Commit graph

3903 commits

Author SHA1 Message Date
Andrei Borzenkov
892dfbe113 efi: strip off final NULL from File Path in grub_efi_get_filename
UEFI 2.6 9.3.6.4 File Path Media Device Path says that Path Name is
"A NULL-terminated Path string including directory and file names".

Strip final NULL from Path Name in each File Path node when constructing
full path. To be on safe side, strip all of them.

Fixes failure chainloading grub from grub, when loaded grub truncates
image path and does not find its grub.cfg.

https://bugzilla.opensuse.org/show_bug.cgi?id=1026344

This was triggered by commit ce95549cc54b5d6f494608a7c390dba3aab4fba7;
before it we built Path Name without trailing NULL, and apparently all
other bootloaders use single File Path node, thus not exposing this bug.
2017-02-25 08:39:38 +03:00
Andrei Borzenkov
951306c509 squash4: fix handling of fragments and sparse files
1. Do not assume block list and fragment are mutually exclusive. Squash
can pack file tail as fragment (unless -no-fragments is specified); so
check read offset and read either from block list or from fragments as
appropriate.

2. Support sparse files with zero blocks.

3. Fix fragment read - frag.offset is absolute fragment position,
not offset relative to ino.chunk.

Reported and tested by Carlo Caione <carlo@endlessm.com>
2017-02-24 19:10:43 +03:00
Andrei Borzenkov
2fb8cd26a9 script: fix double free in lexer
yylex_destroy() already frees scanner.

Found by: Coverity scan.
CID: 176636
2017-02-12 09:23:34 +03:00
Vladimir Serbinenko
529818738f xen: Fix parsing of XZ kernel.
In case of xz, the uncompressed size is appended to xz data which confuses
our xz decompressor. Trim it.
2017-02-07 13:25:38 +01:00
Vladimir Serbinenko
8a96fc4093 xen: Fix handling of GRUB chainloading.
In case of GRUB we put remapper after domain pages and not at 0x0.
In this case we use max_addr to put remapper. Unfortunately we increment
max_addr as well in this case resulting in virt mapping mapping page
at old max_addr and trying to boot using new max_addr.

Closes 46014.
2017-02-07 00:42:43 +01:00
Vladimir Serbinenko
ec4aca088a Fix truncated checksum.h. 2017-02-03 20:17:48 +01:00
Vladimir Serbinenko
fcb1528d93 Regenerate checksums.h
Screenshots contain version, so we need new checksums.
2017-02-03 13:44:56 +01:00
Vladimir Serbinenko
c96cfac167 Fix mingw compilation. 2017-02-03 13:01:34 +01:00
Daniel Kiper
4e5414b2a1 i386/relocator: Align stack in grub_relocator64_efi relocator
Unified Extensible Firmware Interface Specification, Version 2.6,
section 2.3.4, x64 Platforms, boot services, says among others:
The stack must be 16-byte aligned. So, do it. Otherwise OS may
boot only by chance as it happens right now.

Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com>
2017-02-02 22:24:47 +01:00
Vladimir Serbinenko
42e24b6006 Fix thumb compilation with clang.
According to EABI only STT_FUNC has convention of lowest bit indicating
execution mode. R_THM_{JUMP,CALL}* relocations are assumed to be pointing
to thumb mode unless they use STT_FUNC.
2017-02-02 00:59:49 +01:00
Vladimir Serbinenko
08438d783f Add missing strtoull_test.c
It was forgotten in my local directory.
2017-02-01 21:50:17 +01:00
Vladimir Serbinenko
34fe0b5901 arm64: Add support for GOT and PCREL32 relocations. 2017-02-01 21:46:19 +01:00
Vladimir Serbinenko
ea20dd2b22 ia64: Fix iterator for relocation entries.
Don't assume relocation entry size and use sh_entsize properly.
2017-02-01 20:10:26 +01:00
Vladimir Serbinenko
3d173955f0 arm: Fix trampoline generation.
We used the wrong pointer in this case. It worked only by accident.
2017-02-01 15:58:36 +01:00
Vladimir Serbinenko
0704e83a1b Regenerate checksum.h.
Screenshots checked.
Using unifont from http://ftp.us.debian.org/debian/pool/main/u/unifont/xfonts-unifont_7.0.06-1_all.deb.
2017-01-31 22:36:11 +01:00
Vladimir Serbinenko
0fd9fa565b charset: Trim away RLM and LRM.
They are not visible but would otherwise end up as [LRM] or [RLM] squares
with some fonts.
2017-01-31 19:29:31 +01:00
Vladimir Serbinenko
6f5aa28bc2 gfxterm: Fix clearing of cursor.
If ascent is bigger than height - 2, then we draw over character box but then
to clear cursor we only draw over character box. So trim ascent if necessarry.
2017-01-31 18:49:37 +01:00
Vladimir Serbinenko
a134ef1ab9 ia64: Add support for R_IA64_GPREL64I.
Recent GCC generates those relocations, so we need to support them.
2017-01-31 12:39:01 +01:00
Vladimir Serbinenko
6371e9c104 grub-module-verifier: Ignore all_video emptiness on xen.
It's intentional that it's empty when no video modules
are available.
2017-01-30 00:13:41 +00:00
Carlo Caione
a0413e2677 exfat: Support files over 4GiB
file size in grub_fat_data was 32-bit on exfat.
2017-01-27 22:10:21 +00:00
Vladimir Serbinenko
43dbf83aa2 Ensure that grub_reboot doesn't return on emu.
Use grub_fatal if longjmp fails.

grub_reboot is marked as noreturn so return would cause
a crash.
2017-01-27 20:10:23 +00:00
Geoff Levand
dc2eaa5855 loader: Add arm64 verity
Signed-off-by: Geoff Levand <geoff@infradead.org>
2017-01-25 14:54:46 -08:00
Geoff Levand
57fca7d1a3 loader: Move verity-hash.h to include
Signed-off-by: Geoff Levand <geoff@infradead.org>
2017-01-25 14:54:46 -08:00
Andrei Borzenkov
a2932fbe8a osdep/linux: handle autofs entries in /proc/self/mountinfo
These entries have placeholder for device name and so are useless for our
purpose. grub failed with something like

grub-install: error: failed to get canonical path of `systemd-1'.

When we see autofs entry, record it (to keep parent-child relationship) but
continue to look for real mount. If it is found, we process it as usual. If
only autofs entry exists, attempt to trigger mount by opening mount point
and retry. Mount point itself is then kept open to avoid timeout.

Recent systemd is by default using automount for /boot/efi so this should
become more popular problem on EFI systems.

Closes: 49942
2017-01-24 20:05:19 +03:00
David Michael
e576eb0cbc Merge remote-tracking branch 'upstream/master' 2017-01-23 14:02:45 -08:00
Andrei Borzenkov
972765fe82 linux: fix "vga=XX deprecated" warning for text mode
Arguments were in reverse order which resulted in

text is deprecated. Use set gfxpayload=vga=0 before linux command instead.
2017-01-08 15:52:49 +03:00
Michael Chang
562c406763 Fix fwpath in efi netboot
The path returned by grub_efi_net_config has already been stripped for the
directory part extracted from cached bootp packet. We should just return the
result to avoild it be stripped again.

It fixed the problem that grub.efi as NBP image always looking for grub.cfg and
platform directory in upper folder rather than current one it gets loaded while
$prefix is empty. The behavior is inconsistent with other architecture and how
we would expect empty $prefix going to be in general.

The only exception to the general rule of empty $prefix is that when loaded
from platform directory itself, the platform part is stripped thus upper folder
is used for looking up files. It meets the case for how grub-mknetdir lay out
the files under tftp root directory, but also hide away this issue to be
identified as it appears to be just works.

Also fix possible memory leak by moving grub_efi_get_filename() call after
grub_efi_net_config().
2016-12-22 22:37:32 +03:00
Andrei Borzenkov
ce95549cc5 efi: properly terminate filepath with NULL in chainloader
EFI File Path Media Device Path is defined as NULL terminated string;
but chainloader built file paths without final NULL. This caused error
with Secure Boot and Linux Foundation PreLoader on Acer with InsydeH20 BIOS.
Apparently firmware failed verification with EFI_INVALID_PARAMETER which is
considered fatal error by PreLoader.

Reported and tested by Giovanni Santini <itachi.sama.amaterasu@gmail.com>
2016-12-15 16:07:00 +03:00
Stanislav Kholmanskikh
130234bc78 ofnet: implement the receive buffer
get_card_packet() from ofnet.c allocates a netbuff based on the device's MTU:

 nb = grub_netbuff_alloc (dev->mtu + 64 + 2);

In the case when the MTU is large, and the received packet is
relatively small, this leads to allocation of significantly more memory,
than it's required. An example could be transmission of TFTP packets
with 0x400 blksize via a network card with 0x10000 MTU.

This patch implements a per-card receive buffer in a way similar to efinet.c,
and makes get_card_packet() allocate a netbuff of the received data size.

