If image requested EFI boot services then skip multiboot2 memory maps.
Main reason for not providing maps is because they will likely be
invalid. We do a few allocations after filling them, e.g. for relocator
needs. Usually we do not care as we would have finished boot services.
If we keep boot services then it is easier/safer to not provide maps.
However, if image needs memory maps and they are not provided by bootloader
then it should get itself just before ExitBootServices() call.
Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com>
Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Reviewed-by: Vladimir Serbinenko <phcoder@gmail.com>
Add tags used to pass ImageHandle to loaded image if requested.
It is used by at least ExitBootServices() function.
Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com>
Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Reviewed-by: Vladimir Serbinenko <phcoder@gmail.com>
Add grub_relocator64_efi relocator. It will be used on EFI 64-bit platforms
when multiboot2 compatible image requests MULTIBOOT_TAG_TYPE_EFI_BS. Relocator
will set lower parts of %rax and %rbx accordingly to multiboot2 specification.
On the other hand processor mode, just before jumping into loaded image, will
be set accordingly to Unified Extensible Firmware Interface Specification,
Version 2.4 Errata B, section 2.3.4, x64 Platforms, boot services. This way
loaded image will be able to use EFI boot services without any issues.
Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com>
Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Reviewed-by: Vladimir Serbinenko <phcoder@gmail.com>
limit_time underflows when current time is less than 90000ms.
This causes packet fragments received during this time, i.e.,
till 90000ms pass since timer init, to be rejected.
Hence, set it to 0 if its less than 90000.
Signed-off-by: Sakar Arora <Sakar.Arora@nxp.com>
Writing the primary GPT before the backup may lead to a confusing
situation: booting a freshly updated system could consistently fail and
next boot will fall back to the old system if writing the primary works
but writing the backup fails. If the backup is written first and fails
the primary is left in the old state so the next boot will re-try and
possibly fail in the exact same way. Making that repeatable should make
it easier for users to identify the error.
Additionally if the firmware and OS disagree on the disk size, making
the backup inaccessible to GRUB, then just skip writing the backup.
When this happens the automatic call to `coreos-setgoodroot` after boot
will take care of repairing the backup.
The firmware and the OS may disagree on the disk configuration and size.
Although such a setup should be avoided users are unlikely to know about
the problem, assuming everything behaves like the OS. Tolerate this as
best we can and trust the reported on-disk location over the firmware
when looking for the backup GPT. If the location is inaccessible report
the error as best we can and move on.
I personally think this reads easier. Also has the side effect of
directly comparing the primary and backup tables instead of presuming
they are equal if the crc32 matches.
This ensures all code modifying GPT data include the same sanity check
that repair does. If revalidation fails the status flags are left in the
appropriate state.
The header was being relocated without checking the new location is
actually safe. If the BIOS thinks the disk is smaller than the OS then
repair may relocate the header into allocated space, failing the final
validation check. So only move it if the disk has grown.
Additionally, if the backup is valid then we can assume its current
location is good enough and leave it as-is.
Use the new status function which checks *_HEADER_VALID and
*_ENTRIES_VALID bits together. It doesn't make sense for the header and
entries bits to mismatch so don't allow for it.
Portions of the code attempted to handle the fact that GPT entries on
disk may be larger than the currently defined struct while others
assumed the data could be indexed by the struct size directly. This
never came up because no utility uses a size larger than 128 bytes but
for the sake of safety we need to do this by the spec.
GPT_BOTH_VALID is 4 bits so simple a boolean check is not sufficient.
This broken condition allowed gptprio to trust bogus disk locations in
headers that were marked invalid causing arbitrary disk corruption.
We may get more than one response before exiting out of loop in
grub_net_dns_lookup, but buffer was allocated for the first response only,
so storing answers from subsequent replies wrote past allocated size.
We never really use more than the very first address during lookup so there
is little point in collecting all of them. Just quit early if we already have
some reply.
Code needs serious redesign to actually collect multiple answers
and select the best fit according to requested type (IPv4 or IPv6).
