Compare commits
10 Commits
48cf39de05
...
f91c3afb4b
Author | SHA1 | Date |
---|---|---|
David Abdurachmanov | f91c3afb4b | |
Nicolas Frayer | 6d1f9f4a80 | |
Nicolas Frayer | 5184f7bcf1 | |
Robbie Harwood | dc5c4e3f52 | |
Robbie Harwood | e6b8f35a69 | |
Robbie Harwood | ab62564e2f | |
Chris Adams | 9d4d1e919c | |
Robbie Harwood | dc0bc06560 | |
Robbie Harwood | ecd22580ae | |
Robbie Harwood | 6a9365c88d |
|
@ -0,0 +1,56 @@
|
|||
From 403d6540cd608b2706cfa0cb4713f7e4b490ff45 Mon Sep 17 00:00:00 2001
|
||||
From: Khem Raj <raj.khem@gmail.com>
|
||||
Date: Thu, 23 Feb 2023 13:15:08 -0800
|
||||
Subject: [PATCH] RISC-V: Handle R_RISCV_CALL_PLT reloc
|
||||
|
||||
GNU assembler starting 2.40 release always generates R_RISCV_CALL_PLT
|
||||
reloc for call in assembler [1], similarly LLVM does not make
|
||||
distinction between R_RISCV_CALL_PLT and R_RISCV_CALL [2].
|
||||
|
||||
Fixes "grub-mkimage: error: relocation 0x13 is not implemented yet.".
|
||||
|
||||
[1] https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=70f35d72ef04cd23771875c1661c9975044a749c
|
||||
[2] https://reviews.llvm.org/D132530
|
||||
|
||||
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
||||
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
|
||||
---
|
||||
grub-core/kern/riscv/dl.c | 1 +
|
||||
util/grub-mkimagexx.c | 2 ++
|
||||
2 files changed, 3 insertions(+)
|
||||
|
||||
diff --git a/grub-core/kern/riscv/dl.c b/grub-core/kern/riscv/dl.c
|
||||
index f26b12aaa..896653bb4 100644
|
||||
--- a/grub-core/kern/riscv/dl.c
|
||||
+++ b/grub-core/kern/riscv/dl.c
|
||||
@@ -188,6 +188,7 @@ grub_arch_dl_relocate_symbols (grub_dl_t mod, void *ehdr,
|
||||
break;
|
||||
|
||||
case R_RISCV_CALL:
|
||||
+ case R_RISCV_CALL_PLT:
|
||||
{
|
||||
grub_uint32_t *abs_place = place;
|
||||
grub_ssize_t off = sym_addr - (grub_addr_t) place;
|
||||
diff --git a/util/grub-mkimagexx.c b/util/grub-mkimagexx.c
|
||||
index a1927e786..c5fb336e9 100644
|
||||
--- a/util/grub-mkimagexx.c
|
||||
+++ b/util/grub-mkimagexx.c
|
||||
@@ -1294,6 +1294,7 @@ SUFFIX (relocate_addrs) (Elf_Ehdr *e, struct section_metadata *smd,
|
||||
}
|
||||
break;
|
||||
case R_RISCV_CALL:
|
||||
+ case R_RISCV_CALL_PLT:
|
||||
{
|
||||
grub_uint32_t hi20, lo12;
|
||||
|
||||
@@ -1726,6 +1727,7 @@ translate_relocation_pe (struct translate_context *ctx,
|
||||
case R_RISCV_BRANCH:
|
||||
case R_RISCV_JAL:
|
||||
case R_RISCV_CALL:
|
||||
+ case R_RISCV_CALL_PLT:
|
||||
case R_RISCV_PCREL_HI20:
|
||||
case R_RISCV_PCREL_LO12_I:
|
||||
case R_RISCV_PCREL_LO12_S:
|
||||
--
|
||||
2.41.0
|
||||
|
|
@ -0,0 +1,41 @@
|
|||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Robbie Harwood <rharwood@redhat.com>
|
||||
Date: Wed, 22 Mar 2023 14:19:43 -0400
|
||||
Subject: [PATCH] emu/linux: work around systemctl kexec returning
|
||||
|
||||
Per systemctl(1), it "is asynchronous; it will return after the reboot
|
||||
operation is enqueued, without waiting for it to complete". This
|
||||
differs from kexec(8), which calls reboot(2) and therefore does not
|
||||
return.
|
||||
|
||||
When not using fallback, this results in the confusing-but-harmless:
|
||||
|
||||
error trying to perform 'systemctl kexec': 0
|
||||
Aborted. Press any key to exit.
|
||||
|
||||
on screen for a bit, followed by successful kexec.
|
||||
|
||||
To reduce the liklihood of hitting this case, add a delay on succesful
|
||||
return. Ultimately, the systemd interface is racy: we can't avoid it
|
||||
entirely unless we never fallback on success.
|
||||
|
||||
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
|
||||
---
|
||||
grub-core/loader/emu/linux.c | 4 ++++
|
||||
1 file changed, 4 insertions(+)
|
||||
|
||||
diff --git a/grub-core/loader/emu/linux.c b/grub-core/loader/emu/linux.c
|
||||
index 0cf378a376..7de3f7f861 100644
|
||||
--- a/grub-core/loader/emu/linux.c
|
||||
+++ b/grub-core/loader/emu/linux.c
|
||||
@@ -74,6 +74,10 @@ grub_linux_boot (void)
|
||||
(kexecute==1) ? "do-or-die" : "just-in-case");
|
||||
rc = grub_util_exec (systemctl);
|
||||
|
||||
+ /* `systemctl kexec` is "asynchronous" and will return even on success. */
|
||||
+ if (rc == 0)
|
||||
+ grub_sleep (10);
|
||||
+
|
||||
if (kexecute == 1)
|
||||
grub_fatal (N_("error trying to perform 'systemctl kexec': %d"), rc);
|
||||
|
|
@ -0,0 +1,48 @@
|
|||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Avnish Chouhan <avnish@linux.vnet.ibm.com>
|
||||
Date: Mon, 27 Mar 2023 12:25:39 +0530
|
||||
Subject: [PATCH] kern/ieee1275/init: Convert plain numbers to constants in
|
||||
Vec5
|
||||
|
||||
This patch converts the plain numbers used in Vec5 properties to constants.
|
||||
|
||||
1. LPAR: Client program supports logical partitioning and
|
||||
associated hcall()s.
|
||||
2. SPLPAR: Client program supports the Shared
|
||||
Processor LPAR Option.
|
||||
3. CMO: Enables the Cooperative Memory Over-commitment Option.
|
||||
4. MAX_CPU: Defines maximum number of CPUs supported.
|
||||
|
||||
Signed-off-by: Avnish Chouhan <avnish@linux.vnet.ibm.com>
|
||||
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
|
||||
(cherry picked from commit 8406cfe4774eb2da3db4bf0bc2b2ff6592ecbdaf)
|
||||
---
|
||||
grub-core/kern/ieee1275/init.c | 8 +++++++-
|
||||
1 file changed, 7 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/grub-core/kern/ieee1275/init.c b/grub-core/kern/ieee1275/init.c
|
||||
index 72d4fed312..5d79580341 100644
|
||||
--- a/grub-core/kern/ieee1275/init.c
|
||||
+++ b/grub-core/kern/ieee1275/init.c
|
||||
@@ -72,6 +72,12 @@ extern char _end[];
|
||||
grub_addr_t grub_ieee1275_original_stack;
|
||||
#endif
|
||||
|
||||
+#define LPAR 0x80
|
||||
+#define SPLPAR 0x40
|
||||
+#define BYTE2 (LPAR | SPLPAR)
|
||||
+#define CMO 0x80
|
||||
+#define MAX_CPU 256
|
||||
+
|
||||
void
|
||||
grub_exit (int rc __attribute__((unused)))
|
||||
{
|
||||
@@ -575,7 +581,7 @@ grub_ieee1275_ibm_cas (void)
|
||||
.vec4 = 0x0001, /* set required minimum capacity % to the lowest value */
|
||||
.vec5_size = 1 + sizeof (struct option_vector5) - 2,
|
||||
.vec5 = {
|
||||
- 0, 192, 0, 128, 0, 0, 0, 0, 256
|
||||
+ 0, BYTE2, 0, CMO, 0, 0, 0, 0, MAX_CPU
|
||||
}
|
||||
};
|
||||
|
|
@ -0,0 +1,127 @@
|
|||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Avnish Chouhan <avnish@linux.vnet.ibm.com>
|
||||
Date: Mon, 27 Mar 2023 12:25:40 +0530
|
||||
Subject: [PATCH] kern/ieee1275/init: Extended support in Vec5
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
This patch enables multiple options in Vec5 which are required and
|
||||
solves the boot issues seen on some machines which are looking for
|
||||
these specific options.
