Commit graph

3493 commits

Author SHA1 Message Date
Andrei Borzenkov
c93d3e6947 cryptodisk: strip parenthesis from backing device name
Otherwise subsequent disk open fails.

Reported-By: Klemens Nanni <contact@autoboot.org>
2015-09-13 20:12:31 +03:00
Alex Crawford
53a4e99990 gpt: add search by disk uuid command 2015-08-31 16:20:37 -07:00
Felix Zielcke
8e3d2c80ed disk/ldm, partmap/msdos.c: fix spelling error 2015-08-22 21:22:41 +02:00
Michael Marineau
91391dc52b Merge pull request #14 from coreos/gnu
Merge upstream GRUB changes
2015-08-13 13:32:56 -07:00
Andrei Borzenkov
ba218c1c10 net: do not try to load protocol module via itself
Otherwise we get infinite recursion.

Closes: 45729
2015-08-13 20:20:39 +03:00
Josef Bacik
4fe8e6d4a1 efinet: handle get_status() on buggy firmware properly
The EFI spec indicates that get_status() should return the address of the buffer
we passed into transmit to indicate the the buffer was transmitted.  However we
have boxes where the firmware returns some arbitrary address instead, which
makes grub think that we've not sent anything.  So since we have the SNP stuff
opened in exclusive mode just assume any non-NULL txbuf means that our transmit
occurred properly.  This makes grub able to do its networking stuff properly on
our broken firmware.  Thanks,

cc: Peter Jones <pjones@redhat.com>
Signed-off-by: Josef Bacik <jbacik@fb.com>
2015-08-09 16:37:26 +03:00
Michael Marineau
d9823e47bc Merge pull request #13 from marineam/lecrc32
gpt: clean up little-endian crc32 computation
2015-07-31 16:24:02 -07:00
Michael Marineau
c7c750ecc2 Merge upstream changes as of April 29th 2015-07-31 15:41:48 -07:00
Michael Marineau
c78ed0bff4 gpt: clean up little-endian crc32 computation
- Remove problematic cast from *uint8_t to *uint32_t (alignment issue).
 - Remove dynamic allocation and associated error handling paths.
 - Match parameter ordering to existing grub_crypto_hash function.
2015-07-31 15:19:41 -07:00
Vladimir Serbinenko
72fc110d95 ahci: Ensure that bus mastering is set.
Fixes ahci_test failing on several platforms.
2015-07-28 01:51:14 +02:00
Vladimir Serbinenko
d3b464a7c0 archelp: Never pass NULL as mtime.
Moves complexity from fs code (NULL check) to common code (passing non-NULL).
2015-07-27 13:19:02 +02:00
Vladimir Serbinenko
5fb1e859f7 HFS: Convert to fshelp.
HFS doesn't handle "." and ".." properly. Convert it to fshelp to reuse the
logic.
2015-07-27 12:50:22 +02:00
Vladimir Serbinenko
bfb5b33e96 FAT: Convert to fshelp.
exFAT doesn't handle "." and ".." correctly, convert it to fshelp to
reuse the same logic.
2015-07-27 12:49:26 +02:00
Vladimir Serbinenko
d1d3a60b71 BFS: Convert to fshelp.
BFS doesn't handle ".." correctly, so convert it to fshelp to reuse the logic.
2015-07-27 12:48:38 +02:00
Vladimir Serbinenko
fa93b0e4f5 fshelp: Add handling of "." and ".." and grub_fshelp_find_file_lookup.
Recent tests have discovered that many of our filesystems have flawed
handling of "." and "..". Rather than attempting to fix it in filesystems
themselves, make the common code fshelp aware of "." and ".." and handle
them in this layer. Add grub_fshelp_find_file_lookup for easy conversion
of BFS, HFS and exFAT which have the same problem and don't use fshelp.
2015-07-27 12:45:35 +02:00
Vladimir Serbinenko
4622f4e1ee Switch procfs to use archelp.
This fixes handling of "." and "..".
2015-07-27 12:44:19 +02:00
Vladimir Serbinenko
368ecfc3a0 Add transform_data as a variant of data with substitutions.
This fixrs name mismatch for grub.chrp with
transform_program_name='s,grub,grub2,g'
2015-07-27 12:39:41 +02:00
Ignat Korchagin
d5847bf594 efi: fix GetVariable return status check in 81ca24a
GetVariable should return EFI_BUFFER_TOO_SMALL if given buffer of size
zero; commit incorrectly checked for EFI_SUCCESS.
2015-07-24 20:46:02 +03:00
Vladimir Serbinenko
049dcfa03c xfs: Fix handling of symlink with crc-enabled filesystem. 2015-07-24 01:23:45 +02:00
Vladimir Serbinenko
02a249005f reiserfs: Fix handling of first entry in the directory.
Fixes garbage being added to "." filename.
2015-07-24 01:23:45 +02:00
Ignat Korchagin
81ca24a59c efi: fix memory leak in variable handling 2015-07-23 21:13:09 +03:00
Vladimir Serbinenko
f34a422081 archelp: Fix handling of dot and dotdot at the end of the name.
Fixes cpio_test and tar_test.
2015-07-23 19:01:00 +02:00
Vladimir Serbinenko
248bc1d0fc fwstart: Fix loading of address of read_spd_fail. 2015-07-22 21:42:41 +02:00
Vladimir Serbinenko
63411b14be fwstart: Add missing argument to p2align.
Resulting binary is unchanged as it happens we were already aligned
by chance.
2015-07-22 21:41:58 +02:00
Vladimir Serbinenko
80783ea646 fwstart: Replace blt with bltz.
blt A, $zero, B and bltz A, B are equivalent but clang recognizes only
later, so use it.