Reported and tested by Michael Chang <mchang@suse.com>
XFS V5 stores UUID in metadata and compares them with superblock UUID.
To allow changing of user-visible UUID it stores original value in new
superblock field (meta_uuid) and sets incompatible flag to indicate that
new field must be used to verify metadata. Our driver currently does not
check metadata UUID so simply accept such filesystem.
Reported-By: Marcos Mello <marcosfrm@outlook.com>
Reviewd by Jan Kara <jack@suse.cz>
GRUB assumes that no disk is ever larger than 1EiB and rejects
reads/writes to such locations. Unfortunately this is not conveyed in
the usual way with the special GRUB_DISK_SIZE_UNKNOWN value.
send client arch in bootp requests, for now BIOS and x64/aarch64 EFI is
supported.
fix a bug introduced in 4d5d7be005 where
user class was encoded improperly, although this didn't seem to have any
detrimental effects.
properly insert an option terminator.
If we open new connection, we need to reset stall indication, otherwise
nothing will ever be polled (low level code rely on this field being
zero when establishing connection).
Depending on the OS/libc, device macros are defined in different
headers. This change ensures we include the right one.
sys/types.h - BSD
sys/mkdev.h - Sun
sys/sysmacros.h - glibc (Linux)
glibc currently pulls sys/sysmacros.h into sys/types.h, but this may
change in a future release.
https://sourceware.org/ml/libc-alpha/2015-11/msg00253.html
At least the apache sever is very unhappy with that extra null line and will
take more than ten seconds in responding to each range request, which slows
down a lot the entire http file transfer process or even time out.
Some DHCP servers (such as dnsmasq) tokenise parameters with commas, making
it impossible to pass boot files with commas in them. Allow using a semicolon
to separate the protocol from host if a comma wasn't found.
The current logic in the DNS resolution code allocates an address buffer
based on the number of addresses in the response packet. If we receive
multiple response packets in response to a single query packet, this means
that we will reallocate a new buffer large enough for only the addresses in
that specific packet, discarding any previous results in the process. Worse,
we still keep track of the *total* number of addresses resolved in response
to this query, not merely the number in the packet being currently processed.
Use realloc() rather than malloc() to avoid overwriting the existing data,
and allocate a buffer large enough for the total set of addresses rather
than merely the number in this specific response.
Rework TPM measurements to use fewer PCRs. After discussion with upstream,
it's preferable to avoid using so many PCRs. Instead, measure into PCRs 8
and 9 but use a prefix in the event log to indicate which subsystem carried
out the measurements.
Historically this variable hold previous value of filename that
had to be freed if allocated previously. Currently this branch
is entered only if filename was not allocated previously so it
became redundant. It did not cause real problems because grub_free
was not called, but code is confusing and causes compilation error
in some cases.
Returned from the OpenProtocol operation, the grub_efi_block_io_media
structure contains the io_align field, specifying the minimum alignment
required for buffers used in any data transfers with the device.
Make grub_efidisk_readwrite() allocate a temporary buffer, aligned to
this boundary, if the buffer passed to it does not already meet the
requirements.
Also sanity check the io_align field in grub_efidisk_open() for
power-of-two-ness and bail if invalid.
Map EFI_NO_MEDIA to GRUB_ERR_OUT_OF_RANGE that is ignored by diskfilter. This
actually matches pretty close (we obviously attempt to read outside of media)
and avoids adding more error codes.
This affects only internally initiated scans. If read/write from removable is
explicitly requested, we still return an error and text explanation is more
clear for user than generic error.
Reported and tested by Andreas Loew <Andreas.Loew@gmx.net>
ipv6 routing in grub2 is broken, we cannot talk to anything outside our local
network or anything that doesn't route in our global namespace. This patch
fixes this by doing a couple of things
1) Read the router information off of the router advertisement. If we have a
router lifetime we need to take the source address and create a route from it.