|
||||
|
||||
1. LPAR: Client program supports logical partitioning and
|
||||
associated hcall()s.
|
||||
2. SPLPAR: Client program supports the Shared
|
||||
Processor LPAR Option.
|
||||
3. DYN_RCON_MEM: Client program supports the
|
||||
“ibm,dynamic-reconfiguration-memory” property and it may be
|
||||
presented in the device tree.
|
||||
4. LARGE_PAGES: Client supports pages larger than 4 KB.
|
||||
5. DONATE_DCPU_CLS: Client supports donating dedicated processor cycles.
|
||||
6. PCI_EXP: Client supports PCI Express implementations
|
||||
utilizing Message Signaled Interrupts (MSIs).
|
||||
|
||||
7. CMOC: Enables the Cooperative Memory Over-commitment Option.
|
||||
8. EXT_CMO: Enables the Extended Cooperative Memory Over-commit Option.
|
||||
|
||||
9. ASSOC_REF: Enables “ibm,associativity” and
|
||||
“ibm,associativity-reference-points” properties.
|
||||
10. AFFINITY: Enables Platform Resource Reassignment Notification.
|
||||
11. NUMA: Supports NUMA Distance Lookup Table Option.
|
||||
|
||||
12. HOTPLUG_INTRPT: Supports Hotplug Interrupts.
|
||||
13. HPT_RESIZE: Enable Hash Page Table Resize Option.
|
||||
|
||||
14. MAX_CPU: Defines maximum number of CPUs supported.
|
||||
|
||||
15. PFO_HWRNG: Supports Random Number Generator.
|
||||
16. PFO_HW_COMP: Supports Compression Engine.
|
||||
17. PFO_ENCRYPT: Supports Encryption Engine.
|
||||
|
||||
18. SUB_PROCESSORS: Supports Sub-Processors.
|
||||
|
||||
19. DY_MEM_V2: Client program supports the “ibm,dynamic-memory-v2” property in the
|
||||
“ibm,dynamic-reconfiguration-memory” node and it may be presented in the device tree.
|
||||
20. DRC_INFO: Client program supports the “ibm,drc-info” property definition and it may be
|
||||
presented in the device tree.
|
||||
|
||||
Signed-off-by: Avnish Chouhan <avnish@linux.vnet.ibm.com>
|
||||
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
|
||||
(cherry picked from commit 98d0df0351fbff7a4acc64c7594d538889a43e2d)
|
||||
---
|
||||
grub-core/kern/ieee1275/init.c | 47 ++++++++++++++++++++++++++++++++++++------
|
||||
1 file changed, 41 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/grub-core/kern/ieee1275/init.c b/grub-core/kern/ieee1275/init.c
|
||||
index 5d79580341..3d4ad9d1f1 100644
|
||||
--- a/grub-core/kern/ieee1275/init.c
|
||||
+++ b/grub-core/kern/ieee1275/init.c
|
||||
@@ -72,11 +72,41 @@ extern char _end[];
|
||||
grub_addr_t grub_ieee1275_original_stack;
|
||||
#endif
|
||||
|
||||
-#define LPAR 0x80
|
||||
-#define SPLPAR 0x40
|
||||
-#define BYTE2 (LPAR | SPLPAR)
|
||||
-#define CMO 0x80
|
||||
-#define MAX_CPU 256
|
||||
+/* Options vector5 properties. */
|
||||
+
|
||||
+#define LPAR 0x80
|
||||
+#define SPLPAR 0x40
|
||||
+#define DYN_RCON_MEM 0x20
|
||||
+#define LARGE_PAGES 0x10
|
||||
+#define DONATE_DCPU_CLS 0x02
|
||||
+#define PCI_EXP 0x01
|
||||
+#define BYTE2 (LPAR | SPLPAR | DYN_RCON_MEM | LARGE_PAGES | DONATE_DCPU_CLS | PCI_EXP)
|
||||
+
|
||||
+#define CMOC 0x80
|
||||
+#define EXT_CMO 0x40
|
||||
+#define CMO (CMOC | EXT_CMO)
|
||||
+
|
||||
+#define ASSOC_REF 0x80
|
||||
+#define AFFINITY 0x40
|
||||
+#define NUMA 0x20
|
||||
+#define ASSOCIATIVITY (ASSOC_REF | AFFINITY | NUMA)
|
||||
+
|
||||
+#define HOTPLUG_INTRPT 0x04
|
||||
+#define HPT_RESIZE 0x01
|
||||
+#define BIN_OPTS (HOTPLUG_INTRPT | HPT_RESIZE)
|
||||
+
|
||||
+#define MAX_CPU 256
|
||||
+
|
||||
+#define PFO_HWRNG 0x80000000
|
||||
+#define PFO_HW_COMP 0x40000000
|
||||
+#define PFO_ENCRYPT 0x20000000
|
||||
+#define PLATFORM_FACILITIES (PFO_HWRNG | PFO_HW_COMP | PFO_ENCRYPT)
|
||||
+
|
||||
+#define SUB_PROCESSORS 1
|
||||
+
|
||||
+#define DY_MEM_V2 0x80
|
||||
+#define DRC_INFO 0x40
|
||||
+#define BYTE22 (DY_MEM_V2 | DRC_INFO)
|
||||
|
||||
void
|
||||
grub_exit (int rc __attribute__((unused)))
|
||||
@@ -519,6 +549,11 @@ struct option_vector5
|
||||
grub_uint8_t micro_checkpoint;
|
||||
grub_uint8_t reserved0;
|
||||
grub_uint32_t max_cpus;
|
||||
+ grub_uint16_t base_papr;
|
||||
+ grub_uint16_t mem_reference;
|
||||
+ grub_uint32_t platform_facilities;
|
||||
+ grub_uint8_t sub_processors;
|
||||
+ grub_uint8_t byte22;
|
||||
} GRUB_PACKED;
|
||||
|
||||
struct pvr_entry
|
||||
@@ -581,7 +616,7 @@ grub_ieee1275_ibm_cas (void)
|
||||
.vec4 = 0x0001, /* set required minimum capacity % to the lowest value */
|
||||
.vec5_size = 1 + sizeof (struct option_vector5) - 2,
|
||||
.vec5 = {
|
||||
- 0, BYTE2, 0, CMO, 0, 0, 0, 0, MAX_CPU
|
||||
+ 0, BYTE2, 0, CMO, ASSOCIATIVITY, BIN_OPTS, 0, 0, MAX_CPU, 0, 0, PLATFORM_FACILITIES, SUB_PROCESSORS, BYTE22
|
||||
}
|
||||
};
|
||||
|
|
@ -0,0 +1,156 @@
|
|||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Michael Chang <mchang@suse.com>
|
||||
Date: Wed, 22 Mar 2023 12:25:43 +0800
|
||||
Subject: [PATCH] tpm: Disable the tpm verifier if the TPM device is not
|
||||
present
|
||||
|
||||
When the tpm module is loaded, the verifier reads entire file into
|
||||
memory, measures it and uses verified content as a backing buffer for
|
||||
file accesses. However, this process may result in high memory
|
||||
utilization for file operations, sometimes causing a system to run out
|
||||
of memory which may finally lead to boot failure. To address this issue,
|
||||
among others, the commit 887f98f0d (mm: Allow dynamically requesting
|
||||
additional memory regions) have optimized memory management by
|
||||
dynamically allocating heap space to maximize memory usage and reduce
|
||||
threat of memory exhaustion. But in some cases problems may still arise,
|
||||
e.g., when large ISO images are mounted using loopback or when dealing
|
||||
with embedded systems with limited memory resources.
