rpms/grub2
8
0
Fork 0
mirror of https://src.fedoraproject.org/rpms/grub2.git synced 2024-11-24 06:22:43 +00:00
Code Issues 24 Projects 4 Releases Packages Wiki Activity Actions

Pull-up to Fedora 36

Browse source 
Resolves: rhbz#2008819
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
This commit is contained in:
Robbie Harwood 2021-09-29 18:33:38 +00:00
parent de70a85f08
commit 90837a38c9
7 changed files with 369 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

123
0217-normal-main-Discover-the-device-to-read-the-config-f.patch Normal file
View file

@ -0,0 +1,123 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Javier Martinez Canillas <javierm@redhat.com>
Date: Mon, 30 Aug 2021 12:31:18 +0200
Subject: [PATCH] normal/main: Discover the device to read the config from as a
fallback
The GRUB core.img is generated locally, when this is done the grub2-probe
tool figures out the device and partition that needs to be read to parse
the GRUB configuration file.
But in some cases the core.img can't be generated on the host and instead
has to be done at package build time. For example, if needs to get signed
with a key that's only available on the package building infrastructure.
If that's the case, the prefix variable won't have a device and partition
but only a directory path. So there's no way for GRUB to know from which
device has to read the configuration file.
To allow GRUB to continue working on that scenario, fallback to iterating
over all the available devices, if reading the config failed when using
the prefix and fw_path variables.
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
---
grub-core/normal/main.c | 58 +++++++++++++++++++++++++++++++++++++++++++------
1 file changed, 51 insertions(+), 7 deletions(-)
diff --git a/grub-core/normal/main.c b/grub-core/normal/main.c
index 155bf366da2..f9ccca502ee 100644
--- a/grub-core/normal/main.c
+++ b/grub-core/normal/main.c
@@ -339,18 +339,13 @@ grub_enter_normal_mode (const char *config)
}
static grub_err_t
-grub_try_normal (const char *variable)
+grub_try_normal_prefix (const char *prefix)
{
char *config;
- const char *prefix;
grub_err_t err = GRUB_ERR_FILE_NOT_FOUND;
const char *net_search_cfg;
int disable_net_search = 0;
- prefix = grub_env_get (variable);
- if (!prefix)
- return GRUB_ERR_FILE_NOT_FOUND;
-
net_search_cfg = grub_env_get ("feature_net_search_cfg");
if (net_search_cfg && net_search_cfg[0] == 'n')
disable_net_search = 1;
@@ -364,7 +359,7 @@ grub_try_normal (const char *variable)
config = grub_malloc (config_len);
if (! config)
- return GRUB_ERR_FILE_NOT_FOUND;
+ return err;
grub_snprintf (config, config_len, "%s/grub.cfg", prefix);
err = grub_net_search_config_file (config);
@@ -393,6 +388,53 @@ grub_try_normal (const char *variable)
return err;
}
+static int
+grub_try_normal_dev (const char *name, void *data)
+{
+ grub_err_t err;
+ const char *prefix = grub_xasprintf ("(%s)%s", name, (char *)data);
+
+ if (!prefix)
+ return 0;
+
+ err = grub_try_normal_prefix (prefix);
+ if (err == GRUB_ERR_NONE)
+ return 1;
+
+ return 0;
+}
+
+static grub_err_t
+grub_try_normal_discover (void)
+{
+ char *prefix = grub_env_get ("prefix");
+ grub_err_t err = GRUB_ERR_FILE_NOT_FOUND;
+
+ if (!prefix)
+ return err;
+
+ if (grub_device_iterate (grub_try_normal_dev, (void *)prefix))
+ return GRUB_ERR_NONE;
+
+ return err;
+}
+
+static grub_err_t
+grub_try_normal (const char *variable)
+{
+ grub_err_t err = GRUB_ERR_FILE_NOT_FOUND;
+ const char *prefix;
+
+ if (!variable)
+ return err;
+
+ prefix = grub_env_get (variable);
+ if (!prefix)
+ return err;
+
+ return grub_try_normal_prefix (prefix);
+}
+
/* Enter normal mode from rescue mode. */
static grub_err_t
grub_cmd_normal (struct grub_command *cmd __attribute__ ((unused)),
@@ -407,6 +449,8 @@ grub_cmd_normal (struct grub_command *cmd __attribute__ ((unused)),
err = grub_try_normal ("fw_path");
if (err == GRUB_ERR_FILE_NOT_FOUND)
err = grub_try_normal ("prefix");
+ if (err == GRUB_ERR_FILE_NOT_FOUND)
+ err = grub_try_normal_discover ();
if (err == GRUB_ERR_FILE_NOT_FOUND)
grub_enter_normal_mode (0);
}

