Commit graph

3797 commits

Author SHA1 Message Date
Colin Watson
9363f738ba libgcrypt: Import replacement CRC operations
The CRC implementation imported from libgcrypt 1.5.3 is arguably
non-free, due to being encumbered by the restrictive Internet Society
licence on RFCs (see e.g. https://wiki.debian.org/NonFreeIETFDocuments).
Fortunately, libgcrypt has since replaced it with a version that is both
reportedly better-optimised and doesn't suffer from this encumbrance.

The ideal solution would be to update to a new version of libgcrypt, and
I spent some time trying to do that.  However, util/import_gcry.py
requires complex modifications to cope with the new version, and I
stalled part-way through; furthermore, GRUB's libgcrypt tree already
contains some backports of upstream changes.  Rather than allowing the
perfect to be the enemy of the good, I think it's best to backport this
single change to at least sort out the licensing situation.  Doing so
won't make things any harder for a future wholesale upgrade.

This commit is mostly a straightforward backport of
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commitdiff;h=06e122baa3321483a47bbf82fd2a4540becfa0c9,
but I also imported bufhelp.h from libgcrypt 1.7.0 (newer versions
required further changes elsewhere).

I've tested that "hashsum -h crc32" still produces correct output for a
variety of files on both i386-pc and x86_64-emu targets.

Signed-off-by: Colin Watson <cjwatson@ubuntu.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2020-09-21 12:16:25 -04:00
Eric Snowberg
3d1069e2e2 ieee1275: add nvme support within ofpath
Add NVMe support within ofpath.

The Open Firmware text representation for a NVMe device contains the
Namespace ID. An invalid namespace ID is one whose value is zero or whose
value is greater than the value reported by the Number of Namespaces (NN)
field in the Identify Controller data structure.  At the moment  only a
single Namespace is supported, therefore the value is currently hard coded
to one.

Signed-off-by: Eric Snowberg <eric.snowberg@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2020-09-21 12:16:25 -04:00
Daniel Kiper
5826e32c37 chainloader: Fix wrong break condition (must be AND not, OR)
The definition of bpb's num_total_sectors_16 and num_total_sectors_32
is that either the 16-bit field is non-zero and is used (in which case
eg mkfs.fat sets the 32-bit field to zero), or it is zero and the
32-bit field is used. Therefore, a BPB is invalid only if *both*
fields are zero; having one field as zero and the other as non-zero is
the case to be expected. (Indeed, according to Microsoft's specification
one of the fields *must* be zero, and the other non-zero.)

This affects all users of grub_chainloader_patch_bpb which are in
chainloader.c, freedos.c, and ntldr.c

Some descriptions of the semantics of these two fields:

https://www.win.tue.nl/~aeb/linux/fs/fat/fat-1.html

  The old 2-byte fields "total number of sectors" and "number of
  sectors per FAT" are now zero; this information is now found in
  the new 4-byte fields.

(Here given in the FAT32 EBPB section but the total sectors 16/32 bit
fields semantic is true of FAT12 and FAT16 too.)

https://wiki.osdev.org/FAT#BPB_.28BIOS_Parameter_Block.29

  19 | 2 | The total sectors in the logical volume. If this value is 0,
  it means there are more than 65535 sectors in the volume, and the actual
  count is stored in "Large Sectors (bytes 32-35).

  32 | 4 | Large amount of sector on media. This field is set if there
  are more than 65535 sectors in the volume.

(Doesn't specify what the "large" field is set to when unused, but as
mentioned mkfs.fat sets it to zero then.)

https://technet.microsoft.com/en-us/library/cc976796.aspx

  0x13 | WORD | 0x0000 |
  Small Sectors . The number of sectors on the volume represented in 16
  bits (< 65,536). For volumes larger than 65,536 sectors, this field
  has a value of zero and the Large Sectors field is used instead.