Resulting binary is unchanged.
2015-07-22 21:40:55 +02:00
Vladimir Serbinenko
eecdbebc84 Remove mips_attributes.
mips_attributes was introduced to work around clang problems with
-msoft-float. Those problems are now fixed and moreover .gnu_attributes
itself is unportable and creates problem with clang.

Revert "mips: Fix soft-float handling."

This partially reverts commit 6a4ecd276e.
2015-07-22 21:05:11 +02:00
Vladimir Serbinenko
f250c337f1 ARM: provide __aeabi_memclr* and __aeabi_memcpy* symbols
Fixes compilation with recent clang.
2015-07-22 20:40:13 +02:00
Vladimir Serbinenko
389d509df0 diskfilter: Make name a const char to fix compilation error. 2015-07-22 20:39:14 +02:00
Vladimir Serbinenko
9f27f9f691 dmraid_nvidia: Set a name to usable value to avoid null dereference.
Reported by: Andrei Borzenkov
2015-07-22 01:57:40 +02:00
Bernhard Übelacker
61c778f640 loader/linux: Make trailer initrd entry aligned again.
Regression from commit:
  loader/linux: do not pad initrd with zeroes at the end
  a8c473288d

Wimboot fails since the change above because it expects the "trailer"
initrd element on an aligned address.
This issue shows only when newc_name is used and the last initrd
entry has a not aligned size.
2015-07-20 19:07:20 +03:00
Vladimir Serbinenko
ff3c2007ef XFS: Fix wrong alignment treatment. 2015-07-16 12:46:02 +02:00
Vladimir Serbinenko
54e7dbbcb9 grub_ext2_read_block: Fix return type on error. 2015-07-16 10:59:33 +02:00
Michael Chang
7a210304eb Fix missing byte order conversion in get_btrfs_fs_prefix function
Since btrfs on-disk format uses little-endian, the searched item types
(ROOT_REF, INODE_REF) need converting the byte order in order to
function properly on big-endian systems.
2015-06-26 09:55:56 +03:00
Andrei Borzenkov
c058e85615 chainloader: fix resoource leak
Found by: Coverity scan.
CID: 96651
2015-06-26 09:25:30 +03:00
Andrei Borzenkov
806bb7999d loader/bsd: fix memory leak
Found by: Coverity scan.
CID: 96662, 96665
2015-06-26 09:25:30 +03:00
Matthew Garrett
e5ee3e8fa5 Add verity hash passthrough
Read the verity hash from the kernel binary and pass it to the running
system via the kernel command line
2015-06-23 13:15:53 -07:00
Andrei Borzenkov
867c9b7bec loader/bsd: free memory leaks
Found by: Coverity scan.
CID: 96671, 96658, 96653
2015-06-20 23:38:19 +03:00
Andrei Borzenkov
5af859bb77 search_wrap: fix memory leak
Found by: Coverity scan.
CID: 96675
