Commit graph

75 commits

Author SHA1 Message Date
Peter Jones
f725fa7cb2 calloc: Use calloc() at most places
This modifies most of the places we do some form of:

  X = malloc(Y * Z);

to use calloc(Y, Z) instead.

Among other issues, this fixes:
  - allocation of integer overflow in grub_png_decode_image_header()
    reported by Chris Coulson,
  - allocation of integer overflow in luks_recover_key()
    reported by Chris Coulson,
  - allocation of integer overflow in grub_lvm_detect()
    reported by Chris Coulson.

Fixes: CVE-2020-14308

Signed-off-by: Peter Jones <pjones@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2020-07-29 16:55:47 +02:00
Daniel Axtens
06fd69a3fd powerpc/mkimage: Fix CHRP note descsz
Currently, an image generated with 'grub-mkimage -n' causes an error when
read with 'readelf -a':

Displaying notes found at file offset 0x000106f0 with length 0x0000002c:
  Owner                Data size        Description
readelf: Warning: note with invalid namesz and/or descsz found at offset 0x0
readelf: Warning:  type: 0x1275, namesize: 0x00000008, descsize: 0x0000002c, alignment: 4

This is because the descsz of the CHRP note is set to
 sizeof (struct grub_ieee1275_note)
which is the size of the entire note, including name and elf header. The
desczs should contain only the contents, not the name and header sizes.

Set the descsz instead to 'sizeof (struct grub_ieee1275_note_desc)'

Resultant readelf output:

Displaying notes found at file offset 0x00010710 with length 0x0000002c:
  Owner                Data size        Description
  PowerPC              0x00000018       Unknown note type: (0x00001275)
   description data: ff ff ff ff 00 c0 00 00 ff ff ff ff ff ff ff ff ff ff ff ff 00 00 40 00

So far as I can tell this issue has existed for as long as the note
generation code has existed, but I guess nothing really checks descsz.

Signed-off-by: Daniel Axtens <dja@axtens.net>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2020-04-21 22:00:59 +02:00
Andreas Schwab
2bf40e9e5b RISC-V: Fix computation of pc-relative relocation offset
The offset calculation was missing the relocation addend.

Signed-off-by: Andreas Schwab <schwab@suse.de>
Tested-by: Chester Lin <clin@suse.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2019-07-11 17:50:40 +02:00
Alexander Graf
ce946603cf arm: Align section alignment with manual relocation offset code
The arm relocation code has a manual special case for EFI binaries to
add the natural alignment to its own relocation awareness.

Since commit a51f953f4e ("mkimage: Align efi sections on 4k
boundary") we changed that alignment from 0x400 to 0x1000 bytes. Reflect
the change in that branch that we forgot as well.

This fixes running 32bit arm grub efi binaries for me again.

Fixes: a51f953f4e ("mkimage: Align efi sections on 4k boundary")
Reported-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reported-by: Steve McIntyre <steve@einval.com>
Signed-off-by: Alexander Graf <agraf@csgraf.de>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Tested-by: Julien ROBIN <julien.robin28@free.fr>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
Tested-by: Leif Lindholm <leif.lindholm@linaro.org>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2019-05-06 12:10:54 +02:00
Alexander Graf
1ce93f944d arm: Move trampolines into code section
When creating T32->A32 transition jumps, the relocation code in grub
will generate trampolines. These trampolines live in the .data section
of our PE binary which means they are not marked as executable.

This misbehavior was unmasked by commit a51f953f4e ("mkimage: Align
efi sections on 4k boundary") which made the X/NX boundary more obvious
because everything became page aligned.

To put things into proper order, let's move the arm trampolines into the
.text section instead. That way everyone knows they are executable.

Fixes: a51f953f4e ("mkimage: Align efi sections on 4k boundary")
Reported-by: Julien ROBIN <julien.robin28@free.fr>
Reported-by: Leif Lindholm <leif.lindholm@linaro.org>
Signed-off-by: Alexander Graf <agraf@csgraf.de>
Tested-by: Julien ROBIN <julien.robin28@free.fr>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
Tested-by: Leif Lindholm <leif.lindholm@linaro.org>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2019-05-06 12:10:27 +02:00
Vladimir Serbinenko
3562536fd5 grub-mkimagexx: Fix RISCV error message
Outputting a raw pointer doesn't match the format and is
also useless. Output offset instead.

