Commit graph

2347 commits

Author SHA1 Message Date
Peter Jones
d2cf823d0e efi: Fix some malformed device path arithmetic errors
Several places we take the length of a device path and subtract 4 from
it, without ever checking that it's >= 4. There are also cases where
this kind of malformation will result in unpredictable iteration,
including treating the length from one dp node as the type in the next
node. These are all errors, no matter where the data comes from.

This patch adds a checking macro, GRUB_EFI_DEVICE_PATH_VALID(), which
can be used in several places, and makes GRUB_EFI_NEXT_DEVICE_PATH()
return NULL and GRUB_EFI_END_ENTIRE_DEVICE_PATH() evaluate as true when
the length is too small. Additionally, it makes several places in the
code check for and return errors in these cases.

Signed-off-by: Peter Jones <pjones@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2020-07-29 16:55:48 +02:00
Chris Coulson
426f57383d script: Avoid a use-after-free when redefining a function during execution
Defining a new function with the same name as a previously defined
function causes the grub_script and associated resources for the
previous function to be freed. If the previous function is currently
executing when a function with the same name is defined, this results
in use-after-frees when processing subsequent commands in the original
function.

Instead, reject a new function definition if it has the same name as
a previously defined function, and that function is currently being
executed. Although a behavioural change, this should be backwards
compatible with existing configurations because they can't be
dependent on the current behaviour without being broken.

Fixes: CVE-2020-15706

Signed-off-by: Chris Coulson <chris.coulson@canonical.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2020-07-29 16:55:48 +02:00
Chris Coulson
1a8d9c9b4a script: Remove unused fields from grub_script_function struct
Signed-off-by: Chris Coulson <chris.coulson@canonical.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2020-07-29 16:55:48 +02:00
Alexey Makhalov
61ff5602fe relocator: Protect grub_relocator_alloc_chunk_align() max_addr against integer underflow
This commit introduces integer underflow mitigation in max_addr calculation
in grub_relocator_alloc_chunk_align() invocation.

It consists of 2 fixes:
  1. Introduced grub_relocator_alloc_chunk_align_safe() wrapper function to perform
     sanity check for min/max and size values, and to make safe invocation of
     grub_relocator_alloc_chunk_align() with validated max_addr value. Replace all
     invocations such as grub_relocator_alloc_chunk_align(..., min_addr, max_addr - size, size, ...)
     by grub_relocator_alloc_chunk_align_safe(..., min_addr, max_addr, size, ...).
  2. Introduced UP_TO_TOP32(s) macro for the cases where max_addr is 32-bit top
     address (0xffffffff - size + 1) or similar.

Signed-off-by: Alexey Makhalov <amakhalov@vmware.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2020-07-29 16:55:48 +02:00
Peter Jones
f725fa7cb2 calloc: Use calloc() at most places
This modifies most of the places we do some form of:

  X = malloc(Y * Z);

to use calloc(Y, Z) instead.

Among other issues, this fixes:
  - allocation of integer overflow in grub_png_decode_image_header()
    reported by Chris Coulson,
  - allocation of integer overflow in luks_recover_key()
    reported by Chris Coulson,
  - allocation of integer overflow in grub_lvm_detect()
    reported by Chris Coulson.

Fixes: CVE-2020-14308

Signed-off-by: Peter Jones <pjones@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2020-07-29 16:55:47 +02:00
Peter Jones
64e26162eb calloc: Make sure we always have an overflow-checking calloc() available
This tries to make sure that everywhere in this source tree, we always have
an appropriate version of calloc() (i.e. grub_calloc(), xcalloc(), etc.)
available, and that they all safely check for overflow and return NULL when
it would occur.

Signed-off-by: Peter Jones <pjones@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2020-07-29 16:55:47 +02:00
Peter Jones
68708c4503 safemath: Add some arithmetic primitives that check for overflow
This adds a new header, include/grub/safemath.h, that includes easy to
use wrappers for __builtin_{add,sub,mul}_overflow() declared like:

  bool OP(a, b, res)

where OP is grub_add, grub_sub or grub_mul. OP() returns true in the
case where the operation would overflow and res is not modified.
Otherwise, false is returned and the operation is executed.

These arithmetic primitives require newer compiler versions. So, bump
these requirements in the INSTALL file too.

Signed-off-by: Peter Jones <pjones@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2020-07-29 16:55:47 +02:00
Tianjia Zhang
c867185b81 tpm: Rename function grub_tpm_log_event() to grub_tpm_measure()
grub_tpm_log_event() and grub_tpm_measure() are two functions that
have the same effect. So, keep grub_tpm_log_event() and rename it
to grub_tpm_measure(). This way we get also a more clear semantics.

Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2020-05-15 15:37:28 +02:00
Hans de Goede
12341958d2 kern/term: Accept ESC, F4 and holding SHIFT as user interrupt keys
On some devices the ESC key is the hotkey to enter the BIOS/EFI setup
screen, making it really hard to time pressing it right. Besides that
ESC is also pretty hard to discover for a user who does not know it
will unhide the menu.

This commit makes F4, which was chosen because is not used as a hotkey
to enter the BIOS setup by any vendor, also interrupt sleeps / stop the
menu countdown.