Signed-off-by: Stanislav Kholmanskikh <stanislav.kholmanskikh@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2016-12-14 14:13:34 +01:00
Stanislav Kholmanskikh
7b4c54c4ad ofnet: move the allocation of the transmit buffer into a function
In the current code search_net_devices() uses the "alloc-mem" command
from the IEEE1275 User Interface for allocation of the transmit buffer
for the case when GRUB_IEEE1275_FLAG_VIRT_TO_REAL_BROKEN is set.

I don't have hardware where this flag is set to verify if this
workaround is still needed. However, further changes to ofnet will
require to execute this workaround one more time. Therefore, to
avoid possible duplication of code I'm moving this piece of
code into a function.

Signed-off-by: Stanislav Kholmanskikh <stanislav.kholmanskikh@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2016-12-14 14:13:34 +01:00
Alexander Graf
0d2345774d efi: Move fdt helper into own file
We only support FDT files with EFI on arm and arm64 systems, not
on x86. So move the helper that finds a prepopulated FDT UUID
into its own file and only build it for architectures where it
also gets called.

Signed-off-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2016-11-24 10:09:24 +01:00
Andrei Borzenkov
f8c3af3b61 bootp: export next server IP as environment variable
Network boot autoconfiguration sets default server to next server IP
(siaddr) from BOOTP/DHCP reply, but manual configuration using net_bootp
exports only server name. Unfortunately semantic of server name is not
clearly defined. BOOTP RFC 951 defines it only for client request, and
DHCP RFC 1541 only mentions it, without any implied usage. It looks like
this field is mostly empty in server replies.

Export next server IP as net_<interface>_next_server variable. This allows
grub configuration script to set $root/$prefix based on information obtained
by net_bootp.

Reported and tested by: Nikunj A Dadhania <nikunj@linux.vnet.ibm.com>
Cc: nikunj@linux.vnet.ibm.com

v2: change variable name to net_<interface>_next_server as discussed on the list
2016-11-22 20:43:04 +03:00
Alexander Graf
fbca374105 arm64: Move firmware fdt search into global function
Searching for a device tree that EFI passes to us via configuration tables
is nothing architecture specific. Move it into generic code.

Signed-off-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2016-11-10 13:20:56 +01:00
Corey Hickey
5f311e86d2 fix detection of non-LUKS CRYPT
grub_util_get_dm_abstraction() does a string comparison of insufficient
length. When using a UUID such as "CRYPT-PLAIN-sda6_crypt", the function
returns GRUB_DEV_ABSTRACTION_LUKS.

This results in the error:
    ./grub-probe: error: disk `cryptouuid/sda6_crypt' not found.

This appears to be a copy/paste error introduced in:
a10e7a5a89

The bug was (apparently) latent until revealed by:
3bca85b418

Signed-off-by: Corey Hickey <bugfood-c@fatooh.org>
2016-11-05 15:28:50 +03:00
Juergen Gross
0de3eeb623 xen: add capability to load p2m list outside of kernel mapping
Modern pvops linux kernels support a p2m list not covered by the
kernel mapping. This capability is flagged by an elf-note specifying
the virtual address the kernel is expecting the p2m list to be mapped
to.

In case the elf-note is set by the kernel don't place the p2m list
into the kernel mapping, but map it to the given address. This will
allow to support domains with larger memory, as the kernel mapping is
limited to 2GB and a domain with huge memory in the TB range will have
a p2m list larger than this.

Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2016-10-27 16:22:06 +02:00
Juergen Gross
b67a95ecad xen: modify page table construction
Modify the page table construction to allow multiple virtual regions
to be mapped. This is done as preparation for removing the p2m list
from the initial kernel mapping in order to support huge pv domains.

This allows a cleaner approach for mapping the relocator page by
using this capability.

The interface to the assembler level of the relocator has to be changed
in order to be able to process multiple page table areas.

Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2016-10-27 16:22:06 +02:00
Juergen Gross
5500cefccd xen: add capability to load initrd outside of initial mapping
Modern pvops linux kernels support an initrd not covered by the initial
mapping. This capability is flagged by an elf-note.

In case the elf-note is set by the kernel don't place the initrd into
the initial mapping. This will allow to load larger initrds and/or
support domains with larger memory, as the initial mapping is limited
to 2GB and it is containing the p2m list.

Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2016-10-27 16:22:06 +02:00
Juergen Gross
d73976fdff xen: factor out allocation of page tables into separate function
Do the allocation of page tables in a separate function. This will
allow to do the allocation at different times of the boot preparations
depending on the features the kernel is supporting.

Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2016-10-27 16:22:06 +02:00
Juergen Gross
1fbb2b4b39 xen: factor out allocation of special pages into separate function
Do the allocation of special pages (start info, console and xenbus
ring buffers) in a separate function. This will allow to do the
allocation at different times of the boot preparations depending on
the features the kernel is supporting.

Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2016-10-27 16:22:06 +02:00
Juergen Gross
c221ea06b5 xen: factor out p2m list allocation into separate function
Do the p2m list allocation of the to be loaded kernel in a separate
function. This will allow doing the p2m list allocation at different
times of the boot preparations depending on the features the kernel
is supporting.

While at this remove superfluous setting of first_p2m_pfn and
nr_p2m_frames as those are needed only in case of the p2m list not
being mapped by the initial kernel mapping.

Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2016-10-27 16:22:06 +02:00
Juergen Gross
7e5fcb0b34 xen: add elfnote.h to avoid using numbers instead of constants
Various features and parameters of a pv-kernel are specified via
elf notes in the kernel image. Those notes are part of the interface
between the Xen hypervisor and the kernel.

Instead of using num,bers in the code when interpreting the elf notes
make use of the header supplied by Xen for that purpose.

Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2016-10-27 16:21:25 +02:00
Juergen Gross
6ae55ce103 xen: reduce number of global variables in xen loader
The loader for xen paravirtualized environment is using lots of global
variables. Reduce the number by making them either local or by putting
them into a single state structure.

Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2016-10-27 16:17:15 +02:00
Juergen Gross
c69d1858f1 xen: avoid memleaks on error
When loading a Xen pv-kernel avoid memory leaks in case of errors.

Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2016-10-27 16:17:15 +02:00
Juergen Gross
4231927e44 xen: make xen loader callable multiple times
The loader for xen paravirtualized environment isn't callable multiple
times as it won't free any memory in case of failure.

Call grub_relocator_unload() as other modules do it before allocating
a new relocator or when unloading the module.

Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2016-10-27 16:16:54 +02:00
Daniel Kiper
a620876e3b multiboot2: Add support for relocatable images
Currently multiboot2 protocol loads image exactly at address specified in
ELF or multiboot2 header. This solution works quite well on legacy BIOS
platforms. It is possible because memory regions are placed at predictable
addresses (though I was not able to find any spec which says that it is
strong requirement, so, it looks that it is just a goodwill of hardware
designers). However, EFI platforms are more volatile. Even if required
memory regions live at specific addresses then they are sometimes simply
not free (e.g. used by boot/runtime services on Dell PowerEdge R820 and
OVMF). This means that you are not able to just set up final image
destination on build time. You have to provide method to relocate image
contents to real load address which is usually different than load address
specified in ELF and multiboot2 headers.

This patch provides all needed machinery to do self relocation in image code.
First of all GRUB2 reads min_addr (min. load addr), max_addr (max. load addr),
align (required image alignment), preference (it says which memory regions are
preferred by image, e.g. none, low, high) from multiboot_header_tag_relocatable
header tag contained in binary (at this stage load addresses from multiboot2
and/or ELF headers are ignored). Later loader tries to fulfill request (not only
that one) and if it succeeds then it informs image about real load address via
multiboot_tag_load_base_addr tag. At this stage GRUB2 role is finished. Starting
from now executable must cope with relocations itself using whole static and
dynamic knowledge provided by boot loader.

This patch does not provide functionality which could do relocations using
ELF relocation data. However, I was asked by Konrad Rzeszutek Wilk and Vladimir
'phcoder' Serbinenko to investigate that thing. It looks that relevant machinery
could be added to existing code (including this patch) without huge effort.
Additionally, ELF relocation could live in parallel with self relocation provided
by this patch. However, during research I realized that first of all we should
establish the details how ELF relocatable image should look like and how it should
be build. At least to build proper test/example files.

So, this patch just provides support for self relocatable images. If ELF file
with relocs is loaded then GRUB2 complains loudly and ignores it. Support for
such files will be added later.

This patch was tested with Xen image which uses that functionality. However, this Xen
feature is still under development and new patchset will be released in about 2-3 weeks.

Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com>
Reviewed-by: Vladimir Serbinenko <phcoder@gmail.com>
2016-10-27 15:55:16 +02:00
Daniel Kiper
f2b6c20a25 multiboot2: Do not pass memory maps to image if EFI boot services are enabled
If image requested EFI boot services then skip multiboot2 memory maps.
Main reason for not providing maps is because they will likely be
invalid. We do a few allocations after filling them, e.g. for relocator
needs. Usually we do not care as we would have finished boot services.
If we keep boot services then it is easier/safer to not provide maps.
However, if image needs memory maps and they are not provided by bootloader
then it should get itself just before ExitBootServices() call.

Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com>
Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Reviewed-by: Vladimir Serbinenko <phcoder@gmail.com>
2016-10-27 15:55:00 +02:00
Daniel Kiper
ba89c19f49 multiboot2: Add tags used to pass ImageHandle to loaded image
Add tags used to pass ImageHandle to loaded image if requested.
It is used by at least ExitBootServices() function.

Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com>
Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Reviewed-by: Vladimir Serbinenko <phcoder@gmail.com>
2016-10-27 15:54:46 +02:00
Daniel Kiper
9862b24121 i386/relocator: Add grub_relocator64_efi relocator
Add grub_relocator64_efi relocator. It will be used on EFI 64-bit platforms
when multiboot2 compatible image requests MULTIBOOT_TAG_TYPE_EFI_BS. Relocator
will set lower parts of %rax and %rbx accordingly to multiboot2 specification.
On the other hand processor mode, just before jumping into loaded image, will
be set accordingly to Unified Extensible Firmware Interface Specification,
Version 2.4 Errata B, section 2.3.4, x64 Platforms, boot services. This way
loaded image will be able to use EFI boot services without any issues.

Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com>
Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Reviewed-by: Vladimir Serbinenko <phcoder@gmail.com>
2016-10-27 15:53:43 +02:00
Michael Marineau
bcd7fb9fd2 loader: add support for passing verity hash to xen kernels
This only supports DomU Linux bzImage, ignoring bare ELF images and
Dom0 Xen+Linux but those cases are not applicable to us on CoreOS.
2016-10-19 15:18:06 -07:00
Michael Marineau
dab6a0f0c3 loader: validate cmdline string length before appending verity arg 2016-10-19 14:12:55 -07:00
Sakar Arora
e563928ba4 net/ip: Fix limit_time calculation in freeing old fragments
limit_time underflows when current time is less than 90000ms.
This causes packet fragments received during this time, i.e.,
till 90000ms pass since timer init, to be rejected.

Hence, set it to 0 if its less than 90000.

Signed-off-by: Sakar Arora <Sakar.Arora@nxp.com>
2016-10-18 20:26:42 +03:00
Matthew Garrett
bf25cda14e Make TPM errors less fatal
Handle TPM errors, and stop trying to use the TPM once we hit one.
2016-10-13 14:01:52 -07:00
Michael Marineau
44f54cbf43 gpt: write backup GPT first, skip if inaccessible.
Writing the primary GPT before the backup may lead to a confusing
situation: booting a freshly updated system could consistently fail and
next boot will fall back to the old system if writing the primary works
but writing the backup fails. If the backup is written first and fails
the primary is left in the old state so the next boot will re-try and
possibly fail in the exact same way. Making that repeatable should make
it easier for users to identify the error.

Additionally if the firmware and OS disagree on the disk size, making
the backup inaccessible to GRUB, then just skip writing the backup.
When this happens the automatic call to `coreos-setgoodroot` after boot
will take care of repairing the backup.
2016-09-23 12:25:53 -07:00
Michael Marineau
e4d25afd18 gpt: prefer disk size from header over firmware
The firmware and the OS may disagree on the disk configuration and size.
Although such a setup should be avoided users are unlikely to know about
the problem, assuming everything behaves like the OS. Tolerate this as
best we can and trust the reported on-disk location over the firmware
when looking for the backup GPT. If the location is inaccessible report
the error as best we can and move on.
2016-09-23 12:25:53 -07:00
Michael Marineau
8f7045ee19 gpt: rename and update documentation for grub_gpt_update
The function now does more than just recompute checksums so give it a
more general name to reflect that.
2016-09-22 11:58:44 -07:00
Michael Marineau
7cd866bd2d gpt: report all revalidation errors
Before returning an error that the primary or backup GPT is invalid push
the existing error onto the stack so the user will be told what is bad.
2016-09-22 11:57:29 -07:00
Michael Marineau
5342b880f4 gpt: read entries table at the same time as the header
I personally think this reads easier. Also has the side effect of
directly comparing the primary and backup tables instead of presuming
they are equal if the crc32 matches.
2016-09-21 16:34:36 -07:00
Michael Marineau
f24685b22e gpt: include backup-in-sync check in revalidation 2016-09-21 16:34:36 -07:00
Michael Marineau
d2f9096444 gpt: always revalidate when recomputing checksums
This ensures all code modifying GPT data include the same sanity check
that repair does. If revalidation fails the status flags are left in the
appropriate state.
2016-09-21 16:34:36 -07:00
Michael Marineau
427fdc58e1 gpt: selectively update fields during repair
Just a little cleanup/refactor to skip touching data we don't need to.
2016-09-21 16:34:36 -07:00
Michael Marineau
1f5d29420c gpt: be more careful about relocating backup header
The header was being relocated without checking the new location is
actually safe. If the BIOS thinks the disk is smaller than the OS then
repair may relocate the header into allocated space, failing the final
validation check. So only move it if the disk has grown.

Additionally, if the backup is valid then we can assume its current
location is good enough and leave it as-is.
2016-09-21 16:34:36 -07:00
Michael Marineau
de8d29ef89 gpt: check header and entries status bits together
Use the new status function which checks *_HEADER_VALID and
*_ENTRIES_VALID bits together. It doesn't make sense for the header and
entries bits to mismatch so don't allow for it.
2016-09-21 13:50:06 -07:00
Michael Marineau
f4e09602dc gpt: allow repair function to noop
Simplifies usage a little.
2016-09-21 13:12:31 -07:00
Michael Marineau
3dda6a863a gpt: use inline functions for checking status bits
This should prevent bugs like 6078f836 and 4268f3da.
2016-09-21 13:12:03 -07:00
Michael Marineau
4268f3da52 gptrepair: fix status checking
None of these status bit checks were correct. Fix and simplify.
2016-09-20 13:29:07 -07:00
Vito Caputo
92b5bd1ce3 gpt: add helper for picking a valid header
Eliminate some repetition in primary vs. backup header acquisition.
2016-09-02 17:04:13 -07:00
Michael Marineau
bf127238ee gpt: fix partition table indexing and validation
Portions of the code attempted to handle the fact that GPT entries on
disk may be larger than the currently defined struct while others
assumed the data could be indexed by the struct size directly. This
never came up because no utility uses a size larger than 128 bytes but
for the sake of safety we need to do this by the spec.
2016-09-02 17:04:13 -07:00
Michael Marineau
87dfbf34c4 Merge pull request #33 from marineam/repair-corruption
Fix gptprio to properly detect and repair corruption
2016-08-22 19:40:21 -07:00
Michael Marineau
b2ca30d335 fix checking alternate_lba 2016-08-22 18:30:56 -07:00
Michael Marineau
c68fcd3b1a gpt: refuse to write to sector 0 2016-08-22 17:51:48 -07:00
Michael Marineau
8278022a0b gpt: improve validation of GPT headers
Adds basic validation of all the disk locations in the headers, reducing
the chance of corrupting weird locations on disk.
2016-08-22 17:51:48 -07:00
Michael Marineau
6078f83638 gpt: properly detect and repair invalid tables
GPT_BOTH_VALID is 4 bits so simple a boolean check is not sufficient.
This broken condition allowed gptprio to trust bogus disk locations in
headers that were marked invalid causing arbitrary disk corruption.
2016-08-22 17:33:17 -07:00
Michael Marineau
c2f5fde6ab gpt: add verbose debug logging 2016-08-22 13:02:29 -07:00
Michael Marineau
d38d2d0fb1 biosdisk: add verbose debug logging 2016-08-22 13:02:29 -07:00
Michael Marineau
9a8cd5a16a fwconfig: fix unused argument warning 2016-08-20 17:54:47 -07:00
Pete Batard
4e0f8f66e3 Add missing va_end() to xasprintf() in grub-emu. 2016-08-13 16:36:01 +03:00
Andrei Borzenkov
c831d2073b at_keyboard: fix numpad "0" and "." mapping
Reported for set 1 by fgndevelop <fgndevelop@posteo.org>. Apparently
set 2 was reversed too.
2016-07-27 08:33:12 +03:00
Andrei Borzenkov
52408aa946 dns: fix buffer overflow for data->addresses in recv_hook
We may get more than one response before exiting out of loop in
grub_net_dns_lookup, but buffer was allocated for the first response only,
so storing answers from subsequent replies wrote past allocated size.
We never really use more than the very first address during lookup so there
is little point in collecting all of them. Just quit early if we already have
some reply.

Code needs serious redesign to actually collect multiple answers
and select the best fit according to requested type (IPv4 or IPv6).

Reported and tested by Michael Chang <mchang@suse.com>
2016-07-26 20:38:58 +03:00
Andrei Borzenkov
58590cb2ef xfs: accept filesystem with meta_uuid
XFS V5 stores UUID in metadata and compares them with superblock UUID.
To allow changing of user-visible UUID it stores original value in new
superblock field (meta_uuid) and sets incompatible flag to indicate that
new field must be used to verify metadata. Our driver currently does not
check metadata UUID so simply accept such filesystem.

