From 82ddce2bdfe853ed037581273c0070d9d2476ea8 Mon Sep 17 00:00:00 2001 From: MSVSphere Packaging Team Date: Fri, 29 Mar 2024 15:43:56 +0300 Subject: [PATCH] import grub2-2.02-156.el8 --- .gitignore | 9 + .grub2.metadata | 9 + ...d-support-for-Linux-EFI-stub-loading.patch | 997 + SOURCES/0002-Rework-linux-command.patch | 115 + SOURCES/0003-Rework-linux16-command.patch | 98 + ...ecureboot-support-on-efi-chainloader.patch | 1390 ++ ...loaders-that-link-in-efi-mode-honor-.patch | 516 + ...rch-64-on-32-boot-in-linuxefi-loader.patch | 263 + SOURCES/0007-re-write-.gitignore.patch | 502 + ...ient-architecture-CAS-reboot-support.patch | 172 + ...nsole-display-attr-when-clear-screen.patch | 29 + ...video-support-for-IBM-power-machines.patch | 62 + ...when-generating-configuration-by-gru.patch | 26 + ...2-Move-bash-completion-script-922997.patch | 52 + SOURCES/0013-Update-to-minilzo-2.08.patch | 8509 ++++++++ ...o-include-entries-by-title-not-just-.patch | 141 + SOURCES/0015-Add-GRUB_DISABLE_UUID.patch | 106 + .../0016-Make-exit-take-a-return-code.patch | 256 + ...pot-as-binary-so-git-won-t-try-to-di.patch | 19 + ...es-load-an-env-block-from-a-variable.patch | 81 + ...HCP-client-ID-and-UUID-options-added.patch | 142 + ...-trim-arp-packets-with-abnormal-size.patch | 28 + ...Fix-bad-test-on-GRUB_DISABLE_SUBMENU.patch | 38 + ...UEFI-operating-systems-returned-by-o.patch | 46 + ...023-Migrate-PPC-from-Yaboot-to-Grub2.patch | 151 + .../0024-Add-fw_path-variable-revised.patch | 78 + ...-hex-hex-straight-through-unmolested.patch | 179 + ...026-Add-X-option-to-printf-functions.patch | 55 + ...for-specific-config-file-for-netboot.patch | 200 + ...g-module-to-parse-Boot-Loader-Specif.patch | 248 + SOURCES/0029-Add-devicetree-loading.patch | 68 + ...0-Don-t-write-messages-to-the-screen.patch | 176 + .../0031-Don-t-print-GNU-GRUB-header.patch | 42 + .../0032-Don-t-add-to-highlighted-row.patch | 23 + SOURCES/0033-Message-string-cleanups.patch | 68 + ...ing-now-that-we-aren-t-displaying-it.patch | 29 + ...t-indentation-for-the-term-help-text.patch | 25 + SOURCES/0036-Indent-menu-entries.patch | 23 + SOURCES/0037-Fix-margins.patch | 34 + ...-1-for-our-right-hand-margin-so-line.patch | 24 + ...0039-Enable-pager-by-default.-985860.patch | 23 + ...-on-serial-so-don-t-tell-the-user-to.patch | 24 + ...n-t-say-GNU-Linux-in-generated-menus.patch | 42 + ...-Don-t-draw-a-border-around-the-menu.patch | 71 + ...andard-margin-for-the-timeout-string.patch | 40 + ...rame-to-list-of-relocations-stripped.patch | 22 + ...spaces-when-we-re-doing-our-cmdline-.patch | 33 + ...password-to-boot-entries-generated-b.patch | 28 + .../0047-Don-t-emit-Booting-.-message.patch | 49 + ...f-man-pages-with-slightly-nicer-ones.patch | 1960 ++ ...ix-when-fallback-searching-for-grub-.patch | 41 + ...-before-grub.cfg-on-tftp-config-file.patch | 111 + ...ert-function-to-support-NVMe-devices.patch | 56 + ...P-protocol-for-exclusive-use-by-grub.patch | 43 + ...P-protocol-for-exclusive-use-by-grub.patch | 51 + SOURCES/0054-Add-grub_util_readlink.patch | 3731 ++++ ...se-symlinks-including-those-across-d.patch | 102 + ...CLASS-in-10_linux-from-etc-os-releas.patch | 29 + ...t-ordering-for-.debug-and-rescue-ker.patch | 30 + ...8-Try-prefix-if-fw_path-doesn-t-work.patch | 208 + ...-grub.cfg-netboot-selection-order-11.patch | 66 + ...-Package-Sort-for-grub2-mkconfig-112.patch | 447 + .../0061-Handle-rssd-storage-devices.patch | 36 + ...fig-construct-titles-that-look-like-.patch | 69 + ...ly-grub2-password-config-tool-985962.patch | 272 + ...-configure.ac-and-grub-rpm-sort-play.patch | 57 + .../0065-tcp-add-window-scaling-support.patch | 87 + ...r-for-the-first-exclusive-reopen-of-.patch | 59 + ...ue-when-reading-username-and-passwor.patch | 44 + ...ub-password-will-not-be-read-1290803.patch | 28 + ...ub-setpassword-documentation-1290799.patch | 55 + ...le-issue-in-grub-setpassword-1294243.patch | 27 + ...rsistent-RAM-and-unknown-possible-fu.patch | 28 + .../0072-efiemu-Fix-compilation-failure.patch | 27 + ...P-protocol-for-exclusive-use-by-grub.patch | 65 + SOURCES/0074-Add-a-url-parser.patch | 1021 + ...net-and-bootp-add-support-for-dhcpv6.patch | 660 + ...rnel-settings-and-use-it-in-10_linux.patch | 300 + ...0077-Normalize-slashes-in-tftp-paths.patch | 55 + SOURCES/0078-Fix-malformed-tftp-packets.patch | 32 + ...1374141-fix-incorrect-mask-for-ppc64.patch | 45 + .../0080-Make-grub_fatal-also-backtrace.patch | 172 + .../0081-Make-grub-editenv-build-again.patch | 27 + ...ix-up-some-man-pages-rpmdiff-noticed.patch | 150 + .../0083-Make-exit-take-a-return-code.patch | 53 + ...fdt-has-address-cells-and-size-cells.patch | 42 + ...fo-pages-say-grub2-where-appropriate.patch | 1013 + ...more-debug-info-in-our-module-loader.patch | 41 + ...-chainloader-entries-don-t-try-any-x.patch | 124 + ...-Add-ability-to-boot-from-subvolumes.patch | 703 + ...port-btrfs_subvol-and-btrfs_subvolid.patch | 26 + .../0090-grub2-btrfs-03-follow_default.patch | 196 + .../0091-grub2-btrfs-04-grub2-install.patch | 174 + .../0092-grub2-btrfs-05-grub2-mkconfig.patch | 127 + .../0093-grub2-btrfs-06-subvol-mount.patch | 537 + ...ootable-Snapshot-submenu-in-grub.cfg.patch | 31 + ...subvol-name-scheme-to-support-old-sn.patch | 58 + ...-correctly-with-btrfs-snapshots-bsc-.patch | 272 + ...ocate_pool-and-grub_efi_free_pool-wr.patch | 72 + ...fi_.-memory-helpers-where-reasonable.patch | 106 + ...9-Add-PRIxGRUB_EFI_STATUS-and-use-it.patch | 46 + ...c-sized-arrays-since-we-don-t-build-.patch | 43 + SOURCES/0101-don-t-ignore-const.patch | 22 + .../0102-don-t-use-int-for-efi-status.patch | 22 + ...INIT-declare-its-function-prototypes.patch | 29 + ...104-editenv-handle-relative-symlinks.patch | 50 + ...e-libgrub.pp-depend-on-config-util.h.patch | 45 + ...-efi-as-HFS-on-ppc-machines-in-grub-.patch | 41 + ...d-xen-or-multiboot-2-modules-as-need.patch | 31 + ...-calibration-not-take-51-seconds-to-.patch | 211 + ...109-align-struct-efi_variable-better.patch | 33 + .../0110-Add-quicksort-implementation.patch | 322 + ...nd-support-to-parse-BootLoaderSpec-c.patch | 1157 ++ ...112-Add-BLS-support-to-grub-mkconfig.patch | 167 + ...d-grub_exit-definition-for-grub-emu-.patch | 33 + ...-backtrace-on-grub_abort-for-grub-em.patch | 26 + ...-blscfg-command-for-the-emu-platform.patch | 164 + ...nux-and-initrd-commands-for-grub-emu.patch | 347 + ...7-Fix-the-efidir-in-grub-setpassword.patch | 24 + SOURCES/0118-Add-grub2-switch-to-blscfg.patch | 345 + SOURCES/0119-Add-grub_debug_enabled.patch | 60 + SOURCES/0120-make-better-backtraces.patch | 908 + ...w-our-startup-message-if-debug-is-se.patch | 23 + ...-some-minor-include-path-weirdnesses.patch | 137 + ...it-possible-to-enabled-build-id-sha1.patch | 61 + ...f-grub_dprintf-without-the-file-line.patch | 56 + ...dprintf-that-tells-us-load-addresses.patch | 178 + ...scan-different-BLS-directories-on-EF.patch | 46 + SOURCES/0127-Core-TPM-support.patch | 786 + SOURCES/0128-Measure-kernel-initrd.patch | 39 + SOURCES/0129-Add-BIOS-boot-measurement.patch | 176 + ...re-kernel-and-initrd-on-BIOS-systems.patch | 84 + .../0131-Measure-the-kernel-commandline.patch | 40 + SOURCES/0132-Measure-commands.patch | 73 + ...Measure-multiboot-images-and-modules.patch | 75 + .../0134-Fix-boot-when-there-s-no-TPM.patch | 29 + SOURCES/0135-Rework-TPM-measurements.patch | 216 + SOURCES/0136-Fix-event-log-prefix.patch | 26 + ...ot-menu-entry-as-default-when-using-.patch | 27 + ...-when-compiling-for-platforms-other-.patch | 38 + SOURCES/0139-Make-TPM-errors-less-fatal.patch | 208 + ...cfg-handle-multiple-initramfs-images.patch | 104 + ...switch-to-blscfg-on-non-EFI-machines.patch | 25 + ...LS-Use-etcdefaultgrub-instead-of-etc.patch | 24 + ...ons-to-grub2-switch-to-blscfg-man-pa.patch | 31 + ...h-to-blscfg-to-generate-debug-BLS-wh.patch | 58 + ...h-to-blscfg-to-generate-BLS-fragment.patch | 28 + ...query-dev-mounted-in-boot-efi-as-boo.patch | 40 + ...ath-when-searching-kernels-images-if.patch | 38 + ...field-to-compare-entries-if-id-field.patch | 29 + ...d-to-BLS-generated-by-grub2-switch-t.patch | 41 + SOURCES/0150-Fixup-for-newer-compiler.patch | 36 + ...-export-the-start-and-_start-symbols.patch | 42 + ...plify-BLS-entry-key-val-pairs-lookup.patch | 170 + ...h-to-the-kernel-and-initrds-BLS-fiel.patch | 73 + ...p-leading-spaces-on-BLS-field-values.patch | 56 + SOURCES/0155-Fixup-for-newer-compiler.patch | 22 + ..._log_extend_event-function-prototype.patch | 50 + SOURCES/0157-TPM-Fix-compiler-warnings.patch | 72 + ...lscfg.in-get-rid-of-a-bunch-of-bashi.patch | 113 + ...lscfg.in-Better-boot-prefix-checking.patch | 73 + ...entries-as-BLS-directory-path-also-o.patch | 152 + ...-filename-as-menu-entry-id-and-for-c.patch | 134 + ...witch-to-blscfg-boot-prefix-handling.patch | 58 + ...-trim-arp-packets-with-abnormal-size.patch | 27 + .../0164-Use-xid-to-match-DHCP-replies.patch | 65 + ...pport-for-non-Ethernet-network-cards.patch | 764 + ...lid-character-recongition-in-strto-l.patch | 37 + ...racketed-ipv6-addrs-and-port-numbers.patch | 229 + ...ed-ipv6-addrs-and-port-numbers-pjone.patch | 105 + .../0169-bootp-New-net_bootp6-command.patch | 1357 ++ ...t-back-our-code-to-add-a-local-route.patch | 35 + .../0171-efinet-UEFI-IPv6-PXE-support.patch | 126 + ...172-grub.texi-Add-net_bootp6-doument.patch | 48 + ...essing-DHCPACK-packet-from-HTTP-Boot.patch | 135 + ...etting-network-from-UEFI-device-path.patch | 405 + ...etting-DNS-server-from-UEFI-protocol.patch | 337 + ...0176-Fix-one-more-coverity-complaint.patch | 27 + SOURCES/0177-Fix-grub_net_hwaddr_to_str.patch | 41 + ...78-Support-UEFI-networking-protocols.patch | 5055 +++++ .../0179-AUDIT-0-http-boot-tracker-bug.patch | 62 + ...efi_gop.c-Add-support-for-BLT_ONLY-a.patch | 56 + .../0181-efi-uga-use-64-bit-for-fb_base.patch | 105 + ...ot-set-text-mode-until-we-actually-n.patch | 184 + ...grub_console_read_key_stroke-helper-.patch | 102 + ...nsole-Implement-getkeystatus-support.patch | 72 + ...status-helper-funtion-available-ever.patch | 87 + ...d-holding-SHIFT-as-user-interrupt-ke.patch | 94 + ...-incr-command-to-increment-integer-v.patch | 93 + SOURCES/0188-Add-auto-hide-menu-support.patch | 191 + ...try-for-firmware-setup-on-UEFI-FastB.patch | 93 + .../0190-Add-grub-set-bootflag-utility.patch | 296 + ...Fix-grub-setpassword-o-s-output-path.patch | 33 + ...ssword-be-named-like-all-the-other-g.patch | 88 + ...b-boot-indeterminate.service-example.patch | 33 + ...e-Use-a-timeout-of-60s-for-menu_show.patch | 31 + ...hide-Reduce-number-of-save_env-calls.patch | 41 + ...-fix-use-with-sys-firmware-efi-efiva.patch | 36 + SOURCES/0197-gentpl-add-disable-support.patch | 46 + .../0198-gentpl-add-pc-firmware-type.patch | 22 + .../0199-blscfg-remove-unused-typedef.patch | 29 + ...-dynamically-allocate-default_blsdir.patch | 45 + ...fg-sort-BLS-entries-by-version-field.patch | 58 + ...-remove-NULL-guards-around-grub_free.patch | 48 + ...g-fix-filename-in-no-linux-key-error.patch | 47 + ...blscfg-don-t-leak-bls_entry.filename.patch | 27 + ...lscfg-fix-compilation-on-EFI-and-EMU.patch | 34 + ...-blscfg-and-loadenv-source-file-list.patch | 39 + ...f-the-linuxefi-linux16-linux-distinc.patch | 56 + ...lscfg-Only-fix-boot-prefix-for-non-g.patch | 48 + ...e-BLS-options-field-instead-of-showi.patch | 130 + ...to-search-BLS-snippets-in-boot-loade.patch | 59 + ...empt-to-sort-by-version-if-not-prese.patch | 82 + ...gic-to-read-the-grubenv-file-and-set.patch | 292 + ...auto_hide.in-to-01_menu_auto_hide.in.patch | 33 + ...e-the-firmware-acceleration-for-http.patch | 25 + ...ot_url-reflect-the-protocol-hostname.patch | 50 + ...0216-Force-everything-to-use-python3.patch | 42 + SOURCES/0217-Fix-an-8-year-old-typo.patch | 23 + ...n-don-t-run-autoreconf-in-the-topdir.patch | 21 + ...n-tell-configure-which-cflags-utils-.patch | 149 + ...make-it-possible-to-run-checkers-on-.patch | 58 + ...fier-report-the-filename-or-modname-.patch | 250 + ...fs-not-duplicate-symbols-from-efinet.patch | 27 + ...23-Rework-how-the-fdt-command-builds.patch | 118 + ...able-non-wordsize-allocations-on-arm.patch | 41 + ...-R-.note.gnu.property-at-more-places.patch | 82 + ...nd-prefix-when-HTTP-path-is-relative.patch | 150 + ...ernel_header.hdr_offset-be-at-the-ri.patch | 71 + .../0228-Mark-some-unused-stuff-unused.patch | 32 + .../0229-Make-grub_error-more-verbose.patch | 98 + ...-Better-memory-allocation-and-error-.patch | 307 + ...231-drop-TPM-support-for-legacy-BIOS.patch | 401 + ...unction-from-kernel.exec-to-the-blsc.patch | 148 + ...e-blscfg-module-for-powerpc-ieee1275.patch | 27 + ...lscfg-copy-blscfg-module-for-legacy-.patch | 55 + .../0235-Fix-getroot.c-s-trampolines.patch | 49 + ...-grub.d-snippet-to-generate-menu-ent.patch | 485 + ...pts-in-grubenv-if-it-wasn-t-set-befo.patch | 79 + ...t-include-.conf-at-the-end-of-our-id.patch | 41 + ...settings-expose-some-more-config-var.patch | 32 + ...erything-with-rpm-package-comparison.patch | 161 + ...-grub2-rpm-sort-instead-of-ls-vr-to-.patch | 43 + ...-t-set-saved_entry-on-grub2-mkconfig.patch | 42 + ...lscfg-use-debug-instead-of-debug-as-.patch | 31 + ...ke-blscfg-debug-messages-more-useful.patch | 175 + ...l-end-pointer-have-the-right-constif.patch | 391 + ...ntry-selection-based-on-ID-and-title.patch | 235 + ...en-reading-ID-value-from-etc-os-rele.patch | 46 + ...ub_users-before-passing-to-grub_norm.patch | 38 + ...try-users-option-argument-to-be-opti.patch | 46 + ...bls-add-missing-menu-entries-options.patch | 56 + ...-menu-entry-selection-based-on-title.patch | 41 + ...-only-be-copied-by-grub-switch-to-bl.patch | 120 + ...mber-wrongly-dereferencing-the-tail-.patch | 34 + ...fig-to-honour-GRUB_CMDLINE_LINUX-in-.patch | 99 + ...s.timer-Add-a-few-Conditions-for-run.patch | 35 + ...polkit-pkexec-for-grub-boot-success..patch | 32 + ...g-up-grub.cfg-XXX-while-tftp-booting.patch | 42 + ...HTTP-boot-strncmp-returns-0-on-equal.patch | 23 + ...licate-net-name-string-if-not-needed.patch | 53 + ...-to-set-fPIE-and-friends-on-libgnu.a.patch | 39 + ...to-default_kernelopts-if-BLS-option-.patch | 60 + ...d_env-after-blscfg-command-in-10_lin.patch | 27 + ...-to-separate-id-argument-due-a-Petit.patch | 33 + ...-t-add-users-option-to-generated-men.patch | 37 + ...g-Update-comment-about-running-as-ro.patch | 27 + ...g-Write-new-env-to-tmpfile-and-then-.patch | 154 + ...7-Fix-PRIxGRUB_EFI_STATUS-definition.patch | 48 + ...es-if-measuraments-fail-as-debug-ins.patch | 100 + ...itialize-variable-to-fix-grub-instal.patch | 66 + ...ce-char-when-appending-fields-for-va.patch | 76 + ...fw-http-_path-variables-to-make-them.patch | 50 + ...-literal-IPv6-addresses-in-square-br.patch | 114 + ...o-specify-a-port-number-in-addresses.patch | 48 + ...mprove-check-to-detect-literal-IPv6-.patch | 48 + ...debug-message-if-parsing-the-address.patch | 68 + ...se-address-before-jumping-to-the-PE-.patch | 60 + ...r-overrun-when-attempting-to-shrink-.patch | 62 + SOURCES/0278-Reimplement-boot_counter.patch | 196 + ...-boot-success-reset-from-menu-auto-h.patch | 165 + ...indeterminate-getting-set-on-boot_su.patch | 75 + ...lexer-fatal-errors-actually-be-fatal.patch | 67 + ...e-arithmetic-primitives-that-check-f.patch | 124 + ...-we-always-have-an-overflow-checking.patch | 240 + ...284-calloc-Use-calloc-at-most-places.patch | 1942 ++ ...low-checking-primitives-where-we-do-.patch | 1320 ++ ...on-t-leak-memory-on-realloc-failures.patch | 66 + ...-not-load-more-than-one-NAME-section.patch | 35 + ...fxmenu-Fix-double-free-in-load_image.patch | 33 + ...ree-in-grub_xnu_devprop_add_property.patch | 53 + ...sure-we-don-t-dereference-past-array.patch | 49 + ...291-term-Fix-overflow-on-user-inputs.patch | 63 + SOURCES/0292-udf-Fix-memory-leak.patch | 53 + ...emory-leak-if-grub_create_loader_cmd.patch | 44 + .../0294-tftp-Do-not-use-priority-queue.patch | 286 + ...t-grub_relocator_alloc_chunk_addr-in.patch | 147 + ...t-grub_relocator_alloc_chunk_align-m.patch | 335 + ...used-fields-from-grub_script_functio.patch | 30 + ...se-after-free-when-redefining-a-func.patch | 105 + ...ub_relocator_alloc_chunk_align-top-m.patch | 43 + .../0300-hfsplus-fix-two-more-overflows.patch | 54 + ...-potential-data-dependent-alloc-over.patch | 109 + .../0302-emu-make-grub_free-NULL-safe.patch | 31 + ...formed-device-path-arithmetic-errors.patch | 248 + ...-caused-by-efi-fix-some-malformed-de.patch | 85 + ...with-fallback-code-for-gcc-older-tha.patch | 147 + ...x-use-after-free-in-halt-reboot-path.patch | 162 + ...p-fix-some-allocation-error-checking.patch | 37 + ...p-fix-some-allocation-error-checking.patch | 39 + ...g.c-fix-some-potential-allocation-ov.patch | 127 + ...-types-for-gcc-4.8-compat-safemath.h.patch | 216 + ...integer-overflows-in-grub_cmd_initrd.patch | 48 + ...id-overflow-on-initrd-size-calculati.patch | 25 + ...rnel-validation-without-shim-protoco.patch | 97 + ...er-overflows-in-initrd-size-handling.patch | 165 + ...ok-for-BLS-snippets-in-the-root-devi.patch | 47 + ...dcode-an-env-var-as-fallback-for-the.patch | 47 + ...lock-counter-to-prevent-timeouts-wit.patch | 51 + ...set-1-when-keyboard-is-in-Translate-.patch | 121 + ...ll-disable-support-for-EFI-platforms.patch | 118 + ...imestamps-configure-flag-to-prepend-.patch | 112 + ...ements-to-grub_disk_open-and-grub_di.patch | 47 + ...on-grub_debug_is_enabled-void-return.patch | 51 + ...ear-screen-when-debugging-is-enabled.patch | 27 + ..._-instrumentation-new-file-debug-tag.patch | 71 + ...-Avoiding-many-unecessary-open-close.patch | 136 + ...-implements-fibre-channel-discovery-.patch | 90 + ...erpc-enables-device-mapper-discovery.patch | 106 + ...fallback_set-var-to-force-the-set-ma.patch | 239 + ...size_t-instead-of-plain-int-for-size.patch | 60 + ...ype-for-fine-grained-signature-verif.patch | 1738 ++ SOURCES/0331-verifiers-Framework-core.patch | 1026 + ...ssibility-to-verify-kernel-and-modul.patch | 520 + ...ssibility-to-defer-verification-to-o.patch | 91 + ...s-Rename-verify-module-to-pgp-module.patch | 36 + ...d-and-tests-after-pgp-module-renamin.patch | 55 + ...rub-file.h-Add-device-tree-file-type.patch | 30 + ...-efi-fdt.c-Fixup-grub_file_open-call.patch | 28 + ...efi-Fix-breakage-caused-by-verifiers.patch | 38 + ...-sparc64-Fix-up-grub_file_open-calls.patch | 74 + ...uble-close-on-pgp-s-sig-file-descrip.patch | 146 + .../0341-verifiers-Xen-fallout-cleanup.patch | 46 + ...42-verifiers-ARM-Xen-fallout-cleanup.patch | 63 + ...0343-verifiers-IA-64-fallout-cleanup.patch | 28 + ...44-verifiers-PowerPC-fallout-cleanup.patch | 37 + .../0345-verifiers-MIPS-fallout-cleanup.patch | 27 + ...lling-uninitialized-function-pointer.patch | 41 + SOURCES/0347-rhel-extra-file-type-fixes.patch | 124 + ...l-Add-support-for-persistent-modules.patch | 65 + ...igning-grub-with-an-appended-signatu.patch | 309 + ...rub-Document-signing-grub-under-UEFI.patch | 59 + ...nt-signing-grub-with-an-appended-sig.patch | 67 + ...-install-is-no-longer-a-shell-script.patch | 33 + ...key-has-been-supported-for-some-time.patch | 36 + ...e-grub_dl_set_persistent-for-the-emu.patch | 44 + ...verifiers-provide-unsafe-module-list.patch | 96 + SOURCES/0356-pgp-factor-out-rsa_pad.patch | 191 + ...rage-for-grub_crypto_pk_-to-crypto.c.patch | 71 + ...p-tweaks-in-preparation-for-libtasn1.patch | 64 + ...0359-libtasn1-import-libtasn1-4.16.0.patch | 8934 ++++++++ ...asn1-disable-code-not-needed-in-grub.patch | 307 + ...tasn1-changes-for-grub-compatibility.patch | 202 + ...62-libtasn1-compile-into-asn1-module.patch | 70 + ...3-test_asn1-test-module-for-libtasn1.patch | 1455 ++ ...-support-embedding-x509-certificates.patch | 255 + ...res-import-GNUTLS-s-ASN.1-descriptio.patch | 639 + ...res-parse-PKCS-7-signedData-and-X.50.patch | 1542 ++ ...res-support-verifying-appended-signa.patch | 719 + ...pended-signatures-verification-tests.patch | 897 + ...69-appended-signatures-documentation.patch | 329 + ...pended-signature-enforcement-to-ibm-.patch | 137 + ...lude-grub-verify.h-Add-include-guard.patch | 37 + ...o-few-arguments-to-function-grub_cre.patch | 40 + SOURCES/0373-kern-Add-lockdown-support.patch | 440 + ...t-a-variable-if-the-GRUB-is-locked-d.patch | 53 + ...-GRUB-when-the-UEFI-Secure-Boot-is-e.patch | 52 + ...lockdown-instead-of-hardcoding-a-dis.patch | 137 + ...ter-the-acpi-command-when-locked-dow.patch | 72 + ...ter-cutmem-and-badram-commands-when-.patch | 66 + ...t-commands-that-can-load-BIOS-or-DT-.patch | 108 + ...Restrict-setpci-command-when-locked-.patch | 33 + ...Restrict-hdparm-command-when-locked-.patch | 31 + ...Restrict-GDB-access-when-locked-down.patch | 58 + ...-allow-loading-extension-and-package.patch | 57 + ...384-docs-Document-the-cutmem-command.patch | 61 + ...loading-modules-that-are-not-depende.patch | 83 + ...le-out-of-bound-accesses-caused-by-m.patch | 112 + ...leak-when-iterating-over-mapped-memo.patch | 36 + ...ible-dereference-to-of-a-NULL-pointe.patch | 36 + ...net-tftp-Fix-dangling-memory-pointer.patch | 30 + ...n-parser-Fix-resource-leak-if-argc-0.patch | 47 + ...-kern-efi-Fix-memory-leak-on-failure.patch | 27 + ...ix-possible-NULL-pointer-dereference.patch | 65 + ...ulib-regexec-Resolve-unused-variable.patch | 73 + ...mp-Fix-uninitialized-token-structure.patch | 64 + ...-Fix-dereference-of-a-possibly-NULL-.patch | 64 + ...egexec-Fix-possible-null-dereference.patch | 65 + ...b-regcomp-Fix-uninitialized-re_token.patch | 64 + ...e-unnecessary-self-assignment-errors.patch | 38 + ...heck-for-NULL-before-dereferencing-i.patch | 40 + ...re-comp-data-is-freed-before-exiting.patch | 125 + ...-If-failed-then-free-vg-variable-too.patch | 25 + ...ory-leak-on-uninserted-lv-references.patch | 47 + ...odisk-Fix-potential-integer-overflow.patch | 47 + ...that-the-volume-name-length-is-valid.patch | 40 + ...ix-possible-negative-shift-operation.patch | 39 + ...source-leaks-while-constructing-path.patch | 118 + ...7-zfs-Fix-possible-integer-overflows.patch | 53 + ...-a-check-for-error-allocating-memory.patch | 32 + SOURCES/0409-affs-Fix-memory-leaks.patch | 79 + ...x-possible-unintended-sign-extension.patch | 32 + ...pt-mpi-Fix-possible-NULL-dereference.patch | 30 + ...slinux-Fix-memory-leak-while-parsing.patch | 40 + ...n-Fix-leaking-of-memory-when-process.patch | 49 + ...4-commands-hashsum-Fix-a-memory-leak.patch | 53 + ...move-unnecessary-return-value-of-gru.patch | 91 + ...bfill-Fix-potential-integer-overflow.patch | 75 + ...eo_fb-Fix-multiple-integer-overflows.patch | 101 + ...deo_fb-Fix-possible-integer-overflow.patch | 36 + ...eg-Test-for-an-invalid-next-marker-r.patch | 35 + ...-Remove-code-that-coverity-is-flaggi.patch | 31 + ...ader-bsd-Check-for-NULL-arg-up-front.patch | 44 + SOURCES/0422-loader-xnu-Fix-memory-leak.patch | 36 + ...driverkey-data-when-an-error-is-dete.patch | 74 + ...k-if-pointer-is-NULL-before-using-it.patch | 39 + ...v-Fix-incorrect-casting-of-a-signed-.patch | 43 + ...x-incorrect-use-of-a-possibly-negati.patch | 47 + ...ix-NULL-dereference-in-grub_script_e.patch | 25 + ...ire-device_name-is-not-NULL-before-p.patch | 30 + ...void-crash-when-using-outside-a-func.patch | 34 + ...peated-short-options-that-require-an.patch | 51 + ...on-t-crash-on-a-for-loop-with-no-ite.patch | 36 + ...ntry-Fix-quoting-in-setparams_prefix.patch | 43 + ...misc-Always-set-end-in-grub_strtoull.patch | 43 + ...eg-Catch-files-with-unsupported-quan.patch | 49 + ...eg-Catch-OOB-reads-writes-in-grub_jp.patch | 44 + ...eg-Don-t-decode-data-before-start-of.patch | 36 + ...-t-set-up-a-font-with-glyphs-that-ar.patch | 48 + ...impermissibly-large-block-sizes-in-r.patch | 43 + ...-fetch-a-key-beyond-the-end-of-the-n.patch | 29 + ...-use-uninitialized-data-on-corrupt-f.patch | 104 + .../0441-fs-hfs-Disable-under-lockdown.patch | 43 + ...fs-Fix-over-read-of-root-object-name.patch | 46 + ...ve-to-leaf-level-if-name-length-is-n.patch | 30 + ...the-extents-that-getblk-can-consider.patch | 58 + ...0445-fs-jfs-Catch-infinite-recursion.patch | 42 + ...0446-fs-nilfs2-Reject-too-large-keys.patch | 42 + ...search-children-if-provided-number-i.patch | 96 + ...ly-bail-on-errors-in-grub_nilfs2_btr.patch | 64 + ...9-io-gzio-Bail-if-gzio-tl-td-is-NULL.patch | 63 + ..._dynamic_block-clean-up-if-unpacking.patch | 63 + ...issing-values-in-huft_build-and-bail.patch | 53 + ...o-tl-td-in-init_dynamic_block-if-huf.patch | 38 + ...o-beyond-the-end-of-the-data-we-read.patch | 45 + ...last-past-the-end-of-the-circular-me.patch | 39 + ...455-disk-lvm-Bail-on-missing-PV-list.patch | 31 + ...crash-if-an-expected-string-is-not-f.patch | 79 + ...57-disk-lvm-Do-not-overread-metadata.patch | 107 + ...ze-rlocn-offset-to-prevent-wild-read.patch | 37 + ...allow-a-LV-to-be-it-s-own-segment-s-.patch | 35 + .../0460-kern-parser-Fix-a-memory-leak.patch | 73 + ...parser-Introduce-process_char-helper.patch | 116 + ...arser-Introduce-terminate_arg-helper.patch | 62 + ...ctor-grub_parser_split_cmdline-clean.patch | 88 + ...uffer-Add-variable-sized-heap-buffer.patch | 304 + ...n-parser-Fix-a-stack-buffer-overflow.patch | 244 + ...itial-stack-protector-implementation.patch | 298 + ...emove-unused-code-to-add-BSS-section.patch | 57 + ...-grub_host_to_target32-instead-of-gr.patch | 109 + ...ays-use-grub_host_to_target32-to-ini.patch | 35 + ...fy-more-of-the-PE32-and-PE32-header-.patch | 165 + ...rder-PE-optional-header-fields-set-u.patch | 69 + ...-Improve-data_size-value-calculation.patch | 46 + ...factor-section-setup-to-use-a-helper.patch | 216 + ...-an-option-to-import-SBAT-metadata-i.patch | 260 + ...parse_printf_args-into-format-parsin.patch | 46 + ...RING-type-for-internal-printf-format.patch | 64 + ...nction-to-check-printf-format-agains.patch | 215 + ...k-printf-format-in-the-gui_progress_.patch | 58 + ...-grub_debug_calloc-compilation-error.patch | 29 + ...ormed-device-path-arithmetic-errors-.patch | 74 + ...275-drop-HEAP_MAX_ADDR-HEAP_MIN_SIZE.patch | 75 + SOURCES/0482-ieee1275-claim-more-memory.patch | 252 + ...-memory-with-ibm-client-architecture.patch | 268 + ...-Also-handle-the-Extended-Key-Usage-.patch | 315 + ...eee1275-ofdisk-retry-on-open-failure.patch | 103 + ...over-the-device-to-read-the-config-f.patch | 123 + ...etting-of-prefix-for-signed-binary-c.patch | 75 + ...ix-signed-grub-special-case-for-Powe.patch | 43 + ...-mkconfig-restore-umask-for-grub.cfg.patch | 43 + .../0490-efinet-Add-DHCP-proxy-support.patch | 53 + ..._keyboard-Fix-unreliable-key-presses.patch | 49 + ...Fix-bug-stopping-iteration-when-no-f.patch | 35 + ...w-efidisk-only-option-on-EFI-systems.patch | 170 + SOURCES/0494-efi-new-connectefi-command.patch | 397 + ...tter-locations-for-kernel-and-initrd.patch | 203 + ...ce-buffers-for-reading-to-addresses-.patch | 109 + ...-arrange-grub_cmd_linux-a-little-bit.patch | 134 + ...e-our-own-allocator-for-kernel-stuff.patch | 259 + ...itrd-params-cmdline-allocations-abov.patch | 172 + ...maximum-bounce-buffer-size-to-16-MiB.patch | 41 + ...ort-for-trusted-boot-using-a-vTPM-2..patch | 221 + ...ackport-ibmvtpm-support-to-grub-2.02.patch | 94 + ...erpc-do-CAS-in-a-more-compatible-way.patch | 112 + ...etection-support-device-names-with-c.patch | 73 + .../0505-make-ofdisk_retries-optional.patch | 43 + ...loader-grub_load_and_start_image-doe.patch | 71 + ...hainloader-simplify-the-loader-state.patch | 334 + ...ot-Add-API-to-pass-context-to-loader.patch | 160 + ...i-chainloader-Use-grub_loader_set_ex.patch | 149 + ...linux-Avoid-a-use-after-free-in-the-.patch | 43 + ...386-efi-linux-Use-grub_loader_set_ex.patch | 299 + ...linux-Fix-a-memory-leak-in-the-initr.patch | 77 + ...-leak-device_name-on-error-in-grub_f.patch | 41 + ...g-Abort-sooner-if-a-read-operation-f.patch | 200 + ...g-Refuse-to-handle-multiple-image-he.patch | 30 + ...g-Drop-greyscale-support-to-fix-heap.patch | 172 + ...g-Avoid-heap-OOB-R-W-inserting-huff-.patch | 42 + ...-png-Sanity-check-some-huffman-codes.patch | 42 + ...eg-Abort-sooner-if-a-read-operation-.patch | 257 + ...eg-Do-not-reallocate-a-given-huff-ta.patch | 31 + ...eg-Refuse-to-handle-multiple-start-o.patch | 46 + ...eg-Block-int-underflow-wild-pointer-.patch | 55 + ...ix-array-out-of-bounds-formatting-un.patch | 36 + ...ff-Block-overly-large-netbuff-allocs.patch | 48 + ...5-net-ip-Do-IP-fragment-maths-safely.patch | 46 + ...le-free-addresses-on-corrupt-DNS-res.patch | 58 + ...ad-past-the-end-of-the-string-we-re-.patch | 73 + ...-a-UAF-and-double-free-from-a-failed.patch | 114 + ...ng-for-grub_error-should-be-a-litera.patch | 53 + .../0530-net-tftp-Avoid-a-trivial-UAF.patch | 37 + ...tear-down-socket-if-it-s-already-bee.patch | 44 + ...Fix-OOB-write-for-split-http-headers.patch | 48 + ...or-out-on-headers-with-LF-without-CR.patch | 50 + ...ead-past-the-end-of-nat-journal-entr.patch | 74 + ...-not-read-past-the-end-of-nat-bitmap.patch | 134 + ...ot-copy-file-names-that-are-too-long.patch | 40 + ...eral-fuzz-issues-with-invalid-dir-it.patch | 81 + ...efi_status_t-from-grub_efi_get_varia.patch | 143 + ...on-to-read-EFI-variables-with-attrib.patch | 76 + .../0540-Define-GRUB_EFI_SHIM_LOCK_GUID.patch | 31 + ...grub_min-and-grub_max-more-resilient.patch | 84 + ...FS-switch-to-using-grub_min-grub_max.patch | 94 + ...oot_time-also-call-grub_dprintf-boot.patch | 48 + ...dules-make-.module_license-read-only.patch | 32 + ...p-.llvm_addrsig-sections-and-similar.patch | 41 + ...locate-space-for-non-allocable-secti.patch | 37 + ...eader-struct-and-fix-some-bad-naming.patch | 83 + ...nel-in-EFI_RUNTIME_SERVICES_CODE-ins.patch | 87 + ...ule-sections-at-page-aligned-address.patch | 360 + ...-nx-add-memory-attribute-get-set-API.patch | 320 + ...-page-permissions-for-loaded-modules.patch | 265 + ...2-nx-set-attrs-in-our-kernel-loaders.patch | 571 + ...x-compatible-flag-in-EFI-grub-images.patch | 38 + ...efi_get_variable-type-in-our-loaders.patch | 51 + ...file-show-which-file-filters-get-run.patch | 47 + ...ed-array-positions-for-our-allocatio.patch | 83 + ...tion-policy-for-kernel-vs-initrd-mem.patch | 129 + ...ER_-CODE-DATA-for-kernel-and-initrd-.patch | 63 + ...5-implement-vec5-for-cas-negotiation.patch | 72 + ...ncorrect-array-size-in-kernel-alloca.patch | 38 + ...g-don-t-assume-newline-at-end-of-cfg.patch | 25 + ...hs-exceeds-font-max_glyph_width-or-f.patch | 33 + ...erflow-in-grub_font_get_glyph_intern.patch | 112 + ...-integer-overflows-in-grub_font_cons.patch | 81 + ...0565-font-Remove-grub_font_dup_glyph.patch | 42 + ...nteger-overflow-in-ensure_comb_space.patch | 48 + ...nt-Fix-integer-overflow-in-BMP-index.patch | 65 + ...-underflow-in-binary-search-of-char-.patch | 85 + .../0569-fbutil-Fix-integer-overflow.patch | 85 + ...ix-an-integer-underflow-in-blit_comb.patch | 91 + ..._font_blit_glyph-and-grub_font_blit_.patch | 75 + ...l_font-to-glyphs-in-ascii_font_glyph.patch | 36 + ...ix-an-integer-overflow-in-grub_unico.patch | 55 + ...ble-TDX-measurement-to-RTMR-register.patch | 227 + ...le-shared-processor-mode-in-vector-5.patch | 28 + ...uint32_t-to-uintn_t-for-grub_efi_htt.patch | 30 + ...ing-plain-numbers-to-constants-in-Ve.patch | 46 + ...-extended-support-in-options-vector5.patch | 125 + ...enerate-kernelopts-if-missing-on-ppc.patch | 36 + ...it-ppc64-Restrict-high-memory-in-pre.patch | 210 + ...il-Enable-default-kernel-for-updates.patch | 34 + ...g-Conservative-partial-fix-for-CVE-2.patch | 150 + ...g-More-complete-fix-for-CVE-2024-104.patch | 187 + ...g-Exit-calmly-when-not-running-as-ro.patch | 39 + ...OB-write-when-parsing-the-ATTRIBUTE_.patch | 93 + ...OB-read-when-reading-data-from-the-r.patch | 58 + ...OB-read-when-parsing-directory-entri.patch | 73 + ...OB-read-when-parsing-bitmaps-for-ind.patch | 51 + ...OOB-read-when-parsing-a-volume-label.patch | 61 + ...0590-fs-ntfs-Make-code-more-readable.patch | 159 + SOURCES/20-grub.install | 181 + SOURCES/99-grub-mkconfig.install | 25 + SOURCES/gitignore | 249 + SOURCES/grub.macros | 649 + SOURCES/grub.patches | 590 + SOURCES/release-to-master.patch | 16760 ++++++++++++++++ SOURCES/sbat.csv.in | 3 + SOURCES/strtoull_test.c | 63 + SPECS/grub2.spec | 1645 ++ 601 files changed, 123048 insertions(+) create mode 100644 .gitignore create mode 100644 .grub2.metadata create mode 100644 SOURCES/0001-Add-support-for-Linux-EFI-stub-loading.patch create mode 100644 SOURCES/0002-Rework-linux-command.patch create mode 100644 SOURCES/0003-Rework-linux16-command.patch create mode 100644 SOURCES/0004-Add-secureboot-support-on-efi-chainloader.patch create mode 100644 SOURCES/0005-Make-any-of-the-loaders-that-link-in-efi-mode-honor-.patch create mode 100644 SOURCES/0006-Handle-multi-arch-64-on-32-boot-in-linuxefi-loader.patch create mode 100644 SOURCES/0007-re-write-.gitignore.patch create mode 100644 SOURCES/0008-IBM-client-architecture-CAS-reboot-support.patch create mode 100644 SOURCES/0009-for-ppc-reset-console-display-attr-when-clear-screen.patch create mode 100644 SOURCES/0010-Disable-GRUB-video-support-for-IBM-power-machines.patch create mode 100644 SOURCES/0011-Honor-a-symlink-when-generating-configuration-by-gru.patch create mode 100644 SOURCES/0012-Move-bash-completion-script-922997.patch create mode 100644 SOURCES/0013-Update-to-minilzo-2.08.patch create mode 100644 SOURCES/0014-Allow-fallback-to-include-entries-by-title-not-just-.patch create mode 100644 SOURCES/0015-Add-GRUB_DISABLE_UUID.patch create mode 100644 SOURCES/0016-Make-exit-take-a-return-code.patch create mode 100644 SOURCES/0017-Mark-po-exclude.pot-as-binary-so-git-won-t-try-to-di.patch create mode 100644 SOURCES/0018-Make-efi-machines-load-an-env-block-from-a-variable.patch create mode 100644 SOURCES/0019-DHCP-client-ID-and-UUID-options-added.patch create mode 100644 SOURCES/0020-trim-arp-packets-with-abnormal-size.patch create mode 100644 SOURCES/0021-Fix-bad-test-on-GRUB_DISABLE_SUBMENU.patch create mode 100644 SOURCES/0022-Add-support-for-UEFI-operating-systems-returned-by-o.patch create mode 100644 SOURCES/0023-Migrate-PPC-from-Yaboot-to-Grub2.patch create mode 100644 SOURCES/0024-Add-fw_path-variable-revised.patch create mode 100644 SOURCES/0025-Pass-x-hex-hex-straight-through-unmolested.patch create mode 100644 SOURCES/0026-Add-X-option-to-printf-functions.patch create mode 100644 SOURCES/0027-Search-for-specific-config-file-for-netboot.patch create mode 100644 SOURCES/0028-blscfg-add-blscfg-module-to-parse-Boot-Loader-Specif.patch create mode 100644 SOURCES/0029-Add-devicetree-loading.patch create mode 100644 SOURCES/0030-Don-t-write-messages-to-the-screen.patch create mode 100644 SOURCES/0031-Don-t-print-GNU-GRUB-header.patch create mode 100644 SOURCES/0032-Don-t-add-to-highlighted-row.patch create mode 100644 SOURCES/0033-Message-string-cleanups.patch create mode 100644 SOURCES/0034-Fix-border-spacing-now-that-we-aren-t-displaying-it.patch create mode 100644 SOURCES/0035-Use-the-correct-indentation-for-the-term-help-text.patch create mode 100644 SOURCES/0036-Indent-menu-entries.patch create mode 100644 SOURCES/0037-Fix-margins.patch create mode 100644 SOURCES/0038-Use-2-instead-of-1-for-our-right-hand-margin-so-line.patch create mode 100644 SOURCES/0039-Enable-pager-by-default.-985860.patch create mode 100644 SOURCES/0040-F10-doesn-t-work-on-serial-so-don-t-tell-the-user-to.patch create mode 100644 SOURCES/0041-Don-t-say-GNU-Linux-in-generated-menus.patch create mode 100644 SOURCES/0042-Don-t-draw-a-border-around-the-menu.patch create mode 100644 SOURCES/0043-Use-the-standard-margin-for-the-timeout-string.patch create mode 100644 SOURCES/0044-Add-.eh_frame-to-list-of-relocations-stripped.patch create mode 100644 SOURCES/0045-Don-t-munge-raw-spaces-when-we-re-doing-our-cmdline-.patch create mode 100644 SOURCES/0046-Don-t-require-a-password-to-boot-entries-generated-b.patch create mode 100644 SOURCES/0047-Don-t-emit-Booting-.-message.patch create mode 100644 SOURCES/0048-Replace-a-lot-of-man-pages-with-slightly-nicer-ones.patch create mode 100644 SOURCES/0049-use-fw_path-prefix-when-fallback-searching-for-grub-.patch create mode 100644 SOURCES/0050-Try-mac-guid-etc-before-grub.cfg-on-tftp-config-file.patch create mode 100644 SOURCES/0051-Fix-convert-function-to-support-NVMe-devices.patch create mode 100644 SOURCES/0052-reopen-SNP-protocol-for-exclusive-use-by-grub.patch create mode 100644 SOURCES/0053-Revert-reopen-SNP-protocol-for-exclusive-use-by-grub.patch create mode 100644 SOURCES/0054-Add-grub_util_readlink.patch create mode 100644 SOURCES/0055-Make-editenv-chase-symlinks-including-those-across-d.patch create mode 100644 SOURCES/0056-Generate-OS-and-CLASS-in-10_linux-from-etc-os-releas.patch create mode 100644 SOURCES/0057-Minimize-the-sort-ordering-for-.debug-and-rescue-ker.patch create mode 100644 SOURCES/0058-Try-prefix-if-fw_path-doesn-t-work.patch create mode 100644 SOURCES/0059-Update-info-with-grub.cfg-netboot-selection-order-11.patch create mode 100644 SOURCES/0060-Use-Distribution-Package-Sort-for-grub2-mkconfig-112.patch create mode 100644 SOURCES/0061-Handle-rssd-storage-devices.patch create mode 100644 SOURCES/0062-Make-grub2-mkconfig-construct-titles-that-look-like-.patch create mode 100644 SOURCES/0063-Add-friendly-grub2-password-config-tool-985962.patch create mode 100644 SOURCES/0064-Try-to-make-sure-configure.ac-and-grub-rpm-sort-play.patch create mode 100644 SOURCES/0065-tcp-add-window-scaling-support.patch create mode 100644 SOURCES/0066-efinet-add-filter-for-the-first-exclusive-reopen-of-.patch create mode 100644 SOURCES/0067-Fix-security-issue-when-reading-username-and-passwor.patch create mode 100644 SOURCES/0068-Warn-if-grub-password-will-not-be-read-1290803.patch create mode 100644 SOURCES/0069-Clean-up-grub-setpassword-documentation-1290799.patch create mode 100644 SOURCES/0070-Fix-locale-issue-in-grub-setpassword-1294243.patch create mode 100644 SOURCES/0071-efiemu-Handle-persistent-RAM-and-unknown-possible-fu.patch create mode 100644 SOURCES/0072-efiemu-Fix-compilation-failure.patch create mode 100644 SOURCES/0073-Revert-reopen-SNP-protocol-for-exclusive-use-by-grub.patch create mode 100644 SOURCES/0074-Add-a-url-parser.patch create mode 100644 SOURCES/0075-efinet-and-bootp-add-support-for-dhcpv6.patch create mode 100644 SOURCES/0076-Add-grub-get-kernel-settings-and-use-it-in-10_linux.patch create mode 100644 SOURCES/0077-Normalize-slashes-in-tftp-paths.patch create mode 100644 SOURCES/0078-Fix-malformed-tftp-packets.patch create mode 100644 SOURCES/0079-bz1374141-fix-incorrect-mask-for-ppc64.patch create mode 100644 SOURCES/0080-Make-grub_fatal-also-backtrace.patch create mode 100644 SOURCES/0081-Make-grub-editenv-build-again.patch create mode 100644 SOURCES/0082-Fix-up-some-man-pages-rpmdiff-noticed.patch create mode 100644 SOURCES/0083-Make-exit-take-a-return-code.patch create mode 100644 SOURCES/0084-arm64-make-sure-fdt-has-address-cells-and-size-cells.patch create mode 100644 SOURCES/0085-Make-our-info-pages-say-grub2-where-appropriate.patch create mode 100644 SOURCES/0086-print-more-debug-info-in-our-module-loader.patch create mode 100644 SOURCES/0087-macos-just-build-chainloader-entries-don-t-try-any-x.patch create mode 100644 SOURCES/0088-grub2-btrfs-Add-ability-to-boot-from-subvolumes.patch create mode 100644 SOURCES/0089-export-btrfs_subvol-and-btrfs_subvolid.patch create mode 100644 SOURCES/0090-grub2-btrfs-03-follow_default.patch create mode 100644 SOURCES/0091-grub2-btrfs-04-grub2-install.patch create mode 100644 SOURCES/0092-grub2-btrfs-05-grub2-mkconfig.patch create mode 100644 SOURCES/0093-grub2-btrfs-06-subvol-mount.patch create mode 100644 SOURCES/0094-No-more-Bootable-Snapshot-submenu-in-grub.cfg.patch create mode 100644 SOURCES/0095-Fallback-to-old-subvol-name-scheme-to-support-old-sn.patch create mode 100644 SOURCES/0096-Grub-not-working-correctly-with-btrfs-snapshots-bsc-.patch create mode 100644 SOURCES/0097-Add-grub_efi_allocate_pool-and-grub_efi_free_pool-wr.patch create mode 100644 SOURCES/0098-Use-grub_efi_.-memory-helpers-where-reasonable.patch create mode 100644 SOURCES/0099-Add-PRIxGRUB_EFI_STATUS-and-use-it.patch create mode 100644 SOURCES/0100-Don-t-use-dynamic-sized-arrays-since-we-don-t-build-.patch create mode 100644 SOURCES/0101-don-t-ignore-const.patch create mode 100644 SOURCES/0102-don-t-use-int-for-efi-status.patch create mode 100644 SOURCES/0103-make-GRUB_MOD_INIT-declare-its-function-prototypes.patch create mode 100644 SOURCES/0104-editenv-handle-relative-symlinks.patch create mode 100644 SOURCES/0105-Make-libgrub.pp-depend-on-config-util.h.patch create mode 100644 SOURCES/0106-Don-t-guess-boot-efi-as-HFS-on-ppc-machines-in-grub-.patch create mode 100644 SOURCES/0107-20_linux_xen-load-xen-or-multiboot-2-modules-as-need.patch create mode 100644 SOURCES/0108-Make-pmtimer-tsc-calibration-not-take-51-seconds-to-.patch create mode 100644 SOURCES/0109-align-struct-efi_variable-better.patch create mode 100644 SOURCES/0110-Add-quicksort-implementation.patch create mode 100644 SOURCES/0111-Add-blscfg-command-support-to-parse-BootLoaderSpec-c.patch create mode 100644 SOURCES/0112-Add-BLS-support-to-grub-mkconfig.patch create mode 100644 SOURCES/0113-Remove-duplicated-grub_exit-definition-for-grub-emu-.patch create mode 100644 SOURCES/0114-Don-t-attempt-to-backtrace-on-grub_abort-for-grub-em.patch create mode 100644 SOURCES/0115-Enable-blscfg-command-for-the-emu-platform.patch create mode 100644 SOURCES/0116-Add-linux-and-initrd-commands-for-grub-emu.patch create mode 100644 SOURCES/0117-Fix-the-efidir-in-grub-setpassword.patch create mode 100644 SOURCES/0118-Add-grub2-switch-to-blscfg.patch create mode 100644 SOURCES/0119-Add-grub_debug_enabled.patch create mode 100644 SOURCES/0120-make-better-backtraces.patch create mode 100644 SOURCES/0121-normal-don-t-draw-our-startup-message-if-debug-is-se.patch create mode 100644 SOURCES/0122-Work-around-some-minor-include-path-weirdnesses.patch create mode 100644 SOURCES/0123-Make-it-possible-to-enabled-build-id-sha1.patch create mode 100644 SOURCES/0124-Add-grub_qdprintf-grub_dprintf-without-the-file-line.patch create mode 100644 SOURCES/0125-Make-a-gdb-dprintf-that-tells-us-load-addresses.patch create mode 100644 SOURCES/0126-Only-attempt-to-scan-different-BLS-directories-on-EF.patch create mode 100644 SOURCES/0127-Core-TPM-support.patch create mode 100644 SOURCES/0128-Measure-kernel-initrd.patch create mode 100644 SOURCES/0129-Add-BIOS-boot-measurement.patch create mode 100644 SOURCES/0130-Measure-kernel-and-initrd-on-BIOS-systems.patch create mode 100644 SOURCES/0131-Measure-the-kernel-commandline.patch create mode 100644 SOURCES/0132-Measure-commands.patch create mode 100644 SOURCES/0133-Measure-multiboot-images-and-modules.patch create mode 100644 SOURCES/0134-Fix-boot-when-there-s-no-TPM.patch create mode 100644 SOURCES/0135-Rework-TPM-measurements.patch create mode 100644 SOURCES/0136-Fix-event-log-prefix.patch create mode 100644 SOURCES/0137-Set-the-first-boot-menu-entry-as-default-when-using-.patch create mode 100644 SOURCES/0138-tpm-fix-warnings-when-compiling-for-platforms-other-.patch create mode 100644 SOURCES/0139-Make-TPM-errors-less-fatal.patch create mode 100644 SOURCES/0140-blscfg-handle-multiple-initramfs-images.patch create mode 100644 SOURCES/0141-BLS-Fix-grub2-switch-to-blscfg-on-non-EFI-machines.patch create mode 100644 SOURCES/0142-BLS-Use-etcdefaultgrub-instead-of-etc.patch create mode 100644 SOURCES/0143-Add-missing-options-to-grub2-switch-to-blscfg-man-pa.patch create mode 100644 SOURCES/0144-Make-grub2-switch-to-blscfg-to-generate-debug-BLS-wh.patch create mode 100644 SOURCES/0145-Make-grub2-switch-to-blscfg-to-generate-BLS-fragment.patch create mode 100644 SOURCES/0146-Only-attempt-to-query-dev-mounted-in-boot-efi-as-boo.patch create mode 100644 SOURCES/0147-Include-OSTree-path-when-searching-kernels-images-if.patch create mode 100644 SOURCES/0148-Use-BLS-version-field-to-compare-entries-if-id-field.patch create mode 100644 SOURCES/0149-Add-version-field-to-BLS-generated-by-grub2-switch-t.patch create mode 100644 SOURCES/0150-Fixup-for-newer-compiler.patch create mode 100644 SOURCES/0151-Don-t-attempt-to-export-the-start-and-_start-symbols.patch create mode 100644 SOURCES/0152-Simplify-BLS-entry-key-val-pairs-lookup.patch create mode 100644 SOURCES/0153-Add-relative-path-to-the-kernel-and-initrds-BLS-fiel.patch create mode 100644 SOURCES/0154-Skip-leading-spaces-on-BLS-field-values.patch create mode 100644 SOURCES/0155-Fixup-for-newer-compiler.patch create mode 100644 SOURCES/0156-TPM-Fix-hash_log_extend_event-function-prototype.patch create mode 100644 SOURCES/0157-TPM-Fix-compiler-warnings.patch create mode 100644 SOURCES/0158-grub-switch-to-blscfg.in-get-rid-of-a-bunch-of-bashi.patch create mode 100644 SOURCES/0159-grub-switch-to-blscfg.in-Better-boot-prefix-checking.patch create mode 100644 SOURCES/0160-Use-boot-loader-entries-as-BLS-directory-path-also-o.patch create mode 100644 SOURCES/0161-Use-BLS-fragment-filename-as-menu-entry-id-and-for-c.patch create mode 100644 SOURCES/0162-Fix-grub-switch-to-blscfg-boot-prefix-handling.patch create mode 100644 SOURCES/0163-Revert-trim-arp-packets-with-abnormal-size.patch create mode 100644 SOURCES/0164-Use-xid-to-match-DHCP-replies.patch create mode 100644 SOURCES/0165-Add-support-for-non-Ethernet-network-cards.patch create mode 100644 SOURCES/0166-misc-fix-invalid-character-recongition-in-strto-l.patch create mode 100644 SOURCES/0167-net-read-bracketed-ipv6-addrs-and-port-numbers.patch create mode 100644 SOURCES/0168-net-read-bracketed-ipv6-addrs-and-port-numbers-pjone.patch create mode 100644 SOURCES/0169-bootp-New-net_bootp6-command.patch create mode 100644 SOURCES/0170-Put-back-our-code-to-add-a-local-route.patch create mode 100644 SOURCES/0171-efinet-UEFI-IPv6-PXE-support.patch create mode 100644 SOURCES/0172-grub.texi-Add-net_bootp6-doument.patch create mode 100644 SOURCES/0173-bootp-Add-processing-DHCPACK-packet-from-HTTP-Boot.patch create mode 100644 SOURCES/0174-efinet-Setting-network-from-UEFI-device-path.patch create mode 100644 SOURCES/0175-efinet-Setting-DNS-server-from-UEFI-protocol.patch create mode 100644 SOURCES/0176-Fix-one-more-coverity-complaint.patch create mode 100644 SOURCES/0177-Fix-grub_net_hwaddr_to_str.patch create mode 100644 SOURCES/0178-Support-UEFI-networking-protocols.patch create mode 100644 SOURCES/0179-AUDIT-0-http-boot-tracker-bug.patch create mode 100644 SOURCES/0180-grub-core-video-efi_gop.c-Add-support-for-BLT_ONLY-a.patch create mode 100644 SOURCES/0181-efi-uga-use-64-bit-for-fb_base.patch create mode 100644 SOURCES/0182-EFI-console-Do-not-set-text-mode-until-we-actually-n.patch create mode 100644 SOURCES/0183-EFI-console-Add-grub_console_read_key_stroke-helper-.patch create mode 100644 SOURCES/0184-EFI-console-Implement-getkeystatus-support.patch create mode 100644 SOURCES/0185-Make-grub_getkeystatus-helper-funtion-available-ever.patch create mode 100644 SOURCES/0186-Accept-ESC-F8-and-holding-SHIFT-as-user-interrupt-ke.patch create mode 100644 SOURCES/0187-grub-editenv-Add-incr-command-to-increment-integer-v.patch create mode 100644 SOURCES/0188-Add-auto-hide-menu-support.patch create mode 100644 SOURCES/0189-Output-a-menu-entry-for-firmware-setup-on-UEFI-FastB.patch create mode 100644 SOURCES/0190-Add-grub-set-bootflag-utility.patch create mode 100644 SOURCES/0191-Fix-grub-setpassword-o-s-output-path.patch create mode 100644 SOURCES/0192-Make-grub-set-password-be-named-like-all-the-other-g.patch create mode 100644 SOURCES/0193-docs-Add-grub-boot-indeterminate.service-example.patch create mode 100644 SOURCES/0194-00_menu_auto_hide-Use-a-timeout-of-60s-for-menu_show.patch create mode 100644 SOURCES/0195-00_menu_auto_hide-Reduce-number-of-save_env-calls.patch create mode 100644 SOURCES/0196-30_uefi-firmware-fix-use-with-sys-firmware-efi-efiva.patch create mode 100644 SOURCES/0197-gentpl-add-disable-support.patch create mode 100644 SOURCES/0198-gentpl-add-pc-firmware-type.patch create mode 100644 SOURCES/0199-blscfg-remove-unused-typedef.patch create mode 100644 SOURCES/0200-blscfg-don-t-dynamically-allocate-default_blsdir.patch create mode 100644 SOURCES/0201-blscfg-sort-BLS-entries-by-version-field.patch create mode 100644 SOURCES/0202-blscfg-remove-NULL-guards-around-grub_free.patch create mode 100644 SOURCES/0203-blscfg-fix-filename-in-no-linux-key-error.patch create mode 100644 SOURCES/0204-blscfg-don-t-leak-bls_entry.filename.patch create mode 100644 SOURCES/0205-blscfg-fix-compilation-on-EFI-and-EMU.patch create mode 100644 SOURCES/0206-Add-loadenv-to-blscfg-and-loadenv-source-file-list.patch create mode 100644 SOURCES/0207-blscfg-Get-rid-of-the-linuxefi-linux16-linux-distinc.patch create mode 100644 SOURCES/0208-grub-switch-to-blscfg-Only-fix-boot-prefix-for-non-g.patch create mode 100644 SOURCES/0209-blscfg-Expand-the-BLS-options-field-instead-of-showi.patch create mode 100644 SOURCES/0210-blscfg-Fallback-to-search-BLS-snippets-in-boot-loade.patch create mode 100644 SOURCES/0211-blscfg-Don-t-attempt-to-sort-by-version-if-not-prese.patch create mode 100644 SOURCES/0212-blscfg-remove-logic-to-read-the-grubenv-file-and-set.patch create mode 100644 SOURCES/0213-Rename-00_menu_auto_hide.in-to-01_menu_auto_hide.in.patch create mode 100644 SOURCES/0214-efinet-also-use-the-firmware-acceleration-for-http.patch create mode 100644 SOURCES/0215-efi-http-Make-root_url-reflect-the-protocol-hostname.patch create mode 100644 SOURCES/0216-Force-everything-to-use-python3.patch create mode 100644 SOURCES/0217-Fix-an-8-year-old-typo.patch create mode 100644 SOURCES/0218-autogen-don-t-run-autoreconf-in-the-topdir.patch create mode 100644 SOURCES/0219-Make-it-so-we-can-tell-configure-which-cflags-utils-.patch create mode 100644 SOURCES/0220-module-verifier-make-it-possible-to-run-checkers-on-.patch create mode 100644 SOURCES/0221-grub-module-verifier-report-the-filename-or-modname-.patch create mode 100644 SOURCES/0222-Make-efi_netfs-not-duplicate-symbols-from-efinet.patch create mode 100644 SOURCES/0223-Rework-how-the-fdt-command-builds.patch create mode 100644 SOURCES/0224-Disable-non-wordsize-allocations-on-arm.patch create mode 100644 SOURCES/0225-strip-R-.note.gnu.property-at-more-places.patch create mode 100644 SOURCES/0226-Prepend-prefix-when-HTTP-path-is-relative.patch create mode 100644 SOURCES/0227-Make-linux_arm_kernel_header.hdr_offset-be-at-the-ri.patch create mode 100644 SOURCES/0228-Mark-some-unused-stuff-unused.patch create mode 100644 SOURCES/0229-Make-grub_error-more-verbose.patch create mode 100644 SOURCES/0230-arm-arm64-loader-Better-memory-allocation-and-error-.patch create mode 100644 SOURCES/0231-drop-TPM-support-for-legacy-BIOS.patch create mode 100644 SOURCES/0232-Move-quicksort-function-from-kernel.exec-to-the-blsc.patch create mode 100644 SOURCES/0233-Include-blscfg-module-for-powerpc-ieee1275.patch create mode 100644 SOURCES/0234-grub-switch-to-blscfg-copy-blscfg-module-for-legacy-.patch create mode 100644 SOURCES/0235-Fix-getroot.c-s-trampolines.patch create mode 100644 SOURCES/0236-add-10_linux_bls-grub.d-snippet-to-generate-menu-ent.patch create mode 100644 SOURCES/0237-Only-set-kernelopts-in-grubenv-if-it-wasn-t-set-befo.patch create mode 100644 SOURCES/0238-blscfg-don-t-include-.conf-at-the-end-of-our-id.patch create mode 100644 SOURCES/0239-grub-get-kernel-settings-expose-some-more-config-var.patch create mode 100644 SOURCES/0240-blscfg-sort-everything-with-rpm-package-comparison.patch create mode 100644 SOURCES/0241-10_linux_bls-use-grub2-rpm-sort-instead-of-ls-vr-to-.patch create mode 100644 SOURCES/0242-don-t-set-saved_entry-on-grub2-mkconfig.patch create mode 100644 SOURCES/0243-grub-switch-to-blscfg-use-debug-instead-of-debug-as-.patch create mode 100644 SOURCES/0244-Make-blscfg-debug-messages-more-useful.patch create mode 100644 SOURCES/0245-Make-grub_strtoul-end-pointer-have-the-right-constif.patch create mode 100644 SOURCES/0246-Fix-menu-entry-selection-based-on-ID-and-title.patch create mode 100644 SOURCES/0247-Remove-quotes-when-reading-ID-value-from-etc-os-rele.patch create mode 100644 SOURCES/0248-blscfg-expand-grub_users-before-passing-to-grub_norm.patch create mode 100644 SOURCES/0249-Make-the-menu-entry-users-option-argument-to-be-opti.patch create mode 100644 SOURCES/0250-10_linux_bls-add-missing-menu-entries-options.patch create mode 100644 SOURCES/0251-Fix-menu-entry-selection-based-on-title.patch create mode 100644 SOURCES/0252-BLS-files-should-only-be-copied-by-grub-switch-to-bl.patch create mode 100644 SOURCES/0253-Fix-get_entry_number-wrongly-dereferencing-the-tail-.patch create mode 100644 SOURCES/0254-Make-grub2-mkconfig-to-honour-GRUB_CMDLINE_LINUX-in-.patch create mode 100644 SOURCES/0255-grub-boot-success.timer-Add-a-few-Conditions-for-run.patch create mode 100644 SOURCES/0256-docs-Stop-using-polkit-pkexec-for-grub-boot-success..patch create mode 100644 SOURCES/0257-Fix-the-looking-up-grub.cfg-XXX-while-tftp-booting.patch create mode 100644 SOURCES/0258-HTTP-boot-strncmp-returns-0-on-equal.patch create mode 100644 SOURCES/0259-Don-t-duplicate-net-name-string-if-not-needed.patch create mode 100644 SOURCES/0260-Try-to-set-fPIE-and-friends-on-libgnu.a.patch create mode 100644 SOURCES/0261-blscfg-fallback-to-default_kernelopts-if-BLS-option-.patch create mode 100644 SOURCES/0262-Remove-bogus-load_env-after-blscfg-command-in-10_lin.patch create mode 100644 SOURCES/0263-10_linux_bls-use-to-separate-id-argument-due-a-Petit.patch create mode 100644 SOURCES/0264-10_linux_bls-don-t-add-users-option-to-generated-men.patch create mode 100644 SOURCES/0265-grub-set-bootflag-Update-comment-about-running-as-ro.patch create mode 100644 SOURCES/0266-grub-set-bootflag-Write-new-env-to-tmpfile-and-then-.patch create mode 100644 SOURCES/0267-Fix-PRIxGRUB_EFI_STATUS-definition.patch create mode 100644 SOURCES/0268-TPM-Print-messages-if-measuraments-fail-as-debug-ins.patch create mode 100644 SOURCES/0269-unix-platform-Initialize-variable-to-fix-grub-instal.patch create mode 100644 SOURCES/0270-blscfg-add-a-space-char-when-appending-fields-for-va.patch create mode 100644 SOURCES/0271-efi-http-Export-fw-http-_path-variables-to-make-them.patch create mode 100644 SOURCES/0272-efi-http-Enclose-literal-IPv6-addresses-in-square-br.patch create mode 100644 SOURCES/0273-efi-net-Allow-to-specify-a-port-number-in-addresses.patch create mode 100644 SOURCES/0274-efi-ip4_config-Improve-check-to-detect-literal-IPv6-.patch create mode 100644 SOURCES/0275-efi-net-Print-a-debug-message-if-parsing-the-address.patch create mode 100644 SOURCES/0276-efi-Set-image-base-address-before-jumping-to-the-PE-.patch create mode 100644 SOURCES/0277-envblk-Fix-buffer-overrun-when-attempting-to-shrink-.patch create mode 100644 SOURCES/0278-Reimplement-boot_counter.patch create mode 100644 SOURCES/0279-grub.d-Split-out-boot-success-reset-from-menu-auto-h.patch create mode 100644 SOURCES/0280-grub.d-Fix-boot_indeterminate-getting-set-on-boot_su.patch create mode 100644 SOURCES/0281-yylex-Make-lexer-fatal-errors-actually-be-fatal.patch create mode 100644 SOURCES/0282-safemath-Add-some-arithmetic-primitives-that-check-f.patch create mode 100644 SOURCES/0283-calloc-Make-sure-we-always-have-an-overflow-checking.patch create mode 100644 SOURCES/0284-calloc-Use-calloc-at-most-places.patch create mode 100644 SOURCES/0285-malloc-Use-overflow-checking-primitives-where-we-do-.patch create mode 100644 SOURCES/0286-iso9660-Don-t-leak-memory-on-realloc-failures.patch create mode 100644 SOURCES/0287-font-Do-not-load-more-than-one-NAME-section.patch create mode 100644 SOURCES/0288-gfxmenu-Fix-double-free-in-load_image.patch create mode 100644 SOURCES/0289-xnu-Fix-double-free-in-grub_xnu_devprop_add_property.patch create mode 100644 SOURCES/0290-lzma-Make-sure-we-don-t-dereference-past-array.patch create mode 100644 SOURCES/0291-term-Fix-overflow-on-user-inputs.patch create mode 100644 SOURCES/0292-udf-Fix-memory-leak.patch create mode 100644 SOURCES/0293-multiboot2-Fix-memory-leak-if-grub_create_loader_cmd.patch create mode 100644 SOURCES/0294-tftp-Do-not-use-priority-queue.patch create mode 100644 SOURCES/0295-relocator-Protect-grub_relocator_alloc_chunk_addr-in.patch create mode 100644 SOURCES/0296-relocator-Protect-grub_relocator_alloc_chunk_align-m.patch create mode 100644 SOURCES/0297-script-Remove-unused-fields-from-grub_script_functio.patch create mode 100644 SOURCES/0298-script-Avoid-a-use-after-free-when-redefining-a-func.patch create mode 100644 SOURCES/0299-relocator-Fix-grub_relocator_alloc_chunk_align-top-m.patch create mode 100644 SOURCES/0300-hfsplus-fix-two-more-overflows.patch create mode 100644 SOURCES/0301-lvm-fix-two-more-potential-data-dependent-alloc-over.patch create mode 100644 SOURCES/0302-emu-make-grub_free-NULL-safe.patch create mode 100644 SOURCES/0303-efi-fix-some-malformed-device-path-arithmetic-errors.patch create mode 100644 SOURCES/0304-Fix-a-regression-caused-by-efi-fix-some-malformed-de.patch create mode 100644 SOURCES/0305-update-safemath-with-fallback-code-for-gcc-older-tha.patch create mode 100644 SOURCES/0306-efi-Fix-use-after-free-in-halt-reboot-path.patch create mode 100644 SOURCES/0307-efi-dhcp-fix-some-allocation-error-checking.patch create mode 100644 SOURCES/0308-efi-http-fix-some-allocation-error-checking.patch create mode 100644 SOURCES/0309-efi-ip-46-_config.c-fix-some-potential-allocation-ov.patch create mode 100644 SOURCES/0310-Fix-up-some-types-for-gcc-4.8-compat-safemath.h.patch create mode 100644 SOURCES/0311-efilinux-Fix-integer-overflows-in-grub_cmd_initrd.patch create mode 100644 SOURCES/0312-linux-loader-avoid-overflow-on-initrd-size-calculati.patch create mode 100644 SOURCES/0313-linuxefi-fail-kernel-validation-without-shim-protoco.patch create mode 100644 SOURCES/0314-linux-Fix-integer-overflows-in-initrd-size-handling.patch create mode 100644 SOURCES/0315-blscfg-Always-look-for-BLS-snippets-in-the-root-devi.patch create mode 100644 SOURCES/0316-blscfg-Don-t-hardcode-an-env-var-as-fallback-for-the.patch create mode 100644 SOURCES/0317-tftp-roll-over-block-counter-to-prevent-timeouts-wit.patch create mode 100644 SOURCES/0318-at_keyboard-use-set-1-when-keyboard-is-in-Translate-.patch create mode 100644 SOURCES/0319-grub-install-disable-support-for-EFI-platforms.patch create mode 100644 SOURCES/0320-New-with-debug-timestamps-configure-flag-to-prepend-.patch create mode 100644 SOURCES/0321-Added-debug-statements-to-grub_disk_open-and-grub_di.patch create mode 100644 SOURCES/0322-Introduce-function-grub_debug_is_enabled-void-return.patch create mode 100644 SOURCES/0323-Don-t-clear-screen-when-debugging-is-enabled.patch create mode 100644 SOURCES/0324-grub_file_-instrumentation-new-file-debug-tag.patch create mode 100644 SOURCES/0325-ieee1275-Avoiding-many-unecessary-open-close.patch create mode 100644 SOURCES/0326-ieee1275-powerpc-implements-fibre-channel-discovery-.patch create mode 100644 SOURCES/0327-ieee1275-powerpc-enables-device-mapper-discovery.patch create mode 100644 SOURCES/0328-Add-at_keyboard_fallback_set-var-to-force-the-set-ma.patch create mode 100644 SOURCES/0329-bufio-Use-grub_size_t-instead-of-plain-int-for-size.patch create mode 100644 SOURCES/0330-verifiers-File-type-for-fine-grained-signature-verif.patch create mode 100644 SOURCES/0331-verifiers-Framework-core.patch create mode 100644 SOURCES/0332-verifiers-Add-possibility-to-verify-kernel-and-modul.patch create mode 100644 SOURCES/0333-verifiers-Add-possibility-to-defer-verification-to-o.patch create mode 100644 SOURCES/0334-verifiers-Rename-verify-module-to-pgp-module.patch create mode 100644 SOURCES/0335-pgp-Fix-emu-build-and-tests-after-pgp-module-renamin.patch create mode 100644 SOURCES/0336-include-grub-file.h-Add-device-tree-file-type.patch create mode 100644 SOURCES/0337-grub-core-loader-efi-fdt.c-Fixup-grub_file_open-call.patch create mode 100644 SOURCES/0338-arm64-efi-Fix-breakage-caused-by-verifiers.patch create mode 100644 SOURCES/0339-arm-uboot-ia64-sparc64-Fix-up-grub_file_open-calls.patch create mode 100644 SOURCES/0340-verifiers-fix-double-close-on-pgp-s-sig-file-descrip.patch create mode 100644 SOURCES/0341-verifiers-Xen-fallout-cleanup.patch create mode 100644 SOURCES/0342-verifiers-ARM-Xen-fallout-cleanup.patch create mode 100644 SOURCES/0343-verifiers-IA-64-fallout-cleanup.patch create mode 100644 SOURCES/0344-verifiers-PowerPC-fallout-cleanup.patch create mode 100644 SOURCES/0345-verifiers-MIPS-fallout-cleanup.patch create mode 100644 SOURCES/0346-verifiers-Fix-calling-uninitialized-function-pointer.patch create mode 100644 SOURCES/0347-rhel-extra-file-type-fixes.patch create mode 100644 SOURCES/0348-dl-Add-support-for-persistent-modules.patch create mode 100644 SOURCES/0349-Add-suport-for-signing-grub-with-an-appended-signatu.patch create mode 100644 SOURCES/0350-docs-grub-Document-signing-grub-under-UEFI.patch create mode 100644 SOURCES/0351-docs-grub-Document-signing-grub-with-an-appended-sig.patch create mode 100644 SOURCES/0352-docs-grub-grub-install-is-no-longer-a-shell-script.patch create mode 100644 SOURCES/0353-docs-grub-pubkey-has-been-supported-for-some-time.patch create mode 100644 SOURCES/0354-dl-provide-a-fake-grub_dl_set_persistent-for-the-emu.patch create mode 100644 SOURCES/0355-verifiers-provide-unsafe-module-list.patch create mode 100644 SOURCES/0356-pgp-factor-out-rsa_pad.patch create mode 100644 SOURCES/0357-crypto-move-storage-for-grub_crypto_pk_-to-crypto.c.patch create mode 100644 SOURCES/0358-posix_wrap-tweaks-in-preparation-for-libtasn1.patch create mode 100644 SOURCES/0359-libtasn1-import-libtasn1-4.16.0.patch create mode 100644 SOURCES/0360-libtasn1-disable-code-not-needed-in-grub.patch create mode 100644 SOURCES/0361-libtasn1-changes-for-grub-compatibility.patch create mode 100644 SOURCES/0362-libtasn1-compile-into-asn1-module.patch create mode 100644 SOURCES/0363-test_asn1-test-module-for-libtasn1.patch create mode 100644 SOURCES/0364-grub-install-support-embedding-x509-certificates.patch create mode 100644 SOURCES/0365-appended-signatures-import-GNUTLS-s-ASN.1-descriptio.patch create mode 100644 SOURCES/0366-appended-signatures-parse-PKCS-7-signedData-and-X.50.patch create mode 100644 SOURCES/0367-appended-signatures-support-verifying-appended-signa.patch create mode 100644 SOURCES/0368-appended-signatures-verification-tests.patch create mode 100644 SOURCES/0369-appended-signatures-documentation.patch create mode 100644 SOURCES/0370-ieee1275-link-appended-signature-enforcement-to-ibm-.patch create mode 100644 SOURCES/0371-include-grub-verify.h-Add-include-guard.patch create mode 100644 SOURCES/0372-arm64-xen-Fix-too-few-arguments-to-function-grub_cre.patch create mode 100644 SOURCES/0373-kern-Add-lockdown-support.patch create mode 100644 SOURCES/0374-kern-lockdown-Set-a-variable-if-the-GRUB-is-locked-d.patch create mode 100644 SOURCES/0375-efi-Lockdown-the-GRUB-when-the-UEFI-Secure-Boot-is-e.patch create mode 100644 SOURCES/0376-efi-Use-grub_is_lockdown-instead-of-hardcoding-a-dis.patch create mode 100644 SOURCES/0377-acpi-Don-t-register-the-acpi-command-when-locked-dow.patch create mode 100644 SOURCES/0378-mmap-Don-t-register-cutmem-and-badram-commands-when-.patch create mode 100644 SOURCES/0379-commands-Restrict-commands-that-can-load-BIOS-or-DT-.patch create mode 100644 SOURCES/0380-commands-setpci-Restrict-setpci-command-when-locked-.patch create mode 100644 SOURCES/0381-commands-hdparm-Restrict-hdparm-command-when-locked-.patch create mode 100644 SOURCES/0382-gdb-Restrict-GDB-access-when-locked-down.patch create mode 100644 SOURCES/0383-loader-xnu-Don-t-allow-loading-extension-and-package.patch create mode 100644 SOURCES/0384-docs-Document-the-cutmem-command.patch create mode 100644 SOURCES/0385-dl-Only-allow-unloading-modules-that-are-not-depende.patch create mode 100644 SOURCES/0386-usb-Avoid-possible-out-of-bound-accesses-caused-by-m.patch create mode 100644 SOURCES/0387-mmap-Fix-memory-leak-when-iterating-over-mapped-memo.patch create mode 100644 SOURCES/0388-net-net-Fix-possible-dereference-to-of-a-NULL-pointe.patch create mode 100644 SOURCES/0389-net-tftp-Fix-dangling-memory-pointer.patch create mode 100644 SOURCES/0390-kern-parser-Fix-resource-leak-if-argc-0.patch create mode 100644 SOURCES/0391-kern-efi-Fix-memory-leak-on-failure.patch create mode 100644 SOURCES/0392-kern-efi-mm-Fix-possible-NULL-pointer-dereference.patch create mode 100644 SOURCES/0393-gnulib-regexec-Resolve-unused-variable.patch create mode 100644 SOURCES/0394-gnulib-regcomp-Fix-uninitialized-token-structure.patch create mode 100644 SOURCES/0395-gnulib-argp-help-Fix-dereference-of-a-possibly-NULL-.patch create mode 100644 SOURCES/0396-gnulib-regexec-Fix-possible-null-dereference.patch create mode 100644 SOURCES/0397-gnulib-regcomp-Fix-uninitialized-re_token.patch create mode 100644 SOURCES/0398-io-lzopio-Resolve-unnecessary-self-assignment-errors.patch create mode 100644 SOURCES/0399-kern-partition-Check-for-NULL-before-dereferencing-i.patch create mode 100644 SOURCES/0400-disk-ldm-Make-sure-comp-data-is-freed-before-exiting.patch create mode 100644 SOURCES/0401-disk-ldm-If-failed-then-free-vg-variable-too.patch create mode 100644 SOURCES/0402-disk-ldm-Fix-memory-leak-on-uninserted-lv-references.patch create mode 100644 SOURCES/0403-disk-cryptodisk-Fix-potential-integer-overflow.patch create mode 100644 SOURCES/0404-hfsplus-Check-that-the-volume-name-length-is-valid.patch create mode 100644 SOURCES/0405-zfs-Fix-possible-negative-shift-operation.patch create mode 100644 SOURCES/0406-zfs-Fix-resource-leaks-while-constructing-path.patch create mode 100644 SOURCES/0407-zfs-Fix-possible-integer-overflows.patch create mode 100644 SOURCES/0408-zfsinfo-Correct-a-check-for-error-allocating-memory.patch create mode 100644 SOURCES/0409-affs-Fix-memory-leaks.patch create mode 100644 SOURCES/0410-libgcrypt-mpi-Fix-possible-unintended-sign-extension.patch create mode 100644 SOURCES/0411-libgcrypt-mpi-Fix-possible-NULL-dereference.patch create mode 100644 SOURCES/0412-syslinux-Fix-memory-leak-while-parsing.patch create mode 100644 SOURCES/0413-normal-completion-Fix-leaking-of-memory-when-process.patch create mode 100644 SOURCES/0414-commands-hashsum-Fix-a-memory-leak.patch create mode 100644 SOURCES/0415-video-efi_gop-Remove-unnecessary-return-value-of-gru.patch create mode 100644 SOURCES/0416-video-fb-fbfill-Fix-potential-integer-overflow.patch create mode 100644 SOURCES/0417-video-fb-video_fb-Fix-multiple-integer-overflows.patch create mode 100644 SOURCES/0418-video-fb-video_fb-Fix-possible-integer-overflow.patch create mode 100644 SOURCES/0419-video-readers-jpeg-Test-for-an-invalid-next-marker-r.patch create mode 100644 SOURCES/0420-gfxmenu-gui_list-Remove-code-that-coverity-is-flaggi.patch create mode 100644 SOURCES/0421-loader-bsd-Check-for-NULL-arg-up-front.patch create mode 100644 SOURCES/0422-loader-xnu-Fix-memory-leak.patch create mode 100644 SOURCES/0423-loader-xnu-Free-driverkey-data-when-an-error-is-dete.patch create mode 100644 SOURCES/0424-loader-xnu-Check-if-pointer-is-NULL-before-using-it.patch create mode 100644 SOURCES/0425-util-grub-editenv-Fix-incorrect-casting-of-a-signed-.patch create mode 100644 SOURCES/0426-util-glue-efi-Fix-incorrect-use-of-a-possibly-negati.patch create mode 100644 SOURCES/0427-script-execute-Fix-NULL-dereference-in-grub_script_e.patch create mode 100644 SOURCES/0428-commands-ls-Require-device_name-is-not-NULL-before-p.patch create mode 100644 SOURCES/0429-script-execute-Avoid-crash-when-using-outside-a-func.patch create mode 100644 SOURCES/0430-lib-arg-Block-repeated-short-options-that-require-an.patch create mode 100644 SOURCES/0431-script-execute-Don-t-crash-on-a-for-loop-with-no-ite.patch create mode 100644 SOURCES/0432-commands-menuentry-Fix-quoting-in-setparams_prefix.patch create mode 100644 SOURCES/0433-kern-misc-Always-set-end-in-grub_strtoull.patch create mode 100644 SOURCES/0434-video-readers-jpeg-Catch-files-with-unsupported-quan.patch create mode 100644 SOURCES/0435-video-readers-jpeg-Catch-OOB-reads-writes-in-grub_jp.patch create mode 100644 SOURCES/0436-video-readers-jpeg-Don-t-decode-data-before-start-of.patch create mode 100644 SOURCES/0437-term-gfxterm-Don-t-set-up-a-font-with-glyphs-that-ar.patch create mode 100644 SOURCES/0438-fs-fshelp-Catch-impermissibly-large-block-sizes-in-r.patch create mode 100644 SOURCES/0439-fs-hfsplus-Don-t-fetch-a-key-beyond-the-end-of-the-n.patch create mode 100644 SOURCES/0440-fs-hfsplus-Don-t-use-uninitialized-data-on-corrupt-f.patch create mode 100644 SOURCES/0441-fs-hfs-Disable-under-lockdown.patch create mode 100644 SOURCES/0442-fs-sfs-Fix-over-read-of-root-object-name.patch create mode 100644 SOURCES/0443-fs-jfs-Do-not-move-to-leaf-level-if-name-length-is-n.patch create mode 100644 SOURCES/0444-fs-jfs-Limit-the-extents-that-getblk-can-consider.patch create mode 100644 SOURCES/0445-fs-jfs-Catch-infinite-recursion.patch create mode 100644 SOURCES/0446-fs-nilfs2-Reject-too-large-keys.patch create mode 100644 SOURCES/0447-fs-nilfs2-Don-t-search-children-if-provided-number-i.patch create mode 100644 SOURCES/0448-fs-nilfs2-Properly-bail-on-errors-in-grub_nilfs2_btr.patch create mode 100644 SOURCES/0449-io-gzio-Bail-if-gzio-tl-td-is-NULL.patch create mode 100644 SOURCES/0450-io-gzio-Add-init_dynamic_block-clean-up-if-unpacking.patch create mode 100644 SOURCES/0451-io-gzio-Catch-missing-values-in-huft_build-and-bail.patch create mode 100644 SOURCES/0452-io-gzio-Zero-gzio-tl-td-in-init_dynamic_block-if-huf.patch create mode 100644 SOURCES/0453-disk-lvm-Don-t-go-beyond-the-end-of-the-data-we-read.patch create mode 100644 SOURCES/0454-disk-lvm-Don-t-blast-past-the-end-of-the-circular-me.patch create mode 100644 SOURCES/0455-disk-lvm-Bail-on-missing-PV-list.patch create mode 100644 SOURCES/0456-disk-lvm-Do-not-crash-if-an-expected-string-is-not-f.patch create mode 100644 SOURCES/0457-disk-lvm-Do-not-overread-metadata.patch create mode 100644 SOURCES/0458-disk-lvm-Sanitize-rlocn-offset-to-prevent-wild-read.patch create mode 100644 SOURCES/0459-disk-lvm-Do-not-allow-a-LV-to-be-it-s-own-segment-s-.patch create mode 100644 SOURCES/0460-kern-parser-Fix-a-memory-leak.patch create mode 100644 SOURCES/0461-kern-parser-Introduce-process_char-helper.patch create mode 100644 SOURCES/0462-kern-parser-Introduce-terminate_arg-helper.patch create mode 100644 SOURCES/0463-kern-parser-Refactor-grub_parser_split_cmdline-clean.patch create mode 100644 SOURCES/0464-kern-buffer-Add-variable-sized-heap-buffer.patch create mode 100644 SOURCES/0465-kern-parser-Fix-a-stack-buffer-overflow.patch create mode 100644 SOURCES/0466-kern-efi-Add-initial-stack-protector-implementation.patch create mode 100644 SOURCES/0467-util-mkimage-Remove-unused-code-to-add-BSS-section.patch create mode 100644 SOURCES/0468-util-mkimage-Use-grub_host_to_target32-instead-of-gr.patch create mode 100644 SOURCES/0469-util-mkimage-Always-use-grub_host_to_target32-to-ini.patch create mode 100644 SOURCES/0470-util-mkimage-Unify-more-of-the-PE32-and-PE32-header-.patch create mode 100644 SOURCES/0471-util-mkimage-Reorder-PE-optional-header-fields-set-u.patch create mode 100644 SOURCES/0472-util-mkimage-Improve-data_size-value-calculation.patch create mode 100644 SOURCES/0473-util-mkimage-Refactor-section-setup-to-use-a-helper.patch create mode 100644 SOURCES/0474-util-mkimage-Add-an-option-to-import-SBAT-metadata-i.patch create mode 100644 SOURCES/0475-kern-misc-Split-parse_printf_args-into-format-parsin.patch create mode 100644 SOURCES/0476-kern-misc-Add-STRING-type-for-internal-printf-format.patch create mode 100644 SOURCES/0477-kern-misc-Add-function-to-check-printf-format-agains.patch create mode 100644 SOURCES/0478-gfxmenu-gui-Check-printf-format-in-the-gui_progress_.patch create mode 100644 SOURCES/0479-kern-mm-Fix-grub_debug_calloc-compilation-error.patch create mode 100644 SOURCES/0480-efi-net-Fix-malformed-device-path-arithmetic-errors-.patch create mode 100644 SOURCES/0481-ieee1275-drop-HEAP_MAX_ADDR-HEAP_MIN_SIZE.patch create mode 100644 SOURCES/0482-ieee1275-claim-more-memory.patch create mode 100644 SOURCES/0483-ieee1275-request-memory-with-ibm-client-architecture.patch create mode 100644 SOURCES/0484-appendedsig-x509-Also-handle-the-Extended-Key-Usage-.patch create mode 100644 SOURCES/0485-ieee1275-ofdisk-retry-on-open-failure.patch create mode 100644 SOURCES/0486-normal-main-Discover-the-device-to-read-the-config-f.patch create mode 100644 SOURCES/0487-powerpc-adjust-setting-of-prefix-for-signed-binary-c.patch create mode 100644 SOURCES/0488-powerpc-fix-prefix-signed-grub-special-case-for-Powe.patch create mode 100644 SOURCES/0489-grub-mkconfig-restore-umask-for-grub.cfg.patch create mode 100644 SOURCES/0490-efinet-Add-DHCP-proxy-support.patch create mode 100644 SOURCES/0491-at_keyboard-Fix-unreliable-key-presses.patch create mode 100644 SOURCES/0492-commands-search-Fix-bug-stopping-iteration-when-no-f.patch create mode 100644 SOURCES/0493-search-new-efidisk-only-option-on-EFI-systems.patch create mode 100644 SOURCES/0494-efi-new-connectefi-command.patch create mode 100644 SOURCES/0495-Try-to-pick-better-locations-for-kernel-and-initrd.patch create mode 100644 SOURCES/0496-x86-efi-Use-bounce-buffers-for-reading-to-addresses-.patch create mode 100644 SOURCES/0497-x86-efi-Re-arrange-grub_cmd_linux-a-little-bit.patch create mode 100644 SOURCES/0498-x86-efi-Make-our-own-allocator-for-kernel-stuff.patch create mode 100644 SOURCES/0499-x86-efi-Allow-initrd-params-cmdline-allocations-abov.patch create mode 100644 SOURCES/0500-x86-efi-Reduce-maximum-bounce-buffer-size-to-16-MiB.patch create mode 100644 SOURCES/0501-ibmvtpm-Add-support-for-trusted-boot-using-a-vTPM-2..patch create mode 100644 SOURCES/0502-ibmvtpm-Backport-ibmvtpm-support-to-grub-2.02.patch create mode 100644 SOURCES/0503-powerpc-do-CAS-in-a-more-compatible-way.patch create mode 100644 SOURCES/0504-powerpc-prefix-detection-support-device-names-with-c.patch create mode 100644 SOURCES/0505-make-ofdisk_retries-optional.patch create mode 100644 SOURCES/0506-loader-efi-chainloader-grub_load_and_start_image-doe.patch create mode 100644 SOURCES/0507-loader-efi-chainloader-simplify-the-loader-state.patch create mode 100644 SOURCES/0508-commands-boot-Add-API-to-pass-context-to-loader.patch create mode 100644 SOURCES/0509-loader-efi-chainloader-Use-grub_loader_set_ex.patch create mode 100644 SOURCES/0510-loader-i386-efi-linux-Avoid-a-use-after-free-in-the-.patch create mode 100644 SOURCES/0511-loader-i386-efi-linux-Use-grub_loader_set_ex.patch create mode 100644 SOURCES/0512-loader-i386-efi-linux-Fix-a-memory-leak-in-the-initr.patch create mode 100644 SOURCES/0513-kern-file-Do-not-leak-device_name-on-error-in-grub_f.patch create mode 100644 SOURCES/0514-video-readers-png-Abort-sooner-if-a-read-operation-f.patch create mode 100644 SOURCES/0515-video-readers-png-Refuse-to-handle-multiple-image-he.patch create mode 100644 SOURCES/0516-video-readers-png-Drop-greyscale-support-to-fix-heap.patch create mode 100644 SOURCES/0517-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff-.patch create mode 100644 SOURCES/0518-video-readers-png-Sanity-check-some-huffman-codes.patch create mode 100644 SOURCES/0519-video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch create mode 100644 SOURCES/0520-video-readers-jpeg-Do-not-reallocate-a-given-huff-ta.patch create mode 100644 SOURCES/0521-video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch create mode 100644 SOURCES/0522-video-readers-jpeg-Block-int-underflow-wild-pointer-.patch create mode 100644 SOURCES/0523-normal-charset-Fix-array-out-of-bounds-formatting-un.patch create mode 100644 SOURCES/0524-net-netbuff-Block-overly-large-netbuff-allocs.patch create mode 100644 SOURCES/0525-net-ip-Do-IP-fragment-maths-safely.patch create mode 100644 SOURCES/0526-net-dns-Fix-double-free-addresses-on-corrupt-DNS-res.patch create mode 100644 SOURCES/0527-net-dns-Don-t-read-past-the-end-of-the-string-we-re-.patch create mode 100644 SOURCES/0528-net-tftp-Prevent-a-UAF-and-double-free-from-a-failed.patch create mode 100644 SOURCES/0529-misc-Format-string-for-grub_error-should-be-a-litera.patch create mode 100644 SOURCES/0530-net-tftp-Avoid-a-trivial-UAF.patch create mode 100644 SOURCES/0531-net-http-Do-not-tear-down-socket-if-it-s-already-bee.patch create mode 100644 SOURCES/0532-net-http-Fix-OOB-write-for-split-http-headers.patch create mode 100644 SOURCES/0533-net-http-Error-out-on-headers-with-LF-without-CR.patch create mode 100644 SOURCES/0534-fs-f2fs-Do-not-read-past-the-end-of-nat-journal-entr.patch create mode 100644 SOURCES/0535-fs-f2fs-Do-not-read-past-the-end-of-nat-bitmap.patch create mode 100644 SOURCES/0536-fs-f2fs-Do-not-copy-file-names-that-are-too-long.patch create mode 100644 SOURCES/0537-fs-btrfs-Fix-several-fuzz-issues-with-invalid-dir-it.patch create mode 100644 SOURCES/0538-efi-Return-grub_efi_status_t-from-grub_efi_get_varia.patch create mode 100644 SOURCES/0539-efi-Add-a-function-to-read-EFI-variables-with-attrib.patch create mode 100644 SOURCES/0540-Define-GRUB_EFI_SHIM_LOCK_GUID.patch create mode 100644 SOURCES/0541-misc-Make-grub_min-and-grub_max-more-resilient.patch create mode 100644 SOURCES/0542-ReiserFS-switch-to-using-grub_min-grub_max.patch create mode 100644 SOURCES/0543-misc-make-grub_boot_time-also-call-grub_dprintf-boot.patch create mode 100644 SOURCES/0544-modules-make-.module_license-read-only.patch create mode 100644 SOURCES/0545-modules-strip-.llvm_addrsig-sections-and-similar.patch create mode 100644 SOURCES/0546-modules-Don-t-allocate-space-for-non-allocable-secti.patch create mode 100644 SOURCES/0547-pe-add-the-DOS-header-struct-and-fix-some-bad-naming.patch create mode 100644 SOURCES/0548-EFI-allocate-kernel-in-EFI_RUNTIME_SERVICES_CODE-ins.patch create mode 100644 SOURCES/0549-modules-load-module-sections-at-page-aligned-address.patch create mode 100644 SOURCES/0550-nx-add-memory-attribute-get-set-API.patch create mode 100644 SOURCES/0551-nx-set-page-permissions-for-loaded-modules.patch create mode 100644 SOURCES/0552-nx-set-attrs-in-our-kernel-loaders.patch create mode 100644 SOURCES/0553-nx-set-the-nx-compatible-flag-in-EFI-grub-images.patch create mode 100644 SOURCES/0554-Fixup-grub_efi_get_variable-type-in-our-loaders.patch create mode 100644 SOURCES/0555-Make-debug-file-show-which-file-filters-get-run.patch create mode 100644 SOURCES/0556-efi-use-enumerated-array-positions-for-our-allocatio.patch create mode 100644 SOURCES/0557-efi-split-allocation-policy-for-kernel-vs-initrd-mem.patch create mode 100644 SOURCES/0558-efi-use-EFI_LOADER_-CODE-DATA-for-kernel-and-initrd-.patch create mode 100644 SOURCES/0559-ieee1275-implement-vec5-for-cas-negotiation.patch create mode 100644 SOURCES/0560-x86-efi-Fix-an-incorrect-array-size-in-kernel-alloca.patch create mode 100644 SOURCES/0561-switch-to-blscfg-don-t-assume-newline-at-end-of-cfg.patch create mode 100644 SOURCES/0562-font-Reject-glyphs-exceeds-font-max_glyph_width-or-f.patch create mode 100644 SOURCES/0563-font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch create mode 100644 SOURCES/0564-font-Fix-several-integer-overflows-in-grub_font_cons.patch create mode 100644 SOURCES/0565-font-Remove-grub_font_dup_glyph.patch create mode 100644 SOURCES/0566-font-Fix-integer-overflow-in-ensure_comb_space.patch create mode 100644 SOURCES/0567-font-Fix-integer-overflow-in-BMP-index.patch create mode 100644 SOURCES/0568-font-Fix-integer-underflow-in-binary-search-of-char-.patch create mode 100644 SOURCES/0569-fbutil-Fix-integer-overflow.patch create mode 100644 SOURCES/0570-font-Fix-an-integer-underflow-in-blit_comb.patch create mode 100644 SOURCES/0571-font-Harden-grub_font_blit_glyph-and-grub_font_blit_.patch create mode 100644 SOURCES/0572-font-Assign-null_font-to-glyphs-in-ascii_font_glyph.patch create mode 100644 SOURCES/0573-normal-charset-Fix-an-integer-overflow-in-grub_unico.patch create mode 100644 SOURCES/0574-Enable-TDX-measurement-to-RTMR-register.patch create mode 100644 SOURCES/0575-Enable-shared-processor-mode-in-vector-5.patch create mode 100644 SOURCES/0576-efi-http-change-uint32_t-to-uintn_t-for-grub_efi_htt.patch create mode 100644 SOURCES/0577-ieee1275-Converting-plain-numbers-to-constants-in-Ve.patch create mode 100644 SOURCES/0578-ieee1275-extended-support-in-options-vector5.patch create mode 100644 SOURCES/0579-Regenerate-kernelopts-if-missing-on-ppc.patch create mode 100644 SOURCES/0580-kern-ieee1275-init-ppc64-Restrict-high-memory-in-pre.patch create mode 100644 SOURCES/0581-util-Enable-default-kernel-for-updates.patch create mode 100644 SOURCES/0582-grub-set-bootflag-Conservative-partial-fix-for-CVE-2.patch create mode 100644 SOURCES/0583-grub-set-bootflag-More-complete-fix-for-CVE-2024-104.patch create mode 100644 SOURCES/0584-grub-set-bootflag-Exit-calmly-when-not-running-as-ro.patch create mode 100644 SOURCES/0585-fs-ntfs-Fix-an-OOB-write-when-parsing-the-ATTRIBUTE_.patch create mode 100644 SOURCES/0586-fs-ntfs-Fix-an-OOB-read-when-reading-data-from-the-r.patch create mode 100644 SOURCES/0587-fs-ntfs-Fix-an-OOB-read-when-parsing-directory-entri.patch create mode 100644 SOURCES/0588-fs-ntfs-Fix-an-OOB-read-when-parsing-bitmaps-for-ind.patch create mode 100644 SOURCES/0589-fs-ntfs-Fix-an-OOB-read-when-parsing-a-volume-label.patch create mode 100644 SOURCES/0590-fs-ntfs-Make-code-more-readable.patch create mode 100755 SOURCES/20-grub.install create mode 100644 SOURCES/99-grub-mkconfig.install create mode 100644 SOURCES/gitignore create mode 100644 SOURCES/grub.macros create mode 100644 SOURCES/grub.patches create mode 100644 SOURCES/release-to-master.patch create mode 100755 SOURCES/sbat.csv.in create mode 100644 SOURCES/strtoull_test.c create mode 100644 SPECS/grub2.spec diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..c48971f --- /dev/null +++ b/.gitignore @@ -0,0 +1,9 @@ +SOURCES/grub-2.02.tar.xz +SOURCES/redhatsecureboot301.cer +SOURCES/redhatsecureboot502.cer +SOURCES/redhatsecureboot601.cer +SOURCES/redhatsecureboot701.cer +SOURCES/redhatsecurebootca3.cer +SOURCES/redhatsecurebootca5.cer +SOURCES/theme.tar.bz2 +SOURCES/unifont-5.1.20080820.pcf.gz diff --git a/.grub2.metadata b/.grub2.metadata new file mode 100644 index 0000000..c0c9b64 --- /dev/null +++ b/.grub2.metadata @@ -0,0 +1,9 @@ +3d7eb6eaab28b88cb969ba9ab24af959f4d1b178 SOURCES/grub-2.02.tar.xz +4a07b56e28741884b86da6ac91f8f9929541a1e4 SOURCES/redhatsecureboot301.cer +3f94c47f1d08bacc7cb29bdd912e286b8d2f6fcf SOURCES/redhatsecureboot502.cer +039357ef97aab3e484d1119edd4528156f5859e6 SOURCES/redhatsecureboot601.cer +e89890ca0ded2f9058651cc5fa838b78db2e6cc2 SOURCES/redhatsecureboot701.cer +cf9230e69000076727e5b784ec871d22716dc5da SOURCES/redhatsecurebootca3.cer +e6f506462069aa17d2e8610503635c20f3a995c3 SOURCES/redhatsecurebootca5.cer +cf0b7763c528902da7e8b05cfa248f20c8825ce5 SOURCES/theme.tar.bz2 +87f8600ba24e521b5d20bdf6c4b71af8ae861e3a SOURCES/unifont-5.1.20080820.pcf.gz diff --git a/SOURCES/0001-Add-support-for-Linux-EFI-stub-loading.patch b/SOURCES/0001-Add-support-for-Linux-EFI-stub-loading.patch new file mode 100644 index 0000000..6f6fb7e --- /dev/null +++ b/SOURCES/0001-Add-support-for-Linux-EFI-stub-loading.patch @@ -0,0 +1,997 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Matthew Garrett +Date: Tue, 10 Jul 2012 11:58:52 -0400 +Subject: [PATCH] Add support for Linux EFI stub loading. + +Also: + +commit 71c843745f22f81e16d259e2e19c99bf3c1855c1 +Author: Colin Watson +Date: Tue Oct 23 10:40:49 2012 -0400 + +Don't allow insmod when secure boot is enabled. + +Hi, + +Fedora's patch to forbid insmod in UEFI Secure Boot environments is fine +as far as it goes. However, the insmod command is not the only way that +modules can be loaded. In particular, the 'normal' command, which +implements the usual GRUB menu and the fully-featured command prompt, +will implicitly load commands not currently loaded into memory. This +permits trivial Secure Boot violations by writing commands implementing +whatever you want to do and pointing $prefix at the malicious code. + +I'm currently test-building this patch (replacing your current +grub-2.00-no-insmod-on-sb.patch), but this should be more correct. It +moves the check into grub_dl_load_file. +--- + grub-core/Makefile.core.def | 16 +- + grub-core/kern/dl.c | 21 +++ + grub-core/kern/efi/efi.c | 28 ++++ + grub-core/kern/efi/mm.c | 32 ++++ + grub-core/loader/arm64/linux.c | 118 +++++++------- + grub-core/loader/arm64/xen_boot.c | 1 - + grub-core/loader/efi/linux.c | 70 ++++++++ + grub-core/loader/i386/efi/linux.c | 335 ++++++++++++++++++++++++++++++++++++++ + grub-core/loader/i386/pc/linux.c | 10 +- + include/grub/arm/linux.h | 9 + + include/grub/arm64/linux.h | 10 ++ + include/grub/efi/efi.h | 7 +- + include/grub/efi/linux.h | 31 ++++ + include/grub/i386/linux.h | 1 + + 14 files changed, 620 insertions(+), 69 deletions(-) + create mode 100644 grub-core/loader/efi/linux.c + create mode 100644 grub-core/loader/i386/efi/linux.c + create mode 100644 include/grub/efi/linux.h + +diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def +index 9590e87d9..0b4b0c212 100644 +--- a/grub-core/Makefile.core.def ++++ b/grub-core/Makefile.core.def +@@ -1626,13 +1626,6 @@ module = { + enable = i386_pc; + }; + +- +-module = { +- name = linux16; +- common = loader/i386/pc/linux.c; +- enable = x86; +-}; +- + module = { + name = ntldr; + i386_pc = loader/i386/pc/ntldr.c; +@@ -1685,7 +1678,9 @@ module = { + + module = { + name = linux; +- x86 = loader/i386/linux.c; ++ i386_pc = loader/i386/pc/linux.c; ++ x86_64_efi = loader/i386/efi/linux.c; ++ i386_efi = loader/i386/efi/linux.c; + xen = loader/i386/xen.c; + i386_pc = lib/i386/pc/vesa_modes_table.c; + mips = loader/mips/linux.c; +@@ -1696,9 +1691,14 @@ module = { + arm_efi = loader/arm64/linux.c; + arm_uboot = loader/arm/linux.c; + arm64 = loader/arm64/linux.c; ++ emu = loader/emu/linux.c; ++ fdt = lib/fdt.c; ++ + common = loader/linux.c; + common = lib/cmdline.c; + enable = noemu; ++ ++ efi = loader/efi/linux.c; + }; + + module = { +diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c +index e394cd96f..04e804d16 100644 +--- a/grub-core/kern/dl.c ++++ b/grub-core/kern/dl.c +@@ -38,6 +38,14 @@ + #define GRUB_MODULES_MACHINE_READONLY + #endif + ++#ifdef GRUB_MACHINE_EMU ++#include ++#endif ++ ++#ifdef GRUB_MACHINE_EFI ++#include ++#endif ++ + + + #pragma GCC diagnostic ignored "-Wcast-align" +@@ -686,6 +694,19 @@ grub_dl_load_file (const char *filename) + void *core = 0; + grub_dl_t mod = 0; + ++#ifdef GRUB_MACHINE_EFI ++ if (grub_efi_secure_boot ()) ++ { ++#if 0 ++ /* This is an error, but grub2-mkconfig still generates a pile of ++ * insmod commands, so emitting it would be mostly just obnoxious. */ ++ grub_error (GRUB_ERR_ACCESS_DENIED, ++ "Secure Boot forbids loading module from %s", filename); ++#endif ++ return 0; ++ } ++#endif ++ + grub_boot_time ("Loading module %s", filename); + + file = grub_file_open (filename); +diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c +index 708581fcb..c8a9d8307 100644 +--- a/grub-core/kern/efi/efi.c ++++ b/grub-core/kern/efi/efi.c +@@ -273,6 +273,34 @@ grub_efi_get_variable (const char *var, const grub_efi_guid_t *guid, + return NULL; + } + ++grub_efi_boolean_t ++grub_efi_secure_boot (void) ++{ ++ grub_efi_guid_t efi_var_guid = GRUB_EFI_GLOBAL_VARIABLE_GUID; ++ grub_size_t datasize; ++ char *secure_boot = NULL; ++ char *setup_mode = NULL; ++ grub_efi_boolean_t ret = 0; ++ ++ secure_boot = grub_efi_get_variable("SecureBoot", &efi_var_guid, &datasize); ++ ++ if (datasize != 1 || !secure_boot) ++ goto out; ++ ++ setup_mode = grub_efi_get_variable("SetupMode", &efi_var_guid, &datasize); ++ ++ if (datasize != 1 || !setup_mode) ++ goto out; ++ ++ if (*secure_boot && !*setup_mode) ++ ret = 1; ++ ++ out: ++ grub_free (secure_boot); ++ grub_free (setup_mode); ++ return ret; ++} ++ + #pragma GCC diagnostic ignored "-Wcast-align" + + /* Search the mods section from the PE32/PE32+ image. This code uses +diff --git a/grub-core/kern/efi/mm.c b/grub-core/kern/efi/mm.c +index 42ad7c570..5cdf6c943 100644 +--- a/grub-core/kern/efi/mm.c ++++ b/grub-core/kern/efi/mm.c +@@ -113,6 +113,38 @@ grub_efi_drop_alloc (grub_efi_physical_address_t address, + } + } + ++/* Allocate pages below a specified address */ ++void * ++grub_efi_allocate_pages_max (grub_efi_physical_address_t max, ++ grub_efi_uintn_t pages) ++{ ++ grub_efi_status_t status; ++ grub_efi_boot_services_t *b; ++ grub_efi_physical_address_t address = max; ++ ++ if (max > 0xffffffff) ++ return 0; ++ ++ b = grub_efi_system_table->boot_services; ++ status = efi_call_4 (b->allocate_pages, GRUB_EFI_ALLOCATE_MAX_ADDRESS, GRUB_EFI_LOADER_DATA, pages, &address); ++ ++ if (status != GRUB_EFI_SUCCESS) ++ return 0; ++ ++ if (address == 0) ++ { ++ /* Uggh, the address 0 was allocated... This is too annoying, ++ so reallocate another one. */ ++ address = max; ++ status = efi_call_4 (b->allocate_pages, GRUB_EFI_ALLOCATE_MAX_ADDRESS, GRUB_EFI_LOADER_DATA, pages, &address); ++ grub_efi_free_pages (0, pages); ++ if (status != GRUB_EFI_SUCCESS) ++ return 0; ++ } ++ ++ return (void *) ((grub_addr_t) address); ++} ++ + /* Allocate pages. Return the pointer to the first of allocated pages. */ + void * + grub_efi_allocate_pages_real (grub_efi_physical_address_t address, +diff --git a/grub-core/loader/arm64/linux.c b/grub-core/loader/arm64/linux.c +index 1f86229f8..6c00af98d 100644 +--- a/grub-core/loader/arm64/linux.c ++++ b/grub-core/loader/arm64/linux.c +@@ -29,6 +29,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -40,6 +41,7 @@ static int loaded; + + static void *kernel_addr; + static grub_uint64_t kernel_size; ++static grub_uint32_t handover_offset; + + static char *linux_args; + static grub_uint32_t cmdline_size; +@@ -66,7 +68,8 @@ grub_armxx_efi_linux_check_image (struct linux_armxx_kernel_header * lh) + static grub_err_t + finalize_params_linux (void) + { +- int node, retval; ++ grub_efi_loaded_image_t *loaded_image = NULL; ++ int node, retval, len; + + void *fdt; + +@@ -101,79 +104,70 @@ finalize_params_linux (void) + if (grub_fdt_install() != GRUB_ERR_NONE) + goto failure; + +- return GRUB_ERR_NONE; +- +-failure: +- grub_fdt_unload(); +- return grub_error(GRUB_ERR_BAD_OS, "failed to install/update FDT"); +-} +- +-grub_err_t +-grub_armxx_efi_linux_boot_image (grub_addr_t addr, grub_size_t size, char *args) +-{ +- grub_efi_memory_mapped_device_path_t *mempath; +- grub_efi_handle_t image_handle; +- grub_efi_boot_services_t *b; +- grub_efi_status_t status; +- grub_efi_loaded_image_t *loaded_image; +- int len; +- +- mempath = grub_malloc (2 * sizeof (grub_efi_memory_mapped_device_path_t)); +- if (!mempath) +- return grub_errno; +- +- mempath[0].header.type = GRUB_EFI_HARDWARE_DEVICE_PATH_TYPE; +- mempath[0].header.subtype = GRUB_EFI_MEMORY_MAPPED_DEVICE_PATH_SUBTYPE; +- mempath[0].header.length = grub_cpu_to_le16_compile_time (sizeof (*mempath)); +- mempath[0].memory_type = GRUB_EFI_LOADER_DATA; +- mempath[0].start_address = addr; +- mempath[0].end_address = addr + size; +- +- mempath[1].header.type = GRUB_EFI_END_DEVICE_PATH_TYPE; +- mempath[1].header.subtype = GRUB_EFI_END_ENTIRE_DEVICE_PATH_SUBTYPE; +- mempath[1].header.length = sizeof (grub_efi_device_path_t); +- +- b = grub_efi_system_table->boot_services; +- status = b->load_image (0, grub_efi_image_handle, +- (grub_efi_device_path_t *) mempath, +- (void *) addr, size, &image_handle); +- if (status != GRUB_EFI_SUCCESS) +- return grub_error (GRUB_ERR_BAD_OS, "cannot load image"); +- +- grub_dprintf ("linux", "linux command line: '%s'\n", args); ++ grub_dprintf ("linux", "Installed/updated FDT configuration table @ %p\n", ++ fdt); + + /* Convert command line to UCS-2 */ +- loaded_image = grub_efi_get_loaded_image (image_handle); ++ loaded_image = grub_efi_get_loaded_image (grub_efi_image_handle); ++ if (!loaded_image) ++ goto failure; ++ + loaded_image->load_options_size = len = +- (grub_strlen (args) + 1) * sizeof (grub_efi_char16_t); ++ (grub_strlen (linux_args) + 1) * sizeof (grub_efi_char16_t); + loaded_image->load_options = + grub_efi_allocate_any_pages (GRUB_EFI_BYTES_TO_PAGES (loaded_image->load_options_size)); + if (!loaded_image->load_options) +- return grub_errno; ++ return grub_error(GRUB_ERR_BAD_OS, "failed to create kernel parameters"); + + loaded_image->load_options_size = + 2 * grub_utf8_to_utf16 (loaded_image->load_options, len, +- (grub_uint8_t *) args, len, NULL); ++ (grub_uint8_t *) linux_args, len, NULL); + +- grub_dprintf ("linux", "starting image %p\n", image_handle); +- status = b->start_image (image_handle, 0, NULL); ++ return GRUB_ERR_NONE; + +- /* When successful, not reached */ +- b->unload_image (image_handle); +- grub_efi_free_pages ((grub_addr_t) loaded_image->load_options, +- GRUB_EFI_BYTES_TO_PAGES (loaded_image->load_options_size)); ++failure: ++ grub_fdt_unload(); ++ return grub_error(GRUB_ERR_BAD_OS, "failed to install/update FDT"); ++} + +- return grub_errno; ++static void ++free_params (void) ++{ ++ grub_efi_loaded_image_t *loaded_image = NULL; ++ ++ loaded_image = grub_efi_get_loaded_image (grub_efi_image_handle); ++ if (loaded_image) ++ { ++ if (loaded_image->load_options) ++ grub_efi_free_pages ((grub_efi_physical_address_t)(grub_efi_uintn_t)loaded_image->load_options, ++ GRUB_EFI_BYTES_TO_PAGES (loaded_image->load_options_size)); ++ loaded_image->load_options = NULL; ++ loaded_image->load_options_size = 0; ++ } ++} ++ ++grub_err_t ++grub_armxx_efi_linux_boot_image (grub_addr_t addr, char *args) ++{ ++ grub_err_t retval; ++ ++ retval = finalize_params_linux (); ++ if (retval != GRUB_ERR_NONE) ++ return grub_errno; ++ ++ grub_dprintf ("linux", "linux command line: '%s'\n", args); ++ ++ retval = grub_efi_linux_boot ((char *)addr, handover_offset, (void *)addr); ++ ++ /* Never reached... */ ++ free_params(); ++ return retval; + } + + static grub_err_t + grub_linux_boot (void) + { +- if (finalize_params_linux () != GRUB_ERR_NONE) +- return grub_errno; +- +- return (grub_armxx_efi_linux_boot_image((grub_addr_t)kernel_addr, +- kernel_size, linux_args)); ++ return grub_armxx_efi_linux_boot_image((grub_addr_t)kernel_addr, linux_args); + } + + static grub_err_t +@@ -287,6 +281,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + { + grub_file_t file = 0; + struct linux_armxx_kernel_header lh; ++ struct grub_armxx_linux_pe_header *pe; + + grub_dl_ref (my_mod); + +@@ -331,6 +326,15 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + + grub_dprintf ("linux", "kernel @ %p\n", kernel_addr); + ++ if (!grub_linuxefi_secure_validate (kernel_addr, kernel_size)) ++ { ++ grub_error (GRUB_ERR_INVALID_COMMAND, N_("%s has invalid signature"), argv[0]); ++ goto fail; ++ } ++ ++ pe = (void *)((unsigned long)kernel_addr + lh.hdr_offset); ++ handover_offset = pe->opt.entry_addr; ++ + cmdline_size = grub_loader_cmdline_size (argc, argv) + sizeof (LINUX_IMAGE); + linux_args = grub_malloc (cmdline_size); + if (!linux_args) +diff --git a/grub-core/loader/arm64/xen_boot.c b/grub-core/loader/arm64/xen_boot.c +index 1003a0b99..f35b16caa 100644 +--- a/grub-core/loader/arm64/xen_boot.c ++++ b/grub-core/loader/arm64/xen_boot.c +@@ -266,7 +266,6 @@ xen_boot (void) + return err; + + return grub_armxx_efi_linux_boot_image (xen_hypervisor->start, +- xen_hypervisor->size, + xen_hypervisor->cmdline); + } + +diff --git a/grub-core/loader/efi/linux.c b/grub-core/loader/efi/linux.c +new file mode 100644 +index 000000000..c24202a5d +--- /dev/null ++++ b/grub-core/loader/efi/linux.c +@@ -0,0 +1,70 @@ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2014 Free Software Foundation, Inc. ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ */ ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++#define SHIM_LOCK_GUID \ ++ { 0x605dab50, 0xe046, 0x4300, {0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23} } ++ ++struct grub_efi_shim_lock ++{ ++ grub_efi_status_t (*verify) (void *buffer, grub_uint32_t size); ++}; ++typedef struct grub_efi_shim_lock grub_efi_shim_lock_t; ++ ++grub_efi_boolean_t ++grub_linuxefi_secure_validate (void *data, grub_uint32_t size) ++{ ++ grub_efi_guid_t guid = SHIM_LOCK_GUID; ++ grub_efi_shim_lock_t *shim_lock; ++ ++ shim_lock = grub_efi_locate_protocol(&guid, NULL); ++ ++ if (!shim_lock) ++ return 1; ++ ++ if (shim_lock->verify(data, size) == GRUB_EFI_SUCCESS) ++ return 1; ++ ++ return 0; ++} ++ ++#pragma GCC diagnostic push ++#pragma GCC diagnostic ignored "-Wcast-align" ++ ++typedef void (*handover_func) (void *, grub_efi_system_table_t *, void *); ++ ++grub_err_t ++grub_efi_linux_boot (void *kernel_addr, grub_off_t offset, ++ void *kernel_params) ++{ ++ handover_func hf; ++ ++ hf = (handover_func)((char *)kernel_addr + offset); ++ hf (grub_efi_image_handle, grub_efi_system_table, kernel_params); ++ ++ return GRUB_ERR_BUG; ++} ++ ++#pragma GCC diagnostic pop +diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c +new file mode 100644 +index 000000000..3db82e782 +--- /dev/null ++++ b/grub-core/loader/i386/efi/linux.c +@@ -0,0 +1,335 @@ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2012 Free Software Foundation, Inc. ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ */ ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++GRUB_MOD_LICENSE ("GPLv3+"); ++ ++static grub_dl_t my_mod; ++static int loaded; ++static void *kernel_mem; ++static grub_uint64_t kernel_size; ++static grub_uint8_t *initrd_mem; ++static grub_uint32_t handover_offset; ++struct linux_kernel_params *params; ++static char *linux_cmdline; ++ ++#define BYTES_TO_PAGES(bytes) (((bytes) + 0xfff) >> 12) ++ ++static grub_err_t ++grub_linuxefi_boot (void) ++{ ++ int offset = 0; ++ ++#ifdef __x86_64__ ++ offset = 512; ++#endif ++ asm volatile ("cli"); ++ ++ return grub_efi_linux_boot ((char *)kernel_mem, handover_offset + offset, ++ params); ++} ++ ++static grub_err_t ++grub_linuxefi_unload (void) ++{ ++ grub_dl_unref (my_mod); ++ loaded = 0; ++ if (initrd_mem) ++ grub_efi_free_pages ((grub_efi_physical_address_t)(grub_addr_t)initrd_mem, ++ BYTES_TO_PAGES(params->ramdisk_size)); ++ if (linux_cmdline) ++ grub_efi_free_pages ((grub_efi_physical_address_t)(grub_addr_t) ++ linux_cmdline, ++ BYTES_TO_PAGES(params->cmdline_size + 1)); ++ if (kernel_mem) ++ grub_efi_free_pages ((grub_efi_physical_address_t)(grub_addr_t)kernel_mem, ++ BYTES_TO_PAGES(kernel_size)); ++ if (params) ++ grub_efi_free_pages ((grub_efi_physical_address_t)(grub_addr_t)params, ++ BYTES_TO_PAGES(16384)); ++ return GRUB_ERR_NONE; ++} ++ ++static grub_err_t ++grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), ++ int argc, char *argv[]) ++{ ++ grub_file_t *files = 0; ++ int i, nfiles = 0; ++ grub_size_t size = 0; ++ grub_uint8_t *ptr; ++ ++ if (argc == 0) ++ { ++ grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected")); ++ goto fail; ++ } ++ ++ if (!loaded) ++ { ++ grub_error (GRUB_ERR_BAD_ARGUMENT, N_("you need to load the kernel first")); ++ goto fail; ++ } ++ ++ files = grub_zalloc (argc * sizeof (files[0])); ++ if (!files) ++ goto fail; ++ ++ for (i = 0; i < argc; i++) ++ { ++ grub_file_filter_disable_compression (); ++ files[i] = grub_file_open (argv[i]); ++ if (! files[i]) ++ goto fail; ++ nfiles++; ++ size += ALIGN_UP (grub_file_size (files[i]), 4); ++ } ++ ++ initrd_mem = grub_efi_allocate_pages_max (0x3fffffff, BYTES_TO_PAGES(size)); ++ if (!initrd_mem) ++ { ++ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("can't allocate initrd")); ++ goto fail; ++ } ++ ++ params->ramdisk_size = size; ++ params->ramdisk_image = (grub_uint32_t)(grub_addr_t) initrd_mem; ++ ++ ptr = initrd_mem; ++ ++ for (i = 0; i < nfiles; i++) ++ { ++ grub_ssize_t cursize = grub_file_size (files[i]); ++ if (grub_file_read (files[i], ptr, cursize) != cursize) ++ { ++ if (!grub_errno) ++ grub_error (GRUB_ERR_FILE_READ_ERROR, N_("premature end of file %s"), ++ argv[i]); ++ goto fail; ++ } ++ ptr += cursize; ++ grub_memset (ptr, 0, ALIGN_UP_OVERHEAD (cursize, 4)); ++ ptr += ALIGN_UP_OVERHEAD (cursize, 4); ++ } ++ ++ params->ramdisk_size = size; ++ ++ fail: ++ for (i = 0; i < nfiles; i++) ++ grub_file_close (files[i]); ++ grub_free (files); ++ ++ if (initrd_mem && grub_errno) ++ grub_efi_free_pages ((grub_efi_physical_address_t)(grub_addr_t)initrd_mem, ++ BYTES_TO_PAGES(size)); ++ ++ return grub_errno; ++} ++ ++static grub_err_t ++grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), ++ int argc, char *argv[]) ++{ ++ grub_file_t file = 0; ++ struct linux_kernel_header lh; ++ grub_ssize_t len, start, filelen; ++ void *kernel = NULL; ++ ++ grub_dl_ref (my_mod); ++ ++ if (argc == 0) ++ { ++ grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected")); ++ goto fail; ++ } ++ ++ file = grub_file_open (argv[0]); ++ if (! file) ++ goto fail; ++ ++ filelen = grub_file_size (file); ++ ++ kernel = grub_malloc(filelen); ++ ++ if (!kernel) ++ { ++ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("cannot allocate kernel buffer")); ++ goto fail; ++ } ++ ++ if (grub_file_read (file, kernel, filelen) != filelen) ++ { ++ grub_error (GRUB_ERR_FILE_READ_ERROR, N_("Can't read kernel %s"), argv[0]); ++ goto fail; ++ } ++ ++ if (! grub_linuxefi_secure_validate (kernel, filelen)) ++ { ++ grub_error (GRUB_ERR_INVALID_COMMAND, N_("%s has invalid signature"), ++ argv[0]); ++ goto fail; ++ } ++ ++ params = grub_efi_allocate_pages_max (0x3fffffff, BYTES_TO_PAGES(16384)); ++ ++ if (! params) ++ { ++ grub_error (GRUB_ERR_OUT_OF_MEMORY, "cannot allocate kernel parameters"); ++ goto fail; ++ } ++ ++ grub_memset (params, 0, 16384); ++ ++ grub_memcpy (&lh, kernel, sizeof (lh)); ++ ++ if (lh.boot_flag != grub_cpu_to_le16 (0xaa55)) ++ { ++ grub_error (GRUB_ERR_BAD_OS, N_("invalid magic number")); ++ goto fail; ++ } ++ ++ if (lh.setup_sects > GRUB_LINUX_MAX_SETUP_SECTS) ++ { ++ grub_error (GRUB_ERR_BAD_OS, N_("too many setup sectors")); ++ goto fail; ++ } ++ ++ if (lh.version < grub_cpu_to_le16 (0x020b)) ++ { ++ grub_error (GRUB_ERR_BAD_OS, N_("kernel too old")); ++ goto fail; ++ } ++ ++ if (!lh.handover_offset) ++ { ++ grub_error (GRUB_ERR_BAD_OS, N_("kernel doesn't support EFI handover")); ++ goto fail; ++ } ++ ++ grub_dprintf ("linux", "setting up cmdline\n"); ++ linux_cmdline = grub_efi_allocate_pages_max(0x3fffffff, ++ BYTES_TO_PAGES(lh.cmdline_size + 1)); ++ ++ if (!linux_cmdline) ++ { ++ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("can't allocate cmdline")); ++ goto fail; ++ } ++ ++ grub_memcpy (linux_cmdline, LINUX_IMAGE, sizeof (LINUX_IMAGE)); ++ grub_create_loader_cmdline (argc, argv, ++ linux_cmdline + sizeof (LINUX_IMAGE) - 1, ++ lh.cmdline_size - (sizeof (LINUX_IMAGE) - 1)); ++ ++ lh.cmd_line_ptr = (grub_uint32_t)(grub_addr_t)linux_cmdline; ++ ++ handover_offset = lh.handover_offset; ++ ++ start = (lh.setup_sects + 1) * 512; ++ len = grub_file_size(file) - start; ++ ++ kernel_mem = grub_efi_allocate_pages_max(lh.pref_address, ++ BYTES_TO_PAGES(lh.init_size)); ++ ++ if (!kernel_mem) ++ kernel_mem = grub_efi_allocate_pages_max(0x3fffffff, ++ BYTES_TO_PAGES(lh.init_size)); ++ ++ if (!kernel_mem) ++ { ++ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("can't allocate kernel")); ++ goto fail; ++ } ++ ++ grub_memcpy (kernel_mem, (char *)kernel + start, len); ++ grub_loader_set (grub_linuxefi_boot, grub_linuxefi_unload, 0); ++ loaded=1; ++ ++ lh.code32_start = (grub_uint32_t)(grub_uint64_t) kernel_mem; ++ grub_memcpy (params, &lh, 2 * 512); ++ ++ params->type_of_loader = 0x21; ++ ++ fail: ++ ++ if (file) ++ grub_file_close (file); ++ ++ if (kernel) ++ grub_free (kernel); ++ ++ if (grub_errno != GRUB_ERR_NONE) ++ { ++ grub_dl_unref (my_mod); ++ loaded = 0; ++ } ++ ++ if (linux_cmdline && !loaded) ++ grub_efi_free_pages ((grub_efi_physical_address_t)(grub_addr_t) ++ linux_cmdline, ++ BYTES_TO_PAGES(lh.cmdline_size + 1)); ++ ++ if (kernel_mem && !loaded) ++ grub_efi_free_pages ((grub_efi_physical_address_t)(grub_addr_t)kernel_mem, ++ BYTES_TO_PAGES(kernel_size)); ++ ++ if (params && !loaded) ++ grub_efi_free_pages ((grub_efi_physical_address_t)(grub_addr_t)params, ++ BYTES_TO_PAGES(16384)); ++ ++ return grub_errno; ++} ++ ++static grub_command_t cmd_linux, cmd_initrd; ++static grub_command_t cmd_linuxefi, cmd_initrdefi; ++ ++GRUB_MOD_INIT(linux) ++{ ++ cmd_linux = ++ grub_register_command ("linux", grub_cmd_linux, ++ 0, N_("Load Linux.")); ++ cmd_linuxefi = ++ grub_register_command ("linuxefi", grub_cmd_linux, ++ 0, N_("Load Linux.")); ++ cmd_initrd = ++ grub_register_command ("initrd", grub_cmd_initrd, ++ 0, N_("Load initrd.")); ++ cmd_initrdefi = ++ grub_register_command ("initrdefi", grub_cmd_initrd, ++ 0, N_("Load initrd.")); ++ my_mod = mod; ++} ++ ++GRUB_MOD_FINI(linux) ++{ ++ grub_unregister_command (cmd_linux); ++ grub_unregister_command (cmd_linuxefi); ++ grub_unregister_command (cmd_initrd); ++ grub_unregister_command (cmd_initrdefi); ++} +diff --git a/grub-core/loader/i386/pc/linux.c b/grub-core/loader/i386/pc/linux.c +index b69cb7a3a..a3c87cf2f 100644 +--- a/grub-core/loader/i386/pc/linux.c ++++ b/grub-core/loader/i386/pc/linux.c +@@ -468,14 +468,20 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), + return grub_errno; + } + +-static grub_command_t cmd_linux, cmd_initrd; ++static grub_command_t cmd_linux, cmd_linux16, cmd_initrd, cmd_initrd16; + + GRUB_MOD_INIT(linux16) + { + cmd_linux = ++ grub_register_command ("linux", grub_cmd_linux, ++ 0, N_("Load Linux.")); ++ cmd_linux16 = + grub_register_command ("linux16", grub_cmd_linux, + 0, N_("Load Linux.")); + cmd_initrd = ++ grub_register_command ("initrd", grub_cmd_initrd, ++ 0, N_("Load initrd.")); ++ cmd_initrd16 = + grub_register_command ("initrd16", grub_cmd_initrd, + 0, N_("Load initrd.")); + my_mod = mod; +@@ -484,5 +490,7 @@ GRUB_MOD_INIT(linux16) + GRUB_MOD_FINI(linux16) + { + grub_unregister_command (cmd_linux); ++ grub_unregister_command (cmd_linux16); + grub_unregister_command (cmd_initrd); ++ grub_unregister_command (cmd_initrd16); + } +diff --git a/include/grub/arm/linux.h b/include/grub/arm/linux.h +index 712ba17b9..5900fc8a4 100644 +--- a/include/grub/arm/linux.h ++++ b/include/grub/arm/linux.h +@@ -20,6 +20,7 @@ + #ifndef GRUB_ARM_LINUX_HEADER + #define GRUB_ARM_LINUX_HEADER 1 + ++#include + #include "system.h" + + #define GRUB_LINUX_ARM_MAGIC_SIGNATURE 0x016f2818 +@@ -34,9 +35,17 @@ struct linux_arm_kernel_header { + grub_uint32_t hdr_offset; + }; + ++struct grub_arm_linux_pe_header ++{ ++ grub_uint32_t magic; ++ struct grub_pe32_coff_header coff; ++ struct grub_pe32_optional_header opt; ++}; ++ + #if defined(__arm__) + # define GRUB_LINUX_ARMXX_MAGIC_SIGNATURE GRUB_LINUX_ARM_MAGIC_SIGNATURE + # define linux_armxx_kernel_header linux_arm_kernel_header ++# define grub_armxx_linux_pe_header grub_arm_linux_pe_header + #endif + + #if defined GRUB_MACHINE_UBOOT +diff --git a/include/grub/arm64/linux.h b/include/grub/arm64/linux.h +index 8655067e0..7b533b571 100644 +--- a/include/grub/arm64/linux.h ++++ b/include/grub/arm64/linux.h +@@ -19,6 +19,8 @@ + #ifndef GRUB_ARM64_LINUX_HEADER + #define GRUB_ARM64_LINUX_HEADER 1 + ++#include ++ + #define GRUB_LINUX_ARM64_MAGIC_SIGNATURE 0x644d5241 /* 'ARM\x64' */ + + /* From linux/Documentation/arm64/booting.txt */ +@@ -36,9 +38,17 @@ struct linux_arm64_kernel_header + grub_uint32_t hdr_offset; /* Offset of PE/COFF header */ + }; + ++struct grub_arm64_linux_pe_header ++{ ++ grub_uint32_t magic; ++ struct grub_pe32_coff_header coff; ++ struct grub_pe64_optional_header opt; ++}; ++ + #if defined(__aarch64__) + # define GRUB_LINUX_ARMXX_MAGIC_SIGNATURE GRUB_LINUX_ARM64_MAGIC_SIGNATURE + # define linux_armxx_kernel_header linux_arm64_kernel_header ++# define grub_armxx_linux_pe_header grub_arm64_linux_pe_header + #endif + + #endif /* ! GRUB_ARM64_LINUX_HEADER */ +diff --git a/include/grub/efi/efi.h b/include/grub/efi/efi.h +index 2c6648d46..1061aee97 100644 +--- a/include/grub/efi/efi.h ++++ b/include/grub/efi/efi.h +@@ -47,6 +47,9 @@ EXPORT_FUNC(grub_efi_allocate_fixed) (grub_efi_physical_address_t address, + grub_efi_uintn_t pages); + void * + EXPORT_FUNC(grub_efi_allocate_any_pages) (grub_efi_uintn_t pages); ++void * ++EXPORT_FUNC(grub_efi_allocate_pages_max) (grub_efi_physical_address_t max, ++ grub_efi_uintn_t pages); + void EXPORT_FUNC(grub_efi_free_pages) (grub_efi_physical_address_t address, + grub_efi_uintn_t pages); + grub_efi_uintn_t EXPORT_FUNC(grub_efi_find_mmap_size) (void); +@@ -82,6 +85,7 @@ EXPORT_FUNC (grub_efi_set_variable) (const char *var, + const grub_efi_guid_t *guid, + void *data, + grub_size_t datasize); ++grub_efi_boolean_t EXPORT_FUNC (grub_efi_secure_boot) (void); + int + EXPORT_FUNC (grub_efi_compare_device_paths) (const grub_efi_device_path_t *dp1, + const grub_efi_device_path_t *dp2); +@@ -95,8 +99,7 @@ void *EXPORT_FUNC(grub_efi_get_firmware_fdt)(void); + grub_err_t EXPORT_FUNC(grub_efi_get_ram_base)(grub_addr_t *); + #include + grub_err_t grub_armxx_efi_linux_check_image(struct linux_armxx_kernel_header *lh); +-grub_err_t grub_armxx_efi_linux_boot_image(grub_addr_t addr, grub_size_t size, +- char *args); ++grub_err_t grub_armxx_efi_linux_boot_image(grub_addr_t addr, char *args); + #endif + + grub_addr_t grub_efi_modules_addr (void); +diff --git a/include/grub/efi/linux.h b/include/grub/efi/linux.h +new file mode 100644 +index 000000000..d9ede3677 +--- /dev/null ++++ b/include/grub/efi/linux.h +@@ -0,0 +1,31 @@ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2014 Free Software Foundation, Inc. ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ */ ++#ifndef GRUB_EFI_LINUX_HEADER ++#define GRUB_EFI_LINUX_HEADER 1 ++ ++#include ++#include ++#include ++ ++grub_efi_boolean_t ++EXPORT_FUNC(grub_linuxefi_secure_validate) (void *data, grub_uint32_t size); ++grub_err_t ++EXPORT_FUNC(grub_efi_linux_boot) (void *kernel_address, grub_off_t offset, ++ void *kernel_param); ++ ++#endif /* ! GRUB_EFI_LINUX_HEADER */ +diff --git a/include/grub/i386/linux.h b/include/grub/i386/linux.h +index 60c7c3b5e..bb19dbd5a 100644 +--- a/include/grub/i386/linux.h ++++ b/include/grub/i386/linux.h +@@ -142,6 +142,7 @@ struct linux_i386_kernel_header + grub_uint64_t setup_data; + grub_uint64_t pref_address; + grub_uint32_t init_size; ++ grub_uint32_t handover_offset; + } GRUB_PACKED; + + /* Boot parameters for Linux based on 2.6.12. This is used by the setup diff --git a/SOURCES/0002-Rework-linux-command.patch b/SOURCES/0002-Rework-linux-command.patch new file mode 100644 index 0000000..b8143aa --- /dev/null +++ b/SOURCES/0002-Rework-linux-command.patch @@ -0,0 +1,115 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Matthew Garrett +Date: Sun, 9 Aug 2015 16:12:39 -0700 +Subject: [PATCH] Rework linux command + +We want a single buffer that contains the entire kernel image in order to +perform a TPM measurement. Allocate one and copy the entire kernel into it +before pulling out the individual blocks later on. +--- + grub-core/loader/i386/linux.c | 37 ++++++++++++++++++++++++------------- + 1 file changed, 24 insertions(+), 13 deletions(-) + +diff --git a/grub-core/loader/i386/linux.c b/grub-core/loader/i386/linux.c +index 9b53d3168..f7186be40 100644 +--- a/grub-core/loader/i386/linux.c ++++ b/grub-core/loader/i386/linux.c +@@ -685,13 +685,15 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + { + grub_file_t file = 0; + struct linux_i386_kernel_header lh; ++ grub_uint8_t *linux_params_ptr; + grub_uint8_t setup_sects; +- grub_size_t real_size, prot_size, prot_file_size; ++ grub_size_t real_size, prot_size, prot_file_size, kernel_offset; + grub_ssize_t len; + int i; + grub_size_t align, min_align; + int relocatable; + grub_uint64_t preferred_address = GRUB_LINUX_BZIMAGE_ADDR; ++ grub_uint8_t *kernel = NULL; + + grub_dl_ref (my_mod); + +@@ -705,7 +707,15 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + if (! file) + goto fail; + +- if (grub_file_read (file, &lh, sizeof (lh)) != sizeof (lh)) ++ len = grub_file_size (file); ++ kernel = grub_malloc (len); ++ if (!kernel) ++ { ++ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("cannot allocate kernel buffer")); ++ goto fail; ++ } ++ ++ if (grub_file_read (file, kernel, len) != len) + { + if (!grub_errno) + grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"), +@@ -713,6 +723,9 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + goto fail; + } + ++ grub_memcpy (&lh, kernel, sizeof (lh)); ++ kernel_offset = sizeof (lh); ++ + if (lh.boot_flag != grub_cpu_to_le16_compile_time (0xaa55)) + { + grub_error (GRUB_ERR_BAD_OS, "invalid magic number"); +@@ -804,6 +817,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + preferred_address)) + goto fail; + ++ + grub_memset (&linux_params, 0, sizeof (linux_params)); + grub_memcpy (&linux_params.setup_sects, &lh.setup_sects, sizeof (lh) - 0x1F1); + +@@ -812,13 +826,10 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + linux_params.ps_mouse = linux_params.padding10 = 0; + + len = sizeof (linux_params) - sizeof (lh); +- if (grub_file_read (file, (char *) &linux_params + sizeof (lh), len) != len) +- { +- if (!grub_errno) +- grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"), +- argv[0]); +- goto fail; +- } ++ ++ linux_params_ptr = (void *)&linux_params; ++ grub_memcpy (linux_params_ptr + sizeof (lh), kernel + kernel_offset, len); ++ kernel_offset += len; + + linux_params.type_of_loader = GRUB_LINUX_BOOT_LOADER_TYPE; + +@@ -877,7 +888,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + + /* The other parameters are filled when booting. */ + +- grub_file_seek (file, real_size + GRUB_DISK_SECTOR_SIZE); ++ kernel_offset = real_size + GRUB_DISK_SECTOR_SIZE; + + grub_dprintf ("linux", "bzImage, setup=0x%x, size=0x%x\n", + (unsigned) real_size, (unsigned) prot_size); +@@ -1025,9 +1036,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + - (sizeof (LINUX_IMAGE) - 1)); + + len = prot_file_size; +- if (grub_file_read (file, prot_mode_mem, len) != len && !grub_errno) +- grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"), +- argv[0]); ++ grub_memcpy (prot_mode_mem, kernel + kernel_offset, len); + + if (grub_errno == GRUB_ERR_NONE) + { +@@ -1038,6 +1047,8 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + + fail: + ++ grub_free (kernel); ++ + if (file) + grub_file_close (file); + diff --git a/SOURCES/0003-Rework-linux16-command.patch b/SOURCES/0003-Rework-linux16-command.patch new file mode 100644 index 0000000..2b4b8dd --- /dev/null +++ b/SOURCES/0003-Rework-linux16-command.patch @@ -0,0 +1,98 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Matthew Garrett +Date: Sun, 9 Aug 2015 16:20:58 -0700 +Subject: [PATCH] Rework linux16 command + +We want a single buffer that contains the entire kernel image in order to +perform a TPM measurement. Allocate one and copy the entire kernel int it +before pulling out the individual blocks later on. +--- + grub-core/loader/i386/pc/linux.c | 34 +++++++++++++++++++++------------- + 1 file changed, 21 insertions(+), 13 deletions(-) + +diff --git a/grub-core/loader/i386/pc/linux.c b/grub-core/loader/i386/pc/linux.c +index a3c87cf2f..caa76bee8 100644 +--- a/grub-core/loader/i386/pc/linux.c ++++ b/grub-core/loader/i386/pc/linux.c +@@ -123,13 +123,14 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + grub_file_t file = 0; + struct linux_i386_kernel_header lh; + grub_uint8_t setup_sects; +- grub_size_t real_size; ++ grub_size_t real_size, kernel_offset = 0; + grub_ssize_t len; + int i; + char *grub_linux_prot_chunk; + int grub_linux_is_bzimage; + grub_addr_t grub_linux_prot_target; + grub_err_t err; ++ grub_uint8_t *kernel = NULL; + + grub_dl_ref (my_mod); + +@@ -143,7 +144,15 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + if (! file) + goto fail; + +- if (grub_file_read (file, &lh, sizeof (lh)) != sizeof (lh)) ++ len = grub_file_size (file); ++ kernel = grub_malloc (len); ++ if (!kernel) ++ { ++ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("cannot allocate kernel buffer")); ++ goto fail; ++ } ++ ++ if (grub_file_read (file, kernel, len) != len) + { + if (!grub_errno) + grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"), +@@ -151,6 +160,9 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + goto fail; + } + ++ grub_memcpy (&lh, kernel, sizeof (lh)); ++ kernel_offset = sizeof (lh); ++ + if (lh.boot_flag != grub_cpu_to_le16_compile_time (0xaa55)) + { + grub_error (GRUB_ERR_BAD_OS, "invalid magic number"); +@@ -314,13 +326,9 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + grub_memmove (grub_linux_real_chunk, &lh, sizeof (lh)); + + len = real_size + GRUB_DISK_SECTOR_SIZE - sizeof (lh); +- if (grub_file_read (file, grub_linux_real_chunk + sizeof (lh), len) != len) +- { +- if (!grub_errno) +- grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"), +- argv[0]); +- goto fail; +- } ++ grub_memcpy (grub_linux_real_chunk + sizeof (lh), kernel + kernel_offset, ++ len); ++ kernel_offset += len; + + if (lh.header != grub_cpu_to_le32_compile_time (GRUB_LINUX_I386_MAGIC_SIGNATURE) + || grub_le_to_cpu16 (lh.version) < 0x0200) +@@ -355,10 +363,8 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + } + + len = grub_linux16_prot_size; +- if (grub_file_read (file, grub_linux_prot_chunk, grub_linux16_prot_size) +- != (grub_ssize_t) grub_linux16_prot_size && !grub_errno) +- grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"), +- argv[0]); ++ grub_memcpy (grub_linux_prot_chunk, kernel + kernel_offset, len); ++ kernel_offset += len; + + if (grub_errno == GRUB_ERR_NONE) + { +@@ -368,6 +374,8 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + + fail: + ++ grub_free (kernel); ++ + if (file) + grub_file_close (file); + diff --git a/SOURCES/0004-Add-secureboot-support-on-efi-chainloader.patch b/SOURCES/0004-Add-secureboot-support-on-efi-chainloader.patch new file mode 100644 index 0000000..50781d6 --- /dev/null +++ b/SOURCES/0004-Add-secureboot-support-on-efi-chainloader.patch @@ -0,0 +1,1390 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Raymund Will +Date: Fri, 10 Apr 2015 01:45:02 -0400 +Subject: [PATCH] Add secureboot support on efi chainloader + +Expand the chainloader to be able to verify the image by means of shim +lock protocol. The PE/COFF image is loaded and relocated by the +chainloader instead of calling LoadImage and StartImage UEFI boot +Service as they require positive verification result from keys enrolled +in KEK or DB. The shim will use MOK in addition to firmware enrolled +keys to verify the image. + +The chainloader module could be used to load other UEFI bootloaders, +such as xen.efi, and could be signed by any of MOK, KEK or DB. + +Based on https://build.opensuse.org/package/view_file/openSUSE:Factory/grub2/grub2-secureboot-chainloader.patch + +Signed-off-by: Peter Jones + +Also: + +commit cd7a8984d4fda905877b5bfe466339100156b3bc +Author: Raymund Will +Date: Fri Apr 10 01:45:02 2015 -0400 + +Use device part of chainloader target, if present. + +Otherwise chainloading is restricted to '$root', which might not even +be readable by EFI! + +v1. use grub_file_get_device_name() to get device name + +Signed-off-by: Michael Chang +Signed-off-by: Peter Jones + +Also: + +commit 0872a2310a0eeac4ecfe9e1b49dd2d72ab373039 +Author: Peter Jones +Date: Fri Jun 10 14:06:15 2016 -0400 + +Rework even more of efi chainload so non-sb cases work right. + +This ensures that if shim protocol is not loaded, or is loaded but shim +is disabled, we will fall back to a correct load method for the efi +chain loader. + +Here's what I tested with this version: + +results expected actual +------------------------------------------------------------ +sb + enabled + shim + fedora success success +sb + enabled + shim + win success success +sb + enabled + grub + fedora fail fail +sb + enabled + grub + win fail fail + +sb + mokdisabled + shim + fedora success success +sb + mokdisabled + shim + win success success +sb + mokdisabled + grub + fedora fail fail +sb + mokdisabled + grub + win fail fail + +sb disabled + shim + fedora success success* +sb disabled + shim + win success success* +sb disabled + grub + fedora success success +sb disabled + grub + win success success + +nosb + shim + fedora success success* +nosb + shim + win success success* +nosb + grub + fedora success success +nosb + grub + win success success + +* for some reason shim protocol is being installed in these cases, and I + can't see why, but I think it may be this firmware build returning an + erroneous value. But this effectively falls back to the mokdisabled + behavior, which works correctly, and the presence of the "grub" (i.e. + no shim) tests effectively tests the desired behavior here. + +Resolves: rhbz#1344512 + +Signed-off-by: Peter Jones + +Also: + +commit ff7b1cb7f69487870211aeb69ff4f54470fbcb58 +Author: Laszlo Ersek +Date: Mon Nov 21 15:34:00 2016 +0100 + +efi/chainloader: fix wrong sanity check in relocate_coff() + +In relocate_coff(), the relocation entries are parsed from the original +image (not the section-wise copied image). The original image is +pointed-to by the "orig" pointer. The current check + + (void *)reloc_end < data + +compares the addresses of independent memory allocations. "data" is a typo +here, it should be "orig". + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1347291 +Signed-off-by: Laszlo Ersek +Tested-by: Bogdan Costescu +Tested-by: Juan Orti + +Also: + +commit ab4ba9997ad4832449e54d930fa2aac6a160d0e9 +Author: Laszlo Ersek +Date: Wed Nov 23 06:27:09 2016 +0100 + +efi/chainloader: truncate overlong relocation section + +The UEFI Windows 7 boot loader ("EFI/Microsoft/Boot/bootmgfw.efi", SHA1 +31b410e029bba87d2068c65a80b88882f9f8ea25) has inconsistent headers. + +Compare: + +> The Data Directory +> ... +> Entry 5 00000000000d9000 00000574 Base Relocation Directory [.reloc] + +Versus: + +> Sections: +> Idx Name Size VMA LMA File off ... +> ... +> 10 .reloc 00000e22 00000000100d9000 00000000100d9000 000a1800 ... + +That is, the size reported by the RelocDir entry (0x574) is smaller than +the virtual size of the .reloc section (0xe22). + +Quoting the grub2 debug log for the same: + +> chainloader.c:595: reloc_dir: 0xd9000 reloc_size: 0x00000574 +> chainloader.c:603: reloc_base: 0x7d208000 reloc_base_end: 0x7d208573 +> ... +> chainloader.c:620: Section 10 ".reloc" at 0x7d208000..0x7d208e21 +> chainloader.c:661: section is not reloc section? +> chainloader.c:663: rds: 0x00001000, vs: 00000e22 +> chainloader.c:664: base: 0x7d208000 end: 0x7d208e21 +> chainloader.c:666: reloc_base: 0x7d208000 reloc_base_end: 0x7d208573 +> chainloader.c:671: Section characteristics are 42000040 +> chainloader.c:673: Section virtual size: 00000e22 +> chainloader.c:675: Section raw_data size: 00001000 +> chainloader.c:678: Discarding section + +After hexdumping "bootmgfw.efi" and manually walking its relocation blocks +(yes, really), I determined that the (smaller) RelocDir value is correct. +The remaining area that extends up to the .reloc section size (== 0xe22 - +0x574 == 0x8ae bytes) exists as zero padding in the file. + +This zero padding shouldn't be passed to relocate_coff() for parsing. In +order to cope with it, split the handling of .reloc sections into the +following branches: + +- original case (equal size): original behavior (--> relocation + attempted), + +- overlong .reloc section (longer than reported by RelocDir): truncate the + section to the RelocDir size for the purposes of relocate_coff(), and + attempt relocation, + +- .reloc section is too short, or other checks fail: original behavior + (--> relocation not attempted). + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1347291 +Signed-off-by: Laszlo Ersek +--- + grub-core/kern/efi/efi.c | 14 +- + grub-core/loader/arm64/linux.c | 4 +- + grub-core/loader/efi/chainloader.c | 817 +++++++++++++++++++++++++++++++++---- + grub-core/loader/efi/linux.c | 25 +- + grub-core/loader/i386/efi/linux.c | 17 +- + include/grub/efi/linux.h | 2 +- + include/grub/efi/pe32.h | 52 ++- + 7 files changed, 840 insertions(+), 91 deletions(-) + +diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c +index c8a9d8307..91129e335 100644 +--- a/grub-core/kern/efi/efi.c ++++ b/grub-core/kern/efi/efi.c +@@ -283,14 +283,20 @@ grub_efi_secure_boot (void) + grub_efi_boolean_t ret = 0; + + secure_boot = grub_efi_get_variable("SecureBoot", &efi_var_guid, &datasize); +- + if (datasize != 1 || !secure_boot) +- goto out; ++ { ++ grub_dprintf ("secureboot", "No SecureBoot variable\n"); ++ goto out; ++ } ++ grub_dprintf ("secureboot", "SecureBoot: %d\n", *secure_boot); + + setup_mode = grub_efi_get_variable("SetupMode", &efi_var_guid, &datasize); +- + if (datasize != 1 || !setup_mode) +- goto out; ++ { ++ grub_dprintf ("secureboot", "No SetupMode variable\n"); ++ goto out; ++ } ++ grub_dprintf ("secureboot", "SetupMode: %d\n", *setup_mode); + + if (*secure_boot && !*setup_mode) + ret = 1; +diff --git a/grub-core/loader/arm64/linux.c b/grub-core/loader/arm64/linux.c +index 6c00af98d..a1ac7a388 100644 +--- a/grub-core/loader/arm64/linux.c ++++ b/grub-core/loader/arm64/linux.c +@@ -282,6 +282,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + grub_file_t file = 0; + struct linux_armxx_kernel_header lh; + struct grub_armxx_linux_pe_header *pe; ++ int rc; + + grub_dl_ref (my_mod); + +@@ -326,7 +327,8 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + + grub_dprintf ("linux", "kernel @ %p\n", kernel_addr); + +- if (!grub_linuxefi_secure_validate (kernel_addr, kernel_size)) ++ rc = grub_linuxefi_secure_validate (kernel_addr, kernel_size); ++ if (rc < 0) + { + grub_error (GRUB_ERR_INVALID_COMMAND, N_("%s has invalid signature"), argv[0]); + goto fail; +diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c +index adc856366..af2189619 100644 +--- a/grub-core/loader/efi/chainloader.c ++++ b/grub-core/loader/efi/chainloader.c +@@ -32,6 +32,8 @@ + #include + #include + #include ++#include ++#include + #include + #include + #include +@@ -46,9 +48,14 @@ static grub_dl_t my_mod; + + static grub_efi_physical_address_t address; + static grub_efi_uintn_t pages; ++static grub_ssize_t fsize; + static grub_efi_device_path_t *file_path; + static grub_efi_handle_t image_handle; + static grub_efi_char16_t *cmdline; ++static grub_ssize_t cmdline_len; ++static grub_efi_handle_t dev_handle; ++ ++static grub_efi_status_t (*entry_point) (grub_efi_handle_t image_handle, grub_efi_system_table_t *system_table); + + static grub_err_t + grub_chainloader_unload (void) +@@ -63,6 +70,7 @@ grub_chainloader_unload (void) + grub_free (cmdline); + cmdline = 0; + file_path = 0; ++ dev_handle = 0; + + grub_dl_unref (my_mod); + return GRUB_ERR_NONE; +@@ -173,7 +181,6 @@ make_file_path (grub_efi_device_path_t *dp, const char *filename) + /* Fill the file path for the directory. */ + d = (grub_efi_device_path_t *) ((char *) file_path + + ((char *) d - (char *) dp)); +- grub_efi_print_device_path (d); + copy_file_path ((grub_efi_file_path_device_path_t *) d, + dir_start, dir_end - dir_start); + +@@ -191,20 +198,690 @@ make_file_path (grub_efi_device_path_t *dp, const char *filename) + return file_path; + } + ++#define SHIM_LOCK_GUID \ ++ { 0x605dab50, 0xe046, 0x4300, { 0xab,0xb6,0x3d,0xd8,0x10,0xdd,0x8b,0x23 } } ++ ++typedef union ++{ ++ struct grub_pe32_header_32 pe32; ++ struct grub_pe32_header_64 pe32plus; ++} grub_pe_header_t; ++ ++struct pe_coff_loader_image_context ++{ ++ grub_efi_uint64_t image_address; ++ grub_efi_uint64_t image_size; ++ grub_efi_uint64_t entry_point; ++ grub_efi_uintn_t size_of_headers; ++ grub_efi_uint16_t image_type; ++ grub_efi_uint16_t number_of_sections; ++ grub_efi_uint32_t section_alignment; ++ struct grub_pe32_section_table *first_section; ++ struct grub_pe32_data_directory *reloc_dir; ++ struct grub_pe32_data_directory *sec_dir; ++ grub_efi_uint64_t number_of_rva_and_sizes; ++ grub_pe_header_t *pe_hdr; ++}; ++ ++typedef struct pe_coff_loader_image_context pe_coff_loader_image_context_t; ++ ++struct grub_efi_shim_lock ++{ ++ grub_efi_status_t (*verify)(void *buffer, ++ grub_efi_uint32_t size); ++ grub_efi_status_t (*hash)(void *data, ++ grub_efi_int32_t datasize, ++ pe_coff_loader_image_context_t *context, ++ grub_efi_uint8_t *sha256hash, ++ grub_efi_uint8_t *sha1hash); ++ grub_efi_status_t (*context)(void *data, ++ grub_efi_uint32_t size, ++ pe_coff_loader_image_context_t *context); ++}; ++ ++typedef struct grub_efi_shim_lock grub_efi_shim_lock_t; ++ ++static grub_efi_boolean_t ++read_header (void *data, grub_efi_uint32_t size, ++ pe_coff_loader_image_context_t *context) ++{ ++ grub_efi_guid_t guid = SHIM_LOCK_GUID; ++ grub_efi_shim_lock_t *shim_lock; ++ grub_efi_status_t status; ++ ++ shim_lock = grub_efi_locate_protocol (&guid, NULL); ++ if (!shim_lock) ++ { ++ grub_dprintf ("chain", "no shim lock protocol"); ++ return 0; ++ } ++ ++ status = shim_lock->context (data, size, context); ++ ++ if (status == GRUB_EFI_SUCCESS) ++ { ++ grub_dprintf ("chain", "context success\n"); ++ return 1; ++ } ++ ++ switch (status) ++ { ++ case GRUB_EFI_UNSUPPORTED: ++ grub_error (GRUB_ERR_BAD_ARGUMENT, "context error unsupported"); ++ break; ++ case GRUB_EFI_INVALID_PARAMETER: ++ grub_error (GRUB_ERR_BAD_ARGUMENT, "context error invalid parameter"); ++ break; ++ default: ++ grub_error (GRUB_ERR_BAD_ARGUMENT, "context error code"); ++ break; ++ } ++ ++ return -1; ++} ++ ++static void* ++image_address (void *image, grub_efi_uint64_t sz, grub_efi_uint64_t adr) ++{ ++ if (adr > sz) ++ return NULL; ++ ++ return ((grub_uint8_t*)image + adr); ++} ++ ++static int ++image_is_64_bit (grub_pe_header_t *pe_hdr) ++{ ++ /* .Magic is the same offset in all cases */ ++ if (pe_hdr->pe32plus.optional_header.magic == GRUB_PE32_PE64_MAGIC) ++ return 1; ++ return 0; ++} ++ ++static const grub_uint16_t machine_type __attribute__((__unused__)) = ++#if defined(__x86_64__) ++ GRUB_PE32_MACHINE_X86_64; ++#elif defined(__aarch64__) ++ GRUB_PE32_MACHINE_ARM64; ++#elif defined(__arm__) ++ GRUB_PE32_MACHINE_ARMTHUMB_MIXED; ++#elif defined(__i386__) || defined(__i486__) || defined(__i686__) ++ GRUB_PE32_MACHINE_I386; ++#elif defined(__ia64__) ++ GRUB_PE32_MACHINE_IA64; ++#else ++#error this architecture is not supported by grub2 ++#endif ++ ++static grub_efi_status_t ++relocate_coff (pe_coff_loader_image_context_t *context, ++ struct grub_pe32_section_table *section, ++ void *orig, void *data) ++{ ++ struct grub_pe32_data_directory *reloc_base, *reloc_base_end; ++ grub_efi_uint64_t adjust; ++ struct grub_pe32_fixup_block *reloc, *reloc_end; ++ char *fixup, *fixup_base, *fixup_data = NULL; ++ grub_efi_uint16_t *fixup_16; ++ grub_efi_uint32_t *fixup_32; ++ grub_efi_uint64_t *fixup_64; ++ grub_efi_uint64_t size = context->image_size; ++ void *image_end = (char *)orig + size; ++ int n = 0; ++ ++ if (image_is_64_bit (context->pe_hdr)) ++ context->pe_hdr->pe32plus.optional_header.image_base = ++ (grub_uint64_t)(unsigned long)data; ++ else ++ context->pe_hdr->pe32.optional_header.image_base = ++ (grub_uint32_t)(unsigned long)data; ++ ++ /* Alright, so here's how this works: ++ * ++ * context->reloc_dir gives us two things: ++ * - the VA the table of base relocation blocks are (maybe) to be ++ * mapped at (reloc_dir->rva) ++ * - the virtual size (reloc_dir->size) ++ * ++ * The .reloc section (section here) gives us some other things: ++ * - the name! kind of. (section->name) ++ * - the virtual size (section->virtual_size), which should be the same ++ * as RelocDir->Size ++ * - the virtual address (section->virtual_address) ++ * - the file section size (section->raw_data_size), which is ++ * a multiple of optional_header->file_alignment. Only useful for image ++ * validation, not really useful for iteration bounds. ++ * - the file address (section->raw_data_offset) ++ * - a bunch of stuff we don't use that's 0 in our binaries usually ++ * - Flags (section->characteristics) ++ * ++ * and then the thing that's actually at the file address is an array ++ * of struct grub_pe32_fixup_block structs with some values packed behind ++ * them. The block_size field of this structure includes the ++ * structure itself, and adding it to that structure's address will ++ * yield the next entry in the array. ++ */ ++ ++ reloc_base = image_address (orig, size, section->raw_data_offset); ++ reloc_base_end = image_address (orig, size, section->raw_data_offset ++ + section->virtual_size); ++ ++ grub_dprintf ("chain", "relocate_coff(): reloc_base %p reloc_base_end %p\n", ++ reloc_base, reloc_base_end); ++ ++ if (!reloc_base && !reloc_base_end) ++ return GRUB_EFI_SUCCESS; ++ ++ if (!reloc_base || !reloc_base_end) ++ { ++ grub_error (GRUB_ERR_BAD_ARGUMENT, "Reloc table overflows binary"); ++ return GRUB_EFI_UNSUPPORTED; ++ } ++ ++ adjust = (grub_uint64_t)(grub_efi_uintn_t)data - context->image_address; ++ if (adjust == 0) ++ return GRUB_EFI_SUCCESS; ++ ++ while (reloc_base < reloc_base_end) ++ { ++ grub_uint16_t *entry; ++ reloc = (struct grub_pe32_fixup_block *)((char*)reloc_base); ++ ++ if ((reloc_base->size == 0) || ++ (reloc_base->size > context->reloc_dir->size)) ++ { ++ grub_error (GRUB_ERR_BAD_ARGUMENT, ++ "Reloc %d block size %d is invalid\n", n, ++ reloc_base->size); ++ return GRUB_EFI_UNSUPPORTED; ++ } ++ ++ entry = &reloc->entries[0]; ++ reloc_end = (struct grub_pe32_fixup_block *) ++ ((char *)reloc_base + reloc_base->size); ++ ++ if ((void *)reloc_end < orig || (void *)reloc_end > image_end) ++ { ++ grub_error (GRUB_ERR_BAD_ARGUMENT, "Reloc entry %d overflows binary", ++ n); ++ return GRUB_EFI_UNSUPPORTED; ++ } ++ ++ fixup_base = image_address(data, size, reloc_base->rva); ++ ++ if (!fixup_base) ++ { ++ grub_error (GRUB_ERR_BAD_ARGUMENT, "Reloc %d Invalid fixupbase", n); ++ return GRUB_EFI_UNSUPPORTED; ++ } ++ ++ while ((void *)entry < (void *)reloc_end) ++ { ++ fixup = fixup_base + (*entry & 0xFFF); ++ switch ((*entry) >> 12) ++ { ++ case GRUB_PE32_REL_BASED_ABSOLUTE: ++ break; ++ case GRUB_PE32_REL_BASED_HIGH: ++ fixup_16 = (grub_uint16_t *)fixup; ++ *fixup_16 = (grub_uint16_t) ++ (*fixup_16 + ((grub_uint16_t)((grub_uint32_t)adjust >> 16))); ++ if (fixup_data != NULL) ++ { ++ *(grub_uint16_t *) fixup_data = *fixup_16; ++ fixup_data = fixup_data + sizeof (grub_uint16_t); ++ } ++ break; ++ case GRUB_PE32_REL_BASED_LOW: ++ fixup_16 = (grub_uint16_t *)fixup; ++ *fixup_16 = (grub_uint16_t) (*fixup_16 + (grub_uint16_t)adjust); ++ if (fixup_data != NULL) ++ { ++ *(grub_uint16_t *) fixup_data = *fixup_16; ++ fixup_data = fixup_data + sizeof (grub_uint16_t); ++ } ++ break; ++ case GRUB_PE32_REL_BASED_HIGHLOW: ++ fixup_32 = (grub_uint32_t *)fixup; ++ *fixup_32 = *fixup_32 + (grub_uint32_t)adjust; ++ if (fixup_data != NULL) ++ { ++ fixup_data = (char *)ALIGN_UP ((grub_addr_t)fixup_data, sizeof (grub_uint32_t)); ++ *(grub_uint32_t *) fixup_data = *fixup_32; ++ fixup_data += sizeof (grub_uint32_t); ++ } ++ break; ++ case GRUB_PE32_REL_BASED_DIR64: ++ fixup_64 = (grub_uint64_t *)fixup; ++ *fixup_64 = *fixup_64 + (grub_uint64_t)adjust; ++ if (fixup_data != NULL) ++ { ++ fixup_data = (char *)ALIGN_UP ((grub_addr_t)fixup_data, sizeof (grub_uint64_t)); ++ *(grub_uint64_t *) fixup_data = *fixup_64; ++ fixup_data += sizeof (grub_uint64_t); ++ } ++ break; ++ default: ++ grub_error (GRUB_ERR_BAD_ARGUMENT, ++ "Reloc %d unknown relocation type %d", ++ n, (*entry) >> 12); ++ return GRUB_EFI_UNSUPPORTED; ++ } ++ entry += 1; ++ } ++ reloc_base = (struct grub_pe32_data_directory *)reloc_end; ++ n++; ++ } ++ ++ return GRUB_EFI_SUCCESS; ++} ++ ++static grub_efi_device_path_t * ++grub_efi_get_media_file_path (grub_efi_device_path_t *dp) ++{ ++ while (1) ++ { ++ grub_efi_uint8_t type = GRUB_EFI_DEVICE_PATH_TYPE (dp); ++ grub_efi_uint8_t subtype = GRUB_EFI_DEVICE_PATH_SUBTYPE (dp); ++ ++ if (type == GRUB_EFI_END_DEVICE_PATH_TYPE) ++ break; ++ else if (type == GRUB_EFI_MEDIA_DEVICE_PATH_TYPE ++ && subtype == GRUB_EFI_FILE_PATH_DEVICE_PATH_SUBTYPE) ++ return dp; ++ ++ dp = GRUB_EFI_NEXT_DEVICE_PATH (dp); ++ } ++ ++ return NULL; ++} ++ ++static grub_efi_boolean_t ++handle_image (void *data, grub_efi_uint32_t datasize) ++{ ++ grub_efi_boot_services_t *b; ++ grub_efi_loaded_image_t *li, li_bak; ++ grub_efi_status_t efi_status; ++ char *buffer = NULL; ++ char *buffer_aligned = NULL; ++ grub_efi_uint32_t i; ++ struct grub_pe32_section_table *section; ++ char *base, *end; ++ pe_coff_loader_image_context_t context; ++ grub_uint32_t section_alignment; ++ grub_uint32_t buffer_size; ++ int found_entry_point = 0; ++ int rc; ++ ++ b = grub_efi_system_table->boot_services; ++ ++ rc = read_header (data, datasize, &context); ++ if (rc < 0) ++ { ++ grub_dprintf ("chain", "Failed to read header\n"); ++ goto error_exit; ++ } ++ else if (rc == 0) ++ { ++ grub_dprintf ("chain", "Secure Boot is not enabled\n"); ++ return 0; ++ } ++ else ++ { ++ grub_dprintf ("chain", "Header read without error\n"); ++ } ++ ++ /* ++ * The spec says, uselessly, of SectionAlignment: ++ * ===== ++ * The alignment (in bytes) of sections when they are loaded into ++ * memory. It must be greater than or equal to FileAlignment. The ++ * default is the page size for the architecture. ++ * ===== ++ * Which doesn't tell you whose responsibility it is to enforce the ++ * "default", or when. It implies that the value in the field must ++ * be > FileAlignment (also poorly defined), but it appears visual ++ * studio will happily write 512 for FileAlignment (its default) and ++ * 0 for SectionAlignment, intending to imply PAGE_SIZE. ++ * ++ * We only support one page size, so if it's zero, nerf it to 4096. ++ */ ++ section_alignment = context.section_alignment; ++ if (section_alignment == 0) ++ section_alignment = 4096; ++ ++ buffer_size = context.image_size + section_alignment; ++ grub_dprintf ("chain", "image size is %08"PRIxGRUB_UINT64_T", datasize is %08x\n", ++ context.image_size, datasize); ++ ++ efi_status = efi_call_3 (b->allocate_pool, GRUB_EFI_LOADER_DATA, ++ buffer_size, &buffer); ++ ++ if (efi_status != GRUB_EFI_SUCCESS) ++ { ++ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory")); ++ goto error_exit; ++ } ++ ++ buffer_aligned = (char *)ALIGN_UP ((grub_addr_t)buffer, section_alignment); ++ if (!buffer_aligned) ++ { ++ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory")); ++ goto error_exit; ++ } ++ ++ grub_memcpy (buffer_aligned, data, context.size_of_headers); ++ ++ entry_point = image_address (buffer_aligned, context.image_size, ++ context.entry_point); ++ ++ grub_dprintf ("chain", "entry_point: %p\n", entry_point); ++ if (!entry_point) ++ { ++ grub_error (GRUB_ERR_BAD_ARGUMENT, "invalid entry point"); ++ goto error_exit; ++ } ++ ++ char *reloc_base, *reloc_base_end; ++ grub_dprintf ("chain", "reloc_dir: %p reloc_size: 0x%08x\n", ++ (void *)(unsigned long)context.reloc_dir->rva, ++ context.reloc_dir->size); ++ reloc_base = image_address (buffer_aligned, context.image_size, ++ context.reloc_dir->rva); ++ /* RelocBaseEnd here is the address of the last byte of the table */ ++ reloc_base_end = image_address (buffer_aligned, context.image_size, ++ context.reloc_dir->rva ++ + context.reloc_dir->size - 1); ++ grub_dprintf ("chain", "reloc_base: %p reloc_base_end: %p\n", ++ reloc_base, reloc_base_end); ++ ++ struct grub_pe32_section_table *reloc_section = NULL, fake_reloc_section; ++ ++ section = context.first_section; ++ for (i = 0; i < context.number_of_sections; i++, section++) ++ { ++ char name[9]; ++ ++ base = image_address (buffer_aligned, context.image_size, ++ section->virtual_address); ++ end = image_address (buffer_aligned, context.image_size, ++ section->virtual_address + section->virtual_size -1); ++ ++ grub_strncpy(name, section->name, 9); ++ name[8] = '\0'; ++ grub_dprintf ("chain", "Section %d \"%s\" at %p..%p\n", i, ++ name, base, end); ++ ++ if (end < base) ++ { ++ grub_dprintf ("chain", " base is %p but end is %p... bad.\n", ++ base, end); ++ grub_error (GRUB_ERR_BAD_ARGUMENT, ++ "Image has invalid negative size"); ++ goto error_exit; ++ } ++ ++ if (section->virtual_address <= context.entry_point && ++ (section->virtual_address + section->raw_data_size - 1) ++ > context.entry_point) ++ { ++ found_entry_point++; ++ grub_dprintf ("chain", " section contains entry point\n"); ++ } ++ ++ /* We do want to process .reloc, but it's often marked ++ * discardable, so we don't want to memcpy it. */ ++ if (grub_memcmp (section->name, ".reloc\0\0", 8) == 0) ++ { ++ if (reloc_section) ++ { ++ grub_error (GRUB_ERR_BAD_ARGUMENT, ++ "Image has multiple relocation sections"); ++ goto error_exit; ++ } ++ ++ /* If it has nonzero sizes, and our bounds check ++ * made sense, and the VA and size match RelocDir's ++ * versions, then we believe in this section table. */ ++ if (section->raw_data_size && section->virtual_size && ++ base && end && reloc_base == base) ++ { ++ if (reloc_base_end == end) ++ { ++ grub_dprintf ("chain", " section is relocation section\n"); ++ reloc_section = section; ++ } ++ else if (reloc_base_end && reloc_base_end < end) ++ { ++ /* Bogus virtual size in the reloc section -- RelocDir ++ * reported a smaller Base Relocation Directory. Decrease ++ * the section's virtual size so that it equal RelocDir's ++ * idea, but only for the purposes of relocate_coff(). */ ++ grub_dprintf ("chain", ++ " section is (overlong) relocation section\n"); ++ grub_memcpy (&fake_reloc_section, section, sizeof *section); ++ fake_reloc_section.virtual_size -= (end - reloc_base_end); ++ reloc_section = &fake_reloc_section; ++ } ++ } ++ ++ if (!reloc_section) ++ { ++ grub_dprintf ("chain", " section is not reloc section?\n"); ++ grub_dprintf ("chain", " rds: 0x%08x, vs: %08x\n", ++ section->raw_data_size, section->virtual_size); ++ grub_dprintf ("chain", " base: %p end: %p\n", base, end); ++ grub_dprintf ("chain", " reloc_base: %p reloc_base_end: %p\n", ++ reloc_base, reloc_base_end); ++ } ++ } ++ ++ grub_dprintf ("chain", " Section characteristics are %08x\n", ++ section->characteristics); ++ grub_dprintf ("chain", " Section virtual size: %08x\n", ++ section->virtual_size); ++ grub_dprintf ("chain", " Section raw_data size: %08x\n", ++ section->raw_data_size); ++ if (section->characteristics & GRUB_PE32_SCN_MEM_DISCARDABLE) ++ { ++ grub_dprintf ("chain", " Discarding section\n"); ++ continue; ++ } ++ ++ if (!base || !end) ++ { ++ grub_dprintf ("chain", " section is invalid\n"); ++ grub_error (GRUB_ERR_BAD_ARGUMENT, "Invalid section size"); ++ goto error_exit; ++ } ++ ++ if (section->characteristics & GRUB_PE32_SCN_CNT_UNINITIALIZED_DATA) ++ { ++ if (section->raw_data_size != 0) ++ grub_dprintf ("chain", " UNINITIALIZED_DATA section has data?\n"); ++ } ++ else if (section->virtual_address < context.size_of_headers || ++ section->raw_data_offset < context.size_of_headers) ++ { ++ grub_error (GRUB_ERR_BAD_ARGUMENT, ++ "Section %d is inside image headers", i); ++ goto error_exit; ++ } ++ ++ if (section->raw_data_size > 0) ++ { ++ grub_dprintf ("chain", " copying 0x%08x bytes to %p\n", ++ section->raw_data_size, base); ++ grub_memcpy (base, ++ (grub_efi_uint8_t*)data + section->raw_data_offset, ++ section->raw_data_size); ++ } ++ ++ if (section->raw_data_size < section->virtual_size) ++ { ++ grub_dprintf ("chain", " padding with 0x%08x bytes at %p\n", ++ section->virtual_size - section->raw_data_size, ++ base + section->raw_data_size); ++ grub_memset (base + section->raw_data_size, 0, ++ section->virtual_size - section->raw_data_size); ++ } ++ ++ grub_dprintf ("chain", " finished section %s\n", name); ++ } ++ ++ /* 5 == EFI_IMAGE_DIRECTORY_ENTRY_BASERELOC */ ++ if (context.number_of_rva_and_sizes <= 5) ++ { ++ grub_dprintf ("chain", "image has no relocation entry\n"); ++ goto error_exit; ++ } ++ ++ if (context.reloc_dir->size && reloc_section) ++ { ++ /* run the relocation fixups */ ++ efi_status = relocate_coff (&context, reloc_section, data, ++ buffer_aligned); ++ ++ if (efi_status != GRUB_EFI_SUCCESS) ++ { ++ grub_error (GRUB_ERR_BAD_ARGUMENT, "relocation failed"); ++ goto error_exit; ++ } ++ } ++ ++ if (!found_entry_point) ++ { ++ grub_error (GRUB_ERR_BAD_ARGUMENT, "entry point is not within sections"); ++ goto error_exit; ++ } ++ if (found_entry_point > 1) ++ { ++ grub_error (GRUB_ERR_BAD_ARGUMENT, "%d sections contain entry point", ++ found_entry_point); ++ goto error_exit; ++ } ++ ++ li = grub_efi_get_loaded_image (grub_efi_image_handle); ++ if (!li) ++ { ++ grub_error (GRUB_ERR_BAD_ARGUMENT, "no loaded image available"); ++ goto error_exit; ++ } ++ ++ grub_memcpy (&li_bak, li, sizeof (grub_efi_loaded_image_t)); ++ li->image_base = buffer_aligned; ++ li->image_size = context.image_size; ++ li->load_options = cmdline; ++ li->load_options_size = cmdline_len; ++ li->file_path = grub_efi_get_media_file_path (file_path); ++ li->device_handle = dev_handle; ++ if (!li->file_path) ++ { ++ grub_error (GRUB_ERR_UNKNOWN_DEVICE, "no matching file path found"); ++ goto error_exit; ++ } ++ ++ grub_dprintf ("chain", "booting via entry point\n"); ++ efi_status = efi_call_2 (entry_point, grub_efi_image_handle, ++ grub_efi_system_table); ++ ++ grub_dprintf ("chain", "entry_point returned %ld\n", efi_status); ++ grub_memcpy (li, &li_bak, sizeof (grub_efi_loaded_image_t)); ++ efi_status = efi_call_1 (b->free_pool, buffer); ++ ++ return 1; ++ ++error_exit: ++ grub_dprintf ("chain", "error_exit: grub_errno: %d\n", grub_errno); ++ if (buffer) ++ efi_call_1 (b->free_pool, buffer); ++ ++ return 0; ++} ++ ++static grub_err_t ++grub_secureboot_chainloader_unload (void) ++{ ++ grub_efi_boot_services_t *b; ++ ++ b = grub_efi_system_table->boot_services; ++ efi_call_2 (b->free_pages, address, pages); ++ grub_free (file_path); ++ grub_free (cmdline); ++ cmdline = 0; ++ file_path = 0; ++ dev_handle = 0; ++ ++ grub_dl_unref (my_mod); ++ return GRUB_ERR_NONE; ++} ++ ++static grub_err_t ++grub_load_and_start_image(void *boot_image) ++{ ++ grub_efi_boot_services_t *b; ++ grub_efi_status_t status; ++ grub_efi_loaded_image_t *loaded_image; ++ ++ b = grub_efi_system_table->boot_services; ++ ++ status = efi_call_6 (b->load_image, 0, grub_efi_image_handle, file_path, ++ boot_image, fsize, &image_handle); ++ if (status != GRUB_EFI_SUCCESS) ++ { ++ if (status == GRUB_EFI_OUT_OF_RESOURCES) ++ grub_error (GRUB_ERR_OUT_OF_MEMORY, "out of resources"); ++ else ++ grub_error (GRUB_ERR_BAD_OS, "cannot load image"); ++ return -1; ++ } ++ ++ /* LoadImage does not set a device handler when the image is ++ loaded from memory, so it is necessary to set it explicitly here. ++ This is a mess. */ ++ loaded_image = grub_efi_get_loaded_image (image_handle); ++ if (! loaded_image) ++ { ++ grub_error (GRUB_ERR_BAD_OS, "no loaded image available"); ++ return -1; ++ } ++ loaded_image->device_handle = dev_handle; ++ ++ if (cmdline) ++ { ++ loaded_image->load_options = cmdline; ++ loaded_image->load_options_size = cmdline_len; ++ } ++ ++ return 0; ++} ++ ++static grub_err_t ++grub_secureboot_chainloader_boot (void) ++{ ++ int rc; ++ rc = handle_image ((void *)(unsigned long)address, fsize); ++ if (rc == 0) ++ { ++ grub_load_and_start_image((void *)(unsigned long)address); ++ } ++ ++ grub_loader_unset (); ++ return grub_errno; ++} ++ + static grub_err_t + grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), + int argc, char *argv[]) + { + grub_file_t file = 0; +- grub_ssize_t size; + grub_efi_status_t status; + grub_efi_boot_services_t *b; + grub_device_t dev = 0; + grub_efi_device_path_t *dp = 0; +- grub_efi_loaded_image_t *loaded_image; + char *filename; + void *boot_image = 0; +- grub_efi_handle_t dev_handle = 0; ++ int rc; + + if (argc == 0) + return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected")); +@@ -216,15 +893,45 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), + address = 0; + image_handle = 0; + file_path = 0; ++ dev_handle = 0; + + b = grub_efi_system_table->boot_services; + ++ if (argc > 1) ++ { ++ int i; ++ grub_efi_char16_t *p16; ++ ++ for (i = 1, cmdline_len = 0; i < argc; i++) ++ cmdline_len += grub_strlen (argv[i]) + 1; ++ ++ cmdline_len *= sizeof (grub_efi_char16_t); ++ cmdline = p16 = grub_malloc (cmdline_len); ++ if (! cmdline) ++ goto fail; ++ ++ for (i = 1; i < argc; i++) ++ { ++ char *p8; ++ ++ p8 = argv[i]; ++ while (*p8) ++ *(p16++) = *(p8++); ++ ++ *(p16++) = ' '; ++ } ++ *(--p16) = 0; ++ } ++ + file = grub_file_open (filename); + if (! file) + goto fail; + +- /* Get the root device's device path. */ +- dev = grub_device_open (0); ++ /* Get the device path from filename. */ ++ char *devname = grub_file_get_device_name (filename); ++ dev = grub_device_open (devname); ++ if (devname) ++ grub_free (devname); + if (! dev) + goto fail; + +@@ -261,17 +968,14 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), + if (! file_path) + goto fail; + +- grub_printf ("file path: "); +- grub_efi_print_device_path (file_path); +- +- size = grub_file_size (file); +- if (!size) ++ fsize = grub_file_size (file); ++ if (!fsize) + { + grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"), + filename); + goto fail; + } +- pages = (((grub_efi_uintn_t) size + ((1 << 12) - 1)) >> 12); ++ pages = (((grub_efi_uintn_t) fsize + ((1 << 12) - 1)) >> 12); + + status = efi_call_4 (b->allocate_pages, GRUB_EFI_ALLOCATE_ANY_PAGES, + GRUB_EFI_LOADER_CODE, +@@ -285,7 +989,7 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), + } + + boot_image = (void *) ((grub_addr_t) address); +- if (grub_file_read (file, boot_image, size) != size) ++ if (grub_file_read (file, boot_image, fsize) != fsize) + { + if (grub_errno == GRUB_ERR_NONE) + grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"), +@@ -295,7 +999,7 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), + } + + #if defined (__i386__) || defined (__x86_64__) +- if (size >= (grub_ssize_t) sizeof (struct grub_macho_fat_header)) ++ if (fsize >= (grub_ssize_t) sizeof (struct grub_macho_fat_header)) + { + struct grub_macho_fat_header *head = boot_image; + if (head->magic +@@ -304,6 +1008,14 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), + grub_uint32_t i; + struct grub_macho_fat_arch *archs + = (struct grub_macho_fat_arch *) (head + 1); ++ ++ if (grub_efi_secure_boot()) ++ { ++ grub_error (GRUB_ERR_BAD_OS, ++ "MACHO binaries are forbidden with Secure Boot"); ++ goto fail; ++ } ++ + for (i = 0; i < grub_cpu_to_le32 (head->nfat_arch); i++) + { + if (GRUB_MACHO_CPUTYPE_IS_HOST_CURRENT (archs[i].cputype)) +@@ -318,79 +1030,39 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), + > ~grub_cpu_to_le32 (archs[i].size) + || grub_cpu_to_le32 (archs[i].offset) + + grub_cpu_to_le32 (archs[i].size) +- > (grub_size_t) size) ++ > (grub_size_t) fsize) + { + grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"), + filename); + goto fail; + } + boot_image = (char *) boot_image + grub_cpu_to_le32 (archs[i].offset); +- size = grub_cpu_to_le32 (archs[i].size); ++ fsize = grub_cpu_to_le32 (archs[i].size); + } + } + #endif + +- status = efi_call_6 (b->load_image, 0, grub_efi_image_handle, file_path, +- boot_image, size, +- &image_handle); +- if (status != GRUB_EFI_SUCCESS) ++ rc = grub_linuxefi_secure_validate((void *)(unsigned long)address, fsize); ++ grub_dprintf ("chain", "linuxefi_secure_validate: %d\n", rc); ++ if (rc > 0) + { +- if (status == GRUB_EFI_OUT_OF_RESOURCES) +- grub_error (GRUB_ERR_OUT_OF_MEMORY, "out of resources"); +- else +- grub_error (GRUB_ERR_BAD_OS, "cannot load image"); +- +- goto fail; ++ grub_file_close (file); ++ grub_device_close (dev); ++ grub_loader_set (grub_secureboot_chainloader_boot, ++ grub_secureboot_chainloader_unload, 0); ++ return 0; + } +- +- /* LoadImage does not set a device handler when the image is +- loaded from memory, so it is necessary to set it explicitly here. +- This is a mess. */ +- loaded_image = grub_efi_get_loaded_image (image_handle); +- if (! loaded_image) ++ else if (rc == 0) + { +- grub_error (GRUB_ERR_BAD_OS, "no loaded image available"); +- goto fail; +- } +- loaded_image->device_handle = dev_handle; +- +- if (argc > 1) +- { +- int i, len; +- grub_efi_char16_t *p16; +- +- for (i = 1, len = 0; i < argc; i++) +- len += grub_strlen (argv[i]) + 1; +- +- len *= sizeof (grub_efi_char16_t); +- cmdline = p16 = grub_malloc (len); +- if (! cmdline) +- goto fail; ++ grub_load_and_start_image(boot_image); ++ grub_file_close (file); ++ grub_device_close (dev); ++ grub_loader_set (grub_chainloader_boot, grub_chainloader_unload, 0); + +- for (i = 1; i < argc; i++) +- { +- char *p8; +- +- p8 = argv[i]; +- while (*p8) +- *(p16++) = *(p8++); +- +- *(p16++) = ' '; +- } +- *(--p16) = 0; +- +- loaded_image->load_options = cmdline; +- loaded_image->load_options_size = len; ++ return 0; + } + +- grub_file_close (file); +- grub_device_close (dev); +- +- grub_loader_set (grub_chainloader_boot, grub_chainloader_unload, 0); +- return 0; +- +- fail: +- ++fail: + if (dev) + grub_device_close (dev); + +@@ -402,6 +1074,9 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), + if (address) + efi_call_2 (b->free_pages, address, pages); + ++ if (cmdline) ++ grub_free (cmdline); ++ + grub_dl_unref (my_mod); + + return grub_errno; +diff --git a/grub-core/loader/efi/linux.c b/grub-core/loader/efi/linux.c +index c24202a5d..c8ecce6df 100644 +--- a/grub-core/loader/efi/linux.c ++++ b/grub-core/loader/efi/linux.c +@@ -33,21 +33,34 @@ struct grub_efi_shim_lock + }; + typedef struct grub_efi_shim_lock grub_efi_shim_lock_t; + +-grub_efi_boolean_t ++int + grub_linuxefi_secure_validate (void *data, grub_uint32_t size) + { + grub_efi_guid_t guid = SHIM_LOCK_GUID; + grub_efi_shim_lock_t *shim_lock; ++ grub_efi_status_t status; + + shim_lock = grub_efi_locate_protocol(&guid, NULL); +- ++ grub_dprintf ("secureboot", "shim_lock: %p\n", shim_lock); + if (!shim_lock) +- return 1; ++ { ++ grub_dprintf ("secureboot", "shim not available\n"); ++ return 0; ++ } + +- if (shim_lock->verify(data, size) == GRUB_EFI_SUCCESS) +- return 1; ++ grub_dprintf ("secureboot", "Asking shim to verify kernel signature\n"); ++ status = shim_lock->verify (data, size); ++ grub_dprintf ("secureboot", "shim_lock->verify(): %ld\n", (long int)status); ++ if (status == GRUB_EFI_SUCCESS) ++ { ++ grub_dprintf ("secureboot", "Kernel signature verification passed\n"); ++ return 1; ++ } + +- return 0; ++ grub_dprintf ("secureboot", "Kernel signature verification failed (0x%lx)\n", ++ (unsigned long) status); ++ ++ return -1; + } + + #pragma GCC diagnostic push +diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c +index 3db82e782..8db228c5b 100644 +--- a/grub-core/loader/i386/efi/linux.c ++++ b/grub-core/loader/i386/efi/linux.c +@@ -118,6 +118,8 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), + goto fail; + } + ++ grub_dprintf ("linux", "initrd_mem = %lx\n", (unsigned long) initrd_mem); ++ + params->ramdisk_size = size; + params->ramdisk_image = (grub_uint32_t)(grub_addr_t) initrd_mem; + +@@ -160,6 +162,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + struct linux_kernel_header lh; + grub_ssize_t len, start, filelen; + void *kernel = NULL; ++ int rc; + + grub_dl_ref (my_mod); + +@@ -185,11 +188,13 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + + if (grub_file_read (file, kernel, filelen) != filelen) + { +- grub_error (GRUB_ERR_FILE_READ_ERROR, N_("Can't read kernel %s"), argv[0]); ++ grub_error (GRUB_ERR_FILE_READ_ERROR, N_("Can't read kernel %s"), ++ argv[0]); + goto fail; + } + +- if (! grub_linuxefi_secure_validate (kernel, filelen)) ++ rc = grub_linuxefi_secure_validate (kernel, filelen); ++ if (rc < 0) + { + grub_error (GRUB_ERR_INVALID_COMMAND, N_("%s has invalid signature"), + argv[0]); +@@ -204,6 +209,8 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + goto fail; + } + ++ grub_dprintf ("linux", "params = %lx\n", (unsigned long) params); ++ + grub_memset (params, 0, 16384); + + grub_memcpy (&lh, kernel, sizeof (lh)); +@@ -242,6 +249,9 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + goto fail; + } + ++ grub_dprintf ("linux", "linux_cmdline = %lx\n", ++ (unsigned long)linux_cmdline); ++ + grub_memcpy (linux_cmdline, LINUX_IMAGE, sizeof (LINUX_IMAGE)); + grub_create_loader_cmdline (argc, argv, + linux_cmdline + sizeof (LINUX_IMAGE) - 1, +@@ -275,9 +285,10 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + grub_memcpy (params, &lh, 2 * 512); + + params->type_of_loader = 0x21; ++ grub_dprintf("linux", "kernel_mem: %p handover_offset: %08x\n", ++ kernel_mem, handover_offset); + + fail: +- + if (file) + grub_file_close (file); + +diff --git a/include/grub/efi/linux.h b/include/grub/efi/linux.h +index d9ede3677..0033d9305 100644 +--- a/include/grub/efi/linux.h ++++ b/include/grub/efi/linux.h +@@ -22,7 +22,7 @@ + #include + #include + +-grub_efi_boolean_t ++int + EXPORT_FUNC(grub_linuxefi_secure_validate) (void *data, grub_uint32_t size); + grub_err_t + EXPORT_FUNC(grub_efi_linux_boot) (void *kernel_address, grub_off_t offset, +diff --git a/include/grub/efi/pe32.h b/include/grub/efi/pe32.h +index 7d44732d2..c03cc599f 100644 +--- a/include/grub/efi/pe32.h ++++ b/include/grub/efi/pe32.h +@@ -214,7 +214,11 @@ struct grub_pe64_optional_header + struct grub_pe32_section_table + { + char name[8]; +- grub_uint32_t virtual_size; ++ union ++ { ++ grub_uint32_t physical_address; ++ grub_uint32_t virtual_size; ++ }; + grub_uint32_t virtual_address; + grub_uint32_t raw_data_size; + grub_uint32_t raw_data_offset; +@@ -225,12 +229,18 @@ struct grub_pe32_section_table + grub_uint32_t characteristics; + }; + ++#define GRUB_PE32_SCN_TYPE_NO_PAD 0x00000008 + #define GRUB_PE32_SCN_CNT_CODE 0x00000020 + #define GRUB_PE32_SCN_CNT_INITIALIZED_DATA 0x00000040 +-#define GRUB_PE32_SCN_MEM_DISCARDABLE 0x02000000 +-#define GRUB_PE32_SCN_MEM_EXECUTE 0x20000000 +-#define GRUB_PE32_SCN_MEM_READ 0x40000000 +-#define GRUB_PE32_SCN_MEM_WRITE 0x80000000 ++#define GRUB_PE32_SCN_CNT_UNINITIALIZED_DATA 0x00000080 ++#define GRUB_PE32_SCN_LNK_OTHER 0x00000100 ++#define GRUB_PE32_SCN_LNK_INFO 0x00000200 ++#define GRUB_PE32_SCN_LNK_REMOVE 0x00000800 ++#define GRUB_PE32_SCN_LNK_COMDAT 0x00001000 ++#define GRUB_PE32_SCN_GPREL 0x00008000 ++#define GRUB_PE32_SCN_MEM_16BIT 0x00020000 ++#define GRUB_PE32_SCN_MEM_LOCKED 0x00040000 ++#define GRUB_PE32_SCN_MEM_PRELOAD 0x00080000 + + #define GRUB_PE32_SCN_ALIGN_1BYTES 0x00100000 + #define GRUB_PE32_SCN_ALIGN_2BYTES 0x00200000 +@@ -239,10 +249,28 @@ struct grub_pe32_section_table + #define GRUB_PE32_SCN_ALIGN_16BYTES 0x00500000 + #define GRUB_PE32_SCN_ALIGN_32BYTES 0x00600000 + #define GRUB_PE32_SCN_ALIGN_64BYTES 0x00700000 ++#define GRUB_PE32_SCN_ALIGN_128BYTES 0x00800000 ++#define GRUB_PE32_SCN_ALIGN_256BYTES 0x00900000 ++#define GRUB_PE32_SCN_ALIGN_512BYTES 0x00A00000 ++#define GRUB_PE32_SCN_ALIGN_1024BYTES 0x00B00000 ++#define GRUB_PE32_SCN_ALIGN_2048BYTES 0x00C00000 ++#define GRUB_PE32_SCN_ALIGN_4096BYTES 0x00D00000 ++#define GRUB_PE32_SCN_ALIGN_8192BYTES 0x00E00000 + + #define GRUB_PE32_SCN_ALIGN_SHIFT 20 + #define GRUB_PE32_SCN_ALIGN_MASK 7 + ++#define GRUB_PE32_SCN_LNK_NRELOC_OVFL 0x01000000 ++#define GRUB_PE32_SCN_MEM_DISCARDABLE 0x02000000 ++#define GRUB_PE32_SCN_MEM_NOT_CACHED 0x04000000 ++#define GRUB_PE32_SCN_MEM_NOT_PAGED 0x08000000 ++#define GRUB_PE32_SCN_MEM_SHARED 0x10000000 ++#define GRUB_PE32_SCN_MEM_EXECUTE 0x20000000 ++#define GRUB_PE32_SCN_MEM_READ 0x40000000 ++#define GRUB_PE32_SCN_MEM_WRITE 0x80000000 ++ ++ ++ + #define GRUB_PE32_SIGNATURE_SIZE 4 + + struct grub_pe32_header +@@ -265,6 +293,20 @@ struct grub_pe32_header + #endif + }; + ++struct grub_pe32_header_32 ++{ ++ char signature[GRUB_PE32_SIGNATURE_SIZE]; ++ struct grub_pe32_coff_header coff_header; ++ struct grub_pe32_optional_header optional_header; ++}; ++ ++struct grub_pe32_header_64 ++{ ++ char signature[GRUB_PE32_SIGNATURE_SIZE]; ++ struct grub_pe32_coff_header coff_header; ++ struct grub_pe64_optional_header optional_header; ++}; ++ + struct grub_pe32_fixup_block + { + grub_uint32_t page_rva; diff --git a/SOURCES/0005-Make-any-of-the-loaders-that-link-in-efi-mode-honor-.patch b/SOURCES/0005-Make-any-of-the-loaders-that-link-in-efi-mode-honor-.patch new file mode 100644 index 0000000..7286c16 --- /dev/null +++ b/SOURCES/0005-Make-any-of-the-loaders-that-link-in-efi-mode-honor-.patch @@ -0,0 +1,516 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Tue, 6 Oct 2015 16:09:25 -0400 +Subject: [PATCH] Make any of the loaders that link in efi mode honor secure + boot. + +And in this case "honor" means "even if somebody does link this in, they +won't register commands if SB is enabled." + +Signed-off-by: Peter Jones +--- + grub-core/Makefile.core.def | 1 + + grub-core/commands/iorw.c | 7 +++++ + grub-core/commands/memrw.c | 7 +++++ + grub-core/kern/dl.c | 1 + + grub-core/kern/efi/efi.c | 34 -------------------- + grub-core/kern/efi/sb.c | 64 ++++++++++++++++++++++++++++++++++++++ + grub-core/loader/efi/appleloader.c | 7 +++++ + grub-core/loader/efi/chainloader.c | 1 + + grub-core/loader/i386/bsd.c | 7 +++++ + grub-core/loader/i386/linux.c | 7 +++++ + grub-core/loader/i386/pc/linux.c | 7 +++++ + grub-core/loader/multiboot.c | 7 +++++ + grub-core/loader/xnu.c | 7 +++++ + include/grub/efi/efi.h | 1 - + include/grub/efi/sb.h | 29 +++++++++++++++++ + include/grub/ia64/linux.h | 0 + include/grub/mips/linux.h | 0 + include/grub/powerpc/linux.h | 0 + include/grub/sparc64/linux.h | 0 + grub-core/Makefile.am | 1 + + 20 files changed, 153 insertions(+), 35 deletions(-) + create mode 100644 grub-core/kern/efi/sb.c + create mode 100644 include/grub/efi/sb.h + create mode 100644 include/grub/ia64/linux.h + create mode 100644 include/grub/mips/linux.h + create mode 100644 include/grub/powerpc/linux.h + create mode 100644 include/grub/sparc64/linux.h + +diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def +index 0b4b0c212..e92a7ef32 100644 +--- a/grub-core/Makefile.core.def ++++ b/grub-core/Makefile.core.def +@@ -195,6 +195,7 @@ kernel = { + i386_multiboot = kern/i386/pc/acpi.c; + i386_coreboot = kern/acpi.c; + i386_multiboot = kern/acpi.c; ++ common = kern/efi/sb.c; + + x86 = kern/i386/tsc.c; + x86 = kern/i386/tsc_pit.c; +diff --git a/grub-core/commands/iorw.c b/grub-core/commands/iorw.c +index a0c164e54..41a7f3f04 100644 +--- a/grub-core/commands/iorw.c ++++ b/grub-core/commands/iorw.c +@@ -23,6 +23,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -118,6 +119,9 @@ grub_cmd_write (grub_command_t cmd, int argc, char **argv) + + GRUB_MOD_INIT(memrw) + { ++ if (grub_efi_secure_boot()) ++ return; ++ + cmd_read_byte = + grub_register_extcmd ("inb", grub_cmd_read, 0, + N_("PORT"), N_("Read 8-bit value from PORT."), +@@ -146,6 +150,9 @@ GRUB_MOD_INIT(memrw) + + GRUB_MOD_FINI(memrw) + { ++ if (grub_efi_secure_boot()) ++ return; ++ + grub_unregister_extcmd (cmd_read_byte); + grub_unregister_extcmd (cmd_read_word); + grub_unregister_extcmd (cmd_read_dword); +diff --git a/grub-core/commands/memrw.c b/grub-core/commands/memrw.c +index 98769eadb..088cbe9e2 100644 +--- a/grub-core/commands/memrw.c ++++ b/grub-core/commands/memrw.c +@@ -22,6 +22,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -120,6 +121,9 @@ grub_cmd_write (grub_command_t cmd, int argc, char **argv) + + GRUB_MOD_INIT(memrw) + { ++ if (grub_efi_secure_boot()) ++ return; ++ + cmd_read_byte = + grub_register_extcmd ("read_byte", grub_cmd_read, 0, + N_("ADDR"), N_("Read 8-bit value from ADDR."), +@@ -148,6 +152,9 @@ GRUB_MOD_INIT(memrw) + + GRUB_MOD_FINI(memrw) + { ++ if (grub_efi_secure_boot()) ++ return; ++ + grub_unregister_extcmd (cmd_read_byte); + grub_unregister_extcmd (cmd_read_word); + grub_unregister_extcmd (cmd_read_dword); +diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c +index 04e804d16..621070918 100644 +--- a/grub-core/kern/dl.c ++++ b/grub-core/kern/dl.c +@@ -32,6 +32,7 @@ + #include + #include + #include ++#include + + /* Platforms where modules are in a readonly area of memory. */ + #if defined(GRUB_MACHINE_QEMU) +diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c +index 91129e335..708581fcb 100644 +--- a/grub-core/kern/efi/efi.c ++++ b/grub-core/kern/efi/efi.c +@@ -273,40 +273,6 @@ grub_efi_get_variable (const char *var, const grub_efi_guid_t *guid, + return NULL; + } + +-grub_efi_boolean_t +-grub_efi_secure_boot (void) +-{ +- grub_efi_guid_t efi_var_guid = GRUB_EFI_GLOBAL_VARIABLE_GUID; +- grub_size_t datasize; +- char *secure_boot = NULL; +- char *setup_mode = NULL; +- grub_efi_boolean_t ret = 0; +- +- secure_boot = grub_efi_get_variable("SecureBoot", &efi_var_guid, &datasize); +- if (datasize != 1 || !secure_boot) +- { +- grub_dprintf ("secureboot", "No SecureBoot variable\n"); +- goto out; +- } +- grub_dprintf ("secureboot", "SecureBoot: %d\n", *secure_boot); +- +- setup_mode = grub_efi_get_variable("SetupMode", &efi_var_guid, &datasize); +- if (datasize != 1 || !setup_mode) +- { +- grub_dprintf ("secureboot", "No SetupMode variable\n"); +- goto out; +- } +- grub_dprintf ("secureboot", "SetupMode: %d\n", *setup_mode); +- +- if (*secure_boot && !*setup_mode) +- ret = 1; +- +- out: +- grub_free (secure_boot); +- grub_free (setup_mode); +- return ret; +-} +- + #pragma GCC diagnostic ignored "-Wcast-align" + + /* Search the mods section from the PE32/PE32+ image. This code uses +diff --git a/grub-core/kern/efi/sb.c b/grub-core/kern/efi/sb.c +new file mode 100644 +index 000000000..d74778b0c +--- /dev/null ++++ b/grub-core/kern/efi/sb.c +@@ -0,0 +1,64 @@ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2014 Free Software Foundation, Inc. ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ */ ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++int ++grub_efi_secure_boot (void) ++{ ++#ifdef GRUB_MACHINE_EFI ++ grub_efi_guid_t efi_var_guid = GRUB_EFI_GLOBAL_VARIABLE_GUID; ++ grub_size_t datasize; ++ char *secure_boot = NULL; ++ char *setup_mode = NULL; ++ grub_efi_boolean_t ret = 0; ++ ++ secure_boot = grub_efi_get_variable("SecureBoot", &efi_var_guid, &datasize); ++ if (datasize != 1 || !secure_boot) ++ { ++ grub_dprintf ("secureboot", "No SecureBoot variable\n"); ++ goto out; ++ } ++ grub_dprintf ("secureboot", "SecureBoot: %d\n", *secure_boot); ++ ++ setup_mode = grub_efi_get_variable("SetupMode", &efi_var_guid, &datasize); ++ if (datasize != 1 || !setup_mode) ++ { ++ grub_dprintf ("secureboot", "No SetupMode variable\n"); ++ goto out; ++ } ++ grub_dprintf ("secureboot", "SetupMode: %d\n", *setup_mode); ++ ++ if (*secure_boot && !*setup_mode) ++ ret = 1; ++ ++ out: ++ grub_free (secure_boot); ++ grub_free (setup_mode); ++ return ret; ++#else ++ return 0; ++#endif ++} +diff --git a/grub-core/loader/efi/appleloader.c b/grub-core/loader/efi/appleloader.c +index 74888c463..69c2a10d3 100644 +--- a/grub-core/loader/efi/appleloader.c ++++ b/grub-core/loader/efi/appleloader.c +@@ -24,6 +24,7 @@ + #include + #include + #include ++#include + #include + #include + +@@ -227,6 +228,9 @@ static grub_command_t cmd; + + GRUB_MOD_INIT(appleloader) + { ++ if (grub_efi_secure_boot()) ++ return; ++ + cmd = grub_register_command ("appleloader", grub_cmd_appleloader, + N_("[OPTS]"), + /* TRANSLATORS: This command is used on EFI to +@@ -238,5 +242,8 @@ GRUB_MOD_INIT(appleloader) + + GRUB_MOD_FINI(appleloader) + { ++ if (grub_efi_secure_boot()) ++ return; ++ + grub_unregister_command (cmd); + } +diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c +index af2189619..5cd9b6e08 100644 +--- a/grub-core/loader/efi/chainloader.c ++++ b/grub-core/loader/efi/chainloader.c +@@ -34,6 +34,7 @@ + #include + #include + #include ++#include + #include + #include + #include +diff --git a/grub-core/loader/i386/bsd.c b/grub-core/loader/i386/bsd.c +index 7f96515da..87709aa23 100644 +--- a/grub-core/loader/i386/bsd.c ++++ b/grub-core/loader/i386/bsd.c +@@ -38,6 +38,7 @@ + #ifdef GRUB_MACHINE_PCBIOS + #include + #endif ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -2124,6 +2125,9 @@ static grub_command_t cmd_netbsd_module_elf, cmd_openbsd_ramdisk; + + GRUB_MOD_INIT (bsd) + { ++ if (grub_efi_secure_boot()) ++ return; ++ + /* Net and OpenBSD kernels are often compressed. */ + grub_dl_load ("gzio"); + +@@ -2163,6 +2167,9 @@ GRUB_MOD_INIT (bsd) + + GRUB_MOD_FINI (bsd) + { ++ if (grub_efi_secure_boot()) ++ return; ++ + grub_unregister_extcmd (cmd_freebsd); + grub_unregister_extcmd (cmd_openbsd); + grub_unregister_extcmd (cmd_netbsd); +diff --git a/grub-core/loader/i386/linux.c b/grub-core/loader/i386/linux.c +index f7186be40..c84747ea8 100644 +--- a/grub-core/loader/i386/linux.c ++++ b/grub-core/loader/i386/linux.c +@@ -35,6 +35,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -1156,6 +1157,9 @@ static grub_command_t cmd_linux, cmd_initrd; + + GRUB_MOD_INIT(linux) + { ++ if (grub_efi_secure_boot()) ++ return; ++ + cmd_linux = grub_register_command ("linux", grub_cmd_linux, + 0, N_("Load Linux.")); + cmd_initrd = grub_register_command ("initrd", grub_cmd_initrd, +@@ -1165,6 +1169,9 @@ GRUB_MOD_INIT(linux) + + GRUB_MOD_FINI(linux) + { ++ if (grub_efi_secure_boot()) ++ return; ++ + grub_unregister_command (cmd_linux); + grub_unregister_command (cmd_initrd); + } +diff --git a/grub-core/loader/i386/pc/linux.c b/grub-core/loader/i386/pc/linux.c +index caa76bee8..783a3cd93 100644 +--- a/grub-core/loader/i386/pc/linux.c ++++ b/grub-core/loader/i386/pc/linux.c +@@ -35,6 +35,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -480,6 +481,9 @@ static grub_command_t cmd_linux, cmd_linux16, cmd_initrd, cmd_initrd16; + + GRUB_MOD_INIT(linux16) + { ++ if (grub_efi_secure_boot()) ++ return; ++ + cmd_linux = + grub_register_command ("linux", grub_cmd_linux, + 0, N_("Load Linux.")); +@@ -497,6 +501,9 @@ GRUB_MOD_INIT(linux16) + + GRUB_MOD_FINI(linux16) + { ++ if (grub_efi_secure_boot()) ++ return; ++ + grub_unregister_command (cmd_linux); + grub_unregister_command (cmd_linux16); + grub_unregister_command (cmd_initrd); +diff --git a/grub-core/loader/multiboot.c b/grub-core/loader/multiboot.c +index 40c67e824..26df46a41 100644 +--- a/grub-core/loader/multiboot.c ++++ b/grub-core/loader/multiboot.c +@@ -50,6 +50,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -446,6 +447,9 @@ static grub_command_t cmd_multiboot, cmd_module; + + GRUB_MOD_INIT(multiboot) + { ++ if (grub_efi_secure_boot()) ++ return; ++ + cmd_multiboot = + #ifdef GRUB_USE_MULTIBOOT2 + grub_register_command ("multiboot2", grub_cmd_multiboot, +@@ -466,6 +470,9 @@ GRUB_MOD_INIT(multiboot) + + GRUB_MOD_FINI(multiboot) + { ++ if (grub_efi_secure_boot()) ++ return; ++ + grub_unregister_command (cmd_multiboot); + grub_unregister_command (cmd_module); + } +diff --git a/grub-core/loader/xnu.c b/grub-core/loader/xnu.c +index c9885b1bc..df8dfdb4b 100644 +--- a/grub-core/loader/xnu.c ++++ b/grub-core/loader/xnu.c +@@ -33,6 +33,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -1469,6 +1470,9 @@ static grub_extcmd_t cmd_splash; + + GRUB_MOD_INIT(xnu) + { ++ if (grub_efi_secure_boot()) ++ return; ++ + cmd_kernel = grub_register_command ("xnu_kernel", grub_cmd_xnu_kernel, 0, + N_("Load XNU image.")); + cmd_kernel64 = grub_register_command ("xnu_kernel64", grub_cmd_xnu_kernel64, +@@ -1509,6 +1513,9 @@ GRUB_MOD_INIT(xnu) + + GRUB_MOD_FINI(xnu) + { ++ if (grub_efi_secure_boot()) ++ return; ++ + #ifndef GRUB_MACHINE_EMU + grub_unregister_command (cmd_resume); + #endif +diff --git a/include/grub/efi/efi.h b/include/grub/efi/efi.h +index 1061aee97..39480b386 100644 +--- a/include/grub/efi/efi.h ++++ b/include/grub/efi/efi.h +@@ -85,7 +85,6 @@ EXPORT_FUNC (grub_efi_set_variable) (const char *var, + const grub_efi_guid_t *guid, + void *data, + grub_size_t datasize); +-grub_efi_boolean_t EXPORT_FUNC (grub_efi_secure_boot) (void); + int + EXPORT_FUNC (grub_efi_compare_device_paths) (const grub_efi_device_path_t *dp1, + const grub_efi_device_path_t *dp2); +diff --git a/include/grub/efi/sb.h b/include/grub/efi/sb.h +new file mode 100644 +index 000000000..9629fbb0f +--- /dev/null ++++ b/include/grub/efi/sb.h +@@ -0,0 +1,29 @@ ++/* sb.h - declare functions for EFI Secure Boot support */ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2006,2007,2008,2009 Free Software Foundation, Inc. ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ */ ++ ++#ifndef GRUB_EFI_SB_HEADER ++#define GRUB_EFI_SB_HEADER 1 ++ ++#include ++#include ++ ++/* Functions. */ ++int EXPORT_FUNC (grub_efi_secure_boot) (void); ++ ++#endif /* ! GRUB_EFI_SB_HEADER */ +diff --git a/include/grub/ia64/linux.h b/include/grub/ia64/linux.h +new file mode 100644 +index 000000000..e69de29bb +diff --git a/include/grub/mips/linux.h b/include/grub/mips/linux.h +new file mode 100644 +index 000000000..e69de29bb +diff --git a/include/grub/powerpc/linux.h b/include/grub/powerpc/linux.h +new file mode 100644 +index 000000000..e69de29bb +diff --git a/include/grub/sparc64/linux.h b/include/grub/sparc64/linux.h +new file mode 100644 +index 000000000..e69de29bb +diff --git a/grub-core/Makefile.am b/grub-core/Makefile.am +index f4ff62b76..9c69aa886 100644 +--- a/grub-core/Makefile.am ++++ b/grub-core/Makefile.am +@@ -71,6 +71,7 @@ KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/command.h + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/device.h + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/disk.h + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/dl.h ++KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/efi/sb.h + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/env.h + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/env_private.h + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/err.h diff --git a/SOURCES/0006-Handle-multi-arch-64-on-32-boot-in-linuxefi-loader.patch b/SOURCES/0006-Handle-multi-arch-64-on-32-boot-in-linuxefi-loader.patch new file mode 100644 index 0000000..f836fa5 --- /dev/null +++ b/SOURCES/0006-Handle-multi-arch-64-on-32-boot-in-linuxefi-loader.patch @@ -0,0 +1,263 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Tue, 14 Feb 2017 16:18:54 -0500 +Subject: [PATCH] Handle multi-arch (64-on-32) boot in linuxefi loader. + +Allow booting 64-bit kernels on 32-bit EFI on x86. + +Signed-off-by: Peter Jones +--- + grub-core/loader/efi/linux.c | 9 +++- + grub-core/loader/i386/efi/linux.c | 110 ++++++++++++++++++++++++++------------ + include/grub/i386/linux.h | 7 ++- + 3 files changed, 89 insertions(+), 37 deletions(-) + +diff --git a/grub-core/loader/efi/linux.c b/grub-core/loader/efi/linux.c +index c8ecce6df..0622dfa48 100644 +--- a/grub-core/loader/efi/linux.c ++++ b/grub-core/loader/efi/linux.c +@@ -69,12 +69,17 @@ grub_linuxefi_secure_validate (void *data, grub_uint32_t size) + typedef void (*handover_func) (void *, grub_efi_system_table_t *, void *); + + grub_err_t +-grub_efi_linux_boot (void *kernel_addr, grub_off_t offset, ++grub_efi_linux_boot (void *kernel_addr, grub_off_t handover_offset, + void *kernel_params) + { + handover_func hf; ++ int offset = 0; + +- hf = (handover_func)((char *)kernel_addr + offset); ++#ifdef __x86_64__ ++ offset = 512; ++#endif ++ ++ hf = (handover_func)((char *)kernel_addr + handover_offset + offset); + hf (grub_efi_image_handle, grub_efi_system_table, kernel_params); + + return GRUB_ERR_BUG; +diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c +index 8db228c5b..800c3e540 100644 +--- a/grub-core/loader/i386/efi/linux.c ++++ b/grub-core/loader/i386/efi/linux.c +@@ -44,14 +44,10 @@ static char *linux_cmdline; + static grub_err_t + grub_linuxefi_boot (void) + { +- int offset = 0; +- +-#ifdef __x86_64__ +- offset = 512; +-#endif + asm volatile ("cli"); + +- return grub_efi_linux_boot ((char *)kernel_mem, handover_offset + offset, ++ return grub_efi_linux_boot ((char *)kernel_mem, ++ handover_offset, + params); + } + +@@ -154,14 +150,20 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), + return grub_errno; + } + ++#define MIN(a, b) \ ++ ({ typeof (a) _a = (a); \ ++ typeof (b) _b = (b); \ ++ _a < _b ? _a : _b; }) ++ + static grub_err_t + grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + int argc, char *argv[]) + { + grub_file_t file = 0; +- struct linux_kernel_header lh; +- grub_ssize_t len, start, filelen; ++ struct linux_i386_kernel_header *lh = NULL; ++ grub_ssize_t start, filelen; + void *kernel = NULL; ++ int setup_header_end_offset; + int rc; + + grub_dl_ref (my_mod); +@@ -201,48 +203,79 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + goto fail; + } + +- params = grub_efi_allocate_pages_max (0x3fffffff, BYTES_TO_PAGES(16384)); +- ++ params = grub_efi_allocate_pages_max (0x3fffffff, ++ BYTES_TO_PAGES(sizeof(*params))); + if (! params) + { + grub_error (GRUB_ERR_OUT_OF_MEMORY, "cannot allocate kernel parameters"); + goto fail; + } + +- grub_dprintf ("linux", "params = %lx\n", (unsigned long) params); ++ grub_dprintf ("linux", "params = %p\n", params); + +- grub_memset (params, 0, 16384); ++ grub_memset (params, 0, sizeof(*params)); + +- grub_memcpy (&lh, kernel, sizeof (lh)); +- +- if (lh.boot_flag != grub_cpu_to_le16 (0xaa55)) ++ setup_header_end_offset = *((grub_uint8_t *)kernel + 0x201); ++ grub_dprintf ("linux", "copying %lu bytes from %p to %p\n", ++ MIN((grub_size_t)0x202+setup_header_end_offset, ++ sizeof (*params)) - 0x1f1, ++ (grub_uint8_t *)kernel + 0x1f1, ++ (grub_uint8_t *)params + 0x1f1); ++ grub_memcpy ((grub_uint8_t *)params + 0x1f1, ++ (grub_uint8_t *)kernel + 0x1f1, ++ MIN((grub_size_t)0x202+setup_header_end_offset,sizeof (*params)) - 0x1f1); ++ lh = (struct linux_i386_kernel_header *)params; ++ grub_dprintf ("linux", "lh is at %p\n", lh); ++ grub_dprintf ("linux", "checking lh->boot_flag\n"); ++ if (lh->boot_flag != grub_cpu_to_le16 (0xaa55)) + { + grub_error (GRUB_ERR_BAD_OS, N_("invalid magic number")); + goto fail; + } + +- if (lh.setup_sects > GRUB_LINUX_MAX_SETUP_SECTS) ++ grub_dprintf ("linux", "checking lh->setup_sects\n"); ++ if (lh->setup_sects > GRUB_LINUX_MAX_SETUP_SECTS) + { + grub_error (GRUB_ERR_BAD_OS, N_("too many setup sectors")); + goto fail; + } + +- if (lh.version < grub_cpu_to_le16 (0x020b)) ++ grub_dprintf ("linux", "checking lh->version\n"); ++ if (lh->version < grub_cpu_to_le16 (0x020b)) + { + grub_error (GRUB_ERR_BAD_OS, N_("kernel too old")); + goto fail; + } + +- if (!lh.handover_offset) ++ grub_dprintf ("linux", "checking lh->handover_offset\n"); ++ if (!lh->handover_offset) + { + grub_error (GRUB_ERR_BAD_OS, N_("kernel doesn't support EFI handover")); + goto fail; + } + ++#if defined(__x86_64__) || defined(__aarch64__) ++ grub_dprintf ("linux", "checking lh->xloadflags\n"); ++ if (!(lh->xloadflags & LINUX_XLF_KERNEL_64)) ++ { ++ grub_error (GRUB_ERR_BAD_OS, N_("kernel doesn't support 64-bit CPUs")); ++ goto fail; ++ } ++#endif ++ ++#if defined(__i386__) ++ if ((lh->xloadflags & LINUX_XLF_KERNEL_64) && ++ !(lh->xloadflags & LINUX_XLF_EFI_HANDOVER_32)) ++ { ++ grub_error (GRUB_ERR_BAD_OS, ++ N_("kernel doesn't support 32-bit handover")); ++ goto fail; ++ } ++#endif ++ + grub_dprintf ("linux", "setting up cmdline\n"); + linux_cmdline = grub_efi_allocate_pages_max(0x3fffffff, +- BYTES_TO_PAGES(lh.cmdline_size + 1)); +- ++ BYTES_TO_PAGES(lh->cmdline_size + 1)); + if (!linux_cmdline) + { + grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("can't allocate cmdline")); +@@ -255,21 +288,23 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + grub_memcpy (linux_cmdline, LINUX_IMAGE, sizeof (LINUX_IMAGE)); + grub_create_loader_cmdline (argc, argv, + linux_cmdline + sizeof (LINUX_IMAGE) - 1, +- lh.cmdline_size - (sizeof (LINUX_IMAGE) - 1)); ++ lh->cmdline_size - (sizeof (LINUX_IMAGE) - 1)); + +- lh.cmd_line_ptr = (grub_uint32_t)(grub_addr_t)linux_cmdline; ++ grub_dprintf ("linux", "cmdline:%s\n", linux_cmdline); ++ grub_dprintf ("linux", "setting lh->cmd_line_ptr\n"); ++ lh->cmd_line_ptr = (grub_uint32_t)(grub_addr_t)linux_cmdline; + +- handover_offset = lh.handover_offset; ++ grub_dprintf ("linux", "computing handover offset\n"); ++ handover_offset = lh->handover_offset; + +- start = (lh.setup_sects + 1) * 512; +- len = grub_file_size(file) - start; ++ start = (lh->setup_sects + 1) * 512; + +- kernel_mem = grub_efi_allocate_pages_max(lh.pref_address, +- BYTES_TO_PAGES(lh.init_size)); ++ kernel_mem = grub_efi_allocate_pages_max(lh->pref_address, ++ BYTES_TO_PAGES(lh->init_size)); + + if (!kernel_mem) + kernel_mem = grub_efi_allocate_pages_max(0x3fffffff, +- BYTES_TO_PAGES(lh.init_size)); ++ BYTES_TO_PAGES(lh->init_size)); + + if (!kernel_mem) + { +@@ -277,14 +312,21 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + goto fail; + } + +- grub_memcpy (kernel_mem, (char *)kernel + start, len); ++ grub_dprintf ("linux", "kernel_mem = %lx\n", (unsigned long) kernel_mem); ++ + grub_loader_set (grub_linuxefi_boot, grub_linuxefi_unload, 0); + loaded=1; ++ grub_dprintf ("linux", "setting lh->code32_start to %p\n", kernel_mem); ++ lh->code32_start = (grub_uint32_t)(grub_addr_t) kernel_mem; + +- lh.code32_start = (grub_uint32_t)(grub_uint64_t) kernel_mem; +- grub_memcpy (params, &lh, 2 * 512); ++ grub_memcpy (kernel_mem, (char *)kernel + start, filelen - start); + +- params->type_of_loader = 0x21; ++ grub_dprintf ("linux", "setting lh->type_of_loader\n"); ++ lh->type_of_loader = 0x6; ++ ++ grub_dprintf ("linux", "setting lh->ext_loader_{type,ver}\n"); ++ params->ext_loader_type = 0; ++ params->ext_loader_ver = 2; + grub_dprintf("linux", "kernel_mem: %p handover_offset: %08x\n", + kernel_mem, handover_offset); + +@@ -301,10 +343,10 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + loaded = 0; + } + +- if (linux_cmdline && !loaded) ++ if (linux_cmdline && lh && !loaded) + grub_efi_free_pages ((grub_efi_physical_address_t)(grub_addr_t) + linux_cmdline, +- BYTES_TO_PAGES(lh.cmdline_size + 1)); ++ BYTES_TO_PAGES(lh->cmdline_size + 1)); + + if (kernel_mem && !loaded) + grub_efi_free_pages ((grub_efi_physical_address_t)(grub_addr_t)kernel_mem, +diff --git a/include/grub/i386/linux.h b/include/grub/i386/linux.h +index bb19dbd5a..8474a857e 100644 +--- a/include/grub/i386/linux.h ++++ b/include/grub/i386/linux.h +@@ -133,7 +133,12 @@ struct linux_i386_kernel_header + grub_uint32_t kernel_alignment; + grub_uint8_t relocatable; + grub_uint8_t min_alignment; +- grub_uint8_t pad[2]; ++#define LINUX_XLF_KERNEL_64 (1<<0) ++#define LINUX_XLF_CAN_BE_LOADED_ABOVE_4G (1<<1) ++#define LINUX_XLF_EFI_HANDOVER_32 (1<<2) ++#define LINUX_XLF_EFI_HANDOVER_64 (1<<3) ++#define LINUX_XLF_EFI_KEXEC (1<<4) ++ grub_uint16_t xloadflags; + grub_uint32_t cmdline_size; + grub_uint32_t hardware_subarch; + grub_uint64_t hardware_subarch_data; diff --git a/SOURCES/0007-re-write-.gitignore.patch b/SOURCES/0007-re-write-.gitignore.patch new file mode 100644 index 0000000..4a65068 --- /dev/null +++ b/SOURCES/0007-re-write-.gitignore.patch @@ -0,0 +1,502 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Tue, 8 Aug 2017 12:48:04 -0400 +Subject: [PATCH] re-write .gitignore + +--- + .gitignore | 357 +++++++++++++------------------------- + build-aux/.gitignore | 9 + + docs/.gitignore | 4 + + grub-core/.gitignore | 15 ++ + grub-core/gnulib/.gitignore | 22 +++ + grub-core/lib/.gitignore | 1 + + include/grub/gcrypt/.gitignore | 2 + + po/.gitignore | 4 + + util/bash-completion.d/.gitignore | 1 + + 9 files changed, 175 insertions(+), 240 deletions(-) + create mode 100644 build-aux/.gitignore + create mode 100644 docs/.gitignore + create mode 100644 grub-core/.gitignore + create mode 100644 grub-core/gnulib/.gitignore + create mode 100644 grub-core/lib/.gitignore + create mode 100644 include/grub/gcrypt/.gitignore + create mode 100644 po/.gitignore + create mode 100644 util/bash-completion.d/.gitignore + +diff --git a/.gitignore b/.gitignore +index eca17bec9..43f04d472 100644 +--- a/.gitignore ++++ b/.gitignore +@@ -1,249 +1,126 @@ +-00_header +-10_* +-20_linux_xen +-30_os-prober +-40_custom +-41_custom +-*.1 +-*.8 +-aclocal.m4 +-ahci_test +-ascii.bitmaps +-ascii.h +-autom4te.cache +-build-grub-gen-asciih +-build-grub-gen-widthspec +-build-grub-mkfont +-cdboot_test +-cmp_test +-config.cache +-config.guess +-config.h +-config-util.h +-config-util.h.in +-config.log +-config.status +-config.sub +-configure +-core_compress_test +-DISTLIST +-docs/*.info +-docs/stamp-vti +-docs/version.texi +-ehci_test +-example_grub_script_test +-example_scripted_test +-example_unit_test ++# things ./autogen.sh will create ++/Makefile.utilgcry.def ++/aclocal.m4 ++/autom4te.cache ++/configure ++Makefile ++# we want to enable building in a subdirectory, but we don't want to exclude ++# /build-aux so explicitly don't ignore it. ++/build*/ ++!/build-aux/ ++ ++# things very common editors create that we never want ++*~ ++.*.sw? ++*.patch ++ ++# built objects across the whole tree ++Makefile.in ++*.a ++*.am + *.exec +-*.exec.exe +-fddboot_test +-genkernsyms.sh +-gensymlist.sh +-gentrigtables +-gentrigtables.exe +-gettext_strings_test +-grub-bin2h +-/grub-bios-setup +-/grub-bios-setup.exe +-grub_cmd_date +-grub_cmd_echo +-grub_cmd_regexp +-grub_cmd_set_date +-grub_cmd_sleep +-/grub-editenv +-/grub-editenv.exe +-grub-emu +-grub-emu-lite +-grub-emu.exe +-grub-emu-lite.exe +-grub_emu_init.c +-grub_emu_init.h +-/grub-file +-/grub-file.exe +-grub-fstest +-grub-fstest.exe +-grub_fstest_init.c +-grub_fstest_init.h +-grub_func_test +-grub-install +-grub-install.exe +-grub-kbdcomp +-/grub-macbless +-/grub-macbless.exe +-grub-macho2img +-/grub-menulst2cfg +-/grub-menulst2cfg.exe +-/grub-mk* +-grub-mount +-/grub-ofpathname +-/grub-ofpathname.exe +-grub-core/build-grub-pe2elf.exe +-/grub-probe +-/grub-probe.exe +-grub_probe_init.c +-grub_probe_init.h +-/grub-reboot +-grub_script_blanklines +-grub_script_blockarg +-grub_script_break +-grub-script-check +-grub-script-check.exe +-grub_script_check_init.c +-grub_script_check_init.h +-grub_script_comments +-grub_script_continue +-grub_script_dollar +-grub_script_echo1 +-grub_script_echo_keywords +-grub_script_escape_comma +-grub_script_eval +-grub_script_expansion +-grub_script_final_semicolon +-grub_script_for1 +-grub_script_functions +-grub_script_gettext +-grub_script_if +-grub_script_leading_whitespace +-grub_script_no_commands +-grub_script_not +-grub_script_return +-grub_script_setparams +-grub_script_shift +-grub_script_strcmp +-grub_script_test +-grub_script_vars1 +-grub_script_while1 +-grub_script.tab.c +-grub_script.tab.h +-grub_script.yy.c +-grub_script.yy.h +-grub-set-default +-grub_setup_init.c +-grub_setup_init.h +-grub-shell +-grub-shell-tester +-grub-sparc64-setup +-grub-sparc64-setup.exe +-/grub-syslinux2cfg +-/grub-syslinux2cfg.exe +-gzcompress_test +-hddboot_test +-help_test +-*.img + *.image +-*.image.exe +-include/grub/cpu +-include/grub/machine +-install-sh +-lib/libgcrypt-grub +-libgrub_a_init.c +-*.log ++*.img ++*.info + *.lst +-lzocompress_test + *.marker +-Makefile + *.mod +-mod-*.c +-missing +-netboot_test ++*.module + *.o +-*.a +-ohci_test +-partmap_test +-pata_test + *.pf2 +-*.pp +-po/*.mo +-po/grub.pot +-po/POTFILES +-po/stamp-po +-printf_test +-priority_queue_unit_test +-pseries_test +-stamp-h +-stamp-h1 +-stamp-h.in +-symlist.c +-symlist.h +-trigtables.c +-*.trs +-uhci_test +-update-grub_lib +-unidata.c +-xzcompress_test +-Makefile.in +-GPATH +-GRTAGS +-GSYMS +-GTAGS +-compile +-depcomp +-mdate-sh +-texinfo.tex +-grub-core/lib/libgcrypt-grub +-.deps +-.deps-util +-.deps-core ++*.yy.[ch] ++.deps/ ++.deps-core/ ++.deps-util/ + .dirstamp +-Makefile.util.am +-contrib +-grub-core/bootinfo.txt +-grub-core/Makefile.core.am +-grub-core/Makefile.gcry.def +-grub-core/contrib +-grub-core/gdb_grub +-grub-core/genmod.sh +-grub-core/gensyminfo.sh +-grub-core/gmodule.pl +-grub-core/grub.chrp +-grub-core/modinfo.sh +-grub-core/*.module +-grub-core/*.module.exe +-grub-core/*.pp +-grub-core/kernel.img.bin +-util/bash-completion.d/grub +-grub-core/gnulib/alloca.h +-grub-core/gnulib/arg-nonnull.h +-grub-core/gnulib/c++defs.h +-grub-core/gnulib/charset.alias +-grub-core/gnulib/configmake.h +-grub-core/gnulib/float.h +-grub-core/gnulib/getopt.h +-grub-core/gnulib/langinfo.h +-grub-core/gnulib/ref-add.sed +-grub-core/gnulib/ref-del.sed +-grub-core/gnulib/stdio.h +-grub-core/gnulib/stdlib.h +-grub-core/gnulib/string.h +-grub-core/gnulib/strings.h +-grub-core/gnulib/sys +-grub-core/gnulib/unistd.h +-grub-core/gnulib/warn-on-use.h +-grub-core/gnulib/wchar.h +-grub-core/gnulib/wctype.h +-grub-core/rs_decoder.h +-widthspec.bin +-widthspec.h +-docs/stamp-1 +-docs/version-dev.texi +-Makefile.utilgcry.def +-po/*.po +-po/*.gmo +-po/LINGUAS +-po/remove-potcdate.sed +-include/grub/gcrypt/gcrypt.h +-include/grub/gcrypt/g10lib.h +-po/POTFILES.in +-po/POTFILES-shell.in +-/grub-glue-efi +-/grub-render-label +-/grub-glue-efi.exe +-/grub-render-label.exe +-grub-core/gnulib/locale.h +-grub-core/gnulib/unitypes.h +-grub-core/gnulib/uniwidth.h +-build-aux/test-driver ++ ++# next are things you get if you do ./configure in the topdir (for e.g. ++# "make dist" invocation. ++/config-util.h ++/config.h ++/include/grub/cpu ++/include/grub/machine ++/po/POTFILES ++/stamp-h ++/stamp-h1 ++config.log ++config.status ++ ++# stuff "make dist" creates ++ChangeLog ++grub-*.tar ++grub-*.tar.* ++ ++# stuff "make" creates ++/[[:digit:]][[:digit:]]_?* ++/ascii.h ++/build-grub-gen-asciih ++/build-grub-gen-widthspec ++/build-grub-mkfont ++/config-util.h.in + /garbage-gen +-/garbage-gen.exe +-/grub-fs-tester +-grub-core/build-grub-module-verifier ++/grub*-bios-setup ++/grub*-bios-setup.8 ++/grub*-editenv ++/grub*-editenv.1 ++/grub*-file ++/grub*-file.1 ++/grub*-fs-tester ++/grub*-fstest ++/grub*-fstest.1 ++/grub*-glue-efi ++/grub*-glue-efi.1 ++/grub*-install ++/grub*-install.8 ++/grub*-kbdcomp ++/grub*-kbdcomp.1 ++/grub*-macbless ++/grub*-macbless.8 ++/grub*-menulst2cfg ++/grub*-menulst2cfg.1 ++/grub*-mkconfig ++/grub*-mkconfig.8 ++/grub*-mkconfig_lib ++/grub*-mkfont ++/grub*-mkfont.1 ++/grub*-mkimage ++/grub*-mkimage.1 ++/grub*-mklayout ++/grub*-mklayout.1 ++/grub*-mknetdir ++/grub*-mknetdir.1 ++/grub*-mkpasswd-pbkdf2 ++/grub*-mkpasswd-pbkdf2.1 ++/grub*-mkrelpath ++/grub*-mkrelpath.1 ++/grub*-mkrescue ++/grub*-mkrescue.1 ++/grub*-mkstandalone ++/grub*-mkstandalone.1 ++/grub*-ofpathname ++/grub*-ofpathname.8 ++/grub*-probe ++/grub*-probe.8 ++/grub*-reboot ++/grub*-reboot.8 ++/grub*-render-label ++/grub*-render-label.1 ++/grub*-script-check ++/grub*-script-check.1 ++/grub*-set-default ++/grub*-set-default.8 ++/grub*-shell ++/grub*-shell-tester ++/grub*-sparc64-setup ++/grub*-sparc64-setup.8 ++/grub*-syslinux2cfg ++/grub*-syslinux2cfg.1 ++/grub_fstest.pp ++/grub_fstest_init.c ++/grub_fstest_init.lst ++/grub_script.tab.[ch] ++/libgrub.pp ++/libgrub_a_init.c ++/libgrub_a_init.lst ++/stamp-h.in ++/widthspec.h +diff --git a/build-aux/.gitignore b/build-aux/.gitignore +new file mode 100644 +index 000000000..f2f17aab9 +--- /dev/null ++++ b/build-aux/.gitignore +@@ -0,0 +1,9 @@ ++/compile ++/config.guess ++/config.sub ++/depcomp ++/install-sh ++/mdate-sh ++/missing ++/test-driver ++/texinfo.tex +diff --git a/docs/.gitignore b/docs/.gitignore +new file mode 100644 +index 000000000..91aee84d3 +--- /dev/null ++++ b/docs/.gitignore +@@ -0,0 +1,4 @@ ++/*.in ++/stamp-1 ++/stamp-vti ++/version*.texi +diff --git a/grub-core/.gitignore b/grub-core/.gitignore +new file mode 100644 +index 000000000..c738ac6c6 +--- /dev/null ++++ b/grub-core/.gitignore +@@ -0,0 +1,15 @@ ++/*.lst ++/Makefile.gcry.def ++/unidata.c ++/build-grub-module-verifier ++/gdb_grub ++/genmod.sh ++/gensyminfo.sh ++/gentrigtables ++/gmodule.pl ++/grub_script.tab.[ch] ++/modinfo.sh ++/rs_decoder.h ++/symlist.c ++/symlist.h ++/trigtables.c +diff --git a/grub-core/gnulib/.gitignore b/grub-core/gnulib/.gitignore +new file mode 100644 +index 000000000..29e199c2d +--- /dev/null ++++ b/grub-core/gnulib/.gitignore +@@ -0,0 +1,22 @@ ++/alloca.h ++/arg-nonnull.h ++/c++defs.h ++/charset.alias ++/configmake.h ++/getopt.h ++/langinfo.h ++/libgnu.a ++/locale.h ++/ref-add.sed ++/ref-del.sed ++/stdio.h ++/stdlib.h ++/string.h ++/strings.h ++/sys/ ++/unistd.h ++/unitypes.h ++/uniwidth.h ++/warn-on-use.h ++/wchar.h ++/wctype.h +diff --git a/grub-core/lib/.gitignore b/grub-core/lib/.gitignore +new file mode 100644 +index 000000000..681545914 +--- /dev/null ++++ b/grub-core/lib/.gitignore +@@ -0,0 +1 @@ ++/libgcrypt-grub/ +diff --git a/include/grub/gcrypt/.gitignore b/include/grub/gcrypt/.gitignore +new file mode 100644 +index 000000000..8fbf56462 +--- /dev/null ++++ b/include/grub/gcrypt/.gitignore +@@ -0,0 +1,2 @@ ++g10lib.h ++gcrypt.h +diff --git a/po/.gitignore b/po/.gitignore +new file mode 100644 +index 000000000..97b679c31 +--- /dev/null ++++ b/po/.gitignore +@@ -0,0 +1,4 @@ ++/POTFILES*.in ++/grub.pot ++/remove-potcdate.sed ++/stamp-po +diff --git a/util/bash-completion.d/.gitignore b/util/bash-completion.d/.gitignore +new file mode 100644 +index 000000000..b7e1eb124 +--- /dev/null ++++ b/util/bash-completion.d/.gitignore +@@ -0,0 +1 @@ ++grub diff --git a/SOURCES/0008-IBM-client-architecture-CAS-reboot-support.patch b/SOURCES/0008-IBM-client-architecture-CAS-reboot-support.patch new file mode 100644 index 0000000..8a0842a --- /dev/null +++ b/SOURCES/0008-IBM-client-architecture-CAS-reboot-support.patch @@ -0,0 +1,172 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Paulo Flabiano Smorigo +Date: Thu, 20 Sep 2012 18:07:39 -0300 +Subject: [PATCH] IBM client architecture (CAS) reboot support + +This is an implementation of IBM client architecture (CAS) reboot for GRUB. + +There are cases where the POWER firmware must reboot in order to support +specific features requested by a kernel. The kernel calls +ibm,client-architecture-support and it may either return or reboot with the new +feature set. eg: + +Calling ibm,client-architecture-support.../ +Elapsed time since release of system processors: 70959 mins 50 secs +Welcome to GRUB! + +Instead of return to the GRUB menu, it will check if the flag for CAS reboot is +set. If so, grub will automatically boot the last booted kernel using the same +parameters +--- + grub-core/kern/ieee1275/openfw.c | 63 ++++++++++++++++++++++++++++++++++++++++ + grub-core/normal/main.c | 19 ++++++++++++ + grub-core/script/execute.c | 7 +++++ + include/grub/ieee1275/ieee1275.h | 2 ++ + 4 files changed, 91 insertions(+) + +diff --git a/grub-core/kern/ieee1275/openfw.c b/grub-core/kern/ieee1275/openfw.c +index 62929d983..2d53c0e86 100644 +--- a/grub-core/kern/ieee1275/openfw.c ++++ b/grub-core/kern/ieee1275/openfw.c +@@ -588,3 +588,66 @@ grub_ieee1275_get_boot_dev (void) + + return bootpath; + } ++ ++/* Check if it's a CAS reboot. If so, set the script to be executed. */ ++int ++grub_ieee1275_cas_reboot (char *script) ++{ ++ grub_uint32_t ibm_ca_support_reboot; ++ grub_uint32_t ibm_fw_nbr_reboots; ++ char property_value[10]; ++ grub_ssize_t actual; ++ grub_ieee1275_ihandle_t options; ++ ++ if (grub_ieee1275_finddevice ("/options", &options) < 0) ++ return -1; ++ ++ /* Check two properties, one is enough to get cas reboot value */ ++ ibm_ca_support_reboot = 0; ++ if (grub_ieee1275_get_integer_property (grub_ieee1275_chosen, ++ "ibm,client-architecture-support-reboot", ++ &ibm_ca_support_reboot, ++ sizeof (ibm_ca_support_reboot), ++ &actual) >= 0) ++ grub_dprintf("ieee1275", "ibm,client-architecture-support-reboot: %u\n", ++ ibm_ca_support_reboot); ++ ++ ibm_fw_nbr_reboots = 0; ++ if (grub_ieee1275_get_property (options, "ibm,fw-nbr-reboots", ++ property_value, sizeof (property_value), ++ &actual) >= 0) ++ { ++ property_value[sizeof (property_value) - 1] = 0; ++ ibm_fw_nbr_reboots = (grub_uint8_t) grub_strtoul (property_value, 0, 10); ++ grub_dprintf("ieee1275", "ibm,fw-nbr-reboots: %u\n", ibm_fw_nbr_reboots); ++ } ++ ++ if (ibm_ca_support_reboot || ibm_fw_nbr_reboots) ++ { ++ if (! grub_ieee1275_get_property_length (options, "boot-last-label", &actual)) ++ { ++ if (actual > 1024) ++ script = grub_realloc (script, actual + 1); ++ grub_ieee1275_get_property (options, "boot-last-label", script, actual, ++ &actual); ++ return 0; ++ } ++ } ++ ++ grub_ieee1275_set_boot_last_label (""); ++ ++ return -1; ++} ++ ++int grub_ieee1275_set_boot_last_label (const char *text) ++{ ++ grub_ieee1275_ihandle_t options; ++ grub_ssize_t actual; ++ ++ grub_dprintf("ieee1275", "set boot_last_label (size: %u)\n", grub_strlen(text)); ++ if (! grub_ieee1275_finddevice ("/options", &options) && ++ options != (grub_ieee1275_ihandle_t) -1) ++ grub_ieee1275_set_property (options, "boot-last-label", text, ++ grub_strlen (text), &actual); ++ return 0; ++} +diff --git a/grub-core/normal/main.c b/grub-core/normal/main.c +index 78a70a8bf..249e19bc7 100644 +--- a/grub-core/normal/main.c ++++ b/grub-core/normal/main.c +@@ -33,6 +33,9 @@ + #include + #include + #include ++#ifdef GRUB_MACHINE_IEEE1275 ++#include ++#endif + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -275,6 +278,22 @@ grub_normal_execute (const char *config, int nested, int batch) + { + menu = read_config_file (config); + ++#ifdef GRUB_MACHINE_IEEE1275 ++ int boot; ++ boot = 0; ++ char *script; ++ script = grub_malloc (1024); ++ if (! grub_ieee1275_cas_reboot (script)) ++ { ++ char *dummy[1] = { NULL }; ++ if (! grub_script_execute_sourcecode (script)) ++ boot = 1; ++ } ++ grub_free (script); ++ if (boot) ++ grub_command_execute ("boot", 0, 0); ++#endif ++ + /* Ignore any error. */ + grub_errno = GRUB_ERR_NONE; + } +diff --git a/grub-core/script/execute.c b/grub-core/script/execute.c +index a8502d907..ab78ca87f 100644 +--- a/grub-core/script/execute.c ++++ b/grub-core/script/execute.c +@@ -27,6 +27,9 @@ + #include + #include + #include ++#ifdef GRUB_MACHINE_IEEE1275 ++#include ++#endif + + /* Max digits for a char is 3 (0xFF is 255), similarly for an int it + is sizeof (int) * 3, and one extra for a possible -ve sign. */ +@@ -877,6 +880,10 @@ grub_script_execute_sourcecode (const char *source) + grub_err_t ret = 0; + struct grub_script *parsed_script; + ++#ifdef GRUB_MACHINE_IEEE1275 ++ grub_ieee1275_set_boot_last_label (source); ++#endif ++ + while (source) + { + char *line; +diff --git a/include/grub/ieee1275/ieee1275.h b/include/grub/ieee1275/ieee1275.h +index 8868f3a75..2310f33db 100644 +--- a/include/grub/ieee1275/ieee1275.h ++++ b/include/grub/ieee1275/ieee1275.h +@@ -252,6 +252,8 @@ int EXPORT_FUNC(grub_ieee1275_devalias_next) (struct grub_ieee1275_devalias *ali + void EXPORT_FUNC(grub_ieee1275_children_peer) (struct grub_ieee1275_devalias *alias); + void EXPORT_FUNC(grub_ieee1275_children_first) (const char *devpath, + struct grub_ieee1275_devalias *alias); ++int EXPORT_FUNC(grub_ieee1275_cas_reboot) (char *script); ++int EXPORT_FUNC(grub_ieee1275_set_boot_last_label) (const char *text); + + char *EXPORT_FUNC(grub_ieee1275_get_boot_dev) (void); + diff --git a/SOURCES/0009-for-ppc-reset-console-display-attr-when-clear-screen.patch b/SOURCES/0009-for-ppc-reset-console-display-attr-when-clear-screen.patch new file mode 100644 index 0000000..78a10f7 --- /dev/null +++ b/SOURCES/0009-for-ppc-reset-console-display-attr-when-clear-screen.patch @@ -0,0 +1,29 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Paulo Flabiano Smorigo +Date: Wed, 24 Apr 2013 10:51:48 -0300 +Subject: [PATCH] for ppc, reset console display attr when clear screen + +v2: Also use \x0c instead of a literal ^L to make future patches less +awkward. + +This should fix this bugzilla: +https://bugzilla.redhat.com/show_bug.cgi?id=908519 + +Signed-off-by: Peter Jones +--- + grub-core/term/terminfo.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/grub-core/term/terminfo.c b/grub-core/term/terminfo.c +index d317efa36..29df35e6d 100644 +--- a/grub-core/term/terminfo.c ++++ b/grub-core/term/terminfo.c +@@ -151,7 +151,7 @@ grub_terminfo_set_current (struct grub_term_output *term, + /* Clear the screen. Using serial console, screen(1) only recognizes the + * ANSI escape sequence. Using video console, Apple Open Firmware + * (version 3.1.1) only recognizes the literal ^L. So use both. */ +- data->cls = grub_strdup (" \e[2J"); ++ data->cls = grub_strdup ("\x0c\e[2J\e[m"); + data->reverse_video_on = grub_strdup ("\e[7m"); + data->reverse_video_off = grub_strdup ("\e[m"); + if (grub_strcmp ("ieee1275", str) == 0) diff --git a/SOURCES/0010-Disable-GRUB-video-support-for-IBM-power-machines.patch b/SOURCES/0010-Disable-GRUB-video-support-for-IBM-power-machines.patch new file mode 100644 index 0000000..c630234 --- /dev/null +++ b/SOURCES/0010-Disable-GRUB-video-support-for-IBM-power-machines.patch @@ -0,0 +1,62 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Paulo Flabiano Smorigo +Date: Tue, 11 Jun 2013 15:14:05 -0300 +Subject: [PATCH] Disable GRUB video support for IBM power machines + +Should fix the problem in bugzilla: +https://bugzilla.redhat.com/show_bug.cgi?id=973205 +--- + grub-core/kern/ieee1275/cmain.c | 5 ++++- + grub-core/video/ieee1275.c | 9 ++++++--- + include/grub/ieee1275/ieee1275.h | 2 ++ + 3 files changed, 12 insertions(+), 4 deletions(-) + +diff --git a/grub-core/kern/ieee1275/cmain.c b/grub-core/kern/ieee1275/cmain.c +index 3e12e6b24..3e14f5393 100644 +--- a/grub-core/kern/ieee1275/cmain.c ++++ b/grub-core/kern/ieee1275/cmain.c +@@ -90,7 +90,10 @@ grub_ieee1275_find_options (void) + } + + if (rc >= 0 && grub_strncmp (tmp, "IBM", 3) == 0) +- grub_ieee1275_set_flag (GRUB_IEEE1275_FLAG_NO_TREE_SCANNING_FOR_DISKS); ++ { ++ grub_ieee1275_set_flag (GRUB_IEEE1275_FLAG_NO_TREE_SCANNING_FOR_DISKS); ++ grub_ieee1275_set_flag (GRUB_IEEE1275_FLAG_DISABLE_VIDEO_SUPPORT); ++ } + + /* Old Macs have no key repeat, newer ones have fully working one. + The ones inbetween when repeated key generates an escaoe sequence +diff --git a/grub-core/video/ieee1275.c b/grub-core/video/ieee1275.c +index 17a3dbbb5..b8e4b3feb 100644 +--- a/grub-core/video/ieee1275.c ++++ b/grub-core/video/ieee1275.c +@@ -352,9 +352,12 @@ static struct grub_video_adapter grub_video_ieee1275_adapter = + + GRUB_MOD_INIT(ieee1275_fb) + { +- find_display (); +- if (display) +- grub_video_register (&grub_video_ieee1275_adapter); ++ if (! grub_ieee1275_test_flag (GRUB_IEEE1275_FLAG_DISABLE_VIDEO_SUPPORT)) ++ { ++ find_display (); ++ if (display) ++ grub_video_register (&grub_video_ieee1275_adapter); ++ } + } + + GRUB_MOD_FINI(ieee1275_fb) +diff --git a/include/grub/ieee1275/ieee1275.h b/include/grub/ieee1275/ieee1275.h +index 2310f33db..ca08bd966 100644 +--- a/include/grub/ieee1275/ieee1275.h ++++ b/include/grub/ieee1275/ieee1275.h +@@ -146,6 +146,8 @@ enum grub_ieee1275_flag + GRUB_IEEE1275_FLAG_BROKEN_REPEAT, + + GRUB_IEEE1275_FLAG_CURSORONOFF_ANSI_BROKEN, ++ ++ GRUB_IEEE1275_FLAG_DISABLE_VIDEO_SUPPORT + }; + + extern int EXPORT_FUNC(grub_ieee1275_test_flag) (enum grub_ieee1275_flag flag); diff --git a/SOURCES/0011-Honor-a-symlink-when-generating-configuration-by-gru.patch b/SOURCES/0011-Honor-a-symlink-when-generating-configuration-by-gru.patch new file mode 100644 index 0000000..8cd707a --- /dev/null +++ b/SOURCES/0011-Honor-a-symlink-when-generating-configuration-by-gru.patch @@ -0,0 +1,26 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Marcel Kolaja +Date: Tue, 21 Jan 2014 10:57:08 -0500 +Subject: [PATCH] Honor a symlink when generating configuration by + grub2-mkconfig + +Honor a symlink when generating configuration by grub2-mkconfig, so that +the -o option follows it rather than overwriting it with a regular file. +--- + util/grub-mkconfig.in | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in +index 33332360e..bc5a3f175 100644 +--- a/util/grub-mkconfig.in ++++ b/util/grub-mkconfig.in +@@ -287,7 +287,8 @@ and /etc/grub.d/* files or please file a bug report with + exit 1 + else + # none of the children aborted with error, install the new grub.cfg +- mv -f ${grub_cfg}.new ${grub_cfg} ++ cat ${grub_cfg}.new > ${grub_cfg} ++ rm -f ${grub_cfg}.new + fi + fi + diff --git a/SOURCES/0012-Move-bash-completion-script-922997.patch b/SOURCES/0012-Move-bash-completion-script-922997.patch new file mode 100644 index 0000000..0107bea --- /dev/null +++ b/SOURCES/0012-Move-bash-completion-script-922997.patch @@ -0,0 +1,52 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Wed, 3 Apr 2013 14:35:34 -0400 +Subject: [PATCH] Move bash completion script (#922997) + +Apparently these go in a new place now. +--- + configure.ac | 11 +++++++++++ + util/bash-completion.d/Makefile.am | 1 - + 2 files changed, 11 insertions(+), 1 deletion(-) + +diff --git a/configure.ac b/configure.ac +index c7888e40f..783118ccd 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -289,6 +289,14 @@ AC_SUBST(grubdirname) + AC_DEFINE_UNQUOTED(GRUB_DIR_NAME, "$grubdirname", + [Default grub directory name]) + ++PKG_PROG_PKG_CONFIG ++AS_IF([$($PKG_CONFIG --exists bash-completion)], [ ++ bashcompletiondir=$($PKG_CONFIG --variable=completionsdir bash-completion) ++] , [ ++ bashcompletiondir=${datadir}/bash-completion/completions ++]) ++AC_SUBST(bashcompletiondir) ++ + # + # Checks for build programs. + # +@@ -498,6 +506,9 @@ HOST_CFLAGS="$HOST_CFLAGS $grub_cv_cc_w_extra_flags" + # Check for target programs. + # + ++# This makes sure pkg.m4 is available. ++m4_pattern_forbid([^_?PKG_[A-Z_]+$],[*** pkg.m4 missing, please install pkg-config]) ++ + # Find tools for the target. + if test "x$target_alias" != x && test "x$host_alias" != "x$target_alias"; then + tmp_ac_tool_prefix="$ac_tool_prefix" +diff --git a/util/bash-completion.d/Makefile.am b/util/bash-completion.d/Makefile.am +index 136287cf1..61108f054 100644 +--- a/util/bash-completion.d/Makefile.am ++++ b/util/bash-completion.d/Makefile.am +@@ -6,7 +6,6 @@ EXTRA_DIST = $(bash_completion_source) + + CLEANFILES = $(bash_completion_script) config.log + +-bashcompletiondir = $(sysconfdir)/bash_completion.d + bashcompletion_DATA = $(bash_completion_script) + + $(bash_completion_script): $(bash_completion_source) $(top_builddir)/config.status diff --git a/SOURCES/0013-Update-to-minilzo-2.08.patch b/SOURCES/0013-Update-to-minilzo-2.08.patch new file mode 100644 index 0000000..13160c3 --- /dev/null +++ b/SOURCES/0013-Update-to-minilzo-2.08.patch @@ -0,0 +1,8509 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Thu, 4 Dec 2014 15:36:09 -0500 +Subject: [PATCH] Update to minilzo-2.08 + +This fixes CVE-2014-4607 - lzo: lzo1x_decompress_safe() integer overflow + +Signed-off-by: Peter Jones +--- + grub-core/lib/minilzo/minilzo.c | 3801 +++++++++++++++++++++++++++------------ + grub-core/lib/minilzo/lzoconf.h | 216 ++- + grub-core/lib/minilzo/lzodefs.h | 2320 ++++++++++++++++++------ + grub-core/lib/minilzo/minilzo.h | 21 +- + 4 files changed, 4489 insertions(+), 1869 deletions(-) + +diff --git a/grub-core/lib/minilzo/minilzo.c b/grub-core/lib/minilzo/minilzo.c +index 25a1f68b3..ab2be5f4f 100644 +--- a/grub-core/lib/minilzo/minilzo.c ++++ b/grub-core/lib/minilzo/minilzo.c +@@ -2,22 +2,7 @@ + + This file is part of the LZO real-time data compression library. + +- Copyright (C) 2011 Markus Franz Xaver Johannes Oberhumer +- Copyright (C) 2010 Markus Franz Xaver Johannes Oberhumer +- Copyright (C) 2009 Markus Franz Xaver Johannes Oberhumer +- Copyright (C) 2008 Markus Franz Xaver Johannes Oberhumer +- Copyright (C) 2007 Markus Franz Xaver Johannes Oberhumer +- Copyright (C) 2006 Markus Franz Xaver Johannes Oberhumer +- Copyright (C) 2005 Markus Franz Xaver Johannes Oberhumer +- Copyright (C) 2004 Markus Franz Xaver Johannes Oberhumer +- Copyright (C) 2003 Markus Franz Xaver Johannes Oberhumer +- Copyright (C) 2002 Markus Franz Xaver Johannes Oberhumer +- Copyright (C) 2001 Markus Franz Xaver Johannes Oberhumer +- Copyright (C) 2000 Markus Franz Xaver Johannes Oberhumer +- Copyright (C) 1999 Markus Franz Xaver Johannes Oberhumer +- Copyright (C) 1998 Markus Franz Xaver Johannes Oberhumer +- Copyright (C) 1997 Markus Franz Xaver Johannes Oberhumer +- Copyright (C) 1996 Markus Franz Xaver Johannes Oberhumer ++ Copyright (C) 1996-2014 Markus Franz Xaver Johannes Oberhumer + All Rights Reserved. + + The LZO library is free software; you can redistribute it and/or +@@ -67,12 +52,6 @@ + #if defined(__CYGWIN32__) && !defined(__CYGWIN__) + # define __CYGWIN__ __CYGWIN32__ + #endif +-#if defined(__IBMCPP__) && !defined(__IBMC__) +-# define __IBMC__ __IBMCPP__ +-#endif +-#if defined(__ICL) && defined(_WIN32) && !defined(__INTEL_COMPILER) +-# define __INTEL_COMPILER __ICL +-#endif + #if 1 && defined(__INTERIX) && defined(__GNUC__) && !defined(_ALL_SOURCE) + # define _ALL_SOURCE 1 + #endif +@@ -81,19 +60,30 @@ + # define __LONG_MAX__ 9223372036854775807L + # endif + #endif +-#if defined(__INTEL_COMPILER) && defined(__linux__) ++#if !defined(LZO_CFG_NO_DISABLE_WUNDEF) ++#if defined(__ARMCC_VERSION) ++# pragma diag_suppress 193 ++#elif defined(__clang__) && defined(__clang_minor__) ++# pragma clang diagnostic ignored "-Wundef" ++#elif defined(__INTEL_COMPILER) + # pragma warning(disable: 193) +-#endif +-#if defined(__KEIL__) && defined(__C166__) ++#elif defined(__KEIL__) && defined(__C166__) + # pragma warning disable = 322 +-#elif 0 && defined(__C251__) +-# pragma warning disable = 322 +-#endif +-#if defined(_MSC_VER) && !defined(__INTEL_COMPILER) && !defined(__MWERKS__) +-# if (_MSC_VER >= 1300) ++#elif defined(__GNUC__) && defined(__GNUC_MINOR__) && !defined(__PATHSCALE__) ++# if ((__GNUC__-0) >= 5 || ((__GNUC__-0) == 4 && (__GNUC_MINOR__-0) >= 2)) ++# pragma GCC diagnostic ignored "-Wundef" ++# endif ++#elif defined(_MSC_VER) && !defined(__clang__) && !defined(__INTEL_COMPILER) && !defined(__MWERKS__) ++# if ((_MSC_VER-0) >= 1300) + # pragma warning(disable: 4668) + # endif + #endif ++#endif ++#if 0 && defined(__POCC__) && defined(_WIN32) ++# if (__POCC__ >= 400) ++# pragma warn(disable: 2216) ++# endif ++#endif + #if 0 && defined(__WATCOMC__) + # if (__WATCOMC__ >= 1050) && (__WATCOMC__ < 1060) + # pragma warning 203 9 +@@ -102,13 +92,29 @@ + #if defined(__BORLANDC__) && defined(__MSDOS__) && !defined(__FLAT__) + # pragma option -h + #endif ++#if !(LZO_CFG_NO_DISABLE_WCRTNONSTDC) ++#ifndef _CRT_NONSTDC_NO_DEPRECATE ++#define _CRT_NONSTDC_NO_DEPRECATE 1 ++#endif ++#ifndef _CRT_NONSTDC_NO_WARNINGS ++#define _CRT_NONSTDC_NO_WARNINGS 1 ++#endif ++#ifndef _CRT_SECURE_NO_DEPRECATE ++#define _CRT_SECURE_NO_DEPRECATE 1 ++#endif ++#ifndef _CRT_SECURE_NO_WARNINGS ++#define _CRT_SECURE_NO_WARNINGS 1 ++#endif ++#endif + #if 0 +-#define LZO_0xffffL 0xfffful +-#define LZO_0xffffffffL 0xfffffffful ++#define LZO_0xffffUL 0xfffful ++#define LZO_0xffffffffUL 0xfffffffful + #else +-#define LZO_0xffffL 65535ul +-#define LZO_0xffffffffL 4294967295ul ++#define LZO_0xffffUL 65535ul ++#define LZO_0xffffffffUL 4294967295ul + #endif ++#define LZO_0xffffL LZO_0xffffUL ++#define LZO_0xffffffffL LZO_0xffffffffUL + #if (LZO_0xffffL == LZO_0xffffffffL) + # error "your preprocessor is broken 1" + #endif +@@ -123,6 +129,13 @@ + # error "your preprocessor is broken 4" + #endif + #endif ++#if defined(__COUNTER__) ++# ifndef LZO_CFG_USE_COUNTER ++# define LZO_CFG_USE_COUNTER 1 ++# endif ++#else ++# undef LZO_CFG_USE_COUNTER ++#endif + #if (UINT_MAX == LZO_0xffffL) + #if defined(__ZTC__) && defined(__I86__) && !defined(__OS2__) + # if !defined(MSDOS) +@@ -253,14 +266,31 @@ + #endif + #define LZO_PP_STRINGIZE(x) #x + #define LZO_PP_MACRO_EXPAND(x) LZO_PP_STRINGIZE(x) ++#define LZO_PP_CONCAT0() /*empty*/ ++#define LZO_PP_CONCAT1(a) a + #define LZO_PP_CONCAT2(a,b) a ## b + #define LZO_PP_CONCAT3(a,b,c) a ## b ## c + #define LZO_PP_CONCAT4(a,b,c,d) a ## b ## c ## d + #define LZO_PP_CONCAT5(a,b,c,d,e) a ## b ## c ## d ## e ++#define LZO_PP_CONCAT6(a,b,c,d,e,f) a ## b ## c ## d ## e ## f ++#define LZO_PP_CONCAT7(a,b,c,d,e,f,g) a ## b ## c ## d ## e ## f ## g ++#define LZO_PP_ECONCAT0() LZO_PP_CONCAT0() ++#define LZO_PP_ECONCAT1(a) LZO_PP_CONCAT1(a) + #define LZO_PP_ECONCAT2(a,b) LZO_PP_CONCAT2(a,b) + #define LZO_PP_ECONCAT3(a,b,c) LZO_PP_CONCAT3(a,b,c) + #define LZO_PP_ECONCAT4(a,b,c,d) LZO_PP_CONCAT4(a,b,c,d) + #define LZO_PP_ECONCAT5(a,b,c,d,e) LZO_PP_CONCAT5(a,b,c,d,e) ++#define LZO_PP_ECONCAT6(a,b,c,d,e,f) LZO_PP_CONCAT6(a,b,c,d,e,f) ++#define LZO_PP_ECONCAT7(a,b,c,d,e,f,g) LZO_PP_CONCAT7(a,b,c,d,e,f,g) ++#define LZO_PP_EMPTY /*empty*/ ++#define LZO_PP_EMPTY0() /*empty*/ ++#define LZO_PP_EMPTY1(a) /*empty*/ ++#define LZO_PP_EMPTY2(a,b) /*empty*/ ++#define LZO_PP_EMPTY3(a,b,c) /*empty*/ ++#define LZO_PP_EMPTY4(a,b,c,d) /*empty*/ ++#define LZO_PP_EMPTY5(a,b,c,d,e) /*empty*/ ++#define LZO_PP_EMPTY6(a,b,c,d,e,f) /*empty*/ ++#define LZO_PP_EMPTY7(a,b,c,d,e,f,g) /*empty*/ + #if 1 + #define LZO_CPP_STRINGIZE(x) #x + #define LZO_CPP_MACRO_EXPAND(x) LZO_CPP_STRINGIZE(x) +@@ -268,12 +298,16 @@ + #define LZO_CPP_CONCAT3(a,b,c) a ## b ## c + #define LZO_CPP_CONCAT4(a,b,c,d) a ## b ## c ## d + #define LZO_CPP_CONCAT5(a,b,c,d,e) a ## b ## c ## d ## e ++#define LZO_CPP_CONCAT6(a,b,c,d,e,f) a ## b ## c ## d ## e ## f ++#define LZO_CPP_CONCAT7(a,b,c,d,e,f,g) a ## b ## c ## d ## e ## f ## g + #define LZO_CPP_ECONCAT2(a,b) LZO_CPP_CONCAT2(a,b) + #define LZO_CPP_ECONCAT3(a,b,c) LZO_CPP_CONCAT3(a,b,c) + #define LZO_CPP_ECONCAT4(a,b,c,d) LZO_CPP_CONCAT4(a,b,c,d) + #define LZO_CPP_ECONCAT5(a,b,c,d,e) LZO_CPP_CONCAT5(a,b,c,d,e) ++#define LZO_CPP_ECONCAT6(a,b,c,d,e,f) LZO_CPP_CONCAT6(a,b,c,d,e,f) ++#define LZO_CPP_ECONCAT7(a,b,c,d,e,f,g) LZO_CPP_CONCAT7(a,b,c,d,e,f,g) + #endif +-#define __LZO_MASK_GEN(o,b) (((((o) << ((b)-1)) - (o)) << 1) + (o)) ++#define __LZO_MASK_GEN(o,b) (((((o) << ((b)-!!(b))) - (o)) << 1) + (o)*!!(b)) + #if 1 && defined(__cplusplus) + # if !defined(__STDC_CONSTANT_MACROS) + # define __STDC_CONSTANT_MACROS 1 +@@ -283,9 +317,13 @@ + # endif + #endif + #if defined(__cplusplus) +-# define LZO_EXTERN_C extern "C" ++# define LZO_EXTERN_C extern "C" ++# define LZO_EXTERN_C_BEGIN extern "C" { ++# define LZO_EXTERN_C_END } + #else +-# define LZO_EXTERN_C extern ++# define LZO_EXTERN_C extern ++# define LZO_EXTERN_C_BEGIN /*empty*/ ++# define LZO_EXTERN_C_END /*empty*/ + #endif + #if !defined(__LZO_OS_OVERRIDE) + #if (LZO_OS_FREESTANDING) +@@ -386,12 +424,12 @@ + #elif defined(__VMS) + # define LZO_OS_VMS 1 + # define LZO_INFO_OS "vms" +-#elif ((defined(__mips__) && defined(__R5900__)) || defined(__MIPS_PSX2__)) ++#elif (defined(__mips__) && defined(__R5900__)) || defined(__MIPS_PSX2__) + # define LZO_OS_CONSOLE 1 + # define LZO_OS_CONSOLE_PS2 1 + # define LZO_INFO_OS "console" + # define LZO_INFO_OS_CONSOLE "ps2" +-#elif (defined(__mips__) && defined(__psp__)) ++#elif defined(__mips__) && defined(__psp__) + # define LZO_OS_CONSOLE 1 + # define LZO_OS_CONSOLE_PSP 1 + # define LZO_INFO_OS "console" +@@ -419,9 +457,18 @@ + # elif defined(__linux__) || defined(__linux) || defined(__LINUX__) + # define LZO_OS_POSIX_LINUX 1 + # define LZO_INFO_OS_POSIX "linux" +-# elif defined(__APPLE__) || defined(__MACOS__) +-# define LZO_OS_POSIX_MACOSX 1 +-# define LZO_INFO_OS_POSIX "macosx" ++# elif defined(__APPLE__) && defined(__MACH__) ++# if ((__ENVIRONMENT_IPHONE_OS_VERSION_MIN_REQUIRED__-0) >= 20000) ++# define LZO_OS_POSIX_DARWIN 1040 ++# define LZO_INFO_OS_POSIX "darwin_iphone" ++# elif ((__ENVIRONMENT_MAC_OS_X_VERSION_MIN_REQUIRED__-0) >= 1040) ++# define LZO_OS_POSIX_DARWIN __ENVIRONMENT_MAC_OS_X_VERSION_MIN_REQUIRED__ ++# define LZO_INFO_OS_POSIX "darwin" ++# else ++# define LZO_OS_POSIX_DARWIN 1 ++# define LZO_INFO_OS_POSIX "darwin" ++# endif ++# define LZO_OS_POSIX_MACOSX LZO_OS_POSIX_DARWIN + # elif defined(__minix__) || defined(__minix) + # define LZO_OS_POSIX_MINIX 1 + # define LZO_INFO_OS_POSIX "minix" +@@ -456,18 +503,18 @@ + #endif + #if (LZO_OS_DOS16 || LZO_OS_OS216 || LZO_OS_WIN16) + # if (UINT_MAX != LZO_0xffffL) +-# error "this should not happen" ++# error "unexpected configuration - check your compiler defines" + # endif + # if (ULONG_MAX != LZO_0xffffffffL) +-# error "this should not happen" ++# error "unexpected configuration - check your compiler defines" + # endif + #endif + #if (LZO_OS_DOS32 || LZO_OS_OS2 || LZO_OS_WIN32 || LZO_OS_WIN64) + # if (UINT_MAX != LZO_0xffffffffL) +-# error "this should not happen" ++# error "unexpected configuration - check your compiler defines" + # endif + # if (ULONG_MAX != LZO_0xffffffffL) +-# error "this should not happen" ++# error "unexpected configuration - check your compiler defines" + # endif + #endif + #if defined(CIL) && defined(_GNUCC) && defined(__GNUC__) +@@ -483,59 +530,65 @@ + # define LZO_INFO_CC "sdcc" + # define LZO_INFO_CCVER LZO_PP_MACRO_EXPAND(SDCC) + #elif defined(__PATHSCALE__) && defined(__PATHCC_PATCHLEVEL__) +-# define LZO_CC_PATHSCALE (__PATHCC__ * 0x10000L + __PATHCC_MINOR__ * 0x100 + __PATHCC_PATCHLEVEL__) ++# define LZO_CC_PATHSCALE (__PATHCC__ * 0x10000L + (__PATHCC_MINOR__-0) * 0x100 + (__PATHCC_PATCHLEVEL__-0)) + # define LZO_INFO_CC "Pathscale C" + # define LZO_INFO_CCVER __PATHSCALE__ +-#elif defined(__INTEL_COMPILER) +-# define LZO_CC_INTELC 1 ++# if defined(__GNUC__) && defined(__GNUC_MINOR__) && defined(__VERSION__) ++# define LZO_CC_PATHSCALE_GNUC (__GNUC__ * 0x10000L + (__GNUC_MINOR__-0) * 0x100 + (__GNUC_PATCHLEVEL__-0)) ++# endif ++#elif defined(__INTEL_COMPILER) && ((__INTEL_COMPILER-0) > 0) ++# define LZO_CC_INTELC __INTEL_COMPILER + # define LZO_INFO_CC "Intel C" + # define LZO_INFO_CCVER LZO_PP_MACRO_EXPAND(__INTEL_COMPILER) +-# if defined(_WIN32) || defined(_WIN64) +-# define LZO_CC_SYNTAX_MSC 1 +-# else +-# define LZO_CC_SYNTAX_GNUC 1 ++# if defined(_MSC_VER) && ((_MSC_VER-0) > 0) ++# define LZO_CC_INTELC_MSC _MSC_VER ++# elif defined(__GNUC__) && defined(__GNUC_MINOR__) && defined(__VERSION__) ++# define LZO_CC_INTELC_GNUC (__GNUC__ * 0x10000L + (__GNUC_MINOR__-0) * 0x100 + (__GNUC_PATCHLEVEL__-0)) + # endif + #elif defined(__POCC__) && defined(_WIN32) + # define LZO_CC_PELLESC 1 + # define LZO_INFO_CC "Pelles C" + # define LZO_INFO_CCVER LZO_PP_MACRO_EXPAND(__POCC__) +-#elif defined(__clang__) && defined(__llvm__) && defined(__GNUC__) && defined(__GNUC_MINOR__) && defined(__VERSION__) ++#elif defined(__ARMCC_VERSION) && defined(__GNUC__) && defined(__GNUC_MINOR__) && defined(__VERSION__) + # if defined(__GNUC_PATCHLEVEL__) +-# define LZO_CC_CLANG_GNUC (__GNUC__ * 0x10000L + __GNUC_MINOR__ * 0x100 + __GNUC_PATCHLEVEL__) ++# define LZO_CC_ARMCC_GNUC (__GNUC__ * 0x10000L + (__GNUC_MINOR__-0) * 0x100 + (__GNUC_PATCHLEVEL__-0)) + # else +-# define LZO_CC_CLANG_GNUC (__GNUC__ * 0x10000L + __GNUC_MINOR__ * 0x100) ++# define LZO_CC_ARMCC_GNUC (__GNUC__ * 0x10000L + (__GNUC_MINOR__-0) * 0x100) + # endif ++# define LZO_CC_ARMCC __ARMCC_VERSION ++# define LZO_INFO_CC "ARM C Compiler" ++# define LZO_INFO_CCVER __VERSION__ ++#elif defined(__clang__) && defined(__llvm__) && defined(__VERSION__) + # if defined(__clang_major__) && defined(__clang_minor__) && defined(__clang_patchlevel__) +-# define LZO_CC_CLANG_CLANG (__clang_major__ * 0x10000L + __clang_minor__ * 0x100 + __clang_patchlevel__) ++# define LZO_CC_CLANG (__clang_major__ * 0x10000L + (__clang_minor__-0) * 0x100 + (__clang_patchlevel__-0)) + # else +-# define LZO_CC_CLANG_CLANG 0x010000L ++# define LZO_CC_CLANG 0x010000L ++# endif ++# if defined(_MSC_VER) && ((_MSC_VER-0) > 0) ++# define LZO_CC_CLANG_MSC _MSC_VER ++# elif defined(__GNUC__) && defined(__GNUC_MINOR__) && defined(__VERSION__) ++# define LZO_CC_CLANG_GNUC (__GNUC__ * 0x10000L + (__GNUC_MINOR__-0) * 0x100 + (__GNUC_PATCHLEVEL__-0)) + # endif +-# define LZO_CC_CLANG LZO_CC_CLANG_GNUC + # define LZO_INFO_CC "clang" + # define LZO_INFO_CCVER __VERSION__ + #elif defined(__llvm__) && defined(__GNUC__) && defined(__GNUC_MINOR__) && defined(__VERSION__) + # if defined(__GNUC_PATCHLEVEL__) +-# define LZO_CC_LLVM_GNUC (__GNUC__ * 0x10000L + __GNUC_MINOR__ * 0x100 + __GNUC_PATCHLEVEL__) ++# define LZO_CC_LLVM_GNUC (__GNUC__ * 0x10000L + (__GNUC_MINOR__-0) * 0x100 + (__GNUC_PATCHLEVEL__-0)) + # else +-# define LZO_CC_LLVM_GNUC (__GNUC__ * 0x10000L + __GNUC_MINOR__ * 0x100) ++# define LZO_CC_LLVM_GNUC (__GNUC__ * 0x10000L + (__GNUC_MINOR__-0) * 0x100) + # endif + # define LZO_CC_LLVM LZO_CC_LLVM_GNUC + # define LZO_INFO_CC "llvm-gcc" + # define LZO_INFO_CCVER __VERSION__ +-#elif defined(__GNUC__) && defined(__VERSION__) +-# if defined(__GNUC_MINOR__) && defined(__GNUC_PATCHLEVEL__) +-# define LZO_CC_GNUC (__GNUC__ * 0x10000L + __GNUC_MINOR__ * 0x100 + __GNUC_PATCHLEVEL__) +-# elif defined(__GNUC_MINOR__) +-# define LZO_CC_GNUC (__GNUC__ * 0x10000L + __GNUC_MINOR__ * 0x100) +-# else +-# define LZO_CC_GNUC (__GNUC__ * 0x10000L) +-# endif +-# define LZO_INFO_CC "gcc" +-# define LZO_INFO_CCVER __VERSION__ + #elif defined(__ACK__) && defined(_ACK) + # define LZO_CC_ACK 1 + # define LZO_INFO_CC "Amsterdam Compiler Kit C" + # define LZO_INFO_CCVER "unknown" ++#elif defined(__ARMCC_VERSION) && !defined(__GNUC__) ++# define LZO_CC_ARMCC __ARMCC_VERSION ++# define LZO_CC_ARMCC_ARMCC __ARMCC_VERSION ++# define LZO_INFO_CC "ARM C Compiler" ++# define LZO_INFO_CCVER LZO_PP_MACRO_EXPAND(__ARMCC_VERSION) + #elif defined(__AZTEC_C__) + # define LZO_CC_AZTECC 1 + # define LZO_INFO_CC "Aztec C" +@@ -560,10 +613,23 @@ + # define LZO_CC_DECC 1 + # define LZO_INFO_CC "DEC C" + # define LZO_INFO_CCVER LZO_PP_MACRO_EXPAND(__DECC) ++#elif (defined(__ghs) || defined(__ghs__)) && defined(__GHS_VERSION_NUMBER) && ((__GHS_VERSION_NUMBER-0) > 0) ++# define LZO_CC_GHS 1 ++# define LZO_INFO_CC "Green Hills C" ++# define LZO_INFO_CCVER LZO_PP_MACRO_EXPAND(__GHS_VERSION_NUMBER) ++# if defined(_MSC_VER) && ((_MSC_VER-0) > 0) ++# define LZO_CC_GHS_MSC _MSC_VER ++# elif defined(__GNUC__) && defined(__GNUC_MINOR__) && defined(__VERSION__) ++# define LZO_CC_GHS_GNUC (__GNUC__ * 0x10000L + (__GNUC_MINOR__-0) * 0x100 + (__GNUC_PATCHLEVEL__-0)) ++# endif + #elif defined(__HIGHC__) + # define LZO_CC_HIGHC 1 + # define LZO_INFO_CC "MetaWare High C" + # define LZO_INFO_CCVER "unknown" ++#elif defined(__HP_aCC) && ((__HP_aCC-0) > 0) ++# define LZO_CC_HPACC __HP_aCC ++# define LZO_INFO_CC "HP aCC" ++# define LZO_INFO_CCVER LZO_PP_MACRO_EXPAND(__HP_aCC) + #elif defined(__IAR_SYSTEMS_ICC__) + # define LZO_CC_IARC 1 + # define LZO_INFO_CC "IAR C" +@@ -572,10 +638,14 @@ + # else + # define LZO_INFO_CCVER "unknown" + # endif +-#elif defined(__IBMC__) +-# define LZO_CC_IBMC 1 ++#elif defined(__IBMC__) && ((__IBMC__-0) > 0) ++# define LZO_CC_IBMC __IBMC__ + # define LZO_INFO_CC "IBM C" + # define LZO_INFO_CCVER LZO_PP_MACRO_EXPAND(__IBMC__) ++#elif defined(__IBMCPP__) && ((__IBMCPP__-0) > 0) ++# define LZO_CC_IBMC __IBMCPP__ ++# define LZO_INFO_CC "IBM C" ++# define LZO_INFO_CCVER LZO_PP_MACRO_EXPAND(__IBMCPP__) + #elif defined(__KEIL__) && defined(__C166__) + # define LZO_CC_KEILC 1 + # define LZO_INFO_CC "Keil C" +@@ -592,16 +662,8 @@ + # else + # define LZO_INFO_CCVER "unknown" + # endif +-#elif defined(_MSC_VER) +-# define LZO_CC_MSC 1 +-# define LZO_INFO_CC "Microsoft C" +-# if defined(_MSC_FULL_VER) +-# define LZO_INFO_CCVER LZO_PP_MACRO_EXPAND(_MSC_VER) "." LZO_PP_MACRO_EXPAND(_MSC_FULL_VER) +-# else +-# define LZO_INFO_CCVER LZO_PP_MACRO_EXPAND(_MSC_VER) +-# endif +-#elif defined(__MWERKS__) +-# define LZO_CC_MWERKS 1 ++#elif defined(__MWERKS__) && ((__MWERKS__-0) > 0) ++# define LZO_CC_MWERKS __MWERKS__ + # define LZO_INFO_CC "Metrowerks C" + # define LZO_INFO_CCVER LZO_PP_MACRO_EXPAND(__MWERKS__) + #elif (defined(__NDPC__) || defined(__NDPX__)) && defined(__i386) +@@ -612,6 +674,15 @@ + # define LZO_CC_PACIFICC 1 + # define LZO_INFO_CC "Pacific C" + # define LZO_INFO_CCVER LZO_PP_MACRO_EXPAND(__PACIFIC__) ++#elif defined(__PGI) && defined(__PGIC__) && defined(__PGIC_MINOR__) ++# if defined(__PGIC_PATCHLEVEL__) ++# define LZO_CC_PGI (__PGIC__ * 0x10000L + (__PGIC_MINOR__-0) * 0x100 + (__PGIC_PATCHLEVEL__-0)) ++# define LZO_INFO_CCVER LZO_PP_MACRO_EXPAND(__PGIC__) "." LZO_PP_MACRO_EXPAND(__PGIC_MINOR__) "." LZO_PP_MACRO_EXPAND(__PGIC_PATCHLEVEL__) ++# else ++# define LZO_CC_PGI (__PGIC__ * 0x10000L + (__PGIC_MINOR__-0) * 0x100) ++# define LZO_INFO_CCVER LZO_PP_MACRO_EXPAND(__PGIC__) "." LZO_PP_MACRO_EXPAND(__PGIC_MINOR__) ".0" ++# endif ++# define LZO_INFO_CC "Portland Group PGI C" + #elif defined(__PGI) && (defined(__linux__) || defined(__WIN32__)) + # define LZO_CC_PGI 1 + # define LZO_INFO_CC "Portland Group PGI C" +@@ -626,7 +697,7 @@ + # define LZO_INFO_CCVER LZO_PP_MACRO_EXPAND(__SC__) + #elif defined(__SUNPRO_C) + # define LZO_INFO_CC "SunPro C" +-# if ((__SUNPRO_C)+0 > 0) ++# if ((__SUNPRO_C-0) > 0) + # define LZO_CC_SUNPROC __SUNPRO_C + # define LZO_INFO_CCVER LZO_PP_MACRO_EXPAND(__SUNPRO_C) + # else +@@ -635,7 +706,7 @@ + # endif + #elif defined(__SUNPRO_CC) + # define LZO_INFO_CC "SunPro C" +-# if ((__SUNPRO_CC)+0 > 0) ++# if ((__SUNPRO_CC-0) > 0) + # define LZO_CC_SUNPROC __SUNPRO_CC + # define LZO_INFO_CCVER LZO_PP_MACRO_EXPAND(__SUNPRO_CC) + # else +@@ -661,16 +732,46 @@ + #elif defined(__ZTC__) + # define LZO_CC_ZORTECHC 1 + # define LZO_INFO_CC "Zortech C" +-# if (__ZTC__ == 0x310) ++# if ((__ZTC__-0) == 0x310) + # define LZO_INFO_CCVER "0x310" + # else + # define LZO_INFO_CCVER LZO_PP_MACRO_EXPAND(__ZTC__) + # endif ++#elif defined(__GNUC__) && defined(__VERSION__) ++# if defined(__GNUC_MINOR__) && defined(__GNUC_PATCHLEVEL__) ++# define LZO_CC_GNUC (__GNUC__ * 0x10000L + (__GNUC_MINOR__-0) * 0x100 + (__GNUC_PATCHLEVEL__-0)) ++# elif defined(__GNUC_MINOR__) ++# define LZO_CC_GNUC (__GNUC__ * 0x10000L + (__GNUC_MINOR__-0) * 0x100) ++# else ++# define LZO_CC_GNUC (__GNUC__ * 0x10000L) ++# endif ++# define LZO_INFO_CC "gcc" ++# define LZO_INFO_CCVER __VERSION__ ++#elif defined(_MSC_VER) && ((_MSC_VER-0) > 0) ++# define LZO_CC_MSC _MSC_VER ++# define LZO_INFO_CC "Microsoft C" ++# if defined(_MSC_FULL_VER) ++# define LZO_INFO_CCVER LZO_PP_MACRO_EXPAND(_MSC_VER) "." LZO_PP_MACRO_EXPAND(_MSC_FULL_VER) ++# else ++# define LZO_INFO_CCVER LZO_PP_MACRO_EXPAND(_MSC_VER) ++# endif + #else + # define LZO_CC_UNKNOWN 1 + # define LZO_INFO_CC "unknown" + # define LZO_INFO_CCVER "unknown" + #endif ++#if (LZO_CC_GNUC) && defined(__OPEN64__) ++# if defined(__OPENCC__) && defined(__OPENCC_MINOR__) && defined(__OPENCC_PATCHLEVEL__) ++# define LZO_CC_OPEN64 (__OPENCC__ * 0x10000L + (__OPENCC_MINOR__-0) * 0x100 + (__OPENCC_PATCHLEVEL__-0)) ++# define LZO_CC_OPEN64_GNUC LZO_CC_GNUC ++# endif ++#endif ++#if (LZO_CC_GNUC) && defined(__PCC__) ++# if defined(__PCC__) && defined(__PCC_MINOR__) && defined(__PCC_MINORMINOR__) ++# define LZO_CC_PCC (__PCC__ * 0x10000L + (__PCC_MINOR__-0) * 0x100 + (__PCC_MINORMINOR__-0)) ++# define LZO_CC_PCC_GNUC LZO_CC_GNUC ++# endif ++#endif + #if 0 && (LZO_CC_MSC && (_MSC_VER >= 1200)) && !defined(_MSC_FULL_VER) + # error "LZO_CC_MSC: _MSC_FULL_VER is not defined" + #endif +@@ -688,8 +789,10 @@ + # define LZO_INFO_ARCH "generic" + #elif (LZO_OS_DOS16 || LZO_OS_OS216 || LZO_OS_WIN16) + # define LZO_ARCH_I086 1 +-# define LZO_ARCH_IA16 1 + # define LZO_INFO_ARCH "i086" ++#elif defined(__aarch64__) ++# define LZO_ARCH_ARM64 1 ++# define LZO_INFO_ARCH "arm64" + #elif defined(__alpha__) || defined(__alpha) || defined(_M_ALPHA) + # define LZO_ARCH_ALPHA 1 + # define LZO_INFO_ARCH "alpha" +@@ -705,10 +808,10 @@ + # define LZO_INFO_ARCH "arm_thumb" + #elif defined(__IAR_SYSTEMS_ICC__) && defined(__ICCARM__) + # define LZO_ARCH_ARM 1 +-# if defined(__CPU_MODE__) && ((__CPU_MODE__)+0 == 1) ++# if defined(__CPU_MODE__) && ((__CPU_MODE__-0) == 1) + # define LZO_ARCH_ARM_THUMB 1 + # define LZO_INFO_ARCH "arm_thumb" +-# elif defined(__CPU_MODE__) && ((__CPU_MODE__)+0 == 2) ++# elif defined(__CPU_MODE__) && ((__CPU_MODE__-0) == 2) + # define LZO_INFO_ARCH "arm" + # else + # define LZO_INFO_ARCH "arm" +@@ -826,53 +929,147 @@ + # error "FIXME - missing define for CPU architecture" + #endif + #if 1 && (LZO_ARCH_UNKNOWN) && (LZO_OS_WIN32) +-# error "FIXME - missing WIN32 define for CPU architecture" ++# error "FIXME - missing LZO_OS_WIN32 define for CPU architecture" + #endif + #if 1 && (LZO_ARCH_UNKNOWN) && (LZO_OS_WIN64) +-# error "FIXME - missing WIN64 define for CPU architecture" ++# error "FIXME - missing LZO_OS_WIN64 define for CPU architecture" + #endif + #if (LZO_OS_OS216 || LZO_OS_WIN16) + # define LZO_ARCH_I086PM 1 +-# define LZO_ARCH_IA16PM 1 + #elif 1 && (LZO_OS_DOS16 && defined(BLX286)) + # define LZO_ARCH_I086PM 1 +-# define LZO_ARCH_IA16PM 1 + #elif 1 && (LZO_OS_DOS16 && defined(DOSX286)) + # define LZO_ARCH_I086PM 1 +-# define LZO_ARCH_IA16PM 1 + #elif 1 && (LZO_OS_DOS16 && LZO_CC_BORLANDC && defined(__DPMI16__)) + # define LZO_ARCH_I086PM 1 +-# define LZO_ARCH_IA16PM 1 + #endif +-#if (LZO_ARCH_ARM_THUMB) && !(LZO_ARCH_ARM) +-# error "this should not happen" ++#if (LZO_ARCH_AMD64 && !LZO_ARCH_X64) ++# define LZO_ARCH_X64 1 ++#elif (!LZO_ARCH_AMD64 && LZO_ARCH_X64) && defined(__LZO_ARCH_OVERRIDE) ++# define LZO_ARCH_AMD64 1 + #endif +-#if (LZO_ARCH_I086PM) && !(LZO_ARCH_I086) +-# error "this should not happen" ++#if (LZO_ARCH_ARM64 && !LZO_ARCH_AARCH64) ++# define LZO_ARCH_AARCH64 1 ++#elif (!LZO_ARCH_ARM64 && LZO_ARCH_AARCH64) && defined(__LZO_ARCH_OVERRIDE) ++# define LZO_ARCH_ARM64 1 ++#endif ++#if (LZO_ARCH_I386 && !LZO_ARCH_X86) ++# define LZO_ARCH_X86 1 ++#elif (!LZO_ARCH_I386 && LZO_ARCH_X86) && defined(__LZO_ARCH_OVERRIDE) ++# define LZO_ARCH_I386 1 ++#endif ++#if (LZO_ARCH_AMD64 && !LZO_ARCH_X64) || (!LZO_ARCH_AMD64 && LZO_ARCH_X64) ++# error "unexpected configuration - check your compiler defines" ++#endif ++#if (LZO_ARCH_ARM64 && !LZO_ARCH_AARCH64) || (!LZO_ARCH_ARM64 && LZO_ARCH_AARCH64) ++# error "unexpected configuration - check your compiler defines" ++#endif ++#if (LZO_ARCH_I386 && !LZO_ARCH_X86) || (!LZO_ARCH_I386 && LZO_ARCH_X86) ++# error "unexpected configuration - check your compiler defines" ++#endif ++#if (LZO_ARCH_ARM_THUMB && !LZO_ARCH_ARM) ++# error "unexpected configuration - check your compiler defines" ++#endif ++#if (LZO_ARCH_ARM_THUMB1 && !LZO_ARCH_ARM_THUMB) ++# error "unexpected configuration - check your compiler defines" ++#endif ++#if (LZO_ARCH_ARM_THUMB2 && !LZO_ARCH_ARM_THUMB) ++# error "unexpected configuration - check your compiler defines" ++#endif ++#if (LZO_ARCH_ARM_THUMB1 && LZO_ARCH_ARM_THUMB2) ++# error "unexpected configuration - check your compiler defines" ++#endif ++#if (LZO_ARCH_I086PM && !LZO_ARCH_I086) ++# error "unexpected configuration - check your compiler defines" + #endif + #if (LZO_ARCH_I086) + # if (UINT_MAX != LZO_0xffffL) +-# error "this should not happen" ++# error "unexpected configuration - check your compiler defines" + # endif + # if (ULONG_MAX != LZO_0xffffffffL) +-# error "this should not happen" ++# error "unexpected configuration - check your compiler defines" + # endif + #endif + #if (LZO_ARCH_I386) + # if (UINT_MAX != LZO_0xffffL) && defined(__i386_int16__) +-# error "this should not happen" ++# error "unexpected configuration - check your compiler defines" + # endif + # if (UINT_MAX != LZO_0xffffffffL) && !defined(__i386_int16__) +-# error "this should not happen" ++# error "unexpected configuration - check your compiler defines" + # endif + # if (ULONG_MAX != LZO_0xffffffffL) +-# error "this should not happen" ++# error "unexpected configuration - check your compiler defines" + # endif + #endif +-#if !defined(__LZO_MM_OVERRIDE) ++#if (LZO_ARCH_AMD64 || LZO_ARCH_I386) ++# if !defined(LZO_TARGET_FEATURE_SSE2) ++# if defined(__SSE2__) ++# define LZO_TARGET_FEATURE_SSE2 1 ++# elif defined(_MSC_VER) && ((defined(_M_IX86_FP) && ((_M_IX86_FP)+0 >= 2)) || defined(_M_AMD64)) ++# define LZO_TARGET_FEATURE_SSE2 1 ++# endif ++# endif ++# if !defined(LZO_TARGET_FEATURE_SSSE3) ++# if (LZO_TARGET_FEATURE_SSE2) ++# if defined(__SSSE3__) ++# define LZO_TARGET_FEATURE_SSSE3 1 ++# elif defined(_MSC_VER) && defined(__AVX__) ++# define LZO_TARGET_FEATURE_SSSE3 1 ++# endif ++# endif ++# endif ++# if !defined(LZO_TARGET_FEATURE_SSE4_2) ++# if (LZO_TARGET_FEATURE_SSSE3) ++# if defined(__SSE4_2__) ++# define LZO_TARGET_FEATURE_SSE4_2 1 ++# endif ++# endif ++# endif ++# if !defined(LZO_TARGET_FEATURE_AVX) ++# if (LZO_TARGET_FEATURE_SSSE3) ++# if defined(__AVX__) ++# define LZO_TARGET_FEATURE_AVX 1 ++# endif ++# endif ++# endif ++# if !defined(LZO_TARGET_FEATURE_AVX2) ++# if (LZO_TARGET_FEATURE_AVX) ++# if defined(__AVX2__) ++# define LZO_TARGET_FEATURE_AVX2 1 ++# endif ++# endif ++# endif ++#endif ++#if (LZO_TARGET_FEATURE_SSSE3 && !(LZO_TARGET_FEATURE_SSE2)) ++# error "unexpected configuration - check your compiler defines" ++#endif ++#if (LZO_TARGET_FEATURE_SSE4_2 && !(LZO_TARGET_FEATURE_SSSE3)) ++# error "unexpected configuration - check your compiler defines" ++#endif ++#if (LZO_TARGET_FEATURE_AVX && !(LZO_TARGET_FEATURE_SSSE3)) ++# error "unexpected configuration - check your compiler defines" ++#endif ++#if (LZO_TARGET_FEATURE_AVX2 && !(LZO_TARGET_FEATURE_AVX)) ++# error "unexpected configuration - check your compiler defines" ++#endif ++#if (LZO_ARCH_ARM) ++# if !defined(LZO_TARGET_FEATURE_NEON) ++# if defined(__ARM_NEON__) ++# define LZO_TARGET_FEATURE_NEON 1 ++# endif ++# endif ++#elif (LZO_ARCH_ARM64) ++# if !defined(LZO_TARGET_FEATURE_NEON) ++# if 1 ++# define LZO_TARGET_FEATURE_NEON 1 ++# endif ++# endif ++#endif ++#if 0 ++#elif !defined(__LZO_MM_OVERRIDE) + #if (LZO_ARCH_I086) + #if (UINT_MAX != LZO_0xffffL) +-# error "this should not happen" ++# error "unexpected configuration - check your compiler defines" + #endif + #if defined(__TINY__) || defined(M_I86TM) || defined(_M_I86TM) + # define LZO_MM_TINY 1 +@@ -899,7 +1096,7 @@ + #elif (LZO_CC_ZORTECHC && defined(__VCM__)) + # define LZO_MM_LARGE 1 + #else +-# error "unknown memory model" ++# error "unknown LZO_ARCH_I086 memory model" + #endif + #if (LZO_OS_DOS16 || LZO_OS_OS216 || LZO_OS_WIN16) + #define LZO_HAVE_MM_HUGE_PTR 1 +@@ -922,10 +1119,10 @@ + #endif + #if (LZO_ARCH_I086PM) && !(LZO_HAVE_MM_HUGE_PTR) + # if (LZO_OS_DOS16) +-# error "this should not happen" ++# error "unexpected configuration - check your compiler defines" + # elif (LZO_CC_ZORTECHC) + # else +-# error "this should not happen" ++# error "unexpected configuration - check your compiler defines" + # endif + #endif + #ifdef __cplusplus +@@ -957,7 +1154,7 @@ extern "C" { + #endif + #elif (LZO_ARCH_C166) + #if !defined(__MODEL__) +-# error "FIXME - C166 __MODEL__" ++# error "FIXME - LZO_ARCH_C166 __MODEL__" + #elif ((__MODEL__) == 0) + # define LZO_MM_SMALL 1 + #elif ((__MODEL__) == 1) +@@ -971,11 +1168,11 @@ extern "C" { + #elif ((__MODEL__) == 5) + # define LZO_MM_XSMALL 1 + #else +-# error "FIXME - C166 __MODEL__" ++# error "FIXME - LZO_ARCH_C166 __MODEL__" + #endif + #elif (LZO_ARCH_MCS251) + #if !defined(__MODEL__) +-# error "FIXME - MCS251 __MODEL__" ++# error "FIXME - LZO_ARCH_MCS251 __MODEL__" + #elif ((__MODEL__) == 0) + # define LZO_MM_SMALL 1 + #elif ((__MODEL__) == 2) +@@ -987,11 +1184,11 @@ extern "C" { + #elif ((__MODEL__) == 5) + # define LZO_MM_XSMALL 1 + #else +-# error "FIXME - MCS251 __MODEL__" ++# error "FIXME - LZO_ARCH_MCS251 __MODEL__" + #endif + #elif (LZO_ARCH_MCS51) + #if !defined(__MODEL__) +-# error "FIXME - MCS51 __MODEL__" ++# error "FIXME - LZO_ARCH_MCS51 __MODEL__" + #elif ((__MODEL__) == 1) + # define LZO_MM_SMALL 1 + #elif ((__MODEL__) == 2) +@@ -1003,7 +1200,7 @@ extern "C" { + #elif ((__MODEL__) == 5) + # define LZO_MM_XSMALL 1 + #else +-# error "FIXME - MCS51 __MODEL__" ++# error "FIXME - LZO_ARCH_MCS51 __MODEL__" + #endif + #elif (LZO_ARCH_CRAY_PVP) + # define LZO_MM_PVP 1 +@@ -1030,35 +1227,818 @@ extern "C" { + # error "unknown memory model" + #endif + #endif ++#if !defined(__lzo_gnuc_extension__) ++#if (LZO_CC_GNUC >= 0x020800ul) ++# define __lzo_gnuc_extension__ __extension__ ++#elif (LZO_CC_ARMCC_GNUC || LZO_CC_CLANG || LZO_CC_LLVM || LZO_CC_PATHSCALE) ++# define __lzo_gnuc_extension__ __extension__ ++#elif (LZO_CC_IBMC >= 600) ++# define __lzo_gnuc_extension__ __extension__ ++#else ++#endif ++#endif ++#if !defined(__lzo_gnuc_extension__) ++# define __lzo_gnuc_extension__ /*empty*/ ++#endif ++#if !defined(LZO_CFG_USE_NEW_STYLE_CASTS) && defined(__cplusplus) && 0 ++# if (LZO_CC_GNUC && (LZO_CC_GNUC < 0x020800ul)) ++# define LZO_CFG_USE_NEW_STYLE_CASTS 0 ++# elif (LZO_CC_INTELC && (__INTEL_COMPILER < 1200)) ++# define LZO_CFG_USE_NEW_STYLE_CASTS 0 ++# else ++# define LZO_CFG_USE_NEW_STYLE_CASTS 1 ++# endif ++#endif ++#if !defined(LZO_CFG_USE_NEW_STYLE_CASTS) ++# define LZO_CFG_USE_NEW_STYLE_CASTS 0 ++#endif ++#if !defined(__cplusplus) ++# if defined(LZO_CFG_USE_NEW_STYLE_CASTS) ++# undef LZO_CFG_USE_NEW_STYLE_CASTS ++# endif ++# define LZO_CFG_USE_NEW_STYLE_CASTS 0 ++#endif ++#if !defined(LZO_REINTERPRET_CAST) ++# if (LZO_CFG_USE_NEW_STYLE_CASTS) ++# define LZO_REINTERPRET_CAST(t,e) (reinterpret_cast (e)) ++# endif ++#endif ++#if !defined(LZO_REINTERPRET_CAST) ++# define LZO_REINTERPRET_CAST(t,e) ((t) (e)) ++#endif ++#if !defined(LZO_STATIC_CAST) ++# if (LZO_CFG_USE_NEW_STYLE_CASTS) ++# define LZO_STATIC_CAST(t,e) (static_cast (e)) ++# endif ++#endif ++#if !defined(LZO_STATIC_CAST) ++# define LZO_STATIC_CAST(t,e) ((t) (e)) ++#endif ++#if !defined(LZO_STATIC_CAST2) ++# define LZO_STATIC_CAST2(t1,t2,e) LZO_STATIC_CAST(t1, LZO_STATIC_CAST(t2, e)) ++#endif ++#if !defined(LZO_UNCONST_CAST) ++# if (LZO_CFG_USE_NEW_STYLE_CASTS) ++# define LZO_UNCONST_CAST(t,e) (const_cast (e)) ++# elif (LZO_HAVE_MM_HUGE_PTR) ++# define LZO_UNCONST_CAST(t,e) ((t) (e)) ++# elif (LZO_CC_ARMCC_GNUC || LZO_CC_CLANG || LZO_CC_GNUC || LZO_CC_LLVM || LZO_CC_PATHSCALE) ++# define LZO_UNCONST_CAST(t,e) ((t) ((void *) ((lzo_uintptr_t) ((const void *) (e))))) ++# endif ++#endif ++#if !defined(LZO_UNCONST_CAST) ++# define LZO_UNCONST_CAST(t,e) ((t) ((void *) ((const void *) (e)))) ++#endif ++#if !defined(LZO_UNCONST_VOLATILE_CAST) ++# if (LZO_CFG_USE_NEW_STYLE_CASTS) ++# define LZO_UNCONST_VOLATILE_CAST(t,e) (const_cast (e)) ++# elif (LZO_HAVE_MM_HUGE_PTR) ++# define LZO_UNCONST_VOLATILE_CAST(t,e) ((t) (e)) ++# elif (LZO_CC_ARMCC_GNUC || LZO_CC_CLANG || LZO_CC_GNUC || LZO_CC_LLVM || LZO_CC_PATHSCALE) ++# define LZO_UNCONST_VOLATILE_CAST(t,e) ((t) ((volatile void *) ((lzo_uintptr_t) ((volatile const void *) (e))))) ++# endif ++#endif ++#if !defined(LZO_UNCONST_VOLATILE_CAST) ++# define LZO_UNCONST_VOLATILE_CAST(t,e) ((t) ((volatile void *) ((volatile const void *) (e)))) ++#endif ++#if !defined(LZO_UNVOLATILE_CAST) ++# if (LZO_CFG_USE_NEW_STYLE_CASTS) ++# define LZO_UNVOLATILE_CAST(t,e) (const_cast (e)) ++# elif (LZO_HAVE_MM_HUGE_PTR) ++# define LZO_UNVOLATILE_CAST(t,e) ((t) (e)) ++# elif (LZO_CC_ARMCC_GNUC || LZO_CC_CLANG || LZO_CC_GNUC || LZO_CC_LLVM || LZO_CC_PATHSCALE) ++# define LZO_UNVOLATILE_CAST(t,e) ((t) ((void *) ((lzo_uintptr_t) ((volatile void *) (e))))) ++# endif ++#endif ++#if !defined(LZO_UNVOLATILE_CAST) ++# define LZO_UNVOLATILE_CAST(t,e) ((t) ((void *) ((volatile void *) (e)))) ++#endif ++#if !defined(LZO_UNVOLATILE_CONST_CAST) ++# if (LZO_CFG_USE_NEW_STYLE_CASTS) ++# define LZO_UNVOLATILE_CONST_CAST(t,e) (const_cast (e)) ++# elif (LZO_HAVE_MM_HUGE_PTR) ++# define LZO_UNVOLATILE_CONST_CAST(t,e) ((t) (e)) ++# elif (LZO_CC_ARMCC_GNUC || LZO_CC_CLANG || LZO_CC_GNUC || LZO_CC_LLVM || LZO_CC_PATHSCALE) ++# define LZO_UNVOLATILE_CONST_CAST(t,e) ((t) ((const void *) ((lzo_uintptr_t) ((volatile const void *) (e))))) ++# endif ++#endif ++#if !defined(LZO_UNVOLATILE_CONST_CAST) ++# define LZO_UNVOLATILE_CONST_CAST(t,e) ((t) ((const void *) ((volatile const void *) (e)))) ++#endif ++#if !defined(LZO_PCAST) ++# if (LZO_HAVE_MM_HUGE_PTR) ++# define LZO_PCAST(t,e) ((t) (e)) ++# endif ++#endif ++#if !defined(LZO_PCAST) ++# define LZO_PCAST(t,e) LZO_STATIC_CAST(t, LZO_STATIC_CAST(void *, e)) ++#endif ++#if !defined(LZO_CCAST) ++# if (LZO_HAVE_MM_HUGE_PTR) ++# define LZO_CCAST(t,e) ((t) (e)) ++# endif ++#endif ++#if !defined(LZO_CCAST) ++# define LZO_CCAST(t,e) LZO_STATIC_CAST(t, LZO_STATIC_CAST(const void *, e)) ++#endif ++#if !defined(LZO_ICONV) ++# define LZO_ICONV(t,e) LZO_STATIC_CAST(t, e) ++#endif ++#if !defined(LZO_ICAST) ++# define LZO_ICAST(t,e) LZO_STATIC_CAST(t, e) ++#endif ++#if !defined(LZO_ITRUNC) ++# define LZO_ITRUNC(t,e) LZO_STATIC_CAST(t, e) ++#endif ++#if !defined(__lzo_cte) ++# if (LZO_CC_MSC || LZO_CC_WATCOMC) ++# define __lzo_cte(e) ((void)0,(e)) ++# elif 1 ++# define __lzo_cte(e) ((void)0,(e)) ++# endif ++#endif ++#if !defined(__lzo_cte) ++# define __lzo_cte(e) (e) ++#endif ++#if !defined(LZO_BLOCK_BEGIN) ++# define LZO_BLOCK_BEGIN do { ++# define LZO_BLOCK_END } while __lzo_cte(0) ++#endif ++#if !defined(LZO_UNUSED) ++# if (LZO_CC_BORLANDC && (__BORLANDC__ >= 0x0600)) ++# define LZO_UNUSED(var) ((void) &var) ++# elif (LZO_CC_BORLANDC || LZO_CC_HIGHC || LZO_CC_NDPC || LZO_CC_PELLESC || LZO_CC_TURBOC) ++# define LZO_UNUSED(var) if (&var) ; else ++# elif (LZO_CC_CLANG && (LZO_CC_CLANG >= 0x030200ul)) ++# define LZO_UNUSED(var) ((void) &var) ++# elif (LZO_CC_CLANG || LZO_CC_GNUC || LZO_CC_LLVM || LZO_CC_PATHSCALE) ++# define LZO_UNUSED(var) ((void) var) ++# elif (LZO_CC_MSC && (_MSC_VER < 900)) ++# define LZO_UNUSED(var) if (&var) ; else ++# elif (LZO_CC_KEILC) ++# define LZO_UNUSED(var) {LZO_EXTERN_C int lzo_unused__[1-2*!(sizeof(var)>0)];} ++# elif (LZO_CC_PACIFICC) ++# define LZO_UNUSED(var) ((void) sizeof(var)) ++# elif (LZO_CC_WATCOMC) && defined(__cplusplus) ++# define LZO_UNUSED(var) ((void) var) ++# else ++# define LZO_UNUSED(var) ((void) &var) ++# endif ++#endif ++#if !defined(LZO_UNUSED_FUNC) ++# if (LZO_CC_BORLANDC && (__BORLANDC__ >= 0x0600)) ++# define LZO_UNUSED_FUNC(func) ((void) func) ++# elif (LZO_CC_BORLANDC || LZO_CC_NDPC || LZO_CC_TURBOC) ++# define LZO_UNUSED_FUNC(func) if (func) ; else ++# elif (LZO_CC_CLANG || LZO_CC_LLVM) ++# define LZO_UNUSED_FUNC(func) ((void) &func) ++# elif (LZO_CC_MSC && (_MSC_VER < 900)) ++# define LZO_UNUSED_FUNC(func) if (func) ; else ++# elif (LZO_CC_MSC) ++# define LZO_UNUSED_FUNC(func) ((void) &func) ++# elif (LZO_CC_KEILC || LZO_CC_PELLESC) ++# define LZO_UNUSED_FUNC(func) {LZO_EXTERN_C int lzo_unused_func__[1-2*!(sizeof((int)func)>0)];} ++# else ++# define LZO_UNUSED_FUNC(func) ((void) func) ++# endif ++#endif ++#if !defined(LZO_UNUSED_LABEL) ++# if (LZO_CC_CLANG >= 0x020800ul) ++# define LZO_UNUSED_LABEL(l) (__lzo_gnuc_extension__ ((void) ((const void *) &&l))) ++# elif (LZO_CC_ARMCC || LZO_CC_CLANG || LZO_CC_INTELC || LZO_CC_WATCOMC) ++# define LZO_UNUSED_LABEL(l) if __lzo_cte(0) goto l ++# else ++# define LZO_UNUSED_LABEL(l) switch (0) case 1:goto l ++# endif ++#endif ++#if !defined(LZO_DEFINE_UNINITIALIZED_VAR) ++# if 0 ++# define LZO_DEFINE_UNINITIALIZED_VAR(type,var,init) type var ++# elif 0 && (LZO_CC_GNUC) ++# define LZO_DEFINE_UNINITIALIZED_VAR(type,var,init) type var = var ++# else ++# define LZO_DEFINE_UNINITIALIZED_VAR(type,var,init) type var = init ++# endif ++#endif ++#if !defined(__lzo_inline) ++#if (LZO_CC_TURBOC && (__TURBOC__ <= 0x0295)) ++#elif defined(__cplusplus) ++# define __lzo_inline inline ++#elif defined(__STDC_VERSION__) && (__STDC_VERSION__-0 >= 199901L) ++# define __lzo_inline inline ++#elif (LZO_CC_BORLANDC && (__BORLANDC__ >= 0x0550)) ++# define __lzo_inline __inline ++#elif (LZO_CC_ARMCC_GNUC || LZO_CC_CILLY || LZO_CC_CLANG || LZO_CC_GNUC || LZO_CC_LLVM || LZO_CC_PATHSCALE || LZO_CC_PGI) ++# define __lzo_inline __inline__ ++#elif (LZO_CC_DMC) ++# define __lzo_inline __inline ++#elif (LZO_CC_GHS) ++# define __lzo_inline __inline__ ++#elif (LZO_CC_IBMC >= 600) ++# define __lzo_inline __inline__ ++#elif (LZO_CC_INTELC) ++# define __lzo_inline __inline ++#elif (LZO_CC_MWERKS && (__MWERKS__ >= 0x2405)) ++# define __lzo_inline __inline ++#elif (LZO_CC_MSC && (_MSC_VER >= 900)) ++# define __lzo_inline __inline ++#elif (LZO_CC_SUNPROC >= 0x5100) ++# define __lzo_inline __inline__ ++#endif ++#endif ++#if defined(__lzo_inline) ++# ifndef __lzo_HAVE_inline ++# define __lzo_HAVE_inline 1 ++# endif ++#else ++# define __lzo_inline /*empty*/ ++#endif ++#if !defined(__lzo_forceinline) ++#if (LZO_CC_GNUC >= 0x030200ul) ++# define __lzo_forceinline __inline__ __attribute__((__always_inline__)) ++#elif (LZO_CC_IBMC >= 700) ++# define __lzo_forceinline __inline__ __attribute__((__always_inline__)) ++#elif (LZO_CC_INTELC_MSC && (__INTEL_COMPILER >= 450)) ++# define __lzo_forceinline __forceinline ++#elif (LZO_CC_INTELC_GNUC && (__INTEL_COMPILER >= 800)) ++# define __lzo_forceinline __inline__ __attribute__((__always_inline__)) ++#elif (LZO_CC_ARMCC_GNUC || LZO_CC_CLANG || LZO_CC_LLVM || LZO_CC_PATHSCALE) ++# define __lzo_forceinline __inline__ __attribute__((__always_inline__)) ++#elif (LZO_CC_MSC && (_MSC_VER >= 1200)) ++# define __lzo_forceinline __forceinline ++#elif (LZO_CC_PGI >= 0x0d0a00ul) ++# define __lzo_forceinline __inline__ __attribute__((__always_inline__)) ++#elif (LZO_CC_SUNPROC >= 0x5100) ++# define __lzo_forceinline __inline__ __attribute__((__always_inline__)) ++#endif ++#endif ++#if defined(__lzo_forceinline) ++# ifndef __lzo_HAVE_forceinline ++# define __lzo_HAVE_forceinline 1 ++# endif ++#else ++# define __lzo_forceinline __lzo_inline ++#endif ++#if !defined(__lzo_noinline) ++#if 1 && (LZO_ARCH_I386) && (LZO_CC_GNUC >= 0x040000ul) && (LZO_CC_GNUC < 0x040003ul) ++# define __lzo_noinline __attribute__((__noinline__,__used__)) ++#elif (LZO_CC_GNUC >= 0x030200ul) ++# define __lzo_noinline __attribute__((__noinline__)) ++#elif (LZO_CC_IBMC >= 700) ++# define __lzo_noinline __attribute__((__noinline__)) ++#elif (LZO_CC_INTELC_MSC && (__INTEL_COMPILER >= 600)) ++# define __lzo_noinline __declspec(noinline) ++#elif (LZO_CC_INTELC_GNUC && (__INTEL_COMPILER >= 800)) ++# define __lzo_noinline __attribute__((__noinline__)) ++#elif (LZO_CC_ARMCC_GNUC || LZO_CC_CLANG || LZO_CC_LLVM || LZO_CC_PATHSCALE) ++# define __lzo_noinline __attribute__((__noinline__)) ++#elif (LZO_CC_MSC && (_MSC_VER >= 1300)) ++# define __lzo_noinline __declspec(noinline) ++#elif (LZO_CC_MWERKS && (__MWERKS__ >= 0x3200) && (LZO_OS_WIN32 || LZO_OS_WIN64)) ++# if defined(__cplusplus) ++# else ++# define __lzo_noinline __declspec(noinline) ++# endif ++#elif (LZO_CC_PGI >= 0x0d0a00ul) ++# define __lzo_noinline __attribute__((__noinline__)) ++#elif (LZO_CC_SUNPROC >= 0x5100) ++# define __lzo_noinline __attribute__((__noinline__)) ++#endif ++#endif ++#if defined(__lzo_noinline) ++# ifndef __lzo_HAVE_noinline ++# define __lzo_HAVE_noinline 1 ++# endif ++#else ++# define __lzo_noinline /*empty*/ ++#endif ++#if (__lzo_HAVE_forceinline || __lzo_HAVE_noinline) && !