Commit graph

128 commits

Author SHA1 Message Date
Peter Jones
3f05d693d1 malloc: Use overflow checking primitives where we do complex allocations
This attempts to fix the places where we do the following where
arithmetic_expr may include unvalidated data:

  X = grub_malloc(arithmetic_expr);

It accomplishes this by doing the arithmetic ahead of time using grub_add(),
grub_sub(), grub_mul() and testing for overflow before proceeding.

Among other issues, this fixes:
  - allocation of integer overflow in grub_video_bitmap_create()
    reported by Chris Coulson,
  - allocation of integer overflow in grub_png_decode_image_header()
    reported by Chris Coulson,
  - allocation of integer overflow in grub_squash_read_symlink()
    reported by Chris Coulson,
  - allocation of integer overflow in grub_ext2_read_symlink()
    reported by Chris Coulson,
  - allocation of integer overflow in read_section_as_string()
    reported by Chris Coulson.

Fixes: CVE-2020-14309, CVE-2020-14310, CVE-2020-14311

Signed-off-by: Peter Jones <pjones@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2020-07-29 16:55:47 +02:00
Peter Jones
f725fa7cb2 calloc: Use calloc() at most places
This modifies most of the places we do some form of:

  X = malloc(Y * Z);

to use calloc(Y, Z) instead.

Among other issues, this fixes:
  - allocation of integer overflow in grub_png_decode_image_header()
    reported by Chris Coulson,
  - allocation of integer overflow in luks_recover_key()
    reported by Chris Coulson,
  - allocation of integer overflow in grub_lvm_detect()
    reported by Chris Coulson.

Fixes: CVE-2020-14308

Signed-off-by: Peter Jones <pjones@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2020-07-29 16:55:47 +02:00
Peter Jones
3e8c338bfa efi/gop: Add debug output on GOP probing
Add debug information to EFI GOP video driver probing function.

Signed-off-by: Peter Jones <pjones@redhat.com>
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2020-03-10 21:42:13 +01:00
Peter Jones
c73cda3495 efi/uga: Use video instead of fb as debug condition
All other video drivers use "video" as the debug condition instead of "fb"
so change this in the efi/uga driver to make it consistent with the others.

Signed-off-by: Peter Jones <pjones@redhat.com>
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2020-03-10 21:41:38 +01:00
Andrei Borzenkov
df5d96de42 efi/uga: Use 64 bit for fb_base
We get 64 bit from PCI BAR but then truncate by assigning to 32 bit.
Make sure to check that pointer does not overflow on 32 bit platform.

Closes: 50931

Signed-off-by: Andrei Borzenkov <arvidjaar@gmail.com>
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2020-03-10 21:40:40 +01:00
Alexander Graf
e642c95ab6 efi/gop: Add support for BLT_ONLY adapters
EFI GOP has support for multiple different bitness types of frame buffers
and for a special "BLT only" type which is always defined to be RGBx.

Because grub2 doesn't ever directly access the frame buffer but instead
only renders graphics via the BLT interface anyway, we can easily support
these adapters.

The reason this has come up now is the emerging support for virtio-gpu
in OVMF. That adapter does not have the notion of a memory mapped frame
buffer and thus is BLT only.

Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2020-03-10 21:40:31 +01:00
Mathieu Trudel-Lapierre
afd6ad4297 video: skip 'text' gfxpayload if not supported, to fallback to default
On UEFI, 'text' gfxpayload is not supported, but we still reach parse_modespec()
with it, which will obviously fail. Fortunately, whatever gfxpayload is set,
we still still have the 'auto' default to fall back to. Allow getting to this
fallback by not trying to parse 'text' as a modespec.

This is because 'text' correctly doesn't parse as a modespec, and ought to have
been ignored before we got to that point, just like it is immediately picked if
we're running on a system where 'text' is a supported video mode.

Bug: https://savannah.gnu.org/bugs/index.php?56217

Signed-off-by: Mathieu Trudel-Lapierre <mathieu.trudel-lapierre@canonical.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2019-05-20 13:00:44 +02:00
Vladimir Serbinenko
ca0a4f689a verifiers: File type for fine-grained signature-verification controlling
Let's provide file type info to the I/O layer. This way verifiers
framework and its users will be able to differentiate files and verify
only required ones.