75
0218-powerpc-adjust-setting-of-prefix-for-signed-binary-c.patch Normal file
View file

@ -0,0 +1,75 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Daniel Axtens <dja@axtens.net>
Date: Mon, 19 Jul 2021 14:35:55 +1000
Subject: [PATCH] powerpc: adjust setting of prefix for signed binary case
On RHEL-signed powerpc grub, we sign a grub with -p /grub2 and expect
that there's a boot partition.
Unfortunately grub_set_prefix_and_root tries to convert this to
($fwdevice)/grub2. This ends up being (ieee1275/disk)/grub2 and that
falls apart pretty quickly - there's no file-system on ieee1275/disk,
and it makes the search routine try things like
(ieee1275/disk,msdos2)(ieee1275/disk)/grub2 which also doesn't work.
Detect if we would be about to create (ieee1275/disk)/path and don't:
preserve a prefix of /path instead and hope the search later finds us.
Related: rhbz#1899864
Signed-off-by: Daniel Axtens <dja@axtens.net>
---
grub-core/kern/main.c | 38 +++++++++++++++++++++++++++++++++-----
1 file changed, 33 insertions(+), 5 deletions(-)
diff --git a/grub-core/kern/main.c b/grub-core/kern/main.c
index 0285e95a2bb..e809a5edec1 100644
--- a/grub-core/kern/main.c
+++ b/grub-core/kern/main.c
@@ -216,13 +216,41 @@ grub_set_prefix_and_root (void)
if (device)
{
char *prefix_set;
-
- prefix_set = grub_xasprintf ("(%s)%s", device, path ? : "");
- if (prefix_set)
+
+#ifdef __powerpc__
+ /* We have to be careful here on powerpc-ieee1275 + signed grub. We
+ will have signed something with a prefix that doesn't have a device
+ because we cannot know in advance what partition we're on.
+
+ We will have had !device earlier, so we will have set device=fwdevice
+ However, we want to make sure we do not end up setting prefix to be
+ ($fwdevice)/path, because we will then end up trying to boot or search
+ based on a prefix of (ieee1275/disk)/path, which will not work because
+ it's missing a partition.
+
+ Also:
+ - You can end up with a device with an FS directly on it, without
+ a partition, e.g. ieee1275/cdrom.
+
+ - powerpc-ieee1275 + grub-install sets e.g. prefix=(,gpt2)/path,
+ which will have now been extended to device=$fwdisk,partition
+ and path=/path
+
+ So we only need to act if device = ieee1275/disk exactly.
+ */
+ if (grub_strncmp (device, "ieee1275/disk", 14) == 0)
+ grub_env_set ("prefix", path);
+ else
+#endif
{
- grub_env_set ("prefix", prefix_set);
- grub_free (prefix_set);
+ prefix_set = grub_xasprintf ("(%s)%s", device, path ? : "");
+ if (prefix_set)
+ {
+ grub_env_set ("prefix", prefix_set);
+ grub_free (prefix_set);
+ }
}
+
grub_env_set ("root", device);
}

43
0219-powerpc-fix-prefix-signed-grub-special-case-for-Powe.patch Normal file
View file

@ -0,0 +1,43 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Daniel Axtens <dja@axtens.net>
Date: Mon, 16 Aug 2021 16:01:47 +1000
Subject: [PATCH] powerpc: fix prefix + signed grub special case for PowerVM
Mea culpa: when testing the PowerPC special case for signed grub, I
assumed qemu and PowerVM would behave identically. This was wrong, and
with hindsight a pretty dumb error.
This fixes it. This time, I am actually testing on PowerVM.
Signed-off-by: Daniel Axtens <dja@axtens.net>
---
grub-core/kern/main.c | 15 +++++++++++++--
1 file changed, 13 insertions(+), 2 deletions(-)
diff --git a/grub-core/kern/main.c b/grub-core/kern/main.c
index e809a5edec1..2d0d2bbd4cf 100644
--- a/grub-core/kern/main.c
+++ b/grub-core/kern/main.c
@@ -236,9 +236,20 @@ grub_set_prefix_and_root (void)
which will have now been extended to device=$fwdisk,partition
and path=/path
- So we only need to act if device = ieee1275/disk exactly.
+ - PowerVM will give us device names like
+ ieee1275//vdevice/v-scsi@3000006c/disk@8100000000000000
+ and we don't want to try to encode some sort of truth table about
+ what sorts of paths represent disks with partition tables and those
+ without partition tables.
+
+ So we act unless there is a comma in the device, which would indicate
+ a partition has already been specified.
+
+ (If we only have a path, the code in normal to discover config files
+ will try both without partitions and then with any partitions so we
+ will cover both CDs and HDs.)
*/
- if (grub_strncmp (device, "ieee1275/disk", 14) == 0)
+ if (grub_strchr (device, ',') == NULL)
grub_env_set ("prefix", path);
else
#endif