  0x20 | DWORD | 0x01F03E00 |
  Large Sectors . If the value of the Small Sectors field is zero, this
  field contains the total number of sectors in the FAT16 volume. If the
  value of the Small Sectors field is not zero, the value of this field
  is zero.

https://staff.washington.edu/dittrich/misc/fatgen103.pdf page 10

  BPB_TotSec16 | 19 | 2 |
  This field is the old 16-bit total count of sectors on the volume.
  This count includes the count of all sectors in all four regions of the
  volume. This field can be 0; if it is 0, then BPB_TotSec32 must be
  non-zero. For FAT32 volumes, this field must be 0. For FAT12 and
  FAT16 volumes, this field contains the sector count, and
  BPB_TotSec32 is 0 if the total sector count “fits” (is less than
  0x10000).

  BPB_TotSec32 | 32 | 4 |
  This field is the new 32-bit total count of sectors on the volume.
  This count includes the count of all sectors in all four regions of the
  volume. This field can be 0; if it is 0, then BPB_TotSec16 must be
  non-zero. For FAT32 volumes, this field must be non-zero. For
  FAT12/FAT16 volumes, this field contains the sector count if
  BPB_TotSec16 is 0 (count is greater than or equal to 0x10000).

(This specifies that an unused BPB_TotSec32 field is set to zero.)

By the way fix offsets in include/grub/fat.h.

Tested with lDebug booted in qemu via grub2's
FreeDOS direct loading support, refer to
https://bitbucket.org/ecm/ldosboot + https://bitbucket.org/ecm/ldebug

Signed-off-by: C. Masloch <pushbx@38.de>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2020-09-21 12:16:25 -04:00
Steve McIntyre
0b6bd057c0 Make grub-install check for errors from efibootmgr
Code is currently ignoring errors from efibootmgr, giving users
clearly bogus output like:

        Setting up grub-efi-amd64 (2.02~beta3-4) ...
        Installing for x86_64-efi platform.
        Could not delete variable: No space left on device
        Could not prepare Boot variable: No space left on device
        Installation finished. No error reported.

and then potentially unbootable systems. If efibootmgr fails, grub-install
should know that and report it!

We've been using similar patch in Debian now for some time, with no ill effects.

Signed-off-by: Steve McIntyre <93sam@debian.org>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2020-09-21 12:16:25 -04:00
Eric Snowberg
984c022638 sparc64: fix OF path names for sun4v systems
Fix the Open Firmware (OF) path property for sun4v SPARC systems.
These platforms do not have a /sas/ within their path. Over time
different OF addressing schemes have been supported. There
is no generic addressing scheme that works across every HBA.

It looks that this functionality will not work if you try to cross-install
SPARC GRUB2 binary using e.g. x86 grub-install. By default it should work.
However, we will also have other issues here, like lack of access to OF
firmware/paths, which make such configs unusable anyway. So, let's leave
this patch as is for time being. If somebody cares then he/she should fix
the issue(s) at some point.

Signed-off-by: Eric Snowberg <eric.snowberg@oracle.com>
Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2020-09-21 12:16:25 -04:00
Stefan Fritsch
d97d20da82 ahci: Improve error handling
Check the error bits in the interrupt status register. According to the
AHCI 1.2 spec, "Interrupt sources that are disabled (‘0’) are still
reflected in the status registers.", so this should work even though
grub uses polling

This fixes the following problem on a Fujitsu E744 laptop:

Sometimes there is a very long delay (up to several minutes) when
booting from hard disk. It seems accessing the DVD drive (which has no
disk inserted) sometimes fails with some errors, which leads to each
access being stalled until the 20s timeout triggers. This seems to
happen when grub is trying to read filesystem/partition data.

The problem is that the command_issue bit that is checked in the loop is
only reset if the "HBA receives a FIS which clears the BSY, DRQ, and ERR
bits for the command", but the ERR bit is never cleared. Therefore
command_issue is never reset and grub waits for the timeout.

The relevant bit in our case is the Task File Error Status (TFES), which
is equivalent to the ERR bit 0 in tfd. But this patch also checks
the other error bits except for the "Interface non-fatal error status"
bit.