(__lzo_HAVE_inline) ++# error "unexpected configuration - check your compiler defines" ++#endif ++#if !defined(__lzo_static_inline) ++#if (LZO_CC_IBMC) ++# define __lzo_static_inline __lzo_gnuc_extension__ static __lzo_inline ++#endif ++#endif ++#if !defined(__lzo_static_inline) ++# define __lzo_static_inline static __lzo_inline ++#endif ++#if !defined(__lzo_static_forceinline) ++#if (LZO_CC_IBMC) ++# define __lzo_static_forceinline __lzo_gnuc_extension__ static __lzo_forceinline ++#endif ++#endif ++#if !defined(__lzo_static_forceinline) ++# define __lzo_static_forceinline static __lzo_forceinline ++#endif ++#if !defined(__lzo_static_noinline) ++#if (LZO_CC_IBMC) ++# define __lzo_static_noinline __lzo_gnuc_extension__ static __lzo_noinline ++#endif ++#endif ++#if !defined(__lzo_static_noinline) ++# define __lzo_static_noinline static __lzo_noinline ++#endif ++#if !defined(__lzo_c99_extern_inline) ++#if defined(__GNUC_GNU_INLINE__) ++# define __lzo_c99_extern_inline __lzo_inline ++#elif defined(__GNUC_STDC_INLINE__) ++# define __lzo_c99_extern_inline extern __lzo_inline ++#elif defined(__STDC_VERSION__) && (__STDC_VERSION__-0 >= 199901L) ++# define __lzo_c99_extern_inline extern __lzo_inline ++#endif ++#if !defined(__lzo_c99_extern_inline) && (__lzo_HAVE_inline) ++# define __lzo_c99_extern_inline __lzo_inline ++#endif ++#endif ++#if defined(__lzo_c99_extern_inline) ++# ifndef __lzo_HAVE_c99_extern_inline ++# define __lzo_HAVE_c99_extern_inline 1 ++# endif ++#else ++# define __lzo_c99_extern_inline /*empty*/ ++#endif ++#if !defined(__lzo_may_alias) ++#if (LZO_CC_GNUC >= 0x030400ul) ++# define __lzo_may_alias __attribute__((__may_alias__)) ++#elif (LZO_CC_CLANG >= 0x020900ul) ++# define __lzo_may_alias __attribute__((__may_alias__)) ++#elif (LZO_CC_INTELC_GNUC && (__INTEL_COMPILER >= 1210)) && 0 ++# define __lzo_may_alias __attribute__((__may_alias__)) ++#elif (LZO_CC_PGI >= 0x0d0a00ul) && 0 ++# define __lzo_may_alias __attribute__((__may_alias__)) ++#endif ++#endif ++#if defined(__lzo_may_alias) ++# ifndef __lzo_HAVE_may_alias ++# define __lzo_HAVE_may_alias 1 ++# endif ++#else ++# define __lzo_may_alias /*empty*/ ++#endif ++#if !defined(__lzo_noreturn) ++#if (LZO_CC_GNUC >= 0x020700ul) ++# define __lzo_noreturn __attribute__((__noreturn__)) ++#elif (LZO_CC_IBMC >= 700) ++# define __lzo_noreturn __attribute__((__noreturn__)) ++#elif (LZO_CC_INTELC_MSC && (__INTEL_COMPILER >= 450)) ++# define __lzo_noreturn __declspec(noreturn) ++#elif (LZO_CC_INTELC_GNUC && (__INTEL_COMPILER >= 600)) ++# define __lzo_noreturn __attribute__((__noreturn__)) ++#elif (LZO_CC_ARMCC_GNUC || LZO_CC_CLANG || LZO_CC_LLVM || LZO_CC_PATHSCALE) ++# define __lzo_noreturn __attribute__((__noreturn__)) ++#elif (LZO_CC_MSC && (_MSC_VER >= 1200)) ++# define __lzo_noreturn __declspec(noreturn) ++#elif (LZO_CC_PGI >= 0x0d0a00ul) ++# define __lzo_noreturn __attribute__((__noreturn__)) ++#endif ++#endif ++#if defined(__lzo_noreturn) ++# ifndef __lzo_HAVE_noreturn ++# define __lzo_HAVE_noreturn 1 ++# endif ++#else ++# define __lzo_noreturn /*empty*/ ++#endif ++#if !defined(__lzo_nothrow) ++#if (LZO_CC_GNUC >= 0x030300ul) ++# define __lzo_nothrow __attribute__((__nothrow__)) ++#elif (LZO_CC_INTELC_MSC && (__INTEL_COMPILER >= 450)) && defined(__cplusplus) ++# define __lzo_nothrow __declspec(nothrow) ++#elif (LZO_CC_INTELC_GNUC && (__INTEL_COMPILER >= 900)) ++# define __lzo_nothrow __attribute__((__nothrow__)) ++#elif (LZO_CC_ARMCC_GNUC || LZO_CC_CLANG || LZO_CC_LLVM || LZO_CC_PATHSCALE) ++# define __lzo_nothrow __attribute__((__nothrow__)) ++#elif (LZO_CC_MSC && (_MSC_VER >= 1200)) && defined(__cplusplus) ++# define __lzo_nothrow __declspec(nothrow) ++#endif ++#endif ++#if defined(__lzo_nothrow) ++# ifndef __lzo_HAVE_nothrow ++# define __lzo_HAVE_nothrow 1 ++# endif ++#else ++# define __lzo_nothrow /*empty*/ ++#endif ++#if !defined(__lzo_restrict) ++#if (LZO_CC_GNUC >= 0x030400ul) ++# define __lzo_restrict __restrict__ ++#elif (LZO_CC_IBMC >= 800) && !defined(__cplusplus) ++# define __lzo_restrict __restrict__ ++#elif (LZO_CC_IBMC >= 1210) ++# define __lzo_restrict __restrict__ ++#elif (LZO_CC_INTELC_MSC && (__INTEL_COMPILER >= 600)) ++#elif (LZO_CC_INTELC_GNUC && (__INTEL_COMPILER >= 600)) ++# define __lzo_restrict __restrict__ ++#elif (LZO_CC_ARMCC_GNUC || LZO_CC_CLANG || LZO_CC_LLVM) ++# define __lzo_restrict __restrict__ ++#elif (LZO_CC_MSC && (_MSC_VER >= 1400)) ++# define __lzo_restrict __restrict ++#elif (LZO_CC_PGI >= 0x0d0a00ul) ++# define __lzo_restrict __restrict__ ++#endif ++#endif ++#if defined(__lzo_restrict) ++# ifndef __lzo_HAVE_restrict ++# define __lzo_HAVE_restrict 1 ++# endif ++#else ++# define __lzo_restrict /*empty*/ ++#endif ++#if !defined(__lzo_alignof) ++#if (LZO_CC_ARMCC || LZO_CC_CILLY || LZO_CC_CLANG || LZO_CC_GNUC || LZO_CC_LLVM || LZO_CC_PATHSCALE || LZO_CC_PGI) ++# define __lzo_alignof(e) __alignof__(e) ++#elif (LZO_CC_GHS) && !defined(__cplusplus) ++# define __lzo_alignof(e) __alignof__(e) ++#elif (LZO_CC_IBMC >= 600) ++# define __lzo_alignof(e) (__lzo_gnuc_extension__ __alignof__(e)) ++#elif (LZO_CC_INTELC && (__INTEL_COMPILER >= 700)) ++# define __lzo_alignof(e) __alignof__(e) ++#elif (LZO_CC_MSC && (_MSC_VER >= 1300)) ++# define __lzo_alignof(e) __alignof(e) ++#elif (LZO_CC_SUNPROC >= 0x5100) ++# define __lzo_alignof(e) __alignof__(e) ++#endif ++#endif ++#if defined(__lzo_alignof) ++# ifndef __lzo_HAVE_alignof ++# define __lzo_HAVE_alignof 1 ++# endif ++#endif ++#if !defined(__lzo_struct_packed) ++#if (LZO_CC_CLANG && (LZO_CC_CLANG < 0x020800ul)) && defined(__cplusplus) ++#elif (LZO_CC_GNUC && (LZO_CC_GNUC < 0x020700ul)) ++#elif (LZO_CC_GNUC && (LZO_CC_GNUC < 0x020800ul)) && defined(__cplusplus) ++#elif (LZO_CC_PCC && (LZO_CC_PCC < 0x010100ul)) ++#elif (LZO_CC_SUNPROC && (LZO_CC_SUNPROC < 0x5110)) && !defined(__cplusplus) ++#elif (LZO_CC_GNUC >= 0x030400ul) && !(LZO_CC_PCC_GNUC) && (LZO_ARCH_AMD64 || LZO_ARCH_I386) ++# define __lzo_struct_packed(s) struct s { ++# define __lzo_struct_packed_end() } __attribute__((__gcc_struct__,__packed__)); ++# define __lzo_struct_packed_ma_end() } __lzo_may_alias __attribute__((__gcc_struct__,__packed__)); ++#elif (LZO_CC_ARMCC || LZO_CC_CLANG || LZO_CC_GNUC || LZO_CC_INTELC_GNUC || LZO_CC_LLVM || LZO_CC_PATHSCALE || (LZO_CC_PGI >= 0x0d0a00ul) || (LZO_CC_SUNPROC >= 0x5100)) ++# define __lzo_struct_packed(s) struct s { ++# define __lzo_struct_packed_end() } __attribute__((__packed__)); ++# define __lzo_struct_packed_ma_end() } __lzo_may_alias __attribute__((__packed__)); ++#elif (LZO_CC_IBMC >= 700) ++# define __lzo_struct_packed(s) __lzo_gnuc_extension__ struct s { ++# define __lzo_struct_packed_end() } __attribute__((__packed__)); ++# define __lzo_struct_packed_ma_end() } __lzo_may_alias __attribute__((__packed__)); ++#elif (LZO_CC_INTELC_MSC) || (LZO_CC_MSC && (_MSC_VER >= 1300)) ++# define __lzo_struct_packed(s) __pragma(pack(push,1)) struct s { ++# define __lzo_struct_packed_end() } __pragma(pack(pop)); ++#elif (LZO_CC_WATCOMC && (__WATCOMC__ >= 900)) ++# define __lzo_struct_packed(s) _Packed struct s { ++# define __lzo_struct_packed_end() }; ++#endif ++#endif ++#if defined(__lzo_struct_packed) && !defined(__lzo_struct_packed_ma) ++# define __lzo_struct_packed_ma(s) __lzo_struct_packed(s) ++#endif ++#if defined(__lzo_struct_packed_end) && !defined(__lzo_struct_packed_ma_end) ++# define __lzo_struct_packed_ma_end() __lzo_struct_packed_end() ++#endif ++#if !defined(__lzo_byte_struct) ++#if defined(__lzo_struct_packed) ++# define __lzo_byte_struct(s,n) __lzo_struct_packed(s) unsigned char a[n]; __lzo_struct_packed_end() ++# define __lzo_byte_struct_ma(s,n) __lzo_struct_packed_ma(s) unsigned char a[n]; __lzo_struct_packed_ma_end() ++#elif (LZO_CC_CILLY || LZO_CC_CLANG || LZO_CC_PGI || (LZO_CC_SUNPROC >= 0x5100)) ++# define __lzo_byte_struct(s,n) struct s { unsigned char a[n]; } __attribute__((__packed__)); ++# define __lzo_byte_struct_ma(s,n) struct s { unsigned char a[n]; } __lzo_may_alias __attribute__((__packed__)); ++#endif ++#endif ++#if defined(__lzo_byte_struct) && !defined(__lzo_byte_struct_ma) ++# define __lzo_byte_struct_ma(s,n) __lzo_byte_struct(s,n) ++#endif ++#if !defined(__lzo_struct_align16) && (__lzo_HAVE_alignof) ++#if (LZO_CC_GNUC && (LZO_CC_GNUC < 0x030000ul)) ++#elif (LZO_CC_CLANG && (LZO_CC_CLANG < 0x020800ul)) && defined(__cplusplus) ++#elif (LZO_CC_CILLY || LZO_CC_PCC) ++#elif (LZO_CC_INTELC_MSC) || (LZO_CC_MSC && (_MSC_VER >= 1300)) ++# define __lzo_struct_align16(s) struct __declspec(align(16)) s { ++# define __lzo_struct_align16_end() }; ++# define __lzo_struct_align32(s) struct __declspec(align(32)) s { ++# define __lzo_struct_align32_end() }; ++# define __lzo_struct_align64(s) struct __declspec(align(64)) s { ++# define __lzo_struct_align64_end() }; ++#elif (LZO_CC_ARMCC || LZO_CC_CLANG || LZO_CC_GNUC || (LZO_CC_IBMC >= 700) || LZO_CC_INTELC_GNUC || LZO_CC_LLVM || LZO_CC_PATHSCALE) ++# define __lzo_struct_align16(s) struct s { ++# define __lzo_struct_align16_end() } __attribute__((__aligned__(16))); ++# define __lzo_struct_align32(s) struct s { ++# define __lzo_struct_align32_end() } __attribute__((__aligned__(32))); ++# define __lzo_struct_align64(s) struct s { ++# define __lzo_struct_align64_end() } __attribute__((__aligned__(64))); ++#endif ++#endif ++#if !defined(__lzo_union_um) ++#if (LZO_CC_CLANG && (LZO_CC_CLANG < 0x020800ul)) && defined(__cplusplus) ++#elif (LZO_CC_GNUC && (LZO_CC_GNUC < 0x020700ul)) ++#elif (LZO_CC_GNUC && (LZO_CC_GNUC < 0x020800ul)) && defined(__cplusplus) ++#elif (LZO_CC_INTELC_GNUC && (__INTEL_COMPILER < 810)) ++#elif (LZO_CC_PCC && (LZO_CC_PCC < 0x010100ul)) ++#elif (LZO_CC_SUNPROC && (LZO_CC_SUNPROC < 0x5110)) && !defined(__cplusplus) ++#elif (LZO_CC_ARMCC || LZO_CC_CLANG || LZO_CC_GNUC || LZO_CC_INTELC_GNUC || LZO_CC_LLVM || LZO_CC_PATHSCALE || (LZO_CC_PGI >= 0x0d0a00ul) || (LZO_CC_SUNPROC >= 0x5100)) ++# define __lzo_union_am(s) union s { ++# define __lzo_union_am_end() } __lzo_may_alias; ++# define __lzo_union_um(s) union s { ++# define __lzo_union_um_end() } __lzo_may_alias __attribute__((__packed__)); ++#elif (LZO_CC_IBMC >= 700) ++# define __lzo_union_am(s) __lzo_gnuc_extension__ union s { ++# define __lzo_union_am_end() } __lzo_may_alias; ++# define __lzo_union_um(s) __lzo_gnuc_extension__ union s { ++# define __lzo_union_um_end() } __lzo_may_alias __attribute__((__packed__)); ++#elif (LZO_CC_INTELC_MSC) || (LZO_CC_MSC && (_MSC_VER >= 1300)) ++# define __lzo_union_um(s) __pragma(pack(push,1)) union s { ++# define __lzo_union_um_end() } __pragma(pack(pop)); ++#elif (LZO_CC_WATCOMC && (__WATCOMC__ >= 900)) ++# define __lzo_union_um(s) _Packed union s { ++# define __lzo_union_um_end() }; ++#endif ++#endif ++#if !defined(__lzo_union_am) ++# define __lzo_union_am(s) union s { ++# define __lzo_union_am_end() }; ++#endif ++#if !defined(__lzo_constructor) ++#if (LZO_CC_GNUC >= 0x030400ul) ++# define __lzo_constructor __attribute__((__constructor__,__used__)) ++#elif (LZO_CC_GNUC >= 0x020700ul) ++# define __lzo_constructor __attribute__((__constructor__)) ++#elif (LZO_CC_INTELC_GNUC && (__INTEL_COMPILER >= 800)) ++# define __lzo_constructor __attribute__((__constructor__,__used__)) ++#elif (LZO_CC_ARMCC_GNUC || LZO_CC_CLANG || LZO_CC_LLVM || LZO_CC_PATHSCALE) ++# define __lzo_constructor __attribute__((__constructor__)) ++#endif ++#endif ++#if defined(__lzo_constructor) ++# ifndef __lzo_HAVE_constructor ++# define __lzo_HAVE_constructor 1 ++# endif ++#endif ++#if !defined(__lzo_destructor) ++#if (LZO_CC_GNUC >= 0x030400ul) ++# define __lzo_destructor __attribute__((__destructor__,__used__)) ++#elif (LZO_CC_GNUC >= 0x020700ul) ++# define __lzo_destructor __attribute__((__destructor__)) ++#elif (LZO_CC_INTELC_GNUC && (__INTEL_COMPILER >= 800)) ++# define __lzo_destructor __attribute__((__destructor__,__used__)) ++#elif (LZO_CC_ARMCC_GNUC || LZO_CC_CLANG || LZO_CC_LLVM || LZO_CC_PATHSCALE) ++# define __lzo_destructor __attribute__((__destructor__)) ++#endif ++#endif ++#if defined(__lzo_destructor) ++# ifndef __lzo_HAVE_destructor ++# define __lzo_HAVE_destructor 1 ++# endif ++#endif ++#if (__lzo_HAVE_destructor) && !(__lzo_HAVE_constructor) ++# error "unexpected configuration - check your compiler defines" ++#endif ++#if !defined(__lzo_likely) && !defined(__lzo_unlikely) ++#if (LZO_CC_GNUC >= 0x030200ul) ++# define __lzo_likely(e) (__builtin_expect(!!(e),1)) ++# define __lzo_unlikely(e) (__builtin_expect(!!(e),0)) ++#elif (LZO_CC_IBMC >= 1010) ++# define __lzo_likely(e) (__builtin_expect(!!(e),1)) ++# define __lzo_unlikely(e) (__builtin_expect(!!(e),0)) ++#elif (LZO_CC_INTELC && (__INTEL_COMPILER >= 800)) ++# define __lzo_likely(e) (__builtin_expect(!!(e),1)) ++# define __lzo_unlikely(e) (__builtin_expect(!!(e),0)) ++#elif (LZO_CC_ARMCC_GNUC || LZO_CC_CLANG || LZO_CC_LLVM || LZO_CC_PATHSCALE) ++# define __lzo_likely(e) (__builtin_expect(!!(e),1)) ++# define __lzo_unlikely(e) (__builtin_expect(!!(e),0)) ++#endif ++#endif ++#if defined(__lzo_likely) ++# ifndef __lzo_HAVE_likely ++# define __lzo_HAVE_likely 1 ++# endif ++#else ++# define __lzo_likely(e) (e) ++#endif ++#if defined(__lzo_unlikely) ++# ifndef __lzo_HAVE_unlikely ++# define __lzo_HAVE_unlikely 1 ++# endif ++#else ++# define __lzo_unlikely(e) (e) ++#endif ++#if !defined(__lzo_static_unused_void_func) ++# if 1 && (LZO_CC_ARMCC_GNUC || LZO_CC_CLANG || (LZO_CC_GNUC >= 0x020700ul) || LZO_CC_INTELC_GNUC || LZO_CC_LLVM || LZO_CC_PATHSCALE || LZO_CC_PGI) ++# define __lzo_static_unused_void_func(f) static void __attribute__((__unused__)) f(void) ++# else ++# define __lzo_static_unused_void_func(f) static __lzo_inline void f(void) ++# endif ++#endif ++#if !defined(__lzo_loop_forever) ++# if (LZO_CC_IBMC) ++# define __lzo_loop_forever() LZO_BLOCK_BEGIN for (;;) { ; } LZO_BLOCK_END ++# else ++# define __lzo_loop_forever() do { ; } while __lzo_cte(1) ++# endif ++#endif ++#if !defined(__lzo_unreachable) ++#if (LZO_CC_CLANG && (LZO_CC_CLANG >= 0x020800ul)) ++# define __lzo_unreachable() __builtin_unreachable(); ++#elif (LZO_CC_GNUC >= 0x040500ul) ++# define __lzo_unreachable() __builtin_unreachable(); ++#elif (LZO_CC_INTELC_GNUC && (__INTEL_COMPILER >= 1300)) && 1 ++# define __lzo_unreachable() __builtin_unreachable(); ++#endif ++#endif ++#if defined(__lzo_unreachable) ++# ifndef __lzo_HAVE_unreachable ++# define __lzo_HAVE_unreachable 1 ++# endif ++#else ++# if 0 ++# define __lzo_unreachable() ((void)0); ++# else ++# define __lzo_unreachable() __lzo_loop_forever(); ++# endif ++#endif ++#ifndef __LZO_CTA_NAME ++#if (LZO_CFG_USE_COUNTER) ++# define __LZO_CTA_NAME(a) LZO_PP_ECONCAT2(a,__COUNTER__) ++#else ++# define __LZO_CTA_NAME(a) LZO_PP_ECONCAT2(a,__LINE__) ++#endif ++#endif ++#if !defined(LZO_COMPILE_TIME_ASSERT_HEADER) ++# if (LZO_CC_AZTECC || LZO_CC_ZORTECHC) ++# define LZO_COMPILE_TIME_ASSERT_HEADER(e) LZO_EXTERN_C_BEGIN extern int __LZO_CTA_NAME(lzo_cta__)[1-!(e)]; LZO_EXTERN_C_END ++# elif (LZO_CC_DMC || LZO_CC_SYMANTECC) ++# define LZO_COMPILE_TIME_ASSERT_HEADER(e) LZO_EXTERN_C_BEGIN extern int __LZO_CTA_NAME(lzo_cta__)[1u-2*!(e)]; LZO_EXTERN_C_END ++# elif (LZO_CC_TURBOC && (__TURBOC__ == 0x0295)) ++# define LZO_COMPILE_TIME_ASSERT_HEADER(e) LZO_EXTERN_C_BEGIN extern int __LZO_CTA_NAME(lzo_cta__)[1-!(e)]; LZO_EXTERN_C_END ++# elif (LZO_CC_CLANG && (LZO_CC_CLANG < 0x020900ul)) && defined(__cplusplus) ++# define LZO_COMPILE_TIME_ASSERT_HEADER(e) LZO_EXTERN_C_BEGIN int __LZO_CTA_NAME(lzo_cta_f__)(int [1-2*!(e)]); LZO_EXTERN_C_END ++# elif (LZO_CC_GNUC) && defined(__CHECKER__) && defined(__SPARSE_CHECKER__) ++# define LZO_COMPILE_TIME_ASSERT_HEADER(e) LZO_EXTERN_C_BEGIN enum {__LZO_CTA_NAME(lzo_cta_e__)=1/!!(e)} __attribute__((__unused__)); LZO_EXTERN_C_END ++# else ++# define LZO_COMPILE_TIME_ASSERT_HEADER(e) LZO_EXTERN_C_BEGIN extern int __LZO_CTA_NAME(lzo_cta__)[1-2*!(e)]; LZO_EXTERN_C_END ++# endif ++#endif ++#if !defined(LZO_COMPILE_TIME_ASSERT) ++# if (LZO_CC_AZTECC) ++# define LZO_COMPILE_TIME_ASSERT(e) {typedef int __LZO_CTA_NAME(lzo_cta_t__)[1-!(e)];} ++# elif (LZO_CC_DMC || LZO_CC_PACIFICC || LZO_CC_SYMANTECC || LZO_CC_ZORTECHC) ++# define LZO_COMPILE_TIME_ASSERT(e) switch(0) case 1:case !(e):break; ++# elif (LZO_CC_GNUC) && defined(__CHECKER__) && defined(__SPARSE_CHECKER__) ++# define LZO_COMPILE_TIME_ASSERT(e) {(void) (0/!!(e));} ++# elif (LZO_CC_GNUC >= 0x040700ul) && (LZO_CFG_USE_COUNTER) && defined(__cplusplus) ++# define LZO_COMPILE_TIME_ASSERT(e) {enum {__LZO_CTA_NAME(lzo_cta_e__)=1/!!(e)} __attribute__((__unused__));} ++# elif (LZO_CC_GNUC >= 0x040700ul) ++# define LZO_COMPILE_TIME_ASSERT(e) {typedef int __LZO_CTA_NAME(lzo_cta_t__)[1-2*!(e)] __attribute__((__unused__));} ++# elif (LZO_CC_MSC && (_MSC_VER < 900)) ++# define LZO_COMPILE_TIME_ASSERT(e) switch(0) case 1:case !(e):break; ++# elif (LZO_CC_TURBOC && (__TURBOC__ == 0x0295)) ++# define LZO_COMPILE_TIME_ASSERT(e) switch(0) case 1:case !(e):break; ++# else ++# define LZO_COMPILE_TIME_ASSERT(e) {typedef int __LZO_CTA_NAME(lzo_cta_t__)[1-2*!(e)];} ++# endif ++#endif ++LZO_COMPILE_TIME_ASSERT_HEADER(1 == 1) ++#if defined(__cplusplus) ++extern "C" { LZO_COMPILE_TIME_ASSERT_HEADER(2 == 2) } ++#endif ++LZO_COMPILE_TIME_ASSERT_HEADER(3 == 3) ++#if (LZO_ARCH_I086 || LZO_ARCH_I386) && (LZO_OS_DOS16 || LZO_OS_DOS32 || LZO_OS_OS2 || LZO_OS_OS216 || LZO_OS_WIN16 || LZO_OS_WIN32 || LZO_OS_WIN64) ++# if (LZO_CC_GNUC || LZO_CC_HIGHC || LZO_CC_NDPC || LZO_CC_PACIFICC) ++# elif (LZO_CC_DMC || LZO_CC_SYMANTECC || LZO_CC_ZORTECHC) ++# define __lzo_cdecl __cdecl ++# define __lzo_cdecl_atexit /*empty*/ ++# define __lzo_cdecl_main __cdecl ++# if (LZO_OS_OS2 && (LZO_CC_DMC || LZO_CC_SYMANTECC)) ++# define __lzo_cdecl_qsort __pascal ++# elif (LZO_OS_OS2 && (LZO_CC_ZORTECHC)) ++# define __lzo_cdecl_qsort _stdcall ++# else ++# define __lzo_cdecl_qsort __cdecl ++# endif ++# elif (LZO_CC_WATCOMC) ++# define __lzo_cdecl __cdecl ++# else ++# define __lzo_cdecl __cdecl ++# define __lzo_cdecl_atexit __cdecl ++# define __lzo_cdecl_main __cdecl ++# define __lzo_cdecl_qsort __cdecl ++# endif ++# if (LZO_CC_GNUC || LZO_CC_HIGHC || LZO_CC_NDPC || LZO_CC_PACIFICC || LZO_CC_WATCOMC) ++# elif (LZO_OS_OS2 && (LZO_CC_DMC || LZO_CC_SYMANTECC)) ++# define __lzo_cdecl_sighandler __pascal ++# elif (LZO_OS_OS2 && (LZO_CC_ZORTECHC)) ++# define __lzo_cdecl_sighandler _stdcall ++# elif (LZO_CC_MSC && (_MSC_VER >= 1400)) && defined(_M_CEE_PURE) ++# define __lzo_cdecl_sighandler __clrcall ++# elif (LZO_CC_MSC && (_MSC_VER >= 600 && _MSC_VER < 700)) ++# if defined(_DLL) ++# define __lzo_cdecl_sighandler _far _cdecl _loadds ++# elif defined(_MT) ++# define __lzo_cdecl_sighandler _far _cdecl ++# else ++# define __lzo_cdecl_sighandler _cdecl ++# endif ++# else ++# define __lzo_cdecl_sighandler __cdecl ++# endif ++#elif (LZO_ARCH_I386) && (LZO_CC_WATCOMC) ++# define __lzo_cdecl __cdecl ++#elif (LZO_ARCH_M68K && LZO_OS_TOS && (LZO_CC_PUREC || LZO_CC_TURBOC)) ++# define __lzo_cdecl cdecl ++#endif ++#if !defined(__lzo_cdecl) ++# define __lzo_cdecl /*empty*/ ++#endif ++#if !defined(__lzo_cdecl_atexit) ++# define __lzo_cdecl_atexit /*empty*/ ++#endif ++#if !defined(__lzo_cdecl_main) ++# define __lzo_cdecl_main /*empty*/ ++#endif ++#if !defined(__lzo_cdecl_qsort) ++# define __lzo_cdecl_qsort /*empty*/ ++#endif ++#if !defined(__lzo_cdecl_sighandler) ++# define __lzo_cdecl_sighandler /*empty*/ ++#endif ++#if !defined(__lzo_cdecl_va) ++# define __lzo_cdecl_va __lzo_cdecl ++#endif ++#if !(LZO_CFG_NO_WINDOWS_H) ++#if !defined(LZO_HAVE_WINDOWS_H) ++#if (LZO_OS_CYGWIN || (LZO_OS_EMX && defined(__RSXNT__)) || LZO_OS_WIN32 || LZO_OS_WIN64) ++# if (LZO_CC_WATCOMC && (__WATCOMC__ < 1000)) ++# elif (LZO_OS_WIN32 && LZO_CC_GNUC) && defined(__PW32__) ++# elif ((LZO_OS_CYGWIN || defined(__MINGW32__)) && (LZO_CC_GNUC && (LZO_CC_GNUC < 0x025f00ul))) ++# else ++# define LZO_HAVE_WINDOWS_H 1 ++# endif ++#endif ++#endif ++#endif ++#ifndef LZO_SIZEOF_SHORT + #if defined(SIZEOF_SHORT) + # define LZO_SIZEOF_SHORT (SIZEOF_SHORT) ++#elif defined(__SIZEOF_SHORT__) ++# define LZO_SIZEOF_SHORT (__SIZEOF_SHORT__) + #endif ++#endif ++#ifndef LZO_SIZEOF_INT + #if defined(SIZEOF_INT) + # define LZO_SIZEOF_INT (SIZEOF_INT) ++#elif defined(__SIZEOF_INT__) ++# define LZO_SIZEOF_INT (__SIZEOF_INT__) + #endif ++#endif ++#ifndef LZO_SIZEOF_LONG + #if defined(SIZEOF_LONG) + # define LZO_SIZEOF_LONG (SIZEOF_LONG) ++#elif defined(__SIZEOF_LONG__) ++# define LZO_SIZEOF_LONG (__SIZEOF_LONG__) + #endif ++#endif ++#ifndef LZO_SIZEOF_LONG_LONG + #if defined(SIZEOF_LONG_LONG) + # define LZO_SIZEOF_LONG_LONG (SIZEOF_LONG_LONG) ++#elif defined(__SIZEOF_LONG_LONG__) ++# define LZO_SIZEOF_LONG_LONG (__SIZEOF_LONG_LONG__) + #endif ++#endif ++#ifndef LZO_SIZEOF___INT16 + #if defined(SIZEOF___INT16) + # define LZO_SIZEOF___INT16 (SIZEOF___INT16) + #endif ++#endif ++#ifndef LZO_SIZEOF___INT32 + #if defined(SIZEOF___INT32) + # define LZO_SIZEOF___INT32 (SIZEOF___INT32) + #endif ++#endif ++#ifndef LZO_SIZEOF___INT64 + #if defined(SIZEOF___INT64) + # define LZO_SIZEOF___INT64 (SIZEOF___INT64) + #endif ++#endif ++#ifndef LZO_SIZEOF_VOID_P + #if defined(SIZEOF_VOID_P) + # define LZO_SIZEOF_VOID_P (SIZEOF_VOID_P) ++#elif defined(__SIZEOF_POINTER__) ++# define LZO_SIZEOF_VOID_P (__SIZEOF_POINTER__) + #endif ++#endif ++#ifndef LZO_SIZEOF_SIZE_T + #if defined(SIZEOF_SIZE_T) + # define LZO_SIZEOF_SIZE_T (SIZEOF_SIZE_T) ++#elif defined(__SIZEOF_SIZE_T__) ++# define LZO_SIZEOF_SIZE_T (__SIZEOF_SIZE_T__) + #endif ++#endif ++#ifndef LZO_SIZEOF_PTRDIFF_T + #if defined(SIZEOF_PTRDIFF_T) + # define LZO_SIZEOF_PTRDIFF_T (SIZEOF_PTRDIFF_T) ++#elif defined(__SIZEOF_PTRDIFF_T__) ++# define LZO_SIZEOF_PTRDIFF_T (__SIZEOF_PTRDIFF_T__) ++#endif + #endif + #define __LZO_LSR(x,b) (((x)+0ul) >> (b)) + #if !defined(LZO_SIZEOF_SHORT) +@@ -1080,6 +2060,7 @@ extern "C" { + # error "LZO_SIZEOF_SHORT" + # endif + #endif ++LZO_COMPILE_TIME_ASSERT_HEADER(LZO_SIZEOF_SHORT == sizeof(short)) + #if !defined(LZO_SIZEOF_INT) + # if (LZO_ARCH_CRAY_PVP) + # define LZO_SIZEOF_INT 8 +@@ -1101,6 +2082,7 @@ extern "C" { + # error "LZO_SIZEOF_INT" + # endif + #endif ++LZO_COMPILE_TIME_ASSERT_HEADER(LZO_SIZEOF_INT == sizeof(int)) + #if !defined(LZO_SIZEOF_LONG) + # if (ULONG_MAX == LZO_0xffffffffL) + # define LZO_SIZEOF_LONG 4 +@@ -1110,6 +2092,8 @@ extern "C" { + # define LZO_SIZEOF_LONG 2 + # elif (__LZO_LSR(ULONG_MAX,31) == 1) + # define LZO_SIZEOF_LONG 4 ++# elif (__LZO_LSR(ULONG_MAX,39) == 1) ++# define LZO_SIZEOF_LONG 5 + # elif (__LZO_LSR(ULONG_MAX,63) == 1) + # define LZO_SIZEOF_LONG 8 + # elif (__LZO_LSR(ULONG_MAX,127) == 1) +@@ -1118,11 +2102,12 @@ extern "C" { + # error "LZO_SIZEOF_LONG" + # endif + #endif ++LZO_COMPILE_TIME_ASSERT_HEADER(LZO_SIZEOF_LONG == sizeof(long)) + #if !defined(LZO_SIZEOF_LONG_LONG) && !defined(LZO_SIZEOF___INT64) + #if (LZO_SIZEOF_LONG > 0 && LZO_SIZEOF_LONG < 8) + # if defined(__LONG_MAX__) && defined(__LONG_LONG_MAX__) + # if (LZO_CC_GNUC >= 0x030300ul) +-# if ((__LONG_MAX__)+0 == (__LONG_LONG_MAX__)+0) ++# if ((__LONG_MAX__-0) == (__LONG_LONG_MAX__-0)) + # define LZO_SIZEOF_LONG_LONG LZO_SIZEOF_LONG + # elif (__LZO_LSR(__LONG_LONG_MAX__,30) == 1) + # define LZO_SIZEOF_LONG_LONG 4 +@@ -1136,7 +2121,7 @@ extern "C" { + #if (LZO_ARCH_I086 && LZO_CC_DMC) + #elif (LZO_CC_CILLY) && defined(__GNUC__) + # define LZO_SIZEOF_LONG_LONG 8 +-#elif (LZO_CC_CLANG || LZO_CC_GNUC || LZO_CC_LLVM || LZO_CC_PATHSCALE) ++#elif (LZO_CC_ARMCC_GNUC || LZO_CC_CLANG || LZO_CC_GNUC || LZO_CC_LLVM || LZO_CC_PATHSCALE) + # define LZO_SIZEOF_LONG_LONG 8 + #elif ((LZO_OS_WIN32 || LZO_OS_WIN64 || defined(_WIN32)) && LZO_CC_MSC && (_MSC_VER >= 1400)) + # define LZO_SIZEOF_LONG_LONG 8 +@@ -1158,11 +2143,13 @@ extern "C" { + # define LZO_SIZEOF___INT64 8 + #elif (LZO_ARCH_I386 && (LZO_CC_WATCOMC && (__WATCOMC__ >= 1100))) + # define LZO_SIZEOF___INT64 8 +-#elif (LZO_CC_WATCOMC && defined(_INTEGRAL_MAX_BITS) && (_INTEGRAL_MAX_BITS == 64)) ++#elif (LZO_CC_GHS && defined(__LLONG_BIT) && ((__LLONG_BIT-0) == 64)) ++# define LZO_SIZEOF_LONG_LONG 8 ++#elif (LZO_CC_WATCOMC && defined(_INTEGRAL_MAX_BITS) && ((_INTEGRAL_MAX_BITS-0) == 64)) + # define LZO_SIZEOF___INT64 8 + #elif (LZO_OS_OS400 || defined(__OS400__)) && defined(__LLP64_IFC__) + # define LZO_SIZEOF_LONG_LONG 8 +-#elif (defined(__vms) || defined(__VMS)) && (__INITIAL_POINTER_SIZE+0 == 64) ++#elif (defined(__vms) || defined(__VMS)) && ((__INITIAL_POINTER_SIZE-0) == 64) + # define LZO_SIZEOF_LONG_LONG 8 + #elif (LZO_CC_SDCC) && (LZO_SIZEOF_INT == 2) + #elif 1 && defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) +@@ -1175,87 +2162,127 @@ extern "C" { + # undef LZO_SIZEOF_LONG_LONG + # endif + #endif +-#if (LZO_CFG_NO_LONG_LONG) || defined(__NO_LONG_LONG) ++#if (LZO_CFG_NO_LONG_LONG) ++# undef LZO_SIZEOF_LONG_LONG ++#elif defined(__NO_LONG_LONG) ++# undef LZO_SIZEOF_LONG_LONG ++#elif defined(_NO_LONGLONG) + # undef LZO_SIZEOF_LONG_LONG + #endif +-#if !defined(LZO_SIZEOF_VOID_P) +-#if (LZO_ARCH_I086) +-# define __LZO_WORDSIZE 2 +-# if (LZO_MM_TINY || LZO_MM_SMALL || LZO_MM_MEDIUM) +-# define LZO_SIZEOF_VOID_P 2 +-# elif (LZO_MM_COMPACT || LZO_MM_LARGE || LZO_MM_HUGE) +-# define LZO_SIZEOF_VOID_P 4 ++#if !defined(LZO_WORDSIZE) ++#if (LZO_ARCH_ALPHA) ++# define LZO_WORDSIZE 8 ++#elif (LZO_ARCH_AMD64) ++# define LZO_WORDSIZE 8 ++#elif (LZO_ARCH_AVR) ++# define LZO_WORDSIZE 1 ++#elif (LZO_ARCH_H8300) ++# if defined(__NORMAL_MODE__) ++# define LZO_WORDSIZE 4 ++# elif defined(__H8300H__) || defined(__H8300S__) || defined(__H8300SX__) ++# define LZO_WORDSIZE 4 + # else +-# error "LZO_MM" ++# define LZO_WORDSIZE 2 + # endif +-#elif (LZO_ARCH_AVR || LZO_ARCH_Z80) +-# define __LZO_WORDSIZE 1 ++#elif (LZO_ARCH_I086) ++# define LZO_WORDSIZE 2 ++#elif (LZO_ARCH_IA64) ++# define LZO_WORDSIZE 8 ++#elif (LZO_ARCH_M16C) ++# define LZO_WORDSIZE 2 ++#elif (LZO_ARCH_SPU) ++# define LZO_WORDSIZE 4 ++#elif (LZO_ARCH_Z80) ++# define LZO_WORDSIZE 1 ++#elif (LZO_SIZEOF_LONG == 8) && ((defined(__mips__) && defined(__R5900__)) || defined(__MIPS_PSX2__)) ++# define LZO_WORDSIZE 8 ++#elif (LZO_OS_OS400 || defined(__OS400__)) ++# define LZO_WORDSIZE 8 ++#elif (defined(__vms) || defined(__VMS)) && (__INITIAL_POINTER_SIZE+0 == 64) ++# define LZO_WORDSIZE 8 ++#endif ++#endif ++#if !defined(LZO_SIZEOF_VOID_P) ++#if defined(__ILP32__) || defined(__ILP32) || defined(_ILP32) ++LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(int) == 4) ++LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(long) == 4) ++# define LZO_SIZEOF_VOID_P 4 ++#elif defined(__ILP64__) || defined(__ILP64) || defined(_ILP64) ++LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(int) == 8) ++LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(long) == 8) ++# define LZO_SIZEOF_VOID_P 8 ++#elif defined(__LLP64__) || defined(__LLP64) || defined(_LLP64) || defined(_WIN64) ++LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(long) == 4) ++# define LZO_SIZEOF_VOID_P 8 ++#elif defined(__LP64__) || defined(__LP64) || defined(_LP64) ++LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(long) == 8) ++# define LZO_SIZEOF_VOID_P 8 ++#elif (LZO_ARCH_AVR) + # define LZO_SIZEOF_VOID_P 2 + #elif (LZO_ARCH_C166 || LZO_ARCH_MCS51 || LZO_ARCH_MCS251 || LZO_ARCH_MSP430) + # define LZO_SIZEOF_VOID_P 2 + #elif (LZO_ARCH_H8300) + # if defined(__NORMAL_MODE__) +-# define __LZO_WORDSIZE 4 + # define LZO_SIZEOF_VOID_P 2 + # elif defined(__H8300H__) || defined(__H8300S__) || defined(__H8300SX__) +-# define __LZO_WORDSIZE 4 + # define LZO_SIZEOF_VOID_P 4 + # else +-# define __LZO_WORDSIZE 2 + # define LZO_SIZEOF_VOID_P 2 + # endif + # if (LZO_CC_GNUC && (LZO_CC_GNUC < 0x040000ul)) && (LZO_SIZEOF_INT == 4) + # define LZO_SIZEOF_SIZE_T LZO_SIZEOF_INT + # define LZO_SIZEOF_PTRDIFF_T LZO_SIZEOF_INT + # endif ++#elif (LZO_ARCH_I086) ++# if (LZO_MM_TINY || LZO_MM_SMALL || LZO_MM_MEDIUM) ++# define LZO_SIZEOF_VOID_P 2 ++# elif (LZO_MM_COMPACT || LZO_MM_LARGE || LZO_MM_HUGE) ++# define LZO_SIZEOF_VOID_P 4 ++# else ++# error "invalid LZO_ARCH_I086 memory model" ++# endif + #elif (LZO_ARCH_M16C) +-# define __LZO_WORDSIZE 2 + # if defined(__m32c_cpu__) || defined(__m32cm_cpu__) + # define LZO_SIZEOF_VOID_P 4 + # else + # define LZO_SIZEOF_VOID_P 2 + # endif ++#elif (LZO_ARCH_SPU) ++# define LZO_SIZEOF_VOID_P 4 ++#elif (LZO_ARCH_Z80) ++# define LZO_SIZEOF_VOID_P 2 + #elif (LZO_SIZEOF_LONG == 8) && ((defined(__mips__) && defined(__R5900__)) || defined(__MIPS_PSX2__)) +-# define __LZO_WORDSIZE 8 + # define LZO_SIZEOF_VOID_P 4 +-#elif defined(__LLP64__) || defined(__LLP64) || defined(_LLP64) || defined(_WIN64) +-# define __LZO_WORDSIZE 8 +-# define LZO_SIZEOF_VOID_P 8 +-#elif (LZO_OS_OS400 || defined(__OS400__)) && defined(__LLP64_IFC__) +-# define LZO_SIZEOF_VOID_P LZO_SIZEOF_LONG +-# define LZO_SIZEOF_SIZE_T LZO_SIZEOF_LONG +-# define LZO_SIZEOF_PTRDIFF_T LZO_SIZEOF_LONG + #elif (LZO_OS_OS400 || defined(__OS400__)) +-# define __LZO_WORDSIZE LZO_SIZEOF_LONG +-# define LZO_SIZEOF_VOID_P 16 +-# define LZO_SIZEOF_SIZE_T LZO_SIZEOF_LONG +-# define LZO_SIZEOF_PTRDIFF_T LZO_SIZEOF_LONG +-#elif (defined(__vms) || defined(__VMS)) && (__INITIAL_POINTER_SIZE+0 == 64) +-# define LZO_SIZEOF_VOID_P 8 +-# define LZO_SIZEOF_SIZE_T LZO_SIZEOF_LONG +-# define LZO_SIZEOF_PTRDIFF_T LZO_SIZEOF_LONG +-#elif (LZO_ARCH_SPU) +-# if 0 +-# define __LZO_WORDSIZE 16 +-# endif +-# define LZO_SIZEOF_VOID_P 4 +-#else +-# define LZO_SIZEOF_VOID_P LZO_SIZEOF_LONG +-#endif +-#endif +-#if !defined(LZO_WORDSIZE) +-# if defined(__LZO_WORDSIZE) +-# define LZO_WORDSIZE __LZO_WORDSIZE ++# if defined(__LLP64_IFC__) ++# define LZO_SIZEOF_VOID_P 8 ++# define LZO_SIZEOF_SIZE_T LZO_SIZEOF_LONG ++# define LZO_SIZEOF_PTRDIFF_T LZO_SIZEOF_LONG + # else +-# define LZO_WORDSIZE LZO_SIZEOF_VOID_P ++# define LZO_SIZEOF_VOID_P 16 ++# define LZO_SIZEOF_SIZE_T LZO_SIZEOF_LONG ++# define LZO_SIZEOF_PTRDIFF_T LZO_SIZEOF_LONG + # endif ++#elif (defined(__vms) || defined(__VMS)) && (__INITIAL_POINTER_SIZE+0 == 64) ++# define LZO_SIZEOF_VOID_P 8 ++# define LZO_SIZEOF_SIZE_T LZO_SIZEOF_LONG ++# define LZO_SIZEOF_PTRDIFF_T LZO_SIZEOF_LONG + #endif ++#endif ++#if !defined(LZO_SIZEOF_VOID_P) ++# define LZO_SIZEOF_VOID_P LZO_SIZEOF_LONG ++#endif ++LZO_COMPILE_TIME_ASSERT_HEADER(LZO_SIZEOF_VOID_P == sizeof(void *)) + #if !defined(LZO_SIZEOF_SIZE_T) + #if (LZO_ARCH_I086 || LZO_ARCH_M16C) + # define LZO_SIZEOF_SIZE_T 2 +-#else ++#endif ++#endif ++#if !defined(LZO_SIZEOF_SIZE_T) + # define LZO_SIZEOF_SIZE_T LZO_SIZEOF_VOID_P + #endif ++#if defined(offsetof) ++LZO_COMPILE_TIME_ASSERT_HEADER(LZO_SIZEOF_SIZE_T == sizeof(size_t)) + #endif + #if !defined(LZO_SIZEOF_PTRDIFF_T) + #if (LZO_ARCH_I086) +@@ -1268,11 +2295,18 @@ extern "C" { + # define LZO_SIZEOF_PTRDIFF_T 2 + # endif + # else +-# error "LZO_MM" ++# error "invalid LZO_ARCH_I086 memory model" + # endif +-#else ++#endif ++#endif ++#if !defined(LZO_SIZEOF_PTRDIFF_T) + # define LZO_SIZEOF_PTRDIFF_T LZO_SIZEOF_SIZE_T + #endif ++#if defined(offsetof) ++LZO_COMPILE_TIME_ASSERT_HEADER(LZO_SIZEOF_PTRDIFF_T == sizeof(ptrdiff_t)) ++#endif ++#if !defined(LZO_WORDSIZE) ++# define LZO_WORDSIZE LZO_SIZEOF_VOID_P + #endif + #if (LZO_ABI_NEUTRAL_ENDIAN) + # undef LZO_ABI_BIG_ENDIAN +@@ -1284,7 +2318,7 @@ extern "C" { + # define LZO_ABI_LITTLE_ENDIAN 1 + #elif (LZO_ARCH_ALPHA || LZO_ARCH_AMD64 || LZO_ARCH_BLACKFIN || LZO_ARCH_CRIS || LZO_ARCH_I086 || LZO_ARCH_I386 || LZO_ARCH_MSP430) + # define LZO_ABI_LITTLE_ENDIAN 1 +-#elif (LZO_ARCH_AVR32 || LZO_ARCH_M68K || LZO_ARCH_S390) ++#elif (LZO_ARCH_AVR32 || LZO_ARCH_M68K || LZO_ARCH_S390 || LZO_ARCH_SPU) + # define LZO_ABI_BIG_ENDIAN 1 + #elif 1 && defined(__IAR_SYSTEMS_ICC__) && defined(__LITTLE_ENDIAN__) + # if (__LITTLE_ENDIAN__ == 1) +@@ -1300,6 +2334,19 @@ extern "C" { + # define LZO_ABI_BIG_ENDIAN 1 + #elif 1 && (LZO_ARCH_ARM) && defined(__ARMEL__) && !defined(__ARMEB__) + # define LZO_ABI_LITTLE_ENDIAN 1 ++#elif 1 && (LZO_ARCH_ARM && LZO_CC_ARMCC_ARMCC) ++# if defined(__BIG_ENDIAN) && defined(__LITTLE_ENDIAN) ++# error "unexpected configuration - check your compiler defines" ++# elif defined(__BIG_ENDIAN) ++# define LZO_ABI_BIG_ENDIAN 1 ++# else ++# define LZO_ABI_LITTLE_ENDIAN 1 ++# endif ++# define LZO_ABI_LITTLE_ENDIAN 1 ++#elif 1 && (LZO_ARCH_ARM64) && defined(__AARCH64EB__) && !defined(__AARCH64EL__) ++# define LZO_ABI_BIG_ENDIAN 1 ++#elif 1 && (LZO_ARCH_ARM64) && defined(__AARCH64EL__) && !defined(__AARCH64EB__) ++# define LZO_ABI_LITTLE_ENDIAN 1 + #elif 1 && (LZO_ARCH_MIPS) && defined(__MIPSEB__) && !defined(__MIPSEL__) + # define LZO_ABI_BIG_ENDIAN 1 + #elif 1 && (LZO_ARCH_MIPS) && defined(__MIPSEL__) && !defined(__MIPSEB__) +@@ -1307,7 +2354,7 @@ extern "C" { + #endif + #endif + #if (LZO_ABI_BIG_ENDIAN) && (LZO_ABI_LITTLE_ENDIAN) +-# error "this should not happen" ++# error "unexpected configuration - check your compiler defines" + #endif + #if (LZO_ABI_BIG_ENDIAN) + # define LZO_INFO_ABI_ENDIAN "be" +@@ -1322,6 +2369,9 @@ extern "C" { + #elif (LZO_SIZEOF_INT == 2 && LZO_SIZEOF_LONG == 2 && LZO_SIZEOF_VOID_P == 2) + # define LZO_ABI_ILP16 1 + # define LZO_INFO_ABI_PM "ilp16" ++#elif (LZO_SIZEOF_INT == 2 && LZO_SIZEOF_LONG == 4 && LZO_SIZEOF_VOID_P == 4) ++# define LZO_ABI_LP32 1 ++# define LZO_INFO_ABI_PM "lp32" + #elif (LZO_SIZEOF_INT == 4 && LZO_SIZEOF_LONG == 4 && LZO_SIZEOF_VOID_P == 4) + # define LZO_ABI_ILP32 1 + # define LZO_INFO_ABI_PM "ilp32" +@@ -1338,7 +2388,8 @@ extern "C" { + # define LZO_ABI_IP32L64 1 + # define LZO_INFO_ABI_PM "ip32l64" + #endif +-#if !defined(__LZO_LIBC_OVERRIDE) ++#if 0 ++#elif !defined(__LZO_LIBC_OVERRIDE) + #if (LZO_LIBC_NAKED) + # define LZO_INFO_LIBC "naked" + #elif (LZO_LIBC_FREESTANDING) +@@ -1349,6 +2400,9 @@ extern "C" { + # define LZO_INFO_LIBC "isoc90" + #elif (LZO_LIBC_ISOC99) + # define LZO_INFO_LIBC "isoc99" ++#elif (LZO_CC_ARMCC_ARMCC) && defined(__ARMCLIB_VERSION) ++# define LZO_LIBC_ISOC90 1 ++# define LZO_INFO_LIBC "isoc90" + #elif defined(__dietlibc__) + # define LZO_LIBC_DIETLIBC 1 + # define LZO_INFO_LIBC "dietlibc" +@@ -1357,13 +2411,13 @@ extern "C" { + # define LZO_INFO_LIBC "newlib" + #elif defined(__UCLIBC__) && defined(__UCLIBC_MAJOR__) && defined(__UCLIBC_MINOR__) + # if defined(__UCLIBC_SUBLEVEL__) +-# define LZO_LIBC_UCLIBC (__UCLIBC_MAJOR__ * 0x10000L + __UCLIBC_MINOR__ * 0x100 + __UCLIBC_SUBLEVEL__) ++# define LZO_LIBC_UCLIBC (__UCLIBC_MAJOR__ * 0x10000L + (__UCLIBC_MINOR__-0) * 0x100 + (__UCLIBC_SUBLEVEL__-0)) + # else + # define LZO_LIBC_UCLIBC 0x00090bL + # endif +-# define LZO_INFO_LIBC "uclibc" ++# define LZO_INFO_LIBC "uc" "libc" + #elif defined(__GLIBC__) && defined(__GLIBC_MINOR__) +-# define LZO_LIBC_GLIBC (__GLIBC__ * 0x10000L + __GLIBC_MINOR__ * 0x100) ++# define LZO_LIBC_GLIBC (__GLIBC__ * 0x10000L + (__GLIBC_MINOR__-0) * 0x100) + # define LZO_INFO_LIBC "glibc" + #elif (LZO_CC_MWERKS) && defined(__MSL__) + # define LZO_LIBC_MSL __MSL__ +@@ -1376,423 +2430,159 @@ extern "C" { + # define LZO_INFO_LIBC "default" + #endif + #endif +-#if !defined(__lzo_gnuc_extension__) +-#if (LZO_CC_GNUC >= 0x020800ul) +-# define __lzo_gnuc_extension__ __extension__ +-#elif (LZO_CC_CLANG || LZO_CC_LLVM || LZO_CC_PATHSCALE) +-# define __lzo_gnuc_extension__ __extension__ +-#else +-# define __lzo_gnuc_extension__ /*empty*/ +-#endif +-#endif +-#if !defined(__lzo_ua_volatile) +-# define __lzo_ua_volatile volatile +-#endif +-#if !defined(__lzo_alignof) +-#if (LZO_CC_CILLY || LZO_CC_CLANG || LZO_CC_GNUC || LZO_CC_LLVM || LZO_CC_PATHSCALE || LZO_CC_PGI) +-# define __lzo_alignof(e) __alignof__(e) +-#elif (LZO_CC_INTELC && (__INTEL_COMPILER >= 700)) +-# define __lzo_alignof(e) __alignof__(e) +-#elif (LZO_CC_MSC && (_MSC_VER >= 1300)) +-# define __lzo_alignof(e) __alignof(e) +-#elif (LZO_CC_SUNPROC && (LZO_CC_SUNPROC >= 0x5100)) +-# define __lzo_alignof(e) __alignof__(e) +-#endif +-#endif +-#if defined(__lzo_alignof) +-# define __lzo_HAVE_alignof 1 +-#endif +-#if !defined(__lzo_constructor) +-#if (LZO_CC_GNUC >= 0x030400ul) +-# define __lzo_constructor __attribute__((__constructor__,__used__)) +-#elif (LZO_CC_GNUC >= 0x020700ul) +-# define __lzo_constructor __attribute__((__constructor__)) +-#elif (LZO_CC_CLANG || LZO_CC_LLVM || LZO_CC_PATHSCALE) +-# define __lzo_constructor __attribute__((__constructor__)) +-#endif +-#endif +-#if defined(__lzo_constructor) +-# define __lzo_HAVE_constructor 1 +-#endif +-#if !defined(__lzo_destructor) +-#if (LZO_CC_GNUC >= 0x030400ul) +-# define __lzo_destructor __attribute__((__destructor__,__used__)) +-#elif (LZO_CC_GNUC >= 0x020700ul) +-# define __lzo_destructor __attribute__((__destructor__)) +-#elif (LZO_CC_CLANG || LZO_CC_LLVM || LZO_CC_PATHSCALE) +-# define __lzo_destructor __attribute__((__destructor__)) +-#endif +-#endif +-#if defined(__lzo_destructor) +-# define __lzo_HAVE_destructor 1 +-#endif +-#if (__lzo_HAVE_destructor) && !(__lzo_HAVE_constructor) +-# error "this should not happen" +-#endif +-#if !defined(__lzo_inline) +-#if (LZO_CC_TURBOC && (__TURBOC__ <= 0x0295)) +-#elif defined(__cplusplus) +-# define __lzo_inline inline +-#elif (LZO_CC_BORLANDC && (__BORLANDC__ >= 0x0550)) +-# define __lzo_inline __inline +-#elif (LZO_CC_CILLY || LZO_CC_CLANG || LZO_CC_GNUC || LZO_CC_LLVM || LZO_CC_PATHSCALE || LZO_CC_PGI) +-# define __lzo_inline __inline__ +-#elif (LZO_CC_DMC) +-# define __lzo_inline __inline +-#elif (LZO_CC_INTELC) +-# define __lzo_inline __inline +-#elif (LZO_CC_MWERKS && (__MWERKS__ >= 0x2405)) +-# define __lzo_inline __inline +-#elif (LZO_CC_MSC && (_MSC_VER >= 900)) +-# define __lzo_inline __inline +-#elif (LZO_CC_SUNPROC && (LZO_CC_SUNPROC >= 0x5100)) +-# define __lzo_inline __inline__ +-#elif defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) +-# define __lzo_inline inline +-#endif +-#endif +-#if defined(__lzo_inline) +-# define __lzo_HAVE_inline 1 +-#else +-# define __lzo_inline /*empty*/ +-#endif +-#if !defined(__lzo_forceinline) +-#if (LZO_CC_GNUC >= 0x030200ul) +-# define __lzo_forceinline __inline__ __attribute__((__always_inline__)) +-#elif (LZO_CC_INTELC && (__INTEL_COMPILER >= 450) && LZO_CC_SYNTAX_MSC) +-# define __lzo_forceinline __forceinline +-#elif (LZO_CC_INTELC && (__INTEL_COMPILER >= 800) && LZO_CC_SYNTAX_GNUC) +-# define __lzo_forceinline __inline__ __attribute__((__always_inline__)) +-#elif (LZO_CC_CLANG || LZO_CC_LLVM || LZO_CC_PATHSCALE) +-# define __lzo_forceinline __inline__ __attribute__((__always_inline__)) +-#elif (LZO_CC_MSC && (_MSC_VER >= 1200)) +-# define __lzo_forceinline __forceinline +-#elif (LZO_CC_SUNPROC && (LZO_CC_SUNPROC >= 0x5100)) +-# define __lzo_forceinline __inline__ __attribute__((__always_inline__)) +-#endif +-#endif +-#if defined(__lzo_forceinline) +-# define __lzo_HAVE_forceinline 1 +-#else +-# define __lzo_forceinline /*empty*/ +-#endif +-#if !defined(__lzo_noinline) +-#if 1 && (LZO_ARCH_I386) && (LZO_CC_GNUC >= 0x040000ul) && (LZO_CC_GNUC < 0x040003ul) +-# define __lzo_noinline __attribute__((__noinline__,__used__)) +-#elif (LZO_CC_GNUC >= 0x030200ul) +-# define __lzo_noinline __attribute__((__noinline__)) +-#elif (LZO_CC_INTELC && (__INTEL_COMPILER >= 600) && LZO_CC_SYNTAX_MSC) +-# define __lzo_noinline __declspec(noinline) +-#elif (LZO_CC_INTELC && (__INTEL_COMPILER >= 800) && LZO_CC_SYNTAX_GNUC) +-# define __lzo_noinline __attribute__((__noinline__)) +-#elif (LZO_CC_CLANG || LZO_CC_LLVM || LZO_CC_PATHSCALE) +-# define __lzo_noinline __attribute__((__noinline__)) +-#elif (LZO_CC_MSC && (_MSC_VER >= 1300)) +-# define __lzo_noinline __declspec(noinline) +-#elif (LZO_CC_MWERKS && (__MWERKS__ >= 0x3200) && (LZO_OS_WIN32 || LZO_OS_WIN64)) +-# if defined(__cplusplus) +-# else +-# define __lzo_noinline __declspec(noinline) +-# endif +-#elif (LZO_CC_SUNPROC && (LZO_CC_SUNPROC >= 0x5100)) +-# define __lzo_noinline __attribute__((__noinline__)) +-#endif +-#endif +-#if defined(__lzo_noinline) +-# define __lzo_HAVE_noinline 1 +-#else +-# define __lzo_noinline /*empty*/ +-#endif +-#if (__lzo_HAVE_forceinline || __lzo_HAVE_noinline) && !(__lzo_HAVE_inline) +-# error "this should not happen" +-#endif +-#if !defined(__lzo_noreturn) +-#if (LZO_CC_GNUC >= 0x020700ul) +-# define __lzo_noreturn __attribute__((__noreturn__)) +-#elif (LZO_CC_INTELC && (__INTEL_COMPILER >= 450) && LZO_CC_SYNTAX_MSC) +-# define __lzo_noreturn __declspec(noreturn) +-#elif (LZO_CC_INTELC && (__INTEL_COMPILER >= 600) && LZO_CC_SYNTAX_GNUC) +-# define __lzo_noreturn __attribute__((__noreturn__)) +-#elif (LZO_CC_CLANG || LZO_CC_LLVM || LZO_CC_PATHSCALE) +-# define __lzo_noreturn __attribute__((__noreturn__)) +-#elif (LZO_CC_MSC && (_MSC_VER >= 1200)) +-# define __lzo_noreturn __declspec(noreturn) +-#endif +-#endif +-#if defined(__lzo_noreturn) +-# define __lzo_HAVE_noreturn 1 +-#else +-# define __lzo_noreturn /*empty*/ +-#endif +-#if !defined(__lzo_nothrow) +-#if (LZO_CC_GNUC >= 0x030300ul) +-# define __lzo_nothrow __attribute__((__nothrow__)) +-#elif (LZO_CC_INTELC && (__INTEL_COMPILER >= 450) && LZO_CC_SYNTAX_MSC) && defined(__cplusplus) +-# define __lzo_nothrow __declspec(nothrow) +-#elif (LZO_CC_INTELC && (__INTEL_COMPILER >= 900) && LZO_CC_SYNTAX_GNUC) +-# define __lzo_nothrow __attribute__((__nothrow__)) +-#elif (LZO_CC_CLANG || LZO_CC_LLVM || LZO_CC_PATHSCALE) +-# define __lzo_nothrow __attribute__((__nothrow__)) +-#elif (LZO_CC_MSC && (_MSC_VER >= 1200)) && defined(__cplusplus) +-# define __lzo_nothrow __declspec(nothrow) +-#endif +-#endif +-#if defined(__lzo_nothrow) +-# define __lzo_HAVE_nothrow 1 +-#else +-# define __lzo_nothrow /*empty*/ +-#endif +-#if !defined(__lzo_restrict) +-#if (LZO_CC_GNUC >= 0x030400ul) +-# define __lzo_restrict __restrict__ +-#elif (LZO_CC_INTELC && (__INTEL_COMPILER >= 600) && LZO_CC_SYNTAX_GNUC) +-# define __lzo_restrict __restrict__ +-#elif (LZO_CC_CLANG || LZO_CC_LLVM) +-# define __lzo_restrict __restrict__ +-#elif (LZO_CC_MSC && (_MSC_VER >= 1400)) +-# define __lzo_restrict __restrict +-#endif +-#endif +-#if defined(__lzo_restrict) +-# define __lzo_HAVE_restrict 1 +-#else +-# define __lzo_restrict /*empty*/ +-#endif +-#if !defined(__lzo_likely) && !defined(__lzo_unlikely) +-#if (LZO_CC_GNUC >= 0x030200ul) +-# define __lzo_likely(e) (__builtin_expect(!!(e),1)) +-# define __lzo_unlikely(e) (__builtin_expect(!!(e),0)) +-#elif (LZO_CC_INTELC && (__INTEL_COMPILER >= 800)) +-# define __lzo_likely(e) (__builtin_expect(!!(e),1)) +-# define __lzo_unlikely(e) (__builtin_expect(!!(e),0)) +-#elif (LZO_CC_CLANG || LZO_CC_LLVM || LZO_CC_PATHSCALE) +-# define __lzo_likely(e) (__builtin_expect(!!(e),1)) +-# define __lzo_unlikely(e) (__builtin_expect(!!(e),0)) +-#endif +-#endif +-#if defined(__lzo_likely) +-# define __lzo_HAVE_likely 1 +-#else +-# define __lzo_likely(e) (e) +-#endif +-#if defined(__lzo_unlikely) +-# define __lzo_HAVE_unlikely 1 +-#else +-# define __lzo_unlikely(e) (e) +-#endif +-#if !defined(LZO_UNUSED) +-# if (LZO_CC_BORLANDC && (__BORLANDC__ >= 0x0600)) +-# define LZO_UNUSED(var) ((void) &var) +-# elif (LZO_CC_BORLANDC || LZO_CC_HIGHC || LZO_CC_NDPC || LZO_CC_PELLESC || LZO_CC_TURBOC) +-# define LZO_UNUSED(var) if (&var) ; else +-# elif (LZO_CC_CLANG || LZO_CC_GNUC || LZO_CC_LLVM || LZO_CC_PATHSCALE) +-# define LZO_UNUSED(var) ((void) var) +-# elif (LZO_CC_MSC && (_MSC_VER < 900)) +-# define LZO_UNUSED(var) if (&var) ; else +-# elif (LZO_CC_KEILC) +-# define LZO_UNUSED(var) {extern int __lzo_unused[1-2*!(sizeof(var)>0)];} +-# elif (LZO_CC_PACIFICC) +-# define LZO_UNUSED(var) ((void) sizeof(var)) +-# elif (LZO_CC_WATCOMC) && defined(__cplusplus) +-# define LZO_UNUSED(var) ((void) var) +-# else +-# define LZO_UNUSED(var) ((void) &var) +-# endif +-#endif +-#if !defined(LZO_UNUSED_FUNC) +-# if (LZO_CC_BORLANDC && (__BORLANDC__ >= 0x0600)) +-# define LZO_UNUSED_FUNC(func) ((void) func) +-# elif (LZO_CC_BORLANDC || LZO_CC_NDPC || LZO_CC_TURBOC) +-# define LZO_UNUSED_FUNC(func) if (func) ; else +-# elif (LZO_CC_CLANG || LZO_CC_LLVM) +-# define LZO_UNUSED_FUNC(func) ((void) &func) +-# elif (LZO_CC_MSC && (_MSC_VER < 900)) +-# define LZO_UNUSED_FUNC(func) if (func) ; else +-# elif (LZO_CC_MSC) +-# define LZO_UNUSED_FUNC(func) ((void) &func) +-# elif (LZO_CC_KEILC || LZO_CC_PELLESC) +-# define LZO_UNUSED_FUNC(func) {extern int __lzo_unused[1-2*!(sizeof((int)func)>0)];} +-# else +-# define LZO_UNUSED_FUNC(func) ((void) func) +-# endif +-#endif +-#if !defined(LZO_UNUSED_LABEL) +-# if (LZO_CC_WATCOMC) && defined(__cplusplus) +-# define LZO_UNUSED_LABEL(l) switch(0) case 1:goto l +-# elif (LZO_CC_CLANG || LZO_CC_INTELC || LZO_CC_WATCOMC) +-# define LZO_UNUSED_LABEL(l) if (0) goto l +-# else +-# define LZO_UNUSED_LABEL(l) switch(0) case 1:goto l +-# endif +-#endif +-#if !defined(LZO_DEFINE_UNINITIALIZED_VAR) +-# if 0 +-# define LZO_DEFINE_UNINITIALIZED_VAR(type,var,init) type var +-# elif 0 && (LZO_CC_GNUC) +-# define LZO_DEFINE_UNINITIALIZED_VAR(type,var,init) type var = var +-# else +-# define LZO_DEFINE_UNINITIALIZED_VAR(type,var,init) type var = init +-# endif +-#endif +-#if !defined(LZO_UNCONST_CAST) +-# if 0 && defined(__cplusplus) +-# define LZO_UNCONST_CAST(t,e) (const_cast (e)) +-# elif (LZO_CC_CLANG || LZO_CC_GNUC || LZO_CC_LLVM || LZO_CC_PATHSCALE) +-# define LZO_UNCONST_CAST(t,e) ((t) ((void *) ((char *) ((lzo_uintptr_t) ((const void *) (e)))))) +-# else +-# define LZO_UNCONST_CAST(t,e) ((t) ((void *) ((char *) ((const void *) (e))))) +-# endif +-#endif +-#if !defined(LZO_COMPILE_TIME_ASSERT_HEADER) +-# if (LZO_CC_AZTECC || LZO_CC_ZORTECHC) +-# define LZO_COMPILE_TIME_ASSERT_HEADER(e) extern int __lzo_cta[1-!(e)]; +-# elif (LZO_CC_DMC || LZO_CC_SYMANTECC) +-# define LZO_COMPILE_TIME_ASSERT_HEADER(e) extern int __lzo_cta[1u-2*!(e)]; +-# elif (LZO_CC_TURBOC && (__TURBOC__ == 0x0295)) +-# define LZO_COMPILE_TIME_ASSERT_HEADER(e) extern int __lzo_cta[1-!(e)]; +-# else +-# define LZO_COMPILE_TIME_ASSERT_HEADER(e) extern int __lzo_cta[1-2*!(e)]; +-# endif +-#endif +-#if !defined(LZO_COMPILE_TIME_ASSERT) +-# if (LZO_CC_AZTECC) +-# define LZO_COMPILE_TIME_ASSERT(e) {typedef int __lzo_cta_t[1-!(e)];} +-# elif (LZO_CC_DMC || LZO_CC_PACIFICC || LZO_CC_SYMANTECC || LZO_CC_ZORTECHC) +-# define LZO_COMPILE_TIME_ASSERT(e) switch(0) case 1:case !(e):break; +-# elif (LZO_CC_MSC && (_MSC_VER < 900)) +-# define LZO_COMPILE_TIME_ASSERT(e) switch(0) case 1:case !(e):break; +-# elif (LZO_CC_TURBOC && (__TURBOC__ == 0x0295)) +-# define LZO_COMPILE_TIME_ASSERT(e) switch(0) case 1:case !(e):break; +-# else +-# define LZO_COMPILE_TIME_ASSERT(e) {typedef int __lzo_cta_t[1-2*!(e)];} +-# endif +-#endif +-#if (LZO_ARCH_I086 || LZO_ARCH_I386) && (LZO_OS_DOS16 || LZO_OS_DOS32 || LZO_OS_OS2 || LZO_OS_OS216 || LZO_OS_WIN16 || LZO_OS_WIN32 || LZO_OS_WIN64) +-# if (LZO_CC_GNUC || LZO_CC_HIGHC || LZO_CC_NDPC || LZO_CC_PACIFICC) +-# elif (LZO_CC_DMC || LZO_CC_SYMANTECC || LZO_CC_ZORTECHC) +-# define __lzo_cdecl __cdecl +-# define __lzo_cdecl_atexit /*empty*/ +-# define __lzo_cdecl_main __cdecl +-# if (LZO_OS_OS2 && (LZO_CC_DMC || LZO_CC_SYMANTECC)) +-# define __lzo_cdecl_qsort __pascal +-# elif (LZO_OS_OS2 && (LZO_CC_ZORTECHC)) +-# define __lzo_cdecl_qsort _stdcall +-# else +-# define __lzo_cdecl_qsort __cdecl +-# endif +-# elif (LZO_CC_WATCOMC) +-# define __lzo_cdecl __cdecl +-# else +-# define __lzo_cdecl __cdecl +-# define __lzo_cdecl_atexit __cdecl +-# define __lzo_cdecl_main __cdecl +-# define __lzo_cdecl_qsort __cdecl +-# endif +-# if (LZO_CC_GNUC || LZO_CC_HIGHC || LZO_CC_NDPC || LZO_CC_PACIFICC || LZO_CC_WATCOMC) +-# elif (LZO_OS_OS2 && (LZO_CC_DMC || LZO_CC_SYMANTECC)) +-# define __lzo_cdecl_sighandler __pascal +-# elif (LZO_OS_OS2 && (LZO_CC_ZORTECHC)) +-# define __lzo_cdecl_sighandler _stdcall +-# elif (LZO_CC_MSC && (_MSC_VER >= 1400)) && defined(_M_CEE_PURE) +-# define __lzo_cdecl_sighandler __clrcall +-# elif (LZO_CC_MSC && (_MSC_VER >= 600 && _MSC_VER < 700)) +-# if defined(_DLL) +-# define __lzo_cdecl_sighandler _far _cdecl _loadds +-# elif defined(_MT) +-# define __lzo_cdecl_sighandler _far _cdecl +-# else +-# define __lzo_cdecl_sighandler _cdecl +-# endif +-# else +-# define __lzo_cdecl_sighandler __cdecl +-# endif +-#elif (LZO_ARCH_I386) && (LZO_CC_WATCOMC) +-# define __lzo_cdecl __cdecl +-#elif (LZO_ARCH_M68K && LZO_OS_TOS && (LZO_CC_PUREC || LZO_CC_TURBOC)) +-# define __lzo_cdecl cdecl +-#endif +-#if !defined(__lzo_cdecl) +-# define __lzo_cdecl /*empty*/ +-#endif +-#if !defined(__lzo_cdecl_atexit) +-# define __lzo_cdecl_atexit /*empty*/ +-#endif +-#if !defined(__lzo_cdecl_main) +-# define __lzo_cdecl_main /*empty*/ +-#endif +-#if !defined(__lzo_cdecl_qsort) +-# define __lzo_cdecl_qsort /*empty*/ +-#endif +-#if !defined(__lzo_cdecl_sighandler) +-# define __lzo_cdecl_sighandler /*empty*/ +-#endif +-#if !defined(__lzo_cdecl_va) +-# define __lzo_cdecl_va __lzo_cdecl +-#endif +-#if !(LZO_CFG_NO_WINDOWS_H) +-#if (LZO_OS_CYGWIN || (LZO_OS_EMX && defined(__RSXNT__)) || LZO_OS_WIN32 || LZO_OS_WIN64) +-# if (LZO_CC_WATCOMC && (__WATCOMC__ < 1000)) +-# elif (LZO_OS_WIN32 && LZO_CC_GNUC) && defined(__PW32__) +-# elif ((LZO_OS_CYGWIN || defined(__MINGW32__)) && (LZO_CC_GNUC && (LZO_CC_GNUC < 0x025f00ul))) +-# else +-# define LZO_HAVE_WINDOWS_H 1 +-# endif ++#if (LZO_ARCH_I386 && (LZO_OS_DOS32 || LZO_OS_WIN32) && (LZO_CC_DMC || LZO_CC_INTELC || LZO_CC_MSC || LZO_CC_PELLESC)) ++# define LZO_ASM_SYNTAX_MSC 1 ++#elif (LZO_OS_WIN64 && (LZO_CC_DMC || LZO_CC_INTELC || LZO_CC_MSC || LZO_CC_PELLESC)) ++#elif (LZO_ARCH_I386 && LZO_CC_GNUC && (LZO_CC_GNUC == 0x011f00ul)) ++#elif (LZO_ARCH_I386 && (LZO_CC_CLANG || LZO_CC_GNUC || LZO_CC_INTELC || LZO_CC_PATHSCALE)) ++# define LZO_ASM_SYNTAX_GNUC 1 ++#elif (LZO_ARCH_AMD64 && (LZO_CC_CLANG || LZO_CC_GNUC || LZO_CC_INTELC || LZO_CC_PATHSCALE)) ++# define LZO_ASM_SYNTAX_GNUC 1 ++#elif (LZO_CC_GNUC) ++# define LZO_ASM_SYNTAX_GNUC 1 ++#endif ++#if (LZO_ASM_SYNTAX_GNUC) ++#if (LZO_ARCH_I386 && LZO_CC_GNUC && (LZO_CC_GNUC < 0x020000ul)) ++# define __LZO_ASM_CLOBBER "ax" ++# define __LZO_ASM_CLOBBER_LIST_CC /*empty*/ ++# define __LZO_ASM_CLOBBER_LIST_CC_MEMORY /*empty*/ ++# define __LZO_ASM_CLOBBER_LIST_EMPTY /*empty*/ ++#elif (LZO_CC_INTELC && (__INTEL_COMPILER < 1000)) ++# define __LZO_ASM_CLOBBER "memory" ++# define __LZO_ASM_CLOBBER_LIST_CC /*empty*/ ++# define __LZO_ASM_CLOBBER_LIST_CC_MEMORY : "memory" ++# define __LZO_ASM_CLOBBER_LIST_EMPTY /*empty*/ ++#else ++# define __LZO_ASM_CLOBBER "cc", "memory" ++# define __LZO_ASM_CLOBBER_LIST_CC : "cc" ++# define __LZO_ASM_CLOBBER_LIST_CC_MEMORY : "cc", "memory" ++# define __LZO_ASM_CLOBBER_LIST_EMPTY /*empty*/ + #endif + #endif + #if (LZO_ARCH_ALPHA) +-# define LZO_OPT_AVOID_UINT_INDEX 1 +-# define LZO_OPT_AVOID_SHORT 1 +-# define LZO_OPT_AVOID_USHORT 1 ++# define LZO_OPT_AVOID_UINT_INDEX 1 + #elif (LZO_ARCH_AMD64) +-# define LZO_OPT_AVOID_INT_INDEX 1 +-# define LZO_OPT_AVOID_UINT_INDEX 1 +-# define LZO_OPT_UNALIGNED16 1 +-# define LZO_OPT_UNALIGNED32 1 +-# define LZO_OPT_UNALIGNED64 1 +-#elif (LZO_ARCH_ARM && LZO_ARCH_ARM_THUMB) ++# define LZO_OPT_AVOID_INT_INDEX 1 ++# define LZO_OPT_AVOID_UINT_INDEX 1 ++# ifndef LZO_OPT_UNALIGNED16 ++# define LZO_OPT_UNALIGNED16 1 ++# endif ++# ifndef LZO_OPT_UNALIGNED32 ++# define LZO_OPT_UNALIGNED32 1 ++# endif ++# ifndef LZO_OPT_UNALIGNED64 ++# define LZO_OPT_UNALIGNED64 1 ++# endif + #elif (LZO_ARCH_ARM) +-# define LZO_OPT_AVOID_SHORT 1 +-# define LZO_OPT_AVOID_USHORT 1 ++# if defined(__ARM_FEATURE_UNALIGNED) ++# ifndef LZO_OPT_UNALIGNED16 ++# define LZO_OPT_UNALIGNED16 1 ++# endif ++# ifndef LZO_OPT_UNALIGNED32 ++# define LZO_OPT_UNALIGNED32 1 ++# endif ++# elif defined(__TARGET_ARCH_ARM) && ((__TARGET_ARCH_ARM+0) >= 7) ++# ifndef LZO_OPT_UNALIGNED16 ++# define LZO_OPT_UNALIGNED16 1 ++# endif ++# ifndef LZO_OPT_UNALIGNED32 ++# define LZO_OPT_UNALIGNED32 1 ++# endif ++# elif defined(__TARGET_ARCH_ARM) && ((__TARGET_ARCH_ARM+0) >= 6) && !defined(__TARGET_PROFILE_M) ++# ifndef LZO_OPT_UNALIGNED16 ++# define LZO_OPT_UNALIGNED16 1 ++# endif ++# ifndef LZO_OPT_UNALIGNED32 ++# define LZO_OPT_UNALIGNED32 1 ++# endif ++# endif ++#elif (LZO_ARCH_ARM64) ++# ifndef LZO_OPT_UNALIGNED16 ++# define LZO_OPT_UNALIGNED16 1 ++# endif ++# ifndef LZO_OPT_UNALIGNED32 ++# define LZO_OPT_UNALIGNED32 1 ++# endif ++# ifndef LZO_OPT_UNALIGNED64 ++# define LZO_OPT_UNALIGNED64 1 ++# endif + #elif (LZO_ARCH_CRIS) +-# define LZO_OPT_UNALIGNED16 1 +-# define LZO_OPT_UNALIGNED32 1 ++# ifndef LZO_OPT_UNALIGNED16 ++# define LZO_OPT_UNALIGNED16 1 ++# endif ++# ifndef LZO_OPT_UNALIGNED32 ++# define LZO_OPT_UNALIGNED32 1 ++# endif + #elif (LZO_ARCH_I386) +-# define LZO_OPT_UNALIGNED16 1 +-# define LZO_OPT_UNALIGNED32 1 ++# ifndef LZO_OPT_UNALIGNED16 ++# define LZO_OPT_UNALIGNED16 1 ++# endif ++# ifndef LZO_OPT_UNALIGNED32 ++# define LZO_OPT_UNALIGNED32 1 ++# endif + #elif (LZO_ARCH_IA64) +-# define LZO_OPT_AVOID_INT_INDEX 1 +-# define LZO_OPT_AVOID_UINT_INDEX 1 +-# define LZO_OPT_PREFER_POSTINC 1 ++# define LZO_OPT_AVOID_INT_INDEX 1 ++# define LZO_OPT_AVOID_UINT_INDEX 1 ++# define LZO_OPT_PREFER_POSTINC 1 + #elif (LZO_ARCH_M68K) +-# define LZO_OPT_PREFER_POSTINC 1 +-# define LZO_OPT_PREFER_PREDEC 1 ++# define LZO_OPT_PREFER_POSTINC 1 ++# define LZO_OPT_PREFER_PREDEC 1 + # if defined(__mc68020__) && !defined(__mcoldfire__) +-# define LZO_OPT_UNALIGNED16 1 +-# define LZO_OPT_UNALIGNED32 1 ++# ifndef LZO_OPT_UNALIGNED16 ++# define LZO_OPT_UNALIGNED16 1 ++# endif ++# ifndef LZO_OPT_UNALIGNED32 ++# define LZO_OPT_UNALIGNED32 1 ++# endif + # endif + #elif (LZO_ARCH_MIPS) +-# define LZO_OPT_AVOID_UINT_INDEX 1 ++# define LZO_OPT_AVOID_UINT_INDEX 1 + #elif (LZO_ARCH_POWERPC) +-# define LZO_OPT_PREFER_PREINC 1 +-# define LZO_OPT_PREFER_PREDEC 1 ++# define LZO_OPT_PREFER_PREINC 1 ++# define LZO_OPT_PREFER_PREDEC 1 + # if (LZO_ABI_BIG_ENDIAN) +-# define LZO_OPT_UNALIGNED16 1 +-# define LZO_OPT_UNALIGNED32 1 ++# ifndef LZO_OPT_UNALIGNED16 ++# define LZO_OPT_UNALIGNED16 1 ++# endif ++# ifndef LZO_OPT_UNALIGNED32 ++# define LZO_OPT_UNALIGNED32 1 ++# endif ++# if (LZO_WORDSIZE == 8) ++# ifndef LZO_OPT_UNALIGNED64 ++# define LZO_OPT_UNALIGNED64 1 ++# endif ++# endif + # endif + #elif (LZO_ARCH_S390) +-# define LZO_OPT_UNALIGNED16 1 +-# define LZO_OPT_UNALIGNED32 1 +-# if (LZO_SIZEOF_SIZE_T == 8) +-# define LZO_OPT_UNALIGNED64 1 ++# ifndef LZO_OPT_UNALIGNED16 ++# define LZO_OPT_UNALIGNED16 1 ++# endif ++# ifndef LZO_OPT_UNALIGNED32 ++# define LZO_OPT_UNALIGNED32 1 ++# endif ++# if (LZO_WORDSIZE == 8) ++# ifndef LZO_OPT_UNALIGNED64 ++# define LZO_OPT_UNALIGNED64 1 ++# endif + # endif + #elif (LZO_ARCH_SH) +-# define LZO_OPT_PREFER_POSTINC 1 +-# define LZO_OPT_PREFER_PREDEC 1 ++# define LZO_OPT_PREFER_POSTINC 1 ++# define LZO_OPT_PREFER_PREDEC 1 + #endif + #ifndef LZO_CFG_NO_INLINE_ASM +-#if (LZO_CC_LLVM) ++#if (LZO_ABI_NEUTRAL_ENDIAN) || (LZO_ARCH_GENERIC) + # define LZO_CFG_NO_INLINE_ASM 1 ++#elif (LZO_CC_LLVM) ++# define LZO_CFG_NO_INLINE_ASM 1 ++#endif + #endif ++#if (LZO_CFG_NO_INLINE_ASM) ++# undef LZO_ASM_SYNTAX_MSC ++# undef LZO_ASM_SYNTAX_GNUC ++# undef __LZO_ASM_CLOBBER ++# undef __LZO_ASM_CLOBBER_LIST_CC ++# undef __LZO_ASM_CLOBBER_LIST_CC_MEMORY ++# undef __LZO_ASM_CLOBBER_LIST_EMPTY + #endif + #ifndef LZO_CFG_NO_UNALIGNED + #if (LZO_ABI_NEUTRAL_ENDIAN) || (LZO_ARCH_GENERIC) +@@ -1804,25 +2594,6 @@ extern "C" { + # undef LZO_OPT_UNALIGNED32 + # undef LZO_OPT_UNALIGNED64 + #endif +-#if (LZO_CFG_NO_INLINE_ASM) +-#elif (LZO_ARCH_I386 && (LZO_OS_DOS32 || LZO_OS_WIN32) && (LZO_CC_DMC || LZO_CC_INTELC || LZO_CC_MSC || LZO_CC_PELLESC)) +-# define LZO_ASM_SYNTAX_MSC 1 +-#elif (LZO_OS_WIN64 && (LZO_CC_DMC || LZO_CC_INTELC || LZO_CC_MSC || LZO_CC_PELLESC)) +-#elif (LZO_ARCH_I386 && LZO_CC_GNUC && (LZO_CC_GNUC == 0x011f00ul)) +-#elif (LZO_ARCH_I386 && (LZO_CC_CLANG || LZO_CC_GNUC || LZO_CC_INTELC || LZO_CC_PATHSCALE)) +-# define LZO_ASM_SYNTAX_GNUC 1 +-#elif (LZO_ARCH_AMD64 && (LZO_CC_CLANG || LZO_CC_GNUC || LZO_CC_INTELC || LZO_CC_PATHSCALE)) +-# define LZO_ASM_SYNTAX_GNUC 1 +-#endif +-#if (LZO_ASM_SYNTAX_GNUC) +-#if (LZO_ARCH_I386 && LZO_CC_GNUC && (LZO_CC_GNUC < 0x020000ul)) +-# define __LZO_ASM_CLOBBER "ax" +-#elif (LZO_CC_INTELC) +-# define __LZO_ASM_CLOBBER "memory" +-#else +-# define __LZO_ASM_CLOBBER "cc", "memory" +-#endif +-#endif + #if defined(__LZO_INFOSTR_MM) + #elif (LZO_MM_FLAT) && (defined(__LZO_INFOSTR_PM) || defined(LZO_INFO_ABI_PM)) + # define __LZO_INFOSTR_MM "" +@@ -1866,6 +2637,381 @@ extern "C" { + #define LZO_INFO_STRING \ + LZO_INFO_ARCH __LZO_INFOSTR_MM __LZO_INFOSTR_PM __LZO_INFOSTR_ENDIAN \ + " " __LZO_INFOSTR_OSNAME __LZO_INFOSTR_LIBC " " LZO_INFO_CC __LZO_INFOSTR_CCVER ++#if !(LZO_CFG_SKIP_LZO_TYPES) ++#if (!(LZO_SIZEOF_SHORT+0 > 0 && LZO_SIZEOF_INT+0 > 0 && LZO_SIZEOF_LONG+0 > 0)) ++# error "missing defines for sizes" ++#endif ++#if (!(LZO_SIZEOF_PTRDIFF_T+0 > 0 && LZO_SIZEOF_SIZE_T+0 > 0 && LZO_SIZEOF_VOID_P+0 > 0)) ++# error "missing defines for sizes" ++#endif ++#if !defined(lzo_llong_t) ++#if (LZO_SIZEOF_LONG_LONG+0 > 0) ++__lzo_gnuc_extension__ typedef long long lzo_llong_t__; ++__lzo_gnuc_extension__ typedef unsigned long long lzo_ullong_t__; ++# define lzo_llong_t lzo_llong_t__ ++# define lzo_ullong_t lzo_ullong_t__ ++#endif ++#endif ++#if !defined(lzo_int16e_t) ++#if (LZO_SIZEOF_LONG == 2) ++# define lzo_int16e_t long ++# define lzo_uint16e_t unsigned long ++#elif (LZO_SIZEOF_INT == 2) ++# define lzo_int16e_t int ++# define lzo_uint16e_t unsigned int ++#elif (LZO_SIZEOF_SHORT == 2) ++# define lzo_int16e_t short int ++# define lzo_uint16e_t unsigned short int ++#elif 1 && !(LZO_CFG_TYPE_NO_MODE_HI) && (LZO_CC_CLANG || (LZO_CC_GNUC >= 0x025f00ul) || LZO_CC_LLVM) ++ typedef int lzo_int16e_hi_t__ __attribute__((__mode__(__HI__))); ++ typedef unsigned int lzo_uint16e_hi_t__ __attribute__((__mode__(__HI__))); ++# define lzo_int16e_t lzo_int16e_hi_t__ ++# define lzo_uint16e_t lzo_uint16e_hi_t__ ++#elif (LZO_SIZEOF___INT16 == 2) ++# define lzo_int16e_t __int16 ++# define lzo_uint16e_t unsigned __int16 ++#else ++#endif ++#endif ++#if defined(lzo_int16e_t) ++# define LZO_SIZEOF_LZO_INT16E_T 2 ++ LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_int16e_t) == 2) ++ LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_int16e_t) == LZO_SIZEOF_LZO_INT16E_T) ++#endif ++#if !defined(lzo_int32e_t) ++#if (LZO_SIZEOF_LONG == 4) ++# define lzo_int32e_t long int ++# define lzo_uint32e_t unsigned long int ++#elif (LZO_SIZEOF_INT == 4) ++# define lzo_int32e_t int ++# define lzo_uint32e_t unsigned int ++#elif (LZO_SIZEOF_SHORT == 4) ++# define lzo_int32e_t short int ++# define lzo_uint32e_t unsigned short int ++#elif (LZO_SIZEOF_LONG_LONG == 4) ++# define lzo_int32e_t lzo_llong_t ++# define lzo_uint32e_t lzo_ullong_t ++#elif 1 && !(LZO_CFG_TYPE_NO_MODE_SI) && (LZO_CC_CLANG || (LZO_CC_GNUC >= 0x025f00ul) || LZO_CC_LLVM) && (__INT_MAX__+0 > 2147483647L) ++ typedef int lzo_int32e_si_t__ __attribute__((__mode__(__SI__))); ++ typedef unsigned int lzo_uint32e_si_t__ __attribute__((__mode__(__SI__))); ++# define lzo_int32e_t lzo_int32e_si_t__ ++# define lzo_uint32e_t lzo_uint32e_si_t__ ++#elif 1 && !(LZO_CFG_TYPE_NO_MODE_SI) && (LZO_CC_GNUC >= 0x025f00ul) && defined(__AVR__) && (__LONG_MAX__+0 == 32767L) ++ typedef int lzo_int32e_si_t__ __attribute__((__mode__(__SI__))); ++ typedef unsigned int lzo_uint32e_si_t__ __attribute__((__mode__(__SI__))); ++# define lzo_int32e_t lzo_int32e_si_t__ ++# define lzo_uint32e_t lzo_uint32e_si_t__ ++# define LZO_INT32_C(c) (c##LL) ++# define LZO_UINT32_C(c) (c##ULL) ++#elif (LZO_SIZEOF___INT32 == 4) ++# define lzo_int32e_t __int32 ++# define lzo_uint32e_t unsigned __int32 ++#else ++#endif ++#endif ++#if defined(lzo_int32e_t) ++# define LZO_SIZEOF_LZO_INT32E_T 4 ++ LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_int32e_t) == 4) ++ LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_int32e_t) == LZO_SIZEOF_LZO_INT32E_T) ++#endif ++#if !defined(lzo_int64e_t) ++#if (LZO_SIZEOF___INT64 == 8) ++# if (LZO_CC_BORLANDC) && !(LZO_CFG_TYPE_PREFER___INT64) ++# define LZO_CFG_TYPE_PREFER___INT64 1 ++# endif ++#endif ++#if (LZO_SIZEOF_INT == 8) && (LZO_SIZEOF_INT < LZO_SIZEOF_LONG) ++# define lzo_int64e_t int ++# define lzo_uint64e_t unsigned int ++# define LZO_SIZEOF_LZO_INT64E_T LZO_SIZEOF_INT ++#elif (LZO_SIZEOF_LONG == 8) ++# define lzo_int64e_t long int ++# define lzo_uint64e_t unsigned long int ++# define LZO_SIZEOF_LZO_INT64E_T LZO_SIZEOF_LONG ++#elif (LZO_SIZEOF_LONG_LONG == 8) && !(LZO_CFG_TYPE_PREFER___INT64) ++# define lzo_int64e_t lzo_llong_t ++# define lzo_uint64e_t lzo_ullong_t ++# if (LZO_CC_BORLANDC) ++# define LZO_INT64_C(c) ((c) + 0ll) ++# define LZO_UINT64_C(c) ((c) + 0ull) ++# elif 0 ++# define LZO_INT64_C(c) (__lzo_gnuc_extension__ (c##LL)) ++# define LZO_UINT64_C(c) (__lzo_gnuc_extension__ (c##ULL)) ++# else ++# define LZO_INT64_C(c) (c##LL) ++# define LZO_UINT64_C(c) (c##ULL) ++# endif ++# define LZO_SIZEOF_LZO_INT64E_T LZO_SIZEOF_LONG_LONG ++#elif (LZO_SIZEOF___INT64 == 8) ++# define lzo_int64e_t __int64 ++# define lzo_uint64e_t unsigned __int64 ++# if (LZO_CC_BORLANDC) ++# define LZO_INT64_C(c) ((c) + 0i64) ++# define LZO_UINT64_C(c) ((c) + 0ui64) ++# else ++# define LZO_INT64_C(c) (c##i64) ++# define LZO_UINT64_C(c) (c##ui64) ++# endif ++# define LZO_SIZEOF_LZO_INT64E_T LZO_SIZEOF___INT64 ++#else ++#endif ++#endif ++#if defined(lzo_int64e_t) ++ LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_int64e_t) == 8) ++ LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_int64e_t) == LZO_SIZEOF_LZO_INT64E_T) ++#endif ++#if !defined(lzo_int32l_t) ++#if defined(lzo_int32e_t) ++# define lzo_int32l_t lzo_int32e_t ++# define lzo_uint32l_t lzo_uint32e_t ++# define LZO_SIZEOF_LZO_INT32L_T LZO_SIZEOF_LZO_INT32E_T ++#elif (LZO_SIZEOF_INT >= 4) && (LZO_SIZEOF_INT < LZO_SIZEOF_LONG) ++# define lzo_int32l_t int ++# define lzo_uint32l_t unsigned int ++# define LZO_SIZEOF_LZO_INT32L_T LZO_SIZEOF_INT ++#elif (LZO_SIZEOF_LONG >= 4) ++# define lzo_int32l_t long int ++# define lzo_uint32l_t unsigned long int ++# define LZO_SIZEOF_LZO_INT32L_T LZO_SIZEOF_LONG ++#else ++# error "lzo_int32l_t" ++#endif ++#endif ++#if 1 ++ LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_int32l_t) >= 4) ++ LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_int32l_t) == LZO_SIZEOF_LZO_INT32L_T) ++#endif ++#if !defined(lzo_int64l_t) ++#if defined(lzo_int64e_t) ++# define lzo_int64l_t lzo_int64e_t ++# define lzo_uint64l_t lzo_uint64e_t ++# define LZO_SIZEOF_LZO_INT64L_T LZO_SIZEOF_LZO_INT64E_T ++#else ++#endif ++#endif ++#if defined(lzo_int64l_t) ++ LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_int64l_t) >= 8) ++ LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_int64l_t) == LZO_SIZEOF_LZO_INT64L_T) ++#endif ++#if !defined(lzo_int32f_t) ++#if (LZO_SIZEOF_SIZE_T >= 8) ++# define lzo_int32f_t lzo_int64l_t ++# define lzo_uint32f_t lzo_uint64l_t ++# define LZO_SIZEOF_LZO_INT32F_T LZO_SIZEOF_LZO_INT64L_T ++#else ++# define lzo_int32f_t lzo_int32l_t ++# define lzo_uint32f_t lzo_uint32l_t ++# define LZO_SIZEOF_LZO_INT32F_T LZO_SIZEOF_LZO_INT32L_T ++#endif ++#endif ++#if 1 ++ LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_int32f_t) >= 4) ++ LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_int32f_t) == LZO_SIZEOF_LZO_INT32F_T) ++#endif ++#if !defined(lzo_int64f_t) ++#if defined(lzo_int64l_t) ++# define lzo_int64f_t lzo_int64l_t ++# define lzo_uint64f_t lzo_uint64l_t ++# define LZO_SIZEOF_LZO_INT64F_T LZO_SIZEOF_LZO_INT64L_T ++#else ++#endif ++#endif ++#if defined(lzo_int64f_t) ++ LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_int64f_t) >= 8) ++ LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_int64f_t) == LZO_SIZEOF_LZO_INT64F_T) ++#endif ++#if !defined(lzo_intptr_t) ++#if 1 && (LZO_OS_OS400 && (LZO_SIZEOF_VOID_P == 16)) ++# define __LZO_INTPTR_T_IS_POINTER 1 ++ typedef char* lzo_intptr_t; ++ typedef char* lzo_uintptr_t; ++# define lzo_intptr_t lzo_intptr_t ++# define lzo_uintptr_t lzo_uintptr_t ++# define LZO_SIZEOF_LZO_INTPTR_T LZO_SIZEOF_VOID_P ++#elif (LZO_CC_MSC && (_MSC_VER >= 1300) && (LZO_SIZEOF_VOID_P == 4) && (LZO_SIZEOF_INT == 4)) ++ typedef __w64 int lzo_intptr_t; ++ typedef __w64 unsigned int lzo_uintptr_t; ++# define lzo_intptr_t lzo_intptr_t ++# define lzo_uintptr_t lzo_uintptr_t ++# define LZO_SIZEOF_LZO_INTPTR_T LZO_SIZEOF_INT ++#elif (LZO_SIZEOF_SHORT == LZO_SIZEOF_VOID_P) && (LZO_SIZEOF_INT > LZO_SIZEOF_VOID_P) ++# define lzo_intptr_t short ++# define lzo_uintptr_t unsigned short ++# define LZO_SIZEOF_LZO_INTPTR_T LZO_SIZEOF_SHORT ++#elif (LZO_SIZEOF_INT >= LZO_SIZEOF_VOID_P) && (LZO_SIZEOF_INT < LZO_SIZEOF_LONG) ++# define lzo_intptr_t int ++# define lzo_uintptr_t unsigned int ++# define LZO_SIZEOF_LZO_INTPTR_T LZO_SIZEOF_INT ++#elif (LZO_SIZEOF_LONG >= LZO_SIZEOF_VOID_P) ++# define lzo_intptr_t long ++# define lzo_uintptr_t unsigned long ++# define LZO_SIZEOF_LZO_INTPTR_T LZO_SIZEOF_LONG ++#elif (LZO_SIZEOF_LZO_INT64L_T >= LZO_SIZEOF_VOID_P) ++# define lzo_intptr_t lzo_int64l_t ++# define lzo_uintptr_t lzo_uint64l_t ++# define LZO_SIZEOF_LZO_INTPTR_T LZO_SIZEOF_LZO_INT64L_T ++#else ++# error "lzo_intptr_t" ++#endif ++#endif ++#if 1 ++ LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_intptr_t) >= sizeof(void *)) ++ LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_intptr_t) == sizeof(lzo_uintptr_t)) ++#endif ++#if !defined(lzo_word_t) ++#if defined(LZO_WORDSIZE) && (LZO_WORDSIZE+0 > 0) ++#if (LZO_WORDSIZE == LZO_SIZEOF_LZO_INTPTR_T) && !(__LZO_INTPTR_T_IS_POINTER) ++# define lzo_word_t lzo_uintptr_t ++# define lzo_sword_t lzo_intptr_t ++# define LZO_SIZEOF_LZO_WORD_T LZO_SIZEOF_LZO_INTPTR_T ++#elif (LZO_WORDSIZE == LZO_SIZEOF_LONG) ++# define lzo_word_t unsigned long ++# define lzo_sword_t long ++# define LZO_SIZEOF_LZO_WORD_T LZO_SIZEOF_LONG ++#elif (LZO_WORDSIZE == LZO_SIZEOF_INT) ++# define lzo_word_t unsigned int ++# define lzo_sword_t int ++# define LZO_SIZEOF_LZO_WORD_T LZO_SIZEOF_INT ++#elif (LZO_WORDSIZE == LZO_SIZEOF_SHORT) ++# define lzo_word_t unsigned short ++# define lzo_sword_t short ++# define LZO_SIZEOF_LZO_WORD_T LZO_SIZEOF_SHORT ++#elif (LZO_WORDSIZE == 1) ++# define lzo_word_t unsigned char ++# define lzo_sword_t signed char ++# define LZO_SIZEOF_LZO_WORD_T 1 ++#elif (LZO_WORDSIZE == LZO_SIZEOF_LZO_INT64L_T) ++# define lzo_word_t lzo_uint64l_t ++# define lzo_sword_t lzo_int64l_t ++# define LZO_SIZEOF_LZO_WORD_T LZO_SIZEOF_LZO_INT64L_T ++#elif (LZO_ARCH_SPU) && (LZO_CC_GNUC) ++#if 0 ++ typedef unsigned lzo_word_t __attribute__((__mode__(__V16QI__))); ++ typedef int lzo_sword_t __attribute__((__mode__(__V16QI__))); ++# define lzo_word_t lzo_word_t ++# define lzo_sword_t lzo_sword_t ++# define LZO_SIZEOF_LZO_WORD_T 16 ++#endif ++#else ++# error "lzo_word_t" ++#endif ++#endif ++#endif ++#if 1 && defined(lzo_word_t) ++ LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_word_t) == LZO_WORDSIZE) ++ LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_sword_t) == LZO_WORDSIZE) ++#endif ++#if 1 ++#define lzo_int8_t signed char ++#define lzo_uint8_t unsigned char ++#define LZO_SIZEOF_LZO_INT8_T 1 ++LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_int8_t) == 1) ++LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_int8_t) == sizeof(lzo_uint8_t)) ++#endif ++#if defined(lzo_int16e_t) ++#define lzo_int16_t lzo_int16e_t ++#define lzo_uint16_t lzo_uint16e_t ++#define LZO_SIZEOF_LZO_INT16_T LZO_SIZEOF_LZO_INT16E_T ++LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_int16_t) == 2) ++LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_int16_t) == sizeof(lzo_uint16_t)) ++#endif ++#if defined(lzo_int32e_t) ++#define lzo_int32_t lzo_int32e_t ++#define lzo_uint32_t lzo_uint32e_t ++#define LZO_SIZEOF_LZO_INT32_T LZO_SIZEOF_LZO_INT32E_T ++LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_int32_t) == 4) ++LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_int32_t) == sizeof(lzo_uint32_t)) ++#endif ++#if defined(lzo_int64e_t) ++#define lzo_int64_t lzo_int64e_t ++#define lzo_uint64_t lzo_uint64e_t ++#define LZO_SIZEOF_LZO_INT64_T LZO_SIZEOF_LZO_INT64E_T ++LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_int64_t) == 8) ++LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_int64_t) == sizeof(lzo_uint64_t)) ++#endif ++#if 1 ++#define lzo_int_least32_t lzo_int32l_t ++#define lzo_uint_least32_t lzo_uint32l_t ++#define LZO_SIZEOF_LZO_INT_LEAST32_T LZO_SIZEOF_LZO_INT32L_T ++LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_int_least32_t) >= 4) ++LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_int_least32_t) == sizeof(lzo_uint_least32_t)) ++#endif ++#if defined(lzo_int64l_t) ++#define lzo_int_least64_t lzo_int64l_t ++#define lzo_uint_least64_t lzo_uint64l_t ++#define LZO_SIZEOF_LZO_INT_LEAST64_T LZO_SIZEOF_LZO_INT64L_T ++LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_int_least64_t) >= 8) ++LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_int_least64_t) == sizeof(lzo_uint_least64_t)) ++#endif ++#if 1 ++#define lzo_int_fast32_t lzo_int32f_t ++#define lzo_uint_fast32_t lzo_uint32f_t ++#define LZO_SIZEOF_LZO_INT_FAST32_T LZO_SIZEOF_LZO_INT32F_T ++LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_int_fast32_t) >= 4) ++LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_int_fast32_t) == sizeof(lzo_uint_fast32_t)) ++#endif ++#if defined(lzo_int64f_t) ++#define lzo_int_fast64_t lzo_int64f_t ++#define lzo_uint_fast64_t lzo_uint64f_t ++#define LZO_SIZEOF_LZO_INT_FAST64_T LZO_SIZEOF_LZO_INT64F_T ++LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_int_fast64_t) >= 8) ++LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_int_fast64_t) == sizeof(lzo_uint_fast64_t)) ++#endif ++#if !defined(LZO_INT16_C) ++# if (LZO_BROKEN_INTEGRAL_CONSTANTS) && (LZO_SIZEOF_INT >= 2) ++# define LZO_INT16_C(c) ((c) + 0) ++# define LZO_UINT16_C(c) ((c) + 0U) ++# elif (LZO_BROKEN_INTEGRAL_CONSTANTS) && (LZO_SIZEOF_LONG >= 2) ++# define LZO_INT16_C(c) ((c) + 0L) ++# define LZO_UINT16_C(c) ((c) + 0UL) ++# elif (LZO_SIZEOF_INT >= 2) ++# define LZO_INT16_C(c) (c) ++# define LZO_UINT16_C(c) (c##U) ++# elif (LZO_SIZEOF_LONG >= 2) ++# define LZO_INT16_C(c) (c##L) ++# define LZO_UINT16_C(c) (c##UL) ++# else ++# error "LZO_INT16_C" ++# endif ++#endif ++#if !defined(LZO_INT32_C) ++# if (LZO_BROKEN_INTEGRAL_CONSTANTS) && (LZO_SIZEOF_INT >= 4) ++# define LZO_INT32_C(c) ((c) + 0) ++# define LZO_UINT32_C(c) ((c) + 0U) ++# elif (LZO_BROKEN_INTEGRAL_CONSTANTS) && (LZO_SIZEOF_LONG >= 4) ++# define LZO_INT32_C(c) ((c) + 0L) ++# define LZO_UINT32_C(c) ((c) + 0UL) ++# elif (LZO_SIZEOF_INT >= 4) ++# define LZO_INT32_C(c) (c) ++# define LZO_UINT32_C(c) (c##U) ++# elif (LZO_SIZEOF_LONG >= 4) ++# define LZO_INT32_C(c) (c##L) ++# define LZO_UINT32_C(c) (c##UL) ++# elif (LZO_SIZEOF_LONG_LONG >= 4) ++# define LZO_INT32_C(c) (c##LL) ++# define LZO_UINT32_C(c) (c##ULL) ++# else ++# error "LZO_INT32_C" ++# endif ++#endif ++#if !defined(LZO_INT64_C) && defined(lzo_int64l_t) ++# if (LZO_BROKEN_INTEGRAL_CONSTANTS) && (LZO_SIZEOF_INT >= 8) ++# define LZO_INT64_C(c) ((c) + 0) ++# define LZO_UINT64_C(c) ((c) + 0U) ++# elif (LZO_BROKEN_INTEGRAL_CONSTANTS) && (LZO_SIZEOF_LONG >= 8) ++# define LZO_INT64_C(c) ((c) + 0L) ++# define LZO_UINT64_C(c) ((c) + 0UL) ++# elif (LZO_SIZEOF_INT >= 8) ++# define LZO_INT64_C(c) (c) ++# define LZO_UINT64_C(c) (c##U) ++# elif (LZO_SIZEOF_LONG >= 8) ++# define LZO_INT64_C(c) (c##L) ++# define LZO_UINT64_C(c) (c##UL) ++# else ++# error "LZO_INT64_C" ++# endif ++#endif ++#endif + + #endif + +@@ -1874,7 +3020,7 @@ extern "C" { + #undef LZO_HAVE_CONFIG_H + #include "minilzo.h" + +-#if !defined(MINILZO_VERSION) || (MINILZO_VERSION != 0x2050) ++#if !defined(MINILZO_VERSION) || (MINILZO_VERSION != 0x2080) + # error "version mismatch in miniLZO source files" + #endif + +@@ -1886,23 +3032,9 @@ extern "C" { + #define __LZO_CONF_H 1 + + #if !defined(__LZO_IN_MINILZO) +-#if (LZO_CFG_FREESTANDING) ++#if defined(LZO_CFG_FREESTANDING) && (LZO_CFG_FREESTANDING) + # define LZO_LIBC_FREESTANDING 1 + # define LZO_OS_FREESTANDING 1 +-# define ACC_LIBC_FREESTANDING 1 +-# define ACC_OS_FREESTANDING 1 +-#endif +-#if (LZO_CFG_NO_UNALIGNED) +-# define ACC_CFG_NO_UNALIGNED 1 +-#endif +-#if (LZO_ARCH_GENERIC) +-# define ACC_ARCH_GENERIC 1 +-#endif +-#if (LZO_ABI_NEUTRAL_ENDIAN) +-# define ACC_ABI_NEUTRAL_ENDIAN 1 +-#endif +-#if (LZO_HAVE_CONFIG_H) +-# define ACC_CONFIG_NO_HEADER 1 + #endif + #if defined(LZO_CFG_EXTRA_CONFIG_HEADER) + # include LZO_CFG_EXTRA_CONFIG_HEADER +@@ -1911,22 +3043,27 @@ extern "C" { + # error "include this file first" + #endif + #include "lzo/lzoconf.h" ++#if defined(LZO_CFG_EXTRA_CONFIG_HEADER2) ++# include LZO_CFG_EXTRA_CONFIG_HEADER2 ++#endif + #endif + +-#if (LZO_VERSION < 0x02000) || !defined(__LZOCONF_H_INCLUDED) ++#if (LZO_VERSION < 0x2080) || !defined(__LZOCONF_H_INCLUDED) + # error "version mismatch" + #endif + +-#if (LZO_CC_BORLANDC && LZO_ARCH_I086) +-# pragma option -h ++#if (LZO_CC_MSC && (_MSC_VER >= 1000 && _MSC_VER < 1100)) ++# pragma warning(disable: 4702) + #endif +- + #if (LZO_CC_MSC && (_MSC_VER >= 1000)) + # pragma warning(disable: 4127 4701) ++# pragma warning(disable: 4514 4710 4711) + #endif + #if (LZO_CC_MSC && (_MSC_VER >= 1300)) + # pragma warning(disable: 4820) +-# pragma warning(disable: 4514 4710 4711) ++#endif ++#if (LZO_CC_MSC && (_MSC_VER >= 1800)) ++# pragma warning(disable: 4746) + #endif + + #if (LZO_CC_SUNPROC) +@@ -1937,49 +3074,16 @@ extern "C" { + #endif + #endif + +-#if (__LZO_MMODEL_HUGE) && !(LZO_HAVE_MM_HUGE_PTR) +-# error "this should not happen - check defines for __huge" +-#endif +- +-#if defined(__LZO_IN_MINILZO) || defined(LZO_CFG_FREESTANDING) +-#elif (LZO_OS_DOS16 || LZO_OS_OS216 || LZO_OS_WIN16) +-# define ACC_WANT_ACC_INCD_H 1 +-# define ACC_WANT_ACC_INCE_H 1 +-# define ACC_WANT_ACC_INCI_H 1 ++#if defined(__LZO_IN_MINILZO) || (LZO_CFG_FREESTANDING) + #elif 1 + # include + #else +-# define ACC_WANT_ACC_INCD_H 1 ++# define LZO_WANT_ACC_INCD_H 1 + #endif +- +-#if (LZO_ARCH_I086) +-# define ACC_MM_AHSHIFT LZO_MM_AHSHIFT +-# define ACC_PTR_FP_OFF(x) (((const unsigned __far*)&(x))[0]) +-# define ACC_PTR_FP_SEG(x) (((const unsigned __far*)&(x))[1]) +-# define ACC_PTR_MK_FP(s,o) ((void __far*)(((unsigned long)(s)<<16)+(unsigned)(o))) ++#if defined(LZO_HAVE_CONFIG_H) ++# define LZO_CFG_NO_CONFIG_HEADER 1 + #endif + +-#if !defined(lzo_uintptr_t) +-# if defined(__LZO_MMODEL_HUGE) +-# define lzo_uintptr_t unsigned long +-# elif 1 && defined(LZO_OS_OS400) && (LZO_SIZEOF_VOID_P == 16) +-# define __LZO_UINTPTR_T_IS_POINTER 1 +- typedef char* lzo_uintptr_t; +-# define lzo_uintptr_t lzo_uintptr_t +-# elif (LZO_SIZEOF_SIZE_T == LZO_SIZEOF_VOID_P) +-# define lzo_uintptr_t size_t +-# elif (LZO_SIZEOF_LONG == LZO_SIZEOF_VOID_P) +-# define lzo_uintptr_t unsigned long +-# elif (LZO_SIZEOF_INT == LZO_SIZEOF_VOID_P) +-# define lzo_uintptr_t unsigned int +-# elif (LZO_SIZEOF_LONG_LONG == LZO_SIZEOF_VOID_P) +-# define lzo_uintptr_t unsigned long long +-# else +-# define lzo_uintptr_t size_t +-# endif +-#endif +-LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_uintptr_t) >= sizeof(lzo_voidp)) +- + #if 1 && !defined(LZO_CFG_FREESTANDING) + #if 1 && !defined(HAVE_STRING_H) + #define HAVE_STRING_H 1 +@@ -2002,6 +3106,23 @@ LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_uintptr_t) >= sizeof(lzo_voidp)) + #include + #endif + ++#if 1 || defined(lzo_int8_t) || defined(lzo_uint8_t) ++LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_int8_t) == 1) ++LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_uint8_t) == 1) ++#endif ++#if 1 || defined(lzo_int16_t) || defined(lzo_uint16_t) ++LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_int16_t) == 2) ++LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_uint16_t) == 2) ++#endif ++#if 1 || defined(lzo_int32_t) || defined(lzo_uint32_t) ++LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_int32_t) == 4) ++LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_uint32_t) == 4) ++#endif ++#if defined(lzo_int64_t) || defined(lzo_uint64_t) ++LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_int64_t) == 8) ++LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_uint64_t) == 8) ++#endif ++ + #if (LZO_CFG_FREESTANDING) + # undef HAVE_MEMCMP + # undef HAVE_MEMCPY +@@ -2012,28 +3133,28 @@ LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_uintptr_t) >= sizeof(lzo_voidp)) + #if !(HAVE_MEMCMP) + # undef memcmp + # define memcmp(a,b,c) lzo_memcmp(a,b,c) +-#elif !(__LZO_MMODEL_HUGE) ++#else + # undef lzo_memcmp + # define lzo_memcmp(a,b,c) memcmp(a,b,c) + #endif + #if !(HAVE_MEMCPY) + # undef memcpy + # define memcpy(a,b,c) lzo_memcpy(a,b,c) +-#elif !(__LZO_MMODEL_HUGE) ++#else + # undef lzo_memcpy + # define lzo_memcpy(a,b,c) memcpy(a,b,c) + #endif + #if !(HAVE_MEMMOVE) + # undef memmove + # define memmove(a,b,c) lzo_memmove(a,b,c) +-#elif !(__LZO_MMODEL_HUGE) ++#else + # undef lzo_memmove + # define lzo_memmove(a,b,c) memmove(a,b,c) + #endif + #if !(HAVE_MEMSET) + # undef memset + # define memset(a,b,c) lzo_memset(a,b,c) +-#elif !(__LZO_MMODEL_HUGE) ++#else + # undef lzo_memset + # define lzo_memset(a,b,c) memset(a,b,c) + #endif +@@ -2058,27 +3179,29 @@ LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_uintptr_t) >= sizeof(lzo_voidp)) + # define BOUNDS_CHECKING_OFF_IN_EXPR(expr) (expr) + #endif + +-#if !defined(__lzo_inline) +-# define __lzo_inline /*empty*/ +-#endif +-#if !defined(__lzo_forceinline) +-# define __lzo_forceinline /*empty*/ +-#endif +-#if !defined(__lzo_noinline) +-# define __lzo_noinline /*empty*/ +-#endif +- + #if (LZO_CFG_PGO) +-# undef __acc_likely +-# undef __acc_unlikely + # undef __lzo_likely + # undef __lzo_unlikely +-# define __acc_likely(e) (e) +-# define __acc_unlikely(e) (e) + # define __lzo_likely(e) (e) + # define __lzo_unlikely(e) (e) + #endif + ++#undef _ ++#undef __ ++#undef ___ ++#undef ____ ++#undef _p0 ++#undef _p1 ++#undef _p2 ++#undef _p3 ++#undef _p4 ++#undef _s0 ++#undef _s1 ++#undef _s2 ++#undef _s3 ++#undef _s4 ++#undef _ww ++ + #if 1 + # define LZO_BYTE(x) ((unsigned char) (x)) + #else +@@ -2097,84 +3220,548 @@ LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_uintptr_t) >= sizeof(lzo_voidp)) + #define LZO_SIZE(bits) (1u << (bits)) + #define LZO_MASK(bits) (LZO_SIZE(bits) - 1) + +-#define LZO_LSIZE(bits) (1ul << (bits)) +-#define LZO_LMASK(bits) (LZO_LSIZE(bits) - 1) +- + #define LZO_USIZE(bits) ((lzo_uint) 1 << (bits)) + #define LZO_UMASK(bits) (LZO_USIZE(bits) - 1) + + #if !defined(DMUL) + #if 0 + +-# define DMUL(a,b) ((lzo_xint) ((lzo_uint32)(a) * (lzo_uint32)(b))) ++# define DMUL(a,b) ((lzo_xint) ((lzo_uint32_t)(a) * (lzo_uint32_t)(b))) + #else + # define DMUL(a,b) ((lzo_xint) ((a) * (b))) + #endif + #endif + +-#if 1 && (LZO_ARCH_AMD64 || LZO_ARCH_I386 || LZO_ARCH_POWERPC) +-# if (LZO_SIZEOF_SHORT == 2) +-# define LZO_UNALIGNED_OK_2 1 +-# endif +-# if (LZO_SIZEOF_INT == 4) +-# define LZO_UNALIGNED_OK_4 1 +-# endif +-#endif +-#if 1 && (LZO_ARCH_AMD64) +-# if defined(LZO_UINT64_MAX) +-# define LZO_UNALIGNED_OK_8 1 +-# endif +-#endif +-#if (LZO_CFG_NO_UNALIGNED) +-# undef LZO_UNALIGNED_OK_2 +-# undef LZO_UNALIGNED_OK_4 +-# undef LZO_UNALIGNED_OK_8 +-#endif +- +-#undef UA_GET16 +-#undef UA_SET16 +-#undef UA_COPY16 +-#undef UA_GET32 +-#undef UA_SET32 +-#undef UA_COPY32 +-#undef UA_GET64 +-#undef UA_SET64 +-#undef UA_COPY64 +-#if defined(LZO_UNALIGNED_OK_2) +- LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(unsigned short) == 2) +-# if 1 && defined(ACC_UA_COPY16) +-# define UA_GET16 ACC_UA_GET16 +-# define UA_SET16 ACC_UA_SET16 +-# define UA_COPY16 ACC_UA_COPY16 +-# else +-# define UA_GET16(p) (* (__lzo_ua_volatile const lzo_ushortp) (__lzo_ua_volatile const lzo_voidp) (p)) +-# define UA_SET16(p,v) ((* (__lzo_ua_volatile lzo_ushortp) (__lzo_ua_volatile lzo_voidp) (p)) = (unsigned short) (v)) +-# define UA_COPY16(d,s) UA_SET16(d, UA_GET16(s)) +-# endif +-#endif +-#if defined(LZO_UNALIGNED_OK_4) || defined(LZO_ALIGNED_OK_4) +- LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_uint32) == 4) +-# if 1 && defined(ACC_UA_COPY32) +-# define UA_GET32 ACC_UA_GET32 +-# define UA_SET32 ACC_UA_SET32 +-# define UA_COPY32 ACC_UA_COPY32 +-# else +-# define UA_GET32(p) (* (__lzo_ua_volatile const lzo_uint32p) (__lzo_ua_volatile const lzo_voidp) (p)) +-# define UA_SET32(p,v) ((* (__lzo_ua_volatile lzo_uint32p) (__lzo_ua_volatile lzo_voidp) (p)) = (lzo_uint32) (v)) +-# define UA_COPY32(d,s) UA_SET32(d, UA_GET32(s)) +-# endif +-#endif +-#if defined(LZO_UNALIGNED_OK_8) +- LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_uint64) == 8) +-# if 1 && defined(ACC_UA_COPY64) +-# define UA_GET64 ACC_UA_GET64 +-# define UA_SET64 ACC_UA_SET64 +-# define UA_COPY64 ACC_UA_COPY64 +-# else +-# define UA_GET64(p) (* (__lzo_ua_volatile const lzo_uint64p) (__lzo_ua_volatile const lzo_voidp) (p)) +-# define UA_SET64(p,v) ((* (__lzo_ua_volatile lzo_uint64p) (__lzo_ua_volatile lzo_voidp) (p)) = (lzo_uint64) (v)) +-# define UA_COPY64(d,s) UA_SET64(d, UA_GET64(s)) +-# endif ++#ifndef __LZO_FUNC_H ++#define __LZO_FUNC_H 1 ++ ++#if !defined(LZO_BITOPS_USE_ASM_BITSCAN) && !defined(LZO_BITOPS_USE_GNUC_BITSCAN) && !defined(LZO_BITOPS_USE_MSC_BITSCAN) ++#if 1 && (LZO_ARCH_AMD64) && (LZO_CC_GNUC && (LZO_CC_GNUC < 0x040000ul)) && (LZO_ASM_SYNTAX_GNUC) ++#define LZO_BITOPS_USE_ASM_BITSCAN 1 ++#elif (LZO_CC_CLANG || (LZO_CC_GNUC >= 0x030400ul) || (LZO_CC_INTELC_GNUC && (__INTEL_COMPILER >= 1000)) || (LZO_CC_LLVM && (!defined(__llvm_tools_version__) || (__llvm_tools_version__+0 >= 0x010500ul)))) ++#define LZO_BITOPS_USE_GNUC_BITSCAN 1 ++#elif (LZO_OS_WIN32 || LZO_OS_WIN64) && ((LZO_CC_INTELC_MSC && (__INTEL_COMPILER >= 1010)) || (LZO_CC_MSC && (_MSC_VER >= 1400))) ++#define LZO_BITOPS_USE_MSC_BITSCAN 1 ++#if (LZO_CC_MSC) && (LZO_ARCH_AMD64 || LZO_ARCH_I386) ++#include ++#endif ++#if (LZO_CC_MSC) && (LZO_ARCH_AMD64 || LZO_ARCH_I386) ++#pragma intrinsic(_BitScanReverse) ++#pragma intrinsic(_BitScanForward) ++#endif ++#if (LZO_CC_MSC) && (LZO_ARCH_AMD64) ++#pragma intrinsic(_BitScanReverse64) ++#pragma intrinsic(_BitScanForward64) ++#endif ++#endif ++#endif ++ ++__lzo_static_forceinline unsigned lzo_bitops_ctlz32_func(lzo_uint32_t v) ++{ ++#if (LZO_BITOPS_USE_MSC_BITSCAN) && (LZO_ARCH_AMD64 || LZO_ARCH_I386) ++ unsigned long r; (void) _BitScanReverse(&r, v); return (unsigned) r ^ 31; ++#define lzo_bitops_ctlz32(v) lzo_bitops_ctlz32_func(v) ++#elif (LZO_BITOPS_USE_ASM_BITSCAN) && (LZO_ARCH_AMD64 || LZO_ARCH_I386) && (LZO_ASM_SYNTAX_GNUC) ++ lzo_uint32_t r; ++ __asm__("bsr %1,%0" : "=r" (r) : "rm" (v) __LZO_ASM_CLOBBER_LIST_CC); ++ return (unsigned) r ^ 31; ++#define lzo_bitops_ctlz32(v) lzo_bitops_ctlz32_func(v) ++#elif (LZO_BITOPS_USE_GNUC_BITSCAN) && (LZO_SIZEOF_INT == 4) ++ unsigned r; r = (unsigned) __builtin_clz(v); return r; ++#define lzo_bitops_ctlz32(v) ((unsigned) __builtin_clz(v)) ++#else ++ LZO_UNUSED(v); return 0; ++#endif ++} ++ ++#if defined(lzo_uint64_t) ++__lzo_static_forceinline unsigned lzo_bitops_ctlz64_func(lzo_uint64_t v) ++{ ++#if (LZO_BITOPS_USE_MSC_BITSCAN) && (LZO_ARCH_AMD64) ++ unsigned long r; (void) _BitScanReverse64(&r, v); return (unsigned) r ^ 63; ++#define lzo_bitops_ctlz64(v) lzo_bitops_ctlz64_func(v) ++#elif (LZO_BITOPS_USE_ASM_BITSCAN) && (LZO_ARCH_AMD64) && (LZO_ASM_SYNTAX_GNUC) ++ lzo_uint64_t r; ++ __asm__("bsr %1,%0" : "=r" (r) : "rm" (v) __LZO_ASM_CLOBBER_LIST_CC); ++ return (unsigned) r ^ 63; ++#define lzo_bitops_ctlz64(v) lzo_bitops_ctlz64_func(v) ++#elif (LZO_BITOPS_USE_GNUC_BITSCAN) && (LZO_SIZEOF_LONG == 8) && (LZO_WORDSIZE >= 8) ++ unsigned r; r = (unsigned) __builtin_clzl(v); return r; ++#define lzo_bitops_ctlz64(v) ((unsigned) __builtin_clzl(v)) ++#elif (LZO_BITOPS_USE_GNUC_BITSCAN) && (LZO_SIZEOF_LONG_LONG == 8) && (LZO_WORDSIZE >= 8) ++ unsigned r; r = (unsigned) __builtin_clzll(v); return r; ++#define lzo_bitops_ctlz64(v) ((unsigned) __builtin_clzll(v)) ++#else ++ LZO_UNUSED(v); return 0; ++#endif ++} ++#endif ++ ++__lzo_static_forceinline unsigned lzo_bitops_cttz32_func(lzo_uint32_t v) ++{ ++#if (LZO_BITOPS_USE_MSC_BITSCAN) && (LZO_ARCH_AMD64 || LZO_ARCH_I386) ++ unsigned long r; (void) _BitScanForward(&r, v); return (unsigned) r; ++#define lzo_bitops_cttz32(v) lzo_bitops_cttz32_func(v) ++#elif (LZO_BITOPS_USE_ASM_BITSCAN) && (LZO_ARCH_AMD64 || LZO_ARCH_I386) && (LZO_ASM_SYNTAX_GNUC) ++ lzo_uint32_t r; ++ __asm__("bsf %1,%0" : "=r" (r) : "rm" (v) __LZO_ASM_CLOBBER_LIST_CC); ++ return (unsigned) r; ++#define lzo_bitops_cttz32(v) lzo_bitops_cttz32_func(v) ++#elif (LZO_BITOPS_USE_GNUC_BITSCAN) && (LZO_SIZEOF_INT >= 4) ++ unsigned r; r = (unsigned) __builtin_ctz(v); return r; ++#define lzo_bitops_cttz32(v) ((unsigned) __builtin_ctz(v)) ++#else ++ LZO_UNUSED(v); return 0; ++#endif ++} ++ ++#if defined(lzo_uint64_t) ++__lzo_static_forceinline unsigned lzo_bitops_cttz64_func(lzo_uint64_t v) ++{ ++#if (LZO_BITOPS_USE_MSC_BITSCAN) && (LZO_ARCH_AMD64) ++ unsigned long r; (void) _BitScanForward64(&r, v); return (unsigned) r; ++#define lzo_bitops_cttz64(v) lzo_bitops_cttz64_func(v) ++#elif (LZO_BITOPS_USE_ASM_BITSCAN) && (LZO_ARCH_AMD64) && (LZO_ASM_SYNTAX_GNUC) ++ lzo_uint64_t r; ++ __asm__("bsf %1,%0" : "=r" (r) : "rm" (v) __LZO_ASM_CLOBBER_LIST_CC); ++ return (unsigned) r; ++#define lzo_bitops_cttz64(v) lzo_bitops_cttz64_func(v) ++#elif (LZO_BITOPS_USE_GNUC_BITSCAN) && (LZO_SIZEOF_LONG >= 8) && (LZO_WORDSIZE >= 8) ++ unsigned r; r = (unsigned) __builtin_ctzl(v); return r; ++#define lzo_bitops_cttz64(v) ((unsigned) __builtin_ctzl(v)) ++#elif (LZO_BITOPS_USE_GNUC_BITSCAN) && (LZO_SIZEOF_LONG_LONG >= 8) && (LZO_WORDSIZE >= 8) ++ unsigned r; r = (unsigned) __builtin_ctzll(v); return r; ++#define lzo_bitops_cttz64(v) ((unsigned) __builtin_ctzll(v)) ++#else ++ LZO_UNUSED(v); return 0; ++#endif ++} ++#endif ++ ++#if 1 && (LZO_CC_ARMCC_GNUC || LZO_CC_CLANG || (LZO_CC_GNUC >= 0x020700ul) || LZO_CC_INTELC_GNUC || LZO_CC_LLVM || LZO_CC_PATHSCALE || LZO_CC_PGI) ++static void __attribute__((__unused__)) ++#else ++__lzo_static_forceinline void ++#endif ++lzo_bitops_unused_funcs(void) ++{ ++ LZO_UNUSED_FUNC(lzo_bitops_ctlz32_func); ++ LZO_UNUSED_FUNC(lzo_bitops_cttz32_func); ++#if defined(lzo_uint64_t) ++ LZO_UNUSED_FUNC(lzo_bitops_ctlz64_func); ++ LZO_UNUSED_FUNC(lzo_bitops_cttz64_func); ++#endif ++ LZO_UNUSED_FUNC(lzo_bitops_unused_funcs); ++} ++ ++#if defined(__lzo_alignof) && !(LZO_CFG_NO_UNALIGNED) ++#ifndef __lzo_memops_tcheck ++#define __lzo_memops_tcheck(t,a,b) ((void)0, sizeof(t) == (a) && __lzo_alignof(t) == (b)) ++#endif ++#endif ++#ifndef lzo_memops_TU0p ++#define lzo_memops_TU0p void __LZO_MMODEL * ++#endif ++#ifndef lzo_memops_TU1p ++#define lzo_memops_TU1p unsigned char __LZO_MMODEL * ++#endif ++#ifndef lzo_memops_TU2p ++#if (LZO_OPT_UNALIGNED16) ++typedef lzo_uint16_t __lzo_may_alias lzo_memops_TU2; ++#define lzo_memops_TU2p volatile lzo_memops_TU2 * ++#elif defined(__lzo_byte_struct) ++__lzo_byte_struct(lzo_memops_TU2_struct,2) ++typedef struct lzo_memops_TU2_struct lzo_memops_TU2; ++#else ++struct lzo_memops_TU2_struct { unsigned char a[2]; } __lzo_may_alias; ++typedef struct lzo_memops_TU2_struct lzo_memops_TU2; ++#endif ++#ifndef lzo_memops_TU2p ++#define lzo_memops_TU2p lzo_memops_TU2 * ++#endif ++#endif ++#ifndef lzo_memops_TU4p ++#if (LZO_OPT_UNALIGNED32) ++typedef lzo_uint32_t __lzo_may_alias lzo_memops_TU4; ++#define lzo_memops_TU4p volatile lzo_memops_TU4 __LZO_MMODEL * ++#elif defined(__lzo_byte_struct) ++__lzo_byte_struct(lzo_memops_TU4_struct,4) ++typedef struct lzo_memops_TU4_struct lzo_memops_TU4; ++#else ++struct lzo_memops_TU4_struct { unsigned char a[4]; } __lzo_may_alias; ++typedef struct lzo_memops_TU4_struct lzo_memops_TU4; ++#endif ++#ifndef lzo_memops_TU4p ++#define lzo_memops_TU4p lzo_memops_TU4 __LZO_MMODEL * ++#endif ++#endif ++#ifndef lzo_memops_TU8p ++#if (LZO_OPT_UNALIGNED64) ++typedef lzo_uint64_t __lzo_may_alias lzo_memops_TU8; ++#define lzo_memops_TU8p volatile lzo_memops_TU8 __LZO_MMODEL * ++#elif defined(__lzo_byte_struct) ++__lzo_byte_struct(lzo_memops_TU8_struct,8) ++typedef struct lzo_memops_TU8_struct lzo_memops_TU8; ++#else ++struct lzo_memops_TU8_struct { unsigned char a[8]; } __lzo_may_alias; ++typedef struct lzo_memops_TU8_struct lzo_memops_TU8; ++#endif ++#ifndef lzo_memops_TU8p ++#define lzo_memops_TU8p lzo_memops_TU8 __LZO_MMODEL * ++#endif ++#endif ++#ifndef lzo_memops_set_TU1p ++#define lzo_memops_set_TU1p volatile lzo_memops_TU1p ++#endif ++#ifndef lzo_memops_move_TU1p ++#define lzo_memops_move_TU1p lzo_memops_TU1p ++#endif ++#define LZO_MEMOPS_SET1(dd,cc) \ ++ LZO_BLOCK_BEGIN \ ++ lzo_memops_set_TU1p d__1 = (lzo_memops_set_TU1p) (lzo_memops_TU0p) (dd); \ ++ d__1[0] = LZO_BYTE(cc); \ ++ LZO_BLOCK_END ++#define LZO_MEMOPS_SET2(dd,cc) \ ++ LZO_BLOCK_BEGIN \ ++ lzo_memops_set_TU1p d__2 = (lzo_memops_set_TU1p) (lzo_memops_TU0p) (dd); \ ++ d__2[0] = LZO_BYTE(cc); d__2[1] = LZO_BYTE(cc); \ ++ LZO_BLOCK_END ++#define LZO_MEMOPS_SET3(dd,cc) \ ++ LZO_BLOCK_BEGIN \ ++ lzo_memops_set_TU1p d__3 = (lzo_memops_set_TU1p) (lzo_memops_TU0p) (dd); \ ++ d__3[0] = LZO_BYTE(cc); d__3[1] = LZO_BYTE(cc); d__3[2] = LZO_BYTE(cc); \ ++ LZO_BLOCK_END ++#define LZO_MEMOPS_SET4(dd,cc) \ ++ LZO_BLOCK_BEGIN \ ++ lzo_memops_set_TU1p d__4 = (lzo_memops_set_TU1p) (lzo_memops_TU0p) (dd); \ ++ d__4[0] = LZO_BYTE(cc); d__4[1] = LZO_BYTE(cc); d__4[2] = LZO_BYTE(cc); d__4[3] = LZO_BYTE(cc); \ ++ LZO_BLOCK_END ++#define LZO_MEMOPS_MOVE1(dd,ss) \ ++ LZO_BLOCK_BEGIN \ ++ lzo_memops_move_TU1p d__1 = (lzo_memops_move_TU1p) (lzo_memops_TU0p) (dd); \ ++ const lzo_memops_move_TU1p s__1 = (const lzo_memops_move_TU1p) (const lzo_memops_TU0p) (ss); \ ++ d__1[0] = s__1[0]; \ ++ LZO_BLOCK_END ++#define LZO_MEMOPS_MOVE2(dd,ss) \ ++ LZO_BLOCK_BEGIN \ ++ lzo_memops_move_TU1p d__2 = (lzo_memops_move_TU1p) (lzo_memops_TU0p) (dd); \ ++ const lzo_memops_move_TU1p s__2 = (const lzo_memops_move_TU1p) (const lzo_memops_TU0p) (ss); \ ++ d__2[0] = s__2[0]; d__2[1] = s__2[1]; \ ++ LZO_BLOCK_END ++#define LZO_MEMOPS_MOVE3(dd,ss) \ ++ LZO_BLOCK_BEGIN \ ++ lzo_memops_move_TU1p d__3 = (lzo_memops_move_TU1p) (lzo_memops_TU0p) (dd); \ ++ const lzo_memops_move_TU1p s__3 = (const lzo_memops_move_TU1p) (const lzo_memops_TU0p) (ss); \ ++ d__3[0] = s__3[0]; d__3[1] = s__3[1]; d__3[2] = s__3[2]; \ ++ LZO_BLOCK_END ++#define LZO_MEMOPS_MOVE4(dd,ss) \ ++ LZO_BLOCK_BEGIN \ ++ lzo_memops_move_TU1p d__4 = (lzo_memops_move_TU1p) (lzo_memops_TU0p) (dd); \ ++ const lzo_memops_move_TU1p s__4 = (const lzo_memops_move_TU1p) (const lzo_memops_TU0p) (ss); \ ++ d__4[0] = s__4[0]; d__4[1] = s__4[1]; d__4[2] = s__4[2]; d__4[3] = s__4[3]; \ ++ LZO_BLOCK_END ++#define LZO_MEMOPS_MOVE8(dd,ss) \ ++ LZO_BLOCK_BEGIN \ ++ lzo_memops_move_TU1p d__8 = (lzo_memops_move_TU1p) (lzo_memops_TU0p) (dd); \ ++ const lzo_memops_move_TU1p s__8 = (const lzo_memops_move_TU1p) (const lzo_memops_TU0p) (ss); \ ++ d__8[0] = s__8[0]; d__8[1] = s__8[1]; d__8[2] = s__8[2]; d__8[3] = s__8[3]; \ ++ d__8[4] = s__8[4]; d__8[5] = s__8[5]; d__8[6] = s__8[6]; d__8[7] = s__8[7]; \ ++ LZO_BLOCK_END ++LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(*(lzo_memops_TU1p)0)==1) ++#define LZO_MEMOPS_COPY1(dd,ss) LZO_MEMOPS_MOVE1(dd,ss) ++#if (LZO_OPT_UNALIGNED16) ++LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(*(lzo_memops_TU2p)0)==2) ++#define LZO_MEMOPS_COPY2(dd,ss) \ ++ * (lzo_memops_TU2p) (lzo_memops_TU0p) (dd) = * (const lzo_memops_TU2p) (const lzo_memops_TU0p) (ss) ++#elif defined(__lzo_memops_tcheck) ++#define LZO_MEMOPS_COPY2(dd,ss) \ ++ LZO_BLOCK_BEGIN if (__lzo_memops_tcheck(lzo_memops_TU2,2,1)) { \ ++ * (lzo_memops_TU2p) (lzo_memops_TU0p) (dd) = * (const lzo_memops_TU2p) (const lzo_memops_TU0p) (ss); \ ++ } else { LZO_MEMOPS_MOVE2(dd,ss); } LZO_BLOCK_END ++#else ++#define LZO_MEMOPS_COPY2(dd,ss) LZO_MEMOPS_MOVE2(dd,ss) ++#endif ++#if (LZO_OPT_UNALIGNED32) ++LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(*(lzo_memops_TU4p)0)==4) ++#define LZO_MEMOPS_COPY4(dd,ss) \ ++ * (lzo_memops_TU4p) (lzo_memops_TU0p) (dd) = * (const lzo_memops_TU4p) (const lzo_memops_TU0p) (ss) ++#elif defined(__lzo_memops_tcheck) ++#define LZO_MEMOPS_COPY4(dd,ss) \ ++ LZO_BLOCK_BEGIN if (__lzo_memops_tcheck(lzo_memops_TU4,4,1)) { \ ++ * (lzo_memops_TU4p) (lzo_memops_TU0p) (dd) = * (const lzo_memops_TU4p) (const lzo_memops_TU0p) (ss); \ ++ } else { LZO_MEMOPS_MOVE4(dd,ss); } LZO_BLOCK_END ++#else ++#define LZO_MEMOPS_COPY4(dd,ss) LZO_MEMOPS_MOVE4(dd,ss) ++#endif ++#if (LZO_WORDSIZE != 8) ++#define LZO_MEMOPS_COPY8(dd,ss) \ ++ LZO_BLOCK_BEGIN LZO_MEMOPS_COPY4(dd,ss); LZO_MEMOPS_COPY4((lzo_memops_TU1p)(lzo_memops_TU0p)(dd)+4,(const lzo_memops_TU1p)(const lzo_memops_TU0p)(ss)+4); LZO_BLOCK_END ++#else ++#if (LZO_OPT_UNALIGNED64) ++LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(*(lzo_memops_TU8p)0)==8) ++#define LZO_MEMOPS_COPY8(dd,ss) \ ++ * (lzo_memops_TU8p) (lzo_memops_TU0p) (dd) = * (const lzo_memops_TU8p) (const lzo_memops_TU0p) (ss) ++#elif (LZO_OPT_UNALIGNED32) ++#define LZO_MEMOPS_COPY8(dd,ss) \ ++ LZO_BLOCK_BEGIN LZO_MEMOPS_COPY4(dd,ss); LZO_MEMOPS_COPY4((lzo_memops_TU1p)(lzo_memops_TU0p)(dd)+4,(const lzo_memops_TU1p)(const lzo_memops_TU0p)(ss)+4); LZO_BLOCK_END ++#elif defined(__lzo_memops_tcheck) ++#define LZO_MEMOPS_COPY8(dd,ss) \ ++ LZO_BLOCK_BEGIN if (__lzo_memops_tcheck(lzo_memops_TU8,8,1)) { \ ++ * (lzo_memops_TU8p) (lzo_memops_TU0p) (dd) = * (const lzo_memops_TU8p) (const lzo_memops_TU0p) (ss); \ ++ } else { LZO_MEMOPS_MOVE8(dd,ss); } LZO_BLOCK_END ++#else ++#define LZO_MEMOPS_COPY8(dd,ss) LZO_MEMOPS_MOVE8(dd,ss) ++#endif ++#endif ++#define LZO_MEMOPS_COPYN(dd,ss,nn) \ ++ LZO_BLOCK_BEGIN \ ++ lzo_memops_TU1p d__n = (lzo_memops_TU1p) (lzo_memops_TU0p) (dd); \ ++ const lzo_memops_TU1p s__n = (const lzo_memops_TU1p) (const lzo_memops_TU0p) (ss); \ ++ lzo_uint n__n = (nn); \ ++ while ((void)0, n__n >= 8) { LZO_MEMOPS_COPY8(d__n, s__n); d__n += 8; s__n += 8; n__n -= 8; } \ ++ if ((void)0, n__n >= 4) { LZO_MEMOPS_COPY4(d__n, s__n); d__n += 4; s__n += 4; n__n -= 4; } \ ++ if ((void)0, n__n > 0) do { *d__n++ = *s__n++; } while (--n__n > 0); \ ++ LZO_BLOCK_END ++ ++__lzo_static_forceinline lzo_uint16_t lzo_memops_get_le16(const lzo_voidp ss) ++{ ++ lzo_uint16_t v; ++#if (LZO_ABI_LITTLE_ENDIAN) ++ LZO_MEMOPS_COPY2(&v, ss); ++#elif (LZO_OPT_UNALIGNED16 && LZO_ARCH_POWERPC && LZO_ABI_BIG_ENDIAN) && (LZO_ASM_SYNTAX_GNUC) ++ const lzo_memops_TU2p s = (const lzo_memops_TU2p) ss; ++ unsigned long vv; ++ __asm__("lhbrx %0,0,%1" : "=r" (vv) : "r" (s), "m" (*s)); ++ v = (lzo_uint16_t) vv; ++#else ++ const lzo_memops_TU1p s = (const lzo_memops_TU1p) ss; ++ v = (lzo_uint16_t) (((lzo_uint16_t)s[0]) | ((lzo_uint16_t)s[1] << 8)); ++#endif ++ return v; ++} ++#if (LZO_OPT_UNALIGNED16) && (LZO_ABI_LITTLE_ENDIAN) ++#define LZO_MEMOPS_GET_LE16(ss) * (const lzo_memops_TU2p) (const lzo_memops_TU0p) (ss) ++#else ++#define LZO_MEMOPS_GET_LE16(ss) lzo_memops_get_le16(ss) ++#endif ++ ++__lzo_static_forceinline lzo_uint32_t lzo_memops_get_le32(const lzo_voidp ss) ++{ ++ lzo_uint32_t v; ++#if (LZO_ABI_LITTLE_ENDIAN) ++ LZO_MEMOPS_COPY4(&v, ss); ++#elif (LZO_OPT_UNALIGNED32 && LZO_ARCH_POWERPC && LZO_ABI_BIG_ENDIAN) && (LZO_ASM_SYNTAX_GNUC) ++ const lzo_memops_TU4p s = (const lzo_memops_TU4p) ss; ++ unsigned long vv; ++ __asm__("lwbrx %0,0,%1" : "=r" (vv) : "r" (s), "m" (*s)); ++ v = (lzo_uint32_t) vv; ++#else ++ const lzo_memops_TU1p s = (const lzo_memops_TU1p) ss; ++ v = (lzo_uint32_t) (((lzo_uint32_t)s[0]) | ((lzo_uint32_t)s[1] << 8) | ((lzo_uint32_t)s[2] << 16) | ((lzo_uint32_t)s[3] << 24)); ++#endif ++ return v; ++} ++#if (LZO_OPT_UNALIGNED32) && (LZO_ABI_LITTLE_ENDIAN) ++#define LZO_MEMOPS_GET_LE32(ss) * (const lzo_memops_TU4p) (const lzo_memops_TU0p) (ss) ++#else ++#define LZO_MEMOPS_GET_LE32(ss) lzo_memops_get_le32(ss) ++#endif ++ ++#if (LZO_OPT_UNALIGNED64) && (LZO_ABI_LITTLE_ENDIAN) ++#define LZO_MEMOPS_GET_LE64(ss) * (const lzo_memops_TU8p) (const lzo_memops_TU0p) (ss) ++#endif ++ ++__lzo_static_forceinline lzo_uint16_t lzo_memops_get_ne16(const lzo_voidp ss) ++{ ++ lzo_uint16_t v; ++ LZO_MEMOPS_COPY2(&v, ss); ++ return v; ++} ++#if (LZO_OPT_UNALIGNED16) ++#define LZO_MEMOPS_GET_NE16(ss) * (const lzo_memops_TU2p) (const lzo_memops_TU0p) (ss) ++#else ++#define LZO_MEMOPS_GET_NE16(ss) lzo_memops_get_ne16(ss) ++#endif ++ ++__lzo_static_forceinline lzo_uint32_t lzo_memops_get_ne32(const lzo_voidp ss) ++{ ++ lzo_uint32_t v; ++ LZO_MEMOPS_COPY4(&v, ss); ++ return v; ++} ++#if (LZO_OPT_UNALIGNED32) ++#define LZO_MEMOPS_GET_NE32(ss) * (const lzo_memops_TU4p) (const lzo_memops_TU0p) (ss) ++#else ++#define LZO_MEMOPS_GET_NE32(ss) lzo_memops_get_ne32(ss) ++#endif ++ ++#if (LZO_OPT_UNALIGNED64) ++#define LZO_MEMOPS_GET_NE64(ss) * (const lzo_memops_TU8p) (const lzo_memops_TU0p) (ss) ++#endif ++ ++__lzo_static_forceinline void lzo_memops_put_le16(lzo_voidp dd, lzo_uint16_t vv) ++{ ++#if (LZO_ABI_LITTLE_ENDIAN) ++ LZO_MEMOPS_COPY2(dd, &vv); ++#elif (LZO_OPT_UNALIGNED16 && LZO_ARCH_POWERPC && LZO_ABI_BIG_ENDIAN) && (LZO_ASM_SYNTAX_GNUC) ++ lzo_memops_TU2p d = (lzo_memops_TU2p) dd; ++ unsigned long v = vv; ++ __asm__("sthbrx %2,0,%1" : "=m" (*d) : "r" (d), "r" (v)); ++#else ++ lzo_memops_TU1p d = (lzo_memops_TU1p) dd; ++ d[0] = LZO_BYTE((vv ) & 0xff); ++ d[1] = LZO_BYTE((vv >> 8) & 0xff); ++#endif ++} ++#if (LZO_OPT_UNALIGNED16) && (LZO_ABI_LITTLE_ENDIAN) ++#define LZO_MEMOPS_PUT_LE16(dd,vv) (* (lzo_memops_TU2p) (lzo_memops_TU0p) (dd) = (vv)) ++#else ++#define LZO_MEMOPS_PUT_LE16(dd,vv) lzo_memops_put_le16(dd,vv) ++#endif ++ ++__lzo_static_forceinline void lzo_memops_put_le32(lzo_voidp dd, lzo_uint32_t vv) ++{ ++#if (LZO_ABI_LITTLE_ENDIAN) ++ LZO_MEMOPS_COPY4(dd, &vv); ++#elif (LZO_OPT_UNALIGNED32 && LZO_ARCH_POWERPC && LZO_ABI_BIG_ENDIAN) && (LZO_ASM_SYNTAX_GNUC) ++ lzo_memops_TU4p d = (lzo_memops_TU4p) dd; ++ unsigned long v = vv; ++ __asm__("stwbrx %2,0,%1" : "=m" (*d) : "r" (d), "r" (v)); ++#else ++ lzo_memops_TU1p d = (lzo_memops_TU1p) dd; ++ d[0] = LZO_BYTE((vv ) & 0xff); ++ d[1] = LZO_BYTE((vv >> 8) & 0xff); ++ d[2] = LZO_BYTE((vv >> 16) & 0xff); ++ d[3] = LZO_BYTE((vv >> 24) & 0xff); ++#endif ++} ++#if (LZO_OPT_UNALIGNED32) && (LZO_ABI_LITTLE_ENDIAN) ++#define LZO_MEMOPS_PUT_LE32(dd,vv) (* (lzo_memops_TU4p) (lzo_memops_TU0p) (dd) = (vv)) ++#else ++#define LZO_MEMOPS_PUT_LE32(dd,vv) lzo_memops_put_le32(dd,vv) ++#endif ++ ++__lzo_static_forceinline void lzo_memops_put_ne16(lzo_voidp dd, lzo_uint16_t vv) ++{ ++ LZO_MEMOPS_COPY2(dd, &vv); ++} ++#if (LZO_OPT_UNALIGNED16) ++#define LZO_MEMOPS_PUT_NE16(dd,vv) (* (lzo_memops_TU2p) (lzo_memops_TU0p) (dd) = (vv)) ++#else ++#define LZO_MEMOPS_PUT_NE16(dd,vv) lzo_memops_put_ne16(dd,vv) ++#endif ++ ++__lzo_static_forceinline void lzo_memops_put_ne32(lzo_voidp dd, lzo_uint32_t vv) ++{ ++ LZO_MEMOPS_COPY4(dd, &vv); ++} ++#if (LZO_OPT_UNALIGNED32) ++#define LZO_MEMOPS_PUT_NE32(dd,vv) (* (lzo_memops_TU4p) (lzo_memops_TU0p) (dd) = (vv)) ++#else ++#define LZO_MEMOPS_PUT_NE32(dd,vv) lzo_memops_put_ne32(dd,vv) ++#endif ++ ++#if 1 && (LZO_CC_ARMCC_GNUC || LZO_CC_CLANG || (LZO_CC_GNUC >= 0x020700ul) || LZO_CC_INTELC_GNUC || LZO_CC_LLVM || LZO_CC_PATHSCALE || LZO_CC_PGI) ++static void __attribute__((__unused__)) ++#else ++__lzo_static_forceinline void ++#endif ++lzo_memops_unused_funcs(void) ++{ ++ LZO_UNUSED_FUNC(lzo_memops_get_le16); ++ LZO_UNUSED_FUNC(lzo_memops_get_le32); ++ LZO_UNUSED_FUNC(lzo_memops_get_ne16); ++ LZO_UNUSED_FUNC(lzo_memops_get_ne32); ++ LZO_UNUSED_FUNC(lzo_memops_put_le16); ++ LZO_UNUSED_FUNC(lzo_memops_put_le32); ++ LZO_UNUSED_FUNC(lzo_memops_put_ne16); ++ LZO_UNUSED_FUNC(lzo_memops_put_ne32); ++ LZO_UNUSED_FUNC(lzo_memops_unused_funcs); ++} ++ ++#endif ++ ++#ifndef UA_SET1 ++#define UA_SET1 LZO_MEMOPS_SET1 ++#endif ++#ifndef UA_SET2 ++#define UA_SET2 LZO_MEMOPS_SET2 ++#endif ++#ifndef UA_SET3 ++#define UA_SET3 LZO_MEMOPS_SET3 ++#endif ++#ifndef UA_SET4 ++#define UA_SET4 LZO_MEMOPS_SET4 ++#endif ++#ifndef UA_MOVE1 ++#define UA_MOVE1 LZO_MEMOPS_MOVE1 ++#endif ++#ifndef UA_MOVE2 ++#define UA_MOVE2 LZO_MEMOPS_MOVE2 ++#endif ++#ifndef UA_MOVE3 ++#define UA_MOVE3 LZO_MEMOPS_MOVE3 ++#endif ++#ifndef UA_MOVE4 ++#define UA_MOVE4 LZO_MEMOPS_MOVE4 ++#endif ++#ifndef UA_MOVE8 ++#define UA_MOVE8 LZO_MEMOPS_MOVE8 ++#endif ++#ifndef UA_COPY1 ++#define UA_COPY1 LZO_MEMOPS_COPY1 ++#endif ++#ifndef UA_COPY2 ++#define UA_COPY2 LZO_MEMOPS_COPY2 ++#endif ++#ifndef UA_COPY3 ++#define UA_COPY3 LZO_MEMOPS_COPY3 ++#endif ++#ifndef UA_COPY4 ++#define UA_COPY4 LZO_MEMOPS_COPY4 ++#endif ++#ifndef UA_COPY8 ++#define UA_COPY8 LZO_MEMOPS_COPY8 ++#endif ++#ifndef UA_COPYN ++#define UA_COPYN LZO_MEMOPS_COPYN ++#endif ++#ifndef UA_COPYN_X ++#define UA_COPYN_X LZO_MEMOPS_COPYN ++#endif ++#ifndef UA_GET_LE16 ++#define UA_GET_LE16 LZO_MEMOPS_GET_LE16 ++#endif ++#ifndef UA_GET_LE32 ++#define UA_GET_LE32 LZO_MEMOPS_GET_LE32 ++#endif ++#ifdef LZO_MEMOPS_GET_LE64 ++#ifndef UA_GET_LE64 ++#define UA_GET_LE64 LZO_MEMOPS_GET_LE64 ++#endif ++#endif ++#ifndef UA_GET_NE16 ++#define UA_GET_NE16 LZO_MEMOPS_GET_NE16 ++#endif ++#ifndef UA_GET_NE32 ++#define UA_GET_NE32 LZO_MEMOPS_GET_NE32 ++#endif ++#ifdef LZO_MEMOPS_GET_NE64 ++#ifndef UA_GET_NE64 ++#define UA_GET_NE64 LZO_MEMOPS_GET_NE64 ++#endif ++#endif ++#ifndef UA_PUT_LE16 ++#define UA_PUT_LE16 LZO_MEMOPS_PUT_LE16 ++#endif ++#ifndef UA_PUT_LE32 ++#define UA_PUT_LE32 LZO_MEMOPS_PUT_LE32 ++#endif ++#ifndef UA_PUT_NE16 ++#define UA_PUT_NE16 LZO_MEMOPS_PUT_NE16 ++#endif ++#ifndef UA_PUT_NE32 ++#define UA_PUT_NE32 LZO_MEMOPS_PUT_NE32 + #endif + + #define MEMCPY8_DS(dest,src,len) \ +@@ -2195,25 +3782,10 @@ LZO_EXTERN(const lzo_bytep) lzo_copyright(void); + extern "C" { + #endif + +-#if !defined(lzo_uintptr_t) +-# if (__LZO_MMODEL_HUGE) +-# define lzo_uintptr_t unsigned long +-# else +-# define lzo_uintptr_t acc_uintptr_t +-# ifdef __ACC_INTPTR_T_IS_POINTER +-# define __LZO_UINTPTR_T_IS_POINTER 1 +-# endif +-# endif +-#endif +- + #if (LZO_ARCH_I086) +-#define PTR(a) ((lzo_bytep) (a)) +-#define PTR_ALIGNED_4(a) ((ACC_PTR_FP_OFF(a) & 3) == 0) +-#define PTR_ALIGNED2_4(a,b) (((ACC_PTR_FP_OFF(a) | ACC_PTR_FP_OFF(b)) & 3) == 0) ++#error "LZO_ARCH_I086 is unsupported" + #elif (LZO_MM_PVP) +-#define PTR(a) ((lzo_bytep) (a)) +-#define PTR_ALIGNED_8(a) ((((lzo_uintptr_t)(a)) >> 61) == 0) +-#define PTR_ALIGNED2_8(a,b) ((((lzo_uintptr_t)(a)|(lzo_uintptr_t)(b)) >> 61) == 0) ++#error "LZO_MM_PVP is unsupported" + #else + #define PTR(a) ((lzo_uintptr_t) (a)) + #define PTR_LINEAR(a) PTR(a) +@@ -2243,24 +3815,28 @@ typedef union + unsigned long a_ulong; + lzo_int a_lzo_int; + lzo_uint a_lzo_uint; +- lzo_int32 a_lzo_int32; +- lzo_uint32 a_lzo_uint32; +-#if defined(LZO_UINT64_MAX) +- lzo_int64 a_lzo_int64; +- lzo_uint64 a_lzo_uint64; ++ lzo_xint a_lzo_xint; ++ lzo_int16_t a_lzo_int16_t; ++ lzo_uint16_t a_lzo_uint16_t; ++ lzo_int32_t a_lzo_int32_t; ++ lzo_uint32_t a_lzo_uint32_t; ++#if defined(lzo_uint64_t) ++ lzo_int64_t a_lzo_int64_t; ++ lzo_uint64_t a_lzo_uint64_t; + #endif ++ size_t a_size_t; + ptrdiff_t a_ptrdiff_t; + lzo_uintptr_t a_lzo_uintptr_t; +- lzo_voidp a_lzo_voidp; + void * a_void_p; +- lzo_bytep a_lzo_bytep; +- lzo_bytepp a_lzo_bytepp; +- lzo_uintp a_lzo_uintp; +- lzo_uint * a_lzo_uint_p; +- lzo_uint32p a_lzo_uint32p; +- lzo_uint32 * a_lzo_uint32_p; +- unsigned char * a_uchar_p; + char * a_char_p; ++ unsigned char * a_uchar_p; ++ const void * a_c_void_p; ++ const char * a_c_char_p; ++ const unsigned char * a_c_uchar_p; ++ lzo_voidp a_lzo_voidp; ++ lzo_bytep a_lzo_bytep; ++ const lzo_voidp a_c_lzo_voidp; ++ const lzo_bytep a_c_lzo_bytep; + } + lzo_full_align_t; + +@@ -2276,18 +3852,14 @@ lzo_full_align_t; + + #ifndef LZO_DICT_USE_PTR + #define LZO_DICT_USE_PTR 1 +-#if 0 && (LZO_ARCH_I086) +-# undef LZO_DICT_USE_PTR +-# define LZO_DICT_USE_PTR 0 +-#endif + #endif + + #if (LZO_DICT_USE_PTR) + # define lzo_dict_t const lzo_bytep +-# define lzo_dict_p lzo_dict_t __LZO_MMODEL * ++# define lzo_dict_p lzo_dict_t * + #else + # define lzo_dict_t lzo_uint +-# define lzo_dict_p lzo_dict_t __LZO_MMODEL * ++# define lzo_dict_p lzo_dict_t * + #endif + + #endif +@@ -2300,10 +3872,9 @@ __lzo_ptr_linear(const lzo_voidp ptr) + lzo_uintptr_t p; + + #if (LZO_ARCH_I086) +- p = (((lzo_uintptr_t)(ACC_PTR_FP_SEG(ptr))) << (16 - ACC_MM_AHSHIFT)) + (ACC_PTR_FP_OFF(ptr)); ++#error "LZO_ARCH_I086 is unsupported" + #elif (LZO_MM_PVP) +- p = (lzo_uintptr_t) (ptr); +- p = (p << 3) | (p >> 61); ++#error "LZO_MM_PVP is unsupported" + #else + p = (lzo_uintptr_t) PTR_LINEAR(ptr); + #endif +@@ -2314,9 +3885,8 @@ __lzo_ptr_linear(const lzo_voidp ptr) + LZO_PUBLIC(unsigned) + __lzo_align_gap(const lzo_voidp ptr, lzo_uint size) + { +-#if defined(__LZO_UINTPTR_T_IS_POINTER) +- size_t n = (size_t) ptr; +- n = (((n + size - 1) / size) * size) - n; ++#if (__LZO_UINTPTR_T_IS_POINTER) ++#error "__LZO_UINTPTR_T_IS_POINTER is unsupported" + #else + lzo_uintptr_t p, n; + p = __lzo_ptr_linear(ptr); +@@ -2342,7 +3912,7 @@ static const char __lzo_copyright[] = + #else + "\r\n\n" + "LZO data compression library.\n" +- "$Copyright: LZO Copyright (C) 1996-2011 Markus Franz Xaver Johannes Oberhumer\n" ++ "$Copyright: LZO Copyright (C) 1996-2014 Markus Franz Xaver Johannes Oberhumer\n" + "\n" + "http://www.oberhumer.com $\n\n" + "$Id: LZO version: v" LZO_VERSION_STRING ", " LZO_VERSION_DATE " $\n" +@@ -2352,11 +3922,7 @@ static const char __lzo_copyright[] = + LZO_PUBLIC(const lzo_bytep) + lzo_copyright(void) + { +-#if (LZO_OS_DOS16 && LZO_CC_TURBOC) +- return (lzo_voidp) __lzo_copyright; +-#else + return (const lzo_bytep) __lzo_copyright; +-#endif + } + + LZO_PUBLIC(unsigned) +@@ -2393,16 +3959,16 @@ _lzo_version_date(void) + #define LZO_NMAX 5552 + + #define LZO_DO1(buf,i) s1 += buf[i]; s2 += s1 +-#define LZO_DO2(buf,i) LZO_DO1(buf,i); LZO_DO1(buf,i+1); +-#define LZO_DO4(buf,i) LZO_DO2(buf,i); LZO_DO2(buf,i+2); +-#define LZO_DO8(buf,i) LZO_DO4(buf,i); LZO_DO4(buf,i+4); +-#define LZO_DO16(buf,i) LZO_DO8(buf,i); LZO_DO8(buf,i+8); ++#define LZO_DO2(buf,i) LZO_DO1(buf,i); LZO_DO1(buf,i+1) ++#define LZO_DO4(buf,i) LZO_DO2(buf,i); LZO_DO2(buf,i+2) ++#define LZO_DO8(buf,i) LZO_DO4(buf,i); LZO_DO4(buf,i+4) ++#define LZO_DO16(buf,i) LZO_DO8(buf,i); LZO_DO8(buf,i+8) + +-LZO_PUBLIC(lzo_uint32) +-lzo_adler32(lzo_uint32 adler, const lzo_bytep buf, lzo_uint len) ++LZO_PUBLIC(lzo_uint32_t) ++lzo_adler32(lzo_uint32_t adler, const lzo_bytep buf, lzo_uint len) + { +- lzo_uint32 s1 = adler & 0xffff; +- lzo_uint32 s2 = (adler >> 16) & 0xffff; ++ lzo_uint32_t s1 = adler & 0xffff; ++ lzo_uint32_t s2 = (adler >> 16) & 0xffff; + unsigned k; + + if (buf == NULL) +@@ -2459,8 +4025,8 @@ lzo_adler32(lzo_uint32 adler, const lzo_bytep buf, lzo_uint len) + LZOLIB_PUBLIC(int, lzo_hmemcmp) (const lzo_hvoid_p s1, const lzo_hvoid_p s2, lzo_hsize_t len) + { + #if (LZO_HAVE_MM_HUGE_PTR) || !(HAVE_MEMCMP) +- const lzo_hbyte_p p1 = (const lzo_hbyte_p) s1; +- const lzo_hbyte_p p2 = (const lzo_hbyte_p) s2; ++ const lzo_hbyte_p p1 = LZO_STATIC_CAST(const lzo_hbyte_p, s1); ++ const lzo_hbyte_p p2 = LZO_STATIC_CAST(const lzo_hbyte_p, s2); + if __lzo_likely(len > 0) do + { + int d = *p1 - *p2; +@@ -2476,8 +4042,8 @@ LZOLIB_PUBLIC(int, lzo_hmemcmp) (const lzo_hvoid_p s1, const lzo_hvoid_p s2, lzo + LZOLIB_PUBLIC(lzo_hvoid_p, lzo_hmemcpy) (lzo_hvoid_p dest, const lzo_hvoid_p src, lzo_hsize_t len) + { + #if (LZO_HAVE_MM_HUGE_PTR) || !(HAVE_MEMCPY) +- lzo_hbyte_p p1 = (lzo_hbyte_p) dest; +- const lzo_hbyte_p p2 = (const lzo_hbyte_p) src; ++ lzo_hbyte_p p1 = LZO_STATIC_CAST(lzo_hbyte_p, dest); ++ const lzo_hbyte_p p2 = LZO_STATIC_CAST(const lzo_hbyte_p, src); + if (!(len > 0) || p1 == p2) + return dest; + do +@@ -2491,8 +4057,8 @@ LZOLIB_PUBLIC(lzo_hvoid_p, lzo_hmemcpy) (lzo_hvoid_p dest, const lzo_hvoid_p src + LZOLIB_PUBLIC(lzo_hvoid_p, lzo_hmemmove) (lzo_hvoid_p dest, const lzo_hvoid_p src, lzo_hsize_t len) + { + #if (LZO_HAVE_MM_HUGE_PTR) || !(HAVE_MEMMOVE) +- lzo_hbyte_p p1 = (lzo_hbyte_p) dest; +- const lzo_hbyte_p p2 = (const lzo_hbyte_p) src; ++ lzo_hbyte_p p1 = LZO_STATIC_CAST(lzo_hbyte_p, dest); ++ const lzo_hbyte_p p2 = LZO_STATIC_CAST(const lzo_hbyte_p, src); + if (!(len > 0) || p1 == p2) + return dest; + if (p1 < p2) +@@ -2514,16 +4080,17 @@ LZOLIB_PUBLIC(lzo_hvoid_p, lzo_hmemmove) (lzo_hvoid_p dest, const lzo_hvoid_p sr + return memmove(dest, src, len); + #endif + } +-LZOLIB_PUBLIC(lzo_hvoid_p, lzo_hmemset) (lzo_hvoid_p s, int c, lzo_hsize_t len) ++LZOLIB_PUBLIC(lzo_hvoid_p, lzo_hmemset) (lzo_hvoid_p s, int cc, lzo_hsize_t len) + { + #if (LZO_HAVE_MM_HUGE_PTR) || !(HAVE_MEMSET) +- lzo_hbyte_p p = (lzo_hbyte_p) s; ++ lzo_hbyte_p p = LZO_STATIC_CAST(lzo_hbyte_p, s); ++ unsigned char c = LZO_ITRUNC(unsigned char, cc); + if __lzo_likely(len > 0) do +- *p++ = (unsigned char) c; ++ *p++ = c; + while __lzo_likely(--len > 0); + return s; + #else +- return memset(s, c, len); ++ return memset(s, cc, len); + #endif + } + #undef LZOLIB_PUBLIC +@@ -2532,105 +4099,28 @@ LZOLIB_PUBLIC(lzo_hvoid_p, lzo_hmemset) (lzo_hvoid_p s, int c, lzo_hsize_t len) + + #if !defined(__LZO_IN_MINILZO) + +-#define ACC_WANT_ACC_CHK_CH 1 +-#undef ACCCHK_ASSERT ++#define LZO_WANT_ACC_CHK_CH 1 ++#undef LZOCHK_ASSERT + +- ACCCHK_ASSERT_IS_SIGNED_T(lzo_int) +- ACCCHK_ASSERT_IS_UNSIGNED_T(lzo_uint) +- +- ACCCHK_ASSERT_IS_SIGNED_T(lzo_int32) +- ACCCHK_ASSERT_IS_UNSIGNED_T(lzo_uint32) +- ACCCHK_ASSERT((LZO_UINT32_C(1) << (int)(8*sizeof(LZO_UINT32_C(1))-1)) > 0) +- ACCCHK_ASSERT(sizeof(lzo_uint32) >= 4) +-#if defined(LZO_UINT64_MAX) +- ACCCHK_ASSERT(sizeof(lzo_uint64) == 8) +- ACCCHK_ASSERT_IS_SIGNED_T(lzo_int64) +- ACCCHK_ASSERT_IS_UNSIGNED_T(lzo_uint64) ++ LZOCHK_ASSERT((LZO_UINT32_C(1) << (int)(8*sizeof(LZO_UINT32_C(1))-1)) > 0) ++ LZOCHK_ASSERT_IS_SIGNED_T(lzo_int) ++ LZOCHK_ASSERT_IS_UNSIGNED_T(lzo_uint) ++#if !(__LZO_UINTPTR_T_IS_POINTER) ++ LZOCHK_ASSERT_IS_UNSIGNED_T(lzo_uintptr_t) + #endif ++ LZOCHK_ASSERT(sizeof(lzo_uintptr_t) >= sizeof(lzo_voidp)) ++ LZOCHK_ASSERT_IS_UNSIGNED_T(lzo_xint) + +-#if !defined(__LZO_UINTPTR_T_IS_POINTER) +- ACCCHK_ASSERT_IS_UNSIGNED_T(lzo_uintptr_t) + #endif +- ACCCHK_ASSERT(sizeof(lzo_uintptr_t) >= sizeof(lzo_voidp)) +- +- ACCCHK_ASSERT_IS_UNSIGNED_T(lzo_xint) +- ACCCHK_ASSERT(sizeof(lzo_xint) >= sizeof(lzo_uint32)) +- ACCCHK_ASSERT(sizeof(lzo_xint) >= sizeof(lzo_uint)) +- ACCCHK_ASSERT(sizeof(lzo_xint) == sizeof(lzo_uint32) || sizeof(lzo_xint) == sizeof(lzo_uint)) ++#undef LZOCHK_ASSERT + ++union lzo_config_check_union { ++ lzo_uint a[2]; ++ unsigned char b[2*LZO_MAX(8,sizeof(lzo_uint))]; ++#if defined(lzo_uint64_t) ++ lzo_uint64_t c[2]; + #endif +-#undef ACCCHK_ASSERT +- +-#if 0 +-#define WANT_lzo_bitops_clz32 1 +-#define WANT_lzo_bitops_clz64 1 +-#endif +-#define WANT_lzo_bitops_ctz32 1 +-#define WANT_lzo_bitops_ctz64 1 +- +-#if (defined(_WIN32) || defined(_WIN64)) && ((LZO_CC_INTELC && (__INTEL_COMPILER >= 1000)) || (LZO_CC_MSC && (_MSC_VER >= 1400))) +-#include +-#if !defined(lzo_bitops_clz32) && defined(WANT_lzo_bitops_clz32) && 0 +-#pragma intrinsic(_BitScanReverse) +-static __lzo_inline unsigned lzo_bitops_clz32(lzo_uint32 v) +-{ +- unsigned long r; +- (void) _BitScanReverse(&r, v); +- return (unsigned) r; +-} +-#define lzo_bitops_clz32 lzo_bitops_clz32 +-#endif +-#if !defined(lzo_bitops_clz64) && defined(WANT_lzo_bitops_clz64) && defined(LZO_UINT64_MAX) && 0 +-#pragma intrinsic(_BitScanReverse64) +-static __lzo_inline unsigned lzo_bitops_clz64(lzo_uint64 v) +-{ +- unsigned long r; +- (void) _BitScanReverse64(&r, v); +- return (unsigned) r; +-} +-#define lzo_bitops_clz64 lzo_bitops_clz64 +-#endif +-#if !defined(lzo_bitops_ctz32) && defined(WANT_lzo_bitops_ctz32) +-#pragma intrinsic(_BitScanForward) +-static __lzo_inline unsigned lzo_bitops_ctz32(lzo_uint32 v) +-{ +- unsigned long r; +- (void) _BitScanForward(&r, v); +- return (unsigned) r; +-} +-#define lzo_bitops_ctz32 lzo_bitops_ctz32 +-#endif +-#if !defined(lzo_bitops_ctz64) && defined(WANT_lzo_bitops_ctz64) && defined(LZO_UINT64_MAX) +-#pragma intrinsic(_BitScanForward64) +-static __lzo_inline unsigned lzo_bitops_ctz64(lzo_uint64 v) +-{ +- unsigned long r; +- (void) _BitScanForward64(&r, v); +- return (unsigned) r; +-} +-#define lzo_bitops_ctz64 lzo_bitops_ctz64 +-#endif +- +-#elif (LZO_CC_CLANG || (LZO_CC_GNUC >= 0x030400ul) || (LZO_CC_INTELC && (__INTEL_COMPILER >= 1000)) || LZO_CC_LLVM) +-#if !defined(lzo_bitops_clz32) && defined(WANT_lzo_bitops_clz32) +-#define lzo_bitops_clz32(v) ((unsigned) __builtin_clz(v)) +-#endif +-#if !defined(lzo_bitops_clz64) && defined(WANT_lzo_bitops_clz64) && defined(LZO_UINT64_MAX) +-#define lzo_bitops_clz64(v) ((unsigned) __builtin_clzll(v)) +-#endif +-#if !defined(lzo_bitops_ctz32) && defined(WANT_lzo_bitops_ctz32) +-#define lzo_bitops_ctz32(v) ((unsigned) __builtin_ctz(v)) +-#endif +-#if !defined(lzo_bitops_ctz64) && defined(WANT_lzo_bitops_ctz64) && defined(LZO_UINT64_MAX) +-#define lzo_bitops_ctz64(v) ((unsigned) __builtin_ctzll(v)) +-#endif +-#if !defined(lzo_bitops_popcount32) && defined(WANT_lzo_bitops_popcount32) +-#define lzo_bitops_popcount32(v) ((unsigned) __builtin_popcount(v)) +-#endif +-#if !defined(lzo_bitops_popcount32) && defined(WANT_lzo_bitops_popcount64) && defined(LZO_UINT64_MAX) +-#define lzo_bitops_popcount64(v) ((unsigned) __builtin_popcountll(v)) +-#endif +-#endif ++}; + + #if 0 + #define u2p(ptr,off) ((lzo_voidp) (((lzo_bytep)(lzo_voidp)(ptr)) + (off))) +@@ -2644,73 +4134,101 @@ static __lzo_noinline lzo_voidp u2p(lzo_voidp ptr, lzo_uint off) + LZO_PUBLIC(int) + _lzo_config_check(void) + { +- lzo_bool r = 1; +- union { +- lzo_xint a[2]; unsigned char b[2*LZO_MAX(8,sizeof(lzo_xint))]; +-#if defined(LZO_UNALIGNED_OK_8) +- lzo_uint64 c[2]; ++#if (LZO_CC_CLANG && (LZO_CC_CLANG >= 0x030100ul && LZO_CC_CLANG < 0x030300ul)) ++# if 0 ++ volatile ++# endif + #endif +- unsigned short x[2]; lzo_uint32 y[2]; lzo_uint z[2]; +- } u; ++ union lzo_config_check_union u; + lzo_voidp p; ++ unsigned r = 1; + + u.a[0] = u.a[1] = 0; + p = u2p(&u, 0); + r &= ((* (lzo_bytep) p) == 0); +-#if !defined(LZO_CFG_NO_CONFIG_CHECK) +-#if defined(LZO_ABI_BIG_ENDIAN) ++#if !(LZO_CFG_NO_CONFIG_CHECK) ++#if (LZO_ABI_BIG_ENDIAN) + u.a[0] = u.a[1] = 0; u.b[sizeof(lzo_uint) - 1] = 128; + p = u2p(&u, 0); + r &= ((* (lzo_uintp) p) == 128); + #endif +-#if defined(LZO_ABI_LITTLE_ENDIAN) ++#if (LZO_ABI_LITTLE_ENDIAN) + u.a[0] = u.a[1] = 0; u.b[0] = 128; + p = u2p(&u, 0); + r &= ((* (lzo_uintp) p) == 128); + #endif +-#if defined(LZO_UNALIGNED_OK_2) + u.a[0] = u.a[1] = 0; +- u.b[0] = 1; u.b[sizeof(unsigned short) + 1] = 2; ++ u.b[0] = 1; u.b[3] = 2; + p = u2p(&u, 1); +- r &= ((* (lzo_ushortp) p) == 0); ++ r &= UA_GET_NE16(p) == 0; ++ r &= UA_GET_LE16(p) == 0; ++ u.b[1] = 128; ++ r &= UA_GET_LE16(p) == 128; ++ u.b[2] = 129; ++ r &= UA_GET_LE16(p) == LZO_UINT16_C(0x8180); ++#if (LZO_ABI_BIG_ENDIAN) ++ r &= UA_GET_NE16(p) == LZO_UINT16_C(0x8081); ++#endif ++#if (LZO_ABI_LITTLE_ENDIAN) ++ r &= UA_GET_NE16(p) == LZO_UINT16_C(0x8180); + #endif +-#if defined(LZO_UNALIGNED_OK_4) + u.a[0] = u.a[1] = 0; +- u.b[0] = 3; u.b[sizeof(lzo_uint32) + 1] = 4; ++ u.b[0] = 3; u.b[5] = 4; + p = u2p(&u, 1); +- r &= ((* (lzo_uint32p) p) == 0); ++ r &= UA_GET_NE32(p) == 0; ++ r &= UA_GET_LE32(p) == 0; ++ u.b[1] = 128; ++ r &= UA_GET_LE32(p) == 128; ++ u.b[2] = 129; u.b[3] = 130; u.b[4] = 131; ++ r &= UA_GET_LE32(p) == LZO_UINT32_C(0x83828180); ++#if (LZO_ABI_BIG_ENDIAN) ++ r &= UA_GET_NE32(p) == LZO_UINT32_C(0x80818283); ++#endif ++#if (LZO_ABI_LITTLE_ENDIAN) ++ r &= UA_GET_NE32(p) == LZO_UINT32_C(0x83828180); + #endif +-#if defined(LZO_UNALIGNED_OK_8) ++#if defined(UA_GET_NE64) + u.c[0] = u.c[1] = 0; +- u.b[0] = 5; u.b[sizeof(lzo_uint64) + 1] = 6; ++ u.b[0] = 5; u.b[9] = 6; + p = u2p(&u, 1); +- r &= ((* (lzo_uint64p) p) == 0); ++ u.c[0] = u.c[1] = 0; ++ r &= UA_GET_NE64(p) == 0; ++#if defined(UA_GET_LE64) ++ r &= UA_GET_LE64(p) == 0; ++ u.b[1] = 128; ++ r &= UA_GET_LE64(p) == 128; ++#endif + #endif +-#if defined(lzo_bitops_clz32) +- { unsigned i; lzo_uint32 v = 1; +- for (i = 0; i < 31; i++, v <<= 1) +- r &= lzo_bitops_clz32(v) == 31 - i; +- } ++#if defined(lzo_bitops_ctlz32) ++ { unsigned i = 0; lzo_uint32_t v; ++ for (v = 1; v != 0 && r == 1; v <<= 1, i++) { ++ r &= lzo_bitops_ctlz32(v) == 31 - i; ++ r &= lzo_bitops_ctlz32_func(v) == 31 - i; ++ }} + #endif +-#if defined(lzo_bitops_clz64) +- { unsigned i; lzo_uint64 v = 1; +- for (i = 0; i < 63; i++, v <<= 1) +- r &= lzo_bitops_clz64(v) == 63 - i; +- } ++#if defined(lzo_bitops_ctlz64) ++ { unsigned i = 0; lzo_uint64_t v; ++ for (v = 1; v != 0 && r == 1; v <<= 1, i++) { ++ r &= lzo_bitops_ctlz64(v) == 63 - i; ++ r &= lzo_bitops_ctlz64_func(v) == 63 - i; ++ }} + #endif +-#if defined(lzo_bitops_ctz32) +- { unsigned i; lzo_uint32 v = 1; +- for (i = 0; i < 31; i++, v <<= 1) +- r &= lzo_bitops_ctz32(v) == i; +- } ++#if defined(lzo_bitops_cttz32) ++ { unsigned i = 0; lzo_uint32_t v; ++ for (v = 1; v != 0 && r == 1; v <<= 1, i++) { ++ r &= lzo_bitops_cttz32(v) == i; ++ r &= lzo_bitops_cttz32_func(v) == i; ++ }} + #endif +-#if defined(lzo_bitops_ctz64) +- { unsigned i; lzo_uint64 v = 1; +- for (i = 0; i < 63; i++, v <<= 1) +- r &= lzo_bitops_ctz64(v) == i; +- } ++#if defined(lzo_bitops_cttz64) ++ { unsigned i = 0; lzo_uint64_t v; ++ for (v = 1; v != 0 && r == 1; v <<= 1, i++) { ++ r &= lzo_bitops_cttz64(v) == i; ++ r &= lzo_bitops_cttz64_func(v) == i; ++ }} + #endif + #endif ++ LZO_UNUSED_FUNC(lzo_bitops_unused_funcs); + + return r == 1 ? LZO_E_OK : LZO_E_ERROR; + } +@@ -2724,11 +4242,11 @@ __lzo_init_v2(unsigned v, int s1, int s2, int s3, int s4, int s5, + #if defined(__LZO_IN_MINILZO) + #elif (LZO_CC_MSC && ((_MSC_VER) < 700)) + #else +-#define ACC_WANT_ACC_CHK_CH 1 +-#undef ACCCHK_ASSERT +-#define ACCCHK_ASSERT(expr) LZO_COMPILE_TIME_ASSERT(expr) ++#define LZO_WANT_ACC_CHK_CH 1 ++#undef LZOCHK_ASSERT ++#define LZOCHK_ASSERT(expr) LZO_COMPILE_TIME_ASSERT(expr) + #endif +-#undef ACCCHK_ASSERT ++#undef LZOCHK_ASSERT + + if (v == 0) + return LZO_E_ERROR; +@@ -2736,7 +4254,7 @@ __lzo_init_v2(unsigned v, int s1, int s2, int s3, int s4, int s5, + r = (s1 == -1 || s1 == (int) sizeof(short)) && + (s2 == -1 || s2 == (int) sizeof(int)) && + (s3 == -1 || s3 == (int) sizeof(long)) && +- (s4 == -1 || s4 == (int) sizeof(lzo_uint32)) && ++ (s4 == -1 || s4 == (int) sizeof(lzo_uint32_t)) && + (s5 == -1 || s5 == (int) sizeof(lzo_uint)) && + (s6 == -1 || s6 == (int) lzo_sizeof_dict_t) && + (s7 == -1 || s7 == (int) sizeof(char *)) && +@@ -2779,11 +4297,11 @@ int __far __pascal LibMain ( int a, short b, short c, long d ) + + #if !defined(MINILZO_CFG_SKIP_LZO1X_1_COMPRESS) + +-#if 1 && defined(UA_GET32) ++#if 1 && defined(UA_GET_LE32) + #undef LZO_DICT_USE_PTR + #define LZO_DICT_USE_PTR 0 + #undef lzo_dict_t +-#define lzo_dict_t unsigned short ++#define lzo_dict_t lzo_uint16_t + #endif + + #define LZO_NEED_DICT_H 1 +@@ -3088,77 +4606,7 @@ DVAL_ASSERT(lzo_xint dv, const lzo_bytep p) + #endif + + #if 1 && defined(DO_COMPRESS) && !defined(do_compress) +-# define do_compress LZO_CPP_ECONCAT2(DO_COMPRESS,_core) +-#endif +- +-#if defined(UA_GET64) +-# define WANT_lzo_bitops_ctz64 1 +-#elif defined(UA_GET32) +-# define WANT_lzo_bitops_ctz32 1 +-#endif +- +-#if (defined(_WIN32) || defined(_WIN64)) && ((LZO_CC_INTELC && (__INTEL_COMPILER >= 1000)) || (LZO_CC_MSC && (_MSC_VER >= 1400))) +-#include +-#if !defined(lzo_bitops_clz32) && defined(WANT_lzo_bitops_clz32) && 0 +-#pragma intrinsic(_BitScanReverse) +-static __lzo_inline unsigned lzo_bitops_clz32(lzo_uint32 v) +-{ +- unsigned long r; +- (void) _BitScanReverse(&r, v); +- return (unsigned) r; +-} +-#define lzo_bitops_clz32 lzo_bitops_clz32 +-#endif +-#if !defined(lzo_bitops_clz64) && defined(WANT_lzo_bitops_clz64) && defined(LZO_UINT64_MAX) && 0 +-#pragma intrinsic(_BitScanReverse64) +-static __lzo_inline unsigned lzo_bitops_clz64(lzo_uint64 v) +-{ +- unsigned long r; +- (void) _BitScanReverse64(&r, v); +- return (unsigned) r; +-} +-#define lzo_bitops_clz64 lzo_bitops_clz64 +-#endif +-#if !defined(lzo_bitops_ctz32) && defined(WANT_lzo_bitops_ctz32) +-#pragma intrinsic(_BitScanForward) +-static __lzo_inline unsigned lzo_bitops_ctz32(lzo_uint32 v) +-{ +- unsigned long r; +- (void) _BitScanForward(&r, v); +- return (unsigned) r; +-} +-#define lzo_bitops_ctz32 lzo_bitops_ctz32 +-#endif +-#if !defined(lzo_bitops_ctz64) && defined(WANT_lzo_bitops_ctz64) && defined(LZO_UINT64_MAX) +-#pragma intrinsic(_BitScanForward64) +-static __lzo_inline unsigned lzo_bitops_ctz64(lzo_uint64 v) +-{ +- unsigned long r; +- (void) _BitScanForward64(&r, v); +- return (unsigned) r; +-} +-#define lzo_bitops_ctz64 lzo_bitops_ctz64 +-#endif +- +-#elif (LZO_CC_CLANG || (LZO_CC_GNUC >= 0x030400ul) || (LZO_CC_INTELC && (__INTEL_COMPILER >= 1000)) || LZO_CC_LLVM) +-#if !defined(lzo_bitops_clz32) && defined(WANT_lzo_bitops_clz32) +-#define lzo_bitops_clz32(v) ((unsigned) __builtin_clz(v)) +-#endif +-#if !defined(lzo_bitops_clz64) && defined(WANT_lzo_bitops_clz64) && defined(LZO_UINT64_MAX) +-#define lzo_bitops_clz64(v) ((unsigned) __builtin_clzll(v)) +-#endif +-#if !defined(lzo_bitops_ctz32) && defined(WANT_lzo_bitops_ctz32) +-#define lzo_bitops_ctz32(v) ((unsigned) __builtin_ctz(v)) +-#endif +-#if !defined(lzo_bitops_ctz64) && defined(WANT_lzo_bitops_ctz64) && defined(LZO_UINT64_MAX) +-#define lzo_bitops_ctz64(v) ((unsigned) __builtin_ctzll(v)) +-#endif +-#if !defined(lzo_bitops_popcount32) && defined(WANT_lzo_bitops_popcount32) +-#define lzo_bitops_popcount32(v) ((unsigned) __builtin_popcount(v)) +-#endif +-#if !defined(lzo_bitops_popcount32) && defined(WANT_lzo_bitops_popcount64) && defined(LZO_UINT64_MAX) +-#define lzo_bitops_popcount64(v) ((unsigned) __builtin_popcountll(v)) +-#endif ++# define do_compress LZO_PP_ECONCAT2(DO_COMPRESS,_core) + #endif + + static __lzo_noinline lzo_uint +@@ -3166,7 +4614,7 @@ do_compress ( const lzo_bytep in , lzo_uint in_len, + lzo_bytep out, lzo_uintp out_len, + lzo_uint ti, lzo_voidp wrkmem) + { +- register const lzo_bytep ip; ++ const lzo_bytep ip; + lzo_bytep op; + const lzo_bytep const in_end = in + in_len; + const lzo_bytep const ip_end = in + in_len - 20; +@@ -3175,7 +4623,7 @@ do_compress ( const lzo_bytep in , lzo_uint in_len, + + op = out; + ip = in; +- ii = ip - ti; ++ ii = ip; + + ip += ti < 4 ? 4 - ti : 0; + for (;;) +@@ -3205,8 +4653,8 @@ next: + goto literal; + + try_match: +-#if defined(UA_GET32) +- if (UA_GET32(m_pos) != UA_GET32(ip)) ++#if (LZO_OPT_UNALIGNED32) ++ if (UA_GET_NE32(m_pos) != UA_GET_NE32(ip)) + #else + if (m_pos[0] != ip[0] || m_pos[1] != ip[1] || m_pos[2] != ip[2] || m_pos[3] != ip[3]) + #endif +@@ -3221,49 +4669,43 @@ literal: + lzo_uint m_off; + lzo_uint m_len; + { +- lzo_uint32 dv; ++ lzo_uint32_t dv; + lzo_uint dindex; + literal: + ip += 1 + ((ip - ii) >> 5); + next: + if __lzo_unlikely(ip >= ip_end) + break; +- dv = UA_GET32(ip); ++ dv = UA_GET_LE32(ip); + dindex = DINDEX(dv,ip); + GINDEX(m_off,m_pos,in+dict,dindex,in); + UPDATE_I(dict,0,dindex,ip,in); +- if __lzo_unlikely(dv != UA_GET32(m_pos)) ++ if __lzo_unlikely(dv != UA_GET_LE32(m_pos)) + goto literal; + } + #endif + ++ ii -= ti; ti = 0; + { +- register lzo_uint t = pd(ip,ii); ++ lzo_uint t = pd(ip,ii); + if (t != 0) + { + if (t <= 3) + { +- op[-2] |= LZO_BYTE(t); +-#if defined(UA_COPY32) +- UA_COPY32(op, ii); ++ op[-2] = LZO_BYTE(op[-2] | t); ++#if (LZO_OPT_UNALIGNED32) ++ UA_COPY4(op, ii); + op += t; + #else + { do *op++ = *ii++; while (--t > 0); } + #endif + } +-#if defined(UA_COPY32) || defined(UA_COPY64) ++#if (LZO_OPT_UNALIGNED32) || (LZO_OPT_UNALIGNED64) + else if (t <= 16) + { + *op++ = LZO_BYTE(t - 3); +-#if defined(UA_COPY64) +- UA_COPY64(op, ii); +- UA_COPY64(op+8, ii+8); +-#else +- UA_COPY32(op, ii); +- UA_COPY32(op+4, ii+4); +- UA_COPY32(op+8, ii+8); +- UA_COPY32(op+12, ii+12); +-#endif ++ UA_COPY8(op, ii); ++ UA_COPY8(op+8, ii+8); + op += t; + } + #endif +@@ -3273,31 +4715,21 @@ next: + *op++ = LZO_BYTE(t - 3); + else + { +- register lzo_uint tt = t - 18; ++ lzo_uint tt = t - 18; + *op++ = 0; + while __lzo_unlikely(tt > 255) + { + tt -= 255; +-#if 1 && (LZO_CC_MSC && (_MSC_VER >= 1400)) +- * (volatile unsigned char *) op++ = 0; +-#else +- *op++ = 0; +-#endif ++ UA_SET1(op, 0); ++ op++; + } + assert(tt > 0); + *op++ = LZO_BYTE(tt); + } +-#if defined(UA_COPY32) || defined(UA_COPY64) ++#if (LZO_OPT_UNALIGNED32) || (LZO_OPT_UNALIGNED64) + do { +-#if defined(UA_COPY64) +- UA_COPY64(op, ii); +- UA_COPY64(op+8, ii+8); +-#else +- UA_COPY32(op, ii); +- UA_COPY32(op+4, ii+4); +- UA_COPY32(op+8, ii+8); +- UA_COPY32(op+12, ii+12); +-#endif ++ UA_COPY8(op, ii); ++ UA_COPY8(op+8, ii+8); + op += 16; ii += 16; t -= 16; + } while (t >= 16); if (t > 0) + #endif +@@ -3307,19 +4739,26 @@ next: + } + m_len = 4; + { +-#if defined(UA_GET64) +- lzo_uint64 v; +- v = UA_GET64(ip + m_len) ^ UA_GET64(m_pos + m_len); ++#if (LZO_OPT_UNALIGNED64) ++ lzo_uint64_t v; ++ v = UA_GET_NE64(ip + m_len) ^ UA_GET_NE64(m_pos + m_len); + if __lzo_unlikely(v == 0) { + do { + m_len += 8; +- v = UA_GET64(ip + m_len) ^ UA_GET64(m_pos + m_len); ++ v = UA_GET_NE64(ip + m_len) ^ UA_GET_NE64(m_pos + m_len); + if __lzo_unlikely(ip + m_len >= ip_end) + goto m_len_done; + } while (v == 0); + } +-#if (LZO_ABI_LITTLE_ENDIAN) && defined(lzo_bitops_ctz64) +- m_len += lzo_bitops_ctz64(v) / CHAR_BIT; ++#if (LZO_ABI_BIG_ENDIAN) && defined(lzo_bitops_ctlz64) ++ m_len += lzo_bitops_ctlz64(v) / CHAR_BIT; ++#elif (LZO_ABI_BIG_ENDIAN) ++ if ((v >> (64 - CHAR_BIT)) == 0) do { ++ v <<= CHAR_BIT; ++ m_len += 1; ++ } while ((v >> (64 - CHAR_BIT)) == 0); ++#elif (LZO_ABI_LITTLE_ENDIAN) && defined(lzo_bitops_cttz64) ++ m_len += lzo_bitops_cttz64(v) / CHAR_BIT; + #elif (LZO_ABI_LITTLE_ENDIAN) + if ((v & UCHAR_MAX) == 0) do { + v >>= CHAR_BIT; +@@ -3330,19 +4769,30 @@ next: + m_len += 1; + } while (ip[m_len] == m_pos[m_len]); + #endif +-#elif defined(UA_GET32) +- lzo_uint32 v; +- v = UA_GET32(ip + m_len) ^ UA_GET32(m_pos + m_len); ++#elif (LZO_OPT_UNALIGNED32) ++ lzo_uint32_t v; ++ v = UA_GET_NE32(ip + m_len) ^ UA_GET_NE32(m_pos + m_len); + if __lzo_unlikely(v == 0) { + do { + m_len += 4; +- v = UA_GET32(ip + m_len) ^ UA_GET32(m_pos + m_len); ++ v = UA_GET_NE32(ip + m_len) ^ UA_GET_NE32(m_pos + m_len); ++ if (v != 0) ++ break; ++ m_len += 4; ++ v = UA_GET_NE32(ip + m_len) ^ UA_GET_NE32(m_pos + m_len); + if __lzo_unlikely(ip + m_len >= ip_end) + goto m_len_done; + } while (v == 0); + } +-#if (LZO_ABI_LITTLE_ENDIAN) && defined(lzo_bitops_ctz32) +- m_len += lzo_bitops_ctz32(v) / CHAR_BIT; ++#if (LZO_ABI_BIG_ENDIAN) && defined(lzo_bitops_ctlz32) ++ m_len += lzo_bitops_ctlz32(v) / CHAR_BIT; ++#elif (LZO_ABI_BIG_ENDIAN) ++ if ((v >> (32 - CHAR_BIT)) == 0) do { ++ v <<= CHAR_BIT; ++ m_len += 1; ++ } while ((v >> (32 - CHAR_BIT)) == 0); ++#elif (LZO_ABI_LITTLE_ENDIAN) && defined(lzo_bitops_cttz32) ++ m_len += lzo_bitops_cttz32(v) / CHAR_BIT; + #elif (LZO_ABI_LITTLE_ENDIAN) + if ((v & UCHAR_MAX) == 0) do { + v >>= CHAR_BIT; +@@ -3357,6 +4807,27 @@ next: + if __lzo_unlikely(ip[m_len] == m_pos[m_len]) { + do { + m_len += 1; ++ if (ip[m_len] != m_pos[m_len]) ++ break; ++ m_len += 1; ++ if (ip[m_len] != m_pos[m_len]) ++ break; ++ m_len += 1; ++ if (ip[m_len] != m_pos[m_len]) ++ break; ++ m_len += 1; ++ if (ip[m_len] != m_pos[m_len]) ++ break; ++ m_len += 1; ++ if (ip[m_len] != m_pos[m_len]) ++ break; ++ m_len += 1; ++ if (ip[m_len] != m_pos[m_len]) ++ break; ++ m_len += 1; ++ if (ip[m_len] != m_pos[m_len]) ++ break; ++ m_len += 1; + if __lzo_unlikely(ip + m_len >= ip_end) + goto m_len_done; + } while (ip[m_len] == m_pos[m_len]); +@@ -3390,11 +4861,8 @@ m_len_done: + while __lzo_unlikely(m_len > 255) + { + m_len -= 255; +-#if 1 && (LZO_CC_MSC && (_MSC_VER >= 1400)) +- * (volatile unsigned char *) op++ = 0; +-#else +- *op++ = 0; +-#endif ++ UA_SET1(op, 0); ++ op++; + } + *op++ = LZO_BYTE(m_len); + } +@@ -3413,11 +4881,8 @@ m_len_done: + while __lzo_unlikely(m_len > 255) + { + m_len -= 255; +-#if 1 && (LZO_CC_MSC && (_MSC_VER >= 1400)) +- * (volatile unsigned char *) op++ = 0; +-#else +- *op++ = 0; +-#endif ++ UA_SET1(op, 0); ++ op++; + } + *op++ = LZO_BYTE(m_len); + } +@@ -3428,7 +4893,7 @@ m_len_done: + } + + *out_len = pd(op, out); +- return pd(in_end,ii); ++ return pd(in_end,ii-ti); + } + + LZO_PUBLIC(int) +@@ -3468,7 +4933,7 @@ DO_COMPRESS ( const lzo_bytep in , lzo_uint in_len, + if (op == out && t <= 238) + *op++ = LZO_BYTE(17 + t); + else if (t <= 3) +- op[-2] |= LZO_BYTE(t); ++ op[-2] = LZO_BYTE(op[-2] | t); + else if (t <= 18) + *op++ = LZO_BYTE(t - 3); + else +@@ -3479,17 +4944,14 @@ DO_COMPRESS ( const lzo_bytep in , lzo_uint in_len, + while (tt > 255) + { + tt -= 255; +-#if 1 && (LZO_CC_MSC && (_MSC_VER >= 1400)) +- +- * (volatile unsigned char *) op++ = 0; +-#else +- *op++ = 0; +-#endif ++ UA_SET1(op, 0); ++ op++; + } + assert(tt > 0); + *op++ = LZO_BYTE(tt); + } +- do *op++ = *ii++; while (--t > 0); ++ UA_COPYN(op, ii, t); ++ op += t; + } + + *op++ = M4_MARKER | 1; +@@ -3526,10 +4988,13 @@ DO_COMPRESS ( const lzo_bytep in , lzo_uint in_len, + + #undef TEST_IP + #undef TEST_OP ++#undef TEST_IP_AND_TEST_OP + #undef TEST_LB + #undef TEST_LBO + #undef NEED_IP + #undef NEED_OP ++#undef TEST_IV ++#undef TEST_OV + #undef HAVE_TEST_IP + #undef HAVE_TEST_OP + #undef HAVE_NEED_IP +@@ -3544,6 +5009,7 @@ DO_COMPRESS ( const lzo_bytep in , lzo_uint in_len, + # if (LZO_TEST_OVERRUN_INPUT >= 2) + # define NEED_IP(x) \ + if ((lzo_uint)(ip_end - ip) < (lzo_uint)(x)) goto input_overrun ++# define TEST_IV(x) if ((x) > (lzo_uint)0 - (511)) goto input_overrun + # endif + #endif + +@@ -3555,12 +5021,13 @@ DO_COMPRESS ( const lzo_bytep in , lzo_uint in_len, + # undef TEST_OP + # define NEED_OP(x) \ + if ((lzo_uint)(op_end - op) < (lzo_uint)(x)) goto output_overrun ++# define TEST_OV(x) if ((x) > (lzo_uint)0 - (511)) goto output_overrun + # endif + #endif + + #if defined(LZO_TEST_OVERRUN_LOOKBEHIND) +-# define TEST_LB(m_pos) if (m_pos < out || m_pos >= op) goto lookbehind_overrun +-# define TEST_LBO(m_pos,o) if (m_pos < out || m_pos >= op - (o)) goto lookbehind_overrun ++# define TEST_LB(m_pos) if (PTR_LT(m_pos,out) || PTR_GE(m_pos,op)) goto lookbehind_overrun ++# define TEST_LBO(m_pos,o) if (PTR_LT(m_pos,out) || PTR_GE(m_pos,op-(o))) goto lookbehind_overrun + #else + # define TEST_LB(m_pos) ((void) 0) + # define TEST_LBO(m_pos,o) ((void) 0) +@@ -3581,15 +5048,27 @@ DO_COMPRESS ( const lzo_bytep in , lzo_uint in_len, + # define TEST_OP 1 + #endif + ++#if defined(HAVE_TEST_IP) && defined(HAVE_TEST_OP) ++# define TEST_IP_AND_TEST_OP (TEST_IP && TEST_OP) ++#elif defined(HAVE_TEST_IP) ++# define TEST_IP_AND_TEST_OP TEST_IP ++#elif defined(HAVE_TEST_OP) ++# define TEST_IP_AND_TEST_OP TEST_OP ++#else ++# define TEST_IP_AND_TEST_OP 1 ++#endif ++ + #if defined(NEED_IP) + # define HAVE_NEED_IP 1 + #else + # define NEED_IP(x) ((void) 0) ++# define TEST_IV(x) ((void) 0) + #endif + #if defined(NEED_OP) + # define HAVE_NEED_OP 1 + #else + # define NEED_OP(x) ((void) 0) ++# define TEST_OV(x) ((void) 0) + #endif + + #if defined(HAVE_TEST_IP) || defined(HAVE_NEED_IP) +@@ -3606,14 +5085,14 @@ DO_DECOMPRESS ( const lzo_bytep in , lzo_uint in_len, + lzo_voidp wrkmem ) + #endif + { +- register lzo_bytep op; +- register const lzo_bytep ip; +- register lzo_uint t; ++ lzo_bytep op; ++ const lzo_bytep ip; ++ lzo_uint t; + #if defined(COPY_DICT) + lzo_uint m_off; + const lzo_bytep dict_end; + #else +- register const lzo_bytep m_pos; ++ const lzo_bytep m_pos; + #endif + + const lzo_bytep const ip_end = in + in_len; +@@ -3648,43 +5127,45 @@ DO_DECOMPRESS ( const lzo_bytep in , lzo_uint in_len, + op = out; + ip = in; + ++ NEED_IP(1); + if (*ip > 17) + { + t = *ip++ - 17; + if (t < 4) + goto match_next; +- assert(t > 0); NEED_OP(t); NEED_IP(t+1); ++ assert(t > 0); NEED_OP(t); NEED_IP(t+3); + do *op++ = *ip++; while (--t > 0); + goto first_literal_run; + } + +- while (TEST_IP && TEST_OP) ++ for (;;) + { ++ NEED_IP(3); + t = *ip++; + if (t >= 16) + goto match; + if (t == 0) + { +- NEED_IP(1); + while (*ip == 0) + { + t += 255; + ip++; ++ TEST_IV(t); + NEED_IP(1); + } + t += 15 + *ip++; + } +- assert(t > 0); NEED_OP(t+3); NEED_IP(t+4); +-#if defined(LZO_UNALIGNED_OK_8) && defined(LZO_UNALIGNED_OK_4) ++ assert(t > 0); NEED_OP(t+3); NEED_IP(t+6); ++#if (LZO_OPT_UNALIGNED64) && (LZO_OPT_UNALIGNED32) + t += 3; + if (t >= 8) do + { +- UA_COPY64(op,ip); ++ UA_COPY8(op,ip); + op += 8; ip += 8; t -= 8; + } while (t >= 8); + if (t >= 4) + { +- UA_COPY32(op,ip); ++ UA_COPY4(op,ip); + op += 4; ip += 4; t -= 4; + } + if (t > 0) +@@ -3692,19 +5173,19 @@ DO_DECOMPRESS ( const lzo_bytep in , lzo_uint in_len, + *op++ = *ip++; + if (t > 1) { *op++ = *ip++; if (t > 2) { *op++ = *ip++; } } + } +-#elif defined(LZO_UNALIGNED_OK_4) || defined(LZO_ALIGNED_OK_4) +-#if !defined(LZO_UNALIGNED_OK_4) ++#elif (LZO_OPT_UNALIGNED32) || (LZO_ALIGNED_OK_4) ++#if !(LZO_OPT_UNALIGNED32) + if (PTR_ALIGNED2_4(op,ip)) + { + #endif +- UA_COPY32(op,ip); ++ UA_COPY4(op,ip); + op += 4; ip += 4; + if (--t > 0) + { + if (t >= 4) + { + do { +- UA_COPY32(op,ip); ++ UA_COPY4(op,ip); + op += 4; ip += 4; t -= 4; + } while (t >= 4); + if (t > 0) do *op++ = *ip++; while (--t > 0); +@@ -3712,12 +5193,12 @@ DO_DECOMPRESS ( const lzo_bytep in , lzo_uint in_len, + else + do *op++ = *ip++; while (--t > 0); + } +-#if !defined(LZO_UNALIGNED_OK_4) ++#if !(LZO_OPT_UNALIGNED32) + } + else + #endif + #endif +-#if !defined(LZO_UNALIGNED_OK_4) && !defined(LZO_UNALIGNED_OK_8) ++#if !(LZO_OPT_UNALIGNED32) + { + *op++ = *ip++; *op++ = *ip++; *op++ = *ip++; + do *op++ = *ip++; while (--t > 0); +@@ -3753,7 +5234,7 @@ first_literal_run: + #endif + goto match_done; + +- do { ++ for (;;) { + match: + if (t >= 64) + { +@@ -3813,14 +5294,15 @@ match: + t &= 31; + if (t == 0) + { +- NEED_IP(1); + while (*ip == 0) + { + t += 255; + ip++; ++ TEST_OV(t); + NEED_IP(1); + } + t += 31 + *ip++; ++ NEED_IP(2); + } + #if defined(COPY_DICT) + #if defined(LZO1Z) +@@ -3836,9 +5318,9 @@ match: + m_pos = op - off; + last_m_off = off; + } +-#elif defined(LZO_UNALIGNED_OK_2) && defined(LZO_ABI_LITTLE_ENDIAN) ++#elif (LZO_OPT_UNALIGNED16) && (LZO_ABI_LITTLE_ENDIAN) + m_pos = op - 1; +- m_pos -= UA_GET16(ip) >> 2; ++ m_pos -= UA_GET_LE16(ip) >> 2; + #else + m_pos = op - 1; + m_pos -= (ip[0] >> 2) + (ip[1] << 6); +@@ -3857,14 +5339,15 @@ match: + t &= 7; + if (t == 0) + { +- NEED_IP(1); + while (*ip == 0) + { + t += 255; + ip++; ++ TEST_OV(t); + NEED_IP(1); + } + t += 7 + *ip++; ++ NEED_IP(2); + } + #if defined(COPY_DICT) + #if defined(LZO1Z) +@@ -3882,8 +5365,8 @@ match: + #else + #if defined(LZO1Z) + m_pos -= (ip[0] << 6) + (ip[1] >> 2); +-#elif defined(LZO_UNALIGNED_OK_2) && defined(LZO_ABI_LITTLE_ENDIAN) +- m_pos -= UA_GET16(ip) >> 2; ++#elif (LZO_OPT_UNALIGNED16) && (LZO_ABI_LITTLE_ENDIAN) ++ m_pos -= UA_GET_LE16(ip) >> 2; + #else + m_pos -= (ip[0] >> 2) + (ip[1] << 6); + #endif +@@ -3931,18 +5414,18 @@ match: + #else + + TEST_LB(m_pos); assert(t > 0); NEED_OP(t+3-1); +-#if defined(LZO_UNALIGNED_OK_8) && defined(LZO_UNALIGNED_OK_4) ++#if (LZO_OPT_UNALIGNED64) && (LZO_OPT_UNALIGNED32) + if (op - m_pos >= 8) + { + t += (3 - 1); + if (t >= 8) do + { +- UA_COPY64(op,m_pos); ++ UA_COPY8(op,m_pos); + op += 8; m_pos += 8; t -= 8; + } while (t >= 8); + if (t >= 4) + { +- UA_COPY32(op,m_pos); ++ UA_COPY4(op,m_pos); + op += 4; m_pos += 4; t -= 4; + } + if (t > 0) +@@ -3952,8 +5435,8 @@ match: + } + } + else +-#elif defined(LZO_UNALIGNED_OK_4) || defined(LZO_ALIGNED_OK_4) +-#if !defined(LZO_UNALIGNED_OK_4) ++#elif (LZO_OPT_UNALIGNED32) || (LZO_ALIGNED_OK_4) ++#if !(LZO_OPT_UNALIGNED32) + if (t >= 2 * 4 - (3 - 1) && PTR_ALIGNED2_4(op,m_pos)) + { + assert((op - m_pos) >= 4); +@@ -3961,10 +5444,10 @@ match: + if (t >= 2 * 4 - (3 - 1) && (op - m_pos) >= 4) + { + #endif +- UA_COPY32(op,m_pos); ++ UA_COPY4(op,m_pos); + op += 4; m_pos += 4; t -= 4 - (3 - 1); + do { +- UA_COPY32(op,m_pos); ++ UA_COPY4(op,m_pos); + op += 4; m_pos += 4; t -= 4; + } while (t >= 4); + if (t > 0) do *op++ = *m_pos++; while (--t > 0); +@@ -3989,7 +5472,7 @@ match_done: + break; + + match_next: +- assert(t > 0); assert(t < 4); NEED_OP(t); NEED_IP(t+1); ++ assert(t > 0); assert(t < 4); NEED_OP(t); NEED_IP(t+3); + #if 0 + do *op++ = *ip++; while (--t > 0); + #else +@@ -3997,16 +5480,10 @@ match_next: + if (t > 1) { *op++ = *ip++; if (t > 2) { *op++ = *ip++; } } + #endif + t = *ip++; +- } while (TEST_IP && TEST_OP); ++ } + } + +-#if defined(HAVE_TEST_IP) || defined(HAVE_TEST_OP) +- *out_len = pd(op, out); +- return LZO_E_EOF_NOT_FOUND; +-#endif +- + eof_found: +- assert(t == 1); + *out_len = pd(op, out); + return (ip == ip_end ? LZO_E_OK : + (ip < ip_end ? LZO_E_INPUT_NOT_CONSUMED : LZO_E_INPUT_OVERRUN)); +@@ -4052,10 +5529,13 @@ lookbehind_overrun: + + #undef TEST_IP + #undef TEST_OP ++#undef TEST_IP_AND_TEST_OP + #undef TEST_LB + #undef TEST_LBO + #undef NEED_IP + #undef NEED_OP ++#undef TEST_IV ++#undef TEST_OV + #undef HAVE_TEST_IP + #undef HAVE_TEST_OP + #undef HAVE_NEED_IP +@@ -4070,6 +5550,7 @@ lookbehind_overrun: + # if (LZO_TEST_OVERRUN_INPUT >= 2) + # define NEED_IP(x) \ + if ((lzo_uint)(ip_end - ip) < (lzo_uint)(x)) goto input_overrun ++# define TEST_IV(x) if ((x) > (lzo_uint)0 - (511)) goto input_overrun + # endif + #endif + +@@ -4081,12 +5562,13 @@ lookbehind_overrun: + # undef TEST_OP + # define NEED_OP(x) \ + if ((lzo_uint)(op_end - op) < (lzo_uint)(x)) goto output_overrun ++# define TEST_OV(x) if ((x) > (lzo_uint)0 - (511)) goto output_overrun + # endif + #endif + + #if defined(LZO_TEST_OVERRUN_LOOKBEHIND) +-# define TEST_LB(m_pos) if (m_pos < out || m_pos >= op) goto lookbehind_overrun +-# define TEST_LBO(m_pos,o) if (m_pos < out || m_pos >= op - (o)) goto lookbehind_overrun ++# define TEST_LB(m_pos) if (PTR_LT(m_pos,out) || PTR_GE(m_pos,op)) goto lookbehind_overrun ++# define TEST_LBO(m_pos,o) if (PTR_LT(m_pos,out) || PTR_GE(m_pos,op-(o))) goto lookbehind_overrun + #else + # define TEST_LB(m_pos) ((void) 0) + # define TEST_LBO(m_pos,o) ((void) 0) +@@ -4107,15 +5589,27 @@ lookbehind_overrun: + # define TEST_OP 1 + #endif + ++#if defined(HAVE_TEST_IP) && defined(HAVE_TEST_OP) ++# define TEST_IP_AND_TEST_OP (TEST_IP && TEST_OP) ++#elif defined(HAVE_TEST_IP) ++# define TEST_IP_AND_TEST_OP TEST_IP ++#elif defined(HAVE_TEST_OP) ++# define TEST_IP_AND_TEST_OP TEST_OP ++#else ++# define TEST_IP_AND_TEST_OP 1 ++#endif ++ + #if defined(NEED_IP) + # define HAVE_NEED_IP 1 + #else + # define NEED_IP(x) ((void) 0) ++# define TEST_IV(x) ((void) 0) + #endif + #if defined(NEED_OP) + # define HAVE_NEED_OP 1 + #else + # define NEED_OP(x) ((void) 0) ++# define TEST_OV(x) ((void) 0) + #endif + + #if defined(HAVE_TEST_IP) || defined(HAVE_NEED_IP) +@@ -4132,14 +5626,14 @@ DO_DECOMPRESS ( const lzo_bytep in , lzo_uint in_len, + lzo_voidp wrkmem ) + #endif + { +- register lzo_bytep op; +- register const lzo_bytep ip; +- register lzo_uint t; ++ lzo_bytep op; ++ const lzo_bytep ip; ++ lzo_uint t; + #if defined(COPY_DICT) + lzo_uint m_off; + const lzo_bytep dict_end; + #else +- register const lzo_bytep m_pos; ++ const lzo_bytep m_pos; + #endif + + const lzo_bytep const ip_end = in + in_len; +@@ -4174,43 +5668,45 @@ DO_DECOMPRESS ( const lzo_bytep in , lzo_uint in_len, + op = out; + ip = in; + ++ NEED_IP(1); + if (*ip > 17) + { + t = *ip++ - 17; + if (t < 4) + goto match_next; +- assert(t > 0); NEED_OP(t); NEED_IP(t+1); ++ assert(t > 0); NEED_OP(t); NEED_IP(t+3); + do *op++ = *ip++; while (--t > 0); + goto first_literal_run; + } + +- while (TEST_IP && TEST_OP) ++ for (;;) + { ++ NEED_IP(3); + t = *ip++; + if (t >= 16) + goto match; + if (t == 0) + { +- NEED_IP(1); + while (*ip == 0) + { + t += 255; + ip++; ++ TEST_IV(t); + NEED_IP(1); + } + t += 15 + *ip++; + } +- assert(t > 0); NEED_OP(t+3); NEED_IP(t+4); +-#if defined(LZO_UNALIGNED_OK_8) && defined(LZO_UNALIGNED_OK_4) ++ assert(t > 0); NEED_OP(t+3); NEED_IP(t+6); ++#if (LZO_OPT_UNALIGNED64) && (LZO_OPT_UNALIGNED32) + t += 3; + if (t >= 8) do + { +- UA_COPY64(op,ip); ++ UA_COPY8(op,ip); + op += 8; ip += 8; t -= 8; + } while (t >= 8); + if (t >= 4) + { +- UA_COPY32(op,ip); ++ UA_COPY4(op,ip); + op += 4; ip += 4; t -= 4; + } + if (t > 0) +@@ -4218,19 +5714,19 @@ DO_DECOMPRESS ( const lzo_bytep in , lzo_uint in_len, + *op++ = *ip++; + if (t > 1) { *op++ = *ip++; if (t > 2) { *op++ = *ip++; } } + } +-#elif defined(LZO_UNALIGNED_OK_4) || defined(LZO_ALIGNED_OK_4) +-#if !defined(LZO_UNALIGNED_OK_4) ++#elif (LZO_OPT_UNALIGNED32) || (LZO_ALIGNED_OK_4) ++#if !(LZO_OPT_UNALIGNED32) + if (PTR_ALIGNED2_4(op,ip)) + { + #endif +- UA_COPY32(op,ip); ++ UA_COPY4(op,ip); + op += 4; ip += 4; + if (--t > 0) + { + if (t >= 4) + { + do { +- UA_COPY32(op,ip); ++ UA_COPY4(op,ip); + op += 4; ip += 4; t -= 4; + } while (t >= 4); + if (t > 0) do *op++ = *ip++; while (--t > 0); +@@ -4238,12 +5734,12 @@ DO_DECOMPRESS ( const lzo_bytep in , lzo_uint in_len, + else + do *op++ = *ip++; while (--t > 0); + } +-#if !defined(LZO_UNALIGNED_OK_4) ++#if !(LZO_OPT_UNALIGNED32) + } + else + #endif + #endif +-#if !defined(LZO_UNALIGNED_OK_4) && !defined(LZO_UNALIGNED_OK_8) ++#if !(LZO_OPT_UNALIGNED32) + { + *op++ = *ip++; *op++ = *ip++; *op++ = *ip++; + do *op++ = *ip++; while (--t > 0); +@@ -4279,7 +5775,7 @@ first_literal_run: + #endif + goto match_done; + +- do { ++ for (;;) { + match: + if (t >= 64) + { +@@ -4339,14 +5835,15 @@ match: + t &= 31; + if (t == 0) + { +- NEED_IP(1); + while (*ip == 0) + { + t += 255; + ip++; ++ TEST_OV(t); + NEED_IP(1); + } + t += 31 + *ip++; ++ NEED_IP(2); + } + #if defined(COPY_DICT) + #if defined(LZO1Z) +@@ -4362,9 +5859,9 @@ match: + m_pos = op - off; + last_m_off = off; + } +-#elif defined(LZO_UNALIGNED_OK_2) && defined(LZO_ABI_LITTLE_ENDIAN) ++#elif (LZO_OPT_UNALIGNED16) && (LZO_ABI_LITTLE_ENDIAN) + m_pos = op - 1; +- m_pos -= UA_GET16(ip) >> 2; ++ m_pos -= UA_GET_LE16(ip) >> 2; + #else + m_pos = op - 1; + m_pos -= (ip[0] >> 2) + (ip[1] << 6); +@@ -4383,14 +5880,15 @@ match: + t &= 7; + if (t == 0) + { +- NEED_IP(1); + while (*ip == 0) + { + t += 255; + ip++; ++ TEST_OV(t); + NEED_IP(1); + } + t += 7 + *ip++; ++ NEED_IP(2); + } + #if defined(COPY_DICT) + #if defined(LZO1Z) +@@ -4408,8 +5906,8 @@ match: + #else + #if defined(LZO1Z) + m_pos -= (ip[0] << 6) + (ip[1] >> 2); +-#elif defined(LZO_UNALIGNED_OK_2) && defined(LZO_ABI_LITTLE_ENDIAN) +- m_pos -= UA_GET16(ip) >> 2; ++#elif (LZO_OPT_UNALIGNED16) && (LZO_ABI_LITTLE_ENDIAN) ++ m_pos -= UA_GET_LE16(ip) >> 2; + #else + m_pos -= (ip[0] >> 2) + (ip[1] << 6); + #endif +@@ -4457,18 +5955,18 @@ match: + #else + + TEST_LB(m_pos); assert(t > 0); NEED_OP(t+3-1); +-#if defined(LZO_UNALIGNED_OK_8) && defined(LZO_UNALIGNED_OK_4) ++#if (LZO_OPT_UNALIGNED64) && (LZO_OPT_UNALIGNED32) + if (op - m_pos >= 8) + { + t += (3 - 1); + if (t >= 8) do + { +- UA_COPY64(op,m_pos); ++ UA_COPY8(op,m_pos); + op += 8; m_pos += 8; t -= 8; + } while (t >= 8); + if (t >= 4) + { +- UA_COPY32(op,m_pos); ++ UA_COPY4(op,m_pos); + op += 4; m_pos += 4; t -= 4; + } + if (t > 0) +@@ -4478,8 +5976,8 @@ match: + } + } + else +-#elif defined(LZO_UNALIGNED_OK_4) || defined(LZO_ALIGNED_OK_4) +-#if !defined(LZO_UNALIGNED_OK_4) ++#elif (LZO_OPT_UNALIGNED32) || (LZO_ALIGNED_OK_4) ++#if !(LZO_OPT_UNALIGNED32) + if (t >= 2 * 4 - (3 - 1) && PTR_ALIGNED2_4(op,m_pos)) + { + assert((op - m_pos) >= 4); +@@ -4487,10 +5985,10 @@ match: + if (t >= 2 * 4 - (3 - 1) && (op - m_pos) >= 4) + { + #endif +- UA_COPY32(op,m_pos); ++ UA_COPY4(op,m_pos); + op += 4; m_pos += 4; t -= 4 - (3 - 1); + do { +- UA_COPY32(op,m_pos); ++ UA_COPY4(op,m_pos); + op += 4; m_pos += 4; t -= 4; + } while (t >= 4); + if (t > 0) do *op++ = *m_pos++; while (--t > 0); +@@ -4515,7 +6013,7 @@ match_done: + break; + + match_next: +- assert(t > 0); assert(t < 4); NEED_OP(t); NEED_IP(t+1); ++ assert(t > 0); assert(t < 4); NEED_OP(t); NEED_IP(t+3); + #if 0 + do *op++ = *ip++; while (--t > 0); + #else +@@ -4523,16 +6021,10 @@ match_next: + if (t > 1) { *op++ = *ip++; if (t > 2) { *op++ = *ip++; } } + #endif + t = *ip++; +- } while (TEST_IP && TEST_OP); ++ } + } + +-#if defined(HAVE_TEST_IP) || defined(HAVE_TEST_OP) +- *out_len = pd(op, out); +- return LZO_E_EOF_NOT_FOUND; +-#endif +- + eof_found: +- assert(t == 1); + *out_len = pd(op, out); + return (ip == ip_end ? LZO_E_OK : + (ip < ip_end ? LZO_E_INPUT_NOT_CONSUMED : LZO_E_INPUT_OVERRUN)); +@@ -4559,4 +6051,3 @@ lookbehind_overrun: + #endif + + /***** End of minilzo.c *****/ +- +diff --git a/grub-core/lib/minilzo/lzoconf.h b/grub-core/lib/minilzo/lzoconf.h +index 1d0fe14fc..61be29c5d 100644 +--- a/grub-core/lib/minilzo/lzoconf.h ++++ b/grub-core/lib/minilzo/lzoconf.h +@@ -2,22 +2,7 @@ + + This file is part of the LZO real-time data compression library. + +- Copyright (C) 2011 Markus Franz Xaver Johannes Oberhumer +- Copyright (C) 2010 Markus Franz Xaver Johannes Oberhumer +- Copyright (C) 2009 Markus Franz Xaver Johannes Oberhumer +- Copyright (C) 2008 Markus Franz Xaver Johannes Oberhumer +- Copyright (C) 2007 Markus Franz Xaver Johannes Oberhumer +- Copyright (C) 2006 Markus Franz Xaver Johannes Oberhumer +- Copyright (C) 2005 Markus Franz Xaver Johannes Oberhumer +- Copyright (C) 2004 Markus Franz Xaver Johannes Oberhumer +- Copyright (C) 2003 Markus Franz Xaver Johannes Oberhumer +- Copyright (C) 2002 Markus Franz Xaver Johannes Oberhumer +- Copyright (C) 2001 Markus Franz Xaver Johannes Oberhumer +- Copyright (C) 2000 Markus Franz Xaver Johannes Oberhumer +- Copyright (C) 1999 Markus Franz Xaver Johannes Oberhumer +- Copyright (C) 1998 Markus Franz Xaver Johannes Oberhumer +- Copyright (C) 1997 Markus Franz Xaver Johannes Oberhumer +- Copyright (C) 1996 Markus Franz Xaver Johannes Oberhumer ++ Copyright (C) 1996-2014 Markus Franz Xaver Johannes Oberhumer + All Rights Reserved. + + The LZO library is free software; you can redistribute it and/or +@@ -44,9 +29,9 @@ + #ifndef __LZOCONF_H_INCLUDED + #define __LZOCONF_H_INCLUDED 1 + +-#define LZO_VERSION 0x2050 +-#define LZO_VERSION_STRING "2.05" +-#define LZO_VERSION_DATE "Apr 23 2011" ++#define LZO_VERSION 0x2080 ++#define LZO_VERSION_STRING "2.08" ++#define LZO_VERSION_DATE "Jun 29 2014" + + /* internal Autoconf configuration file - only used when building LZO */ + #if defined(LZO_HAVE_CONFIG_H) +@@ -63,7 +48,7 @@ + #if !defined(CHAR_BIT) || (CHAR_BIT != 8) + # error "invalid CHAR_BIT" + #endif +-#if !defined(UCHAR_MAX) || !defined(UINT_MAX) || !defined(ULONG_MAX) ++#if !defined(UCHAR_MAX) || !defined(USHRT_MAX) || !defined(UINT_MAX) || !defined(ULONG_MAX) + # error "check your compiler installation" + #endif + #if (USHRT_MAX < 1) || (UINT_MAX < 1) || (ULONG_MAX < 1) +@@ -85,14 +70,6 @@ extern "C" { + // some core defines + ************************************************************************/ + +-#if !defined(LZO_UINT32_C) +-# if (UINT_MAX < LZO_0xffffffffL) +-# define LZO_UINT32_C(c) c ## UL +-# else +-# define LZO_UINT32_C(c) ((c) + 0U) +-# endif +-#endif +- + /* memory checkers */ + #if !defined(__LZO_CHECKER) + # if defined(__BOUNDS_CHECKING_ON) +@@ -111,28 +88,31 @@ extern "C" { + // integral and pointer types + ************************************************************************/ + +-/* lzo_uint should match size_t */ ++/* lzo_uint must match size_t */ + #if !defined(LZO_UINT_MAX) +-# if defined(LZO_ABI_LLP64) /* WIN64 */ +-# if defined(LZO_OS_WIN64) ++# if (LZO_ABI_LLP64) ++# if (LZO_OS_WIN64) + typedef unsigned __int64 lzo_uint; + typedef __int64 lzo_int; + # else +- typedef unsigned long long lzo_uint; +- typedef long long lzo_int; ++ typedef lzo_ullong_t lzo_uint; ++ typedef lzo_llong_t lzo_int; + # endif ++# define LZO_SIZEOF_LZO_UINT 8 + # define LZO_UINT_MAX 0xffffffffffffffffull + # define LZO_INT_MAX 9223372036854775807LL + # define LZO_INT_MIN (-1LL - LZO_INT_MAX) +-# elif defined(LZO_ABI_IP32L64) /* MIPS R5900 */ ++# elif (LZO_ABI_IP32L64) /* MIPS R5900 */ + typedef unsigned int lzo_uint; + typedef int lzo_int; ++# define LZO_SIZEOF_LZO_UINT LZO_SIZEOF_INT + # define LZO_UINT_MAX UINT_MAX + # define LZO_INT_MAX INT_MAX + # define LZO_INT_MIN INT_MIN + # elif (ULONG_MAX >= LZO_0xffffffffL) + typedef unsigned long lzo_uint; + typedef long lzo_int; ++# define LZO_SIZEOF_LZO_UINT LZO_SIZEOF_LONG + # define LZO_UINT_MAX ULONG_MAX + # define LZO_INT_MAX LONG_MAX + # define LZO_INT_MIN LONG_MIN +@@ -141,63 +121,22 @@ extern "C" { + # endif + #endif + +-/* Integral types with 32 bits or more. */ +-#if !defined(LZO_UINT32_MAX) +-# if (UINT_MAX >= LZO_0xffffffffL) +- typedef unsigned int lzo_uint32; +- typedef int lzo_int32; +-# define LZO_UINT32_MAX UINT_MAX +-# define LZO_INT32_MAX INT_MAX +-# define LZO_INT32_MIN INT_MIN +-# elif (ULONG_MAX >= LZO_0xffffffffL) +- typedef unsigned long lzo_uint32; +- typedef long lzo_int32; +-# define LZO_UINT32_MAX ULONG_MAX +-# define LZO_INT32_MAX LONG_MAX +-# define LZO_INT32_MIN LONG_MIN +-# else +-# error "lzo_uint32" +-# endif +-#endif +- +-/* Integral types with exactly 64 bits. */ +-#if !defined(LZO_UINT64_MAX) +-# if (LZO_UINT_MAX >= LZO_0xffffffffL) +-# if ((((LZO_UINT_MAX) >> 31) >> 31) == 3) +-# define lzo_uint64 lzo_uint +-# define lzo_int64 lzo_int +-# define LZO_UINT64_MAX LZO_UINT_MAX +-# define LZO_INT64_MAX LZO_INT_MAX +-# define LZO_INT64_MIN LZO_INT_MIN +-# endif +-# elif (ULONG_MAX >= LZO_0xffffffffL) +-# if ((((ULONG_MAX) >> 31) >> 31) == 3) +- typedef unsigned long lzo_uint64; +- typedef long lzo_int64; +-# define LZO_UINT64_MAX ULONG_MAX +-# define LZO_INT64_MAX LONG_MAX +-# define LZO_INT64_MIN LONG_MIN +-# endif +-# endif +-#endif +- +-/* The larger type of lzo_uint and lzo_uint32. */ +-#if (LZO_UINT_MAX >= LZO_UINT32_MAX) ++/* The larger type of lzo_uint and lzo_uint32_t. */ ++#if (LZO_SIZEOF_LZO_UINT >= 4) + # define lzo_xint lzo_uint + #else +-# define lzo_xint lzo_uint32 ++# define lzo_xint lzo_uint32_t + #endif + +-/* Memory model that allows to access memory at offsets of lzo_uint. */ +-#if !defined(__LZO_MMODEL) +-# if (LZO_UINT_MAX <= UINT_MAX) +-# define __LZO_MMODEL /*empty*/ +-# elif defined(LZO_HAVE_MM_HUGE_PTR) +-# define __LZO_MMODEL_HUGE 1 +-# define __LZO_MMODEL __huge +-# else +-# define __LZO_MMODEL /*empty*/ +-# endif ++typedef int lzo_bool; ++ ++/* sanity checks */ ++LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_uint) == LZO_SIZEOF_LZO_UINT) ++LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_xint) >= sizeof(lzo_uint)) ++LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_xint) >= sizeof(lzo_uint32_t)) ++ ++#ifndef __LZO_MMODEL ++#define __LZO_MMODEL /*empty*/ + #endif + + /* no typedef here because of const-pointer issues */ +@@ -206,21 +145,52 @@ extern "C" { + #define lzo_voidp void __LZO_MMODEL * + #define lzo_shortp short __LZO_MMODEL * + #define lzo_ushortp unsigned short __LZO_MMODEL * +-#define lzo_uint32p lzo_uint32 __LZO_MMODEL * +-#define lzo_int32p lzo_int32 __LZO_MMODEL * +-#if defined(LZO_UINT64_MAX) +-#define lzo_uint64p lzo_uint64 __LZO_MMODEL * +-#define lzo_int64p lzo_int64 __LZO_MMODEL * +-#endif +-#define lzo_uintp lzo_uint __LZO_MMODEL * + #define lzo_intp lzo_int __LZO_MMODEL * ++#define lzo_uintp lzo_uint __LZO_MMODEL * + #define lzo_xintp lzo_xint __LZO_MMODEL * + #define lzo_voidpp lzo_voidp __LZO_MMODEL * + #define lzo_bytepp lzo_bytep __LZO_MMODEL * +-/* deprecated - use 'lzo_bytep' instead of 'lzo_byte *' */ +-#define lzo_byte unsigned char __LZO_MMODEL + +-typedef int lzo_bool; ++#define lzo_int8_tp lzo_int8_t __LZO_MMODEL * ++#define lzo_uint8_tp lzo_uint8_t __LZO_MMODEL * ++#define lzo_int16_tp lzo_int16_t __LZO_MMODEL * ++#define lzo_uint16_tp lzo_uint16_t __LZO_MMODEL * ++#define lzo_int32_tp lzo_int32_t __LZO_MMODEL * ++#define lzo_uint32_tp lzo_uint32_t __LZO_MMODEL * ++#if defined(lzo_int64_t) ++#define lzo_int64_tp lzo_int64_t __LZO_MMODEL * ++#define lzo_uint64_tp lzo_uint64_t __LZO_MMODEL * ++#endif ++ ++/* Older LZO versions used to support ancient systems and memory models ++ * like 16-bit MSDOS with __huge pointers and Cray PVP, but these ++ * obsolete configurations are not supported any longer. ++ */ ++#if defined(__LZO_MMODEL_HUGE) ++#error "__LZO_MMODEL_HUGE is unsupported" ++#endif ++#if (LZO_MM_PVP) ++#error "LZO_MM_PVP is unsupported" ++#endif ++#if (LZO_SIZEOF_INT < 4) ++#error "LZO_SIZEOF_INT < 4 is unsupported" ++#endif ++#if (__LZO_UINTPTR_T_IS_POINTER) ++#error "__LZO_UINTPTR_T_IS_POINTER is unsupported" ++#endif ++LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(int) >= 4) ++LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_uint) >= 4) ++/* Strange configurations where sizeof(lzo_uint) != sizeof(size_t) should ++ * work but have not received much testing lately, so be strict here. ++ */ ++LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_uint) == sizeof(size_t)) ++LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_uint) == sizeof(ptrdiff_t)) ++LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_uint) == sizeof(lzo_uintptr_t)) ++LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(void *) == sizeof(lzo_uintptr_t)) ++LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(char *) == sizeof(lzo_uintptr_t)) ++LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(long *) == sizeof(lzo_uintptr_t)) ++LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(void *) == sizeof(lzo_voidp)) ++LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(char *) == sizeof(lzo_bytep)) + + + /*********************************************************************** +@@ -315,7 +285,7 @@ struct lzo_callback_t + /* a progress indicator callback function (set to 0 to disable) */ + lzo_progress_func_t nprogress; + +- /* NOTE: the first parameter "self" of the nalloc/nfree/nprogress ++ /* INFO: the first parameter "self" of the nalloc/nfree/nprogress + * callbacks points back to this struct, so you are free to store + * some extra info in the following variables. */ + lzo_voidp user1; +@@ -343,6 +313,9 @@ struct lzo_callback_t + #define LZO_E_INPUT_NOT_CONSUMED (-8) + #define LZO_E_NOT_YET_IMPLEMENTED (-9) /* [not used right now] */ + #define LZO_E_INVALID_ARGUMENT (-10) ++#define LZO_E_INVALID_ALIGNMENT (-11) /* pointer argument is not properly aligned */ ++#define LZO_E_OUTPUT_NOT_CONSUMED (-12) ++#define LZO_E_INTERNAL_ERROR (-99) + + + #ifndef lzo_sizeof_dict_t +@@ -356,7 +329,7 @@ struct lzo_callback_t + * compiler's view of various types are consistent. + */ + #define lzo_init() __lzo_init_v2(LZO_VERSION,(int)sizeof(short),(int)sizeof(int),\ +- (int)sizeof(long),(int)sizeof(lzo_uint32),(int)sizeof(lzo_uint),\ ++ (int)sizeof(long),(int)sizeof(lzo_uint32_t),(int)sizeof(lzo_uint),\ + (int)lzo_sizeof_dict_t,(int)sizeof(char *),(int)sizeof(lzo_voidp),\ + (int)sizeof(lzo_callback_t)) + LZO_EXTERN(int) __lzo_init_v2(unsigned,int,int,int,int,int,int,int,int,int); +@@ -379,18 +352,22 @@ LZO_EXTERN(lzo_voidp) + lzo_memset(lzo_voidp buf, int c, lzo_uint len); + + /* checksum functions */ +-LZO_EXTERN(lzo_uint32) +- lzo_adler32(lzo_uint32 c, const lzo_bytep buf, lzo_uint len); +-LZO_EXTERN(lzo_uint32) +- lzo_crc32(lzo_uint32 c, const lzo_bytep buf, lzo_uint len); +-LZO_EXTERN(const lzo_uint32p) ++LZO_EXTERN(lzo_uint32_t) ++ lzo_adler32(lzo_uint32_t c, const lzo_bytep buf, lzo_uint len); ++LZO_EXTERN(lzo_uint32_t) ++ lzo_crc32(lzo_uint32_t c, const lzo_bytep buf, lzo_uint len); ++LZO_EXTERN(const lzo_uint32_tp) + lzo_get_crc32_table(void); + + /* misc. */ + LZO_EXTERN(int) _lzo_config_check(void); +-typedef union { lzo_bytep p; lzo_uint u; } __lzo_pu_u; +-typedef union { lzo_bytep p; lzo_uint32 u32; } __lzo_pu32_u; +-typedef union { void *vp; lzo_bytep bp; lzo_uint u; lzo_uint32 u32; unsigned long l; } lzo_align_t; ++typedef union { ++ lzo_voidp a00; lzo_bytep a01; lzo_uint a02; lzo_xint a03; lzo_uintptr_t a04; ++ void *a05; unsigned char *a06; unsigned long a07; size_t a08; ptrdiff_t a09; ++#if defined(lzo_int64_t) ++ lzo_uint64_t a10; ++#endif ++} lzo_align_t; + + /* align a char pointer on a boundary that is a multiple of 'size' */ + LZO_EXTERN(unsigned) __lzo_align_gap(const lzo_voidp p, lzo_uint size); +@@ -399,9 +376,30 @@ LZO_EXTERN(unsigned) __lzo_align_gap(const lzo_voidp p, lzo_uint size); + + + /*********************************************************************** +-// deprecated macros - only for backward compatibility with LZO v1.xx ++// deprecated macros - only for backward compatibility + ************************************************************************/ + ++/* deprecated - use 'lzo_bytep' instead of 'lzo_byte *' */ ++#define lzo_byte unsigned char ++/* deprecated type names */ ++#define lzo_int32 lzo_int32_t ++#define lzo_uint32 lzo_uint32_t ++#define lzo_int32p lzo_int32_t __LZO_MMODEL * ++#define lzo_uint32p lzo_uint32_t __LZO_MMODEL * ++#define LZO_INT32_MAX LZO_INT32_C(2147483647) ++#define LZO_UINT32_MAX LZO_UINT32_C(4294967295) ++#if defined(lzo_int64_t) ++#define lzo_int64 lzo_int64_t ++#define lzo_uint64 lzo_uint64_t ++#define lzo_int64p lzo_int64_t __LZO_MMODEL * ++#define lzo_uint64p lzo_uint64_t __LZO_MMODEL * ++#define LZO_INT64_MAX LZO_INT64_C(9223372036854775807) ++#define LZO_UINT64_MAX LZO_UINT64_C(18446744073709551615) ++#endif ++/* deprecated types */ ++typedef union { lzo_bytep a; lzo_uint b; } __lzo_pu_u; ++typedef union { lzo_bytep a; lzo_uint32_t b; } __lzo_pu32_u; ++ + #if defined(LZO_CFG_COMPAT) + + #define __LZOCONF_H 1 +@@ -443,4 +441,4 @@ LZO_EXTERN(unsigned) __lzo_align_gap(const lzo_voidp p, lzo_uint size); + #endif /* already included */ + + +-/* vim:set ts=4 et: */ ++/* vim:set ts=4 sw=4 et: */ +diff --git a/grub-core/lib/minilzo/lzodefs.h b/grub-core/lib/minilzo/lzodefs.h +index 0e40e332a..f4ae9487e 100644 +--- a/grub-core/lib/minilzo/lzodefs.h ++++ b/grub-core/lib/minilzo/lzodefs.h +@@ -2,22 +2,7 @@ + + This file is part of the LZO real-time data compression library. + +- Copyright (C) 2011 Markus Franz Xaver Johannes Oberhumer +- Copyright (C) 2010 Markus Franz Xaver Johannes Oberhumer +- Copyright (C) 2009 Markus Franz Xaver Johannes Oberhumer +- Copyright (C) 2008 Markus Franz Xaver Johannes Oberhumer +- Copyright (C) 2007 Markus Franz Xaver Johannes Oberhumer +- Copyright (C) 2006 Markus Franz Xaver Johannes Oberhumer +- Copyright (C) 2005 Markus Franz Xaver Johannes Oberhumer +- Copyright (C) 2004 Markus Franz Xaver Johannes Oberhumer +- Copyright (C) 2003 Markus Franz Xaver Johannes Oberhumer +- Copyright (C) 2002 Markus Franz Xaver Johannes Oberhumer +- Copyright (C) 2001 Markus Franz Xaver Johannes Oberhumer +- Copyright (C) 2000 Markus Franz Xaver Johannes Oberhumer +- Copyright (C) 1999 Markus Franz Xaver Johannes Oberhumer +- Copyright (C) 1998 Markus Franz Xaver Johannes Oberhumer +- Copyright (C) 1997 Markus Franz Xaver Johannes Oberhumer +- Copyright (C) 1996 Markus Franz Xaver Johannes Oberhumer ++ Copyright (C) 1996-2014 Markus Franz Xaver Johannes Oberhumer + All Rights Reserved. + + The LZO library is free software; you can redistribute it and/or +@@ -47,12 +32,6 @@ + #if defined(__CYGWIN32__) && !defined(__CYGWIN__) + # define __CYGWIN__ __CYGWIN32__ + #endif +-#if defined(__IBMCPP__) && !defined(__IBMC__) +-# define __IBMC__ __IBMCPP__ +-#endif +-#if defined(__ICL) && defined(_WIN32) && !defined(__INTEL_COMPILER) +-# define __INTEL_COMPILER __ICL +-#endif + #if 1 && defined(__INTERIX) && defined(__GNUC__) && !defined(_ALL_SOURCE) + # define _ALL_SOURCE 1 + #endif +@@ -61,19 +40,30 @@ + # define __LONG_MAX__ 9223372036854775807L + # endif + #endif +-#if defined(__INTEL_COMPILER) && defined(__linux__) ++#if !defined(LZO_CFG_NO_DISABLE_WUNDEF) ++#if defined(__ARMCC_VERSION) ++# pragma diag_suppress 193 ++#elif defined(__clang__) && defined(__clang_minor__) ++# pragma clang diagnostic ignored "-Wundef" ++#elif defined(__INTEL_COMPILER) + # pragma warning(disable: 193) +-#endif +-#if defined(__KEIL__) && defined(__C166__) ++#elif defined(__KEIL__) && defined(__C166__) + # pragma warning disable = 322 +-#elif 0 && defined(__C251__) +-# pragma warning disable = 322 +-#endif +-#if defined(_MSC_VER) && !defined(__INTEL_COMPILER) && !defined(__MWERKS__) +-# if (_MSC_VER >= 1300) ++#elif defined(__GNUC__) && defined(__GNUC_MINOR__) && !defined(__PATHSCALE__) ++# if ((__GNUC__-0) >= 5 || ((__GNUC__-0) == 4 && (__GNUC_MINOR__-0) >= 2)) ++# pragma GCC diagnostic ignored "-Wundef" ++# endif ++#elif defined(_MSC_VER) && !defined(__clang__) && !defined(__INTEL_COMPILER) && !defined(__MWERKS__) ++# if ((_MSC_VER-0) >= 1300) + # pragma warning(disable: 4668) + # endif + #endif ++#endif ++#if 0 && defined(__POCC__) && defined(_WIN32) ++# if (__POCC__ >= 400) ++# pragma warn(disable: 2216) ++# endif ++#endif + #if 0 && defined(__WATCOMC__) + # if (__WATCOMC__ >= 1050) && (__WATCOMC__ < 1060) + # pragma warning 203 9 +@@ -82,13 +72,29 @@ + #if defined(__BORLANDC__) && defined(__MSDOS__) && !defined(__FLAT__) + # pragma option -h + #endif ++#if !(LZO_CFG_NO_DISABLE_WCRTNONSTDC) ++#ifndef _CRT_NONSTDC_NO_DEPRECATE ++#define _CRT_NONSTDC_NO_DEPRECATE 1 ++#endif ++#ifndef _CRT_NONSTDC_NO_WARNINGS ++#define _CRT_NONSTDC_NO_WARNINGS 1 ++#endif ++#ifndef _CRT_SECURE_NO_DEPRECATE ++#define _CRT_SECURE_NO_DEPRECATE 1 ++#endif ++#ifndef _CRT_SECURE_NO_WARNINGS ++#define _CRT_SECURE_NO_WARNINGS 1 ++#endif ++#endif + #if 0 +-#define LZO_0xffffL 0xfffful +-#define LZO_0xffffffffL 0xfffffffful ++#define LZO_0xffffUL 0xfffful ++#define LZO_0xffffffffUL 0xfffffffful + #else +-#define LZO_0xffffL 65535ul +-#define LZO_0xffffffffL 4294967295ul ++#define LZO_0xffffUL 65535ul ++#define LZO_0xffffffffUL 4294967295ul + #endif ++#define LZO_0xffffL LZO_0xffffUL ++#define LZO_0xffffffffL LZO_0xffffffffUL + #if (LZO_0xffffL == LZO_0xffffffffL) + # error "your preprocessor is broken 1" + #endif +@@ -103,6 +109,13 @@ + # error "your preprocessor is broken 4" + #endif + #endif ++#if defined(__COUNTER__) ++# ifndef LZO_CFG_USE_COUNTER ++# define LZO_CFG_USE_COUNTER 1 ++# endif ++#else ++# undef LZO_CFG_USE_COUNTER ++#endif + #if (UINT_MAX == LZO_0xffffL) + #if defined(__ZTC__) && defined(__I86__) && !defined(__OS2__) + # if !defined(MSDOS) +@@ -233,14 +246,31 @@ + #endif + #define LZO_PP_STRINGIZE(x) #x + #define LZO_PP_MACRO_EXPAND(x) LZO_PP_STRINGIZE(x) ++#define LZO_PP_CONCAT0() /*empty*/ ++#define LZO_PP_CONCAT1(a) a + #define LZO_PP_CONCAT2(a,b) a ## b + #define LZO_PP_CONCAT3(a,b,c) a ## b ## c + #define LZO_PP_CONCAT4(a,b,c,d) a ## b ## c ## d + #define LZO_PP_CONCAT5(a,b,c,d,e) a ## b ## c ## d ## e ++#define LZO_PP_CONCAT6(a,b,c,d,e,f) a ## b ## c ## d ## e ## f ++#define LZO_PP_CONCAT7(a,b,c,d,e,f,g) a ## b ## c ## d ## e ## f ## g ++#define LZO_PP_ECONCAT0() LZO_PP_CONCAT0() ++#define LZO_PP_ECONCAT1(a) LZO_PP_CONCAT1(a) + #define LZO_PP_ECONCAT2(a,b) LZO_PP_CONCAT2(a,b) + #define LZO_PP_ECONCAT3(a,b,c) LZO_PP_CONCAT3(a,b,c) + #define LZO_PP_ECONCAT4(a,b,c,d) LZO_PP_CONCAT4(a,b,c,d) + #define LZO_PP_ECONCAT5(a,b,c,d,e) LZO_PP_CONCAT5(a,b,c,d,e) ++#define LZO_PP_ECONCAT6(a,b,c,d,e,f) LZO_PP_CONCAT6(a,b,c,d,e,f) ++#define LZO_PP_ECONCAT7(a,b,c,d,e,f,g) LZO_PP_CONCAT7(a,b,c,d,e,f,g) ++#define LZO_PP_EMPTY /*empty*/ ++#define LZO_PP_EMPTY0() /*empty*/ ++#define LZO_PP_EMPTY1(a) /*empty*/ ++#define LZO_PP_EMPTY2(a,b) /*empty*/ ++#define LZO_PP_EMPTY3(a,b,c) /*empty*/ ++#define LZO_PP_EMPTY4(a,b,c,d) /*empty*/ ++#define LZO_PP_EMPTY5(a,b,c,d,e) /*empty*/ ++#define LZO_PP_EMPTY6(a,b,c,d,e,f) /*empty*/ ++#define LZO_PP_EMPTY7(a,b,c,d,e,f,g) /*empty*/ + #if 1 + #define LZO_CPP_STRINGIZE(x) #x + #define LZO_CPP_MACRO_EXPAND(x) LZO_CPP_STRINGIZE(x) +@@ -248,12 +278,16 @@ + #define LZO_CPP_CONCAT3(a,b,c) a ## b ## c + #define LZO_CPP_CONCAT4(a,b,c,d) a ## b ## c ## d + #define LZO_CPP_CONCAT5(a,b,c,d,e) a ## b ## c ## d ## e ++#define LZO_CPP_CONCAT6(a,b,c,d,e,f) a ## b ## c ## d ## e ## f ++#define LZO_CPP_CONCAT7(a,b,c,d,e,f,g) a ## b ## c ## d ## e ## f ## g + #define LZO_CPP_ECONCAT2(a,b) LZO_CPP_CONCAT2(a,b) + #define LZO_CPP_ECONCAT3(a,b,c) LZO_CPP_CONCAT3(a,b,c) + #define LZO_CPP_ECONCAT4(a,b,c,d) LZO_CPP_CONCAT4(a,b,c,d) + #define LZO_CPP_ECONCAT5(a,b,c,d,e) LZO_CPP_CONCAT5(a,b,c,d,e) ++#define LZO_CPP_ECONCAT6(a,b,c,d,e,f) LZO_CPP_CONCAT6(a,b,c,d,e,f) ++#define LZO_CPP_ECONCAT7(a,b,c,d,e,f,g) LZO_CPP_CONCAT7(a,b,c,d,e,f,g) + #endif +-#define __LZO_MASK_GEN(o,b) (((((o) << ((b)-1)) - (o)) << 1) + (o)) ++#define __LZO_MASK_GEN(o,b) (((((o) << ((b)-!!(b))) - (o)) << 1) + (o)*!!(b)) + #if 1 && defined(__cplusplus) + # if !defined(__STDC_CONSTANT_MACROS) + # define __STDC_CONSTANT_MACROS 1 +@@ -263,9 +297,13 @@ + # endif + #endif + #if defined(__cplusplus) +-# define LZO_EXTERN_C extern "C" ++# define LZO_EXTERN_C extern "C" ++# define LZO_EXTERN_C_BEGIN extern "C" { ++# define LZO_EXTERN_C_END } + #else +-# define LZO_EXTERN_C extern ++# define LZO_EXTERN_C extern ++# define LZO_EXTERN_C_BEGIN /*empty*/ ++# define LZO_EXTERN_C_END /*empty*/ + #endif + #if !defined(__LZO_OS_OVERRIDE) + #if (LZO_OS_FREESTANDING) +@@ -366,12 +404,12 @@ + #elif defined(__VMS) + # define LZO_OS_VMS 1 + # define LZO_INFO_OS "vms" +-#elif ((defined(__mips__) && defined(__R5900__)) || defined(__MIPS_PSX2__)) ++#elif (defined(__mips__) && defined(__R5900__)) || defined(__MIPS_PSX2__) + # define LZO_OS_CONSOLE 1 + # define LZO_OS_CONSOLE_PS2 1 + # define LZO_INFO_OS "console" + # define LZO_INFO_OS_CONSOLE "ps2" +-#elif (defined(__mips__) && defined(__psp__)) ++#elif defined(__mips__) && defined(__psp__) + # define LZO_OS_CONSOLE 1 + # define LZO_OS_CONSOLE_PSP 1 + # define LZO_INFO_OS "console" +@@ -399,9 +437,18 @@ + # elif defined(__linux__) || defined(__linux) || defined(__LINUX__) + # define LZO_OS_POSIX_LINUX 1 + # define LZO_INFO_OS_POSIX "linux" +-# elif defined(__APPLE__) || defined(__MACOS__) +-# define LZO_OS_POSIX_MACOSX 1 +-# define LZO_INFO_OS_POSIX "macosx" ++# elif defined(__APPLE__) && defined(__MACH__) ++# if ((__ENVIRONMENT_IPHONE_OS_VERSION_MIN_REQUIRED__-0) >= 20000) ++# define LZO_OS_POSIX_DARWIN 1040 ++# define LZO_INFO_OS_POSIX "darwin_iphone" ++# elif ((__ENVIRONMENT_MAC_OS_X_VERSION_MIN_REQUIRED__-0) >= 1040) ++# define LZO_OS_POSIX_DARWIN __ENVIRONMENT_MAC_OS_X_VERSION_MIN_REQUIRED__ ++# define LZO_INFO_OS_POSIX "darwin" ++# else ++# define LZO_OS_POSIX_DARWIN 1 ++# define LZO_INFO_OS_POSIX "darwin" ++# endif ++# define LZO_OS_POSIX_MACOSX LZO_OS_POSIX_DARWIN + # elif defined(__minix__) || defined(__minix) + # define LZO_OS_POSIX_MINIX 1 + # define LZO_INFO_OS_POSIX "minix" +@@ -436,18 +483,18 @@ + #endif + #if (LZO_OS_DOS16 || LZO_OS_OS216 || LZO_OS_WIN16) + # if (UINT_MAX != LZO_0xffffL) +-# error "this should not happen" ++# error "unexpected configuration - check your compiler defines" + # endif + # if (ULONG_MAX != LZO_0xffffffffL) +-# error "this should not happen" ++# error "unexpected configuration - check your compiler defines" + # endif + #endif + #if (LZO_OS_DOS32 || LZO_OS_OS2 || LZO_OS_WIN32 || LZO_OS_WIN64) + # if (UINT_MAX != LZO_0xffffffffL) +-# error "this should not happen" ++# error "unexpected configuration - check your compiler defines" + # endif + # if (ULONG_MAX != LZO_0xffffffffL) +-# error "this should not happen" ++# error "unexpected configuration - check your compiler defines" + # endif + #endif + #if defined(CIL) && defined(_GNUCC) && defined(__GNUC__) +@@ -463,59 +510,65 @@ + # define LZO_INFO_CC "sdcc" + # define LZO_INFO_CCVER LZO_PP_MACRO_EXPAND(SDCC) + #elif defined(__PATHSCALE__) && defined(__PATHCC_PATCHLEVEL__) +-# define LZO_CC_PATHSCALE (__PATHCC__ * 0x10000L + __PATHCC_MINOR__ * 0x100 + __PATHCC_PATCHLEVEL__) ++# define LZO_CC_PATHSCALE (__PATHCC__ * 0x10000L + (__PATHCC_MINOR__-0) * 0x100 + (__PATHCC_PATCHLEVEL__-0)) + # define LZO_INFO_CC "Pathscale C" + # define LZO_INFO_CCVER __PATHSCALE__ +-#elif defined(__INTEL_COMPILER) +-# define LZO_CC_INTELC 1 ++# if defined(__GNUC__) && defined(__GNUC_MINOR__) && defined(__VERSION__) ++# define LZO_CC_PATHSCALE_GNUC (__GNUC__ * 0x10000L + (__GNUC_MINOR__-0) * 0x100 + (__GNUC_PATCHLEVEL__-0)) ++# endif ++#elif defined(__INTEL_COMPILER) && ((__INTEL_COMPILER-0) > 0) ++# define LZO_CC_INTELC __INTEL_COMPILER + # define LZO_INFO_CC "Intel C" + # define LZO_INFO_CCVER LZO_PP_MACRO_EXPAND(__INTEL_COMPILER) +-# if defined(_WIN32) || defined(_WIN64) +-# define LZO_CC_SYNTAX_MSC 1 +-# else +-# define LZO_CC_SYNTAX_GNUC 1 ++# if defined(_MSC_VER) && ((_MSC_VER-0) > 0) ++# define LZO_CC_INTELC_MSC _MSC_VER ++# elif defined(__GNUC__) && defined(__GNUC_MINOR__) && defined(__VERSION__) ++# define LZO_CC_INTELC_GNUC (__GNUC__ * 0x10000L + (__GNUC_MINOR__-0) * 0x100 + (__GNUC_PATCHLEVEL__-0)) + # endif + #elif defined(__POCC__) && defined(_WIN32) + # define LZO_CC_PELLESC 1 + # define LZO_INFO_CC "Pelles C" + # define LZO_INFO_CCVER LZO_PP_MACRO_EXPAND(__POCC__) +-#elif defined(__clang__) && defined(__llvm__) && defined(__GNUC__) && defined(__GNUC_MINOR__) && defined(__VERSION__) ++#elif defined(__ARMCC_VERSION) && defined(__GNUC__) && defined(__GNUC_MINOR__) && defined(__VERSION__) + # if defined(__GNUC_PATCHLEVEL__) +-# define LZO_CC_CLANG_GNUC (__GNUC__ * 0x10000L + __GNUC_MINOR__ * 0x100 + __GNUC_PATCHLEVEL__) ++# define LZO_CC_ARMCC_GNUC (__GNUC__ * 0x10000L + (__GNUC_MINOR__-0) * 0x100 + (__GNUC_PATCHLEVEL__-0)) + # else +-# define LZO_CC_CLANG_GNUC (__GNUC__ * 0x10000L + __GNUC_MINOR__ * 0x100) ++# define LZO_CC_ARMCC_GNUC (__GNUC__ * 0x10000L + (__GNUC_MINOR__-0) * 0x100) + # endif ++# define LZO_CC_ARMCC __ARMCC_VERSION ++# define LZO_INFO_CC "ARM C Compiler" ++# define LZO_INFO_CCVER __VERSION__ ++#elif defined(__clang__) && defined(__llvm__) && defined(__VERSION__) + # if defined(__clang_major__) && defined(__clang_minor__) && defined(__clang_patchlevel__) +-# define LZO_CC_CLANG_CLANG (__clang_major__ * 0x10000L + __clang_minor__ * 0x100 + __clang_patchlevel__) ++# define LZO_CC_CLANG (__clang_major__ * 0x10000L + (__clang_minor__-0) * 0x100 + (__clang_patchlevel__-0)) + # else +-# define LZO_CC_CLANG_CLANG 0x010000L ++# define LZO_CC_CLANG 0x010000L ++# endif ++# if defined(_MSC_VER) && ((_MSC_VER-0) > 0) ++# define LZO_CC_CLANG_MSC _MSC_VER ++# elif defined(__GNUC__) && defined(__GNUC_MINOR__) && defined(__VERSION__) ++# define LZO_CC_CLANG_GNUC (__GNUC__ * 0x10000L + (__GNUC_MINOR__-0) * 0x100 + (__GNUC_PATCHLEVEL__-0)) + # endif +-# define LZO_CC_CLANG LZO_CC_CLANG_GNUC + # define LZO_INFO_CC "clang" + # define LZO_INFO_CCVER __VERSION__ + #elif defined(__llvm__) && defined(__GNUC__) && defined(__GNUC_MINOR__) && defined(__VERSION__) + # if defined(__GNUC_PATCHLEVEL__) +-# define LZO_CC_LLVM_GNUC (__GNUC__ * 0x10000L + __GNUC_MINOR__ * 0x100 + __GNUC_PATCHLEVEL__) ++# define LZO_CC_LLVM_GNUC (__GNUC__ * 0x10000L + (__GNUC_MINOR__-0) * 0x100 + (__GNUC_PATCHLEVEL__-0)) + # else +-# define LZO_CC_LLVM_GNUC (__GNUC__ * 0x10000L + __GNUC_MINOR__ * 0x100) ++# define LZO_CC_LLVM_GNUC (__GNUC__ * 0x10000L + (__GNUC_MINOR__-0) * 0x100) + # endif + # define LZO_CC_LLVM LZO_CC_LLVM_GNUC + # define LZO_INFO_CC "llvm-gcc" + # define LZO_INFO_CCVER __VERSION__ +-#elif defined(__GNUC__) && defined(__VERSION__) +-# if defined(__GNUC_MINOR__) && defined(__GNUC_PATCHLEVEL__) +-# define LZO_CC_GNUC (__GNUC__ * 0x10000L + __GNUC_MINOR__ * 0x100 + __GNUC_PATCHLEVEL__) +-# elif defined(__GNUC_MINOR__) +-# define LZO_CC_GNUC (__GNUC__ * 0x10000L + __GNUC_MINOR__ * 0x100) +-# else +-# define LZO_CC_GNUC (__GNUC__ * 0x10000L) +-# endif +-# define LZO_INFO_CC "gcc" +-# define LZO_INFO_CCVER __VERSION__ + #elif defined(__ACK__) && defined(_ACK) + # define LZO_CC_ACK 1 + # define LZO_INFO_CC "Amsterdam Compiler Kit C" + # define LZO_INFO_CCVER "unknown" ++#elif defined(__ARMCC_VERSION) && !defined(__GNUC__) ++# define LZO_CC_ARMCC __ARMCC_VERSION ++# define LZO_CC_ARMCC_ARMCC __ARMCC_VERSION ++# define LZO_INFO_CC "ARM C Compiler" ++# define LZO_INFO_CCVER LZO_PP_MACRO_EXPAND(__ARMCC_VERSION) + #elif defined(__AZTEC_C__) + # define LZO_CC_AZTECC 1 + # define LZO_INFO_CC "Aztec C" +@@ -540,10 +593,23 @@ + # define LZO_CC_DECC 1 + # define LZO_INFO_CC "DEC C" + # define LZO_INFO_CCVER LZO_PP_MACRO_EXPAND(__DECC) ++#elif (defined(__ghs) || defined(__ghs__)) && defined(__GHS_VERSION_NUMBER) && ((__GHS_VERSION_NUMBER-0) > 0) ++# define LZO_CC_GHS 1 ++# define LZO_INFO_CC "Green Hills C" ++# define LZO_INFO_CCVER LZO_PP_MACRO_EXPAND(__GHS_VERSION_NUMBER) ++# if defined(_MSC_VER) && ((_MSC_VER-0) > 0) ++# define LZO_CC_GHS_MSC _MSC_VER ++# elif defined(__GNUC__) && defined(__GNUC_MINOR__) && defined(__VERSION__) ++# define LZO_CC_GHS_GNUC (__GNUC__ * 0x10000L + (__GNUC_MINOR__-0) * 0x100 + (__GNUC_PATCHLEVEL__-0)) ++# endif + #elif defined(__HIGHC__) + # define LZO_CC_HIGHC 1 + # define LZO_INFO_CC "MetaWare High C" + # define LZO_INFO_CCVER "unknown" ++#elif defined(__HP_aCC) && ((__HP_aCC-0) > 0) ++# define LZO_CC_HPACC __HP_aCC ++# define LZO_INFO_CC "HP aCC" ++# define LZO_INFO_CCVER LZO_PP_MACRO_EXPAND(__HP_aCC) + #elif defined(__IAR_SYSTEMS_ICC__) + # define LZO_CC_IARC 1 + # define LZO_INFO_CC "IAR C" +@@ -552,10 +618,14 @@ + # else + # define LZO_INFO_CCVER "unknown" + # endif +-#elif defined(__IBMC__) +-# define LZO_CC_IBMC 1 ++#elif defined(__IBMC__) && ((__IBMC__-0) > 0) ++# define LZO_CC_IBMC __IBMC__ + # define LZO_INFO_CC "IBM C" + # define LZO_INFO_CCVER LZO_PP_MACRO_EXPAND(__IBMC__) ++#elif defined(__IBMCPP__) && ((__IBMCPP__-0) > 0) ++# define LZO_CC_IBMC __IBMCPP__ ++# define LZO_INFO_CC "IBM C" ++# define LZO_INFO_CCVER LZO_PP_MACRO_EXPAND(__IBMCPP__) + #elif defined(__KEIL__) && defined(__C166__) + # define LZO_CC_KEILC 1 + # define LZO_INFO_CC "Keil C" +@@ -572,16 +642,8 @@ + # else + # define LZO_INFO_CCVER "unknown" + # endif +-#elif defined(_MSC_VER) +-# define LZO_CC_MSC 1 +-# define LZO_INFO_CC "Microsoft C" +-# if defined(_MSC_FULL_VER) +-# define LZO_INFO_CCVER LZO_PP_MACRO_EXPAND(_MSC_VER) "." LZO_PP_MACRO_EXPAND(_MSC_FULL_VER) +-# else +-# define LZO_INFO_CCVER LZO_PP_MACRO_EXPAND(_MSC_VER) +-# endif +-#elif defined(__MWERKS__) +-# define LZO_CC_MWERKS 1 ++#elif defined(__MWERKS__) && ((__MWERKS__-0) > 0) ++# define LZO_CC_MWERKS __MWERKS__ + # define LZO_INFO_CC "Metrowerks C" + # define LZO_INFO_CCVER LZO_PP_MACRO_EXPAND(__MWERKS__) + #elif (defined(__NDPC__) || defined(__NDPX__)) && defined(__i386) +@@ -592,6 +654,15 @@ + # define LZO_CC_PACIFICC 1 + # define LZO_INFO_CC "Pacific C" + # define LZO_INFO_CCVER LZO_PP_MACRO_EXPAND(__PACIFIC__) ++#elif defined(__PGI) && defined(__PGIC__) && defined(__PGIC_MINOR__) ++# if defined(__PGIC_PATCHLEVEL__) ++# define LZO_CC_PGI (__PGIC__ * 0x10000L + (__PGIC_MINOR__-0) * 0x100 + (__PGIC_PATCHLEVEL__-0)) ++# define LZO_INFO_CCVER LZO_PP_MACRO_EXPAND(__PGIC__) "." LZO_PP_MACRO_EXPAND(__PGIC_MINOR__) "." LZO_PP_MACRO_EXPAND(__PGIC_PATCHLEVEL__) ++# else ++# define LZO_CC_PGI (__PGIC__ * 0x10000L + (__PGIC_MINOR__-0) * 0x100) ++# define LZO_INFO_CCVER LZO_PP_MACRO_EXPAND(__PGIC__) "." LZO_PP_MACRO_EXPAND(__PGIC_MINOR__) ".0" ++# endif ++# define LZO_INFO_CC "Portland Group PGI C" + #elif defined(__PGI) && (defined(__linux__) || defined(__WIN32__)) + # define LZO_CC_PGI 1 + # define LZO_INFO_CC "Portland Group PGI C" +@@ -606,7 +677,7 @@ + # define LZO_INFO_CCVER LZO_PP_MACRO_EXPAND(__SC__) + #elif defined(__SUNPRO_C) + # define LZO_INFO_CC "SunPro C" +-# if ((__SUNPRO_C)+0 > 0) ++# if ((__SUNPRO_C-0) > 0) + # define LZO_CC_SUNPROC __SUNPRO_C + # define LZO_INFO_CCVER LZO_PP_MACRO_EXPAND(__SUNPRO_C) + # else +@@ -615,7 +686,7 @@ + # endif + #elif defined(__SUNPRO_CC) + # define LZO_INFO_CC "SunPro C" +-# if ((__SUNPRO_CC)+0 > 0) ++# if ((__SUNPRO_CC-0) > 0) + # define LZO_CC_SUNPROC __SUNPRO_CC + # define LZO_INFO_CCVER LZO_PP_MACRO_EXPAND(__SUNPRO_CC) + # else +@@ -641,16 +712,46 @@ + #elif defined(__ZTC__) + # define LZO_CC_ZORTECHC 1 + # define LZO_INFO_CC "Zortech C" +-# if (__ZTC__ == 0x310) ++# if ((__ZTC__-0) == 0x310) + # define LZO_INFO_CCVER "0x310" + # else + # define LZO_INFO_CCVER LZO_PP_MACRO_EXPAND(__ZTC__) + # endif ++#elif defined(__GNUC__) && defined(__VERSION__) ++# if defined(__GNUC_MINOR__) && defined(__GNUC_PATCHLEVEL__) ++# define LZO_CC_GNUC (__GNUC__ * 0x10000L + (__GNUC_MINOR__-0) * 0x100 + (__GNUC_PATCHLEVEL__-0)) ++# elif defined(__GNUC_MINOR__) ++# define LZO_CC_GNUC (__GNUC__ * 0x10000L + (__GNUC_MINOR__-0) * 0x100) ++# else ++# define LZO_CC_GNUC (__GNUC__ * 0x10000L) ++# endif ++# define LZO_INFO_CC "gcc" ++# define LZO_INFO_CCVER __VERSION__ ++#elif defined(_MSC_VER) && ((_MSC_VER-0) > 0) ++# define LZO_CC_MSC _MSC_VER ++# define LZO_INFO_CC "Microsoft C" ++# if defined(_MSC_FULL_VER) ++# define LZO_INFO_CCVER LZO_PP_MACRO_EXPAND(_MSC_VER) "." LZO_PP_MACRO_EXPAND(_MSC_FULL_VER) ++# else ++# define LZO_INFO_CCVER LZO_PP_MACRO_EXPAND(_MSC_VER) ++# endif + #else + # define LZO_CC_UNKNOWN 1 + # define LZO_INFO_CC "unknown" + # define LZO_INFO_CCVER "unknown" + #endif ++#if (LZO_CC_GNUC) && defined(__OPEN64__) ++# if defined(__OPENCC__) && defined(__OPENCC_MINOR__) && defined(__OPENCC_PATCHLEVEL__) ++# define LZO_CC_OPEN64 (__OPENCC__ * 0x10000L + (__OPENCC_MINOR__-0) * 0x100 + (__OPENCC_PATCHLEVEL__-0)) ++# define LZO_CC_OPEN64_GNUC LZO_CC_GNUC ++# endif ++#endif ++#if (LZO_CC_GNUC) && defined(__PCC__) ++# if defined(__PCC__) && defined(__PCC_MINOR__) && defined(__PCC_MINORMINOR__) ++# define LZO_CC_PCC (__PCC__ * 0x10000L + (__PCC_MINOR__-0) * 0x100 + (__PCC_MINORMINOR__-0)) ++# define LZO_CC_PCC_GNUC LZO_CC_GNUC ++# endif ++#endif + #if 0 && (LZO_CC_MSC && (_MSC_VER >= 1200)) && !defined(_MSC_FULL_VER) + # error "LZO_CC_MSC: _MSC_FULL_VER is not defined" + #endif +@@ -668,8 +769,10 @@ + # define LZO_INFO_ARCH "generic" + #elif (LZO_OS_DOS16 || LZO_OS_OS216 || LZO_OS_WIN16) + # define LZO_ARCH_I086 1 +-# define LZO_ARCH_IA16 1 + # define LZO_INFO_ARCH "i086" ++#elif defined(__aarch64__) ++# define LZO_ARCH_ARM64 1 ++# define LZO_INFO_ARCH "arm64" + #elif defined(__alpha__) || defined(__alpha) || defined(_M_ALPHA) + # define LZO_ARCH_ALPHA 1 + # define LZO_INFO_ARCH "alpha" +@@ -685,10 +788,10 @@ + # define LZO_INFO_ARCH "arm_thumb" + #elif defined(__IAR_SYSTEMS_ICC__) && defined(__ICCARM__) + # define LZO_ARCH_ARM 1 +-# if defined(__CPU_MODE__) && ((__CPU_MODE__)+0 == 1) ++# if defined(__CPU_MODE__) && ((__CPU_MODE__-0) == 1) + # define LZO_ARCH_ARM_THUMB 1 + # define LZO_INFO_ARCH "arm_thumb" +-# elif defined(__CPU_MODE__) && ((__CPU_MODE__)+0 == 2) ++# elif defined(__CPU_MODE__) && ((__CPU_MODE__-0) == 2) + # define LZO_INFO_ARCH "arm" + # else + # define LZO_INFO_ARCH "arm" +@@ -806,53 +909,147 @@ + # error "FIXME - missing define for CPU architecture" + #endif + #if 1 && (LZO_ARCH_UNKNOWN) && (LZO_OS_WIN32) +-# error "FIXME - missing WIN32 define for CPU architecture" ++# error "FIXME - missing LZO_OS_WIN32 define for CPU architecture" + #endif + #if 1 && (LZO_ARCH_UNKNOWN) && (LZO_OS_WIN64) +-# error "FIXME - missing WIN64 define for CPU architecture" ++# error "FIXME - missing LZO_OS_WIN64 define for CPU architecture" + #endif + #if (LZO_OS_OS216 || LZO_OS_WIN16) + # define LZO_ARCH_I086PM 1 +-# define LZO_ARCH_IA16PM 1 + #elif 1 && (LZO_OS_DOS16 && defined(BLX286)) + # define LZO_ARCH_I086PM 1 +-# define LZO_ARCH_IA16PM 1 + #elif 1 && (LZO_OS_DOS16 && defined(DOSX286)) + # define LZO_ARCH_I086PM 1 +-# define LZO_ARCH_IA16PM 1 + #elif 1 && (LZO_OS_DOS16 && LZO_CC_BORLANDC && defined(__DPMI16__)) + # define LZO_ARCH_I086PM 1 +-# define LZO_ARCH_IA16PM 1 + #endif +-#if (LZO_ARCH_ARM_THUMB) && !(LZO_ARCH_ARM) +-# error "this should not happen" ++#if (LZO_ARCH_AMD64 && !LZO_ARCH_X64) ++# define LZO_ARCH_X64 1 ++#elif (!LZO_ARCH_AMD64 && LZO_ARCH_X64) && defined(__LZO_ARCH_OVERRIDE) ++# define LZO_ARCH_AMD64 1 + #endif +-#if (LZO_ARCH_I086PM) && !(LZO_ARCH_I086) +-# error "this should not happen" ++#if (LZO_ARCH_ARM64 && !LZO_ARCH_AARCH64) ++# define LZO_ARCH_AARCH64 1 ++#elif (!LZO_ARCH_ARM64 && LZO_ARCH_AARCH64) && defined(__LZO_ARCH_OVERRIDE) ++# define LZO_ARCH_ARM64 1 ++#endif ++#if (LZO_ARCH_I386 && !LZO_ARCH_X86) ++# define LZO_ARCH_X86 1 ++#elif (!LZO_ARCH_I386 && LZO_ARCH_X86) && defined(__LZO_ARCH_OVERRIDE) ++# define LZO_ARCH_I386 1 ++#endif ++#if (LZO_ARCH_AMD64 && !LZO_ARCH_X64) || (!LZO_ARCH_AMD64 && LZO_ARCH_X64) ++# error "unexpected configuration - check your compiler defines" ++#endif ++#if (LZO_ARCH_ARM64 && !LZO_ARCH_AARCH64) || (!LZO_ARCH_ARM64 && LZO_ARCH_AARCH64) ++# error "unexpected configuration - check your compiler defines" ++#endif ++#if (LZO_ARCH_I386 && !LZO_ARCH_X86) || (!LZO_ARCH_I386 && LZO_ARCH_X86) ++# error "unexpected configuration - check your compiler defines" ++#endif ++#if (LZO_ARCH_ARM_THUMB && !LZO_ARCH_ARM) ++# error "unexpected configuration - check your compiler defines" ++#endif ++#if (LZO_ARCH_ARM_THUMB1 && !LZO_ARCH_ARM_THUMB) ++# error "unexpected configuration - check your compiler defines" ++#endif ++#if (LZO_ARCH_ARM_THUMB2 && !LZO_ARCH_ARM_THUMB) ++# error "unexpected configuration - check your compiler defines" ++#endif ++#if (LZO_ARCH_ARM_THUMB1 && LZO_ARCH_ARM_THUMB2) ++# error "unexpected configuration - check your compiler defines" ++#endif ++#if (LZO_ARCH_I086PM && !LZO_ARCH_I086) ++# error "unexpected configuration - check your compiler defines" + #endif + #if (LZO_ARCH_I086) + # if (UINT_MAX != LZO_0xffffL) +-# error "this should not happen" ++# error "unexpected configuration - check your compiler defines" + # endif + # if (ULONG_MAX != LZO_0xffffffffL) +-# error "this should not happen" ++# error "unexpected configuration - check your compiler defines" + # endif + #endif + #if (LZO_ARCH_I386) + # if (UINT_MAX != LZO_0xffffL) && defined(__i386_int16__) +-# error "this should not happen" ++# error "unexpected configuration - check your compiler defines" + # endif + # if (UINT_MAX != LZO_0xffffffffL) && !defined(__i386_int16__) +-# error "this should not happen" ++# error "unexpected configuration - check your compiler defines" + # endif + # if (ULONG_MAX != LZO_0xffffffffL) +-# error "this should not happen" ++# error "unexpected configuration - check your compiler defines" + # endif + #endif +-#if !defined(__LZO_MM_OVERRIDE) ++#if (LZO_ARCH_AMD64 || LZO_ARCH_I386) ++# if !defined(LZO_TARGET_FEATURE_SSE2) ++# if defined(__SSE2__) ++# define LZO_TARGET_FEATURE_SSE2 1 ++# elif defined(_MSC_VER) && ((defined(_M_IX86_FP) && ((_M_IX86_FP)+0 >= 2)) || defined(_M_AMD64)) ++# define LZO_TARGET_FEATURE_SSE2 1 ++# endif ++# endif ++# if !defined(LZO_TARGET_FEATURE_SSSE3) ++# if (LZO_TARGET_FEATURE_SSE2) ++# if defined(__SSSE3__) ++# define LZO_TARGET_FEATURE_SSSE3 1 ++# elif defined(_MSC_VER) && defined(__AVX__) ++# define LZO_TARGET_FEATURE_SSSE3 1 ++# endif ++# endif ++# endif ++# if !defined(LZO_TARGET_FEATURE_SSE4_2) ++# if (LZO_TARGET_FEATURE_SSSE3) ++# if defined(__SSE4_2__) ++# define LZO_TARGET_FEATURE_SSE4_2 1 ++# endif ++# endif ++# endif ++# if !defined(LZO_TARGET_FEATURE_AVX) ++# if (LZO_TARGET_FEATURE_SSSE3) ++# if defined(__AVX__) ++# define LZO_TARGET_FEATURE_AVX 1 ++# endif ++# endif ++# endif ++# if !defined(LZO_TARGET_FEATURE_AVX2) ++# if (LZO_TARGET_FEATURE_AVX) ++# if defined(__AVX2__) ++# define LZO_TARGET_FEATURE_AVX2 1 ++# endif ++# endif ++# endif ++#endif ++#if (LZO_TARGET_FEATURE_SSSE3 && !(LZO_TARGET_FEATURE_SSE2)) ++# error "unexpected configuration - check your compiler defines" ++#endif ++#if (LZO_TARGET_FEATURE_SSE4_2 && !(LZO_TARGET_FEATURE_SSSE3)) ++# error "unexpected configuration - check your compiler defines" ++#endif ++#if (LZO_TARGET_FEATURE_AVX && !(LZO_TARGET_FEATURE_SSSE3)) ++# error "unexpected configuration - check your compiler defines" ++#endif ++#if (LZO_TARGET_FEATURE_AVX2 && !(LZO_TARGET_FEATURE_AVX)) ++# error "unexpected configuration - check your compiler defines" ++#endif ++#if (LZO_ARCH_ARM) ++# if !defined(LZO_TARGET_FEATURE_NEON) ++# if defined(__ARM_NEON__) ++# define LZO_TARGET_FEATURE_NEON 1 ++# endif ++# endif ++#elif (LZO_ARCH_ARM64) ++# if !defined(LZO_TARGET_FEATURE_NEON) ++# if 1 ++# define LZO_TARGET_FEATURE_NEON 1 ++# endif ++# endif ++#endif ++#if 0 ++#elif !defined(__LZO_MM_OVERRIDE) + #if (LZO_ARCH_I086) + #if (UINT_MAX != LZO_0xffffL) +-# error "this should not happen" ++# error "unexpected configuration - check your compiler defines" + #endif + #if defined(__TINY__) || defined(M_I86TM) || defined(_M_I86TM) + # define LZO_MM_TINY 1 +@@ -879,7 +1076,7 @@ + #elif (LZO_CC_ZORTECHC && defined(__VCM__)) + # define LZO_MM_LARGE 1 + #else +-# error "unknown memory model" ++# error "unknown LZO_ARCH_I086 memory model" + #endif + #if (LZO_OS_DOS16 || LZO_OS_OS216 || LZO_OS_WIN16) + #define LZO_HAVE_MM_HUGE_PTR 1 +@@ -902,10 +1099,10 @@ + #endif + #if (LZO_ARCH_I086PM) && !(LZO_HAVE_MM_HUGE_PTR) + # if (LZO_OS_DOS16) +-# error "this should not happen" ++# error "unexpected configuration - check your compiler defines" + # elif (LZO_CC_ZORTECHC) + # else +-# error "this should not happen" ++# error "unexpected configuration - check your compiler defines" + # endif + #endif + #ifdef __cplusplus +@@ -937,7 +1134,7 @@ extern "C" { + #endif + #elif (LZO_ARCH_C166) + #if !defined(__MODEL__) +-# error "FIXME - C166 __MODEL__" ++# error "FIXME - LZO_ARCH_C166 __MODEL__" + #elif ((__MODEL__) == 0) + # define LZO_MM_SMALL 1 + #elif ((__MODEL__) == 1) +@@ -951,11 +1148,11 @@ extern "C" { + #elif ((__MODEL__) == 5) + # define LZO_MM_XSMALL 1 + #else +-# error "FIXME - C166 __MODEL__" ++# error "FIXME - LZO_ARCH_C166 __MODEL__" + #endif + #elif (LZO_ARCH_MCS251) + #if !defined(__MODEL__) +-# error "FIXME - MCS251 __MODEL__" ++# error "FIXME - LZO_ARCH_MCS251 __MODEL__" + #elif ((__MODEL__) == 0) + # define LZO_MM_SMALL 1 + #elif ((__MODEL__) == 2) +@@ -967,11 +1164,11 @@ extern "C" { + #elif ((__MODEL__) == 5) + # define LZO_MM_XSMALL 1 + #else +-# error "FIXME - MCS251 __MODEL__" ++# error "FIXME - LZO_ARCH_MCS251 __MODEL__" + #endif + #elif (LZO_ARCH_MCS51) + #if !defined(__MODEL__) +-# error "FIXME - MCS51 __MODEL__" ++# error "FIXME - LZO_ARCH_MCS51 __MODEL__" + #elif ((__MODEL__) == 1) + # define LZO_MM_SMALL 1 + #elif ((__MODEL__) == 2) +@@ -983,7 +1180,7 @@ extern "C" { + #elif ((__MODEL__) == 5) + # define LZO_MM_XSMALL 1 + #else +-# error "FIXME - MCS51 __MODEL__" ++# error "FIXME - LZO_ARCH_MCS51 __MODEL__" + #endif + #elif (LZO_ARCH_CRAY_PVP) + # define LZO_MM_PVP 1 +@@ -1010,35 +1207,818 @@ extern "C" { + # error "unknown memory model" + #endif + #endif ++#if !defined(__lzo_gnuc_extension__) ++#if (LZO_CC_GNUC >= 0x020800ul) ++# define __lzo_gnuc_extension__ __extension__ ++#elif (LZO_CC_ARMCC_GNUC || LZO_CC_CLANG || LZO_CC_LLVM || LZO_CC_PATHSCALE) ++# define __lzo_gnuc_extension__ __extension__ ++#elif (LZO_CC_IBMC >= 600) ++# define __lzo_gnuc_extension__ __extension__ ++#else ++#endif ++#endif ++#if !defined(__lzo_gnuc_extension__) ++# define __lzo_gnuc_extension__ /*empty*/ ++#endif ++#if !defined(LZO_CFG_USE_NEW_STYLE_CASTS) && defined(__cplusplus) && 0 ++# if (LZO_CC_GNUC && (LZO_CC_GNUC < 0x020800ul)) ++# define LZO_CFG_USE_NEW_STYLE_CASTS 0 ++# elif (LZO_CC_INTELC && (__INTEL_COMPILER < 1200)) ++# define LZO_CFG_USE_NEW_STYLE_CASTS 0 ++# else ++# define LZO_CFG_USE_NEW_STYLE_CASTS 1 ++# endif ++#endif ++#if !defined(LZO_CFG_USE_NEW_STYLE_CASTS) ++# define LZO_CFG_USE_NEW_STYLE_CASTS 0 ++#endif ++#if !defined(__cplusplus) ++# if defined(LZO_CFG_USE_NEW_STYLE_CASTS) ++# undef LZO_CFG_USE_NEW_STYLE_CASTS ++# endif ++# define LZO_CFG_USE_NEW_STYLE_CASTS 0 ++#endif ++#if !defined(LZO_REINTERPRET_CAST) ++# if (LZO_CFG_USE_NEW_STYLE_CASTS) ++# define LZO_REINTERPRET_CAST(t,e) (reinterpret_cast (e)) ++# endif ++#endif ++#if !defined(LZO_REINTERPRET_CAST) ++# define LZO_REINTERPRET_CAST(t,e) ((t) (e)) ++#endif ++#if !defined(LZO_STATIC_CAST) ++# if (LZO_CFG_USE_NEW_STYLE_CASTS) ++# define LZO_STATIC_CAST(t,e) (static_cast (e)) ++# endif ++#endif ++#if !defined(LZO_STATIC_CAST) ++# define LZO_STATIC_CAST(t,e) ((t) (e)) ++#endif ++#if !defined(LZO_STATIC_CAST2) ++# define LZO_STATIC_CAST2(t1,t2,e) LZO_STATIC_CAST(t1, LZO_STATIC_CAST(t2, e)) ++#endif ++#if !defined(LZO_UNCONST_CAST) ++# if (LZO_CFG_USE_NEW_STYLE_CASTS) ++# define LZO_UNCONST_CAST(t,e) (const_cast (e)) ++# elif (LZO_HAVE_MM_HUGE_PTR) ++# define LZO_UNCONST_CAST(t,e) ((t) (e)) ++# elif (LZO_CC_ARMCC_GNUC || LZO_CC_CLANG || LZO_CC_GNUC || LZO_CC_LLVM || LZO_CC_PATHSCALE) ++# define LZO_UNCONST_CAST(t,e) ((t) ((void *) ((lzo_uintptr_t) ((const void *) (e))))) ++# endif ++#endif ++#if !defined(LZO_UNCONST_CAST) ++# define LZO_UNCONST_CAST(t,e) ((t) ((void *) ((const void *) (e)))) ++#endif ++#if !defined(LZO_UNCONST_VOLATILE_CAST) ++# if (LZO_CFG_USE_NEW_STYLE_CASTS) ++# define LZO_UNCONST_VOLATILE_CAST(t,e) (const_cast (e)) ++# elif (LZO_HAVE_MM_HUGE_PTR) ++# define LZO_UNCONST_VOLATILE_CAST(t,e) ((t) (e)) ++# elif (LZO_CC_ARMCC_GNUC || LZO_CC_CLANG || LZO_CC_GNUC || LZO_CC_LLVM || LZO_CC_PATHSCALE) ++# define LZO_UNCONST_VOLATILE_CAST(t,e) ((t) ((volatile void *) ((lzo_uintptr_t) ((volatile const void *) (e))))) ++# endif ++#endif ++#if !defined(LZO_UNCONST_VOLATILE_CAST) ++# define LZO_UNCONST_VOLATILE_CAST(t,e) ((t) ((volatile void *) ((volatile const void *) (e)))) ++#endif ++#if !defined(LZO_UNVOLATILE_CAST) ++# if (LZO_CFG_USE_NEW_STYLE_CASTS) ++# define LZO_UNVOLATILE_CAST(t,e) (const_cast (e)) ++# elif (LZO_HAVE_MM_HUGE_PTR) ++# define LZO_UNVOLATILE_CAST(t,e) ((t) (e)) ++# elif (LZO_CC_ARMCC_GNUC || LZO_CC_CLANG || LZO_CC_GNUC || LZO_CC_LLVM || LZO_CC_PATHSCALE) ++# define LZO_UNVOLATILE_CAST(t,e) ((t) ((void *) ((lzo_uintptr_t) ((volatile void *) (e))))) ++# endif ++#endif ++#if !defined(LZO_UNVOLATILE_CAST) ++# define LZO_UNVOLATILE_CAST(t,e) ((t) ((void *) ((volatile void *) (e)))) ++#endif ++#if !defined(LZO_UNVOLATILE_CONST_CAST) ++# if (LZO_CFG_USE_NEW_STYLE_CASTS) ++# define LZO_UNVOLATILE_CONST_CAST(t,e) (const_cast (e)) ++# elif (LZO_HAVE_MM_HUGE_PTR) ++# define LZO_UNVOLATILE_CONST_CAST(t,e) ((t) (e)) ++# elif (LZO_CC_ARMCC_GNUC || LZO_CC_CLANG || LZO_CC_GNUC || LZO_CC_LLVM || LZO_CC_PATHSCALE) ++# define LZO_UNVOLATILE_CONST_CAST(t,e) ((t) ((const void *) ((lzo_uintptr_t) ((volatile const void *) (e))))) ++# endif ++#endif ++#if !defined(LZO_UNVOLATILE_CONST_CAST) ++# define LZO_UNVOLATILE_CONST_CAST(t,e) ((t) ((const void *) ((volatile const void *) (e)))) ++#endif ++#if !defined(LZO_PCAST) ++# if (LZO_HAVE_MM_HUGE_PTR) ++# define LZO_PCAST(t,e) ((t) (e)) ++# endif ++#endif ++#if !defined(LZO_PCAST) ++# define LZO_PCAST(t,e) LZO_STATIC_CAST(t, LZO_STATIC_CAST(void *, e)) ++#endif ++#if !defined(LZO_CCAST) ++# if (LZO_HAVE_MM_HUGE_PTR) ++# define LZO_CCAST(t,e) ((t) (e)) ++# endif ++#endif ++#if !defined(LZO_CCAST) ++# define LZO_CCAST(t,e) LZO_STATIC_CAST(t, LZO_STATIC_CAST(const void *, e)) ++#endif ++#if !defined(LZO_ICONV) ++# define LZO_ICONV(t,e) LZO_STATIC_CAST(t, e) ++#endif ++#if !defined(LZO_ICAST) ++# define LZO_ICAST(t,e) LZO_STATIC_CAST(t, e) ++#endif ++#if !defined(LZO_ITRUNC) ++# define LZO_ITRUNC(t,e) LZO_STATIC_CAST(t, e) ++#endif ++#if !defined(__lzo_cte) ++# if (LZO_CC_MSC || LZO_CC_WATCOMC) ++# define __lzo_cte(e) ((void)0,(e)) ++# elif 1 ++# define __lzo_cte(e) ((void)0,(e)) ++# endif ++#endif ++#if !defined(__lzo_cte) ++# define __lzo_cte(e) (e) ++#endif ++#if !defined(LZO_BLOCK_BEGIN) ++# define LZO_BLOCK_BEGIN do { ++# define LZO_BLOCK_END } while __lzo_cte(0) ++#endif ++#if !defined(LZO_UNUSED) ++# if (LZO_CC_BORLANDC && (__BORLANDC__ >= 0x0600)) ++# define LZO_UNUSED(var) ((void) &var) ++# elif (LZO_CC_BORLANDC || LZO_CC_HIGHC || LZO_CC_NDPC || LZO_CC_PELLESC || LZO_CC_TURBOC) ++# define LZO_UNUSED(var) if (&var) ; else ++# elif (LZO_CC_CLANG && (LZO_CC_CLANG >= 0x030200ul)) ++# define LZO_UNUSED(var) ((void) &var) ++# elif (LZO_CC_CLANG || LZO_CC_GNUC || LZO_CC_LLVM || LZO_CC_PATHSCALE) ++# define LZO_UNUSED(var) ((void) var) ++# elif (LZO_CC_MSC && (_MSC_VER < 900)) ++# define LZO_UNUSED(var) if (&var) ; else ++# elif (LZO_CC_KEILC) ++# define LZO_UNUSED(var) {LZO_EXTERN_C int lzo_unused__[1-2*!(sizeof(var)>0)];} ++# elif (LZO_CC_PACIFICC) ++# define LZO_UNUSED(var) ((void) sizeof(var)) ++# elif (LZO_CC_WATCOMC) && defined(__cplusplus) ++# define LZO_UNUSED(var) ((void) var) ++# else ++# define LZO_UNUSED(var) ((void) &var) ++# endif ++#endif ++#if !defined(LZO_UNUSED_FUNC) ++# if (LZO_CC_BORLANDC && (__BORLANDC__ >= 0x0600)) ++# define LZO_UNUSED_FUNC(func) ((void) func) ++# elif (LZO_CC_BORLANDC || LZO_CC_NDPC || LZO_CC_TURBOC) ++# define LZO_UNUSED_FUNC(func) if (func) ; else ++# elif (LZO_CC_CLANG || LZO_CC_LLVM) ++# define LZO_UNUSED_FUNC(func) ((void) &func) ++# elif (LZO_CC_MSC && (_MSC_VER < 900)) ++# define LZO_UNUSED_FUNC(func) if (func) ; else ++# elif (LZO_CC_MSC) ++# define LZO_UNUSED_FUNC(func) ((void) &func) ++# elif (LZO_CC_KEILC || LZO_CC_PELLESC) ++# define LZO_UNUSED_FUNC(func) {LZO_EXTERN_C int lzo_unused_func__[1-2*!(sizeof((int)func)>0)];} ++# else ++# define LZO_UNUSED_FUNC(func) ((void) func) ++# endif ++#endif ++#if !defined(LZO_UNUSED_LABEL) ++# if (LZO_CC_CLANG >= 0x020800ul) ++# define LZO_UNUSED_LABEL(l) (__lzo_gnuc_extension__ ((void) ((const void *) &&l))) ++# elif (LZO_CC_ARMCC || LZO_CC_CLANG || LZO_CC_INTELC || LZO_CC_WATCOMC) ++# define LZO_UNUSED_LABEL(l) if __lzo_cte(0) goto l ++# else ++# define LZO_UNUSED_LABEL(l) switch (0) case 1:goto l ++# endif ++#endif ++#if !defined(LZO_DEFINE_UNINITIALIZED_VAR) ++# if 0 ++# define LZO_DEFINE_UNINITIALIZED_VAR(type,var,init) type var ++# elif 0 && (LZO_CC_GNUC) ++# define LZO_DEFINE_UNINITIALIZED_VAR(type,var,init) type var = var ++# else ++# define LZO_DEFINE_UNINITIALIZED_VAR(type,var,init) type var = init ++# endif ++#endif ++#if !defined(__lzo_inline) ++#if (LZO_CC_TURBOC && (__TURBOC__ <= 0x0295)) ++#elif defined(__cplusplus) ++# define __lzo_inline inline ++#elif defined(__STDC_VERSION__) && (__STDC_VERSION__-0 >= 199901L) ++# define __lzo_inline inline ++#elif (LZO_CC_BORLANDC && (__BORLANDC__ >= 0x0550)) ++# define __lzo_inline __inline ++#elif (LZO_CC_ARMCC_GNUC || LZO_CC_CILLY || LZO_CC_CLANG || LZO_CC_GNUC || LZO_CC_LLVM || LZO_CC_PATHSCALE || LZO_CC_PGI) ++# define __lzo_inline __inline__ ++#elif (LZO_CC_DMC) ++# define __lzo_inline __inline ++#elif (LZO_CC_GHS) ++# define __lzo_inline __inline__ ++#elif (LZO_CC_IBMC >= 600) ++# define __lzo_inline __inline__ ++#elif (LZO_CC_INTELC) ++# define __lzo_inline __inline ++#elif (LZO_CC_MWERKS && (__MWERKS__ >= 0x2405)) ++# define __lzo_inline __inline ++#elif (LZO_CC_MSC && (_MSC_VER >= 900)) ++# define __lzo_inline __inline ++#elif (LZO_CC_SUNPROC >= 0x5100) ++# define __lzo_inline __inline__ ++#endif ++#endif ++#if defined(__lzo_inline) ++# ifndef __lzo_HAVE_inline ++# define __lzo_HAVE_inline 1 ++# endif ++#else ++# define __lzo_inline /*empty*/ ++#endif ++#if !defined(__lzo_forceinline) ++#if (LZO_CC_GNUC >= 0x030200ul) ++# define __lzo_forceinline __inline__ __attribute__((__always_inline__)) ++#elif (LZO_CC_IBMC >= 700) ++# define __lzo_forceinline __inline__ __attribute__((__always_inline__)) ++#elif (LZO_CC_INTELC_MSC && (__INTEL_COMPILER >= 450)) ++# define __lzo_forceinline __forceinline ++#elif (LZO_CC_INTELC_GNUC && (__INTEL_COMPILER >= 800)) ++# define __lzo_forceinline __inline__ __attribute__((__always_inline__)) ++#elif (LZO_CC_ARMCC_GNUC || LZO_CC_CLANG || LZO_CC_LLVM || LZO_CC_PATHSCALE) ++# define __lzo_forceinline __inline__ __attribute__((__always_inline__)) ++#elif (LZO_CC_MSC && (_MSC_VER >= 1200)) ++# define __lzo_forceinline __forceinline ++#elif (LZO_CC_PGI >= 0x0d0a00ul) ++# define __lzo_forceinline __inline__ __attribute__((__always_inline__)) ++#elif (LZO_CC_SUNPROC >= 0x5100) ++# define __lzo_forceinline __inline__ __attribute__((__always_inline__)) ++#endif ++#endif ++#if defined(__lzo_forceinline) ++# ifndef __lzo_HAVE_forceinline ++# define __lzo_HAVE_forceinline 1 ++# endif ++#else ++# define __lzo_forceinline __lzo_inline ++#endif ++#if !defined(__lzo_noinline) ++#if 1 && (LZO_ARCH_I386) && (LZO_CC_GNUC >= 0x040000ul) && (LZO_CC_GNUC < 0x040003ul) ++# define __lzo_noinline __attribute__((__noinline__,__used__)) ++#elif (LZO_CC_GNUC >= 0x030200ul) ++# define __lzo_noinline __attribute__((__noinline__)) ++#elif (LZO_CC_IBMC >= 700) ++# define __lzo_noinline __attribute__((__noinline__)) ++#elif (LZO_CC_INTELC_MSC && (__INTEL_COMPILER >= 600)) ++# define __lzo_noinline __declspec(noinline) ++#elif (LZO_CC_INTELC_GNUC && (__INTEL_COMPILER >= 800)) ++# define __lzo_noinline __attribute__((__noinline__)) ++#elif (LZO_CC_ARMCC_GNUC || LZO_CC_CLANG || LZO_CC_LLVM || LZO_CC_PATHSCALE) ++# define __lzo_noinline __attribute__((__noinline__)) ++#elif (LZO_CC_MSC && (_MSC_VER >= 1300)) ++# define __lzo_noinline __declspec(noinline) ++#elif (LZO_CC_MWERKS && (__MWERKS__ >= 0x3200) && (LZO_OS_WIN32 || LZO_OS_WIN64)) ++# if defined(__cplusplus) ++# else ++# define __lzo_noinline __declspec(noinline) ++# endif ++#elif (LZO_CC_PGI >= 0x0d0a00ul) ++# define __lzo_noinline __attribute__((__noinline__)) ++#elif (LZO_CC_SUNPROC >= 0x5100) ++# define __lzo_noinline __attribute__((__noinline__)) ++#endif ++#endif ++#if defined(__lzo_noinline) ++# ifndef __lzo_HAVE_noinline ++# define __lzo_HAVE_noinline 1 ++# endif ++#else ++# define __lzo_noinline /*empty*/ ++#endif ++#if (__lzo_HAVE_forceinline || __lzo_HAVE_noinline) && !(__lzo_HAVE_inline) ++# error "unexpected configuration - check your compiler defines" ++#endif ++#if !defined(__lzo_static_inline) ++#if (LZO_CC_IBMC) ++# define __lzo_static_inline __lzo_gnuc_extension__ static __lzo_inline ++#endif ++#endif ++#if !defined(__lzo_static_inline) ++# define __lzo_static_inline static __lzo_inline ++#endif ++#if !defined(__lzo_static_forceinline) ++#if (LZO_CC_IBMC) ++# define __lzo_static_forceinline __lzo_gnuc_extension__ static __lzo_forceinline ++#endif ++#endif ++#if !defined(__lzo_static_forceinline) ++# define __lzo_static_forceinline static __lzo_forceinline ++#endif ++#if !defined(__lzo_static_noinline) ++#if (LZO_CC_IBMC) ++# define __lzo_static_noinline __lzo_gnuc_extension__ static __lzo_noinline ++#endif ++#endif ++#if !defined(__lzo_static_noinline) ++# define __lzo_static_noinline static __lzo_noinline ++#endif ++#if !defined(__lzo_c99_extern_inline) ++#if defined(__GNUC_GNU_INLINE__) ++# define __lzo_c99_extern_inline __lzo_inline ++#elif defined(__GNUC_STDC_INLINE__) ++# define __lzo_c99_extern_inline extern __lzo_inline ++#elif defined(__STDC_VERSION__) && (__STDC_VERSION__-0 >= 199901L) ++# define __lzo_c99_extern_inline extern __lzo_inline ++#endif ++#if !defined(__lzo_c99_extern_inline) && (__lzo_HAVE_inline) ++# define __lzo_c99_extern_inline __lzo_inline ++#endif ++#endif ++#if defined(__lzo_c99_extern_inline) ++# ifndef __lzo_HAVE_c99_extern_inline ++# define __lzo_HAVE_c99_extern_inline 1 ++# endif ++#else ++# define __lzo_c99_extern_inline /*empty*/ ++#endif ++#if !defined(__lzo_may_alias) ++#if (LZO_CC_GNUC >= 0x030400ul) ++# define __lzo_may_alias __attribute__((__may_alias__)) ++#elif (LZO_CC_CLANG >= 0x020900ul) ++# define __lzo_may_alias __attribute__((__may_alias__)) ++#elif (LZO_CC_INTELC_GNUC && (__INTEL_COMPILER >= 1210)) && 0 ++# define __lzo_may_alias __attribute__((__may_alias__)) ++#elif (LZO_CC_PGI >= 0x0d0a00ul) && 0 ++# define __lzo_may_alias __attribute__((__may_alias__)) ++#endif ++#endif ++#if defined(__lzo_may_alias) ++# ifndef __lzo_HAVE_may_alias ++# define __lzo_HAVE_may_alias 1 ++# endif ++#else ++# define __lzo_may_alias /*empty*/ ++#endif ++#if !defined(__lzo_noreturn) ++#if (LZO_CC_GNUC >= 0x020700ul) ++# define __lzo_noreturn __attribute__((__noreturn__)) ++#elif (LZO_CC_IBMC >= 700) ++# define __lzo_noreturn __attribute__((__noreturn__)) ++#elif (LZO_CC_INTELC_MSC && (__INTEL_COMPILER >= 450)) ++# define __lzo_noreturn __declspec(noreturn) ++#elif (LZO_CC_INTELC_GNUC && (__INTEL_COMPILER >= 600)) ++# define __lzo_noreturn __attribute__((__noreturn__)) ++#elif (LZO_CC_ARMCC_GNUC || LZO_CC_CLANG || LZO_CC_LLVM || LZO_CC_PATHSCALE) ++# define __lzo_noreturn __attribute__((__noreturn__)) ++#elif (LZO_CC_MSC && (_MSC_VER >= 1200)) ++# define __lzo_noreturn __declspec(noreturn) ++#elif (LZO_CC_PGI >= 0x0d0a00ul) ++# define __lzo_noreturn __attribute__((__noreturn__)) ++#endif ++#endif ++#if defined(__lzo_noreturn) ++# ifndef __lzo_HAVE_noreturn ++# define __lzo_HAVE_noreturn 1 ++# endif ++#else ++# define __lzo_noreturn /*empty*/ ++#endif ++#if !defined(__lzo_nothrow) ++#if (LZO_CC_GNUC >= 0x030300ul) ++# define __lzo_nothrow __attribute__((__nothrow__)) ++#elif (LZO_CC_INTELC_MSC && (__INTEL_COMPILER >= 450)) && defined(__cplusplus) ++# define __lzo_nothrow __declspec(nothrow) ++#elif (LZO_CC_INTELC_GNUC && (__INTEL_COMPILER >= 900)) ++# define __lzo_nothrow __attribute__((__nothrow__)) ++#elif (LZO_CC_ARMCC_GNUC || LZO_CC_CLANG || LZO_CC_LLVM || LZO_CC_PATHSCALE) ++# define __lzo_nothrow __attribute__((__nothrow__)) ++#elif (LZO_CC_MSC && (_MSC_VER >= 1200)) && defined(__cplusplus) ++# define __lzo_nothrow __declspec(nothrow) ++#endif ++#endif ++#if defined(__lzo_nothrow) ++# ifndef __lzo_HAVE_nothrow ++# define __lzo_HAVE_nothrow 1 ++# endif ++#else ++# define __lzo_nothrow /*empty*/ ++#endif ++#if !defined(__lzo_restrict) ++#if (LZO_CC_GNUC >= 0x030400ul) ++# define __lzo_restrict __restrict__ ++#elif (LZO_CC_IBMC >= 800) && !defined(__cplusplus) ++# define __lzo_restrict __restrict__ ++#elif (LZO_CC_IBMC >= 1210) ++# define __lzo_restrict __restrict__ ++#elif (LZO_CC_INTELC_MSC && (__INTEL_COMPILER >= 600)) ++#elif (LZO_CC_INTELC_GNUC && (__INTEL_COMPILER >= 600)) ++# define __lzo_restrict __restrict__ ++#elif (LZO_CC_ARMCC_GNUC || LZO_CC_CLANG || LZO_CC_LLVM) ++# define __lzo_restrict __restrict__ ++#elif (LZO_CC_MSC && (_MSC_VER >= 1400)) ++# define __lzo_restrict __restrict ++#elif (LZO_CC_PGI >= 0x0d0a00ul) ++# define __lzo_restrict __restrict__ ++#endif ++#endif ++#if defined(__lzo_restrict) ++# ifndef __lzo_HAVE_restrict ++# define __lzo_HAVE_restrict 1 ++# endif ++#else ++# define __lzo_restrict /*empty*/ ++#endif ++#if !defined(__lzo_alignof) ++#if (LZO_CC_ARMCC || LZO_CC_CILLY || LZO_CC_CLANG || LZO_CC_GNUC || LZO_CC_LLVM || LZO_CC_PATHSCALE || LZO_CC_PGI) ++# define __lzo_alignof(e) __alignof__(e) ++#elif (LZO_CC_GHS) && !defined(__cplusplus) ++# define __lzo_alignof(e) __alignof__(e) ++#elif (LZO_CC_IBMC >= 600) ++# define __lzo_alignof(e) (__lzo_gnuc_extension__ __alignof__(e)) ++#elif (LZO_CC_INTELC && (__INTEL_COMPILER >= 700)) ++# define __lzo_alignof(e) __alignof__(e) ++#elif (LZO_CC_MSC && (_MSC_VER >= 1300)) ++# define __lzo_alignof(e) __alignof(e) ++#elif (LZO_CC_SUNPROC >= 0x5100) ++# define __lzo_alignof(e) __alignof__(e) ++#endif ++#endif ++#if defined(__lzo_alignof) ++# ifndef __lzo_HAVE_alignof ++# define __lzo_HAVE_alignof 1 ++# endif ++#endif ++#if !defined(__lzo_struct_packed) ++#if (LZO_CC_CLANG && (LZO_CC_CLANG < 0x020800ul)) && defined(__cplusplus) ++#elif (LZO_CC_GNUC && (LZO_CC_GNUC < 0x020700ul)) ++#elif (LZO_CC_GNUC && (LZO_CC_GNUC < 0x020800ul)) && defined(__cplusplus) ++#elif (LZO_CC_PCC && (LZO_CC_PCC < 0x010100ul)) ++#elif (LZO_CC_SUNPROC && (LZO_CC_SUNPROC < 0x5110)) && !defined(__cplusplus) ++#elif (LZO_CC_GNUC >= 0x030400ul) && !(LZO_CC_PCC_GNUC) && (LZO_ARCH_AMD64 || LZO_ARCH_I386) ++# define __lzo_struct_packed(s) struct s { ++# define __lzo_struct_packed_end() } __attribute__((__gcc_struct__,__packed__)); ++# define __lzo_struct_packed_ma_end() } __lzo_may_alias __attribute__((__gcc_struct__,__packed__)); ++#elif (LZO_CC_ARMCC || LZO_CC_CLANG || LZO_CC_GNUC || LZO_CC_INTELC_GNUC || LZO_CC_LLVM || LZO_CC_PATHSCALE || (LZO_CC_PGI >= 0x0d0a00ul) || (LZO_CC_SUNPROC >= 0x5100)) ++# define __lzo_struct_packed(s) struct s { ++# define __lzo_struct_packed_end() } __attribute__((__packed__)); ++# define __lzo_struct_packed_ma_end() } __lzo_may_alias __attribute__((__packed__)); ++#elif (LZO_CC_IBMC >= 700) ++# define __lzo_struct_packed(s) __lzo_gnuc_extension__ struct s { ++# define __lzo_struct_packed_end() } __attribute__((__packed__)); ++# define __lzo_struct_packed_ma_end() } __lzo_may_alias __attribute__((__packed__)); ++#elif (LZO_CC_INTELC_MSC) || (LZO_CC_MSC && (_MSC_VER >= 1300)) ++# define __lzo_struct_packed(s) __pragma(pack(push,1)) struct s { ++# define __lzo_struct_packed_end() } __pragma(pack(pop)); ++#elif (LZO_CC_WATCOMC && (__WATCOMC__ >= 900)) ++# define __lzo_struct_packed(s) _Packed struct s { ++# define __lzo_struct_packed_end() }; ++#endif ++#endif ++#if defined(__lzo_struct_packed) && !defined(__lzo_struct_packed_ma) ++# define __lzo_struct_packed_ma(s) __lzo_struct_packed(s) ++#endif ++#if defined(__lzo_struct_packed_end) && !defined(__lzo_struct_packed_ma_end) ++# define __lzo_struct_packed_ma_end() __lzo_struct_packed_end() ++#endif ++#if !defined(__lzo_byte_struct) ++#if defined(__lzo_struct_packed) ++# define __lzo_byte_struct(s,n) __lzo_struct_packed(s) unsigned char a[n]; __lzo_struct_packed_end() ++# define __lzo_byte_struct_ma(s,n) __lzo_struct_packed_ma(s) unsigned char a[n]; __lzo_struct_packed_ma_end() ++#elif (LZO_CC_CILLY || LZO_CC_CLANG || LZO_CC_PGI || (LZO_CC_SUNPROC >= 0x5100)) ++# define __lzo_byte_struct(s,n) struct s { unsigned char a[n]; } __attribute__((__packed__)); ++# define __lzo_byte_struct_ma(s,n) struct s { unsigned char a[n]; } __lzo_may_alias __attribute__((__packed__)); ++#endif ++#endif ++#if defined(__lzo_byte_struct) && !defined(__lzo_byte_struct_ma) ++# define __lzo_byte_struct_ma(s,n) __lzo_byte_struct(s,n) ++#endif ++#if !defined(__lzo_struct_align16) && (__lzo_HAVE_alignof) ++#if (LZO_CC_GNUC && (LZO_CC_GNUC < 0x030000ul)) ++#elif (LZO_CC_CLANG && (LZO_CC_CLANG < 0x020800ul)) && defined(__cplusplus) ++#elif (LZO_CC_CILLY || LZO_CC_PCC) ++#elif (LZO_CC_INTELC_MSC) || (LZO_CC_MSC && (_MSC_VER >= 1300)) ++# define __lzo_struct_align16(s) struct __declspec(align(16)) s { ++# define __lzo_struct_align16_end() }; ++# define __lzo_struct_align32(s) struct __declspec(align(32)) s { ++# define __lzo_struct_align32_end() }; ++# define __lzo_struct_align64(s) struct __declspec(align(64)) s { ++# define __lzo_struct_align64_end() }; ++#elif (LZO_CC_ARMCC || LZO_CC_CLANG || LZO_CC_GNUC || (LZO_CC_IBMC >= 700) || LZO_CC_INTELC_GNUC || LZO_CC_LLVM || LZO_CC_PATHSCALE) ++# define __lzo_struct_align16(s) struct s { ++# define __lzo_struct_align16_end() } __attribute__((__aligned__(16))); ++# define __lzo_struct_align32(s) struct s { ++# define __lzo_struct_align32_end() } __attribute__((__aligned__(32))); ++# define __lzo_struct_align64(s) struct s { ++# define __lzo_struct_align64_end() } __attribute__((__aligned__(64))); ++#endif ++#endif ++#if !defined(__lzo_union_um) ++#if (LZO_CC_CLANG && (LZO_CC_CLANG < 0x020800ul)) && defined(__cplusplus) ++#elif (LZO_CC_GNUC && (LZO_CC_GNUC < 0x020700ul)) ++#elif (LZO_CC_GNUC && (LZO_CC_GNUC < 0x020800ul)) && defined(__cplusplus) ++#elif (LZO_CC_INTELC_GNUC && (__INTEL_COMPILER < 810)) ++#elif (LZO_CC_PCC && (LZO_CC_PCC < 0x010100ul)) ++#elif (LZO_CC_SUNPROC && (LZO_CC_SUNPROC < 0x5110)) && !defined(__cplusplus) ++#elif (LZO_CC_ARMCC || LZO_CC_CLANG || LZO_CC_GNUC || LZO_CC_INTELC_GNUC || LZO_CC_LLVM || LZO_CC_PATHSCALE || (LZO_CC_PGI >= 0x0d0a00ul) || (LZO_CC_SUNPROC >= 0x5100)) ++# define __lzo_union_am(s) union s { ++# define __lzo_union_am_end() } __lzo_may_alias; ++# define __lzo_union_um(s) union s { ++# define __lzo_union_um_end() } __lzo_may_alias __attribute__((__packed__)); ++#elif (LZO_CC_IBMC >= 700) ++# define __lzo_union_am(s) __lzo_gnuc_extension__ union s { ++# define __lzo_union_am_end() } __lzo_may_alias; ++# define __lzo_union_um(s) __lzo_gnuc_extension__ union s { ++# define __lzo_union_um_end() } __lzo_may_alias __attribute__((__packed__)); ++#elif (LZO_CC_INTELC_MSC) || (LZO_CC_MSC && (_MSC_VER >= 1300)) ++# define __lzo_union_um(s) __pragma(pack(push,1)) union s { ++# define __lzo_union_um_end() } __pragma(pack(pop)); ++#elif (LZO_CC_WATCOMC && (__WATCOMC__ >= 900)) ++# define __lzo_union_um(s) _Packed union s { ++# define __lzo_union_um_end() }; ++#endif ++#endif ++#if !defined(__lzo_union_am) ++# define __lzo_union_am(s) union s { ++# define __lzo_union_am_end() }; ++#endif ++#if !defined(__lzo_constructor) ++#if (LZO_CC_GNUC >= 0x030400ul) ++# define __lzo_constructor __attribute__((__constructor__,__used__)) ++#elif (LZO_CC_GNUC >= 0x020700ul) ++# define __lzo_constructor __attribute__((__constructor__)) ++#elif (LZO_CC_INTELC_GNUC && (__INTEL_COMPILER >= 800)) ++# define __lzo_constructor __attribute__((__constructor__,__used__)) ++#elif (LZO_CC_ARMCC_GNUC || LZO_CC_CLANG || LZO_CC_LLVM || LZO_CC_PATHSCALE) ++# define __lzo_constructor __attribute__((__constructor__)) ++#endif ++#endif ++#if defined(__lzo_constructor) ++# ifndef __lzo_HAVE_constructor ++# define __lzo_HAVE_constructor 1 ++# endif ++#endif ++#if !defined(__lzo_destructor) ++#if (LZO_CC_GNUC >= 0x030400ul) ++# define __lzo_destructor __attribute__((__destructor__,__used__)) ++#elif (LZO_CC_GNUC >= 0x020700ul) ++# define __lzo_destructor __attribute__((__destructor__)) ++#elif (LZO_CC_INTELC_GNUC && (__INTEL_COMPILER >= 800)) ++# define __lzo_destructor __attribute__((__destructor__,__used__)) ++#elif (LZO_CC_ARMCC_GNUC || LZO_CC_CLANG || LZO_CC_LLVM || LZO_CC_PATHSCALE) ++# define __lzo_destructor __attribute__((__destructor__)) ++#endif ++#endif ++#if defined(__lzo_destructor) ++# ifndef __lzo_HAVE_destructor ++# define __lzo_HAVE_destructor 1 ++# endif ++#endif ++#if (__lzo_HAVE_destructor) && !(__lzo_HAVE_constructor) ++# error "unexpected configuration - check your compiler defines" ++#endif ++#if !defined(__lzo_likely) && !defined(__lzo_unlikely) ++#if (LZO_CC_GNUC >= 0x030200ul) ++# define __lzo_likely(e) (__builtin_expect(!!(e),1)) ++# define __lzo_unlikely(e) (__builtin_expect(!!(e),0)) ++#elif (LZO_CC_IBMC >= 1010) ++# define __lzo_likely(e) (__builtin_expect(!!(e),1)) ++# define __lzo_unlikely(e) (__builtin_expect(!!(e),0)) ++#elif (LZO_CC_INTELC && (__INTEL_COMPILER >= 800)) ++# define __lzo_likely(e) (__builtin_expect(!!(e),1)) ++# define __lzo_unlikely(e) (__builtin_expect(!!(e),0)) ++#elif (LZO_CC_ARMCC_GNUC || LZO_CC_CLANG || LZO_CC_LLVM || LZO_CC_PATHSCALE) ++# define __lzo_likely(e) (__builtin_expect(!!(e),1)) ++# define __lzo_unlikely(e) (__builtin_expect(!!(e),0)) ++#endif ++#endif ++#if defined(__lzo_likely) ++# ifndef __lzo_HAVE_likely ++# define __lzo_HAVE_likely 1 ++# endif ++#else ++# define __lzo_likely(e) (e) ++#endif ++#if defined(__lzo_unlikely) ++# ifndef __lzo_HAVE_unlikely ++# define __lzo_HAVE_unlikely 1 ++# endif ++#else ++# define __lzo_unlikely(e) (e) ++#endif ++#if !defined(__lzo_static_unused_void_func) ++# if 1 && (LZO_CC_ARMCC_GNUC || LZO_CC_CLANG || (LZO_CC_GNUC >= 0x020700ul) || LZO_CC_INTELC_GNUC || LZO_CC_LLVM || LZO_CC_PATHSCALE || LZO_CC_PGI) ++# define __lzo_static_unused_void_func(f) static void __attribute__((__unused__)) f(void) ++# else ++# define __lzo_static_unused_void_func(f) static __lzo_inline void f(void) ++# endif ++#endif ++#if !defined(__lzo_loop_forever) ++# if (LZO_CC_IBMC) ++# define __lzo_loop_forever() LZO_BLOCK_BEGIN for (;;) { ; } LZO_BLOCK_END ++# else ++# define __lzo_loop_forever() do { ; } while __lzo_cte(1) ++# endif ++#endif ++#if !defined(__lzo_unreachable) ++#if (LZO_CC_CLANG && (LZO_CC_CLANG >= 0x020800ul)) ++# define __lzo_unreachable() __builtin_unreachable(); ++#elif (LZO_CC_GNUC >= 0x040500ul) ++# define __lzo_unreachable() __builtin_unreachable(); ++#elif (LZO_CC_INTELC_GNUC && (__INTEL_COMPILER >= 1300)) && 1 ++# define __lzo_unreachable() __builtin_unreachable(); ++#endif ++#endif ++#if defined(__lzo_unreachable) ++# ifndef __lzo_HAVE_unreachable ++# define __lzo_HAVE_unreachable 1 ++# endif ++#else ++# if 0 ++# define __lzo_unreachable() ((void)0); ++# else ++# define __lzo_unreachable() __lzo_loop_forever(); ++# endif ++#endif ++#ifndef __LZO_CTA_NAME ++#if (LZO_CFG_USE_COUNTER) ++# define __LZO_CTA_NAME(a) LZO_PP_ECONCAT2(a,__COUNTER__) ++#else ++# define __LZO_CTA_NAME(a) LZO_PP_ECONCAT2(a,__LINE__) ++#endif ++#endif ++#if !defined(LZO_COMPILE_TIME_ASSERT_HEADER) ++# if (LZO_CC_AZTECC || LZO_CC_ZORTECHC) ++# define LZO_COMPILE_TIME_ASSERT_HEADER(e) LZO_EXTERN_C_BEGIN extern int __LZO_CTA_NAME(lzo_cta__)[1-!(e)]; LZO_EXTERN_C_END ++# elif (LZO_CC_DMC || LZO_CC_SYMANTECC) ++# define LZO_COMPILE_TIME_ASSERT_HEADER(e) LZO_EXTERN_C_BEGIN extern int __LZO_CTA_NAME(lzo_cta__)[1u-2*!(e)]; LZO_EXTERN_C_END ++# elif (LZO_CC_TURBOC && (__TURBOC__ == 0x0295)) ++# define LZO_COMPILE_TIME_ASSERT_HEADER(e) LZO_EXTERN_C_BEGIN extern int __LZO_CTA_NAME(lzo_cta__)[1-!(e)]; LZO_EXTERN_C_END ++# elif (LZO_CC_CLANG && (LZO_CC_CLANG < 0x020900ul)) && defined(__cplusplus) ++# define LZO_COMPILE_TIME_ASSERT_HEADER(e) LZO_EXTERN_C_BEGIN int __LZO_CTA_NAME(lzo_cta_f__)(int [1-2*!(e)]); LZO_EXTERN_C_END ++# elif (LZO_CC_GNUC) && defined(__CHECKER__) && defined(__SPARSE_CHECKER__) ++# define LZO_COMPILE_TIME_ASSERT_HEADER(e) LZO_EXTERN_C_BEGIN enum {__LZO_CTA_NAME(lzo_cta_e__)=1/!!(e)} __attribute__((__unused__)); LZO_EXTERN_C_END ++# else ++# define LZO_COMPILE_TIME_ASSERT_HEADER(e) LZO_EXTERN_C_BEGIN extern int __LZO_CTA_NAME(lzo_cta__)[1-2*!(e)]; LZO_EXTERN_C_END ++# endif ++#endif ++#if !defined(LZO_COMPILE_TIME_ASSERT) ++# if (LZO_CC_AZTECC) ++# define LZO_COMPILE_TIME_ASSERT(e) {typedef int __LZO_CTA_NAME(lzo_cta_t__)[1-!(e)];} ++# elif (LZO_CC_DMC || LZO_CC_PACIFICC || LZO_CC_SYMANTECC || LZO_CC_ZORTECHC) ++# define LZO_COMPILE_TIME_ASSERT(e) switch(0) case 1:case !(e):break; ++# elif (LZO_CC_GNUC) && defined(__CHECKER__) && defined(__SPARSE_CHECKER__) ++# define LZO_COMPILE_TIME_ASSERT(e) {(void) (0/!!(e));} ++# elif (LZO_CC_GNUC >= 0x040700ul) && (LZO_CFG_USE_COUNTER) && defined(__cplusplus) ++# define LZO_COMPILE_TIME_ASSERT(e) {enum {__LZO_CTA_NAME(lzo_cta_e__)=1/!!(e)} __attribute__((__unused__));} ++# elif (LZO_CC_GNUC >= 0x040700ul) ++# define LZO_COMPILE_TIME_ASSERT(e) {typedef int __LZO_CTA_NAME(lzo_cta_t__)[1-2*!(e)] __attribute__((__unused__));} ++# elif (LZO_CC_MSC && (_MSC_VER < 900)) ++# define LZO_COMPILE_TIME_ASSERT(e) switch(0) case 1:case !(e):break; ++# elif (LZO_CC_TURBOC && (__TURBOC__ == 0x0295)) ++# define LZO_COMPILE_TIME_ASSERT(e) switch(0) case 1:case !(e):break; ++# else ++# define LZO_COMPILE_TIME_ASSERT(e) {typedef int __LZO_CTA_NAME(lzo_cta_t__)[1-2*!(e)];} ++# endif ++#endif ++LZO_COMPILE_TIME_ASSERT_HEADER(1 == 1) ++#if defined(__cplusplus) ++extern "C" { LZO_COMPILE_TIME_ASSERT_HEADER(2 == 2) } ++#endif ++LZO_COMPILE_TIME_ASSERT_HEADER(3 == 3) ++#if (LZO_ARCH_I086 || LZO_ARCH_I386) && (LZO_OS_DOS16 || LZO_OS_DOS32 || LZO_OS_OS2 || LZO_OS_OS216 || LZO_OS_WIN16 || LZO_OS_WIN32 || LZO_OS_WIN64) ++# if (LZO_CC_GNUC || LZO_CC_HIGHC || LZO_CC_NDPC || LZO_CC_PACIFICC) ++# elif (LZO_CC_DMC || LZO_CC_SYMANTECC || LZO_CC_ZORTECHC) ++# define __lzo_cdecl __cdecl ++# define __lzo_cdecl_atexit /*empty*/ ++# define __lzo_cdecl_main __cdecl ++# if (LZO_OS_OS2 && (LZO_CC_DMC || LZO_CC_SYMANTECC)) ++# define __lzo_cdecl_qsort __pascal ++# elif (LZO_OS_OS2 && (LZO_CC_ZORTECHC)) ++# define __lzo_cdecl_qsort _stdcall ++# else ++# define __lzo_cdecl_qsort __cdecl ++# endif ++# elif (LZO_CC_WATCOMC) ++# define __lzo_cdecl __cdecl ++# else ++# define __lzo_cdecl __cdecl ++# define __lzo_cdecl_atexit __cdecl ++# define __lzo_cdecl_main __cdecl ++# define __lzo_cdecl_qsort __cdecl ++# endif ++# if (LZO_CC_GNUC || LZO_CC_HIGHC || LZO_CC_NDPC || LZO_CC_PACIFICC || LZO_CC_WATCOMC) ++# elif (LZO_OS_OS2 && (LZO_CC_DMC || LZO_CC_SYMANTECC)) ++# define __lzo_cdecl_sighandler __pascal ++# elif (LZO_OS_OS2 && (LZO_CC_ZORTECHC)) ++# define __lzo_cdecl_sighandler _stdcall ++# elif (LZO_CC_MSC && (_MSC_VER >= 1400)) && defined(_M_CEE_PURE) ++# define __lzo_cdecl_sighandler __clrcall ++# elif (LZO_CC_MSC && (_MSC_VER >= 600 && _MSC_VER < 700)) ++# if defined(_DLL) ++# define __lzo_cdecl_sighandler _far _cdecl _loadds ++# elif defined(_MT) ++# define __lzo_cdecl_sighandler _far _cdecl ++# else ++# define __lzo_cdecl_sighandler _cdecl ++# endif ++# else ++# define __lzo_cdecl_sighandler __cdecl ++# endif ++#elif (LZO_ARCH_I386) && (LZO_CC_WATCOMC) ++# define __lzo_cdecl __cdecl ++#elif (LZO_ARCH_M68K && LZO_OS_TOS && (LZO_CC_PUREC || LZO_CC_TURBOC)) ++# define __lzo_cdecl cdecl ++#endif ++#if !defined(__lzo_cdecl) ++# define __lzo_cdecl /*empty*/ ++#endif ++#if !defined(__lzo_cdecl_atexit) ++# define __lzo_cdecl_atexit /*empty*/ ++#endif ++#if !defined(__lzo_cdecl_main) ++# define __lzo_cdecl_main /*empty*/ ++#endif ++#if !defined(__lzo_cdecl_qsort) ++# define __lzo_cdecl_qsort /*empty*/ ++#endif ++#if !defined(__lzo_cdecl_sighandler) ++# define __lzo_cdecl_sighandler /*empty*/ ++#endif ++#if !defined(__lzo_cdecl_va) ++# define __lzo_cdecl_va __lzo_cdecl ++#endif ++#if !(LZO_CFG_NO_WINDOWS_H) ++#if !defined(LZO_HAVE_WINDOWS_H) ++#if (LZO_OS_CYGWIN || (LZO_OS_EMX && defined(__RSXNT__)) || LZO_OS_WIN32 || LZO_OS_WIN64) ++# if (LZO_CC_WATCOMC && (__WATCOMC__ < 1000)) ++# elif (LZO_OS_WIN32 && LZO_CC_GNUC) && defined(__PW32__) ++# elif ((LZO_OS_CYGWIN || defined(__MINGW32__)) && (LZO_CC_GNUC && (LZO_CC_GNUC < 0x025f00ul))) ++# else ++# define LZO_HAVE_WINDOWS_H 1 ++# endif ++#endif ++#endif ++#endif ++#ifndef LZO_SIZEOF_SHORT + #if defined(SIZEOF_SHORT) + # define LZO_SIZEOF_SHORT (SIZEOF_SHORT) ++#elif defined(__SIZEOF_SHORT__) ++# define LZO_SIZEOF_SHORT (__SIZEOF_SHORT__) + #endif ++#endif ++#ifndef LZO_SIZEOF_INT + #if defined(SIZEOF_INT) + # define LZO_SIZEOF_INT (SIZEOF_INT) ++#elif defined(__SIZEOF_INT__) ++# define LZO_SIZEOF_INT (__SIZEOF_INT__) + #endif ++#endif ++#ifndef LZO_SIZEOF_LONG + #if defined(SIZEOF_LONG) + # define LZO_SIZEOF_LONG (SIZEOF_LONG) ++#elif defined(__SIZEOF_LONG__) ++# define LZO_SIZEOF_LONG (__SIZEOF_LONG__) + #endif ++#endif ++#ifndef LZO_SIZEOF_LONG_LONG + #if defined(SIZEOF_LONG_LONG) + # define LZO_SIZEOF_LONG_LONG (SIZEOF_LONG_LONG) ++#elif defined(__SIZEOF_LONG_LONG__) ++# define LZO_SIZEOF_LONG_LONG (__SIZEOF_LONG_LONG__) + #endif ++#endif ++#ifndef LZO_SIZEOF___INT16 + #if defined(SIZEOF___INT16) + # define LZO_SIZEOF___INT16 (SIZEOF___INT16) + #endif ++#endif ++#ifndef LZO_SIZEOF___INT32 + #if defined(SIZEOF___INT32) + # define LZO_SIZEOF___INT32 (SIZEOF___INT32) + #endif ++#endif ++#ifndef LZO_SIZEOF___INT64 + #if defined(SIZEOF___INT64) + # define LZO_SIZEOF___INT64 (SIZEOF___INT64) + #endif ++#endif ++#ifndef LZO_SIZEOF_VOID_P + #if defined(SIZEOF_VOID_P) + # define LZO_SIZEOF_VOID_P (SIZEOF_VOID_P) ++#elif defined(__SIZEOF_POINTER__) ++# define LZO_SIZEOF_VOID_P (__SIZEOF_POINTER__) + #endif ++#endif ++#ifndef LZO_SIZEOF_SIZE_T + #if defined(SIZEOF_SIZE_T) + # define LZO_SIZEOF_SIZE_T (SIZEOF_SIZE_T) ++#elif defined(__SIZEOF_SIZE_T__) ++# define LZO_SIZEOF_SIZE_T (__SIZEOF_SIZE_T__) + #endif ++#endif ++#ifndef LZO_SIZEOF_PTRDIFF_T + #if defined(SIZEOF_PTRDIFF_T) + # define LZO_SIZEOF_PTRDIFF_T (SIZEOF_PTRDIFF_T) ++#elif defined(__SIZEOF_PTRDIFF_T__) ++# define LZO_SIZEOF_PTRDIFF_T (__SIZEOF_PTRDIFF_T__) ++#endif + #endif + #define __LZO_LSR(x,b) (((x)+0ul) >> (b)) + #if !defined(LZO_SIZEOF_SHORT) +@@ -1060,6 +2040,7 @@ extern "C" { + # error "LZO_SIZEOF_SHORT" + # endif + #endif ++LZO_COMPILE_TIME_ASSERT_HEADER(LZO_SIZEOF_SHORT == sizeof(short)) + #if !defined(LZO_SIZEOF_INT) + # if (LZO_ARCH_CRAY_PVP) + # define LZO_SIZEOF_INT 8 +@@ -1081,6 +2062,7 @@ extern "C" { + # error "LZO_SIZEOF_INT" + # endif + #endif ++LZO_COMPILE_TIME_ASSERT_HEADER(LZO_SIZEOF_INT == sizeof(int)) + #if !defined(LZO_SIZEOF_LONG) + # if (ULONG_MAX == LZO_0xffffffffL) + # define LZO_SIZEOF_LONG 4 +@@ -1090,6 +2072,8 @@ extern "C" { + # define LZO_SIZEOF_LONG 2 + # elif (__LZO_LSR(ULONG_MAX,31) == 1) + # define LZO_SIZEOF_LONG 4 ++# elif (__LZO_LSR(ULONG_MAX,39) == 1) ++# define LZO_SIZEOF_LONG 5 + # elif (__LZO_LSR(ULONG_MAX,63) == 1) + # define LZO_SIZEOF_LONG 8 + # elif (__LZO_LSR(ULONG_MAX,127) == 1) +@@ -1098,11 +2082,12 @@ extern "C" { + # error "LZO_SIZEOF_LONG" + # endif + #endif ++LZO_COMPILE_TIME_ASSERT_HEADER(LZO_SIZEOF_LONG == sizeof(long)) + #if !defined(LZO_SIZEOF_LONG_LONG) && !defined(LZO_SIZEOF___INT64) + #if (LZO_SIZEOF_LONG > 0 && LZO_SIZEOF_LONG < 8) + # if defined(__LONG_MAX__) && defined(__LONG_LONG_MAX__) + # if (LZO_CC_GNUC >= 0x030300ul) +-# if ((__LONG_MAX__)+0 == (__LONG_LONG_MAX__)+0) ++# if ((__LONG_MAX__-0) == (__LONG_LONG_MAX__-0)) + # define LZO_SIZEOF_LONG_LONG LZO_SIZEOF_LONG + # elif (__LZO_LSR(__LONG_LONG_MAX__,30) == 1) + # define LZO_SIZEOF_LONG_LONG 4 +@@ -1116,7 +2101,7 @@ extern "C" { + #if (LZO_ARCH_I086 && LZO_CC_DMC) + #elif (LZO_CC_CILLY) && defined(__GNUC__) + # define LZO_SIZEOF_LONG_LONG 8 +-#elif (LZO_CC_CLANG || LZO_CC_GNUC || LZO_CC_LLVM || LZO_CC_PATHSCALE) ++#elif (LZO_CC_ARMCC_GNUC || LZO_CC_CLANG || LZO_CC_GNUC || LZO_CC_LLVM || LZO_CC_PATHSCALE) + # define LZO_SIZEOF_LONG_LONG 8 + #elif ((LZO_OS_WIN32 || LZO_OS_WIN64 || defined(_WIN32)) && LZO_CC_MSC && (_MSC_VER >= 1400)) + # define LZO_SIZEOF_LONG_LONG 8 +@@ -1138,11 +2123,13 @@ extern "C" { + # define LZO_SIZEOF___INT64 8 + #elif (LZO_ARCH_I386 && (LZO_CC_WATCOMC && (__WATCOMC__ >= 1100))) + # define LZO_SIZEOF___INT64 8 +-#elif (LZO_CC_WATCOMC && defined(_INTEGRAL_MAX_BITS) && (_INTEGRAL_MAX_BITS == 64)) ++#elif (LZO_CC_GHS && defined(__LLONG_BIT) && ((__LLONG_BIT-0) == 64)) ++# define LZO_SIZEOF_LONG_LONG 8 ++#elif (LZO_CC_WATCOMC && defined(_INTEGRAL_MAX_BITS) && ((_INTEGRAL_MAX_BITS-0) == 64)) + # define LZO_SIZEOF___INT64 8 + #elif (LZO_OS_OS400 || defined(__OS400__)) && defined(__LLP64_IFC__) + # define LZO_SIZEOF_LONG_LONG 8 +-#elif (defined(__vms) || defined(__VMS)) && (__INITIAL_POINTER_SIZE+0 == 64) ++#elif (defined(__vms) || defined(__VMS)) && ((__INITIAL_POINTER_SIZE-0) == 64) + # define LZO_SIZEOF_LONG_LONG 8 + #elif (LZO_CC_SDCC) && (LZO_SIZEOF_INT == 2) + #elif 1 && defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) +@@ -1155,87 +2142,127 @@ extern "C" { + # undef LZO_SIZEOF_LONG_LONG + # endif + #endif +-#if (LZO_CFG_NO_LONG_LONG) || defined(__NO_LONG_LONG) ++#if (LZO_CFG_NO_LONG_LONG) ++# undef LZO_SIZEOF_LONG_LONG ++#elif defined(__NO_LONG_LONG) ++# undef LZO_SIZEOF_LONG_LONG ++#elif defined(_NO_LONGLONG) + # undef LZO_SIZEOF_LONG_LONG + #endif +-#if !defined(LZO_SIZEOF_VOID_P) +-#if (LZO_ARCH_I086) +-# define __LZO_WORDSIZE 2 +-# if (LZO_MM_TINY || LZO_MM_SMALL || LZO_MM_MEDIUM) +-# define LZO_SIZEOF_VOID_P 2 +-# elif (LZO_MM_COMPACT || LZO_MM_LARGE || LZO_MM_HUGE) +-# define LZO_SIZEOF_VOID_P 4 ++#if !defined(LZO_WORDSIZE) ++#if (LZO_ARCH_ALPHA) ++# define LZO_WORDSIZE 8 ++#elif (LZO_ARCH_AMD64) ++# define LZO_WORDSIZE 8 ++#elif (LZO_ARCH_AVR) ++# define LZO_WORDSIZE 1 ++#elif (LZO_ARCH_H8300) ++# if defined(__NORMAL_MODE__) ++# define LZO_WORDSIZE 4 ++# elif defined(__H8300H__) || defined(__H8300S__) || defined(__H8300SX__) ++# define LZO_WORDSIZE 4 + # else +-# error "LZO_MM" ++# define LZO_WORDSIZE 2 + # endif +-#elif (LZO_ARCH_AVR || LZO_ARCH_Z80) +-# define __LZO_WORDSIZE 1 ++#elif (LZO_ARCH_I086) ++# define LZO_WORDSIZE 2 ++#elif (LZO_ARCH_IA64) ++# define LZO_WORDSIZE 8 ++#elif (LZO_ARCH_M16C) ++# define LZO_WORDSIZE 2 ++#elif (LZO_ARCH_SPU) ++# define LZO_WORDSIZE 4 ++#elif (LZO_ARCH_Z80) ++# define LZO_WORDSIZE 1 ++#elif (LZO_SIZEOF_LONG == 8) && ((defined(__mips__) && defined(__R5900__)) || defined(__MIPS_PSX2__)) ++# define LZO_WORDSIZE 8 ++#elif (LZO_OS_OS400 || defined(__OS400__)) ++# define LZO_WORDSIZE 8 ++#elif (defined(__vms) || defined(__VMS)) && (__INITIAL_POINTER_SIZE+0 == 64) ++# define LZO_WORDSIZE 8 ++#endif ++#endif ++#if !defined(LZO_SIZEOF_VOID_P) ++#if defined(__ILP32__) || defined(__ILP32) || defined(_ILP32) ++LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(int) == 4) ++LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(long) == 4) ++# define LZO_SIZEOF_VOID_P 4 ++#elif defined(__ILP64__) || defined(__ILP64) || defined(_ILP64) ++LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(int) == 8) ++LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(long) == 8) ++# define LZO_SIZEOF_VOID_P 8 ++#elif defined(__LLP64__) || defined(__LLP64) || defined(_LLP64) || defined(_WIN64) ++LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(long) == 4) ++# define LZO_SIZEOF_VOID_P 8 ++#elif defined(__LP64__) || defined(__LP64) || defined(_LP64) ++LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(long) == 8) ++# define LZO_SIZEOF_VOID_P 8 ++#elif (LZO_ARCH_AVR) + # define LZO_SIZEOF_VOID_P 2 + #elif (LZO_ARCH_C166 || LZO_ARCH_MCS51 || LZO_ARCH_MCS251 || LZO_ARCH_MSP430) + # define LZO_SIZEOF_VOID_P 2 + #elif (LZO_ARCH_H8300) + # if defined(__NORMAL_MODE__) +-# define __LZO_WORDSIZE 4 + # define LZO_SIZEOF_VOID_P 2 + # elif defined(__H8300H__) || defined(__H8300S__) || defined(__H8300SX__) +-# define __LZO_WORDSIZE 4 + # define LZO_SIZEOF_VOID_P 4 + # else +-# define __LZO_WORDSIZE 2 + # define LZO_SIZEOF_VOID_P 2 + # endif + # if (LZO_CC_GNUC && (LZO_CC_GNUC < 0x040000ul)) && (LZO_SIZEOF_INT == 4) + # define LZO_SIZEOF_SIZE_T LZO_SIZEOF_INT + # define LZO_SIZEOF_PTRDIFF_T LZO_SIZEOF_INT + # endif ++#elif (LZO_ARCH_I086) ++# if (LZO_MM_TINY || LZO_MM_SMALL || LZO_MM_MEDIUM) ++# define LZO_SIZEOF_VOID_P 2 ++# elif (LZO_MM_COMPACT || LZO_MM_LARGE || LZO_MM_HUGE) ++# define LZO_SIZEOF_VOID_P 4 ++# else ++# error "invalid LZO_ARCH_I086 memory model" ++# endif + #elif (LZO_ARCH_M16C) +-# define __LZO_WORDSIZE 2 + # if defined(__m32c_cpu__) || defined(__m32cm_cpu__) + # define LZO_SIZEOF_VOID_P 4 + # else + # define LZO_SIZEOF_VOID_P 2 + # endif ++#elif (LZO_ARCH_SPU) ++# define LZO_SIZEOF_VOID_P 4 ++#elif (LZO_ARCH_Z80) ++# define LZO_SIZEOF_VOID_P 2 + #elif (LZO_SIZEOF_LONG == 8) && ((defined(__mips__) && defined(__R5900__)) || defined(__MIPS_PSX2__)) +-# define __LZO_WORDSIZE 8 + # define LZO_SIZEOF_VOID_P 4 +-#elif defined(__LLP64__) || defined(__LLP64) || defined(_LLP64) || defined(_WIN64) +-# define __LZO_WORDSIZE 8 +-# define LZO_SIZEOF_VOID_P 8 +-#elif (LZO_OS_OS400 || defined(__OS400__)) && defined(__LLP64_IFC__) +-# define LZO_SIZEOF_VOID_P LZO_SIZEOF_LONG +-# define LZO_SIZEOF_SIZE_T LZO_SIZEOF_LONG +-# define LZO_SIZEOF_PTRDIFF_T LZO_SIZEOF_LONG + #elif (LZO_OS_OS400 || defined(__OS400__)) +-# define __LZO_WORDSIZE LZO_SIZEOF_LONG +-# define LZO_SIZEOF_VOID_P 16 +-# define LZO_SIZEOF_SIZE_T LZO_SIZEOF_LONG +-# define LZO_SIZEOF_PTRDIFF_T LZO_SIZEOF_LONG +-#elif (defined(__vms) || defined(__VMS)) && (__INITIAL_POINTER_SIZE+0 == 64) +-# define LZO_SIZEOF_VOID_P 8 +-# define LZO_SIZEOF_SIZE_T LZO_SIZEOF_LONG +-# define LZO_SIZEOF_PTRDIFF_T LZO_SIZEOF_LONG +-#elif (LZO_ARCH_SPU) +-# if 0 +-# define __LZO_WORDSIZE 16 +-# endif +-# define LZO_SIZEOF_VOID_P 4 +-#else +-# define LZO_SIZEOF_VOID_P LZO_SIZEOF_LONG +-#endif +-#endif +-#if !defined(LZO_WORDSIZE) +-# if defined(__LZO_WORDSIZE) +-# define LZO_WORDSIZE __LZO_WORDSIZE ++# if defined(__LLP64_IFC__) ++# define LZO_SIZEOF_VOID_P 8 ++# define LZO_SIZEOF_SIZE_T LZO_SIZEOF_LONG ++# define LZO_SIZEOF_PTRDIFF_T LZO_SIZEOF_LONG + # else +-# define LZO_WORDSIZE LZO_SIZEOF_VOID_P ++# define LZO_SIZEOF_VOID_P 16 ++# define LZO_SIZEOF_SIZE_T LZO_SIZEOF_LONG ++# define LZO_SIZEOF_PTRDIFF_T LZO_SIZEOF_LONG + # endif ++#elif (defined(__vms) || defined(__VMS)) && (__INITIAL_POINTER_SIZE+0 == 64) ++# define LZO_SIZEOF_VOID_P 8 ++# define LZO_SIZEOF_SIZE_T LZO_SIZEOF_LONG ++# define LZO_SIZEOF_PTRDIFF_T LZO_SIZEOF_LONG + #endif ++#endif ++#if !defined(LZO_SIZEOF_VOID_P) ++# define LZO_SIZEOF_VOID_P LZO_SIZEOF_LONG ++#endif ++LZO_COMPILE_TIME_ASSERT_HEADER(LZO_SIZEOF_VOID_P == sizeof(void *)) + #if !defined(LZO_SIZEOF_SIZE_T) + #if (LZO_ARCH_I086 || LZO_ARCH_M16C) + # define LZO_SIZEOF_SIZE_T 2 +-#else ++#endif ++#endif ++#if !defined(LZO_SIZEOF_SIZE_T) + # define LZO_SIZEOF_SIZE_T LZO_SIZEOF_VOID_P + #endif ++#if defined(offsetof) ++LZO_COMPILE_TIME_ASSERT_HEADER(LZO_SIZEOF_SIZE_T == sizeof(size_t)) + #endif + #if !defined(LZO_SIZEOF_PTRDIFF_T) + #if (LZO_ARCH_I086) +@@ -1248,11 +2275,18 @@ extern "C" { + # define LZO_SIZEOF_PTRDIFF_T 2 + # endif + # else +-# error "LZO_MM" ++# error "invalid LZO_ARCH_I086 memory model" + # endif +-#else ++#endif ++#endif ++#if !defined(LZO_SIZEOF_PTRDIFF_T) + # define LZO_SIZEOF_PTRDIFF_T LZO_SIZEOF_SIZE_T + #endif ++#if defined(offsetof) ++LZO_COMPILE_TIME_ASSERT_HEADER(LZO_SIZEOF_PTRDIFF_T == sizeof(ptrdiff_t)) ++#endif ++#if !defined(LZO_WORDSIZE) ++# define LZO_WORDSIZE LZO_SIZEOF_VOID_P + #endif + #if (LZO_ABI_NEUTRAL_ENDIAN) + # undef LZO_ABI_BIG_ENDIAN +@@ -1264,7 +2298,7 @@ extern "C" { + # define LZO_ABI_LITTLE_ENDIAN 1 + #elif (LZO_ARCH_ALPHA || LZO_ARCH_AMD64 || LZO_ARCH_BLACKFIN || LZO_ARCH_CRIS || LZO_ARCH_I086 || LZO_ARCH_I386 || LZO_ARCH_MSP430) + # define LZO_ABI_LITTLE_ENDIAN 1 +-#elif (LZO_ARCH_AVR32 || LZO_ARCH_M68K || LZO_ARCH_S390) ++#elif (LZO_ARCH_AVR32 || LZO_ARCH_M68K || LZO_ARCH_S390 || LZO_ARCH_SPU) + # define LZO_ABI_BIG_ENDIAN 1 + #elif 1 && defined(__IAR_SYSTEMS_ICC__) && defined(__LITTLE_ENDIAN__) + # if (__LITTLE_ENDIAN__ == 1) +@@ -1280,6 +2314,19 @@ extern "C" { + # define LZO_ABI_BIG_ENDIAN 1 + #elif 1 && (LZO_ARCH_ARM) && defined(__ARMEL__) && !defined(__ARMEB__) + # define LZO_ABI_LITTLE_ENDIAN 1 ++#elif 1 && (LZO_ARCH_ARM && LZO_CC_ARMCC_ARMCC) ++# if defined(__BIG_ENDIAN) && defined(__LITTLE_ENDIAN) ++# error "unexpected configuration - check your compiler defines" ++# elif defined(__BIG_ENDIAN) ++# define LZO_ABI_BIG_ENDIAN 1 ++# else ++# define LZO_ABI_LITTLE_ENDIAN 1 ++# endif ++# define LZO_ABI_LITTLE_ENDIAN 1 ++#elif 1 && (LZO_ARCH_ARM64) && defined(__AARCH64EB__) && !defined(__AARCH64EL__) ++# define LZO_ABI_BIG_ENDIAN 1 ++#elif 1 && (LZO_ARCH_ARM64) && defined(__AARCH64EL__) && !defined(__AARCH64EB__) ++# define LZO_ABI_LITTLE_ENDIAN 1 + #elif 1 && (LZO_ARCH_MIPS) && defined(__MIPSEB__) && !defined(__MIPSEL__) + # define LZO_ABI_BIG_ENDIAN 1 + #elif 1 && (LZO_ARCH_MIPS) && defined(__MIPSEL__) && !defined(__MIPSEB__) +@@ -1287,7 +2334,7 @@ extern "C" { + #endif + #endif + #if (LZO_ABI_BIG_ENDIAN) && (LZO_ABI_LITTLE_ENDIAN) +-# error "this should not happen" ++# error "unexpected configuration - check your compiler defines" + #endif + #if (LZO_ABI_BIG_ENDIAN) + # define LZO_INFO_ABI_ENDIAN "be" +@@ -1302,6 +2349,9 @@ extern "C" { + #elif (LZO_SIZEOF_INT == 2 && LZO_SIZEOF_LONG == 2 && LZO_SIZEOF_VOID_P == 2) + # define LZO_ABI_ILP16 1 + # define LZO_INFO_ABI_PM "ilp16" ++#elif (LZO_SIZEOF_INT == 2 && LZO_SIZEOF_LONG == 4 && LZO_SIZEOF_VOID_P == 4) ++# define LZO_ABI_LP32 1 ++# define LZO_INFO_ABI_PM "lp32" + #elif (LZO_SIZEOF_INT == 4 && LZO_SIZEOF_LONG == 4 && LZO_SIZEOF_VOID_P == 4) + # define LZO_ABI_ILP32 1 + # define LZO_INFO_ABI_PM "ilp32" +@@ -1318,7 +2368,8 @@ extern "C" { + # define LZO_ABI_IP32L64 1 + # define LZO_INFO_ABI_PM "ip32l64" + #endif +-#if !defined(__LZO_LIBC_OVERRIDE) ++#if 0 ++#elif !defined(__LZO_LIBC_OVERRIDE) + #if (LZO_LIBC_NAKED) + # define LZO_INFO_LIBC "naked" + #elif (LZO_LIBC_FREESTANDING) +@@ -1329,6 +2380,9 @@ extern "C" { + # define LZO_INFO_LIBC "isoc90" + #elif (LZO_LIBC_ISOC99) + # define LZO_INFO_LIBC "isoc99" ++#elif (LZO_CC_ARMCC_ARMCC) && defined(__ARMCLIB_VERSION) ++# define LZO_LIBC_ISOC90 1 ++# define LZO_INFO_LIBC "isoc90" + #elif defined(__dietlibc__) + # define LZO_LIBC_DIETLIBC 1 + # define LZO_INFO_LIBC "dietlibc" +@@ -1337,13 +2391,13 @@ extern "C" { + # define LZO_INFO_LIBC "newlib" + #elif defined(__UCLIBC__) && defined(__UCLIBC_MAJOR__) && defined(__UCLIBC_MINOR__) + # if defined(__UCLIBC_SUBLEVEL__) +-# define LZO_LIBC_UCLIBC (__UCLIBC_MAJOR__ * 0x10000L + __UCLIBC_MINOR__ * 0x100 + __UCLIBC_SUBLEVEL__) ++# define LZO_LIBC_UCLIBC (__UCLIBC_MAJOR__ * 0x10000L + (__UCLIBC_MINOR__-0) * 0x100 + (__UCLIBC_SUBLEVEL__-0)) + # else + # define LZO_LIBC_UCLIBC 0x00090bL + # endif +-# define LZO_INFO_LIBC "uclibc" ++# define LZO_INFO_LIBC "uc" "libc" + #elif defined(__GLIBC__) && defined(__GLIBC_MINOR__) +-# define LZO_LIBC_GLIBC (__GLIBC__ * 0x10000L + __GLIBC_MINOR__ * 0x100) ++# define LZO_LIBC_GLIBC (__GLIBC__ * 0x10000L + (__GLIBC_MINOR__-0) * 0x100) + # define LZO_INFO_LIBC "glibc" + #elif (LZO_CC_MWERKS) && defined(__MSL__) + # define LZO_LIBC_MSL __MSL__ +@@ -1356,423 +2410,159 @@ extern "C" { + # define LZO_INFO_LIBC "default" + #endif + #endif +-#if !defined(__lzo_gnuc_extension__) +-#if (LZO_CC_GNUC >= 0x020800ul) +-# define __lzo_gnuc_extension__ __extension__ +-#elif (LZO_CC_CLANG || LZO_CC_LLVM || LZO_CC_PATHSCALE) +-# define __lzo_gnuc_extension__ __extension__ +-#else +-# define __lzo_gnuc_extension__ /*empty*/ +-#endif +-#endif +-#if !defined(__lzo_ua_volatile) +-# define __lzo_ua_volatile volatile +-#endif +-#if !defined(__lzo_alignof) +-#if (LZO_CC_CILLY || LZO_CC_CLANG || LZO_CC_GNUC || LZO_CC_LLVM || LZO_CC_PATHSCALE || LZO_CC_PGI) +-# define __lzo_alignof(e) __alignof__(e) +-#elif (LZO_CC_INTELC && (__INTEL_COMPILER >= 700)) +-# define __lzo_alignof(e) __alignof__(e) +-#elif (LZO_CC_MSC && (_MSC_VER >= 1300)) +-# define __lzo_alignof(e) __alignof(e) +-#elif (LZO_CC_SUNPROC && (LZO_CC_SUNPROC >= 0x5100)) +-# define __lzo_alignof(e) __alignof__(e) +-#endif +-#endif +-#if defined(__lzo_alignof) +-# define __lzo_HAVE_alignof 1 +-#endif +-#if !defined(__lzo_constructor) +-#if (LZO_CC_GNUC >= 0x030400ul) +-# define __lzo_constructor __attribute__((__constructor__,__used__)) +-#elif (LZO_CC_GNUC >= 0x020700ul) +-# define __lzo_constructor __attribute__((__constructor__)) +-#elif (LZO_CC_CLANG || LZO_CC_LLVM || LZO_CC_PATHSCALE) +-# define __lzo_constructor __attribute__((__constructor__)) +-#endif +-#endif +-#if defined(__lzo_constructor) +-# define __lzo_HAVE_constructor 1 +-#endif +-#if !defined(__lzo_destructor) +-#if (LZO_CC_GNUC >= 0x030400ul) +-# define __lzo_destructor __attribute__((__destructor__,__used__)) +-#elif (LZO_CC_GNUC >= 0x020700ul) +-# define __lzo_destructor __attribute__((__destructor__)) +-#elif (LZO_CC_CLANG || LZO_CC_LLVM || LZO_CC_PATHSCALE) +-# define __lzo_destructor __attribute__((__destructor__)) +-#endif +-#endif +-#if defined(__lzo_destructor) +-# define __lzo_HAVE_destructor 1 +-#endif +-#if (__lzo_HAVE_destructor) && !(__lzo_HAVE_constructor) +-# error "this should not happen" +-#endif +-#if !defined(__lzo_inline) +-#if (LZO_CC_TURBOC && (__TURBOC__ <= 0x0295)) +-#elif defined(__cplusplus) +-# define __lzo_inline inline +-#elif (LZO_CC_BORLANDC && (__BORLANDC__ >= 0x0550)) +-# define __lzo_inline __inline +-#elif (LZO_CC_CILLY || LZO_CC_CLANG || LZO_CC_GNUC || LZO_CC_LLVM || LZO_CC_PATHSCALE || LZO_CC_PGI) +-# define __lzo_inline __inline__ +-#elif (LZO_CC_DMC) +-# define __lzo_inline __inline +-#elif (LZO_CC_INTELC) +-# define __lzo_inline __inline +-#elif (LZO_CC_MWERKS && (__MWERKS__ >= 0x2405)) +-# define __lzo_inline __inline +-#elif (LZO_CC_MSC && (_MSC_VER >= 900)) +-# define __lzo_inline __inline +-#elif (LZO_CC_SUNPROC && (LZO_CC_SUNPROC >= 0x5100)) +-# define __lzo_inline __inline__ +-#elif defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) +-# define __lzo_inline inline +-#endif +-#endif +-#if defined(__lzo_inline) +-# define __lzo_HAVE_inline 1 +-#else +-# define __lzo_inline /*empty*/ +-#endif +-#if !defined(__lzo_forceinline) +-#if (LZO_CC_GNUC >= 0x030200ul) +-# define __lzo_forceinline __inline__ __attribute__((__always_inline__)) +-#elif (LZO_CC_INTELC && (__INTEL_COMPILER >= 450) && LZO_CC_SYNTAX_MSC) +-# define __lzo_forceinline __forceinline +-#elif (LZO_CC_INTELC && (__INTEL_COMPILER >= 800) && LZO_CC_SYNTAX_GNUC) +-# define __lzo_forceinline __inline__ __attribute__((__always_inline__)) +-#elif (LZO_CC_CLANG || LZO_CC_LLVM || LZO_CC_PATHSCALE) +-# define __lzo_forceinline __inline__ __attribute__((__always_inline__)) +-#elif (LZO_CC_MSC && (_MSC_VER >= 1200)) +-# define __lzo_forceinline __forceinline +-#elif (LZO_CC_SUNPROC && (LZO_CC_SUNPROC >= 0x5100)) +-# define __lzo_forceinline __inline__ __attribute__((__always_inline__)) +-#endif +-#endif +-#if defined(__lzo_forceinline) +-# define __lzo_HAVE_forceinline 1 +-#else +-# define __lzo_forceinline /*empty*/ +-#endif +-#if !defined(__lzo_noinline) +-#if 1 && (LZO_ARCH_I386) && (LZO_CC_GNUC >= 0x040000ul) && (LZO_CC_GNUC < 0x040003ul) +-# define __lzo_noinline __attribute__((__noinline__,__used__)) +-#elif (LZO_CC_GNUC >= 0x030200ul) +-# define __lzo_noinline __attribute__((__noinline__)) +-#elif (LZO_CC_INTELC && (__INTEL_COMPILER >= 600) && LZO_CC_SYNTAX_MSC) +-# define __lzo_noinline __declspec(noinline) +-#elif (LZO_CC_INTELC && (__INTEL_COMPILER >= 800) && LZO_CC_SYNTAX_GNUC) +-# define __lzo_noinline __attribute__((__noinline__)) +-#elif (LZO_CC_CLANG || LZO_CC_LLVM || LZO_CC_PATHSCALE) +-# define __lzo_noinline __attribute__((__noinline__)) +-#elif (LZO_CC_MSC && (_MSC_VER >= 1300)) +-# define __lzo_noinline __declspec(noinline) +-#elif (LZO_CC_MWERKS && (__MWERKS__ >= 0x3200) && (LZO_OS_WIN32 || LZO_OS_WIN64)) +-# if defined(__cplusplus) +-# else +-# define __lzo_noinline __declspec(noinline) +-# endif +-#elif (LZO_CC_SUNPROC && (LZO_CC_SUNPROC >= 0x5100)) +-# define __lzo_noinline __attribute__((__noinline__)) +-#endif +-#endif +-#if defined(__lzo_noinline) +-# define __lzo_HAVE_noinline 1 +-#else +-# define __lzo_noinline /*empty*/ +-#endif +-#if (__lzo_HAVE_forceinline || __lzo_HAVE_noinline) && !(__lzo_HAVE_inline) +-# error "this should not happen" +-#endif +-#if !defined(__lzo_noreturn) +-#if (LZO_CC_GNUC >= 0x020700ul) +-# define __lzo_noreturn __attribute__((__noreturn__)) +-#elif (LZO_CC_INTELC && (__INTEL_COMPILER >= 450) && LZO_CC_SYNTAX_MSC) +-# define __lzo_noreturn __declspec(noreturn) +-#elif (LZO_CC_INTELC && (__INTEL_COMPILER >= 600) && LZO_CC_SYNTAX_GNUC) +-# define __lzo_noreturn __attribute__((__noreturn__)) +-#elif (LZO_CC_CLANG || LZO_CC_LLVM || LZO_CC_PATHSCALE) +-# define __lzo_noreturn __attribute__((__noreturn__)) +-#elif (LZO_CC_MSC && (_MSC_VER >= 1200)) +-# define __lzo_noreturn __declspec(noreturn) +-#endif +-#endif +-#if defined(__lzo_noreturn) +-# define __lzo_HAVE_noreturn 1 +-#else +-# define __lzo_noreturn /*empty*/ +-#endif +-#if !defined(__lzo_nothrow) +-#if (LZO_CC_GNUC >= 0x030300ul) +-# define __lzo_nothrow __attribute__((__nothrow__)) +-#elif (LZO_CC_INTELC && (__INTEL_COMPILER >= 450) && LZO_CC_SYNTAX_MSC) && defined(__cplusplus) +-# define __lzo_nothrow __declspec(nothrow) +-#elif (LZO_CC_INTELC && (__INTEL_COMPILER >= 900) && LZO_CC_SYNTAX_GNUC) +-# define __lzo_nothrow __attribute__((__nothrow__)) +-#elif (LZO_CC_CLANG || LZO_CC_LLVM || LZO_CC_PATHSCALE) +-# define __lzo_nothrow __attribute__((__nothrow__)) +-#elif (LZO_CC_MSC && (_MSC_VER >= 1200)) && defined(__cplusplus) +-# define __lzo_nothrow __declspec(nothrow) +-#endif +-#endif +-#if defined(__lzo_nothrow) +-# define __lzo_HAVE_nothrow 1 +-#else +-# define __lzo_nothrow /*empty*/ +-#endif +-#if !defined(__lzo_restrict) +-#if (LZO_CC_GNUC >= 0x030400ul) +-# define __lzo_restrict __restrict__ +-#elif (LZO_CC_INTELC && (__INTEL_COMPILER >= 600) && LZO_CC_SYNTAX_GNUC) +-# define __lzo_restrict __restrict__ +-#elif (LZO_CC_CLANG || LZO_CC_LLVM) +-# define __lzo_restrict __restrict__ +-#elif (LZO_CC_MSC && (_MSC_VER >= 1400)) +-# define __lzo_restrict __restrict +-#endif +-#endif +-#if defined(__lzo_restrict) +-# define __lzo_HAVE_restrict 1 +-#else +-# define __lzo_restrict /*empty*/ +-#endif +-#if !defined(__lzo_likely) && !defined(__lzo_unlikely) +-#if (LZO_CC_GNUC >= 0x030200ul) +-# define __lzo_likely(e) (__builtin_expect(!!(e),1)) +-# define __lzo_unlikely(e) (__builtin_expect(!!(e),0)) +-#elif (LZO_CC_INTELC && (__INTEL_COMPILER >= 800)) +-# define __lzo_likely(e) (__builtin_expect(!!(e),1)) +-# define __lzo_unlikely(e) (__builtin_expect(!!(e),0)) +-#elif (LZO_CC_CLANG || LZO_CC_LLVM || LZO_CC_PATHSCALE) +-# define __lzo_likely(e) (__builtin_expect(!!(e),1)) +-# define __lzo_unlikely(e) (__builtin_expect(!!(e),0)) +-#endif +-#endif +-#if defined(__lzo_likely) +-# define __lzo_HAVE_likely 1 +-#else +-# define __lzo_likely(e) (e) +-#endif +-#if defined(__lzo_unlikely) +-# define __lzo_HAVE_unlikely 1 +-#else +-# define __lzo_unlikely(e) (e) +-#endif +-#if !defined(LZO_UNUSED) +-# if (LZO_CC_BORLANDC && (__BORLANDC__ >= 0x0600)) +-# define LZO_UNUSED(var) ((void) &var) +-# elif (LZO_CC_BORLANDC || LZO_CC_HIGHC || LZO_CC_NDPC || LZO_CC_PELLESC || LZO_CC_TURBOC) +-# define LZO_UNUSED(var) if (&var) ; else +-# elif (LZO_CC_CLANG || LZO_CC_GNUC || LZO_CC_LLVM || LZO_CC_PATHSCALE) +-# define LZO_UNUSED(var) ((void) var) +-# elif (LZO_CC_MSC && (_MSC_VER < 900)) +-# define LZO_UNUSED(var) if (&var) ; else +-# elif (LZO_CC_KEILC) +-# define LZO_UNUSED(var) {extern int __lzo_unused[1-2*!(sizeof(var)>0)];} +-# elif (LZO_CC_PACIFICC) +-# define LZO_UNUSED(var) ((void) sizeof(var)) +-# elif (LZO_CC_WATCOMC) && defined(__cplusplus) +-# define LZO_UNUSED(var) ((void) var) +-# else +-# define LZO_UNUSED(var) ((void) &var) +-# endif +-#endif +-#if !defined(LZO_UNUSED_FUNC) +-# if (LZO_CC_BORLANDC && (__BORLANDC__ >= 0x0600)) +-# define LZO_UNUSED_FUNC(func) ((void) func) +-# elif (LZO_CC_BORLANDC || LZO_CC_NDPC || LZO_CC_TURBOC) +-# define LZO_UNUSED_FUNC(func) if (func) ; else +-# elif (LZO_CC_CLANG || LZO_CC_LLVM) +-# define LZO_UNUSED_FUNC(func) ((void) &func) +-# elif (LZO_CC_MSC && (_MSC_VER < 900)) +-# define LZO_UNUSED_FUNC(func) if (func) ; else +-# elif (LZO_CC_MSC) +-# define LZO_UNUSED_FUNC(func) ((void) &func) +-# elif (LZO_CC_KEILC || LZO_CC_PELLESC) +-# define LZO_UNUSED_FUNC(func) {extern int __lzo_unused[1-2*!(sizeof((int)func)>0)];} +-# else +-# define LZO_UNUSED_FUNC(func) ((void) func) +-# endif +-#endif +-#if !defined(LZO_UNUSED_LABEL) +-# if (LZO_CC_WATCOMC) && defined(__cplusplus) +-# define LZO_UNUSED_LABEL(l) switch(0) case 1:goto l +-# elif (LZO_CC_CLANG || LZO_CC_INTELC || LZO_CC_WATCOMC) +-# define LZO_UNUSED_LABEL(l) if (0) goto l +-# else +-# define LZO_UNUSED_LABEL(l) switch(0) case 1:goto l +-# endif +-#endif +-#if !defined(LZO_DEFINE_UNINITIALIZED_VAR) +-# if 0 +-# define LZO_DEFINE_UNINITIALIZED_VAR(type,var,init) type var +-# elif 0 && (LZO_CC_GNUC) +-# define LZO_DEFINE_UNINITIALIZED_VAR(type,var,init) type var = var +-# else +-# define LZO_DEFINE_UNINITIALIZED_VAR(type,var,init) type var = init +-# endif +-#endif +-#if !defined(LZO_UNCONST_CAST) +-# if 0 && defined(__cplusplus) +-# define LZO_UNCONST_CAST(t,e) (const_cast (e)) +-# elif (LZO_CC_CLANG || LZO_CC_GNUC || LZO_CC_LLVM || LZO_CC_PATHSCALE) +-# define LZO_UNCONST_CAST(t,e) ((t) ((void *) ((char *) ((lzo_uintptr_t) ((const void *) (e)))))) +-# else +-# define LZO_UNCONST_CAST(t,e) ((t) ((void *) ((char *) ((const void *) (e))))) +-# endif +-#endif +-#if !defined(LZO_COMPILE_TIME_ASSERT_HEADER) +-# if (LZO_CC_AZTECC || LZO_CC_ZORTECHC) +-# define LZO_COMPILE_TIME_ASSERT_HEADER(e) extern int __lzo_cta[1-!(e)]; +-# elif (LZO_CC_DMC || LZO_CC_SYMANTECC) +-# define LZO_COMPILE_TIME_ASSERT_HEADER(e) extern int __lzo_cta[1u-2*!(e)]; +-# elif (LZO_CC_TURBOC && (__TURBOC__ == 0x0295)) +-# define LZO_COMPILE_TIME_ASSERT_HEADER(e) extern int __lzo_cta[1-!(e)]; +-# else +-# define LZO_COMPILE_TIME_ASSERT_HEADER(e) extern int __lzo_cta[1-2*!(e)]; +-# endif +-#endif +-#if !defined(LZO_COMPILE_TIME_ASSERT) +-# if (LZO_CC_AZTECC) +-# define LZO_COMPILE_TIME_ASSERT(e) {typedef int __lzo_cta_t[1-!(e)];} +-# elif (LZO_CC_DMC || LZO_CC_PACIFICC || LZO_CC_SYMANTECC || LZO_CC_ZORTECHC) +-# define LZO_COMPILE_TIME_ASSERT(e) switch(0) case 1:case !(e):break; +-# elif (LZO_CC_MSC && (_MSC_VER < 900)) +-# define LZO_COMPILE_TIME_ASSERT(e) switch(0) case 1:case !