2015-06-20 23:38:19 +03:00
Andrei Borzenkov
2f01f08103 password_pbkdf2: fix memory leak
Found by: Coverity scan.
CID: 96676
2015-06-20 23:38:19 +03:00
Andrei Borzenkov
152695d0fa normal: fix memory leak
Found by: Coverity scan.
CID: 96677
2015-06-20 23:38:19 +03:00
Andrei Borzenkov
e7e05cae8d efi/serial: fix memory leak
Found by: Coverity scan.
CID: 96678
2015-06-20 23:38:19 +03:00
Andrei Borzenkov
47490ada3d ohci: fix memory leak
Found by: Coverity scan.
CID: 96679
2015-06-20 23:38:19 +03:00
Andrei Borzenkov
4a857e63c1 loader/bsd: free memory leaks
Found by: Coverity scan.
CID: 96682
2015-06-20 23:38:18 +03:00
Andrei Borzenkov
eb33e61b31 multiboot: fix memory leak
Found by: Coverity scan.
CID: 96684
2015-06-20 23:38:18 +03:00
Andrei Borzenkov
2a3ebf9428 normal: fix memory leak
Found by: Coverity scan.
CID: 96685
2015-06-20 23:38:18 +03:00
Andrei Borzenkov
20211c0077 loader/bsd: fix memory leak
Found by: Coverity scan.
CID: 96686
2015-06-20 23:38:18 +03:00
Andrei Borzenkov
a6f7d1abce reed_solomon: fix memory leak
Found by: Coverity scan.
CID: 96688
2015-06-20 23:38:18 +03:00
Andrei Borzenkov
cf0b0306d8 usb: fix use after free
Found by: Coverity scan.
CID: 96704
2015-06-20 23:38:18 +03:00
Andrei Borzenkov
e261fcf4c6 xnu: fix use after free
Found by: Coverity scan.
CID: 96706
2015-06-20 23:38:18 +03:00
Andrei Borzenkov
cd816bd236 disk/scsi: fix use after free
Found by: Coverity scan.
CID: 96713
2015-06-20 23:38:18 +03:00
Andrei Borzenkov
c069460259 efi/chainloader: fix use after free
Found by: Coverity scan.
CID: 96714
2015-06-20 23:38:17 +03:00
Andrei Borzenkov
0fb886cde9 search: fix use after free
Found by: Coverity scan.
CID: 96715
2015-06-20 23:38:17 +03:00
Andrei Borzenkov
fbdd37e7f9 zfs: fix memory leak
Found by: Coverity scan.
CID: 73647
2015-06-19 20:47:43 +03:00
Andrei Borzenkov
4db569ca6a xfs: silence Coverity overflow warning
inode size cannot really overflow integer, but Coverity does not know it.
CID: 96602
2015-06-19 18:38:25 +03:00
Andrei Borzenkov
15ba6a40be zfs: memory leak
Found by Coverity scan.
CID: 96603
2015-06-19 18:38:25 +03:00
Andrei Borzenkov
5d0ee3d7a1 unix/getroot: memory leak
Found by Coverity scan.
CID: 96605
2015-06-19 18:38:25 +03:00
Andrei Borzenkov
10a6d2d915 unix/relpath: memory leak
Found by Coverity scan.
CID: 96606
2015-06-19 18:38:25 +03:00
Andrei Borzenkov
48cd9dc104 syslinux_parse: assorted issues found by Coverity
1. Remove unneeded NULL check
CID: 96607