Signed-off-by: Stefan Fritsch <fritsch@genua.de>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2020-09-21 12:16:25 -04:00
Julien Grall
43d7414af7 arm64/xen: Add missing #address-cells and #size-cells properties
The properties #address-cells and #size-cells are used to know the
number of cells for ranges provided by "regs". If they don't exist, the
value are resp. 2 and 1.

Currently, when multiboot nodes are created it is assumed that #address-cells
and #size-cells are exactly 2. However, they are never set by GRUB and
will result to later failure when the device-tree is generated by GRUB
or contain different values.

To prevent this failure, create the both properties in the chosen nodes.

Signed-off-by: Julien Grall <julien.grall@linaro.org>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2020-09-21 12:16:25 -04:00
Eric Snowberg
4aeba29569 ls: prevent double open
Prevent a double open.  This can cause problems with some ieee1275
devices, causing the system to hang.  The double open can occur
as follows:

grub_ls_list_files (char *dirname, int longlist, int all, int human)
       dev = grub_device_open (device_name);
       dev remains open while:
       grub_normal_print_device_info (device_name);
                dev = grub_device_open (name);

Signed-off-by: Eric Snowberg <eric.snowberg@oracle.com>
Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2020-09-21 12:16:25 -04:00
David E. Box
bee9cdaa2b tsc: Change default tsc calibration method to pmtimer on EFI systems
On efi systems, make pmtimer based tsc calibration the default over the
pit. This prevents Grub from hanging on Intel SoC systems that power gate
the pit.

Signed-off-by: David E. Box <david.e.box@linux.intel.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2020-09-21 12:16:25 -04:00
Alexander Graf
8838ac368e efi: Free malloc regions on exit
When we exit grub, we don't free all the memory that we allocated earlier
for our heap region. This can cause problems with setups where you try
to descend the boot order using "exit" entries, such as PXE -> HD boot
scenarios.

Signed-off-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2020-09-21 12:16:25 -04:00
Alexander Graf
e224ee31c0 efi: Move grub_reboot() into kernel
The reboot function calls machine_fini() and then reboots the system.
Currently it lives in lib/ which means it gets compiled into the
reboot module which lives on the heap.

In a following patch, I want to free the heap on machine_fini()
though, so we would free the memory that the code is running in. That
obviously breaks with smarter UEFI implementations.

So this patch moves it into the core. That way we ensure that all
code running after machine_fini() in the UEFI case is running from
memory that got allocated (and gets deallocated) by the UEFI core.

Signed-off-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2020-09-21 12:02:37 -04:00
Vladimir Serbinenko
46159d35d3 Fix compilation for x86_64-efi. 2020-09-21 12:02:37 -04:00
Vladimir Serbinenko
3badaefe7f gzio: fix unaligned access 2020-09-21 12:02:37 -04:00
Vladimir Serbinenko
86b8024d5d Regenerate checksum.h with newer unifont.
Old link is broken. New unifont is
http://ftp.de.debian.org/debian/pool/main/u/unifont/xfonts-unifont_9.0.06-2_all.deb
2020-09-21 12:02:37 -04:00
Vladimir Serbinenko
69c4c683b4 qemu, coreboot, multiboot: Change linking address to 0x9000.
It's common for distros to use a defective ld which links at 0x9000. Instead
of fighting it, just move link target to 0x9000.
2020-09-21 12:02:37 -04:00
Stefan Fritsch
8ce806120b Implement checksum verification for gunzip
This implements the crc32 check for the gzip format. Support for zlib's
adler checksum is not included, yet.
2020-09-21 12:02:37 -04:00
Vladimir Serbinenko
88a43b3f8c xfs: Don't attempt to iterate over empty directory.
Reported by: Tuomas Tynkkynen
2020-09-21 12:02:37 -04:00
Patrick Steinhardt
2da5f067f4 unix exec: avoid atexit handlers when child exits
The `grub_util_exec_redirect_all` helper function can be used to
spawn an executable and redirect its output to some files. After calling
`fork()`, the parent will wait for the child to terminate with
`waitpid()` while the child prepares its file descriptors, environment
and finally calls `execvp()`. If something in the children's setup
fails, it will stop by calling `exit(127)`.