(e):break; +-# elif (LZO_CC_TURBOC && (__TURBOC__ == 0x0295)) +-# define LZO_COMPILE_TIME_ASSERT(e) switch(0) case 1:case !(e):break; +-# else +-# define LZO_COMPILE_TIME_ASSERT(e) {typedef int __lzo_cta_t[1-2*!(e)];} +-# endif +-#endif +-#if (LZO_ARCH_I086 || LZO_ARCH_I386) && (LZO_OS_DOS16 || LZO_OS_DOS32 || LZO_OS_OS2 || LZO_OS_OS216 || LZO_OS_WIN16 || LZO_OS_WIN32 || LZO_OS_WIN64) +-# if (LZO_CC_GNUC || LZO_CC_HIGHC || LZO_CC_NDPC || LZO_CC_PACIFICC) +-# elif (LZO_CC_DMC || LZO_CC_SYMANTECC || LZO_CC_ZORTECHC) +-# define __lzo_cdecl __cdecl +-# define __lzo_cdecl_atexit /*empty*/ +-# define __lzo_cdecl_main __cdecl +-# if (LZO_OS_OS2 && (LZO_CC_DMC || LZO_CC_SYMANTECC)) +-# define __lzo_cdecl_qsort __pascal +-# elif (LZO_OS_OS2 && (LZO_CC_ZORTECHC)) +-# define __lzo_cdecl_qsort _stdcall +-# else +-# define __lzo_cdecl_qsort __cdecl +-# endif +-# elif (LZO_CC_WATCOMC) +-# define __lzo_cdecl __cdecl +-# else +-# define __lzo_cdecl __cdecl +-# define __lzo_cdecl_atexit __cdecl +-# define __lzo_cdecl_main __cdecl +-# define __lzo_cdecl_qsort __cdecl +-# endif +-# if (LZO_CC_GNUC || LZO_CC_HIGHC || LZO_CC_NDPC || LZO_CC_PACIFICC || LZO_CC_WATCOMC) +-# elif (LZO_OS_OS2 && (LZO_CC_DMC || LZO_CC_SYMANTECC)) +-# define __lzo_cdecl_sighandler __pascal +-# elif (LZO_OS_OS2 && (LZO_CC_ZORTECHC)) +-# define __lzo_cdecl_sighandler _stdcall +-# elif (LZO_CC_MSC && (_MSC_VER >= 1400)) && defined(_M_CEE_PURE) +-# define __lzo_cdecl_sighandler __clrcall +-# elif (LZO_CC_MSC && (_MSC_VER >= 600 && _MSC_VER < 700)) +-# if defined(_DLL) +-# define __lzo_cdecl_sighandler _far _cdecl _loadds +-# elif defined(_MT) +-# define __lzo_cdecl_sighandler _far _cdecl +-# else +-# define __lzo_cdecl_sighandler _cdecl +-# endif +-# else +-# define __lzo_cdecl_sighandler __cdecl +-# endif +-#elif (LZO_ARCH_I386) && (LZO_CC_WATCOMC) +-# define __lzo_cdecl __cdecl +-#elif (LZO_ARCH_M68K && LZO_OS_TOS && (LZO_CC_PUREC || LZO_CC_TURBOC)) +-# define __lzo_cdecl cdecl +-#endif +-#if !defined(__lzo_cdecl) +-# define __lzo_cdecl /*empty*/ +-#endif +-#if !defined(__lzo_cdecl_atexit) +-# define __lzo_cdecl_atexit /*empty*/ +-#endif +-#if !defined(__lzo_cdecl_main) +-# define __lzo_cdecl_main /*empty*/ +-#endif +-#if !defined(__lzo_cdecl_qsort) +-# define __lzo_cdecl_qsort /*empty*/ +-#endif +-#if !defined(__lzo_cdecl_sighandler) +-# define __lzo_cdecl_sighandler /*empty*/ +-#endif +-#if !defined(__lzo_cdecl_va) +-# define __lzo_cdecl_va __lzo_cdecl +-#endif +-#if !(LZO_CFG_NO_WINDOWS_H) +-#if (LZO_OS_CYGWIN || (LZO_OS_EMX && defined(__RSXNT__)) || LZO_OS_WIN32 || LZO_OS_WIN64) +-# if (LZO_CC_WATCOMC && (__WATCOMC__ < 1000)) +-# elif (LZO_OS_WIN32 && LZO_CC_GNUC) && defined(__PW32__) +-# elif ((LZO_OS_CYGWIN || defined(__MINGW32__)) && (LZO_CC_GNUC && (LZO_CC_GNUC < 0x025f00ul))) +-# else +-# define LZO_HAVE_WINDOWS_H 1 +-# endif ++#if (LZO_ARCH_I386 && (LZO_OS_DOS32 || LZO_OS_WIN32) && (LZO_CC_DMC || LZO_CC_INTELC || LZO_CC_MSC || LZO_CC_PELLESC)) ++# define LZO_ASM_SYNTAX_MSC 1 ++#elif (LZO_OS_WIN64 && (LZO_CC_DMC || LZO_CC_INTELC || LZO_CC_MSC || LZO_CC_PELLESC)) ++#elif (LZO_ARCH_I386 && LZO_CC_GNUC && (LZO_CC_GNUC == 0x011f00ul)) ++#elif (LZO_ARCH_I386 && (LZO_CC_CLANG || LZO_CC_GNUC || LZO_CC_INTELC || LZO_CC_PATHSCALE)) ++# define LZO_ASM_SYNTAX_GNUC 1 ++#elif (LZO_ARCH_AMD64 && (LZO_CC_CLANG || LZO_CC_GNUC || LZO_CC_INTELC || LZO_CC_PATHSCALE)) ++# define LZO_ASM_SYNTAX_GNUC 1 ++#elif (LZO_CC_GNUC) ++# define LZO_ASM_SYNTAX_GNUC 1 ++#endif ++#if (LZO_ASM_SYNTAX_GNUC) ++#if (LZO_ARCH_I386 && LZO_CC_GNUC && (LZO_CC_GNUC < 0x020000ul)) ++# define __LZO_ASM_CLOBBER "ax" ++# define __LZO_ASM_CLOBBER_LIST_CC /*empty*/ ++# define __LZO_ASM_CLOBBER_LIST_CC_MEMORY /*empty*/ ++# define __LZO_ASM_CLOBBER_LIST_EMPTY /*empty*/ ++#elif (LZO_CC_INTELC && (__INTEL_COMPILER < 1000)) ++# define __LZO_ASM_CLOBBER "memory" ++# define __LZO_ASM_CLOBBER_LIST_CC /*empty*/ ++# define __LZO_ASM_CLOBBER_LIST_CC_MEMORY : "memory" ++# define __LZO_ASM_CLOBBER_LIST_EMPTY /*empty*/ ++#else ++# define __LZO_ASM_CLOBBER "cc", "memory" ++# define __LZO_ASM_CLOBBER_LIST_CC : "cc" ++# define __LZO_ASM_CLOBBER_LIST_CC_MEMORY : "cc", "memory" ++# define __LZO_ASM_CLOBBER_LIST_EMPTY /*empty*/ + #endif + #endif + #if (LZO_ARCH_ALPHA) +-# define LZO_OPT_AVOID_UINT_INDEX 1 +-# define LZO_OPT_AVOID_SHORT 1 +-# define LZO_OPT_AVOID_USHORT 1 ++# define LZO_OPT_AVOID_UINT_INDEX 1 + #elif (LZO_ARCH_AMD64) +-# define LZO_OPT_AVOID_INT_INDEX 1 +-# define LZO_OPT_AVOID_UINT_INDEX 1 +-# define LZO_OPT_UNALIGNED16 1 +-# define LZO_OPT_UNALIGNED32 1 +-# define LZO_OPT_UNALIGNED64 1 +-#elif (LZO_ARCH_ARM && LZO_ARCH_ARM_THUMB) ++# define LZO_OPT_AVOID_INT_INDEX 1 ++# define LZO_OPT_AVOID_UINT_INDEX 1 ++# ifndef LZO_OPT_UNALIGNED16 ++# define LZO_OPT_UNALIGNED16 1 ++# endif ++# ifndef LZO_OPT_UNALIGNED32 ++# define LZO_OPT_UNALIGNED32 1 ++# endif ++# ifndef LZO_OPT_UNALIGNED64 ++# define LZO_OPT_UNALIGNED64 1 ++# endif + #elif (LZO_ARCH_ARM) +-# define LZO_OPT_AVOID_SHORT 1 +-# define LZO_OPT_AVOID_USHORT 1 ++# if defined(__ARM_FEATURE_UNALIGNED) ++# ifndef LZO_OPT_UNALIGNED16 ++# define LZO_OPT_UNALIGNED16 1 ++# endif ++# ifndef LZO_OPT_UNALIGNED32 ++# define LZO_OPT_UNALIGNED32 1 ++# endif ++# elif defined(__TARGET_ARCH_ARM) && ((__TARGET_ARCH_ARM+0) >= 7) ++# ifndef LZO_OPT_UNALIGNED16 ++# define LZO_OPT_UNALIGNED16 1 ++# endif ++# ifndef LZO_OPT_UNALIGNED32 ++# define LZO_OPT_UNALIGNED32 1 ++# endif ++# elif defined(__TARGET_ARCH_ARM) && ((__TARGET_ARCH_ARM+0) >= 6) && !defined(__TARGET_PROFILE_M) ++# ifndef LZO_OPT_UNALIGNED16 ++# define LZO_OPT_UNALIGNED16 1 ++# endif ++# ifndef LZO_OPT_UNALIGNED32 ++# define LZO_OPT_UNALIGNED32 1 ++# endif ++# endif ++#elif (LZO_ARCH_ARM64) ++# ifndef LZO_OPT_UNALIGNED16 ++# define LZO_OPT_UNALIGNED16 1 ++# endif ++# ifndef LZO_OPT_UNALIGNED32 ++# define LZO_OPT_UNALIGNED32 1 ++# endif ++# ifndef LZO_OPT_UNALIGNED64 ++# define LZO_OPT_UNALIGNED64 1 ++# endif + #elif (LZO_ARCH_CRIS) +-# define LZO_OPT_UNALIGNED16 1 +-# define LZO_OPT_UNALIGNED32 1 ++# ifndef LZO_OPT_UNALIGNED16 ++# define LZO_OPT_UNALIGNED16 1 ++# endif ++# ifndef LZO_OPT_UNALIGNED32 ++# define LZO_OPT_UNALIGNED32 1 ++# endif + #elif (LZO_ARCH_I386) +-# define LZO_OPT_UNALIGNED16 1 +-# define LZO_OPT_UNALIGNED32 1 ++# ifndef LZO_OPT_UNALIGNED16 ++# define LZO_OPT_UNALIGNED16 1 ++# endif ++# ifndef LZO_OPT_UNALIGNED32 ++# define LZO_OPT_UNALIGNED32 1 ++# endif + #elif (LZO_ARCH_IA64) +-# define LZO_OPT_AVOID_INT_INDEX 1 +-# define LZO_OPT_AVOID_UINT_INDEX 1 +-# define LZO_OPT_PREFER_POSTINC 1 ++# define LZO_OPT_AVOID_INT_INDEX 1 ++# define LZO_OPT_AVOID_UINT_INDEX 1 ++# define LZO_OPT_PREFER_POSTINC 1 + #elif (LZO_ARCH_M68K) +-# define LZO_OPT_PREFER_POSTINC 1 +-# define LZO_OPT_PREFER_PREDEC 1 ++# define LZO_OPT_PREFER_POSTINC 1 ++# define LZO_OPT_PREFER_PREDEC 1 + # if defined(__mc68020__) && !defined(__mcoldfire__) +-# define LZO_OPT_UNALIGNED16 1 +-# define LZO_OPT_UNALIGNED32 1 ++# ifndef LZO_OPT_UNALIGNED16 ++# define LZO_OPT_UNALIGNED16 1 ++# endif ++# ifndef LZO_OPT_UNALIGNED32 ++# define LZO_OPT_UNALIGNED32 1 ++# endif + # endif + #elif (LZO_ARCH_MIPS) +-# define LZO_OPT_AVOID_UINT_INDEX 1 ++# define LZO_OPT_AVOID_UINT_INDEX 1 + #elif (LZO_ARCH_POWERPC) +-# define LZO_OPT_PREFER_PREINC 1 +-# define LZO_OPT_PREFER_PREDEC 1 ++# define LZO_OPT_PREFER_PREINC 1 ++# define LZO_OPT_PREFER_PREDEC 1 + # if (LZO_ABI_BIG_ENDIAN) +-# define LZO_OPT_UNALIGNED16 1 +-# define LZO_OPT_UNALIGNED32 1 ++# ifndef LZO_OPT_UNALIGNED16 ++# define LZO_OPT_UNALIGNED16 1 ++# endif ++# ifndef LZO_OPT_UNALIGNED32 ++# define LZO_OPT_UNALIGNED32 1 ++# endif ++# if (LZO_WORDSIZE == 8) ++# ifndef LZO_OPT_UNALIGNED64 ++# define LZO_OPT_UNALIGNED64 1 ++# endif ++# endif + # endif + #elif (LZO_ARCH_S390) +-# define LZO_OPT_UNALIGNED16 1 +-# define LZO_OPT_UNALIGNED32 1 +-# if (LZO_SIZEOF_SIZE_T == 8) +-# define LZO_OPT_UNALIGNED64 1 ++# ifndef LZO_OPT_UNALIGNED16 ++# define LZO_OPT_UNALIGNED16 1 ++# endif ++# ifndef LZO_OPT_UNALIGNED32 ++# define LZO_OPT_UNALIGNED32 1 ++# endif ++# if (LZO_WORDSIZE == 8) ++# ifndef LZO_OPT_UNALIGNED64 ++# define LZO_OPT_UNALIGNED64 1 ++# endif + # endif + #elif (LZO_ARCH_SH) +-# define LZO_OPT_PREFER_POSTINC 1 +-# define LZO_OPT_PREFER_PREDEC 1 ++# define LZO_OPT_PREFER_POSTINC 1 ++# define LZO_OPT_PREFER_PREDEC 1 + #endif + #ifndef LZO_CFG_NO_INLINE_ASM +-#if (LZO_CC_LLVM) ++#if (LZO_ABI_NEUTRAL_ENDIAN) || (LZO_ARCH_GENERIC) + # define LZO_CFG_NO_INLINE_ASM 1 ++#elif (LZO_CC_LLVM) ++# define LZO_CFG_NO_INLINE_ASM 1 ++#endif + #endif ++#if (LZO_CFG_NO_INLINE_ASM) ++# undef LZO_ASM_SYNTAX_MSC ++# undef LZO_ASM_SYNTAX_GNUC ++# undef __LZO_ASM_CLOBBER ++# undef __LZO_ASM_CLOBBER_LIST_CC ++# undef __LZO_ASM_CLOBBER_LIST_CC_MEMORY ++# undef __LZO_ASM_CLOBBER_LIST_EMPTY + #endif + #ifndef LZO_CFG_NO_UNALIGNED + #if (LZO_ABI_NEUTRAL_ENDIAN) || (LZO_ARCH_GENERIC) +@@ -1784,25 +2574,6 @@ extern "C" { + # undef LZO_OPT_UNALIGNED32 + # undef LZO_OPT_UNALIGNED64 + #endif +-#if (LZO_CFG_NO_INLINE_ASM) +-#elif (LZO_ARCH_I386 && (LZO_OS_DOS32 || LZO_OS_WIN32) && (LZO_CC_DMC || LZO_CC_INTELC || LZO_CC_MSC || LZO_CC_PELLESC)) +-# define LZO_ASM_SYNTAX_MSC 1 +-#elif (LZO_OS_WIN64 && (LZO_CC_DMC || LZO_CC_INTELC || LZO_CC_MSC || LZO_CC_PELLESC)) +-#elif (LZO_ARCH_I386 && LZO_CC_GNUC && (LZO_CC_GNUC == 0x011f00ul)) +-#elif (LZO_ARCH_I386 && (LZO_CC_CLANG || LZO_CC_GNUC || LZO_CC_INTELC || LZO_CC_PATHSCALE)) +-# define LZO_ASM_SYNTAX_GNUC 1 +-#elif (LZO_ARCH_AMD64 && (LZO_CC_CLANG || LZO_CC_GNUC || LZO_CC_INTELC || LZO_CC_PATHSCALE)) +-# define LZO_ASM_SYNTAX_GNUC 1 +-#endif +-#if (LZO_ASM_SYNTAX_GNUC) +-#if (LZO_ARCH_I386 && LZO_CC_GNUC && (LZO_CC_GNUC < 0x020000ul)) +-# define __LZO_ASM_CLOBBER "ax" +-#elif (LZO_CC_INTELC) +-# define __LZO_ASM_CLOBBER "memory" +-#else +-# define __LZO_ASM_CLOBBER "cc", "memory" +-#endif +-#endif + #if defined(__LZO_INFOSTR_MM) + #elif (LZO_MM_FLAT) && (defined(__LZO_INFOSTR_PM) || defined(LZO_INFO_ABI_PM)) + # define __LZO_INFOSTR_MM "" +@@ -1846,7 +2617,382 @@ extern "C" { + #define LZO_INFO_STRING \ + LZO_INFO_ARCH __LZO_INFOSTR_MM __LZO_INFOSTR_PM __LZO_INFOSTR_ENDIAN \ + " " __LZO_INFOSTR_OSNAME __LZO_INFOSTR_LIBC " " LZO_INFO_CC __LZO_INFOSTR_CCVER ++#if !(LZO_CFG_SKIP_LZO_TYPES) ++#if (!(LZO_SIZEOF_SHORT+0 > 0 && LZO_SIZEOF_INT+0 > 0 && LZO_SIZEOF_LONG+0 > 0)) ++# error "missing defines for sizes" ++#endif ++#if (!(LZO_SIZEOF_PTRDIFF_T+0 > 0 && LZO_SIZEOF_SIZE_T+0 > 0 && LZO_SIZEOF_VOID_P+0 > 0)) ++# error "missing defines for sizes" ++#endif ++#if !defined(lzo_llong_t) ++#if (LZO_SIZEOF_LONG_LONG+0 > 0) ++__lzo_gnuc_extension__ typedef long long lzo_llong_t__; ++__lzo_gnuc_extension__ typedef unsigned long long lzo_ullong_t__; ++# define lzo_llong_t lzo_llong_t__ ++# define lzo_ullong_t lzo_ullong_t__ ++#endif ++#endif ++#if !defined(lzo_int16e_t) ++#if (LZO_SIZEOF_LONG == 2) ++# define lzo_int16e_t long ++# define lzo_uint16e_t unsigned long ++#elif (LZO_SIZEOF_INT == 2) ++# define lzo_int16e_t int ++# define lzo_uint16e_t unsigned int ++#elif (LZO_SIZEOF_SHORT == 2) ++# define lzo_int16e_t short int ++# define lzo_uint16e_t unsigned short int ++#elif 1 && !(LZO_CFG_TYPE_NO_MODE_HI) && (LZO_CC_CLANG || (LZO_CC_GNUC >= 0x025f00ul) || LZO_CC_LLVM) ++ typedef int lzo_int16e_hi_t__ __attribute__((__mode__(__HI__))); ++ typedef unsigned int lzo_uint16e_hi_t__ __attribute__((__mode__(__HI__))); ++# define lzo_int16e_t lzo_int16e_hi_t__ ++# define lzo_uint16e_t lzo_uint16e_hi_t__ ++#elif (LZO_SIZEOF___INT16 == 2) ++# define lzo_int16e_t __int16 ++# define lzo_uint16e_t unsigned __int16 ++#else ++#endif ++#endif ++#if defined(lzo_int16e_t) ++# define LZO_SIZEOF_LZO_INT16E_T 2 ++ LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_int16e_t) == 2) ++ LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_int16e_t) == LZO_SIZEOF_LZO_INT16E_T) ++#endif ++#if !defined(lzo_int32e_t) ++#if (LZO_SIZEOF_LONG == 4) ++# define lzo_int32e_t long int ++# define lzo_uint32e_t unsigned long int ++#elif (LZO_SIZEOF_INT == 4) ++# define lzo_int32e_t int ++# define lzo_uint32e_t unsigned int ++#elif (LZO_SIZEOF_SHORT == 4) ++# define lzo_int32e_t short int ++# define lzo_uint32e_t unsigned short int ++#elif (LZO_SIZEOF_LONG_LONG == 4) ++# define lzo_int32e_t lzo_llong_t ++# define lzo_uint32e_t lzo_ullong_t ++#elif 1 && !(LZO_CFG_TYPE_NO_MODE_SI) && (LZO_CC_CLANG || (LZO_CC_GNUC >= 0x025f00ul) || LZO_CC_LLVM) && (__INT_MAX__+0 > 2147483647L) ++ typedef int lzo_int32e_si_t__ __attribute__((__mode__(__SI__))); ++ typedef unsigned int lzo_uint32e_si_t__ __attribute__((__mode__(__SI__))); ++# define lzo_int32e_t lzo_int32e_si_t__ ++# define lzo_uint32e_t lzo_uint32e_si_t__ ++#elif 1 && !(LZO_CFG_TYPE_NO_MODE_SI) && (LZO_CC_GNUC >= 0x025f00ul) && defined(__AVR__) && (__LONG_MAX__+0 == 32767L) ++ typedef int lzo_int32e_si_t__ __attribute__((__mode__(__SI__))); ++ typedef unsigned int lzo_uint32e_si_t__ __attribute__((__mode__(__SI__))); ++# define lzo_int32e_t lzo_int32e_si_t__ ++# define lzo_uint32e_t lzo_uint32e_si_t__ ++# define LZO_INT32_C(c) (c##LL) ++# define LZO_UINT32_C(c) (c##ULL) ++#elif (LZO_SIZEOF___INT32 == 4) ++# define lzo_int32e_t __int32 ++# define lzo_uint32e_t unsigned __int32 ++#else ++#endif ++#endif ++#if defined(lzo_int32e_t) ++# define LZO_SIZEOF_LZO_INT32E_T 4 ++ LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_int32e_t) == 4) ++ LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_int32e_t) == LZO_SIZEOF_LZO_INT32E_T) ++#endif ++#if !defined(lzo_int64e_t) ++#if (LZO_SIZEOF___INT64 == 8) ++# if (LZO_CC_BORLANDC) && !(LZO_CFG_TYPE_PREFER___INT64) ++# define LZO_CFG_TYPE_PREFER___INT64 1 ++# endif ++#endif ++#if (LZO_SIZEOF_INT == 8) && (LZO_SIZEOF_INT < LZO_SIZEOF_LONG) ++# define lzo_int64e_t int ++# define lzo_uint64e_t unsigned int ++# define LZO_SIZEOF_LZO_INT64E_T LZO_SIZEOF_INT ++#elif (LZO_SIZEOF_LONG == 8) ++# define lzo_int64e_t long int ++# define lzo_uint64e_t unsigned long int ++# define LZO_SIZEOF_LZO_INT64E_T LZO_SIZEOF_LONG ++#elif (LZO_SIZEOF_LONG_LONG == 8) && !(LZO_CFG_TYPE_PREFER___INT64) ++# define lzo_int64e_t lzo_llong_t ++# define lzo_uint64e_t lzo_ullong_t ++# if (LZO_CC_BORLANDC) ++# define LZO_INT64_C(c) ((c) + 0ll) ++# define LZO_UINT64_C(c) ((c) + 0ull) ++# elif 0 ++# define LZO_INT64_C(c) (__lzo_gnuc_extension__ (c##LL)) ++# define LZO_UINT64_C(c) (__lzo_gnuc_extension__ (c##ULL)) ++# else ++# define LZO_INT64_C(c) (c##LL) ++# define LZO_UINT64_C(c) (c##ULL) ++# endif ++# define LZO_SIZEOF_LZO_INT64E_T LZO_SIZEOF_LONG_LONG ++#elif (LZO_SIZEOF___INT64 == 8) ++# define lzo_int64e_t __int64 ++# define lzo_uint64e_t unsigned __int64 ++# if (LZO_CC_BORLANDC) ++# define LZO_INT64_C(c) ((c) + 0i64) ++# define LZO_UINT64_C(c) ((c) + 0ui64) ++# else ++# define LZO_INT64_C(c) (c##i64) ++# define LZO_UINT64_C(c) (c##ui64) ++# endif ++# define LZO_SIZEOF_LZO_INT64E_T LZO_SIZEOF___INT64 ++#else ++#endif ++#endif ++#if defined(lzo_int64e_t) ++ LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_int64e_t) == 8) ++ LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_int64e_t) == LZO_SIZEOF_LZO_INT64E_T) ++#endif ++#if !defined(lzo_int32l_t) ++#if defined(lzo_int32e_t) ++# define lzo_int32l_t lzo_int32e_t ++# define lzo_uint32l_t lzo_uint32e_t ++# define LZO_SIZEOF_LZO_INT32L_T LZO_SIZEOF_LZO_INT32E_T ++#elif (LZO_SIZEOF_INT >= 4) && (LZO_SIZEOF_INT < LZO_SIZEOF_LONG) ++# define lzo_int32l_t int ++# define lzo_uint32l_t unsigned int ++# define LZO_SIZEOF_LZO_INT32L_T LZO_SIZEOF_INT ++#elif (LZO_SIZEOF_LONG >= 4) ++# define lzo_int32l_t long int ++# define lzo_uint32l_t unsigned long int ++# define LZO_SIZEOF_LZO_INT32L_T LZO_SIZEOF_LONG ++#else ++# error "lzo_int32l_t" ++#endif ++#endif ++#if 1 ++ LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_int32l_t) >= 4) ++ LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_int32l_t) == LZO_SIZEOF_LZO_INT32L_T) ++#endif ++#if !defined(lzo_int64l_t) ++#if defined(lzo_int64e_t) ++# define lzo_int64l_t lzo_int64e_t ++# define lzo_uint64l_t lzo_uint64e_t ++# define LZO_SIZEOF_LZO_INT64L_T LZO_SIZEOF_LZO_INT64E_T ++#else ++#endif ++#endif ++#if defined(lzo_int64l_t) ++ LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_int64l_t) >= 8) ++ LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_int64l_t) == LZO_SIZEOF_LZO_INT64L_T) ++#endif ++#if !defined(lzo_int32f_t) ++#if (LZO_SIZEOF_SIZE_T >= 8) ++# define lzo_int32f_t lzo_int64l_t ++# define lzo_uint32f_t lzo_uint64l_t ++# define LZO_SIZEOF_LZO_INT32F_T LZO_SIZEOF_LZO_INT64L_T ++#else ++# define lzo_int32f_t lzo_int32l_t ++# define lzo_uint32f_t lzo_uint32l_t ++# define LZO_SIZEOF_LZO_INT32F_T LZO_SIZEOF_LZO_INT32L_T ++#endif ++#endif ++#if 1 ++ LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_int32f_t) >= 4) ++ LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_int32f_t) == LZO_SIZEOF_LZO_INT32F_T) ++#endif ++#if !defined(lzo_int64f_t) ++#if defined(lzo_int64l_t) ++# define lzo_int64f_t lzo_int64l_t ++# define lzo_uint64f_t lzo_uint64l_t ++# define LZO_SIZEOF_LZO_INT64F_T LZO_SIZEOF_LZO_INT64L_T ++#else ++#endif ++#endif ++#if defined(lzo_int64f_t) ++ LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_int64f_t) >= 8) ++ LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_int64f_t) == LZO_SIZEOF_LZO_INT64F_T) ++#endif ++#if !defined(lzo_intptr_t) ++#if 1 && (LZO_OS_OS400 && (LZO_SIZEOF_VOID_P == 16)) ++# define __LZO_INTPTR_T_IS_POINTER 1 ++ typedef char* lzo_intptr_t; ++ typedef char* lzo_uintptr_t; ++# define lzo_intptr_t lzo_intptr_t ++# define lzo_uintptr_t lzo_uintptr_t ++# define LZO_SIZEOF_LZO_INTPTR_T LZO_SIZEOF_VOID_P ++#elif (LZO_CC_MSC && (_MSC_VER >= 1300) && (LZO_SIZEOF_VOID_P == 4) && (LZO_SIZEOF_INT == 4)) ++ typedef __w64 int lzo_intptr_t; ++ typedef __w64 unsigned int lzo_uintptr_t; ++# define lzo_intptr_t lzo_intptr_t ++# define lzo_uintptr_t lzo_uintptr_t ++# define LZO_SIZEOF_LZO_INTPTR_T LZO_SIZEOF_INT ++#elif (LZO_SIZEOF_SHORT == LZO_SIZEOF_VOID_P) && (LZO_SIZEOF_INT > LZO_SIZEOF_VOID_P) ++# define lzo_intptr_t short ++# define lzo_uintptr_t unsigned short ++# define LZO_SIZEOF_LZO_INTPTR_T LZO_SIZEOF_SHORT ++#elif (LZO_SIZEOF_INT >= LZO_SIZEOF_VOID_P) && (LZO_SIZEOF_INT < LZO_SIZEOF_LONG) ++# define lzo_intptr_t int ++# define lzo_uintptr_t unsigned int ++# define LZO_SIZEOF_LZO_INTPTR_T LZO_SIZEOF_INT ++#elif (LZO_SIZEOF_LONG >= LZO_SIZEOF_VOID_P) ++# define lzo_intptr_t long ++# define lzo_uintptr_t unsigned long ++# define LZO_SIZEOF_LZO_INTPTR_T LZO_SIZEOF_LONG ++#elif (LZO_SIZEOF_LZO_INT64L_T >= LZO_SIZEOF_VOID_P) ++# define lzo_intptr_t lzo_int64l_t ++# define lzo_uintptr_t lzo_uint64l_t ++# define LZO_SIZEOF_LZO_INTPTR_T LZO_SIZEOF_LZO_INT64L_T ++#else ++# error "lzo_intptr_t" ++#endif ++#endif ++#if 1 ++ LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_intptr_t) >= sizeof(void *)) ++ LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_intptr_t) == sizeof(lzo_uintptr_t)) ++#endif ++#if !defined(lzo_word_t) ++#if defined(LZO_WORDSIZE) && (LZO_WORDSIZE+0 > 0) ++#if (LZO_WORDSIZE == LZO_SIZEOF_LZO_INTPTR_T) && !(__LZO_INTPTR_T_IS_POINTER) ++# define lzo_word_t lzo_uintptr_t ++# define lzo_sword_t lzo_intptr_t ++# define LZO_SIZEOF_LZO_WORD_T LZO_SIZEOF_LZO_INTPTR_T ++#elif (LZO_WORDSIZE == LZO_SIZEOF_LONG) ++# define lzo_word_t unsigned long ++# define lzo_sword_t long ++# define LZO_SIZEOF_LZO_WORD_T LZO_SIZEOF_LONG ++#elif (LZO_WORDSIZE == LZO_SIZEOF_INT) ++# define lzo_word_t unsigned int ++# define lzo_sword_t int ++# define LZO_SIZEOF_LZO_WORD_T LZO_SIZEOF_INT ++#elif (LZO_WORDSIZE == LZO_SIZEOF_SHORT) ++# define lzo_word_t unsigned short ++# define lzo_sword_t short ++# define LZO_SIZEOF_LZO_WORD_T LZO_SIZEOF_SHORT ++#elif (LZO_WORDSIZE == 1) ++# define lzo_word_t unsigned char ++# define lzo_sword_t signed char ++# define LZO_SIZEOF_LZO_WORD_T 1 ++#elif (LZO_WORDSIZE == LZO_SIZEOF_LZO_INT64L_T) ++# define lzo_word_t lzo_uint64l_t ++# define lzo_sword_t lzo_int64l_t ++# define LZO_SIZEOF_LZO_WORD_T LZO_SIZEOF_LZO_INT64L_T ++#elif (LZO_ARCH_SPU) && (LZO_CC_GNUC) ++#if 0 ++ typedef unsigned lzo_word_t __attribute__((__mode__(__V16QI__))); ++ typedef int lzo_sword_t __attribute__((__mode__(__V16QI__))); ++# define lzo_word_t lzo_word_t ++# define lzo_sword_t lzo_sword_t ++# define LZO_SIZEOF_LZO_WORD_T 16 ++#endif ++#else ++# error "lzo_word_t" ++#endif ++#endif ++#endif ++#if 1 && defined(lzo_word_t) ++ LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_word_t) == LZO_WORDSIZE) ++ LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_sword_t) == LZO_WORDSIZE) ++#endif ++#if 1 ++#define lzo_int8_t signed char ++#define lzo_uint8_t unsigned char ++#define LZO_SIZEOF_LZO_INT8_T 1 ++LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_int8_t) == 1) ++LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_int8_t) == sizeof(lzo_uint8_t)) ++#endif ++#if defined(lzo_int16e_t) ++#define lzo_int16_t lzo_int16e_t ++#define lzo_uint16_t lzo_uint16e_t ++#define LZO_SIZEOF_LZO_INT16_T LZO_SIZEOF_LZO_INT16E_T ++LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_int16_t) == 2) ++LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_int16_t) == sizeof(lzo_uint16_t)) ++#endif ++#if defined(lzo_int32e_t) ++#define lzo_int32_t lzo_int32e_t ++#define lzo_uint32_t lzo_uint32e_t ++#define LZO_SIZEOF_LZO_INT32_T LZO_SIZEOF_LZO_INT32E_T ++LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_int32_t) == 4) ++LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_int32_t) == sizeof(lzo_uint32_t)) ++#endif ++#if defined(lzo_int64e_t) ++#define lzo_int64_t lzo_int64e_t ++#define lzo_uint64_t lzo_uint64e_t ++#define LZO_SIZEOF_LZO_INT64_T LZO_SIZEOF_LZO_INT64E_T ++LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_int64_t) == 8) ++LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_int64_t) == sizeof(lzo_uint64_t)) ++#endif ++#if 1 ++#define lzo_int_least32_t lzo_int32l_t ++#define lzo_uint_least32_t lzo_uint32l_t ++#define LZO_SIZEOF_LZO_INT_LEAST32_T LZO_SIZEOF_LZO_INT32L_T ++LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_int_least32_t) >= 4) ++LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_int_least32_t) == sizeof(lzo_uint_least32_t)) ++#endif ++#if defined(lzo_int64l_t) ++#define lzo_int_least64_t lzo_int64l_t ++#define lzo_uint_least64_t lzo_uint64l_t ++#define LZO_SIZEOF_LZO_INT_LEAST64_T LZO_SIZEOF_LZO_INT64L_T ++LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_int_least64_t) >= 8) ++LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_int_least64_t) == sizeof(lzo_uint_least64_t)) ++#endif ++#if 1 ++#define lzo_int_fast32_t lzo_int32f_t ++#define lzo_uint_fast32_t lzo_uint32f_t ++#define LZO_SIZEOF_LZO_INT_FAST32_T LZO_SIZEOF_LZO_INT32F_T ++LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_int_fast32_t) >= 4) ++LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_int_fast32_t) == sizeof(lzo_uint_fast32_t)) ++#endif ++#if defined(lzo_int64f_t) ++#define lzo_int_fast64_t lzo_int64f_t ++#define lzo_uint_fast64_t lzo_uint64f_t ++#define LZO_SIZEOF_LZO_INT_FAST64_T LZO_SIZEOF_LZO_INT64F_T ++LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_int_fast64_t) >= 8) ++LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_int_fast64_t) == sizeof(lzo_uint_fast64_t)) ++#endif ++#if !defined(LZO_INT16_C) ++# if (LZO_BROKEN_INTEGRAL_CONSTANTS) && (LZO_SIZEOF_INT >= 2) ++# define LZO_INT16_C(c) ((c) + 0) ++# define LZO_UINT16_C(c) ((c) + 0U) ++# elif (LZO_BROKEN_INTEGRAL_CONSTANTS) && (LZO_SIZEOF_LONG >= 2) ++# define LZO_INT16_C(c) ((c) + 0L) ++# define LZO_UINT16_C(c) ((c) + 0UL) ++# elif (LZO_SIZEOF_INT >= 2) ++# define LZO_INT16_C(c) (c) ++# define LZO_UINT16_C(c) (c##U) ++# elif (LZO_SIZEOF_LONG >= 2) ++# define LZO_INT16_C(c) (c##L) ++# define LZO_UINT16_C(c) (c##UL) ++# else ++# error "LZO_INT16_C" ++# endif ++#endif ++#if !defined(LZO_INT32_C) ++# if (LZO_BROKEN_INTEGRAL_CONSTANTS) && (LZO_SIZEOF_INT >= 4) ++# define LZO_INT32_C(c) ((c) + 0) ++# define LZO_UINT32_C(c) ((c) + 0U) ++# elif (LZO_BROKEN_INTEGRAL_CONSTANTS) && (LZO_SIZEOF_LONG >= 4) ++# define LZO_INT32_C(c) ((c) + 0L) ++# define LZO_UINT32_C(c) ((c) + 0UL) ++# elif (LZO_SIZEOF_INT >= 4) ++# define LZO_INT32_C(c) (c) ++# define LZO_UINT32_C(c) (c##U) ++# elif (LZO_SIZEOF_LONG >= 4) ++# define LZO_INT32_C(c) (c##L) ++# define LZO_UINT32_C(c) (c##UL) ++# elif (LZO_SIZEOF_LONG_LONG >= 4) ++# define LZO_INT32_C(c) (c##LL) ++# define LZO_UINT32_C(c) (c##ULL) ++# else ++# error "LZO_INT32_C" ++# endif ++#endif ++#if !defined(LZO_INT64_C) && defined(lzo_int64l_t) ++# if (LZO_BROKEN_INTEGRAL_CONSTANTS) && (LZO_SIZEOF_INT >= 8) ++# define LZO_INT64_C(c) ((c) + 0) ++# define LZO_UINT64_C(c) ((c) + 0U) ++# elif (LZO_BROKEN_INTEGRAL_CONSTANTS) && (LZO_SIZEOF_LONG >= 8) ++# define LZO_INT64_C(c) ((c) + 0L) ++# define LZO_UINT64_C(c) ((c) + 0UL) ++# elif (LZO_SIZEOF_INT >= 8) ++# define LZO_INT64_C(c) (c) ++# define LZO_UINT64_C(c) (c##U) ++# elif (LZO_SIZEOF_LONG >= 8) ++# define LZO_INT64_C(c) (c##L) ++# define LZO_UINT64_C(c) (c##UL) ++# else ++# error "LZO_INT64_C" ++# endif ++#endif ++#endif + + #endif /* already included */ + +-/* vim:set ts=4 et: */ ++/* vim:set ts=4 sw=4 et: */ +diff --git a/grub-core/lib/minilzo/minilzo.h b/grub-core/lib/minilzo/minilzo.h +index 74fefa9fe..793745467 100644 +--- a/grub-core/lib/minilzo/minilzo.h ++++ b/grub-core/lib/minilzo/minilzo.h +@@ -2,22 +2,7 @@ + + This file is part of the LZO real-time data compression library. + +- Copyright (C) 2011 Markus Franz Xaver Johannes Oberhumer +- Copyright (C) 2010 Markus Franz Xaver Johannes Oberhumer +- Copyright (C) 2009 Markus Franz Xaver Johannes Oberhumer +- Copyright (C) 2008 Markus Franz Xaver Johannes Oberhumer +- Copyright (C) 2007 Markus Franz Xaver Johannes Oberhumer +- Copyright (C) 2006 Markus Franz Xaver Johannes Oberhumer +- Copyright (C) 2005 Markus Franz Xaver Johannes Oberhumer +- Copyright (C) 2004 Markus Franz Xaver Johannes Oberhumer +- Copyright (C) 2003 Markus Franz Xaver Johannes Oberhumer +- Copyright (C) 2002 Markus Franz Xaver Johannes Oberhumer +- Copyright (C) 2001 Markus Franz Xaver Johannes Oberhumer +- Copyright (C) 2000 Markus Franz Xaver Johannes Oberhumer +- Copyright (C) 1999 Markus Franz Xaver Johannes Oberhumer +- Copyright (C) 1998 Markus Franz Xaver Johannes Oberhumer +- Copyright (C) 1997 Markus Franz Xaver Johannes Oberhumer +- Copyright (C) 1996 Markus Franz Xaver Johannes Oberhumer ++ Copyright (C) 1996-2014 Markus Franz Xaver Johannes Oberhumer + All Rights Reserved. + + The LZO library is free software; you can redistribute it and/or +@@ -50,7 +35,7 @@ + #ifndef __MINILZO_H + #define __MINILZO_H 1 + +-#define MINILZO_VERSION 0x2050 ++#define MINILZO_VERSION 0x2080 + + #ifdef __LZOCONF_H + # error "you cannot use both LZO and miniLZO" +@@ -78,7 +63,7 @@ extern "C" { + */ + + #define LZO1X_MEM_COMPRESS LZO1X_1_MEM_COMPRESS +-#define LZO1X_1_MEM_COMPRESS ((lzo_uint32) (16384L * lzo_sizeof_dict_t)) ++#define LZO1X_1_MEM_COMPRESS ((lzo_uint32_t) (16384L * lzo_sizeof_dict_t)) + #define LZO1X_MEM_DECOMPRESS (0) + + diff --git a/SOURCES/0014-Allow-fallback-to-include-entries-by-title-not-just-.patch b/SOURCES/0014-Allow-fallback-to-include-entries-by-title-not-just-.patch new file mode 100644 index 0000000..7ca1f9b --- /dev/null +++ b/SOURCES/0014-Allow-fallback-to-include-entries-by-title-not-just-.patch @@ -0,0 +1,141 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Fri, 5 Sep 2014 10:07:04 -0400 +Subject: [PATCH] Allow "fallback" to include entries by title, not just + number. + +Resolves: rhbz#1026084 + +Signed-off-by: Peter Jones +--- + grub-core/normal/menu.c | 85 +++++++++++++++++++++++++++++++++---------------- + 1 file changed, 58 insertions(+), 27 deletions(-) + +diff --git a/grub-core/normal/menu.c b/grub-core/normal/menu.c +index e7a83c2d6..d2f64b05e 100644 +--- a/grub-core/normal/menu.c ++++ b/grub-core/normal/menu.c +@@ -163,16 +163,41 @@ grub_menu_set_timeout (int timeout) + } + } + ++static int ++menuentry_eq (const char *id, const char *spec) ++{ ++ const char *ptr1, *ptr2; ++ ptr1 = id; ++ ptr2 = spec; ++ while (1) ++ { ++ if (*ptr2 == '>' && ptr2[1] != '>' && *ptr1 == 0) ++ return ptr2 - spec; ++ if (*ptr2 == '>' && ptr2[1] != '>') ++ return 0; ++ if (*ptr2 == '>') ++ ptr2++; ++ if (*ptr1 != *ptr2) ++ return 0; ++ if (*ptr1 == 0) ++ return ptr1 - id; ++ ptr1++; ++ ptr2++; ++ } ++ return 0; ++} ++ + /* Get the first entry number from the value of the environment variable NAME, + which is a space-separated list of non-negative integers. The entry number + which is returned is stripped from the value of NAME. If no entry number + can be found, -1 is returned. */ + static int +-get_and_remove_first_entry_number (const char *name) ++get_and_remove_first_entry_number (grub_menu_t menu, const char *name) + { + const char *val; + char *tail; + int entry; ++ int sz = 0; + + val = grub_env_get (name); + if (! val) +@@ -182,9 +207,39 @@ get_and_remove_first_entry_number (const char *name) + + entry = (int) grub_strtoul (val, &tail, 0); + ++ if (grub_errno == GRUB_ERR_BAD_NUMBER) ++ { ++ /* See if the variable matches the title of a menu entry. */ ++ grub_menu_entry_t e = menu->entry_list; ++ int i; ++ ++ for (i = 0; e; i++) ++ { ++ sz = menuentry_eq (e->title, val); ++ if (sz < 1) ++ sz = menuentry_eq (e->id, val); ++ ++ if (sz >= 1) ++ { ++ entry = i; ++ break; ++ } ++ e = e->next; ++ } ++ ++ if (sz > 0) ++ grub_errno = GRUB_ERR_NONE; ++ ++ if (! e) ++ entry = -1; ++ } ++ + if (grub_errno == GRUB_ERR_NONE) + { +- /* Skip whitespace to find the next digit. */ ++ if (sz > 0) ++ tail += sz; ++ ++ /* Skip whitespace to find the next entry. */ + while (*tail && grub_isspace (*tail)) + tail++; + grub_env_set (name, tail); +@@ -347,7 +402,7 @@ grub_menu_execute_with_fallback (grub_menu_t menu, + grub_menu_execute_entry (entry, 1); + + /* Deal with fallback entries. */ +- while ((fallback_entry = get_and_remove_first_entry_number ("fallback")) ++ while ((fallback_entry = get_and_remove_first_entry_number (menu, "fallback")) + >= 0) + { + grub_print_error (); +@@ -465,30 +520,6 @@ grub_menu_register_viewer (struct grub_menu_viewer *viewer) + viewers = viewer; + } + +-static int +-menuentry_eq (const char *id, const char *spec) +-{ +- const char *ptr1, *ptr2; +- ptr1 = id; +- ptr2 = spec; +- while (1) +- { +- if (*ptr2 == '>' && ptr2[1] != '>' && *ptr1 == 0) +- return 1; +- if (*ptr2 == '>' && ptr2[1] != '>') +- return 0; +- if (*ptr2 == '>') +- ptr2++; +- if (*ptr1 != *ptr2) +- return 0; +- if (*ptr1 == 0) +- return 1; +- ptr1++; +- ptr2++; +- } +-} +- +- + /* Get the entry number from the variable NAME. */ + static int + get_entry_number (grub_menu_t menu, const char *name) diff --git a/SOURCES/0015-Add-GRUB_DISABLE_UUID.patch b/SOURCES/0015-Add-GRUB_DISABLE_UUID.patch new file mode 100644 index 0000000..8b77ebe --- /dev/null +++ b/SOURCES/0015-Add-GRUB_DISABLE_UUID.patch @@ -0,0 +1,106 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Thu, 4 Sep 2014 16:49:25 -0400 +Subject: [PATCH] Add GRUB_DISABLE_UUID. + +This will cause "search --fs-uuid --set=root ..." not to be generated by +grub2-mkconfig, and instead simply attempt to use the grub device name +as it understands it. + +Signed-off-by: Peter Jones +--- + docs/grub.texi | 7 +++++++ + util/grub-mkconfig.in | 22 +++++++++++++++++++--- + util/grub-mkconfig_lib.in | 4 ++-- + 3 files changed, 28 insertions(+), 5 deletions(-) + +diff --git a/docs/grub.texi b/docs/grub.texi +index 2adfa97be..2fd32608c 100644 +--- a/docs/grub.texi ++++ b/docs/grub.texi +@@ -1441,6 +1441,13 @@ enable the use of partition UUIDs, set this option to @samp{false}. + If this option is set to @samp{true}, disable the generation of recovery + mode menu entries. + ++@item GRUB_DISABLE_UUID ++Normally, @command{grub-mkconfig} will generate menu entries that use ++universally-unique identifiers (UUIDs) to identify various filesystems to ++search for files. This is usually more reliable, but in some cases it may ++not be appropriate. To disable this use of UUIDs, set this option to ++@samp{true}. ++ + @item GRUB_VIDEO_BACKEND + If graphical video support is required, either because the @samp{gfxterm} + graphical terminal is in use or because @samp{GRUB_GFXPAYLOAD_LINUX} is set, +diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in +index bc5a3f175..b0a8626dd 100644 +--- a/util/grub-mkconfig.in ++++ b/util/grub-mkconfig.in +@@ -133,12 +133,12 @@ fi + + # Device containing our userland. Typically used for root= parameter. + GRUB_DEVICE="`${grub_probe} --target=device /`" +-GRUB_DEVICE_UUID="`${grub_probe} --device ${GRUB_DEVICE} --target=fs_uuid 2> /dev/null`" || true +-GRUB_DEVICE_PARTUUID="`${grub_probe} --device ${GRUB_DEVICE} --target=partuuid 2> /dev/null`" || true ++GRUB_DEVICE_UUID_GENERATED="`${grub_probe} --device ${GRUB_DEVICE} --target=fs_uuid 2> /dev/null`" || true ++GRUB_DEVICE_PARTUUID_GENERATED="`${grub_probe} --device ${GRUB_DEVICE} --target=partuuid 2> /dev/null`" || true + + # Device containing our /boot partition. Usually the same as GRUB_DEVICE. + GRUB_DEVICE_BOOT="`${grub_probe} --target=device /boot`" +-GRUB_DEVICE_BOOT_UUID="`${grub_probe} --device ${GRUB_DEVICE_BOOT} --target=fs_uuid 2> /dev/null`" || true ++GRUB_DEVICE_BOOT_UUID_GENERATED="`${grub_probe} --device ${GRUB_DEVICE_BOOT} --target=fs_uuid 2> /dev/null`" || true + + # Filesystem for the device containing our userland. Used for stuff like + # choosing Hurd filesystem module. +@@ -158,6 +158,21 @@ if test -f ${sysconfdir}/default/grub ; then + . ${sysconfdir}/default/grub + fi + ++if [ "x$GRUB_DISABLE_UUID" != "xtrue" ]; then ++ if [ -z "$GRUB_DEVICE_UUID" ]; then ++ GRUB_DEVICE_UUID="$GRUB_DEVICE_UUID_GENERATED" ++ fi ++ if [ -z "$GRUB_DEVICE_BOOT_UUID" ]; then ++ GRUB_DEVICE_BOOT_UUID="$GRUB_DEVICE_BOOT_UUID_GENERATED" ++ fi ++ if [ -z "$GRUB_DEVICE_UUID" ]; then ++ GRUB_DEVICE_UUID="$GRUB_DEVICE_UUID_GENERATED" ++ fi ++ if [ -z "$GRUB_DEVICE_PART_UUID" ]; then ++ GRUB_DEVICE_PART_UUID="$GRUB_DEVICE_PART_UUID_GENERATED" ++ fi ++fi ++ + # XXX: should this be deprecated at some point? + if [ "x${GRUB_TERMINAL}" != "x" ] ; then + GRUB_TERMINAL_INPUT="${GRUB_TERMINAL}" +@@ -227,6 +242,7 @@ export GRUB_DEFAULT \ + GRUB_DISABLE_LINUX_UUID \ + GRUB_DISABLE_LINUX_PARTUUID \ + GRUB_DISABLE_RECOVERY \ ++ GRUB_DISABLE_UUID \ + GRUB_VIDEO_BACKEND \ + GRUB_GFXMODE \ + GRUB_BACKGROUND \ +diff --git a/util/grub-mkconfig_lib.in b/util/grub-mkconfig_lib.in +index 0f801cab3..1001a1223 100644 +--- a/util/grub-mkconfig_lib.in ++++ b/util/grub-mkconfig_lib.in +@@ -156,7 +156,7 @@ prepare_grub_to_access_device () + if [ "x$fs_hint" != x ]; then + echo "set root='$fs_hint'" + fi +- if fs_uuid="`"${grub_probe}" --device $@ --target=fs_uuid 2> /dev/null`" ; then ++ if [ "x$GRUB_DISABLE_UUID" != "xtrue" ] && fs_uuid="`"${grub_probe}" --device $@ --target=fs_uuid 2> /dev/null`" ; then + hints="`"${grub_probe}" --device $@ --target=hints_string 2> /dev/null`" || hints= + echo "if [ x\$feature_platform_search_hint = xy ]; then" + echo " search --no-floppy --fs-uuid --set=root ${hints} ${fs_uuid}" +@@ -173,7 +173,7 @@ grub_get_device_id () + IFS=' + ' + device="$1" +- if fs_uuid="`"${grub_probe}" --device ${device} --target=fs_uuid 2> /dev/null`" ; then ++ if [ "x$GRUB_DISABLE_UUID" != "xtrue" ] && fs_uuid="`"${grub_probe}" --device ${device} --target=fs_uuid 2> /dev/null`" ; then + echo "$fs_uuid"; + else + echo $device |sed 's, ,_,g' diff --git a/SOURCES/0016-Make-exit-take-a-return-code.patch b/SOURCES/0016-Make-exit-take-a-return-code.patch new file mode 100644 index 0000000..437a360 --- /dev/null +++ b/SOURCES/0016-Make-exit-take-a-return-code.patch @@ -0,0 +1,256 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Wed, 26 Feb 2014 21:49:12 -0500 +Subject: [PATCH] Make "exit" take a return code. + +This adds "exit" with a return code. With this patch, any "exit" +command /may/ include a return code, and on platforms that support +returning with an exit status, we will do so. By default we return the +same exit status we did before this patch. + +Signed-off-by: Peter Jones +--- + grub-core/commands/minicmd.c | 20 ++++++++++++++++---- + grub-core/kern/efi/efi.c | 9 +++++++-- + grub-core/kern/emu/main.c | 2 +- + grub-core/kern/emu/misc.c | 5 +++-- + grub-core/kern/i386/coreboot/init.c | 2 +- + grub-core/kern/i386/qemu/init.c | 2 +- + grub-core/kern/ieee1275/init.c | 2 +- + grub-core/kern/mips/arc/init.c | 2 +- + grub-core/kern/mips/loongson/init.c | 2 +- + grub-core/kern/mips/qemu_mips/init.c | 2 +- + grub-core/kern/misc.c | 2 +- + grub-core/kern/uboot/init.c | 6 +++--- + grub-core/kern/xen/init.c | 2 +- + include/grub/misc.h | 2 +- + 14 files changed, 39 insertions(+), 21 deletions(-) + +diff --git a/grub-core/commands/minicmd.c b/grub-core/commands/minicmd.c +index a3a118241..b25ca4b9f 100644 +--- a/grub-core/commands/minicmd.c ++++ b/grub-core/commands/minicmd.c +@@ -176,12 +176,24 @@ grub_mini_cmd_lsmod (struct grub_command *cmd __attribute__ ((unused)), + } + + /* exit */ +-static grub_err_t __attribute__ ((noreturn)) ++static grub_err_t + grub_mini_cmd_exit (struct grub_command *cmd __attribute__ ((unused)), +- int argc __attribute__ ((unused)), +- char *argv[] __attribute__ ((unused))) ++ int argc, char *argv[]) + { +- grub_exit (); ++ int retval = -1; ++ unsigned long n; ++ ++ if (argc < 0 || argc > 1) ++ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("one argument expected")); ++ ++ if (argc == 1) ++ { ++ n = grub_strtoul (argv[0], 0, 10); ++ if (n != ~0UL) ++ retval = n; ++ } ++ ++ grub_exit (retval); + /* Not reached. */ + } + +diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c +index 708581fcb..e339f264b 100644 +--- a/grub-core/kern/efi/efi.c ++++ b/grub-core/kern/efi/efi.c +@@ -164,11 +164,16 @@ grub_reboot (void) + } + + void +-grub_exit (void) ++grub_exit (int retval) + { ++ int rc = GRUB_EFI_LOAD_ERROR; ++ ++ if (retval == 0) ++ rc = GRUB_EFI_SUCCESS; ++ + grub_machine_fini (GRUB_LOADER_FLAG_NORETURN); + efi_call_4 (grub_efi_system_table->boot_services->exit, +- grub_efi_image_handle, GRUB_EFI_SUCCESS, 0, 0); ++ grub_efi_image_handle, rc, 0, 0); + for (;;) ; + } + +diff --git a/grub-core/kern/emu/main.c b/grub-core/kern/emu/main.c +index 425bb9603..55ea5a11c 100644 +--- a/grub-core/kern/emu/main.c ++++ b/grub-core/kern/emu/main.c +@@ -67,7 +67,7 @@ grub_reboot (void) + } + + void +-grub_exit (void) ++grub_exit (int retval __attribute__((unused))) + { + grub_reboot (); + } +diff --git a/grub-core/kern/emu/misc.c b/grub-core/kern/emu/misc.c +index 76661337f..82012a72f 100644 +--- a/grub-core/kern/emu/misc.c ++++ b/grub-core/kern/emu/misc.c +@@ -137,9 +137,10 @@ xasprintf (const char *fmt, ...) + + #if !defined (GRUB_MACHINE_EMU) || defined (GRUB_UTIL) + void +-grub_exit (void) ++__attribute__ ((noreturn)) ++grub_exit (int rc) + { +- exit (1); ++ exit (rc < 0 ? 1 : rc); + } + #endif + +diff --git a/grub-core/kern/i386/coreboot/init.c b/grub-core/kern/i386/coreboot/init.c +index 3314f027f..36f9134b7 100644 +--- a/grub-core/kern/i386/coreboot/init.c ++++ b/grub-core/kern/i386/coreboot/init.c +@@ -41,7 +41,7 @@ extern grub_uint8_t _end[]; + extern grub_uint8_t _edata[]; + + void __attribute__ ((noreturn)) +-grub_exit (void) ++grub_exit (int rc __attribute__((unused))) + { + /* We can't use grub_fatal() in this function. This would create an infinite + loop, since grub_fatal() calls grub_abort() which in turn calls grub_exit(). */ +diff --git a/grub-core/kern/i386/qemu/init.c b/grub-core/kern/i386/qemu/init.c +index 271b6fbfa..9fafe98f0 100644 +--- a/grub-core/kern/i386/qemu/init.c ++++ b/grub-core/kern/i386/qemu/init.c +@@ -42,7 +42,7 @@ extern grub_uint8_t _end[]; + extern grub_uint8_t _edata[]; + + void __attribute__ ((noreturn)) +-grub_exit (void) ++grub_exit (int rc __attribute__((unused))) + { + /* We can't use grub_fatal() in this function. This would create an infinite + loop, since grub_fatal() calls grub_abort() which in turn calls grub_exit(). */ +diff --git a/grub-core/kern/ieee1275/init.c b/grub-core/kern/ieee1275/init.c +index 0d8ebf58b..f5423ce27 100644 +--- a/grub-core/kern/ieee1275/init.c ++++ b/grub-core/kern/ieee1275/init.c +@@ -68,7 +68,7 @@ grub_addr_t grub_ieee1275_original_stack; + #endif + + void +-grub_exit (void) ++grub_exit (int rc __attribute__((unused))) + { + grub_ieee1275_exit (); + } +diff --git a/grub-core/kern/mips/arc/init.c b/grub-core/kern/mips/arc/init.c +index 3834a1490..86b3a25ec 100644 +--- a/grub-core/kern/mips/arc/init.c ++++ b/grub-core/kern/mips/arc/init.c +@@ -276,7 +276,7 @@ grub_halt (void) + } + + void +-grub_exit (void) ++grub_exit (int rc __attribute__((unused))) + { + GRUB_ARC_FIRMWARE_VECTOR->exit (); + +diff --git a/grub-core/kern/mips/loongson/init.c b/grub-core/kern/mips/loongson/init.c +index 7b96531b9..dff598ca7 100644 +--- a/grub-core/kern/mips/loongson/init.c ++++ b/grub-core/kern/mips/loongson/init.c +@@ -304,7 +304,7 @@ grub_halt (void) + } + + void +-grub_exit (void) ++grub_exit (int rc __attribute__((unused))) + { + grub_halt (); + } +diff --git a/grub-core/kern/mips/qemu_mips/init.c b/grub-core/kern/mips/qemu_mips/init.c +index be88b77d2..8b6c55ffc 100644 +--- a/grub-core/kern/mips/qemu_mips/init.c ++++ b/grub-core/kern/mips/qemu_mips/init.c +@@ -75,7 +75,7 @@ grub_machine_fini (int flags __attribute__ ((unused))) + } + + void +-grub_exit (void) ++grub_exit (int rc __attribute__((unused))) + { + grub_halt (); + } +diff --git a/grub-core/kern/misc.c b/grub-core/kern/misc.c +index 3b633d51f..952411d5d 100644 +--- a/grub-core/kern/misc.c ++++ b/grub-core/kern/misc.c +@@ -1095,7 +1095,7 @@ grub_abort (void) + grub_getkey (); + } + +- grub_exit (); ++ grub_exit (1); + } + + void +diff --git a/grub-core/kern/uboot/init.c b/grub-core/kern/uboot/init.c +index 3e338645c..be2a5be1d 100644 +--- a/grub-core/kern/uboot/init.c ++++ b/grub-core/kern/uboot/init.c +@@ -39,9 +39,9 @@ extern grub_size_t grub_total_module_size; + static unsigned long timer_start; + + void +-grub_exit (void) ++grub_exit (int rc) + { +- grub_uboot_return (0); ++ grub_uboot_return (rc < 0 ? 1 : rc); + } + + static grub_uint64_t +@@ -78,7 +78,7 @@ grub_machine_init (void) + if (!ver) + { + /* Don't even have a console to log errors to... */ +- grub_exit (); ++ grub_exit (-1); + } + else if (ver > API_SIG_VERSION) + { +diff --git a/grub-core/kern/xen/init.c b/grub-core/kern/xen/init.c +index 0559c033c..fce526d41 100644 +--- a/grub-core/kern/xen/init.c ++++ b/grub-core/kern/xen/init.c +@@ -549,7 +549,7 @@ grub_machine_init (void) + } + + void +-grub_exit (void) ++grub_exit (int rc __attribute__((unused))) + { + struct sched_shutdown arg; + +diff --git a/include/grub/misc.h b/include/grub/misc.h +index 372f009e8..83fd69f4a 100644 +--- a/include/grub/misc.h ++++ b/include/grub/misc.h +@@ -334,7 +334,7 @@ int EXPORT_FUNC(grub_vsnprintf) (char *str, grub_size_t n, const char *fmt, + char *EXPORT_FUNC(grub_xasprintf) (const char *fmt, ...) + __attribute__ ((format (GNU_PRINTF, 1, 2))) WARN_UNUSED_RESULT; + char *EXPORT_FUNC(grub_xvasprintf) (const char *fmt, va_list args) WARN_UNUSED_RESULT; +-void EXPORT_FUNC(grub_exit) (void) __attribute__ ((noreturn)); ++void EXPORT_FUNC(grub_exit) (int rc) __attribute__ ((noreturn)); + grub_uint64_t EXPORT_FUNC(grub_divmod64) (grub_uint64_t n, + grub_uint64_t d, + grub_uint64_t *r); diff --git a/SOURCES/0017-Mark-po-exclude.pot-as-binary-so-git-won-t-try-to-di.patch b/SOURCES/0017-Mark-po-exclude.pot-as-binary-so-git-won-t-try-to-di.patch new file mode 100644 index 0000000..d5ec678 --- /dev/null +++ b/SOURCES/0017-Mark-po-exclude.pot-as-binary-so-git-won-t-try-to-di.patch @@ -0,0 +1,19 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Wed, 22 Jul 2015 11:21:01 -0400 +Subject: [PATCH] Mark po/exclude.pot as binary so git won't try to diff + nonprintables. + +Signed-off-by: Peter Jones +--- + .gitattributes | 1 + + 1 file changed, 1 insertion(+) + create mode 100644 .gitattributes + +diff --git a/.gitattributes b/.gitattributes +new file mode 100644 +index 000000000..33ffaa404 +--- /dev/null ++++ b/.gitattributes +@@ -0,0 +1 @@ ++po/exclude.pot binary diff --git a/SOURCES/0018-Make-efi-machines-load-an-env-block-from-a-variable.patch b/SOURCES/0018-Make-efi-machines-load-an-env-block-from-a-variable.patch new file mode 100644 index 0000000..9355df7 --- /dev/null +++ b/SOURCES/0018-Make-efi-machines-load-an-env-block-from-a-variable.patch @@ -0,0 +1,81 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Mon, 7 Dec 2015 14:20:49 -0500 +Subject: [PATCH] Make efi machines load an env block from a variable + +Signed-off-by: Peter Jones +--- + grub-core/Makefile.core.def | 1 + + grub-core/kern/efi/init.c | 34 +++++++++++++++++++++++++++++++++- + 2 files changed, 34 insertions(+), 1 deletion(-) + +diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def +index e92a7ef32..f80653882 100644 +--- a/grub-core/Makefile.core.def ++++ b/grub-core/Makefile.core.def +@@ -191,6 +191,7 @@ kernel = { + efi = term/efi/console.c; + efi = kern/acpi.c; + efi = kern/efi/acpi.c; ++ efi = lib/envblk.c; + i386_coreboot = kern/i386/pc/acpi.c; + i386_multiboot = kern/i386/pc/acpi.c; + i386_coreboot = kern/acpi.c; +diff --git a/grub-core/kern/efi/init.c b/grub-core/kern/efi/init.c +index 3dfdf2d22..71d2279a0 100644 +--- a/grub-core/kern/efi/init.c ++++ b/grub-core/kern/efi/init.c +@@ -25,9 +25,40 @@ + #include + #include + #include ++#include + + grub_addr_t grub_modbase; + ++#define GRUB_EFI_GRUB_VARIABLE_GUID \ ++ { 0x91376aff, 0xcba6, 0x42be, \ ++ { 0x94, 0x9d, 0x06, 0xfd, 0xe8, 0x11, 0x28, 0xe8 } \ ++ } ++ ++/* Helper for grub_efi_env_init */ ++static int ++set_var (const char *name, const char *value, ++ void *whitelist __attribute__((__unused__))) ++{ ++ grub_env_set (name, value); ++ return 0; ++} ++ ++static void ++grub_efi_env_init (void) ++{ ++ grub_efi_guid_t efi_grub_guid = GRUB_EFI_GRUB_VARIABLE_GUID; ++ struct grub_envblk envblk_s = { NULL, 0 }; ++ grub_envblk_t envblk = &envblk_s; ++ ++ envblk_s.buf = grub_efi_get_variable ("GRUB_ENV", &efi_grub_guid, ++ &envblk_s.size); ++ if (!envblk_s.buf || envblk_s.size < 1) ++ return; ++ ++ grub_envblk_iterate (envblk, NULL, set_var); ++ grub_free (envblk_s.buf); ++} ++ + void + grub_efi_init (void) + { +@@ -42,10 +73,11 @@ grub_efi_init (void) + efi_call_4 (grub_efi_system_table->boot_services->set_watchdog_timer, + 0, 0, 0, NULL); + ++ grub_efi_env_init (); + grub_efidisk_init (); + } + +-void (*grub_efi_net_config) (grub_efi_handle_t hnd, ++void (*grub_efi_net_config) (grub_efi_handle_t hnd, + char **device, + char **path); + diff --git a/SOURCES/0019-DHCP-client-ID-and-UUID-options-added.patch b/SOURCES/0019-DHCP-client-ID-and-UUID-options-added.patch new file mode 100644 index 0000000..a71e80e --- /dev/null +++ b/SOURCES/0019-DHCP-client-ID-and-UUID-options-added.patch @@ -0,0 +1,142 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Paulo Flabiano Smorigo +Date: Tue, 27 Nov 2012 17:18:53 -0200 +Subject: [PATCH] DHCP client ID and UUID options added. + +--- + grub-core/net/bootp.c | 87 ++++++++++++++++++++++++++++++++++++++++++++++----- + include/grub/net.h | 2 ++ + 2 files changed, 81 insertions(+), 8 deletions(-) + +diff --git a/grub-core/net/bootp.c b/grub-core/net/bootp.c +index 9e2fdb795..f03eeab2f 100644 +--- a/grub-core/net/bootp.c ++++ b/grub-core/net/bootp.c +@@ -25,6 +25,49 @@ + #include + #include + ++static char * ++grub_env_write_readonly (struct grub_env_var *var __attribute__ ((unused)), ++ const char *val __attribute__ ((unused))) ++{ ++ return NULL; ++} ++ ++static void ++set_env_limn_ro (const char *intername, const char *suffix, ++ const char *value, grub_size_t len) ++{ ++ char *varname, *varvalue; ++ char *ptr; ++ varname = grub_xasprintf ("net_%s_%s", intername, suffix); ++ if (!varname) ++ return; ++ for (ptr = varname; *ptr; ptr++) ++ if (*ptr == ':') ++ *ptr = '_'; ++ varvalue = grub_malloc (len + 1); ++ if (!varvalue) ++ { ++ grub_free (varname); ++ return; ++ } ++ ++ grub_memcpy (varvalue, value, len); ++ varvalue[len] = 0; ++ grub_env_set (varname, varvalue); ++ grub_register_variable_hook (varname, 0, grub_env_write_readonly); ++ grub_env_export (varname); ++ grub_free (varname); ++ grub_free (varvalue); ++} ++ ++static char ++hexdigit (grub_uint8_t val) ++{ ++ if (val < 10) ++ return val + '0'; ++ return val + 'a' - 10; ++} ++ + static void + parse_dhcp_vendor (const char *name, const void *vend, int limit, int *mask) + { +@@ -55,6 +98,9 @@ parse_dhcp_vendor (const char *name, const void *vend, int limit, int *mask) + + taglength = *ptr++; + ++ grub_dprintf("net", "DHCP option %u (0x%02x) found with length %u.\n", ++ tagtype, tagtype, taglength); ++ + switch (tagtype) + { + case GRUB_NET_BOOTP_NETMASK: +@@ -120,6 +166,39 @@ parse_dhcp_vendor (const char *name, const void *vend, int limit, int *mask) + taglength); + break; + ++ case GRUB_NET_BOOTP_CLIENT_ID: ++ set_env_limn_ro (name, "clientid", (char *) ptr, taglength); ++ break; ++ ++ case GRUB_NET_BOOTP_CLIENT_UUID: ++ { ++ if (taglength != 17) ++ break; ++ ++ /* The format is 9cfe245e-d0c8-bd45-a79f-54ea5fbd3d97 */ ++ ++ ptr += 1; ++ taglength -= 1; ++ ++ char *val = grub_malloc (2 * taglength + 4 + 1); ++ int i = 0; ++ int j = 0; ++ for (i = 0; i < taglength; i++) ++ { ++ val[2 * i + j] = hexdigit (ptr[i] >> 4); ++ val[2 * i + 1 + j] = hexdigit (ptr[i] & 0xf); ++ ++ if ((i == 3) || (i == 5) || (i == 7) || (i == 9)) ++ { ++ j++; ++ val[2 * i + 1+ j] = '-'; ++ } ++ } ++ ++ set_env_limn_ro (name, "clientuuid", (char *) val, 2 * taglength + 4); ++ } ++ break; ++ + /* If you need any other options please contact GRUB + development team. */ + } +@@ -302,14 +381,6 @@ grub_net_process_dhcp (struct grub_net_buff *nb, + } + } + +-static char +-hexdigit (grub_uint8_t val) +-{ +- if (val < 10) +- return val + '0'; +- return val + 'a' - 10; +-} +- + static grub_err_t + grub_cmd_dhcpopt (struct grub_command *cmd __attribute__ ((unused)), + int argc, char **args) +diff --git a/include/grub/net.h b/include/grub/net.h +index 1096b2432..e266bae23 100644 +--- a/include/grub/net.h ++++ b/include/grub/net.h +@@ -457,6 +457,8 @@ enum + GRUB_NET_BOOTP_DOMAIN = 0x0f, + GRUB_NET_BOOTP_ROOT_PATH = 0x11, + GRUB_NET_BOOTP_EXTENSIONS_PATH = 0x12, ++ GRUB_NET_BOOTP_CLIENT_ID = 0x3d, ++ GRUB_NET_BOOTP_CLIENT_UUID = 0x61, + GRUB_NET_BOOTP_END = 0xff + }; + diff --git a/SOURCES/0020-trim-arp-packets-with-abnormal-size.patch b/SOURCES/0020-trim-arp-packets-with-abnormal-size.patch new file mode 100644 index 0000000..62b00cc --- /dev/null +++ b/SOURCES/0020-trim-arp-packets-with-abnormal-size.patch @@ -0,0 +1,28 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Paulo Flabiano Smorigo +Date: Wed, 5 Feb 2014 09:42:42 -0200 +Subject: [PATCH] trim arp packets with abnormal size + +GRUB uses arp request to create the arp response. If the incoming packet +is foobared, GRUB needs to trim the arp response packet before sending it. +--- + grub-core/net/arp.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/grub-core/net/arp.c b/grub-core/net/arp.c +index 54306e3b1..d1c69ed2b 100644 +--- a/grub-core/net/arp.c ++++ b/grub-core/net/arp.c +@@ -150,6 +150,12 @@ grub_net_arp_receive (struct grub_net_buff *nb, struct grub_net_card *card, + if (grub_net_addr_cmp (&inf->address, &target_addr) == 0 + && arp_packet->op == grub_cpu_to_be16_compile_time (ARP_REQUEST)) + { ++ if ((nb->tail - nb->data) > 50) ++ { ++ grub_dprintf ("net", "arp packet with abnormal size (%ld bytes).\n", ++ nb->tail - nb->data); ++ nb->tail = nb->data + 50; ++ } + grub_net_link_level_address_t target; + struct grub_net_buff nb_reply; + struct arppkt *arp_reply; diff --git a/SOURCES/0021-Fix-bad-test-on-GRUB_DISABLE_SUBMENU.patch b/SOURCES/0021-Fix-bad-test-on-GRUB_DISABLE_SUBMENU.patch new file mode 100644 index 0000000..66a0712 --- /dev/null +++ b/SOURCES/0021-Fix-bad-test-on-GRUB_DISABLE_SUBMENU.patch @@ -0,0 +1,38 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Prarit Bhargava +Date: Wed, 12 Mar 2014 10:58:16 -0400 +Subject: [PATCH] Fix bad test on GRUB_DISABLE_SUBMENU. + +The file /etc/grub.d/10_linux does + +if [ "x$is_top_level" = xtrue ] && [ "x${GRUB_DISABLE_SUBMENU}" != xy ]; then + +when it should do + +if [ "x$is_top_level" = xtrue ] && [ "x${GRUB_DISABLE_SUBMENU}" != xtrue ]; then + +which results in submenus in /boot/grub2/grub.cfg when +GRUB_DISABLE_SUBMENU="yes". + +Resolves: rhbz#1063414 +--- + util/grub.d/10_linux.in | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in +index 61ebd7dc7..87a7da349 100644 +--- a/util/grub.d/10_linux.in ++++ b/util/grub.d/10_linux.in +@@ -261,7 +261,11 @@ while [ "x$list" != "x" ] ; do + fi + fi + +- if [ "x$is_top_level" = xtrue ] && [ "x${GRUB_DISABLE_SUBMENU}" != xy ]; then ++ if [ "x${GRUB_DISABLE_SUBMENU}" = "xyes" ] || [ "x${GRUB_DISABLE_SUBMENU}" = "xy" ]; then ++ GRUB_DISABLE_SUBMENU="true" ++ fi ++ ++ if [ "x$is_top_level" = xtrue ] && [ "x${GRUB_DISABLE_SUBMENU}" != xtrue ]; then + linux_entry "${OS}" "${version}" simple \ + "${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT}" + diff --git a/SOURCES/0022-Add-support-for-UEFI-operating-systems-returned-by-o.patch b/SOURCES/0022-Add-support-for-UEFI-operating-systems-returned-by-o.patch new file mode 100644 index 0000000..726afa9 --- /dev/null +++ b/SOURCES/0022-Add-support-for-UEFI-operating-systems-returned-by-o.patch @@ -0,0 +1,46 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Matthew Garrett +Date: Wed, 12 Jun 2013 11:51:49 -0400 +Subject: [PATCH] Add support for UEFI operating systems returned by os-prober + +os-prober returns UEFI operating systems in the form: + +path:long-name:name + +where path is the path under the EFI directory on the ESP. This is in +contrast to legacy OSes, where path is the device string. Handle this case. +--- + util/grub.d/30_os-prober.in | 21 ++++++++++++++++++--- + 1 file changed, 18 insertions(+), 3 deletions(-) + +diff --git a/util/grub.d/30_os-prober.in b/util/grub.d/30_os-prober.in +index 515a68c7a..9b8f5968e 100644 +--- a/util/grub.d/30_os-prober.in ++++ b/util/grub.d/30_os-prober.in +@@ -328,8 +328,23 @@ EOF + EOF + ;; + *) +- # TRANSLATORS: %s is replaced by OS name. +- gettext_printf "%s is not yet supported by grub-mkconfig.\n" " ${LONGNAME}" >&2 +- ;; ++ case ${DEVICE} in ++ *.efi) ++ cat << EOF ++menuentry '$(echo "${LONGNAME}" | grub_quote)' { ++EOF ++ save_default_entry | grub_add_tab ++ cat << EOF ++ chainloader /EFI/${DEVICE} ++ boot ++} ++EOF ++ ;; ++ *) ++ echo -n " " ++ # TRANSLATORS: %s is replaced by OS name. ++ gettext_printf "%s is not yet supported by grub-mkconfig.\n" "${LONGNAME}" >&2 ++ ;; ++ esac + esac + done diff --git a/SOURCES/0023-Migrate-PPC-from-Yaboot-to-Grub2.patch b/SOURCES/0023-Migrate-PPC-from-Yaboot-to-Grub2.patch new file mode 100644 index 0000000..2a9802e --- /dev/null +++ b/SOURCES/0023-Migrate-PPC-from-Yaboot-to-Grub2.patch @@ -0,0 +1,151 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Mark Hamzy +Date: Wed, 28 Mar 2012 14:46:41 -0500 +Subject: [PATCH] Migrate PPC from Yaboot to Grub2 + +Add configuration support for serial terminal consoles. This will set the +maximum screen size so that text is not overwritten. +--- + Makefile.util.def | 7 +++ + util/grub.d/20_ppc_terminfo.in | 114 +++++++++++++++++++++++++++++++++++++++++ + 2 files changed, 121 insertions(+) + create mode 100644 util/grub.d/20_ppc_terminfo.in + +diff --git a/Makefile.util.def b/Makefile.util.def +index 3180ac880..c7b775bce 100644 +--- a/Makefile.util.def ++++ b/Makefile.util.def +@@ -487,6 +487,13 @@ script = { + condition = COND_HOST_LINUX; + }; + ++script = { ++ name = '20_ppc_terminfo'; ++ common = util/grub.d/20_ppc_terminfo.in; ++ installdir = grubconf; ++ condition = COND_HOST_LINUX; ++}; ++ + script = { + name = '30_os-prober'; + common = util/grub.d/30_os-prober.in; +diff --git a/util/grub.d/20_ppc_terminfo.in b/util/grub.d/20_ppc_terminfo.in +new file mode 100644 +index 000000000..10d665868 +--- /dev/null ++++ b/util/grub.d/20_ppc_terminfo.in +@@ -0,0 +1,114 @@ ++#! /bin/sh ++set -e ++ ++# grub-mkconfig helper script. ++# Copyright (C) 2006,2007,2008,2009,2010 Free Software Foundation, Inc. ++# ++# GRUB is free software: you can redistribute it and/or modify ++# it under the terms of the GNU General Public License as published by ++# the Free Software Foundation, either version 3 of the License, or ++# (at your option) any later version. ++# ++# GRUB is distributed in the hope that it will be useful, ++# but WITHOUT ANY WARRANTY; without even the implied warranty of ++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++# GNU General Public License for more details. ++# ++# You should have received a copy of the GNU General Public License ++# along with GRUB. If not, see . ++ ++prefix=@prefix@ ++exec_prefix=@exec_prefix@ ++bindir=@bindir@ ++libdir=@libdir@ ++. "@datadir@/@PACKAGE@/grub-mkconfig_lib" ++ ++export TEXTDOMAIN=@PACKAGE@ ++export TEXTDOMAINDIR=@localedir@ ++ ++X=80 ++Y=24 ++TERMINAL=ofconsole ++ ++argument () { ++ opt=$1 ++ shift ++ ++ if test $# -eq 0; then ++ echo "$0: option requires an argument -- '$opt'" 1>&2 ++ exit 1 ++ fi ++ echo $1 ++} ++ ++check_terminfo () { ++ ++ while test $# -gt 0 ++ do ++ option=$1 ++ shift ++ ++ case "$option" in ++ terminfo | TERMINFO) ++ ;; ++ ++ -g) ++ NEWXY=`argument $option "$@"` ++ NEWX=`echo $NEWXY | cut -d x -f 1` ++ NEWY=`echo $NEWXY | cut -d x -f 2` ++ ++ if [ ${NEWX} -ge 80 ] ; then ++ X=${NEWX} ++ else ++ echo "Warning: ${NEWX} is less than the minimum size of 80" ++ fi ++ ++ if [ ${NEWY} -ge 24 ] ; then ++ Y=${NEWY} ++ else ++ echo "Warning: ${NEWY} is less than the minimum size of 24" ++ fi ++ ++ shift ++ ;; ++ ++ *) ++# # accept console or ofconsole ++# if [ "$option" != "console" -a "$option" != "ofconsole" ] ; then ++# echo "Error: GRUB_TERMINFO unknown console: $option" ++# exit 1 ++# fi ++# # perfer console ++# TERMINAL=console ++ # accept ofconsole ++ if [ "$option" != "ofconsole" ] ; then ++ echo "Error: GRUB_TERMINFO unknown console: $option" ++ exit 1 ++ fi ++ # perfer console ++ TERMINAL=ofconsole ++ ;; ++ esac ++ ++ done ++ ++} ++ ++if ! uname -m | grep -q ppc ; then ++ exit 0 ++fi ++ ++if [ "x${GRUB_TERMINFO}" != "x" ] ; then ++ F1=`echo ${GRUB_TERMINFO} | cut -d " " -f 1` ++ ++ if [ "${F1}" != "terminfo" ] ; then ++ echo "Error: GRUB_TERMINFO is set to \"${GRUB_TERMINFO}\" The first word should be terminfo." ++ exit 1 ++ fi ++ ++ check_terminfo ${GRUB_TERMINFO} ++fi ++ ++cat << EOF ++ terminfo -g ${X}x${Y} ${TERMINAL} ++EOF diff --git a/SOURCES/0024-Add-fw_path-variable-revised.patch b/SOURCES/0024-Add-fw_path-variable-revised.patch new file mode 100644 index 0000000..787599b --- /dev/null +++ b/SOURCES/0024-Add-fw_path-variable-revised.patch @@ -0,0 +1,78 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Paulo Flabiano Smorigo +Date: Wed, 19 Sep 2012 21:22:55 -0300 +Subject: [PATCH] Add fw_path variable (revised) + +This patch makes grub look for its config file on efi where the app was +found. It was originally written by Matthew Garrett, and adapted to fix the +"No modules are loaded on grub2 network boot" issue: + +https://bugzilla.redhat.com/show_bug.cgi?id=857936 +--- + grub-core/kern/main.c | 13 ++++++------- + grub-core/normal/main.c | 25 ++++++++++++++++++++++++- + 2 files changed, 30 insertions(+), 8 deletions(-) + +diff --git a/grub-core/kern/main.c b/grub-core/kern/main.c +index 9cad0c448..8ab7794c4 100644 +--- a/grub-core/kern/main.c ++++ b/grub-core/kern/main.c +@@ -127,16 +127,15 @@ grub_set_prefix_and_root (void) + + grub_machine_get_bootlocation (&fwdevice, &fwpath); + +- if (fwdevice) ++ if (fwdevice && fwpath) + { +- char *cmdpath; ++ char *fw_path; + +- cmdpath = grub_xasprintf ("(%s)%s", fwdevice, fwpath ? : ""); +- if (cmdpath) ++ fw_path = grub_xasprintf ("(%s)/%s", fwdevice, fwpath); ++ if (fw_path) + { +- grub_env_set ("cmdpath", cmdpath); +- grub_env_export ("cmdpath"); +- grub_free (cmdpath); ++ grub_env_set ("fw_path", fw_path); ++ grub_free (fw_path); + } + } + +diff --git a/grub-core/normal/main.c b/grub-core/normal/main.c +index 249e19bc7..759c475c4 100644 +--- a/grub-core/normal/main.c ++++ b/grub-core/normal/main.c +@@ -338,7 +338,30 @@ grub_cmd_normal (struct grub_command *cmd __attribute__ ((unused)), + /* Guess the config filename. It is necessary to make CONFIG static, + so that it won't get broken by longjmp. */ + char *config; +- const char *prefix; ++ const char *prefix, *fw_path; ++ ++ fw_path = grub_env_get ("fw_path"); ++ if (fw_path) ++ { ++ config = grub_xasprintf ("%s/grub.cfg", fw_path); ++ if (config) ++ { ++ grub_file_t file; ++ ++ file = grub_file_open (config); ++ if (file) ++ { ++ grub_file_close (file); ++ grub_enter_normal_mode (config); ++ } ++ else ++ { ++ /* Ignore all errors. */ ++ grub_errno = 0; ++ } ++ grub_free (config); ++ } ++ } + + prefix = grub_env_get ("prefix"); + if (prefix) diff --git a/SOURCES/0025-Pass-x-hex-hex-straight-through-unmolested.patch b/SOURCES/0025-Pass-x-hex-hex-straight-through-unmolested.patch new file mode 100644 index 0000000..0a4c15c --- /dev/null +++ b/SOURCES/0025-Pass-x-hex-hex-straight-through-unmolested.patch @@ -0,0 +1,179 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Mon, 1 Oct 2012 13:24:37 -0400 +Subject: [PATCH] Pass "\x[[:hex:]][[:hex:]]" straight through unmolested. + +--- + grub-core/commands/wildcard.c | 16 +++++++++++++++- + grub-core/lib/cmdline.c | 34 ++++++++++++++++++++++++++++++++-- + grub-core/script/execute.c | 43 +++++++++++++++++++++++++++++++++++++------ + 3 files changed, 84 insertions(+), 9 deletions(-) + +diff --git a/grub-core/commands/wildcard.c b/grub-core/commands/wildcard.c +index 9b4e72766..02c46f9fd 100644 +--- a/grub-core/commands/wildcard.c ++++ b/grub-core/commands/wildcard.c +@@ -462,6 +462,12 @@ check_file (const char *dir, const char *basename) + return ctx.found; + } + ++static int ++is_hex(char c) ++{ ++ return ((c >= '0' && c <= '9') || (c >= 'a' && c <= 'f') || (c >= 'A' && c <= 'F')); ++} ++ + static void + unescape (char *out, const char *in, const char *end) + { +@@ -470,7 +476,15 @@ unescape (char *out, const char *in, const char *end) + + for (optr = out, iptr = in; iptr < end;) + { +- if (*iptr == '\\' && iptr + 1 < end) ++ if (*iptr == '\\' && iptr + 3 < end && iptr[1] == 'x' && is_hex(iptr[2]) && is_hex(iptr[3])) ++ { ++ *optr++ = *iptr++; ++ *optr++ = *iptr++; ++ *optr++ = *iptr++; ++ *optr++ = *iptr++; ++ continue; ++ } ++ else if (*iptr == '\\' && iptr + 1 < end) + { + *optr++ = iptr[1]; + iptr += 2; +diff --git a/grub-core/lib/cmdline.c b/grub-core/lib/cmdline.c +index d5e10ee87..0a5b2afb9 100644 +--- a/grub-core/lib/cmdline.c ++++ b/grub-core/lib/cmdline.c +@@ -20,6 +20,12 @@ + #include + #include + ++static int ++is_hex(char c) ++{ ++ return ((c >= '0' && c <= '9') || (c >= 'a' && c <= 'f') || (c >= 'A' && c <= 'F')); ++} ++ + static unsigned int check_arg (char *c, int *has_space) + { + int space = 0; +@@ -27,7 +33,13 @@ static unsigned int check_arg (char *c, int *has_space) + + while (*c) + { +- if (*c == '\\' || *c == '\'' || *c == '"') ++ if (*c == '\\' && *(c+1) == 'x' && is_hex(*(c+2)) && is_hex(*(c+3))) ++ { ++ size += 4; ++ c += 4; ++ continue; ++ } ++ else if (*c == '\\' || *c == '\'' || *c == '"') + size++; + else if (*c == ' ') + space = 1; +@@ -85,7 +97,25 @@ int grub_create_loader_cmdline (int argc, char *argv[], char *buf, + + while (*c) + { +- if (*c == '\\' || *c == '\'' || *c == '"') ++ if (*c == ' ') ++ { ++ *buf++ = '\\'; ++ *buf++ = 'x'; ++ *buf++ = '2'; ++ *buf++ = '0'; ++ c++; ++ continue; ++ } ++ else if (*c == '\\' && *(c+1) == 'x' && ++ is_hex(*(c+2)) && is_hex(*(c+3))) ++ { ++ *buf++ = *c++; ++ *buf++ = *c++; ++ *buf++ = *c++; ++ *buf++ = *c++; ++ continue; ++ } ++ else if (*c == '\\' || *c == '\'' || *c == '"') + *buf++ = '\\'; + + *buf++ = *c; +diff --git a/grub-core/script/execute.c b/grub-core/script/execute.c +index ab78ca87f..cf6cd6601 100644 +--- a/grub-core/script/execute.c ++++ b/grub-core/script/execute.c +@@ -55,6 +55,12 @@ static struct grub_script_scope *scope = 0; + /* Wildcard translator for GRUB script. */ + struct grub_script_wildcard_translator *grub_wildcard_translator; + ++static int ++is_hex(char c) ++{ ++ return ((c >= '0' && c <= '9') || (c >= 'a' && c <= 'f') || (c >= 'A' && c <= 'F')); ++} ++ + static char* + wildcard_escape (const char *s) + { +@@ -71,7 +77,15 @@ wildcard_escape (const char *s) + i = 0; + while ((ch = *s++)) + { +- if (ch == '*' || ch == '\\' || ch == '?') ++ if (ch == '\\' && s[0] == 'x' && is_hex(s[1]) && is_hex(s[2])) ++ { ++ p[i++] = ch; ++ p[i++] = *s++; ++ p[i++] = *s++; ++ p[i++] = *s++; ++ continue; ++ } ++ else if (ch == '*' || ch == '\\' || ch == '?') + p[i++] = '\\'; + p[i++] = ch; + } +@@ -95,7 +109,14 @@ wildcard_unescape (const char *s) + i = 0; + while ((ch = *s++)) + { +- if (ch == '\\') ++ if (ch == '\\' && s[0] == 'x' && is_hex(s[1]) && is_hex(s[2])) ++ { ++ p[i++] = '\\'; ++ p[i++] = *s++; ++ p[i++] = *s++; ++ p[i++] = *s++; ++ } ++ else if (ch == '\\') + p[i++] = *s++; + else + p[i++] = ch; +@@ -397,10 +418,20 @@ parse_string (const char *str, + switch (*ptr) + { + case '\\': +- escaped = !escaped; +- if (!escaped && put) +- *(put++) = '\\'; +- ptr++; ++ if (!escaped && put && *(ptr+1) == 'x' && is_hex(*(ptr+2)) && is_hex(*(ptr+3))) ++ { ++ *(put++) = *ptr++; ++ *(put++) = *ptr++; ++ *(put++) = *ptr++; ++ *(put++) = *ptr++; ++ } ++ else ++ { ++ escaped = !escaped; ++ if (!escaped && put) ++ *(put++) = '\\'; ++ ptr++; ++ } + break; + case '$': + if (escaped) diff --git a/SOURCES/0026-Add-X-option-to-printf-functions.patch b/SOURCES/0026-Add-X-option-to-printf-functions.patch new file mode 100644 index 0000000..23b0ccf --- /dev/null +++ b/SOURCES/0026-Add-X-option-to-printf-functions.patch @@ -0,0 +1,55 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Paulo Flabiano Smorigo +Date: Tue, 27 Nov 2012 16:58:39 -0200 +Subject: [PATCH] Add %X option to printf functions. + +--- + grub-core/kern/misc.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/grub-core/kern/misc.c b/grub-core/kern/misc.c +index 952411d5d..8344526be 100644 +--- a/grub-core/kern/misc.c ++++ b/grub-core/kern/misc.c +@@ -588,7 +588,7 @@ grub_divmod64 (grub_uint64_t n, grub_uint64_t d, grub_uint64_t *r) + static inline char * + grub_lltoa (char *str, int c, unsigned long long n) + { +- unsigned base = (c == 'x') ? 16 : 10; ++ unsigned base = ((c == 'x') || (c == 'X')) ? 16 : 10; + char *p; + + if ((long long) n < 0 && c == 'd') +@@ -603,7 +603,7 @@ grub_lltoa (char *str, int c, unsigned long long n) + do + { + unsigned d = (unsigned) (n & 0xf); +- *p++ = (d > 9) ? d + 'a' - 10 : d + '0'; ++ *p++ = (d > 9) ? d + ((c == 'x') ? 'a' : 'A') - 10 : d + '0'; + } + while (n >>= 4); + else +@@ -676,6 +676,7 @@ parse_printf_args (const char *fmt0, struct printf_args *args, + { + case 'p': + case 'x': ++ case 'X': + case 'u': + case 'd': + case 'c': +@@ -762,6 +763,7 @@ parse_printf_args (const char *fmt0, struct printf_args *args, + switch (c) + { + case 'x': ++ case 'X': + case 'u': + args->ptr[curn].type = UNSIGNED_INT + longfmt; + break; +@@ -900,6 +902,7 @@ grub_vsnprintf_real (char *str, grub_size_t max_len, const char *fmt0, + c = 'x'; + /* Fall through. */ + case 'x': ++ case 'X': + case 'u': + case 'd': + { diff --git a/SOURCES/0027-Search-for-specific-config-file-for-netboot.patch b/SOURCES/0027-Search-for-specific-config-file-for-netboot.patch new file mode 100644 index 0000000..5eaba01 --- /dev/null +++ b/SOURCES/0027-Search-for-specific-config-file-for-netboot.patch @@ -0,0 +1,200 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Paulo Flabiano Smorigo +Date: Tue, 27 Nov 2012 17:22:07 -0200 +Subject: [PATCH] Search for specific config file for netboot + +This patch implements a search for a specific configuration when the config +file is on a remoteserver. It uses the following order: + 1) DHCP client UUID option. + 2) MAC address (in lower case hexadecimal with dash separators); + 3) IP (in upper case hexadecimal) or IPv6; + 4) The original grub.cfg file. + +This procedure is similar to what is used by pxelinux and yaboot: +http://www.syslinux.org/wiki/index.php/PXELINUX#config + +This should close the bugzilla: +https://bugzilla.redhat.com/show_bug.cgi?id=873406 +--- + grub-core/net/net.c | 118 ++++++++++++++++++++++++++++++++++++++++++++++++ + grub-core/normal/main.c | 18 ++++++-- + include/grub/net.h | 3 ++ + 3 files changed, 135 insertions(+), 4 deletions(-) + +diff --git a/grub-core/net/net.c b/grub-core/net/net.c +index 10773fc34..0769bf850 100644 +--- a/grub-core/net/net.c ++++ b/grub-core/net/net.c +@@ -1735,6 +1735,124 @@ grub_net_restore_hw (void) + return GRUB_ERR_NONE; + } + ++grub_err_t ++grub_net_search_configfile (char *config) ++{ ++ grub_size_t config_len; ++ char *suffix; ++ ++ auto int search_through (grub_size_t num_tries, grub_size_t slice_size); ++ int search_through (grub_size_t num_tries, grub_size_t slice_size) ++ { ++ while (num_tries-- > 0) ++ { ++ grub_dprintf ("net", "probe %s\n", config); ++ ++ grub_file_t file; ++ file = grub_file_open (config); ++ ++ if (file) ++ { ++ grub_file_close (file); ++ grub_dprintf ("net", "found!\n"); ++ return 0; ++ } ++ else ++ { ++ if (grub_errno == GRUB_ERR_IO) ++ grub_errno = GRUB_ERR_NONE; ++ } ++ ++ if (grub_strlen (suffix) < slice_size) ++ break; ++ ++ config[grub_strlen (config) - slice_size] = '\0'; ++ } ++ ++ return 1; ++ } ++ ++ config_len = grub_strlen (config); ++ config[config_len] = '-'; ++ suffix = config + config_len + 1; ++ ++ struct grub_net_network_level_interface *inf; ++ FOR_NET_NETWORK_LEVEL_INTERFACES (inf) ++ { ++ /* By the Client UUID. */ ++ ++ char client_uuid_var[sizeof ("net_") + grub_strlen (inf->name) + ++ sizeof ("_clientuuid") + 1]; ++ grub_snprintf (client_uuid_var, sizeof (client_uuid_var), ++ "net_%s_clientuuid", inf->name); ++ ++ const char *client_uuid; ++ client_uuid = grub_env_get (client_uuid_var); ++ ++ if (client_uuid) ++ { ++ grub_strcpy (suffix, client_uuid); ++ if (search_through (1, 0) == 0) return GRUB_ERR_NONE; ++ } ++ ++ /* By the MAC address. */ ++ ++ /* Add ethernet type */ ++ grub_strcpy (suffix, "01-"); ++ ++ grub_net_hwaddr_to_str (&inf->hwaddress, suffix + 3); ++ ++ char *ptr; ++ for (ptr = suffix; *ptr; ptr++) ++ if (*ptr == ':') ++ *ptr = '-'; ++ ++ if (search_through (1, 0) == 0) return GRUB_ERR_NONE; ++ ++ /* By IP address */ ++ ++ switch ((&inf->address)->type) ++ { ++ case GRUB_NET_NETWORK_LEVEL_PROTOCOL_IPV4: ++ { ++ grub_uint32_t n = grub_be_to_cpu32 ((&inf->address)->ipv4); ++ grub_snprintf (suffix, GRUB_NET_MAX_STR_ADDR_LEN, "%02X%02X%02X%02X", \ ++ ((n >> 24) & 0xff), ((n >> 16) & 0xff), \ ++ ((n >> 8) & 0xff), ((n >> 0) & 0xff)); ++ ++ if (search_through (8, 1) == 0) return GRUB_ERR_NONE; ++ break; ++ } ++ case GRUB_NET_NETWORK_LEVEL_PROTOCOL_IPV6: ++ { ++ char buf[GRUB_NET_MAX_STR_ADDR_LEN]; ++ struct grub_net_network_level_address base; ++ base.type = GRUB_NET_NETWORK_LEVEL_PROTOCOL_IPV6; ++ grub_memcpy (&base.ipv6, ((&inf->address)->ipv6), 16); ++ grub_net_addr_to_str (&base, buf); ++ ++ for (ptr = buf; *ptr; ptr++) ++ if (*ptr == ':') ++ *ptr = '-'; ++ ++ grub_snprintf (suffix, GRUB_NET_MAX_STR_ADDR_LEN, "%s", buf); ++ if (search_through (1, 0) == 0) return GRUB_ERR_NONE; ++ break; ++ } ++ case GRUB_NET_NETWORK_LEVEL_PROTOCOL_DHCP_RECV: ++ return grub_error (GRUB_ERR_BUG, "shouldn't reach here"); ++ default: ++ return grub_error (GRUB_ERR_BUG, ++ "unsupported address type %d", (&inf->address)->type); ++ } ++ } ++ ++ /* Remove the remaining minus sign at the end. */ ++ config[config_len] = '\0'; ++ ++ return GRUB_ERR_NONE; ++} ++ + static struct grub_preboot *fini_hnd; + + static grub_command_t cmd_addaddr, cmd_deladdr, cmd_addroute, cmd_delroute; +diff --git a/grub-core/normal/main.c b/grub-core/normal/main.c +index 759c475c4..b2654ef62 100644 +--- a/grub-core/normal/main.c ++++ b/grub-core/normal/main.c +@@ -33,6 +33,7 @@ + #include + #include + #include ++#include + #ifdef GRUB_MACHINE_IEEE1275 + #include + #endif +@@ -365,10 +366,19 @@ grub_cmd_normal (struct grub_command *cmd __attribute__ ((unused)), + + prefix = grub_env_get ("prefix"); + if (prefix) +- { +- config = grub_xasprintf ("%s/grub.cfg", prefix); +- if (! config) +- goto quit; ++ { ++ grub_size_t config_len; ++ config_len = grub_strlen (prefix) + ++ sizeof ("/grub.cfg-XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"); ++ config = grub_malloc (config_len); ++ ++ if (! config) ++ goto quit; ++ ++ grub_snprintf (config, config_len, "%s/grub.cfg", prefix); ++ ++ if (grub_strncmp (prefix + 1, "tftp", sizeof ("tftp") - 1) == 0) ++ grub_net_search_configfile (config); + + grub_enter_normal_mode (config); + grub_free (config); +diff --git a/include/grub/net.h b/include/grub/net.h +index e266bae23..50d62ab0c 100644 +--- a/include/grub/net.h ++++ b/include/grub/net.h +@@ -566,4 +566,7 @@ extern char *grub_net_default_server; + + #define VLANTAG_IDENTIFIER 0x8100 + ++grub_err_t ++grub_net_search_configfile (char *config); ++ + #endif /* ! GRUB_NET_HEADER */ diff --git a/SOURCES/0028-blscfg-add-blscfg-module-to-parse-Boot-Loader-Specif.patch b/SOURCES/0028-blscfg-add-blscfg-module-to-parse-Boot-Loader-Specif.patch new file mode 100644 index 0000000..bef5393 --- /dev/null +++ b/SOURCES/0028-blscfg-add-blscfg-module-to-parse-Boot-Loader-Specif.patch @@ -0,0 +1,248 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Fedora Ninjas +Date: Tue, 22 Jan 2013 06:31:38 +0100 +Subject: [PATCH] blscfg: add blscfg module to parse Boot Loader Specification + snippets + +http://www.freedesktop.org/wiki/Specifications/BootLoaderSpec + +Works like this: + + insmod blscfg + bls_import + +Done! You should now have menu items for your snippets in place. + +Signed-off-by: Peter Jones +--- + grub-core/Makefile.core.def | 8 ++ + grub-core/commands/blscfg.c | 201 ++++++++++++++++++++++++++++++++++++++++++++ + 2 files changed, 209 insertions(+) + create mode 100644 grub-core/commands/blscfg.c + +diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def +index f80653882..cd0902b46 100644 +--- a/grub-core/Makefile.core.def ++++ b/grub-core/Makefile.core.def +@@ -768,6 +768,14 @@ module = { + common = commands/blocklist.c; + }; + ++module = { ++ name = blscfg; ++ common = commands/blscfg.c; ++ enable = i386_efi; ++ enable = x86_64_efi; ++ enable = i386_pc; ++}; ++ + module = { + name = boot; + common = commands/boot.c; +diff --git a/grub-core/commands/blscfg.c b/grub-core/commands/blscfg.c +new file mode 100644 +index 000000000..4274aca5a +--- /dev/null ++++ b/grub-core/commands/blscfg.c +@@ -0,0 +1,201 @@ ++/*-*- Mode: C; c-basic-offset: 2; indent-tabs-mode: t -*-*/ ++ ++/* bls.c - implementation of the boot loader spec */ ++ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ */ ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++GRUB_MOD_LICENSE ("GPLv3+"); ++ ++#ifdef GRUB_MACHINE_EFI ++#define GRUB_LINUX_CMD "linuxefi" ++#define GRUB_INITRD_CMD "initrdefi" ++#define GRUB_BLS_CONFIG_PATH "/EFI/fedora/loader/entries/" ++#define GRUB_BOOT_DEVICE "($boot)" ++#else ++#define GRUB_LINUX_CMD "linux" ++#define GRUB_INITRD_CMD "initrd" ++#define GRUB_BLS_CONFIG_PATH "/loader/entries/" ++#define GRUB_BOOT_DEVICE "($root)" ++#endif ++ ++static int parse_entry ( ++ const char *filename, ++ const struct grub_dirhook_info *info __attribute__ ((unused)), ++ void *data __attribute__ ((unused))) ++{ ++ grub_size_t n; ++ char *p; ++ grub_file_t f = NULL; ++ grub_off_t sz; ++ char *title = NULL, *options = NULL, *clinux = NULL, *initrd = NULL, *src = NULL; ++ const char *args[2] = { NULL, NULL }; ++ ++ if (filename[0] == '.') ++ return 0; ++ ++ n = grub_strlen (filename); ++ if (n <= 5) ++ return 0; ++ ++ if (grub_strcmp (filename + n - 5, ".conf") != 0) ++ return 0; ++ ++ p = grub_xasprintf (GRUB_BLS_CONFIG_PATH "%s", filename); ++ ++ f = grub_file_open (p); ++ if (!f) ++ goto finish; ++ ++ sz = grub_file_size (f); ++ if (sz == GRUB_FILE_SIZE_UNKNOWN || sz > 1024*1024) ++ goto finish; ++ ++ for (;;) ++ { ++ char *buf; ++ ++ buf = grub_file_getline (f); ++ if (!buf) ++ break; ++ ++ if (grub_strncmp (buf, "title ", 6) == 0) ++ { ++ grub_free (title); ++ title = grub_strdup (buf + 6); ++ if (!title) ++ goto finish; ++ } ++ else if (grub_strncmp (buf, "options ", 8) == 0) ++ { ++ grub_free (options); ++ options = grub_strdup (buf + 8); ++ if (!options) ++ goto finish; ++ } ++ else if (grub_strncmp (buf, "linux ", 6) == 0) ++ { ++ grub_free (clinux); ++ clinux = grub_strdup (buf + 6); ++ if (!clinux) ++ goto finish; ++ } ++ else if (grub_strncmp (buf, "initrd ", 7) == 0) ++ { ++ grub_free (initrd); ++ initrd = grub_strdup (buf + 7); ++ if (!initrd) ++ goto finish; ++ } ++ ++ grub_free(buf); ++ } ++ ++ if (!linux) ++ { ++ grub_printf ("Skipping file %s with no 'linux' key.", p); ++ goto finish; ++ } ++ ++ args[0] = title ? title : filename; ++ ++ src = grub_xasprintf ("load_video\n" ++ "set gfx_payload=keep\n" ++ "insmod gzio\n" ++ GRUB_LINUX_CMD " %s%s%s%s\n" ++ "%s%s%s%s", ++ GRUB_BOOT_DEVICE, clinux, options ? " " : "", options ? options : "", ++ initrd ? GRUB_INITRD_CMD " " : "", initrd ? GRUB_BOOT_DEVICE : "", initrd ? initrd : "", initrd ? "\n" : ""); ++ ++ grub_normal_add_menu_entry (1, args, NULL, NULL, "bls", NULL, NULL, src, 0); ++ ++finish: ++ grub_free (p); ++ grub_free (title); ++ grub_free (options); ++ grub_free (clinux); ++ grub_free (initrd); ++ grub_free (src); ++ ++ if (f) ++ grub_file_close (f); ++ ++ return 0; ++} ++ ++static grub_err_t ++grub_cmd_bls_import (grub_extcmd_context_t ctxt __attribute__ ((unused)), ++ int argc __attribute__ ((unused)), ++ char **args __attribute__ ((unused))) ++{ ++ grub_fs_t fs; ++ grub_device_t dev; ++ static grub_err_t r; ++ const char *devid; ++ ++ devid = grub_env_get ("root"); ++ if (!devid) ++ return grub_error (GRUB_ERR_FILE_NOT_FOUND, N_("variable `%s' isn't set"), "root"); ++ ++ dev = grub_device_open (devid); ++ if (!dev) ++ return grub_errno; ++ ++ fs = grub_fs_probe (dev); ++ if (!fs) ++ { ++ r = grub_errno; ++ goto finish; ++ } ++ ++ r = fs->dir (dev, GRUB_BLS_CONFIG_PATH, parse_entry, NULL); ++ ++finish: ++ if (dev) ++ grub_device_close (dev); ++ ++ return r; ++} ++ ++static grub_extcmd_t cmd; ++ ++GRUB_MOD_INIT(bls) ++{ ++ cmd = grub_register_extcmd ("bls_import", ++ grub_cmd_bls_import, ++ 0, ++ NULL, ++ N_("Import Boot Loader Specification snippets."), ++ NULL); ++} ++ ++GRUB_MOD_FINI(bls) ++{ ++ grub_unregister_extcmd (cmd); ++} diff --git a/SOURCES/0029-Add-devicetree-loading.patch b/SOURCES/0029-Add-devicetree-loading.patch new file mode 100644 index 0000000..38d3e7b --- /dev/null +++ b/SOURCES/0029-Add-devicetree-loading.patch @@ -0,0 +1,68 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Tue, 14 Jan 2014 13:12:23 -0500 +Subject: [PATCH] Add devicetree loading + +Signed-off-by: Peter Jones + +Switch to use APM Mustang device tree, for hardware testing. + +Signed-off-by: David A. Marlin + +Use the default device tree from the grub default file + +instead of hardcoding a value. + +Signed-off-by: David A. Marlin +--- + util/grub-mkconfig.in | 3 ++- + util/grub.d/10_linux.in | 15 +++++++++++++++ + 2 files changed, 17 insertions(+), 1 deletion(-) + +diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in +index b0a8626dd..f68d4925e 100644 +--- a/util/grub-mkconfig.in ++++ b/util/grub-mkconfig.in +@@ -254,7 +254,8 @@ export GRUB_DEFAULT \ + GRUB_ENABLE_CRYPTODISK \ + GRUB_BADRAM \ + GRUB_OS_PROBER_SKIP_LIST \ +- GRUB_DISABLE_SUBMENU ++ GRUB_DISABLE_SUBMENU \ ++ GRUB_DEFAULT_DTB + + if test "x${grub_cfg}" != "x"; then + rm -f "${grub_cfg}.new" +diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in +index 87a7da349..233754ff2 100644 +--- a/util/grub.d/10_linux.in ++++ b/util/grub.d/10_linux.in +@@ -153,6 +153,13 @@ EOF + sed "s/^/$submenu_indentation/" << EOF + echo '$(echo "$message" | grub_quote)' + initrd $(echo $initrd_path) ++EOF ++ fi ++ if test -n "${fdt}" ; then ++ message="$(gettext_printf "Loading fdt ...")" ++ sed "s/^/$submenu_indentation/" << EOF ++ echo '$(echo "$message" | grub_quote)' ++ devicetree ${rel_dirname}/${fdt} + EOF + fi + sed "s/^/$submenu_indentation/" << EOF +@@ -236,6 +243,14 @@ while [ "x$list" != "x" ] ; do + gettext_printf "Found initrd image: %s\n" "$(echo $initrd_display)" >&2 + fi + ++ fdt= ++ for i in "dtb-${version}" "dtb-${alt_version}"; do ++ if test -f "${dirname}/${i}/${GRUB_DEFAULT_DTB}" ; then ++ fdt="${i}/${GRUB_DEFAULT_DTB}" ++ break ++ fi ++ done ++ + config= + for i in "${dirname}/config-${version}" "${dirname}/config-${alt_version}" "/etc/kernels/kernel-config-${version}" ; do + if test -e "${i}" ; then diff --git a/SOURCES/0030-Don-t-write-messages-to-the-screen.patch b/SOURCES/0030-Don-t-write-messages-to-the-screen.patch new file mode 100644 index 0000000..9c481ea --- /dev/null +++ b/SOURCES/0030-Don-t-write-messages-to-the-screen.patch @@ -0,0 +1,176 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: William Jon McCann +Date: Wed, 15 May 2013 13:30:20 -0400 +Subject: [PATCH] Don't write messages to the screen + +Writing messages to the screen before the menus or boot splash +happens so quickly it looks like something is wrong and isn't +very appealing. +--- + grub-core/gettext/gettext.c | 25 +++++-------------------- + grub-core/kern/main.c | 5 ----- + grub-core/boot/i386/pc/boot.S | 3 --- + grub-core/boot/i386/pc/diskboot.S | 5 ----- + util/grub.d/10_linux.in | 7 ------- + 5 files changed, 5 insertions(+), 40 deletions(-) + +diff --git a/grub-core/gettext/gettext.c b/grub-core/gettext/gettext.c +index 4880cefe3..b22e1bcc9 100644 +--- a/grub-core/gettext/gettext.c ++++ b/grub-core/gettext/gettext.c +@@ -434,16 +434,12 @@ static char * + grub_gettext_env_write_lang (struct grub_env_var *var + __attribute__ ((unused)), const char *val) + { +- grub_err_t err; ++ grub_err_t __attribute__((__unused__)) err; + err = grub_gettext_init_ext (&main_context, val, grub_env_get ("locale_dir"), + grub_env_get ("prefix")); +- if (err) +- grub_print_error (); + + err = grub_gettext_init_ext (&secondary_context, val, + grub_env_get ("secondary_locale_dir"), 0); +- if (err) +- grub_print_error (); + + return grub_strdup (val); + } +@@ -451,23 +447,19 @@ grub_gettext_env_write_lang (struct grub_env_var *var + void + grub_gettext_reread_prefix (const char *val) + { +- grub_err_t err; ++ grub_err_t __attribute__((__unused__)) err; + err = grub_gettext_init_ext (&main_context, grub_env_get ("lang"), + grub_env_get ("locale_dir"), + val); +- if (err) +- grub_print_error (); + } + + static char * + read_main (struct grub_env_var *var + __attribute__ ((unused)), const char *val) + { +- grub_err_t err; ++ grub_err_t __attribute__((__unused__)) err; + err = grub_gettext_init_ext (&main_context, grub_env_get ("lang"), val, + grub_env_get ("prefix")); +- if (err) +- grub_print_error (); + return grub_strdup (val); + } + +@@ -475,12 +467,9 @@ static char * + read_secondary (struct grub_env_var *var + __attribute__ ((unused)), const char *val) + { +- grub_err_t err; ++ grub_err_t __attribute__((__unused__)) err; + err = grub_gettext_init_ext (&secondary_context, grub_env_get ("lang"), val, + 0); +- if (err) +- grub_print_error (); +- + return grub_strdup (val); + } + +@@ -500,18 +489,14 @@ grub_cmd_translate (grub_command_t cmd __attribute__ ((unused)), + GRUB_MOD_INIT (gettext) + { + const char *lang; +- grub_err_t err; ++ grub_err_t __attribute__((__unused__)) err; + + lang = grub_env_get ("lang"); + + err = grub_gettext_init_ext (&main_context, lang, grub_env_get ("locale_dir"), + grub_env_get ("prefix")); +- if (err) +- grub_print_error (); + err = grub_gettext_init_ext (&secondary_context, lang, + grub_env_get ("secondary_locale_dir"), 0); +- if (err) +- grub_print_error (); + + grub_register_variable_hook ("locale_dir", NULL, read_main); + grub_register_variable_hook ("secondary_locale_dir", NULL, read_secondary); +diff --git a/grub-core/kern/main.c b/grub-core/kern/main.c +index 8ab7794c4..da47b18b5 100644 +--- a/grub-core/kern/main.c ++++ b/grub-core/kern/main.c +@@ -268,11 +268,6 @@ grub_main (void) + + grub_boot_time ("After machine init."); + +- /* Hello. */ +- grub_setcolorstate (GRUB_TERM_COLOR_HIGHLIGHT); +- grub_printf ("Welcome to GRUB!\n\n"); +- grub_setcolorstate (GRUB_TERM_COLOR_STANDARD); +- + grub_load_config (); + + grub_boot_time ("Before loading embedded modules."); +diff --git a/grub-core/boot/i386/pc/boot.S b/grub-core/boot/i386/pc/boot.S +index 2bd0b2d28..ea167fe12 100644 +--- a/grub-core/boot/i386/pc/boot.S ++++ b/grub-core/boot/i386/pc/boot.S +@@ -249,9 +249,6 @@ real_start: + /* save drive reference first thing! */ + pushw %dx + +- /* print a notification message on the screen */ +- MSG(notification_string) +- + /* set %si to the disk address packet */ + movw $disk_address_packet, %si + +diff --git a/grub-core/boot/i386/pc/diskboot.S b/grub-core/boot/i386/pc/diskboot.S +index c1addc0df..68d31de0c 100644 +--- a/grub-core/boot/i386/pc/diskboot.S ++++ b/grub-core/boot/i386/pc/diskboot.S +@@ -50,11 +50,6 @@ _start: + /* save drive reference first thing! */ + pushw %dx + +- /* print a notification message on the screen */ +- pushw %si +- MSG(notification_string) +- popw %si +- + /* this sets up for the first run through "bootloop" */ + movw $LOCAL(firstlist), %di + +diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in +index 233754ff2..3a5aa0f8d 100644 +--- a/util/grub.d/10_linux.in ++++ b/util/grub.d/10_linux.in +@@ -138,27 +138,20 @@ linux_entry () + fi + printf '%s\n' "${prepare_boot_cache}" | sed "s/^/$submenu_indentation/" + fi +- message="$(gettext_printf "Loading Linux %s ..." ${version})" + sed "s/^/$submenu_indentation/" << EOF +- echo '$(echo "$message" | grub_quote)' + linux ${rel_dirname}/${basename} root=${linux_root_device_thisversion} ro ${args} + EOF + if test -n "${initrd}" ; then +- # TRANSLATORS: ramdisk isn't identifier. Should be translated. +- message="$(gettext_printf "Loading initial ramdisk ...")" + initrd_path= + for i in ${initrd}; do + initrd_path="${initrd_path} ${rel_dirname}/${i}" + done + sed "s/^/$submenu_indentation/" << EOF +- echo '$(echo "$message" | grub_quote)' + initrd $(echo $initrd_path) + EOF + fi + if test -n "${fdt}" ; then +- message="$(gettext_printf "Loading fdt ...")" + sed "s/^/$submenu_indentation/" << EOF +- echo '$(echo "$message" | grub_quote)' + devicetree ${rel_dirname}/${fdt} + EOF + fi diff --git a/SOURCES/0031-Don-t-print-GNU-GRUB-header.patch b/SOURCES/0031-Don-t-print-GNU-GRUB-header.patch new file mode 100644 index 0000000..44e0ef9 --- /dev/null +++ b/SOURCES/0031-Don-t-print-GNU-GRUB-header.patch @@ -0,0 +1,42 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: William Jon McCann +Date: Wed, 15 May 2013 13:53:48 -0400 +Subject: [PATCH] Don't print GNU GRUB header + +No one cares. +--- + grub-core/normal/main.c | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +diff --git a/grub-core/normal/main.c b/grub-core/normal/main.c +index b2654ef62..f57b7508a 100644 +--- a/grub-core/normal/main.c ++++ b/grub-core/normal/main.c +@@ -202,15 +202,16 @@ read_config_file (const char *config) + /* Initialize the screen. */ + void + grub_normal_init_page (struct grub_term_output *term, +- int y) ++ int y __attribute__((__unused__))) + { ++ grub_term_cls (term); ++ ++#if 0 + grub_ssize_t msg_len; + int posx; + char *msg_formatted; + grub_uint32_t *unicode_msg; + grub_uint32_t *last_position; +- +- grub_term_cls (term); + + msg_formatted = grub_xasprintf (_("GNU GRUB version %s"), PACKAGE_VERSION); + if (!msg_formatted) +@@ -235,6 +236,7 @@ grub_normal_init_page (struct grub_term_output *term, + grub_putcode ('\n', term); + grub_putcode ('\n', term); + grub_free (unicode_msg); ++#endif + } + + static void diff --git a/SOURCES/0032-Don-t-add-to-highlighted-row.patch b/SOURCES/0032-Don-t-add-to-highlighted-row.patch new file mode 100644 index 0000000..5255678 --- /dev/null +++ b/SOURCES/0032-Don-t-add-to-highlighted-row.patch @@ -0,0 +1,23 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: William Jon McCann +Date: Wed, 15 May 2013 17:49:45 -0400 +Subject: [PATCH] Don't add '*' to highlighted row + +It is already highlighted. +--- + grub-core/normal/menu_text.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/grub-core/normal/menu_text.c b/grub-core/normal/menu_text.c +index e22bb91f6..a3d1f23f6 100644 +--- a/grub-core/normal/menu_text.c ++++ b/grub-core/normal/menu_text.c +@@ -242,7 +242,7 @@ print_entry (int y, int highlight, grub_menu_entry_t entry, + unicode_title[i] = ' '; + + if (data->geo.num_entries > 1) +- grub_putcode (highlight ? '*' : ' ', data->term); ++ grub_putcode (' ', data->term); + + grub_print_ucs4_menu (unicode_title, + unicode_title + len, diff --git a/SOURCES/0033-Message-string-cleanups.patch b/SOURCES/0033-Message-string-cleanups.patch new file mode 100644 index 0000000..b417ebb --- /dev/null +++ b/SOURCES/0033-Message-string-cleanups.patch @@ -0,0 +1,68 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: William Jon McCann +Date: Fri, 7 Jun 2013 11:09:04 -0400 +Subject: [PATCH] Message string cleanups + +Make use of terminology consistent. Remove jargon. +--- + grub-core/normal/menu_text.c | 21 +++++++++------------ + 1 file changed, 9 insertions(+), 12 deletions(-) + +diff --git a/grub-core/normal/menu_text.c b/grub-core/normal/menu_text.c +index a3d1f23f6..64a83862f 100644 +--- a/grub-core/normal/menu_text.c ++++ b/grub-core/normal/menu_text.c +@@ -157,9 +157,8 @@ print_message (int nested, int edit, struct grub_term_output *term, int dry_run) + + if (edit) + { +- ret += grub_print_message_indented_real (_("Minimum Emacs-like screen editing is \ +-supported. TAB lists completions. Press Ctrl-x or F10 to boot, Ctrl-c or F2 for a \ +-command-line or ESC to discard edits and return to the GRUB menu."), ++ ret += grub_print_message_indented_real (_("Press Ctrl-x or F10 to start, Ctrl-c or F2 for a \ ++command prompt or Escape to discard edits and return to the menu. Pressing Tab lists possible completions."), + STANDARD_MARGIN, STANDARD_MARGIN, + term, dry_run); + } +@@ -167,8 +166,8 @@ command-line or ESC to discard edits and return to the GRUB menu."), + { + char *msg_translated; + +- msg_translated = grub_xasprintf (_("Use the %C and %C keys to select which " +- "entry is highlighted."), ++ msg_translated = grub_xasprintf (_("Use the %C and %C keys to change the " ++ "selection."), + GRUB_UNICODE_UPARROW, + GRUB_UNICODE_DOWNARROW); + if (!msg_translated) +@@ -181,17 +180,15 @@ command-line or ESC to discard edits and return to the GRUB menu."), + if (nested) + { + ret += grub_print_message_indented_real +- (_("Press enter to boot the selected OS, " +- "`e' to edit the commands before booting " +- "or `c' for a command-line. ESC to return previous menu."), ++ (_("Press 'e' to edit the selected item, " ++ "or 'c' for a command prompt. Press Escape to return to the previous menu."), + STANDARD_MARGIN, STANDARD_MARGIN, term, dry_run); + } + else + { + ret += grub_print_message_indented_real +- (_("Press enter to boot the selected OS, " +- "`e' to edit the commands before booting " +- "or `c' for a command-line."), ++ (_("Press 'e' to edit the selected item, " ++ "or 'c' for a command prompt."), + STANDARD_MARGIN, STANDARD_MARGIN, term, dry_run); + } + } +@@ -443,7 +440,7 @@ menu_text_print_timeout (int timeout, void *dataptr) + || data->timeout_msg == TIMEOUT_TERSE_NO_MARGIN) + msg_translated = grub_xasprintf (_("%ds"), timeout); + else +- msg_translated = grub_xasprintf (_("The highlighted entry will be executed automatically in %ds."), timeout); ++ msg_translated = grub_xasprintf (_("The selected entry will be started automatically in %ds."), timeout); + if (!msg_translated) + { + grub_print_error (); diff --git a/SOURCES/0034-Fix-border-spacing-now-that-we-aren-t-displaying-it.patch b/SOURCES/0034-Fix-border-spacing-now-that-we-aren-t-displaying-it.patch new file mode 100644 index 0000000..b233953 --- /dev/null +++ b/SOURCES/0034-Fix-border-spacing-now-that-we-aren-t-displaying-it.patch @@ -0,0 +1,29 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: William Jon McCann +Date: Fri, 7 Jun 2013 14:08:23 -0400 +Subject: [PATCH] Fix border spacing now that we aren't displaying it + +--- + grub-core/normal/menu_text.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/grub-core/normal/menu_text.c b/grub-core/normal/menu_text.c +index 64a83862f..1062d64ee 100644 +--- a/grub-core/normal/menu_text.c ++++ b/grub-core/normal/menu_text.c +@@ -331,12 +331,12 @@ grub_menu_init_page (int nested, int edit, + int empty_lines = 1; + int version_msg = 1; + +- geo->border = 1; +- geo->first_entry_x = 1 /* margin */ + 1 /* border */; ++ geo->border = 0; ++ geo->first_entry_x = 0 /* margin */ + 0 /* border */; + geo->entry_width = grub_term_width (term) - 5; + + geo->first_entry_y = 2 /* two empty lines*/ +- + 1 /* GNU GRUB version text */ + 1 /* top border */; ++ + 0 /* GNU GRUB version text */ + 1 /* top border */; + + geo->timeout_lines = 2; + diff --git a/SOURCES/0035-Use-the-correct-indentation-for-the-term-help-text.patch b/SOURCES/0035-Use-the-correct-indentation-for-the-term-help-text.patch new file mode 100644 index 0000000..a3a4b18 --- /dev/null +++ b/SOURCES/0035-Use-the-correct-indentation-for-the-term-help-text.patch @@ -0,0 +1,25 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: William Jon McCann +Date: Fri, 7 Jun 2013 14:08:49 -0400 +Subject: [PATCH] Use the correct indentation for the term help text + +That is consistent with the menu help text +--- + grub-core/normal/main.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/grub-core/normal/main.c b/grub-core/normal/main.c +index f57b7508a..0ce59fdc3 100644 +--- a/grub-core/normal/main.c ++++ b/grub-core/normal/main.c +@@ -426,8 +426,8 @@ grub_normal_reader_init (int nested) + grub_normal_init_page (term, 1); + grub_term_setcursor (term, 1); + +- if (grub_term_width (term) > 3 + STANDARD_MARGIN + 20) +- grub_print_message_indented (msg_formatted, 3, STANDARD_MARGIN, term); ++ if (grub_term_width (term) > 2 * STANDARD_MARGIN + 20) ++ grub_print_message_indented (msg_formatted, STANDARD_MARGIN, STANDARD_MARGIN, term); + else + grub_print_message_indented (msg_formatted, 0, 0, term); + grub_putcode ('\n', term); diff --git a/SOURCES/0036-Indent-menu-entries.patch b/SOURCES/0036-Indent-menu-entries.patch new file mode 100644 index 0000000..750343b --- /dev/null +++ b/SOURCES/0036-Indent-menu-entries.patch @@ -0,0 +1,23 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: William Jon McCann +Date: Fri, 7 Jun 2013 14:30:55 -0400 +Subject: [PATCH] Indent menu entries + +--- + grub-core/normal/menu_text.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/grub-core/normal/menu_text.c b/grub-core/normal/menu_text.c +index 1062d64ee..ecc60f99f 100644 +--- a/grub-core/normal/menu_text.c ++++ b/grub-core/normal/menu_text.c +@@ -239,7 +239,8 @@ print_entry (int y, int highlight, grub_menu_entry_t entry, + unicode_title[i] = ' '; + + if (data->geo.num_entries > 1) +- grub_putcode (' ', data->term); ++ for (i = 0; i < STANDARD_MARGIN; i++) ++ grub_putcode (' ', data->term); + + grub_print_ucs4_menu (unicode_title, + unicode_title + len, diff --git a/SOURCES/0037-Fix-margins.patch b/SOURCES/0037-Fix-margins.patch new file mode 100644 index 0000000..3a34064 --- /dev/null +++ b/SOURCES/0037-Fix-margins.patch @@ -0,0 +1,34 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: William Jon McCann +Date: Fri, 7 Jun 2013 14:59:36 -0400 +Subject: [PATCH] Fix margins + +--- + grub-core/normal/menu_text.c | 8 +++----- + 1 file changed, 3 insertions(+), 5 deletions(-) + +diff --git a/grub-core/normal/menu_text.c b/grub-core/normal/menu_text.c +index ecc60f99f..0e43f2c10 100644 +--- a/grub-core/normal/menu_text.c ++++ b/grub-core/normal/menu_text.c +@@ -333,17 +333,15 @@ grub_menu_init_page (int nested, int edit, + int version_msg = 1; + + geo->border = 0; +- geo->first_entry_x = 0 /* margin */ + 0 /* border */; +- geo->entry_width = grub_term_width (term) - 5; ++ geo->first_entry_x = 0; /* no margin */ ++ geo->entry_width = grub_term_width (term) - 1; + +- geo->first_entry_y = 2 /* two empty lines*/ +- + 0 /* GNU GRUB version text */ + 1 /* top border */; ++ geo->first_entry_y = 3; /* three empty lines*/ + + geo->timeout_lines = 2; + + /* 3 lines for timeout message and bottom margin. 2 lines for the border. */ + geo->num_entries = grub_term_height (term) - geo->first_entry_y +- - 1 /* bottom border */ + - 1 /* empty line before info message*/ + - geo->timeout_lines /* timeout */ + - 1 /* empty final line */; diff --git a/SOURCES/0038-Use-2-instead-of-1-for-our-right-hand-margin-so-line.patch b/SOURCES/0038-Use-2-instead-of-1-for-our-right-hand-margin-so-line.patch new file mode 100644 index 0000000..2c906de --- /dev/null +++ b/SOURCES/0038-Use-2-instead-of-1-for-our-right-hand-margin-so-line.patch @@ -0,0 +1,24 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Fri, 21 Jun 2013 14:44:08 -0400 +Subject: [PATCH] Use -2 instead of -1 for our right-hand margin, so + linewrapping works (#976643). + +Signed-off-by: Peter Jones +--- + grub-core/normal/menu_text.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/grub-core/normal/menu_text.c b/grub-core/normal/menu_text.c +index 0e43f2c10..537d4bf86 100644 +--- a/grub-core/normal/menu_text.c ++++ b/grub-core/normal/menu_text.c +@@ -334,7 +334,7 @@ grub_menu_init_page (int nested, int edit, + + geo->border = 0; + geo->first_entry_x = 0; /* no margin */ +- geo->entry_width = grub_term_width (term) - 1; ++ geo->entry_width = grub_term_width (term) - 2; + + geo->first_entry_y = 3; /* three empty lines*/ + diff --git a/SOURCES/0039-Enable-pager-by-default.-985860.patch b/SOURCES/0039-Enable-pager-by-default.-985860.patch new file mode 100644 index 0000000..24f2cbf --- /dev/null +++ b/SOURCES/0039-Enable-pager-by-default.-985860.patch @@ -0,0 +1,23 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Mon, 28 Oct 2013 10:09:27 -0400 +Subject: [PATCH] Enable pager by default. (#985860) + +Signed-off-by: Peter Jones +--- + util/grub.d/00_header.in | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/util/grub.d/00_header.in b/util/grub.d/00_header.in +index 93a90233e..858b526c9 100644 +--- a/util/grub.d/00_header.in ++++ b/util/grub.d/00_header.in +@@ -43,6 +43,8 @@ if [ "x${GRUB_DEFAULT_BUTTON}" = "xsaved" ] ; then GRUB_DEFAULT_BUTTON='${saved_ + if [ "x${GRUB_TIMEOUT_BUTTON}" = "x" ] ; then GRUB_TIMEOUT_BUTTON="$GRUB_TIMEOUT" ; fi + + cat << EOF ++set pager=1 ++ + if [ -s \$prefix/grubenv ]; then + load_env + fi diff --git a/SOURCES/0040-F10-doesn-t-work-on-serial-so-don-t-tell-the-user-to.patch b/SOURCES/0040-F10-doesn-t-work-on-serial-so-don-t-tell-the-user-to.patch new file mode 100644 index 0000000..968ca6b --- /dev/null +++ b/SOURCES/0040-F10-doesn-t-work-on-serial-so-don-t-tell-the-user-to.patch @@ -0,0 +1,24 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Mon, 28 Oct 2013 10:13:27 -0400 +Subject: [PATCH] F10 doesn't work on serial, so don't tell the user to hit it + (#987443) + +Signed-off-by: Peter Jones +--- + grub-core/normal/menu_text.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/grub-core/normal/menu_text.c b/grub-core/normal/menu_text.c +index 537d4bf86..452d55bf9 100644 +--- a/grub-core/normal/menu_text.c ++++ b/grub-core/normal/menu_text.c +@@ -157,7 +157,7 @@ print_message (int nested, int edit, struct grub_term_output *term, int dry_run) + + if (edit) + { +- ret += grub_print_message_indented_real (_("Press Ctrl-x or F10 to start, Ctrl-c or F2 for a \ ++ ret += grub_print_message_indented_real (_("Press Ctrl-x to start, Ctrl-c for a \ + command prompt or Escape to discard edits and return to the menu. Pressing Tab lists possible completions."), + STANDARD_MARGIN, STANDARD_MARGIN, + term, dry_run); diff --git a/SOURCES/0041-Don-t-say-GNU-Linux-in-generated-menus.patch b/SOURCES/0041-Don-t-say-GNU-Linux-in-generated-menus.patch new file mode 100644 index 0000000..9dd570c --- /dev/null +++ b/SOURCES/0041-Don-t-say-GNU-Linux-in-generated-menus.patch @@ -0,0 +1,42 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Mon, 14 Mar 2011 14:27:42 -0400 +Subject: [PATCH] Don't say "GNU/Linux" in generated menus. + +--- + util/grub.d/10_linux.in | 4 ++-- + util/grub.d/20_linux_xen.in | 4 ++-- + 2 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in +index 3a5aa0f8d..6299836b5 100644 +--- a/util/grub.d/10_linux.in ++++ b/util/grub.d/10_linux.in +@@ -29,9 +29,9 @@ export TEXTDOMAINDIR="@localedir@" + CLASS="--class gnu-linux --class gnu --class os" + + if [ "x${GRUB_DISTRIBUTOR}" = "x" ] ; then +- OS=GNU/Linux ++ OS="$(sed 's, release .*$,,g' /etc/system-release)" + else +- OS="${GRUB_DISTRIBUTOR} GNU/Linux" ++ OS="${GRUB_DISTRIBUTOR}" + CLASS="--class $(echo ${GRUB_DISTRIBUTOR} | tr 'A-Z' 'a-z' | cut -d' ' -f1|LC_ALL=C sed 's,[^[:alnum:]_],_,g') ${CLASS}" + fi + +diff --git a/util/grub.d/20_linux_xen.in b/util/grub.d/20_linux_xen.in +index e8143b079..972a4b5a0 100644 +--- a/util/grub.d/20_linux_xen.in ++++ b/util/grub.d/20_linux_xen.in +@@ -29,9 +29,9 @@ export TEXTDOMAINDIR="@localedir@" + CLASS="--class gnu-linux --class gnu --class os --class xen" + + if [ "x${GRUB_DISTRIBUTOR}" = "x" ] ; then +- OS=GNU/Linux ++ OS="$(sed 's, release .*$,,g' /etc/system-release)" + else +- OS="${GRUB_DISTRIBUTOR} GNU/Linux" ++ OS="${GRUB_DISTRIBUTOR}" + CLASS="--class $(echo ${GRUB_DISTRIBUTOR} | tr 'A-Z' 'a-z' | cut -d' ' -f1|LC_ALL=C sed 's,[^[:alnum:]_],_,g') ${CLASS}" + fi + diff --git a/SOURCES/0042-Don-t-draw-a-border-around-the-menu.patch b/SOURCES/0042-Don-t-draw-a-border-around-the-menu.patch new file mode 100644 index 0000000..ace3bef --- /dev/null +++ b/SOURCES/0042-Don-t-draw-a-border-around-the-menu.patch @@ -0,0 +1,71 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: William Jon McCann +Date: Wed, 15 May 2013 16:47:33 -0400 +Subject: [PATCH] Don't draw a border around the menu + +It looks cleaner without it. +--- + grub-core/normal/menu_text.c | 43 ------------------------------------------- + 1 file changed, 43 deletions(-) + +diff --git a/grub-core/normal/menu_text.c b/grub-core/normal/menu_text.c +index 452d55bf9..1ed2bd92c 100644 +--- a/grub-core/normal/menu_text.c ++++ b/grub-core/normal/menu_text.c +@@ -108,47 +108,6 @@ grub_print_message_indented (const char *msg, int margin_left, int margin_right, + grub_print_message_indented_real (msg, margin_left, margin_right, term, 0); + } + +-static void +-draw_border (struct grub_term_output *term, const struct grub_term_screen_geometry *geo) +-{ +- int i; +- +- grub_term_setcolorstate (term, GRUB_TERM_COLOR_NORMAL); +- +- grub_term_gotoxy (term, (struct grub_term_coordinate) { geo->first_entry_x - 1, +- geo->first_entry_y - 1 }); +- grub_putcode (GRUB_UNICODE_CORNER_UL, term); +- for (i = 0; i < geo->entry_width + 1; i++) +- grub_putcode (GRUB_UNICODE_HLINE, term); +- grub_putcode (GRUB_UNICODE_CORNER_UR, term); +- +- for (i = 0; i < geo->num_entries; i++) +- { +- grub_term_gotoxy (term, (struct grub_term_coordinate) { geo->first_entry_x - 1, +- geo->first_entry_y + i }); +- grub_putcode (GRUB_UNICODE_VLINE, term); +- grub_term_gotoxy (term, +- (struct grub_term_coordinate) { geo->first_entry_x + geo->entry_width + 1, +- geo->first_entry_y + i }); +- grub_putcode (GRUB_UNICODE_VLINE, term); +- } +- +- grub_term_gotoxy (term, +- (struct grub_term_coordinate) { geo->first_entry_x - 1, +- geo->first_entry_y - 1 + geo->num_entries + 1 }); +- grub_putcode (GRUB_UNICODE_CORNER_LL, term); +- for (i = 0; i < geo->entry_width + 1; i++) +- grub_putcode (GRUB_UNICODE_HLINE, term); +- grub_putcode (GRUB_UNICODE_CORNER_LR, term); +- +- grub_term_setcolorstate (term, GRUB_TERM_COLOR_NORMAL); +- +- grub_term_gotoxy (term, +- (struct grub_term_coordinate) { geo->first_entry_x - 1, +- (geo->first_entry_y - 1 + geo->num_entries +- + GRUB_TERM_MARGIN + 1) }); +-} +- + static int + print_message (int nested, int edit, struct grub_term_output *term, int dry_run) + { +@@ -406,8 +365,6 @@ grub_menu_init_page (int nested, int edit, + + grub_term_normal_color = grub_color_menu_normal; + grub_term_highlight_color = grub_color_menu_highlight; +- if (geo->border) +- draw_border (term, geo); + grub_term_normal_color = old_color_normal; + grub_term_highlight_color = old_color_highlight; + geo->timeout_y = geo->first_entry_y + geo->num_entries diff --git a/SOURCES/0043-Use-the-standard-margin-for-the-timeout-string.patch b/SOURCES/0043-Use-the-standard-margin-for-the-timeout-string.patch new file mode 100644 index 0000000..b7e0101 --- /dev/null +++ b/SOURCES/0043-Use-the-standard-margin-for-the-timeout-string.patch @@ -0,0 +1,40 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: William Jon McCann +Date: Fri, 7 Jun 2013 10:52:32 -0400 +Subject: [PATCH] Use the standard margin for the timeout string + +So that it aligns with the other messages +--- + grub-core/normal/menu_text.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/grub-core/normal/menu_text.c b/grub-core/normal/menu_text.c +index 1ed2bd92c..7681f7d28 100644 +--- a/grub-core/normal/menu_text.c ++++ b/grub-core/normal/menu_text.c +@@ -372,7 +372,7 @@ grub_menu_init_page (int nested, int edit, + if (bottom_message) + { + grub_term_gotoxy (term, +- (struct grub_term_coordinate) { GRUB_TERM_MARGIN, ++ (struct grub_term_coordinate) { STANDARD_MARGIN, + geo->timeout_y }); + + print_message (nested, edit, term, 0); +@@ -407,14 +407,14 @@ menu_text_print_timeout (int timeout, void *dataptr) + if (data->timeout_msg == TIMEOUT_UNKNOWN) + { + data->timeout_msg = grub_print_message_indented_real (msg_translated, +- 3, 1, data->term, 1) ++ STANDARD_MARGIN, 1, data->term, 1) + <= data->geo.timeout_lines ? TIMEOUT_NORMAL : TIMEOUT_TERSE; + if (data->timeout_msg == TIMEOUT_TERSE) + { + grub_free (msg_translated); + msg_translated = grub_xasprintf (_("%ds"), timeout); + if (grub_term_width (data->term) < 10) +- data->timeout_msg = TIMEOUT_TERSE_NO_MARGIN; ++ data->timeout_msg = STANDARD_MARGIN; + } + } + diff --git a/SOURCES/0044-Add-.eh_frame-to-list-of-relocations-stripped.patch b/SOURCES/0044-Add-.eh_frame-to-list-of-relocations-stripped.patch new file mode 100644 index 0000000..9800667 --- /dev/null +++ b/SOURCES/0044-Add-.eh_frame-to-list-of-relocations-stripped.patch @@ -0,0 +1,22 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Fedora Ninjas +Date: Mon, 13 Jan 2014 21:50:59 -0500 +Subject: [PATCH] Add .eh_frame to list of relocations stripped + +--- + conf/Makefile.common | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/conf/Makefile.common b/conf/Makefile.common +index 311da61c6..044ab3abe 100644 +--- a/conf/Makefile.common ++++ b/conf/Makefile.common +@@ -38,7 +38,7 @@ CFLAGS_KERNEL = $(CFLAGS_PLATFORM) -ffreestanding + LDFLAGS_KERNEL = $(LDFLAGS_PLATFORM) -nostdlib $(TARGET_LDFLAGS_OLDMAGIC) + CPPFLAGS_KERNEL = $(CPPFLAGS_CPU) $(CPPFLAGS_PLATFORM) -DGRUB_KERNEL=1 + CCASFLAGS_KERNEL = $(CCASFLAGS_CPU) $(CCASFLAGS_PLATFORM) +-STRIPFLAGS_KERNEL = -R .rel.dyn -R .reginfo -R .note -R .comment -R .drectve -R .note.gnu.gold-version -R .MIPS.abiflags -R .ARM.exidx ++STRIPFLAGS_KERNEL = -R .eh_frame -R .rel.dyn -R .reginfo -R .note -R .comment -R .drectve -R .note.gnu.gold-version -R .MIPS.abiflags -R .ARM.exidx + + CFLAGS_MODULE = $(CFLAGS_PLATFORM) -ffreestanding + LDFLAGS_MODULE = $(LDFLAGS_PLATFORM) -nostdlib $(TARGET_LDFLAGS_OLDMAGIC) -Wl,-r,-d diff --git a/SOURCES/0045-Don-t-munge-raw-spaces-when-we-re-doing-our-cmdline-.patch b/SOURCES/0045-Don-t-munge-raw-spaces-when-we-re-doing-our-cmdline-.patch new file mode 100644 index 0000000..d80311d --- /dev/null +++ b/SOURCES/0045-Don-t-munge-raw-spaces-when-we-re-doing-our-cmdline-.patch @@ -0,0 +1,33 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Hans de Goede +Date: Mon, 30 Jun 2014 14:16:46 -0400 +Subject: [PATCH] Don't munge raw spaces when we're doing our cmdline escaping + (#923374) + +Signed-off-by: Peter Jones +--- + grub-core/lib/cmdline.c | 11 +---------- + 1 file changed, 1 insertion(+), 10 deletions(-) + +diff --git a/grub-core/lib/cmdline.c b/grub-core/lib/cmdline.c +index 0a5b2afb9..970ea868c 100644 +--- a/grub-core/lib/cmdline.c ++++ b/grub-core/lib/cmdline.c +@@ -97,16 +97,7 @@ int grub_create_loader_cmdline (int argc, char *argv[], char *buf, + + while (*c) + { +- if (*c == ' ') +- { +- *buf++ = '\\'; +- *buf++ = 'x'; +- *buf++ = '2'; +- *buf++ = '0'; +- c++; +- continue; +- } +- else if (*c == '\\' && *(c+1) == 'x' && ++ if (*c == '\\' && *(c+1) == 'x' && + is_hex(*(c+2)) && is_hex(*(c+3))) + { + *buf++ = *c++; diff --git a/SOURCES/0046-Don-t-require-a-password-to-boot-entries-generated-b.patch b/SOURCES/0046-Don-t-require-a-password-to-boot-entries-generated-b.patch new file mode 100644 index 0000000..bc67768 --- /dev/null +++ b/SOURCES/0046-Don-t-require-a-password-to-boot-entries-generated-b.patch @@ -0,0 +1,28 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Tue, 11 Feb 2014 11:14:50 -0500 +Subject: [PATCH] Don't require a password to boot entries generated by + grub-mkconfig. + +When we set a password, we just want that to mean you can't /edit/ an entry. + +Resolves: rhbz#1030176 + +Signed-off-by: Peter Jones +--- + util/grub.d/10_linux.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in +index 6299836b5..b744438e0 100644 +--- a/util/grub.d/10_linux.in ++++ b/util/grub.d/10_linux.in +@@ -26,7 +26,7 @@ datarootdir="@datarootdir@" + export TEXTDOMAIN=@PACKAGE@ + export TEXTDOMAINDIR="@localedir@" + +-CLASS="--class gnu-linux --class gnu --class os" ++CLASS="--class gnu-linux --class gnu --class os --unrestricted" + + if [ "x${GRUB_DISTRIBUTOR}" = "x" ] ; then + OS="$(sed 's, release .*$,,g' /etc/system-release)" diff --git a/SOURCES/0047-Don-t-emit-Booting-.-message.patch b/SOURCES/0047-Don-t-emit-Booting-.-message.patch new file mode 100644 index 0000000..5e82935 --- /dev/null +++ b/SOURCES/0047-Don-t-emit-Booting-.-message.patch @@ -0,0 +1,49 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Tue, 18 Feb 2014 09:37:49 -0500 +Subject: [PATCH] Don't emit "Booting ..." message. + +UI team still hates this stuff, so we're disabling it for RHEL 7. + +Resolves: rhbz#1023142 + +Signed-off-by: Peter Jones +--- + grub-core/normal/menu.c | 4 +++- + grub-core/normal/menu_entry.c | 3 --- + 2 files changed, 3 insertions(+), 4 deletions(-) + +diff --git a/grub-core/normal/menu.c b/grub-core/normal/menu.c +index d2f64b05e..5e2f5283d 100644 +--- a/grub-core/normal/menu.c ++++ b/grub-core/normal/menu.c +@@ -838,12 +838,14 @@ run_menu (grub_menu_t menu, int nested, int *auto_boot) + + /* Callback invoked immediately before a menu entry is executed. */ + static void +-notify_booting (grub_menu_entry_t entry, ++notify_booting (grub_menu_entry_t __attribute__((unused)) entry, + void *userdata __attribute__((unused))) + { ++#if 0 + grub_printf (" "); + grub_printf_ (N_("Booting `%s'"), entry->title); + grub_printf ("\n\n"); ++#endif + } + + /* Callback invoked when a default menu entry executed because of a timeout +diff --git a/grub-core/normal/menu_entry.c b/grub-core/normal/menu_entry.c +index cdf3590a3..5785f67ee 100644 +--- a/grub-core/normal/menu_entry.c ++++ b/grub-core/normal/menu_entry.c +@@ -1167,9 +1167,6 @@ run (struct screen *screen) + char *dummy[1] = { NULL }; + + grub_cls (); +- grub_printf (" "); +- grub_printf_ (N_("Booting a command list")); +- grub_printf ("\n\n"); + + errs_before = grub_err_printed_errors; + diff --git a/SOURCES/0048-Replace-a-lot-of-man-pages-with-slightly-nicer-ones.patch b/SOURCES/0048-Replace-a-lot-of-man-pages-with-slightly-nicer-ones.patch new file mode 100644 index 0000000..84370d4 --- /dev/null +++ b/SOURCES/0048-Replace-a-lot-of-man-pages-with-slightly-nicer-ones.patch @@ -0,0 +1,1960 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Tue, 4 Mar 2014 11:00:23 -0500 +Subject: [PATCH] Replace a lot of man pages with slightly nicer ones. + +Replace a bunch of machine generated ones with ones that look nicer. +--- + configure.ac | 23 ++++++ + conf/Makefile.extra-dist | 1 - + docs/Makefile.am | 2 - + docs/man/grub-bios-setup.h2m | 6 -- + docs/man/grub-editenv.h2m | 5 -- + docs/man/grub-emu.h2m | 6 -- + docs/man/grub-file.h2m | 2 - + docs/man/grub-fstest.h2m | 4 - + docs/man/grub-glue-efi.h2m | 4 - + docs/man/grub-install.h2m | 6 -- + docs/man/grub-kbdcomp.h2m | 10 --- + docs/man/grub-macbless.h2m | 4 - + docs/man/grub-macho2img.h2m | 4 - + docs/man/grub-menulst2cfg.h2m | 4 - + docs/man/grub-mkconfig.h2m | 4 - + docs/man/grub-mkfont.h2m | 4 - + docs/man/grub-mkimage.h2m | 6 -- + docs/man/grub-mklayout.h2m | 10 --- + docs/man/grub-mknetdir.h2m | 4 - + docs/man/grub-mkpasswd-pbkdf2.h2m | 4 - + docs/man/grub-mkrelpath.h2m | 4 - + docs/man/grub-mkrescue.h2m | 4 - + docs/man/grub-mkstandalone.h2m | 4 - + docs/man/grub-mount.h2m | 2 - + docs/man/grub-ofpathname.h2m | 4 - + docs/man/grub-pe2elf.h2m | 4 - + docs/man/grub-probe.h2m | 4 - + docs/man/grub-reboot.h2m | 5 -- + docs/man/grub-render-label.h2m | 3 - + docs/man/grub-script-check.h2m | 4 - + docs/man/grub-set-default.h2m | 5 -- + docs/man/grub-sparc64-setup.h2m | 6 -- + docs/man/grub-syslinux2cfg.h2m | 4 - + gentpl.py | 5 +- + util/grub-bios-setup.8 | 54 +++++++++++++ + util/grub-editenv.1 | 46 +++++++++++ + util/grub-file.1 | 165 ++++++++++++++++++++++++++++++++++++++ + util/grub-fstest.1 | 99 +++++++++++++++++++++++ + util/grub-glue-efi.1 | 31 +++++++ + util/grub-install.8 | 129 +++++++++++++++++++++++++++++ + util/grub-kbdcomp.1 | 19 +++++ + util/grub-macbless.1 | 22 +++++ + util/grub-menulst2cfg.1 | 12 +++ + util/grub-mkconfig.8 | 17 ++++ + util/grub-mkfont.1 | 87 ++++++++++++++++++++ + util/grub-mkimage.1 | 95 ++++++++++++++++++++++ + util/grub-mklayout.1 | 27 +++++++ + util/grub-mknetdir.1 | 12 +++ + util/grub-mkpasswd-pbkdf2.1 | 27 +++++++ + util/grub-mkrelpath.1 | 12 +++ + util/grub-mkrescue.1 | 123 ++++++++++++++++++++++++++++ + util/grub-mkstandalone.1 | 100 +++++++++++++++++++++++ + util/grub-ofpathname.8 | 12 +++ + util/grub-probe.8 | 80 ++++++++++++++++++ + util/grub-reboot.8 | 21 +++++ + util/grub-render-label.1 | 51 ++++++++++++ + util/grub-script-check.1 | 21 +++++ + util/grub-set-default.8 | 21 +++++ + util/grub-sparc64-setup.8 | 12 +++ + 59 files changed, 1319 insertions(+), 147 deletions(-) + delete mode 100644 docs/man/grub-bios-setup.h2m + delete mode 100644 docs/man/grub-editenv.h2m + delete mode 100644 docs/man/grub-emu.h2m + delete mode 100644 docs/man/grub-file.h2m + delete mode 100644 docs/man/grub-fstest.h2m + delete mode 100644 docs/man/grub-glue-efi.h2m + delete mode 100644 docs/man/grub-install.h2m + delete mode 100644 docs/man/grub-kbdcomp.h2m + delete mode 100644 docs/man/grub-macbless.h2m + delete mode 100644 docs/man/grub-macho2img.h2m + delete mode 100644 docs/man/grub-menulst2cfg.h2m + delete mode 100644 docs/man/grub-mkconfig.h2m + delete mode 100644 docs/man/grub-mkfont.h2m + delete mode 100644 docs/man/grub-mkimage.h2m + delete mode 100644 docs/man/grub-mklayout.h2m + delete mode 100644 docs/man/grub-mknetdir.h2m + delete mode 100644 docs/man/grub-mkpasswd-pbkdf2.h2m + delete mode 100644 docs/man/grub-mkrelpath.h2m + delete mode 100644 docs/man/grub-mkrescue.h2m + delete mode 100644 docs/man/grub-mkstandalone.h2m + delete mode 100644 docs/man/grub-mount.h2m + delete mode 100644 docs/man/grub-ofpathname.h2m + delete mode 100644 docs/man/grub-pe2elf.h2m + delete mode 100644 docs/man/grub-probe.h2m + delete mode 100644 docs/man/grub-reboot.h2m + delete mode 100644 docs/man/grub-render-label.h2m + delete mode 100644 docs/man/grub-script-check.h2m + delete mode 100644 docs/man/grub-set-default.h2m + delete mode 100644 docs/man/grub-sparc64-setup.h2m + delete mode 100644 docs/man/grub-syslinux2cfg.h2m + create mode 100644 util/grub-bios-setup.8 + create mode 100644 util/grub-editenv.1 + create mode 100644 util/grub-file.1 + create mode 100644 util/grub-fstest.1 + create mode 100644 util/grub-glue-efi.1 + create mode 100644 util/grub-install.8 + create mode 100644 util/grub-kbdcomp.1 + create mode 100644 util/grub-macbless.1 + create mode 100644 util/grub-menulst2cfg.1 + create mode 100644 util/grub-mkconfig.8 + create mode 100644 util/grub-mkfont.1 + create mode 100644 util/grub-mkimage.1 + create mode 100644 util/grub-mklayout.1 + create mode 100644 util/grub-mknetdir.1 + create mode 100644 util/grub-mkpasswd-pbkdf2.1 + create mode 100644 util/grub-mkrelpath.1 + create mode 100644 util/grub-mkrescue.1 + create mode 100644 util/grub-mkstandalone.1 + create mode 100644 util/grub-ofpathname.8 + create mode 100644 util/grub-probe.8 + create mode 100644 util/grub-reboot.8 + create mode 100644 util/grub-render-label.1 + create mode 100644 util/grub-script-check.1 + create mode 100644 util/grub-set-default.8 + create mode 100644 util/grub-sparc64-setup.8 + +diff --git a/configure.ac b/configure.ac +index 783118ccd..d5db2803e 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -70,6 +70,29 @@ grub_TRANSFORM([grub-set-default]) + grub_TRANSFORM([grub-sparc64-setup]) + grub_TRANSFORM([grub-render-label]) + grub_TRANSFORM([grub-file]) ++grub_TRANSFORM([grub-bios-setup.3]) ++grub_TRANSFORM([grub-editenv.1]) ++grub_TRANSFORM([grub-fstest.3]) ++grub_TRANSFORM([grub-glue-efi.3]) ++grub_TRANSFORM([grub-install.1]) ++grub_TRANSFORM([grub-kbdcomp.3]) ++grub_TRANSFORM([grub-menulst2cfg.1]) ++grub_TRANSFORM([grub-mkconfig.1]) ++grub_TRANSFORM([grub-mkfont.3]) ++grub_TRANSFORM([grub-mkimage.1]) ++grub_TRANSFORM([grub-mklayout.3]) ++grub_TRANSFORM([grub-mknetdir.3]) ++grub_TRANSFORM([grub-mkpasswd-pbkdf2.3]) ++grub_TRANSFORM([grub-mkrelpath.3]) ++grub_TRANSFORM([grub-mkrescue.1]) ++grub_TRANSFORM([grub-mkstandalone.3]) ++grub_TRANSFORM([grub-ofpathname.3]) ++grub_TRANSFORM([grub-probe.3]) ++grub_TRANSFORM([grub-reboot.3]) ++grub_TRANSFORM([grub-render-label.3]) ++grub_TRANSFORM([grub-script-check.3]) ++grub_TRANSFORM([grub-set-default.1]) ++grub_TRANSFORM([grub-sparc64-setup.3]) + + # Optimization flag. Allow user to override. + if test "x$TARGET_CFLAGS" = x; then +diff --git a/conf/Makefile.extra-dist b/conf/Makefile.extra-dist +index b16bd9253..39eb94bde 100644 +--- a/conf/Makefile.extra-dist ++++ b/conf/Makefile.extra-dist +@@ -11,7 +11,6 @@ EXTRA_DIST += unicode + EXTRA_DIST += util/import_gcry.py + EXTRA_DIST += util/import_unicode.py + +-EXTRA_DIST += docs/man + EXTRA_DIST += docs/autoiso.cfg + EXTRA_DIST += docs/grub.cfg + EXTRA_DIST += docs/osdetect.cfg +diff --git a/docs/Makefile.am b/docs/Makefile.am +index 93eb39627..ab28f1996 100644 +--- a/docs/Makefile.am ++++ b/docs/Makefile.am +@@ -5,5 +5,3 @@ info_TEXINFOS = grub.texi grub-dev.texi + grub_TEXINFOS = fdl.texi + + EXTRA_DIST = font_char_metrics.png font_char_metrics.txt +- +- +diff --git a/docs/man/grub-bios-setup.h2m b/docs/man/grub-bios-setup.h2m +deleted file mode 100644 +index ac6ede362..000000000 +--- a/docs/man/grub-bios-setup.h2m ++++ /dev/null +@@ -1,6 +0,0 @@ +-[NAME] +-grub-bios-setup \- set up a device to boot using GRUB +-[SEE ALSO] +-.BR grub-install (8), +-.BR grub-mkimage (1), +-.BR grub-mkrescue (1) +diff --git a/docs/man/grub-editenv.h2m b/docs/man/grub-editenv.h2m +deleted file mode 100644 +index 3859d3d4c..000000000 +--- a/docs/man/grub-editenv.h2m ++++ /dev/null +@@ -1,5 +0,0 @@ +-[NAME] +-grub-editenv \- edit GRUB environment block +-[SEE ALSO] +-.BR grub-reboot (8), +-.BR grub-set-default (8) +diff --git a/docs/man/grub-emu.h2m b/docs/man/grub-emu.h2m +deleted file mode 100644 +index ef1c00065..000000000 +--- a/docs/man/grub-emu.h2m ++++ /dev/null +@@ -1,6 +0,0 @@ +-[NAME] +-grub-emu \- GRUB emulator +-[SEE ALSO] +-If you are trying to install GRUB, then you should use +-.BR grub-install (8) +-rather than this program. +diff --git a/docs/man/grub-file.h2m b/docs/man/grub-file.h2m +deleted file mode 100644 +index e09bb4d31..000000000 +--- a/docs/man/grub-file.h2m ++++ /dev/null +@@ -1,2 +0,0 @@ +-[NAME] +-grub-file \- check file type +diff --git a/docs/man/grub-fstest.h2m b/docs/man/grub-fstest.h2m +deleted file mode 100644 +index 9676b159a..000000000 +--- a/docs/man/grub-fstest.h2m ++++ /dev/null +@@ -1,4 +0,0 @@ +-[NAME] +-grub-fstest \- debug tool for GRUB filesystem drivers +-[SEE ALSO] +-.BR grub-probe (8) +diff --git a/docs/man/grub-glue-efi.h2m b/docs/man/grub-glue-efi.h2m +deleted file mode 100644 +index c1c6ded49..000000000 +--- a/docs/man/grub-glue-efi.h2m ++++ /dev/null +@@ -1,4 +0,0 @@ +-[NAME] +-grub-glue-efi \- generate a fat binary for EFI +-[DESCRIPTION] +-grub-glue-efi processes ia32 and amd64 EFI images and glues them according to Apple format. +diff --git a/docs/man/grub-install.h2m b/docs/man/grub-install.h2m +deleted file mode 100644 +index 8cbbc87a0..000000000 +--- a/docs/man/grub-install.h2m ++++ /dev/null +@@ -1,6 +0,0 @@ +-[NAME] +-grub-install \- install GRUB to a device +-[SEE ALSO] +-.BR grub-mkconfig (8), +-.BR grub-mkimage (1), +-.BR grub-mkrescue (1) +diff --git a/docs/man/grub-kbdcomp.h2m b/docs/man/grub-kbdcomp.h2m +deleted file mode 100644 +index d81f9157e..000000000 +--- a/docs/man/grub-kbdcomp.h2m ++++ /dev/null +@@ -1,10 +0,0 @@ +-[NAME] +-grub-kbdcomp \- generate a GRUB keyboard layout file +-[DESCRIPTION] +-grub-kbdcomp processes a X keyboard layout description in +-.BR keymaps (5) +-format into a format that can be used by GRUB's +-.B keymap +-command. +-[SEE ALSO] +-.BR grub-mklayout (8) +diff --git a/docs/man/grub-macbless.h2m b/docs/man/grub-macbless.h2m +deleted file mode 100644 +index 0197c0087..000000000 +--- a/docs/man/grub-macbless.h2m ++++ /dev/null +@@ -1,4 +0,0 @@ +-[NAME] +-grub-macbless \- bless a mac file/directory +-[SEE ALSO] +-.BR grub-install (1) +diff --git a/docs/man/grub-macho2img.h2m b/docs/man/grub-macho2img.h2m +deleted file mode 100644 +index d79aaeed8..000000000 +--- a/docs/man/grub-macho2img.h2m ++++ /dev/null +@@ -1,4 +0,0 @@ +-[NAME] +-grub-macho2img \- convert Mach-O to raw image +-[SEE ALSO] +-.BR grub-mkimage (1) +diff --git a/docs/man/grub-menulst2cfg.h2m b/docs/man/grub-menulst2cfg.h2m +deleted file mode 100644 +index c2e0055ed..000000000 +--- a/docs/man/grub-menulst2cfg.h2m ++++ /dev/null +@@ -1,4 +0,0 @@ +-[NAME] +-grub-menulst2cfg \- transform legacy menu.lst into grub.cfg +-[SEE ALSO] +-.BR grub-mkconfig (8) +diff --git a/docs/man/grub-mkconfig.h2m b/docs/man/grub-mkconfig.h2m +deleted file mode 100644 +index 9b42f8130..000000000 +--- a/docs/man/grub-mkconfig.h2m ++++ /dev/null +@@ -1,4 +0,0 @@ +-[NAME] +-grub-mkconfig \- generate a GRUB configuration file +-[SEE ALSO] +-.BR grub-install (8) +diff --git a/docs/man/grub-mkfont.h2m b/docs/man/grub-mkfont.h2m +deleted file mode 100644 +index d46fe600e..000000000 +--- a/docs/man/grub-mkfont.h2m ++++ /dev/null +@@ -1,4 +0,0 @@ +-[NAME] +-grub-mkfont \- make GRUB font files +-[SEE ALSO] +-.BR grub-mkconfig (8) +diff --git a/docs/man/grub-mkimage.h2m b/docs/man/grub-mkimage.h2m +deleted file mode 100644 +index f0fbc2bb1..000000000 +--- a/docs/man/grub-mkimage.h2m ++++ /dev/null +@@ -1,6 +0,0 @@ +-[NAME] +-grub-mkimage \- make a bootable image of GRUB +-[SEE ALSO] +-.BR grub-install (8), +-.BR grub-mkrescue (1), +-.BR grub-mknetdir (8) +diff --git a/docs/man/grub-mklayout.h2m b/docs/man/grub-mklayout.h2m +deleted file mode 100644 +index 1e43409c0..000000000 +--- a/docs/man/grub-mklayout.h2m ++++ /dev/null +@@ -1,10 +0,0 @@ +-[NAME] +-grub-mklayout \- generate a GRUB keyboard layout file +-[DESCRIPTION] +-grub-mklayout processes a keyboard layout description in +-.BR keymaps (5) +-format into a format that can be used by GRUB's +-.B keymap +-command. +-[SEE ALSO] +-.BR grub-mkconfig (8) +diff --git a/docs/man/grub-mknetdir.h2m b/docs/man/grub-mknetdir.h2m +deleted file mode 100644 +index a2ef13ec1..000000000 +--- a/docs/man/grub-mknetdir.h2m ++++ /dev/null +@@ -1,4 +0,0 @@ +-[NAME] +-grub-mknetdir \- prepare a GRUB netboot directory. +-[SEE ALSO] +-.BR grub-mkimage (1) +diff --git a/docs/man/grub-mkpasswd-pbkdf2.h2m b/docs/man/grub-mkpasswd-pbkdf2.h2m +deleted file mode 100644 +index 4d202f3da..000000000 +--- a/docs/man/grub-mkpasswd-pbkdf2.h2m ++++ /dev/null +@@ -1,4 +0,0 @@ +-[NAME] +-grub-mkpasswd-pbkdf2 \- generate hashed password for GRUB +-[SEE ALSO] +-.BR grub-mkconfig (8) +diff --git a/docs/man/grub-mkrelpath.h2m b/docs/man/grub-mkrelpath.h2m +deleted file mode 100644 +index d01f3961e..000000000 +--- a/docs/man/grub-mkrelpath.h2m ++++ /dev/null +@@ -1,4 +0,0 @@ +-[NAME] +-grub-mkrelpath \- make a system path relative to its root +-[SEE ALSO] +-.BR grub-probe (8) +diff --git a/docs/man/grub-mkrescue.h2m b/docs/man/grub-mkrescue.h2m +deleted file mode 100644 +index a427f02e3..000000000 +--- a/docs/man/grub-mkrescue.h2m ++++ /dev/null +@@ -1,4 +0,0 @@ +-[NAME] +-grub-mkrescue \- make a GRUB rescue image +-[SEE ALSO] +-.BR grub-mkimage (1) +diff --git a/docs/man/grub-mkstandalone.h2m b/docs/man/grub-mkstandalone.h2m +deleted file mode 100644 +index c77313978..000000000 +--- a/docs/man/grub-mkstandalone.h2m ++++ /dev/null +@@ -1,4 +0,0 @@ +-[NAME] +-grub-mkstandalone \- make a memdisk-based GRUB image +-[SEE ALSO] +-.BR grub-mkimage (1) +diff --git a/docs/man/grub-mount.h2m b/docs/man/grub-mount.h2m +deleted file mode 100644 +index 8d168982d..000000000 +--- a/docs/man/grub-mount.h2m ++++ /dev/null +@@ -1,2 +0,0 @@ +-[NAME] +-grub-mount \- export GRUB filesystem with FUSE +diff --git a/docs/man/grub-ofpathname.h2m b/docs/man/grub-ofpathname.h2m +deleted file mode 100644 +index 74b43eea0..000000000 +--- a/docs/man/grub-ofpathname.h2m ++++ /dev/null +@@ -1,4 +0,0 @@ +-[NAME] +-grub-ofpathname \- find OpenBOOT path for a device +-[SEE ALSO] +-.BR grub-probe (8) +diff --git a/docs/man/grub-pe2elf.h2m b/docs/man/grub-pe2elf.h2m +deleted file mode 100644 +index 7ca29bd70..000000000 +--- a/docs/man/grub-pe2elf.h2m ++++ /dev/null +@@ -1,4 +0,0 @@ +-[NAME] +-grub-pe2elf \- convert PE image to ELF +-[SEE ALSO] +-.BR grub-mkimage (1) +diff --git a/docs/man/grub-probe.h2m b/docs/man/grub-probe.h2m +deleted file mode 100644 +index 6e1ffdcf9..000000000 +--- a/docs/man/grub-probe.h2m ++++ /dev/null +@@ -1,4 +0,0 @@ +-[NAME] +-grub-probe \- probe device information for GRUB +-[SEE ALSO] +-.BR grub-fstest (1) +diff --git a/docs/man/grub-reboot.h2m b/docs/man/grub-reboot.h2m +deleted file mode 100644 +index e4acace65..000000000 +--- a/docs/man/grub-reboot.h2m ++++ /dev/null +@@ -1,5 +0,0 @@ +-[NAME] +-grub-reboot \- set the default boot entry for GRUB, for the next boot only +-[SEE ALSO] +-.BR grub-set-default (8), +-.BR grub-editenv (1) +diff --git a/docs/man/grub-render-label.h2m b/docs/man/grub-render-label.h2m +deleted file mode 100644 +index 50ae5247c..000000000 +--- a/docs/man/grub-render-label.h2m ++++ /dev/null +@@ -1,3 +0,0 @@ +-[NAME] +-grub-render-label \- generate a .disk_label for Apple Macs. +- +diff --git a/docs/man/grub-script-check.h2m b/docs/man/grub-script-check.h2m +deleted file mode 100644 +index 365368267..000000000 +--- a/docs/man/grub-script-check.h2m ++++ /dev/null +@@ -1,4 +0,0 @@ +-[NAME] +-grub-script-check \- check grub.cfg for syntax errors +-[SEE ALSO] +-.BR grub-mkconfig (8) +diff --git a/docs/man/grub-set-default.h2m b/docs/man/grub-set-default.h2m +deleted file mode 100644 +index 7945001c1..000000000 +--- a/docs/man/grub-set-default.h2m ++++ /dev/null +@@ -1,5 +0,0 @@ +-[NAME] +-grub-set-default \- set the saved default boot entry for GRUB +-[SEE ALSO] +-.BR grub-reboot (8), +-.BR grub-editenv (1) +diff --git a/docs/man/grub-sparc64-setup.h2m b/docs/man/grub-sparc64-setup.h2m +deleted file mode 100644 +index 18f803a50..000000000 +--- a/docs/man/grub-sparc64-setup.h2m ++++ /dev/null +@@ -1,6 +0,0 @@ +-[NAME] +-grub-sparc64-setup \- set up a device to boot using GRUB +-[SEE ALSO] +-.BR grub-install (8), +-.BR grub-mkimage (1), +-.BR grub-mkrescue (1) +diff --git a/docs/man/grub-syslinux2cfg.h2m b/docs/man/grub-syslinux2cfg.h2m +deleted file mode 100644 +index ad25c8ab7..000000000 +--- a/docs/man/grub-syslinux2cfg.h2m ++++ /dev/null +@@ -1,4 +0,0 @@ +-[NAME] +-grub-syslinux2cfg \- transform syslinux config into grub.cfg +-[SEE ALSO] +-.BR grub-menulst2cfg (8) +diff --git a/gentpl.py b/gentpl.py +index da67965a4..bf8439fa7 100644 +--- a/gentpl.py ++++ b/gentpl.py +@@ -802,10 +802,7 @@ def manpage(defn, adddeps): + + output("if COND_MAN_PAGES\n") + gvar_add("man_MANS", name + "." + mansection) +- rule(name + "." + mansection, name + " " + adddeps, """ +-chmod a+x """ + name + """ +-PATH=$(builddir):$$PATH pkgdatadir=$(builddir) $(HELP2MAN) --section=""" + mansection + """ -i $(top_srcdir)/docs/man/""" + name + """.h2m -o $@ """ + name + """ +-""") ++ rule(name + "." + mansection, name + " " + adddeps, "cat $(top_srcdir)/util/" + name + "." + mansection + " | $(top_builddir)/config.status --file=$@:-") + gvar_add("CLEANFILES", name + "." + mansection) + output("endif\n") + +diff --git a/util/grub-bios-setup.8 b/util/grub-bios-setup.8 +new file mode 100644 +index 000000000..56f582b3d +--- /dev/null ++++ b/util/grub-bios-setup.8 +@@ -0,0 +1,54 @@ ++.TH GRUB-BIOS-SETUP 3 "Wed Feb 26 2014" ++.SH NAME ++\fBgrub-bios-setup\fR \(em Set up images to boot from a device. ++ ++.SH SYNOPSIS ++\fBgrub-bios-setup\fR [-a | --allow-floppy] [-b | --boot-image=\fIFILE\fR] ++.RS 17 ++[-c | --core-image=\fIFILE\fR] [-d | --directory=\fIDIR\fR] ++.RE ++.RS 17 ++[-f | --force] [-m | --device-map=\fIFILE\fR] ++.RE ++.RS 17 ++[-s | --skip-fs-probe] [-v | --verbose] \fIDEVICE\fR ++ ++.SH DESCRIPTION ++You should not normally run this program directly. Use grub-install instead. ++ ++.SH OPTIONS ++.TP ++\fB--allow-floppy\fR ++Make the device also bootable as a floppy. This option is the default for ++/dev/fdX devices. Some BIOSes will not boot images created with this option. ++ ++.TP ++\fB--boot-image\fR=\fIFILE\fR ++Use FILE as the boot image. The default value is \fBboot.img\fR. ++ ++.TP ++\fB--core-image\fR=\fIFILE\fR ++Use FILE as ther core image. The default value is \fBcore.img\fR. ++ ++.TP ++\fB--directory\fR=\fIDIR\fR ++Use GRUB files in the directory DIR. The default value is \fB/boot/grub\fR. ++ ++.TP ++\fB--force\fR ++Install even if problems are detected. ++ ++.TP ++\fB--device-map\fR=\fIFILE\fR ++Use FILE as the device map. The default value is /boot/grub/device.map . ++ ++.TP ++\fB--skip-fs-probe\fR ++Do not probe DEVICE for filesystems. ++ ++.TP ++\fB--verbose\fR ++Print verbose messages. ++ ++.SH SEE ALSO ++.BR "info grub" +diff --git a/util/grub-editenv.1 b/util/grub-editenv.1 +new file mode 100644 +index 000000000..d28ba03ba +--- /dev/null ++++ b/util/grub-editenv.1 +@@ -0,0 +1,46 @@ ++.TH GRUB-EDITENV 1 "Wed Feb 26 2014" ++.SH NAME ++\fBgrub-editenv\fR \(em Manage the GRUB environment block. ++ ++.SH SYNOPSIS ++\fBgrub-editenv\fR [-v | --verbose] [\fIFILE\fR] ++.RS 14 ++ ++ ++.SH DESCRIPTION ++\fBgrub-editenv\fR is a command line tool to manage GRUB's stored environment. ++ ++.SH OPTIONS ++.TP ++\fB--verbose\fR ++Print verbose messages. ++ ++.TP ++\fBFILE\fR ++.RS 7 ++File name to use for grub environment. Default is /boot/grub/grubenv . ++.RE ++ ++.SH COMMANDS ++.TP ++\fBcreate\fR ++.RS 7 ++Create a blank environment block file. ++.RE ++ ++.TP ++\fBlist\fR ++.RS 7 ++List the current variables. ++.RE ++ ++.TP ++\fBset\fR [\fINAME\fR=\fIVALUE\fR ...] ++Set variables. ++ ++.TP ++\fBunset [\fINAME\fR ...] ++Delete variables. ++ ++.SH SEE ALSO ++.BR "info grub" +diff --git a/util/grub-file.1 b/util/grub-file.1 +new file mode 100644 +index 000000000..b29cb3278 +--- /dev/null ++++ b/util/grub-file.1 +@@ -0,0 +1,165 @@ ++.TH GRUB-FILE 1 "Web Feb 26 2014" ++.SH NAME ++\fBgrub-file\fR \(em Check if FILE is of specified type. ++ ++.SH SYNOPSIS ++\fBgrub-file\fR (--is-i386-xen-pae-domu | --is-x86_64-xen-domu | ++.RS 11 ++--is-x86-xen-dom0 | --is-x86-multiboot | ++.RE ++.RS 11 ++--is-x86-multiboot2 | --is-arm-linux | --is-arm64-linux | ++.RE ++.RS 11 ++--is-ia64-linux | --is-mips-linux | --is-mipsel-linux | ++.RE ++.RS 11 ++--is-sparc64-linux | --is-powerpc-linux | --is-x86-linux | ++.RE ++.RS 11 ++--is-x86-linux32 | --is-x86-kfreebsd | --is-i386-kfreebsd | ++.RE ++.RS 11 ++--is-x86_64-kfreebsd | --is-x86-knetbsd | ++.RE ++.RS 11 ++--is-i386-knetbsd | --is-x86_64-knetbsd | --is-i386-efi | ++.RE ++.RS 11 ++--is-x86_64-efi | --is-ia64-efi | --is-arm64-efi | ++.RE ++.RS 11 ++--is-arm-efi | --is-hibernated-hiberfil | --is-x86_64-xnu | ++.RE ++.RS 11 ++--is-i386-xnu | --is-xnu-hibr | --is-x86-bios-bootsector) ++.RE ++.RS 11 ++\fIFILE\fR ++ ++.SH DESCRIPTION ++\fBgrub-file\fR is used to check if \fIFILE\fR is of a specified type. ++ ++.SH OPTIONS ++.TP ++--is-i386-xen-pae-domu ++Check if FILE can be booted as i386 PAE Xen unprivileged guest kernel ++ ++.TP ++--is-x86_64-xen-domu ++Check if FILE can be booted as x86_64 Xen unprivileged guest kernel ++ ++.TP ++--is-x86-xen-dom0 ++Check if FILE can be used as Xen x86 privileged guest kernel ++ ++.TP ++--is-x86-multiboot ++Check if FILE can be used as x86 multiboot kernel ++ ++.TP ++--is-x86-multiboot2 ++Check if FILE can be used as x86 multiboot2 kernel ++ ++.TP ++--is-arm-linux ++Check if FILE is ARM Linux ++ ++.TP ++--is-arm64-linux ++Check if FILE is ARM64 Linux ++ ++.TP ++--is-ia64-linux ++Check if FILE is IA64 Linux ++ ++.TP ++--is-mips-linux ++Check if FILE is MIPS Linux ++ ++.TP ++--is-mipsel-linux ++Check if FILE is MIPSEL Linux ++ ++.TP ++--is-sparc64-linux ++Check if FILE is SPARC64 Linux ++ ++.TP ++--is-powerpc-linux ++Check if FILE is POWERPC Linux ++ ++.TP ++--is-x86-linux ++Check if FILE is x86 Linux ++ ++.TP ++--is-x86-linux32 ++Check if FILE is x86 Linux supporting 32-bit protocol ++ ++.TP ++--is-x86-kfreebsd ++Check if FILE is x86 kFreeBSD ++ ++.TP ++--is-i386-kfreebsd ++Check if FILE is i386 kFreeBSD ++ ++.TP ++--is-x86_64-kfreebsd ++Check if FILE is x86_64 kFreeBSD ++ ++.TP ++--is-x86-knetbsd ++Check if FILE is x86 kNetBSD ++ ++.TP ++--is-i386-knetbsd ++Check if FILE is i386 kNetBSD ++ ++.TP ++--is-x86_64-knetbsd ++Check if FILE is x86_64 kNetBSD ++ ++.TP ++--is-i386-efi ++Check if FILE is i386 EFI file ++ ++.TP ++--is-x86_64-efi ++Check if FILE is x86_64 EFI file ++ ++.TP ++--is-ia64-efi ++Check if FILE is IA64 EFI file ++ ++.TP ++--is-arm64-efi ++Check if FILE is ARM64 EFI file ++ ++.TP ++--is-arm-efi ++Check if FILE is ARM EFI file ++ ++.TP ++--is-hibernated-hiberfil ++Check if FILE is hiberfil.sys in hibernated state ++ ++.TP ++--is-x86_64-xnu ++Check if FILE is x86_64 XNU (Mac OS X kernel) ++ ++.TP ++--is-i386-xnu ++Check if FILE is i386 XNU (Mac OS X kernel) ++ ++.TP ++--is-xnu-hibr ++Check if FILE is XNU (Mac OS X kernel) hibernated image ++ ++.TP ++--is-x86-bios-bootsector ++Check if FILE is BIOS bootsector ++ ++.SH SEE ALSO ++.BR "info grub" +diff --git a/util/grub-fstest.1 b/util/grub-fstest.1 +new file mode 100644 +index 000000000..792fa7863 +--- /dev/null ++++ b/util/grub-fstest.1 +@@ -0,0 +1,99 @@ ++.TH GRUB-FSTEST 3 "Wed Feb 26 2014" ++.SH NAME ++\fBgrub-fstest\fR — Debug tool for GRUB's filesystem driver. ++ ++.SH SYNOPSIS ++\fBgrub-fstest\fR [-c | --diskcount=\fINUM\fR] [-C | --crypto] ++.RS 13 ++[-d | --debug=\fISTRING\fR] [-K | --zfs-key=\fIFILE\fR|\fIprompt\fR] ++.RE ++.RS 13 ++[-n | --length=\fINUM\fR] [-r | --root=\fIDEVICE_NAME\fR] ++.RE ++.RS 13 ++[-s | --skip=\fINUM\fR] [-u | --uncompress] [-v | --verbose] ++.RE ++.RS 13 ++\fIIMAGE_PATH\fR ++ ++.SH DESCRIPTION ++\fBgrub-fstest\fR is a tool for testing GRUB's filesystem drivers. You should not normally need to run this program. ++ ++.SH OPTIONS ++.TP ++\fB--diskcount\fR=\fINUM\fR ++Specify the number of input files. ++ ++.TP ++\fB--crypto\fR ++Mount cryptographic devices. ++ ++.TP ++\fB--debug\fR=\fISTRING\fR ++Set debug environment variable. ++ ++.TP ++\fB--zfs-key\fR=\fIFILE\fR|\fIprompt\fR ++Load ZFS cryptographic key. ++ ++.TP ++\fB--length\fR=\fINUM\fR ++Handle NUM bytes in output file. ++ ++.TP ++\fB--root\fR=\fIDEVICE_NAME\fR ++Set root device. ++ ++.TP ++\fB--skip\fR=\fINUM\fR ++Skip NUM bytes from output file. ++ ++.TP ++\fB--uncompress\fR ++Uncompress data. ++ ++.TP ++\fB--verbose\fR ++Print verbose messages. ++ ++.SH COMMANDS ++.TP ++\fBblocklist\fR \fIFILE\fR ++Display block list of \fIFILE\fR. ++ ++.TP ++\fBcat\fR \fIFILE\fR ++Display \fIFILE\fR on standard output. ++ ++.TP ++\fBcmp\fR \fIFILE\fR \fILOCAL\fR ++Compare \fIFILE\fR with local file \fILOCAL\fR. ++ ++.TP ++\fBcp\fR \fIFILE\fR \fILOCAL\fR ++Copy \fIFILE\fR to local file \fILOCAL\fR. ++ ++.TP ++\fBcrc\fR \fIFILE\fR ++Display the CRC-32 checksum of \fIFILE\fR. ++ ++.TP ++\fBhex\fR \fIFILE\fR ++Display contents of \fIFILE\fR in hexidecimal. ++ ++.TP ++\fBls\fR \fIPATH\fR ++List files at \fIPATH\fR. ++ ++.TP ++\fBxnu_uuid\fR \fIDEVICE\fR ++Display the XNU UUID of \fIDEVICE\fR. ++ ++.SH SEE ALSO ++.BR "info grub" +diff --git a/util/grub-glue-efi.1 b/util/grub-glue-efi.1 +new file mode 100644 +index 000000000..72bd555d5 +--- /dev/null ++++ b/util/grub-glue-efi.1 +@@ -0,0 +1,31 @@ ++.TH GRUB-GLUE-EFI 3 "Wed Feb 26 2014" ++.SH NAME ++\fBgrub-glue-efi\fR \(em Create an Apple fat EFI binary. ++ ++.SH SYNOPSIS ++\fBgrub-glue-efi\fR <-3 | --input32=\fIFILE\fR> <-6 | --input64=\fIFILE\fR> ++.RS 15 ++<-o | --output=\fIFILE\fR> [-v | --verbose] ++ ++.SH DESCRIPTION ++\fBgrub-glue-efi\fR creates an Apple fat EFI binary from two EFI binaries. ++ ++.SH OPTIONS ++.TP ++\fB--input32\fR=\fIFILE\fR ++Read 32-bit binary from \fIFILE\fR. ++ ++.TP ++\fB--input64\fR=\fIFILE\fR ++Read 64-bit binary from \fIFILE\fR. ++ ++.TP ++\fB--output\fR=\fIFILE\fR ++Write resulting fat binary to \fIFILE\fR. ++ ++.TP ++\fB--verbose\fR ++Print verbose messages. ++ ++.SH SEE ALSO ++.BR "info grub" +diff --git a/util/grub-install.8 b/util/grub-install.8 +new file mode 100644 +index 000000000..76272a39d +--- /dev/null ++++ b/util/grub-install.8 +@@ -0,0 +1,129 @@ ++.TH GRUB-INSTALL 1 "Wed Feb 26 2014" ++.SH NAME ++\fBgrub-install\fR \(em Install GRUB on a device. ++ ++.SH SYNOPSIS ++\fBgrub-install\fR [--modules=\fIMODULES\fR] [--install-modules=\fIMODULES\fR] ++.RS 14 ++[--themes=\fITHEMES\fR] [--fonts=\fIFONTS\fR] [--locales=\fILOCALES\fR] ++.RE ++.RS 14 ++[--compress[=\fIno\fR,\fIxz\fR,\fIgz\fR,\fIlzo\fR]] [-d | --directory=\fIDIR\fR] ++.RE ++.RS 14 ++[--grub-mkimage=\fIFILE\fR] [--boot-directory=\fIDIR\fR] ++.RE ++.RS 14 ++[--target=\fITARGET\fR] [--grub-setup=\fIFILE\fR] ++.RE ++.RS 14 ++[--grub-mkrelpath=\fIFILE\fR] [--grub-probe=\fIFILE\fR] ++.RE ++.RS 14 ++[--allow-floppy] [--recheck] [--force] [--force-file-id] ++.RE ++.RS 14 ++[--disk-module=\fIMODULE\fR] [--no-nvram] [--removable] ++.RE ++.RS 14 ++[--bootloader-id=\fIID\fR] [--efi-directory=\fIDIR\fR] \fIINSTALL_DEVICE\fR ++ ++.SH DESCRIPTION ++\fBgrub-install\fR installs GRUB onto a device. This includes copying GRUB images into the target directory (generally \fI/boot/grub\fR), and on some platforms may also include installing GRUB onto a boot sector. ++ ++.SH OPTIONS ++.TP ++\fB--modules\fR=\fIMODULES\fR\! ++Pre-load modules specified by \fIMODULES\fR. ++ ++.TP ++\fB--install-modules\fR=\fIMODULES\fR ++Install only \fIMODULES\fR and their dependencies. The default is to install all available modules. ++ ++.TP ++\fB--themes\fR=\fITHEMES\fR ++Install \fITHEMES\fR. The default is to install the \fIstarfield\fR theme, if available. ++ ++.TP ++\fB--fonts\fR=\fIFONTS\fR ++Install \fIFONTS\fR. The default is to install the \fIunicode\fR font. ++ ++.TP ++\fB--locales\fR=\fILOCALES\fR ++Install only locales listed in \fILOCALES\fR. The default is to install all available locales. ++ ++.TP ++\fB--compress\fR=\fIno\fR,\fIxz\fR,\fIgz\fR,\fIlzo\fR ++Compress GRUB files using the specified compression algorithm. ++ ++.TP ++\fB--directory\fR=\fIDIR\fR ++Use images and modules in \fIDIR\fR. ++ ++.TP ++\fB--grub-mkimage\fR=\fIFILE\fR ++Use \fIFILE\fR as \fBgrub-mkimage\fR. The default is \fI/usr/bin/grub-mkimage\fR. ++ ++.TP ++\fB--boot-directory\fR=\fIDIR\fR ++Use \fIDIR\fR as the boot directory. The default is \fI/boot\fR. GRUB will put its files in a subdirectory of this directory named \fIgrub\fR. ++ ++.TP ++\fB--target\fR=\fITARGET\fR ++Install GRUB for \fITARGET\fR platform. The default is the platform \fBgrub-install\fR is running on. ++ ++.TP ++\fB--grub-setup\fR=\fIFILE\fR ++Use \fIFILE\fR as \fBgrub-setup\fR. The default is \fI/usr/bin/grub-setup\fR. ++ ++.TP ++\fB--grub-mkrelpath\fR=\fIFILE\fR ++Use \fIFILE\fR as \fBgrub-mkrelpath\fR. The default is \fI/usr/bin/grub-mkrelpath\fR. ++ ++.TP ++\fB--grub-probe\fR=\fIFILE\fR ++Use \fIFILE\fR as \fBgrub-probe\fR. The default is \fI/usr/bin/grub-mkrelpath\fR. ++ ++.TP ++\fB--allow-floppy ++Make the device also bootable as a floppy. This option is the default for /dev/fdX devices. Some BIOSes will not boot images created with this option. ++ ++.TP ++\fB--recheck ++Delete any existing device map and create a new one if necessary. ++ ++.TP ++\fB--force ++Install even if problems are detected. ++ ++.TP ++\fB--force-file-id ++Use identifier file even if UUID is available. ++ ++.TP ++\fB--disk-module\fR=\fIMODULE\fR ++Use \fIMODULE\fR for disk access. This allows you to manually specify either \fIbiosdisk\fR or \fInative\fR disk access. This option is only available on the BIOS target platform. ++ ++.TP ++\fB--no-nvram ++Do not update the \fIboot-device\fR NVRAM variable. This option is only available on IEEE1275 target platforms. ++ ++.TP ++\fB--removable ++Treat the target device as if it is removeable. This option is only available on the EFI target platform. ++ ++.TP ++\fB--bootloader-id\fR=\fIID\fR ++Use \fIID\fR as the bootloader ID. This opption is only available on the EFI target platform. ++ ++.TP ++\fB--efi-directory\fR=\fIDIR\fR ++Use \fIDIR\fR as the EFI System Partition root. This opption is only available on the EFI ta ++rget platform. ++ ++.TP ++\fIINSTALL_DEVICE\fR ++Install GRUB to the block device \fIINSTALL_DEVICE\fR. ++ ++.SH SEE ALSO ++.BR "info grub" +diff --git a/util/grub-kbdcomp.1 b/util/grub-kbdcomp.1 +new file mode 100644 +index 000000000..0bb969a5b +--- /dev/null ++++ b/util/grub-kbdcomp.1 +@@ -0,0 +1,19 @@ ++.TH GRUB-KBDCOMP 3 "Wed Feb 26 2014" ++.SH NAME ++\fBgrub-kbdcomp\fR \(em Generate a GRUB keyboard layout file. ++ ++.SH SYNOPSIS ++\fBgrub-kbdcomp\fR <-o | --output=\fIFILE\fR> \fICKBMAP_ARGUMENTS\fR ++ ++.SH DESCRIPTION ++\fBgrub-kbdcomp\fR processes an X keyboard layout description in ++\fBkeymaps\fR(5) format into a format that can be used by GRUB's \fBkeymap\fR ++command. ++ ++.SH OPTIONS ++.TP ++\fB--output\fR=\fIFILE\fR ++Write output to \fIFILE\fR. ++ ++.SH SEE ALSO ++.BR "info grub" +diff --git a/util/grub-macbless.1 b/util/grub-macbless.1 +new file mode 100644 +index 000000000..41a96186f +--- /dev/null ++++ b/util/grub-macbless.1 +@@ -0,0 +1,22 @@ ++.TH GRUB-MACBLESS 1 "Wed Feb 26 2014" ++.SH NAME ++\fBgrub-macbless\fR \(em Mac-style bless on HFS or HFS+ ++ ++.SH SYNOPSIS ++\fBgrub-macbless\fR [-v | --verbose] [-p | --ppc] \fIFILE\fR | [-x | --x86] \fIFILE\fR ++ ++.SH OPTIONS ++.TP ++--x86 ++Bless for x86 based Macs. ++ ++.TP ++--ppc ++Bless for PPC based Macs. ++ ++.TP ++--verbose ++Print verbose messages. ++ ++.SH SEE ALSO ++.BR "info grub" +diff --git a/util/grub-menulst2cfg.1 b/util/grub-menulst2cfg.1 +new file mode 100644 +index 000000000..91e2ef871 +--- /dev/null ++++ b/util/grub-menulst2cfg.1 +@@ -0,0 +1,12 @@ ++.TH GRUB-MENULST2CFG 1 "Wed Feb 26 2014" ++.SH NAME ++\fBgrub-menulst2cfg\fR \(em Convert a configuration file from GRUB 0.xx to GRUB 2.xx format. ++ ++.SH SYNOPSIS ++\fBgrub-menulst2cfg\fR [\fIINFILE\fR [\fIOUTFILE\fR]] ++ ++.SH DESCRIPTION ++\fBgrub-menulst2cfg\fR converts a configuration file from GRUB 0.xx to the current format. ++ ++.SH SEE ALSO ++.BR "info grub" +diff --git a/util/grub-mkconfig.8 b/util/grub-mkconfig.8 +new file mode 100644 +index 000000000..a2d1f577b +--- /dev/null ++++ b/util/grub-mkconfig.8 +@@ -0,0 +1,17 @@ ++.TH GRUB-MKCONFIG 1 "Wed Feb 26 2014" ++.SH NAME ++\fBgrub-mkconfig\fR \(em Generate a GRUB configuration file. ++ ++.SH SYNOPSIS ++\fBgrub-mkconfig\fR [-o | --output=\fIFILE\fR] ++ ++.SH DESCRIPTION ++\fBgrub-mkconfig\fR generates a configuration file for GRUB. ++ ++.SH OPTIONS ++.TP ++\fB--output\fR=\fIFILE\fR ++Write generated output to \fIFILE\fR. ++ ++.SH SEE ALSO ++.BR "info grub" +diff --git a/util/grub-mkfont.1 b/util/grub-mkfont.1 +new file mode 100644 +index 000000000..349485798 +--- /dev/null ++++ b/util/grub-mkfont.1 +@@ -0,0 +1,87 @@ ++.TH GRUB-MKFONT 3 "Wed Feb 26 2014" ++.SH NAME ++\fBgrub-mkfont\fR \(em Convert common font file formats into the PF2 format. ++ ++.SH SYNOPSIS ++\fBgrub-mkfont\fR [--ascii-bitmaps] [-a | --force-autohint] ++.RS 13 ++[-b | --bold] [-c | --asce=\fINUM\fR] [-d | --desc=\fINUM\fR] ++.RE ++.RS 13 ++[-i | --index=\fINUM\fR] [-n | --name=\fINAME\fR] [--no-bitmap] ++.RE ++.RS 13 ++[--no-hinting] <-o | --output=\fIFILE\fR> ++.RE ++.RS 13 ++[-r | --range=\fIFROM-TO\fR[\fI,FROM-TO\fR]] [-s | --size=\fISIZE\fR] ++.RE ++.RS 13 ++[-v | --verbose] [--width-spec] \fIFONT_FILES\fR ++ ++.SH DESCRIPTION ++\fBgrub-mkfont\fR converts font files from common formats into the PF2 format used by GRUB. ++ ++.SH OPTIONS ++.TP ++--ascii-bitmaps ++Save only bitmaps for ASCII characters. ++ ++.TP ++--force-autohint ++Force generation of automatic hinting. ++ ++.TP ++--bold ++Convert font to bold. ++ ++.TP ++--asce=\fINUM\fR ++Set font ascent to \fINUM\fR. ++ ++.TP ++--desc=\fINUM\fR ++Set font descent to \fINUM\fR. ++ ++.TP ++--index=\fINUM\fR ++Select face index \fINUM\fR. ++ ++.TP ++--name=\fINAME\fR ++Set font family to \fINAME\fR. ++ ++.TP ++--no-bitmap ++Ignore bitmap strikes when loading. ++ ++.TP ++--no-hinting ++Disable hinting. ++ ++.TP ++--output=\fIFILE\fR ++Save ouptut to \fIFILE\fR. This argument is required. ++ ++.TP ++--range=\fIFROM-TO\fR\fI,FROM-TO\fR ++Set the font ranges to each pair of \fIFROM\fR,\fITO\fR. ++ ++.TP ++--size=\fISIZE\fR ++Set font size to \fISIZE\fR. ++ ++.TP ++--verbose ++Print verbose messages. ++ ++.TP ++--width-spec ++Create a width summary file. ++ ++.TP ++\fIFONT_FILES\fR ++The input files to be converted. ++ ++.SH SEE ALSO ++.BR "info grub" +diff --git a/util/grub-mkimage.1 b/util/grub-mkimage.1 +new file mode 100644 +index 000000000..4dea4f545 +--- /dev/null ++++ b/util/grub-mkimage.1 +@@ -0,0 +1,95 @@ ++.TH GRUB-MKIMAGE 1 "Wed Feb 26 2014" ++.SH NAME ++\fBgrub-mkimage\fR \(em Make a bootable GRUB image. ++ ++.SH SYNOPSIS ++\fBgrub-mkimage\fR [-c | --config=\fRFILE\fI] [-C | --compression=(\fIxz\fR,\fInone\fR,\fIauto\fR)] ++.RS 14 ++[-d | --directory=\fRDIR\fR] [-k | --pubkey=\fIFILE\fR] ++.RE ++.RS 14 ++[-m | --memdisk=\fIFILE\fR] [-n | --note] [-o | --output=\fIFILE\fR] ++.RE ++.RS 14 ++[-O | --format=\fIFORMAT\fR] [-p | --prefix=\fIDIR\fR] ++.RE ++.RS 14 ++[-v | --verbose] \fIMODULES\fR ++ ++.SH DESCRIPTION ++\fBgrub-mkimage\fI builds a bootable image of GRUB. ++ ++.SH OPTIONS ++.TP ++--config=\fIFILE\fR ++Embed \fIFILE\fR as the image's initial configuration file. ++ ++.TP ++--compression=(\fIxz\fR,\fInone\fR,\fIauto\fR) ++Use one of \fIxz\fR, \fInone\fR, or \fIauto\fR as the compression method for the core image. ++ ++.TP ++--directory=\fIDIR\fR ++Use images and modules from \fIDIR\fR. The default value is \fB/usr/lib/grub/\fR. ++ ++.TP ++--pubkey=\fIFILE\fR ++Embed the public key \fIFILE\fR for signature checking. ++ ++.TP ++--memdisk=\fIFILE\fR ++Embed the memdisk image \fIFILE\fR. If no \fB-p\fR option is also specified, this implies \fI-p (memdisk)/boot/grub\fR. ++ ++.TP ++--note ++Add a CHRP \fINOTE\fR section. This option is only valid on IEEE1275 platforms. ++ ++.TP ++--output=\fIFILE\fR ++Write the generated file to \fIFILE\fR. The default is to write to standard output. ++ ++.TP ++--format=\fIFORMAT\fR ++Generate an image in the specified \fIFORMAT\fR. Valid values are: ++.RS ++.RS 4 ++.P ++i386-coreboot, ++i386-multiboot, ++i386-pc, ++i386-pc-pxe, ++i386-efi, ++i386-ieee1275, ++i386-qemu, ++x86_64-efi, ++mipsel-yeeloong-flash, ++mipsel-fuloong2f-flash, ++mipself-loongson-elf, ++powerpc-ieee1275, ++sparc64-ieee1275-raw, ++sparc64-ieee1275-cdcore, ++sparc64-ieee1275-aout, ++ia64-efi, ++mips-arc, ++mipsel-arc, ++mipsel-qemu_mips-elf, ++mips-qemu_mips-flash, ++mipsel-qemu_mips-flash, ++mips-qemu_mips-elf ++.RE ++.RE ++ ++.TP ++--prefix=\fIDIR\fR ++Set prefix directory. The default value is \fI/boot/grub\fR. ++ ++.TP ++--verbose ++Print verbose messages. ++ ++.TP ++\fIMODULES\fR ++Include \fIMODULES\fR. ++ ++.SH SEE ALSO ++.BR "info grub" +diff --git a/util/grub-mklayout.1 b/util/grub-mklayout.1 +new file mode 100644 +index 000000000..d1bbc2ec5 +--- /dev/null ++++ b/util/grub-mklayout.1 +@@ -0,0 +1,27 @@ ++.TH GRUB-MKLAYOUT 3 "Wed Feb 26 2014" ++.SH NAME ++\fBgrub-mklayout\fR \(em Generate a GRUB keyboard layout file. ++ ++.SH SYNOPSIS ++\fBgrub-mklayout\fR [-i | --input=\fIFILE\fR] [-o | --output=\fIFILE\fR] ++.RS 15 ++[-v | --verbose] ++ ++.SH DESCRIPTION ++\fBgrub-mklayout\fR generates a GRUB keyboard layout description which corresponds with the Linux console layout description given as input. ++ ++.SH OPTIONS ++.TP ++--input=\fIFILE\fR ++Use \fIFILE\fR as the input. The default value is the standard input device. ++ ++.TP ++--output=\fIFILE\fR ++Use \fIFILE\fR as the output. The default value is the standard output device. ++ ++.TP ++--verbose ++Print verbose messages. ++ ++.SH SEE ALSO ++.BR "info grub" +diff --git a/util/grub-mknetdir.1 b/util/grub-mknetdir.1 +new file mode 100644 +index 000000000..fa7e8d4ef +--- /dev/null ++++ b/util/grub-mknetdir.1 +@@ -0,0 +1,12 @@ ++.TH GRUB-MKNETDIR 3 "Wed Feb 26 2014" ++.SH NAME ++\fBgrub-mknetdir\fR \(em Prepare a GRUB netboot directory. ++ ++.SH SYNOPSIS ++\fBgrub-mknetdir\fR ++ ++.SH DESCRIPTION ++\fBgrub-mknetdir\fR prepares a directory for GRUB to be netbooted from. ++ ++.SH SEE ALSO ++.BR "info grub" +diff --git a/util/grub-mkpasswd-pbkdf2.1 b/util/grub-mkpasswd-pbkdf2.1 +new file mode 100644 +index 000000000..73c437c15 +--- /dev/null ++++ b/util/grub-mkpasswd-pbkdf2.1 +@@ -0,0 +1,27 @@ ++.TH GRUB-MKPASSWD-PBKDF2 3 "Wed Feb 26 2014" ++.SH NAME ++\fBgrub-mkpasswd-pbkdf2\fR \(em Generate a PBKDF2 password hash. ++ ++.SH SYNOPSIS ++\fBgrub-mkpasswd-pbkdf2\fR [-c | --iteration-count=\fINUM\fR] [-l | --buflen=\fINUM\fR] ++.RS 22 ++[-s | --salt=\fINUM\fR] ++ ++.SH DESCRIPTION ++\fBgrub-mkpasswd-pbkdf2\fR generates a PBKDF2 password string suitable for use in a GRUB configuration file. ++ ++.SH OPTIONS ++.TP ++--iteration-count=\fINUM\fR ++Number of PBKDF2 iterations. ++ ++.TP ++--buflen=\fINUM\fR ++Length of generated hash. ++ ++.TP ++--salt=\fINUM\fR ++Length of salt to use. ++ ++.SH SEE ALSO ++.BR "info grub" +diff --git a/util/grub-mkrelpath.1 b/util/grub-mkrelpath.1 +new file mode 100644 +index 000000000..85f111362 +--- /dev/null ++++ b/util/grub-mkrelpath.1 +@@ -0,0 +1,12 @@ ++.TH GRUB-MKRELPATH 3 "Wed Feb 26 2014" ++.SH NAME ++\fBgrub-mkrelpath\fR \(em Generate a relative GRUB path given an OS path. ++ ++.SH SYNOPSIS ++\fBgrub-mkrelpath\fR \fIFILE\fR ++ ++.SH DESCRIPTION ++\fBgrub-mkrelpath\fR takes an OS filesystem path for \fIFILE\fR and returns a relative path suitable for use in a GRUB configuration file. ++ ++.SH SEE ALSO ++.BR "info grub" +diff --git a/util/grub-mkrescue.1 b/util/grub-mkrescue.1 +new file mode 100644 +index 000000000..4ed9fc723 +--- /dev/null ++++ b/util/grub-mkrescue.1 +@@ -0,0 +1,123 @@ ++.TH GRUB-MKRESCUE 3 "Wed Feb 26 2014" ++.SH NAME ++grub-mkrescue \(em Generate a GRUB rescue image using GNU Xorriso. ++ ++.SH SYNOPSIS ++\fBgrub-mkrescue\fR [-o | --output=\fIFILE\fR] [--modules=\fIMODULES\fR] ++.RS 15 ++[--install-modules=\fIMODULES\fR] [--themes=\fITHEMES\fR] ++.RE ++.RS 15 ++[--fonts=\fIFONTS\fR] [--locales=\fILOCALES\fR] ++.RE ++.RS 15 ++[--compress[=\fIno\fR,\fIxz\fR,\fIgz\fR,\fIlzo\fR]] [-d | --directory=\fIDIR\fR] ++.RE ++.RS 15 ++[--grub-mkimage=\fIFILE\fR] [--rom-directory=\fIDIR\fR] ++.RE ++.RS 15 ++[--xorriso=\fIFILE\fR] [--grub-glue-efi=\fIFILE\fR] ++.RE ++.RS 15 ++[--grub-render-label=\fIFILE\fR] [--label-font=\fIFILE\fR] ++.RE ++.RS 15 ++[--label-color=\fICOLOR\fR] [--label-bgcolor=\fIFILE\fR] ++.RE ++.RS 15 ++[--product-name=\fISTRING\fR] [--product-version=\fISTRING\fR] ++.RE ++.RS 15 ++[--sparc-boot] [--arcs-boot] ++ ++.SH DESCRIPTION ++\fBgrub-mkrescue\fR can be used to generate a rescue image with the GRUB bootloader. ++ ++.SH OPTIONS ++.TP ++\fB--output\fR=\fIFILE\fR ++Write the generated file to \fIFILE\fR. The default is to write to standard output. ++ ++.TP ++\fB--modules\fR=\fIMODULES\fR ++Pre-load modules specified by \fIMODULES\fR. ++ ++.TP ++\fB--install-modules\fR=\fIMODULES\fR ++Install only \fIMODULES\fR and their dependencies. The default is to install all available modules. ++ ++.TP ++\fB--themes\fR=\fITHEMES\fR ++Install \fITHEMES\fR. The default is to install the \fIstarfield\fR theme, if available. ++ ++.TP ++\fB--fonts\fR=\fIFONTS\fR ++Install \fIFONTS\fR. The default is to install the \fIunicode\fR font. ++ ++.TP ++\fB--locales\fR=\fILOCALES\fR ++Install only locales listed in \fILOCALES\fR. The default is to install all available locales. ++ ++.TP ++\fB--compress\fR[=\fIno\fR,\fIxz\fR,\fIgz\fR,\fIlzo\fR] ++Compress GRUB files using the specified compression algorithm. ++ ++.TP ++\fB--directory\fR=\fIDIR\fR ++Use images and modules in \fIDIR\fR. ++ ++.TP ++\fB--grub-mkimage\fR=\fIFILE\fR ++Use \fIFILE\fR as \fBgrub-mkimage\fR(1). The default is \fI/usr/bin/grub-mkimage\fR. ++ ++.TP ++\fB--rom-directory\fR=\fIDIR\fR ++Save ROM images in \fIDIR\fR. ++ ++.TP ++\fB--xorriso\fR=\fIFILE\fR ++Use \fIFILE\fR as \fBxorriso\fI. ++ ++.TP ++\fB--grub-glue-efi\fR=\fIFILE\fR ++Use \fIFILE\fR as \fBgrub-glue-efi\fR(3). ++ ++.TP ++\fB--grub-render-label\fR=\fIFILE\fR ++Use \fIFILE\fR as \fBgrub-render-label\fR(3). ++ ++.TP ++\fB--label-font\fR=\fIFILE\fR ++Use \fIFILE\fR as the font file for generated labels. ++ ++.TP ++\fB--label-color\fR=\fICOLOR\fR ++Use \fICOLOR\fI as the color for generated labels. ++ ++.TP ++\fB--label-bgcolor\fR=\fICOLOR\fR ++Use \fICOLOR\fR as the background color for generated labels. ++ ++.TP ++\fB--product-name\fR=\fISTRING\fR ++Use \fISTRING\fR as the product name in generated labels. ++ ++.TP ++\fB--product-version\fR=\fISTRING\fR ++Use \fISTRING\fR as the product version in generated labels. ++ ++.TP ++\fB--sparc-boot\fR ++Enable booting the SPARC platform. This disables HFS+, APM, ARCS, and "boot as disk image" on the \fIi386-pc\fR target platform. ++ ++.TP ++\fB--arcs-boot\fR ++Enable ARCS booting. This is typically for big-endian MIPS machines, and disables HFS+, APM, sparc64, and "boot as disk image" on the \fIi386-pc\fR target platform. ++ ++.TP ++\fB--\fR ++All options after a \fB--\fR will be passed directly to xorriso's command line when generating the image. ++ ++.SH SEE ALSO ++.BR "info grub" +diff --git a/util/grub-mkstandalone.1 b/util/grub-mkstandalone.1 +new file mode 100644 +index 000000000..ba2d2bdf2 +--- /dev/null ++++ b/util/grub-mkstandalone.1 +@@ -0,0 +1,100 @@ ++.TH GRUB-MKSTANDALONE 3 "Wed Feb 26 2014" ++.SH NAME ++\fBgrub-mkstandalone\fR \(em Generate a standalone image in the selected format. ++ ++.SH SYNOPSIS ++\fBgrub-mkstandalone\fR [-o | --output=\fIFILE\fR] [-O | --format=\fIFORMAT\fR] ++.RS 19 ++[-C | --compression=(\fIxz\fR|\fInone\fR|\fIauto\fR)] ++.RE ++.RS 19 ++[--modules=\fIMODULES\fR] [--install-modules=\fIMODULES\fR] ++.RE ++.RS 19 ++[--themes=\fITHEMES\fR] [--fonts=\fIFONTS\fR] ++.RE ++.RS 19 ++[--locales=\fILOCALES\fR] [--compress[=\fIno\fR,\fIxz\fR,\fIgz\fR,\fIlzo\fR]] ++.RE ++.RS 19 ++[-d | --directory=\fIDIR\fR] [--grub-mkimage=\fIFILE\fR] ++.RE ++.RS 19 ++\fISOURCE...\fR ++ ++.SH DESCRIPTION ++ ++.SH OPTIONS ++.TP ++--output=\fIFILE\fR ++Write the generated file to \fIFILE\fR. The default is to write to standard output. ++ ++.TP ++--format=\fIFORMAT\fR ++Generate an image in the specified \fIFORMAT\fR. Valid values are: ++.RS ++.RS 4 ++.P ++i386-coreboot, ++i386-multiboot, ++i386-pc, ++i386-pc-pxe, ++i386-efi, ++i386-ieee1275, ++i386-qemu, ++x86_64-efi, ++mipsel-yeeloong-flash, ++mipsel-fuloong2f-flash, ++mipself-loongson-elf, ++powerpc-ieee1275, ++sparc64-ieee1275-raw, ++sparc64-ieee1275-cdcore, ++sparc64-ieee1275-aout, ++ia64-efi, ++mips-arc, ++mipsel-arc, ++mipsel-qemu_mips-elf, ++mips-qemu_mips-flash, ++mipsel-qemu_mips-flash, ++mips-qemu_mips-elf ++.RE ++.RE ++ ++.TP ++--compression=(\fIxz\fR|\fInone\fR|\fIauto\fR) ++Use one of \fIxz\fR, \fInone\fR, or \fIauto\fR as the compression method for the core image. ++ ++.TP ++--modules=\fIMODULES\fR ++Pre-load modules specified by \fIMODULES\fR. ++ ++.TP ++--install-modules=\fIMODULES\fR ++Install only \fIMODULES\fR and their dependencies. The default is to install all available modules. ++ ++.TP ++--themes=\fITHEMES\fR ++Install \fITHEMES\fR. The default is to install the \fIstarfield\fR theme, if available. ++ ++.TP ++--fonts=\fIFONTS\fR ++Install \fIFONTS\fR. The default is to install the \fIunicode\fR font. ++ ++.TP ++--locales=\fILOCALES\fR ++Install only locales listed in \fILOCALES\fR. The default is to install all available locales. ++ ++.TP ++--compress[=\fIno\fR,\fIxz\fR,\fIgz\fR,\fIlzo\fR] ++Compress GRUB files using the specified compression algorithm. ++ ++.TP ++--directory=\fIDIR\fR ++Use images and modules in \fIDIR\fR. ++ ++.TP ++--grub-mkimage=\fIFILE\fR ++Use \fIFILE\fR as \fBgrub-mkimage\fR. The default is \fI/usr/bin/grub-mkimage\fR. ++ ++.SH SEE ALSO ++.BR "info grub" +diff --git a/util/grub-ofpathname.8 b/util/grub-ofpathname.8 +new file mode 100644 +index 000000000..bf3743aeb +--- /dev/null ++++ b/util/grub-ofpathname.8 +@@ -0,0 +1,12 @@ ++.TH GRUB-OFPATHNAME 3 "Wed Feb 26 2014" ++.SH NAME ++\fBgrub-ofpathname\fR \(em Generate an IEEE-1275 device path for a specified device. ++ ++.SH SYNOPSIS ++\fBgrub-ofpathname\fR \fIDEVICE\fR ++ ++.SH DESCRIPTION ++\fBgrub-ofpathname\fR generates an IEEE-1275 device path for the specified \fIDEVICE\fR. ++ ++.SH SEE ALSO ++.BR "info grub" +diff --git a/util/grub-probe.8 b/util/grub-probe.8 +new file mode 100644 +index 000000000..04e26c832 +--- /dev/null ++++ b/util/grub-probe.8 +@@ -0,0 +1,80 @@ ++.TH GRUB-PROBE 3 "Wed Feb 26 2014" ++.SH NAME ++\fBgrub-probe\fR \(em Probe device information for a given path. ++ ++.SH SYNOPSIS ++\fBgrub-probe\fR \[-d | --device] [-m | --device-map=\fIFILE\fR] ++.RS 12 ++[-t | --target=(fs|fs_uuid|fs_label|drive|device|partmap| ++.RE ++.RS 28 ++abstraction|cryptodisk_uuid| ++.RE ++.RS 28 ++msdos_parttype)] ++.RE ++.RS 12 ++[-v | --verbose] (PATH|DEVICE) ++ ++.SH DESCRIPTION ++\fBgrub-probe\fR probes a path or device for filesystem and related information. ++ ++.SH OPTIONS ++.TP ++--device ++Final option represents a \fIDEVICE\fR, rather than a filesystem \fIPATH\fR. ++.TP ++--device-map=\fIFILE\fR ++Use \fIFILE\fR as the device map. The default value is \fI/boot/grub/device.map\fR. ++ ++.TP ++--target=(fs|fs_uuid|fs_label|drive|device|partmap|msdos_parttype) ++Select among various output definitions. The default is \fIfs\fR. ++.RS ++.TP ++\fIfs\fR ++filesystem module ++ ++.TP ++\fIfs_uuid\fR ++filesystem UUID ++ ++.TP ++\fIfs_label\fR ++filesystem label ++ ++.TP ++\fIdrive\fR ++GRUB drive name ++ ++.TP ++\fIdevice\fR ++System device ++ ++.TP ++\fIpartmap\fR ++partition map module ++ ++.TP ++\fIabstraction\fR ++abstraction module ++ ++.TP ++\fIcryptodisk_uuid\fR ++cryptographic container ++ ++.TP ++\fImsdos_partmap\fR ++MS-DOS partition map ++.RE ++ ++.TP ++--verbose ++Print verbose output. ++ ++.TP ++(\fIPATH\fR|\fIDEVICE\fR) ++If --device is passed, a block \fIDEVICE\fR. Otherwise, the \fIPATH\fR of a file on the filesystem. ++ ++.SH SEE ALSO ++.BR "info grub" +diff --git a/util/grub-reboot.8 b/util/grub-reboot.8 +new file mode 100644 +index 000000000..faa5e4eec +--- /dev/null ++++ b/util/grub-reboot.8 +@@ -0,0 +1,21 @@ ++.TH GRUB-REBOOT 3 "Wed Feb 26 2014" ++.SH NAME ++\fBgrub-reboot\fR \(em Set the default boot menu entry for the next boot only. ++ ++.SH SYNOPSIS ++\fBgrub-reboot\fR [--boot-directory=\fIDIR\fR] \fIMENU_ENTRY\fR ++ ++.SH DESCRIPTION ++\fBgrub-reboot\fR sets the default boot menu entry for the next boot, but not further boots after that. This command only works for GRUB configuration files created with \fIGRUB_DEFAULT=saved\fR in \fI/etc/default/grub\fR. ++ ++.SH OPTIONS ++.TP ++--boot-directory=\fIDIR\fR ++Find GRUB images under \fIDIR/grub\fR. The default value is \fI/boot\fR, resulting in grub images being search for at \fI/boot/grub\fR. ++ ++.TP ++\fIMENU_ENTRY\fR ++A number, a menu item title or a menu item identifier. ++ ++.SH SEE ALSO ++.BR "info grub" +diff --git a/util/grub-render-label.1 b/util/grub-render-label.1 +new file mode 100644 +index 000000000..4d51c8abf +--- /dev/null ++++ b/util/grub-render-label.1 +@@ -0,0 +1,51 @@ ++.TH GRUB-RENDER-LABEL 3 "Wed Feb 26 2014" ++.SH NAME ++\fBgrub-render-label\fR \(em Render an Apple disk label. ++ ++.SH SYNOPSIS ++\fBgrub-render-label\fR [-b | --bgcolor=\fICOLOR\fR] [-c | --color=\fICOLOR\fR] ++.RS 19 ++[-f | --font=\fIFILE\fR] [-i | --input=\fIFILE\fR] ++.RE ++.RS 19 ++[-o | --output=\fIFILE\fR] [-t | --text=\fISTRING\fR] ++.RE ++.RS 19 ++[-v | --verbose] ++ ++.SH DESCRIPTION ++\fBgrub-render-label\fR renders an Apple disk label (.disk_label) file. ++ ++ ++.SH OPTIONS ++.TP ++\fB--color\fR=\fICOLOR\fR ++Use \fICOLOR\fI as the color for generated labels. ++ ++.TP ++\fB--bgcolor\fR=\fICOLOR\fR ++Use \fICOLOR\fR as the background color for generated labels. ++ ++.TP ++\fB--font\fR=\fIFILE\fR ++Use \fIFILE\fR as the font file for generated labels. ++ ++.TP ++--input=\fIFILE\fR ++Read input text from \fIFILE\fR. ++ ++.TP ++--output=\fIFILE\fR ++Render output to \fIFILE\fR. ++ ++.TP ++--text=\fISTRING\fR ++Use \fISTRING\fR as input text. ++ ++.TP ++--verbose ++Print verbose output. ++ ++ ++.SH SEE ALSO ++.BR "info grub" +diff --git a/util/grub-script-check.1 b/util/grub-script-check.1 +new file mode 100644 +index 000000000..0f1f625b0 +--- /dev/null ++++ b/util/grub-script-check.1 +@@ -0,0 +1,21 @@ ++.TH GRUB-SCRIPT-CHECK 3 "Wed Feb 26 2014" ++.SH NAME ++\fBgrub-script-check\fR \(em Check GRUB configuration file for syntax errors. ++ ++.SH SYNOPSIS ++\fBgrub-script-check\fR [-v | --verbose] \fIPATH\fR ++ ++.SH DESCRIPTION ++\fBgrub-script-check\fR verifies that a specified GRUB configuration file does not contain syntax errors. ++ ++.SH OPTIONS ++.TP ++--verbose ++Print verbose output. ++ ++.TP ++\fIPATH\fR ++Path of the file to use as input. ++ ++.SH SEE ALSO ++.BR "info grub" +diff --git a/util/grub-set-default.8 b/util/grub-set-default.8 +new file mode 100644 +index 000000000..a96265a15 +--- /dev/null ++++ b/util/grub-set-default.8 +@@ -0,0 +1,21 @@ ++.TH GRUB-SET-DEFAULT 1 "Wed Feb 26 2014" ++.SH NAME ++\fBgrub-set-default\fR \(em Set the default boot menu entry for GRUB. ++ ++.SH SYNOPSIS ++\fBgrub-set-default\fR [--boot-directory=\fIDIR\fR] \fIMENU_ENTRY\fR ++ ++.SH DESCRIPTION ++\fBgrub-set-default\fR sets the default boot menu entry for all subsequent boots. This command only works for GRUB configuration files created with \fIGRUB_DEFAULT=saved\fR in \fI/etc/default/grub\fR. ++ ++.SH OPTIONS ++.TP ++--boot-directory=\fIDIR\fR ++Find GRUB images under \fIDIR/grub\fR. The default value is \fI/boot\fR, resulting in grub images being search for at \fI/boot/grub\fR. ++ ++.TP ++\fIMENU_ENTRY\fR ++A number, a menu item title or a menu item identifier. ++ ++.SH SEE ALSO ++.BR "info grub" +diff --git a/util/grub-sparc64-setup.8 b/util/grub-sparc64-setup.8 +new file mode 100644 +index 000000000..37ea2dd5e +--- /dev/null ++++ b/util/grub-sparc64-setup.8 +@@ -0,0 +1,12 @@ ++.TH GRUB-SPARC64-SETUP 3 "Wed Feb 26 2014" ++.SH NAME ++\fBgrub-sparc64-setup\fR \(em Set up a device to boot a sparc64 GRUB image. ++ ++.SH SYNOPSIS ++\fBgrub-sparc64-setup\fR [OPTIONS]. ++ ++.SH DESCRIPTION ++You should not normally run this program directly. Use grub-install instead. ++ ++.SH SEE ALSO ++.BR "info grub" diff --git a/SOURCES/0049-use-fw_path-prefix-when-fallback-searching-for-grub-.patch b/SOURCES/0049-use-fw_path-prefix-when-fallback-searching-for-grub-.patch new file mode 100644 index 0000000..fdaf734 --- /dev/null +++ b/SOURCES/0049-use-fw_path-prefix-when-fallback-searching-for-grub-.patch @@ -0,0 +1,41 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Fedora Ninjas +Date: Wed, 19 Feb 2014 15:58:43 -0500 +Subject: [PATCH] use fw_path prefix when fallback searching for grub config + +When PXE booting via UEFI firmware, grub was searching for grub.cfg +in the fw_path directory where the grub application was found. If +that didn't exist, a fallback search would look for config file names +based on MAC and IP address. However, the search would look in the +prefix directory which may not be the same fw_path. This patch +changes that behavior to use the fw_path directory for the fallback +search. Only if fw_path is NULL will the prefix directory be searched. + +Signed-off-by: Mark Salter +--- + grub-core/normal/main.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/grub-core/normal/main.c b/grub-core/normal/main.c +index 0ce59fdc3..a3713efcd 100644 +--- a/grub-core/normal/main.c ++++ b/grub-core/normal/main.c +@@ -343,7 +343,7 @@ grub_cmd_normal (struct grub_command *cmd __attribute__ ((unused)), + char *config; + const char *prefix, *fw_path; + +- fw_path = grub_env_get ("fw_path"); ++ prefix = fw_path = grub_env_get ("fw_path"); + if (fw_path) + { + config = grub_xasprintf ("%s/grub.cfg", fw_path); +@@ -366,7 +366,8 @@ grub_cmd_normal (struct grub_command *cmd __attribute__ ((unused)), + } + } + +- prefix = grub_env_get ("prefix"); ++ if (! prefix) ++ prefix = grub_env_get ("prefix"); + if (prefix) + { + grub_size_t config_len; diff --git a/SOURCES/0050-Try-mac-guid-etc-before-grub.cfg-on-tftp-config-file.patch b/SOURCES/0050-Try-mac-guid-etc-before-grub.cfg-on-tftp-config-file.patch new file mode 100644 index 0000000..3fd2c29 --- /dev/null +++ b/SOURCES/0050-Try-mac-guid-etc-before-grub.cfg-on-tftp-config-file.patch @@ -0,0 +1,111 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Thu, 6 Mar 2014 11:51:33 -0500 +Subject: [PATCH] Try mac/guid/etc before grub.cfg on tftp config files. + +Signed-off-by: Peter Jones +--- + grub-core/normal/main.c | 80 ++++++++++++++++++++++++++----------------------- + 1 file changed, 43 insertions(+), 37 deletions(-) + +diff --git a/grub-core/normal/main.c b/grub-core/normal/main.c +index a3713efcd..7d9c4f09b 100644 +--- a/grub-core/normal/main.c ++++ b/grub-core/normal/main.c +@@ -341,53 +341,59 @@ grub_cmd_normal (struct grub_command *cmd __attribute__ ((unused)), + /* Guess the config filename. It is necessary to make CONFIG static, + so that it won't get broken by longjmp. */ + char *config; +- const char *prefix, *fw_path; +- +- prefix = fw_path = grub_env_get ("fw_path"); +- if (fw_path) +- { +- config = grub_xasprintf ("%s/grub.cfg", fw_path); +- if (config) +- { +- grub_file_t file; +- +- file = grub_file_open (config); +- if (file) +- { +- grub_file_close (file); +- grub_enter_normal_mode (config); +- } +- else +- { +- /* Ignore all errors. */ +- grub_errno = 0; +- } +- grub_free (config); +- } +- } ++ const char *prefix; + ++ prefix = grub_env_get ("fw_path"); + if (! prefix) + prefix = grub_env_get ("prefix"); ++ + if (prefix) +- { +- grub_size_t config_len; +- config_len = grub_strlen (prefix) + +- sizeof ("/grub.cfg-XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"); +- config = grub_malloc (config_len); ++ { ++ if (grub_strncmp (prefix + 1, "tftp", sizeof ("tftp") - 1) == 0) ++ { ++ grub_size_t config_len; ++ config_len = grub_strlen (prefix) + ++ sizeof ("/grub.cfg-XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"); ++ config = grub_malloc (config_len); + +- if (! config) +- goto quit; ++ if (! config) ++ goto quit; + +- grub_snprintf (config, config_len, "%s/grub.cfg", prefix); ++ grub_snprintf (config, config_len, "%s/grub.cfg", prefix); + +- if (grub_strncmp (prefix + 1, "tftp", sizeof ("tftp") - 1) == 0) +- grub_net_search_configfile (config); ++ grub_net_search_configfile (config); + +- grub_enter_normal_mode (config); +- grub_free (config); ++ grub_enter_normal_mode (config); ++ grub_free (config); ++ config = NULL; ++ } ++ ++ if (!config) ++ { ++ config = grub_xasprintf ("%s/grub.cfg", prefix); ++ if (config) ++ { ++ grub_file_t file; ++ ++ file = grub_file_open (config); ++ if (file) ++ { ++ grub_file_close (file); ++ grub_enter_normal_mode (config); ++ } ++ else ++ { ++ /* Ignore all errors. */ ++ grub_errno = 0; ++ } ++ grub_free (config); ++ } ++ } + } + else +- grub_enter_normal_mode (0); ++ { ++ grub_enter_normal_mode (0); ++ } + } + else + grub_enter_normal_mode (argv[0]); diff --git a/SOURCES/0051-Fix-convert-function-to-support-NVMe-devices.patch b/SOURCES/0051-Fix-convert-function-to-support-NVMe-devices.patch new file mode 100644 index 0000000..9cab67f --- /dev/null +++ b/SOURCES/0051-Fix-convert-function-to-support-NVMe-devices.patch @@ -0,0 +1,56 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Tue, 18 Feb 2014 11:34:00 -0500 +Subject: [PATCH] Fix convert function to support NVMe devices + +This is adapted from the patch at +https://bugzilla.redhat.com/show_bug.cgi?id=1019660 , which is against +the now very old version of convert_system_partition_to_system_disk(). + +As such, it certainly not the right thing for upstream, but should +function for now. + +Resolves: rhbz#1019660 + +Signed-off-by: Peter Jones +--- + util/getroot.c | 19 +++++++++++++++++++ + 1 file changed, 19 insertions(+) + +diff --git a/util/getroot.c b/util/getroot.c +index 847406fba..fa3460d6c 100644 +--- a/util/getroot.c ++++ b/util/getroot.c +@@ -153,6 +153,7 @@ convert_system_partition_to_system_disk (const char *os_dev, int *is_part) + { + #if GRUB_UTIL_FD_STAT_IS_FUNCTIONAL + struct stat st; ++ char *path = xmalloc(PATH_MAX); + + if (stat (os_dev, &st) < 0) + { +@@ -165,6 +166,24 @@ convert_system_partition_to_system_disk (const char *os_dev, int *is_part) + + *is_part = 0; + ++ if (realpath(os_dev, path)) ++ { ++ if ((strncmp ("/dev/nvme", path, 9) == 0)) ++ { ++ char *p = path + 5; ++ p = strchr(p, 'p'); ++ if (p) ++ { ++ *is_part = 1; ++ *p = '\0'; ++ } ++ return path; ++ } ++ } ++ ++ grub_free (path); ++ *is_part = 0; ++ + if (grub_util_device_is_mapped_stat (&st)) + return grub_util_devmapper_part_to_disk (&st, is_part, os_dev); + diff --git a/SOURCES/0052-reopen-SNP-protocol-for-exclusive-use-by-grub.patch b/SOURCES/0052-reopen-SNP-protocol-for-exclusive-use-by-grub.patch new file mode 100644 index 0000000..f5968a2 --- /dev/null +++ b/SOURCES/0052-reopen-SNP-protocol-for-exclusive-use-by-grub.patch @@ -0,0 +1,43 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Fedora Ninjas +Date: Sat, 15 Feb 2014 15:10:22 -0500 +Subject: [PATCH] reopen SNP protocol for exclusive use by grub + +--- + grub-core/net/drivers/efi/efinet.c | 16 ++++++++++++++++ + 1 file changed, 16 insertions(+) + +diff --git a/grub-core/net/drivers/efi/efinet.c b/grub-core/net/drivers/efi/efinet.c +index 5388f952b..ea0e0ca36 100644 +--- a/grub-core/net/drivers/efi/efinet.c ++++ b/grub-core/net/drivers/efi/efinet.c +@@ -330,6 +330,7 @@ grub_efi_net_config_real (grub_efi_handle_t hnd, char **device, + { + struct grub_net_card *card; + grub_efi_device_path_t *dp; ++ grub_efi_simple_network_t *net; + + dp = grub_efi_get_device_path (hnd); + if (! dp) +@@ -383,6 +384,21 @@ grub_efi_net_config_real (grub_efi_handle_t hnd, char **device, + &pxe_mode->dhcp_ack, + sizeof (pxe_mode->dhcp_ack), + 1, device, path); ++ net = grub_efi_open_protocol (card->efi_handle, &net_io_guid, ++ GRUB_EFI_OPEN_PROTOCOL_BY_EXCLUSIVE); ++ if (net) { ++ if (net->mode->state == GRUB_EFI_NETWORK_STOPPED ++ && efi_call_1 (net->start, net) != GRUB_EFI_SUCCESS) ++ continue; ++ ++ if (net->mode->state == GRUB_EFI_NETWORK_STOPPED) ++ continue; ++ ++ if (net->mode->state == GRUB_EFI_NETWORK_STARTED ++ && efi_call_3 (net->initialize, net, 0, 0) != GRUB_EFI_SUCCESS) ++ continue; ++ card->efi_net = net; ++ } + return; + } + } diff --git a/SOURCES/0053-Revert-reopen-SNP-protocol-for-exclusive-use-by-grub.patch b/SOURCES/0053-Revert-reopen-SNP-protocol-for-exclusive-use-by-grub.patch new file mode 100644 index 0000000..de98c2d --- /dev/null +++ b/SOURCES/0053-Revert-reopen-SNP-protocol-for-exclusive-use-by-grub.patch @@ -0,0 +1,51 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Fri, 4 Mar 2016 15:13:59 -0500 +Subject: [PATCH] Revert "reopen SNP protocol for exclusive use by grub" + +This reverts commit a3f2c756ce34c9666bddef35e3b3b85ccecdcffc , which is +obsoleted by these: + +49426e9 efinet: open Simple Network Protocol exclusively +f348aee efinet: enable hardware filters when opening interface +c52ae40 efinet: skip virtual IPv4 and IPv6 devices when enumerating cards + +Signed-off-by: Peter Jones +--- + grub-core/net/drivers/efi/efinet.c | 16 ---------------- + 1 file changed, 16 deletions(-) + +diff --git a/grub-core/net/drivers/efi/efinet.c b/grub-core/net/drivers/efi/efinet.c +index ea0e0ca36..5388f952b 100644 +--- a/grub-core/net/drivers/efi/efinet.c ++++ b/grub-core/net/drivers/efi/efinet.c +@@ -330,7 +330,6 @@ grub_efi_net_config_real (grub_efi_handle_t hnd, char **device, + { + struct grub_net_card *card; + grub_efi_device_path_t *dp; +- grub_efi_simple_network_t *net; + + dp = grub_efi_get_device_path (hnd); + if (! dp) +@@ -384,21 +383,6 @@ grub_efi_net_config_real (grub_efi_handle_t hnd, char **device, + &pxe_mode->dhcp_ack, + sizeof (pxe_mode->dhcp_ack), + 1, device, path); +- net = grub_efi_open_protocol (card->efi_handle, &net_io_guid, +- GRUB_EFI_OPEN_PROTOCOL_BY_EXCLUSIVE); +- if (net) { +- if (net->mode->state == GRUB_EFI_NETWORK_STOPPED +- && efi_call_1 (net->start, net) != GRUB_EFI_SUCCESS) +- continue; +- +- if (net->mode->state == GRUB_EFI_NETWORK_STOPPED) +- continue; +- +- if (net->mode->state == GRUB_EFI_NETWORK_STARTED +- && efi_call_3 (net->initialize, net, 0, 0) != GRUB_EFI_SUCCESS) +- continue; +- card->efi_net = net; +- } + return; + } + } diff --git a/SOURCES/0054-Add-grub_util_readlink.patch b/SOURCES/0054-Add-grub_util_readlink.patch new file mode 100644 index 0000000..ea37152 --- /dev/null +++ b/SOURCES/0054-Add-grub_util_readlink.patch @@ -0,0 +1,3731 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Wed, 3 Sep 2014 10:01:03 -0400 +Subject: [PATCH] Add grub_util_readlink() + +Add grub_util_readlink(). This requires pulling in stat and readlink from +gnulib, which pulls in stat and related headers, but after that the +implementation is straightforward. + +Signed-off-by: Peter Jones +Reviewed-by: Adam Jackson +--- + grub-core/gnulib/gettimeofday.c | 154 +++++++ + grub-core/gnulib/readlink.c | 74 ++++ + grub-core/gnulib/stat.c | 138 +++++++ + grub-core/osdep/windows/hostdisk.c | 6 + + grub-core/gnulib/pathmax.h | 83 ++++ + grub-core/gnulib/sys_stat.in.h | 732 ++++++++++++++++++++++++++++++++++ + grub-core/gnulib/sys_time.in.h | 213 ++++++++++ + grub-core/gnulib/sys_types.in.h | 2 + + grub-core/gnulib/time.h | 586 +++++++++++++++++++++++++++ + grub-core/gnulib/time.in.h | 274 +++++++++++++ + include/grub/osdep/hostfile_aros.h | 6 + + include/grub/osdep/hostfile_unix.h | 6 + + include/grub/osdep/hostfile_windows.h | 2 + + grub-core/gnulib/Makefile.am | 177 +++++++- + m4/gettimeofday.m4 | 138 +++++++ + m4/gnulib-cache.m4 | 3 +- + m4/gnulib-comp.m4 | 49 +++ + m4/largefile.m4 | 146 +++++++ + m4/pathmax.m4 | 42 ++ + m4/readlink.m4 | 71 ++++ + m4/stat.m4 | 71 ++++ + m4/sys_stat_h.m4 | 96 +++++ + m4/sys_time_h.m4 | 110 +++++ + m4/time_h.m4 | 118 ++++++ + 24 files changed, 3295 insertions(+), 2 deletions(-) + create mode 100644 grub-core/gnulib/gettimeofday.c + create mode 100644 grub-core/gnulib/readlink.c + create mode 100644 grub-core/gnulib/stat.c + create mode 100644 grub-core/gnulib/pathmax.h + create mode 100644 grub-core/gnulib/sys_stat.in.h + create mode 100644 grub-core/gnulib/sys_time.in.h + create mode 100644 grub-core/gnulib/time.h + create mode 100644 grub-core/gnulib/time.in.h + create mode 100644 m4/gettimeofday.m4 + create mode 100644 m4/largefile.m4 + create mode 100644 m4/pathmax.m4 + create mode 100644 m4/readlink.m4 + create mode 100644 m4/stat.m4 + create mode 100644 m4/sys_stat_h.m4 + create mode 100644 m4/sys_time_h.m4 + create mode 100644 m4/time_h.m4 + +diff --git a/grub-core/gnulib/gettimeofday.c b/grub-core/gnulib/gettimeofday.c +new file mode 100644 +index 000000000..8b2058e8c +--- /dev/null ++++ b/grub-core/gnulib/gettimeofday.c +@@ -0,0 +1,154 @@ ++/* Provide gettimeofday for systems that don't have it or for which it's broken. ++ ++ Copyright (C) 2001-2003, 2005-2007, 2009-2014 Free Software Foundation, Inc. ++ ++ This program is free software; you can redistribute it and/or modify ++ it under the terms of the GNU General Public License as published by ++ the Free Software Foundation; either version 3, or (at your option) ++ any later version. ++ ++ This program is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ GNU General Public License for more details. ++ ++ You should have received a copy of the GNU General Public License ++ along with this program; if not, see . */ ++ ++/* written by Jim Meyering */ ++ ++#include ++ ++/* Specification. */ ++#include ++ ++#include ++ ++#if HAVE_SYS_TIMEB_H ++# include ++#endif ++ ++#if GETTIMEOFDAY_CLOBBERS_LOCALTIME || TZSET_CLOBBERS_LOCALTIME ++ ++/* Work around the bug in some systems whereby gettimeofday clobbers ++ the static buffer that localtime uses for its return value. The ++ gettimeofday function from Mac OS X 10.0.4 (i.e., Darwin 1.3.7) has ++ this problem. The tzset replacement is necessary for at least ++ Solaris 2.5, 2.5.1, and 2.6. */ ++ ++static struct tm tm_zero_buffer; ++static struct tm *localtime_buffer_addr = &tm_zero_buffer; ++ ++# undef localtime ++extern struct tm *localtime (time_t const *); ++ ++# undef gmtime ++extern struct tm *gmtime (time_t const *); ++ ++/* This is a wrapper for localtime. It is used only on systems for which ++ gettimeofday clobbers the static buffer used for localtime's result. ++ ++ On the first call, record the address of the static buffer that ++ localtime uses for its result. */ ++ ++struct tm * ++rpl_localtime (time_t const *timep) ++{ ++ struct tm *tm = localtime (timep); ++ ++ if (localtime_buffer_addr == &tm_zero_buffer) ++ localtime_buffer_addr = tm; ++ ++ return tm; ++} ++ ++/* Same as above, since gmtime and localtime use the same buffer. */ ++struct tm * ++rpl_gmtime (time_t const *timep) ++{ ++ struct tm *tm = gmtime (timep); ++ ++ if (localtime_buffer_addr == &tm_zero_buffer) ++ localtime_buffer_addr = tm; ++ ++ return tm; ++} ++ ++#endif /* GETTIMEOFDAY_CLOBBERS_LOCALTIME || TZSET_CLOBBERS_LOCALTIME */ ++ ++#if TZSET_CLOBBERS_LOCALTIME ++ ++# undef tzset ++extern void tzset (void); ++ ++/* This is a wrapper for tzset, for systems on which tzset may clobber ++ the static buffer used for localtime's result. */ ++void ++rpl_tzset (void) ++{ ++ /* Save and restore the contents of the buffer used for localtime's ++ result around the call to tzset. */ ++ struct tm save = *localtime_buffer_addr; ++ tzset (); ++ *localtime_buffer_addr = save; ++} ++#endif ++ ++/* This is a wrapper for gettimeofday. It is used only on systems ++ that lack this function, or whose implementation of this function ++ causes problems. */ ++ ++int ++gettimeofday (struct timeval *restrict tv, void *restrict tz) ++{ ++#undef gettimeofday ++#if HAVE_GETTIMEOFDAY ++# if GETTIMEOFDAY_CLOBBERS_LOCALTIME ++ /* Save and restore the contents of the buffer used for localtime's ++ result around the call to gettimeofday. */ ++ struct tm save = *localtime_buffer_addr; ++# endif ++ ++# if defined timeval /* 'struct timeval' overridden by gnulib? */ ++# undef timeval ++ struct timeval otv; ++ int result = gettimeofday (&otv, (struct timezone *) tz); ++ if (result == 0) ++ { ++ tv->tv_sec = otv.tv_sec; ++ tv->tv_usec = otv.tv_usec; ++ } ++# else ++ int result = gettimeofday (tv, (struct timezone *) tz); ++# endif ++ ++# if GETTIMEOFDAY_CLOBBERS_LOCALTIME ++ *localtime_buffer_addr = save; ++# endif ++ ++ return result; ++ ++#else ++ ++# if HAVE__FTIME ++ ++ struct _timeb timebuf; ++ _ftime (&timebuf); ++ tv->tv_sec = timebuf.time; ++ tv->tv_usec = timebuf.millitm * 1000; ++ ++# else ++ ++# if !defined OK_TO_USE_1S_CLOCK ++# error "Only 1-second nominal clock resolution found. Is that intended?" \ ++ "If so, compile with the -DOK_TO_USE_1S_CLOCK option." ++# endif ++ tv->tv_sec = time (NULL); ++ tv->tv_usec = 0; ++ ++# endif ++ ++ return 0; ++ ++#endif ++} +diff --git a/grub-core/gnulib/readlink.c b/grub-core/gnulib/readlink.c +new file mode 100644 +index 000000000..4c4963951 +--- /dev/null ++++ b/grub-core/gnulib/readlink.c +@@ -0,0 +1,74 @@ ++/* Stub for readlink(). ++ Copyright (C) 2003-2007, 2009-2014 Free Software Foundation, Inc. ++ ++ This program is free software: you can redistribute it and/or modify ++ it under the terms of the GNU General Public License as published by ++ the Free Software Foundation; either version 3 of the License, or ++ (at your option) any later version. ++ ++ This program is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ GNU General Public License for more details. ++ ++ You should have received a copy of the GNU General Public License ++ along with this program. If not, see . */ ++ ++#include ++ ++/* Specification. */ ++#include ++ ++#include ++#include ++#include ++ ++#if !HAVE_READLINK ++ ++/* readlink() substitute for systems that don't have a readlink() function, ++ such as DJGPP 2.03 and mingw32. */ ++ ++ssize_t ++readlink (const char *name, char *buf _GL_UNUSED, ++ size_t bufsize _GL_UNUSED) ++{ ++ struct stat statbuf; ++ ++ /* In general we should use lstat() here, not stat(). But on platforms ++ without symbolic links, lstat() - if it exists - would be equivalent to ++ stat(), therefore we can use stat(). This saves us a configure check. */ ++ if (stat (name, &statbuf) >= 0) ++ errno = EINVAL; ++ return -1; ++} ++ ++#else /* HAVE_READLINK */ ++ ++# undef readlink ++ ++/* readlink() wrapper that uses correct types, for systems like cygwin ++ 1.5.x where readlink returns int, and which rejects trailing slash, ++ for Solaris 9. */ ++ ++ssize_t ++rpl_readlink (const char *name, char *buf, size_t bufsize) ++{ ++# if READLINK_TRAILING_SLASH_BUG ++ size_t len = strlen (name); ++ if (len && name[len - 1] == '/') ++ { ++ /* Even if name without the slash is a symlink to a directory, ++ both lstat() and stat() must resolve the trailing slash to ++ the directory rather than the symlink. We can therefore ++ safely use stat() to distinguish between EINVAL and ++ ENOTDIR/ENOENT, avoiding extra overhead of rpl_lstat(). */ ++ struct stat st; ++ if (stat (name, &st) == 0) ++ errno = EINVAL; ++ return -1; ++ } ++# endif /* READLINK_TRAILING_SLASH_BUG */ ++ return readlink (name, buf, bufsize); ++} ++ ++#endif /* HAVE_READLINK */ +diff --git a/grub-core/gnulib/stat.c b/grub-core/gnulib/stat.c +new file mode 100644 +index 000000000..35f4b0b1a +--- /dev/null ++++ b/grub-core/gnulib/stat.c +@@ -0,0 +1,138 @@ ++/* Work around platform bugs in stat. ++ Copyright (C) 2009-2014 Free Software Foundation, Inc. ++ ++ This program is free software: you can redistribute it and/or modify ++ it under the terms of the GNU General Public License as published by ++ the Free Software Foundation; either version 3 of the License, or ++ (at your option) any later version. ++ ++ This program is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ GNU General Public License for more details. ++ ++ You should have received a copy of the GNU General Public License ++ along with this program. If not, see . */ ++ ++/* written by Eric Blake */ ++ ++/* If the user's config.h happens to include , let it include only ++ the system's here, so that orig_stat doesn't recurse to ++ rpl_stat. */ ++#define __need_system_sys_stat_h ++#include ++ ++/* Get the original definition of stat. It might be defined as a macro. */ ++#include ++#include ++#undef __need_system_sys_stat_h ++ ++#if (defined _WIN32 || defined __WIN32__) && ! defined __CYGWIN__ ++# if _GL_WINDOWS_64_BIT_ST_SIZE ++# undef stat /* avoid warning on mingw64 with _FILE_OFFSET_BITS=64 */ ++# define stat _stati64 ++# define REPLACE_FUNC_STAT_DIR 1 ++# undef REPLACE_FUNC_STAT_FILE ++# elif REPLACE_FUNC_STAT_FILE ++/* mingw64 has a broken stat() function, based on _stat(), in libmingwex.a. ++ Bypass it. */ ++# define stat _stat ++# define REPLACE_FUNC_STAT_DIR 1 ++# undef REPLACE_FUNC_STAT_FILE ++# endif ++#endif ++ ++static int ++orig_stat (const char *filename, struct stat *buf) ++{ ++ return stat (filename, buf); ++} ++ ++/* Specification. */ ++/* Write "sys/stat.h" here, not , otherwise OSF/1 5.1 DTK cc ++ eliminates this include because of the preliminary #include ++ above. */ ++#include "sys/stat.h" ++ ++#include ++#include ++#include ++#include ++#include "dosname.h" ++#include "verify.h" ++ ++#if REPLACE_FUNC_STAT_DIR ++# include "pathmax.h" ++ /* The only known systems where REPLACE_FUNC_STAT_DIR is needed also ++ have a constant PATH_MAX. */ ++# ifndef PATH_MAX ++# error "Please port this replacement to your platform" ++# endif ++#endif ++ ++/* Store information about NAME into ST. Work around bugs with ++ trailing slashes. Mingw has other bugs (such as st_ino always ++ being 0 on success) which this wrapper does not work around. But ++ at least this implementation provides the ability to emulate fchdir ++ correctly. */ ++ ++int ++rpl_stat (char const *name, struct stat *st) ++{ ++ int result = orig_stat (name, st); ++#if REPLACE_FUNC_STAT_FILE ++ /* Solaris 9 mistakenly succeeds when given a non-directory with a ++ trailing slash. */ ++ if (result == 0 && !S_ISDIR (st->st_mode)) ++ { ++ size_t len = strlen (name); ++ if (ISSLASH (name[len - 1])) ++ { ++ errno = ENOTDIR; ++ return -1; ++ } ++ } ++#endif /* REPLACE_FUNC_STAT_FILE */ ++#if REPLACE_FUNC_STAT_DIR ++ ++ if (result == -1 && errno == ENOENT) ++ { ++ /* Due to mingw's oddities, there are some directories (like ++ c:\) where stat() only succeeds with a trailing slash, and ++ other directories (like c:\windows) where stat() only ++ succeeds without a trailing slash. But we want the two to be ++ synonymous, since chdir() manages either style. Likewise, Mingw also ++ reports ENOENT for names longer than PATH_MAX, when we want ++ ENAMETOOLONG, and for stat("file/"), when we want ENOTDIR. ++ Fortunately, mingw PATH_MAX is small enough for stack ++ allocation. */ ++ char fixed_name[PATH_MAX + 1] = {0}; ++ size_t len = strlen (name); ++ bool check_dir = false; ++ verify (PATH_MAX <= 4096); ++ if (PATH_MAX <= len) ++ errno = ENAMETOOLONG; ++ else if (len) ++ { ++ strcpy (fixed_name, name); ++ if (ISSLASH (fixed_name[len - 1])) ++ { ++ check_dir = true; ++ while (len && ISSLASH (fixed_name[len - 1])) ++ fixed_name[--len] = '\0'; ++ if (!len) ++ fixed_name[0] = '/'; ++ } ++ else ++ fixed_name[len++] = '/'; ++ result = orig_stat (fixed_name, st); ++ if (result == 0 && check_dir && !S_ISDIR (st->st_mode)) ++ { ++ result = -1; ++ errno = ENOTDIR; ++ } ++ } ++ } ++#endif /* REPLACE_FUNC_STAT_DIR */ ++ return result; ++} +diff --git a/grub-core/osdep/windows/hostdisk.c b/grub-core/osdep/windows/hostdisk.c +index 85507af88..6f49df465 100644 +--- a/grub-core/osdep/windows/hostdisk.c ++++ b/grub-core/osdep/windows/hostdisk.c +@@ -353,6 +353,12 @@ grub_util_mkdir (const char *dir) + free (windows_name); + } + ++ssize_t ++grub_util_readlink (const char *name, char *buf, size_t bufsize) ++{ ++ return readlink(name, buf, bufsize); ++} ++ + int + grub_util_rename (const char *from, const char *to) + { +diff --git a/grub-core/gnulib/pathmax.h b/grub-core/gnulib/pathmax.h +new file mode 100644 +index 000000000..33fc3553d +--- /dev/null ++++ b/grub-core/gnulib/pathmax.h +@@ -0,0 +1,83 @@ ++/* Define PATH_MAX somehow. Requires sys/types.h. ++ Copyright (C) 1992, 1999, 2001, 2003, 2005, 2009-2014 Free Software ++ Foundation, Inc. ++ ++ This program is free software; you can redistribute it and/or modify ++ it under the terms of the GNU General Public License as published by ++ the Free Software Foundation; either version 3, or (at your option) ++ any later version. ++ ++ This program is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ GNU General Public License for more details. ++ ++ You should have received a copy of the GNU General Public License ++ along with this program; if not, see . */ ++ ++#ifndef _PATHMAX_H ++# define _PATHMAX_H ++ ++/* POSIX:2008 defines PATH_MAX to be the maximum number of bytes in a filename, ++ including the terminating NUL byte. ++ ++ PATH_MAX is not defined on systems which have no limit on filename length, ++ such as GNU/Hurd. ++ ++ This file does *not* define PATH_MAX always. Programs that use this file ++ can handle the GNU/Hurd case in several ways: ++ - Either with a package-wide handling, or with a per-file handling, ++ - Either through a ++ #ifdef PATH_MAX ++ or through a fallback like ++ #ifndef PATH_MAX ++ # define PATH_MAX 8192 ++ #endif ++ or through a fallback like ++ #ifndef PATH_MAX ++ # define PATH_MAX pathconf ("/", _PC_PATH_MAX) ++ #endif ++ */ ++ ++# include ++ ++# include ++ ++# ifndef _POSIX_PATH_MAX ++# define _POSIX_PATH_MAX 256 ++# endif ++ ++/* Don't include sys/param.h if it already has been. */ ++# if defined HAVE_SYS_PARAM_H && !defined PATH_MAX && !defined MAXPATHLEN ++# include ++# endif ++ ++# if !defined PATH_MAX && defined MAXPATHLEN ++# define PATH_MAX MAXPATHLEN ++# endif ++ ++# ifdef __hpux ++/* On HP-UX, PATH_MAX designates the maximum number of bytes in a filename, ++ *not* including the terminating NUL byte, and is set to 1023. ++ Additionally, when _XOPEN_SOURCE is defined to 500 or more, PATH_MAX is ++ not defined at all any more. */ ++# undef PATH_MAX ++# define PATH_MAX 1024 ++# endif ++ ++# if (defined _WIN32 || defined __WIN32__) && ! defined __CYGWIN__ ++/* The page "Naming Files, Paths, and Namespaces" on msdn.microsoft.com, ++ section "Maximum Path Length Limitation", ++ ++ explains that the maximum size of a filename, including the terminating ++ NUL byte, is 260 = 3 + 256 + 1. ++ This is the same value as ++ - FILENAME_MAX in , ++ - _MAX_PATH in , ++ - MAX_PATH in . ++ Undefine the original value, because mingw's gets it wrong. */ ++# undef PATH_MAX ++# define PATH_MAX 260 ++# endif ++ ++#endif /* _PATHMAX_H */ +diff --git a/grub-core/gnulib/sys_stat.in.h b/grub-core/gnulib/sys_stat.in.h +new file mode 100644 +index 000000000..b47a7ff0a +--- /dev/null ++++ b/grub-core/gnulib/sys_stat.in.h +@@ -0,0 +1,732 @@ ++/* Provide a more complete sys/stat header file. ++ Copyright (C) 2005-2014 Free Software Foundation, Inc. ++ ++ This program is free software; you can redistribute it and/or modify ++ it under the terms of the GNU General Public License as published by ++ the Free Software Foundation; either version 3, or (at your option) ++ any later version. ++ ++ This program is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ GNU General Public License for more details. ++ ++ You should have received a copy of the GNU General Public License ++ along with this program; if not, see . */ ++ ++/* Written by Eric Blake, Paul Eggert, and Jim Meyering. */ ++ ++/* This file is supposed to be used on platforms where is ++ incomplete. It is intended to provide definitions and prototypes ++ needed by an application. Start with what the system provides. */ ++ ++#if __GNUC__ >= 3 ++@PRAGMA_SYSTEM_HEADER@ ++#endif ++@PRAGMA_COLUMNS@ ++ ++#if defined __need_system_sys_stat_h ++/* Special invocation convention. */ ++ ++#@INCLUDE_NEXT@ @NEXT_SYS_STAT_H@ ++ ++#else ++/* Normal invocation convention. */ ++ ++#ifndef _@GUARD_PREFIX@_SYS_STAT_H ++ ++/* Get nlink_t. ++ May also define off_t to a 64-bit type on native Windows. */ ++#include ++ ++/* Get struct timespec. */ ++#include ++ ++/* The include_next requires a split double-inclusion guard. */ ++#@INCLUDE_NEXT@ @NEXT_SYS_STAT_H@ ++ ++#ifndef _@GUARD_PREFIX@_SYS_STAT_H ++#define _@GUARD_PREFIX@_SYS_STAT_H ++ ++/* The definitions of _GL_FUNCDECL_RPL etc. are copied here. */ ++ ++/* The definition of _GL_ARG_NONNULL is copied here. */ ++ ++/* The definition of _GL_WARN_ON_USE is copied here. */ ++ ++/* Before doing "#define mkdir rpl_mkdir" below, we need to include all ++ headers that may declare mkdir(). Native Windows platforms declare mkdir ++ in and/or , not in . */ ++#if (defined _WIN32 || defined __WIN32__) && ! defined __CYGWIN__ ++# include /* mingw32, mingw64 */ ++# include /* mingw64, MSVC 9 */ ++#endif ++ ++/* Native Windows platforms declare umask() in . */ ++#if 0 && ((defined _WIN32 || defined __WIN32__) && ! defined __CYGWIN__) ++# include ++#endif ++ ++/* Large File Support on native Windows. */ ++#if @WINDOWS_64_BIT_ST_SIZE@ ++# define stat _stati64 ++#endif ++ ++#ifndef S_IFIFO ++# ifdef _S_IFIFO ++# define S_IFIFO _S_IFIFO ++# endif ++#endif ++ ++#ifndef S_IFMT ++# define S_IFMT 0170000 ++#endif ++ ++#if STAT_MACROS_BROKEN ++# undef S_ISBLK ++# undef S_ISCHR ++# undef S_ISDIR ++# undef S_ISFIFO ++# undef S_ISLNK ++# undef S_ISNAM ++# undef S_ISMPB ++# undef S_ISMPC ++# undef S_ISNWK ++# undef S_ISREG ++# undef S_ISSOCK ++#endif ++ ++#ifndef S_ISBLK ++# ifdef S_IFBLK ++# define S_ISBLK(m) (((m) & S_IFMT) == S_IFBLK) ++# else ++# define S_ISBLK(m) 0 ++# endif ++#endif ++ ++#ifndef S_ISCHR ++# ifdef S_IFCHR ++# define S_ISCHR(m) (((m) & S_IFMT) == S_IFCHR) ++# else ++# define S_ISCHR(m) 0 ++# endif ++#endif ++ ++#ifndef S_ISDIR ++# ifdef S_IFDIR ++# define S_ISDIR(m) (((m) & S_IFMT) == S_IFDIR) ++# else ++# define S_ISDIR(m) 0 ++# endif ++#endif ++ ++#ifndef S_ISDOOR /* Solaris 2.5 and up */ ++# define S_ISDOOR(m) 0 ++#endif ++ ++#ifndef S_ISFIFO ++# ifdef S_IFIFO ++# define S_ISFIFO(m) (((m) & S_IFMT) == S_IFIFO) ++# else ++# define S_ISFIFO(m) 0 ++# endif ++#endif ++ ++#ifndef S_ISLNK ++# ifdef S_IFLNK ++# define S_ISLNK(m) (((m) & S_IFMT) == S_IFLNK) ++# else ++# define S_ISLNK(m) 0 ++# endif ++#endif ++ ++#ifndef S_ISMPB /* V7 */ ++# ifdef S_IFMPB ++# define S_ISMPB(m) (((m) & S_IFMT) == S_IFMPB) ++# define S_ISMPC(m) (((m) & S_IFMT) == S_IFMPC) ++# else ++# define S_ISMPB(m) 0 ++# define S_ISMPC(m) 0 ++# endif ++#endif ++ ++#ifndef S_ISMPX /* AIX */ ++# define S_ISMPX(m) 0 ++#endif ++ ++#ifndef S_ISNAM /* Xenix */ ++# ifdef S_IFNAM ++# define S_ISNAM(m) (((m) & S_IFMT) == S_IFNAM) ++# else ++# define S_ISNAM(m) 0 ++# endif ++#endif ++ ++#ifndef S_ISNWK /* HP/UX */ ++# ifdef S_IFNWK ++# define S_ISNWK(m) (((m) & S_IFMT) == S_IFNWK) ++# else ++# define S_ISNWK(m) 0 ++# endif ++#endif ++ ++#ifndef S_ISPORT /* Solaris 10 and up */ ++# define S_ISPORT(m) 0 ++#endif ++ ++#ifndef S_ISREG ++# ifdef S_IFREG ++# define S_ISREG(m) (((m) & S_IFMT) == S_IFREG) ++# else ++# define S_ISREG(m) 0 ++# endif ++#endif ++ ++#ifndef S_ISSOCK ++# ifdef S_IFSOCK ++# define S_ISSOCK(m) (((m) & S_IFMT) == S_IFSOCK) ++# else ++# define S_ISSOCK(m) 0 ++# endif ++#endif ++ ++ ++#ifndef S_TYPEISMQ ++# define S_TYPEISMQ(p) 0 ++#endif ++ ++#ifndef S_TYPEISTMO ++# define S_TYPEISTMO(p) 0 ++#endif ++ ++ ++#ifndef S_TYPEISSEM ++# ifdef S_INSEM ++# define S_TYPEISSEM(p) (S_ISNAM ((p)->st_mode) && (p)->st_rdev == S_INSEM) ++# else ++# define S_TYPEISSEM(p) 0 ++# endif ++#endif ++ ++#ifndef S_TYPEISSHM ++# ifdef S_INSHD ++# define S_TYPEISSHM(p) (S_ISNAM ((p)->st_mode) && (p)->st_rdev == S_INSHD) ++# else ++# define S_TYPEISSHM(p) 0 ++# endif ++#endif ++ ++/* high performance ("contiguous data") */ ++#ifndef S_ISCTG ++# define S_ISCTG(p) 0 ++#endif ++ ++/* Cray DMF (data migration facility): off line, with data */ ++#ifndef S_ISOFD ++# define S_ISOFD(p) 0 ++#endif ++ ++/* Cray DMF (data migration facility): off line, with no data */ ++#ifndef S_ISOFL ++# define S_ISOFL(p) 0 ++#endif ++ ++/* 4.4BSD whiteout */ ++#ifndef S_ISWHT ++# define S_ISWHT(m) 0 ++#endif ++ ++/* If any of the following are undefined, ++ define them to their de facto standard values. */ ++#if !S_ISUID ++# define S_ISUID 04000 ++#endif ++#if !S_ISGID ++# define S_ISGID 02000 ++#endif ++ ++/* S_ISVTX is a common extension to POSIX. */ ++#ifndef S_ISVTX ++# define S_ISVTX 01000 ++#endif ++ ++#if !S_IRUSR && S_IREAD ++# define S_IRUSR S_IREAD ++#endif ++#if !S_IRUSR ++# define S_IRUSR 00400 ++#endif ++#if !S_IRGRP ++# define S_IRGRP (S_IRUSR >> 3) ++#endif ++#if !S_IROTH ++# define S_IROTH (S_IRUSR >> 6) ++#endif ++ ++#if !S_IWUSR && S_IWRITE ++# define S_IWUSR S_IWRITE ++#endif ++#if !S_IWUSR ++# define S_IWUSR 00200 ++#endif ++#if !S_IWGRP ++# define S_IWGRP (S_IWUSR >> 3) ++#endif ++#if !S_IWOTH ++# define S_IWOTH (S_IWUSR >> 6) ++#endif ++ ++#if !S_IXUSR && S_IEXEC ++# define S_IXUSR S_IEXEC ++#endif ++#if !S_IXUSR ++# define S_IXUSR 00100 ++#endif ++#if !S_IXGRP ++# define S_IXGRP (S_IXUSR >> 3) ++#endif ++#if !S_IXOTH ++# define S_IXOTH (S_IXUSR >> 6) ++#endif ++ ++#if !S_IRWXU ++# define S_IRWXU (S_IRUSR | S_IWUSR | S_IXUSR) ++#endif ++#if !S_IRWXG ++# define S_IRWXG (S_IRGRP | S_IWGRP | S_IXGRP) ++#endif ++#if !S_IRWXO ++# define S_IRWXO (S_IROTH | S_IWOTH | S_IXOTH) ++#endif ++ ++/* S_IXUGO is a common extension to POSIX. */ ++#if !S_IXUGO ++# define S_IXUGO (S_IXUSR | S_IXGRP | S_IXOTH) ++#endif ++ ++#ifndef S_IRWXUGO ++# define S_IRWXUGO (S_IRWXU | S_IRWXG | S_IRWXO) ++#endif ++ ++/* Macros for futimens and utimensat. */ ++#ifndef UTIME_NOW ++# define UTIME_NOW (-1) ++# define UTIME_OMIT (-2) ++#endif ++ ++ ++#if @GNULIB_FCHMODAT@ ++# if !@HAVE_FCHMODAT@ ++_GL_FUNCDECL_SYS (fchmodat, int, ++ (int fd, char const *file, mode_t mode, int flag) ++ _GL_ARG_NONNULL ((2))); ++# endif ++_GL_CXXALIAS_SYS (fchmodat, int, ++ (int fd, char const *file, mode_t mode, int flag)); ++_GL_CXXALIASWARN (fchmodat); ++#elif defined GNULIB_POSIXCHECK ++# undef fchmodat ++# if HAVE_RAW_DECL_FCHMODAT ++_GL_WARN_ON_USE (fchmodat, "fchmodat is not portable - " ++ "use gnulib module openat for portability"); ++# endif ++#endif ++ ++ ++#if @GNULIB_FSTAT@ ++# if @REPLACE_FSTAT@ ++# if !(defined __cplusplus && defined GNULIB_NAMESPACE) ++# undef fstat ++# define fstat rpl_fstat ++# endif ++_GL_FUNCDECL_RPL (fstat, int, (int fd, struct stat *buf) _GL_ARG_NONNULL ((2))); ++_GL_CXXALIAS_RPL (fstat, int, (int fd, struct stat *buf)); ++# else ++_GL_CXXALIAS_SYS (fstat, int, (int fd, struct stat *buf)); ++# endif ++_GL_CXXALIASWARN (fstat); ++#elif @WINDOWS_64_BIT_ST_SIZE@ ++/* Above, we define stat to _stati64. */ ++# define fstat _fstati64 ++#elif defined GNULIB_POSIXCHECK ++# undef fstat ++# if HAVE_RAW_DECL_FSTAT ++_GL_WARN_ON_USE (fstat, "fstat has portability problems - " ++ "use gnulib module fstat for portability"); ++# endif ++#endif ++ ++ ++#if @GNULIB_FSTATAT@ ++# if @REPLACE_FSTATAT@ ++# if !(defined __cplusplus && defined GNULIB_NAMESPACE) ++# undef fstatat ++# define fstatat rpl_fstatat ++# endif ++_GL_FUNCDECL_RPL (fstatat, int, ++ (int fd, char const *name, struct stat *st, int flags) ++ _GL_ARG_NONNULL ((2, 3))); ++_GL_CXXALIAS_RPL (fstatat, int, ++ (int fd, char const *name, struct stat *st, int flags)); ++# else ++# if !@HAVE_FSTATAT@ ++_GL_FUNCDECL_SYS (fstatat, int, ++ (int fd, char const *name, struct stat *st, int flags) ++ _GL_ARG_NONNULL ((2, 3))); ++# endif ++_GL_CXXALIAS_SYS (fstatat, int, ++ (int fd, char const *name, struct stat *st, int flags)); ++# endif ++_GL_CXXALIASWARN (fstatat); ++#elif defined GNULIB_POSIXCHECK ++# undef fstatat ++# if HAVE_RAW_DECL_FSTATAT ++_GL_WARN_ON_USE (fstatat, "fstatat is not portable - " ++ "use gnulib module openat for portability"); ++# endif ++#endif ++ ++ ++#if @GNULIB_FUTIMENS@ ++/* Use the rpl_ prefix also on Solaris <= 9, because on Solaris 9 our futimens ++ implementation relies on futimesat, which on Solaris 10 makes an invocation ++ to futimens that is meant to invoke the libc's futimens(), not gnulib's ++ futimens(). */ ++# if @REPLACE_FUTIMENS@ || (!@HAVE_FUTIMENS@ && defined __sun) ++# if !(defined __cplusplus && defined GNULIB_NAMESPACE) ++# undef futimens ++# define futimens rpl_futimens ++# endif ++_GL_FUNCDECL_RPL (futimens, int, (int fd, struct timespec const times[2])); ++_GL_CXXALIAS_RPL (futimens, int, (int fd, struct timespec const times[2])); ++# else ++# if !@HAVE_FUTIMENS@ ++_GL_FUNCDECL_SYS (futimens, int, (int fd, struct timespec const times[2])); ++# endif ++_GL_CXXALIAS_SYS (futimens, int, (int fd, struct timespec const times[2])); ++# endif ++# if @HAVE_FUTIMENS@ ++_GL_CXXALIASWARN (futimens); ++# endif ++#elif defined GNULIB_POSIXCHECK ++# undef futimens ++# if HAVE_RAW_DECL_FUTIMENS ++_GL_WARN_ON_USE (futimens, "futimens is not portable - " ++ "use gnulib module futimens for portability"); ++# endif ++#endif ++ ++ ++#if @GNULIB_LCHMOD@ ++/* Change the mode of FILENAME to MODE, without dereferencing it if FILENAME ++ denotes a symbolic link. */ ++# if !@HAVE_LCHMOD@ ++/* The lchmod replacement follows symbolic links. Callers should take ++ this into account; lchmod should be applied only to arguments that ++ are known to not be symbolic links. On hosts that lack lchmod, ++ this can lead to race conditions between the check and the ++ invocation of lchmod, but we know of no workarounds that are ++ reliable in general. You might try requesting support for lchmod ++ from your operating system supplier. */ ++# if !(defined __cplusplus && defined GNULIB_NAMESPACE) ++# define lchmod chmod ++# endif ++/* Need to cast, because on mingw, the second parameter of chmod is ++ int mode. */ ++_GL_CXXALIAS_RPL_CAST_1 (lchmod, chmod, int, ++ (const char *filename, mode_t mode)); ++# else ++# if 0 /* assume already declared */ ++_GL_FUNCDECL_SYS (lchmod, int, (const char *filename, mode_t mode) ++ _GL_ARG_NONNULL ((1))); ++# endif ++_GL_CXXALIAS_SYS (lchmod, int, (const char *filename, mode_t mode)); ++# endif ++# if @HAVE_LCHMOD@ ++_GL_CXXALIASWARN (lchmod); ++# endif ++#elif defined GNULIB_POSIXCHECK ++# undef lchmod ++# if HAVE_RAW_DECL_LCHMOD ++_GL_WARN_ON_USE (lchmod, "lchmod is unportable - " ++ "use gnulib module lchmod for portability"); ++# endif ++#endif ++ ++ ++#if @GNULIB_LSTAT@ ++# if ! @HAVE_LSTAT@ ++/* mingw does not support symlinks, therefore it does not have lstat. But ++ without links, stat does just fine. */ ++# if !(defined __cplusplus && defined GNULIB_NAMESPACE) ++# define lstat stat ++# endif ++_GL_CXXALIAS_RPL_1 (lstat, stat, int, (const char *name, struct stat *buf)); ++# elif @REPLACE_LSTAT@ ++# if !(defined __cplusplus && defined GNULIB_NAMESPACE) ++# undef lstat ++# define lstat rpl_lstat ++# endif ++_GL_FUNCDECL_RPL (lstat, int, (const char *name, struct stat *buf) ++ _GL_ARG_NONNULL ((1, 2))); ++_GL_CXXALIAS_RPL (lstat, int, (const char *name, struct stat *buf)); ++# else ++_GL_CXXALIAS_SYS (lstat, int, (const char *name, struct stat *buf)); ++# endif ++# if @HAVE_LSTAT@ ++_GL_CXXALIASWARN (lstat); ++# endif ++#elif defined GNULIB_POSIXCHECK ++# undef lstat ++# if HAVE_RAW_DECL_LSTAT ++_GL_WARN_ON_USE (lstat, "lstat is unportable - " ++ "use gnulib module lstat for portability"); ++# endif ++#endif ++ ++ ++#if @REPLACE_MKDIR@ ++# if !(defined __cplusplus && defined GNULIB_NAMESPACE) ++# undef mkdir ++# define mkdir rpl_mkdir ++# endif ++_GL_FUNCDECL_RPL (mkdir, int, (char const *name, mode_t mode) ++ _GL_ARG_NONNULL ((1))); ++_GL_CXXALIAS_RPL (mkdir, int, (char const *name, mode_t mode)); ++#else ++/* mingw's _mkdir() function has 1 argument, but we pass 2 arguments. ++ Additionally, it declares _mkdir (and depending on compile flags, an ++ alias mkdir), only in the nonstandard includes and , ++ which are included above. */ ++# if (defined _WIN32 || defined __WIN32__) && ! defined __CYGWIN__ ++ ++# if !GNULIB_defined_rpl_mkdir ++static int ++rpl_mkdir (char const *name, mode_t mode) ++{ ++ return _mkdir (name); ++} ++# define GNULIB_defined_rpl_mkdir 1 ++# endif ++ ++# if !(defined __cplusplus && defined GNULIB_NAMESPACE) ++# define mkdir rpl_mkdir ++# endif ++_GL_CXXALIAS_RPL (mkdir, int, (char const *name, mode_t mode)); ++# else ++_GL_CXXALIAS_SYS (mkdir, int, (char const *name, mode_t mode)); ++# endif ++#endif ++_GL_CXXALIASWARN (mkdir); ++ ++ ++#if @GNULIB_MKDIRAT@ ++# if !@HAVE_MKDIRAT@ ++_GL_FUNCDECL_SYS (mkdirat, int, (int fd, char const *file, mode_t mode) ++ _GL_ARG_NONNULL ((2))); ++# endif ++_GL_CXXALIAS_SYS (mkdirat, int, (int fd, char const *file, mode_t mode)); ++_GL_CXXALIASWARN (mkdirat); ++#elif defined GNULIB_POSIXCHECK ++# undef mkdirat ++# if HAVE_RAW_DECL_MKDIRAT ++_GL_WARN_ON_USE (mkdirat, "mkdirat is not portable - " ++ "use gnulib module openat for portability"); ++# endif ++#endif ++ ++ ++#if @GNULIB_MKFIFO@ ++# if @REPLACE_MKFIFO@ ++# if !(defined __cplusplus && defined GNULIB_NAMESPACE) ++# undef mkfifo ++# define mkfifo rpl_mkfifo ++# endif ++_GL_FUNCDECL_RPL (mkfifo, int, (char const *file, mode_t mode) ++ _GL_ARG_NONNULL ((1))); ++_GL_CXXALIAS_RPL (mkfifo, int, (char const *file, mode_t mode)); ++# else ++# if !@HAVE_MKFIFO@ ++_GL_FUNCDECL_SYS (mkfifo, int, (char const *file, mode_t mode) ++ _GL_ARG_NONNULL ((1))); ++# endif ++_GL_CXXALIAS_SYS (mkfifo, int, (char const *file, mode_t mode)); ++# endif ++_GL_CXXALIASWARN (mkfifo); ++#elif defined GNULIB_POSIXCHECK ++# undef mkfifo ++# if HAVE_RAW_DECL_MKFIFO ++_GL_WARN_ON_USE (mkfifo, "mkfifo is not portable - " ++ "use gnulib module mkfifo for portability"); ++# endif ++#endif ++ ++ ++#if @GNULIB_MKFIFOAT@ ++# if !@HAVE_MKFIFOAT@ ++_GL_FUNCDECL_SYS (mkfifoat, int, (int fd, char const *file, mode_t mode) ++ _GL_ARG_NONNULL ((2))); ++# endif ++_GL_CXXALIAS_SYS (mkfifoat, int, (int fd, char const *file, mode_t mode)); ++_GL_CXXALIASWARN (mkfifoat); ++#elif defined GNULIB_POSIXCHECK ++# undef mkfifoat ++# if HAVE_RAW_DECL_MKFIFOAT ++_GL_WARN_ON_USE (mkfifoat, "mkfifoat is not portable - " ++ "use gnulib module mkfifoat for portability"); ++# endif ++#endif ++ ++ ++#if @GNULIB_MKNOD@ ++# if @REPLACE_MKNOD@ ++# if !(defined __cplusplus && defined GNULIB_NAMESPACE) ++# undef mknod ++# define mknod rpl_mknod ++# endif ++_GL_FUNCDECL_RPL (mknod, int, (char const *file, mode_t mode, dev_t dev) ++ _GL_ARG_NONNULL ((1))); ++_GL_CXXALIAS_RPL (mknod, int, (char const *file, mode_t mode, dev_t dev)); ++# else ++# if !@HAVE_MKNOD@ ++_GL_FUNCDECL_SYS (mknod, int, (char const *file, mode_t mode, dev_t dev) ++ _GL_ARG_NONNULL ((1))); ++# endif ++/* Need to cast, because on OSF/1 5.1, the third parameter is '...'. */ ++_GL_CXXALIAS_SYS_CAST (mknod, int, (char const *file, mode_t mode, dev_t dev)); ++# endif ++_GL_CXXALIASWARN (mknod); ++#elif defined GNULIB_POSIXCHECK ++# undef mknod ++# if HAVE_RAW_DECL_MKNOD ++_GL_WARN_ON_USE (mknod, "mknod is not portable - " ++ "use gnulib module mknod for portability"); ++# endif ++#endif ++ ++ ++#if @GNULIB_MKNODAT@ ++# if !@HAVE_MKNODAT@ ++_GL_FUNCDECL_SYS (mknodat, int, ++ (int fd, char const *file, mode_t mode, dev_t dev) ++ _GL_ARG_NONNULL ((2))); ++# endif ++_GL_CXXALIAS_SYS (mknodat, int, ++ (int fd, char const *file, mode_t mode, dev_t dev)); ++_GL_CXXALIASWARN (mknodat); ++#elif defined GNULIB_POSIXCHECK ++# undef mknodat ++# if HAVE_RAW_DECL_MKNODAT ++_GL_WARN_ON_USE (mknodat, "mknodat is not portable - " ++ "use gnulib module mkfifoat for portability"); ++# endif ++#endif ++ ++ ++#if @GNULIB_STAT@ ++# if @REPLACE_STAT@ ++/* We can't use the object-like #define stat rpl_stat, because of ++ struct stat. This means that rpl_stat will not be used if the user ++ does (stat)(a,b). Oh well. */ ++# if defined _AIX && defined stat && defined _LARGE_FILES ++ /* With _LARGE_FILES defined, AIX (only) defines stat to stat64, ++ so we have to replace stat64() instead of stat(). */ ++# undef stat64 ++# define stat64(name, st) rpl_stat (name, st) ++# elif @WINDOWS_64_BIT_ST_SIZE@ ++ /* Above, we define stat to _stati64. */ ++# if defined __MINGW32__ && defined _stati64 ++# ifndef _USE_32BIT_TIME_T ++ /* The system headers define _stati64 to _stat64. */ ++# undef _stat64 ++# define _stat64(name, st) rpl_stat (name, st) ++# endif ++# elif defined _MSC_VER && defined _stati64 ++# ifdef _USE_32BIT_TIME_T ++ /* The system headers define _stati64 to _stat32i64. */ ++# undef _stat32i64 ++# define _stat32i64(name, st) rpl_stat (name, st) ++# else ++ /* The system headers define _stati64 to _stat64. */ ++# undef _stat64 ++# define _stat64(name, st) rpl_stat (name, st) ++# endif ++# else ++# undef _stati64 ++# define _stati64(name, st) rpl_stat (name, st) ++# endif ++# elif defined __MINGW32__ && defined stat ++# ifdef _USE_32BIT_TIME_T ++ /* The system headers define stat to _stat32i64. */ ++# undef _stat32i64 ++# define _stat32i64(name, st) rpl_stat (name, st) ++# else ++ /* The system headers define stat to _stat64. */ ++# undef _stat64 ++# define _stat64(name, st) rpl_stat (name, st) ++# endif ++# elif defined _MSC_VER && defined stat ++# ifdef _USE_32BIT_TIME_T ++ /* The system headers define stat to _stat32. */ ++# undef _stat32 ++# define _stat32(name, st) rpl_stat (name, st) ++# else ++ /* The system headers define stat to _stat64i32. */ ++# undef _stat64i32 ++# define _stat64i32(name, st) rpl_stat (name, st) ++# endif ++# else /* !(_AIX ||__MINGW32__ || _MSC_VER) */ ++# undef stat ++# define stat(name, st) rpl_stat (name, st) ++# endif /* !_LARGE_FILES */ ++_GL_EXTERN_C int stat (const char *name, struct stat *buf) ++ _GL_ARG_NONNULL ((1, 2)); ++# endif ++#elif defined GNULIB_POSIXCHECK ++# undef stat ++# if HAVE_RAW_DECL_STAT ++_GL_WARN_ON_USE (stat, "stat is unportable - " ++ "use gnulib module stat for portability"); ++# endif ++#endif ++ ++ ++#if @GNULIB_UTIMENSAT@ ++/* Use the rpl_ prefix also on Solaris <= 9, because on Solaris 9 our utimensat ++ implementation relies on futimesat, which on Solaris 10 makes an invocation ++ to utimensat that is meant to invoke the libc's utimensat(), not gnulib's ++ utimensat(). */ ++# if @REPLACE_UTIMENSAT@ || (!@HAVE_UTIMENSAT@ && defined __sun) ++# if !(defined __cplusplus && defined GNULIB_NAMESPACE) ++# undef utimensat ++# define utimensat rpl_utimensat ++# endif ++_GL_FUNCDECL_RPL (utimensat, int, (int fd, char const *name, ++ struct timespec const times[2], int flag) ++ _GL_ARG_NONNULL ((2))); ++_GL_CXXALIAS_RPL (utimensat, int, (int fd, char const *name, ++ struct timespec const times[2], int flag)); ++# else ++# if !@HAVE_UTIMENSAT@ ++_GL_FUNCDECL_SYS (utimensat, int, (int fd, char const *name, ++ struct timespec const times[2], int flag) ++ _GL_ARG_NONNULL ((2))); ++# endif ++_GL_CXXALIAS_SYS (utimensat, int, (int fd, char const *name, ++ struct timespec const times[2], int flag)); ++# endif ++# if @HAVE_UTIMENSAT@ ++_GL_CXXALIASWARN (utimensat); ++# endif ++#elif defined GNULIB_POSIXCHECK ++# undef utimensat ++# if HAVE_RAW_DECL_UTIMENSAT ++_GL_WARN_ON_USE (utimensat, "utimensat is not portable - " ++ "use gnulib module utimensat for portability"); ++# endif ++#endif ++ ++ ++#endif /* _@GUARD_PREFIX@_SYS_STAT_H */ ++#endif /* _@GUARD_PREFIX@_SYS_STAT_H */ ++#endif +diff --git a/grub-core/gnulib/sys_time.in.h b/grub-core/gnulib/sys_time.in.h +new file mode 100644 +index 000000000..30057ad49 +--- /dev/null ++++ b/grub-core/gnulib/sys_time.in.h +@@ -0,0 +1,213 @@ ++/* Provide a more complete sys/time.h. ++ ++ Copyright (C) 2007-2014 Free Software Foundation, Inc. ++ ++ This program is free software; you can redistribute it and/or modify ++ it under the terms of the GNU General Public License as published by ++ the Free Software Foundation; either version 3, or (at your option) ++ any later version. ++ ++ This program is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ GNU General Public License for more details. ++ ++ You should have received a copy of the GNU General Public License ++ along with this program; if not, see . */ ++ ++/* Written by Paul Eggert. */ ++ ++#ifndef _@GUARD_PREFIX@_SYS_TIME_H ++ ++#if __GNUC__ >= 3 ++@PRAGMA_SYSTEM_HEADER@ ++#endif ++@PRAGMA_COLUMNS@ ++ ++/* On Cygwin and on many BSDish systems, includes itself ++ recursively via . ++ Simply delegate to the system's header in this case; it is a no-op. ++ Without this extra ifdef, the C++ gettimeofday declaration below ++ would be a forward declaration in gnulib's nested . */ ++#if defined _CYGWIN_SYS_TIME_H || defined _SYS_TIME_H || defined _SYS_TIME_H_ ++# @INCLUDE_NEXT@ @NEXT_SYS_TIME_H@ ++#else ++ ++/* The include_next requires a split double-inclusion guard. */ ++#if @HAVE_SYS_TIME_H@ ++# @INCLUDE_NEXT@ @NEXT_SYS_TIME_H@ ++#endif ++ ++#ifndef _@GUARD_PREFIX@_SYS_TIME_H ++#define _@GUARD_PREFIX@_SYS_TIME_H ++ ++#if ! @HAVE_SYS_TIME_H@ ++# include ++#endif ++ ++/* On native Windows with MSVC, get the 'struct timeval' type. ++ Also, on native Windows with a 64-bit time_t, where we are overriding the ++ 'struct timeval' type, get all declarations of system functions whose ++ signature contains 'struct timeval'. */ ++#if (defined _MSC_VER || @REPLACE_STRUCT_TIMEVAL@) && @HAVE_WINSOCK2_H@ && !defined _GL_INCLUDING_WINSOCK2_H ++# define _GL_INCLUDING_WINSOCK2_H ++# include ++# undef _GL_INCLUDING_WINSOCK2_H ++#endif ++ ++/* The definitions of _GL_FUNCDECL_RPL etc. are copied here. */ ++ ++/* The definition of _GL_ARG_NONNULL is copied here. */ ++ ++/* The definition of _GL_WARN_ON_USE is copied here. */ ++ ++#ifdef __cplusplus ++extern "C" { ++#endif ++ ++#if !@HAVE_STRUCT_TIMEVAL@ || @REPLACE_STRUCT_TIMEVAL@ ++ ++# if @REPLACE_STRUCT_TIMEVAL@ ++# define timeval rpl_timeval ++# endif ++ ++# if !GNULIB_defined_struct_timeval ++struct timeval ++{ ++ time_t tv_sec; ++ long int tv_usec; ++}; ++# define GNULIB_defined_struct_timeval 1 ++# endif ++ ++#endif ++ ++#ifdef __cplusplus ++} ++#endif ++ ++#if @GNULIB_GETTIMEOFDAY@ ++# if @REPLACE_GETTIMEOFDAY@ ++# if !(defined __cplusplus && defined GNULIB_NAMESPACE) ++# undef gettimeofday ++# define gettimeofday rpl_gettimeofday ++# endif ++_GL_FUNCDECL_RPL (gettimeofday, int, ++ (struct timeval *restrict, void *restrict) ++ _GL_ARG_NONNULL ((1))); ++_GL_CXXALIAS_RPL (gettimeofday, int, ++ (struct timeval *restrict, void *restrict)); ++# else ++# if !@HAVE_GETTIMEOFDAY@ ++_GL_FUNCDECL_SYS (gettimeofday, int, ++ (struct timeval *restrict, void *restrict) ++ _GL_ARG_NONNULL ((1))); ++# endif ++/* Need to cast, because on glibc systems, by default, the second argument is ++ struct timezone *. */ ++_GL_CXXALIAS_SYS_CAST (gettimeofday, int, ++ (struct timeval *restrict, void *restrict)); ++# endif ++_GL_CXXALIASWARN (gettimeofday); ++#elif defined GNULIB_POSIXCHECK ++# undef gettimeofday ++# if HAVE_RAW_DECL_GETTIMEOFDAY ++_GL_WARN_ON_USE (gettimeofday, "gettimeofday is unportable - " ++ "use gnulib module gettimeofday for portability"); ++# endif ++#endif ++ ++/* Hide some function declarations from . */ ++ ++#if defined _MSC_VER && @HAVE_WINSOCK2_H@ ++# if !defined _@GUARD_PREFIX@_UNISTD_H ++# if !(defined __cplusplus && defined GNULIB_NAMESPACE) ++# undef close ++# define close close_used_without_including_unistd_h ++# else ++ _GL_WARN_ON_USE (close, ++ "close() used without including "); ++# endif ++# if !(defined __cplusplus && defined GNULIB_NAMESPACE) ++# undef gethostname ++# define gethostname gethostname_used_without_including_unistd_h ++# else ++ _GL_WARN_ON_USE (gethostname, ++ "gethostname() used without including "); ++# endif ++# endif ++# if !defined _@GUARD_PREFIX@_SYS_SOCKET_H ++# if !(defined __cplusplus && defined GNULIB_NAMESPACE) ++# undef socket ++# define socket socket_used_without_including_sys_socket_h ++# undef connect ++# define connect connect_used_without_including_sys_socket_h ++# undef accept ++# define accept accept_used_without_including_sys_socket_h ++# undef bind ++# define bind bind_used_without_including_sys_socket_h ++# undef getpeername ++# define getpeername getpeername_used_without_including_sys_socket_h ++# undef getsockname ++# define getsockname getsockname_used_without_including_sys_socket_h ++# undef getsockopt ++# define getsockopt getsockopt_used_without_including_sys_socket_h ++# undef listen ++# define listen listen_used_without_including_sys_socket_h ++# undef recv ++# define recv recv_used_without_including_sys_socket_h ++# undef send ++# define send send_used_without_including_sys_socket_h ++# undef recvfrom ++# define recvfrom recvfrom_used_without_including_sys_socket_h ++# undef sendto ++# define sendto sendto_used_without_including_sys_socket_h ++# undef setsockopt ++# define setsockopt setsockopt_used_without_including_sys_socket_h ++# undef shutdown ++# define shutdown shutdown_used_without_including_sys_socket_h ++# else ++ _GL_WARN_ON_USE (socket, ++ "socket() used without including "); ++ _GL_WARN_ON_USE (connect, ++ "connect() used without including "); ++ _GL_WARN_ON_USE (accept, ++ "accept() used without including "); ++ _GL_WARN_ON_USE (bind, ++ "bind() used without including "); ++ _GL_WARN_ON_USE (getpeername, ++ "getpeername() used without including "); ++ _GL_WARN_ON_USE (getsockname, ++ "getsockname() used without including "); ++ _GL_WARN_ON_USE (getsockopt, ++ "getsockopt() used without including "); ++ _GL_WARN_ON_USE (listen, ++ "listen() used without including "); ++ _GL_WARN_ON_USE (recv, ++ "recv() used without including "); ++ _GL_WARN_ON_USE (send, ++ "send() used without including "); ++ _GL_WARN_ON_USE (recvfrom, ++ "recvfrom() used without including "); ++ _GL_WARN_ON_USE (sendto, ++ "sendto() used without including "); ++ _GL_WARN_ON_USE (setsockopt, ++ "setsockopt() used without including "); ++ _GL_WARN_ON_USE (shutdown, ++ "shutdown() used without including "); ++# endif ++# endif ++# if !defined _@GUARD_PREFIX@_SYS_SELECT_H ++# if !(defined __cplusplus && defined GNULIB_NAMESPACE) ++# undef select ++# define select select_used_without_including_sys_select_h ++# else ++ _GL_WARN_ON_USE (select, ++ "select() used without including "); ++# endif ++# endif ++#endif ++ ++#endif /* _@GUARD_PREFIX@_SYS_TIME_H */ ++#endif /* _CYGWIN_SYS_TIME_H */ ++#endif /* _@GUARD_PREFIX@_SYS_TIME_H */ +diff --git a/grub-core/gnulib/sys_types.in.h b/grub-core/gnulib/sys_types.in.h +index d7da35623..9520c0903 100644 +--- a/grub-core/gnulib/sys_types.in.h ++++ b/grub-core/gnulib/sys_types.in.h +@@ -23,7 +23,9 @@ + #ifndef _@GUARD_PREFIX@_SYS_TYPES_H + + /* The include_next requires a split double-inclusion guard. */ ++# define _GL_INCLUDING_SYS_TYPES_H + #@INCLUDE_NEXT@ @NEXT_SYS_TYPES_H@ ++# undef _GL_INCLUDING_SYS_TYPES_H + + #ifndef _@GUARD_PREFIX@_SYS_TYPES_H + #define _@GUARD_PREFIX@_SYS_TYPES_H +diff --git a/grub-core/gnulib/time.h b/grub-core/gnulib/time.h +new file mode 100644 +index 000000000..b9203d556 +--- /dev/null ++++ b/grub-core/gnulib/time.h +@@ -0,0 +1,586 @@ ++/* DO NOT EDIT! GENERATED AUTOMATICALLY! */ ++/* A more-standard . ++ ++ Copyright (C) 2007-2014 Free Software Foundation, Inc. ++ ++ This program is free software; you can redistribute it and/or modify ++ it under the terms of the GNU General Public License as published by ++ the Free Software Foundation; either version 3, or (at your option) ++ any later version. ++ ++ This program is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ GNU General Public License for more details. ++ ++ You should have received a copy of the GNU General Public License ++ along with this program; if not, see . */ ++ ++#if __GNUC__ >= 3 ++#pragma GCC system_header ++#endif ++ ++ ++/* Don't get in the way of glibc when it includes time.h merely to ++ declare a few standard symbols, rather than to declare all the ++ symbols. Also, Solaris 8 eventually includes itself ++ recursively; if that is happening, just include the system ++ without adding our own declarations. */ ++#if (defined __need_time_t || defined __need_clock_t \ ++ || defined __need_timespec \ ++ || defined _GL_TIME_H) ++ ++# include_next ++ ++#else ++ ++# define _GL_TIME_H ++ ++# include_next ++ ++/* NetBSD 5.0 mis-defines NULL. */ ++# include ++ ++/* The definitions of _GL_FUNCDECL_RPL etc. are copied here. */ ++#ifndef _GL_CXXDEFS_H ++#define _GL_CXXDEFS_H ++ ++/* The three most frequent use cases of these macros are: ++ ++ * For providing a substitute for a function that is missing on some ++ platforms, but is declared and works fine on the platforms on which ++ it exists: ++ ++ #if @GNULIB_FOO@ ++ # if !@HAVE_FOO@ ++ _GL_FUNCDECL_SYS (foo, ...); ++ # endif ++ _GL_CXXALIAS_SYS (foo, ...); ++ _GL_CXXALIASWARN (foo); ++ #elif defined GNULIB_POSIXCHECK ++ ... ++ #endif ++ ++ * For providing a replacement for a function that exists on all platforms, ++ but is broken/insufficient and needs to be replaced on some platforms: ++ ++ #if @GNULIB_FOO@ ++ # if @REPLACE_FOO@ ++ # if !(defined __cplusplus && defined GNULIB_NAMESPACE) ++ # undef foo ++ # define foo rpl_foo ++ # endif ++ _GL_FUNCDECL_RPL (foo, ...); ++ _GL_CXXALIAS_RPL (foo, ...); ++ # else ++ _GL_CXXALIAS_SYS (foo, ...); ++ # endif ++ _GL_CXXALIASWARN (foo); ++ #elif defined GNULIB_POSIXCHECK ++ ... ++ #endif ++ ++ * For providing a replacement for a function that exists on some platforms ++ but is broken/insufficient and needs to be replaced on some of them and ++ is additionally either missing or undeclared on some other platforms: ++ ++ #if @GNULIB_FOO@ ++ # if @REPLACE_FOO@ ++ # if !(defined __cplusplus && defined GNULIB_NAMESPACE) ++ # undef foo ++ # define foo rpl_foo ++ # endif ++ _GL_FUNCDECL_RPL (foo, ...); ++ _GL_CXXALIAS_RPL (foo, ...); ++ # else ++ # if !@HAVE_FOO@ or if !@HAVE_DECL_FOO@ ++ _GL_FUNCDECL_SYS (foo, ...); ++ # endif ++ _GL_CXXALIAS_SYS (foo, ...); ++ # endif ++ _GL_CXXALIASWARN (foo); ++ #elif defined GNULIB_POSIXCHECK ++ ... ++ #endif ++*/ ++ ++/* _GL_EXTERN_C declaration; ++ performs the declaration with C linkage. */ ++#if defined __cplusplus ++# define _GL_EXTERN_C extern "C" ++#else ++# define _GL_EXTERN_C extern ++#endif ++ ++/* _GL_FUNCDECL_RPL (func, rettype, parameters_and_attributes); ++ declares a replacement function, named rpl_func, with the given prototype, ++ consisting of return type, parameters, and attributes. ++ Example: ++ _GL_FUNCDECL_RPL (open, int, (const char *filename, int flags, ...) ++ _GL_ARG_NONNULL ((1))); ++ */ ++#define _GL_FUNCDECL_RPL(func,rettype,parameters_and_attributes) \ ++ _GL_FUNCDECL_RPL_1 (rpl_##func, rettype, parameters_and_attributes) ++#define _GL_FUNCDECL_RPL_1(rpl_func,rettype,parameters_and_attributes) \ ++ _GL_EXTERN_C rettype rpl_func parameters_and_attributes ++ ++/* _GL_FUNCDECL_SYS (func, rettype, parameters_and_attributes); ++ declares the system function, named func, with the given prototype, ++ consisting of return type, parameters, and attributes. ++ Example: ++ _GL_FUNCDECL_SYS (open, int, (const char *filename, int flags, ...) ++ _GL_ARG_NONNULL ((1))); ++ */ ++#define _GL_FUNCDECL_SYS(func,rettype,parameters_and_attributes) \ ++ _GL_EXTERN_C rettype func parameters_and_attributes ++ ++/* _GL_CXXALIAS_RPL (func, rettype, parameters); ++ declares a C++ alias called GNULIB_NAMESPACE::func ++ that redirects to rpl_func, if GNULIB_NAMESPACE is defined. ++ Example: ++ _GL_CXXALIAS_RPL (open, int, (const char *filename, int flags, ...)); ++ */ ++#define _GL_CXXALIAS_RPL(func,rettype,parameters) \ ++ _GL_CXXALIAS_RPL_1 (func, rpl_##func, rettype, parameters) ++#if defined __cplusplus && defined GNULIB_NAMESPACE ++# define _GL_CXXALIAS_RPL_1(func,rpl_func,rettype,parameters) \ ++ namespace GNULIB_NAMESPACE \ ++ { \ ++ rettype (*const func) parameters = ::rpl_func; \ ++ } \ ++ _GL_EXTERN_C int _gl_cxxalias_dummy ++#else ++# define _GL_CXXALIAS_RPL_1(func,rpl_func,rettype,parameters) \ ++ _GL_EXTERN_C int _gl_cxxalias_dummy ++#endif ++ ++/* _GL_CXXALIAS_RPL_CAST_1 (func, rpl_func, rettype, parameters); ++ is like _GL_CXXALIAS_RPL_1 (func, rpl_func, rettype, parameters); ++ except that the C function rpl_func may have a slightly different ++ declaration. A cast is used to silence the "invalid conversion" error ++ that would otherwise occur. */ ++#if defined __cplusplus && defined GNULIB_NAMESPACE ++# define _GL_CXXALIAS_RPL_CAST_1(func,rpl_func,rettype,parameters) \ ++ namespace GNULIB_NAMESPACE \ ++ { \ ++ rettype (*const func) parameters = \ ++ reinterpret_cast(::rpl_func); \ ++ } \ ++ _GL_EXTERN_C int _gl_cxxalias_dummy ++#else ++# define _GL_CXXALIAS_RPL_CAST_1(func,rpl_func,rettype,parameters) \ ++ _GL_EXTERN_C int _gl_cxxalias_dummy ++#endif ++ ++/* _GL_CXXALIAS_SYS (func, rettype, parameters); ++ declares a C++ alias called GNULIB_NAMESPACE::func ++ that redirects to the system provided function func, if GNULIB_NAMESPACE ++ is defined. ++ Example: ++ _GL_CXXALIAS_SYS (open, int, (const char *filename, int flags, ...)); ++ */ ++#if defined __cplusplus && defined GNULIB_NAMESPACE ++ /* If we were to write ++ rettype (*const func) parameters = ::func; ++ like above in _GL_CXXALIAS_RPL_1, the compiler could optimize calls ++ better (remove an indirection through a 'static' pointer variable), ++ but then the _GL_CXXALIASWARN macro below would cause a warning not only ++ for uses of ::func but also for uses of GNULIB_NAMESPACE::func. */ ++# define _GL_CXXALIAS_SYS(func,rettype,parameters) \ ++ namespace GNULIB_NAMESPACE \ ++ { \ ++ static rettype (*func) parameters = ::func; \ ++ } \ ++ _GL_EXTERN_C int _gl_cxxalias_dummy ++#else ++# define _GL_CXXALIAS_SYS(func,rettype,parameters) \ ++ _GL_EXTERN_C int _gl_cxxalias_dummy ++#endif ++ ++/* _GL_CXXALIAS_SYS_CAST (func, rettype, parameters); ++ is like _GL_CXXALIAS_SYS (func, rettype, parameters); ++ except that the C function func may have a slightly different declaration. ++ A cast is used to silence the "invalid conversion" error that would ++ otherwise occur. */ ++#if defined __cplusplus && defined GNULIB_NAMESPACE ++# define _GL_CXXALIAS_SYS_CAST(func,rettype,parameters) \ ++ namespace GNULIB_NAMESPACE \ ++ { \ ++ static rettype (*func) parameters = \ ++ reinterpret_cast(::func); \ ++ } \ ++ _GL_EXTERN_C int _gl_cxxalias_dummy ++#else ++# define _GL_CXXALIAS_SYS_CAST(func,rettype,parameters) \ ++ _GL_EXTERN_C int _gl_cxxalias_dummy ++#endif ++ ++/* _GL_CXXALIAS_SYS_CAST2 (func, rettype, parameters, rettype2, parameters2); ++ is like _GL_CXXALIAS_SYS (func, rettype, parameters); ++ except that the C function is picked among a set of overloaded functions, ++ namely the one with rettype2 and parameters2. Two consecutive casts ++ are used to silence the "cannot find a match" and "invalid conversion" ++ errors that would otherwise occur. */ ++#if defined __cplusplus && defined GNULIB_NAMESPACE ++ /* The outer cast must be a reinterpret_cast. ++ The inner cast: When the function is defined as a set of overloaded ++ functions, it works as a static_cast<>, choosing the designated variant. ++ When the function is defined as a single variant, it works as a ++ reinterpret_cast<>. The parenthesized cast syntax works both ways. */ ++# define _GL_CXXALIAS_SYS_CAST2(func,rettype,parameters,rettype2,parameters2) \ ++ namespace GNULIB_NAMESPACE \ ++ { \ ++ static rettype (*func) parameters = \ ++ reinterpret_cast( \ ++ (rettype2(*)parameters2)(::func)); \ ++ } \ ++ _GL_EXTERN_C int _gl_cxxalias_dummy ++#else ++# define _GL_CXXALIAS_SYS_CAST2(func,rettype,parameters,rettype2,parameters2) \ ++ _GL_EXTERN_C int _gl_cxxalias_dummy ++#endif ++ ++/* _GL_CXXALIASWARN (func); ++ causes a warning to be emitted when ::func is used but not when ++ GNULIB_NAMESPACE::func is used. func must be defined without overloaded ++ variants. */ ++#if defined __cplusplus && defined GNULIB_NAMESPACE ++# define _GL_CXXALIASWARN(func) \ ++ _GL_CXXALIASWARN_1 (func, GNULIB_NAMESPACE) ++# define _GL_CXXALIASWARN_1(func,namespace) \ ++ _GL_CXXALIASWARN_2 (func, namespace) ++/* To work around GCC bug , ++ we enable the warning only when not optimizing. */ ++# if !__OPTIMIZE__ ++# define _GL_CXXALIASWARN_2(func,namespace) \ ++ _GL_WARN_ON_USE (func, \ ++ "The symbol ::" #func " refers to the system function. " \ ++ "Use " #namespace "::" #func " instead.") ++# elif __GNUC__ >= 3 && GNULIB_STRICT_CHECKING ++# define _GL_CXXALIASWARN_2(func,namespace) \ ++ extern __typeof__ (func) func ++# else ++# define _GL_CXXALIASWARN_2(func,namespace) \ ++ _GL_EXTERN_C int _gl_cxxalias_dummy ++# endif ++#else ++# define _GL_CXXALIASWARN(func) \ ++ _GL_EXTERN_C int _gl_cxxalias_dummy ++#endif ++ ++/* _GL_CXXALIASWARN1 (func, rettype, parameters_and_attributes); ++ causes a warning to be emitted when the given overloaded variant of ::func ++ is used but not when GNULIB_NAMESPACE::func is used. */ ++#if defined __cplusplus && defined GNULIB_NAMESPACE ++# define _GL_CXXALIASWARN1(func,rettype,parameters_and_attributes) \ ++ _GL_CXXALIASWARN1_1 (func, rettype, parameters_and_attributes, \ ++ GNULIB_NAMESPACE) ++# define _GL_CXXALIASWARN1_1(func,rettype,parameters_and_attributes,namespace) \ ++ _GL_CXXALIASWARN1_2 (func, rettype, parameters_and_attributes, namespace) ++/* To work around GCC bug , ++ we enable the warning only when not optimizing. */ ++# if !__OPTIMIZE__ ++# define _GL_CXXALIASWARN1_2(func,rettype,parameters_and_attributes,namespace) \ ++ _GL_WARN_ON_USE_CXX (func, rettype, parameters_and_attributes, \ ++ "The symbol ::" #func " refers to the system function. " \ ++ "Use " #namespace "::" #func " instead.") ++# elif __GNUC__ >= 3 && GNULIB_STRICT_CHECKING ++# define _GL_CXXALIASWARN1_2(func,rettype,parameters_and_attributes,namespace) \ ++ extern __typeof__ (func) func ++# else ++# define _GL_CXXALIASWARN1_2(func,rettype,parameters_and_attributes,namespace) \ ++ _GL_EXTERN_C int _gl_cxxalias_dummy ++# endif ++#else ++# define _GL_CXXALIASWARN1(func,rettype,parameters_and_attributes) \ ++ _GL_EXTERN_C int _gl_cxxalias_dummy ++#endif ++ ++#endif /* _GL_CXXDEFS_H */ ++ ++/* The definition of _GL_ARG_NONNULL is copied here. */ ++/* _GL_ARG_NONNULL((n,...,m)) tells the compiler and static analyzer tools ++ that the values passed as arguments n, ..., m must be non-NULL pointers. ++ n = 1 stands for the first argument, n = 2 for the second argument etc. */ ++#ifndef _GL_ARG_NONNULL ++# if (__GNUC__ == 3 && __GNUC_MINOR__ >= 3) || __GNUC__ > 3 ++# define _GL_ARG_NONNULL(params) __attribute__ ((__nonnull__ params)) ++# else ++# define _GL_ARG_NONNULL(params) ++# endif ++#endif ++ ++/* The definition of _GL_WARN_ON_USE is copied here. */ ++#ifndef _GL_WARN_ON_USE ++ ++# if 4 < __GNUC__ || (__GNUC__ == 4 && 3 <= __GNUC_MINOR__) ++/* A compiler attribute is available in gcc versions 4.3.0 and later. */ ++# define _GL_WARN_ON_USE(function, message) \ ++extern __typeof__ (function) function __attribute__ ((__warning__ (message))) ++# elif __GNUC__ >= 3 && GNULIB_STRICT_CHECKING ++/* Verify the existence of the function. */ ++# define _GL_WARN_ON_USE(function, message) \ ++extern __typeof__ (function) function ++# else /* Unsupported. */ ++# define _GL_WARN_ON_USE(function, message) \ ++_GL_WARN_EXTERN_C int _gl_warn_on_use ++# endif ++#endif ++ ++/* _GL_WARN_ON_USE_CXX (function, rettype, parameters_and_attributes, "string") ++ is like _GL_WARN_ON_USE (function, "string"), except that the function is ++ declared with the given prototype, consisting of return type, parameters, ++ and attributes. ++ This variant is useful for overloaded functions in C++. _GL_WARN_ON_USE does ++ not work in this case. */ ++#ifndef _GL_WARN_ON_USE_CXX ++# if 4 < __GNUC__ || (__GNUC__ == 4 && 3 <= __GNUC_MINOR__) ++# define _GL_WARN_ON_USE_CXX(function,rettype,parameters_and_attributes,msg) \ ++extern rettype function parameters_and_attributes \ ++ __attribute__ ((__warning__ (msg))) ++# elif __GNUC__ >= 3 && GNULIB_STRICT_CHECKING ++/* Verify the existence of the function. */ ++# define _GL_WARN_ON_USE_CXX(function,rettype,parameters_and_attributes,msg) \ ++extern rettype function parameters_and_attributes ++# else /* Unsupported. */ ++# define _GL_WARN_ON_USE_CXX(function,rettype,parameters_and_attributes,msg) \ ++_GL_WARN_EXTERN_C int _gl_warn_on_use ++# endif ++#endif ++ ++/* _GL_WARN_EXTERN_C declaration; ++ performs the declaration with C linkage. */ ++#ifndef _GL_WARN_EXTERN_C ++# if defined __cplusplus ++# define _GL_WARN_EXTERN_C extern "C" ++# else ++# define _GL_WARN_EXTERN_C extern ++# endif ++#endif ++ ++/* Some systems don't define struct timespec (e.g., AIX 4.1, Ultrix 4.3). ++ Or they define it with the wrong member names or define it in ++ (e.g., FreeBSD circa 1997). Stock Mingw prior to 3.0 does not define it, ++ but the pthreads-win32 library defines it in . */ ++# if ! 1 ++# if 0 ++# include ++# elif 0 ++# include ++# else ++ ++# ifdef __cplusplus ++extern "C" { ++# endif ++ ++# if !GNULIB_defined_struct_timespec ++# undef timespec ++# define timespec rpl_timespec ++struct timespec ++{ ++ time_t tv_sec; ++ long int tv_nsec; ++}; ++# define GNULIB_defined_struct_timespec 1 ++# endif ++ ++# ifdef __cplusplus ++} ++# endif ++ ++# endif ++# endif ++ ++# if !GNULIB_defined_struct_time_t_must_be_integral ++/* Per http://austingroupbugs.net/view.php?id=327, POSIX requires ++ time_t to be an integer type, even though C99 permits floating ++ point. We don't know of any implementation that uses floating ++ point, and it is much easier to write code that doesn't have to ++ worry about that corner case, so we force the issue. */ ++struct __time_t_must_be_integral { ++ unsigned int __floating_time_t_unsupported : (time_t) 1; ++}; ++# define GNULIB_defined_struct_time_t_must_be_integral 1 ++# endif ++ ++/* Sleep for at least RQTP seconds unless interrupted, If interrupted, ++ return -1 and store the remaining time into RMTP. See ++ . */ ++# if 0 ++# if GNULIB_PORTCHECK ++# if !(defined __cplusplus && defined GNULIB_NAMESPACE) ++# define nanosleep rpl_nanosleep ++# endif ++_GL_FUNCDECL_RPL (nanosleep, int, ++ (struct timespec const *__rqtp, struct timespec *__rmtp) ++ _GL_ARG_NONNULL ((1))); ++_GL_CXXALIAS_RPL (nanosleep, int, ++ (struct timespec const *__rqtp, struct timespec *__rmtp)); ++# else ++# if ! 1 ++_GL_FUNCDECL_SYS (nanosleep, int, ++ (struct timespec const *__rqtp, struct timespec *__rmtp) ++ _GL_ARG_NONNULL ((1))); ++# endif ++_GL_CXXALIAS_SYS (nanosleep, int, ++ (struct timespec const *__rqtp, struct timespec *__rmtp)); ++# endif ++_GL_CXXALIASWARN (nanosleep); ++# endif ++ ++/* Return the 'time_t' representation of TP and normalize TP. */ ++# if 0 ++# if GNULIB_PORTCHECK ++# if !(defined __cplusplus && defined GNULIB_NAMESPACE) ++# define mktime rpl_mktime ++# endif ++_GL_FUNCDECL_RPL (mktime, time_t, (struct tm *__tp) _GL_ARG_NONNULL ((1))); ++_GL_CXXALIAS_RPL (mktime, time_t, (struct tm *__tp)); ++# else ++_GL_CXXALIAS_SYS (mktime, time_t, (struct tm *__tp)); ++# endif ++_GL_CXXALIASWARN (mktime); ++# endif ++ ++/* Convert TIMER to RESULT, assuming local time and UTC respectively. See ++ and ++ . */ ++# if 0 ++# if GNULIB_PORTCHECK ++# if !(defined __cplusplus && defined GNULIB_NAMESPACE) ++# undef localtime_r ++# define localtime_r rpl_localtime_r ++# endif ++_GL_FUNCDECL_RPL (localtime_r, struct tm *, (time_t const *restrict __timer, ++ struct tm *restrict __result) ++ _GL_ARG_NONNULL ((1, 2))); ++_GL_CXXALIAS_RPL (localtime_r, struct tm *, (time_t const *restrict __timer, ++ struct tm *restrict __result)); ++# else ++# if ! 1 ++_GL_FUNCDECL_SYS (localtime_r, struct tm *, (time_t const *restrict __timer, ++ struct tm *restrict __result) ++ _GL_ARG_NONNULL ((1, 2))); ++# endif ++_GL_CXXALIAS_SYS (localtime_r, struct tm *, (time_t const *restrict __timer, ++ struct tm *restrict __result)); ++# endif ++# if 1 ++_GL_CXXALIASWARN (localtime_r); ++# endif ++# if GNULIB_PORTCHECK ++# if !(defined __cplusplus && defined GNULIB_NAMESPACE) ++# undef gmtime_r ++# define gmtime_r rpl_gmtime_r ++# endif ++_GL_FUNCDECL_RPL (gmtime_r, struct tm *, (time_t const *restrict __timer, ++ struct tm *restrict __result) ++ _GL_ARG_NONNULL ((1, 2))); ++_GL_CXXALIAS_RPL (gmtime_r, struct tm *, (time_t const *restrict __timer, ++ struct tm *restrict __result)); ++# else ++# if ! 1 ++_GL_FUNCDECL_SYS (gmtime_r, struct tm *, (time_t const *restrict __timer, ++ struct tm *restrict __result) ++ _GL_ARG_NONNULL ((1, 2))); ++# endif ++_GL_CXXALIAS_SYS (gmtime_r, struct tm *, (time_t const *restrict __timer, ++ struct tm *restrict __result)); ++# endif ++# if 1 ++_GL_CXXALIASWARN (gmtime_r); ++# endif ++# endif ++ ++/* Convert TIMER to RESULT, assuming local time and UTC respectively. See ++ and ++ . */ ++# if 1 ++# if 0 ++# if !(defined __cplusplus && defined GNULIB_NAMESPACE) ++# undef localtime ++# define localtime rpl_localtime ++# endif ++_GL_FUNCDECL_RPL (localtime, struct tm *, (time_t const *__timer) ++ _GL_ARG_NONNULL ((1))); ++_GL_CXXALIAS_RPL (localtime, struct tm *, (time_t const *__timer)); ++# else ++_GL_CXXALIAS_SYS (localtime, struct tm *, (time_t const *__timer)); ++# endif ++_GL_CXXALIASWARN (localtime); ++# endif ++ ++# if 1 ++# if 0 ++# if !(defined __cplusplus && defined GNULIB_NAMESPACE) ++# undef gmtime ++# define gmtime rpl_gmtime ++# endif ++_GL_FUNCDECL_RPL (gmtime, struct tm *, (time_t const *__timer) ++ _GL_ARG_NONNULL ((1))); ++_GL_CXXALIAS_RPL (gmtime, struct tm *, (time_t const *__timer)); ++# else ++_GL_CXXALIAS_SYS (gmtime, struct tm *, (time_t const *__timer)); ++# endif ++_GL_CXXALIASWARN (gmtime); ++# endif ++ ++/* Parse BUF as a time stamp, assuming FORMAT specifies its layout, and store ++ the resulting broken-down time into TM. See ++ . */ ++# if 0 ++# if ! 1 ++_GL_FUNCDECL_SYS (strptime, char *, (char const *restrict __buf, ++ char const *restrict __format, ++ struct tm *restrict __tm) ++ _GL_ARG_NONNULL ((1, 2, 3))); ++# endif ++_GL_CXXALIAS_SYS (strptime, char *, (char const *restrict __buf, ++ char const *restrict __format, ++ struct tm *restrict __tm)); ++_GL_CXXALIASWARN (strptime); ++# endif ++ ++/* Convert TM to a time_t value, assuming UTC. */ ++# if 0 ++# if GNULIB_PORTCHECK ++# if !(defined __cplusplus && defined GNULIB_NAMESPACE) ++# undef timegm ++# define timegm rpl_timegm ++# endif ++_GL_FUNCDECL_RPL (timegm, time_t, (struct tm *__tm) _GL_ARG_NONNULL ((1))); ++_GL_CXXALIAS_RPL (timegm, time_t, (struct tm *__tm)); ++# else ++# if ! 1 ++_GL_FUNCDECL_SYS (timegm, time_t, (struct tm *__tm) _GL_ARG_NONNULL ((1))); ++# endif ++_GL_CXXALIAS_SYS (timegm, time_t, (struct tm *__tm)); ++# endif ++_GL_CXXALIASWARN (timegm); ++# endif ++ ++/* Encourage applications to avoid unsafe functions that can overrun ++ buffers when given outlandish struct tm values. Portable ++ applications should use strftime (or even sprintf) instead. */ ++# if defined GNULIB_POSIXCHECK ++# undef asctime ++_GL_WARN_ON_USE (asctime, "asctime can overrun buffers in some cases - " ++ "better use strftime (or even sprintf) instead"); ++# endif ++# if defined GNULIB_POSIXCHECK ++# undef asctime_r ++_GL_WARN_ON_USE (asctime, "asctime_r can overrun buffers in some cases - " ++ "better use strftime (or even sprintf) instead"); ++# endif ++# if defined GNULIB_POSIXCHECK ++# undef ctime ++_GL_WARN_ON_USE (asctime, "ctime can overrun buffers in some cases - " ++ "better use strftime (or even sprintf) instead"); ++# endif ++# if defined GNULIB_POSIXCHECK ++# undef ctime_r ++_GL_WARN_ON_USE (asctime, "ctime_r can overrun buffers in some cases - " ++ "better use strftime (or even sprintf) instead"); ++# endif ++ ++#endif +diff --git a/grub-core/gnulib/time.in.h b/grub-core/gnulib/time.in.h +new file mode 100644 +index 000000000..81abdf46e +--- /dev/null ++++ b/grub-core/gnulib/time.in.h +@@ -0,0 +1,274 @@ ++/* A more-standard . ++ ++ Copyright (C) 2007-2014 Free Software Foundation, Inc. ++ ++ This program is free software; you can redistribute it and/or modify ++ it under the terms of the GNU General Public License as published by ++ the Free Software Foundation; either version 3, or (at your option) ++ any later version. ++ ++ This program is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ GNU General Public License for more details. ++ ++ You should have received a copy of the GNU General Public License ++ along with this program; if not, see . */ ++ ++#if __GNUC__ >= 3 ++@PRAGMA_SYSTEM_HEADER@ ++#endif ++@PRAGMA_COLUMNS@ ++ ++/* Don't get in the way of glibc when it includes time.h merely to ++ declare a few standard symbols, rather than to declare all the ++ symbols. Also, Solaris 8 eventually includes itself ++ recursively; if that is happening, just include the system ++ without adding our own declarations. */ ++#if (defined __need_time_t || defined __need_clock_t \ ++ || defined __need_timespec \ ++ || defined _@GUARD_PREFIX@_TIME_H) ++ ++# @INCLUDE_NEXT@ @NEXT_TIME_H@ ++ ++#else ++ ++# define _@GUARD_PREFIX@_TIME_H ++ ++# @INCLUDE_NEXT@ @NEXT_TIME_H@ ++ ++/* NetBSD 5.0 mis-defines NULL. */ ++# include ++ ++/* The definitions of _GL_FUNCDECL_RPL etc. are copied here. */ ++ ++/* The definition of _GL_ARG_NONNULL is copied here. */ ++ ++/* The definition of _GL_WARN_ON_USE is copied here. */ ++ ++/* Some systems don't define struct timespec (e.g., AIX 4.1, Ultrix 4.3). ++ Or they define it with the wrong member names or define it in ++ (e.g., FreeBSD circa 1997). Stock Mingw prior to 3.0 does not define it, ++ but the pthreads-win32 library defines it in . */ ++# if ! @TIME_H_DEFINES_STRUCT_TIMESPEC@ ++# if @SYS_TIME_H_DEFINES_STRUCT_TIMESPEC@ ++# include ++# elif @PTHREAD_H_DEFINES_STRUCT_TIMESPEC@ ++# include ++# else ++ ++# ifdef __cplusplus ++extern "C" { ++# endif ++ ++# if !GNULIB_defined_struct_timespec ++# undef timespec ++# define timespec rpl_timespec ++struct timespec ++{ ++ time_t tv_sec; ++ long int tv_nsec; ++}; ++# define GNULIB_defined_struct_timespec 1 ++# endif ++ ++# ifdef __cplusplus ++} ++# endif ++ ++# endif ++# endif ++ ++# if !GNULIB_defined_struct_time_t_must_be_integral ++/* Per http://austingroupbugs.net/view.php?id=327, POSIX requires ++ time_t to be an integer type, even though C99 permits floating ++ point. We don't know of any implementation that uses floating ++ point, and it is much easier to write code that doesn't have to ++ worry about that corner case, so we force the issue. */ ++struct __time_t_must_be_integral { ++ unsigned int __floating_time_t_unsupported : (time_t) 1; ++}; ++# define GNULIB_defined_struct_time_t_must_be_integral 1 ++# endif ++ ++/* Sleep for at least RQTP seconds unless interrupted, If interrupted, ++ return -1 and store the remaining time into RMTP. See ++ . */ ++# if @GNULIB_NANOSLEEP@ ++# if @REPLACE_NANOSLEEP@ ++# if !(defined __cplusplus && defined GNULIB_NAMESPACE) ++# define nanosleep rpl_nanosleep ++# endif ++_GL_FUNCDECL_RPL (nanosleep, int, ++ (struct timespec const *__rqtp, struct timespec *__rmtp) ++ _GL_ARG_NONNULL ((1))); ++_GL_CXXALIAS_RPL (nanosleep, int, ++ (struct timespec const *__rqtp, struct timespec *__rmtp)); ++# else ++# if ! @HAVE_NANOSLEEP@ ++_GL_FUNCDECL_SYS (nanosleep, int, ++ (struct timespec const *__rqtp, struct timespec *__rmtp) ++ _GL_ARG_NONNULL ((1))); ++# endif ++_GL_CXXALIAS_SYS (nanosleep, int, ++ (struct timespec const *__rqtp, struct timespec *__rmtp)); ++# endif ++_GL_CXXALIASWARN (nanosleep); ++# endif ++ ++/* Return the 'time_t' representation of TP and normalize TP. */ ++# if @GNULIB_MKTIME@ ++# if @REPLACE_MKTIME@ ++# if !(defined __cplusplus && defined GNULIB_NAMESPACE) ++# define mktime rpl_mktime ++# endif ++_GL_FUNCDECL_RPL (mktime, time_t, (struct tm *__tp) _GL_ARG_NONNULL ((1))); ++_GL_CXXALIAS_RPL (mktime, time_t, (struct tm *__tp)); ++# else ++_GL_CXXALIAS_SYS (mktime, time_t, (struct tm *__tp)); ++# endif ++_GL_CXXALIASWARN (mktime); ++# endif ++ ++/* Convert TIMER to RESULT, assuming local time and UTC respectively. See ++ and ++ . */ ++# if @GNULIB_TIME_R@ ++# if @REPLACE_LOCALTIME_R@ ++# if !(defined __cplusplus && defined GNULIB_NAMESPACE) ++# undef localtime_r ++# define localtime_r rpl_localtime_r ++# endif ++_GL_FUNCDECL_RPL (localtime_r, struct tm *, (time_t const *restrict __timer, ++ struct tm *restrict __result) ++ _GL_ARG_NONNULL ((1, 2))); ++_GL_CXXALIAS_RPL (localtime_r, struct tm *, (time_t const *restrict __timer, ++ struct tm *restrict __result)); ++# else ++# if ! @HAVE_DECL_LOCALTIME_R@ ++_GL_FUNCDECL_SYS (localtime_r, struct tm *, (time_t const *restrict __timer, ++ struct tm *restrict __result) ++ _GL_ARG_NONNULL ((1, 2))); ++# endif ++_GL_CXXALIAS_SYS (localtime_r, struct tm *, (time_t const *restrict __timer, ++ struct tm *restrict __result)); ++# endif ++# if @HAVE_DECL_LOCALTIME_R@ ++_GL_CXXALIASWARN (localtime_r); ++# endif ++# if @REPLACE_LOCALTIME_R@ ++# if !