This solves the ESC gets into the BIOS setup and also somewhat solves
the discoverability issue, but leaves the timing issue unresolved.

This commit fixes the timing issue by also adding support for keeping
SHIFT pressed during boot to stop the menu countdown. This matches
what Ubuntu is doing, which should also help with discoverability.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2020-04-21 22:13:44 +02:00
Hans de Goede
2d7c3abd87 efi/console: Do not set text-mode until we actually need it
If we're running with a hidden menu we may never need text mode, so do not
change the video-mode to text until we actually need it.

This allows to boot a machine without unnecessary graphical transitions and
provide a seamless boot experience to users.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2020-04-21 22:13:14 +02:00
Hans de Goede
5bcdf67642 kern/term: Make grub_getkeystatus() helper function available everywhere
Move grub_getkeystatushelper() function from grub-core/commands/keystatus.c
to grub-core/kern/term.c and export it so that it can be used outside of
the keystatus command code too.

There's no logic change in this patch. The function definition is moved so
it can be called from grub-core/kern/term.c in a subsequent patch. It will
be used to determine if a SHIFT key has was held down and use that also to
interrupt the countdown, without the need to press a key at the right time.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2020-04-21 22:08:52 +02:00
Flavio Suligoi
2a6308b954 efi: Add missed space in GRUB_EFI_GLOBAL_VARIABLE_GUID
Signed-off-by: Flavio Suligoi <f.suligoi@asem.it>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2020-03-31 12:17:03 +02:00
Michael Chang
68006d1732 zfs: Fix gcc10 error -Werror=zero-length-bounds
We bumped into the build error while testing gcc-10 pre-release.

In file included from ../../include/grub/file.h:22,
		from ../../grub-core/fs/zfs/zfs.c:34:
../../grub-core/fs/zfs/zfs.c: In function 'zap_leaf_lookup':
../../grub-core/fs/zfs/zfs.c:2263:44: error: array subscript '<unknown>' is outside the bounds of an interior zero-length array 'grub_uint16_t[0]' {aka 'short unsigned int[0]'} [-Werror=zero-length-bounds]
2263 |   for (chunk = grub_zfs_to_cpu16 (l->l_hash[LEAF_HASH (blksft, h, l)], endian);
../../include/grub/types.h:241:48: note: in definition of macro 'grub_le_to_cpu16'
 241 | # define grub_le_to_cpu16(x) ((grub_uint16_t) (x))
     |                                                ^
../../grub-core/fs/zfs/zfs.c:2263:16: note: in expansion of macro 'grub_zfs_to_cpu16'
2263 |   for (chunk = grub_zfs_to_cpu16 (l->l_hash[LEAF_HASH (blksft, h, l)], endian);
     |                ^~~~~~~~~~~~~~~~~
In file included from ../../grub-core/fs/zfs/zfs.c:48:
../../include/grub/zfs/zap_leaf.h:72:16: note: while referencing 'l_hash'
  72 |  grub_uint16_t l_hash[0];
     |                ^~~~~~

Here I'd like to quote from the gcc document [1] which seems best to
explain what is going on here.

"Although the size of a zero-length array is zero, an array member of
this kind may increase the size of the enclosing type as a result of
tail padding. The offset of a zero-length array member from the
beginning of the enclosing structure is the same as the offset of an
array with one or more elements of the same type. The alignment of a
zero-length array is the same as the alignment of its elements.

Declaring zero-length arrays in other contexts, including as interior
members of structure objects or as non-member objects, is discouraged.
Accessing elements of zero-length arrays declared in such contexts is
undefined and may be diagnosed."

The l_hash[0] is apparnetly an interior member to the enclosed structure
while l_entries[0] is the trailing member. And the offending code tries
to access members in l_hash[0] array that triggers the diagnose.

Given that the l_entries[0] is used to get proper alignment to access
leaf chunks, we can accomplish the same thing through the ALIGN_UP macro
thus eliminating l_entries[0] from the structure. In this way we can
pacify the warning as l_hash[0] now becomes the last member to the
enclosed structure.

[1] https://gcc.gnu.org/onlinedocs/gcc/Zero-Length.html

Signed-off-by: Michael Chang <mchang@suse.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2020-03-31 12:17:03 +02:00
Peter Jones
9b89b1dedb efi: Fix the type of grub_efi_status_t
Currently, in some builds with some checkers, we see:

1. grub-core/disk/efi/efidisk.c:601: error[shiftTooManyBitsSigned]: Shifting signed 64-bit value by 63 bits is undefined behaviour

This is because grub_efi_status_t is defined as grub_efi_intn_t, which is
signed, and shifting into the sign bit is not defined behavior.  UEFI fixed
this in the spec in 2.3:

2.3 | Change the defined type of EFI_STATUS from INTN to UINTN | May 7, 2009

And the current EDK2 code has:
MdePkg/Include/Base.h-//
MdePkg/Include/Base.h-// Status codes common to all execution phases
MdePkg/Include/Base.h-//
MdePkg/Include/Base.h:typedef UINTN RETURN_STATUS;
MdePkg/Include/Base.h-
MdePkg/Include/Base.h-/**
MdePkg/Include/Base.h-  Produces a RETURN_STATUS code with the highest bit set.
MdePkg/Include/Base.h-
MdePkg/Include/Base.h-  @param  StatusCode    The status code value to convert into a warning code.
MdePkg/Include/Base.h-                        StatusCode must be in the range 0x00000000..0x7FFFFFFF.
MdePkg/Include/Base.h-
MdePkg/Include/Base.h-  @return The value specified by StatusCode with the highest bit set.
MdePkg/Include/Base.h-
MdePkg/Include/Base.h-**/
MdePkg/Include/Base.h-#define ENCODE_ERROR(StatusCode)     ((RETURN_STATUS)(MAX_BIT | (StatusCode)))
MdePkg/Include/Base.h-
MdePkg/Include/Base.h-/**
MdePkg/Include/Base.h-  Produces a RETURN_STATUS code with the highest bit clear.
MdePkg/Include/Base.h-
MdePkg/Include/Base.h-  @param  StatusCode    The status code value to convert into a warning code.
MdePkg/Include/Base.h-                        StatusCode must be in the range 0x00000000..0x7FFFFFFF.
MdePkg/Include/Base.h-
MdePkg/Include/Base.h-  @return The value specified by StatusCode with the highest bit clear.
MdePkg/Include/Base.h-
MdePkg/Include/Base.h-**/
MdePkg/Include/Base.h-#define ENCODE_WARNING(StatusCode)   ((RETURN_STATUS)(StatusCode))
MdePkg/Include/Base.h-
MdePkg/Include/Base.h-/**
MdePkg/Include/Base.h-  Returns TRUE if a specified RETURN_STATUS code is an error code.
MdePkg/Include/Base.h-
MdePkg/Include/Base.h-  This function returns TRUE if StatusCode has the high bit set.  Otherwise, FALSE is returned.
MdePkg/Include/Base.h-
MdePkg/Include/Base.h-  @param  StatusCode    The status code value to evaluate.
MdePkg/Include/Base.h-
MdePkg/Include/Base.h-  @retval TRUE          The high bit of StatusCode is set.
MdePkg/Include/Base.h-  @retval FALSE         The high bit of StatusCode is clear.
MdePkg/Include/Base.h-
MdePkg/Include/Base.h-**/
MdePkg/Include/Base.h-#define RETURN_ERROR(StatusCode)     (((INTN)(RETURN_STATUS)(StatusCode)) < 0)
...
Uefi/UefiBaseType.h:typedef RETURN_STATUS             EFI_STATUS;

This patch makes grub's implementation match the Edk2 declaration with regards
to the signedness of the type.

Signed-off-by: Peter Jones <pjones@redhat.com>
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2020-03-10 21:42:31 +01:00
Alexander Graf
e642c95ab6 efi/gop: Add support for BLT_ONLY adapters
EFI GOP has support for multiple different bitness types of frame buffers
and for a special "BLT only" type which is always defined to be RGBx.

Because grub2 doesn't ever directly access the frame buffer but instead
only renders graphics via the BLT interface anyway, we can easily support
these adapters.

The reason this has come up now is the emerging support for virtio-gpu
in OVMF. That adapter does not have the notion of a memory mapped frame
buffer and thus is BLT only.

Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2020-03-10 21:40:31 +01:00
Peter Jones
8d88ae92b5 kern: Add grub_debug_enabled()
Add a grub_debug_enabled() helper function instead of open coding it.

Signed-off-by: Peter Jones <pjones@redhat.com>
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2020-03-10 21:40:06 +01:00
Peter Jones
d5a32255de misc: Make grub_strtol() "end" pointers have safer const qualifiers
Currently the string functions grub_strtol(), grub_strtoul(), and
grub_strtoull() don't declare the "end" pointer in such a way as to
require the pointer itself or the character array to be immutable to the
implementation, nor does the C standard do so in its similar functions,
though it does require us not to change any of it.

The typical declarations of these functions follow this pattern:

long
strtol(const char * restrict nptr, char ** restrict endptr, int base);

Much of the reason for this is historic, and a discussion of that
follows below, after the explanation of this change.  (GRUB currently
does not include the "restrict" qualifiers, and we name the arguments a
bit differently.)

The implementation is semantically required to treat the character array
as immutable, but such accidental modifications aren't stopped by the
compiler, and the semantics for both the callers and the implementation
of these functions are sometimes also helped by adding that requirement.

This patch changes these declarations to follow this pattern instead:

long
strtol(const char * restrict nptr,
       const char ** const restrict endptr,
       int base);

This means that if any modification to these functions accidentally
introduces either an errant modification to the underlying character
array, or an accidental assignment to endptr rather than *endptr, the
compiler should generate an error.  (The two uses of "restrict" in this
case basically mean strtol() isn't allowed to modify the character array
by going through *endptr, and endptr isn't allowed to point inside the
array.)