Calling `exit()` will cause any function registered via `atexit()` to be
executed, which is usually the wrong thing to do in a child. And
actually, one can easily observe faulty behaviour on musl-based systems
without modprobe(8) installed: executing `grub-install --help` will call
`grub_util_exec_redirect_all` with "modprobe", which obviously fails if
modprobe(8) is not installed. Due to the child now exiting and invoking
the `atexit()` handlers, it will clean up some data structures of the
parent and cause it to be deadlocked in the `waitpid()` syscall.

The issue can easily be fixed by calling `_exit(127)` instead, which is
especially designed to be called when the atexit-handlers should not be
executed.

Signed-off-by: Patrick Steinhardt <ps@pks.im>
2020-09-21 12:02:37 -04:00
Vladimir Serbinenko
aa6226fefb enforcing fixup 2020-09-21 12:02:37 -04:00
Vladimir Serbinenko
f6c8225f8c multiboot fixup 2020-09-21 12:02:37 -04:00
Vladimir Serbinenko
fcf791ab27 linux fixup 2020-09-21 12:02:37 -04:00
Vladimir Serbinenko
874a8f13cc yylex: Explicilty cast fprintf to void.
It's needed to avoid warning on recent GCC.
2020-09-21 12:02:37 -04:00
Vladimir Serbinenko
384d3e5b84 genmoddep: Check that no modules provide the same symbol.
The semantics of 2 modules providing the same symbol are undefined. So
ensure that it doesn't happen.
2020-09-21 12:02:37 -04:00
Vladimir Serbinenko
547d8201cf Fix symbols appearing in several modules in linux*.
If same symbol is provided by 2 modules its semantics are undefined.
Avoid this by depending rather than double-including files.
2020-09-21 12:02:37 -04:00
Vladimir Serbinenko
ec4630c2b5 multiboot: disentangle multiboot and multiboot2.
Previously we had multiboot and multiboot2 declaring the same symbols.
This can potentially lead to aliasing and strange behaviours when e.g.
module instead of module2 is used with multiboot2.

Bug: #51137
2020-09-21 12:02:37 -04:00
Vladimir Serbinenko
aa34f69d5d hdparm: Depend on hexdump rather than having a second copy of hexdump. 2020-09-21 12:02:37 -04:00
Pete Batard
0f6ca5ecf9 io: add a GRUB_GZ prefix to gzio specific defines
* This is done to avoid a conflict with a PACKED define in the EDK2
2020-09-21 12:02:37 -04:00
Pete Batard
5ba09fb415 core: use GRUB_TERM_ definitions when handling term characters
* Also use hex value for GRUB_TERM_ESC as '\e' is not in the C standard and is not understood by some compilers
2020-09-21 12:02:37 -04:00
Leif Lindholm
5f294d3b9e efi: change heap allocation type to GRUB_EFI_LOADER_CODE
With upcoming changes to EDK2, allocations of type EFI_LOADER_DATA may
not return regions with execute ability. Since modules are loaded onto
the heap, change the heap allocation type to GRUB_EFI_LOADER_CODE in
order to permit execution on systems with this feature enabled.

Closes: 50420

Signed-off-by: Leif Lindholm <leif.lindholm@linaro.org>
2020-09-21 12:02:37 -04:00
Leif Lindholm
01f3dcc70a arm64 linux loader: improve type portability
In preparation for turning this into a common loader for 32-bit and 64-bit
platforms, ensure the code will compile cleanly for either.

Signed-off-by: Leif Lindholm <leif.lindholm@linaro.org>
2020-09-21 12:02:37 -04:00
Leif Lindholm
793b90c851 efi: Add GRUB_PE32_MAGIC definition
Add a generic GRUB_PE32_MAGIC definition for the PE 'MZ' tag and delete
the existing one in arm64/linux.h.