2) Changes the routing stuff slightly to allow you to specify a gateway _and_ an
interface. Since the router advertisements come in on the link local address we
need to associate it with the global address on the card. So when we are
processing the router advertisement, either use the SLAAC interface we create
and add the route to that interface, or loop through the global addresses we
currently have on our interface and associate it with one of those addresses.
We need to have a special case here for the default route so that it gets used,
we do this by setting the masksize to 0 to mean it encompasses all networks.
The routing code will automatically select the best route so if there is a
closer match we will use that.
With this patch I can now talk to ipv6 addresses outside of my local network.
Thanks,
Signed-off-by: Josef Bacik <jbacik@fb.com>
Prevent buffer over-read in grub_machine_mmap_iterate. This was
causing phys_base from being calculated properly. This then
caused the wrong value to be placed in ramdisk_image within
struct linux_hdrs. Which prevented the ramdisk from loading on
boot.
Newer SPARC systems contain more than 8 available memory entries.
For example on a T5-8 with 2TB of memory, the memory layout could
look like this:
T5-8 Memory
reg 00000000 30000000 0000003f b0000000
00000800 00000000 00000040 00000000
00001000 00000000 00000040 00000000
00001800 00000000 00000040 00000000
00002000 00000000 00000040 00000000
00002800 00000000 00000040 00000000
00003000 00000000 00000040 00000000
00003800 00000000 00000040 00000000
available 00003800 00000000 0000003f ffcae000
00003000 00000000 00000040 00000000
00002800 00000000 00000040 00000000
00002000 00000000 00000040 00000000
00001800 00000000 00000040 00000000
00001000 00000000 00000040 00000000
00000800 00000000 00000040 00000000
00000000 70000000 0000003f 70000000
00000000 6eef8000 00000000 00002000
00000000 30400000 00000000 3eaf6000
name memory
Signed-off-by: Eric Snowberg <eric.snowberg@oracle.com>
When running grub in a VGA console of a KVM pseries guest on PowerPC,
you can see the cursor sweeping over the whole line when entering a
character in editor mode. This is visible because grub always refreshes
the whole line when entering a character in editor mode, and drawing
characters is quite a slow operation with the firmware used for the
powerpc pseries guests (SLOF).
To avoid this ugliness, the cursor should be disabled when refreshing
the screen contents during update_screen().
Signed-off-by: Thomas Huth <thuth@redhat.com>
lexer calls yylex_fatal on fatal internal errors. yylex_fatal itself is
declared as noreturn and calls exit. Returning from noreturn function has
unpredictable consequences.
all_video module does not have any code or data and exists solely for
.moddeps section to pull in dependencies. This makes all symbols unneeded.
While in current binutils (last released version as of this commit is 2.26)
``strip --strip-unneeded'' unintentionally adds section symbols for each
existing section, this behavior was considered a bug and changed in commit
14f2c699ddca1e2f706342dffc59a6c7e23e844c to completely strip symbol table
in this case.
Older binutils (verified with 2.17) and some other toolchains (at least
elftoolchain r3223M), both used in FreeBSD, remove symbol table in all_video
as well.
Relax run-time check and do not return error for modules without symbol table.
Add additional checks to module verifier to make sure such modules
a) have non-empty .moddeps section. Without either externally visible symbols
or .moddeps modules are completely useless and should not be built.
b) do not have any relocations.
Closes: 46986
v2: add run-time check for empty symbol table if relocations are present as
suggested by Vladimir.
-Wunreachable-code has been a no-op since GCC 4.5; GRUB hasn't been
compiled with it since 2012; and GCC 6 produces "error:
'-Wunreachable-code' is not an option that controls warnings" for these.
Fixes Debian bug #812047.
server cannot be NULL at this point (we return error earlier if it is).
Also structure is zalloc'ed, so no need to explicitly initialize
members to 0.
Found by: Coverity scan.
