @@ grub_claim_heap (void)
grub_machine_mmap_iterate (heap_size, &total);
- total = total / 3;
+ total = total / 2;
if (total > HEAP_MAX_SIZE)
total = HEAP_MAX_SIZE;
--
2.39.1

View File

@ -1,30 +1,34 @@
From 6c7c4007ad621029295797b439158d36d0f62487 Mon Sep 17 00:00:00 2001
From 03056f35a73258fa68a809fba4aeab654ff35734 Mon Sep 17 00:00:00 2001
From: Diego Domingos <diegodo@linux.vnet.ibm.com>
Date: Thu, 25 Aug 2022 11:37:56 -0400
Subject: [PATCH 2/2] ieee1275: implement vec5 for cas negotiation
Subject: [PATCH] ieee1275: implement vec5 for cas negotiation
As a legacy support, if the vector 5 is not implemented, Power
Hypervisor will consider the max CPUs as 64 instead 256 currently
supported during client-architecture-support negotiation.
As a legacy support, if the vector 5 is not implemented, Power Hypervisor will
consider the max CPUs as 64 instead 256 currently supported during
client-architecture-support negotiation.
This patch implements the vector 5 and set the MAX CPUs to 256 while
setting the others values to 0 (default).
This patch implements the vector 5 and set the MAX CPUs to 256 while setting the
others values to 0 (default).
Signed-off-by: Diego Domingos <diegodo@linux.vnet.ibm.com>
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
Acked-by: Daniel Axtens <dja@axtens.net>
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Avnish Chouhan <avnish@linux.vnet.ibm.com>
---
grub-core/kern/ieee1275/init.c | 20 +++++++++++++++++++-
1 file changed, 19 insertions(+), 1 deletion(-)
grub-core/kern/ieee1275/init.c | 28 ++++++++++++++++++++++++----
1 file changed, 24 insertions(+), 4 deletions(-)
diff --git a/grub-core/kern/ieee1275/init.c b/grub-core/kern/ieee1275/init.c
index 7d7178d3e..3aa40313f 100644
index 7d7178d3e..0e902ff62 100644
--- a/grub-core/kern/ieee1275/init.c
+++ b/grub-core/kern/ieee1275/init.c
@@ -311,6 +311,18 @@ struct option_vector2 {
@@ -311,7 +311,21 @@ struct option_vector2 {
grub_uint8_t max_pft_size;
} __attribute__((packed));
+struct option_vector5 {
-struct pvr_entry {
+struct option_vector5
+{
+ grub_uint8_t byte1;
+ grub_uint8_t byte2;
+ grub_uint8_t byte3;
@ -34,21 +38,25 @@ index 7d7178d3e..3aa40313f 100644
+ grub_uint8_t micro_checkpoint;
+ grub_uint8_t reserved0;
+ grub_uint32_t max_cpus;
+} __attribute__((packed));
+} GRUB_PACKED;
+
struct pvr_entry {
+struct pvr_entry
+{
grub_uint32_t mask;
grub_uint32_t entry;
@@ -329,6 +341,8 @@ struct cas_vector {
};
@@ -329,7 +343,9 @@ struct cas_vector {
grub_uint16_t vec3;
grub_uint8_t vec4_size;
grub_uint16_t vec4;
-} __attribute__((packed));
+ grub_uint8_t vec5_size;
+ struct option_vector5 vec5;
} __attribute__((packed));
+} GRUB_PACKED;
/* Call ibm,client-architecture-support to try to get more RMA.
@@ -349,7 +363,7 @@ grub_ieee1275_ibm_cas (void)
We ask for 512MB which should be enough to verify a distro kernel.
@@ -349,7 +365,7 @@ grub_ieee1275_ibm_cas (void)
} args;
struct cas_vector vector = {
.pvr_list = { { 0x00000000, 0xffffffff } }, /* any processor */
@ -57,17 +65,19 @@ index 7d7178d3e..3aa40313f 100644
.vec1_size = 0,
.vec1 = 0x80, /* ignore */
.vec2_size = 1 + sizeof(struct option_vector2) - 2,
@@ -360,6 +374,10 @@ grub_ieee1275_ibm_cas (void)
@@ -359,7 +375,11 @@ grub_ieee1275_ibm_cas (void)
.vec3_size = 2 - 1,
.vec3 = 0x00e0, // ask for FP + VMX + DFP but don't halt if unsatisfied
.vec4_size = 2 - 1,
.vec4 = 0x0001, // set required minimum capacity % to the lowest value
- .vec4 = 0x0001, // set required minimum capacity % to the lowest value
+ .vec4 = 0x0001, /* set required minimum capacity % to the lowest value */
+ .vec5_size = 1 + sizeof (struct option_vector5) - 2,
+ .vec5 = {
+ 0, 0, 0, 0, 0, 0, 0, 0, 256
+ 0, 192, 0, 128, 0, 0, 0, 0, 256
+ }
};
INIT_IEEE1275_COMMON (&args.common, "call-method", 3, 2);
--
2.35.3
2.39.1