|
||||
|
||||
Unfortunately current implementation of the tpm module doesn't allow
|
||||
elimination of the back buffer once it is loaded. Even if the TPM device
|
||||
is not present or it has been explicitly disabled. This may unnecessary
|
||||
allocate a lot memory. To solve this issue, a patch has been developed
|
||||
to detect the TPM status at module load and skip verifier registration
|
||||
if the device is missing or deactivated. This prevents allocation of
|
||||
memory for the back buffer, avoiding wasting memory when no real measure
|
||||
boot functionality is performed. Disabling the TPM device in the system
|
||||
can reduce memory usage in the GRUB. It is useful in scenarios where
|
||||
high memory utilization is a concern and measurements of loaded
|
||||
artifacts are not necessary.
|
||||
|
||||
Signed-off-by: Michael Chang <mchang@suse.com>
|
||||
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
|
||||
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
|
||||
(cherry picked from commit 30708dfe3bebd62a5487437554da8a24253f519f)
|
||||
---
|
||||
grub-core/commands/efi/tpm.c | 37 +++++++++++++++++++++++++++++++++++
|
||||
grub-core/commands/ieee1275/ibmvtpm.c | 20 +++++++++----------
|
||||
grub-core/commands/tpm.c | 10 ++++++++++
|
||||
include/grub/tpm.h | 1 +
|
||||
4 files changed, 58 insertions(+), 10 deletions(-)
|
||||
|
||||
diff --git a/grub-core/commands/efi/tpm.c b/grub-core/commands/efi/tpm.c
|
||||
index ae09c1bf8b..e1f343fea3 100644
|
||||
--- a/grub-core/commands/efi/tpm.c
|
||||
+++ b/grub-core/commands/efi/tpm.c
|
||||
@@ -287,3 +287,40 @@ grub_tpm_measure (unsigned char *buf, grub_size_t size, grub_uint8_t pcr,
|
||||
else
|
||||
return grub_tpm2_log_event (tpm_handle, buf, size, pcr, description);
|
||||
}
|
||||
+
|
||||
+int
|
||||
+grub_tpm_present (void)
|
||||
+{
|
||||
+ grub_efi_handle_t tpm_handle;
|
||||
+ grub_efi_uint8_t protocol_version;
|
||||
+
|
||||
+ if (!grub_tpm_handle_find (&tpm_handle, &protocol_version))
|
||||
+ return 0;
|
||||
+
|
||||
+ if (protocol_version == 1)
|
||||
+ {
|
||||
+ grub_efi_tpm_protocol_t *tpm;
|
||||
+
|
||||
+ tpm = grub_efi_open_protocol (tpm_handle, &tpm_guid,
|
||||
+ GRUB_EFI_OPEN_PROTOCOL_GET_PROTOCOL);
|
||||
+ if (!tpm)
|
||||
+ {
|
||||
+ grub_dprintf ("tpm", "Cannot open TPM protocol\n");
|
||||
+ return 0;
|
||||
+ }
|
||||
+ return grub_tpm1_present (tpm);
|
||||
+ }
|
||||
+ else
|
||||
+ {
|
||||
+ grub_efi_tpm2_protocol_t *tpm;
|
||||
+
|
||||
+ tpm = grub_efi_open_protocol (tpm_handle, &tpm2_guid,
|
||||
+ GRUB_EFI_OPEN_PROTOCOL_GET_PROTOCOL);
|
||||
+ if (!tpm)
|
||||
+ {
|
||||
+ grub_dprintf ("tpm", "Cannot open TPM protocol\n");
|
||||
+ return 0;
|
||||
+ }
|
||||
+ return grub_tpm2_present (tpm);
|
||||
+ }
|
||||
+}
|
||||
diff --git a/grub-core/commands/ieee1275/ibmvtpm.c b/grub-core/commands/ieee1275/ibmvtpm.c
|
||||
index 239942d27e..a6fee5c516 100644
|
||||
--- a/grub-core/commands/ieee1275/ibmvtpm.c
|
||||
+++ b/grub-core/commands/ieee1275/ibmvtpm.c
|
||||
@@ -135,16 +135,6 @@ grub_err_t
|
||||
grub_tpm_measure (unsigned char *buf, grub_size_t size, grub_uint8_t pcr,
|
||||
const char *description)
|
||||
{
|
||||
- /*
|
||||
- * Call tpm_init() 'late' rather than from GRUB_MOD_INIT() so that device nodes
|
||||
- * can be found.
|
||||
- */
|
||||
- grub_err_t err = tpm_init ();
|
||||
-
|
||||
- /* Absence of a TPM isn't a failure. */
|
||||
- if (err != GRUB_ERR_NONE)
|
||||
- return GRUB_ERR_NONE;
|
||||
-
|
||||
grub_dprintf ("tpm", "log_event, pcr = %d, size = 0x%" PRIxGRUB_SIZE ", %s\n",
|
||||
pcr, size, description);
|
||||
|
||||
@@ -153,3 +143,13 @@ grub_tpm_measure (unsigned char *buf, grub_size_t size, grub_uint8_t pcr,
|
||||
|
||||
return GRUB_ERR_NONE;
|
||||
}
|
||||
+
|
||||
+int
|
||||
+grub_tpm_present (void)
|
||||
+{
|
||||
+ /*
|
||||
+ * Call tpm_init() "late" rather than from GRUB_MOD_INIT() so that device nodes
|
||||
+ * can be found.
|
||||
+ */
|
||||
+ return tpm_init() == GRUB_ERR_NONE;
|
||||
+}
|
||||
diff --git a/grub-core/commands/tpm.c b/grub-core/commands/tpm.c
|
||||
index e287d042e6..5839053d3d 100644
|
||||
--- a/grub-core/commands/tpm.c
|
||||
+++ b/grub-core/commands/tpm.c
|
||||
@@ -86,10 +86,20 @@ struct grub_file_verifier grub_tpm_verifier = {
|
||||
|
||||
GRUB_MOD_INIT (tpm)
|
||||
{
|
||||
+ /*
|
||||
+ * Even though this now calls ibmvtpm's grub_tpm_present() from GRUB_MOD_INIT(),
|
||||
+ * it does seem to call it late enough in the initialization sequence so
|
||||
+ * that whatever discovered "device nodes" before this GRUB_MOD_INIT() is
|
||||
+ * called, enables the ibmvtpm driver to see the device nodes.
|
||||
+ */
|
||||
+ if (!grub_tpm_present())
|
||||
+ return;
|
||||
grub_verifier_register (&grub_tpm_verifier);
|
||||
}
|
||||
|
||||
GRUB_MOD_FINI (tpm)
|
||||
{
|
||||
+ if (!grub_tpm_present())
|
||||
+ return;
|
||||
grub_verifier_unregister (&grub_tpm_verifier);
|
||||
}
|
||||
diff --git a/include/grub/tpm.h b/include/grub/tpm.h
|
||||
index 5c285cbc52..c19fcbd0a6 100644
|
||||
--- a/include/grub/tpm.h
|
||||
+++ b/include/grub/tpm.h
|
||||
@@ -36,4 +36,5 @@
|
||||
|
||||
grub_err_t grub_tpm_measure (unsigned char *buf, grub_size_t size,
|
||||
grub_uint8_t pcr, const char *description);
|
||||
+int grub_tpm_present (void);
|
||||
#endif
|
|
@ -0,0 +1,38 @@
|
|||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Laszlo Ersek <lersek@redhat.com>
|
||||
Date: Fri, 7 Apr 2023 14:54:35 +0200
|
||||
Subject: [PATCH] grub_dl_set_mem_attrs(): fix format string
|
||||
|
||||
The grub_dprintf() call for printing the message
|
||||
|
||||
updating attributes for GOT and trampolines
|
||||
|
||||
passes the argument "mod->name", but the format string doesn't accept that
|
||||
argument.