CID: 73837
Condition was apparently reversed so GRUB assumed all devices were
files. This later made it skip BLKFLSBUF ioctl on Linux which caused
various page cache coherency issues. Observed were
- failure to validate blocklist install (read content did not match
just written)
- failure to detect Linux MD on disk after online hot addition
(GRUB got stale superblock)
Closes: 46691
grub_xfs_iterate_dir did not restore first character after inline
name when match was found. Dependning on XFS format this character
could be inode number and we could return to the same node later in
find_file if processing cycled symlinks.
CID: 86724
If line contains single word, line and argv[0] are aliases, so
no NULL dereference is possible, but Coverity does not know it.
Change code to avoid ambiguity and also remove redundant call to
grub_strchr.
CID: 86725
It's helpful to determine that a request was sent by grub in order to permit
the server to provide different information at different stages of the boot
process. Send GRUB2 as a type 77 DHCP option when sending bootp packets in
order to make this possible.
Add support for adding gpg keys to the trusted database with a new command
called "trust_var". This takes the contents of a variable (in ascii-encoded
hex) and interprets it as a gpg public key.
The getenv code was mishandling the conversion of binary to hex. Grub's
sprintf() doesn't seem to support the full set of format conversions, so
fix this in the nasty way.
Timer event to keep grub msec counter was running at 1000HZ. This was too
fast for UEFI timer driver and resulted in a 10x slowdown in grub time
versus wallclock. Reduce the timer event frequency and increase tick
increment accordingly to keep better time.
We want a single buffer that contains the entire kernel image in order to
perform a TPM measurement. Allocate one and copy the entire kernel int it
before pulling out the individual blocks later on.
We want a single buffer that contains the entire kernel image in order to
perform a TPM measurement. Allocate one and copy the entire kernel into it
before pulling out the individual blocks later on.
Add support for performing basic TPM measurements. Right now this only
supports extending PCRs statically and only on UEFI and BIOS systems, but
will measure all modules as they're loaded.
The Secure Boot code currently reads the kernel from disk, validates the
signature and then reads it from disk again. A sufficiently exciting storage
device could modify the kernel between these two events and trigger the
execution of an untrusted kernel. Avoid re-reading it in order to ensure
this isn't a problem, and in the process speed up boot by not reading the
kernel twice.
On emu some checks can be laxer like check for relocation range. Additionally
module loading in emu is rarely used. So skip this check rather than making
it laxer for all platforms. In ideal we may want to have slightly different
check for emu but for now this is good enough.
This section is generated by clang and is useful only for debugging.
It contains exotic relocations, so strip them to avoid them interferring
with module loading.
This was lost when code was refactored. Patch restores previous behavior.
It is still not clear whether this is the right one. Due to the way we
detect DM abstraction, partitions on DM are skipped, we fall through to
generic detection which ends up in assuming parent device is BIOS disk.
It is useful to install GRUB on VM disk from the host. But it also means
that GRUB will mistakenly allow install on real system as well.
For now let's fix regression; future behavior needs to be discussed.
Closes: 45163
GRUB keeps partition offset and size in units of 512B sectors. Media paths
are defined in terms of LBA which are presumed to match HDD sector size.
This is probably cosmetic (EFI requires that partition is searched by GUID)
and still incorrect if GPT was created using different logical block size.
But current code is obviously wrong and new has better chances to be correct.
Otherwise it causes subsequent file open to fail, because grub_file_open
misinterprets set grub_errno for grub_file_get_device_name failure.
Closes: 46540
Define
* GRUB_EFI_PERSISTENT_MEMORY (UEFI memory map type 14) per UEFI 2.5
* GRUB_MEMORY_PERSISTENT (E820 type 7) per ACPI 3.0
* GRUB_MEMORY_PERSISTENT_LEGACY (E820 unofficial type 12) per ACPI 3.0
and translate GRUB_EFI_PERSISTENT_MEMORY to GRUB_MEMORY_PERSISTENT in
grub_efi_mmap_iterate().