View File

@ -1,28 +1,34 @@
From 12378be5243c1c02ce28de2e5703e87197c69157 Mon Sep 17 00:00:00 2001
From e5bba1012e34597215684aa948bbc30093faa750 Mon Sep 17 00:00:00 2001
From: Michael Chang <mchang@suse.com>
Date: Mon, 29 Aug 2022 11:28:28 +0800
Subject: [PATCH] tpm: Disable tpm verifier if tpm is not present
Date: Fri, 7 Oct 2022 13:37:10 +0800
Subject: [PATCH 2/2] tpm: Disable tpm verifier if tpm is not present
This helps to prevent out of memory error when reading large files via disablig
tpm device as verifier has to read all content into memory in one chunk to
measure the hash and extend to tpm.
This helps to prevent out of memory error when reading large files via
disabling tpm device as verifier has to read all content into memory in
one chunk to measure the hash and extend to tpm.
For ibmvtpm driver support this change here would be needed. It helps to
prevent much memory consuming tpm subsystem from being activated when no
vtpm device present.
Signed-off-by: Michael Chang <mchang@suse.com>
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
grub-core/commands/efi/tpm.c | 37 +++++++++++++++++++++++++++++++++++++
grub-core/commands/tpm.c | 4 ++++
grub-core/commands/efi/tpm.c | 37 +++++++++++++++++++++++++++
grub-core/commands/ieee1275/ibmvtpm.c | 16 +++++++-----
grub-core/commands/tpm.c | 4 +++
include/grub/tpm.h | 1 +
3 files changed, 42 insertions(+)
4 files changed, 52 insertions(+), 6 deletions(-)
--- a/grub-core/commands/efi/tpm.c
+++ b/grub-core/commands/efi/tpm.c
@@ -349,3 +349,40 @@
@@ -397,3 +397,40 @@
return result;
}
+
+int
+grub_tpm_present ()
+grub_tpm_present (void)
+{
+ grub_efi_handle_t tpm_handle;
+ grub_efi_uint8_t protocol_version;
@ -57,9 +63,38 @@ Signed-off-by: Michael Chang <mchang@suse.com>
+ return grub_tpm2_present (tpm);
+ }
+}
--- a/grub-core/commands/ieee1275/ibmvtpm.c
+++ b/grub-core/commands/ieee1275/ibmvtpm.c
@@ -136,12 +136,6 @@
grub_tpm_measure (unsigned char *buf, grub_size_t size, grub_uint8_t pcr,
const char *description)
{
- grub_err_t err = tpm_init();
-
- /* Absence of a TPM isn't a failure. */
- if (err != GRUB_ERR_NONE)
- return GRUB_ERR_NONE;
-
grub_dprintf ("tpm", "log_event, pcr = %d, size = 0x%" PRIxGRUB_SIZE ", %s\n",
pcr, size, description);
@@ -150,3 +144,13 @@
return GRUB_ERR_NONE;
}
+
+int
+grub_tpm_present (void)
+{
+ /*
+ * Call tpm_init() 'late' rather than from GRUB_MOD_INIT() so that device nodes
+ * can be found.
+ */
+ return tpm_init() == GRUB_ERR_NONE;
+}
--- a/grub-core/commands/tpm.c
+++ b/grub-core/commands/tpm.c
@@ -291,6 +291,8 @@
@@ -311,6 +311,8 @@
GRUB_MOD_INIT (tpm)
{
@ -68,7 +103,7 @@ Signed-off-by: Michael Chang <mchang@suse.com>
grub_verifier_register (&grub_tpm_verifier);
cmd = grub_register_extcmd ("tpm_record_pcrs", grub_tpm_record_pcrs, 0,
@@ -301,6 +303,8 @@
@@ -321,6 +323,8 @@
GRUB_MOD_FINI (tpm)
{

