Commit graph

37 commits

Author SHA1 Message Date
Alexey Makhalov
f7bd9986f6 efi: Fix use-after-free in halt/reboot path
commit 92bfc33db9 ("efi: Free malloc regions on exit")
introduced memory freeing in grub_efi_fini(), which is
used not only by exit path but by halt/reboot one as well.
As result of memory freeing, code and data regions used by
modules, such as halt, reboot, acpi (used by halt) also got
freed. After return to module code, CPU executes, filled
by UEFI firmware (tested with edk2), 0xAFAFAFAF pattern as
a code. Which leads to #UD exception later.

grub> halt
!!!! X64 Exception Type - 06(#UD - Invalid Opcode)  CPU Apic ID - 00000000 !!!!
RIP  - 0000000003F4EC28, CS  - 0000000000000038, RFLAGS - 0000000000200246
RAX  - 0000000000000000, RCX - 00000000061DA188, RDX - 0A74C0854DC35D41
RBX  - 0000000003E10E08, RSP - 0000000007F0F860, RBP - 0000000000000000
RSI  - 00000000064DB768, RDI - 000000000832C5C3
R8   - 0000000000000002, R9  - 0000000000000000, R10 - 00000000061E2E52
R11  - 0000000000000020, R12 - 0000000003EE5C1F, R13 - 00000000061E0FF4
R14  - 0000000003E10D80, R15 - 00000000061E2F60
DS   - 0000000000000030, ES  - 0000000000000030, FS  - 0000000000000030
GS   - 0000000000000030, SS  - 0000000000000030
CR0  - 0000000080010033, CR2 - 0000000000000000, CR3 - 0000000007C01000
CR4  - 0000000000000668, CR8 - 0000000000000000
DR0  - 0000000000000000, DR1 - 0000000000000000, DR2 - 0000000000000000
DR3  - 0000000000000000, DR6 - 00000000FFFF0FF0, DR7 - 0000000000000400
GDTR - 00000000079EEA98 0000000000000047, LDTR - 0000000000000000
IDTR - 0000000007598018 0000000000000FFF,   TR - 0000000000000000
FXSAVE_STATE - 0000000007F0F4C0

Proposal here is to continue to free allocated memory for
exit boot services path but keep it for halt/reboot path
as it won't be much security concern here.
Introduced GRUB_LOADER_FLAG_EFI_KEEP_ALLOCATED_MEMORY
loader flag to be used by efi halt/reboot path.

Signed-off-by: Alexey Makhalov <amakhalov@vmware.com>
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2020-07-29 16:55:48 +02:00
Peter Jones
d2cf823d0e efi: Fix some malformed device path arithmetic errors
Several places we take the length of a device path and subtract 4 from
it, without ever checking that it's >= 4. There are also cases where
this kind of malformation will result in unpredictable iteration,
including treating the length from one dp node as the type in the next
node. These are all errors, no matter where the data comes from.

This patch adds a checking macro, GRUB_EFI_DEVICE_PATH_VALID(), which
can be used in several places, and makes GRUB_EFI_NEXT_DEVICE_PATH()
return NULL and GRUB_EFI_END_ENTIRE_DEVICE_PATH() evaluate as true when
the length is too small. Additionally, it makes several places in the
code check for and return errors in these cases.

Signed-off-by: Peter Jones <pjones@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2020-07-29 16:55:48 +02:00
Peter Jones
f725fa7cb2 calloc: Use calloc() at most places
This modifies most of the places we do some form of:

  X = malloc(Y * Z);

to use calloc(Y, Z) instead.

Among other issues, this fixes:
  - allocation of integer overflow in grub_png_decode_image_header()
    reported by Chris Coulson,
  - allocation of integer overflow in luks_recover_key()
    reported by Chris Coulson,
  - allocation of integer overflow in grub_lvm_detect()
    reported by Chris Coulson.

Fixes: CVE-2020-14308

Signed-off-by: Peter Jones <pjones@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2020-07-29 16:55:47 +02:00
Peter Jones
cc93c5a849 efi: Print more debug info in our module loader
The function that searches the mods section base address does not have
any debug information. Add some debugging outputs that could be useful.

Signed-off-by: Peter Jones <pjones@redhat.com>
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2020-03-10 21:39:44 +01:00
Michael Chang
4dd4ceec02 efi: Fix gcc9 error -Waddress-of-packed-member
The address of fp->path_name could be unaligned since seeking into the
device path buffer for a given node could end in byte boundary.