Includes
* adding the E820 names to lsmmap
* handling the E820 types in make_efi_memtype()
Suggested-by: Vladimir 'φ-coder/phcoder' Serbinenko <phcoder@gmail.com>
Suggested-by: Andrei Borzenkov <arvidjaar@gmail.com>
While adding tcp window scaling support I was finding that I'd get some packet
loss or reordering when transferring from large distances and grub would just
timeout. This is because we weren't ack'ing when we got our OOO packet, so the
sender didn't know it needed to retransmit anything, so eventually it would fill
the window and stop transmitting, and we'd time out. Fix this by ACK'ing when
we don't find our next sequence numbered packet. With this fix I no longer time
out. Thanks,
Signed-off-by: Josef Bacik <jbacik@fb.com>
Condition was accidentally reversed, so PIT calibration always failed
when PIT was present and always succeeded when PIT was missing, but in
the latter case resulted in absurdly fast clock.
Reported and tested by Vitaly Kuznetsov <vkuznets@redhat.com>
PIT isn't available on some of new hardware including Hyper-V. So
use pmtimer for calibration. Moreover pmtimer calibration is faster, so
use it on coreboor where booting time is important.
Based on patch by Michael Chang.
9be4c45dbe added switch case between
fall through cases, causing all memory regions of unknown type to be
marked as available.
Move default case into its own block and add explicit FALLTHROUGH
annotation.
Reported by Elliott, Robert (Persistent Memory) <elliott@hpe.com>
We were resetting nb->data every time we tried a new server, but we need to do
it every time we try for a different record, otherwise we don't end up falling
back to the A record properly. Thanks,
Signed-off-by: Josef Bacik <jbacik@fb.com>
Add a command to read values from the qemu fwcfg store. This allows data
to be passed from the qemu command line to grub.
Example use:
echo '(hd0,1)' >rootdev
qemu -fw_cfg opt/rootdev,file=rootdev
fwconfig opt/rootdev root
This makes it impossible to read from stdin without controlling tty:
10:/mnt # echo -e passwd\\npasswd | setsid ./grub-mkpasswd-pbkdf2
Enter password:
Reenter password: ./grub-mkpasswd-pbkdf2: error: failure to read password.
10:/mnt
It is not possible to configure encrypted containers on multiple partitions of
the same disk; after the first one all subsequent fail with
disk/cryptodisk.c:978: already mounted as crypto0
Store partition offset in cryptomount descriptor to distinguish between them.
From original patch by dann frazier <dann.frazier@canonical.com>:
grub_net_fs_open() saves off a copy of the file structure it gets passed and
uses it to create a bufio structure. It then overwrites the passed in file
structure with this new bufio structure. Since file->name doesn't get set
until we return back to grub_file_open(), it means that only the bufio
structure gets a valid file->name. The "real" file's name is left
uninitialized. This leads to a crash when the progress module hook is called
on it.
grub_net_fs_open() already saved copy of file name as ->net->name, so change
progress module to use it.
Also, grub_file_open may leave file->name as NULL if grub_strdup fails. Check
for it.
Also-By: dann frazier <dann.frazier@canonical.com>
It cannot work anyway because host disk cannot be read. This fixes hostfs access
on native Windows build where filenames start with '\' or do not have initial
separator at all (d:\foo).
Issue was observed when running grub-fstest on Windows. On UNIX image name is
canonicalized to always start with `/' so this was not noticed.
This has side effect of allowing relative path names on host, but this already
was the case with `ls' command, so it just extends it to all commands.
Reported-By: Arch Stack <archstacker@gmail.com>
Also-By: Arch Stack <archstacker@gmail.com>
sun4v vnet devices do not implement the support of duplex and speed
instance attributes. An attempt to open such a device with
the attributes will fail:
ok select net:speed=auto,duplex=auto
Unknown key 'speed'
Unknown key 'duplex'
Manual Configuration: Host IP, boot server and filename must be specified
WARNING: /virtual-devices@100/channel-devices@200/network@0: Can't open OBP standard TFTP package
Can't open device
ok
Therefore, let's not set SUFFIX for such devices.