(defined __cplusplus && defined GNULIB_NAMESPACE) ++# undef gmtime_r ++# define gmtime_r rpl_gmtime_r ++# endif ++_GL_FUNCDECL_RPL (gmtime_r, struct tm *, (time_t const *restrict __timer, ++ struct tm *restrict __result) ++ _GL_ARG_NONNULL ((1, 2))); ++_GL_CXXALIAS_RPL (gmtime_r, struct tm *, (time_t const *restrict __timer, ++ struct tm *restrict __result)); ++# else ++# if ! @HAVE_DECL_LOCALTIME_R@ ++_GL_FUNCDECL_SYS (gmtime_r, struct tm *, (time_t const *restrict __timer, ++ struct tm *restrict __result) ++ _GL_ARG_NONNULL ((1, 2))); ++# endif ++_GL_CXXALIAS_SYS (gmtime_r, struct tm *, (time_t const *restrict __timer, ++ struct tm *restrict __result)); ++# endif ++# if @HAVE_DECL_LOCALTIME_R@ ++_GL_CXXALIASWARN (gmtime_r); ++# endif ++# endif ++ ++/* Convert TIMER to RESULT, assuming local time and UTC respectively. See ++ and ++ . */ ++# if @GNULIB_GETTIMEOFDAY@ ++# if @REPLACE_LOCALTIME@ ++# if !(defined __cplusplus && defined GNULIB_NAMESPACE) ++# undef localtime ++# define localtime rpl_localtime ++# endif ++_GL_FUNCDECL_RPL (localtime, struct tm *, (time_t const *__timer) ++ _GL_ARG_NONNULL ((1))); ++_GL_CXXALIAS_RPL (localtime, struct tm *, (time_t const *__timer)); ++# else ++_GL_CXXALIAS_SYS (localtime, struct tm *, (time_t const *__timer)); ++# endif ++_GL_CXXALIASWARN (localtime); ++# endif ++ ++# if @GNULIB_GETTIMEOFDAY@ ++# if @REPLACE_GMTIME@ ++# if !(defined __cplusplus && defined GNULIB_NAMESPACE) ++# undef gmtime ++# define gmtime rpl_gmtime ++# endif ++_GL_FUNCDECL_RPL (gmtime, struct tm *, (time_t const *__timer) ++ _GL_ARG_NONNULL ((1))); ++_GL_CXXALIAS_RPL (gmtime, struct tm *, (time_t const *__timer)); ++# else ++_GL_CXXALIAS_SYS (gmtime, struct tm *, (time_t const *__timer)); ++# endif ++_GL_CXXALIASWARN (gmtime); ++# endif ++ ++/* Parse BUF as a time stamp, assuming FORMAT specifies its layout, and store ++ the resulting broken-down time into TM. See ++ . */ ++# if @GNULIB_STRPTIME@ ++# if ! @HAVE_STRPTIME@ ++_GL_FUNCDECL_SYS (strptime, char *, (char const *restrict __buf, ++ char const *restrict __format, ++ struct tm *restrict __tm) ++ _GL_ARG_NONNULL ((1, 2, 3))); ++# endif ++_GL_CXXALIAS_SYS (strptime, char *, (char const *restrict __buf, ++ char const *restrict __format, ++ struct tm *restrict __tm)); ++_GL_CXXALIASWARN (strptime); ++# endif ++ ++/* Convert TM to a time_t value, assuming UTC. */ ++# if @GNULIB_TIMEGM@ ++# if @REPLACE_TIMEGM@ ++# if !(defined __cplusplus && defined GNULIB_NAMESPACE) ++# undef timegm ++# define timegm rpl_timegm ++# endif ++_GL_FUNCDECL_RPL (timegm, time_t, (struct tm *__tm) _GL_ARG_NONNULL ((1))); ++_GL_CXXALIAS_RPL (timegm, time_t, (struct tm *__tm)); ++# else ++# if ! @HAVE_TIMEGM@ ++_GL_FUNCDECL_SYS (timegm, time_t, (struct tm *__tm) _GL_ARG_NONNULL ((1))); ++# endif ++_GL_CXXALIAS_SYS (timegm, time_t, (struct tm *__tm)); ++# endif ++_GL_CXXALIASWARN (timegm); ++# endif ++ ++/* Encourage applications to avoid unsafe functions that can overrun ++ buffers when given outlandish struct tm values. Portable ++ applications should use strftime (or even sprintf) instead. */ ++# if defined GNULIB_POSIXCHECK ++# undef asctime ++_GL_WARN_ON_USE (asctime, "asctime can overrun buffers in some cases - " ++ "better use strftime (or even sprintf) instead"); ++# endif ++# if defined GNULIB_POSIXCHECK ++# undef asctime_r ++_GL_WARN_ON_USE (asctime, "asctime_r can overrun buffers in some cases - " ++ "better use strftime (or even sprintf) instead"); ++# endif ++# if defined GNULIB_POSIXCHECK ++# undef ctime ++_GL_WARN_ON_USE (asctime, "ctime can overrun buffers in some cases - " ++ "better use strftime (or even sprintf) instead"); ++# endif ++# if defined GNULIB_POSIXCHECK ++# undef ctime_r ++_GL_WARN_ON_USE (asctime, "ctime_r can overrun buffers in some cases - " ++ "better use strftime (or even sprintf) instead"); ++# endif ++ ++#endif +diff --git a/include/grub/osdep/hostfile_aros.h b/include/grub/osdep/hostfile_aros.h +index a059c0fa4..161fbb7bd 100644 +--- a/include/grub/osdep/hostfile_aros.h ++++ b/include/grub/osdep/hostfile_aros.h +@@ -68,6 +68,12 @@ grub_util_rename (const char *from, const char *to) + return rename (from, to); + } + ++static inline ssize_t ++grub_util_readlink (const char *name, char *buf, size_t bufsize) ++{ ++ return readlink(name, buf, bufsize); ++} ++ + #define grub_util_mkdir(a) mkdir ((a), 0755) + + struct grub_util_fd +diff --git a/include/grub/osdep/hostfile_unix.h b/include/grub/osdep/hostfile_unix.h +index 9ffe46fa3..17cd3aa8b 100644 +--- a/include/grub/osdep/hostfile_unix.h ++++ b/include/grub/osdep/hostfile_unix.h +@@ -71,6 +71,12 @@ grub_util_rename (const char *from, const char *to) + return rename (from, to); + } + ++static inline ssize_t ++grub_util_readlink (const char *name, char *buf, size_t bufsize) ++{ ++ return readlink(name, buf, bufsize); ++} ++ + #define grub_util_mkdir(a) mkdir ((a), 0755) + + #if defined (__NetBSD__) +diff --git a/include/grub/osdep/hostfile_windows.h b/include/grub/osdep/hostfile_windows.h +index bf6451b6d..8c92d0591 100644 +--- a/include/grub/osdep/hostfile_windows.h ++++ b/include/grub/osdep/hostfile_windows.h +@@ -41,6 +41,8 @@ typedef struct grub_util_fd_dir *grub_util_fd_dir_t; + + int + grub_util_rename (const char *from, const char *to); ++ssize_t ++grub_util_readlink (const char *name, char *buf, size_t bufsize); + int + grub_util_unlink (const char *name); + void +diff --git a/grub-core/gnulib/Makefile.am b/grub-core/gnulib/Makefile.am +index 3444397fe..b7c5e60e1 100644 +--- a/grub-core/gnulib/Makefile.am ++++ b/grub-core/gnulib/Makefile.am +@@ -21,7 +21,7 @@ + # the same distribution terms as the rest of that program. + # + # Generated by gnulib-tool. +-# Reproduce by: gnulib-tool --import --dir=. --lib=libgnu --source-base=grub-core/gnulib --m4-base=m4 --doc-base=doc --tests-base=tests --aux-dir=build-aux --no-conditional-dependencies --no-libtool --macro-prefix=gl --no-vc-files argp error fnmatch getdelim getline gettext progname regex ++# Reproduce by: gnulib-tool --import --dir=. --lib=libgnu --source-base=grub-core/gnulib --m4-base=m4 --doc-base=doc --tests-base=tests --aux-dir=build-aux --no-conditional-dependencies --no-libtool --macro-prefix=gl --no-vc-files argp error fnmatch getdelim getline gettext progname readlink regex + + AUTOMAKE_OPTIONS = 1.5 gnits subdir-objects + +@@ -326,6 +326,15 @@ libgnu_a_SOURCES += gettext.h + + ## end gnulib module gettext-h + ++## begin gnulib module gettimeofday ++ ++ ++EXTRA_DIST += gettimeofday.c ++ ++EXTRA_libgnu_a_SOURCES += gettimeofday.c ++ ++## end gnulib module gettimeofday ++ + ## begin gnulib module havelib + + +@@ -596,6 +605,13 @@ EXTRA_libgnu_a_SOURCES += nl_langinfo.c + + ## end gnulib module nl_langinfo + ++## begin gnulib module pathmax ++ ++ ++EXTRA_DIST += pathmax.h ++ ++## end gnulib module pathmax ++ + ## begin gnulib module progname + + libgnu_a_SOURCES += progname.h progname.c +@@ -611,6 +627,15 @@ EXTRA_libgnu_a_SOURCES += rawmemchr.c + + ## end gnulib module rawmemchr + ++## begin gnulib module readlink ++ ++ ++EXTRA_DIST += readlink.c ++ ++EXTRA_libgnu_a_SOURCES += readlink.c ++ ++## end gnulib module readlink ++ + ## begin gnulib module realloc-posix + + +@@ -725,6 +750,15 @@ EXTRA_DIST += $(top_srcdir)/build-aux/snippet/warn-on-use.h + + ## end gnulib module snippet/warn-on-use + ++## begin gnulib module stat ++ ++ ++EXTRA_DIST += stat.c ++ ++EXTRA_libgnu_a_SOURCES += stat.c ++ ++## end gnulib module stat ++ + ## begin gnulib module stdalign + + BUILT_SOURCES += $(STDALIGN_H) +@@ -1280,6 +1314,102 @@ libgnu_a_SOURCES += strnlen1.h strnlen1.c + + ## end gnulib module strnlen1 + ++## begin gnulib module sys_stat ++ ++BUILT_SOURCES += sys/stat.h ++ ++# We need the following in order to create when the system ++# has one that is incomplete. ++sys/stat.h: sys_stat.in.h $(top_builddir)/config.status $(CXXDEFS_H) $(ARG_NONNULL_H) $(WARN_ON_USE_H) ++ $(AM_V_at)$(MKDIR_P) sys ++ $(AM_V_GEN)rm -f $@-t $@ && \ ++ { echo '/* DO NOT EDIT! GENERATED AUTOMATICALLY! */'; \ ++ sed -e 's|@''GUARD_PREFIX''@|GL|g' \ ++ -e 's|@''INCLUDE_NEXT''@|$(INCLUDE_NEXT)|g' \ ++ -e 's|@''PRAGMA_SYSTEM_HEADER''@|@PRAGMA_SYSTEM_HEADER@|g' \ ++ -e 's|@''PRAGMA_COLUMNS''@|@PRAGMA_COLUMNS@|g' \ ++ -e 's|@''NEXT_SYS_STAT_H''@|$(NEXT_SYS_STAT_H)|g' \ ++ -e 's|@''WINDOWS_64_BIT_ST_SIZE''@|$(WINDOWS_64_BIT_ST_SIZE)|g' \ ++ -e 's/@''GNULIB_FCHMODAT''@/$(GNULIB_FCHMODAT)/g' \ ++ -e 's/@''GNULIB_FSTAT''@/$(GNULIB_FSTAT)/g' \ ++ -e 's/@''GNULIB_FSTATAT''@/$(GNULIB_FSTATAT)/g' \ ++ -e 's/@''GNULIB_FUTIMENS''@/$(GNULIB_FUTIMENS)/g' \ ++ -e 's/@''GNULIB_LCHMOD''@/$(GNULIB_LCHMOD)/g' \ ++ -e 's/@''GNULIB_LSTAT''@/$(GNULIB_LSTAT)/g' \ ++ -e 's/@''GNULIB_MKDIRAT''@/$(GNULIB_MKDIRAT)/g' \ ++ -e 's/@''GNULIB_MKFIFO''@/$(GNULIB_MKFIFO)/g' \ ++ -e 's/@''GNULIB_MKFIFOAT''@/$(GNULIB_MKFIFOAT)/g' \ ++ -e 's/@''GNULIB_MKNOD''@/$(GNULIB_MKNOD)/g' \ ++ -e 's/@''GNULIB_MKNODAT''@/$(GNULIB_MKNODAT)/g' \ ++ -e 's/@''GNULIB_STAT''@/$(GNULIB_STAT)/g' \ ++ -e 's/@''GNULIB_UTIMENSAT''@/$(GNULIB_UTIMENSAT)/g' \ ++ -e 's|@''HAVE_FCHMODAT''@|$(HAVE_FCHMODAT)|g' \ ++ -e 's|@''HAVE_FSTATAT''@|$(HAVE_FSTATAT)|g' \ ++ -e 's|@''HAVE_FUTIMENS''@|$(HAVE_FUTIMENS)|g' \ ++ -e 's|@''HAVE_LCHMOD''@|$(HAVE_LCHMOD)|g' \ ++ -e 's|@''HAVE_LSTAT''@|$(HAVE_LSTAT)|g' \ ++ -e 's|@''HAVE_MKDIRAT''@|$(HAVE_MKDIRAT)|g' \ ++ -e 's|@''HAVE_MKFIFO''@|$(HAVE_MKFIFO)|g' \ ++ -e 's|@''HAVE_MKFIFOAT''@|$(HAVE_MKFIFOAT)|g' \ ++ -e 's|@''HAVE_MKNOD''@|$(HAVE_MKNOD)|g' \ ++ -e 's|@''HAVE_MKNODAT''@|$(HAVE_MKNODAT)|g' \ ++ -e 's|@''HAVE_UTIMENSAT''@|$(HAVE_UTIMENSAT)|g' \ ++ -e 's|@''REPLACE_FSTAT''@|$(REPLACE_FSTAT)|g' \ ++ -e 's|@''REPLACE_FSTATAT''@|$(REPLACE_FSTATAT)|g' \ ++ -e 's|@''REPLACE_FUTIMENS''@|$(REPLACE_FUTIMENS)|g' \ ++ -e 's|@''REPLACE_LSTAT''@|$(REPLACE_LSTAT)|g' \ ++ -e 's|@''REPLACE_MKDIR''@|$(REPLACE_MKDIR)|g' \ ++ -e 's|@''REPLACE_MKFIFO''@|$(REPLACE_MKFIFO)|g' \ ++ -e 's|@''REPLACE_MKNOD''@|$(REPLACE_MKNOD)|g' \ ++ -e 's|@''REPLACE_STAT''@|$(REPLACE_STAT)|g' \ ++ -e 's|@''REPLACE_UTIMENSAT''@|$(REPLACE_UTIMENSAT)|g' \ ++ -e '/definitions of _GL_FUNCDECL_RPL/r $(CXXDEFS_H)' \ ++ -e '/definition of _GL_ARG_NONNULL/r $(ARG_NONNULL_H)' \ ++ -e '/definition of _GL_WARN_ON_USE/r $(WARN_ON_USE_H)' \ ++ < $(srcdir)/sys_stat.in.h; \ ++ } > $@-t && \ ++ mv $@-t $@ ++MOSTLYCLEANFILES += sys/stat.h sys/stat.h-t ++MOSTLYCLEANDIRS += sys ++ ++EXTRA_DIST += sys_stat.in.h ++ ++## end gnulib module sys_stat ++ ++## begin gnulib module sys_time ++ ++BUILT_SOURCES += sys/time.h ++ ++# We need the following in order to create when the system ++# doesn't have one that works with the given compiler. ++sys/time.h: sys_time.in.h $(top_builddir)/config.status $(CXXDEFS_H) $(ARG_NONNULL_H) $(WARN_ON_USE_H) ++ $(AM_V_at)$(MKDIR_P) sys ++ $(AM_V_GEN)rm -f $@-t $@ && \ ++ { echo '/* DO NOT EDIT! GENERATED AUTOMATICALLY! */'; \ ++ sed -e 's|@''GUARD_PREFIX''@|GL|g' \ ++ -e 's/@''HAVE_SYS_TIME_H''@/$(HAVE_SYS_TIME_H)/g' \ ++ -e 's|@''INCLUDE_NEXT''@|$(INCLUDE_NEXT)|g' \ ++ -e 's|@''PRAGMA_SYSTEM_HEADER''@|@PRAGMA_SYSTEM_HEADER@|g' \ ++ -e 's|@''PRAGMA_COLUMNS''@|@PRAGMA_COLUMNS@|g' \ ++ -e 's|@''NEXT_SYS_TIME_H''@|$(NEXT_SYS_TIME_H)|g' \ ++ -e 's/@''GNULIB_GETTIMEOFDAY''@/$(GNULIB_GETTIMEOFDAY)/g' \ ++ -e 's|@''HAVE_WINSOCK2_H''@|$(HAVE_WINSOCK2_H)|g' \ ++ -e 's/@''HAVE_GETTIMEOFDAY''@/$(HAVE_GETTIMEOFDAY)/g' \ ++ -e 's/@''HAVE_STRUCT_TIMEVAL''@/$(HAVE_STRUCT_TIMEVAL)/g' \ ++ -e 's/@''REPLACE_GETTIMEOFDAY''@/$(REPLACE_GETTIMEOFDAY)/g' \ ++ -e 's/@''REPLACE_STRUCT_TIMEVAL''@/$(REPLACE_STRUCT_TIMEVAL)/g' \ ++ -e '/definitions of _GL_FUNCDECL_RPL/r $(CXXDEFS_H)' \ ++ -e '/definition of _GL_ARG_NONNULL/r $(ARG_NONNULL_H)' \ ++ -e '/definition of _GL_WARN_ON_USE/r $(WARN_ON_USE_H)' \ ++ < $(srcdir)/sys_time.in.h; \ ++ } > $@-t && \ ++ mv $@-t $@ ++MOSTLYCLEANFILES += sys/time.h sys/time.h-t ++ ++EXTRA_DIST += sys_time.in.h ++ ++## end gnulib module sys_time ++ + ## begin gnulib module sys_types + + BUILT_SOURCES += sys/types.h +@@ -1334,6 +1464,51 @@ EXTRA_DIST += sysexits.in.h + + ## end gnulib module sysexits + ++## begin gnulib module time ++ ++BUILT_SOURCES += time.h ++ ++# We need the following in order to create when the system ++# doesn't have one that works with the given compiler. ++time.h: time.in.h $(top_builddir)/config.status $(CXXDEFS_H) $(ARG_NONNULL_H) $(WARN_ON_USE_H) ++ $(AM_V_GEN)rm -f $@-t $@ && \ ++ { echo '/* DO NOT EDIT! GENERATED AUTOMATICALLY! */' && \ ++ sed -e 's|@''GUARD_PREFIX''@|GL|g' \ ++ -e 's|@''INCLUDE_NEXT''@|$(INCLUDE_NEXT)|g' \ ++ -e 's|@''PRAGMA_SYSTEM_HEADER''@|@PRAGMA_SYSTEM_HEADER@|g' \ ++ -e 's|@''PRAGMA_COLUMNS''@|@PRAGMA_COLUMNS@|g' \ ++ -e 's|@''NEXT_TIME_H''@|$(NEXT_TIME_H)|g' \ ++ -e 's/@''GNULIB_GETTIMEOFDAY''@/$(GNULIB_GETTIMEOFDAY)/g' \ ++ -e 's/@''GNULIB_MKTIME''@/$(GNULIB_MKTIME)/g' \ ++ -e 's/@''GNULIB_NANOSLEEP''@/$(GNULIB_NANOSLEEP)/g' \ ++ -e 's/@''GNULIB_STRPTIME''@/$(GNULIB_STRPTIME)/g' \ ++ -e 's/@''GNULIB_TIMEGM''@/$(GNULIB_TIMEGM)/g' \ ++ -e 's/@''GNULIB_TIME_R''@/$(GNULIB_TIME_R)/g' \ ++ -e 's|@''HAVE_DECL_LOCALTIME_R''@|$(HAVE_DECL_LOCALTIME_R)|g' \ ++ -e 's|@''HAVE_NANOSLEEP''@|$(HAVE_NANOSLEEP)|g' \ ++ -e 's|@''HAVE_STRPTIME''@|$(HAVE_STRPTIME)|g' \ ++ -e 's|@''HAVE_TIMEGM''@|$(HAVE_TIMEGM)|g' \ ++ -e 's|@''REPLACE_GMTIME''@|$(REPLACE_GMTIME)|g' \ ++ -e 's|@''REPLACE_LOCALTIME''@|$(REPLACE_LOCALTIME)|g' \ ++ -e 's|@''REPLACE_LOCALTIME_R''@|$(REPLACE_LOCALTIME_R)|g' \ ++ -e 's|@''REPLACE_MKTIME''@|$(REPLACE_MKTIME)|g' \ ++ -e 's|@''REPLACE_NANOSLEEP''@|$(REPLACE_NANOSLEEP)|g' \ ++ -e 's|@''REPLACE_TIMEGM''@|$(REPLACE_TIMEGM)|g' \ ++ -e 's|@''PTHREAD_H_DEFINES_STRUCT_TIMESPEC''@|$(PTHREAD_H_DEFINES_STRUCT_TIMESPEC)|g' \ ++ -e 's|@''SYS_TIME_H_DEFINES_STRUCT_TIMESPEC''@|$(SYS_TIME_H_DEFINES_STRUCT_TIMESPEC)|g' \ ++ -e 's|@''TIME_H_DEFINES_STRUCT_TIMESPEC''@|$(TIME_H_DEFINES_STRUCT_TIMESPEC)|g' \ ++ -e '/definitions of _GL_FUNCDECL_RPL/r $(CXXDEFS_H)' \ ++ -e '/definition of _GL_ARG_NONNULL/r $(ARG_NONNULL_H)' \ ++ -e '/definition of _GL_WARN_ON_USE/r $(WARN_ON_USE_H)' \ ++ < $(srcdir)/time.in.h; \ ++ } > $@-t && \ ++ mv $@-t $@ ++MOSTLYCLEANFILES += time.h time.h-t ++ ++EXTRA_DIST += time.in.h ++ ++## end gnulib module time ++ + ## begin gnulib module unistd + + BUILT_SOURCES += unistd.h +diff --git a/m4/gettimeofday.m4 b/m4/gettimeofday.m4 +new file mode 100644 +index 000000000..1c2d66ee2 +--- /dev/null ++++ b/m4/gettimeofday.m4 +@@ -0,0 +1,138 @@ ++# serial 21 ++ ++# Copyright (C) 2001-2003, 2005, 2007, 2009-2014 Free Software Foundation, Inc. ++# This file is free software; the Free Software Foundation ++# gives unlimited permission to copy and/or distribute it, ++# with or without modifications, as long as this notice is preserved. ++ ++dnl From Jim Meyering. ++ ++AC_DEFUN([gl_FUNC_GETTIMEOFDAY], ++[ ++ AC_REQUIRE([AC_C_RESTRICT]) ++ AC_REQUIRE([gl_HEADER_SYS_TIME_H]) ++ AC_REQUIRE([gl_HEADER_SYS_TIME_H_DEFAULTS]) ++ AC_CHECK_FUNCS_ONCE([gettimeofday]) ++ ++ gl_gettimeofday_timezone=void ++ if test $ac_cv_func_gettimeofday != yes; then ++ HAVE_GETTIMEOFDAY=0 ++ else ++ gl_FUNC_GETTIMEOFDAY_CLOBBER ++ AC_CACHE_CHECK([for gettimeofday with POSIX signature], ++ [gl_cv_func_gettimeofday_posix_signature], ++ [AC_COMPILE_IFELSE( ++ [AC_LANG_PROGRAM( ++ [[#include ++ struct timeval c; ++ int gettimeofday (struct timeval *restrict, void *restrict); ++ ]], ++ [[/* glibc uses struct timezone * rather than the POSIX void * ++ if _GNU_SOURCE is defined. However, since the only portable ++ use of gettimeofday uses NULL as the second parameter, and ++ since the glibc definition is actually more typesafe, it is ++ not worth wrapping this to get a compliant signature. */ ++ int (*f) (struct timeval *restrict, void *restrict) ++ = gettimeofday; ++ int x = f (&c, 0); ++ return !(x | c.tv_sec | c.tv_usec); ++ ]])], ++ [gl_cv_func_gettimeofday_posix_signature=yes], ++ [AC_COMPILE_IFELSE( ++ [AC_LANG_PROGRAM( ++ [[#include ++int gettimeofday (struct timeval *restrict, struct timezone *restrict); ++ ]])], ++ [gl_cv_func_gettimeofday_posix_signature=almost], ++ [gl_cv_func_gettimeofday_posix_signature=no])])]) ++ if test $gl_cv_func_gettimeofday_posix_signature = almost; then ++ gl_gettimeofday_timezone='struct timezone' ++ elif test $gl_cv_func_gettimeofday_posix_signature != yes; then ++ REPLACE_GETTIMEOFDAY=1 ++ fi ++ dnl If we override 'struct timeval', we also have to override gettimeofday. ++ if test $REPLACE_STRUCT_TIMEVAL = 1; then ++ REPLACE_GETTIMEOFDAY=1 ++ fi ++ m4_ifdef([gl_FUNC_TZSET_CLOBBER], [ ++ gl_FUNC_TZSET_CLOBBER ++ case "$gl_cv_func_tzset_clobber" in ++ *yes) ++ REPLACE_GETTIMEOFDAY=1 ++ gl_GETTIMEOFDAY_REPLACE_LOCALTIME ++ AC_DEFINE([tzset], [rpl_tzset], ++ [Define to rpl_tzset if the wrapper function should be used.]) ++ AC_DEFINE([TZSET_CLOBBERS_LOCALTIME], [1], ++ [Define if tzset clobbers localtime's static buffer.]) ++ ;; ++ esac ++ ]) ++ fi ++ AC_DEFINE_UNQUOTED([GETTIMEOFDAY_TIMEZONE], [$gl_gettimeofday_timezone], ++ [Define this to 'void' or 'struct timezone' to match the system's ++ declaration of the second argument to gettimeofday.]) ++]) ++ ++ ++dnl See if gettimeofday clobbers the static buffer that localtime uses ++dnl for its return value. The gettimeofday function from Mac OS X 10.0.4 ++dnl (i.e., Darwin 1.3.7) has this problem. ++dnl ++dnl If it does, then arrange to use gettimeofday and localtime only via ++dnl the wrapper functions that work around the problem. ++ ++AC_DEFUN([gl_FUNC_GETTIMEOFDAY_CLOBBER], ++[ ++ AC_REQUIRE([gl_HEADER_SYS_TIME_H]) ++ AC_REQUIRE([AC_CANONICAL_HOST]) dnl for cross-compiles ++ ++ AC_CACHE_CHECK([whether gettimeofday clobbers localtime buffer], ++ [gl_cv_func_gettimeofday_clobber], ++ [AC_RUN_IFELSE( ++ [AC_LANG_PROGRAM( ++ [[#include ++ #include ++ #include ++ #include ++ ]], ++ [[ ++ time_t t = 0; ++ struct tm *lt; ++ struct tm saved_lt; ++ struct timeval tv; ++ lt = localtime (&t); ++ saved_lt = *lt; ++ gettimeofday (&tv, NULL); ++ return memcmp (lt, &saved_lt, sizeof (struct tm)) != 0; ++ ]])], ++ [gl_cv_func_gettimeofday_clobber=no], ++ [gl_cv_func_gettimeofday_clobber=yes], ++ [# When cross-compiling: ++ case "$host_os" in ++ # Guess all is fine on glibc systems. ++ *-gnu*) gl_cv_func_gettimeofday_clobber="guessing no" ;; ++ # If we don't know, assume the worst. ++ *) gl_cv_func_gettimeofday_clobber="guessing yes" ;; ++ esac ++ ])]) ++ ++ case "$gl_cv_func_gettimeofday_clobber" in ++ *yes) ++ REPLACE_GETTIMEOFDAY=1 ++ gl_GETTIMEOFDAY_REPLACE_LOCALTIME ++ AC_DEFINE([GETTIMEOFDAY_CLOBBERS_LOCALTIME], [1], ++ [Define if gettimeofday clobbers the localtime buffer.]) ++ ;; ++ esac ++]) ++ ++AC_DEFUN([gl_GETTIMEOFDAY_REPLACE_LOCALTIME], [ ++ REPLACE_GMTIME=1 ++ REPLACE_LOCALTIME=1 ++]) ++ ++# Prerequisites of lib/gettimeofday.c. ++AC_DEFUN([gl_PREREQ_GETTIMEOFDAY], [ ++ AC_CHECK_HEADERS([sys/timeb.h]) ++ AC_CHECK_FUNCS([_ftime]) ++]) +diff --git a/m4/gnulib-cache.m4 b/m4/gnulib-cache.m4 +index 408918440..ef2ec5bcc 100644 +--- a/m4/gnulib-cache.m4 ++++ b/m4/gnulib-cache.m4 +@@ -27,7 +27,7 @@ + + + # Specification in the form of a command-line invocation: +-# gnulib-tool --import --dir=. --lib=libgnu --source-base=grub-core/gnulib --m4-base=m4 --doc-base=doc --tests-base=tests --aux-dir=build-aux --no-conditional-dependencies --no-libtool --macro-prefix=gl --no-vc-files argp error fnmatch getdelim getline gettext progname regex ++# gnulib-tool --import --dir=. --lib=libgnu --source-base=grub-core/gnulib --m4-base=m4 --doc-base=doc --tests-base=tests --aux-dir=build-aux --no-conditional-dependencies --no-libtool --macro-prefix=gl --no-vc-files argp error fnmatch getdelim getline gettext progname readlink regex + + # Specification in the form of a few gnulib-tool.m4 macro invocations: + gl_LOCAL_DIR([]) +@@ -39,6 +39,7 @@ gl_MODULES([ + getline + gettext + progname ++ readlink + regex + ]) + gl_AVOID([]) +diff --git a/m4/gnulib-comp.m4 b/m4/gnulib-comp.m4 +index 7a19f60d8..66fd0eda9 100644 +--- a/m4/gnulib-comp.m4 ++++ b/m4/gnulib-comp.m4 +@@ -60,10 +60,13 @@ AC_DEFUN([gl_EARLY], + # Code from module getopt-posix: + # Code from module gettext: + # Code from module gettext-h: ++ # Code from module gettimeofday: + # Code from module havelib: + # Code from module include_next: + # Code from module intprops: + # Code from module langinfo: ++ # Code from module largefile: ++ AC_REQUIRE([AC_SYS_LARGEFILE]) + # Code from module localcharset: + # Code from module locale: + # Code from module localeconv: +@@ -81,8 +84,10 @@ AC_DEFUN([gl_EARLY], + # Code from module multiarch: + # Code from module nl_langinfo: + # Code from module nocrash: ++ # Code from module pathmax: + # Code from module progname: + # Code from module rawmemchr: ++ # Code from module readlink: + # Code from module realloc-posix: + # Code from module regex: + # Code from module size_max: +@@ -92,6 +97,7 @@ AC_DEFUN([gl_EARLY], + # Code from module snippet/c++defs: + # Code from module snippet/warn-on-use: + # Code from module ssize_t: ++ # Code from module stat: + # Code from module stdalign: + # Code from module stdbool: + # Code from module stddef: +@@ -108,8 +114,11 @@ AC_DEFUN([gl_EARLY], + # Code from module strndup: + # Code from module strnlen: + # Code from module strnlen1: ++ # Code from module sys_stat: ++ # Code from module sys_time: + # Code from module sys_types: + # Code from module sysexits: ++ # Code from module time: + # Code from module unistd: + # Code from module unitypes: + # Code from module uniwidth/base: +@@ -211,7 +220,14 @@ AC_DEFUN([gl_INIT], + AM_GNU_GETTEXT_VERSION([0.18.1]) + AC_SUBST([LIBINTL]) + AC_SUBST([LTLIBINTL]) ++ gl_FUNC_GETTIMEOFDAY ++ if test $HAVE_GETTIMEOFDAY = 0 || test $REPLACE_GETTIMEOFDAY = 1; then ++ AC_LIBOBJ([gettimeofday]) ++ gl_PREREQ_GETTIMEOFDAY ++ fi ++ gl_SYS_TIME_MODULE_INDICATOR([gettimeofday]) + gl_LANGINFO_H ++ AC_REQUIRE([gl_LARGEFILE]) + gl_LOCALCHARSET + LOCALCHARSET_TESTS_ENVIRONMENT="CHARSETALIASDIR=\"\$(abs_top_builddir)/$gl_source_base\"" + AC_SUBST([LOCALCHARSET_TESTS_ENVIRONMENT]) +@@ -284,6 +300,7 @@ AC_DEFUN([gl_INIT], + AC_LIBOBJ([nl_langinfo]) + fi + gl_LANGINFO_MODULE_INDICATOR([nl_langinfo]) ++ gl_PATHMAX + AC_CHECK_DECLS([program_invocation_name], [], [], [#include ]) + AC_CHECK_DECLS([program_invocation_short_name], [], [], [#include ]) + gl_FUNC_RAWMEMCHR +@@ -292,6 +309,12 @@ AC_DEFUN([gl_INIT], + gl_PREREQ_RAWMEMCHR + fi + gl_STRING_MODULE_INDICATOR([rawmemchr]) ++ gl_FUNC_READLINK ++ if test $HAVE_READLINK = 0 || test $REPLACE_READLINK = 1; then ++ AC_LIBOBJ([readlink]) ++ gl_PREREQ_READLINK ++ fi ++ gl_UNISTD_MODULE_INDICATOR([readlink]) + gl_FUNC_REALLOC_POSIX + if test $REPLACE_REALLOC = 1; then + AC_LIBOBJ([realloc]) +@@ -309,6 +332,12 @@ AC_DEFUN([gl_INIT], + fi + gl_UNISTD_MODULE_INDICATOR([sleep]) + gt_TYPE_SSIZE_T ++ gl_FUNC_STAT ++ if test $REPLACE_STAT = 1; then ++ AC_LIBOBJ([stat]) ++ gl_PREREQ_STAT ++ fi ++ gl_SYS_STAT_MODULE_INDICATOR([stat]) + gl_STDALIGN_H + AM_STDBOOL_H + gl_STDDEF_H +@@ -355,9 +384,14 @@ AC_DEFUN([gl_INIT], + gl_PREREQ_STRNLEN + fi + gl_STRING_MODULE_INDICATOR([strnlen]) ++ gl_HEADER_SYS_STAT_H ++ AC_PROG_MKDIR_P ++ gl_HEADER_SYS_TIME_H ++ AC_PROG_MKDIR_P + gl_SYS_TYPES_H + AC_PROG_MKDIR_P + gl_SYSEXITS ++ gl_HEADER_TIME_H + gl_UNISTD_H + gl_LIBUNISTRING_LIBHEADER([0.9], [unitypes.h]) + gl_LIBUNISTRING_LIBHEADER([0.9], [uniwidth.h]) +@@ -562,6 +596,7 @@ AC_DEFUN([gl_FILE_LIST], [ + lib/getopt1.c + lib/getopt_int.h + lib/gettext.h ++ lib/gettimeofday.c + lib/intprops.h + lib/itold.c + lib/langinfo.in.h +@@ -587,6 +622,7 @@ AC_DEFUN([gl_FILE_LIST], [ + lib/msvc-nothrow.c + lib/msvc-nothrow.h + lib/nl_langinfo.c ++ lib/pathmax.h + lib/printf-args.c + lib/printf-args.h + lib/printf-parse.c +@@ -595,6 +631,7 @@ AC_DEFUN([gl_FILE_LIST], [ + lib/progname.h + lib/rawmemchr.c + lib/rawmemchr.valgrind ++ lib/readlink.c + lib/realloc.c + lib/ref-add.sin + lib/ref-del.sin +@@ -606,6 +643,7 @@ AC_DEFUN([gl_FILE_LIST], [ + lib/regexec.c + lib/size_max.h + lib/sleep.c ++ lib/stat.c + lib/stdalign.in.h + lib/stdbool.in.h + lib/stddef.in.h +@@ -627,8 +665,11 @@ AC_DEFUN([gl_FILE_LIST], [ + lib/strnlen.c + lib/strnlen1.c + lib/strnlen1.h ++ lib/sys_stat.in.h ++ lib/sys_time.in.h + lib/sys_types.in.h + lib/sysexits.in.h ++ lib/time.in.h + lib/unistd.c + lib/unistd.in.h + lib/unitypes.in.h +@@ -667,6 +708,7 @@ AC_DEFUN([gl_FILE_LIST], [ + m4/getline.m4 + m4/getopt.m4 + m4/gettext.m4 ++ m4/gettimeofday.m4 + m4/glibc2.m4 + m4/glibc21.m4 + m4/gnulib-common.m4 +@@ -681,6 +723,7 @@ AC_DEFUN([gl_FILE_LIST], [ + m4/inttypes-pri.m4 + m4/inttypes_h.m4 + m4/langinfo_h.m4 ++ m4/largefile.m4 + m4/lcmessage.m4 + m4/lib-ld.m4 + m4/lib-link.m4 +@@ -712,16 +755,19 @@ AC_DEFUN([gl_FILE_LIST], [ + m4/nls.m4 + m4/nocrash.m4 + m4/off_t.m4 ++ m4/pathmax.m4 + m4/po.m4 + m4/printf-posix.m4 + m4/printf.m4 + m4/progtest.m4 + m4/rawmemchr.m4 ++ m4/readlink.m4 + m4/realloc.m4 + m4/regex.m4 + m4/size_max.m4 + m4/sleep.m4 + m4/ssize_t.m4 ++ m4/stat.m4 + m4/stdalign.m4 + m4/stdbool.m4 + m4/stddef_h.m4 +@@ -737,9 +783,12 @@ AC_DEFUN([gl_FILE_LIST], [ + m4/strndup.m4 + m4/strnlen.m4 + m4/sys_socket_h.m4 ++ m4/sys_stat_h.m4 ++ m4/sys_time_h.m4 + m4/sys_types_h.m4 + m4/sysexits.m4 + m4/threadlib.m4 ++ m4/time_h.m4 + m4/uintmax_t.m4 + m4/unistd_h.m4 + m4/vasnprintf.m4 +diff --git a/m4/largefile.m4 b/m4/largefile.m4 +new file mode 100644 +index 000000000..a1b564ad9 +--- /dev/null ++++ b/m4/largefile.m4 +@@ -0,0 +1,146 @@ ++# Enable large files on systems where this is not the default. ++ ++# Copyright 1992-1996, 1998-2014 Free Software Foundation, Inc. ++# This file is free software; the Free Software Foundation ++# gives unlimited permission to copy and/or distribute it, ++# with or without modifications, as long as this notice is preserved. ++ ++# The following implementation works around a problem in autoconf <= 2.69; ++# AC_SYS_LARGEFILE does not configure for large inodes on Mac OS X 10.5, ++# or configures them incorrectly in some cases. ++m4_version_prereq([2.70], [] ,[ ++ ++# _AC_SYS_LARGEFILE_TEST_INCLUDES ++# ------------------------------- ++m4_define([_AC_SYS_LARGEFILE_TEST_INCLUDES], ++[@%:@include ++ /* Check that off_t can represent 2**63 - 1 correctly. ++ We can't simply define LARGE_OFF_T to be 9223372036854775807, ++ since some C++ compilers masquerading as C compilers ++ incorrectly reject 9223372036854775807. */ ++@%:@define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) ++ int off_t_is_large[[(LARGE_OFF_T % 2147483629 == 721 ++ && LARGE_OFF_T % 2147483647 == 1) ++ ? 1 : -1]];[]dnl ++]) ++ ++ ++# _AC_SYS_LARGEFILE_MACRO_VALUE(C-MACRO, VALUE, ++# CACHE-VAR, ++# DESCRIPTION, ++# PROLOGUE, [FUNCTION-BODY]) ++# -------------------------------------------------------- ++m4_define([_AC_SYS_LARGEFILE_MACRO_VALUE], ++[AC_CACHE_CHECK([for $1 value needed for large files], [$3], ++[while :; do ++ m4_ifval([$6], [AC_LINK_IFELSE], [AC_COMPILE_IFELSE])( ++ [AC_LANG_PROGRAM([$5], [$6])], ++ [$3=no; break]) ++ m4_ifval([$6], [AC_LINK_IFELSE], [AC_COMPILE_IFELSE])( ++ [AC_LANG_PROGRAM([@%:@define $1 $2 ++$5], [$6])], ++ [$3=$2; break]) ++ $3=unknown ++ break ++done]) ++case $$3 in #( ++ no | unknown) ;; ++ *) AC_DEFINE_UNQUOTED([$1], [$$3], [$4]);; ++esac ++rm -rf conftest*[]dnl ++])# _AC_SYS_LARGEFILE_MACRO_VALUE ++ ++ ++# AC_SYS_LARGEFILE ++# ---------------- ++# By default, many hosts won't let programs access large files; ++# one must use special compiler options to get large-file access to work. ++# For more details about this brain damage please see: ++# http://www.unix-systems.org/version2/whatsnew/lfs20mar.html ++AC_DEFUN([AC_SYS_LARGEFILE], ++[AC_ARG_ENABLE(largefile, ++ [ --disable-largefile omit support for large files]) ++if test "$enable_largefile" != no; then ++ ++ AC_CACHE_CHECK([for special C compiler options needed for large files], ++ ac_cv_sys_largefile_CC, ++ [ac_cv_sys_largefile_CC=no ++ if test "$GCC" != yes; then ++ ac_save_CC=$CC ++ while :; do ++ # IRIX 6.2 and later do not support large files by default, ++ # so use the C compiler's -n32 option if that helps. ++ AC_LANG_CONFTEST([AC_LANG_PROGRAM([_AC_SYS_LARGEFILE_TEST_INCLUDES])]) ++ AC_COMPILE_IFELSE([], [break]) ++ CC="$CC -n32" ++ AC_COMPILE_IFELSE([], [ac_cv_sys_largefile_CC=' -n32'; break]) ++ break ++ done ++ CC=$ac_save_CC ++ rm -f conftest.$ac_ext ++ fi]) ++ if test "$ac_cv_sys_largefile_CC" != no; then ++ CC=$CC$ac_cv_sys_largefile_CC ++ fi ++ ++ _AC_SYS_LARGEFILE_MACRO_VALUE(_FILE_OFFSET_BITS, 64, ++ ac_cv_sys_file_offset_bits, ++ [Number of bits in a file offset, on hosts where this is settable.], ++ [_AC_SYS_LARGEFILE_TEST_INCLUDES]) ++ if test $ac_cv_sys_file_offset_bits = unknown; then ++ _AC_SYS_LARGEFILE_MACRO_VALUE(_LARGE_FILES, 1, ++ ac_cv_sys_large_files, ++ [Define for large files, on AIX-style hosts.], ++ [_AC_SYS_LARGEFILE_TEST_INCLUDES]) ++ fi ++ ++ AC_DEFINE([_DARWIN_USE_64_BIT_INODE], [1], ++ [Enable large inode numbers on Mac OS X 10.5.]) ++fi ++])# AC_SYS_LARGEFILE ++])# m4_version_prereq 2.70 ++ ++# Enable large files on systems where this is implemented by Gnulib, not by the ++# system headers. ++# Set the variables WINDOWS_64_BIT_OFF_T, WINDOWS_64_BIT_ST_SIZE if Gnulib ++# overrides ensure that off_t or 'struct size.st_size' are 64-bit, respectively. ++AC_DEFUN([gl_LARGEFILE], ++[ ++ AC_REQUIRE([AC_CANONICAL_HOST]) ++ case "$host_os" in ++ mingw*) ++ dnl Native Windows. ++ dnl mingw64 defines off_t to a 64-bit type already, if ++ dnl _FILE_OFFSET_BITS=64, which is ensured by AC_SYS_LARGEFILE. ++ AC_CACHE_CHECK([for 64-bit off_t], [gl_cv_type_off_t_64], ++ [AC_COMPILE_IFELSE( ++ [AC_LANG_PROGRAM( ++ [[#include ++ int verify_off_t_size[sizeof (off_t) >= 8 ? 1 : -1]; ++ ]], ++ [[]])], ++ [gl_cv_type_off_t_64=yes], [gl_cv_type_off_t_64=no]) ++ ]) ++ if test $gl_cv_type_off_t_64 = no; then ++ WINDOWS_64_BIT_OFF_T=1 ++ else ++ WINDOWS_64_BIT_OFF_T=0 ++ fi ++ dnl But all native Windows platforms (including mingw64) have a 32-bit ++ dnl st_size member in 'struct stat'. ++ WINDOWS_64_BIT_ST_SIZE=1 ++ ;; ++ *) ++ dnl Nothing to do on gnulib's side. ++ dnl A 64-bit off_t is ++ dnl - already the default on Mac OS X, FreeBSD, NetBSD, OpenBSD, IRIX, ++ dnl OSF/1, Cygwin, ++ dnl - enabled by _FILE_OFFSET_BITS=64 (ensured by AC_SYS_LARGEFILE) on ++ dnl glibc, HP-UX, Solaris, ++ dnl - enabled by _LARGE_FILES=1 (ensured by AC_SYS_LARGEFILE) on AIX, ++ dnl - impossible to achieve on Minix 3.1.8. ++ WINDOWS_64_BIT_OFF_T=0 ++ WINDOWS_64_BIT_ST_SIZE=0 ++ ;; ++ esac ++]) +diff --git a/m4/pathmax.m4 b/m4/pathmax.m4 +new file mode 100644 +index 000000000..114f91f04 +--- /dev/null ++++ b/m4/pathmax.m4 +@@ -0,0 +1,42 @@ ++# pathmax.m4 serial 10 ++dnl Copyright (C) 2002-2003, 2005-2006, 2009-2014 Free Software Foundation, ++dnl Inc. ++dnl This file is free software; the Free Software Foundation ++dnl gives unlimited permission to copy and/or distribute it, ++dnl with or without modifications, as long as this notice is preserved. ++ ++AC_DEFUN([gl_PATHMAX], ++[ ++ dnl Prerequisites of lib/pathmax.h. ++ AC_CHECK_HEADERS_ONCE([sys/param.h]) ++]) ++ ++# Expands to a piece of C program that defines PATH_MAX in the same way as ++# "pathmax.h" will do. ++AC_DEFUN([gl_PATHMAX_SNIPPET], [[ ++/* Arrange to define PATH_MAX, like "pathmax.h" does. */ ++#if HAVE_UNISTD_H ++# include ++#endif ++#include ++#if defined HAVE_SYS_PARAM_H && !defined PATH_MAX && !defined MAXPATHLEN ++# include ++#endif ++#if !defined PATH_MAX && defined MAXPATHLEN ++# define PATH_MAX MAXPATHLEN ++#endif ++#ifdef __hpux ++# undef PATH_MAX ++# define PATH_MAX 1024 ++#endif ++#if (defined _WIN32 || defined __WIN32__) && ! defined __CYGWIN__ ++# undef PATH_MAX ++# define PATH_MAX 260 ++#endif ++]]) ++ ++# Prerequisites of gl_PATHMAX_SNIPPET. ++AC_DEFUN([gl_PATHMAX_SNIPPET_PREREQ], ++[ ++ AC_CHECK_HEADERS_ONCE([unistd.h sys/param.h]) ++]) +diff --git a/m4/readlink.m4 b/m4/readlink.m4 +new file mode 100644 +index 000000000..f9ce868c2 +--- /dev/null ++++ b/m4/readlink.m4 +@@ -0,0 +1,71 @@ ++# readlink.m4 serial 12 ++dnl Copyright (C) 2003, 2007, 2009-2014 Free Software Foundation, Inc. ++dnl This file is free software; the Free Software Foundation ++dnl gives unlimited permission to copy and/or distribute it, ++dnl with or without modifications, as long as this notice is preserved. ++ ++AC_DEFUN([gl_FUNC_READLINK], ++[ ++ AC_REQUIRE([gl_UNISTD_H_DEFAULTS]) ++ AC_REQUIRE([AC_CANONICAL_HOST]) dnl for cross-compiles ++ AC_CHECK_FUNCS_ONCE([readlink]) ++ if test $ac_cv_func_readlink = no; then ++ HAVE_READLINK=0 ++ else ++ AC_CACHE_CHECK([whether readlink signature is correct], ++ [gl_cv_decl_readlink_works], ++ [AC_COMPILE_IFELSE( ++ [AC_LANG_PROGRAM( ++ [[#include ++ /* Cause compilation failure if original declaration has wrong type. */ ++ ssize_t readlink (const char *, char *, size_t);]])], ++ [gl_cv_decl_readlink_works=yes], [gl_cv_decl_readlink_works=no])]) ++ dnl Solaris 9 ignores trailing slash. ++ dnl FreeBSD 7.2 dereferences only one level of links with trailing slash. ++ AC_CACHE_CHECK([whether readlink handles trailing slash correctly], ++ [gl_cv_func_readlink_works], ++ [# We have readlink, so assume ln -s works. ++ ln -s conftest.no-such conftest.link ++ ln -s conftest.link conftest.lnk2 ++ AC_RUN_IFELSE( ++ [AC_LANG_PROGRAM( ++ [[#include ++]], [[char buf[20]; ++ return readlink ("conftest.lnk2/", buf, sizeof buf) != -1;]])], ++ [gl_cv_func_readlink_works=yes], [gl_cv_func_readlink_works=no], ++ [case "$host_os" in ++ # Guess yes on glibc systems. ++ *-gnu*) gl_cv_func_readlink_works="guessing yes" ;; ++ # If we don't know, assume the worst. ++ *) gl_cv_func_readlink_works="guessing no" ;; ++ esac ++ ]) ++ rm -f conftest.link conftest.lnk2]) ++ case "$gl_cv_func_readlink_works" in ++ *yes) ++ if test "$gl_cv_decl_readlink_works" != yes; then ++ REPLACE_READLINK=1 ++ fi ++ ;; ++ *) ++ AC_DEFINE([READLINK_TRAILING_SLASH_BUG], [1], [Define to 1 if readlink ++ fails to recognize a trailing slash.]) ++ REPLACE_READLINK=1 ++ ;; ++ esac ++ fi ++]) ++ ++# Like gl_FUNC_READLINK, except prepare for separate compilation ++# (no REPLACE_READLINK, no AC_LIBOBJ). ++AC_DEFUN([gl_FUNC_READLINK_SEPARATE], ++[ ++ AC_CHECK_FUNCS_ONCE([readlink]) ++ gl_PREREQ_READLINK ++]) ++ ++# Prerequisites of lib/readlink.c. ++AC_DEFUN([gl_PREREQ_READLINK], ++[ ++ : ++]) +diff --git a/m4/stat.m4 b/m4/stat.m4 +new file mode 100644 +index 000000000..1ae327b36 +--- /dev/null ++++ b/m4/stat.m4 +@@ -0,0 +1,71 @@ ++# serial 11 ++ ++# Copyright (C) 2009-2014 Free Software Foundation, Inc. ++# ++# This file is free software; the Free Software Foundation ++# gives unlimited permission to copy and/or distribute it, ++# with or without modifications, as long as this notice is preserved. ++ ++AC_DEFUN([gl_FUNC_STAT], ++[ ++ AC_REQUIRE([AC_CANONICAL_HOST]) dnl for cross-compiles ++ AC_REQUIRE([gl_SYS_STAT_H_DEFAULTS]) ++ AC_CHECK_FUNCS_ONCE([lstat]) ++ dnl mingw is the only known platform where stat(".") and stat("./") differ ++ AC_CACHE_CHECK([whether stat handles trailing slashes on directories], ++ [gl_cv_func_stat_dir_slash], ++ [AC_RUN_IFELSE( ++ [AC_LANG_PROGRAM( ++ [[#include ++]], [[struct stat st; return stat (".", &st) != stat ("./", &st);]])], ++ [gl_cv_func_stat_dir_slash=yes], [gl_cv_func_stat_dir_slash=no], ++ [case $host_os in ++ mingw*) gl_cv_func_stat_dir_slash="guessing no";; ++ *) gl_cv_func_stat_dir_slash="guessing yes";; ++ esac])]) ++ dnl AIX 7.1, Solaris 9, mingw64 mistakenly succeed on stat("file/"). ++ dnl (For mingw, this is due to a broken stat() override in libmingwex.a.) ++ dnl FreeBSD 7.2 mistakenly succeeds on stat("link-to-file/"). ++ AC_CACHE_CHECK([whether stat handles trailing slashes on files], ++ [gl_cv_func_stat_file_slash], ++ [touch conftest.tmp ++ # Assume that if we have lstat, we can also check symlinks. ++ if test $ac_cv_func_lstat = yes; then ++ ln -s conftest.tmp conftest.lnk ++ fi ++ AC_RUN_IFELSE( ++ [AC_LANG_PROGRAM( ++ [[#include ++]], [[int result = 0; ++ struct stat st; ++ if (!stat ("conftest.tmp/", &st)) ++ result |= 1; ++#if HAVE_LSTAT ++ if (!stat ("conftest.lnk/", &st)) ++ result |= 2; ++#endif ++ return result; ++ ]])], ++ [gl_cv_func_stat_file_slash=yes], [gl_cv_func_stat_file_slash=no], ++ [case "$host_os" in ++ # Guess yes on glibc systems. ++ *-gnu*) gl_cv_func_stat_file_slash="guessing yes" ;; ++ # If we don't know, assume the worst. ++ *) gl_cv_func_stat_file_slash="guessing no" ;; ++ esac ++ ]) ++ rm -f conftest.tmp conftest.lnk]) ++ case $gl_cv_func_stat_dir_slash in ++ *no) REPLACE_STAT=1 ++ AC_DEFINE([REPLACE_FUNC_STAT_DIR], [1], [Define to 1 if stat needs ++ help when passed a directory name with a trailing slash]);; ++ esac ++ case $gl_cv_func_stat_file_slash in ++ *no) REPLACE_STAT=1 ++ AC_DEFINE([REPLACE_FUNC_STAT_FILE], [1], [Define to 1 if stat needs ++ help when passed a file name with a trailing slash]);; ++ esac ++]) ++ ++# Prerequisites of lib/stat.c. ++AC_DEFUN([gl_PREREQ_STAT], [:]) +diff --git a/m4/sys_stat_h.m4 b/m4/sys_stat_h.m4 +new file mode 100644 +index 000000000..eaa7642ba +--- /dev/null ++++ b/m4/sys_stat_h.m4 +@@ -0,0 +1,96 @@ ++# sys_stat_h.m4 serial 28 -*- Autoconf -*- ++dnl Copyright (C) 2006-2014 Free Software Foundation, Inc. ++dnl This file is free software; the Free Software Foundation ++dnl gives unlimited permission to copy and/or distribute it, ++dnl with or without modifications, as long as this notice is preserved. ++ ++dnl From Eric Blake. ++dnl Provide a GNU-like . ++ ++AC_DEFUN([gl_HEADER_SYS_STAT_H], ++[ ++ AC_REQUIRE([gl_SYS_STAT_H_DEFAULTS]) ++ ++ dnl Check for broken stat macros. ++ AC_REQUIRE([AC_HEADER_STAT]) ++ ++ gl_CHECK_NEXT_HEADERS([sys/stat.h]) ++ ++ dnl Ensure the type mode_t gets defined. ++ AC_REQUIRE([AC_TYPE_MODE_T]) ++ ++ dnl Whether to override 'struct stat'. ++ m4_ifdef([gl_LARGEFILE], [ ++ AC_REQUIRE([gl_LARGEFILE]) ++ ], [ ++ WINDOWS_64_BIT_ST_SIZE=0 ++ ]) ++ AC_SUBST([WINDOWS_64_BIT_ST_SIZE]) ++ if test $WINDOWS_64_BIT_ST_SIZE = 1; then ++ AC_DEFINE([_GL_WINDOWS_64_BIT_ST_SIZE], [1], ++ [Define to 1 if Gnulib overrides 'struct stat' on Windows so that ++ struct stat.st_size becomes 64-bit.]) ++ fi ++ ++ dnl Define types that are supposed to be defined in or ++ dnl . ++ AC_CHECK_TYPE([nlink_t], [], ++ [AC_DEFINE([nlink_t], [int], ++ [Define to the type of st_nlink in struct stat, or a supertype.])], ++ [#include ++ #include ]) ++ ++ dnl Check for declarations of anything we want to poison if the ++ dnl corresponding gnulib module is not in use. ++ gl_WARN_ON_USE_PREPARE([[#include ++ ]], [fchmodat fstat fstatat futimens lchmod lstat mkdirat mkfifo mkfifoat ++ mknod mknodat stat utimensat]) ++]) # gl_HEADER_SYS_STAT_H ++ ++AC_DEFUN([gl_SYS_STAT_MODULE_INDICATOR], ++[ ++ dnl Use AC_REQUIRE here, so that the default settings are expanded once only. ++ AC_REQUIRE([gl_SYS_STAT_H_DEFAULTS]) ++ gl_MODULE_INDICATOR_SET_VARIABLE([$1]) ++ dnl Define it also as a C macro, for the benefit of the unit tests. ++ gl_MODULE_INDICATOR_FOR_TESTS([$1]) ++]) ++ ++AC_DEFUN([gl_SYS_STAT_H_DEFAULTS], ++[ ++ AC_REQUIRE([gl_UNISTD_H_DEFAULTS]) dnl for REPLACE_FCHDIR ++ GNULIB_FCHMODAT=0; AC_SUBST([GNULIB_FCHMODAT]) ++ GNULIB_FSTAT=0; AC_SUBST([GNULIB_FSTAT]) ++ GNULIB_FSTATAT=0; AC_SUBST([GNULIB_FSTATAT]) ++ GNULIB_FUTIMENS=0; AC_SUBST([GNULIB_FUTIMENS]) ++ GNULIB_LCHMOD=0; AC_SUBST([GNULIB_LCHMOD]) ++ GNULIB_LSTAT=0; AC_SUBST([GNULIB_LSTAT]) ++ GNULIB_MKDIRAT=0; AC_SUBST([GNULIB_MKDIRAT]) ++ GNULIB_MKFIFO=0; AC_SUBST([GNULIB_MKFIFO]) ++ GNULIB_MKFIFOAT=0; AC_SUBST([GNULIB_MKFIFOAT]) ++ GNULIB_MKNOD=0; AC_SUBST([GNULIB_MKNOD]) ++ GNULIB_MKNODAT=0; AC_SUBST([GNULIB_MKNODAT]) ++ GNULIB_STAT=0; AC_SUBST([GNULIB_STAT]) ++ GNULIB_UTIMENSAT=0; AC_SUBST([GNULIB_UTIMENSAT]) ++ dnl Assume proper GNU behavior unless another module says otherwise. ++ HAVE_FCHMODAT=1; AC_SUBST([HAVE_FCHMODAT]) ++ HAVE_FSTATAT=1; AC_SUBST([HAVE_FSTATAT]) ++ HAVE_FUTIMENS=1; AC_SUBST([HAVE_FUTIMENS]) ++ HAVE_LCHMOD=1; AC_SUBST([HAVE_LCHMOD]) ++ HAVE_LSTAT=1; AC_SUBST([HAVE_LSTAT]) ++ HAVE_MKDIRAT=1; AC_SUBST([HAVE_MKDIRAT]) ++ HAVE_MKFIFO=1; AC_SUBST([HAVE_MKFIFO]) ++ HAVE_MKFIFOAT=1; AC_SUBST([HAVE_MKFIFOAT]) ++ HAVE_MKNOD=1; AC_SUBST([HAVE_MKNOD]) ++ HAVE_MKNODAT=1; AC_SUBST([HAVE_MKNODAT]) ++ HAVE_UTIMENSAT=1; AC_SUBST([HAVE_UTIMENSAT]) ++ REPLACE_FSTAT=0; AC_SUBST([REPLACE_FSTAT]) ++ REPLACE_FSTATAT=0; AC_SUBST([REPLACE_FSTATAT]) ++ REPLACE_FUTIMENS=0; AC_SUBST([REPLACE_FUTIMENS]) ++ REPLACE_LSTAT=0; AC_SUBST([REPLACE_LSTAT]) ++ REPLACE_MKDIR=0; AC_SUBST([REPLACE_MKDIR]) ++ REPLACE_MKFIFO=0; AC_SUBST([REPLACE_MKFIFO]) ++ REPLACE_MKNOD=0; AC_SUBST([REPLACE_MKNOD]) ++ REPLACE_STAT=0; AC_SUBST([REPLACE_STAT]) ++ REPLACE_UTIMENSAT=0; AC_SUBST([REPLACE_UTIMENSAT]) ++]) +diff --git a/m4/sys_time_h.m4 b/m4/sys_time_h.m4 +new file mode 100644 +index 000000000..5c79300f8 +--- /dev/null ++++ b/m4/sys_time_h.m4 +@@ -0,0 +1,110 @@ ++# Configure a replacement for . ++# serial 8 ++ ++# Copyright (C) 2007, 2009-2014 Free Software Foundation, Inc. ++# This file is free software; the Free Software Foundation ++# gives unlimited permission to copy and/or distribute it, ++# with or without modifications, as long as this notice is preserved. ++ ++# Written by Paul Eggert and Martin Lambers. ++ ++AC_DEFUN([gl_HEADER_SYS_TIME_H], ++[ ++ dnl Use AC_REQUIRE here, so that the REPLACE_GETTIMEOFDAY=0 statement ++ dnl below is expanded once only, before all REPLACE_GETTIMEOFDAY=1 ++ dnl statements that occur in other macros. ++ AC_REQUIRE([gl_HEADER_SYS_TIME_H_BODY]) ++]) ++ ++AC_DEFUN([gl_HEADER_SYS_TIME_H_BODY], ++[ ++ AC_REQUIRE([AC_C_RESTRICT]) ++ AC_REQUIRE([gl_HEADER_SYS_TIME_H_DEFAULTS]) ++ AC_CHECK_HEADERS_ONCE([sys/time.h]) ++ gl_CHECK_NEXT_HEADERS([sys/time.h]) ++ ++ if test $ac_cv_header_sys_time_h != yes; then ++ HAVE_SYS_TIME_H=0 ++ fi ++ ++ dnl On native Windows with MSVC, 'struct timeval' is defined in ++ dnl only. So include that header in the list. ++ gl_PREREQ_SYS_H_WINSOCK2 ++ AC_CACHE_CHECK([for struct timeval], [gl_cv_sys_struct_timeval], ++ [AC_COMPILE_IFELSE( ++ [AC_LANG_PROGRAM( ++ [[#if HAVE_SYS_TIME_H ++ #include ++ #endif ++ #include ++ #if HAVE_WINSOCK2_H ++ # include ++ #endif ++ ]], ++ [[static struct timeval x; x.tv_sec = x.tv_usec;]])], ++ [gl_cv_sys_struct_timeval=yes], ++ [gl_cv_sys_struct_timeval=no]) ++ ]) ++ if test $gl_cv_sys_struct_timeval != yes; then ++ HAVE_STRUCT_TIMEVAL=0 ++ else ++ dnl On native Windows with a 64-bit 'time_t', 'struct timeval' is defined ++ dnl (in and for mingw64, in only ++ dnl for MSVC) with a tv_sec field of type 'long' (32-bit!), which is ++ dnl smaller than the 'time_t' type mandated by POSIX. ++ dnl On OpenBSD 5.1 amd64, tv_sec is 64 bits and time_t 32 bits, but ++ dnl that is good enough. ++ AC_CACHE_CHECK([for wide-enough struct timeval.tv_sec member], ++ [gl_cv_sys_struct_timeval_tv_sec], ++ [AC_COMPILE_IFELSE( ++ [AC_LANG_PROGRAM( ++ [[#if HAVE_SYS_TIME_H ++ #include ++ #endif ++ #include ++ #if HAVE_WINSOCK2_H ++ # include ++ #endif ++ ]], ++ [[static struct timeval x; ++ typedef int verify_tv_sec_type[ ++ sizeof (time_t) <= sizeof x.tv_sec ? 1 : -1 ++ ]; ++ ]])], ++ [gl_cv_sys_struct_timeval_tv_sec=yes], ++ [gl_cv_sys_struct_timeval_tv_sec=no]) ++ ]) ++ if test $gl_cv_sys_struct_timeval_tv_sec != yes; then ++ REPLACE_STRUCT_TIMEVAL=1 ++ fi ++ fi ++ ++ dnl Check for declarations of anything we want to poison if the ++ dnl corresponding gnulib module is not in use. ++ gl_WARN_ON_USE_PREPARE([[ ++#if HAVE_SYS_TIME_H ++# include ++#endif ++#include ++ ]], [gettimeofday]) ++]) ++ ++AC_DEFUN([gl_SYS_TIME_MODULE_INDICATOR], ++[ ++ dnl Use AC_REQUIRE here, so that the default settings are expanded once only. ++ AC_REQUIRE([gl_HEADER_SYS_TIME_H_DEFAULTS]) ++ gl_MODULE_INDICATOR_SET_VARIABLE([$1]) ++ dnl Define it also as a C macro, for the benefit of the unit tests. ++ gl_MODULE_INDICATOR_FOR_TESTS([$1]) ++]) ++ ++AC_DEFUN([gl_HEADER_SYS_TIME_H_DEFAULTS], ++[ ++ GNULIB_GETTIMEOFDAY=0; AC_SUBST([GNULIB_GETTIMEOFDAY]) ++ dnl Assume POSIX behavior unless another module says otherwise. ++ HAVE_GETTIMEOFDAY=1; AC_SUBST([HAVE_GETTIMEOFDAY]) ++ HAVE_STRUCT_TIMEVAL=1; AC_SUBST([HAVE_STRUCT_TIMEVAL]) ++ HAVE_SYS_TIME_H=1; AC_SUBST([HAVE_SYS_TIME_H]) ++ REPLACE_GETTIMEOFDAY=0; AC_SUBST([REPLACE_GETTIMEOFDAY]) ++ REPLACE_STRUCT_TIMEVAL=0; AC_SUBST([REPLACE_STRUCT_TIMEVAL]) ++]) +diff --git a/m4/time_h.m4 b/m4/time_h.m4 +new file mode 100644 +index 000000000..9852778f9 +--- /dev/null ++++ b/m4/time_h.m4 +@@ -0,0 +1,118 @@ ++# Configure a more-standard replacement for . ++ ++# Copyright (C) 2000-2001, 2003-2007, 2009-2014 Free Software Foundation, Inc. ++ ++# serial 8 ++ ++# This file is free software; the Free Software Foundation ++# gives unlimited permission to copy and/or distribute it, ++# with or without modifications, as long as this notice is preserved. ++ ++# Written by Paul Eggert and Jim Meyering. ++ ++AC_DEFUN([gl_HEADER_TIME_H], ++[ ++ dnl Use AC_REQUIRE here, so that the default behavior below is expanded ++ dnl once only, before all statements that occur in other macros. ++ AC_REQUIRE([gl_HEADER_TIME_H_BODY]) ++]) ++ ++AC_DEFUN([gl_HEADER_TIME_H_BODY], ++[ ++ AC_REQUIRE([AC_C_RESTRICT]) ++ AC_REQUIRE([gl_HEADER_TIME_H_DEFAULTS]) ++ gl_NEXT_HEADERS([time.h]) ++ AC_REQUIRE([gl_CHECK_TYPE_STRUCT_TIMESPEC]) ++]) ++ ++dnl Check whether 'struct timespec' is declared ++dnl in time.h, sys/time.h, or pthread.h. ++ ++AC_DEFUN([gl_CHECK_TYPE_STRUCT_TIMESPEC], ++[ ++ AC_CHECK_HEADERS_ONCE([sys/time.h]) ++ AC_CACHE_CHECK([for struct timespec in ], ++ [gl_cv_sys_struct_timespec_in_time_h], ++ [AC_COMPILE_IFELSE( ++ [AC_LANG_PROGRAM( ++ [[#include ++ ]], ++ [[static struct timespec x; x.tv_sec = x.tv_nsec;]])], ++ [gl_cv_sys_struct_timespec_in_time_h=yes], ++ [gl_cv_sys_struct_timespec_in_time_h=no])]) ++ ++ TIME_H_DEFINES_STRUCT_TIMESPEC=0 ++ SYS_TIME_H_DEFINES_STRUCT_TIMESPEC=0 ++ PTHREAD_H_DEFINES_STRUCT_TIMESPEC=0 ++ if test $gl_cv_sys_struct_timespec_in_time_h = yes; then ++ TIME_H_DEFINES_STRUCT_TIMESPEC=1 ++ else ++ AC_CACHE_CHECK([for struct timespec in ], ++ [gl_cv_sys_struct_timespec_in_sys_time_h], ++ [AC_COMPILE_IFELSE( ++ [AC_LANG_PROGRAM( ++ [[#include ++ ]], ++ [[static struct timespec x; x.tv_sec = x.tv_nsec;]])], ++ [gl_cv_sys_struct_timespec_in_sys_time_h=yes], ++ [gl_cv_sys_struct_timespec_in_sys_time_h=no])]) ++ if test $gl_cv_sys_struct_timespec_in_sys_time_h = yes; then ++ SYS_TIME_H_DEFINES_STRUCT_TIMESPEC=1 ++ else ++ AC_CACHE_CHECK([for struct timespec in ], ++ [gl_cv_sys_struct_timespec_in_pthread_h], ++ [AC_COMPILE_IFELSE( ++ [AC_LANG_PROGRAM( ++ [[#include ++ ]], ++ [[static struct timespec x; x.tv_sec = x.tv_nsec;]])], ++ [gl_cv_sys_struct_timespec_in_pthread_h=yes], ++ [gl_cv_sys_struct_timespec_in_pthread_h=no])]) ++ if test $gl_cv_sys_struct_timespec_in_pthread_h = yes; then ++ PTHREAD_H_DEFINES_STRUCT_TIMESPEC=1 ++ fi ++ fi ++ fi ++ AC_SUBST([TIME_H_DEFINES_STRUCT_TIMESPEC]) ++ AC_SUBST([SYS_TIME_H_DEFINES_STRUCT_TIMESPEC]) ++ AC_SUBST([PTHREAD_H_DEFINES_STRUCT_TIMESPEC]) ++]) ++ ++AC_DEFUN([gl_TIME_MODULE_INDICATOR], ++[ ++ dnl Use AC_REQUIRE here, so that the default settings are expanded once only. ++ AC_REQUIRE([gl_HEADER_TIME_H_DEFAULTS]) ++ gl_MODULE_INDICATOR_SET_VARIABLE([$1]) ++ dnl Define it also as a C macro, for the benefit of the unit tests. ++ gl_MODULE_INDICATOR_FOR_TESTS([$1]) ++]) ++ ++AC_DEFUN([gl_HEADER_TIME_H_DEFAULTS], ++[ ++ GNULIB_MKTIME=0; AC_SUBST([GNULIB_MKTIME]) ++ GNULIB_NANOSLEEP=0; AC_SUBST([GNULIB_NANOSLEEP]) ++ GNULIB_STRPTIME=0; AC_SUBST([GNULIB_STRPTIME]) ++ GNULIB_TIMEGM=0; AC_SUBST([GNULIB_TIMEGM]) ++ GNULIB_TIME_R=0; AC_SUBST([GNULIB_TIME_R]) ++ dnl Assume proper GNU behavior unless another module says otherwise. ++ HAVE_DECL_LOCALTIME_R=1; AC_SUBST([HAVE_DECL_LOCALTIME_R]) ++ HAVE_NANOSLEEP=1; AC_SUBST([HAVE_NANOSLEEP]) ++ HAVE_STRPTIME=1; AC_SUBST([HAVE_STRPTIME]) ++ HAVE_TIMEGM=1; AC_SUBST([HAVE_TIMEGM]) ++ dnl If another module says to replace or to not replace, do that. ++ dnl Otherwise, replace only if someone compiles with -DGNULIB_PORTCHECK; ++ dnl this lets maintainers check for portability. ++ REPLACE_LOCALTIME_R=GNULIB_PORTCHECK; AC_SUBST([REPLACE_LOCALTIME_R]) ++ REPLACE_MKTIME=GNULIB_PORTCHECK; AC_SUBST([REPLACE_MKTIME]) ++ REPLACE_NANOSLEEP=GNULIB_PORTCHECK; AC_SUBST([REPLACE_NANOSLEEP]) ++ REPLACE_TIMEGM=GNULIB_PORTCHECK; AC_SUBST([REPLACE_TIMEGM]) ++ ++ dnl Hack so that the time module doesn't depend on the sys_time module. ++ dnl First, default GNULIB_GETTIMEOFDAY to 0 if sys_time is absent. ++ : ${GNULIB_GETTIMEOFDAY=0}; AC_SUBST([GNULIB_GETTIMEOFDAY]) ++ dnl Second, it's OK to not use GNULIB_PORTCHECK for REPLACE_GMTIME ++ dnl and REPLACE_LOCALTIME, as portability to Solaris 2.6 and earlier ++ dnl is no longer a big deal. ++ REPLACE_GMTIME=0; AC_SUBST([REPLACE_GMTIME]) ++ REPLACE_LOCALTIME=0; AC_SUBST([REPLACE_LOCALTIME]) ++]) diff --git a/SOURCES/0055-Make-editenv-chase-symlinks-including-those-across-d.patch b/SOURCES/0055-Make-editenv-chase-symlinks-including-those-across-d.patch new file mode 100644 index 0000000..0717fb5 --- /dev/null +++ b/SOURCES/0055-Make-editenv-chase-symlinks-including-those-across-d.patch @@ -0,0 +1,102 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Wed, 3 Sep 2014 10:38:00 -0400 +Subject: [PATCH] Make editenv chase symlinks including those across devices. + +This lets us make /boot/grub2/grubenv a symlink to +/boot/efi/EFI/fedora/grubenv even though they're different mount points, +which allows /usr/bin/grub2-editenv to be the same across platforms +(i.e. UEFI vs BIOS). + +Signed-off-by: Peter Jones +Reviewed-by: Adam Jackson +--- + Makefile.util.def | 9 +++++++++ + util/editenv.c | 46 ++++++++++++++++++++++++++++++++++++++++++++-- + 2 files changed, 53 insertions(+), 2 deletions(-) + +diff --git a/Makefile.util.def b/Makefile.util.def +index c7b775bce..d08713b55 100644 +--- a/Makefile.util.def ++++ b/Makefile.util.def +@@ -231,8 +231,17 @@ program = { + + common = util/grub-editenv.c; + common = util/editenv.c; ++ common = util/grub-install-common.c; + common = grub-core/osdep/init.c; ++ common = grub-core/osdep/compress.c; ++ extra_dist = grub-core/osdep/unix/compress.c; ++ extra_dist = grub-core/osdep/basic/compress.c; ++ common = util/mkimage.c; ++ common = grub-core/osdep/config.c; ++ common = util/config.c; ++ common = util/resolve.c; + ++ ldadd = '$(LIBLZMA)'; + ldadd = libgrubmods.a; + ldadd = libgrubgcry.a; + ldadd = libgrubkern.a; +diff --git a/util/editenv.c b/util/editenv.c +index c6f8d2298..d8d1dad6a 100644 +--- a/util/editenv.c ++++ b/util/editenv.c +@@ -37,6 +37,7 @@ grub_util_create_envblk_file (const char *name) + FILE *fp; + char *buf; + char *namenew; ++ char *rename_target = xstrdup(name); + + buf = xmalloc (DEFAULT_ENVBLK_SIZE); + +@@ -59,7 +60,48 @@ grub_util_create_envblk_file (const char *name) + free (buf); + fclose (fp); + +- if (grub_util_rename (namenew, name) < 0) +- grub_util_error (_("cannot rename the file %s to %s"), namenew, name); ++ ssize_t size = 1; ++ while (1) ++ { ++ char *linkbuf; ++ ssize_t retsize; ++ ++ linkbuf = xmalloc(size+1); ++ retsize = grub_util_readlink (rename_target, linkbuf, size); ++ if (retsize < 0 && (errno == ENOENT || errno == EINVAL)) ++ { ++ free (linkbuf); ++ break; ++ } ++ else if (retsize < 0) ++ { ++ grub_util_error (_("cannot rename the file %s to %s: %m"), namenew, name); ++ free (linkbuf); ++ free (namenew); ++ return; ++ } ++ else if (retsize == size) ++ { ++ free(linkbuf); ++ size += 128; ++ continue; ++ } ++ ++ free (rename_target); ++ linkbuf[retsize] = '\0'; ++ rename_target = linkbuf; ++ } ++ ++ int rc = grub_util_rename (namenew, rename_target); ++ if (rc < 0 && errno == EXDEV) ++ { ++ rc = grub_install_copy_file (namenew, rename_target, 1); ++ grub_util_unlink (namenew); ++ } ++ ++ if (rc < 0) ++ grub_util_error (_("cannot rename the file %s to %s: %m"), namenew, name); ++ + free (namenew); ++ free (rename_target); + } diff --git a/SOURCES/0056-Generate-OS-and-CLASS-in-10_linux-from-etc-os-releas.patch b/SOURCES/0056-Generate-OS-and-CLASS-in-10_linux-from-etc-os-releas.patch new file mode 100644 index 0000000..013b7dd --- /dev/null +++ b/SOURCES/0056-Generate-OS-and-CLASS-in-10_linux-from-etc-os-releas.patch @@ -0,0 +1,29 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Thu, 4 Sep 2014 14:23:23 -0400 +Subject: [PATCH] Generate OS and CLASS in 10_linux from /etc/os-release + +This makes us use pretty names in the titles we generate in +grub2-mkconfig when GRUB_DISTRIBUTOR isn't set. + +Resolves: rhbz#996794 + +Signed-off-by: Peter Jones +--- + util/grub.d/10_linux.in | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in +index b744438e0..43d98476b 100644 +--- a/util/grub.d/10_linux.in ++++ b/util/grub.d/10_linux.in +@@ -29,7 +29,8 @@ export TEXTDOMAINDIR="@localedir@" + CLASS="--class gnu-linux --class gnu --class os --unrestricted" + + if [ "x${GRUB_DISTRIBUTOR}" = "x" ] ; then +- OS="$(sed 's, release .*$,,g' /etc/system-release)" ++ OS="$(eval $(grep PRETTY_NAME /etc/os-release) ; echo ${PRETTY_NAME})" ++ CLASS="--class $(eval $(grep '^ID_LIKE=\|^ID=' /etc/os-release) ; [ -n "${ID_LIKE}" ] && echo ${ID_LIKE} || echo ${ID}) ${CLASS}" + else + OS="${GRUB_DISTRIBUTOR}" + CLASS="--class $(echo ${GRUB_DISTRIBUTOR} | tr 'A-Z' 'a-z' | cut -d' ' -f1|LC_ALL=C sed 's,[^[:alnum:]_],_,g') ${CLASS}" diff --git a/SOURCES/0057-Minimize-the-sort-ordering-for-.debug-and-rescue-ker.patch b/SOURCES/0057-Minimize-the-sort-ordering-for-.debug-and-rescue-ker.patch new file mode 100644 index 0000000..8114eb5 --- /dev/null +++ b/SOURCES/0057-Minimize-the-sort-ordering-for-.debug-and-rescue-ker.patch @@ -0,0 +1,30 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Thu, 4 Sep 2014 15:52:08 -0400 +Subject: [PATCH] Minimize the sort ordering for .debug and -rescue- kernels. + +Resolves: rhbz#1065360 +Signed-off-by: Peter Jones +--- + util/grub-mkconfig_lib.in | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/util/grub-mkconfig_lib.in b/util/grub-mkconfig_lib.in +index 1001a1223..1a4a57898 100644 +--- a/util/grub-mkconfig_lib.in ++++ b/util/grub-mkconfig_lib.in +@@ -249,6 +249,14 @@ version_test_gt () + *.old:*.old) ;; + *.old:*) version_test_gt_a="`echo "$version_test_gt_a" | sed -e 's/\.old$//'`" ; version_test_gt_cmp=gt ;; + *:*.old) version_test_gt_b="`echo "$version_test_gt_b" | sed -e 's/\.old$//'`" ; version_test_gt_cmp=ge ;; ++ *-rescue*:*-rescue*) ;; ++ *?debug:*?debug) ;; ++ *-rescue*:*?debug) return 1 ;; ++ *?debug:*-rescue*) return 0 ;; ++ *-rescue*:*) return 1 ;; ++ *:*-rescue*) return 0 ;; ++ *?debug:*) return 1 ;; ++ *:*?debug) return 0 ;; + esac + version_test_numeric "$version_test_gt_a" "$version_test_gt_cmp" "$version_test_gt_b" + return "$?" diff --git a/SOURCES/0058-Try-prefix-if-fw_path-doesn-t-work.patch b/SOURCES/0058-Try-prefix-if-fw_path-doesn-t-work.patch new file mode 100644 index 0000000..b1dbd8e --- /dev/null +++ b/SOURCES/0058-Try-prefix-if-fw_path-doesn-t-work.patch @@ -0,0 +1,208 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Fri, 3 Oct 2014 11:08:03 -0400 +Subject: [PATCH] Try $prefix if $fw_path doesn't work. + +Related: rhbz#1148652 + +Signed-off-by: Peter Jones +--- + grub-core/kern/ieee1275/init.c | 28 +++++----- + grub-core/net/net.c | 2 +- + grub-core/normal/main.c | 120 ++++++++++++++++++++--------------------- + 3 files changed, 75 insertions(+), 75 deletions(-) + +diff --git a/grub-core/kern/ieee1275/init.c b/grub-core/kern/ieee1275/init.c +index f5423ce27..e01bc6eab 100644 +--- a/grub-core/kern/ieee1275/init.c ++++ b/grub-core/kern/ieee1275/init.c +@@ -124,23 +124,25 @@ grub_machine_get_bootlocation (char **device, char **path) + grub_free (canon); + } + else +- *device = grub_ieee1275_encode_devname (bootpath); +- grub_free (type); +- +- filename = grub_ieee1275_get_filename (bootpath); +- if (filename) + { +- char *lastslash = grub_strrchr (filename, '\\'); +- +- /* Truncate at last directory. */ +- if (lastslash) ++ filename = grub_ieee1275_get_filename (bootpath); ++ if (filename) + { +- *lastslash = '\0'; +- grub_translate_ieee1275_path (filename); ++ char *lastslash = grub_strrchr (filename, '\\'); + +- *path = filename; +- } ++ /* Truncate at last directory. */ ++ if (lastslash) ++ { ++ *lastslash = '\0'; ++ grub_translate_ieee1275_path (filename); ++ ++ *path = filename; ++ } ++ } ++ *device = grub_ieee1275_encode_devname (bootpath); + } ++ ++ grub_free (type); + grub_free (bootpath); + } + +diff --git a/grub-core/net/net.c b/grub-core/net/net.c +index 0769bf850..16d2ce06d 100644 +--- a/grub-core/net/net.c ++++ b/grub-core/net/net.c +@@ -1850,7 +1850,7 @@ grub_net_search_configfile (char *config) + /* Remove the remaining minus sign at the end. */ + config[config_len] = '\0'; + +- return GRUB_ERR_NONE; ++ return GRUB_ERR_FILE_NOT_FOUND; + } + + static struct grub_preboot *fini_hnd; +diff --git a/grub-core/normal/main.c b/grub-core/normal/main.c +index 7d9c4f09b..b69f9e738 100644 +--- a/grub-core/normal/main.c ++++ b/grub-core/normal/main.c +@@ -331,74 +331,72 @@ grub_enter_normal_mode (const char *config) + grub_boot_time ("Exiting normal mode"); + } + ++static grub_err_t ++grub_try_normal (const char *variable) ++{ ++ char *config; ++ const char *prefix; ++ grub_err_t err = GRUB_ERR_FILE_NOT_FOUND; ++ ++ prefix = grub_env_get (variable); ++ if (!prefix) ++ return GRUB_ERR_FILE_NOT_FOUND; ++ ++ if (grub_strncmp (prefix + 1, "tftp", sizeof ("tftp") - 1) == 0) ++ { ++ grub_size_t config_len; ++ config_len = grub_strlen (prefix) + ++ sizeof ("/grub.cfg-XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"); ++ config = grub_malloc (config_len); ++ ++ if (! config) ++ return GRUB_ERR_FILE_NOT_FOUND; ++ ++ grub_snprintf (config, config_len, "%s/grub.cfg", prefix); ++ err = grub_net_search_configfile (config); ++ } ++ ++ if (err != GRUB_ERR_NONE) ++ { ++ config = grub_xasprintf ("%s/grub.cfg", prefix); ++ if (config) ++ { ++ grub_file_t file; ++ file = grub_file_open (config); ++ if (file) ++ { ++ grub_file_close (file); ++ err = GRUB_ERR_NONE; ++ } ++ } ++ } ++ ++ if (err == GRUB_ERR_NONE) ++ grub_enter_normal_mode (config); ++ ++ grub_errno = 0; ++ grub_free (config); ++ return err; ++} ++ + /* Enter normal mode from rescue mode. */ + static grub_err_t + grub_cmd_normal (struct grub_command *cmd __attribute__ ((unused)), + int argc, char *argv[]) + { +- if (argc == 0) +- { +- /* Guess the config filename. It is necessary to make CONFIG static, +- so that it won't get broken by longjmp. */ +- char *config; +- const char *prefix; +- +- prefix = grub_env_get ("fw_path"); +- if (! prefix) +- prefix = grub_env_get ("prefix"); +- +- if (prefix) +- { +- if (grub_strncmp (prefix + 1, "tftp", sizeof ("tftp") - 1) == 0) +- { +- grub_size_t config_len; +- config_len = grub_strlen (prefix) + +- sizeof ("/grub.cfg-XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"); +- config = grub_malloc (config_len); +- +- if (! config) +- goto quit; +- +- grub_snprintf (config, config_len, "%s/grub.cfg", prefix); +- +- grub_net_search_configfile (config); +- +- grub_enter_normal_mode (config); +- grub_free (config); +- config = NULL; +- } +- +- if (!config) +- { +- config = grub_xasprintf ("%s/grub.cfg", prefix); +- if (config) +- { +- grub_file_t file; +- +- file = grub_file_open (config); +- if (file) +- { +- grub_file_close (file); +- grub_enter_normal_mode (config); +- } +- else +- { +- /* Ignore all errors. */ +- grub_errno = 0; +- } +- grub_free (config); +- } +- } +- } +- else +- { +- grub_enter_normal_mode (0); +- } +- } +- else ++ if (argc) + grub_enter_normal_mode (argv[0]); ++ else ++ { ++ /* Guess the config filename. */ ++ grub_err_t err; ++ err = grub_try_normal ("fw_path"); ++ if (err == GRUB_ERR_FILE_NOT_FOUND) ++ err = grub_try_normal ("prefix"); ++ if (err == GRUB_ERR_FILE_NOT_FOUND) ++ grub_enter_normal_mode (0); ++ } + +-quit: + return 0; + } + diff --git a/SOURCES/0059-Update-info-with-grub.cfg-netboot-selection-order-11.patch b/SOURCES/0059-Update-info-with-grub.cfg-netboot-selection-order-11.patch new file mode 100644 index 0000000..6b6a53e --- /dev/null +++ b/SOURCES/0059-Update-info-with-grub.cfg-netboot-selection-order-11.patch @@ -0,0 +1,66 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Robert Marshall +Date: Mon, 16 Mar 2015 16:34:51 -0400 +Subject: [PATCH] Update info with grub.cfg netboot selection order (#1148650) + +Added documentation to the grub info page that specifies the order +netboot clients will use to select a grub configuration file. + +Resolves rhbz#1148650 +--- + docs/grub.texi | 42 ++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 42 insertions(+) + +diff --git a/docs/grub.texi b/docs/grub.texi +index 2fd32608c..a7155c22f 100644 +--- a/docs/grub.texi ++++ b/docs/grub.texi +@@ -2493,6 +2493,48 @@ grub-mknetdir --net-directory=/srv/tftp --subdir=/boot/grub -d /usr/lib/grub/i38 + Then follow instructions printed out by grub-mknetdir on configuring your DHCP + server. + ++The grub.cfg file is placed in the same directory as the path output by ++grub-mknetdir hereafter referred to as FWPATH. GRUB will search for its ++configuration files in order using the following rules where the appended ++value corresponds to a value on the client machine. ++ ++@example ++@group ++@samp{(FWPATH)}/grub.cfg-@samp{(UUID OF NIC)} ++@samp{(FWPATH)}/grub.cfg-@samp{(MAC ADDRESS OF NIC)} ++@samp{(FWPATH)}/grub.cfg-@samp{(IPv4 OR IPv6 ADDRESS)} ++@samp{(FWPATH)}/grub.cfg ++@end group ++@end example ++ ++The client will only attempt to look up an IPv6 address config once, however, ++it will try the IPv4 multiple times. The concrete example below shows what ++would happen under the IPv4 case. ++ ++@example ++@group ++UUID: 7726a678-7fc0-4853-a4f6-c85ac36a120a ++MAC: 52:54:00:ec:33:81 ++IPV4: 10.0.0.130 (0A000082) ++@end group ++@end example ++ ++@example ++@group ++@samp{(FWPATH)}/grub.cfg-7726a678-7fc0-4853-a4f6-c85ac36a120a ++@samp{(FWPATH)}/grub.cfg-52-54-00-ec-33-81 ++@samp{(FWPATH)}/grub.cfg-0A000082 ++@samp{(FWPATH)}/grub.cfg-0A00008 ++@samp{(FWPATH)}/grub.cfg-0A0000 ++@samp{(FWPATH)}/grub.cfg-0A000 ++@samp{(FWPATH)}/grub.cfg-0A00 ++@samp{(FWPATH)}/grub.cfg-0A0 ++@samp{(FWPATH)}/grub.cfg-0A ++@samp{(FWPATH)}/grub.cfg-0 ++@samp{(FWPATH)}/grub.cfg ++@end group ++@end example ++ + After GRUB has started, files on the TFTP server will be accessible via the + @samp{(tftp)} device. + diff --git a/SOURCES/0060-Use-Distribution-Package-Sort-for-grub2-mkconfig-112.patch b/SOURCES/0060-Use-Distribution-Package-Sort-for-grub2-mkconfig-112.patch new file mode 100644 index 0000000..5d7de8f --- /dev/null +++ b/SOURCES/0060-Use-Distribution-Package-Sort-for-grub2-mkconfig-112.patch @@ -0,0 +1,447 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Robert Marshall +Date: Mon, 16 Mar 2015 14:14:19 -0400 +Subject: [PATCH] Use Distribution Package Sort for grub2-mkconfig (#1124074) + +Users reported that newly installed kernels on their systems installed +with grub-mkconfig would not appear on the grub boot list in order +starting with the most recent. Added an option for rpm-based systems to +use the rpm-sort library to sort kernels instead. + +Resolves rhbz#1124074 +--- + configure.ac | 29 +++++ + Makefile.util.def | 16 +++ + util/grub-rpm-sort.c | 281 ++++++++++++++++++++++++++++++++++++++++++++++ + .gitignore | 2 + + util/grub-mkconfig_lib.in | 8 +- + util/grub-rpm-sort.8 | 12 ++ + 6 files changed, 347 insertions(+), 1 deletion(-) + create mode 100644 util/grub-rpm-sort.c + create mode 100644 util/grub-rpm-sort.8 + +diff --git a/configure.ac b/configure.ac +index d5db2803e..056df1cba 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -65,6 +65,7 @@ grub_TRANSFORM([grub-mkrelpath]) + grub_TRANSFORM([grub-mkrescue]) + grub_TRANSFORM([grub-probe]) + grub_TRANSFORM([grub-reboot]) ++grub_TRANSFORM([grub-rpm-sort]) + grub_TRANSFORM([grub-script-check]) + grub_TRANSFORM([grub-set-default]) + grub_TRANSFORM([grub-sparc64-setup]) +@@ -88,6 +89,7 @@ grub_TRANSFORM([grub-mkrescue.1]) + grub_TRANSFORM([grub-mkstandalone.3]) + grub_TRANSFORM([grub-ofpathname.3]) + grub_TRANSFORM([grub-probe.3]) ++grub_TRANSFORM([grub-rpm-sort.8]) + grub_TRANSFORM([grub-reboot.3]) + grub_TRANSFORM([grub-render-label.3]) + grub_TRANSFORM([grub-script-check.3]) +@@ -1790,6 +1792,33 @@ fi + + AC_SUBST([LIBDEVMAPPER]) + ++AC_ARG_ENABLE([rpm-sort], ++ [AS_HELP_STRING([--enable-rpm-sort], ++ [enable native rpm sorting of kernels in grub (default=guessed)])]) ++if test x"$enable_rpm-sort" = xno ; then ++ rpm_sort_excuse="explicitly disabled" ++fi ++ ++if test x"$rpm_sort_excuse" = x ; then ++ # Check for rpmlib header. ++ AC_CHECK_HEADER([rpm/rpmlib.h], [], ++ [rpm_sort_excuse="need rpm/rpmlib header"]) ++fi ++ ++if test x"$rpm_sort_excuse" = x ; then ++ # Check for rpm library. ++ AC_CHECK_LIB([rpm], [rpmvercmp], [], ++ [rpm_sort_excuse="rpmlib missing rpmvercmp"]) ++fi ++ ++if test x"$rpm_sort_excuse" = x ; then ++ LIBRPM="-lrpm"; ++ AC_DEFINE([HAVE_RPM], [1], ++ [Define to 1 if you have the rpm library.]) ++fi ++ ++AC_SUBST([LIBRPM]) ++ + LIBGEOM= + if test x$host_kernel = xkfreebsd; then + AC_CHECK_LIB([geom], [geom_gettree], [], +diff --git a/Makefile.util.def b/Makefile.util.def +index d08713b55..406d96861 100644 +--- a/Makefile.util.def ++++ b/Makefile.util.def +@@ -685,6 +685,22 @@ program = { + ldadd = '$(LIBINTL) $(LIBDEVMAPPER) $(LIBUTIL) $(LIBZFS) $(LIBNVPAIR) $(LIBGEOM)'; + }; + ++program = { ++ name = grub-rpm-sort; ++ mansection = 8; ++ installdir = sbin; ++ ++ common = grub-core/kern/emu/misc.c; ++ common = grub-core/kern/emu/argp_common.c; ++ common = grub-core/osdep/init.c; ++ common = util/misc.c; ++ common = util/grub-rpm-sort.c; ++ ++ ldadd = grub-core/gnulib/libgnu.a; ++ ldadd = libgrubkern.a; ++ ldadd = '$(LIBDEVMAPPER) $(LIBRPM)'; ++}; ++ + script = { + name = grub-mkconfig; + common = util/grub-mkconfig.in; +diff --git a/util/grub-rpm-sort.c b/util/grub-rpm-sort.c +new file mode 100644 +index 000000000..f33bd1ed5 +--- /dev/null ++++ b/util/grub-rpm-sort.c +@@ -0,0 +1,281 @@ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++static size_t ++read_file (const char *input, char **ret) ++{ ++ FILE *in; ++ size_t s; ++ size_t sz = 2048; ++ size_t offset = 0; ++ char *text; ++ ++ if (!strcmp(input, "-")) ++ in = stdin; ++ else ++ in = grub_util_fopen(input, "r"); ++ ++ text = xmalloc (sz); ++ ++ if (!in) ++ grub_util_error (_("cannot open `%s': %s"), input, strerror (errno)); ++ ++ while ((s = fread (text + offset, 1, sz - offset, in)) != 0) ++ { ++ offset += s; ++ if (sz - offset == 0) ++ { ++ sz += 2048; ++ text = xrealloc (text, sz); ++ } ++ } ++ ++ text[offset] = '\0'; ++ *ret = text; ++ ++ if (in != stdin) ++ fclose(in); ++ ++ return offset + 1; ++} ++ ++/* returns name/version/release */ ++/* NULL string pointer returned if nothing found */ ++static void ++split_package_string (char *package_string, char **name, ++ char **version, char **release) ++{ ++ char *package_version, *package_release; ++ ++ /* Release */ ++ package_release = strrchr (package_string, '-'); ++ ++ if (package_release != NULL) ++ *package_release++ = '\0'; ++ ++ *release = package_release; ++ ++ /* Version */ ++ package_version = strrchr(package_string, '-'); ++ ++ if (package_version != NULL) ++ *package_version++ = '\0'; ++ ++ *version = package_version; ++ /* Name */ ++ *name = package_string; ++ ++ /* Bubble up non-null values from release to name */ ++ if (*name == NULL) ++ { ++ *name = (*version == NULL ? *release : *version); ++ *version = *release; ++ *release = NULL; ++ } ++ if (*version == NULL) ++ { ++ *version = *release; ++ *release = NULL; ++ } ++} ++ ++/* ++ * package name-version-release comparator for qsort ++ * expects p, q which are pointers to character strings (char *) ++ * which will not be altered in this function ++ */ ++static int ++package_version_compare (const void *p, const void *q) ++{ ++ char *local_p, *local_q; ++ char *lhs_name, *lhs_version, *lhs_release; ++ char *rhs_name, *rhs_version, *rhs_release; ++ int vercmpflag = 0; ++ ++ local_p = alloca (strlen (*(char * const *)p) + 1); ++ local_q = alloca (strlen (*(char * const *)q) + 1); ++ ++ /* make sure these allocated */ ++ assert (local_p); ++ assert (local_q); ++ ++ strcpy (local_p, *(char * const *)p); ++ strcpy (local_q, *(char * const *)q); ++ ++ split_package_string (local_p, &lhs_name, &lhs_version, &lhs_release); ++ split_package_string (local_q, &rhs_name, &rhs_version, &rhs_release); ++ ++ /* Check Name and return if unequal */ ++ vercmpflag = rpmvercmp ((lhs_name == NULL ? "" : lhs_name), ++ (rhs_name == NULL ? "" : rhs_name)); ++ if (vercmpflag != 0) ++ return vercmpflag; ++ ++ /* Check version and return if unequal */ ++ vercmpflag = rpmvercmp ((lhs_version == NULL ? "" : lhs_version), ++ (rhs_version == NULL ? "" : rhs_version)); ++ if (vercmpflag != 0) ++ return vercmpflag; ++ ++ /* Check release and return the version compare value */ ++ vercmpflag = rpmvercmp ((lhs_release == NULL ? "" : lhs_release), ++ (rhs_release == NULL ? "" : rhs_release)); ++ ++ return vercmpflag; ++} ++ ++static void ++add_input (const char *filename, char ***package_names, size_t *n_package_names) ++{ ++ char *orig_input_buffer = NULL; ++ char *input_buffer; ++ char *position_of_newline; ++ char **names = *package_names; ++ char **new_names = NULL; ++ size_t n_names = *n_package_names; ++ ++ if (!*package_names) ++ new_names = names = xmalloc (sizeof (char *) * 2); ++ ++ if (read_file (filename, &orig_input_buffer) < 2) ++ { ++ if (new_names) ++ free (new_names); ++ if (orig_input_buffer) ++ free (orig_input_buffer); ++ return; ++ } ++ ++ input_buffer = orig_input_buffer; ++ while (input_buffer && *input_buffer && ++ (position_of_newline = strchrnul (input_buffer, '\n'))) ++ { ++ size_t sz = position_of_newline - input_buffer; ++ char *new; ++ ++ if (sz == 0) ++ { ++ input_buffer = position_of_newline + 1; ++ continue; ++ } ++ ++ new = xmalloc (sz+1); ++ strncpy (new, input_buffer, sz); ++ new[sz] = '\0'; ++ ++ names = xrealloc (names, sizeof (char *) * (n_names + 1)); ++ names[n_names] = new; ++ n_names++; ++ ++ /* move buffer ahead to next line */ ++ input_buffer = position_of_newline + 1; ++ if (*position_of_newline == '\0') ++ input_buffer = NULL; ++ } ++ ++ free (orig_input_buffer); ++ ++ *package_names = names; ++ *n_package_names = n_names; ++} ++ ++static char * ++help_filter (int key, const char *text, void *input __attribute__ ((unused))) ++{ ++ return (char *)text; ++} ++ ++static struct argp_option options[] = { ++ { 0, } ++}; ++ ++struct arguments ++{ ++ size_t ninputs; ++ size_t input_max; ++ char **inputs; ++}; ++ ++static error_t ++argp_parser (int key, char *arg, struct argp_state *state) ++{ ++ struct arguments *arguments = state->input; ++ switch (key) ++ { ++ case ARGP_KEY_ARG: ++ assert (arguments->ninputs < arguments->input_max); ++ arguments->inputs[arguments->ninputs++] = xstrdup (arg); ++ break; ++ default: ++ return ARGP_ERR_UNKNOWN; ++ } ++ return 0; ++} ++ ++static struct argp argp = { ++ options, argp_parser, N_("[INPUT_FILES]"), ++ N_("Sort a list of strings in RPM version sort order."), ++ NULL, help_filter, NULL ++}; ++ ++int ++main (int argc, char *argv[]) ++{ ++ struct arguments arguments; ++ char **package_names = NULL; ++ size_t n_package_names = 0; ++ int i; ++ ++ grub_util_host_init (&argc, &argv); ++ ++ memset (&arguments, 0, sizeof (struct arguments)); ++ arguments.input_max = argc+1; ++ arguments.inputs = xmalloc ((arguments.input_max + 1) ++ * sizeof (arguments.inputs[0])); ++ memset (arguments.inputs, 0, (arguments.input_max + 1) ++ * sizeof (arguments.inputs[0])); ++ ++ /* Parse our arguments */ ++ if (argp_parse (&argp, argc, argv, 0, 0, &arguments) != 0) ++ grub_util_error ("%s", _("Error in parsing command line arguments\n")); ++ ++ /* If there's no inputs in argv, add one for stdin */ ++ if (!arguments.ninputs) ++ { ++ arguments.ninputs = 1; ++ arguments.inputs[0] = xmalloc (2); ++ strcpy(arguments.inputs[0], "-"); ++ } ++ ++ for (i = 0; i < arguments.ninputs; i++) ++ add_input(arguments.inputs[i], &package_names, &n_package_names); ++ ++ if (package_names == NULL || n_package_names < 1) ++ grub_util_error ("%s", _("Invalid input\n")); ++ ++ qsort (package_names, n_package_names, sizeof (char *), ++ package_version_compare); ++ ++ /* send sorted list to stdout */ ++ for (i = 0; i < n_package_names; i++) ++ { ++ fprintf (stdout, "%s\n", package_names[i]); ++ free (package_names[i]); ++ } ++ ++ free (package_names); ++ for (i = 0; i < arguments.ninputs; i++) ++ free (arguments.inputs[i]); ++ ++ free (arguments.inputs); ++ ++ return 0; ++} +diff --git a/.gitignore b/.gitignore +index 43f04d472..fa2e5b609 100644 +--- a/.gitignore ++++ b/.gitignore +@@ -105,6 +105,8 @@ grub-*.tar.* + /grub*-reboot.8 + /grub*-render-label + /grub*-render-label.1 ++/grub*-rpm-sort ++/grub*-rpm-sort.8 + /grub*-script-check + /grub*-script-check.1 + /grub*-set-default +diff --git a/util/grub-mkconfig_lib.in b/util/grub-mkconfig_lib.in +index 1a4a57898..7fe359843 100644 +--- a/util/grub-mkconfig_lib.in ++++ b/util/grub-mkconfig_lib.in +@@ -214,6 +214,12 @@ version_sort () + esac + } + ++if [ "x$RPMLIB" = x ]; then ++ kernel_sort=version_sort ++else ++ kernel_sort="${sbindir}/grub-rpm-sort" ++fi ++ + version_test_numeric () + { + version_test_numeric_a="$1" +@@ -230,7 +236,7 @@ version_test_numeric () + version_test_numeric_a="$version_test_numeric_b" + version_test_numeric_b="$version_test_numeric_c" + fi +- if (echo "$version_test_numeric_a" ; echo "$version_test_numeric_b") | version_sort | head -n 1 | grep -qx "$version_test_numeric_b" ; then ++ if (echo "$version_test_numeric_a" ; echo "$version_test_numeric_b") | "$kernel_sort" | head -n 1 | grep -qx "$version_test_numeric_b" ; then + return 0 + else + return 1 +diff --git a/util/grub-rpm-sort.8 b/util/grub-rpm-sort.8 +new file mode 100644 +index 000000000..8ce214884 +--- /dev/null ++++ b/util/grub-rpm-sort.8 +@@ -0,0 +1,12 @@ ++.TH GRUB-RPM-SORT 8 "Wed Feb 26 2014" ++.SH NAME ++\fBgrub-rpm-sort\fR \(em Sort input according to RPM version compare. ++ ++.SH SYNOPSIS ++\fBgrub-rpm-sort\fR [OPTIONS]. ++ ++.SH DESCRIPTION ++You should not normally run this program directly. Use grub-mkconfig instead. ++ ++.SH SEE ALSO ++.BR "info grub" diff --git a/SOURCES/0061-Handle-rssd-storage-devices.patch b/SOURCES/0061-Handle-rssd-storage-devices.patch new file mode 100644 index 0000000..7434dab --- /dev/null +++ b/SOURCES/0061-Handle-rssd-storage-devices.patch @@ -0,0 +1,36 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Tue, 30 Jun 2015 15:50:41 -0400 +Subject: [PATCH] Handle rssd storage devices. + +Resolves: rhbz#1087962 + +Signed-off-by: Peter Jones +--- + grub-core/osdep/linux/getroot.c | 13 +++++++++++++ + 1 file changed, 13 insertions(+) + +diff --git a/grub-core/osdep/linux/getroot.c b/grub-core/osdep/linux/getroot.c +index 90d92d3ad..6d9f4e5fa 100644 +--- a/grub-core/osdep/linux/getroot.c ++++ b/grub-core/osdep/linux/getroot.c +@@ -921,6 +921,19 @@ grub_util_part_to_disk (const char *os_dev, struct stat *st, + return path; + } + ++ /* If this is an rssd device. */ ++ if ((strncmp ("rssd", p, 4) == 0) && p[4] >= 'a' && p[4] <= 'z') ++ { ++ char *pp = p + 4; ++ while (*pp >= 'a' && *pp <= 'z') ++ pp++; ++ if (*pp) ++ *is_part = 1; ++ /* /dev/rssd[a-z]+[0-9]* */ ++ *pp = '\0'; ++ return path; ++ } ++ + /* If this is a loop device */ + if ((strncmp ("loop", p, 4) == 0) && p[4] >= '0' && p[4] <= '9') + { diff --git a/SOURCES/0062-Make-grub2-mkconfig-construct-titles-that-look-like-.patch b/SOURCES/0062-Make-grub2-mkconfig-construct-titles-that-look-like-.patch new file mode 100644 index 0000000..b9125dc --- /dev/null +++ b/SOURCES/0062-Make-grub2-mkconfig-construct-titles-that-look-like-.patch @@ -0,0 +1,69 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Tue, 28 Apr 2015 11:15:03 -0400 +Subject: [PATCH] Make grub2-mkconfig construct titles that look like the ones + we want elsewhere. + +Resolves: rhbz#1215839 + +Signed-off-by: Peter Jones +--- + util/grub.d/10_linux.in | 34 +++++++++++++++++++++++++++------- + 1 file changed, 27 insertions(+), 7 deletions(-) + +diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in +index 43d98476b..a8a8e2cf3 100644 +--- a/util/grub.d/10_linux.in ++++ b/util/grub.d/10_linux.in +@@ -78,6 +78,32 @@ case x"$GRUB_FS" in + ;; + esac + ++mktitle () ++{ ++ local title_type ++ local version ++ local OS_NAME ++ local OS_VERS ++ ++ title_type=$1 && shift ++ version=$1 && shift ++ ++ OS_NAME="$(eval $(grep ^NAME= /etc/os-release) ; echo ${NAME})" ++ OS_VERS="$(eval $(grep ^VERSION= /etc/os-release) ; echo ${VERSION})" ++ ++ case $title_type in ++ recovery) ++ title=$(printf '%s (%s) %s (recovery mode)' \ ++ "${OS_NAME}" "${version}" "${OS_VERS}") ++ ;; ++ *) ++ title=$(printf '%s (%s) %s' \ ++ "${OS_NAME}" "${version}" "${OS_VERS}") ++ ;; ++ esac ++ echo -n ${title} ++} ++ + title_correction_code= + + linux_entry () +@@ -91,17 +117,11 @@ linux_entry () + boot_device_id="$(grub_get_device_id "${GRUB_DEVICE}")" + fi + if [ x$type != xsimple ] ; then +- case $type in +- recovery) +- title="$(gettext_printf "%s, with Linux %s (recovery mode)" "${os}" "${version}")" ;; +- *) +- title="$(gettext_printf "%s, with Linux %s" "${os}" "${version}")" ;; +- esac ++ title=$(mktitle "$type" "$version") + if [ x"$title" = x"$GRUB_ACTUAL_DEFAULT" ] || [ x"Previous Linux versions>$title" = x"$GRUB_ACTUAL_DEFAULT" ]; then + replacement_title="$(echo "Advanced options for ${OS}" | sed 's,>,>>,g')>$(echo "$title" | sed 's,>,>>,g')" + quoted="$(echo "$GRUB_ACTUAL_DEFAULT" | grub_quote)" + title_correction_code="${title_correction_code}if [ \"x\$default\" = '$quoted' ]; then default='$(echo "$replacement_title" | grub_quote)'; fi;" +- grub_warn "$(gettext_printf "Please don't use old title \`%s' for GRUB_DEFAULT, use \`%s' (for versions before 2.00) or \`%s' (for 2.00 or later)" "$GRUB_ACTUAL_DEFAULT" "$replacement_title" "gnulinux-advanced-$boot_device_id>gnulinux-$version-$type-$boot_device_id")" + fi + echo "menuentry '$(echo "$title" | grub_quote)' ${CLASS} \$menuentry_id_option 'gnulinux-$version-$type-$boot_device_id' {" | sed "s/^/$submenu_indentation/" + else diff --git a/SOURCES/0063-Add-friendly-grub2-password-config-tool-985962.patch b/SOURCES/0063-Add-friendly-grub2-password-config-tool-985962.patch new file mode 100644 index 0000000..f7cbd0a --- /dev/null +++ b/SOURCES/0063-Add-friendly-grub2-password-config-tool-985962.patch @@ -0,0 +1,272 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Robert Marshall +Date: Thu, 25 Jun 2015 11:13:11 -0400 +Subject: [PATCH] Add friendly grub2 password config tool (#985962) + +Provided a tool for users to reset the grub2 root user password +without having to alter the grub.cfg. The hashed password now +lives in a root-only-readable configuration file. + +Resolves: rhbz#985962 +--- + configure.ac | 1 + + Makefile.util.def | 13 +++++ + .gitignore | 2 + + util/grub-mkconfig.in | 2 + + util/grub-setpassword.8 | 28 +++++++++++ + util/grub-setpassword.in | 123 +++++++++++++++++++++++++++++++++++++++++++++++ + util/grub.d/01_users.in | 11 +++++ + 7 files changed, 180 insertions(+) + create mode 100644 util/grub-setpassword.8 + create mode 100644 util/grub-setpassword.in + create mode 100644 util/grub.d/01_users.in + +diff --git a/configure.ac b/configure.ac +index 056df1cba..679f634ce 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -65,6 +65,7 @@ grub_TRANSFORM([grub-mkrelpath]) + grub_TRANSFORM([grub-mkrescue]) + grub_TRANSFORM([grub-probe]) + grub_TRANSFORM([grub-reboot]) ++grub_TRANSFORM([grub-setpassword]) + grub_TRANSFORM([grub-rpm-sort]) + grub_TRANSFORM([grub-script-check]) + grub_TRANSFORM([grub-set-default]) +diff --git a/Makefile.util.def b/Makefile.util.def +index 406d96861..fd91045bd 100644 +--- a/Makefile.util.def ++++ b/Makefile.util.def +@@ -440,6 +440,12 @@ script = { + installdir = grubconf; + }; + ++script = { ++ name = '01_users'; ++ common = util/grub.d/01_users.in; ++ installdir = grubconf; ++}; ++ + script = { + name = '10_windows'; + common = util/grub.d/10_windows.in; +@@ -722,6 +728,13 @@ script = { + installdir = sbin; + }; + ++script = { ++ name = grub-setpassword; ++ common = util/grub-setpassword.in; ++ mansection = 8; ++ installdir = sbin; ++}; ++ + script = { + name = grub-mkconfig_lib; + common = util/grub-mkconfig_lib.in; +diff --git a/.gitignore b/.gitignore +index fa2e5b609..5066689bc 100644 +--- a/.gitignore ++++ b/.gitignore +@@ -111,6 +111,8 @@ grub-*.tar.* + /grub*-script-check.1 + /grub*-set-default + /grub*-set-default.8 ++/grub*-setsetpassword ++/grub*-setsetpassword.8 + /grub*-shell + /grub*-shell-tester + /grub*-sparc64-setup +diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in +index f68d4925e..bdb9982ae 100644 +--- a/util/grub-mkconfig.in ++++ b/util/grub-mkconfig.in +@@ -282,6 +282,8 @@ for i in "${grub_mkconfig_dir}"/* ; do + *~) ;; + # emacsen autosave files. FIXME: support other editors + */\#*\#) ;; ++ # rpm config files of yore. ++ *.rpmsave|*.rpmnew|*.rpmorig) ;; + *) + if grub_file_is_not_garbage "$i" && test -x "$i" ; then + echo +diff --git a/util/grub-setpassword.8 b/util/grub-setpassword.8 +new file mode 100644 +index 000000000..49200a848 +--- /dev/null ++++ b/util/grub-setpassword.8 +@@ -0,0 +1,28 @@ ++.TH GRUB-SETPASSWORD 3 "Thu Jun 25 2015" ++.SH NAME ++\fBgrub-setpassword\fR \(em Generate the user.cfg file containing the hashed grub bootloader password. ++ ++.SH SYNOPSIS ++\fBgrub-setpassword\fR [OPTION] ++ ++.SH DESCRIPTION ++\fBgrub-setpassword\fR outputs the user.cfg file which contains the hashed GRUB bootloader password. This utility only supports configurations where there is a single root user. ++ ++The file has the format: ++GRUB2_PASSWORD=<\fIhashed password\fR>. ++ ++.SH OPTIONS ++.TP ++-h, --help ++Display program usage and exit. ++.TP ++-v, --version ++Display the current version. ++.TP ++-o, --output[=\fIDIRECTORY PATH\fR] ++Choose the file path to which user.cfg will be written. ++ ++.SH SEE ALSO ++.BR "info grub" ++ ++.BR "info grub2-mkpasswd-pbkdf2" +diff --git a/util/grub-setpassword.in b/util/grub-setpassword.in +new file mode 100644 +index 000000000..dd76f00fc +--- /dev/null ++++ b/util/grub-setpassword.in +@@ -0,0 +1,123 @@ ++#!/bin/sh -e ++ ++if [ -d /sys/firmware/efi/efivars/ ]; then ++ grubdir=`echo "/@bootdirname@/efi/EFI/redhat/" | sed 's,//*,/,g'` ++else ++ grubdir=`echo "/@bootdirname@/@grubdirname@" | sed 's,//*,/,g'` ++fi ++ ++PACKAGE_VERSION="@PACKAGE_VERSION@" ++PACKAGE_NAME="@PACKAGE_NAME@" ++self=`basename $0` ++bindir="@bindir@" ++grub_mkpasswd="${bindir}/@grub_mkpasswd_pbkdf2@" ++ ++# Usage: usage ++# Print the usage. ++usage () { ++ cat <&2 ++ exit 1 ++ fi ++ echo $1 ++} ++ ++# Ensure that it's the root user running this script ++if [ "${EUID}" -ne 0 ]; then ++ echo "The grub bootloader password may only be set by root." ++ usage ++ exit 2 ++fi ++ ++# Check the arguments. ++while test $# -gt 0 ++do ++ option=$1 ++ shift ++ ++ case "$option" in ++ -h | --help) ++ usage ++ exit 0 ;; ++ -v | --version) ++ echo "$self (${PACKAGE_NAME}) ${PACKAGE_VERSION}" ++ exit 0 ;; ++ -o | --output) ++ OUTPUT_PATH=`argument $option "$@"`; shift ;; ++ --output=*) ++ OUTPUT_PATH=`echo "$option" | sed 's/--output=//'` ;; ++ -o=*) ++ OUTPUT_PATH=`echo "$option" | sed 's/-o=//'` ;; ++ esac ++done ++ ++# set user input or default path for user.cfg file ++if [ -z "${OUTPUT_PATH}" ]; then ++ OUTPUT_PATH="${grubdir}" ++fi ++ ++if [ ! -d "${OUTPUT_PATH}" ]; then ++ echo "${OUTPUT_PATH} does not exist." ++ usage ++ exit 2; ++fi ++ ++ttyopt=$(stty -g) ++fixtty() { ++ stty ${ttyopt} ++} ++ ++trap fixtty EXIT ++stty -echo ++ ++# prompt & confirm new grub2 root user password ++echo -n "Enter password: " ++read PASSWORD ++echo ++echo -n "Confirm password: " ++read PASSWORD_CONFIRM ++echo ++stty ${ttyopt} ++ ++getpass() { ++ local P0 ++ local P1 ++ P0="$1" && shift ++ P1="$1" && shift ++ ++ ( echo ${P0} ; echo ${P1} ) | \ ++ ${grub_mkpasswd} | \ ++ grep -v '[eE]nter password:' | \ ++ sed -e "s/PBKDF2 hash of your password is //" ++} ++ ++MYPASS="$(getpass "${PASSWORD}" "${PASSWORD_CONFIRM}")" ++if [ -z "${MYPASS}" ]; then ++ echo "${self}: error: empty password" 1>&2 ++ exit 1 ++fi ++ ++# on the ESP, these will fail to set the permissions, but it's okay because ++# the directory is protected. ++install -m 0600 /dev/null "${grubdir}/user.cfg" 2>/dev/null || : ++chmod 0600 "${grubdir}/user.cfg" 2>/dev/null || : ++echo "GRUB2_PASSWORD=${MYPASS}" > "${grubdir}/user.cfg" +diff --git a/util/grub.d/01_users.in b/util/grub.d/01_users.in +new file mode 100644 +index 000000000..db2f44bfb +--- /dev/null ++++ b/util/grub.d/01_users.in +@@ -0,0 +1,11 @@ ++#!/bin/sh -e ++cat << EOF ++if [ -f \${prefix}/user.cfg ]; then ++ source \${prefix}/user.cfg ++ if [ -n "\${GRUB2_PASSWORD}" ]; then ++ set superusers="root" ++ export superusers ++ password_pbkdf2 root \${GRUB2_PASSWORD} ++ fi ++fi ++EOF diff --git a/SOURCES/0064-Try-to-make-sure-configure.ac-and-grub-rpm-sort-play.patch b/SOURCES/0064-Try-to-make-sure-configure.ac-and-grub-rpm-sort-play.patch new file mode 100644 index 0000000..9caa8ce --- /dev/null +++ b/SOURCES/0064-Try-to-make-sure-configure.ac-and-grub-rpm-sort-play.patch @@ -0,0 +1,57 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Mon, 3 Aug 2015 11:46:42 -0400 +Subject: [PATCH] Try to make sure configure.ac and grub-rpm-sort play nice. + +Apparently the test for whether to use grub-rpm-sort and also the +renaming of it to grub2-rpm-sort on the runtime side weren't right. + +Related: rhbz#1124074 + +Signed-off-by: Peter Jones +--- + configure.ac | 2 +- + util/grub-mkconfig_lib.in | 9 ++++++--- + 2 files changed, 7 insertions(+), 4 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 679f634ce..71d105696 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -1796,7 +1796,7 @@ AC_SUBST([LIBDEVMAPPER]) + AC_ARG_ENABLE([rpm-sort], + [AS_HELP_STRING([--enable-rpm-sort], + [enable native rpm sorting of kernels in grub (default=guessed)])]) +-if test x"$enable_rpm-sort" = xno ; then ++if test x"$enable_rpm_sort" = xno ; then + rpm_sort_excuse="explicitly disabled" + fi + +diff --git a/util/grub-mkconfig_lib.in b/util/grub-mkconfig_lib.in +index 7fe359843..113a41f94 100644 +--- a/util/grub-mkconfig_lib.in ++++ b/util/grub-mkconfig_lib.in +@@ -33,6 +33,9 @@ fi + if test "x$grub_mkrelpath" = x; then + grub_mkrelpath="${bindir}/@grub_mkrelpath@" + fi ++if test "x$grub_rpm_sort" = x; then ++ grub_rpm_sort="${sbindir}/@grub_rpm_sort@" ++fi + + if which gettext >/dev/null 2>/dev/null; then + : +@@ -214,10 +217,10 @@ version_sort () + esac + } + +-if [ "x$RPMLIB" = x ]; then ++if [ "x$grub_rpm_sort" != x -a -x "$grub_rpm_sort" ]; then ++ kernel_sort="$grub_rpm_sort" ++else + kernel_sort=version_sort +-else +- kernel_sort="${sbindir}/grub-rpm-sort" + fi + + version_test_numeric () diff --git a/SOURCES/0065-tcp-add-window-scaling-support.patch b/SOURCES/0065-tcp-add-window-scaling-support.patch new file mode 100644 index 0000000..e19ddf8 --- /dev/null +++ b/SOURCES/0065-tcp-add-window-scaling-support.patch @@ -0,0 +1,87 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Josef Bacik +Date: Wed, 12 Aug 2015 08:57:55 -0700 +Subject: [PATCH] tcp: add window scaling support + +Sometimes we have to provision boxes across regions, such as California to +Sweden. The http server has a 10 minute timeout, so if we can't get our 250mb +image transferred fast enough our provisioning fails, which is not ideal. So +add tcp window scaling on open connections and set the window size to 1mb. With +this change we're able to get higher sustained transfers between regions and can +transfer our image in well below 10 minutes. Without this patch we'd time out +every time halfway through the transfer. Thanks, + +Signed-off-by: Josef Bacik +--- + grub-core/net/tcp.c | 42 +++++++++++++++++++++++++++++------------- + 1 file changed, 29 insertions(+), 13 deletions(-) + +diff --git a/grub-core/net/tcp.c b/grub-core/net/tcp.c +index e8ad34b84..7d4b82262 100644 +--- a/grub-core/net/tcp.c ++++ b/grub-core/net/tcp.c +@@ -106,6 +106,18 @@ struct tcphdr + grub_uint16_t urgent; + } GRUB_PACKED; + ++struct tcp_scale_opt { ++ grub_uint8_t kind; ++ grub_uint8_t length; ++ grub_uint8_t scale; ++} GRUB_PACKED; ++ ++struct tcp_synhdr { ++ struct tcphdr tcphdr; ++ struct tcp_scale_opt scale_opt; ++ grub_uint8_t padding; ++}; ++ + struct tcp_pseudohdr + { + grub_uint32_t src; +@@ -566,7 +578,7 @@ grub_net_tcp_open (char *server, + grub_net_tcp_socket_t socket; + static grub_uint16_t in_port = 21550; + struct grub_net_buff *nb; +- struct tcphdr *tcph; ++ struct tcp_synhdr *tcph; + int i; + grub_uint8_t *nbd; + grub_net_link_level_address_t ll_target_addr; +@@ -635,20 +647,24 @@ grub_net_tcp_open (char *server, + } + + tcph = (void *) nb->data; ++ grub_memset(tcph, 0, sizeof (*tcph)); + socket->my_start_seq = grub_get_time_ms (); + socket->my_cur_seq = socket->my_start_seq + 1; +- socket->my_window = 8192; +- tcph->seqnr = grub_cpu_to_be32 (socket->my_start_seq); +- tcph->ack = grub_cpu_to_be32_compile_time (0); +- tcph->flags = grub_cpu_to_be16_compile_time ((5 << 12) | TCP_SYN); +- tcph->window = grub_cpu_to_be16 (socket->my_window); +- tcph->urgent = 0; +- tcph->src = grub_cpu_to_be16 (socket->in_port); +- tcph->dst = grub_cpu_to_be16 (socket->out_port); +- tcph->checksum = 0; +- tcph->checksum = grub_net_ip_transport_checksum (nb, GRUB_NET_IP_TCP, +- &socket->inf->address, +- &socket->out_nla); ++ socket->my_window = 32768; ++ tcph->tcphdr.seqnr = grub_cpu_to_be32 (socket->my_start_seq); ++ tcph->tcphdr.ack = grub_cpu_to_be32_compile_time (0); ++ tcph->tcphdr.flags = grub_cpu_to_be16_compile_time ((6 << 12) | TCP_SYN); ++ tcph->tcphdr.window = grub_cpu_to_be16 (socket->my_window); ++ tcph->tcphdr.urgent = 0; ++ tcph->tcphdr.src = grub_cpu_to_be16 (socket->in_port); ++ tcph->tcphdr.dst = grub_cpu_to_be16 (socket->out_port); ++ tcph->tcphdr.checksum = 0; ++ tcph->scale_opt.kind = 3; ++ tcph->scale_opt.length = 3; ++ tcph->scale_opt.scale = 5; ++ tcph->tcphdr.checksum = grub_net_ip_transport_checksum (nb, GRUB_NET_IP_TCP, ++ &socket->inf->address, ++ &socket->out_nla); + + tcp_socket_register (socket); + diff --git a/SOURCES/0066-efinet-add-filter-for-the-first-exclusive-reopen-of-.patch b/SOURCES/0066-efinet-add-filter-for-the-first-exclusive-reopen-of-.patch new file mode 100644 index 0000000..4990bcd --- /dev/null +++ b/SOURCES/0066-efinet-add-filter-for-the-first-exclusive-reopen-of-.patch @@ -0,0 +1,59 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: RHEL Ninjas +Date: Fri, 25 Sep 2015 16:24:23 +0900 +Subject: [PATCH] efinet: add filter for the first exclusive reopen of SNP + +--- + grub-core/net/drivers/efi/efinet.c | 39 ++++++++++++++++++++++++++++++++++++++ + 1 file changed, 39 insertions(+) + +diff --git a/grub-core/net/drivers/efi/efinet.c b/grub-core/net/drivers/efi/efinet.c +index 5388f952b..d15a799f2 100644 +--- a/grub-core/net/drivers/efi/efinet.c ++++ b/grub-core/net/drivers/efi/efinet.c +@@ -383,6 +383,45 @@ grub_efi_net_config_real (grub_efi_handle_t hnd, char **device, + &pxe_mode->dhcp_ack, + sizeof (pxe_mode->dhcp_ack), + 1, device, path); ++ net = grub_efi_open_protocol (card->efi_handle, &net_io_guid, ++ GRUB_EFI_OPEN_PROTOCOL_BY_EXCLUSIVE); ++ if (net) { ++ if (net->mode->state == GRUB_EFI_NETWORK_STOPPED ++ && efi_call_1 (net->start, net) != GRUB_EFI_SUCCESS) ++ continue; ++ ++ if (net->mode->state == GRUB_EFI_NETWORK_STOPPED) ++ continue; ++ ++ if (net->mode->state == GRUB_EFI_NETWORK_STARTED ++ && efi_call_3 (net->initialize, net, 0, 0) != GRUB_EFI_SUCCESS) ++ continue; ++ ++ /* Enable hardware receive filters if driver declares support for it. ++ We need unicast and broadcast and additionaly all nodes and ++ solicited multicast for IPv6. Solicited multicast is per-IPv6 ++ address and we currently do not have API to do it so simply ++ try to enable receive of all multicast packets or evertyhing in ++ the worst case (i386 PXE driver always enables promiscuous too). ++ ++ This does trust firmware to do what it claims to do. ++ */ ++ if (net->mode->receive_filter_mask) ++ { ++ grub_uint32_t filters = GRUB_EFI_SIMPLE_NETWORK_RECEIVE_UNICAST | ++ GRUB_EFI_SIMPLE_NETWORK_RECEIVE_BROADCAST | ++ GRUB_EFI_SIMPLE_NETWORK_RECEIVE_PROMISCUOUS_MULTICAST; ++ ++ filters &= net->mode->receive_filter_mask; ++ if (!(filters & GRUB_EFI_SIMPLE_NETWORK_RECEIVE_PROMISCUOUS_MULTICAST)) ++ filters |= (net->mode->receive_filter_mask & ++ GRUB_EFI_SIMPLE_NETWORK_RECEIVE_PROMISCUOUS); ++ ++ efi_call_6 (net->receive_filters, net, filters, 0, 0, 0, NULL); ++ } ++ ++ card->efi_net = net; ++ } + return; + } + } diff --git a/SOURCES/0067-Fix-security-issue-when-reading-username-and-passwor.patch b/SOURCES/0067-Fix-security-issue-when-reading-username-and-passwor.patch new file mode 100644 index 0000000..94b7b7f --- /dev/null +++ b/SOURCES/0067-Fix-security-issue-when-reading-username-and-passwor.patch @@ -0,0 +1,44 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Hector Marco-Gisbert +Date: Fri, 13 Nov 2015 16:21:09 +0100 +Subject: [PATCH] Fix security issue when reading username and password + + This patch fixes two integer underflows at: + * grub-core/lib/crypto.c + * grub-core/normal/auth.c + +Resolves: CVE-2015-8370 + +Signed-off-by: Hector Marco-Gisbert +Signed-off-by: Ismael Ripoll-Ripoll +--- + grub-core/lib/crypto.c | 2 +- + grub-core/normal/auth.c | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/grub-core/lib/crypto.c b/grub-core/lib/crypto.c +index ca334d5a4..e6c78d16d 100644 +--- a/grub-core/lib/crypto.c ++++ b/grub-core/lib/crypto.c +@@ -468,7 +468,7 @@ grub_password_get (char buf[], unsigned buf_size) + break; + } + +- if (key == '\b') ++ if (key == '\b' && cur_len) + { + if (cur_len) + cur_len--; +diff --git a/grub-core/normal/auth.c b/grub-core/normal/auth.c +index 6be678c0d..c35ce9724 100644 +--- a/grub-core/normal/auth.c ++++ b/grub-core/normal/auth.c +@@ -172,7 +172,7 @@ grub_username_get (char buf[], unsigned buf_size) + break; + } + +- if (key == GRUB_TERM_BACKSPACE) ++ if (key == GRUB_TERM_BACKSPACE && cur_len) + { + if (cur_len) + { diff --git a/SOURCES/0068-Warn-if-grub-password-will-not-be-read-1290803.patch b/SOURCES/0068-Warn-if-grub-password-will-not-be-read-1290803.patch new file mode 100644 index 0000000..9cfd656 --- /dev/null +++ b/SOURCES/0068-Warn-if-grub-password-will-not-be-read-1290803.patch @@ -0,0 +1,28 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Robert Marshall +Date: Mon, 22 Feb 2016 15:30:05 -0500 +Subject: [PATCH] Warn if grub password will not be read (#1290803) + +It is possible for a system to have never run grub-mkconfig and add the +section that reads the user.cfg file which contains a user set GRUB +password. Users in that scenario will now be warned that grub-mkconfig +must be run prior to their newly set password taking effect. + +Resolves: rhbz#1290803 +--- + util/grub-setpassword.in | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/util/grub-setpassword.in b/util/grub-setpassword.in +index dd76f00fc..fb9d3a3b6 100644 +--- a/util/grub-setpassword.in ++++ b/util/grub-setpassword.in +@@ -121,3 +121,8 @@ fi + install -m 0600 /dev/null "${grubdir}/user.cfg" 2>/dev/null || : + chmod 0600 "${grubdir}/user.cfg" 2>/dev/null || : + echo "GRUB2_PASSWORD=${MYPASS}" > "${grubdir}/user.cfg" ++ ++if ! grep -q "^### BEGIN /etc/grub.d/01_users ###$" "${grubdir}/grub.cfg"; then ++ echo "WARNING: The current configuration lacks password support!" ++ echo "Update your configuration with @grub_mkconfig@ to support this feature." ++fi diff --git a/SOURCES/0069-Clean-up-grub-setpassword-documentation-1290799.patch b/SOURCES/0069-Clean-up-grub-setpassword-documentation-1290799.patch new file mode 100644 index 0000000..65460be --- /dev/null +++ b/SOURCES/0069-Clean-up-grub-setpassword-documentation-1290799.patch @@ -0,0 +1,55 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Robert Marshall +Date: Tue, 26 Jan 2016 10:28:35 -0500 +Subject: [PATCH] Clean up grub-setpassword documentation (#1290799) + +The output for --help had some errors. Corrected those and polished the +text to be a little easier to follow. Carried verbage over to man page +to maintain internal consistency. + +Resolves: rhbz#1290799 +--- + util/grub-setpassword.8 | 2 +- + util/grub-setpassword.in | 15 +++++++-------- + 2 files changed, 8 insertions(+), 9 deletions(-) + +diff --git a/util/grub-setpassword.8 b/util/grub-setpassword.8 +index 49200a848..dc91dd669 100644 +--- a/util/grub-setpassword.8 ++++ b/util/grub-setpassword.8 +@@ -19,7 +19,7 @@ Display program usage and exit. + -v, --version + Display the current version. + .TP +--o, --output[=\fIDIRECTORY PATH\fR] ++-o, --output=<\fIDIRECTORY\fR> + Choose the file path to which user.cfg will be written. + + .SH SEE ALSO +diff --git a/util/grub-setpassword.in b/util/grub-setpassword.in +index fb9d3a3b6..c8c0fa419 100644 +--- a/util/grub-setpassword.in ++++ b/util/grub-setpassword.in +@@ -16,15 +16,14 @@ grub_mkpasswd="${bindir}/@grub_mkpasswd_pbkdf2@" + # Print the usage. + usage () { + cat < put user.cfg in a user-selected directory + + Report bugs at https://bugzilla.redhat.com. + EOF diff --git a/SOURCES/0070-Fix-locale-issue-in-grub-setpassword-1294243.patch b/SOURCES/0070-Fix-locale-issue-in-grub-setpassword-1294243.patch new file mode 100644 index 0000000..319e1f5 --- /dev/null +++ b/SOURCES/0070-Fix-locale-issue-in-grub-setpassword-1294243.patch @@ -0,0 +1,27 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Robert Marshall +Date: Fri, 29 Jan 2016 16:56:11 -0500 +Subject: [PATCH] Fix locale issue in grub-setpassword (#1294243) + +A shell substitution was expecting non-translated output to grab the +hashed password and put it in the user.cfg file. Modified code to force +the generic C locale when this particular piece of code is run. + +Resolves: rhbz#1294243 +--- + util/grub-setpassword.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/util/grub-setpassword.in b/util/grub-setpassword.in +index c8c0fa419..d7924af51 100644 +--- a/util/grub-setpassword.in ++++ b/util/grub-setpassword.in +@@ -104,7 +104,7 @@ getpass() { + P1="$1" && shift + + ( echo ${P0} ; echo ${P1} ) | \ +- ${grub_mkpasswd} | \ ++ LC_ALL=C ${grub_mkpasswd} | \ + grep -v '[eE]nter password:' | \ + sed -e "s/PBKDF2 hash of your password is //" + } diff --git a/SOURCES/0071-efiemu-Handle-persistent-RAM-and-unknown-possible-fu.patch b/SOURCES/0071-efiemu-Handle-persistent-RAM-and-unknown-possible-fu.patch new file mode 100644 index 0000000..12773d4 --- /dev/null +++ b/SOURCES/0071-efiemu-Handle-persistent-RAM-and-unknown-possible-fu.patch @@ -0,0 +1,28 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Robert Elliott +Date: Fri, 22 Jan 2016 13:32:30 +0100 +Subject: [PATCH] efiemu: Handle persistent RAM and unknown possible future + additions. + +(cherry picked from commit ae3b83a4d4df75a01198a2fed7542391e7c449e0) + +Resolves: rhbz#1288608 +--- + grub-core/efiemu/mm.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/grub-core/efiemu/mm.c b/grub-core/efiemu/mm.c +index 52a032f7b..92e7df7e5 100644 +--- a/grub-core/efiemu/mm.c ++++ b/grub-core/efiemu/mm.c +@@ -410,8 +410,8 @@ fill_hook (grub_uint64_t addr, grub_uint64_t size, grub_memory_type_t type, + return grub_efiemu_add_to_mmap (addr, size, + GRUB_EFI_ACPI_MEMORY_NVS); + +- case GRUB_MEMORY_PERSISTENT: +- case GRUB_MEMORY_PERSISTENT_LEGACY: ++ case GRUB_MEMORY_PRAM: ++ case GRUB_MEMORY_PMEM: + return grub_efiemu_add_to_mmap (addr, size, + GRUB_EFI_PERSISTENT_MEMORY); + default: diff --git a/SOURCES/0072-efiemu-Fix-compilation-failure.patch b/SOURCES/0072-efiemu-Fix-compilation-failure.patch new file mode 100644 index 0000000..d8d4b06 --- /dev/null +++ b/SOURCES/0072-efiemu-Fix-compilation-failure.patch @@ -0,0 +1,27 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Vladimir Serbinenko +Date: Fri, 22 Jan 2016 14:10:30 +0100 +Subject: [PATCH] efiemu: Fix compilation failure + +(cherry picked from commit b6a03dfd327489d53ee07c6d7d593b99c7b7cb62) + +Resolves: rhbz#1288608 +--- + grub-core/efiemu/mm.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/grub-core/efiemu/mm.c b/grub-core/efiemu/mm.c +index 92e7df7e5..52a032f7b 100644 +--- a/grub-core/efiemu/mm.c ++++ b/grub-core/efiemu/mm.c +@@ -410,8 +410,8 @@ fill_hook (grub_uint64_t addr, grub_uint64_t size, grub_memory_type_t type, + return grub_efiemu_add_to_mmap (addr, size, + GRUB_EFI_ACPI_MEMORY_NVS); + +- case GRUB_MEMORY_PRAM: +- case GRUB_MEMORY_PMEM: ++ case GRUB_MEMORY_PERSISTENT: ++ case GRUB_MEMORY_PERSISTENT_LEGACY: + return grub_efiemu_add_to_mmap (addr, size, + GRUB_EFI_PERSISTENT_MEMORY); + default: diff --git a/SOURCES/0073-Revert-reopen-SNP-protocol-for-exclusive-use-by-grub.patch b/SOURCES/0073-Revert-reopen-SNP-protocol-for-exclusive-use-by-grub.patch new file mode 100644 index 0000000..5849d2e --- /dev/null +++ b/SOURCES/0073-Revert-reopen-SNP-protocol-for-exclusive-use-by-grub.patch @@ -0,0 +1,65 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Thu, 7 Apr 2016 10:58:06 -0400 +Subject: [PATCH] Revert "reopen SNP protocol for exclusive use by grub" + +I *think* this should have been replaced by upstream's +49426e9fd2e562c73a4f1206f32eff9e424a1a73, so I'm reverting for now. + +May resolve rhbz#1273974. + +This reverts commit 147daeab22db793978f952b6f0d832919a1b0081. +--- + grub-core/net/drivers/efi/efinet.c | 39 -------------------------------------- + 1 file changed, 39 deletions(-) + +diff --git a/grub-core/net/drivers/efi/efinet.c b/grub-core/net/drivers/efi/efinet.c +index d15a799f2..5388f952b 100644 +--- a/grub-core/net/drivers/efi/efinet.c ++++ b/grub-core/net/drivers/efi/efinet.c +@@ -383,45 +383,6 @@ grub_efi_net_config_real (grub_efi_handle_t hnd, char **device, + &pxe_mode->dhcp_ack, + sizeof (pxe_mode->dhcp_ack), + 1, device, path); +- net = grub_efi_open_protocol (card->efi_handle, &net_io_guid, +- GRUB_EFI_OPEN_PROTOCOL_BY_EXCLUSIVE); +- if (net) { +- if (net->mode->state == GRUB_EFI_NETWORK_STOPPED +- && efi_call_1 (net->start, net) != GRUB_EFI_SUCCESS) +- continue; +- +- if (net->mode->state == GRUB_EFI_NETWORK_STOPPED) +- continue; +- +- if (net->mode->state == GRUB_EFI_NETWORK_STARTED +- && efi_call_3 (net->initialize, net, 0, 0) != GRUB_EFI_SUCCESS) +- continue; +- +- /* Enable hardware receive filters if driver declares support for it. +- We need unicast and broadcast and additionaly all nodes and +- solicited multicast for IPv6. Solicited multicast is per-IPv6 +- address and we currently do not have API to do it so simply +- try to enable receive of all multicast packets or evertyhing in +- the worst case (i386 PXE driver always enables promiscuous too). +- +- This does trust firmware to do what it claims to do. +- */ +- if (net->mode->receive_filter_mask) +- { +- grub_uint32_t filters = GRUB_EFI_SIMPLE_NETWORK_RECEIVE_UNICAST | +- GRUB_EFI_SIMPLE_NETWORK_RECEIVE_BROADCAST | +- GRUB_EFI_SIMPLE_NETWORK_RECEIVE_PROMISCUOUS_MULTICAST; +- +- filters &= net->mode->receive_filter_mask; +- if (!(filters & GRUB_EFI_SIMPLE_NETWORK_RECEIVE_PROMISCUOUS_MULTICAST)) +- filters |= (net->mode->receive_filter_mask & +- GRUB_EFI_SIMPLE_NETWORK_RECEIVE_PROMISCUOUS); +- +- efi_call_6 (net->receive_filters, net, filters, 0, 0, 0, NULL); +- } +- +- card->efi_net = net; +- } + return; + } + } diff --git a/SOURCES/0074-Add-a-url-parser.patch b/SOURCES/0074-Add-a-url-parser.patch new file mode 100644 index 0000000..b962bef --- /dev/null +++ b/SOURCES/0074-Add-a-url-parser.patch @@ -0,0 +1,1021 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Tue, 14 Jun 2016 16:18:44 -0400 +Subject: [PATCH] Add a url parser. + +This patch adds a url parser that can parse http, https, tftp, and tftps +urls, and is easily extensible to handle more types. + +It's a little ugly in terms of the arguments it takes. + +Signed-off-by: Peter Jones +--- + grub-core/Makefile.core.def | 1 + + grub-core/kern/misc.c | 13 + + grub-core/net/url.c | 861 ++++++++++++++++++++++++++++++++++++++++++++ + include/grub/misc.h | 45 +++ + include/grub/net/url.h | 28 ++ + 5 files changed, 948 insertions(+) + create mode 100644 grub-core/net/url.c + create mode 100644 include/grub/net/url.h + +diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def +index cd0902b46..991891a6e 100644 +--- a/grub-core/Makefile.core.def ++++ b/grub-core/Makefile.core.def +@@ -2185,6 +2185,7 @@ module = { + common = net/ethernet.c; + common = net/arp.c; + common = net/netbuff.c; ++ common = net/url.c; + }; + + module = { +diff --git a/grub-core/kern/misc.c b/grub-core/kern/misc.c +index 8344526be..f1fab7000 100644 +--- a/grub-core/kern/misc.c ++++ b/grub-core/kern/misc.c +@@ -296,6 +296,19 @@ grub_strrchr (const char *s, int c) + return p; + } + ++char * ++grub_strchrnul (const char *s, int c) ++{ ++ do ++ { ++ if (*s == c) ++ break; ++ } ++ while (*s++); ++ ++ return (char *) s; ++} ++ + int + grub_strword (const char *haystack, const char *needle) + { +diff --git a/grub-core/net/url.c b/grub-core/net/url.c +new file mode 100644 +index 000000000..146858284 +--- /dev/null ++++ b/grub-core/net/url.c +@@ -0,0 +1,861 @@ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2016 Free Software Foundation, Inc. ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ */ ++ ++#ifdef URL_TEST ++ ++#define _GNU_SOURCE 1 ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++#define N_(x) x ++ ++#define grub_malloc(x) malloc(x) ++#define grub_free(x) ({if (x) free(x);}) ++#define grub_error(a, fmt, args...) printf(fmt "\n", ## args) ++#define grub_dprintf(a, fmt, args...) printf(a ": " fmt, ## args) ++#define grub_strlen(x) strlen(x) ++#define grub_strdup(x) strdup(x) ++#define grub_strstr(x,y) strstr(x,y) ++#define grub_memcpy(x,y,z) memcpy(x,y,z) ++#define grub_strcmp(x,y) strcmp(x,y) ++#define grub_strncmp(x,y,z) strncmp(x,y,z) ++#define grub_strcasecmp(x,y) strcasecmp(x,y) ++#define grub_strchrnul(x,y) strchrnul(x,y) ++#define grub_strchr(x,y) strchr(x,y) ++#define grub_strndup(x,y) strndup(x,y) ++#define grub_strtoul(x,y,z) strtoul(x,y,z) ++#define grub_memmove(x,y,z) memmove(x,y,z) ++#define grub_size_t size_t ++#define grub_errno errno ++ ++#else ++#include ++#include ++#include ++#include ++#endif ++ ++static char * ++translate_slashes(char *str) ++{ ++ int i, j; ++ if (str == NULL) ++ return str; ++ ++ for (i = 0, j = 0; str[i] != '\0'; i++, j++) ++ { ++ if (str[i] == '\\') ++ { ++ str[j] = '/'; ++ if (str[i+1] == '\\') ++ i++; ++ } ++ } ++ ++ return str; ++} ++ ++static inline int ++hex2int (char c) ++{ ++ if (c >= '0' && c <= '9') ++ return c - '0'; ++ c |= 0x20; ++ if (c >= 'a' && c <= 'f') ++ return c - 'a' + 10; ++ return -1; ++} ++ ++static int ++url_unescape (char *buf, grub_size_t len) ++{ ++ int c, rc; ++ unsigned int i; ++ ++ ++ if (len < 3) ++ { ++ for (i = 0; i < len; i++) ++ if (buf[i] == '%') ++ return -1; ++ return 0; ++ } ++ ++ for (i = 0; len > 2 && i < len - 2; i++) ++ { ++ if (buf[i] == '%') ++ { ++ unsigned int j; ++ for (j = i+1; j < i+3; j++) ++ { ++ if (!(buf[j] >= '0' && buf[j] <= '9') && ++ !(buf[j] >= 'a' && buf[j] <= 'f') && ++ !(buf[j] >= 'A' && buf[j] <= 'F')) ++ return -1; ++ } ++ i += 2; ++ } ++ } ++ if (i == len - 2) ++ { ++ if (buf[i+1] == '%' || buf[i+2] == '%') ++ return -1; ++ } ++ for (i = 0; i < len - 2; i++) ++ { ++ if (buf[i] == '%') ++ { ++ rc = hex2int (buf[i+1]); ++ if (rc < 0) ++ return -1; ++ c = (rc & 0xf) << 4; ++ rc = hex2int (buf[i+2]); ++ if (rc < 0) ++ return -1; ++ c |= (rc & 0xf); ++ ++ buf[i] = c; ++ grub_memmove (buf+i+1, buf+i+3, len-(i+2)); ++ len -= 2; ++ } ++ } ++ return 0; ++} ++ ++static int ++extract_http_url_info (char *url, int ssl, ++ char **userinfo, char **host, int *port, ++ char **file) ++{ ++ char *colon, *slash, *query, *at = NULL, *separator, *auth_end; ++ ++ char *userinfo_off = NULL; ++ char *userinfo_end; ++ char *host_off = NULL; ++ char *host_end; ++ char *port_off = NULL; ++ char *port_end; ++ char *file_off = NULL; ++ ++ grub_size_t l; ++ int c; ++ ++ if (!url || !userinfo || !host || !port || !file) ++ return grub_error (GRUB_ERR_BAD_ARGUMENT, "Invalid argument"); ++ ++ *userinfo = *host = *file = NULL; ++ *port = -1; ++ ++ userinfo_off = url; ++ ++ slash = grub_strchrnul (userinfo_off, '/'); ++ query = grub_strchrnul (userinfo_off, '?'); ++ auth_end = slash < query ? slash : query; ++ /* auth_end here is one /past/ the last character in the auth section, i.e. ++ * it's the : or / or NUL */ ++ ++ separator = grub_strchrnul (userinfo_off, '@'); ++ if (separator > auth_end) ++ { ++ host_off = userinfo_off; ++ userinfo_off = NULL; ++ userinfo_end = NULL; ++ } ++ else ++ { ++ at = separator; ++ *separator = '\0'; ++ userinfo_end = separator; ++ host_off = separator + 1; ++ } ++ ++ if (*host_off == '[') ++ { ++ separator = grub_strchrnul (host_off, ']'); ++ if (separator >= auth_end) ++ goto fail; ++ ++ separator += 1; ++ host_end = separator; ++ } ++ else ++ { ++ host_end = separator = colon = grub_strchrnul (host_off, ':'); ++ ++ if (colon > auth_end) ++ { ++ separator = NULL; ++ host_end = auth_end; ++ } ++ } ++ ++ if (separator && separator < auth_end) ++ { ++ if (*separator == ':') ++ { ++ port_off = separator + 1; ++ port_end = auth_end; ++ ++ if (auth_end - port_end > 0) ++ goto fail; ++ if (port_end - port_off < 1) ++ goto fail; ++ } ++ else ++ goto fail; ++ } ++ ++ file_off = auth_end; ++ if (port_off) ++ { ++ unsigned long portul; ++ ++ separator = NULL; ++ c = *port_end; ++ *port_end = '\0'; ++ ++ portul = grub_strtoul (port_off, &separator, 10); ++ *port_end = c; ++#ifdef URL_TEST ++ if (portul == ULONG_MAX && errno == ERANGE) ++ goto fail; ++#else ++ if (grub_errno == GRUB_ERR_OUT_OF_RANGE) ++ goto fail; ++#endif ++ if (portul & ~0xfffful) ++ goto fail; ++ if (separator != port_end) ++ goto fail; ++ ++ *port = portul & 0xfffful; ++ } ++ else if (ssl) ++ *port = 443; ++ else ++ *port = 80; ++ ++ if (userinfo_off && *userinfo_off) ++ { ++ l = userinfo_end - userinfo_off + 1; ++ ++ *userinfo = grub_strndup (userinfo_off, l); ++ if (!*userinfo) ++ goto fail; ++ (*userinfo)[l-1]= '\0'; ++ } ++ ++ l = host_end - host_off; ++ ++ if (host_end == NULL) ++ goto fail; ++ else ++ c = *host_end; ++ ++ *host_end = '\0'; ++ *host = grub_strndup (host_off, l); ++ *host_end = c; ++ if (!*host) ++ goto fail; ++ (*host)[l] = '\0'; ++ ++ *file = grub_strdup (file_off); ++ if (!*file) ++ goto fail; ++ ++ if (at) ++ *at = '@'; ++ return 0; ++fail: ++ if (at) ++ *at = '@'; ++ grub_free (*userinfo); ++ grub_free (*host); ++ grub_free (*file); ++ ++ return -1; ++} ++ ++static int ++extract_tftp_url_info (char *url, int ssl, char **host, char **file, int *port) ++{ ++ char *slash, *semi; ++ ++ char *host_off = url; ++ char *host_end; ++ char *file_off; ++ ++ int c; ++ ++ if (!url || !host || !file || !port) ++ return grub_error (GRUB_ERR_BAD_ARGUMENT, "Invalid argument"); ++ ++ if (ssl) ++ *port = 3713; ++ else ++ *port = 69; ++ ++ slash = grub_strchr (url, '/'); ++ if (!slash) ++ return -1; ++ ++ host_end = file_off = slash; ++ ++ semi = grub_strchrnul (slash, ';'); ++ if (!grub_strncmp (semi, ";mode=", 6) && grub_strcmp (semi+6, "octet")) ++ { ++ grub_error (GRUB_ERR_NOT_IMPLEMENTED_YET, ++ N_("TFTP mode `%s' is not implemented."), semi+6); ++ return -1; ++ } ++ ++ /* ++ * Maybe somebody added a new method, I dunno. Anyway, semi is a reserved ++ * character, so if it's there, it's the start of the mode block or it's ++ * invalid. So set it to \0 unconditionally, not just for ;mode=octet ++ */ ++ *semi = '\0'; ++ ++ c = *host_end; ++ *host_end = '\0'; ++ *host = grub_strdup (host_off); ++ *host_end = c; ++ ++ *file = grub_strdup (file_off); ++ ++ if (!*file || !*host) ++ { ++ grub_free (*file); ++ grub_free (*host); ++ return -1; ++ } ++ ++ return 0; ++} ++ ++int ++extract_url_info (const char *urlbuf, grub_size_t buflen, ++ char **scheme, char **userinfo, ++ char **host, int *port, char **file) ++{ ++ char *url; ++ char *colon; ++ ++ char *scheme_off; ++ char *specific_off; ++ ++ int rc; ++ int c; ++ ++ int https; ++ ++ if (!urlbuf || !buflen || !scheme || !userinfo || !host || !port || !file) ++ return grub_error (GRUB_ERR_BAD_ARGUMENT, "Invalid argument"); ++ ++ *scheme = *userinfo = *host = *file = NULL; ++ *port = -1; ++ ++ /* make sure we have our own coherent grub_string. */ ++ url = grub_malloc (buflen + 1); ++ if (!url) ++ return -1; ++ ++ grub_memcpy (url, urlbuf, buflen); ++ url[buflen] = '\0'; ++ ++ grub_dprintf ("net", "dhcpv6 boot-file-url: `%s'\n", url); ++ ++ /* get rid of any backslashes */ ++ url = translate_slashes (url); ++ ++ /* find the constituent parts */ ++ colon = grub_strstr (url, "://"); ++ if (!colon) ++ goto fail; ++ ++ scheme_off = url; ++ c = *colon; ++ *colon = '\0'; ++ specific_off = colon + 3; ++ ++ https = !grub_strcasecmp (scheme_off, "https"); ++ ++ rc = 0; ++ if (!grub_strcasecmp (scheme_off, "tftp")) ++ { ++ rc = extract_tftp_url_info (specific_off, 0, host, file, port); ++ } ++#ifdef URL_TEST ++ else if (!grub_strcasecmp (scheme_off, "http") || https) ++#else ++ else if (!grub_strcasecmp (scheme_off, "http")) ++#endif ++ { ++ rc = extract_http_url_info (specific_off, ++ https, userinfo, host, port, file); ++ } ++#ifdef URL_TEST ++ else if (!grub_strcasecmp (scheme_off, "iscsi")) ++ { ++ grub_error (GRUB_ERR_NOT_IMPLEMENTED_YET, ++ N_("Unimplemented URL scheme `%s'"), scheme_off); ++ *colon = c; ++ goto fail; ++ } ++ else if (!grub_strcasecmp (scheme_off, "tftps")) ++ { ++ rc = extract_tftp_url_info (specific_off, 1, host, file, port); ++ } ++#endif ++ else ++ { ++ grub_error (GRUB_ERR_NOT_IMPLEMENTED_YET, ++ N_("Unimplemented URL scheme `%s'"), scheme_off); ++ *colon = c; ++ goto fail; ++ } ++ ++ if (rc < 0) ++ { ++ *colon = c; ++ goto fail; ++ } ++ ++ *scheme = grub_strdup (scheme_off); ++ *colon = c; ++ if (!*scheme) ++ goto fail; ++ ++ if (*userinfo) ++ { ++ rc = url_unescape (*userinfo, grub_strlen (*userinfo)); ++ if (rc < 0) ++ goto fail; ++ } ++ ++ if (*host) ++ { ++ rc = url_unescape (*host, grub_strlen (*host)); ++ if (rc < 0) ++ goto fail; ++ } ++ ++ if (*file) ++ { ++ rc = url_unescape (*file, grub_strlen (*file)); ++ if (rc < 0) ++ goto fail; ++ } ++ ++ grub_free (url); ++ return 0; ++fail: ++ grub_free (*scheme); ++ grub_free (*userinfo); ++ grub_free (*host); ++ grub_free (*file); ++ ++ if (!grub_errno) ++ grub_error (GRUB_ERR_NET_BAD_ADDRESS, N_("Invalid boot-file-url `%s'"), ++ url); ++ grub_free (url); ++ return -1; ++} ++ ++#ifdef URL_TEST ++ ++struct test { ++ char *url; ++ int rc; ++ char *scheme; ++ char *userinfo; ++ char *host; ++ int port; ++ char *file; ++} tests[] = { ++ {.url = "http://foo.example.com/", ++ .rc = 0, ++ .scheme = "http", ++ .host = "foo.example.com", ++ .port = 80, ++ .file = "/", ++ }, ++ {.url = "http://foo.example.com/?foobar", ++ .rc = 0, ++ .scheme = "http", ++ .host = "foo.example.com", ++ .port = 80, ++ .file = "/?foobar", ++ }, ++ {.url = "http://[foo.example.com/", ++ .rc = -1, ++ }, ++ {.url = "http://[foo.example.com/?foobar", ++ .rc = -1, ++ }, ++ {.url = "http://foo.example.com:/", ++ .rc = -1, ++ }, ++ {.url = "http://foo.example.com:81/", ++ .rc = 0, ++ .scheme = "http", ++ .host = "foo.example.com", ++ .port = 81, ++ .file = "/", ++ }, ++ {.url = "http://foo.example.com:81/?foobar", ++ .rc = 0, ++ .scheme = "http", ++ .host = "foo.example.com", ++ .port = 81, ++ .file = "/?foobar", ++ }, ++ {.url = "http://[1234::1]/", ++ .rc = 0, ++ .scheme = "http", ++ .host = "[1234::1]", ++ .port = 80, ++ .file = "/", ++ }, ++ {.url = "http://[1234::1]/?foobar", ++ .rc = 0, ++ .scheme = "http", ++ .host = "[1234::1]", ++ .port = 80, ++ .file = "/?foobar", ++ }, ++ {.url = "http://[1234::1]:81/", ++ .rc = 0, ++ .scheme = "http", ++ .host = "[1234::1]", ++ .port = 81, ++ .file = "/", ++ }, ++ {.url = "http://[1234::1]:81/?foobar", ++ .rc = 0, ++ .scheme = "http", ++ .host = "[1234::1]", ++ .port = 81, ++ .file = "/?foobar", ++ }, ++ {.url = "http://foo@foo.example.com/", ++ .rc = 0, ++ .scheme = "http", ++ .userinfo = "foo", ++ .host = "foo.example.com", ++ .port = 80, ++ .file = "/", ++ }, ++ {.url = "http://foo@foo.example.com/?foobar", ++ .rc = 0, ++ .scheme = "http", ++ .userinfo = "foo", ++ .host = "foo.example.com", ++ .port = 80, ++ .file = "/?foobar", ++ }, ++ {.url = "http://foo@[foo.example.com/", ++ .rc = -1, ++ }, ++ {.url = "http://foo@[foo.example.com/?foobar", ++ .rc = -1, ++ }, ++ {.url = "http://foo@foo.example.com:81/", ++ .rc = 0, ++ .scheme = "http", ++ .userinfo = "foo", ++ .host = "foo.example.com", ++ .port = 81, ++ .file = "/", ++ }, ++ {.url = "http://foo@foo.example.com:81/?foobar", ++ .rc = 0, ++ .scheme = "http", ++ .userinfo = "foo", ++ .host = "foo.example.com", ++ .port = 81, ++ .file = "/?foobar", ++ }, ++ {.url = "http://foo@[1234::1]/", ++ .rc = 0, ++ .scheme = "http", ++ .userinfo = "foo", ++ .host = "[1234::1]", ++ .port = 80, ++ .file = "/", ++ }, ++ {.url = "http://foo@[1234::1]/?foobar", ++ .rc = 0, ++ .scheme = "http", ++ .userinfo = "foo", ++ .host = "[1234::1]", ++ .port = 80, ++ .file = "/?foobar", ++ }, ++ {.url = "http://foo@[1234::1]:81/", ++ .rc = 0, ++ .scheme = "http", ++ .userinfo = "foo", ++ .host = "[1234::1]", ++ .port = 81, ++ .file = "/", ++ }, ++ {.url = "http://foo@[1234::1]:81/?foobar", ++ .rc = 0, ++ .scheme = "http", ++ .userinfo = "foo", ++ .host = "[1234::1]", ++ .port = 81, ++ .file = "/?foobar", ++ }, ++ {.url = "https://foo.example.com/", ++ .rc = 0, ++ .scheme = "https", ++ .host = "foo.example.com", ++ .port = 443, ++ .file = "/", ++ }, ++ {.url = "https://foo.example.com/?foobar", ++ .rc = 0, ++ .scheme = "https", ++ .host = "foo.example.com", ++ .port = 443, ++ .file = "/?foobar", ++ }, ++ {.url = "https://[foo.example.com/", ++ .rc = -1, ++ }, ++ {.url = "https://[foo.example.com/?foobar", ++ .rc = -1, ++ }, ++ {.url = "https://foo.example.com:81/", ++ .rc = 0, ++ .scheme = "https", ++ .host = "foo.example.com", ++ .port = 81, ++ .file = "/", ++ }, ++ {.url = "https://foo.example.com:81/?foobar", ++ .rc = 0, ++ .scheme = "https", ++ .host = "foo.example.com", ++ .port = 81, ++ .file = "/?foobar", ++ }, ++ {.url = "https://[1234::1]/", ++ .rc = 0, ++ .scheme = "https", ++ .host = "[1234::1]", ++ .port = 443, ++ .file = "/", ++ }, ++ {.url = "https://[1234::1]/?foobar", ++ .rc = 0, ++ .scheme = "https", ++ .host = "[1234::1]", ++ .port = 443, ++ .file = "/?foobar", ++ }, ++ {.url = "https://[1234::1]:81/", ++ .rc = 0, ++ .scheme = "https", ++ .host = "[1234::1]", ++ .port = 81, ++ .file = "/", ++ }, ++ {.url = "https://[1234::1]:81/?foobar", ++ .rc = 0, ++ .scheme = "https", ++ .host = "[1234::1]", ++ .port = 81, ++ .file = "/?foobar", ++ }, ++ {.url = "https://foo@foo.example.com/", ++ .rc = 0, ++ .scheme = "https", ++ .userinfo = "foo", ++ .host = "foo.example.com", ++ .port = 443, ++ .file = "/", ++ }, ++ {.url = "https://foo@foo.example.com/?foobar", ++ .rc = 0, ++ .scheme = "https", ++ .userinfo = "foo", ++ .host = "foo.example.com", ++ .port = 443, ++ .file = "/?foobar", ++ }, ++ {.url = "https://foo@[foo.example.com/", ++ .rc = -1, ++ }, ++ {.url = "https://f%6fo@[foo.example.com/?fooba%72", ++ .rc = -1, ++ }, ++ {.url = "https://foo@foo.example.com:81/", ++ .rc = 0, ++ .scheme = "https", ++ .userinfo = "foo", ++ .host = "foo.example.com", ++ .port = 81, ++ .file = "/", ++ }, ++ {.url = "https://foo@foo.example.com:81/?foobar", ++ .rc = 0, ++ .scheme = "https", ++ .userinfo = "foo", ++ .host = "foo.example.com", ++ .port = 81, ++ .file = "/?foobar", ++ }, ++ {.url = "https://foo@[1234::1]/", ++ .rc = 0, ++ .scheme = "https", ++ .userinfo = "foo", ++ .host = "[1234::1]", ++ .port = 443, ++ .file = "/", ++ }, ++ {.url = "https://foo@[1234::1]/?foobar", ++ .rc = 0, ++ .scheme = "https", ++ .userinfo = "foo", ++ .host = "[1234::1]", ++ .port = 443, ++ .file = "/?foobar", ++ }, ++ {.url = "https://f%6fo@[12%334::1]:81/", ++ .rc = 0, ++ .scheme = "https", ++ .userinfo = "foo", ++ .host = "[1234::1]", ++ .port = 81, ++ .file = "/", ++ }, ++ {.url = "https://foo@[1234::1]:81/?foobar", ++ .rc = 0, ++ .scheme = "https", ++ .userinfo = "foo", ++ .host = "[1234::1]", ++ .port = 81, ++ .file = "/?foobar", ++ }, ++ {.url = "tftp://foo.e%78ample.com/foo/bar/b%61%7a", ++ .rc = 0, ++ .scheme = "tftp", ++ .host = "foo.example.com", ++ .port = 69, ++ .file = "/foo/bar/baz", ++ }, ++ {.url = "tftp://foo.example.com/foo/bar/baz", ++ .rc = 0, ++ .scheme = "tftp", ++ .host = "foo.example.com", ++ .port = 69, ++ .file = "/foo/bar/baz", ++ }, ++ {.url = "tftps://foo.example.com/foo/bar/baz", ++ .rc = 0, ++ .scheme = "tftps", ++ .host = "foo.example.com", ++ .port = 3713, ++ .file = "/foo/bar/baz", ++ }, ++ {.url = "tftps://foo.example.com/foo/bar/baz;mode=netascii", ++ .rc = -1, ++ }, ++ {.url = "tftps://foo.example.com/foo/bar/baz;mode=octet", ++ .rc = 0, ++ .scheme = "tftps", ++ .host = "foo.example.com", ++ .port = 3713, ++ .file = "/foo/bar/baz", ++ }, ++ {.url = "tftps://foo.example.com/foo/bar/baz;mode=invalid", ++ .rc = -1, ++ }, ++ {.url = "", ++ }, ++}; ++ ++static int ++string_test (char *name, char *a, char *b) ++{ ++ if ((a && !b) || (!a && b)) ++ { ++ printf("expected %s \"%s\", got \"%s\"\n", name, a, b); ++ return -1; ++ } ++ if (a && b && strcmp(a, b)) ++ { ++ printf("expected %s \"%s\", got \"%s\"\n", name, a, b); ++ return -1; ++ } ++ return 0; ++} ++ ++int ++main(void) ++{ ++ unsigned int i; ++ int rc; ++ ++ for (i = 0; tests[i].url[0] != '\0'; i++) ++ { ++ char *scheme, *userinfo, *host, *file; ++ int port; ++ ++ printf("======= url: \"%s\"\n", tests[i].url); ++ rc = extract_url_info(tests[i].url, strlen(tests[i].url) + 1, ++ &scheme, &userinfo, &host, &port, &file); ++ if (tests[i].rc != rc) ++ { ++ printf(" extract_url_info(...) = %d\n", rc); ++ exit(1); ++ } ++ else if (rc >= 0) ++ { ++ if (string_test("scheme", tests[i].scheme, scheme) < 0) ++ exit(1); ++ if (string_test("userinfo", tests[i].userinfo, userinfo) < 0) ++ exit(1); ++ if (string_test("host", tests[i].host, host) < 0) ++ exit(1); ++ if (port != tests[i].port) ++ { ++ printf(" bad port \"%d\" should have been \"%d\"\n", ++ port, tests[i].port); ++ exit(1); ++ } ++ if (string_test("file", tests[i].file, file) < 0) ++ exit(1); ++ } ++ free(scheme); ++ free(userinfo); ++ free(host); ++ free(file); ++ } ++ printf("everything worked?!?\n"); ++} ++#endif +diff --git a/include/grub/misc.h b/include/grub/misc.h +index 83fd69f4a..fcaf1201e 100644 +--- a/include/grub/misc.h ++++ b/include/grub/misc.h +@@ -85,6 +85,7 @@ int EXPORT_FUNC(grub_strncmp) (const char *s1, const char *s2, grub_size_t n); + + char *EXPORT_FUNC(grub_strchr) (const char *s, int c); + char *EXPORT_FUNC(grub_strrchr) (const char *s, int c); ++char *EXPORT_FUNC(grub_strchrnul) (const char *s, int c); + int EXPORT_FUNC(grub_strword) (const char *s, const char *w); + + /* Copied from gnulib. +@@ -207,6 +208,50 @@ grub_toupper (int c) + return c; + } + ++static inline char * ++grub_strcasestr (const char *haystack, const char *needle) ++{ ++ /* Be careful not to look at the entire extent of haystack or needle ++ until needed. This is useful because of these two cases: ++ - haystack may be very long, and a match of needle found early, ++ - needle may be very long, and not even a short initial segment of ++ needle may be found in haystack. */ ++ if (*needle != '\0') ++ { ++ /* Speed up the following searches of needle by caching its first ++ character. */ ++ char b = *needle++; ++ ++ for (;; haystack++) ++ { ++ if (*haystack == '\0') ++ /* No match. */ ++ return 0; ++ if (grub_tolower(*haystack) == grub_tolower(b)) ++ /* The first character matches. */ ++ { ++ const char *rhaystack = haystack + 1; ++ const char *rneedle = needle; ++ ++ for (;; rhaystack++, rneedle++) ++ { ++ if (*rneedle == '\0') ++ /* Found a match. */ ++ return (char *) haystack; ++ if (*rhaystack == '\0') ++ /* No match. */ ++ return 0; ++ if (grub_tolower(*rhaystack) != grub_tolower(*rneedle)) ++ /* Nothing in this round. */ ++ break; ++ } ++ } ++ } ++ } ++ else ++ return (char *) haystack; ++} ++ + static inline int + grub_strcasecmp (const char *s1, const char *s2) + { +diff --git a/include/grub/net/url.h b/include/grub/net/url.h +new file mode 100644 +index 000000000..a215fa27d +--- /dev/null ++++ b/include/grub/net/url.h +@@ -0,0 +1,28 @@ ++/* url.h - prototypes for url parsing functions */ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2016 Free Software Foundation, Inc. ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ */ ++ ++#ifndef GRUB_URL_HEADER ++#define GRUB_URL_HEADER 1 ++ ++int ++EXPORT_FUNC(extract_url_info) (const char *urlbuf, grub_size_t buflen, ++ char **scheme, char **userinfo, ++ char **host, int *port, char **file); ++ ++#endif /* GRUB_URL_HEADER */ diff --git a/SOURCES/0075-efinet-and-bootp-add-support-for-dhcpv6.patch b/SOURCES/0075-efinet-and-bootp-add-support-for-dhcpv6.patch new file mode 100644 index 0000000..a85bdfd --- /dev/null +++ b/SOURCES/0075-efinet-and-bootp-add-support-for-dhcpv6.patch @@ -0,0 +1,660 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Wed, 8 Jun 2016 21:03:37 -0400 +Subject: [PATCH] efinet and bootp: add support for dhcpv6 + +Signed-off-by: Peter Jones +--- + grub-core/net/bootp.c | 174 +++++++++++++++++++++++++++++++++++++ + grub-core/net/drivers/efi/efinet.c | 53 +++++++++-- + grub-core/net/net.c | 72 +++++++++++++++ + grub-core/net/tftp.c | 4 + + include/grub/efi/api.h | 129 +++++++++++++++++++++++++-- + include/grub/net.h | 60 +++++++++++++ + 6 files changed, 478 insertions(+), 14 deletions(-) + +diff --git a/grub-core/net/bootp.c b/grub-core/net/bootp.c +index f03eeab2f..da3e45446 100644 +--- a/grub-core/net/bootp.c ++++ b/grub-core/net/bootp.c +@@ -23,6 +23,7 @@ + #include + #include + #include ++#include + #include + + static char * +@@ -349,6 +350,179 @@ grub_net_configure_by_dhcp_ack (const char *name, + return inter; + } + ++struct grub_net_network_level_interface * ++grub_net_configure_by_dhcpv6_ack (const char *name, ++ struct grub_net_card *card, ++ grub_net_interface_flags_t flags ++ __attribute__((__unused__)), ++ const grub_net_link_level_address_t *hwaddr, ++ const struct grub_net_dhcpv6_packet *packet, ++ int is_def, char **device, char **path) ++{ ++ struct grub_net_network_level_interface *inter = NULL; ++ struct grub_net_network_level_address addr; ++ int mask = -1; ++ ++ if (!device || !path) ++ return NULL; ++ ++ *device = 0; ++ *path = 0; ++ ++ grub_dprintf ("net", "mac address is %02x:%02x:%02x:%02x:%02x:%02x\n", ++ hwaddr->mac[0], hwaddr->mac[1], hwaddr->mac[2], ++ hwaddr->mac[3], hwaddr->mac[4], hwaddr->mac[5]); ++ ++ if (is_def) ++ grub_net_default_server = 0; ++ ++ if (is_def && !grub_net_default_server && packet) ++ { ++ const grub_uint8_t *options = packet->dhcp_options; ++ unsigned int option_max = 1024 - OFFSET_OF (dhcp_options, packet); ++ unsigned int i; ++ ++ for (i = 0; i < option_max - sizeof (grub_net_dhcpv6_option_t); ) ++ { ++ grub_uint16_t num, len; ++ grub_net_dhcpv6_option_t *opt = ++ (grub_net_dhcpv6_option_t *)(options + i); ++ ++ num = grub_be_to_cpu16(opt->option_num); ++ len = grub_be_to_cpu16(opt->option_len); ++ ++ grub_dprintf ("net", "got dhcpv6 option %d len %d\n", num, len); ++ ++ if (len == 0) ++ break; ++ ++ if (len + i > 1024) ++ break; ++ ++ if (num == GRUB_NET_DHCP6_BOOTFILE_URL) ++ { ++ char *scheme, *userinfo, *host, *file; ++ char *tmp; ++ int hostlen; ++ int port; ++ int rc = extract_url_info ((const char *)opt->option_data, ++ (grub_size_t)len, ++ &scheme, &userinfo, &host, &port, ++ &file); ++ if (rc < 0) ++ continue; ++ ++ /* right now this only handles tftp. */ ++ if (grub_strcmp("tftp", scheme)) ++ { ++ grub_free (scheme); ++ grub_free (userinfo); ++ grub_free (host); ++ grub_free (file); ++ continue; ++ } ++ grub_free (userinfo); ++ ++ hostlen = grub_strlen (host); ++ if (hostlen > 2 && host[0] == '[' && host[hostlen-1] == ']') ++ { ++ tmp = host+1; ++ host[hostlen-1] = '\0'; ++ } ++ else ++ tmp = host; ++ ++ *device = grub_xasprintf ("%s,%s", scheme, tmp); ++ grub_free (scheme); ++ grub_free (host); ++ ++ if (file && *file) ++ { ++ tmp = grub_strrchr (file, '/'); ++ if (tmp) ++ *(tmp+1) = '\0'; ++ else ++ file[0] = '\0'; ++ } ++ else if (!file) ++ file = grub_strdup (""); ++ ++ if (file[0] == '/') ++ { ++ *path = grub_strdup (file+1); ++ grub_free (file); ++ } ++ else ++ *path = file; ++ } ++ else if (num == GRUB_NET_DHCP6_IA_NA) ++ { ++ const grub_net_dhcpv6_option_t *ia_na_opt; ++ const grub_net_dhcpv6_opt_ia_na_t *ia_na = ++ (const grub_net_dhcpv6_opt_ia_na_t *)opt; ++ unsigned int left = len - OFFSET_OF (options, ia_na); ++ unsigned int j; ++ ++ if ((grub_uint8_t *)ia_na + left > ++ (grub_uint8_t *)options + option_max) ++ left -= ((grub_uint8_t *)ia_na + left) ++ - ((grub_uint8_t *)options + option_max); ++ ++ if (len < OFFSET_OF (option_data, opt) ++ + sizeof (grub_net_dhcpv6_option_t)) ++ { ++ grub_dprintf ("net", ++ "found dhcpv6 ia_na option with no address\n"); ++ continue; ++ } ++ ++ for (j = 0; left > sizeof (grub_net_dhcpv6_option_t); ) ++ { ++ ia_na_opt = (const grub_net_dhcpv6_option_t *) ++ (ia_na->options + j); ++ grub_uint16_t ia_na_opt_num, ia_na_opt_len; ++ ++ ia_na_opt_num = grub_be_to_cpu16 (ia_na_opt->option_num); ++ ia_na_opt_len = grub_be_to_cpu16 (ia_na_opt->option_len); ++ if (ia_na_opt_len == 0) ++ break; ++ if (j + ia_na_opt_len > left) ++ break; ++ if (ia_na_opt_num == GRUB_NET_DHCP6_IA_ADDRESS) ++ { ++ const grub_net_dhcpv6_opt_ia_address_t *ia_addr; ++ ++ ia_addr = (const grub_net_dhcpv6_opt_ia_address_t *) ++ ia_na_opt; ++ addr.type = GRUB_NET_NETWORK_LEVEL_PROTOCOL_IPV6; ++ grub_memcpy(addr.ipv6, ia_addr->ipv6_address, ++ sizeof (ia_addr->ipv6_address)); ++ inter = grub_net_add_addr (name, card, &addr, hwaddr, 0); ++ } ++ ++ j += ia_na_opt_len; ++ left -= ia_na_opt_len; ++ } ++ } ++ ++ i += len + 4; ++ } ++ ++ grub_print_error (); ++ } ++ ++ if (is_def) ++ { ++ grub_env_set ("net_default_interface", name); ++ grub_env_export ("net_default_interface"); ++ } ++ ++ if (inter) ++ grub_net_add_ipv6_local (inter, mask); ++ return inter; ++} ++ ++ + void + grub_net_process_dhcp (struct grub_net_buff *nb, + struct grub_net_card *card) +diff --git a/grub-core/net/drivers/efi/efinet.c b/grub-core/net/drivers/efi/efinet.c +index 5388f952b..a4daaa460 100644 +--- a/grub-core/net/drivers/efi/efinet.c ++++ b/grub-core/net/drivers/efi/efinet.c +@@ -18,11 +18,15 @@ + + #include + #include ++#include + #include ++#include + #include + #include + #include + #include ++#include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -329,7 +333,7 @@ grub_efi_net_config_real (grub_efi_handle_t hnd, char **device, + char **path) + { + struct grub_net_card *card; +- grub_efi_device_path_t *dp; ++ grub_efi_device_path_t *dp, *ldp = NULL; + + dp = grub_efi_get_device_path (hnd); + if (! dp) +@@ -340,14 +344,18 @@ grub_efi_net_config_real (grub_efi_handle_t hnd, char **device, + grub_efi_device_path_t *cdp; + struct grub_efi_pxe *pxe; + struct grub_efi_pxe_mode *pxe_mode; ++ + if (card->driver != &efidriver) + continue; + cdp = grub_efi_get_device_path (card->efi_handle); + if (! cdp) + continue; ++ ++ ldp = grub_efi_find_last_device_path (dp); ++ + if (grub_efi_compare_device_paths (dp, cdp) != 0) + { +- grub_efi_device_path_t *ldp, *dup_dp, *dup_ldp; ++ grub_efi_device_path_t *dup_dp, *dup_ldp; + int match; + + /* EDK2 UEFI PXE driver creates pseudo devices with type IPv4/IPv6 +@@ -356,7 +364,6 @@ grub_efi_net_config_real (grub_efi_handle_t hnd, char **device, + devices. We skip them when enumerating cards, so here we need to + find matching MAC device. + */ +- ldp = grub_efi_find_last_device_path (dp); + if (GRUB_EFI_DEVICE_PATH_TYPE (ldp) != GRUB_EFI_MESSAGING_DEVICE_PATH_TYPE + || (GRUB_EFI_DEVICE_PATH_SUBTYPE (ldp) != GRUB_EFI_IPV4_DEVICE_PATH_SUBTYPE + && GRUB_EFI_DEVICE_PATH_SUBTYPE (ldp) != GRUB_EFI_IPV6_DEVICE_PATH_SUBTYPE)) +@@ -373,16 +380,46 @@ grub_efi_net_config_real (grub_efi_handle_t hnd, char **device, + if (!match) + continue; + } ++ + pxe = grub_efi_open_protocol (hnd, &pxe_io_guid, + GRUB_EFI_OPEN_PROTOCOL_GET_PROTOCOL); + if (! pxe) + continue; ++ + pxe_mode = pxe->mode; +- grub_net_configure_by_dhcp_ack (card->name, card, 0, +- (struct grub_net_bootp_packet *) +- &pxe_mode->dhcp_ack, +- sizeof (pxe_mode->dhcp_ack), +- 1, device, path); ++ if (pxe_mode->using_ipv6) ++ { ++ grub_net_link_level_address_t hwaddr; ++ struct grub_net_network_level_interface *intf; ++ ++ grub_dprintf ("efinet", "using ipv6 and dhcpv6\n"); ++ grub_dprintf ("efinet", "dhcp_ack_received: %s%s\n", ++ pxe_mode->dhcp_ack_received ? "yes" : "no", ++ pxe_mode->dhcp_ack_received ? "" : " cannot continue"); ++ if (!pxe_mode->dhcp_ack_received) ++ continue; ++ ++ hwaddr.type = GRUB_NET_LINK_LEVEL_PROTOCOL_ETHERNET; ++ grub_memcpy (hwaddr.mac, ++ card->efi_net->mode->current_address, ++ sizeof (hwaddr.mac)); ++ ++ intf = grub_net_configure_by_dhcpv6_ack (card->name, card, 0, &hwaddr, ++ (const struct grub_net_dhcpv6_packet *)&pxe_mode->dhcp_ack.dhcpv6, ++ 1, device, path); ++ if (intf && device && path) ++ grub_dprintf ("efinet", "device: `%s' path: `%s'\n", *device, *path); ++ } ++ else ++ { ++ grub_dprintf ("efinet", "using ipv4 and dhcp\n"); ++ grub_net_configure_by_dhcp_ack (card->name, card, 0, ++ (struct grub_net_bootp_packet *) ++ &pxe_mode->dhcp_ack, ++ sizeof (pxe_mode->dhcp_ack), ++ 1, device, path); ++ grub_dprintf ("efinet", "device: `%s' path: `%s'\n", *device, *path); ++ } + return; + } + } +diff --git a/grub-core/net/net.c b/grub-core/net/net.c +index 16d2ce06d..4be228d95 100644 +--- a/grub-core/net/net.c ++++ b/grub-core/net/net.c +@@ -955,6 +955,78 @@ grub_net_network_level_interface_register (struct grub_net_network_level_interfa + grub_net_network_level_interfaces = inter; + } + ++int ++grub_ipv6_get_masksize (grub_uint16_t be_mask[8]) ++{ ++ grub_uint8_t *mask; ++ grub_uint16_t mask16[8]; ++ int x, y; ++ int ret = 128; ++ ++ grub_memcpy (mask16, be_mask, sizeof (mask16)); ++ for (x = 0; x < 8; x++) ++ mask16[x] = grub_be_to_cpu16 (mask16[x]); ++ ++ mask = (grub_uint8_t *)mask16; ++ ++ for (x = 15; x >= 0; x--) ++ { ++ grub_uint8_t octet = mask[x]; ++ if (!octet) ++ { ++ ret -= 8; ++ continue; ++ } ++ for (y = 0; y < 8; y++) ++ { ++ if (octet & (1 << y)) ++ break; ++ else ++ ret--; ++ } ++ break; ++ } ++ ++ return ret; ++} ++ ++grub_err_t ++grub_net_add_ipv6_local (struct grub_net_network_level_interface *inter, ++ int mask) ++{ ++ struct grub_net_route *route; ++ ++ if (inter->address.type != GRUB_NET_NETWORK_LEVEL_PROTOCOL_IPV6) ++ return 0; ++ ++ if (mask == -1) ++ mask = grub_ipv6_get_masksize ((grub_uint16_t *)inter->address.ipv6); ++ ++ if (mask == -1) ++ return 0; ++ ++ route = grub_zalloc (sizeof (*route)); ++ if (!route) ++ return grub_errno; ++ ++ route->name = grub_xasprintf ("%s:local", inter->name); ++ if (!route->name) ++ { ++ grub_free (route); ++ return grub_errno; ++ } ++ ++ route->target.type = GRUB_NET_NETWORK_LEVEL_PROTOCOL_IPV6; ++ grub_memcpy (route->target.ipv6.base, inter->address.ipv6, ++ sizeof (inter->address.ipv6)); ++ route->target.ipv6.masksize = mask; ++ route->is_gateway = 0; ++ route->interface = inter; ++ ++ grub_net_route_register (route); ++ ++ return 0; ++} + + grub_err_t + grub_net_add_ipv4_local (struct grub_net_network_level_interface *inter, +diff --git a/grub-core/net/tftp.c b/grub-core/net/tftp.c +index 7d90bf66e..1157524fc 100644 +--- a/grub-core/net/tftp.c ++++ b/grub-core/net/tftp.c +@@ -379,19 +379,23 @@ tftp_open (struct grub_file *file, const char *filename) + return grub_errno; + } + ++ grub_dprintf("tftp", "resolving address for %s\n", file->device->net->server); + err = grub_net_resolve_address (file->device->net->server, &addr); + if (err) + { ++ grub_dprintf("tftp", "Address resolution failed: %d\n", err); + destroy_pq (data); + grub_free (data); + return err; + } + ++ grub_dprintf("tftp", "opening connection\n"); + data->sock = grub_net_udp_open (addr, + TFTP_SERVER_PORT, tftp_receive, + file); + if (!data->sock) + { ++ grub_dprintf("tftp", "connection failed\n"); + destroy_pq (data); + grub_free (data); + return grub_errno; +diff --git a/include/grub/efi/api.h b/include/grub/efi/api.h +index c7c9f0e1d..28b6adf76 100644 +--- a/include/grub/efi/api.h ++++ b/include/grub/efi/api.h +@@ -572,10 +572,16 @@ typedef void *grub_efi_handle_t; + typedef void *grub_efi_event_t; + typedef grub_efi_uint64_t grub_efi_lba_t; + typedef grub_efi_uintn_t grub_efi_tpl_t; +-typedef grub_uint8_t grub_efi_mac_address_t[32]; +-typedef grub_uint8_t grub_efi_ipv4_address_t[4]; +-typedef grub_uint16_t grub_efi_ipv6_address_t[8]; +-typedef grub_uint8_t grub_efi_ip_address_t[8] __attribute__ ((aligned(4))); ++typedef grub_efi_uint8_t grub_efi_mac_address_t[32]; ++typedef grub_efi_uint8_t grub_efi_ipv4_address_t[4]; ++typedef grub_efi_uint8_t grub_efi_ipv6_address_t[16]; ++typedef union ++{ ++ grub_efi_uint32_t addr[4]; ++ grub_efi_ipv4_address_t v4; ++ grub_efi_ipv6_address_t v6; ++} grub_efi_ip_address_t __attribute__ ((aligned(4))); ++ + typedef grub_efi_uint64_t grub_efi_physical_address_t; + typedef grub_efi_uint64_t grub_efi_virtual_address_t; + +@@ -1450,16 +1456,127 @@ struct grub_efi_simple_text_output_interface + }; + typedef struct grub_efi_simple_text_output_interface grub_efi_simple_text_output_interface_t; + +-typedef grub_uint8_t grub_efi_pxe_packet_t[1472]; ++typedef struct grub_efi_pxe_dhcpv4_packet ++{ ++ grub_efi_uint8_t bootp_opcode; ++ grub_efi_uint8_t bootp_hwtype; ++ grub_efi_uint8_t bootp_hwaddr_len; ++ grub_efi_uint8_t bootp_gate_hops; ++ grub_efi_uint32_t bootp_ident; ++ grub_efi_uint16_t bootp_seconds; ++ grub_efi_uint16_t bootp_flags; ++ grub_efi_uint8_t bootp_ci_addr[4]; ++ grub_efi_uint8_t bootp_yi_addr[4]; ++ grub_efi_uint8_t bootp_si_addr[4]; ++ grub_efi_uint8_t bootp_gi_addr[4]; ++ grub_efi_uint8_t bootp_hw_addr[16]; ++ grub_efi_uint8_t bootp_srv_name[64]; ++ grub_efi_uint8_t bootp_boot_file[128]; ++ grub_efi_uint32_t dhcp_magik; ++ grub_efi_uint8_t dhcp_options[56]; ++} grub_efi_pxe_dhcpv4_packet_t; ++ ++struct grub_efi_pxe_dhcpv6_packet ++{ ++ grub_efi_uint32_t message_type:8; ++ grub_efi_uint32_t transaction_id:24; ++ grub_efi_uint8_t dhcp_options[1024]; ++} GRUB_PACKED; ++typedef struct grub_efi_pxe_dhcpv6_packet grub_efi_pxe_dhcpv6_packet_t; ++ ++typedef union ++{ ++ grub_efi_uint8_t raw[1472]; ++ grub_efi_pxe_dhcpv4_packet_t dhcpv4; ++ grub_efi_pxe_dhcpv6_packet_t dhcpv6; ++} grub_efi_pxe_packet_t; ++ ++#define GRUB_EFI_PXE_MAX_IPCNT 8 ++#define GRUB_EFI_PXE_MAX_ARP_ENTRIES 8 ++#define GRUB_EFI_PXE_MAX_ROUTE_ENTRIES 8 ++ ++typedef struct grub_efi_pxe_ip_filter ++{ ++ grub_efi_uint8_t filters; ++ grub_efi_uint8_t ip_count; ++ grub_efi_uint8_t reserved; ++ grub_efi_ip_address_t ip_list[GRUB_EFI_PXE_MAX_IPCNT]; ++} grub_efi_pxe_ip_filter_t; ++ ++typedef struct grub_efi_pxe_arp_entry ++{ ++ grub_efi_ip_address_t ip_addr; ++ grub_efi_mac_address_t mac_addr; ++} grub_efi_pxe_arp_entry_t; ++ ++typedef struct grub_efi_pxe_route_entry ++{ ++ grub_efi_ip_address_t ip_addr; ++ grub_efi_ip_address_t subnet_mask; ++ grub_efi_ip_address_t gateway_addr; ++} grub_efi_pxe_route_entry_t; ++ ++typedef struct grub_efi_pxe_icmp_error ++{ ++ grub_efi_uint8_t type; ++ grub_efi_uint8_t code; ++ grub_efi_uint16_t checksum; ++ union ++ { ++ grub_efi_uint32_t reserved; ++ grub_efi_uint32_t mtu; ++ grub_efi_uint32_t pointer; ++ struct ++ { ++ grub_efi_uint16_t identifier; ++ grub_efi_uint16_t sequence; ++ } echo; ++ } u; ++ grub_efi_uint8_t data[494]; ++} grub_efi_pxe_icmp_error_t; ++ ++typedef struct grub_efi_pxe_tftp_error ++{ ++ grub_efi_uint8_t error_code; ++ grub_efi_char8_t error_string[127]; ++} grub_efi_pxe_tftp_error_t; + + typedef struct grub_efi_pxe_mode + { +- grub_uint8_t unused[52]; ++ grub_efi_boolean_t started; ++ grub_efi_boolean_t ipv6_available; ++ grub_efi_boolean_t ipv6_supported; ++ grub_efi_boolean_t using_ipv6; ++ grub_efi_boolean_t bis_supported; ++ grub_efi_boolean_t bis_detected; ++ grub_efi_boolean_t auto_arp; ++ grub_efi_boolean_t send_guid; ++ grub_efi_boolean_t dhcp_discover_valid; ++ grub_efi_boolean_t dhcp_ack_received; ++ grub_efi_boolean_t proxy_offer_received; ++ grub_efi_boolean_t pxe_discover_valid; ++ grub_efi_boolean_t pxe_reply_received; ++ grub_efi_boolean_t pxe_bis_reply_received; ++ grub_efi_boolean_t icmp_error_received; ++ grub_efi_boolean_t tftp_error_received; ++ grub_efi_boolean_t make_callbacks; ++ grub_efi_uint8_t ttl; ++ grub_efi_uint8_t tos; ++ grub_efi_ip_address_t station_ip; ++ grub_efi_ip_address_t subnet_mask; + grub_efi_pxe_packet_t dhcp_discover; + grub_efi_pxe_packet_t dhcp_ack; + grub_efi_pxe_packet_t proxy_offer; + grub_efi_pxe_packet_t pxe_discover; + grub_efi_pxe_packet_t pxe_reply; ++ grub_efi_pxe_packet_t pxe_bis_reply; ++ grub_efi_pxe_ip_filter_t ip_filter; ++ grub_efi_uint32_t arp_cache_entries; ++ grub_efi_pxe_arp_entry_t arp_cache[GRUB_EFI_PXE_MAX_ARP_ENTRIES]; ++ grub_efi_uint32_t route_table_entries; ++ grub_efi_pxe_route_entry_t route_table[GRUB_EFI_PXE_MAX_ROUTE_ENTRIES]; ++ grub_efi_pxe_icmp_error_t icmp_error; ++ grub_efi_pxe_tftp_error_t tftp_error; + } grub_efi_pxe_mode_t; + + typedef struct grub_efi_pxe +diff --git a/include/grub/net.h b/include/grub/net.h +index 50d62ab0c..f8f3ec13a 100644 +--- a/include/grub/net.h ++++ b/include/grub/net.h +@@ -442,6 +442,51 @@ struct grub_net_bootp_packet + grub_uint8_t vendor[0]; + } GRUB_PACKED; + ++enum ++ { ++ GRUB_NET_DHCP6_IA_NA = 3, ++ GRUB_NET_DHCP6_IA_ADDRESS = 5, ++ GRUB_NET_DHCP6_BOOTFILE_URL = 59, ++ }; ++ ++struct grub_net_dhcpv6_option ++{ ++ grub_uint16_t option_num; ++ grub_uint16_t option_len; ++ grub_uint8_t option_data[]; ++} GRUB_PACKED; ++typedef struct grub_net_dhcpv6_option grub_net_dhcpv6_option_t; ++ ++struct grub_net_dhcpv6_opt_ia_na ++{ ++ grub_uint16_t option_num; ++ grub_uint16_t option_len; ++ grub_uint32_t iaid; ++ grub_uint32_t t1; ++ grub_uint32_t t2; ++ grub_uint8_t options[]; ++} GRUB_PACKED; ++typedef struct grub_net_dhcpv6_opt_ia_na grub_net_dhcpv6_opt_ia_na_t; ++ ++struct grub_net_dhcpv6_opt_ia_address ++{ ++ grub_uint16_t option_num; ++ grub_uint16_t option_len; ++ grub_uint64_t ipv6_address[2]; ++ grub_uint32_t preferred_lifetime; ++ grub_uint32_t valid_lifetime; ++ grub_uint8_t options[]; ++} GRUB_PACKED; ++typedef struct grub_net_dhcpv6_opt_ia_address grub_net_dhcpv6_opt_ia_address_t; ++ ++struct grub_net_dhcpv6_packet ++{ ++ grub_uint32_t message_type:8; ++ grub_uint32_t transaction_id:24; ++ grub_uint8_t dhcp_options[1024]; ++} GRUB_PACKED; ++typedef struct grub_net_dhcpv6_packet grub_net_dhcpv6_packet_t; ++ + #define GRUB_NET_BOOTP_RFC1048_MAGIC_0 0x63 + #define GRUB_NET_BOOTP_RFC1048_MAGIC_1 0x82 + #define GRUB_NET_BOOTP_RFC1048_MAGIC_2 0x53 +@@ -470,6 +515,21 @@ grub_net_configure_by_dhcp_ack (const char *name, + grub_size_t size, + int is_def, char **device, char **path); + ++struct grub_net_network_level_interface * ++grub_net_configure_by_dhcpv6_ack (const char *name, ++ struct grub_net_card *card, ++ grub_net_interface_flags_t flags, ++ const grub_net_link_level_address_t *hwaddr, ++ const struct grub_net_dhcpv6_packet *packet, ++ int is_def, char **device, char **path); ++ ++int ++grub_ipv6_get_masksize(grub_uint16_t *mask); ++ ++grub_err_t ++grub_net_add_ipv6_local (struct grub_net_network_level_interface *inf, ++ int mask); ++ + grub_err_t + grub_net_add_ipv4_local (struct grub_net_network_level_interface *inf, + int mask); diff --git a/SOURCES/0076-Add-grub-get-kernel-settings-and-use-it-in-10_linux.patch b/SOURCES/0076-Add-grub-get-kernel-settings-and-use-it-in-10_linux.patch new file mode 100644 index 0000000..ebb11af --- /dev/null +++ b/SOURCES/0076-Add-grub-get-kernel-settings-and-use-it-in-10_linux.patch @@ -0,0 +1,300 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Thu, 23 Jun 2016 11:01:39 -0400 +Subject: [PATCH] Add grub-get-kernel-settings and use it in 10_linux + +This patch adds grub-get-kernel-settings, which reads the system kernel +installation configuration from /etc/sysconfig/kernel, and outputs +${GRUB_...} variables suitable for evaluation by grub-mkconfig. Those +variables are then used by 10_linux to choose whether or not to create +debug stanzas. + +Resolves: rhbz#1226325 +--- + configure.ac | 2 + + Makefile.util.def | 7 +++ + .gitignore | 2 + + util/bash-completion.d/grub-completion.bash.in | 22 ++++++++ + util/grub-get-kernel-settings.3 | 20 +++++++ + util/grub-get-kernel-settings.in | 78 ++++++++++++++++++++++++++ + util/grub-mkconfig.in | 3 + + util/grub.d/10_linux.in | 23 ++++++-- + 8 files changed, 152 insertions(+), 5 deletions(-) + create mode 100644 util/grub-get-kernel-settings.3 + create mode 100644 util/grub-get-kernel-settings.in + +diff --git a/configure.ac b/configure.ac +index 71d105696..aa06ed59c 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -58,6 +58,7 @@ grub_TRANSFORM([grub-install]) + grub_TRANSFORM([grub-mkconfig]) + grub_TRANSFORM([grub-mkfont]) + grub_TRANSFORM([grub-mkimage]) ++grub_TRANSFORM([grub-get-kernel-settings]) + grub_TRANSFORM([grub-glue-efi]) + grub_TRANSFORM([grub-mklayout]) + grub_TRANSFORM([grub-mkpasswd-pbkdf2]) +@@ -75,6 +76,7 @@ grub_TRANSFORM([grub-file]) + grub_TRANSFORM([grub-bios-setup.3]) + grub_TRANSFORM([grub-editenv.1]) + grub_TRANSFORM([grub-fstest.3]) ++grub_TRANSFORM([grub-get-kernel-settings.3]) + grub_TRANSFORM([grub-glue-efi.3]) + grub_TRANSFORM([grub-install.1]) + grub_TRANSFORM([grub-kbdcomp.3]) +diff --git a/Makefile.util.def b/Makefile.util.def +index fd91045bd..2d032643d 100644 +--- a/Makefile.util.def ++++ b/Makefile.util.def +@@ -714,6 +714,13 @@ script = { + installdir = sbin; + }; + ++script = { ++ name = grub-get-kernel-settings; ++ common = util/grub-get-kernel-settings.in; ++ mansection = 3; ++ installdir = sbin; ++}; ++ + script = { + name = grub-set-default; + common = util/grub-set-default.in; +diff --git a/.gitignore b/.gitignore +index 5066689bc..54795fa60 100644 +--- a/.gitignore ++++ b/.gitignore +@@ -68,6 +68,8 @@ grub-*.tar.* + /grub*-fs-tester + /grub*-fstest + /grub*-fstest.1 ++/grub*-get-kernel-settings ++/grub*-get-kernel-settings.3 + /grub*-glue-efi + /grub*-glue-efi.1 + /grub*-install +diff --git a/util/bash-completion.d/grub-completion.bash.in b/util/bash-completion.d/grub-completion.bash.in +index 44bf135b9..5c4acd496 100644 +--- a/util/bash-completion.d/grub-completion.bash.in ++++ b/util/bash-completion.d/grub-completion.bash.in +@@ -264,6 +264,28 @@ have ${__grub_sparc64_setup_program} && \ + unset __grub_sparc64_setup_program + + ++# ++# grub-get-kernel-settings ++# ++_grub_get_kernel_settings () { ++ local cur ++ ++ COMPREPLY=() ++ cur=`_get_cword` ++ ++ if [[ "$cur" == -* ]]; then ++ __grubcomp "$(__grub_get_options_from_help)" ++ else ++ # Default complete with a filename ++ _filedir ++ fi ++} ++__grub_get_kernel_settings_program="@grub_get_kernel_settings@" ++have ${__grub_get_kernel_settings_program} && \ ++ complete -F _grub_get_kernel_settings -o filenames ${__grub_get_kernel_settings_program} ++unset __grub_get_kernel_settings_program ++ ++ + # + # grub-install + # +diff --git a/util/grub-get-kernel-settings.3 b/util/grub-get-kernel-settings.3 +new file mode 100644 +index 000000000..ba33330e2 +--- /dev/null ++++ b/util/grub-get-kernel-settings.3 +@@ -0,0 +1,20 @@ ++.TH GRUB-GET-KERNEL-SETTINGS 3 "Thu Jun 25 2015" ++.SH NAME ++\fBgrub-get-kernel-settings\fR \(em Evaluate the system's kernel installation settings for use while making a grub configuration file. ++ ++.SH SYNOPSIS ++\fBgrub-get-kernel-settings\fR [OPTION] ++ ++.SH DESCRIPTION ++\fBgrub-get-kernel-settings\fR reads the kernel installation settings on the host system, and emits a set of grub settings suitable for use when creating a grub configuration file. ++ ++.SH OPTIONS ++.TP ++-h, --help ++Display program usage and exit. ++.TP ++-v, --version ++Display the current version. ++ ++.SH SEE ALSO ++.BR "info grub" +diff --git a/util/grub-get-kernel-settings.in b/util/grub-get-kernel-settings.in +new file mode 100644 +index 000000000..120462198 +--- /dev/null ++++ b/util/grub-get-kernel-settings.in +@@ -0,0 +1,78 @@ ++#!/bin/sh ++set -e ++ ++# Evaluate new-kernel-pkg's configuration file. ++# Copyright (C) 2016 Free Software Foundation, Inc. ++# ++# GRUB is free software: you can redistribute it and/or modify ++# it under the terms of the GNU General Public License as published by ++# the Free Software Foundation, either version 3 of the License, or ++# (at your option) any later version. ++# ++# GRUB is distributed in the hope that it will be useful, ++# but WITHOUT ANY WARRANTY; without even the implied warranty of ++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++# GNU General Public License for more details. ++# ++# You should have received a copy of the GNU General Public License ++# along with GRUB. If not, see . ++ ++PACKAGE_NAME=@PACKAGE_NAME@ ++PACKAGE_VERSION=@PACKAGE_VERSION@ ++datadir="@datadir@" ++if [ "x$pkgdatadir" = x ]; then ++ pkgdatadir="${datadir}/@PACKAGE@" ++fi ++ ++self=`basename $0` ++ ++export TEXTDOMAIN=@PACKAGE@ ++export TEXTDOMAINDIR="@localedir@" ++ ++. "${pkgdatadir}/grub-mkconfig_lib" ++ ++# Usage: usage ++# Print the usage. ++usage () { ++ gettext_printf "Usage: %s [OPTION]\n" "$self" ++ gettext "Evaluate new-kernel-pkg configuration"; echo ++ echo ++ print_option_help "-h, --help" "$(gettext "print this message and exit")" ++ print_option_help "-v, --version" "$(gettext "print the version information and exit")" ++ echo ++} ++ ++# Check the arguments. ++while test $# -gt 0 ++do ++ option=$1 ++ shift ++ ++ case "$option" in ++ -h | --help) ++ usage ++ exit 0 ;; ++ -v | --version) ++ echo "$self (${PACKAGE_NAME}) ${PACKAGE_VERSION}" ++ exit 0 ;; ++ -*) ++ gettext_printf "Unrecognized option \`%s'\n" "$option" 1>&2 ++ usage ++ exit 1 ++ ;; ++ # Explicitly ignore non-option arguments, for compatibility. ++ esac ++done ++ ++if test -f /etc/sysconfig/kernel ; then ++ . /etc/sysconfig/kernel ++fi ++ ++if [ "$MAKEDEBUG" = "yes" ]; then ++ echo GRUB_LINUX_MAKE_DEBUG=true ++ echo export GRUB_LINUX_MAKE_DEBUG ++ echo GRUB_CMDLINE_LINUX_DEBUG=\"systemd.log_level=debug systemd.log_target=kmsg\" ++ echo export GRUB_CMDLINE_LINUX_DEBUG ++ echo GRUB_LINUX_DEBUG_TITLE_POSTFIX=\" with debugging\" ++ echo export GRUB_LINUX_DEBUG_TITLE_POSTFIX ++fi +diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in +index bdb9982ae..8218f3d47 100644 +--- a/util/grub-mkconfig.in ++++ b/util/grub-mkconfig.in +@@ -45,6 +45,7 @@ grub_probe="${sbindir}/@grub_probe@" + grub_file="${bindir}/@grub_file@" + grub_editenv="${bindir}/@grub_editenv@" + grub_script_check="${bindir}/@grub_script_check@" ++grub_get_kernel_settings="${sbindir}/@grub_get_kernel_settings@" + + export TEXTDOMAIN=@PACKAGE@ + export TEXTDOMAINDIR="@localedir@" +@@ -158,6 +159,8 @@ if test -f ${sysconfdir}/default/grub ; then + . ${sysconfdir}/default/grub + fi + ++eval "$("${grub_get_kernel_settings}")" || true ++ + if [ "x$GRUB_DISABLE_UUID" != "xtrue" ]; then + if [ -z "$GRUB_DEVICE_UUID" ]; then + GRUB_DEVICE_UUID="$GRUB_DEVICE_UUID_GENERATED" +diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in +index a8a8e2cf3..4e49ccdf7 100644 +--- a/util/grub.d/10_linux.in ++++ b/util/grub.d/10_linux.in +@@ -111,7 +111,8 @@ linux_entry () + os="$1" + version="$2" + type="$3" +- args="$4" ++ isdebug="$4" ++ args="$5" + + if [ -z "$boot_device_id" ]; then + boot_device_id="$(grub_get_device_id "${GRUB_DEVICE}")" +@@ -123,6 +124,9 @@ linux_entry () + quoted="$(echo "$GRUB_ACTUAL_DEFAULT" | grub_quote)" + title_correction_code="${title_correction_code}if [ \"x\$default\" = '$quoted' ]; then default='$(echo "$replacement_title" | grub_quote)'; fi;" + fi ++ if [ x$isdebug = xdebug ]; then ++ title="$title${GRUB_LINUX_DEBUG_TITLE_POSTFIX}" ++ fi + echo "menuentry '$(echo "$title" | grub_quote)' ${CLASS} \$menuentry_id_option 'gnulinux-$version-$type-$boot_device_id' {" | sed "s/^/$submenu_indentation/" + else + echo "menuentry '$(echo "$os" | grub_quote)' ${CLASS} \$menuentry_id_option 'gnulinux-simple-$boot_device_id' {" | sed "s/^/$submenu_indentation/" +@@ -295,11 +299,15 @@ while [ "x$list" != "x" ] ; do + fi + + if [ "x$is_top_level" = xtrue ] && [ "x${GRUB_DISABLE_SUBMENU}" != xtrue ]; then +- linux_entry "${OS}" "${version}" simple \ ++ linux_entry "${OS}" "${version}" simple standard \ + "${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT}" ++ if [ "x$GRUB_LINUX_MAKE_DEBUG" = "xtrue" ]; then ++ linux_entry "${OS}" "${version}" simple debug \ ++ "${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT} ${GRUB_CMDLINE_LINUX_DEBUG}" ++ fi + + submenu_indentation="$grub_tab" +- ++ + if [ -z "$boot_device_id" ]; then + boot_device_id="$(grub_get_device_id "${GRUB_DEVICE}")" + fi +@@ -308,10 +316,15 @@ while [ "x$list" != "x" ] ; do + is_top_level=false + fi + +- linux_entry "${OS}" "${version}" advanced \ ++ linux_entry "${OS}" "${version}" advanced standard \ + "${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT}" ++ if [ "x$GRUB_LINUX_MAKE_DEBUG" = "xtrue" ]; then ++ linux_entry "${OS}" "${version}" advanced debug \ ++ "${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT} ${GRUB_CMDLINE_LINUX_DEBUG}" ++ fi ++ + if [ "x${GRUB_DISABLE_RECOVERY}" != "xtrue" ]; then +- linux_entry "${OS}" "${version}" recovery \ ++ linux_entry "${OS}" "${version}" recovery standard \ + "single ${GRUB_CMDLINE_LINUX}" + fi + diff --git a/SOURCES/0077-Normalize-slashes-in-tftp-paths.patch b/SOURCES/0077-Normalize-slashes-in-tftp-paths.patch new file mode 100644 index 0000000..66033a1 --- /dev/null +++ b/SOURCES/0077-Normalize-slashes-in-tftp-paths.patch @@ -0,0 +1,55 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Lenny Szubowicz +Date: Mon, 29 Aug 2016 11:04:48 -0400 +Subject: [PATCH] Normalize slashes in tftp paths. + +Some tftp servers do not handle multiple consecutive slashes correctly; +this patch avoids sending tftp requests with non-normalized paths. + +Signed-off-by: Peter Jones +--- + grub-core/net/tftp.c | 24 +++++++++++++++++++++++- + 1 file changed, 23 insertions(+), 1 deletion(-) + +diff --git a/grub-core/net/tftp.c b/grub-core/net/tftp.c +index 1157524fc..5ca0a96a6 100644 +--- a/grub-core/net/tftp.c ++++ b/grub-core/net/tftp.c +@@ -300,6 +300,25 @@ destroy_pq (tftp_data_t data) + grub_priority_queue_destroy (data->pq); + } + ++/* Create a normalized copy of the filename. ++ Compress any string of consecutive forward slashes to a single forward ++ slash. */ ++static void ++grub_normalize_filename (char *normalized, const char *filename) ++{ ++ char *dest = normalized; ++ char *src = filename; ++ ++ while (*src != '\0') ++ { ++ if (src[0] == '/' && src[1] == '/') ++ src++; ++ else ++ *dest++ = *src++; ++ } ++ *dest = '\0'; ++} ++ + static grub_err_t + tftp_open (struct grub_file *file, const char *filename) + { +@@ -337,7 +356,10 @@ tftp_open (struct grub_file *file, const char *filename) + rrqlen = 0; + + tftph->opcode = grub_cpu_to_be16_compile_time (TFTP_RRQ); +- grub_strcpy (rrq, filename); ++ ++ /* Copy and normalize the filename to work-around issues on some tftp ++ servers when file names are being matched for remapping. */ ++ grub_normalize_filename (rrq, filename); + rrqlen += grub_strlen (filename) + 1; + rrq += grub_strlen (filename) + 1; + diff --git a/SOURCES/0078-Fix-malformed-tftp-packets.patch b/SOURCES/0078-Fix-malformed-tftp-packets.patch new file mode 100644 index 0000000..2c6aae6 --- /dev/null +++ b/SOURCES/0078-Fix-malformed-tftp-packets.patch @@ -0,0 +1,32 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Mark Salter +Date: Tue, 7 Mar 2017 18:26:17 -0500 +Subject: [PATCH] Fix malformed tftp packets + +0088-Normalize-slashes-in-tftp-paths.patch collapses multiple contiguous +slashes in a filename into one slash in the tftp packet filename field. +However, the packet buffer pointer is advanced using the original name. +This leaves unitialized data between the name field and the type field +leading to tftp errors. Use the length of the normalized name to avoid +this. + +Signed-off-by: Mark Salter +--- + grub-core/net/tftp.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/grub-core/net/tftp.c b/grub-core/net/tftp.c +index 5ca0a96a6..dcd824943 100644 +--- a/grub-core/net/tftp.c ++++ b/grub-core/net/tftp.c +@@ -360,8 +360,8 @@ tftp_open (struct grub_file *file, const char *filename) + /* Copy and normalize the filename to work-around issues on some tftp + servers when file names are being matched for remapping. */ + grub_normalize_filename (rrq, filename); +- rrqlen += grub_strlen (filename) + 1; +- rrq += grub_strlen (filename) + 1; ++ rrqlen += grub_strlen (rrq) + 1; ++ rrq += grub_strlen (rrq) + 1; + + grub_strcpy (rrq, "octet"); + rrqlen += grub_strlen ("octet") + 1; diff --git a/SOURCES/0079-bz1374141-fix-incorrect-mask-for-ppc64.patch b/SOURCES/0079-bz1374141-fix-incorrect-mask-for-ppc64.patch new file mode 100644 index 0000000..cff2869 --- /dev/null +++ b/SOURCES/0079-bz1374141-fix-incorrect-mask-for-ppc64.patch @@ -0,0 +1,45 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Masahiro Matsuya +Date: Sat, 29 Oct 2016 08:35:26 +0900 +Subject: [PATCH] bz1374141 fix incorrect mask for ppc64 + +The netmask configured in firmware is not respected on ppc64 (big endian). +When 255.255.252.0 is set as netmask in firmware, the following is the value of bootpath string in grub_ieee1275_parse_bootpath(). + + /vdevice/l-lan@30000002:speed=auto,duplex=auto,192.168.88.10,,192.168.89.113,192.168.88.1,5,5,255.255.252.0,512 + +The netmask in this bootpath is no problem, since it's a value specified in firmware. But, +The value of 'subnet_mask.ipv4' was set with 0xfffffc00, and __builtin_ctz (~grub_le_to_cpu32 (subnet_mask.ipv4)) returned 16 (not 22). +As a result, 16 was used for netmask wrongly. + +1111 1111 1111 1111 1111 1100 0000 0000 # subnet_mask.ipv4 (=0xfffffc00) +0000 0000 1111 1100 1111 1111 1111 1111 # grub_le_to_cpu32 (subnet_mask.ipv4) +1111 1111 0000 0011 0000 0000 0000 0000 # ~grub_le_to_cpu32 (subnet_mask.ipv4) + +And, the count of zero with __builtin_ctz can be 16. +This patch changes it as below. + +1111 1111 1111 1111 1111 1100 0000 0000 # subnet_mask.ipv4 (=0xfffffc00) +0000 0000 1111 1100 1111 1111 1111 1111 # grub_le_to_cpu32 (subnet_mask.ipv4) +1111 1111 1111 1111 1111 1100 0000 0000 # grub_swap_bytes32(grub_le_to_cpu32 (subnet_mask.ipv4)) +0000 0000 0000 0000 0000 0011 1111 1111 # ~grub_swap_bytes32(grub_le_to_cpu32 (subnet_mask.ipv4)) + +The count of zero with __builtin_clz can be 22. (clz counts the number of one bits preceding the most significant zero bit) +--- + grub-core/net/drivers/ieee1275/ofnet.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/grub-core/net/drivers/ieee1275/ofnet.c b/grub-core/net/drivers/ieee1275/ofnet.c +index 002446be1..3df75357a 100644 +--- a/grub-core/net/drivers/ieee1275/ofnet.c ++++ b/grub-core/net/drivers/ieee1275/ofnet.c +@@ -220,8 +220,7 @@ grub_ieee1275_parse_bootpath (const char *devpath, char *bootpath, + flags); + inter->vlantag = vlantag; + grub_net_add_ipv4_local (inter, +- __builtin_ctz (~grub_le_to_cpu32 (subnet_mask.ipv4))); +- ++ __builtin_clz (~grub_swap_bytes32(grub_le_to_cpu32 (subnet_mask.ipv4)))); + } + + if (gateway_addr.ipv4 != 0) diff --git a/SOURCES/0080-Make-grub_fatal-also-backtrace.patch b/SOURCES/0080-Make-grub_fatal-also-backtrace.patch new file mode 100644 index 0000000..8ca42f7 --- /dev/null +++ b/SOURCES/0080-Make-grub_fatal-also-backtrace.patch @@ -0,0 +1,172 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Wed, 27 Jan 2016 09:22:42 -0500 +Subject: [PATCH] Make grub_fatal() also backtrace. + +--- + grub-core/Makefile.core.def | 3 ++ + grub-core/kern/misc.c | 8 +++++- + grub-core/lib/arm64/backtrace.c | 62 +++++++++++++++++++++++++++++++++++++++++ + grub-core/lib/backtrace.c | 2 ++ + grub-core/lib/i386/backtrace.c | 14 +++++++++- + 5 files changed, 87 insertions(+), 2 deletions(-) + create mode 100644 grub-core/lib/arm64/backtrace.c + +diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def +index 991891a6e..27563743b 100644 +--- a/grub-core/Makefile.core.def ++++ b/grub-core/Makefile.core.def +@@ -175,6 +175,9 @@ kernel = { + + softdiv = lib/division.c; + ++ x86 = lib/i386/backtrace.c; ++ x86 = lib/backtrace.c; ++ + i386 = kern/i386/dl.c; + i386_xen = kern/i386/dl.c; + +diff --git a/grub-core/kern/misc.c b/grub-core/kern/misc.c +index f1fab7000..5ce89a40c 100644 +--- a/grub-core/kern/misc.c ++++ b/grub-core/kern/misc.c +@@ -24,6 +24,7 @@ + #include + #include + #include ++#include + + union printf_arg + { +@@ -1101,8 +1102,13 @@ grub_xasprintf (const char *fmt, ...) + static void __attribute__ ((noreturn)) + grub_abort (void) + { ++#ifndef GRUB_UTIL ++#if defined(__i386__) || defined(__x86_64__) ++ grub_backtrace(); ++#endif ++#endif + grub_printf ("\nAborted."); +- ++ + #ifndef GRUB_UTIL + if (grub_term_inputs) + #endif +diff --git a/grub-core/lib/arm64/backtrace.c b/grub-core/lib/arm64/backtrace.c +new file mode 100644 +index 000000000..1079b5380 +--- /dev/null ++++ b/grub-core/lib/arm64/backtrace.c +@@ -0,0 +1,62 @@ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2009 Free Software Foundation, Inc. ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ */ ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++#define MAX_STACK_FRAME 102400 ++ ++void ++grub_backtrace_pointer (int frame) ++{ ++ while (1) ++ { ++ void *lp = __builtin_return_address (frame); ++ if (!lp) ++ break; ++ ++ lp = __builtin_extract_return_addr (lp); ++ ++ grub_printf ("%p: ", lp); ++ grub_backtrace_print_address (lp); ++ grub_printf (" ("); ++ for (i = 0; i < 2; i++) ++ grub_printf ("%p,", ((void **)ptr) [i + 2]); ++ grub_printf ("%p)\n", ((void **)ptr) [i + 2]); ++ nptr = *(void **)ptr; ++ if (nptr < ptr || (void **) nptr - (void **) ptr > MAX_STACK_FRAME ++ || nptr == ptr) ++ { ++ grub_printf ("Invalid stack frame at %p (%p)\n", ptr, nptr); ++ break; ++ } ++ ptr = nptr; ++ } ++} ++ ++void ++grub_backtrace (void) ++{ ++ grub_backtrace_pointer (1); ++} ++ +diff --git a/grub-core/lib/backtrace.c b/grub-core/lib/backtrace.c +index 825a8800e..c0ad6ab8b 100644 +--- a/grub-core/lib/backtrace.c ++++ b/grub-core/lib/backtrace.c +@@ -29,6 +29,7 @@ GRUB_MOD_LICENSE ("GPLv3+"); + void + grub_backtrace_print_address (void *addr) + { ++#ifndef GRUB_UTIL + grub_dl_t mod; + + FOR_DL_MODULES (mod) +@@ -44,6 +45,7 @@ grub_backtrace_print_address (void *addr) + } + } + ++#endif + grub_printf ("%p", addr); + } + +diff --git a/grub-core/lib/i386/backtrace.c b/grub-core/lib/i386/backtrace.c +index c3e03c727..c67273db3 100644 +--- a/grub-core/lib/i386/backtrace.c ++++ b/grub-core/lib/i386/backtrace.c +@@ -15,11 +15,23 @@ + * You should have received a copy of the GNU General Public License + * along with GRUB. If not, see . + */ ++#include ++#ifdef GRUB_UTIL ++#define REALLY_GRUB_UTIL GRUB_UTIL ++#undef GRUB_UTIL ++#endif ++ ++#include ++#include ++ ++#ifdef REALLY_GRUB_UTIL ++#define GRUB_UTIL REALLY_GRUB_UTIL ++#undef REALLY_GRUB_UTIL ++#endif + + #include + #include + #include +-#include + #include + #include + #include diff --git a/SOURCES/0081-Make-grub-editenv-build-again.patch b/SOURCES/0081-Make-grub-editenv-build-again.patch new file mode 100644 index 0000000..6e4a753 --- /dev/null +++ b/SOURCES/0081-Make-grub-editenv-build-again.patch @@ -0,0 +1,27 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Fri, 4 Mar 2016 16:29:13 -0500 +Subject: [PATCH] Make grub-editenv build again. + +36212460d3565b18439a3a8130b28e6c97702c6a split how some of the mkimage +utility functions are defined, and they wind up being linked into +grub-editenv. Most utilities got fixed, but this one was missed. + +Signed-off-by: Peter Jones +--- + Makefile.util.def | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/Makefile.util.def b/Makefile.util.def +index 2d032643d..879e8eb98 100644 +--- a/Makefile.util.def ++++ b/Makefile.util.def +@@ -237,6 +237,8 @@ program = { + extra_dist = grub-core/osdep/unix/compress.c; + extra_dist = grub-core/osdep/basic/compress.c; + common = util/mkimage.c; ++ common = util/grub-mkimage32.c; ++ common = util/grub-mkimage64.c; + common = grub-core/osdep/config.c; + common = util/config.c; + common = util/resolve.c; diff --git a/SOURCES/0082-Fix-up-some-man-pages-rpmdiff-noticed.patch b/SOURCES/0082-Fix-up-some-man-pages-rpmdiff-noticed.patch new file mode 100644 index 0000000..94ce902 --- /dev/null +++ b/SOURCES/0082-Fix-up-some-man-pages-rpmdiff-noticed.patch @@ -0,0 +1,150 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Tue, 23 Sep 2014 09:58:49 -0400 +Subject: [PATCH] Fix up some man pages rpmdiff noticed. + +--- + configure.ac | 2 ++ + util/grub-macbless.8 | 26 +++++++++++++++++++ + util/grub-mkimage.1 | 2 +- + util/grub-syslinux2cfg.1 | 65 ++++++++++++++++++++++++++++++++++++++++++++++++ + 4 files changed, 94 insertions(+), 1 deletion(-) + create mode 100644 util/grub-macbless.8 + create mode 100644 util/grub-syslinux2cfg.1 + +diff --git a/configure.ac b/configure.ac +index aa06ed59c..f69f89867 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -80,6 +80,7 @@ grub_TRANSFORM([grub-get-kernel-settings.3]) + grub_TRANSFORM([grub-glue-efi.3]) + grub_TRANSFORM([grub-install.1]) + grub_TRANSFORM([grub-kbdcomp.3]) ++grub_TRANSFORM([grub-macbless.8]) + grub_TRANSFORM([grub-menulst2cfg.1]) + grub_TRANSFORM([grub-mkconfig.1]) + grub_TRANSFORM([grub-mkfont.3]) +@@ -98,6 +99,7 @@ grub_TRANSFORM([grub-render-label.3]) + grub_TRANSFORM([grub-script-check.3]) + grub_TRANSFORM([grub-set-default.1]) + grub_TRANSFORM([grub-sparc64-setup.3]) ++grub_TRANSFORM([grub-syslinux2cfg.1]) + + # Optimization flag. Allow user to override. + if test "x$TARGET_CFLAGS" = x; then +diff --git a/util/grub-macbless.8 b/util/grub-macbless.8 +new file mode 100644 +index 000000000..ae842f3a6 +--- /dev/null ++++ b/util/grub-macbless.8 +@@ -0,0 +1,26 @@ ++.TH GRUB-MACBLESS 1 "Wed Feb 26 2014" ++.SH NAME ++\fBgrub-macbless\fR \(em Mac-style bless utility for HFS or HFS+ ++ ++.SH SYNOPSIS ++\fBgrub-macbless\fR [-p | --ppc] [-v | --verbose] [-x | --x86] \fIFILE\fR ++ ++.SH DESCRIPTION ++\fBgrub-mkimage\fR blesses a file on an HFS or HFS+ file system, so that it ++can be used to boot a Mac. ++ ++.SH OPTIONS ++.TP ++--ppc ++Bless the file for use on PPC-based Macs. ++ ++.TP ++--verbose ++Print verbose messages. ++ ++.TP ++--x86 ++Bless the file for use on x86-based Macs. ++ ++.SH SEE ALSO ++.BR "info grub" +diff --git a/util/grub-mkimage.1 b/util/grub-mkimage.1 +index 4dea4f545..0eaaafe50 100644 +--- a/util/grub-mkimage.1 ++++ b/util/grub-mkimage.1 +@@ -17,7 +17,7 @@ + [-v | --verbose] \fIMODULES\fR + + .SH DESCRIPTION +-\fBgrub-mkimage\fI builds a bootable image of GRUB. ++\fBgrub-mkimage\fR builds a bootable image of GRUB. + + .SH OPTIONS + .TP +diff --git a/util/grub-syslinux2cfg.1 b/util/grub-syslinux2cfg.1 +new file mode 100644 +index 000000000..853094827 +--- /dev/null ++++ b/util/grub-syslinux2cfg.1 +@@ -0,0 +1,65 @@ ++.TH GRUB-SYSLINUX2CFG 1 "Wed Feb 26 2014" ++.SH NAME ++\fBgrub-syslinux2cfg\fR \(em Transform a syslinux config file into a GRUB config. ++ ++.SH SYNOPSIS ++\fBgrub-syslinux2cfg\fR [-c | --cwd=\fRDIR\fI] [-r | --root=\fIDIR\fR] [-v | --verbose] ++.RE ++.RS 25 ++[-t | --target-root=\fIDIR\fR] [-T | --target-cwd=\fIDIR\fR] ++.RE ++.RS 25 ++[-o | --output=\fIFILE\fR] [[-i | --isolinux] | ++.RE ++.RS 46 ++ [-s | --syslinux] | ++.RE ++.RS 46 ++ [-p | --pxelinux]] \fIFILE\fR ++ ++.SH DESCRIPTION ++\fBgrub-syslinux2cfg\fR builds a GRUB configuration file out of an existing ++syslinux configuration file. ++ ++.SH OPTIONS ++.TP ++--cwd=\fIDIR\fR ++Set \fIDIR\fR as syslinux's working directory. The default is to use the ++parent directory of the input file. ++ ++.TP ++--root=\fIDIR\fR ++Set \fIDIR\fR as the root directory of the syslinux disk. The default value ++is "/". ++ ++.TP ++--verbose ++Print verbose messages. ++ ++.TP ++--target-root=\fIDIR\fR ++Root directory as it will be seen at runtime. The default value is "/". ++ ++.TP ++--target-cwd=\fIDIR\fR ++Working directory of syslinux as it will be seen at runtime. The default ++value is the parent directory of the input file. ++ ++.TP ++--output=\fIFILE\fR ++Write the new config file to \fIFILE\fR. The default value is standard output. ++ ++.TP ++--isolinux ++Assume that the input file is an isolinux configuration file. ++ ++.TP ++--pxelinux ++Assume that the input file is a pxelinux configuration file. ++ ++.TP ++--syslinux ++Assume that the input file is a syslinux configuration file. ++ ++.SH SEE ALSO ++.BR "info grub" diff --git a/SOURCES/0083-Make-exit-take-a-return-code.patch b/SOURCES/0083-Make-exit-take-a-return-code.patch new file mode 100644 index 0000000..4592a76 --- /dev/null +++ b/SOURCES/0083-Make-exit-take-a-return-code.patch @@ -0,0 +1,53 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Wed, 26 Feb 2014 21:49:12 -0500 +Subject: [PATCH] Make "exit" take a return code. + +This adds "exit" with a return code. With this patch, any "exit" +command /may/ include a return code, and on platforms that support +returning with an exit status, we will do so. By default we return the +same exit status we did before this patch. + +Signed-off-by: Peter Jones +--- + grub-core/kern/emu/main.c | 6 ++++++ + grub-core/kern/misc.c | 9 +++++++++ + 2 files changed, 15 insertions(+) + +diff --git a/grub-core/kern/emu/main.c b/grub-core/kern/emu/main.c +index 55ea5a11c..7e47ec812 100644 +--- a/grub-core/kern/emu/main.c ++++ b/grub-core/kern/emu/main.c +@@ -72,6 +72,12 @@ grub_exit (int retval __attribute__((unused))) + grub_reboot (); + } + ++void ++grub_exit (int retval __attribute__((unused))) ++{ ++ grub_reboot (); ++} ++ + void + grub_machine_init (void) + { +diff --git a/grub-core/kern/misc.c b/grub-core/kern/misc.c +index 5ce89a40c..04371ac49 100644 +--- a/grub-core/kern/misc.c ++++ b/grub-core/kern/misc.c +@@ -1120,6 +1120,15 @@ grub_abort (void) + grub_exit (1); + } + ++#if defined (__clang__) && !defined (GRUB_UTIL) ++/* clang emits references to abort(). */ ++void __attribute__ ((noreturn)) ++abort (void) ++{ ++ grub_abort (); ++} ++#endif ++ + void + grub_fatal (const char *fmt, ...) + { diff --git a/SOURCES/0084-arm64-make-sure-fdt-has-address-cells-and-size-cells.patch b/SOURCES/0084-arm64-make-sure-fdt-has-address-cells-and-size-cells.patch new file mode 100644 index 0000000..f471ae3 --- /dev/null +++ b/SOURCES/0084-arm64-make-sure-fdt-has-address-cells-and-size-cells.patch @@ -0,0 +1,42 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Mark Salter +Date: Mon, 17 Apr 2017 08:44:29 -0400 +Subject: [PATCH] arm64: make sure fdt has #address-cells and #size-cells + properties + +Recent upstream changes to kexec-tools relies on #address-cells +and #size-cells properties in the FDT. If grub2 needs to create +a chosen node, it is likely because firmware did not provide one. +In that case, set #address-cells and #size-cells properties to +make sure they exist. +--- + grub-core/loader/arm64/linux.c | 16 +++++++++++++++- + 1 file changed, 15 insertions(+), 1 deletion(-) + +diff --git a/grub-core/loader/arm64/linux.c b/grub-core/loader/arm64/linux.c +index a1ac7a388..93b5cd306 100644 +--- a/grub-core/loader/arm64/linux.c ++++ b/grub-core/loader/arm64/linux.c +@@ -80,7 +80,21 @@ finalize_params_linux (void) + + node = grub_fdt_find_subnode (fdt, 0, "chosen"); + if (node < 0) +- node = grub_fdt_add_subnode (fdt, 0, "chosen"); ++ { ++ /* ++ * If we have to create a chosen node, Make sure we ++ * have #address-cells and #size-cells properties. ++ */ ++ retval = grub_fdt_set_prop32(fdt, 0, "#address-cells", 2); ++ if (retval) ++ goto failure; ++ ++ retval = grub_fdt_set_prop32(fdt, 0, "#size-cells", 2); ++ if (retval) ++ goto failure; ++ ++ node = grub_fdt_add_subnode (fdt, 0, "chosen"); ++ } + + if (node < 1) + goto failure; diff --git a/SOURCES/0085-Make-our-info-pages-say-grub2-where-appropriate.patch b/SOURCES/0085-Make-our-info-pages-say-grub2-where-appropriate.patch new file mode 100644 index 0000000..75d438a --- /dev/null +++ b/SOURCES/0085-Make-our-info-pages-say-grub2-where-appropriate.patch @@ -0,0 +1,1013 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Fri, 6 May 2016 18:43:08 -0400 +Subject: [PATCH] Make our info pages say "grub2" where appropriate. + +This needs to be hooked up to --program-transform=, but I haven't had +time. + +Signed-off-by: Peter Jones +--- + docs/grub-dev.texi | 4 +- + docs/grub.texi | 318 ++++++++++++++++++++++++++--------------------------- + 2 files changed, 161 insertions(+), 161 deletions(-) + +diff --git a/docs/grub-dev.texi b/docs/grub-dev.texi +index a9f4de631..3ce827ab7 100644 +--- a/docs/grub-dev.texi ++++ b/docs/grub-dev.texi +@@ -1,7 +1,7 @@ + \input texinfo + @c -*-texinfo-*- + @c %**start of header +-@setfilename grub-dev.info ++@setfilename grub2-dev.info + @include version-dev.texi + @settitle GNU GRUB Developers Manual @value{VERSION} + @c Unify all our little indices for now. +@@ -32,7 +32,7 @@ Invariant Sections. + + @dircategory Kernel + @direntry +-* grub-dev: (grub-dev). The GRand Unified Bootloader Dev ++* grub2-dev: (grub2-dev). The GRand Unified Bootloader Dev + @end direntry + + @setchapternewpage odd +diff --git a/docs/grub.texi b/docs/grub.texi +index a7155c22f..2b7b7faf8 100644 +--- a/docs/grub.texi ++++ b/docs/grub.texi +@@ -1,7 +1,7 @@ + \input texinfo + @c -*-texinfo-*- + @c %**start of header +-@setfilename grub.info ++@setfilename grub2.info + @include version.texi + @settitle GNU GRUB Manual @value{VERSION} + @c Unify all our little indices for now. +@@ -32,15 +32,15 @@ Invariant Sections. + + @dircategory Kernel + @direntry +-* GRUB: (grub). The GRand Unified Bootloader +-* grub-install: (grub)Invoking grub-install. Install GRUB on your drive +-* grub-mkconfig: (grub)Invoking grub-mkconfig. Generate GRUB configuration +-* grub-mkpasswd-pbkdf2: (grub)Invoking grub-mkpasswd-pbkdf2. +-* grub-mkrelpath: (grub)Invoking grub-mkrelpath. +-* grub-mkrescue: (grub)Invoking grub-mkrescue. Make a GRUB rescue image +-* grub-mount: (grub)Invoking grub-mount. Mount a file system using GRUB +-* grub-probe: (grub)Invoking grub-probe. Probe device information +-* grub-script-check: (grub)Invoking grub-script-check. ++* GRUB2: (grub2). The GRand Unified Bootloader ++* grub2-install: (grub2)Invoking grub2-install. Install GRUB on your drive ++* grub2-mkconfig: (grub2)Invoking grub2-mkconfig. Generate GRUB configuration ++* grub2-mkpasswd-pbkdf2: (grub2)Invoking grub2-mkpasswd-pbkdf2. ++* grub2-mkrelpath: (grub2)Invoking grub2-mkrelpath. ++* grub2-mkrescue: (grub2)Invoking grub2-mkrescue. Make a GRUB rescue image ++* grub2-mount: (grub2)Invoking grub2-mount. Mount a file system using GRUB ++* grub2-probe: (grub2)Invoking grub2-probe. Probe device information ++* grub2-script-check: (grub2)Invoking grub2-script-check. + @end direntry + + @setchapternewpage odd +@@ -103,15 +103,15 @@ This edition documents version @value{VERSION}. + * Platform-specific operations:: Platform-specific operations + * Supported kernels:: The list of supported kernels + * Troubleshooting:: Error messages produced by GRUB +-* Invoking grub-install:: How to use the GRUB installer +-* Invoking grub-mkconfig:: Generate a GRUB configuration file +-* Invoking grub-mkpasswd-pbkdf2:: ++* Invoking grub2-install:: How to use the GRUB installer ++* Invoking grub2-mkconfig:: Generate a GRUB configuration file ++* Invoking grub2-mkpasswd-pbkdf2:: + Generate GRUB password hashes +-* Invoking grub-mkrelpath:: Make system path relative to its root +-* Invoking grub-mkrescue:: Make a GRUB rescue image +-* Invoking grub-mount:: Mount a file system using GRUB +-* Invoking grub-probe:: Probe device information for GRUB +-* Invoking grub-script-check:: Check GRUB script file for syntax errors ++* Invoking grub2-mkrelpath:: Make system path relative to its root ++* Invoking grub2-mkrescue:: Make a GRUB rescue image ++* Invoking grub2-mount:: Mount a file system using GRUB ++* Invoking grub2-probe:: Probe device information for GRUB ++* Invoking grub2-script-check:: Check GRUB script file for syntax errors + * Obtaining and Building GRUB:: How to obtain and build GRUB + * Reporting bugs:: Where you should send a bug report + * Future:: Some future plans on GRUB +@@ -230,7 +230,7 @@ surprising. + + @item + @file{grub.cfg} is typically automatically generated by +-@command{grub-mkconfig} (@pxref{Simple configuration}). This makes it ++@command{grub2-mkconfig} (@pxref{Simple configuration}). This makes it + easier to handle versioned kernel upgrades. + + @item +@@ -244,7 +244,7 @@ scripting language: variables, conditionals, and loops are available. + @item + A small amount of persistent storage is available across reboots, using the + @command{save_env} and @command{load_env} commands in GRUB and the +-@command{grub-editenv} utility. This is not available in all configurations ++@command{grub2-editenv} utility. This is not available in all configurations + (@pxref{Environment block}). + + @item +@@ -549,7 +549,7 @@ On OS which have device nodes similar to Unix-like OS GRUB tools use the + OS name. E.g. for GNU/Linux: + + @example +-# @kbd{grub-install /dev/sda} ++# @kbd{grub2-install /dev/sda} + @end example + + On AROS we use another syntax. For volumes: +@@ -572,7 +572,7 @@ For disks we use syntax: + E.g. + + @example +-# @kbd{grub-install //:ata.device/0/0} ++# @kbd{grub2-install //:ata.device/0/0} + @end example + + On Windows we use UNC path. For volumes it's typically +@@ -599,7 +599,7 @@ For disks it's + E.g. + + @example +-# @kbd{grub-install \\?\PhysicalDrive0} ++# @kbd{grub2-install \\?\PhysicalDrive0} + @end example + + Beware that you may need to further escape the backslashes depending on your +@@ -609,7 +609,7 @@ When compiled with cygwin support then cygwin drive names are automatically + when needed. E.g. + + @example +-# @kbd{grub-install /dev/sda} ++# @kbd{grub2-install /dev/sda} + @end example + + @node Installation +@@ -622,7 +622,7 @@ from the source tarball, or as a package for your OS. + + After you have done that, you need to install the boot loader on a + drive (floppy or hard disk) by using the utility +-@command{grub-install} (@pxref{Invoking grub-install}) on a UNIX-like OS. ++@command{grub2-install} (@pxref{Invoking grub2-install}) on a UNIX-like OS. + + GRUB comes with boot images, which are normally put in the directory + @file{/usr/lib/grub/-} (for BIOS-based machines +@@ -633,22 +633,22 @@ loader needs to find them (usually @file{/boot}) will be called + the @dfn{boot directory}. + + @menu +-* Installing GRUB using grub-install:: ++* Installing GRUB using grub2-install:: + * Making a GRUB bootable CD-ROM:: + * Device map:: + * BIOS installation:: + @end menu + + +-@node Installing GRUB using grub-install +-@section Installing GRUB using grub-install ++@node Installing GRUB using grub2-install ++@section Installing GRUB using grub2-install + + For information on where GRUB should be installed on PC BIOS platforms, + @pxref{BIOS installation}. + + In order to install GRUB under a UNIX-like OS (such +-as @sc{gnu}), invoke the program @command{grub-install} (@pxref{Invoking +-grub-install}) as the superuser (@dfn{root}). ++as @sc{gnu}), invoke the program @command{grub2-install} (@pxref{Invoking ++grub2-install}) as the superuser (@dfn{root}). + + The usage is basically very simple. You only need to specify one + argument to the program, namely, where to install the boot loader. The +@@ -657,13 +657,13 @@ For example, under Linux the following will install GRUB into the MBR + of the first IDE disk: + + @example +-# @kbd{grub-install /dev/sda} ++# @kbd{grub2-install /dev/sda} + @end example + + Likewise, under GNU/Hurd, this has the same effect: + + @example +-# @kbd{grub-install /dev/hd0} ++# @kbd{grub2-install /dev/hd0} + @end example + + But all the above examples assume that GRUB should put images under +@@ -677,7 +677,7 @@ boot floppy with a filesystem. Here is an example: + # @kbd{mke2fs /dev/fd0} + # @kbd{mount -t ext2 /dev/fd0 /mnt} + # @kbd{mkdir /mnt/boot} +-# @kbd{grub-install --boot-directory=/mnt/boot /dev/fd0} ++# @kbd{grub2-install --boot-directory=/mnt/boot /dev/fd0} + # @kbd{umount /mnt} + @end group + @end example +@@ -689,16 +689,16 @@ floppy instead of exposing the USB drive as a hard disk (they call it + @example + # @kbd{losetup /dev/loop0 /dev/sdb1} + # @kbd{mount /dev/loop0 /mnt/usb} +-# @kbd{grub-install --boot-directory=/mnt/usb/bugbios --force --allow-floppy /dev/loop0} ++# @kbd{grub2-install --boot-directory=/mnt/usb/bugbios --force --allow-floppy /dev/loop0} + @end example + + This install doesn't conflict with standard install as long as they are in + separate directories. + +-Note that @command{grub-install} is actually just a shell script and the +-real task is done by other tools such as @command{grub-mkimage}. Therefore, ++Note that @command{grub2-install} is actually just a shell script and the ++real task is done by other tools such as @command{grub2-mkimage}. Therefore, + you may run those commands directly to install GRUB, without using +-@command{grub-install}. Don't do that, however, unless you are very familiar ++@command{grub2-install}. Don't do that, however, unless you are very familiar + with the internals of GRUB. Installing a boot loader on a running OS may be + extremely dangerous. + +@@ -706,20 +706,20 @@ On EFI systems for fixed disk install you have to mount EFI System Partition. + If you mount it at @file{/boot/efi} then you don't need any special arguments: + + @example +-# @kbd{grub-install} ++# @kbd{grub2-install} + @end example + + Otherwise you need to specify where your EFI System partition is mounted: + + @example +-# @kbd{grub-install --efi-directory=/mnt/efi} ++# @kbd{grub2-install --efi-directory=/mnt/efi} + @end example + + For removable installs you have to use @option{--removable} and specify both + @option{--boot-directory} and @option{--efi-directory}: + + @example +-# @kbd{grub-install --efi-directory=/mnt/usb --boot-directory=/mnt/usb/boot --removable} ++# @kbd{grub2-install --efi-directory=/mnt/usb --boot-directory=/mnt/usb/boot --removable} + @end example + + @node Making a GRUB bootable CD-ROM +@@ -739,10 +739,10 @@ usually also need to include a configuration file @file{grub.cfg} and some + other GRUB modules. + + To make a simple generic GRUB rescue CD, you can use the +-@command{grub-mkrescue} program (@pxref{Invoking grub-mkrescue}): ++@command{grub2-mkrescue} program (@pxref{Invoking grub2-mkrescue}): + + @example +-$ @kbd{grub-mkrescue -o grub.iso} ++$ @kbd{grub2-mkrescue -o grub.iso} + @end example + + You will often need to include other files in your image. To do this, first +@@ -765,7 +765,7 @@ directory @file{iso/}. + Finally, make the image: + + @example +-$ @kbd{grub-mkrescue -o grub.iso iso} ++$ @kbd{grub2-mkrescue -o grub.iso iso} + @end example + + This produces a file named @file{grub.iso}, which then can be burned +@@ -781,7 +781,7 @@ storage devices. + @node Device map + @section The map between BIOS drives and OS devices + +-If the device map file exists, the GRUB utilities (@command{grub-probe}, ++If the device map file exists, the GRUB utilities (@command{grub2-probe}, + etc.) read it to map BIOS drives to OS devices. This file consists of lines + like this: + +@@ -1225,23 +1225,23 @@ need to write the whole thing by hand. + @node Simple configuration + @section Simple configuration handling + +-The program @command{grub-mkconfig} (@pxref{Invoking grub-mkconfig}) ++The program @command{grub2-mkconfig} (@pxref{Invoking grub2-mkconfig}) + generates @file{grub.cfg} files suitable for most cases. It is suitable for + use when upgrading a distribution, and will discover available kernels and + attempt to generate menu entries for them. + +-@command{grub-mkconfig} does have some limitations. While adding extra ++@command{grub2-mkconfig} does have some limitations. While adding extra + custom menu entries to the end of the list can be done by editing +-@file{/etc/grub.d/40_custom} or creating @file{/boot/grub/custom.cfg}, ++@file{/etc/grub.d/40_custom} or creating @file{/boot/grub2/custom.cfg}, + changing the order of menu entries or changing their titles may require + making complex changes to shell scripts stored in @file{/etc/grub.d/}. This + may be improved in the future. In the meantime, those who feel that it + would be easier to write @file{grub.cfg} directly are encouraged to do so + (@pxref{Booting}, and @ref{Shell-like scripting}), and to disable any system +-provided by their distribution to automatically run @command{grub-mkconfig}. ++provided by their distribution to automatically run @command{grub2-mkconfig}. + + The file @file{/etc/default/grub} controls the operation of +-@command{grub-mkconfig}. It is sourced by a shell script, and so must be ++@command{grub2-mkconfig}. It is sourced by a shell script, and so must be + valid POSIX shell input; normally, it will just be a sequence of + @samp{KEY=value} lines, but if the value contains spaces or other special + characters then it must be quoted. For example: +@@ -1279,7 +1279,7 @@ works it's not recommended since titles often contain unstable device names + and may be translated + + If you set this to @samp{saved}, then the default menu entry will be that +-saved by @samp{GRUB_SAVEDEFAULT} or @command{grub-set-default}. This relies on ++saved by @samp{GRUB_SAVEDEFAULT} or @command{grub2-set-default}. This relies on + the environment block, which may not be available in all situations + (@pxref{Environment block}). + +@@ -1290,7 +1290,7 @@ If this option is set to @samp{true}, then, when an entry is selected, save + it as a new default entry for use by future runs of GRUB. This is only + useful if @samp{GRUB_DEFAULT=saved}; it is a separate option because + @samp{GRUB_DEFAULT=saved} is useful without this option, in conjunction with +-@command{grub-set-default}. Unset by default. ++@command{grub2-set-default}. Unset by default. + This option relies on the environment block, which may not be available in + all situations (@pxref{Environment block}). + +@@ -1420,7 +1420,7 @@ intel-uc.img intel-ucode.img amd-uc.img amd-ucode.img early_ucode.cpio microcode + @end example + + @item GRUB_DISABLE_LINUX_UUID +-Normally, @command{grub-mkconfig} will generate menu entries that use ++Normally, @command{grub2-mkconfig} will generate menu entries that use + universally-unique identifiers (UUIDs) to identify the root filesystem to + the Linux kernel, using a @samp{root=UUID=...} kernel parameter. This is + usually more reliable, but in some cases it may not be appropriate. To +@@ -1442,7 +1442,7 @@ If this option is set to @samp{true}, disable the generation of recovery + mode menu entries. + + @item GRUB_DISABLE_UUID +-Normally, @command{grub-mkconfig} will generate menu entries that use ++Normally, @command{grub2-mkconfig} will generate menu entries that use + universally-unique identifiers (UUIDs) to identify various filesystems to + search for files. This is usually more reliable, but in some cases it may + not be appropriate. To disable this use of UUIDs, set this option to +@@ -1451,12 +1451,12 @@ not be appropriate. To disable this use of UUIDs, set this option to + @item GRUB_VIDEO_BACKEND + If graphical video support is required, either because the @samp{gfxterm} + graphical terminal is in use or because @samp{GRUB_GFXPAYLOAD_LINUX} is set, +-then @command{grub-mkconfig} will normally load all available GRUB video ++then @command{grub2-mkconfig} will normally load all available GRUB video + drivers and use the one most appropriate for your hardware. If you need to + override this for some reason, then you can set this option. + +-After @command{grub-install} has been run, the available video drivers are +-listed in @file{/boot/grub/video.lst}. ++After @command{grub2-install} has been run, the available video drivers are ++listed in @file{/boot/grub2/video.lst}. + + @item GRUB_GFXMODE + Set the resolution used on the @samp{gfxterm} graphical terminal. Note that +@@ -1488,7 +1488,7 @@ boot sequence. If you have problems, set this option to @samp{text} and + GRUB will tell Linux to boot in normal text mode. + + @item GRUB_DISABLE_OS_PROBER +-Normally, @command{grub-mkconfig} will try to use the external ++Normally, @command{grub2-mkconfig} will try to use the external + @command{os-prober} program, if installed, to discover other operating + systems installed on the same system and generate appropriate menu entries + for them. Set this option to @samp{true} to disable this. +@@ -1498,7 +1498,7 @@ List of space-separated FS UUIDs of filesystems to be ignored from os-prober + output. For efi chainloaders it's @@ + + @item GRUB_DISABLE_SUBMENU +-Normally, @command{grub-mkconfig} will generate top level menu entry for ++Normally, @command{grub2-mkconfig} will generate top level menu entry for + the kernel with highest version number and put all other found kernels + or alternative menu entries for recovery mode in submenu. For entries returned + by @command{os-prober} first entry will be put on top level and all others +@@ -1506,11 +1506,11 @@ in submenu. If this option is set to @samp{y}, flat menu with all entries + on top level will be generated instead. Changing this option will require + changing existing values of @samp{GRUB_DEFAULT}, @samp{fallback} (@pxref{fallback}) + and @samp{default} (@pxref{default}) environment variables as well as saved +-default entry using @command{grub-set-default} and value used with +-@command{grub-reboot}. ++default entry using @command{grub2-set-default} and value used with ++@command{grub2-reboot}. + + @item GRUB_ENABLE_CRYPTODISK +-If set to @samp{y}, @command{grub-mkconfig} and @command{grub-install} will ++If set to @samp{y}, @command{grub2-mkconfig} and @command{grub2-install} will + check for encrypted disks and generate additional commands needed to access + them during boot. Note that in this case unattended boot is not possible + because GRUB will wait for passphrase to unlock encrypted container. +@@ -1569,7 +1569,7 @@ confusing @samp{GRUB_TIMEOUT_STYLE=countdown} or + + @end table + +-For more detailed customisation of @command{grub-mkconfig}'s output, you may ++For more detailed customisation of @command{grub2-mkconfig}'s output, you may + edit the scripts in @file{/etc/grub.d} directly. + @file{/etc/grub.d/40_custom} is particularly useful for adding entire custom + menu entries; simply type the menu entries you want to add at the end of +@@ -1831,7 +1831,7 @@ images as well. + Mount this partition on/mnt/boot and disable GRUB in all OSes and manually + install self-compiled latest GRUB with: + +-@code{grub-install --boot-directory=/mnt/boot /dev/sda} ++@code{grub2-install --boot-directory=/mnt/boot /dev/sda} + + In all the OSes install GRUB tools but disable installing GRUB in bootsector, + so you'll have menu.lst and grub.cfg available for use. Also disable os-prober +@@ -1841,20 +1841,20 @@ use by setting: + + in /etc/default/grub + +-Then write a grub.cfg (/mnt/boot/grub/grub.cfg): ++Then write a grub.cfg (/mnt/boot/grub2/grub.cfg): + + @example + + menuentry "OS using grub2" @{ + insmod xfs + search --set=root --label OS1 --hint hd0,msdos8 +- configfile /boot/grub/grub.cfg ++ configfile /boot/grub2/grub.cfg + @} + + menuentry "OS using grub2-legacy" @{ + insmod ext2 + search --set=root --label OS2 --hint hd0,msdos6 +- legacy_configfile /boot/grub/menu.lst ++ legacy_configfile /boot/grub2/menu.lst + @} + + menuentry "Windows XP" @{ +@@ -1917,15 +1917,15 @@ GRUB supports embedding a configuration file directly into the core image, + so that it is loaded before entering normal mode. This is useful, for + example, when it is not straightforward to find the real configuration file, + or when you need to debug problems with loading that file. +-@command{grub-install} uses this feature when it is not using BIOS disk ++@command{grub2-install} uses this feature when it is not using BIOS disk + functions or when installing to a different disk from the one containing + @file{/boot/grub}, in which case it needs to use the @command{search} + command (@pxref{search}) to find @file{/boot/grub}. + + To embed a configuration file, use the @option{-c} option to +-@command{grub-mkimage}. The file is copied into the core image, so it may ++@command{grub2-mkimage}. The file is copied into the core image, so it may + reside anywhere on the file system, and may be removed after running +-@command{grub-mkimage}. ++@command{grub2-mkimage}. + + After the embedded configuration file (if any) is executed, GRUB will load + the @samp{normal} module (@pxref{normal}), which will then read the real +@@ -1960,13 +1960,13 @@ included in the core image: + @example + @group + search.fs_label grub root +-if [ -e /boot/grub/example/test1.cfg ]; then ++if [ -e /boot/grub2/example/test1.cfg ]; then + set prefix=($root)/boot/grub +- configfile /boot/grub/example/test1.cfg ++ configfile /boot/grub2/example/test1.cfg + else +- if [ -e /boot/grub/example/test2.cfg ]; then ++ if [ -e /boot/grub2/example/test2.cfg ]; then + set prefix=($root)/boot/grub +- configfile /boot/grub/example/test2.cfg ++ configfile /boot/grub2/example/test2.cfg + else + echo "Could not find an example configuration file!" + fi +@@ -2490,7 +2490,7 @@ grub-mknetdir --net-directory=/srv/tftp --subdir=/boot/grub -d /usr/lib/grub/i38 + @end group + @end example + +-Then follow instructions printed out by grub-mknetdir on configuring your DHCP ++Then follow instructions printed out by grub2-mknetdir on configuring your DHCP + server. + + The grub.cfg file is placed in the same directory as the path output by +@@ -2675,7 +2675,7 @@ team are: + @end table + + To take full advantage of this function, install GRUB into the MBR +-(@pxref{Installing GRUB using grub-install}). ++(@pxref{Installing GRUB using grub2-install}). + + If you have a laptop which has a similar feature and not in the above list + could you figure your address and contribute? +@@ -2736,7 +2736,7 @@ bytes. + The sole function of @file{boot.img} is to read the first sector of the core + image from a local disk and jump to it. Because of the size restriction, + @file{boot.img} cannot understand any file system structure, so +-@command{grub-install} hardcodes the location of the first sector of the ++@command{grub2-install} hardcodes the location of the first sector of the + core image into @file{boot.img} when installing GRUB. + + @item diskboot.img +@@ -2766,7 +2766,7 @@ images. + + @item core.img + This is the core image of GRUB. It is built dynamically from the kernel +-image and an arbitrary list of modules by the @command{grub-mkimage} ++image and an arbitrary list of modules by the @command{grub2-mkimage} + program. Usually, it contains enough modules to access @file{/boot/grub}, + and loads everything else (including menu handling, the ability to load + target operating systems, and so on) from the file system at run-time. The +@@ -2818,7 +2818,7 @@ GRUB 2 has no single Stage 2 image. Instead, it loads modules from + In GRUB 2, images for booting from CD-ROM drives are now constructed using + @file{cdboot.img} and @file{core.img}, making sure that the core image + contains the @samp{iso9660} module. It is usually best to use the +-@command{grub-mkrescue} program for this. ++@command{grub2-mkrescue} program for this. + + @item nbgrub + There is as yet no equivalent for @file{nbgrub} in GRUB 2; it was used by +@@ -2974,8 +2974,8 @@ There are two ways to specify files, by @dfn{absolute file name} and by + + An absolute file name resembles a Unix absolute file name, using + @samp{/} for the directory separator (not @samp{\} as in DOS). One +-example is @samp{(hd0,1)/boot/grub/grub.cfg}. This means the file +-@file{/boot/grub/grub.cfg} in the first partition of the first hard ++example is @samp{(hd0,1)/boot/grub2/grub.cfg}. This means the file ++@file{/boot/grub2/grub.cfg} in the first partition of the first hard + disk. If you omit the device name in an absolute file name, GRUB uses + GRUB's @dfn{root device} implicitly. So if you set the root device to, + say, @samp{(hd1,1)} by the command @samp{set root=(hd1,1)} (@pxref{set}), +@@ -2983,8 +2983,8 @@ then @code{/boot/kernel} is the same as @code{(hd1,1)/boot/kernel}. + + On ZFS filesystem the first path component must be + @var{volume}@samp{@@}[@var{snapshot}]. +-So @samp{/rootvol@@snap-129/boot/grub/grub.cfg} refers to file +-@samp{/boot/grub/grub.cfg} in snapshot of volume @samp{rootvol} with name ++So @samp{/rootvol@@snap-129/boot/grub2/grub.cfg} refers to file ++@samp{/boot/grub2/grub.cfg} in snapshot of volume @samp{rootvol} with name + @samp{snap-129}. Trailing @samp{@@} after volume name is mandatory even if + snapshot name is omitted. + +@@ -3387,7 +3387,7 @@ The more recent release of Minix would then be identified as + @samp{other>minix>minix-3.4.0}. + + This variable is often set by @samp{GRUB_DEFAULT} (@pxref{Simple +-configuration}), @command{grub-set-default}, or @command{grub-reboot}. ++configuration}), @command{grub2-set-default}, or @command{grub2-reboot}. + + + @node fallback +@@ -3477,7 +3477,7 @@ If this variable is set, it names the language code that the + example, French would be named as @samp{fr}, and Simplified Chinese as + @samp{zh_CN}. + +-@command{grub-mkconfig} (@pxref{Simple configuration}) will try to set a ++@command{grub2-mkconfig} (@pxref{Simple configuration}) will try to set a + reasonable default for this variable based on the system locale. + + +@@ -3485,10 +3485,10 @@ reasonable default for this variable based on the system locale. + @subsection locale_dir + + If this variable is set, it names the directory where translation files may +-be found (@pxref{gettext}), usually @file{/boot/grub/locale}. Otherwise, ++be found (@pxref{gettext}), usually @file{/boot/grub2/locale}. Otherwise, + internationalization is disabled. + +-@command{grub-mkconfig} (@pxref{Simple configuration}) will set a reasonable ++@command{grub2-mkconfig} (@pxref{Simple configuration}) will set a reasonable + default for this variable if internationalization is needed and any + translation files are available. + +@@ -3606,7 +3606,7 @@ input. The default is not to pause output. + + The location of the @samp{/boot/grub} directory as an absolute file name + (@pxref{File name syntax}). This is normally set by GRUB at startup based +-on information provided by @command{grub-install}. GRUB modules are ++on information provided by @command{grub2-install}. GRUB modules are + dynamically loaded from this directory, so it must be set correctly in order + for many parts of GRUB to work. + +@@ -3697,17 +3697,17 @@ GRUB provides an ``environment block'' which can be used to save a small + amount of state. + + The environment block is a preallocated 1024-byte file, which normally lives +-in @file{/boot/grub/grubenv} (although you should not assume this). At boot ++in @file{/boot/grub2/grubenv} (although you should not assume this). At boot + time, the @command{load_env} command (@pxref{load_env}) loads environment + variables from it, and the @command{save_env} (@pxref{save_env}) command + saves environment variables to it. From a running system, the +-@command{grub-editenv} utility can be used to edit the environment block. ++@command{grub2-editenv} utility can be used to edit the environment block. + + For safety reasons, this storage is only available when installed on a plain + disk (no LVM or RAID), using a non-checksumming filesystem (no ZFS), and + using BIOS or EFI functions (no ATA, USB or IEEE1275). + +-@command{grub-mkconfig} uses this facility to implement ++@command{grub2-mkconfig} uses this facility to implement + @samp{GRUB_SAVEDEFAULT} (@pxref{Simple configuration}). + + +@@ -4396,7 +4396,7 @@ Translate @var{string} into the current language. + + The current language code is stored in the @samp{lang} variable in GRUB's + environment (@pxref{lang}). Translation files in MO format are read from +-@samp{locale_dir} (@pxref{locale_dir}), usually @file{/boot/grub/locale}. ++@samp{locale_dir} (@pxref{locale_dir}), usually @file{/boot/grub2/locale}. + @end deffn + + +@@ -4791,7 +4791,7 @@ Define a user named @var{user} with password @var{clear-password}. + + @deffn Command password_pbkdf2 user hashed-password + Define a user named @var{user} with password hash @var{hashed-password}. +-Use @command{grub-mkpasswd-pbkdf2} (@pxref{Invoking grub-mkpasswd-pbkdf2}) ++Use @command{grub2-mkpasswd-pbkdf2} (@pxref{Invoking grub2-mkpasswd-pbkdf2}) + to generate password hashes. @xref{Security}. + @end deffn + +@@ -5614,8 +5614,8 @@ The @samp{password} (@pxref{password}) and @samp{password_pbkdf2} + which has an associated password. @samp{password} sets the password in + plain text, requiring @file{grub.cfg} to be secure; @samp{password_pbkdf2} + sets the password hashed using the Password-Based Key Derivation Function +-(RFC 2898), requiring the use of @command{grub-mkpasswd-pbkdf2} +-(@pxref{Invoking grub-mkpasswd-pbkdf2}) to generate password hashes. ++(RFC 2898), requiring the use of @command{grub2-mkpasswd-pbkdf2} ++(@pxref{Invoking grub2-mkpasswd-pbkdf2}) to generate password hashes. + + In order to enable authentication support, the @samp{superusers} environment + variable must be set to a list of usernames, separated by any of spaces, +@@ -5659,7 +5659,7 @@ menuentry "May be run by user1 or a superuser" --users user1 @{ + @end group + @end example + +-The @command{grub-mkconfig} program does not yet have built-in support for ++The @command{grub2-mkconfig} program does not yet have built-in support for + generating configuration files with authentication. You can use + @file{/etc/grub.d/40_custom} to add simple superuser authentication, by + adding @kbd{set superusers=} and @kbd{password} or @kbd{password_pbkdf2} +@@ -5684,15 +5684,15 @@ verified with a public key currently trusted by GRUB + validation fails, then file @file{foo} cannot be opened. This failure + may halt or otherwise impact the boot process. + +-@comment Unfortunately --pubkey is not yet supported by grub-install, +-@comment but we should not bring up internal detail grub-mkimage here ++@comment Unfortunately --pubkey is not yet supported by grub2-install, ++@comment but we should not bring up internal detail grub2-mkimage here + @comment in the user guide (as opposed to developer's manual). + + @comment An initial trusted public key can be embedded within the GRUB + @comment @file{core.img} using the @code{--pubkey} option to +-@comment @command{grub-mkimage} (@pxref{Invoking grub-install}). Presently it +-@comment is necessary to write a custom wrapper around @command{grub-mkimage} +-@comment using the @code{--grub-mkimage} flag to @command{grub-install}. ++@comment @command{grub2-mkimage} (@pxref{Invoking grub2-install}). Presently it ++@comment is necessary to write a custom wrapper around @command{grub2-mkimage} ++@comment using the @code{--grub-mkimage} flag to @command{grub2-install}. + + GRUB uses GPG-style detached signatures (meaning that a file + @file{foo.sig} will be produced when file @file{foo} is signed), and +@@ -5712,8 +5712,8 @@ gpg --detach-sign /path/to/file + For successful validation of all of GRUB's subcomponents and the + loaded OS kernel, they must all be signed. One way to accomplish this + is the following (after having already produced the desired +-@file{grub.cfg} file, e.g., by running @command{grub-mkconfig} +-(@pxref{Invoking grub-mkconfig}): ++@file{grub.cfg} file, e.g., by running @command{grub2-mkconfig} ++(@pxref{Invoking grub2-mkconfig}): + + @example + @group +@@ -5735,7 +5735,7 @@ See also: @ref{check_signatures}, @ref{verify_detached}, @ref{trust}, + Note that internally signature enforcement is controlled by setting + the environment variable @code{check_signatures} equal to + @code{enforce}. Passing one or more @code{--pubkey} options to +-@command{grub-mkimage} implicitly defines @code{check_signatures} ++@command{grub2-mkimage} implicitly defines @code{check_signatures} + equal to @code{enforce} in @file{core.img} prior to processing any + configuration files. + +@@ -6092,10 +6092,10 @@ Required files are: + + GRUB's normal start-up procedure involves setting the @samp{prefix} + environment variable to a value set in the core image by +-@command{grub-install}, setting the @samp{root} variable to match, loading ++@command{grub2-install}, setting the @samp{root} variable to match, loading + the @samp{normal} module from the prefix, and running the @samp{normal} + command (@pxref{normal}). This command is responsible for reading +-@file{/boot/grub/grub.cfg}, running the menu, and doing all the useful ++@file{/boot/grub2/grub.cfg}, running the menu, and doing all the useful + things GRUB is supposed to do. + + If, instead, you only get a rescue shell, this usually means that GRUB +@@ -6121,8 +6121,8 @@ normal + + However, any problem that leaves you in the rescue shell probably means that + GRUB was not correctly installed. It may be more useful to try to reinstall +-it properly using @kbd{grub-install @var{device}} (@pxref{Invoking +-grub-install}). When doing this, there are a few things to remember: ++it properly using @kbd{grub2-install @var{device}} (@pxref{Invoking ++grub2-install}). When doing this, there are a few things to remember: + + @itemize @bullet{} + @item +@@ -6134,7 +6134,7 @@ is usually better to use UUIDs or file system labels and avoid depending on + drive ordering entirely. + + @item +-At least on BIOS systems, if you tell @command{grub-install} to install GRUB ++At least on BIOS systems, if you tell @command{grub2-install} to install GRUB + to a partition but GRUB has already been installed in the master boot + record, then the GRUB installation in the partition will be ignored. + +@@ -6154,21 +6154,21 @@ support has not yet been added to GRUB. + @end itemize + + +-@node Invoking grub-install +-@chapter Invoking grub-install ++@node Invoking grub2-install ++@chapter Invoking grub2-install + +-The program @command{grub-install} generates a GRUB core image using +-@command{grub-mkimage} and installs it on your system. You must specify the ++The program @command{grub2-install} generates a GRUB core image using ++@command{grub2-mkimage} and installs it on your system. You must specify the + device name on which you want to install GRUB, like this: + + @example +-grub-install @var{install_device} ++grub2-install @var{install_device} + @end example + + The device name @var{install_device} is an OS device name or a GRUB + device name. + +-@command{grub-install} accepts the following options: ++@command{grub2-install} accepts the following options: + + @table @option + @item --help +@@ -6184,13 +6184,13 @@ separate partition or a removable disk. + If this option is not specified then it defaults to @file{/boot}, so + + @example +-@kbd{grub-install /dev/sda} ++@kbd{grub2-install /dev/sda} + @end example + + is equivalent to + + @example +-@kbd{grub-install --boot-directory=/boot/ /dev/sda} ++@kbd{grub2-install --boot-directory=/boot/ /dev/sda} + @end example + + Here is an example in which you have a separate @dfn{boot} partition which is +@@ -6198,16 +6198,16 @@ mounted on + @file{/mnt/boot}: + + @example +-@kbd{grub-install --boot-directory=/mnt/boot /dev/sdb} ++@kbd{grub2-install --boot-directory=/mnt/boot /dev/sdb} + @end example + + @item --recheck +-Recheck the device map, even if @file{/boot/grub/device.map} already ++Recheck the device map, even if @file{/boot/grub2/device.map} already + exists. You should use this option whenever you add/remove a disk + into/from your computer. + + @item --no-rs-codes +-By default on x86 BIOS systems, @command{grub-install} will use some ++By default on x86 BIOS systems, @command{grub2-install} will use some + extra space in the bootloader embedding area for Reed-Solomon + error-correcting codes. This enables GRUB to still boot successfully + if some blocks are corrupted. The exact amount of protection offered +@@ -6220,17 +6220,17 @@ installation}) where GRUB does not reside in any unpartitioned space + outside of the MBR. Disable the Reed-Solomon codes with this option. + @end table + +-@node Invoking grub-mkconfig +-@chapter Invoking grub-mkconfig ++@node Invoking grub2-mkconfig ++@chapter Invoking grub2-mkconfig + +-The program @command{grub-mkconfig} generates a configuration file for GRUB ++The program @command{grub2-mkconfig} generates a configuration file for GRUB + (@pxref{Simple configuration}). + + @example +-grub-mkconfig -o /boot/grub/grub.cfg ++grub-mkconfig -o /boot/grub2/grub.cfg + @end example + +-@command{grub-mkconfig} accepts the following options: ++@command{grub2-mkconfig} accepts the following options: + + @table @option + @item --help +@@ -6246,17 +6246,17 @@ it to standard output. + @end table + + +-@node Invoking grub-mkpasswd-pbkdf2 +-@chapter Invoking grub-mkpasswd-pbkdf2 ++@node Invoking grub2-mkpasswd-pbkdf2 ++@chapter Invoking grub2-mkpasswd-pbkdf2 + +-The program @command{grub-mkpasswd-pbkdf2} generates password hashes for ++The program @command{grub2-mkpasswd-pbkdf2} generates password hashes for + GRUB (@pxref{Security}). + + @example + grub-mkpasswd-pbkdf2 + @end example + +-@command{grub-mkpasswd-pbkdf2} accepts the following options: ++@command{grub2-mkpasswd-pbkdf2} accepts the following options: + + @table @option + @item -c @var{number} +@@ -6274,23 +6274,23 @@ Length of the salt. Defaults to 64. + @end table + + +-@node Invoking grub-mkrelpath +-@chapter Invoking grub-mkrelpath ++@node Invoking grub2-mkrelpath ++@chapter Invoking grub2-mkrelpath + +-The program @command{grub-mkrelpath} makes a file system path relative to ++The program @command{grub2-mkrelpath} makes a file system path relative to + the root of its containing file system. For instance, if @file{/usr} is a + mount point, then: + + @example +-$ @kbd{grub-mkrelpath /usr/share/grub/unicode.pf2} ++$ @kbd{grub2-mkrelpath /usr/share/grub/unicode.pf2} + @samp{/share/grub/unicode.pf2} + @end example + + This is mainly used internally by other GRUB utilities such as +-@command{grub-mkconfig} (@pxref{Invoking grub-mkconfig}), but may ++@command{grub2-mkconfig} (@pxref{Invoking grub2-mkconfig}), but may + occasionally also be useful for debugging. + +-@command{grub-mkrelpath} accepts the following options: ++@command{grub2-mkrelpath} accepts the following options: + + @table @option + @item --help +@@ -6301,17 +6301,17 @@ Print the version number of GRUB and exit. + @end table + + +-@node Invoking grub-mkrescue +-@chapter Invoking grub-mkrescue ++@node Invoking grub2-mkrescue ++@chapter Invoking grub2-mkrescue + +-The program @command{grub-mkrescue} generates a bootable GRUB rescue image ++The program @command{grub2-mkrescue} generates a bootable GRUB rescue image + (@pxref{Making a GRUB bootable CD-ROM}). + + @example + grub-mkrescue -o grub.iso + @end example + +-All arguments not explicitly listed as @command{grub-mkrescue} options are ++All arguments not explicitly listed as @command{grub2-mkrescue} options are + passed on directly to @command{xorriso} in @command{mkisofs} emulation mode. + Options passed to @command{xorriso} will normally be interpreted as + @command{mkisofs} options; if the option @samp{--} is used, then anything +@@ -6326,7 +6326,7 @@ mkdir -p disk/boot/grub + grub-mkrescue -o grub.iso disk + @end example + +-@command{grub-mkrescue} accepts the following options: ++@command{grub2-mkrescue} accepts the following options: + + @table @option + @item --help +@@ -6354,15 +6354,15 @@ Use @var{file} as the @command{xorriso} program, rather than the built-in + default. + + @item --grub-mkimage=@var{file} +-Use @var{file} as the @command{grub-mkimage} program, rather than the ++Use @var{file} as the @command{grub2-mkimage} program, rather than the + built-in default. + @end table + + +-@node Invoking grub-mount +-@chapter Invoking grub-mount ++@node Invoking grub2-mount ++@chapter Invoking grub2-mount + +-The program @command{grub-mount} performs a read-only mount of any file ++The program @command{grub2-mount} performs a read-only mount of any file + system or file system image that GRUB understands, using GRUB's file system + drivers via FUSE. (It is only available if FUSE development files were + present when GRUB was built.) This has a number of uses: +@@ -6394,13 +6394,13 @@ even if nobody has yet written a FUSE module specifically for that file + system type. + @end itemize + +-Using @command{grub-mount} is normally as simple as: ++Using @command{grub2-mount} is normally as simple as: + + @example + grub-mount /dev/sda1 /mnt + @end example + +-@command{grub-mount} must be given one or more images and a mount point as ++@command{grub2-mount} must be given one or more images and a mount point as + non-option arguments (if it is given more than one image, it will treat them + as a RAID set), and also accepts the following options: + +@@ -6422,13 +6422,13 @@ Show debugging output for conditions matching @var{string}. + @item -K prompt|@var{file} + @itemx --zfs-key=prompt|@var{file} + Load a ZFS encryption key. If you use @samp{prompt} as the argument, +-@command{grub-mount} will read a passphrase from the terminal; otherwise, it ++@command{grub2-mount} will read a passphrase from the terminal; otherwise, it + will read key material from the specified file. + + @item -r @var{device} + @itemx --root=@var{device} + Set the GRUB root device to @var{device}. You do not normally need to set +-this; @command{grub-mount} will automatically set the root device to the ++this; @command{grub2-mount} will automatically set the root device to the + root of the supplied file system. + + If @var{device} is just a number, then it will be treated as a partition +@@ -6446,10 +6446,10 @@ Print verbose messages. + @end table + + +-@node Invoking grub-probe +-@chapter Invoking grub-probe ++@node Invoking grub2-probe ++@chapter Invoking grub2-probe + +-The program @command{grub-probe} probes device information for a given path ++The program @command{grub2-probe} probes device information for a given path + or device. + + @example +@@ -6457,7 +6457,7 @@ grub-probe --target=fs /boot/grub + grub-probe --target=drive --device /dev/sda1 + @end example + +-@command{grub-probe} must be given a path or device as a non-option ++@command{grub2-probe} must be given a path or device as a non-option + argument, and also accepts the following options: + + @table @option +@@ -6470,16 +6470,16 @@ Print the version number of GRUB and exit. + @item -d + @itemx --device + If this option is given, then the non-option argument is a system device +-name (such as @samp{/dev/sda1}), and @command{grub-probe} will print ++name (such as @samp{/dev/sda1}), and @command{grub2-probe} will print + information about that device. If it is not given, then the non-option + argument is a filesystem path (such as @samp{/boot/grub}), and +-@command{grub-probe} will print information about the device containing that ++@command{grub2-probe} will print information about the device containing that + part of the filesystem. + + @item -m @var{file} + @itemx --device-map=@var{file} + Use @var{file} as the device map (@pxref{Device map}) rather than the +-default, usually @samp{/boot/grub/device.map}. ++default, usually @samp{/boot/grub2/device.map}. + + @item -t @var{target} + @itemx --target=@var{target} +@@ -6532,19 +6532,19 @@ Print verbose messages. + @end table + + +-@node Invoking grub-script-check +-@chapter Invoking grub-script-check ++@node Invoking grub2-script-check ++@chapter Invoking grub2-script-check + +-The program @command{grub-script-check} takes a GRUB script file ++The program @command{grub2-script-check} takes a GRUB script file + (@pxref{Shell-like scripting}) and checks it for syntax errors, similar to + commands such as @command{sh -n}. It may take a @var{path} as a non-option + argument; if none is supplied, it will read from standard input. + + @example +-grub-script-check /boot/grub/grub.cfg ++grub-script-check /boot/grub2/grub.cfg + @end example + +-@command{grub-script-check} accepts the following options: ++@command{grub2-script-check} accepts the following options: + + @table @option + @item --help diff --git a/SOURCES/0086-print-more-debug-info-in-our-module-loader.patch b/SOURCES/0086-print-more-debug-info-in-our-module-loader.patch new file mode 100644 index 0000000..52059d9 --- /dev/null +++ b/SOURCES/0086-print-more-debug-info-in-our-module-loader.patch @@ -0,0 +1,41 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Mon, 1 May 2017 11:19:40 -0400 +Subject: [PATCH] print more debug info in our module loader. + +Signed-off-by: Peter Jones +--- + grub-core/kern/efi/efi.c | 16 +++++++++++++--- + 1 file changed, 13 insertions(+), 3 deletions(-) + +diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c +index e339f264b..562d6887e 100644 +--- a/grub-core/kern/efi/efi.c ++++ b/grub-core/kern/efi/efi.c +@@ -313,13 +313,23 @@ grub_efi_modules_addr (void) + } + + if (i == coff_header->num_sections) +- return 0; ++ { ++ grub_dprintf("sections", "section %d is last section; invalid.\n", i); ++ return 0; ++ } + + info = (struct grub_module_info *) ((char *) image->image_base + + section->virtual_address); +- if (info->magic != GRUB_MODULE_MAGIC) +- return 0; ++ if (section->name[0] != '.' && info->magic != GRUB_MODULE_MAGIC) ++ { ++ grub_dprintf("sections", ++ "section %d has bad magic %08x, should be %08x\n", ++ i, info->magic, GRUB_MODULE_MAGIC); ++ return 0; ++ } + ++ grub_dprintf("sections", "returning section info for section %d: \"%s\"\n", ++ i, section->name); + return (grub_addr_t) info; + } + diff --git a/SOURCES/0087-macos-just-build-chainloader-entries-don-t-try-any-x.patch b/SOURCES/0087-macos-just-build-chainloader-entries-don-t-try-any-x.patch new file mode 100644 index 0000000..573f077 --- /dev/null +++ b/SOURCES/0087-macos-just-build-chainloader-entries-don-t-try-any-x.patch @@ -0,0 +1,124 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Wed, 24 May 2017 12:42:32 -0400 +Subject: [PATCH] macos: just build chainloader entries, don't try any xnu xnu. + +Since our bugs tell us that the xnu boot entries really just don't work +most of the time, and they create piles of extra boot entries, because +they can't quite figure out 32-vs-64 and other stuff like that. + +It's rediculous, and we should just boot their bootloader through the +chainloader instead. + +So this patch does that. + +Resolves: rhbz#893179 + +Signed-off-by: Peter Jones +--- + util/grub.d/30_os-prober.in | 78 +++++++++++---------------------------------- + 1 file changed, 18 insertions(+), 60 deletions(-) + +diff --git a/util/grub.d/30_os-prober.in b/util/grub.d/30_os-prober.in +index 9b8f5968e..13a3a6bc7 100644 +--- a/util/grub.d/30_os-prober.in ++++ b/util/grub.d/30_os-prober.in +@@ -42,68 +42,25 @@ if [ -z "${OSPROBED}" ] ; then + fi + + osx_entry() { +- if [ x$2 = x32 ]; then +- # TRANSLATORS: it refers to kernel architecture (32-bit) +- bitstr="$(gettext "(32-bit)")" +- else +- # TRANSLATORS: it refers to kernel architecture (64-bit) +- bitstr="$(gettext "(64-bit)")" +- fi + # TRANSLATORS: it refers on the OS residing on device %s + onstr="$(gettext_printf "(on %s)" "${DEVICE}")" +- cat << EOF +-menuentry '$(echo "${LONGNAME} $bitstr $onstr" | grub_quote)' --class osx --class darwin --class os \$menuentry_id_option 'osprober-xnu-$2-$(grub_get_device_id "${DEVICE}")' { ++ hints="" ++ for hint in `"${grub_probe}" --device ${device} --target=efi_hints 2> /dev/null` ; do ++ hints="${hints} --hint=${hint}" ++ done ++ cat << EOF ++menuentry '$(echo "${LONGNAME} $onstr" | grub_quote)' --class osx --class darwin --class os \$menuentry_id_option 'osprober-xnu-$2-$(grub_get_device_id "${DEVICE}")' { + EOF + save_default_entry | grub_add_tab + prepare_grub_to_access_device ${DEVICE} | grub_add_tab + cat << EOF ++ set gfxpayload=keep + load_video +- set do_resume=0 +- if [ /var/vm/sleepimage -nt10 / ]; then +- if xnu_resume /var/vm/sleepimage; then +- set do_resume=1 +- fi +- fi +- if [ \$do_resume = 0 ]; then +- xnu_uuid ${OSXUUID} uuid +- if [ -f /Extra/DSDT.aml ]; then +- acpi -e /Extra/DSDT.aml +- fi +- if [ /kernelcache -nt /System/Library/Extensions ]; then +- $1 /kernelcache boot-uuid=\${uuid} rd=*uuid +- elif [ -f /System/Library/Kernels/kernel ]; then +- $1 /System/Library/Kernels/kernel boot-uuid=\${uuid} rd=*uuid +- xnu_kextdir /System/Library/Extensions +- else +- $1 /mach_kernel boot-uuid=\${uuid} rd=*uuid +- if [ /System/Library/Extensions.mkext -nt /System/Library/Extensions ]; then +- xnu_mkext /System/Library/Extensions.mkext +- else +- xnu_kextdir /System/Library/Extensions +- fi +- fi +- if [ -f /Extra/Extensions.mkext ]; then +- xnu_mkext /Extra/Extensions.mkext +- fi +- if [ -d /Extra/Extensions ]; then +- xnu_kextdir /Extra/Extensions +- fi +- if [ -f /Extra/devprop.bin ]; then +- xnu_devprop_load /Extra/devprop.bin +- fi +- if [ -f /Extra/splash.jpg ]; then +- insmod jpeg +- xnu_splash /Extra/splash.jpg +- fi +- if [ -f /Extra/splash.png ]; then +- insmod png +- xnu_splash /Extra/splash.png +- fi +- if [ -f /Extra/splash.tga ]; then +- insmod tga +- xnu_splash /Extra/splash.tga +- fi +- fi ++ insmod part_gpt ++ insmod hfsplus ++ search --no-floppy --fs-uuid --set=root ${hints} $(grub_get_device_id "${DEVICE}") ++ chainloader (\$root)/System/Library/CoreServices/boot.efi ++ boot + } + EOF + } +@@ -284,11 +241,12 @@ EOF + echo "$title_correction_code" + ;; + macosx) +- if [ "${UUID}" ]; then +- OSXUUID="${UUID}" +- osx_entry xnu_kernel 32 +- osx_entry xnu_kernel64 64 +- fi ++ for subdevice in ${DEVICE%[[:digit:]]*}* ; do ++ parttype="`"${grub_probe}" --device ${device} --target=gpt_parttype "${subdevice}" 2> /dev/null`" ++ if [[ "$parttype" = "426f6f74-0000-11aa-aa11-00306543ecac" ]]; then ++ DEVICE="${subdevice}" osx_entry ++ fi ++ done + ;; + hurd) + onstr="$(gettext_printf "(on %s)" "${DEVICE}")" diff --git a/SOURCES/0088-grub2-btrfs-Add-ability-to-boot-from-subvolumes.patch b/SOURCES/0088-grub2-btrfs-Add-ability-to-boot-from-subvolumes.patch new file mode 100644 index 0000000..99662bb --- /dev/null +++ b/SOURCES/0088-grub2-btrfs-Add-ability-to-boot-from-subvolumes.patch @@ -0,0 +1,703 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Jeff Mahoney +Date: Wed, 18 Dec 2013 09:57:04 +0000 +Subject: [PATCH] grub2/btrfs: Add ability to boot from subvolumes + +This patch adds the ability to specify a different root on a btrfs +filesystem too boot from other than the default one. + +btrfs-list-snapshots will list the subvolumes available on the +filesystem. + +set btrfs_subvol= and set btrfs_subvolid= will specify +which subvolume to use and any pathnames provided with either of those +variables set will start using that root. If the subvolume or subvolume id +doesn't exist, then an error case will result. + +It is possible to boot into a separate GRUB instance by exporting the +variable and loading the config file from the subvolume. + +Signed-off-by: Jeff Mahoney +--- + grub-core/fs/btrfs.c | 552 +++++++++++++++++++++++++++++++++++++++++++++++++-- + include/grub/btrfs.h | 1 + + 2 files changed, 533 insertions(+), 20 deletions(-) + +diff --git a/grub-core/fs/btrfs.c b/grub-core/fs/btrfs.c +index be195448d..51ed63d42 100644 +--- a/grub-core/fs/btrfs.c ++++ b/grub-core/fs/btrfs.c +@@ -29,6 +29,9 @@ + #include + #include + #include ++#include ++#include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -64,9 +67,11 @@ struct grub_btrfs_superblock + grub_uint64_t generation; + grub_uint64_t root_tree; + grub_uint64_t chunk_tree; +- grub_uint8_t dummy2[0x20]; ++ grub_uint8_t dummy2[0x18]; ++ grub_uint64_t bytes_used; + grub_uint64_t root_dir_objectid; +- grub_uint8_t dummy3[0x41]; ++ grub_uint64_t num_devices; ++ grub_uint8_t dummy3[0x39]; + struct grub_btrfs_device this_device; + char label[0x100]; + grub_uint8_t dummy4[0x100]; +@@ -105,6 +110,7 @@ struct grub_btrfs_data + grub_uint64_t exttree; + grub_size_t extsize; + struct grub_btrfs_extent_data *extent; ++ grub_uint64_t fs_tree; + }; + + struct grub_btrfs_chunk_item +@@ -171,6 +177,14 @@ struct grub_btrfs_leaf_descriptor + } *data; + }; + ++struct grub_btrfs_root_ref ++{ ++ grub_uint64_t dirid; ++ grub_uint64_t sequence; ++ grub_uint16_t name_len; ++ const char name[0]; ++} __attribute__ ((packed)); ++ + struct grub_btrfs_time + { + grub_int64_t sec; +@@ -215,6 +229,14 @@ struct grub_btrfs_extent_data + + #define GRUB_BTRFS_OBJECT_ID_CHUNK 0x100 + ++#define GRUB_BTRFS_ROOT_TREE_OBJECTID 1ULL ++#define GRUB_BTRFS_FS_TREE_OBJECTID 5ULL ++#define GRUB_BTRFS_ROOT_REF_KEY 156 ++#define GRUB_BTRFS_ROOT_ITEM_KEY 132 ++ ++static grub_uint64_t btrfs_default_subvolid = 0; ++static char *btrfs_default_subvol = NULL; ++ + static grub_disk_addr_t superblock_sectors[] = { 64 * 2, 64 * 1024 * 2, + 256 * 1048576 * 2, 1048576ULL * 1048576ULL * 2 + }; +@@ -837,6 +859,62 @@ grub_btrfs_read_logical (struct grub_btrfs_data *data, grub_disk_addr_t addr, + return GRUB_ERR_NONE; + } + ++static grub_err_t ++get_fs_root(struct grub_btrfs_data *data, grub_uint64_t tree, ++ grub_uint64_t objectid, grub_uint64_t offset, ++ grub_uint64_t *fs_root); ++ ++static grub_err_t ++lookup_root_by_id(struct grub_btrfs_data *data, grub_uint64_t id) ++{ ++ grub_err_t err; ++ grub_uint64_t tree; ++ ++ err = get_fs_root(data, data->sblock.root_tree, id, -1, &tree); ++ if (!err) ++ data->fs_tree = tree; ++ return err; ++} ++ ++static grub_err_t ++find_path (struct grub_btrfs_data *data, ++ const char *path, struct grub_btrfs_key *key, ++ grub_uint64_t *tree, grub_uint8_t *type); ++ ++static grub_err_t ++lookup_root_by_name(struct grub_btrfs_data *data, const char *path) ++{ ++ grub_err_t err; ++ grub_uint64_t tree = 0; ++ grub_uint8_t type; ++ struct grub_btrfs_key key; ++ ++ err = find_path (data, path, &key, &tree, &type); ++ if (err) ++ return grub_error(GRUB_ERR_FILE_NOT_FOUND, "couldn't locate %s\n", path); ++ ++ if (key.object_id != grub_cpu_to_le64_compile_time (GRUB_BTRFS_OBJECT_ID_CHUNK) || tree == 0) ++ return grub_error(GRUB_ERR_BAD_FILE_TYPE, "%s: not a subvolume\n", path); ++ ++ data->fs_tree = tree; ++ return GRUB_ERR_NONE; ++} ++ ++static grub_err_t ++btrfs_handle_subvol(struct grub_btrfs_data *data __attribute__ ((unused))) ++{ ++ if (btrfs_default_subvol) ++ return lookup_root_by_name(data, btrfs_default_subvol); ++ ++ if (btrfs_default_subvolid) ++ return lookup_root_by_id(data, btrfs_default_subvolid); ++ ++ data->fs_tree = 0; ++ ++ return GRUB_ERR_NONE; ++} ++ ++ + static struct grub_btrfs_data * + grub_btrfs_mount (grub_device_t dev) + { +@@ -872,6 +950,13 @@ grub_btrfs_mount (grub_device_t dev) + data->devices_attached[0].dev = dev; + data->devices_attached[0].id = data->sblock.this_device.device_id; + ++ err = btrfs_handle_subvol (data); ++ if (err) ++ { ++ grub_free (data); ++ return NULL; ++ } ++ + return data; + } + +@@ -1232,6 +1317,91 @@ get_root (struct grub_btrfs_data *data, struct grub_btrfs_key *key, + return GRUB_ERR_NONE; + } + ++static grub_err_t ++find_pathname(struct grub_btrfs_data *data, grub_uint64_t objectid, ++ grub_uint64_t fs_root, const char *name, char **pathname) ++{ ++ grub_err_t err; ++ struct grub_btrfs_key key = { ++ .object_id = objectid, ++ .type = GRUB_BTRFS_ITEM_TYPE_INODE_REF, ++ .offset = 0, ++ }; ++ struct grub_btrfs_key key_out; ++ struct grub_btrfs_leaf_descriptor desc; ++ char *p = grub_strdup (name); ++ grub_disk_addr_t elemaddr; ++ grub_size_t elemsize; ++ grub_size_t alloc = grub_strlen(name) + 1; ++ ++ err = lower_bound(data, &key, &key_out, fs_root, ++ &elemaddr, &elemsize, &desc, 0); ++ if (err) ++ return grub_error(err, "lower_bound caught %d\n", err); ++ ++ if (key_out.type != GRUB_BTRFS_ITEM_TYPE_INODE_REF) ++ next(data, &desc, &elemaddr, &elemsize, &key_out); ++ ++ if (key_out.type != GRUB_BTRFS_ITEM_TYPE_INODE_REF) ++ { ++ return grub_error(GRUB_ERR_FILE_NOT_FOUND, ++ "Can't find inode ref for {%"PRIuGRUB_UINT64_T ++ ", %u, %"PRIuGRUB_UINT64_T"} %"PRIuGRUB_UINT64_T ++ "/%"PRIuGRUB_SIZE"\n", ++ key_out.object_id, key_out.type, ++ key_out.offset, elemaddr, elemsize); ++ } ++ ++ ++ while (key_out.type == GRUB_BTRFS_ITEM_TYPE_INODE_REF && ++ key_out.object_id != key_out.offset) { ++ struct grub_btrfs_inode_ref *inode_ref; ++ char *new; ++ ++ inode_ref = grub_malloc(elemsize + 1); ++ if (!inode_ref) ++ return grub_error(GRUB_ERR_OUT_OF_MEMORY, ++ "couldn't allocate memory for inode_ref (%"PRIuGRUB_SIZE")\n", elemsize); ++ ++ err = grub_btrfs_read_logical(data, elemaddr, inode_ref, elemsize, 0); ++ if (err) ++ return grub_error(err, "read_logical caught %d\n", err); ++ ++ alloc += grub_le_to_cpu16 (inode_ref->n) + 2; ++ new = grub_malloc(alloc); ++ if (!new) ++ return grub_error(GRUB_ERR_OUT_OF_MEMORY, ++ "couldn't allocate memory for name (%"PRIuGRUB_SIZE")\n", alloc); ++ ++ grub_memcpy(new, inode_ref->name, grub_le_to_cpu16 (inode_ref->n)); ++ if (p) ++ { ++ new[grub_le_to_cpu16 (inode_ref->n)] = '/'; ++ grub_strcpy (new + grub_le_to_cpu16 (inode_ref->n) + 1, p); ++ grub_free(p); ++ } ++ else ++ new[grub_le_to_cpu16 (inode_ref->n)] = 0; ++ grub_free(inode_ref); ++ ++ p = new; ++ ++ key.object_id = key_out.offset; ++ ++ err = lower_bound(data, &key, &key_out, fs_root, &elemaddr, ++ &elemsize, &desc, 0); ++ if (err) ++ return grub_error(err, "lower_bound caught %d\n", err); ++ ++ if (key_out.type != GRUB_BTRFS_ITEM_TYPE_INODE_REF) ++ next(data, &desc, &elemaddr, &elemsize, &key_out); ++ ++ } ++ ++ *pathname = p; ++ return 0; ++} ++ + static grub_err_t + find_path (struct grub_btrfs_data *data, + const char *path, struct grub_btrfs_key *key, +@@ -1250,14 +1420,26 @@ find_path (struct grub_btrfs_data *data, + char *origpath = NULL; + unsigned symlinks_max = 32; + +- err = get_root (data, key, tree, type); +- if (err) +- return err; +- + origpath = grub_strdup (path); + if (!origpath) + return grub_errno; + ++ if (data->fs_tree) ++ { ++ *type = GRUB_BTRFS_DIR_ITEM_TYPE_DIRECTORY; ++ *tree = data->fs_tree; ++ /* This is a tree root, so everything starts at objectid 256 */ ++ key->object_id = grub_cpu_to_le64_compile_time (GRUB_BTRFS_OBJECT_ID_CHUNK); ++ key->type = GRUB_BTRFS_ITEM_TYPE_DIR_ITEM; ++ key->offset = 0; ++ } ++ else ++ { ++ err = get_root (data, key, tree, type); ++ if (err) ++ return err; ++ } ++ + while (1) + { + while (path[0] == '/') +@@ -1430,9 +1612,21 @@ find_path (struct grub_btrfs_data *data, + path = path_alloc = tmp; + if (path[0] == '/') + { +- err = get_root (data, key, tree, type); +- if (err) +- return err; ++ if (data->fs_tree) ++ { ++ *type = GRUB_BTRFS_DIR_ITEM_TYPE_DIRECTORY; ++ *tree = data->fs_tree; ++ /* This is a tree root, so everything starts at objectid 256 */ ++ key->object_id = grub_cpu_to_le64_compile_time (GRUB_BTRFS_OBJECT_ID_CHUNK); ++ key->type = GRUB_BTRFS_ITEM_TYPE_DIR_ITEM; ++ key->offset = 0; ++ } ++ else ++ { ++ err = get_root (data, key, tree, type); ++ if (err) ++ return err; ++ } + } + continue; + } +@@ -1673,18 +1867,10 @@ grub_btrfs_read (grub_file_t file, char *buf, grub_size_t len) + data->tree, file->offset, buf, len); + } + +-static grub_err_t +-grub_btrfs_uuid (grub_device_t device, char **uuid) ++static char * ++btrfs_unparse_uuid(struct grub_btrfs_data *data) + { +- struct grub_btrfs_data *data; +- +- *uuid = NULL; +- +- data = grub_btrfs_mount (device); +- if (!data) +- return grub_errno; +- +- *uuid = grub_xasprintf ("%04x%04x-%04x-%04x-%04x-%04x%04x%04x", ++ return grub_xasprintf ("%04x%04x-%04x-%04x-%04x-%04x%04x%04x", + grub_be_to_cpu16 (data->sblock.uuid[0]), + grub_be_to_cpu16 (data->sblock.uuid[1]), + grub_be_to_cpu16 (data->sblock.uuid[2]), +@@ -1693,6 +1879,20 @@ grub_btrfs_uuid (grub_device_t device, char **uuid) + grub_be_to_cpu16 (data->sblock.uuid[5]), + grub_be_to_cpu16 (data->sblock.uuid[6]), + grub_be_to_cpu16 (data->sblock.uuid[7])); ++} ++ ++static grub_err_t ++grub_btrfs_uuid (grub_device_t device, char **uuid) ++{ ++ struct grub_btrfs_data *data; ++ ++ *uuid = NULL; ++ ++ data = grub_btrfs_mount (device); ++ if (!data) ++ return grub_errno; ++ ++ *uuid = btrfs_unparse_uuid(data); + + grub_btrfs_unmount (data); + +@@ -1749,6 +1949,242 @@ grub_btrfs_embed (grub_device_t device __attribute__ ((unused)), + } + #endif + ++static grub_err_t ++grub_cmd_btrfs_info (grub_command_t cmd __attribute__ ((unused)), int argc, ++ char **argv) ++{ ++ grub_device_t dev; ++ char *devname; ++ struct grub_btrfs_data *data; ++ char *uuid; ++ ++ if (argc < 1) ++ return grub_error (GRUB_ERR_BAD_ARGUMENT, "device name required"); ++ ++ devname = grub_file_get_device_name(argv[0]); ++ ++ if (!devname) ++ return grub_errno; ++ ++ dev = grub_device_open (devname); ++ grub_free (devname); ++ if (!dev) ++ return grub_errno; ++ ++ data = grub_btrfs_mount (dev); ++ if (!data) ++ { ++ grub_device_close(dev); ++ return grub_error (GRUB_ERR_BAD_ARGUMENT, "failed to open fs"); ++ } ++ ++ if (data->sblock.label) ++ grub_printf("Label: '%s' ", data->sblock.label); ++ else ++ grub_printf("Label: none "); ++ ++ uuid = btrfs_unparse_uuid(data); ++ ++ grub_printf(" uuid: %s\n\tTotal devices %" PRIuGRUB_UINT64_T ++ " FS bytes used %" PRIuGRUB_UINT64_T "\n", ++ uuid, grub_cpu_to_le64(data->sblock.num_devices), ++ grub_cpu_to_le64(data->sblock.bytes_used)); ++ ++ grub_btrfs_unmount (data); ++ ++ return 0; ++} ++ ++static grub_err_t ++get_fs_root(struct grub_btrfs_data *data, grub_uint64_t tree, ++ grub_uint64_t objectid, grub_uint64_t offset, ++ grub_uint64_t *fs_root) ++{ ++ grub_err_t err; ++ struct grub_btrfs_key key_in = { ++ .object_id = objectid, ++ .type = GRUB_BTRFS_ROOT_ITEM_KEY, ++ .offset = offset, ++ }, key_out; ++ struct grub_btrfs_leaf_descriptor desc; ++ grub_disk_addr_t elemaddr; ++ grub_size_t elemsize; ++ struct grub_btrfs_root_item ri; ++ ++ err = lower_bound(data, &key_in, &key_out, tree, ++ &elemaddr, &elemsize, &desc, 0); ++ ++ if (err) ++ return err; ++ ++ if (key_out.type != GRUB_BTRFS_ITEM_TYPE_ROOT_ITEM || elemaddr == 0) ++ return grub_error(GRUB_ERR_FILE_NOT_FOUND, ++ N_("can't find fs root for subvol %"PRIuGRUB_UINT64_T"\n"), ++ key_in.object_id); ++ ++ err = grub_btrfs_read_logical (data, elemaddr, &ri, sizeof (ri), 0); ++ if (err) ++ return err; ++ ++ *fs_root = ri.tree; ++ ++ return GRUB_ERR_NONE; ++} ++ ++static const struct grub_arg_option options[] = { ++ {"output", 'o', 0, N_("Output to a variable instead of the console."), ++ N_("VARNAME"), ARG_TYPE_STRING}, ++ {"path-only", 'p', 0, N_("Show only the path of the subvolume."), 0, 0}, ++ {"id-only", 'i', 0, N_("Show only the id of the subvolume."), 0, 0}, ++ {0, 0, 0, 0, 0, 0} ++}; ++ ++static grub_err_t ++grub_cmd_btrfs_list_subvols (struct grub_extcmd_context *ctxt, ++ int argc, char **argv) ++{ ++ struct grub_btrfs_data *data; ++ grub_device_t dev; ++ char *devname; ++ grub_uint64_t tree; ++ struct grub_btrfs_key key_in = { ++ .object_id = grub_cpu_to_le64_compile_time (GRUB_BTRFS_FS_TREE_OBJECTID), ++ .type = GRUB_BTRFS_ROOT_REF_KEY, ++ .offset = 0, ++ }, key_out; ++ struct grub_btrfs_leaf_descriptor desc; ++ grub_disk_addr_t elemaddr; ++ grub_uint64_t fs_root = 0; ++ grub_size_t elemsize; ++ grub_size_t allocated = 0; ++ int r = 0; ++ grub_err_t err; ++ char *buf = NULL; ++ int print = 1; ++ int path_only = ctxt->state[1].set; ++ int num_only = ctxt->state[2].set; ++ char *varname = NULL; ++ char *output = NULL; ++ ++ if (ctxt->state[0].set) { ++ varname = ctxt->state[0].arg; ++ print = 0; ++ } ++ ++ if (argc < 1) ++ return grub_error (GRUB_ERR_BAD_ARGUMENT, "device name required"); ++ ++ devname = grub_file_get_device_name(argv[0]); ++ if (!devname) ++ return grub_errno; ++ ++ dev = grub_device_open (devname); ++ grub_free (devname); ++ if (!dev) ++ return grub_errno; ++ ++ data = grub_btrfs_mount(dev); ++ if (!data) ++ return grub_error (GRUB_ERR_BAD_ARGUMENT, "could not open device"); ++ ++ tree = data->sblock.root_tree; ++ err = get_fs_root(data, tree, grub_cpu_to_le64_compile_time (GRUB_BTRFS_FS_TREE_OBJECTID), ++ 0, &fs_root); ++ if (err) ++ goto out; ++ ++ err = lower_bound(data, &key_in, &key_out, tree, ++ &elemaddr, &elemsize, &desc, 0); ++ ++ if (err) ++ { ++ grub_btrfs_unmount(data); ++ return err; ++ } ++ ++ if (key_out.type != GRUB_BTRFS_ITEM_TYPE_ROOT_REF || elemaddr == 0) ++ { ++ r = next(data, &desc, &elemaddr, &elemsize, &key_out); ++ } ++ ++ if (key_out.type != GRUB_BTRFS_ITEM_TYPE_ROOT_REF) { ++ err = GRUB_ERR_FILE_NOT_FOUND; ++ grub_error(GRUB_ERR_FILE_NOT_FOUND, N_("can't find root refs")); ++ goto out; ++ } ++ ++ do ++ { ++ struct grub_btrfs_root_ref *ref; ++ char *p = NULL; ++ ++ if (key_out.type != GRUB_BTRFS_ITEM_TYPE_ROOT_REF) ++ { ++ r = 0; ++ break; ++ } ++ ++ if (elemsize > allocated) ++ { ++ grub_free(buf); ++ allocated = 2 * elemsize; ++ buf = grub_malloc(allocated + 1); ++ if (!buf) ++ { ++ r = -grub_errno; ++ break; ++ } ++ } ++ ref = (struct grub_btrfs_root_ref *)buf; ++ ++ err = grub_btrfs_read_logical(data, elemaddr, buf, elemsize, 0); ++ if (err) ++ { ++ r = -err; ++ break; ++ } ++ buf[elemsize] = 0; ++ ++ find_pathname(data, ref->dirid, fs_root, ref->name, &p); ++ ++ if (print) ++ { ++ if (num_only) ++ grub_printf("ID %"PRIuGRUB_UINT64_T"\n", key_out.offset); ++ else if (path_only) ++ grub_printf("%s\n", p); ++ else ++ grub_printf("ID %"PRIuGRUB_UINT64_T" path %s\n", key_out.offset, p); ++ } else { ++ char *old = output; ++ if (num_only) ++ output = grub_xasprintf("%s%"PRIuGRUB_UINT64_T"\n", ++ old ?: "", key_out.offset); ++ else if (path_only) ++ output = grub_xasprintf("%s%s\n", old ?: "", p); ++ else ++ output = grub_xasprintf("%sID %"PRIuGRUB_UINT64_T" path %s\n", ++ old ?: "", key_out.offset, p); ++ ++ if (old) ++ grub_free(old); ++ } ++ ++ r = next(data, &desc, &elemaddr, &elemsize, &key_out); ++ } while(r > 0); ++ ++ if (output) ++ grub_env_set(varname, output); ++ ++out: ++ free_iterator(&desc); ++ grub_btrfs_unmount(data); ++ ++ grub_device_close (dev); ++ ++ return 0; ++} ++ + static struct grub_fs grub_btrfs_fs = { + .name = "btrfs", + .dir = grub_btrfs_dir, +@@ -1764,12 +2200,88 @@ static struct grub_fs grub_btrfs_fs = { + #endif + }; + ++static grub_command_t cmd_info; ++static grub_extcmd_t cmd_list_subvols; ++ ++static char * ++subvolid_set_env (struct grub_env_var *var __attribute__ ((unused)), ++ const char *val) ++{ ++ unsigned long long result = 0; ++ ++ grub_errno = GRUB_ERR_NONE; ++ if (*val) ++ { ++ result = grub_strtoull(val, NULL, 10); ++ if (grub_errno) ++ return NULL; ++ } ++ ++ grub_free (btrfs_default_subvol); ++ btrfs_default_subvol = NULL; ++ btrfs_default_subvolid = result; ++ return grub_strdup(val); ++} ++ ++static const char * ++subvolid_get_env (struct grub_env_var *var __attribute__ ((unused)), ++ const char *val __attribute__ ((unused))) ++{ ++ if (btrfs_default_subvol) ++ return grub_xasprintf("subvol:%s", btrfs_default_subvol); ++ else if (btrfs_default_subvolid) ++ return grub_xasprintf("%"PRIuGRUB_UINT64_T, btrfs_default_subvolid); ++ else ++ return ""; ++} ++ ++static char * ++subvol_set_env (struct grub_env_var *var __attribute__ ((unused)), ++ const char *val) ++{ ++ grub_free (btrfs_default_subvol); ++ btrfs_default_subvol = grub_strdup (val); ++ btrfs_default_subvolid = 0; ++ return grub_strdup(val); ++} ++ ++static const char * ++subvol_get_env (struct grub_env_var *var __attribute__ ((unused)), ++ const char *val __attribute__ ((unused))) ++{ ++ if (btrfs_default_subvol) ++ return btrfs_default_subvol; ++ else if (btrfs_default_subvolid) ++ return grub_xasprintf("subvolid:%" PRIuGRUB_UINT64_T, ++ btrfs_default_subvolid); ++ else ++ return ""; ++} ++ + GRUB_MOD_INIT (btrfs) + { + grub_fs_register (&grub_btrfs_fs); ++ cmd_info = grub_register_command("btrfs-info", grub_cmd_btrfs_info, ++ "DEVICE", ++ "Print BtrFS info about DEVICE."); ++ cmd_list_subvols = grub_register_extcmd("btrfs-list-subvols", ++ grub_cmd_btrfs_list_subvols, 0, ++ "[-p|-n] [-o var] DEVICE", ++ "Print list of BtrFS subvolumes on " ++ "DEVICE.", options); ++ grub_register_variable_hook ("btrfs_subvol", subvol_get_env, ++ subvol_set_env); ++ grub_register_variable_hook ("btrfs_subvolid", subvolid_get_env, ++ subvolid_set_env); + } + + GRUB_MOD_FINI (btrfs) + { ++ grub_register_variable_hook ("btrfs_subvol", NULL, NULL); ++ grub_register_variable_hook ("btrfs_subvolid", NULL, NULL); ++ grub_unregister_command (cmd_info); ++ grub_unregister_extcmd (cmd_list_subvols); + grub_fs_unregister (&grub_btrfs_fs); + } ++ ++// vim: si et sw=2: +diff --git a/include/grub/btrfs.h b/include/grub/btrfs.h +index 9d93fb6c1..234ad9767 100644 +--- a/include/grub/btrfs.h ++++ b/include/grub/btrfs.h +@@ -29,6 +29,7 @@ enum + GRUB_BTRFS_ITEM_TYPE_ROOT_ITEM = 0x84, + GRUB_BTRFS_ITEM_TYPE_ROOT_BACKREF = 0x90, + GRUB_BTRFS_ITEM_TYPE_DEVICE = 0xd8, ++ GRUB_BTRFS_ITEM_TYPE_ROOT_REF = 0x9c, + GRUB_BTRFS_ITEM_TYPE_CHUNK = 0xe4 + }; + diff --git a/SOURCES/0089-export-btrfs_subvol-and-btrfs_subvolid.patch b/SOURCES/0089-export-btrfs_subvol-and-btrfs_subvolid.patch new file mode 100644 index 0000000..ba167f1 --- /dev/null +++ b/SOURCES/0089-export-btrfs_subvol-and-btrfs_subvolid.patch @@ -0,0 +1,26 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Michael Chang +Date: Wed, 18 Dec 2013 09:57:04 +0000 +Subject: [PATCH] export btrfs_subvol and btrfs_subvolid + +We should export btrfs_subvol and btrfs_subvolid to have both visible +to subsidiary configuration files loaded using configfile. + +Signed-off-by: Michael Chang +--- + grub-core/fs/btrfs.