Reported-By: Marcos Mello <marcosfrm@outlook.com>
Reviewd by Jan Kara <jack@suse.cz>
2016-07-26 20:29:26 +03:00
Michael Marineau
2ff7bd91eb Merge pull request #29 from marineam/big-bad-disk
gpt: do not use disk sizes GRUB will reject as invalid later on
2016-07-25 16:05:48 -07:00
Michael Marineau
a8ad608425 gpt: do not use disk sizes GRUB will reject as invalid later on
GRUB assumes that no disk is ever larger than 1EiB and rejects
reads/writes to such locations. Unfortunately this is not conveyed in
the usual way with the special GRUB_DISK_SIZE_UNKNOWN value.
2016-07-25 15:35:01 -07:00
Nick Owens
fbf65674a4 net: add client arch and fix user class/terminator
send client arch in bootp requests, for now BIOS and x64/aarch64 EFI is
supported.

fix a bug introduced in 4d5d7be005 where
user class was encoded improperly, although this didn't seem to have any
detrimental effects.

properly insert an option terminator.
2016-07-08 15:39:04 -07:00
Nick Owens
5470929309 set cmddevice when cmdpath is set 2016-06-01 13:55:45 -07:00
Andrei Borzenkov
b524fa27f5 net: translate pxe prefix to tftp when checking for self-load
Commit ba218c1 missed legacy pxe and pxe: prefixes which are
translated to tftp, so comparison failed.
2016-05-03 19:23:31 +03:00
Andrei Borzenkov
e045af148a net: reset net->stall in grub_net_seek_real
If we open new connection, we need to reset stall indication, otherwise
nothing will ever be polled (low level code rely on this field being
zero when establishing connection).
2016-04-30 09:15:36 +03:00
Stefan Fritsch
13f7ead3a1 http: reset EOF indication in http_seek
Otherwise next read will stop polling too early due to stale EOF
indicator, returning incomplete data to caller.
2016-04-30 09:13:34 +03:00
Mike Gilbert
7a5b301e3a build: Use AC_HEADER_MAJOR to find device macros
Depending on the OS/libc, device macros are defined in different
headers. This change ensures we include the right one.

sys/types.h - BSD
sys/mkdev.h - Sun
sys/sysmacros.h - glibc (Linux)

glibc currently pulls sys/sysmacros.h into sys/types.h, but this may
change in a future release.

https://sourceware.org/ml/libc-alpha/2015-11/msg00253.html
2016-04-24 08:12:42 +03:00
Nick Owens
70b45a45b9 grub-core: enable getenv for all efi targets 2016-04-14 14:47:39 -07:00
Michael Chang
abf9beb7d6 http: fix superfluous null line in range request header
At least the apache sever is very unhappy with that extra null line and will
take more than ten seconds in responding to each range request, which slows
down a lot the entire http file transfer process or even time out.
2016-04-09 07:08:13 +03:00
Matthew Garrett
aab446306b Fix event log prefix
We're not passing the prefixed version of the description to the event log.
Fix that.
2016-03-29 15:36:49 -07:00
Matthew Garrett
954fd730ca Allow protocol to be separated from host with a semicolon
Some DHCP servers (such as dnsmasq) tokenise parameters with commas, making
it impossible to pass boot files with commas in them. Allow using a semicolon
to separate the protocol from host if a comma wasn't found.
2016-03-24 13:47:19 -07:00
Matthew Garrett
75b4826d15 Tag the bootp request as a DHCP discover 2016-03-24 13:46:54 -07:00
Matthew Garrett
ec0051a569 Don't allocate a new address buffer if we receive multiple responses
The current logic in the DNS resolution code allocates an address buffer
based on the number of addresses in the response packet. If we receive
multiple response packets in response to a single query packet, this means
that we will reallocate a new buffer large enough for only the addresses in
that specific packet, discarding any previous results in the process. Worse,
we still keep track of the *total* number of addresses resolved in response
to this query, not merely the number in the packet being currently processed.
Use realloc() rather than malloc() to avoid overwriting the existing data,
and allocate a buffer large enough for the total set of addresses rather
than merely the number in this specific response.
2016-03-24 13:46:42 -07:00
Matthew Garrett
bb3473d7c8 Rework TPM measurements
Rework TPM measurements to use fewer PCRs. After discussion with upstream,
it's preferable to avoid using so many PCRs. Instead, measure into PCRs 8
and 9 but use a prefix in the event log to indicate which subsystem carried
out the measurements.
2016-03-23 17:03:43 -07:00
Matthew Garrett
c2eee36ec0 Fix boot when there's no TPM
If the firmware has TPM support but has no TPM, we're jumping to core.img
without popping the registers back onto the stack. Fix that.
2016-03-23 17:02:52 -07:00
Andrei Borzenkov
6714d7ecff bootp: check that interface is not NULL in configure_by_dhcp_ack
grub_net_add_addr may fail with OOM and we use returned interface
later without any checks.
2016-03-20 10:32:33 +03:00
Andrei Borzenkov
5b8ddf6e03 bootp: fix memory leak in grub_cmd_dhcpopt 2016-03-19 09:39:30 +03:00
Aaron Luft
76eac44af3 Remove the variable oldname which is attempting to free stack space.
Historically this variable hold previous value of filename that
had to be freed if allocated previously. Currently this branch
is entered only if filename was not allocated previously so it
became redundant. It did not cause real problems because grub_free
was not called, but code is confusing and causes compilation error
in some cases.
2016-03-15 22:04:38 +03:00
Michael Chang
15aee573d2 xen_file: Fix invalid payload size 2016-03-11 10:26:51 +01:00
Leif Lindholm
51f375d688 efidisk: Respect block_io_protocol buffer alignment
Returned from the OpenProtocol operation, the grub_efi_block_io_media
structure contains the io_align field, specifying the minimum alignment
required for buffers used in any data transfers with the device.

Make grub_efidisk_readwrite() allocate a temporary buffer, aligned to
this boundary, if the buffer passed to it does not already meet the
requirements.

Also sanity check the io_align field in grub_efidisk_open() for
power-of-two-ness and bail if invalid.
2016-02-27 13:44:59 +01:00
Vladimir Serbinenko
ca028db3d4 usbtrans: Fix memory coherence and use-after-free. 2016-02-27 13:40:52 +01:00
Vladimir Serbinenko
0f076d75d0 ehci: Fix memory coherence
This is a no-op on x86 but necessarry on ARM and may be necessarry on MIPS.
2016-02-27 13:40:52 +01:00
Vladimir Serbinenko
86ef66d977 arm-uboot: Make self-relocatable to allow loading at any address 2016-02-27 13:40:52 +01:00
Vladimir Serbinenko
2ebef43cf6 bsd: Ensure that kernel is loaded before loading module.
kernel_type may be set to the type of failed kernel. This patching-up is
easier than to reflow kernel loading routines.
2016-02-27 13:35:36 +01:00
Vladimir Serbinenko
8c26dace6f cat: Don't switch terminal mode when there is nothing to highlight.
This just pollutes serial console.
2016-02-27 13:35:36 +01:00
Andrei Borzenkov
109189ce01 efidisk: fix misplaced parenthesis in b00e4c2 2016-02-27 15:16:48 +03:00
Andrei Borzenkov
b00e4c2bd9 efidisk: prevent errors from diskfilter scan of removable drives
Map EFI_NO_MEDIA to GRUB_ERR_OUT_OF_RANGE that is ignored by diskfilter. This
actually matches pretty close (we obviously attempt to read outside of media)
and avoids adding more error codes.

This affects only internally initiated scans. If read/write from removable is
explicitly requested, we still return an error and text explanation is more
clear for user than generic error.

Reported and tested by Andreas Loew <Andreas.Loew@gmx.net>
2016-02-26 21:44:37 +03:00
Vladimir Serbinenko
06a3b0b214 Regenerate checksums 2016-02-26 11:37:47 +01:00
Josef Bacik
eb9f401fc1 net: fix ipv6 routing
ipv6 routing in grub2 is broken, we cannot talk to anything outside our local
network or anything that doesn't route in our global namespace.  This patch
fixes this by doing a couple of things

1) Read the router information off of the router advertisement.  If we have a
router lifetime we need to take the source address and create a route from it.

2) Changes the routing stuff slightly to allow you to specify a gateway _and_ an
interface.  Since the router advertisements come in on the link local address we
need to associate it with the global address on the card.  So when we are
processing the router advertisement, either use the SLAAC interface we create
and add the route to that interface, or loop through the global addresses we
currently have on our interface and associate it with one of those addresses.
We need to have a special case here for the default route so that it gets used,
we do this by setting the masksize to 0 to mean it encompasses all networks.
The routing code will automatically select the best route so if there is a
closer match we will use that.

With this patch I can now talk to ipv6 addresses outside of my local network.
Thanks,

Signed-off-by: Josef Bacik <jbacik@fb.com>
2016-02-25 22:38:52 +03:00
Vladimir Serbinenko
94c56a4c65 ieee1275: fix signed comparison 2016-02-24 18:37:22 +01:00
Andrei Borzenkov
1b782e902e search: actually skip floppy with --no-floppy
grub_device_iterate() ignores device when iterator returns 1, not 0.

Reported by Carlos E. R. <robin.listas@telefonica.net>
2016-02-23 23:17:24 +03:00
Andrei Borzenkov
15dfea842c multiboot2: zero reserved field in memory map
Documentation says, bootloader should set reserved field to zero.