|
||||
|
||||
Print the module name too.
|
||||
|
||||
Example output:
|
||||
|
||||
> kern/dl.c:736: updating attributes for GOT and trampolines ("video_fb")
|
||||
|
||||
Fixes: ad1b904d325b (nx: set page permissions for loaded modules.)
|
||||
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
---
|
||||
grub-core/kern/dl.c | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c
|
||||
index ab9101a5ad..a97f4a8b13 100644
|
||||
--- a/grub-core/kern/dl.c
|
||||
+++ b/grub-core/kern/dl.c
|
||||
@@ -733,7 +733,8 @@ grub_dl_set_mem_attrs (grub_dl_t mod, void *ehdr)
|
||||
{
|
||||
tgsz = ALIGN_UP(tgsz, arch_addralign);
|
||||
|
||||
- grub_dprintf ("modules", "updating attributes for GOT and trampolines\n",
|
||||
+ grub_dprintf ("modules",
|
||||
+ "updating attributes for GOT and trampolines (\"%s\")\n",
|
||||
mod->name);
|
||||
grub_update_mem_attrs (tgaddr, tgsz, GRUB_MEM_ATTR_R|GRUB_MEM_ATTR_X,
|
||||
GRUB_MEM_ATTR_W);
|
|
@ -0,0 +1,140 @@
|
|||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Laszlo Ersek <lersek@redhat.com>
|
||||
Date: Fri, 7 Apr 2023 16:21:54 +0200
|
||||
Subject: [PATCH] grub_dl_set_mem_attrs(): add self-check for the tramp/GOT
|
||||
sizes
|
||||
|
||||
On aarch64 UEFI, we currently have a crasher:
|
||||
|
||||
grub_dl_load_core()
|
||||
grub_dl_load_core_noinit()
|
||||
|
||||
/* independent allocation: must remain writable */
|
||||
mod = grub_zalloc();
|
||||
|
||||
/* allocates module image with incorrect tail alignment */
|
||||
grub_dl_load_segments()
|
||||
|
||||
/* write-protecting the module image makes "mod" read-only! */
|
||||
grub_dl_set_mem_attrs()
|
||||
grub_update_mem_attrs()
|
||||
|
||||
grub_dl_init()
|
||||
/* page fault, crash */
|
||||
mod->next = ...;
|
||||
|
||||
- Commit 887f1d8fa976 ("modules: load module sections at page-aligned
|
||||
addresses", 2023-02-08) forgot to page-align the allocation of the
|
||||
trampolines and GOT areas of grub2 modules, in grub_dl_load_segments().
|
||||
|
||||
- Commit ad1b904d325b ("nx: set page permissions for loaded modules.",
|
||||
2023-02-08) calculated a common bounding box for the trampolines and GOT
|
||||
areas in grub_dl_set_mem_attrs(), rounded the box size up to a whole
|
||||
multiple of EFI page size ("arch_addralign"), and write-protected the
|
||||
resultant page range.
|
||||
|
||||
Consequently, grub_dl_load_segments() places the module image in memory
|
||||
such that its tail -- the end of the trampolines and GOT areas -- lands at
|
||||
the head of a page whose tail in turn contains independent memory
|
||||
allocations, such as "mod". grub_dl_set_mem_attrs() will then unwittingly
|
||||
write-protect these other allocations too.
|
||||
|
||||
But "mod" must remain writable: we assign "mod->next" in grub_dl_init()
|
||||
subsequently. Currently we crash there with a page fault / permission
|
||||
fault.
|
||||
|
||||
(The crash is not trivial to hit: the tramp/GOT areas are irrelevant on
|
||||
x86_64, plus the page protection depends on the UEFI platform firmware
|
||||
providing EFI_MEMORY_ATTRIBUTE_PROTOCOL. In practice, the crash is
|
||||
restricted to aarch64 edk2 (ArmVirtQemu) builds containing commit
|
||||
1c4dfadb4611, "ArmPkg/CpuDxe: Implement EFI memory attributes protocol",
|
||||
2023-03-16.)
|
||||
|
||||
Example log before the patch:
|
||||
|
||||
> kern/dl.c:736: updating attributes for GOT and trampolines ("video_fb")
|
||||
> kern/efi/mm.c:927: set +rx -w on 0x13b88b000-0x13b88bfff before:rwx after:r-x
|
||||
> kern/dl.c:744: done updating module memory attributes for "video_fb"
|
||||
> kern/dl.c:639: flushing 0xe4f0 bytes at 0x13b87d000
|
||||
> kern/arm64/cache.c:42: D$ line size: 64
|
||||
> kern/arm64/cache.c:43: I$ line size: 64
|
||||
> kern/dl.c:839: module name: video_fb
|
||||
> kern/dl.c:840: init function: 0x0
|
||||
> kern/dl.c:865: Initing module video_fb
|
||||
>
|
||||
> Synchronous Exception at 0x000000013B8A76EC
|
||||
> PC 0x00013B8A76EC
|
||||
>
|
||||
> X0 0x000000013B88B960 X1 0x0000000000000000 X2 0x000000013F93587C X3 0x0000000000000075
|
||||
>
|
||||
> SP 0x00000000470745C0 ELR 0x000000013B8A76EC SPSR 0x60000205 FPSR 0x00000000
|
||||
> ESR 0x9600004F FAR 0x000000013B88B9D0
|
||||
>
|
||||
> ESR : EC 0x25 IL 0x1 ISS 0x0000004F
|
||||
>
|
||||
> Data abort: Permission fault, third level
|
||||
|
||||
Note the following:
|
||||
|
||||
- The whole 4K page at 0x1_3B88_B000 is write-protected.
|
||||
|
||||
- The "video_fb" module actually lives at [0x1_3B87_D000, 0x1_3B88_B4F0)
|
||||
-- left-inclusive, right-exclusive --; that is, in the last page (at
|
||||
0x1_3B88_B000), it only occupies the first 0x4F0 bytes.
|
||||
|
||||
- The instruction at 0x1_3B8A_76EC faults. Not shown here, but it is a
|
||||
store instruction, which writes to the field at offset 0x70 of the
|
||||
structure pointed-to by the X0 register. This is the "mod->next"
|
||||
assignment from grub_dl_init().
|
||||
|
||||
- The faulting address is therefore (X0 + 0x70), i.e., 0x1_3B88_B9D0. This
|
||||
is indeed the value held in the FAR register.
|
||||
|
||||
- The faulting address 0x1_3B88_B9D0 falls in the above-noted page (at
|
||||
0x1_3B88_B000), namely at offset 0x9D0. This is *beyond* the first 0x4F0
|
||||
bytes that the very tail of the "video_fb" module occupies at the front
|
||||
of that page.
|
||||
|
||||
For now, add a self-check that reports this bug (and prevents the crash by
|
||||
skipping the write protection).