The fix is allocating aligned buffer by grub_malloc for holding the
UTF16 string copied from fp->path_name, and after using that buffer as
argument for grub_utf16_to_utf8 to convert it to UTF8 string.

[  255s] ../../grub-core/kern/efi/efi.c: In function 'grub_efi_get_filename':
[  255s] ../../grub-core/kern/efi/efi.c:410:60: error: taking address of packed member of 'struct grub_efi_file_path_device_path' may result in an unaligned pointer value [-Werror=address-of-packed-member]
[  255s]   410 |    p = (char *) grub_utf16_to_utf8 ((unsigned char *) p, fp->path_name, len);
[  255s]       |                                                          ~~^~~~~~~~~~~
[  255s] ../../grub-core/kern/efi/efi.c: In function 'grub_efi_print_device_path':
[  255s] ../../grub-core/kern/efi/efi.c:900:33: error: taking address of packed member of 'struct grub_efi_file_path_device_path' may result in an unaligned pointer value [-Werror=address-of-packed-member]
[  255s]   900 |     *grub_utf16_to_utf8 (buf, fp->path_name,
[  255s]       |                               ~~^~~~~~~~~~~

Signed-off-by: Michael Chang <mchang@suse.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2019-04-23 11:37:08 +02:00
Heinrich Schuchardt
bc58fded50 efi: Avoid NULL dereference if FilePath is NULL
The UEFI specification allows LoadImage() to be called with a memory
location only and without a device path. In this case FilePath will not be
set in the EFI_LOADED_IMAGE_PROTOCOL.

So in function grub_efi_get_filename() the device path argument may be
NULL. As we cannot determine the device path in this case just return NULL
from the function.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2019-04-23 11:33:02 +02:00
Alexander Graf
0ba90a7f01 efi: Move grub_reboot() into kernel
The reboot function calls machine_fini() and then reboots the system.
Currently it lives in lib/ which means it gets compiled into the
reboot module which lives on the heap.

In a following patch, I want to free the heap on machine_fini()
though, so we would free the memory that the code is running in. That
obviously breaks with smarter UEFI implementations.

So this patch moves it into the core. That way we ensure that all
code running after machine_fini() in the UEFI case is running from
memory that got allocated (and gets deallocated) by the UEFI core.

Signed-off-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2017-09-07 23:29:31 +02:00
Andrei Borzenkov
892dfbe113 efi: strip off final NULL from File Path in grub_efi_get_filename
UEFI 2.6 9.3.6.4 File Path Media Device Path says that Path Name is
"A NULL-terminated Path string including directory and file names".

Strip final NULL from Path Name in each File Path node when constructing
full path. To be on safe side, strip all of them.

Fixes failure chainloading grub from grub, when loaded grub truncates
image path and does not find its grub.cfg.

https://bugzilla.opensuse.org/show_bug.cgi?id=1026344

This was triggered by commit ce95549cc54b5d6f494608a7c390dba3aab4fba7;
before it we built Path Name without trailing NULL, and apparently all
other bootloaders use single File Path node, thus not exposing this bug.
2017-02-25 08:39:38 +03:00
Ignat Korchagin
d5847bf594 efi: fix GetVariable return status check in 81ca24a
GetVariable should return EFI_BUFFER_TOO_SMALL if given buffer of size
zero; commit incorrectly checked for EFI_SUCCESS.
2015-07-24 20:46:02 +03:00
Ignat Korchagin
81ca24a59c efi: fix memory leak in variable handling 2015-07-23 21:13:09 +03:00
Mark Salter
c945ca75c3 Fix exit to EFI firmware
The current code for EFI grub_exit() calls grub_efi_fini() before
returning to firmware. In the case of ARM, this leaves a timer
event running which could lead to a firmware crash. This patch
changes this so that grub_machine_fini() is called with a NORETURN
flag. This allows machine-specific shutdown to happen as well
as the shutdown done by grub_efi_fini().