Reported by Wink Saville <wink@saville.com>
2016-02-23 09:12:14 +03:00
Vladimir Serbinenko
054d1325e9 Improve EHCI logging
Add dprintf's on common error paths and remove some entries which are too
noisy.
2016-02-22 20:07:10 +01:00
Vladimir Serbinenko
0678b5d629 usb_keyboard: Remove useless include
This prevents non-PCI machines from having USB.
2016-02-22 20:05:54 +01:00
Vladimir Serbinenko
be4e9d20a5 Refresh before abort
This ensures that abort message is actually visible to the user.
2016-02-22 19:46:55 +01:00
Eric Snowberg
bc220962e3 ieee1275: prevent buffer over-read
Prevent buffer over-read in grub_machine_mmap_iterate. This was
causing phys_base from being calculated properly. This then
caused the wrong value to be placed in ramdisk_image within
struct linux_hdrs. Which prevented the ramdisk from loading on
boot.

Newer SPARC systems contain more than 8 available memory entries.

For example on a T5-8 with 2TB of memory, the memory layout could
look like this:

T5-8 Memory
reg                      00000000 30000000 0000003f b0000000
                         00000800 00000000 00000040 00000000
                         00001000 00000000 00000040 00000000
                         00001800 00000000 00000040 00000000
                         00002000 00000000 00000040 00000000
                         00002800 00000000 00000040 00000000
                         00003000 00000000 00000040 00000000
                         00003800 00000000 00000040 00000000
available                00003800 00000000 0000003f ffcae000
                         00003000 00000000 00000040 00000000
                         00002800 00000000 00000040 00000000
                         00002000 00000000 00000040 00000000
                         00001800 00000000 00000040 00000000
                         00001000 00000000 00000040 00000000
                         00000800 00000000 00000040 00000000
                         00000000 70000000 0000003f 70000000
                         00000000 6eef8000 00000000 00002000
                         00000000 30400000 00000000 3eaf6000
name                     memory

Signed-off-by: Eric Snowberg <eric.snowberg@oracle.com>
2016-02-22 10:01:31 +03:00
Thomas Huth
625934ec0f menu_entry: Disable cursor during update_screen()
When running grub in a VGA console of a KVM pseries guest on PowerPC,
you can see the cursor sweeping over the whole line when entering a
character in editor mode. This is visible because grub always refreshes
the whole line when entering a character in editor mode, and drawing
characters is quite a slow operation with the firmware used for the
powerpc pseries guests (SLOF).
To avoid this ugliness, the cursor should be disabled when refreshing
the screen contents during update_screen().

Signed-off-by: Thomas Huth <thuth@redhat.com>
2016-02-22 09:59:27 +03:00
Vladimir Serbinenko
59ec05bcf8 mm: Avoid integer overflow. 2016-02-17 18:09:44 +01:00
Vladimir Serbinenko
5cae910665 Fix warnings when compiling with -O3 2016-02-17 17:56:41 +01:00
Vladimir Serbinenko
25492a0f04 Add wbinvd around bios call.
Via C3 has problems with cache coherency when transitioning between the modes,
so flush it around bios calls.
2016-02-14 08:34:10 +01:00
Eric Snowberg
080a20861c OBP available region contains grub. Start at grub_phys_end.
This prevents a problem where grub was being overwritten since
grub_phys_start does not start at a zero offset within the memory
map.
2016-02-12 23:16:03 +01:00
Toomas Soome
ce01054ec3 lz4: Fix pointer overflow 2016-02-12 17:26:32 +01:00
Daniel Kiper
eba6db6323 relocator: Fix integer underflow. 2016-02-12 16:07:57 +01:00
Vladimir Serbinenko
4598cafa7d arm64: Use cpu timer for timekeeping. 2016-02-12 12:43:02 +01:00
Vladimir Serbinenko
22aa31bcc3 xnu: Supply random seed.
Now we're able to load kernels up to El Capitan.
2016-02-12 12:40:10 +01:00
Vladimir Serbinenko
e72de13b9e Add RNG module. 2016-02-12 12:39:38 +01:00
Vladimir Serbinenko
342d6edb97 yylex: use grub_fatal for exit.
lexer calls yylex_fatal on fatal internal errors. yylex_fatal itself is
declared as noreturn and calls exit. Returning from noreturn function has
unpredictable consequences.
2016-02-12 12:34:54 +01:00
Vladimir Serbinenko
e5c9300191 printf: Fix and test %% behaviour in presence of subsequenbt args. 2016-02-12 12:33:41 +01:00
Vladimir Serbinenko
d9a3bfead8 Split pmtimer wait and tsc measurement from pmtimer tsc calibration. 2016-02-12 11:40:51 +01:00
Vladimir Serbinenko
1933d37371 Make grub_cpu_is_tsc_supported generally available. 2016-02-12 11:38:51 +01:00
Vladimir Serbinenko
b29638222e Make grub_acpi_find_fadt accessible generically 2016-02-12 11:35:48 +01:00
Vladimir Serbinenko
281baeecd3 Fix emu compilation error on arm. 2016-02-12 09:10:08 +01:00
Vladimir Serbinenko
df4df4d887 xnu: Include relocated EFI in heap size. 2016-02-11 12:30:45 +01:00
Vladimir Serbinenko
2d425ffdd5 xnu: supply ramsize to the kernel.
Without this info recent kernels crash as they allocate no heap.
2016-02-11 11:58:28 +01:00
Andrei Borzenkov
67dba97e45 support modules without symbol table
all_video module does not have any code or data and exists solely for
.moddeps section to pull in dependencies. This makes all symbols unneeded.

While in current binutils (last released version as of this commit is 2.26)
``strip --strip-unneeded'' unintentionally adds section symbols for each
existing section, this behavior was considered a bug and changed in commit
14f2c699ddca1e2f706342dffc59a6c7e23e844c to completely strip symbol table
in this case.

Older binutils (verified with 2.17) and some other toolchains (at least
elftoolchain r3223M), both used in FreeBSD, remove symbol table in all_video
as well.

Relax run-time check and do not return error for modules without symbol table.
Add additional checks to module verifier to make sure such modules

a) have non-empty .moddeps section. Without either externally visible symbols
or .moddeps modules are completely useless and should not be built.

b) do not have any relocations.

Closes: 46986

v2: add run-time check for empty symbol table if relocations are present as
    suggested by Vladimir.
2016-02-03 20:34:55 +03:00
Vladimir Serbinenko
605eecc985 arm64: Add support for relocations needed for linaro gcc 2016-01-22 19:09:37 +01:00
Vladimir Serbinenko
b6a03dfd32 efiemu: Fix compilation failure 2016-01-22 14:10:30 +01:00
Robert Elliott
ae3b83a4d4 efiemu: Handle persistent RAM and unknown possible future additions. 2016-01-22 13:32:30 +01:00
Michael Chang
64e2d139fe Restore terminal settings on grub-emu exit. 2016-01-22 11:05:32 +01:00
Vladimir Serbinenko
0edd750e50 xen_boot: Remove obsolete module type distinctions. 2016-01-22 10:18:47 +01:00
Vladimir Serbinenko
cc2ed41039 arm: Ignore qemu clock bug 2016-01-22 10:12:43 +01:00
Vladimir Serbinenko
7c6c2ad42c i386-ieee1275: Increase maximum heap size to accomodate highres graphi tests 2016-01-22 10:12:43 +01:00
Colin Watson
47e67d809c Remove pragmas related to -Wunreachable-code
-Wunreachable-code has been a no-op since GCC 4.5; GRUB hasn't been
compiled with it since 2012; and GCC 6 produces "error:
'-Wunreachable-code' is not an option that controls warnings" for these.

Fixes Debian bug #812047.
2016-01-20 15:56:55 +00:00
Colin Watson
92bbf25714 loader/bsd: Fix signed/unsigned comparison 2016-01-16 20:40:55 +00:00
Colin Watson
95440b41d3 ahci, ehci: Fix typos 2016-01-16 20:37:15 +00:00
Andrei Borzenkov
77002c65d3 tftp: fix memory leaks in open
If protocol open fails, file is immediately freed, so data was leaked.