|
||||
|
||||
Example log after the patch:
|
||||
|
||||
> kern/dl.c:742:BUG: trying to protect pages outside of module allocation
|
||||
> ("video_fb"): module base 0x13b87d000, size 0xe4f0; tramp/GOT base
|
||||
> 0x13b88b000, size 0x1000
|
||||
|
||||
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
---
|
||||
grub-core/kern/dl.c | 11 ++++++++++-
|
||||
1 file changed, 10 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c
|
||||
index a97f4a8b13..3b66fa410e 100644
|
||||
--- a/grub-core/kern/dl.c
|
||||
+++ b/grub-core/kern/dl.c
|
||||
@@ -682,7 +682,7 @@ grub_dl_set_mem_attrs (grub_dl_t mod, void *ehdr)
|
||||
#if !defined (__i386__) && !defined (__x86_64__) && !defined(__riscv)
|
||||
grub_size_t arch_addralign = grub_arch_dl_min_alignment ();
|
||||
grub_addr_t tgaddr;
|
||||
- grub_uint64_t tgsz;
|
||||
+ grub_size_t tgsz;
|
||||
#endif
|
||||
|
||||
grub_dprintf ("modules", "updating memory attributes for \"%s\"\n",
|
||||
@@ -736,6 +736,15 @@ grub_dl_set_mem_attrs (grub_dl_t mod, void *ehdr)
|
||||
grub_dprintf ("modules",
|
||||
"updating attributes for GOT and trampolines (\"%s\")\n",
|
||||
mod->name);
|
||||
+ if (tgaddr < (grub_addr_t)mod->base ||
|
||||
+ tgsz > (grub_addr_t)-1 - tgaddr ||
|
||||
+ tgaddr + tgsz > (grub_addr_t)mod->base + mod->sz)
|
||||
+ return grub_error (GRUB_ERR_BUG,
|
||||
+ "BUG: trying to protect pages outside of module "
|
||||
+ "allocation (\"%s\"): module base %p, size 0x%"
|
||||
+ PRIxGRUB_SIZE "; tramp/GOT base 0x%" PRIxGRUB_ADDR
|
||||
+ ", size 0x%" PRIxGRUB_SIZE,
|
||||
+ mod->name, mod->base, mod->sz, tgaddr, tgsz);
|
||||
grub_update_mem_attrs (tgaddr, tgsz, GRUB_MEM_ATTR_R|GRUB_MEM_ATTR_X,
|
||||
GRUB_MEM_ATTR_W);
|
||||
}
|
|
@ -0,0 +1,70 @@
|
|||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Laszlo Ersek <lersek@redhat.com>
|
||||
Date: Fri, 7 Apr 2023 16:56:09 +0200
|
||||
Subject: [PATCH] grub_dl_load_segments(): page-align the tramp/GOT areas too
|
||||
|
||||
The tramp/GOT write-protection in grub_dl_set_mem_attrs() requires that
|
||||
the tramp/GOT areas of the module image *not* share a page with any other
|
||||
memory allocations. Page-align the tramp/GOT areas, while satisfying their
|
||||
intrinsic alignment requirements too.
|
||||
|
||||
Fixes: 887f1d8fa976 (modules: load module sections at page-aligned addresses)
|
||||
Fixes: ad1b904d325b (nx: set page permissions for loaded modules.)
|
||||
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
---
|
||||
grub-core/kern/dl.c | 24 ++++++++++++++++--------
|
||||
1 file changed, 16 insertions(+), 8 deletions(-)
|
||||
|
||||
diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c
|
||||
index 3b66fa410e..f3cdb9e0ba 100644
|
||||
--- a/grub-core/kern/dl.c
|
||||
+++ b/grub-core/kern/dl.c
|
||||
@@ -280,7 +280,9 @@ grub_dl_load_segments (grub_dl_t mod, const Elf_Ehdr *e)
|
||||
grub_size_t tsize = 0, talign = 1, arch_addralign = 1;
|
||||
#if !defined (__i386__) && !defined (__x86_64__) && !defined(__riscv)
|
||||
grub_size_t tramp;
|
||||
+ grub_size_t tramp_align;
|
||||
grub_size_t got;
|
||||
+ grub_size_t got_align;
|
||||
grub_err_t err;
|
||||
#endif
|
||||
char *ptr;
|
||||
@@ -311,12 +313,18 @@ grub_dl_load_segments (grub_dl_t mod, const Elf_Ehdr *e)
|
||||
err = grub_arch_dl_get_tramp_got_size (e, &tramp, &got);
|
||||
if (err)
|
||||
return err;
|
||||
- tsize += ALIGN_UP (tramp, GRUB_ARCH_DL_TRAMP_ALIGN);
|
||||
- if (talign < GRUB_ARCH_DL_TRAMP_ALIGN)
|
||||
- talign = GRUB_ARCH_DL_TRAMP_ALIGN;
|
||||
- tsize += ALIGN_UP (got, GRUB_ARCH_DL_GOT_ALIGN);
|
||||
- if (talign < GRUB_ARCH_DL_GOT_ALIGN)
|
||||
- talign = GRUB_ARCH_DL_GOT_ALIGN;
|
||||
+ tramp_align = GRUB_ARCH_DL_TRAMP_ALIGN;
|
||||
+ if (tramp_align < arch_addralign)
|
||||
+ tramp_align = arch_addralign;
|
||||
+ tsize += ALIGN_UP (tramp, tramp_align);
|
||||
+ if (talign < tramp_align)
|
||||
+ talign = tramp_align;
|
||||
+ got_align = GRUB_ARCH_DL_GOT_ALIGN;
|
||||
+ if (got_align < arch_addralign)
|
||||
+ got_align = arch_addralign;
|
||||
+ tsize += ALIGN_UP (got, got_align);
|
||||
+ if (talign < got_align)
|
||||
+ talign = got_align;
|
||||
#endif
|
||||
|
||||
#ifdef GRUB_MACHINE_EMU
|
||||
@@ -376,11 +384,11 @@ grub_dl_load_segments (grub_dl_t mod, const Elf_Ehdr *e)
|
||||
}
|
||||
}
|
||||
#if !defined (__i386__) && !defined (__x86_64__) && !defined(__riscv)
|
||||
- ptr = (char *) ALIGN_UP ((grub_addr_t) ptr, GRUB_ARCH_DL_TRAMP_ALIGN);
|
||||
+ ptr = (char *) ALIGN_UP ((grub_addr_t) ptr, tramp_align);
|
||||
mod->tramp = ptr;
|
||||
mod->trampptr = ptr;
|
||||
ptr += tramp;
|
||||
- ptr = (char *) ALIGN_UP ((grub_addr_t) ptr, GRUB_ARCH_DL_GOT_ALIGN);
|
||||
+ ptr = (char *) ALIGN_UP ((grub_addr_t) ptr, got_align);
|
||||
mod->got = ptr;
|
||||
mod->gotptr = ptr;
|
||||
ptr += got;
|
|
@ -0,0 +1,330 @@
|
|||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Nicolas Frayer <nfrayer@redhat.com>
|
||||
Date: Fri, 31 Mar 2023 20:47:58 +0200
|
||||
Subject: [PATCH] emu: Add switch-root to grub-emu
|
||||
|
||||
If the kernel running grub emu is the same as the one we want to
|
||||
boot, it makes sense that we just switch-root instead of kexec
|
||||
the same kernel again by doing grub2-emu --switch-root
|
||||
|
||||
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
|
||||
---
|
||||
grub-core/kern/emu/main.c | 5 +-
|
||||
grub-core/kern/emu/misc.c | 13 +++
|
||||
grub-core/loader/emu/linux.c | 209 +++++++++++++++++++++++++++++++++++++++++--
|
||||
include/grub/emu/exec.h | 2 +-
|
||||
include/grub/emu/misc.h | 2 +
|
||||
5 files changed, 223 insertions(+), 8 deletions(-)
|
||||
|
||||
diff --git a/grub-core/kern/emu/main.c b/grub-core/kern/emu/main.c
|
||||
index 68e2b283bb..ccb2863f5b 100644
|
||||
--- a/grub-core/kern/emu/main.c
|
||||
+++ b/grub-core/kern/emu/main.c
|
||||
@@ -108,6 +108,7 @@ static struct argp_option options[] = {
|
||||
{"verbose", 'v', 0, 0, N_("print verbose messages."), 0},
|
||||
{"hold", 'H', N_("SECS"), OPTION_ARG_OPTIONAL, N_("wait until a debugger will attach"), 0},
|
||||
{"kexec", 'X', 0, 0, N_("use kexec to boot Linux kernels via systemctl (pass twice to enable dangerous fallback to non-systemctl)."), 0},
|
||||
+ {"switch-root", 'W', 0, 0, N_("use switch-root to only switch root filesystem without restarting the kernel."), 0},
|
||||
{ 0, 0, 0, 0, 0, 0 }
|
||||
};
|
||||
|
||||
@@ -168,7 +169,9 @@ argp_parser (int key, char *arg, struct argp_state *state)
|
||||
case 'X':
|
||||
grub_util_set_kexecute ();
|
||||
break;
|
||||
-
|
||||
+ case 'W':
|
||||
+ grub_util_set_switch_root ();
|
||||
+ break;
|
||||
case ARGP_KEY_ARG:
|
||||
{
|
||||
/* Too many arguments. */
|
||||
diff --git a/grub-core/kern/emu/misc.c b/grub-core/kern/emu/misc.c
|
||||
index 02d27c3440..4b5123ef96 100644
|
||||
--- a/grub-core/kern/emu/misc.c
|
||||
+++ b/grub-core/kern/emu/misc.c
|
||||
@@ -40,6 +40,7 @@
|
||||
|
||||
int verbosity;
|
||||
int kexecute;
|
||||
+int switchroot = 0;
|
||||
|
||||
void
|
||||
grub_util_warn (const char *fmt, ...)
