From a3bfe35d125fda17245618131e2508ca9a466d46 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Oct 02 2018 17:40:52 +0000 Subject: Various bug fixes - Fix grub.cfg boot counting snippet generation (lorbus) Resolves: rhbz#1614637 - Fix spurrious allocation error reporting on EFI boot Resolves: rhbz#1635319 - Stop doing TPM on BIOS *again*. It just doesn't work. Related: rhbz#1579835 - Make blscfg module loadable on older grub2 i386-pc and powerpc-ieee1275 builds - Fix execstack cropping up in grub2-tools - Ban stack trampolines with compiler flags. Signed-off-by: Peter Jones --- diff --git a/0245-x86-efi-Make-our-own-allocator-for-kernel-stuff.patch b/0245-x86-efi-Make-our-own-allocator-for-kernel-stuff.patch index aee0873..eadc4a5 100644 --- a/0245-x86-efi-Make-our-own-allocator-for-kernel-stuff.patch +++ b/0245-x86-efi-Make-our-own-allocator-for-kernel-stuff.patch @@ -7,14 +7,14 @@ This helps enable allocations above 4GB. Signed-off-by: Peter Jones --- - grub-core/loader/i386/efi/linux.c | 162 +++++++++++++++++++++----------------- - 1 file changed, 89 insertions(+), 73 deletions(-) + grub-core/loader/i386/efi/linux.c | 167 +++++++++++++++++++++----------------- + 1 file changed, 94 insertions(+), 73 deletions(-) diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c -index de5f839ff0f..36b3c989c39 100644 +index de5f839ff0f..1811f4b3d56 100644 --- a/grub-core/loader/i386/efi/linux.c +++ b/grub-core/loader/i386/efi/linux.c -@@ -48,6 +48,60 @@ static char *linux_cmdline; +@@ -48,6 +48,65 @@ static char *linux_cmdline; #define BYTES_TO_PAGES(bytes) (((bytes) + 0xfff) >> 12) @@ -66,6 +66,11 @@ index de5f839ff0f..36b3c989c39 100644 + grub_dprintf ("linux", "Allocated at %p\n", addr); + } + ++ while (grub_error_pop ()) ++ { ++ ; ++ } ++ + if (addr == NULL) + grub_error (GRUB_ERR_OUT_OF_MEMORY, errmsg); + @@ -75,7 +80,7 @@ index de5f839ff0f..36b3c989c39 100644 static grub_err_t grub_linuxefi_boot (void) { -@@ -63,19 +117,12 @@ grub_linuxefi_unload (void) +@@ -63,19 +122,12 @@ grub_linuxefi_unload (void) { grub_dl_unref (my_mod); loaded = 0; @@ -101,7 +106,7 @@ index de5f839ff0f..36b3c989c39 100644 return GRUB_ERR_NONE; } -@@ -152,19 +199,13 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), +@@ -152,19 +204,13 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), size += ALIGN_UP (grub_file_size (files[i]), 4); } @@ -126,7 +131,7 @@ index de5f839ff0f..36b3c989c39 100644 ptr = initrd_mem; -@@ -225,7 +266,6 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), +@@ -225,7 +271,6 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), filelen = grub_file_size (file); kernel = grub_malloc(filelen); @@ -134,7 +139,7 @@ index de5f839ff0f..36b3c989c39 100644 if (!kernel) { grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("cannot allocate kernel buffer")); -@@ -281,7 +321,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), +@@ -281,7 +326,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), goto fail; } @@ -143,7 +148,7 @@ index de5f839ff0f..36b3c989c39 100644 grub_dprintf ("linux", "checking lh->xloadflags\n"); if (!(lh->xloadflags & LINUX_XLF_KERNEL_64)) { -@@ -300,17 +340,9 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), +@@ -300,17 +345,9 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), } #endif @@ -163,7 +168,7 @@ index de5f839ff0f..36b3c989c39 100644 grub_dprintf ("linux", "params = %p\n", params); grub_memset (params, 0, sizeof(*params)); -@@ -329,19 +361,10 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), +@@ -329,19 +366,10 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), grub_dprintf ("linux", "new lh is at %p\n", lh); grub_dprintf ("linux", "setting up cmdline\n"); @@ -186,7 +191,7 @@ index de5f839ff0f..36b3c989c39 100644 grub_memcpy (linux_cmdline, LINUX_IMAGE, sizeof (LINUX_IMAGE)); grub_create_loader_cmdline (argc, argv, -@@ -349,27 +372,24 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), +@@ -349,27 +377,24 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), lh->cmdline_size - (sizeof (LINUX_IMAGE) - 1)); grub_dprintf ("linux", "cmdline:%s\n", linux_cmdline); @@ -225,7 +230,7 @@ index de5f839ff0f..36b3c989c39 100644 