Found by: Coverity scan.
CID: 96659
2016-01-16 21:27:57 +03:00
Andrei Borzenkov
d4561cd080 tcp: fix memory leaks
Found by: Coverity scan.
CID: 96639, 96647
2016-01-16 20:59:50 +03:00
Andrei Borzenkov
9b4256bf05 net: fix memory leaks
Found by: Coverity scan.
CID: 96638, 96648
2016-01-16 20:48:33 +03:00
Andrei Borzenkov
eefa3239c2 legacycfg: fix memory leaks and add NULL check
Memory leaks found by Coverity scan.
CID: 96642, 96645
2016-01-16 20:34:02 +03:00
Andrei Borzenkov
4f8fe948b9 loader: Unintended sign extension
CID: 96707, 96699, 96693, 96691, 96711, 96709, 96708, 96703, 96702,
96700, 96698, 96696, 96695, 96692, 96710, 96705
2016-01-15 19:18:05 +03:00
Andrei Borzenkov
b95e926788 script: fix memory leak
Found by: Coverity scan.
CID: 96637
2016-01-12 22:50:30 +03:00
Andrei Borzenkov
26533fe6bc normal: fix memory leak
Found by: Coverity scan.
CID: 96641, 96670, 96667
2016-01-12 22:40:03 +03:00
Andrei Borzenkov
29862fdc3a xnu: fix memory leak
Found by: Coverity scan.
CID: 96663
2016-01-12 21:52:51 +03:00
Andrei Borzenkov
9daf7aae8b truecrypt: fix memory leak
Found by: Coverity scan.
CID: 156611
2016-01-12 21:52:51 +03:00
Andrei Borzenkov
a4b1326f0d gfxmenu: fix memory leak
Found by: Coverity scan.
CID: 96657
2016-01-12 21:52:50 +03:00
Andrei Borzenkov
dbb0f9fa4f efiemu: fix memory leak
Found by: Coverity scan.
CID: 156610
2016-01-12 21:52:50 +03:00
Andrei Borzenkov
e9d71db53a efidisk: fix memory leak
Found by: Coverity scan.
CID: 96644
2016-01-12 21:52:50 +03:00
Andrei Borzenkov
6c35ce72ba verify: fix memory leak
Found by: Coverity scan.
CID: 96643
2016-01-12 21:52:42 +03:00
Andrei Borzenkov
f3c84fa798 password_pbkdf2: fix memory leak
Found by: Coverity scan.
CID: 96656
2016-01-12 20:53:26 +03:00
Andrei Borzenkov
5db2190f2c parttool: fix memory leak
Found by: Coverity scan.
CID: 96652
2016-01-12 20:41:44 +03:00
Andrei Borzenkov
1bff60e5aa nativedisk: fix memory leak
Based on Coverity scan.
CID: 96660

Extended to also cover other error return places.
2016-01-12 20:37:43 +03:00
Andrei Borzenkov
8fe17d91af acpi: fix memory leak
Found by: Coverity scan.
CID: 96673
2016-01-12 20:26:30 +03:00
Andrei Borzenkov
528256932b net: remove dead and redundant code
server cannot be NULL at this point (we return error earlier if it is).
Also structure is zalloc'ed, so no need to explicitly initialize
members to 0.

Found by: Coverity scan.
CID: 73837
2016-01-10 11:33:13 +03:00
Andrei Borzenkov
269a522c7d hostdisk: fix device detection
Condition was apparently reversed so GRUB assumed all devices were
files. This later made it skip BLKFLSBUF ioctl on Linux which caused
various page cache coherency issues. Observed were

- failure to validate blocklist install (read content did not match
  just written)

- failure to detect Linux MD on disk after online hot addition
  (GRUB got stale superblock)

Closes: 46691
2016-01-10 10:41:04 +03:00
Andrei Borzenkov
31f6506c57 loader/multiboot: fix unintended sign extension
Found by: Coveruty scan.
CID: 73700, 73763
2016-01-09 19:58:51 +03:00
Andrei Borzenkov
9fecb0588e kern/elf: fix unintended sign extension
Found by: Coverity scan.
CID: 73729, 73735, 73758, 73760
2016-01-09 19:41:26 +03:00
Andrei Borzenkov
aafd205c92 xfs: fix possible inode corruption in directory scan
grub_xfs_iterate_dir did not restore first character after inline
name when match was found. Dependning on XFS format this character
could be inode number and we could return to the same node later in
find_file if processing cycled symlinks.

CID: 86724
2016-01-09 18:55:55 +03:00
Andrei Borzenkov
bd60f5a207 rescue_parser: restructure code to avoid Coverity false positive
If line contains single word, line and argv[0] are aliases, so
no NULL dereference is possible, but Coverity does not know it.
Change code to avoid ambiguity and also remove redundant call to
grub_strchr.

CID: 86725
2016-01-09 18:15:27 +03:00
Andrei Borzenkov
fa2af21ec8 gfxmenu: fix memory leak
Found by: Coverity scan.
CID: 73766
2016-01-09 13:55:28 +03:00
Andrei Borzenkov
67d9ce82ac efiemu: check return value of grub_efiemu_write_value
Found by: Coverity scan.
CID: 73590
2016-01-09 11:36:42 +03:00
Andrei Borzenkov
12bf87466f efiemu: change code to avoid Coverity false positive
CID: 73623
2016-01-09 11:36:42 +03:00
Andrei Borzenkov
97c41e1216 efiemu: fix unintended sign extension
Found by: Coverity scan.
CID: 73883, 73637
2016-01-09 11:36:42 +03:00
Andrei Borzenkov
8ab2675ede hfs: fix memory leak
Found by: Coverity scan.
CID: 156531
2016-01-09 11:36:42 +03:00
Matthew Garrett
4d5d7be005 Send a user class identifier in bootp requests
It's helpful to determine that a request was sent by grub in order to permit
the server to provide different information at different stages of the boot
process. Send GRUB2 as a type 77 DHCP option when sending bootp packets in
order to make this possible.
2016-01-08 14:25:52 -08:00
Matthew Garrett
78db6bcf33 Allow non-default ports for HTTP requests
Add support for passing ports in HTTP requests. This takes the form of:
(http,serverip:portnum)/file
2016-01-07 17:27:15 -08:00
Matthew Garrett
297e11980b Allow passing of trusted keys via variables
Add support for adding gpg keys to the trusted database with a new command
called "trust_var". This takes the contents of a variable (in ascii-encoded
hex) and interprets it as a gpg public key.
2016-01-07 15:33:36 -08:00
Matthew Garrett
73746f0367 Fix hex representation of binary variable contents
The getenv code was mishandling the conversion of binary to hex. Grub's
sprintf() doesn't seem to support the full set of format conversions, so
fix this in the nasty way.
2016-01-07 15:31:36 -08:00
Vladimir Serbinenko
e4c49cab9b arm64/setjmp: Add missing move for arg1 == 0 case. 2016-01-07 21:10:05 +01:00
Mark Salter
7eb27a49e9 arm-efi: Reduce timer event frequency by 10
Timer event to keep grub msec counter was running at 1000HZ. This was too
fast for UEFI timer driver and resulted in a 10x slowdown in grub time
versus wallclock. Reduce the timer event frequency and increase tick
increment accordingly to keep better time.
2016-01-07 20:54:20 +01:00
Vladimir Serbinenko
607d66116a iee1275/datetime: Fix off-by-1 error. 2016-01-07 15:53:42 +01:00
Matthew Garrett
92e46cccf1 Add smbios command
Incorporate the smbios command from
https://raw.githubusercontent.com/dm0-/gnuxc/master/patches/grub-2.02~beta2-smbios-module.patch
so we can extract the machine UUID and serial number.
2016-01-06 12:46:22 -08:00
Matthew Garrett
a0e69405e2 Measure multiboot images and modules 2016-01-05 14:35:17 -08:00
Matthew Garrett
b47b5685b5 Measure commands
Measure each command executed by grub, which includes script execution.
2016-01-05 14:35:17 -08:00
Matthew Garrett
2d410729e9 Measure the kernel commandline
Measure the kernel commandline to ensure that it hasn't been modified
2016-01-05 14:35:17 -08:00
Matthew Garrett
20e355fd5a Measure kernel and initrd on BIOS systems
Measure the kernel and initrd when loaded on BIOS systems
2016-01-05 14:35:17 -08:00
Matthew Garrett
738f6f09b3 Rework linux16 command
We want a single buffer that contains the entire kernel image in order to
perform a TPM measurement. Allocate one and copy the entire kernel int it
before pulling out the individual blocks later on.
2016-01-05 14:35:17 -08:00
Matthew Garrett
a2599ab047 Rework linux command
We want a single buffer that contains the entire kernel image in order to
perform a TPM measurement. Allocate one and copy the entire kernel into it
before pulling out the individual blocks later on.
2016-01-05 14:35:17 -08:00
Matthew Garrett
1e32d63145 Add BIOS boot measurement
Measure the on-disk grub core on BIOS systems - unlike UEFI, the firmware
can't do this stage for us.
2016-01-05 14:35:17 -08:00
Matthew Garrett
f22ee4487c Measure kernel + initrd
Measure the kernel and initrd when loaded on UEFI systems
2016-01-05 14:35:17 -08:00
Matthew Garrett
858f763466 Core TPM support
Add support for performing basic TPM measurements. Right now this only
supports extending PCRs statically and only on UEFI and BIOS systems, but
will measure all modules as they're loaded.
2016-01-05 14:35:05 -08:00
Matthew Garrett
76fb8e4341 Fix race in EFI validation
The Secure Boot code currently reads the kernel from disk, validates the
signature and then reads it from disk again. A sufficiently exciting storage
device could modify the kernel between these two events and trigger the
execution of an untrusted kernel. Avoid re-reading it in order to ensure
this isn't a problem, and in the process speed up boot by not reading the
kernel twice.
2016-01-05 14:14:54 -08:00
Vladimir Serbinenko
f86fd54cf0 Add memdisk support to grub-emu.
Use it to add custom files, so that tests which need them work.
2016-01-05 21:10:27 +01:00
Vladimir Serbinenko
3f430a0126 Move file loading functions to grub-emu.
So that we can use it in grub-emu as well as utils.
2016-01-05 21:10:27 +01:00
Vladimir Serbinenko
f2b54835f2 Disable progress indicator in grub-shell.
This disables progress indicator for tests. This in turn fixes test
flakiness as they ended up timing-dependent.
2016-01-05 21:10:10 +01:00
Vladimir Serbinenko
300be005a8 Update checksums 2016-01-05 11:55:30 +01:00
Andrei Borzenkov
aa7bb4607b acpihalt: add GRUB_ACPI_OPCODE_CREATE_DWORD_FIELD (0x8a)
Fixes ACPI halt on ASUSTeK P8B75-V,
Bios: American Megatrends v: 0414 date: 04/24/2012