This is preparatory patch.

Signed-off-by: Vladimir Serbinenko <phcoder@gmail.com>
Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com>
Reviewed-by: Ross Philipson <ross.philipson@oracle.com>
2018-11-09 13:25:31 +01:00
mike.travis@hpe.com
a537d65018 efi/uga: Fix PCIe LER when GRUB2 accesses non-enabled MMIO data from VGA
A GPU inserted into a PCIe I/O slot disappears during system startup.
The problem centers around GRUB and a specific VGA init function in
efi_uga.c. This causes an LER (Link Error Recorvery) because the MMIO
memory has not been enabled before attempting access.

The fix is to add the same coding used in other VGA drivers, specifically
to add a check to insure that it is indeed a VGA controller. And then
enable the MMIO address space with the specific bits.

Signed-off-by: Mike Travis <mike.travis@hpe.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2018-04-04 21:48:52 +02:00
Vladimir Serbinenko
461bfab7b7 coreboot: Split parts that are platform-independent.
We currently assume that coreboot is always i386, it's no longer the case,
so split i386-coreboot parts from generic coreboot code.
2017-05-08 19:10:24 +02:00
Andrei Borzenkov
4bd4a88725 i386, x86_64, ppc: fix switch fallthrough cases with GCC7
In util/getroot and efidisk slightly modify exitsing comment to mostly
retain it but still make GCC7 compliant with respect to fall through
annotation.

In grub-core/lib/xzembed/xz_dec_lzma2.c it adds same comments as
upstream.

In grub-core/tests/setjmp_tets.c declare functions as "noreturn" to
suppress GCC7 warning.

In grub-core/gnulib/regexec.c use new __attribute__, because existing
annotation is not recognized by GCC7 parser (which requires that comment
immediately precedes case statement).

Otherwise add FALLTHROUGH comment.

