Commit graph

9777 commits

Author SHA1 Message Date
Andrei Borzenkov
49426e9fd2 efinet: open Simple Network Protocol exclusively
EDK2 network stack is based on Managed Network Protocol which is layered
on top of Simple Management Protocol and does background polling. This
polling races with grub for received (and probably trasmitted) packets
which causes either serious slowdown or complete failure to load files.

Open SNP device exclusively.  This destroys all child MNP instances and
stops background polling.

Exclusive open cannot be done when enumerating cards, as it would destroy
PXE information we need to autoconfigure interface; and it cannot be done
during autoconfiguration as we need to do it for non-PXE boot as well. So
move SNP open to card ->open method and add matching ->close to clean up.

Based on patch from Mark Salter <msalter@redhat.com>

Also-By: Mark Salter <msalter@redhat.com>
Closes: 41731
2015-05-07 20:37:17 +03:00
Andrei Borzenkov
c52ae40570 efinet: skip virtual IPv4 and IPv6 devices when enumerating cards
EDK2 PXE driver creates two child devices - IPv4 and IPv6 - with
bound SNP instance. This means we get three cards for every physical
adapter when enumerating. Not only is this confusing, this may result
in grub ignoring packets that come in via the "wrong" card.

Example of device hierarchy is

 Ctrl[91] PciRoot(0x0)/Pci(0x3,0x0)
   Ctrl[95] PciRoot(0x0)/Pci(0x3,0x0)/MAC(525400123456,0x1)
     Ctrl[B4] PciRoot(0x0)/Pci(0x3,0x0)/MAC(525400123456,0x1)/IPv4(0.0.0.0)
     Ctrl[BC] PciRoot(0x0)/Pci(0x3,0x0)/MAC(525400123456,0x1)/IPv6(0000:0000:0000:0000:0000:0000:0000:0000)

Skip PXE created virtual devices when enumerating cards. Make sure to
find real card when applying initial autoconfiguration during PXE boot,
this information is associated with one of child devices.
2015-05-07 20:37:17 +03:00
Andrei Borzenkov
7b386b7031 efidisk: move device path helpers in core for efinet 2015-05-07 20:37:16 +03:00
Andrei Borzenkov
16a7e723ea convert to, not from, CPU byte order in DNS receive function 2015-05-07 20:33:28 +03:00
Andrei Borzenkov
a8c473288d loader/linux: do not pad initrd with zeroes at the end
Syslinux memdisk is using initrd image and needs to know uncompressed
size in advance. For gzip uncompressed size is at the end of compressed
stream. Grub padded each input file to 4 bytes at the end, which means
syslinux got wrong size.

Linux initramfs loader apparently does not care about trailing alignment.
So change code to align beginning of each file instead which atomatically
gives us the correct size for single file.

Reported-By: David Shaw <dshaw@jabberwocky.com>
2015-05-07 20:24:24 +03:00
Daniel Kiper
71783dc978 i386/relocator: Remove unused extern grub_relocator64_rip_addr
Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com>
2015-05-07 18:00:47 +02:00
Vladimir Serbinenko
9916ed6f82 grub-install-common: Increase buf size to 8192 as modinfo.sh is bigger. 2015-05-07 17:09:58 +02:00
Vladimir Serbinenko
5fd1cb980a grub-mkrescue: Recognize -output as an alias of --output.
This helps us to be in line with xorriso -as mkisofs.