|
||||
@@ -231,3 +232,15 @@ grub_util_get_kexecute (void)
|
||||
{
|
||||
return kexecute;
|
||||
}
|
||||
+
|
||||
+void
|
||||
+grub_util_set_switch_root (void)
|
||||
+{
|
||||
+ switchroot = 1;
|
||||
+}
|
||||
+
|
||||
+int
|
||||
+grub_util_get_switch_root (void)
|
||||
+{
|
||||
+ return switchroot;
|
||||
+}
|
||||
diff --git a/grub-core/loader/emu/linux.c b/grub-core/loader/emu/linux.c
|
||||
index 7de3f7f861..6feb0412c5 100644
|
||||
--- a/grub-core/loader/emu/linux.c
|
||||
+++ b/grub-core/loader/emu/linux.c
|
||||
@@ -15,7 +15,6 @@
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with GRUB. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
-
|
||||
#include <grub/loader.h>
|
||||
#include <grub/dl.h>
|
||||
#include <grub/command.h>
|
||||
@@ -33,6 +32,196 @@ static char *kernel_path;
|
||||
static char *initrd_path;
|
||||
static char *boot_cmdline;
|
||||
|
||||
+static grub_err_t
|
||||
+grub_switch_root (void)
|
||||
+{
|
||||
+ char *tmp = NULL;
|
||||
+ char *options_cmd = NULL;
|
||||
+ char *options = NULL;
|
||||
+ char *subvol = NULL;
|
||||
+ char *root_uuid = NULL;
|
||||
+ char *kernel_release = NULL;
|
||||
+ grub_err_t rc = GRUB_ERR_NONE;
|
||||
+ const char *subvol_param = "subvol=";
|
||||
+ const char *kernel_release_prefix = "/boot/vmlinuz-";
|
||||
+ const char *root_prefix = "root=";
|
||||
+ const char *systemctl[] = {"systemctl", "--force", "switch-root", "/sysroot", NULL};
|
||||
+ const char *mountrootfs[] = {"mount", root_uuid, "/sysroot", options_cmd, options, NULL};
|
||||
+ const char *unamer[] = {"uname", "-r", NULL};
|
||||
+ char *uname_buf = NULL;
|
||||
+ int i = 0;
|
||||
+
|
||||
+ /* Extract the kernel release tag from kernel_path */
|
||||
+ if (!kernel_path)
|
||||
+ {
|
||||
+ rc = GRUB_ERR_BAD_ARGUMENT;
|
||||
+ grub_dprintf ("linux", "switch_root: No kernel_path found\n");
|
||||
+ goto out;
|
||||
+ }
|
||||
+
|
||||
+ if ((kernel_release = grub_xasprintf ("%s", (kernel_path + grub_strlen (kernel_release_prefix)))) == NULL)
|
||||
+ {
|
||||
+ grub_dprintf ("linux", "switch_root: Failed to allocate memory\n");
|
||||
+ rc = GRUB_ERR_BAD_ARGUMENT;
|
||||
+ goto out;
|
||||
+ }
|
||||
+
|
||||
+
|
||||
+ /* Check for kernel mismatch */
|
||||
+ /* Retrieve the current kernel relase tag */
|
||||
+ grub_util_exec_redirect (unamer, NULL, "/tmp/version");
|
||||
+
|
||||
+ grub_file_t f = grub_file_open ("/tmp/version", GRUB_FILE_TYPE_FS_SEARCH);
|
||||
+
|
||||
+ if (f == NULL)
|
||||
+ {
|
||||
+ grub_dprintf ("linux", "failed opening file.\n");
|
||||
+ rc = GRUB_ERR_FILE_NOT_FOUND;
|
||||
+ goto out;
|
||||
+ }
|
||||
+
|
||||
+ if ((uname_buf = grub_malloc (f->size)) == NULL)
|
||||
+ {
|
||||
+ grub_dprintf ("linux", "switch_root: Failed to allocate memory\n");
|
||||
+ rc = GRUB_ERR_OUT_OF_MEMORY;
|
||||
+ goto out;
|
||||
+ }
|
||||
+
|
||||
+ if (grub_file_read (f, uname_buf, f->size) < 0)
|
||||
+ {
|
||||
+ grub_dprintf ("linux", "switch_root: failed to read from file\n");
|
||||
+ rc = GRUB_ERR_FILE_READ_ERROR;
|
||||
+ goto out;
|
||||
+ }
|
||||
+
|
||||
+ grub_file_close (f);
|
||||
+
|
||||
+ if (grub_strstr (uname_buf, kernel_release) == NULL)
|
||||
+ {
|
||||
+ grub_dprintf ("linux", "switch_root: kernel mismatch, not performing switch-root ...\n");
|
||||
+ rc = GRUB_ERR_NO_KERNEL;
|
||||
+ goto out;
|
||||
+ }
|
||||
+
|
||||
+ /* Extract the root partition from boot_cmdline */
|
||||
+ if (!boot_cmdline)
|
||||
+ {
|
||||
+ rc = GRUB_ERR_BAD_ARGUMENT;
|
||||
+ goto out;
|
||||
+ }
|
||||
+
|
||||
+ tmp = grub_strdup (boot_cmdline);
|
||||
+
|
||||
+ if (tmp == NULL)
|
||||
+ {
|
||||
+ rc = GRUB_ERR_OUT_OF_MEMORY;
|
||||
+ goto out;
|
||||
+ }
|
||||
+
|
||||
+ if ((root_uuid = grub_strstr (tmp, root_prefix)) == NULL)
|
||||
+ {
|
||||
+ rc = GRUB_ERR_BAD_ARGUMENT;
|
||||
+ grub_dprintf ("linux", "switch_root: Can't find rootfs\n");
|
||||
+ goto out;
|
||||
+ }
|
||||
+
|
||||
+ root_uuid += grub_strlen (root_prefix);
|
||||
+
|
||||
+ while (root_uuid[i] != ' ' && root_uuid[i] != '\0')
|
||||
+ i++;
|
||||
+
|
||||
+ root_uuid[i] = '\0';
|
||||
+
|
||||
+ /* Allocate a new buffer holding root_uuid */
|
||||
+ root_uuid = grub_xasprintf ("%s", root_uuid);
|
||||
+
|
||||
+ if (root_uuid == NULL)
|
||||
+ {
|
||||
+ grub_dprintf ("linux", "switch_root: Failed to allocated memory\n");
|
||||
+ rc = GRUB_ERR_OUT_OF_MEMORY;
|
||||
+ goto out;
|
||||
+ }
|
||||
+
|
||||
+ /* Check for subvol parameter */
|
||||
+ grub_strcpy (tmp, boot_cmdline);
|
||||
+
|
||||
+ if ((subvol = grub_strstr(tmp, subvol_param)) != NULL)
|
||||
+ {
|
||||
+ i = 0;
|
||||
+
|
||||
+ while (subvol[i] != ' ' && subvol[i] != '\0')
|
||||
+ i++;
|
||||
+
|
||||
+ subvol[i] = '\0';
|
||||
+
|
||||
+ /* Allocate a new buffer holding subvol */
|
||||
+ subvol = grub_xasprintf("%s", subvol);
|
||||
+
|
||||
+ if (subvol == NULL)
|
||||
+ {
|
||||
+ grub_dprintf ("linux", "switch_root: Failed to allocated memory\n");
|
||||
+ rc = GRUB_ERR_OUT_OF_MEMORY;
|
||||
+ goto out;
|
||||
+ }
|
||||
+
|
||||
+ options_cmd = grub_xasprintf("%s", "-o");
|
||||
+ options = grub_xasprintf("%s", subvol);
|
||||
+ }
|
||||
+
|
||||
+ if (options == NULL)
|
||||
+ {
|
||||
+ mountrootfs[3] = NULL;
|
||||
+ }
|
||||
+ else
|
||||
+ {
|
||||
+ mountrootfs[3] = options_cmd;
|
||||
+ mountrootfs[4] = options;