It also means the typical use case changes to:

  char *s = ...;
  const char *end;
  long l;

  l = strtol(s, &end, 10);

Or even:

  const char *p = str;
  while (p && *p) {
	  long l = strtol(p, &p, 10);
	  ...
  }

This fixes 26 places where we discard our attempts at treating the data
safely by doing:

  const char *p = str;
  long l;

  l = strtol(p, (char **)&ptr, 10);

It also adds 5 places where we do:

  char *p = str;
  while (p && *p) {
	  long l = strtol(p, (const char ** const)&p, 10);
	  ...
	  /* more calls that need p not to be pointer-to-const */
  }

While moderately distasteful, this is a better problem to have.

With one minor exception, I have tested that all of this compiles
without relevant warnings or errors, and that /much/ of it behaves
correctly, with gcc 9 using 'gcc -W -Wall -Wextra'.  The one exception
is the changes in grub-core/osdep/aros/hostdisk.c , which I have no idea
how to build.

Because the C standard defined type-qualifiers in a way that can be
confusing, in the past there's been a slow but fairly regular stream of
churn within our patches, which add and remove the const qualifier in many
of the users of these functions.  This change should help avoid that in
the future, and in order to help ensure this, I've added an explanation
in misc.h so that when someone does get a compiler warning about a type
error, they have the fix at hand.

The reason we don't have "const" in these calls in the standard is
purely anachronistic: C78 (de facto) did not have type qualifiers in the
syntax, and the "const" type qualifier was added for C89 (I think; it
may have been later).  strtol() appears to date from 4.3BSD in 1986,
which means it could not be added to those functions in the standard
without breaking compatibility, which is usually avoided.

The syntax chosen for type qualifiers is what has led to the churn
regarding usage of const, and is especially confusing on string
functions due to the lack of a string type.  Quoting from C99, the
syntax is:

 declarator:
  pointer[opt] direct-declarator
 direct-declarator:
  identifier
  ( declarator )
  direct-declarator [ type-qualifier-list[opt] assignment-expression[opt] ]
  ...
  direct-declarator [ type-qualifier-list[opt] * ]
  ...
 pointer:
  * type-qualifier-list[opt]
  * type-qualifier-list[opt] pointer
 type-qualifier-list:
  type-qualifier
  type-qualifier-list type-qualifier
 ...
 type-qualifier:
  const
  restrict
  volatile

So the examples go like:

const char foo;			// immutable object
const char *foo;		// mutable pointer to object
char * const foo;		// immutable pointer to mutable object
const char * const foo;		// immutable pointer to immutable object
const char const * const foo; 	// XXX extra const keyword in the middle
const char * const * const foo; // immutable pointer to immutable
				//   pointer to immutable object
const char ** const foo;	// immutable pointer to mutable pointer
				//   to immutable object

Making const left-associative for * and right-associative for everything
else may not have been the best choice ever, but here we are, and the
inevitable result is people using trying to use const (as they should!),
putting it at the wrong place, fighting with the compiler for a bit, and
then either removing it or typecasting something in a bad way.  I won't
go into describing restrict, but its syntax has exactly the same issue
as with const.

Anyway, the last example above actually represents the *behavior* that's
required of strtol()-like functions, so that's our choice for the "end"
pointer.

Signed-off-by: Peter Jones <pjones@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2020-02-28 12:41:29 +01:00
Peter Jones
03e72830ab grub-editenv: Add grub_util_readlink()
Currently grub-editenv and related tools are not able to follow symbolic
links when finding their config file. For example the grub-editenv create
command will wrongly overwrite a symlink in /boot/grub2/grubenv with a new
regular file, instead of creating a file in the path the symlink points to.

A following patch will change that and add support in grub-editenv to
follow symbolic links when finding the grub environment variables file.

Add a grub_util_readlink() helper function that is just a wrapper around
the platform specific function to read the value of a symbolic link. This
helper function will be used by the following patch for grub-editenv.

The helper function is not added for Windows, since this operating system
doesn't have a primitive to read the contents of a symbolic link.

Signed-off-by: Peter Jones <pjones@redhat.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2020-02-18 15:14:13 +01:00
Paulo Flabiano Smorigo
cb2f15c544 normal/main: Search for specific config files for netboot
This patch implements a search for a specific configuration when the config
file is on a remoteserver. It uses the following order:
   1) DHCP client UUID option.
   2) MAC address (in lower case hexadecimal with dash separators);
   3) IP (in upper case hexadecimal) or IPv6;
   4) The original grub.cfg file.

This procedure is similar to what is used by pxelinux and yaboot:
http://www.syslinux.org/wiki/index.php/PXELINUX#config

It is enabled by default but can be disabled by setting the environment
variable "feature_net_search_cfg" to "n" in an embedded configuration.

Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=873406

Signed-off-by: Paulo Flabiano Smorigo <pfsmorigo@br.ibm.com>
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2020-02-18 15:12:06 +01:00
Paulo Flabiano Smorigo
febc761e67 net/dhcp: Set net_<interface>_client{id, uuid} variables from DHCP options
This patch sets a net_<interface>_clientid and net_<interface>_clientuuid
GRUB environment variables, using the DHCP client ID and UUID options if
these are found.

In the same way than net_<interface>_<option> variables are set for other
options such domain name, boot file, next server, etc.