Suggested by: Thomas Schmitt
2015-05-07 16:34:34 +02:00
Vladimir Serbinenko
e5b4ba8c2b linux.c: Ensure that initrd is page-aligned. 2015-05-07 16:23:39 +02:00
Vladimir Serbinenko
9f731abc7f Revert parts accidentally committed 2 commits ago. 2015-05-07 16:21:34 +02:00
Fu Wei
cfe2ae8936 fdt.h: Add grub_fdt_set_reg64 macro
Signed-off-by: Fu Wei <fu.wei@linaro.org>
2015-05-07 15:13:25 +02:00
Fu Wei
f8451af825 arm64: Export useful functions from linux.c
Signed-off-by: Fu Wei <fu.wei@linaro.org>
2015-05-07 15:11:04 +02:00
Andrei Borzenkov
cc699535e5 Revert "efinet: memory leak on module removal"
This reverts commits 47b2bee3ef
and 8d3c4544ff. It is not safe
to free allocated cards, dangling pointers main remain. Such
cleanup requires more changes in net core.
2015-05-04 09:17:59 +03:00
Andrei Borzenkov
47b2bee3ef efinet: cannot free const char * pointer 2015-05-04 08:39:29 +03:00
Andrei Borzenkov
8d3c4544ff efinet: memory leak on module removal 2015-05-04 08:08:57 +03:00
Andrei Borzenkov
6210b8e8f7 zfs: add missing NULL check and fix incorrect buffer overwrite
grub_memset should zero out padding after data end. It is not clear
why it is needed at all - ZFS block is at least 512 bytes and power
of two, so it is always multiple of 16 bytes. This grub_memset
apparently never did anything.
2015-05-03 18:57:32 +03:00
Toomas Soome
4a7ea4003b zfs: com.delphix:embedded_data feature support 2015-05-03 18:45:40 +03:00
Toomas Soome
a1007c6af2 zfs: com.delphix:hole_birth feature support
In the past birth was always zero for holes. This feature started
to make use of birth for holes as well, so change code to test for
valid DVA address instead.
2015-05-03 18:11:29 +03:00
Andrei Borzenkov
104dff36ea grub-mkconfig: use $pkgdatadir in scripts
Otherwise scripts will source wrong grub-mkconfig_lib.
2015-04-29 19:18:54 +03:00
Vladimir Serbinenko
70b002de55 Remove -V in grub-mkrescue.c
It clashhes with -V which is alias to -volid.
2015-04-24 17:52:30 +02:00
mjg59
19c075a7ac Merge pull request #8 from mjg59/master
Add some more secure boot infrastructure to grub
2015-04-22 16:02:19 -07:00
Matthew Garrett
2755ecd157 Add efi getenv command
Add a command to obtain the contents of EFI firmware variables.
2015-04-22 13:08:26 -07:00
Matthew Garrett
9b669efb38 Fail validation if we can't find shim and Secure Boot is enabled
If grub is signed with a key that's in the trusted EFI keyring, an attacker
can point a boot entry at grub rather than at shim and grub will fail to
locate the shim verification protocol. This would then allow booting an
arbitrary kernel image. Fail validation if Secure Boot is enabled and we
can't find the shim protocol in order to prevent this.
2015-04-22 12:47:49 -07:00
Colin Watson
25850cfd50 Don't allow insmod when secure boot is enabled.
Hi,

Fedora's patch to forbid insmod in UEFI Secure Boot environments is fine
as far as it goes.  However, the insmod command is not the only way that
modules can be loaded.  In particular, the 'normal' command, which
implements the usual GRUB menu and the fully-featured command prompt,
will implicitly load commands not currently loaded into memory.  This
permits trivial Secure Boot violations by writing commands implementing
whatever you want to do and pointing $prefix at the malicious code.

I'm currently test-building this patch (replacing your current
grub-2.00-no-insmod-on-sb.patch), but this should be more correct.  It
moves the check into grub_dl_load_file.
2015-04-22 12:47:49 -07:00
Toomas Soome
677dcaa92b getroot: include sys/mkdev.h for makedev
Solaris (like) systems need to include sys/mkdev.h for makedev() function.
2015-04-13 19:52:28 +03:00
Toomas Soome
5b5d8666a7 core/partmap: rename 'sun' to avoid clash with predefined symbol
the symbol “sun” is defined macro in solaris derived systems, from
gcc -dM -E:

and therefore can not be used as name.
2015-04-13 19:49:15 +03:00
Paul Menzel
e97f5f4968 docs/grub.texi: Fix spelling of cbfstool 2015-04-12 09:10:11 +03:00
Andrei Borzenkov
f11db3c7fc core: avoid NULL derefrence in grub_divmod64s
It can be called with NULL for third argument.  grub_divmod32* for
now are called only from within wrappers, so skip check.