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/grub-core/fs/btrfs.c b/grub-core/fs/btrfs.c +index 51ed63d42..88d727d16 100644 +--- a/grub-core/fs/btrfs.c ++++ b/grub-core/fs/btrfs.c +@@ -2273,6 +2273,8 @@ GRUB_MOD_INIT (btrfs) + subvol_set_env); + grub_register_variable_hook ("btrfs_subvolid", subvolid_get_env, + subvolid_set_env); ++ grub_env_export ("btrfs_subvol"); ++ grub_env_export ("btrfs_subvolid"); + } + + GRUB_MOD_FINI (btrfs) diff --git a/SOURCES/0090-grub2-btrfs-03-follow_default.patch b/SOURCES/0090-grub2-btrfs-03-follow_default.patch new file mode 100644 index 0000000..4280f55 --- /dev/null +++ b/SOURCES/0090-grub2-btrfs-03-follow_default.patch @@ -0,0 +1,196 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Michael Chang +Date: Thu, 21 Aug 2014 03:39:11 +0000 +Subject: [PATCH] grub2-btrfs-03-follow_default + +--- + grub-core/fs/btrfs.c | 107 ++++++++++++++++++++++++++++++++++++--------------- + 1 file changed, 76 insertions(+), 31 deletions(-) + +diff --git a/grub-core/fs/btrfs.c b/grub-core/fs/btrfs.c +index 88d727d16..a47d29756 100644 +--- a/grub-core/fs/btrfs.c ++++ b/grub-core/fs/btrfs.c +@@ -920,6 +920,7 @@ grub_btrfs_mount (grub_device_t dev) + { + struct grub_btrfs_data *data; + grub_err_t err; ++ const char *relpath = grub_env_get ("btrfs_relative_path"); + + if (!dev->disk) + { +@@ -950,11 +951,14 @@ grub_btrfs_mount (grub_device_t dev) + data->devices_attached[0].dev = dev; + data->devices_attached[0].id = data->sblock.this_device.device_id; + +- err = btrfs_handle_subvol (data); +- if (err) ++ if (relpath && (relpath[0] == '1' || relpath[0] == 'y')) + { +- grub_free (data); +- return NULL; ++ err = btrfs_handle_subvol (data); ++ if (err) ++ { ++ grub_free (data); ++ return NULL; ++ } + } + + return data; +@@ -1414,24 +1418,39 @@ find_path (struct grub_btrfs_data *data, + grub_size_t allocated = 0; + struct grub_btrfs_dir_item *direl = NULL; + struct grub_btrfs_key key_out; ++ int follow_default; + const char *ctoken; + grub_size_t ctokenlen; + char *path_alloc = NULL; + char *origpath = NULL; + unsigned symlinks_max = 32; ++ const char *relpath = grub_env_get ("btrfs_relative_path"); + ++ follow_default = 0; + origpath = grub_strdup (path); + if (!origpath) + return grub_errno; + +- if (data->fs_tree) ++ if (relpath && (relpath[0] == '1' || relpath[0] == 'y')) + { +- *type = GRUB_BTRFS_DIR_ITEM_TYPE_DIRECTORY; +- *tree = data->fs_tree; +- /* This is a tree root, so everything starts at objectid 256 */ +- key->object_id = grub_cpu_to_le64_compile_time (GRUB_BTRFS_OBJECT_ID_CHUNK); +- key->type = GRUB_BTRFS_ITEM_TYPE_DIR_ITEM; +- key->offset = 0; ++ if (data->fs_tree) ++ { ++ *type = GRUB_BTRFS_DIR_ITEM_TYPE_DIRECTORY; ++ *tree = data->fs_tree; ++ /* This is a tree root, so everything starts at objectid 256 */ ++ key->object_id = grub_cpu_to_le64_compile_time (GRUB_BTRFS_OBJECT_ID_CHUNK); ++ key->type = GRUB_BTRFS_ITEM_TYPE_DIR_ITEM; ++ key->offset = 0; ++ } ++ else ++ { ++ *type = GRUB_BTRFS_DIR_ITEM_TYPE_DIRECTORY; ++ *tree = data->sblock.root_tree; ++ key->object_id = data->sblock.root_dir_objectid; ++ key->type = GRUB_BTRFS_ITEM_TYPE_DIR_ITEM; ++ key->offset = 0; ++ follow_default = 1; ++ } + } + else + { +@@ -1442,15 +1461,23 @@ find_path (struct grub_btrfs_data *data, + + while (1) + { +- while (path[0] == '/') +- path++; +- if (!path[0]) +- break; +- slash = grub_strchr (path, '/'); +- if (!slash) +- slash = path + grub_strlen (path); +- ctoken = path; +- ctokenlen = slash - path; ++ if (!follow_default) ++ { ++ while (path[0] == '/') ++ path++; ++ if (!path[0]) ++ break; ++ slash = grub_strchr (path, '/'); ++ if (!slash) ++ slash = path + grub_strlen (path); ++ ctoken = path; ++ ctokenlen = slash - path; ++ } ++ else ++ { ++ ctoken = "default"; ++ ctokenlen = sizeof ("default") - 1; ++ } + + if (*type != GRUB_BTRFS_DIR_ITEM_TYPE_DIRECTORY) + { +@@ -1461,7 +1488,9 @@ find_path (struct grub_btrfs_data *data, + + if (ctokenlen == 1 && ctoken[0] == '.') + { +- path = slash; ++ if (!follow_default) ++ path = slash; ++ follow_default = 0; + continue; + } + if (ctokenlen == 2 && ctoken[0] == '.' && ctoken[1] == '.') +@@ -1492,8 +1521,9 @@ find_path (struct grub_btrfs_data *data, + *type = GRUB_BTRFS_DIR_ITEM_TYPE_DIRECTORY; + key->object_id = key_out.offset; + +- path = slash; +- ++ if (!follow_default) ++ path = slash; ++ follow_default = 0; + continue; + } + +@@ -1562,7 +1592,9 @@ find_path (struct grub_btrfs_data *data, + return err; + } + +- path = slash; ++ if (!follow_default) ++ path = slash; ++ follow_default = 0; + if (cdirel->type == GRUB_BTRFS_DIR_ITEM_TYPE_SYMLINK) + { + struct grub_btrfs_inode inode; +@@ -1612,14 +1644,26 @@ find_path (struct grub_btrfs_data *data, + path = path_alloc = tmp; + if (path[0] == '/') + { +- if (data->fs_tree) ++ if (relpath && (relpath[0] == '1' || relpath[0] == 'y')) + { +- *type = GRUB_BTRFS_DIR_ITEM_TYPE_DIRECTORY; +- *tree = data->fs_tree; +- /* This is a tree root, so everything starts at objectid 256 */ +- key->object_id = grub_cpu_to_le64_compile_time (GRUB_BTRFS_OBJECT_ID_CHUNK); +- key->type = GRUB_BTRFS_ITEM_TYPE_DIR_ITEM; +- key->offset = 0; ++ if (data->fs_tree) ++ { ++ *type = GRUB_BTRFS_DIR_ITEM_TYPE_DIRECTORY; ++ *tree = data->fs_tree; ++ /* This is a tree root, so everything starts at objectid 256 */ ++ key->object_id = grub_cpu_to_le64_compile_time (GRUB_BTRFS_OBJECT_ID_CHUNK); ++ key->type = GRUB_BTRFS_ITEM_TYPE_DIR_ITEM; ++ key->offset = 0; ++ } ++ else ++ { ++ *type = GRUB_BTRFS_DIR_ITEM_TYPE_DIRECTORY; ++ *tree = data->sblock.root_tree; ++ key->object_id = data->sblock.root_dir_objectid; ++ key->type = GRUB_BTRFS_ITEM_TYPE_DIR_ITEM; ++ key->offset = 0; ++ follow_default = 1; ++ } + } + else + { +@@ -2275,6 +2319,7 @@ GRUB_MOD_INIT (btrfs) + subvolid_set_env); + grub_env_export ("btrfs_subvol"); + grub_env_export ("btrfs_subvolid"); ++ grub_env_export ("btrfs_relative_path"); + } + + GRUB_MOD_FINI (btrfs) diff --git a/SOURCES/0091-grub2-btrfs-04-grub2-install.patch b/SOURCES/0091-grub2-btrfs-04-grub2-install.patch new file mode 100644 index 0000000..4f4df1c --- /dev/null +++ b/SOURCES/0091-grub2-btrfs-04-grub2-install.patch @@ -0,0 +1,174 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Michael Chang +Date: Thu, 21 Aug 2014 03:39:11 +0000 +Subject: [PATCH] grub2-btrfs-04-grub2-install + +--- + grub-core/osdep/linux/getroot.c | 7 +++++++ + grub-core/osdep/unix/config.c | 17 +++++++++++++++-- + util/config.c | 10 ++++++++++ + util/grub-install.c | 15 +++++++++++++++ + util/grub-mkrelpath.c | 6 ++++++ + include/grub/emu/config.h | 1 + + 6 files changed, 54 insertions(+), 2 deletions(-) + +diff --git a/grub-core/osdep/linux/getroot.c b/grub-core/osdep/linux/getroot.c +index 6d9f4e5fa..5d50dd6f8 100644 +--- a/grub-core/osdep/linux/getroot.c ++++ b/grub-core/osdep/linux/getroot.c +@@ -376,6 +376,7 @@ get_btrfs_fs_prefix (const char *mount_path) + return NULL; + } + ++int use_relative_path_on_btrfs = 0; + + char ** + grub_find_root_devices_from_mountinfo (const char *dir, char **relroot) +@@ -519,6 +520,12 @@ again: + { + ret = grub_find_root_devices_from_btrfs (dir); + fs_prefix = get_btrfs_fs_prefix (entries[i].enc_path); ++ if (use_relative_path_on_btrfs) ++ { ++ if (fs_prefix) ++ free (fs_prefix); ++ fs_prefix = xstrdup ("/"); ++ } + } + else if (!retry && grub_strcmp (entries[i].fstype, "autofs") == 0) + { +diff --git a/grub-core/osdep/unix/config.c b/grub-core/osdep/unix/config.c +index 65effa9f3..b637c58ef 100644 +--- a/grub-core/osdep/unix/config.c ++++ b/grub-core/osdep/unix/config.c +@@ -82,6 +82,19 @@ grub_util_load_config (struct grub_util_config *cfg) + if (v) + cfg->grub_distributor = xstrdup (v); + ++ v = getenv ("SUSE_BTRFS_SNAPSHOT_BOOTING"); ++ if (v) ++ { ++ if (grub_strncmp(v, "true", sizeof ("true") - 1) == 0) ++ { ++ cfg->is_suse_btrfs_snapshot_enabled = 1; ++ } ++ else ++ { ++ cfg->is_suse_btrfs_snapshot_enabled = 0; ++ } ++ } ++ + cfgfile = grub_util_get_config_filename (); + if (!grub_util_is_regular (cfgfile)) + return; +@@ -105,8 +118,8 @@ grub_util_load_config (struct grub_util_config *cfg) + *ptr++ = *iptr; + } + +- strcpy (ptr, "'; printf \"GRUB_ENABLE_CRYPTODISK=%s\\nGRUB_DISTRIBUTOR=%s\\n\" " +- "\"$GRUB_ENABLE_CRYPTODISK\" \"$GRUB_DISTRIBUTOR\""); ++ strcpy (ptr, "'; printf \"GRUB_ENABLE_CRYPTODISK=%s\\nGRUB_DISTRIBUTOR=%s\\nSUSE_BTRFS_SNAPSHOT_BOOTING=%s\\n\" " ++ "\"$GRUB_ENABLE_CRYPTODISK\" \"$GRUB_DISTRIBUTOR\" \"$SUSE_BTRFS_SNAPSHOT_BOOTING\""); + + argv[2] = script; + argv[3] = '\0'; +diff --git a/util/config.c b/util/config.c +index ebcdd8f5e..f044a880a 100644 +--- a/util/config.c ++++ b/util/config.c +@@ -42,6 +42,16 @@ grub_util_parse_config (FILE *f, struct grub_util_config *cfg, int simple) + cfg->is_cryptodisk_enabled = 1; + continue; + } ++ if (grub_strncmp (ptr, "SUSE_BTRFS_SNAPSHOT_BOOTING=", ++ sizeof ("SUSE_BTRFS_SNAPSHOT_BOOTING=") - 1) == 0) ++ { ++ ptr += sizeof ("SUSE_BTRFS_SNAPSHOT_BOOTING=") - 1; ++ if (*ptr == '"' || *ptr == '\'') ++ ptr++; ++ if (grub_strncmp(ptr, "true", sizeof ("true") - 1) == 0) ++ cfg->is_suse_btrfs_snapshot_enabled = 1; ++ continue; ++ } + if (grub_strncmp (ptr, "GRUB_DISTRIBUTOR=", + sizeof ("GRUB_DISTRIBUTOR=") - 1) == 0) + { +diff --git a/util/grub-install.c b/util/grub-install.c +index 78d0138cb..4375c1619 100644 +--- a/util/grub-install.c ++++ b/util/grub-install.c +@@ -816,6 +816,8 @@ fill_core_services (const char *core_services) + free (sysv_plist); + } + ++extern int use_relative_path_on_btrfs; ++ + int + main (int argc, char *argv[]) + { +@@ -849,6 +851,9 @@ main (int argc, char *argv[]) + + grub_util_load_config (&config); + ++ if (config.is_suse_btrfs_snapshot_enabled) ++ use_relative_path_on_btrfs = 1; ++ + if (!bootloader_id && config.grub_distributor) + { + char *ptr; +@@ -1321,6 +1326,16 @@ main (int argc, char *argv[]) + fprintf (load_cfg_f, "set debug='%s'\n", + debug_image); + } ++ ++ if (config.is_suse_btrfs_snapshot_enabled ++ && grub_strncmp(grub_fs->name, "btrfs", sizeof ("btrfs") - 1) == 0) ++ { ++ if (!load_cfg_f) ++ load_cfg_f = grub_util_fopen (load_cfg, "wb"); ++ have_load_cfg = 1; ++ fprintf (load_cfg_f, "set btrfs_relative_path='y'\n"); ++ } ++ + char *prefix_drive = NULL; + char *install_drive = NULL; + +diff --git a/util/grub-mkrelpath.c b/util/grub-mkrelpath.c +index 47a241a39..5db7a9a7d 100644 +--- a/util/grub-mkrelpath.c ++++ b/util/grub-mkrelpath.c +@@ -40,9 +40,12 @@ struct arguments + }; + + static struct argp_option options[] = { ++ {"relative", 'r', 0, 0, "use relative path on btrfs", 0}, + { 0, 0, 0, 0, 0, 0 } + }; + ++extern int use_relative_path_on_btrfs; ++ + static error_t + argp_parser (int key, char *arg, struct argp_state *state) + { +@@ -52,6 +55,9 @@ argp_parser (int key, char *arg, struct argp_state *state) + + switch (key) + { ++ case 'r': ++ use_relative_path_on_btrfs = 1; ++ break; + case ARGP_KEY_ARG: + if (state->arg_num == 0) + arguments->pathname = xstrdup (arg); +diff --git a/include/grub/emu/config.h b/include/grub/emu/config.h +index 875d5896c..c9a7e5f4a 100644 +--- a/include/grub/emu/config.h ++++ b/include/grub/emu/config.h +@@ -37,6 +37,7 @@ struct grub_util_config + { + int is_cryptodisk_enabled; + char *grub_distributor; ++ int is_suse_btrfs_snapshot_enabled; + }; + + void diff --git a/SOURCES/0092-grub2-btrfs-05-grub2-mkconfig.patch b/SOURCES/0092-grub2-btrfs-05-grub2-mkconfig.patch new file mode 100644 index 0000000..8d3cb2f --- /dev/null +++ b/SOURCES/0092-grub2-btrfs-05-grub2-mkconfig.patch @@ -0,0 +1,127 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Michael Chang +Date: Thu, 21 Aug 2014 03:39:11 +0000 +Subject: [PATCH] grub2-btrfs-05-grub2-mkconfig + +--- + util/grub-mkconfig.in | 3 ++- + util/grub-mkconfig_lib.in | 4 ++++ + util/grub.d/00_header.in | 24 +++++++++++++++++++++++- + util/grub.d/10_linux.in | 4 ++++ + util/grub.d/20_linux_xen.in | 4 ++++ + 5 files changed, 37 insertions(+), 2 deletions(-) + +diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in +index 8218f3d47..4248b9341 100644 +--- a/util/grub-mkconfig.in ++++ b/util/grub-mkconfig.in +@@ -258,7 +258,8 @@ export GRUB_DEFAULT \ + GRUB_BADRAM \ + GRUB_OS_PROBER_SKIP_LIST \ + GRUB_DISABLE_SUBMENU \ +- GRUB_DEFAULT_DTB ++ GRUB_DEFAULT_DTB \ ++ SUSE_BTRFS_SNAPSHOT_BOOTING + + if test "x${grub_cfg}" != "x"; then + rm -f "${grub_cfg}.new" +diff --git a/util/grub-mkconfig_lib.in b/util/grub-mkconfig_lib.in +index 113a41f94..b3aae534d 100644 +--- a/util/grub-mkconfig_lib.in ++++ b/util/grub-mkconfig_lib.in +@@ -52,7 +52,11 @@ grub_warn () + + make_system_path_relative_to_its_root () + { ++ if [ "x${SUSE_BTRFS_SNAPSHOT_BOOTING}" = "xtrue" ] ; then ++ "${grub_mkrelpath}" -r "$1" ++ else + "${grub_mkrelpath}" "$1" ++ fi + } + + is_path_readable_by_grub () +diff --git a/util/grub.d/00_header.in b/util/grub.d/00_header.in +index 858b526c9..e2a533001 100644 +--- a/util/grub.d/00_header.in ++++ b/util/grub.d/00_header.in +@@ -27,6 +27,14 @@ export TEXTDOMAINDIR="@localedir@" + + . "$pkgdatadir/grub-mkconfig_lib" + ++if [ "x${SUSE_BTRFS_SNAPSHOT_BOOTING}" = "xtrue" ] && ++ [ "x${GRUB_FS}" = "xbtrfs" ] ; then ++ cat </dev/null || true` +diff --git a/util/grub.d/20_linux_xen.in b/util/grub.d/20_linux_xen.in +index 972a4b5a0..bcdc3ceac 100644 +--- a/util/grub.d/20_linux_xen.in ++++ b/util/grub.d/20_linux_xen.in +@@ -73,10 +73,14 @@ fi + + case x"$GRUB_FS" in + xbtrfs) ++ if [ "x${SUSE_BTRFS_SNAPSHOT_BOOTING}" = "xtrue" ]; then ++ GRUB_CMDLINE_LINUX="${GRUB_CMDLINE_LINUX} \${extra_cmdline}" ++ else + rootsubvol="`make_system_path_relative_to_its_root /`" + rootsubvol="${rootsubvol#/}" + if [ "x${rootsubvol}" != x ]; then + GRUB_CMDLINE_LINUX="rootflags=subvol=${rootsubvol} ${GRUB_CMDLINE_LINUX}" ++ fi + fi;; + xzfs) + rpool=`${grub_probe} --device ${GRUB_DEVICE} --target=fs_label 2>/dev/null || true` diff --git a/SOURCES/0093-grub2-btrfs-06-subvol-mount.patch b/SOURCES/0093-grub2-btrfs-06-subvol-mount.patch new file mode 100644 index 0000000..2c7e2d7 --- /dev/null +++ b/SOURCES/0093-grub2-btrfs-06-subvol-mount.patch @@ -0,0 +1,537 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Michael Chang +Date: Fri, 22 May 2015 11:45:25 +0000 +Subject: [PATCH] grub2-btrfs-06-subvol-mount + +--- + grub-core/fs/btrfs.c | 195 +++++++++++++++++++++++++++++++++++++++- + grub-core/osdep/linux/getroot.c | 148 +++++++++++++++++++++++++++++- + util/grub-install.c | 49 ++++++++++ + include/grub/emu/getroot.h | 5 ++ + 4 files changed, 392 insertions(+), 5 deletions(-) + +diff --git a/grub-core/fs/btrfs.c b/grub-core/fs/btrfs.c +index a47d29756..2e36ac47e 100644 +--- a/grub-core/fs/btrfs.c ++++ b/grub-core/fs/btrfs.c +@@ -32,6 +32,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -245,6 +246,12 @@ static grub_err_t + grub_btrfs_read_logical (struct grub_btrfs_data *data, + grub_disk_addr_t addr, void *buf, grub_size_t size, + int recursion_depth); ++static grub_err_t ++get_root (struct grub_btrfs_data *data, struct grub_btrfs_key *key, ++ grub_uint64_t *tree, grub_uint8_t *type); ++ ++grub_uint64_t ++find_mtab_subvol_tree (const char *path, char **path_in_subvol); + + static grub_err_t + read_sblock (grub_disk_t disk, struct grub_btrfs_superblock *sb) +@@ -887,9 +894,26 @@ lookup_root_by_name(struct grub_btrfs_data *data, const char *path) + grub_err_t err; + grub_uint64_t tree = 0; + grub_uint8_t type; ++ grub_uint64_t saved_tree; + struct grub_btrfs_key key; + ++ if (path[0] == '\0') ++ { ++ data->fs_tree = 0; ++ return GRUB_ERR_NONE; ++ } ++ ++ err = get_root (data, &key, &tree, &type); ++ if (err) ++ return err; ++ ++ saved_tree = data->fs_tree; ++ data->fs_tree = tree; ++ + err = find_path (data, path, &key, &tree, &type); ++ ++ data->fs_tree = saved_tree; ++ + if (err) + return grub_error(GRUB_ERR_FILE_NOT_FOUND, "couldn't locate %s\n", path); + +@@ -1758,11 +1782,20 @@ grub_btrfs_dir (grub_device_t device, const char *path, + int r = 0; + grub_uint64_t tree; + grub_uint8_t type; ++ char *new_path = NULL; + + if (!data) + return grub_errno; + +- err = find_path (data, path, &key_in, &tree, &type); ++ tree = find_mtab_subvol_tree (path, &new_path); ++ ++ if (tree) ++ data->fs_tree = tree; ++ ++ err = find_path (data, new_path ? new_path : path, &key_in, &tree, &type); ++ if (new_path) ++ grub_free (new_path); ++ + if (err) + { + grub_btrfs_unmount (data); +@@ -1864,11 +1897,21 @@ grub_btrfs_open (struct grub_file *file, const char *name) + struct grub_btrfs_inode inode; + grub_uint8_t type; + struct grub_btrfs_key key_in; ++ grub_uint64_t tree; ++ char *new_path = NULL; + + if (!data) + return grub_errno; + +- err = find_path (data, name, &key_in, &data->tree, &type); ++ tree = find_mtab_subvol_tree (name, &new_path); ++ ++ if (tree) ++ data->fs_tree = tree; ++ ++ err = find_path (data, new_path ? new_path : name, &key_in, &data->tree, &type); ++ if (new_path) ++ grub_free (new_path); ++ + if (err) + { + grub_btrfs_unmount (data); +@@ -2039,6 +2082,150 @@ grub_cmd_btrfs_info (grub_command_t cmd __attribute__ ((unused)), int argc, + return 0; + } + ++struct grub_btrfs_mtab ++{ ++ struct grub_btrfs_mtab *next; ++ struct grub_btrfs_mtab **prev; ++ char *path; ++ char *subvol; ++ grub_uint64_t tree; ++}; ++ ++typedef struct grub_btrfs_mtab* grub_btrfs_mtab_t; ++ ++static struct grub_btrfs_mtab *btrfs_mtab; ++ ++#define FOR_GRUB_MTAB(var) FOR_LIST_ELEMENTS (var, btrfs_mtab) ++#define FOR_GRUB_MTAB_SAFE(var, next) FOR_LIST_ELEMENTS_SAFE((var), (next), btrfs_mtab) ++ ++static void ++add_mountpoint (const char *path, const char *subvol, grub_uint64_t tree) ++{ ++ grub_btrfs_mtab_t m = grub_malloc (sizeof (*m)); ++ ++ m->path = grub_strdup (path); ++ m->subvol = grub_strdup (subvol); ++ m->tree = tree; ++ grub_list_push (GRUB_AS_LIST_P (&btrfs_mtab), GRUB_AS_LIST (m)); ++} ++ ++static grub_err_t ++grub_cmd_btrfs_mount_subvol (grub_command_t cmd __attribute__ ((unused)), int argc, ++ char **argv) ++{ ++ char *devname, *dirname, *subvol; ++ struct grub_btrfs_key key_in; ++ grub_uint8_t type; ++ grub_uint64_t tree; ++ grub_uint64_t saved_tree; ++ grub_err_t err; ++ struct grub_btrfs_data *data = NULL; ++ grub_device_t dev = NULL; ++ ++ if (argc < 3) ++ return grub_error (GRUB_ERR_BAD_ARGUMENT, "required and "); ++ ++ devname = grub_file_get_device_name(argv[0]); ++ dev = grub_device_open (devname); ++ grub_free (devname); ++ ++ if (!dev) ++ { ++ err = grub_errno; ++ goto err_out; ++ } ++ ++ dirname = argv[1]; ++ subvol = argv[2]; ++ ++ data = grub_btrfs_mount (dev); ++ if (!data) ++ { ++ err = grub_errno; ++ goto err_out; ++ } ++ ++ err = find_path (data, dirname, &key_in, &tree, &type); ++ if (err) ++ goto err_out; ++ ++ if (type != GRUB_BTRFS_DIR_ITEM_TYPE_DIRECTORY) ++ { ++ err = grub_error (GRUB_ERR_BAD_FILE_TYPE, N_("not a directory")); ++ goto err_out; ++ } ++ ++ err = get_root (data, &key_in, &tree, &type); ++ ++ if (err) ++ goto err_out; ++ ++ saved_tree = data->fs_tree; ++ data->fs_tree = tree; ++ err = find_path (data, subvol, &key_in, &tree, &type); ++ data->fs_tree = saved_tree; ++ ++ if (err) ++ goto err_out; ++ ++ if (key_in.object_id != grub_cpu_to_le64_compile_time (GRUB_BTRFS_OBJECT_ID_CHUNK) || tree == 0) ++ { ++ err = grub_error (GRUB_ERR_BAD_FILE_TYPE, "%s: not a subvolume\n", subvol); ++ goto err_out; ++ } ++ ++ grub_btrfs_unmount (data); ++ grub_device_close (dev); ++ add_mountpoint (dirname, subvol, tree); ++ ++ return GRUB_ERR_NONE; ++ ++err_out: ++ ++ if (data) ++ grub_btrfs_unmount (data); ++ ++ if (dev) ++ grub_device_close (dev); ++ ++ return err; ++} ++ ++grub_uint64_t ++find_mtab_subvol_tree (const char *path, char **path_in_subvol) ++{ ++ grub_btrfs_mtab_t m, cm; ++ grub_uint64_t tree; ++ ++ if (!path || !path_in_subvol) ++ return 0; ++ ++ *path_in_subvol = NULL; ++ tree = 0; ++ cm = NULL; ++ ++ FOR_GRUB_MTAB (m) ++ { ++ if (grub_strncmp (path, m->path, grub_strlen (m->path)) == 0) ++ { ++ if (!cm) ++ cm = m; ++ else ++ if (grub_strcmp (m->path, cm->path) > 0) ++ cm = m; ++ } ++ } ++ ++ if (cm) ++ { ++ const char *s = path + grub_strlen (cm->path); ++ *path_in_subvol = (s[0] == '\0') ? grub_strdup ("/") : grub_strdup (s); ++ tree = cm->tree; ++ } ++ ++ return tree; ++} ++ + static grub_err_t + get_fs_root(struct grub_btrfs_data *data, grub_uint64_t tree, + grub_uint64_t objectid, grub_uint64_t offset, +@@ -2245,6 +2432,7 @@ static struct grub_fs grub_btrfs_fs = { + }; + + static grub_command_t cmd_info; ++static grub_command_t cmd_mount_subvol; + static grub_extcmd_t cmd_list_subvols; + + static char * +@@ -2308,6 +2496,9 @@ GRUB_MOD_INIT (btrfs) + cmd_info = grub_register_command("btrfs-info", grub_cmd_btrfs_info, + "DEVICE", + "Print BtrFS info about DEVICE."); ++ cmd_mount_subvol = grub_register_command("btrfs-mount-subvol", grub_cmd_btrfs_mount_subvol, ++ "DEVICE DIRECTORY SUBVOL", ++ "Set btrfs DEVICE the DIRECTORY a mountpoint of SUBVOL."); + cmd_list_subvols = grub_register_extcmd("btrfs-list-subvols", + grub_cmd_btrfs_list_subvols, 0, + "[-p|-n] [-o var] DEVICE", +diff --git a/grub-core/osdep/linux/getroot.c b/grub-core/osdep/linux/getroot.c +index 5d50dd6f8..4c5a13022 100644 +--- a/grub-core/osdep/linux/getroot.c ++++ b/grub-core/osdep/linux/getroot.c +@@ -107,6 +107,14 @@ struct btrfs_ioctl_search_key + grub_uint32_t unused[9]; + }; + ++struct btrfs_ioctl_search_header { ++ grub_uint64_t transid; ++ grub_uint64_t objectid; ++ grub_uint64_t offset; ++ grub_uint32_t type; ++ grub_uint32_t len; ++}; ++ + struct btrfs_ioctl_search_args { + struct btrfs_ioctl_search_key key; + grub_uint64_t buf[(4096 - sizeof(struct btrfs_ioctl_search_key)) +@@ -378,6 +386,109 @@ get_btrfs_fs_prefix (const char *mount_path) + + int use_relative_path_on_btrfs = 0; + ++static char * ++get_btrfs_subvol (const char *path) ++{ ++ struct btrfs_ioctl_ino_lookup_args args; ++ grub_uint64_t tree_id; ++ int fd = -1; ++ char *ret = NULL; ++ ++ fd = open (path, O_RDONLY); ++ ++ if (fd < 0) ++ return NULL; ++ ++ memset (&args, 0, sizeof(args)); ++ args.objectid = GRUB_BTRFS_TREE_ROOT_OBJECTID; ++ ++ if (ioctl (fd, BTRFS_IOC_INO_LOOKUP, &args) < 0) ++ goto error; ++ ++ tree_id = args.treeid; ++ ++ while (tree_id != GRUB_BTRFS_ROOT_VOL_OBJECTID) ++ { ++ struct btrfs_ioctl_search_args sargs; ++ struct grub_btrfs_root_backref *br; ++ struct btrfs_ioctl_search_header *search_header; ++ char *old; ++ grub_uint16_t len; ++ grub_uint64_t inode_id; ++ ++ memset (&sargs, 0, sizeof(sargs)); ++ ++ sargs.key.tree_id = 1; ++ sargs.key.min_objectid = tree_id; ++ sargs.key.max_objectid = tree_id; ++ ++ sargs.key.min_offset = 0; ++ sargs.key.max_offset = ~0ULL; ++ sargs.key.min_transid = 0; ++ sargs.key.max_transid = ~0ULL; ++ sargs.key.min_type = GRUB_BTRFS_ITEM_TYPE_ROOT_BACKREF; ++ sargs.key.max_type = GRUB_BTRFS_ITEM_TYPE_ROOT_BACKREF; ++ ++ sargs.key.nr_items = 1; ++ ++ if (ioctl (fd, BTRFS_IOC_TREE_SEARCH, &sargs) < 0) ++ goto error; ++ ++ if (sargs.key.nr_items == 0) ++ goto error; ++ ++ search_header = (struct btrfs_ioctl_search_header *)sargs.buf; ++ br = (struct grub_btrfs_root_backref *) (search_header + 1); ++ ++ len = grub_le_to_cpu16 (br->n); ++ inode_id = grub_le_to_cpu64 (br->inode_id); ++ tree_id = search_header->offset; ++ ++ old = ret; ++ ret = malloc (len + 1); ++ memcpy (ret, br->name, len); ++ ret[len] = '\0'; ++ ++ if (inode_id != GRUB_BTRFS_TREE_ROOT_OBJECTID) ++ { ++ char *s; ++ ++ memset(&args, 0, sizeof(args)); ++ args.treeid = search_header->offset; ++ args.objectid = inode_id; ++ ++ if (ioctl (fd, BTRFS_IOC_INO_LOOKUP, &args) < 0) ++ goto error; ++ ++ s = xasprintf ("%s%s", args.name, ret); ++ free (ret); ++ ret = s; ++ } ++ ++ if (old) ++ { ++ char *s = xasprintf ("%s/%s", ret, old); ++ free (ret); ++ free (old); ++ ret = s; ++ } ++ } ++ ++ close (fd); ++ return ret; ++ ++error: ++ ++ if (fd >= 0) ++ close (fd); ++ if (ret) ++ free (ret); ++ ++ return NULL; ++} ++ ++void (*grub_find_root_btrfs_mount_path_hook)(const char *mount_path); ++ + char ** + grub_find_root_devices_from_mountinfo (const char *dir, char **relroot) + { +@@ -519,12 +630,15 @@ again: + else if (grub_strcmp (entries[i].fstype, "btrfs") == 0) + { + ret = grub_find_root_devices_from_btrfs (dir); +- fs_prefix = get_btrfs_fs_prefix (entries[i].enc_path); + if (use_relative_path_on_btrfs) + { +- if (fs_prefix) +- free (fs_prefix); + fs_prefix = xstrdup ("/"); ++ if (grub_find_root_btrfs_mount_path_hook) ++ grub_find_root_btrfs_mount_path_hook (entries[i].enc_path); ++ } ++ else ++ { ++ fs_prefix = get_btrfs_fs_prefix (entries[i].enc_path); + } + } + else if (!retry && grub_strcmp (entries[i].fstype, "autofs") == 0) +@@ -1150,6 +1264,34 @@ grub_util_get_grub_dev_os (const char *os_dev) + return grub_dev; + } + ++ ++char * ++grub_util_get_btrfs_subvol (const char *path, char **mount_path) ++{ ++ char *mp = NULL; ++ ++ if (mount_path) ++ *mount_path = NULL; ++ ++ auto void ++ mount_path_hook (const char *m) ++ { ++ mp = strdup (m); ++ } ++ ++ grub_find_root_btrfs_mount_path_hook = mount_path_hook; ++ grub_free (grub_find_root_devices_from_mountinfo (path, NULL)); ++ grub_find_root_btrfs_mount_path_hook = NULL; ++ ++ if (!mp) ++ return NULL; ++ ++ if (mount_path) ++ *mount_path = mp; ++ ++ return get_btrfs_subvol (mp); ++} ++ + char * + grub_make_system_path_relative_to_its_root_os (const char *path) + { +diff --git a/util/grub-install.c b/util/grub-install.c +index 4375c1619..a0ad99729 100644 +--- a/util/grub-install.c ++++ b/util/grub-install.c +@@ -1535,6 +1535,55 @@ main (int argc, char *argv[]) + prefix_drive = xasprintf ("(%s)", grub_drives[0]); + } + ++#ifdef __linux__ ++ ++ if (config.is_suse_btrfs_snapshot_enabled ++ && grub_strncmp(grub_fs->name, "btrfs", sizeof ("btrfs") - 1) == 0) ++ { ++ char *subvol = NULL; ++ char *mount_path = NULL; ++ char **rootdir_devices = NULL; ++ char *rootdir_path = grub_util_path_concat (2, "/", rootdir); ++ ++ if (grub_util_is_directory (rootdir_path)) ++ rootdir_devices = grub_guess_root_devices (rootdir_path); ++ ++ free (rootdir_path); ++ ++ if (rootdir_devices && rootdir_devices[0]) ++ if (grub_strcmp (rootdir_devices[0], grub_devices[0]) == 0) ++ subvol = grub_util_get_btrfs_subvol (platdir, &mount_path); ++ ++ if (subvol && mount_path) ++ { ++ char *def_subvol; ++ ++ def_subvol = grub_util_get_btrfs_subvol ("/", NULL); ++ ++ if (def_subvol) ++ { ++ if (!load_cfg_f) ++ load_cfg_f = grub_util_fopen (load_cfg, "wb"); ++ have_load_cfg = 1; ++ ++ if (grub_strcmp (subvol, def_subvol) != 0) ++ fprintf (load_cfg_f, "btrfs-mount-subvol ($root) %s %s\n", mount_path, subvol); ++ free (def_subvol); ++ } ++ } ++ ++ for (curdev = rootdir_devices; *curdev; curdev++) ++ free (*curdev); ++ if (rootdir_devices) ++ free (rootdir_devices); ++ if (subvol) ++ free (subvol); ++ if (mount_path) ++ free (mount_path); ++ } ++ ++#endif ++ + char mkimage_target[200]; + const char *core_name = NULL; + +diff --git a/include/grub/emu/getroot.h b/include/grub/emu/getroot.h +index 73fa2d34a..9c642ae3f 100644 +--- a/include/grub/emu/getroot.h ++++ b/include/grub/emu/getroot.h +@@ -53,6 +53,11 @@ char ** + grub_find_root_devices_from_mountinfo (const char *dir, char **relroot); + #endif + ++#ifdef __linux__ ++char * ++grub_util_get_btrfs_subvol (const char *path, char **mount_path); ++#endif ++ + /* Devmapper functions provided by getroot_devmapper.c. */ + void + grub_util_pull_devmapper (const char *os_dev); diff --git a/SOURCES/0094-No-more-Bootable-Snapshot-submenu-in-grub.cfg.patch b/SOURCES/0094-No-more-Bootable-Snapshot-submenu-in-grub.cfg.patch new file mode 100644 index 0000000..82b5848 --- /dev/null +++ b/SOURCES/0094-No-more-Bootable-Snapshot-submenu-in-grub.cfg.patch @@ -0,0 +1,31 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Dusty Mabe +Date: Sat, 18 Jul 2015 15:38:08 +0000 +Subject: [PATCH] No more "Bootable Snapshot" submenu in grub.cfg. + +This breaks grubby (run on kernel upgrades) because grubby just +does a search for "menuentry". +--- + util/grub.d/00_header.in | 12 ------------ + 1 file changed, 12 deletions(-) + +diff --git a/util/grub.d/00_header.in b/util/grub.d/00_header.in +index e2a533001..8a16fea34 100644 +--- a/util/grub.d/00_header.in ++++ b/util/grub.d/00_header.in +@@ -366,15 +366,3 @@ fi + if [ "x${GRUB_BADRAM}" != "x" ] ; then + echo "badram ${GRUB_BADRAM}" + fi +- +-if [ "x${SUSE_BTRFS_SNAPSHOT_BOOTING}" = "xtrue" ] && +- [ "x${GRUB_FS}" = "xbtrfs" ] ; then +- # Note: No $snapshot_num on *read-only* rollback! (bsc#901487) +- cat < +Date: Tue, 21 Jun 2016 16:44:17 +0000 +Subject: [PATCH] Fallback to old subvol name scheme to support old snapshot + config + +Ref: bsc#953538 +--- + grub-core/fs/btrfs.c | 32 +++++++++++++++++++++++++++++++- + 1 file changed, 31 insertions(+), 1 deletion(-) + +diff --git a/grub-core/fs/btrfs.c b/grub-core/fs/btrfs.c +index 2e36ac47e..4a31d39ee 100644 +--- a/grub-core/fs/btrfs.c ++++ b/grub-core/fs/btrfs.c +@@ -924,11 +924,41 @@ lookup_root_by_name(struct grub_btrfs_data *data, const char *path) + return GRUB_ERR_NONE; + } + ++static grub_err_t ++lookup_root_by_name_fallback(struct grub_btrfs_data *data, const char *path) ++{ ++ grub_err_t err; ++ grub_uint64_t tree = 0; ++ grub_uint8_t type; ++ struct grub_btrfs_key key; ++ ++ err = find_path (data, path, &key, &tree, &type); ++ if (err) ++ return grub_error(GRUB_ERR_FILE_NOT_FOUND, "couldn't locate %s\n", path); ++ ++ if (key.object_id != grub_cpu_to_le64_compile_time (GRUB_BTRFS_OBJECT_ID_CHUNK) || tree == 0) ++ return grub_error(GRUB_ERR_BAD_FILE_TYPE, "%s: not a subvolume\n", path); ++ ++ data->fs_tree = tree; ++ return GRUB_ERR_NONE; ++} ++ + static grub_err_t + btrfs_handle_subvol(struct grub_btrfs_data *data __attribute__ ((unused))) + { + if (btrfs_default_subvol) +- return lookup_root_by_name(data, btrfs_default_subvol); ++ { ++ grub_err_t err; ++ err = lookup_root_by_name(data, btrfs_default_subvol); ++ ++ /* Fallback to old schemes */ ++ if (err == GRUB_ERR_FILE_NOT_FOUND) ++ { ++ err = GRUB_ERR_NONE; ++ return lookup_root_by_name_fallback(data, btrfs_default_subvol); ++ } ++ return err; ++ } + + if (btrfs_default_subvolid) + return lookup_root_by_id(data, btrfs_default_subvolid); diff --git a/SOURCES/0096-Grub-not-working-correctly-with-btrfs-snapshots-bsc-.patch b/SOURCES/0096-Grub-not-working-correctly-with-btrfs-snapshots-bsc-.patch new file mode 100644 index 0000000..1208271 --- /dev/null +++ b/SOURCES/0096-Grub-not-working-correctly-with-btrfs-snapshots-bsc-.patch @@ -0,0 +1,272 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Michael Chang +Date: Thu, 11 May 2017 08:56:57 +0000 +Subject: [PATCH] Grub not working correctly with btrfs snapshots (bsc#1026511) + +--- + grub-core/fs/btrfs.c | 238 +++++++++++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 238 insertions(+) + +diff --git a/grub-core/fs/btrfs.c b/grub-core/fs/btrfs.c +index 4a31d39ee..7002ad81b 100644 +--- a/grub-core/fs/btrfs.c ++++ b/grub-core/fs/btrfs.c +@@ -2446,6 +2446,238 @@ out: + return 0; + } + ++static grub_err_t ++grub_btrfs_get_parent_subvol_path (struct grub_btrfs_data *data, ++ grub_uint64_t child_id, ++ const char *child_path, ++ grub_uint64_t *parent_id, ++ char **path_out) ++{ ++ grub_uint64_t fs_root = 0; ++ struct grub_btrfs_key key_in = { ++ .object_id = child_id, ++ .type = GRUB_BTRFS_ITEM_TYPE_ROOT_BACKREF, ++ .offset = 0, ++ }, key_out; ++ struct grub_btrfs_root_ref *ref; ++ char *buf; ++ struct grub_btrfs_leaf_descriptor desc; ++ grub_size_t elemsize; ++ grub_disk_addr_t elemaddr; ++ grub_err_t err; ++ char *parent_path; ++ ++ *parent_id = 0; ++ *path_out = 0; ++ ++ err = lower_bound(data, &key_in, &key_out, data->sblock.root_tree, ++ &elemaddr, &elemsize, &desc, 0); ++ if (err) ++ return err; ++ ++ if (key_out.type != GRUB_BTRFS_ITEM_TYPE_ROOT_BACKREF || elemaddr == 0) ++ next(data, &desc, &elemaddr, &elemsize, &key_out); ++ ++ if (key_out.type != GRUB_BTRFS_ITEM_TYPE_ROOT_BACKREF) ++ { ++ free_iterator(&desc); ++ return grub_error(GRUB_ERR_FILE_NOT_FOUND, N_("can't find root backrefs")); ++ } ++ ++ buf = grub_malloc(elemsize + 1); ++ if (!buf) ++ { ++ free_iterator(&desc); ++ return grub_errno; ++ } ++ ++ err = grub_btrfs_read_logical(data, elemaddr, buf, elemsize, 0); ++ if (err) ++ { ++ grub_free(buf); ++ free_iterator(&desc); ++ return err; ++ } ++ ++ buf[elemsize] = 0; ++ ref = (struct grub_btrfs_root_ref *)buf; ++ ++ err = get_fs_root(data, data->sblock.root_tree, grub_le_to_cpu64 (key_out.offset), ++ 0, &fs_root); ++ if (err) ++ { ++ grub_free(buf); ++ free_iterator(&desc); ++ return err; ++ } ++ ++ find_pathname(data, grub_le_to_cpu64 (ref->dirid), fs_root, ref->name, &parent_path); ++ ++ if (child_path) ++ { ++ *path_out = grub_xasprintf ("%s/%s", parent_path, child_path); ++ grub_free (parent_path); ++ } ++ else ++ *path_out = parent_path; ++ ++ *parent_id = grub_le_to_cpu64 (key_out.offset); ++ ++ grub_free(buf); ++ free_iterator(&desc); ++ return GRUB_ERR_NONE; ++} ++ ++static grub_err_t ++grub_btrfs_get_default_subvolume_id (struct grub_btrfs_data *data, grub_uint64_t *id) ++{ ++ grub_err_t err; ++ grub_disk_addr_t elemaddr; ++ grub_size_t elemsize; ++ struct grub_btrfs_key key, key_out; ++ struct grub_btrfs_dir_item *direl = NULL; ++ const char *ctoken = "default"; ++ grub_size_t ctokenlen = sizeof ("default") - 1; ++ ++ *id = 0; ++ key.object_id = data->sblock.root_dir_objectid; ++ key.type = GRUB_BTRFS_ITEM_TYPE_DIR_ITEM; ++ key.offset = grub_cpu_to_le64 (~grub_getcrc32c (1, ctoken, ctokenlen)); ++ err = lower_bound (data, &key, &key_out, data->sblock.root_tree, &elemaddr, &elemsize, ++ NULL, 0); ++ if (err) ++ return err; ++ ++ if (key_cmp (&key, &key_out) != 0) ++ return grub_error (GRUB_ERR_FILE_NOT_FOUND, N_("file not found")); ++ ++ struct grub_btrfs_dir_item *cdirel; ++ direl = grub_malloc (elemsize + 1); ++ err = grub_btrfs_read_logical (data, elemaddr, direl, elemsize, 0); ++ if (err) ++ { ++ grub_free (direl); ++ return err; ++ } ++ for (cdirel = direl; ++ (grub_uint8_t *) cdirel - (grub_uint8_t *) direl ++ < (grub_ssize_t) elemsize; ++ cdirel = (void *) ((grub_uint8_t *) (direl + 1) ++ + grub_le_to_cpu16 (cdirel->n) ++ + grub_le_to_cpu16 (cdirel->m))) ++ { ++ if (ctokenlen == grub_le_to_cpu16 (cdirel->n) ++ && grub_memcmp (cdirel->name, ctoken, ctokenlen) == 0) ++ break; ++ } ++ if ((grub_uint8_t *) cdirel - (grub_uint8_t *) direl ++ >= (grub_ssize_t) elemsize) ++ { ++ grub_free (direl); ++ err = grub_error (GRUB_ERR_FILE_NOT_FOUND, N_("file not found")); ++ return err; ++ } ++ ++ if (cdirel->key.type != GRUB_BTRFS_ITEM_TYPE_ROOT_ITEM) ++ { ++ grub_free (direl); ++ err = grub_error (GRUB_ERR_FILE_NOT_FOUND, N_("file not found")); ++ return err; ++ } ++ ++ *id = grub_le_to_cpu64 (cdirel->key.object_id); ++ return GRUB_ERR_NONE; ++} ++ ++static grub_err_t ++grub_cmd_btrfs_get_default_subvol (struct grub_extcmd_context *ctxt, ++ int argc, char **argv) ++{ ++ char *devname; ++ grub_device_t dev; ++ struct grub_btrfs_data *data; ++ grub_err_t err; ++ grub_uint64_t id; ++ char *subvol = NULL; ++ grub_uint64_t subvolid = 0; ++ char *varname = NULL; ++ char *output = NULL; ++ int path_only = ctxt->state[1].set; ++ int num_only = ctxt->state[2].set; ++ ++ if (ctxt->state[0].set) ++ varname = ctxt->state[0].arg; ++ ++ if (argc < 1) ++ return grub_error (GRUB_ERR_BAD_ARGUMENT, "device name required"); ++ ++ devname = grub_file_get_device_name(argv[0]); ++ if (!devname) ++ return grub_errno; ++ ++ dev = grub_device_open (devname); ++ grub_free (devname); ++ if (!dev) ++ return grub_errno; ++ ++ data = grub_btrfs_mount(dev); ++ if (!data) ++ { ++ grub_device_close (dev); ++ grub_dprintf ("btrfs", "failed to open fs\n"); ++ grub_errno = GRUB_ERR_NONE; ++ return 0; ++ } ++ ++ err = grub_btrfs_get_default_subvolume_id (data, &subvolid); ++ if (err) ++ { ++ grub_btrfs_unmount (data); ++ grub_device_close (dev); ++ return err; ++ } ++ ++ id = subvolid; ++ while (id != GRUB_BTRFS_ROOT_VOL_OBJECTID) ++ { ++ grub_uint64_t parent_id; ++ char *path_out; ++ ++ err = grub_btrfs_get_parent_subvol_path (data, grub_cpu_to_le64 (id), subvol, &parent_id, &path_out); ++ if (err) ++ { ++ grub_btrfs_unmount (data); ++ grub_device_close (dev); ++ return err; ++ } ++ ++ if (subvol) ++ grub_free (subvol); ++ subvol = path_out; ++ id = parent_id; ++ } ++ ++ if (num_only && path_only) ++ output = grub_xasprintf ("%"PRIuGRUB_UINT64_T" /%s", subvolid, subvol); ++ else if (num_only) ++ output = grub_xasprintf ("%"PRIuGRUB_UINT64_T, subvolid); ++ else ++ output = grub_xasprintf ("/%s", subvol); ++ ++ if (varname) ++ grub_env_set(varname, output); ++ else ++ grub_printf ("%s\n", output); ++ ++ grub_free (output); ++ grub_free (subvol); ++ ++ grub_btrfs_unmount (data); ++ grub_device_close (dev); ++ ++ return GRUB_ERR_NONE; ++} ++ + static struct grub_fs grub_btrfs_fs = { + .name = "btrfs", + .dir = grub_btrfs_dir, +@@ -2464,6 +2696,7 @@ static struct grub_fs grub_btrfs_fs = { + static grub_command_t cmd_info; + static grub_command_t cmd_mount_subvol; + static grub_extcmd_t cmd_list_subvols; ++static grub_extcmd_t cmd_get_default_subvol; + + static char * + subvolid_set_env (struct grub_env_var *var __attribute__ ((unused)), +@@ -2534,6 +2767,11 @@ GRUB_MOD_INIT (btrfs) + "[-p|-n] [-o var] DEVICE", + "Print list of BtrFS subvolumes on " + "DEVICE.", options); ++ cmd_get_default_subvol = grub_register_extcmd("btrfs-get-default-subvol", ++ grub_cmd_btrfs_get_default_subvol, 0, ++ "[-p|-n] [-o var] DEVICE", ++ "Print default BtrFS subvolume on " ++ "DEVICE.", options); + grub_register_variable_hook ("btrfs_subvol", subvol_get_env, + subvol_set_env); + grub_register_variable_hook ("btrfs_subvolid", subvolid_get_env, diff --git a/SOURCES/0097-Add-grub_efi_allocate_pool-and-grub_efi_free_pool-wr.patch b/SOURCES/0097-Add-grub_efi_allocate_pool-and-grub_efi_free_pool-wr.patch new file mode 100644 index 0000000..04d5246 --- /dev/null +++ b/SOURCES/0097-Add-grub_efi_allocate_pool-and-grub_efi_free_pool-wr.patch @@ -0,0 +1,72 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Thu, 1 Jun 2017 09:59:56 -0400 +Subject: [PATCH] Add grub_efi_allocate_pool() and grub_efi_free_pool() + wrappers. + +Signed-off-by: Peter Jones +--- + include/grub/efi/efi.h | 36 ++++++++++++++++++++++++++++++++---- + 1 file changed, 32 insertions(+), 4 deletions(-) + +diff --git a/include/grub/efi/efi.h b/include/grub/efi/efi.h +index 39480b386..09a18e563 100644 +--- a/include/grub/efi/efi.h ++++ b/include/grub/efi/efi.h +@@ -24,6 +24,10 @@ + #include + #include + ++/* Variables. */ ++extern grub_efi_system_table_t *EXPORT_VAR(grub_efi_system_table); ++extern grub_efi_handle_t EXPORT_VAR(grub_efi_image_handle); ++ + /* Functions. */ + void *EXPORT_FUNC(grub_efi_locate_protocol) (grub_efi_guid_t *protocol, + void *registration); +@@ -60,6 +64,33 @@ EXPORT_FUNC(grub_efi_get_memory_map) (grub_efi_uintn_t *memory_map_size, + grub_efi_uintn_t *descriptor_size, + grub_efi_uint32_t *descriptor_version); + void grub_efi_memory_fini (void); ++ ++static inline grub_efi_status_t ++__attribute__((__unused__)) ++grub_efi_allocate_pool (grub_efi_memory_type_t pool_type, ++ grub_efi_uintn_t buffer_size, ++ void **buffer) ++{ ++ grub_efi_boot_services_t *b; ++ grub_efi_status_t status; ++ ++ b = grub_efi_system_table->boot_services; ++ status = efi_call_3 (b->allocate_pool, pool_type, buffer_size, buffer); ++ return status; ++} ++ ++static inline grub_efi_status_t ++__attribute__((__unused__)) ++grub_efi_free_pool (void *buffer) ++{ ++ grub_efi_boot_services_t *b; ++ grub_efi_status_t status; ++ ++ b = grub_efi_system_table->boot_services; ++ status = efi_call_1 (b->free_pool, buffer); ++ return status; ++} ++ + grub_efi_loaded_image_t *EXPORT_FUNC(grub_efi_get_loaded_image) (grub_efi_handle_t image_handle); + void EXPORT_FUNC(grub_efi_print_device_path) (grub_efi_device_path_t *dp); + char *EXPORT_FUNC(grub_efi_get_filename) (grub_efi_device_path_t *dp); +@@ -109,10 +140,7 @@ void grub_efi_init (void); + void grub_efi_fini (void); + void grub_efi_set_prefix (void); + +-/* Variables. */ +-extern grub_efi_system_table_t *EXPORT_VAR(grub_efi_system_table); +-extern grub_efi_handle_t EXPORT_VAR(grub_efi_image_handle); +- ++/* More variables. */ + extern int EXPORT_VAR(grub_efi_is_finished); + + struct grub_net_card; diff --git a/SOURCES/0098-Use-grub_efi_.-memory-helpers-where-reasonable.patch b/SOURCES/0098-Use-grub_efi_.-memory-helpers-where-reasonable.patch new file mode 100644 index 0000000..42e62f4 --- /dev/null +++ b/SOURCES/0098-Use-grub_efi_.-memory-helpers-where-reasonable.patch @@ -0,0 +1,106 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Thu, 1 Jun 2017 10:06:38 -0400 +Subject: [PATCH] Use grub_efi_...() memory helpers where reasonable. + +This uses grub_efi_allocate_pool(), grub_efi_free_pool(), and +grub_efi_free_pages() instead of open-coded efi_call_N() calls, so we +get more reasonable type checking. + +Signed-off-by: Peter Jones +--- + grub-core/loader/efi/chainloader.c | 24 +++++++++--------------- + 1 file changed, 9 insertions(+), 15 deletions(-) + +diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c +index 5cd9b6e08..106eb10a3 100644 +--- a/grub-core/loader/efi/chainloader.c ++++ b/grub-core/loader/efi/chainloader.c +@@ -65,7 +65,7 @@ grub_chainloader_unload (void) + + b = grub_efi_system_table->boot_services; + efi_call_1 (b->unload_image, image_handle); +- efi_call_2 (b->free_pages, address, pages); ++ grub_efi_free_pages (address, pages); + + grub_free (file_path); + grub_free (cmdline); +@@ -108,7 +108,7 @@ grub_chainloader_boot (void) + } + + if (exit_data) +- efi_call_1 (b->free_pool, exit_data); ++ grub_efi_free_pool (exit_data); + + grub_loader_unset (); + +@@ -500,10 +500,9 @@ grub_efi_get_media_file_path (grub_efi_device_path_t *dp) + static grub_efi_boolean_t + handle_image (void *data, grub_efi_uint32_t datasize) + { +- grub_efi_boot_services_t *b; + grub_efi_loaded_image_t *li, li_bak; + grub_efi_status_t efi_status; +- char *buffer = NULL; ++ void *buffer = NULL; + char *buffer_aligned = NULL; + grub_efi_uint32_t i; + struct grub_pe32_section_table *section; +@@ -514,8 +513,6 @@ handle_image (void *data, grub_efi_uint32_t datasize) + int found_entry_point = 0; + int rc; + +- b = grub_efi_system_table->boot_services; +- + rc = read_header (data, datasize, &context); + if (rc < 0) + { +@@ -555,8 +552,8 @@ handle_image (void *data, grub_efi_uint32_t datasize) + grub_dprintf ("chain", "image size is %08"PRIxGRUB_UINT64_T", datasize is %08x\n", + context.image_size, datasize); + +- efi_status = efi_call_3 (b->allocate_pool, GRUB_EFI_LOADER_DATA, +- buffer_size, &buffer); ++ efi_status = grub_efi_allocate_pool (GRUB_EFI_LOADER_DATA, buffer_size, ++ &buffer); + + if (efi_status != GRUB_EFI_SUCCESS) + { +@@ -788,14 +785,14 @@ handle_image (void *data, grub_efi_uint32_t datasize) + + grub_dprintf ("chain", "entry_point returned %ld\n", efi_status); + grub_memcpy (li, &li_bak, sizeof (grub_efi_loaded_image_t)); +- efi_status = efi_call_1 (b->free_pool, buffer); ++ efi_status = grub_efi_free_pool (buffer); + + return 1; + + error_exit: + grub_dprintf ("chain", "error_exit: grub_errno: %d\n", grub_errno); + if (buffer) +- efi_call_1 (b->free_pool, buffer); ++ grub_efi_free_pool (buffer); + + return 0; + } +@@ -803,10 +800,7 @@ error_exit: + static grub_err_t + grub_secureboot_chainloader_unload (void) + { +- grub_efi_boot_services_t *b; +- +- b = grub_efi_system_table->boot_services; +- efi_call_2 (b->free_pages, address, pages); ++ grub_efi_free_pages (address, pages); + grub_free (file_path); + grub_free (cmdline); + cmdline = 0; +@@ -1073,7 +1067,7 @@ fail: + grub_free (file_path); + + if (address) +- efi_call_2 (b->free_pages, address, pages); ++ grub_efi_free_pages (address, pages); + + if (cmdline) + grub_free (cmdline); diff --git a/SOURCES/0099-Add-PRIxGRUB_EFI_STATUS-and-use-it.patch b/SOURCES/0099-Add-PRIxGRUB_EFI_STATUS-and-use-it.patch new file mode 100644 index 0000000..ec7d44f --- /dev/null +++ b/SOURCES/0099-Add-PRIxGRUB_EFI_STATUS-and-use-it.patch @@ -0,0 +1,46 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Thu, 1 Jun 2017 10:07:50 -0400 +Subject: [PATCH] Add PRIxGRUB_EFI_STATUS and use it. + +This avoids syntax checkers getting confused about if it's llx or lx. + +Signed-off-by: Peter Jones +--- + grub-core/loader/efi/chainloader.c | 3 ++- + include/grub/efi/api.h | 8 ++++++++ + 2 files changed, 10 insertions(+), 1 deletion(-) + +diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c +index 106eb10a3..3630b0cbf 100644 +--- a/grub-core/loader/efi/chainloader.c ++++ b/grub-core/loader/efi/chainloader.c +@@ -783,7 +783,8 @@ handle_image (void *data, grub_efi_uint32_t datasize) + efi_status = efi_call_2 (entry_point, grub_efi_image_handle, + grub_efi_system_table); + +- grub_dprintf ("chain", "entry_point returned %ld\n", efi_status); ++ grub_dprintf ("chain", "entry_point returned 0x%"PRIxGRUB_EFI_STATUS"\n", ++ efi_status); + grub_memcpy (li, &li_bak, sizeof (grub_efi_loaded_image_t)); + efi_status = grub_efi_free_pool (buffer); + +diff --git a/include/grub/efi/api.h b/include/grub/efi/api.h +index 28b6adf76..e5b521bd9 100644 +--- a/include/grub/efi/api.h ++++ b/include/grub/efi/api.h +@@ -527,6 +527,14 @@ typedef grub_uint8_t grub_efi_char8_t; + typedef grub_uint16_t grub_efi_char16_t; + + typedef grub_efi_intn_t grub_efi_status_t; ++/* Make grub_efi_status_t reasonably printable. */ ++#if GRUB_CPU_SIZEOF_VOID_P == 8 ++#define PRIxGRUB_EFI_STATUS "lx" ++#define PRIdGRUB_EFI_STATUS "ld" ++#else ++#define PRIxGRUB_EFI_STATUS "llx" ++#define PRIdGRUB_EFI_STATUS "lld" ++#endif + + #define GRUB_EFI_ERROR_CODE(value) \ + ((((grub_efi_status_t) 1) << (sizeof (grub_efi_status_t) * 8 - 1)) | (value)) diff --git a/SOURCES/0100-Don-t-use-dynamic-sized-arrays-since-we-don-t-build-.patch b/SOURCES/0100-Don-t-use-dynamic-sized-arrays-since-we-don-t-build-.patch new file mode 100644 index 0000000..f62b0bd --- /dev/null +++ b/SOURCES/0100-Don-t-use-dynamic-sized-arrays-since-we-don-t-build-.patch @@ -0,0 +1,43 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Mon, 26 Jun 2017 12:42:57 -0400 +Subject: [PATCH] Don't use dynamic sized arrays since we don't build with + -std=c99 + +--- + grub-core/net/net.c | 17 ++++++++++++++--- + 1 file changed, 14 insertions(+), 3 deletions(-) + +diff --git a/grub-core/net/net.c b/grub-core/net/net.c +index 4be228d95..fa3e29126 100644 +--- a/grub-core/net/net.c ++++ b/grub-core/net/net.c +@@ -1853,14 +1853,25 @@ grub_net_search_configfile (char *config) + { + /* By the Client UUID. */ + +- char client_uuid_var[sizeof ("net_") + grub_strlen (inf->name) + +- sizeof ("_clientuuid") + 1]; +- grub_snprintf (client_uuid_var, sizeof (client_uuid_var), ++ char *client_uuid_var; ++ grub_size_t client_uuid_var_size; ++ ++ client_uuid_var_size = grub_snprintf (NULL, 0, ++ "net_%s_clientuuid", inf->name); ++ if (client_uuid_var_size <= 0) ++ continue; ++ client_uuid_var_size += 1; ++ client_uuid_var = grub_malloc(client_uuid_var_size); ++ if (!client_uuid_var) ++ continue; ++ grub_snprintf (client_uuid_var, client_uuid_var_size, + "net_%s_clientuuid", inf->name); + + const char *client_uuid; + client_uuid = grub_env_get (client_uuid_var); + ++ grub_free(client_uuid_var); ++ + if (client_uuid) + { + grub_strcpy (suffix, client_uuid); diff --git a/SOURCES/0101-don-t-ignore-const.patch b/SOURCES/0101-don-t-ignore-const.patch new file mode 100644 index 0000000..e6282ce --- /dev/null +++ b/SOURCES/0101-don-t-ignore-const.patch @@ -0,0 +1,22 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Mon, 26 Jun 2017 12:43:22 -0400 +Subject: [PATCH] don't ignore const + +--- + grub-core/net/tftp.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/grub-core/net/tftp.c b/grub-core/net/tftp.c +index dcd824943..f90071353 100644 +--- a/grub-core/net/tftp.c ++++ b/grub-core/net/tftp.c +@@ -307,7 +307,7 @@ static void + grub_normalize_filename (char *normalized, const char *filename) + { + char *dest = normalized; +- char *src = filename; ++ const char *src = filename; + + while (*src != '\0') + { diff --git a/SOURCES/0102-don-t-use-int-for-efi-status.patch b/SOURCES/0102-don-t-use-int-for-efi-status.patch new file mode 100644 index 0000000..b3dc9c8 --- /dev/null +++ b/SOURCES/0102-don-t-use-int-for-efi-status.patch @@ -0,0 +1,22 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Mon, 26 Jun 2017 12:44:59 -0400 +Subject: [PATCH] don't use int for efi status + +--- + grub-core/kern/efi/efi.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c +index 562d6887e..bcae7f469 100644 +--- a/grub-core/kern/efi/efi.c ++++ b/grub-core/kern/efi/efi.c +@@ -166,7 +166,7 @@ grub_reboot (void) + void + grub_exit (int retval) + { +- int rc = GRUB_EFI_LOAD_ERROR; ++ grub_efi_status_t rc = GRUB_EFI_LOAD_ERROR; + + if (retval == 0) + rc = GRUB_EFI_SUCCESS; diff --git a/SOURCES/0103-make-GRUB_MOD_INIT-declare-its-function-prototypes.patch b/SOURCES/0103-make-GRUB_MOD_INIT-declare-its-function-prototypes.patch new file mode 100644 index 0000000..0418480 --- /dev/null +++ b/SOURCES/0103-make-GRUB_MOD_INIT-declare-its-function-prototypes.patch @@ -0,0 +1,29 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Mon, 26 Jun 2017 12:46:23 -0400 +Subject: [PATCH] make GRUB_MOD_INIT() declare its function prototypes. + +--- + include/grub/dl.h | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/include/grub/dl.h b/include/grub/dl.h +index 2bca56ce0..b1ed3c333 100644 +--- a/include/grub/dl.h ++++ b/include/grub/dl.h +@@ -54,6 +54,7 @@ grub_mod_fini (void) + + #define GRUB_MOD_INIT(name) \ + static void grub_mod_init (grub_dl_t mod __attribute__ ((unused))) __attribute__ ((used)); \ ++extern void grub_##name##_init (void); \ + void \ + grub_##name##_init (void) { grub_mod_init (0); } \ + static void \ +@@ -61,6 +62,7 @@ grub_mod_init (grub_dl_t mod __attribute__ ((unused))) + + #define GRUB_MOD_FINI(name) \ + static void grub_mod_fini (void) __attribute__ ((used)); \ ++extern void grub_##name##_fini (void); \ + void \ + grub_##name##_fini (void) { grub_mod_fini (); } \ + static void \ diff --git a/SOURCES/0104-editenv-handle-relative-symlinks.patch b/SOURCES/0104-editenv-handle-relative-symlinks.patch new file mode 100644 index 0000000..8b26324 --- /dev/null +++ b/SOURCES/0104-editenv-handle-relative-symlinks.patch @@ -0,0 +1,50 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Jonathan Lebon +Date: Mon, 14 Aug 2017 14:37:20 -0400 +Subject: [PATCH] editenv: handle relative symlinks + +Handle symlinks with targets relative to the containing dir. This +ensures that the rename operation does not depend on the cwd. + +Resolves: rhbz#1479960 + +Signed-off-by: Jonathan Lebon +--- + util/editenv.c | 16 ++++++++++++++-- + 1 file changed, 14 insertions(+), 2 deletions(-) + +diff --git a/util/editenv.c b/util/editenv.c +index d8d1dad6a..41bc7cb1c 100644 +--- a/util/editenv.c ++++ b/util/editenv.c +@@ -28,6 +28,7 @@ + + #include + #include ++#include + + #define DEFAULT_ENVBLK_SIZE 1024 + +@@ -87,9 +88,20 @@ grub_util_create_envblk_file (const char *name) + continue; + } + +- free (rename_target); + linkbuf[retsize] = '\0'; +- rename_target = linkbuf; ++ if (linkbuf[0] == '/') ++ { ++ free (rename_target); ++ rename_target = linkbuf; ++ } ++ else ++ { ++ char *dbuf = xstrdup (rename_target); ++ const char *dir = dirname (dbuf); ++ free (rename_target); ++ rename_target = xasprintf("%s/%s", dir, linkbuf); ++ free (dbuf); ++ } + } + + int rc = grub_util_rename (namenew, rename_target); diff --git a/SOURCES/0105-Make-libgrub.pp-depend-on-config-util.h.patch b/SOURCES/0105-Make-libgrub.pp-depend-on-config-util.h.patch new file mode 100644 index 0000000..9b9199f --- /dev/null +++ b/SOURCES/0105-Make-libgrub.pp-depend-on-config-util.h.patch @@ -0,0 +1,45 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Wed, 23 Aug 2017 10:37:27 -0400 +Subject: [PATCH] Make libgrub.pp depend on config-util.h + +If you build with "make -j48" a lot, sometimes you see: + +gcc -E -DHAVE_CONFIG_H -I. -I.. -Wall -W -DGRUB_UTIL=1 -D_FILE_OFFSET_BITS=64 -I./include -DGRUB_FILE=\"grub_script.tab.h\" -I. -I.. -I. -I.. -I../include -I./include -I../grub-core/lib/libgcrypt-grub/src/ -I../grub-core/lib/minilzo -I../grub-core/lib/xzembed -DMINILZO_HAVE_CONFIG_H -Wall -W -DGRUB_UTIL=1 -D_FILE_OFFSET_BITS=64 -I./include -DGRUB_FILE=\"grub_script.tab.h\" -I. -I.. -I. -I.. -I../include -I./include -I../grub-core/lib/libgcrypt-grub/src/ -I./grub-core/gnulib -I../grub-core/gnulib -I/builddir/build/BUILD/grub-2.02/grub-aarch64-efi-2.02 -D_FILE_OFFSET_BITS=64 \ + -D'GRUB_MOD_INIT(x)=@MARKER@x@' grub_script.tab.h grub_script.yy.h ../grub-core/commands/blocklist.c ../grub-core/commands/macbless.c ../grub-core/commands/xnu_uuid.c ../grub-core/commands/testload.c ../grub-core/commands/ls.c ../grub-core/disk/dmraid_nvidia.c ../grub-core/disk/loopback.c ../grub-core/disk/lvm.c ../grub-core/disk/mdraid_linux.c ../grub-core/disk/mdraid_linux_be.c ../grub-core/disk/mdraid1x_linux.c ../grub-core/disk/raid5_recover.c ../grub-core/disk/raid6_recover.c ../grub-core/font/font.c ../grub-core/gfxmenu/font.c ../grub-core/normal/charset.c ../grub-core/video/fb/fbblit.c ../grub-core/video/fb/fbutil.c ../grub-core/video/fb/fbfill.c ../grub-core/video/fb/video_fb.c ../grub-core/video/video.c ../grub-core/video/capture.c ../grub-core/video/colors.c ../grub-core/unidata.c ../grub-core/io/bufio.c ../grub-core/fs/affs.c ../grub-core/fs/afs.c ../grub-core/fs/bfs.c ../grub-core/fs/btrfs.c ../grub-core/fs/cbfs.c ../grub-core/fs/cpio.c ../grub-core/fs/cpio_be.c ../grub-core/fs/odc.c ../grub-core/fs/newc.c ../grub-core/fs/ext2.c ../grub-core/fs/fat.c ../grub-core/fs/exfat.c ../grub-core/fs/fshelp.c ../grub-core/fs/hfs.c ../grub-core/fs/hfsplus.c ../grub-core/fs/hfspluscomp.c ../grub-core/fs/iso9660.c ../grub-core/fs/jfs.c ../grub-core/fs/minix.c ../grub-core/fs/minix2.c ../grub-core/fs/minix3.c ../grub-core/fs/minix_be.c ../grub-core/fs/minix2_be.c ../grub-core/fs/minix3_be.c ../grub-core/fs/nilfs2.c ../grub-core/fs/ntfs.c ../grub-core/fs/ntfscomp.c ../grub-core/fs/reiserfs.c ../grub-core/fs/romfs.c ../grub-core/fs/sfs.c ../grub-core/fs/squash4.c ../grub-core/fs/tar.c ../grub-core/fs/udf.c ../grub-core/fs/ufs2.c ../grub-core/fs/ufs.c ../grub-core/fs/ufs_be.c ../grub-core/fs/xfs.c ../grub-core/fs/zfs/zfscrypt.c ../grub-core/fs/zfs/zfs.c ../grub-core/fs/zfs/zfsinfo.c ../grub-core/fs/zfs/zfs_lzjb.c ../grub-core/fs/zfs/zfs_lz4.c ../grub-core/fs/zfs/zfs_sha256.c ../grub-core/fs/zfs/zfs_fletcher.c ../grub-core/lib/envblk.c ../grub-core/lib/hexdump.c ../grub-core/lib/LzFind.c ../grub-core/lib/LzmaEnc.c ../grub-core/lib/crc.c ../grub-core/lib/adler32.c ../grub-core/lib/crc64.c ../grub-core/normal/datetime.c ../grub-core/normal/misc.c ../grub-core/partmap/acorn.c ../grub-core/partmap/amiga.c ../grub-core/partmap/apple.c ../grub-core/partmap/sun.c ../grub-core/partmap/plan.c ../grub-core/partmap/dvh.c ../grub-core/partmap/sunpc.c ../grub-core/partmap/bsdlabel.c ../grub-core/partmap/dfly.c ../grub-core/script/function.c ../grub-core/script/lexer.c ../grub-core/script/main.c ../grub-core/script/script.c ../grub-core/script/argv.c ../grub-core/io/gzio.c ../grub-core/io/xzio.c ../grub-core/io/lzopio.c ../grub-core/kern/ia64/dl_helper.c ../grub-core/kern/arm/dl_helper.c ../grub-core/kern/arm64/dl_helper.c ../grub-core/lib/minilzo/minilzo.c ../grub-core/lib/xzembed/xz_dec_bcj.c ../grub-core/lib/xzembed/xz_dec_lzma2.c ../grub-core/lib/xzembed/xz_dec_stream.c ../util/misc.c ../grub-core/kern/command.c ../grub-core/kern/device.c ../grub-core/kern/disk.c ../grub-core/lib/disk.c ../util/getroot.c ../grub-core/osdep/unix/getroot.c ../grub-core/osdep/getroot.c ../grub-core/osdep/devmapper/getroot.c ../grub-core/osdep/relpath.c ../grub-core/kern/emu/hostdisk.c ../grub-core/osdep/devmapper/hostdisk.c ../grub-core/osdep/hostdisk.c ../grub-core/osdep/unix/hostdisk.c ../grub-core/osdep/exec.c ../grub-core/osdep/sleep.c ../grub-core/osdep/password.c ../grub-core/kern/emu/misc.c ../grub-core/kern/emu/mm.c ../grub-core/kern/env.c ../grub-core/kern/err.c ../grub-core/kern/file.c ../grub-core/kern/fs.c ../grub-core/kern/list.c ../grub-core/kern/misc.c ../grub-core/kern/partition.c ../grub-core/lib/crypto.c ../grub-core/disk/luks.c ../grub-core/disk/geli.c ../grub-core/disk/cryptodisk.c ../grub-core/disk/AFSplitter.c ../grub-core/lib/pbkdf2.c ../grub-core/commands/extcmd.c ../grub-core/lib/arg.c ../grub-core/disk/ldm.c ../grub-core/disk/diskfilter.c ../grub-core/partmap/gpt.c ../grub-core/partmap/msdos.c ../grub-core/fs/proc.c ../grub-core/fs/archelp.c > libgrub.pp || (rm -f libgrub.pp; exit 1) +rm -f stamp-h1 +touch ../config-util.h.in +cd . && /bin/sh ./config.status config-util.h +config.status: creating config-util.h +In file included from ../include/grub/mm.h:25:0, + from ../include/grub/disk.h:29, + from ../include/grub/file.h:26, + from ../grub-core/fs/btrfs.c:21: +./config.h:38:10: fatal error: ./config-util.h: No such file or directory + #include + ^~~~~~~~~~~~~~~ +compilation terminated. +make: *** [Makefile:13098: libgrub.pp] Error 1 + +This is because libgrub.pp is built with -DGRUB_UTIL=1, which means +it'll try to include config-util.h, but a parallel make is actually +building that file. I think. + +Signed-off-by: Peter Jones +--- + Makefile.am | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/Makefile.am b/Makefile.am +index 7795baeb6..c7b0e6a9c 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -37,7 +37,7 @@ grub_script.yy.c: grub_script.yy.h + CLEANFILES += grub_script.yy.c grub_script.yy.h + + # For libgrub.a +-libgrub.pp: grub_script.tab.h grub_script.yy.h $(libgrubmods_a_SOURCES) $(libgrubkern_a_SOURCES) ++libgrub.pp: config-util.h grub_script.tab.h grub_script.yy.h $(libgrubmods_a_SOURCES) $(libgrubkern_a_SOURCES) + $(CPP) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libgrubmods_a_CPPFLAGS) $(libgrubkern_a_CPPFLAGS) $(CPPFLAGS) \ + -D'GRUB_MOD_INIT(x)=@MARKER@x@' $^ > $@ || (rm -f $@; exit 1) + CLEANFILES += libgrub.pp diff --git a/SOURCES/0106-Don-t-guess-boot-efi-as-HFS-on-ppc-machines-in-grub-.patch b/SOURCES/0106-Don-t-guess-boot-efi-as-HFS-on-ppc-machines-in-grub-.patch new file mode 100644 index 0000000..e105bc0 --- /dev/null +++ b/SOURCES/0106-Don-t-guess-boot-efi-as-HFS-on-ppc-machines-in-grub-.patch @@ -0,0 +1,41 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Thu, 20 Apr 2017 13:29:06 -0400 +Subject: [PATCH] Don't guess /boot/efi/ as HFS+ on ppc machines in + grub-install + +This should never be trying this, and since we've consolidated the +grubenv to always be on /boot/efi/EFI/fedora/, this code causes it to +always make the wrong decision. + +Resolves: rhbz#1484474 + +Signed-off-by: Peter Jones +--- + util/grub-install.c | 12 +----------- + 1 file changed, 1 insertion(+), 11 deletions(-) + +diff --git a/util/grub-install.c b/util/grub-install.c +index a0ad99729..16f137ca8 100644 +--- a/util/grub-install.c ++++ b/util/grub-install.c +@@ -1159,18 +1159,8 @@ main (int argc, char *argv[]) + char *d; + + is_guess = 1; +- d = grub_util_path_concat (2, bootdir, "macppc"); +- if (!grub_util_is_directory (d)) +- { +- free (d); +- d = grub_util_path_concat (2, bootdir, "efi"); +- } + /* Find the Mac HFS(+) System Partition. */ +- if (!grub_util_is_directory (d)) +- { +- free (d); +- d = grub_util_path_concat (2, bootdir, "EFI"); +- } ++ d = grub_util_path_concat (2, bootdir, "macppc"); + if (!grub_util_is_directory (d)) + { + free (d); diff --git a/SOURCES/0107-20_linux_xen-load-xen-or-multiboot-2-modules-as-need.patch b/SOURCES/0107-20_linux_xen-load-xen-or-multiboot-2-modules-as-need.patch new file mode 100644 index 0000000..8d216c8 --- /dev/null +++ b/SOURCES/0107-20_linux_xen-load-xen-or-multiboot-2-modules-as-need.patch @@ -0,0 +1,31 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Thu, 19 Oct 2017 11:29:11 -0400 +Subject: [PATCH] 20_linux_xen: load xen or multiboot{,2} modules as needed. + +Signed-off-by: Peter Jones +--- + util/grub.d/20_linux_xen.in | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/util/grub.d/20_linux_xen.in b/util/grub.d/20_linux_xen.in +index bcdc3ceac..2bc03fd36 100644 +--- a/util/grub.d/20_linux_xen.in ++++ b/util/grub.d/20_linux_xen.in +@@ -136,6 +136,8 @@ linux_entry () + else + xen_rm_opts="no-real-mode edd=off" + fi ++ insmod ${module_loader} ++ insmod ${xen_loader} + ${xen_loader} ${rel_xen_dirname}/${xen_basename} placeholder ${xen_args} \${xen_rm_opts} + echo '$(echo "$lmessage" | grub_quote)' + ${module_loader} ${rel_dirname}/${basename} placeholder root=${linux_root_device_thisversion} ro ${args} +@@ -145,6 +147,7 @@ EOF + message="$(gettext_printf "Loading initial ramdisk ...")" + sed "s/^/$submenu_indentation/" << EOF + echo '$(echo "$message" | grub_quote)' ++ insmod ${module_loader} + ${module_loader} --nounzip ${rel_dirname}/${initrd} + EOF + fi diff --git a/SOURCES/0108-Make-pmtimer-tsc-calibration-not-take-51-seconds-to-.patch b/SOURCES/0108-Make-pmtimer-tsc-calibration-not-take-51-seconds-to-.patch new file mode 100644 index 0000000..0632696 --- /dev/null +++ b/SOURCES/0108-Make-pmtimer-tsc-calibration-not-take-51-seconds-to-.patch @@ -0,0 +1,211 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Tue, 7 Nov 2017 17:12:17 -0500 +Subject: [PATCH] Make pmtimer tsc calibration not take 51 seconds to fail. + +On my laptop running at 2.4GHz, if I run a VM where tsc calibration +using pmtimer will fail presuming a broken pmtimer, it takes ~51 seconds +to do so (as measured with the stopwatch on my phone), with a tsc delta +of 0x1cd1c85300, or around 125 billion cycles. + +If instead of trying to wait for 5-200ms to show up on the pmtimer, we try +to wait for 5-200us, it decides it's broken in ~0x2626aa0 TSCs, aka ~2.4 +million cycles, or more or less instantly. + +Additionally, this reading the pmtimer was returning 0xffffffff anyway, +and that's obviously an invalid return. I've added a check for that and +0 so we don't bother waiting for the test if what we're seeing is dead +pins with no response at all. + +If "debug" is includes "pmtimer", you will see one of the following +three outcomes. If pmtimer gives all 0 or all 1 bits, you will see: + +kern/i386/tsc_pmtimer.c:77: pmtimer: 0xffffff bad_reads: 1 +kern/i386/tsc_pmtimer.c:77: pmtimer: 0xffffff bad_reads: 2 +kern/i386/tsc_pmtimer.c:77: pmtimer: 0xffffff bad_reads: 3 +kern/i386/tsc_pmtimer.c:77: pmtimer: 0xffffff bad_reads: 4 +kern/i386/tsc_pmtimer.c:77: pmtimer: 0xffffff bad_reads: 5 +kern/i386/tsc_pmtimer.c:77: pmtimer: 0xffffff bad_reads: 6 +kern/i386/tsc_pmtimer.c:77: pmtimer: 0xffffff bad_reads: 7 +kern/i386/tsc_pmtimer.c:77: pmtimer: 0xffffff bad_reads: 8 +kern/i386/tsc_pmtimer.c:77: pmtimer: 0xffffff bad_reads: 9 +kern/i386/tsc_pmtimer.c:77: pmtimer: 0xffffff bad_reads: 10 +kern/i386/tsc_pmtimer.c:78: timer is broken; giving up. + +This outcome was tested using qemu+kvm with UEFI (OVMF) firmware and +these options: -machine pc-q35-2.10 -cpu Broadwell-noTSX + +If pmtimer gives any other bit patterns but is not actually marching +forward fast enough to use for clock calibration, you will see: + +kern/i386/tsc_pmtimer.c:121: pmtimer delta is 0x0 (1904 iterations) +kern/i386/tsc_pmtimer.c:124: tsc delta is implausible: 0x2626aa0 + +This outcome was tested using grub compiled with GRUB_PMTIMER_IGNORE_BAD_READS +defined (so as not to trip the bad read test) using qemu+kvm with UEFI +(OVMF) firmware, and these options: -machine pc-q35-2.10 -cpu Broadwell-noTSX + +If pmtimer actually works, you'll see something like: + +kern/i386/tsc_pmtimer.c:121: pmtimer delta is 0x0 (1904 iterations) +kern/i386/tsc_pmtimer.c:124: tsc delta is implausible: 0x2626aa0 + +This outcome was tested using qemu+kvm with UEFI (OVMF) firmware, and +these options: -machine pc-i440fx-2.4 -cpu Broadwell-noTSX + +I've also tested this outcome on a real Intel Xeon E3-1275v3 on an Intel +Server Board S1200V3RPS using the SDV.RP.B8 "Release" build here: +https://firmware.intel.com/sites/default/files/UEFIDevKit_S1200RP_vB8.zip + +Signed-off-by: Peter Jones +--- + grub-core/kern/i386/tsc_pmtimer.c | 109 +++++++++++++++++++++++++++++++------- + 1 file changed, 89 insertions(+), 20 deletions(-) + +diff --git a/grub-core/kern/i386/tsc_pmtimer.c b/grub-core/kern/i386/tsc_pmtimer.c +index c9c361699..ca15c3aac 100644 +--- a/grub-core/kern/i386/tsc_pmtimer.c ++++ b/grub-core/kern/i386/tsc_pmtimer.c +@@ -28,40 +28,101 @@ + #include + #include + ++/* ++ * Define GRUB_PMTIMER_IGNORE_BAD_READS if you're trying to test a timer that's ++ * present but doesn't keep time well. ++ */ ++// #define GRUB_PMTIMER_IGNORE_BAD_READS ++ + grub_uint64_t + grub_pmtimer_wait_count_tsc (grub_port_t pmtimer, + grub_uint16_t num_pm_ticks) + { + grub_uint32_t start; +- grub_uint32_t last; +- grub_uint32_t cur, end; ++ grub_uint64_t cur, end; + grub_uint64_t start_tsc; + grub_uint64_t end_tsc; +- int num_iter = 0; ++ unsigned int num_iter = 0; ++#ifndef GRUB_PMTIMER_IGNORE_BAD_READS ++ int bad_reads = 0; ++#endif + +- start = grub_inl (pmtimer) & 0xffffff; +- last = start; ++ /* ++ * Some timers are 24-bit and some are 32-bit, but it doesn't make much ++ * difference to us. Caring which one we have isn't really worth it since ++ * the low-order digits will give us enough data to calibrate TSC. So just ++ * mask the top-order byte off. ++ */ ++ cur = start = grub_inl (pmtimer) & 0xffffffUL; + end = start + num_pm_ticks; + start_tsc = grub_get_tsc (); + while (1) + { +- cur = grub_inl (pmtimer) & 0xffffff; +- if (cur < last) +- cur |= 0x1000000; +- num_iter++; ++ cur &= 0xffffffffff000000ULL; ++ cur |= grub_inl (pmtimer) & 0xffffffUL; ++ ++ end_tsc = grub_get_tsc(); ++ ++#ifndef GRUB_PMTIMER_IGNORE_BAD_READS ++ /* ++ * If we get 10 reads in a row that are obviously dead pins, there's no ++ * reason to do this thousands of times. ++ */ ++ if (cur == 0xffffffUL || cur == 0) ++ { ++ bad_reads++; ++ grub_dprintf ("pmtimer", ++ "pmtimer: 0x%"PRIxGRUB_UINT64_T" bad_reads: %d\n", ++ cur, bad_reads); ++ grub_dprintf ("pmtimer", "timer is broken; giving up.\n"); ++ ++ if (bad_reads == 10) ++ return 0; ++ } ++#endif ++ ++ if (cur < start) ++ cur += 0x1000000; ++ + if (cur >= end) + { +- end_tsc = grub_get_tsc (); ++ grub_dprintf ("pmtimer", "pmtimer delta is 0x%"PRIxGRUB_UINT64_T"\n", ++ cur - start); ++ grub_dprintf ("pmtimer", "tsc delta is 0x%"PRIxGRUB_UINT64_T"\n", ++ end_tsc - start_tsc); + return end_tsc - start_tsc; + } +- /* Check for broken PM timer. +- 50000000 TSCs is between 5 ms (10GHz) and 200 ms (250 MHz) +- if after this time we still don't have 1 ms on pmtimer, then +- pmtimer is broken. ++ ++ /* ++ * Check for broken PM timer. 1ms at 10GHz should be 1E+7 TSCs; at ++ * 250MHz it should be 2.5E6. So if after 4E+7 TSCs on a 10GHz machine, ++ * we should have seen pmtimer show 4ms of change (i.e. cur =~ ++ * start+14320); on a 250MHz machine that should be 16ms (start+57280). ++ * If after this a time we still don't have 1ms on pmtimer, then pmtimer ++ * is broken. ++ * ++ * Likewise, if our code is perfectly efficient and introduces no delays ++ * whatsoever, on a 10GHz system we should see a TSC delta of 3580 in ++ * ~3580 iterations. On a 250MHz machine that should be ~900 iterations. ++ * ++ * With those factors in mind, there are two limits here. There's a hard ++ * limit here at 8x our desired pm timer delta, picked as an arbitrarily ++ * large value that's still not a lot of time to humans, because if we ++ * get that far this is either an implausibly fast machine or the pmtimer ++ * is not running. And there's another limit on 4x our 10GHz tsc delta ++ * without seeing cur converge on our target value. + */ +- if ((num_iter & 0xffffff) == 0 && grub_get_tsc () - start_tsc > 5000000) { +- return 0; +- } ++ if ((++num_iter > (grub_uint32_t)num_pm_ticks << 3UL) || ++ end_tsc - start_tsc > 40000000) ++ { ++ grub_dprintf ("pmtimer", ++ "pmtimer delta is 0x%"PRIxGRUB_UINT64_T" (%u iterations)\n", ++ cur - start, num_iter); ++ grub_dprintf ("pmtimer", ++ "tsc delta is implausible: 0x%"PRIxGRUB_UINT64_T"\n", ++ end_tsc - start_tsc); ++ return 0; ++ } + } + } + +@@ -74,12 +135,20 @@ grub_tsc_calibrate_from_pmtimer (void) + + fadt = grub_acpi_find_fadt (); + if (!fadt) +- return 0; ++ { ++ grub_dprintf ("pmtimer", "No FADT found; not using pmtimer.\n"); ++ return 0; ++ } + pmtimer = fadt->pmtimer; + if (!pmtimer) +- return 0; ++ { ++ grub_dprintf ("pmtimer", "FADT does not specify pmtimer; skipping.\n"); ++ return 0; ++ } + +- /* It's 3.579545 MHz clock. Wait 1 ms. */ ++ /* ++ * It's 3.579545 MHz clock. Wait 1 ms. ++ */ + tsc_diff = grub_pmtimer_wait_count_tsc (pmtimer, 3580); + if (tsc_diff == 0) + return 0; diff --git a/SOURCES/0109-align-struct-efi_variable-better.patch b/SOURCES/0109-align-struct-efi_variable-better.patch new file mode 100644 index 0000000..ef162d3 --- /dev/null +++ b/SOURCES/0109-align-struct-efi_variable-better.patch @@ -0,0 +1,33 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Tue, 27 Feb 2018 13:55:35 -0500 +Subject: [PATCH] align struct efi_variable better... + +--- + include/grub/efiemu/runtime.h | 2 +- + include/grub/types.h | 1 + + 2 files changed, 2 insertions(+), 1 deletion(-) + +diff --git a/include/grub/efiemu/runtime.h b/include/grub/efiemu/runtime.h +index 36d2dedf4..9d93ba88b 100644 +--- a/include/grub/efiemu/runtime.h ++++ b/include/grub/efiemu/runtime.h +@@ -33,5 +33,5 @@ struct efi_variable + grub_uint32_t namelen; + grub_uint32_t size; + grub_efi_uint32_t attributes; +-} GRUB_PACKED; ++} GRUB_PACKED GRUB_ALIGNED(8); + #endif /* ! GRUB_EFI_EMU_RUNTIME_HEADER */ +diff --git a/include/grub/types.h b/include/grub/types.h +index b93e48201..f6a972397 100644 +--- a/include/grub/types.h ++++ b/include/grub/types.h +@@ -29,6 +29,7 @@ + #else + #define GRUB_PACKED __attribute__ ((packed)) + #endif ++#define GRUB_ALIGNED(x) __attribute__((aligned (x))) + + #ifdef GRUB_BUILD + # define GRUB_CPU_SIZEOF_VOID_P BUILD_SIZEOF_VOID_P diff --git a/SOURCES/0110-Add-quicksort-implementation.patch b/SOURCES/0110-Add-quicksort-implementation.patch new file mode 100644 index 0000000..2f29cba --- /dev/null +++ b/SOURCES/0110-Add-quicksort-implementation.patch @@ -0,0 +1,322 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Fri, 9 Dec 2016 15:39:47 -0500 +Subject: [PATCH] Add quicksort implementation + +This will be used to sort the boot menu entries that are read from +the BootLoaderSpec config files. +--- + grub-core/kern/qsort.c | 279 +++++++++++++++++++++++++++++++++++++++++++++++++ + include/grub/misc.h | 15 +++ + 2 files changed, 294 insertions(+) + create mode 100644 grub-core/kern/qsort.c + +diff --git a/grub-core/kern/qsort.c b/grub-core/kern/qsort.c +new file mode 100644 +index 000000000..7f3fc9ffd +--- /dev/null ++++ b/grub-core/kern/qsort.c +@@ -0,0 +1,279 @@ ++/* quicksort ++ * This file from the GNU C Library. ++ * Copyright (C) 1991-2016 Free Software Foundation, Inc. ++ * Written by Douglas C. Schmidt (schmidt@ics.uci.edu). ++ * ++ * GRUB -- GRand Unified Bootloader ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ */ ++ ++/* If you consider tuning this algorithm, you should consult first: ++ Engineering a sort function; Jon Bentley and M. Douglas McIlroy; ++ Software - Practice and Experience; Vol. 23 (11), 1249-1265, 1993. */ ++ ++#include ++#include ++#include ++ ++#define CHAR_BIT 8 ++ ++/* Byte-wise swap two items of size SIZE. */ ++#define SWAP(a, b, size) \ ++ do \ ++ { \ ++ grub_size_t __size = (size); \ ++ char *__a = (a), *__b = (b); \ ++ do \ ++ { \ ++ char __tmp = *__a; \ ++ *__a++ = *__b; \ ++ *__b++ = __tmp; \ ++ } while (--__size > 0); \ ++ } while (0) ++ ++/* Discontinue quicksort algorithm when partition gets below this size. ++ This particular magic number was chosen to work best on a Sun 4/260. */ ++#define MAX_THRESH 4 ++ ++/* Stack node declarations used to store unfulfilled partition obligations. */ ++typedef struct ++ { ++ char *lo; ++ char *hi; ++ } stack_node; ++ ++/* The next 4 #defines implement a very fast in-line stack abstraction. */ ++/* The stack needs log (total_elements) entries (we could even subtract ++ log(MAX_THRESH)). Since total_elements has type grub_size_t, we get as ++ upper bound for log (total_elements): ++ bits per byte (CHAR_BIT) * sizeof(grub_size_t). */ ++#define STACK_SIZE (CHAR_BIT * sizeof(grub_size_t)) ++#define PUSH(low, high) ((void) ((top->lo = (low)), (top->hi = (high)), ++top)) ++#define POP(low, high) ((void) (--top, (low = top->lo), (high = top->hi))) ++#define STACK_NOT_EMPTY (stack < top) ++ ++ ++/* Order size using quicksort. This implementation incorporates ++ four optimizations discussed in Sedgewick: ++ ++ 1. Non-recursive, using an explicit stack of pointer that store the ++ next array partition to sort. To save time, this maximum amount ++ of space required to store an array of SIZE_MAX is allocated on the ++ stack. Assuming a 32-bit (64 bit) integer for grub_size_t, this needs ++ only 32 * sizeof(stack_node) == 256 bytes (for 64 bit: 1024 bytes). ++ Pretty cheap, actually. ++ ++ 2. Chose the pivot element using a median-of-three decision tree. ++ This reduces the probability of selecting a bad pivot value and ++ eliminates certain extraneous comparisons. ++ ++ 3. Only quicksorts TOTAL_ELEMS / MAX_THRESH partitions, leaving ++ insertion sort to order the MAX_THRESH items within each partition. ++ This is a big win, since insertion sort is faster for small, mostly ++ sorted array segments. ++ ++ 4. The larger of the two sub-partitions is always pushed onto the ++ stack first, with the algorithm then concentrating on the ++ smaller partition. This *guarantees* no more than log (total_elems) ++ stack size is needed (actually O(1) in this case)! */ ++ ++void ++grub_qsort (void *const pbase, grub_size_t total_elems, grub_size_t size, ++ grub_compar_d_fn_t cmp, void *arg) ++{ ++ char *base_ptr = (char *) pbase; ++ ++ const grub_size_t max_thresh = MAX_THRESH * size; ++ ++ if (total_elems == 0) ++ /* Avoid lossage with unsigned arithmetic below. */ ++ return; ++ ++ if (total_elems > MAX_THRESH) ++ { ++ char *lo = base_ptr; ++ char *hi = &lo[size * (total_elems - 1)]; ++ stack_node stack[STACK_SIZE]; ++ stack_node *top = stack; ++ ++ PUSH (NULL, NULL); ++ ++ while (STACK_NOT_EMPTY) ++ { ++ char *left_ptr; ++ char *right_ptr; ++ ++ /* Select median value from among LO, MID, and HI. Rearrange ++ LO and HI so the three values are sorted. This lowers the ++ probability of picking a pathological pivot value and ++ skips a comparison for both the LEFT_PTR and RIGHT_PTR in ++ the while loops. */ ++ ++ char *mid = lo + size * ((hi - lo) / size >> 1); ++ ++ if ((*cmp) ((void *) mid, (void *) lo, arg) < 0) ++ SWAP (mid, lo, size); ++ if ((*cmp) ((void *) hi, (void *) mid, arg) < 0) ++ SWAP (mid, hi, size); ++ else ++ goto jump_over; ++ if ((*cmp) ((void *) mid, (void *) lo, arg) < 0) ++ SWAP (mid, lo, size); ++ jump_over:; ++ ++ left_ptr = lo + size; ++ right_ptr = hi - size; ++ ++ /* Here's the famous ``collapse the walls'' section of quicksort. ++ Gotta like those tight inner loops! They are the main reason ++ that this algorithm runs much faster than others. */ ++ do ++ { ++ while ((*cmp) ((void *) left_ptr, (void *) mid, arg) < 0) ++ left_ptr += size; ++ ++ while ((*cmp) ((void *) mid, (void *) right_ptr, arg) < 0) ++ right_ptr -= size; ++ ++ if (left_ptr < right_ptr) ++ { ++ SWAP (left_ptr, right_ptr, size); ++ if (mid == left_ptr) ++ mid = right_ptr; ++ else if (mid == right_ptr) ++ mid = left_ptr; ++ left_ptr += size; ++ right_ptr -= size; ++ } ++ else if (left_ptr == right_ptr) ++ { ++ left_ptr += size; ++ right_ptr -= size; ++ break; ++ } ++ } ++ while (left_ptr <= right_ptr); ++ ++ /* Set up pointers for next iteration. First determine whether ++ left and right partitions are below the threshold size. If so, ++ ignore one or both. Otherwise, push the larger partition's ++ bounds on the stack and continue sorting the smaller one. */ ++ ++ if ((grub_size_t) (right_ptr - lo) <= max_thresh) ++ { ++ if ((grub_size_t) (hi - left_ptr) <= max_thresh) ++ /* Ignore both small partitions. */ ++ POP (lo, hi); ++ else ++ /* Ignore small left partition. */ ++ lo = left_ptr; ++ } ++ else if ((grub_size_t) (hi - left_ptr) <= max_thresh) ++ /* Ignore small right partition. */ ++ hi = right_ptr; ++ else if ((right_ptr - lo) > (hi - left_ptr)) ++ { ++ /* Push larger left partition indices. */ ++ PUSH (lo, right_ptr); ++ lo = left_ptr; ++ } ++ else ++ { ++ /* Push larger right partition indices. */ ++ PUSH (left_ptr, hi); ++ hi = right_ptr; ++ } ++ } ++ } ++ ++ /* Once the BASE_PTR array is partially sorted by quicksort the rest ++ is completely sorted using insertion sort, since this is efficient ++ for partitions below MAX_THRESH size. BASE_PTR points to the beginning ++ of the array to sort, and END_PTR points at the very last element in ++ the array (*not* one beyond it!). */ ++ ++#define min(x, y) ((x) < (y) ? (x) : (y)) ++ ++ { ++ char *const end_ptr = &base_ptr[size * (total_elems - 1)]; ++ char *tmp_ptr = base_ptr; ++ char *thresh = min(end_ptr, base_ptr + max_thresh); ++ char *run_ptr; ++ ++ /* Find smallest element in first threshold and place it at the ++ array's beginning. This is the smallest array element, ++ and the operation speeds up insertion sort's inner loop. */ ++ ++ for (run_ptr = tmp_ptr + size; run_ptr <= thresh; run_ptr += size) ++ if ((*cmp) ((void *) run_ptr, (void *) tmp_ptr, arg) < 0) ++ tmp_ptr = run_ptr; ++ ++ if (tmp_ptr != base_ptr) ++ SWAP (tmp_ptr, base_ptr, size); ++ ++ /* Insertion sort, running from left-hand-side up to right-hand-side. */ ++ ++ run_ptr = base_ptr + size; ++ while ((run_ptr += size) <= end_ptr) ++ { ++ tmp_ptr = run_ptr - size; ++ while ((*cmp) ((void *) run_ptr, (void *) tmp_ptr, arg) < 0) ++ tmp_ptr -= size; ++ ++ tmp_ptr += size; ++ if (tmp_ptr != run_ptr) ++ { ++ char *trav; ++ ++ trav = run_ptr + size; ++ while (--trav >= run_ptr) ++ { ++ char c = *trav; ++ char *hi, *lo; ++ ++ for (hi = lo = trav; (lo -= size) >= tmp_ptr; hi = lo) ++ *hi = *lo; ++ *hi = c; ++ } ++ } ++ } ++ } ++} ++ ++void * ++grub_bsearch (const void *key, const void *base, grub_size_t nmemb, grub_size_t size, ++ grub_compar_d_fn_t compar, void *state) ++{ ++ grub_size_t l, u, idx; ++ const void *p; ++ int comparison; ++ ++ l = 0; ++ u = nmemb; ++ while (l < u) ++ { ++ idx = (l + u) / 2; ++ p = (void *) (((const char *) base) + (idx * size)); ++ comparison = (*compar) (key, p, state); ++ if (comparison < 0) ++ u = idx; ++ else if (comparison > 0) ++ l = idx + 1; ++ else ++ return (void *) p; ++ } ++ ++ return NULL; ++} +diff --git a/include/grub/misc.h b/include/grub/misc.h +index fcaf1201e..cbfae75a1 100644 +--- a/include/grub/misc.h ++++ b/include/grub/misc.h +@@ -507,4 +507,19 @@ void EXPORT_FUNC(grub_real_boot_time) (const char *file, + #define grub_max(a, b) (((a) > (b)) ? (a) : (b)) + #define grub_min(a, b) (((a) < (b)) ? (a) : (b)) + ++typedef int (*grub_compar_d_fn_t) (const void *p0, const void *p1, void *state); ++ ++void *EXPORT_FUNC(grub_bsearch) (const void *key, ++ const void *base, ++ grub_size_t nmemb, ++ grub_size_t size, ++ grub_compar_d_fn_t compar, ++ void *state); ++ ++void EXPORT_FUNC(grub_qsort) (void *const pbase, ++ grub_size_t total_elems, ++ grub_size_t size, ++ grub_compar_d_fn_t cmp, ++ void *state); ++ + #endif /* ! GRUB_MISC_HEADER */ diff --git a/SOURCES/0111-Add-blscfg-command-support-to-parse-BootLoaderSpec-c.patch b/SOURCES/0111-Add-blscfg-command-support-to-parse-BootLoaderSpec-c.patch new file mode 100644 index 0000000..7ca78a2 --- /dev/null +++ b/SOURCES/0111-Add-blscfg-command-support-to-parse-BootLoaderSpec-c.patch @@ -0,0 +1,1157 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Fri, 9 Dec 2016 15:40:58 -0500 +Subject: [PATCH] Add blscfg command support to parse BootLoaderSpec config + fragments + +The BootLoaderSpec (BLS) defines a scheme where different bootloaders can +share a format for boot items and a configuration directory that accepts +these common configurations as drop-in files. + +GRUB2 already has a blscfg modle that can parse the config snippets using +the bls_import command, change it to blscfg and improve the BLS support. +--- + grub-core/Makefile.core.def | 4 +- + grub-core/commands/blscfg.c | 796 ++++++++++++++++++++++++++++++++++++++++--- + grub-core/commands/loadenv.c | 77 +---- + grub-core/commands/loadenv.h | 93 +++++ + include/grub/compiler.h | 2 + + 5 files changed, 840 insertions(+), 132 deletions(-) + create mode 100644 grub-core/commands/loadenv.h + +diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def +index 27563743b..96ccb4021 100644 +--- a/grub-core/Makefile.core.def ++++ b/grub-core/Makefile.core.def +@@ -129,6 +129,7 @@ kernel = { + common = kern/rescue_parser.c; + common = kern/rescue_reader.c; + common = kern/term.c; ++ common = kern/qsort.c; + + noemu = kern/compiler-rt.c; + noemu = kern/mm.c; +@@ -774,8 +775,7 @@ module = { + module = { + name = blscfg; + common = commands/blscfg.c; +- enable = i386_efi; +- enable = x86_64_efi; ++ enable = efi; + enable = i386_pc; + }; + +diff --git a/grub-core/commands/blscfg.c b/grub-core/commands/blscfg.c +index 4274aca5a..86796c8cd 100644 +--- a/grub-core/commands/blscfg.c ++++ b/grub-core/commands/blscfg.c +@@ -30,32 +30,405 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + ++#include "loadenv.h" ++ ++#define GRUB_BLS_CONFIG_PATH "/loader/entries/" ++#define GRUB_BOOT_DEVICE "($root)" + #ifdef GRUB_MACHINE_EFI + #define GRUB_LINUX_CMD "linuxefi" + #define GRUB_INITRD_CMD "initrdefi" +-#define GRUB_BLS_CONFIG_PATH "/EFI/fedora/loader/entries/" +-#define GRUB_BOOT_DEVICE "($boot)" + #else + #define GRUB_LINUX_CMD "linux" + #define GRUB_INITRD_CMD "initrd" +-#define GRUB_BLS_CONFIG_PATH "/loader/entries/" +-#define GRUB_BOOT_DEVICE "($root)" + #endif + +-static int parse_entry ( ++#define grub_free(x) ({grub_dprintf("blscfg", "%s freeing %p\n", __func__, x); grub_free(x); }) ++ ++struct keyval ++{ ++ const char *key; ++ char *val; ++}; ++ ++struct bls_entry ++{ ++ struct keyval **keyvals; ++ int nkeyvals; ++}; ++ ++static struct bls_entry **entries; ++static int nentries; ++ ++static struct bls_entry *bls_new_entry(void) ++{ ++ struct bls_entry **new_entries; ++ struct bls_entry *entry; ++ int new_n = nentries + 1; ++ ++ new_entries = grub_realloc (entries, new_n * sizeof (struct bls_entry *)); ++ if (!new_entries) ++ { ++ grub_error (GRUB_ERR_OUT_OF_MEMORY, ++ "couldn't find space for BLS entry list"); ++ return NULL; ++ } ++ ++ entries = new_entries; ++ ++ entry = grub_malloc (sizeof (*entry)); ++ if (!entry) ++ { ++ grub_error (GRUB_ERR_OUT_OF_MEMORY, ++ "couldn't find space for BLS entry list"); ++ return NULL; ++ } ++ ++ grub_memset (entry, 0, sizeof (*entry)); ++ entries[nentries] = entry; ++ ++ nentries = new_n; ++ ++ return entry; ++} ++ ++static int bls_add_keyval(struct bls_entry *entry, char *key, char *val) ++{ ++ char *k, *v; ++ struct keyval **kvs, *kv; ++ int new_n = entry->nkeyvals + 1; ++ ++ kvs = grub_realloc (entry->keyvals, new_n * sizeof (struct keyval *)); ++ if (!kvs) ++ return grub_error (GRUB_ERR_OUT_OF_MEMORY, ++ "couldn't find space for BLS entry"); ++ entry->keyvals = kvs; ++ ++ kv = grub_malloc (sizeof (struct keyval)); ++ if (!kv) ++ return grub_error (GRUB_ERR_OUT_OF_MEMORY, ++ "couldn't find space for BLS entry"); ++ ++ k = grub_strdup (key); ++ if (!k) ++ { ++ grub_free (kv); ++ return grub_error (GRUB_ERR_OUT_OF_MEMORY, ++ "couldn't find space for BLS entry"); ++ } ++ ++ v = grub_strdup (val); ++ if (!v) ++ { ++ grub_free (k); ++ grub_free (kv); ++ return grub_error (GRUB_ERR_OUT_OF_MEMORY, ++ "couldn't find space for BLS entry"); ++ } ++ ++ kv->key = k; ++ kv->val = v; ++ ++ entry->keyvals[entry->nkeyvals] = kv; ++ grub_dprintf("blscfg", "new keyval at %p:%p:%p\n", entry->keyvals[entry->nkeyvals], k, v); ++ entry->nkeyvals = new_n; ++ ++ return 0; ++} ++ ++static void bls_free_entry(struct bls_entry *entry) ++{ ++ int i; ++ ++ grub_dprintf("blscfg", "%s got here\n", __func__); ++ for (i = 0; i < entry->nkeyvals; i++) ++ { ++ struct keyval *kv = entry->keyvals[i]; ++ grub_free ((void *)kv->key); ++ grub_free (kv->val); ++ grub_free (kv); ++ } ++ ++ grub_free (entry->keyvals); ++ grub_memset (entry, 0, sizeof (*entry)); ++ grub_free (entry); ++} ++ ++static int keyval_cmp (const void *p0, const void *p1, ++ void *state UNUSED) ++{ ++ const struct keyval *kv0 = *(struct keyval * const *)p0; ++ const struct keyval *kv1 = *(struct keyval * const *)p1; ++ int rc; ++ ++ rc = grub_strcmp(kv0->key, kv1->key); ++ ++ return rc; ++} ++ ++/* Find they value of the key named by keyname. If there are allowed to be ++ * more than one, pass a pointer to an int set to -1 the first time, and pass ++ * the same pointer through each time after, and it'll return them in sorted ++ * order. */ ++static char *bls_get_val(struct bls_entry *entry, const char *keyname, int *last) ++{ ++ char *foo = (char *)""; ++ struct keyval *kv = NULL, **kvp, key = {keyname, foo}, *keyp = &key; ++ ++ /* if we've already found an entry that matches, just iterate */ ++ if (last && *last >= 0) ++ { ++ int next = ++last[0]; ++ ++ if (next == entry->nkeyvals) ++ { ++done: ++ *last = -1; ++ return NULL; ++ } ++ ++ kv = entry->keyvals[next]; ++ if (grub_strcmp (keyname, kv->key)) ++ goto done; ++ ++ return kv->val; ++ } ++ ++ kvp = grub_bsearch(&keyp, &entry->keyvals[0], entry->nkeyvals, ++ sizeof (struct keyval *), keyval_cmp, NULL); ++ if (kvp) ++ kv = *kvp; ++ ++ if (kv) ++ { ++ /* if we've got uninitialized but present state, track back until we find ++ * the first match */ ++ if (last) ++ { ++ grub_dprintf("blscfg", "%s trying to find another entry because last was set\n", __func__); ++ /* figure out the position of this entry in the array */ ++ int idx; ++ for (idx = 0 ; idx < entry->nkeyvals; idx++) ++ if (entry->keyvals[idx] == kv) ++ break; ++ *last = idx; ++ ++ while (idx > 0) ++ { ++ struct keyval *kvtmp = entry->keyvals[idx-1]; ++ if (idx == 0 || grub_strcmp (keyname, kvtmp->key)) ++ { ++ /* if we're at the start, or if the previous entry doesn't ++ * match, then we're done */ ++ *last = idx; ++ break; ++ } ++ else ++ /* but if it does match, keep going backwards */ ++ idx--; ++ } ++ } ++ ++ return kv->val; ++ } ++ return NULL; ++} ++ ++#define goto_return(x) ({ ret = (x); goto finish; }) ++ ++/* compare alpha and numeric segments of two versions */ ++/* return 1: a is newer than b */ ++/* 0: a and b are the same version */ ++/* -1: b is newer than a */ ++static int vercmp(const char * a, const char * b) ++{ ++ char oldch1, oldch2; ++ char *abuf, *bbuf; ++ char *str1, *str2; ++ char * one, * two; ++ int rc; ++ int isnum; ++ int ret = 0; ++ ++ grub_dprintf("blscfg", "%s got here\n", __func__); ++ if (!grub_strcmp(a, b)) ++ return 0; ++ ++ abuf = grub_malloc(grub_strlen(a) + 1); ++ bbuf = grub_malloc(grub_strlen(b) + 1); ++ str1 = abuf; ++ str2 = bbuf; ++ grub_strcpy(str1, a); ++ grub_strcpy(str2, b); ++ ++ one = str1; ++ two = str2; ++ ++ /* loop through each version segment of str1 and str2 and compare them */ ++ while (*one || *two) { ++ while (*one && !grub_isalnum(*one) && *one != '~') one++; ++ while (*two && !grub_isalnum(*two) && *two != '~') two++; ++ ++ /* handle the tilde separator, it sorts before everything else */ ++ if (*one == '~' || *two == '~') { ++ if (*one != '~') goto_return (1); ++ if (*two != '~') goto_return (-1); ++ one++; ++ two++; ++ continue; ++ } ++ ++ /* If we ran to the end of either, we are finished with the loop */ ++ if (!(*one && *two)) break; ++ ++ str1 = one; ++ str2 = two; ++ ++ /* grab first completely alpha or completely numeric segment */ ++ /* leave one and two pointing to the start of the alpha or numeric */ ++ /* segment and walk str1 and str2 to end of segment */ ++ if (grub_isdigit(*str1)) { ++ while (*str1 && grub_isdigit(*str1)) str1++; ++ while (*str2 && grub_isdigit(*str2)) str2++; ++ isnum = 1; ++ } else { ++ while (*str1 && grub_isalpha(*str1)) str1++; ++ while (*str2 && grub_isalpha(*str2)) str2++; ++ isnum = 0; ++ } ++ ++ /* save character at the end of the alpha or numeric segment */ ++ /* so that they can be restored after the comparison */ ++ oldch1 = *str1; ++ *str1 = '\0'; ++ oldch2 = *str2; ++ *str2 = '\0'; ++ ++ /* this cannot happen, as we previously tested to make sure that */ ++ /* the first string has a non-null segment */ ++ if (one == str1) goto_return(-1); /* arbitrary */ ++ ++ /* take care of the case where the two version segments are */ ++ /* different types: one numeric, the other alpha (i.e. empty) */ ++ /* numeric segments are always newer than alpha segments */ ++ /* XXX See patch #60884 (and details) from bugzilla #50977. */ ++ if (two == str2) goto_return (isnum ? 1 : -1); ++ ++ if (isnum) { ++ grub_size_t onelen, twolen; ++ /* this used to be done by converting the digit segments */ ++ /* to ints using atoi() - it's changed because long */ ++ /* digit segments can overflow an int - this should fix that. */ ++ ++ /* throw away any leading zeros - it's a number, right? */ ++ while (*one == '0') one++; ++ while (*two == '0') two++; ++ ++ /* whichever number has more digits wins */ ++ onelen = grub_strlen(one); ++ twolen = grub_strlen(two); ++ if (onelen > twolen) goto_return (1); ++ if (twolen > onelen) goto_return (-1); ++ } ++ ++ /* grub_strcmp will return which one is greater - even if the two */ ++ /* segments are alpha or if they are numeric. don't return */ ++ /* if they are equal because there might be more segments to */ ++ /* compare */ ++ rc = grub_strcmp(one, two); ++ if (rc) goto_return (rc < 1 ? -1 : 1); ++ ++ /* restore character that was replaced by null above */ ++ *str1 = oldch1; ++ one = str1; ++ *str2 = oldch2; ++ two = str2; ++ } ++ ++ /* this catches the case where all numeric and alpha segments have */ ++ /* compared identically but the segment sepparating characters were */ ++ /* different */ ++ if ((!*one) && (!*two)) goto_return (0); ++ ++ /* whichever version still has characters left over wins */ ++ if (!*one) goto_return (-1); else goto_return (1); ++ ++finish: ++ grub_free (abuf); ++ grub_free (bbuf); ++ return ret; ++} ++ ++typedef int (*void_cmp_t)(void *, void *); ++ ++static int nulcmp(char *s0, char *s1, void_cmp_t cmp) ++{ ++ grub_dprintf("blscfg", "%s got here\n", __func__); ++ if (s1 && !s0) ++ return 1; ++ if (s0 && !s1) ++ return -1; ++ if (!s0 && !s1) ++ return 0; ++ if (cmp) ++ return cmp(s0, s1); ++ return grub_strcmp(s0, s1); ++} ++ ++static int ++bls_keyval_cmp(struct bls_entry *e0, struct bls_entry *e1, const char *keyname) ++{ ++ char *val0, *val1; ++ ++ val0 = bls_get_val (e0, keyname, NULL); ++ val1 = bls_get_val (e1, keyname, NULL); ++ ++ if (val1 && !val0) ++ return 1; ++ ++ if (val0 && !val1) ++ return -1; ++ ++ if (!val0 && !val1) ++ return 0; ++ ++ return nulcmp(val0, val1, (void_cmp_t)vercmp); ++} ++ ++static int bls_cmp(const void *p0, const void *p1, void *state UNUSED) ++{ ++ struct bls_entry * e0 = *(struct bls_entry **)p0; ++ struct bls_entry * e1 = *(struct bls_entry **)p1; ++ int rc = 0; ++ ++ rc = bls_keyval_cmp (e0, e1, "id"); ++ ++ if (rc == 0) ++ rc = bls_keyval_cmp (e0, e1, "title"); ++ ++ if (rc == 0) ++ rc = bls_keyval_cmp (e0, e1, "linux"); ++ ++ return rc; ++} ++ ++static int read_entry ( + const char *filename, +- const struct grub_dirhook_info *info __attribute__ ((unused)), +- void *data __attribute__ ((unused))) ++ const struct grub_dirhook_info *info UNUSED, ++ void *data) + { + grub_size_t n; + char *p; + grub_file_t f = NULL; + grub_off_t sz; +- char *title = NULL, *options = NULL, *clinux = NULL, *initrd = NULL, *src = NULL; +- const char *args[2] = { NULL, NULL }; ++ struct bls_entry *entry; ++ const char *dirname= (const char *)data; ++ const char *devid = grub_env_get ("boot"); ++ ++ grub_dprintf ("blscfg", "filename: \"%s\"\n", filename); + + if (filename[0] == '.') + return 0; +@@ -67,7 +440,7 @@ static int parse_entry ( + if (grub_strcmp (filename + n - 5, ".conf") != 0) + return 0; + +- p = grub_xasprintf (GRUB_BLS_CONFIG_PATH "%s", filename); ++ p = grub_xasprintf ("(%s)%s/%s", devid, dirname, filename); + + f = grub_file_open (p); + if (!f) +@@ -77,54 +450,169 @@ static int parse_entry ( + if (sz == GRUB_FILE_SIZE_UNKNOWN || sz > 1024*1024) + goto finish; + ++ entry = bls_new_entry(); ++ if (!entry) ++ goto finish; ++ + for (;;) + { + char *buf; ++ char *separator; ++ int rc; + + buf = grub_file_getline (f); + if (!buf) + break; + +- if (grub_strncmp (buf, "title ", 6) == 0) +- { +- grub_free (title); +- title = grub_strdup (buf + 6); +- if (!title) +- goto finish; +- } +- else if (grub_strncmp (buf, "options ", 8) == 0) +- { +- grub_free (options); +- options = grub_strdup (buf + 8); +- if (!options) +- goto finish; +- } +- else if (grub_strncmp (buf, "linux ", 6) == 0) +- { +- grub_free (clinux); +- clinux = grub_strdup (buf + 6); +- if (!clinux) +- goto finish; +- } +- else if (grub_strncmp (buf, "initrd ", 7) == 0) ++ while (buf && buf[0] && (buf[0] == ' ' || buf[0] == '\t')) ++ buf++; ++ if (buf[0] == '#') ++ continue; ++ ++ separator = grub_strchr (buf, ' '); ++ ++ if (!separator) ++ separator = grub_strchr (buf, '\t'); ++ ++ if (!separator || separator[1] == '\0') + { +- grub_free (initrd); +- initrd = grub_strdup (buf + 7); +- if (!initrd) +- goto finish; ++ grub_free (buf); ++ break; + } + +- grub_free(buf); ++ separator[0] = '\0'; ++ ++ rc = bls_add_keyval (entry, buf, separator+1); ++ grub_free (buf); ++ if (rc < 0) ++ break; ++ } ++ ++ grub_qsort(&entry->keyvals[0], entry->nkeyvals, sizeof (struct keyval *), ++ keyval_cmp, NULL); ++ ++finish: ++ grub_free (p); ++ ++ if (f) ++ grub_file_close (f); ++ ++ return 0; ++} ++ ++static grub_envblk_t saved_env = NULL; ++ ++static int ++save_var (const char *name, const char *value, void *whitelist UNUSED) ++{ ++ const char *val = grub_env_get (name); ++ grub_dprintf("blscfg", "saving \"%s\"\n", name); ++ ++ if (val) ++ grub_envblk_set (saved_env, name, value); ++ ++ return 0; ++} ++ ++static int ++unset_var (const char *name, const char *value UNUSED, void *whitelist) ++{ ++ grub_dprintf("blscfg", "restoring \"%s\"\n", name); ++ if (! whitelist) ++ { ++ grub_env_unset (name); ++ return 0; + } + +- if (!linux) ++ if (test_whitelist_membership (name, ++ (const grub_env_whitelist_t *) whitelist)) ++ grub_env_unset (name); ++ ++ return 0; ++} ++ ++static char **bls_make_list (struct bls_entry *entry, const char *key, int *num) ++{ ++ int last = -1; ++ char *val; ++ ++ int nlist = 0; ++ char **list = NULL; ++ ++ list = grub_malloc (sizeof (char *)); ++ if (!list) ++ return NULL; ++ list[0] = NULL; ++ ++ while (1) ++ { ++ char **new; ++ ++ val = bls_get_val (entry, key, &last); ++ if (!val) ++ break; ++ ++ new = grub_realloc (list, (nlist + 2) * sizeof (char *)); ++ if (!new) ++ break; ++ ++ list = new; ++ list[nlist++] = val; ++ list[nlist] = NULL; ++ } ++ ++ if (num) ++ *num = nlist; ++ ++ return list; ++} ++ ++static void create_entry (struct bls_entry *entry, const char *cfgfile) ++{ ++ int argc = 0; ++ const char **argv = NULL; ++ ++ char *title = NULL; ++ char *clinux = NULL; ++ char *options = NULL; ++ char *initrd = NULL; ++ char *id = NULL; ++ char *hotkey = NULL; ++ ++ char *users = NULL; ++ char **classes = NULL; ++ ++ char **args = NULL; ++ ++ char *src = NULL; ++ int i; ++ ++ grub_dprintf("blscfg", "%s got here\n", __func__); ++ clinux = bls_get_val (entry, "linux", NULL); ++ if (!clinux) + { +- grub_printf ("Skipping file %s with no 'linux' key.", p); ++ grub_dprintf ("blscfg", "Skipping file %s with no 'linux' key.\n", cfgfile); + goto finish; + } + +- args[0] = title ? title : filename; ++ title = bls_get_val (entry, "title", NULL); ++ options = bls_get_val (entry, "options", NULL); ++ initrd = bls_get_val (entry, "initrd", NULL); ++ id = bls_get_val (entry, "id", NULL); + ++ hotkey = bls_get_val (entry, "grub_hotkey", NULL); ++ users = bls_get_val (entry, "grub_users", NULL); ++ classes = bls_make_list (entry, "grub_class", NULL); ++ args = bls_make_list (entry, "grub_arg", &argc); ++ ++ argc += 1; ++ argv = grub_malloc ((argc + 1) * sizeof (char *)); ++ argv[0] = title ? title : clinux; ++ for (i = 1; i < argc; i++) ++ argv[i] = args[i-1]; ++ argv[argc] = NULL; ++ ++ grub_dprintf("blscfg", "adding menu entry for \"%s\"\n", title); + src = grub_xasprintf ("load_video\n" + "set gfx_payload=keep\n" + "insmod gzio\n" +@@ -133,40 +621,219 @@ static int parse_entry ( + GRUB_BOOT_DEVICE, clinux, options ? " " : "", options ? options : "", + initrd ? GRUB_INITRD_CMD " " : "", initrd ? GRUB_BOOT_DEVICE : "", initrd ? initrd : "", initrd ? "\n" : ""); + +- grub_normal_add_menu_entry (1, args, NULL, NULL, "bls", NULL, NULL, src, 0); ++ grub_normal_add_menu_entry (argc, argv, classes, id, users, hotkey, NULL, src, 0); + + finish: +- grub_free (p); +- grub_free (title); +- grub_free (options); +- grub_free (clinux); +- grub_free (initrd); +- grub_free (src); ++ if (classes) ++ grub_free (classes); ++ grub_dprintf("blscfg", "%s got here\n", __func__); ++ if (args) ++ grub_free (args); ++ ++ if (argv) ++ grub_free (argv); ++ ++ if (src) ++ grub_free (src); ++ grub_dprintf("blscfg", "%s got here\n", __func__); ++} ++ ++struct find_entry_info { ++ grub_device_t dev; ++ grub_fs_t fs; ++ int efi; ++}; ++ ++/* ++ * filename: if the directory is /EFI/something/ , filename is "something" ++ * info: unused ++ * data: the filesystem object the file is on. ++ */ ++static int find_entry (const char *filename, ++ const struct grub_dirhook_info *dirhook_info UNUSED, ++ void *data) ++{ ++ struct find_entry_info *info = (struct find_entry_info *)data; ++ grub_file_t f = NULL; ++ char *grubenv_path = NULL; ++ grub_envblk_t env = NULL; ++ char *default_blsdir = NULL; ++ const char *blsdir = NULL; ++ char *saved_env_buf = NULL; ++ int r = 0; ++ const char *devid = grub_env_get ("boot"); ++ ++ grub_dprintf("blscfg", "%s got here\n", __func__); ++ if (!grub_strcmp (filename, ".") || ++ !grub_strcmp (filename, "..")) ++ return 0; ++ ++ if (info->efi && !grub_strcasecmp (filename, "boot")) ++ return 0; ++ ++ saved_env_buf = grub_malloc (512); ++ ++ // set a default blsdir ++ if (info->efi) ++ default_blsdir = grub_xasprintf ("/EFI/%s%s", filename, ++ GRUB_BLS_CONFIG_PATH); ++ else ++ default_blsdir = grub_xasprintf ("%s", GRUB_BLS_CONFIG_PATH); ++ ++ grub_env_set ("blsdir", default_blsdir); ++ grub_dprintf ("blscfg", "default_blsdir: \"%s\"\n", default_blsdir); ++ ++ /* ++ * try to load a grubenv from /EFI/wherever/grubenv ++ */ ++ if (info->efi) ++ grubenv_path = grub_xasprintf ("(%s)/EFI/%s/grubenv", devid, filename); ++ else ++ grubenv_path = grub_xasprintf ("(%s)/grub2/grubenv", devid); ++ ++ grub_dprintf ("blscfg", "looking for \"%s\"\n", grubenv_path); ++ f = grub_file_open (grubenv_path); ++ ++ grub_dprintf ("blscfg", "%s it\n", f ? "found" : "did not find"); ++ grub_free (grubenv_path); ++ if (f) ++ { ++ grub_off_t sz; ++ ++ grub_dprintf ("blscfg", "getting size\n"); ++ sz = grub_file_size (f); ++ if (sz == GRUB_FILE_SIZE_UNKNOWN || sz > 1024*1024) ++ goto finish; ++ ++ grub_dprintf ("blscfg", "reading env\n"); ++ env = read_envblk_file (f); ++ if (!env) ++ goto finish; ++ grub_dprintf ("blscfg", "read env file\n"); ++ ++ grub_memset (saved_env_buf, '#', 512); ++ grub_memcpy (saved_env_buf, GRUB_ENVBLK_SIGNATURE, ++ sizeof (GRUB_ENVBLK_SIGNATURE)); ++ grub_dprintf ("blscfg", "saving env\n"); ++ saved_env = grub_envblk_open (saved_env_buf, 512); ++ if (!saved_env) ++ goto finish; ++ ++ // save everything listed in "env" with values from our existing grub env ++ grub_envblk_iterate (env, NULL, save_var); ++ // set everything from our loaded grubenv into the real grub env ++ grub_envblk_iterate (env, NULL, set_var); ++ } ++ else ++ { ++ grub_err_t e; ++ grub_dprintf ("blscfg", "no such file\n"); ++ do ++ { ++ e = grub_error_pop(); ++ } while (e); ++ ++ } ++ ++ blsdir = grub_env_get ("blsdir"); ++ if (!blsdir) ++ goto finish; ++ ++ grub_dprintf ("blscfg", "blsdir: \"%s\"\n", blsdir); ++ if (blsdir[0] != '/' && info->efi) ++ blsdir = grub_xasprintf ("/EFI/%s/%s/", filename, blsdir); ++ else ++ blsdir = grub_strdup (blsdir); ++ ++ if (!blsdir) ++ goto finish; ++ ++ grub_dprintf ("blscfg", "blsdir: \"%s\"\n", blsdir); ++ r = info->fs->dir (info->dev, blsdir, read_entry, (char *)blsdir); ++ if (r != 0) { ++ grub_dprintf ("blscfg", "read_entry returned error\n"); ++ grub_err_t e; ++ do ++ { ++ e = grub_error_pop(); ++ } while (e); ++ } ++ ++ grub_dprintf ("blscfg", "Sorting %d entries\n", nentries); ++ grub_qsort(&entries[0], nentries, sizeof (struct bls_entry *), bls_cmp, NULL); ++ ++ grub_dprintf ("blscfg", "%s Creating %d entries from bls\n", __func__, nentries); ++ for (r = nentries - 1; r >= 0; r--) ++ create_entry(entries[r], filename); ++ ++ for (r = 0; r < nentries; r++) ++ bls_free_entry (entries[r]); ++finish: ++ nentries = 0; ++ ++ grub_free (entries); ++ entries = NULL; ++ ++ grub_free ((char *)blsdir); ++ ++ grub_env_unset ("blsdir"); ++ ++ if (saved_env) ++ { ++ // remove everything from the real environment that's defined in env ++ grub_envblk_iterate (env, NULL, unset_var); ++ ++ // re-set the things from our original environment ++ grub_envblk_iterate (saved_env, NULL, set_var); ++ grub_envblk_close (saved_env); ++ saved_env = NULL; ++ } ++ else if (saved_env_buf) ++ { ++ // if we have a saved environment, grub_envblk_close() freed this. ++ grub_free (saved_env_buf); ++ } ++ ++ if (env) ++ grub_envblk_close (env); + + if (f) + grub_file_close (f); + ++ grub_free (default_blsdir); ++ + return 0; + } + + static grub_err_t +-grub_cmd_bls_import (grub_extcmd_context_t ctxt __attribute__ ((unused)), +- int argc __attribute__ ((unused)), +- char **args __attribute__ ((unused))) ++grub_cmd_blscfg (grub_extcmd_context_t ctxt UNUSED, ++ int argc UNUSED, ++ char **args UNUSED) + { + grub_fs_t fs; + grub_device_t dev; + static grub_err_t r; + const char *devid; ++ struct find_entry_info info = ++ { ++ .dev = NULL, ++ .fs = NULL, ++ .efi = 0, ++ }; + +- devid = grub_env_get ("root"); ++ ++ grub_dprintf ("blscfg", "finding boot\n"); ++ devid = grub_env_get ("boot"); + if (!devid) +- return grub_error (GRUB_ERR_FILE_NOT_FOUND, N_("variable `%s' isn't set"), "root"); ++ return grub_error (GRUB_ERR_FILE_NOT_FOUND, ++ N_("variable `%s' isn't set"), "boot"); + ++ grub_dprintf ("blscfg", "opening %s\n", devid); + dev = grub_device_open (devid); + if (!dev) + return grub_errno; + ++ grub_dprintf ("blscfg", "probing fs\n"); + fs = grub_fs_probe (dev); + if (!fs) + { +@@ -174,7 +841,17 @@ grub_cmd_bls_import (grub_extcmd_context_t ctxt __attribute__ ((unused)), + goto finish; + } + +- r = fs->dir (dev, GRUB_BLS_CONFIG_PATH, parse_entry, NULL); ++ info.dev = dev; ++ info.fs = fs; ++#ifdef GRUB_MACHINE_EFI ++ info.efi = 1; ++ grub_dprintf ("blscfg", "scanning /EFI/\n"); ++ r = fs->dir (dev, "/EFI/", find_entry, &info); ++#else ++ info.efi = 0; ++ grub_dprintf ("blscfg", "scanning %s\n", GRUB_BLS_CONFIG_PATH); ++ r = fs->dir (dev, "/", find_entry, &info); ++#endif + + finish: + if (dev) +@@ -184,18 +861,27 @@ finish: + } + + static grub_extcmd_t cmd; ++static grub_extcmd_t oldcmd; + + GRUB_MOD_INIT(bls) + { +- cmd = grub_register_extcmd ("bls_import", +- grub_cmd_bls_import, ++ grub_dprintf("blscfg", "%s got here\n", __func__); ++ cmd = grub_register_extcmd ("blscfg", ++ grub_cmd_blscfg, + 0, + NULL, + N_("Import Boot Loader Specification snippets."), + NULL); ++ oldcmd = grub_register_extcmd ("bls_import", ++ grub_cmd_blscfg, ++ 0, ++ NULL, ++ N_("Import Boot Loader Specification snippets."), ++ NULL); + } + + GRUB_MOD_FINI(bls) + { + grub_unregister_extcmd (cmd); ++ grub_unregister_extcmd (oldcmd); + } +diff --git a/grub-core/commands/loadenv.c b/grub-core/commands/loadenv.c +index acd93d123..91c994560 100644 +--- a/grub-core/commands/loadenv.c ++++ b/grub-core/commands/loadenv.c +@@ -28,6 +28,8 @@ + #include + #include + ++#include "loadenv.h" ++ + GRUB_MOD_LICENSE ("GPLv3+"); + + static const struct grub_arg_option options[] = +@@ -84,81 +86,6 @@ open_envblk_file (char *filename, int untrusted) + return file; + } + +-static grub_envblk_t +-read_envblk_file (grub_file_t file) +-{ +- grub_off_t offset = 0; +- char *buf; +- grub_size_t size = grub_file_size (file); +- grub_envblk_t envblk; +- +- buf = grub_malloc (size); +- if (! buf) +- return 0; +- +- while (size > 0) +- { +- grub_ssize_t ret; +- +- ret = grub_file_read (file, buf + offset, size); +- if (ret <= 0) +- { +- grub_free (buf); +- return 0; +- } +- +- size -= ret; +- offset += ret; +- } +- +- envblk = grub_envblk_open (buf, offset); +- if (! envblk) +- { +- grub_free (buf); +- grub_error (GRUB_ERR_BAD_FILE_TYPE, "invalid environment block"); +- return 0; +- } +- +- return envblk; +-} +- +-struct grub_env_whitelist +-{ +- grub_size_t len; +- char **list; +-}; +-typedef struct grub_env_whitelist grub_env_whitelist_t; +- +-static int +-test_whitelist_membership (const char* name, +- const grub_env_whitelist_t* whitelist) +-{ +- grub_size_t i; +- +- for (i = 0; i < whitelist->len; i++) +- if (grub_strcmp (name, whitelist->list[i]) == 0) +- return 1; /* found it */ +- +- return 0; /* not found */ +-} +- +-/* Helper for grub_cmd_load_env. */ +-static int +-set_var (const char *name, const char *value, void *whitelist) +-{ +- if (! whitelist) +- { +- grub_env_set (name, value); +- return 0; +- } +- +- if (test_whitelist_membership (name, +- (const grub_env_whitelist_t *) whitelist)) +- grub_env_set (name, value); +- +- return 0; +-} +- + static grub_err_t + grub_cmd_load_env (grub_extcmd_context_t ctxt, int argc, char **args) + { +diff --git a/grub-core/commands/loadenv.h b/grub-core/commands/loadenv.h +new file mode 100644 +index 000000000..952f46121 +--- /dev/null ++++ b/grub-core/commands/loadenv.h +@@ -0,0 +1,93 @@ ++/* loadenv.c - command to load/save environment variable. */ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2008,2009,2010 Free Software Foundation, Inc. ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ */ ++ ++static grub_envblk_t UNUSED ++read_envblk_file (grub_file_t file) ++{ ++ grub_off_t offset = 0; ++ char *buf; ++ grub_size_t size = grub_file_size (file); ++ grub_envblk_t envblk; ++ ++ buf = grub_malloc (size); ++ if (! buf) ++ return 0; ++ ++ while (size > 0) ++ { ++ grub_ssize_t ret; ++ ++ ret = grub_file_read (file, buf + offset, size); ++ if (ret <= 0) ++ { ++ grub_free (buf); ++ return 0; ++ } ++ ++ size -= ret; ++ offset += ret; ++ } ++ ++ envblk = grub_envblk_open (buf, offset); ++ if (! envblk) ++ { ++ grub_free (buf); ++ grub_error (GRUB_ERR_BAD_FILE_TYPE, "invalid environment block"); ++ return 0; ++ } ++ ++ return envblk; ++} ++ ++struct grub_env_whitelist ++{ ++ grub_size_t len; ++ char **list; ++}; ++typedef struct grub_env_whitelist grub_env_whitelist_t; ++ ++static int UNUSED ++test_whitelist_membership (const char* name, ++ const grub_env_whitelist_t* whitelist) ++{ ++ grub_size_t i; ++ ++ for (i = 0; i < whitelist->len; i++) ++ if (grub_strcmp (name, whitelist->list[i]) == 0) ++ return 1; /* found it */ ++ ++ return 0; /* not found */ ++} ++ ++/* Helper for grub_cmd_load_env. */ ++static int UNUSED ++set_var (const char *name, const char *value, void *whitelist) ++{ ++ if (! whitelist) ++ { ++ grub_env_set (name, value); ++ return 0; ++ } ++ ++ if (test_whitelist_membership (name, ++ (const grub_env_whitelist_t *) whitelist)) ++ grub_env_set (name, value); ++ ++ return 0; ++} +diff --git a/include/grub/compiler.h b/include/grub/compiler.h +index c9e1d7a73..9859ff4cc 100644 +--- a/include/grub/compiler.h ++++ b/include/grub/compiler.h +@@ -48,4 +48,6 @@ + # define WARN_UNUSED_RESULT + #endif + ++#define UNUSED __attribute__((__unused__)) ++ + #endif /* ! GRUB_COMPILER_HEADER */ diff --git a/SOURCES/0112-Add-BLS-support-to-grub-mkconfig.patch b/SOURCES/0112-Add-BLS-support-to-grub-mkconfig.patch new file mode 100644 index 0000000..e2ac862 --- /dev/null +++ b/SOURCES/0112-Add-BLS-support-to-grub-mkconfig.patch @@ -0,0 +1,167 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Fri, 9 Dec 2016 15:40:29 -0500 +Subject: [PATCH] Add BLS support to grub-mkconfig + +GRUB now has BootLoaderSpec support, the user can choose to use this by +setting GRUB_ENABLE_BLSCFG to true in /etc/default/grub. On this setup, +the boot menu entries are not added to the grub.cfg, instead BLS config +files are parsed by blscfg command and the entries created dynamically. +--- + util/grub-mkconfig.in | 3 ++- + util/grub-mkconfig_lib.in | 29 +++++++++++++++++++---------- + util/grub.d/10_linux.in | 37 +++++++++++++++++++++++++++++++++++-- + 3 files changed, 56 insertions(+), 13 deletions(-) + +diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in +index 4248b9341..c20171919 100644 +--- a/util/grub-mkconfig.in ++++ b/util/grub-mkconfig.in +@@ -259,7 +259,8 @@ export GRUB_DEFAULT \ + GRUB_OS_PROBER_SKIP_LIST \ + GRUB_DISABLE_SUBMENU \ + GRUB_DEFAULT_DTB \ +- SUSE_BTRFS_SNAPSHOT_BOOTING ++ SUSE_BTRFS_SNAPSHOT_BOOTING \ ++ GRUB_ENABLE_BLSCFG + + if test "x${grub_cfg}" != "x"; then + rm -f "${grub_cfg}.new" +diff --git a/util/grub-mkconfig_lib.in b/util/grub-mkconfig_lib.in +index b3aae534d..1acc1d01c 100644 +--- a/util/grub-mkconfig_lib.in ++++ b/util/grub-mkconfig_lib.in +@@ -30,6 +30,9 @@ fi + if test "x$grub_file" = x; then + grub_file="${bindir}/@grub_file@" + fi ++if test "x$grub_editenv" = x; then ++ grub_editenv="${bindir}/@grub_editenv@" ++fi + if test "x$grub_mkrelpath" = x; then + grub_mkrelpath="${bindir}/@grub_mkrelpath@" + fi +@@ -127,10 +130,16 @@ EOF + + prepare_grub_to_access_device () + { ++ local device=$1 && shift ++ if [ "$#" -gt 0 ]; then ++ local variable=$1 && shift ++ else ++ local variable=root ++ fi + old_ifs="$IFS" + IFS=' + ' +- partmap="`"${grub_probe}" --device $@ --target=partmap`" ++ partmap="`"${grub_probe}" --device ${device} --target=partmap`" + for module in ${partmap} ; do + case "${module}" in + netbsd | openbsd) +@@ -141,34 +150,34 @@ prepare_grub_to_access_device () + done + + # Abstraction modules aren't auto-loaded. +- abstraction="`"${grub_probe}" --device $@ --target=abstraction`" ++ abstraction="`"${grub_probe}" --device ${device} --target=abstraction`" + for module in ${abstraction} ; do + echo "insmod ${module}" + done + +- fs="`"${grub_probe}" --device $@ --target=fs`" ++ fs="`"${grub_probe}" --device ${device} --target=fs`" + for module in ${fs} ; do + echo "insmod ${module}" + done + + if [ x$GRUB_ENABLE_CRYPTODISK = xy ]; then +- for uuid in `"${grub_probe}" --device $@ --target=cryptodisk_uuid`; do ++ for uuid in `"${grub_probe}" --device ${device} --target=cryptodisk_uuid`; do + echo "cryptomount -u $uuid" + done + fi + + # If there's a filesystem UUID that GRUB is capable of identifying, use it; + # otherwise set root as per value in device.map. +- fs_hint="`"${grub_probe}" --device $@ --target=compatibility_hint`" ++ fs_hint="`"${grub_probe}" --device ${device} --target=compatibility_hint`" + if [ "x$fs_hint" != x ]; then +- echo "set root='$fs_hint'" ++ echo "set ${variable}='$fs_hint'" + fi +- if [ "x$GRUB_DISABLE_UUID" != "xtrue" ] && fs_uuid="`"${grub_probe}" --device $@ --target=fs_uuid 2> /dev/null`" ; then +- hints="`"${grub_probe}" --device $@ --target=hints_string 2> /dev/null`" || hints= ++ if [ "x$GRUB_DISABLE_UUID" != "xtrue" ] && fs_uuid="`"${grub_probe}" --device ${device} --target=fs_uuid 2> /dev/null`" ; then ++ hints="`"${grub_probe}" --device ${device} --target=hints_string 2> /dev/null`" || hints= + echo "if [ x\$feature_platform_search_hint = xy ]; then" +- echo " search --no-floppy --fs-uuid --set=root ${hints} ${fs_uuid}" ++ echo " search --no-floppy --fs-uuid --set=${variable} ${hints} ${fs_uuid}" + echo "else" +- echo " search --no-floppy --fs-uuid --set=root ${fs_uuid}" ++ echo " search --no-floppy --fs-uuid --set=${variable} ${fs_uuid}" + echo "fi" + fi + IFS="$old_ifs" +diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in +index d9a05937e..839f1fdb6 100644 +--- a/util/grub.d/10_linux.in ++++ b/util/grub.d/10_linux.in +@@ -121,6 +121,34 @@ linux_entry () + if [ -z "$boot_device_id" ]; then + boot_device_id="$(grub_get_device_id "${GRUB_DEVICE}")" + fi ++ ++ if [ "x${GRUB_ENABLE_BLSCFG}" = "xtrue" ]; then ++ if [ x$dirname = x/ ]; then ++ if [ -z "${prepare_root_cache}" ]; then ++ prepare_grub_to_access_device ${GRUB_DEVICE} ++ fi ++ else ++ if [ -z "${prepare_boot_cache}" ]; then ++ prepare_grub_to_access_device ${GRUB_DEVICE_BOOT} ++ fi ++ fi ++ ++ bootefi_device="`${grub_probe} --target=device /boot/efi/`" ++ prepare_grub_to_access_device ${bootefi_device} boot ++ ++ cat << EOF ++insmod blscfg ++blscfg ++if [ -s \$prefix/grubenv ]; then ++ load_env ++fi ++EOF ++ ++ ${grub_editenv} - set kernelopts="root=${linux_root_device_thisversion} ro ${args}" ++ ++ exit 0 ++ fi ++ + if [ x$type != xsimple ] ; then + title=$(mktitle "$type" "$version") + if [ x"$title" = x"$GRUB_ACTUAL_DEFAULT" ] || [ x"Previous Linux versions>$title" = x"$GRUB_ACTUAL_DEFAULT" ]; then +@@ -223,7 +251,10 @@ submenu_indentation="" + is_top_level=true + while [ "x$list" != "x" ] ; do + linux=`version_find_latest $list` +- gettext_printf "Found linux image: %s\n" "$linux" >&2 ++ if [ "x${GRUB_ENABLE_BLSCFG}" != "xtrue" ]; then ++ gettext_printf "Found linux image: %s\n" "$linux" >&2 ++ fi ++ + basename=`basename $linux` + dirname=`dirname $linux` + rel_dirname=`make_system_path_relative_to_its_root $dirname` +@@ -262,7 +293,9 @@ while [ "x$list" != "x" ] ; do + for i in ${initrd}; do + initrd_display="${initrd_display} ${dirname}/${i}" + done +- gettext_printf "Found initrd image: %s\n" "$(echo $initrd_display)" >&2 ++ if [ "x${GRUB_ENABLE_BLSCFG}" != "xtrue" ]; then ++ gettext_printf "Found initrd image: %s\n" "$(echo $initrd_display)" >&2 ++ fi + fi + + fdt= diff --git a/SOURCES/0113-Remove-duplicated-grub_exit-definition-for-grub-emu-.patch b/SOURCES/0113-Remove-duplicated-grub_exit-definition-for-grub-emu-.patch new file mode 100644 index 0000000..23d659b --- /dev/null +++ b/SOURCES/0113-Remove-duplicated-grub_exit-definition-for-grub-emu-.patch @@ -0,0 +1,33 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Tue, 6 Feb 2018 11:02:09 +0100 +Subject: [PATCH] Remove duplicated grub_exit() definition for grub-emu + platform + +The grub_exit() function signature was changed on all platforms to take a +return code, but latter on a following commit the grub_exit() for the emu +platform was duplicated. It causes a build error so remove the duplicated +function definition. + +Signed-off-by: Javier Martinez Canillas +--- + grub-core/kern/emu/main.c | 6 ------ + 1 file changed, 6 deletions(-) + +diff --git a/grub-core/kern/emu/main.c b/grub-core/kern/emu/main.c +index 7e47ec812..55ea5a11c 100644 +--- a/grub-core/kern/emu/main.c ++++ b/grub-core/kern/emu/main.c +@@ -72,12 +72,6 @@ grub_exit (int retval __attribute__((unused))) + grub_reboot (); + } + +-void +-grub_exit (int retval __attribute__((unused))) +-{ +- grub_reboot (); +-} +- + void + grub_machine_init (void) + { diff --git a/SOURCES/0114-Don-t-attempt-to-backtrace-on-grub_abort-for-grub-em.patch b/SOURCES/0114-Don-t-attempt-to-backtrace-on-grub_abort-for-grub-em.patch new file mode 100644 index 0000000..1688995 --- /dev/null +++ b/SOURCES/0114-Don-t-attempt-to-backtrace-on-grub_abort-for-grub-em.patch @@ -0,0 +1,26 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Tue, 6 Feb 2018 11:16:28 +0100 +Subject: [PATCH] Don't attempt to backtrace on grub_abort() for grub-emu + +The emu platform doesn't have a grub_backtrace() implementation, so this +causes a build error. Don't attempt to call this when building grub-emu. + +Signed-off-by: Javier Martinez Canillas +--- + grub-core/kern/misc.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/grub-core/kern/misc.c b/grub-core/kern/misc.c +index 04371ac49..636f97e1b 100644 +--- a/grub-core/kern/misc.c ++++ b/grub-core/kern/misc.c +@@ -1103,7 +1103,7 @@ static void __attribute__ ((noreturn)) + grub_abort (void) + { + #ifndef GRUB_UTIL +-#if defined(__i386__) || defined(__x86_64__) ++#if (defined(__i386__) || defined(__x86_64__)) && !defined(GRUB_MACHINE_EMU) + grub_backtrace(); + #endif + #endif diff --git a/SOURCES/0115-Enable-blscfg-command-for-the-emu-platform.patch b/SOURCES/0115-Enable-blscfg-command-for-the-emu-platform.patch new file mode 100644 index 0000000..1a8190a --- /dev/null +++ b/SOURCES/0115-Enable-blscfg-command-for-the-emu-platform.patch @@ -0,0 +1,164 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Fri, 2 Feb 2018 11:36:29 +0100 +Subject: [PATCH] Enable blscfg command for the emu platform + +Allow grub-emu to call a blscfg command. This may be useful for platforms +that don't support GRUB, so grub-emu can be used to parse the BLS configs +and kexec a new kernel using that information. + +Signed-off-by: Javier Martinez Canillas +--- + grub-core/Makefile.core.def | 1 + + grub-core/commands/blscfg.c | 46 +++++++++++++++++++++++++++++++++++---------- + 2 files changed, 37 insertions(+), 10 deletions(-) + +diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def +index 96ccb4021..e52d77688 100644 +--- a/grub-core/Makefile.core.def ++++ b/grub-core/Makefile.core.def +@@ -777,6 +777,7 @@ module = { + common = commands/blscfg.c; + enable = efi; + enable = i386_pc; ++ enable = emu; + }; + + module = { +diff --git a/grub-core/commands/blscfg.c b/grub-core/commands/blscfg.c +index 86796c8cd..e0b65534a 100644 +--- a/grub-core/commands/blscfg.c ++++ b/grub-core/commands/blscfg.c +@@ -37,7 +37,12 @@ GRUB_MOD_LICENSE ("GPLv3+"); + #include "loadenv.h" + + #define GRUB_BLS_CONFIG_PATH "/loader/entries/" ++#ifdef GRUB_MACHINE_EMU ++#define GRUB_BOOT_DEVICE "/boot" ++#else + #define GRUB_BOOT_DEVICE "($root)" ++#endif ++ + #ifdef GRUB_MACHINE_EFI + #define GRUB_LINUX_CMD "linuxefi" + #define GRUB_INITRD_CMD "initrdefi" +@@ -46,6 +51,13 @@ GRUB_MOD_LICENSE ("GPLv3+"); + #define GRUB_INITRD_CMD "initrd" + #endif + ++enum ++ { ++ PLATFORM_EFI, ++ PLATFORM_EMU, ++ PLATFORM_BIOS, ++ }; ++ + #define grub_free(x) ({grub_dprintf("blscfg", "%s freeing %p\n", __func__, x); grub_free(x); }) + + struct keyval +@@ -641,7 +653,7 @@ finish: + struct find_entry_info { + grub_device_t dev; + grub_fs_t fs; +- int efi; ++ int platform; + }; + + /* +@@ -668,13 +680,16 @@ static int find_entry (const char *filename, + !grub_strcmp (filename, "..")) + return 0; + +- if (info->efi && !grub_strcasecmp (filename, "boot")) ++ if (info->platform == PLATFORM_EFI && !grub_strcasecmp (filename, "boot")) + return 0; + + saved_env_buf = grub_malloc (512); + + // set a default blsdir +- if (info->efi) ++ if (info->platform == PLATFORM_EMU) ++ default_blsdir = grub_xasprintf ("%s%s", GRUB_BOOT_DEVICE, ++ GRUB_BLS_CONFIG_PATH); ++ else if (info->platform == PLATFORM_EFI) + default_blsdir = grub_xasprintf ("/EFI/%s%s", filename, + GRUB_BLS_CONFIG_PATH); + else +@@ -686,7 +701,7 @@ static int find_entry (const char *filename, + /* + * try to load a grubenv from /EFI/wherever/grubenv + */ +- if (info->efi) ++ if (info->platform == PLATFORM_EFI) + grubenv_path = grub_xasprintf ("(%s)/EFI/%s/grubenv", devid, filename); + else + grubenv_path = grub_xasprintf ("(%s)/grub2/grubenv", devid); +@@ -740,7 +755,7 @@ static int find_entry (const char *filename, + goto finish; + + grub_dprintf ("blscfg", "blsdir: \"%s\"\n", blsdir); +- if (blsdir[0] != '/' && info->efi) ++ if (blsdir[0] != '/' && info->platform == PLATFORM_EFI) + blsdir = grub_xasprintf ("/EFI/%s/%s/", filename, blsdir); + else + blsdir = grub_strdup (blsdir); +@@ -818,15 +833,21 @@ grub_cmd_blscfg (grub_extcmd_context_t ctxt UNUSED, + { + .dev = NULL, + .fs = NULL, +- .efi = 0, ++ .platform = PLATFORM_BIOS, + }; + + + grub_dprintf ("blscfg", "finding boot\n"); ++ ++#ifdef GRUB_MACHINE_EMU ++ devid = "host"; ++ grub_env_set ("boot", devid); ++#else + devid = grub_env_get ("boot"); + if (!devid) + return grub_error (GRUB_ERR_FILE_NOT_FOUND, + N_("variable `%s' isn't set"), "boot"); ++#endif + + grub_dprintf ("blscfg", "opening %s\n", devid); + dev = grub_device_open (devid); +@@ -844,11 +865,16 @@ grub_cmd_blscfg (grub_extcmd_context_t ctxt UNUSED, + info.dev = dev; + info.fs = fs; + #ifdef GRUB_MACHINE_EFI +- info.efi = 1; ++ info.platform = PLATFORM_EFI; + grub_dprintf ("blscfg", "scanning /EFI/\n"); + r = fs->dir (dev, "/EFI/", find_entry, &info); ++#elif GRUB_MACHINE_EMU ++ info.platform = PLATFORM_EMU; ++ grub_dprintf ("blscfg", "scanning %s%s\n", GRUB_BOOT_DEVICE, ++ GRUB_BLS_CONFIG_PATH); ++ r = fs->dir (dev, "/boot/loader/", ++ find_entry, &info); + #else +- info.efi = 0; + grub_dprintf ("blscfg", "scanning %s\n", GRUB_BLS_CONFIG_PATH); + r = fs->dir (dev, "/", find_entry, &info); + #endif +@@ -863,7 +889,7 @@ finish: + static grub_extcmd_t cmd; + static grub_extcmd_t oldcmd; + +-GRUB_MOD_INIT(bls) ++GRUB_MOD_INIT(blscfg) + { + grub_dprintf("blscfg", "%s got here\n", __func__); + cmd = grub_register_extcmd ("blscfg", +@@ -880,7 +906,7 @@ GRUB_MOD_INIT(bls) + NULL); + } + +-GRUB_MOD_FINI(bls) ++GRUB_MOD_FINI(blscfg) + { + grub_unregister_extcmd (cmd); + grub_unregister_extcmd (oldcmd); diff --git a/SOURCES/0116-Add-linux-and-initrd-commands-for-grub-emu.patch b/SOURCES/0116-Add-linux-and-initrd-commands-for-grub-emu.patch new file mode 100644 index 0000000..0c09933 --- /dev/null +++ b/SOURCES/0116-Add-linux-and-initrd-commands-for-grub-emu.patch @@ -0,0 +1,347 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Michael Chang +Date: Tue, 6 Feb 2018 09:09:00 +0100 +Subject: [PATCH] Add linux and initrd commands for grub-emu + +When using grub-emu, the linux and initrd commands are used as arguments +to the kexec command line tool, to allow booting the selected menu entry. +--- + grub-core/Makefile.core.def | 1 - + grub-core/kern/emu/main.c | 4 + + grub-core/kern/emu/misc.c | 18 ++++- + grub-core/loader/emu/linux.c | 172 +++++++++++++++++++++++++++++++++++++++++++ + include/grub/emu/exec.h | 4 +- + include/grub/emu/hostfile.h | 3 +- + include/grub/emu/misc.h | 3 + + grub-core/Makefile.am | 1 + + 8 files changed, 202 insertions(+), 4 deletions(-) + create mode 100644 grub-core/loader/emu/linux.c + +diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def +index e52d77688..067b97a42 100644 +--- a/grub-core/Makefile.core.def ++++ b/grub-core/Makefile.core.def +@@ -1710,7 +1710,6 @@ module = { + + common = loader/linux.c; + common = lib/cmdline.c; +- enable = noemu; + + efi = loader/efi/linux.c; + }; +diff --git a/grub-core/kern/emu/main.c b/grub-core/kern/emu/main.c +index 55ea5a11c..846fe9715 100644 +--- a/grub-core/kern/emu/main.c ++++ b/grub-core/kern/emu/main.c +@@ -107,6 +107,7 @@ static struct argp_option options[] = { + N_("use GRUB files in the directory DIR [default=%s]"), 0}, + {"verbose", 'v', 0, 0, N_("print verbose messages."), 0}, + {"hold", 'H', N_("SECS"), OPTION_ARG_OPTIONAL, N_("wait until a debugger will attach"), 0}, ++ {"kexec", 'X', 0, 0, N_("try the untryable."), 0}, + { 0, 0, 0, 0, 0, 0 } + }; + +@@ -164,6 +165,9 @@ argp_parser (int key, char *arg, struct argp_state *state) + case 'v': + verbosity++; + break; ++ case 'X': ++ grub_util_set_kexecute(); ++ break; + + case ARGP_KEY_ARG: + { +diff --git a/grub-core/kern/emu/misc.c b/grub-core/kern/emu/misc.c +index 82012a72f..3d3a4a4a9 100644 +--- a/grub-core/kern/emu/misc.c ++++ b/grub-core/kern/emu/misc.c +@@ -37,6 +37,7 @@ + #include + + int verbosity; ++int kexecute; + + void + grub_util_warn (const char *fmt, ...) +@@ -80,7 +81,7 @@ grub_util_error (const char *fmt, ...) + vfprintf (stderr, fmt, ap); + va_end (ap); + fprintf (stderr, ".\n"); +- exit (1); ++ grub_exit (1); + } + + void * +@@ -140,6 +141,9 @@ void + __attribute__ ((noreturn)) + grub_exit (int rc) + { ++#if defined (GRUB_KERNEL) ++ grub_reboot(); ++#endif + exit (rc < 0 ? 1 : rc); + } + #endif +@@ -201,3 +205,15 @@ grub_util_load_image (const char *path, char *buf) + + fclose (fp); + } ++ ++void ++grub_util_set_kexecute(void) ++{ ++ kexecute++; ++} ++ ++int ++grub_util_get_kexecute(void) ++{ ++ return kexecute; ++} +diff --git a/grub-core/loader/emu/linux.c b/grub-core/loader/emu/linux.c +new file mode 100644 +index 000000000..fda9e00d2 +--- /dev/null ++++ b/grub-core/loader/emu/linux.c +@@ -0,0 +1,172 @@ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2006,2007,2008,2009,2010 Free Software Foundation, Inc. ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ */ ++ ++#include ++#include ++#include ++#include ++ ++#include ++#include ++#include ++ ++GRUB_MOD_LICENSE ("GPLv3+"); ++ ++static grub_dl_t my_mod; ++ ++static char *kernel_path; ++static char *initrd_path; ++static char *boot_cmdline; ++ ++static grub_err_t ++grub_linux_boot (void) ++{ ++ grub_err_t rc = GRUB_ERR_NONE; ++ char *initrd_param; ++ const char *kexec[] = { "kexec", "-l", kernel_path, boot_cmdline, NULL, NULL }; ++ const char *systemctl[] = { "systemctl", "kexec", NULL }; ++ int kexecute = grub_util_get_kexecute(); ++ ++ if (initrd_path) { ++ initrd_param = grub_xasprintf("--initrd=%s", initrd_path); ++ kexec[3] = initrd_param; ++ kexec[4] = boot_cmdline; ++ } else { ++ initrd_param = grub_xasprintf("%s", ""); ++ } ++ ++ grub_printf("%serforming 'kexec -l %s %s %s'\n", ++ (kexecute) ? "P" : "Not p", ++ kernel_path, initrd_param, boot_cmdline); ++ ++ if (kexecute) ++ rc = grub_util_exec(kexec); ++ ++ grub_free(initrd_param); ++ ++ if (rc != GRUB_ERR_NONE) { ++ grub_error (rc, N_("Error trying to perform kexec load operation.")); ++ grub_sleep (3); ++ return rc; ++ } ++ if (kexecute < 1) ++ grub_fatal (N_("Use '"PACKAGE"-emu --kexec' to force a system restart.")); ++ ++ grub_printf("Performing 'systemctl kexec' (%s) ", ++ (kexecute==1) ? "do-or-die" : "just-in-case"); ++ rc = grub_util_exec (systemctl); ++ ++ if (kexecute == 1) ++ grub_fatal (N_("Error trying to perform 'systemctl kexec'")); ++ ++ /* need to check read-only root before resetting hard!? */ ++ grub_printf("Performing 'kexec -e'"); ++ kexec[1] = "-e"; ++ kexec[2] = NULL; ++ rc = grub_util_exec(kexec); ++ if ( rc != GRUB_ERR_NONE ) ++ grub_fatal (N_("Error trying to directly perform 'kexec -e'.")); ++ ++ return rc; ++} ++ ++static grub_err_t ++grub_linux_unload (void) ++{ ++ grub_dl_unref (my_mod); ++ if ( boot_cmdline != NULL ) ++ grub_free (boot_cmdline); ++ boot_cmdline = NULL; ++ return GRUB_ERR_NONE; ++} ++ ++static grub_err_t ++grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), int argc, char *argv[]) ++{ ++ int i; ++ char *tempstr; ++ ++ grub_dl_ref (my_mod); ++ ++ if (argc == 0) ++ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected")); ++ ++ if ( !grub_util_is_regular(argv[0]) ) ++ return grub_error(GRUB_ERR_FILE_NOT_FOUND, N_("Cannot find kernel file %s"), argv[0]); ++ ++ if ( kernel_path != NULL ) ++ grub_free(kernel_path); ++ ++ kernel_path = grub_xasprintf("%s", argv[0]); ++ ++ if ( boot_cmdline != NULL ) { ++ grub_free(boot_cmdline); ++ boot_cmdline = NULL; ++ } ++ ++ if ( argc > 1 ) ++ { ++ boot_cmdline = grub_xasprintf("--command-line=%s", argv[1]); ++ for ( i = 2; i < argc; i++ ) { ++ tempstr = grub_xasprintf("%s %s", boot_cmdline, argv[i]); ++ grub_free(boot_cmdline); ++ boot_cmdline = tempstr; ++ } ++ } ++ ++ grub_loader_set (grub_linux_boot, grub_linux_unload, 0); ++ ++ return GRUB_ERR_NONE; ++} ++ ++static grub_err_t ++grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), int argc, char *argv[]) ++{ ++ if (argc == 0) ++ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected")); ++ ++ if ( !grub_util_is_regular(argv[0]) ) ++ return grub_error(GRUB_ERR_FILE_NOT_FOUND, N_("Cannot find initrd file %s"), argv[0]); ++ ++ if ( initrd_path != NULL ) ++ grub_free(initrd_path); ++ ++ initrd_path = grub_xasprintf("%s", argv[0]); ++ ++ grub_dl_unref (my_mod); ++ ++ return GRUB_ERR_NONE; ++} ++ ++static grub_command_t cmd_linux, cmd_initrd; ++ ++GRUB_MOD_INIT(linux) ++{ ++ cmd_linux = grub_register_command ("linux", grub_cmd_linux, 0, N_("Load Linux.")); ++ cmd_initrd = grub_register_command ("initrd", grub_cmd_initrd, 0, N_("Load initrd.")); ++ my_mod = mod; ++ kernel_path = NULL; ++ initrd_path = NULL; ++ boot_cmdline = NULL; ++} ++ ++GRUB_MOD_FINI(linux) ++{ ++ grub_unregister_command (cmd_linux); ++ grub_unregister_command (cmd_initrd); ++} +diff --git a/include/grub/emu/exec.h b/include/grub/emu/exec.h +index d1073ef86..1b61b4a2e 100644 +--- a/include/grub/emu/exec.h ++++ b/include/grub/emu/exec.h +@@ -23,6 +23,8 @@ + #include + + #include ++#include ++ + pid_t + grub_util_exec_pipe (const char *const *argv, int *fd); + pid_t +@@ -32,7 +34,7 @@ int + grub_util_exec_redirect_all (const char *const *argv, const char *stdin_file, + const char *stdout_file, const char *stderr_file); + int +-grub_util_exec (const char *const *argv); ++EXPORT_FUNC(grub_util_exec) (const char *const *argv); + int + grub_util_exec_redirect (const char *const *argv, const char *stdin_file, + const char *stdout_file); +diff --git a/include/grub/emu/hostfile.h b/include/grub/emu/hostfile.h +index 8e37d5acb..12c937a1a 100644 +--- a/include/grub/emu/hostfile.h ++++ b/include/grub/emu/hostfile.h +@@ -22,6 +22,7 @@ + #include + #include + #include ++#include + #include + + int +@@ -29,7 +30,7 @@ grub_util_is_directory (const char *path); + int + grub_util_is_special_file (const char *path); + int +-grub_util_is_regular (const char *path); ++EXPORT_FUNC(grub_util_is_regular) (const char *path); + + char * + grub_util_path_concat (size_t n, ...); +diff --git a/include/grub/emu/misc.h b/include/grub/emu/misc.h +index df6085bcb..a653132e3 100644 +--- a/include/grub/emu/misc.h ++++ b/include/grub/emu/misc.h +@@ -60,6 +60,9 @@ void EXPORT_FUNC(grub_util_warn) (const char *fmt, ...) __attribute__ ((format ( + void EXPORT_FUNC(grub_util_info) (const char *fmt, ...) __attribute__ ((format (__printf__, 1, 2))); + void EXPORT_FUNC(grub_util_error) (const char *fmt, ...) __attribute__ ((format (__printf__, 1, 2), noreturn)); + ++void EXPORT_FUNC(grub_util_set_kexecute) (void); ++int EXPORT_FUNC(grub_util_get_kexecute) (void) WARN_UNUSED_RESULT; ++ + grub_uint64_t EXPORT_FUNC (grub_util_get_cpu_time_ms) (void); + + #ifdef HAVE_DEVICE_MAPPER +diff --git a/grub-core/Makefile.am b/grub-core/Makefile.am +index 9c69aa886..0108c0d42 100644 +--- a/grub-core/Makefile.am ++++ b/grub-core/Makefile.am +@@ -274,6 +274,7 @@ KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/emu/net.h + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/emu/hostdisk.h + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/emu/hostfile.h + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/extcmd.h ++KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/emu/exec.h + if COND_GRUB_EMU_SDL + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/sdl.h + endif diff --git a/SOURCES/0117-Fix-the-efidir-in-grub-setpassword.patch b/SOURCES/0117-Fix-the-efidir-in-grub-setpassword.patch new file mode 100644 index 0000000..d75fe8e --- /dev/null +++ b/SOURCES/0117-Fix-the-efidir-in-grub-setpassword.patch @@ -0,0 +1,24 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Thu, 15 Mar 2018 14:12:54 -0400 +Subject: [PATCH] Fix the efidir in grub-setpassword + +Signed-off-by: Peter Jones +--- + util/grub-setpassword.in | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/util/grub-setpassword.in b/util/grub-setpassword.in +index d7924af51..cf70257ee 100644 +--- a/util/grub-setpassword.in ++++ b/util/grub-setpassword.in +@@ -1,7 +1,8 @@ + #!/bin/sh -e + ++EFIDIR=$(grep ^ID= /etc/os-release | sed -e 's/^ID=//' -e 's/rhel/redhat/') + if [ -d /sys/firmware/efi/efivars/ ]; then +- grubdir=`echo "/@bootdirname@/efi/EFI/redhat/" | sed 's,//*,/,g'` ++ grubdir=`echo "/@bootdirname@/efi/EFI/${EFIDIR}/" | sed 's,//*,/,g'` + else + grubdir=`echo "/@bootdirname@/@grubdirname@" | sed 's,//*,/,g'` + fi diff --git a/SOURCES/0118-Add-grub2-switch-to-blscfg.patch b/SOURCES/0118-Add-grub2-switch-to-blscfg.patch new file mode 100644 index 0000000..82cd732 --- /dev/null +++ b/SOURCES/0118-Add-grub2-switch-to-blscfg.patch @@ -0,0 +1,345 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Thu, 15 Mar 2018 14:12:40 -0400 +Subject: [PATCH] Add grub2-switch-to-blscfg + +Signed-off-by: Peter Jones +--- + Makefile.util.def | 7 ++ + .gitignore | 2 + + util/grub-switch-to-blscfg.8 | 25 ++++ + util/grub-switch-to-blscfg.in | 262 ++++++++++++++++++++++++++++++++++++++++++ + 4 files changed, 296 insertions(+) + create mode 100644 util/grub-switch-to-blscfg.8 + create mode 100644 util/grub-switch-to-blscfg.in + +diff --git a/Makefile.util.def b/Makefile.util.def +index 879e8eb98..f4fbd2506 100644 +--- a/Makefile.util.def ++++ b/Makefile.util.def +@@ -1348,6 +1348,13 @@ program = { + ldadd = '$(LIBINTL) $(LIBDEVMAPPER) $(LIBZFS) $(LIBNVPAIR) $(LIBGEOM)'; + }; + ++script = { ++ name = grub-switch-to-blscfg; ++ common = util/grub-switch-to-blscfg.in; ++ mansection = 8; ++ installdir = sbin; ++}; ++ + program = { + name = grub-glue-efi; + mansection = 1; +diff --git a/.gitignore b/.gitignore +index 54795fa60..424755921 100644 +--- a/.gitignore ++++ b/.gitignore +@@ -121,6 +121,8 @@ grub-*.tar.* + /grub*-sparc64-setup.8 + /grub*-syslinux2cfg + /grub*-syslinux2cfg.1 ++/grub*-switch-to-blscfg ++/grub*-switch-to-blscfg.8 + /grub_fstest.pp + /grub_fstest_init.c + /grub_fstest_init.lst +diff --git a/util/grub-switch-to-blscfg.8 b/util/grub-switch-to-blscfg.8 +new file mode 100644 +index 000000000..134dfc62a +--- /dev/null ++++ b/util/grub-switch-to-blscfg.8 +@@ -0,0 +1,25 @@ ++.TH GRUB-SWITCH-TO-BLSCFG 1 "Wed Feb 26 2014" ++.SH NAME ++\fBgrub-switch-to-blscfg\fR \(em Switch to using BLS config files. ++ ++.SH SYNOPSIS ++\fBgrub-switch-to-blscfg\fR [--grub-directory=\fIDIR\fR] [--config-file=\fIFILE\fR] [--grub-defaults=\fIFILE\fR] ++ ++.SH DESCRIPTION ++\fBgrub-switch-to-blscfg\fR reconfigures grub-mkconfig to use BLS-style config files, and then regenerates the GRUB configuration. ++ ++.SH OPTIONS ++.TP ++--grub-directory=\fIDIR\fR ++Search for grub.cfg under \fIDIR\fR. The default value is \fI/boot/efi/EFI/\fBVENDOR\fR on UEFI machines and \fI/boot/grub2\fR elsewhere. ++ ++.TP ++--config-file=\fIFILE\fR ++The grub config file to use. The default value is \fI/etc/grub2-efi.cfg\fR on UEFI machines and \fI/etc/grub2.cfg\fR elsewhere. Symbolic links will be followed. ++ ++.TP ++--grub-defaults=\fIFILE\fR ++The defaults file for grub-mkconfig. The default value is \fI/etc/default/grub\fR. ++ ++.SH SEE ALSO ++.BR "info grub" +diff --git a/util/grub-switch-to-blscfg.in b/util/grub-switch-to-blscfg.in +new file mode 100644 +index 000000000..3ae5e4ea8 +--- /dev/null ++++ b/util/grub-switch-to-blscfg.in +@@ -0,0 +1,262 @@ ++#! /bin/sh ++# ++# Set a default boot entry for GRUB. ++# Copyright (C) 2004,2009 Free Software Foundation, Inc. ++# ++# GRUB is free software: you can redistribute it and/or modify ++# it under the terms of the GNU General Public License as published by ++# the Free Software Foundation, either version 3 of the License, or ++# (at your option) any later version. ++# ++# GRUB is distributed in the hope that it will be useful, ++# but WITHOUT ANY WARRANTY; without even the implied warranty of ++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++# GNU General Public License for more details. ++# ++# You should have received a copy of the GNU General Public License ++# along with GRUB. If not, see . ++ ++#set -eu ++ ++# Initialize some variables. ++prefix=@prefix@ ++exec_prefix=@exec_prefix@ ++bindir=@bindir@ ++sysconfdir="@sysconfdir@" ++PACKAGE_NAME=@PACKAGE_NAME@ ++PACKAGE_VERSION=@PACKAGE_VERSION@ ++datarootdir="@datarootdir@" ++datadir="@datadir@" ++if [ ! -v pkgdatadir ]; then ++ pkgdatadir="${datadir}/@PACKAGE@" ++fi ++ ++self=`basename $0` ++ ++grub_editenv=${bindir}/@grub_editenv@ ++etcdefaultgrub=/etc/default/grub ++ ++EFIDIR=$(grep ^ID= /etc/os-release | sed -e 's/^ID=//' -e 's/rhel/redhat/') ++if [ -d /sys/firmware/efi/efivars/ ]; then ++ startlink=/etc/grub2-efi.cfg ++ grubdir=`echo "/@bootdirname@/efi/EFI/${EFIDIR}/" | sed 's,//*,/,g'` ++ blsdir=`echo "/@bootdirname@/efi/EFI/${EFIDIR}/loader/entries" | sed 's,//*,/,g'` ++else ++ startlink=/etc/grub2.cfg ++ grubdir=`echo "/@bootdirname@/@grubdirname@" | sed 's,//*,/,g'` ++ blsdir=`echo "/@bootdirname@" | sed 's,//*,/,g'` ++fi ++ ++backupsuffix=.bak ++ ++export TEXTDOMAIN=@PACKAGE@ ++export TEXTDOMAINDIR="@localedir@" ++ ++. "${pkgdatadir}/grub-mkconfig_lib" ++ ++# Usage: usage ++# Print the usage. ++usage () { ++ gettext_printf "Usage: %s\n" "$self" ++ gettext "Switch to BLS config files.\n"; echo ++ echo ++ print_option_help "-h, --help" "$(gettext "print this message and exit")" ++ print_option_help "-V, --version" "$(gettext "print the version information and exit")" ++ echo ++ print_option_help "--backup-suffix=$(gettext "SUFFIX")" "$backupsuffix" ++ print_option_help "--bls-directory=$(gettext "DIR")" "$blsdir" ++ print_option_help "--config-file=$(gettext "FILE")" "$startlink" ++ print_option_help "--grub-defaults=$(gettext "FILE")" "$etcdefaultgrub" ++ print_option_help "--grub-directory=$(gettext "DIR")" "$grubdir" ++ # echo ++ # gettext "Report bugs to ."; echo ++} ++ ++argument () { ++ opt=$1 ++ shift ++ ++ if test $# -eq 0; then ++ gettext_printf "%s: option requires an argument -- \`%s'\n" "$self" "$opt" 1>&2 ++ exit 1 ++ fi ++ echo $1 ++} ++ ++# Check the arguments. ++while test $# -gt 0 ++do ++ option=$1 ++ shift ++ ++ case "$option" in ++ -h | --help) ++ usage ++ exit 0 ;; ++ -V | --version) ++ echo "$self (${PACKAGE_NAME}) ${PACKAGE_VERSION}" ++ exit 0 ;; ++ ++ --backup-suffix) ++ backupsuffix=`argument $option "$@"` ++ shift ++ ;; ++ --backup-suffix=*) ++ backupsuffix=`echo "$option" | sed 's/--backup-suffix=//'` ++ ;; ++ ++ --bls-directory) ++ blsdir=`argument $option "$@"` ++ shift ++ ;; ++ --bls-directory=*) ++ blsdir=`echo "$option" | sed 's/--bls-directory=//'` ++ ;; ++ ++ --config-file) ++ startlink=`argument $option "$@"` ++ shift ++ ;; ++ --config-file=*) ++ startlink=`echo "$option" | sed 's/--config-file=//'` ++ ;; ++ ++ --grub-defaults) ++ etcdefaultgrub=`argument $option "$@"` ++ shift ++ ;; ++ --grub-defaults=*) ++ etcdefaultgrub=`echo "$option" | sed 's/--grub-defaults=//'` ++ ;; ++ ++ --grub-directory) ++ grubdir=`argument $option "$@"` ++ shift ++ ;; ++ --grub-directory=*) ++ grubdir=`echo "$option" | sed 's/--grub-directory=//'` ++ ;; ++ ++ *) ++ gettext_printf "Unrecognized option \`%s'\n" "$option" 1>&2 ++ usage ++ exit 1 ++ ;; ++ esac ++done ++ ++find_grub_cfg() { ++ local candidate="" ++ while [[ -e "${candidate}" || $# -gt 0 ]] ++ do ++ if [[ ! -e "${candidate}" ]] ; then ++ candidate="$1" ++ shift ++ fi ++ ++ if [[ -L "${candidate}" ]]; then ++ candidate="$(realpath "${candidate}")" ++ fi ++ ++ if [[ -f "${candidate}" ]]; then ++ export GRUB_CONFIG_FILE="${candidate}" ++ return 0 ++ fi ++ done ++ return 1 ++} ++ ++if ! find_grub_cfg ${startlink} ${grubdir}/grub.cfg ; then ++ gettext_printf "Couldn't find config file\n" 1>&2 ++ exit 1 ++fi ++ ++if [[ ! -d "${blsdir}" ]]; then ++ install -m 700 -d "${blsdir}" ++fi ++ ++if [[ -f /etc/machine-id ]]; then ++ MACHINE_ID=$(cat /etc/machine-id) ++else ++ MACHINE_ID=$(dmesg | sha256sum) ++fi ++ ++mkbls() { ++ local kernelver=$1 && shift ++ local datetime=$1 && shift ++ ++ local debugname="" ++ local flavor="" ++ ++ if [[ "$kernelver" == *\+* ]] ; then ++ local flavor=-"${kernelver##*+}" ++ if [[ "${flavor}" == "-debug" ]]; then ++ local debugname=" with debugging" ++ fi ++ fi ++ ( ++ source /etc/os-release ++ ++ cat <"${bls_target}" ++ fi ++done ++ ++GENERATE=0 ++if grep '^GRUB_ENABLE_BLSCFG=.*' "${etcdefaultgrub}" \ ++ | grep -vq '^GRUB_ENABLE_BLSCFG="*true"*\s*$' ; then ++ if ! sed -i"${backupsuffix}" \ ++ -e 's,^GRUB_ENABLE_BLSCFG=.*,GRUB_ENABLE_BLSCFG=true,' \ ++ "${etcdefaultgrub}" ; then ++ gettext_printf "Updating %s failed\n" "${etcdefaultgrub}" ++ exit 1 ++ fi ++ GENERATE=1 ++elif ! grep -q '^GRUB_ENABLE_BLSCFG=.*' "${etcdefaultgrub}" ; then ++ if ! echo 'GRUB_ENABLE_BLSCFG=true' >> "${etcdefaultgrub}" ; then ++ gettext_printf "Updating %s failed\n" "${etcdefaultgrub}" ++ exit 1 ++ fi ++ GENERATE=1 ++fi ++ ++if [[ "${GENERATE}" -eq 1 ]] ; then ++ cp -af "${GRUB_CONFIG_FILE}" "${GRUB_CONFIG_FILE}${backupsuffix}" ++ if ! grub2-mkconfig -o "${GRUB_CONFIG_FILE}" ; then ++ cp -af "${GRUB_CONFIG_FILE}${backupsuffix}" "${GRUB_CONFIG_FILE}" ++ sed -i"${backupsuffix}" \ ++ -e 's,^GRUB_ENABLE_BLSCFG=.*,GRUB_ENABLE_BLSCFG=false,' \ ++ /etc/default/grub ++ gettext_printf "Updating %s failed\n" "${GRUB_CONFIG_FILE}" ++ exit 1 ++ fi ++fi ++ ++# Bye. ++exit 0 diff --git a/SOURCES/0119-Add-grub_debug_enabled.patch b/SOURCES/0119-Add-grub_debug_enabled.patch new file mode 100644 index 0000000..7022284 --- /dev/null +++ b/SOURCES/0119-Add-grub_debug_enabled.patch @@ -0,0 +1,60 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Thu, 30 Nov 2017 15:11:39 -0500 +Subject: [PATCH] Add grub_debug_enabled() + +--- + grub-core/kern/misc.c | 21 ++++++++++++++++----- + include/grub/misc.h | 1 + + 2 files changed, 17 insertions(+), 5 deletions(-) + +diff --git a/grub-core/kern/misc.c b/grub-core/kern/misc.c +index 636f97e1b..e758ab341 100644 +--- a/grub-core/kern/misc.c ++++ b/grub-core/kern/misc.c +@@ -159,17 +159,28 @@ int grub_err_printf (const char *fmt, ...) + __attribute__ ((alias("grub_printf"))); + #endif + ++int ++grub_debug_enabled (const char * condition) ++{ ++ const char *debug; ++ ++ debug = grub_env_get ("debug"); ++ if (!debug) ++ return 0; ++ ++ if (grub_strword (debug, "all") || grub_strword (debug, condition)) ++ return 1; ++ ++ return 0; ++} ++ + void + grub_real_dprintf (const char *file, const int line, const char *condition, + const char *fmt, ...) + { + va_list args; +- const char *debug = grub_env_get ("debug"); + +- if (! debug) +- return; +- +- if (grub_strword (debug, "all") || grub_strword (debug, condition)) ++ if (grub_debug_enabled (condition)) + { + grub_printf ("%s:%d: ", file, line); + va_start (args, fmt); +diff --git a/include/grub/misc.h b/include/grub/misc.h +index cbfae75a1..f7473c154 100644 +--- a/include/grub/misc.h ++++ b/include/grub/misc.h +@@ -367,6 +367,7 @@ grub_puts (const char *s) + } + + int EXPORT_FUNC(grub_puts_) (const char *s); ++int EXPORT_FUNC(grub_debug_enabled) (const char *condition); + void EXPORT_FUNC(grub_real_dprintf) (const char *file, + const int line, + const char *condition, diff --git a/SOURCES/0120-make-better-backtraces.patch b/SOURCES/0120-make-better-backtraces.patch new file mode 100644 index 0000000..eac7417 --- /dev/null +++ b/SOURCES/0120-make-better-backtraces.patch @@ -0,0 +1,908 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Mon, 6 Nov 2017 18:31:56 -0500 +Subject: [PATCH] make better backtraces + +Signed-off-by: Peter Jones +--- + Makefile.util.def | 6 ++ + grub-core/Makefile.core.def | 15 ++-- + grub-core/{lib => commands}/backtrace.c | 2 +- + grub-core/gdb/cstub.c | 1 - + grub-core/kern/arm64/backtrace.c | 94 ++++++++++++++++++++++++ + grub-core/kern/backtrace.c | 97 +++++++++++++++++++++++++ + grub-core/kern/dl.c | 45 ++++++++++++ + grub-core/kern/i386/backtrace.c | 125 ++++++++++++++++++++++++++++++++ + grub-core/kern/i386/pc/init.c | 4 +- + grub-core/kern/ieee1275/init.c | 1 - + grub-core/kern/misc.c | 13 ++-- + grub-core/kern/mm.c | 6 +- + grub-core/lib/arm64/backtrace.c | 62 ---------------- + grub-core/lib/i386/backtrace.c | 78 -------------------- + include/grub/backtrace.h | 10 ++- + include/grub/dl.h | 2 + + include/grub/kernel.h | 3 + + grub-core/kern/arm/efi/startup.S | 2 + + grub-core/kern/arm/startup.S | 2 + + grub-core/kern/arm64/efi/startup.S | 2 + + grub-core/kern/i386/qemu/startup.S | 3 +- + grub-core/kern/ia64/efi/startup.S | 3 +- + grub-core/kern/sparc64/ieee1275/crt0.S | 3 +- + grub-core/Makefile.am | 1 + + 24 files changed, 414 insertions(+), 166 deletions(-) + rename grub-core/{lib => commands}/backtrace.c (98%) + create mode 100644 grub-core/kern/arm64/backtrace.c + create mode 100644 grub-core/kern/backtrace.c + create mode 100644 grub-core/kern/i386/backtrace.c + delete mode 100644 grub-core/lib/arm64/backtrace.c + delete mode 100644 grub-core/lib/i386/backtrace.c + +diff --git a/Makefile.util.def b/Makefile.util.def +index f4fbd2506..cbd661d63 100644 +--- a/Makefile.util.def ++++ b/Makefile.util.def +@@ -49,6 +49,12 @@ library = { + common = grub-core/partmap/msdos.c; + common = grub-core/fs/proc.c; + common = grub-core/fs/archelp.c; ++ common = grub-core/kern/backtrace.c; ++ ++ x86 = grub-core/kern/i386/backtrace.c; ++ i386_xen = grub-core/kern/i386/backtrace.c; ++ x86_64_xen = grub-core/kern/i386/backtrace.c; ++ arm64 = grub-core/kern/arm64/backtrace.c; + }; + + library = { +diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def +index 067b97a42..cb24f92a4 100644 +--- a/grub-core/Makefile.core.def ++++ b/grub-core/Makefile.core.def +@@ -130,6 +130,12 @@ kernel = { + common = kern/rescue_reader.c; + common = kern/term.c; + common = kern/qsort.c; ++ common = kern/backtrace.c; ++ ++ x86 = kern/i386/backtrace.c; ++ i386_xen = kern/i386/backtrace.c; ++ x86_64_xen = kern/i386/backtrace.c; ++ arm64 = kern/arm64/backtrace.c; + + noemu = kern/compiler-rt.c; + noemu = kern/mm.c; +@@ -176,9 +182,6 @@ kernel = { + + softdiv = lib/division.c; + +- x86 = lib/i386/backtrace.c; +- x86 = lib/backtrace.c; +- + i386 = kern/i386/dl.c; + i386_xen = kern/i386/dl.c; + +@@ -2277,13 +2280,11 @@ module = { + + module = { + name = backtrace; +- x86 = lib/i386/backtrace.c; +- i386_xen = lib/i386/backtrace.c; +- x86_64_xen = lib/i386/backtrace.c; +- common = lib/backtrace.c; ++ common = commands/backtrace.c; + enable = x86; + enable = i386_xen; + enable = x86_64_xen; ++ enable = arm64; + }; + + module = { +diff --git a/grub-core/lib/backtrace.c b/grub-core/commands/backtrace.c +similarity index 98% +rename from grub-core/lib/backtrace.c +rename to grub-core/commands/backtrace.c +index c0ad6ab8b..8b5ec3913 100644 +--- a/grub-core/lib/backtrace.c ++++ b/grub-core/commands/backtrace.c +@@ -54,7 +54,7 @@ grub_cmd_backtrace (grub_command_t cmd __attribute__ ((unused)), + int argc __attribute__ ((unused)), + char **args __attribute__ ((unused))) + { +- grub_backtrace (); ++ grub_backtrace (1); + return 0; + } + +diff --git a/grub-core/gdb/cstub.c b/grub-core/gdb/cstub.c +index b64acd70f..99281472d 100644 +--- a/grub-core/gdb/cstub.c ++++ b/grub-core/gdb/cstub.c +@@ -215,7 +215,6 @@ grub_gdb_trap (int trap_no) + grub_printf ("Unhandled exception 0x%x at ", trap_no); + grub_backtrace_print_address ((void *) grub_gdb_regs[PC]); + grub_printf ("\n"); +- grub_backtrace_pointer ((void *) grub_gdb_regs[EBP]); + grub_fatal ("Unhandled exception"); + } + +diff --git a/grub-core/kern/arm64/backtrace.c b/grub-core/kern/arm64/backtrace.c +new file mode 100644 +index 000000000..019c6fdfe +--- /dev/null ++++ b/grub-core/kern/arm64/backtrace.c +@@ -0,0 +1,94 @@ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2009 Free Software Foundation, Inc. ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ */ ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++#define MAX_STACK_FRAME 102400 ++ ++struct fplr ++{ ++ void *lr; ++ struct fplr *fp; ++}; ++ ++void ++grub_backtrace_pointer (void *frame, unsigned int skip) ++{ ++ unsigned int x = 0; ++ struct fplr *fplr = (struct fplr *)frame; ++ ++ while (fplr) ++ { ++ const char *name = NULL; ++ char *addr = NULL; ++ ++ grub_dprintf("backtrace", "fp is %p next_fp is %p\n", ++ fplr, fplr->fp); ++ ++ if (x >= skip) ++ { ++ name = grub_get_symbol_by_addr (fplr->lr, 1); ++ if (name) ++ addr = grub_resolve_symbol (name); ++ grub_backtrace_print_address (fplr->lr); ++ ++ if (addr && addr != fplr->lr) ++ grub_printf (" %s() %p+%p \n", name ? name : "unknown", addr, ++ (void *)((grub_uint64_t)fplr->lr - (grub_uint64_t)addr)); ++ else ++ grub_printf(" %s() %p \n", name ? name : "unknown", addr); ++ ++ } ++ ++ x += 1; ++ ++ if (fplr->fp < fplr || ++ (grub_uint64_t)fplr->fp - (grub_uint64_t)fplr > MAX_STACK_FRAME || ++ fplr->fp == fplr) ++ { ++ break; ++ } ++ fplr = fplr->fp; ++ } ++} ++ ++asm ("\t.global \"_text\"\n" ++ "_text:\n" ++ "\t.quad .text\n" ++ "\t.global \"_data\"\n" ++ "_data:\n" ++ "\t.quad .data\n" ++ ); ++ ++extern grub_uint64_t _text; ++extern grub_uint64_t _data; ++ ++void ++grub_backtrace_arch (unsigned int skip) ++{ ++ grub_printf ("Backtrace (.text %p .data %p):\n", ++ (void *)_text, (void *)_data); ++ skip += 1; ++ grub_backtrace_pointer(__builtin_frame_address(0), skip); ++} +diff --git a/grub-core/kern/backtrace.c b/grub-core/kern/backtrace.c +new file mode 100644 +index 000000000..4a82e865c +--- /dev/null ++++ b/grub-core/kern/backtrace.c +@@ -0,0 +1,97 @@ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2009 Free Software Foundation, Inc. ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ */ ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++GRUB_MOD_LICENSE ("GPLv3+"); ++ ++static void ++grub_backtrace_print_address_default (void *addr) ++{ ++#ifndef GRUB_UTIL ++ grub_dl_t mod; ++ void *start_addr; ++ ++ FOR_DL_MODULES (mod) ++ { ++ grub_dl_segment_t segment; ++ for (segment = mod->segment; segment; segment = segment->next) ++ if (segment->addr <= addr && (grub_uint8_t *) segment->addr ++ + segment->size > (grub_uint8_t *) addr) ++ { ++ grub_printf ("%s.%x+%" PRIxGRUB_SIZE, mod->name, ++ segment->section, ++ (grub_size_t) ++ ((grub_uint8_t *)addr - (grub_uint8_t *)segment->addr)); ++ return; ++ } ++ } ++ ++ start_addr = grub_resolve_symbol ("_start"); ++ if (start_addr && start_addr < addr) ++ grub_printf ("kernel+%" PRIxGRUB_SIZE, ++ (grub_size_t) ++ ((grub_uint8_t *)addr - (grub_uint8_t *)start_addr)); ++ else ++#endif ++ grub_printf ("%p", addr); ++} ++ ++static void ++grub_backtrace_pointer_default (void *frame __attribute__((__unused__)), ++ unsigned int skip __attribute__((__unused__))) ++{ ++ return; ++} ++ ++void ++grub_backtrace_pointer (void *frame, unsigned int skip) ++ __attribute__((__weak__, ++ __alias__(("grub_backtrace_pointer_default")))); ++ ++void ++grub_backtrace_print_address (void *addr) ++ __attribute__((__weak__, ++ __alias__(("grub_backtrace_print_address_default")))); ++ ++static void ++grub_backtrace_arch_default(unsigned int skip) ++{ ++ grub_backtrace_pointer(__builtin_frame_address(0), skip + 1); ++} ++ ++void grub_backtrace_arch (unsigned int skip) ++ __attribute__((__weak__, __alias__(("grub_backtrace_arch_default")))); ++ ++void grub_backtrace (unsigned int skip) ++{ ++ grub_backtrace_arch(skip + 1); ++} ++ ++void grub_debug_backtrace (const char * const debug, ++ unsigned int skip) ++{ ++ if (grub_debug_enabled (debug)) ++ grub_backtrace (skip + 1); ++} +diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c +index 621070918..5028d157c 100644 +--- a/grub-core/kern/dl.c ++++ b/grub-core/kern/dl.c +@@ -124,6 +124,50 @@ grub_dl_resolve_symbol (const char *name) + return 0; + } + ++void * ++grub_resolve_symbol (const char *name) ++{ ++ grub_symbol_t sym; ++ ++ sym = grub_dl_resolve_symbol (name); ++ if (sym) ++ return sym->addr; ++ return NULL; ++} ++ ++const char * ++grub_get_symbol_by_addr(const void *addr, int isfunc) ++{ ++ unsigned int i; ++ grub_symbol_t before = NULL, after = NULL; ++ for (i = 0; i < GRUB_SYMTAB_SIZE; i++) ++ { ++ grub_symbol_t sym; ++ for (sym = grub_symtab[i]; sym; sym = sym->next) ++ { ++ //grub_printf ("addr 0x%08llx symbol %s\n", (unsigned long long)sym->addr, sym->name); ++ if (sym->addr > addr) ++ { ++ if (!after || sym->addr > after->addr) ++ after = sym; ++ } ++ ++ if (isfunc != sym->isfunc) ++ continue; ++ if (sym->addr > addr) ++ continue; ++ ++ if ((!before && sym->addr <= addr) || (before && before->addr <= sym->addr)) ++ before = sym; ++ } ++ } ++ ++ if (before && addr < after->addr) ++ return before->name; ++ ++ return NULL; ++} ++ + /* Register a symbol with the name NAME and the address ADDR. */ + grub_err_t + grub_dl_register_symbol (const char *name, void *addr, int isfunc, +@@ -336,6 +380,7 @@ grub_dl_resolve_symbols (grub_dl_t mod, Elf_Ehdr *e) + const char *str; + Elf_Word size, entsize; + ++ grub_dprintf ("modules", "Resolving symbols for \"%s\"\n", mod->name); + for (i = 0, s = (Elf_Shdr *) ((char *) e + e->e_shoff); + i < e->e_shnum; + i++, s = (Elf_Shdr *) ((char *) s + e->e_shentsize)) +diff --git a/grub-core/kern/i386/backtrace.c b/grub-core/kern/i386/backtrace.c +new file mode 100644 +index 000000000..2413f9a57 +--- /dev/null ++++ b/grub-core/kern/i386/backtrace.c +@@ -0,0 +1,125 @@ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2009 Free Software Foundation, Inc. ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ */ ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++#define MAX_STACK_FRAME 102400 ++ ++void ++grub_backtrace_pointer (void *frame, unsigned int skip) ++{ ++ void **ebp = (void **)frame; ++ unsigned long x = 0; ++ ++ while (ebp) ++ { ++ void **next_ebp = (void **)ebp[0]; ++ const char *name = NULL; ++ char *addr = NULL; ++ ++ grub_dprintf("backtrace", "ebp is %p next_ebp is %p\n", ebp, next_ebp); ++ ++ if (x >= skip) ++ { ++ name = grub_get_symbol_by_addr (ebp[1], 1); ++ if (name) ++ addr = grub_resolve_symbol (name); ++ grub_backtrace_print_address (ebp[1]); ++ ++ if (addr && addr != ebp[1]) ++ grub_printf (" %s() %p+%p \n", name ? name : "unknown", addr, ++ (char *)((char *)ebp[1] - addr)); ++ else ++ grub_printf(" %s() %p \n", name ? name : "unknown", addr); ++ ++#if 0 ++ grub_printf ("("); ++ for (i = 0, arg = ebp[2]; arg != next_ebp && i < 12; arg++, i++) ++ grub_printf ("%p,", arg); ++ grub_printf (")\n"); ++#endif ++ } ++ ++ x += 1; ++ ++ if (next_ebp < ebp || next_ebp - ebp > MAX_STACK_FRAME || next_ebp == ebp) ++ { ++ //grub_printf ("Invalid stack frame at %p (%p)\n", ebp, next_ebp); ++ break; ++ } ++ ebp = next_ebp; ++ } ++} ++ ++#if defined (__x86_64__) ++asm ("\t.global \"_text\"\n" ++ "_text:\n" ++ "\t.quad .text\n" ++ "\t.global \"_data\"\n" ++ "_data:\n" ++ "\t.quad .data\n" ++ ); ++#elif defined(__i386__) ++asm ("\t.global \"_text\"\n" ++ "_text:\n" ++ "\t.long .text\n" ++ "\t.global \"_data\"\n" ++ "_data:\n" ++ "\t.long .data\n" ++ ); ++#else ++#warning I dunno... ++#endif ++ ++extern unsigned long _text; ++extern unsigned long _data; ++ ++#ifdef GRUB_UTIL ++#define EXT_C(x) x ++#endif ++ ++void ++grub_backtrace_arch (unsigned int skip) ++{ ++ grub_printf ("Backtrace (.text %p .data %p):\n", ++ (void *)_text, (void *)_data); ++ skip += 1; ++#if defined (__x86_64__) ++ asm volatile ("movq %%rbp, %%rdi\n" ++ "movq 0, %%rsi\n" ++ "movl %0, %%esi\n" ++ "call " EXT_C("grub_backtrace_pointer") ++ : ++ : "r" (skip)); ++#elif defined(__i386__) ++ asm volatile ("addl $8, %%esp\n" ++ "pushl %0\n" ++ "pushl %%ebp\n" ++ "call " EXT_C("grub_backtrace_pointer") ++ : ++ : "r" (skip)); ++#else ++ grub_backtrace_pointer(__builtin_frame_address(0), skip); ++#endif ++} +diff --git a/grub-core/kern/i386/pc/init.c b/grub-core/kern/i386/pc/init.c +index 27bc68b8a..b51d0abfa 100644 +--- a/grub-core/kern/i386/pc/init.c ++++ b/grub-core/kern/i386/pc/init.c +@@ -153,7 +153,7 @@ compact_mem_regions (void) + } + + grub_addr_t grub_modbase; +-extern grub_uint8_t _start[], _edata[]; ++extern grub_uint8_t _edata[]; + + /* Helper for grub_machine_init. */ + static int +@@ -217,7 +217,7 @@ grub_machine_init (void) + /* This has to happen before any BIOS calls. */ + grub_via_workaround_init (); + +- grub_modbase = GRUB_MEMORY_MACHINE_DECOMPRESSION_ADDR + (_edata - _start); ++ grub_modbase = GRUB_MEMORY_MACHINE_DECOMPRESSION_ADDR + (_edata - (grub_uint8_t *)_start); + + /* Initialize the console as early as possible. */ + grub_console_init (); +diff --git a/grub-core/kern/ieee1275/init.c b/grub-core/kern/ieee1275/init.c +index e01bc6eab..e731a57a4 100644 +--- a/grub-core/kern/ieee1275/init.c ++++ b/grub-core/kern/ieee1275/init.c +@@ -60,7 +60,6 @@ + #define HEAP_MAX_ADDR (unsigned long) (32 * 1024 * 1024) + #endif + +-extern char _start[]; + extern char _end[]; + + #ifdef __sparc__ +diff --git a/grub-core/kern/misc.c b/grub-core/kern/misc.c +index e758ab341..5c2d2039d 100644 +--- a/grub-core/kern/misc.c ++++ b/grub-core/kern/misc.c +@@ -1110,15 +1110,15 @@ grub_xasprintf (const char *fmt, ...) + } + + /* Abort GRUB. This function does not return. */ +-static void __attribute__ ((noreturn)) ++static inline void __attribute__ ((noreturn)) + grub_abort (void) + { +-#ifndef GRUB_UTIL +-#if (defined(__i386__) || defined(__x86_64__)) && !defined(GRUB_MACHINE_EMU) +- grub_backtrace(); ++#if !defined(GRUB_MACHINE_EMU) && !defined(GRUB_UTIL) ++ grub_backtrace (1); ++#else ++ grub_printf ("\n"); + #endif +-#endif +- grub_printf ("\nAborted."); ++ grub_printf ("Aborted."); + + #ifndef GRUB_UTIL + if (grub_term_inputs) +@@ -1145,6 +1145,7 @@ grub_fatal (const char *fmt, ...) + { + va_list ap; + ++ grub_printf ("\n"); + va_start (ap, fmt); + grub_vprintf (_(fmt), ap); + va_end (ap); +diff --git a/grub-core/kern/mm.c b/grub-core/kern/mm.c +index ee88ff611..002cbfa4f 100644 +--- a/grub-core/kern/mm.c ++++ b/grub-core/kern/mm.c +@@ -95,13 +95,13 @@ get_header_from_pointer (void *ptr, grub_mm_header_t *p, grub_mm_region_t *r) + break; + + if (! *r) +- grub_fatal ("out of range pointer %p", ptr); ++ grub_fatal ("out of range pointer %p\n", ptr); + + *p = (grub_mm_header_t) ptr - 1; + if ((*p)->magic == GRUB_MM_FREE_MAGIC) +- grub_fatal ("double free at %p", *p); ++ grub_fatal ("double free at %p\n", *p); + if ((*p)->magic != GRUB_MM_ALLOC_MAGIC) +- grub_fatal ("alloc magic is broken at %p: %lx", *p, ++ grub_fatal ("alloc magic is broken at %p: %lx\n", *p, + (unsigned long) (*p)->magic); + } + +diff --git a/grub-core/lib/arm64/backtrace.c b/grub-core/lib/arm64/backtrace.c +deleted file mode 100644 +index 1079b5380..000000000 +--- a/grub-core/lib/arm64/backtrace.c ++++ /dev/null +@@ -1,62 +0,0 @@ +-/* +- * GRUB -- GRand Unified Bootloader +- * Copyright (C) 2009 Free Software Foundation, Inc. +- * +- * GRUB is free software: you can redistribute it and/or modify +- * it under the terms of the GNU General Public License as published by +- * the Free Software Foundation, either version 3 of the License, or +- * (at your option) any later version. +- * +- * GRUB is distributed in the hope that it will be useful, +- * but WITHOUT ANY WARRANTY; without even the implied warranty of +- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +- * GNU General Public License for more details. +- * +- * You should have received a copy of the GNU General Public License +- * along with GRUB. If not, see . +- */ +- +-#include +-#include +-#include +-#include +-#include +-#include +-#include +- +-#define MAX_STACK_FRAME 102400 +- +-void +-grub_backtrace_pointer (int frame) +-{ +- while (1) +- { +- void *lp = __builtin_return_address (frame); +- if (!lp) +- break; +- +- lp = __builtin_extract_return_addr (lp); +- +- grub_printf ("%p: ", lp); +- grub_backtrace_print_address (lp); +- grub_printf (" ("); +- for (i = 0; i < 2; i++) +- grub_printf ("%p,", ((void **)ptr) [i + 2]); +- grub_printf ("%p)\n", ((void **)ptr) [i + 2]); +- nptr = *(void **)ptr; +- if (nptr < ptr || (void **) nptr - (void **) ptr > MAX_STACK_FRAME +- || nptr == ptr) +- { +- grub_printf ("Invalid stack frame at %p (%p)\n", ptr, nptr); +- break; +- } +- ptr = nptr; +- } +-} +- +-void +-grub_backtrace (void) +-{ +- grub_backtrace_pointer (1); +-} +- +diff --git a/grub-core/lib/i386/backtrace.c b/grub-core/lib/i386/backtrace.c +deleted file mode 100644 +index c67273db3..000000000 +--- a/grub-core/lib/i386/backtrace.c ++++ /dev/null +@@ -1,78 +0,0 @@ +-/* +- * GRUB -- GRand Unified Bootloader +- * Copyright (C) 2009 Free Software Foundation, Inc. +- * +- * GRUB is free software: you can redistribute it and/or modify +- * it under the terms of the GNU General Public License as published by +- * the Free Software Foundation, either version 3 of the License, or +- * (at your option) any later version. +- * +- * GRUB is distributed in the hope that it will be useful, +- * but WITHOUT ANY WARRANTY; without even the implied warranty of +- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +- * GNU General Public License for more details. +- * +- * You should have received a copy of the GNU General Public License +- * along with GRUB. If not, see . +- */ +-#include +-#ifdef GRUB_UTIL +-#define REALLY_GRUB_UTIL GRUB_UTIL +-#undef GRUB_UTIL +-#endif +- +-#include +-#include +- +-#ifdef REALLY_GRUB_UTIL +-#define GRUB_UTIL REALLY_GRUB_UTIL +-#undef REALLY_GRUB_UTIL +-#endif +- +-#include +-#include +-#include +-#include +-#include +-#include +- +-#define MAX_STACK_FRAME 102400 +- +-void +-grub_backtrace_pointer (void *ebp) +-{ +- void *ptr, *nptr; +- unsigned i; +- +- ptr = ebp; +- while (1) +- { +- grub_printf ("%p: ", ptr); +- grub_backtrace_print_address (((void **) ptr)[1]); +- grub_printf (" ("); +- for (i = 0; i < 2; i++) +- grub_printf ("%p,", ((void **)ptr) [i + 2]); +- grub_printf ("%p)\n", ((void **)ptr) [i + 2]); +- nptr = *(void **)ptr; +- if (nptr < ptr || (void **) nptr - (void **) ptr > MAX_STACK_FRAME +- || nptr == ptr) +- { +- grub_printf ("Invalid stack frame at %p (%p)\n", ptr, nptr); +- break; +- } +- ptr = nptr; +- } +-} +- +-void +-grub_backtrace (void) +-{ +-#ifdef __x86_64__ +- asm volatile ("movq %%rbp, %%rdi\n" +- "callq *%%rax": :"a"(grub_backtrace_pointer)); +-#else +- asm volatile ("movl %%ebp, %%eax\n" +- "calll *%%ecx": :"c"(grub_backtrace_pointer)); +-#endif +-} +- +diff --git a/include/grub/backtrace.h b/include/grub/backtrace.h +index 395519762..275cf85e2 100644 +--- a/include/grub/backtrace.h ++++ b/include/grub/backtrace.h +@@ -19,8 +19,14 @@ + #ifndef GRUB_BACKTRACE_HEADER + #define GRUB_BACKTRACE_HEADER 1 + +-void grub_backtrace (void); +-void grub_backtrace_pointer (void *ptr); ++#include ++#include ++ ++void EXPORT_FUNC(grub_debug_backtrace) (const char * const debug, ++ unsigned int skip); ++void EXPORT_FUNC(grub_backtrace) (unsigned int skip); ++void grub_backtrace_arch (unsigned int skip); ++void grub_backtrace_pointer (void *ptr, unsigned int skip); + void grub_backtrace_print_address (void *addr); + + #endif +diff --git a/include/grub/dl.h b/include/grub/dl.h +index b1ed3c333..7b5bfb07c 100644 +--- a/include/grub/dl.h ++++ b/include/grub/dl.h +@@ -244,6 +244,8 @@ grub_dl_get (const char *name) + + #endif + ++void * EXPORT_FUNC(grub_resolve_symbol) (const char *name); ++const char * EXPORT_FUNC(grub_get_symbol_by_addr) (const void *addr, int isfunc); + grub_err_t grub_dl_register_symbol (const char *name, void *addr, + int isfunc, grub_dl_t mod); + +diff --git a/include/grub/kernel.h b/include/grub/kernel.h +index ecd88ca72..ae69218af 100644 +--- a/include/grub/kernel.h ++++ b/include/grub/kernel.h +@@ -108,6 +108,9 @@ grub_addr_t grub_modules_get_end (void); + + #endif + ++void EXPORT_FUNC(start) (void); ++void EXPORT_FUNC(_start) (void); ++ + /* The start point of the C code. */ + void grub_main (void) __attribute__ ((noreturn)); + +diff --git a/grub-core/kern/arm/efi/startup.S b/grub-core/kern/arm/efi/startup.S +index 9f8265315..f3bc41f9d 100644 +--- a/grub-core/kern/arm/efi/startup.S ++++ b/grub-core/kern/arm/efi/startup.S +@@ -23,6 +23,8 @@ + .file "startup.S" + .text + .arm ++ .globl start, _start ++FUNCTION(start) + FUNCTION(_start) + /* + * EFI_SYSTEM_TABLE and EFI_HANDLE are passed in r1/r0. +diff --git a/grub-core/kern/arm/startup.S b/grub-core/kern/arm/startup.S +index 3946fe8e1..5679a1d00 100644 +--- a/grub-core/kern/arm/startup.S ++++ b/grub-core/kern/arm/startup.S +@@ -48,6 +48,8 @@ + + .text + .arm ++ .globl start, _start ++FUNCTION(start) + FUNCTION(_start) + b codestart + +diff --git a/grub-core/kern/arm64/efi/startup.S b/grub-core/kern/arm64/efi/startup.S +index 666a7ee3c..41676bdb2 100644 +--- a/grub-core/kern/arm64/efi/startup.S ++++ b/grub-core/kern/arm64/efi/startup.S +@@ -19,7 +19,9 @@ + #include + + .file "startup.S" ++ .globl start, _start + .text ++FUNCTION(start) + FUNCTION(_start) + /* + * EFI_SYSTEM_TABLE and EFI_HANDLE are passed in x1/x0. +diff --git a/grub-core/kern/i386/qemu/startup.S b/grub-core/kern/i386/qemu/startup.S +index 0d89858d9..939f182fc 100644 +--- a/grub-core/kern/i386/qemu/startup.S ++++ b/grub-core/kern/i386/qemu/startup.S +@@ -24,7 +24,8 @@ + + .text + .code32 +- .globl _start ++ .globl start, _start ++start: + _start: + jmp codestart + +diff --git a/grub-core/kern/ia64/efi/startup.S b/grub-core/kern/ia64/efi/startup.S +index d75c6d7cc..8f2a593e5 100644 +--- a/grub-core/kern/ia64/efi/startup.S ++++ b/grub-core/kern/ia64/efi/startup.S +@@ -24,8 +24,9 @@ + .psr lsb + .lsb + +- .global _start ++ .global start, _start + .proc _start ++start: + _start: + alloc loc0=ar.pfs,2,4,0,0 + mov loc1=rp +diff --git a/grub-core/kern/sparc64/ieee1275/crt0.S b/grub-core/kern/sparc64/ieee1275/crt0.S +index 03b916f05..701bf63ab 100644 +--- a/grub-core/kern/sparc64/ieee1275/crt0.S ++++ b/grub-core/kern/sparc64/ieee1275/crt0.S +@@ -22,7 +22,8 @@ + + .text + .align 4 +- .globl _start ++ .globl start, _start ++start: + _start: + ba codestart + mov %o4, %o0 +diff --git a/grub-core/Makefile.am b/grub-core/Makefile.am +index 0108c0d42..f36200bd6 100644 +--- a/grub-core/Makefile.am ++++ b/grub-core/Makefile.am +@@ -66,6 +66,7 @@ CLEANFILES += grub_script.yy.c grub_script.yy.h + + include $(srcdir)/Makefile.core.am + ++KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/backtrace.h + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/cache.h + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/command.h + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/device.h diff --git a/SOURCES/0121-normal-don-t-draw-our-startup-message-if-debug-is-se.patch b/SOURCES/0121-normal-don-t-draw-our-startup-message-if-debug-is-se.patch new file mode 100644 index 0000000..8b3dc39 --- /dev/null +++ b/SOURCES/0121-normal-don-t-draw-our-startup-message-if-debug-is-se.patch @@ -0,0 +1,23 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Thu, 9 Nov 2017 15:58:52 -0500 +Subject: [PATCH] normal: don't draw our startup message if debug is set + +--- + grub-core/normal/main.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/grub-core/normal/main.c b/grub-core/normal/main.c +index b69f9e738..04ae9ed02 100644 +--- a/grub-core/normal/main.c ++++ b/grub-core/normal/main.c +@@ -419,6 +419,9 @@ grub_normal_reader_init (int nested) + const char *msg_esc = _("ESC at any time exits."); + char *msg_formatted; + ++ if (grub_env_get ("debug") != NULL) ++ return 0; ++ + msg_formatted = grub_xasprintf (_("Minimal BASH-like line editing is supported. For " + "the first word, TAB lists possible command completions. Anywhere " + "else TAB lists possible device or file completions. %s"), diff --git a/SOURCES/0122-Work-around-some-minor-include-path-weirdnesses.patch b/SOURCES/0122-Work-around-some-minor-include-path-weirdnesses.patch new file mode 100644 index 0000000..589f335 --- /dev/null +++ b/SOURCES/0122-Work-around-some-minor-include-path-weirdnesses.patch @@ -0,0 +1,137 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Fri, 16 Mar 2018 13:28:57 -0400 +Subject: [PATCH] Work around some minor include path weirdnesses + +Signed-off-by: Peter Jones +--- + include/grub/arm/efi/console.h | 24 ++++++++++++++++++++++++ + include/grub/arm64/efi/console.h | 24 ++++++++++++++++++++++++ + include/grub/i386/efi/console.h | 24 ++++++++++++++++++++++++ + include/grub/x86_64/efi/console.h | 24 ++++++++++++++++++++++++ + 4 files changed, 96 insertions(+) + create mode 100644 include/grub/arm/efi/console.h + create mode 100644 include/grub/arm64/efi/console.h + create mode 100644 include/grub/i386/efi/console.h + create mode 100644 include/grub/x86_64/efi/console.h + +diff --git a/include/grub/arm/efi/console.h b/include/grub/arm/efi/console.h +new file mode 100644 +index 000000000..1592f6f76 +--- /dev/null ++++ b/include/grub/arm/efi/console.h +@@ -0,0 +1,24 @@ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2002,2005,2006,2007 Free Software Foundation, Inc. ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ */ ++ ++#ifndef GRUB_ARM_EFI_CONSOLE_H ++#define GRUB_ARM_EFI_CONSOLE_H ++ ++#include ++ ++#endif /* ! GRUB_ARM_EFI_CONSOLE_H */ +diff --git a/include/grub/arm64/efi/console.h b/include/grub/arm64/efi/console.h +new file mode 100644 +index 000000000..956893393 +--- /dev/null ++++ b/include/grub/arm64/efi/console.h +@@ -0,0 +1,24 @@ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2002,2005,2006,2007 Free Software Foundation, Inc. ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ */ ++ ++#ifndef GRUB_ARM64_EFI_CONSOLE_H ++#define GRUB_ARM64_EFI_CONSOLE_H ++ ++#include ++ ++#endif /* ! GRUB_ARM64_EFI_CONSOLE_H */ +diff --git a/include/grub/i386/efi/console.h b/include/grub/i386/efi/console.h +new file mode 100644 +index 000000000..9231375cb +--- /dev/null ++++ b/include/grub/i386/efi/console.h +@@ -0,0 +1,24 @@ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2002,2005,2006,2007 Free Software Foundation, Inc. ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ */ ++ ++#ifndef GRUB_I386_EFI_CONSOLE_H ++#define GRUB_I386_EFI_CONSOLE_H ++ ++#include ++ ++#endif /* ! GRUB_I386_EFI_CONSOLE_H */ +diff --git a/include/grub/x86_64/efi/console.h b/include/grub/x86_64/efi/console.h +new file mode 100644 +index 000000000..dba9d8678 +--- /dev/null ++++ b/include/grub/x86_64/efi/console.h +@@ -0,0 +1,24 @@ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2002,2005,2006,2007 Free Software Foundation, Inc. ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ */ ++ ++#ifndef GRUB_X86_64_EFI_CONSOLE_H ++#define GRUB_X86_64_EFI_CONSOLE_H ++ ++#include ++ ++#endif /* ! GRUB_X86_64_EFI_CONSOLE_H */ diff --git a/SOURCES/0123-Make-it-possible-to-enabled-build-id-sha1.patch b/SOURCES/0123-Make-it-possible-to-enabled-build-id-sha1.patch new file mode 100644 index 0000000..99f0fd8 --- /dev/null +++ b/SOURCES/0123-Make-it-possible-to-enabled-build-id-sha1.patch @@ -0,0 +1,61 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Thu, 25 Jun 2015 15:41:06 -0400 +Subject: [PATCH] Make it possible to enabled --build-id=sha1 + +Signed-off-by: Peter Jones +--- + configure.ac | 8 ++++++++ + acinclude.m4 | 19 +++++++++++++++++++ + 2 files changed, 27 insertions(+) + +diff --git a/configure.ac b/configure.ac +index f69f89867..359cac3c2 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -1386,7 +1386,15 @@ grub_PROG_TARGET_CC + if test "x$TARGET_APPLE_LINKER" != x1 ; then + grub_PROG_OBJCOPY_ABSOLUTE + fi ++ ++AC_ARG_ENABLE([build-id], ++ [AS_HELP_STRING([--enable-build-id], ++ [ask the linker to supply build-id notes (default=no)])]) ++if test x$enable_build_id = xyes; then ++grub_PROG_LD_BUILD_ID_SHA1 ++else + grub_PROG_LD_BUILD_ID_NONE ++fi + if test "x$target_cpu" = xi386; then + if test "$platform" != emu && test "x$TARGET_APPLE_LINKER" != x1 ; then + if test ! -z "$TARGET_IMG_LDSCRIPT"; then +diff --git a/acinclude.m4 b/acinclude.m4 +index 78cdf6e1d..242e829ff 100644 +--- a/acinclude.m4 ++++ b/acinclude.m4 +@@ -136,6 +136,25 @@ if test "x$grub_cv_prog_ld_build_id_none" = xyes; then + fi + ]) + ++dnl Supply --build-id=sha1 to ld if building modules. ++dnl This suppresses warnings from ld on some systems ++AC_DEFUN([grub_PROG_LD_BUILD_ID_SHA1], ++[AC_MSG_CHECKING([whether linker accepts --build-id=sha1]) ++AC_CACHE_VAL(grub_cv_prog_ld_build_id_sha1, ++[save_LDFLAGS="$LDFLAGS" ++LDFLAGS="$LDFLAGS -Wl,--build-id=sha1" ++AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])], ++ [grub_cv_prog_ld_build_id_sha1=yes], ++ [grub_cv_prog_ld_build_id_sha1=no]) ++LDFLAGS="$save_LDFLAGS" ++]) ++AC_MSG_RESULT([$grub_cv_prog_ld_build_id_sha1]) ++ ++if test "x$grub_cv_prog_ld_build_id_sha1" = xyes; then ++ TARGET_LDFLAGS="$TARGET_LDFLAGS -Wl,--build-id=sha1" ++fi ++]) ++ + dnl Check nm + AC_DEFUN([grub_PROG_NM_WORKS], + [AC_MSG_CHECKING([whether nm works]) diff --git a/SOURCES/0124-Add-grub_qdprintf-grub_dprintf-without-the-file-line.patch b/SOURCES/0124-Add-grub_qdprintf-grub_dprintf-without-the-file-line.patch new file mode 100644 index 0000000..dd2e4ce --- /dev/null +++ b/SOURCES/0124-Add-grub_qdprintf-grub_dprintf-without-the-file-line.patch @@ -0,0 +1,56 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Sun, 28 Jun 2015 13:09:58 -0400 +Subject: [PATCH] Add grub_qdprintf() - grub_dprintf() without the file+line + number. + +This just makes copy+paste of our debug loading info easier. + +Signed-off-by: Peter Jones +--- + grub-core/kern/misc.c | 18 ++++++++++++++++++ + include/grub/misc.h | 2 ++ + 2 files changed, 20 insertions(+) + +diff --git a/grub-core/kern/misc.c b/grub-core/kern/misc.c +index 5c2d2039d..0e89c483d 100644 +--- a/grub-core/kern/misc.c ++++ b/grub-core/kern/misc.c +@@ -190,6 +190,24 @@ grub_real_dprintf (const char *file, const int line, const char *condition, + } + } + ++void ++grub_qdprintf (const char *condition, const char *fmt, ...) ++{ ++ va_list args; ++ const char *debug = grub_env_get ("debug"); ++ ++ if (! debug) ++ return; ++ ++ if (grub_strword (debug, "all") || grub_strword (debug, condition)) ++ { ++ va_start (args, fmt); ++ grub_vprintf (fmt, args); ++ va_end (args); ++ grub_refresh (); ++ } ++} ++ + #define PREALLOC_SIZE 255 + + int +diff --git a/include/grub/misc.h b/include/grub/misc.h +index f7473c154..5f1c1c1be 100644 +--- a/include/grub/misc.h ++++ b/include/grub/misc.h +@@ -372,6 +372,8 @@ void EXPORT_FUNC(grub_real_dprintf) (const char *file, + const int line, + const char *condition, + const char *fmt, ...) __attribute__ ((format (GNU_PRINTF, 4, 5))); ++void EXPORT_FUNC(grub_qdprintf) (const char *condition, ++ const char *fmt, ...) __attribute__ ((format (GNU_PRINTF, 2, 3))); + int EXPORT_FUNC(grub_vprintf) (const char *fmt, va_list args); + int EXPORT_FUNC(grub_snprintf) (char *str, grub_size_t n, const char *fmt, ...) + __attribute__ ((format (GNU_PRINTF, 3, 4))); diff --git a/SOURCES/0125-Make-a-gdb-dprintf-that-tells-us-load-addresses.patch b/SOURCES/0125-Make-a-gdb-dprintf-that-tells-us-load-addresses.patch new file mode 100644 index 0000000..f0ee79c --- /dev/null +++ b/SOURCES/0125-Make-a-gdb-dprintf-that-tells-us-load-addresses.patch @@ -0,0 +1,178 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Thu, 25 Jun 2015 15:11:36 -0400 +Subject: [PATCH] Make a "gdb" dprintf that tells us load addresses. + +This makes a grub_dprintf() call during platform init and during module +loading that tells us the virtual addresses of the .text and .data +sections of grub-core/kernel.exec and any modules it loads. + +Specifically, it displays them in the gdb "add-symbol-file" syntax, with +the presumption that there's a variable $grubdir that reflects the path +to any such binaries. + +Signed-off-by: Peter Jones +--- + grub-core/kern/dl.c | 50 +++++++++++++++++++++++++++++++++++++++++++++++ + grub-core/kern/efi/efi.c | 4 ++-- + grub-core/kern/efi/init.c | 26 +++++++++++++++++++++++- + include/grub/efi/efi.h | 2 +- + 4 files changed, 78 insertions(+), 4 deletions(-) + +diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c +index 5028d157c..eb8b969cd 100644 +--- a/grub-core/kern/dl.c ++++ b/grub-core/kern/dl.c +@@ -501,6 +501,23 @@ grub_dl_find_section (Elf_Ehdr *e, const char *name) + return s; + return NULL; + } ++static long ++grub_dl_find_section_index (Elf_Ehdr *e, const char *name) ++{ ++ Elf_Shdr *s; ++ const char *str; ++ unsigned i; ++ ++ s = (Elf_Shdr *) ((char *) e + e->e_shoff + e->e_shstrndx * e->e_shentsize); ++ str = (char *) e + s->sh_offset; ++ ++ for (i = 0, s = (Elf_Shdr *) ((char *) e + e->e_shoff); ++ i < e->e_shnum; ++ i++, s = (Elf_Shdr *) ((char *) s + e->e_shentsize)) ++ if (grub_strcmp (str + s->sh_name, name) == 0) ++ return (long)i; ++ return -1; ++} + + /* Me, Vladimir Serbinenko, hereby I add this module check as per new + GNU module policy. Note that this license check is informative only. +@@ -644,6 +661,37 @@ grub_dl_relocate_symbols (grub_dl_t mod, void *ehdr) + + return GRUB_ERR_NONE; + } ++static void ++grub_dl_print_gdb_info (grub_dl_t mod, Elf_Ehdr *e) ++{ ++ void *text, *data = NULL; ++ long idx; ++ ++ idx = grub_dl_find_section_index (e, ".text"); ++ if (idx < 0) ++ return; ++ ++ text = grub_dl_get_section_addr (mod, idx); ++ if (!text) ++ return; ++ ++ idx = grub_dl_find_section_index (e, ".data"); ++ if (idx >= 0) ++ data = grub_dl_get_section_addr (mod, idx); ++ ++ if (data) ++ grub_qdprintf ("gdb", "add-symbol-file \\\n" ++ "/usr/lib/debug/usr/lib/grub/%s-%s/%s.debug " ++ "\\\n %p -s .data %p\n", ++ GRUB_TARGET_CPU, GRUB_PLATFORM, ++ mod->name, text, data); ++ else ++ grub_qdprintf ("gdb", "add-symbol-file \\\n" ++ "/usr/lib/debug/usr/lib/grub/%s-%s/%s.debug " ++ "\\\n%p\n", ++ GRUB_TARGET_CPU, GRUB_PLATFORM, ++ mod->name, text); ++} + + /* Load a module from core memory. */ + grub_dl_t +@@ -703,6 +751,8 @@ grub_dl_load_core_noinit (void *addr, grub_size_t size) + grub_dprintf ("modules", "module name: %s\n", mod->name); + grub_dprintf ("modules", "init function: %p\n", mod->init); + ++ grub_dl_print_gdb_info (mod, e); ++ + if (grub_dl_add (mod)) + { + grub_dl_unload (mod); +diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c +index bcae7f469..a2a732ffc 100644 +--- a/grub-core/kern/efi/efi.c ++++ b/grub-core/kern/efi/efi.c +@@ -283,7 +283,7 @@ grub_efi_get_variable (const char *var, const grub_efi_guid_t *guid, + /* Search the mods section from the PE32/PE32+ image. This code uses + a PE32 header, but should work with PE32+ as well. */ + grub_addr_t +-grub_efi_modules_addr (void) ++grub_efi_section_addr (const char *section_name) + { + grub_efi_loaded_image_t *image; + struct grub_pe32_header *header; +@@ -308,7 +308,7 @@ grub_efi_modules_addr (void) + i < coff_header->num_sections; + i++, section++) + { +- if (grub_strcmp (section->name, "mods") == 0) ++ if (grub_strcmp (section->name, section_name) == 0) + break; + } + +diff --git a/grub-core/kern/efi/init.c b/grub-core/kern/efi/init.c +index 71d2279a0..e6183a4c4 100644 +--- a/grub-core/kern/efi/init.c ++++ b/grub-core/kern/efi/init.c +@@ -59,10 +59,33 @@ grub_efi_env_init (void) + grub_free (envblk_s.buf); + } + ++static void ++grub_efi_print_gdb_info (void) ++{ ++ grub_addr_t text; ++ grub_addr_t data; ++ ++ text = grub_efi_section_addr (".text"); ++ if (!text) ++ return; ++ ++ data = grub_efi_section_addr (".data"); ++ if (data) ++ grub_qdprintf ("gdb", ++ "add-symbol-file /usr/lib/debug/usr/lib/grub/%s-%s/" ++ "kernel.exec %p -s .data %p\n", ++ GRUB_TARGET_CPU, GRUB_PLATFORM, (void *)text, (void *)data); ++ else ++ grub_qdprintf ("gdb", ++ "add-symbol-file /usr/lib/debug/usr/lib/grub/%s-%s/" ++ "kernel.exec %p\n", ++ GRUB_TARGET_CPU, GRUB_PLATFORM, (void *)text); ++} ++ + void + grub_efi_init (void) + { +- grub_modbase = grub_efi_modules_addr (); ++ grub_modbase = grub_efi_section_addr ("mods"); + /* First of all, initialize the console so that GRUB can display + messages. */ + grub_console_init (); +@@ -74,6 +97,7 @@ grub_efi_init (void) + 0, 0, 0, NULL); + + grub_efi_env_init (); ++ grub_efi_print_gdb_info (); + grub_efidisk_init (); + } + +diff --git a/include/grub/efi/efi.h b/include/grub/efi/efi.h +index 09a18e563..570a69361 100644 +--- a/include/grub/efi/efi.h ++++ b/include/grub/efi/efi.h +@@ -132,7 +132,7 @@ grub_err_t grub_armxx_efi_linux_check_image(struct linux_armxx_kernel_header *lh + grub_err_t grub_armxx_efi_linux_boot_image(grub_addr_t addr, char *args); + #endif + +-grub_addr_t grub_efi_modules_addr (void); ++grub_addr_t grub_efi_section_addr (const char *section); + + void grub_efi_mm_init (void); + void grub_efi_mm_fini (void); diff --git a/SOURCES/0126-Only-attempt-to-scan-different-BLS-directories-on-EF.patch b/SOURCES/0126-Only-attempt-to-scan-different-BLS-directories-on-EF.patch new file mode 100644 index 0000000..175add0 --- /dev/null +++ b/SOURCES/0126-Only-attempt-to-scan-different-BLS-directories-on-EF.patch @@ -0,0 +1,46 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Tue, 3 Apr 2018 15:42:47 +0200 +Subject: [PATCH] Only attempt to scan different BLS directories on EFI + machines + +Current BLS support attempted to scan for BLS directories, but this only +makes sense on EFI, where BLS fragments are in /loader/$vendor/entries. + +For BIOS, only either the default /loader/entries path should be scanned +or the BLS directory defined in the blsdir GRUB 2 environment variable. + +Signed-off-by: Javier Martinez Canillas +--- + grub-core/commands/blscfg.c | 9 ++++----- + 1 file changed, 4 insertions(+), 5 deletions(-) + +diff --git a/grub-core/commands/blscfg.c b/grub-core/commands/blscfg.c +index e0b65534a..e775c6b87 100644 +--- a/grub-core/commands/blscfg.c ++++ b/grub-core/commands/blscfg.c +@@ -676,8 +676,8 @@ static int find_entry (const char *filename, + const char *devid = grub_env_get ("boot"); + + grub_dprintf("blscfg", "%s got here\n", __func__); +- if (!grub_strcmp (filename, ".") || +- !grub_strcmp (filename, "..")) ++ if (filename && (!grub_strcmp (filename, ".") || ++ !grub_strcmp (filename, ".."))) + return 0; + + if (info->platform == PLATFORM_EFI && !grub_strcasecmp (filename, "boot")) +@@ -872,11 +872,10 @@ grub_cmd_blscfg (grub_extcmd_context_t ctxt UNUSED, + info.platform = PLATFORM_EMU; + grub_dprintf ("blscfg", "scanning %s%s\n", GRUB_BOOT_DEVICE, + GRUB_BLS_CONFIG_PATH); +- r = fs->dir (dev, "/boot/loader/", +- find_entry, &info); ++ find_entry(NULL, NULL, &info); + #else + grub_dprintf ("blscfg", "scanning %s\n", GRUB_BLS_CONFIG_PATH); +- r = fs->dir (dev, "/", find_entry, &info); ++ find_entry(NULL, NULL, &info); + #endif + + finish: diff --git a/SOURCES/0127-Core-TPM-support.patch b/SOURCES/0127-Core-TPM-support.patch new file mode 100644 index 0000000..ebfc37b --- /dev/null +++ b/SOURCES/0127-Core-TPM-support.patch @@ -0,0 +1,786 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Matthew Garrett +Date: Tue, 14 Jul 2015 17:06:35 -0700 +Subject: [PATCH] Core TPM support + +Add support for performing basic TPM measurements. Right now this only +supports extending PCRs statically and only on UEFI and BIOS systems, but +will measure all modules as they're loaded. +--- + grub-core/Makefile.core.def | 3 + + grub-core/kern/dl.c | 3 + + grub-core/kern/efi/tpm.c | 282 +++++++++++++++++++++++++++++++++++++++++++ + grub-core/kern/i386/pc/tpm.c | 132 ++++++++++++++++++++ + grub-core/kern/tpm.c | 13 ++ + include/grub/efi/tpm.h | 153 +++++++++++++++++++++++ + include/grub/tpm.h | 91 ++++++++++++++ + grub-core/Makefile.am | 1 + + 8 files changed, 678 insertions(+) + create mode 100644 grub-core/kern/efi/tpm.c + create mode 100644 grub-core/kern/i386/pc/tpm.c + create mode 100644 grub-core/kern/tpm.c + create mode 100644 include/grub/efi/tpm.h + create mode 100644 include/grub/tpm.h + +diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def +index cb24f92a4..420831bc8 100644 +--- a/grub-core/Makefile.core.def ++++ b/grub-core/Makefile.core.def +@@ -131,6 +131,7 @@ kernel = { + common = kern/term.c; + common = kern/qsort.c; + common = kern/backtrace.c; ++ common = kern/tpm.c; + + x86 = kern/i386/backtrace.c; + i386_xen = kern/i386/backtrace.c; +@@ -199,6 +200,7 @@ kernel = { + efi = kern/acpi.c; + efi = kern/efi/acpi.c; + efi = lib/envblk.c; ++ efi = kern/efi/tpm.c; + i386_coreboot = kern/i386/pc/acpi.c; + i386_multiboot = kern/i386/pc/acpi.c; + i386_coreboot = kern/acpi.c; +@@ -245,6 +247,7 @@ kernel = { + + i386_pc = kern/i386/pc/init.c; + i386_pc = kern/i386/pc/mmap.c; ++ i386_pc = kern/i386/pc/tpm.c; + i386_pc = term/i386/pc/console.c; + + i386_qemu = bus/pci.c; +diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c +index eb8b969cd..387d1e644 100644 +--- a/grub-core/kern/dl.c ++++ b/grub-core/kern/dl.c +@@ -33,6 +33,7 @@ + #include + #include + #include ++#include + + /* Platforms where modules are in a readonly area of memory. */ + #if defined(GRUB_MACHINE_QEMU) +@@ -829,6 +830,8 @@ grub_dl_load_file (const char *filename) + opens of the same device. */ + grub_file_close (file); + ++ grub_tpm_measure(core, size, GRUB_TPM_PCR, filename); ++ + mod = grub_dl_load_core (core, size); + grub_free (core); + if (! mod) +diff --git a/grub-core/kern/efi/tpm.c b/grub-core/kern/efi/tpm.c +new file mode 100644 +index 000000000..c9fb3c133 +--- /dev/null ++++ b/grub-core/kern/efi/tpm.c +@@ -0,0 +1,282 @@ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++static grub_efi_guid_t tpm_guid = EFI_TPM_GUID; ++static grub_efi_guid_t tpm2_guid = EFI_TPM2_GUID; ++ ++static grub_efi_boolean_t grub_tpm_present(grub_efi_tpm_protocol_t *tpm) ++{ ++ grub_efi_status_t status; ++ TCG_EFI_BOOT_SERVICE_CAPABILITY caps; ++ grub_uint32_t flags; ++ grub_efi_physical_address_t eventlog, lastevent; ++ ++ caps.Size = (grub_uint8_t)sizeof(caps); ++ ++ status = efi_call_5(tpm->status_check, tpm, &caps, &flags, &eventlog, ++ &lastevent); ++ ++ if (status != GRUB_EFI_SUCCESS || caps.TPMDeactivatedFlag ++ || !caps.TPMPresentFlag) ++ return 0; ++ ++ return 1; ++} ++ ++static grub_efi_boolean_t grub_tpm2_present(grub_efi_tpm2_protocol_t *tpm) ++{ ++ grub_efi_status_t status; ++ EFI_TCG2_BOOT_SERVICE_CAPABILITY caps; ++ ++ caps.Size = (grub_uint8_t)sizeof(caps); ++ ++ status = efi_call_2(tpm->get_capability, tpm, &caps); ++ ++ if (status != GRUB_EFI_SUCCESS || !caps.TPMPresentFlag) ++ return 0; ++ ++ return 1; ++} ++ ++static grub_efi_boolean_t grub_tpm_handle_find(grub_efi_handle_t *tpm_handle, ++ grub_efi_uint8_t *protocol_version) ++{ ++ grub_efi_handle_t *handles; ++ grub_efi_uintn_t num_handles; ++ ++ handles = grub_efi_locate_handle (GRUB_EFI_BY_PROTOCOL, &tpm_guid, NULL, ++ &num_handles); ++ if (handles && num_handles > 0) { ++ *tpm_handle = handles[0]; ++ *protocol_version = 1; ++ return 1; ++ } ++ ++ handles = grub_efi_locate_handle (GRUB_EFI_BY_PROTOCOL, &tpm2_guid, NULL, ++ &num_handles); ++ if (handles && num_handles > 0) { ++ *tpm_handle = handles[0]; ++ *protocol_version = 2; ++ return 1; ++ } ++ ++ return 0; ++} ++ ++static grub_err_t ++grub_tpm1_execute(grub_efi_handle_t tpm_handle, ++ PassThroughToTPM_InputParamBlock *inbuf, ++ PassThroughToTPM_OutputParamBlock *outbuf) ++{ ++ grub_efi_status_t status; ++ grub_efi_tpm_protocol_t *tpm; ++ grub_uint32_t inhdrsize = sizeof(*inbuf) - sizeof(inbuf->TPMOperandIn); ++ grub_uint32_t outhdrsize = sizeof(*outbuf) - sizeof(outbuf->TPMOperandOut); ++ ++ tpm = grub_efi_open_protocol (tpm_handle, &tpm_guid, ++ GRUB_EFI_OPEN_PROTOCOL_GET_PROTOCOL); ++ ++ if (!grub_tpm_present(tpm)) ++ return 0; ++ ++ /* UEFI TPM protocol takes the raw operand block, no param block header */ ++ status = efi_call_5 (tpm->pass_through_to_tpm, tpm, ++ inbuf->IPBLength - inhdrsize, inbuf->TPMOperandIn, ++ outbuf->OPBLength - outhdrsize, outbuf->TPMOperandOut); ++ ++ switch (status) { ++ case GRUB_EFI_SUCCESS: ++ return 0; ++ case GRUB_EFI_DEVICE_ERROR: ++ return grub_error (GRUB_ERR_IO, N_("Command failed")); ++ case GRUB_EFI_INVALID_PARAMETER: ++ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Invalid parameter")); ++ case GRUB_EFI_BUFFER_TOO_SMALL: ++ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Output buffer too small")); ++ case GRUB_EFI_NOT_FOUND: ++ return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("TPM unavailable")); ++ default: ++ return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("Unknown TPM error")); ++ } ++} ++ ++static grub_err_t ++grub_tpm2_execute(grub_efi_handle_t tpm_handle, ++ PassThroughToTPM_InputParamBlock *inbuf, ++ PassThroughToTPM_OutputParamBlock *outbuf) ++{ ++ grub_efi_status_t status; ++ grub_efi_tpm2_protocol_t *tpm; ++ grub_uint32_t inhdrsize = sizeof(*inbuf) - sizeof(inbuf->TPMOperandIn); ++ grub_uint32_t outhdrsize = sizeof(*outbuf) - sizeof(outbuf->TPMOperandOut); ++ ++ tpm = grub_efi_open_protocol (tpm_handle, &tpm2_guid, ++ GRUB_EFI_OPEN_PROTOCOL_GET_PROTOCOL); ++ ++ if (!grub_tpm2_present(tpm)) ++ return 0; ++ ++ /* UEFI TPM protocol takes the raw operand block, no param block header */ ++ status = efi_call_5 (tpm->submit_command, tpm, ++ inbuf->IPBLength - inhdrsize, inbuf->TPMOperandIn, ++ outbuf->OPBLength - outhdrsize, outbuf->TPMOperandOut); ++ ++ switch (status) { ++ case GRUB_EFI_SUCCESS: ++ return 0; ++ case GRUB_EFI_DEVICE_ERROR: ++ return grub_error (GRUB_ERR_IO, N_("Command failed")); ++ case GRUB_EFI_INVALID_PARAMETER: ++ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Invalid parameter")); ++ case GRUB_EFI_BUFFER_TOO_SMALL: ++ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Output buffer too small")); ++ case GRUB_EFI_NOT_FOUND: ++ return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("TPM unavailable")); ++ default: ++ return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("Unknown TPM error")); ++ } ++} ++ ++grub_err_t ++grub_tpm_execute(PassThroughToTPM_InputParamBlock *inbuf, ++ PassThroughToTPM_OutputParamBlock *outbuf) ++{ ++ grub_efi_handle_t tpm_handle; ++ grub_uint8_t protocol_version; ++ ++ /* It's not a hard failure for there to be no TPM */ ++ if (!grub_tpm_handle_find(&tpm_handle, &protocol_version)) ++ return 0; ++ ++ if (protocol_version == 1) { ++ return grub_tpm1_execute(tpm_handle, inbuf, outbuf); ++ } else { ++ return grub_tpm2_execute(tpm_handle, inbuf, outbuf); ++ } ++} ++ ++typedef struct { ++ grub_uint32_t pcrindex; ++ grub_uint32_t eventtype; ++ grub_uint8_t digest[20]; ++ grub_uint32_t eventsize; ++ grub_uint8_t event[1]; ++} Event; ++ ++ ++static grub_err_t ++grub_tpm1_log_event(grub_efi_handle_t tpm_handle, unsigned char *buf, ++ grub_size_t size, grub_uint8_t pcr, ++ const char *description) ++{ ++ Event *event; ++ grub_efi_status_t status; ++ grub_efi_tpm_protocol_t *tpm; ++ grub_efi_physical_address_t lastevent; ++ grub_uint32_t algorithm; ++ grub_uint32_t eventnum = 0; ++ ++ tpm = grub_efi_open_protocol (tpm_handle, &tpm_guid, ++ GRUB_EFI_OPEN_PROTOCOL_GET_PROTOCOL); ++ ++ if (!grub_tpm_present(tpm)) ++ return 0; ++ ++ event = grub_zalloc(sizeof (Event) + grub_strlen(description) + 1); ++ if (!event) ++ return grub_error (GRUB_ERR_OUT_OF_MEMORY, ++ N_("cannot allocate TPM event buffer")); ++ ++ event->pcrindex = pcr; ++ event->eventtype = EV_IPL; ++ event->eventsize = grub_strlen(description) + 1; ++ grub_memcpy(event->event, description, event->eventsize); ++ ++ algorithm = TCG_ALG_SHA; ++ status = efi_call_7 (tpm->log_extend_event, tpm, buf, (grub_uint64_t) size, ++ algorithm, event, &eventnum, &lastevent); ++ ++ switch (status) { ++ case GRUB_EFI_SUCCESS: ++ return 0; ++ case GRUB_EFI_DEVICE_ERROR: ++ return grub_error (GRUB_ERR_IO, N_("Command failed")); ++ case GRUB_EFI_INVALID_PARAMETER: ++ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Invalid parameter")); ++ case GRUB_EFI_BUFFER_TOO_SMALL: ++ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Output buffer too small")); ++ case GRUB_EFI_NOT_FOUND: ++ return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("TPM unavailable")); ++ default: ++ return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("Unknown TPM error")); ++ } ++} ++ ++static grub_err_t ++grub_tpm2_log_event(grub_efi_handle_t tpm_handle, unsigned char *buf, ++ grub_size_t size, grub_uint8_t pcr, ++ const char *description) ++{ ++ EFI_TCG2_EVENT *event; ++ grub_efi_status_t status; ++ grub_efi_tpm2_protocol_t *tpm; ++ ++ tpm = grub_efi_open_protocol (tpm_handle, &tpm2_guid, ++ GRUB_EFI_OPEN_PROTOCOL_GET_PROTOCOL); ++ ++ if (!grub_tpm2_present(tpm)) ++ return 0; ++ ++ event = grub_zalloc(sizeof (EFI_TCG2_EVENT) + grub_strlen(description) + 1); ++ if (!event) ++ return grub_error (GRUB_ERR_OUT_OF_MEMORY, ++ N_("cannot allocate TPM event buffer")); ++ ++ event->Header.HeaderSize = sizeof(EFI_TCG2_EVENT_HEADER); ++ event->Header.HeaderVersion = 1; ++ event->Header.PCRIndex = pcr; ++ event->Header.EventType = EV_IPL; ++ event->Size = sizeof(*event) - sizeof(event->Event) + grub_strlen(description) + 1; ++ grub_memcpy(event->Event, description, grub_strlen(description) + 1); ++ ++ status = efi_call_5 (tpm->hash_log_extend_event, tpm, 0, buf, ++ (grub_uint64_t) size, event); ++ ++ switch (status) { ++ case GRUB_EFI_SUCCESS: ++ return 0; ++ case GRUB_EFI_DEVICE_ERROR: ++ return grub_error (GRUB_ERR_IO, N_("Command failed")); ++ case GRUB_EFI_INVALID_PARAMETER: ++ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Invalid parameter")); ++ case GRUB_EFI_BUFFER_TOO_SMALL: ++ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Output buffer too small")); ++ case GRUB_EFI_NOT_FOUND: ++ return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("TPM unavailable")); ++ default: ++ return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("Unknown TPM error")); ++ } ++} ++ ++grub_err_t ++grub_tpm_log_event(unsigned char *buf, grub_size_t size, grub_uint8_t pcr, ++ const char *description) ++{ ++ grub_efi_handle_t tpm_handle; ++ grub_efi_uint8_t protocol_version; ++ ++ if (!grub_tpm_handle_find(&tpm_handle, &protocol_version)) ++ return 0; ++ ++ if (protocol_version == 1) { ++ return grub_tpm1_log_event(tpm_handle, buf, size, pcr, description); ++ } else { ++ return grub_tpm2_log_event(tpm_handle, buf, size, pcr, description); ++ } ++} +diff --git a/grub-core/kern/i386/pc/tpm.c b/grub-core/kern/i386/pc/tpm.c +new file mode 100644 +index 000000000..8c6c1e6ec +--- /dev/null ++++ b/grub-core/kern/i386/pc/tpm.c +@@ -0,0 +1,132 @@ ++#include ++#include ++#include ++#include ++#include ++#include ++ ++#define TCPA_MAGIC 0x41504354 ++ ++int tpm_present(void); ++ ++int tpm_present(void) ++{ ++ struct grub_bios_int_registers regs; ++ ++ regs.flags = GRUB_CPU_INT_FLAGS_DEFAULT; ++ regs.eax = 0xbb00; ++ regs.ebx = TCPA_MAGIC; ++ grub_bios_interrupt (0x1a, ®s); ++ ++ if (regs.eax == 0) ++ return 1; ++ ++ return 0; ++} ++ ++grub_err_t ++grub_tpm_execute(PassThroughToTPM_InputParamBlock *inbuf, ++ PassThroughToTPM_OutputParamBlock *outbuf) ++{ ++ struct grub_bios_int_registers regs; ++ grub_addr_t inaddr, outaddr; ++ ++ if (!tpm_present()) ++ return 0; ++ ++ inaddr = (grub_addr_t) inbuf; ++ outaddr = (grub_addr_t) outbuf; ++ regs.flags = GRUB_CPU_INT_FLAGS_DEFAULT; ++ regs.eax = 0xbb02; ++ regs.ebx = TCPA_MAGIC; ++ regs.ecx = 0; ++ regs.edx = 0; ++ regs.es = (inaddr & 0xffff0000) >> 4; ++ regs.edi = inaddr & 0xffff; ++ regs.ds = outaddr >> 4; ++ regs.esi = outaddr & 0xf; ++ ++ grub_bios_interrupt (0x1a, ®s); ++ ++ if (regs.eax) ++ return grub_error (GRUB_ERR_IO, N_("TPM error %x\n"), regs.eax); ++ ++ return 0; ++} ++ ++typedef struct { ++ grub_uint32_t pcrindex; ++ grub_uint32_t eventtype; ++ grub_uint8_t digest[20]; ++ grub_uint32_t eventdatasize; ++ grub_uint8_t event[0]; ++} GRUB_PACKED Event; ++ ++typedef struct { ++ grub_uint16_t ipblength; ++ grub_uint16_t reserved; ++ grub_uint32_t hashdataptr; ++ grub_uint32_t hashdatalen; ++ grub_uint32_t pcr; ++ grub_uint32_t reserved2; ++ grub_uint32_t logdataptr; ++ grub_uint32_t logdatalen; ++} GRUB_PACKED EventIncoming; ++ ++typedef struct { ++ grub_uint16_t opblength; ++ grub_uint16_t reserved; ++ grub_uint32_t eventnum; ++ grub_uint8_t hashvalue[20]; ++} GRUB_PACKED EventOutgoing; ++ ++grub_err_t ++grub_tpm_log_event(unsigned char *buf, grub_size_t size, grub_uint8_t pcr, ++ const char *description) ++{ ++ struct grub_bios_int_registers regs; ++ EventIncoming incoming; ++ EventOutgoing outgoing; ++ Event *event; ++ grub_uint32_t datalength; ++ ++ if (!tpm_present()) ++ return 0; ++ ++ datalength = grub_strlen(description); ++ event = grub_zalloc(datalength + sizeof(Event)); ++ if (!event) ++ return grub_error (GRUB_ERR_OUT_OF_MEMORY, ++ N_("cannot allocate TPM event buffer")); ++ ++ event->pcrindex = pcr; ++ event->eventtype = 0x0d; ++ event->eventdatasize = grub_strlen(description); ++ grub_memcpy(event->event, description, datalength); ++ ++ incoming.ipblength = sizeof(incoming); ++ incoming.hashdataptr = (grub_uint32_t)buf; ++ incoming.hashdatalen = size; ++ incoming.pcr = pcr; ++ incoming.logdataptr = (grub_uint32_t)event; ++ incoming.logdatalen = datalength + sizeof(Event); ++ ++ regs.flags = GRUB_CPU_INT_FLAGS_DEFAULT; ++ regs.eax = 0xbb01; ++ regs.ebx = TCPA_MAGIC; ++ regs.ecx = 0; ++ regs.edx = 0; ++ regs.es = (((grub_addr_t) &incoming) & 0xffff0000) >> 4; ++ regs.edi = ((grub_addr_t) &incoming) & 0xffff; ++ regs.ds = (((grub_addr_t) &outgoing) & 0xffff0000) >> 4; ++ regs.esi = ((grub_addr_t) &outgoing) & 0xffff; ++ ++ grub_bios_interrupt (0x1a, ®s); ++ ++ grub_free(event); ++ ++ if (regs.eax) ++ return grub_error (GRUB_ERR_IO, N_("TPM error %x\n"), regs.eax); ++ ++ return 0; ++} +diff --git a/grub-core/kern/tpm.c b/grub-core/kern/tpm.c +new file mode 100644 +index 000000000..1a991876c +--- /dev/null ++++ b/grub-core/kern/tpm.c +@@ -0,0 +1,13 @@ ++#include ++#include ++#include ++#include ++#include ++#include ++ ++grub_err_t ++grub_tpm_measure (unsigned char *buf, grub_size_t size, grub_uint8_t pcr, ++ const char *description) ++{ ++ return grub_tpm_log_event(buf, size, pcr, description); ++} +diff --git a/include/grub/efi/tpm.h b/include/grub/efi/tpm.h +new file mode 100644 +index 000000000..e2aff4a3c +--- /dev/null ++++ b/include/grub/efi/tpm.h +@@ -0,0 +1,153 @@ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2015 Free Software Foundation, Inc. ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ */ ++ ++#ifndef GRUB_EFI_TPM_HEADER ++#define GRUB_EFI_TPM_HEADER 1 ++ ++#define EFI_TPM_GUID {0xf541796d, 0xa62e, 0x4954, {0xa7, 0x75, 0x95, 0x84, 0xf6, 0x1b, 0x9c, 0xdd }}; ++#define EFI_TPM2_GUID {0x607f766c, 0x7455, 0x42be, {0x93, 0x0b, 0xe4, 0xd7, 0x6d, 0xb2, 0x72, 0x0f }}; ++ ++typedef struct { ++ grub_efi_uint8_t Major; ++ grub_efi_uint8_t Minor; ++ grub_efi_uint8_t RevMajor; ++ grub_efi_uint8_t RevMinor; ++} TCG_VERSION; ++ ++typedef struct _TCG_EFI_BOOT_SERVICE_CAPABILITY { ++ grub_efi_uint8_t Size; /// Size of this structure. ++ TCG_VERSION StructureVersion; ++ TCG_VERSION ProtocolSpecVersion; ++ grub_efi_uint8_t HashAlgorithmBitmap; /// Hash algorithms . ++ char TPMPresentFlag; /// 00h = TPM not present. ++ char TPMDeactivatedFlag; /// 01h = TPM currently deactivated. ++} TCG_EFI_BOOT_SERVICE_CAPABILITY; ++ ++typedef struct { ++ grub_efi_uint32_t PCRIndex; ++ grub_efi_uint32_t EventType; ++ grub_efi_uint8_t digest[20]; ++ grub_efi_uint32_t EventSize; ++ grub_efi_uint8_t Event[1]; ++} TCG_PCR_EVENT; ++ ++struct grub_efi_tpm_protocol ++{ ++ grub_efi_status_t (*status_check) (struct grub_efi_tpm_protocol *this, ++ TCG_EFI_BOOT_SERVICE_CAPABILITY *ProtocolCapability, ++ grub_efi_uint32_t *TCGFeatureFlags, ++ grub_efi_physical_address_t *EventLogLocation, ++ grub_efi_physical_address_t *EventLogLastEntry); ++ grub_efi_status_t (*hash_all) (struct grub_efi_tpm_protocol *this, ++ grub_efi_uint8_t *HashData, ++ grub_efi_uint64_t HashLen, ++ grub_efi_uint32_t AlgorithmId, ++ grub_efi_uint64_t *HashedDataLen, ++ grub_efi_uint8_t **HashedDataResult); ++ grub_efi_status_t (*log_event) (struct grub_efi_tpm_protocol *this, ++ TCG_PCR_EVENT *TCGLogData, ++ grub_efi_uint32_t *EventNumber, ++ grub_efi_uint32_t Flags); ++ grub_efi_status_t (*pass_through_to_tpm) (struct grub_efi_tpm_protocol *this, ++ grub_efi_uint32_t TpmInputParameterBlockSize, ++ grub_efi_uint8_t *TpmInputParameterBlock, ++ grub_efi_uint32_t TpmOutputParameterBlockSize, ++ grub_efi_uint8_t *TpmOutputParameterBlock); ++ grub_efi_status_t (*log_extend_event) (struct grub_efi_tpm_protocol *this, ++ grub_efi_physical_address_t HashData, ++ grub_efi_uint64_t HashDataLen, ++ grub_efi_uint32_t AlgorithmId, ++ TCG_PCR_EVENT *TCGLogData, ++ grub_efi_uint32_t *EventNumber, ++ grub_efi_physical_address_t *EventLogLastEntry); ++}; ++ ++typedef struct grub_efi_tpm_protocol grub_efi_tpm_protocol_t; ++ ++typedef grub_efi_uint32_t EFI_TCG2_EVENT_LOG_BITMAP; ++typedef grub_efi_uint32_t EFI_TCG2_EVENT_LOG_FORMAT; ++typedef grub_efi_uint32_t EFI_TCG2_EVENT_ALGORITHM_BITMAP; ++ ++typedef struct tdEFI_TCG2_VERSION { ++ grub_efi_uint8_t Major; ++ grub_efi_uint8_t Minor; ++} GRUB_PACKED EFI_TCG2_VERSION; ++ ++typedef struct tdEFI_TCG2_BOOT_SERVICE_CAPABILITY { ++ grub_efi_uint8_t Size; ++ EFI_TCG2_VERSION StructureVersion; ++ EFI_TCG2_VERSION ProtocolVersion; ++ EFI_TCG2_EVENT_ALGORITHM_BITMAP HashAlgorithmBitmap; ++ EFI_TCG2_EVENT_LOG_BITMAP SupportedEventLogs; ++ grub_efi_boolean_t TPMPresentFlag; ++ grub_efi_uint16_t MaxCommandSize; ++ grub_efi_uint16_t MaxResponseSize; ++ grub_efi_uint32_t ManufacturerID; ++ grub_efi_uint32_t NumberOfPcrBanks; ++ EFI_TCG2_EVENT_ALGORITHM_BITMAP ActivePcrBanks; ++} EFI_TCG2_BOOT_SERVICE_CAPABILITY; ++ ++typedef grub_efi_uint32_t TCG_PCRINDEX; ++typedef grub_efi_uint32_t TCG_EVENTTYPE; ++ ++typedef struct tdEFI_TCG2_EVENT_HEADER { ++ grub_efi_uint32_t HeaderSize; ++ grub_efi_uint16_t HeaderVersion; ++ TCG_PCRINDEX PCRIndex; ++ TCG_EVENTTYPE EventType; ++} GRUB_PACKED EFI_TCG2_EVENT_HEADER; ++ ++typedef struct tdEFI_TCG2_EVENT { ++ grub_efi_uint32_t Size; ++ EFI_TCG2_EVENT_HEADER Header; ++ grub_efi_uint8_t Event[1]; ++} GRUB_PACKED EFI_TCG2_EVENT; ++ ++struct grub_efi_tpm2_protocol ++{ ++ grub_efi_status_t (*get_capability) (struct grub_efi_tpm2_protocol *this, ++ EFI_TCG2_BOOT_SERVICE_CAPABILITY *ProtocolCapability); ++ grub_efi_status_t (*get_event_log) (struct grub_efi_tpm2_protocol *this, ++ EFI_TCG2_EVENT_LOG_FORMAT EventLogFormat, ++ grub_efi_physical_address_t *EventLogLocation, ++ grub_efi_physical_address_t *EventLogLastEntry, ++ grub_efi_boolean_t *EventLogTruncated); ++ grub_efi_status_t (*hash_log_extend_event) (struct grub_efi_tpm2_protocol *this, ++ grub_efi_uint64_t Flags, ++ grub_efi_physical_address_t *DataToHash, ++ grub_efi_uint64_t DataToHashLen, ++ EFI_TCG2_EVENT *EfiTcgEvent); ++ grub_efi_status_t (*submit_command) (struct grub_efi_tpm2_protocol *this, ++ grub_efi_uint32_t InputParameterBlockSize, ++ grub_efi_uint8_t *InputParameterBlock, ++ grub_efi_uint32_t OutputParameterBlockSize, ++ grub_efi_uint8_t *OutputParameterBlock); ++ grub_efi_status_t (*get_active_pcr_blanks) (struct grub_efi_tpm2_protocol *this, ++ grub_efi_uint32_t *ActivePcrBanks); ++ grub_efi_status_t (*set_active_pcr_banks) (struct grub_efi_tpm2_protocol *this, ++ grub_efi_uint32_t ActivePcrBanks); ++ grub_efi_status_t (*get_result_of_set_active_pcr_banks) (struct grub_efi_tpm2_protocol *this, ++ grub_efi_uint32_t *OperationPresent, ++ grub_efi_uint32_t *Response); ++}; ++ ++typedef struct grub_efi_tpm2_protocol grub_efi_tpm2_protocol_t; ++ ++#define TCG_ALG_SHA 0x00000004 ++ ++#endif +diff --git a/include/grub/tpm.h b/include/grub/tpm.h +new file mode 100644 +index 000000000..40d3cf65b +--- /dev/null ++++ b/include/grub/tpm.h +@@ -0,0 +1,91 @@ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2015 Free Software Foundation, Inc. ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ */ ++ ++#ifndef GRUB_TPM_HEADER ++#define GRUB_TPM_HEADER 1 ++ ++#define SHA1_DIGEST_SIZE 20 ++ ++#define TPM_BASE 0x0 ++#define TPM_SUCCESS TPM_BASE ++#define TPM_AUTHFAIL (TPM_BASE + 0x1) ++#define TPM_BADINDEX (TPM_BASE + 0x2) ++ ++#define GRUB_TPM_PCR 9 ++#define GRUB_KERNEL_PCR 10 ++#define GRUB_INITRD_PCR 11 ++#define GRUB_CMDLINE_PCR 12 ++ ++#define TPM_TAG_RQU_COMMAND 0x00C1 ++#define TPM_ORD_Extend 0x14 ++ ++#define EV_IPL 0x0d ++ ++/* TCG_PassThroughToTPM Input Parameter Block */ ++typedef struct { ++ grub_uint16_t IPBLength; ++ grub_uint16_t Reserved1; ++ grub_uint16_t OPBLength; ++ grub_uint16_t Reserved2; ++ grub_uint8_t TPMOperandIn[1]; ++} GRUB_PACKED PassThroughToTPM_InputParamBlock; ++ ++/* TCG_PassThroughToTPM Output Parameter Block */ ++typedef struct { ++ grub_uint16_t OPBLength; ++ grub_uint16_t Reserved; ++ grub_uint8_t TPMOperandOut[1]; ++} GRUB_PACKED PassThroughToTPM_OutputParamBlock; ++ ++typedef struct { ++ grub_uint16_t tag; ++ grub_uint32_t paramSize; ++ grub_uint32_t ordinal; ++ grub_uint32_t pcrNum; ++ grub_uint8_t inDigest[SHA1_DIGEST_SIZE]; /* The 160 bit value representing the event to be recorded. */ ++} GRUB_PACKED ExtendIncoming; ++ ++/* TPM_Extend Outgoing Operand */ ++typedef struct { ++ grub_uint16_t tag; ++ grub_uint32_t paramSize; ++ grub_uint32_t returnCode; ++ grub_uint8_t outDigest[SHA1_DIGEST_SIZE]; /* The PCR value after execution of the command. */ ++} GRUB_PACKED ExtendOutgoing; ++ ++grub_err_t EXPORT_FUNC(grub_tpm_measure) (unsigned char *buf, grub_size_t size, ++ grub_uint8_t pcr, ++ const char *description); ++#if defined (GRUB_MACHINE_EFI) || defined (GRUB_MACHINE_PCBIOS) ++grub_err_t grub_tpm_execute(PassThroughToTPM_InputParamBlock *inbuf, ++ PassThroughToTPM_OutputParamBlock *outbuf); ++grub_err_t grub_tpm_log_event(unsigned char *buf, grub_size_t size, ++ grub_uint8_t pcr, const char *description); ++#else ++static inline grub_err_t grub_tpm_execute(PassThroughToTPM_InputParamBlock *inbuf, ++ PassThroughToTPM_OutputParamBlock *outbuf) { return 0; }; ++static inline grub_err_t grub_tpm_log_event(unsigned char *buf, ++ grub_size_t size, ++ grub_uint8_t pcr, ++ const char *description) ++{ ++ return 0; ++}; ++#endif ++ ++#endif +diff --git a/grub-core/Makefile.am b/grub-core/Makefile.am +index f36200bd6..3781bb9cb 100644 +--- a/grub-core/Makefile.am ++++ b/grub-core/Makefile.am +@@ -94,6 +94,7 @@ KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/term.h + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/time.h + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/mm_private.h + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/net.h ++KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/tpm.h + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/memory.h + + if COND_i386_pc diff --git a/SOURCES/0128-Measure-kernel-initrd.patch b/SOURCES/0128-Measure-kernel-initrd.patch new file mode 100644 index 0000000..475086d --- /dev/null +++ b/SOURCES/0128-Measure-kernel-initrd.patch @@ -0,0 +1,39 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Matthew Garrett +Date: Thu, 16 Jul 2015 15:22:34 -0700 +Subject: [PATCH] Measure kernel + initrd + +Measure the kernel and initrd when loaded on UEFI systems +--- + grub-core/loader/i386/efi/linux.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c +index 800c3e540..d837249b4 100644 +--- a/grub-core/loader/i386/efi/linux.c ++++ b/grub-core/loader/i386/efi/linux.c +@@ -27,6 +27,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -131,6 +132,7 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), + argv[i]); + goto fail; + } ++ grub_tpm_measure (ptr, cursize, GRUB_INITRD_PCR, "UEFI Linux initrd"); + ptr += cursize; + grub_memset (ptr, 0, ALIGN_UP_OVERHEAD (cursize, 4)); + ptr += ALIGN_UP_OVERHEAD (cursize, 4); +@@ -195,6 +197,8 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + goto fail; + } + ++ grub_tpm_measure (kernel, filelen, GRUB_KERNEL_PCR, "UEFI Linux kernel"); ++ + rc = grub_linuxefi_secure_validate (kernel, filelen); + if (rc < 0) + { diff --git a/SOURCES/0129-Add-BIOS-boot-measurement.patch b/SOURCES/0129-Add-BIOS-boot-measurement.patch new file mode 100644 index 0000000..4f6cd9e --- /dev/null +++ b/SOURCES/0129-Add-BIOS-boot-measurement.patch @@ -0,0 +1,176 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Matthew Garrett +Date: Sun, 9 Aug 2015 15:48:51 -0700 +Subject: [PATCH] Add BIOS boot measurement + +Measure the on-disk grub core on BIOS systems - unlike UEFI, the firmware +can't do this stage for us. +--- + grub-core/boot/i386/pc/boot.S | 30 +++++++++++++++++++++++++- + grub-core/boot/i386/pc/diskboot.S | 44 +++++++++++++++++++++++++++++++++++++++ + 2 files changed, 73 insertions(+), 1 deletion(-) + +diff --git a/grub-core/boot/i386/pc/boot.S b/grub-core/boot/i386/pc/boot.S +index ea167fe12..c1df86dec 100644 +--- a/grub-core/boot/i386/pc/boot.S ++++ b/grub-core/boot/i386/pc/boot.S +@@ -24,11 +24,14 @@ + * defines for the code go here + */ + ++#define TPM 1 ++ + /* Print message string */ + #define MSG(x) movw $x, %si; call LOCAL(message) + #define ERR(x) movw $x, %si; jmp LOCAL(error_message) + + .macro floppy ++#ifndef TPM + part_start: + + LOCAL(probe_values): +@@ -85,6 +88,7 @@ fd_probe_error_string: .asciz "Floppy" + movb MACRO_DOLLAR(79), %ch + + jmp LOCAL(final_init) ++#endif + .endm + + .macro scratch +@@ -252,6 +256,7 @@ real_start: + /* set %si to the disk address packet */ + movw $disk_address_packet, %si + ++#ifndef TPM + /* check if LBA is supported */ + movb $0x41, %ah + movw $0x55aa, %bx +@@ -271,6 +276,7 @@ real_start: + + andw $1, %cx + jz LOCAL(chs_mode) ++#endif + + LOCAL(lba_mode): + xorw %ax, %ax +@@ -314,6 +320,9 @@ LOCAL(lba_mode): + jmp LOCAL(copy_buffer) + + LOCAL(chs_mode): ++#ifdef TPM ++ jmp LOCAL(general_error) ++#else + /* + * Determine the hard disk geometry from the BIOS! + * We do this first, so that LS-120 IDE floppies work correctly. +@@ -425,7 +434,7 @@ setup_sectors: + jc LOCAL(read_error) + + movw %es, %bx +- ++#endif /* TPM */ + LOCAL(copy_buffer): + /* + * We need to save %cx and %si because the startup code in +@@ -448,6 +457,25 @@ LOCAL(copy_buffer): + popw %ds + popa + ++#ifdef TPM ++ pusha ++ ++ movw $0xBB00, %ax /* TCG_StatusCheck */ ++ int $0x1A ++ test %eax, %eax ++ jnz boot /* No TPM or TPM deactivated */ ++ ++ movw $0xBB07, %ax /* TCG_CompactHashLogExtendEvent */ ++ movw $GRUB_BOOT_MACHINE_KERNEL_ADDR, %di ++ xorl %esi, %esi ++ movl $0x41504354, %ebx /* TCPA */ ++ movl $0x200, %ecx /* Measure 512 bytes */ ++ movl $0x8, %edx /* PCR 8 */ ++ int $0x1A ++ ++ popa ++#endif ++boot: + /* boot kernel */ + jmp *(LOCAL(kernel_address)) + +diff --git a/grub-core/boot/i386/pc/diskboot.S b/grub-core/boot/i386/pc/diskboot.S +index 68d31de0c..f4744ec6f 100644 +--- a/grub-core/boot/i386/pc/diskboot.S ++++ b/grub-core/boot/i386/pc/diskboot.S +@@ -19,6 +19,8 @@ + #include + #include + ++#define TPM 1 ++ + /* + * defines for the code go here + */ +@@ -53,6 +55,21 @@ _start: + /* this sets up for the first run through "bootloop" */ + movw $LOCAL(firstlist), %di + ++#ifdef TPM ++ /* clear EAX to remove potential garbage */ ++ xorl %eax, %eax ++ /* 8(%di) = number of sectors to read */ ++ movw 8(%di), %ax ++ ++ /* Multiply number of sectors to read with 512 bytes. EAX is 32bit ++ * which is large enough to hold values of up to 4GB. I doubt there ++ * will ever be a core.img larger than that. ;-) */ ++ shll $9, %eax ++ ++ /* write result to bytes_to_measure var */ ++ movl %eax, bytes_to_measure ++#endif ++ + /* save the sector number of the second sector in %ebp */ + movl (%di), %ebp + +@@ -290,6 +307,29 @@ LOCAL(copy_buffer): + /* END OF MAIN LOOP */ + + LOCAL(bootit): ++#ifdef TPM ++ pusha ++ movw $0xBB07, %ax /* TCG_CompactHashLogExtendEvent */ ++ ++ movw $0x0, %bx ++ movw %bx, %es ++ ++ /* We've already measured the first 512 bytes, now measure the rest */ ++ xorl %edi, %edi ++ movw $(GRUB_BOOT_MACHINE_KERNEL_ADDR + 0x200), %di ++ ++ movl $0x41504354, %ebx /* EBX = "TCPA" */ ++ ++ /* %ecx = The length, in bytes, of the buffer to measure */ ++ movl $bytes_to_measure, %esi ++ movl (%esi), %ecx ++ xorl %esi, %esi ++ movl $0x9, %edx /* PCR 9 */ ++ ++ int $0x1A ++ ++ popa ++#endif + /* print a newline */ + MSG(notification_done) + popw %dx /* this makes sure %dl is our "boot" drive */ +@@ -324,6 +364,10 @@ geometry_error_string: .asciz "Geom" + read_error_string: .asciz "Read" + general_error_string: .asciz " Error" + ++#ifdef TPM ++bytes_to_measure: .long 0 ++#endif ++ + /* + * message: write the string pointed to by %si + * diff --git a/SOURCES/0130-Measure-kernel-and-initrd-on-BIOS-systems.patch b/SOURCES/0130-Measure-kernel-and-initrd-on-BIOS-systems.patch new file mode 100644 index 0000000..33200b4 --- /dev/null +++ b/SOURCES/0130-Measure-kernel-and-initrd-on-BIOS-systems.patch @@ -0,0 +1,84 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Matthew Garrett +Date: Sun, 9 Aug 2015 16:28:29 -0700 +Subject: [PATCH] Measure kernel and initrd on BIOS systems + +Measure the kernel and initrd when loaded on BIOS systems +--- + grub-core/loader/i386/linux.c | 5 +++++ + grub-core/loader/i386/pc/linux.c | 3 +++ + grub-core/loader/linux.c | 2 ++ + 3 files changed, 10 insertions(+) + +diff --git a/grub-core/loader/i386/linux.c b/grub-core/loader/i386/linux.c +index c84747ea8..94526966e 100644 +--- a/grub-core/loader/i386/linux.c ++++ b/grub-core/loader/i386/linux.c +@@ -36,6 +36,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -724,7 +725,10 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + goto fail; + } + ++ grub_tpm_measure (kernel, len, GRUB_KERNEL_PCR, "Linux Kernel"); ++ + grub_memcpy (&lh, kernel, sizeof (lh)); ++ + kernel_offset = sizeof (lh); + + if (lh.boot_flag != grub_cpu_to_le16_compile_time (0xaa55)) +@@ -1038,6 +1042,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + + len = prot_file_size; + grub_memcpy (prot_mode_mem, kernel + kernel_offset, len); ++ kernel_offset += len; + + if (grub_errno == GRUB_ERR_NONE) + { +diff --git a/grub-core/loader/i386/pc/linux.c b/grub-core/loader/i386/pc/linux.c +index 783a3cd93..155442307 100644 +--- a/grub-core/loader/i386/pc/linux.c ++++ b/grub-core/loader/i386/pc/linux.c +@@ -36,6 +36,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -161,6 +162,8 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + goto fail; + } + ++ grub_tpm_measure (kernel, len, GRUB_KERNEL_PCR, "BIOS Linux Kernel"); ++ + grub_memcpy (&lh, kernel, sizeof (lh)); + kernel_offset = sizeof (lh); + +diff --git a/grub-core/loader/linux.c b/grub-core/loader/linux.c +index be6fa0f4d..3005c0d19 100644 +--- a/grub-core/loader/linux.c ++++ b/grub-core/loader/linux.c +@@ -4,6 +4,7 @@ + #include + #include + #include ++#include + + struct newc_head + { +@@ -288,6 +289,7 @@ grub_initrd_load (struct grub_linux_initrd_context *initrd_ctx, + grub_initrd_close (initrd_ctx); + return grub_errno; + } ++ grub_tpm_measure (ptr, cursize, GRUB_INITRD_PCR, "Linux Initrd"); + ptr += cursize; + } + if (newc) diff --git a/SOURCES/0131-Measure-the-kernel-commandline.patch b/SOURCES/0131-Measure-the-kernel-commandline.patch new file mode 100644 index 0000000..1da6952 --- /dev/null +++ b/SOURCES/0131-Measure-the-kernel-commandline.patch @@ -0,0 +1,40 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Matthew Garrett +Date: Sun, 9 Aug 2015 16:32:29 -0700 +Subject: [PATCH] Measure the kernel commandline + +Measure the kernel commandline to ensure that it hasn't been modified +--- + grub-core/lib/cmdline.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/grub-core/lib/cmdline.c b/grub-core/lib/cmdline.c +index 970ea868c..6b56304d4 100644 +--- a/grub-core/lib/cmdline.c ++++ b/grub-core/lib/cmdline.c +@@ -19,6 +19,7 @@ + + #include + #include ++#include + + static int + is_hex(char c) +@@ -79,7 +80,7 @@ int grub_create_loader_cmdline (int argc, char *argv[], char *buf, + { + int i, space; + unsigned int arg_size; +- char *c; ++ char *c, *orig = buf; + + for (i = 0; i < argc; i++) + { +@@ -125,5 +126,8 @@ int grub_create_loader_cmdline (int argc, char *argv[], char *buf, + + *buf = 0; + ++ grub_tpm_measure ((void *)orig, grub_strlen (orig), GRUB_CMDLINE_PCR, ++ "Kernel Commandline"); ++ + return i; + } diff --git a/SOURCES/0132-Measure-commands.patch b/SOURCES/0132-Measure-commands.patch new file mode 100644 index 0000000..c5e2d91 --- /dev/null +++ b/SOURCES/0132-Measure-commands.patch @@ -0,0 +1,73 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Matthew Garrett +Date: Mon, 10 Aug 2015 15:27:12 -0700 +Subject: [PATCH] Measure commands + +Measure each command executed by grub, which includes script execution. +--- + grub-core/script/execute.c | 25 +++++++++++++++++++++++-- + include/grub/tpm.h | 1 + + 2 files changed, 24 insertions(+), 2 deletions(-) + +diff --git a/grub-core/script/execute.c b/grub-core/script/execute.c +index cf6cd6601..9ae04a051 100644 +--- a/grub-core/script/execute.c ++++ b/grub-core/script/execute.c +@@ -30,6 +30,7 @@ + #ifdef GRUB_MACHINE_IEEE1275 + #include + #endif ++#include + + /* Max digits for a char is 3 (0xFF is 255), similarly for an int it + is sizeof (int) * 3, and one extra for a possible -ve sign. */ +@@ -967,8 +968,9 @@ grub_script_execute_cmdline (struct grub_script_cmd *cmd) + grub_err_t ret = 0; + grub_script_function_t func = 0; + char errnobuf[18]; +- char *cmdname; +- int argc; ++ char *cmdname, *cmdstring; ++ int argc, offset = 0, cmdlen = 0; ++ unsigned int i; + char **args; + int invert; + struct grub_script_argv argv = { 0, 0, 0 }; +@@ -977,6 +979,25 @@ grub_script_execute_cmdline (struct grub_script_cmd *cmd) + if (grub_script_arglist_to_argv (cmdline->arglist, &argv) || ! argv.args[0]) + return grub_errno; + ++ for (i = 0; i < argv.argc; i++) { ++ cmdlen += grub_strlen (argv.args[i]) + 1; ++ } ++ ++ cmdstring = grub_malloc (cmdlen); ++ if (!cmdstring) ++ { ++ return grub_error (GRUB_ERR_OUT_OF_MEMORY, ++ N_("cannot allocate command buffer")); ++ } ++ ++ for (i = 0; i < argv.argc; i++) { ++ offset += grub_snprintf (cmdstring + offset, cmdlen - offset, "%s ", ++ argv.args[i]); ++ } ++ cmdstring[cmdlen-1]= '\0'; ++ grub_tpm_measure ((unsigned char *)cmdstring, cmdlen, GRUB_COMMAND_PCR, ++ cmdstring); ++ grub_free(cmdstring); + invert = 0; + argc = argv.argc - 1; + args = argv.args + 1; +diff --git a/include/grub/tpm.h b/include/grub/tpm.h +index 40d3cf65b..7fc9d77d2 100644 +--- a/include/grub/tpm.h ++++ b/include/grub/tpm.h +@@ -30,6 +30,7 @@ + #define GRUB_KERNEL_PCR 10 + #define GRUB_INITRD_PCR 11 + #define GRUB_CMDLINE_PCR 12 ++#define GRUB_COMMAND_PCR 13 + + #define TPM_TAG_RQU_COMMAND 0x00C1 + #define TPM_ORD_Extend 0x14 diff --git a/SOURCES/0133-Measure-multiboot-images-and-modules.patch b/SOURCES/0133-Measure-multiboot-images-and-modules.patch new file mode 100644 index 0000000..ee01073 --- /dev/null +++ b/SOURCES/0133-Measure-multiboot-images-and-modules.patch @@ -0,0 +1,75 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Matthew Garrett +Date: Tue, 1 Sep 2015 16:02:55 -0700 +Subject: [PATCH] Measure multiboot images and modules + +--- + grub-core/loader/i386/multiboot_mbi.c | 3 +++ + grub-core/loader/multiboot.c | 2 ++ + grub-core/loader/multiboot_mbi2.c | 4 +++- + 3 files changed, 8 insertions(+), 1 deletion(-) + +diff --git a/grub-core/loader/i386/multiboot_mbi.c b/grub-core/loader/i386/multiboot_mbi.c +index dc98dbcae..1c5b0ac25 100644 +--- a/grub-core/loader/i386/multiboot_mbi.c ++++ b/grub-core/loader/i386/multiboot_mbi.c +@@ -36,6 +36,7 @@ + #include + #include + #include ++#include + + #ifdef GRUB_MACHINE_EFI + #include +@@ -173,6 +174,8 @@ grub_multiboot_load (grub_file_t file, const char *filename) + return grub_errno; + } + ++ grub_tpm_measure((unsigned char*)buffer, len, GRUB_KERNEL_PCR, filename); ++ + header = find_header (buffer, len); + + if (header == 0) +diff --git a/grub-core/loader/multiboot.c b/grub-core/loader/multiboot.c +index 26df46a41..93e026c53 100644 +--- a/grub-core/loader/multiboot.c ++++ b/grub-core/loader/multiboot.c +@@ -51,6 +51,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -440,6 +441,7 @@ grub_cmd_module (grub_command_t cmd __attribute__ ((unused)), + } + + grub_file_close (file); ++ grub_tpm_measure (module, size, GRUB_KERNEL_PCR, argv[0]); + return GRUB_ERR_NONE; + } + +diff --git a/grub-core/loader/multiboot_mbi2.c b/grub-core/loader/multiboot_mbi2.c +index 4df659595..d5ad02a33 100644 +--- a/grub-core/loader/multiboot_mbi2.c ++++ b/grub-core/loader/multiboot_mbi2.c +@@ -36,6 +36,7 @@ + #include + #include + #include ++#include + + #if defined (GRUB_MACHINE_EFI) + #include +@@ -131,8 +132,9 @@ grub_multiboot2_load (grub_file_t file, const char *filename) + + COMPILE_TIME_ASSERT (MULTIBOOT_HEADER_ALIGN % 4 == 0); + ++ grub_tpm_measure ((unsigned char *)buffer, len, GRUB_KERNEL_PCR, filename); ++ + header = find_header (mld.buffer, len); +- + if (header == 0) + { + grub_free (mld.buffer); diff --git a/SOURCES/0134-Fix-boot-when-there-s-no-TPM.patch b/SOURCES/0134-Fix-boot-when-there-s-no-TPM.patch new file mode 100644 index 0000000..0e8b53d --- /dev/null +++ b/SOURCES/0134-Fix-boot-when-there-s-no-TPM.patch @@ -0,0 +1,29 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Matthew Garrett +Date: Wed, 23 Mar 2016 16:49:42 -0700 +Subject: [PATCH] Fix boot when there's no TPM + +If the firmware has TPM support but has no TPM, we're jumping to core.img +without popping the registers back onto the stack. Fix that. + +(cherry picked from commit c2eee36ec08f8ed0cd25b8030276347680be4843) +--- + grub-core/boot/i386/pc/boot.S | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/grub-core/boot/i386/pc/boot.S b/grub-core/boot/i386/pc/boot.S +index c1df86dec..acab37369 100644 +--- a/grub-core/boot/i386/pc/boot.S ++++ b/grub-core/boot/i386/pc/boot.S +@@ -473,9 +473,9 @@ LOCAL(copy_buffer): + movl $0x8, %edx /* PCR 8 */ + int $0x1A + +- popa +-#endif + boot: ++ popa ++#endif + /* boot kernel */ + jmp *(LOCAL(kernel_address)) + diff --git a/SOURCES/0135-Rework-TPM-measurements.patch b/SOURCES/0135-Rework-TPM-measurements.patch new file mode 100644 index 0000000..9faef12 --- /dev/null +++ b/SOURCES/0135-Rework-TPM-measurements.patch @@ -0,0 +1,216 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Matthew Garrett +Date: Wed, 23 Mar 2016 17:03:43 -0700 +Subject: [PATCH] Rework TPM measurements + +Rework TPM measurements to use fewer PCRs. After discussion with upstream, +it's preferable to avoid using so many PCRs. Instead, measure into PCRs 8 +and 9 but use a prefix in the event log to indicate which subsystem carried +out the measurements. + +(cherry picked from commit bb3473d7c8741ad5ef7cf8aafbbcf094df08bfc9) +--- + grub-core/kern/dl.c | 2 +- + grub-core/kern/tpm.c | 10 ++++++++-- + grub-core/lib/cmdline.c | 4 ++-- + grub-core/loader/i386/efi/linux.c | 4 ++-- + grub-core/loader/i386/linux.c | 2 +- + grub-core/loader/i386/multiboot_mbi.c | 2 +- + grub-core/loader/i386/pc/linux.c | 2 +- + grub-core/loader/linux.c | 2 +- + grub-core/loader/multiboot.c | 2 +- + grub-core/loader/multiboot_mbi2.c | 2 +- + grub-core/script/execute.c | 4 ++-- + include/grub/tpm.h | 9 +++------ + 12 files changed, 24 insertions(+), 21 deletions(-) + +diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c +index 387d1e644..d09895738 100644 +--- a/grub-core/kern/dl.c ++++ b/grub-core/kern/dl.c +@@ -830,7 +830,7 @@ grub_dl_load_file (const char *filename) + opens of the same device. */ + grub_file_close (file); + +- grub_tpm_measure(core, size, GRUB_TPM_PCR, filename); ++ grub_tpm_measure(core, size, GRUB_BINARY_PCR, "grub_module", filename); + + mod = grub_dl_load_core (core, size); + grub_free (core); +diff --git a/grub-core/kern/tpm.c b/grub-core/kern/tpm.c +index 1a991876c..cb5a81203 100644 +--- a/grub-core/kern/tpm.c ++++ b/grub-core/kern/tpm.c +@@ -7,7 +7,13 @@ + + grub_err_t + grub_tpm_measure (unsigned char *buf, grub_size_t size, grub_uint8_t pcr, +- const char *description) ++ const char *kind, const char *description) + { +- return grub_tpm_log_event(buf, size, pcr, description); ++ grub_err_t ret; ++ char *desc = grub_xasprintf("%s %s", kind, description); ++ if (!desc) ++ return GRUB_ERR_OUT_OF_MEMORY; ++ ret = grub_tpm_log_event(buf, size, pcr, description); ++ grub_free(desc); ++ return ret; + } +diff --git a/grub-core/lib/cmdline.c b/grub-core/lib/cmdline.c +index 6b56304d4..178f7382f 100644 +--- a/grub-core/lib/cmdline.c ++++ b/grub-core/lib/cmdline.c +@@ -126,8 +126,8 @@ int grub_create_loader_cmdline (int argc, char *argv[], char *buf, + + *buf = 0; + +- grub_tpm_measure ((void *)orig, grub_strlen (orig), GRUB_CMDLINE_PCR, +- "Kernel Commandline"); ++ grub_tpm_measure ((void *)orig, grub_strlen (orig), GRUB_ASCII_PCR, ++ "grub_kernel_cmdline", orig); + + return i; + } +diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c +index d837249b4..074dbd651 100644 +--- a/grub-core/loader/i386/efi/linux.c ++++ b/grub-core/loader/i386/efi/linux.c +@@ -132,7 +132,7 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), + argv[i]); + goto fail; + } +- grub_tpm_measure (ptr, cursize, GRUB_INITRD_PCR, "UEFI Linux initrd"); ++ grub_tpm_measure (ptr, cursize, GRUB_BINARY_PCR, "grub_linuxefi", "Initrd"); + ptr += cursize; + grub_memset (ptr, 0, ALIGN_UP_OVERHEAD (cursize, 4)); + ptr += ALIGN_UP_OVERHEAD (cursize, 4); +@@ -197,7 +197,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + goto fail; + } + +- grub_tpm_measure (kernel, filelen, GRUB_KERNEL_PCR, "UEFI Linux kernel"); ++ grub_tpm_measure (kernel, filelen, GRUB_BINARY_PCR, "grub_linuxefi", "Kernel"); + + rc = grub_linuxefi_secure_validate (kernel, filelen); + if (rc < 0) +diff --git a/grub-core/loader/i386/linux.c b/grub-core/loader/i386/linux.c +index 94526966e..273f48a6c 100644 +--- a/grub-core/loader/i386/linux.c ++++ b/grub-core/loader/i386/linux.c +@@ -725,7 +725,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + goto fail; + } + +- grub_tpm_measure (kernel, len, GRUB_KERNEL_PCR, "Linux Kernel"); ++ grub_tpm_measure (kernel, len, GRUB_BINARY_PCR, "grub_linux", "Kernel"); + + grub_memcpy (&lh, kernel, sizeof (lh)); + +diff --git a/grub-core/loader/i386/multiboot_mbi.c b/grub-core/loader/i386/multiboot_mbi.c +index 1c5b0ac25..2ce424a99 100644 +--- a/grub-core/loader/i386/multiboot_mbi.c ++++ b/grub-core/loader/i386/multiboot_mbi.c +@@ -174,7 +174,7 @@ grub_multiboot_load (grub_file_t file, const char *filename) + return grub_errno; + } + +- grub_tpm_measure((unsigned char*)buffer, len, GRUB_KERNEL_PCR, filename); ++ grub_tpm_measure((unsigned char*)buffer, len, GRUB_BINARY_PCR, "grub_multiboot", filename); + + header = find_header (buffer, len); + +diff --git a/grub-core/loader/i386/pc/linux.c b/grub-core/loader/i386/pc/linux.c +index 155442307..4f8c02288 100644 +--- a/grub-core/loader/i386/pc/linux.c ++++ b/grub-core/loader/i386/pc/linux.c +@@ -162,7 +162,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + goto fail; + } + +- grub_tpm_measure (kernel, len, GRUB_KERNEL_PCR, "BIOS Linux Kernel"); ++ grub_tpm_measure (kernel, len, GRUB_BINARY_PCR, "grub_linux16", "Kernel"); + + grub_memcpy (&lh, kernel, sizeof (lh)); + kernel_offset = sizeof (lh); +diff --git a/grub-core/loader/linux.c b/grub-core/loader/linux.c +index 3005c0d19..78c41e334 100644 +--- a/grub-core/loader/linux.c ++++ b/grub-core/loader/linux.c +@@ -289,7 +289,7 @@ grub_initrd_load (struct grub_linux_initrd_context *initrd_ctx, + grub_initrd_close (initrd_ctx); + return grub_errno; + } +- grub_tpm_measure (ptr, cursize, GRUB_INITRD_PCR, "Linux Initrd"); ++ grub_tpm_measure (ptr, cursize, GRUB_BINARY_PCR, "grub_initrd", "Initrd"); + ptr += cursize; + } + if (newc) +diff --git a/grub-core/loader/multiboot.c b/grub-core/loader/multiboot.c +index 93e026c53..3b87dc4fa 100644 +--- a/grub-core/loader/multiboot.c ++++ b/grub-core/loader/multiboot.c +@@ -441,7 +441,7 @@ grub_cmd_module (grub_command_t cmd __attribute__ ((unused)), + } + + grub_file_close (file); +- grub_tpm_measure (module, size, GRUB_KERNEL_PCR, argv[0]); ++ grub_tpm_measure (module, size, GRUB_BINARY_PCR, "grub_multiboot", argv[0]); + return GRUB_ERR_NONE; + } + +diff --git a/grub-core/loader/multiboot_mbi2.c b/grub-core/loader/multiboot_mbi2.c +index d5ad02a33..60ae4606f 100644 +--- a/grub-core/loader/multiboot_mbi2.c ++++ b/grub-core/loader/multiboot_mbi2.c +@@ -132,7 +132,7 @@ grub_multiboot2_load (grub_file_t file, const char *filename) + + COMPILE_TIME_ASSERT (MULTIBOOT_HEADER_ALIGN % 4 == 0); + +- grub_tpm_measure ((unsigned char *)buffer, len, GRUB_KERNEL_PCR, filename); ++ grub_tpm_measure ((unsigned char *)mld.buffer, len, GRUB_BINARY_PCR, "grub_multiboot", filename); + + header = find_header (mld.buffer, len); + if (header == 0) +diff --git a/grub-core/script/execute.c b/grub-core/script/execute.c +index 9ae04a051..976643c47 100644 +--- a/grub-core/script/execute.c ++++ b/grub-core/script/execute.c +@@ -995,8 +995,8 @@ grub_script_execute_cmdline (struct grub_script_cmd *cmd) + argv.args[i]); + } + cmdstring[cmdlen-1]= '\0'; +- grub_tpm_measure ((unsigned char *)cmdstring, cmdlen, GRUB_COMMAND_PCR, +- cmdstring); ++ grub_tpm_measure ((unsigned char *)cmdstring, cmdlen, GRUB_ASCII_PCR, ++ "grub_cmd", cmdstring); + grub_free(cmdstring); + invert = 0; + argc = argv.argc - 1; +diff --git a/include/grub/tpm.h b/include/grub/tpm.h +index 7fc9d77d2..ecb2d09ff 100644 +--- a/include/grub/tpm.h ++++ b/include/grub/tpm.h +@@ -26,11 +26,8 @@ + #define TPM_AUTHFAIL (TPM_BASE + 0x1) + #define TPM_BADINDEX (TPM_BASE + 0x2) + +-#define GRUB_TPM_PCR 9 +-#define GRUB_KERNEL_PCR 10 +-#define GRUB_INITRD_PCR 11 +-#define GRUB_CMDLINE_PCR 12 +-#define GRUB_COMMAND_PCR 13 ++#define GRUB_ASCII_PCR 8 ++#define GRUB_BINARY_PCR 9 + + #define TPM_TAG_RQU_COMMAND 0x00C1 + #define TPM_ORD_Extend 0x14 +@@ -70,7 +67,7 @@ typedef struct { + } GRUB_PACKED ExtendOutgoing; + + grub_err_t EXPORT_FUNC(grub_tpm_measure) (unsigned char *buf, grub_size_t size, +- grub_uint8_t pcr, ++ grub_uint8_t pcr, const char *kind, + const char *description); + #if defined (GRUB_MACHINE_EFI) || defined (GRUB_MACHINE_PCBIOS) + grub_err_t grub_tpm_execute(PassThroughToTPM_InputParamBlock *inbuf, diff --git a/SOURCES/0136-Fix-event-log-prefix.patch b/SOURCES/0136-Fix-event-log-prefix.patch new file mode 100644 index 0000000..7b19fe6 --- /dev/null +++ b/SOURCES/0136-Fix-event-log-prefix.patch @@ -0,0 +1,26 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Matthew Garrett +Date: Tue, 29 Mar 2016 15:36:49 -0700 +Subject: [PATCH] Fix event log prefix + +We're not passing the prefixed version of the description to the event log. +Fix that. + +(cherry picked from commit aab446306b8a78c741e229861c4988738cfc6426) +--- + grub-core/kern/tpm.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/grub-core/kern/tpm.c b/grub-core/kern/tpm.c +index cb5a81203..e5e8fced6 100644 +--- a/grub-core/kern/tpm.c ++++ b/grub-core/kern/tpm.c +@@ -13,7 +13,7 @@ grub_tpm_measure (unsigned char *buf, grub_size_t size, grub_uint8_t pcr, + char *desc = grub_xasprintf("%s %s", kind, description); + if (!desc) + return GRUB_ERR_OUT_OF_MEMORY; +- ret = grub_tpm_log_event(buf, size, pcr, description); ++ ret = grub_tpm_log_event(buf, size, pcr, desc); + grub_free(desc); + return ret; + } diff --git a/SOURCES/0137-Set-the-first-boot-menu-entry-as-default-when-using-.patch b/SOURCES/0137-Set-the-first-boot-menu-entry-as-default-when-using-.patch new file mode 100644 index 0000000..8811699 --- /dev/null +++ b/SOURCES/0137-Set-the-first-boot-menu-entry-as-default-when-using-.patch @@ -0,0 +1,27 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Fri, 6 Apr 2018 14:08:36 +0200 +Subject: [PATCH] Set the first boot menu entry as default when using BLS + fragments + +When BootLoaderSpec configuration files are used, the default boot menu +entry is always set to the first entry as sorted by the blscfg command. + +Suggested-by: Peter Jones +Signed-off-by: Javier Martinez Canillas +--- + util/grub.d/10_linux.in | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in +index 839f1fdb6..89cd71d85 100644 +--- a/util/grub.d/10_linux.in ++++ b/util/grub.d/10_linux.in +@@ -144,6 +144,7 @@ if [ -s \$prefix/grubenv ]; then + fi + EOF + ++ ${grub_editenv} - set saved_entry=0 + ${grub_editenv} - set kernelopts="root=${linux_root_device_thisversion} ro ${args}" + + exit 0 diff --git a/SOURCES/0138-tpm-fix-warnings-when-compiling-for-platforms-other-.patch b/SOURCES/0138-tpm-fix-warnings-when-compiling-for-platforms-other-.patch new file mode 100644 index 0000000..b3dd8fa --- /dev/null +++ b/SOURCES/0138-tpm-fix-warnings-when-compiling-for-platforms-other-.patch @@ -0,0 +1,38 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Michael Marineau +Date: Sun, 21 Aug 2016 18:24:58 -0700 +Subject: [PATCH] tpm: fix warnings when compiling for platforms other than pc + and efi + +--- + include/grub/tpm.h | 17 +++++++++++------ + 1 file changed, 11 insertions(+), 6 deletions(-) + +diff --git a/include/grub/tpm.h b/include/grub/tpm.h +index ecb2d09ff..972a5edc8 100644 +--- a/include/grub/tpm.h ++++ b/include/grub/tpm.h +@@ -75,12 +75,17 @@ grub_err_t grub_tpm_execute(PassThroughToTPM_InputParamBlock *inbuf, + grub_err_t grub_tpm_log_event(unsigned char *buf, grub_size_t size, + grub_uint8_t pcr, const char *description); + #else +-static inline grub_err_t grub_tpm_execute(PassThroughToTPM_InputParamBlock *inbuf, +- PassThroughToTPM_OutputParamBlock *outbuf) { return 0; }; +-static inline grub_err_t grub_tpm_log_event(unsigned char *buf, +- grub_size_t size, +- grub_uint8_t pcr, +- const char *description) ++static inline grub_err_t grub_tpm_execute( ++ PassThroughToTPM_InputParamBlock *inbuf __attribute__ ((unused)), ++ PassThroughToTPM_OutputParamBlock *outbuf __attribute__ ((unused))) ++{ ++ return 0; ++}; ++static inline grub_err_t grub_tpm_log_event( ++ unsigned char *buf __attribute__ ((unused)), ++ grub_size_t size __attribute__ ((unused)), ++ grub_uint8_t pcr __attribute__ ((unused)), ++ const char *description __attribute__ ((unused))) + { + return 0; + }; diff --git a/SOURCES/0139-Make-TPM-errors-less-fatal.patch b/SOURCES/0139-Make-TPM-errors-less-fatal.patch new file mode 100644 index 0000000..ecceb6f --- /dev/null +++ b/SOURCES/0139-Make-TPM-errors-less-fatal.patch @@ -0,0 +1,208 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Matthew Garrett +Date: Thu, 13 Oct 2016 13:55:26 -0700 +Subject: [PATCH] Make TPM errors less fatal + +Handle TPM errors, and stop trying to use the TPM once we hit one. +--- + grub-core/kern/dl.c | 1 + + grub-core/kern/i386/pc/tpm.c | 21 +++++++++++++++++---- + grub-core/lib/cmdline.c | 1 + + grub-core/loader/i386/efi/linux.c | 2 ++ + grub-core/loader/i386/linux.c | 1 + + grub-core/loader/i386/multiboot_mbi.c | 1 + + grub-core/loader/i386/pc/linux.c | 1 + + grub-core/loader/linux.c | 2 ++ + grub-core/loader/multiboot.c | 1 + + grub-core/loader/multiboot_mbi2.c | 1 + + grub-core/script/execute.c | 1 + + 11 files changed, 29 insertions(+), 4 deletions(-) + +diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c +index d09895738..91105bc46 100644 +--- a/grub-core/kern/dl.c ++++ b/grub-core/kern/dl.c +@@ -831,6 +831,7 @@ grub_dl_load_file (const char *filename) + grub_file_close (file); + + grub_tpm_measure(core, size, GRUB_BINARY_PCR, "grub_module", filename); ++ grub_print_error(); + + mod = grub_dl_load_core (core, size); + grub_free (core); +diff --git a/grub-core/kern/i386/pc/tpm.c b/grub-core/kern/i386/pc/tpm.c +index 8c6c1e6ec..f6f264aff 100644 +--- a/grub-core/kern/i386/pc/tpm.c ++++ b/grub-core/kern/i386/pc/tpm.c +@@ -7,21 +7,28 @@ + + #define TCPA_MAGIC 0x41504354 + ++static int tpm_presence = -1; ++ + int tpm_present(void); + + int tpm_present(void) + { + struct grub_bios_int_registers regs; + ++ if (tpm_presence != -1) ++ return tpm_presence; ++ + regs.flags = GRUB_CPU_INT_FLAGS_DEFAULT; + regs.eax = 0xbb00; + regs.ebx = TCPA_MAGIC; + grub_bios_interrupt (0x1a, ®s); + + if (regs.eax == 0) +- return 1; ++ tpm_presence = 1; ++ else ++ tpm_presence = 0; + +- return 0; ++ return tpm_presence; + } + + grub_err_t +@@ -49,7 +56,10 @@ grub_tpm_execute(PassThroughToTPM_InputParamBlock *inbuf, + grub_bios_interrupt (0x1a, ®s); + + if (regs.eax) +- return grub_error (GRUB_ERR_IO, N_("TPM error %x\n"), regs.eax); ++ { ++ tpm_presence = 0; ++ return grub_error (GRUB_ERR_IO, N_("TPM error %x, disabling TPM"), regs.eax); ++ } + + return 0; + } +@@ -126,7 +136,10 @@ grub_tpm_log_event(unsigned char *buf, grub_size_t size, grub_uint8_t pcr, + grub_free(event); + + if (regs.eax) +- return grub_error (GRUB_ERR_IO, N_("TPM error %x\n"), regs.eax); ++ { ++ tpm_presence = 0; ++ return grub_error (GRUB_ERR_IO, N_("TPM error %x, disabling TPM"), regs.eax); ++ } + + return 0; + } +diff --git a/grub-core/lib/cmdline.c b/grub-core/lib/cmdline.c +index 178f7382f..d5c12957c 100644 +--- a/grub-core/lib/cmdline.c ++++ b/grub-core/lib/cmdline.c +@@ -128,6 +128,7 @@ int grub_create_loader_cmdline (int argc, char *argv[], char *buf, + + grub_tpm_measure ((void *)orig, grub_strlen (orig), GRUB_ASCII_PCR, + "grub_kernel_cmdline", orig); ++ grub_print_error(); + + return i; + } +diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c +index 074dbd651..ea9f5134e 100644 +--- a/grub-core/loader/i386/efi/linux.c ++++ b/grub-core/loader/i386/efi/linux.c +@@ -133,6 +133,7 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), + goto fail; + } + grub_tpm_measure (ptr, cursize, GRUB_BINARY_PCR, "grub_linuxefi", "Initrd"); ++ grub_print_error(); + ptr += cursize; + grub_memset (ptr, 0, ALIGN_UP_OVERHEAD (cursize, 4)); + ptr += ALIGN_UP_OVERHEAD (cursize, 4); +@@ -198,6 +199,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + } + + grub_tpm_measure (kernel, filelen, GRUB_BINARY_PCR, "grub_linuxefi", "Kernel"); ++ grub_print_error(); + + rc = grub_linuxefi_secure_validate (kernel, filelen); + if (rc < 0) +diff --git a/grub-core/loader/i386/linux.c b/grub-core/loader/i386/linux.c +index 273f48a6c..76304f057 100644 +--- a/grub-core/loader/i386/linux.c ++++ b/grub-core/loader/i386/linux.c +@@ -726,6 +726,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + } + + grub_tpm_measure (kernel, len, GRUB_BINARY_PCR, "grub_linux", "Kernel"); ++ grub_print_error(); + + grub_memcpy (&lh, kernel, sizeof (lh)); + +diff --git a/grub-core/loader/i386/multiboot_mbi.c b/grub-core/loader/i386/multiboot_mbi.c +index 2ce424a99..ca85358f7 100644 +--- a/grub-core/loader/i386/multiboot_mbi.c ++++ b/grub-core/loader/i386/multiboot_mbi.c +@@ -175,6 +175,7 @@ grub_multiboot_load (grub_file_t file, const char *filename) + } + + grub_tpm_measure((unsigned char*)buffer, len, GRUB_BINARY_PCR, "grub_multiboot", filename); ++ grub_print_error(); + + header = find_header (buffer, len); + +diff --git a/grub-core/loader/i386/pc/linux.c b/grub-core/loader/i386/pc/linux.c +index 4f8c02288..cfff25c21 100644 +--- a/grub-core/loader/i386/pc/linux.c ++++ b/grub-core/loader/i386/pc/linux.c +@@ -163,6 +163,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + } + + grub_tpm_measure (kernel, len, GRUB_BINARY_PCR, "grub_linux16", "Kernel"); ++ grub_print_error(); + + grub_memcpy (&lh, kernel, sizeof (lh)); + kernel_offset = sizeof (lh); +diff --git a/grub-core/loader/linux.c b/grub-core/loader/linux.c +index 78c41e334..c2c7cfcd0 100644 +--- a/grub-core/loader/linux.c ++++ b/grub-core/loader/linux.c +@@ -290,6 +290,8 @@ grub_initrd_load (struct grub_linux_initrd_context *initrd_ctx, + return grub_errno; + } + grub_tpm_measure (ptr, cursize, GRUB_BINARY_PCR, "grub_initrd", "Initrd"); ++ grub_print_error(); ++ + ptr += cursize; + } + if (newc) +diff --git a/grub-core/loader/multiboot.c b/grub-core/loader/multiboot.c +index 3b87dc4fa..9a8dae556 100644 +--- a/grub-core/loader/multiboot.c ++++ b/grub-core/loader/multiboot.c +@@ -442,6 +442,7 @@ grub_cmd_module (grub_command_t cmd __attribute__ ((unused)), + + grub_file_close (file); + grub_tpm_measure (module, size, GRUB_BINARY_PCR, "grub_multiboot", argv[0]); ++ grub_print_error(); + return GRUB_ERR_NONE; + } + +diff --git a/grub-core/loader/multiboot_mbi2.c b/grub-core/loader/multiboot_mbi2.c +index 60ae4606f..54078455e 100644 +--- a/grub-core/loader/multiboot_mbi2.c ++++ b/grub-core/loader/multiboot_mbi2.c +@@ -133,6 +133,7 @@ grub_multiboot2_load (grub_file_t file, const char *filename) + COMPILE_TIME_ASSERT (MULTIBOOT_HEADER_ALIGN % 4 == 0); + + grub_tpm_measure ((unsigned char *)mld.buffer, len, GRUB_BINARY_PCR, "grub_multiboot", filename); ++ grub_print_error(); + + header = find_header (mld.buffer, len); + if (header == 0) +diff --git a/grub-core/script/execute.c b/grub-core/script/execute.c +index 976643c47..939657771 100644 +--- a/grub-core/script/execute.c ++++ b/grub-core/script/execute.c +@@ -997,6 +997,7 @@ grub_script_execute_cmdline (struct grub_script_cmd *cmd) + cmdstring[cmdlen-1]= '\0'; + grub_tpm_measure ((unsigned char *)cmdstring, cmdlen, GRUB_ASCII_PCR, + "grub_cmd", cmdstring); ++ grub_print_error(); + grub_free(cmdstring); + invert = 0; + argc = argv.argc - 1; diff --git a/SOURCES/0140-blscfg-handle-multiple-initramfs-images.patch b/SOURCES/0140-blscfg-handle-multiple-initramfs-images.patch new file mode 100644 index 0000000..41af100 --- /dev/null +++ b/SOURCES/0140-blscfg-handle-multiple-initramfs-images.patch @@ -0,0 +1,104 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Wed, 11 Apr 2018 13:44:29 -0400 +Subject: [PATCH] blscfg: handle multiple initramfs images. + +Signed-off-by: Peter Jones +--- + grub-core/commands/blscfg.c | 54 ++++++++++++++++++++++++++++++++++++--------- + 1 file changed, 44 insertions(+), 10 deletions(-) + +diff --git a/grub-core/commands/blscfg.c b/grub-core/commands/blscfg.c +index e775c6b87..6ab85df6b 100644 +--- a/grub-core/commands/blscfg.c ++++ b/grub-core/commands/blscfg.c +@@ -587,6 +587,7 @@ static void create_entry (struct bls_entry *entry, const char *cfgfile) + char *title = NULL; + char *clinux = NULL; + char *options = NULL; ++ char **initrds = NULL; + char *initrd = NULL; + char *id = NULL; + char *hotkey = NULL; +@@ -609,7 +610,7 @@ static void create_entry (struct bls_entry *entry, const char *cfgfile) + + title = bls_get_val (entry, "title", NULL); + options = bls_get_val (entry, "options", NULL); +- initrd = bls_get_val (entry, "initrd", NULL); ++ initrds = bls_make_list (entry, "initrd", NULL); + id = bls_get_val (entry, "id", NULL); + + hotkey = bls_get_val (entry, "grub_hotkey", NULL); +@@ -624,30 +625,63 @@ static void create_entry (struct bls_entry *entry, const char *cfgfile) + argv[i] = args[i-1]; + argv[argc] = NULL; + +- grub_dprintf("blscfg", "adding menu entry for \"%s\"\n", title); ++ grub_dprintf ("blscfg", "adding menu entry for \"%s\"\n", title); ++ if (initrds) ++ { ++ int initrd_size = sizeof (GRUB_INITRD_CMD); ++ char *tmp; ++ ++ for (i = 0; initrds != NULL && initrds[i] != NULL; i++) ++ initrd_size += sizeof (" " GRUB_BOOT_DEVICE) \ ++ + grub_strlen (initrds[i]) + 1; ++ initrd_size += 1; ++ ++ initrd = grub_malloc (initrd_size); ++ if (!initrd) ++ { ++ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory")); ++ goto finish; ++ } ++ ++ ++ tmp = grub_stpcpy(initrd, GRUB_INITRD_CMD); ++ for (i = 0; initrds != NULL && initrds[i] != NULL; i++) ++ { ++ grub_dprintf ("blscfg", "adding initrd %s\n", initrds[i]); ++ tmp = grub_stpcpy (tmp, " " GRUB_BOOT_DEVICE); ++ tmp = grub_stpcpy (tmp, initrds[i]); ++ } ++ tmp = grub_stpcpy (tmp, "\n"); ++ } ++ + src = grub_xasprintf ("load_video\n" + "set gfx_payload=keep\n" + "insmod gzio\n" + GRUB_LINUX_CMD " %s%s%s%s\n" +- "%s%s%s%s", ++ "%s", + GRUB_BOOT_DEVICE, clinux, options ? " " : "", options ? options : "", +- initrd ? GRUB_INITRD_CMD " " : "", initrd ? GRUB_BOOT_DEVICE : "", initrd ? initrd : "", initrd ? "\n" : ""); ++ initrd ? initrd : ""); + + grub_normal_add_menu_entry (argc, argv, classes, id, users, hotkey, NULL, src, 0); + + finish: ++ if (initrd) ++ grub_free (initrd); ++ ++ if (initrds) ++ grub_free (initrds); ++ + if (classes) +- grub_free (classes); +- grub_dprintf("blscfg", "%s got here\n", __func__); ++ grub_free (classes); ++ + if (args) +- grub_free (args); ++ grub_free (args); + + if (argv) +- grub_free (argv); ++ grub_free (argv); + + if (src) +- grub_free (src); +- grub_dprintf("blscfg", "%s got here\n", __func__); ++ grub_free (src); + } + + struct find_entry_info { diff --git a/SOURCES/0141-BLS-Fix-grub2-switch-to-blscfg-on-non-EFI-machines.patch b/SOURCES/0141-BLS-Fix-grub2-switch-to-blscfg-on-non-EFI-machines.patch new file mode 100644 index 0000000..4ebe652 --- /dev/null +++ b/SOURCES/0141-BLS-Fix-grub2-switch-to-blscfg-on-non-EFI-machines.patch @@ -0,0 +1,25 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Jan Hlavac +Date: Tue, 10 Apr 2018 16:07:36 +0200 +Subject: [PATCH] BLS: Fix grub2-switch-to-blscfg on non-EFI machines + +On the non-EFI machines the grub2-switch-to-blscfg script places the BLS +snippets into the /boot directory. But the right location is +/boot/loader/entries. +--- + util/grub-switch-to-blscfg.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/util/grub-switch-to-blscfg.in b/util/grub-switch-to-blscfg.in +index 3ae5e4ea8..f740b8f4d 100644 +--- a/util/grub-switch-to-blscfg.in ++++ b/util/grub-switch-to-blscfg.in +@@ -44,7 +44,7 @@ if [ -d /sys/firmware/efi/efivars/ ]; then + else + startlink=/etc/grub2.cfg + grubdir=`echo "/@bootdirname@/@grubdirname@" | sed 's,//*,/,g'` +- blsdir=`echo "/@bootdirname@" | sed 's,//*,/,g'` ++ blsdir=`echo "/@bootdirname@/loader/entries" | sed 's,//*,/,g'` + fi + + backupsuffix=.bak diff --git a/SOURCES/0142-BLS-Use-etcdefaultgrub-instead-of-etc.patch b/SOURCES/0142-BLS-Use-etcdefaultgrub-instead-of-etc.patch new file mode 100644 index 0000000..77a69e0 --- /dev/null +++ b/SOURCES/0142-BLS-Use-etcdefaultgrub-instead-of-etc.patch @@ -0,0 +1,24 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Jan Hlavac +Date: Tue, 10 Apr 2018 16:56:28 +0200 +Subject: [PATCH] BLS: Use ${etcdefaultgrub} instead of /etc/... + +Inside the grub-switch-to-blscfg script the ${etcdefaultgrub} variable +is used. So replace the hardcoded /etc/default/grub with it. +--- + util/grub-switch-to-blscfg.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/util/grub-switch-to-blscfg.in b/util/grub-switch-to-blscfg.in +index f740b8f4d..eae3c379e 100644 +--- a/util/grub-switch-to-blscfg.in ++++ b/util/grub-switch-to-blscfg.in +@@ -252,7 +252,7 @@ if [[ "${GENERATE}" -eq 1 ]] ; then + cp -af "${GRUB_CONFIG_FILE}${backupsuffix}" "${GRUB_CONFIG_FILE}" + sed -i"${backupsuffix}" \ + -e 's,^GRUB_ENABLE_BLSCFG=.