Signed-off-by: Paulo Flabiano Smorigo <pfsmorigo@br.ibm.com>
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2020-02-18 15:12:06 +01:00
Javier Martinez Canillas
e921119857 net/dhcp: Consistently use decimal numbers for DHCP/BOOTP options enum
The DHCP Options and BOOTP Vendor Extensions enum values are a mixture of
decimal and hexadecimal numbers. Change this to consistently use decimal
numbers for all since that is how these values are defined by RFC 2132.

Suggested-by: Daniel Kiper <daniel.kiper@oracle.com>
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2020-02-18 15:12:06 +01:00
Patrick Steinhardt
dd3f49b106 luks: Move configuration of ciphers into cryptodisk
The luks module contains quite a lot of logic to parse cipher and
cipher-mode strings like aes-xts-plain64 into constants to apply them
to the grub_cryptodisk_t structure. This code will be required by the
upcoming luks2 module, as well, which is why this commit moves it into
its own function grub_cryptodisk_setcipher in the cryptodisk module.
While the strings are probably rather specific to the LUKS modules, it
certainly does make sense that the cryptodisk module houses code to set
up its own internal ciphers instead of hosting that code in the luks
module.

Except for necessary adjustments around error handling, this commit does
an exact move of the cipher configuration logic from luks.c to
cryptodisk.c. Any behavior changes are unintentional.

Signed-off-by: Patrick Steinhardt <ps@pks.im>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2020-01-10 14:29:37 +01:00
Andreas Schwab
a57977b5fa RISC-V: Add __clzdi2 symbol
This is needed for the zstd module build for riscv64-emu.

Signed-off-by: Andreas Schwab <schwab@suse.de>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2019-09-23 13:17:15 +02:00
David Michael
688023cd0a smbios: Add a module for retrieving SMBIOS information
The following are two use cases from Rajat Jain <rajatjain@juniper.net>:

  1) We have a board that boots Linux and this board itself can be plugged
     into one of different chassis types. We need to pass different
     parameters to the kernel based on the "CHASSIS_TYPE" information
     that is passed by the bios in the DMI/SMBIOS tables.

  2) We may have a USB stick that can go into multiple boards, and the
     exact kernel to be loaded depends on the machine information
     (PRODUCT_NAME etc) passed via the DMI.

Signed-off-by: David Michael <fedora.dm0@gmail.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2019-07-11 21:06:12 +02:00
David Michael
261df54f17 lsefisystab: Define SMBIOS3 entry point structures for EFI
This adds the GUID and includes it in lsefisystab output.

Signed-off-by: David Michael <fedora.dm0@gmail.com>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2019-07-11 18:13:15 +02:00
Leif Lindholm
4e7b5bb3be ia64: build fix in cache.h
Add IA64 to the architectures excluding a declaration for
grub_arch_sync_dma_caches().

IA64 does not include any of the source files that require the function,
but was overlooked for d8901e3ba1 ("cache: Fix compilation for ppc,
sparc and arm64").

Add it to the list of excluding architectures in order to not get
missing symbol errors when running grub-mkimage.

Reported-by: Alexander Graf <agraf@csgraf.de>
Signed-off-by: Leif Lindholm <leif.lindholm@linaro.org>
Tested-by: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2019-06-07 15:37:55 +02:00
Michael Chang
0b1bf3932f acpi: Fix gcc9 error -Waddress-of-packed-member
Simply adds the missing packed attribute to 'struct grub_acpi_madt'.

[  233s] ../../grub-core/commands/lsacpi.c: In function 'disp_acpi_xsdt_table':
[  233s] ../../grub-core/commands/lsacpi.c:201:27: error: converting a packed 'struct grub_acpi_table_header' pointer (alignment 1) to a 'struct grub_acpi_madt' pointer (alignment 4) may result in an unaligned pointer value [-Werror=address-of-packed-member]
[  233s]   201 |  disp_madt_table ((struct grub_acpi_madt *) t);
[  233s]       |                           ^~~~~~~~~~~~~~
[  233s] In file included from ../../grub-core/commands/lsacpi.c:23:
[  233s] ../../include/grub/acpi.h:50:8: note: defined here
[  233s]    50 | struct grub_acpi_table_header
[  233s]       |        ^~~~~~~~~~~~~~~~~~~~~~
[  233s] ../../include/grub/acpi.h:90:8: note: defined here
[  233s]    90 | struct grub_acpi_madt
[  233s]       |        ^~~~~~~~~~~~~~
[  233s] ../../grub-core/commands/lsacpi.c: In function 'disp_acpi_rsdt_table':
[  233s] ../../grub-core/commands/lsacpi.c:225:27: error: converting a packed 'struct grub_acpi_table_header' pointer (alignment 1) to a 'struct grub_acpi_madt' pointer (alignment 4) may result in an unaligned pointer value [-Werror=address-of-packed-member]
[  233s]   225 |  disp_madt_table ((struct grub_acpi_madt *) t);
[  233s]       |                           ^~~~~~~~~~~~~~
[  233s] In file included from ../../grub-core/commands/lsacpi.c:23:
[  233s] ../../include/grub/acpi.h:50:8: note: defined here
[  233s]    50 | struct grub_acpi_table_header
[  233s]       |        ^~~~~~~~~~~~~~~~~~~~~~
[  233s] ../../include/grub/acpi.h:90:8: note: defined here
[  233s]    90 | struct grub_acpi_madt
[  233s]       |        ^~~~~~~~~~~~~~

Signed-off-by: Michael Chang <mchang@suse.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2019-04-23 11:37:08 +02:00
Michael Chang
0e49748fad hfs: Fix gcc9 error -Waddress-of-packed-member
Simply adds the missing packed attribute to 'struct grub_hfs_extent'.