0
0217-Arm-check-for-the-PE-magic-for-the-compiled-arch.patch → 0220-Arm-check-for-the-PE-magic-for-the-compiled-arch.patch
View file

118
0221-fs-xfs-Fix-unreadable-filesystem-with-v4-superblock.patch Normal file
View file

@ -0,0 +1,118 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Erwan Velu <erwanaliasr1@gmail.com>
Date: Wed, 25 Aug 2021 15:31:52 +0200
Subject: [PATCH] fs/xfs: Fix unreadable filesystem with v4 superblock
The commit 8b1e5d193 (fs/xfs: Add bigtime incompat feature support)
introduced the bigtime support by adding some features in v3 inodes.
This change extended grub_xfs_inode struct by 76 bytes but also changed
the computation of XFS_V2_INODE_SIZE and XFS_V3_INODE_SIZE. Prior this
commit, XFS_V2_INODE_SIZE was 100 bytes. After the commit it's 84 bytes
XFS_V2_INODE_SIZE becomes 16 bytes too small.
As a result, the data structures aren't properly aligned and the GRUB
generates "attempt to read or write outside of partition" errors when
trying to read the XFS filesystem:
GNU GRUB version 2.11
....
grub> set debug=efi,gpt,xfs
grub> insmod part_gpt
grub> ls (hd0,gpt1)/
partmap/gpt.c:93: Read a valid GPT header
partmap/gpt.c:115: GPT entry 0: start=4096, length=1953125
fs/xfs.c:931: Reading sb
fs/xfs.c:270: Validating superblock
fs/xfs.c:295: XFS v4 superblock detected
fs/xfs.c:962: Reading root ino 128
fs/xfs.c:515: Reading inode (128) - 64, 0
fs/xfs.c:515: Reading inode (739521961424144223) - 344365866970255880, 3840
error: attempt to read or write outside of partition.
This commit change the XFS_V2_INODE_SIZE computation by subtracting 76
bytes instead of 92 bytes from the actual size of grub_xfs_inode struct.
This 76 bytes value comes from added members:
20 grub_uint8_t unused5
1 grub_uint64_t flags2
48 grub_uint8_t unused6
This patch explicitly splits the v2 and v3 parts of the structure.
The unused4 is still ending of the v2 structures and the v3 starts
at unused5. Thanks to this we will avoid future corruptions of v2
or v3 inodes.
The XFS_V2_INODE_SIZE is returning to its expected size and the
filesystem is back to a readable state:
GNU GRUB version 2.11
....
grub> set debug=efi,gpt,xfs
grub> insmod part_gpt
grub> ls (hd0,gpt1)/
partmap/gpt.c:93: Read a valid GPT header
partmap/gpt.c:115: GPT entry 0: start=4096, length=1953125
fs/xfs.c:931: Reading sb
fs/xfs.c:270: Validating superblock
fs/xfs.c:295: XFS v4 superblock detected
fs/xfs.c:962: Reading root ino 128
fs/xfs.c:515: Reading inode (128) - 64, 0
fs/xfs.c:515: Reading inode (128) - 64, 0
fs/xfs.c:931: Reading sb
fs/xfs.c:270: Validating superblock
fs/xfs.c:295: XFS v4 superblock detected
fs/xfs.c:962: Reading root ino 128
fs/xfs.c:515: Reading inode (128) - 64, 0
fs/xfs.c:515: Reading inode (128) - 64, 0
fs/xfs.c:515: Reading inode (128) - 64, 0
fs/xfs.c:515: Reading inode (131) - 64, 768
efi/ fs/xfs.c:515: Reading inode (3145856) - 1464904, 0
grub2/ fs/xfs.c:515: Reading inode (132) - 64, 1024
grub/ fs/xfs.c:515: Reading inode (139) - 64, 2816
grub>
Fixes: 8b1e5d193 (fs/xfs: Add bigtime incompat feature support)
Signed-off-by: Erwan Velu <e.velu@criteo.com>
Tested-by: Carlos Maiolino <cmaiolino@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
(cherry picked from commit a4b495520e4dc41a896a8b916a64eda9970c50ea)
---
grub-core/fs/xfs.c | 14 ++++++++++----
1 file changed, 10 insertions(+), 4 deletions(-)
diff --git a/grub-core/fs/xfs.c b/grub-core/fs/xfs.c
index 0f524c3a8a6..e3816d1ec4a 100644
--- a/grub-core/fs/xfs.c
+++ b/grub-core/fs/xfs.c
@@ -192,6 +192,11 @@ struct grub_xfs_time_legacy
grub_uint32_t nanosec;
} GRUB_PACKED;
+/*
+ * The struct grub_xfs_inode layout was taken from the
+ * struct xfs_dinode_core which is described here:
+ * https://mirrors.edge.kernel.org/pub/linux/utils/fs/xfs/docs/xfs_filesystem_structure.pdf
+ */
struct grub_xfs_inode
{
grub_uint8_t magic[2];
@@ -208,14 +213,15 @@ struct grub_xfs_inode
grub_uint32_t nextents;
grub_uint16_t unused3;
grub_uint8_t fork_offset;
- grub_uint8_t unused4[37];
+ grub_uint8_t unused4[17]; /* Last member of inode v2. */
+ grub_uint8_t unused5[20]; /* First member of inode v3. */
grub_uint64_t flags2;
- grub_uint8_t unused5[48];
+ grub_uint8_t unused6[48]; /* Last member of inode v3. */
} GRUB_PACKED;
#define XFS_V3_INODE_SIZE sizeof(struct grub_xfs_inode)
-/* Size of struct grub_xfs_inode until fork_offset (included). */
-#define XFS_V2_INODE_SIZE (XFS_V3_INODE_SIZE - 92)
+/* Size of struct grub_xfs_inode v2, up to unused4 member included. */
+#define XFS_V2_INODE_SIZE (XFS_V3_INODE_SIZE - 76)
struct grub_xfs_dirblock_tail
{