2. Do not allocate storage for initrd, copy it directly from input
buffer. Avoids memory leak in failure path.
CID: 96604

3. Unchecked error return from print()
CID: 96601, 73595
2015-06-19 18:38:25 +03:00
Andrei Borzenkov
8067fe28ed syslinux_parse: make print_escaped actually stop before `to'
The only current user is mboot.c32 which unfortunately is not covered
by regression tests.
2015-06-19 17:35:17 +03:00
Andrei Borzenkov
7bb7140df2 fat: fix handling of "." and ".." directory entries
Emulate dot and dotdot in root directory. For other directories do not
add separator between name and extension for these two special entries.

Closes: 45335
2015-06-18 20:09:47 +03:00
Andrei Borzenkov
f348aee7b3 efinet: enable hardware filters when opening interface
Exclusive open on SNP will close all existing protocol instances which
may disable all receive filters on interface. Reinstall them after we
opened protocol exclusively.

Also follow UEFI specification recommendation and stop interfaces when
closing them:

Unexpected system errors, reboots and hangs can occur if an OS is loaded
and the network devices are not Shutdown() and Stopped().

Also by: Mark Salter <msalter@redhat.com>
Closes: 45204
2015-06-16 19:52:45 +03:00
Mark Salter
c945ca75c3 Fix exit to EFI firmware
The current code for EFI grub_exit() calls grub_efi_fini() before
returning to firmware. In the case of ARM, this leaves a timer
event running which could lead to a firmware crash. This patch
changes this so that grub_machine_fini() is called with a NORETURN
flag. This allows machine-specific shutdown to happen as well
as the shutdown done by grub_efi_fini().

Signed-off-by: Mark Salter <msalter@redhat.com>
2015-06-12 13:08:36 +03:00
Paul Menzel
f4b1b48a83 disk/ahci.c: Use defines GRUB_AHCI_HBA_PORT_CMD_SPIN_UP and GRUB_AHCI_HBA_PORT_CMD_POWER_ON
Instead of hard coding `2` and `4` use the macros defined already at the
top of the file. As a consequence, wrap the now too long line.
2015-06-12 09:43:00 +03:00
Jan Kara
b6e80c7778 xfs: V5 filesystem format support
Add support for new XFS on disk format. We have to handle optional
filetype fields in directory entries, additional CRC, LSN, UUID entries
in some structures, etc.

Signed-off-by: Jan Kara <jack@suse.cz>
2015-06-12 09:30:02 +03:00
Jan Kara
d3ffeb9a9a xfs: Add helpers for inode size
Add helpers to return size of XFS inode on disk and when loaded in
memory.

Signed-off-by: Jan Kara <jack@suse.cz>
2015-06-12 09:27:09 +03:00
dann frazier
3ac342205d arm64/setjmp: Add missing license macro
Including the setjmp module in an arm64-efi image will cause it to
immediately exit with an "incompatible license" error.

The source file includes a GPLv3+ boilerplate, so fix this by declaring a
GPLv3+ license using the GRUB_MOD_LICENSE macro.

Signed-off-by: dann frazier <dann.frazier@canonical.com>
2015-06-01 17:02:04 +01:00
Paul Menzel
ca59c24bd0 disk/ahci.c: Add port number to port debug messages
Currently, some messages cannot be mapped to the port they belong to as
the port number is missing from the output. So add `port: n` to the
debug messages.
2015-05-31 09:26:46 +03:00
Paul Menzel
fd73b3d008 Correct spelling of *scheduled*
Run the command below

	$ git grep -l schedulded | xargs sed -i 's/schedulded/scheduled/g'

and revert the change in `ChangeLog-2015`.