[   83s] ../grub-core/fs/hfs.c: In function 'grub_hfs_iterate_records':
[   83s] ../grub-core/fs/hfs.c:699:9: error: taking address of packed member of 'struct grub_hfs_sblock' may result in an unaligned pointer value [-Werror=address-of-packed-member]
[   83s]   699 |      ? (&data->sblock.catalog_recs)
[   83s]       |        ~^~~~~~~~~~~~~~~~~~~~~~~~~~~
[   83s] ../grub-core/fs/hfs.c:700:9: error: taking address of packed member of 'struct grub_hfs_sblock' may result in an unaligned pointer value [-Werror=address-of-packed-member]
[   83s]   700 |      : (&data->sblock.extent_recs));
[   83s]       |        ~^~~~~~~~~~~~~~~~~~~~~~~~~~

Signed-off-by: Michael Chang <mchang@suse.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2019-04-23 11:37:08 +02:00
Daniel Kiper
acc726f812 x86/msr: Fix build with older GCC versions
Some older GCC versions produce following error when x86 MSR modules are build:

  In file included from commands/i386/rdmsr.c:29:0:
  ../include/grub/i386/rdmsr.h:27:29: error: no previous prototype for ‘grub_msr_read’ [-Werror=missing-prototypes]
   extern inline grub_uint64_t grub_msr_read (grub_uint32_t msr_id)
                               ^
  cc1: all warnings being treated as errors

This happens due to lack of support for a such usage of extern keyword
in older GCCs. Additionally, this usage is not consistent with the rest
of codebase. So, replace it with static keyword.

Additionally, fix incorrect coding style.

Reported-by: Eric Snowberg <eric.snowberg@oracle.com>
Reported-by: adrian15 <adrian15sgd@gmail.com>
Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com>
Reviewed-by: Vladimir 'phcoder' Serbinenko <phcoder@gmail.com>
Reviewed-by: Eric Snowberg <eric.snowberg@oracle.com>
Tested-by: adrian15 <adrian15sgd@gmail.com>
2019-04-23 11:04:07 +02:00
Vladimir Serbinenko
ad4bfeec5c Change fs functions to add fs_ prefix
This avoid conflict with gnulib

Signed-off-by: Vladimir Serbinenko <phcoder@google.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2019-04-09 10:03:29 +10:00
Andrew Jeddeloh
e683cfb0cf loader/i386/linux: Calculate the setup_header length
Previously the setup_header length was just assumed to be the size of the
linux_kernel_params struct. The linux x86 32-bit boot protocol says that the
end of the linux_i386_kernel_header is at 0x202 + the byte value at 0x201 in
the linux_i386_kernel_header. So, calculate the size of the header using the
end of the linux_i386_kernel_header, rather than assume it is the size of the
linux_kernel_params struct.

Additionally, add some required members to the linux_kernel_params
struct and align the content of linux_i386_kernel_header struct with
it. New members naming was taken directly from Linux kernel source.

linux_kernel_params and linux_i386_kernel_header structs require more
cleanup. However, this is not urgent, so, let's do this after release.
Just in case...

Signed-off-by: Andrew Jeddeloh <andrew.jeddeloh@coreos.com>
Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com>
Reviewed-by: Vladimir Serbinenko <phcoder@google.com>
Reviewed-by: Ross Philipson <ross.philipson@oracle.com>
2019-04-02 13:09:54 +02:00
John Paul Adrian Glaubitz
5635e799fd ieee1275: Include a.out header in assembly of sparc64 boot loader
Recent versions of binutils dropped support for the a.out and COFF
formats on sparc64 targets. Since the boot loader on sparc64 is
supposed to be an a.out binary and the a.out header entries are
rather simple to calculate in our case, we just write the header
ourselves instead of relying on external tools to do that.

Signed-off-by: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2019-03-28 11:35:12 +01:00
Vladimir Serbinenko
f91e4d1633 Propagate GNU_PRINTF from gnulib vfprintf
gnulib now replaces vfprintf and hence its format becomes GNU_PRINTF format

This also fixes matching definitions to always use GNU format

Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Signed-off-by: Vladimir Serbinenko <phcoder@google.com>
2019-03-26 15:08:00 +01:00
Vladimir Serbinenko
98c3a1a76b efi/tpm.h: Fix hash_log_extend_event definition.
I didn't check the spec but pointer to address doesn't make much sense
and doesn't match the code.