Closes: 50598
2017-04-04 19:23:55 +03:00
Vladimir Serbinenko
fb93c75bdd video_fb: Fix blue collor if using unoptimized blitter.
when unmapping the color what matters is the mode of source, not target.
2017-02-27 01:58:50 +00:00
Vladimir Serbinenko
7213c1e028 jpeg: Optimise by replacing division with shifts. 2015-02-26 21:27:32 +01:00
Vladimir Serbinenko
18125877ee png: Optimize by avoiding divisions. 2015-02-26 18:27:43 +01:00
Vladimir Serbinenko
f51218bc15 fbblit: Optimize by replacing division with additions and shifts. 2015-02-26 18:14:28 +01:00
Vladimir Serbinenko
dd4889f727 bitmap_scale: Optimize by moving division out of the loop. 2015-02-26 18:13:36 +01:00
Vladimir Serbinenko
9ee5ae1fae Document intentional fallthroughs.
Found by: Coverity scan.
2015-01-27 17:17:58 +01:00
Vladimir Serbinenko
c4fcfd8744 vbe: Fix incorrect register usage.
Found by: Coverity scan.
2015-01-26 09:53:39 +01:00
Vladimir Serbinenko
4816dcac19 * grub-core/video/readers/jpeg.c: Avoid division by zero. 2015-01-21 17:42:13 +01:00
Andrey Borzenkov
f371dd5da8 fix include loop on MinGW due to libintl.h pulling stdio.h
In file included from ./include/grub/dl.h:23:0,
                 from grub-core/lib/libgcrypt-grub/cipher/rfc2268.c:3:
./include/grub/list.h:34:18: warning: conflicting types for 'grub_list_push' [en
abled by default]
 void EXPORT_FUNC(grub_list_push) (grub_list_t *head, grub_list_t item);
                  ^
./include/grub/symbol.h:68:25: note: in definition of macro 'EXPORT_FUNC'
 # define EXPORT_FUNC(x) x
                         ^
In file included from ./include/grub/fs.h:30:0,
                 from ./include/grub/file.h:25,
                 from ./grub-core/lib/posix_wrap/stdio.h:23,
                 from c:\mingw\include\libintl.h:314,
                 from ./include/grub/i18n.h:33,
                 from ./include/grub/misc.h:27,
                 from ./include/grub/list.h:25,
                 from ./include/grub/dl.h:28,
                 from grub-core/lib/libgcrypt-grub/cipher/rfc2268.c:3:
./include/grub/partition.h:106:3: note: previous implicit declaration of 'grub_l
ist_push' was here
   grub_list_push (GRUB_AS_LIST_P (&grub_partition_map_list),
   ^
list.h needs just ATTRIBUTE_ERROR from misc.h; split compiler features
into separate file grub/compiler.h and include it instead.
2014-01-18 21:22:57 +04:00
Vladimir Serbinenko
72c9a50773 Remove xen VFB.
Due to XEN bug it prevents Linux boot. Remove it at least, until
	workaround is found.
2013-12-18 18:43:09 +01:00
Vladimir Serbinenko
184c61ddce Add Radeon Yeeloong 3A support. 2013-12-17 22:52:04 +01:00
Vladimir Serbinenko
71669c3b76 Implement XEN VFB support. 2013-12-17 13:07:26 +01:00
Vladimir Serbinenko
7e47e27bd8 Add gcc_struct to all packed structures when compiling with mingw.
Just "packed" doesn't always pack the way we expect.
2013-12-15 14:14:30 +01:00
Vladimir Serbinenko
1e4b358720 Add PCI command activation to all PCI drivers as required for coreboot
and maybe some other firmwares.
2013-11-26 14:21:11 +01:00
Vladimir Testov
4db2250000 * grub-core/gfxmenu/gui_box.c: Updated to work with area status.
* grub-core/gfxmenu/gui_canvas.c: Likewise.
        * grub-core/gfxmenu/view.c: Likewise.
        * grub-core/video/fb/video_fb.c: Introduce new functions:
        grub_video_set_area_status, grub_video_get_area_status,
        grub_video_set_region, grub_video_get_region.
        * grub-core/video/bochs.c: Likewise.
        * grub-core/video/capture.c: Likewise.
        * grub-core/video/video.c: Likewise.
        * grub-core/video/cirrus.c: Likewise.
        * grub-core/video/efi_gop.c: Likewise.
        * grub-core/video/efi_uga.c: Likewise.
        * grub-core/video/emu/sdl.c: Likewise.
        * grub-core/video/radeon_fuloong2e.c: Likewise.
        * grub-core/video/sis315pro.c: Likewise.
        * grub-core/video/sm712.c: Likewise.
        * grub-core/video/i386/pc/vbe.c: Likewise.
        * grub-core/video/i386/pc/vga.c: Likewise.
        * grub-core/video/ieee1275.c: Likewise.
        * grub-core/video/i386/coreboot/cbfb.c: Likewise.
        * include/grub/video.h: Likewise.
        * include/grub/video_fb.h: Likewise.
        * include/grub/fbfill.h: Updated render_target structure.
        grub_video_rect_t viewport, region, area
        int area_offset_x, area_offset_y, area_enabled
        * include/grub/gui.h: New helper function