Update arm64 Linux loader to use this new definition.

Signed-off-by: Leif Lindholm <leif.lindholm@linaro.org>
2020-09-21 12:02:37 -04:00
Leif Lindholm
30f13fbfa6 efi: move fdt helper library
There is nothing ARM64 (or even ARM) specific about the efi fdt helper
library, which is used for locating or overriding a firmware-provided
devicetree in a UEFI system - so move it to loader/efi for reuse.

Move the fdtload.h include file to grub/efi and update path to
efi/fdtload.h in source code referring to it.

Signed-off-by: Leif Lindholm <leif.lindholm@linaro.org>
2020-09-21 12:02:37 -04:00
Vladimir Serbinenko
6825a1d3f1 Remove grub_efi_allocate_pages.
grub_efi_allocate_pages Essentially does 2 unrelated things:
* Allocate at fixed address.
* Allocate at any address.

To switch between 2 different functions it uses address == 0 as magic
value which is wrong as 0 is a perfectly valid fixed adress to allocate at.
2020-09-21 12:02:37 -04:00
Leif Lindholm
22619f1593 efi: refactor grub_efi_allocate_pages
Expose a new function, grub_efi_allocate_pages_real(), making it possible
to specify allocation type and memory type as supported by the UEFI
AllocatePages boot service.

Make grub_efi_allocate_pages() a consumer of the new function,
maintaining its old functionality.

Also delete some left-around #if 1/#else blocks in the affected
functions.

Signed-off-by: Leif Lindholm <leif.lindholm@linaro.org>
2020-09-21 11:32:45 -04:00
Pali Rohár
682b3134b6 * grub-core/fs/udf.c: Add support for UUID
Use same algorithm as in libblkid from util-linux v2.30.

1. Take first 16 bytes from UTF-8 encoded string of VolumeSetIdentifier
2. If all bytes are hexadecimal digits, convert to lowercase and use as UUID
3. If first 8 bytes are not all hexadecimal digits, convert those 8 bytes
   to their hexadecimal representation, resulting in 16 bytes for UUID
4. Otherwise, compose UUID from two parts:
   1. part: converted first 8 bytes (which are hexadecimal digits) to lowercase
   2. part: encoded following 4 bytes to their hexadecimal representation (16 bytes)

So UUID would always have 16 hexadecimal digits in lowercase variant.

According to UDF specification, first 16 Unicode characters of
VolumeSetIdentifier should be unique value and first 8 should be
hexadecimal characters.

In most cases all 16 characters are hexadecimal, but e.g. MS Windows
format.exe set only first 8 as hexadecimal and remaining as fixed
(non-unique) which violates specification.
2020-09-21 11:32:45 -04:00
Pali Rohár
ab444c54a7 udf: Fix reading label, lvd.ident is dstring
UDF dstring has stored length in the last byte of buffer. Therefore last
byte is not part of recorded characters. And empty string in dstring is
encoded as empty buffer, including first byte (compression id).
2020-09-21 11:32:45 -04:00
Pete Batard
e2296e205e zfs: remove size_t typedef and use grub_size_t instead
* Prevents some toolchains from issuing a warning on size_t redef.
2020-09-21 11:32:45 -04:00
Rob Clark
a74336596f Fix a segfault in lsefi
when protocols_per_handle returns error, we can't use the pointers we
passed to it, and that includes trusting num_protocols.