Signed-off-by: Mark Salter <msalter@redhat.com>
2015-06-12 13:08:36 +03:00
Andrei Borzenkov
7b386b7031 efidisk: move device path helpers in core for efinet 2015-05-07 20:37:16 +03:00
Vladimir Serbinenko
7e7293d745 * grub-core/kern/efi/efi.c: Ensure that the result starts with /
and has no //.
2014-01-18 16:41:47 +01:00
Vladimir Serbinenko
09c479006c Fix buffer overflow in grub_efi_print_device_path. 2013-12-24 19:04:46 +01:00
Vladimir Serbinenko
4d6c69536e Show SATA device path. 2013-12-24 18:10:28 +01:00
Vladimir Serbinenko
fba31b5f69 Dump type and vendor specific data when printing device path. 2013-12-24 14:05:48 +01:00
Vladimir Serbinenko
6dc3337774 Fix definition of grub_efi_hard_drive_device_path. Take care that
existing code would work even if by some reason bogus definition is
	used by EFI implementations.
2013-12-14 22:04:02 +01:00
Vladimir Serbinenko
607a39f9f0 * include/grub/efi/api.h: Rename protocol and interface to avoid
conflict.
2013-12-14 21:48:46 +01:00
Vladimir Serbinenko
316dda716c Introduce grub_efi_packed_guid and use it where alignment is not
guaranteed.
2013-12-11 15:57:08 +01:00
Vladimir Serbinenko
47f88cc94e * grub-core/kern/efi/efi.c: Remove variable length arrays. 2013-12-04 08:39:22 +01:00
Vladimir Serbinenko
83e9c273e5 * grub-core/kern/efi/efi.c (grub_efi_get_filename): Reset the pointer
at the start of second iteration.
2013-11-14 15:50:43 +01:00
Vladimir Serbinenko
fa9b3dcae2 * grub-core/kern/efi/efi.c (grub_efi_get_filename): Avoid inefficient
realloc.
2013-11-01 16:06:51 +01:00
Peter Jones
c5052c81ab * grub-core/Makefile.core.def (efifwsetup): New module.
* grub-core/commands/efi/efifwsetup.c: New file.
	* grub-core/kern/efi/efi.c (grub_efi_set_variable): New function
	* include/grub/efi/api.h (GRUB_EFI_OS_INDICATIONS_BOOT_TO_FW_UI):
	New define.
	* include/grub/efi/efi.h (grub_efi_set_variable): New proto.
2012-09-08 09:40:24 +02:00
Vladimir 'phcoder' Serbinenko
7da036bbcb Remove non-functional EFI grub_get_rtc. Put a better fatal message
than current grub_get_rtc() not implemented when booted with
	coreboot without TSC.

	* grub-core/Makefile.am: Exclude efi/time.h from kernel headers.
	Add machine/time.h to kernel headers on loongson.
	* grub-core/Makefile.core.def (kernel): Remove
	kern/generic/rtc_get_time_ms.c on qemu-multiboot-coreboot.
	* grub-core/kern/efi/efi.c (grub_rtc_get_time_ms): Removed.
	(grub_get_rtc): Likewise.
	* grub-core/kern/generic/rtc_get_time_ms.c: Include grub/machine/time.h.
	* grub-core/kern/i386/coreboot/init.c (grub_get_rtc): Removed.
	* grub-core/kern/i386/pc/init.c: Include grub/machine/init.h.
	* grub-core/kern/i386/tsc.c (grub_tsc_init)
	[!GRUB_MACHINE_PCBIOS && !GRUB_MACHINE_IEEE1275]: Call grub_fatal
	rather than installing known non-working time source.
	* grub-core/kern/ieee1275/init.c (grub_get_rtc): Removed.
	* grub-core/kern/mips/loongson/init.c: Include grub/machine/time.h.
	* include/grub/time.h: Don't include machine/time.h.
	* include/grub/efi/time.h: Removed.
	* include/grub/i386/efi/time.h: Likewise.
	* include/grub/i386/ieee1275/time.h: Likewise.
	* include/grub/powerpc/ieee1275/time.h: Likewise.
	* include/grub/sparc64/ieee1275/time.h: Likewise.
	* include/grub/x86_64/efi/time.h: Likewise.
2012-06-11 20:44:38 +02:00
Vladimir 'phcoder' Serbinenko
9e5e66d15e Use ITC on IA64 rather than broken routine based on daytime.
* grub-core/kern/efi/efi.c (grub_rtc_get_time_ms) [__ia64__]: Remove on
	ia64.
	(grub_get_rtc) [__ia64__]: Likewise.
	* grub-core/kern/ia64/efi/init.c (divisor): New variable.
	(get_itc): New function.
	(grub_rtc_get_time_ms): Likewise.
	(grub_machine_init): Calibrate ITC.
	* include/grub/efi/time.h (grub_get_rtc), (GRUB_TICKS_PER_SECOND):
	Keep only on non-ia64. Don't export since it's broken and used only
	if TSC is unavailable.
2012-06-09 10:52:39 +02:00
Matthew Garrett
3935dde2f2 Use EDID on EFI.
* grub-core/kern/efi/efi.c (grub_efi_get_variable): New argument
	datasize_out.
	* grub-core/video/efi_gop.c (check_protocol): Check that GOP has usable
	modes. Set gop_handle.
	(grub_video_gop_get_edid): New function.
	(grub_gop_get_preferred_mode): Likewise.
	(grub_video_gop_setup): Use grub_gop_get_preferred_mode.
	(grub_video_efi_gop_adapter): Set .get_edid.
	* include/grub/efi/edid.h: New file.
	* include/grub/efi/efi.h (grub_efi_get_variable): Update proto.