*,GRUB_ENABLE_BLSCFG=false,' \ +- /etc/default/grub ++ "${etcdefaultgrub}" + gettext_printf "Updating %s failed\n" "${GRUB_CONFIG_FILE}" + exit 1 + fi diff --git a/SOURCES/0143-Add-missing-options-to-grub2-switch-to-blscfg-man-pa.patch b/SOURCES/0143-Add-missing-options-to-grub2-switch-to-blscfg-man-pa.patch new file mode 100644 index 0000000..591b104 --- /dev/null +++ b/SOURCES/0143-Add-missing-options-to-grub2-switch-to-blscfg-man-pa.patch @@ -0,0 +1,31 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Wed, 11 Apr 2018 11:36:43 +0200 +Subject: [PATCH] Add missing options to grub2-switch-to-blscfg man page + +The script --bls-directory and --backup-suffix options were not documented +in the man page, add them as well so users can know what these are about. + +Signed-off-by: Javier Martinez Canillas +--- + util/grub-switch-to-blscfg.8 | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/util/grub-switch-to-blscfg.8 b/util/grub-switch-to-blscfg.8 +index 134dfc62a..7d99de2d2 100644 +--- a/util/grub-switch-to-blscfg.8 ++++ b/util/grub-switch-to-blscfg.8 +@@ -21,5 +21,13 @@ The grub config file to use. The default value is \fI/etc/grub2-efi.cfg\fR on U + --grub-defaults=\fIFILE\fR + The defaults file for grub-mkconfig. The default value is \fI/etc/default/grub\fR. + ++.TP ++--bls-directory=\fIDIR\fR ++Create BootLoaderSpec fragments in \fIDIR\fR. The default value is \fI/boot/loader/entries\fR on BIOS machines and \fI/boot/efi/EFI/\fBVENDOR\fI/loader/entries\fR on UEFI machines. ++ ++.TP ++--backup-suffix=\fSUFFIX\fR ++The suffix to use for saved backup files. The default value is \fI.bak\fR. ++ + .SH SEE ALSO + .BR "info grub" diff --git a/SOURCES/0144-Make-grub2-switch-to-blscfg-to-generate-debug-BLS-wh.patch b/SOURCES/0144-Make-grub2-switch-to-blscfg-to-generate-debug-BLS-wh.patch new file mode 100644 index 0000000..f108a05 --- /dev/null +++ b/SOURCES/0144-Make-grub2-switch-to-blscfg-to-generate-debug-BLS-wh.patch @@ -0,0 +1,58 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Wed, 11 Apr 2018 11:49:24 +0200 +Subject: [PATCH] Make grub2-switch-to-blscfg to generate debug BLS when + MAKEDEBUG is set + +If MAKEDEBUG=yes in /etc/sysconfig/kernel, then a debug menu entry should +be created. So for BLS, a debug configuration file has to be created that +contains additional debug kernel command line parameters. + +Signed-off-by: Javier Martinez Canillas +--- + util/grub-switch-to-blscfg.in | 15 +++++++++++++++ + 1 file changed, 15 insertions(+) + +diff --git a/util/grub-switch-to-blscfg.in b/util/grub-switch-to-blscfg.in +index eae3c379e..c59299ffa 100644 +--- a/util/grub-switch-to-blscfg.in ++++ b/util/grub-switch-to-blscfg.in +@@ -21,6 +21,7 @@ + # Initialize some variables. + prefix=@prefix@ + exec_prefix=@exec_prefix@ ++sbindir=@sbindir@ + bindir=@bindir@ + sysconfdir="@sysconfdir@" + PACKAGE_NAME=@PACKAGE_NAME@ +@@ -33,9 +34,12 @@ fi + + self=`basename $0` + ++grub_get_kernel_settings="${sbindir}/@grub_get_kernel_settings@" + grub_editenv=${bindir}/@grub_editenv@ + etcdefaultgrub=/etc/default/grub + ++eval "$("${grub_get_kernel_settings}")" || true ++ + EFIDIR=$(grep ^ID= /etc/os-release | sed -e 's/^ID=//' -e 's/rhel/redhat/') + if [ -d /sys/firmware/efi/efivars/ ]; then + startlink=/etc/grub2-efi.cfg +@@ -226,6 +230,17 @@ for kernelver in $(cd /lib/modules/ ; ls -1) "" ; do + "$(date -u +%Y%m%d%H%M%S -d "$(stat -c '%y' "${kernel_dir}")")" \ + >"${bls_target}" + fi ++ ++ if [ "x$GRUB_LINUX_MAKE_DEBUG" = "xtrue" ]; then ++ arch="$(uname -m)" ++ bls_debug="$(echo ${bls_target} | sed -e "s/\.${arch}/-debug.${arch}/")" ++ cp -aT "${bls_target}" "${bls_debug}" ++ title="$(grep '^title[ \t]' "${bls_debug}" | sed -e 's/^title[ \t]*//')" ++ blsid="$(grep '^id[ \t]' "${bls_debug}" | sed -e "s/\.${ARCH}/-debug.${arch}/")" ++ sed -i -e "s/^title.*/title ${title}${GRUB_LINUX_DEBUG_TITLE_POSTFIX}/" "${bls_debug}" ++ sed -i -e "s/^id.*/${blsid}/" "${bls_debug}" ++ sed -i -e "s/^options.*/options \$kernelopts ${GRUB_CMDLINE_LINUX_DEBUG}/" "${bls_debug}" ++ fi + done + + GENERATE=0 diff --git a/SOURCES/0145-Make-grub2-switch-to-blscfg-to-generate-BLS-fragment.patch b/SOURCES/0145-Make-grub2-switch-to-blscfg-to-generate-BLS-fragment.patch new file mode 100644 index 0000000..9916456 --- /dev/null +++ b/SOURCES/0145-Make-grub2-switch-to-blscfg-to-generate-BLS-fragment.patch @@ -0,0 +1,28 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Wed, 11 Apr 2018 12:39:59 +0200 +Subject: [PATCH] Make grub2-switch-to-blscfg to generate BLS fragment for + rescue kernel + +If a rescue image is available, it should have a BootLoaderSpec fragment. + +Signed-off-by: Javier Martinez Canillas +--- + util/grub-switch-to-blscfg.in | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/util/grub-switch-to-blscfg.in b/util/grub-switch-to-blscfg.in +index c59299ffa..bc28053cd 100644 +--- a/util/grub-switch-to-blscfg.in ++++ b/util/grub-switch-to-blscfg.in +@@ -243,6 +243,10 @@ for kernelver in $(cd /lib/modules/ ; ls -1) "" ; do + fi + done + ++if [[ -f "/boot/vmlinuz-0-rescue-${MACHINE_ID}" ]]; then ++ mkbls "0-rescue-${MACHINE_ID}" "0" >"${blsdir}/${MACHINE_ID}-0-rescue.conf" ++fi ++ + GENERATE=0 + if grep '^GRUB_ENABLE_BLSCFG=.*' "${etcdefaultgrub}" \ + | grep -vq '^GRUB_ENABLE_BLSCFG="*true"*\s*$' ; then diff --git a/SOURCES/0146-Only-attempt-to-query-dev-mounted-in-boot-efi-as-boo.patch b/SOURCES/0146-Only-attempt-to-query-dev-mounted-in-boot-efi-as-boo.patch new file mode 100644 index 0000000..e571fc0 --- /dev/null +++ b/SOURCES/0146-Only-attempt-to-query-dev-mounted-in-boot-efi-as-boo.patch @@ -0,0 +1,40 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Tue, 24 Apr 2018 02:16:38 +0200 +Subject: [PATCH] Only attempt to query dev mounted in /boot/efi as boot dev on + EFI machines + +The 10_linux script calls grub2-probe to probe the information for the dev +mounted in /boot/efi, but this directory may not exist on non-EFI machines +which leads to the following error when generating the grub2 config file: + +/usr/sbin/grub2-probe: error: failed to get canonical path of `/boot/efi/' + +Instead query for the device mounted in /boot and use that as the boot dev +for non-EFI machines. + +Signed-off-by: Javier Martinez Canillas +--- + util/grub.d/10_linux.in | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in +index 89cd71d85..61d0664fb 100644 +--- a/util/grub.d/10_linux.in ++++ b/util/grub.d/10_linux.in +@@ -133,8 +133,13 @@ linux_entry () + fi + fi + +- bootefi_device="`${grub_probe} --target=device /boot/efi/`" +- prepare_grub_to_access_device ${bootefi_device} boot ++ if [ -d /sys/firmware/efi ]; then ++ bootefi_device="`${grub_probe} --target=device /boot/efi/`" ++ prepare_grub_to_access_device ${bootefi_device} boot ++ else ++ boot_device="`${grub_probe} --target=device /boot/`" ++ prepare_grub_to_access_device ${boot_device} boot ++ fi + + cat << EOF + insmod blscfg diff --git a/SOURCES/0147-Include-OSTree-path-when-searching-kernels-images-if.patch b/SOURCES/0147-Include-OSTree-path-when-searching-kernels-images-if.patch new file mode 100644 index 0000000..bc88e97 --- /dev/null +++ b/SOURCES/0147-Include-OSTree-path-when-searching-kernels-images-if.patch @@ -0,0 +1,38 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Tue, 24 Apr 2018 02:28:04 +0200 +Subject: [PATCH] Include OSTree path when searching kernels images if BLS + config is enabled + +The OSTree based distros (i.e: Fedora Atomic) don't install kernel images +in the /boot directory, but in /boot/ostree. So the 10_linux script isn't +able to include these kernels in its list, so the linux_entry() function +is never called. + +This isn't a problem since the 10_linux script isn't used to populate the +menu entries anyways, but instead a custom 15_ostree script is used. But +for BLS we want the 10_linux script to generate the minimal grub.cfg that +calls the blscfg command, so add the OSTree kernel images to the list. + +Signed-off-by: Javier Martinez Canillas +--- + util/grub.d/10_linux.in | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in +index 61d0664fb..9682e97b7 100644 +--- a/util/grub.d/10_linux.in ++++ b/util/grub.d/10_linux.in +@@ -237,6 +237,12 @@ case "x$machine" in + done ;; + esac + ++if [ "x${GRUB_ENABLE_BLSCFG}" = "xtrue" ]; then ++ for i in /boot/ostree/*/vmlinuz-* ; do ++ if grub_file_is_not_garbage "$i" ; then list="$list $i" ; fi ++ done ++fi ++ + case "$machine" in + i?86) GENKERNEL_ARCH="x86" ;; + mips|mips64) GENKERNEL_ARCH="mips" ;; diff --git a/SOURCES/0148-Use-BLS-version-field-to-compare-entries-if-id-field.patch b/SOURCES/0148-Use-BLS-version-field-to-compare-entries-if-id-field.patch new file mode 100644 index 0000000..d9f11a5 --- /dev/null +++ b/SOURCES/0148-Use-BLS-version-field-to-compare-entries-if-id-field.patch @@ -0,0 +1,29 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Fri, 27 Apr 2018 17:53:41 +0200 +Subject: [PATCH] Use BLS version field to compare entries if id field isn't + defined + +The BootLoaderSpec fragments generated by OSTree don't have the id field, +so grub2 will attempt to sort the entries by using the title field which +may not be correct. The entries do have a version field though so use it. + +Signed-off-by: Javier Martinez Canillas +--- + grub-core/commands/blscfg.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/grub-core/commands/blscfg.c b/grub-core/commands/blscfg.c +index 6ab85df6b..c52d2b2e0 100644 +--- a/grub-core/commands/blscfg.c ++++ b/grub-core/commands/blscfg.c +@@ -418,6 +418,9 @@ static int bls_cmp(const void *p0, const void *p1, void *state UNUSED) + + rc = bls_keyval_cmp (e0, e1, "id"); + ++ if (rc == 0) ++ rc = bls_keyval_cmp (e0, e1, "version"); ++ + if (rc == 0) + rc = bls_keyval_cmp (e0, e1, "title"); + diff --git a/SOURCES/0149-Add-version-field-to-BLS-generated-by-grub2-switch-t.patch b/SOURCES/0149-Add-version-field-to-BLS-generated-by-grub2-switch-t.patch new file mode 100644 index 0000000..3bb0169 --- /dev/null +++ b/SOURCES/0149-Add-version-field-to-BLS-generated-by-grub2-switch-t.patch @@ -0,0 +1,41 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Thu, 10 May 2018 10:52:11 +0200 +Subject: [PATCH] Add version field to BLS generated by grub2-switch-to-blscfg + +The version field is present in the BLS fragments that are shipped in the +kernel packages, so add it to the BLS generated by grub2-switch-to-blscfg +for consistency. + +Signed-off-by: Javier Martinez Canillas +--- + util/grub-switch-to-blscfg.in | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/util/grub-switch-to-blscfg.in b/util/grub-switch-to-blscfg.in +index bc28053cd..89487ad61 100644 +--- a/util/grub-switch-to-blscfg.in ++++ b/util/grub-switch-to-blscfg.in +@@ -190,12 +190,14 @@ mkbls() { + local datetime=$1 && shift + + local debugname="" ++ local debugid="" + local flavor="" + + if [[ "$kernelver" == *\+* ]] ; then + local flavor=-"${kernelver##*+}" + if [[ "${flavor}" == "-debug" ]]; then + local debugname=" with debugging" ++ local debugid="-debug" + fi + fi + ( +@@ -203,6 +205,7 @@ mkbls() { + + cat < +Date: Thu, 10 May 2018 13:40:19 -0400 +Subject: [PATCH] Fixup for newer compiler + +--- + grub-core/fs/btrfs.c | 2 +- + include/grub/gpt_partition.h | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/grub-core/fs/btrfs.c b/grub-core/fs/btrfs.c +index 7002ad81b..dac73b2fa 100644 +--- a/grub-core/fs/btrfs.c ++++ b/grub-core/fs/btrfs.c +@@ -198,7 +198,7 @@ struct grub_btrfs_inode + grub_uint64_t size; + grub_uint8_t dummy2[0x70]; + struct grub_btrfs_time mtime; +-} GRUB_PACKED; ++} GRUB_PACKED __attribute__ ((aligned(8))); + + struct grub_btrfs_extent_data + { +diff --git a/include/grub/gpt_partition.h b/include/grub/gpt_partition.h +index 7a93f4329..8212697bf 100644 +--- a/include/grub/gpt_partition.h ++++ b/include/grub/gpt_partition.h +@@ -76,7 +76,7 @@ struct grub_gpt_partentry + grub_uint64_t end; + grub_uint64_t attrib; + char name[72]; +-} GRUB_PACKED; ++} GRUB_PACKED __attribute__ ((aligned(8))); + + grub_err_t + grub_gpt_partition_map_iterate (grub_disk_t disk, diff --git a/SOURCES/0151-Don-t-attempt-to-export-the-start-and-_start-symbols.patch b/SOURCES/0151-Don-t-attempt-to-export-the-start-and-_start-symbols.patch new file mode 100644 index 0000000..7091467 --- /dev/null +++ b/SOURCES/0151-Don-t-attempt-to-export-the-start-and-_start-symbols.patch @@ -0,0 +1,42 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Sat, 12 May 2018 11:29:07 +0200 +Subject: [PATCH] Don't attempt to export the start and _start symbols for + grub-emu + +Commit 318ee04aadc ("make better backtraces") reworked the backtrace logic +but the changes lead to the following build error on the grub-emu platform: + +grub_emu_lite-symlist.o:(.data+0xf08): undefined reference to `start' +collect2: error: ld returned 1 exit status +make[3]: *** [Makefile:25959: grub-emu-lite] Error 1 +make[3]: *** Waiting for unfinished jobs.... +cat kernel_syms.input | grep -v '^#' | sed -n \ + -e '/EXPORT_FUNC *([a-zA-Z0-9_]*)/{s/.*EXPORT_FUNC *(\([a-zA-Z0-9_]*\)).*/defined kernel '""'\1/;p;}' \ + -e '/EXPORT_VAR *([a-zA-Z0-9_]*)/{s/.*EXPORT_VAR *(\([a-zA-Z0-9_]*\)).*/defined kernel '""'\1/;p;}' \ + | sort -u >kernel_syms.lst + +The problem is that start and _start symbols are exported unconditionally, +but these aren't defined for grub-emu since is an emultaed platform so it +doesn't have a startup logic. Don't attempt to export those for grub-emu. + +Signed-off-by: Javier Martinez Canillas +--- + include/grub/kernel.h | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/include/grub/kernel.h b/include/grub/kernel.h +index ae69218af..9548d552a 100644 +--- a/include/grub/kernel.h ++++ b/include/grub/kernel.h +@@ -108,8 +108,10 @@ grub_addr_t grub_modules_get_end (void); + + #endif + ++#if !defined(GRUB_MACHINE_EMU) + void EXPORT_FUNC(start) (void); + void EXPORT_FUNC(_start) (void); ++#endif + + /* The start point of the C code. */ + void grub_main (void) __attribute__ ((noreturn)); diff --git a/SOURCES/0152-Simplify-BLS-entry-key-val-pairs-lookup.patch b/SOURCES/0152-Simplify-BLS-entry-key-val-pairs-lookup.patch new file mode 100644 index 0000000..89b7489 --- /dev/null +++ b/SOURCES/0152-Simplify-BLS-entry-key-val-pairs-lookup.patch @@ -0,0 +1,170 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Fri, 11 May 2018 23:47:31 +0200 +Subject: [PATCH] Simplify BLS entry key val pairs lookup + +The pairs found in the BLS are being sorted but this isn't +really needed and it makes the implementation complex and error prone. + +For example, the current implementation has the following issues: + +1) Fields not present in the grub2 menu entry + + linux /linuz + initrd /foo + initrd /bar + + load_video + set gfx_payload=keep + insmod gzio + linux /boot/linuz + initrd /boot/bar + +2) Fields present but in the wrong order + + title Fedora (4.16.6-300.fc28.x86_64-tuned) 28 (Twenty Eight) + version 4.16.6-300.fc28.x86_64 + linux /vmlinuz-4.16.6-300.fc28.x86_64 + initrd /foo.img + initrd /bar.img + options $kernelopts + id fedora-20180430150025-4.16.6-300.fc28.x86_64 + + load_video + set gfx_payload=keep + insmod gzio + linux /boot/vmlinuz-4.16.6-300.fc28.x86_64 $kernelopts + initrd /boot/bar.img /boot/foo.img + +It's important to preserve the order in which fields have been defined +in the BLS fragment since for some of the fields the order has meaning. +For example, initramfs images have to be passed to the kernel in order +that were defined in the BLS fragment. + +This patch simplifies the pairs storage and lookup. Rather +than sorting and attempt to later figure out what's the expected order, +just store it in the same order as they were defined in the BLS config +file and return in that same order to callers when these look them up. + +Signed-off-by: Javier Martinez Canillas +--- + grub-core/commands/blscfg.c | 88 ++++++++++----------------------------------- + 1 file changed, 18 insertions(+), 70 deletions(-) + +diff --git a/grub-core/commands/blscfg.c b/grub-core/commands/blscfg.c +index c52d2b2e0..fb08d8e4c 100644 +--- a/grub-core/commands/blscfg.c ++++ b/grub-core/commands/blscfg.c +@@ -169,84 +169,35 @@ static void bls_free_entry(struct bls_entry *entry) + grub_free (entry); + } + +-static int keyval_cmp (const void *p0, const void *p1, +- void *state UNUSED) +-{ +- const struct keyval *kv0 = *(struct keyval * const *)p0; +- const struct keyval *kv1 = *(struct keyval * const *)p1; +- int rc; +- +- rc = grub_strcmp(kv0->key, kv1->key); +- +- return rc; +-} +- + /* Find they value of the key named by keyname. If there are allowed to be + * more than one, pass a pointer to an int set to -1 the first time, and pass + * the same pointer through each time after, and it'll return them in sorted +- * order. */ ++ * order as defined in the BLS fragment file */ + static char *bls_get_val(struct bls_entry *entry, const char *keyname, int *last) + { +- char *foo = (char *)""; +- struct keyval *kv = NULL, **kvp, key = {keyname, foo}, *keyp = &key; ++ int idx, start = 0; ++ struct keyval *kv = NULL; + +- /* if we've already found an entry that matches, just iterate */ +- if (last && *last >= 0) +- { +- int next = ++last[0]; ++ if (last) ++ start = *last + 1; + +- if (next == entry->nkeyvals) +- { +-done: +- *last = -1; +- return NULL; +- } ++ for (idx = start; idx < entry->nkeyvals; idx++) { ++ kv = entry->keyvals[idx]; + +- kv = entry->keyvals[next]; +- if (grub_strcmp (keyname, kv->key)) +- goto done; ++ if (!grub_strcmp (keyname, kv->key)) ++ break; ++ } + +- return kv->val; +- } ++ if (idx == entry->nkeyvals) { ++ if (last) ++ *last = -1; ++ return NULL; ++ } + +- kvp = grub_bsearch(&keyp, &entry->keyvals[0], entry->nkeyvals, +- sizeof (struct keyval *), keyval_cmp, NULL); +- if (kvp) +- kv = *kvp; ++ if (last) ++ *last = idx; + +- if (kv) +- { +- /* if we've got uninitialized but present state, track back until we find +- * the first match */ +- if (last) +- { +- grub_dprintf("blscfg", "%s trying to find another entry because last was set\n", __func__); +- /* figure out the position of this entry in the array */ +- int idx; +- for (idx = 0 ; idx < entry->nkeyvals; idx++) +- if (entry->keyvals[idx] == kv) +- break; +- *last = idx; +- +- while (idx > 0) +- { +- struct keyval *kvtmp = entry->keyvals[idx-1]; +- if (idx == 0 || grub_strcmp (keyname, kvtmp->key)) +- { +- /* if we're at the start, or if the previous entry doesn't +- * match, then we're done */ +- *last = idx; +- break; +- } +- else +- /* but if it does match, keep going backwards */ +- idx--; +- } +- } +- +- return kv->val; +- } +- return NULL; ++ return kv->val; + } + + #define goto_return(x) ({ ret = (x); goto finish; }) +@@ -503,9 +454,6 @@ static int read_entry ( + break; + } + +- grub_qsort(&entry->keyvals[0], entry->nkeyvals, sizeof (struct keyval *), +- keyval_cmp, NULL); +- + finish: + grub_free (p); + diff --git a/SOURCES/0153-Add-relative-path-to-the-kernel-and-initrds-BLS-fiel.patch b/SOURCES/0153-Add-relative-path-to-the-kernel-and-initrds-BLS-fiel.patch new file mode 100644 index 0000000..615b11a --- /dev/null +++ b/SOURCES/0153-Add-relative-path-to-the-kernel-and-initrds-BLS-fiel.patch @@ -0,0 +1,73 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Mon, 4 Jun 2018 16:10:22 +0200 +Subject: [PATCH] Add relative path to the kernel and initrds BLS fields if + needed + +The static BLS config file shipped with the kernel package assumes that +the /boot directory is a mount point, and that the kernel and initramfs +images relative path is to the root of a boot partition. + +But there are cases in which this isn't true, for example if a user has +its /boot in a btrfs subvolume or if /boot isn't a mount point at all. + +So instead of always using the BLS fragment file as distributed by the +package, check the relative path that GRUB 2 has to use for the images. + +Signed-off-by: Javier Martinez Canillas +--- + util/grub-switch-to-blscfg.in | 20 +++++++++++++++++--- + 1 file changed, 17 insertions(+), 3 deletions(-) + +diff --git a/util/grub-switch-to-blscfg.in b/util/grub-switch-to-blscfg.in +index 89487ad61..2482483a4 100644 +--- a/util/grub-switch-to-blscfg.in ++++ b/util/grub-switch-to-blscfg.in +@@ -188,6 +188,7 @@ fi + mkbls() { + local kernelver=$1 && shift + local datetime=$1 && shift ++ local bootprefix=$1 && shift + + local debugname="" + local debugid="" +@@ -206,8 +207,8 @@ mkbls() { + cat <"${bls_target}" + fi + ++ linux="$(grep '^linux[ \t]' "${bls_target}" | sed -e 's,^linux[ \t]*,,')" ++ initrd="$(grep '^initrd[ \t]' "${bls_target}" | sed -e 's,^initrd[ \t]*,,')" ++ linux_relpath="$("${grub_mkrelpath}" /boot/$linux)" ++ initrd_relpath="$("${grub_mkrelpath}" /boot/$initrd)" ++ ++ if [[ $linux != $linux_relpath ]]; then ++ sed -i -e "s,^linux.*,linux ${linux_relpath},g" "${bls_target}" ++ sed -i -e "s,^initrd.*,initrd ${initrd_relpath},g" "${bls_target}" ++ fi ++ + if [ "x$GRUB_LINUX_MAKE_DEBUG" = "xtrue" ]; then + arch="$(uname -m)" + bls_debug="$(echo ${bls_target} | sed -e "s/\.${arch}/-debug.${arch}/")" +@@ -247,7 +258,10 @@ for kernelver in $(cd /lib/modules/ ; ls -1) "" ; do + done + + if [[ -f "/boot/vmlinuz-0-rescue-${MACHINE_ID}" ]]; then +- mkbls "0-rescue-${MACHINE_ID}" "0" >"${blsdir}/${MACHINE_ID}-0-rescue.conf" ++ if [[ $linux != $linux_relpath ]]; then ++ bootprefix="$(dirname ${linux_relpath})" ++ fi ++ mkbls "0-rescue-${MACHINE_ID}" "0" "${bootprefix}" >"${blsdir}/${MACHINE_ID}-0-rescue.conf" + fi + + GENERATE=0 diff --git a/SOURCES/0154-Skip-leading-spaces-on-BLS-field-values.patch b/SOURCES/0154-Skip-leading-spaces-on-BLS-field-values.patch new file mode 100644 index 0000000..c0b4ee9 --- /dev/null +++ b/SOURCES/0154-Skip-leading-spaces-on-BLS-field-values.patch @@ -0,0 +1,56 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Thu, 7 Jun 2018 00:44:51 +0200 +Subject: [PATCH] Skip leading spaces on BLS field values + +The GRUB 2 blscfg command doesn't parse correctly the BLS fields if these +have extra spaces before the field values. For example, the following BLS +fragment generates a wrong menu entry due using spaces to tabulate values: + +title Fedora 28 (Twenty Eight) +version 4.16.13-300.fc28.x86_64 +machine-id e5c131dfee3249cbb9891c2641d8e350 +linux /vmlinuz-4.16.13-300.fc28.x86_64 +initrd /initramfs-4.16.13-300.fc28.x86_64.img +options root=/dev/mapper/fedora-root ro + +Wrong generated menu entry: + +load_video +set gfx_payload=keep +insmod gzio +linux ($root) /vmlinuz-4.16.13-300.fc28.x86_64 root=/dev/mapper/fedora-root ro +initrd ($root) /initramfs-4.16.13-300.fc28.x86_64.img + +Correct menu entry after the fix: + +load_video +set gfx_payload=keep +insmod gzio +linux ($root)/vmlinuz-4.16.13-300.fc28.x86_64 root=/dev/mapper/fedora-root ro +initrd ($root)/initramfs-4.16.13-300.fc28.x86_64.img + +Resolves: rhbz#1588184 + +Signed-off-by: Javier Martinez Canillas +--- + grub-core/commands/blscfg.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/grub-core/commands/blscfg.c b/grub-core/commands/blscfg.c +index fb08d8e4c..831cdcacc 100644 +--- a/grub-core/commands/blscfg.c ++++ b/grub-core/commands/blscfg.c +@@ -448,7 +448,11 @@ static int read_entry ( + + separator[0] = '\0'; + +- rc = bls_add_keyval (entry, buf, separator+1); ++ do { ++ separator++; ++ } while (*separator == ' ' || *separator == '\t'); ++ ++ rc = bls_add_keyval (entry, buf, separator); + grub_free (buf); + if (rc < 0) + break; diff --git a/SOURCES/0155-Fixup-for-newer-compiler.patch b/SOURCES/0155-Fixup-for-newer-compiler.patch new file mode 100644 index 0000000..c6ccf12 --- /dev/null +++ b/SOURCES/0155-Fixup-for-newer-compiler.patch @@ -0,0 +1,22 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Thu, 10 May 2018 13:40:19 -0400 +Subject: [PATCH] Fixup for newer compiler + +--- + conf/Makefile.common | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/conf/Makefile.common b/conf/Makefile.common +index 044ab3abe..c75848f5c 100644 +--- a/conf/Makefile.common ++++ b/conf/Makefile.common +@@ -38,7 +38,7 @@ CFLAGS_KERNEL = $(CFLAGS_PLATFORM) -ffreestanding + LDFLAGS_KERNEL = $(LDFLAGS_PLATFORM) -nostdlib $(TARGET_LDFLAGS_OLDMAGIC) + CPPFLAGS_KERNEL = $(CPPFLAGS_CPU) $(CPPFLAGS_PLATFORM) -DGRUB_KERNEL=1 + CCASFLAGS_KERNEL = $(CCASFLAGS_CPU) $(CCASFLAGS_PLATFORM) +-STRIPFLAGS_KERNEL = -R .eh_frame -R .rel.dyn -R .reginfo -R .note -R .comment -R .drectve -R .note.gnu.gold-version -R .MIPS.abiflags -R .ARM.exidx ++STRIPFLAGS_KERNEL = -R .eh_frame -R .rel.dyn -R .reginfo -R .note -R .comment -R .drectve -R .note.gnu.gold-version -R .MIPS.abiflags -R .ARM.exidx -R .note.gnu.property -R .gnu.build.attributes + + CFLAGS_MODULE = $(CFLAGS_PLATFORM) -ffreestanding + LDFLAGS_MODULE = $(LDFLAGS_PLATFORM) -nostdlib $(TARGET_LDFLAGS_OLDMAGIC) -Wl,-r,-d diff --git a/SOURCES/0156-TPM-Fix-hash_log_extend_event-function-prototype.patch b/SOURCES/0156-TPM-Fix-hash_log_extend_event-function-prototype.patch new file mode 100644 index 0000000..fadda1e --- /dev/null +++ b/SOURCES/0156-TPM-Fix-hash_log_extend_event-function-prototype.patch @@ -0,0 +1,50 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Hans de Goede +Date: Fri, 15 Jun 2018 09:25:00 +0200 +Subject: [PATCH] TPM: Fix hash_log_extend_event function prototype + +The DataToHash argument is a efi_physical_address, not a *pointer* to +a efi_physical_address. + +This distinction is important for 32 bits builds, where the pointer is +only 32 bits where as an efi_physical_address is 64 bits. + +Fixing this fixes the tpm code not working with 32 bits build and grub +showing multiple: + +error: Invalid parameter + +Messages during boot, followed by a "press any key to continue" message. + +Signed-off-by: Hans de Goede +--- + grub-core/kern/efi/tpm.c | 2 +- + include/grub/efi/tpm.h | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/grub-core/kern/efi/tpm.c b/grub-core/kern/efi/tpm.c +index c9fb3c133..36e1f69df 100644 +--- a/grub-core/kern/efi/tpm.c ++++ b/grub-core/kern/efi/tpm.c +@@ -245,7 +245,7 @@ grub_tpm2_log_event(grub_efi_handle_t tpm_handle, unsigned char *buf, + event->Size = sizeof(*event) - sizeof(event->Event) + grub_strlen(description) + 1; + grub_memcpy(event->Event, description, grub_strlen(description) + 1); + +- status = efi_call_5 (tpm->hash_log_extend_event, tpm, 0, buf, ++ status = efi_call_5 (tpm->hash_log_extend_event, tpm, 0, (unsigned long) buf, + (grub_uint64_t) size, event); + + switch (status) { +diff --git a/include/grub/efi/tpm.h b/include/grub/efi/tpm.h +index e2aff4a3c..63d8a0fe7 100644 +--- a/include/grub/efi/tpm.h ++++ b/include/grub/efi/tpm.h +@@ -129,7 +129,7 @@ struct grub_efi_tpm2_protocol + grub_efi_boolean_t *EventLogTruncated); + grub_efi_status_t (*hash_log_extend_event) (struct grub_efi_tpm2_protocol *this, + grub_efi_uint64_t Flags, +- grub_efi_physical_address_t *DataToHash, ++ grub_efi_physical_address_t DataToHash, + grub_efi_uint64_t DataToHashLen, + EFI_TCG2_EVENT *EfiTcgEvent); + grub_efi_status_t (*submit_command) (struct grub_efi_tpm2_protocol *this, diff --git a/SOURCES/0157-TPM-Fix-compiler-warnings.patch b/SOURCES/0157-TPM-Fix-compiler-warnings.patch new file mode 100644 index 0000000..3787b1f --- /dev/null +++ b/SOURCES/0157-TPM-Fix-compiler-warnings.patch @@ -0,0 +1,72 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Hans de Goede +Date: Fri, 15 Jun 2018 09:58:50 +0200 +Subject: [PATCH] TPM: Fix compiler warnings + +Stop defining our own Event type in tpm.c instead use the one from +the header, so that it matches the function prototype. +Note this requires some further code changes to go from all lowercaps +of the private Event type to the CamelCaps from the header. + +Also cast buf, which gets passed as a efi_physicall_address_t to an +integer, to avoid the compiler complaining about passing a pointer as +an integer. + +Signed-off-by: Hans de Goede +--- + grub-core/kern/efi/tpm.c | 24 ++++++++---------------- + 1 file changed, 8 insertions(+), 16 deletions(-) + +diff --git a/grub-core/kern/efi/tpm.c b/grub-core/kern/efi/tpm.c +index 36e1f69df..0d3ebe22e 100644 +--- a/grub-core/kern/efi/tpm.c ++++ b/grub-core/kern/efi/tpm.c +@@ -161,21 +161,12 @@ grub_tpm_execute(PassThroughToTPM_InputParamBlock *inbuf, + } + } + +-typedef struct { +- grub_uint32_t pcrindex; +- grub_uint32_t eventtype; +- grub_uint8_t digest[20]; +- grub_uint32_t eventsize; +- grub_uint8_t event[1]; +-} Event; +- +- + static grub_err_t + grub_tpm1_log_event(grub_efi_handle_t tpm_handle, unsigned char *buf, + grub_size_t size, grub_uint8_t pcr, + const char *description) + { +- Event *event; ++ TCG_PCR_EVENT *event; + grub_efi_status_t status; + grub_efi_tpm_protocol_t *tpm; + grub_efi_physical_address_t lastevent; +@@ -188,18 +179,19 @@ grub_tpm1_log_event(grub_efi_handle_t tpm_handle, unsigned char *buf, + if (!grub_tpm_present(tpm)) + return 0; + +- event = grub_zalloc(sizeof (Event) + grub_strlen(description) + 1); ++ event = grub_zalloc(sizeof (TCG_PCR_EVENT) + grub_strlen(description) + 1); + if (!event) + return grub_error (GRUB_ERR_OUT_OF_MEMORY, + N_("cannot allocate TPM event buffer")); + +- event->pcrindex = pcr; +- event->eventtype = EV_IPL; +- event->eventsize = grub_strlen(description) + 1; +- grub_memcpy(event->event, description, event->eventsize); ++ event->PCRIndex = pcr; ++ event->EventType = EV_IPL; ++ event->EventSize = grub_strlen(description) + 1; ++ grub_memcpy(event->Event, description, event->EventSize); + + algorithm = TCG_ALG_SHA; +- status = efi_call_7 (tpm->log_extend_event, tpm, buf, (grub_uint64_t) size, ++ status = efi_call_7 (tpm->log_extend_event, tpm, ++ (unsigned long) buf, (grub_uint64_t) size, + algorithm, event, &eventnum, &lastevent); + + switch (status) { diff --git a/SOURCES/0158-grub-switch-to-blscfg.in-get-rid-of-a-bunch-of-bashi.patch b/SOURCES/0158-grub-switch-to-blscfg.in-get-rid-of-a-bunch-of-bashi.patch new file mode 100644 index 0000000..0c96f6c --- /dev/null +++ b/SOURCES/0158-grub-switch-to-blscfg.in-get-rid-of-a-bunch-of-bashi.patch @@ -0,0 +1,113 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Fri, 22 Jun 2018 14:01:06 -0400 +Subject: [PATCH] grub-switch-to-blscfg.in: get rid of a bunch of bashisms + +Since this says /bin/sh at the top, it should work with dash. + +Signed-off-by: Peter Jones +--- + util/grub-switch-to-blscfg.in | 30 +++++++++++++++--------------- + 1 file changed, 15 insertions(+), 15 deletions(-) + +diff --git a/util/grub-switch-to-blscfg.in b/util/grub-switch-to-blscfg.in +index 2482483a4..dac41e738 100644 +--- a/util/grub-switch-to-blscfg.in ++++ b/util/grub-switch-to-blscfg.in +@@ -151,18 +151,18 @@ done + + find_grub_cfg() { + local candidate="" +- while [[ -e "${candidate}" || $# -gt 0 ]] ++ while [ -e "${candidate}" -o $# -gt 0 ] + do +- if [[ ! -e "${candidate}" ]] ; then ++ if [ ! -e "${candidate}" ] ; then + candidate="$1" + shift + fi + +- if [[ -L "${candidate}" ]]; then ++ if [ -L "${candidate}" ]; then + candidate="$(realpath "${candidate}")" + fi + +- if [[ -f "${candidate}" ]]; then ++ if [ -f "${candidate}" ]; then + export GRUB_CONFIG_FILE="${candidate}" + return 0 + fi +@@ -175,11 +175,11 @@ if ! find_grub_cfg ${startlink} ${grubdir}/grub.cfg ; then + exit 1 + fi + +-if [[ ! -d "${blsdir}" ]]; then ++if [ ! -d "${blsdir}" ]; then + install -m 700 -d "${blsdir}" + fi + +-if [[ -f /etc/machine-id ]]; then ++if [ -f /etc/machine-id ]; then + MACHINE_ID=$(cat /etc/machine-id) + else + MACHINE_ID=$(dmesg | sha256sum) +@@ -194,9 +194,9 @@ mkbls() { + local debugid="" + local flavor="" + +- if [[ "$kernelver" == *\+* ]] ; then ++ if [ "$kernelver" == *\+* ] ; then + local flavor=-"${kernelver##*+}" +- if [[ "${flavor}" == "-debug" ]]; then ++ if [ "${flavor}" == "-debug" ]; then + local debugname=" with debugging" + local debugid="-debug" + fi +@@ -219,15 +219,15 @@ EOF + } + + for kernelver in $(cd /lib/modules/ ; ls -1) "" ; do +- if [[ ! -d "/lib/modules/${kernelver}" ]] ; then ++ if [ ! -d "/lib/modules/${kernelver}" ] ; then + continue + fi +- if [[ ! -f "/boot/vmlinuz-${kernelver}" ]]; then ++ if [ ! -f "/boot/vmlinuz-${kernelver}" ]; then + continue + fi + bls_target="${blsdir}/${MACHINE_ID}-${kernelver}.conf" + kernel_dir="/lib/modules/${kernelver}" +- if [[ -f "${kernel_dir}/bls.conf" ]]; then ++ if [ -f "${kernel_dir}/bls.conf" ]; then + cp -af "${kernel_dir}/bls.conf" "${bls_target}" + else + mkbls "${kernelver}" \ +@@ -240,7 +240,7 @@ for kernelver in $(cd /lib/modules/ ; ls -1) "" ; do + linux_relpath="$("${grub_mkrelpath}" /boot/$linux)" + initrd_relpath="$("${grub_mkrelpath}" /boot/$initrd)" + +- if [[ $linux != $linux_relpath ]]; then ++ if [ $linux != $linux_relpath ] ; then + sed -i -e "s,^linux.*,linux ${linux_relpath},g" "${bls_target}" + sed -i -e "s,^initrd.*,initrd ${initrd_relpath},g" "${bls_target}" + fi +@@ -257,8 +257,8 @@ for kernelver in $(cd /lib/modules/ ; ls -1) "" ; do + fi + done + +-if [[ -f "/boot/vmlinuz-0-rescue-${MACHINE_ID}" ]]; then +- if [[ $linux != $linux_relpath ]]; then ++if [ -f "/boot/vmlinuz-0-rescue-${MACHINE_ID}" ]; then ++ if [ $linux != $linux_relpath ]; then + bootprefix="$(dirname ${linux_relpath})" + fi + mkbls "0-rescue-${MACHINE_ID}" "0" "${bootprefix}" >"${blsdir}/${MACHINE_ID}-0-rescue.conf" +@@ -282,7 +282,7 @@ elif ! grep -q '^GRUB_ENABLE_BLSCFG=.*' "${etcdefaultgrub}" ; then + GENERATE=1 + fi + +-if [[ "${GENERATE}" -eq 1 ]] ; then ++if [ "${GENERATE}" -eq 1 ] ; then + cp -af "${GRUB_CONFIG_FILE}" "${GRUB_CONFIG_FILE}${backupsuffix}" + if ! grub2-mkconfig -o "${GRUB_CONFIG_FILE}" ; then + cp -af "${GRUB_CONFIG_FILE}${backupsuffix}" "${GRUB_CONFIG_FILE}" diff --git a/SOURCES/0159-grub-switch-to-blscfg.in-Better-boot-prefix-checking.patch b/SOURCES/0159-grub-switch-to-blscfg.in-Better-boot-prefix-checking.patch new file mode 100644 index 0000000..922d134 --- /dev/null +++ b/SOURCES/0159-grub-switch-to-blscfg.in-Better-boot-prefix-checking.patch @@ -0,0 +1,73 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Fri, 22 Jun 2018 14:04:28 -0400 +Subject: [PATCH] grub-switch-to-blscfg.in: Better boot prefix checking + +Signed-off-by: Peter Jones +--- + util/grub-switch-to-blscfg.in | 36 +++++++++++++++++------------------- + 1 file changed, 17 insertions(+), 19 deletions(-) + +diff --git a/util/grub-switch-to-blscfg.in b/util/grub-switch-to-blscfg.in +index dac41e738..884cf45b1 100644 +--- a/util/grub-switch-to-blscfg.in ++++ b/util/grub-switch-to-blscfg.in +@@ -219,30 +219,31 @@ EOF + } + + for kernelver in $(cd /lib/modules/ ; ls -1) "" ; do +- if [ ! -d "/lib/modules/${kernelver}" ] ; then +- continue +- fi +- if [ ! -f "/boot/vmlinuz-${kernelver}" ]; then +- continue +- fi + bls_target="${blsdir}/${MACHINE_ID}-${kernelver}.conf" ++ linux="$(grep '^linux[ \t]' "${bls_target}" | sed -e 's,^linux[ \t]+,,')" + kernel_dir="/lib/modules/${kernelver}" +- if [ -f "${kernel_dir}/bls.conf" ]; then ++ ++ if [ ! -d "${kernel_dir}" ] ; then ++ continue ++ fi ++ if [ ! -f "${linux_path}" ]; then ++ continue ++ fi ++ ++ linux_relpath="$("${grub_mkrelpath}" "${linux}")" ++ bootprefix="${linux%%"${linux_relpath}"}" ++ ++ if [ -f "${kernel_dir}/bls.conf" ] ; then + cp -af "${kernel_dir}/bls.conf" "${bls_target}" + else + mkbls "${kernelver}" \ + "$(date -u +%Y%m%d%H%M%S -d "$(stat -c '%y' "${kernel_dir}")")" \ ++ "${bootprefix}" \ + >"${bls_target}" + fi + +- linux="$(grep '^linux[ \t]' "${bls_target}" | sed -e 's,^linux[ \t]*,,')" +- initrd="$(grep '^initrd[ \t]' "${bls_target}" | sed -e 's,^initrd[ \t]*,,')" +- linux_relpath="$("${grub_mkrelpath}" /boot/$linux)" +- initrd_relpath="$("${grub_mkrelpath}" /boot/$initrd)" +- +- if [ $linux != $linux_relpath ] ; then +- sed -i -e "s,^linux.*,linux ${linux_relpath},g" "${bls_target}" +- sed -i -e "s,^initrd.*,initrd ${initrd_relpath},g" "${bls_target}" ++ if [ -n "${bootprefix}" ]; then ++ sed -i -e "s,\([ \t]\)${bootprefix},\1,g" "${bls_target}" + fi + + if [ "x$GRUB_LINUX_MAKE_DEBUG" = "xtrue" ]; then +@@ -257,10 +258,7 @@ for kernelver in $(cd /lib/modules/ ; ls -1) "" ; do + fi + done + +-if [ -f "/boot/vmlinuz-0-rescue-${MACHINE_ID}" ]; then +- if [ $linux != $linux_relpath ]; then +- bootprefix="$(dirname ${linux_relpath})" +- fi ++if [ -n "${bootprefix}" -a -f "/boot/vmlinuz-0-rescue-${MACHINE_ID}" ]; then + mkbls "0-rescue-${MACHINE_ID}" "0" "${bootprefix}" >"${blsdir}/${MACHINE_ID}-0-rescue.conf" + fi + diff --git a/SOURCES/0160-Use-boot-loader-entries-as-BLS-directory-path-also-o.patch b/SOURCES/0160-Use-boot-loader-entries-as-BLS-directory-path-also-o.patch new file mode 100644 index 0000000..0888517 --- /dev/null +++ b/SOURCES/0160-Use-boot-loader-entries-as-BLS-directory-path-also-o.patch @@ -0,0 +1,152 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Mon, 25 Jun 2018 11:45:33 +0200 +Subject: [PATCH] Use /boot/loader/entries as BLS directory path also on EFI + systems + +For EFI systems, the BLS fragments were stored in the EFI System Partition +(ESP) while in non-EFI systems it was stored in /boot. + +For consistency, it's better to always store the BLS fragments in the same +path regardless of the firmware interface used. + +Also change the grub2-switch-to-blscfg script default BLS directory. + +Signed-off-by: Javier Martinez Canillas +--- + grub-core/commands/blscfg.c | 48 ++++++++++++++++++++++++++++++++----------- + util/grub-switch-to-blscfg.in | 4 ++-- + 2 files changed, 38 insertions(+), 14 deletions(-) + +diff --git a/grub-core/commands/blscfg.c b/grub-core/commands/blscfg.c +index 831cdcacc..70939a818 100644 +--- a/grub-core/commands/blscfg.c ++++ b/grub-core/commands/blscfg.c +@@ -381,9 +381,14 @@ static int bls_cmp(const void *p0, const void *p1, void *state UNUSED) + return rc; + } + ++struct read_entry_info { ++ const char *devid; ++ const char *dirname; ++}; ++ + static int read_entry ( + const char *filename, +- const struct grub_dirhook_info *info UNUSED, ++ const struct grub_dirhook_info *dirhook_info UNUSED, + void *data) + { + grub_size_t n; +@@ -391,8 +396,7 @@ static int read_entry ( + grub_file_t f = NULL; + grub_off_t sz; + struct bls_entry *entry; +- const char *dirname= (const char *)data; +- const char *devid = grub_env_get ("boot"); ++ struct read_entry_info *info = (struct read_entry_info *)data; + + grub_dprintf ("blscfg", "filename: \"%s\"\n", filename); + +@@ -406,7 +410,7 @@ static int read_entry ( + if (grub_strcmp (filename + n - 5, ".conf") != 0) + return 0; + +- p = grub_xasprintf ("(%s)%s/%s", devid, dirname, filename); ++ p = grub_xasprintf ("(%s)%s/%s", info->devid, info->dirname, filename); + + f = grub_file_open (p); + if (!f) +@@ -655,10 +659,13 @@ static int find_entry (const char *filename, + void *data) + { + struct find_entry_info *info = (struct find_entry_info *)data; ++ struct read_entry_info read_entry_info; + grub_file_t f = NULL; + char *grubenv_path = NULL; + grub_envblk_t env = NULL; + char *default_blsdir = NULL; ++ grub_fs_t blsdir_fs = NULL; ++ grub_device_t blsdir_dev = NULL; + const char *blsdir = NULL; + char *saved_env_buf = NULL; + int r = 0; +@@ -678,9 +685,6 @@ static int find_entry (const char *filename, + if (info->platform == PLATFORM_EMU) + default_blsdir = grub_xasprintf ("%s%s", GRUB_BOOT_DEVICE, + GRUB_BLS_CONFIG_PATH); +- else if (info->platform == PLATFORM_EFI) +- default_blsdir = grub_xasprintf ("/EFI/%s%s", filename, +- GRUB_BLS_CONFIG_PATH); + else + default_blsdir = grub_xasprintf ("%s", GRUB_BLS_CONFIG_PATH); + +@@ -744,16 +748,33 @@ static int find_entry (const char *filename, + goto finish; + + grub_dprintf ("blscfg", "blsdir: \"%s\"\n", blsdir); +- if (blsdir[0] != '/' && info->platform == PLATFORM_EFI) +- blsdir = grub_xasprintf ("/EFI/%s/%s/", filename, blsdir); +- else +- blsdir = grub_strdup (blsdir); ++ blsdir = grub_strdup (blsdir); + + if (!blsdir) + goto finish; + + grub_dprintf ("blscfg", "blsdir: \"%s\"\n", blsdir); +- r = info->fs->dir (info->dev, blsdir, read_entry, (char *)blsdir); ++ if (info->platform == PLATFORM_EFI) { ++ read_entry_info.devid = grub_env_get ("root"); ++ if (!read_entry_info.devid) ++ goto finish; ++ ++ blsdir_dev = grub_device_open (read_entry_info.devid); ++ if (!blsdir_dev) ++ goto finish; ++ ++ blsdir_fs = grub_fs_probe (blsdir_dev); ++ if (!blsdir_fs) ++ goto finish; ++ ++ } else { ++ read_entry_info.devid = devid; ++ blsdir_dev = info->dev; ++ blsdir_fs = info->fs; ++ } ++ read_entry_info.dirname = blsdir; ++ ++ r = blsdir_fs->dir (blsdir_dev, blsdir, read_entry, &read_entry_info); + if (r != 0) { + grub_dprintf ("blscfg", "read_entry returned error\n"); + grub_err_t e; +@@ -773,6 +794,9 @@ static int find_entry (const char *filename, + for (r = 0; r < nentries; r++) + bls_free_entry (entries[r]); + finish: ++ if (info->platform == PLATFORM_EFI && blsdir_dev) ++ grub_device_close (blsdir_dev); ++ + nentries = 0; + + grub_free (entries); +diff --git a/util/grub-switch-to-blscfg.in b/util/grub-switch-to-blscfg.in +index 884cf45b1..2f37a1f74 100644 +--- a/util/grub-switch-to-blscfg.in ++++ b/util/grub-switch-to-blscfg.in +@@ -44,13 +44,13 @@ EFIDIR=$(grep ^ID= /etc/os-release | sed -e 's/^ID=//' -e 's/rhel/redhat/') + if [ -d /sys/firmware/efi/efivars/ ]; then + startlink=/etc/grub2-efi.cfg + grubdir=`echo "/@bootdirname@/efi/EFI/${EFIDIR}/" | sed 's,//*,/,g'` +- blsdir=`echo "/@bootdirname@/efi/EFI/${EFIDIR}/loader/entries" | sed 's,//*,/,g'` + else + startlink=/etc/grub2.cfg + grubdir=`echo "/@bootdirname@/@grubdirname@" | sed 's,//*,/,g'` +- blsdir=`echo "/@bootdirname@/loader/entries" | sed 's,//*,/,g'` + fi + ++blsdir=`echo "/@bootdirname@/loader/entries" | sed 's,//*,/,g'` ++ + backupsuffix=.bak + + export TEXTDOMAIN=@PACKAGE@ diff --git a/SOURCES/0161-Use-BLS-fragment-filename-as-menu-entry-id-and-for-c.patch b/SOURCES/0161-Use-BLS-fragment-filename-as-menu-entry-id-and-for-c.patch new file mode 100644 index 0000000..63c2551 --- /dev/null +++ b/SOURCES/0161-Use-BLS-fragment-filename-as-menu-entry-id-and-for-c.patch @@ -0,0 +1,134 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Tue, 26 Jun 2018 14:01:26 +0200 +Subject: [PATCH] Use BLS fragment filename as menu entry id and for criteria + to sort + +The BLS config filenames are guaranteed to be unique, so they can be +used as GRUB2 entry id and can also be used to sort the menu entries. + +Signed-off-by: Javier Martinez Canillas +--- + grub-core/commands/blscfg.c | 62 +++++++++------------------------------------ + 1 file changed, 12 insertions(+), 50 deletions(-) + +diff --git a/grub-core/commands/blscfg.c b/grub-core/commands/blscfg.c +index 70939a818..cd8659384 100644 +--- a/grub-core/commands/blscfg.c ++++ b/grub-core/commands/blscfg.c +@@ -70,6 +70,7 @@ struct bls_entry + { + struct keyval **keyvals; + int nkeyvals; ++ char *filename; + }; + + static struct bls_entry **entries; +@@ -166,6 +167,7 @@ static void bls_free_entry(struct bls_entry *entry) + + grub_free (entry->keyvals); + grub_memset (entry, 0, sizeof (*entry)); ++ grub_free (entry->filename); + grub_free (entry); + } + +@@ -327,58 +329,12 @@ finish: + + typedef int (*void_cmp_t)(void *, void *); + +-static int nulcmp(char *s0, char *s1, void_cmp_t cmp) +-{ +- grub_dprintf("blscfg", "%s got here\n", __func__); +- if (s1 && !s0) +- return 1; +- if (s0 && !s1) +- return -1; +- if (!s0 && !s1) +- return 0; +- if (cmp) +- return cmp(s0, s1); +- return grub_strcmp(s0, s1); +-} +- +-static int +-bls_keyval_cmp(struct bls_entry *e0, struct bls_entry *e1, const char *keyname) +-{ +- char *val0, *val1; +- +- val0 = bls_get_val (e0, keyname, NULL); +- val1 = bls_get_val (e1, keyname, NULL); +- +- if (val1 && !val0) +- return 1; +- +- if (val0 && !val1) +- return -1; +- +- if (!val0 && !val1) +- return 0; +- +- return nulcmp(val0, val1, (void_cmp_t)vercmp); +-} +- + static int bls_cmp(const void *p0, const void *p1, void *state UNUSED) + { + struct bls_entry * e0 = *(struct bls_entry **)p0; + struct bls_entry * e1 = *(struct bls_entry **)p1; +- int rc = 0; + +- rc = bls_keyval_cmp (e0, e1, "id"); +- +- if (rc == 0) +- rc = bls_keyval_cmp (e0, e1, "version"); +- +- if (rc == 0) +- rc = bls_keyval_cmp (e0, e1, "title"); +- +- if (rc == 0) +- rc = bls_keyval_cmp (e0, e1, "linux"); +- +- return rc; ++ return vercmp(e0->filename, e1->filename); + } + + struct read_entry_info { +@@ -424,6 +380,12 @@ static int read_entry ( + if (!entry) + goto finish; + ++ entry->filename = grub_strndup(filename, n - 5); ++ if (!entry->filename) ++ goto finish; ++ ++ entry->filename[n - 5] = '\0'; ++ + for (;;) + { + char *buf; +@@ -548,7 +510,7 @@ static void create_entry (struct bls_entry *entry, const char *cfgfile) + char *options = NULL; + char **initrds = NULL; + char *initrd = NULL; +- char *id = NULL; ++ char *id = entry->filename; + char *hotkey = NULL; + + char *users = NULL; +@@ -570,7 +532,6 @@ static void create_entry (struct bls_entry *entry, const char *cfgfile) + title = bls_get_val (entry, "title", NULL); + options = bls_get_val (entry, "options", NULL); + initrds = bls_make_list (entry, "initrd", NULL); +- id = bls_get_val (entry, "id", NULL); + + hotkey = bls_get_val (entry, "grub_hotkey", NULL); + users = bls_get_val (entry, "grub_users", NULL); +@@ -584,7 +545,8 @@ static void create_entry (struct bls_entry *entry, const char *cfgfile) + argv[i] = args[i-1]; + argv[argc] = NULL; + +- grub_dprintf ("blscfg", "adding menu entry for \"%s\"\n", title); ++ grub_dprintf ("blscfg", "adding menu entry for \"%s\" with id \"%s\"\n", ++ title, id); + if (initrds) + { + int initrd_size = sizeof (GRUB_INITRD_CMD); diff --git a/SOURCES/0162-Fix-grub-switch-to-blscfg-boot-prefix-handling.patch b/SOURCES/0162-Fix-grub-switch-to-blscfg-boot-prefix-handling.patch new file mode 100644 index 0000000..bc380e2 --- /dev/null +++ b/SOURCES/0162-Fix-grub-switch-to-blscfg-boot-prefix-handling.patch @@ -0,0 +1,58 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Mon, 9 Jul 2018 12:19:03 +0200 +Subject: [PATCH] Fix grub-switch-to-blscfg boot prefix handling + +Commit b3ac18e3265f ("grub-switch-to-blscfg.in: Better boot prefix checking") +simplified the boot prefix checking, but unfortunately introduced a couple of +regressions on the script. Fix them. + +Signed-off-by: Javier Martinez Canillas +--- + util/grub-switch-to-blscfg.in | 12 +++++++----- + 1 file changed, 7 insertions(+), 5 deletions(-) + +diff --git a/util/grub-switch-to-blscfg.in b/util/grub-switch-to-blscfg.in +index 2f37a1f74..40612e006 100644 +--- a/util/grub-switch-to-blscfg.in ++++ b/util/grub-switch-to-blscfg.in +@@ -220,7 +220,8 @@ EOF + + for kernelver in $(cd /lib/modules/ ; ls -1) "" ; do + bls_target="${blsdir}/${MACHINE_ID}-${kernelver}.conf" +- linux="$(grep '^linux[ \t]' "${bls_target}" | sed -e 's,^linux[ \t]+,,')" ++ linux="/vmlinuz-${kernelver}" ++ linux_path="/boot${linux}" + kernel_dir="/lib/modules/${kernelver}" + + if [ ! -d "${kernel_dir}" ] ; then +@@ -230,8 +231,8 @@ for kernelver in $(cd /lib/modules/ ; ls -1) "" ; do + continue + fi + +- linux_relpath="$("${grub_mkrelpath}" "${linux}")" +- bootprefix="${linux%%"${linux_relpath}"}" ++ linux_relpath="$("${grub_mkrelpath}" "${linux_path}")" ++ bootprefix="${linux_relpath%%"${linux}"}" + + if [ -f "${kernel_dir}/bls.conf" ] ; then + cp -af "${kernel_dir}/bls.conf" "${bls_target}" +@@ -243,7 +244,8 @@ for kernelver in $(cd /lib/modules/ ; ls -1) "" ; do + fi + + if [ -n "${bootprefix}" ]; then +- sed -i -e "s,\([ \t]\)${bootprefix},\1,g" "${bls_target}" ++ sed -i -e "s,^\(linux[^ \t]*[ \t]\+\).*,\1${bootprefix}${linux},g" "${bls_target}" ++ sed -i -e "/^initrd/ s,\([ \t]\+\)\([^ \t]\+\),\1${bootprefix}\2,g" "${bls_target}" + fi + + if [ "x$GRUB_LINUX_MAKE_DEBUG" = "xtrue" ]; then +@@ -258,7 +260,7 @@ for kernelver in $(cd /lib/modules/ ; ls -1) "" ; do + fi + done + +-if [ -n "${bootprefix}" -a -f "/boot/vmlinuz-0-rescue-${MACHINE_ID}" ]; then ++if [ -f "/boot/vmlinuz-0-rescue-${MACHINE_ID}" ]; then + mkbls "0-rescue-${MACHINE_ID}" "0" "${bootprefix}" >"${blsdir}/${MACHINE_ID}-0-rescue.conf" + fi + diff --git a/SOURCES/0163-Revert-trim-arp-packets-with-abnormal-size.patch b/SOURCES/0163-Revert-trim-arp-packets-with-abnormal-size.patch new file mode 100644 index 0000000..5e02bb7 --- /dev/null +++ b/SOURCES/0163-Revert-trim-arp-packets-with-abnormal-size.patch @@ -0,0 +1,27 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Thu, 18 May 2017 14:25:45 -0400 +Subject: [PATCH] Revert "trim arp packets with abnormal size" + +This reverts commit d11b2eb425d2125f67dd8d8e9b11d9be7d6f3f11. +--- + grub-core/net/arp.c | 6 ------ + 1 file changed, 6 deletions(-) + +diff --git a/grub-core/net/arp.c b/grub-core/net/arp.c +index d1c69ed2b..54306e3b1 100644 +--- a/grub-core/net/arp.c ++++ b/grub-core/net/arp.c +@@ -150,12 +150,6 @@ grub_net_arp_receive (struct grub_net_buff *nb, struct grub_net_card *card, + if (grub_net_addr_cmp (&inf->address, &target_addr) == 0 + && arp_packet->op == grub_cpu_to_be16_compile_time (ARP_REQUEST)) + { +- if ((nb->tail - nb->data) > 50) +- { +- grub_dprintf ("net", "arp packet with abnormal size (%ld bytes).\n", +- nb->tail - nb->data); +- nb->tail = nb->data + 50; +- } + grub_net_link_level_address_t target; + struct grub_net_buff nb_reply; + struct arppkt *arp_reply; diff --git a/SOURCES/0164-Use-xid-to-match-DHCP-replies.patch b/SOURCES/0164-Use-xid-to-match-DHCP-replies.patch new file mode 100644 index 0000000..b2eca7c --- /dev/null +++ b/SOURCES/0164-Use-xid-to-match-DHCP-replies.patch @@ -0,0 +1,65 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Andrzej Kacprowski +Date: Fri, 21 Apr 2017 09:20:38 +0200 +Subject: [PATCH] Use xid to match DHCP replies + +Transaction identifier (xid) from DHCP request +packet is stored in network level interface and used +to match request with the responses it generates. + +Resolves: rhbz#1370642 + +Signed-off-by: Andrzej Kacprowski +--- + grub-core/net/bootp.c | 3 ++- + grub-core/net/ip.c | 1 + + include/grub/net.h | 3 ++- + 3 files changed, 5 insertions(+), 2 deletions(-) + +diff --git a/grub-core/net/bootp.c b/grub-core/net/bootp.c +index da3e45446..2869482fe 100644 +--- a/grub-core/net/bootp.c ++++ b/grub-core/net/bootp.c +@@ -777,7 +777,8 @@ grub_cmd_bootp (struct grub_command *cmd __attribute__ ((unused)), + grub_errno = GRUB_ERR_NONE; + t = 0; + } +- pack->ident = grub_cpu_to_be32 (t); ++ pack->xid = grub_cpu_to_be32 (t); ++ ifaces[j].dhcp_xid = pack->xid; + pack->seconds = grub_cpu_to_be16 (t); + + grub_memcpy (&pack->mac_addr, &ifaces[j].hwaddress.mac, 6); +diff --git a/grub-core/net/ip.c b/grub-core/net/ip.c +index 7c95cc746..8411e0ecc 100644 +--- a/grub-core/net/ip.c ++++ b/grub-core/net/ip.c +@@ -275,6 +275,7 @@ handle_dgram (struct grub_net_buff *nb, + FOR_NET_NETWORK_LEVEL_INTERFACES (inf) + if (inf->card == card + && inf->address.type == GRUB_NET_NETWORK_LEVEL_PROTOCOL_DHCP_RECV ++ && inf->dhcp_xid == bootp->xid + && inf->hwaddress.type == GRUB_NET_LINK_LEVEL_PROTOCOL_ETHERNET + && grub_memcmp (inf->hwaddress.mac, &bootp->mac_addr, + sizeof (inf->hwaddress.mac)) == 0) +diff --git a/include/grub/net.h b/include/grub/net.h +index f8f3ec13a..de51894cb 100644 +--- a/include/grub/net.h ++++ b/include/grub/net.h +@@ -292,6 +292,7 @@ struct grub_net_network_level_interface + struct grub_net_bootp_packet *dhcp_ack; + grub_size_t dhcp_acklen; + grub_uint16_t vlantag; ++ grub_uint32_t dhcp_xid; + void *data; + }; + +@@ -429,7 +430,7 @@ struct grub_net_bootp_packet + grub_uint8_t hw_type; /* hardware type. */ + grub_uint8_t hw_len; /* hardware addr len. */ + grub_uint8_t gate_hops; /* zero it. */ +- grub_uint32_t ident; /* random number chosen by client. */ ++ grub_uint32_t xid; /* transaction id chosen by client. */ + grub_uint16_t seconds; /* seconds since did initial bootstrap. */ + grub_uint16_t flags; + grub_uint32_t client_ip; diff --git a/SOURCES/0165-Add-support-for-non-Ethernet-network-cards.patch b/SOURCES/0165-Add-support-for-non-Ethernet-network-cards.patch new file mode 100644 index 0000000..d4c7efd --- /dev/null +++ b/SOURCES/0165-Add-support-for-non-Ethernet-network-cards.patch @@ -0,0 +1,764 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Andrzej Kacprowski +Date: Fri, 21 Apr 2017 10:06:20 +0200 +Subject: [PATCH] Add support for non-Ethernet network cards + +This patch replaces fixed 6-byte link layer address with +up to 32-byte variable sized address. +This allows supporting Infiniband and Omni-Path fabric +which use 20-byte address, but other network card types +can also take advantage of this change. +The network card driver is responsible for replacing L2 +header provided by grub2 if needed. +This approach is compatible with UEFI network stack which +also allows up to 32-byte variable size link address. + +The BOOTP/DHCP packet format is limited to 16 byte client +hardware address, if link address is more that 16-bytes +then chaddr field in BOOTP it will be set to 0 as per rfc4390. + +Resolves: rhbz#1370642 + +Signed-off-by: Andrzej Kacprowski + +Conflicts: + grub-core/net/ip.c +--- + grub-core/net/arp.c | 155 ++++++++++++++++++++++----------- + grub-core/net/bootp.c | 14 ++- + grub-core/net/drivers/efi/efinet.c | 8 +- + grub-core/net/drivers/emu/emunet.c | 1 + + grub-core/net/drivers/i386/pc/pxe.c | 13 +-- + grub-core/net/drivers/ieee1275/ofnet.c | 2 + + grub-core/net/drivers/uboot/ubootnet.c | 1 + + grub-core/net/ethernet.c | 88 +++++++++---------- + grub-core/net/icmp6.c | 15 ++-- + grub-core/net/ip.c | 4 +- + grub-core/net/net.c | 48 +++++----- + include/grub/net.h | 19 ++-- + 12 files changed, 216 insertions(+), 152 deletions(-) + +diff --git a/grub-core/net/arp.c b/grub-core/net/arp.c +index 54306e3b1..67b409a8a 100644 +--- a/grub-core/net/arp.c ++++ b/grub-core/net/arp.c +@@ -31,22 +31,12 @@ enum + ARP_REPLY = 2 + }; + +-enum +- { +- /* IANA ARP constant to define hardware type as ethernet. */ +- GRUB_NET_ARPHRD_ETHERNET = 1 +- }; +- +-struct arppkt { ++struct arphdr { + grub_uint16_t hrd; + grub_uint16_t pro; + grub_uint8_t hln; + grub_uint8_t pln; + grub_uint16_t op; +- grub_uint8_t sender_mac[6]; +- grub_uint32_t sender_ip; +- grub_uint8_t recv_mac[6]; +- grub_uint32_t recv_ip; + } GRUB_PACKED; + + static int have_pending; +@@ -57,12 +47,16 @@ grub_net_arp_send_request (struct grub_net_network_level_interface *inf, + const grub_net_network_level_address_t *proto_addr) + { + struct grub_net_buff nb; +- struct arppkt *arp_packet; ++ struct arphdr *arp_header; + grub_net_link_level_address_t target_mac_addr; + grub_err_t err; + int i; + grub_uint8_t *nbd; + grub_uint8_t arp_data[128]; ++ grub_uint8_t hln; ++ grub_uint8_t pln; ++ grub_uint8_t arp_packet_len; ++ grub_uint8_t *tmp_ptr; + + if (proto_addr->type != GRUB_NET_NETWORK_LEVEL_PROTOCOL_IPV4) + return grub_error (GRUB_ERR_BUG, "unsupported address family"); +@@ -73,23 +67,39 @@ grub_net_arp_send_request (struct grub_net_network_level_interface *inf, + grub_netbuff_clear (&nb); + grub_netbuff_reserve (&nb, 128); + +- err = grub_netbuff_push (&nb, sizeof (*arp_packet)); ++ hln = inf->card->default_address.len; ++ pln = sizeof (proto_addr->ipv4); ++ arp_packet_len = sizeof (*arp_header) + 2 * (hln + pln); ++ ++ err = grub_netbuff_push (&nb, arp_packet_len); + if (err) + return err; + +- arp_packet = (struct arppkt *) nb.data; +- arp_packet->hrd = grub_cpu_to_be16_compile_time (GRUB_NET_ARPHRD_ETHERNET); +- arp_packet->hln = 6; +- arp_packet->pro = grub_cpu_to_be16_compile_time (GRUB_NET_ETHERTYPE_IP); +- arp_packet->pln = 4; +- arp_packet->op = grub_cpu_to_be16_compile_time (ARP_REQUEST); +- /* Sender hardware address. */ +- grub_memcpy (arp_packet->sender_mac, &inf->hwaddress.mac, 6); +- arp_packet->sender_ip = inf->address.ipv4; +- grub_memset (arp_packet->recv_mac, 0, 6); +- arp_packet->recv_ip = proto_addr->ipv4; +- /* Target protocol address */ +- grub_memset (&target_mac_addr.mac, 0xff, 6); ++ arp_header = (struct arphdr *) nb.data; ++ arp_header->hrd = grub_cpu_to_be16 (inf->card->default_address.type); ++ arp_header->hln = hln; ++ arp_header->pro = grub_cpu_to_be16_compile_time (GRUB_NET_ETHERTYPE_IP); ++ arp_header->pln = pln; ++ arp_header->op = grub_cpu_to_be16_compile_time (ARP_REQUEST); ++ tmp_ptr = nb.data + sizeof (*arp_header); ++ ++ /* The source hardware address. */ ++ grub_memcpy (tmp_ptr, inf->hwaddress.mac, hln); ++ tmp_ptr += hln; ++ ++ /* The source protocol address. */ ++ grub_memcpy (tmp_ptr, &inf->address.ipv4, pln); ++ tmp_ptr += pln; ++ ++ /* The target hardware address. */ ++ grub_memset (tmp_ptr, 0, hln); ++ tmp_ptr += hln; ++ ++ /* The target protocol address */ ++ grub_memcpy (tmp_ptr, &proto_addr->ipv4, pln); ++ tmp_ptr += pln; ++ ++ grub_memset (&target_mac_addr.mac, 0xff, hln); + + nbd = nb.data; + send_ethernet_packet (inf, &nb, target_mac_addr, GRUB_NET_ETHERTYPE_ARP); +@@ -114,28 +124,53 @@ grub_err_t + grub_net_arp_receive (struct grub_net_buff *nb, struct grub_net_card *card, + grub_uint16_t *vlantag) + { +- struct arppkt *arp_packet = (struct arppkt *) nb->data; ++ struct arphdr *arp_header = (struct arphdr *) nb->data; + grub_net_network_level_address_t sender_addr, target_addr; + grub_net_link_level_address_t sender_mac_addr; + struct grub_net_network_level_interface *inf; ++ grub_uint16_t hw_type; ++ grub_uint8_t hln; ++ grub_uint8_t pln; ++ grub_uint8_t arp_packet_len; ++ grub_uint8_t *tmp_ptr; + +- if (arp_packet->pro != grub_cpu_to_be16_compile_time (GRUB_NET_ETHERTYPE_IP) +- || arp_packet->pln != 4 || arp_packet->hln != 6 +- || nb->tail - nb->data < (int) sizeof (*arp_packet)) ++ hw_type = card->default_address.type; ++ hln = card->default_address.len; ++ pln = sizeof(sender_addr.ipv4); ++ arp_packet_len = sizeof (*arp_header) + 2 * (pln + hln); ++ ++ if (arp_header->pro != grub_cpu_to_be16_compile_time (GRUB_NET_ETHERTYPE_IP) ++ || arp_header->hrd != grub_cpu_to_be16 (hw_type) ++ || arp_header->hln != hln || arp_header->pln != pln ++ || nb->tail - nb->data < (int) arp_packet_len) { + return GRUB_ERR_NONE; ++ } + ++ tmp_ptr = nb->data + sizeof (*arp_header); ++ ++ /* The source hardware address. */ ++ sender_mac_addr.type = hw_type; ++ sender_mac_addr.len = hln; ++ grub_memcpy (sender_mac_addr.mac, tmp_ptr, hln); ++ tmp_ptr += hln; ++ ++ /* The source protocol address. */ + sender_addr.type = GRUB_NET_NETWORK_LEVEL_PROTOCOL_IPV4; ++ grub_memcpy(&sender_addr.ipv4, tmp_ptr, pln); ++ tmp_ptr += pln; ++ ++ grub_net_link_layer_add_address (card, &sender_addr, &sender_mac_addr, 1); ++ ++ /* The target hardware address. */ ++ tmp_ptr += hln; ++ ++ /* The target protocol address. */ + target_addr.type = GRUB_NET_NETWORK_LEVEL_PROTOCOL_IPV4; +- sender_addr.ipv4 = arp_packet->sender_ip; +- target_addr.ipv4 = arp_packet->recv_ip; +- if (arp_packet->sender_ip == pending_req) ++ grub_memcpy(&target_addr.ipv4, tmp_ptr, pln); ++ ++ if (sender_addr.ipv4 == pending_req) + have_pending = 1; + +- sender_mac_addr.type = GRUB_NET_LINK_LEVEL_PROTOCOL_ETHERNET; +- grub_memcpy (sender_mac_addr.mac, arp_packet->sender_mac, +- sizeof (sender_mac_addr.mac)); +- grub_net_link_layer_add_address (card, &sender_addr, &sender_mac_addr, 1); +- + FOR_NET_NETWORK_LEVEL_INTERFACES (inf) + { + /* Verify vlantag id */ +@@ -148,11 +183,11 @@ grub_net_arp_receive (struct grub_net_buff *nb, struct grub_net_card *card, + + /* Am I the protocol address target? */ + if (grub_net_addr_cmp (&inf->address, &target_addr) == 0 +- && arp_packet->op == grub_cpu_to_be16_compile_time (ARP_REQUEST)) ++ && arp_header->op == grub_cpu_to_be16_compile_time (ARP_REQUEST)) + { + grub_net_link_level_address_t target; + struct grub_net_buff nb_reply; +- struct arppkt *arp_reply; ++ struct arphdr *arp_reply; + grub_uint8_t arp_data[128]; + grub_err_t err; + +@@ -161,25 +196,39 @@ grub_net_arp_receive (struct grub_net_buff *nb, struct grub_net_card *card, + grub_netbuff_clear (&nb_reply); + grub_netbuff_reserve (&nb_reply, 128); + +- err = grub_netbuff_push (&nb_reply, sizeof (*arp_packet)); ++ err = grub_netbuff_push (&nb_reply, arp_packet_len); + if (err) + return err; + +- arp_reply = (struct arppkt *) nb_reply.data; ++ arp_reply = (struct arphdr *) nb_reply.data; + +- arp_reply->hrd = grub_cpu_to_be16_compile_time (GRUB_NET_ARPHRD_ETHERNET); ++ arp_reply->hrd = grub_cpu_to_be16 (hw_type); + arp_reply->pro = grub_cpu_to_be16_compile_time (GRUB_NET_ETHERTYPE_IP); +- arp_reply->pln = 4; +- arp_reply->hln = 6; ++ arp_reply->pln = pln; ++ arp_reply->hln = hln; + arp_reply->op = grub_cpu_to_be16_compile_time (ARP_REPLY); +- arp_reply->sender_ip = arp_packet->recv_ip; +- arp_reply->recv_ip = arp_packet->sender_ip; +- arp_reply->hln = 6; +- +- target.type = GRUB_NET_LINK_LEVEL_PROTOCOL_ETHERNET; +- grub_memcpy (target.mac, arp_packet->sender_mac, 6); +- grub_memcpy (arp_reply->sender_mac, inf->hwaddress.mac, 6); +- grub_memcpy (arp_reply->recv_mac, arp_packet->sender_mac, 6); ++ ++ tmp_ptr = nb_reply.data + sizeof (*arp_reply); ++ ++ /* The source hardware address. */ ++ grub_memcpy (tmp_ptr, inf->hwaddress.mac, hln); ++ tmp_ptr += hln; ++ ++ /* The source protocol address. */ ++ grub_memcpy (tmp_ptr, &target_addr.ipv4, pln); ++ tmp_ptr += pln; ++ ++ /* The target hardware address. */ ++ grub_memcpy (tmp_ptr, sender_mac_addr.mac, hln); ++ tmp_ptr += hln; ++ ++ /* The target protocol address */ ++ grub_memcpy (tmp_ptr, &sender_addr.ipv4, pln); ++ tmp_ptr += pln; ++ ++ target.type = hw_type; ++ target.len = hln; ++ grub_memcpy (target.mac, sender_mac_addr.mac, hln); + + /* Change operation to REPLY and send packet */ + send_ethernet_packet (inf, &nb_reply, target, GRUB_NET_ETHERTYPE_ARP); +diff --git a/grub-core/net/bootp.c b/grub-core/net/bootp.c +index 2869482fe..4e55adc55 100644 +--- a/grub-core/net/bootp.c ++++ b/grub-core/net/bootp.c +@@ -219,7 +219,6 @@ grub_net_configure_by_dhcp_ack (const char *name, + int is_def, char **device, char **path) + { + grub_net_network_level_address_t addr; +- grub_net_link_level_address_t hwaddr; + struct grub_net_network_level_interface *inter; + int mask = -1; + char server_ip[sizeof ("xxx.xxx.xxx.xxx")]; +@@ -232,12 +231,8 @@ grub_net_configure_by_dhcp_ack (const char *name, + if (path) + *path = 0; + +- grub_memcpy (hwaddr.mac, bp->mac_addr, +- bp->hw_len < sizeof (hwaddr.mac) ? bp->hw_len +- : sizeof (hwaddr.mac)); +- hwaddr.type = GRUB_NET_LINK_LEVEL_PROTOCOL_ETHERNET; +- +- inter = grub_net_add_addr (name, card, &addr, &hwaddr, flags); ++ grub_dprintf("dhcp", "configuring dhcp for %s\n", name); ++ inter = grub_net_add_addr (name, card, &addr, &card->default_address, flags); + if (!inter) + return 0; + +@@ -770,7 +765,8 @@ grub_cmd_bootp (struct grub_command *cmd __attribute__ ((unused)), + grub_memset (pack, 0, sizeof (*pack) + 64); + pack->opcode = 1; + pack->hw_type = 1; +- pack->hw_len = 6; ++ pack->hw_len = ifaces[j].hwaddress.len > 16 ? 0 ++ : ifaces[j].hwaddress.len; + err = grub_get_datetime (&date); + if (err || !grub_datetime2unixtime (&date, &t)) + { +@@ -781,7 +777,7 @@ grub_cmd_bootp (struct grub_command *cmd __attribute__ ((unused)), + ifaces[j].dhcp_xid = pack->xid; + pack->seconds = grub_cpu_to_be16 (t); + +- grub_memcpy (&pack->mac_addr, &ifaces[j].hwaddress.mac, 6); ++ grub_memcpy (&pack->mac_addr, &ifaces[j].hwaddress.mac, pack->hw_len); + + grub_netbuff_push (nb, sizeof (*udph)); + +diff --git a/grub-core/net/drivers/efi/efinet.c b/grub-core/net/drivers/efi/efinet.c +index a4daaa460..cd6dba79f 100644 +--- a/grub-core/net/drivers/efi/efinet.c ++++ b/grub-core/net/drivers/efi/efinet.c +@@ -280,6 +280,9 @@ grub_efinet_findcards (void) + /* This should not happen... Why? */ + continue; + ++ if (net->mode->hwaddr_size > GRUB_NET_MAX_LINK_ADDRESS_SIZE) ++ continue; ++ + if (net->mode->state == GRUB_EFI_NETWORK_STOPPED + && efi_call_1 (net->start, net) != GRUB_EFI_SUCCESS) + continue; +@@ -316,10 +319,11 @@ grub_efinet_findcards (void) + card->name = grub_xasprintf ("efinet%d", i++); + card->driver = &efidriver; + card->flags = 0; +- card->default_address.type = GRUB_NET_LINK_LEVEL_PROTOCOL_ETHERNET; ++ card->default_address.type = net->mode->if_type; ++ card->default_address.len = net->mode->hwaddr_size; + grub_memcpy (card->default_address.mac, + net->mode->current_address, +- sizeof (card->default_address.mac)); ++ net->mode->hwaddr_size); + card->efi_net = net; + card->efi_handle = *handle; + +diff --git a/grub-core/net/drivers/emu/emunet.c b/grub-core/net/drivers/emu/emunet.c +index b19492086..5b6c5e16a 100644 +--- a/grub-core/net/drivers/emu/emunet.c ++++ b/grub-core/net/drivers/emu/emunet.c +@@ -46,6 +46,7 @@ static struct grub_net_card emucard = + .mtu = 1500, + .default_address = { + .type = GRUB_NET_LINK_LEVEL_PROTOCOL_ETHERNET, ++ . len = 6, + {.mac = {0, 1, 2, 3, 4, 5}} + }, + .flags = 0 +diff --git a/grub-core/net/drivers/i386/pc/pxe.c b/grub-core/net/drivers/i386/pc/pxe.c +index 3f4152d03..9f8fb4b6d 100644 +--- a/grub-core/net/drivers/i386/pc/pxe.c ++++ b/grub-core/net/drivers/i386/pc/pxe.c +@@ -386,20 +386,21 @@ GRUB_MOD_INIT(pxe) + grub_memset (ui, 0, sizeof (*ui)); + grub_pxe_call (GRUB_PXENV_UNDI_GET_INFORMATION, ui, pxe_rm_entry); + ++ grub_pxe_card.default_address.len = 6; + grub_memcpy (grub_pxe_card.default_address.mac, ui->current_addr, +- sizeof (grub_pxe_card.default_address.mac)); +- for (i = 0; i < sizeof (grub_pxe_card.default_address.mac); i++) ++ grub_pxe_card.default_address.len); ++ for (i = 0; i < grub_pxe_card.default_address.len; i++) + if (grub_pxe_card.default_address.mac[i] != 0) + break; +- if (i != sizeof (grub_pxe_card.default_address.mac)) ++ if (i != grub_pxe_card.default_address.len) + { +- for (i = 0; i < sizeof (grub_pxe_card.default_address.mac); i++) ++ for (i = 0; i < grub_pxe_card.default_address.len; i++) + if (grub_pxe_card.default_address.mac[i] != 0xff) + break; + } +- if (i == sizeof (grub_pxe_card.default_address.mac)) ++ if (i == grub_pxe_card.default_address.len) + grub_memcpy (grub_pxe_card.default_address.mac, ui->permanent_addr, +- sizeof (grub_pxe_card.default_address.mac)); ++ grub_pxe_card.default_address.len); + grub_pxe_card.mtu = ui->mtu; + + grub_pxe_card.default_address.type = GRUB_NET_LINK_LEVEL_PROTOCOL_ETHERNET; +diff --git a/grub-core/net/drivers/ieee1275/ofnet.c b/grub-core/net/drivers/ieee1275/ofnet.c +index 3df75357a..ba50415f5 100644 +--- a/grub-core/net/drivers/ieee1275/ofnet.c ++++ b/grub-core/net/drivers/ieee1275/ofnet.c +@@ -160,6 +160,7 @@ grub_ieee1275_parse_bootpath (const char *devpath, char *bootpath, + grub_uint16_t vlantag = 0; + + hw_addr.type = GRUB_NET_LINK_LEVEL_PROTOCOL_ETHERNET; ++ hw_addr.len = 6; + + args = bootpath + grub_strlen (devpath) + 1; + do +@@ -503,6 +504,7 @@ search_net_devices (struct grub_ieee1275_devalias *alias) + grub_memcpy (&lla.mac, pprop, 6); + + lla.type = GRUB_NET_LINK_LEVEL_PROTOCOL_ETHERNET; ++ lla.len = 6; + card->default_address = lla; + + card->txbufsize = ALIGN_UP (card->mtu, 64) + 256; +diff --git a/grub-core/net/drivers/uboot/ubootnet.c b/grub-core/net/drivers/uboot/ubootnet.c +index 056052e40..22ebcbf21 100644 +--- a/grub-core/net/drivers/uboot/ubootnet.c ++++ b/grub-core/net/drivers/uboot/ubootnet.c +@@ -131,6 +131,7 @@ GRUB_MOD_INIT (ubootnet) + + grub_memcpy (&(card->default_address.mac), &devinfo->di_net.hwaddr, 6); + card->default_address.type = GRUB_NET_LINK_LEVEL_PROTOCOL_ETHERNET; ++ card->default_address.len = 6; + + card->txbufsize = ALIGN_UP (card->mtu, 64) + 256; + card->txbuf = grub_zalloc (card->txbufsize); +diff --git a/grub-core/net/ethernet.c b/grub-core/net/ethernet.c +index 4d7ceed6f..9aae83a5e 100644 +--- a/grub-core/net/ethernet.c ++++ b/grub-core/net/ethernet.c +@@ -29,13 +29,6 @@ + + #define LLCADDRMASK 0x7f + +-struct etherhdr +-{ +- grub_uint8_t dst[6]; +- grub_uint8_t src[6]; +- grub_uint16_t type; +-} GRUB_PACKED; +- + struct llchdr + { + grub_uint8_t dsap; +@@ -55,13 +48,15 @@ send_ethernet_packet (struct grub_net_network_level_interface *inf, + grub_net_link_level_address_t target_addr, + grub_net_ethertype_t ethertype) + { +- struct etherhdr *eth; ++ grub_uint8_t *eth; + grub_err_t err; +- grub_uint8_t etherhdr_size; +- grub_uint16_t vlantag_id = VLANTAG_IDENTIFIER; ++ grub_uint32_t vlantag = 0; ++ grub_uint8_t hw_addr_len = inf->card->default_address.len; ++ grub_uint8_t etherhdr_size = 2 * hw_addr_len + 2; + +- etherhdr_size = sizeof (*eth); +- COMPILE_TIME_ASSERT (sizeof (*eth) + 4 < GRUB_NET_MAX_LINK_HEADER_SIZE); ++ /* Source and destination link addresses + ethertype + vlan tag */ ++ COMPILE_TIME_ASSERT ((GRUB_NET_MAX_LINK_ADDRESS_SIZE * 2 + 2 + 4) < ++ GRUB_NET_MAX_LINK_HEADER_SIZE); + + /* Increase ethernet header in case of vlantag */ + if (inf->vlantag != 0) +@@ -70,11 +65,22 @@ send_ethernet_packet (struct grub_net_network_level_interface *inf, + err = grub_netbuff_push (nb, etherhdr_size); + if (err) + return err; +- eth = (struct etherhdr *) nb->data; +- grub_memcpy (eth->dst, target_addr.mac, 6); +- grub_memcpy (eth->src, inf->hwaddress.mac, 6); ++ eth = nb->data; ++ grub_memcpy (eth, target_addr.mac, hw_addr_len); ++ eth += hw_addr_len; ++ grub_memcpy (eth, inf->hwaddress.mac, hw_addr_len); ++ eth += hw_addr_len; ++ ++ /* Check if a vlan-tag is present. */ ++ if (vlantag != 0) ++ { ++ *((grub_uint32_t *)eth) = grub_cpu_to_be32 (vlantag); ++ eth += sizeof (vlantag); ++ } ++ ++ /* Write ethertype */ ++ *((grub_uint16_t*) eth) = grub_cpu_to_be16 (ethertype); + +- eth->type = grub_cpu_to_be16 (ethertype); + if (!inf->card->opened) + { + err = GRUB_ERR_NONE; +@@ -85,18 +91,6 @@ send_ethernet_packet (struct grub_net_network_level_interface *inf, + inf->card->opened = 1; + } + +- /* Check and add a vlan-tag if needed. */ +- if (inf->vlantag != 0) +- { +- /* Move eth type to the right */ +- grub_memcpy ((char *) nb->data + etherhdr_size - 2, +- (char *) nb->data + etherhdr_size - 6, 2); +- +- /* Add the tag in the middle */ +- grub_memcpy ((char *) nb->data + etherhdr_size - 6, &vlantag_id, 2); +- grub_memcpy ((char *) nb->data + etherhdr_size - 4, (char *) &(inf->vlantag), 2); +- } +- + return inf->card->driver->send (inf->card, nb); + } + +@@ -104,31 +98,40 @@ grub_err_t + grub_net_recv_ethernet_packet (struct grub_net_buff *nb, + struct grub_net_card *card) + { +- struct etherhdr *eth; ++ grub_uint8_t *eth; + struct llchdr *llch; + struct snaphdr *snaph; + grub_net_ethertype_t type; + grub_net_link_level_address_t hwaddress; + grub_net_link_level_address_t src_hwaddress; + grub_err_t err; +- grub_uint8_t etherhdr_size = sizeof (*eth); ++ grub_uint8_t hw_addr_len = card->default_address.len; ++ grub_uint8_t etherhdr_size = 2 * hw_addr_len + 2; + grub_uint16_t vlantag = 0; + ++ eth = nb->data; + +- /* Check if a vlan-tag is present. If so, the ethernet header is 4 bytes */ +- /* longer than the original one. The vlantag id is extracted and the header */ +- /* is reseted to the original size. */ +- if (grub_get_unaligned16 (nb->data + etherhdr_size - 2) == VLANTAG_IDENTIFIER) ++ hwaddress.type = card->default_address.type; ++ hwaddress.len = hw_addr_len; ++ grub_memcpy (hwaddress.mac, eth, hw_addr_len); ++ eth += hw_addr_len; ++ ++ src_hwaddress.type = card->default_address.type; ++ src_hwaddress.len = hw_addr_len; ++ grub_memcpy (src_hwaddress.mac, eth, hw_addr_len); ++ eth += hw_addr_len; ++ ++ type = grub_be_to_cpu16 (*(grub_uint16_t*)(eth)); ++ if (type == VLANTAG_IDENTIFIER) + { +- vlantag = grub_get_unaligned16 (nb->data + etherhdr_size); ++ /* Skip vlan tag */ ++ eth += 2; ++ vlantag = grub_be_to_cpu16 (*(grub_uint16_t*)(eth)); + etherhdr_size += 4; +- /* Move eth type to the original position */ +- grub_memcpy((char *) nb->data + etherhdr_size - 6, +- (char *) nb->data + etherhdr_size - 2, 2); ++ eth += 2; ++ type = grub_be_to_cpu16 (*(grub_uint16_t*)(eth)); + } + +- eth = (struct etherhdr *) nb->data; +- type = grub_be_to_cpu16 (eth->type); + err = grub_netbuff_pull (nb, etherhdr_size); + if (err) + return err; +@@ -148,11 +151,6 @@ grub_net_recv_ethernet_packet (struct grub_net_buff *nb, + } + } + +- hwaddress.type = GRUB_NET_LINK_LEVEL_PROTOCOL_ETHERNET; +- grub_memcpy (hwaddress.mac, eth->dst, sizeof (hwaddress.mac)); +- src_hwaddress.type = GRUB_NET_LINK_LEVEL_PROTOCOL_ETHERNET; +- grub_memcpy (src_hwaddress.mac, eth->src, sizeof (src_hwaddress.mac)); +- + switch (type) + { + /* ARP packet. */ +diff --git a/grub-core/net/icmp6.c b/grub-core/net/icmp6.c +index 2cbd95dce..56a3ec5c8 100644 +--- a/grub-core/net/icmp6.c ++++ b/grub-core/net/icmp6.c +@@ -231,8 +231,9 @@ grub_net_recv_icmp6_packet (struct grub_net_buff *nb, + && ohdr->len == 1) + { + grub_net_link_level_address_t ll_address; +- ll_address.type = GRUB_NET_LINK_LEVEL_PROTOCOL_ETHERNET; +- grub_memcpy (ll_address.mac, ohdr + 1, sizeof (ll_address.mac)); ++ ll_address.type = card->default_address.type; ++ ll_address.len = card->default_address.len; ++ grub_memcpy (ll_address.mac, ohdr + 1, ll_address.len); + grub_net_link_layer_add_address (card, source, &ll_address, 0); + } + } +@@ -335,8 +336,9 @@ grub_net_recv_icmp6_packet (struct grub_net_buff *nb, + && ohdr->len == 1) + { + grub_net_link_level_address_t ll_address; +- ll_address.type = GRUB_NET_LINK_LEVEL_PROTOCOL_ETHERNET; +- grub_memcpy (ll_address.mac, ohdr + 1, sizeof (ll_address.mac)); ++ ll_address.type = card->default_address.type; ++ ll_address.len = card->default_address.len; ++ grub_memcpy (ll_address.mac, ohdr + 1, ll_address.len); + grub_net_link_layer_add_address (card, source, &ll_address, 0); + } + } +@@ -384,8 +386,9 @@ grub_net_recv_icmp6_packet (struct grub_net_buff *nb, + && ohdr->len == 1) + { + grub_net_link_level_address_t ll_address; +- ll_address.type = GRUB_NET_LINK_LEVEL_PROTOCOL_ETHERNET; +- grub_memcpy (ll_address.mac, ohdr + 1, sizeof (ll_address.mac)); ++ ll_address.type = card->default_address.type; ++ ll_address.len = card->default_address.len; ++ grub_memcpy (ll_address.mac, ohdr + 1, ll_address.len); + grub_net_link_layer_add_address (card, source, &ll_address, 0); + } + if (ohdr->type == OPTION_PREFIX && ohdr->len == 4) +diff --git a/grub-core/net/ip.c b/grub-core/net/ip.c +index 8411e0ecc..b2ca74b6e 100644 +--- a/grub-core/net/ip.c ++++ b/grub-core/net/ip.c +@@ -277,8 +277,8 @@ handle_dgram (struct grub_net_buff *nb, + && inf->address.type == GRUB_NET_NETWORK_LEVEL_PROTOCOL_DHCP_RECV + && inf->dhcp_xid == bootp->xid + && inf->hwaddress.type == GRUB_NET_LINK_LEVEL_PROTOCOL_ETHERNET +- && grub_memcmp (inf->hwaddress.mac, &bootp->mac_addr, +- sizeof (inf->hwaddress.mac)) == 0) ++ && (grub_memcmp (inf->hwaddress.mac, &bootp->mac_addr, ++ bootp->hw_len) == 0 || bootp->hw_len == 0)) + { + grub_net_process_dhcp (nb, inf->card); + grub_netbuff_free (nb); +diff --git a/grub-core/net/net.c b/grub-core/net/net.c +index fa3e29126..9b8944292 100644 +--- a/grub-core/net/net.c ++++ b/grub-core/net/net.c +@@ -128,8 +128,9 @@ grub_net_link_layer_resolve (struct grub_net_network_level_interface *inf, + << 48) + && proto_addr->ipv6[1] == (grub_be_to_cpu64_compile_time (1)))) + { +- hw_addr->type = GRUB_NET_LINK_LEVEL_PROTOCOL_ETHERNET; +- grub_memset (hw_addr->mac, -1, 6); ++ hw_addr->type = inf->card->default_address.type; ++ hw_addr->len = inf->card->default_address.len; ++ grub_memset (hw_addr->mac, -1, hw_addr->len); + return GRUB_ERR_NONE; + } + +@@ -137,6 +138,7 @@ grub_net_link_layer_resolve (struct grub_net_network_level_interface *inf, + && ((grub_be_to_cpu64 (proto_addr->ipv6[0]) >> 56) == 0xff)) + { + hw_addr->type = GRUB_NET_LINK_LEVEL_PROTOCOL_ETHERNET; ++ hw_addr->len = inf->card->default_address.len; + hw_addr->mac[0] = 0x33; + hw_addr->mac[1] = 0x33; + hw_addr->mac[2] = ((grub_be_to_cpu64 (proto_addr->ipv6[1]) >> 24) & 0xff); +@@ -757,23 +759,21 @@ grub_net_addr_to_str (const grub_net_network_level_address_t *target, char *buf) + void + grub_net_hwaddr_to_str (const grub_net_link_level_address_t *addr, char *str) + { +- str[0] = 0; +- switch (addr->type) ++ char *ptr; ++ unsigned i; ++ ++ if (addr->len > GRUB_NET_MAX_LINK_ADDRESS_SIZE) + { +- case GRUB_NET_LINK_LEVEL_PROTOCOL_ETHERNET: +- { +- char *ptr; +- unsigned i; +- for (ptr = str, i = 0; i < ARRAY_SIZE (addr->mac); i++) +- { +- grub_snprintf (ptr, GRUB_NET_MAX_STR_HWADDR_LEN - (ptr - str), +- "%02x:", addr->mac[i] & 0xff); +- ptr += (sizeof ("XX:") - 1); +- } +- return; +- } ++ str[0] = 0; ++ grub_printf (_("Unsupported hw address type %d len %d\n"), ++ addr->type, addr->len); ++ return; ++ } ++ for (ptr = str, i = 0; i < addr->len; i++) ++ { ++ ptr += grub_snprintf (ptr, GRUB_NET_MAX_STR_HWADDR_LEN - (ptr - str), ++ "%02x:", addr->mac[i] & 0xff); + } +- grub_printf (_("Unsupported hw address type %d\n"), addr->type); + } + + int +@@ -784,13 +784,17 @@ grub_net_hwaddr_cmp (const grub_net_link_level_address_t *a, + return -1; + if (a->type > b->type) + return +1; +- switch (a->type) ++ if (a->len < b->len) ++ return -1; ++ if (a->len > b->len) ++ return +1; ++ if (a->len > GRUB_NET_MAX_LINK_ADDRESS_SIZE) + { +- case GRUB_NET_LINK_LEVEL_PROTOCOL_ETHERNET: +- return grub_memcmp (a->mac, b->mac, sizeof (a->mac)); ++ grub_printf (_("Unsupported hw address type %d len %d\n"), ++ a->type, a->len); ++ return + 1; + } +- grub_printf (_("Unsupported hw address type %d\n"), a->type); +- return 1; ++ return grub_memcmp (a->mac, b->mac, a->len); + } + + int +diff --git a/include/grub/net.h b/include/grub/net.h +index de51894cb..e9ebc6a1b 100644 +--- a/include/grub/net.h ++++ b/include/grub/net.h +@@ -29,7 +29,8 @@ + + enum + { +- GRUB_NET_MAX_LINK_HEADER_SIZE = 64, ++ GRUB_NET_MAX_LINK_HEADER_SIZE = 96, ++ GRUB_NET_MAX_LINK_ADDRESS_SIZE = 32, + GRUB_NET_UDP_HEADER_SIZE = 8, + GRUB_NET_TCP_HEADER_SIZE = 20, + GRUB_NET_OUR_IPV4_HEADER_SIZE = 20, +@@ -42,15 +43,17 @@ enum + + typedef enum grub_link_level_protocol_id + { +- GRUB_NET_LINK_LEVEL_PROTOCOL_ETHERNET ++ /* IANA ARP constant to define hardware type. */ ++ GRUB_NET_LINK_LEVEL_PROTOCOL_ETHERNET = 1, + } grub_link_level_protocol_id_t; + + typedef struct grub_net_link_level_address + { + grub_link_level_protocol_id_t type; ++ grub_uint8_t len; + union + { +- grub_uint8_t mac[6]; ++ grub_uint8_t mac[GRUB_NET_MAX_LINK_ADDRESS_SIZE]; + }; + } grub_net_link_level_address_t; + +@@ -555,11 +558,13 @@ grub_net_addr_cmp (const grub_net_network_level_address_t *a, + #define GRUB_NET_MAX_STR_ADDR_LEN sizeof ("XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX") + + /* +- Currently suppoerted adresses: +- ethernet: XX:XX:XX:XX:XX:XX ++ Up to 32 byte hardware address supported, see GRUB_NET_MAX_LINK_ADDRESS_SIZE + */ +- +-#define GRUB_NET_MAX_STR_HWADDR_LEN (sizeof ("XX:XX:XX:XX:XX:XX")) ++#define GRUB_NET_MAX_STR_HWADDR_LEN (sizeof (\ ++ "XX:XX:XX:XX:XX:XX:XX:XX:"\ ++ "XX:XX:XX:XX:XX:XX:XX:XX:"\ ++ "XX:XX:XX:XX:XX:XX:XX:XX:"\ ++ "XX:XX:XX:XX:XX:XX:XX:XX")) + + void + grub_net_addr_to_str (const grub_net_network_level_address_t *target, diff --git a/SOURCES/0166-misc-fix-invalid-character-recongition-in-strto-l.patch b/SOURCES/0166-misc-fix-invalid-character-recongition-in-strto-l.patch new file mode 100644 index 0000000..0c59b1f --- /dev/null +++ b/SOURCES/0166-misc-fix-invalid-character-recongition-in-strto-l.patch @@ -0,0 +1,37 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Aaron Miller +Date: Fri, 29 Jul 2016 17:41:27 +0800 +Subject: [PATCH] misc: fix invalid character recongition in strto*l + +Would previously allow digits larger than the base and didn't check that +subtracting the difference from 0-9 to lowercase letters for characters +larger than 9 didn't result in a value lower than 9, which allowed the +parses: ` = 9, _ = 8, ^ = 7, ] = 6, \ = 5, and [ = 4 +--- + grub-core/kern/misc.c | 13 ++++++++----- + 1 file changed, 8 insertions(+), 5 deletions(-) + +diff --git a/grub-core/kern/misc.c b/grub-core/kern/misc.c +index 0e89c483d..5c3899f0e 100644 +--- a/grub-core/kern/misc.c ++++ b/grub-core/kern/misc.c +@@ -434,11 +434,14 @@ grub_strtoull (const char *str, char **end, int base) + unsigned long digit; + + digit = grub_tolower (*str) - '0'; +- if (digit >= 'a' - '0') +- digit += '0' - 'a' + 10; +- else if (digit > 9) +- break; +- ++ if (digit > 9) ++ { ++ digit += '0' - 'a' + 10; ++ /* digit <= 9 check is needed to keep chars larger than ++ '9' but less than 'a' from being read as numbers */ ++ if (digit >= (unsigned long) base || digit <= 9) ++ break; ++ } + if (digit >= (unsigned long) base) + break; + diff --git a/SOURCES/0167-net-read-bracketed-ipv6-addrs-and-port-numbers.patch b/SOURCES/0167-net-read-bracketed-ipv6-addrs-and-port-numbers.patch new file mode 100644 index 0000000..4d0c18c --- /dev/null +++ b/SOURCES/0167-net-read-bracketed-ipv6-addrs-and-port-numbers.patch @@ -0,0 +1,229 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Aaron Miller +Date: Fri, 29 Jul 2016 17:41:38 +0800 +Subject: [PATCH] net: read bracketed ipv6 addrs and port numbers + +Allow specifying port numbers for http and tftp paths, and allow ipv6 addresses +to be recognized with brackets around them, which is required to specify a port +number +--- + grub-core/net/http.c | 21 +++++++++++--- + grub-core/net/net.c | 77 ++++++++++++++++++++++++++++++++++++++++++++++++++++ + grub-core/net/tftp.c | 8 ++++-- + include/grub/net.h | 1 + + 4 files changed, 101 insertions(+), 6 deletions(-) + +diff --git a/grub-core/net/http.c b/grub-core/net/http.c +index 5aa4ad3be..f182d7b87 100644 +--- a/grub-core/net/http.c ++++ b/grub-core/net/http.c +@@ -312,12 +312,14 @@ http_establish (struct grub_file *file, grub_off_t offset, int initial) + int i; + struct grub_net_buff *nb; + grub_err_t err; ++ char* server = file->device->net->server; ++ int port = file->device->net->port; + + nb = grub_netbuff_alloc (GRUB_NET_TCP_RESERVE_SIZE + + sizeof ("GET ") - 1 + + grub_strlen (data->filename) + + sizeof (" HTTP/1.1\r\nHost: ") - 1 +- + grub_strlen (file->device->net->server) ++ + grub_strlen (server) + sizeof (":XXXXXXXXXX") + + sizeof ("\r\nUser-Agent: " PACKAGE_STRING + "\r\n") - 1 + + sizeof ("Range: bytes=XXXXXXXXXXXXXXXXXXXX" +@@ -356,7 +358,7 @@ http_establish (struct grub_file *file, grub_off_t offset, int initial) + sizeof (" HTTP/1.1\r\nHost: ") - 1); + + ptr = nb->tail; +- err = grub_netbuff_put (nb, grub_strlen (file->device->net->server)); ++ err = grub_netbuff_put (nb, grub_strlen (server)); + if (err) + { + grub_netbuff_free (nb); +@@ -365,6 +367,15 @@ http_establish (struct grub_file *file, grub_off_t offset, int initial) + grub_memcpy (ptr, file->device->net->server, + grub_strlen (file->device->net->server)); + ++ if (port) ++ { ++ ptr = nb->tail; ++ grub_snprintf ((char *) ptr, ++ sizeof (":XXXXXXXXXX"), ++ ":%d", ++ port); ++ } ++ + ptr = nb->tail; + err = grub_netbuff_put (nb, + sizeof ("\r\nUser-Agent: " PACKAGE_STRING "\r\n") +@@ -390,8 +401,10 @@ http_establish (struct grub_file *file, grub_off_t offset, int initial) + grub_netbuff_put (nb, 2); + grub_memcpy (ptr, "\r\n", 2); + +- data->sock = grub_net_tcp_open (file->device->net->server, +- HTTP_PORT, http_receive, ++ grub_dprintf ("http", "opening path %s on host %s TCP port %d\n", ++ data->filename, server, port ? port : HTTP_PORT); ++ data->sock = grub_net_tcp_open (server, ++ port ? port : HTTP_PORT, http_receive, + http_err, http_err, + file); + if (!data->sock) +diff --git a/grub-core/net/net.c b/grub-core/net/net.c +index 9b8944292..1f887d44b 100644 +--- a/grub-core/net/net.c ++++ b/grub-core/net/net.c +@@ -439,6 +439,12 @@ parse_ip6 (const char *val, grub_uint64_t *ip, const char **rest) + grub_uint16_t newip[8]; + const char *ptr = val; + int word, quaddot = -1; ++ int bracketed = 0; ++ ++ if (ptr[0] == '[') { ++ bracketed = 1; ++ ptr++; ++ } + + if (ptr[0] == ':' && ptr[1] != ':') + return 0; +@@ -477,6 +483,9 @@ parse_ip6 (const char *val, grub_uint64_t *ip, const char **rest) + grub_memset (&newip[quaddot], 0, (7 - word) * sizeof (newip[0])); + } + grub_memcpy (ip, newip, 16); ++ if (bracketed && *ptr == ']') { ++ ptr++; ++ } + if (rest) + *rest = ptr; + return 1; +@@ -1336,8 +1345,10 @@ grub_net_open_real (const char *name) + { + grub_net_app_level_t proto; + const char *protname, *server; ++ char *host; + grub_size_t protnamelen; + int try; ++ int port = 0; + + if (grub_strncmp (name, "pxe:", sizeof ("pxe:") - 1) == 0) + { +@@ -1375,6 +1386,72 @@ grub_net_open_real (const char *name) + return NULL; + } + ++ char* port_start; ++ /* ipv6 or port specified? */ ++ if ((port_start = grub_strchr (server, ':'))) ++ { ++ char* ipv6_begin; ++ if((ipv6_begin = grub_strchr (server, '['))) ++ { ++ char* ipv6_end = grub_strchr (server, ']'); ++ if(!ipv6_end) ++ { ++ grub_error (GRUB_ERR_NET_BAD_ADDRESS, ++ N_("mismatched [ in address")); ++ return NULL; ++ } ++ /* port number after bracketed ipv6 addr */ ++ if(ipv6_end[1] == ':') ++ { ++ port = grub_strtoul (ipv6_end + 2, NULL, 10); ++ if(port > 65535) ++ { ++ grub_error (GRUB_ERR_NET_BAD_ADDRESS, ++ N_("bad port number")); ++ return NULL; ++ } ++ } ++ host = grub_strndup (ipv6_begin, (ipv6_end - ipv6_begin) + 1); ++ } ++ else ++ { ++ if (grub_strchr (port_start + 1, ':')) ++ { ++ int iplen = grub_strlen (server); ++ /* bracket bare ipv6 addrs */ ++ host = grub_malloc (iplen + 3); ++ if(!host) ++ { ++ return NULL; ++ } ++ host[0] = '['; ++ grub_memcpy (host + 1, server, iplen); ++ host[iplen + 1] = ']'; ++ host[iplen + 2] = '\0'; ++ } ++ else ++ { ++ /* hostname:port or ipv4:port */ ++ port = grub_strtol (port_start + 1, NULL, 10); ++ if(port > 65535) ++ { ++ grub_error (GRUB_ERR_NET_BAD_ADDRESS, ++ N_("bad port number")); ++ return NULL; ++ } ++ host = grub_strndup (server, port_start - server); ++ } ++ } ++ } ++ else ++ { ++ host = grub_strdup (server); ++ } ++ if (!host) ++ { ++ return NULL; ++ } ++ + for (try = 0; try < 2; try++) + { + FOR_NET_APP_LEVEL (proto) +diff --git a/grub-core/net/tftp.c b/grub-core/net/tftp.c +index f90071353..e267af354 100644 +--- a/grub-core/net/tftp.c ++++ b/grub-core/net/tftp.c +@@ -333,6 +333,7 @@ tftp_open (struct grub_file *file, const char *filename) + grub_err_t err; + grub_uint8_t *nbd; + grub_net_network_level_address_t addr; ++ int port = file->device->net->port; + + data = grub_zalloc (sizeof (*data)); + if (!data) +@@ -405,7 +406,10 @@ tftp_open (struct grub_file *file, const char *filename) + err = grub_net_resolve_address (file->device->net->server, &addr); + if (err) + { +- grub_dprintf("tftp", "Address resolution failed: %d\n", err); ++ grub_dprintf ("tftp", "Address resolution failed: %d\n", err); ++ grub_dprintf ("tftp", "file_size is %llu, block_size is %llu\n", ++ (unsigned long long)data->file_size, ++ (unsigned long long)data->block_size); + destroy_pq (data); + grub_free (data); + return err; +@@ -413,7 +417,7 @@ tftp_open (struct grub_file *file, const char *filename) + + grub_dprintf("tftp", "opening connection\n"); + data->sock = grub_net_udp_open (addr, +- TFTP_SERVER_PORT, tftp_receive, ++ port ? port : TFTP_SERVER_PORT, tftp_receive, + file); + if (!data->sock) + { +diff --git a/include/grub/net.h b/include/grub/net.h +index e9ebc6a1b..f4cd86e58 100644 +--- a/include/grub/net.h ++++ b/include/grub/net.h +@@ -273,6 +273,7 @@ typedef struct grub_net + { + char *server; + char *name; ++ int port; + grub_net_app_level_t protocol; + grub_net_packets_t packs; + grub_off_t offset; diff --git a/SOURCES/0168-net-read-bracketed-ipv6-addrs-and-port-numbers-pjone.patch b/SOURCES/0168-net-read-bracketed-ipv6-addrs-and-port-numbers-pjone.patch new file mode 100644 index 0000000..ec497d1 --- /dev/null +++ b/SOURCES/0168-net-read-bracketed-ipv6-addrs-and-port-numbers-pjone.patch @@ -0,0 +1,105 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Aaron Miller +Date: Fri, 29 Jul 2016 17:41:38 +0800 +Subject: [PATCH] net: read bracketed ipv6 addrs and port numbers (pjones + fixup) + +Various bug fixes related to previous patch. + +Signed-off-by: Peter Jones +--- + grub-core/net/http.c | 6 ++++-- + grub-core/net/net.c | 24 ++++++++++++------------ + 2 files changed, 16 insertions(+), 14 deletions(-) + +diff --git a/grub-core/net/http.c b/grub-core/net/http.c +index f182d7b87..00737c527 100644 +--- a/grub-core/net/http.c ++++ b/grub-core/net/http.c +@@ -289,7 +289,9 @@ http_receive (grub_net_tcp_socket_t sock __attribute__ ((unused)), + nb2 = grub_netbuff_alloc (data->chunk_rem); + if (!nb2) + return grub_errno; +- grub_netbuff_put (nb2, data->chunk_rem); ++ err = grub_netbuff_put (nb2, data->chunk_rem); ++ if (err) ++ return grub_errno; + grub_memcpy (nb2->data, nb->data, data->chunk_rem); + if (file->device->net->packs.count >= 20) + { +@@ -405,7 +407,7 @@ http_establish (struct grub_file *file, grub_off_t offset, int initial) + data->filename, server, port ? port : HTTP_PORT); + data->sock = grub_net_tcp_open (server, + port ? port : HTTP_PORT, http_receive, +- http_err, http_err, ++ http_err, NULL, + file); + if (!data->sock) + { +diff --git a/grub-core/net/net.c b/grub-core/net/net.c +index 1f887d44b..a0f4d00f0 100644 +--- a/grub-core/net/net.c ++++ b/grub-core/net/net.c +@@ -441,10 +441,11 @@ parse_ip6 (const char *val, grub_uint64_t *ip, const char **rest) + int word, quaddot = -1; + int bracketed = 0; + +- if (ptr[0] == '[') { +- bracketed = 1; +- ptr++; +- } ++ if (ptr[0] == '[') ++ { ++ bracketed = 1; ++ ptr++; ++ } + + if (ptr[0] == ':' && ptr[1] != ':') + return 0; +@@ -483,9 +484,8 @@ parse_ip6 (const char *val, grub_uint64_t *ip, const char **rest) + grub_memset (&newip[quaddot], 0, (7 - word) * sizeof (newip[0])); + } + grub_memcpy (ip, newip, 16); +- if (bracketed && *ptr == ']') { ++ if (bracketed && *ptr == ']') + ptr++; +- } + if (rest) + *rest = ptr; + return 1; +@@ -1389,7 +1389,7 @@ grub_net_open_real (const char *name) + char* port_start; + /* ipv6 or port specified? */ + if ((port_start = grub_strchr (server, ':'))) +- { ++ { + char* ipv6_begin; + if((ipv6_begin = grub_strchr (server, '['))) + { +@@ -1461,14 +1461,13 @@ grub_net_open_real (const char *name) + { + grub_net_t ret = grub_zalloc (sizeof (*ret)); + if (!ret) +- return NULL; +- ret->protocol = proto; +- ret->server = grub_strdup (server); +- if (!ret->server) + { +- grub_free (ret); ++ grub_free (host); + return NULL; + } ++ ret->protocol = proto; ++ ret->port = port; ++ ret->server = host; + ret->fs = &grub_net_fs; + return ret; + } +@@ -1543,6 +1542,7 @@ grub_net_open_real (const char *name) + grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("disk `%s' not found"), + name); + ++ grub_free (host); + return NULL; + } + diff --git a/SOURCES/0169-bootp-New-net_bootp6-command.patch b/SOURCES/0169-bootp-New-net_bootp6-command.patch new file mode 100644 index 0000000..3c78a97 --- /dev/null +++ b/SOURCES/0169-bootp-New-net_bootp6-command.patch @@ -0,0 +1,1357 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Michael Chang +Date: Sun, 10 Jul 2016 23:46:06 +0800 +Subject: [PATCH] bootp: New net_bootp6 command + +Implement new net_bootp6 command for IPv6 network auto configuration via the +DHCPv6 protocol (RFC3315). + +Signed-off-by: Michael Chang +Signed-off-by: Ken Lin +--- + grub-core/net/bootp.c | 1048 ++++++++++++++++++++++++++++++------ + grub-core/net/drivers/efi/efinet.c | 20 +- + grub-core/net/ip.c | 39 ++ + include/grub/efi/api.h | 2 +- + include/grub/net.h | 91 ++-- + 5 files changed, 994 insertions(+), 206 deletions(-) + +diff --git a/grub-core/net/bootp.c b/grub-core/net/bootp.c +index 4e55adc55..ff1d7776e 100644 +--- a/grub-core/net/bootp.c ++++ b/grub-core/net/bootp.c +@@ -25,6 +25,98 @@ + #include + #include + #include ++#include ++#include ++ ++static int ++dissect_url (const char *url, char **proto, char **host, char **path) ++{ ++ const char *p, *ps; ++ grub_size_t l; ++ ++ *proto = *host = *path = NULL; ++ ps = p = url; ++ ++ while ((p = grub_strchr (p, ':'))) ++ { ++ if (grub_strlen (p) < sizeof ("://") - 1) ++ break; ++ if (grub_memcmp (p, "://", sizeof ("://") - 1) == 0) ++ { ++ l = p - ps; ++ *proto = grub_malloc (l + 1); ++ if (!*proto) ++ { ++ grub_print_error (); ++ return 0; ++ } ++ ++ grub_memcpy (*proto, ps, l); ++ (*proto)[l] = '\0'; ++ p += sizeof ("://") - 1; ++ break; ++ } ++ ++p; ++ } ++ ++ if (!*proto) ++ { ++ grub_dprintf ("bootp", "url: %s is not valid, protocol not found\n", url); ++ return 0; ++ } ++ ++ ps = p; ++ p = grub_strchr (p, '/'); ++ ++ if (!p) ++ { ++ grub_dprintf ("bootp", "url: %s is not valid, host/path not found\n", url); ++ grub_free (*proto); ++ *proto = NULL; ++ return 0; ++ } ++ ++ l = p - ps; ++ ++ if (l > 2 && ps[0] == '[' && ps[l - 1] == ']') ++ { ++ *host = grub_malloc (l - 1); ++ if (!*host) ++ { ++ grub_print_error (); ++ grub_free (*proto); ++ *proto = NULL; ++ return 0; ++ } ++ grub_memcpy (*host, ps + 1, l - 2); ++ (*host)[l - 2] = 0; ++ } ++ else ++ { ++ *host = grub_malloc (l + 1); ++ if (!*host) ++ { ++ grub_print_error (); ++ grub_free (*proto); ++ *proto = NULL; ++ return 0; ++ } ++ grub_memcpy (*host, ps, l); ++ (*host)[l] = 0; ++ } ++ ++ *path = grub_strdup (p); ++ if (!*path) ++ { ++ grub_print_error (); ++ grub_free (*host); ++ grub_free (*proto); ++ *host = NULL; ++ *proto = NULL; ++ return 0; ++ } ++ return 1; ++} + + static char * + grub_env_write_readonly (struct grub_env_var *var __attribute__ ((unused)), +@@ -345,178 +437,578 @@ grub_net_configure_by_dhcp_ack (const char *name, + return inter; + } + +-struct grub_net_network_level_interface * +-grub_net_configure_by_dhcpv6_ack (const char *name, +- struct grub_net_card *card, +- grub_net_interface_flags_t flags +- __attribute__((__unused__)), +- const grub_net_link_level_address_t *hwaddr, +- const struct grub_net_dhcpv6_packet *packet, +- int is_def, char **device, char **path) +-{ +- struct grub_net_network_level_interface *inter = NULL; +- struct grub_net_network_level_address addr; +- int mask = -1; +- +- if (!device || !path) ++/* The default netbuff size for sending DHCPv6 packets which should be ++ large enough to hold the information */ ++#define GRUB_DHCP6_DEFAULT_NETBUFF_ALLOC_SIZE 512 ++ ++struct grub_dhcp6_options ++{ ++ grub_uint8_t *client_duid; ++ grub_uint16_t client_duid_len; ++ grub_uint8_t *server_duid; ++ grub_uint16_t server_duid_len; ++ grub_uint32_t iaid; ++ grub_uint32_t t1; ++ grub_uint32_t t2; ++ grub_net_network_level_address_t *ia_addr; ++ grub_uint32_t preferred_lifetime; ++ grub_uint32_t valid_lifetime; ++ grub_net_network_level_address_t *dns_server_addrs; ++ grub_uint16_t num_dns_server; ++ char *boot_file_proto; ++ char *boot_file_server_ip; ++ char *boot_file_path; ++}; ++ ++typedef struct grub_dhcp6_options *grub_dhcp6_options_t; ++ ++struct grub_dhcp6_session ++{ ++ struct grub_dhcp6_session *next; ++ struct grub_dhcp6_session **prev; ++ grub_uint32_t iaid; ++ grub_uint32_t transaction_id:24; ++ grub_uint64_t start_time; ++ struct grub_net_dhcp6_option_duid_ll duid; ++ struct grub_net_network_level_interface *iface; ++ ++ /* The associated dhcpv6 options */ ++ grub_dhcp6_options_t adv; ++ grub_dhcp6_options_t reply; ++}; ++ ++typedef struct grub_dhcp6_session *grub_dhcp6_session_t; ++ ++typedef void (*dhcp6_option_hook_fn) (const struct grub_net_dhcp6_option *opt, void *data); ++ ++static void ++foreach_dhcp6_option (const struct grub_net_dhcp6_option *opt, grub_size_t size, ++ dhcp6_option_hook_fn hook, void *hook_data); ++ ++static void ++parse_dhcp6_iaaddr (const struct grub_net_dhcp6_option *opt, void *data) ++{ ++ grub_dhcp6_options_t dhcp6 = (grub_dhcp6_options_t )data; ++ ++ grub_uint16_t code = grub_be_to_cpu16 (opt->code); ++ grub_uint16_t len = grub_be_to_cpu16 (opt->len); ++ ++ if (code == GRUB_NET_DHCP6_OPTION_IAADDR) ++ { ++ const struct grub_net_dhcp6_option_iaaddr *iaaddr; ++ iaaddr = (const struct grub_net_dhcp6_option_iaaddr *)opt->data; ++ ++ if (len < sizeof (*iaaddr)) ++ { ++ grub_dprintf ("bootp", "DHCPv6: code %u with insufficient length %u\n", code, len); ++ return; ++ } ++ if (!dhcp6->ia_addr) ++ { ++ dhcp6->ia_addr = grub_malloc (sizeof(*dhcp6->ia_addr)); ++ dhcp6->ia_addr->type = GRUB_NET_NETWORK_LEVEL_PROTOCOL_IPV6; ++ dhcp6->ia_addr->ipv6[0] = grub_get_unaligned64 (iaaddr->addr); ++ dhcp6->ia_addr->ipv6[1] = grub_get_unaligned64 (iaaddr->addr + 8); ++ dhcp6->preferred_lifetime = grub_be_to_cpu32 (iaaddr->preferred_lifetime); ++ dhcp6->valid_lifetime = grub_be_to_cpu32 (iaaddr->valid_lifetime); ++ } ++ } ++} ++ ++static void ++parse_dhcp6_option (const struct grub_net_dhcp6_option *opt, void *data) ++{ ++ grub_dhcp6_options_t dhcp6 = (grub_dhcp6_options_t)data; ++ grub_uint16_t code = grub_be_to_cpu16 (opt->code); ++ grub_uint16_t len = grub_be_to_cpu16 (opt->len); ++ ++ switch (code) ++ { ++ case GRUB_NET_DHCP6_OPTION_CLIENTID: ++ ++ if (dhcp6->client_duid || !len) ++ { ++ grub_dprintf ("bootp", "Skipped DHCPv6 CLIENTID with length %u\n", len); ++ break; ++ } ++ dhcp6->client_duid = grub_malloc (len); ++ grub_memcpy (dhcp6->client_duid, opt->data, len); ++ dhcp6->client_duid_len = len; ++ break; ++ ++ case GRUB_NET_DHCP6_OPTION_SERVERID: ++ ++ if (dhcp6->server_duid || !len) ++ { ++ grub_dprintf ("bootp", "Skipped DHCPv6 SERVERID with length %u\n", len); ++ break; ++ } ++ dhcp6->server_duid = grub_malloc (len); ++ grub_memcpy (dhcp6->server_duid, opt->data, len); ++ dhcp6->server_duid_len = len; ++ break; ++ ++ case GRUB_NET_DHCP6_OPTION_IA_NA: ++ { ++ const struct grub_net_dhcp6_option_iana *ia_na; ++ grub_uint16_t data_len; ++ ++ if (dhcp6->iaid || len < sizeof (*ia_na)) ++ { ++ grub_dprintf ("bootp", "Skipped DHCPv6 IA_NA with length %u\n", len); ++ break; ++ } ++ ia_na = (const struct grub_net_dhcp6_option_iana *)opt->data; ++ dhcp6->iaid = grub_be_to_cpu32 (ia_na->iaid); ++ dhcp6->t1 = grub_be_to_cpu32 (ia_na->t1); ++ dhcp6->t2 = grub_be_to_cpu32 (ia_na->t2); ++ ++ data_len = len - sizeof (*ia_na); ++ if (data_len) ++ foreach_dhcp6_option ((const struct grub_net_dhcp6_option *)ia_na->data, data_len, parse_dhcp6_iaaddr, dhcp6); ++ } ++ break; ++ ++ case GRUB_NET_DHCP6_OPTION_DNS_SERVERS: ++ { ++ const grub_uint8_t *po; ++ grub_uint16_t ln; ++ grub_net_network_level_address_t *la; ++ ++ if (!len || len & 0xf) ++ { ++ grub_dprintf ("bootp", "Skip invalid length DHCPv6 DNS_SERVERS \n"); ++ break; ++ } ++ dhcp6->num_dns_server = ln = len >> 4; ++ dhcp6->dns_server_addrs = la = grub_zalloc (ln * sizeof (*la)); ++ ++ for (po = opt->data; ln > 0; po += 0x10, la++, ln--) ++ { ++ la->type = GRUB_NET_NETWORK_LEVEL_PROTOCOL_IPV6; ++ la->ipv6[0] = grub_get_unaligned64 (po); ++ la->ipv6[1] = grub_get_unaligned64 (po + 8); ++ la->option = DNS_OPTION_PREFER_IPV6; ++ } ++ } ++ break; ++ ++ case GRUB_NET_DHCP6_OPTION_BOOTFILE_URL: ++ dissect_url ((const char *)opt->data, ++ &dhcp6->boot_file_proto, ++ &dhcp6->boot_file_server_ip, ++ &dhcp6->boot_file_path); ++ break; ++ ++ default: ++ break; ++ } ++} ++ ++static void ++foreach_dhcp6_option (const struct grub_net_dhcp6_option *opt, grub_size_t size, dhcp6_option_hook_fn hook, void *hook_data) ++{ ++ while (size) ++ { ++ grub_uint16_t code, len; ++ ++ if (size < sizeof (*opt)) ++ { ++ grub_dprintf ("bootp", "DHCPv6: Options stopped with remaining size %" PRIxGRUB_SIZE "\n", size); ++ break; ++ } ++ size -= sizeof (*opt); ++ len = grub_be_to_cpu16 (opt->len); ++ code = grub_be_to_cpu16 (opt->code); ++ if (size < len) ++ { ++ grub_dprintf ("bootp", "DHCPv6: Options stopped at out of bound length %u for option %u\n", len, code); ++ break; ++ } ++ if (!len) ++ { ++ grub_dprintf ("bootp", "DHCPv6: Options stopped at zero length option %u\n", code); ++ break; ++ } ++ else ++ { ++ if (hook) ++ hook (opt, hook_data); ++ size -= len; ++ opt = (const struct grub_net_dhcp6_option *)((grub_uint8_t *)opt + len + sizeof (*opt)); ++ } ++ } ++} ++ ++static grub_dhcp6_options_t ++grub_dhcp6_options_get (const struct grub_net_dhcp6_packet *v6h, ++ grub_size_t size) ++{ ++ grub_dhcp6_options_t options; ++ ++ if (size < sizeof (*v6h)) ++ { ++ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("DHCPv6 packet size too small")); ++ return NULL; ++ } ++ ++ options = grub_zalloc (sizeof(*options)); ++ if (!options) + return NULL; + +- *device = 0; +- *path = 0; +- +- grub_dprintf ("net", "mac address is %02x:%02x:%02x:%02x:%02x:%02x\n", +- hwaddr->mac[0], hwaddr->mac[1], hwaddr->mac[2], +- hwaddr->mac[3], hwaddr->mac[4], hwaddr->mac[5]); +- +- if (is_def) +- grub_net_default_server = 0; +- +- if (is_def && !grub_net_default_server && packet) ++ foreach_dhcp6_option ((const struct grub_net_dhcp6_option *)v6h->dhcp_options, ++ size - sizeof (*v6h), parse_dhcp6_option, options); ++ ++ return options; ++} ++ ++static void ++grub_dhcp6_options_free (grub_dhcp6_options_t options) ++{ ++ if (options->client_duid) ++ grub_free (options->client_duid); ++ if (options->server_duid) ++ grub_free (options->server_duid); ++ if (options->ia_addr) ++ grub_free (options->ia_addr); ++ if (options->dns_server_addrs) ++ grub_free (options->dns_server_addrs); ++ if (options->boot_file_proto) ++ grub_free (options->boot_file_proto); ++ if (options->boot_file_server_ip) ++ grub_free (options->boot_file_server_ip); ++ if (options->boot_file_path) ++ grub_free (options->boot_file_path); ++ ++ grub_free (options); ++} ++ ++static grub_dhcp6_session_t grub_dhcp6_sessions; ++#define FOR_DHCP6_SESSIONS_SAFE(var, next) FOR_LIST_ELEMENTS_SAFE (var, next, grub_dhcp6_sessions) ++#define FOR_DHCP6_SESSIONS(var) FOR_LIST_ELEMENTS (var, grub_dhcp6_sessions) ++ ++static void ++grub_net_configure_by_dhcp6_info (const char *name, ++ struct grub_net_card *card, ++ grub_dhcp6_options_t dhcp6, ++ int is_def, ++ int flags, ++ struct grub_net_network_level_interface **ret_inf) ++{ ++ grub_net_network_level_netaddress_t netaddr; ++ struct grub_net_network_level_interface *inf; ++ ++ if (dhcp6->ia_addr) + { +- const grub_uint8_t *options = packet->dhcp_options; +- unsigned int option_max = 1024 - OFFSET_OF (dhcp_options, packet); +- unsigned int i; +- +- for (i = 0; i < option_max - sizeof (grub_net_dhcpv6_option_t); ) +- { +- grub_uint16_t num, len; +- grub_net_dhcpv6_option_t *opt = +- (grub_net_dhcpv6_option_t *)(options + i); +- +- num = grub_be_to_cpu16(opt->option_num); +- len = grub_be_to_cpu16(opt->option_len); +- +- grub_dprintf ("net", "got dhcpv6 option %d len %d\n", num, len); +- +- if (len == 0) +- break; +- +- if (len + i > 1024) +- break; +- +- if (num == GRUB_NET_DHCP6_BOOTFILE_URL) +- { +- char *scheme, *userinfo, *host, *file; +- char *tmp; +- int hostlen; +- int port; +- int rc = extract_url_info ((const char *)opt->option_data, +- (grub_size_t)len, +- &scheme, &userinfo, &host, &port, +- &file); +- if (rc < 0) +- continue; +- +- /* right now this only handles tftp. */ +- if (grub_strcmp("tftp", scheme)) +- { +- grub_free (scheme); +- grub_free (userinfo); +- grub_free (host); +- grub_free (file); +- continue; +- } +- grub_free (userinfo); +- +- hostlen = grub_strlen (host); +- if (hostlen > 2 && host[0] == '[' && host[hostlen-1] == ']') +- { +- tmp = host+1; +- host[hostlen-1] = '\0'; +- } +- else +- tmp = host; ++ inf = grub_net_add_addr (name, card, dhcp6->ia_addr, &card->default_address, flags); + +- *device = grub_xasprintf ("%s,%s", scheme, tmp); +- grub_free (scheme); +- grub_free (host); ++ netaddr.type = GRUB_NET_NETWORK_LEVEL_PROTOCOL_IPV6; ++ netaddr.ipv6.base[0] = dhcp6->ia_addr->ipv6[0]; ++ netaddr.ipv6.base[1] = 0; ++ netaddr.ipv6.masksize = 64; ++ grub_net_add_route (name, netaddr, inf); + +- if (file && *file) +- { +- tmp = grub_strrchr (file, '/'); +- if (tmp) +- *(tmp+1) = '\0'; +- else +- file[0] = '\0'; +- } +- else if (!file) +- file = grub_strdup (""); +- +- if (file[0] == '/') +- { +- *path = grub_strdup (file+1); +- grub_free (file); +- } +- else +- *path = file; +- } +- else if (num == GRUB_NET_DHCP6_IA_NA) +- { +- const grub_net_dhcpv6_option_t *ia_na_opt; +- const grub_net_dhcpv6_opt_ia_na_t *ia_na = +- (const grub_net_dhcpv6_opt_ia_na_t *)opt; +- unsigned int left = len - OFFSET_OF (options, ia_na); +- unsigned int j; +- +- if ((grub_uint8_t *)ia_na + left > +- (grub_uint8_t *)options + option_max) +- left -= ((grub_uint8_t *)ia_na + left) +- - ((grub_uint8_t *)options + option_max); +- +- if (len < OFFSET_OF (option_data, opt) +- + sizeof (grub_net_dhcpv6_option_t)) +- { +- grub_dprintf ("net", +- "found dhcpv6 ia_na option with no address\n"); +- continue; +- } +- +- for (j = 0; left > sizeof (grub_net_dhcpv6_option_t); ) +- { +- ia_na_opt = (const grub_net_dhcpv6_option_t *) +- (ia_na->options + j); +- grub_uint16_t ia_na_opt_num, ia_na_opt_len; +- +- ia_na_opt_num = grub_be_to_cpu16 (ia_na_opt->option_num); +- ia_na_opt_len = grub_be_to_cpu16 (ia_na_opt->option_len); +- if (ia_na_opt_len == 0) +- break; +- if (j + ia_na_opt_len > left) +- break; +- if (ia_na_opt_num == GRUB_NET_DHCP6_IA_ADDRESS) +- { +- const grub_net_dhcpv6_opt_ia_address_t *ia_addr; +- +- ia_addr = (const grub_net_dhcpv6_opt_ia_address_t *) +- ia_na_opt; +- addr.type = GRUB_NET_NETWORK_LEVEL_PROTOCOL_IPV6; +- grub_memcpy(addr.ipv6, ia_addr->ipv6_address, +- sizeof (ia_addr->ipv6_address)); +- inter = grub_net_add_addr (name, card, &addr, hwaddr, 0); +- } +- +- j += ia_na_opt_len; +- left -= ia_na_opt_len; +- } +- } ++ if (ret_inf) ++ *ret_inf = inf; ++ } + +- i += len + 4; +- } ++ if (dhcp6->dns_server_addrs) ++ { ++ grub_uint16_t i; + +- grub_print_error (); ++ for (i = 0; i < dhcp6->num_dns_server; ++i) ++ grub_net_add_dns_server (dhcp6->dns_server_addrs + i); + } + +- if (is_def) ++ if (dhcp6->boot_file_path) ++ grub_env_set_net_property (name, "boot_file", dhcp6->boot_file_path, ++ grub_strlen (dhcp6->boot_file_path)); ++ ++ if (is_def && dhcp6->boot_file_server_ip) + { ++ grub_net_default_server = grub_strdup (dhcp6->boot_file_server_ip); + grub_env_set ("net_default_interface", name); + grub_env_export ("net_default_interface"); + } ++} ++ ++static void ++grub_dhcp6_session_add (struct grub_net_network_level_interface *iface, ++ grub_uint32_t iaid) ++{ ++ grub_dhcp6_session_t se; ++ struct grub_datetime date; ++ grub_err_t err; ++ grub_int32_t t = 0; ++ ++ se = grub_malloc (sizeof (*se)); ++ ++ err = grub_get_datetime (&date); ++ if (err || !grub_datetime2unixtime (&date, &t)) ++ { ++ grub_errno = GRUB_ERR_NONE; ++ t = 0; ++ } ++ ++ se->iface = iface; ++ se->iaid = iaid; ++ se->transaction_id = t; ++ se->start_time = grub_get_time_ms (); ++ se->duid.type = grub_cpu_to_be16_compile_time (3) ; ++ se->duid.hw_type = grub_cpu_to_be16_compile_time (1); ++ grub_memcpy (&se->duid.hwaddr, &iface->hwaddress.mac, sizeof (se->duid.hwaddr)); ++ se->adv = NULL; ++ se->reply = NULL; ++ grub_list_push (GRUB_AS_LIST_P (&grub_dhcp6_sessions), GRUB_AS_LIST (se)); ++} ++ ++static void ++grub_dhcp6_session_remove (grub_dhcp6_session_t se) ++{ ++ grub_list_remove (GRUB_AS_LIST (se)); ++ if (se->adv) ++ grub_dhcp6_options_free (se->adv); ++ if (se->reply) ++ grub_dhcp6_options_free (se->reply); ++ grub_free (se); ++} ++ ++static void ++grub_dhcp6_session_remove_all (void) ++{ ++ grub_dhcp6_session_t se, next; ++ ++ FOR_DHCP6_SESSIONS_SAFE (se, next) ++ { ++ grub_dhcp6_session_remove (se); ++ } ++ grub_dhcp6_sessions = NULL; ++} ++ ++static grub_err_t ++grub_dhcp6_session_configure_network (grub_dhcp6_session_t se) ++{ ++ char *name; + +- if (inter) +- grub_net_add_ipv6_local (inter, mask); +- return inter; ++ name = grub_xasprintf ("%s:dhcp6", se->iface->card->name); ++ if (!name) ++ return grub_errno; ++ ++ grub_net_configure_by_dhcp6_info (name, se->iface->card, se->reply, 1, 0, 0); ++ grub_free (name); ++ ++ return GRUB_ERR_NONE; + } + ++static grub_err_t ++grub_dhcp6_session_send_request (grub_dhcp6_session_t se) ++{ ++ struct grub_net_buff *nb; ++ struct grub_net_dhcp6_option *opt; ++ struct grub_net_dhcp6_packet *v6h; ++ struct grub_net_dhcp6_option_iana *ia_na; ++ struct grub_net_dhcp6_option_iaaddr *iaaddr; ++ struct udphdr *udph; ++ grub_net_network_level_address_t multicast; ++ grub_net_link_level_address_t ll_multicast; ++ grub_uint64_t elapsed; ++ struct grub_net_network_level_interface *inf = se->iface; ++ grub_dhcp6_options_t dhcp6 = se->adv; ++ grub_err_t err = GRUB_ERR_NONE; ++ ++ multicast.type = GRUB_NET_NETWORK_LEVEL_PROTOCOL_IPV6; ++ multicast.ipv6[0] = grub_cpu_to_be64_compile_time (0xff02ULL << 48); ++ multicast.ipv6[1] = grub_cpu_to_be64_compile_time (0x10002ULL); ++ ++ err = grub_net_link_layer_resolve (inf, &multicast, &ll_multicast); ++ if (err) ++ return err; ++ ++ nb = grub_netbuff_alloc (GRUB_DHCP6_DEFAULT_NETBUFF_ALLOC_SIZE); ++ ++ if (!nb) ++ return grub_errno; ++ ++ err = grub_netbuff_reserve (nb, GRUB_DHCP6_DEFAULT_NETBUFF_ALLOC_SIZE); ++ if (err) ++ { ++ grub_netbuff_free (nb); ++ return err; ++ } ++ ++ err = grub_netbuff_push (nb, dhcp6->client_duid_len + sizeof (*opt)); ++ if (err) ++ { ++ grub_netbuff_free (nb); ++ return err; ++ } ++ opt = (struct grub_net_dhcp6_option *)nb->data; ++ opt->code = grub_cpu_to_be16_compile_time (GRUB_NET_DHCP6_OPTION_CLIENTID); ++ opt->len = grub_cpu_to_be16 (dhcp6->client_duid_len); ++ grub_memcpy (opt->data, dhcp6->client_duid , dhcp6->client_duid_len); ++ ++ err = grub_netbuff_push (nb, dhcp6->server_duid_len + sizeof (*opt)); ++ if (err) ++ { ++ grub_netbuff_free (nb); ++ return err; ++ } ++ opt = (struct grub_net_dhcp6_option *)nb->data; ++ opt->code = grub_cpu_to_be16_compile_time (GRUB_NET_DHCP6_OPTION_SERVERID); ++ opt->len = grub_cpu_to_be16 (dhcp6->server_duid_len); ++ grub_memcpy (opt->data, dhcp6->server_duid , dhcp6->server_duid_len); ++ ++ err = grub_netbuff_push (nb, sizeof (*ia_na) + sizeof (*opt)); ++ if (err) ++ { ++ grub_netbuff_free (nb); ++ return err; ++ } ++ ++ if (dhcp6->ia_addr) ++ { ++ err = grub_netbuff_push (nb, sizeof(*iaaddr) + sizeof (*opt)); ++ if (err) ++ { ++ grub_netbuff_free (nb); ++ return err; ++ } ++ } ++ opt = (struct grub_net_dhcp6_option *)nb->data; ++ opt->code = grub_cpu_to_be16_compile_time (GRUB_NET_DHCP6_OPTION_IA_NA); ++ opt->len = grub_cpu_to_be16 (sizeof (*ia_na)); ++ if (dhcp6->ia_addr) ++ opt->len += grub_cpu_to_be16 (sizeof(*iaaddr) + sizeof (*opt)); ++ ++ ia_na = (struct grub_net_dhcp6_option_iana *)opt->data; ++ ia_na->iaid = grub_cpu_to_be32 (dhcp6->iaid); ++ ++ ia_na->t1 = grub_cpu_to_be32 (dhcp6->t1); ++ ia_na->t2 = grub_cpu_to_be32 (dhcp6->t2); ++ ++ if (dhcp6->ia_addr) ++ { ++ opt = (struct grub_net_dhcp6_option *)ia_na->data; ++ opt->code = grub_cpu_to_be16_compile_time (GRUB_NET_DHCP6_OPTION_IAADDR); ++ opt->len = grub_cpu_to_be16 (sizeof (*iaaddr)); ++ iaaddr = (struct grub_net_dhcp6_option_iaaddr *)opt->data; ++ grub_set_unaligned64 (iaaddr->addr, dhcp6->ia_addr->ipv6[0]); ++ grub_set_unaligned64 (iaaddr->addr + 8, dhcp6->ia_addr->ipv6[1]); ++ ++ iaaddr->preferred_lifetime = grub_cpu_to_be32 (dhcp6->preferred_lifetime); ++ iaaddr->valid_lifetime = grub_cpu_to_be32 (dhcp6->valid_lifetime); ++ } ++ ++ err = grub_netbuff_push (nb, sizeof (*opt) + 2 * sizeof (grub_uint16_t)); ++ if (err) ++ { ++ grub_netbuff_free (nb); ++ return err; ++ } ++ ++ opt = (struct grub_net_dhcp6_option*) nb->data; ++ opt->code = grub_cpu_to_be16_compile_time (GRUB_NET_DHCP6_OPTION_ORO); ++ opt->len = grub_cpu_to_be16_compile_time (2 * sizeof (grub_uint16_t)); ++ grub_set_unaligned16 (opt->data, grub_cpu_to_be16_compile_time (GRUB_NET_DHCP6_OPTION_BOOTFILE_URL)); ++ grub_set_unaligned16 (opt->data + 2, grub_cpu_to_be16_compile_time (GRUB_NET_DHCP6_OPTION_DNS_SERVERS)); ++ ++ err = grub_netbuff_push (nb, sizeof (*opt) + sizeof (grub_uint16_t)); ++ if (err) ++ { ++ grub_netbuff_free (nb); ++ return err; ++ } ++ opt = (struct grub_net_dhcp6_option*) nb->data; ++ opt->code = grub_cpu_to_be16_compile_time (GRUB_NET_DHCP6_OPTION_ELAPSED_TIME); ++ opt->len = grub_cpu_to_be16_compile_time (sizeof (grub_uint16_t)); ++ ++ /* the time is expressed in hundredths of a second */ ++ elapsed = grub_divmod64 (grub_get_time_ms () - se->start_time, 10, 0); ++ ++ if (elapsed > 0xffff) ++ elapsed = 0xffff; ++ ++ grub_set_unaligned16 (opt->data, grub_cpu_to_be16 ((grub_uint16_t)elapsed)); ++ ++ err = grub_netbuff_push (nb, sizeof (*v6h)); ++ if (err) ++ { ++ grub_netbuff_free (nb); ++ return err; ++ } ++ ++ v6h = (struct grub_net_dhcp6_packet *) nb->data; ++ v6h->message_type = GRUB_NET_DHCP6_REQUEST; ++ v6h->transaction_id = se->transaction_id; ++ ++ err = grub_netbuff_push (nb, sizeof (*udph)); ++ if (err) ++ { ++ grub_netbuff_free (nb); ++ return err; ++ } ++ ++ udph = (struct udphdr *) nb->data; ++ udph->src = grub_cpu_to_be16_compile_time (DHCP6_CLIENT_PORT); ++ udph->dst = grub_cpu_to_be16_compile_time (DHCP6_SERVER_PORT); ++ udph->chksum = 0; ++ udph->len = grub_cpu_to_be16 (nb->tail - nb->data); ++ ++ udph->chksum = grub_net_ip_transport_checksum (nb, GRUB_NET_IP_UDP, ++ &inf->address, ++ &multicast); ++ err = grub_net_send_ip_packet (inf, &multicast, &ll_multicast, nb, ++ GRUB_NET_IP_UDP); ++ ++ grub_netbuff_free (nb); ++ ++ return err; ++} ++ ++struct grub_net_network_level_interface * ++grub_net_configure_by_dhcpv6_reply (const char *name, ++ struct grub_net_card *card, ++ grub_net_interface_flags_t flags, ++ const struct grub_net_dhcp6_packet *v6h, ++ grub_size_t size, ++ int is_def, ++ char **device, char **path) ++{ ++ struct grub_net_network_level_interface *inf; ++ grub_dhcp6_options_t dhcp6; ++ ++ dhcp6 = grub_dhcp6_options_get (v6h, size); ++ if (!dhcp6) ++ { ++ grub_print_error (); ++ return NULL; ++ } ++ ++ grub_net_configure_by_dhcp6_info (name, card, dhcp6, is_def, flags, &inf); ++ ++ if (device && dhcp6->boot_file_proto && dhcp6->boot_file_server_ip) ++ { ++ *device = grub_xasprintf ("%s,%s", dhcp6->boot_file_proto, dhcp6->boot_file_server_ip); ++ grub_print_error (); ++ } ++ if (path && dhcp6->boot_file_path) ++ { ++ *path = grub_strdup (dhcp6->boot_file_path); ++ grub_print_error (); ++ if (*path) ++ { ++ char *slash; ++ slash = grub_strrchr (*path, '/'); ++ if (slash) ++ *slash = 0; ++ else ++ **path = 0; ++ } ++ } ++ ++ grub_dhcp6_options_free (dhcp6); ++ return inf; ++} + + void + grub_net_process_dhcp (struct grub_net_buff *nb, +@@ -550,6 +1042,77 @@ grub_net_process_dhcp (struct grub_net_buff *nb, + } + } + ++grub_err_t ++grub_net_process_dhcp6 (struct grub_net_buff *nb, ++ struct grub_net_card *card __attribute__ ((unused))) ++{ ++ const struct grub_net_dhcp6_packet *v6h; ++ grub_dhcp6_session_t se; ++ grub_size_t size; ++ grub_dhcp6_options_t options; ++ ++ v6h = (const struct grub_net_dhcp6_packet *) nb->data; ++ size = nb->tail - nb->data; ++ ++ options = grub_dhcp6_options_get (v6h, size); ++ if (!options) ++ return grub_errno; ++ ++ if (!options->client_duid || !options->server_duid || !options->ia_addr) ++ { ++ grub_dhcp6_options_free (options); ++ return grub_error (GRUB_ERR_BAD_ARGUMENT, "Bad DHCPv6 Packet"); ++ } ++ ++ FOR_DHCP6_SESSIONS (se) ++ { ++ if (se->transaction_id == v6h->transaction_id && ++ grub_memcmp (options->client_duid, &se->duid, sizeof (se->duid)) == 0 && ++ se->iaid == options->iaid) ++ break; ++ } ++ ++ if (!se) ++ { ++ grub_dprintf ("bootp", "DHCPv6 session not found\n"); ++ grub_dhcp6_options_free (options); ++ return GRUB_ERR_NONE; ++ } ++ ++ if (v6h->message_type == GRUB_NET_DHCP6_ADVERTISE) ++ { ++ if (se->adv) ++ { ++ grub_dprintf ("bootp", "Skipped DHCPv6 Advertised .. \n"); ++ grub_dhcp6_options_free (options); ++ return GRUB_ERR_NONE; ++ } ++ ++ se->adv = options; ++ return grub_dhcp6_session_send_request (se); ++ } ++ else if (v6h->message_type == GRUB_NET_DHCP6_REPLY) ++ { ++ if (!se->adv) ++ { ++ grub_dprintf ("bootp", "Skipped DHCPv6 Reply .. \n"); ++ grub_dhcp6_options_free (options); ++ return GRUB_ERR_NONE; ++ } ++ ++ se->reply = options; ++ grub_dhcp6_session_configure_network (se); ++ grub_dhcp6_session_remove (se); ++ return GRUB_ERR_NONE; ++ } ++ else ++ { ++ grub_dhcp6_options_free (options); ++ } ++ ++ return GRUB_ERR_NONE; ++} ++ + static grub_err_t + grub_cmd_dhcpopt (struct grub_command *cmd __attribute__ ((unused)), + int argc, char **args) +@@ -824,7 +1387,174 @@ grub_cmd_bootp (struct grub_command *cmd __attribute__ ((unused)), + return err; + } + +-static grub_command_t cmd_getdhcp, cmd_bootp; ++static grub_err_t ++grub_cmd_bootp6 (struct grub_command *cmd __attribute__ ((unused)), ++ int argc, char **args) ++{ ++ struct grub_net_card *card; ++ grub_uint32_t iaid = 0; ++ int interval; ++ grub_err_t err; ++ grub_dhcp6_session_t se; ++ ++ err = GRUB_ERR_NONE; ++ ++ FOR_NET_CARDS (card) ++ { ++ struct grub_net_network_level_interface *iface; ++ ++ if (argc > 0 && grub_strcmp (card->name, args[0]) != 0) ++ continue; ++ ++ iface = grub_net_ipv6_get_link_local (card, &card->default_address); ++ if (!iface) ++ { ++ grub_dhcp6_session_remove_all (); ++ return grub_errno; ++ } ++ ++ grub_dhcp6_session_add (iface, iaid++); ++ } ++ ++ for (interval = 200; interval < 10000; interval *= 2) ++ { ++ int done = 1; ++ ++ FOR_DHCP6_SESSIONS (se) ++ { ++ struct grub_net_buff *nb; ++ struct grub_net_dhcp6_option *opt; ++ struct grub_net_dhcp6_packet *v6h; ++ struct grub_net_dhcp6_option_duid_ll *duid; ++ struct grub_net_dhcp6_option_iana *ia_na; ++ grub_net_network_level_address_t multicast; ++ grub_net_link_level_address_t ll_multicast; ++ struct udphdr *udph; ++ ++ multicast.type = GRUB_NET_NETWORK_LEVEL_PROTOCOL_IPV6; ++ multicast.ipv6[0] = grub_cpu_to_be64_compile_time (0xff02ULL << 48); ++ multicast.ipv6[1] = grub_cpu_to_be64_compile_time (0x10002ULL); ++ ++ err = grub_net_link_layer_resolve (se->iface, ++ &multicast, &ll_multicast); ++ if (err) ++ { ++ grub_dhcp6_session_remove_all (); ++ return err; ++ } ++ ++ nb = grub_netbuff_alloc (GRUB_DHCP6_DEFAULT_NETBUFF_ALLOC_SIZE); ++ ++ if (!nb) ++ { ++ grub_dhcp6_session_remove_all (); ++ return grub_errno; ++ } ++ ++ err = grub_netbuff_reserve (nb, GRUB_DHCP6_DEFAULT_NETBUFF_ALLOC_SIZE); ++ if (err) ++ { ++ grub_dhcp6_session_remove_all (); ++ grub_netbuff_free (nb); ++ return err; ++ } ++ ++ err = grub_netbuff_push (nb, sizeof (*opt) + sizeof (grub_uint16_t)); ++ if (err) ++ { ++ grub_dhcp6_session_remove_all (); ++ grub_netbuff_free (nb); ++ return err; ++ } ++ ++ opt = (struct grub_net_dhcp6_option *)nb->data; ++ opt->code = grub_cpu_to_be16_compile_time (GRUB_NET_DHCP6_OPTION_ELAPSED_TIME); ++ opt->len = grub_cpu_to_be16_compile_time (sizeof (grub_uint16_t)); ++ grub_set_unaligned16 (opt->data, 0); ++ ++ err = grub_netbuff_push (nb, sizeof (*opt) + sizeof (*duid)); ++ if (err) ++ { ++ grub_dhcp6_session_remove_all (); ++ grub_netbuff_free (nb); ++ return err; ++ } ++ ++ opt = (struct grub_net_dhcp6_option *)nb->data; ++ opt->code = grub_cpu_to_be16_compile_time (GRUB_NET_DHCP6_OPTION_CLIENTID); ++ opt->len = grub_cpu_to_be16 (sizeof (*duid)); ++ ++ duid = (struct grub_net_dhcp6_option_duid_ll *) opt->data; ++ grub_memcpy (duid, &se->duid, sizeof (*duid)); ++ ++ err = grub_netbuff_push (nb, sizeof (*opt) + sizeof (*ia_na)); ++ if (err) ++ { ++ grub_dhcp6_session_remove_all (); ++ grub_netbuff_free (nb); ++ return err; ++ } ++ ++ opt = (struct grub_net_dhcp6_option *)nb->data; ++ opt->code = grub_cpu_to_be16_compile_time (GRUB_NET_DHCP6_OPTION_IA_NA); ++ opt->len = grub_cpu_to_be16 (sizeof (*ia_na)); ++ ia_na = (struct grub_net_dhcp6_option_iana *)opt->data; ++ ia_na->iaid = grub_cpu_to_be32 (se->iaid); ++ ia_na->t1 = 0; ++ ia_na->t2 = 0; ++ ++ err = grub_netbuff_push (nb, sizeof (*v6h)); ++ if (err) ++ { ++ grub_dhcp6_session_remove_all (); ++ grub_netbuff_free (nb); ++ return err; ++ } ++ ++ v6h = (struct grub_net_dhcp6_packet *)nb->data; ++ v6h->message_type = GRUB_NET_DHCP6_SOLICIT; ++ v6h->transaction_id = se->transaction_id; ++ ++ grub_netbuff_push (nb, sizeof (*udph)); ++ ++ udph = (struct udphdr *) nb->data; ++ udph->src = grub_cpu_to_be16_compile_time (DHCP6_CLIENT_PORT); ++ udph->dst = grub_cpu_to_be16_compile_time (DHCP6_SERVER_PORT); ++ udph->chksum = 0; ++ udph->len = grub_cpu_to_be16 (nb->tail - nb->data); ++ ++ udph->chksum = grub_net_ip_transport_checksum (nb, GRUB_NET_IP_UDP, ++ &se->iface->address, &multicast); ++ ++ err = grub_net_send_ip_packet (se->iface, &multicast, ++ &ll_multicast, nb, GRUB_NET_IP_UDP); ++ done = 0; ++ grub_netbuff_free (nb); ++ ++ if (err) ++ { ++ grub_dhcp6_session_remove_all (); ++ return err; ++ } ++ } ++ if (!done) ++ grub_net_poll_cards (interval, 0); ++ } ++ ++ FOR_DHCP6_SESSIONS (se) ++ { ++ grub_error_push (); ++ err = grub_error (GRUB_ERR_FILE_NOT_FOUND, ++ N_("couldn't autoconfigure %s"), ++ se->iface->card->name); ++ } ++ ++ grub_dhcp6_session_remove_all (); ++ ++ return err; ++} ++ ++static grub_command_t cmd_getdhcp, cmd_bootp, cmd_bootp6; + + void + grub_bootp_init (void) +@@ -835,6 +1565,9 @@ grub_bootp_init (void) + cmd_getdhcp = grub_register_command ("net_get_dhcp_option", grub_cmd_dhcpopt, + N_("VAR INTERFACE NUMBER DESCRIPTION"), + N_("retrieve DHCP option and save it into VAR. If VAR is - then print the value.")); ++ cmd_bootp6 = grub_register_command ("net_bootp6", grub_cmd_bootp6, ++ N_("[CARD]"), ++ N_("perform a DHCPv6 autoconfiguration")); + } + + void +@@ -842,4 +1575,5 @@ grub_bootp_fini (void) + { + grub_unregister_command (cmd_getdhcp); + grub_unregister_command (cmd_bootp); ++ grub_unregister_command (cmd_bootp6); + } +diff --git a/grub-core/net/drivers/efi/efinet.c b/grub-core/net/drivers/efi/efinet.c +index cd6dba79f..6fd0a4f49 100644 +--- a/grub-core/net/drivers/efi/efinet.c ++++ b/grub-core/net/drivers/efi/efinet.c +@@ -393,9 +393,6 @@ grub_efi_net_config_real (grub_efi_handle_t hnd, char **device, + pxe_mode = pxe->mode; + if (pxe_mode->using_ipv6) + { +- grub_net_link_level_address_t hwaddr; +- struct grub_net_network_level_interface *intf; +- + grub_dprintf ("efinet", "using ipv6 and dhcpv6\n"); + grub_dprintf ("efinet", "dhcp_ack_received: %s%s\n", + pxe_mode->dhcp_ack_received ? "yes" : "no", +@@ -403,15 +400,14 @@ grub_efi_net_config_real (grub_efi_handle_t hnd, char **device, + if (!pxe_mode->dhcp_ack_received) + continue; + +- hwaddr.type = GRUB_NET_LINK_LEVEL_PROTOCOL_ETHERNET; +- grub_memcpy (hwaddr.mac, +- card->efi_net->mode->current_address, +- sizeof (hwaddr.mac)); +- +- intf = grub_net_configure_by_dhcpv6_ack (card->name, card, 0, &hwaddr, +- (const struct grub_net_dhcpv6_packet *)&pxe_mode->dhcp_ack.dhcpv6, +- 1, device, path); +- if (intf && device && path) ++ grub_net_configure_by_dhcpv6_reply (card->name, card, 0, ++ (struct grub_net_dhcp6_packet *) ++ &pxe_mode->dhcp_ack, ++ sizeof (pxe_mode->dhcp_ack), ++ 1, device, path); ++ if (grub_errno) ++ grub_print_error (); ++ if (device && path) + grub_dprintf ("efinet", "device: `%s' path: `%s'\n", *device, *path); + } + else +diff --git a/grub-core/net/ip.c b/grub-core/net/ip.c +index b2ca74b6e..9a4e589aa 100644 +--- a/grub-core/net/ip.c ++++ b/grub-core/net/ip.c +@@ -239,6 +239,45 @@ handle_dgram (struct grub_net_buff *nb, + { + struct udphdr *udph; + udph = (struct udphdr *) nb->data; ++ ++ if (proto == GRUB_NET_IP_UDP && udph->dst == grub_cpu_to_be16_compile_time (DHCP6_CLIENT_PORT)) ++ { ++ if (udph->chksum) ++ { ++ grub_uint16_t chk, expected; ++ chk = udph->chksum; ++ udph->chksum = 0; ++ expected = grub_net_ip_transport_checksum (nb, ++ GRUB_NET_IP_UDP, ++ source, ++ dest); ++ if (expected != chk) ++ { ++ grub_dprintf ("net", "Invalid UDP checksum. " ++ "Expected %x, got %x\n", ++ grub_be_to_cpu16 (expected), ++ grub_be_to_cpu16 (chk)); ++ grub_netbuff_free (nb); ++ return GRUB_ERR_NONE; ++ } ++ udph->chksum = chk; ++ } ++ ++ err = grub_netbuff_pull (nb, sizeof (*udph)); ++ if (err) ++ { ++ grub_netbuff_free (nb); ++ return err; ++ } ++ ++ err = grub_net_process_dhcp6 (nb, card); ++ if (err) ++ grub_print_error (); ++ ++ grub_netbuff_free (nb); ++ return GRUB_ERR_NONE; ++ } ++ + if (proto == GRUB_NET_IP_UDP && grub_be_to_cpu16 (udph->dst) == 68) + { + const struct grub_net_bootp_packet *bootp; +diff --git a/include/grub/efi/api.h b/include/grub/efi/api.h +index e5b521bd9..1250d493e 100644 +--- a/include/grub/efi/api.h ++++ b/include/grub/efi/api.h +@@ -1507,7 +1507,7 @@ typedef struct grub_efi_pxe_ip_filter + { + grub_efi_uint8_t filters; + grub_efi_uint8_t ip_count; +- grub_efi_uint8_t reserved; ++ grub_efi_uint16_t reserved; + grub_efi_ip_address_t ip_list[GRUB_EFI_PXE_MAX_IPCNT]; + } grub_efi_pxe_ip_filter_t; + +diff --git a/include/grub/net.h b/include/grub/net.h +index f4cd86e58..5f78b22e1 100644 +--- a/include/grub/net.h ++++ b/include/grub/net.h +@@ -447,50 +447,65 @@ struct grub_net_bootp_packet + grub_uint8_t vendor[0]; + } GRUB_PACKED; + +-enum +- { +- GRUB_NET_DHCP6_IA_NA = 3, +- GRUB_NET_DHCP6_IA_ADDRESS = 5, +- GRUB_NET_DHCP6_BOOTFILE_URL = 59, +- }; +- +-struct grub_net_dhcpv6_option ++struct grub_net_dhcp6_packet + { +- grub_uint16_t option_num; +- grub_uint16_t option_len; +- grub_uint8_t option_data[]; ++ grub_uint32_t message_type:8; ++ grub_uint32_t transaction_id:24; ++ grub_uint8_t dhcp_options[0]; + } GRUB_PACKED; +-typedef struct grub_net_dhcpv6_option grub_net_dhcpv6_option_t; + +-struct grub_net_dhcpv6_opt_ia_na +-{ +- grub_uint16_t option_num; +- grub_uint16_t option_len; ++struct grub_net_dhcp6_option { ++ grub_uint16_t code; ++ grub_uint16_t len; ++ grub_uint8_t data[0]; ++} GRUB_PACKED; ++ ++struct grub_net_dhcp6_option_iana { + grub_uint32_t iaid; + grub_uint32_t t1; + grub_uint32_t t2; +- grub_uint8_t options[]; ++ grub_uint8_t data[0]; + } GRUB_PACKED; +-typedef struct grub_net_dhcpv6_opt_ia_na grub_net_dhcpv6_opt_ia_na_t; + +-struct grub_net_dhcpv6_opt_ia_address +-{ +- grub_uint16_t option_num; +- grub_uint16_t option_len; +- grub_uint64_t ipv6_address[2]; ++struct grub_net_dhcp6_option_iaaddr { ++ grub_uint8_t addr[16]; + grub_uint32_t preferred_lifetime; + grub_uint32_t valid_lifetime; +- grub_uint8_t options[]; ++ grub_uint8_t data[0]; + } GRUB_PACKED; +-typedef struct grub_net_dhcpv6_opt_ia_address grub_net_dhcpv6_opt_ia_address_t; + +-struct grub_net_dhcpv6_packet ++struct grub_net_dhcp6_option_duid_ll + { +- grub_uint32_t message_type:8; +- grub_uint32_t transaction_id:24; +- grub_uint8_t dhcp_options[1024]; ++ grub_uint16_t type; ++ grub_uint16_t hw_type; ++ grub_uint8_t hwaddr[6]; + } GRUB_PACKED; +-typedef struct grub_net_dhcpv6_packet grub_net_dhcpv6_packet_t; ++ ++enum ++ { ++ GRUB_NET_DHCP6_SOLICIT = 1, ++ GRUB_NET_DHCP6_ADVERTISE = 2, ++ GRUB_NET_DHCP6_REQUEST = 3, ++ GRUB_NET_DHCP6_REPLY = 7 ++ }; ++ ++enum ++ { ++ DHCP6_CLIENT_PORT = 546, ++ DHCP6_SERVER_PORT = 547 ++ }; ++ ++enum ++ { ++ GRUB_NET_DHCP6_OPTION_CLIENTID = 1, ++ GRUB_NET_DHCP6_OPTION_SERVERID = 2, ++ GRUB_NET_DHCP6_OPTION_IA_NA = 3, ++ GRUB_NET_DHCP6_OPTION_IAADDR = 5, ++ GRUB_NET_DHCP6_OPTION_ORO = 6, ++ GRUB_NET_DHCP6_OPTION_ELAPSED_TIME = 8, ++ GRUB_NET_DHCP6_OPTION_DNS_SERVERS = 23, ++ GRUB_NET_DHCP6_OPTION_BOOTFILE_URL = 59 ++ }; + + #define GRUB_NET_BOOTP_RFC1048_MAGIC_0 0x63 + #define GRUB_NET_BOOTP_RFC1048_MAGIC_1 0x82 +@@ -521,12 +536,12 @@ grub_net_configure_by_dhcp_ack (const char *name, + int is_def, char **device, char **path); + + struct grub_net_network_level_interface * +-grub_net_configure_by_dhcpv6_ack (const char *name, +- struct grub_net_card *card, +- grub_net_interface_flags_t flags, +- const grub_net_link_level_address_t *hwaddr, +- const struct grub_net_dhcpv6_packet *packet, +- int is_def, char **device, char **path); ++grub_net_configure_by_dhcpv6_reply (const char *name, ++ struct grub_net_card *card, ++ grub_net_interface_flags_t flags, ++ const struct grub_net_dhcp6_packet *v6, ++ grub_size_t size, ++ int is_def, char **device, char **path); + + int + grub_ipv6_get_masksize(grub_uint16_t *mask); +@@ -543,6 +558,10 @@ void + grub_net_process_dhcp (struct grub_net_buff *nb, + struct grub_net_card *card); + ++grub_err_t ++grub_net_process_dhcp6 (struct grub_net_buff *nb, ++ struct grub_net_card *card); ++ + int + grub_net_hwaddr_cmp (const grub_net_link_level_address_t *a, + const grub_net_link_level_address_t *b); diff --git a/SOURCES/0170-Put-back-our-code-to-add-a-local-route.patch b/SOURCES/0170-Put-back-our-code-to-add-a-local-route.patch new file mode 100644 index 0000000..aeaf87a --- /dev/null +++ b/SOURCES/0170-Put-back-our-code-to-add-a-local-route.patch @@ -0,0 +1,35 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Thu, 21 Jun 2018 18:32:26 -0400 +Subject: [PATCH] Put back our code to add a local route. + +This was removed by the previous patch. + +Signed-off-by: Peter Jones +--- + grub-core/net/bootp.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/grub-core/net/bootp.c b/grub-core/net/bootp.c +index ff1d7776e..242cd1f4c 100644 +--- a/grub-core/net/bootp.c ++++ b/grub-core/net/bootp.c +@@ -976,6 +976,7 @@ grub_net_configure_by_dhcpv6_reply (const char *name, + { + struct grub_net_network_level_interface *inf; + grub_dhcp6_options_t dhcp6; ++ int mask = -1; + + dhcp6 = grub_dhcp6_options_get (v6h, size); + if (!dhcp6) +@@ -1007,6 +1008,10 @@ grub_net_configure_by_dhcpv6_reply (const char *name, + } + + grub_dhcp6_options_free (dhcp6); ++ ++ if (inf) ++ grub_net_add_ipv6_local (inf, mask); ++ + return inf; + } + diff --git a/SOURCES/0171-efinet-UEFI-IPv6-PXE-support.patch b/SOURCES/0171-efinet-UEFI-IPv6-PXE-support.patch new file mode 100644 index 0000000..3cfe66b --- /dev/null +++ b/SOURCES/0171-efinet-UEFI-IPv6-PXE-support.patch @@ -0,0 +1,126 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Michael Chang +Date: Wed, 15 Apr 2015 14:48:30 +0800 +Subject: [PATCH] efinet: UEFI IPv6 PXE support + +When grub2 image is booted from UEFI IPv6 PXE, the DHCPv6 Reply packet is +cached in firmware buffer which can be obtained by PXE Base Code protocol. The +network interface can be setup through the parameters in that obtained packet. + +Signed-off-by: Michael Chang +Signed-off-by: Ken Lin +--- + grub-core/net/drivers/efi/efinet.c | 2 ++ + include/grub/efi/api.h | 71 +++++++++++++++++++++++--------------- + 2 files changed, 46 insertions(+), 27 deletions(-) + +diff --git a/grub-core/net/drivers/efi/efinet.c b/grub-core/net/drivers/efi/efinet.c +index 6fd0a4f49..712b4f859 100644 +--- a/grub-core/net/drivers/efi/efinet.c ++++ b/grub-core/net/drivers/efi/efinet.c +@@ -409,6 +409,8 @@ grub_efi_net_config_real (grub_efi_handle_t hnd, char **device, + grub_print_error (); + if (device && path) + grub_dprintf ("efinet", "device: `%s' path: `%s'\n", *device, *path); ++ if (grub_errno) ++ grub_print_error (); + } + else + { +diff --git a/include/grub/efi/api.h b/include/grub/efi/api.h +index 1250d493e..2f164d420 100644 +--- a/include/grub/efi/api.h ++++ b/include/grub/efi/api.h +@@ -1499,31 +1499,6 @@ typedef union + grub_efi_pxe_dhcpv6_packet_t dhcpv6; + } grub_efi_pxe_packet_t; + +-#define GRUB_EFI_PXE_MAX_IPCNT 8 +-#define GRUB_EFI_PXE_MAX_ARP_ENTRIES 8 +-#define GRUB_EFI_PXE_MAX_ROUTE_ENTRIES 8 +- +-typedef struct grub_efi_pxe_ip_filter +-{ +- grub_efi_uint8_t filters; +- grub_efi_uint8_t ip_count; +- grub_efi_uint16_t reserved; +- grub_efi_ip_address_t ip_list[GRUB_EFI_PXE_MAX_IPCNT]; +-} grub_efi_pxe_ip_filter_t; +- +-typedef struct grub_efi_pxe_arp_entry +-{ +- grub_efi_ip_address_t ip_addr; +- grub_efi_mac_address_t mac_addr; +-} grub_efi_pxe_arp_entry_t; +- +-typedef struct grub_efi_pxe_route_entry +-{ +- grub_efi_ip_address_t ip_addr; +- grub_efi_ip_address_t subnet_mask; +- grub_efi_ip_address_t gateway_addr; +-} grub_efi_pxe_route_entry_t; +- + typedef struct grub_efi_pxe_icmp_error + { + grub_efi_uint8_t type; +@@ -1549,6 +1524,48 @@ typedef struct grub_efi_pxe_tftp_error + grub_efi_char8_t error_string[127]; + } grub_efi_pxe_tftp_error_t; + ++typedef struct { ++ grub_uint8_t addr[4]; ++} grub_efi_pxe_ipv4_address_t; ++ ++typedef struct { ++ grub_uint8_t addr[16]; ++} grub_efi_pxe_ipv6_address_t; ++ ++typedef struct { ++ grub_uint8_t addr[32]; ++} grub_efi_pxe_mac_address_t; ++ ++typedef union { ++ grub_uint32_t addr[4]; ++ grub_efi_pxe_ipv4_address_t v4; ++ grub_efi_pxe_ipv6_address_t v6; ++} grub_efi_pxe_ip_address_t; ++ ++#define GRUB_EFI_PXE_BASE_CODE_MAX_IPCNT 8 ++typedef struct grub_efi_pxe_ip_filter ++{ ++ grub_efi_uint8_t filters; ++ grub_efi_uint8_t ip_count; ++ grub_efi_uint16_t reserved; ++ grub_efi_ip_address_t ip_list[GRUB_EFI_PXE_BASE_CODE_MAX_IPCNT]; ++} grub_efi_pxe_ip_filter_t; ++ ++typedef struct { ++ grub_efi_pxe_ip_address_t ip_addr; ++ grub_efi_pxe_mac_address_t mac_addr; ++} grub_efi_pxe_arp_entry_t; ++ ++typedef struct { ++ grub_efi_pxe_ip_address_t ip_addr; ++ grub_efi_pxe_ip_address_t subnet_mask; ++ grub_efi_pxe_ip_address_t gw_addr; ++} grub_efi_pxe_route_entry_t; ++ ++ ++#define GRUB_EFI_PXE_BASE_CODE_MAX_ARP_ENTRIES 8 ++#define GRUB_EFI_PXE_BASE_CODE_MAX_ROUTE_ENTRIES 8 ++ + typedef struct grub_efi_pxe_mode + { + grub_efi_boolean_t started; +@@ -1580,9 +1597,9 @@ typedef struct grub_efi_pxe_mode + grub_efi_pxe_packet_t pxe_bis_reply; + grub_efi_pxe_ip_filter_t ip_filter; + grub_efi_uint32_t arp_cache_entries; +- grub_efi_pxe_arp_entry_t arp_cache[GRUB_EFI_PXE_MAX_ARP_ENTRIES]; ++ grub_efi_pxe_arp_entry_t arp_cache[GRUB_EFI_PXE_BASE_CODE_MAX_ARP_ENTRIES]; + grub_efi_uint32_t route_table_entries; +- grub_efi_pxe_route_entry_t route_table[GRUB_EFI_PXE_MAX_ROUTE_ENTRIES]; ++ grub_efi_pxe_route_entry_t route_table[GRUB_EFI_PXE_BASE_CODE_MAX_ROUTE_ENTRIES]; + grub_efi_pxe_icmp_error_t icmp_error; + grub_efi_pxe_tftp_error_t tftp_error; + } grub_efi_pxe_mode_t; diff --git a/SOURCES/0172-grub.texi-Add-net_bootp6-doument.patch b/SOURCES/0172-grub.texi-Add-net_bootp6-doument.patch new file mode 100644 index 0000000..42b885e --- /dev/null +++ b/SOURCES/0172-grub.texi-Add-net_bootp6-doument.patch @@ -0,0 +1,48 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Michael Chang +Date: Tue, 5 May 2015 14:19:24 +0800 +Subject: [PATCH] grub.texi: Add net_bootp6 doument + +Update grub documentation for net_bootp6 command. + +Signed-off-by: Michael Chang +Signed-off-by: Ken Lin +--- + docs/grub.texi | 17 +++++++++++++++++ + 1 file changed, 17 insertions(+) + +diff --git a/docs/grub.texi b/docs/grub.texi +index 2b7b7faf8..c54bee316 100644 +--- a/docs/grub.texi ++++ b/docs/grub.texi +@@ -5303,6 +5303,7 @@ This command is only available on AArch64 systems. + * net_add_dns:: Add a DNS server + * net_add_route:: Add routing entry + * net_bootp:: Perform a bootp autoconfiguration ++* net_bootp6:: Perform a DHCPv6 autoconfiguration + * net_del_addr:: Remove IP address from interface + * net_del_dns:: Remove a DNS server + * net_del_route:: Remove a route entry +@@ -5384,6 +5385,22 @@ Sets environment variable @samp{net_}@var{}@samp{_dhcp_extensionspath} + + @end deffn + ++@node net_bootp6 ++@subsection net_bootp6 ++ ++@deffn Command net_bootp6 [@var{card}] ++Perform configuration of @var{card} using DHCPv6 protocol. If no card name is ++specified, try to configure all existing cards. If configuration was ++successful, interface with name @var{card}@samp{:dhcp6} and configured address ++is added to @var{card}. ++ ++@table @samp ++@item 1 (Domain Name Server) ++Adds all servers from option value to the list of servers used during name ++resolution. ++@end table ++ ++@end deffn + + @node net_del_addr + @subsection net_del_addr diff --git a/SOURCES/0173-bootp-Add-processing-DHCPACK-packet-from-HTTP-Boot.patch b/SOURCES/0173-bootp-Add-processing-DHCPACK-packet-from-HTTP-Boot.patch new file mode 100644 index 0000000..0a237f8 --- /dev/null +++ b/SOURCES/0173-bootp-Add-processing-DHCPACK-packet-from-HTTP-Boot.patch @@ -0,0 +1,135 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Michael Chang +Date: Thu, 14 Jul 2016 18:45:14 +0800 +Subject: [PATCH] bootp: Add processing DHCPACK packet from HTTP Boot + +The vendor class identifier with the string "HTTPClient" is used to denote the +packet as responding to HTTP boot request. In DHCP4 config, the filename for +HTTP boot is the URL of the boot file while for PXE boot it is the path to the +boot file. As a consequence, the next-server becomes obseleted because the HTTP +URL already contains the server address for the boot file. For DHCP6 config, +there's no difference definition in existing config as dhcp6.bootfile-url can +be used to specify URL for both HTTP and PXE boot file. + +This patch adds processing for "HTTPClient" vendor class identifier in DHCPACK +packet by treating it as HTTP format, not as the PXE format. + +Signed-off-by: Michael Chang +Signed-off-by: Ken Lin +--- + grub-core/net/bootp.c | 68 +++++++++++++++++++++++++++++++++++++++++++++++++-- + include/grub/net.h | 1 + + 2 files changed, 67 insertions(+), 2 deletions(-) + +diff --git a/grub-core/net/bootp.c b/grub-core/net/bootp.c +index 242cd1f4c..8b6fc9f24 100644 +--- a/grub-core/net/bootp.c ++++ b/grub-core/net/bootp.c +@@ -20,6 +20,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -254,6 +255,11 @@ parse_dhcp_vendor (const char *name, const void *vend, int limit, int *mask) + taglength); + break; + ++ case GRUB_NET_BOOTP_VENDOR_CLASS_IDENTIFIER: ++ grub_env_set_net_property (name, "vendor_class_identifier", (const char *) ptr, ++ taglength); ++ break; ++ + case GRUB_NET_BOOTP_EXTENSIONS_PATH: + grub_env_set_net_property (name, "extensionspath", (const char *) ptr, + taglength); +@@ -357,6 +363,66 @@ grub_net_configure_by_dhcp_ack (const char *name, + } + #endif + ++ if (size > OFFSET_OF (vendor, bp)) ++ { ++ char *cidvar; ++ const char *cid; ++ ++ parse_dhcp_vendor (name, &bp->vendor, size - OFFSET_OF (vendor, bp), &mask); ++ cidvar = grub_xasprintf ("net_%s_%s", name, "vendor_class_identifier"); ++ cid = grub_env_get (cidvar); ++ grub_free (cidvar); ++ ++ if (cid && grub_strcmp (cid, "HTTPClient") == 0) ++ { ++ char *proto, *ip, *pa; ++ ++ if (!dissect_url (bp->boot_file, &proto, &ip, &pa)) ++ return inter; ++ ++ grub_env_set_net_property (name, "boot_file", pa, grub_strlen (pa)); ++ if (is_def) ++ { ++ grub_net_default_server = grub_strdup (ip); ++ grub_env_set ("net_default_interface", name); ++ grub_env_export ("net_default_interface"); ++ } ++ if (device && !*device) ++ { ++ *device = grub_xasprintf ("%s,%s", proto, ip); ++ grub_print_error (); ++ } ++ if (path) ++ { ++ *path = grub_strdup (pa); ++ grub_print_error (); ++ if (*path) ++ { ++ char *slash; ++ slash = grub_strrchr (*path, '/'); ++ if (slash) ++ *slash = 0; ++ else ++ **path = 0; ++ } ++ } ++ grub_net_add_ipv4_local (inter, mask); ++ inter->dhcp_ack = grub_malloc (size); ++ if (inter->dhcp_ack) ++ { ++ grub_memcpy (inter->dhcp_ack, bp, size); ++ inter->dhcp_acklen = size; ++ } ++ else ++ grub_errno = GRUB_ERR_NONE; ++ ++ grub_free (proto); ++ grub_free (ip); ++ grub_free (pa); ++ return inter; ++ } ++ } ++ + if (size > OFFSET_OF (boot_file, bp)) + grub_env_set_net_property (name, "boot_file", bp->boot_file, + sizeof (bp->boot_file)); +@@ -421,8 +487,6 @@ grub_net_configure_by_dhcp_ack (const char *name, + **path = 0; + } + } +- if (size > OFFSET_OF (vendor, bp)) +- parse_dhcp_vendor (name, &bp->vendor, size - OFFSET_OF (vendor, bp), &mask); + grub_net_add_ipv4_local (inter, mask); + + inter->dhcp_ack = grub_malloc (size); +diff --git a/include/grub/net.h b/include/grub/net.h +index 5f78b22e1..9cf6da689 100644 +--- a/include/grub/net.h ++++ b/include/grub/net.h +@@ -522,6 +522,7 @@ enum + GRUB_NET_BOOTP_DOMAIN = 0x0f, + GRUB_NET_BOOTP_ROOT_PATH = 0x11, + GRUB_NET_BOOTP_EXTENSIONS_PATH = 0x12, ++ GRUB_NET_BOOTP_VENDOR_CLASS_IDENTIFIER = 0x3C, + GRUB_NET_BOOTP_CLIENT_ID = 0x3d, + GRUB_NET_BOOTP_CLIENT_UUID = 0x61, + GRUB_NET_BOOTP_END = 0xff diff --git a/SOURCES/0174-efinet-Setting-network-from-UEFI-device-path.patch b/SOURCES/0174-efinet-Setting-network-from-UEFI-device-path.patch new file mode 100644 index 0000000..685957e --- /dev/null +++ b/SOURCES/0174-efinet-Setting-network-from-UEFI-device-path.patch @@ -0,0 +1,405 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Michael Chang +Date: Sun, 10 Jul 2016 23:46:31 +0800 +Subject: [PATCH] efinet: Setting network from UEFI device path + +The PXE Base Code protocol used to obtain cached PXE DHCPACK packet is no +longer provided for HTTP Boot. Instead, we have to get the HTTP boot +information from the device path nodes defined in following UEFI Specification +sections. + + 9.3.5.12 IPv4 Device Path + 9.3.5.13 IPv6 Device Path + 9.3.5.23 Uniform Resource Identifiers (URI) Device Path + +This patch basically does: + +include/grub/efi/api.h: +Add new structure of Uniform Resource Identifiers (URI) Device Path + +grub-core/net/drivers/efi/efinet.c: +Check if PXE Base Code is available, if not it will try to obtain the netboot +information from the device path where the image booted from. The DHCPACK +packet is recoverd from the information in device patch and feed into the same +DHCP packet processing functions to ensure the network interface is setting up +the same way it used to be. + +Signed-off-by: Michael Chang +Signed-off-by: Ken Lin +--- + grub-core/net/drivers/efi/efinet.c | 284 +++++++++++++++++++++++++++++++++++-- + include/grub/efi/api.h | 11 ++ + 2 files changed, 280 insertions(+), 15 deletions(-) + +diff --git a/grub-core/net/drivers/efi/efinet.c b/grub-core/net/drivers/efi/efinet.c +index 712b4f859..3e51e1064 100644 +--- a/grub-core/net/drivers/efi/efinet.c ++++ b/grub-core/net/drivers/efi/efinet.c +@@ -27,6 +27,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -332,6 +333,227 @@ grub_efinet_findcards (void) + grub_free (handles); + } + ++static struct grub_net_buff * ++grub_efinet_create_dhcp_ack_from_device_path (grub_efi_device_path_t *dp, int *use_ipv6) ++{ ++ grub_efi_uint16_t uri_len; ++ grub_efi_device_path_t *ldp, *ddp; ++ grub_efi_uri_device_path_t *uri_dp; ++ struct grub_net_buff *nb; ++ grub_err_t err; ++ ++ ddp = grub_efi_duplicate_device_path (dp); ++ if (!ddp) ++ return NULL; ++ ++ ldp = grub_efi_find_last_device_path (ddp); ++ ++ if (GRUB_EFI_DEVICE_PATH_TYPE (ldp) != GRUB_EFI_MESSAGING_DEVICE_PATH_TYPE ++ || GRUB_EFI_DEVICE_PATH_SUBTYPE (ldp) != GRUB_EFI_URI_DEVICE_PATH_SUBTYPE) ++ { ++ grub_free (ddp); ++ return NULL; ++ } ++ ++ uri_len = GRUB_EFI_DEVICE_PATH_LENGTH (ldp) > 4 ? GRUB_EFI_DEVICE_PATH_LENGTH (ldp) - 4 : 0; ++ ++ if (!uri_len) ++ { ++ grub_free (ddp); ++ return NULL; ++ } ++ ++ uri_dp = (grub_efi_uri_device_path_t *) ldp; ++ ++ ldp->type = GRUB_EFI_END_DEVICE_PATH_TYPE; ++ ldp->subtype = GRUB_EFI_END_ENTIRE_DEVICE_PATH_SUBTYPE; ++ ldp->length = sizeof (*ldp); ++ ++ ldp = grub_efi_find_last_device_path (ddp); ++ ++ if (GRUB_EFI_DEVICE_PATH_TYPE (ldp) != GRUB_EFI_MESSAGING_DEVICE_PATH_TYPE ++ || (GRUB_EFI_DEVICE_PATH_SUBTYPE (ldp) != GRUB_EFI_IPV4_DEVICE_PATH_SUBTYPE ++ && GRUB_EFI_DEVICE_PATH_SUBTYPE (ldp) != GRUB_EFI_IPV6_DEVICE_PATH_SUBTYPE)) ++ { ++ grub_free (ddp); ++ return NULL; ++ } ++ ++ nb = grub_netbuff_alloc (512); ++ if (!nb) ++ { ++ grub_free (ddp); ++ return NULL; ++ } ++ ++ if (GRUB_EFI_DEVICE_PATH_SUBTYPE (ldp) == GRUB_EFI_IPV4_DEVICE_PATH_SUBTYPE) ++ { ++ grub_efi_ipv4_device_path_t *ipv4 = (grub_efi_ipv4_device_path_t *) ldp; ++ struct grub_net_bootp_packet *bp; ++ grub_uint8_t *ptr; ++ ++ bp = (struct grub_net_bootp_packet *) nb->tail; ++ err = grub_netbuff_put (nb, sizeof (*bp) + 4); ++ if (err) ++ { ++ grub_free (ddp); ++ grub_netbuff_free (nb); ++ return NULL; ++ } ++ ++ if (sizeof(bp->boot_file) < uri_len) ++ { ++ grub_free (ddp); ++ grub_netbuff_free (nb); ++ return NULL; ++ } ++ grub_memcpy (bp->boot_file, uri_dp->uri, uri_len); ++ grub_memcpy (&bp->your_ip, ipv4->local_ip_address, sizeof (bp->your_ip)); ++ grub_memcpy (&bp->server_ip, ipv4->remote_ip_address, sizeof (bp->server_ip)); ++ ++ bp->vendor[0] = GRUB_NET_BOOTP_RFC1048_MAGIC_0; ++ bp->vendor[1] = GRUB_NET_BOOTP_RFC1048_MAGIC_1; ++ bp->vendor[2] = GRUB_NET_BOOTP_RFC1048_MAGIC_2; ++ bp->vendor[3] = GRUB_NET_BOOTP_RFC1048_MAGIC_3; ++ ++ ptr = nb->tail; ++ err = grub_netbuff_put (nb, sizeof (ipv4->subnet_mask) + 2); ++ if (err) ++ { ++ grub_free (ddp); ++ grub_netbuff_free (nb); ++ return NULL; ++ } ++ *ptr++ = GRUB_NET_BOOTP_NETMASK; ++ *ptr++ = sizeof (ipv4->subnet_mask); ++ grub_memcpy (ptr, ipv4->subnet_mask, sizeof (ipv4->subnet_mask)); ++ ++ ptr = nb->tail; ++ err = grub_netbuff_put (nb, sizeof (ipv4->gateway_ip_address) + 2); ++ if (err) ++ { ++ grub_free (ddp); ++ grub_netbuff_free (nb); ++ return NULL; ++ } ++ *ptr++ = GRUB_NET_BOOTP_ROUTER; ++ *ptr++ = sizeof (ipv4->gateway_ip_address); ++ grub_memcpy (ptr, ipv4->gateway_ip_address, sizeof (ipv4->gateway_ip_address)); ++ ++ ptr = nb->tail; ++ err = grub_netbuff_put (nb, sizeof ("HTTPClient") + 1); ++ if (err) ++ { ++ grub_free (ddp); ++ grub_netbuff_free (nb); ++ return NULL; ++ } ++ *ptr++ = GRUB_NET_BOOTP_VENDOR_CLASS_IDENTIFIER; ++ *ptr++ = sizeof ("HTTPClient") - 1; ++ grub_memcpy (ptr, "HTTPClient", sizeof ("HTTPClient") - 1); ++ ++ ptr = nb->tail; ++ err = grub_netbuff_put (nb, 1); ++ if (err) ++ { ++ grub_free (ddp); ++ grub_netbuff_free (nb); ++ return NULL; ++ } ++ *ptr = GRUB_NET_BOOTP_END; ++ *use_ipv6 = 0; ++ ++ ldp->type = GRUB_EFI_END_DEVICE_PATH_TYPE; ++ ldp->subtype = GRUB_EFI_END_ENTIRE_DEVICE_PATH_SUBTYPE; ++ ldp->length = sizeof (*ldp); ++ ldp = grub_efi_find_last_device_path (ddp); ++ ++ if (GRUB_EFI_DEVICE_PATH_SUBTYPE (ldp) == GRUB_EFI_MAC_ADDRESS_DEVICE_PATH_SUBTYPE) ++ { ++ grub_efi_mac_address_device_path_t *mac = (grub_efi_mac_address_device_path_t *) ldp; ++ bp->hw_type = mac->if_type; ++ bp->hw_len = sizeof (bp->mac_addr); ++ grub_memcpy (bp->mac_addr, mac->mac_address, bp->hw_len); ++ } ++ } ++ else ++ { ++ grub_efi_ipv6_device_path_t *ipv6 = (grub_efi_ipv6_device_path_t *) ldp; ++ ++ struct grub_net_dhcp6_packet *d6p; ++ struct grub_net_dhcp6_option *opt; ++ struct grub_net_dhcp6_option_iana *iana; ++ struct grub_net_dhcp6_option_iaaddr *iaaddr; ++ ++ d6p = (struct grub_net_dhcp6_packet *)nb->tail; ++ err = grub_netbuff_put (nb, sizeof(*d6p)); ++ if (err) ++ { ++ grub_free (ddp); ++ grub_netbuff_free (nb); ++ return NULL; ++ } ++ d6p->message_type = GRUB_NET_DHCP6_REPLY; ++ ++ opt = (struct grub_net_dhcp6_option *)nb->tail; ++ err = grub_netbuff_put (nb, sizeof(*opt)); ++ if (err) ++ { ++ grub_free (ddp); ++ grub_netbuff_free (nb); ++ return NULL; ++ } ++ opt->code = grub_cpu_to_be16_compile_time (GRUB_NET_DHCP6_OPTION_IA_NA); ++ opt->len = grub_cpu_to_be16_compile_time (sizeof(*iana) + sizeof(*opt) + sizeof(*iaaddr)); ++ ++ err = grub_netbuff_put (nb, sizeof(*iana)); ++ if (err) ++ { ++ grub_free (ddp); ++ grub_netbuff_free (nb); ++ return NULL; ++ } ++ ++ opt = (struct grub_net_dhcp6_option *)nb->tail; ++ err = grub_netbuff_put (nb, sizeof(*opt)); ++ if (err) ++ { ++ grub_free (ddp); ++ grub_netbuff_free (nb); ++ return NULL; ++ } ++ opt->code = grub_cpu_to_be16_compile_time (GRUB_NET_DHCP6_OPTION_IAADDR); ++ opt->len = grub_cpu_to_be16_compile_time (sizeof (*iaaddr)); ++ ++ iaaddr = (struct grub_net_dhcp6_option_iaaddr *)nb->tail; ++ err = grub_netbuff_put (nb, sizeof(*iaaddr)); ++ if (err) ++ { ++ grub_free (ddp); ++ grub_netbuff_free (nb); ++ return NULL; ++ } ++ grub_memcpy (iaaddr->addr, ipv6->local_ip_address, sizeof(ipv6->local_ip_address)); ++ ++ opt = (struct grub_net_dhcp6_option *)nb->tail; ++ err = grub_netbuff_put (nb, sizeof(*opt) + uri_len); ++ if (err) ++ { ++ grub_free (ddp); ++ grub_netbuff_free (nb); ++ return NULL; ++ } ++ opt->code = grub_cpu_to_be16_compile_time (GRUB_NET_DHCP6_OPTION_BOOTFILE_URL); ++ opt->len = grub_cpu_to_be16 (uri_len); ++ grub_memcpy (opt->data, uri_dp->uri, uri_len); ++ ++ *use_ipv6 = 1; ++ } ++ ++ grub_free (ddp); ++ return nb; ++} ++ + static void + grub_efi_net_config_real (grub_efi_handle_t hnd, char **device, + char **path) +@@ -347,7 +569,11 @@ grub_efi_net_config_real (grub_efi_handle_t hnd, char **device, + { + grub_efi_device_path_t *cdp; + struct grub_efi_pxe *pxe; +- struct grub_efi_pxe_mode *pxe_mode; ++ struct grub_efi_pxe_mode *pxe_mode = NULL; ++ grub_uint8_t *packet_buf; ++ grub_size_t packet_bufsz ; ++ int ipv6; ++ struct grub_net_buff *nb = NULL; + + if (card->driver != &efidriver) + continue; +@@ -370,11 +596,21 @@ grub_efi_net_config_real (grub_efi_handle_t hnd, char **device, + */ + if (GRUB_EFI_DEVICE_PATH_TYPE (ldp) != GRUB_EFI_MESSAGING_DEVICE_PATH_TYPE + || (GRUB_EFI_DEVICE_PATH_SUBTYPE (ldp) != GRUB_EFI_IPV4_DEVICE_PATH_SUBTYPE +- && GRUB_EFI_DEVICE_PATH_SUBTYPE (ldp) != GRUB_EFI_IPV6_DEVICE_PATH_SUBTYPE)) ++ && GRUB_EFI_DEVICE_PATH_SUBTYPE (ldp) != GRUB_EFI_IPV6_DEVICE_PATH_SUBTYPE ++ && GRUB_EFI_DEVICE_PATH_SUBTYPE (ldp) != GRUB_EFI_URI_DEVICE_PATH_SUBTYPE)) + continue; + dup_dp = grub_efi_duplicate_device_path (dp); + if (!dup_dp) + continue; ++ ++ if (GRUB_EFI_DEVICE_PATH_SUBTYPE (ldp) == GRUB_EFI_URI_DEVICE_PATH_SUBTYPE) ++ { ++ dup_ldp = grub_efi_find_last_device_path (dup_dp); ++ dup_ldp->type = GRUB_EFI_END_DEVICE_PATH_TYPE; ++ dup_ldp->subtype = GRUB_EFI_END_ENTIRE_DEVICE_PATH_SUBTYPE; ++ dup_ldp->length = sizeof (*dup_ldp); ++ } ++ + dup_ldp = grub_efi_find_last_device_path (dup_dp); + dup_ldp->type = GRUB_EFI_END_DEVICE_PATH_TYPE; + dup_ldp->subtype = GRUB_EFI_END_ENTIRE_DEVICE_PATH_SUBTYPE; +@@ -387,23 +623,37 @@ grub_efi_net_config_real (grub_efi_handle_t hnd, char **device, + + pxe = grub_efi_open_protocol (hnd, &pxe_io_guid, + GRUB_EFI_OPEN_PROTOCOL_GET_PROTOCOL); +- if (! pxe) +- continue; ++ if (!pxe) ++ { ++ nb = grub_efinet_create_dhcp_ack_from_device_path (dp, &ipv6); ++ if (!nb) ++ { ++ grub_print_error (); ++ continue; ++ } ++ packet_buf = nb->head; ++ packet_bufsz = nb->tail - nb->head; ++ } ++ else ++ { ++ pxe_mode = pxe->mode; ++ packet_buf = (grub_uint8_t *) &pxe_mode->dhcp_ack; ++ packet_bufsz = sizeof (pxe_mode->dhcp_ack); ++ ipv6 = pxe_mode->using_ipv6; ++ } + +- pxe_mode = pxe->mode; +- if (pxe_mode->using_ipv6) ++ if (ipv6) + { + grub_dprintf ("efinet", "using ipv6 and dhcpv6\n"); +- grub_dprintf ("efinet", "dhcp_ack_received: %s%s\n", +- pxe_mode->dhcp_ack_received ? "yes" : "no", +- pxe_mode->dhcp_ack_received ? "" : " cannot continue"); +- if (!pxe_mode->dhcp_ack_received) +- continue; ++ if (pxe_mode) ++ grub_dprintf ("efinet", "dhcp_ack_received: %s%s\n", ++ pxe_mode->dhcp_ack_received ? "yes" : "no", ++ pxe_mode->dhcp_ack_received ? "" : " cannot continue"); + + grub_net_configure_by_dhcpv6_reply (card->name, card, 0, + (struct grub_net_dhcp6_packet *) +- &pxe_mode->dhcp_ack, +- sizeof (pxe_mode->dhcp_ack), ++ packet_buf, ++ packet_bufsz, + 1, device, path); + if (grub_errno) + grub_print_error (); +@@ -417,11 +667,15 @@ grub_efi_net_config_real (grub_efi_handle_t hnd, char **device, + grub_dprintf ("efinet", "using ipv4 and dhcp\n"); + grub_net_configure_by_dhcp_ack (card->name, card, 0, + (struct grub_net_bootp_packet *) +- &pxe_mode->dhcp_ack, +- sizeof (pxe_mode->dhcp_ack), ++ packet_buf, ++ packet_bufsz, + 1, device, path); + grub_dprintf ("efinet", "device: `%s' path: `%s'\n", *device, *path); + } ++ ++ if (nb) ++ grub_netbuff_free (nb); ++ + return; + } + } +diff --git a/include/grub/efi/api.h b/include/grub/efi/api.h +index 2f164d420..eb6bb5085 100644 +--- a/include/grub/efi/api.h ++++ b/include/grub/efi/api.h +@@ -839,6 +839,8 @@ struct grub_efi_ipv4_device_path + grub_efi_uint16_t remote_port; + grub_efi_uint16_t protocol; + grub_efi_uint8_t static_ip_address; ++ grub_efi_ipv4_address_t gateway_ip_address; ++ grub_efi_ipv4_address_t subnet_mask; + } GRUB_PACKED; + typedef struct grub_efi_ipv4_device_path grub_efi_ipv4_device_path_t; + +@@ -893,6 +895,15 @@ struct grub_efi_sata_device_path + } GRUB_PACKED; + typedef struct grub_efi_sata_device_path grub_efi_sata_device_path_t; + ++#define GRUB_EFI_URI_DEVICE_PATH_SUBTYPE 24 ++ ++struct grub_efi_uri_device_path ++{ ++ grub_efi_device_path_t header; ++ grub_efi_uint8_t uri[0]; ++} GRUB_PACKED; ++typedef struct grub_efi_uri_device_path grub_efi_uri_device_path_t; ++ + #define GRUB_EFI_VENDOR_MESSAGING_DEVICE_PATH_SUBTYPE 10 + + /* Media Device Path. */ diff --git a/SOURCES/0175-efinet-Setting-DNS-server-from-UEFI-protocol.patch b/SOURCES/0175-efinet-Setting-DNS-server-from-UEFI-protocol.patch new file mode 100644 index 0000000..ba64f0e --- /dev/null +++ b/SOURCES/0175-efinet-Setting-DNS-server-from-UEFI-protocol.patch @@ -0,0 +1,337 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Michael Chang +Date: Thu, 14 Jul 2016 17:48:45 +0800 +Subject: [PATCH] efinet: Setting DNS server from UEFI protocol + +In the URI device path node, any name rahter than address can be used for +looking up the resources so that DNS service become needed to get answer of the +name's address. Unfortunately the DNS is not defined in any of the device path +nodes so that we use the EFI_IP4_CONFIG2_PROTOCOL and EFI_IP6_CONFIG_PROTOCOL +to obtain it. + +These two protcols are defined the sections of UEFI specification. + + 27.5 EFI IPv4 Configuration II Protocol + 27.7 EFI IPv6 Configuration Protocol + +include/grub/efi/api.h: +Add new structure and protocol UUID of EFI_IP4_CONFIG2_PROTOCOL and +EFI_IP6_CONFIG_PROTOCOL. + +grub-core/net/drivers/efi/efinet.c: +Use the EFI_IP4_CONFIG2_PROTOCOL and EFI_IP6_CONFIG_PROTOCOL to obtain the list +of DNS server address for IPv4 and IPv6 respectively. The address of DNS +servers is structured into DHCPACK packet and feed into the same DHCP packet +processing functions to ensure the network interface is setting up the same way +it used to be. + +Signed-off-by: Michael Chang +Signed-off-by: Ken Lin +--- + grub-core/net/drivers/efi/efinet.c | 163 +++++++++++++++++++++++++++++++++++++ + include/grub/efi/api.h | 76 +++++++++++++++++ + 2 files changed, 239 insertions(+) + +diff --git a/grub-core/net/drivers/efi/efinet.c b/grub-core/net/drivers/efi/efinet.c +index 3e51e1064..3d7750747 100644 +--- a/grub-core/net/drivers/efi/efinet.c ++++ b/grub-core/net/drivers/efi/efinet.c +@@ -34,6 +34,8 @@ GRUB_MOD_LICENSE ("GPLv3+"); + /* GUID. */ + static grub_efi_guid_t net_io_guid = GRUB_EFI_SIMPLE_NETWORK_GUID; + static grub_efi_guid_t pxe_io_guid = GRUB_EFI_PXE_GUID; ++static grub_efi_guid_t ip4_config_guid = GRUB_EFI_IP4_CONFIG2_PROTOCOL_GUID; ++static grub_efi_guid_t ip6_config_guid = GRUB_EFI_IP6_CONFIG_PROTOCOL_GUID; + + static grub_err_t + send_card_buffer (struct grub_net_card *dev, +@@ -333,6 +335,125 @@ grub_efinet_findcards (void) + grub_free (handles); + } + ++static grub_efi_handle_t ++grub_efi_locate_device_path (grub_efi_guid_t *protocol, grub_efi_device_path_t *device_path, ++ grub_efi_device_path_t **r_device_path) ++{ ++ grub_efi_handle_t handle; ++ grub_efi_status_t status; ++ ++ status = efi_call_3 (grub_efi_system_table->boot_services->locate_device_path, ++ protocol, &device_path, &handle); ++ ++ if (status != GRUB_EFI_SUCCESS) ++ return 0; ++ ++ if (r_device_path) ++ *r_device_path = device_path; ++ ++ return handle; ++} ++ ++static grub_efi_ipv4_address_t * ++grub_dns_server_ip4_address (grub_efi_device_path_t *dp, grub_efi_uintn_t *num_dns) ++{ ++ grub_efi_handle_t hnd; ++ grub_efi_status_t status; ++ grub_efi_ip4_config2_protocol_t *conf; ++ grub_efi_ipv4_address_t *addrs; ++ grub_efi_uintn_t data_size = 1 * sizeof (grub_efi_ipv4_address_t); ++ ++ hnd = grub_efi_locate_device_path (&ip4_config_guid, dp, NULL); ++ ++ if (!hnd) ++ return 0; ++ ++ conf = grub_efi_open_protocol (hnd, &ip4_config_guid, ++ GRUB_EFI_OPEN_PROTOCOL_GET_PROTOCOL); ++ ++ if (!conf) ++ return 0; ++ ++ addrs = grub_malloc (data_size); ++ if (!addrs) ++ return 0; ++ ++ status = efi_call_4 (conf->get_data, conf, ++ GRUB_EFI_IP4_CONFIG2_DATA_TYPE_DNSSERVER, ++ &data_size, addrs); ++ ++ if (status == GRUB_EFI_BUFFER_TOO_SMALL) ++ { ++ grub_free (addrs); ++ addrs = grub_malloc (data_size); ++ if (!addrs) ++ return 0; ++ ++ status = efi_call_4 (conf->get_data, conf, ++ GRUB_EFI_IP4_CONFIG2_DATA_TYPE_DNSSERVER, ++ &data_size, addrs); ++ } ++ ++ if (status != GRUB_EFI_SUCCESS) ++ { ++ grub_free (addrs); ++ return 0; ++ } ++ ++ *num_dns = data_size / sizeof (grub_efi_ipv4_address_t); ++ return addrs; ++} ++ ++static grub_efi_ipv6_address_t * ++grub_dns_server_ip6_address (grub_efi_device_path_t *dp, grub_efi_uintn_t *num_dns) ++{ ++ grub_efi_handle_t hnd; ++ grub_efi_status_t status; ++ grub_efi_ip6_config_protocol_t *conf; ++ grub_efi_ipv6_address_t *addrs; ++ grub_efi_uintn_t data_size = 1 * sizeof (grub_efi_ipv6_address_t); ++ ++ hnd = grub_efi_locate_device_path (&ip6_config_guid, dp, NULL); ++ ++ if (!hnd) ++ return 0; ++ ++ conf = grub_efi_open_protocol (hnd, &ip6_config_guid, ++ GRUB_EFI_OPEN_PROTOCOL_GET_PROTOCOL); ++ ++ if (!conf) ++ return 0; ++ ++ addrs = grub_malloc (data_size); ++ if (!addrs) ++ return 0; ++ ++ status = efi_call_4 (conf->get_data, conf, ++ GRUB_EFI_IP6_CONFIG_DATA_TYPE_DNSSERVER, ++ &data_size, addrs); ++ ++ if (status == GRUB_EFI_BUFFER_TOO_SMALL) ++ { ++ grub_free (addrs); ++ addrs = grub_malloc (data_size); ++ if (!addrs) ++ return 0; ++ ++ status = efi_call_4 (conf->get_data, conf, ++ GRUB_EFI_IP6_CONFIG_DATA_TYPE_DNSSERVER, ++ &data_size, addrs); ++ } ++ ++ if (status != GRUB_EFI_SUCCESS) ++ { ++ grub_free (addrs); ++ return 0; ++ } ++ ++ *num_dns = data_size / sizeof (grub_efi_ipv6_address_t); ++ return addrs; ++} ++ + static struct grub_net_buff * + grub_efinet_create_dhcp_ack_from_device_path (grub_efi_device_path_t *dp, int *use_ipv6) + { +@@ -391,6 +512,8 @@ grub_efinet_create_dhcp_ack_from_device_path (grub_efi_device_path_t *dp, int *u + grub_efi_ipv4_device_path_t *ipv4 = (grub_efi_ipv4_device_path_t *) ldp; + struct grub_net_bootp_packet *bp; + grub_uint8_t *ptr; ++ grub_efi_ipv4_address_t *dns; ++ grub_efi_uintn_t num_dns; + + bp = (struct grub_net_bootp_packet *) nb->tail; + err = grub_netbuff_put (nb, sizeof (*bp) + 4); +@@ -452,6 +575,25 @@ grub_efinet_create_dhcp_ack_from_device_path (grub_efi_device_path_t *dp, int *u + *ptr++ = sizeof ("HTTPClient") - 1; + grub_memcpy (ptr, "HTTPClient", sizeof ("HTTPClient") - 1); + ++ dns = grub_dns_server_ip4_address (dp, &num_dns); ++ if (dns) ++ { ++ grub_efi_uintn_t size_dns = sizeof (*dns) * num_dns; ++ ++ ptr = nb->tail; ++ err = grub_netbuff_put (nb, size_dns + 2); ++ if (err) ++ { ++ grub_free (ddp); ++ grub_netbuff_free (nb); ++ return NULL; ++ } ++ *ptr++ = GRUB_NET_BOOTP_DNS; ++ *ptr++ = size_dns; ++ grub_memcpy (ptr, dns, size_dns); ++ grub_free (dns); ++ } ++ + ptr = nb->tail; + err = grub_netbuff_put (nb, 1); + if (err) +@@ -484,6 +626,8 @@ grub_efinet_create_dhcp_ack_from_device_path (grub_efi_device_path_t *dp, int *u + struct grub_net_dhcp6_option *opt; + struct grub_net_dhcp6_option_iana *iana; + struct grub_net_dhcp6_option_iaaddr *iaaddr; ++ grub_efi_ipv6_address_t *dns; ++ grub_efi_uintn_t num_dns; + + d6p = (struct grub_net_dhcp6_packet *)nb->tail; + err = grub_netbuff_put (nb, sizeof(*d6p)); +@@ -547,6 +691,25 @@ grub_efinet_create_dhcp_ack_from_device_path (grub_efi_device_path_t *dp, int *u + opt->len = grub_cpu_to_be16 (uri_len); + grub_memcpy (opt->data, uri_dp->uri, uri_len); + ++ dns = grub_dns_server_ip6_address (dp, &num_dns); ++ if (dns) ++ { ++ grub_efi_uintn_t size_dns = sizeof (*dns) * num_dns; ++ ++ opt = (struct grub_net_dhcp6_option *)nb->tail; ++ err = grub_netbuff_put (nb, sizeof(*opt) + size_dns); ++ if (err) ++ { ++ grub_free (ddp); ++ grub_netbuff_free (nb); ++ return NULL; ++ } ++ opt->code = grub_cpu_to_be16_compile_time (GRUB_NET_DHCP6_OPTION_DNS_SERVERS); ++ opt->len = grub_cpu_to_be16 (size_dns); ++ grub_memcpy (opt->data, dns, size_dns); ++ grub_free (dns); ++ } ++ + *use_ipv6 = 1; + } + +diff --git a/include/grub/efi/api.h b/include/grub/efi/api.h +index eb6bb5085..dd3b07eac 100644 +--- a/include/grub/efi/api.h ++++ b/include/grub/efi/api.h +@@ -334,6 +334,16 @@ + { 0x8B, 0x8C, 0xE2, 0x1B, 0x01, 0xAE, 0xF2, 0xB7 } \ + } + ++#define GRUB_EFI_IP4_CONFIG2_PROTOCOL_GUID \ ++ { 0x5b446ed1, 0xe30b, 0x4faa, \ ++ { 0x87, 0x1a, 0x36, 0x54, 0xec, 0xa3, 0x60, 0x80 } \ ++ } ++ ++#define GRUB_EFI_IP6_CONFIG_PROTOCOL_GUID \ ++ { 0x937fe521, 0x95ae, 0x4d1a, \ ++ { 0x89, 0x29, 0x48, 0xbc, 0xd9, 0x0a, 0xd3, 0x1a } \ ++ } ++ + struct grub_efi_sal_system_table + { + grub_uint32_t signature; +@@ -1838,6 +1848,72 @@ struct grub_efi_block_io + }; + typedef struct grub_efi_block_io grub_efi_block_io_t; + ++enum grub_efi_ip4_config2_data_type { ++ GRUB_EFI_IP4_CONFIG2_DATA_TYPE_INTERFACEINFO, ++ GRUB_EFI_IP4_CONFIG2_DATA_TYPE_POLICY, ++ GRUB_EFI_IP4_CONFIG2_DATA_TYPE_MANUAL_ADDRESS, ++ GRUB_EFI_IP4_CONFIG2_DATA_TYPE_GATEWAY, ++ GRUB_EFI_IP4_CONFIG2_DATA_TYPE_DNSSERVER, ++ GRUB_EFI_IP4_CONFIG2_DATA_TYPE_MAXIMUM ++}; ++typedef enum grub_efi_ip4_config2_data_type grub_efi_ip4_config2_data_type_t; ++ ++struct grub_efi_ip4_config2_protocol ++{ ++ grub_efi_status_t (*set_data) (struct grub_efi_ip4_config2_protocol *this, ++ grub_efi_ip4_config2_data_type_t data_type, ++ grub_efi_uintn_t data_size, ++ void *data); ++ ++ grub_efi_status_t (*get_data) (struct grub_efi_ip4_config2_protocol *this, ++ grub_efi_ip4_config2_data_type_t data_type, ++ grub_efi_uintn_t *data_size, ++ void *data); ++ ++ grub_efi_status_t (*register_data_notify) (struct grub_efi_ip4_config2_protocol *this, ++ grub_efi_ip4_config2_data_type_t data_type, ++ grub_efi_event_t event); ++ ++ grub_efi_status_t (*unregister_datanotify) (struct grub_efi_ip4_config2_protocol *this, ++ grub_efi_ip4_config2_data_type_t data_type, ++ grub_efi_event_t event); ++}; ++typedef struct grub_efi_ip4_config2_protocol grub_efi_ip4_config2_protocol_t; ++ ++enum grub_efi_ip6_config_data_type { ++ GRUB_EFI_IP6_CONFIG_DATA_TYPE_INTERFACEINFO, ++ GRUB_EFI_IP6_CONFIG_DATA_TYPE_ALT_INTERFACEID, ++ GRUB_EFI_IP6_CONFIG_DATA_TYPE_POLICY, ++ GRUB_EFI_IP6_CONFIG_DATA_TYPE_DUP_ADDR_DETECT_TRANSMITS, ++ GRUB_EFI_IP6_CONFIG_DATA_TYPE_MANUAL_ADDRESS, ++ GRUB_EFI_IP6_CONFIG_DATA_TYPE_GATEWAY, ++ GRUB_EFI_IP6_CONFIG_DATA_TYPE_DNSSERVER, ++ GRUB_EFI_IP6_CONFIG_DATA_TYPE_MAXIMUM ++}; ++typedef enum grub_efi_ip6_config_data_type grub_efi_ip6_config_data_type_t; ++ ++struct grub_efi_ip6_config_protocol ++{ ++ grub_efi_status_t (*set_data) (struct grub_efi_ip6_config_protocol *this, ++ grub_efi_ip6_config_data_type_t data_type, ++ grub_efi_uintn_t data_size, ++ void *data); ++ ++ grub_efi_status_t (*get_data) (struct grub_efi_ip6_config_protocol *this, ++ grub_efi_ip6_config_data_type_t data_type, ++ grub_efi_uintn_t *data_size, ++ void *data); ++ ++ grub_efi_status_t (*register_data_notify) (struct grub_efi_ip6_config_protocol *this, ++ grub_efi_ip6_config_data_type_t data_type, ++ grub_efi_event_t event); ++ ++ grub_efi_status_t (*unregister_datanotify) (struct grub_efi_ip6_config_protocol *this, ++ grub_efi_ip6_config_data_type_t data_type, ++ grub_efi_event_t event); ++}; ++typedef struct grub_efi_ip6_config_protocol grub_efi_ip6_config_protocol_t; ++ + #if (GRUB_TARGET_SIZEOF_VOID_P == 4) || defined (__ia64__) \ + || defined (__aarch64__) || defined (__MINGW64__) || defined (__CYGWIN__) + diff --git a/SOURCES/0176-Fix-one-more-coverity-complaint.patch b/SOURCES/0176-Fix-one-more-coverity-complaint.patch new file mode 100644 index 0000000..6e9d0c4 --- /dev/null +++ b/SOURCES/0176-Fix-one-more-coverity-complaint.patch @@ -0,0 +1,27 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Thu, 25 May 2017 11:27:40 -0400 +Subject: [PATCH] Fix one more coverity complaint + +No idea why covscan thinks this is an "added" bug, since the file hasn't +changed in 3 years, but... yeah. + +Signed-off-by: Peter Jones +--- + grub-core/normal/completion.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/grub-core/normal/completion.c b/grub-core/normal/completion.c +index 2c9b9e931..93aa0d8ed 100644 +--- a/grub-core/normal/completion.c ++++ b/grub-core/normal/completion.c +@@ -284,7 +284,8 @@ complete_file (void) + + /* Cut away the filename part. */ + dirfile = grub_strrchr (dir, '/'); +- dirfile[1] = '\0'; ++ if (dirfile) ++ dirfile[1] = '\0'; + + /* Iterate the directory. */ + (fs->dir) (dev, dir, iterate_dir, NULL); diff --git a/SOURCES/0177-Fix-grub_net_hwaddr_to_str.patch b/SOURCES/0177-Fix-grub_net_hwaddr_to_str.patch new file mode 100644 index 0000000..d2e13c7 --- /dev/null +++ b/SOURCES/0177-Fix-grub_net_hwaddr_to_str.patch @@ -0,0 +1,41 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Mark Salter +Date: Tue, 22 Aug 2017 12:21:12 -0400 +Subject: [PATCH] Fix grub_net_hwaddr_to_str + +commit 5c3b78c92f8 introduced support for larger network hw addresses. +However, grub_net_hwaddr_to_str() relies on GRUB_NET_MAX_STR_ADDRESS_SIZE +to prevent a spurious ':' at the end of the string. So now, if actual +hwaddr size is less than max, an extra ':' appears at the end of the +string. So calculate max string size based on actual hwaddr length to +fix the problem. + +Signed-off-by: Mark Salter +--- + grub-core/net/net.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/grub-core/net/net.c b/grub-core/net/net.c +index a0f4d00f0..191e8e41b 100644 +--- a/grub-core/net/net.c ++++ b/grub-core/net/net.c +@@ -770,6 +770,7 @@ grub_net_hwaddr_to_str (const grub_net_link_level_address_t *addr, char *str) + { + char *ptr; + unsigned i; ++ int maxstr; + + if (addr->len > GRUB_NET_MAX_LINK_ADDRESS_SIZE) + { +@@ -778,9 +779,10 @@ grub_net_hwaddr_to_str (const grub_net_link_level_address_t *addr, char *str) + addr->type, addr->len); + return; + } ++ maxstr = addr->len * grub_strlen ("XX:"); + for (ptr = str, i = 0; i < addr->len; i++) + { +- ptr += grub_snprintf (ptr, GRUB_NET_MAX_STR_HWADDR_LEN - (ptr - str), ++ ptr += grub_snprintf (ptr, maxstr - (ptr - str), + "%02x:", addr->mac[i] & 0xff); + } + } diff --git a/SOURCES/0178-Support-UEFI-networking-protocols.patch b/SOURCES/0178-Support-UEFI-networking-protocols.patch new file mode 100644 index 0000000..9e46d4a --- /dev/null +++ b/SOURCES/0178-Support-UEFI-networking-protocols.patch @@ -0,0 +1,5055 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Michael Chang +Date: Wed, 22 Feb 2017 14:27:50 +0800 +Subject: [PATCH] Support UEFI networking protocols + +References: fate#320130, bsc#1015589, bsc#1076132 +Patch-Mainline: no + +V1: + * Add preliminary support of UEFI networking protocols + * Support UEFI HTTPS Boot + +V2: + * Workaround http data access in firmware + * Fix DNS device path parsing for efinet device + * Relaxed UEFI Protocol requirement + * Support Intel OPA (Omni-Path Architecture) PXE Boot + +V3: + * Fix bufio in calculating address of next_buf + * Check HTTP respond code + * Use HEAD request method to test before GET + * Finish HTTP transaction in one go + * Fix bsc#1076132 +--- + grub-core/Makefile.core.def | 18 + + grub-core/io/bufio.c | 2 +- + grub-core/kern/efi/efi.c | 96 ++- + grub-core/net/drivers/efi/efinet.c | 27 + + grub-core/net/efi/dhcp.c | 397 ++++++++++ + grub-core/net/efi/efi_netfs.c | 57 ++ + grub-core/net/efi/http.c | 419 +++++++++++ + grub-core/net/efi/ip4_config.c | 398 ++++++++++ + grub-core/net/efi/ip6_config.c | 422 +++++++++++ + grub-core/net/efi/net.c | 1428 ++++++++++++++++++++++++++++++++++++ + grub-core/net/efi/pxe.c | 424 +++++++++++ + grub-core/net/net.c | 74 ++ + util/grub-mknetdir.c | 23 +- + include/grub/efi/api.h | 180 ++++- + include/grub/efi/dhcp.h | 343 +++++++++ + include/grub/efi/http.h | 215 ++++++ + include/grub/net/efi.h | 144 ++++ + 17 files changed, 4626 insertions(+), 41 deletions(-) + create mode 100644 grub-core/net/efi/dhcp.c + create mode 100644 grub-core/net/efi/efi_netfs.c + create mode 100644 grub-core/net/efi/http.c + create mode 100644 grub-core/net/efi/ip4_config.c + create mode 100644 grub-core/net/efi/ip6_config.c + create mode 100644 grub-core/net/efi/net.c + create mode 100644 grub-core/net/efi/pxe.c + create mode 100644 include/grub/efi/dhcp.h + create mode 100644 include/grub/efi/http.h + create mode 100644 include/grub/net/efi.h + +diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def +index 420831bc8..2851437e0 100644 +--- a/grub-core/Makefile.core.def ++++ b/grub-core/Makefile.core.def +@@ -2181,6 +2181,18 @@ module = { + common = hook/datehook.c; + }; + ++module = { ++ name = efi_netfs; ++ common = net/efi/efi_netfs.c; ++ common = net/efi/net.c; ++ common = net/efi/http.c; ++ common = net/efi/pxe.c; ++ common = net/efi/ip4_config.c; ++ common = net/efi/ip6_config.c; ++ common = net/efi/dhcp.c; ++ enable = efi; ++}; ++ + module = { + name = net; + common = net/net.c; +@@ -2195,6 +2207,12 @@ module = { + common = net/arp.c; + common = net/netbuff.c; + common = net/url.c; ++ efi = net/efi/net.c; ++ efi = net/efi/http.c; ++ efi = net/efi/pxe.c; ++ efi = net/efi/ip4_config.c; ++ efi = net/efi/ip6_config.c; ++ efi = net/efi/dhcp.c; + }; + + module = { +diff --git a/grub-core/io/bufio.c b/grub-core/io/bufio.c +index dbed64744..6118bade5 100644 +--- a/grub-core/io/bufio.c ++++ b/grub-core/io/bufio.c +@@ -139,7 +139,7 @@ grub_bufio_read (grub_file_t file, char *buf, grub_size_t len) + return res; + + /* Need to read some more. */ +- next_buf = (file->offset + res + len - 1) & ~((grub_off_t) bufio->block_size - 1); ++ next_buf = (grub_divmod64 (file->offset + res + len - 1, bufio->block_size, NULL)) * bufio->block_size; + /* Now read between file->offset + res and bufio->buffer_at. */ + if (file->offset + res < next_buf) + { +diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c +index a2a732ffc..4d36fe311 100644 +--- a/grub-core/kern/efi/efi.c ++++ b/grub-core/kern/efi/efi.c +@@ -696,7 +696,7 @@ grub_efi_print_device_path (grub_efi_device_path_t *dp) + { + grub_efi_ipv4_device_path_t *ipv4 + = (grub_efi_ipv4_device_path_t *) dp; +- grub_printf ("/IPv4(%u.%u.%u.%u,%u.%u.%u.%u,%u,%u,%x,%x)", ++ grub_printf ("/IPv4(%u.%u.%u.%u,%u.%u.%u.%u,%u,%u,%x,%x", + (unsigned) ipv4->local_ip_address[0], + (unsigned) ipv4->local_ip_address[1], + (unsigned) ipv4->local_ip_address[2], +@@ -709,33 +709,60 @@ grub_efi_print_device_path (grub_efi_device_path_t *dp) + (unsigned) ipv4->remote_port, + (unsigned) ipv4->protocol, + (unsigned) ipv4->static_ip_address); ++ if (len == sizeof (*ipv4)) ++ { ++ grub_printf (",%u.%u.%u.%u,%u.%u.%u.%u", ++ (unsigned) ipv4->gateway_ip_address[0], ++ (unsigned) ipv4->gateway_ip_address[1], ++ (unsigned) ipv4->gateway_ip_address[2], ++ (unsigned) ipv4->gateway_ip_address[3], ++ (unsigned) ipv4->subnet_mask[0], ++ (unsigned) ipv4->subnet_mask[1], ++ (unsigned) ipv4->subnet_mask[2], ++ (unsigned) ipv4->subnet_mask[3]); ++ } ++ grub_printf (")"); + } + break; + case GRUB_EFI_IPV6_DEVICE_PATH_SUBTYPE: + { + grub_efi_ipv6_device_path_t *ipv6 + = (grub_efi_ipv6_device_path_t *) dp; +- grub_printf ("/IPv6(%x:%x:%x:%x:%x:%x:%x:%x,%x:%x:%x:%x:%x:%x:%x:%x,%u,%u,%x,%x)", +- (unsigned) ipv6->local_ip_address[0], +- (unsigned) ipv6->local_ip_address[1], +- (unsigned) ipv6->local_ip_address[2], +- (unsigned) ipv6->local_ip_address[3], +- (unsigned) ipv6->local_ip_address[4], +- (unsigned) ipv6->local_ip_address[5], +- (unsigned) ipv6->local_ip_address[6], +- (unsigned) ipv6->local_ip_address[7], +- (unsigned) ipv6->remote_ip_address[0], +- (unsigned) ipv6->remote_ip_address[1], +- (unsigned) ipv6->remote_ip_address[2], +- (unsigned) ipv6->remote_ip_address[3], +- (unsigned) ipv6->remote_ip_address[4], +- (unsigned) ipv6->remote_ip_address[5], +- (unsigned) ipv6->remote_ip_address[6], +- (unsigned) ipv6->remote_ip_address[7], ++ grub_printf ("/IPv6(%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x,%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x,%u,%u,%x,%x", ++ (unsigned) grub_be_to_cpu16 (ipv6->local_ip_address[0]), ++ (unsigned) grub_be_to_cpu16 (ipv6->local_ip_address[1]), ++ (unsigned) grub_be_to_cpu16 (ipv6->local_ip_address[2]), ++ (unsigned) grub_be_to_cpu16 (ipv6->local_ip_address[3]), ++ (unsigned) grub_be_to_cpu16 (ipv6->local_ip_address[4]), ++ (unsigned) grub_be_to_cpu16 (ipv6->local_ip_address[5]), ++ (unsigned) grub_be_to_cpu16 (ipv6->local_ip_address[6]), ++ (unsigned) grub_be_to_cpu16 (ipv6->local_ip_address[7]), ++ (unsigned) grub_be_to_cpu16 (ipv6->remote_ip_address[0]), ++ (unsigned) grub_be_to_cpu16 (ipv6->remote_ip_address[1]), ++ (unsigned) grub_be_to_cpu16 (ipv6->remote_ip_address[2]), ++ (unsigned) grub_be_to_cpu16 (ipv6->remote_ip_address[3]), ++ (unsigned) grub_be_to_cpu16 (ipv6->remote_ip_address[4]), ++ (unsigned) grub_be_to_cpu16 (ipv6->remote_ip_address[5]), ++ (unsigned) grub_be_to_cpu16 (ipv6->remote_ip_address[6]), ++ (unsigned) grub_be_to_cpu16 (ipv6->remote_ip_address[7]), + (unsigned) ipv6->local_port, + (unsigned) ipv6->remote_port, + (unsigned) ipv6->protocol, + (unsigned) ipv6->static_ip_address); ++ if (len == sizeof (*ipv6)) ++ { ++ grub_printf (",%u,%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x", ++ (unsigned) ipv6->prefix_length, ++ (unsigned) grub_be_to_cpu16 (ipv6->gateway_ip_address[0]), ++ (unsigned) grub_be_to_cpu16 (ipv6->gateway_ip_address[1]), ++ (unsigned) grub_be_to_cpu16 (ipv6->gateway_ip_address[2]), ++ (unsigned) grub_be_to_cpu16 (ipv6->gateway_ip_address[3]), ++ (unsigned) grub_be_to_cpu16 (ipv6->gateway_ip_address[4]), ++ (unsigned) grub_be_to_cpu16 (ipv6->gateway_ip_address[5]), ++ (unsigned) grub_be_to_cpu16 (ipv6->gateway_ip_address[6]), ++ (unsigned) grub_be_to_cpu16 (ipv6->gateway_ip_address[7])); ++ } ++ grub_printf (")"); + } + break; + case GRUB_EFI_INFINIBAND_DEVICE_PATH_SUBTYPE: +@@ -775,6 +802,39 @@ grub_efi_print_device_path (grub_efi_device_path_t *dp) + dump_vendor_path ("Messaging", + (grub_efi_vendor_device_path_t *) dp); + break; ++ case GRUB_EFI_URI_DEVICE_PATH_SUBTYPE: ++ { ++ grub_efi_uri_device_path_t *uri ++ = (grub_efi_uri_device_path_t *) dp; ++ grub_printf ("/URI(%s)", uri->uri); ++ } ++ break; ++ case GRUB_EFI_DNS_DEVICE_PATH_SUBTYPE: ++ { ++ grub_efi_dns_device_path_t *dns ++ = (grub_efi_dns_device_path_t *) dp; ++ if (dns->is_ipv6) ++ { ++ grub_printf ("/DNS(%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x)", ++ (grub_uint16_t)(grub_be_to_cpu32(dns->dns_server_ip[0].addr[0]) >> 16), ++ (grub_uint16_t)(grub_be_to_cpu32(dns->dns_server_ip[0].addr[0])), ++ (grub_uint16_t)(grub_be_to_cpu32(dns->dns_server_ip[0].addr[1]) >> 16), ++ (grub_uint16_t)(grub_be_to_cpu32(dns->dns_server_ip[0].addr[1])), ++ (grub_uint16_t)(grub_be_to_cpu32(dns->dns_server_ip[0].addr[2]) >> 16), ++ (grub_uint16_t)(grub_be_to_cpu32(dns->dns_server_ip[0].addr[2])), ++ (grub_uint16_t)(grub_be_to_cpu32(dns->dns_server_ip[0].addr[3]) >> 16), ++ (grub_uint16_t)(grub_be_to_cpu32(dns->dns_server_ip[0].addr[3]))); ++ } ++ else ++ { ++ grub_printf ("/DNS(%d.%d.%d.%d)", ++ dns->dns_server_ip[0].v4.addr[0], ++ dns->dns_server_ip[0].v4.addr[1], ++ dns->dns_server_ip[0].v4.addr[2], ++ dns->dns_server_ip[0].v4.addr[3]); ++ } ++ } ++ break; + default: + grub_printf ("/UnknownMessaging(%x)", (unsigned) subtype); + break; +diff --git a/grub-core/net/drivers/efi/efinet.c b/grub-core/net/drivers/efi/efinet.c +index 3d7750747..df7760ad2 100644 +--- a/grub-core/net/drivers/efi/efinet.c ++++ b/grub-core/net/drivers/efi/efinet.c +@@ -28,6 +28,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -492,6 +493,17 @@ grub_efinet_create_dhcp_ack_from_device_path (grub_efi_device_path_t *dp, int *u + + ldp = grub_efi_find_last_device_path (ddp); + ++ /* Skip the DNS Device */ ++ if (GRUB_EFI_DEVICE_PATH_TYPE (ldp) == GRUB_EFI_MESSAGING_DEVICE_PATH_TYPE ++ && GRUB_EFI_DEVICE_PATH_SUBTYPE (ldp) == GRUB_EFI_DNS_DEVICE_PATH_SUBTYPE) ++ { ++ ldp->type = GRUB_EFI_END_DEVICE_PATH_TYPE; ++ ldp->subtype = GRUB_EFI_END_ENTIRE_DEVICE_PATH_SUBTYPE; ++ ldp->length = sizeof (*ldp); ++ ++ ldp = grub_efi_find_last_device_path (ddp); ++ } ++ + if (GRUB_EFI_DEVICE_PATH_TYPE (ldp) != GRUB_EFI_MESSAGING_DEVICE_PATH_TYPE + || (GRUB_EFI_DEVICE_PATH_SUBTYPE (ldp) != GRUB_EFI_IPV4_DEVICE_PATH_SUBTYPE + && GRUB_EFI_DEVICE_PATH_SUBTYPE (ldp) != GRUB_EFI_IPV6_DEVICE_PATH_SUBTYPE)) +@@ -760,6 +772,7 @@ grub_efi_net_config_real (grub_efi_handle_t hnd, char **device, + if (GRUB_EFI_DEVICE_PATH_TYPE (ldp) != GRUB_EFI_MESSAGING_DEVICE_PATH_TYPE + || (GRUB_EFI_DEVICE_PATH_SUBTYPE (ldp) != GRUB_EFI_IPV4_DEVICE_PATH_SUBTYPE + && GRUB_EFI_DEVICE_PATH_SUBTYPE (ldp) != GRUB_EFI_IPV6_DEVICE_PATH_SUBTYPE ++ && GRUB_EFI_DEVICE_PATH_SUBTYPE (ldp) != GRUB_EFI_DNS_DEVICE_PATH_SUBTYPE + && GRUB_EFI_DEVICE_PATH_SUBTYPE (ldp) != GRUB_EFI_URI_DEVICE_PATH_SUBTYPE)) + continue; + dup_dp = grub_efi_duplicate_device_path (dp); +@@ -774,6 +787,15 @@ grub_efi_net_config_real (grub_efi_handle_t hnd, char **device, + dup_ldp->length = sizeof (*dup_ldp); + } + ++ dup_ldp = grub_efi_find_last_device_path (dup_dp); ++ if (GRUB_EFI_DEVICE_PATH_SUBTYPE (dup_ldp) == GRUB_EFI_DNS_DEVICE_PATH_SUBTYPE) ++ { ++ dup_ldp = grub_efi_find_last_device_path (dup_dp); ++ dup_ldp->type = GRUB_EFI_END_DEVICE_PATH_TYPE; ++ dup_ldp->subtype = GRUB_EFI_END_ENTIRE_DEVICE_PATH_SUBTYPE; ++ dup_ldp->length = sizeof (*dup_ldp); ++ } ++ + dup_ldp = grub_efi_find_last_device_path (dup_dp); + dup_ldp->type = GRUB_EFI_END_DEVICE_PATH_TYPE; + dup_ldp->subtype = GRUB_EFI_END_ENTIRE_DEVICE_PATH_SUBTYPE; +@@ -845,6 +867,9 @@ grub_efi_net_config_real (grub_efi_handle_t hnd, char **device, + + GRUB_MOD_INIT(efinet) + { ++ if (grub_efi_net_config) ++ return; ++ + grub_efinet_findcards (); + grub_efi_net_config = grub_efi_net_config_real; + } +@@ -856,5 +881,7 @@ GRUB_MOD_FINI(efinet) + FOR_NET_CARDS_SAFE (card, next) + if (card->driver == &efidriver) + grub_net_card_unregister (card); ++ ++ grub_efi_net_config = NULL; + } + +diff --git a/grub-core/net/efi/dhcp.c b/grub-core/net/efi/dhcp.c +new file mode 100644 +index 000000000..dbef63d8c +--- /dev/null ++++ b/grub-core/net/efi/dhcp.c +@@ -0,0 +1,397 @@ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++#ifdef GRUB_EFI_NET_DEBUG ++static void ++dhcp4_mode_print (grub_efi_dhcp4_mode_data_t *mode) ++{ ++ switch (mode->state) ++ { ++ case GRUB_EFI_DHCP4_STOPPED: ++ grub_printf ("STATE: STOPPED\n"); ++ break; ++ case GRUB_EFI_DHCP4_INIT: ++ grub_printf ("STATE: INIT\n"); ++ break; ++ case GRUB_EFI_DHCP4_SELECTING: ++ grub_printf ("STATE: SELECTING\n"); ++ break; ++ case GRUB_EFI_DHCP4_REQUESTING: ++ grub_printf ("STATE: REQUESTING\n"); ++ break; ++ case GRUB_EFI_DHCP4_BOUND: ++ grub_printf ("STATE: BOUND\n"); ++ break; ++ case GRUB_EFI_DHCP4_RENEWING: ++ grub_printf ("STATE: RENEWING\n"); ++ break; ++ case GRUB_EFI_DHCP4_REBINDING: ++ grub_printf ("STATE: REBINDING\n"); ++ break; ++ case GRUB_EFI_DHCP4_INIT_REBOOT: ++ grub_printf ("STATE: INIT_REBOOT\n"); ++ break; ++ case GRUB_EFI_DHCP4_REBOOTING: ++ grub_printf ("STATE: REBOOTING\n"); ++ break; ++ default: ++ grub_printf ("STATE: UNKNOWN\n"); ++ break; ++ } ++ ++ grub_printf ("CLIENT_ADDRESS: %u.%u.%u.%u\n", ++ mode->client_address[0], ++ mode->client_address[1], ++ mode->client_address[2], ++ mode->client_address[3]); ++ grub_printf ("SERVER_ADDRESS: %u.%u.%u.%u\n", ++ mode->server_address[0], ++ mode->server_address[1], ++ mode->server_address[2], ++ mode->server_address[3]); ++ grub_printf ("SUBNET_MASK: %u.%u.%u.%u\n", ++ mode->subnet_mask[0], ++ mode->subnet_mask[1], ++ mode->subnet_mask[2], ++ mode->subnet_mask[3]); ++ grub_printf ("ROUTER_ADDRESS: %u.%u.%u.%u\n", ++ mode->router_address[0], ++ mode->router_address[1], ++ mode->router_address[2], ++ mode->router_address[3]); ++} ++#endif ++ ++static grub_efi_ipv4_address_t * ++grub_efi_dhcp4_parse_dns (grub_efi_dhcp4_protocol_t *dhcp4, grub_efi_dhcp4_packet_t *reply_packet) ++{ ++ grub_efi_dhcp4_packet_option_t **option_list; ++ grub_efi_status_t status; ++ grub_efi_uint32_t option_count = 0; ++ grub_efi_uint32_t i; ++ ++ status = efi_call_4 (dhcp4->parse, dhcp4, reply_packet, &option_count, NULL); ++ ++ if (status != GRUB_EFI_BUFFER_TOO_SMALL) ++ return NULL; ++ ++ option_list = grub_malloc (option_count * sizeof(*option_list)); ++ if (!option_list) ++ return NULL; ++ ++ status = efi_call_4 (dhcp4->parse, dhcp4, reply_packet, &option_count, option_list); ++ if (status != GRUB_EFI_SUCCESS) ++ { ++ grub_free (option_list); ++ return NULL; ++ } ++ ++ for (i = 0; i < option_count; ++i) ++ { ++ if (option_list[i]->op_code == 6) ++ { ++ grub_efi_ipv4_address_t *dns_address; ++ ++ if (((option_list[i]->length & 0x3) != 0) || (option_list[i]->length == 0)) ++ continue; ++ ++ /* We only contact primary dns */ ++ dns_address = grub_malloc (sizeof (*dns_address)); ++ if (!dns_address) ++ { ++ grub_free (option_list); ++ return NULL; ++ } ++ grub_memcpy (dns_address, option_list[i]->data, sizeof (dns_address)); ++ grub_free (option_list); ++ return dns_address; ++ } ++ } ++ ++ grub_free (option_list); ++ return NULL; ++} ++ ++#if 0 ++/* Somehow this doesn't work ... */ ++static grub_err_t ++grub_cmd_efi_bootp (struct grub_command *cmd __attribute__ ((unused)), ++ int argc __attribute__ ((unused)), ++ char **args __attribute__ ((unused))) ++{ ++ struct grub_efi_net_device *dev; ++ for (dev = net_devices; dev; dev = dev->next) ++ { ++ grub_efi_pxe_t *pxe = dev->ip4_pxe; ++ grub_efi_pxe_mode_t *mode = pxe->mode; ++ grub_efi_status_t status; ++ ++ if (!mode->started) ++ { ++ status = efi_call_2 (pxe->start, pxe, 0); ++ ++ if (status != GRUB_EFI_SUCCESS) ++ grub_printf ("Couldn't start PXE\n"); ++ } ++ ++ status = efi_call_2 (pxe->dhcp, pxe, 0); ++ if (status != GRUB_EFI_SUCCESS) ++ { ++ grub_printf ("dhcp4 configure failed, %d\n", (int)status); ++ continue; ++ } ++ ++ dev->prefer_ip6 = 0; ++ } ++ ++ return GRUB_ERR_NONE; ++} ++#endif ++ ++static grub_err_t ++grub_cmd_efi_bootp (struct grub_command *cmd __attribute__ ((unused)), ++ int argc, ++ char **args) ++{ ++ struct grub_efi_net_device *netdev; ++ ++ for (netdev = net_devices; netdev; netdev = netdev->next) ++ { ++ grub_efi_status_t status; ++ grub_efi_dhcp4_mode_data_t mode; ++ grub_efi_dhcp4_config_data_t config; ++ grub_efi_dhcp4_packet_option_t *options; ++ grub_efi_ipv4_address_t *dns_address; ++ grub_efi_net_ip_manual_address_t net_ip; ++ grub_efi_net_ip_address_t ip_addr; ++ grub_efi_net_interface_t *inf = NULL; ++ ++ if (argc > 0 && grub_strcmp (netdev->card_name, args[0]) != 0) ++ continue; ++ ++ grub_memset (&config, 0, sizeof(config)); ++ ++ config.option_count = 1; ++ options = grub_malloc (sizeof(*options) + 2); ++ /* Parameter request list */ ++ options->op_code = 55; ++ options->length = 3; ++ /* subnet mask */ ++ options->data[0] = 1; ++ /* router */ ++ options->data[1] = 3; ++ /* DNS */ ++ options->data[2] = 6; ++ config.option_list = &options; ++ ++ /* FIXME: What if the dhcp has bounded */ ++ status = efi_call_2 (netdev->dhcp4->configure, netdev->dhcp4, &config); ++ grub_free (options); ++ if (status != GRUB_EFI_SUCCESS) ++ { ++ grub_printf ("dhcp4 configure failed, %d\n", (int)status); ++ continue; ++ } ++ ++ status = efi_call_2 (netdev->dhcp4->start, netdev->dhcp4, NULL); ++ if (status != GRUB_EFI_SUCCESS) ++ { ++ grub_printf ("dhcp4 start failed, %d\n", (int)status); ++ continue; ++ } ++ ++ status = efi_call_2 (netdev->dhcp4->get_mode_data, netdev->dhcp4, &mode); ++ if (status != GRUB_EFI_SUCCESS) ++ { ++ grub_printf ("dhcp4 get mode failed, %d\n", (int)status); ++ continue; ++ } ++ ++#ifdef GRUB_EFI_NET_DEBUG ++ dhcp4_mode_print (&mode); ++#endif ++ ++ for (inf = netdev->net_interfaces; inf; inf = inf->next) ++ if (inf->prefer_ip6 == 0) ++ break; ++ ++ grub_memcpy (net_ip.ip4.address, mode.client_address, sizeof (net_ip.ip4.address)); ++ grub_memcpy (net_ip.ip4.subnet_mask, mode.subnet_mask, sizeof (net_ip.ip4.subnet_mask)); ++ ++ if (!inf) ++ { ++ char *name = grub_xasprintf ("%s:dhcp", netdev->card_name); ++ ++ net_ip.is_ip6 = 0; ++ inf = grub_efi_net_create_interface (netdev, ++ name, ++ &net_ip, ++ 1); ++ grub_free (name); ++ } ++ else ++ { ++ efi_net_interface_set_address (inf, &net_ip, 1); ++ } ++ ++ grub_memcpy (ip_addr.ip4, mode.router_address, sizeof (ip_addr.ip4)); ++ efi_net_interface_set_gateway (inf, &ip_addr); ++ ++ dns_address = grub_efi_dhcp4_parse_dns (netdev->dhcp4, mode.reply_packet); ++ if (dns_address) ++ efi_net_interface_set_dns (inf, (grub_efi_net_ip_address_t *)&dns_address); ++ ++ } ++ ++ return GRUB_ERR_NONE; ++} ++ ++ ++static grub_err_t ++grub_cmd_efi_bootp6 (struct grub_command *cmd __attribute__ ((unused)), ++ int argc, ++ char **args) ++{ ++ struct grub_efi_net_device *dev; ++ grub_efi_uint32_t ia_id; ++ ++ for (dev = net_devices, ia_id = 0; dev; dev = dev->next, ia_id++) ++ { ++ grub_efi_dhcp6_config_data_t config; ++ grub_efi_dhcp6_packet_option_t *option_list[1]; ++ grub_efi_dhcp6_packet_option_t *opt; ++ grub_efi_status_t status; ++ grub_efi_dhcp6_mode_data_t mode; ++ grub_efi_dhcp6_retransmission_t retrans; ++ grub_efi_net_ip_manual_address_t net_ip; ++ grub_efi_boot_services_t *b = grub_efi_system_table->boot_services; ++ grub_efi_net_interface_t *inf = NULL; ++ ++ if (argc > 0 && grub_strcmp (dev->card_name, args[0]) != 0) ++ continue; ++ ++ opt = grub_malloc (sizeof(*opt) + 2 * sizeof (grub_efi_uint16_t)); ++ ++#define GRUB_EFI_DHCP6_OPT_ORO 6 ++ ++ opt->op_code = grub_cpu_to_be16_compile_time (GRUB_EFI_DHCP6_OPT_ORO); ++ opt->op_len = grub_cpu_to_be16_compile_time (2 * sizeof (grub_efi_uint16_t)); ++ ++#define GRUB_EFI_DHCP6_OPT_BOOT_FILE_URL 59 ++#define GRUB_EFI_DHCP6_OPT_DNS_SERVERS 23 ++ ++ grub_set_unaligned16 (opt->data, grub_cpu_to_be16_compile_time(GRUB_EFI_DHCP6_OPT_BOOT_FILE_URL)); ++ grub_set_unaligned16 (opt->data + 1 * sizeof (grub_efi_uint16_t), ++ grub_cpu_to_be16_compile_time(GRUB_EFI_DHCP6_OPT_DNS_SERVERS)); ++ ++ option_list[0] = opt; ++ retrans.irt = 4; ++ retrans.mrc = 4; ++ retrans.mrt = 32; ++ retrans.mrd = 60; ++ ++ config.dhcp6_callback = NULL; ++ config.callback_context = NULL; ++ config.option_count = 1; ++ config.option_list = option_list; ++ config.ia_descriptor.ia_id = ia_id; ++ config.ia_descriptor.type = GRUB_EFI_DHCP6_IA_TYPE_NA; ++ config.ia_info_event = NULL; ++ config.reconfigure_accept = 0; ++ config.rapid_commit = 0; ++ config.solicit_retransmission = &retrans; ++ ++ status = efi_call_2 (dev->dhcp6->configure, dev->dhcp6, &config); ++ grub_free (opt); ++ if (status != GRUB_EFI_SUCCESS) ++ { ++ grub_printf ("dhcp6 configure failed, %d\n", (int)status); ++ continue; ++ } ++ status = efi_call_1 (dev->dhcp6->start, dev->dhcp6); ++ if (status != GRUB_EFI_SUCCESS) ++ { ++ grub_printf ("dhcp6 start failed, %d\n", (int)status); ++ continue; ++ } ++ ++ status = efi_call_3 (dev->dhcp6->get_mode_data, dev->dhcp6, &mode, NULL); ++ if (status != GRUB_EFI_SUCCESS) ++ { ++ grub_printf ("dhcp4 get mode failed, %d\n", (int)status); ++ continue; ++ } ++ ++ for (inf = dev->net_interfaces; inf; inf = inf->next) ++ if (inf->prefer_ip6 == 1) ++ break; ++ ++ grub_memcpy (net_ip.ip6.address, mode.ia->ia_address[0].ip_address, sizeof (net_ip.ip6.address)); ++ net_ip.ip6.prefix_length = 64; ++ net_ip.ip6.is_anycast = 0; ++ net_ip.is_ip6 = 1; ++ ++ if (!inf) ++ { ++ char *name = grub_xasprintf ("%s:dhcp", dev->card_name); ++ ++ inf = grub_efi_net_create_interface (dev, ++ name, ++ &net_ip, ++ 1); ++ grub_free (name); ++ } ++ else ++ { ++ efi_net_interface_set_address (inf, &net_ip, 1); ++ } ++ ++ { ++ grub_efi_uint32_t count = 0; ++ grub_efi_dhcp6_packet_option_t **options = NULL; ++ grub_efi_uint32_t i; ++ ++ status = efi_call_4 (dev->dhcp6->parse, dev->dhcp6, mode.ia->reply_packet, &count, NULL); ++ ++ if (status == GRUB_EFI_BUFFER_TOO_SMALL && count) ++ { ++ options = grub_malloc (count * sizeof(*options)); ++ status = efi_call_4 (dev->dhcp6->parse, dev->dhcp6, mode.ia->reply_packet, &count, options); ++ } ++ ++ if (status != GRUB_EFI_SUCCESS) ++ { ++ if (options) ++ grub_free (options); ++ continue; ++ } ++ ++ for (i = 0; i < count; ++i) ++ { ++ if (options[i]->op_code == grub_cpu_to_be16_compile_time(GRUB_EFI_DHCP6_OPT_DNS_SERVERS)) ++ { ++ grub_efi_net_ip_address_t dns; ++ grub_memcpy (dns.ip6, options[i]->data, sizeof(net_ip.ip6)); ++ efi_net_interface_set_dns (inf, &dns); ++ break; ++ } ++ } ++ ++ if (options) ++ grub_free (options); ++ } ++ ++ efi_call_1 (b->free_pool, mode.client_id); ++ efi_call_1 (b->free_pool, mode.ia); ++ } ++ ++ return GRUB_ERR_NONE; ++} ++ ++grub_command_func_t grub_efi_net_bootp = grub_cmd_efi_bootp; ++grub_command_func_t grub_efi_net_bootp6 = grub_cmd_efi_bootp6; +diff --git a/grub-core/net/efi/efi_netfs.c b/grub-core/net/efi/efi_netfs.c +new file mode 100644 +index 000000000..ef371d885 +--- /dev/null ++++ b/grub-core/net/efi/efi_netfs.c +@@ -0,0 +1,57 @@ ++#include ++#include ++#define EFI_NET_CMD_PREFIX "net_efi" ++#include ++ ++GRUB_MOD_LICENSE ("GPLv3+"); ++ ++static grub_command_t cmd_efi_lsroutes; ++static grub_command_t cmd_efi_lscards; ++static grub_command_t cmd_efi_lsaddrs; ++static grub_command_t cmd_efi_addaddr; ++static grub_command_t cmd_efi_bootp; ++static grub_command_t cmd_efi_bootp6; ++ ++static int initialized; ++ ++GRUB_MOD_INIT(efi_netfs) ++{ ++ if (grub_net_open) ++ return; ++ ++ if (grub_efi_net_fs_init ()) ++ { ++ cmd_efi_lsroutes = grub_register_command ("net_efi_ls_routes", grub_efi_net_list_routes, ++ "", N_("list network routes")); ++ cmd_efi_lscards = grub_register_command ("net_efi_ls_cards", grub_efi_net_list_cards, ++ "", N_("list network cards")); ++ cmd_efi_lsaddrs = grub_register_command ("net_efi_ls_addr", grub_efi_net_list_addrs, ++ "", N_("list network addresses")); ++ cmd_efi_addaddr = grub_register_command ("net_efi_add_addr", grub_efi_net_add_addr, ++ N_("SHORTNAME CARD ADDRESS [HWADDRESS]"), ++ N_("Add a network address.")); ++ cmd_efi_bootp = grub_register_command ("net_efi_bootp", grub_efi_net_bootp, ++ N_("[CARD]"), ++ N_("perform a bootp autoconfiguration")); ++ cmd_efi_bootp6 = grub_register_command ("net_efi_bootp6", grub_efi_net_bootp6, ++ N_("[CARD]"), ++ N_("perform a bootp autoconfiguration")); ++ initialized = 1; ++ } ++} ++ ++GRUB_MOD_FINI(efi_netfs) ++{ ++ if (initialized) ++ { ++ grub_unregister_command (cmd_efi_lsroutes); ++ grub_unregister_command (cmd_efi_lscards); ++ grub_unregister_command (cmd_efi_lsaddrs); ++ grub_unregister_command (cmd_efi_addaddr); ++ grub_unregister_command (cmd_efi_bootp); ++ grub_unregister_command (cmd_efi_bootp6); ++ grub_efi_net_fs_fini (); ++ initialized = 0; ++ return; ++ } ++} +diff --git a/grub-core/net/efi/http.c b/grub-core/net/efi/http.c +new file mode 100644 +index 000000000..3f61fd2fa +--- /dev/null ++++ b/grub-core/net/efi/http.c +@@ -0,0 +1,419 @@ ++ ++#include ++#include ++#include ++#include ++#include ++ ++static void ++http_configure (struct grub_efi_net_device *dev, int prefer_ip6) ++{ ++ grub_efi_http_config_data_t http_config; ++ grub_efi_httpv4_access_point_t httpv4_node; ++ grub_efi_httpv6_access_point_t httpv6_node; ++ grub_efi_status_t status; ++ ++ grub_efi_http_t *http = dev->http; ++ ++ grub_memset (&http_config, 0, sizeof(http_config)); ++ http_config.http_version = GRUB_EFI_HTTPVERSION11; ++ http_config.timeout_millisec = 5000; ++ ++ if (prefer_ip6) ++ { ++ grub_efi_uintn_t sz; ++ grub_efi_ip6_config_manual_address_t manual_address; ++ ++ http_config.local_address_is_ipv6 = 1; ++ sz = sizeof (manual_address); ++ status = efi_call_4 (dev->ip6_config->get_data, dev->ip6_config, ++ GRUB_EFI_IP6_CONFIG_DATA_TYPE_MANUAL_ADDRESS, ++ &sz, &manual_address); ++ ++ if (status == GRUB_EFI_NOT_FOUND) ++ { ++ grub_printf ("The MANUAL ADDRESS is not found\n"); ++ } ++ ++ /* FIXME: The manual interface would return BUFFER TOO SMALL !!! */ ++ if (status != GRUB_EFI_SUCCESS) ++ { ++ grub_printf ("??? %d\n",(int) status); ++ return; ++ } ++ ++ grub_memcpy (httpv6_node.local_address, manual_address.address, sizeof (httpv6_node.local_address)); ++ httpv6_node.local_port = 0; ++ http_config.access_point.ipv6_node = &httpv6_node; ++ } ++ else ++ { ++ http_config.local_address_is_ipv6 = 0; ++ grub_memset (&httpv4_node, 0, sizeof(httpv4_node)); ++ httpv4_node.use_default_address = 1; ++ ++ /* Use random port here */ ++ /* See TcpBind() in edk2/NetworkPkg/TcpDxe/TcpDispatcher.c */ ++ httpv4_node.local_port = 0; ++ http_config.access_point.ipv4_node = &httpv4_node; ++ } ++ ++ status = efi_call_2 (http->configure, http, &http_config); ++ ++ if (status == GRUB_EFI_ALREADY_STARTED) ++ { ++ /* XXX: This hangs HTTPS boot */ ++#if 0 ++ if (efi_call_2 (http->configure, http, NULL) != GRUB_EFI_SUCCESS) ++ { ++ grub_error (GRUB_ERR_IO, N_("couldn't reset http instance")); ++ grub_print_error (); ++ return; ++ } ++ status = efi_call_2 (http->configure, http, &http_config); ++#endif ++ return; ++ } ++ ++ if (status != GRUB_EFI_SUCCESS) ++ { ++ grub_error (GRUB_ERR_IO, N_("couldn't configure http protocol, reason: %d"), (int)status); ++ grub_print_error (); ++ return ; ++ } ++} ++ ++static grub_efi_boolean_t request_callback_done; ++static grub_efi_boolean_t response_callback_done; ++ ++static void ++grub_efi_http_request_callback (grub_efi_event_t event __attribute__ ((unused)), ++ void *context __attribute__ ((unused))) ++{ ++ request_callback_done = 1; ++} ++ ++static void ++grub_efi_http_response_callback (grub_efi_event_t event __attribute__ ((unused)), ++ void *context __attribute__ ((unused))) ++{ ++ response_callback_done = 1; ++} ++ ++static grub_err_t ++efihttp_request (grub_efi_http_t *http, char *server, char *name, int use_https, int headeronly, grub_off_t *file_size) ++{ ++ grub_efi_http_request_data_t request_data; ++ grub_efi_http_message_t request_message; ++ grub_efi_http_token_t request_token; ++ grub_efi_http_response_data_t response_data; ++ grub_efi_http_message_t response_message; ++ grub_efi_http_token_t response_token; ++ grub_efi_http_header_t request_headers[3]; ++ ++ grub_efi_status_t status; ++ grub_efi_boot_services_t *b = grub_efi_system_table->boot_services; ++ char *url = NULL; ++ ++ request_headers[0].field_name = (grub_efi_char8_t *)"Host"; ++ request_headers[0].field_value = (grub_efi_char8_t *)server; ++ request_headers[1].field_name = (grub_efi_char8_t *)"Accept"; ++ request_headers[1].field_value = (grub_efi_char8_t *)"*/*"; ++ request_headers[2].field_name = (grub_efi_char8_t *)"User-Agent"; ++ request_headers[2].field_value = (grub_efi_char8_t *)"UefiHttpBoot/1.0"; ++ ++ { ++ grub_efi_ipv6_address_t address; ++ const char *rest; ++ grub_efi_char16_t *ucs2_url; ++ grub_size_t url_len, ucs2_url_len; ++ const char *protocol = (use_https == 1) ? "https" : "http"; ++ ++ if (grub_efi_string_to_ip6_address (server, &address, &rest) && *rest == 0) ++ url = grub_xasprintf ("%s://[%s]%s", protocol, server, name); ++ else ++ url = grub_xasprintf ("%s://%s%s", protocol, server, name); ++ ++ if (!url) ++ { ++ return grub_errno; ++ } ++ ++ url_len = grub_strlen (url); ++ ucs2_url_len = url_len * GRUB_MAX_UTF16_PER_UTF8; ++ ucs2_url = grub_malloc ((ucs2_url_len + 1) * sizeof (ucs2_url[0])); ++ ++ if (!ucs2_url) ++ { ++ grub_free (url); ++ return grub_errno; ++ } ++ ++ ucs2_url_len = grub_utf8_to_utf16 (ucs2_url, ucs2_url_len, (grub_uint8_t *)url, url_len, NULL); /* convert string format from ascii to usc2 */ ++ ucs2_url[ucs2_url_len] = 0; ++ grub_free (url); ++ request_data.url = ucs2_url; ++ } ++ ++ request_data.method = (headeronly > 0) ? GRUB_EFI_HTTPMETHODHEAD : GRUB_EFI_HTTPMETHODGET; ++ ++ request_message.data.request = &request_data; ++ request_message.header_count = 3; ++ request_message.headers = request_headers; ++ request_message.body_length = 0; ++ request_message.body = NULL; ++ ++ /* request token */ ++ request_token.event = NULL; ++ request_token.status = GRUB_EFI_NOT_READY; ++ request_token.message = &request_message; ++ ++ request_callback_done = 0; ++ status = efi_call_5 (b->create_event, ++ GRUB_EFI_EVT_NOTIFY_SIGNAL, ++ GRUB_EFI_TPL_CALLBACK, ++ grub_efi_http_request_callback, ++ NULL, ++ &request_token.event); ++ ++ if (status != GRUB_EFI_SUCCESS) ++ { ++ grub_free (request_data.url); ++ return grub_error (GRUB_ERR_IO, "Fail to create an event! status=0x%x\n", status); ++ } ++ ++ status = efi_call_2 (http->request, http, &request_token); ++ ++ if (status != GRUB_EFI_SUCCESS) ++ { ++ efi_call_1 (b->close_event, request_token.event); ++ grub_free (request_data.url); ++ return grub_error (GRUB_ERR_IO, "Fail to send a request! status=0x%x\n", status); ++ } ++ /* TODO: Add Timeout */ ++ while (!request_callback_done) ++ efi_call_1(http->poll, http); ++ ++ response_data.status_code = GRUB_EFI_HTTP_STATUS_UNSUPPORTED_STATUS; ++ response_message.data.response = &response_data; ++ /* herader_count will be updated by the HTTP driver on response */ ++ response_message.header_count = 0; ++ /* headers will be populated by the driver on response */ ++ response_message.headers = NULL; ++ /* use zero BodyLength to only receive the response headers */ ++ response_message.body_length = 0; ++ response_message.body = NULL; ++ response_token.event = NULL; ++ ++ status = efi_call_5 (b->create_event, ++ GRUB_EFI_EVT_NOTIFY_SIGNAL, ++ GRUB_EFI_TPL_CALLBACK, ++ grub_efi_http_response_callback, ++ NULL, ++ &response_token.event); ++ ++ if (status != GRUB_EFI_SUCCESS) ++ { ++ efi_call_1 (b->close_event, request_token.event); ++ grub_free (request_data.url); ++ return grub_error (GRUB_ERR_IO, "Fail to create an event! status=0x%x\n", status); ++ } ++ ++ response_token.status = GRUB_EFI_SUCCESS; ++ response_token.message = &response_message; ++ ++ /* wait for HTTP response */ ++ response_callback_done = 0; ++ status = efi_call_2 (http->response, http, &response_token); ++ ++ if (status != GRUB_EFI_SUCCESS) ++ { ++ efi_call_1 (b->close_event, response_token.event); ++ efi_call_1 (b->close_event, request_token.event); ++ grub_free (request_data.url); ++ return grub_error (GRUB_ERR_IO, "Fail to receive a response! status=%d\n", (int)status); ++ } ++ ++ /* TODO: Add Timeout */ ++ while (!response_callback_done) ++ efi_call_1 (http->poll, http); ++ ++ if (response_message.data.response->status_code != GRUB_EFI_HTTP_STATUS_200_OK) ++ { ++ grub_efi_http_status_code_t status_code = response_message.data.response->status_code; ++ ++ if (response_message.headers) ++ efi_call_1 (b->free_pool, response_message.headers); ++ efi_call_1 (b->close_event, response_token.event); ++ efi_call_1 (b->close_event, request_token.event); ++ grub_free (request_data.url); ++ if (status_code == GRUB_EFI_HTTP_STATUS_404_NOT_FOUND) ++ { ++ return grub_error (GRUB_ERR_FILE_NOT_FOUND, _("file `%s' not found"), name); ++ } ++ else ++ { ++ return grub_error (GRUB_ERR_NET_UNKNOWN_ERROR, ++ _("unsupported uefi http status code 0x%x"), status_code); ++ } ++ } ++ ++ if (file_size) ++ { ++ int i; ++ /* parse the length of the file from the ContentLength header */ ++ for (*file_size = 0, i = 0; i < (int)response_message.header_count; ++i) ++ { ++ if (!grub_strcmp((const char*)response_message.headers[i].field_name, "Content-Length")) ++ { ++ *file_size = grub_strtoul((const char*)response_message.headers[i].field_value, 0, 10); ++ break; ++ } ++ } ++ } ++ ++ if (response_message.headers) ++ efi_call_1 (b->free_pool, response_message.headers); ++ efi_call_1 (b->close_event, response_token.event); ++ efi_call_1 (b->close_event, request_token.event); ++ grub_free (request_data.url); ++ ++ return GRUB_ERR_NONE; ++} ++ ++static grub_ssize_t ++efihttp_read (struct grub_efi_net_device *dev, ++ char *buf, ++ grub_size_t len) ++{ ++ grub_efi_http_message_t response_message; ++ grub_efi_http_token_t response_token; ++ ++ grub_efi_status_t status; ++ grub_size_t sum = 0; ++ grub_efi_boot_services_t *b = grub_efi_system_table->boot_services; ++ grub_efi_http_t *http = dev->http; ++ ++ if (!len) ++ { ++ grub_error (GRUB_ERR_BUG, "Invalid arguments to EFI HTTP Read"); ++ return -1; ++ } ++ ++ efi_call_5 (b->create_event, ++ GRUB_EFI_EVT_NOTIFY_SIGNAL, ++ GRUB_EFI_TPL_CALLBACK, ++ grub_efi_http_response_callback, ++ NULL, ++ &response_token.event); ++ ++ while (len) ++ { ++ response_message.data.response = NULL; ++ response_message.header_count = 0; ++ response_message.headers = NULL; ++ response_message.body_length = len; ++ response_message.body = buf; ++ ++ response_token.message = &response_message; ++ response_token.status = GRUB_EFI_NOT_READY; ++ ++ response_callback_done = 0; ++ ++ status = efi_call_2 (http->response, http, &response_token); ++ if (status != GRUB_EFI_SUCCESS) ++ { ++ efi_call_1 (b->close_event, response_token.event); ++ grub_error (GRUB_ERR_IO, "Error! status=%d\n", (int)status); ++ return -1; ++ } ++ ++ while (!response_callback_done) ++ efi_call_1(http->poll, http); ++ ++ sum += response_message.body_length; ++ buf += response_message.body_length; ++ len -= response_message.body_length; ++ } ++ ++ efi_call_1 (b->close_event, response_token.event); ++ ++ return sum; ++} ++ ++static grub_err_t ++grub_efihttp_open (struct grub_efi_net_device *dev, ++ int prefer_ip6 __attribute__ ((unused)), ++ grub_file_t file, ++ const char *filename __attribute__ ((unused)), ++ int type) ++{ ++ grub_err_t err; ++ grub_off_t size; ++ char *buf; ++ ++ err = efihttp_request (dev->http, file->device->net->server, file->device->net->name, type, 1, 0); ++ if (err != GRUB_ERR_NONE) ++ return err; ++ ++ err = efihttp_request (dev->http, file->device->net->server, file->device->net->name, type, 0, &size); ++ if (err != GRUB_ERR_NONE) ++ return err; ++ ++ buf = grub_malloc (size); ++ efihttp_read (dev, buf, size); ++ ++ file->size = size; ++ file->data = buf; ++ file->not_easily_seekable = 0; ++ file->device->net->offset = 0; ++ ++ return GRUB_ERR_NONE; ++} ++ ++static grub_err_t ++grub_efihttp_close (struct grub_efi_net_device *dev __attribute__ ((unused)), ++ int prefer_ip6 __attribute__ ((unused)), ++ grub_file_t file) ++{ ++ if (file->data) ++ grub_free (file->data); ++ ++ file->data = 0; ++ file->offset = 0; ++ file->size = 0; ++ file->device->net->offset = 0; ++ return GRUB_ERR_NONE; ++} ++ ++static grub_ssize_t ++grub_efihttp_read (struct grub_efi_net_device *dev __attribute__((unused)), ++ int prefer_ip6 __attribute__((unused)), ++ grub_file_t file, ++ char *buf, ++ grub_size_t len) ++{ ++ grub_size_t r = len; ++ ++ if (!file->data || !buf || !len) ++ return 0; ++ ++ if ((file->device->net->offset + len) > file->size) ++ r = file->size - file->device->net->offset; ++ ++ if (r) ++ { ++ grub_memcpy (buf, (char *)file->data + file->device->net->offset, r); ++ file->device->net->offset += r; ++ } ++ ++ return r; ++} ++ ++struct grub_efi_net_io io_http = ++ { ++ .configure = http_configure, ++ .open = grub_efihttp_open, ++ .read = grub_efihttp_read, ++ .close = grub_efihttp_close ++ }; +diff --git a/grub-core/net/efi/ip4_config.c b/grub-core/net/efi/ip4_config.c +new file mode 100644 +index 000000000..b711a5d94 +--- /dev/null ++++ b/grub-core/net/efi/ip4_config.c +@@ -0,0 +1,398 @@ ++ ++#include ++#include ++#include ++#include ++#include ++ ++char * ++grub_efi_hw_address_to_string (grub_efi_uint32_t hw_address_size, grub_efi_mac_address_t hw_address) ++{ ++ char *hw_addr, *p; ++ int sz, s; ++ int i; ++ ++ sz = (int)hw_address_size * (sizeof ("XX:") - 1) + 1; ++ ++ hw_addr = grub_malloc (sz); ++ if (!hw_addr) ++ return NULL; ++ ++ p = hw_addr; ++ s = sz; ++ for (i = 0; i < (int)hw_address_size; i++) ++ { ++ grub_snprintf (p, sz, "%02x:", hw_address[i]); ++ p += sizeof ("XX:") - 1; ++ s -= sizeof ("XX:") - 1; ++ } ++ ++ hw_addr[sz - 2] = '\0'; ++ return hw_addr; ++} ++ ++char * ++grub_efi_ip4_address_to_string (grub_efi_ipv4_address_t *address) ++{ ++ char *addr; ++ ++ addr = grub_malloc (sizeof ("XXX.XXX.XXX.XXX")); ++ if (!addr) ++ return NULL; ++ ++ /* FIXME: Use grub_xasprintf ? */ ++ grub_snprintf (addr, ++ sizeof ("XXX.XXX.XXX.XXX"), ++ "%u.%u.%u.%u", ++ (*address)[0], ++ (*address)[1], ++ (*address)[2], ++ (*address)[3]); ++ ++ return addr; ++} ++ ++int ++grub_efi_string_to_ip4_address (const char *val, grub_efi_ipv4_address_t *address, const char **rest) ++{ ++ grub_uint32_t newip = 0; ++ int i; ++ const char *ptr = val; ++ ++ for (i = 0; i < 4; i++) ++ { ++ unsigned long t; ++ t = grub_strtoul (ptr, (char **) &ptr, 0); ++ if (grub_errno) ++ { ++ grub_errno = GRUB_ERR_NONE; ++ return 0; ++ } ++ if (*ptr != '.' && i == 0) ++ { ++ /* XXX: t is in host byte order */ ++ newip = t; ++ break; ++ } ++ if (t & ~0xff) ++ return 0; ++ newip <<= 8; ++ newip |= t; ++ if (i != 3 && *ptr != '.') ++ return 0; ++ ptr++; ++ } ++ ++ newip = grub_cpu_to_be32 (newip); ++ ++ grub_memcpy (address, &newip, sizeof(*address)); ++ ++ if (rest) ++ *rest = (ptr - 1); ++ return 1; ++} ++ ++static grub_efi_ip4_config2_interface_info_t * ++efi_ip4_config_interface_info (grub_efi_ip4_config2_protocol_t *ip4_config) ++{ ++ grub_efi_uintn_t sz; ++ grub_efi_status_t status; ++ grub_efi_ip4_config2_interface_info_t *interface_info; ++ ++ sz = sizeof (*interface_info) + sizeof (*interface_info->route_table); ++ interface_info = grub_malloc (sz); ++ if (!interface_info) ++ return NULL; ++ ++ status = efi_call_4 (ip4_config->get_data, ip4_config, ++ GRUB_EFI_IP4_CONFIG2_DATA_TYPE_INTERFACEINFO, ++ &sz, interface_info); ++ ++ if (status == GRUB_EFI_BUFFER_TOO_SMALL) ++ { ++ grub_free (interface_info); ++ interface_info = grub_malloc (sz); ++ status = efi_call_4 (ip4_config->get_data, ip4_config, ++ GRUB_EFI_IP4_CONFIG2_DATA_TYPE_INTERFACEINFO, ++ &sz, interface_info); ++ } ++ ++ if (status != GRUB_EFI_SUCCESS) ++ { ++ grub_free (interface_info); ++ return NULL; ++ } ++ ++ return interface_info; ++} ++ ++static grub_efi_ip4_config2_manual_address_t * ++efi_ip4_config_manual_address (grub_efi_ip4_config2_protocol_t *ip4_config) ++{ ++ grub_efi_uintn_t sz; ++ grub_efi_status_t status; ++ grub_efi_ip4_config2_manual_address_t *manual_address; ++ ++ sz = sizeof (*manual_address); ++ manual_address = grub_malloc (sz); ++ if (!manual_address) ++ return NULL; ++ ++ status = efi_call_4 (ip4_config->get_data, ip4_config, ++ GRUB_EFI_IP4_CONFIG2_DATA_TYPE_MANUAL_ADDRESS, ++ &sz, manual_address); ++ ++ if (status != GRUB_EFI_SUCCESS) ++ { ++ grub_free (manual_address); ++ return NULL; ++ } ++ ++ return manual_address; ++} ++ ++char * ++grub_efi_ip4_interface_name (struct grub_efi_net_device *dev) ++{ ++ grub_efi_ip4_config2_interface_info_t *interface_info; ++ char *name; ++ ++ interface_info = efi_ip4_config_interface_info (dev->ip4_config); ++ ++ if (!interface_info) ++ return NULL; ++ ++ name = grub_malloc (GRUB_EFI_IP4_CONFIG2_INTERFACE_INFO_NAME_SIZE ++ * GRUB_MAX_UTF8_PER_UTF16 + 1); ++ *grub_utf16_to_utf8 ((grub_uint8_t *)name, interface_info->name, ++ GRUB_EFI_IP4_CONFIG2_INTERFACE_INFO_NAME_SIZE) = 0; ++ grub_free (interface_info); ++ return name; ++} ++ ++static char * ++grub_efi_ip4_interface_hw_address (struct grub_efi_net_device *dev) ++{ ++ grub_efi_ip4_config2_interface_info_t *interface_info; ++ char *hw_addr; ++ ++ interface_info = efi_ip4_config_interface_info (dev->ip4_config); ++ ++ if (!interface_info) ++ return NULL; ++ ++ hw_addr = grub_efi_hw_address_to_string (interface_info->hw_address_size, interface_info->hw_address); ++ grub_free (interface_info); ++ ++ return hw_addr; ++} ++ ++static char * ++grub_efi_ip4_interface_address (struct grub_efi_net_device *dev) ++{ ++ grub_efi_ip4_config2_manual_address_t *manual_address; ++ char *addr; ++ ++ manual_address = efi_ip4_config_manual_address (dev->ip4_config); ++ ++ if (!manual_address) ++ return NULL; ++ ++ addr = grub_efi_ip4_address_to_string (&manual_address->address); ++ grub_free (manual_address); ++ return addr; ++} ++ ++ ++static int ++address_mask_size (grub_efi_ipv4_address_t *address) ++{ ++ grub_uint8_t i; ++ grub_uint32_t u32_addr = grub_be_to_cpu32 (grub_get_unaligned32 (address)); ++ ++ if (u32_addr == 0) ++ return 0; ++ ++ for (i = 0; i < 32 ; ++i) ++ { ++ if (u32_addr == ((0xffffffff >> i) << i)) ++ return (32 - i); ++ } ++ ++ return -1; ++} ++ ++static char ** ++grub_efi_ip4_interface_route_table (struct grub_efi_net_device *dev) ++{ ++ grub_efi_ip4_config2_interface_info_t *interface_info; ++ char **ret; ++ int i, id; ++ ++ interface_info = efi_ip4_config_interface_info (dev->ip4_config); ++ if (!interface_info) ++ return NULL; ++ ++ ret = grub_malloc (sizeof (*ret) * (interface_info->route_table_size + 1)); ++ ++ if (!ret) ++ { ++ grub_free (interface_info); ++ return NULL; ++ } ++ ++ id = 0; ++ for (i = 0; i < (int)interface_info->route_table_size; i++) ++ { ++ char *subnet, *gateway, *mask; ++ grub_uint32_t u32_subnet, u32_gateway; ++ int mask_size; ++ grub_efi_ip4_route_table_t *route_table = interface_info->route_table + i; ++ grub_efi_net_interface_t *inf; ++ char *interface_name = NULL; ++ ++ for (inf = dev->net_interfaces; inf; inf = inf->next) ++ if (!inf->prefer_ip6) ++ interface_name = inf->name; ++ ++ u32_gateway = grub_get_unaligned32 (&route_table->gateway_address); ++ gateway = grub_efi_ip4_address_to_string (&route_table->gateway_address); ++ u32_subnet = grub_get_unaligned32 (&route_table->subnet_address); ++ subnet = grub_efi_ip4_address_to_string (&route_table->subnet_address); ++ mask_size = address_mask_size (&route_table->subnet_mask); ++ mask = grub_efi_ip4_address_to_string (&route_table->subnet_mask); ++ if (u32_subnet && !u32_gateway && interface_name) ++ ret[id++] = grub_xasprintf ("%s:local %s/%d %s", dev->card_name, subnet, mask_size, interface_name); ++ else if (u32_subnet && u32_gateway) ++ ret[id++] = grub_xasprintf ("%s:gw %s/%d gw %s", dev->card_name, subnet, mask_size, gateway); ++ else if (!u32_subnet && u32_gateway) ++ ret[id++] = grub_xasprintf ("%s:default %s/%d gw %s", dev->card_name, subnet, mask_size, gateway); ++ grub_free (subnet); ++ grub_free (gateway); ++ grub_free (mask); ++ } ++ ++ ret[id] = NULL; ++ grub_free (interface_info); ++ return ret; ++} ++ ++static grub_efi_net_interface_t * ++grub_efi_ip4_interface_match (struct grub_efi_net_device *dev, grub_efi_net_ip_address_t *ip_address) ++{ ++ grub_efi_ip4_config2_interface_info_t *interface_info; ++ grub_efi_net_interface_t *inf; ++ int i; ++ grub_efi_ipv4_address_t *address = &ip_address->ip4; ++ ++ interface_info = efi_ip4_config_interface_info (dev->ip4_config); ++ if (!interface_info) ++ return NULL; ++ ++ for (i = 0; i < (int)interface_info->route_table_size; i++) ++ { ++ grub_efi_ip4_route_table_t *route_table = interface_info->route_table + i; ++ grub_uint32_t u32_address, u32_mask, u32_subnet; ++ ++ u32_address = grub_get_unaligned32 (address); ++ u32_subnet = grub_get_unaligned32 (route_table->subnet_address); ++ u32_mask = grub_get_unaligned32 (route_table->subnet_mask); ++ ++ /* SKIP Default GATEWAY */ ++ if (!u32_subnet && !u32_mask) ++ continue; ++ ++ if ((u32_address & u32_mask) == u32_subnet) ++ { ++ for (inf = dev->net_interfaces; inf; inf = inf->next) ++ if (!inf->prefer_ip6) ++ { ++ grub_free (interface_info); ++ return inf; ++ } ++ } ++ } ++ ++ grub_free (interface_info); ++ return NULL; ++} ++ ++static int ++grub_efi_ip4_interface_set_manual_address (struct grub_efi_net_device *dev, ++ grub_efi_net_ip_manual_address_t *net_ip, ++ int with_subnet) ++{ ++ grub_efi_status_t status; ++ grub_efi_ip4_config2_manual_address_t *address = &net_ip->ip4; ++ ++ if (!with_subnet) ++ { ++ grub_efi_ip4_config2_manual_address_t *manual_address = ++ efi_ip4_config_manual_address (dev->ip4_config); ++ ++ if (manual_address) ++ { ++ grub_memcpy (address->subnet_mask, manual_address->subnet_mask, sizeof(address->subnet_mask)); ++ grub_free (manual_address); ++ } ++ else ++ { ++ /* XXX: */ ++ address->subnet_mask[0] = 0xff; ++ address->subnet_mask[1] = 0xff; ++ address->subnet_mask[2] = 0xff; ++ address->subnet_mask[3] = 0; ++ } ++ } ++ ++ status = efi_call_4 (dev->ip4_config->set_data, dev->ip4_config, ++ GRUB_EFI_IP4_CONFIG2_DATA_TYPE_MANUAL_ADDRESS, ++ sizeof(*address), address); ++ ++ if (status != GRUB_EFI_SUCCESS) ++ return 0; ++ ++ return 1; ++} ++ ++static int ++grub_efi_ip4_interface_set_gateway (struct grub_efi_net_device *dev, ++ grub_efi_net_ip_address_t *address) ++{ ++ grub_efi_status_t status; ++ ++ status = efi_call_4 (dev->ip4_config->set_data, dev->ip4_config, ++ GRUB_EFI_IP4_CONFIG2_DATA_TYPE_GATEWAY, ++ sizeof (address->ip4), &address->ip4); ++ ++ if (status != GRUB_EFI_SUCCESS) ++ return 0; ++ return 1; ++} ++ ++/* FIXME: Multiple DNS */ ++static int ++grub_efi_ip4_interface_set_dns (struct grub_efi_net_device *dev, ++ grub_efi_net_ip_address_t *address) ++{ ++ grub_efi_status_t status; ++ ++ status = efi_call_4 (dev->ip4_config->set_data, dev->ip4_config, ++ GRUB_EFI_IP4_CONFIG2_DATA_TYPE_DNSSERVER, ++ sizeof (address->ip4), &address->ip4); ++ ++ if (status != GRUB_EFI_SUCCESS) ++ return 0; ++ return 1; ++} ++ ++grub_efi_net_ip_config_t *efi_net_ip4_config = &(grub_efi_net_ip_config_t) ++ { ++ .get_hw_address = grub_efi_ip4_interface_hw_address, ++ .get_address = grub_efi_ip4_interface_address, ++ .get_route_table = grub_efi_ip4_interface_route_table, ++ .best_interface = grub_efi_ip4_interface_match, ++ .set_address = grub_efi_ip4_interface_set_manual_address, ++ .set_gateway = grub_efi_ip4_interface_set_gateway, ++ .set_dns = grub_efi_ip4_interface_set_dns ++ }; +diff --git a/grub-core/net/efi/ip6_config.c b/grub-core/net/efi/ip6_config.c +new file mode 100644 +index 000000000..017c4d05b +--- /dev/null ++++ b/grub-core/net/efi/ip6_config.c +@@ -0,0 +1,422 @@ ++#include ++#include ++#include ++#include ++#include ++ ++char * ++grub_efi_ip6_address_to_string (grub_efi_pxe_ipv6_address_t *address) ++{ ++ char *str = grub_malloc (sizeof ("XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX")); ++ char *p; ++ int i; ++ int squash; ++ ++ if (!str) ++ return NULL; ++ ++ p = str; ++ squash = 0; ++ for (i = 0; i < 8; ++i) ++ { ++ grub_uint16_t addr; ++ ++ if (i == 7) ++ squash = 2; ++ ++ addr = grub_get_unaligned16 (address->addr + i * 2); ++ ++ if (grub_be_to_cpu16 (addr)) ++ { ++ char buf[sizeof ("XXXX")]; ++ if (i > 0) ++ *p++ = ':'; ++ grub_snprintf (buf, sizeof (buf), "%x", grub_be_to_cpu16 (addr)); ++ grub_strcpy (p, buf); ++ p += grub_strlen (buf); ++ ++ if (squash == 1) ++ squash = 2; ++ } ++ else ++ { ++ if (squash == 0) ++ { ++ *p++ = ':'; ++ squash = 1; ++ } ++ else if (squash == 2) ++ { ++ *p++ = ':'; ++ *p++ = '0'; ++ } ++ } ++ } ++ *p = '\0'; ++ return str; ++} ++ ++int ++grub_efi_string_to_ip6_address (const char *val, grub_efi_ipv6_address_t *address, const char **rest) ++{ ++ grub_uint16_t newip[8]; ++ const char *ptr = val; ++ int word, quaddot = -1; ++ int bracketed = 0; ++ ++ if (ptr[0] == '[') { ++ bracketed = 1; ++ ptr++; ++ } ++ ++ if (ptr[0] == ':' && ptr[1] != ':') ++ return 0; ++ if (ptr[0] == ':') ++ ptr++; ++ ++ for (word = 0; word < 8; word++) ++ { ++ unsigned long t; ++ if (*ptr == ':') ++ { ++ quaddot = word; ++ word--; ++ ptr++; ++ continue; ++ } ++ t = grub_strtoul (ptr, (char **) &ptr, 16); ++ if (grub_errno) ++ { ++ grub_errno = GRUB_ERR_NONE; ++ break; ++ } ++ if (t & ~0xffff) ++ return 0; ++ newip[word] = grub_cpu_to_be16 (t); ++ if (*ptr != ':') ++ break; ++ ptr++; ++ } ++ if (quaddot == -1 && word < 7) ++ return 0; ++ if (quaddot != -1) ++ { ++ grub_memmove (&newip[quaddot + 7 - word], &newip[quaddot], ++ (word - quaddot + 1) * sizeof (newip[0])); ++ grub_memset (&newip[quaddot], 0, (7 - word) * sizeof (newip[0])); ++ } ++ grub_memcpy (address, newip, 16); ++ if (bracketed && *ptr == ']') { ++ ptr++; ++ } ++ if (rest) ++ *rest = ptr; ++ return 1; ++} ++ ++static grub_efi_ip6_config_interface_info_t * ++efi_ip6_config_interface_info (grub_efi_ip6_config_protocol_t *ip6_config) ++{ ++ grub_efi_uintn_t sz; ++ grub_efi_status_t status; ++ grub_efi_ip6_config_interface_info_t *interface_info; ++ ++ sz = sizeof (*interface_info) + sizeof (*interface_info->route_table); ++ interface_info = grub_malloc (sz); ++ ++ status = efi_call_4 (ip6_config->get_data, ip6_config, ++ GRUB_EFI_IP6_CONFIG_DATA_TYPE_INTERFACEINFO, ++ &sz, interface_info); ++ ++ if (status == GRUB_EFI_BUFFER_TOO_SMALL) ++ { ++ grub_free (interface_info); ++ interface_info = grub_malloc (sz); ++ status = efi_call_4 (ip6_config->get_data, ip6_config, ++ GRUB_EFI_IP6_CONFIG_DATA_TYPE_INTERFACEINFO, ++ &sz, interface_info); ++ } ++ ++ if (status != GRUB_EFI_SUCCESS) ++ { ++ grub_free (interface_info); ++ return NULL; ++ } ++ ++ return interface_info; ++} ++ ++static grub_efi_ip6_config_manual_address_t * ++efi_ip6_config_manual_address (grub_efi_ip6_config_protocol_t *ip6_config) ++{ ++ grub_efi_uintn_t sz; ++ grub_efi_status_t status; ++ grub_efi_ip6_config_manual_address_t *manual_address; ++ ++ sz = sizeof (*manual_address); ++ manual_address = grub_malloc (sz); ++ if (!manual_address) ++ return NULL; ++ ++ status = efi_call_4 (ip6_config->get_data, ip6_config, ++ GRUB_EFI_IP6_CONFIG_DATA_TYPE_MANUAL_ADDRESS, ++ &sz, manual_address); ++ ++ if (status != GRUB_EFI_SUCCESS) ++ { ++ grub_free (manual_address); ++ return NULL; ++ } ++ ++ return manual_address; ++} ++ ++char * ++grub_efi_ip6_interface_name (struct grub_efi_net_device *dev) ++{ ++ grub_efi_ip6_config_interface_info_t *interface_info; ++ char *name; ++ ++ interface_info = efi_ip6_config_interface_info (dev->ip6_config); ++ ++ if (!interface_info) ++ return NULL; ++ ++ name = grub_malloc (GRUB_EFI_IP4_CONFIG2_INTERFACE_INFO_NAME_SIZE ++ * GRUB_MAX_UTF8_PER_UTF16 + 1); ++ *grub_utf16_to_utf8 ((grub_uint8_t *)name, interface_info->name, ++ GRUB_EFI_IP4_CONFIG2_INTERFACE_INFO_NAME_SIZE) = 0; ++ grub_free (interface_info); ++ return name; ++} ++ ++static char * ++grub_efi_ip6_interface_hw_address (struct grub_efi_net_device *dev) ++{ ++ grub_efi_ip6_config_interface_info_t *interface_info; ++ char *hw_addr; ++ ++ interface_info = efi_ip6_config_interface_info (dev->ip6_config); ++ ++ if (!interface_info) ++ return NULL; ++ ++ hw_addr = grub_efi_hw_address_to_string (interface_info->hw_address_size, interface_info->hw_address); ++ grub_free (interface_info); ++ ++ return hw_addr; ++} ++ ++static char * ++grub_efi_ip6_interface_address (struct grub_efi_net_device *dev) ++{ ++ grub_efi_ip6_config_manual_address_t *manual_address; ++ char *addr; ++ ++ manual_address = efi_ip6_config_manual_address (dev->ip6_config); ++ ++ if (!manual_address) ++ return NULL; ++ ++ addr = grub_efi_ip6_address_to_string ((grub_efi_pxe_ipv6_address_t *)&manual_address->address); ++ grub_free (manual_address); ++ return addr; ++} ++ ++static char ** ++grub_efi_ip6_interface_route_table (struct grub_efi_net_device *dev) ++{ ++ grub_efi_ip6_config_interface_info_t *interface_info; ++ char **ret; ++ int i, id; ++ ++ interface_info = efi_ip6_config_interface_info (dev->ip6_config); ++ if (!interface_info) ++ return NULL; ++ ++ ret = grub_malloc (sizeof (*ret) * (interface_info->route_count + 1)); ++ ++ if (!ret) ++ { ++ grub_free (interface_info); ++ return NULL; ++ } ++ ++ id = 0; ++ for (i = 0; i < (int)interface_info->route_count ; i++) ++ { ++ char *gateway, *destination; ++ grub_uint64_t u64_gateway[2]; ++ grub_uint64_t u64_destination[2]; ++ grub_efi_ip6_route_table_t *route_table = interface_info->route_table + i; ++ grub_efi_net_interface_t *inf; ++ char *interface_name = NULL; ++ ++ gateway = grub_efi_ip6_address_to_string (&route_table->gateway); ++ destination = grub_efi_ip6_address_to_string (&route_table->destination); ++ ++ u64_gateway[0] = grub_get_unaligned64 (route_table->gateway.addr); ++ u64_gateway[1] = grub_get_unaligned64 (route_table->gateway.addr + 8); ++ u64_destination[0] = grub_get_unaligned64 (route_table->destination.addr); ++ u64_destination[1] = grub_get_unaligned64 (route_table->destination.addr + 8); ++ ++ for (inf = dev->net_interfaces; inf; inf = inf->next) ++ if (inf->prefer_ip6) ++ interface_name = inf->name; ++ ++ if ((!u64_gateway[0] && !u64_gateway[1]) ++ && (u64_destination[0] || u64_destination[1])) ++ { ++ if (interface_name) ++ { ++ if ((grub_be_to_cpu64 (u64_destination[0]) == 0xfe80000000000000ULL) ++ && (!u64_destination[1]) ++ && (route_table->prefix_length == 64)) ++ ret[id++] = grub_xasprintf ("%s:link %s/%d %s", dev->card_name, destination, route_table->prefix_length, interface_name); ++ else ++ ret[id++] = grub_xasprintf ("%s:local %s/%d %s", dev->card_name, destination, route_table->prefix_length, interface_name); ++ } ++ } ++ else if ((u64_gateway[0] || u64_gateway[1]) ++ && (u64_destination[0] || u64_destination[1])) ++ ret[id++] = grub_xasprintf ("%s:gw %s/%d gw %s", dev->card_name, destination, route_table->prefix_length, gateway); ++ else if ((u64_gateway[0] || u64_gateway[1]) ++ && (!u64_destination[0] && !u64_destination[1])) ++ ret[id++] = grub_xasprintf ("%s:default %s/%d gw %s", dev->card_name, destination, route_table->prefix_length, gateway); ++ ++ grub_free (gateway); ++ grub_free (destination); ++ } ++ ++ ret[id] = NULL; ++ grub_free (interface_info); ++ return ret; ++} ++ ++static grub_efi_net_interface_t * ++grub_efi_ip6_interface_match (struct grub_efi_net_device *dev, grub_efi_net_ip_address_t *ip_address) ++{ ++ grub_efi_ip6_config_interface_info_t *interface_info; ++ grub_efi_net_interface_t *inf; ++ int i; ++ grub_efi_ipv6_address_t *address = &ip_address->ip6; ++ ++ interface_info = efi_ip6_config_interface_info (dev->ip6_config); ++ if (!interface_info) ++ return NULL; ++ ++ for (i = 0; i < (int)interface_info->route_count ; i++) ++ { ++ grub_uint64_t u64_addr[2]; ++ grub_uint64_t u64_subnet[2]; ++ grub_uint64_t u64_mask[2]; ++ ++ grub_efi_ip6_route_table_t *route_table = interface_info->route_table + i; ++ ++ /* SKIP Default GATEWAY */ ++ if (route_table->prefix_length == 0) ++ continue; ++ ++ u64_addr[0] = grub_get_unaligned64 (address); ++ u64_addr[1] = grub_get_unaligned64 (address + 4); ++ u64_subnet[0] = grub_get_unaligned64 (route_table->destination.addr); ++ u64_subnet[1] = grub_get_unaligned64 (route_table->destination.addr + 8); ++ u64_mask[0] = (route_table->prefix_length <= 64) ? ++ 0xffffffffffffffffULL << (64 - route_table->prefix_length) : ++ 0xffffffffffffffffULL; ++ u64_mask[1] = (route_table->prefix_length <= 64) ? ++ 0 : ++ 0xffffffffffffffffULL << (128 - route_table->prefix_length); ++ ++ if (((u64_addr[0] & u64_mask[0]) == u64_subnet[0]) ++ && ((u64_addr[1] & u64_mask[1]) == u64_subnet[1])) ++ { ++ for (inf = dev->net_interfaces; inf; inf = inf->next) ++ if (inf->prefer_ip6) ++ { ++ grub_free (interface_info); ++ return inf; ++ } ++ } ++ } ++ ++ grub_free (interface_info); ++ return NULL; ++} ++ ++static int ++grub_efi_ip6_interface_set_manual_address (struct grub_efi_net_device *dev, ++ grub_efi_net_ip_manual_address_t *net_ip, ++ int with_subnet) ++{ ++ grub_efi_status_t status; ++ grub_efi_ip6_config_manual_address_t *address = &net_ip->ip6; ++ ++ if (!with_subnet) ++ { ++ grub_efi_ip6_config_manual_address_t *manual_address = ++ efi_ip6_config_manual_address (dev->ip6_config); ++ ++ if (manual_address) ++ { ++ address->prefix_length = manual_address->prefix_length; ++ grub_free (manual_address); ++ } ++ else ++ { ++ /* XXX: */ ++ address->prefix_length = 64; ++ } ++ } ++ ++ status = efi_call_4 (dev->ip6_config->set_data, dev->ip6_config, ++ GRUB_EFI_IP6_CONFIG_DATA_TYPE_MANUAL_ADDRESS, ++ sizeof(*address), address); ++ ++ if (status != GRUB_EFI_SUCCESS) ++ return 0; ++ ++ return 1; ++} ++ ++static int ++grub_efi_ip6_interface_set_gateway (struct grub_efi_net_device *dev, ++ grub_efi_net_ip_address_t *address) ++{ ++ grub_efi_status_t status; ++ ++ status = efi_call_4 (dev->ip6_config->set_data, dev->ip6_config, ++ GRUB_EFI_IP6_CONFIG_DATA_TYPE_GATEWAY, ++ sizeof (address->ip6), &address->ip6); ++ ++ if (status != GRUB_EFI_SUCCESS) ++ return 0; ++ return 1; ++} ++ ++static int ++grub_efi_ip6_interface_set_dns (struct grub_efi_net_device *dev, ++ grub_efi_net_ip_address_t *address) ++{ ++ ++ grub_efi_status_t status; ++ ++ status = efi_call_4 (dev->ip6_config->set_data, dev->ip6_config, ++ GRUB_EFI_IP6_CONFIG_DATA_TYPE_DNSSERVER, ++ sizeof (address->ip6), &address->ip6); ++ ++ if (status != GRUB_EFI_SUCCESS) ++ return 0; ++ return 1; ++} ++ ++grub_efi_net_ip_config_t *efi_net_ip6_config = &(grub_efi_net_ip_config_t) ++ { ++ .get_hw_address = grub_efi_ip6_interface_hw_address, ++ .get_address = grub_efi_ip6_interface_address, ++ .get_route_table = grub_efi_ip6_interface_route_table, ++ .best_interface = grub_efi_ip6_interface_match, ++ .set_address = grub_efi_ip6_interface_set_manual_address, ++ .set_gateway = grub_efi_ip6_interface_set_gateway, ++ .set_dns = grub_efi_ip6_interface_set_dns ++ }; +diff --git a/grub-core/net/efi/net.c b/grub-core/net/efi/net.c +new file mode 100644 +index 000000000..9e0078ac1 +--- /dev/null ++++ b/grub-core/net/efi/net.c +@@ -0,0 +1,1428 @@ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++GRUB_MOD_LICENSE ("GPLv3+"); ++ ++#define GRUB_EFI_IP6_PREFIX_LENGTH 64 ++ ++static grub_efi_guid_t ip4_config_guid = GRUB_EFI_IP4_CONFIG2_PROTOCOL_GUID; ++static grub_efi_guid_t ip6_config_guid = GRUB_EFI_IP6_CONFIG_PROTOCOL_GUID; ++static grub_efi_guid_t http_service_binding_guid = GRUB_EFI_HTTP_SERVICE_BINDING_PROTOCOL_GUID; ++static grub_efi_guid_t http_guid = GRUB_EFI_HTTP_PROTOCOL_GUID; ++static grub_efi_guid_t pxe_io_guid = GRUB_EFI_PXE_GUID; ++static grub_efi_guid_t dhcp4_service_binding_guid = GRUB_EFI_DHCP4_SERVICE_BINDING_PROTOCOL_GUID; ++static grub_efi_guid_t dhcp4_guid = GRUB_EFI_DHCP4_PROTOCOL_GUID; ++static grub_efi_guid_t dhcp6_service_binding_guid = GRUB_EFI_DHCP6_SERVICE_BINDING_PROTOCOL_GUID; ++static grub_efi_guid_t dhcp6_guid = GRUB_EFI_DHCP6_PROTOCOL_GUID; ++ ++struct grub_efi_net_device *net_devices; ++ ++static char *default_server; ++static grub_efi_net_interface_t *net_interface; ++static grub_efi_net_interface_t *net_default_interface; ++ ++#define efi_net_interface_configure(inf) inf->io->configure (inf->dev, inf->prefer_ip6) ++#define efi_net_interface_open(inf, file, name) inf->io->open (inf->dev, inf->prefer_ip6, file, name, inf->io_type) ++#define efi_net_interface_read(inf, file, buf, sz) inf->io->read (inf->dev, inf->prefer_ip6, file, buf, sz) ++#define efi_net_interface_close(inf, file) inf->io->close (inf->dev, inf->prefer_ip6, file) ++#define efi_net_interface(m,...) efi_net_interface_ ## m (net_interface, ## __VA_ARGS__) ++ ++static grub_efi_handle_t ++grub_efi_locate_device_path (grub_efi_guid_t *protocol, grub_efi_device_path_t *device_path, ++ grub_efi_device_path_t **r_device_path) ++{ ++ grub_efi_handle_t handle; ++ grub_efi_status_t status; ++ ++ status = efi_call_3 (grub_efi_system_table->boot_services->locate_device_path, ++ protocol, &device_path, &handle); ++ ++ if (status != GRUB_EFI_SUCCESS) ++ return 0; ++ ++ if (r_device_path) ++ *r_device_path = device_path; ++ ++ return handle; ++} ++ ++static int ++url_parse_fields (const char *url, char **proto, char **host, char **path) ++{ ++ const char *p, *ps; ++ grub_size_t l; ++ ++ *proto = *host = *path = NULL; ++ ps = p = url; ++ ++ while ((p = grub_strchr (p, ':'))) ++ { ++ if (grub_strlen (p) < sizeof ("://") - 1) ++ break; ++ if (grub_memcmp (p, "://", sizeof ("://") - 1) == 0) ++ { ++ l = p - ps; ++ *proto = grub_malloc (l + 1); ++ if (!*proto) ++ { ++ grub_print_error (); ++ return 0; ++ } ++ ++ grub_memcpy (*proto, ps, l); ++ (*proto)[l] = '\0'; ++ p += sizeof ("://") - 1; ++ break; ++ } ++ ++p; ++ } ++ ++ if (!*proto) ++ { ++ grub_dprintf ("bootp", "url: %s is not valid, protocol not found\n", url); ++ return 0; ++ } ++ ++ ps = p; ++ p = grub_strchr (p, '/'); ++ ++ if (!p) ++ { ++ grub_dprintf ("bootp", "url: %s is not valid, host/path not found\n", url); ++ grub_free (*proto); ++ *proto = NULL; ++ return 0; ++ } ++ ++ l = p - ps; ++ ++ if (l > 2 && ps[0] == '[' && ps[l - 1] == ']') ++ { ++ *host = grub_malloc (l - 1); ++ if (!*host) ++ { ++ grub_print_error (); ++ grub_free (*proto); ++ *proto = NULL; ++ return 0; ++ } ++ grub_memcpy (*host, ps + 1, l - 2); ++ (*host)[l - 2] = 0; ++ } ++ else ++ { ++ *host = grub_malloc (l + 1); ++ if (!*host) ++ { ++ grub_print_error (); ++ grub_free (*proto); ++ *proto = NULL; ++ return 0; ++ } ++ grub_memcpy (*host, ps, l); ++ (*host)[l] = 0; ++ } ++ ++ *path = grub_strdup (p); ++ if (!*path) ++ { ++ grub_print_error (); ++ grub_free (*host); ++ grub_free (*proto); ++ *host = NULL; ++ *proto = NULL; ++ return 0; ++ } ++ return 1; ++} ++ ++static void ++url_get_boot_location (const char *url, char **device, char **path, int is_default) ++{ ++ char *protocol, *server, *file; ++ char *slash; ++ ++ if (!url_parse_fields (url, &protocol, &server, &file)) ++ return; ++ ++ if ((slash = grub_strrchr (file, '/'))) ++ *slash = 0; ++ else ++ *file = 0; ++ ++ *device = grub_xasprintf ("%s,%s", protocol, server); ++ *path = grub_strdup(file); ++ ++ if (is_default) ++ default_server = server; ++ else ++ grub_free (server); ++ ++ grub_free (protocol); ++ grub_free (file); ++} ++ ++static void ++pxe_get_boot_location (const struct grub_net_bootp_packet *bp, ++ char **device, ++ char **path, ++ int is_default) ++{ ++ char *server = grub_xasprintf ("%d.%d.%d.%d", ++ ((grub_uint8_t *) &bp->server_ip)[0], ++ ((grub_uint8_t *) &bp->server_ip)[1], ++ ((grub_uint8_t *) &bp->server_ip)[2], ++ ((grub_uint8_t *) &bp->server_ip)[3]); ++ ++ *device = grub_xasprintf ("tftp,%s", server); ++ ++ *path = grub_strndup (bp->boot_file, sizeof (bp->boot_file)); ++ ++ if (*path) ++ { ++ char *slash; ++ slash = grub_strrchr (*path, '/'); ++ if (slash) ++ *slash = 0; ++ else ++ **path = 0; ++ } ++ ++ if (is_default) ++ default_server = server; ++ else ++ grub_free (server); ++} ++ ++static void ++pxe_get_boot_location_v6 (const struct grub_net_dhcp6_packet *dp, ++ grub_size_t dhcp_size, ++ char **device, ++ char **path) ++{ ++ ++ struct grub_net_dhcp6_option *dhcp_opt; ++ grub_size_t dhcp_remain_size; ++ *device = *path = 0; ++ ++ if (dhcp_size < sizeof (*dp)) ++ { ++ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("DHCPv6 packet size too small")); ++ return; ++ } ++ ++ dhcp_remain_size = dhcp_size - sizeof (*dp); ++ dhcp_opt = (struct grub_net_dhcp6_option *)dp->dhcp_options; ++ ++ while (dhcp_remain_size) ++ { ++ grub_uint16_t code = grub_be_to_cpu16 (dhcp_opt->code); ++ grub_uint16_t len = grub_be_to_cpu16 (dhcp_opt->len); ++ grub_uint16_t option_size = sizeof (*dhcp_opt) + len; ++ ++ if (dhcp_remain_size < option_size || code == 0) ++ break; ++ ++ if (code == GRUB_NET_DHCP6_OPTION_BOOTFILE_URL) ++ { ++ char *url = grub_malloc (len + 1); ++ ++ grub_memcpy (url, dhcp_opt->data, len); ++ url[len] = 0; ++ ++ url_get_boot_location ((const char *)url, device, path, 1); ++ grub_free (url); ++ break; ++ } ++ ++ dhcp_remain_size -= option_size; ++ dhcp_opt = (struct grub_net_dhcp6_option *)((grub_uint8_t *)dhcp_opt + option_size); ++ } ++} ++ ++static grub_efi_net_interface_t * ++grub_efi_net_config_from_device_path (grub_efi_device_path_t *dp, ++ struct grub_efi_net_device *netdev, ++ char **device, ++ char **path) ++{ ++ grub_efi_net_interface_t *inf = NULL; ++ ++ while (1) ++ { ++ grub_efi_uint8_t type = GRUB_EFI_DEVICE_PATH_TYPE (dp); ++ grub_efi_uint8_t subtype = GRUB_EFI_DEVICE_PATH_SUBTYPE (dp); ++ grub_efi_uint16_t len = GRUB_EFI_DEVICE_PATH_LENGTH (dp); ++ ++ if (type == GRUB_EFI_MESSAGING_DEVICE_PATH_TYPE) ++ { ++ if (subtype == GRUB_EFI_URI_DEVICE_PATH_SUBTYPE) ++ { ++ grub_efi_uri_device_path_t *uri_dp; ++ uri_dp = (grub_efi_uri_device_path_t *) dp; ++ /* Beware that uri_dp->uri may not be null terminated */ ++ url_get_boot_location ((const char *)uri_dp->uri, device, path, 1); ++ } ++ else if (subtype == GRUB_EFI_IPV4_DEVICE_PATH_SUBTYPE) ++ { ++ grub_efi_net_ip_manual_address_t net_ip; ++ grub_efi_ipv4_device_path_t *ipv4 = (grub_efi_ipv4_device_path_t *) dp; ++ ++ if (inf) ++ continue; ++ grub_memcpy (net_ip.ip4.address, ipv4->local_ip_address, sizeof (net_ip.ip4.address)); ++ grub_memcpy (net_ip.ip4.subnet_mask, ipv4->subnet_mask, sizeof (net_ip.ip4.subnet_mask)); ++ net_ip.is_ip6 = 0; ++ inf = grub_efi_net_create_interface (netdev, ++ netdev->card_name, ++ &net_ip, ++ 1); ++ } ++ else if (subtype == GRUB_EFI_IPV6_DEVICE_PATH_SUBTYPE) ++ { ++ grub_efi_net_ip_manual_address_t net_ip; ++ grub_efi_ipv6_device_path_t *ipv6 = (grub_efi_ipv6_device_path_t *) dp; ++ ++ if (inf) ++ continue; ++ grub_memcpy (net_ip.ip6.address, ipv6->local_ip_address, sizeof (net_ip.ip6.address)); ++ net_ip.ip6.prefix_length = GRUB_EFI_IP6_PREFIX_LENGTH; ++ net_ip.ip6.is_anycast = 0; ++ net_ip.is_ip6 = 1; ++ inf = grub_efi_net_create_interface (netdev, ++ netdev->card_name, ++ &net_ip, ++ 1); ++ } ++ } ++ ++ if (GRUB_EFI_END_ENTIRE_DEVICE_PATH (dp)) ++ break; ++ dp = (grub_efi_device_path_t *) ((char *) dp + len); ++ } ++ ++ return inf; ++} ++ ++static grub_efi_net_interface_t * ++grub_efi_net_config_from_handle (grub_efi_handle_t *hnd, ++ struct grub_efi_net_device *netdev, ++ char **device, ++ char **path) ++{ ++ grub_efi_pxe_t *pxe = NULL; ++ ++ if (hnd == netdev->ip4_pxe_handle) ++ pxe = netdev->ip4_pxe; ++ else if (hnd == netdev->ip6_pxe_handle) ++ pxe = netdev->ip6_pxe; ++ ++ if (!pxe) ++ return (grub_efi_net_config_from_device_path ( ++ grub_efi_get_device_path (hnd), ++ netdev, ++ device, ++ path)); ++ ++ if (pxe->mode->using_ipv6) ++ { ++ grub_efi_net_ip_manual_address_t net_ip; ++ ++ pxe_get_boot_location_v6 ( ++ (const struct grub_net_dhcp6_packet *) &pxe->mode->dhcp_ack, ++ sizeof (pxe->mode->dhcp_ack), ++ device, ++ path); ++ ++ grub_memcpy (net_ip.ip6.address, pxe->mode->station_ip.v6, sizeof(net_ip.ip6.address)); ++ net_ip.ip6.prefix_length = GRUB_EFI_IP6_PREFIX_LENGTH; ++ net_ip.ip6.is_anycast = 0; ++ net_ip.is_ip6 = 1; ++ return (grub_efi_net_create_interface (netdev, ++ netdev->card_name, ++ &net_ip, ++ 1)); ++ } ++ else ++ { ++ grub_efi_net_ip_manual_address_t net_ip; ++ ++ pxe_get_boot_location ( ++ (const struct grub_net_bootp_packet *) &pxe->mode->dhcp_ack, ++ device, ++ path, ++ 1); ++ ++ grub_memcpy (net_ip.ip4.address, pxe->mode->station_ip.v4, sizeof (net_ip.ip4.address)); ++ grub_memcpy (net_ip.ip4.subnet_mask, pxe->mode->subnet_mask.v4, sizeof (net_ip.ip4.subnet_mask)); ++ net_ip.is_ip6 = 0; ++ return (grub_efi_net_create_interface (netdev, ++ netdev->card_name, ++ &net_ip, ++ 1)); ++ } ++} ++ ++static const char * ++grub_efi_net_var_get_address (struct grub_env_var *var, ++ const char *val __attribute__ ((unused))) ++{ ++ struct grub_efi_net_device *dev; ++ ++ for (dev = net_devices; dev; dev = dev->next) ++ { ++ grub_efi_net_interface_t *inf; ++ ++ for (inf = dev->net_interfaces; inf; inf = inf->next) ++ { ++ char *var_name; ++ ++ var_name = grub_xasprintf ("net_%s_ip", inf->name); ++ if (grub_strcmp (var_name, var->name) == 0) ++ return efi_net_interface_get_address (inf); ++ grub_free (var_name); ++ var_name = grub_xasprintf ("net_%s_mac", inf->name); ++ if (grub_strcmp (var_name, var->name) == 0) ++ return efi_net_interface_get_hw_address (inf); ++ grub_free (var_name); ++ } ++ } ++ ++ return NULL; ++} ++ ++static char * ++grub_efi_net_var_set_interface (struct grub_env_var *var __attribute__ ((unused)), ++ const char *val) ++{ ++ struct grub_efi_net_device *dev; ++ grub_efi_net_interface_t *inf; ++ ++ for (dev = net_devices; dev; dev = dev->next) ++ for (inf = dev->net_interfaces; inf; inf = inf->next) ++ if (grub_strcmp (inf->name, val) == 0) ++ { ++ net_default_interface = inf; ++ return grub_strdup (val); ++ } ++ ++ return NULL; ++} ++ ++static char * ++grub_efi_net_var_set_server (struct grub_env_var *var __attribute__ ((unused)), ++ const char *val) ++{ ++ grub_free (default_server); ++ default_server = grub_strdup (val); ++ return grub_strdup (val); ++} ++ ++static const char * ++grub_efi_net_var_get_server (struct grub_env_var *var __attribute__ ((unused)), ++ const char *val __attribute__ ((unused))) ++{ ++ return default_server ? : ""; ++} ++ ++static const char * ++grub_efi_net_var_get_ip (struct grub_env_var *var __attribute__ ((unused)), ++ const char *val __attribute__ ((unused))) ++{ ++ const char *intf = grub_env_get ("net_default_interface"); ++ const char *ret = NULL; ++ if (intf) ++ { ++ char *buf = grub_xasprintf ("net_%s_ip", intf); ++ if (buf) ++ ret = grub_env_get (buf); ++ grub_free (buf); ++ } ++ return ret; ++} ++ ++static const char * ++grub_efi_net_var_get_mac (struct grub_env_var *var __attribute__ ((unused)), ++ const char *val __attribute__ ((unused))) ++{ ++ const char *intf = grub_env_get ("net_default_interface"); ++ const char *ret = NULL; ++ if (intf) ++ { ++ char *buf = grub_xasprintf ("net_%s_mac", intf); ++ if (buf) ++ ret = grub_env_get (buf); ++ grub_free (buf); ++ } ++ return ret; ++} ++ ++static void ++grub_efi_net_export_interface_vars (void) ++{ ++ struct grub_efi_net_device *dev; ++ ++ for (dev = net_devices; dev; dev = dev->next) ++ { ++ grub_efi_net_interface_t *inf; ++ ++ for (inf = dev->net_interfaces; inf; inf = inf->next) ++ { ++ char *var; ++ ++ var = grub_xasprintf ("net_%s_ip", inf->name); ++ grub_register_variable_hook (var, grub_efi_net_var_get_address, 0); ++ grub_env_export (var); ++ grub_free (var); ++ var = grub_xasprintf ("net_%s_mac", inf->name); ++ grub_register_variable_hook (var, grub_efi_net_var_get_address, 0); ++ grub_env_export (var); ++ grub_free (var); ++ } ++ } ++} ++ ++static void ++grub_efi_net_unset_interface_vars (void) ++{ ++ struct grub_efi_net_device *dev; ++ ++ for (dev = net_devices; dev; dev = dev->next) ++ { ++ grub_efi_net_interface_t *inf; ++ ++ for (inf = dev->net_interfaces; inf; inf = inf->next) ++ { ++ char *var; ++ ++ var = grub_xasprintf ("net_%s_ip", inf->name); ++ grub_register_variable_hook (var, 0, 0); ++ grub_env_unset (var); ++ grub_free (var); ++ var = grub_xasprintf ("net_%s_mac", inf->name); ++ grub_register_variable_hook (var, 0, 0); ++ grub_env_unset (var); ++ grub_free (var); ++ } ++ } ++} ++ ++grub_efi_net_interface_t * ++grub_efi_net_create_interface (struct grub_efi_net_device *dev, ++ const char *interface_name, ++ grub_efi_net_ip_manual_address_t *net_ip, ++ int has_subnet) ++{ ++ grub_efi_net_interface_t *inf; ++ ++ for (inf = dev->net_interfaces; inf; inf = inf->next) ++ { ++ if (inf->prefer_ip6 == net_ip->is_ip6) ++ break; ++ } ++ ++ if (!inf) ++ { ++ inf = grub_malloc (sizeof(*inf)); ++ inf->name = grub_strdup (interface_name); ++ inf->prefer_ip6 = net_ip->is_ip6; ++ inf->dev = dev; ++ inf->next = dev->net_interfaces; ++ inf->ip_config = (net_ip->is_ip6) ? efi_net_ip6_config : efi_net_ip4_config ; ++ dev->net_interfaces = inf; ++ } ++ else ++ { ++ grub_free (inf->name); ++ inf->name = grub_strdup (interface_name); ++ } ++ ++ if (!efi_net_interface_set_address (inf, net_ip, has_subnet)) ++ { ++ grub_error (GRUB_ERR_BUG, N_("Set Address Failed")); ++ return NULL; ++ } ++ ++ return inf; ++} ++ ++static void ++grub_efi_net_config_real (grub_efi_handle_t hnd, char **device, ++ char **path) ++{ ++ grub_efi_handle_t config_hnd; ++ ++ struct grub_efi_net_device *netdev; ++ grub_efi_net_interface_t *inf; ++ ++ config_hnd = grub_efi_locate_device_path (&ip4_config_guid, grub_efi_get_device_path (hnd), NULL); ++ ++ if (!config_hnd) ++ return; ++ ++ for (netdev = net_devices; netdev; netdev = netdev->next) ++ if (netdev->handle == config_hnd) ++ break; ++ ++ if (!netdev) ++ return; ++ ++ if (!(inf = grub_efi_net_config_from_handle (hnd, netdev, device, path))) ++ return; ++ ++ grub_env_set ("net_default_interface", inf->name); ++ grub_efi_net_export_interface_vars (); ++} ++ ++static grub_err_t ++grub_efi_netfs_dir (grub_device_t device, const char *path __attribute__ ((unused)), ++ grub_fs_dir_hook_t hook __attribute__ ((unused)), ++ void *hook_data __attribute__ ((unused))) ++{ ++ if (!device->net) ++ return grub_error (GRUB_ERR_BUG, "invalid net device"); ++ return GRUB_ERR_NONE; ++} ++ ++static grub_err_t ++grub_efi_netfs_open (struct grub_file *file_out __attribute__ ((unused)), ++ const char *name __attribute__ ((unused))) ++{ ++ struct grub_file *file, *bufio; ++ ++ file = grub_malloc (sizeof (*file)); ++ if (!file) ++ return grub_errno; ++ ++ grub_memcpy (file, file_out, sizeof (struct grub_file)); ++ file->device->net->name = grub_strdup (name); ++ ++ if (!file->device->net->name) ++ { ++ grub_free (file); ++ return grub_errno; ++ } ++ ++ efi_net_interface(open, file, name); ++ grub_print_error (); ++ ++ bufio = grub_bufio_open (file, 32768); ++ if (!bufio) ++ { ++ grub_free (file->device->net->name); ++ grub_free (file); ++ return grub_errno; ++ } ++ grub_memcpy (file_out, bufio, sizeof (struct grub_file)); ++ grub_free (bufio); ++ ++ return GRUB_ERR_NONE; ++} ++ ++static grub_ssize_t ++grub_efihttp_chunk_read (grub_file_t file, char *buf, ++ grub_size_t len, grub_size_t chunk_size) ++{ ++ char *chunk = grub_malloc (chunk_size); ++ grub_size_t sum = 0; ++ ++ while (len) ++ { ++ grub_ssize_t rd; ++ grub_size_t sz = (len > chunk_size) ? chunk_size : len; ++ ++ rd = efi_net_interface (read, file, chunk, sz); ++ ++ if (rd <= 0) ++ return rd; ++ ++ if (buf) ++ { ++ grub_memcpy (buf, chunk, rd); ++ buf += rd; ++ } ++ sum += rd; ++ len -= rd; ++ } ++ ++ grub_free (chunk); ++ return sum; ++} ++ ++static grub_ssize_t ++grub_efi_netfs_read (grub_file_t file __attribute__ ((unused)), ++ char *buf __attribute__ ((unused)), grub_size_t len __attribute__ ((unused))) ++{ ++ if (file->offset > file->device->net->offset) ++ { ++ grub_efihttp_chunk_read (file, NULL, file->offset - file->device->net->offset, 10240); ++ } ++ else if (file->offset < file->device->net->offset) ++ { ++ efi_net_interface (close, file); ++ efi_net_interface (open, file, file->device->net->name); ++ if (file->offset) ++ grub_efihttp_chunk_read (file, NULL, file->offset, 10240); ++ } ++ ++ return efi_net_interface (read, file, buf, len); ++} ++ ++static grub_err_t ++grub_efi_netfs_close (grub_file_t file) ++{ ++ efi_net_interface (close, file); ++ return GRUB_ERR_NONE; ++} ++ ++static grub_efi_handle_t ++grub_efi_service_binding (grub_efi_handle_t dev, grub_efi_guid_t *service_binding_guid) ++{ ++ grub_efi_service_binding_t *service; ++ grub_efi_status_t status; ++ grub_efi_handle_t child_dev = NULL; ++ ++ service = grub_efi_open_protocol (dev, service_binding_guid, GRUB_EFI_OPEN_PROTOCOL_GET_PROTOCOL); ++ if (!service) ++ { ++ grub_error (GRUB_ERR_IO, N_("couldn't open efi service binding protocol")); ++ return NULL; ++ } ++ ++ status = efi_call_2 (service->create_child, service, &child_dev); ++ if (status != GRUB_EFI_SUCCESS) ++ { ++ grub_error (GRUB_ERR_IO, N_("Failed to create child device of http service %x"), status); ++ return NULL; ++ } ++ ++ return child_dev; ++} ++ ++static grub_err_t ++grub_efi_net_parse_address (const char *address, ++ grub_efi_ip4_config2_manual_address_t *ip4, ++ grub_efi_ip6_config_manual_address_t *ip6, ++ int *is_ip6, ++ int *has_cidr) ++{ ++ const char *rest; ++ ++ if (grub_efi_string_to_ip4_address (address, &ip4->address, &rest)) ++ { ++ *is_ip6 = 0; ++ if (*rest == '/') ++ { ++ grub_uint32_t subnet_mask_size; ++ ++ subnet_mask_size = grub_strtoul (rest + 1, (char **) &rest, 0); ++ ++ if (!grub_errno && subnet_mask_size <= 32 && *rest == 0) ++ { ++ grub_uint32_t subnet_mask; ++ ++ subnet_mask = grub_cpu_to_be32 ((0xffffffffU << (32 - subnet_mask_size))); ++ grub_memcpy (ip4->subnet_mask, &subnet_mask, sizeof (ip4->subnet_mask)); ++ if (has_cidr) ++ *has_cidr = 1; ++ return GRUB_ERR_NONE; ++ } ++ } ++ else if (*rest == 0) ++ { ++ grub_uint32_t subnet_mask = 0xffffffffU; ++ grub_memcpy (ip4->subnet_mask, &subnet_mask, sizeof (ip4->subnet_mask)); ++ if (has_cidr) ++ *has_cidr = 0; ++ return GRUB_ERR_NONE; ++ } ++ } ++ else if (grub_efi_string_to_ip6_address (address, &ip6->address, &rest)) ++ { ++ *is_ip6 = 1; ++ if (*rest == '/') ++ { ++ grub_efi_uint8_t prefix_length; ++ ++ prefix_length = grub_strtoul (rest + 1, (char **) &rest, 0); ++ if (!grub_errno && prefix_length <= 128 && *rest == 0) ++ { ++ ip6->prefix_length = prefix_length; ++ ip6->is_anycast = 0; ++ if (has_cidr) ++ *has_cidr = 1; ++ return GRUB_ERR_NONE; ++ } ++ } ++ else if (*rest == 0) ++ { ++ ip6->prefix_length = 128; ++ ip6->is_anycast = 0; ++ if (has_cidr) ++ *has_cidr = 0; ++ return GRUB_ERR_NONE; ++ } ++ } ++ ++ return grub_error (GRUB_ERR_NET_BAD_ADDRESS, ++ N_("unrecognised network address `%s'"), ++ address); ++} ++ ++static grub_efi_net_interface_t * ++match_route (const char *server) ++{ ++ grub_err_t err; ++ grub_efi_ip4_config2_manual_address_t ip4; ++ grub_efi_ip6_config_manual_address_t ip6; ++ grub_efi_net_interface_t *inf; ++ int is_ip6 = 0; ++ ++ err = grub_efi_net_parse_address (server, &ip4, &ip6, &is_ip6, 0); ++ ++ if (err) ++ { ++ grub_print_error (); ++ return NULL; ++ } ++ ++ if (is_ip6) ++ { ++ struct grub_efi_net_device *dev; ++ grub_efi_net_ip_address_t addr; ++ ++ grub_memcpy (addr.ip6, ip6.address, sizeof(ip6.address)); ++ ++ for (dev = net_devices; dev; dev = dev->next) ++ if ((inf = efi_net_ip6_config->best_interface (dev, &addr))) ++ return inf; ++ } ++ else ++ { ++ struct grub_efi_net_device *dev; ++ grub_efi_net_ip_address_t addr; ++ ++ grub_memcpy (addr.ip4, ip4.address, sizeof(ip4.address)); ++ ++ for (dev = net_devices; dev; dev = dev->next) ++ if ((inf = efi_net_ip4_config->best_interface (dev, &addr))) ++ return inf; ++ } ++ ++ return 0; ++} ++ ++static void ++grub_efi_net_add_pxebc_to_cards (void) ++{ ++ grub_efi_uintn_t num_handles; ++ grub_efi_handle_t *handles; ++ grub_efi_handle_t *handle; ++ ++ handles = grub_efi_locate_handle (GRUB_EFI_BY_PROTOCOL, &pxe_io_guid, ++ 0, &num_handles); ++ if (!handles) ++ return; ++ ++ for (handle = handles; num_handles--; handle++) ++ { ++ grub_efi_device_path_t *dp, *ddp, *ldp; ++ grub_efi_pxe_t *pxe; ++ struct grub_efi_net_device *d; ++ int is_ip6 = 0; ++ ++ dp = grub_efi_get_device_path (*handle); ++ if (!dp) ++ continue; ++ ++ ddp = grub_efi_duplicate_device_path (dp); ++ ldp = grub_efi_find_last_device_path (ddp); ++ ++ if (ldp->type == GRUB_EFI_MESSAGING_DEVICE_PATH_TYPE ++ && ldp->subtype == GRUB_EFI_IPV4_DEVICE_PATH_SUBTYPE) ++ { ++ ldp->type = GRUB_EFI_END_DEVICE_PATH_TYPE; ++ ldp->subtype = GRUB_EFI_END_ENTIRE_DEVICE_PATH_SUBTYPE; ++ ldp->length = sizeof (*ldp); ++ } ++ else if (ldp->type == GRUB_EFI_MESSAGING_DEVICE_PATH_TYPE ++ && ldp->subtype == GRUB_EFI_IPV6_DEVICE_PATH_SUBTYPE) ++ { ++ is_ip6 = 1; ++ ldp->type = GRUB_EFI_END_DEVICE_PATH_TYPE; ++ ldp->subtype = GRUB_EFI_END_ENTIRE_DEVICE_PATH_SUBTYPE; ++ ldp->length = sizeof (*ldp); ++ } ++ ++ for (d = net_devices; d; d = d->next) ++ if (grub_efi_compare_device_paths (ddp, grub_efi_get_device_path (d->handle)) == 0) ++ break; ++ ++ if (!d) ++ { ++ grub_free (ddp); ++ continue; ++ } ++ ++ pxe = grub_efi_open_protocol (*handle, &pxe_io_guid, ++ GRUB_EFI_OPEN_PROTOCOL_GET_PROTOCOL); ++ ++ if (!pxe) ++ { ++ grub_free (ddp); ++ continue; ++ } ++ ++ if (is_ip6) ++ { ++ d->ip6_pxe_handle = *handle; ++ d->ip6_pxe = pxe; ++ } ++ else ++ { ++ d->ip4_pxe_handle = *handle; ++ d->ip4_pxe = pxe; ++ } ++ ++ grub_free (ddp); ++ } ++ ++ grub_free (handles); ++} ++ ++static void ++set_ip_policy_to_static (void) ++{ ++ struct grub_efi_net_device *dev; ++ ++ for (dev = net_devices; dev; dev = dev->next) ++ { ++ grub_efi_ip4_config2_policy_t ip4_policy = GRUB_EFI_IP4_CONFIG2_POLICY_STATIC; ++ ++ if (efi_call_4 (dev->ip4_config->set_data, dev->ip4_config, ++ GRUB_EFI_IP4_CONFIG2_DATA_TYPE_POLICY, ++ sizeof (ip4_policy), &ip4_policy) != GRUB_EFI_SUCCESS) ++ grub_dprintf ("efinetfs", "could not set GRUB_EFI_IP4_CONFIG2_POLICY_STATIC on dev `%s'", dev->card_name); ++ ++ if (dev->ip6_config) ++ { ++ grub_efi_ip6_config_policy_t ip6_policy = GRUB_EFI_IP6_CONFIG_POLICY_MANUAL; ++ ++ if (efi_call_4 (dev->ip6_config->set_data, dev->ip6_config, ++ GRUB_EFI_IP6_CONFIG_DATA_TYPE_POLICY, ++ sizeof (ip6_policy), &ip6_policy) != GRUB_EFI_SUCCESS) ++ grub_dprintf ("efinetfs", "could not set GRUB_EFI_IP6_CONFIG_POLICY_MANUAL on dev `%s'", dev->card_name); ++ } ++ } ++} ++ ++/* FIXME: Do not fail if the card did not support any of the protocol (Eg http) */ ++static void ++grub_efi_net_find_cards (void) ++{ ++ grub_efi_uintn_t num_handles; ++ grub_efi_handle_t *handles; ++ grub_efi_handle_t *handle; ++ int id; ++ ++ handles = grub_efi_locate_handle (GRUB_EFI_BY_PROTOCOL, &ip4_config_guid, ++ 0, &num_handles); ++ if (!handles) ++ return; ++ ++ for (id = 0, handle = handles; num_handles--; handle++, id++) ++ { ++ grub_efi_device_path_t *dp; ++ grub_efi_ip4_config2_protocol_t *ip4_config; ++ grub_efi_ip6_config_protocol_t *ip6_config; ++ grub_efi_handle_t http_handle; ++ grub_efi_http_t *http; ++ grub_efi_handle_t dhcp4_handle; ++ grub_efi_dhcp4_protocol_t *dhcp4; ++ grub_efi_handle_t dhcp6_handle; ++ grub_efi_dhcp6_protocol_t *dhcp6; ++ ++ struct grub_efi_net_device *d; ++ ++ dp = grub_efi_get_device_path (*handle); ++ if (!dp) ++ continue; ++ ++ ip4_config = grub_efi_open_protocol (*handle, &ip4_config_guid, ++ GRUB_EFI_OPEN_PROTOCOL_GET_PROTOCOL); ++ if (!ip4_config) ++ continue; ++ ++ ip6_config = grub_efi_open_protocol (*handle, &ip6_config_guid, ++ GRUB_EFI_OPEN_PROTOCOL_GET_PROTOCOL); ++ ++ http_handle = grub_efi_service_binding (*handle, &http_service_binding_guid); ++ grub_errno = GRUB_ERR_NONE; ++ http = (http_handle) ++ ? grub_efi_open_protocol (http_handle, &http_guid, GRUB_EFI_OPEN_PROTOCOL_GET_PROTOCOL) ++ : NULL; ++ ++ dhcp4_handle = grub_efi_service_binding (*handle, &dhcp4_service_binding_guid); ++ grub_errno = GRUB_ERR_NONE; ++ dhcp4 = (dhcp4_handle) ++ ? grub_efi_open_protocol (dhcp4_handle, &dhcp4_guid, GRUB_EFI_OPEN_PROTOCOL_GET_PROTOCOL) ++ : NULL; ++ ++ ++ dhcp6_handle = grub_efi_service_binding (*handle, &dhcp6_service_binding_guid); ++ grub_errno = GRUB_ERR_NONE; ++ dhcp6 = (dhcp6_handle) ++ ? grub_efi_open_protocol (dhcp6_handle, &dhcp6_guid, GRUB_EFI_OPEN_PROTOCOL_GET_PROTOCOL) ++ : NULL; ++ ++ d = grub_malloc (sizeof (*d)); ++ if (!d) ++ { ++ grub_free (handles); ++ while (net_devices) ++ { ++ d = net_devices->next; ++ grub_free (net_devices); ++ net_devices = d; ++ } ++ return; ++ } ++ d->handle = *handle; ++ d->ip4_config = ip4_config; ++ d->ip6_config = ip6_config; ++ d->http_handle = http_handle; ++ d->http = http; ++ d->dhcp4_handle = dhcp4_handle; ++ d->dhcp4 = dhcp4; ++ d->dhcp6_handle = dhcp6_handle; ++ d->dhcp6 = dhcp6; ++ d->next = net_devices; ++ d->card_name = grub_xasprintf ("efinet%d", id); ++ d->net_interfaces = NULL; ++ net_devices = d; ++ } ++ ++ grub_efi_net_add_pxebc_to_cards (); ++ grub_free (handles); ++ set_ip_policy_to_static (); ++} ++ ++static void ++listroutes_ip4 (struct grub_efi_net_device *netdev) ++{ ++ char **routes; ++ ++ routes = NULL; ++ ++ if ((routes = efi_net_ip4_config->get_route_table (netdev))) ++ { ++ char **r; ++ ++ for (r = routes; *r; ++r) ++ grub_printf ("%s\n", *r); ++ } ++ ++ if (routes) ++ { ++ char **r; ++ ++ for (r = routes; *r; ++r) ++ grub_free (*r); ++ grub_free (routes); ++ } ++} ++ ++static void ++listroutes_ip6 (struct grub_efi_net_device *netdev) ++{ ++ char **routes; ++ ++ routes = NULL; ++ ++ if ((routes = efi_net_ip6_config->get_route_table (netdev))) ++ { ++ char **r; ++ ++ for (r = routes; *r; ++r) ++ grub_printf ("%s\n", *r); ++ } ++ ++ if (routes) ++ { ++ char **r; ++ ++ for (r = routes; *r; ++r) ++ grub_free (*r); ++ grub_free (routes); ++ } ++} ++ ++static grub_err_t ++grub_cmd_efi_listroutes (struct grub_command *cmd __attribute__ ((unused)), ++ int argc __attribute__ ((unused)), ++ char **args __attribute__ ((unused))) ++{ ++ struct grub_efi_net_device *netdev; ++ ++ for (netdev = net_devices; netdev; netdev = netdev->next) ++ { ++ listroutes_ip4 (netdev); ++ listroutes_ip6 (netdev); ++ } ++ ++ return GRUB_ERR_NONE; ++} ++static grub_err_t ++grub_cmd_efi_listcards (struct grub_command *cmd __attribute__ ((unused)), ++ int argc __attribute__ ((unused)), ++ char **args __attribute__ ((unused))) ++{ ++ struct grub_efi_net_device *dev; ++ ++ for (dev = net_devices; dev; dev = dev->next) ++ { ++ char *hw_addr; ++ ++ hw_addr = efi_net_ip4_config->get_hw_address (dev); ++ ++ if (hw_addr) ++ { ++ grub_printf ("%s %s\n", dev->card_name, hw_addr); ++ grub_free (hw_addr); ++ } ++ } ++ ++ return GRUB_ERR_NONE; ++} ++ ++static grub_err_t ++grub_cmd_efi_listaddrs (struct grub_command *cmd __attribute__ ((unused)), ++ int argc __attribute__ ((unused)), ++ char **args __attribute__ ((unused))) ++{ ++ struct grub_efi_net_device *dev; ++ grub_efi_net_interface_t *inf; ++ ++ for (dev = net_devices; dev; dev = dev->next) ++ for (inf = dev->net_interfaces; inf; inf = inf->next) ++ { ++ char *hw_addr = NULL; ++ char *addr = NULL; ++ ++ if ((hw_addr = efi_net_interface_get_hw_address (inf)) ++ && (addr = efi_net_interface_get_address (inf))) ++ grub_printf ("%s %s %s\n", inf->name, hw_addr, addr); ++ ++ if (hw_addr) ++ grub_free (hw_addr); ++ if (addr) ++ grub_free (addr); ++ } ++ ++ return GRUB_ERR_NONE; ++} ++ ++/* FIXME: support MAC specifying. */ ++static grub_err_t ++grub_cmd_efi_addaddr (struct grub_command *cmd __attribute__ ((unused)), ++ int argc, char **args) ++{ ++ struct grub_efi_net_device *dev; ++ grub_err_t err; ++ grub_efi_ip4_config2_manual_address_t ip4; ++ grub_efi_ip6_config_manual_address_t ip6; ++ grub_efi_net_ip_manual_address_t net_ip; ++ int is_ip6 = 0; ++ int cidr = 0; ++ ++ if (argc != 3) ++ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("three arguments expected")); ++ ++ for (dev = net_devices; dev; dev = dev->next) ++ { ++ if (grub_strcmp (dev->card_name, args[1]) == 0) ++ break; ++ } ++ ++ if (!dev) ++ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("card not found")); ++ ++ err = grub_efi_net_parse_address (args[2], &ip4, &ip6, &is_ip6, &cidr); ++ ++ if (err) ++ return err; ++ ++ net_ip.is_ip6 = is_ip6; ++ if (is_ip6) ++ grub_memcpy (&net_ip.ip6, &ip6, sizeof(net_ip.ip6)); ++ else ++ grub_memcpy (&net_ip.ip4, &ip4, sizeof(net_ip.ip4)); ++ ++ if (!grub_efi_net_create_interface (dev, ++ args[0], ++ &net_ip, ++ cidr)) ++ return grub_errno; ++ ++ return GRUB_ERR_NONE; ++} ++ ++static struct grub_fs grub_efi_netfs; ++ ++static grub_net_t ++grub_net_open_real (const char *name __attribute__ ((unused))) ++{ ++ grub_size_t protnamelen; ++ const char *protname, *server; ++ grub_net_t ret; ++ ++ net_interface = NULL; ++ ++ if (grub_strncmp (name, "pxe:", sizeof ("pxe:") - 1) == 0) ++ { ++ protname = "tftp"; ++ protnamelen = sizeof ("tftp") - 1; ++ server = name + sizeof ("pxe:") - 1; ++ } ++ else if (grub_strcmp (name, "pxe") == 0) ++ { ++ protname = "tftp"; ++ protnamelen = sizeof ("tftp") - 1; ++ server = default_server; ++ } ++ else ++ { ++ const char *comma; ++ ++ comma = grub_strchr (name, ','); ++ if (comma) ++ { ++ protnamelen = comma - name; ++ server = comma + 1; ++ protname = name; ++ } ++ else ++ { ++ protnamelen = grub_strlen (name); ++ server = default_server; ++ protname = name; ++ } ++ } ++ ++ if (!server) ++ { ++ grub_error (GRUB_ERR_NET_BAD_ADDRESS, ++ N_("no server is specified")); ++ return NULL; ++ } ++ ++ /*FIXME: Use DNS translate name to address */ ++ net_interface = match_route (server); ++ ++ /*XXX: should we check device with default gateway ? */ ++ if (!net_interface && !