Signed-off-by: Stanislav Kholmanskikh <stanislav.kholmanskikh@oracle.com>
The EFI spec indicates that get_status() should return the address of the buffer
we passed into transmit to indicate the the buffer was transmitted. However we
have boxes where the firmware returns some arbitrary address instead, which
makes grub think that we've not sent anything. So since we have the SNP stuff
opened in exclusive mode just assume any non-NULL txbuf means that our transmit
occurred properly. This makes grub able to do its networking stuff properly on
our broken firmware. Thanks,
cc: Peter Jones <pjones@redhat.com>
Signed-off-by: Josef Bacik <jbacik@fb.com>
Recent tests have discovered that many of our filesystems have flawed
handling of "." and "..". Rather than attempting to fix it in filesystems
themselves, make the common code fshelp aware of "." and ".." and handle
them in this layer. Add grub_fshelp_find_file_lookup for easy conversion
of BFS, HFS and exFAT which have the same problem and don't use fshelp.
mips_attributes was introduced to work around clang problems with
-msoft-float. Those problems are now fixed and moreover .gnu_attributes
itself is unportable and creates problem with clang.
Revert "mips: Fix soft-float handling."
This partially reverts commit 6a4ecd276e.
Regression from commit:
loader/linux: do not pad initrd with zeroes at the end
a8c473288d
Wimboot fails since the change above because it expects the "trailer"
initrd element on an aligned address.
This issue shows only when newc_name is used and the last initrd
entry has a not aligned size.
Since btrfs on-disk format uses little-endian, the searched item types
(ROOT_REF, INODE_REF) need converting the byte order in order to
function properly on big-endian systems.
Emulate dot and dotdot in root directory. For other directories do not
add separator between name and extension for these two special entries.
Closes: 45335
Exclusive open on SNP will close all existing protocol instances which
may disable all receive filters on interface. Reinstall them after we
opened protocol exclusively.
Also follow UEFI specification recommendation and stop interfaces when
closing them:
Unexpected system errors, reboots and hangs can occur if an OS is loaded
and the network devices are not Shutdown() and Stopped().
Also by: Mark Salter <msalter@redhat.com>
Closes: 45204
The current code for EFI grub_exit() calls grub_efi_fini() before
returning to firmware. In the case of ARM, this leaves a timer
event running which could lead to a firmware crash. This patch
changes this so that grub_machine_fini() is called with a NORETURN
flag. This allows machine-specific shutdown to happen as well
as the shutdown done by grub_efi_fini().
Signed-off-by: Mark Salter <msalter@redhat.com>
Add support for new XFS on disk format. We have to handle optional
filetype fields in directory entries, additional CRC, LSN, UUID entries
in some structures, etc.
Signed-off-by: Jan Kara <jack@suse.cz>
Including the setjmp module in an arm64-efi image will cause it to
immediately exit with an "incompatible license" error.
The source file includes a GPLv3+ boilerplate, so fix this by declaring a
GPLv3+ license using the GRUB_MOD_LICENSE macro.
Signed-off-by: dann frazier <dann.frazier@canonical.com>
Currently, some messages cannot be mapped to the port they belong to as
the port number is missing from the output. So add `port: n` to the
debug messages.
Run the command below
$ git grep -l schedulded | xargs sed -i 's/schedulded/scheduled/g'
and revert the change in `ChangeLog-2015`.
Including "miscellaneous" spelling fix noted by richardvoigt@gmail.com
large blocks basically use extensible dataset feature, or to be exact,
setting recordsize above 128k will trigger large_block feature to be
enabled and storing such blocks is using feature extensible dataset. so
the extensible dataset is prerequisite.
Changes implement read support extensible dataset… instead of fixed DMU
types they dont specify type, making it possible to use fat zap objects
from bonus area.
While in theory permitted by the spec, modules rarely fit in low memory
anyway and not every kernel is able to handle modules in low memory anyway.
At least VMWare is known not to be able to handle modules at arbitrary
locations.
Add the descriptions of the “core”, that means no vendorcode or payload,
coreboot time stamps added up to coreboot commit a7d92441 (timestamps:
You can never have enough of them!) [1].