Including "miscellaneous" spelling fix noted by richardvoigt@gmail.com
2015-05-30 10:05:43 +03:00
Toomas Soome
cad5cc0f5d zfs extensible_dataset and large_blocks feature support
large blocks basically use extensible dataset feature, or to be exact,
setting recordsize above 128k will trigger large_block feature to be
enabled and storing such blocks is using feature extensible dataset. so
the extensible dataset is prerequisite.

Changes implement read support extensible dataset… instead of fixed DMU
types they dont specify type, making it possible to use fat zap objects
from bonus area.
2015-05-30 08:50:53 +03:00
Vladimir Serbinenko
c856be6bca multiboot1: never place modules in low memory.
While in theory permitted by the spec, modules rarely fit in low memory
anyway and not every kernel is able to handle modules in low memory anyway.
At least VMWare is known not to be able to handle modules at arbitrary
locations.
2015-05-27 08:41:39 +02:00
Paul Menzel
5e74a3e6df disk/ahci: Use defines GRUB_ATA_STATUS_BUSY and GRUB_ATA_STATUS_DRQ
Instead of hard coding `0x88` use the macros defined in `disk/ata.h`.
2015-05-24 21:19:01 +03:00
Paul Menzel
f4e62af000 cb_timestamps.c: Add new time stamp descriptions
Add the descriptions of the “core”, that means no vendorcode or payload,
coreboot time stamps added up to coreboot commit a7d92441 (timestamps:
You can never have enough of them!) [1].

Running `coreboot_boottime` in the GRUB command line interface now shows
descriptions for all time stamps again on the ASRock E350M1.

[1] http://review.coreboot.org/9608
2015-05-19 20:28:07 +03:00
Andrei Borzenkov
a666c8bd18 bootp: ignore gateway_ip (relay) field.
From RFC1542:

   The 'giaddr' field is rather poorly named.  It exists to facilitate
   the transfer of BOOTREQUEST messages from a client, through BOOTP
   relay agents, to servers on different networks than the client.
   Similarly, it facilitates the delivery of BOOTREPLY messages from the
   servers, through BOOTP relay agents, back to the client.  In no case
   does it represent a general IP router to be used by the client.  A
   BOOTP client MUST set the 'giaddr' field to zero (0.0.0.0) in all
   BOOTREQUEST messages it generates.

   A BOOTP client MUST NOT interpret the 'giaddr' field of a BOOTREPLY
   message to be the IP address of an IP router.  A BOOTP client SHOULD
   completely ignore the contents of the 'giaddr' field in BOOTREPLY
   messages.

Leave code ifdef'd out for the time being in case we see regression.

Suggested by: Rink Springer <rink@rink.nu>
Closes: 43396
2015-05-17 22:38:30 +03:00
Andrei Borzenkov
2498dc7a3a hostdisk: fix crash with NULL device.map
grub-macbless calls grub_util_biosdisk_init with NULL device.map.
2015-05-17 14:16:36 +03:00
Andrei Borzenkov
5370dcfdae zfs: fix integer truncation in zap_lookup
Size after shift could exceed 16 bits; use grub_unit32_t for result.

Reported and tested by: Kostya Berger <bergerkos@yahoo.co.uk>
Closes: 44448
2015-05-14 07:50:33 +03:00
Andrei Borzenkov
5082ea6184 remove extra newlines in grub_util_* strings
grub_util_{info,warn,error} already add trailing newlines, so remove
them from format strings. Also trailing full stops are already added.
2015-05-13 09:47:17 +03:00
Jan Kara
a139188eb5 xfs: Convert inode numbers to cpu endianity immediately after reading
Currently XFS driver converted inode numbers to native endianity only
when using them to compute inode position. Although this works, it is
somewhat confusing. So convert inode numbers when reading them from disk
structures as every other field.