	Also-By: Vladimir Serbinenko <phcoder@gmail.com>
2012-03-04 00:48:21 +01:00
Matthew Garrett
c598862958 * grub-core/kern/efi/efi.c (grub_efi_get_variable): Add new function.
* include/grub/efi/efi.h: Likewise.
	* include/grub/efi/api.h: Add guid for EFI-specified variables.
	* include/grub/charset.h (GRUB_MAX_UTF16_PER_UTF8): New definition.
	* grub-core/normal/charset.c (grub_utf8_process): Move from here ...
	* include/grub/charset.h (grub_utf8_process): ... to here. Inline.
	* grub-core/normal/charset.c (grub_utf8_to_utf16): Move from here ...
	* include/grub/charset.h (grub_utf8_to_utf16): ... to here. Inline.
2012-02-27 12:02:57 +01:00
Vladimir 'phcoder' Serbinenko
ebcecdf1c3 Increase warning level.
* conf/Makefile.common (CFLAGS_GNULIB): Add -Wno-redundant-decls
	-Wno-unreachable-code -Wno-conversion -Wno-old-style-definition.
	* configure.ac (HOST_CFLAGS): Add bunch of -W arguments.
	(TARGET_CFLAGS): Likewise.
	(HOST_CFLAGS): Add -Werror unless --disable-werror is activated.
	* grub-core/Makefile.core.def (decompressor_xz): Add
	-Wno-unreachable-code.
	(normal): Add -Wno-redundant-decls.
	(xzio): Add -Wno-unreachable-code.
	(lzopio): Add -Wno-redundant-decls -Wno-error.
	* grub-core/commands/acpi.c: Add exception to -Wcast-align.
	* grub-core/commands/lsacpi.c: Add exception to -Wcast-align.
	* grub-core/gensymlist.sh: Add exception to -Wmissing-format-attribute.
	* grub-core/kern/dl.c: Add exception to -Wcast-align.
	* grub-core/kern/efi/efi.c (grub_efi_modules_addr): Likewise.
	* grub-core/kern/i386/coreboot/init.c: Add exception to
	-Wsuggest-attribute=noreturn.
	* grub-core/kern/ia64/dl.c: Add exception to -Wcast-align.
	* grub-core/kern/ia64/dl_helper.c: Likewise.
	* grub-core/kern/mips/dl.c: Likewise.
	* grub-core/kern/sparc64/dl.c: Likewise.
	* grub-core/lib/LzmaEnc.c: Add exception to -Wshadow.
	* grub-core/lib/libgcrypt_wrap/cipher_wrap.h (memcpy): Likewise.
	(memcmp): Likewise.
	* grub-core/lib/pbkdf2.c: Add exception to -Wunreachable-code.
	* grub-core/loader/ia64/efi/linux.c: Add exception to -Wcast-align.
	* grub-core/loader/mips/linux.c: Likewise.
	* grub-core/loader/multiboot_elfxx.c: Likewise.
	* grub-core/script/parser.y: Add exception to -Wunreachable-code.
	* grub-core/video/sm712.c: Add exception to -Wcast-align.
	* util/import_gcry.py: Add -Wno-cast-align to modules checked by hand.
	* grub-core/font/font.c (grub_font_loader_init): Add explicit cast and
	fixme.
	* grub-core/fs/iso9660.c (grub_iso9660_iterate_dir): Likewise.
	* grub-core/kern/i386/multiboot_mmap.c (grub_machine_mmap_init):
	Fix prototype.
2012-02-10 16:48:48 +01:00
Vladimir 'phcoder' Serbinenko
544c24876e Move grub_reboot out of the kernel.
* grub-core/Makefile.core.def (reboot): Add platform-specific files.
	* grub-core/kern/efi/efi.c (grub_reboot): Moved to ...
	* grub-core/lib/efi/reboot.c: ... here.
	* grub-core/kern/i386/efi/startup.S: Remove including of realmode.S.
	* grub-core/kern/i386/ieee1275/startup.S: Likewise.
	* grub-core/kern/i386/pc/startup.S (grub_exit): Inline cold_reboot.
	* grub-core/kern/i386/realmode.S (grub_reboot): Moved to...
	* grub-core/lib/i386/reboot_trampoline.S: ... here.
	* grub-core/kern/ieee1275/openfw.c (grub_reboot): Moved to...
	* grub-core/lib/ieee1275/reboot.c: ... here.