        grub_video_bounds_inside_region.
        * docs/grub-dev.texi: Added information about new functions.
2013-11-08 15:42:38 +04:00
Vladimir Testov
339eacce1b * grub-core/video/fb/video_fb.c: Merge two blit functions
into one.
2013-11-05 21:46:16 +04:00
Vladimir Serbinenko
3fe63754d2 * grub-core/video/i386/pc/vga.c: Fix double bufferring and
add mode 0x12.
2013-11-05 02:41:50 +01:00
Vladimir Serbinenko
c1bee64676 Move cpuid code to cpuid.h and TSC code to tsc.c. 2013-10-26 23:39:10 +02:00
Vladimir Serbinenko
3523b8d8a7 * grub-core/video/bitmap_scale.c: Use unsigned arithmetics when
appropriate.
2013-10-25 21:39:00 +02:00
Vladimir Serbinenko
d43c64899d * grub-core/video/fb/fbblit.c: Use (255 ^ x) rather than (255 - x).
Use unsigned divisions rather than signed variants.
2013-10-25 21:35:44 +02:00
Vladimir Serbinenko
f690f8b030 * grub-core/video/readers/png.c (grub_png_convert_image): Use
unsigned arithmetics.
	Add missing break.
2013-10-25 20:36:39 +02:00
Vladimir Serbinenko
74ff2c0501 * grub-core/video/readers/jpeg.c: Use unsigned where appropriate. 2013-10-25 20:35:02 +02:00
Vladimir Serbinenko
af81ed880d * conf/Makefile.common (CPPFLAGS_KERNEL): Add -DGRUB_KERNEL=1.
* include/grub/dl.h (GRUB_MOD_INIT), (GRUB_MOD_FINI): Define
	functions when compiling for kernel.
2013-10-25 16:07:01 +02:00
Robert Millan
f70d5c0701 * grub-core/video/i386/pc/vbe.c (grub_video_vbe_setup): Replace
numeric constants with their symbolic equivalent.
	Taken from branch "vbe-on-coreboot".
2013-10-24 08:53:04 +02:00
Vladimir 'phcoder' Serbinenko
e44b9a8349 * grub-core/video/capture.c: Do not do finalization when .fini
is called as there is explicit capture_end.
2013-10-03 23:33:58 +02:00
Vladimir Testov
ebc1da55cd * grub-core/gfxmenu/theme_loader.c: New global options for the
theme background image handling. desktop-image-scale-method,
       desktop-image-h-align, desktop-image-v-align.
       * grub-core/gfxmenu/view.c: Likewise.
       * include/gfxmenu_view.h: Likewise.
       * include/bitmap_scale.h: Proportional scale functions introduced.
       * grub-core/video/bitmap_scale.c: Likewise. Verification checks are
       put in a separate functions. GRUB_ERR_BUG is set for grub_error in
       cases of unexpected input variables for scale functions.
       * docs/grub.texi: Updated documentation for new options.
2013-10-02 18:17:33 +04:00
Vladimir 'phcoder' Serbinenko
c573914389 * grub-core/video/readers/png.c: Support narrow (4-/2-/1-bpp) PNG. 2013-10-02 13:22:56 +02:00
Vladimir Testov
d999ac72e2 * grub-core/video/bitmap_scale.c (scale_bilinear): Increased precision
to eliminate artefacts in bilinear interpolation.
2013-10-01 16:34:04 +04:00
Vladimir 'phcoder' Serbinenko
2b131610d0 * grub-core/video/readers/tga.c: Support paletted tga. 2013-09-28 19:22:20 +02:00
Vladimir 'phcoder' Serbinenko
de6e5ff89b * grub-core/video/readers/jpeg.c (grub_jpeg_decode_data): Remove
incorrect cbcr setting when in color mode.
2013-09-28 03:06:04 +02:00
Vladimir 'phcoder' Serbinenko
fa31ee9c2c * grub-core/video/readers/png.c: Support paletted images and clean up
greyscale support.
2013-09-28 03:04:34 +02:00
Vladimir 'phcoder' Serbinenko
d72bff0997 * grub-core/video/readers/png.c (grub_png_decode_image_header):
Fix formula for computing total number of bytes.
2013-09-27 21:51:52 +02:00
Vladimir 'phcoder' Serbinenko
29648c5d84 * grub-core/video/readers/tga.c: Reorganize to separate RLE and
image processing, fix big-endian and support grayscale.
2013-09-27 21:49:08 +02:00
Vladimir 'phcoder' Serbinenko
4a87649207 * grub-core/video/fb/video_fb.c (grub_video_fb_create_render_target):
Correctly will with maximum transparency when using index color.
2013-09-27 21:44:03 +02:00
Vladimir 'phcoder' Serbinenko
3ccf16dff9 * grub-core/video/readers/png.c: Support grayscale 2013-09-27 12:04:09 +02:00
Vladimir 'phcoder' Serbinenko
e9c492a02e * grub-core/video/readers/jpeg.c: Support grayscale. 2013-09-27 11:13:36 +02:00
Vladimir 'phcoder' Serbinenko
621bed6990 * grub-core/video/efi_gop.c (grub_video_gop_setup): Fix a typo which
desactivated use of EDID at all.
2013-09-23 13:40:07 +02:00
Vladimir 'phcoder' Serbinenko
fc4c4fddf6 Detach optional parts of gfxterm and integrate in with coreboot init. 2013-05-31 00:42:33 +02:00
Vladimir 'phcoder' Serbinenko
6570b2050e Move blit and fill dispatcher to appropriate files to decrease export
and relocation overhead.
2013-05-30 22:06:28 +02:00