Signed-off-by: Peter Jones <pjones@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2020-09-21 11:32:45 -04:00
Vladimir Serbinenko
21b3d3efee fdt: silence clang warning. 2020-09-21 11:32:45 -04:00
Vladimir Serbinenko
0c4852ea0e arm-efi: Fix compilation 2020-09-21 11:32:45 -04:00
Vladimir Serbinenko
8efa8a0e94 ehci: Fix compilation on i386 2020-09-21 11:32:45 -04:00
phcoder
8d54a08733 ehci: Fix compilation for amd64 2020-09-21 11:32:45 -04:00
Eric Biggers
4aaa6b639d Allow GRUB to mount ext2/3/4 filesystems that have the encryption feature.
On such a filesystem, inodes may have EXT4_ENCRYPT_FLAG set.
For a regular file, this means its contents are encrypted; for a
directory, this means the filenames in its directory entries are
encrypted; and for a symlink, this means its target is encrypted.  Since
GRUB cannot decrypt encrypted contents or filenames, just issue an error
if it would need to do so.  This is sufficient to allow unencrypted boot
files to co-exist with encrypted files elsewhere on the filesystem.

(Note that encrypted regular files and symlinks will not normally be
encountered outside an encrypted directory; however, it's possible via
hard links, so they still need to be handled.)

Tested by booting from an ext4 /boot partition on which I had run
'tune2fs -O encrypt'.  I also verified that the expected error messages
are printed when trying to access encrypted directories, files, and
symlinks from the GRUB command line.  Also ran 'sudo ./grub-fs-tester
ext4_encrypt'; note that this requires e2fsprogs v1.43+ and Linux v4.1+.

Signed-off-by: Eric Biggers <ebiggers@google.com>
2020-09-21 11:32:45 -04:00
Eric Snowberg
da4e8334b2 sparc64: Don't use devspec to determine the OBP path
Don't use devspec to determine the OBP path on SPARC hardware.  Within all
versions of Linux on SPARC, the devspec returns one of three values:
"none", "vnet-port", or "vdisk".  Unlike on PPC, none of these values
are useful in determining the OBP path.

Before this patch grub-ofpathname always returned the wrong value
for a virtual disk. For example:

% grub-ofpathname /dev/vdiskc2
vdisk/disk@2:b

After this patch it now returns the correct value:

% grub-ofpathname /dev/vdiskc2
/virtual-devices@100/channel-devices@200/disk@2:b

Orabug: 24459765

Signed-off-by: Eric Snowberg <eric.snowberg@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2020-09-21 11:32:45 -04:00
Fu Wei
3418e2bd52 arm64: Add "--nounzip" option support in xen_module command
This patch adds "--nounzip" option support in order to
be compatible with the module command of multiboot on other architecture,
by this way we can simplify grub-mkconfig support code.

This patch also allow us to use zip compressed module(like Linux kernel
for Dom0).

Signed-off-by: Fu Wei <fu.wei@linaro.org>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2020-09-21 11:32:45 -04:00
Julien Grall
bf4d71848f arm64/xen_boot: Fix Xen boot using GRUB2 on AARCH64
Xen is currently crashing because of malformed compatible property for
the boot module. This is because the property string is not
null-terminated as requested by the ePAR spec.

Signed-off-by: Julien Grall <julien.grall@linaro.org>
Tested-by: Fu Wei <fu.wei@linaro.org>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2020-09-21 11:32:45 -04:00
Eric Snowberg
53d00ac6ef sparc64: Close cdboot ihandle
The ihandle is left open with a cd-core image.  This will cause a delay
booting grub from a virtual cdrom in a LDOM.  It will also cause problems
as Linux boots, since it expects the ihandle to be closed during init.

Orabug: 25911275

Signed-off-by: Eric Snowberg <eric.snowberg@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2020-09-21 11:32:45 -04:00
Vladimir Serbinenko
6ff34a6a81 at_keyboard: Fix falco chromebook case.
EC is slow, so we need few delays for it to toggle the bits correctly.

Command to enable clock and keyboard were not sent.
2020-09-21 11:32:45 -04:00
Julius Werner
4ffbbeca95 coreboot: Changed cbmemc to support updated console format from coreboot. 2020-09-21 11:32:45 -04:00
Vladimir Serbinenko
4ff15188e3 Missing parts of previous commit 2020-09-21 11:32:45 -04:00