Signed-off-by: Vladimir Serbinenko <phcoder@google.com>
2019-03-25 15:11:09 +01:00
Alexander Graf
e0d32cca1d RISC-V: Add awareness for RISC-V reloations
This patch adds awareness of RISC-V relocations throughout the grub tools
as well as dynamic linkage and elf->PE relocation conversion support.

Signed-off-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2019-02-25 11:34:09 +01:00
Juergen Gross
78899c42d7 xen_pvh: Support building a standalone image
Support mkimage for xen_pvh.

Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Tested-by: Hans van Kranenburg <hans@knorrie.org>
2018-12-12 12:03:27 +01:00
Juergen Gross
9bce25213a xen: Use elfnote defines instead of plain numbers
In order to avoid using plain integers for the ELF notes use the
available Xen include instead.

Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Tested-by: Hans van Kranenburg <hans@knorrie.org>
2018-12-12 12:03:27 +01:00
Eric Snowberg
28b0d19061 mkimage: fix build regression in grub_mkimage_load_image
The grub_mkimage_load_image function (commit 7542af6, mkimage: refactor a bunch
of section data into a struct.) introduces a build regression on SPARC:

  cc1: warnings being treated as errors
  In file included from util/grub-mkimage32.c:23:
  util/grub-mkimagexx.c: In function 'grub_mkimage_load_image32':
  util/grub-mkimagexx.c:1968: error: missing initializer
  util/grub-mkimagexx.c:1968: error: (near initialization for 'smd.sections')
  make[2]: *** [util/grub_mkimage-grub-mkimage32.o] Error 1

Initialize the entire section_metadata structure.

Signed-off-by: Eric Snowberg <eric.snowberg@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2018-03-07 22:05:48 +01:00
Peter Jones
ebc825b549 mkimage: avoid copying relocations for sections that won't be copied.
Some versions of gcc include a plugin called "annobin", and in some
build systems this is enabled by default.  This plugin creates special
ELF note sections to track which ABI-breaking features are used by a
binary, as well as a series of relocations to annotate where.

If grub is compiled with this feature, then when grub-mkimage translates
the binary to another file format which does not strongly associate
relocation data with sections (i.e. when platform is *-efi), these
relocations appear to be against the .text section rather than the
original note section.  When the binary is loaded by the PE runtime
loader, hilarity ensues.

This issue is not necessarily limited to the annobin, but could arise
any time there are relocations in sections that are not represented in
grub-mkimage's output.

This patch seeks to avoid this issue by only including relocations that
refer to sections which will be included in the final binary.

As an aside, this should also obviate the need to avoid -funwind-tables,
-fasynchronous-unwind-tables, and any sections similar to .eh_frame in
the future.  I've tested it on x86-64-efi with the following gcc command
line options (as recorded by -grecord-gcc-flags), but I still need to
test the result on some other platforms that have been problematic in
the past (especially ARM Aarch64) before I feel comfortable making
changes to the configure.ac bits:

GNU C11 7.2.1 20180116 (Red Hat 7.2.1-7) -mno-mmx -mno-sse -mno-sse2 -mno-sse3 -mno-3dnow -msoft-float -mno-stack-arg-probe -mcmodel=large -mno-red-zone -m64 -mtune=generic -march=x86-64 -g3 -Os -freg-struct-return -fno-stack-protector -ffreestanding -funwind-tables -fasynchronous-unwind-tables -fno-strict-aliasing -fstack-clash-protection -fno-ident -fplugin=annobin

Signed-off-by: Peter Jones <pjones@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2018-03-05 14:08:09 +01:00
Peter Jones
7542af695f mkimage: refactor a bunch of section data into a struct.
This basically moves a bunch of the section information we pass around a
lot into a struct, and passes a pointer to a single one of those
instead.

This shouldn't change the binary file output or the "grub-mkimage -v"
output in any way.

Signed-off-by: Peter Jones <pjones@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2018-03-05 14:05:35 +01:00
Peter Jones
e30de94926 mkimage: make locate_sections() set up vaddresses as well.
This puts both kinds of address initialization at the same place, and also lets
us iterate through the section list one time fewer.

Signed-off-by: Peter Jones <pjones@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2018-03-05 13:44:55 +01:00
Peter Jones
594ac31571 mkimage: rename a couple of things to be less confusing later.
This renames some things:

- the "strtab" and "strtab_section" in relocate_symbols are changed to "symtab"
  instead, so as to be less confusing when "strtab" is moved to a struct in a
  later patch.