Running `coreboot_boottime` in the GRUB command line interface now shows
descriptions for all time stamps again on the ASRock E350M1.
[1] http://review.coreboot.org/9608
From RFC1542:
The 'giaddr' field is rather poorly named. It exists to facilitate
the transfer of BOOTREQUEST messages from a client, through BOOTP
relay agents, to servers on different networks than the client.
Similarly, it facilitates the delivery of BOOTREPLY messages from the
servers, through BOOTP relay agents, back to the client. In no case
does it represent a general IP router to be used by the client. A
BOOTP client MUST set the 'giaddr' field to zero (0.0.0.0) in all
BOOTREQUEST messages it generates.
A BOOTP client MUST NOT interpret the 'giaddr' field of a BOOTREPLY
message to be the IP address of an IP router. A BOOTP client SHOULD
completely ignore the contents of the 'giaddr' field in BOOTREPLY
messages.
Leave code ifdef'd out for the time being in case we see regression.
Suggested by: Rink Springer <rink@rink.nu>
Closes: 43396
Currently XFS driver converted inode numbers to native endianity only
when using them to compute inode position. Although this works, it is
somewhat confusing. So convert inode numbers when reading them from disk
structures as every other field.
Signed-off-by: Jan Kara <jack@suse.cz>
Directory iteration used wrong position (sizeof wrong structure) for
termination of iteration inside a directory block. Luckily the position
ended up being wrong by just 1 byte and directory entries are larger so
things worked out fine in practice. But fix the problem anyway.
Signed-off-by: Jan Kara <jack@suse.cz>
EBDA layout is not standardized so we cannot assume first two bytes
are length. Neither is it required by ACPI standard. HP 8710W is known
to contain zeroes here.
Closes: 45002
EDK2 network stack is based on Managed Network Protocol which is layered
on top of Simple Management Protocol and does background polling. This
polling races with grub for received (and probably trasmitted) packets
which causes either serious slowdown or complete failure to load files.
Open SNP device exclusively. This destroys all child MNP instances and
stops background polling.
Exclusive open cannot be done when enumerating cards, as it would destroy
PXE information we need to autoconfigure interface; and it cannot be done
during autoconfiguration as we need to do it for non-PXE boot as well. So
move SNP open to card ->open method and add matching ->close to clean up.
Based on patch from Mark Salter <msalter@redhat.com>
Also-By: Mark Salter <msalter@redhat.com>
Closes: 41731
EDK2 PXE driver creates two child devices - IPv4 and IPv6 - with
bound SNP instance. This means we get three cards for every physical
adapter when enumerating. Not only is this confusing, this may result
in grub ignoring packets that come in via the "wrong" card.
Example of device hierarchy is
Ctrl[91] PciRoot(0x0)/Pci(0x3,0x0)
Ctrl[95] PciRoot(0x0)/Pci(0x3,0x0)/MAC(525400123456,0x1)
Ctrl[B4] PciRoot(0x0)/Pci(0x3,0x0)/MAC(525400123456,0x1)/IPv4(0.0.0.0)
Ctrl[BC] PciRoot(0x0)/Pci(0x3,0x0)/MAC(525400123456,0x1)/IPv6(0000:0000:0000:0000:0000:0000:0000:0000)
Skip PXE created virtual devices when enumerating cards. Make sure to
find real card when applying initial autoconfiguration during PXE boot,
this information is associated with one of child devices.
Syslinux memdisk is using initrd image and needs to know uncompressed
size in advance. For gzip uncompressed size is at the end of compressed
stream. Grub padded each input file to 4 bytes at the end, which means
syslinux got wrong size.
Linux initramfs loader apparently does not care about trailing alignment.
So change code to align beginning of each file instead which atomatically
gives us the correct size for single file.