grub_dprintf("linux", "kernel_mem = %p\n", kernel_mem); grub_loader_set (grub_linuxefi_boot, grub_linuxefi_unload, 0); -@@ -404,18 +424,14 @@ fail: +@@ -404,18 +429,14 @@ fail: loaded = 0; } diff --git a/0246-x86-efi-Allow-initrd-params-cmdline-allocations-abov.patch b/0246-x86-efi-Allow-initrd-params-cmdline-allocations-abov.patch index 67e0c08..95f8f47 100644 --- a/0246-x86-efi-Allow-initrd-params-cmdline-allocations-abov.patch +++ b/0246-x86-efi-Allow-initrd-params-cmdline-allocations-abov.patch @@ -14,7 +14,7 @@ Signed-off-by: Peter Jones 2 files changed, 65 insertions(+), 8 deletions(-) diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c -index 36b3c989c39..09908b62644 100644 +index 1811f4b3d56..65d1b5cc034 100644 --- a/grub-core/loader/i386/efi/linux.c +++ b/grub-core/loader/i386/efi/linux.c @@ -53,13 +53,22 @@ struct allocation_choice { @@ -53,7 +53,7 @@ index 36b3c989c39..09908b62644 100644 if (max == prev_max) continue; -@@ -164,6 +178,9 @@ read(grub_file_t file, grub_uint8_t *bufp, grub_size_t len) +@@ -169,6 +183,9 @@ read(grub_file_t file, grub_uint8_t *bufp, grub_size_t len) return bufpos; } @@ -63,7 +63,7 @@ index 36b3c989c39..09908b62644 100644 static grub_err_t grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), int argc, char *argv[]) -@@ -204,8 +221,12 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), +@@ -209,8 +226,12 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), goto fail; grub_dprintf ("linux", "initrd_mem = %p\n", initrd_mem); @@ -78,7 +78,7 @@ index 36b3c989c39..09908b62644 100644 ptr = initrd_mem; -@@ -340,6 +361,18 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), +@@ -345,6 +366,18 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), } #endif @@ -97,7 +97,7 @@ index 36b3c989c39..09908b62644 100644 params = kernel_alloc (sizeof(*params), "cannot allocate kernel parameters"); if (!params) goto fail; -@@ -373,21 +406,40 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), +@@ -378,21 +411,40 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), grub_dprintf ("linux", "cmdline:%s\n", linux_cmdline); grub_dprintf ("linux", "setting lh->cmd_line_ptr to 0x%08x\n", @@ -140,13 +140,13 @@ index 36b3c989c39..09908b62644 100644 if (!kernel_mem) goto fail; grub_dprintf("linux", "kernel_mem = %p\n", kernel_mem); -@@ -396,8 +448,9 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), +@@ -401,8 +453,9 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), loaded = 1; - grub_dprintf ("linux", "setting lh->code32_start to %p\n", kernel_mem); - lh->code32_start = (grub_uint32_t)(grub_addr_t) kernel_mem; -+ grub_dprintf ("linux", "setting lh->code32_start to %p\n", ++ grub_dprintf ("linux", "setting lh->code32_start to 0x%08x\n", + LOW_U32(kernel_mem)); + lh->code32_start = LOW_U32(kernel_mem); diff --git a/0248-drop-TPM-support-for-legacy-BIOS.patch b/0248-drop-TPM-support-for-legacy-BIOS.patch new file mode 100644 index 0000000..6de6f60 --- /dev/null +++ b/0248-drop-TPM-support-for-legacy-BIOS.patch @@ -0,0 +1,401 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Fri, 21 Sep 2018 17:51:16 +0200 +Subject: [PATCH] drop TPM support for legacy BIOS + +Currently there's TPM support for both EFI and legacy BIOS. + +A software interrupt call interface is used in legacy BIOS to communicate +with the TPM chips. But with some BIOS firmwares, the machine just hangs +after doing a BIOS interrupt call for the TCG_HashLogExtendEvent command. + +It's hard to know what exactly is causing this, but the Trousers project +mentions in their docs that they don't use TCG_HashLogExtendEvent [0] due +the command not working reliable on some BIOS. + +The TCG_CompactHashLogExtendEvent is less fragile, since it has a simpler +interface, doesn't require to setup any data structure and doesn't return +anything. So it could be used to do measurements and logs events instead. + +But even when using this command can be a workaround on some systems, it +doesn't guarantee that could not fail on others. So since the TPM support +for some legacy BIOS don't work and can lead to machines failing to boot, +let's just drop it and only support TPM for EFI. + +[0]: http://trousers.sourceforge.net/grub.html + +Resolves: rhbz#1579835 + +Signed-off-by: Javier Martinez Canillas +--- + grub-core/Makefile.core.def | 1 - + grub-core/kern/i386/pc/tpm.c | 145 -------------------------------------- + grub-core/loader/i386/pc/linux.c | 4 -- + include/grub/tpm.h | 2 +- + grub-core/boot/i386/pc/boot.S | 30 +------- + grub-core/boot/i386/pc/diskboot.S | 44 ------------ + 6 files changed, 2 insertions(+), 224 deletions(-) + delete mode 100644 grub-core/kern/i386/pc/tpm.c + +diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def +index 701e5d32fa2..f33ff332079 100644 +--- a/grub-core/Makefile.core.def ++++ b/grub-core/Makefile.core.def +@@ -246,7 +246,6 @@ kernel = { + + i386_pc = kern/i386/pc/init.c; + i386_pc = kern/i386/pc/mmap.c; +- i386_pc = kern/i386/pc/tpm.c; + i386_pc = term/i386/pc/console.c; + + i386_qemu = bus/pci.c; +diff --git a/grub-core/kern/i386/pc/tpm.c b/grub-core/kern/i386/pc/tpm.c +deleted file mode 100644 +index f6f264aff2e..00000000000 +--- a/grub-core/kern/i386/pc/tpm.c ++++ /dev/null +@@ -1,145 +0,0 @@ +-#include +-#include +-#include +-#include +-#include +-#include +- +-#define TCPA_MAGIC 0x41504354 +- +-static int tpm_presence = -1; +- +-int tpm_present(void); +- +-int tpm_present(void) +-{ +- struct grub_bios_int_registers regs; +- +- if (tpm_presence != -1) +- return tpm_presence; +- +- regs.flags = GRUB_CPU_INT_FLAGS_DEFAULT; +- regs.eax = 0xbb00; +- regs.ebx = TCPA_MAGIC; +- grub_bios_interrupt (0x1a, ®s); +- +- if (regs.eax == 0) +- tpm_presence = 1; +- else +- tpm_presence = 0; +- +- return tpm_presence; +-} +- +-grub_err_t +-grub_tpm_execute(PassThroughToTPM_InputParamBlock *inbuf, +- PassThroughToTPM_OutputParamBlock *outbuf) +-{ +- struct grub_bios_int_registers regs; +- grub_addr_t inaddr, outaddr; +- +- if (!tpm_present()) +- return 0; +- +- inaddr = (grub_addr_t) inbuf; +- outaddr = (grub_addr_t) outbuf; +- regs.flags = GRUB_CPU_INT_FLAGS_DEFAULT; +- regs.eax = 0xbb02; +- regs.ebx = TCPA_MAGIC; +- regs.ecx = 0; +- regs.edx = 0; +- regs.es = (inaddr & 0xffff0000) >> 4; +- regs.edi = inaddr & 0xffff; +- regs.ds = outaddr >> 4; +- regs.esi = outaddr & 0xf; +- +- grub_bios_interrupt (0x1a, ®s); +- +- if (regs.eax) +- { +- tpm_presence = 0; +- return grub_error (GRUB_ERR_IO, N_("TPM error %x, disabling TPM"), regs.eax); +- } +- +- return 0; +-} +- +-typedef struct { +- grub_uint32_t pcrindex; +- grub_uint32_t eventtype; +- grub_uint8_t digest[20]; +- grub_uint32_t eventdatasize; +- grub_uint8_t event[0]; +-} GRUB_PACKED Event; +- +-typedef struct { +- grub_uint16_t ipblength; +- grub_uint16_t reserved; +- grub_uint32_t hashdataptr; +- grub_uint32_t hashdatalen; +- grub_uint32_t pcr; +- grub_uint32_t reserved2; +- grub_uint32_t logdataptr; +- grub_uint32_t logdatalen; +-} GRUB_PACKED EventIncoming; +- +-typedef struct { +- grub_uint16_t opblength; +- grub_uint16_t reserved; +- grub_uint32_t eventnum; +- grub_uint8_t hashvalue[20]; +-} GRUB_PACKED EventOutgoing; +- +-grub_err_t +-grub_tpm_log_event(unsigned char *buf, grub_size_t size, grub_uint8_t pcr, +- const char *description) +-{ +- struct grub_bios_int_registers regs; +- EventIncoming incoming; +- EventOutgoing outgoing; +- Event *event; +- grub_uint32_t datalength; +- +- if (!tpm_present()) +- return 0; +- +- datalength = grub_strlen(description); +- event = grub_zalloc(datalength + sizeof(Event)); +- if (!event) +- return grub_error (GRUB_ERR_OUT_OF_MEMORY, +- N_("cannot allocate TPM event buffer")); +- +- event->pcrindex = pcr; +- event->eventtype = 0x0d; +- event->eventdatasize = grub_strlen(description); +- grub_memcpy(event->event, description, datalength); +- +- incoming.ipblength = sizeof(incoming); +- incoming.hashdataptr = (grub_uint32_t)buf; +- incoming.hashdatalen = size; +- incoming.pcr = pcr; +- incoming.logdataptr = (grub_uint32_t)event; +- incoming.logdatalen = datalength + sizeof(Event); +- +- regs.flags = GRUB_CPU_INT_FLAGS_DEFAULT; +- regs.eax = 0xbb01; +- regs.ebx = TCPA_MAGIC; +- regs.ecx = 0; +- regs.edx = 0; +- regs.es = (((grub_addr_t) &incoming) & 0xffff0000) >> 4; +- regs.edi = ((grub_addr_t) &incoming) & 0xffff; +- regs.ds = (((grub_addr_t) &outgoing) & 0xffff0000) >> 4; +- regs.esi = ((grub_addr_t) &outgoing) & 0xffff; +- +- grub_bios_interrupt (0x1a, ®s); +- +- grub_free(event); +- +- if (regs.eax) +- { +- tpm_presence = 0; +- return grub_error (GRUB_ERR_IO, N_("TPM error %x, disabling TPM"), regs.eax); +- } +- +- return 0; +-} +diff --git a/grub-core/loader/i386/pc/linux.c b/grub-core/loader/i386/pc/linux.c +index cfff25c21b5..783a3cd93bc 100644 +--- a/grub-core/loader/i386/pc/linux.c ++++ b/grub-core/loader/i386/pc/linux.c +@@ -36,7 +36,6 @@ + #include + #include + #include +-#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -162,9 +161,6 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + goto fail; + } + +- grub_tpm_measure (kernel, len, GRUB_BINARY_PCR, "grub_linux16", "Kernel"); +- grub_print_error(); +- + grub_memcpy (&lh, kernel, sizeof (lh)); + kernel_offset = sizeof (lh); + +diff --git a/include/grub/tpm.h b/include/grub/tpm.h +index 972a5edc836..ce52be4ff7f 100644 +--- a/include/grub/tpm.h ++++ b/include/grub/tpm.h +@@ -69,7 +69,7 @@ typedef struct { + grub_err_t EXPORT_FUNC(grub_tpm_measure) (unsigned char *buf, grub_size_t size, + grub_uint8_t pcr, const char *kind, + const char *description); +-#if defined (GRUB_MACHINE_EFI) || defined (GRUB_MACHINE_PCBIOS) ++#if defined (GRUB_MACHINE_EFI) + grub_err_t grub_tpm_execute(PassThroughToTPM_InputParamBlock *inbuf, + PassThroughToTPM_OutputParamBlock *outbuf); + grub_err_t grub_tpm_log_event(unsigned char *buf, grub_size_t size, +diff --git a/grub-core/boot/i386/pc/boot.S b/grub-core/boot/i386/pc/boot.S +index acab37369ae..ea167fe1206 100644 +--- a/grub-core/boot/i386/pc/boot.S ++++ b/grub-core/boot/i386/pc/boot.S +@@ -24,14 +24,11 @@ + * defines for the code go here + */ + +-#define TPM 1 +- + /* Print message string */ + #define MSG(x) movw $x, %si; call LOCAL(message) + #define ERR(x) movw $x, %si; jmp LOCAL(error_message) + + .macro floppy +-#ifndef TPM + part_start: + + LOCAL(probe_values): +@@ -88,7 +85,6 @@ fd_probe_error_string: .asciz "Floppy" + movb MACRO_DOLLAR(79), %ch + + jmp LOCAL(final_init) +-#endif + .endm + + .macro scratch +@@ -256,7 +252,6 @@ real_start: + /* set %si to the disk address packet */ + movw $disk_address_packet, %si + +-#ifndef TPM + /* check if LBA is supported */ + movb $0x41, %ah + movw $0x55aa, %bx +@@ -276,7 +271,6 @@ real_start: + + andw $1, %cx + jz LOCAL(chs_mode) +-#endif + + LOCAL(lba_mode): + xorw %ax, %ax +@@ -320,9 +314,6 @@ LOCAL(lba_mode): + jmp LOCAL(copy_buffer) + + LOCAL(chs_mode): +-#ifdef TPM +- jmp LOCAL(general_error) +-#else + /* + * Determine the hard disk geometry from the BIOS! + * We do this first, so that LS-120 IDE floppies work correctly. +@@ -434,7 +425,7 @@ setup_sectors: + jc LOCAL(read_error) + + movw %es, %bx +-#endif /* TPM */ ++ + LOCAL(copy_buffer): + /* + * We need to save %cx and %si because the startup code in +@@ -457,25 +448,6 @@ LOCAL(copy_buffer): + popw %ds + popa + +-#ifdef TPM +- pusha +- +- movw $0xBB00, %ax /* TCG_StatusCheck */ +- int $0x1A +- test %eax, %eax +- jnz boot /* No TPM or TPM deactivated */ +- +- movw $0xBB07, %ax /* TCG_CompactHashLogExtendEvent */ +- movw $GRUB_BOOT_MACHINE_KERNEL_ADDR, %di +- xorl %esi, %esi +- movl $0x41504354, %ebx /* TCPA */ +- movl $0x200, %ecx /* Measure 512 bytes */ +- movl $0x8, %edx /* PCR 8 */ +- int $0x1A +- +-boot: +- popa +-#endif + /* boot kernel */ + jmp *(LOCAL(kernel_address)) + +diff --git a/grub-core/boot/i386/pc/diskboot.S b/grub-core/boot/i386/pc/diskboot.S +index f4744ec6fcb..68d31de0c4c 100644 +--- a/grub-core/boot/i386/pc/diskboot.S ++++ b/grub-core/boot/i386/pc/diskboot.S +@@ -19,8 +19,6 @@ + #include + #include + +-#define TPM 1 +- + /* + * defines for the code go here + */ +@@ -55,21 +53,6 @@ _start: + /* this sets up for the first run through "bootloop" */ + movw $LOCAL(firstlist), %di + +-#ifdef TPM +- /* clear EAX to remove potential garbage */ +- xorl %eax, %eax +- /* 8(%di) = number of sectors to read */ +- movw 8(%di), %ax +- +- /* Multiply number of sectors to read with 512 bytes. EAX is 32bit +- * which is large enough to hold values of up to 4GB. I doubt there +- * will ever be a core.img larger than that. ;-) */ +- shll $9, %eax +- +- /* write result to