- The places where we pass section_vaddresses to functions are changed to also
  be called section_vaddresses"inside those functions, so I get less confused
  when I put addresses and vaddresses in a struct in a later patch.

Signed-off-by: Peter Jones <pjones@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2018-03-05 13:44:55 +01:00
Peter Jones
352868d123 mkimage: make it easier to run syntax checkers on grub-mkimagexx.c
This makes it so you can treat grub-mkimagexx.c as a file you can build
directly, so syntax checkers like vim's "syntastic" plugin, which uses
"gcc -x c -fsyntax-only" to build it, will work.

One still has to do whatever setup is required to make it pick the right
include dirs, which -W options we use, etc., but this makes it so you
can do the checking on the file you're editing, rather than on a
different file.

Signed-off-by: Peter Jones <pjones@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2018-03-05 13:44:55 +01:00
H.J. Lu
842c390469 x86-64: Treat R_X86_64_PLT32 as R_X86_64_PC32
Starting from binutils commit bd7ab16b4537788ad53521c45469a1bdae84ad4a:

https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=bd7ab16b4537788ad53521c45469a1bdae84ad4a

x86-64 assembler generates R_X86_64_PLT32, instead of R_X86_64_PC32, for
32-bit PC-relative branches.  Grub2 should treat R_X86_64_PLT32 as
R_X86_64_PC32.

Signed-off-by: H.J. Lu <hjl.tools@gmail.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2018-02-23 22:25:30 +01:00
Vladimir Serbinenko
24e37a8852 arm-coreboot: Start new port. 2017-05-08 20:53:28 +02:00
Vladimir Serbinenko
a35ac85430 mkimage: Pass layout to mkimage_generate_elfXX rather than some fields.
This allows easier extension of this function without having too long of
arguments list.
2017-05-08 17:32:15 +02:00
Andrei Borzenkov
4bd4a88725 i386, x86_64, ppc: fix switch fallthrough cases with GCC7
In util/getroot and efidisk slightly modify exitsing comment to mostly
retain it but still make GCC7 compliant with respect to fall through
annotation.

In grub-core/lib/xzembed/xz_dec_lzma2.c it adds same comments as
upstream.

In grub-core/tests/setjmp_tets.c declare functions as "noreturn" to
suppress GCC7 warning.

In grub-core/gnulib/regexec.c use new __attribute__, because existing
annotation is not recognized by GCC7 parser (which requires that comment
immediately precedes case statement).

Otherwise add FALLTHROUGH comment.

Closes: 50598
2017-04-04 19:23:55 +03:00
Vladimir Serbinenko
42e24b6006 Fix thumb compilation with clang.
According to EABI only STT_FUNC has convention of lowest bit indicating
execution mode. R_THM_{JUMP,CALL}* relocations are assumed to be pointing
to thumb mode unless they use STT_FUNC.
2017-02-02 00:59:49 +01:00
Vladimir Serbinenko
34fe0b5901 arm64: Add support for GOT and PCREL32 relocations. 2017-02-01 21:46:19 +01:00
Vladimir Serbinenko
43b444e593 arm/arm64: Fix improper use of start address.
It was used instead of loading address of current section or of entire buffer.
2017-02-01 20:12:07 +01:00
Vladimir Serbinenko
a134ef1ab9 ia64: Add support for R_IA64_GPREL64I.
Recent GCC generates those relocations, so we need to support them.
2017-01-31 12:39:01 +01:00
Vladimir Serbinenko
86ef66d977 arm-uboot: Make self-relocatable to allow loading at any address 2016-02-27 13:40:52 +01:00
Vladimir Serbinenko
5bcb7d394c Allow _start == 0 with relocatable images 2016-02-27 13:35:36 +01:00
Vladimir Serbinenko
df21fff504 Provide __bss_start and _end symbols in grub-mkimage.
For this ensure that all bss sections are merged.