Reported-By: Goh Lip <g.lip@gmx.com>
2016-01-02 21:33:18 +03:00
Andrei Borzenkov
19554a6034 acpihalt: fix GRUB_DSDT_TEST compilation 2016-01-02 19:02:19 +03:00
Andrei Borzenkov
ba83ed1538 Add missing BUILD_EXEEXT 2016-01-01 12:06:40 +03:00
Andrey Borzenkov
4d6e9c8a92 remove temporary .bin files (kernel and modules) 2015-12-31 23:00:25 +03:00
Vladimir Serbinenko
3b21499506 Disable build-time module check on emu.
On emu some checks can be laxer like check for relocation range. Additionally
module loading in emu is rarely used. So skip this check rather than making
it laxer for all platforms. In ideal we may want to have slightly different
check for emu but for now this is good enough.
2015-12-31 18:20:11 +01:00
Vladimir Serbinenko
68e158dffd Strip .ARM.exidx
This section is generated by clang and is useful only for debugging.
It contains exotic relocations, so strip them to avoid them interferring
with module loading.
2015-12-31 18:13:59 +01:00
Vladimir Serbinenko
76588d1319 xen/relocator: Use local symbol to ensure that code is relocation-free. 2015-12-31 14:54:56 +01:00
Vladimir Serbinenko
60ae582142 backtrace: Fix register call syntax 2015-12-31 14:54:48 +01:00
Vladimir Serbinenko
a7cf8b1e23 Verify modules on build-time rather than failing in runtime. 2015-12-31 13:09:15 +01:00
Vladimir Serbinenko
5919626c90 sparc64: Fix assembly to let compiler to fill in memory references.
This fixes the use of not fully relocatable (they assume that variables are
under 4G limit in virtual memory) references.
2015-12-31 13:07:16 +01:00
Vladimir Serbinenko
79cfad6fbe backtrace: Remove assembly assumption that grub_backtrace_pointer is under 4G 2015-12-30 18:19:44 +01:00
Andrei Borzenkov
93ecc3f1f8 menu: fix line count calculation for long lines
It gave one extra screen line if length was exactly equal to screen
width.

Reported by Michael Chang.
Also-By: Michael Chang <mchang@suse.com>
2015-12-30 06:20:51 +03:00
Vladimir Serbinenko
ca7bb46d5c exfat: Fix stream extension flag parsing. 2015-12-29 17:42:25 +01:00
Andrei Borzenkov
3bca85b418 devmapper: check for valid device abstraction in get_grub_dev
This was lost when code was refactored. Patch restores previous behavior.

It is still not clear whether this is the right one. Due to the way we
detect DM abstraction, partitions on DM are skipped, we fall through to
generic detection which ends up in assuming parent device is BIOS disk.

It is useful to install GRUB on VM disk from the host. But it also means
that GRUB will mistakenly allow install on real system as well.

For now let's fix regression; future behavior needs to be discussed.

Closes: 45163
2015-12-26 21:45:22 +03:00
Andrei Borzenkov
a9399f2e1e windows: correct LBA in generated EFI HDD media paths
GRUB keeps partition offset and size in units of 512B sectors. Media paths
are defined in terms of LBA which are presumed to match HDD sector size.

This is probably cosmetic (EFI requires that partition is searched by GUID)
and still incorrect if GPT was created using different logical block size.
But current code is obviously wrong and new has better chances to be correct.
2015-12-19 11:32:49 +03:00
Michael Marineau
286f1b63df Merge branch 'master' of git://git.savannah.gnu.org/grub 2015-12-17 12:01:00 -08:00
Robert Elliott
c79c59f129 lsefimmap: support persistent memory and other UEFI 2.5 features
This should accompany
	76ce1de740 Translate UEFI persistent memory type

1. Add a string for the EfiPersistentMemory type 14 that was
added in UEFI 2.5.

2. Decode the memory attributes that were added in UEFI 2.5:
* NV (non-volatile)
* MORE_RELIABLE (higher reliable, e.g., mirrored memory in a system
  with partial memory mirroring)
* RO (read-only)

3. Use proper IEC binary units (KiB, MiB, etc.) for power-of-two
values rather than misusing SI power-of-ten units (KB, MB, etc.)

4. The lsmmap command only decodes memory ranges sizes up to GiB scale
units.  Persistent memory ranges will reach into the TiB scale.
Since 64-bit size field supports TiB, PiB, and EiB, decode all of
them for completeness.

5. In the lsefimmap command, rewrite the print statements to
* avoid rounding
* avoid a big nested if/else tree.

For example: In the sixth entry below, the value of 309MB implies
316416KB but is really reporting 316436KB.

Widen the size column to 6 digits to accommodate typical cases.
The worst case value would require 14 digits; if that happens,
let the columns get out of sync.

Old format:
Type      Physical start  - end             #Pages     Size Attributes
conv-mem  0000000000000000-0000000000092fff 00000093  588KB UC WC WT WB
reserved  0000000000093000-0000000000093fff 00000001    4KB UC WC WT WB
conv-mem  0000000000094000-000000000009ffff 0000000c   48KB UC WC WT WB
conv-mem  0000000000100000-000000000fffffff 0000ff00  255MB UC WC WT WB
BS-code   0000000010000000-0000000010048fff 00000049  292KB UC WC WT WB
conv-mem  0000000010049000-000000002354dfff 00013505  309MB UC WC WT WB
ldr-data  000000002354e000-000000003ecfffff 0001b7b2  439MB UC WC WT WB
BS-data   000000003ed00000-000000003ed7ffff 00000080  512KB UC WC WT WB
conv-mem  000000003ed80000-000000006af5ffff 0002c1e0  705MB UC WC WT WB
reserved  000000006af60000-000000006b55ffff 00000600    6MB UC WC WT WB
BS-data   000000006b560000-000000006b560fff 00000001    4KB UC WC WT WB
RT-data   000000006b561000-000000006b5e1fff 00000081  516KB RT UC WC WT WB
BS-data   000000006b5e2000-000000006ecfafff 00003719   55MB UC WC WT WB
BS-code   000000006ecfb000-000000006ecfbfff 00000001    4KB UC WC WT WB
conv-mem  000000006ecfc000-00000000711fafff 000024ff   36MB UC WC WT WB
BS-data   00000000711fb000-000000007128dfff 00000093  588KB UC WC WT WB
Unk 0d    0000000880000000-0000000e7fffffff 00600000   24GB UC WC WT WB NV
reserved  0000001680000000-0000001c7fffffff 00600000   24GB UC WC WT WB NV

New format:
Type      Physical start  - end             #Pages        Size Attributes
conv-mem  0000000000000000-0000000000092fff 00000093    588KiB UC WC WT WB
reserved  0000000000093000-0000000000093fff 00000001      4KiB UC WC WT WB
conv-mem  0000000000094000-000000000009ffff 0000000c     48KiB UC WC WT WB
conv-mem  0000000000100000-000000000fffffff 0000ff00    255MiB UC WC WT WB
BS-code   0000000010000000-0000000010048fff 00000049    292KiB UC WC WT WB
conv-mem  0000000010049000-000000002354dfff 00013505 316436KiB UC WC WT WB
ldr-data  000000002354e000-000000003ecfffff 0001b7b2 450248KiB UC WC WT WB
BS-data   000000003ed00000-000000003ed7ffff 00000080    512KiB UC WC WT WB
conv-mem  000000003ed80000-000000006af5ffff 0002c1e0 722816KiB UC WC WT WB
reserved  000000006af60000-000000006b55ffff 00000600      6MiB UC WC WT WB
BS-data   000000006b560000-000000006b560fff 00000001      4KiB UC WC WT WB
RT-data   000000006b561000-000000006b5e1fff 00000081    516KiB RT UC WC WT WB
BS-data   000000006b5e2000-000000006ecfafff 00003719  56420KiB UC WC WT WB
BS-code   000000006ecfb000-000000006ecfbfff 00000001      4KiB UC WC WT WB
conv-mem  000000006ecfc000-0000000071222fff 00002527  38044KiB UC WC WT WB
BS-data   0000000071223000-00000000712ddfff 000000bb    748KiB UC WC WT WB
persist   0000000880000000-0000000e7fffffff 00600000     24GiB UC WC WT WB NV
reserved  0000001680000000-0000001c7fffffff 00600000     24GiB UC WC WT WB NV
2015-12-17 21:00:44 +03:00
Andrei Borzenkov
609c049dcc kernel: print and reset grub_errno after each embedded config line
Otherwise it causes subsequent file open to fail, because grub_file_open
misinterprets set grub_errno for grub_file_get_device_name failure.