|
||||
+ }
|
||||
+
|
||||
+ mountrootfs[1] = root_uuid;
|
||||
+
|
||||
+ grub_dprintf ("linux", "Executing:\n");
|
||||
+ grub_dprintf ("linux", "%s %s %s %s %s\n", mountrootfs[0], mountrootfs[1],
|
||||
+ mountrootfs[2], mountrootfs[3], mountrootfs[4]);
|
||||
+
|
||||
+ /* Mount the rootfs */
|
||||
+ rc = grub_util_exec (mountrootfs);
|
||||
+
|
||||
+ if (rc != GRUB_ERR_NONE)
|
||||
+ {
|
||||
+ grub_dprintf ("linux", "switch_root: Failed.\n");
|
||||
+ rc = GRUB_ERR_INVALID_COMMAND;
|
||||
+ goto out;
|
||||
+ }
|
||||
+
|
||||
+ grub_dprintf ("linux", "Done.\n");
|
||||
+
|
||||
+ grub_dprintf ("linux", "%s %s %s %s\n", systemctl[0], systemctl[1],
|
||||
+ systemctl[2], systemctl[3]);
|
||||
+
|
||||
+ /* Switch root */
|
||||
+ rc = grub_util_exec (systemctl);
|
||||
+
|
||||
+ if (rc != GRUB_ERR_NONE)
|
||||
+ {
|
||||
+ grub_dprintf ("linux", "switch_root: Failed.\n");
|
||||
+ rc = GRUB_ERR_INVALID_COMMAND;
|
||||
+ goto out;
|
||||
+ }
|
||||
+
|
||||
+ grub_dprintf ("linux", "Done.\n");
|
||||
+
|
||||
+out:
|
||||
+ grub_free (tmp);
|
||||
+ grub_free (options_cmd);
|
||||
+ grub_free (options);
|
||||
+ grub_free (subvol);
|
||||
+ grub_free (root_uuid);
|
||||
+ grub_free (uname_buf);
|
||||
+ grub_free (kernel_release);
|
||||
+ return rc;
|
||||
+}
|
||||
+
|
||||
static grub_err_t
|
||||
grub_linux_boot (void)
|
||||
{
|
||||
@@ -51,12 +240,20 @@ grub_linux_boot (void)
|
||||
else
|
||||
initrd_param = grub_xasprintf ("%s", "");
|
||||
|
||||
- grub_dprintf ("linux", "%serforming 'kexec -la %s %s %s'\n",
|
||||
- (kexecute) ? "P" : "Not p",
|
||||
- kernel_path, initrd_param, boot_cmdline);
|
||||
+ if (grub_util_get_switch_root() == 1)
|
||||
+ {
|
||||
+ rc = grub_switch_root();
|
||||
+ if (rc != GRUB_ERR_NONE)
|
||||
+ grub_fatal (N_("Failed to execute switch_root\n"));
|
||||
+ }
|
||||
+ else if (kexecute)
|
||||
+ {
|
||||
+ grub_dprintf ("linux", "%serforming 'kexec -la %s %s %s'\n",
|
||||
+ (kexecute) ? "P" : "Not p",
|
||||
+ kernel_path, initrd_param, boot_cmdline);
|
||||
|
||||
- if (kexecute)
|
||||
- rc = grub_util_exec (kexec);
|
||||
+ rc = grub_util_exec (kexec);
|
||||
+ }
|
||||
|
||||
grub_free (initrd_param);
|
||||
|
||||
diff --git a/include/grub/emu/exec.h b/include/grub/emu/exec.h
|
||||
index 1b61b4a2e5..e82f13215e 100644
|
||||
--- a/include/grub/emu/exec.h
|
||||
+++ b/include/grub/emu/exec.h
|
||||
@@ -36,7 +36,7 @@ grub_util_exec_redirect_all (const char *const *argv, const char *stdin_file,
|
||||
int
|
||||
EXPORT_FUNC(grub_util_exec) (const char *const *argv);
|
||||
int
|
||||
-grub_util_exec_redirect (const char *const *argv, const char *stdin_file,
|
||||
+EXPORT_FUNC(grub_util_exec_redirect) (const char *const *argv, const char *stdin_file,
|
||||
const char *stdout_file);
|
||||
int
|
||||
grub_util_exec_redirect_null (const char *const *argv);
|
||||
diff --git a/include/grub/emu/misc.h b/include/grub/emu/misc.h
|
||||
index 01056954b9..f3a712a8b2 100644
|
||||
--- a/include/grub/emu/misc.h
|
||||
+++ b/include/grub/emu/misc.h
|
||||
@@ -59,6 +59,8 @@ void EXPORT_FUNC(grub_util_error) (const char *fmt, ...) __attribute__ ((format
|
||||
|
||||
void EXPORT_FUNC(grub_util_set_kexecute) (void);
|
||||
int EXPORT_FUNC(grub_util_get_kexecute) (void) WARN_UNUSED_RESULT;
|
||||
+void EXPORT_FUNC(grub_util_set_switch_root) (void);
|
||||
+int EXPORT_FUNC(grub_util_get_switch_root) (void);
|
||||
|
||||
grub_uint64_t EXPORT_FUNC (grub_util_get_cpu_time_ms) (void);
|
||||
|
|
@ -0,0 +1,34 @@
|
|||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Marta Lewandowska <mlewando@redhat.com>
|
||||
Date: Wed, 24 May 2023 11:22:47 +0200
|
||||
Subject: [PATCH] util: Enable default kernel for updates
|
||||
|
||||
Several kernel variants can be installed on a system in parallel.
|
||||
In order to allow the user to choose which kernel will be set to
|
||||
default after an update, re-enable grub's usage of DEFAULTKERNEL as
|
||||
set in /etc/sysconfig/kernel
|
||||
|
||||
Signed-off-by: Marta Lewandowska <mlewando@redhat.com>
|
||||
---
|
||||
util/grub-get-kernel-settings.in | 8 ++++++++
|
||||
1 file changed, 8 insertions(+)
|
||||
|
||||
diff --git a/util/grub-get-kernel-settings.in b/util/grub-get-kernel-settings.in
|
||||
index 7e87dfccc0e4..f71bc64360b0 100644
|
||||
--- a/util/grub-get-kernel-settings.in
|
||||
+++ b/util/grub-get-kernel-settings.in
|
||||
@@ -68,6 +68,14 @@ if test -f /etc/sysconfig/kernel ; then
|
||||
. /etc/sysconfig/kernel
|
||||
fi
|
||||
|
||||
+GRUB_DEFAULT_KERNEL_TYPE=${DEFAULTKERNEL/-core/}
|
||||
+if [ "$GRUB_DEFAULT_KERNEL_TYPE" != "kernel" ]; then
|
||||
+ echo GRUB_NON_STANDARD_KERNEL=true
|
||||
+ echo export GRUB_NON_STANDARD_KERNEL
|
||||
+ GRUB_DEFAULT_KERNEL_TYPE=${GRUB_DEFAULT_KERNEL_TYPE/kernel-/}
|
||||
+fi
|
||||
+echo GRUB_DEFAULT_KERNEL_TYPE=$GRUB_DEFAULT_KERNEL_TYPE
|
||||
+echo export GRUB_DEFAULT_KERNEL_TYPE
|
||||
if [ "$MAKEDEBUG" = "yes" ]; then
|
||||
echo GRUB_LINUX_MAKE_DEBUG=true
|
||||
echo export GRUB_LINUX_MAKE_DEBUG
|
|
@ -0,0 +1,30 @@
|
|||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Keng-Yu Lin <kengyu@hpe.com>
|
||||
Date: Wed, 26 Apr 2023 01:43:16 -0400
|
||||
Subject: [PATCH] efi/http: change uint32_t to uintn_t
|
||||
|
||||
Modify UINT32 to UINTN in EFI_HTTP_MESSAGE to
|
||||
be UEFI 2.9 compliant.