bytes_to_measure var */ +- movl %eax, bytes_to_measure +-#endif +- + /* save the sector number of the second sector in %ebp */ + movl (%di), %ebp + +@@ -307,29 +290,6 @@ LOCAL(copy_buffer): + /* END OF MAIN LOOP */ + + LOCAL(bootit): +-#ifdef TPM +- pusha +- movw $0xBB07, %ax /* TCG_CompactHashLogExtendEvent */ +- +- movw $0x0, %bx +- movw %bx, %es +- +- /* We've already measured the first 512 bytes, now measure the rest */ +- xorl %edi, %edi +- movw $(GRUB_BOOT_MACHINE_KERNEL_ADDR + 0x200), %di +- +- movl $0x41504354, %ebx /* EBX = "TCPA" */ +- +- /* %ecx = The length, in bytes, of the buffer to measure */ +- movl $bytes_to_measure, %esi +- movl (%esi), %ecx +- xorl %esi, %esi +- movl $0x9, %edx /* PCR 9 */ +- +- int $0x1A +- +- popa +-#endif + /* print a newline */ + MSG(notification_done) + popw %dx /* this makes sure %dl is our "boot" drive */ +@@ -364,10 +324,6 @@ geometry_error_string: .asciz "Geom" + read_error_string: .asciz "Read" + general_error_string: .asciz " Error" + +-#ifdef TPM +-bytes_to_measure: .long 0 +-#endif +- + /* + * message: write the string pointed to by %si + * diff --git a/0249-Move-quicksort-function-from-kernel.exec-to-the-blsc.patch b/0249-Move-quicksort-function-from-kernel.exec-to-the-blsc.patch new file mode 100644 index 0000000..b4db698 --- /dev/null +++ b/0249-Move-quicksort-function-from-kernel.exec-to-the-blsc.patch @@ -0,0 +1,146 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Thu, 27 Sep 2018 10:49:14 +0200 +Subject: [PATCH] Move quicksort function from kernel.exec to the blscfg module + +The qsort function is defined in the grub2 kernel and exported for modules +to use. But this prevents the blscfg.mod to be loaded by old grub2 kernels +that don't export this symbol. + +Loading the latest blscfg module might be useful on legacy BIOS systems to +avoid updating the first and second stage grub2 images in the boot device. + +Since the only caller of the qsort function is the blscfg module, move the +qsort function out of the grub2 kernel and only have it in the blscfg.mod. + +While being there, also remove the grub_bsearch() function that is unused. + +Signed-off-by: Javier Martinez Canillas +--- + grub-core/Makefile.core.def | 2 +- + grub-core/commands/blscfg.c | 3 ++- + grub-core/{kern/qsort.c => commands/bls_qsort.h} | 30 +++--------------------- + include/grub/misc.h | 15 ------------ + 4 files changed, 6 insertions(+), 44 deletions(-) + rename grub-core/{kern/qsort.c => commands/bls_qsort.h} (93%) + +diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def +index f33ff332079..18d4ec20cdf 100644 +--- a/grub-core/Makefile.core.def ++++ b/grub-core/Makefile.core.def +@@ -129,7 +129,6 @@ kernel = { + common = kern/rescue_parser.c; + common = kern/rescue_reader.c; + common = kern/term.c; +- common = kern/qsort.c; + common = kern/backtrace.c; + common = kern/tpm.c; + +@@ -786,6 +785,7 @@ module = { + module = { + name = blscfg; + common = commands/blscfg.c; ++ common = commands/bls_qsort.h; + common = commands/loadenv.h; + enable = efi; + enable = i386_pc; +diff --git a/grub-core/commands/blscfg.c b/grub-core/commands/blscfg.c +index abd6f00d0de..bec5a9ffe3e 100644 +--- a/grub-core/commands/blscfg.c ++++ b/grub-core/commands/blscfg.c +@@ -36,6 +36,7 @@ + + GRUB_MOD_LICENSE ("GPLv3+"); + ++#include "bls_qsort.h" + #include "loadenv.h" + + #define GRUB_BLS_CONFIG_PATH "/loader/entries/" +@@ -717,7 +718,7 @@ read_fallback: + use_version = false; + } + +- grub_qsort(&entries[0], nentries, sizeof (struct bls_entry *), bls_cmp, &use_version); ++ bls_qsort(&entries[0], nentries, sizeof (struct bls_entry *), bls_cmp, &use_version); + + grub_dprintf ("blscfg", "%s Creating %d entries from bls\n", __func__, nentries); + for (r = nentries - 1; r >= 0; r--) +diff --git a/grub-core/kern/qsort.c b/grub-core/commands/bls_qsort.h +similarity index 93% +rename from grub-core/kern/qsort.c +rename to grub-core/commands/bls_qsort.h +index 7f3fc9ffdae..572765fa3f2 100644 +--- a/grub-core/kern/qsort.c ++++ b/grub-core/commands/bls_qsort.h +@@ -64,6 +64,7 @@ typedef struct + #define POP(low, high) ((void) (--top, (low = top->lo), (high = top->hi))) + #define STACK_NOT_EMPTY (stack < top) + ++typedef int (*grub_compar_d_fn_t) (const void *p0, const void *p1, void *state); + + /* Order size using quicksort. This implementation incorporates + four optimizations discussed in Sedgewick: +@@ -89,8 +90,8 @@ typedef struct + smaller partition. This *guarantees* no more than log (total_elems) + stack size is needed (actually O(1) in this case)! */ + +-void +-grub_qsort (void *const pbase, grub_size_t total_elems, grub_size_t size, ++static inline void UNUSED ++bls_qsort (void *const pbase, grub_size_t total_elems, grub_size_t size, + grub_compar_d_fn_t cmp, void *arg) + { + char *base_ptr = (char *) pbase; +@@ -252,28 +253,3 @@ grub_qsort (void *const pbase, grub_size_t total_elems, grub_size_t size, + } + } + +-void * +-grub_bsearch (const void *key, const void *base, grub_size_t nmemb, grub_size_t size, +- grub_compar_d_fn_t compar, void *state) +-{ +- grub_size_t l, u, idx; +- const void *p; +- int comparison; +- +- l = 0; +- u = nmemb; +- while (l < u) +- { +- idx = (l + u) / 2; +- p = (void *) (((const char *) base) + (idx * size)); +- comparison = (*compar) (key, p, state); +- if (comparison < 0) +- u = idx; +- else if (comparison > 0) +- l = idx + 1; +- else +- return (void *) p; +- } +- +- return NULL; +-} +diff --git a/include/grub/misc.h b/include/grub/misc.h +index 5f1c1c1be4e..de9016ab709 100644 +--- a/include/grub/misc.h ++++ b/include/grub/misc.h +@@ -510,19 +510,4 @@ void EXPORT_FUNC(grub_real_boot_time) (const char *file, + #define grub_max(a, b) (((a) > (b)) ? (a) : (b)) + #define grub_min(a, b) (((a) < (b)) ? (a) : (b)) + +-typedef int (*grub_compar_d_fn_t) (const void *p0, const void *p1, void *state); +- +-void *EXPORT_FUNC(grub_bsearch) (const void *key, +- const void *base, +- grub_size_t nmemb, +- grub_size_t size, +- grub_compar_d_fn_t compar, +- void *state); +- +-void EXPORT_FUNC(grub_qsort) (void *const pbase, +- grub_size_t total_elems, +- grub_size_t size, +- grub_compar_d_fn_t cmp, +- void *state); +- + #endif /* ! GRUB_MISC_HEADER */ diff --git a/0250-Include-blscfg-module-for-powerpc-ieee1275.patch b/0250-Include-blscfg-module-for-powerpc-ieee1275.patch new file mode 100644 index 0000000..9df5926 --- /dev/null +++ b/0250-Include-blscfg-module-for-powerpc-ieee1275.patch @@ -0,0 +1,25 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Thu, 27 Sep 2018 19:03:43 +0200 +Subject: [PATCH] Include blscfg module for powerpc ieee1275 + +The blscfg module is currently not built for powerpc ieee1275, but this +is still needed when the machine is not booted in bare metal with OPAL. + +Signed-off-by: Javier Martinez Canillas +--- + grub-core/Makefile.core.def | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def +index 18d4ec20cdf..30c2ac8f3c8 100644 +--- a/grub-core/Makefile.core.def ++++ b/grub-core/Makefile.core.def +@@ -787,6 +787,7 @@ module = { + common = commands/blscfg.c; + common = commands/bls_qsort.h; + common = commands/loadenv.h; ++ enable = powerpc_ieee1275; + enable = efi; + enable = i386_pc; + enable = emu; diff --git a/0251-grub-switch-to-blscfg-copy-blscfg-module-for-legacy-.patch b/0251-grub-switch-to-blscfg-copy-blscfg-module-for-legacy-.patch new file mode 100644 index 0000000..f4f391e --- /dev/null +++ b/0251-grub-switch-to-blscfg-copy-blscfg-module-for-legacy-.patch @@ -0,0 +1,53 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Fri, 28 Sep 2018 10:35:38 +0200 +Subject: [PATCH] grub-switch-to-blscfg: copy blscfg module for legacy BIOS and + ppc ieee1275 + +On platforms that load the blscfg module the latest version should be used, +so copy the module to the boot directory to make sure that the grub2 kernel +will load the latest version of the BLS parsing code. + +Signed-off-by: Javier Martinez Canillas +--- + util/grub-switch-to-blscfg.in | 13 ++++++++++++- + 1 file changed, 12 insertions(+), 1 deletion(-) + +diff --git a/util/grub-switch-to-blscfg.in b/util/grub-switch-to-blscfg.in +index 9cf64f8e725..1c6bd1882a7 100644 +--- a/util/grub-switch-to-blscfg.in ++++ b/util/grub-switch-to-blscfg.in +@@ -53,6 +53,8 @@ blsdir=`echo "/@bootdirname@/loader/entries" | sed 's,//*,/,g'` + + backupsuffix=.bak + ++arch="$(uname -m)" ++ + export TEXTDOMAIN=@PACKAGE@ + export TEXTDOMAINDIR="@localedir@" + +@@ -248,7 +250,6 @@ for kernelver in $(cd /lib/modules/ ; ls -1) "" ; do + fi + + if [ "x$GRUB_LINUX_MAKE_DEBUG" = "xtrue" ]; then +- arch="$(uname -m)" + bls_debug="$(echo ${bls_target} | sed -e "s/\.