Signed-off-by: Jan Kara <jack@suse.cz>
2015-05-12 08:21:10 +03:00
Jan Kara
1570140f03 xfs: Fix termination loop for directory iteration
Directory iteration used wrong position (sizeof wrong structure) for
termination of iteration inside a directory block. Luckily the position
ended up being wrong by just 1 byte and directory entries are larger so
things worked out fine in practice. But fix the problem anyway.

Signed-off-by: Jan Kara <jack@suse.cz>
2015-05-11 14:48:14 +03:00
Andrei Borzenkov
07258815e9 acpi: do not skip BIOS scan if EBDA length is zero
EBDA layout is not standardized so we cannot assume first two bytes
are length. Neither is it required by ACPI standard. HP 8710W is known
to contain zeroes here.

Closes: 45002
2015-05-08 06:15:16 +03:00
Andrei Borzenkov
49426e9fd2 efinet: open Simple Network Protocol exclusively
EDK2 network stack is based on Managed Network Protocol which is layered
on top of Simple Management Protocol and does background polling. This
polling races with grub for received (and probably trasmitted) packets
which causes either serious slowdown or complete failure to load files.

Open SNP device exclusively.  This destroys all child MNP instances and
stops background polling.

Exclusive open cannot be done when enumerating cards, as it would destroy
PXE information we need to autoconfigure interface; and it cannot be done
during autoconfiguration as we need to do it for non-PXE boot as well. So
move SNP open to card ->open method and add matching ->close to clean up.

Based on patch from Mark Salter <msalter@redhat.com>

Also-By: Mark Salter <msalter@redhat.com>
Closes: 41731
2015-05-07 20:37:17 +03:00
Andrei Borzenkov
c52ae40570 efinet: skip virtual IPv4 and IPv6 devices when enumerating cards
EDK2 PXE driver creates two child devices - IPv4 and IPv6 - with
bound SNP instance. This means we get three cards for every physical
adapter when enumerating. Not only is this confusing, this may result
in grub ignoring packets that come in via the "wrong" card.

Example of device hierarchy is

 Ctrl[91] PciRoot(0x0)/Pci(0x3,0x0)
   Ctrl[95] PciRoot(0x0)/Pci(0x3,0x0)/MAC(525400123456,0x1)
     Ctrl[B4] PciRoot(0x0)/Pci(0x3,0x0)/MAC(525400123456,0x1)/IPv4(0.0.0.0)
     Ctrl[BC] PciRoot(0x0)/Pci(0x3,0x0)/MAC(525400123456,0x1)/IPv6(0000:0000:0000:0000:0000:0000:0000:0000)

Skip PXE created virtual devices when enumerating cards. Make sure to
find real card when applying initial autoconfiguration during PXE boot,
this information is associated with one of child devices.
2015-05-07 20:37:17 +03:00
Andrei Borzenkov
7b386b7031 efidisk: move device path helpers in core for efinet 2015-05-07 20:37:16 +03:00
Andrei Borzenkov
16a7e723ea convert to, not from, CPU byte order in DNS receive function 2015-05-07 20:33:28 +03:00
Andrei Borzenkov
a8c473288d loader/linux: do not pad initrd with zeroes at the end
Syslinux memdisk is using initrd image and needs to know uncompressed
size in advance. For gzip uncompressed size is at the end of compressed
stream. Grub padded each input file to 4 bytes at the end, which means
syslinux got wrong size.

Linux initramfs loader apparently does not care about trailing alignment.
So change code to align beginning of each file instead which atomatically
gives us the correct size for single file.