|
||||
|
||||
Signed-off-by: Keng-Yu Lin <kengyu@hpe.com>
|
||||
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
|
||||
---
|
||||
include/grub/efi/http.h | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/include/grub/efi/http.h b/include/grub/efi/http.h
|
||||
index c5e9a89f5050..ad164ba1913d 100644
|
||||
--- a/include/grub/efi/http.h
|
||||
+++ b/include/grub/efi/http.h
|
||||
@@ -171,9 +171,9 @@ typedef struct {
|
||||
grub_efi_http_request_data_t *request;
|
||||
grub_efi_http_response_data_t *response;
|
||||
} data;
|
||||
- grub_efi_uint32_t header_count;
|
||||
+ grub_efi_uintn_t header_count;
|
||||
grub_efi_http_header_t *headers;
|
||||
- grub_efi_uint32_t body_length;
|
||||
+ grub_efi_uintn_t body_length;
|
||||
void *body;
|
||||
} grub_efi_http_message_t;
|
||||
|
|
@ -139,7 +139,11 @@ case "$COMMAND" in
|
|||
sed -i -e "s,^initrd.*,initrd ${BOOTPREFIX}${INITRD},g" "${BLS_TARGET}"
|
||||
fi
|
||||
|
||||
if [[ "$KERNEL_VERSION" == *\+debug* ]] && [ "x$GRUB_DEFAULT_TO_DEBUG" != "xtrue" ]; then
|
||||
if ( [[ "$KERNEL_VERSION" != *${GRUB_DEFAULT_KERNEL_TYPE}* ]] && \
|
||||
[ "x$GRUB_NON_STANDARD_KERNEL" == "xtrue" ] ) || \
|
||||
( echo "$KERNEL_VERSION" | grep -E -q "64k|auto|rt|uki" && \
|
||||
[ "x$GRUB_NON_STANDARD_KERNEL" != "xtrue" ] ) || \
|
||||
( [[ "$KERNEL_VERSION" == *debug* ]] && [ "x$GRUB_DEFAULT_TO_DEBUG" != "xtrue" ] ); then
|
||||
GRUB_UPDATE_DEFAULT_KERNEL=false
|
||||
fi
|
||||
|
||||
|
|
12
grub.macros
12
grub.macros
|
@ -623,6 +623,18 @@ if [ %{3} -eq 0 ]; then \
|
|||
${RPM_BUILD_ROOT}/%{_bindir}/grub2-editenv \\\
|
||||
${RPM_BUILD_ROOT}/boot/grub2/grubenv create \
|
||||
fi \
|
||||
%{expand:%ifnarch ppc64le \
|
||||
mkdir pxe \
|
||||
./grub-mknetdir \\\
|
||||
--directory ./grub-core \\\
|
||||
--fonts="" \\\
|
||||
--locales="" \\\
|
||||
--themes="" \\\
|
||||
--modules="configfile gzio linux reboot test" \\\
|
||||
--net-directory=pxe \\\
|
||||
--subdir . \
|
||||
mv pxe/*/core.0 $RPM_BUILD_ROOT/%{_libdir}/grub/%{1}/ \
|
||||
%endif} \
|
||||
%{expand:%%do_install_protected_file grub2-%{legacy_package_arch}} \
|
||||
cd .. \
|
||||
%{nil}
|
||||
|
|
11
grub.patches
11
grub.patches
|
@ -322,3 +322,14 @@ Patch0321: 0321-mm-Preallocate-some-space-when-adding-new-regions.patch
|
|||
Patch0322: 0322-mm-Avoid-complex-heap-growth-math-in-hot-path.patch
|
||||
Patch0323: 0323-hostdisk-work-around-proc-not-reporting-size.patch
|
||||
Patch0324: 0324-blscfg-check-for-mounted-boot-in-emu.patch
|
||||
Patch0325: 0325-emu-linux-work-around-systemctl-kexec-returning.patch
|
||||
Patch0326: 0326-kern-ieee1275-init-Convert-plain-numbers-to-constant.patch
|
||||
Patch0327: 0327-kern-ieee1275-init-Extended-support-in-Vec5.patch
|
||||
Patch0328: 0328-tpm-Disable-the-tpm-verifier-if-the-TPM-device-is-no.patch
|
||||
Patch0329: 0329-grub_dl_set_mem_attrs-fix-format-string.patch
|
||||
Patch0330: 0330-grub_dl_set_mem_attrs-add-self-check-for-the-tramp-G.patch
|
||||
Patch0331: 0331-grub_dl_load_segments-page-align-the-tramp-GOT-areas.patch
|
||||
Patch0332: 0332-emu-Add-switch-root-to-grub-emu.patch
|
||||
Patch0333: 0333-util-Enable-default-kernel-for-updates.patch
|
||||
Patch0334: 0334-efi-http-change-uint32_t-to-uintn_t.patch
|
||||
Patch0335: 0001-RISC-V-Handle-R_RISCV_CALL_PLT-reloc.patch
|
||||
|
|
29
grub2.spec
29
grub2.spec
|
@ -17,7 +17,7 @@
|
|||
Name: grub2
|
||||
Epoch: 1
|
||||
Version: 2.06
|
||||
Release: 89%{?dist}
|
||||
Release: 97.0.riscv64%{?dist}
|
||||
Summary: Bootloader with support for Linux, Multiboot and more
|
||||
License: GPLv3+
|
||||
URL: http://www.gnu.org/software/grub/
|
||||
|
@ -544,6 +544,33 @@ mv ${EFI_HOME}/grub.cfg.stb ${EFI_HOME}/grub.cfg
|
|||
%endif
|
||||
|
||||
%changelog
|
||||
* Wed Aug 30 2023 David Abdurachmanov <davidlt@rivosinc.com> - 2.06-97.0.riscv64
|
||||
- Backport riscv64 R_RISCV_CALL_PLT reloc patch
|
||||
|
||||
* Tue Aug 22 2023 Nicolas Frayer <nfrayer@redhat.com> - 2.06-97
|
||||
- efi/http: change uint32_t to uintn_t
|
||||
|
||||
* Tue Aug 22 2023 Nicolas Frayer <nfrayer@redhat.com> - 2.06-96
|
||||
- util: Enable default kernel for updates
|
||||
|
||||
* Wed Apr 12 2023 Robbie Harwood <rharwood@redhat.com> - 2.06-95
|
||||
- Add switch-root support to grub-emu
|
||||
|
||||
* Mon Apr 10 2023 Robbie Harwood <rharwood@redhat.com> - 2.06-94
|
||||
- Fix aa64 page fault with EFI_MEMORY_ATTRIBUTE_PROTOCOL
|
||||
|
||||
* Fri Mar 31 2023 Robbie Harwood <rharwood@redhat.com> - 2.06-93
|
||||
- Add legacy pxe core.0 (cmadams)
|
||||
|
||||
* Thu Mar 30 2023 Robbie Harwood <rharwood@redhat.com> - 2.06-92
|
||||
- Disable the tpm verifier if the TPM device is not present
|
||||
|
||||
* Thu Mar 30 2023 Robbie Harwood <rharwood@redhat.com> - 2.06-91
|
||||
- ppc64le: more cas vec5 shenanigans
|
||||
|
||||
* Wed Mar 22 2023 Robbie Harwood <rharwood@redhat.com> - 2.06-90
|
||||
- emu: work around systemctl bad behavior
|
||||
|
||||
* Thu Mar 09 2023 Robbie Harwood <rharwood@redhat.com> - 2.06-89
|
||||
- emu: handle BLS /boot weirdness
|
||||
|
||||
|
|
Loading…
Reference in New Issue