${arch}/-debug.${arch}/")" + cp -aT "${bls_target}" "${bls_debug}" + title="$(grep '^title[ \t]' "${bls_debug}" | sed -e 's/^title[ \t]*//')" +@@ -282,6 +283,16 @@ elif ! grep -q '^GRUB_ENABLE_BLSCFG=.*' "${etcdefaultgrub}" ; then + fi + + if [ "${GENERATE}" -eq 1 ] ; then ++ if [ $arch = "x86_64" ] && [ ! -d /sys/firmware/efi ]; then ++ if ! cp ${prefix}/lib/grub//i386-pc/blscfg.mod ${grubdir}/i386-pc/ ; then ++ exit 1 ++ fi ++ elif [ $arch = "ppc64" -o $arch = "ppc64le" ] && [ ! -d /sys/firmware/opal ]; then ++ if ! cp ${prefix}/lib/grub/powerpc-ieee1275/blscfg.mod ${grubdir}/powerpc-ieee1275/ ; then ++ exit 1 ++ fi ++ fi ++ + cp -af "${GRUB_CONFIG_FILE}" "${GRUB_CONFIG_FILE}${backupsuffix}" + if ! grub2-mkconfig -o "${GRUB_CONFIG_FILE}" ; then + cp -af "${GRUB_CONFIG_FILE}${backupsuffix}" "${GRUB_CONFIG_FILE}" diff --git a/0252-Fix-getroot.c-s-trampolines.patch b/0252-Fix-getroot.c-s-trampolines.patch new file mode 100644 index 0000000..85fe933 --- /dev/null +++ b/0252-Fix-getroot.c-s-trampolines.patch @@ -0,0 +1,47 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Fri, 28 Sep 2018 15:42:19 -0400 +Subject: [PATCH] Fix getroot.c's trampolines. + +This makes the stack executable on most of the grub utilities, which is +bad, and rpmdiff complains about it. + +Signed-off-by: Peter Jones +--- + grub-core/osdep/linux/getroot.c | 16 +++++++--------- + 1 file changed, 7 insertions(+), 9 deletions(-) + +diff --git a/grub-core/osdep/linux/getroot.c b/grub-core/osdep/linux/getroot.c +index 2b7a626d5ea..36429a7cd25 100644 +--- a/grub-core/osdep/linux/getroot.c ++++ b/grub-core/osdep/linux/getroot.c +@@ -1264,22 +1264,20 @@ grub_util_get_grub_dev_os (const char *os_dev) + return grub_dev; + } + ++static void *mp = NULL; ++static void ++btrfs_mount_path_hook(const char *m) ++{ ++ mp = strdup (m); ++} + + char * + grub_util_get_btrfs_subvol (const char *path, char **mount_path) + { +- char *mp = NULL; +- + if (mount_path) + *mount_path = NULL; + +- auto void +- mount_path_hook (const char *m) +- { +- mp = strdup (m); +- } +- +- grub_find_root_btrfs_mount_path_hook = mount_path_hook; ++ grub_find_root_btrfs_mount_path_hook = btrfs_mount_path_hook; + grub_free (grub_find_root_devices_from_mountinfo (path, NULL)); + grub_find_root_btrfs_mount_path_hook = NULL; + diff --git a/0253-Do-not-allow-stack-trampolines-anywhere.patch b/0253-Do-not-allow-stack-trampolines-anywhere.patch new file mode 100644 index 0000000..6fcaab5 --- /dev/null +++ b/0253-Do-not-allow-stack-trampolines-anywhere.patch @@ -0,0 +1,38 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Fri, 28 Sep 2018 15:48:09 -0400 +Subject: [PATCH] Do not allow stack trampolines, anywhere. + +Signed-off-by: Peter Jones +--- + configure.ac | 3 +++ + conf/Makefile.common | 2 +- + 2 files changed, 4 insertions(+), 1 deletion(-) + +diff --git a/configure.ac b/configure.ac +index 40fcf567ae7..077df917593 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -1983,6 +1983,9 @@ if test x"$enable_wextra" != xno ; then + HOST_CFLAGS="$HOST_CFLAGS -Wextra" + fi + ++TARGET_CFLAGS="$TARGET_CFLAGS -Werror=trampolines -fno-trampolines" ++HOST_CFLAGS="$HOST_CFLAGS -Werror=trampolines -fno-trampolines" ++ + TARGET_CPP="$TARGET_CC -E" + TARGET_CCAS=$TARGET_CC + +diff --git a/conf/Makefile.common b/conf/Makefile.common +index 0d9910d7875..38375a7891c 100644 +--- a/conf/Makefile.common ++++ b/conf/Makefile.common +@@ -66,7 +66,7 @@ grubconfdir = $(sysconfdir)/grub.d + platformdir = $(pkglibdir)/$(target_cpu)-$(platform) + starfielddir = $(pkgdatadir)/themes/starfield + +-CFLAGS_GNULIB = -Wno-undef -Wno-unused -Wno-unused-parameter -Wno-redundant-decls -Wno-unreachable-code ++CFLAGS_GNULIB = -Wno-undef -Wno-unused -Wno-unused-parameter -Wno-redundant-decls -Wno-unreachable-code -Werror=trampolines -fno-trampolines + CPPFLAGS_GNULIB = -I$(top_builddir)/grub-core/gnulib -I$(top_srcdir)/grub-core/gnulib + + CFLAGS_POSIX = -fno-builtin diff --git a/0254-fixup-arm-arm64-loader-Better-memory-allocation-and-.patch b/0254-fixup-arm-arm64-loader-Better-memory-allocation-and-.patch new file mode 100644 index 0000000..83f1b55 --- /dev/null +++ b/0254-fixup-arm-arm64-loader-Better-memory-allocation-and-.patch @@ -0,0 +1,24 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Tue, 2 Oct 2018 13:26:42 -0400 +Subject: [PATCH] fixup! arm/arm64 loader: Better memory allocation and error + messages. + +--- + grub-core/kern/efi/mm.