View File

@ -1,3 +1,16 @@
-------------------------------------------------------------------
Wed Feb 22 07:08:44 UTC 2023 - Michael Chang <mchang@suse.com>
- Fix out of memory error on lpar installation from virtual cdrom (bsc#1208024)
* 0001-ieee1275-Further-increase-initially-allocated-heap-f.patch
* 0002-tpm-Disable-tpm-verifier-if-tpm-is-not-present.patch
- Fix lpar got hung at grub after inactive migration (bsc#1207684)
* 0002-ieee1275-implement-vec5-for-cas-negotiation.patch
- Rediff
* safe_tpm_pcr_snapshot.patch
- Patch supersceded
* 0001-tpm-Disable-tpm-verifier-if-tpm-is-not-present.patch
-------------------------------------------------------------------
Wed Feb 15 07:09:39 UTC 2023 - Gary Ching-Pang Lin <glin@suse.com>

View File

@ -438,7 +438,6 @@ Patch915: tpm-protector-export-secret-key.patch
Patch916: grub-install-record-pcrs.patch
Patch917: grub-unseal-debug.patch
# efi mm
Patch918: 0001-tpm-Disable-tpm-verifier-if-tpm-is-not-present.patch
Patch919: 0001-mm-Allow-dynamically-requesting-additional-memory-re.patch
Patch920: 0002-kern-efi-mm-Always-request-a-fixed-number-of-pages-o.patch
Patch921: 0003-kern-efi-mm-Extract-function-to-add-memory-regions.patch
@ -495,6 +494,9 @@ Patch968: 0012-tpm2-initialize-the-PCR-selection-list-early.patch
Patch969: 0013-tpm2-support-unsealing-key-with-authorized-policy.patch
# Set efi variables LoaderDevicePartUUID & LoaderInfo (needed for UKI)
Patch970: grub2-add-module-for-boot-loader-interface.patch
# Fix out of memory error on lpar installation from virtual cdrom (bsc#1208024)
Patch971: 0001-ieee1275-Further-increase-initially-allocated-heap-f.patch
Patch972: 0002-tpm-Disable-tpm-verifier-if-tpm-is-not-present.patch
Requires: gettext-runtime
%if 0%{?suse_version} >= 1140

View File

@ -55,7 +55,7 @@
if (argc == 0)
pcr_bitmask = GRUB2_PCR_BITMASK_DEFAULT;
else
@@ -287,13 +295,28 @@
@@ -287,6 +295,18 @@
return rv;
}
@ -74,32 +74,6 @@
static grub_extcmd_t cmd;
GRUB_MOD_INIT (tpm)
{
- if (!grub_tpm_present())
- return;
+#ifdef GRUB_MACHINE_EFI
+ if (grub_tpm_present())
+ grub_verifier_register (&grub_tpm_verifier);
+#else
grub_verifier_register (&grub_tpm_verifier);
+#endif
cmd = grub_register_extcmd ("tpm_record_pcrs", grub_tpm_record_pcrs, 0,
N_("LIST_OF_PCRS"),
@@ -303,8 +326,11 @@
GRUB_MOD_FINI (tpm)
{
- if (!grub_tpm_present())
- return;
+#ifdef GRUB_MACHINE_EFI
+ if (grub_tpm_present())
+ grub_verifier_unregister (&grub_tpm_verifier);
+#else
grub_verifier_unregister (&grub_tpm_verifier);
+#endif
grub_unregister_extcmd (cmd);
}
--- a/util/grub-install.c
+++ b/util/grub-install.c
@@ -1457,8 +1457,9 @@