	* grub-core/kern/mips/arc/init.c (grub_reboot): Moved to...
	* grub-core/lib/mips/arc/reboot.c: ... here.
	* grub-core/kern/mips/loongson/init.c (grub_reboot): Moved to...
	* grub-core/lib/mips/loongson/reboot.c: ...here.
	* grub-core/kern/mips/qemu_mips/init.c (grub_reboot): Moved to...
	* grub-core/lib/mips/qemu_mips/reboot.c: ... here.
	* include/grub/emu/misc.h (grub_reboot): New function declaration.
	* include/grub/i386/reboot.h: New file.
	* include/grub/mips/loongson/ec.h: Fix includes.
	* include/grub/mips/qemu_mips/kernel.h (grub_reboot): Removed.
	* include/grub/misc.h (grub_reboot): Don't mark as kernel function.
	* grub-core/lib/i386/reboot.c: New file.
2011-10-19 16:53:18 +02:00
Vladimir 'phcoder' Serbinenko
39705fadd7 Replace grub_module_iterate with FOR_MODULES.
* grub-core/disk/memdisk.c (GRUB_MOD_INIT): Switched to new interface.
	* grub-core/kern/efi/efi.c (grub_arch_modules_addr): Renamed to...
	(grub_efi_modules_addr): ...this.
	* grub-core/kern/efi/init.c (grub_modbase): New variable.
	(grub_efi_init): Set grub_modbase.
	* grub-core/kern/emu/main.c (grub_arch_modules_addr): Removed.
	(grub_modbase): New variable.
	* grub-core/kern/i386/coreboot/init.c (grub_arch_modules_addr): Removed.
	(grub_modbase): New variable.
	(grub_machine_init): Set grub_modbase.
	* grub-core/kern/i386/pc/init.c (grub_arch_modules_addr): Removed.
	(grub_modbase): New variable.
	(grub_machine_init): Set grub_modbase.
	* grub-core/kern/ieee1275/init.c (grub_arch_modules_addr): Removed.
	(grub_modbase): New variable.
	(grub_machine_init): Set grub_modbase.
	* grub-core/kern/main.c (grub_module_iterate): Remove.
	(grub_modules_get_end): Use grub_modbase.
	(grub_load_modules): Use FOR_MODULES.
	(grub_load_config): Likewise.
	* grub-core/kern/mips/arc/init.c (grub_arch_modules_addr): Removed.
	(grub_modbase): New variable.
	(grub_machine_init): Set grub_modbase.
	* grub-core/kern/mips/loongson/init.c (grub_arch_modules_addr): Removed.
	(grub_modbase): New variable.
	(grub_machine_init): Set grub_modbase.
	* grub-core/kern/mips/qemu_mips/init.c (grub_arch_modules_addr):
	Removed.
	(grub_modbase): New variable.
	(grub_machine_init): Set grub_modbase.
	* include/grub/efi/efi.h (grub_efi_modules_addr): New declaration.
	* include/grub/kernel.h (grub_arch_modules_addr): Removed.
	(grub_module_iterate): Likewise.
	(grub_modbase): New variable declaration.
	(FOR_MODULES): New macro.
2011-10-16 15:23:29 +02:00
Vladimir 'phcoder' Serbinenko
cae730b452 Automatically determine prefix when netbooted on EFI 2011-07-02 16:56:35 +02:00
Vladimir 'phcoder' Serbinenko
7216a1bff3 Set EFI ticks to 1000Hz simplifying much of the code and avoiding cotsly division 2011-05-08 17:05:47 +02:00
Vladimir 'phcoder' Serbinenko
069c9c5fda merge mainline into intwrap 2010-08-29 23:21:21 +02:00
Vladimir 'phcoder' Serbinenko
afba9f98ec MErge mainline into intwrap 2010-08-25 23:39:42 +02:00
Vladimir 'phcoder' Serbinenko
16bd6cfab2 Merge mainline into newreloc. For now without boot tests 2010-08-25 03:25:18 +02:00
BVK Chaitanya
297f0c2b6e merge with mainline 2010-07-13 00:43:28 +05:30
BVK Chaitanya
8c41176882 automake commit without merge history 2010-05-06 11:34:04 +05:30
Renamed from kern/efi/efi.c (Browse further)