We need this to correctly prelink non-PE relocatable images.
2016-02-27 13:35:36 +01:00
Vladimir Serbinenko
73a9c742fe Encapsulate image layout into a separate structure.
Currently we pass around a lot of pointer. Instead put all relevant data
into one structure.
2016-02-27 13:35:36 +01:00
Vladimir Serbinenko
dd3969e7ec mkimagexx: Split PE and generic part for relocations.
As a preparation for U-Boot relocations, split emitting PE-relocations
from parsing source ELF-relocations.
2016-02-27 13:35:36 +01:00
Vladimir Serbinenko
36212460d3 mkimage.c: Split into separate files.
util/grub-mkimagexx.c is included in a special way into mkimage.c.
Interoperation between defines makes this very tricky. Instead
just have a clean interface and compile util/grub-mkimage*.c separately
from mkimage.c
2016-02-27 13:35:36 +01:00
Vladimir Serbinenko
605eecc985 arm64: Add support for relocations needed for linaro gcc 2016-01-22 19:09:37 +01:00
Andrei Borzenkov
670c43af27 mkimage: fix unintended sign extension
Found by: Coverity scan.
CID: 73691, 73717
2016-01-09 21:05:44 +03:00
Andrei Borzenkov
1018e91dce mkimage: zero fill alignment space
This did not cause real problem but is good for reproducible builds. I hit
it with recent bootinfoscript that displays embedded config; I was puzzled
by random garbage at the end.

Prezero memory buffer used to assemble core.img. This makes individual
memset redundant. Also ensure buffer is filled with zeroes in several other
places.

Also remove redundant zeroing code where we fill in the whole memory block
anyway.
2015-11-06 21:33:28 +03:00
Andrei Borzenkov
7aaed66455 grub-mkimage: fix potential NULL pointer dereference
Move fatal check whether symtab_section is NULL before first reference.

Found by: Coverity scan.
2015-01-30 22:26:05 +03:00
David Prévot
496a6b3024 Correct some translatable strings. 2013-12-21 03:03:31 +01:00
Vladimir Serbinenko
57a691b7e7 Decrease number of strings to translate. 2013-12-18 07:26:13 +01:00
Vladimir Serbinenko
f4dab3d1ac Use grub_xasprintf to format translated error messages containing
64-bit quantity.
2013-12-17 16:41:09 +01:00
Vladimir Serbinenko
d6c2782a90 Unify message for unsupported relocation. 2013-12-17 16:17:46 +01:00
Vladimir Serbinenko
50d2e9596f Mark miscompile error for translation. 2013-12-17 16:05:39 +01:00
Vladimir Serbinenko
18e76955be Use %I64 and not %ll when using OS printf if compiling for windows. 2013-12-17 16:04:47 +01:00
Vladimir Serbinenko
f4171ebd34 Handle X86_64_PC64 relocation.
Those are generated by some cygwin compilers.
2013-12-16 14:24:19 +01:00
Vladimir Serbinenko
e7c418c58f * util/grub-mkimagexx.c (relocate_addresses): Display offset rather
than almost useless pointer.
2013-12-15 14:18:30 +01:00
Vladimir Serbinenko
8c534b85f1 Revamp relocation handling.
Move more code to common dl.c. Add missing veneers for arm and arm64.
	Decreases kernel size by 70 bytes on i386-pc (40-50 compressed)
2013-12-06 09:18:55 +01:00
Vladimir Serbinenko
a846dd4b3a * util/grub-mkimagexx.c: Fix reloc section generation for ia64. 2013-12-05 23:07:10 +01:00
Vladimir Serbinenko
e5ed2f6947 Handle unaligned .bss on sparc64.
Current code improperly assumes that both __bss_start and _end are
	aligned to 8-bytes. Eliminating this assumption and explicitly align
	modules.
2013-12-05 06:35:19 +01:00
Vladimir Serbinenko
d6c92cdc34 Merge branch 'master' into leiflindholm/arm64
Conflicts:
	include/grub/util/install.h
2013-11-25 13:02:27 +01:00
Vladimir Serbinenko
4906052019 Unify GOT/trampoline handling between PPC, MIPS and IA64 as they
do essentially the same thing, do it in similar way.
2013-11-21 21:54:33 +01:00
Leif Lindholm
15a463d742 ARM 64 port by Leif Lindholm 2013-11-16 20:52:55 +01:00
Vladimir Serbinenko
881c6a1049 * util/grub-mkimagexx.c (generate_elf): Fix module address on coreboot. 2013-11-10 19:34:19 +01:00
Vladimir Serbinenko
9612ebc00e Add new ports: i386-xen and x86_64-xen. This allows running GRUB in
XEN PV environment and load kernels.
2013-11-09 21:29:11 +01:00
Vladimir Serbinenko
7cb24eb5ff * util/grub-mkimagexx.c (relocate_symbols): Remove unneeded brackets. 2013-11-07 01:04:06 +01:00