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/grub-core/kern/efi/mm.c b/grub-core/kern/efi/mm.c +index a553f817edb..cac775fc935 100644 +--- a/grub-core/kern/efi/mm.c ++++ b/grub-core/kern/efi/mm.c +@@ -169,6 +169,9 @@ grub_efi_allocate_pages_real (grub_efi_physical_address_t address, + status = efi_call_4 (b->allocate_pages, alloctype, memtype, pages, &ret); + if (status != GRUB_EFI_SUCCESS) + { ++ grub_dprintf ("efi", ++ "allocate_pages(%d, %d, 0x%0lx, 0x%016lx) = 0x%016lx\n", ++ alloctype, memtype, pages, address, status); + grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory")); + return NULL; + } diff --git a/0255-Fix-boot-counting-grub.cfg-snippet-creation.patch b/0255-Fix-boot-counting-grub.cfg-snippet-creation.patch new file mode 100644 index 0000000..bbc92ff --- /dev/null +++ b/0255-Fix-boot-counting-grub.cfg-snippet-creation.patch @@ -0,0 +1,27 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Christian Glombek +Date: Tue, 2 Oct 2018 15:41:18 +0200 +Subject: [PATCH] Fix boot counting grub.cfg snippet creation Fixes BZ1614637 + +--- + util/grub.d/01_fallback_counting.in | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/util/grub.d/01_fallback_counting.in b/util/grub.d/01_fallback_counting.in +index ecfc7401474..afe06199a93 100644 +--- a/util/grub.d/01_fallback_counting.in ++++ b/util/grub.d/01_fallback_counting.in +@@ -1,6 +1,7 @@ + #! /bin/sh -e + + # Boot Counting ++cat << EOF + if [ "\${boot_counter}" -a "\${boot_success}" = "0" ]; then + if [ "\${boot_counter}" = "0" -o "\${boot_counter}" = "-1" ]; then + set default=1 +@@ -10,3 +11,4 @@ if [ "\${boot_counter}" -a "\${boot_success}" = "0" ]; then + fi + save_env boot_counter + fi ++EOF +\ No newline at end of file diff --git a/grub.patches b/grub.patches index b477cb8..4ca54c8 100644 --- a/grub.patches +++ b/grub.patches @@ -245,3 +245,11 @@ Patch0244: 0244-x86-efi-Re-arrange-grub_cmd_linux-a-little-bit.patch Patch0245: 0245-x86-efi-Make-our-own-allocator-for-kernel-stuff.patch Patch0246: 0246-x86-efi-Allow-initrd-params-cmdline-allocations-abov.patch Patch0247: 0247-docs-Stop-using-polkit-pkexec-for-grub-boot-success..patch +Patch0248: 0248-drop-TPM-support-for-legacy-BIOS.patch +Patch0249: 0249-Move-quicksort-function-from-kernel.exec-to-the-blsc.patch +Patch0250: 0250-Include-blscfg-module-for-powerpc-ieee1275.patch +Patch0251: 0251-grub-switch-to-blscfg-copy-blscfg-module-for-legacy-.patch +Patch0252: 0252-Fix-getroot.c-s-trampolines.patch +Patch0253: 0253-Do-not-allow-stack-trampolines-anywhere.patch +Patch0254: 0254-fixup-arm-arm64-loader-Better-memory-allocation-and-.patch +Patch0255: 0255-Fix-boot-counting-grub.cfg-snippet-creation.patch diff --git a/grub2.spec b/grub2.spec index c7811ec..a9708de 100644 --- a/grub2.spec +++ b/grub2.spec @@ -7,7 +7,7 @@ Name: grub2 Epoch: 1 Version: 2.02 -Release: 59%{?dist} +Release: 60%{?dist} Summary: Bootloader with support for Linux, Multiboot and more Group: System Environment/Base License: GPLv3+ @@ -494,6 +494,18 @@ fi %endif %changelog +* Tue Oct 02 2018 Peter Jones - 2.02-60 +- Fix grub.cfg boot counting snippet generation (lorbus) + Resolves: rhbz#1614637 +- Fix spurrious allocation error reporting on EFI boot + Resolves: rhbz#1635319 +- Stop doing TPM on BIOS *again*. It just doesn't work. + Related: rhbz#1579835 +- Make blscfg module loadable on older grub2 i386-pc and powerpc-ieee1275 + builds +- Fix execstack cropping up in grub2-tools +- Ban stack trampolines with compiler flags. + * Tue Sep 25 2018 Hans de Goede - 2.02-59 - Stop using pkexec for grub2-set-bootflag, it does not work under gdm instead make it suid root (it was written with this in mind)