(net_interface = net_default_interface)) ++ { ++ grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("disk `%s' no route found"), ++ name); ++ return NULL; ++ } ++ ++ if ((protnamelen == (sizeof ("https") - 1) ++ && grub_memcmp ("https", protname, protnamelen) == 0)) ++ { ++ net_interface->io = &io_http; ++ net_interface->io_type = 1; ++ } ++ else if ((protnamelen == (sizeof ("http") - 1) ++ && grub_memcmp ("http", protname, protnamelen) == 0)) ++ { ++ net_interface->io = &io_http; ++ net_interface->io_type = 0; ++ } ++ else if (protnamelen == (sizeof ("tftp") - 1) ++ && grub_memcmp ("tftp", protname, protnamelen) == 0) ++ { ++ net_interface->io = &io_pxe; ++ net_interface->io_type = 0; ++ } ++ else ++ { ++ grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("disk `%s' not found"), ++ name); ++ return NULL; ++ } ++ ++ /*XXX: Should we try to avoid doing excess "reconfigure" here ??? */ ++ efi_net_interface (configure); ++ ++ ret = grub_zalloc (sizeof (*ret)); ++ if (!ret) ++ return NULL; ++ ++ ret->server = grub_strdup (server); ++ if (!ret->server) ++ { ++ grub_free (ret); ++ return NULL; ++ } ++ ++ ret->fs = &grub_efi_netfs; ++ return ret; ++} ++#if 0 ++static grub_command_t cmd_efi_lsaddr; ++static grub_command_t cmd_efi_lscards; ++static grub_command_t cmd_efi_lsroutes; ++static grub_command_t cmd_efi_addaddr; ++#endif ++ ++static struct grub_fs grub_efi_netfs = ++ { ++ .name = "efi netfs", ++ .dir = grub_efi_netfs_dir, ++ .open = grub_efi_netfs_open, ++ .read = grub_efi_netfs_read, ++ .close = grub_efi_netfs_close, ++ .label = NULL, ++ .uuid = NULL, ++ .mtime = NULL, ++ }; ++ ++int ++grub_efi_net_boot_from_https (void) ++{ ++ grub_efi_loaded_image_t *image = NULL; ++ grub_efi_device_path_t *dp; ++ ++ image = grub_efi_get_loaded_image (grub_efi_image_handle); ++ if (!image) ++ return 0; ++ ++ dp = grub_efi_get_device_path (image->device_handle); ++ ++ while (1) ++ { ++ grub_efi_uint8_t type = GRUB_EFI_DEVICE_PATH_TYPE (dp); ++ grub_efi_uint8_t subtype = GRUB_EFI_DEVICE_PATH_SUBTYPE (dp); ++ grub_efi_uint16_t len = GRUB_EFI_DEVICE_PATH_LENGTH (dp); ++ ++ if ((type == GRUB_EFI_MESSAGING_DEVICE_PATH_TYPE) ++ && (subtype == GRUB_EFI_URI_DEVICE_PATH_SUBTYPE)) ++ { ++ grub_efi_uri_device_path_t *uri_dp = (grub_efi_uri_device_path_t *) dp; ++ return (grub_strncmp ((const char*)uri_dp->uri, "https://", sizeof ("https://") - 1) == 0) ? 1 : 0; ++ } ++ ++ if (GRUB_EFI_END_ENTIRE_DEVICE_PATH (dp)) ++ break; ++ dp = (grub_efi_device_path_t *) ((char *) dp + len); ++ } ++ ++ return 0; ++} ++ ++int ++grub_efi_net_boot_from_opa (void) ++{ ++ grub_efi_loaded_image_t *image = NULL; ++ grub_efi_device_path_t *dp; ++ ++ image = grub_efi_get_loaded_image (grub_efi_image_handle); ++ if (!image) ++ return 0; ++ ++ dp = grub_efi_get_device_path (image->device_handle); ++ ++ while (1) ++ { ++ grub_efi_uint8_t type = GRUB_EFI_DEVICE_PATH_TYPE (dp); ++ grub_efi_uint8_t subtype = GRUB_EFI_DEVICE_PATH_SUBTYPE (dp); ++ grub_efi_uint16_t len = GRUB_EFI_DEVICE_PATH_LENGTH (dp); ++ ++ if ((type == GRUB_EFI_MESSAGING_DEVICE_PATH_TYPE) ++ && (subtype == GRUB_EFI_MAC_ADDRESS_DEVICE_PATH_SUBTYPE)) ++ { ++ grub_efi_mac_address_device_path_t *mac_dp = (grub_efi_mac_address_device_path_t *)dp; ++ return (mac_dp->if_type == 0xC7) ? 1 : 0; ++ } ++ ++ if (GRUB_EFI_END_ENTIRE_DEVICE_PATH (dp)) ++ break; ++ dp = (grub_efi_device_path_t *) ((char *) dp + len); ++ } ++ ++ return 0; ++} ++ ++static char * ++grub_env_write_readonly (struct grub_env_var *var __attribute__ ((unused)), ++ const char *val __attribute__ ((unused))) ++{ ++ return NULL; ++} ++ ++grub_command_func_t grub_efi_net_list_routes = grub_cmd_efi_listroutes; ++grub_command_func_t grub_efi_net_list_cards = grub_cmd_efi_listcards; ++grub_command_func_t grub_efi_net_list_addrs = grub_cmd_efi_listaddrs; ++grub_command_func_t grub_efi_net_add_addr = grub_cmd_efi_addaddr; ++ ++int ++grub_efi_net_fs_init () ++{ ++ grub_efi_net_find_cards (); ++ grub_efi_net_config = grub_efi_net_config_real; ++ grub_net_open = grub_net_open_real; ++ grub_register_variable_hook ("net_default_server", grub_efi_net_var_get_server, ++ grub_efi_net_var_set_server); ++ grub_env_export ("net_default_server"); ++ grub_register_variable_hook ("pxe_default_server", grub_efi_net_var_get_server, ++ grub_efi_net_var_set_server); ++ grub_env_export ("pxe_default_server"); ++ grub_register_variable_hook ("net_default_interface", 0, ++ grub_efi_net_var_set_interface); ++ grub_env_export ("net_default_interface"); ++ grub_register_variable_hook ("net_default_ip", grub_efi_net_var_get_ip, ++ 0); ++ grub_env_export ("net_default_ip"); ++ grub_register_variable_hook ("net_default_mac", grub_efi_net_var_get_mac, ++ 0); ++ grub_env_export ("net_default_mac"); ++ ++ grub_env_set ("grub_netfs_type", "efi"); ++ grub_register_variable_hook ("grub_netfs_type", 0, grub_env_write_readonly); ++ grub_env_export ("grub_netfs_type"); ++ ++ return 1; ++} ++ ++void ++grub_efi_net_fs_fini (void) ++{ ++ grub_env_unset ("grub_netfs_type"); ++ grub_efi_net_unset_interface_vars (); ++ grub_register_variable_hook ("net_default_server", 0, 0); ++ grub_env_unset ("net_default_server"); ++ grub_register_variable_hook ("net_default_interface", 0, 0); ++ grub_env_unset ("net_default_interface"); ++ grub_register_variable_hook ("pxe_default_server", 0, 0); ++ grub_env_unset ("pxe_default_server"); ++ grub_register_variable_hook ("net_default_ip", 0, 0); ++ grub_env_unset ("net_default_ip"); ++ grub_register_variable_hook ("net_default_mac", 0, 0); ++ grub_env_unset ("net_default_mac"); ++ grub_efi_net_config = NULL; ++ grub_net_open = NULL; ++ grub_fs_unregister (&grub_efi_netfs); ++} +diff --git a/grub-core/net/efi/pxe.c b/grub-core/net/efi/pxe.c +new file mode 100644 +index 000000000..531949cba +--- /dev/null ++++ b/grub-core/net/efi/pxe.c +@@ -0,0 +1,424 @@ ++ ++#include ++#include ++#include ++#include ++#include ++ ++static grub_efi_ip6_config_manual_address_t * ++efi_ip6_config_manual_address (grub_efi_ip6_config_protocol_t *ip6_config) ++{ ++ grub_efi_uintn_t sz; ++ grub_efi_status_t status; ++ grub_efi_ip6_config_manual_address_t *manual_address; ++ ++ sz = sizeof (*manual_address); ++ manual_address = grub_malloc (sz); ++ if (!manual_address) ++ return NULL; ++ ++ status = efi_call_4 (ip6_config->get_data, ip6_config, ++ GRUB_EFI_IP6_CONFIG_DATA_TYPE_MANUAL_ADDRESS, ++ &sz, manual_address); ++ ++ if (status != GRUB_EFI_SUCCESS) ++ { ++ grub_free (manual_address); ++ return NULL; ++ } ++ ++ return manual_address; ++} ++ ++static grub_efi_ip4_config2_manual_address_t * ++efi_ip4_config_manual_address (grub_efi_ip4_config2_protocol_t *ip4_config) ++{ ++ grub_efi_uintn_t sz; ++ grub_efi_status_t status; ++ grub_efi_ip4_config2_manual_address_t *manual_address; ++ ++ sz = sizeof (*manual_address); ++ manual_address = grub_malloc (sz); ++ if (!manual_address) ++ return NULL; ++ ++ status = efi_call_4 (ip4_config->get_data, ip4_config, ++ GRUB_EFI_IP4_CONFIG2_DATA_TYPE_MANUAL_ADDRESS, ++ &sz, manual_address); ++ ++ if (status != GRUB_EFI_SUCCESS) ++ { ++ grub_free (manual_address); ++ return NULL; ++ } ++ ++ return manual_address; ++} ++ ++static void ++pxe_configure (struct grub_efi_net_device *dev, int prefer_ip6) ++{ ++ grub_efi_pxe_t *pxe = (prefer_ip6) ? dev->ip6_pxe : dev->ip4_pxe; ++ ++ grub_efi_pxe_mode_t *mode = pxe->mode; ++ ++ if (!mode->started) ++ { ++ grub_efi_status_t status; ++ status = efi_call_2 (pxe->start, pxe, prefer_ip6); ++ ++ if (status != GRUB_EFI_SUCCESS) ++ grub_printf ("Couldn't start PXE\n"); ++ } ++ ++#if 0 ++ grub_printf ("PXE STARTED: %u\n", mode->started); ++ grub_printf ("PXE USING IPV6: %u\n", mode->using_ipv6); ++#endif ++ ++ if (mode->using_ipv6) ++ { ++ grub_efi_ip6_config_manual_address_t *manual_address; ++ manual_address = efi_ip6_config_manual_address (dev->ip6_config); ++ ++ if (manual_address && ++ grub_memcmp (manual_address->address, mode->station_ip.v6, sizeof (manual_address->address)) != 0) ++ { ++ grub_efi_status_t status; ++ grub_efi_pxe_ip_address_t station_ip; ++ ++ grub_memcpy (station_ip.v6.addr, manual_address->address, sizeof (station_ip.v6.addr)); ++ status = efi_call_3 (pxe->set_station_ip, pxe, &station_ip, NULL); ++ ++ if (status != GRUB_EFI_SUCCESS) ++ grub_printf ("Couldn't set station ip\n"); ++ ++ grub_free (manual_address); ++ } ++ } ++ else ++ { ++ grub_efi_ip4_config2_manual_address_t *manual_address; ++ manual_address = efi_ip4_config_manual_address (dev->ip4_config); ++ ++ if (manual_address && ++ grub_memcmp (manual_address->address, mode->station_ip.v4, sizeof (manual_address->address)) != 0) ++ { ++ grub_efi_status_t status; ++ grub_efi_pxe_ip_address_t station_ip; ++ grub_efi_pxe_ip_address_t subnet_mask; ++ ++ grub_memcpy (station_ip.v4.addr, manual_address->address, sizeof (station_ip.v4.addr)); ++ grub_memcpy (subnet_mask.v4.addr, manual_address->subnet_mask, sizeof (subnet_mask.v4.addr)); ++ ++ status = efi_call_3 (pxe->set_station_ip, pxe, &station_ip, &subnet_mask); ++ ++ if (status != GRUB_EFI_SUCCESS) ++ grub_printf ("Couldn't set station ip\n"); ++ ++ grub_free (manual_address); ++ } ++ } ++ ++#if 0 ++ if (mode->using_ipv6) ++ { ++ grub_printf ("PXE STATION IP: %02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x\n", ++ mode->station_ip.v6.addr[0], ++ mode->station_ip.v6.addr[1], ++ mode->station_ip.v6.addr[2], ++ mode->station_ip.v6.addr[3], ++ mode->station_ip.v6.addr[4], ++ mode->station_ip.v6.addr[5], ++ mode->station_ip.v6.addr[6], ++ mode->station_ip.v6.addr[7], ++ mode->station_ip.v6.addr[8], ++ mode->station_ip.v6.addr[9], ++ mode->station_ip.v6.addr[10], ++ mode->station_ip.v6.addr[11], ++ mode->station_ip.v6.addr[12], ++ mode->station_ip.v6.addr[13], ++ mode->station_ip.v6.addr[14], ++ mode->station_ip.v6.addr[15]); ++ } ++ else ++ { ++ grub_printf ("PXE STATION IP: %d.%d.%d.%d\n", ++ mode->station_ip.v4.addr[0], ++ mode->station_ip.v4.addr[1], ++ mode->station_ip.v4.addr[2], ++ mode->station_ip.v4.addr[3]); ++ grub_printf ("PXE SUBNET MASK: %d.%d.%d.%d\n", ++ mode->subnet_mask.v4.addr[0], ++ mode->subnet_mask.v4.addr[1], ++ mode->subnet_mask.v4.addr[2], ++ mode->subnet_mask.v4.addr[3]); ++ } ++#endif ++ ++ /* TODO: Set The Station IP to the IP2 Config */ ++} ++ ++static int ++parse_ip6 (const char *val, grub_uint64_t *ip, const char **rest) ++{ ++ grub_uint16_t newip[8]; ++ const char *ptr = val; ++ int word, quaddot = -1; ++ int bracketed = 0; ++ ++ if (ptr[0] == '[') { ++ bracketed = 1; ++ ptr++; ++ } ++ ++ if (ptr[0] == ':' && ptr[1] != ':') ++ return 0; ++ if (ptr[0] == ':') ++ ptr++; ++ ++ for (word = 0; word < 8; word++) ++ { ++ unsigned long t; ++ if (*ptr == ':') ++ { ++ quaddot = word; ++ word--; ++ ptr++; ++ continue; ++ } ++ t = grub_strtoul (ptr, (char **) &ptr, 16); ++ if (grub_errno) ++ { ++ grub_errno = GRUB_ERR_NONE; ++ break; ++ } ++ if (t & ~0xffff) ++ return 0; ++ newip[word] = grub_cpu_to_be16 (t); ++ if (*ptr != ':') ++ break; ++ ptr++; ++ } ++ if (quaddot == -1 && word < 7) ++ return 0; ++ if (quaddot != -1) ++ { ++ grub_memmove (&newip[quaddot + 7 - word], &newip[quaddot], ++ (word - quaddot + 1) * sizeof (newip[0])); ++ grub_memset (&newip[quaddot], 0, (7 - word) * sizeof (newip[0])); ++ } ++ grub_memcpy (ip, newip, 16); ++ if (bracketed && *ptr == ']') { ++ ptr++; ++ } ++ if (rest) ++ *rest = ptr; ++ return 1; ++} ++ ++static grub_err_t ++pxe_open (struct grub_efi_net_device *dev, ++ int prefer_ip6, ++ grub_file_t file, ++ const char *filename, ++ int type __attribute__((unused))) ++{ ++ int i; ++ char *p; ++ grub_efi_status_t status; ++ grub_efi_pxe_ip_address_t server_ip; ++ grub_efi_uint64_t file_size = 0; ++ grub_efi_pxe_t *pxe = (prefer_ip6) ? dev->ip6_pxe : dev->ip4_pxe; ++ ++ if (pxe->mode->using_ipv6) ++ { ++ const char *rest; ++ grub_uint64_t ip6[2]; ++ if (parse_ip6 (file->device->net->server, ip6, &rest) && *rest == 0) ++ grub_memcpy (server_ip.v6.addr, ip6, sizeof (server_ip.v6.addr)); ++ /* TODO: ERROR Handling Here */ ++#if 0 ++ grub_printf ("PXE SERVER IP: %02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x\n", ++ server_ip.v6.addr[0], ++ server_ip.v6.addr[1], ++ server_ip.v6.addr[2], ++ server_ip.v6.addr[3], ++ server_ip.v6.addr[4], ++ server_ip.v6.addr[5], ++ server_ip.v6.addr[6], ++ server_ip.v6.addr[7], ++ server_ip.v6.addr[8], ++ server_ip.v6.addr[9], ++ server_ip.v6.addr[10], ++ server_ip.v6.addr[11], ++ server_ip.v6.addr[12], ++ server_ip.v6.addr[13], ++ server_ip.v6.addr[14], ++ server_ip.v6.addr[15]); ++#endif ++ } ++ else ++ { ++ for (i = 0, p = file->device->net->server; i < 4; ++i, ++p) ++ server_ip.v4.addr[i] = grub_strtoul (p, &p, 10); ++ } ++ ++ status = efi_call_10 (pxe->mtftp, ++ pxe, ++ GRUB_EFI_PXE_BASE_CODE_TFTP_GET_FILE_SIZE, ++ NULL, ++ 0, ++ &file_size, ++ NULL, ++ &server_ip, ++ (grub_efi_char8_t *)filename, ++ NULL, ++ 0); ++ ++ if (status != GRUB_EFI_SUCCESS) ++ return grub_error (GRUB_ERR_IO, "Couldn't get file size"); ++ ++ file->size = (grub_off_t)file_size; ++ file->not_easily_seekable = 0; ++ file->data = 0; ++ file->device->net->offset = 0; ++ ++ return GRUB_ERR_NONE; ++} ++ ++static grub_err_t ++pxe_close (struct grub_efi_net_device *dev __attribute__((unused)), ++ int prefer_ip6 __attribute__((unused)), ++ grub_file_t file __attribute__((unused))) ++{ ++ file->offset = 0; ++ file->size = 0; ++ file->device->net->offset = 0; ++ ++ if (file->data) ++ { ++ grub_free (file->data); ++ file->data = NULL; ++ } ++ ++ return GRUB_ERR_NONE; ++} ++ ++static grub_ssize_t ++pxe_read (struct grub_efi_net_device *dev, ++ int prefer_ip6, ++ grub_file_t file, ++ char *buf, ++ grub_size_t len) ++{ ++ int i; ++ char *p; ++ grub_efi_status_t status; ++ grub_efi_pxe_t *pxe = (prefer_ip6) ? dev->ip6_pxe : dev->ip4_pxe; ++ grub_efi_uint64_t bufsz = len; ++ grub_efi_pxe_ip_address_t server_ip; ++ char *buf2 = NULL; ++ ++ if (file->data) ++ { ++ /* TODO: RANGE Check for offset and file size */ ++ grub_memcpy (buf, (char*)file->data + file->device->net->offset, len); ++ file->device->net->offset += len; ++ return len; ++ } ++ ++ if (file->device->net->offset) ++ { ++ grub_error (GRUB_ERR_BUG, "No Offet Read Possible"); ++ grub_print_error (); ++ return 0; ++ } ++ ++ if (pxe->mode->using_ipv6) ++ { ++ const char *rest; ++ grub_uint64_t ip6[2]; ++ if (parse_ip6 (file->device->net->server, ip6, &rest) && *rest == 0) ++ grub_memcpy (server_ip.v6.addr, ip6, sizeof (server_ip.v6.addr)); ++ /* TODO: ERROR Handling Here */ ++ } ++ else ++ { ++ for (i = 0, p = file->device->net->server; i < 4; ++i, ++p) ++ server_ip.v4.addr[i] = grub_strtoul (p, &p, 10); ++ } ++ ++ status = efi_call_10 (pxe->mtftp, ++ pxe, ++ GRUB_EFI_PXE_BASE_CODE_TFTP_READ_FILE, ++ buf, ++ 0, ++ &bufsz, ++ NULL, ++ &server_ip, ++ (grub_efi_char8_t *)file->device->net->name, ++ NULL, ++ 0); ++ ++ if (bufsz != file->size) ++ { ++ grub_error (GRUB_ERR_BUG, "Short read should not happen here"); ++ grub_print_error (); ++ return 0; ++ } ++ ++ if (status == GRUB_EFI_BUFFER_TOO_SMALL) ++ { ++ ++ buf2 = grub_malloc (bufsz); ++ ++ if (!buf2) ++ { ++ grub_error (GRUB_ERR_OUT_OF_MEMORY, "ERROR OUT OF MEMORY"); ++ grub_print_error (); ++ return 0; ++ } ++ ++ status = efi_call_10 (pxe->mtftp, ++ pxe, ++ GRUB_EFI_PXE_BASE_CODE_TFTP_READ_FILE, ++ buf2, ++ 0, ++ &bufsz, ++ NULL, ++ &server_ip, ++ (grub_efi_char8_t *)file->device->net->name, ++ NULL, ++ 0); ++ } ++ ++ if (status != GRUB_EFI_SUCCESS) ++ { ++ if (buf2) ++ grub_free (buf2); ++ ++ grub_error (GRUB_ERR_IO, "Failed to Read File"); ++ grub_print_error (); ++ return 0; ++ } ++ ++ if (buf2) ++ grub_memcpy (buf, buf2, len); ++ ++ file->device->net->offset = len; ++ ++ if (buf2) ++ file->data = buf2; ++ ++ return len; ++} ++ ++struct grub_efi_net_io io_pxe = ++ { ++ .configure = pxe_configure, ++ .open = pxe_open, ++ .read = pxe_read, ++ .close = pxe_close ++ }; ++ +diff --git a/grub-core/net/net.c b/grub-core/net/net.c +index 191e8e41b..a571ee92e 100644 +--- a/grub-core/net/net.c ++++ b/grub-core/net/net.c +@@ -32,6 +32,9 @@ + #include + #include + #include ++#ifdef GRUB_MACHINE_EFI ++#include ++#endif + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -2025,8 +2028,49 @@ static grub_command_t cmd_addaddr, cmd_deladdr, cmd_addroute, cmd_delroute; + static grub_command_t cmd_lsroutes, cmd_lscards; + static grub_command_t cmd_lsaddr, cmd_slaac; + ++#ifdef GRUB_MACHINE_EFI ++ ++static enum { ++ INIT_MODE_NONE, ++ INIT_MODE_GRUB, ++ INIT_MODE_EFI ++} init_mode; ++ ++static grub_command_t cmd_bootp, cmd_bootp6; ++ ++#endif ++ + GRUB_MOD_INIT(net) + { ++#ifdef GRUB_MACHINE_EFI ++ if (grub_net_open) ++ return; ++ ++ if ((grub_efi_net_boot_from_https () || grub_efi_net_boot_from_opa ()) ++ && grub_efi_net_fs_init ()) ++ { ++ cmd_lsroutes = grub_register_command ("net_ls_routes", grub_efi_net_list_routes, ++ "", N_("list network routes")); ++ cmd_lscards = grub_register_command ("net_ls_cards", grub_efi_net_list_cards, ++ "", N_("list network cards")); ++ cmd_lsaddr = grub_register_command ("net_ls_addr", grub_efi_net_list_addrs, ++ "", N_("list network addresses")); ++ cmd_addaddr = grub_register_command ("net_add_addr", grub_efi_net_add_addr, ++ /* TRANSLATORS: HWADDRESS stands for ++ "hardware address". */ ++ N_("SHORTNAME CARD ADDRESS [HWADDRESS]"), ++ N_("Add a network address.")); ++ cmd_bootp = grub_register_command ("net_bootp", grub_efi_net_bootp, ++ N_("[CARD]"), ++ N_("perform a bootp autoconfiguration")); ++ cmd_bootp6 = grub_register_command ("net_bootp6", grub_efi_net_bootp6, ++ N_("[CARD]"), ++ N_("perform a bootp autoconfiguration")); ++ init_mode = INIT_MODE_EFI; ++ return; ++ } ++#endif ++ + grub_register_variable_hook ("net_default_server", defserver_get_env, + defserver_set_env); + grub_env_export ("net_default_server"); +@@ -2074,10 +2118,37 @@ GRUB_MOD_INIT(net) + grub_net_restore_hw, + GRUB_LOADER_PREBOOT_HOOK_PRIO_DISK); + grub_net_poll_cards_idle = grub_net_poll_cards_idle_real; ++ ++#ifdef GRUB_MACHINE_EFI ++ grub_env_set ("grub_netfs_type", "grub"); ++ grub_register_variable_hook ("grub_netfs_type", 0, grub_env_write_readonly); ++ grub_env_export ("grub_netfs_type"); ++ init_mode = INIT_MODE_GRUB; ++#endif ++ + } + + GRUB_MOD_FINI(net) + { ++ ++#ifdef GRUB_MACHINE_EFI ++ if (init_mode == INIT_MODE_NONE) ++ return; ++ ++ if (init_mode == INIT_MODE_EFI) ++ { ++ grub_unregister_command (cmd_lsroutes); ++ grub_unregister_command (cmd_lscards); ++ grub_unregister_command (cmd_lsaddr); ++ grub_unregister_command (cmd_addaddr); ++ grub_unregister_command (cmd_bootp); ++ grub_unregister_command (cmd_bootp6); ++ grub_efi_net_fs_fini (); ++ init_mode = INIT_MODE_NONE; ++ return; ++ } ++#endif ++ + grub_register_variable_hook ("net_default_server", 0, 0); + grub_register_variable_hook ("pxe_default_server", 0, 0); + +@@ -2096,4 +2167,7 @@ GRUB_MOD_FINI(net) + grub_net_fini_hw (0); + grub_loader_unregister_preboot_hook (fini_hnd); + grub_net_poll_cards_idle = grub_net_poll_cards_idle_real; ++#ifdef GRUB_MACHINE_EFI ++ init_mode = INIT_MODE_NONE; ++#endif + } +diff --git a/util/grub-mknetdir.c b/util/grub-mknetdir.c +index 82073d5cc..ae31271bb 100644 +--- a/util/grub-mknetdir.c ++++ b/util/grub-mknetdir.c +@@ -32,13 +32,15 @@ + + static char *rootdir = NULL, *subdir = NULL; + static char *debug_image = NULL; ++static char efi_netfs = 0; + + enum + { + OPTION_NET_DIRECTORY = 0x301, + OPTION_SUBDIR, + OPTION_DEBUG, +- OPTION_DEBUG_IMAGE ++ OPTION_DEBUG_IMAGE, ++ OPTION_DEBUG_EFI_NETFS + }; + + static struct argp_option options[] = { +@@ -49,6 +51,7 @@ static struct argp_option options[] = { + 0, N_("relative subdirectory on network server"), 2}, + {"debug", OPTION_DEBUG, 0, OPTION_HIDDEN, 0, 2}, + {"debug-image", OPTION_DEBUG_IMAGE, N_("STRING"), OPTION_HIDDEN, 0, 2}, ++ {"debug-efi-netfs", OPTION_DEBUG_EFI_NETFS, 0, OPTION_HIDDEN, 0, 2}, + {0, 0, 0, 0, 0, 0} + }; + +@@ -67,6 +70,9 @@ argp_parser (int key, char *arg, struct argp_state *state) + free (subdir); + subdir = xstrdup (arg); + return 0; ++ case OPTION_DEBUG_EFI_NETFS: ++ efi_netfs = 1; ++ return 0; + /* This is an undocumented feature... */ + case OPTION_DEBUG: + verbosity++; +@@ -82,7 +88,6 @@ argp_parser (int key, char *arg, struct argp_state *state) + } + } + +- + struct argp argp = { + options, argp_parser, NULL, + "\v"N_("Prepares GRUB network boot images at net_directory/subdir " +@@ -92,7 +97,7 @@ struct argp argp = { + + static char *base; + +-static const struct ++static struct + { + const char *mkimage_target; + const char *netmodule; +@@ -154,6 +159,7 @@ process_input_dir (const char *input_dir, enum grub_install_plat platform) + grub_install_push_module (targets[platform].netmodule); + + output = grub_util_path_concat_ext (2, grubdir, "core", targets[platform].ext); ++ + grub_install_make_image_wrap (input_dir, prefix, output, + 0, load_cfg, + targets[platform].mkimage_target, 0); +@@ -190,7 +196,16 @@ main (int argc, char *argv[]) + + grub_install_mkdir_p (base); + +- grub_install_push_module ("tftp"); ++ if (!efi_netfs) ++ { ++ grub_install_push_module ("tftp"); ++ grub_install_push_module ("http"); ++ } ++ else ++ { ++ targets[GRUB_INSTALL_PLATFORM_I386_EFI].netmodule = "efi_netfs"; ++ targets[GRUB_INSTALL_PLATFORM_X86_64_EFI].netmodule = "efi_netfs"; ++ } + + if (!grub_install_source_directory) + { +diff --git a/include/grub/efi/api.h b/include/grub/efi/api.h +index dd3b07eac..b337e1a19 100644 +--- a/include/grub/efi/api.h ++++ b/include/grub/efi/api.h +@@ -602,6 +602,23 @@ typedef union + + typedef grub_efi_uint64_t grub_efi_physical_address_t; + typedef grub_efi_uint64_t grub_efi_virtual_address_t; ++typedef struct { ++ grub_uint8_t addr[4]; ++} grub_efi_pxe_ipv4_address_t; ++ ++typedef struct { ++ grub_uint8_t addr[16]; ++} grub_efi_pxe_ipv6_address_t; ++ ++typedef struct { ++ grub_uint8_t addr[32]; ++} grub_efi_pxe_mac_address_t; ++ ++typedef union { ++ grub_uint32_t addr[4]; ++ grub_efi_pxe_ipv4_address_t v4; ++ grub_efi_pxe_ipv6_address_t v6; ++} grub_efi_pxe_ip_address_t; + + struct grub_efi_guid + { +@@ -865,6 +882,8 @@ struct grub_efi_ipv6_device_path + grub_efi_uint16_t remote_port; + grub_efi_uint16_t protocol; + grub_efi_uint8_t static_ip_address; ++ grub_efi_uint8_t prefix_length; ++ grub_efi_ipv6_address_t gateway_ip_address; + } GRUB_PACKED; + typedef struct grub_efi_ipv6_device_path grub_efi_ipv6_device_path_t; + +@@ -914,6 +933,15 @@ struct grub_efi_uri_device_path + } GRUB_PACKED; + typedef struct grub_efi_uri_device_path grub_efi_uri_device_path_t; + ++#define GRUB_EFI_DNS_DEVICE_PATH_SUBTYPE 31 ++struct grub_efi_dns_device_path ++{ ++ grub_efi_device_path_t header; ++ grub_efi_uint8_t is_ipv6; ++ grub_efi_pxe_ip_address_t dns_server_ip[0]; ++} GRUB_PACKED; ++typedef struct grub_efi_dns_device_path grub_efi_dns_device_path_t; ++ + #define GRUB_EFI_VENDOR_MESSAGING_DEVICE_PATH_SUBTYPE 10 + + /* Media Device Path. */ +@@ -996,6 +1024,23 @@ struct grub_efi_bios_device_path + } GRUB_PACKED; + typedef struct grub_efi_bios_device_path grub_efi_bios_device_path_t; + ++/* Service Binding definitions */ ++struct grub_efi_service_binding; ++ ++typedef grub_efi_status_t ++(*grub_efi_service_binding_create_child) (struct grub_efi_service_binding *this, ++ grub_efi_handle_t *child_handle); ++ ++typedef grub_efi_status_t ++(*grub_efi_service_binding_destroy_child) (struct grub_efi_service_binding *this, ++ grub_efi_handle_t *child_handle); ++ ++typedef struct grub_efi_service_binding ++{ ++ grub_efi_service_binding_create_child create_child; ++ grub_efi_service_binding_destroy_child destroy_child; ++} grub_efi_service_binding_t; ++ + struct grub_efi_open_protocol_information_entry + { + grub_efi_handle_t agent_handle; +@@ -1545,23 +1590,27 @@ typedef struct grub_efi_pxe_tftp_error + grub_efi_char8_t error_string[127]; + } grub_efi_pxe_tftp_error_t; + +-typedef struct { +- grub_uint8_t addr[4]; +-} grub_efi_pxe_ipv4_address_t; ++typedef grub_efi_uint16_t grub_efi_pxe_base_code_udp_port_t; + +-typedef struct { +- grub_uint8_t addr[16]; +-} grub_efi_pxe_ipv6_address_t; ++typedef enum { ++ GRUB_EFI_PXE_BASE_CODE_TFTP_FIRST, ++ GRUB_EFI_PXE_BASE_CODE_TFTP_GET_FILE_SIZE, ++ GRUB_EFI_PXE_BASE_CODE_TFTP_READ_FILE, ++ GRUB_EFI_PXE_BASE_CODE_TFTP_WRITE_FILE, ++ GRUB_EFI_PXE_BASE_CODE_TFTP_READ_DIRECTORY, ++ GRUB_EFI_PXE_BASE_CODE_MTFTP_GET_FILE_SIZE, ++ GRUB_EFI_PXE_BASE_CODE_MTFTP_READ_FILE, ++ GRUB_EFI_PXE_BASE_CODE_MTFTP_READ_DIRECTORY, ++ GRUB_EFI_PXE_BASE_CODE_MTFTP_LAST ++} grub_efi_pxe_base_code_tftp_opcode_t; + + typedef struct { +- grub_uint8_t addr[32]; +-} grub_efi_pxe_mac_address_t; +- +-typedef union { +- grub_uint32_t addr[4]; +- grub_efi_pxe_ipv4_address_t v4; +- grub_efi_pxe_ipv6_address_t v6; +-} grub_efi_pxe_ip_address_t; ++ grub_efi_ip_address_t mcast_ip; ++ grub_efi_pxe_base_code_udp_port_t c_port; ++ grub_efi_pxe_base_code_udp_port_t s_port; ++ grub_efi_uint16_t listen_timeout; ++ grub_efi_uint16_t transmit_timeout; ++} grub_efi_pxe_base_code_mtftp_info_t; + + #define GRUB_EFI_PXE_BASE_CODE_MAX_IPCNT 8 + typedef struct grub_efi_pxe_ip_filter +@@ -1628,17 +1677,31 @@ typedef struct grub_efi_pxe_mode + typedef struct grub_efi_pxe + { + grub_uint64_t rev; +- void (*start) (void); ++ grub_efi_status_t (*start) (struct grub_efi_pxe *this, grub_efi_boolean_t use_ipv6); + void (*stop) (void); +- void (*dhcp) (void); ++ grub_efi_status_t (*dhcp) (struct grub_efi_pxe *this, ++ grub_efi_boolean_t sort_offers); + void (*discover) (void); +- void (*mftp) (void); ++ grub_efi_status_t (*mtftp) (struct grub_efi_pxe *this, ++ grub_efi_pxe_base_code_tftp_opcode_t operation, ++ void *buffer_ptr, ++ grub_efi_boolean_t overwrite, ++ grub_efi_uint64_t *buffer_size, ++ grub_efi_uintn_t *block_size, ++ grub_efi_pxe_ip_address_t *server_ip, ++ //grub_efi_ip_address_t *server_ip, ++ grub_efi_char8_t *filename, ++ grub_efi_pxe_base_code_mtftp_info_t *info, ++ grub_efi_boolean_t dont_use_buffer); + void (*udpwrite) (void); + void (*udpread) (void); + void (*setipfilter) (void); + void (*arp) (void); + void (*setparams) (void); +- void (*setstationip) (void); ++ grub_efi_status_t (*set_station_ip) (struct grub_efi_pxe *this, ++ grub_efi_pxe_ip_address_t *new_station_ip, ++ grub_efi_pxe_ip_address_t *new_subnet_mask); ++ //void (*setstationip) (void); + void (*setpackets) (void); + struct grub_efi_pxe_mode *mode; + } grub_efi_pxe_t; +@@ -1880,6 +1943,44 @@ struct grub_efi_ip4_config2_protocol + }; + typedef struct grub_efi_ip4_config2_protocol grub_efi_ip4_config2_protocol_t; + ++struct grub_efi_ip4_route_table { ++ grub_efi_ipv4_address_t subnet_address; ++ grub_efi_ipv4_address_t subnet_mask; ++ grub_efi_ipv4_address_t gateway_address; ++}; ++ ++typedef struct grub_efi_ip4_route_table grub_efi_ip4_route_table_t; ++ ++#define GRUB_EFI_IP4_CONFIG2_INTERFACE_INFO_NAME_SIZE 32 ++ ++struct grub_efi_ip4_config2_interface_info { ++ grub_efi_char16_t name[GRUB_EFI_IP4_CONFIG2_INTERFACE_INFO_NAME_SIZE]; ++ grub_efi_uint8_t if_type; ++ grub_efi_uint32_t hw_address_size; ++ grub_efi_mac_address_t hw_address; ++ grub_efi_ipv4_address_t station_address; ++ grub_efi_ipv4_address_t subnet_mask; ++ grub_efi_uint32_t route_table_size; ++ grub_efi_ip4_route_table_t *route_table; ++}; ++ ++typedef struct grub_efi_ip4_config2_interface_info grub_efi_ip4_config2_interface_info_t; ++ ++enum grub_efi_ip4_config2_policy { ++ GRUB_EFI_IP4_CONFIG2_POLICY_STATIC, ++ GRUB_EFI_IP4_CONFIG2_POLICY_DHCP, ++ GRUB_EFI_IP4_CONFIG2_POLICY_MAX ++}; ++ ++typedef enum grub_efi_ip4_config2_policy grub_efi_ip4_config2_policy_t; ++ ++struct grub_efi_ip4_config2_manual_address { ++ grub_efi_ipv4_address_t address; ++ grub_efi_ipv4_address_t subnet_mask; ++}; ++ ++typedef struct grub_efi_ip4_config2_manual_address grub_efi_ip4_config2_manual_address_t; ++ + enum grub_efi_ip6_config_data_type { + GRUB_EFI_IP6_CONFIG_DATA_TYPE_INTERFACEINFO, + GRUB_EFI_IP6_CONFIG_DATA_TYPE_ALT_INTERFACEID, +@@ -1914,6 +2015,49 @@ struct grub_efi_ip6_config_protocol + }; + typedef struct grub_efi_ip6_config_protocol grub_efi_ip6_config_protocol_t; + ++enum grub_efi_ip6_config_policy { ++ GRUB_EFI_IP6_CONFIG_POLICY_MANUAL, ++ GRUB_EFI_IP6_CONFIG_POLICY_AUTOMATIC ++}; ++typedef enum grub_efi_ip6_config_policy grub_efi_ip6_config_policy_t; ++ ++struct grub_efi_ip6_address_info { ++ grub_efi_ipv6_address_t address; ++ grub_efi_uint8_t prefix_length; ++}; ++typedef struct grub_efi_ip6_address_info grub_efi_ip6_address_info_t; ++ ++struct grub_efi_ip6_route_table { ++ grub_efi_pxe_ipv6_address_t gateway; ++ grub_efi_pxe_ipv6_address_t destination; ++ grub_efi_uint8_t prefix_length; ++}; ++typedef struct grub_efi_ip6_route_table grub_efi_ip6_route_table_t; ++ ++struct grub_efi_ip6_config_interface_info { ++ grub_efi_char16_t name[32]; ++ grub_efi_uint8_t if_type; ++ grub_efi_uint32_t hw_address_size; ++ grub_efi_mac_address_t hw_address; ++ grub_efi_uint32_t address_info_count; ++ grub_efi_ip6_address_info_t *address_info; ++ grub_efi_uint32_t route_count; ++ grub_efi_ip6_route_table_t *route_table; ++}; ++typedef struct grub_efi_ip6_config_interface_info grub_efi_ip6_config_interface_info_t; ++ ++struct grub_efi_ip6_config_dup_addr_detect_transmits { ++ grub_efi_uint32_t dup_addr_detect_transmits; ++}; ++typedef struct grub_efi_ip6_config_dup_addr_detect_transmits grub_efi_ip6_config_dup_addr_detect_transmits_t; ++ ++struct grub_efi_ip6_config_manual_address { ++ grub_efi_ipv6_address_t address; ++ grub_efi_boolean_t is_anycast; ++ grub_efi_uint8_t prefix_length; ++}; ++typedef struct grub_efi_ip6_config_manual_address grub_efi_ip6_config_manual_address_t; ++ + #if (GRUB_TARGET_SIZEOF_VOID_P == 4) || defined (__ia64__) \ + || defined (__aarch64__) || defined (__MINGW64__) || defined (__CYGWIN__) + +diff --git a/include/grub/efi/dhcp.h b/include/grub/efi/dhcp.h +new file mode 100644 +index 000000000..fdb88eb81 +--- /dev/null ++++ b/include/grub/efi/dhcp.h +@@ -0,0 +1,343 @@ ++#ifndef GRUB_EFI_DHCP_HEADER ++#define GRUB_EFI_DHCP_HEADER 1 ++ ++#define GRUB_EFI_DHCP4_SERVICE_BINDING_PROTOCOL_GUID \ ++ { 0x9d9a39d8, 0xbd42, 0x4a73, \ ++ { 0xa4, 0xd5, 0x8e, 0xe9, 0x4b, 0xe1, 0x13, 0x80 } \ ++ } ++ ++#define GRUB_EFI_DHCP4_PROTOCOL_GUID \ ++ { 0x8a219718, 0x4ef5, 0x4761, \ ++ { 0x91, 0xc8, 0xc0, 0xf0, 0x4b, 0xda, 0x9e, 0x56 } \ ++ } ++ ++#define GRUB_EFI_DHCP6_SERVICE_BINDING_PROTOCOL_GUID \ ++ { 0x9fb9a8a1, 0x2f4a, 0x43a6, \ ++ { 0x88, 0x9c, 0xd0, 0xf7, 0xb6, 0xc4 ,0x7a, 0xd5 } \ ++ } ++ ++#define GRUB_EFI_DHCP6_PROTOCOL_GUID \ ++ { 0x87c8bad7, 0x595, 0x4053, \ ++ { 0x82, 0x97, 0xde, 0xde, 0x39, 0x5f, 0x5d, 0x5b } \ ++ } ++ ++typedef struct grub_efi_dhcp4_protocol grub_efi_dhcp4_protocol_t; ++ ++enum grub_efi_dhcp4_state { ++ GRUB_EFI_DHCP4_STOPPED, ++ GRUB_EFI_DHCP4_INIT, ++ GRUB_EFI_DHCP4_SELECTING, ++ GRUB_EFI_DHCP4_REQUESTING, ++ GRUB_EFI_DHCP4_BOUND, ++ GRUB_EFI_DHCP4_RENEWING, ++ GRUB_EFI_DHCP4_REBINDING, ++ GRUB_EFI_DHCP4_INIT_REBOOT, ++ GRUB_EFI_DHCP4_REBOOTING ++}; ++ ++typedef enum grub_efi_dhcp4_state grub_efi_dhcp4_state_t; ++ ++struct grub_efi_dhcp4_header { ++ grub_efi_uint8_t op_code; ++ grub_efi_uint8_t hw_type; ++ grub_efi_uint8_t hw_addr_len; ++ grub_efi_uint8_t hops; ++ grub_efi_uint32_t xid; ++ grub_efi_uint16_t seconds; ++ grub_efi_uint16_t reserved; ++ grub_efi_ipv4_address_t client_addr; ++ grub_efi_ipv4_address_t your_addr; ++ grub_efi_ipv4_address_t server_addr; ++ grub_efi_ipv4_address_t gateway_addr; ++ grub_efi_uint8_t client_hw_addr[16]; ++ grub_efi_char8_t server_name[64]; ++ grub_efi_char8_t boot_file_name[128]; ++} GRUB_PACKED; ++ ++typedef struct grub_efi_dhcp4_header grub_efi_dhcp4_header_t; ++ ++struct grub_efi_dhcp4_packet { ++ grub_efi_uint32_t size; ++ grub_efi_uint32_t length; ++ struct { ++ grub_efi_dhcp4_header_t header; ++ grub_efi_uint32_t magik; ++ grub_efi_uint8_t option[1]; ++ } dhcp4; ++} GRUB_PACKED; ++ ++typedef struct grub_efi_dhcp4_packet grub_efi_dhcp4_packet_t; ++ ++struct grub_efi_dhcp4_listen_point { ++ grub_efi_ipv4_address_t listen_address; ++ grub_efi_ipv4_address_t subnet_mask; ++ grub_efi_uint16_t listen_port; ++}; ++ ++typedef struct grub_efi_dhcp4_listen_point grub_efi_dhcp4_listen_point_t; ++ ++struct grub_efi_dhcp4_transmit_receive_token { ++ grub_efi_status_t status; ++ grub_efi_event_t completion_event; ++ grub_efi_ipv4_address_t remote_address; ++ grub_efi_uint16_t remote_port; ++ grub_efi_ipv4_address_t gateway_address; ++ grub_efi_uint32_t listen_point_count; ++ grub_efi_dhcp4_listen_point_t *listen_points; ++ grub_efi_uint32_t timeout_value; ++ grub_efi_dhcp4_packet_t *packet; ++ grub_efi_uint32_t response_count; ++ grub_efi_dhcp4_packet_t *response_list; ++}; ++ ++typedef struct grub_efi_dhcp4_transmit_receive_token grub_efi_dhcp4_transmit_receive_token_t; ++ ++enum grub_efi_dhcp4_event { ++ GRUB_EFI_DHCP4_SEND_DISCOVER = 0X01, ++ GRUB_EFI_DHCP4_RCVD_OFFER, ++ GRUB_EFI_DHCP4_SELECT_OFFER, ++ GRUB_EFI_DHCP4_SEND_REQUEST, ++ GRUB_EFI_DHCP4_RCVD_ACK, ++ GRUB_EFI_DHCP4_RCVD_NAK, ++ GRUB_EFI_DHCP4_SEND_DECLINE, ++ GRUB_EFI_DHCP4_BOUND_COMPLETED, ++ GRUB_EFI_DHCP4_ENTER_RENEWING, ++ GRUB_EFI_DHCP4_ENTER_REBINDING, ++ GRUB_EFI_DHCP4_ADDRESS_LOST, ++ GRUB_EFI_DHCP4_FAIL ++}; ++ ++typedef enum grub_efi_dhcp4_event grub_efi_dhcp4_event_t; ++ ++struct grub_efi_dhcp4_packet_option { ++ grub_efi_uint8_t op_code; ++ grub_efi_uint8_t length; ++ grub_efi_uint8_t data[1]; ++} GRUB_PACKED; ++ ++typedef struct grub_efi_dhcp4_packet_option grub_efi_dhcp4_packet_option_t; ++ ++struct grub_efi_dhcp4_config_data { ++ grub_efi_uint32_t discover_try_count; ++ grub_efi_uint32_t *discover_timeout; ++ grub_efi_uint32_t request_try_count; ++ grub_efi_uint32_t *request_timeout; ++ grub_efi_ipv4_address_t client_address; ++ grub_efi_status_t (*dhcp4_callback) ( ++ grub_efi_dhcp4_protocol_t *this, ++ void *context, ++ grub_efi_dhcp4_state_t current_state, ++ grub_efi_dhcp4_event_t dhcp4_event, ++ grub_efi_dhcp4_packet_t *packet, ++ grub_efi_dhcp4_packet_t **new_packet ++ ); ++ void *callback_context; ++ grub_efi_uint32_t option_count; ++ grub_efi_dhcp4_packet_option_t **option_list; ++}; ++ ++typedef struct grub_efi_dhcp4_config_data grub_efi_dhcp4_config_data_t; ++ ++struct grub_efi_dhcp4_mode_data { ++ grub_efi_dhcp4_state_t state; ++ grub_efi_dhcp4_config_data_t config_data; ++ grub_efi_ipv4_address_t client_address; ++ grub_efi_mac_address_t client_mac_address; ++ grub_efi_ipv4_address_t server_address; ++ grub_efi_ipv4_address_t router_address; ++ grub_efi_ipv4_address_t subnet_mask; ++ grub_efi_uint32_t lease_time; ++ grub_efi_dhcp4_packet_t *reply_packet; ++}; ++ ++typedef struct grub_efi_dhcp4_mode_data grub_efi_dhcp4_mode_data_t; ++ ++struct grub_efi_dhcp4_protocol { ++ grub_efi_status_t (*get_mode_data) (grub_efi_dhcp4_protocol_t *this, ++ grub_efi_dhcp4_mode_data_t *dhcp4_mode_data); ++ grub_efi_status_t (*configure) (grub_efi_dhcp4_protocol_t *this, ++ grub_efi_dhcp4_config_data_t *dhcp4_cfg_data); ++ grub_efi_status_t (*start) (grub_efi_dhcp4_protocol_t *this, ++ grub_efi_event_t completion_event); ++ grub_efi_status_t (*renew_rebind) (grub_efi_dhcp4_protocol_t *this, ++ grub_efi_boolean_t rebind_request, ++ grub_efi_event_t completion_event); ++ grub_efi_status_t (*release) (grub_efi_dhcp4_protocol_t *this); ++ grub_efi_status_t (*stop) (grub_efi_dhcp4_protocol_t *this); ++ grub_efi_status_t (*build) (grub_efi_dhcp4_protocol_t *this, ++ grub_efi_dhcp4_packet_t *seed_packet, ++ grub_efi_uint32_t delete_count, ++ grub_efi_uint8_t *delete_list, ++ grub_efi_uint32_t append_count, ++ grub_efi_dhcp4_packet_option_t *append_list[], ++ grub_efi_dhcp4_packet_t **new_packet); ++ grub_efi_status_t (*transmit_receive) (grub_efi_dhcp4_protocol_t *this, ++ grub_efi_dhcp4_transmit_receive_token_t *token); ++ grub_efi_status_t (*parse) (grub_efi_dhcp4_protocol_t *this, ++ grub_efi_dhcp4_packet_t *packet, ++ grub_efi_uint32_t *option_count, ++ grub_efi_dhcp4_packet_option_t *packet_option_list[]); ++}; ++ ++typedef struct grub_efi_dhcp6_protocol grub_efi_dhcp6_protocol_t; ++ ++struct grub_efi_dhcp6_retransmission { ++ grub_efi_uint32_t irt; ++ grub_efi_uint32_t mrc; ++ grub_efi_uint32_t mrt; ++ grub_efi_uint32_t mrd; ++}; ++ ++typedef struct grub_efi_dhcp6_retransmission grub_efi_dhcp6_retransmission_t; ++ ++enum grub_efi_dhcp6_event { ++ GRUB_EFI_DHCP6_SEND_SOLICIT, ++ GRUB_EFI_DHCP6_RCVD_ADVERTISE, ++ GRUB_EFI_DHCP6_SELECT_ADVERTISE, ++ GRUB_EFI_DHCP6_SEND_REQUEST, ++ GRUB_EFI_DHCP6_RCVD_REPLY, ++ GRUB_EFI_DHCP6_RCVD_RECONFIGURE, ++ GRUB_EFI_DHCP6_SEND_DECLINE, ++ GRUB_EFI_DHCP6_SEND_CONFIRM, ++ GRUB_EFI_DHCP6_SEND_RELEASE, ++ GRUB_EFI_DHCP6_SEND_RENEW, ++ GRUB_EFI_DHCP6_SEND_REBIND ++}; ++ ++typedef enum grub_efi_dhcp6_event grub_efi_dhcp6_event_t; ++ ++struct grub_efi_dhcp6_packet_option { ++ grub_efi_uint16_t op_code; ++ grub_efi_uint16_t op_len; ++ grub_efi_uint8_t data[1]; ++} GRUB_PACKED; ++ ++typedef struct grub_efi_dhcp6_packet_option grub_efi_dhcp6_packet_option_t; ++ ++struct grub_efi_dhcp6_header { ++ grub_efi_uint32_t transaction_id:24; ++ grub_efi_uint32_t message_type:8; ++} GRUB_PACKED; ++ ++typedef struct grub_efi_dhcp6_header grub_efi_dhcp6_header_t; ++ ++struct grub_efi_dhcp6_packet { ++ grub_efi_uint32_t size; ++ grub_efi_uint32_t length; ++ struct { ++ grub_efi_dhcp6_header_t header; ++ grub_efi_uint8_t option[1]; ++ } dhcp6; ++} GRUB_PACKED; ++ ++typedef struct grub_efi_dhcp6_packet grub_efi_dhcp6_packet_t; ++ ++struct grub_efi_dhcp6_ia_address { ++ grub_efi_ipv6_address_t ip_address; ++ grub_efi_uint32_t preferred_lifetime; ++ grub_efi_uint32_t valid_lifetime; ++}; ++ ++typedef struct grub_efi_dhcp6_ia_address grub_efi_dhcp6_ia_address_t; ++ ++enum grub_efi_dhcp6_state { ++ GRUB_EFI_DHCP6_INIT, ++ GRUB_EFI_DHCP6_SELECTING, ++ GRUB_EFI_DHCP6_REQUESTING, ++ GRUB_EFI_DHCP6_DECLINING, ++ GRUB_EFI_DHCP6_CONFIRMING, ++ GRUB_EFI_DHCP6_RELEASING, ++ GRUB_EFI_DHCP6_BOUND, ++ GRUB_EFI_DHCP6_RENEWING, ++ GRUB_EFI_DHCP6_REBINDING ++}; ++ ++typedef enum grub_efi_dhcp6_state grub_efi_dhcp6_state_t; ++ ++#define GRUB_EFI_DHCP6_IA_TYPE_NA 3 ++#define GRUB_EFI_DHCP6_IA_TYPE_TA 4 ++ ++struct grub_efi_dhcp6_ia_descriptor { ++ grub_efi_uint16_t type; ++ grub_efi_uint32_t ia_id; ++}; ++ ++typedef struct grub_efi_dhcp6_ia_descriptor grub_efi_dhcp6_ia_descriptor_t; ++ ++struct grub_efi_dhcp6_ia { ++ grub_efi_dhcp6_ia_descriptor_t descriptor; ++ grub_efi_dhcp6_state_t state; ++ grub_efi_dhcp6_packet_t *reply_packet; ++ grub_efi_uint32_t ia_address_count; ++ grub_efi_dhcp6_ia_address_t ia_address[1]; ++}; ++ ++typedef struct grub_efi_dhcp6_ia grub_efi_dhcp6_ia_t; ++ ++struct grub_efi_dhcp6_duid { ++ grub_efi_uint16_t length; ++ grub_efi_uint8_t duid[1]; ++}; ++ ++typedef struct grub_efi_dhcp6_duid grub_efi_dhcp6_duid_t; ++ ++struct grub_efi_dhcp6_mode_data { ++ grub_efi_dhcp6_duid_t *client_id; ++ grub_efi_dhcp6_ia_t *ia; ++}; ++ ++typedef struct grub_efi_dhcp6_mode_data grub_efi_dhcp6_mode_data_t; ++ ++struct grub_efi_dhcp6_config_data { ++ grub_efi_status_t (*dhcp6_callback) (grub_efi_dhcp6_protocol_t this, ++ void *context, ++ grub_efi_dhcp6_state_t current_state, ++ grub_efi_dhcp6_event_t dhcp6_event, ++ grub_efi_dhcp6_packet_t *packet, ++ grub_efi_dhcp6_packet_t **new_packet); ++ void *callback_context; ++ grub_efi_uint32_t option_count; ++ grub_efi_dhcp6_packet_option_t **option_list; ++ grub_efi_dhcp6_ia_descriptor_t ia_descriptor; ++ grub_efi_event_t ia_info_event; ++ grub_efi_boolean_t reconfigure_accept; ++ grub_efi_boolean_t rapid_commit; ++ grub_efi_dhcp6_retransmission_t *solicit_retransmission; ++}; ++ ++typedef struct grub_efi_dhcp6_config_data grub_efi_dhcp6_config_data_t; ++ ++struct grub_efi_dhcp6_protocol { ++ grub_efi_status_t (*get_mode_data) (grub_efi_dhcp6_protocol_t *this, ++ grub_efi_dhcp6_mode_data_t *dhcp6_mode_data, ++ grub_efi_dhcp6_config_data_t *dhcp6_config_data); ++ grub_efi_status_t (*configure) (grub_efi_dhcp6_protocol_t *this, ++ grub_efi_dhcp6_config_data_t *dhcp6_cfg_data); ++ grub_efi_status_t (*start) (grub_efi_dhcp6_protocol_t *this); ++ grub_efi_status_t (*info_request) (grub_efi_dhcp6_protocol_t *this, ++ grub_efi_boolean_t send_client_id, ++ grub_efi_dhcp6_packet_option_t *option_request, ++ grub_efi_uint32_t option_count, ++ grub_efi_dhcp6_packet_option_t *option_list[], ++ grub_efi_dhcp6_retransmission_t *retransmission, ++ grub_efi_event_t timeout_event, ++ grub_efi_status_t (*reply_callback) (grub_efi_dhcp6_protocol_t *this, ++ void *context, ++ grub_efi_dhcp6_packet_t *packet), ++ void *callback_context); ++ grub_efi_status_t (*renew_rebind) (grub_efi_dhcp6_protocol_t *this, ++ grub_efi_boolean_t rebind_request); ++ grub_efi_status_t (*decline) (grub_efi_dhcp6_protocol_t *this, ++ grub_efi_uint32_t address_count, ++ grub_efi_ipv6_address_t *addresses); ++ grub_efi_status_t (*release) (grub_efi_dhcp6_protocol_t *this, ++ grub_efi_uint32_t address_count, ++ grub_efi_ipv6_address_t *addresses); ++ grub_efi_status_t (*stop) (grub_efi_dhcp6_protocol_t *this); ++ grub_efi_status_t (*parse) (grub_efi_dhcp6_protocol_t *this, ++ grub_efi_dhcp6_packet_t *packet, ++ grub_efi_uint32_t *option_count, ++ grub_efi_dhcp6_packet_option_t *packet_option_list[]); ++}; ++ ++#endif /* ! GRUB_EFI_DHCP_HEADER */ +diff --git a/include/grub/efi/http.h b/include/grub/efi/http.h +new file mode 100644 +index 000000000..c5e9a89f5 +--- /dev/null ++++ b/include/grub/efi/http.h +@@ -0,0 +1,215 @@ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2006,2007,2008 Free Software Foundation, Inc. ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ */ ++ ++#ifndef GRUB_EFI_HTTP_HEADER ++#define GRUB_EFI_HTTP_HEADER 1 ++ ++#include ++#include ++#include ++ ++#define GRUB_EFI_HTTP_SERVICE_BINDING_PROTOCOL_GUID \ ++ { 0xbdc8e6af, 0xd9bc, 0x4379, \ ++ { 0xa7, 0x2a, 0xe0, 0xc4, 0xe7, 0x5d, 0xae, 0x1c } \ ++ } ++ ++#define GRUB_EFI_HTTP_PROTOCOL_GUID \ ++ { 0x7A59B29B, 0x910B, 0x4171, \ ++ { 0x82, 0x42, 0xA8, 0x5A, 0x0D, 0xF2, 0x5B, 0x5B } \ ++ } ++ ++#define EFIHTTP_WAIT_TIME 10000 // 10000ms = 10s ++#define EFIHTTP_RX_BUF_LEN 10240 ++ ++//****************************************** ++// Protocol Interface Structure ++//****************************************** ++struct grub_efi_http; ++ ++//****************************************** ++// EFI_HTTP_VERSION ++//****************************************** ++typedef enum { ++ GRUB_EFI_HTTPVERSION10, ++ GRUB_EFI_HTTPVERSION11, ++ GRUB_EFI_HTTPVERSIONUNSUPPORTED ++} grub_efi_http_version_t; ++ ++//****************************************** ++// EFI_HTTPv4_ACCESS_POINT ++//****************************************** ++typedef struct { ++ grub_efi_boolean_t use_default_address; ++ grub_efi_ipv4_address_t local_address; ++ grub_efi_ipv4_address_t local_subnet; ++ grub_efi_uint16_t local_port; ++} grub_efi_httpv4_access_point_t; ++ ++//****************************************** ++// EFI_HTTPv6_ACCESS_POINT ++//****************************************** ++typedef struct { ++ grub_efi_ipv6_address_t local_address; ++ grub_efi_uint16_t local_port; ++} grub_efi_httpv6_access_point_t; ++ ++//****************************************** ++// EFI_HTTP_CONFIG_DATA ++//****************************************** ++typedef struct { ++ grub_efi_http_version_t http_version; ++ grub_efi_uint32_t timeout_millisec; ++ grub_efi_boolean_t local_address_is_ipv6; ++ union { ++ grub_efi_httpv4_access_point_t *ipv4_node; ++ grub_efi_httpv6_access_point_t *ipv6_node; ++ } access_point; ++} grub_efi_http_config_data_t; ++ ++//****************************************** ++// EFI_HTTP_METHOD ++//****************************************** ++typedef enum { ++ GRUB_EFI_HTTPMETHODGET, ++ GRUB_EFI_HTTPMETHODPOST, ++ GRUB_EFI_HTTPMETHODPATCH, ++ GRUB_EFI_HTTPMETHODOPTIONS, ++ GRUB_EFI_HTTPMETHODCONNECT, ++ GRUB_EFI_HTTPMETHODHEAD, ++ GRUB_EFI_HTTPMETHODPUT, ++ GRUB_EFI_HTTPMETHODDELETE, ++ GRUB_EFI_HTTPMETHODTRACE, ++} grub_efi_http_method_t; ++ ++//****************************************** ++// EFI_HTTP_REQUEST_DATA ++//****************************************** ++typedef struct { ++ grub_efi_http_method_t method; ++ grub_efi_char16_t *url; ++} grub_efi_http_request_data_t; ++ ++typedef enum { ++ GRUB_EFI_HTTP_STATUS_UNSUPPORTED_STATUS = 0, ++ GRUB_EFI_HTTP_STATUS_100_CONTINUE, ++ GRUB_EFI_HTTP_STATUS_101_SWITCHING_PROTOCOLS, ++ GRUB_EFI_HTTP_STATUS_200_OK, ++ GRUB_EFI_HTTP_STATUS_201_CREATED, ++ GRUB_EFI_HTTP_STATUS_202_ACCEPTED, ++ GRUB_EFI_HTTP_STATUS_203_NON_AUTHORITATIVE_INFORMATION, ++ GRUB_EFI_HTTP_STATUS_204_NO_CONTENT, ++ GRUB_EFI_HTTP_STATUS_205_RESET_CONTENT, ++ GRUB_EFI_HTTP_STATUS_206_PARTIAL_CONTENT, ++ GRUB_EFI_HTTP_STATUS_300_MULTIPLE_CHIOCES, ++ GRUB_EFI_HTTP_STATUS_301_MOVED_PERMANENTLY, ++ GRUB_EFI_HTTP_STATUS_302_FOUND, ++ GRUB_EFI_HTTP_STATUS_303_SEE_OTHER, ++ GRUB_EFI_HTTP_STATUS_304_NOT_MODIFIED, ++ GRUB_EFI_HTTP_STATUS_305_USE_PROXY, ++ GRUB_EFI_HTTP_STATUS_307_TEMPORARY_REDIRECT, ++ GRUB_EFI_HTTP_STATUS_400_BAD_REQUEST, ++ GRUB_EFI_HTTP_STATUS_401_UNAUTHORIZED, ++ GRUB_EFI_HTTP_STATUS_402_PAYMENT_REQUIRED, ++ GRUB_EFI_HTTP_STATUS_403_FORBIDDEN, ++ GRUB_EFI_HTTP_STATUS_404_NOT_FOUND, ++ GRUB_EFI_HTTP_STATUS_405_METHOD_NOT_ALLOWED, ++ GRUB_EFI_HTTP_STATUS_406_NOT_ACCEPTABLE, ++ GRUB_EFI_HTTP_STATUS_407_PROXY_AUTHENTICATION_REQUIRED, ++ GRUB_EFI_HTTP_STATUS_408_REQUEST_TIME_OUT, ++ GRUB_EFI_HTTP_STATUS_409_CONFLICT, ++ GRUB_EFI_HTTP_STATUS_410_GONE, ++ GRUB_EFI_HTTP_STATUS_411_LENGTH_REQUIRED, ++ GRUB_EFI_HTTP_STATUS_412_PRECONDITION_FAILED, ++ GRUB_EFI_HTTP_STATUS_413_REQUEST_ENTITY_TOO_LARGE, ++ GRUB_EFI_HTTP_STATUS_414_REQUEST_URI_TOO_LARGE, ++ GRUB_EFI_HTTP_STATUS_415_UNSUPPORTED_MEDIA_TYPE, ++ GRUB_EFI_HTTP_STATUS_416_REQUESTED_RANGE_NOT_SATISFIED, ++ GRUB_EFI_HTTP_STATUS_417_EXPECTATION_FAILED, ++ GRUB_EFI_HTTP_STATUS_500_INTERNAL_SERVER_ERROR, ++ GRUB_EFI_HTTP_STATUS_501_NOT_IMPLEMENTED, ++ GRUB_EFI_HTTP_STATUS_502_BAD_GATEWAY, ++ GRUB_EFI_HTTP_STATUS_503_SERVICE_UNAVAILABLE, ++ GRUB_EFI_HTTP_STATUS_504_GATEWAY_TIME_OUT, ++ GRUB_EFI_HTTP_STATUS_505_HTTP_VERSION_NOT_SUPPORTED ++} grub_efi_http_status_code_t; ++ ++//****************************************** ++// EFI_HTTP_RESPONSE_DATA ++//****************************************** ++typedef struct { ++ grub_efi_http_status_code_t status_code; ++} grub_efi_http_response_data_t; ++ ++//****************************************** ++// EFI_HTTP_HEADER ++//****************************************** ++typedef struct { ++ grub_efi_char8_t *field_name; ++ grub_efi_char8_t *field_value; ++} grub_efi_http_header_t; ++ ++//****************************************** ++// EFI_HTTP_MESSAGE ++//****************************************** ++typedef struct { ++ union { ++ grub_efi_http_request_data_t *request; ++ grub_efi_http_response_data_t *response; ++ } data; ++ grub_efi_uint32_t header_count; ++ grub_efi_http_header_t *headers; ++ grub_efi_uint32_t body_length; ++ void *body; ++} grub_efi_http_message_t; ++ ++//****************************************** ++// EFI_HTTP_TOKEN ++//****************************************** ++typedef struct { ++ grub_efi_event_t event; ++ grub_efi_status_t status; ++ grub_efi_http_message_t *message; ++} grub_efi_http_token_t; ++ ++struct grub_efi_http { ++ grub_efi_status_t ++ (*get_mode_data) (struct grub_efi_http *this, ++ grub_efi_http_config_data_t *http_config_data); ++ ++ grub_efi_status_t ++ (*configure) (struct grub_efi_http *this, ++ grub_efi_http_config_data_t *http_config_data); ++ ++ grub_efi_status_t ++ (*request) (struct grub_efi_http *this, ++ grub_efi_http_token_t *token); ++ ++ grub_efi_status_t ++ (*cancel) (struct grub_efi_http *this, ++ grub_efi_http_token_t *token); ++ ++ grub_efi_status_t ++ (*response) (struct grub_efi_http *this, ++ grub_efi_http_token_t *token); ++ ++ grub_efi_status_t ++ (*poll) (struct grub_efi_http *this); ++}; ++typedef struct grub_efi_http grub_efi_http_t; ++ ++#endif /* !GRUB_EFI_HTTP_HEADER */ +diff --git a/include/grub/net/efi.h b/include/grub/net/efi.h +new file mode 100644 +index 000000000..de90d223e +--- /dev/null ++++ b/include/grub/net/efi.h +@@ -0,0 +1,144 @@ ++#ifndef GRUB_NET_EFI_HEADER ++#define GRUB_NET_EFI_HEADER 1 ++ ++#include ++#include ++#include ++#include ++ ++typedef struct grub_efi_net_interface grub_efi_net_interface_t; ++typedef struct grub_efi_net_ip_config grub_efi_net_ip_config_t; ++typedef union grub_efi_net_ip_address grub_efi_net_ip_address_t; ++typedef struct grub_efi_net_ip_manual_address grub_efi_net_ip_manual_address_t; ++ ++struct grub_efi_net_interface ++{ ++ char *name; ++ int prefer_ip6; ++ struct grub_efi_net_device *dev; ++ struct grub_efi_net_io *io; ++ grub_efi_net_ip_config_t *ip_config; ++ int io_type; ++ struct grub_efi_net_interface *next; ++}; ++ ++#define efi_net_interface_get_hw_address(inf) inf->ip_config->get_hw_address (inf->dev) ++#define efi_net_interface_get_address(inf) inf->ip_config->get_address (inf->dev) ++#define efi_net_interface_get_route_table(inf) inf->ip_config->get_route_table (inf->dev) ++#define efi_net_interface_set_address(inf, addr, with_subnet) inf->ip_config->set_address (inf->dev, addr, with_subnet) ++#define efi_net_interface_set_gateway(inf, addr) inf->ip_config->set_gateway (inf->dev, addr) ++#define efi_net_interface_set_dns(inf, addr) inf->ip_config->set_dns (inf->dev, addr) ++ ++struct grub_efi_net_ip_config ++{ ++ char * (*get_hw_address) (struct grub_efi_net_device *dev); ++ char * (*get_address) (struct grub_efi_net_device *dev); ++ char ** (*get_route_table) (struct grub_efi_net_device *dev); ++ grub_efi_net_interface_t * (*best_interface) (struct grub_efi_net_device *dev, grub_efi_net_ip_address_t *address); ++ int (*set_address) (struct grub_efi_net_device *dev, grub_efi_net_ip_manual_address_t *net_ip, int with_subnet); ++ int (*set_gateway) (struct grub_efi_net_device *dev, grub_efi_net_ip_address_t *address); ++ int (*set_dns) (struct grub_efi_net_device *dev, grub_efi_net_ip_address_t *dns); ++}; ++ ++union grub_efi_net_ip_address ++{ ++ grub_efi_ipv4_address_t ip4; ++ grub_efi_ipv6_address_t ip6; ++}; ++ ++struct grub_efi_net_ip_manual_address ++{ ++ int is_ip6; ++ union ++ { ++ grub_efi_ip4_config2_manual_address_t ip4; ++ grub_efi_ip6_config_manual_address_t ip6; ++ }; ++}; ++ ++struct grub_efi_net_device ++{ ++ grub_efi_handle_t handle; ++ grub_efi_ip4_config2_protocol_t *ip4_config; ++ grub_efi_ip6_config_protocol_t *ip6_config; ++ grub_efi_handle_t http_handle; ++ grub_efi_http_t *http; ++ grub_efi_handle_t ip4_pxe_handle; ++ grub_efi_pxe_t *ip4_pxe; ++ grub_efi_handle_t ip6_pxe_handle; ++ grub_efi_pxe_t *ip6_pxe; ++ grub_efi_handle_t dhcp4_handle; ++ grub_efi_dhcp4_protocol_t *dhcp4; ++ grub_efi_handle_t dhcp6_handle; ++ grub_efi_dhcp6_protocol_t *dhcp6; ++ char *card_name; ++ grub_efi_net_interface_t *net_interfaces; ++ struct grub_efi_net_device *next; ++}; ++ ++struct grub_efi_net_io ++{ ++ void (*configure) (struct grub_efi_net_device *dev, int prefer_ip6); ++ grub_err_t (*open) (struct grub_efi_net_device *dev, ++ int prefer_ip6, ++ grub_file_t file, ++ const char *filename, ++ int type); ++ grub_ssize_t (*read) (struct grub_efi_net_device *dev, ++ int prefer_ip6, ++ grub_file_t file, ++ char *buf, ++ grub_size_t len); ++ grub_err_t (*close) (struct grub_efi_net_device *dev, ++ int prefer_ip6, ++ grub_file_t file); ++}; ++ ++extern struct grub_efi_net_device *net_devices; ++ ++extern struct grub_efi_net_io io_http; ++extern struct grub_efi_net_io io_pxe; ++ ++extern grub_efi_net_ip_config_t *efi_net_ip4_config; ++extern grub_efi_net_ip_config_t *efi_net_ip6_config; ++ ++char * ++grub_efi_ip4_address_to_string (grub_efi_ipv4_address_t *address); ++ ++char * ++grub_efi_ip6_address_to_string (grub_efi_pxe_ipv6_address_t *address); ++ ++char * ++grub_efi_hw_address_to_string (grub_efi_uint32_t hw_address_size, grub_efi_mac_address_t hw_address); ++ ++int ++grub_efi_string_to_ip4_address (const char *val, grub_efi_ipv4_address_t *address, const char **rest); ++ ++int ++grub_efi_string_to_ip6_address (const char *val, grub_efi_ipv6_address_t *address, const char **rest); ++ ++char * ++grub_efi_ip6_interface_name (struct grub_efi_net_device *dev); ++ ++char * ++grub_efi_ip4_interface_name (struct grub_efi_net_device *dev); ++ ++grub_efi_net_interface_t * ++grub_efi_net_create_interface (struct grub_efi_net_device *dev, ++ const char *interface_name, ++ grub_efi_net_ip_manual_address_t *net_ip, ++ int has_subnet); ++ ++int grub_efi_net_fs_init (void); ++void grub_efi_net_fs_fini (void); ++int grub_efi_net_boot_from_https (void); ++int grub_efi_net_boot_from_opa (void); ++ ++extern grub_command_func_t grub_efi_net_list_routes; ++extern grub_command_func_t grub_efi_net_list_cards; ++extern grub_command_func_t grub_efi_net_list_addrs; ++extern grub_command_func_t grub_efi_net_add_addr; ++extern grub_command_func_t grub_efi_net_bootp; ++extern grub_command_func_t grub_efi_net_bootp6; ++ ++#endif /* ! GRUB_NET_EFI_HEADER */ diff --git a/SOURCES/0179-AUDIT-0-http-boot-tracker-bug.patch b/SOURCES/0179-AUDIT-0-http-boot-tracker-bug.patch new file mode 100644 index 0000000..338d7d1 --- /dev/null +++ b/SOURCES/0179-AUDIT-0-http-boot-tracker-bug.patch @@ -0,0 +1,62 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Sebastian Krahmer +Date: Tue, 28 Nov 2017 17:24:38 +0800 +Subject: [PATCH] AUDIT-0: http boot tracker bug + +Fixing a memory leak in case of error, and a integer overflow, leading to a +heap overflow due to overly large chunk sizes. + +We need to check against some maximum value, otherwise values like 0xffffffff +will eventually lead in the allocation functions to small sized buffers, since +the len is rounded up to the next reasonable alignment. The following memcpy +will then smash the heap, leading to RCE. + +This is no big issue for pure http boot, since its going to execute an +untrusted kernel anyway, but it will break trusted boot scenarios, where only +signed code is allowed to be executed. + +Signed-off-by: Michael Chang +--- + grub-core/net/efi/net.c | 4 +++- + grub-core/net/http.c | 5 ++++- + 2 files changed, 7 insertions(+), 2 deletions(-) + +diff --git a/grub-core/net/efi/net.c b/grub-core/net/efi/net.c +index 9e0078ac1..2bf15447f 100644 +--- a/grub-core/net/efi/net.c ++++ b/grub-core/net/efi/net.c +@@ -645,8 +645,10 @@ grub_efihttp_chunk_read (grub_file_t file, char *buf, + + rd = efi_net_interface (read, file, chunk, sz); + +- if (rd <= 0) ++ if (rd <= 0) { ++ grub_free (chunk); + return rd; ++ } + + if (buf) + { +diff --git a/grub-core/net/http.c b/grub-core/net/http.c +index 00737c527..c9c59690a 100644 +--- a/grub-core/net/http.c ++++ b/grub-core/net/http.c +@@ -31,7 +31,8 @@ GRUB_MOD_LICENSE ("GPLv3+"); + + enum + { +- HTTP_PORT = 80 ++ HTTP_PORT = 80, ++ HTTP_MAX_CHUNK_SIZE = 0x80000000 + }; + + +@@ -78,6 +79,8 @@ parse_line (grub_file_t file, http_data_t data, char *ptr, grub_size_t len) + if (data->in_chunk_len == 2) + { + data->chunk_rem = grub_strtoul (ptr, 0, 16); ++ if (data->chunk_rem > HTTP_MAX_CHUNK_SIZE) ++ return GRUB_ERR_NET_PACKET_TOO_BIG; + grub_errno = GRUB_ERR_NONE; + if (data->chunk_rem == 0) + { diff --git a/SOURCES/0180-grub-core-video-efi_gop.c-Add-support-for-BLT_ONLY-a.patch b/SOURCES/0180-grub-core-video-efi_gop.c-Add-support-for-BLT_ONLY-a.patch new file mode 100644 index 0000000..4992c30 --- /dev/null +++ b/SOURCES/0180-grub-core-video-efi_gop.c-Add-support-for-BLT_ONLY-a.patch @@ -0,0 +1,56 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Alexander Graf +Date: Wed, 1 Feb 2017 23:10:45 +0100 +Subject: [PATCH] grub-core/video/efi_gop.c: Add support for BLT_ONLY adapters + +EFI GOP has support for multiple different bitness types of frame buffers +and for a special "BLT only" type which is always defined to be RGBx. + +Because grub2 doesn't ever directly access the frame buffer but instead +only renders graphics via the BLT interface anyway, we can easily support +these adapters. + +The reason this has come up now is the emerging support for virtio-gpu +in OVMF. That adapter does not have the notion of a memory mapped frame +buffer and thus is BLT only. + +Signed-off-by: Alexander Graf +--- + grub-core/video/efi_gop.c | 2 ++ + include/grub/efi/graphics_output.h | 3 ++- + 2 files changed, 4 insertions(+), 1 deletion(-) + +diff --git a/grub-core/video/efi_gop.c b/grub-core/video/efi_gop.c +index 7f9d1c2df..c9e40e8d4 100644 +--- a/grub-core/video/efi_gop.c ++++ b/grub-core/video/efi_gop.c +@@ -121,6 +121,7 @@ grub_video_gop_get_bpp (struct grub_efi_gop_mode_info *in) + { + case GRUB_EFI_GOT_BGRA8: + case GRUB_EFI_GOT_RGBA8: ++ case GRUB_EFI_GOT_BLT_ONLY: + return 32; + + case GRUB_EFI_GOT_BITMASK: +@@ -187,6 +188,7 @@ grub_video_gop_fill_real_mode_info (unsigned mode, + switch (in->pixel_format) + { + case GRUB_EFI_GOT_RGBA8: ++ case GRUB_EFI_GOT_BLT_ONLY: + out->red_mask_size = 8; + out->red_field_pos = 0; + out->green_mask_size = 8; +diff --git a/include/grub/efi/graphics_output.h b/include/grub/efi/graphics_output.h +index 129777411..e4388127c 100644 +--- a/include/grub/efi/graphics_output.h ++++ b/include/grub/efi/graphics_output.h +@@ -28,7 +28,8 @@ typedef enum + { + GRUB_EFI_GOT_RGBA8, + GRUB_EFI_GOT_BGRA8, +- GRUB_EFI_GOT_BITMASK ++ GRUB_EFI_GOT_BITMASK, ++ GRUB_EFI_GOT_BLT_ONLY, + } + grub_efi_gop_pixel_format_t; + diff --git a/SOURCES/0181-efi-uga-use-64-bit-for-fb_base.patch b/SOURCES/0181-efi-uga-use-64-bit-for-fb_base.patch new file mode 100644 index 0000000..c23c17a --- /dev/null +++ b/SOURCES/0181-efi-uga-use-64-bit-for-fb_base.patch @@ -0,0 +1,105 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Andrei Borzenkov +Date: Wed, 16 May 2018 13:06:04 -0400 +Subject: [PATCH] efi/uga: use 64 bit for fb_base + +We get 64 bit from PCI BAR but then truncate by assigning to 32 bit. +Make sure to check that pointer does not overflow on 32 bit platform. + +Closes: 50931 +--- + grub-core/video/efi_uga.c | 31 ++++++++++++++++--------------- + 1 file changed, 16 insertions(+), 15 deletions(-) + +diff --git a/grub-core/video/efi_uga.c b/grub-core/video/efi_uga.c +index 044af1d20..97a607c01 100644 +--- a/grub-core/video/efi_uga.c ++++ b/grub-core/video/efi_uga.c +@@ -34,7 +34,7 @@ GRUB_MOD_LICENSE ("GPLv3+"); + + static grub_efi_guid_t uga_draw_guid = GRUB_EFI_UGA_DRAW_GUID; + static struct grub_efi_uga_draw_protocol *uga; +-static grub_uint32_t uga_fb; ++static grub_uint64_t uga_fb; + static grub_uint32_t uga_pitch; + + static struct +@@ -52,7 +52,7 @@ static struct + #define FBTEST_COUNT 8 + + static int +-find_line_len (grub_uint32_t *fb_base, grub_uint32_t *line_len) ++find_line_len (grub_uint64_t *fb_base, grub_uint32_t *line_len) + { + grub_uint32_t *base = (grub_uint32_t *) (grub_addr_t) *fb_base; + int i; +@@ -67,7 +67,7 @@ find_line_len (grub_uint32_t *fb_base, grub_uint32_t *line_len) + { + if ((base[j] & RGB_MASK) == RGB_MAGIC) + { +- *fb_base = (grub_uint32_t) (grub_addr_t) base; ++ *fb_base = (grub_uint64_t) (grub_addr_t) base; + *line_len = j << 2; + + return 1; +@@ -84,7 +84,7 @@ find_line_len (grub_uint32_t *fb_base, grub_uint32_t *line_len) + /* Context for find_framebuf. */ + struct find_framebuf_ctx + { +- grub_uint32_t *fb_base; ++ grub_uint64_t *fb_base; + grub_uint32_t *line_len; + int found; + }; +@@ -129,7 +129,9 @@ find_card (grub_pci_device_t dev, grub_pci_id_t pciid, void *data) + if (i == 5) + break; + +- old_bar2 = grub_pci_read (addr + 4); ++ i++; ++ addr += 4; ++ old_bar2 = grub_pci_read (addr); + } + else + old_bar2 = 0; +@@ -138,10 +140,15 @@ find_card (grub_pci_device_t dev, grub_pci_id_t pciid, void *data) + base64 <<= 32; + base64 |= (old_bar1 & GRUB_PCI_ADDR_MEM_MASK); + +- grub_dprintf ("fb", "%s(%d): 0x%llx\n", ++ grub_dprintf ("fb", "%s(%d): 0x%" PRIxGRUB_UINT64_T "\n", + ((old_bar1 & GRUB_PCI_ADDR_MEM_PREFETCH) ? +- "VMEM" : "MMIO"), i, +- (unsigned long long) base64); ++ "VMEM" : "MMIO"), type == GRUB_PCI_ADDR_MEM_TYPE_64 ? i - 1 : i, ++ base64); ++ ++#if GRUB_CPU_SIZEOF_VOID_P == 4 ++ if (old_bar2) ++ continue; ++#endif + + if ((old_bar1 & GRUB_PCI_ADDR_MEM_PREFETCH) && (! ctx->found)) + { +@@ -149,12 +156,6 @@ find_card (grub_pci_device_t dev, grub_pci_id_t pciid, void *data) + if (find_line_len (ctx->fb_base, ctx->line_len)) + ctx->found++; + } +- +- if (type == GRUB_PCI_ADDR_MEM_TYPE_64) +- { +- i++; +- addr += 4; +- } + } + } + +@@ -162,7 +163,7 @@ find_card (grub_pci_device_t dev, grub_pci_id_t pciid, void *data) + } + + static int +-find_framebuf (grub_uint32_t *fb_base, grub_uint32_t *line_len) ++find_framebuf (grub_uint64_t *fb_base, grub_uint32_t *line_len) + { + struct find_framebuf_ctx ctx = { + .fb_base = fb_base, diff --git a/SOURCES/0182-EFI-console-Do-not-set-text-mode-until-we-actually-n.patch b/SOURCES/0182-EFI-console-Do-not-set-text-mode-until-we-actually-n.patch new file mode 100644 index 0000000..c3413a2 --- /dev/null +++ b/SOURCES/0182-EFI-console-Do-not-set-text-mode-until-we-actually-n.patch @@ -0,0 +1,184 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Hans de Goede +Date: Tue, 6 Mar 2018 17:11:15 +0100 +Subject: [PATCH] EFI: console: Do not set text-mode until we actually need it + +If we're running with a hidden menu we may never need text mode, so do not +change the video-mode to text until we actually need it. + +Signed-off-by: Hans de Goede +--- + grub-core/term/efi/console.c | 65 ++++++++++++++++++++++++++++++-------------- + 1 file changed, 44 insertions(+), 21 deletions(-) + +diff --git a/grub-core/term/efi/console.c b/grub-core/term/efi/console.c +index 4840cc59d..051633d71 100644 +--- a/grub-core/term/efi/console.c ++++ b/grub-core/term/efi/console.c +@@ -24,6 +24,11 @@ + #include + #include + ++static grub_err_t grub_prepare_for_text_output(struct grub_term_output *term); ++ ++static int text_mode_available = -1; ++static int text_colorstate = -1; ++ + static grub_uint32_t + map_char (grub_uint32_t c) + { +@@ -66,14 +71,14 @@ map_char (grub_uint32_t c) + } + + static void +-grub_console_putchar (struct grub_term_output *term __attribute__ ((unused)), ++grub_console_putchar (struct grub_term_output *term, + const struct grub_unicode_glyph *c) + { + grub_efi_char16_t str[2 + 30]; + grub_efi_simple_text_output_interface_t *o; + unsigned i, j; + +- if (grub_efi_is_finished) ++ if (grub_prepare_for_text_output (term)) + return; + + o = grub_efi_system_table->con_out; +@@ -223,14 +228,15 @@ grub_console_getkey (struct grub_term_input *term) + } + + static struct grub_term_coordinate +-grub_console_getwh (struct grub_term_output *term __attribute__ ((unused))) ++grub_console_getwh (struct grub_term_output *term) + { + grub_efi_simple_text_output_interface_t *o; + grub_efi_uintn_t columns, rows; + + o = grub_efi_system_table->con_out; +- if (grub_efi_is_finished || efi_call_4 (o->query_mode, o, o->mode->mode, +- &columns, &rows) != GRUB_EFI_SUCCESS) ++ if (grub_prepare_for_text_output (term) != GRUB_ERR_NONE || ++ efi_call_4 (o->query_mode, o, o->mode->mode, ++ &columns, &rows) != GRUB_EFI_SUCCESS) + { + /* Why does this fail? */ + columns = 80; +@@ -245,7 +251,7 @@ grub_console_getxy (struct grub_term_output *term __attribute__ ((unused))) + { + grub_efi_simple_text_output_interface_t *o; + +- if (grub_efi_is_finished) ++ if (grub_efi_is_finished || text_mode_available != 1) + return (struct grub_term_coordinate) { 0, 0 }; + + o = grub_efi_system_table->con_out; +@@ -253,12 +259,12 @@ grub_console_getxy (struct grub_term_output *term __attribute__ ((unused))) + } + + static void +-grub_console_gotoxy (struct grub_term_output *term __attribute__ ((unused)), ++grub_console_gotoxy (struct grub_term_output *term, + struct grub_term_coordinate pos) + { + grub_efi_simple_text_output_interface_t *o; + +- if (grub_efi_is_finished) ++ if (grub_prepare_for_text_output (term)) + return; + + o = grub_efi_system_table->con_out; +@@ -271,7 +277,7 @@ grub_console_cls (struct grub_term_output *term __attribute__ ((unused))) + grub_efi_simple_text_output_interface_t *o; + grub_efi_int32_t orig_attr; + +- if (grub_efi_is_finished) ++ if (grub_efi_is_finished || text_mode_available != 1) + return; + + o = grub_efi_system_table->con_out; +@@ -291,6 +297,12 @@ grub_console_setcolorstate (struct grub_term_output *term + if (grub_efi_is_finished) + return; + ++ if (text_mode_available != 1) { ++ /* Avoid "color_normal" environment writes causing a switch to textmode */ ++ text_colorstate = state; ++ return; ++ } ++ + o = grub_efi_system_table->con_out; + + switch (state) { +@@ -315,7 +327,7 @@ grub_console_setcursor (struct grub_term_output *term __attribute__ ((unused)), + { + grub_efi_simple_text_output_interface_t *o; + +- if (grub_efi_is_finished) ++ if (grub_efi_is_finished || text_mode_available != 1) + return; + + o = grub_efi_system_table->con_out; +@@ -323,18 +335,38 @@ grub_console_setcursor (struct grub_term_output *term __attribute__ ((unused)), + } + + static grub_err_t +-grub_efi_console_output_init (struct grub_term_output *term) ++grub_prepare_for_text_output(struct grub_term_output *term) + { +- grub_efi_set_text_mode (1); ++ if (grub_efi_is_finished) ++ return GRUB_ERR_BAD_DEVICE; ++ ++ if (text_mode_available != -1) ++ return text_mode_available ? 0 : GRUB_ERR_BAD_DEVICE; ++ ++ if (! grub_efi_set_text_mode (1)) ++ { ++ /* This really should never happen */ ++ grub_error (GRUB_ERR_BAD_DEVICE, "cannot set text mode"); ++ text_mode_available = 0; ++ return GRUB_ERR_BAD_DEVICE; ++ } ++ + grub_console_setcursor (term, 1); ++ if (text_colorstate != -1) ++ grub_console_setcolorstate (term, text_colorstate); ++ text_mode_available = 1; + return 0; + } + + static grub_err_t + grub_efi_console_output_fini (struct grub_term_output *term) + { ++ if (text_mode_available != 1) ++ return 0; ++ + grub_console_setcursor (term, 0); + grub_efi_set_text_mode (0); ++ text_mode_available = -1; + return 0; + } + +@@ -348,7 +380,6 @@ static struct grub_term_input grub_console_term_input = + static struct grub_term_output grub_console_term_output = + { + .name = "console", +- .init = grub_efi_console_output_init, + .fini = grub_efi_console_output_fini, + .putchar = grub_console_putchar, + .getwh = grub_console_getwh, +@@ -364,14 +395,6 @@ static struct grub_term_output grub_console_term_output = + void + grub_console_init (void) + { +- /* FIXME: it is necessary to consider the case where no console control +- is present but the default is already in text mode. */ +- if (! grub_efi_set_text_mode (1)) +- { +- grub_error (GRUB_ERR_BAD_DEVICE, "cannot set text mode"); +- return; +- } +- + grub_term_register_output ("console", &grub_console_term_output); + grub_term_register_input ("console", &grub_console_term_input); + } diff --git a/SOURCES/0183-EFI-console-Add-grub_console_read_key_stroke-helper-.patch b/SOURCES/0183-EFI-console-Add-grub_console_read_key_stroke-helper-.patch new file mode 100644 index 0000000..afb9672 --- /dev/null +++ b/SOURCES/0183-EFI-console-Add-grub_console_read_key_stroke-helper-.patch @@ -0,0 +1,102 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Hans de Goede +Date: Wed, 6 Jun 2018 15:54:44 +0200 +Subject: [PATCH] EFI: console: Add grub_console_read_key_stroke() helper + function + +This is a preparation patch for adding getkeystatus() support to the +EFI console terminal input driver. + +We can get modifier status through the simple_text_input read_key_stroke +method, but if a non-modifier key is (also) pressed the read_key_stroke +call will consume that key from the firmware's queue. + +The new grub_console_read_key_stroke() helper buffers upto 1 key-stroke. +If it has a non-modifier key buffered, it will return that one, if its +buffer is empty, it will fills its buffer by getting a new key-stroke. + +If called with consume=1 it will empty its buffer after copying the +key-data to the callers buffer, this is how getkey() will use it. + +If called with consume=0 it will keep the last key-stroke buffered, this +is how getkeystatus() will call it. This means that if a non-modifier +key gets pressed, repeated getkeystatus() calls will return the modifiers +of that key-press until it is consumed by a getkey() call. + +Signed-off-by: Hans de Goede +--- + grub-core/term/efi/console.c | 51 ++++++++++++++++++++++++++++++++++---------- + 1 file changed, 40 insertions(+), 11 deletions(-) + +diff --git a/grub-core/term/efi/console.c b/grub-core/term/efi/console.c +index 051633d71..3d36c5c70 100644 +--- a/grub-core/term/efi/console.c ++++ b/grub-core/term/efi/console.c +@@ -157,27 +157,56 @@ grub_console_getkey_con (struct grub_term_input *term __attribute__ ((unused))) + return grub_efi_translate_key(key); + } + ++/* ++ * When more then just modifiers are pressed, our getkeystatus() consumes a ++ * press from the queue, this function buffers the press for the regular ++ * getkey() so that it does not get lost. ++ */ ++static int ++grub_console_read_key_stroke ( ++ grub_efi_simple_text_input_ex_interface_t *text_input, ++ grub_efi_key_data_t *key_data_ret, int *key_ret, ++ int consume) ++{ ++ static grub_efi_key_data_t key_data; ++ grub_efi_status_t status; ++ int key; ++ ++ if (!text_input) ++ return GRUB_ERR_EOF; ++ ++ key = grub_efi_translate_key (key_data.key); ++ if (key == GRUB_TERM_NO_KEY) { ++ status = efi_call_2 (text_input->read_key_stroke, text_input, &key_data); ++ if (status != GRUB_EFI_SUCCESS) ++ return GRUB_ERR_EOF; ++ ++ key = grub_efi_translate_key (key_data.key); ++ } ++ ++ *key_data_ret = key_data; ++ *key_ret = key; ++ ++ if (consume) { ++ key_data.key.scan_code = 0; ++ key_data.key.unicode_char = 0; ++ } ++ ++ return 0; ++} ++ + static int + grub_console_getkey_ex(struct grub_term_input *term) + { + grub_efi_key_data_t key_data; +- grub_efi_status_t status; + grub_efi_uint32_t kss; + int key = -1; + +- grub_efi_simple_text_input_ex_interface_t *text_input = term->data; +- +- status = efi_call_2 (text_input->read_key_stroke, text_input, &key_data); +- +- if (status != GRUB_EFI_SUCCESS) ++ if (grub_console_read_key_stroke (term->data, &key_data, &key, 1) || ++ key == GRUB_TERM_NO_KEY) + return GRUB_TERM_NO_KEY; + + kss = key_data.key_state.key_shift_state; +- key = grub_efi_translate_key(key_data.key); +- +- if (key == GRUB_TERM_NO_KEY) +- return GRUB_TERM_NO_KEY; +- + if (kss & GRUB_EFI_SHIFT_STATE_VALID) + { + if ((kss & GRUB_EFI_LEFT_SHIFT_PRESSED diff --git a/SOURCES/0184-EFI-console-Implement-getkeystatus-support.patch b/SOURCES/0184-EFI-console-Implement-getkeystatus-support.patch new file mode 100644 index 0000000..c2eeb7f --- /dev/null +++ b/SOURCES/0184-EFI-console-Implement-getkeystatus-support.patch @@ -0,0 +1,72 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Hans de Goede +Date: Wed, 6 Jun 2018 16:16:47 +0200 +Subject: [PATCH] EFI: console: Implement getkeystatus() support + +Implement getkeystatus() support. + +Note that if a non-modifier key gets pressed and repeated calls to +getkeystatus() are made then it will return the modifier status at the +time of the non-modifier key, until that key-press gets consumed by a +getkey() call. + +This is a side-effect of how the EFI simple-text-input protocol works +and cannot be avoided. + +Signed-off-by: Hans de Goede +--- + grub-core/term/efi/console.c | 34 ++++++++++++++++++++++++++++++++++ + 1 file changed, 34 insertions(+) + +diff --git a/grub-core/term/efi/console.c b/grub-core/term/efi/console.c +index 3d36c5c70..92dd4996b 100644 +--- a/grub-core/term/efi/console.c ++++ b/grub-core/term/efi/console.c +@@ -223,6 +223,39 @@ grub_console_getkey_ex(struct grub_term_input *term) + return key; + } + ++static int ++grub_console_getkeystatus(struct grub_term_input *term) ++{ ++ grub_efi_key_data_t key_data; ++ grub_efi_uint32_t kss; ++ int key, mods = 0; ++ ++ if (grub_efi_is_finished) ++ return 0; ++ ++ if (grub_console_read_key_stroke (term->data, &key_data, &key, 0)) ++ return 0; ++ ++ kss = key_data.key_state.key_shift_state; ++ if (kss & GRUB_EFI_SHIFT_STATE_VALID) ++ { ++ if (kss & GRUB_EFI_LEFT_SHIFT_PRESSED) ++ mods |= GRUB_TERM_STATUS_LSHIFT; ++ if (kss & GRUB_EFI_RIGHT_SHIFT_PRESSED) ++ mods |= GRUB_TERM_STATUS_RSHIFT; ++ if (kss & GRUB_EFI_LEFT_ALT_PRESSED) ++ mods |= GRUB_TERM_STATUS_LALT; ++ if (kss & GRUB_EFI_RIGHT_ALT_PRESSED) ++ mods |= GRUB_TERM_STATUS_RALT; ++ if (kss & GRUB_EFI_LEFT_CONTROL_PRESSED) ++ mods |= GRUB_TERM_STATUS_LCTRL; ++ if (kss & GRUB_EFI_RIGHT_CONTROL_PRESSED) ++ mods |= GRUB_TERM_STATUS_RCTRL; ++ } ++ ++ return mods; ++} ++ + static grub_err_t + grub_efi_console_input_init (struct grub_term_input *term) + { +@@ -403,6 +436,7 @@ static struct grub_term_input grub_console_term_input = + { + .name = "console", + .getkey = grub_console_getkey, ++ .getkeystatus = grub_console_getkeystatus, + .init = grub_efi_console_input_init, + }; + diff --git a/SOURCES/0185-Make-grub_getkeystatus-helper-funtion-available-ever.patch b/SOURCES/0185-Make-grub_getkeystatus-helper-funtion-available-ever.patch new file mode 100644 index 0000000..0435993 --- /dev/null +++ b/SOURCES/0185-Make-grub_getkeystatus-helper-funtion-available-ever.patch @@ -0,0 +1,87 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Hans de Goede +Date: Wed, 6 Jun 2018 16:47:11 +0200 +Subject: [PATCH] Make grub_getkeystatus helper funtion available everywhere + +Move the grub_getkeystatus helper function from +grub-core/commands/keystatus.c to grub-core/kern/term.c +and export it so that it can be used outside of the +keystatus command code too. + +Signed-off-by: Hans de Goede +--- + grub-core/commands/keystatus.c | 18 ------------------ + grub-core/kern/term.c | 18 ++++++++++++++++++ + include/grub/term.h | 1 + + 3 files changed, 19 insertions(+), 18 deletions(-) + +diff --git a/grub-core/commands/keystatus.c b/grub-core/commands/keystatus.c +index 460cf4e7e..ff3f58781 100644 +--- a/grub-core/commands/keystatus.c ++++ b/grub-core/commands/keystatus.c +@@ -35,24 +35,6 @@ static const struct grub_arg_option options[] = + {0, 0, 0, 0, 0, 0} + }; + +-static int +-grub_getkeystatus (void) +-{ +- int status = 0; +- grub_term_input_t term; +- +- if (grub_term_poll_usb) +- grub_term_poll_usb (0); +- +- FOR_ACTIVE_TERM_INPUTS(term) +- { +- if (term->getkeystatus) +- status |= term->getkeystatus (term); +- } +- +- return status; +-} +- + static grub_err_t + grub_cmd_keystatus (grub_extcmd_context_t ctxt, + int argc __attribute__ ((unused)), +diff --git a/grub-core/kern/term.c b/grub-core/kern/term.c +index 07720ee67..93bd3378d 100644 +--- a/grub-core/kern/term.c ++++ b/grub-core/kern/term.c +@@ -120,6 +120,24 @@ grub_getkey (void) + } + } + ++int ++grub_getkeystatus (void) ++{ ++ int status = 0; ++ grub_term_input_t term; ++ ++ if (grub_term_poll_usb) ++ grub_term_poll_usb (0); ++ ++ FOR_ACTIVE_TERM_INPUTS(term) ++ { ++ if (term->getkeystatus) ++ status |= term->getkeystatus (term); ++ } ++ ++ return status; ++} ++ + void + grub_refresh (void) + { +diff --git a/include/grub/term.h b/include/grub/term.h +index 8117e2a24..c21513338 100644 +--- a/include/grub/term.h ++++ b/include/grub/term.h +@@ -327,6 +327,7 @@ grub_term_unregister_output (grub_term_output_t term) + void grub_putcode (grub_uint32_t code, struct grub_term_output *term); + int EXPORT_FUNC(grub_getkey) (void); + int EXPORT_FUNC(grub_getkey_noblock) (void); ++int EXPORT_FUNC(grub_getkeystatus) (void); + void grub_cls (void); + void EXPORT_FUNC(grub_refresh) (void); + void grub_puts_terminal (const char *str, struct grub_term_output *term); diff --git a/SOURCES/0186-Accept-ESC-F8-and-holding-SHIFT-as-user-interrupt-ke.patch b/SOURCES/0186-Accept-ESC-F8-and-holding-SHIFT-as-user-interrupt-ke.patch new file mode 100644 index 0000000..46e1639 --- /dev/null +++ b/SOURCES/0186-Accept-ESC-F8-and-holding-SHIFT-as-user-interrupt-ke.patch @@ -0,0 +1,94 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Hans de Goede +Date: Mon, 26 Mar 2018 16:15:53 +0200 +Subject: [PATCH] Accept ESC, F8 and holding SHIFT as user interrupt keys + +On some devices the ESC key is the hotkey to enter the BIOS/EFI setup +screen, making it really hard to time pressing it right. Besides that +ESC is also pretty hard to discover for a user who does not know it +will unhide the menu. + +This commit makes F8, which used to be the hotkey to show the Windows +boot menu during boot for a long long time, also interrupt sleeps / +stop the menu countdown. + +This solves the ESC gets into the BIOS setup and also somewhat solves +the discoverability issue, but leaves the timing issue unresolved. + +This commit fixes the timing issue by also adding support for keeping +SHIFT pressed during boot to stop the menu countdown. This matches +what Ubuntu is doing, which should also help with discoverability. + +Signed-off-by: Hans de Goede +--- + grub-core/commands/sleep.c | 2 +- + grub-core/kern/term.c | 16 ++++++++++++++++ + grub-core/normal/menu.c | 2 +- + include/grub/term.h | 1 + + 4 files changed, 19 insertions(+), 2 deletions(-) + +diff --git a/grub-core/commands/sleep.c b/grub-core/commands/sleep.c +index e77e7900f..a1370b710 100644 +--- a/grub-core/commands/sleep.c ++++ b/grub-core/commands/sleep.c +@@ -55,7 +55,7 @@ grub_interruptible_millisleep (grub_uint32_t ms) + start = grub_get_time_ms (); + + while (grub_get_time_ms () - start < ms) +- if (grub_getkey_noblock () == GRUB_TERM_ESC) ++ if (grub_key_is_interrupt (grub_getkey_noblock ())) + return 1; + + return 0; +diff --git a/grub-core/kern/term.c b/grub-core/kern/term.c +index 93bd3378d..6cae4c23e 100644 +--- a/grub-core/kern/term.c ++++ b/grub-core/kern/term.c +@@ -138,6 +138,22 @@ grub_getkeystatus (void) + return status; + } + ++int ++grub_key_is_interrupt (int key) ++{ ++ /* ESC sometimes is the BIOS setup hotkey and may be hard to discover, also ++ check F8, which was the key to get the Windows bootmenu for a long time. */ ++ if (key == GRUB_TERM_ESC || key == GRUB_TERM_KEY_F8) ++ return 1; ++ ++ /* Pressing keys at the right time during boot is hard to time, also allow ++ interrupting sleeps / the menu countdown by keeping shift pressed. */ ++ if (grub_getkeystatus() & (GRUB_TERM_STATUS_LSHIFT|GRUB_TERM_STATUS_RSHIFT)) ++ return 1; ++ ++ return 0; ++} ++ + void + grub_refresh (void) + { +diff --git a/grub-core/normal/menu.c b/grub-core/normal/menu.c +index 5e2f5283d..6cb2a0714 100644 +--- a/grub-core/normal/menu.c ++++ b/grub-core/normal/menu.c +@@ -655,7 +655,7 @@ run_menu (grub_menu_t menu, int nested, int *auto_boot) + if (entry >= 0) + break; + } +- if (key == GRUB_TERM_ESC) ++ if (grub_key_is_interrupt (key)) + { + timeout = -1; + break; +diff --git a/include/grub/term.h b/include/grub/term.h +index c21513338..2b079c29b 100644 +--- a/include/grub/term.h ++++ b/include/grub/term.h +@@ -328,6 +328,7 @@ void grub_putcode (grub_uint32_t code, struct grub_term_output *term); + int EXPORT_FUNC(grub_getkey) (void); + int EXPORT_FUNC(grub_getkey_noblock) (void); + int EXPORT_FUNC(grub_getkeystatus) (void); ++int EXPORT_FUNC(grub_key_is_interrupt) (int key); + void grub_cls (void); + void EXPORT_FUNC(grub_refresh) (void); + void grub_puts_terminal (const char *str, struct grub_term_output *term); diff --git a/SOURCES/0187-grub-editenv-Add-incr-command-to-increment-integer-v.patch b/SOURCES/0187-grub-editenv-Add-incr-command-to-increment-integer-v.patch new file mode 100644 index 0000000..13c9796 --- /dev/null +++ b/SOURCES/0187-grub-editenv-Add-incr-command-to-increment-integer-v.patch @@ -0,0 +1,93 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Hans de Goede +Date: Mon, 4 Jun 2018 19:49:47 +0200 +Subject: [PATCH] grub-editenv: Add "incr" command to increment integer value + env. variables + +To be able to automatically detect if the last boot was successful, +We want to keep count of succesful / failed boots in some integer +environment variable. + +This commit adds a grub-editenvt "incr" command to increment such +integer value env. variables by 1 for use from various boot scripts. + +Signed-off-by: Hans de Goede +--- + util/grub-editenv.c | 50 ++++++++++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 50 insertions(+) + +diff --git a/util/grub-editenv.c b/util/grub-editenv.c +index 118e89fe5..2918bb71c 100644 +--- a/util/grub-editenv.c ++++ b/util/grub-editenv.c +@@ -53,6 +53,9 @@ static struct argp_option options[] = { + /* TRANSLATORS: "unset" is a keyword. It's a summary of "unset" subcommand. */ + {N_("unset [NAME ...]"), 0, 0, OPTION_DOC|OPTION_NO_USAGE, + N_("Delete variables."), 0}, ++ /* TRANSLATORS: "incr" is a keyword. It's a summary of "incr" subcommand. */ ++ {N_("incr [NAME ...]"), 0, 0, OPTION_DOC|OPTION_NO_USAGE, ++ N_("Increase value of integer variables."), 0}, + + {0, 0, 0, OPTION_DOC, N_("Options:"), -1}, + {"verbose", 'v', 0, 0, N_("print verbose messages."), 0}, +@@ -246,6 +249,51 @@ unset_variables (const char *name, int argc, char *argv[]) + grub_envblk_close (envblk); + } + ++struct get_int_value_params { ++ char *varname; ++ int value; ++}; ++ ++static int ++get_int_value (const char *varname, const char *value, void *hook_data) ++{ ++ struct get_int_value_params *params = hook_data; ++ ++ if (strcmp (varname, params->varname) == 0) { ++ params->value = strtol (value, NULL, 10); ++ return 1; ++ } ++ return 0; ++} ++ ++static void ++incr_variables (const char *name, int argc, char *argv[]) ++{ ++ grub_envblk_t envblk; ++ char buf[16]; ++ ++ envblk = open_envblk_file (name); ++ while (argc) ++ { ++ struct get_int_value_params params = { ++ .varname = argv[0], ++ .value = 0, /* Consider unset variables 0 */ ++ }; ++ ++ grub_envblk_iterate (envblk, ¶ms, get_int_value); ++ snprintf(buf, sizeof(buf), "%d", params.value + 1); ++ ++ if (! grub_envblk_set (envblk, argv[0], buf)) ++ grub_util_error ("%s", _("environment block too small")); ++ ++ argc--; ++ argv++; ++ } ++ ++ write_envblk (name, envblk); ++ grub_envblk_close (envblk); ++} ++ + int + main (int argc, char *argv[]) + { +@@ -285,6 +333,8 @@ main (int argc, char *argv[]) + set_variables (filename, argc - curindex, argv + curindex); + else if (strcmp (command, "unset") == 0) + unset_variables (filename, argc - curindex, argv + curindex); ++ else if (strcmp (command, "incr") == 0) ++ incr_variables (filename, argc - curindex, argv + curindex); + else + { + char *program = xstrdup(program_name); diff --git a/SOURCES/0188-Add-auto-hide-menu-support.patch b/SOURCES/0188-Add-auto-hide-menu-support.patch new file mode 100644 index 0000000..444fd8e --- /dev/null +++ b/SOURCES/0188-Add-auto-hide-menu-support.patch @@ -0,0 +1,191 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Hans de Goede +Date: Wed, 6 Jun 2018 08:44:11 +0200 +Subject: [PATCH] Add auto-hide menu support + +On single-os systems we do not want to show the menu, unless something +went wrong with the previous boot, in which case the user may need the +menu to debug/fix the problem. + +This commit adds a new grub.d/00_menu_auto_hide file which emits a +config snippet implementing this. I've chosen to do this in a separate +grub.d file because chances of this going upstream are small and this way +it will be easier to rebase. + +Since auto-hiding the menu requires detecting the previous boot was ok, +we get fastboot support (where we don't check for a key at all) for free +so this commit also adds support for this. + +The new config-file code uses the following variables: + +menu_auto_hide Set this to "1" to activate the new auto-hide feature + Set this to "2" to auto-hide the menu even when multiple + operating systems are installed. Note the menu will still + auto show after booting an other os as that won't set + boot_success. +menu_show_once Set this to "1" to force showing the menu once. +boot_success The OS sets this to "1" to indicate a successful boot. +boot_indeterminate The OS increments this integer when rebooting after e.g. + installing updates or a selinux relabel. +fastboot If set to "1" and the conditions for auto-hiding the menu + are met, the menu is not shown and all checks for keypresses + are skipped, booting the default immediately. + +30_os-prober.in changes somewhat inspired by: +https://git.launchpad.net/~ubuntu-core-dev/grub/+git/ubuntu/tree/debian/patches/quick_boot.patch + +Signed-off-by: Hans de Goede +--- +Changes in v2: +-Drop shutdown_success tests, there is no meaningful way for systemd to set + this flag (by the time it knows all filesystems are unmounted or read-only +-Drop fwsetup_once support, systemd already supports booting directly into + the fwsetup by doing "systemctl reboot --firmware" +--- + Makefile.util.def | 6 +++++ + util/grub.d/00_menu_auto_hide.in | 50 ++++++++++++++++++++++++++++++++++++++++ + util/grub.d/30_os-prober.in | 18 +++++++++++++++ + 3 files changed, 74 insertions(+) + create mode 100644 util/grub.d/00_menu_auto_hide.in + +diff --git a/Makefile.util.def b/Makefile.util.def +index cbd661d63..0fdfdd91f 100644 +--- a/Makefile.util.def ++++ b/Makefile.util.def +@@ -448,6 +448,12 @@ script = { + installdir = grubconf; + }; + ++script = { ++ name = '00_menu_auto_hide'; ++ common = util/grub.d/00_menu_auto_hide.in; ++ installdir = grubconf; ++}; ++ + script = { + name = '01_users'; + common = util/grub.d/01_users.in; +diff --git a/util/grub.d/00_menu_auto_hide.in b/util/grub.d/00_menu_auto_hide.in +new file mode 100644 +index 000000000..a10fe45bb +--- /dev/null ++++ b/util/grub.d/00_menu_auto_hide.in +@@ -0,0 +1,50 @@ ++#! /bin/sh ++ ++# Disable / skip generating menu-auto-hide config parts on serial terminals ++for x in ${GRUB_TERMINAL_INPUT} ${GRUB_TERMINAL_OUTPUT}; do ++ case "$x" in ++ serial*) ++ exit 0 ++ ;; ++ esac ++done ++ ++cat << EOF ++if [ "\${boot_success}" = "1" -o "\${boot_indeterminate}" = "1" ]; then ++ set last_boot_ok=1 ++else ++ set last_boot_ok=0 ++fi ++ ++# Reset boot_indeterminate after a successful boot ++if [ "\${boot_success}" = "1" ] ; then ++ set boot_indeterminate=0 ++ save_env boot_indeterminate ++# Avoid boot_indeterminate causing the menu to be hidden more then once ++elif [ "\${boot_indeterminate}" = "1" ]; then ++ set boot_indeterminate=2 ++ save_env boot_indeterminate ++fi ++set boot_success=0 ++save_env boot_success ++ ++if [ x\$feature_timeout_style = xy ] ; then ++ if [ "\${menu_show_once}" ]; then ++ unset menu_show_once ++ save_env menu_show_once ++ set timeout_style=menu ++ unset timeout ++ elif [ "\${menu_auto_hide}" -a "\${last_boot_ok}" = "1" ]; then ++ set orig_timeout_style=\${timeout_style} ++ set orig_timeout=\${timeout} ++ if [ "\${fastboot}" = "1" ]; then ++ # timeout_style=menu + timeout=0 avoids the countdown code keypress check ++ set timeout_style=menu ++ set timeout=0 ++ else ++ set timeout_style=hidden ++ set timeout=1 ++ fi ++ fi ++fi ++EOF +diff --git a/util/grub.d/30_os-prober.in b/util/grub.d/30_os-prober.in +index 13a3a6bc7..ab634393a 100644 +--- a/util/grub.d/30_os-prober.in ++++ b/util/grub.d/30_os-prober.in +@@ -42,6 +42,7 @@ if [ -z "${OSPROBED}" ] ; then + fi + + osx_entry() { ++ found_other_os=1 + # TRANSLATORS: it refers on the OS residing on device %s + onstr="$(gettext_printf "(on %s)" "${DEVICE}")" + hints="" +@@ -102,6 +103,7 @@ for OS in ${OSPROBED} ; do + + case ${BOOT} in + chain) ++ found_other_os=1 + + onstr="$(gettext_printf "(on %s)" "${DEVICE}")" + cat << EOF +@@ -132,6 +134,7 @@ EOF + EOF + ;; + efi) ++ found_other_os=1 + + EFIPATH=${DEVICE#*@} + DEVICE=${DEVICE%@*} +@@ -176,6 +179,7 @@ EOF + LINITRD="${LINITRD#/boot}" + fi + ++ found_other_os=1 + onstr="$(gettext_printf "(on %s)" "${DEVICE}")" + recovery_params="$(echo "${LPARAMS}" | grep single)" || true + counter=1 +@@ -249,6 +253,7 @@ EOF + done + ;; + hurd) ++ found_other_os=1 + onstr="$(gettext_printf "(on %s)" "${DEVICE}")" + cat << EOF + menuentry '$(echo "${LONGNAME} $onstr" | grub_quote)' --class hurd --class gnu --class os \$menuentry_id_option 'osprober-gnuhurd-/boot/gnumach.gz-false-$(grub_get_device_id "${DEVICE}")' { +@@ -275,6 +280,7 @@ EOF + EOF + ;; + minix) ++ found_other_os=1 + cat << EOF + menuentry "${LONGNAME} (on ${DEVICE}, Multiboot)" { + EOF +@@ -306,3 +312,15 @@ EOF + esac + esac + done ++ ++# We override the results of the menu_auto_hide code here, this is a bit ugly, ++# but grub-mkconfig writes out the file linearly, so this is the only way ++if [ "${found_other_os}" = "1" ]; then ++ cat << EOF ++# Other OS found, undo autohiding of menu unless menu_auto_hide=2 ++if [ "\${orig_timeout_style}" -a "\${menu_auto_hide}" != "2" ]; then ++ set timeout_style=\${orig_timeout_style} ++ set timeout=\${orig_timeout} ++fi ++EOF ++fi diff --git a/SOURCES/0189-Output-a-menu-entry-for-firmware-setup-on-UEFI-FastB.patch b/SOURCES/0189-Output-a-menu-entry-for-firmware-setup-on-UEFI-FastB.patch new file mode 100644 index 0000000..d361d99 --- /dev/null +++ b/SOURCES/0189-Output-a-menu-entry-for-firmware-setup-on-UEFI-FastB.patch @@ -0,0 +1,93 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Steve Langasek +Date: Mon, 13 Jan 2014 12:13:12 +0000 +Subject: [PATCH] Output a menu entry for firmware setup on UEFI FastBoot + systems + +If fastboot is enabled in the BIOS then often it is not possible to +enter the firmware setup menu, add a menu entry for this. + +hdegoede: Cherry picked the Ubuntu patch from: +https://git.launchpad.net/~ubuntu-core-dev/grub/+git/ubuntu/tree/debian/patches/uefi_firmware_setup.patch +Into the Fedora / RH grub version + +According to: +https://git.launchpad.net/~ubuntu-core-dev/grub/+git/ubuntu/tree/debian/copyright +The patch is licensed under GPL-3+ + +Signed-off-by: Hans de Goede +--- + Makefile.util.def | 6 ++++++ + util/grub.d/30_uefi-firmware.in | 46 +++++++++++++++++++++++++++++++++++++++++ + 2 files changed, 52 insertions(+) + create mode 100644 util/grub.d/30_uefi-firmware.in + +diff --git a/Makefile.util.def b/Makefile.util.def +index 0fdfdd91f..5a8c390a1 100644 +--- a/Makefile.util.def ++++ b/Makefile.util.def +@@ -529,6 +529,12 @@ script = { + installdir = grubconf; + }; + ++script = { ++ name = '30_uefi-firmware'; ++ common = util/grub.d/30_uefi-firmware.in; ++ installdir = grubconf; ++}; ++ + script = { + name = '40_custom'; + common = util/grub.d/40_custom.in; +diff --git a/util/grub.d/30_uefi-firmware.in b/util/grub.d/30_uefi-firmware.in +new file mode 100644 +index 000000000..3c9f533d8 +--- /dev/null ++++ b/util/grub.d/30_uefi-firmware.in +@@ -0,0 +1,46 @@ ++#! /bin/sh ++set -e ++ ++# grub-mkconfig helper script. ++# Copyright (C) 2012 Free Software Foundation, Inc. ++# ++# GRUB is free software: you can redistribute it and/or modify ++# it under the terms of the GNU General Public License as published by ++# the Free Software Foundation, either version 3 of the License, or ++# (at your option) any later version. ++# ++# GRUB is distributed in the hope that it will be useful, ++# but WITHOUT ANY WARRANTY; without even the implied warranty of ++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++# GNU General Public License for more details. ++# ++# You should have received a copy of the GNU General Public License ++# along with GRUB. If not, see . ++ ++prefix="@prefix@" ++exec_prefix="@exec_prefix@" ++datarootdir="@datarootdir@" ++ ++export TEXTDOMAIN=@PACKAGE@ ++export TEXTDOMAINDIR="@localedir@" ++ ++. "@datadir@/@PACKAGE@/grub-mkconfig_lib" ++ ++efi_vars_dir=/sys/firmware/efi/vars ++EFI_GLOBAL_VARIABLE=8be4df61-93ca-11d2-aa0d-00e098032b8c ++OsIndications="$efi_vars_dir/OsIndicationsSupported-$EFI_GLOBAL_VARIABLE/data" ++ ++if [ -e "$OsIndications" ] && \ ++ [ "$(( $(printf 0x%x \'"$(cat $OsIndications | cut -b1)") & 1 ))" = 1 ]; then ++ LABEL="System setup" ++ ++ gettext_printf "Adding boot menu entry for EFI firmware configuration\n" >&2 ++ ++ onstr="$(gettext_printf "(on %s)" "${DEVICE}")" ++ ++ cat << EOF ++menuentry '$LABEL' \$menuentry_id_option 'uefi-firmware' { ++ fwsetup ++} ++EOF ++fi diff --git a/SOURCES/0190-Add-grub-set-bootflag-utility.patch b/SOURCES/0190-Add-grub-set-bootflag-utility.patch new file mode 100644 index 0000000..69bdcc8 --- /dev/null +++ b/SOURCES/0190-Add-grub-set-bootflag-utility.patch @@ -0,0 +1,296 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Hans de Goede +Date: Tue, 12 Jun 2018 13:25:16 +0200 +Subject: [PATCH] Add grub-set-bootflag utility + +This commit adds a new grub-set-bootflag utility, which can be used +to set known bootflags in the grubenv: boot_success or menu_show_once. + +grub-set-bootflag is different from grub-editenv in 2 ways: + +1) It is intended to be executed by regular users so must be installed +as suid root. As such it is written to not use any existing grubenv +related code for easy auditing. + +It can't be executed through pkexec because we want to call it under gdm +and pkexec does not work under gdm due the gdm user having /sbin/nologin +as shell. + +2) Since it can be executed by regular users it only allows setting +(assigning a value of 1 to) bootflags which it knows about. Currently +those are just boot_success and menu_show_once. + +This commit also adds a couple of example systemd and files which show +how this can be used to set boot_success from a user-session: + +docs/grub-boot-success.service +docs/grub-boot-success.timer + +The 2 grub-boot-success.systemd files should be placed in /lib/systemd/user +and a symlink to grub-boot-success.timer should be added to +/lib/systemd/user/timers.target.wants. + +Signed-off-by: Hans de Goede +[makhomed: grub-boot-success.timer: Only run if not in a container] +Signed-off-by: Gena Makhomed +Signed-off-by: Robbie Harwood +(cherry-picked from commit 555625062cbb10388bb706620e2d8839644fc015) +--- + Makefile.util.def | 7 ++ + util/grub-set-bootflag.c | 160 +++++++++++++++++++++++++++++++++++++++++ + conf/Makefile.extra-dist | 3 + + docs/grub-boot-success.service | 6 ++ + docs/grub-boot-success.timer | 7 ++ + util/grub-set-bootflag.1 | 20 ++++++ + 6 files changed, 203 insertions(+) + create mode 100644 util/grub-set-bootflag.c + create mode 100644 docs/grub-boot-success.service + create mode 100644 docs/grub-boot-success.timer + create mode 100644 util/grub-set-bootflag.1 + +diff --git a/Makefile.util.def b/Makefile.util.def +index 5a8c390a1..5da553932 100644 +--- a/Makefile.util.def ++++ b/Makefile.util.def +@@ -1435,3 +1435,10 @@ program = { + ldadd = grub-core/gnulib/libgnu.a; + ldadd = '$(LIBINTL) $(LIBDEVMAPPER) $(LIBZFS) $(LIBNVPAIR) $(LIBGEOM)'; + }; ++ ++program = { ++ name = grub-set-bootflag; ++ installdir = sbin; ++ mansection = 1; ++ common = util/grub-set-bootflag.c; ++}; +diff --git a/util/grub-set-bootflag.c b/util/grub-set-bootflag.c +new file mode 100644 +index 000000000..bb198f023 +--- /dev/null ++++ b/util/grub-set-bootflag.c +@@ -0,0 +1,160 @@ ++/* grub-set-bootflag.c - tool to set boot-flags in the grubenv. */ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2018 Free Software Foundation, Inc. ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ */ ++ ++/* ++ * NOTE this gets run by users as root (through pkexec), so this does not ++ * use any grub library / util functions to allow for easy auditing. ++ * The grub headers are only included to get certain defines. ++ */ ++ ++#include /* For *_DIR_NAME defines */ ++#include ++#include /* For GRUB_ENVBLK_DEFCFG define */ ++#include ++#include ++#include ++#include ++ ++#define GRUBENV "/" GRUB_BOOT_DIR_NAME "/" GRUB_DIR_NAME "/" GRUB_ENVBLK_DEFCFG ++#define GRUBENV_SIZE 1024 ++ ++const char *bootflags[] = { ++ "boot_success", ++ "menu_show_once", ++ NULL ++}; ++ ++static void usage(void) ++{ ++ int i; ++ ++ fprintf (stderr, "Usage: 'grub-set-bootflag ', where is one of:\n"); ++ for (i = 0; bootflags[i]; i++) ++ fprintf (stderr, " %s\n", bootflags[i]); ++} ++ ++int main(int argc, char *argv[]) ++{ ++ /* NOTE buf must be at least the longest bootflag length + 4 bytes */ ++ char env[GRUBENV_SIZE + 1], buf[64], *s; ++ const char *bootflag; ++ int i, len, ret; ++ FILE *f; ++ ++ if (argc != 2) ++ { ++ usage(); ++ return 1; ++ } ++ ++ for (i = 0; bootflags[i]; i++) ++ if (!strcmp (argv[1], bootflags[i])) ++ break; ++ if (!bootflags[i]) ++ { ++ fprintf (stderr, "Invalid bootflag: '%s'\n", argv[1]); ++ usage(); ++ return 1; ++ } ++ ++ bootflag = bootflags[i]; ++ len = strlen (bootflag); ++ ++ f = fopen (GRUBENV, "r"); ++ if (!f) ++ { ++ perror ("Error opening " GRUBENV " for reading"); ++ return 1; ++ } ++ ++ ret = fread (env, 1, GRUBENV_SIZE, f); ++ fclose (f); ++ if (ret != GRUBENV_SIZE) ++ { ++ errno = EINVAL; ++ perror ("Error reading from " GRUBENV); ++ return 1; ++ } ++ ++ /* 0 terminate env */ ++ env[GRUBENV_SIZE] = 0; ++ ++ if (strncmp (env, GRUB_ENVBLK_SIGNATURE, strlen (GRUB_ENVBLK_SIGNATURE))) ++ { ++ fprintf (stderr, "Error invalid environment block\n"); ++ return 1; ++ } ++ ++ /* Find a pre-existing definition of the bootflag */ ++ s = strstr (env, bootflag); ++ while (s && s[len] != '=') ++ s = strstr (s + len, bootflag); ++ ++ if (s && ((s[len + 1] != '0' && s[len + 1] != '1') || s[len + 2] != '\n')) ++ { ++ fprintf (stderr, "Pre-existing bootflag '%s' has unexpected value\n", bootflag); ++ return 1; ++ } ++ ++ /* No pre-existing bootflag? -> find free space */ ++ if (!s) ++ { ++ for (i = 0; i < (len + 3); i++) ++ buf[i] = '#'; ++ buf[i] = 0; ++ s = strstr (env, buf); ++ } ++ ++ if (!s) ++ { ++ fprintf (stderr, "No space in grubenv to store bootflag '%s'\n", bootflag); ++ return 1; ++ } ++ ++ /* The grubenv is not 0 terminated, so memcpy the name + '=' , '1', '\n' */ ++ snprintf(buf, sizeof(buf), "%s=1\n", bootflag); ++ memcpy(s, buf, len + 3); ++ ++ /* "r+", don't truncate so that the diskspace stays reserved */ ++ f = fopen (GRUBENV, "r+"); ++ if (!f) ++ { ++ perror ("Error opening " GRUBENV " for writing"); ++ return 1; ++ } ++ ++ ret = fwrite (env, 1, GRUBENV_SIZE, f); ++ if (ret != GRUBENV_SIZE) ++ { ++ perror ("Error writing to " GRUBENV); ++ return 1; ++ } ++ ++ ret = fflush (f); ++ if (ret) ++ { ++ perror ("Error flushing " GRUBENV); ++ return 1; ++ } ++ ++ fsync (fileno (f)); ++ fclose (f); ++ ++ return 0; ++} +diff --git a/conf/Makefile.extra-dist b/conf/Makefile.extra-dist +index 39eb94bde..5946ec24a 100644 +--- a/conf/Makefile.extra-dist ++++ b/conf/Makefile.extra-dist +@@ -14,6 +14,9 @@ EXTRA_DIST += util/import_unicode.py + EXTRA_DIST += docs/autoiso.cfg + EXTRA_DIST += docs/grub.cfg + EXTRA_DIST += docs/osdetect.cfg ++EXTRA_DIST += docs/org.gnu.grub.policy ++EXTRA_DIST += docs/grub-boot-success.service ++EXTRA_DIST += docs/grub-boot-success.timer + + EXTRA_DIST += conf/i386-cygwin-img-ld.sc + +diff --git a/docs/grub-boot-success.service b/docs/grub-boot-success.service +new file mode 100644 +index 000000000..80e79584c +--- /dev/null ++++ b/docs/grub-boot-success.service +@@ -0,0 +1,6 @@ ++[Unit] ++Description=Mark boot as successful ++ ++[Service] ++Type=oneshot ++ExecStart=/usr/sbin/grub2-set-bootflag boot_success +diff --git a/docs/grub-boot-success.timer b/docs/grub-boot-success.timer +new file mode 100644 +index 000000000..406f17200 +--- /dev/null ++++ b/docs/grub-boot-success.timer +@@ -0,0 +1,7 @@ ++[Unit] ++Description=Mark boot as successful after the user session has run 2 minutes ++ConditionUser=!@system ++ConditionVirtualization=!container ++ ++[Timer] ++OnActiveSec=2min +diff --git a/util/grub-set-bootflag.1 b/util/grub-set-bootflag.1 +new file mode 100644 +index 000000000..57801da22 +--- /dev/null ++++ b/util/grub-set-bootflag.1 +@@ -0,0 +1,20 @@ ++.TH GRUB-SET-BOOTFLAG 1 "Tue Jun 12 2018" ++.SH NAME ++\fBgrub-set-bootflag\fR \(em Set a bootflag in the GRUB environment block. ++ ++.SH SYNOPSIS ++\fBgrub-set-bootflag\fR <\fIBOOTFLAG\fR> ++ ++.SH DESCRIPTION ++\fBgrub-set-bootflag\fR is a command line to set bootflags in GRUB's ++stored environment. ++ ++.SH COMMANDS ++.TP ++\fBBOOTFLAG\fR ++.RS 7 ++Bootflag to set, one of \fIboot_success\fR or \fIshow_menu_once\fR. ++.RE ++ ++.SH SEE ALSO ++.BR "info grub" diff --git a/SOURCES/0191-Fix-grub-setpassword-o-s-output-path.patch b/SOURCES/0191-Fix-grub-setpassword-o-s-output-path.patch new file mode 100644 index 0000000..6ead2b9 --- /dev/null +++ b/SOURCES/0191-Fix-grub-setpassword-o-s-output-path.patch @@ -0,0 +1,33 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Andy Lutomirski +Date: Sun, 11 Jun 2017 19:17:40 -0400 +Subject: [PATCH] Fix grub-setpassword -o's output path + +The output path is set up in the command line parsing, but completely ignored +in the code that actually writes the files. This patch fixes that. + +Signed-off-by: Peter Jones +--- + util/grub-setpassword.in | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/util/grub-setpassword.in b/util/grub-setpassword.in +index cf70257ee..5ebf50576 100644 +--- a/util/grub-setpassword.in ++++ b/util/grub-setpassword.in +@@ -118,11 +118,11 @@ fi + + # on the ESP, these will fail to set the permissions, but it's okay because + # the directory is protected. +-install -m 0600 /dev/null "${grubdir}/user.cfg" 2>/dev/null || : +-chmod 0600 "${grubdir}/user.cfg" 2>/dev/null || : +-echo "GRUB2_PASSWORD=${MYPASS}" > "${grubdir}/user.cfg" ++install -m 0600 /dev/null "${OUTPUT_PATH}/user.cfg" 2>/dev/null || : ++chmod 0600 "${OUTPUT_PATH}/user.cfg" 2>/dev/null || : ++echo "GRUB2_PASSWORD=${MYPASS}" > "${OUTPUT_PATH}/user.cfg" + +-if ! grep -q "^### BEGIN /etc/grub.d/01_users ###$" "${grubdir}/grub.cfg"; then ++if ! grep -q "^### BEGIN /etc/grub.d/01_users ###$" "${OUTPUT_PATH}/grub.cfg"; then + echo "WARNING: The current configuration lacks password support!" + echo "Update your configuration with @grub_mkconfig@ to support this feature." + fi diff --git a/SOURCES/0192-Make-grub-set-password-be-named-like-all-the-other-g.patch b/SOURCES/0192-Make-grub-set-password-be-named-like-all-the-other-g.patch new file mode 100644 index 0000000..2bdd29e --- /dev/null +++ b/SOURCES/0192-Make-grub-set-password-be-named-like-all-the-other-g.patch @@ -0,0 +1,88 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Sat, 23 Jun 2018 13:19:15 -0400 +Subject: [PATCH] Make grub-set-password be named like all the other grub + utilities + +Signed-off-by: Peter Jones +--- + configure.ac | 2 +- + Makefile.util.def | 4 ++-- + .gitignore | 4 ++-- + util/{grub-setpassword.8 => grub-set-password.8} | 8 ++++---- + util/{grub-setpassword.in => grub-set-password.in} | 0 + 5 files changed, 9 insertions(+), 9 deletions(-) + rename util/{grub-setpassword.8 => grub-set-password.8} (50%) + rename util/{grub-setpassword.in => grub-set-password.in} (100%) + +diff --git a/configure.ac b/configure.ac +index 359cac3c2..5f47a9265 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -66,7 +66,7 @@ grub_TRANSFORM([grub-mkrelpath]) + grub_TRANSFORM([grub-mkrescue]) + grub_TRANSFORM([grub-probe]) + grub_TRANSFORM([grub-reboot]) +-grub_TRANSFORM([grub-setpassword]) ++grub_TRANSFORM([grub-set-password]) + grub_TRANSFORM([grub-rpm-sort]) + grub_TRANSFORM([grub-script-check]) + grub_TRANSFORM([grub-set-default]) +diff --git a/Makefile.util.def b/Makefile.util.def +index 5da553932..97cd8bdeb 100644 +--- a/Makefile.util.def ++++ b/Makefile.util.def +@@ -756,8 +756,8 @@ script = { + }; + + script = { +- name = grub-setpassword; +- common = util/grub-setpassword.in; ++ name = grub-set-password; ++ common = util/grub-set-password.in; + mansection = 8; + installdir = sbin; + }; +diff --git a/.gitignore b/.gitignore +index 424755921..7aaae594d 100644 +--- a/.gitignore ++++ b/.gitignore +@@ -113,8 +113,8 @@ grub-*.tar.* + /grub*-script-check.1 + /grub*-set-default + /grub*-set-default.8 +-/grub*-setsetpassword +-/grub*-setsetpassword.8 ++/grub*-set-password ++/grub*-set-password.8 + /grub*-shell + /grub*-shell-tester + /grub*-sparc64-setup +diff --git a/util/grub-setpassword.8 b/util/grub-set-password.8 +similarity index 50% +rename from util/grub-setpassword.8 +rename to util/grub-set-password.8 +index dc91dd669..9646546e4 100644 +--- a/util/grub-setpassword.8 ++++ b/util/grub-set-password.8 +@@ -1,12 +1,12 @@ +-.TH GRUB-SETPASSWORD 3 "Thu Jun 25 2015" ++.TH GRUB-SET-PASSWORD 3 "Thu Jun 25 2015" + .SH NAME +-\fBgrub-setpassword\fR \(em Generate the user.cfg file containing the hashed grub bootloader password. ++\fBgrub-set-password\fR \(em Generate the user.cfg file containing the hashed grub bootloader password. + + .SH SYNOPSIS +-\fBgrub-setpassword\fR [OPTION] ++\fBgrub-set-password\fR [OPTION] + + .SH DESCRIPTION +-\fBgrub-setpassword\fR outputs the user.cfg file which contains the hashed GRUB bootloader password. This utility only supports configurations where there is a single root user. ++\fBgrub-set-password\fR outputs the user.cfg file which contains the hashed GRUB bootloader password. This utility only supports configurations where there is a single root user. + + The file has the format: + GRUB2_PASSWORD=<\fIhashed password\fR>. +diff --git a/util/grub-setpassword.in b/util/grub-set-password.in +similarity index 100% +rename from util/grub-setpassword.in +rename to util/grub-set-password.in diff --git a/SOURCES/0193-docs-Add-grub-boot-indeterminate.service-example.patch b/SOURCES/0193-docs-Add-grub-boot-indeterminate.service-example.patch new file mode 100644 index 0000000..5b8732a --- /dev/null +++ b/SOURCES/0193-docs-Add-grub-boot-indeterminate.service-example.patch @@ -0,0 +1,33 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Hans de Goede +Date: Tue, 19 Jun 2018 15:20:54 +0200 +Subject: [PATCH] docs: Add grub-boot-indeterminate.service example + +This is an example service file, for use from +/lib/systemd/system/system-update.target.wants +to increment the boot_indeterminate variable when +doing offline updates. + +Signed-off-by: Hans de Goede +--- + docs/grub-boot-indeterminate.service | 11 +++++++++++ + 1 file changed, 11 insertions(+) + create mode 100644 docs/grub-boot-indeterminate.service + +diff --git a/docs/grub-boot-indeterminate.service b/docs/grub-boot-indeterminate.service +new file mode 100644 +index 000000000..6c8dcb186 +--- /dev/null ++++ b/docs/grub-boot-indeterminate.service +@@ -0,0 +1,11 @@ ++[Unit] ++Description=Mark boot as indeterminate ++DefaultDependencies=false ++Requires=sysinit.target ++After=sysinit.target ++Wants=system-update-pre.target ++Before=system-update-pre.target ++ ++[Service] ++Type=oneshot ++ExecStart=/usr/bin/grub2-editenv - incr boot_indeterminate diff --git a/SOURCES/0194-00_menu_auto_hide-Use-a-timeout-of-60s-for-menu_show.patch b/SOURCES/0194-00_menu_auto_hide-Use-a-timeout-of-60s-for-menu_show.patch new file mode 100644 index 0000000..b4c736d --- /dev/null +++ b/SOURCES/0194-00_menu_auto_hide-Use-a-timeout-of-60s-for-menu_show.patch @@ -0,0 +1,31 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Hans de Goede +Date: Tue, 26 Jun 2018 12:44:29 +0200 +Subject: [PATCH] 00_menu_auto_hide: Use a timeout of 60s for menu_show_once, + rather then no timeout + +On some UEFI systems with fastboot enabled (USB) keyboards don't work at +all, not even when explictly asking for keyboard input. + +So lets change the timeout from not set (no timeout) to 60 seconds, so +that on such systems if the menu was requested we continue with the +default choice after 60 seconds. + +Signed-off-by: Hans de Goede +--- + util/grub.d/00_menu_auto_hide.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/util/grub.d/00_menu_auto_hide.in b/util/grub.d/00_menu_auto_hide.in +index a10fe45bb..ca95c0d1c 100644 +--- a/util/grub.d/00_menu_auto_hide.in ++++ b/util/grub.d/00_menu_auto_hide.in +@@ -33,7 +33,7 @@ if [ x\$feature_timeout_style = xy ] ; then + unset menu_show_once + save_env menu_show_once + set timeout_style=menu +- unset timeout ++ set timeout=60 + elif [ "\${menu_auto_hide}" -a "\${last_boot_ok}" = "1" ]; then + set orig_timeout_style=\${timeout_style} + set orig_timeout=\${timeout} diff --git a/SOURCES/0195-00_menu_auto_hide-Reduce-number-of-save_env-calls.patch b/SOURCES/0195-00_menu_auto_hide-Reduce-number-of-save_env-calls.patch new file mode 100644 index 0000000..0f1cfba --- /dev/null +++ b/SOURCES/0195-00_menu_auto_hide-Reduce-number-of-save_env-calls.patch @@ -0,0 +1,41 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Hans de Goede +Date: Wed, 27 Jun 2018 13:33:43 +0200 +Subject: [PATCH] 00_menu_auto_hide: Reduce number of save_env calls + +Normally boot_success will be 1 on every boot (as normally the +previous boot will have been successful). This means that we end +up in the code-path to set boot_indeterminate to 0 every boot. + +So we do 2 separate save_env calls each boot, one for boot_indeterminate +and one for boot_success. This results in 2 writes to the disk. + +This commit makes us save both boot_success and boot_indeterminate +in a single call, reducing the number of writes, this reducing wear +and tear on the underlying storage. + +Signed-off-by: Hans de Goede +--- + util/grub.d/00_menu_auto_hide.in | 4 +--- + 1 file changed, 1 insertion(+), 3 deletions(-) + +diff --git a/util/grub.d/00_menu_auto_hide.in b/util/grub.d/00_menu_auto_hide.in +index ca95c0d1c..ad175870a 100644 +--- a/util/grub.d/00_menu_auto_hide.in ++++ b/util/grub.d/00_menu_auto_hide.in +@@ -19,14 +19,12 @@ fi + # Reset boot_indeterminate after a successful boot + if [ "\${boot_success}" = "1" ] ; then + set boot_indeterminate=0 +- save_env boot_indeterminate + # Avoid boot_indeterminate causing the menu to be hidden more then once + elif [ "\${boot_indeterminate}" = "1" ]; then + set boot_indeterminate=2 +- save_env boot_indeterminate + fi + set boot_success=0 +-save_env boot_success ++save_env boot_success boot_indeterminate + + if [ x\$feature_timeout_style = xy ] ; then + if [ "\${menu_show_once}" ]; then diff --git a/SOURCES/0196-30_uefi-firmware-fix-use-with-sys-firmware-efi-efiva.patch b/SOURCES/0196-30_uefi-firmware-fix-use-with-sys-firmware-efi-efiva.patch new file mode 100644 index 0000000..c3d572a --- /dev/null +++ b/SOURCES/0196-30_uefi-firmware-fix-use-with-sys-firmware-efi-efiva.patch @@ -0,0 +1,36 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Hans de Goede +Date: Fri, 29 Jun 2018 10:08:22 +0200 +Subject: [PATCH] 30_uefi-firmware: fix use with /sys/firmware/efi/efivars + +Fix 30_uefi-firmware checking for the obsolete /sys/firmware/efi/vars +instead of for the new efivarfs mounted at /sys/firmware/efi/efivars. + +Which goes to show that I really should have tested this before blindly +importing it from Ubuntu. + +Signed-off-by: Hans de Goede +--- + util/grub.d/30_uefi-firmware.in | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/util/grub.d/30_uefi-firmware.in b/util/grub.d/30_uefi-firmware.in +index 3c9f533d8..93ececffe 100644 +--- a/util/grub.d/30_uefi-firmware.in ++++ b/util/grub.d/30_uefi-firmware.in +@@ -26,12 +26,12 @@ export TEXTDOMAINDIR="@localedir@" + + . "@datadir@/@PACKAGE@/grub-mkconfig_lib" + +-efi_vars_dir=/sys/firmware/efi/vars ++efi_vars_dir=/sys/firmware/efi/efivars + EFI_GLOBAL_VARIABLE=8be4df61-93ca-11d2-aa0d-00e098032b8c +-OsIndications="$efi_vars_dir/OsIndicationsSupported-$EFI_GLOBAL_VARIABLE/data" ++OsIndications="$efi_vars_dir/OsIndicationsSupported-$EFI_GLOBAL_VARIABLE" + + if [ -e "$OsIndications" ] && \ +- [ "$(( $(printf 0x%x \'"$(cat $OsIndications | cut -b1)") & 1 ))" = 1 ]; then ++ [ "$(( $(printf 0x%x \'"$(cat $OsIndications | cut -b5)") & 1 ))" = 1 ]; then + LABEL="System setup" + + gettext_printf "Adding boot menu entry for EFI firmware configuration\n" >&2 diff --git a/SOURCES/0197-gentpl-add-disable-support.patch b/SOURCES/0197-gentpl-add-disable-support.patch new file mode 100644 index 0000000..3067d0a --- /dev/null +++ b/SOURCES/0197-gentpl-add-disable-support.patch @@ -0,0 +1,46 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Wed, 11 Jul 2018 13:43:15 -0400 +Subject: [PATCH] gentpl: add 'disable = ' support + +Signed-off-by: Peter Jones +--- + gentpl.py | 14 +++++++++++++- + 1 file changed, 13 insertions(+), 1 deletion(-) + +diff --git a/gentpl.py b/gentpl.py +index bf8439fa7..a8cd54055 100644 +--- a/gentpl.py ++++ b/gentpl.py +@@ -589,11 +589,21 @@ def platform_conditional(platform, closure): + # }; + # + def foreach_enabled_platform(defn, closure): ++ enabled = False ++ disabled = False + if 'enable' in defn: ++ enabled = True + for platform in GRUB_PLATFORMS: + if platform_tagged(defn, platform, "enable"): + platform_conditional(platform, closure) +- else: ++ ++ if 'disable' in defn: ++ disabled = True ++ for platform in GRUB_PLATFORMS: ++ if not platform_tagged(defn, platform, "disable"): ++ platform_conditional(platform, closure) ++ ++ if not enabled and not disabled: + for platform in GRUB_PLATFORMS: + platform_conditional(platform, closure) + +@@ -652,6 +662,8 @@ def first_time(defn, snippet): + def is_platform_independent(defn): + if 'enable' in defn: + return False ++ if 'disable' in defn: ++ return False + for suffix in [ "", "_nodist" ]: + template = platform_values(defn, GRUB_PLATFORMS[0], suffix) + for platform in GRUB_PLATFORMS[1:]: diff --git a/SOURCES/0198-gentpl-add-pc-firmware-type.patch b/SOURCES/0198-gentpl-add-pc-firmware-type.patch new file mode 100644 index 0000000..732107e --- /dev/null +++ b/SOURCES/0198-gentpl-add-pc-firmware-type.patch @@ -0,0 +1,22 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Wed, 11 Jul 2018 13:43:34 -0400 +Subject: [PATCH] gentpl: add 'pc' firmware type + +Signed-off-by: Peter Jones +--- + gentpl.py | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/gentpl.py b/gentpl.py +index a8cd54055..baac6a2af 100644 +--- a/gentpl.py ++++ b/gentpl.py +@@ -49,6 +49,7 @@ GROUPS["arm"] = [ "arm_uboot", "arm_efi", "arm_coreboot" ] + GROUPS["arm64"] = [ "arm64_efi" ] + + # Groups based on firmware ++GROUPS["pc"] = [ "i386_pc" ] + GROUPS["efi"] = [ "i386_efi", "x86_64_efi", "ia64_efi", "arm_efi", "arm64_efi" ] + GROUPS["ieee1275"] = [ "i386_ieee1275", "sparc64_ieee1275", "powerpc_ieee1275" ] + GROUPS["uboot"] = [ "arm_uboot" ] diff --git a/SOURCES/0199-blscfg-remove-unused-typedef.patch b/SOURCES/0199-blscfg-remove-unused-typedef.patch new file mode 100644 index 0000000..2fb376c --- /dev/null +++ b/SOURCES/0199-blscfg-remove-unused-typedef.patch @@ -0,0 +1,29 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Will Thompson +Date: Wed, 11 Jul 2018 14:59:52 +0100 +Subject: [PATCH] blscfg: remove unused typedef +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This is unused since ‘Use BLS fragment filename as menu entry id and for +criteria to sort’. + +Signed-off-by: Will Thompson +--- + grub-core/commands/blscfg.c | 2 -- + 1 file changed, 2 deletions(-) + +diff --git a/grub-core/commands/blscfg.c b/grub-core/commands/blscfg.c +index cd8659384..82fb6cdd1 100644 +--- a/grub-core/commands/blscfg.c ++++ b/grub-core/commands/blscfg.c +@@ -327,8 +327,6 @@ finish: + return ret; + } + +-typedef int (*void_cmp_t)(void *, void *); +- + static int bls_cmp(const void *p0, const void *p1, void *state UNUSED) + { + struct bls_entry * e0 = *(struct bls_entry **)p0; diff --git a/SOURCES/0200-blscfg-don-t-dynamically-allocate-default_blsdir.patch b/SOURCES/0200-blscfg-don-t-dynamically-allocate-default_blsdir.patch new file mode 100644 index 0000000..b3c5fab --- /dev/null +++ b/SOURCES/0200-blscfg-don-t-dynamically-allocate-default_blsdir.patch @@ -0,0 +1,45 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Will Thompson +Date: Wed, 11 Jul 2018 15:01:45 +0100 +Subject: [PATCH] blscfg: don't dynamically allocate default_blsdir + +Signed-off-by: Will Thompson +--- + grub-core/commands/blscfg.c | 9 +++------ + 1 file changed, 3 insertions(+), 6 deletions(-) + +diff --git a/grub-core/commands/blscfg.c b/grub-core/commands/blscfg.c +index 82fb6cdd1..b61dddb7f 100644 +--- a/grub-core/commands/blscfg.c ++++ b/grub-core/commands/blscfg.c +@@ -623,7 +623,7 @@ static int find_entry (const char *filename, + grub_file_t f = NULL; + char *grubenv_path = NULL; + grub_envblk_t env = NULL; +- char *default_blsdir = NULL; ++ const char *default_blsdir = NULL; + grub_fs_t blsdir_fs = NULL; + grub_device_t blsdir_dev = NULL; + const char *blsdir = NULL; +@@ -643,10 +643,9 @@ static int find_entry (const char *filename, + + // set a default blsdir + if (info->platform == PLATFORM_EMU) +- default_blsdir = grub_xasprintf ("%s%s", GRUB_BOOT_DEVICE, +- GRUB_BLS_CONFIG_PATH); ++ default_blsdir = GRUB_BOOT_DEVICE GRUB_BLS_CONFIG_PATH; + else +- default_blsdir = grub_xasprintf ("%s", GRUB_BLS_CONFIG_PATH); ++ default_blsdir = GRUB_BLS_CONFIG_PATH; + + grub_env_set ("blsdir", default_blsdir); + grub_dprintf ("blscfg", "default_blsdir: \"%s\"\n", default_blsdir); +@@ -788,8 +787,6 @@ finish: + if (f) + grub_file_close (f); + +- grub_free (default_blsdir); +- + return 0; + } + diff --git a/SOURCES/0201-blscfg-sort-BLS-entries-by-version-field.patch b/SOURCES/0201-blscfg-sort-BLS-entries-by-version-field.patch new file mode 100644 index 0000000..0d3cbc2 --- /dev/null +++ b/SOURCES/0201-blscfg-sort-BLS-entries-by-version-field.patch @@ -0,0 +1,58 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Will Thompson +Date: Wed, 11 Jul 2018 15:41:09 +0100 +Subject: [PATCH] blscfg: sort BLS entries by 'version' field +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This partially reverts ‘Use BLS fragment filename as menu entry id and +for criteria to sort’. Sorting by filename only gives the correct order +if the BLS entries are generated by a version of ostree after this patch +https://github.com/ostreedev/ostree/commit/9f48e212a3bf9ed418fb3216e4f834d581bc520e +to use the version (higher is newer) in the filename. Older ostrees, +including all releases at the time of writing, use the index (lower is +newer) in the filename, so sorting by filename produces the reverse +order. + +Sorting by 'version' field matches libostree's own +compare_boot_loader_configs(), so I think it's more correct than relying +on the filename, particularly since we've already gone to the trouble of +parsing all the fields in the file. + +Signed-off-by: Will Thompson +--- + grub-core/commands/blscfg.c | 16 ++++++++++++++++ + 1 file changed, 16 insertions(+) + +diff --git a/grub-core/commands/blscfg.c b/grub-core/commands/blscfg.c +index b61dddb7f..9c928dda4 100644 +--- a/grub-core/commands/blscfg.c ++++ b/grub-core/commands/blscfg.c +@@ -327,10 +327,26 @@ finish: + return ret; + } + ++/* return 1: p0 is newer than p1 */ ++/* 0: p0 and p1 are the same version */ ++/* -1: p1 is newer than p0 */ + static int bls_cmp(const void *p0, const void *p1, void *state UNUSED) + { + struct bls_entry * e0 = *(struct bls_entry **)p0; + struct bls_entry * e1 = *(struct bls_entry **)p1; ++ const char *v0, *v1; ++ int r; ++ ++ v0 = bls_get_val(e0, "version", NULL); ++ v1 = bls_get_val(e1, "version", NULL); ++ ++ if (v0 && !v1) ++ return -1; ++ if (!v0 && v1) ++ return 1; ++ ++ if ((r = vercmp(v0, v1)) != 0) ++ return r; + + return vercmp(e0->filename, e1->filename); + } diff --git a/SOURCES/0202-blscfg-remove-NULL-guards-around-grub_free.patch b/SOURCES/0202-blscfg-remove-NULL-guards-around-grub_free.patch new file mode 100644 index 0000000..706043a --- /dev/null +++ b/SOURCES/0202-blscfg-remove-NULL-guards-around-grub_free.patch @@ -0,0 +1,48 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Will Thompson +Date: Thu, 12 Jul 2018 10:14:43 +0100 +Subject: [PATCH] blscfg: remove NULL guards around grub_free() + +The internal implementation of grub_free() is NULL-safe. In emu builds, +it just delegates to the host's free(), which is specified by ANSI C to +be NULL-safe. + +Signed-off-by: Will Thompson +--- + grub-core/commands/blscfg.c | 23 ++++++----------------- + 1 file changed, 6 insertions(+), 17 deletions(-) + +diff --git a/grub-core/commands/blscfg.c b/grub-core/commands/blscfg.c +index 9c928dda4..bd78559ef 100644 +--- a/grub-core/commands/blscfg.c ++++ b/grub-core/commands/blscfg.c +@@ -600,23 +600,12 @@ static void create_entry (struct bls_entry *entry, const char *cfgfile) + grub_normal_add_menu_entry (argc, argv, classes, id, users, hotkey, NULL, src, 0); + + finish: +- if (initrd) +- grub_free (initrd); +- +- if (initrds) +- grub_free (initrds); +- +- if (classes) +- grub_free (classes); +- +- if (args) +- grub_free (args); +- +- if (argv) +- grub_free (argv); +- +- if (src) +- grub_free (src); ++ grub_free (initrd); ++ grub_free (initrds); ++ grub_free (classes); ++ grub_free (args); ++ grub_free (argv); ++ grub_free (src); + } + + struct find_entry_info { diff --git a/SOURCES/0203-blscfg-fix-filename-in-no-linux-key-error.patch b/SOURCES/0203-blscfg-fix-filename-in-no-linux-key-error.patch new file mode 100644 index 0000000..89b399d --- /dev/null +++ b/SOURCES/0203-blscfg-fix-filename-in-no-linux-key-error.patch @@ -0,0 +1,47 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Will Thompson +Date: Thu, 12 Jul 2018 10:38:27 +0100 +Subject: [PATCH] blscfg: fix filename in "no 'linux' key" error + +In find_entry(), 'filename' is either NULL or a directory in the ESP. +But previously it was passed to create_entry(), which uses it in an +error message as if it's the filename of the BLS entry in question. + +Since bls_entry now has a 'filename' field, just use that. + +Signed-off-by: Will Thompson +--- + grub-core/commands/blscfg.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/grub-core/commands/blscfg.c b/grub-core/commands/blscfg.c +index bd78559ef..a45f40fe6 100644 +--- a/grub-core/commands/blscfg.c ++++ b/grub-core/commands/blscfg.c +@@ -514,7 +514,7 @@ static char **bls_make_list (struct bls_entry *entry, const char *key, int *num) + return list; + } + +-static void create_entry (struct bls_entry *entry, const char *cfgfile) ++static void create_entry (struct bls_entry *entry) + { + int argc = 0; + const char **argv = NULL; +@@ -539,7 +539,7 @@ static void create_entry (struct bls_entry *entry, const char *cfgfile) + clinux = bls_get_val (entry, "linux", NULL); + if (!clinux) + { +- grub_dprintf ("blscfg", "Skipping file %s with no 'linux' key.\n", cfgfile); ++ grub_dprintf ("blscfg", "Skipping file %s with no 'linux' key.\n", entry->filename); + goto finish; + } + +@@ -753,7 +753,7 @@ static int find_entry (const char *filename, + + grub_dprintf ("blscfg", "%s Creating %d entries from bls\n", __func__, nentries); + for (r = nentries - 1; r >= 0; r--) +- create_entry(entries[r], filename); ++ create_entry(entries[r]); + + for (r = 0; r < nentries; r++) + bls_free_entry (entries[r]); diff --git a/SOURCES/0204-blscfg-don-t-leak-bls_entry.filename.patch b/SOURCES/0204-blscfg-don-t-leak-bls_entry.filename.patch new file mode 100644 index 0000000..e4a51b3 --- /dev/null +++ b/SOURCES/0204-blscfg-don-t-leak-bls_entry.filename.patch @@ -0,0 +1,27 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Will Thompson +Date: Thu, 12 Jul 2018 10:59:10 +0100 +Subject: [PATCH] blscfg: don't leak bls_entry.filename + +Zeroing the bls_entry struct before calling grub_free() on one of its +fields is not going to work too well. + +Signed-off-by: Will Thompson +--- + grub-core/commands/blscfg.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/grub-core/commands/blscfg.c b/grub-core/commands/blscfg.c +index a45f40fe6..11a356de8 100644 +--- a/grub-core/commands/blscfg.c ++++ b/grub-core/commands/blscfg.c +@@ -166,8 +166,8 @@ static void bls_free_entry(struct bls_entry *entry) + } + + grub_free (entry->keyvals); +- grub_memset (entry, 0, sizeof (*entry)); + grub_free (entry->filename); ++ grub_memset (entry, 0, sizeof (*entry)); + grub_free (entry); + } + diff --git a/SOURCES/0205-blscfg-fix-compilation-on-EFI-and-EMU.patch b/SOURCES/0205-blscfg-fix-compilation-on-EFI-and-EMU.patch new file mode 100644 index 0000000..c884488 --- /dev/null +++ b/SOURCES/0205-blscfg-fix-compilation-on-EFI-and-EMU.patch @@ -0,0 +1,34 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Will Thompson +Date: Thu, 12 Jul 2018 19:00:42 +0100 +Subject: [PATCH] blscfg: fix compilation on !EFI and !EMU +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Neither GRUB_MACHINE_EFI nor GRUB_MACHINE_EMU are defined when compiling +for (eg) i386-pc. In this case, #elif GRUB_MACHINE_EMU is an error: + + commands/blscfg.c: In function ‘grub_cmd_blscfg’: + commands/blscfg.c:835:7: error: "GRUB_MACHINE_EMU" is not defined [-Werror=undef] + #elif GRUB_MACHINE_EMU + ^~~~~~~~~~~~~~~~ + +Signed-off-by: Will Thompson +--- + grub-core/commands/blscfg.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/grub-core/commands/blscfg.c b/grub-core/commands/blscfg.c +index 11a356de8..53676576b 100644 +--- a/grub-core/commands/blscfg.c ++++ b/grub-core/commands/blscfg.c +@@ -843,7 +843,7 @@ grub_cmd_blscfg (grub_extcmd_context_t ctxt UNUSED, + info.platform = PLATFORM_EFI; + grub_dprintf ("blscfg", "scanning /EFI/\n"); + r = fs->dir (dev, "/EFI/", find_entry, &info); +-#elif GRUB_MACHINE_EMU ++#elif defined(GRUB_MACHINE_EMU) + info.platform = PLATFORM_EMU; + grub_dprintf ("blscfg", "scanning %s%s\n", GRUB_BOOT_DEVICE, + GRUB_BLS_CONFIG_PATH); diff --git a/SOURCES/0206-Add-loadenv-to-blscfg-and-loadenv-source-file-list.patch b/SOURCES/0206-Add-loadenv-to-blscfg-and-loadenv-source-file-list.patch new file mode 100644 index 0000000..1e11177 --- /dev/null +++ b/SOURCES/0206-Add-loadenv-to-blscfg-and-loadenv-source-file-list.patch @@ -0,0 +1,39 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Will Thompson +Date: Fri, 13 Jul 2018 05:51:54 +0100 +Subject: [PATCH] Add loadenv to blscfg and loadenv source file list +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Without this, `make distcheck` fails because loadenv.h is not included +in the source tarball. + +This broke in ‘Add blscfg command support to parse BootLoaderSpec config +fragments’. + +Signed-off-by: Will Thompson +--- + grub-core/Makefile.core.def | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def +index 2851437e0..aa44d66ac 100644 +--- a/grub-core/Makefile.core.def ++++ b/grub-core/Makefile.core.def +@@ -781,6 +781,7 @@ module = { + module = { + name = blscfg; + common = commands/blscfg.c; ++ common = commands/loadenv.h; + enable = efi; + enable = i386_pc; + enable = emu; +@@ -947,6 +948,7 @@ module = { + module = { + name = loadenv; + common = commands/loadenv.c; ++ common = commands/loadenv.h; + common = lib/envblk.c; + }; + diff --git a/SOURCES/0207-blscfg-Get-rid-of-the-linuxefi-linux16-linux-distinc.patch b/SOURCES/0207-blscfg-Get-rid-of-the-linuxefi-linux16-linux-distinc.patch new file mode 100644 index 0000000..c97dee2 --- /dev/null +++ b/SOURCES/0207-blscfg-Get-rid-of-the-linuxefi-linux16-linux-distinc.patch @@ -0,0 +1,56 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Mon, 16 Jul 2018 11:00:50 -0400 +Subject: [PATCH] blscfg: Get rid of the linuxefi/linux16/linux distinction + +Signed-off-by: Peter Jones +--- + grub-core/commands/blscfg.c | 14 +++----------- + 1 file changed, 3 insertions(+), 11 deletions(-) + +diff --git a/grub-core/commands/blscfg.c b/grub-core/commands/blscfg.c +index 53676576b..c6addc4dc 100644 +--- a/grub-core/commands/blscfg.c ++++ b/grub-core/commands/blscfg.c +@@ -43,14 +43,6 @@ GRUB_MOD_LICENSE ("GPLv3+"); + #define GRUB_BOOT_DEVICE "($root)" + #endif + +-#ifdef GRUB_MACHINE_EFI +-#define GRUB_LINUX_CMD "linuxefi" +-#define GRUB_INITRD_CMD "initrdefi" +-#else +-#define GRUB_LINUX_CMD "linux" +-#define GRUB_INITRD_CMD "initrd" +-#endif +- + enum + { + PLATFORM_EFI, +@@ -563,7 +555,7 @@ static void create_entry (struct bls_entry *entry) + title, id); + if (initrds) + { +- int initrd_size = sizeof (GRUB_INITRD_CMD); ++ int initrd_size = sizeof ("initrd"); + char *tmp; + + for (i = 0; initrds != NULL && initrds[i] != NULL; i++) +@@ -579,7 +571,7 @@ static void create_entry (struct bls_entry *entry) + } + + +- tmp = grub_stpcpy(initrd, GRUB_INITRD_CMD); ++ tmp = grub_stpcpy(initrd, "initrd "); + for (i = 0; initrds != NULL && initrds[i] != NULL; i++) + { + grub_dprintf ("blscfg", "adding initrd %s\n", initrds[i]); +@@ -592,7 +584,7 @@ static void create_entry (struct bls_entry *entry) + src = grub_xasprintf ("load_video\n" + "set gfx_payload=keep\n" + "insmod gzio\n" +- GRUB_LINUX_CMD " %s%s%s%s\n" ++ "linux %s%s%s%s\n" + "%s", + GRUB_BOOT_DEVICE, clinux, options ? " " : "", options ? options : "", + initrd ? initrd : ""); diff --git a/SOURCES/0208-grub-switch-to-blscfg-Only-fix-boot-prefix-for-non-g.patch b/SOURCES/0208-grub-switch-to-blscfg-Only-fix-boot-prefix-for-non-g.patch new file mode 100644 index 0000000..17846c9 --- /dev/null +++ b/SOURCES/0208-grub-switch-to-blscfg-Only-fix-boot-prefix-for-non-g.patch @@ -0,0 +1,48 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Wed, 18 Jul 2018 08:07:37 +0200 +Subject: [PATCH] grub-switch-to-blscfg: Only fix boot prefix for non-generated + BLS files + +The BLS files are either copied from /lib/modules/$kernelver/bls.conf or +generated if this file doesn't exist. The shipped bls.conf default path +for the kernel and initramfs is relative to the boot partition. + +But in some setups /boot may not be a mount point so in that case the +boot prefix has to be added to the BLS. But we already provide this +prefix for generated BLS files so attempting to add a boot prefix will +lead to a path that contains the boot prefix twice (i.e: /boot/boot). + +Reported-by: Hans de Goede +Signed-off-by: Javier Martinez Canillas +--- + util/grub-switch-to-blscfg.in | 9 ++++----- + 1 file changed, 4 insertions(+), 5 deletions(-) + +diff --git a/util/grub-switch-to-blscfg.in b/util/grub-switch-to-blscfg.in +index 40612e006..9cf64f8e7 100644 +--- a/util/grub-switch-to-blscfg.in ++++ b/util/grub-switch-to-blscfg.in +@@ -236,6 +236,10 @@ for kernelver in $(cd /lib/modules/ ; ls -1) "" ; do + + if [ -f "${kernel_dir}/bls.conf" ] ; then + cp -af "${kernel_dir}/bls.conf" "${bls_target}" ++ if [ -n "${bootprefix}" ]; then ++ sed -i -e "s,^\(linux[^ \t]*[ \t]\+\).*,\1${bootprefix}${linux},g" "${bls_target}" ++ sed -i -e "/^initrd/ s,\([ \t]\+\)\([^ \t]\+\),\1${bootprefix}\2,g" "${bls_target}" ++ fi + else + mkbls "${kernelver}" \ + "$(date -u +%Y%m%d%H%M%S -d "$(stat -c '%y' "${kernel_dir}")")" \ +@@ -243,11 +247,6 @@ for kernelver in $(cd /lib/modules/ ; ls -1) "" ; do + >"${bls_target}" + fi + +- if [ -n "${bootprefix}" ]; then +- sed -i -e "s,^\(linux[^ \t]*[ \t]\+\).*,\1${bootprefix}${linux},g" "${bls_target}" +- sed -i -e "/^initrd/ s,\([ \t]\+\)\([^ \t]\+\),\1${bootprefix}\2,g" "${bls_target}" +- fi +- + if [ "x$GRUB_LINUX_MAKE_DEBUG" = "xtrue" ]; then + arch="$(uname -m)" + bls_debug="$(echo ${bls_target} | sed -e "s/\.${arch}/-debug.${arch}/")" diff --git a/SOURCES/0209-blscfg-Expand-the-BLS-options-field-instead-of-showi.patch b/SOURCES/0209-blscfg-Expand-the-BLS-options-field-instead-of-showi.patch new file mode 100644 index 0000000..e4841b8 --- /dev/null +++ b/SOURCES/0209-blscfg-Expand-the-BLS-options-field-instead-of-showi.patch @@ -0,0 +1,130 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Wed, 18 Jul 2018 08:08:02 +0200 +Subject: [PATCH] blscfg: Expand the BLS options field instead of showing its + variables + +The values of the BLS fragment fields can either be string literals or +grub2 environment variables, the latter will be expanded by grub2 when +the boot entry is selected. + +But from a usability point of view, is much more convenient if the BLS +parse code expand any variables that are present in the options field. + +That will allow users to select an entry in the menu by pressing the e +key and edit the kernel command line parameters. So for example instead +of showing the following: + +kernel /boot/vmlinuz-4.17.0 $kernelopts + +It would show something like the following: + +kernel /boot/vmlinuz-4.17.0 root=UUID=cec677c9-c890-4103-b94a-bcc191642935 + +Suggested-by: Hans de Goede +Signed-off-by: Javier Martinez Canillas +--- + grub-core/commands/blscfg.c | 69 ++++++++++++++++++++++++++++++++++++++++++++- + 1 file changed, 68 insertions(+), 1 deletion(-) + +diff --git a/grub-core/commands/blscfg.c b/grub-core/commands/blscfg.c +index c6addc4dc..80d8814fc 100644 +--- a/grub-core/commands/blscfg.c ++++ b/grub-core/commands/blscfg.c +@@ -32,6 +32,8 @@ + #include + #include + ++#include ++ + GRUB_MOD_LICENSE ("GPLv3+"); + + #include "loadenv.h" +@@ -506,6 +508,70 @@ static char **bls_make_list (struct bls_entry *entry, const char *key, int *num) + return list; + } + ++static char *field_append(bool is_var, char *buffer, char *start, char *end) ++{ ++ char *temp = grub_strndup(start, end - start + 1); ++ const char *field = temp; ++ ++ if (is_var) { ++ field = grub_env_get (temp); ++ if (!field) ++ return buffer; ++ } ++ ++ if (!buffer) { ++ buffer = grub_strdup(field); ++ if (!buffer) ++ return NULL; ++ } else { ++ buffer = grub_realloc (buffer, grub_strlen(buffer) + grub_strlen(field)); ++ if (!buffer) ++ return NULL; ++ ++ grub_stpcpy (buffer + grub_strlen(buffer), field); ++ } ++ ++ return buffer; ++} ++ ++static char *expand_val(char *value) ++{ ++ char *buffer = NULL; ++ char *start = value; ++ char *end = value; ++ bool is_var = false; ++ ++ while (*value) { ++ if (*value == '$') { ++ if (start != end) { ++ buffer = field_append(is_var, buffer, start, end); ++ if (!buffer) ++ return NULL; ++ } ++ ++ is_var = true; ++ start = value + 1; ++ } else if (is_var) { ++ if (!grub_isalnum(*value) && *value != '_') { ++ buffer = field_append(is_var, buffer, start, end); ++ is_var = false; ++ start = value; ++ } ++ } ++ ++ end = value; ++ value++; ++ } ++ ++ if (start != end) { ++ buffer = field_append(is_var, buffer, start, end); ++ if (!buffer) ++ return NULL; ++ } ++ ++ return buffer; ++} ++ + static void create_entry (struct bls_entry *entry) + { + int argc = 0; +@@ -536,7 +602,7 @@ static void create_entry (struct bls_entry *entry) + } + + title = bls_get_val (entry, "title", NULL); +- options = bls_get_val (entry, "options", NULL); ++ options = expand_val (bls_get_val (entry, "options", NULL)); + initrds = bls_make_list (entry, "initrd", NULL); + + hotkey = bls_get_val (entry, "grub_hotkey", NULL); +@@ -594,6 +660,7 @@ static void create_entry (struct bls_entry *entry) + finish: + grub_free (initrd); + grub_free (initrds); ++ grub_free (options); + grub_free (classes); + grub_free (args); + grub_free (argv); diff --git a/SOURCES/0210-blscfg-Fallback-to-search-BLS-snippets-in-boot-loade.patch b/SOURCES/0210-blscfg-Fallback-to-search-BLS-snippets-in-boot-loade.patch new file mode 100644 index 0000000..84b67c7 --- /dev/null +++ b/SOURCES/0210-blscfg-Fallback-to-search-BLS-snippets-in-boot-loade.patch @@ -0,0 +1,59 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Wed, 18 Jul 2018 08:08:06 +0200 +Subject: [PATCH] blscfg: Fallback to search BLS snippets in + /boot/loader/entries + +The default path to search the BLS snippets is /loader/entries, this is +only a correct assumption if $root ($root) is a boot partition but it's +not true if /boot isn't a mount point. + +A user can set a blsdir grub environment variable to choose a different +path, but instead of failing when /boot is a directory inside the root +partition fallback to search the BLS in /boot/loader/entries to cover +that case as well. + +Reported-by: Hans de Goede +Signed-off-by: Javier Martinez Canillas +--- + grub-core/commands/blscfg.c | 13 ++++++++++++- + 1 file changed, 12 insertions(+), 1 deletion(-) + +diff --git a/grub-core/commands/blscfg.c b/grub-core/commands/blscfg.c +index 80d8814fc..321c93069 100644 +--- a/grub-core/commands/blscfg.c ++++ b/grub-core/commands/blscfg.c +@@ -692,6 +692,7 @@ static int find_entry (const char *filename, + grub_device_t blsdir_dev = NULL; + const char *blsdir = NULL; + char *saved_env_buf = NULL; ++ int fallback = 0; + int r = 0; + const char *devid = grub_env_get ("boot"); + +@@ -797,7 +798,9 @@ static int find_entry (const char *filename, + } + read_entry_info.dirname = blsdir; + +- r = blsdir_fs->dir (blsdir_dev, blsdir, read_entry, &read_entry_info); ++read_fallback: ++ r = blsdir_fs->dir (blsdir_dev, read_entry_info.dirname, read_entry, ++ &read_entry_info); + if (r != 0) { + grub_dprintf ("blscfg", "read_entry returned error\n"); + grub_err_t e; +@@ -807,6 +810,14 @@ static int find_entry (const char *filename, + } while (e); + } + ++ if (!nentries && !fallback && info->platform != PLATFORM_EMU) { ++ read_entry_info.dirname = "/boot" GRUB_BLS_CONFIG_PATH; ++ grub_dprintf ("blscfg", "Entries weren't found in %s, fallback to %s\n", ++ blsdir, read_entry_info.dirname); ++ fallback = 1; ++ goto read_fallback; ++ } ++ + grub_dprintf ("blscfg", "Sorting %d entries\n", nentries); + grub_qsort(&entries[0], nentries, sizeof (struct bls_entry *), bls_cmp, NULL); + diff --git a/SOURCES/0211-blscfg-Don-t-attempt-to-sort-by-version-if-not-prese.patch b/SOURCES/0211-blscfg-Don-t-attempt-to-sort-by-version-if-not-prese.patch new file mode 100644 index 0000000..0034275 --- /dev/null +++ b/SOURCES/0211-blscfg-Don-t-attempt-to-sort-by-version-if-not-prese.patch @@ -0,0 +1,82 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Wed, 18 Jul 2018 00:58:44 +0200 +Subject: [PATCH] blscfg: Don't attempt to sort by version if not present in + all BLS files + +Commit a16805341cc ("blscfg: sort BLS entries by 'version' field") made to +sort by the version field take precedence over the BLS fragment file name. + +But it also uses the lack of the version field in one BLS fragment as sort +criterion, which means that entries could be wrongly sorted if one of them +doesn't have a version field and others do. + +So only sort by version if all the BLS entries have this field defined, +otherwise just fallback to sorting by the BLS file name. + +Reported-by: Hans de Goede +Suggested-by: Will Thompson +Signed-off-by: Javier Martinez Canillas +--- + grub-core/commands/blscfg.c | 27 ++++++++++++++++----------- + 1 file changed, 16 insertions(+), 11 deletions(-) + +diff --git a/grub-core/commands/blscfg.c b/grub-core/commands/blscfg.c +index 321c93069..69bfb5db2 100644 +--- a/grub-core/commands/blscfg.c ++++ b/grub-core/commands/blscfg.c +@@ -324,23 +324,21 @@ finish: + /* return 1: p0 is newer than p1 */ + /* 0: p0 and p1 are the same version */ + /* -1: p1 is newer than p0 */ +-static int bls_cmp(const void *p0, const void *p1, void *state UNUSED) ++static int bls_cmp(const void *p0, const void *p1, void *state) + { + struct bls_entry * e0 = *(struct bls_entry **)p0; + struct bls_entry * e1 = *(struct bls_entry **)p1; ++ bool use_version = *(bool *)state; + const char *v0, *v1; + int r; + +- v0 = bls_get_val(e0, "version", NULL); +- v1 = bls_get_val(e1, "version", NULL); ++ if (use_version) { ++ v0 = bls_get_val(e0, "version", NULL); ++ v1 = bls_get_val(e1, "version", NULL); + +- if (v0 && !v1) +- return -1; +- if (!v0 && v1) +- return 1; +- +- if ((r = vercmp(v0, v1)) != 0) +- return r; ++ if ((r = vercmp(v0, v1)) != 0) ++ return r; ++ } + + return vercmp(e0->filename, e1->filename); + } +@@ -692,6 +690,7 @@ static int find_entry (const char *filename, + grub_device_t blsdir_dev = NULL; + const char *blsdir = NULL; + char *saved_env_buf = NULL; ++ bool use_version = true; + int fallback = 0; + int r = 0; + const char *devid = grub_env_get ("boot"); +@@ -819,7 +818,13 @@ read_fallback: + } + + grub_dprintf ("blscfg", "Sorting %d entries\n", nentries); +- grub_qsort(&entries[0], nentries, sizeof (struct bls_entry *), bls_cmp, NULL); ++ ++ for (r = 0; r < nentries && use_version; r++) { ++ if (!bls_get_val(entries[r], "version", NULL)) ++ use_version = false; ++ } ++ ++ grub_qsort(&entries[0], nentries, sizeof (struct bls_entry *), bls_cmp, &use_version); + + grub_dprintf ("blscfg", "%s Creating %d entries from bls\n", __func__, nentries); + for (r = nentries - 1; r >= 0; r--) diff --git a/SOURCES/0212-blscfg-remove-logic-to-read-the-grubenv-file-and-set.patch b/SOURCES/0212-blscfg-remove-logic-to-read-the-grubenv-file-and-set.patch new file mode 100644 index 0000000..1ac611b --- /dev/null +++ b/SOURCES/0212-blscfg-remove-logic-to-read-the-grubenv-file-and-set.patch @@ -0,0 +1,292 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Sat, 28 Jul 2018 23:57:15 +0200 +Subject: [PATCH] blscfg: remove logic to read the grubenv file and set the + blsdir variable + +The BLS grub2 support has a blsdir environment variable that can be set by +users to override the BLS fragment default path. + +Currently the BLS parsing code reads the grubenv file and sets the blsdir +variable, but it shouldn't be the responsability of the blscfg module to +do this and instead just use it if the variable has been set (either from +the grub.cfg file or the grub shell). + +This makes the find_entry() function much simpler and consistent for EFI, +BIOS and grub-emu. It also fixes a bug that caused having menu entries to +be repeated for each sub-directory that existed under the /EFI directory. + +So for example having three different operating systems sharing the ESP, +would lead to the boot menu entries being repeated three times for grub. + +Signed-off-by: Javier Martinez Canillas +--- + grub-core/commands/blscfg.c | 179 ++++---------------------------------------- + 1 file changed, 16 insertions(+), 163 deletions(-) + +diff --git a/grub-core/commands/blscfg.c b/grub-core/commands/blscfg.c +index 69bfb5db2..bdb1c5a95 100644 +--- a/grub-core/commands/blscfg.c ++++ b/grub-core/commands/blscfg.c +@@ -45,13 +45,6 @@ GRUB_MOD_LICENSE ("GPLv3+"); + #define GRUB_BOOT_DEVICE "($root)" + #endif + +-enum +- { +- PLATFORM_EFI, +- PLATFORM_EMU, +- PLATFORM_BIOS, +- }; +- + #define grub_free(x) ({grub_dprintf("blscfg", "%s freeing %p\n", __func__, x); grub_free(x); }) + + struct keyval +@@ -666,137 +659,37 @@ finish: + } + + struct find_entry_info { ++ const char *devid; + grub_device_t dev; + grub_fs_t fs; + int platform; + }; + + /* +- * filename: if the directory is /EFI/something/ , filename is "something" +- * info: unused +- * data: the filesystem object the file is on. ++ * info: the filesystem object the file is on. + */ +-static int find_entry (const char *filename, +- const struct grub_dirhook_info *dirhook_info UNUSED, +- void *data) ++static int find_entry (struct find_entry_info *info) + { +- struct find_entry_info *info = (struct find_entry_info *)data; + struct read_entry_info read_entry_info; +- grub_file_t f = NULL; +- char *grubenv_path = NULL; +- grub_envblk_t env = NULL; +- const char *default_blsdir = NULL; + grub_fs_t blsdir_fs = NULL; + grub_device_t blsdir_dev = NULL; + const char *blsdir = NULL; +- char *saved_env_buf = NULL; + bool use_version = true; + int fallback = 0; + int r = 0; +- const char *devid = grub_env_get ("boot"); +- +- grub_dprintf("blscfg", "%s got here\n", __func__); +- if (filename && (!grub_strcmp (filename, ".") || +- !grub_strcmp (filename, ".."))) +- return 0; +- +- if (info->platform == PLATFORM_EFI && !grub_strcasecmp (filename, "boot")) +- return 0; +- +- saved_env_buf = grub_malloc (512); +- +- // set a default blsdir +- if (info->platform == PLATFORM_EMU) +- default_blsdir = GRUB_BOOT_DEVICE GRUB_BLS_CONFIG_PATH; +- else +- default_blsdir = GRUB_BLS_CONFIG_PATH; +- +- grub_env_set ("blsdir", default_blsdir); +- grub_dprintf ("blscfg", "default_blsdir: \"%s\"\n", default_blsdir); +- +- /* +- * try to load a grubenv from /EFI/wherever/grubenv +- */ +- if (info->platform == PLATFORM_EFI) +- grubenv_path = grub_xasprintf ("(%s)/EFI/%s/grubenv", devid, filename); +- else +- grubenv_path = grub_xasprintf ("(%s)/grub2/grubenv", devid); +- +- grub_dprintf ("blscfg", "looking for \"%s\"\n", grubenv_path); +- f = grub_file_open (grubenv_path); +- +- grub_dprintf ("blscfg", "%s it\n", f ? "found" : "did not find"); +- grub_free (grubenv_path); +- if (f) +- { +- grub_off_t sz; +- +- grub_dprintf ("blscfg", "getting size\n"); +- sz = grub_file_size (f); +- if (sz == GRUB_FILE_SIZE_UNKNOWN || sz > 1024*1024) +- goto finish; +- +- grub_dprintf ("blscfg", "reading env\n"); +- env = read_envblk_file (f); +- if (!env) +- goto finish; +- grub_dprintf ("blscfg", "read env file\n"); +- +- grub_memset (saved_env_buf, '#', 512); +- grub_memcpy (saved_env_buf, GRUB_ENVBLK_SIGNATURE, +- sizeof (GRUB_ENVBLK_SIGNATURE)); +- grub_dprintf ("blscfg", "saving env\n"); +- saved_env = grub_envblk_open (saved_env_buf, 512); +- if (!saved_env) +- goto finish; +- +- // save everything listed in "env" with values from our existing grub env +- grub_envblk_iterate (env, NULL, save_var); +- // set everything from our loaded grubenv into the real grub env +- grub_envblk_iterate (env, NULL, set_var); +- } +- else +- { +- grub_err_t e; +- grub_dprintf ("blscfg", "no such file\n"); +- do +- { +- e = grub_error_pop(); +- } while (e); +- +- } + + blsdir = grub_env_get ("blsdir"); + if (!blsdir) +- goto finish; ++ blsdir = GRUB_BLS_CONFIG_PATH; + +- grub_dprintf ("blscfg", "blsdir: \"%s\"\n", blsdir); +- blsdir = grub_strdup (blsdir); +- +- if (!blsdir) +- goto finish; +- +- grub_dprintf ("blscfg", "blsdir: \"%s\"\n", blsdir); +- if (info->platform == PLATFORM_EFI) { +- read_entry_info.devid = grub_env_get ("root"); +- if (!read_entry_info.devid) +- goto finish; +- +- blsdir_dev = grub_device_open (read_entry_info.devid); +- if (!blsdir_dev) +- goto finish; +- +- blsdir_fs = grub_fs_probe (blsdir_dev); +- if (!blsdir_fs) +- goto finish; +- +- } else { +- read_entry_info.devid = devid; +- blsdir_dev = info->dev; +- blsdir_fs = info->fs; +- } + read_entry_info.dirname = blsdir; + ++ grub_dprintf ("blscfg", "scanning blsdir: %s\n", GRUB_BLS_CONFIG_PATH); ++ ++ blsdir_dev = info->dev; ++ blsdir_fs = info->fs; ++ read_entry_info.devid = info->devid; ++ + read_fallback: + r = blsdir_fs->dir (blsdir_dev, read_entry_info.dirname, read_entry, + &read_entry_info); +@@ -809,7 +702,7 @@ read_fallback: + } while (e); + } + +- if (!nentries && !fallback && info->platform != PLATFORM_EMU) { ++ if (!nentries && !fallback) { + read_entry_info.dirname = "/boot" GRUB_BLS_CONFIG_PATH; + grub_dprintf ("blscfg", "Entries weren't found in %s, fallback to %s\n", + blsdir, read_entry_info.dirname); +@@ -832,41 +725,12 @@ read_fallback: + + for (r = 0; r < nentries; r++) + bls_free_entry (entries[r]); +-finish: +- if (info->platform == PLATFORM_EFI && blsdir_dev) +- grub_device_close (blsdir_dev); + + nentries = 0; + + grub_free (entries); + entries = NULL; + +- grub_free ((char *)blsdir); +- +- grub_env_unset ("blsdir"); +- +- if (saved_env) +- { +- // remove everything from the real environment that's defined in env +- grub_envblk_iterate (env, NULL, unset_var); +- +- // re-set the things from our original environment +- grub_envblk_iterate (saved_env, NULL, set_var); +- grub_envblk_close (saved_env); +- saved_env = NULL; +- } +- else if (saved_env_buf) +- { +- // if we have a saved environment, grub_envblk_close() freed this. +- grub_free (saved_env_buf); +- } +- +- if (env) +- grub_envblk_close (env); +- +- if (f) +- grub_file_close (f); +- + return 0; + } + +@@ -883,7 +747,6 @@ grub_cmd_blscfg (grub_extcmd_context_t ctxt UNUSED, + { + .dev = NULL, + .fs = NULL, +- .platform = PLATFORM_BIOS, + }; + + +@@ -891,13 +754,14 @@ grub_cmd_blscfg (grub_extcmd_context_t ctxt UNUSED, + + #ifdef GRUB_MACHINE_EMU + devid = "host"; +- grub_env_set ("boot", devid); ++#elif defined(GRUB_MACHINE_EFI) ++ devid = grub_env_get ("root"); + #else + devid = grub_env_get ("boot"); ++#endif + if (!devid) + return grub_error (GRUB_ERR_FILE_NOT_FOUND, + N_("variable `%s' isn't set"), "boot"); +-#endif + + grub_dprintf ("blscfg", "opening %s\n", devid); + dev = grub_device_open (devid); +@@ -912,21 +776,10 @@ grub_cmd_blscfg (grub_extcmd_context_t ctxt UNUSED, + goto finish; + } + ++ info.devid = devid; + info.dev = dev; + info.fs = fs; +-#ifdef GRUB_MACHINE_EFI +- info.platform = PLATFORM_EFI; +- grub_dprintf ("blscfg", "scanning /EFI/\n"); +- r = fs->dir (dev, "/EFI/", find_entry, &info); +-#elif defined(GRUB_MACHINE_EMU) +- info.platform = PLATFORM_EMU; +- grub_dprintf ("blscfg", "scanning %s%s\n", GRUB_BOOT_DEVICE, +- GRUB_BLS_CONFIG_PATH); +- find_entry(NULL, NULL, &info); +-#else +- grub_dprintf ("blscfg", "scanning %s\n", GRUB_BLS_CONFIG_PATH); +- find_entry(NULL, NULL, &info); +-#endif ++ find_entry(&info); + + finish: + if (dev) diff --git a/SOURCES/0213-Rename-00_menu_auto_hide.in-to-01_menu_auto_hide.in.patch b/SOURCES/0213-Rename-00_menu_auto_hide.in-to-01_menu_auto_hide.in.patch new file mode 100644 index 0000000..0e74b5e --- /dev/null +++ b/SOURCES/0213-Rename-00_menu_auto_hide.in-to-01_menu_auto_hide.in.patch @@ -0,0 +1,33 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Christian Glombek +Date: Tue, 31 Jul 2018 11:11:01 +0200 +Subject: [PATCH] Rename 00_menu_auto_hide.in to 01_menu_auto_hide.in + +This is necessary to accommodate the fallback counting script which +needs to run before this one because the menu auto hide script sets +boot_success = 0, which will be used by the boot counting script +--- + Makefile.util.def | 4 ++-- + util/grub.d/{00_menu_auto_hide.in => 01_menu_auto_hide.in} | 0 + 2 files changed, 2 insertions(+), 2 deletions(-) + rename util/grub.d/{00_menu_auto_hide.in => 01_menu_auto_hide.in} (100%) + +diff --git a/Makefile.util.def b/Makefile.util.def +index 97cd8bdeb..cba4d5001 100644 +--- a/Makefile.util.def ++++ b/Makefile.util.def +@@ -449,8 +449,8 @@ script = { + }; + + script = { +- name = '00_menu_auto_hide'; +- common = util/grub.d/00_menu_auto_hide.in; ++ name = '01_menu_auto_hide'; ++ common = util/grub.d/01_menu_auto_hide.in; + installdir = grubconf; + }; + +diff --git a/util/grub.d/00_menu_auto_hide.in b/util/grub.d/01_menu_auto_hide.in +similarity index 100% +rename from util/grub.d/00_menu_auto_hide.in +rename to util/grub.d/01_menu_auto_hide.in diff --git a/SOURCES/0214-efinet-also-use-the-firmware-acceleration-for-http.patch b/SOURCES/0214-efinet-also-use-the-firmware-acceleration-for-http.patch new file mode 100644 index 0000000..350d261 --- /dev/null +++ b/SOURCES/0214-efinet-also-use-the-firmware-acceleration-for-http.patch @@ -0,0 +1,25 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Mon, 30 Jul 2018 14:06:42 -0400 +Subject: [PATCH] efinet: also use the firmware acceleration for http + +Signed-off-by: Peter Jones +--- + grub-core/net/efi/net.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/grub-core/net/efi/net.c b/grub-core/net/efi/net.c +index 2bf15447f..f208d1b18 100644 +--- a/grub-core/net/efi/net.c ++++ b/grub-core/net/efi/net.c +@@ -1324,7 +1324,9 @@ grub_efi_net_boot_from_https (void) + && (subtype == GRUB_EFI_URI_DEVICE_PATH_SUBTYPE)) + { + grub_efi_uri_device_path_t *uri_dp = (grub_efi_uri_device_path_t *) dp; +- return (grub_strncmp ((const char*)uri_dp->uri, "https://", sizeof ("https://") - 1) == 0) ? 1 : 0; ++ grub_dprintf ("efinet", "url:%s\n", (const char *)uri_dp->uri); ++ return (grub_strncmp ((const char *)uri_dp->uri, "https://", sizeof ("https://") - 1) == 0 || ++ grub_strncmp ((const char *)uri_dp->uri, "http://", sizeof ("http://") - 1) == 0); + } + + if (GRUB_EFI_END_ENTIRE_DEVICE_PATH (dp)) diff --git a/SOURCES/0215-efi-http-Make-root_url-reflect-the-protocol-hostname.patch b/SOURCES/0215-efi-http-Make-root_url-reflect-the-protocol-hostname.patch new file mode 100644 index 0000000..1af9ba0 --- /dev/null +++ b/SOURCES/0215-efi-http-Make-root_url-reflect-the-protocol-hostname.patch @@ -0,0 +1,50 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Mon, 30 Jul 2018 16:39:57 -0400 +Subject: [PATCH] efi/http: Make root_url reflect the protocol+hostname of our + boot url. + +This lets you write config files that don't know urls. + +Signed-off-by: Peter Jones +--- + grub-core/net/efi/http.c | 19 +++++++++++++++++++ + 1 file changed, 19 insertions(+) + +diff --git a/grub-core/net/efi/http.c b/grub-core/net/efi/http.c +index 3f61fd2fa..243acbaa3 100644 +--- a/grub-core/net/efi/http.c ++++ b/grub-core/net/efi/http.c +@@ -4,6 +4,7 @@ + #include + #include + #include ++#include + + static void + http_configure (struct grub_efi_net_device *dev, int prefer_ip6) +@@ -351,6 +352,24 @@ grub_efihttp_open (struct grub_efi_net_device *dev, + grub_err_t err; + grub_off_t size; + char *buf; ++ char *root_url; ++ grub_efi_ipv6_address_t address; ++ const char *rest; ++ ++ if (grub_efi_string_to_ip6_address (file->device->net->server, &address, &rest) && *rest == 0) ++ root_url = grub_xasprintf ("%s://[%s]", type ? "https" : "http", file->device->net->server); ++ else ++ root_url = grub_xasprintf ("%s://%s", type ? "https" : "http", file->device->net->server); ++ if (root_url) ++ { ++ grub_env_unset ("root_url"); ++ grub_env_set ("root_url", root_url); ++ grub_free (root_url); ++ } ++ else ++ { ++ return grub_errno; ++ } + + err = efihttp_request (dev->http, file->device->net->server, file->device->net->name, type, 1, 0); + if (err != GRUB_ERR_NONE) diff --git a/SOURCES/0216-Force-everything-to-use-python3.patch b/SOURCES/0216-Force-everything-to-use-python3.patch new file mode 100644 index 0000000..af56885 --- /dev/null +++ b/SOURCES/0216-Force-everything-to-use-python3.patch @@ -0,0 +1,42 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Tue, 10 Jul 2018 16:54:02 -0400 +Subject: [PATCH] Force everything to use python3 + +But this still means you need to do PYTHON=python=3 ./autogen.sh if you +run the world's worst tooling before you patch. + +Signed-off-by: Peter Jones +--- + conf/Makefile.common | 4 ++-- + gentpl.py | 2 +- + 2 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/conf/Makefile.common b/conf/Makefile.common +index c75848f5c..1ecb921db 100644 +--- a/conf/Makefile.common ++++ b/conf/Makefile.common +@@ -128,11 +128,11 @@ BUILT_SOURCES = + + .PRECIOUS: $(top_srcdir)/Makefile.util.am + $(top_srcdir)/Makefile.util.am: $(top_srcdir)/gentpl.py $(top_srcdir)/Makefile.util.def $(top_srcdir)/Makefile.utilgcry.def +- python $^ > $@.new || (rm -f $@.new; exit 1) ++ python3 $^ > $@.new || (rm -f $@.new; exit 1) + mv $@.new $@ + + .PRECIOUS: $(top_srcdir)/grub-core/Makefile.core.am + $(top_srcdir)/grub-core/Makefile.core.am: $(top_srcdir)/gentpl.py $(top_srcdir)/grub-core/Makefile.core.def $(top_srcdir)/grub-core/Makefile.gcry.def + if [ "x$$GRUB_CONTRIB" != x ]; then echo "You need to run ./autogen.sh manually." >&2; exit 1; fi +- python $^ > $@.new || (rm -f $@.new; exit 1) ++ python3 $^ > $@.new || (rm -f $@.new; exit 1) + mv $@.new $@ +diff --git a/gentpl.py b/gentpl.py +index baac6a2af..6409736e8 100644 +--- a/gentpl.py ++++ b/gentpl.py +@@ -1,4 +1,4 @@ +-#! /usr/bin/python ++#! /usr/bin/env python3 + # GRUB -- GRand Unified Bootloader + # Copyright (C) 2010,2011,2012,2013 Free Software Foundation, Inc. + # diff --git a/SOURCES/0217-Fix-an-8-year-old-typo.patch b/SOURCES/0217-Fix-an-8-year-old-typo.patch new file mode 100644 index 0000000..e4f3208 --- /dev/null +++ b/SOURCES/0217-Fix-an-8-year-old-typo.patch @@ -0,0 +1,23 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Thu, 26 Jul 2018 14:54:44 -0400 +Subject: [PATCH] Fix an 8 year old typo. + +Signed-off-by: Peter Jones +--- + configure.ac | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/configure.ac b/configure.ac +index 5f47a9265..9ab683fef 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -307,7 +307,7 @@ fi + + AC_SUBST(bootdirname) + AC_DEFINE_UNQUOTED(GRUB_BOOT_DIR_NAME, "$bootdirname", +- [Default boot directory name]") ++ [Default boot directory name]) + + AC_ARG_WITH([grubdir], + AS_HELP_STRING([--with-grubdir=DIR], diff --git a/SOURCES/0218-autogen-don-t-run-autoreconf-in-the-topdir.patch b/SOURCES/0218-autogen-don-t-run-autoreconf-in-the-topdir.patch new file mode 100644 index 0000000..5a7eecc --- /dev/null +++ b/SOURCES/0218-autogen-don-t-run-autoreconf-in-the-topdir.patch @@ -0,0 +1,21 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Thu, 26 Jul 2018 15:47:48 -0400 +Subject: [PATCH] autogen: don't run autoreconf in the topdir + +Signed-off-by: Peter Jones +--- + autogen.sh | 2 -- + 1 file changed, 2 deletions(-) + +diff --git a/autogen.sh b/autogen.sh +index 7537561ad..f608b9467 100755 +--- a/autogen.sh ++++ b/autogen.sh +@@ -82,6 +82,4 @@ done + echo "Saving timestamps..." + echo timestamp > stamp-h.in + +-echo "Running autoreconf..." +-autoreconf -vi + exit 0 diff --git a/SOURCES/0219-Make-it-so-we-can-tell-configure-which-cflags-utils-.patch b/SOURCES/0219-Make-it-so-we-can-tell-configure-which-cflags-utils-.patch new file mode 100644 index 0000000..fa39361 --- /dev/null +++ b/SOURCES/0219-Make-it-so-we-can-tell-configure-which-cflags-utils-.patch @@ -0,0 +1,149 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Tue, 26 Jun 2018 17:16:06 -0400 +Subject: [PATCH] Make it so we can tell configure which cflags utils are built + with + +This lets us have kernel.img be built with TARGET_CFLAGS but grub-mkimage and +friends built with HOST_CFLAGS. That in turn lets us build with an ARM compiler +that only has hard-float ABI versions of crt*.o and libgcc*, but still use soft +float for grub.efi. + +Signed-off-by: Peter Jones +--- + configure.ac | 49 ++++++++++++++++++++++++++++++++++++++++++++++++- + conf/Makefile.common | 23 ++++++++++++----------- + gentpl.py | 8 ++++---- + 3 files changed, 64 insertions(+), 16 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 9ab683fef..819212095 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -850,11 +850,23 @@ if ( test "x$target_cpu" = xi386 || test "x$target_cpu" = xx86_64 ) && test "x$p + TARGET_CFLAGS="$TARGET_CFLAGS -mno-mmx -mno-sse -mno-sse2 -mno-sse3 -mno-3dnow" + fi + ++# Should grub utils get the host CFLAGS, or the target CFLAGS? ++AC_ARG_WITH([utils], ++ AS_HELP_STRING([--with-utils=host|target|build], ++ [choose which flags to build utilities with. (default=target)]), ++ [have_with_utils=y], ++ [have_with_utils=n]) ++if test x"$have_with_utils" = xy ; then ++ with_utils="$withval" ++else ++ with_utils=target ++fi ++ + # GRUB doesn't use float or doubles at all. Yet some toolchains may decide + # that floats are a good fit to run instead of what's written in the code. + # Given that floating point unit is disabled (if present to begin with) + # when GRUB is running which may result in various hard crashes. +-if test x"$platform" != xemu ; then ++if test x"$platform" != xemu -a x"$with_utils" == xtarget ; then + AC_CACHE_CHECK([for options to get soft-float], grub_cv_target_cc_soft_float, [ + grub_cv_target_cc_soft_float=no + if test "x$target_cpu" = xarm64; then +@@ -1939,6 +1951,41 @@ HOST_CPPFLAGS="$HOST_CPPFLAGS -I\$(top_builddir)/include" + TARGET_CPPFLAGS="$TARGET_CPPFLAGS -I\$(top_srcdir)/include" + TARGET_CPPFLAGS="$TARGET_CPPFLAGS -I\$(top_builddir)/include" + ++case "$with_utils" in ++ host) ++ UTILS_CFLAGS=$HOST_CFLAGS ++ UTILS_CPPFLAGS=$HOST_CPPFLAGS ++ UTILS_CCASFLAGS=$HOST_CCASFLAGS ++ UTILS_LDFLAGS=$HOST_LDFLAGS ++ ;; ++ target) ++ UTILS_CFLAGS=$TARGET_CFLAGS ++ UTILS_CPPFLAGS=$TARGET_CPPFLAGS ++ UTILS_CCASFLAGS=$TARGET_CCASFLAGS ++ UTILS_LDFLAGS=$TARGET_LDFLAGS ++ ;; ++ build) ++ UTILS_CFLAGS=$BUILD_CFLAGS ++ UTILS_CPPFLAGS=$BUILD_CPPFLAGS ++ UTILS_CCASFLAGS=$BUILD_CCASFLAGS ++ UTILS_LDFLAGS=$BUILD_LDFLAGS ++ ;; ++ *) ++ AC_MSG_ERROR([--with-utils must be either host, target, or build]) ++ ;; ++esac ++AC_MSG_NOTICE([Using $with_utils flags for utilities.]) ++ ++unset CFLAGS ++unset CPPFLAGS ++unset CCASFLAGS ++unset LDFLAGS ++ ++AC_SUBST(UTILS_CFLAGS) ++AC_SUBST(UTILS_CPPFLAGS) ++AC_SUBST(UTILS_CCASFLAGS) ++AC_SUBST(UTILS_LDFLAGS) ++ + GRUB_TARGET_CPU="${target_cpu}" + GRUB_PLATFORM="${platform}" + +diff --git a/conf/Makefile.common b/conf/Makefile.common +index 1ecb921db..b93879804 100644 +--- a/conf/Makefile.common ++++ b/conf/Makefile.common +@@ -40,24 +40,25 @@ CPPFLAGS_KERNEL = $(CPPFLAGS_CPU) $(CPPFLAGS_PLATFORM) -DGRUB_KERNEL=1 + CCASFLAGS_KERNEL = $(CCASFLAGS_CPU) $(CCASFLAGS_PLATFORM) + STRIPFLAGS_KERNEL = -R .eh_frame -R .rel.dyn -R .reginfo -R .note -R .comment -R .drectve -R .note.gnu.gold-version -R .MIPS.abiflags -R .ARM.exidx -R .note.gnu.property -R .gnu.build.attributes + +-CFLAGS_MODULE = $(CFLAGS_PLATFORM) -ffreestanding +-LDFLAGS_MODULE = $(LDFLAGS_PLATFORM) -nostdlib $(TARGET_LDFLAGS_OLDMAGIC) -Wl,-r,-d +-CPPFLAGS_MODULE = $(CPPFLAGS_CPU) $(CPPFLAGS_PLATFORM) +-CCASFLAGS_MODULE = $(CCASFLAGS_CPU) $(CCASFLAGS_PLATFORM) ++CFLAGS_MODULE = $(TARGET_CFLAGS) $(CFLAGS_PLATFORM) -ffreestanding ++LDFLAGS_MODULE = $(TARGET_LDFLAGS) $(LDFLAGS_PLATFORM) -nostdlib $(TARGET_LDFLAGS_OLDMAGIC) -Wl,-r,-d ++CPPFLAGS_MODULE = $(TARGET_CPPFLAGS) $(CPPFLAGS_DEFAULT) $(CPPFLAGS_CPU) $(CPPFLAGS_PLATFORM) ++CCASFLAGS_MODULE = $(TARGET_CCASFLAGS) $(CCASFLAGS_DEFAULT) $(CCASFLAGS_CPU) $(CCASFLAGS_PLATFORM) + + CFLAGS_IMAGE = $(CFLAGS_PLATFORM) -fno-builtin + LDFLAGS_IMAGE = $(LDFLAGS_PLATFORM) -nostdlib $(TARGET_LDFLAGS_OLDMAGIC) -Wl,-S + CPPFLAGS_IMAGE = $(CPPFLAGS_CPU) $(CPPFLAGS_PLATFORM) + CCASFLAGS_IMAGE = $(CCASFLAGS_CPU) $(CCASFLAGS_PLATFORM) + +-CFLAGS_PROGRAM = +-LDFLAGS_PROGRAM = +-CPPFLAGS_PROGRAM = +-CCASFLAGS_PROGRAM = ++CFLAGS_PROGRAM = $(UTILS_CFLAGS) ++LDFLAGS_PROGRAM = $(UTILS_LDFLAGS) ++CPPFLAGS_PROGRAM = $(UTILS_CPPFLAGS) ++CCASFLAGS_PROGRAM = $(UTILS_CCASFLAGS) + +-CFLAGS_LIBRARY = +-CPPFLAGS_LIBRARY = +-CCASFLAGS_LIBRARY = ++CFLAGS_LIBRARY = $(UTILS_CFLAGS) ++LDFLAGS_LIBRARY = $(UTILS_LDFLAGS) ++CPPFLAGS_LIBRARY = $(UTILS_CPPFLAGS) ++CCASFLAGS_LIBRARY = $(UTILS_CCASFLAGS) + + # Other variables + +diff --git a/gentpl.py b/gentpl.py +index 6409736e8..1e4635f44 100644 +--- a/gentpl.py ++++ b/gentpl.py +@@ -694,10 +694,10 @@ def module(defn, platform): + var_set(cname(defn) + "_SOURCES", platform_sources(defn, platform) + " ## platform sources") + var_set("nodist_" + cname(defn) + "_SOURCES", platform_nodist_sources(defn, platform) + " ## platform nodist sources") + var_set(cname(defn) + "_LDADD", platform_ldadd(defn, platform)) +- var_set(cname(defn) + "_CFLAGS", "$(AM_CFLAGS) $(CFLAGS_MODULE) " + platform_cflags(defn, platform)) +- var_set(cname(defn) + "_LDFLAGS", "$(AM_LDFLAGS) $(LDFLAGS_MODULE) " + platform_ldflags(defn, platform)) +- var_set(cname(defn) + "_CPPFLAGS", "$(AM_CPPFLAGS) $(CPPFLAGS_MODULE) " + platform_cppflags(defn, platform)) +- var_set(cname(defn) + "_CCASFLAGS", "$(AM_CCASFLAGS) $(CCASFLAGS_MODULE) " + platform_ccasflags(defn, platform)) ++ var_set(cname(defn) + "_CFLAGS", "$(CFLAGS_MODULE) " + platform_cflags(defn, platform)) ++ var_set(cname(defn) + "_LDFLAGS", "$(LDFLAGS_MODULE) " + platform_ldflags(defn, platform)) ++ var_set(cname(defn) + "_CPPFLAGS", "$(CPPFLAGS_MODULE) " + platform_cppflags(defn, platform)) ++ var_set(cname(defn) + "_CCASFLAGS", "$(CCASFLAGS_MODULE) " + platform_ccasflags(defn, platform)) + var_set(cname(defn) + "_DEPENDENCIES", "$(TARGET_OBJ2ELF) " + platform_dependencies(defn, platform)) + + gvar_add("dist_noinst_DATA", extra_dist(defn)) diff --git a/SOURCES/0220-module-verifier-make-it-possible-to-run-checkers-on-.patch b/SOURCES/0220-module-verifier-make-it-possible-to-run-checkers-on-.patch new file mode 100644 index 0000000..f509b96 --- /dev/null +++ b/SOURCES/0220-module-verifier-make-it-possible-to-run-checkers-on-.patch @@ -0,0 +1,58 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Wed, 1 Aug 2018 10:24:52 -0400 +Subject: [PATCH] module-verifier: make it possible to run checkers on + grub-module-verifierxx.c + +This makes it so you can treat grub-module-verifierxx.c as a file you can +build directly, so syntax checkers like vim's "syntastic" plugin, which uses +"gcc -x c -fsyntax-only" to build it, will work. + +One still has to do whatever setup is required to make it pick the right +include dirs, which -W options we use, etc., but this makes it so you can do +the checking on the file you're editing, rather than on a different file. + +v2: fix the typo in the #else clause in util/grub-module-verifierXX.c + +Signed-off-by: Peter Jones +--- + util/grub-module-verifier32.c | 2 ++ + util/grub-module-verifier64.c | 2 ++ + util/grub-module-verifierXX.c | 9 +++++++++ + 3 files changed, 13 insertions(+) + +diff --git a/util/grub-module-verifier32.c b/util/grub-module-verifier32.c +index 257229f8f..ba7d41aaf 100644 +--- a/util/grub-module-verifier32.c ++++ b/util/grub-module-verifier32.c +@@ -1,2 +1,4 @@ + #define MODULEVERIFIER_ELF32 1 ++#ifndef GRUB_MODULE_VERIFIERXX + #include "grub-module-verifierXX.c" ++#endif +diff --git a/util/grub-module-verifier64.c b/util/grub-module-verifier64.c +index 4db6b4bed..fc23ef800 100644 +--- a/util/grub-module-verifier64.c ++++ b/util/grub-module-verifier64.c +@@ -1,2 +1,4 @@ + #define MODULEVERIFIER_ELF64 1 ++#ifndef GRUB_MODULE_VERIFIERXX + #include "grub-module-verifierXX.c" ++#endif +diff --git a/util/grub-module-verifierXX.c b/util/grub-module-verifierXX.c +index 1feaafc9b..597ded143 100644 +--- a/util/grub-module-verifierXX.c ++++ b/util/grub-module-verifierXX.c +@@ -1,3 +1,12 @@ ++#define GRUB_MODULE_VERIFIERXX ++#if !defined(MODULEVERIFIER_ELF32) && !defined(MODULEVERIFIER_ELF64) ++#if __SIZEOF_POINTER__ == 8 ++#include "grub-module-verifier64.c" ++#else ++#include "grub-module-verifier32.c" ++#endif ++#endif ++ + #include + + #include diff --git a/SOURCES/0221-grub-module-verifier-report-the-filename-or-modname-.patch b/SOURCES/0221-grub-module-verifier-report-the-filename-or-modname-.patch new file mode 100644 index 0000000..49b5709 --- /dev/null +++ b/SOURCES/0221-grub-module-verifier-report-the-filename-or-modname-.patch @@ -0,0 +1,250 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Wed, 1 Aug 2018 10:12:47 -0400 +Subject: [PATCH] grub-module-verifier: report the filename or modname in + errors. + +Make it so that when grub-module-verifier complains of an issue, it tells you +which module the issue was with. + +Signed-off-by: Peter Jones +--- + util/grub-module-verifier.c | 6 ++--- + util/grub-module-verifierXX.c | 58 ++++++++++++++++++++++-------------------- + include/grub/module_verifier.h | 4 +-- + 3 files changed, 36 insertions(+), 32 deletions(-) + +diff --git a/util/grub-module-verifier.c b/util/grub-module-verifier.c +index a79271f66..03ba1ab43 100644 +--- a/util/grub-module-verifier.c ++++ b/util/grub-module-verifier.c +@@ -157,7 +157,7 @@ main (int argc, char **argv) + if (strcmp(archs[arch].name, argv[2]) == 0) + break; + if (arch == ARRAY_SIZE(archs)) +- grub_util_error("unknown arch: %s", argv[2]); ++ grub_util_error("%s: unknown arch: %s", argv[1], argv[2]); + + for (whitelist = 0; whitelist < ARRAY_SIZE(whitelists); whitelist++) + if (strcmp(whitelists[whitelist].arch, argv[2]) == 0 +@@ -169,8 +169,8 @@ main (int argc, char **argv) + module_size = grub_util_get_image_size (argv[1]); + module_img = grub_util_read_image (argv[1]); + if (archs[arch].voidp_sizeof == 8) +- grub_module_verify64(module_img, module_size, &archs[arch], whitelist_empty); ++ grub_module_verify64(argv[1], module_img, module_size, &archs[arch], whitelist_empty); + else +- grub_module_verify32(module_img, module_size, &archs[arch], whitelist_empty); ++ grub_module_verify32(argv[1], module_img, module_size, &archs[arch], whitelist_empty); + return 0; + } +diff --git a/util/grub-module-verifierXX.c b/util/grub-module-verifierXX.c +index 597ded143..a98e2f9b1 100644 +--- a/util/grub-module-verifierXX.c ++++ b/util/grub-module-verifierXX.c +@@ -160,14 +160,15 @@ find_section (const struct grub_module_verifier_arch *arch, Elf_Ehdr *e, const c + } + + static void +-check_license (const struct grub_module_verifier_arch *arch, Elf_Ehdr *e) ++check_license (const char * const filename, ++ const struct grub_module_verifier_arch *arch, Elf_Ehdr *e) + { + Elf_Shdr *s = find_section (arch, e, ".module_license"); + if (s && (strcmp ((char *) e + grub_target_to_host(s->sh_offset), "LICENSE=GPLv3") == 0 + || strcmp ((char *) e + grub_target_to_host(s->sh_offset), "LICENSE=GPLv3+") == 0 + || strcmp ((char *) e + grub_target_to_host(s->sh_offset), "LICENSE=GPLv2+") == 0)) + return; +- grub_util_error ("incompatible license"); ++ grub_util_error ("%s: incompatible license", filename); + } + + static Elf_Sym * +@@ -233,10 +234,10 @@ check_symbols (const struct grub_module_verifier_arch *arch, + s = find_section (arch, e, ".moddeps"); + + if (!s) +- grub_util_error ("no symbol table and no .moddeps section"); ++ grub_util_error ("%s: no symbol table and no .moddeps section", modname); + + if (!s->sh_size) +- grub_util_error ("no symbol table and empty .moddeps section"); ++ grub_util_error ("%s: no symbol table and empty .moddeps section", modname); + + return; + } +@@ -257,7 +258,7 @@ check_symbols (const struct grub_module_verifier_arch *arch, + break; + + default: +- return grub_util_error ("unknown symbol type `%d'", (int) type); ++ return grub_util_error ("%s: unknown symbol type `%d'", modname, (int) type); + } + } + } +@@ -283,7 +284,8 @@ is_symbol_local(Elf_Sym *sym) + } + + static void +-section_check_relocations (const struct grub_module_verifier_arch *arch, void *ehdr, ++section_check_relocations (const char * const modname, ++ const struct grub_module_verifier_arch *arch, void *ehdr, + Elf_Shdr *s, size_t target_seg_size) + { + Elf_Rel *rel, *max; +@@ -292,7 +294,7 @@ section_check_relocations (const struct grub_module_verifier_arch *arch, void *e + + symtab = get_symtab (arch, ehdr, &symtabsize, &symtabentsize); + if (!symtab) +- grub_util_error ("relocation without symbol table"); ++ grub_util_error ("%s: relocation without symbol table", modname); + + for (rel = (Elf_Rel *) ((char *) ehdr + grub_target_to_host (s->sh_offset)), + max = (Elf_Rel *) ((char *) rel + grub_target_to_host (s->sh_size)); +@@ -303,7 +305,7 @@ section_check_relocations (const struct grub_module_verifier_arch *arch, void *e + unsigned i; + + if (target_seg_size < grub_target_to_host (rel->r_offset)) +- grub_util_error ("reloc offset is out of the segment"); ++ grub_util_error ("%s: reloc offset is out of the segment", modname); + + grub_uint32_t type = ELF_R_TYPE (grub_target_to_host (rel->r_info)); + +@@ -316,17 +318,17 @@ section_check_relocations (const struct grub_module_verifier_arch *arch, void *e + if (arch->supported_relocations[i] != -1) + continue; + if (!arch->short_relocations) +- grub_util_error ("unsupported relocation 0x%x", type); ++ grub_util_error ("%s: unsupported relocation 0x%x", modname, type); + for (i = 0; arch->short_relocations[i] != -1; i++) + if (type == arch->short_relocations[i]) + break; + if (arch->short_relocations[i] == -1) +- grub_util_error ("unsupported relocation 0x%x", type); ++ grub_util_error ("%s: unsupported relocation 0x%x", modname, type); + sym = (Elf_Sym *) ((char *) symtab + symtabentsize * ELF_R_SYM (grub_target_to_host (rel->r_info))); + + if (is_symbol_local (sym)) + continue; +- grub_util_error ("relocation 0x%x is not module-local", type); ++ grub_util_error ("%s: relocation 0x%x is not module-local", modname, type); + } + #if defined(MODULEVERIFIER_ELF64) + if (arch->machine == EM_AARCH64) +@@ -351,11 +353,11 @@ section_check_relocations (const struct grub_module_verifier_arch *arch, void *e + && ELF_R_TYPE (rel2->r_info) == R_AARCH64_LD64_GOT_LO12_NC) + break; + if (rel2 >= (Elf_Rela *) max) +- grub_util_error ("ADR_GOT_PAGE without matching LD64_GOT_LO12_NC"); ++ grub_util_error ("%s: ADR_GOT_PAGE without matching LD64_GOT_LO12_NC", modname); + break; + case R_AARCH64_LD64_GOT_LO12_NC: + if (unmatched_adr_got_page == 0) +- grub_util_error ("LD64_GOT_LO12_NC without matching ADR_GOT_PAGE"); ++ grub_util_error ("%s: LD64_GOT_LO12_NC without matching ADR_GOT_PAGE", modname); + unmatched_adr_got_page--; + break; + } +@@ -365,7 +367,8 @@ section_check_relocations (const struct grub_module_verifier_arch *arch, void *e + } + + static void +-check_relocations (const struct grub_module_verifier_arch *arch, Elf_Ehdr *e) ++check_relocations (const char * const modname, ++ const struct grub_module_verifier_arch *arch, Elf_Ehdr *e) + { + Elf_Shdr *s; + unsigned i; +@@ -378,21 +381,22 @@ check_relocations (const struct grub_module_verifier_arch *arch, Elf_Ehdr *e) + Elf_Shdr *ts; + + if (grub_target_to_host32 (s->sh_type) == SHT_REL && !(arch->flags & GRUB_MODULE_VERIFY_SUPPORTS_REL)) +- grub_util_error ("unsupported SHT_REL"); ++ grub_util_error ("%s: unsupported SHT_REL", modname); + if (grub_target_to_host32 (s->sh_type) == SHT_RELA && !(arch->flags & GRUB_MODULE_VERIFY_SUPPORTS_RELA)) +- grub_util_error ("unsupported SHT_RELA"); ++ grub_util_error ("%s: unsupported SHT_RELA", modname); + + /* Find the target segment. */ + if (grub_target_to_host32 (s->sh_info) >= grub_target_to_host16 (e->e_shnum)) +- grub_util_error ("orphaned reloc section"); ++ grub_util_error ("%s: orphaned reloc section", modname); + ts = (Elf_Shdr *) ((char *) e + grub_target_to_host (e->e_shoff) + grub_target_to_host32 (s->sh_info) * grub_target_to_host16 (e->e_shentsize)); + +- section_check_relocations (arch, e, s, grub_target_to_host (ts->sh_size)); ++ section_check_relocations (modname, arch, e, s, grub_target_to_host (ts->sh_size)); + } + } + + void +-SUFFIX(grub_module_verify) (void *module_img, size_t size, ++SUFFIX(grub_module_verify) (const char * const filename, ++ void *module_img, size_t size, + const struct grub_module_verifier_arch *arch, + const char **whitelist_empty) + { +@@ -400,7 +404,7 @@ SUFFIX(grub_module_verify) (void *module_img, size_t size, + + /* Check the header size. */ + if (size < sizeof (Elf_Ehdr)) +- grub_util_error ("ELF header smaller than expected"); ++ grub_util_error ("%s: ELF header smaller than expected", filename); + + /* Check the magic numbers. */ + if (e->e_ident[EI_MAG0] != ELFMAG0 +@@ -409,36 +413,36 @@ SUFFIX(grub_module_verify) (void *module_img, size_t size, + || e->e_ident[EI_MAG3] != ELFMAG3 + || e->e_ident[EI_VERSION] != EV_CURRENT + || grub_target_to_host32 (e->e_version) != EV_CURRENT) +- grub_util_error ("invalid arch-independent ELF magic"); ++ grub_util_error ("%s: invalid arch-independent ELF magic", filename); + + if (e->e_ident[EI_CLASS] != ELFCLASSXX + || e->e_ident[EI_DATA] != (arch->bigendian ? ELFDATA2MSB : ELFDATA2LSB) + || grub_target_to_host16 (e->e_machine) != arch->machine) +- grub_util_error ("invalid arch-dependent ELF magic"); ++ grub_util_error ("%s: invalid arch-dependent ELF magic", filename); + + if (grub_target_to_host16 (e->e_type) != ET_REL) + { +- grub_util_error ("this ELF file is not of the right type"); ++ grub_util_error ("%s: this ELF file is not of the right type", filename); + } + + /* Make sure that every section is within the core. */ + if (size < grub_target_to_host (e->e_shoff) + + (grub_uint32_t) grub_target_to_host16 (e->e_shentsize) * grub_target_to_host16(e->e_shnum)) + { +- grub_util_error ("ELF sections outside core"); ++ grub_util_error ("%s: ELF sections outside core", filename); + } + +- check_license (arch, e); ++ check_license (filename, arch, e); + + Elf_Shdr *s; + const char *modname; + + s = find_section (arch, e, ".modname"); + if (!s) +- grub_util_error ("no module name found"); ++ grub_util_error ("%s: no module name found", filename); + + modname = (const char *) e + grub_target_to_host (s->sh_offset); + + check_symbols(arch, e, modname, whitelist_empty); +- check_relocations(arch, e); ++ check_relocations(modname, arch, e); + } +diff --git a/include/grub/module_verifier.h b/include/grub/module_verifier.h +index f4870cb9c..ba21c75e2 100644 +--- a/include/grub/module_verifier.h ++++ b/include/grub/module_verifier.h +@@ -16,5 +16,5 @@ struct grub_module_verifier_arch { + const int *short_relocations; + }; + +-void grub_module_verify64(void *module_img, size_t module_size, const struct grub_module_verifier_arch *arch, const char **whitelist_empty); +-void grub_module_verify32(void *module_img, size_t module_size, const struct grub_module_verifier_arch *arch, const char **whitelist_empty); ++void grub_module_verify64(const char * const filename, void *module_img, size_t module_size, const struct grub_module_verifier_arch *arch, const char **whitelist_empty); ++void grub_module_verify32(const char * const filename, void *module_img, size_t module_size, const struct grub_module_verifier_arch *arch, const char **whitelist_empty); diff --git a/SOURCES/0222-Make-efi_netfs-not-duplicate-symbols-from-efinet.patch b/SOURCES/0222-Make-efi_netfs-not-duplicate-symbols-from-efinet.patch new file mode 100644 index 0000000..5fa34ab --- /dev/null +++ b/SOURCES/0222-Make-efi_netfs-not-duplicate-symbols-from-efinet.patch @@ -0,0 +1,27 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Wed, 11 Jul 2018 13:50:00 -0400 +Subject: [PATCH] Make efi_netfs not duplicate symbols from efinet + +Signed-off-by: Peter Jones +--- + grub-core/Makefile.core.def | 6 ------ + 1 file changed, 6 deletions(-) + +diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def +index aa44d66ac..e35217b86 100644 +--- a/grub-core/Makefile.core.def ++++ b/grub-core/Makefile.core.def +@@ -2186,12 +2186,6 @@ module = { + module = { + name = efi_netfs; + common = net/efi/efi_netfs.c; +- common = net/efi/net.c; +- common = net/efi/http.c; +- common = net/efi/pxe.c; +- common = net/efi/ip4_config.c; +- common = net/efi/ip6_config.c; +- common = net/efi/dhcp.c; + enable = efi; + }; + diff --git a/SOURCES/0223-Rework-how-the-fdt-command-builds.patch b/SOURCES/0223-Rework-how-the-fdt-command-builds.patch new file mode 100644 index 0000000..7802740 --- /dev/null +++ b/SOURCES/0223-Rework-how-the-fdt-command-builds.patch @@ -0,0 +1,118 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Thu, 12 Jul 2018 11:00:45 -0400 +Subject: [PATCH] Rework how the fdt command builds. + +Trying to avoid all variants of: +cat syminfo.lst | sort | gawk -f ../../grub-core/genmoddep.awk > moddep.lst || (rm -f moddep.lst; exit 1) +grub_fdt_install in linux is not defined +grub_fdt_load in linux is not defined +grub_fdt_unload in linux is not defined +grub_fdt_install in xen_boot is not defined +grub_fdt_load in xen_boot is not defined +grub_fdt_unload in xen_boot is not defined + +Signed-off-by: Peter Jones +--- + grub-core/Makefile.core.def | 5 ++--- + grub-core/lib/fdt.c | 2 -- + grub-core/loader/efi/fdt.c | 2 ++ + include/grub/fdt.h | 4 ++++ + grub-core/Makefile.am | 1 + + 5 files changed, 9 insertions(+), 5 deletions(-) + +diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def +index e35217b86..cf3d549d2 100644 +--- a/grub-core/Makefile.core.def ++++ b/grub-core/Makefile.core.def +@@ -166,7 +166,6 @@ kernel = { + arm_coreboot = kern/arm/coreboot/init.c; + arm_coreboot = kern/arm/coreboot/timer.c; + arm_coreboot = kern/arm/coreboot/coreboot.S; +- arm_coreboot = lib/fdt.c; + arm_coreboot = bus/fdt.c; + arm_coreboot = term/ps2.c; + arm_coreboot = term/arm/pl050.c; +@@ -317,6 +316,8 @@ kernel = { + arm64 = kern/arm64/dl.c; + arm64 = kern/arm64/dl_helper.c; + ++ fdt = lib/fdt.c; ++ + emu = disk/host.c; + emu = kern/emu/cache_s.S; + emu = kern/emu/hostdisk.c; +@@ -1714,7 +1715,6 @@ module = { + arm_uboot = loader/arm/linux.c; + arm64 = loader/arm64/linux.c; + emu = loader/emu/linux.c; +- fdt = lib/fdt.c; + + common = loader/linux.c; + common = lib/cmdline.c; +@@ -1725,7 +1725,6 @@ module = { + module = { + name = fdt; + efi = loader/efi/fdt.c; +- common = lib/fdt.c; + enable = fdt; + }; + +diff --git a/grub-core/lib/fdt.c b/grub-core/lib/fdt.c +index 0d371c563..37e04bd69 100644 +--- a/grub-core/lib/fdt.c ++++ b/grub-core/lib/fdt.c +@@ -21,8 +21,6 @@ + #include + #include + +-GRUB_MOD_LICENSE ("GPLv3+"); +- + #define FDT_SUPPORTED_VERSION 17 + + #define FDT_BEGIN_NODE 0x00000001 +diff --git a/grub-core/loader/efi/fdt.c b/grub-core/loader/efi/fdt.c +index a4c6e8036..a9dbcfdfe 100644 +--- a/grub-core/loader/efi/fdt.c ++++ b/grub-core/loader/efi/fdt.c +@@ -26,6 +26,8 @@ + #include + #include + ++GRUB_MOD_LICENSE ("GPLv3+"); ++ + static void *loaded_fdt; + static void *fdt; + +diff --git a/include/grub/fdt.h b/include/grub/fdt.h +index 158b1bc4b..6ee57e11a 100644 +--- a/include/grub/fdt.h ++++ b/include/grub/fdt.h +@@ -19,6 +19,8 @@ + #ifndef GRUB_FDT_HEADER + #define GRUB_FDT_HEADER 1 + ++#if defined(__arm__) || defined(__aarch64__) ++ + #include + #include + +@@ -141,4 +143,6 @@ int EXPORT_FUNC(grub_fdt_set_prop) (void *fdt, unsigned int nodeoffset, const ch + grub_fdt_set_prop ((fdt), (nodeoffset), "reg", reg_64, 16); \ + }) + ++#endif /* defined(__arm__) || defined(__aarch64__) */ ++ + #endif /* ! GRUB_FDT_HEADER */ +diff --git a/grub-core/Makefile.am b/grub-core/Makefile.am +index 3781bb9cb..406265250 100644 +--- a/grub-core/Makefile.am ++++ b/grub-core/Makefile.am +@@ -76,6 +76,7 @@ KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/efi/sb.h + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/env.h + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/env_private.h + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/err.h ++KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/fdt.h + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/file.h + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/fs.h + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/i18n.h diff --git a/SOURCES/0224-Disable-non-wordsize-allocations-on-arm.patch b/SOURCES/0224-Disable-non-wordsize-allocations-on-arm.patch new file mode 100644 index 0000000..d07c8bc --- /dev/null +++ b/SOURCES/0224-Disable-non-wordsize-allocations-on-arm.patch @@ -0,0 +1,41 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Thu, 2 Aug 2018 10:56:38 -0400 +Subject: [PATCH] Disable non-wordsize allocations on arm + +Signed-off-by: Peter Jones +--- + configure.ac | 20 ++++++++++++++++++++ + 1 file changed, 20 insertions(+) + +diff --git a/configure.ac b/configure.ac +index 819212095..9323c1254 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -1234,6 +1234,26 @@ if test "x$target_cpu" = xarm; then + done + ]) + ++ AC_CACHE_CHECK([for options to disable movt and movw relocations], ++ grub_cv_target_cc_mword_relocations, ++ [grub_cv_target_cc_mword_relocations=no ++ for cand in "-mword-relocations" ; do ++ if test x"$grub_cv_target_cc_mword_relocations" != xno ; then ++ break ++ fi ++ CFLAGS="$TARGET_CFLAGS $cand -Werror" ++ CPPFLAGS="$TARGET_CPPFLAGS" ++ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[]])], ++ [grub_cv_target_cc_mword_relocations="$cand"], ++ []) ++ done ++ ]) ++ if test x"$grub_cv_target_cc_mword_relocations" = xno ; then ++ AC_MSG_ERROR(["your compiler doesn't support disabling movw/movt relocations"]) ++ else ++ TARGET_CFLAGS="$TARGET_CFLAGS $grub_cv_target_cc_mword_relocations" ++ fi ++ + if test x"$grub_cv_target_cc_mno_movt" != xno ; then + # A trick so that clang doesn't see it on link stage + TARGET_CPPFLAGS="$TARGET_CPPFLAGS $grub_cv_target_cc_mno_movt" diff --git a/SOURCES/0225-strip-R-.note.gnu.property-at-more-places.patch b/SOURCES/0225-strip-R-.note.gnu.property-at-more-places.patch new file mode 100644 index 0000000..0e1adce --- /dev/null +++ b/SOURCES/0225-strip-R-.note.gnu.property-at-more-places.patch @@ -0,0 +1,82 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Fri, 3 Aug 2018 15:07:23 -0400 +Subject: [PATCH] strip "-R .note.gnu.property" at more places. + +For whatever reason, sometimes I see: + + lzma_decompress.image: file format elf32-i386 + lzma_decompress.image + architecture: i386, flags 0x00000012: + EXEC_P, HAS_SYMS + start address 0x00008200 + + Program Header: + LOAD off 0x000000c0 vaddr 0x00008200 paddr 0x00008200 align 2**5 + filesz 0x00000b10 memsz 0x00000b10 flags rwx + LOAD off 0x00000bd0 vaddr 0x080480b4 paddr 0x080480b4 align 2**2 + filesz 0x0000001c memsz 0x0000001c flags r-- + NOTE off 0x00000bd0 vaddr 0x080480b4 paddr 0x080480b4 align 2**2 + filesz 0x0000001c memsz 0x0000001c flags r-- + STACK off 0x00000000 vaddr 0x00000000 paddr 0x00000000 align 2**4 + filesz 0x00000000 memsz 0x00000000 flags rw- + + Sections: + Idx Name Size VMA LMA File off Algn + 0 .note.gnu.property 0000001c 080480b4 080480b4 00000bd0 2**2 + CONTENTS, ALLOC, LOAD, READONLY, DATA + 1 .text 00000b10 00008200 00008200 000000c0 2**5 + CONTENTS, ALLOC, LOAD, CODE + SYMBOL TABLE: + 080480b4 l d .note.gnu.property 00000000 .note.gnu.property + 00008200 l d .text 00000000 .text + 00000000 l df *ABS* 00000000 startup_raw.S + ... + +Which just looks wrong no matter what to my eyes (seriously it's at +128M? Why?), and when we fail to strip it, we get: + +trillian:~/tmp/f29$ hexdump -C usr/lib/grub/i386-pc/lzma_decompress.img | tail -6 +00000b00 ff 45 e8 5a 83 c2 02 89 d1 e9 df fe ff ff 66 90 |.E.Z..........f.| +00000b10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +* +0803feb0 00 00 00 00 04 00 00 00 0c 00 00 00 05 00 00 00 |................| +0803fec0 47 4e 55 00 02 00 00 c0 04 00 00 00 03 00 00 00 |GNU.............| +0803fed0 + +Which is very very much not what we want. + +Cut it out. + +Signed-off-by: Peter Jones +--- + Makefile.am | 2 +- + gentpl.py | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/Makefile.am b/Makefile.am +index c7b0e6a9c..287fff66b 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -209,7 +209,7 @@ pc-chainloader.elf: $(srcdir)/grub-core/tests/boot/kernel-8086.S $(srcdir)/grub- + $(TARGET_CC) -o $@ $< -static -DTARGET_CHAINLOADER=1 -DSUCCESSFUL_BOOT_STRING=\"$(SUCCESSFUL_BOOT_STRING)\" -ffreestanding -nostdlib -nostdinc -Wl,--build-id=none -Wl,-N -Wl,-Ttext,0x7c00 -m32 + + pc-chainloader.bin: pc-chainloader.elf +- $(TARGET_OBJCOPY) -O binary --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .reginfo -R .rel.dyn -R .note.gnu.gold-version $< $@; ++ $(TARGET_OBJCOPY) -O binary --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .note.gnu.property $< $@; + + ntldr.elf: $(srcdir)/grub-core/tests/boot/kernel-8086.S $(srcdir)/grub-core/tests/boot/qemu-shutdown-x86.S + $(TARGET_CC) -o $@ $< -DTARGET_NTLDR=1 -DSUCCESSFUL_BOOT_STRING=\"$(SUCCESSFUL_BOOT_STRING)\" -static -ffreestanding -nostdlib -nostdinc -Wl,--build-id=none -Wl,-N -Wl,-Ttext,0 -m32 +diff --git a/gentpl.py b/gentpl.py +index 1e4635f44..d662c305f 100644 +--- a/gentpl.py ++++ b/gentpl.py +@@ -776,7 +776,7 @@ def image(defn, platform): + if test x$(TARGET_APPLE_LINKER) = x1; then \ + $(MACHO2IMG) $< $@; \ + else \ +- $(TARGET_OBJCOPY) $(""" + cname(defn) + """_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .ARM.exidx $< $@; \ ++ $(TARGET_OBJCOPY) $(""" + cname(defn) + """_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .ARM.exidx -R .note.gnu.property $< $@; \ + fi + """) + diff --git a/SOURCES/0226-Prepend-prefix-when-HTTP-path-is-relative.patch b/SOURCES/0226-Prepend-prefix-when-HTTP-path-is-relative.patch new file mode 100644 index 0000000..d45fffa --- /dev/null +++ b/SOURCES/0226-Prepend-prefix-when-HTTP-path-is-relative.patch @@ -0,0 +1,150 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Stephen Benjamin +Date: Thu, 16 Aug 2018 16:58:51 -0400 +Subject: [PATCH] Prepend prefix when HTTP path is relative + +This sets a couple of variables. With the url http://www.example.com/foo/bar : +http_path: /foo/bar +http_url: http://www.example.com/foo/bar + +Signed-off-by: Peter Jones +--- + grub-core/kern/main.c | 10 +++++- + grub-core/net/efi/http.c | 82 ++++++++++++++++++++++++++++++++++++------------ + 2 files changed, 71 insertions(+), 21 deletions(-) + +diff --git a/grub-core/kern/main.c b/grub-core/kern/main.c +index da47b18b5..dcf48726d 100644 +--- a/grub-core/kern/main.c ++++ b/grub-core/kern/main.c +@@ -130,11 +130,19 @@ grub_set_prefix_and_root (void) + if (fwdevice && fwpath) + { + char *fw_path; ++ char separator[3] = ")"; + +- fw_path = grub_xasprintf ("(%s)/%s", fwdevice, fwpath); ++ grub_dprintf ("fw_path", "\n"); ++ grub_dprintf ("fw_path", "fwdevice:\"%s\" fwpath:\"%s\"\n", fwdevice, fwpath); ++ ++ if (!grub_strncmp(fwdevice, "http", 4) && fwpath[0] != '/') ++ grub_strcpy(separator, ")/"); ++ ++ fw_path = grub_xasprintf ("(%s%s%s", fwdevice, separator, fwpath); + if (fw_path) + { + grub_env_set ("fw_path", fw_path); ++ grub_dprintf ("fw_path", "fw_path:\"%s\"\n", fw_path); + grub_free (fw_path); + } + } +diff --git a/grub-core/net/efi/http.c b/grub-core/net/efi/http.c +index 243acbaa3..2a9624dac 100644 +--- a/grub-core/net/efi/http.c ++++ b/grub-core/net/efi/http.c +@@ -9,10 +9,52 @@ + static void + http_configure (struct grub_efi_net_device *dev, int prefer_ip6) + { ++ grub_efi_ipv6_address_t address; + grub_efi_http_config_data_t http_config; + grub_efi_httpv4_access_point_t httpv4_node; + grub_efi_httpv6_access_point_t httpv6_node; + grub_efi_status_t status; ++ int https; ++ char *http_url; ++ const char *rest, *http_server, *http_path = NULL; ++ ++ http_server = grub_env_get ("root"); ++ https = grub_strncmp (http_server, "https", 5) ? 1 : 0; ++ ++ /* extract http server + port */ ++ if (http_server) ++ { ++ http_server = grub_strchr (http_server, ','); ++ if (http_server) ++ http_server++; ++ } ++ ++ /* fw_path is like (http,192.168.1.1:8000)/httpboot, extract path part */ ++ http_path = grub_env_get ("fw_path"); ++ if (http_path) ++ { ++ http_path = grub_strchr (http_path, ')'); ++ if (http_path) ++ { ++ http_path++; ++ grub_env_unset ("http_path"); ++ grub_env_set ("http_path", http_path); ++ } ++ } ++ ++ if (http_server && http_path) ++ { ++ if (grub_efi_string_to_ip6_address (http_server, &address, &rest) && *rest == 0) ++ http_url = grub_xasprintf ("%s://[%s]%s", https ? "https" : "http", http_server, http_path); ++ else ++ http_url = grub_xasprintf ("%s://%s%s", https ? "https" : "http", http_server, http_path); ++ if (http_url) ++ { ++ grub_env_unset ("http_url"); ++ grub_env_set ("http_url", http_url); ++ grub_free (http_url); ++ } ++ } + + grub_efi_http_t *http = dev->http; + +@@ -352,32 +394,32 @@ grub_efihttp_open (struct grub_efi_net_device *dev, + grub_err_t err; + grub_off_t size; + char *buf; +- char *root_url; +- grub_efi_ipv6_address_t address; +- const char *rest; ++ char *file_name; ++ const char *http_path; + +- if (grub_efi_string_to_ip6_address (file->device->net->server, &address, &rest) && *rest == 0) +- root_url = grub_xasprintf ("%s://[%s]", type ? "https" : "http", file->device->net->server); ++ /* If path is relative, prepend http_path */ ++ http_path = grub_env_get ("http_path"); ++ if (http_path && file->device->net->name[0] != '/') ++ file_name = grub_xasprintf ("%s/%s", http_path, file->device->net->name); + else +- root_url = grub_xasprintf ("%s://%s", type ? "https" : "http", file->device->net->server); +- if (root_url) +- { +- grub_env_unset ("root_url"); +- grub_env_set ("root_url", root_url); +- grub_free (root_url); +- } +- else +- { +- return grub_errno; +- } ++ file_name = grub_strdup (file->device->net->name); + +- err = efihttp_request (dev->http, file->device->net->server, file->device->net->name, type, 1, 0); ++ if (!file_name) ++ return grub_errno; ++ ++ err = efihttp_request (dev->http, file->device->net->server, file_name, type, 1, 0); + if (err != GRUB_ERR_NONE) +- return err; ++ { ++ grub_free (file_name); ++ return err; ++ } + +- err = efihttp_request (dev->http, file->device->net->server, file->device->net->name, type, 0, &size); ++ err = efihttp_request (dev->http, file->device->net->server, file_name, type, 0, &size); ++ grub_free (file_name); + if (err != GRUB_ERR_NONE) +- return err; ++ { ++ return err; ++ } + + buf = grub_malloc (size); + efihttp_read (dev, buf, size); diff --git a/SOURCES/0227-Make-linux_arm_kernel_header.hdr_offset-be-at-the-ri.patch b/SOURCES/0227-Make-linux_arm_kernel_header.hdr_offset-be-at-the-ri.patch new file mode 100644 index 0000000..ab8d8c1 --- /dev/null +++ b/SOURCES/0227-Make-linux_arm_kernel_header.hdr_offset-be-at-the-ri.patch @@ -0,0 +1,71 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Thu, 16 Aug 2018 11:08:11 -0400 +Subject: [PATCH] Make linux_arm_kernel_header.hdr_offset be at the right place + +The kernel in front of me (slightly edited to make objdump work) looks like: + +00000000 4d 5a 10 13 4d 5a 10 13 4d 5a 10 13 4d 5a 10 13 |MZ..MZ..MZ..MZ..| +00000010 4d 5a 10 13 4d 5a 10 13 4d 5a 10 13 00 00 a0 e1 |MZ..MZ..MZ......| +00000020 f6 03 00 ea 18 28 6f 01 00 00 00 00 00 32 74 00 |.....(o......2t.| +00000030 01 02 03 04 45 45 45 45 74 a2 00 00 40 00 00 00 |....EEEEt...@...| +00000040 50 45 00 00 4c 01 04 00 00 00 00 00 00 00 00 00 |PE..L...........| +00000050 00 00 00 00 90 00 06 03 0b 01 02 14 00 20 74 00 |............. t.| +00000060 00 14 00 00 00 00 00 00 b4 19 00 00 00 10 00 00 |................| +00000070 00 30 74 00 00 00 00 00 00 10 00 00 00 02 00 00 |.0t.............| +00000080 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000090 00 44 74 00 00 10 00 00 00 00 00 00 0a 00 00 00 |.Dt.............| +000000a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +000000b0 00 00 00 00 06 00 00 00 00 00 00 00 00 00 00 00 |................| +000000c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +* + +(I don't know why the MZ header is there 7 times, but the offsets work out, so +it's merely a surprising distraction.) + +If linux_arm_kernel_header.reserved2 is 16 bytes, that means hdr_offset is +here: + +00000030 01 02 03 04 45 45 45 45 74 a2 00 00 40 00 00 00 |....EEEEt...@...| +00000040 50 45 00 00 4c 01 04 00 00 00 00 00 00 00 00 00 |PE..L...........| + ^^^^^^^^^^^ + +But it's supposed to be 4 bytes before that. + +This patch makes the reserved field be 3*32 instead of 4*32, and that means we +can find the PE header correcrtly at 0x40 by reading the value at 0x3c. + +Signed-off-by: Peter Jones +--- + grub-core/loader/efi/linux.c | 3 +++ + include/grub/arm/linux.h | 2 +- + 2 files changed, 4 insertions(+), 1 deletion(-) + +diff --git a/grub-core/loader/efi/linux.c b/grub-core/loader/efi/linux.c +index 0622dfa48..b56ea0bc0 100644 +--- a/grub-core/loader/efi/linux.c ++++ b/grub-core/loader/efi/linux.c +@@ -79,7 +79,10 @@ grub_efi_linux_boot (void *kernel_addr, grub_off_t handover_offset, + offset = 512; + #endif + ++ grub_dprintf ("linux", "kernel_addr: %p handover_offset: %p params: %p\n", ++ kernel_addr, (void *)(grub_efi_uintn_t)handover_offset, kernel_params); + hf = (handover_func)((char *)kernel_addr + handover_offset + offset); ++ grub_dprintf ("linux", "handover_func() = %p\n", hf); + hf (grub_efi_image_handle, grub_efi_system_table, kernel_params); + + return GRUB_ERR_BUG; +diff --git a/include/grub/arm/linux.h b/include/grub/arm/linux.h +index 5900fc8a4..bed308f22 100644 +--- a/include/grub/arm/linux.h ++++ b/include/grub/arm/linux.h +@@ -31,7 +31,7 @@ struct linux_arm_kernel_header { + grub_uint32_t magic; + grub_uint32_t start; /* _start */ + grub_uint32_t end; /* _edata */ +- grub_uint32_t reserved2[4]; ++ grub_uint32_t reserved2[3]; + grub_uint32_t hdr_offset; + }; + diff --git a/SOURCES/0228-Mark-some-unused-stuff-unused.patch b/SOURCES/0228-Mark-some-unused-stuff-unused.patch new file mode 100644 index 0000000..fec4400 --- /dev/null +++ b/SOURCES/0228-Mark-some-unused-stuff-unused.patch @@ -0,0 +1,32 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Mon, 27 Aug 2018 13:10:08 -0400 +Subject: [PATCH] Mark some unused stuff unused + +Signed-off-by: Peter Jones +--- + grub-core/commands/blscfg.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/grub-core/commands/blscfg.c b/grub-core/commands/blscfg.c +index bdb1c5a95..abd6f00d0 100644 +--- a/grub-core/commands/blscfg.c ++++ b/grub-core/commands/blscfg.c +@@ -434,7 +434,7 @@ finish: + + static grub_envblk_t saved_env = NULL; + +-static int ++static int UNUSED + save_var (const char *name, const char *value, void *whitelist UNUSED) + { + const char *val = grub_env_get (name); +@@ -446,7 +446,7 @@ save_var (const char *name, const char *value, void *whitelist UNUSED) + return 0; + } + +-static int ++static int UNUSED + unset_var (const char *name, const char *value UNUSED, void *whitelist) + { + grub_dprintf("blscfg", "restoring \"%s\"\n", name); diff --git a/SOURCES/0229-Make-grub_error-more-verbose.patch b/SOURCES/0229-Make-grub_error-more-verbose.patch new file mode 100644 index 0000000..1911f47 --- /dev/null +++ b/SOURCES/0229-Make-grub_error-more-verbose.patch @@ -0,0 +1,98 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Mon, 27 Aug 2018 13:14:06 -0400 +Subject: [PATCH] Make grub_error() more verbose + +Signed-off-by: Peter Jones +--- + grub-core/kern/efi/mm.c | 17 ++++++++++++++--- + grub-core/kern/err.c | 13 +++++++++++-- + include/grub/err.h | 5 ++++- + 3 files changed, 29 insertions(+), 6 deletions(-) + +diff --git a/grub-core/kern/efi/mm.c b/grub-core/kern/efi/mm.c +index 5cdf6c943..7692e63ba 100644 +--- a/grub-core/kern/efi/mm.c ++++ b/grub-core/kern/efi/mm.c +@@ -157,12 +157,20 @@ grub_efi_allocate_pages_real (grub_efi_physical_address_t address, + + /* Limit the memory access to less than 4GB for 32-bit platforms. */ + if (address > GRUB_EFI_MAX_USABLE_ADDRESS) +- return 0; ++ { ++ grub_error (GRUB_ERR_BAD_ARGUMENT, ++ N_("invalid memory address (0x%llx > 0x%llx)"), ++ address, GRUB_EFI_MAX_USABLE_ADDRESS); ++ return NULL; ++ } + + b = grub_efi_system_table->boot_services; + status = efi_call_4 (b->allocate_pages, alloctype, memtype, pages, &address); + if (status != GRUB_EFI_SUCCESS) +- return 0; ++ { ++ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory")); ++ return NULL; ++ } + + if (address == 0) + { +@@ -172,7 +180,10 @@ grub_efi_allocate_pages_real (grub_efi_physical_address_t address, + status = efi_call_4 (b->allocate_pages, alloctype, memtype, pages, &address); + grub_efi_free_pages (0, pages); + if (status != GRUB_EFI_SUCCESS) +- return 0; ++ { ++ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory")); ++ return NULL; ++ } + } + + grub_efi_store_alloc (address, pages); +diff --git a/grub-core/kern/err.c b/grub-core/kern/err.c +index 53c734de7..aebfe0cf8 100644 +--- a/grub-core/kern/err.c ++++ b/grub-core/kern/err.c +@@ -33,15 +33,24 @@ static struct grub_error_saved grub_error_stack_items[GRUB_ERROR_STACK_SIZE]; + static int grub_error_stack_pos; + static int grub_error_stack_assert; + ++#ifdef grub_error ++#undef grub_error ++#endif ++ + grub_err_t +-grub_error (grub_err_t n, const char *fmt, ...) ++grub_error (grub_err_t n, const char *file, const int line, const char *fmt, ...) + { + va_list ap; ++ int m; + + grub_errno = n; + ++ m = grub_snprintf (grub_errmsg, sizeof (grub_errmsg), "%s:%d:", file, line); ++ if (m < 0) ++ m = 0; ++ + va_start (ap, fmt); +- grub_vsnprintf (grub_errmsg, sizeof (grub_errmsg), _(fmt), ap); ++ grub_vsnprintf (grub_errmsg + m, sizeof (grub_errmsg) - m, _(fmt), ap); + va_end (ap); + + return n; +diff --git a/include/grub/err.h b/include/grub/err.h +index 1590c688e..9b830757d 100644 +--- a/include/grub/err.h ++++ b/include/grub/err.h +@@ -84,7 +84,10 @@ struct grub_error_saved + extern grub_err_t EXPORT_VAR(grub_errno); + extern char EXPORT_VAR(grub_errmsg)[GRUB_MAX_ERRMSG]; + +-grub_err_t EXPORT_FUNC(grub_error) (grub_err_t n, const char *fmt, ...); ++grub_err_t EXPORT_FUNC(grub_error) (grub_err_t n, const char *file, const int line, const char *fmt, ...); ++ ++#define grub_error(n, fmt, ...) grub_error (n, __FILE__, __LINE__, fmt, ##__VA_ARGS__) ++ + void EXPORT_FUNC(grub_fatal) (const char *fmt, ...) __attribute__ ((noreturn)); + void EXPORT_FUNC(grub_error_push) (void); + int EXPORT_FUNC(grub_error_pop) (void); diff --git a/SOURCES/0230-arm-arm64-loader-Better-memory-allocation-and-error-.patch b/SOURCES/0230-arm-arm64-loader-Better-memory-allocation-and-error-.patch new file mode 100644 index 0000000..ba43cda --- /dev/null +++ b/SOURCES/0230-arm-arm64-loader-Better-memory-allocation-and-error-.patch @@ -0,0 +1,307 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Tue, 14 Aug 2018 14:07:44 -0400 +Subject: [PATCH] arm/arm64 loader: Better memory allocation and error + messages. + +On mustang, our memory map looks like: + +Type Physical start - end #Pages Size Attributes +reserved 0000004000000000-00000040001fffff 00000200 2MiB UC WC WT WB +conv-mem 0000004000200000-0000004393ffffff 00393e00 14654MiB UC WC WT WB +ldr-code 0000004394000000-00000043f7ffffff 00064000 1600MiB UC WC WT WB +BS-data 00000043f8000000-00000043f801ffff 00000020 128KiB UC WC WT WB +conv-mem 00000043f8020000-00000043fa15bfff 0000213c 34032KiB UC WC WT WB +ldr-code 00000043fa15c000-00000043fa2a1fff 00000146 1304KiB UC WC WT WB +ldr-data 00000043fa2a2000-00000043fa3e8fff 00000147 1308KiB UC WC WT WB +conv-mem 00000043fa3e9000-00000043fa3e9fff 00000001 4KiB UC WC WT WB +ldr-data 00000043fa3ea000-00000043fa3eafff 00000001 4KiB UC WC WT WB +ldr-code 00000043fa3eb000-00000043fa4affff 000000c5 788KiB UC WC WT WB +BS-code 00000043fa4b0000-00000043fa59ffff 000000f0 960KiB UC WC WT WB +RT-code 00000043fa5a0000-00000043fa5affff 00000010 64KiB RT UC WC WT WB +RT-data 00000043fa5b0000-00000043fa5bffff 00000010 64KiB RT UC WC WT WB +RT-code 00000043fa5c0000-00000043fa5cffff 00000010 64KiB RT UC WC WT WB +ldr-data 00000043fa5d0000-00000043fa5d0fff 00000001 4KiB UC WC WT WB +BS-code 00000043fa5d1000-00000043fa5ddfff 0000000d 52KiB UC WC WT WB +reserved 00000043fa5de000-00000043fa60ffff 00000032 200KiB UC WC WT WB +ACPI-rec 00000043fa610000-00000043fa6affff 000000a0 640KiB UC WC WT WB +ACPI-nvs 00000043fa6b0000-00000043fa6bffff 00000010 64KiB UC WC WT WB +ACPI-rec 00000043fa6c0000-00000043fa70ffff 00000050 320KiB UC WC WT WB +RT-code 00000043fa710000-00000043fa72ffff 00000020 128KiB RT UC WC WT WB +RT-data 00000043fa730000-00000043fa78ffff 00000060 384KiB RT UC WC WT WB +RT-code 00000043fa790000-00000043fa79ffff 00000010 64KiB RT UC WC WT WB +RT-data 00000043fa7a0000-00000043fa99ffff 00000200 2MiB RT UC WC WT WB +RT-code 00000043fa9a0000-00000043fa9affff 00000010 64KiB RT UC WC WT WB +RT-data 00000043fa9b0000-00000043fa9cffff 00000020 128KiB RT UC WC WT WB +BS-code 00000043fa9d0000-00000043fa9d9fff 0000000a 40KiB UC WC WT WB +reserved 00000043fa9da000-00000043fa9dbfff 00000002 8KiB UC WC WT WB +conv-mem 00000043fa9dc000-00000043fc29dfff 000018c2 25352KiB UC WC WT WB +BS-data 00000043fc29e000-00000043fc78afff 000004ed 5044KiB UC WC WT WB +conv-mem 00000043fc78b000-00000043fca01fff 00000277 2524KiB UC WC WT WB +BS-data 00000043fca02000-00000043fcea3fff 000004a2 4744KiB UC WC WT WB +conv-mem 00000043fcea4000-00000043fcea4fff 00000001 4KiB UC WC WT WB +BS-data 00000043fcea5000-00000043fd192fff 000002ee 3000KiB UC WC WT WB +conv-mem 00000043fd193000-00000043fd2b0fff 0000011e 1144KiB UC WC WT WB +BS-data 00000043fd2b1000-00000043ff80ffff 0000255f 38268KiB UC WC WT WB +BS-code 00000043ff810000-00000043ff99ffff 00000190 1600KiB UC WC WT WB +RT-code 00000043ff9a0000-00000043ff9affff 00000010 64KiB RT UC WC WT WB +conv-mem 00000043ff9b0000-00000043ff9bffff 00000010 64KiB UC WC WT WB +RT-data 00000043ff9c0000-00000043ff9effff 00000030 192KiB RT UC WC WT WB +conv-mem 00000043ff9f0000-00000043ffa05fff 00000016 88KiB UC WC WT WB +BS-data 00000043ffa06000-00000043ffffffff 000005fa 6120KiB UC WC WT WB +MMIO 0000000010510000-0000000010510fff 00000001 4KiB RT +MMIO 0000000010548000-0000000010549fff 00000002 8KiB RT +MMIO 0000000017000000-0000000017001fff 00000002 8KiB RT +MMIO 000000001c025000-000000001c025fff 00000001 4KiB RT + +When we're trying to find the base of ram, if we start with GRUB_UINT_MAX +(0xffffffff on all platforms) and always use min(), that means we eventually +decide that the base of ram is GRUB_UINT_MAX, which is lower than our first +memory address, and thus our allocation of the initramfs, which specifies this +value as the maximum possible address it can be at, fails. + +This patch changes it to start at GRUB_EFI_MAX_USABLE_ADDRESS, which is always +at least 0xffffffff on 32-bit platforms and at least 0x7ffffffffffffff on +64-bit platforms. Additionally, this adds a requirement that the memory we +choose is actually /allocatable/ conventional memory, not merely +write-combining. On this machine that means we wind up with an allocation +around 0x4392XXXXXX, which is a reasonable address. + +This also changes grub_efi_allocate_pages_real() so that if 0 is allocated, it +tries to allocate again starting with the same max address it did the first +time, rather than interposing GRUB_EFI_MAX_USABLE_ADDRESS there, so that any +per-platform constraints on its given address are maintained. + +Signed-off-by: Peter Jones +--- + grub-core/kern/efi/mm.c | 32 ++++++++++++----- + grub-core/loader/arm64/linux.c | 78 ++++++++++++++++++++++++++++++++---------- + 2 files changed, 82 insertions(+), 28 deletions(-) + +diff --git a/grub-core/kern/efi/mm.c b/grub-core/kern/efi/mm.c +index 7692e63ba..306924f73 100644 +--- a/grub-core/kern/efi/mm.c ++++ b/grub-core/kern/efi/mm.c +@@ -154,6 +154,7 @@ grub_efi_allocate_pages_real (grub_efi_physical_address_t address, + { + grub_efi_status_t status; + grub_efi_boot_services_t *b; ++ grub_efi_physical_address_t ret = address; + + /* Limit the memory access to less than 4GB for 32-bit platforms. */ + if (address > GRUB_EFI_MAX_USABLE_ADDRESS) +@@ -165,19 +166,19 @@ grub_efi_allocate_pages_real (grub_efi_physical_address_t address, + } + + b = grub_efi_system_table->boot_services; +- status = efi_call_4 (b->allocate_pages, alloctype, memtype, pages, &address); ++ status = efi_call_4 (b->allocate_pages, alloctype, memtype, pages, &ret); + if (status != GRUB_EFI_SUCCESS) + { + grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory")); + return NULL; + } + +- if (address == 0) ++ if (ret == 0) + { + /* Uggh, the address 0 was allocated... This is too annoying, + so reallocate another one. */ +- address = GRUB_EFI_MAX_USABLE_ADDRESS; +- status = efi_call_4 (b->allocate_pages, alloctype, memtype, pages, &address); ++ ret = address; ++ status = efi_call_4 (b->allocate_pages, alloctype, memtype, pages, &ret); + grub_efi_free_pages (0, pages); + if (status != GRUB_EFI_SUCCESS) + { +@@ -186,9 +187,9 @@ grub_efi_allocate_pages_real (grub_efi_physical_address_t address, + } + } + +- grub_efi_store_alloc (address, pages); ++ grub_efi_store_alloc (ret, pages); + +- return (void *) ((grub_addr_t) address); ++ return (void *) ((grub_addr_t) ret); + } + + void * +@@ -696,11 +697,24 @@ grub_efi_get_ram_base(grub_addr_t *base_addr) + if (ret < 1) + return GRUB_ERR_BUG; + +- for (desc = memory_map, *base_addr = GRUB_UINT_MAX; ++ for (desc = memory_map, *base_addr = GRUB_EFI_MAX_USABLE_ADDRESS; + (grub_addr_t) desc < ((grub_addr_t) memory_map + memory_map_size); + desc = NEXT_MEMORY_DESCRIPTOR (desc, desc_size)) +- if (desc->attribute & GRUB_EFI_MEMORY_WB) +- *base_addr = grub_min (*base_addr, desc->physical_start); ++ { ++ if (desc->type == GRUB_EFI_CONVENTIONAL_MEMORY && ++ (desc->attribute & GRUB_EFI_MEMORY_WB)) ++ { ++ *base_addr = grub_min (*base_addr, desc->physical_start); ++ grub_dprintf ("efi", "setting base_addr=0x%016lx\n", *base_addr); ++ } ++ else ++ { ++ grub_dprintf ("efi", "ignoring address 0x%016lx\n", desc->physical_start); ++ } ++ } ++ ++ if (*base_addr == GRUB_EFI_MAX_USABLE_ADDRESS) ++ grub_dprintf ("efi", "base_addr 0x%016lx is probably wrong.\n", *base_addr); + + grub_free(memory_map); + +diff --git a/grub-core/loader/arm64/linux.c b/grub-core/loader/arm64/linux.c +index 93b5cd306..e1110749e 100644 +--- a/grub-core/loader/arm64/linux.c ++++ b/grub-core/loader/arm64/linux.c +@@ -70,13 +70,15 @@ finalize_params_linux (void) + { + grub_efi_loaded_image_t *loaded_image = NULL; + int node, retval, len; +- ++ grub_err_t err = GRUB_ERR_NONE; + void *fdt; + + fdt = grub_fdt_load (0x400); +- + if (!fdt) +- goto failure; ++ { ++ err = grub_error(GRUB_ERR_BAD_OS, "failed to load FDT"); ++ goto failure; ++ } + + node = grub_fdt_find_subnode (fdt, 0, "chosen"); + if (node < 0) +@@ -87,17 +89,26 @@ finalize_params_linux (void) + */ + retval = grub_fdt_set_prop32(fdt, 0, "#address-cells", 2); + if (retval) +- goto failure; ++ { ++ err = grub_error(retval, "Could not find #address-cells"); ++ goto failure; ++ } + + retval = grub_fdt_set_prop32(fdt, 0, "#size-cells", 2); + if (retval) +- goto failure; ++ { ++ err = grub_error(retval, "Could not find #size-cells"); ++ goto failure; ++ } + + node = grub_fdt_add_subnode (fdt, 0, "chosen"); + } + + if (node < 1) +- goto failure; ++ { ++ err = grub_error(grub_errno, "failed to load chosen fdt node."); ++ goto failure; ++ } + + /* Set initrd info */ + if (initrd_start && initrd_end > initrd_start) +@@ -108,15 +119,26 @@ finalize_params_linux (void) + retval = grub_fdt_set_prop64 (fdt, node, "linux,initrd-start", + initrd_start); + if (retval) +- goto failure; ++ { ++ err = grub_error(retval, "Failed to set linux,initrd-start property"); ++ goto failure; ++ } ++ + retval = grub_fdt_set_prop64 (fdt, node, "linux,initrd-end", + initrd_end); + if (retval) +- goto failure; ++ { ++ err = grub_error(retval, "Failed to set linux,initrd-end property"); ++ goto failure; ++ } + } + +- if (grub_fdt_install() != GRUB_ERR_NONE) +- goto failure; ++ retval = grub_fdt_install(); ++ if (retval != GRUB_ERR_NONE) ++ { ++ err = grub_error(retval, "Failed to install fdt"); ++ goto failure; ++ } + + grub_dprintf ("linux", "Installed/updated FDT configuration table @ %p\n", + fdt); +@@ -124,14 +146,20 @@ finalize_params_linux (void) + /* Convert command line to UCS-2 */ + loaded_image = grub_efi_get_loaded_image (grub_efi_image_handle); + if (!loaded_image) +- goto failure; ++ { ++ err = grub_error(grub_errno, "Failed to install fdt"); ++ goto failure; ++ } + + loaded_image->load_options_size = len = + (grub_strlen (linux_args) + 1) * sizeof (grub_efi_char16_t); + loaded_image->load_options = + grub_efi_allocate_any_pages (GRUB_EFI_BYTES_TO_PAGES (loaded_image->load_options_size)); + if (!loaded_image->load_options) +- return grub_error(GRUB_ERR_BAD_OS, "failed to create kernel parameters"); ++ { ++ err = grub_error(GRUB_ERR_BAD_OS, "failed to create kernel parameters"); ++ goto failure; ++ } + + loaded_image->load_options_size = + 2 * grub_utf8_to_utf16 (loaded_image->load_options, len, +@@ -141,7 +169,7 @@ finalize_params_linux (void) + + failure: + grub_fdt_unload(); +- return grub_error(GRUB_ERR_BAD_OS, "failed to install/update FDT"); ++ return err; + } + + static void +@@ -225,16 +253,28 @@ grub_linux_unload (void) + static void * + allocate_initrd_mem (int initrd_pages) + { +- grub_addr_t max_addr; ++ grub_addr_t max_addr = 0; ++ grub_err_t err; ++ void *ret; + +- if (grub_efi_get_ram_base (&max_addr) != GRUB_ERR_NONE) +- return NULL; ++ err = grub_efi_get_ram_base (&max_addr); ++ if (err != GRUB_ERR_NONE) ++ { ++ grub_error (err, "grub_efi_get_ram_base() failed"); ++ return NULL; ++ } ++ ++ grub_dprintf ("linux", "max_addr: 0x%016lx, INITRD_MAX_ADDRESS_OFFSET: 0x%016llx\n", ++ max_addr, INITRD_MAX_ADDRESS_OFFSET); + + max_addr += INITRD_MAX_ADDRESS_OFFSET - 1; ++ grub_dprintf ("linux", "calling grub_efi_allocate_pages_real (0x%016lx, 0x%08x, EFI_ALLOCATE_MAX_ADDRESS, EFI_LOADER_DATA)", max_addr, initrd_pages); + +- return grub_efi_allocate_pages_real (max_addr, initrd_pages, +- GRUB_EFI_ALLOCATE_MAX_ADDRESS, +- GRUB_EFI_LOADER_DATA); ++ ret = grub_efi_allocate_pages_real (max_addr, initrd_pages, ++ GRUB_EFI_ALLOCATE_MAX_ADDRESS, ++ GRUB_EFI_LOADER_DATA); ++ grub_dprintf ("linux", "got 0x%016llx\n", (unsigned long long)ret); ++ return ret; + } + + static grub_err_t diff --git a/SOURCES/0231-drop-TPM-support-for-legacy-BIOS.patch b/SOURCES/0231-drop-TPM-support-for-legacy-BIOS.patch new file mode 100644 index 0000000..0e6bad1 --- /dev/null +++ b/SOURCES/0231-drop-TPM-support-for-legacy-BIOS.patch @@ -0,0 +1,401 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Fri, 21 Sep 2018 17:51:16 +0200 +Subject: [PATCH] drop TPM support for legacy BIOS + +Currently there's TPM support for both EFI and legacy BIOS. + +A software interrupt call interface is used in legacy BIOS to communicate +with the TPM chips. But with some BIOS firmwares, the machine just hangs +after doing a BIOS interrupt call for the TCG_HashLogExtendEvent command. + +It's hard to know what exactly is causing this, but the Trousers project +mentions in their docs that they don't use TCG_HashLogExtendEvent [0] due +the command not working reliable on some BIOS. + +The TCG_CompactHashLogExtendEvent is less fragile, since it has a simpler +interface, doesn't require to setup any data structure and doesn't return +anything. So it could be used to do measurements and logs events instead. + +But even when using this command can be a workaround on some systems, it +doesn't guarantee that could not fail on others. So since the TPM support +for some legacy BIOS don't work and can lead to machines failing to boot, +let's just drop it and only support TPM for EFI. + +[0]: http://trousers.sourceforge.net/grub.html + +Resolves: rhbz#1579835 + +Signed-off-by: Javier Martinez Canillas +--- + grub-core/Makefile.core.def | 1 - + grub-core/kern/i386/pc/tpm.c | 145 -------------------------------------- + grub-core/loader/i386/pc/linux.c | 4 -- + include/grub/tpm.h | 2 +- + grub-core/boot/i386/pc/boot.S | 30 +------- + grub-core/boot/i386/pc/diskboot.S | 44 ------------ + 6 files changed, 2 insertions(+), 224 deletions(-) + delete mode 100644 grub-core/kern/i386/pc/tpm.c + +diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def +index cf3d549d2..fb0a1e0ba 100644 +--- a/grub-core/Makefile.core.def ++++ b/grub-core/Makefile.core.def +@@ -246,7 +246,6 @@ kernel = { + + i386_pc = kern/i386/pc/init.c; + i386_pc = kern/i386/pc/mmap.c; +- i386_pc = kern/i386/pc/tpm.c; + i386_pc = term/i386/pc/console.c; + + i386_qemu = bus/pci.c; +diff --git a/grub-core/kern/i386/pc/tpm.c b/grub-core/kern/i386/pc/tpm.c +deleted file mode 100644 +index f6f264aff..000000000 +--- a/grub-core/kern/i386/pc/tpm.c ++++ /dev/null +@@ -1,145 +0,0 @@ +-#include +-#include +-#include +-#include +-#include +-#include +- +-#define TCPA_MAGIC 0x41504354 +- +-static int tpm_presence = -1; +- +-int tpm_present(void); +- +-int tpm_present(void) +-{ +- struct grub_bios_int_registers regs; +- +- if (tpm_presence != -1) +- return tpm_presence; +- +- regs.flags = GRUB_CPU_INT_FLAGS_DEFAULT; +- regs.eax = 0xbb00; +- regs.ebx = TCPA_MAGIC; +- grub_bios_interrupt (0x1a, ®s); +- +- if (regs.eax == 0) +- tpm_presence = 1; +- else +- tpm_presence = 0; +- +- return tpm_presence; +-} +- +-grub_err_t +-grub_tpm_execute(PassThroughToTPM_InputParamBlock *inbuf, +- PassThroughToTPM_OutputParamBlock *outbuf) +-{ +- struct grub_bios_int_registers regs; +- grub_addr_t inaddr, outaddr; +- +- if (!tpm_present()) +- return 0; +- +- inaddr = (grub_addr_t) inbuf; +- outaddr = (grub_addr_t) outbuf; +- regs.flags = GRUB_CPU_INT_FLAGS_DEFAULT; +- regs.eax = 0xbb02; +- regs.ebx = TCPA_MAGIC; +- regs.ecx = 0; +- regs.edx = 0; +- regs.es = (inaddr & 0xffff0000) >> 4; +- regs.edi = inaddr & 0xffff; +- regs.ds = outaddr >> 4; +- regs.esi = outaddr & 0xf; +- +- grub_bios_interrupt (0x1a, ®s); +- +- if (regs.eax) +- { +- tpm_presence = 0; +- return grub_error (GRUB_ERR_IO, N_("TPM error %x, disabling TPM"), regs.eax); +- } +- +- return 0; +-} +- +-typedef struct { +- grub_uint32_t pcrindex; +- grub_uint32_t eventtype; +- grub_uint8_t digest[20]; +- grub_uint32_t eventdatasize; +- grub_uint8_t event[0]; +-} GRUB_PACKED Event; +- +-typedef struct { +- grub_uint16_t ipblength; +- grub_uint16_t reserved; +- grub_uint32_t hashdataptr; +- grub_uint32_t hashdatalen; +- grub_uint32_t pcr; +- grub_uint32_t reserved2; +- grub_uint32_t logdataptr; +- grub_uint32_t logdatalen; +-} GRUB_PACKED EventIncoming; +- +-typedef struct { +- grub_uint16_t opblength; +- grub_uint16_t reserved; +- grub_uint32_t eventnum; +- grub_uint8_t hashvalue[20]; +-} GRUB_PACKED EventOutgoing; +- +-grub_err_t +-grub_tpm_log_event(unsigned char *buf, grub_size_t size, grub_uint8_t pcr, +- const char *description) +-{ +- struct grub_bios_int_registers regs; +- EventIncoming incoming; +- EventOutgoing outgoing; +- Event *event; +- grub_uint32_t datalength; +- +- if (!tpm_present()) +- return 0; +- +- datalength = grub_strlen(description); +- event = grub_zalloc(datalength + sizeof(Event)); +- if (!event) +- return grub_error (GRUB_ERR_OUT_OF_MEMORY, +- N_("cannot allocate TPM event buffer")); +- +- event->pcrindex = pcr; +- event->eventtype = 0x0d; +- event->eventdatasize = grub_strlen(description); +- grub_memcpy(event->event, description, datalength); +- +- incoming.ipblength = sizeof(incoming); +- incoming.hashdataptr = (grub_uint32_t)buf; +- incoming.hashdatalen = size; +- incoming.pcr = pcr; +- incoming.logdataptr = (grub_uint32_t)event; +- incoming.logdatalen = datalength + sizeof(Event); +- +- regs.flags = GRUB_CPU_INT_FLAGS_DEFAULT; +- regs.eax = 0xbb01; +- regs.ebx = TCPA_MAGIC; +- regs.ecx = 0; +- regs.edx = 0; +- regs.es = (((grub_addr_t) &incoming) & 0xffff0000) >> 4; +- regs.edi = ((grub_addr_t) &incoming) & 0xffff; +- regs.ds = (((grub_addr_t) &outgoing) & 0xffff0000) >> 4; +- regs.esi = ((grub_addr_t) &outgoing) & 0xffff; +- +- grub_bios_interrupt (0x1a, ®s); +- +- grub_free(event); +- +- if (regs.eax) +- { +- tpm_presence = 0; +- return grub_error (GRUB_ERR_IO, N_("TPM error %x, disabling TPM"), regs.eax); +- } +- +- return 0; +-} +diff --git a/grub-core/loader/i386/pc/linux.c b/grub-core/loader/i386/pc/linux.c +index cfff25c21..783a3cd93 100644 +--- a/grub-core/loader/i386/pc/linux.c ++++ b/grub-core/loader/i386/pc/linux.c +@@ -36,7 +36,6 @@ + #include + #include + #include +-#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -162,9 +161,6 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + goto fail; + } + +- grub_tpm_measure (kernel, len, GRUB_BINARY_PCR, "grub_linux16", "Kernel"); +- grub_print_error(); +- + grub_memcpy (&lh, kernel, sizeof (lh)); + kernel_offset = sizeof (lh); + +diff --git a/include/grub/tpm.h b/include/grub/tpm.h +index 972a5edc8..ce52be4ff 100644 +--- a/include/grub/tpm.h ++++ b/include/grub/tpm.h +@@ -69,7 +69,7 @@ typedef struct { + grub_err_t EXPORT_FUNC(grub_tpm_measure) (unsigned char *buf, grub_size_t size, + grub_uint8_t pcr, const char *kind, + const char *description); +-#if defined (GRUB_MACHINE_EFI) || defined (GRUB_MACHINE_PCBIOS) ++#if defined (GRUB_MACHINE_EFI) + grub_err_t grub_tpm_execute(PassThroughToTPM_InputParamBlock *inbuf, + PassThroughToTPM_OutputParamBlock *outbuf); + grub_err_t grub_tpm_log_event(unsigned char *buf, grub_size_t size, +diff --git a/grub-core/boot/i386/pc/boot.S b/grub-core/boot/i386/pc/boot.S +index acab37369..ea167fe12 100644 +--- a/grub-core/boot/i386/pc/boot.S ++++ b/grub-core/boot/i386/pc/boot.S +@@ -24,14 +24,11 @@ + * defines for the code go here + */ + +-#define TPM 1 +- + /* Print message string */ + #define MSG(x) movw $x, %si; call LOCAL(message) + #define ERR(x) movw $x, %si; jmp LOCAL(error_message) + + .macro floppy +-#ifndef TPM + part_start: + + LOCAL(probe_values): +@@ -88,7 +85,6 @@ fd_probe_error_string: .asciz "Floppy" + movb MACRO_DOLLAR(79), %ch + + jmp LOCAL(final_init) +-#endif + .endm + + .macro scratch +@@ -256,7 +252,6 @@ real_start: + /* set %si to the disk address packet */ + movw $disk_address_packet, %si + +-#ifndef TPM + /* check if LBA is supported */ + movb $0x41, %ah + movw $0x55aa, %bx +@@ -276,7 +271,6 @@ real_start: + + andw $1, %cx + jz LOCAL(chs_mode) +-#endif + + LOCAL(lba_mode): + xorw %ax, %ax +@@ -320,9 +314,6 @@ LOCAL(lba_mode): + jmp LOCAL(copy_buffer) + + LOCAL(chs_mode): +-#ifdef TPM +- jmp LOCAL(general_error) +-#else + /* + * Determine the hard disk geometry from the BIOS! + * We do this first, so that LS-120 IDE floppies work correctly. +@@ -434,7 +425,7 @@ setup_sectors: + jc LOCAL(read_error) + + movw %es, %bx +-#endif /* TPM */ ++ + LOCAL(copy_buffer): + /* + * We need to save %cx and %si because the startup code in +@@ -457,25 +448,6 @@ LOCAL(copy_buffer): + popw %ds + popa + +-#ifdef TPM +- pusha +- +- movw $0xBB00, %ax /* TCG_StatusCheck */ +- int $0x1A +- test %eax, %eax +- jnz boot /* No TPM or TPM deactivated */ +- +- movw $0xBB07, %ax /* TCG_CompactHashLogExtendEvent */ +- movw $GRUB_BOOT_MACHINE_KERNEL_ADDR, %di +- xorl %esi, %esi +- movl $0x41504354, %ebx /* TCPA */ +- movl $0x200, %ecx /* Measure 512 bytes */ +- movl $0x8, %edx /* PCR 8 */ +- int $0x1A +- +-boot: +- popa +-#endif + /* boot kernel */ + jmp *(LOCAL(kernel_address)) + +diff --git a/grub-core/boot/i386/pc/diskboot.S b/grub-core/boot/i386/pc/diskboot.S +index f4744ec6f..68d31de0c 100644 +--- a/grub-core/boot/i386/pc/diskboot.S ++++ b/grub-core/boot/i386/pc/diskboot.S +@@ -19,8 +19,6 @@ + #include + #include + +-#define TPM 1 +- + /* + * defines for the code go here + */ +@@ -55,21 +53,6 @@ _start: + /* this sets up for the first run through "bootloop" */ + movw $LOCAL(firstlist), %di + +-#ifdef TPM +- /* clear EAX to remove potential garbage */ +- xorl %eax, %eax +- /* 8(%di) = number of sectors to read */ +- movw 8(%di), %ax +- +- /* Multiply number of sectors to read with 512 bytes. EAX is 32bit +- * which is large enough to hold values of up to 4GB. I doubt there +- * will ever be a core.img larger than that. ;-) */ +- shll $9, %eax +- +- /* write result to bytes_to_measure var */ +- movl %eax, bytes_to_measure +-#endif +- + /* save the sector number of the second sector in %ebp */ + movl (%di), %ebp + +@@ -307,29 +290,6 @@ LOCAL(copy_buffer): + /* END OF MAIN LOOP */ + + LOCAL(bootit): +-#ifdef TPM +- pusha +- movw $0xBB07, %ax /* TCG_CompactHashLogExtendEvent */ +- +- movw $0x0, %bx +- movw %bx, %es +- +- /* We've already measured the first 512 bytes, now measure the rest */ +- xorl %edi, %edi +- movw $(GRUB_BOOT_MACHINE_KERNEL_ADDR + 0x200), %di +- +- movl $0x41504354, %ebx /* EBX = "TCPA" */ +- +- /* %ecx = The length, in bytes, of the buffer to measure */ +- movl $bytes_to_measure, %esi +- movl (%esi), %ecx +- xorl %esi, %esi +- movl $0x9, %edx /* PCR 9 */ +- +- int $0x1A +- +- popa +-#endif + /* print a newline */ + MSG(notification_done) + popw %dx /* this makes sure %dl is our "boot" drive */ +@@ -364,10 +324,6 @@ geometry_error_string: .asciz "Geom" + read_error_string: .asciz "Read" + general_error_string: .asciz " Error" + +-#ifdef TPM +-bytes_to_measure: .long 0 +-#endif +- + /* + * message: write the string pointed to by %si + * diff --git a/SOURCES/0232-Move-quicksort-function-from-kernel.exec-to-the-blsc.patch b/SOURCES/0232-Move-quicksort-function-from-kernel.exec-to-the-blsc.patch new file mode 100644 index 0000000..2358db5 --- /dev/null +++ b/SOURCES/0232-Move-quicksort-function-from-kernel.exec-to-the-blsc.patch @@ -0,0 +1,148 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Thu, 27 Sep 2018 10:49:14 +0200 +Subject: [PATCH] Move quicksort function from kernel.exec to the blscfg module + +The qsort function is defined in the grub2 kernel and exported for modules +to use. But this prevents the blscfg.mod to be loaded by old grub2 kernels +that don't export this symbol. + +Loading the latest blscfg module might be useful on legacy BIOS systems to +avoid updating the first and second stage grub2 images in the boot device. + +Since the only caller of the qsort function is the blscfg module, move the +qsort function out of the grub2 kernel and only have it in the blscfg.mod. + +While being there, also remove the grub_bsearch() function that is unused. + +Related: rhbz#1633646 + +Signed-off-by: Javier Martinez Canillas +--- + grub-core/Makefile.core.def | 2 +- + grub-core/commands/blscfg.c | 3 ++- + grub-core/{kern/qsort.c => commands/bls_qsort.h} | 30 +++--------------------- + include/grub/misc.h | 15 ------------ + 4 files changed, 6 insertions(+), 44 deletions(-) + rename grub-core/{kern/qsort.c => commands/bls_qsort.h} (93%) + +diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def +index fb0a1e0ba..3346d1be6 100644 +--- a/grub-core/Makefile.core.def ++++ b/grub-core/Makefile.core.def +@@ -129,7 +129,6 @@ kernel = { + common = kern/rescue_parser.c; + common = kern/rescue_reader.c; + common = kern/term.c; +- common = kern/qsort.c; + common = kern/backtrace.c; + common = kern/tpm.c; + +@@ -781,6 +780,7 @@ module = { + module = { + name = blscfg; + common = commands/blscfg.c; ++ common = commands/bls_qsort.h; + common = commands/loadenv.h; + enable = efi; + enable = i386_pc; +diff --git a/grub-core/commands/blscfg.c b/grub-core/commands/blscfg.c +index abd6f00d0..bec5a9ffe 100644 +--- a/grub-core/commands/blscfg.c ++++ b/grub-core/commands/blscfg.c +@@ -36,6 +36,7 @@ + + GRUB_MOD_LICENSE ("GPLv3+"); + ++#include "bls_qsort.h" + #include "loadenv.h" + + #define GRUB_BLS_CONFIG_PATH "/loader/entries/" +@@ -717,7 +718,7 @@ read_fallback: + use_version = false; + } + +- grub_qsort(&entries[0], nentries, sizeof (struct bls_entry *), bls_cmp, &use_version); ++ bls_qsort(&entries[0], nentries, sizeof (struct bls_entry *), bls_cmp, &use_version); + + grub_dprintf ("blscfg", "%s Creating %d entries from bls\n", __func__, nentries); + for (r = nentries - 1; r >= 0; r--) +diff --git a/grub-core/kern/qsort.c b/grub-core/commands/bls_qsort.h +similarity index 93% +rename from grub-core/kern/qsort.c +rename to grub-core/commands/bls_qsort.h +index 7f3fc9ffd..572765fa3 100644 +--- a/grub-core/kern/qsort.c ++++ b/grub-core/commands/bls_qsort.h +@@ -64,6 +64,7 @@ typedef struct + #define POP(low, high) ((void) (--top, (low = top->lo), (high = top->hi))) + #define STACK_NOT_EMPTY (stack < top) + ++typedef int (*grub_compar_d_fn_t) (const void *p0, const void *p1, void *state); + + /* Order size using quicksort. This implementation incorporates + four optimizations discussed in Sedgewick: +@@ -89,8 +90,8 @@ typedef struct + smaller partition. This *guarantees* no more than log (total_elems) + stack size is needed (actually O(1) in this case)! */ + +-void +-grub_qsort (void *const pbase, grub_size_t total_elems, grub_size_t size, ++static inline void UNUSED ++bls_qsort (void *const pbase, grub_size_t total_elems, grub_size_t size, + grub_compar_d_fn_t cmp, void *arg) + { + char *base_ptr = (char *) pbase; +@@ -252,28 +253,3 @@ grub_qsort (void *const pbase, grub_size_t total_elems, grub_size_t size, + } + } + +-void * +-grub_bsearch (const void *key, const void *base, grub_size_t nmemb, grub_size_t size, +- grub_compar_d_fn_t compar, void *state) +-{ +- grub_size_t l, u, idx; +- const void *p; +- int comparison; +- +- l = 0; +- u = nmemb; +- while (l < u) +- { +- idx = (l + u) / 2; +- p = (void *) (((const char *) base) + (idx * size)); +- comparison = (*compar) (key, p, state); +- if (comparison < 0) +- u = idx; +- else if (comparison > 0) +- l = idx + 1; +- else +- return (void *) p; +- } +- +- return NULL; +-} +diff --git a/include/grub/misc.h b/include/grub/misc.h +index 5f1c1c1be..de9016ab7 100644 +--- a/include/grub/misc.h ++++ b/include/grub/misc.h +@@ -510,19 +510,4 @@ void EXPORT_FUNC(grub_real_boot_time) (const char *file, + #define grub_max(a, b) (((a) > (b)) ? (a) : (b)) + #define grub_min(a, b) (((a) < (b)) ? (a) : (b)) + +-typedef int (*grub_compar_d_fn_t) (const void *p0, const void *p1, void *state); +- +-void *EXPORT_FUNC(grub_bsearch) (const void *key, +- const void *base, +- grub_size_t nmemb, +- grub_size_t size, +- grub_compar_d_fn_t compar, +- void *state); +- +-void EXPORT_FUNC(grub_qsort) (void *const pbase, +- grub_size_t total_elems, +- grub_size_t size, +- grub_compar_d_fn_t cmp, +- void *state); +- + #endif /* ! GRUB_MISC_HEADER */ diff --git a/SOURCES/0233-Include-blscfg-module-for-powerpc-ieee1275.patch b/SOURCES/0233-Include-blscfg-module-for-powerpc-ieee1275.patch new file mode 100644 index 0000000..7527ea1 --- /dev/null +++ b/SOURCES/0233-Include-blscfg-module-for-powerpc-ieee1275.patch @@ -0,0 +1,27 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Thu, 27 Sep 2018 19:03:43 +0200 +Subject: [PATCH] Include blscfg module for powerpc ieee1275 + +The blscfg module is currently not built for powerpc ieee1275, but this +is still needed when the machine is not booted in bare metal with OPAL. + +Related: rhbz#1633646 + +Signed-off-by: Javier Martinez Canillas +--- + grub-core/Makefile.core.def | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def +index 3346d1be6..6864e780f 100644 +--- a/grub-core/Makefile.core.def ++++ b/grub-core/Makefile.core.def +@@ -782,6 +782,7 @@ module = { + common = commands/blscfg.c; + common = commands/bls_qsort.h; + common = commands/loadenv.h; ++ enable = powerpc_ieee1275; + enable = efi; + enable = i386_pc; + enable = emu; diff --git a/SOURCES/0234-grub-switch-to-blscfg-copy-blscfg-module-for-legacy-.patch b/SOURCES/0234-grub-switch-to-blscfg-copy-blscfg-module-for-legacy-.patch new file mode 100644 index 0000000..54e44bc --- /dev/null +++ b/SOURCES/0234-grub-switch-to-blscfg-copy-blscfg-module-for-legacy-.patch @@ -0,0 +1,55 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Fri, 28 Sep 2018 10:35:38 +0200 +Subject: [PATCH] grub-switch-to-blscfg: copy blscfg module for legacy BIOS and + ppc ieee1275 + +On platforms that load the blscfg module the latest version should be used, +so copy the module to the boot directory to make sure that the grub2 kernel +will load the latest version of the BLS parsing code. + +Related: rhbz#1633646 + +Signed-off-by: Javier Martinez Canillas +--- + util/grub-switch-to-blscfg.in | 13 ++++++++++++- + 1 file changed, 12 insertions(+), 1 deletion(-) + +diff --git a/util/grub-switch-to-blscfg.in b/util/grub-switch-to-blscfg.in +index 9cf64f8e7..1c6bd1882 100644 +--- a/util/grub-switch-to-blscfg.in ++++ b/util/grub-switch-to-blscfg.in +@@ -53,6 +53,8 @@ blsdir=`echo "/@bootdirname@/loader/entries" | sed 's,//*,/,g'` + + backupsuffix=.bak + ++arch="$(uname -m)" ++ + export TEXTDOMAIN=@PACKAGE@ + export TEXTDOMAINDIR="@localedir@" + +@@ -248,7 +250,6 @@ for kernelver in $(cd /lib/modules/ ; ls -1) "" ; do + fi + + if [ "x$GRUB_LINUX_MAKE_DEBUG" = "xtrue" ]; then +- arch="$(uname -m)" + bls_debug="$(echo ${bls_target} | sed -e "s/\.${arch}/-debug.${arch}/")" + cp -aT "${bls_target}" "${bls_debug}" + title="$(grep '^title[ \t]' "${bls_debug}" | sed -e 's/^title[ \t]*//')" +@@ -282,6 +283,16 @@ elif ! grep -q '^GRUB_ENABLE_BLSCFG=.*' "${etcdefaultgrub}" ; then + fi + + if [ "${GENERATE}" -eq 1 ] ; then ++ if [ $arch = "x86_64" ] && [ ! -d /sys/firmware/efi ]; then ++ if ! cp ${prefix}/lib/grub//i386-pc/blscfg.mod ${grubdir}/i386-pc/ ; then ++ exit 1 ++ fi ++ elif [ $arch = "ppc64" -o $arch = "ppc64le" ] && [ ! -d /sys/firmware/opal ]; then ++ if ! cp ${prefix}/lib/grub/powerpc-ieee1275/blscfg.mod ${grubdir}/powerpc-ieee1275/ ; then ++ exit 1 ++ fi ++ fi ++ + cp -af "${GRUB_CONFIG_FILE}" "${GRUB_CONFIG_FILE}${backupsuffix}" + if ! grub2-mkconfig -o "${GRUB_CONFIG_FILE}" ; then + cp -af "${GRUB_CONFIG_FILE}${backupsuffix}" "${GRUB_CONFIG_FILE}" diff --git a/SOURCES/0235-Fix-getroot.c-s-trampolines.patch b/SOURCES/0235-Fix-getroot.c-s-trampolines.patch new file mode 100644 index 0000000..8419662 --- /dev/null +++ b/SOURCES/0235-Fix-getroot.c-s-trampolines.patch @@ -0,0 +1,49 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Fri, 28 Sep 2018 15:42:19 -0400 +Subject: [PATCH] Fix getroot.c's trampolines. + +This makes the stack executable on most of the grub utilities, which is +bad, and rpmdiff complains about it. + +Related: rhbz#1633646 + +Signed-off-by: Peter Jones +--- + grub-core/osdep/linux/getroot.c | 16 +++++++--------- + 1 file changed, 7 insertions(+), 9 deletions(-) + +diff --git a/grub-core/osdep/linux/getroot.c b/grub-core/osdep/linux/getroot.c +index 4c5a13022..388a0f706 100644 +--- a/grub-core/osdep/linux/getroot.c ++++ b/grub-core/osdep/linux/getroot.c +@@ -1264,22 +1264,20 @@ grub_util_get_grub_dev_os (const char *os_dev) + return grub_dev; + } + ++static void *mp = NULL; ++static void ++btrfs_mount_path_hook(const char *m) ++{ ++ mp = strdup (m); ++} + + char * + grub_util_get_btrfs_subvol (const char *path, char **mount_path) + { +- char *mp = NULL; +- + if (mount_path) + *mount_path = NULL; + +- auto void +- mount_path_hook (const char *m) +- { +- mp = strdup (m); +- } +- +- grub_find_root_btrfs_mount_path_hook = mount_path_hook; ++ grub_find_root_btrfs_mount_path_hook = btrfs_mount_path_hook; + grub_free (grub_find_root_devices_from_mountinfo (path, NULL)); + grub_find_root_btrfs_mount_path_hook = NULL; + diff --git a/SOURCES/0236-add-10_linux_bls-grub.d-snippet-to-generate-menu-ent.patch b/SOURCES/0236-add-10_linux_bls-grub.d-snippet-to-generate-menu-ent.patch new file mode 100644 index 0000000..74cc327 --- /dev/null +++ b/SOURCES/0236-add-10_linux_bls-grub.d-snippet-to-generate-menu-ent.patch @@ -0,0 +1,485 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Wed, 3 Oct 2018 20:48:32 +0200 +Subject: [PATCH] add 10_linux_bls grub.d snippet to generate menu entries from + BLS files + +This grub.d snippet can be used on platforms where the bootloader doesn't +have BLS support and only can parse a normal grub configuration file. + +Portions of this script were taken from the ostree-grub-generator script +included in the OSTree project. + +Resolves: rhbz#1636013 + +Signed-off-by: Javier Martinez Canillas +--- + Makefile.util.def | 7 + + util/grub.d/10_linux_bls.in | 440 ++++++++++++++++++++++++++++++++++++++++++++ + 2 files changed, 447 insertions(+) + create mode 100644 util/grub.d/10_linux_bls.in + +diff --git a/Makefile.util.def b/Makefile.util.def +index cba4d5001..08cc98ddb 100644 +--- a/Makefile.util.def ++++ b/Makefile.util.def +@@ -502,6 +502,13 @@ script = { + condition = COND_HOST_LINUX; + }; + ++script = { ++ name = '10_linux_bls'; ++ common = util/grub.d/10_linux_bls.in; ++ installdir = grubconf; ++ condition = COND_HOST_LINUX; ++}; ++ + script = { + name = '10_xnu'; + common = util/grub.d/10_xnu.in; +diff --git a/util/grub.d/10_linux_bls.in b/util/grub.d/10_linux_bls.in +new file mode 100644 +index 000000000..3cc7803c6 +--- /dev/null ++++ b/util/grub.d/10_linux_bls.in +@@ -0,0 +1,440 @@ ++#! /bin/sh ++set -e ++ ++# grub-mkconfig helper script. ++# Copyright (C) 2006,2007,2008,2009,2010 Free Software Foundation, Inc. ++# ++# GRUB is free software: you can redistribute it and/or modify ++# it under the terms of the GNU General Public License as published by ++# the Free Software Foundation, either version 3 of the License, or ++# (at your option) any later version. ++# ++# GRUB is distributed in the hope that it will be useful, ++# but WITHOUT ANY WARRANTY; without even the implied warranty of ++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++# GNU General Public License for more details. ++# ++# You should have received a copy of the GNU General Public License ++# along with GRUB. If not, see . ++ ++prefix="@prefix@" ++exec_prefix="@exec_prefix@" ++datarootdir="@datarootdir@" ++ ++. "$pkgdatadir/grub-mkconfig_lib" ++ ++export TEXTDOMAIN=@PACKAGE@ ++export TEXTDOMAINDIR="@localedir@" ++ ++CLASS="--class gnu-linux --class gnu --class os --unrestricted" ++ ++if [ "x${GRUB_DISTRIBUTOR}" = "x" ] ; then ++ OS="$(eval $(grep PRETTY_NAME /etc/os-release) ; echo ${PRETTY_NAME})" ++ CLASS="--class $(eval $(grep '^ID_LIKE=\|^ID=' /etc/os-release) ; [ -n "${ID_LIKE}" ] && echo ${ID_LIKE} || echo ${ID}) ${CLASS}" ++else ++ OS="${GRUB_DISTRIBUTOR}" ++ CLASS="--class $(echo ${GRUB_DISTRIBUTOR} | tr 'A-Z' 'a-z' | cut -d' ' -f1|LC_ALL=C sed 's,[^[:alnum:]_],_,g') ${CLASS}" ++fi ++ ++# loop-AES arranges things so that /dev/loop/X can be our root device, but ++# the initrds that Linux uses don't like that. ++case ${GRUB_DEVICE} in ++ /dev/loop/*|/dev/loop[0-9]) ++ GRUB_DEVICE=`losetup ${GRUB_DEVICE} | sed -e "s/^[^(]*(\([^)]\+\)).