6
grub.patches
View file

@ -214,4 +214,8 @@ Patch0213: 0213-Remove-outdated-URL-for-BLS-document.patch
Patch0214: 0214-templates-Check-for-EFI-at-runtime-instead-of-config.patch
Patch0215: 0215-efi-Print-an-error-if-boot-to-firmware-setup-is-not-.patch
Patch0216: 0216-arm64-Fix-EFI-loader-kernel-image-allocation.patch
Patch0217: 0217-Arm-check-for-the-PE-magic-for-the-compiled-arch.patch
Patch0217: 0217-normal-main-Discover-the-device-to-read-the-config-f.patch
Patch0218: 0218-powerpc-adjust-setting-of-prefix-for-signed-binary-c.patch
Patch0219: 0219-powerpc-fix-prefix-signed-grub-special-case-for-Powe.patch
Patch0220: 0220-Arm-check-for-the-PE-magic-for-the-compiled-arch.patch
Patch0221: 0221-fs-xfs-Fix-unreadable-filesystem-with-v4-superblock.patch

6
grub2.spec
View file

@ -14,7 +14,7 @@
Name: grub2
Epoch: 1
Version: 2.06
Release: 5%{?dist}
Release: 6%{?dist}
Summary: Bootloader with support for Linux, Multiboot and more
License: GPLv3+
URL: http://www.gnu.org/software/grub/
@ -523,6 +523,10 @@ mv ${EFI_HOME}/grub.cfg.stb ${EFI_HOME}/grub.cfg
%endif
%changelog
* Wed Sep 29 2021 Robbie Harwood <rharwood@redhat.com> - 2.06-6
- Pull-up to Fedora 36
- Resolves: rhbz#2008819
* Thu Sep 09 2021 Peter Jones <pjones@redhat.com> - 2.06-5
- Fix the 32-bit Arm PE header magic check
Resolves: rhbz#2000756