Reported-By: David Shaw <dshaw@jabberwocky.com>
This reverts commits 47b2bee3ef
and 8d3c4544ff. It is not safe
to free allocated cards, dangling pointers main remain. Such
cleanup requires more changes in net core.
grub_memset should zero out padding after data end. It is not clear
why it is needed at all - ZFS block is at least 512 bytes and power
of two, so it is always multiple of 16 bytes. This grub_memset
apparently never did anything.
In the past birth was always zero for holes. This feature started
to make use of birth for holes as well, so change code to test for
valid DVA address instead.
If grub is signed with a key that's in the trusted EFI keyring, an attacker
can point a boot entry at grub rather than at shim and grub will fail to
locate the shim verification protocol. This would then allow booting an
arbitrary kernel image. Fail validation if Secure Boot is enabled and we
can't find the shim protocol in order to prevent this.
Hi,
Fedora's patch to forbid insmod in UEFI Secure Boot environments is fine
as far as it goes. However, the insmod command is not the only way that
modules can be loaded. In particular, the 'normal' command, which
implements the usual GRUB menu and the fully-featured command prompt,
will implicitly load commands not currently loaded into memory. This
permits trivial Secure Boot violations by writing commands implementing
whatever you want to do and pointing $prefix at the malicious code.
I'm currently test-building this patch (replacing your current
grub-2.00-no-insmod-on-sb.patch), but this should be more correct. It
moves the check into grub_dl_load_file.
It can be called with NULL for third argument. grub_divmod32* for
now are called only from within wrappers, so skip check.
Reported-By: Michael Zimmermann <sigmaepsilon92@gmail.com>
Some x86 systems might be capable of running a 64-bit Linux kernel but
only use a 32-bit EFI (e.g. Intel Bay Trail systems). It's useful for
grub-install to be able to recognise such systems, to set the default
x86 platform correctly.
To allow grub-install to know the size of the firmware rather than
just the size of the kernel, there is now an extra EFI sysfs file to
describe the underlying firmware. Read that if possible, otherwise
fall back to the kernel type as before.
Signed-off-by: Steve McIntyre <steve@einval.com>
Use the new thumb_get_instruction_word/thumb_set_instruction_word
helpers throughout.
Style cleanup (missing spaces).
Move Thumb MOVW/MOVT handlers into Thumb relocation section of file.
This restrict ARP handling to MAC and IP addresses but in practice we need
only this case anyway and other cases are very rar if exist at all. It makes
code much simpler and less error-prone.
_BSD_SOURCE was added to allow the use of DT_DIR, but that was removed
in e768b77068. While adding
_DEFAULT_SOURCE as well works around problems with current glibc,
neither is in fact needed nowadays.
argp_help attempts to translate empty string, which results in printing
meta information about translation, like in
bor@opensuse:~/build/grub> grub2-mknetdir --help
Использование: grub2-mknetdir [ПАРАМЕТР…]
Project-Id-Version: grub 2.02-pre2
Report-Msgid-Bugs-To: bug-grub@gnu.org
...
Update gnulib/argp-help.c to the current version which fixes this
(commit b9bfe78424b871f5b92e5ee9e7d21ef951a6801d).
canonicalize_file_name clashed with gnulib function. Additionally
it was declared in 2 places: emu/misc.h and util/misc.h. Added
grub_ prefix and removed second declaration.
libgcc for boot environment isn't always present and compatible.
libgcc is often absent if endianness or bit-size at boot is different
from running OS.
libgcc may use optimised opcodes that aren't available on boot time.
So instead of relying on libgcc shipped with the compiler, supply
the functions in GRUB directly.
Tests are present to ensure that those replacement functions behave the
way compiler expects them to.
All current ciphers have blocks which are power of 2 and it's
unlikely to change. Other block length would be tricky to handle anyway.
This restriction allows avoiding extra divisions.
Add -msoft-float alongside clang arguments to specify ABI.
Specify ABI in asm files explicitly.
This trigers asm warning due to gcc failing to propagate -msoft-float
but it's tolerable.
Previously we supplied only unsigned divisions on platforms that need software
division.
Yet compiler may itself use a signed division. A typical example would be a
difference between 2 pointers which involves division by object size.