Signed-off-by: Vladimir Serbinenko <phcoder@google.com>
2019-03-25 15:16:26 +01:00
Vladimir Serbinenko
384091967d Rename grub_disk members
Otherwise it horribly clashes with gnulib when it's
replacing open/write/read/close

Signed-off-by: Vladimir Serbinenko <phcoder@google.com>
2019-03-25 15:14:52 +01:00
Daniel Kiper
9dab2f51ea sparc: Enable __clzsi2() and __clzdi2()
This patch is similiar to commit e795b9011 (RISC-V: Add libgcc helpers
for clz) but for SPARC target.

Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com>
Reviewed-by: Ross Philipson <ross.philipson@oracle.com>
2019-03-20 11:38:28 +01:00
Daniel Kiper
e42b0d97ec mips: Enable __clzsi2()
This patch is similiar to commit e795b9011 (RISC-V: Add libgcc helpers
for clz) but for MIPS target.

Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com>
Reviewed-by: Ross Philipson <ross.philipson@oracle.com>
2019-03-20 11:38:28 +01:00
Colin Watson
bcd29eea07 posix_wrap: Flesh out posix_wrap/limits.h a little more
In addition to what was already there, Gnulib's <intprops.h> needs SCHAR_MIN,
SCHAR_MAX, SHRT_MIN, INT_MIN, LONG_MIN, and LONG_MAX. Fixes build on CentOS 7.

Reported-by: "Chen, Farrah" <farrah.chen@intel.com>
Signed-off-by: Colin Watson <cjwatson@ubuntu.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2019-03-20 11:34:06 +01:00
Andrei Borzenkov
5a4f9d5c04 net/dhcp: Actually send out DHCPv4 DISCOVER and REQUEST messages
Even though we were parsing some DHCP options sent by the server, so far
we are only using the BOOTP 2-way handshake, even when talking to a DHCP
server.

Change this by actually sending out DHCP DISCOVER packets instead of the
generic (mostly empty) BOOTP BOOTREQUEST packets.

A pure BOOTP server would ignore the extra DHCP options in the DISCOVER
packet and would just reply with a BOOTREPLY packet, which we also
handle in the code.

Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2019-03-12 20:04:07 +01:00
Andrei Borzenkov
5a365fed87 net/dhcp: Allow receiving DHCP OFFER and ACK packets
In respone to a BOOTREQUEST packet a BOOTP server would answer with a BOOTREPLY
packet, which ends the conversation for good. DHCP uses a 4-way handshake,
where the initial server respone is an OFFER, which has to be answered with
REQUEST by the client again, only to be completed by an ACKNOWLEDGE packet
from the server.

Teach the grub_net_process_dhcp() function to deal with OFFER packets,
and treat ACK packets the same es BOOTREPLY packets.

Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2019-03-12 20:04:07 +01:00
Andrei Borzenkov
93289dc67c net/dhcp: Use DHCP options for name and bootfile
The BOOTP RFC describes the boot file name and the server name as being part
of the integral BOOTP data structure, with some limits on the size of them.
DHCP extends this by allowing them to be separate DHCP options, which is more
flexible.

Teach the code dealing with those fields to check for those DHCP options first
and use this information, if provided. We fall back to using the BOOTP
information if those options are not used.

Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2019-03-12 20:04:07 +01:00
Andrei Borzenkov
12e1b6e604 net/dhcp: Introduce per-interface timeout
Currently we have a global timeout for all network cards in the BOOTP/DHCP
discovery process.

Make this timeout a per-interface one, so better accommodate the upcoming
4-way DHCP handshake and to also cover the lease time limit a DHCP offer
will come with.

Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2019-03-12 20:04:07 +01:00
Andrei Borzenkov
5459243465 net/dhcp: Make grub_net_process_dhcp() take an interface
Change the interface of the function dealing with incoming BOOTP packets
to take an interface instead of a card, to allow more fine per-interface
state (timeout, handshake state) later on.

Use the opportunity to clean up the code a bit.

Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2019-03-12 20:04:07 +01:00
Andrei Borzenkov
bd21d6465e net/dhcp: Allow overloading legacy bootfile and name field
DHCP specifies a special dummy option OVERLOAD, to allow DHCP options to
spill over into the (legacy) BOOTFILE and SNAME fields.

Parse and handle this option properly.

Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2019-03-12 20:04:07 +01:00
Jesús Diéguez Fernández
46f5d51343 msr: Add new MSR modules (rdmsr/wrmsr)
In order to be able to read from and write to model-specific registers,
two new modules are added. They are i386 specific, as the cpuid module.

rdmsr module registers the command rdmsr that allows reading from a MSR.
wrmsr module registers the command wrmsr that allows writing to a MSR.

wrmsr module is disabled if UEFI secure boot is enabled.

Please note that on SMP systems, interacting with a MSR that has a scope
per hardware thread, implies that the value only applies to the
particular cpu/core/thread that ran the command.

Also, if you specify a reserved or unimplemented MSR address, it will
cause a general protection exception (which is not currently being
handled) and the system will reboot.

Signed-off-by: Jesús Diéguez Fernández <jesusdf@gmail.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2019-03-12 20:04:07 +01:00
Jesús Diéguez Fernández
3611c4f42e asm: Replace "__asm__ __volatile__" with "asm volatile"
In order to maintain the coding style consistency, it was requested to
replace the methods that use "__asm__ __volatile__" with "asm volatile".