Closes: 46540
2015-12-16 21:20:30 +03:00
Andrei Borzenkov
7136b545c1 Erase backspaced character in grub_username_get
It probably does not work across linefeed, but hopefully user names are not
that long (and nobody is using terminal that small).
2015-12-16 19:20:10 +03:00
Hector Marco-Gisbert
451d80e52d Fix security issue when reading username and password
This patch fixes two integer underflows at:
  * grub-core/lib/crypto.c
  * grub-core/normal/auth.c

CVE-2015-8370

Signed-off-by: Hector Marco-Gisbert <hecmargi@upv.es>
Signed-off-by: Ismael Ripoll-Ripoll <iripoll@disca.upv.es>
Also-By: Andrey Borzenkov <arvidjaar@gmail.com>
2015-12-16 07:57:18 +03:00
Robert Elliott
76ce1de740 Translate UEFI persistent memory type
Define
* GRUB_EFI_PERSISTENT_MEMORY (UEFI memory map type 14) per UEFI 2.5
* GRUB_MEMORY_PERSISTENT (E820 type 7) per ACPI 3.0
* GRUB_MEMORY_PERSISTENT_LEGACY (E820 unofficial type 12) per ACPI 3.0

and translate GRUB_EFI_PERSISTENT_MEMORY to GRUB_MEMORY_PERSISTENT in
grub_efi_mmap_iterate().

Includes
* adding the E820 names to lsmmap
* handling the E820 types in make_efi_memtype()

Suggested-by: Vladimir 'φ-coder/phcoder' Serbinenko <phcoder@gmail.com>
Suggested-by: Andrei Borzenkov <arvidjaar@gmail.com>
2015-12-15 10:25:34 +03:00
Josef Bacik
fb47807918 tcp: ack when we get an OOO/lost packet
While adding tcp window scaling support I was finding that I'd get some packet
loss or reordering when transferring from large distances and grub would just
timeout.  This is because we weren't ack'ing when we got our OOO packet, so the
sender didn't know it needed to retransmit anything, so eventually it would fill
the window and stop transmitting, and we'd time out.  Fix this by ACK'ing when
we don't find our next sequence numbered packet.  With this fix I no longer time
out.  Thanks,

Signed-off-by: Josef Bacik <jbacik@fb.com>
2015-12-07 20:52:27 +03:00
Michael Chang
a03c1034f6 i386: fix TSC calibration using PIT
Condition was accidentally reversed, so PIT calibration always failed
when PIT was present and always succeeded when PIT was missing, but in
the latter case resulted in absurdly fast clock.

Reported and tested by Vitaly Kuznetsov <vkuznets@redhat.com>
2015-12-01 18:49:38 +03:00
Andrei Borzenkov
f4c143789a Replace numbers with grub_memory_type_t enums 2015-11-27 19:52:16 +03:00
Vladimir Serbinenko
d43a5ee651 tsc: Use alternative delay sources whenever appropriate.
PIT isn't available on some of new hardware including Hyper-V. So
use pmtimer for calibration. Moreover pmtimer calibration is faster, so
use it on coreboor where booting time is important.

Based on patch by Michael Chang.
2015-11-27 11:39:55 +01:00
Andrei Borzenkov
3d2c8048da efi: really mark memory of unknown type as reserved
9be4c45dbe added switch case between
fall through cases, causing all memory regions of unknown type to be
marked as available.

Move default case into its own block and add explicit FALLTHROUGH
annotation.

Reported by Elliott, Robert (Persistent Memory) <elliott@hpe.com>
2015-11-26 19:50:42 +03:00
Josef Bacik
f9d1b4422e net: reset nb->data per dns record lookup loop
We were resetting nb->data every time we tried a new server, but we need to do
it every time we try for a different record, otherwise we don't end up falling
back to the A record properly.  Thanks,

Signed-off-by: Josef Bacik <jbacik@fb.com>
2015-11-24 20:48:16 +03:00
Matthew Garrett
4042e13fec Add fwconfig command
Add a command to read values from the qemu fwcfg store. This allows data
to be passed from the qemu command line to grub.

Example use:

echo '(hd0,1)' >rootdev
qemu -fw_cfg opt/rootdev,file=rootdev

fwconfig opt/rootdev root
2015-11-20 11:26:00 -08:00
Andrei Borzenkov
6a46cbcc5c unix: do not close stdin in grub_passwd_get
This makes it impossible to read from stdin without controlling tty:

10:/mnt # echo -e passwd\\npasswd | setsid ./grub-mkpasswd-pbkdf2
Enter password:
Reenter password: ./grub-mkpasswd-pbkdf2: error: failure to read password.
10:/mnt
2015-11-18 22:23:58 +03:00
Andrei Borzenkov
50d6f38feb lsefisystab: add missing comma after 7994077 2015-11-17 06:27:17 +03:00
Pavel Bludov
7994077ab9 Add some UUIDs found in the hardware 2015-11-14 17:57:35 +03:00
Konstantin Vlasov
5646e03dba gfxterm: fix calculation of terminal-top and terminal-height
They used screen width, not height.
2015-11-13 21:54:19 +03:00
Paulo Flabiano Smorigo
c899d9f42c ofdisk: add sas disks to the device list 2015-11-12 09:23:02 -02:00
Vladimir Serbinenko
e0bd66c314 multiboot: Don't rely on particular ordering of options. 2015-11-12 11:54:38 +01:00
Vladimir Serbinenko
95ba04606f multiboot_mbi: Fix handling of --quirk-bad-kludge. 2015-11-12 11:54:13 +01:00
Fu Wei
a771a7b9f6 xen_boot: Remove useless file_name_index variable. 2015-11-12 11:33:55 +01:00
Paulo Flabiano Smorigo
a50dbb743e ofdisk: add a comment about vscsi method 2015-11-10 21:20:20 -02:00
Vladimir Serbinenko
25a9b8f208 fdt.mod: Move license tag to the right file. 2015-11-09 16:15:30 +01:00
Fu Wei
372400b419 fdt.mod: Add missing license tag. 2015-11-09 15:27:59 +01:00
Vladimir Serbinenko
254f92815b kern/elf: Ignore cast-align warnings 2015-11-09 11:39:30 +01:00
Vladimir Serbinenko
cb28250cfc cbfs: Fix corner case and compilation with recdent gcc
Accept the header to touch the jump address at 0xfffffff0.

Fix compilation for 64-bit EFI with recent GCC.
2015-11-09 03:24:04 +01:00
Vladimir Serbinenko
b2fc9acdc9 Adapt build-system to use imported xen headers. 2015-11-08 21:24:18 +01:00
Vladimir Serbinenko
855fe6869c cbfs: Check for ptr range sanity.
Triaged by Andrei and enhanced with suggestions by Aaron Durbin
Also-By: Andrei Borzenkov <arvidjaar@gmail.com>
2015-11-08 20:34:30 +01:00
Vladimir Serbinenko
db97faec91 genmoddep.awk: Add a test that we have no circular dependencies 2015-11-08 20:00:27 +01:00
Vladimir Serbinenko
7cc27aeda9 Makefile.core.def: Break circular dependency on arm64. 2015-11-08 18:47:53 +01:00
grub-devel@iam.tj
c7f93a20c4 cryptodisk: teach grub_cryptodisk_insert() about partitions (bug #45889)
It is not possible to configure encrypted containers on multiple partitions of
the same disk; after the first one all subsequent fail with

disk/cryptodisk.c:978: already mounted as crypto0

Store partition offset in cryptomount descriptor to distinguish between them.
2015-11-07 18:52:59 +03:00
Andrei Borzenkov
dff8d0e3f5 unix/getroot: remove unused MAJOR definition
We use major() everywhere, these definitions just add to confusion.
2015-11-07 17:02:21 +03:00
Andrei Borzenkov
c1fbc26203 Add comments to code for commit d313218 2015-11-07 13:01:23 +03:00
Andrei Borzenkov
349a381df0 devmapper/getroot: use makedev instead of direct shift
Fixes device detection with large number of devices.

Reported by Tim Wallberg <twalberg@comcast.net>
2015-11-07 09:46:46 +03:00
Ignat Korchagin
43c8310244 tcp: Fix uninited mac address when accepting connection. 2015-10-29 16:30:28 +01:00
Fu Wei
83cb45e982 arm64: Add support for xen boot protocol. 2015-10-29 15:24:20 +01:00
Vladimir Serbinenko
4d0cb75538 arm64: Move FDT functions to separate module 2015-10-29 14:06:45 +01:00
Andrei Borzenkov
5fcde03bf1 efi: fix warnings with recent GCC
../../grub-core/term/efi/console.c:128:32: error: suggest parentheses around '&&' within '||' [-Werror=parentheses]
   if (key.unicode_char >= 0x20 && key.unicode_char <= 0x7f
2015-10-27 23:30:54 +03:00
Eric Snowberg
0b72543afd ofdisk: Fix devpath freeing logic. 2015-10-26 23:03:06 +01:00
Paulo Flabiano Smorigo
bf3df4070f Implement cross-endian ELF load for powerpc 2015-10-26 22:07:26 +01:00