Reported-By: Michael Zimmermann <sigmaepsilon92@gmail.com>
2015-04-06 19:30:51 +03:00
Andrei Borzenkov
12bf557039 do not emit cryptomount without crypto UUID 2015-03-28 22:13:35 +03:00
Sarah Newman
7d39938474 grub-core/loader/i386/xen.c: Initialized initrd_ctx so we don't free a random pointer from the stack.
Signed-off-by: Sarah Newman <srn@prgmr.com>
2015-03-28 07:14:17 +03:00
Andrei Borzenkov
ebd92af8c3 net: trivial grub_cpu_to_XX_compile_time cleanup 2015-03-27 18:58:57 +03:00
Lunar
c9ee9bedef syslinux: Support {vesa,}menu.c32. 2015-03-27 15:15:13 +01:00
Steve McIntyre
1a33de8b56 Recognize EFI platform even in case of mismatch between Linux and EFI.
Some x86 systems might be capable of running a 64-bit Linux kernel but
only use a 32-bit EFI (e.g. Intel Bay Trail systems). It's useful for
grub-install to be able to recognise such systems, to set the default
x86 platform correctly.

To allow grub-install to know the size of the firmware rather than
just the size of the kernel, there is now an extra EFI sysfs file to
describe the underlying firmware. Read that if possible, otherwise
fall back to the kernel type as before.

Signed-off-by: Steve McIntyre <steve@einval.com>
2015-03-27 14:51:51 +01:00
Michael Zimmermann
ed07b7e128 Add missing initializers to silence suprious warnings. 2015-03-27 14:44:41 +01:00
Leif Lindholm
d47e8ab4b9 dl_helper: Cleanup
Use the new thumb_get_instruction_word/thumb_set_instruction_word
helpers throughout.

Style cleanup (missing spaces).

Move Thumb MOVW/MOVT handlers into Thumb relocation section of file.
2015-03-27 14:37:16 +01:00
Martin Wilck
cf2b4a36c4 efinet: Check for immediate completition.
This both speeds GRUB up and workarounds unexpected EFI behaviour.
2015-03-27 14:27:56 +01:00
Vladimir Serbinenko
1f23c87c19 Make Makefile.util.def independent of platform. 2015-03-27 14:04:41 +01:00
Daniel Kahn Gillmor
85a7be2414 util/mkimage: Use stable timestamp when generating binaries. 2015-03-27 13:26:48 +01:00
Vladimir Serbinenko
c14f8a9366 modinfo.sh.in: Add missing config variables. 2015-03-27 12:18:25 +01:00
Vladimir Serbinenko
94222b72b5 Makefile.core.def: Remove obsolete LDADD_KERNEL 2015-03-27 12:18:25 +01:00
Vladimir Serbinenko
63034d3261 arp, icmp: Fix handling in case of oversized or invalid packets.
This restrict ARP handling to MAC and IP addresses but in practice we need
only this case anyway and other cases are very rar if exist at all. It makes
code much simpler and less error-prone.
2015-03-27 12:18:25 +01:00
Colin Watson
5974d4ba65 hostfs: Drop unnecessary feature test macros
_BSD_SOURCE was added to allow the use of DT_DIR, but that was removed
in e768b77068.  While adding
_DEFAULT_SOURCE as well works around problems with current glibc,
neither is in fact needed nowadays.
2015-03-23 14:32:30 +00:00
Vladimir Serbinenko
e9f68f1f4c compiler-rt-emu: Add missing file. 2015-03-20 13:00:53 +01:00
Vladimir Serbinenko
fe6695b7d6 emunet: Fix init error checking.
Otherwise emunet doesn't expose any cards.
2015-03-20 12:59:00 +01:00
Vladimir Serbinenko
237510486a fddboot_test: Add -no-pad to xorriso. 2015-03-20 12:58:08 +01:00
Vladimir Serbinenko
cf47a2fba5 grub-mkrescue: pass all unrecognized options unchanged to xorriso. 2015-03-20 12:55:27 +01:00
Vladimir Serbinenko
9c07daaf91 cacheinfo: Add missing license information. 2015-03-20 11:13:58 +01:00
Andrei Borzenkov
19c4156d16 grub-fs-tester: add LVM RAID1 support
LVM miscalculates bitmap size with small extent, so start with 16K as
for other RAID types.

Until version 2.02.103 LVM counts metadata segments twice when checking
available space, reduce segment count by one to account for this bug.
2015-03-19 21:31:26 +03:00
Andrei Borzenkov
527eeeeee6 core: add LVM RAID1 support
Closes 44534.
2015-03-19 21:30:27 +03:00
Andrei Borzenkov
7c9309e50a grub-fs-tester: explicitly set segment type for LVM mirror
LVM mirror defaults to RAID1 today and can be different on different
systems as set in lvm.conf.
2015-03-16 21:16:19 +03:00