Signed-off-by: Jesús Diéguez Fernández <jesusdf@gmail.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2019-03-12 20:04:07 +01:00
Eric Snowberg
3434ddec0e ieee1275: obdisk driver
Add a new disk driver called obdisk for IEEE1275 platforms.  Currently
the only platform using this disk driver is SPARC, however other IEEE1275
platforms could start using it if they so choose.  While the functionality
within the current IEEE1275 ofdisk driver may be suitable for PPC and x86, it
presented too many problems on SPARC hardware.

Within the old ofdisk, there is not a way to determine the true canonical
name for the disk.  Within Open Boot, the same disk can have multiple names
but all reference the same disk.  For example the same disk can be referenced
by its SAS WWN, using this form:

/pci@302/pci@2/pci@0/pci@17/LSI,sas@0/disk@w5000cca02f037d6d,0

It can also be referenced by its PHY identifier using this form:

/pci@302/pci@2/pci@0/pci@17/LSI,sas@0/disk@p0

It can also be referenced by its Target identifier using this form:

/pci@302/pci@2/pci@0/pci@17/LSI,sas@0/disk@0

Also, when the LUN=0, it is legal to omit the ,0 from the device name.  So with
the disk above, before taking into account the device aliases, there are 6 ways
to reference the same disk.

Then it is possible to have 0 .. n device aliases all representing the same disk.
Within this new driver the true canonical name is determined using the the
IEEE1275 encode-unit and decode-unit commands when address_cells == 4.  This
will determine the true single canonical name for the device so multiple ihandles
are not opened for the same device.  This is what frequently happens with the old
ofdisk driver.  With some devices when they are opened multiple times it causes
the entire system to hang.

Another problem solved with this driver is devices that do not have a device
alias can be booted and used within GRUB. Within the old ofdisk, this was not
possible, unless it was the original boot device.  All devices behind a SAS
or SCSI parent can be found.   Within the old ofdisk, finding these disks
relied on there being an alias defined.  The alias requirement is not
necessary with this new driver.  It can also find devices behind a parent
after they have been hot-plugged.  This is something that is not possible
with the old ofdisk driver.

The old ofdisk driver also incorrectly assumes that the device pointing to by a
device alias is in its true canonical form. This assumption is never made with
this new driver.

Another issue solved with this driver is that it properly caches the ihandle
for all open devices.  The old ofdisk tries to do this by caching the last
opened ihandle.  However this does not work properly because the layer above
does not use a consistent device name for the same disk when calling into the
driver.  This is because the upper layer uses the bootpath value returned within
/chosen, other times it uses the device alias, and other times it uses the
value within grub.cfg.  It does not have a way to figure out that these devices
are the same disk.  This is not a problem with this new driver.

Due to the way GRUB repeatedly opens and closes the same disk. Caching the
ihandle is important on SPARC.  Without caching, some SAS devices can take
15 - 20 minutes to get to the GRUB menu. This ihandle caching is not possible
without correctly having the canonical disk name.

When available, this driver also tries to use the deblocker #blocks and
a way of determining the disk size.

Finally and probably most importantly, this new driver is also capable of
seeing all partitions on a GPT disk.  With the old driver, the GPT
partition table can not be read and only the first partition on the disk
can be seen.

Signed-off-by: Eric Snowberg <eric.snowberg@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2019-03-12 20:04:07 +01:00
Colin Watson
62daa27056 util: Detect more I/O errors
Many of GRUB's utilities don't check anywhere near all the possible
write errors.  For example, if grub-install runs out of space when
copying a file, it won't notice.  There were missing checks for the
return values of write, fflush, fsync, and close (or the equivalents on
other OSes), all of which must be checked.

I tried to be consistent with the existing logging practices of the
various hostdisk implementations, but they weren't entirely consistent
to start with so I used my judgement.  The result at least looks
reasonable on GNU/Linux when I provoke a write error:

  Installing for x86_64-efi platform.
  grub-install: error: cannot copy `/usr/lib/grub/x86_64-efi-signed/grubx64.efi.signed' to `/boot/efi/EFI/debian/grubx64.efi': No space left on device.

There are more missing checks in other utilities, but this should fix
the most critical ones.

Fixes Debian bug #922741.

Signed-off-by: Colin Watson <cjwatson@ubuntu.com>
Reviewed-by: Steve McIntyre <93sam@debian.org>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2019-03-05 10:23:47 +01:00
Steve McIntyre
686db96646 grub-install: Check for arm-efi as a default target
Much like on x86, we can work out if the system is running on top of EFI
firmware. If so, return "arm-efi". If not, fall back to "arm-uboot" as
previously.

Split out the code to (maybe) load the efivar module and check for
/sys/firmware/efi into a common helper routine is_efi_system().

Signed-off-by: Steve McIntyre <93sam@debian.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2019-02-26 15:25:13 +01:00
Daniel Kiper
718b3fb1dc Revert "grub-install: Check for arm-efi as a default target"
This reverts commit 082fd84d52.

Incorrect version of the patch was pushed into the git repo.

Reported-by: Leif Lindholm <leif.lindholm@linaro.org>
Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com>
2019-02-26 15:07:28 +01:00