Reported-By: David Shaw <dshaw@jabberwocky.com>
2015-05-07 20:24:24 +03:00
Daniel Kiper
71783dc978 i386/relocator: Remove unused extern grub_relocator64_rip_addr
Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com>
2015-05-07 18:00:47 +02:00
Vladimir Serbinenko
e5b4ba8c2b linux.c: Ensure that initrd is page-aligned. 2015-05-07 16:23:39 +02:00
Vladimir Serbinenko
9f731abc7f Revert parts accidentally committed 2 commits ago. 2015-05-07 16:21:34 +02:00
Fu Wei
f8451af825 arm64: Export useful functions from linux.c
Signed-off-by: Fu Wei <fu.wei@linaro.org>
2015-05-07 15:11:04 +02:00
Andrei Borzenkov
cc699535e5 Revert "efinet: memory leak on module removal"
This reverts commits 47b2bee3ef
and 8d3c4544ff. It is not safe
to free allocated cards, dangling pointers main remain. Such
cleanup requires more changes in net core.
2015-05-04 09:17:59 +03:00
Andrei Borzenkov
47b2bee3ef efinet: cannot free const char * pointer 2015-05-04 08:39:29 +03:00
Andrei Borzenkov
8d3c4544ff efinet: memory leak on module removal 2015-05-04 08:08:57 +03:00
Andrei Borzenkov
6210b8e8f7 zfs: add missing NULL check and fix incorrect buffer overwrite
grub_memset should zero out padding after data end. It is not clear
why it is needed at all - ZFS block is at least 512 bytes and power
of two, so it is always multiple of 16 bytes. This grub_memset
apparently never did anything.
2015-05-03 18:57:32 +03:00
Toomas Soome
4a7ea4003b zfs: com.delphix:embedded_data feature support 2015-05-03 18:45:40 +03:00
Toomas Soome
a1007c6af2 zfs: com.delphix:hole_birth feature support
In the past birth was always zero for holes. This feature started
to make use of birth for holes as well, so change code to test for
valid DVA address instead.
2015-05-03 18:11:29 +03:00
Matthew Garrett
2755ecd157 Add efi getenv command
Add a command to obtain the contents of EFI firmware variables.
2015-04-22 13:08:26 -07:00
Matthew Garrett
9b669efb38 Fail validation if we can't find shim and Secure Boot is enabled
If grub is signed with a key that's in the trusted EFI keyring, an attacker
can point a boot entry at grub rather than at shim and grub will fail to
locate the shim verification protocol. This would then allow booting an
arbitrary kernel image. Fail validation if Secure Boot is enabled and we
can't find the shim protocol in order to prevent this.
2015-04-22 12:47:49 -07:00
Colin Watson
25850cfd50 Don't allow insmod when secure boot is enabled.
Hi,

Fedora's patch to forbid insmod in UEFI Secure Boot environments is fine
as far as it goes.  However, the insmod command is not the only way that
modules can be loaded.  In particular, the 'normal' command, which
implements the usual GRUB menu and the fully-featured command prompt,
will implicitly load commands not currently loaded into memory.  This
permits trivial Secure Boot violations by writing commands implementing
whatever you want to do and pointing $prefix at the malicious code.

I'm currently test-building this patch (replacing your current
grub-2.00-no-insmod-on-sb.patch), but this should be more correct.  It
moves the check into grub_dl_load_file.
2015-04-22 12:47:49 -07:00
Toomas Soome
677dcaa92b getroot: include sys/mkdev.h for makedev
Solaris (like) systems need to include sys/mkdev.h for makedev() function.
2015-04-13 19:52:28 +03:00
Toomas Soome
5b5d8666a7 core/partmap: rename 'sun' to avoid clash with predefined symbol
the symbol “sun” is defined macro in solaris derived systems, from
gcc -dM -E:

and therefore can not be used as name.
2015-04-13 19:49:15 +03:00
Andrei Borzenkov
f11db3c7fc core: avoid NULL derefrence in grub_divmod64s
It can be called with NULL for third argument.  grub_divmod32* for
now are called only from within wrappers, so skip check.

Reported-By: Michael Zimmermann <sigmaepsilon92@gmail.com>
2015-04-06 19:30:51 +03:00