*/\1/"` ++ ;; ++esac ++ ++# Default to disabling partition uuid support to maintian compatibility with ++# older kernels. ++GRUB_DISABLE_LINUX_PARTUUID=${GRUB_DISABLE_LINUX_PARTUUID-true} ++ ++# btrfs may reside on multiple devices. We cannot pass them as value of root= parameter ++# and mounting btrfs requires user space scanning, so force UUID in this case. ++if ( [ "x${GRUB_DEVICE_UUID}" = "x" ] && [ "x${GRUB_DEVICE_PARTUUID}" = "x" ] ) \ ++ || ( [ "x${GRUB_DISABLE_LINUX_UUID}" = "xtrue" ] \ ++ && [ "x${GRUB_DISABLE_LINUX_PARTUUID}" = "xtrue" ] ) \ ++ || ( ! test -e "/dev/disk/by-uuid/${GRUB_DEVICE_UUID}" \ ++ && ! test -e "/dev/disk/by-partuuid/${GRUB_DEVICE_PARTUUID}" ) \ ++ || ( test -e "${GRUB_DEVICE}" && uses_abstraction "${GRUB_DEVICE}" lvm ); then ++ LINUX_ROOT_DEVICE=${GRUB_DEVICE} ++elif [ "x${GRUB_DEVICE_UUID}" = "x" ] \ ++ || [ "x${GRUB_DISABLE_LINUX_UUID}" = "xtrue" ]; then ++ LINUX_ROOT_DEVICE=PARTUUID=${GRUB_DEVICE_PARTUUID} ++else ++ LINUX_ROOT_DEVICE=UUID=${GRUB_DEVICE_UUID} ++fi ++ ++case x"$GRUB_FS" in ++ xbtrfs) ++ if [ "x${SUSE_BTRFS_SNAPSHOT_BOOTING}" = "xtrue" ]; then ++ GRUB_CMDLINE_LINUX="${GRUB_CMDLINE_LINUX} \${extra_cmdline}" ++ else ++ rootsubvol="`make_system_path_relative_to_its_root /`" ++ rootsubvol="${rootsubvol#/}" ++ if [ "x${rootsubvol}" != x ]; then ++ GRUB_CMDLINE_LINUX="rootflags=subvol=${rootsubvol} ${GRUB_CMDLINE_LINUX}" ++ fi ++ fi;; ++ xzfs) ++ rpool=`${grub_probe} --device ${GRUB_DEVICE} --target=fs_label 2>/dev/null || true` ++ bootfs="`make_system_path_relative_to_its_root / | sed -e "s,@$,,"`" ++ LINUX_ROOT_DEVICE="ZFS=${rpool}${bootfs}" ++ ;; ++esac ++ ++mktitle () ++{ ++ local title_type ++ local version ++ local OS_NAME ++ local OS_VERS ++ ++ title_type=$1 && shift ++ version=$1 && shift ++ ++ OS_NAME="$(eval $(grep ^NAME= /etc/os-release) ; echo ${NAME})" ++ OS_VERS="$(eval $(grep ^VERSION= /etc/os-release) ; echo ${VERSION})" ++ ++ case $title_type in ++ recovery) ++ title=$(printf '%s (%s) %s (recovery mode)' \ ++ "${OS_NAME}" "${version}" "${OS_VERS}") ++ ;; ++ *) ++ title=$(printf '%s (%s) %s' \ ++ "${OS_NAME}" "${version}" "${OS_VERS}") ++ ;; ++ esac ++ echo -n ${title} ++} ++ ++title_correction_code= ++ ++populate_header_warn() ++{ ++cat <&2 ++ for config in $(ls -v -r $entries_path/*.conf); do ++ read_config ${config} ++ menu="${menu}menuentry '${title}' {\n" ++ menu="${menu}\t linux ${linux} ${options}\n" ++ if [ -n "${initrd}" ] ; then ++ menu="${menu}\t initrd ${boot_prefix}${initrd}\n" ++ fi ++ menu="${menu}}\n\n" ++ done ++ # The printf command seems to be more reliable across shells for special character (\n, \t) evaluation ++ printf "$menu" ++} ++ ++linux_entry () ++{ ++ os="$1" ++ version="$2" ++ type="$3" ++ isdebug="$4" ++ args="$5" ++ ++ if [ -z "$boot_device_id" ]; then ++ boot_device_id="$(grub_get_device_id "${GRUB_DEVICE}")" ++ fi ++ ++ if [ "x${GRUB_ENABLE_BLSCFG}" = "xtrue" ]; then ++ if [ x$dirname = x/ ]; then ++ if [ -z "${prepare_root_cache}" ]; then ++ prepare_grub_to_access_device ${GRUB_DEVICE} ++ fi ++ else ++ if [ -z "${prepare_boot_cache}" ]; then ++ prepare_grub_to_access_device ${GRUB_DEVICE_BOOT} ++ fi ++ fi ++ ++ if [ -d /sys/firmware/efi ]; then ++ bootefi_device="`${grub_probe} --target=device /boot/efi/`" ++ prepare_grub_to_access_device ${bootefi_device} boot ++ else ++ boot_device="`${grub_probe} --target=device /boot/`" ++ prepare_grub_to_access_device ${boot_device} boot ++ fi ++ ++ populate_header_warn ++ populate_menu ++ ++ ${grub_editenv} - set saved_entry=0 ++ ${grub_editenv} - set kernelopts="root=${linux_root_device_thisversion} ro ${args}" ++ ++ exit 0 ++ fi ++ ++ if [ x$type != xsimple ] ; then ++ title=$(mktitle "$type" "$version") ++ if [ x"$title" = x"$GRUB_ACTUAL_DEFAULT" ] || [ x"Previous Linux versions>$title" = x"$GRUB_ACTUAL_DEFAULT" ]; then ++ replacement_title="$(echo "Advanced options for ${OS}" | sed 's,>,>>,g')>$(echo "$title" | sed 's,>,>>,g')" ++ quoted="$(echo "$GRUB_ACTUAL_DEFAULT" | grub_quote)" ++ title_correction_code="${title_correction_code}if [ \"x\$default\" = '$quoted' ]; then default='$(echo "$replacement_title" | grub_quote)'; fi;" ++ fi ++ if [ x$isdebug = xdebug ]; then ++ title="$title${GRUB_LINUX_DEBUG_TITLE_POSTFIX}" ++ fi ++ echo "menuentry '$(echo "$title" | grub_quote)' ${CLASS} \$menuentry_id_option 'gnulinux-$version-$type-$boot_device_id' {" | sed "s/^/$submenu_indentation/" ++ else ++ echo "menuentry '$(echo "$os" | grub_quote)' ${CLASS} \$menuentry_id_option 'gnulinux-simple-$boot_device_id' {" | sed "s/^/$submenu_indentation/" ++ fi ++ if [ x$type != xrecovery ] ; then ++ save_default_entry | grub_add_tab ++ fi ++ ++ # Use ELILO's generic "efifb" when it's known to be available. ++ # FIXME: We need an interface to select vesafb in case efifb can't be used. ++ if [ "x$GRUB_GFXPAYLOAD_LINUX" = x ]; then ++ echo " load_video" | sed "s/^/$submenu_indentation/" ++ if grep -qx "CONFIG_FB_EFI=y" "${config}" 2> /dev/null \ ++ && grep -qx "CONFIG_VT_HW_CONSOLE_BINDING=y" "${config}" 2> /dev/null; then ++ echo " set gfxpayload=keep" | sed "s/^/$submenu_indentation/" ++ fi ++ else ++ if [ "x$GRUB_GFXPAYLOAD_LINUX" != xtext ]; then ++ echo " load_video" | sed "s/^/$submenu_indentation/" ++ fi ++ echo " set gfxpayload=$GRUB_GFXPAYLOAD_LINUX" | sed "s/^/$submenu_indentation/" ++ fi ++ ++ echo " insmod gzio" | sed "s/^/$submenu_indentation/" ++ ++ if [ x$dirname = x/ ]; then ++ if [ -z "${prepare_root_cache}" ]; then ++ prepare_root_cache="$(prepare_grub_to_access_device ${GRUB_DEVICE} | grub_add_tab)" ++ fi ++ printf '%s\n' "${prepare_root_cache}" | sed "s/^/$submenu_indentation/" ++ else ++ if [ -z "${prepare_boot_cache}" ]; then ++ prepare_boot_cache="$(prepare_grub_to_access_device ${GRUB_DEVICE_BOOT} | grub_add_tab)" ++ fi ++ printf '%s\n' "${prepare_boot_cache}" | sed "s/^/$submenu_indentation/" ++ fi ++ sed "s/^/$submenu_indentation/" << EOF ++ linux ${rel_dirname}/${basename} root=${linux_root_device_thisversion} ro ${args} ++EOF ++ if test -n "${initrd}" ; then ++ initrd_path= ++ for i in ${initrd}; do ++ initrd_path="${initrd_path} ${rel_dirname}/${i}" ++ done ++ sed "s/^/$submenu_indentation/" << EOF ++ initrd $(echo $initrd_path) ++EOF ++ fi ++ if test -n "${fdt}" ; then ++ sed "s/^/$submenu_indentation/" << EOF ++ devicetree ${rel_dirname}/${fdt} ++EOF ++ fi ++ sed "s/^/$submenu_indentation/" << EOF ++} ++EOF ++} ++ ++machine=`uname -m` ++case "x$machine" in ++ xi?86 | xx86_64) ++ list= ++ for i in /boot/vmlinuz-* /vmlinuz-* /boot/kernel-* ; do ++ if grub_file_is_not_garbage "$i" ; then list="$list $i" ; fi ++ done ;; ++ *) ++ list= ++ for i in /boot/vmlinuz-* /boot/vmlinux-* /vmlinuz-* /vmlinux-* /boot/kernel-* ; do ++ if grub_file_is_not_garbage "$i" ; then list="$list $i" ; fi ++ done ;; ++esac ++ ++if [ "x${GRUB_ENABLE_BLSCFG}" = "xtrue" ]; then ++ for i in /boot/ostree/*/vmlinuz-* ; do ++ if grub_file_is_not_garbage "$i" ; then list="$list $i" ; fi ++ done ++fi ++ ++case "$machine" in ++ i?86) GENKERNEL_ARCH="x86" ;; ++ mips|mips64) GENKERNEL_ARCH="mips" ;; ++ mipsel|mips64el) GENKERNEL_ARCH="mipsel" ;; ++ arm*) GENKERNEL_ARCH="arm" ;; ++ *) GENKERNEL_ARCH="$machine" ;; ++esac ++ ++prepare_boot_cache= ++prepare_root_cache= ++boot_device_id= ++title_correction_code= ++ ++# Extra indentation to add to menu entries in a submenu. We're not in a submenu ++# yet, so it's empty. In a submenu it will be equal to '\t' (one tab). ++submenu_indentation="" ++ ++is_top_level=true ++while [ "x$list" != "x" ] ; do ++ linux=`version_find_latest $list` ++ if [ "x${GRUB_ENABLE_BLSCFG}" != "xtrue" ]; then ++ gettext_printf "Found linux image: %s\n" "$linux" >&2 ++ fi ++ ++ basename=`basename $linux` ++ dirname=`dirname $linux` ++ rel_dirname=`make_system_path_relative_to_its_root $dirname` ++ version=`echo $basename | sed -e "s,^[^0-9]*-,,g"` ++ alt_version=`echo $version | sed -e "s,\.old$,,g"` ++ linux_root_device_thisversion="${LINUX_ROOT_DEVICE}" ++ ++ initrd_early= ++ for i in ${GRUB_EARLY_INITRD_LINUX_STOCK} \ ++ ${GRUB_EARLY_INITRD_LINUX_CUSTOM}; do ++ if test -e "${dirname}/${i}" ; then ++ initrd_early="${initrd_early} ${i}" ++ fi ++ done ++ ++ initrd_real= ++ for i in "initrd.img-${version}" "initrd-${version}.img" "initrd-${version}.gz" \ ++ "initrd-${version}" "initramfs-${version}.img" \ ++ "initrd.img-${alt_version}" "initrd-${alt_version}.img" \ ++ "initrd-${alt_version}" "initramfs-${alt_version}.img" \ ++ "initramfs-genkernel-${version}" \ ++ "initramfs-genkernel-${alt_version}" \ ++ "initramfs-genkernel-${GENKERNEL_ARCH}-${version}" \ ++ "initramfs-genkernel-${GENKERNEL_ARCH}-${alt_version}"; do ++ if test -e "${dirname}/${i}" ; then ++ initrd_real="${i}" ++ break ++ fi ++ done ++ ++ initrd= ++ if test -n "${initrd_early}" || test -n "${initrd_real}"; then ++ initrd="${initrd_early} ${initrd_real}" ++ ++ initrd_display= ++ for i in ${initrd}; do ++ initrd_display="${initrd_display} ${dirname}/${i}" ++ done ++ if [ "x${GRUB_ENABLE_BLSCFG}" != "xtrue" ]; then ++ gettext_printf "Found initrd image: %s\n" "$(echo $initrd_display)" >&2 ++ fi ++ fi ++ ++ fdt= ++ for i in "dtb-${version}" "dtb-${alt_version}"; do ++ if test -f "${dirname}/${i}/${GRUB_DEFAULT_DTB}" ; then ++ fdt="${i}/${GRUB_DEFAULT_DTB}" ++ break ++ fi ++ done ++ ++ config= ++ for i in "${dirname}/config-${version}" "${dirname}/config-${alt_version}" "/etc/kernels/kernel-config-${version}" ; do ++ if test -e "${i}" ; then ++ config="${i}" ++ break ++ fi ++ done ++ ++ initramfs= ++ if test -n "${config}" ; then ++ initramfs=`grep CONFIG_INITRAMFS_SOURCE= "${config}" | cut -f2 -d= | tr -d \"` ++ fi ++ ++ if test -z "${initramfs}" && test -z "${initrd_real}" ; then ++ # "UUID=" and "ZFS=" magic is parsed by initrd or initramfs. Since there's ++ # no initrd or builtin initramfs, it can't work here. ++ if [ "x${GRUB_DEVICE_PARTUUID}" = "x" ] \ ++ || [ "x${GRUB_DISABLE_LINUX_PARTUUID}" = "xtrue" ]; then ++ ++ linux_root_device_thisversion=${GRUB_DEVICE} ++ else ++ linux_root_device_thisversion=PARTUUID=${GRUB_DEVICE_PARTUUID} ++ fi ++ fi ++ ++ if [ "x${GRUB_DISABLE_SUBMENU}" = "xyes" ] || [ "x${GRUB_DISABLE_SUBMENU}" = "xy" ]; then ++ GRUB_DISABLE_SUBMENU="true" ++ fi ++ ++ if [ "x$is_top_level" = xtrue ] && [ "x${GRUB_DISABLE_SUBMENU}" != xtrue ]; then ++ linux_entry "${OS}" "${version}" simple standard \ ++ "${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT}" ++ if [ "x$GRUB_LINUX_MAKE_DEBUG" = "xtrue" ]; then ++ linux_entry "${OS}" "${version}" simple debug \ ++ "${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT} ${GRUB_CMDLINE_LINUX_DEBUG}" ++ fi ++ ++ submenu_indentation="$grub_tab" ++ ++ if [ -z "$boot_device_id" ]; then ++ boot_device_id="$(grub_get_device_id "${GRUB_DEVICE}")" ++ fi ++ # TRANSLATORS: %s is replaced with an OS name ++ echo "submenu '$(gettext_printf "Advanced options for %s" "${OS}" | grub_quote)' \$menuentry_id_option 'gnulinux-advanced-$boot_device_id' {" ++ is_top_level=false ++ fi ++ ++ linux_entry "${OS}" "${version}" advanced standard \ ++ "${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT}" ++ if [ "x$GRUB_LINUX_MAKE_DEBUG" = "xtrue" ]; then ++ linux_entry "${OS}" "${version}" advanced debug \ ++ "${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT} ${GRUB_CMDLINE_LINUX_DEBUG}" ++ fi ++ ++ if [ "x${GRUB_DISABLE_RECOVERY}" != "xtrue" ]; then ++ linux_entry "${OS}" "${version}" recovery standard \ ++ "single ${GRUB_CMDLINE_LINUX}" ++ fi ++ ++ list=`echo $list | tr ' ' '\n' | fgrep -vx "$linux" | tr '\n' ' '` ++done ++ ++# If at least one kernel was found, then we need to ++# add a closing '}' for the submenu command. ++if [ x"$is_top_level" != xtrue ]; then ++ echo '}' ++fi ++ ++echo "$title_correction_code" diff --git a/SOURCES/0237-Only-set-kernelopts-in-grubenv-if-it-wasn-t-set-befo.patch b/SOURCES/0237-Only-set-kernelopts-in-grubenv-if-it-wasn-t-set-befo.patch new file mode 100644 index 0000000..ce7d8e7 --- /dev/null +++ b/SOURCES/0237-Only-set-kernelopts-in-grubenv-if-it-wasn-t-set-befo.patch @@ -0,0 +1,79 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Fri, 5 Oct 2018 16:29:47 +0200 +Subject: [PATCH] Only set kernelopts in grubenv if it wasn't set before + +Users may want to use a different command line parameters, so if there's +a kernelopts var set in grubenv, grub2-mkconfig shouldn't reset it. + +While being there, print a warning so users know that they shouldn't edit +the grub config file and instead edit the BootLoaderSpec config files. + +Resolves: rhbz#1636466 + +Signed-off-by: Javier Martinez Canillas +--- + util/grub.d/10_linux.in | 20 +++++++++++++++++++- + util/grub.d/10_linux_bls.in | 4 +++- + 2 files changed, 22 insertions(+), 2 deletions(-) + +diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in +index 9682e97b7..01e66e5fc 100644 +--- a/util/grub.d/10_linux.in ++++ b/util/grub.d/10_linux.in +@@ -82,6 +82,20 @@ case x"$GRUB_FS" in + ;; + esac + ++populate_header_warn() ++{ ++cat < +Date: Thu, 11 Oct 2018 15:30:13 -0400 +Subject: [PATCH] blscfg: don't include ".conf" at the end of our "id". + +Related: rhbz#1638117 + +Signed-off-by: Peter Jones +--- + grub-core/commands/blscfg.c | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +diff --git a/grub-core/commands/blscfg.c b/grub-core/commands/blscfg.c +index bec5a9ffe..3847572da 100644 +--- a/grub-core/commands/blscfg.c ++++ b/grub-core/commands/blscfg.c +@@ -575,6 +575,7 @@ static void create_entry (struct bls_entry *entry) + char **initrds = NULL; + char *initrd = NULL; + char *id = entry->filename; ++ char *dotconf = id; + char *hotkey = NULL; + + char *users = NULL; +@@ -593,6 +594,16 @@ static void create_entry (struct bls_entry *entry) + goto finish; + } + ++ /* ++ * strip the ".conf" off the end before we make it our "id" field. ++ */ ++ do ++ { ++ dotconf = grub_strstr(dotconf, ".conf"); ++ } while (dotconf != NULL && dotconf[5] != '\0'); ++ if (dotconf) ++ dotconf[0] = '\0'; ++ + title = bls_get_val (entry, "title", NULL); + options = expand_val (bls_get_val (entry, "options", NULL)); + initrds = bls_make_list (entry, "initrd", NULL); diff --git a/SOURCES/0239-grub-get-kernel-settings-expose-some-more-config-var.patch b/SOURCES/0239-grub-get-kernel-settings-expose-some-more-config-var.patch new file mode 100644 index 0000000..d34ea81 --- /dev/null +++ b/SOURCES/0239-grub-get-kernel-settings-expose-some-more-config-var.patch @@ -0,0 +1,32 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Thu, 11 Oct 2018 15:31:04 -0400 +Subject: [PATCH] grub-get-kernel-settings: expose some more config variables + +This exposes MAKEDEFAULT as GRUB_UPDATE_DEFAULT_KERNEL and DEFAULTDEBUG as +GRUB_DEFAULT_TO_DEBUG + +Related: rhbz#1638117 +Signed-off-by: Peter Jones +--- + util/grub-get-kernel-settings.in | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/util/grub-get-kernel-settings.in b/util/grub-get-kernel-settings.in +index 120462198..7e87dfccc 100644 +--- a/util/grub-get-kernel-settings.in ++++ b/util/grub-get-kernel-settings.in +@@ -76,3 +76,13 @@ if [ "$MAKEDEBUG" = "yes" ]; then + echo GRUB_LINUX_DEBUG_TITLE_POSTFIX=\" with debugging\" + echo export GRUB_LINUX_DEBUG_TITLE_POSTFIX + fi ++if [ "$DEFAULTDEBUG" = "yes" ]; then ++ echo GRUB_DEFAULT_TO_DEBUG=true ++else ++ echo GRUB_DEFAULT_TO_DEBUG=false ++fi ++echo export GRUB_DEFAULT_TO_DEBUG ++if [ "$UPDATEDEFAULT" = "yes" ]; then ++ echo GRUB_UPDATE_DEFAULT_KERNEL=true ++ echo export GRUB_UPDATE_DEFAULT_KERNEL ++fi diff --git a/SOURCES/0240-blscfg-sort-everything-with-rpm-package-comparison.patch b/SOURCES/0240-blscfg-sort-everything-with-rpm-package-comparison.patch new file mode 100644 index 0000000..3074e7b --- /dev/null +++ b/SOURCES/0240-blscfg-sort-everything-with-rpm-package-comparison.patch @@ -0,0 +1,161 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Mon, 15 Oct 2018 15:08:33 -0400 +Subject: [PATCH] blscfg: sort everything with rpm *package* comparison + +This makes comparisons use the n-v-r tuple, and compare name with name, +version with version, and release with release. + +Related: rhbz#1638103 + +Signed-off-by: Peter Jones +--- + grub-core/commands/blscfg.c | 118 ++++++++++++++++++++++++++++++++++++++++---- + 1 file changed, 108 insertions(+), 10 deletions(-) + +diff --git a/grub-core/commands/blscfg.c b/grub-core/commands/blscfg.c +index 3847572da..347128c9d 100644 +--- a/grub-core/commands/blscfg.c ++++ b/grub-core/commands/blscfg.c +@@ -206,7 +206,7 @@ static int vercmp(const char * a, const char * b) + int isnum; + int ret = 0; + +- grub_dprintf("blscfg", "%s got here\n", __func__); ++ grub_dprintf("blscfg", "%s got here\n", __func__); + if (!grub_strcmp(a, b)) + return 0; + +@@ -315,6 +315,81 @@ finish: + return ret; + } + ++/* returns name/version/release */ ++/* NULL string pointer returned if nothing found */ ++static void ++split_package_string (char *package_string, char **name, ++ char **version, char **release) ++{ ++ char *package_version, *package_release; ++ ++ /* Release */ ++ package_release = grub_strrchr (package_string, '-'); ++ ++ if (package_release != NULL) ++ *package_release++ = '\0'; ++ ++ *release = package_release; ++ ++ if (name == NULL) ++ { ++ *version = package_string; ++ } ++ else ++ { ++ /* Version */ ++ package_version = grub_strrchr(package_string, '-'); ++ ++ if (package_version != NULL) ++ *package_version++ = '\0'; ++ ++ *version = package_version; ++ /* Name */ ++ *name = package_string; ++ } ++ ++ /* Bubble up non-null values from release to name */ ++ if (name != NULL && *name == NULL) ++ { ++ *name = (*version == NULL ? *release : *version); ++ *version = *release; ++ *release = NULL; ++ } ++ if (*version == NULL) ++ { ++ *version = *release; ++ *release = NULL; ++ } ++} ++ ++static int ++split_cmp(char *nvr0, char *nvr1, int has_name) ++{ ++ int ret = 0; ++ char *name0, *version0, *release0; ++ char *name1, *version1, *release1; ++ ++ split_package_string(nvr0, has_name ? &name0 : NULL, &version0, &release0); ++ split_package_string(nvr1, has_name ? &name1 : NULL, &version1, &release1); ++ ++ if (has_name) ++ { ++ ret = vercmp(name0 == NULL ? "" : name0, ++ name1 == NULL ? "" : name1); ++ if (ret != 0) ++ return ret; ++ } ++ ++ ret = vercmp(version0 == NULL ? "" : version0, ++ version1 == NULL ? "" : version1); ++ if (ret != 0) ++ return ret; ++ ++ ret = vercmp(release0 == NULL ? "" : release0, ++ release1 == NULL ? "" : release1); ++ return ret; ++} ++ + /* return 1: p0 is newer than p1 */ + /* 0: p0 and p1 are the same version */ + /* -1: p1 is newer than p0 */ +@@ -323,18 +398,41 @@ static int bls_cmp(const void *p0, const void *p1, void *state) + struct bls_entry * e0 = *(struct bls_entry **)p0; + struct bls_entry * e1 = *(struct bls_entry **)p1; + bool use_version = *(bool *)state; +- const char *v0, *v1; +- int r; ++ char *v0, *v1; ++ char *id0, *id1; ++ int l, r; + +- if (use_version) { +- v0 = bls_get_val(e0, "version", NULL); +- v1 = bls_get_val(e1, "version", NULL); ++ if (use_version) ++ { ++ v0 = grub_strdup(bls_get_val(e0, "version", NULL)); ++ v1 = grub_strdup(bls_get_val(e1, "version", NULL)); + +- if ((r = vercmp(v0, v1)) != 0) +- return r; +- } ++ r = split_cmp(v0, v1, 0); + +- return vercmp(e0->filename, e1->filename); ++ grub_free(v0); ++ grub_free(v1); ++ ++ if (r != 0) ++ return r; ++ } ++ ++ id0 = grub_strdup(e0->filename); ++ id1 = grub_strdup(e1->filename); ++ ++ l = grub_strlen(id0); ++ if (l > 5 && grub_strcmp(id0 + l - 5, ".conf")) ++ id0[l-5] = '\0'; ++ ++ l = grub_strlen(id1); ++ if (l > 5 && grub_strcmp(id1 + l - 5, ".conf")) ++ id1[l-5] = '\0'; ++ ++ r = split_cmp(id0, id1, 1); ++ ++ grub_free(id0); ++ grub_free(id1); ++ ++ return r; + } + + struct read_entry_info { diff --git a/SOURCES/0241-10_linux_bls-use-grub2-rpm-sort-instead-of-ls-vr-to-.patch b/SOURCES/0241-10_linux_bls-use-grub2-rpm-sort-instead-of-ls-vr-to-.patch new file mode 100644 index 0000000..e3566e0 --- /dev/null +++ b/SOURCES/0241-10_linux_bls-use-grub2-rpm-sort-instead-of-ls-vr-to-.patch @@ -0,0 +1,43 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Tue, 16 Oct 2018 15:48:15 +0200 +Subject: [PATCH] 10_linux_bls: use grub2-rpm-sort instead of ls -vr to sort + entries + +Using ls -vr is wrong since it's not the same than the RPM sort algorithm. + +Signed-off-by: Javier Martinez Canillas +--- + util/grub.d/10_linux_bls.in | 18 +++++++++++++++--- + 1 file changed, 15 insertions(+), 3 deletions(-) + +diff --git a/util/grub.d/10_linux_bls.in b/util/grub.d/10_linux_bls.in +index 8a3379578..1bc97f298 100644 +--- a/util/grub.d/10_linux_bls.in ++++ b/util/grub.d/10_linux_bls.in +@@ -151,10 +151,22 @@ read_config() + + populate_menu() + { +- entries_path="/boot/loader/entries" ++ blsdir="/boot/loader/entries" ++ local -a files ++ local IFS=$'\n' + gettext_printf "Generating boot entries from BLS files...\n" >&2 +- for config in $(ls -v -r $entries_path/*.conf); do +- read_config ${config} ++ ++ files=($(for bls in ${blsdir}/*.conf ; do ++ if ! [[ -e "${bls}" ]] ; then ++ continue ++ fi ++ bls="${bls%.conf}" ++ bls="${bls##*/}" ++ echo "${bls}" ++ done | ${kernel_sort} | tac)) || : ++ ++ for bls in "${files[@]}" ; do ++ read_config "${blsdir}/${bls}.conf" + menu="${menu}menuentry '${title}' {\n" + menu="${menu}\t linux ${linux} ${options}\n" + if [ -n "${initrd}" ] ; then diff --git a/SOURCES/0242-don-t-set-saved_entry-on-grub2-mkconfig.patch b/SOURCES/0242-don-t-set-saved_entry-on-grub2-mkconfig.patch new file mode 100644 index 0000000..761eb34 --- /dev/null +++ b/SOURCES/0242-don-t-set-saved_entry-on-grub2-mkconfig.patch @@ -0,0 +1,42 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Fri, 19 Oct 2018 14:42:41 +0200 +Subject: [PATCH] don't set saved_entry on grub2-mkconfig + +The original plan was for grub2 to rely on the BLS sort criteria to choose +the default entry to boot, to avoid modifying any files when a new kernel +was installed. But that was changed and now 20-grub.install changes the +default, so 10_linux{,bls} shouldn't overwrite this. + +Resolves: rhbz#1636466 + +Signed-off-by: Javier Martinez Canillas +--- + util/grub.d/10_linux.in | 1 - + util/grub.d/10_linux_bls.in | 1 - + 2 files changed, 2 deletions(-) + +diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in +index 01e66e5fc..b54d2774a 100644 +--- a/util/grub.d/10_linux.in ++++ b/util/grub.d/10_linux.in +@@ -165,7 +165,6 @@ if [ -s \$prefix/grubenv ]; then + fi + EOF + +- ${grub_editenv} - set saved_entry=0 + if ! grub2-editenv - list | grep -q kernelopts; then + ${grub_editenv} - set kernelopts="root=${linux_root_device_thisversion} ro ${args}" + fi +diff --git a/util/grub.d/10_linux_bls.in b/util/grub.d/10_linux_bls.in +index 1bc97f298..8745e598d 100644 +--- a/util/grub.d/10_linux_bls.in ++++ b/util/grub.d/10_linux_bls.in +@@ -212,7 +212,6 @@ linux_entry () + populate_header_warn + populate_menu + +- ${grub_editenv} - set saved_entry=0 + if ! grub2-editenv - list | grep -q kernelopts; then + ${grub_editenv} - set kernelopts="root=${linux_root_device_thisversion} ro ${args}" + fi diff --git a/SOURCES/0243-grub-switch-to-blscfg-use-debug-instead-of-debug-as-.patch b/SOURCES/0243-grub-switch-to-blscfg-use-debug-instead-of-debug-as-.patch new file mode 100644 index 0000000..9047027 --- /dev/null +++ b/SOURCES/0243-grub-switch-to-blscfg-use-debug-instead-of-debug-as-.patch @@ -0,0 +1,31 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Fri, 19 Oct 2018 18:48:27 +0200 +Subject: [PATCH] grub-switch-to-blscfg: use ~debug instead of -debug as suffix + to sort correctly + +For the debug BLS entries a -debug suffix was added so they are sorted after +the kernel entries, but that only works with version sort and not rpm sort. + +So instead use ~debug prefix so rpm sort algorithm could sort it correctly. + +Related: rhbz#1638103 + +Signed-off-by: Javier Martinez Canillas +--- + util/grub-switch-to-blscfg.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/util/grub-switch-to-blscfg.in b/util/grub-switch-to-blscfg.in +index 1c6bd1882..60cd6ca63 100644 +--- a/util/grub-switch-to-blscfg.in ++++ b/util/grub-switch-to-blscfg.in +@@ -250,7 +250,7 @@ for kernelver in $(cd /lib/modules/ ; ls -1) "" ; do + fi + + if [ "x$GRUB_LINUX_MAKE_DEBUG" = "xtrue" ]; then +- bls_debug="$(echo ${bls_target} | sed -e "s/\.${arch}/-debug.${arch}/")" ++ bls_debug="$(echo ${bls_target} | sed -e "s/${kernelver}/${kernelver}~debug/")" + cp -aT "${bls_target}" "${bls_debug}" + title="$(grep '^title[ \t]' "${bls_debug}" | sed -e 's/^title[ \t]*//')" + blsid="$(grep '^id[ \t]' "${bls_debug}" | sed -e "s/\.${ARCH}/-debug.${arch}/")" diff --git a/SOURCES/0244-Make-blscfg-debug-messages-more-useful.patch b/SOURCES/0244-Make-blscfg-debug-messages-more-useful.patch new file mode 100644 index 0000000..65c30fa --- /dev/null +++ b/SOURCES/0244-Make-blscfg-debug-messages-more-useful.patch @@ -0,0 +1,175 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Fri, 19 Oct 2018 10:03:28 -0400 +Subject: [PATCH] Make blscfg debug messages more useful + +Related: rhbz#1640979 +Signed-off-by: Peter Jones +--- + grub-core/commands/blscfg.c | 12 +++++------- + grub-core/commands/legacycfg.c | 4 ++-- + grub-core/commands/menuentry.c | 18 ++++++++++++++---- + include/grub/normal.h | 2 +- + 4 files changed, 22 insertions(+), 14 deletions(-) + +diff --git a/grub-core/commands/blscfg.c b/grub-core/commands/blscfg.c +index 347128c9d..42892cbfd 100644 +--- a/grub-core/commands/blscfg.c ++++ b/grub-core/commands/blscfg.c +@@ -46,8 +46,6 @@ GRUB_MOD_LICENSE ("GPLv3+"); + #define GRUB_BOOT_DEVICE "($root)" + #endif + +-#define grub_free(x) ({grub_dprintf("blscfg", "%s freeing %p\n", __func__, x); grub_free(x); }) +- + struct keyval + { + const char *key; +@@ -134,7 +132,7 @@ static int bls_add_keyval(struct bls_entry *entry, char *key, char *val) + kv->val = v; + + entry->keyvals[entry->nkeyvals] = kv; +- grub_dprintf("blscfg", "new keyval at %p:%p:%p\n", entry->keyvals[entry->nkeyvals], k, v); ++ grub_dprintf("blscfg", "new keyval at %p:%s:%s\n", entry->keyvals[entry->nkeyvals], k, v); + entry->nkeyvals = new_n; + + return 0; +@@ -144,7 +142,6 @@ static void bls_free_entry(struct bls_entry *entry) + { + int i; + +- grub_dprintf("blscfg", "%s got here\n", __func__); + for (i = 0; i < entry->nkeyvals; i++) + { + struct keyval *kv = entry->keyvals[i]; +@@ -206,7 +203,7 @@ static int vercmp(const char * a, const char * b) + int isnum; + int ret = 0; + +- grub_dprintf("blscfg", "%s got here\n", __func__); ++ grub_dprintf("blscfg", "%s comparing %s and %s\n", __func__, a, b); + if (!grub_strcmp(a, b)) + return 0; + +@@ -682,7 +679,7 @@ static void create_entry (struct bls_entry *entry) + char **args = NULL; + + char *src = NULL; +- int i; ++ int i, index; + + grub_dprintf("blscfg", "%s got here\n", __func__); + clinux = bls_get_val (entry, "linux", NULL); +@@ -756,7 +753,8 @@ static void create_entry (struct bls_entry *entry) + GRUB_BOOT_DEVICE, clinux, options ? " " : "", options ? options : "", + initrd ? initrd : ""); + +- grub_normal_add_menu_entry (argc, argv, classes, id, users, hotkey, NULL, src, 0); ++ grub_normal_add_menu_entry (argc, argv, classes, id, users, hotkey, NULL, src, 0, &index); ++ grub_dprintf ("blscfg", "Added entry %d id:\"%s\"\n", index, id); + + finish: + grub_free (initrd); +diff --git a/grub-core/commands/legacycfg.c b/grub-core/commands/legacycfg.c +index b32f3c74c..f9d7627bd 100644 +--- a/grub-core/commands/legacycfg.c ++++ b/grub-core/commands/legacycfg.c +@@ -133,7 +133,7 @@ legacy_file (const char *filename) + args[0] = oldname; + grub_normal_add_menu_entry (1, args, NULL, NULL, "legacy", + NULL, NULL, +- entrysrc, 0); ++ entrysrc, 0, NULL); + grub_free (args); + entrysrc[0] = 0; + grub_free (oldname); +@@ -186,7 +186,7 @@ legacy_file (const char *filename) + } + args[0] = entryname; + grub_normal_add_menu_entry (1, args, NULL, NULL, NULL, +- NULL, NULL, entrysrc, 0); ++ NULL, NULL, entrysrc, 0, NULL); + grub_free (args); + } + +diff --git a/grub-core/commands/menuentry.c b/grub-core/commands/menuentry.c +index 2c5363da7..8d242b018 100644 +--- a/grub-core/commands/menuentry.c ++++ b/grub-core/commands/menuentry.c +@@ -78,7 +78,7 @@ grub_normal_add_menu_entry (int argc, const char **args, + char **classes, const char *id, + const char *users, const char *hotkey, + const char *prefix, const char *sourcecode, +- int submenu) ++ int submenu, int *index) + { + int menu_hotkey = 0; + char **menu_args = NULL; +@@ -149,9 +149,12 @@ grub_normal_add_menu_entry (int argc, const char **args, + if (! menu_title) + goto fail; + ++ grub_dprintf ("menu", "id:\"%s\"\n", id); ++ grub_dprintf ("menu", "title:\"%s\"\n", menu_title); + menu_id = grub_strdup (id ? : menu_title); + if (! menu_id) + goto fail; ++ grub_dprintf ("menu", "menu_id:\"%s\"\n", menu_id); + + /* Save argc, args to pass as parameters to block arg later. */ + menu_args = grub_malloc (sizeof (char*) * (argc + 1)); +@@ -170,8 +173,12 @@ grub_normal_add_menu_entry (int argc, const char **args, + } + + /* Add the menu entry at the end of the list. */ ++ int ind=0; + while (*last) +- last = &(*last)->next; ++ { ++ ind++; ++ last = &(*last)->next; ++ } + + *last = grub_zalloc (sizeof (**last)); + if (! *last) +@@ -190,6 +197,8 @@ grub_normal_add_menu_entry (int argc, const char **args, + (*last)->submenu = submenu; + + menu->size++; ++ if (index) ++ *index = ind; + return GRUB_ERR_NONE; + + fail: +@@ -286,7 +295,8 @@ grub_cmd_menuentry (grub_extcmd_context_t ctxt, int argc, char **args) + users, + ctxt->state[2].arg, 0, + ctxt->state[3].arg, +- ctxt->extcmd->cmd->name[0] == 's'); ++ ctxt->extcmd->cmd->name[0] == 's', ++ NULL); + + src = args[argc - 1]; + args[argc - 1] = NULL; +@@ -303,7 +313,7 @@ grub_cmd_menuentry (grub_extcmd_context_t ctxt, int argc, char **args) + ctxt->state[0].args, ctxt->state[4].arg, + users, + ctxt->state[2].arg, prefix, src + 1, +- ctxt->extcmd->cmd->name[0] == 's'); ++ ctxt->extcmd->cmd->name[0] == 's', NULL); + + src[len - 1] = ch; + args[argc - 1] = src; +diff --git a/include/grub/normal.h b/include/grub/normal.h +index 218cbabcc..cb9901f41 100644 +--- a/include/grub/normal.h ++++ b/include/grub/normal.h +@@ -145,7 +145,7 @@ grub_normal_add_menu_entry (int argc, const char **args, char **classes, + const char *id, + const char *users, const char *hotkey, + const char *prefix, const char *sourcecode, +- int submenu); ++ int submenu, int *index); + + grub_err_t + grub_normal_set_password (const char *user, const char *password); diff --git a/SOURCES/0245-Make-grub_strtoul-end-pointer-have-the-right-constif.patch b/SOURCES/0245-Make-grub_strtoul-end-pointer-have-the-right-constif.patch new file mode 100644 index 0000000..bd01a58 --- /dev/null +++ b/SOURCES/0245-Make-grub_strtoul-end-pointer-have-the-right-constif.patch @@ -0,0 +1,391 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Fri, 19 Oct 2018 13:41:48 -0400 +Subject: [PATCH] Make grub_strtoul "end" pointer have the right + constification. + +Related: rhbz#1640979 +Signed-off-by: Peter Jones +--- + grub-core/kern/fs.c | 2 +- + grub-core/kern/misc.c | 8 ++++---- + grub-core/kern/partition.c | 2 +- + grub-core/lib/legacy_parse.c | 2 +- + grub-core/lib/syslinux_parse.c | 6 +++--- + grub-core/loader/i386/xen_fileXX.c | 2 +- + grub-core/net/efi/ip4_config.c | 2 +- + grub-core/net/efi/ip6_config.c | 2 +- + grub-core/net/efi/net.c | 4 ++-- + grub-core/net/efi/pxe.c | 6 +++--- + grub-core/net/http.c | 4 ++-- + grub-core/net/net.c | 8 ++++---- + grub-core/net/url.c | 2 +- + grub-core/script/execute.c | 6 +++--- + grub-core/term/serial.c | 2 +- + grub-core/term/terminfo.c | 2 +- + grub-core/tests/strtoull_test.c | 2 +- + include/grub/misc.h | 6 +++--- + 18 files changed, 34 insertions(+), 34 deletions(-) + +diff --git a/grub-core/kern/fs.c b/grub-core/kern/fs.c +index 9085895b6..1bd748be8 100644 +--- a/grub-core/kern/fs.c ++++ b/grub-core/kern/fs.c +@@ -134,7 +134,7 @@ struct grub_fs_block + static grub_err_t + grub_fs_blocklist_open (grub_file_t file, const char *name) + { +- char *p = (char *) name; ++ const char *p = name; + unsigned num = 0; + unsigned i; + grub_disk_t disk = file->device->disk; +diff --git a/grub-core/kern/misc.c b/grub-core/kern/misc.c +index 5c3899f0e..aaae9aa0a 100644 +--- a/grub-core/kern/misc.c ++++ b/grub-core/kern/misc.c +@@ -383,7 +383,7 @@ grub_isspace (int c) + } + + unsigned long +-grub_strtoul (const char *str, char **end, int base) ++grub_strtoul (const char *str, const char ** const end, int base) + { + unsigned long long num; + +@@ -400,7 +400,7 @@ grub_strtoul (const char *str, char **end, int base) + } + + unsigned long long +-grub_strtoull (const char *str, char **end, int base) ++grub_strtoull (const char *str, const char ** const end, int base) + { + unsigned long long num = 0; + int found = 0; +@@ -901,14 +901,14 @@ grub_vsnprintf_real (char *str, grub_size_t max_len, const char *fmt0, + { + if (fmt[0] == '0') + zerofill = '0'; +- format1 = grub_strtoul (fmt, (char **) &fmt, 10); ++ format1 = grub_strtoul (fmt, &fmt, 10); + } + + if (*fmt == '.') + fmt++; + + if (grub_isdigit (*fmt)) +- format2 = grub_strtoul (fmt, (char **) &fmt, 10); ++ format2 = grub_strtoul (fmt, &fmt, 10); + + if (*fmt == '$') + { +diff --git a/grub-core/kern/partition.c b/grub-core/kern/partition.c +index e499147cb..2c401b866 100644 +--- a/grub-core/kern/partition.c ++++ b/grub-core/kern/partition.c +@@ -126,7 +126,7 @@ grub_partition_probe (struct grub_disk *disk, const char *str) + while (*ptr && grub_isalpha (*ptr)) + ptr++; + partname_end = ptr; +- num = grub_strtoul (ptr, (char **) &ptr, 0) - 1; ++ num = grub_strtoul (ptr, &ptr, 0) - 1; + + curpart = 0; + /* Use the first partition map type found. */ +diff --git a/grub-core/lib/legacy_parse.c b/grub-core/lib/legacy_parse.c +index ef56150ac..05719ab2c 100644 +--- a/grub-core/lib/legacy_parse.c ++++ b/grub-core/lib/legacy_parse.c +@@ -418,7 +418,7 @@ adjust_file (const char *in, grub_size_t len) + } + if (*comma != ',') + return grub_legacy_escape (in, len); +- part = grub_strtoull (comma + 1, (char **) &rest, 0); ++ part = grub_strtoull (comma + 1, &rest, 0); + if (rest[0] == ',' && rest[1] >= 'a' && rest[1] <= 'z') + { + subpart = rest[1] - 'a'; +diff --git a/grub-core/lib/syslinux_parse.c b/grub-core/lib/syslinux_parse.c +index 28ba3aef0..21ca040ad 100644 +--- a/grub-core/lib/syslinux_parse.c ++++ b/grub-core/lib/syslinux_parse.c +@@ -1058,7 +1058,7 @@ write_entry (struct output_buffer *outbuf, + if (ptr[0] == 'h' && ptr[1] == 'd') + { + is_fd = 0; +- devn = grub_strtoul (ptr + 2, &ptr, 0); ++ devn = grub_strtoul (ptr + 2, (const char **)&ptr, 0); + continue; + } + if (grub_strncasecmp (ptr, "file=", 5) == 0) +@@ -1082,12 +1082,12 @@ write_entry (struct output_buffer *outbuf, + if (ptr[0] == 'f' && ptr[1] == 'd') + { + is_fd = 1; +- devn = grub_strtoul (ptr + 2, &ptr, 0); ++ devn = grub_strtoul (ptr + 2, (const char **)&ptr, 0); + continue; + } + if (grub_isdigit (ptr[0])) + { +- part = grub_strtoul (ptr, &ptr, 0); ++ part = grub_strtoul (ptr, (const char **)&ptr, 0); + continue; + } + /* FIXME: isolinux, ntldr, cmldr, *dos, seg, hide +diff --git a/grub-core/loader/i386/xen_fileXX.c b/grub-core/loader/i386/xen_fileXX.c +index fb66e66fe..293f1ad5c 100644 +--- a/grub-core/loader/i386/xen_fileXX.c ++++ b/grub-core/loader/i386/xen_fileXX.c +@@ -25,7 +25,7 @@ parse_xen_guest (grub_elf_t elf, struct grub_xen_file_info *xi, + grub_off_t off, grub_size_t sz) + { + char *buf; +- char *ptr; ++ const char *ptr; + int has_paddr = 0; + + grub_errno = GRUB_ERR_NONE; +diff --git a/grub-core/net/efi/ip4_config.c b/grub-core/net/efi/ip4_config.c +index b711a5d94..38e2a0474 100644 +--- a/grub-core/net/efi/ip4_config.c ++++ b/grub-core/net/efi/ip4_config.c +@@ -62,7 +62,7 @@ grub_efi_string_to_ip4_address (const char *val, grub_efi_ipv4_address_t *addres + for (i = 0; i < 4; i++) + { + unsigned long t; +- t = grub_strtoul (ptr, (char **) &ptr, 0); ++ t = grub_strtoul (ptr, &ptr, 0); + if (grub_errno) + { + grub_errno = GRUB_ERR_NONE; +diff --git a/grub-core/net/efi/ip6_config.c b/grub-core/net/efi/ip6_config.c +index 017c4d05b..e0e00c23d 100644 +--- a/grub-core/net/efi/ip6_config.c ++++ b/grub-core/net/efi/ip6_config.c +@@ -84,7 +84,7 @@ grub_efi_string_to_ip6_address (const char *val, grub_efi_ipv6_address_t *addres + ptr++; + continue; + } +- t = grub_strtoul (ptr, (char **) &ptr, 16); ++ t = grub_strtoul (ptr, &ptr, 16); + if (grub_errno) + { + grub_errno = GRUB_ERR_NONE; +diff --git a/grub-core/net/efi/net.c b/grub-core/net/efi/net.c +index f208d1b18..4c70fc4da 100644 +--- a/grub-core/net/efi/net.c ++++ b/grub-core/net/efi/net.c +@@ -729,7 +729,7 @@ grub_efi_net_parse_address (const char *address, + { + grub_uint32_t subnet_mask_size; + +- subnet_mask_size = grub_strtoul (rest + 1, (char **) &rest, 0); ++ subnet_mask_size = grub_strtoul (rest + 1, &rest, 0); + + if (!grub_errno && subnet_mask_size <= 32 && *rest == 0) + { +@@ -758,7 +758,7 @@ grub_efi_net_parse_address (const char *address, + { + grub_efi_uint8_t prefix_length; + +- prefix_length = grub_strtoul (rest + 1, (char **) &rest, 0); ++ prefix_length = grub_strtoul (rest + 1, &rest, 0); + if (!grub_errno && prefix_length <= 128 && *rest == 0) + { + ip6->prefix_length = prefix_length; +diff --git a/grub-core/net/efi/pxe.c b/grub-core/net/efi/pxe.c +index 531949cba..73e2bb01c 100644 +--- a/grub-core/net/efi/pxe.c ++++ b/grub-core/net/efi/pxe.c +@@ -187,7 +187,7 @@ parse_ip6 (const char *val, grub_uint64_t *ip, const char **rest) + ptr++; + continue; + } +- t = grub_strtoul (ptr, (char **) &ptr, 16); ++ t = grub_strtoul (ptr, &ptr, 16); + if (grub_errno) + { + grub_errno = GRUB_ERR_NONE; +@@ -225,7 +225,7 @@ pxe_open (struct grub_efi_net_device *dev, + int type __attribute__((unused))) + { + int i; +- char *p; ++ const char *p; + grub_efi_status_t status; + grub_efi_pxe_ip_address_t server_ip; + grub_efi_uint64_t file_size = 0; +@@ -313,7 +313,7 @@ pxe_read (struct grub_efi_net_device *dev, + grub_size_t len) + { + int i; +- char *p; ++ const char *p; + grub_efi_status_t status; + grub_efi_pxe_t *pxe = (prefer_ip6) ? dev->ip6_pxe : dev->ip4_pxe; + grub_efi_uint64_t bufsz = len; +diff --git a/grub-core/net/http.c b/grub-core/net/http.c +index c9c59690a..b52b558d6 100644 +--- a/grub-core/net/http.c ++++ b/grub-core/net/http.c +@@ -110,7 +110,7 @@ parse_line (grub_file_t file, http_data_t data, char *ptr, grub_size_t len) + return GRUB_ERR_NONE; + } + ptr += sizeof ("HTTP/1.1 ") - 1; +- code = grub_strtoul (ptr, &ptr, 10); ++ code = grub_strtoul (ptr, (const char **)&ptr, 10); + if (grub_errno) + return grub_errno; + switch (code) +@@ -137,7 +137,7 @@ parse_line (grub_file_t file, http_data_t data, char *ptr, grub_size_t len) + == 0 && !data->size_recv) + { + ptr += sizeof ("Content-Length: ") - 1; +- file->size = grub_strtoull (ptr, &ptr, 10); ++ file->size = grub_strtoull (ptr, (const char **)&ptr, 10); + data->size_recv = 1; + return GRUB_ERR_NONE; + } +diff --git a/grub-core/net/net.c b/grub-core/net/net.c +index a571ee92e..a011b9401 100644 +--- a/grub-core/net/net.c ++++ b/grub-core/net/net.c +@@ -411,7 +411,7 @@ parse_ip (const char *val, grub_uint32_t *ip, const char **rest) + for (i = 0; i < 4; i++) + { + unsigned long t; +- t = grub_strtoul (ptr, (char **) &ptr, 0); ++ t = grub_strtoul (ptr, &ptr, 0); + if (grub_errno) + { + grub_errno = GRUB_ERR_NONE; +@@ -465,7 +465,7 @@ parse_ip6 (const char *val, grub_uint64_t *ip, const char **rest) + ptr++; + continue; + } +- t = grub_strtoul (ptr, (char **) &ptr, 16); ++ t = grub_strtoul (ptr, &ptr, 16); + if (grub_errno) + { + grub_errno = GRUB_ERR_NONE; +@@ -577,7 +577,7 @@ grub_net_resolve_net_address (const char *name, + addr->type = GRUB_NET_NETWORK_LEVEL_PROTOCOL_IPV4; + if (*rest == '/') + { +- addr->ipv4.masksize = grub_strtoul (rest + 1, (char **) &rest, 0); ++ addr->ipv4.masksize = grub_strtoul (rest + 1, &rest, 0); + if (!grub_errno && *rest == 0) + return GRUB_ERR_NONE; + grub_errno = GRUB_ERR_NONE; +@@ -593,7 +593,7 @@ grub_net_resolve_net_address (const char *name, + addr->type = GRUB_NET_NETWORK_LEVEL_PROTOCOL_IPV6; + if (*rest == '/') + { +- addr->ipv6.masksize = grub_strtoul (rest + 1, (char **) &rest, 0); ++ addr->ipv6.masksize = grub_strtoul (rest + 1, &rest, 0); + if (!grub_errno && *rest == 0) + return GRUB_ERR_NONE; + grub_errno = GRUB_ERR_NONE; +diff --git a/grub-core/net/url.c b/grub-core/net/url.c +index 146858284..d9d2fc9a9 100644 +--- a/grub-core/net/url.c ++++ b/grub-core/net/url.c +@@ -235,7 +235,7 @@ extract_http_url_info (char *url, int ssl, + c = *port_end; + *port_end = '\0'; + +- portul = grub_strtoul (port_off, &separator, 10); ++ portul = grub_strtoul (port_off, (const char **)&separator, 10); + *port_end = c; + #ifdef URL_TEST + if (portul == ULONG_MAX && errno == ERANGE) +diff --git a/grub-core/script/execute.c b/grub-core/script/execute.c +index 939657771..7d327f59d 100644 +--- a/grub-core/script/execute.c ++++ b/grub-core/script/execute.c +@@ -146,7 +146,7 @@ replace_scope (struct grub_script_scope *new_scope) + grub_err_t + grub_script_break (grub_command_t cmd, int argc, char *argv[]) + { +- char *p = 0; ++ const char *p = NULL; + unsigned long count; + + if (argc == 0) +@@ -178,7 +178,7 @@ grub_err_t + grub_script_shift (grub_command_t cmd __attribute__((unused)), + int argc, char *argv[]) + { +- char *p = 0; ++ const char *p = NULL; + unsigned long n = 0; + + if (! scope) +@@ -239,7 +239,7 @@ grub_err_t + grub_script_return (grub_command_t cmd __attribute__((unused)), + int argc, char *argv[]) + { +- char *p; ++ const char *p = NULL; + unsigned long n; + + if (! scope || argc > 1) +diff --git a/grub-core/term/serial.c b/grub-core/term/serial.c +index db80b3ba0..f9271b092 100644 +--- a/grub-core/term/serial.c ++++ b/grub-core/term/serial.c +@@ -269,7 +269,7 @@ grub_cmd_serial (grub_extcmd_context_t ctxt, int argc, char **args) + + if (state[OPTION_BASE_CLOCK].set) + { +- char *ptr; ++ const char *ptr; + config.base_clock = grub_strtoull (state[OPTION_BASE_CLOCK].arg, &ptr, 0); + if (grub_errno) + return grub_errno; +diff --git a/grub-core/term/terminfo.c b/grub-core/term/terminfo.c +index 29df35e6d..537a5c0cb 100644 +--- a/grub-core/term/terminfo.c ++++ b/grub-core/term/terminfo.c +@@ -737,7 +737,7 @@ grub_cmd_terminfo (grub_extcmd_context_t ctxt, int argc, char **args) + + if (state[OPTION_GEOMETRY].set) + { +- char *ptr = state[OPTION_GEOMETRY].arg; ++ const char *ptr = state[OPTION_GEOMETRY].arg; + w = grub_strtoul (ptr, &ptr, 0); + if (grub_errno) + return grub_errno; +diff --git a/grub-core/tests/strtoull_test.c b/grub-core/tests/strtoull_test.c +index 7da615ff3..5488ab26b 100644 +--- a/grub-core/tests/strtoull_test.c ++++ b/grub-core/tests/strtoull_test.c +@@ -25,7 +25,7 @@ static void + strtoull_testcase (const char *input, int base, unsigned long long expected, + int num_digits, grub_err_t error) + { +- char *output; ++ const char *output; + unsigned long long value; + grub_errno = 0; + value = grub_strtoull(input, &output, base); +diff --git a/include/grub/misc.h b/include/grub/misc.h +index de9016ab7..1258ec6bb 100644 +--- a/include/grub/misc.h ++++ b/include/grub/misc.h +@@ -288,11 +288,11 @@ grub_strncasecmp (const char *s1, const char *s2, grub_size_t n) + - (int) grub_tolower ((grub_uint8_t) *s2); + } + +-unsigned long EXPORT_FUNC(grub_strtoul) (const char *str, char **end, int base); +-unsigned long long EXPORT_FUNC(grub_strtoull) (const char *str, char **end, int base); ++unsigned long EXPORT_FUNC(grub_strtoul) (const char *str, const char ** const end, int base); ++unsigned long long EXPORT_FUNC(grub_strtoull) (const char *str, const char ** const end, int base); + + static inline long +-grub_strtol (const char *str, char **end, int base) ++grub_strtol (const char *str, const char ** const end, int base) + { + int negative = 0; + unsigned long long magnitude; diff --git a/SOURCES/0246-Fix-menu-entry-selection-based-on-ID-and-title.patch b/SOURCES/0246-Fix-menu-entry-selection-based-on-ID-and-title.patch new file mode 100644 index 0000000..dbb743a --- /dev/null +++ b/SOURCES/0246-Fix-menu-entry-selection-based-on-ID-and-title.patch @@ -0,0 +1,235 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Fri, 19 Oct 2018 10:57:52 -0400 +Subject: [PATCH] Fix menu entry selection based on ID and title + +Currently if grub_strtoul(saved_entry_value, NULL, 0) does not return an +error, we assume the value it has produced is a correct index into our +menu entry list, and do not try to interpret the value as the "id" or +"title" . In cases where "id" or "title" start with a numeral, this +makes them impossible to use as selection criteria. + +This patch splits the search into three phases - matching id, matching +title, and only once those have been exhausted, trying to interpret the +ID as a numeral. In that case, we also require that the entire string +is numeric, not merely a string with leading numeric characters. + +Resolves: rhbz#1640979 +--- + grub-core/normal/menu.c | 146 +++++++++++++++++++++++++----------------------- + 1 file changed, 75 insertions(+), 71 deletions(-) + +diff --git a/grub-core/normal/menu.c b/grub-core/normal/menu.c +index 6cb2a0714..95f7abaf2 100644 +--- a/grub-core/normal/menu.c ++++ b/grub-core/normal/menu.c +@@ -164,12 +164,12 @@ grub_menu_set_timeout (int timeout) + } + + static int +-menuentry_eq (const char *id, const char *spec) ++menuentry_eq (const char *id, const char *spec, int limit) + { + const char *ptr1, *ptr2; + ptr1 = id; + ptr2 = spec; +- while (1) ++ while (limit == -1 || ptr1 - id <= limit) + { + if (*ptr2 == '>' && ptr2[1] != '>' && *ptr1 == 0) + return ptr2 - spec; +@@ -178,7 +178,11 @@ menuentry_eq (const char *id, const char *spec) + if (*ptr2 == '>') + ptr2++; + if (*ptr1 != *ptr2) +- return 0; ++ { ++ if (limit > -1 && ptr1 - id == limit && !*ptr1 && grub_isspace(*ptr2)) ++ return ptr1 -id -1; ++ return 0; ++ } + if (*ptr1 == 0) + return ptr1 - id; + ptr1++; +@@ -187,6 +191,61 @@ menuentry_eq (const char *id, const char *spec) + return 0; + } + ++static int ++get_entry_number_helper(grub_menu_t menu, ++ const char * const val, const char ** const tail) ++{ ++ /* See if the variable matches the title of a menu entry. */ ++ int entry = -1; ++ grub_menu_entry_t e; ++ int i; ++ ++ for (i = 0, e = menu->entry_list; e; i++) ++ { ++ int l = 0; ++ while (val[l] && !grub_isspace(val[l])) ++ l++; ++ ++ if (menuentry_eq (e->id, val, l)) ++ { ++ if (tail) ++ *tail = val + l; ++ return i; ++ } ++ e = e->next; ++ } ++ ++ for (i = 0, e = menu->entry_list; e; i++) ++ { ++ int l = 0; ++ while (val[l] && !grub_isspace(val[l])) ++ l++; ++ ++ if (menuentry_eq (e->title, val, l)) ++ { ++ if (tail) ++ *tail = val + l; ++ return i; ++ } ++ e = e->next; ++ } ++ ++ if (tail) ++ *tail = NULL; ++ ++ entry = (int) grub_strtoul (val, tail, 0); ++ if (grub_errno == GRUB_ERR_BAD_NUMBER || ++ (*tail && **tail && !grub_isspace(**tail))) ++ { ++ entry = -1; ++ if (tail) ++ *tail = NULL; ++ grub_errno = GRUB_ERR_NONE; ++ } ++ ++ return entry; ++} ++ + /* Get the first entry number from the value of the environment variable NAME, + which is a space-separated list of non-negative integers. The entry number + which is returned is stripped from the value of NAME. If no entry number +@@ -195,9 +254,8 @@ static int + get_and_remove_first_entry_number (grub_menu_t menu, const char *name) + { + const char *val; +- char *tail; ++ const char *tail; + int entry; +- int sz = 0; + + val = grub_env_get (name); + if (! val) +@@ -205,50 +263,24 @@ get_and_remove_first_entry_number (grub_menu_t menu, const char *name) + + grub_error_push (); + +- entry = (int) grub_strtoul (val, &tail, 0); ++ entry = get_entry_number_helper(menu, val, &tail); ++ if (!(*tail == 0 || grub_isspace(*tail))) ++ entry = -1; + +- if (grub_errno == GRUB_ERR_BAD_NUMBER) ++ if (entry >= 0) + { +- /* See if the variable matches the title of a menu entry. */ +- grub_menu_entry_t e = menu->entry_list; +- int i; +- +- for (i = 0; e; i++) +- { +- sz = menuentry_eq (e->title, val); +- if (sz < 1) +- sz = menuentry_eq (e->id, val); +- +- if (sz >= 1) +- { +- entry = i; +- break; +- } +- e = e->next; +- } +- +- if (sz > 0) +- grub_errno = GRUB_ERR_NONE; +- +- if (! e) +- entry = -1; +- } +- +- if (grub_errno == GRUB_ERR_NONE) +- { +- if (sz > 0) +- tail += sz; +- + /* Skip whitespace to find the next entry. */ + while (*tail && grub_isspace (*tail)) + tail++; +- grub_env_set (name, tail); ++ if (*tail) ++ grub_env_set (name, tail); ++ else ++ grub_env_unset (name); + } + else + { + grub_env_unset (name); + grub_errno = GRUB_ERR_NONE; +- entry = -1; + } + + grub_error_pop (); +@@ -525,6 +557,7 @@ static int + get_entry_number (grub_menu_t menu, const char *name) + { + const char *val; ++ const char *tail; + int entry; + + val = grub_env_get (name); +@@ -532,38 +565,9 @@ get_entry_number (grub_menu_t menu, const char *name) + return -1; + + grub_error_push (); +- +- entry = (int) grub_strtoul (val, 0, 0); +- +- if (grub_errno == GRUB_ERR_BAD_NUMBER) +- { +- /* See if the variable matches the title of a menu entry. */ +- grub_menu_entry_t e = menu->entry_list; +- int i; +- +- grub_errno = GRUB_ERR_NONE; +- +- for (i = 0; e; i++) +- { +- if (menuentry_eq (e->title, val) +- || menuentry_eq (e->id, val)) +- { +- entry = i; +- break; +- } +- e = e->next; +- } +- +- if (! e) +- entry = -1; +- } +- +- if (grub_errno != GRUB_ERR_NONE) +- { +- grub_errno = GRUB_ERR_NONE; +- entry = -1; +- } +- ++ entry = get_entry_number_helper(menu, val, &tail); ++ if (*tail != '\0') ++ entry = -1; + grub_error_pop (); + + return entry; diff --git a/SOURCES/0247-Remove-quotes-when-reading-ID-value-from-etc-os-rele.patch b/SOURCES/0247-Remove-quotes-when-reading-ID-value-from-etc-os-rele.patch new file mode 100644 index 0000000..3ac9f21 --- /dev/null +++ b/SOURCES/0247-Remove-quotes-when-reading-ID-value-from-etc-os-rele.patch @@ -0,0 +1,46 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Wed, 21 Nov 2018 15:37:32 +0100 +Subject: [PATCH] Remove quotes when reading ID value from /etc/os-release + +The field is used to obtain the path to the GRUB directory in the ESP for +UEFI installs. But in some OS the ID value is quoted, which leads to some +of the scripts to fail: + + $ grub2-setpassword + /boot/efi/EFI/"redhat"/ does not exist. + Usage: /usr/sbin/grub2-setpassword [OPTION] + +Related: rhbz#1650706 + +Signed-off-by: Javier Martinez Canillas +--- + util/grub-set-password.in | 2 +- + util/grub-switch-to-blscfg.in | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/util/grub-set-password.in b/util/grub-set-password.in +index 5ebf50576..c0b5ebbfd 100644 +--- a/util/grub-set-password.in ++++ b/util/grub-set-password.in +@@ -1,6 +1,6 @@ + #!/bin/sh -e + +-EFIDIR=$(grep ^ID= /etc/os-release | sed -e 's/^ID=//' -e 's/rhel/redhat/') ++EFIDIR=$(grep ^ID= /etc/os-release | sed -e 's/^ID=//' -e 's/rhel/redhat/' -e 's/\"//g') + if [ -d /sys/firmware/efi/efivars/ ]; then + grubdir=`echo "/@bootdirname@/efi/EFI/${EFIDIR}/" | sed 's,//*,/,g'` + else +diff --git a/util/grub-switch-to-blscfg.in b/util/grub-switch-to-blscfg.in +index 60cd6ca63..d353370cc 100644 +--- a/util/grub-switch-to-blscfg.in ++++ b/util/grub-switch-to-blscfg.in +@@ -40,7 +40,7 @@ etcdefaultgrub=/etc/default/grub + + eval "$("${grub_get_kernel_settings}")" || true + +-EFIDIR=$(grep ^ID= /etc/os-release | sed -e 's/^ID=//' -e 's/rhel/redhat/') ++EFIDIR=$(grep ^ID= /etc/os-release | sed -e 's/^ID=//' -e 's/rhel/redhat/' -e 's/\"//g') + if [ -d /sys/firmware/efi/efivars/ ]; then + startlink=/etc/grub2-efi.cfg + grubdir=`echo "/@bootdirname@/efi/EFI/${EFIDIR}/" | sed 's,//*,/,g'` diff --git a/SOURCES/0248-blscfg-expand-grub_users-before-passing-to-grub_norm.patch b/SOURCES/0248-blscfg-expand-grub_users-before-passing-to-grub_norm.patch new file mode 100644 index 0000000..be1309b --- /dev/null +++ b/SOURCES/0248-blscfg-expand-grub_users-before-passing-to-grub_norm.patch @@ -0,0 +1,38 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Wed, 21 Nov 2018 15:38:50 +0100 +Subject: [PATCH] blscfg: expand grub_users before passing to + grub_normal_add_menu_entry() + +The "grub_users" field from the BLS snippet file is used to specifcy the +users that are allowed to execute a given menu entry if the "superusers" +environment variable is set. + +If the "grub_users" isn't set, the menu entry is unrestricted and it can +be executed without any authentication and if is set then only the users +defined in "grub_users" can execute the menu entry after authentication. + +But this field can contain an environment variable so has to be expanded +or otherwise grub2 will wrongly assume that the user is "$var", and will +populate a menu entry that it's resctrited even when "$var" isn't set. + +Resolves: rhbz#1650706 + +Signed-off-by: Javier Martinez Canillas +--- + grub-core/commands/blscfg.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/grub-core/commands/blscfg.c b/grub-core/commands/blscfg.c +index 42892cbfd..c432c6ba2 100644 +--- a/grub-core/commands/blscfg.c ++++ b/grub-core/commands/blscfg.c +@@ -704,7 +704,7 @@ static void create_entry (struct bls_entry *entry) + initrds = bls_make_list (entry, "initrd", NULL); + + hotkey = bls_get_val (entry, "grub_hotkey", NULL); +- users = bls_get_val (entry, "grub_users", NULL); ++ users = expand_val (bls_get_val (entry, "grub_users", NULL)); + classes = bls_make_list (entry, "grub_class", NULL); + args = bls_make_list (entry, "grub_arg", &argc); + diff --git a/SOURCES/0249-Make-the-menu-entry-users-option-argument-to-be-opti.patch b/SOURCES/0249-Make-the-menu-entry-users-option-argument-to-be-opti.patch new file mode 100644 index 0000000..f202d19 --- /dev/null +++ b/SOURCES/0249-Make-the-menu-entry-users-option-argument-to-be-opti.patch @@ -0,0 +1,46 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Mon, 26 Nov 2018 10:06:42 +0100 +Subject: [PATCH] Make the menu entry users option argument to be optional + +The --users option is used to restrict the access to specific menu entries +only to a set of users. But the option requires an argument to either be a +constant or a variable that has been set. So for example the following: + + menuentry "May be run by superusers or users in $users" --users $users { + linux /vmlinuz + } + +Would fail if $users is not defined and grub would discard the menu entry. +Instead, allow the --users option to have an optional argument and ignore +the option if the argument was not set. + +Related: rhbz#1652434 + +Signed-off-by: Javier Martinez Canillas +--- + grub-core/commands/menuentry.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/grub-core/commands/menuentry.c b/grub-core/commands/menuentry.c +index 8d242b018..7004e08ce 100644 +--- a/grub-core/commands/menuentry.c ++++ b/grub-core/commands/menuentry.c +@@ -29,7 +29,7 @@ static const struct grub_arg_option options[] = + { + {"class", 1, GRUB_ARG_OPTION_REPEATABLE, + N_("Menu entry type."), N_("STRING"), ARG_TYPE_STRING}, +- {"users", 2, 0, ++ {"users", 2, GRUB_ARG_OPTION_OPTIONAL, + N_("List of users allowed to boot this entry."), N_("USERNAME[,USERNAME]"), + ARG_TYPE_STRING}, + {"hotkey", 3, 0, +@@ -280,7 +280,7 @@ grub_cmd_menuentry (grub_extcmd_context_t ctxt, int argc, char **args) + if (! ctxt->state[3].set && ! ctxt->script) + return grub_error (GRUB_ERR_BAD_ARGUMENT, "no menuentry definition"); + +- if (ctxt->state[1].set) ++ if (ctxt->state[1].set && ctxt->state[1].arg) + users = ctxt->state[1].arg; + else if (ctxt->state[5].set) + users = NULL; diff --git a/SOURCES/0250-10_linux_bls-add-missing-menu-entries-options.patch b/SOURCES/0250-10_linux_bls-add-missing-menu-entries-options.patch new file mode 100644 index 0000000..f7ff60d --- /dev/null +++ b/SOURCES/0250-10_linux_bls-add-missing-menu-entries-options.patch @@ -0,0 +1,56 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Thu, 22 Nov 2018 16:12:19 +0100 +Subject: [PATCH] 10_linux_bls: add missing menu entries options + +The script that generates menu entries in the grub.cfg from BLS snippets +wasn't filling some important options, like the --id, --class and --user +if these were defined in the BLS. + +Resolves: rhbz#1652434 + +Signed-off-by: Javier Martinez Canillas +--- + util/grub.d/10_linux_bls.in | 15 ++++++++++++++- + 1 file changed, 14 insertions(+), 1 deletion(-) + +diff --git a/util/grub.d/10_linux_bls.in b/util/grub.d/10_linux_bls.in +index 8745e598d..8cff4c58a 100644 +--- a/util/grub.d/10_linux_bls.in ++++ b/util/grub.d/10_linux_bls.in +@@ -127,6 +127,9 @@ read_config() + initrd="" + options="" + linux="" ++ grub_users="" ++ grub_arg="" ++ grub_class="" + + while read -r line + do +@@ -145,6 +148,15 @@ read_config() + "options") + options=${value} + ;; ++ "grub_users") ++ grub_users=${value} ++ ;; ++ "grub_arg") ++ grub_arg=${value} ++ ;; ++ "grub_class") ++ grub_class=${value} ++ ;; + esac + done < ${config_file} + } +@@ -167,7 +179,8 @@ populate_menu() + + for bls in "${files[@]}" ; do + read_config "${blsdir}/${bls}.conf" +- menu="${menu}menuentry '${title}' {\n" ++ ++ menu="${menu}menuentry '${title}' --class ${grub_class} ${grub_arg} --users ${grub_users} --id ${bls} {\n" + menu="${menu}\t linux ${linux} ${options}\n" + if [ -n "${initrd}" ] ; then + menu="${menu}\t initrd ${boot_prefix}${initrd}\n" diff --git a/SOURCES/0251-Fix-menu-entry-selection-based-on-title.patch b/SOURCES/0251-Fix-menu-entry-selection-based-on-title.patch new file mode 100644 index 0000000..9b3fa89 --- /dev/null +++ b/SOURCES/0251-Fix-menu-entry-selection-based-on-title.patch @@ -0,0 +1,41 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Fri, 30 Nov 2018 16:39:09 +0100 +Subject: [PATCH] Fix menu entry selection based on title + +The get_entry_number_helper() function assumes that there could be a set +of entries identifiers in a variable (i.e: as used in the fallback case) +so iterates over the string until it finds a space to get the first id. + +But this should only be done for indexes or entries id, since the title +can contain spaces. In the case of title, the complete string should be +used to select a given entry. + +Resolves: rhbz#1654936 + +Signed-off-by: Javier Martinez Canillas +--- + grub-core/normal/menu.c | 7 ++----- + 1 file changed, 2 insertions(+), 5 deletions(-) + +diff --git a/grub-core/normal/menu.c b/grub-core/normal/menu.c +index 95f7abaf2..fc25c702f 100644 +--- a/grub-core/normal/menu.c ++++ b/grub-core/normal/menu.c +@@ -217,14 +217,11 @@ get_entry_number_helper(grub_menu_t menu, + + for (i = 0, e = menu->entry_list; e; i++) + { +- int l = 0; +- while (val[l] && !grub_isspace(val[l])) +- l++; + +- if (menuentry_eq (e->title, val, l)) ++ if (menuentry_eq (e->title, val, -1)) + { + if (tail) +- *tail = val + l; ++ *tail = NULL; + return i; + } + e = e->next; diff --git a/SOURCES/0252-BLS-files-should-only-be-copied-by-grub-switch-to-bl.patch b/SOURCES/0252-BLS-files-should-only-be-copied-by-grub-switch-to-bl.patch new file mode 100644 index 0000000..fbfa6eb --- /dev/null +++ b/SOURCES/0252-BLS-files-should-only-be-copied-by-grub-switch-to-bl.patch @@ -0,0 +1,120 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Tue, 4 Dec 2018 10:48:45 +0100 +Subject: [PATCH] BLS files should only be copied by grub-switch-to-blscfg if + BLS isn't set + +Currently the grub-switch-to-blscfg script doesn't update the grub.cfg if +GRUB_ENABLE_BLSCFG=true is already set in /etc/default/grub. But it still +copies the BLS files which may overwrite fields modified by the user. + +Related: rhbz#1638117 + +Signed-off-by: Javier Martinez Canillas +--- + util/grub-switch-to-blscfg.in | 80 +++++++++++++++++++++++-------------------- + 1 file changed, 42 insertions(+), 38 deletions(-) + +diff --git a/util/grub-switch-to-blscfg.in b/util/grub-switch-to-blscfg.in +index d353370cc..eeea13077 100644 +--- a/util/grub-switch-to-blscfg.in ++++ b/util/grub-switch-to-blscfg.in +@@ -220,49 +220,51 @@ EOF + ) | cat + } + +-for kernelver in $(cd /lib/modules/ ; ls -1) "" ; do +- bls_target="${blsdir}/${MACHINE_ID}-${kernelver}.conf" +- linux="/vmlinuz-${kernelver}" +- linux_path="/boot${linux}" +- kernel_dir="/lib/modules/${kernelver}" ++copy_bls() { ++ for kernelver in $(cd /lib/modules/ ; ls -1) "" ; do ++ bls_target="${blsdir}/${MACHINE_ID}-${kernelver}.conf" ++ linux="/vmlinuz-${kernelver}" ++ linux_path="/boot${linux}" ++ kernel_dir="/lib/modules/${kernelver}" + +- if [ ! -d "${kernel_dir}" ] ; then +- continue +- fi +- if [ ! -f "${linux_path}" ]; then +- continue +- fi ++ if [ ! -d "${kernel_dir}" ] ; then ++ continue ++ fi ++ if [ ! -f "${linux_path}" ]; then ++ continue ++ fi + +- linux_relpath="$("${grub_mkrelpath}" "${linux_path}")" +- bootprefix="${linux_relpath%%"${linux}"}" ++ linux_relpath="$("${grub_mkrelpath}" "${linux_path}")" ++ bootprefix="${linux_relpath%%"${linux}"}" + +- if [ -f "${kernel_dir}/bls.conf" ] ; then +- cp -af "${kernel_dir}/bls.conf" "${bls_target}" +- if [ -n "${bootprefix}" ]; then +- sed -i -e "s,^\(linux[^ \t]*[ \t]\+\).*,\1${bootprefix}${linux},g" "${bls_target}" +- sed -i -e "/^initrd/ s,\([ \t]\+\)\([^ \t]\+\),\1${bootprefix}\2,g" "${bls_target}" +- fi +- else +- mkbls "${kernelver}" \ +- "$(date -u +%Y%m%d%H%M%S -d "$(stat -c '%y' "${kernel_dir}")")" \ +- "${bootprefix}" \ +- >"${bls_target}" +- fi ++ if [ -f "${kernel_dir}/bls.conf" ] ; then ++ cp -af "${kernel_dir}/bls.conf" "${bls_target}" ++ if [ -n "${bootprefix}" ]; then ++ sed -i -e "s,^\(linux[^ \t]*[ \t]\+\).*,\1${bootprefix}${linux},g" "${bls_target}" ++ sed -i -e "/^initrd/ s,\([ \t]\+\)\([^ \t]\+\),\1${bootprefix}\2,g" "${bls_target}" ++ fi ++ else ++ mkbls "${kernelver}" \ ++ "$(date -u +%Y%m%d%H%M%S -d "$(stat -c '%y' "${kernel_dir}")")" \ ++ "${bootprefix}" \ ++ >"${bls_target}" ++ fi + +- if [ "x$GRUB_LINUX_MAKE_DEBUG" = "xtrue" ]; then +- bls_debug="$(echo ${bls_target} | sed -e "s/${kernelver}/${kernelver}~debug/")" +- cp -aT "${bls_target}" "${bls_debug}" +- title="$(grep '^title[ \t]' "${bls_debug}" | sed -e 's/^title[ \t]*//')" +- blsid="$(grep '^id[ \t]' "${bls_debug}" | sed -e "s/\.${ARCH}/-debug.${arch}/")" +- sed -i -e "s/^title.*/title ${title}${GRUB_LINUX_DEBUG_TITLE_POSTFIX}/" "${bls_debug}" +- sed -i -e "s/^id.*/${blsid}/" "${bls_debug}" +- sed -i -e "s/^options.*/options \$kernelopts ${GRUB_CMDLINE_LINUX_DEBUG}/" "${bls_debug}" +- fi +-done ++ if [ "x$GRUB_LINUX_MAKE_DEBUG" = "xtrue" ]; then ++ bls_debug="$(echo ${bls_target} | sed -e "s/${kernelver}/${kernelver}~debug/")" ++ cp -aT "${bls_target}" "${bls_debug}" ++ title="$(grep '^title[ \t]' "${bls_debug}" | sed -e 's/^title[ \t]*//')" ++ blsid="$(grep '^id[ \t]' "${bls_debug}" | sed -e "s/\.${ARCH}/-debug.${arch}/")" ++ sed -i -e "s/^title.*/title ${title}${GRUB_LINUX_DEBUG_TITLE_POSTFIX}/" "${bls_debug}" ++ sed -i -e "s/^id.*/${blsid}/" "${bls_debug}" ++ sed -i -e "s/^options.*/options \$kernelopts ${GRUB_CMDLINE_LINUX_DEBUG}/" "${bls_debug}" ++ fi ++ done + +-if [ -f "/boot/vmlinuz-0-rescue-${MACHINE_ID}" ]; then +- mkbls "0-rescue-${MACHINE_ID}" "0" "${bootprefix}" >"${blsdir}/${MACHINE_ID}-0-rescue.conf" +-fi ++ if [ -f "/boot/vmlinuz-0-rescue-${MACHINE_ID}" ]; then ++ mkbls "0-rescue-${MACHINE_ID}" "0" "${bootprefix}" >"${blsdir}/${MACHINE_ID}-0-rescue.conf" ++ fi ++} + + GENERATE=0 + if grep '^GRUB_ENABLE_BLSCFG=.*' "${etcdefaultgrub}" \ +@@ -283,6 +285,8 @@ elif ! grep -q '^GRUB_ENABLE_BLSCFG=.*' "${etcdefaultgrub}" ; then + fi + + if [ "${GENERATE}" -eq 1 ] ; then ++ copy_bls ++ + if [ $arch = "x86_64" ] && [ ! -d /sys/firmware/efi ]; then + if ! cp ${prefix}/lib/grub//i386-pc/blscfg.mod ${grubdir}/i386-pc/ ; then + exit 1 diff --git a/SOURCES/0253-Fix-get_entry_number-wrongly-dereferencing-the-tail-.patch b/SOURCES/0253-Fix-get_entry_number-wrongly-dereferencing-the-tail-.patch new file mode 100644 index 0000000..e246bfa --- /dev/null +++ b/SOURCES/0253-Fix-get_entry_number-wrongly-dereferencing-the-tail-.patch @@ -0,0 +1,34 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Tue, 4 Dec 2018 10:53:49 +0100 +Subject: [PATCH] Fix get_entry_number() wrongly dereferencing the tail pointer + +The get_entry_number_helper() function attempts to lookup a boot entry by +either title or id matching the value of an environment variable. If they +are a substring of the variable, the tail pointer is set to the first char +of the remainder of the string. + +When get_entry_number() calls this function, it checks if this first char +is a NUL byte, to know if the variable matched correctly. But tail can be +set to NULL as well to indicate that there isn't a remainder in the string. + +Resolves: rhbz#1654936 + +Signed-off-by: Javier Martinez Canillas +--- + grub-core/normal/menu.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/grub-core/normal/menu.c b/grub-core/normal/menu.c +index fc25c702f..7e32c498a 100644 +--- a/grub-core/normal/menu.c ++++ b/grub-core/normal/menu.c +@@ -563,7 +563,7 @@ get_entry_number (grub_menu_t menu, const char *name) + + grub_error_push (); + entry = get_entry_number_helper(menu, val, &tail); +- if (*tail != '\0') ++ if (tail && *tail != '\0') + entry = -1; + grub_error_pop (); + diff --git a/SOURCES/0254-Make-grub2-mkconfig-to-honour-GRUB_CMDLINE_LINUX-in-.patch b/SOURCES/0254-Make-grub2-mkconfig-to-honour-GRUB_CMDLINE_LINUX-in-.patch new file mode 100644 index 0000000..c3161cc --- /dev/null +++ b/SOURCES/0254-Make-grub2-mkconfig-to-honour-GRUB_CMDLINE_LINUX-in-.patch @@ -0,0 +1,99 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Mon, 10 Dec 2018 13:11:58 +0100 +Subject: [PATCH] Make grub2-mkconfig to honour GRUB_CMDLINE_LINUX in + /etc/default/grub + +The kernelopts grub environment variable is set with the GRUB_CMDLINE_LINUX +value only if wasn't set before. This is because the kernel cmdline params +of the entries are not in the grub.cfg anymore so grub2-mkconfig shouldn't +have side effects on neither the entries nor their kernel cmdline params. + +But there's a lot of documentation pointing at modifying GRUB_CMDLINE_LINUX +to change the kernel cmdline params and users have built a muscle memory on +it, so the BLS support should be compatible. + +Make the grub2-mkconfig script update the $kernelopts environment variable +unless the --no-grubenv-update option is used. + +Resolves: rhbz#1637875 + +Signed-off-by: Javier Martinez Canillas +--- + util/grub-mkconfig.8 | 4 ++++ + util/grub-mkconfig.in | 6 ++++++ + util/grub.d/10_linux.in | 2 +- + util/grub.d/10_linux_bls.in | 2 +- + 4 files changed, 12 insertions(+), 2 deletions(-) + +diff --git a/util/grub-mkconfig.8 b/util/grub-mkconfig.8 +index a2d1f577b..434fa4ded 100644 +--- a/util/grub-mkconfig.8 ++++ b/util/grub-mkconfig.8 +@@ -13,5 +13,9 @@ + \fB--output\fR=\fIFILE\fR + Write generated output to \fIFILE\fR. + ++.TP ++\fB--no-grubenv-update\fR ++Do not update variables in the grubenv file. ++ + .SH SEE ALSO + .BR "info grub" +diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in +index c20171919..5e643e169 100644 +--- a/util/grub-mkconfig.in ++++ b/util/grub-mkconfig.in +@@ -50,6 +50,8 @@ grub_get_kernel_settings="${sbindir}/@grub_get_kernel_settings@" + export TEXTDOMAIN=@PACKAGE@ + export TEXTDOMAINDIR="@localedir@" + ++export GRUB_GRUBENV_UPDATE="yes" ++ + . "${pkgdatadir}/grub-mkconfig_lib" + + # Usage: usage +@@ -59,6 +61,7 @@ usage () { + gettext "Generate a grub config file"; echo + echo + print_option_help "-o, --output=$(gettext FILE)" "$(gettext "output generated config to FILE [default=stdout]")" ++ print_option_help "--no-grubenv-update" "$(gettext "do not update variables in the grubenv file")" + print_option_help "-h, --help" "$(gettext "print this message and exit")" + print_option_help "-v, --version" "$(gettext "print the version information and exit")" + echo +@@ -94,6 +97,9 @@ do + --output=*) + grub_cfg=`echo "$option" | sed 's/--output=//'` + ;; ++ --no-grubenv-update) ++ GRUB_GRUBENV_UPDATE="no" ++ ;; + -*) + gettext_printf "Unrecognized option \`%s'\n" "$option" 1>&2 + usage +diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in +index b54d2774a..da2992ac9 100644 +--- a/util/grub.d/10_linux.in ++++ b/util/grub.d/10_linux.in +@@ -165,7 +165,7 @@ if [ -s \$prefix/grubenv ]; then + fi + EOF + +- if ! grub2-editenv - list | grep -q kernelopts; then ++ if [ "x${GRUB_GRUBENV_UPDATE}" = "xyes" ]; then + ${grub_editenv} - set kernelopts="root=${linux_root_device_thisversion} ro ${args}" + fi + +diff --git a/util/grub.d/10_linux_bls.in b/util/grub.d/10_linux_bls.in +index 8cff4c58a..175bedd07 100644 +--- a/util/grub.d/10_linux_bls.in ++++ b/util/grub.d/10_linux_bls.in +@@ -225,7 +225,7 @@ linux_entry () + populate_header_warn + populate_menu + +- if ! grub2-editenv - list | grep -q kernelopts; then ++ if [ "x${GRUB_GRUBENV_UPDATE}" = "xyes" ]; then + ${grub_editenv} - set kernelopts="root=${linux_root_device_thisversion} ro ${args}" + fi + diff --git a/SOURCES/0255-grub-boot-success.timer-Add-a-few-Conditions-for-run.patch b/SOURCES/0255-grub-boot-success.timer-Add-a-few-Conditions-for-run.patch new file mode 100644 index 0000000..4040198 --- /dev/null +++ b/SOURCES/0255-grub-boot-success.timer-Add-a-few-Conditions-for-run.patch @@ -0,0 +1,35 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Hans de Goede +Date: Mon, 3 Sep 2018 13:01:58 +0200 +Subject: [PATCH] grub-boot-success.timer: Add a few Conditions for running the + timer + +Add 2 Conditions for running the boot-success timer / service: + +1) Do not run it for system users, this fixes errors about gdm not being +allowed to use pkexec when the greeter session lasts for more then 2 minutes: +https://bugzilla.redhat.com/show_bug.cgi?id=1592201#c6 + +2) Do not run the timer when pkexec is not available (on minimal installs) +since then it will just lead to a bunch of errors without doing anything: +https://bugzilla.redhat.com/show_bug.cgi?id=1619445 + +Signed-off-by: Hans de Goede +[rharwood: rebase fuzz around boot-succes timer commit] +Signed-off-by: Robbie Harwood +--- + docs/grub-boot-success.timer | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/docs/grub-boot-success.timer b/docs/grub-boot-success.timer +index 406f17200..51d1eb238 100644 +--- a/docs/grub-boot-success.timer ++++ b/docs/grub-boot-success.timer +@@ -2,6 +2,7 @@ + Description=Mark boot as successful after the user session has run 2 minutes + ConditionUser=!@system + ConditionVirtualization=!container ++ConditionPathExists=/usr/bin/pkexec + + [Timer] + OnActiveSec=2min diff --git a/SOURCES/0256-docs-Stop-using-polkit-pkexec-for-grub-boot-success..patch b/SOURCES/0256-docs-Stop-using-polkit-pkexec-for-grub-boot-success..patch new file mode 100644 index 0000000..a457c3b --- /dev/null +++ b/SOURCES/0256-docs-Stop-using-polkit-pkexec-for-grub-boot-success..patch @@ -0,0 +1,32 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Hans de Goede +Date: Fri, 14 Sep 2018 16:39:40 +0200 +Subject: [PATCH] docs: Stop using polkit / pkexec for grub-boot-success.timer + / service + +We also want to call grub2-set-bootflag under gdm and pkexec does not +work under gdm because the gdm user has /sbin/nologin as shell. + +So instead we are going to install grub2-set-bootflag as suid root, +grub2-set-bootflag was written with this usage in mind, so is safe +to be made suid root. + +Signed-off-by: Hans de Goede +[rharwood: rebase fuzz around container] +Signed-off-by: Robbie Harwood +--- + docs/grub-boot-success.timer | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/docs/grub-boot-success.timer b/docs/grub-boot-success.timer +index 51d1eb238..406f17200 100644 +--- a/docs/grub-boot-success.timer ++++ b/docs/grub-boot-success.timer +@@ -2,7 +2,6 @@ + Description=Mark boot as successful after the user session has run 2 minutes + ConditionUser=!@system + ConditionVirtualization=!container +-ConditionPathExists=/usr/bin/pkexec + + [Timer] + OnActiveSec=2min diff --git a/SOURCES/0257-Fix-the-looking-up-grub.cfg-XXX-while-tftp-booting.patch b/SOURCES/0257-Fix-the-looking-up-grub.cfg-XXX-while-tftp-booting.patch new file mode 100644 index 0000000..bdf0d9b --- /dev/null +++ b/SOURCES/0257-Fix-the-looking-up-grub.cfg-XXX-while-tftp-booting.patch @@ -0,0 +1,42 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Masayoshi Mizuma +Date: Tue, 18 Dec 2018 21:27:45 -0500 +Subject: [PATCH] Fix the looking up grub.cfg-XXX while tftp booting. + +Currently, grub doesn't look up grub.cfg-UUID, grub.cfg-MAC and grub.cfg-IP +while the boot is from tftp. That is because the uuid size is got by +grub_snprintf(, 0, ,), but the grub_snprintf() always returns 0, +so grub judges there's no available uuid in the client and give up +the looking up grub.cfg-XXX. + +This issue can be fixed by changing grub_snprintf(, 0, ,) behaivior +to like as snprintf() from glibc, however, somewhere may expect +such argument as the error, so it's risky. + +Let's use sizeof() and grub_strlen() to calculate the uuid size +instead of grub_snprintf(). + +Resolves: rhbz#1658500 +--- + grub-core/net/net.c | 8 +++----- + 1 file changed, 3 insertions(+), 5 deletions(-) + +diff --git a/grub-core/net/net.c b/grub-core/net/net.c +index a011b9401..19ff2d486 100644 +--- a/grub-core/net/net.c ++++ b/grub-core/net/net.c +@@ -1942,11 +1942,9 @@ grub_net_search_configfile (char *config) + char *client_uuid_var; + grub_size_t client_uuid_var_size; + +- client_uuid_var_size = grub_snprintf (NULL, 0, +- "net_%s_clientuuid", inf->name); +- if (client_uuid_var_size <= 0) +- continue; +- client_uuid_var_size += 1; ++ client_uuid_var_size = sizeof ("net_") + grub_strlen (inf->name) + ++ sizeof ("_clientuuid") + 1; ++ + client_uuid_var = grub_malloc(client_uuid_var_size); + if (!client_uuid_var) + continue; diff --git a/SOURCES/0258-HTTP-boot-strncmp-returns-0-on-equal.patch b/SOURCES/0258-HTTP-boot-strncmp-returns-0-on-equal.patch new file mode 100644 index 0000000..c559347 --- /dev/null +++ b/SOURCES/0258-HTTP-boot-strncmp-returns-0-on-equal.patch @@ -0,0 +1,23 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Stephen Benjamin +Date: Fri, 12 Apr 2019 10:43:13 -0400 +Subject: [PATCH] HTTP boot: strncmp returns 0 on equal + +Resolves: rhbz#1490991 +--- + grub-core/net/efi/http.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/grub-core/net/efi/http.c b/grub-core/net/efi/http.c +index 2a9624dac..484e0c68c 100644 +--- a/grub-core/net/efi/http.c ++++ b/grub-core/net/efi/http.c +@@ -19,7 +19,7 @@ http_configure (struct grub_efi_net_device *dev, int prefer_ip6) + const char *rest, *http_server, *http_path = NULL; + + http_server = grub_env_get ("root"); +- https = grub_strncmp (http_server, "https", 5) ? 1 : 0; ++ https = (grub_strncmp (http_server, "https", 5) == 0) ? 1 : 0; + + /* extract http server + port */ + if (http_server) diff --git a/SOURCES/0259-Don-t-duplicate-net-name-string-if-not-needed.patch b/SOURCES/0259-Don-t-duplicate-net-name-string-if-not-needed.patch new file mode 100644 index 0000000..4322c8a --- /dev/null +++ b/SOURCES/0259-Don-t-duplicate-net-name-string-if-not-needed.patch @@ -0,0 +1,53 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Thu, 25 Apr 2019 17:50:23 +0200 +Subject: [PATCH] Don't duplicate net->name string if not needed + +Related: rhbz#1490991 + +Signed-off-by: Javier Martinez Canillas +--- + grub-core/net/efi/http.c | 18 +++++++++--------- + 1 file changed, 9 insertions(+), 9 deletions(-) + +diff --git a/grub-core/net/efi/http.c b/grub-core/net/efi/http.c +index 484e0c68c..de351b2cd 100644 +--- a/grub-core/net/efi/http.c ++++ b/grub-core/net/efi/http.c +@@ -394,27 +394,27 @@ grub_efihttp_open (struct grub_efi_net_device *dev, + grub_err_t err; + grub_off_t size; + char *buf; +- char *file_name; ++ char *file_name = NULL; + const char *http_path; + + /* If path is relative, prepend http_path */ + http_path = grub_env_get ("http_path"); +- if (http_path && file->device->net->name[0] != '/') ++ if (http_path && file->device->net->name[0] != '/') { + file_name = grub_xasprintf ("%s/%s", http_path, file->device->net->name); +- else +- file_name = grub_strdup (file->device->net->name); ++ if (!file_name) ++ return grub_errno; ++ } + +- if (!file_name) +- return grub_errno; +- +- err = efihttp_request (dev->http, file->device->net->server, file_name, type, 1, 0); ++ err = efihttp_request (dev->http, file->device->net->server, ++ file_name ? file_name : file->device->net->name, type, 1, 0); + if (err != GRUB_ERR_NONE) + { + grub_free (file_name); + return err; + } + +- err = efihttp_request (dev->http, file->device->net->server, file_name, type, 0, &size); ++ err = efihttp_request (dev->http, file->device->net->server, ++ file_name ? file_name : file->device->net->name, type, 0, &size); + grub_free (file_name); + if (err != GRUB_ERR_NONE) + { diff --git a/SOURCES/0260-Try-to-set-fPIE-and-friends-on-libgnu.a.patch b/SOURCES/0260-Try-to-set-fPIE-and-friends-on-libgnu.a.patch new file mode 100644 index 0000000..58ae2ad --- /dev/null +++ b/SOURCES/0260-Try-to-set-fPIE-and-friends-on-libgnu.a.patch @@ -0,0 +1,39 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Tue, 15 Jan 2019 14:57:25 -0500 +Subject: [PATCH] Try to set -fPIE and friends on libgnu.a + +In order to make sure UTIL_CFLAGS and UTIL_LDFLAGS can correctly get +-Wl,-z,relro,-z,now , we need everything going in them to be built with at +least -fPIC (and preferably -fPIE) wherever we can, or else we get relocations +in some component object that can't be used with the link type that's being +used for the final ELF object. + +So this makes sure libgnu.a gets built with HOST_CFLAGS and HOST_LDFLAGS, +which are what is later used to define UTIL_CFLAGS and UTIL_LDFLAGS, and +includes -fPIE. + +Fixes an rpmdiff check. + +Related: rhbz#1658500 + +Signed-off-by: Peter Jones +--- + grub-core/gnulib/Makefile.am | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/grub-core/gnulib/Makefile.am b/grub-core/gnulib/Makefile.am +index b7c5e60e1..bd3621930 100644 +--- a/grub-core/gnulib/Makefile.am ++++ b/grub-core/gnulib/Makefile.am +@@ -38,8 +38,8 @@ CLEANFILES = + DISTCLEANFILES = + MAINTAINERCLEANFILES = + +-AM_CPPFLAGS = +-AM_CFLAGS = ++AM_CPPFLAGS = $(HOST_CPPFLAGS) ++AM_CFLAGS = $(HOST_CFLAGS) + + noinst_LIBRARIES += libgnu.a + diff --git a/SOURCES/0261-blscfg-fallback-to-default_kernelopts-if-BLS-option-.patch b/SOURCES/0261-blscfg-fallback-to-default_kernelopts-if-BLS-option-.patch new file mode 100644 index 0000000..9479e70 --- /dev/null +++ b/SOURCES/0261-blscfg-fallback-to-default_kernelopts-if-BLS-option-.patch @@ -0,0 +1,60 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Tue, 26 Feb 2019 20:11:27 +0100 +Subject: [PATCH] blscfg: fallback to default_kernelopts if BLS option field + isn't set + +If the $kernelopts variable isn't found, then the entry will fail to boot +since there won't be a kernel command line params set. This makes the BLS +configuration more fragile than a non-BLS one, since in that case it will +boot even without a correct grubenv file. + +So set a $default_kernelopts in the GRUB config file that will be used as +a fallback if the value in the BLS options field can't be resolved. + +Related: rhbz#1625124 + +Signed-off-by: Javier Martinez Canillas +--- + grub-core/commands/blscfg.c | 7 +++++++ + util/grub.d/10_linux.in | 2 ++ + 2 files changed, 9 insertions(+) + +diff --git a/grub-core/commands/blscfg.c b/grub-core/commands/blscfg.c +index c432c6ba2..11cc82b6f 100644 +--- a/grub-core/commands/blscfg.c ++++ b/grub-core/commands/blscfg.c +@@ -628,6 +628,9 @@ static char *expand_val(char *value) + char *end = value; + bool is_var = false; + ++ if (!value) ++ return NULL; ++ + while (*value) { + if (*value == '$') { + if (start != end) { +@@ -701,6 +704,10 @@ static void create_entry (struct bls_entry *entry) + + title = bls_get_val (entry, "title", NULL); + options = expand_val (bls_get_val (entry, "options", NULL)); ++ ++ if (!options) ++ options = expand_val (grub_env_get("default_kernelopts")); ++ + initrds = bls_make_list (entry, "initrd", NULL); + + hotkey = bls_get_val (entry, "grub_hotkey", NULL); +diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in +index da2992ac9..04fd8953f 100644 +--- a/util/grub.d/10_linux.in ++++ b/util/grub.d/10_linux.in +@@ -158,6 +158,8 @@ linux_entry () + populate_header_warn + + cat << EOF ++set default_kernelopts="root=${linux_root_device_thisversion} ro ${args}" ++ + insmod blscfg + blscfg + if [ -s \$prefix/grubenv ]; then diff --git a/SOURCES/0262-Remove-bogus-load_env-after-blscfg-command-in-10_lin.patch b/SOURCES/0262-Remove-bogus-load_env-after-blscfg-command-in-10_lin.patch new file mode 100644 index 0000000..2705087 --- /dev/null +++ b/SOURCES/0262-Remove-bogus-load_env-after-blscfg-command-in-10_lin.patch @@ -0,0 +1,27 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Tue, 14 May 2019 20:37:44 +0200 +Subject: [PATCH] Remove bogus load_env after blscfg command in 10_linux + +The grubenv is already loaded in the 00_header snippet, so there's +no need to load it anywhere else. + +Signed-off-by: Javier Martinez Canillas +--- + util/grub.d/10_linux.in | 3 --- + 1 file changed, 3 deletions(-) + +diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in +index 04fd8953f..58d185047 100644 +--- a/util/grub.d/10_linux.in ++++ b/util/grub.d/10_linux.in +@@ -162,9 +162,6 @@ set default_kernelopts="root=${linux_root_device_thisversion} ro ${args}" + + insmod blscfg + blscfg +-if [ -s \$prefix/grubenv ]; then +- load_env +-fi + EOF + + if [ "x${GRUB_GRUBENV_UPDATE}" = "xyes" ]; then diff --git a/SOURCES/0263-10_linux_bls-use-to-separate-id-argument-due-a-Petit.patch b/SOURCES/0263-10_linux_bls-use-to-separate-id-argument-due-a-Petit.patch new file mode 100644 index 0000000..23b53d4 --- /dev/null +++ b/SOURCES/0263-10_linux_bls-use-to-separate-id-argument-due-a-Petit.patch @@ -0,0 +1,33 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Wed, 19 Jun 2019 15:57:17 +0200 +Subject: [PATCH] 10_linux_bls: use '=' to separate --id argument due a + Petitboot bug + +The GRUB menuentry command allows to separate the arguments for options +using either a '=' or a ' '. The latter is the convention used when the +menu entries are defined in the GRUB config file, but this is currently +not supported by Petitboot. + +So as a workaround define the menu entries using '--id=${bls}' instead. + +Resolves: rhbz#1721815 + +Signed-off-by: Javier Martinez Canillas +--- + util/grub.d/10_linux_bls.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/util/grub.d/10_linux_bls.in b/util/grub.d/10_linux_bls.in +index 175bedd07..8e07a7932 100644 +--- a/util/grub.d/10_linux_bls.in ++++ b/util/grub.d/10_linux_bls.in +@@ -180,7 +180,7 @@ populate_menu() + for bls in "${files[@]}" ; do + read_config "${blsdir}/${bls}.conf" + +- menu="${menu}menuentry '${title}' --class ${grub_class} ${grub_arg} --users ${grub_users} --id ${bls} {\n" ++ menu="${menu}menuentry '${title}' --class ${grub_class} ${grub_arg} --users ${grub_users} --id=${bls} {\n" + menu="${menu}\t linux ${linux} ${options}\n" + if [ -n "${initrd}" ] ; then + menu="${menu}\t initrd ${boot_prefix}${initrd}\n" diff --git a/SOURCES/0264-10_linux_bls-don-t-add-users-option-to-generated-men.patch b/SOURCES/0264-10_linux_bls-don-t-add-users-option-to-generated-men.patch new file mode 100644 index 0000000..de14031 --- /dev/null +++ b/SOURCES/0264-10_linux_bls-don-t-add-users-option-to-generated-men.patch @@ -0,0 +1,37 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Thu, 28 Mar 2019 16:34:42 +0100 +Subject: [PATCH] 10_linux_bls: don't add --users option to generated menu + entries + +The generated menu entries have a --users $grub_users option but this will +fail on old versions of GRUB, since it expects the --users option argument +to either be a constant or a variable that has been set. + +The latest GRUB version fix this but the GRUB core isn't updated on a GRUB +package update, so this will cause the entries to not be shown in the menu +after a system upgrade. + +Since can cause issues and because the entries that weren't generated from +the BLS snippets didn't have the --users option either, just don't add it. + +Resolves: rhbz#1755815 + +Signed-off-by: Javier Martinez Canillas +--- + util/grub.d/10_linux_bls.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/util/grub.d/10_linux_bls.in b/util/grub.d/10_linux_bls.in +index 8e07a7932..855dbdd19 100644 +--- a/util/grub.d/10_linux_bls.in ++++ b/util/grub.d/10_linux_bls.in +@@ -180,7 +180,7 @@ populate_menu() + for bls in "${files[@]}" ; do + read_config "${blsdir}/${bls}.conf" + +- menu="${menu}menuentry '${title}' --class ${grub_class} ${grub_arg} --users ${grub_users} --id=${bls} {\n" ++ menu="${menu}menuentry '${title}' --class ${grub_class} ${grub_arg} --id=${bls} {\n" + menu="${menu}\t linux ${linux} ${options}\n" + if [ -n "${initrd}" ] ; then + menu="${menu}\t initrd ${boot_prefix}${initrd}\n" diff --git a/SOURCES/0265-grub-set-bootflag-Update-comment-about-running-as-ro.patch b/SOURCES/0265-grub-set-bootflag-Update-comment-about-running-as-ro.patch new file mode 100644 index 0000000..c589b5f --- /dev/null +++ b/SOURCES/0265-grub-set-bootflag-Update-comment-about-running-as-ro.patch @@ -0,0 +1,27 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Hans de Goede +Date: Wed, 13 Nov 2019 12:15:43 +0100 +Subject: [PATCH] grub-set-bootflag: Update comment about running as root + through pkexec + +We have stopped using pkexec for grub-set-bootflag, instead it is now +installed suid root, update the comment accordingly. + +Signed-off-by: Hans de Goede +--- + util/grub-set-bootflag.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/util/grub-set-bootflag.c b/util/grub-set-bootflag.c +index bb198f023..a0ebd08ca 100644 +--- a/util/grub-set-bootflag.c ++++ b/util/grub-set-bootflag.c +@@ -18,7 +18,7 @@ + */ + + /* +- * NOTE this gets run by users as root (through pkexec), so this does not ++ * NOTE this gets run by users as root (its suid root), so this does not + * use any grub library / util functions to allow for easy auditing. + * The grub headers are only included to get certain defines. + */ diff --git a/SOURCES/0266-grub-set-bootflag-Write-new-env-to-tmpfile-and-then-.patch b/SOURCES/0266-grub-set-bootflag-Write-new-env-to-tmpfile-and-then-.patch new file mode 100644 index 0000000..d535a11 --- /dev/null +++ b/SOURCES/0266-grub-set-bootflag-Write-new-env-to-tmpfile-and-then-.patch @@ -0,0 +1,154 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Hans de Goede +Date: Fri, 22 Nov 2019 11:54:27 +0100 +Subject: [PATCH] grub-set-bootflag: Write new env to tmpfile and then rename + +Make the grubenv writing code in grub-set-bootflag more robust by +writing the modified grubenv to a tmpfile first and then renaming the +tmpfile over the old grubenv (following symlinks). + +Signed-off-by: Hans de Goede +[rharwood: rebase around updates] +Signed-off-by: Robbie Harwood +--- + util/grub-set-bootflag.c | 87 +++++++++++++++++++++++++++++++++++++++++++----- + 1 file changed, 78 insertions(+), 9 deletions(-) + +diff --git a/util/grub-set-bootflag.c b/util/grub-set-bootflag.c +index a0ebd08ca..a85f11fce 100644 +--- a/util/grub-set-bootflag.c ++++ b/util/grub-set-bootflag.c +@@ -27,7 +27,9 @@ + #include + #include /* For GRUB_ENVBLK_DEFCFG define */ + #include ++#include + #include ++#include + #include + #include + +@@ -53,8 +55,10 @@ int main(int argc, char *argv[]) + { + /* NOTE buf must be at least the longest bootflag length + 4 bytes */ + char env[GRUBENV_SIZE + 1], buf[64], *s; ++ /* +1 for 0 termination, +6 for "XXXXXX" in tmp filename */ ++ char env_filename[PATH_MAX + 1], tmp_filename[PATH_MAX + 6 + 1]; + const char *bootflag; +- int i, len, ret; ++ int i, fd, len, ret; + FILE *f; + + if (argc != 2) +@@ -76,7 +80,32 @@ int main(int argc, char *argv[]) + bootflag = bootflags[i]; + len = strlen (bootflag); + +- f = fopen (GRUBENV, "r"); ++ /* ++ * Really become root. setuid avoids an user killing us, possibly leaking ++ * the tmpfile. setgid avoids the new grubenv's gid being that of the user. ++ */ ++ ret = setuid(0); ++ if (ret) ++ { ++ perror ("Error setuid(0) failed"); ++ return 1; ++ } ++ ++ ret = setgid(0); ++ if (ret) ++ { ++ perror ("Error setgid(0) failed"); ++ return 1; ++ } ++ ++ /* Canonicalize GRUBENV filename, resolving symlinks, etc. */ ++ if (!realpath(GRUBENV, env_filename)) ++ { ++ perror ("Error canonicalizing " GRUBENV " filename"); ++ return 1; ++ } ++ ++ f = fopen (env_filename, "r"); + if (!f) + { + perror ("Error opening " GRUBENV " for reading"); +@@ -131,30 +160,70 @@ int main(int argc, char *argv[]) + snprintf(buf, sizeof(buf), "%s=1\n", bootflag); + memcpy(s, buf, len + 3); + +- /* "r+", don't truncate so that the diskspace stays reserved */ +- f = fopen (GRUBENV, "r+"); ++ ++ /* ++ * Create a tempfile for writing the new env. Use the canonicalized filename ++ * for the template so that the tmpfile is in the same dir / on same fs. ++ */ ++ snprintf(tmp_filename, sizeof(tmp_filename), "%sXXXXXX", env_filename); ++ fd = mkstemp(tmp_filename); ++ if (fd == -1) ++ { ++ perror ("Creating tmpfile failed"); ++ return 1; ++ } ++ ++ f = fdopen (fd, "w"); + if (!f) + { +- perror ("Error opening " GRUBENV " for writing"); ++ perror ("Error fdopen of tmpfile failed"); ++ unlink(tmp_filename); + return 1; + } + + ret = fwrite (env, 1, GRUBENV_SIZE, f); + if (ret != GRUBENV_SIZE) + { +- perror ("Error writing to " GRUBENV); ++ perror ("Error writing tmpfile"); ++ unlink(tmp_filename); + return 1; + } + + ret = fflush (f); + if (ret) + { +- perror ("Error flushing " GRUBENV); ++ perror ("Error flushing tmpfile"); ++ unlink(tmp_filename); + return 1; + } + +- fsync (fileno (f)); +- fclose (f); ++ ret = fsync (fileno (f)); ++ if (ret) ++ { ++ perror ("Error syncing tmpfile"); ++ unlink(tmp_filename); ++ return 1; ++ } ++ ++ ret = fclose (f); ++ if (ret) ++ { ++ perror ("Error closing tmpfile"); ++ unlink(tmp_filename); ++ return 1; ++ } ++ ++ /* ++ * And finally rename the tmpfile with the new env over the old env, the ++ * linux kernel guarantees that this is atomic (from a syscall pov). ++ */ ++ ret = rename(tmp_filename, env_filename); ++ if (ret) ++ { ++ perror ("Error renaming tmpfile to " GRUBENV " failed"); ++ unlink(tmp_filename); ++ return 1; ++ } + + return 0; + } diff --git a/SOURCES/0267-Fix-PRIxGRUB_EFI_STATUS-definition.patch b/SOURCES/0267-Fix-PRIxGRUB_EFI_STATUS-definition.patch new file mode 100644 index 0000000..5e3c699 --- /dev/null +++ b/SOURCES/0267-Fix-PRIxGRUB_EFI_STATUS-definition.patch @@ -0,0 +1,48 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Thu, 28 Nov 2019 13:23:59 +0100 +Subject: [PATCH] Fix PRIxGRUB_EFI_STATUS definition + +The type specifiers were wrongly defined when GRUB_CPU_SIZEOF_VOID_P != 8 +since in that case the grub_efi_status_t is a grub_int32_t typedef. This +leads to the following covscan warnings: + +grub-2.02/include/grub/dl.h:29: included_from: Included from here. +grub-2.02/include/grub/efi/efi.h:24: included_from: Included from here. +grub-2.02/grub-core/kern/efi/tpm.c:4: included_from: Included from here. +grub-2.02/grub-core/kern/efi/tpm.c: scope_hint: In function 'grub_tpm_dprintf' +grub-2.02/grub-core/kern/efi/tpm.c:170:26: warning: format '%llx' expects argument of type 'long long unsigned int', but argument 5 has type 'grub_efi_status_t' {aka 'int'} [-Wformat=] +grub-2.02/include/grub/misc.h:38:88: note: in definition of macro 'grub_dprintf' + +Related: rhbz#1761811 + +Signed-off-by: Javier Martinez Canillas +--- + include/grub/efi/api.h | 13 +++++++++---- + 1 file changed, 9 insertions(+), 4 deletions(-) + +diff --git a/include/grub/efi/api.h b/include/grub/efi/api.h +index b337e1a19..6c440c613 100644 +--- a/include/grub/efi/api.h ++++ b/include/grub/efi/api.h +@@ -539,11 +539,16 @@ typedef grub_uint16_t grub_efi_char16_t; + typedef grub_efi_intn_t grub_efi_status_t; + /* Make grub_efi_status_t reasonably printable. */ + #if GRUB_CPU_SIZEOF_VOID_P == 8 +-#define PRIxGRUB_EFI_STATUS "lx" +-#define PRIdGRUB_EFI_STATUS "ld" ++# if GRUB_CPU_SIZEOF_LONG == 8 ++# define PRIxGRUB_EFI_STATUS "lx" ++# define PRIdGRUB_EFI_STATUS "ld" ++# else ++# define PRIxGRUB_EFI_STATUS "llx" ++# define PRIdGRUB_EFI_STATUS "lld" ++# endif + #else +-#define PRIxGRUB_EFI_STATUS "llx" +-#define PRIdGRUB_EFI_STATUS "lld" ++# define PRIxGRUB_EFI_STATUS "x" ++# define PRIdGRUB_EFI_STATUS "d" + #endif + + #define GRUB_EFI_ERROR_CODE(value) \ diff --git a/SOURCES/0268-TPM-Print-messages-if-measuraments-fail-as-debug-ins.patch b/SOURCES/0268-TPM-Print-messages-if-measuraments-fail-as-debug-ins.patch new file mode 100644 index 0000000..5e75acd --- /dev/null +++ b/SOURCES/0268-TPM-Print-messages-if-measuraments-fail-as-debug-ins.patch @@ -0,0 +1,100 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Wed, 16 Oct 2019 15:32:04 +0200 +Subject: [PATCH] TPM: Print messages if measuraments fail as debug instead of + error + +If the calls to EFI services to do TPM measuraments fail, currently error +messages are printed. But this is not a fatal error and just pollutes the +output, so instead just print them as debug messages. + +Resolves: rhbz#1761811 + +Signed-off-by: Javier Martinez Canillas +--- + grub-core/kern/efi/tpm.c | 58 +++++++++++++++++++++++++----------------------- + 1 file changed, 30 insertions(+), 28 deletions(-) + +diff --git a/grub-core/kern/efi/tpm.c b/grub-core/kern/efi/tpm.c +index 0d3ebe22e..5dc908652 100644 +--- a/grub-core/kern/efi/tpm.c ++++ b/grub-core/kern/efi/tpm.c +@@ -161,6 +161,34 @@ grub_tpm_execute(PassThroughToTPM_InputParamBlock *inbuf, + } + } + ++static inline grub_err_t grub_tpm_dprintf(grub_efi_status_t status) ++{ ++ switch (status) { ++ case GRUB_EFI_SUCCESS: ++ return 0; ++ case GRUB_EFI_DEVICE_ERROR: ++ grub_dprintf ("tpm", "Command failed: 0x%"PRIxGRUB_EFI_STATUS"\n", ++ status); ++ return GRUB_ERR_IO; ++ case GRUB_EFI_INVALID_PARAMETER: ++ grub_dprintf ("tpm", "Invalid parameter: 0x%"PRIxGRUB_EFI_STATUS"\n", ++ status); ++ return GRUB_ERR_BAD_ARGUMENT; ++ case GRUB_EFI_BUFFER_TOO_SMALL: ++ grub_dprintf ("tpm", "Output buffer too small: 0x%"PRIxGRUB_EFI_STATUS"\n", ++ status); ++ return GRUB_ERR_BAD_ARGUMENT; ++ case GRUB_EFI_NOT_FOUND: ++ grub_dprintf ("tpm", "TPM unavailable: 0x%"PRIxGRUB_EFI_STATUS"\n", ++ status); ++ return GRUB_ERR_UNKNOWN_DEVICE; ++ default: ++ grub_dprintf ("tpm", "Unknown TPM error: 0x%"PRIxGRUB_EFI_STATUS"\n", ++ status); ++ return GRUB_ERR_UNKNOWN_DEVICE; ++ } ++} ++ + static grub_err_t + grub_tpm1_log_event(grub_efi_handle_t tpm_handle, unsigned char *buf, + grub_size_t size, grub_uint8_t pcr, +@@ -194,20 +222,7 @@ grub_tpm1_log_event(grub_efi_handle_t tpm_handle, unsigned char *buf, + (unsigned long) buf, (grub_uint64_t) size, + algorithm, event, &eventnum, &lastevent); + +- switch (status) { +- case GRUB_EFI_SUCCESS: +- return 0; +- case GRUB_EFI_DEVICE_ERROR: +- return grub_error (GRUB_ERR_IO, N_("Command failed")); +- case GRUB_EFI_INVALID_PARAMETER: +- return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Invalid parameter")); +- case GRUB_EFI_BUFFER_TOO_SMALL: +- return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Output buffer too small")); +- case GRUB_EFI_NOT_FOUND: +- return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("TPM unavailable")); +- default: +- return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("Unknown TPM error")); +- } ++ return grub_tpm_dprintf(status); + } + + static grub_err_t +@@ -240,20 +255,7 @@ grub_tpm2_log_event(grub_efi_handle_t tpm_handle, unsigned char *buf, + status = efi_call_5 (tpm->hash_log_extend_event, tpm, 0, (unsigned long) buf, + (grub_uint64_t) size, event); + +- switch (status) { +- case GRUB_EFI_SUCCESS: +- return 0; +- case GRUB_EFI_DEVICE_ERROR: +- return grub_error (GRUB_ERR_IO, N_("Command failed")); +- case GRUB_EFI_INVALID_PARAMETER: +- return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Invalid parameter")); +- case GRUB_EFI_BUFFER_TOO_SMALL: +- return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Output buffer too small")); +- case GRUB_EFI_NOT_FOUND: +- return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("TPM unavailable")); +- default: +- return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("Unknown TPM error")); +- } ++ return grub_tpm_dprintf(status); + } + + grub_err_t diff --git a/SOURCES/0269-unix-platform-Initialize-variable-to-fix-grub-instal.patch b/SOURCES/0269-unix-platform-Initialize-variable-to-fix-grub-instal.patch new file mode 100644 index 0000000..a2382f7 --- /dev/null +++ b/SOURCES/0269-unix-platform-Initialize-variable-to-fix-grub-instal.patch @@ -0,0 +1,66 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Paul Menzel +Date: Tue, 23 Oct 2018 15:00:13 +0200 +Subject: [PATCH] unix/platform: Initialize variable to fix grub-install on + UEFI system +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +On a UEFI system, were no boot entry *grub* is present, currently, +`grub-install` fails with an error. + + $ efibootmgr + BootCurrent: 0000 + Timeout: 0 seconds + BootOrder: 0001,0006,0003,0004,0005 + Boot0001 Diskette Drive + Boot0003* USB Storage Device + Boot0004* CD/DVD/CD-RW Drive + Boot0005 Onboard NIC + Boot0006* WDC WD2500AAKX-75U6AA0 + $ sudo grub-install /dev/sda + Installing for x86_64-efi platform. + grub-install: error: efibootmgr failed to register the boot entry: Unknown error 22020. + +The error code is always different, and the error message (incorrectly) +points to efibootmgr. + +But, the error is in GRUB’s function +`grub_install_remove_efi_entries_by_distributor()`, where the variable +`rc` for the return value, is uninitialized and never set, when no boot +entry for the distributor is found. + +The content of that uninitialized variable is then returned as the error +code of efibootmgr. + +Set the variable to 0, so that success is returned, when no entry needs +to be deleted. + +Tested on Dell OptiPlex 7010 with firmware A28. + + $ sudo ./grub-install /dev/sda + Installing for x86_64-efi platform. + Installation finished. No error reported. + +[1]: https://github.com/rhboot/efibootmgr/issues/100 + +Signed-off-by: Paul Menzel +Reviewed-by: Daniel Kiper +--- + grub-core/osdep/unix/platform.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/grub-core/osdep/unix/platform.c b/grub-core/osdep/unix/platform.c +index ca448bc11..55b8f4016 100644 +--- a/grub-core/osdep/unix/platform.c ++++ b/grub-core/osdep/unix/platform.c +@@ -85,7 +85,7 @@ grub_install_remove_efi_entries_by_distributor (const char *efi_distributor) + pid_t pid = grub_util_exec_pipe ((const char * []){ "efibootmgr", NULL }, &fd); + char *line = NULL; + size_t len = 0; +- int rc; ++ int rc = 0; + + if (!pid) + { diff --git a/SOURCES/0270-blscfg-add-a-space-char-when-appending-fields-for-va.patch b/SOURCES/0270-blscfg-add-a-space-char-when-appending-fields-for-va.patch new file mode 100644 index 0000000..cf42b47 --- /dev/null +++ b/SOURCES/0270-blscfg-add-a-space-char-when-appending-fields-for-va.patch @@ -0,0 +1,76 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Tue, 26 Nov 2019 09:51:41 +0100 +Subject: [PATCH] blscfg: add a space char when appending fields for variable + expansion + +The GRUB variables are expanded and replaced by their values before adding +menu entries, but they didn't include space characters after the values so +the result was not correct. + +For the common case this wasn't a problem but it is if there are variables +that are part of the values of other variables. + +Resolves: rhbz#1669252 + +Signed-off-by: Javier Martinez Canillas +--- + grub-core/commands/blscfg.c | 31 ++++++++++++++++++------------- + 1 file changed, 18 insertions(+), 13 deletions(-) + +diff --git a/grub-core/commands/blscfg.c b/grub-core/commands/blscfg.c +index 11cc82b6f..c92e1c845 100644 +--- a/grub-core/commands/blscfg.c ++++ b/grub-core/commands/blscfg.c +@@ -597,26 +597,29 @@ static char **bls_make_list (struct bls_entry *entry, const char *key, int *num) + + static char *field_append(bool is_var, char *buffer, char *start, char *end) + { +- char *temp = grub_strndup(start, end - start + 1); +- const char *field = temp; ++ char *tmp = grub_strndup(start, end - start + 1); ++ const char *field = tmp; ++ int term = is_var ? 2 : 1; + + if (is_var) { +- field = grub_env_get (temp); ++ field = grub_env_get (tmp); + if (!field) + return buffer; + } + +- if (!buffer) { +- buffer = grub_strdup(field); +- if (!buffer) +- return NULL; +- } else { +- buffer = grub_realloc (buffer, grub_strlen(buffer) + grub_strlen(field)); +- if (!buffer) +- return NULL; ++ if (!buffer) ++ buffer = grub_zalloc (grub_strlen(field) + term); ++ else ++ buffer = grub_realloc (buffer, grub_strlen(buffer) + grub_strlen(field) + term); + +- grub_stpcpy (buffer + grub_strlen(buffer), field); +- } ++ if (!buffer) ++ return NULL; ++ ++ tmp = buffer + grub_strlen(buffer); ++ tmp = grub_stpcpy (tmp, field); ++ ++ if (is_var) ++ tmp = grub_stpcpy (tmp, " "); + + return buffer; + } +@@ -646,6 +649,8 @@ static char *expand_val(char *value) + buffer = field_append(is_var, buffer, start, end); + is_var = false; + start = value; ++ if (*start == ' ') ++ start++; + } + } + diff --git a/SOURCES/0271-efi-http-Export-fw-http-_path-variables-to-make-them.patch b/SOURCES/0271-efi-http-Export-fw-http-_path-variables-to-make-them.patch new file mode 100644 index 0000000..84cec33 --- /dev/null +++ b/SOURCES/0271-efi-http-Export-fw-http-_path-variables-to-make-them.patch @@ -0,0 +1,50 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Thu, 5 Mar 2020 16:21:47 +0100 +Subject: [PATCH] efi/http: Export {fw,http}_path variables to make them global + +The fw_path environment variable is used by http_configure() function to +determine the HTTP path that should be used as prefix when using relative +HTTP paths. And this is stored in the http_path environment variable. + +Later, that variable is looked up by grub_efihttp_open() to generate the +complete path to be used in the HTTP request. + +But these variables are not exported, which means that are not global and +so are only found in the initial context. + +This can cause commands like configfile that create a new context to fail +because the fw_path and http_path variables will not be found. + +Resolves: rhbz#1811561 + +Signed-off-by: Javier Martinez Canillas +--- + grub-core/kern/main.c | 1 + + grub-core/net/efi/http.c | 1 + + 2 files changed, 2 insertions(+) + +diff --git a/grub-core/kern/main.c b/grub-core/kern/main.c +index dcf48726d..9bf6a8b23 100644 +--- a/grub-core/kern/main.c ++++ b/grub-core/kern/main.c +@@ -142,6 +142,7 @@ grub_set_prefix_and_root (void) + if (fw_path) + { + grub_env_set ("fw_path", fw_path); ++ grub_env_export ("fw_path"); + grub_dprintf ("fw_path", "fw_path:\"%s\"\n", fw_path); + grub_free (fw_path); + } +diff --git a/grub-core/net/efi/http.c b/grub-core/net/efi/http.c +index de351b2cd..755b7a6d0 100644 +--- a/grub-core/net/efi/http.c ++++ b/grub-core/net/efi/http.c +@@ -39,6 +39,7 @@ http_configure (struct grub_efi_net_device *dev, int prefer_ip6) + http_path++; + grub_env_unset ("http_path"); + grub_env_set ("http_path", http_path); ++ grub_env_export ("http_path"); + } + } + diff --git a/SOURCES/0272-efi-http-Enclose-literal-IPv6-addresses-in-square-br.patch b/SOURCES/0272-efi-http-Enclose-literal-IPv6-addresses-in-square-br.patch new file mode 100644 index 0000000..69abcc3 --- /dev/null +++ b/SOURCES/0272-efi-http-Enclose-literal-IPv6-addresses-in-square-br.patch @@ -0,0 +1,114 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Thu, 5 Mar 2020 16:21:58 +0100 +Subject: [PATCH] efi/http: Enclose literal IPv6 addresses in square brackets + +According to RFC 2732 (https://www.ietf.org/rfc/rfc2732.txt), literal IPv6 +addresses must be enclosed in square brackets. But GRUB currently does not +do this and is causing HTTP servers to send Bad Request (400) responses. + +For example, the following is the HTTP stream when fetching a config file: + +HEAD /EFI/BOOT/grub.cfg HTTP/1.1 +Host: 2000:dead:beef:a::1 +Accept: */* +User-Agent: UefiHttpBoot/1.0 + +HTTP/1.1 400 Bad Request +Date: Thu, 05 Mar 2020 14:46:02 GMT +Server: Apache/2.4.41 (Fedora) OpenSSL/1.1.1d +Connection: close +Content-Type: text/html; charset=iso-8859-1 + +and after enclosing the IPv6 address the HTTP request is successful: + +HEAD /EFI/BOOT/grub.cfg HTTP/1.1 +Host: [2000:dead:beef:a::1] +Accept: */* +User-Agent: UefiHttpBoot/1.0 + +HTTP/1.1 200 OK +Date: Thu, 05 Mar 2020 14:48:04 GMT +Server: Apache/2.4.41 (Fedora) OpenSSL/1.1.1d +Last-Modified: Thu, 27 Feb 2020 17:45:58 GMT +ETag: "206-59f924b24b1da" +Accept-Ranges: bytes +Content-Length: 518 + +Resolves: rhbz#1811560 + +Signed-off-by: Javier Martinez Canillas +--- + grub-core/net/efi/http.c | 37 ++++++++++++++++++++++++++++--------- + 1 file changed, 28 insertions(+), 9 deletions(-) + +diff --git a/grub-core/net/efi/http.c b/grub-core/net/efi/http.c +index 755b7a6d0..fc8cb25ae 100644 +--- a/grub-core/net/efi/http.c ++++ b/grub-core/net/efi/http.c +@@ -158,13 +158,7 @@ efihttp_request (grub_efi_http_t *http, char *server, char *name, int use_https, + grub_efi_status_t status; + grub_efi_boot_services_t *b = grub_efi_system_table->boot_services; + char *url = NULL; +- +- request_headers[0].field_name = (grub_efi_char8_t *)"Host"; +- request_headers[0].field_value = (grub_efi_char8_t *)server; +- request_headers[1].field_name = (grub_efi_char8_t *)"Accept"; +- request_headers[1].field_value = (grub_efi_char8_t *)"*/*"; +- request_headers[2].field_name = (grub_efi_char8_t *)"User-Agent"; +- request_headers[2].field_value = (grub_efi_char8_t *)"UefiHttpBoot/1.0"; ++ char *hostname = NULL; + + { + grub_efi_ipv6_address_t address; +@@ -174,9 +168,24 @@ efihttp_request (grub_efi_http_t *http, char *server, char *name, int use_https, + const char *protocol = (use_https == 1) ? "https" : "http"; + + if (grub_efi_string_to_ip6_address (server, &address, &rest) && *rest == 0) +- url = grub_xasprintf ("%s://[%s]%s", protocol, server, name); ++ { ++ hostname = grub_xasprintf ("[%s]", server); ++ if (!hostname) ++ return GRUB_ERR_OUT_OF_MEMORY; ++ ++ server = hostname; ++ ++ url = grub_xasprintf ("%s://%s%s", protocol, server, name); ++ if (!url) ++ { ++ grub_free (hostname); ++ return GRUB_ERR_OUT_OF_MEMORY; ++ } ++ } + else +- url = grub_xasprintf ("%s://%s%s", protocol, server, name); ++ { ++ url = grub_xasprintf ("%s://%s%s", protocol, server, name); ++ } + + if (!url) + { +@@ -199,6 +208,13 @@ efihttp_request (grub_efi_http_t *http, char *server, char *name, int use_https, + request_data.url = ucs2_url; + } + ++ request_headers[0].field_name = (grub_efi_char8_t *)"Host"; ++ request_headers[0].field_value = (grub_efi_char8_t *)server; ++ request_headers[1].field_name = (grub_efi_char8_t *)"Accept"; ++ request_headers[1].field_value = (grub_efi_char8_t *)"*/*"; ++ request_headers[2].field_name = (grub_efi_char8_t *)"User-Agent"; ++ request_headers[2].field_value = (grub_efi_char8_t *)"UefiHttpBoot/1.0"; ++ + request_data.method = (headeronly > 0) ? GRUB_EFI_HTTPMETHODHEAD : GRUB_EFI_HTTPMETHODGET; + + request_message.data.request = &request_data; +@@ -228,6 +244,9 @@ efihttp_request (grub_efi_http_t *http, char *server, char *name, int use_https, + + status = efi_call_2 (http->request, http, &request_token); + ++ if (hostname) ++ grub_free (hostname); ++ + if (status != GRUB_EFI_SUCCESS) + { + efi_call_1 (b->close_event, request_token.event); diff --git a/SOURCES/0273-efi-net-Allow-to-specify-a-port-number-in-addresses.patch b/SOURCES/0273-efi-net-Allow-to-specify-a-port-number-in-addresses.patch new file mode 100644 index 0000000..8b7ae22 --- /dev/null +++ b/SOURCES/0273-efi-net-Allow-to-specify-a-port-number-in-addresses.patch @@ -0,0 +1,48 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Mon, 9 Mar 2020 15:29:45 +0100 +Subject: [PATCH] efi/net: Allow to specify a port number in addresses + +The grub_efi_net_parse_address() function is not covering the case where a +port number is specified in an IPv4 or IPv6 address, so will fail to parse +the network address. + +For most cases the issue is harmless, because the function is only used to +match an address with a network interface and if fails the default is used. + +But still is a bug that has to be fixed and it causes error messages to be +printed like the following: + +error: net/efi/net.c:782:unrecognised network address '192.168.122.1:8080' + +error: net/efi/net.c:781:unrecognised network address '[2000:dead:beef:a::1]:8080' + +Resolves: rhbz#1811560 + +Signed-off-by: Javier Martinez Canillas +--- + grub-core/net/efi/net.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/grub-core/net/efi/net.c b/grub-core/net/efi/net.c +index 4c70fc4da..c74854a82 100644 +--- a/grub-core/net/efi/net.c ++++ b/grub-core/net/efi/net.c +@@ -742,7 +742,7 @@ grub_efi_net_parse_address (const char *address, + return GRUB_ERR_NONE; + } + } +- else if (*rest == 0) ++ else if (*rest == 0 || *rest == ':') + { + grub_uint32_t subnet_mask = 0xffffffffU; + grub_memcpy (ip4->subnet_mask, &subnet_mask, sizeof (ip4->subnet_mask)); +@@ -768,7 +768,7 @@ grub_efi_net_parse_address (const char *address, + return GRUB_ERR_NONE; + } + } +- else if (*rest == 0) ++ else if (*rest == 0 || *rest == ':') + { + ip6->prefix_length = 128; + ip6->is_anycast = 0; diff --git a/SOURCES/0274-efi-ip4_config-Improve-check-to-detect-literal-IPv6-.patch b/SOURCES/0274-efi-ip4_config-Improve-check-to-detect-literal-IPv6-.patch new file mode 100644 index 0000000..1ef97f9 --- /dev/null +++ b/SOURCES/0274-efi-ip4_config-Improve-check-to-detect-literal-IPv6-.patch @@ -0,0 +1,48 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Mon, 9 Mar 2020 15:30:05 +0100 +Subject: [PATCH] efi/ip4_config: Improve check to detect literal IPv6 + addresses + +The grub_efi_string_to_ip4_address() function wrongly assumes that an IPv6 +address is an IPv4 address, because it doesn't take into account the case +of a caller passing an IPv6 address as a string. + +This leads to the grub_efi_net_parse_address() function to fail and print +the following error message: + +error: net/efi/net.c:785:unrecognised network address '2000:dead:beef:a::1' + +Resolves: rhbz#1811560 + +Signed-off-by: Javier Martinez Canillas +--- + grub-core/net/efi/ip4_config.c | 13 ++++++++++++- + 1 file changed, 12 insertions(+), 1 deletion(-) + +diff --git a/grub-core/net/efi/ip4_config.c b/grub-core/net/efi/ip4_config.c +index 38e2a0474..6117e60ab 100644 +--- a/grub-core/net/efi/ip4_config.c ++++ b/grub-core/net/efi/ip4_config.c +@@ -56,9 +56,20 @@ int + grub_efi_string_to_ip4_address (const char *val, grub_efi_ipv4_address_t *address, const char **rest) + { + grub_uint32_t newip = 0; +- int i; ++ int i, ncolon = 0; + const char *ptr = val; + ++ /* Check that is not an IPv6 address */ ++ for (i = 0; i < grub_strlen(ptr); i++) ++ { ++ if (ptr[i] == '[' && i == 0) ++ return 0; ++ ++ if (ptr[i] == ':') ++ if (i == 0 || ++ncolon == 2) ++ return 0; ++ } ++ + for (i = 0; i < 4; i++) + { + unsigned long t; diff --git a/SOURCES/0275-efi-net-Print-a-debug-message-if-parsing-the-address.patch b/SOURCES/0275-efi-net-Print-a-debug-message-if-parsing-the-address.patch new file mode 100644 index 0000000..5559b56 --- /dev/null +++ b/SOURCES/0275-efi-net-Print-a-debug-message-if-parsing-the-address.patch @@ -0,0 +1,68 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Tue, 10 Mar 2020 11:23:49 +0100 +Subject: [PATCH] efi/net: Print a debug message if parsing the address fails + +Currently if parsing the address fails an error message is printed. But in +most cases this isn't a fatal error since the grub_efi_net_parse_address() +function is only used to match an address with a network interface to use. + +And if this fails, the default interface is used which is good enough for +most cases. So instead of printing an error that would pollute the console +just print a debug message if the address is not parsed correctly. + +A user can enable debug messages for the efinet driver to have information +about the failure and the fact that the default interface is being used. + +Related: rhbz#1811560 + +Signed-off-by: Javier Martinez Canillas +--- + grub-core/net/efi/net.c | 18 +++++++++++------- + 1 file changed, 11 insertions(+), 7 deletions(-) + +diff --git a/grub-core/net/efi/net.c b/grub-core/net/efi/net.c +index c74854a82..3ae1fbbe3 100644 +--- a/grub-core/net/efi/net.c ++++ b/grub-core/net/efi/net.c +@@ -778,9 +778,9 @@ grub_efi_net_parse_address (const char *address, + } + } + +- return grub_error (GRUB_ERR_NET_BAD_ADDRESS, +- N_("unrecognised network address `%s'"), +- address); ++ grub_dprintf ("efinet", "unrecognised network address '%s'\n", address); ++ ++ return GRUB_ERR_NET_BAD_ADDRESS; + } + + static grub_efi_net_interface_t * +@@ -795,10 +795,7 @@ match_route (const char *server) + err = grub_efi_net_parse_address (server, &ip4, &ip6, &is_ip6, 0); + + if (err) +- { +- grub_print_error (); + return NULL; +- } + + if (is_ip6) + { +@@ -1233,8 +1230,15 @@ grub_net_open_real (const char *name __attribute__ ((unused))) + /*FIXME: Use DNS translate name to address */ + net_interface = match_route (server); + ++ if (!net_interface && net_default_interface) ++ { ++ net_interface = net_default_interface; ++ grub_dprintf ("efinet", "interface lookup failed, using default '%s'\n", ++ net_interface->name); ++ } ++ + /*XXX: should we check device with default gateway ? */ +- if (!net_interface && !(net_interface = net_default_interface)) ++ if (!net_interface) + { + grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("disk `%s' no route found"), + name); diff --git a/SOURCES/0276-efi-Set-image-base-address-before-jumping-to-the-PE-.patch b/SOURCES/0276-efi-Set-image-base-address-before-jumping-to-the-PE-.patch new file mode 100644 index 0000000..e6178ab --- /dev/null +++ b/SOURCES/0276-efi-Set-image-base-address-before-jumping-to-the-PE-.patch @@ -0,0 +1,60 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Thu, 23 Apr 2020 15:06:46 +0200 +Subject: [PATCH] efi: Set image base address before jumping to the PE/COFF + entry point + +Upstream GRUB uses the EFI LoadImage() and StartImage() to boot the Linux +kernel. But our custom EFI loader that supports Secure Boot instead uses +the EFI handover protocol (for x86) or jumping directly to the PE/COFF +entry point (for aarch64). + +This is done to allow the bootloader to verify the images using the shim +lock protocol to avoid booting untrusted binaries. + +Since the bootloader loads the kernel from the boot media instead of using +LoadImage(), it is responsible to set the Loaded Image base address before +booting the kernel. + +Otherwise the kernel EFI stub will complain that it was not set correctly +and print the following warning message: + +EFI stub: ERROR: FIRMWARE BUG: efi_loaded_image_t::image_base has bogus value + +Resolves: rhbz#1819624 + +Signed-off-by: Javier Martinez Canillas +--- + grub-core/loader/efi/linux.c | 12 ++++++++++++ + 1 file changed, 12 insertions(+) + +diff --git a/grub-core/loader/efi/linux.c b/grub-core/loader/efi/linux.c +index b56ea0bc0..e09f82486 100644 +--- a/grub-core/loader/efi/linux.c ++++ b/grub-core/loader/efi/linux.c +@@ -72,6 +72,7 @@ grub_err_t + grub_efi_linux_boot (void *kernel_addr, grub_off_t handover_offset, + void *kernel_params) + { ++ grub_efi_loaded_image_t *loaded_image = NULL; + handover_func hf; + int offset = 0; + +@@ -79,6 +80,17 @@ grub_efi_linux_boot (void *kernel_addr, grub_off_t handover_offset, + offset = 512; + #endif + ++ /* ++ * Since the EFI loader is not calling the LoadImage() and StartImage() ++ * services for loading the kernel and booting respectively, it has to ++ * set the Loaded Image base address. ++ */ ++ loaded_image = grub_efi_get_loaded_image (grub_efi_image_handle); ++ if (loaded_image) ++ loaded_image->image_base = kernel_addr; ++ else ++ grub_dprintf ("linux", "Loaded Image base address could not be set\n"); ++ + grub_dprintf ("linux", "kernel_addr: %p handover_offset: %p params: %p\n", + kernel_addr, (void *)(grub_efi_uintn_t)handover_offset, kernel_params); + hf = (handover_func)((char *)kernel_addr + handover_offset + offset); diff --git a/SOURCES/0277-envblk-Fix-buffer-overrun-when-attempting-to-shrink-.patch b/SOURCES/0277-envblk-Fix-buffer-overrun-when-attempting-to-shrink-.patch new file mode 100644 index 0000000..58177e8 --- /dev/null +++ b/SOURCES/0277-envblk-Fix-buffer-overrun-when-attempting-to-shrink-.patch @@ -0,0 +1,62 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Tue, 12 May 2020 01:00:51 +0200 +Subject: [PATCH] envblk: Fix buffer overrun when attempting to shrink a + variable value +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +If an existing variable is set with a value whose length is smaller than +the current value, a memory corruption can happen due copying padding '#' +characters outside of the environment block buffer. + +This is caused by a wrong calculation of the previous free space position +after moving backward the characters that followed the old variable value. + +That position is calculated to fill the remaining of the buffer with the +padding '#' characters. But since isn't calculated correctly, it can lead +to copies outside of the buffer. + +The issue can be reproduced by creating a variable with a large value and +then try to set a new value that is much smaller: + +$ grub2-editenv --version +grub2-editenv (GRUB) 2.04 + +$ grub2-editenv env create + +$ grub2-editenv env set a="$(for i in {1..500}; do var="b$var"; done; echo $var)" + +$ wc -c env +1024 grubenv + +$ grub2-editenv env set a="$(for i in {1..50}; do var="b$var"; done; echo $var)" +malloc(): corrupted top size +Aborted (core dumped) + +$ wc -c env +0 grubenv + +Resolves: rhbz#1761496 + +Reported-by: Renaud Métrich +Signed-off-by: Javier Martinez Canillas +Patch-cc: Daniel Kiper +--- + grub-core/lib/envblk.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/grub-core/lib/envblk.c b/grub-core/lib/envblk.c +index 230e0e9d9..2e4e78b13 100644 +--- a/grub-core/lib/envblk.c ++++ b/grub-core/lib/envblk.c +@@ -143,7 +143,7 @@ grub_envblk_set (grub_envblk_t envblk, const char *name, const char *value) + /* Move the following characters backward, and fill the new + space with harmless characters. */ + grub_memmove (p + vl, p + len, pend - (p + len)); +- grub_memset (space + len - vl, '#', len - vl); ++ grub_memset (space - (len - vl), '#', len - vl); + } + else + /* Move the following characters forward. */ diff --git a/SOURCES/0278-Reimplement-boot_counter.patch b/SOURCES/0278-Reimplement-boot_counter.patch new file mode 100644 index 0000000..3525c41 --- /dev/null +++ b/SOURCES/0278-Reimplement-boot_counter.patch @@ -0,0 +1,196 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Thu, 4 Oct 2018 14:22:09 -0400 +Subject: [PATCH] Reimplement boot_counter + +This adds "increment" and "decrement" commands, and uses them to maintain our +variables in 01_fallback_counter. It also simplifies the counter logic, so +that there are no nested tests that conflict with each other. + +Apparently, this *really* wasn't tested well enough. + +Resolves: rhbz#1614637 +Signed-off-by: Peter Jones +[lorbus: add comments and revert logic changes in 01_fallback_counting] +Signed-off-by: Christian Glombek +--- + Makefile.util.def | 6 +++ + grub-core/Makefile.core.def | 5 ++ + grub-core/commands/increment.c | 105 ++++++++++++++++++++++++++++++++++++ + util/grub.d/01_fallback_counting.in | 22 ++++++++ + 4 files changed, 138 insertions(+) + create mode 100644 grub-core/commands/increment.c + create mode 100644 util/grub.d/01_fallback_counting.in + +diff --git a/Makefile.util.def b/Makefile.util.def +index 08cc98ddb..eca3dfa75 100644 +--- a/Makefile.util.def ++++ b/Makefile.util.def +@@ -448,6 +448,12 @@ script = { + installdir = grubconf; + }; + ++script = { ++ name = '01_fallback_counting'; ++ common = util/grub.d/01_fallback_counting.in; ++ installdir = grubconf; ++}; ++ + script = { + name = '01_menu_auto_hide'; + common = util/grub.d/01_menu_auto_hide.in; +diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def +index 6864e780f..c8a50b4fc 100644 +--- a/grub-core/Makefile.core.def ++++ b/grub-core/Makefile.core.def +@@ -362,6 +362,11 @@ kernel = { + extra_dist = kern/mips/cache_flush.S; + }; + ++module = { ++ name = increment; ++ common = commands/increment.c; ++}; ++ + program = { + name = grub-emu; + mansection = 1; +diff --git a/grub-core/commands/increment.c b/grub-core/commands/increment.c +new file mode 100644 +index 000000000..79cf13765 +--- /dev/null ++++ b/grub-core/commands/increment.c +@@ -0,0 +1,105 @@ ++/* increment.c - Commands to increment and decrement variables. */ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2006,2007,2008 Free Software Foundation, Inc. ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ */ ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++GRUB_MOD_LICENSE ("GPLv3+"); ++ ++typedef enum { ++ INCREMENT, ++ DECREMENT, ++} operation; ++ ++static grub_err_t ++incr_decr(operation op, int argc, char **args) ++{ ++ const char *old; ++ char *new; ++ long value; ++ ++ if (argc < 1) ++ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_ ("no variable specified")); ++ if (argc > 1) ++ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_ ("too many arguments")); ++ ++ old = grub_env_get (*args); ++ if (!old) ++ return grub_error (GRUB_ERR_FILE_NOT_FOUND, N_("No such variable \"%s\""), ++ *args); ++ ++ value = grub_strtol (old, NULL, 0); ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; ++ ++ switch (op) ++ { ++ case INCREMENT: ++ value += 1; ++ break; ++ case DECREMENT: ++ value -= 1; ++ break; ++ } ++ ++ new = grub_xasprintf ("%ld", value); ++ if (!new) ++ return grub_errno; ++ ++ grub_env_set (*args, new); ++ grub_free (new); ++ ++ return GRUB_ERR_NONE; ++} ++ ++static grub_err_t ++grub_cmd_incr(struct grub_command *cmd UNUSED, ++ int argc, char **args) ++{ ++ return incr_decr(INCREMENT, argc, args); ++} ++ ++static grub_err_t ++grub_cmd_decr(struct grub_command *cmd UNUSED, ++ int argc, char **args) ++{ ++ return incr_decr(DECREMENT, argc, args); ++} ++ ++static grub_command_t cmd_incr, cmd_decr; ++ ++GRUB_MOD_INIT(increment) ++{ ++ cmd_incr = grub_register_command ("increment", grub_cmd_incr, N_("VARIABLE"), ++ N_("increment VARIABLE")); ++ cmd_decr = grub_register_command ("decrement", grub_cmd_decr, N_("VARIABLE"), ++ N_("decrement VARIABLE")); ++} ++ ++GRUB_MOD_FINI(increment) ++{ ++ grub_unregister_command (cmd_incr); ++ grub_unregister_command (cmd_decr); ++} +diff --git a/util/grub.d/01_fallback_counting.in b/util/grub.d/01_fallback_counting.in +new file mode 100644 +index 000000000..be0e770ea +--- /dev/null ++++ b/util/grub.d/01_fallback_counting.in +@@ -0,0 +1,22 @@ ++#! /bin/sh -e ++ ++# Boot Counting ++# The boot_counter env var can be used to count down boot attempts after an ++# OSTree upgrade and choose the rollback deployment when 0 is reached. Both ++# boot_counter and boot_success need to be (re-)set from userspace. ++cat << EOF ++insmod increment ++# Check if boot_counter exists and boot_success=0 to activate this behaviour. ++if [ -n "\${boot_counter}" -a "\${boot_success}" = "0" ]; then ++ # if countdown has ended, choose to boot rollback deployment (default=1 on ++ # OSTree-based systems) ++ if [ "\${boot_counter}" = "0" -o "\${boot_counter}" = "-1" ]; then ++ set default=1 ++ set boot_counter=-1 ++ # otherwise decrement boot_counter ++ else ++ decrement boot_counter ++ fi ++ save_env boot_counter ++fi ++EOF diff --git a/SOURCES/0279-grub.d-Split-out-boot-success-reset-from-menu-auto-h.patch b/SOURCES/0279-grub.d-Split-out-boot-success-reset-from-menu-auto-h.patch new file mode 100644 index 0000000..dadf757 --- /dev/null +++ b/SOURCES/0279-grub.d-Split-out-boot-success-reset-from-menu-auto-h.patch @@ -0,0 +1,165 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Christian Glombek +Date: Tue, 2 Apr 2019 16:22:21 +0200 +Subject: [PATCH] grub.d: Split out boot success reset from menu auto hide + script + +Also rename fallback and menu auto hide script to be executed +before and after boot success reset script. +In menu auto hide script, rename last_boot_ok var to menu_hide_ok +--- + Makefile.util.def | 14 ++++++++---- + ...allback_counting.in => 08_fallback_counting.in} | 14 ++++++------ + util/grub.d/10_reset_boot_success.in | 25 ++++++++++++++++++++++ + .../{01_menu_auto_hide.in => 12_menu_auto_hide.in} | 23 +++++--------------- + 4 files changed, 48 insertions(+), 28 deletions(-) + rename util/grub.d/{01_fallback_counting.in => 08_fallback_counting.in} (65%) + create mode 100644 util/grub.d/10_reset_boot_success.in + rename util/grub.d/{01_menu_auto_hide.in => 12_menu_auto_hide.in} (58%) + +diff --git a/Makefile.util.def b/Makefile.util.def +index eca3dfa75..5062a0e50 100644 +--- a/Makefile.util.def ++++ b/Makefile.util.def +@@ -449,14 +449,14 @@ script = { + }; + + script = { +- name = '01_fallback_counting'; +- common = util/grub.d/01_fallback_counting.in; ++ name = '08_fallback_counting'; ++ common = util/grub.d/08_fallback_counting.in; + installdir = grubconf; + }; + + script = { +- name = '01_menu_auto_hide'; +- common = util/grub.d/01_menu_auto_hide.in; ++ name = '12_menu_auto_hide'; ++ common = util/grub.d/12_menu_auto_hide.in; + installdir = grubconf; + }; + +@@ -515,6 +515,12 @@ script = { + condition = COND_HOST_LINUX; + }; + ++script = { ++ name = '10_reset_boot_success'; ++ common = util/grub.d/10_reset_boot_success.in; ++ installdir = grubconf; ++}; ++ + script = { + name = '10_xnu'; + common = util/grub.d/10_xnu.in; +diff --git a/util/grub.d/01_fallback_counting.in b/util/grub.d/08_fallback_counting.in +similarity index 65% +rename from util/grub.d/01_fallback_counting.in +rename to util/grub.d/08_fallback_counting.in +index be0e770ea..2e2c3ff7d 100644 +--- a/util/grub.d/01_fallback_counting.in ++++ b/util/grub.d/08_fallback_counting.in +@@ -1,15 +1,17 @@ + #! /bin/sh -e +- +-# Boot Counting ++# Fallback Countdown ++# ++# This snippet depends on 10_reset_boot_success and needs to be kept in sync. ++# + # The boot_counter env var can be used to count down boot attempts after an +-# OSTree upgrade and choose the rollback deployment when 0 is reached. Both +-# boot_counter and boot_success need to be (re-)set from userspace. ++# OSTree upgrade and choose the rollback deployment when 0 is reached. ++# Both boot_counter=X and boot_success=1 need to be set from userspace. + cat << EOF + insmod increment + # Check if boot_counter exists and boot_success=0 to activate this behaviour. + if [ -n "\${boot_counter}" -a "\${boot_success}" = "0" ]; then +- # if countdown has ended, choose to boot rollback deployment (default=1 on +- # OSTree-based systems) ++ # if countdown has ended, choose to boot rollback deployment, ++ # i.e. default=1 on OSTree-based systems. + if [ "\${boot_counter}" = "0" -o "\${boot_counter}" = "-1" ]; then + set default=1 + set boot_counter=-1 +diff --git a/util/grub.d/10_reset_boot_success.in b/util/grub.d/10_reset_boot_success.in +new file mode 100644 +index 000000000..6c88d933d +--- /dev/null ++++ b/util/grub.d/10_reset_boot_success.in +@@ -0,0 +1,25 @@ ++#! /bin/sh -e ++# Reset Boot Success ++# ++# The 08_fallback_counting and 12_menu_auto_hide snippets rely on this one ++# and need to be kept in sync. ++# ++# The boot_success var needs to be set to 1 from userspace to mark a boot successful. ++cat << EOF ++insmod increment ++# Hiding the menu is ok if last boot was ok or if this is a first boot attempt to boot the entry ++if [ "\${boot_success}" = "1" -o "\${boot_indeterminate}" = "1" ]; then ++ set menu_hide_ok=1 ++else ++ set menu_hide_ok=0 ++fi ++# Reset boot_indeterminate after a successful boot, increment otherwise ++if [ "\${boot_success}" = "1" ] ; then ++ set boot_indeterminate=0 ++else ++ increment boot_indeterminate ++fi ++# Reset boot_success for current boot ++set boot_success=0 ++save_env boot_success boot_indeterminate ++EOF +diff --git a/util/grub.d/01_menu_auto_hide.in b/util/grub.d/12_menu_auto_hide.in +similarity index 58% +rename from util/grub.d/01_menu_auto_hide.in +rename to util/grub.d/12_menu_auto_hide.in +index ad175870a..6a7c0fa0d 100644 +--- a/util/grub.d/01_menu_auto_hide.in ++++ b/util/grub.d/12_menu_auto_hide.in +@@ -1,5 +1,8 @@ + #! /bin/sh +- ++# Menu Auto Hide ++# ++# This snippet depends on 10_reset_boot_success and needs to be kept in sync. ++# + # Disable / skip generating menu-auto-hide config parts on serial terminals + for x in ${GRUB_TERMINAL_INPUT} ${GRUB_TERMINAL_OUTPUT}; do + case "$x" in +@@ -10,29 +13,13 @@ for x in ${GRUB_TERMINAL_INPUT} ${GRUB_TERMINAL_OUTPUT}; do + done + + cat << EOF +-if [ "\${boot_success}" = "1" -o "\${boot_indeterminate}" = "1" ]; then +- set last_boot_ok=1 +-else +- set last_boot_ok=0 +-fi +- +-# Reset boot_indeterminate after a successful boot +-if [ "\${boot_success}" = "1" ] ; then +- set boot_indeterminate=0 +-# Avoid boot_indeterminate causing the menu to be hidden more then once +-elif [ "\${boot_indeterminate}" = "1" ]; then +- set boot_indeterminate=2 +-fi +-set boot_success=0 +-save_env boot_success boot_indeterminate +- + if [ x\$feature_timeout_style = xy ] ; then + if [ "\${menu_show_once}" ]; then + unset menu_show_once + save_env menu_show_once + set timeout_style=menu + set timeout=60 +- elif [ "\${menu_auto_hide}" -a "\${last_boot_ok}" = "1" ]; then ++ elif [ "\${menu_auto_hide}" -a "\${menu_hide_ok}" = "1" ]; then + set orig_timeout_style=\${timeout_style} + set orig_timeout=\${timeout} + if [ "\${fastboot}" = "1" ]; then diff --git a/SOURCES/0280-grub.d-Fix-boot_indeterminate-getting-set-on-boot_su.patch b/SOURCES/0280-grub.d-Fix-boot_indeterminate-getting-set-on-boot_su.patch new file mode 100644 index 0000000..2275981 --- /dev/null +++ b/SOURCES/0280-grub.d-Fix-boot_indeterminate-getting-set-on-boot_su.patch @@ -0,0 +1,75 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Hans de Goede +Date: Tue, 26 Nov 2019 09:51:41 +0100 +Subject: [PATCH] grub.d: Fix boot_indeterminate getting set on boot_success=0 + boot + +The "grub.d: Split out boot success reset from menu auto hide script" +not only moved the code to clear boot_success and boot_indeterminate +but for some reason also mixed in some broken changes to the +boot_indeterminate handling. + +The boot_indeterminate var is meant to suppress the boot menu after +a reboot from either a selinux-relabel or offline-updates. These +2 special boot scenarios do not set boot_success since there is no +successfull interaction with the user. Instead they increment +boot_indeterminate, and if it is 1 and only when it is 1, so the +first reboot after a "special" boot we suppress the menu. + +To ensure that we do show the menu if we somehow get stuck in a +"special" boot loop where we do special-boots without them +incrementing boot_indeterminate, the code before the +"grub.d: Split out boot success reset from menu auto hide script" +commit would increment boot_indeterminate once when it is 1, so that +even if the "special" boot reboot-loop immediately we would show the +menu on the next boot. + +That commit broke this however, because it not only moves the code, +it also changes it from only "incrementing" boot_indeterminate once to +always incrementing it, except when boot_success == 1 (and we reset it). + +This broken behavior causes the following problem: + +1. Boot a broken kernel, system hangs, power-cycle +2. boot_success now != 1, so we increment boot_indeterminate from 0 + (unset!) to 1. User either simply tries again, or makes some changes + but the end-result still is a system hang, power-cycle +3. Now boot_indeterminate==1 so we do not show the menu even though the + previous boot failed -> BAD + +This commit fixes this by restoring the behavior of setting +boot_indeterminate to 2 when it was 1 before. + +Fixes: "grub.d: Split out boot success reset from menu auto hide script" +Signed-off-by: Hans de Goede +--- + util/grub.d/10_reset_boot_success.in | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/util/grub.d/10_reset_boot_success.in b/util/grub.d/10_reset_boot_success.in +index 6c88d933d..737e1ae5b 100644 +--- a/util/grub.d/10_reset_boot_success.in ++++ b/util/grub.d/10_reset_boot_success.in +@@ -6,18 +6,18 @@ + # + # The boot_success var needs to be set to 1 from userspace to mark a boot successful. + cat << EOF +-insmod increment + # Hiding the menu is ok if last boot was ok or if this is a first boot attempt to boot the entry + if [ "\${boot_success}" = "1" -o "\${boot_indeterminate}" = "1" ]; then + set menu_hide_ok=1 + else + set menu_hide_ok=0 + fi +-# Reset boot_indeterminate after a successful boot, increment otherwise ++# Reset boot_indeterminate after a successful boot + if [ "\${boot_success}" = "1" ] ; then + set boot_indeterminate=0 +-else +- increment boot_indeterminate ++# Avoid boot_indeterminate causing the menu to be hidden more then once ++elif [ "\${boot_indeterminate}" = "1" ]; then ++ set boot_indeterminate=2 + fi + # Reset boot_success for current boot + set boot_success=0 diff --git a/SOURCES/0281-yylex-Make-lexer-fatal-errors-actually-be-fatal.patch b/SOURCES/0281-yylex-Make-lexer-fatal-errors-actually-be-fatal.patch new file mode 100644 index 0000000..89b4b93 --- /dev/null +++ b/SOURCES/0281-yylex-Make-lexer-fatal-errors-actually-be-fatal.patch @@ -0,0 +1,67 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Wed, 15 Apr 2020 15:45:02 -0400 +Subject: [PATCH] yylex: Make lexer fatal errors actually be fatal + +When presented with a command that can't be tokenized to anything +smaller than YYLMAX characters, the parser calls YY_FATAL_ERROR(errmsg), +expecting that will stop further processing, as such: + + #define YY_DO_BEFORE_ACTION \ + yyg->yytext_ptr = yy_bp; \ + yyleng = (int) (yy_cp - yy_bp); \ + yyg->yy_hold_char = *yy_cp; \ + *yy_cp = '\0'; \ + if ( yyleng >= YYLMAX ) \ + YY_FATAL_ERROR( "token too large, exceeds YYLMAX" ); \ + yy_flex_strncpy( yytext, yyg->yytext_ptr, yyleng + 1 , yyscanner); \ + yyg->yy_c_buf_p = yy_cp; + +The code flex generates expects that YY_FATAL_ERROR() will either return +for it or do some form of longjmp(), or handle the error in some way at +least, and so the strncpy() call isn't in an "else" clause, and thus if +YY_FATAL_ERROR() is *not* actually fatal, it does the call with the +questionable limit, and predictable results ensue. + +Unfortunately, our implementation of YY_FATAL_ERROR() is: + + #define YY_FATAL_ERROR(msg) \ + do { \ + grub_printf (_("fatal error: %s\n"), _(msg)); \ + } while (0) + +The same pattern exists in yyless(), and similar problems exist in users +of YY_INPUT(), several places in the main parsing loop, +yy_get_next_buffer(), yy_load_buffer_state(), yyensure_buffer_stack, +yy_scan_buffer(), etc. + +All of these callers expect YY_FATAL_ERROR() to actually be fatal, and +the things they do if it returns after calling it are wildly unsafe. + +Fixes: CVE-2020-10713 + +Signed-off-by: Peter Jones +Reviewed-by: Daniel Kiper +Upstream-commit-id: 926df817dc8 +--- + grub-core/script/yylex.l | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/grub-core/script/yylex.l b/grub-core/script/yylex.l +index 7b44c37b7..b7203c823 100644 +--- a/grub-core/script/yylex.l ++++ b/grub-core/script/yylex.l +@@ -37,11 +37,11 @@ + + /* + * As we don't have access to yyscanner, we cannot do much except to +- * print the fatal error. ++ * print the fatal error and exit. + */ + #define YY_FATAL_ERROR(msg) \ + do { \ +- grub_printf (_("fatal error: %s\n"), _(msg)); \ ++ grub_fatal (_("fatal error: %s\n"), _(msg));\ + } while (0) + + #define COPY(str, hint) \ diff --git a/SOURCES/0282-safemath-Add-some-arithmetic-primitives-that-check-f.patch b/SOURCES/0282-safemath-Add-some-arithmetic-primitives-that-check-f.patch new file mode 100644 index 0000000..43bc54f --- /dev/null +++ b/SOURCES/0282-safemath-Add-some-arithmetic-primitives-that-check-f.patch @@ -0,0 +1,124 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Mon, 15 Jun 2020 10:58:42 -0400 +Subject: [PATCH] safemath: Add some arithmetic primitives that check for + overflow + +This adds a new header, include/grub/safemath.h, that includes easy to +use wrappers for __builtin_{add,sub,mul}_overflow() declared like: + + bool OP(a, b, res) + +where OP is grub_add, grub_sub or grub_mul. OP() returns true in the +case where the operation would overflow and res is not modified. +Otherwise, false is returned and the operation is executed. + +These arithmetic primitives require newer compiler versions. So, bump +these requirements in the INSTALL file too. + +Signed-off-by: Peter Jones +Reviewed-by: Daniel Kiper +Upstream-commit-id: de1c315841a +--- + include/grub/compiler.h | 8 ++++++++ + include/grub/safemath.h | 37 +++++++++++++++++++++++++++++++++++++ + INSTALL | 22 ++-------------------- + 3 files changed, 47 insertions(+), 20 deletions(-) + create mode 100644 include/grub/safemath.h + +diff --git a/include/grub/compiler.h b/include/grub/compiler.h +index 9859ff4cc..ebafec689 100644 +--- a/include/grub/compiler.h ++++ b/include/grub/compiler.h +@@ -48,6 +48,14 @@ + # define WARN_UNUSED_RESULT + #endif + ++#if defined(__clang__) && defined(__clang_major__) && defined(__clang_minor__) ++# define CLANG_PREREQ(maj,min) \ ++ ((__clang_major__ > (maj)) || \ ++ (__clang_major__ == (maj) && __clang_minor__ >= (min))) ++#else ++# define CLANG_PREREQ(maj,min) 0 ++#endif ++ + #define UNUSED __attribute__((__unused__)) + + #endif /* ! GRUB_COMPILER_HEADER */ +diff --git a/include/grub/safemath.h b/include/grub/safemath.h +new file mode 100644 +index 000000000..c17b89bba +--- /dev/null ++++ b/include/grub/safemath.h +@@ -0,0 +1,37 @@ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2020 Free Software Foundation, Inc. ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ * ++ * Arithmetic operations that protect against overflow. ++ */ ++ ++#ifndef GRUB_SAFEMATH_H ++#define GRUB_SAFEMATH_H 1 ++ ++#include ++ ++/* These appear in gcc 5.1 and clang 3.8. */ ++#if GNUC_PREREQ(5, 1) || CLANG_PREREQ(3, 8) ++ ++#define grub_add(a, b, res) __builtin_add_overflow(a, b, res) ++#define grub_sub(a, b, res) __builtin_sub_overflow(a, b, res) ++#define grub_mul(a, b, res) __builtin_mul_overflow(a, b, res) ++ ++#else ++#error gcc 5.1 or newer or clang 3.8 or newer is required ++#endif ++ ++#endif /* GRUB_SAFEMATH_H */ +diff --git a/INSTALL b/INSTALL +index f3c20edc8..f8bd91164 100644 +--- a/INSTALL ++++ b/INSTALL +@@ -11,27 +11,9 @@ GRUB depends on some software packages installed into your system. If + you don't have any of them, please obtain and install them before + configuring the GRUB. + +-* GCC 4.1.3 or later +- Note: older versions may work but support is limited +- +- Experimental support for clang 3.3 or later (results in much bigger binaries) ++* GCC 5.1.0 or later ++ Experimental support for clang 3.8.0 or later (results in much bigger binaries) + for i386, x86_64, arm (including thumb), arm64, mips(el), powerpc, sparc64 +- Note: clang 3.2 or later works for i386 and x86_64 targets but results in +- much bigger binaries. +- earlier versions not tested +- Note: clang 3.2 or later works for arm +- earlier versions not tested +- Note: clang on arm64 is not supported due to +- https://llvm.org/bugs/show_bug.cgi?id=26030 +- Note: clang 3.3 or later works for mips(el) +- earlier versions fail to generate .reginfo and hence gprel relocations +- fail. +- Note: clang 3.2 or later works for powerpc +- earlier versions not tested +- Note: clang 3.5 or later works for sparc64 +- earlier versions return "error: unable to interface with target machine" +- Note: clang has no support for ia64 and hence you can't compile GRUB +- for ia64 with clang + * GNU Make + * GNU Bison 2.3 or later + * GNU gettext 0.17 or later diff --git a/SOURCES/0283-calloc-Make-sure-we-always-have-an-overflow-checking.patch b/SOURCES/0283-calloc-Make-sure-we-always-have-an-overflow-checking.patch new file mode 100644 index 0000000..2943790 --- /dev/null +++ b/SOURCES/0283-calloc-Make-sure-we-always-have-an-overflow-checking.patch @@ -0,0 +1,240 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Mon, 15 Jun 2020 12:15:29 -0400 +Subject: [PATCH] calloc: Make sure we always have an overflow-checking + calloc() available + +This tries to make sure that everywhere in this source tree, we always have +an appropriate version of calloc() (i.e. grub_calloc(), xcalloc(), etc.) +available, and that they all safely check for overflow and return NULL when +it would occur. + +Signed-off-by: Peter Jones +Reviewed-by: Daniel Kiper +Upstream-commit-id: 79e51ab7a9a +--- + grub-core/kern/emu/misc.c | 12 ++++++++++++ + grub-core/kern/emu/mm.c | 10 ++++++++++ + grub-core/kern/mm.c | 40 ++++++++++++++++++++++++++++++++++++++ + grub-core/lib/libgcrypt_wrap/mem.c | 11 +++++++++-- + grub-core/lib/posix_wrap/stdlib.h | 8 +++++++- + include/grub/emu/misc.h | 1 + + include/grub/mm.h | 6 ++++++ + 7 files changed, 85 insertions(+), 3 deletions(-) + +diff --git a/grub-core/kern/emu/misc.c b/grub-core/kern/emu/misc.c +index 3d3a4a4a9..b40727673 100644 +--- a/grub-core/kern/emu/misc.c ++++ b/grub-core/kern/emu/misc.c +@@ -84,6 +84,18 @@ grub_util_error (const char *fmt, ...) + grub_exit (1); + } + ++void * ++xcalloc (grub_size_t nmemb, grub_size_t size) ++{ ++ void *p; ++ ++ p = calloc (nmemb, size); ++ if (!p) ++ grub_util_error ("%s", _("out of memory")); ++ ++ return p; ++} ++ + void * + xmalloc (grub_size_t size) + { +diff --git a/grub-core/kern/emu/mm.c b/grub-core/kern/emu/mm.c +index f262e95e3..145b01d37 100644 +--- a/grub-core/kern/emu/mm.c ++++ b/grub-core/kern/emu/mm.c +@@ -25,6 +25,16 @@ + #include + #include + ++void * ++grub_calloc (grub_size_t nmemb, grub_size_t size) ++{ ++ void *ret; ++ ret = calloc (nmemb, size); ++ if (!ret) ++ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory")); ++ return ret; ++} ++ + void * + grub_malloc (grub_size_t size) + { +diff --git a/grub-core/kern/mm.c b/grub-core/kern/mm.c +index 002cbfa4f..80d0720d0 100644 +--- a/grub-core/kern/mm.c ++++ b/grub-core/kern/mm.c +@@ -67,8 +67,10 @@ + #include + #include + #include ++#include + + #ifdef MM_DEBUG ++# undef grub_calloc + # undef grub_malloc + # undef grub_zalloc + # undef grub_realloc +@@ -375,6 +377,30 @@ grub_memalign (grub_size_t align, grub_size_t size) + return 0; + } + ++/* ++ * Allocate NMEMB instances of SIZE bytes and return the pointer, or error on ++ * integer overflow. ++ */ ++void * ++grub_calloc (grub_size_t nmemb, grub_size_t size) ++{ ++ void *ret; ++ grub_size_t sz = 0; ++ ++ if (grub_mul (nmemb, size, &sz)) ++ { ++ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); ++ return NULL; ++ } ++ ++ ret = grub_memalign (0, sz); ++ if (!ret) ++ return NULL; ++ ++ grub_memset (ret, 0, sz); ++ return ret; ++} ++ + /* Allocate SIZE bytes and return the pointer. */ + void * + grub_malloc (grub_size_t size) +@@ -561,6 +587,20 @@ grub_mm_dump (unsigned lineno) + grub_printf ("\n"); + } + ++void * ++grub_debug_calloc (const char *file, int line, grub_size_t nmemb, grub_size_t size) ++{ ++ void *ptr; ++ ++ if (grub_mm_debug) ++ grub_printf ("%s:%d: calloc (0x%" PRIxGRUB_SIZE ", 0x%" PRIxGRUB_SIZE ") = ", ++ file, line, size); ++ ptr = grub_calloc (nmemb, size); ++ if (grub_mm_debug) ++ grub_printf ("%p\n", ptr); ++ return ptr; ++} ++ + void * + grub_debug_malloc (const char *file, int line, grub_size_t size) + { +diff --git a/grub-core/lib/libgcrypt_wrap/mem.c b/grub-core/lib/libgcrypt_wrap/mem.c +index beeb661a3..74c6eafe5 100644 +--- a/grub-core/lib/libgcrypt_wrap/mem.c ++++ b/grub-core/lib/libgcrypt_wrap/mem.c +@@ -4,6 +4,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -36,7 +37,10 @@ void * + gcry_xcalloc (size_t n, size_t m) + { + void *ret; +- ret = grub_zalloc (n * m); ++ size_t sz; ++ if (grub_mul (n, m, &sz)) ++ grub_fatal ("gcry_xcalloc would overflow"); ++ ret = grub_zalloc (sz); + if (!ret) + grub_fatal ("gcry_xcalloc failed"); + return ret; +@@ -56,7 +60,10 @@ void * + gcry_xcalloc_secure (size_t n, size_t m) + { + void *ret; +- ret = grub_zalloc (n * m); ++ size_t sz; ++ if (grub_mul (n, m, &sz)) ++ grub_fatal ("gcry_xcalloc would overflow"); ++ ret = grub_zalloc (sz); + if (!ret) + grub_fatal ("gcry_xcalloc failed"); + return ret; +diff --git a/grub-core/lib/posix_wrap/stdlib.h b/grub-core/lib/posix_wrap/stdlib.h +index 3b46f47ff..7a8d385e9 100644 +--- a/grub-core/lib/posix_wrap/stdlib.h ++++ b/grub-core/lib/posix_wrap/stdlib.h +@@ -21,6 +21,7 @@ + + #include + #include ++#include + + static inline void + free (void *ptr) +@@ -37,7 +38,12 @@ malloc (grub_size_t size) + static inline void * + calloc (grub_size_t size, grub_size_t nelem) + { +- return grub_zalloc (size * nelem); ++ grub_size_t sz; ++ ++ if (grub_mul (size, nelem, &sz)) ++ return NULL; ++ ++ return grub_zalloc (sz); + } + + static inline void * +diff --git a/include/grub/emu/misc.h b/include/grub/emu/misc.h +index a653132e3..09e1f1065 100644 +--- a/include/grub/emu/misc.h ++++ b/include/grub/emu/misc.h +@@ -51,6 +51,7 @@ grub_util_device_is_mapped (const char *dev); + #define GRUB_HOST_PRIxLONG_LONG "llx" + #endif + ++void * EXPORT_FUNC(xcalloc) (grub_size_t nmemb, grub_size_t size) WARN_UNUSED_RESULT; + void * EXPORT_FUNC(xmalloc) (grub_size_t size) WARN_UNUSED_RESULT; + void * EXPORT_FUNC(xrealloc) (void *ptr, grub_size_t size) WARN_UNUSED_RESULT; + char * EXPORT_FUNC(xstrdup) (const char *str) WARN_UNUSED_RESULT; +diff --git a/include/grub/mm.h b/include/grub/mm.h +index 28e2e53eb..9c38dd3ca 100644 +--- a/include/grub/mm.h ++++ b/include/grub/mm.h +@@ -29,6 +29,7 @@ + #endif + + void grub_mm_init_region (void *addr, grub_size_t size); ++void *EXPORT_FUNC(grub_calloc) (grub_size_t nmemb, grub_size_t size); + void *EXPORT_FUNC(grub_malloc) (grub_size_t size); + void *EXPORT_FUNC(grub_zalloc) (grub_size_t size); + void EXPORT_FUNC(grub_free) (void *ptr); +@@ -48,6 +49,9 @@ extern int EXPORT_VAR(grub_mm_debug); + void grub_mm_dump_free (void); + void grub_mm_dump (unsigned lineno); + ++#define grub_calloc(nmemb, size) \ ++ grub_debug_calloc (GRUB_FILE, __LINE__, nmemb, size) ++ + #define grub_malloc(size) \ + grub_debug_malloc (GRUB_FILE, __LINE__, size) + +@@ -63,6 +67,8 @@ void grub_mm_dump (unsigned lineno); + #define grub_free(ptr) \ + grub_debug_free (GRUB_FILE, __LINE__, ptr) + ++void *EXPORT_FUNC(grub_debug_calloc) (const char *file, int line, ++ grub_size_t nmemb, grub_size_t size); + void *EXPORT_FUNC(grub_debug_malloc) (const char *file, int line, + grub_size_t size); + void *EXPORT_FUNC(grub_debug_zalloc) (const char *file, int line, diff --git a/SOURCES/0284-calloc-Use-calloc-at-most-places.patch b/SOURCES/0284-calloc-Use-calloc-at-most-places.patch new file mode 100644 index 0000000..bfb800b --- /dev/null +++ b/SOURCES/0284-calloc-Use-calloc-at-most-places.patch @@ -0,0 +1,1942 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Mon, 15 Jun 2020 12:26:01 -0400 +Subject: [PATCH] calloc: Use calloc() at most places + +This modifies most of the places we do some form of: + + X = malloc(Y * Z); + +to use calloc(Y, Z) instead. + +Among other issues, this fixes: + - allocation of integer overflow in grub_png_decode_image_header() + reported by Chris Coulson, + - allocation of integer overflow in luks_recover_key() + reported by Chris Coulson, + - allocation of integer overflow in grub_lvm_detect() + reported by Chris Coulson. + +Fixes: CVE-2020-14308 + +Signed-off-by: Peter Jones +Reviewed-by: Daniel Kiper +Upstream-commit-id: 48eeedf1e4b +--- + grub-core/bus/usb/usbhub.c | 8 +++--- + grub-core/commands/efi/lsefisystab.c | 3 ++- + grub-core/commands/legacycfg.c | 6 ++--- + grub-core/commands/menuentry.c | 2 +- + grub-core/commands/nativedisk.c | 2 +- + grub-core/commands/parttool.c | 12 ++++++--- + grub-core/commands/regexp.c | 2 +- + grub-core/commands/search_wrap.c | 2 +- + grub-core/disk/diskfilter.c | 4 +-- + grub-core/disk/ieee1275/ofdisk.c | 2 +- + grub-core/disk/ldm.c | 14 +++++----- + grub-core/disk/luks.c | 2 +- + grub-core/disk/lvm.c | 8 +++--- + grub-core/disk/xen/xendisk.c | 2 +- + grub-core/efiemu/loadcore.c | 2 +- + grub-core/efiemu/mm.c | 6 ++--- + grub-core/font/font.c | 3 +-- + grub-core/fs/affs.c | 6 ++--- + grub-core/fs/btrfs.c | 4 +-- + grub-core/fs/hfs.c | 2 +- + grub-core/fs/hfsplus.c | 45 ++++++++++++++++++++----------- + grub-core/fs/iso9660.c | 2 +- + grub-core/fs/ntfs.c | 4 +-- + grub-core/fs/sfs.c | 2 +- + grub-core/fs/tar.c | 2 +- + grub-core/fs/udf.c | 4 +-- + grub-core/fs/zfs/zfs.c | 4 +-- + grub-core/gfxmenu/gui_string_util.c | 2 +- + grub-core/gfxmenu/widget-box.c | 4 +-- + grub-core/io/gzio.c | 2 +- + grub-core/kern/efi/efi.c | 33 ++++++++++++++++++----- + grub-core/kern/emu/hostdisk.c | 2 +- + grub-core/kern/fs.c | 2 +- + grub-core/kern/misc.c | 2 +- + grub-core/kern/parser.c | 2 +- + grub-core/kern/uboot/uboot.c | 2 +- + grub-core/lib/libgcrypt/cipher/ac.c | 8 +++--- + grub-core/lib/libgcrypt/cipher/primegen.c | 4 +-- + grub-core/lib/libgcrypt/cipher/pubkey.c | 4 +-- + grub-core/lib/priority_queue.c | 2 +- + grub-core/lib/reed_solomon.c | 7 +++-- + grub-core/lib/relocator.c | 10 +++---- + grub-core/loader/arm/linux.c | 2 +- + grub-core/loader/efi/chainloader.c | 11 +++++--- + grub-core/loader/i386/bsdXX.c | 2 +- + grub-core/loader/i386/xnu.c | 4 +-- + grub-core/loader/macho.c | 2 +- + grub-core/loader/multiboot_elfxx.c | 2 +- + grub-core/loader/xnu.c | 2 +- + grub-core/mmap/mmap.c | 4 +-- + grub-core/net/bootp.c | 2 +- + grub-core/net/dns.c | 10 +++---- + grub-core/net/net.c | 4 +-- + grub-core/normal/charset.c | 10 +++---- + grub-core/normal/cmdline.c | 14 +++++----- + grub-core/normal/menu_entry.c | 14 +++++----- + grub-core/normal/menu_text.c | 4 +-- + grub-core/normal/term.c | 4 +-- + grub-core/osdep/linux/getroot.c | 6 ++--- + grub-core/osdep/unix/config.c | 2 +- + grub-core/osdep/windows/getroot.c | 2 +- + grub-core/osdep/windows/hostdisk.c | 4 +-- + grub-core/osdep/windows/init.c | 2 +- + grub-core/osdep/windows/platform.c | 4 +-- + grub-core/osdep/windows/relpath.c | 2 +- + grub-core/partmap/gpt.c | 2 +- + grub-core/partmap/msdos.c | 2 +- + grub-core/script/execute.c | 2 +- + grub-core/tests/fake_input.c | 2 +- + grub-core/tests/video_checksum.c | 6 ++--- + grub-core/video/capture.c | 2 +- + grub-core/video/emu/sdl.c | 2 +- + grub-core/video/i386/pc/vga.c | 2 +- + grub-core/video/readers/png.c | 2 +- + util/getroot.c | 2 +- + util/grub-file.c | 2 +- + util/grub-fstest.c | 4 +-- + util/grub-install-common.c | 2 +- + util/grub-install.c | 4 +-- + util/grub-mkimagexx.c | 6 ++--- + util/grub-mkrescue.c | 4 +-- + util/grub-mkstandalone.c | 2 +- + util/grub-pe2elf.c | 12 ++++----- + util/grub-probe.c | 4 +-- + include/grub/unicode.h | 4 +-- + 85 files changed, 231 insertions(+), 191 deletions(-) + +diff --git a/grub-core/bus/usb/usbhub.c b/grub-core/bus/usb/usbhub.c +index 34a7ff1b5..a06cce302 100644 +--- a/grub-core/bus/usb/usbhub.c ++++ b/grub-core/bus/usb/usbhub.c +@@ -149,8 +149,8 @@ grub_usb_add_hub (grub_usb_device_t dev) + grub_usb_set_configuration (dev, 1); + + dev->nports = hubdesc.portcnt; +- dev->children = grub_zalloc (hubdesc.portcnt * sizeof (dev->children[0])); +- dev->ports = grub_zalloc (dev->nports * sizeof (dev->ports[0])); ++ dev->children = grub_calloc (hubdesc.portcnt, sizeof (dev->children[0])); ++ dev->ports = grub_calloc (dev->nports, sizeof (dev->ports[0])); + if (!dev->children || !dev->ports) + { + grub_free (dev->children); +@@ -268,8 +268,8 @@ grub_usb_controller_dev_register_iter (grub_usb_controller_t controller, void *d + + /* Query the number of ports the root Hub has. */ + hub->nports = controller->dev->hubports (controller); +- hub->devices = grub_zalloc (sizeof (hub->devices[0]) * hub->nports); +- hub->ports = grub_zalloc (sizeof (hub->ports[0]) * hub->nports); ++ hub->devices = grub_calloc (hub->nports, sizeof (hub->devices[0])); ++ hub->ports = grub_calloc (hub->nports, sizeof (hub->ports[0])); + if (!hub->devices || !hub->ports) + { + grub_free (hub->devices); +diff --git a/grub-core/commands/efi/lsefisystab.c b/grub-core/commands/efi/lsefisystab.c +index df1030221..cd81507f5 100644 +--- a/grub-core/commands/efi/lsefisystab.c ++++ b/grub-core/commands/efi/lsefisystab.c +@@ -71,7 +71,8 @@ grub_cmd_lsefisystab (struct grub_command *cmd __attribute__ ((unused)), + grub_printf ("Vendor: "); + + for (vendor_utf16 = st->firmware_vendor; *vendor_utf16; vendor_utf16++); +- vendor = grub_malloc (4 * (vendor_utf16 - st->firmware_vendor) + 1); ++ /* Allocate extra 3 bytes to simplify math. */ ++ vendor = grub_calloc (4, vendor_utf16 - st->firmware_vendor + 1); + if (!vendor) + return grub_errno; + *grub_utf16_to_utf8 ((grub_uint8_t *) vendor, st->firmware_vendor, +diff --git a/grub-core/commands/legacycfg.c b/grub-core/commands/legacycfg.c +index f9d7627bd..da66a8927 100644 +--- a/grub-core/commands/legacycfg.c ++++ b/grub-core/commands/legacycfg.c +@@ -314,7 +314,7 @@ grub_cmd_legacy_kernel (struct grub_command *mycmd __attribute__ ((unused)), + if (argc < 2) + return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected")); + +- cutargs = grub_malloc (sizeof (cutargs[0]) * (argc - 1)); ++ cutargs = grub_calloc (argc - 1, sizeof (cutargs[0])); + if (!cutargs) + return grub_errno; + cutargc = argc - 1; +@@ -436,7 +436,7 @@ grub_cmd_legacy_kernel (struct grub_command *mycmd __attribute__ ((unused)), + { + char rbuf[3] = "-r"; + bsdargc = cutargc + 2; +- bsdargs = grub_malloc (sizeof (bsdargs[0]) * bsdargc); ++ bsdargs = grub_calloc (bsdargc, sizeof (bsdargs[0])); + if (!bsdargs) + { + err = grub_errno; +@@ -559,7 +559,7 @@ grub_cmd_legacy_initrdnounzip (struct grub_command *mycmd __attribute__ ((unused + return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("can't find command `%s'"), + "module"); + +- newargs = grub_malloc ((argc + 1) * sizeof (newargs[0])); ++ newargs = grub_calloc (argc + 1, sizeof (newargs[0])); + if (!newargs) + return grub_errno; + grub_memcpy (newargs + 1, args, argc * sizeof (newargs[0])); +diff --git a/grub-core/commands/menuentry.c b/grub-core/commands/menuentry.c +index 7004e08ce..4b5fcf2ce 100644 +--- a/grub-core/commands/menuentry.c ++++ b/grub-core/commands/menuentry.c +@@ -157,7 +157,7 @@ grub_normal_add_menu_entry (int argc, const char **args, + grub_dprintf ("menu", "menu_id:\"%s\"\n", menu_id); + + /* Save argc, args to pass as parameters to block arg later. */ +- menu_args = grub_malloc (sizeof (char*) * (argc + 1)); ++ menu_args = grub_calloc (argc + 1, sizeof (char *)); + if (! menu_args) + goto fail; + +diff --git a/grub-core/commands/nativedisk.c b/grub-core/commands/nativedisk.c +index 2f56a870e..d69214f6d 100644 +--- a/grub-core/commands/nativedisk.c ++++ b/grub-core/commands/nativedisk.c +@@ -194,7 +194,7 @@ grub_cmd_nativedisk (grub_command_t cmd __attribute__ ((unused)), + else + path_prefix = prefix; + +- mods = grub_malloc (argc * sizeof (mods[0])); ++ mods = grub_calloc (argc, sizeof (mods[0])); + if (!mods) + return grub_errno; + +diff --git a/grub-core/commands/parttool.c b/grub-core/commands/parttool.c +index 693e2cb42..36dadc0b1 100644 +--- a/grub-core/commands/parttool.c ++++ b/grub-core/commands/parttool.c +@@ -59,7 +59,13 @@ grub_parttool_register(const char *part_name, + for (nargs = 0; args[nargs].name != 0; nargs++); + cur->nargs = nargs; + cur->args = (struct grub_parttool_argdesc *) +- grub_malloc ((nargs + 1) * sizeof (struct grub_parttool_argdesc)); ++ grub_calloc (nargs + 1, sizeof (struct grub_parttool_argdesc)); ++ if (!cur->args) ++ { ++ grub_free (cur); ++ curhandle--; ++ return -1; ++ } + grub_memcpy (cur->args, args, + (nargs + 1) * sizeof (struct grub_parttool_argdesc)); + +@@ -257,7 +263,7 @@ grub_cmd_parttool (grub_command_t cmd __attribute__ ((unused)), + return err; + } + +- parsed = (int *) grub_zalloc (argc * sizeof (int)); ++ parsed = (int *) grub_calloc (argc, sizeof (int)); + + for (i = 1; i < argc; i++) + if (! parsed[i]) +@@ -290,7 +296,7 @@ grub_cmd_parttool (grub_command_t cmd __attribute__ ((unused)), + } + ptool = cur; + pargs = (struct grub_parttool_args *) +- grub_zalloc (ptool->nargs * sizeof (struct grub_parttool_args)); ++ grub_calloc (ptool->nargs, sizeof (struct grub_parttool_args)); + for (j = i; j < argc; j++) + if (! parsed[j]) + { +diff --git a/grub-core/commands/regexp.c b/grub-core/commands/regexp.c +index f00b184c8..4019164f3 100644 +--- a/grub-core/commands/regexp.c ++++ b/grub-core/commands/regexp.c +@@ -116,7 +116,7 @@ grub_cmd_regexp (grub_extcmd_context_t ctxt, int argc, char **args) + if (ret) + goto fail; + +- matches = grub_zalloc (sizeof (*matches) * (regex.re_nsub + 1)); ++ matches = grub_calloc (regex.re_nsub + 1, sizeof (*matches)); + if (! matches) + goto fail; + +diff --git a/grub-core/commands/search_wrap.c b/grub-core/commands/search_wrap.c +index d7fd26b94..47fc8eb99 100644 +--- a/grub-core/commands/search_wrap.c ++++ b/grub-core/commands/search_wrap.c +@@ -122,7 +122,7 @@ grub_cmd_search (grub_extcmd_context_t ctxt, int argc, char **args) + for (i = 0; state[SEARCH_HINT_BAREMETAL].args[i]; i++) + nhints++; + +- hints = grub_malloc (sizeof (hints[0]) * nhints); ++ hints = grub_calloc (nhints, sizeof (hints[0])); + if (!hints) + return grub_errno; + j = 0; +diff --git a/grub-core/disk/diskfilter.c b/grub-core/disk/diskfilter.c +index 6f901c0ad..2be019269 100644 +--- a/grub-core/disk/diskfilter.c ++++ b/grub-core/disk/diskfilter.c +@@ -1134,7 +1134,7 @@ grub_diskfilter_make_raid (grub_size_t uuidlen, char *uuid, int nmemb, + array->lvs->segments->node_count = nmemb; + array->lvs->segments->raid_member_size = disk_size; + array->lvs->segments->nodes +- = grub_zalloc (nmemb * sizeof (array->lvs->segments->nodes[0])); ++ = grub_calloc (nmemb, sizeof (array->lvs->segments->nodes[0])); + array->lvs->segments->stripe_size = stripe_size; + for (i = 0; i < nmemb; i++) + { +@@ -1226,7 +1226,7 @@ insert_array (grub_disk_t disk, const struct grub_diskfilter_pv_id *id, + grub_partition_t p; + for (p = disk->partition; p; p = p->parent) + s++; +- pv->partmaps = xmalloc (s * sizeof (pv->partmaps[0])); ++ pv->partmaps = xcalloc (s, sizeof (pv->partmaps[0])); + s = 0; + for (p = disk->partition; p; p = p->parent) + pv->partmaps[s++] = xstrdup (p->partmap->name); +diff --git a/grub-core/disk/ieee1275/ofdisk.c b/grub-core/disk/ieee1275/ofdisk.c +index 235c0fe2c..d887d4b6e 100644 +--- a/grub-core/disk/ieee1275/ofdisk.c ++++ b/grub-core/disk/ieee1275/ofdisk.c +@@ -297,7 +297,7 @@ dev_iterate (const struct grub_ieee1275_devalias *alias) + /* Power machines documentation specify 672 as maximum SAS disks in + one system. Using a slightly larger value to be safe. */ + table_size = 768; +- table = grub_malloc (table_size * sizeof (grub_uint64_t)); ++ table = grub_calloc (table_size, sizeof (grub_uint64_t)); + + if (!table) + { +diff --git a/grub-core/disk/ldm.c b/grub-core/disk/ldm.c +index 2a22d2d6c..e6323701a 100644 +--- a/grub-core/disk/ldm.c ++++ b/grub-core/disk/ldm.c +@@ -323,8 +323,8 @@ make_vg (grub_disk_t disk, + lv->segments->type = GRUB_DISKFILTER_MIRROR; + lv->segments->node_count = 0; + lv->segments->node_alloc = 8; +- lv->segments->nodes = grub_zalloc (sizeof (*lv->segments->nodes) +- * lv->segments->node_alloc); ++ lv->segments->nodes = grub_calloc (lv->segments->node_alloc, ++ sizeof (*lv->segments->nodes)); + if (!lv->segments->nodes) + goto fail2; + ptr = vblk[i].dynamic; +@@ -543,8 +543,8 @@ make_vg (grub_disk_t disk, + { + comp->segment_alloc = 8; + comp->segment_count = 0; +- comp->segments = grub_malloc (sizeof (*comp->segments) +- * comp->segment_alloc); ++ comp->segments = grub_calloc (comp->segment_alloc, ++ sizeof (*comp->segments)); + if (!comp->segments) + goto fail2; + } +@@ -590,8 +590,8 @@ make_vg (grub_disk_t disk, + } + comp->segments->node_count = read_int (ptr + 1, *ptr); + comp->segments->node_alloc = comp->segments->node_count; +- comp->segments->nodes = grub_zalloc (sizeof (*comp->segments->nodes) +- * comp->segments->node_alloc); ++ comp->segments->nodes = grub_calloc (comp->segments->node_alloc, ++ sizeof (*comp->segments->nodes)); + if (!lv->segments->nodes) + goto fail2; + } +@@ -1017,7 +1017,7 @@ grub_util_ldm_embed (struct grub_disk *disk, unsigned int *nsectors, + *nsectors = lv->size; + if (*nsectors > max_nsectors) + *nsectors = max_nsectors; +- *sectors = grub_malloc (*nsectors * sizeof (**sectors)); ++ *sectors = grub_calloc (*nsectors, sizeof (**sectors)); + if (!*sectors) + return grub_errno; + for (i = 0; i < *nsectors; i++) +diff --git a/grub-core/disk/luks.c b/grub-core/disk/luks.c +index 86c50c612..18b3a8bb1 100644 +--- a/grub-core/disk/luks.c ++++ b/grub-core/disk/luks.c +@@ -336,7 +336,7 @@ luks_recover_key (grub_disk_t source, + && grub_be_to_cpu32 (header.keyblock[i].stripes) > max_stripes) + max_stripes = grub_be_to_cpu32 (header.keyblock[i].stripes); + +- split_key = grub_malloc (keysize * max_stripes); ++ split_key = grub_calloc (keysize, max_stripes); + if (!split_key) + return grub_errno; + +diff --git a/grub-core/disk/lvm.c b/grub-core/disk/lvm.c +index 7b265c780..d1df640b3 100644 +--- a/grub-core/disk/lvm.c ++++ b/grub-core/disk/lvm.c +@@ -173,7 +173,7 @@ grub_lvm_detect (grub_disk_t disk, + first one. */ + + /* Allocate buffer space for the circular worst-case scenario. */ +- metadatabuf = grub_malloc (2 * mda_size); ++ metadatabuf = grub_calloc (2, mda_size); + if (! metadatabuf) + goto fail; + +@@ -426,7 +426,7 @@ grub_lvm_detect (grub_disk_t disk, + #endif + goto lvs_fail; + } +- lv->segments = grub_zalloc (sizeof (*seg) * lv->segment_count); ++ lv->segments = grub_calloc (lv->segment_count, sizeof (*seg)); + seg = lv->segments; + + for (i = 0; i < lv->segment_count; i++) +@@ -483,8 +483,8 @@ grub_lvm_detect (grub_disk_t disk, + if (seg->node_count != 1) + seg->stripe_size = grub_lvm_getvalue (&p, "stripe_size = "); + +- seg->nodes = grub_zalloc (sizeof (*stripe) +- * seg->node_count); ++ seg->nodes = grub_calloc (seg->node_count, ++ sizeof (*stripe)); + stripe = seg->nodes; + + p = grub_strstr (p, "stripes = ["); +diff --git a/grub-core/disk/xen/xendisk.c b/grub-core/disk/xen/xendisk.c +index b18a9238d..c1b331edb 100644 +--- a/grub-core/disk/xen/xendisk.c ++++ b/grub-core/disk/xen/xendisk.c +@@ -426,7 +426,7 @@ grub_xendisk_init (void) + if (!ctr) + return; + +- virtdisks = grub_malloc (ctr * sizeof (virtdisks[0])); ++ virtdisks = grub_calloc (ctr, sizeof (virtdisks[0])); + if (!virtdisks) + return; + if (grub_xenstore_dir ("device/vbd", fill, &ctr)) +diff --git a/grub-core/efiemu/loadcore.c b/grub-core/efiemu/loadcore.c +index 44085ef81..2b924623f 100644 +--- a/grub-core/efiemu/loadcore.c ++++ b/grub-core/efiemu/loadcore.c +@@ -201,7 +201,7 @@ grub_efiemu_count_symbols (const Elf_Ehdr *e) + + grub_efiemu_nelfsyms = (unsigned) s->sh_size / (unsigned) s->sh_entsize; + grub_efiemu_elfsyms = (struct grub_efiemu_elf_sym *) +- grub_malloc (sizeof (struct grub_efiemu_elf_sym) * grub_efiemu_nelfsyms); ++ grub_calloc (grub_efiemu_nelfsyms, sizeof (struct grub_efiemu_elf_sym)); + + /* Relocators */ + for (i = 0, s = (Elf_Shdr *) ((char *) e + e->e_shoff); +diff --git a/grub-core/efiemu/mm.c b/grub-core/efiemu/mm.c +index 52a032f7b..9b8e0d0ad 100644 +--- a/grub-core/efiemu/mm.c ++++ b/grub-core/efiemu/mm.c +@@ -554,11 +554,11 @@ grub_efiemu_mmap_sort_and_uniq (void) + /* Initialize variables*/ + grub_memset (present, 0, sizeof (int) * GRUB_EFI_MAX_MEMORY_TYPE); + scanline_events = (struct grub_efiemu_mmap_scan *) +- grub_malloc (sizeof (struct grub_efiemu_mmap_scan) * 2 * mmap_num); ++ grub_calloc (mmap_num, sizeof (struct grub_efiemu_mmap_scan) * 2); + + /* Number of chunks can't increase more than by factor of 2 */ + result = (grub_efi_memory_descriptor_t *) +- grub_malloc (sizeof (grub_efi_memory_descriptor_t) * 2 * mmap_num); ++ grub_calloc (mmap_num, sizeof (grub_efi_memory_descriptor_t) * 2); + if (!result || !scanline_events) + { + grub_free (result); +@@ -660,7 +660,7 @@ grub_efiemu_mm_do_alloc (void) + + /* Preallocate mmap */ + efiemu_mmap = (grub_efi_memory_descriptor_t *) +- grub_malloc (mmap_reserved_size * sizeof (grub_efi_memory_descriptor_t)); ++ grub_calloc (mmap_reserved_size, sizeof (grub_efi_memory_descriptor_t)); + if (!efiemu_mmap) + { + grub_efiemu_unload (); +diff --git a/grub-core/font/font.c b/grub-core/font/font.c +index 53d76a64d..68967dc1c 100644 +--- a/grub-core/font/font.c ++++ b/grub-core/font/font.c +@@ -293,8 +293,7 @@ load_font_index (grub_file_t file, grub_uint32_t sect_length, struct + font->num_chars = sect_length / FONT_CHAR_INDEX_ENTRY_SIZE; + + /* Allocate the character index array. */ +- font->char_index = grub_malloc (font->num_chars +- * sizeof (struct char_index_entry)); ++ font->char_index = grub_calloc (font->num_chars, sizeof (struct char_index_entry)); + if (!font->char_index) + return 1; + font->bmp_idx = grub_malloc (0x10000 * sizeof (grub_uint16_t)); +diff --git a/grub-core/fs/affs.c b/grub-core/fs/affs.c +index f673897e0..91073795f 100644 +--- a/grub-core/fs/affs.c ++++ b/grub-core/fs/affs.c +@@ -301,7 +301,7 @@ grub_affs_read_symlink (grub_fshelp_node_t node) + return 0; + } + latin1[symlink_size] = 0; +- utf8 = grub_malloc (symlink_size * GRUB_MAX_UTF8_PER_LATIN1 + 1); ++ utf8 = grub_calloc (GRUB_MAX_UTF8_PER_LATIN1 + 1, symlink_size); + if (!utf8) + { + grub_free (latin1); +@@ -422,7 +422,7 @@ grub_affs_iterate_dir (grub_fshelp_node_t dir, + return 1; + } + +- hashtable = grub_zalloc (data->htsize * sizeof (*hashtable)); ++ hashtable = grub_calloc (data->htsize, sizeof (*hashtable)); + if (!hashtable) + return 1; + +@@ -628,7 +628,7 @@ grub_affs_label (grub_device_t device, char **label) + len = file.namelen; + if (len > sizeof (file.name)) + len = sizeof (file.name); +- *label = grub_malloc (len * GRUB_MAX_UTF8_PER_LATIN1 + 1); ++ *label = grub_calloc (GRUB_MAX_UTF8_PER_LATIN1 + 1, len); + if (*label) + *grub_latin1_to_utf8 ((grub_uint8_t *) *label, file.name, len) = '\0'; + } +diff --git a/grub-core/fs/btrfs.c b/grub-core/fs/btrfs.c +index dac73b2fa..8c8aa9c31 100644 +--- a/grub-core/fs/btrfs.c ++++ b/grub-core/fs/btrfs.c +@@ -404,7 +404,7 @@ lower_bound (struct grub_btrfs_data *data, + { + desc->allocated = 16; + desc->depth = 0; +- desc->data = grub_malloc (sizeof (desc->data[0]) * desc->allocated); ++ desc->data = grub_calloc (desc->allocated, sizeof (desc->data[0])); + if (!desc->data) + return grub_errno; + } +@@ -2056,7 +2056,7 @@ grub_btrfs_embed (grub_device_t device __attribute__ ((unused)), + *nsectors = 64 * 2 - 1; + if (*nsectors > max_nsectors) + *nsectors = max_nsectors; +- *sectors = grub_malloc (*nsectors * sizeof (**sectors)); ++ *sectors = grub_calloc (*nsectors, sizeof (**sectors)); + if (!*sectors) + return grub_errno; + for (i = 0; i < *nsectors; i++) +diff --git a/grub-core/fs/hfs.c b/grub-core/fs/hfs.c +index fc3683178..3fd4eec20 100644 +--- a/grub-core/fs/hfs.c ++++ b/grub-core/fs/hfs.c +@@ -1360,7 +1360,7 @@ grub_hfs_label (grub_device_t device, char **label) + grub_size_t len = data->sblock.volname[0]; + if (len > sizeof (data->sblock.volname) - 1) + len = sizeof (data->sblock.volname) - 1; +- *label = grub_malloc (len * MAX_UTF8_PER_MAC_ROMAN + 1); ++ *label = grub_calloc (MAX_UTF8_PER_MAC_ROMAN + 1, len); + if (*label) + macroman_to_utf8 (*label, data->sblock.volname + 1, + len + 1, 0); +diff --git a/grub-core/fs/hfsplus.c b/grub-core/fs/hfsplus.c +index 21159e858..f1cd72398 100644 +--- a/grub-core/fs/hfsplus.c ++++ b/grub-core/fs/hfsplus.c +@@ -661,6 +661,7 @@ list_nodes (void *record, void *hook_arg) + char *filename; + int i; + struct grub_fshelp_node *node; ++ grub_uint16_t *keyname; + struct grub_hfsplus_catfile *fileinfo; + enum grub_fshelp_filetype type = GRUB_FSHELP_UNKNOWN; + struct list_nodes_ctx *ctx = hook_arg; +@@ -719,32 +720,34 @@ list_nodes (void *record, void *hook_arg) + if (! filename) + return 0; + ++ keyname = grub_calloc (grub_be_to_cpu16 (catkey->namelen), sizeof (*keyname)); ++ if (!keyname) ++ { ++ grub_free (filename); ++ return 0; ++ } ++ + /* Make sure the byte order of the UTF16 string is correct. */ + for (i = 0; i < grub_be_to_cpu16 (catkey->namelen); i++) + { +- catkey->name[i] = grub_be_to_cpu16 (catkey->name[i]); ++ keyname[i] = grub_be_to_cpu16 (catkey->name[i]); + +- if (catkey->name[i] == '/') +- catkey->name[i] = ':'; ++ if (keyname[i] == '/') ++ keyname[i] = ':'; + + /* If the name is obviously invalid, skip this node. */ +- if (catkey->name[i] == 0) ++ if (keyname[i] == 0) + { + grub_free (filename); ++ grub_free (keyname); + return 0; + } + } + +- *grub_utf16_to_utf8 ((grub_uint8_t *) filename, catkey->name, ++ *grub_utf16_to_utf8 ((grub_uint8_t *) filename, keyname, + grub_be_to_cpu16 (catkey->namelen)) = '\0'; + +- /* Restore the byte order to what it was previously. */ +- for (i = 0; i < grub_be_to_cpu16 (catkey->namelen); i++) +- { +- if (catkey->name[i] == ':') +- catkey->name[i] = '/'; +- catkey->name[i] = grub_be_to_cpu16 (catkey->name[i]); +- } ++ grub_free (keyname); + + /* hfs+ is case insensitive. */ + if (! ctx->dir->data->case_sensitive) +@@ -975,6 +978,7 @@ grub_hfsplus_label (grub_device_t device, char **label) + grub_disk_t disk = device->disk; + struct grub_hfsplus_catkey *catkey; + int i, label_len; ++ grub_uint16_t *label_name; + struct grub_hfsplus_key_internal intern; + struct grub_hfsplus_btnode *node = NULL; + grub_disk_addr_t ptr = 0; +@@ -1003,22 +1007,31 @@ grub_hfsplus_label (grub_device_t device, char **label) + grub_hfsplus_btree_recptr (&data->catalog_tree, node, ptr); + + label_len = grub_be_to_cpu16 (catkey->namelen); ++ label_name = grub_calloc (label_len, sizeof (*label_name)); ++ if (!label_name) ++ { ++ grub_free (node); ++ grub_free (data); ++ return grub_errno; ++ } ++ + for (i = 0; i < label_len; i++) + { +- catkey->name[i] = grub_be_to_cpu16 (catkey->name[i]); ++ label_name[i] = grub_be_to_cpu16 (catkey->name[i]); + + /* If the name is obviously invalid, skip this node. */ +- if (catkey->name[i] == 0) ++ if (label_name[i] == 0) + return 0; + } + +- *label = grub_malloc (label_len * GRUB_MAX_UTF8_PER_UTF16 + 1); ++ *label = grub_calloc (label_len, GRUB_MAX_UTF8_PER_UTF16 + 1); + if (! *label) + return grub_errno; + +- *grub_utf16_to_utf8 ((grub_uint8_t *) (*label), catkey->name, ++ *grub_utf16_to_utf8 ((grub_uint8_t *) (*label), label_name, + label_len) = '\0'; + ++ grub_free (label_name); + grub_free (node); + grub_free (data); + +diff --git a/grub-core/fs/iso9660.c b/grub-core/fs/iso9660.c +index c9c8374bf..092b8f409 100644 +--- a/grub-core/fs/iso9660.c ++++ b/grub-core/fs/iso9660.c +@@ -331,7 +331,7 @@ grub_iso9660_convert_string (grub_uint8_t *us, int len) + int i; + grub_uint16_t t[MAX_NAMELEN / 2 + 1]; + +- p = grub_malloc (len * GRUB_MAX_UTF8_PER_UTF16 + 1); ++ p = grub_calloc (len, GRUB_MAX_UTF8_PER_UTF16 + 1); + if (! p) + return NULL; + +diff --git a/grub-core/fs/ntfs.c b/grub-core/fs/ntfs.c +index 6f8468862..9827f9bb8 100644 +--- a/grub-core/fs/ntfs.c ++++ b/grub-core/fs/ntfs.c +@@ -556,8 +556,8 @@ get_utf8 (grub_uint8_t *in, grub_size_t len) + grub_uint16_t *tmp; + grub_size_t i; + +- buf = grub_malloc (len * GRUB_MAX_UTF8_PER_UTF16 + 1); +- tmp = grub_malloc (len * sizeof (tmp[0])); ++ buf = grub_calloc (len, GRUB_MAX_UTF8_PER_UTF16 + 1); ++ tmp = grub_calloc (len, sizeof (tmp[0])); + if (!buf || !tmp) + { + grub_free (buf); +diff --git a/grub-core/fs/sfs.c b/grub-core/fs/sfs.c +index 57b8d8da6..663931717 100644 +--- a/grub-core/fs/sfs.c ++++ b/grub-core/fs/sfs.c +@@ -266,7 +266,7 @@ grub_sfs_read_block (grub_fshelp_node_t node, grub_disk_addr_t fileblock) + node->next_extent = node->block; + node->cache_size = 0; + +- node->cache = grub_malloc (sizeof (node->cache[0]) * cache_size); ++ node->cache = grub_calloc (cache_size, sizeof (node->cache[0])); + if (!node->cache) + { + grub_errno = 0; +diff --git a/grub-core/fs/tar.c b/grub-core/fs/tar.c +index 39bf197aa..4864451e1 100644 +--- a/grub-core/fs/tar.c ++++ b/grub-core/fs/tar.c +@@ -120,7 +120,7 @@ grub_cpio_find_file (struct grub_archelp_data *data, char **name, + if (data->linkname_alloc < linksize + 1) + { + char *n; +- n = grub_malloc (2 * (linksize + 1)); ++ n = grub_calloc (2, linksize + 1); + if (!n) + return grub_errno; + grub_free (data->linkname); +diff --git a/grub-core/fs/udf.c b/grub-core/fs/udf.c +index 00a16098b..44481da7c 100644 +--- a/grub-core/fs/udf.c ++++ b/grub-core/fs/udf.c +@@ -873,7 +873,7 @@ read_string (const grub_uint8_t *raw, grub_size_t sz, char *outbuf) + { + unsigned i; + utf16len = sz - 1; +- utf16 = grub_malloc (utf16len * sizeof (utf16[0])); ++ utf16 = grub_calloc (utf16len, sizeof (utf16[0])); + if (!utf16) + return NULL; + for (i = 0; i < utf16len; i++) +@@ -883,7 +883,7 @@ read_string (const grub_uint8_t *raw, grub_size_t sz, char *outbuf) + { + unsigned i; + utf16len = (sz - 1) / 2; +- utf16 = grub_malloc (utf16len * sizeof (utf16[0])); ++ utf16 = grub_calloc (utf16len, sizeof (utf16[0])); + if (!utf16) + return NULL; + for (i = 0; i < utf16len; i++) +diff --git a/grub-core/fs/zfs/zfs.c b/grub-core/fs/zfs/zfs.c +index 6e1fff9e9..f6b95d4fb 100644 +--- a/grub-core/fs/zfs/zfs.c ++++ b/grub-core/fs/zfs/zfs.c +@@ -3325,7 +3325,7 @@ dnode_get_fullpath (const char *fullpath, struct subvolume *subvol, + } + subvol->nkeys = 0; + zap_iterate (&keychain_dn, 8, count_zap_keys, &ctx, data); +- subvol->keyring = grub_zalloc (subvol->nkeys * sizeof (subvol->keyring[0])); ++ subvol->keyring = grub_calloc (subvol->nkeys, sizeof (subvol->keyring[0])); + if (!subvol->keyring) + { + grub_free (fsname); +@@ -4336,7 +4336,7 @@ grub_zfs_embed (grub_device_t device __attribute__ ((unused)), + *nsectors = (VDEV_BOOT_SIZE >> GRUB_DISK_SECTOR_BITS); + if (*nsectors > max_nsectors) + *nsectors = max_nsectors; +- *sectors = grub_malloc (*nsectors * sizeof (**sectors)); ++ *sectors = grub_calloc (*nsectors, sizeof (**sectors)); + if (!*sectors) + return grub_errno; + for (i = 0; i < *nsectors; i++) +diff --git a/grub-core/gfxmenu/gui_string_util.c b/grub-core/gfxmenu/gui_string_util.c +index a9a415e31..ba1e1eab3 100644 +--- a/grub-core/gfxmenu/gui_string_util.c ++++ b/grub-core/gfxmenu/gui_string_util.c +@@ -55,7 +55,7 @@ canonicalize_path (const char *path) + if (*p == '/') + components++; + +- char **path_array = grub_malloc (components * sizeof (*path_array)); ++ char **path_array = grub_calloc (components, sizeof (*path_array)); + if (! path_array) + return 0; + +diff --git a/grub-core/gfxmenu/widget-box.c b/grub-core/gfxmenu/widget-box.c +index b60602889..470597ded 100644 +--- a/grub-core/gfxmenu/widget-box.c ++++ b/grub-core/gfxmenu/widget-box.c +@@ -303,10 +303,10 @@ grub_gfxmenu_create_box (const char *pixmaps_prefix, + box->content_height = 0; + box->raw_pixmaps = + (struct grub_video_bitmap **) +- grub_malloc (BOX_NUM_PIXMAPS * sizeof (struct grub_video_bitmap *)); ++ grub_calloc (BOX_NUM_PIXMAPS, sizeof (struct grub_video_bitmap *)); + box->scaled_pixmaps = + (struct grub_video_bitmap **) +- grub_malloc (BOX_NUM_PIXMAPS * sizeof (struct grub_video_bitmap *)); ++ grub_calloc (BOX_NUM_PIXMAPS, sizeof (struct grub_video_bitmap *)); + + /* Initialize all pixmap pointers to NULL so that proper destruction can + be performed if an error is encountered partway through construction. */ +diff --git a/grub-core/io/gzio.c b/grub-core/io/gzio.c +index 86ea8cfde..7024cda84 100644 +--- a/grub-core/io/gzio.c ++++ b/grub-core/io/gzio.c +@@ -554,7 +554,7 @@ huft_build (unsigned *b, /* code lengths in bits (all assumed <= BMAX) */ + z = 1 << j; /* table entries for j-bit table */ + + /* allocate and link in new table */ +- q = (struct huft *) grub_zalloc ((z + 1) * sizeof (struct huft)); ++ q = (struct huft *) grub_calloc (z + 1, sizeof (struct huft)); + if (! q) + { + if (h) +diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c +index 4d36fe311..b1379b92f 100644 +--- a/grub-core/kern/efi/efi.c ++++ b/grub-core/kern/efi/efi.c +@@ -207,7 +207,7 @@ grub_efi_set_variable(const char *var, const grub_efi_guid_t *guid, + + len = grub_strlen (var); + len16 = len * GRUB_MAX_UTF16_PER_UTF8; +- var16 = grub_malloc ((len16 + 1) * sizeof (var16[0])); ++ var16 = grub_calloc (len16 + 1, sizeof (var16[0])); + if (!var16) + return grub_errno; + len16 = grub_utf8_to_utf16 (var16, len16, (grub_uint8_t *) var, len, NULL); +@@ -242,7 +242,7 @@ grub_efi_get_variable (const char *var, const grub_efi_guid_t *guid, + + len = grub_strlen (var); + len16 = len * GRUB_MAX_UTF16_PER_UTF8; +- var16 = grub_malloc ((len16 + 1) * sizeof (var16[0])); ++ var16 = grub_calloc (len16 + 1, sizeof (var16[0])); + if (!var16) + return NULL; + len16 = grub_utf8_to_utf16 (var16, len16, (grub_uint8_t *) var, len, NULL); +@@ -384,6 +384,7 @@ grub_efi_get_filename (grub_efi_device_path_t *dp0) + { + grub_efi_file_path_device_path_t *fp; + grub_efi_uint16_t len; ++ grub_efi_char16_t *dup_name; + + *p++ = '/'; + +@@ -394,7 +395,16 @@ grub_efi_get_filename (grub_efi_device_path_t *dp0) + while (len > 0 && fp->path_name[len - 1] == 0) + len--; + +- p = (char *) grub_utf16_to_utf8 ((unsigned char *) p, fp->path_name, len); ++ dup_name = grub_calloc (len, sizeof (*dup_name)); ++ if (!dup_name) ++ { ++ grub_free (name); ++ return NULL; ++ } ++ p = (char *) grub_utf16_to_utf8 ((unsigned char *) p, ++ grub_memcpy (dup_name, fp->path_name, len * sizeof (*dup_name)), ++ len); ++ grub_free (dup_name); + } + + dp = GRUB_EFI_NEXT_DEVICE_PATH (dp); +@@ -884,9 +894,20 @@ grub_efi_print_device_path (grub_efi_device_path_t *dp) + fp = (grub_efi_file_path_device_path_t *) dp; + buf = grub_malloc ((len - 4) * 2 + 1); + if (buf) +- *grub_utf16_to_utf8 (buf, fp->path_name, +- (len - 4) / sizeof (grub_efi_char16_t)) +- = '\0'; ++ { ++ grub_efi_char16_t *dup_name = grub_malloc (len - 4); ++ if (!dup_name) ++ { ++ grub_errno = GRUB_ERR_NONE; ++ grub_printf ("/File((null))"); ++ grub_free (buf); ++ break; ++ } ++ *grub_utf16_to_utf8 (buf, grub_memcpy (dup_name, fp->path_name, len - 4), ++ (len - 4) / sizeof (grub_efi_char16_t)) ++ = '\0'; ++ grub_free (dup_name); ++ } + else + grub_errno = GRUB_ERR_NONE; + grub_printf ("/File(%s)", buf); +diff --git a/grub-core/kern/emu/hostdisk.c b/grub-core/kern/emu/hostdisk.c +index 87e3e2512..f57bd334c 100644 +--- a/grub-core/kern/emu/hostdisk.c ++++ b/grub-core/kern/emu/hostdisk.c +@@ -615,7 +615,7 @@ static char * + grub_util_path_concat_real (size_t n, int ext, va_list ap) + { + size_t totlen = 0; +- char **l = xmalloc ((n + ext) * sizeof (l[0])); ++ char **l = xcalloc (n + ext, sizeof (l[0])); + char *r, *p, *pi; + size_t i; + int first = 1; +diff --git a/grub-core/kern/fs.c b/grub-core/kern/fs.c +index 1bd748be8..730d21770 100644 +--- a/grub-core/kern/fs.c ++++ b/grub-core/kern/fs.c +@@ -151,7 +151,7 @@ grub_fs_blocklist_open (grub_file_t file, const char *name) + while (p); + + /* Allocate a block list. */ +- blocks = grub_zalloc (sizeof (struct grub_fs_block) * (num + 1)); ++ blocks = grub_calloc (num + 1, sizeof (struct grub_fs_block)); + if (! blocks) + return 0; + +diff --git a/grub-core/kern/misc.c b/grub-core/kern/misc.c +index aaae9aa0a..c034f49f9 100644 +--- a/grub-core/kern/misc.c ++++ b/grub-core/kern/misc.c +@@ -737,7 +737,7 @@ parse_printf_args (const char *fmt0, struct printf_args *args, + args->ptr = args->prealloc; + else + { +- args->ptr = grub_malloc (args->count * sizeof (args->ptr[0])); ++ args->ptr = grub_calloc (args->count, sizeof (args->ptr[0])); + if (!args->ptr) + { + grub_errno = GRUB_ERR_NONE; +diff --git a/grub-core/kern/parser.c b/grub-core/kern/parser.c +index 78175aac2..619db3122 100644 +--- a/grub-core/kern/parser.c ++++ b/grub-core/kern/parser.c +@@ -213,7 +213,7 @@ grub_parser_split_cmdline (const char *cmdline, + return grub_errno; + grub_memcpy (args, buffer, bp - buffer); + +- *argv = grub_malloc (sizeof (char *) * (*argc + 1)); ++ *argv = grub_calloc (*argc + 1, sizeof (char *)); + if (!*argv) + { + grub_free (args); +diff --git a/grub-core/kern/uboot/uboot.c b/grub-core/kern/uboot/uboot.c +index cf0168e62..efa10f284 100644 +--- a/grub-core/kern/uboot/uboot.c ++++ b/grub-core/kern/uboot/uboot.c +@@ -133,7 +133,7 @@ grub_uboot_dev_enum (void) + return num_devices; + + max_devices = 2; +- enum_devices = grub_malloc (sizeof(struct device_info) * max_devices); ++ enum_devices = grub_calloc (max_devices, sizeof(struct device_info)); + if (!enum_devices) + return 0; + +diff --git a/grub-core/lib/libgcrypt/cipher/ac.c b/grub-core/lib/libgcrypt/cipher/ac.c +index f5e946a2d..63f6fcd11 100644 +--- a/grub-core/lib/libgcrypt/cipher/ac.c ++++ b/grub-core/lib/libgcrypt/cipher/ac.c +@@ -185,7 +185,7 @@ ac_data_mpi_copy (gcry_ac_mpi_t *data_mpis, unsigned int data_mpis_n, + gcry_mpi_t mpi; + char *label; + +- data_mpis_new = gcry_malloc (sizeof (*data_mpis_new) * data_mpis_n); ++ data_mpis_new = gcry_calloc (data_mpis_n, sizeof (*data_mpis_new)); + if (! data_mpis_new) + { + err = gcry_error_from_errno (errno); +@@ -572,7 +572,7 @@ _gcry_ac_data_to_sexp (gcry_ac_data_t data, gcry_sexp_t *sexp, + } + + /* Add MPI list. */ +- arg_list = gcry_malloc (sizeof (*arg_list) * (data_n + 1)); ++ arg_list = gcry_calloc (data_n + 1, sizeof (*arg_list)); + if (! arg_list) + { + err = gcry_error_from_errno (errno); +@@ -1283,7 +1283,7 @@ ac_data_construct (const char *identifier, int include_flags, + /* We build a list of arguments to pass to + gcry_sexp_build_array(). */ + data_length = _gcry_ac_data_length (data); +- arg_list = gcry_malloc (sizeof (*arg_list) * (data_length * 2)); ++ arg_list = gcry_calloc (data_length, sizeof (*arg_list) * 2); + if (! arg_list) + { + err = gcry_error_from_errno (errno); +@@ -1593,7 +1593,7 @@ _gcry_ac_key_pair_generate (gcry_ac_handle_t handle, unsigned int nbits, + arg_list_n += 2; + + /* Allocate list. */ +- arg_list = gcry_malloc (sizeof (*arg_list) * arg_list_n); ++ arg_list = gcry_calloc (arg_list_n, sizeof (*arg_list)); + if (! arg_list) + { + err = gcry_error_from_errno (errno); +diff --git a/grub-core/lib/libgcrypt/cipher/primegen.c b/grub-core/lib/libgcrypt/cipher/primegen.c +index 2788e349f..b12e79b19 100644 +--- a/grub-core/lib/libgcrypt/cipher/primegen.c ++++ b/grub-core/lib/libgcrypt/cipher/primegen.c +@@ -383,7 +383,7 @@ prime_generate_internal (int need_q_factor, + } + + /* Allocate an array to track pool usage. */ +- pool_in_use = gcry_malloc (n * sizeof *pool_in_use); ++ pool_in_use = gcry_calloc (n, sizeof *pool_in_use); + if (!pool_in_use) + { + err = gpg_err_code_from_errno (errno); +@@ -765,7 +765,7 @@ gen_prime (unsigned int nbits, int secret, int randomlevel, + if (nbits < 16) + log_fatal ("can't generate a prime with less than %d bits\n", 16); + +- mods = gcry_xmalloc( no_of_small_prime_numbers * sizeof *mods ); ++ mods = gcry_xcalloc( no_of_small_prime_numbers, sizeof *mods); + /* Make nbits fit into gcry_mpi_t implementation. */ + val_2 = mpi_alloc_set_ui( 2 ); + val_3 = mpi_alloc_set_ui( 3); +diff --git a/grub-core/lib/libgcrypt/cipher/pubkey.c b/grub-core/lib/libgcrypt/cipher/pubkey.c +index 910982141..ca087ad75 100644 +--- a/grub-core/lib/libgcrypt/cipher/pubkey.c ++++ b/grub-core/lib/libgcrypt/cipher/pubkey.c +@@ -2941,7 +2941,7 @@ gcry_pk_encrypt (gcry_sexp_t *r_ciph, gcry_sexp_t s_data, gcry_sexp_t s_pkey) + * array to a format string, so we have to do it this way :-(. */ + /* FIXME: There is now such a format specifier, so we can + change the code to be more clear. */ +- arg_list = malloc (nelem * sizeof *arg_list); ++ arg_list = calloc (nelem, sizeof *arg_list); + if (!arg_list) + { + rc = gpg_err_code_from_syserror (); +@@ -3233,7 +3233,7 @@ gcry_pk_sign (gcry_sexp_t *r_sig, gcry_sexp_t s_hash, gcry_sexp_t s_skey) + } + strcpy (p, "))"); + +- arg_list = malloc (nelem * sizeof *arg_list); ++ arg_list = calloc (nelem, sizeof *arg_list); + if (!arg_list) + { + rc = gpg_err_code_from_syserror (); +diff --git a/grub-core/lib/priority_queue.c b/grub-core/lib/priority_queue.c +index 659be0b7f..7d5e7c05a 100644 +--- a/grub-core/lib/priority_queue.c ++++ b/grub-core/lib/priority_queue.c +@@ -92,7 +92,7 @@ grub_priority_queue_new (grub_size_t elsize, + { + struct grub_priority_queue *ret; + void *els; +- els = grub_malloc (elsize * 8); ++ els = grub_calloc (8, elsize); + if (!els) + return 0; + ret = (struct grub_priority_queue *) grub_malloc (sizeof (*ret)); +diff --git a/grub-core/lib/reed_solomon.c b/grub-core/lib/reed_solomon.c +index ee9fa7b4f..467305b46 100644 +--- a/grub-core/lib/reed_solomon.c ++++ b/grub-core/lib/reed_solomon.c +@@ -20,6 +20,7 @@ + #include + #include + #include ++#define xcalloc calloc + #define xmalloc malloc + #define grub_memset memset + #define grub_memcpy memcpy +@@ -158,11 +159,9 @@ rs_encode (gf_single_t *data, grub_size_t s, grub_size_t rs) + gf_single_t *rs_polynomial; + int i, j; + gf_single_t *m; +- m = xmalloc ((s + rs) * sizeof (gf_single_t)); ++ m = xcalloc (s + rs, sizeof (gf_single_t)); + grub_memcpy (m, data, s * sizeof (gf_single_t)); +- grub_memset (m + s, 0, rs * sizeof (gf_single_t)); +- rs_polynomial = xmalloc ((rs + 1) * sizeof (gf_single_t)); +- grub_memset (rs_polynomial, 0, (rs + 1) * sizeof (gf_single_t)); ++ rs_polynomial = xcalloc (rs + 1, sizeof (gf_single_t)); + rs_polynomial[rs] = 1; + /* Multiply with X - a^r */ + for (j = 0; j < rs; j++) +diff --git a/grub-core/lib/relocator.c b/grub-core/lib/relocator.c +index ea3ebc719..5847aac36 100644 +--- a/grub-core/lib/relocator.c ++++ b/grub-core/lib/relocator.c +@@ -495,9 +495,9 @@ malloc_in_range (struct grub_relocator *rel, + } + #endif + +- eventt = grub_malloc (maxevents * sizeof (events[0])); ++ eventt = grub_calloc (maxevents, sizeof (events[0])); + counter = grub_malloc ((DIGITSORT_MASK + 2) * sizeof (counter[0])); +- events = grub_malloc (maxevents * sizeof (events[0])); ++ events = grub_calloc (maxevents, sizeof (events[0])); + if (!events || !eventt || !counter) + { + grub_dprintf ("relocator", "events or counter allocation failed %d\n", +@@ -963,7 +963,7 @@ malloc_in_range (struct grub_relocator *rel, + #endif + unsigned cural = 0; + int oom = 0; +- res->subchunks = grub_malloc (sizeof (res->subchunks[0]) * nallocs); ++ res->subchunks = grub_calloc (nallocs, sizeof (res->subchunks[0])); + if (!res->subchunks) + oom = 1; + res->nsubchunks = nallocs; +@@ -1562,8 +1562,8 @@ grub_relocator_prepare_relocs (struct grub_relocator *rel, grub_addr_t addr, + count[(chunk->src & 0xff) + 1]++; + } + } +- from = grub_malloc (nchunks * sizeof (sorted[0])); +- to = grub_malloc (nchunks * sizeof (sorted[0])); ++ from = grub_calloc (nchunks, sizeof (sorted[0])); ++ to = grub_calloc (nchunks, sizeof (sorted[0])); + if (!from || !to) + { + grub_free (from); +diff --git a/grub-core/loader/arm/linux.c b/grub-core/loader/arm/linux.c +index b4f609d2d..ea29d7a72 100644 +--- a/grub-core/loader/arm/linux.c ++++ b/grub-core/loader/arm/linux.c +@@ -77,7 +77,7 @@ linux_prepare_atag (void *target_atag) + + /* some place for cmdline, initrd and terminator. */ + tmp_size = get_atag_size (atag_orig) + 20 + (arg_size) / 4; +- tmp_atag = grub_malloc (tmp_size * sizeof (grub_uint32_t)); ++ tmp_atag = grub_calloc (tmp_size, sizeof (grub_uint32_t)); + if (!tmp_atag) + return grub_errno; + +diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c +index 3630b0cbf..2da119ad5 100644 +--- a/grub-core/loader/efi/chainloader.c ++++ b/grub-core/loader/efi/chainloader.c +@@ -119,18 +119,23 @@ static void + copy_file_path (grub_efi_file_path_device_path_t *fp, + const char *str, grub_efi_uint16_t len) + { +- grub_efi_char16_t *p; ++ grub_efi_char16_t *p, *path_name; + grub_efi_uint16_t size; + + fp->header.type = GRUB_EFI_MEDIA_DEVICE_PATH_TYPE; + fp->header.subtype = GRUB_EFI_FILE_PATH_DEVICE_PATH_SUBTYPE; + +- size = grub_utf8_to_utf16 (fp->path_name, len * GRUB_MAX_UTF16_PER_UTF8, ++ path_name = grub_calloc (len, GRUB_MAX_UTF16_PER_UTF8 * sizeof (*path_name)); ++ if (!path_name) ++ return; ++ ++ size = grub_utf8_to_utf16 (path_name, len * GRUB_MAX_UTF16_PER_UTF8, + (const grub_uint8_t *) str, len, 0); +- for (p = fp->path_name; p < fp->path_name + size; p++) ++ for (p = path_name; p < path_name + size; p++) + if (*p == '/') + *p = '\\'; + ++ grub_memcpy (fp->path_name, path_name, size * sizeof (*fp->path_name)); + /* File Path is NULL terminated */ + fp->path_name[size++] = '\0'; + fp->header.length = size * sizeof (grub_efi_char16_t) + sizeof (*fp); +diff --git a/grub-core/loader/i386/bsdXX.c b/grub-core/loader/i386/bsdXX.c +index af6741d15..a8d8bf7da 100644 +--- a/grub-core/loader/i386/bsdXX.c ++++ b/grub-core/loader/i386/bsdXX.c +@@ -48,7 +48,7 @@ read_headers (grub_file_t file, const char *filename, Elf_Ehdr *e, char **shdr) + if (e->e_ident[EI_CLASS] != SUFFIX (ELFCLASS)) + return grub_error (GRUB_ERR_BAD_OS, N_("invalid arch-dependent ELF magic")); + +- *shdr = grub_malloc ((grub_uint32_t) e->e_shnum * e->e_shentsize); ++ *shdr = grub_calloc (e->e_shnum, e->e_shentsize); + if (! *shdr) + return grub_errno; + +diff --git a/grub-core/loader/i386/xnu.c b/grub-core/loader/i386/xnu.c +index 59ef73a73..ee0eaadc4 100644 +--- a/grub-core/loader/i386/xnu.c ++++ b/grub-core/loader/i386/xnu.c +@@ -295,7 +295,7 @@ grub_xnu_devprop_add_property_utf8 (struct grub_xnu_devprop_device_descriptor *d + return grub_errno; + + len = grub_strlen (name); +- utf16 = grub_malloc (sizeof (grub_uint16_t) * len); ++ utf16 = grub_calloc (len, sizeof (grub_uint16_t)); + if (!utf16) + { + grub_free (utf8); +@@ -331,7 +331,7 @@ grub_xnu_devprop_add_property_utf16 (struct grub_xnu_devprop_device_descriptor * + grub_uint16_t *utf16; + grub_err_t err; + +- utf16 = grub_malloc (sizeof (grub_uint16_t) * namelen); ++ utf16 = grub_calloc (namelen, sizeof (grub_uint16_t)); + if (!utf16) + return grub_errno; + grub_memcpy (utf16, name, sizeof (grub_uint16_t) * namelen); +diff --git a/grub-core/loader/macho.c b/grub-core/loader/macho.c +index 59b195e27..f61341af5 100644 +--- a/grub-core/loader/macho.c ++++ b/grub-core/loader/macho.c +@@ -97,7 +97,7 @@ grub_macho_file (grub_file_t file, const char *filename, int is_64bit) + if (grub_file_seek (macho->file, sizeof (struct grub_macho_fat_header)) + == (grub_off_t) -1) + goto fail; +- archs = grub_malloc (sizeof (struct grub_macho_fat_arch) * narchs); ++ archs = grub_calloc (narchs, sizeof (struct grub_macho_fat_arch)); + if (!archs) + goto fail; + if (grub_file_read (macho->file, archs, +diff --git a/grub-core/loader/multiboot_elfxx.c b/grub-core/loader/multiboot_elfxx.c +index 70cd1db51..cc6853692 100644 +--- a/grub-core/loader/multiboot_elfxx.c ++++ b/grub-core/loader/multiboot_elfxx.c +@@ -217,7 +217,7 @@ CONCAT(grub_multiboot_load_elf, XX) (mbi_load_data_t *mld) + { + grub_uint8_t *shdr, *shdrptr; + +- shdr = grub_malloc ((grub_uint32_t) ehdr->e_shnum * ehdr->e_shentsize); ++ shdr = grub_calloc (ehdr->e_shnum, ehdr->e_shentsize); + if (!shdr) + return grub_errno; + +diff --git a/grub-core/loader/xnu.c b/grub-core/loader/xnu.c +index df8dfdb4b..dc7d5409e 100644 +--- a/grub-core/loader/xnu.c ++++ b/grub-core/loader/xnu.c +@@ -792,7 +792,7 @@ grub_cmd_xnu_mkext (grub_command_t cmd __attribute__ ((unused)), + if (grub_be_to_cpu32 (head.magic) == GRUB_MACHO_FAT_MAGIC) + { + narchs = grub_be_to_cpu32 (head.nfat_arch); +- archs = grub_malloc (sizeof (struct grub_macho_fat_arch) * narchs); ++ archs = grub_calloc (narchs, sizeof (struct grub_macho_fat_arch)); + if (! archs) + { + grub_file_close (file); +diff --git a/grub-core/mmap/mmap.c b/grub-core/mmap/mmap.c +index 6a31cbae3..57b4e9a72 100644 +--- a/grub-core/mmap/mmap.c ++++ b/grub-core/mmap/mmap.c +@@ -143,9 +143,9 @@ grub_mmap_iterate (grub_memory_hook_t hook, void *hook_data) + + /* Initialize variables. */ + ctx.scanline_events = (struct grub_mmap_scan *) +- grub_malloc (sizeof (struct grub_mmap_scan) * 2 * mmap_num); ++ grub_calloc (mmap_num, sizeof (struct grub_mmap_scan) * 2); + +- present = grub_zalloc (sizeof (present[0]) * current_priority); ++ present = grub_calloc (current_priority, sizeof (present[0])); + + if (! ctx.scanline_events || !present) + { +diff --git a/grub-core/net/bootp.c b/grub-core/net/bootp.c +index 8b6fc9f24..adf36fa4a 100644 +--- a/grub-core/net/bootp.c ++++ b/grub-core/net/bootp.c +@@ -1326,7 +1326,7 @@ grub_cmd_bootp (struct grub_command *cmd __attribute__ ((unused)), + if (ncards == 0) + return grub_error (GRUB_ERR_NET_NO_CARD, N_("no network card found")); + +- ifaces = grub_zalloc (ncards * sizeof (ifaces[0])); ++ ifaces = grub_calloc (ncards, sizeof (ifaces[0])); + if (!ifaces) + return grub_errno; + +diff --git a/grub-core/net/dns.c b/grub-core/net/dns.c +index 5d9afe093..e332d5eb4 100644 +--- a/grub-core/net/dns.c ++++ b/grub-core/net/dns.c +@@ -285,8 +285,8 @@ recv_hook (grub_net_udp_socket_t sock __attribute__ ((unused)), + ptr++; + ptr += 4; + } +- *data->addresses = grub_malloc (sizeof ((*data->addresses)[0]) +- * grub_be_to_cpu16 (head->ancount)); ++ *data->addresses = grub_calloc (grub_be_to_cpu16 (head->ancount), ++ sizeof ((*data->addresses)[0])); + if (!*data->addresses) + { + grub_errno = GRUB_ERR_NONE; +@@ -406,8 +406,8 @@ recv_hook (grub_net_udp_socket_t sock __attribute__ ((unused)), + dns_cache[h].addresses = 0; + dns_cache[h].name = grub_strdup (data->oname); + dns_cache[h].naddresses = *data->naddresses; +- dns_cache[h].addresses = grub_malloc (*data->naddresses +- * sizeof (dns_cache[h].addresses[0])); ++ dns_cache[h].addresses = grub_calloc (*data->naddresses, ++ sizeof (dns_cache[h].addresses[0])); + dns_cache[h].limit_time = grub_get_time_ms () + 1000 * ttl_all; + if (!dns_cache[h].addresses || !dns_cache[h].name) + { +@@ -479,7 +479,7 @@ grub_net_dns_lookup (const char *name, + } + } + +- sockets = grub_malloc (sizeof (sockets[0]) * n_servers); ++ sockets = grub_calloc (n_servers, sizeof (sockets[0])); + if (!sockets) + return grub_errno; + +diff --git a/grub-core/net/net.c b/grub-core/net/net.c +index 19ff2d486..0e72bbb9b 100644 +--- a/grub-core/net/net.c ++++ b/grub-core/net/net.c +@@ -338,8 +338,8 @@ grub_cmd_ipv6_autoconf (struct grub_command *cmd __attribute__ ((unused)), + ncards++; + } + +- ifaces = grub_zalloc (ncards * sizeof (ifaces[0])); +- slaacs = grub_zalloc (ncards * sizeof (slaacs[0])); ++ ifaces = grub_calloc (ncards, sizeof (ifaces[0])); ++ slaacs = grub_calloc (ncards, sizeof (slaacs[0])); + if (!ifaces || !slaacs) + { + grub_free (ifaces); +diff --git a/grub-core/normal/charset.c b/grub-core/normal/charset.c +index b0ab47d73..d57fb72fa 100644 +--- a/grub-core/normal/charset.c ++++ b/grub-core/normal/charset.c +@@ -203,7 +203,7 @@ grub_utf8_to_ucs4_alloc (const char *msg, grub_uint32_t **unicode_msg, + { + grub_size_t msg_len = grub_strlen (msg); + +- *unicode_msg = grub_malloc (msg_len * sizeof (grub_uint32_t)); ++ *unicode_msg = grub_calloc (msg_len, sizeof (grub_uint32_t)); + + if (!*unicode_msg) + return -1; +@@ -488,7 +488,7 @@ grub_unicode_aglomerate_comb (const grub_uint32_t *in, grub_size_t inlen, + } + else + { +- n = grub_malloc (sizeof (n[0]) * (out->ncomb + 1)); ++ n = grub_calloc (out->ncomb + 1, sizeof (n[0])); + if (!n) + { + grub_errno = GRUB_ERR_NONE; +@@ -842,7 +842,7 @@ grub_bidi_line_logical_to_visual (const grub_uint32_t *logical, + } \ + } + +- visual = grub_malloc (sizeof (visual[0]) * logical_len); ++ visual = grub_calloc (logical_len, sizeof (visual[0])); + if (!visual) + return -1; + +@@ -1165,8 +1165,8 @@ grub_bidi_logical_to_visual (const grub_uint32_t *logical, + { + const grub_uint32_t *line_start = logical, *ptr; + struct grub_unicode_glyph *visual_ptr; +- *visual_out = visual_ptr = grub_malloc (3 * sizeof (visual_ptr[0]) +- * (logical_len + 2)); ++ *visual_out = visual_ptr = grub_calloc (logical_len + 2, ++ 3 * sizeof (visual_ptr[0])); + if (!visual_ptr) + return -1; + for (ptr = logical; ptr <= logical + logical_len; ptr++) +diff --git a/grub-core/normal/cmdline.c b/grub-core/normal/cmdline.c +index c037d5050..c57242e2e 100644 +--- a/grub-core/normal/cmdline.c ++++ b/grub-core/normal/cmdline.c +@@ -41,7 +41,7 @@ grub_err_t + grub_set_history (int newsize) + { + grub_uint32_t **old_hist_lines = hist_lines; +- hist_lines = grub_malloc (sizeof (grub_uint32_t *) * newsize); ++ hist_lines = grub_calloc (newsize, sizeof (grub_uint32_t *)); + + /* Copy the old lines into the new buffer. */ + if (old_hist_lines) +@@ -114,7 +114,7 @@ static void + grub_history_set (int pos, grub_uint32_t *s, grub_size_t len) + { + grub_free (hist_lines[pos]); +- hist_lines[pos] = grub_malloc ((len + 1) * sizeof (grub_uint32_t)); ++ hist_lines[pos] = grub_calloc (len + 1, sizeof (grub_uint32_t)); + if (!hist_lines[pos]) + { + grub_print_error (); +@@ -349,7 +349,7 @@ grub_cmdline_get (const char *prompt_translated) + char *ret; + unsigned nterms; + +- buf = grub_malloc (max_len * sizeof (grub_uint32_t)); ++ buf = grub_calloc (max_len, sizeof (grub_uint32_t)); + if (!buf) + return 0; + +@@ -377,7 +377,7 @@ grub_cmdline_get (const char *prompt_translated) + FOR_ACTIVE_TERM_OUTPUTS(cur) + nterms++; + +- cl_terms = grub_malloc (sizeof (cl_terms[0]) * nterms); ++ cl_terms = grub_calloc (nterms, sizeof (cl_terms[0])); + if (!cl_terms) + { + grub_free (buf); +@@ -385,7 +385,7 @@ grub_cmdline_get (const char *prompt_translated) + } + cl_term_cur = cl_terms; + +- unicode_msg = grub_malloc (msg_len * sizeof (grub_uint32_t)); ++ unicode_msg = grub_calloc (msg_len, sizeof (grub_uint32_t)); + if (!unicode_msg) + { + grub_free (buf); +@@ -495,7 +495,7 @@ grub_cmdline_get (const char *prompt_translated) + grub_uint32_t *insert; + + insertlen = grub_strlen (insertu8); +- insert = grub_malloc ((insertlen + 1) * sizeof (grub_uint32_t)); ++ insert = grub_calloc (insertlen + 1, sizeof (grub_uint32_t)); + if (!insert) + { + grub_free (insertu8); +@@ -602,7 +602,7 @@ grub_cmdline_get (const char *prompt_translated) + + grub_free (kill_buf); + +- kill_buf = grub_malloc ((n + 1) * sizeof(grub_uint32_t)); ++ kill_buf = grub_calloc (n + 1, sizeof (grub_uint32_t)); + if (grub_errno) + { + grub_print_error (); +diff --git a/grub-core/normal/menu_entry.c b/grub-core/normal/menu_entry.c +index 5785f67ee..f31487c1f 100644 +--- a/grub-core/normal/menu_entry.c ++++ b/grub-core/normal/menu_entry.c +@@ -95,8 +95,8 @@ init_line (struct screen *screen, struct line *linep) + { + linep->len = 0; + linep->max_len = 80; +- linep->buf = grub_malloc ((linep->max_len + 1) * sizeof (linep->buf[0])); +- linep->pos = grub_zalloc (screen->nterms * sizeof (linep->pos[0])); ++ linep->buf = grub_calloc (linep->max_len + 1, sizeof (linep->buf[0])); ++ linep->pos = grub_calloc (screen->nterms, sizeof (linep->pos[0])); + if (! linep->buf || !linep->pos) + { + grub_free (linep->buf); +@@ -287,7 +287,7 @@ update_screen (struct screen *screen, struct per_term_screen *term_screen, + pos = linep->pos + (term_screen - screen->terms); + + if (!*pos) +- *pos = grub_zalloc ((linep->len + 1) * sizeof (**pos)); ++ *pos = grub_calloc (linep->len + 1, sizeof (**pos)); + + if (i == region_start || linep == screen->lines + screen->line + || (i > region_start && mode == ALL_LINES)) +@@ -471,7 +471,7 @@ insert_string (struct screen *screen, const char *s, int update) + + /* Insert the string. */ + current_linep = screen->lines + screen->line; +- unicode_msg = grub_malloc ((p - s) * sizeof (grub_uint32_t)); ++ unicode_msg = grub_calloc (p - s, sizeof (grub_uint32_t)); + + if (!unicode_msg) + return 0; +@@ -1023,7 +1023,7 @@ complete (struct screen *screen, int continuous, int update) + if (completion_buffer.buf) + { + buflen = grub_strlen (completion_buffer.buf); +- ucs4 = grub_malloc (sizeof (grub_uint32_t) * (buflen + 1)); ++ ucs4 = grub_calloc (buflen + 1, sizeof (grub_uint32_t)); + + if (!ucs4) + { +@@ -1265,7 +1265,7 @@ grub_menu_entry_run (grub_menu_entry_t entry) + for (i = 0; i < (unsigned) screen->num_lines; i++) + { + grub_free (screen->lines[i].pos); +- screen->lines[i].pos = grub_zalloc (screen->nterms * sizeof (screen->lines[i].pos[0])); ++ screen->lines[i].pos = grub_calloc (screen->nterms, sizeof (screen->lines[i].pos[0])); + if (! screen->lines[i].pos) + { + grub_print_error (); +@@ -1275,7 +1275,7 @@ grub_menu_entry_run (grub_menu_entry_t entry) + } + } + +- screen->terms = grub_zalloc (screen->nterms * sizeof (screen->terms[0])); ++ screen->terms = grub_calloc (screen->nterms, sizeof (screen->terms[0])); + if (!screen->terms) + { + grub_print_error (); +diff --git a/grub-core/normal/menu_text.c b/grub-core/normal/menu_text.c +index 7681f7d28..ca1356243 100644 +--- a/grub-core/normal/menu_text.c ++++ b/grub-core/normal/menu_text.c +@@ -78,7 +78,7 @@ grub_print_message_indented_real (const char *msg, int margin_left, + grub_size_t msg_len = grub_strlen (msg) + 2; + int ret = 0; + +- unicode_msg = grub_malloc (msg_len * sizeof (grub_uint32_t)); ++ unicode_msg = grub_calloc (msg_len, sizeof (grub_uint32_t)); + + if (!unicode_msg) + return 0; +@@ -167,7 +167,7 @@ print_entry (int y, int highlight, grub_menu_entry_t entry, + + title = entry ? entry->title : ""; + title_len = grub_strlen (title); +- unicode_title = grub_malloc (title_len * sizeof (*unicode_title)); ++ unicode_title = grub_calloc (title_len, sizeof (*unicode_title)); + if (! unicode_title) + /* XXX How to show this error? */ + return; +diff --git a/grub-core/normal/term.c b/grub-core/normal/term.c +index ac5d69f0f..93a3a0d91 100644 +--- a/grub-core/normal/term.c ++++ b/grub-core/normal/term.c +@@ -264,7 +264,7 @@ grub_term_save_pos (void) + FOR_ACTIVE_TERM_OUTPUTS(cur) + cnt++; + +- ret = grub_malloc (cnt * sizeof (ret[0])); ++ ret = grub_calloc (cnt, sizeof (ret[0])); + if (!ret) + return NULL; + +@@ -1013,7 +1013,7 @@ grub_xnputs (const char *str, grub_size_t msg_len) + + grub_error_push (); + +- unicode_str = grub_malloc (msg_len * sizeof (grub_uint32_t)); ++ unicode_str = grub_calloc (msg_len, sizeof (grub_uint32_t)); + + grub_error_pop (); + +diff --git a/grub-core/osdep/linux/getroot.c b/grub-core/osdep/linux/getroot.c +index 388a0f706..e450f5f0a 100644 +--- a/grub-core/osdep/linux/getroot.c ++++ b/grub-core/osdep/linux/getroot.c +@@ -176,7 +176,7 @@ grub_util_raid_getmembers (const char *name, int bootable) + if (ret != 0) + grub_util_error (_("ioctl GET_ARRAY_INFO error: %s"), strerror (errno)); + +- devicelist = xmalloc ((info.nr_disks + 1) * sizeof (char *)); ++ devicelist = xcalloc (info.nr_disks + 1, sizeof (char *)); + + for (i = 0, j = 0; j < info.nr_disks; i++) + { +@@ -249,7 +249,7 @@ grub_find_root_devices_from_btrfs (const char *dir) + return NULL; + } + +- ret = xmalloc ((fsi.num_devices + 1) * sizeof (ret[0])); ++ ret = xcalloc (fsi.num_devices + 1, sizeof (ret[0])); + + for (i = 1; i <= fsi.max_id && j < fsi.num_devices; i++) + { +@@ -508,7 +508,7 @@ grub_find_root_devices_from_mountinfo (const char *dir, char **relroot) + if (relroot) + *relroot = NULL; + +- entries = xmalloc (entry_max * sizeof (*entries)); ++ entries = xcalloc (entry_max, sizeof (*entries)); + + again: + fp = grub_util_fopen ("/proc/self/mountinfo", "r"); +diff --git a/grub-core/osdep/unix/config.c b/grub-core/osdep/unix/config.c +index b637c58ef..46a881530 100644 +--- a/grub-core/osdep/unix/config.c ++++ b/grub-core/osdep/unix/config.c +@@ -102,7 +102,7 @@ grub_util_load_config (struct grub_util_config *cfg) + argv[0] = "sh"; + argv[1] = "-c"; + +- script = xmalloc (4 * strlen (cfgfile) + 300); ++ script = xcalloc (4, strlen (cfgfile) + 300); + + ptr = script; + memcpy (ptr, ". '", 3); +diff --git a/grub-core/osdep/windows/getroot.c b/grub-core/osdep/windows/getroot.c +index 661d95461..eada663b2 100644 +--- a/grub-core/osdep/windows/getroot.c ++++ b/grub-core/osdep/windows/getroot.c +@@ -59,7 +59,7 @@ grub_get_mount_point (const TCHAR *path) + + for (ptr = path; *ptr; ptr++); + allocsize = (ptr - path + 10) * 2; +- out = xmalloc (allocsize * sizeof (out[0])); ++ out = xcalloc (allocsize, sizeof (out[0])); + + /* When pointing to EFI system partition GetVolumePathName fails + for ESP root and returns abberant information for everything +diff --git a/grub-core/osdep/windows/hostdisk.c b/grub-core/osdep/windows/hostdisk.c +index 6f49df465..580b3f2da 100644 +--- a/grub-core/osdep/windows/hostdisk.c ++++ b/grub-core/osdep/windows/hostdisk.c +@@ -111,7 +111,7 @@ grub_util_get_windows_path_real (const char *path) + + while (1) + { +- fpa = xmalloc (alloc * sizeof (fpa[0])); ++ fpa = xcalloc (alloc, sizeof (fpa[0])); + + len = GetFullPathName (tpath, alloc, fpa, NULL); + if (len >= alloc) +@@ -393,7 +393,7 @@ grub_util_fd_opendir (const char *name) + for (l = 0; name_windows[l]; l++); + for (l--; l >= 0 && (name_windows[l] == '\\' || name_windows[l] == '/'); l--); + l++; +- pattern = xmalloc ((l + 3) * sizeof (pattern[0])); ++ pattern = xcalloc (l + 3, sizeof (pattern[0])); + memcpy (pattern, name_windows, l * sizeof (pattern[0])); + pattern[l] = '\\'; + pattern[l + 1] = '*'; +diff --git a/grub-core/osdep/windows/init.c b/grub-core/osdep/windows/init.c +index e8ffd62c6..6297de632 100644 +--- a/grub-core/osdep/windows/init.c ++++ b/grub-core/osdep/windows/init.c +@@ -161,7 +161,7 @@ grub_util_host_init (int *argc __attribute__ ((unused)), + LPWSTR *targv; + + targv = CommandLineToArgvW (tcmdline, argc); +- *argv = xmalloc ((*argc + 1) * sizeof (argv[0])); ++ *argv = xcalloc (*argc + 1, sizeof (argv[0])); + + for (i = 0; i < *argc; i++) + (*argv)[i] = grub_util_tchar_to_utf8 (targv[i]); +diff --git a/grub-core/osdep/windows/platform.c b/grub-core/osdep/windows/platform.c +index 912269191..04e0eda9a 100644 +--- a/grub-core/osdep/windows/platform.c ++++ b/grub-core/osdep/windows/platform.c +@@ -225,8 +225,8 @@ grub_install_register_efi (grub_device_t efidir_grub_dev, + grub_util_error ("%s", _("no EFI routines are available when running in BIOS mode")); + + distrib8_len = grub_strlen (efi_distributor); +- distributor16 = xmalloc ((distrib8_len + 1) * GRUB_MAX_UTF16_PER_UTF8 +- * sizeof (grub_uint16_t)); ++ distributor16 = xcalloc (distrib8_len + 1, ++ GRUB_MAX_UTF16_PER_UTF8 * sizeof (grub_uint16_t)); + distrib16_len = grub_utf8_to_utf16 (distributor16, distrib8_len * GRUB_MAX_UTF16_PER_UTF8, + (const grub_uint8_t *) efi_distributor, + distrib8_len, 0); +diff --git a/grub-core/osdep/windows/relpath.c b/grub-core/osdep/windows/relpath.c +index cb0861744..478e8ef14 100644 +--- a/grub-core/osdep/windows/relpath.c ++++ b/grub-core/osdep/windows/relpath.c +@@ -72,7 +72,7 @@ grub_make_system_path_relative_to_its_root (const char *path) + if (dirwindows[0] && dirwindows[1] == ':') + offset = 2; + } +- ret = xmalloc (sizeof (ret[0]) * (flen - offset + 2)); ++ ret = xcalloc (flen - offset + 2, sizeof (ret[0])); + if (dirwindows[offset] != '\\' + && dirwindows[offset] != '/' + && dirwindows[offset]) +diff --git a/grub-core/partmap/gpt.c b/grub-core/partmap/gpt.c +index 103f6796f..72a2e37cd 100644 +--- a/grub-core/partmap/gpt.c ++++ b/grub-core/partmap/gpt.c +@@ -199,7 +199,7 @@ gpt_partition_map_embed (struct grub_disk *disk, unsigned int *nsectors, + *nsectors = ctx.len; + if (*nsectors > max_nsectors) + *nsectors = max_nsectors; +- *sectors = grub_malloc (*nsectors * sizeof (**sectors)); ++ *sectors = grub_calloc (*nsectors, sizeof (**sectors)); + if (!*sectors) + return grub_errno; + for (i = 0; i < *nsectors; i++) +diff --git a/grub-core/partmap/msdos.c b/grub-core/partmap/msdos.c +index 6d4b455a1..81ca6b90e 100644 +--- a/grub-core/partmap/msdos.c ++++ b/grub-core/partmap/msdos.c +@@ -337,7 +337,7 @@ pc_partition_map_embed (struct grub_disk *disk, unsigned int *nsectors, + avail_nsectors = *nsectors; + if (*nsectors > max_nsectors) + *nsectors = max_nsectors; +- *sectors = grub_malloc (*nsectors * sizeof (**sectors)); ++ *sectors = grub_calloc (*nsectors, sizeof (**sectors)); + if (!*sectors) + return grub_errno; + for (i = 0; i < *nsectors; i++) +diff --git a/grub-core/script/execute.c b/grub-core/script/execute.c +index 7d327f59d..528ddfd36 100644 +--- a/grub-core/script/execute.c ++++ b/grub-core/script/execute.c +@@ -587,7 +587,7 @@ gettext_append (struct grub_script_argv *result, const char *orig_str) + for (iptr = orig_str; *iptr; iptr++) + if (*iptr == '$') + dollar_cnt++; +- ctx.allowed_strings = grub_malloc (sizeof (ctx.allowed_strings[0]) * dollar_cnt); ++ ctx.allowed_strings = grub_calloc (dollar_cnt, sizeof (ctx.allowed_strings[0])); + + if (parse_string (orig_str, gettext_save_allow, &ctx, 0)) + goto fail; +diff --git a/grub-core/tests/fake_input.c b/grub-core/tests/fake_input.c +index 2d6085298..b5eb516be 100644 +--- a/grub-core/tests/fake_input.c ++++ b/grub-core/tests/fake_input.c +@@ -49,7 +49,7 @@ grub_terminal_input_fake_sequence (int *seq_in, int nseq_in) + saved = grub_term_inputs; + if (seq) + grub_free (seq); +- seq = grub_malloc (nseq_in * sizeof (seq[0])); ++ seq = grub_calloc (nseq_in, sizeof (seq[0])); + if (!seq) + return; + +diff --git a/grub-core/tests/video_checksum.c b/grub-core/tests/video_checksum.c +index 74d5b65e5..44d081069 100644 +--- a/grub-core/tests/video_checksum.c ++++ b/grub-core/tests/video_checksum.c +@@ -336,7 +336,7 @@ grub_video_capture_write_bmp (const char *fname, + { + case 4: + { +- grub_uint8_t *buffer = xmalloc (mode_info->width * 3); ++ grub_uint8_t *buffer = xcalloc (3, mode_info->width); + grub_uint32_t rmask = ((1 << mode_info->red_mask_size) - 1); + grub_uint32_t gmask = ((1 << mode_info->green_mask_size) - 1); + grub_uint32_t bmask = ((1 << mode_info->blue_mask_size) - 1); +@@ -367,7 +367,7 @@ grub_video_capture_write_bmp (const char *fname, + } + case 3: + { +- grub_uint8_t *buffer = xmalloc (mode_info->width * 3); ++ grub_uint8_t *buffer = xcalloc (3, mode_info->width); + grub_uint32_t rmask = ((1 << mode_info->red_mask_size) - 1); + grub_uint32_t gmask = ((1 << mode_info->green_mask_size) - 1); + grub_uint32_t bmask = ((1 << mode_info->blue_mask_size) - 1); +@@ -407,7 +407,7 @@ grub_video_capture_write_bmp (const char *fname, + } + case 2: + { +- grub_uint8_t *buffer = xmalloc (mode_info->width * 3); ++ grub_uint8_t *buffer = xcalloc (3, mode_info->width); + grub_uint16_t rmask = ((1 << mode_info->red_mask_size) - 1); + grub_uint16_t gmask = ((1 << mode_info->green_mask_size) - 1); + grub_uint16_t bmask = ((1 << mode_info->blue_mask_size) - 1); +diff --git a/grub-core/video/capture.c b/grub-core/video/capture.c +index 4f83c7441..4d3195e01 100644 +--- a/grub-core/video/capture.c ++++ b/grub-core/video/capture.c +@@ -89,7 +89,7 @@ grub_video_capture_start (const struct grub_video_mode_info *mode_info, + framebuffer.mode_info = *mode_info; + framebuffer.mode_info.blit_format = grub_video_get_blit_format (&framebuffer.mode_info); + +- framebuffer.ptr = grub_malloc (framebuffer.mode_info.height * framebuffer.mode_info.pitch); ++ framebuffer.ptr = grub_calloc (framebuffer.mode_info.height, framebuffer.mode_info.pitch); + if (!framebuffer.ptr) + return grub_errno; + +diff --git a/grub-core/video/emu/sdl.c b/grub-core/video/emu/sdl.c +index a2f639f66..0ebab6f57 100644 +--- a/grub-core/video/emu/sdl.c ++++ b/grub-core/video/emu/sdl.c +@@ -172,7 +172,7 @@ grub_video_sdl_set_palette (unsigned int start, unsigned int count, + if (start + count > mode_info.number_of_colors) + count = mode_info.number_of_colors - start; + +- tmp = grub_malloc (count * sizeof (tmp[0])); ++ tmp = grub_calloc (count, sizeof (tmp[0])); + for (i = 0; i < count; i++) + { + tmp[i].r = palette_data[i].r; +diff --git a/grub-core/video/i386/pc/vga.c b/grub-core/video/i386/pc/vga.c +index 01f47112d..b2f776c99 100644 +--- a/grub-core/video/i386/pc/vga.c ++++ b/grub-core/video/i386/pc/vga.c +@@ -127,7 +127,7 @@ grub_video_vga_setup (unsigned int width, unsigned int height, + + vga_height = height ? : 480; + +- framebuffer.temporary_buffer = grub_malloc (vga_height * VGA_WIDTH); ++ framebuffer.temporary_buffer = grub_calloc (vga_height, VGA_WIDTH); + framebuffer.front_page = 0; + framebuffer.back_page = 0; + if (!framebuffer.temporary_buffer) +diff --git a/grub-core/video/readers/png.c b/grub-core/video/readers/png.c +index e1a01e99f..e85df3c1b 100644 +--- a/grub-core/video/readers/png.c ++++ b/grub-core/video/readers/png.c +@@ -309,7 +309,7 @@ grub_png_decode_image_header (struct grub_png_data *data) + if (data->is_16bit || data->is_gray || data->is_palette) + #endif + { +- data->image_data = grub_malloc (data->image_height * data->row_bytes); ++ data->image_data = grub_calloc (data->image_height, data->row_bytes); + if (grub_errno) + return grub_errno; + +diff --git a/util/getroot.c b/util/getroot.c +index fa3460d6c..6feb2a4de 100644 +--- a/util/getroot.c ++++ b/util/getroot.c +@@ -219,7 +219,7 @@ make_device_name (const char *drive) + char *ret, *ptr; + const char *iptr; + +- ret = xmalloc (strlen (drive) * 2); ++ ret = xcalloc (2, strlen (drive)); + ptr = ret; + for (iptr = drive; *iptr; iptr++) + { +diff --git a/util/grub-file.c b/util/grub-file.c +index 50c18b683..b2e7dd69f 100644 +--- a/util/grub-file.c ++++ b/util/grub-file.c +@@ -54,7 +54,7 @@ main (int argc, char *argv[]) + + grub_util_host_init (&argc, &argv); + +- argv2 = xmalloc (argc * sizeof (argv2[0])); ++ argv2 = xcalloc (argc, sizeof (argv2[0])); + + if (argc == 2 && strcmp (argv[1], "--version") == 0) + { +diff --git a/util/grub-fstest.c b/util/grub-fstest.c +index a358ae471..793aefa02 100644 +--- a/util/grub-fstest.c ++++ b/util/grub-fstest.c +@@ -650,7 +650,7 @@ argp_parser (int key, char *arg, struct argp_state *state) + if (args_count < num_disks) + { + if (args_count == 0) +- images = xmalloc (num_disks * sizeof (images[0])); ++ images = xcalloc (num_disks, sizeof (images[0])); + images[args_count] = grub_canonicalize_file_name (arg); + args_count++; + return 0; +@@ -734,7 +734,7 @@ main (int argc, char *argv[]) + + grub_util_host_init (&argc, &argv); + +- args = xmalloc (argc * sizeof (args[0])); ++ args = xcalloc (argc, sizeof (args[0])); + + argp_parse (&argp, argc, argv, 0, 0, 0); + +diff --git a/util/grub-install-common.c b/util/grub-install-common.c +index 0a2e24a79..cf993c059 100644 +--- a/util/grub-install-common.c ++++ b/util/grub-install-common.c +@@ -281,7 +281,7 @@ handle_install_list (struct install_list *il, const char *val, + il->n_entries++; + } + il->n_alloc = il->n_entries + 1; +- il->entries = xmalloc (il->n_alloc * sizeof (il->entries[0])); ++ il->entries = xcalloc (il->n_alloc, sizeof (il->entries[0])); + ptr = val; + for (ce = il->entries; ; ce++) + { +diff --git a/util/grub-install.c b/util/grub-install.c +index 16f137ca8..3bf0e063a 100644 +--- a/util/grub-install.c ++++ b/util/grub-install.c +@@ -623,7 +623,7 @@ device_map_check_duplicates (const char *dev_map) + if (! fp) + return; + +- d = xmalloc (alloced * sizeof (d[0])); ++ d = xcalloc (alloced, sizeof (d[0])); + + while (fgets (buf, sizeof (buf), fp)) + { +@@ -1232,7 +1232,7 @@ main (int argc, char *argv[]) + ndev++; + } + +- grub_drives = xmalloc (sizeof (grub_drives[0]) * (ndev + 1)); ++ grub_drives = xcalloc (ndev + 1, sizeof (grub_drives[0])); + + for (curdev = grub_devices, curdrive = grub_drives; *curdev; curdev++, + curdrive++) +diff --git a/util/grub-mkimagexx.c b/util/grub-mkimagexx.c +index a483c674c..f9aa1a033 100644 +--- a/util/grub-mkimagexx.c ++++ b/util/grub-mkimagexx.c +@@ -1999,10 +1999,8 @@ SUFFIX (grub_mkimage_load_image) (const char *kernel_path, + + grub_host_to_target16 (e->e_shstrndx) * smd.section_entsize); + smd.strtab = (char *) e + grub_host_to_target_addr (s->sh_offset); + +- smd.addrs = xmalloc (sizeof (*smd.addrs) * smd.num_sections); +- memset (smd.addrs, 0, sizeof (*smd.addrs) * smd.num_sections); +- smd.vaddrs = xmalloc (sizeof (*smd.vaddrs) * smd.num_sections); +- memset (smd.vaddrs, 0, sizeof (*smd.vaddrs) * smd.num_sections); ++ smd.addrs = xcalloc (smd.num_sections, sizeof (*smd.addrs)); ++ smd.vaddrs = xcalloc (smd.num_sections, sizeof (*smd.vaddrs)); + + SUFFIX (locate_sections) (e, kernel_path, &smd, layout, image_target); + +diff --git a/util/grub-mkrescue.c b/util/grub-mkrescue.c +index 9545945d8..21e72bde4 100644 +--- a/util/grub-mkrescue.c ++++ b/util/grub-mkrescue.c +@@ -441,8 +441,8 @@ main (int argc, char *argv[]) + xorriso = xstrdup ("xorriso"); + label_font = grub_util_path_concat (2, pkgdatadir, "unicode.pf2"); + +- argp_argv = xmalloc (sizeof (argp_argv[0]) * argc); +- xorriso_tail_argv = xmalloc (sizeof (argp_argv[0]) * argc); ++ argp_argv = xcalloc (argc, sizeof (argp_argv[0])); ++ xorriso_tail_argv = xcalloc (argc, sizeof (argp_argv[0])); + + xorriso_tail_argc = 0; + /* Program name */ +diff --git a/util/grub-mkstandalone.c b/util/grub-mkstandalone.c +index 4907d44c0..edf309717 100644 +--- a/util/grub-mkstandalone.c ++++ b/util/grub-mkstandalone.c +@@ -296,7 +296,7 @@ main (int argc, char *argv[]) + grub_util_host_init (&argc, &argv); + grub_util_disable_fd_syncs (); + +- files = xmalloc ((argc + 1) * sizeof (files[0])); ++ files = xcalloc (argc + 1, sizeof (files[0])); + + argp_parse (&argp, argc, argv, 0, 0, 0); + +diff --git a/util/grub-pe2elf.c b/util/grub-pe2elf.c +index 0d4084a10..11331294f 100644 +--- a/util/grub-pe2elf.c ++++ b/util/grub-pe2elf.c +@@ -100,9 +100,9 @@ write_section_data (FILE* fp, const char *name, char *image, + char *pe_strtab = (image + pe_chdr->symtab_offset + + pe_chdr->num_symbols * sizeof (struct grub_pe32_symbol)); + +- section_map = xmalloc ((2 * pe_chdr->num_sections + 5) * sizeof (int)); ++ section_map = xcalloc (2 * pe_chdr->num_sections + 5, sizeof (int)); + section_map[0] = 0; +- shdr = xmalloc ((2 * pe_chdr->num_sections + 5) * sizeof (shdr[0])); ++ shdr = xcalloc (2 * pe_chdr->num_sections + 5, sizeof (shdr[0])); + idx = 1; + idx_reloc = pe_chdr->num_sections + 1; + +@@ -233,7 +233,7 @@ write_reloc_section (FILE* fp, const char *name, char *image, + + pe_sec = pe_shdr + shdr[i].sh_link; + pe_rel = (struct grub_pe32_reloc *) (image + pe_sec->relocations_offset); +- rel = (elf_reloc_t *) xmalloc (pe_sec->num_relocations * sizeof (elf_reloc_t)); ++ rel = (elf_reloc_t *) xcalloc (pe_sec->num_relocations, sizeof (elf_reloc_t)); + num_rels = 0; + modified = 0; + +@@ -365,12 +365,10 @@ write_symbol_table (FILE* fp, const char *name, char *image, + pe_symtab = (struct grub_pe32_symbol *) (image + pe_chdr->symtab_offset); + pe_strtab = (char *) (pe_symtab + pe_chdr->num_symbols); + +- symtab = (Elf_Sym *) xmalloc ((pe_chdr->num_symbols + 1) * +- sizeof (Elf_Sym)); +- memset (symtab, 0, (pe_chdr->num_symbols + 1) * sizeof (Elf_Sym)); ++ symtab = (Elf_Sym *) xcalloc (pe_chdr->num_symbols + 1, sizeof (Elf_Sym)); + num_syms = 1; + +- symtab_map = (int *) xmalloc (pe_chdr->num_symbols * sizeof (int)); ++ symtab_map = (int *) xcalloc (pe_chdr->num_symbols, sizeof (int)); + + for (i = 0; i < (int) pe_chdr->num_symbols; + i += pe_symtab->num_aux + 1, pe_symtab += pe_symtab->num_aux + 1) +diff --git a/util/grub-probe.c b/util/grub-probe.c +index e45dbf9e0..2a8c2cdff 100644 +--- a/util/grub-probe.c ++++ b/util/grub-probe.c +@@ -361,8 +361,8 @@ probe (const char *path, char **device_names, char delim) + grub_util_pull_device (*curdev); + ndev++; + } +- +- drives_names = xmalloc (sizeof (drives_names[0]) * (ndev + 1)); ++ ++ drives_names = xcalloc (ndev + 1, sizeof (drives_names[0])); + + for (curdev = device_names, curdrive = drives_names; *curdev; curdev++, + curdrive++) +diff --git a/include/grub/unicode.h b/include/grub/unicode.h +index a0403e91f..4de986a85 100644 +--- a/include/grub/unicode.h ++++ b/include/grub/unicode.h +@@ -293,7 +293,7 @@ grub_unicode_glyph_dup (const struct grub_unicode_glyph *in) + grub_memcpy (out, in, sizeof (*in)); + if (in->ncomb > ARRAY_SIZE (out->combining_inline)) + { +- out->combining_ptr = grub_malloc (in->ncomb * sizeof (out->combining_ptr[0])); ++ out->combining_ptr = grub_calloc (in->ncomb, sizeof (out->combining_ptr[0])); + if (!out->combining_ptr) + { + grub_free (out); +@@ -315,7 +315,7 @@ grub_unicode_set_glyph (struct grub_unicode_glyph *out, + grub_memcpy (out, in, sizeof (*in)); + if (in->ncomb > ARRAY_SIZE (out->combining_inline)) + { +- out->combining_ptr = grub_malloc (in->ncomb * sizeof (out->combining_ptr[0])); ++ out->combining_ptr = grub_calloc (in->ncomb, sizeof (out->combining_ptr[0])); + if (!out->combining_ptr) + return; + grub_memcpy (out->combining_ptr, in->combining_ptr, diff --git a/SOURCES/0285-malloc-Use-overflow-checking-primitives-where-we-do-.patch b/SOURCES/0285-malloc-Use-overflow-checking-primitives-where-we-do-.patch new file mode 100644 index 0000000..38e4972 --- /dev/null +++ b/SOURCES/0285-malloc-Use-overflow-checking-primitives-where-we-do-.patch @@ -0,0 +1,1320 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Mon, 15 Jun 2020 12:28:27 -0400 +Subject: [PATCH] malloc: Use overflow checking primitives where we do complex + allocations + +This attempts to fix the places where we do the following where +arithmetic_expr may include unvalidated data: + + X = grub_malloc(arithmetic_expr); + +It accomplishes this by doing the arithmetic ahead of time using grub_add(), +grub_sub(), grub_mul() and testing for overflow before proceeding. + +Among other issues, this fixes: + - allocation of integer overflow in grub_video_bitmap_create() + reported by Chris Coulson, + - allocation of integer overflow in grub_png_decode_image_header() + reported by Chris Coulson, + - allocation of integer overflow in grub_squash_read_symlink() + reported by Chris Coulson, + - allocation of integer overflow in grub_ext2_read_symlink() + reported by Chris Coulson, + - allocation of integer overflow in read_section_as_string() + reported by Chris Coulson. + +Fixes: CVE-2020-14309, CVE-2020-14310, CVE-2020-14311 + +Signed-off-by: Peter Jones +Reviewed-by: Daniel Kiper +Upstream-commit-id: 5fb2befbf04 +--- + grub-core/commands/legacycfg.c | 29 +++++++++++++++++++----- + grub-core/commands/wildcard.c | 36 ++++++++++++++++++++++++----- + grub-core/disk/ldm.c | 32 ++++++++++++++++++-------- + grub-core/font/font.c | 7 +++++- + grub-core/fs/btrfs.c | 29 ++++++++++++++++-------- + grub-core/fs/ext2.c | 10 ++++++++- + grub-core/fs/iso9660.c | 51 +++++++++++++++++++++++++++++------------- + grub-core/fs/sfs.c | 27 +++++++++++++++++----- + grub-core/fs/squash4.c | 45 ++++++++++++++++++++++++++++--------- + grub-core/fs/udf.c | 41 +++++++++++++++++++++------------ + grub-core/fs/xfs.c | 11 +++++---- + grub-core/fs/zfs/zfs.c | 22 ++++++++++++------ + grub-core/fs/zfs/zfscrypt.c | 7 +++++- + grub-core/lib/arg.c | 20 +++++++++++++++-- + grub-core/loader/i386/bsd.c | 8 ++++++- + grub-core/net/dns.c | 9 +++++++- + grub-core/normal/charset.c | 10 +++++++-- + grub-core/normal/cmdline.c | 14 ++++++++++-- + grub-core/normal/menu_entry.c | 13 +++++++++-- + grub-core/script/argv.c | 16 +++++++++++-- + grub-core/script/lexer.c | 21 ++++++++++++++--- + grub-core/video/bitmap.c | 25 +++++++++++++-------- + grub-core/video/readers/png.c | 13 +++++++++-- + 23 files changed, 383 insertions(+), 113 deletions(-) + +diff --git a/grub-core/commands/legacycfg.c b/grub-core/commands/legacycfg.c +index da66a8927..0de070eac 100644 +--- a/grub-core/commands/legacycfg.c ++++ b/grub-core/commands/legacycfg.c +@@ -32,6 +32,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -104,13 +105,22 @@ legacy_file (const char *filename) + if (newsuffix) + { + char *t; +- ++ grub_size_t sz; ++ ++ if (grub_add (grub_strlen (suffix), grub_strlen (newsuffix), &sz) || ++ grub_add (sz, 1, &sz)) ++ { ++ grub_errno = GRUB_ERR_OUT_OF_RANGE; ++ goto fail_0; ++ } ++ + t = suffix; +- suffix = grub_realloc (suffix, grub_strlen (suffix) +- + grub_strlen (newsuffix) + 1); ++ suffix = grub_realloc (suffix, sz); + if (!suffix) + { + grub_free (t); ++ ++ fail_0: + grub_free (entrysrc); + grub_free (parsed); + grub_free (newsuffix); +@@ -154,13 +164,22 @@ legacy_file (const char *filename) + else + { + char *t; ++ grub_size_t sz; ++ ++ if (grub_add (grub_strlen (entrysrc), grub_strlen (parsed), &sz) || ++ grub_add (sz, 1, &sz)) ++ { ++ grub_errno = GRUB_ERR_OUT_OF_RANGE; ++ goto fail_1; ++ } + + t = entrysrc; +- entrysrc = grub_realloc (entrysrc, grub_strlen (entrysrc) +- + grub_strlen (parsed) + 1); ++ entrysrc = grub_realloc (entrysrc, sz); + if (!entrysrc) + { + grub_free (t); ++ ++ fail_1: + grub_free (parsed); + grub_free (suffix); + return grub_errno; +diff --git a/grub-core/commands/wildcard.c b/grub-core/commands/wildcard.c +index 02c46f9fd..c22341137 100644 +--- a/grub-core/commands/wildcard.c ++++ b/grub-core/commands/wildcard.c +@@ -23,6 +23,7 @@ + #include + #include + #include ++#include + + #include + +@@ -48,6 +49,7 @@ merge (char **dest, char **ps) + int i; + int j; + char **p; ++ grub_size_t sz; + + if (! dest) + return ps; +@@ -60,7 +62,12 @@ merge (char **dest, char **ps) + for (j = 0; ps[j]; j++) + ; + +- p = grub_realloc (dest, sizeof (char*) * (i + j + 1)); ++ if (grub_add (i, j, &sz) || ++ grub_add (sz, 1, &sz) || ++ grub_mul (sz, sizeof (char *), &sz)) ++ return dest; ++ ++ p = grub_realloc (dest, sz); + if (! p) + { + grub_free (dest); +@@ -115,8 +122,15 @@ make_regex (const char *start, const char *end, regex_t *regexp) + char ch; + int i = 0; + unsigned len = end - start; +- char *buffer = grub_malloc (len * 2 + 2 + 1); /* worst case size. */ ++ char *buffer; ++ grub_size_t sz; + ++ /* Worst case size is (len * 2 + 2 + 1). */ ++ if (grub_mul (len, 2, &sz) || ++ grub_add (sz, 3, &sz)) ++ return 1; ++ ++ buffer = grub_malloc (sz); + if (! buffer) + return 1; + +@@ -226,6 +240,7 @@ match_devices_iter (const char *name, void *data) + struct match_devices_ctx *ctx = data; + char **t; + char *buffer; ++ grub_size_t sz; + + /* skip partitions if asked to. */ + if (ctx->noparts && grub_strchr (name, ',')) +@@ -239,11 +254,16 @@ match_devices_iter (const char *name, void *data) + if (regexec (ctx->regexp, buffer, 0, 0, 0)) + { + grub_dprintf ("expand", "not matched\n"); ++ fail: + grub_free (buffer); + return 0; + } + +- t = grub_realloc (ctx->devs, sizeof (char*) * (ctx->ndev + 2)); ++ if (grub_add (ctx->ndev, 2, &sz) || ++ grub_mul (sz, sizeof (char *), &sz)) ++ goto fail; ++ ++ t = grub_realloc (ctx->devs, sz); + if (! t) + { + grub_free (buffer); +@@ -300,6 +320,7 @@ match_files_iter (const char *name, + struct match_files_ctx *ctx = data; + char **t; + char *buffer; ++ grub_size_t sz; + + /* skip . and .. names */ + if (grub_strcmp(".", name) == 0 || grub_strcmp("..", name) == 0) +@@ -315,9 +336,14 @@ match_files_iter (const char *name, + if (! buffer) + return 1; + +- t = grub_realloc (ctx->files, sizeof (char*) * (ctx->nfile + 2)); +- if (! t) ++ if (grub_add (ctx->nfile, 2, &sz) || ++ grub_mul (sz, sizeof (char *), &sz)) ++ goto fail; ++ ++ t = grub_realloc (ctx->files, sz); ++ if (!t) + { ++ fail: + grub_free (buffer); + return 1; + } +diff --git a/grub-core/disk/ldm.c b/grub-core/disk/ldm.c +index e6323701a..58f8a53e1 100644 +--- a/grub-core/disk/ldm.c ++++ b/grub-core/disk/ldm.c +@@ -25,6 +25,7 @@ + #include + #include + #include ++#include + + #ifdef GRUB_UTIL + #include +@@ -289,6 +290,7 @@ make_vg (grub_disk_t disk, + struct grub_ldm_vblk vblk[GRUB_DISK_SECTOR_SIZE + / sizeof (struct grub_ldm_vblk)]; + unsigned i; ++ grub_size_t sz; + err = grub_disk_read (disk, cursec, 0, + sizeof(vblk), &vblk); + if (err) +@@ -350,7 +352,13 @@ make_vg (grub_disk_t disk, + grub_free (lv); + goto fail2; + } +- lv->name = grub_malloc (*ptr + 1); ++ if (grub_add (*ptr, 1, &sz)) ++ { ++ grub_free (lv->internal_id); ++ grub_free (lv); ++ goto fail2; ++ } ++ lv->name = grub_malloc (sz); + if (!lv->name) + { + grub_free (lv->internal_id); +@@ -599,10 +607,13 @@ make_vg (grub_disk_t disk, + if (lv->segments->node_alloc == lv->segments->node_count) + { + void *t; +- lv->segments->node_alloc *= 2; +- t = grub_realloc (lv->segments->nodes, +- sizeof (*lv->segments->nodes) +- * lv->segments->node_alloc); ++ grub_size_t sz; ++ ++ if (grub_mul (lv->segments->node_alloc, 2, &lv->segments->node_alloc) || ++ grub_mul (lv->segments->node_alloc, sizeof (*lv->segments->nodes), &sz)) ++ goto fail2; ++ ++ t = grub_realloc (lv->segments->nodes, sz); + if (!t) + goto fail2; + lv->segments->nodes = t; +@@ -723,10 +734,13 @@ make_vg (grub_disk_t disk, + if (comp->segment_alloc == comp->segment_count) + { + void *t; +- comp->segment_alloc *= 2; +- t = grub_realloc (comp->segments, +- comp->segment_alloc +- * sizeof (*comp->segments)); ++ grub_size_t sz; ++ ++ if (grub_mul (comp->segment_alloc, 2, &comp->segment_alloc) || ++ grub_mul (comp->segment_alloc, sizeof (*comp->segments), &sz)) ++ goto fail2; ++ ++ t = grub_realloc (comp->segments, sz); + if (!t) + goto fail2; + comp->segments = t; +diff --git a/grub-core/font/font.c b/grub-core/font/font.c +index 68967dc1c..d63354fb5 100644 +--- a/grub-core/font/font.c ++++ b/grub-core/font/font.c +@@ -30,6 +30,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -360,9 +361,13 @@ static char * + read_section_as_string (struct font_file_section *section) + { + char *str; ++ grub_size_t sz; + grub_ssize_t ret; + +- str = grub_malloc (section->length + 1); ++ if (grub_add (section->length, 1, &sz)) ++ return NULL; ++ ++ str = grub_malloc (sz); + if (!str) + return 0; + +diff --git a/grub-core/fs/btrfs.c b/grub-core/fs/btrfs.c +index 8c8aa9c31..1d801f6c9 100644 +--- a/grub-core/fs/btrfs.c ++++ b/grub-core/fs/btrfs.c +@@ -33,6 +33,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -321,9 +322,13 @@ save_ref (struct grub_btrfs_leaf_descriptor *desc, + if (desc->allocated < desc->depth) + { + void *newdata; +- desc->allocated *= 2; +- newdata = grub_realloc (desc->data, sizeof (desc->data[0]) +- * desc->allocated); ++ grub_size_t sz; ++ ++ if (grub_mul (desc->allocated, 2, &desc->allocated) || ++ grub_mul (desc->allocated, sizeof (desc->data[0]), &sz)) ++ return GRUB_ERR_OUT_OF_RANGE; ++ ++ newdata = grub_realloc (desc->data, sz); + if (!newdata) + return grub_errno; + desc->data = newdata; +@@ -618,15 +623,21 @@ find_device (struct grub_btrfs_data *data, grub_uint64_t id, int do_rescan) + if (data->n_devices_attached > data->n_devices_allocated) + { + void *tmp; +- data->n_devices_allocated = 2 * data->n_devices_attached + 1; +- data->devices_attached +- = grub_realloc (tmp = data->devices_attached, +- data->n_devices_allocated +- * sizeof (data->devices_attached[0])); ++ grub_size_t sz; ++ ++ if (grub_mul (data->n_devices_attached, 2, &data->n_devices_allocated) || ++ grub_add (data->n_devices_allocated, 1, &data->n_devices_allocated) || ++ grub_mul (data->n_devices_allocated, sizeof (data->devices_attached[0]), &sz)) ++ goto fail; ++ ++ data->devices_attached = grub_realloc (tmp = data->devices_attached, sz); + if (!data->devices_attached) + { +- grub_device_close (ctx.dev_found); + data->devices_attached = tmp; ++ ++ fail: ++ if (ctx.dev_found) ++ grub_device_close (ctx.dev_found); + return NULL; + } + } +diff --git a/grub-core/fs/ext2.c b/grub-core/fs/ext2.c +index b8ad75a0f..b4bd019f4 100644 +--- a/grub-core/fs/ext2.c ++++ b/grub-core/fs/ext2.c +@@ -46,6 +46,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -703,6 +704,7 @@ grub_ext2_read_symlink (grub_fshelp_node_t node) + { + char *symlink; + struct grub_fshelp_node *diro = node; ++ grub_size_t sz; + + if (! diro->inode_read) + { +@@ -717,7 +719,13 @@ grub_ext2_read_symlink (grub_fshelp_node_t node) + } + } + +- symlink = grub_malloc (grub_le_to_cpu32 (diro->inode.size) + 1); ++ if (grub_add (grub_le_to_cpu32 (diro->inode.size), 1, &sz)) ++ { ++ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); ++ return NULL; ++ } ++ ++ symlink = grub_malloc (sz); + if (! symlink) + return 0; + +diff --git a/grub-core/fs/iso9660.c b/grub-core/fs/iso9660.c +index 092b8f409..f45841e2b 100644 +--- a/grub-core/fs/iso9660.c ++++ b/grub-core/fs/iso9660.c +@@ -28,6 +28,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -531,8 +532,13 @@ add_part (struct iterate_dir_ctx *ctx, + int len2) + { + int size = ctx->symlink ? grub_strlen (ctx->symlink) : 0; ++ grub_size_t sz; + +- ctx->symlink = grub_realloc (ctx->symlink, size + len2 + 1); ++ if (grub_add (size, len2, &sz) || ++ grub_add (sz, 1, &sz)) ++ return; ++ ++ ctx->symlink = grub_realloc (ctx->symlink, sz); + if (! ctx->symlink) + return; + +@@ -560,17 +566,24 @@ susp_iterate_dir (struct grub_iso9660_susp_entry *entry, + { + grub_size_t off = 0, csize = 1; + char *old; ++ grub_size_t sz; ++ + csize = entry->len - 5; + old = ctx->filename; + if (ctx->filename_alloc) + { + off = grub_strlen (ctx->filename); +- ctx->filename = grub_realloc (ctx->filename, csize + off + 1); ++ if (grub_add (csize, off, &sz) || ++ grub_add (sz, 1, &sz)) ++ return GRUB_ERR_OUT_OF_RANGE; ++ ctx->filename = grub_realloc (ctx->filename, sz); + } + else + { + off = 0; +- ctx->filename = grub_zalloc (csize + 1); ++ if (grub_add (csize, 1, &sz)) ++ return GRUB_ERR_OUT_OF_RANGE; ++ ctx->filename = grub_zalloc (sz); + } + if (!ctx->filename) + { +@@ -776,14 +789,18 @@ grub_iso9660_iterate_dir (grub_fshelp_node_t dir, + if (node->have_dirents >= node->alloc_dirents) + { + struct grub_fshelp_node *new_node; +- node->alloc_dirents *= 2; +- new_node = grub_realloc (node, +- sizeof (struct grub_fshelp_node) +- + ((node->alloc_dirents +- - ARRAY_SIZE (node->dirents)) +- * sizeof (node->dirents[0]))); ++ grub_size_t sz; ++ ++ if (grub_mul (node->alloc_dirents, 2, &node->alloc_dirents) || ++ grub_sub (node->alloc_dirents, ARRAY_SIZE (node->dirents), &sz) || ++ grub_mul (sz, sizeof (node->dirents[0]), &sz) || ++ grub_add (sz, sizeof (struct grub_fshelp_node), &sz)) ++ goto fail_0; ++ ++ new_node = grub_realloc (node, sz); + if (!new_node) + { ++ fail_0: + if (ctx.filename_alloc) + grub_free (ctx.filename); + grub_free (node); +@@ -799,14 +816,18 @@ grub_iso9660_iterate_dir (grub_fshelp_node_t dir, + * sizeof (node->dirents[0]) < grub_strlen (ctx.symlink) + 1) + { + struct grub_fshelp_node *new_node; +- new_node = grub_realloc (node, +- sizeof (struct grub_fshelp_node) +- + ((node->alloc_dirents +- - ARRAY_SIZE (node->dirents)) +- * sizeof (node->dirents[0])) +- + grub_strlen (ctx.symlink) + 1); ++ grub_size_t sz; ++ ++ if (grub_sub (node->alloc_dirents, ARRAY_SIZE (node->dirents), &sz) || ++ grub_mul (sz, sizeof (node->dirents[0]), &sz) || ++ grub_add (sz, sizeof (struct grub_fshelp_node) + 1, &sz) || ++ grub_add (sz, grub_strlen (ctx.symlink), &sz)) ++ goto fail_1; ++ ++ new_node = grub_realloc (node, sz); + if (!new_node) + { ++ fail_1: + if (ctx.filename_alloc) + grub_free (ctx.filename); + grub_free (node); +diff --git a/grub-core/fs/sfs.c b/grub-core/fs/sfs.c +index 663931717..3ddc6b5e2 100644 +--- a/grub-core/fs/sfs.c ++++ b/grub-core/fs/sfs.c +@@ -26,6 +26,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -307,10 +308,15 @@ grub_sfs_read_block (grub_fshelp_node_t node, grub_disk_addr_t fileblock) + if (node->cache && node->cache_size >= node->cache_allocated) + { + struct cache_entry *e = node->cache; +- e = grub_realloc (node->cache,node->cache_allocated * 2 +- * sizeof (e[0])); ++ grub_size_t sz; ++ ++ if (grub_mul (node->cache_allocated, 2 * sizeof (e[0]), &sz)) ++ goto fail; ++ ++ e = grub_realloc (node->cache, sz); + if (!e) + { ++ fail: + grub_errno = 0; + grub_free (node->cache); + node->cache = 0; +@@ -477,10 +483,16 @@ grub_sfs_create_node (struct grub_fshelp_node **node, + grub_size_t len = grub_strlen (name); + grub_uint8_t *name_u8; + int ret; ++ grub_size_t sz; ++ ++ if (grub_mul (len, GRUB_MAX_UTF8_PER_LATIN1, &sz) || ++ grub_add (sz, 1, &sz)) ++ return 1; ++ + *node = grub_malloc (sizeof (**node)); + if (!*node) + return 1; +- name_u8 = grub_malloc (len * GRUB_MAX_UTF8_PER_LATIN1 + 1); ++ name_u8 = grub_malloc (sz); + if (!name_u8) + { + grub_free (*node); +@@ -724,8 +736,13 @@ grub_sfs_label (grub_device_t device, char **label) + data = grub_sfs_mount (disk); + if (data) + { +- grub_size_t len = grub_strlen (data->label); +- *label = grub_malloc (len * GRUB_MAX_UTF8_PER_LATIN1 + 1); ++ grub_size_t sz, len = grub_strlen (data->label); ++ ++ if (grub_mul (len, GRUB_MAX_UTF8_PER_LATIN1, &sz) || ++ grub_add (sz, 1, &sz)) ++ return GRUB_ERR_OUT_OF_RANGE; ++ ++ *label = grub_malloc (sz); + if (*label) + *grub_latin1_to_utf8 ((grub_uint8_t *) *label, + (const grub_uint8_t *) data->label, +diff --git a/grub-core/fs/squash4.c b/grub-core/fs/squash4.c +index 2c967c65a..f9bef38fc 100644 +--- a/grub-core/fs/squash4.c ++++ b/grub-core/fs/squash4.c +@@ -26,6 +26,7 @@ + #include + #include + #include ++#include + #include + + #include "xz.h" +@@ -459,7 +460,17 @@ grub_squash_read_symlink (grub_fshelp_node_t node) + { + char *ret; + grub_err_t err; +- ret = grub_malloc (grub_le_to_cpu32 (node->ino.symlink.namelen) + 1); ++ grub_size_t sz; ++ ++ if (grub_add (grub_le_to_cpu32 (node->ino.symlink.namelen), 1, &sz)) ++ { ++ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); ++ return NULL; ++ } ++ ++ ret = grub_malloc (sz); ++ if (!ret) ++ return NULL; + + err = read_chunk (node->data, ret, + grub_le_to_cpu32 (node->ino.symlink.namelen), +@@ -506,11 +517,16 @@ grub_squash_iterate_dir (grub_fshelp_node_t dir, + + { + grub_fshelp_node_t node; +- node = grub_malloc (sizeof (*node) + dir->stsize * sizeof (dir->stack[0])); ++ grub_size_t sz; ++ ++ if (grub_mul (dir->stsize, sizeof (dir->stack[0]), &sz) || ++ grub_add (sz, sizeof (*node), &sz)) ++ return 0; ++ ++ node = grub_malloc (sz); + if (!node) + return 0; +- grub_memcpy (node, dir, +- sizeof (*node) + dir->stsize * sizeof (dir->stack[0])); ++ grub_memcpy (node, dir, sz); + if (hook (".", GRUB_FSHELP_DIR, node, hook_data)) + return 1; + +@@ -518,12 +534,15 @@ grub_squash_iterate_dir (grub_fshelp_node_t dir, + { + grub_err_t err; + +- node = grub_malloc (sizeof (*node) + dir->stsize * sizeof (dir->stack[0])); ++ if (grub_mul (dir->stsize, sizeof (dir->stack[0]), &sz) || ++ grub_add (sz, sizeof (*node), &sz)) ++ return 0; ++ ++ node = grub_malloc (sz); + if (!node) + return 0; + +- grub_memcpy (node, dir, +- sizeof (*node) + dir->stsize * sizeof (dir->stack[0])); ++ grub_memcpy (node, dir, sz); + + node->stsize--; + err = read_chunk (dir->data, &node->ino, sizeof (node->ino), +@@ -557,6 +576,7 @@ grub_squash_iterate_dir (grub_fshelp_node_t dir, + enum grub_fshelp_filetype filetype = GRUB_FSHELP_REG; + struct grub_squash_dirent di; + struct grub_squash_inode ino; ++ grub_size_t sz; + + err = read_chunk (dir->data, &di, sizeof (di), + grub_le_to_cpu64 (dir->data->sb.diroffset) +@@ -589,13 +609,16 @@ grub_squash_iterate_dir (grub_fshelp_node_t dir, + if (grub_le_to_cpu16 (di.type) == SQUASH_TYPE_SYMLINK) + filetype = GRUB_FSHELP_SYMLINK; + +- node = grub_malloc (sizeof (*node) +- + (dir->stsize + 1) * sizeof (dir->stack[0])); ++ if (grub_add (dir->stsize, 1, &sz) || ++ grub_mul (sz, sizeof (dir->stack[0]), &sz) || ++ grub_add (sz, sizeof (*node), &sz)) ++ return 0; ++ ++ node = grub_malloc (sz); + if (! node) + return 0; + +- grub_memcpy (node, dir, +- sizeof (*node) + dir->stsize * sizeof (dir->stack[0])); ++ grub_memcpy (node, dir, sz - sizeof(dir->stack[0])); + + node->ino = ino; + node->stack[node->stsize].ino_chunk = grub_le_to_cpu32 (dh.ino_chunk); +diff --git a/grub-core/fs/udf.c b/grub-core/fs/udf.c +index 44481da7c..be41b48f9 100644 +--- a/grub-core/fs/udf.c ++++ b/grub-core/fs/udf.c +@@ -28,6 +28,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -890,9 +891,19 @@ read_string (const grub_uint8_t *raw, grub_size_t sz, char *outbuf) + utf16[i] = (raw[2 * i + 1] << 8) | raw[2*i + 2]; + } + if (!outbuf) +- outbuf = grub_malloc (utf16len * GRUB_MAX_UTF8_PER_UTF16 + 1); ++ { ++ grub_size_t size; ++ ++ if (grub_mul (utf16len, GRUB_MAX_UTF8_PER_UTF16, &size) || ++ grub_add (size, 1, &size)) ++ goto fail; ++ ++ outbuf = grub_malloc (size); ++ } + if (outbuf) + *grub_utf16_to_utf8 ((grub_uint8_t *) outbuf, utf16, utf16len) = '\0'; ++ ++ fail: + grub_free (utf16); + return outbuf; + } +@@ -1005,7 +1016,7 @@ grub_udf_read_symlink (grub_fshelp_node_t node) + grub_size_t sz = U64 (node->block.fe.file_size); + grub_uint8_t *raw; + const grub_uint8_t *ptr; +- char *out, *optr; ++ char *out = NULL, *optr; + + if (sz < 4) + return NULL; +@@ -1013,14 +1024,16 @@ grub_udf_read_symlink (grub_fshelp_node_t node) + if (!raw) + return NULL; + if (grub_udf_read_file (node, NULL, NULL, 0, sz, (char *) raw) < 0) +- { +- grub_free (raw); +- return NULL; +- } ++ goto fail_1; + +- out = grub_malloc (sz * 2 + 1); ++ if (grub_mul (sz, 2, &sz) || ++ grub_add (sz, 1, &sz)) ++ goto fail_0; ++ ++ out = grub_malloc (sz); + if (!out) + { ++ fail_0: + grub_free (raw); + return NULL; + } +@@ -1031,17 +1044,17 @@ grub_udf_read_symlink (grub_fshelp_node_t node) + { + grub_size_t s; + if ((grub_size_t) (ptr - raw + 4) > sz) +- goto fail; ++ goto fail_1; + if (!(ptr[2] == 0 && ptr[3] == 0)) +- goto fail; ++ goto fail_1; + s = 4 + ptr[1]; + if ((grub_size_t) (ptr - raw + s) > sz) +- goto fail; ++ goto fail_1; + switch (*ptr) + { + case 1: + if (ptr[1]) +- goto fail; ++ goto fail_1; + /* Fallthrough. */ + case 2: + /* in 4 bytes. out: 1 byte. */ +@@ -1066,11 +1079,11 @@ grub_udf_read_symlink (grub_fshelp_node_t node) + if (optr != out) + *optr++ = '/'; + if (!read_string (ptr + 4, s - 4, optr)) +- goto fail; ++ goto fail_1; + optr += grub_strlen (optr); + break; + default: +- goto fail; ++ goto fail_1; + } + ptr += s; + } +@@ -1078,7 +1091,7 @@ grub_udf_read_symlink (grub_fshelp_node_t node) + grub_free (raw); + return out; + +- fail: ++ fail_1: + grub_free (raw); + grub_free (out); + grub_error (GRUB_ERR_BAD_FS, "invalid symlink"); +diff --git a/grub-core/fs/xfs.c b/grub-core/fs/xfs.c +index 3b00c744e..66e66dd58 100644 +--- a/grub-core/fs/xfs.c ++++ b/grub-core/fs/xfs.c +@@ -25,6 +25,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -899,6 +900,7 @@ static struct grub_xfs_data * + grub_xfs_mount (grub_disk_t disk) + { + struct grub_xfs_data *data = 0; ++ grub_size_t sz; + + data = grub_zalloc (sizeof (struct grub_xfs_data)); + if (!data) +@@ -913,10 +915,11 @@ grub_xfs_mount (grub_disk_t disk) + if (!grub_xfs_sb_valid(data)) + goto fail; + +- data = grub_realloc (data, +- sizeof (struct grub_xfs_data) +- - sizeof (struct grub_xfs_inode) +- + grub_xfs_inode_size(data) + 1); ++ if (grub_add (grub_xfs_inode_size (data), ++ sizeof (struct grub_xfs_data) - sizeof (struct grub_xfs_inode) + 1, &sz)) ++ goto fail; ++ ++ data = grub_realloc (data, sz); + + if (! data) + goto fail; +diff --git a/grub-core/fs/zfs/zfs.c b/grub-core/fs/zfs/zfs.c +index f6b95d4fb..c6204367e 100644 +--- a/grub-core/fs/zfs/zfs.c ++++ b/grub-core/fs/zfs/zfs.c +@@ -55,6 +55,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -773,11 +774,14 @@ fill_vdev_info (struct grub_zfs_data *data, + if (data->n_devices_attached > data->n_devices_allocated) + { + void *tmp; +- data->n_devices_allocated = 2 * data->n_devices_attached + 1; +- data->devices_attached +- = grub_realloc (tmp = data->devices_attached, +- data->n_devices_allocated +- * sizeof (data->devices_attached[0])); ++ grub_size_t sz; ++ ++ if (grub_mul (data->n_devices_attached, 2, &data->n_devices_allocated) || ++ grub_add (data->n_devices_allocated, 1, &data->n_devices_allocated) || ++ grub_mul (data->n_devices_allocated, sizeof (data->devices_attached[0]), &sz)) ++ return GRUB_ERR_OUT_OF_RANGE; ++ ++ data->devices_attached = grub_realloc (tmp = data->devices_attached, sz); + if (!data->devices_attached) + { + data->devices_attached = tmp; +@@ -3468,14 +3472,18 @@ grub_zfs_nvlist_lookup_nvlist (const char *nvlist, const char *name) + { + char *nvpair; + char *ret; +- grub_size_t size; ++ grub_size_t size, sz; + int found; + + found = nvlist_find_value (nvlist, name, DATA_TYPE_NVLIST, &nvpair, + &size, 0); + if (!found) + return 0; +- ret = grub_zalloc (size + 3 * sizeof (grub_uint32_t)); ++ ++ if (grub_add (size, 3 * sizeof (grub_uint32_t), &sz)) ++ return 0; ++ ++ ret = grub_zalloc (sz); + if (!ret) + return 0; + grub_memcpy (ret, nvlist, sizeof (grub_uint32_t)); +diff --git a/grub-core/fs/zfs/zfscrypt.c b/grub-core/fs/zfs/zfscrypt.c +index 87eef621d..f8488c353 100644 +--- a/grub-core/fs/zfs/zfscrypt.c ++++ b/grub-core/fs/zfs/zfscrypt.c +@@ -22,6 +22,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -82,9 +83,13 @@ grub_zfs_add_key (grub_uint8_t *key_in, + int passphrase) + { + struct grub_zfs_wrap_key *key; ++ grub_size_t sz; ++ + if (!passphrase && keylen > 32) + keylen = 32; +- key = grub_malloc (sizeof (*key) + keylen); ++ if (grub_add (sizeof (*key), keylen, &sz)) ++ return GRUB_ERR_OUT_OF_RANGE; ++ key = grub_malloc (sz); + if (!key) + return grub_errno; + key->is_passphrase = passphrase; +diff --git a/grub-core/lib/arg.c b/grub-core/lib/arg.c +index fd7744a6f..3288609a5 100644 +--- a/grub-core/lib/arg.c ++++ b/grub-core/lib/arg.c +@@ -23,6 +23,7 @@ + #include + #include + #include ++#include + + /* Built-in parser for default options. */ + static const struct grub_arg_option help_options[] = +@@ -216,7 +217,13 @@ static inline grub_err_t + add_arg (char ***argl, int *num, char *s) + { + char **p = *argl; +- *argl = grub_realloc (*argl, (++(*num) + 1) * sizeof (char *)); ++ grub_size_t sz; ++ ++ if (grub_add (++(*num), 1, &sz) || ++ grub_mul (sz, sizeof (char *), &sz)) ++ return grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); ++ ++ *argl = grub_realloc (*argl, sz); + if (! *argl) + { + grub_free (p); +@@ -431,6 +438,7 @@ grub_arg_list_alloc(grub_extcmd_t extcmd, int argc, + grub_size_t argcnt; + struct grub_arg_list *list; + const struct grub_arg_option *options; ++ grub_size_t sz0, sz1; + + options = extcmd->options; + if (! options) +@@ -443,7 +451,15 @@ grub_arg_list_alloc(grub_extcmd_t extcmd, int argc, + argcnt += ((grub_size_t) argc + 1) / 2 + 1; /* max possible for any option */ + } + +- list = grub_zalloc (sizeof (*list) * i + sizeof (char*) * argcnt); ++ if (grub_mul (sizeof (*list), i, &sz0) || ++ grub_mul (sizeof (char *), argcnt, &sz1) || ++ grub_add (sz0, sz1, &sz0)) ++ { ++ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); ++ return 0; ++ } ++ ++ list = grub_zalloc (sz0); + if (! list) + return 0; + +diff --git a/grub-core/loader/i386/bsd.c b/grub-core/loader/i386/bsd.c +index 87709aa23..0f317632a 100644 +--- a/grub-core/loader/i386/bsd.c ++++ b/grub-core/loader/i386/bsd.c +@@ -35,6 +35,7 @@ + #include + #include + #include ++#include + #ifdef GRUB_MACHINE_PCBIOS + #include + #endif +@@ -1007,11 +1008,16 @@ grub_netbsd_add_modules (void) + struct grub_netbsd_btinfo_modules *mods; + unsigned i; + grub_err_t err; ++ grub_size_t sz; + + for (mod = netbsd_mods; mod; mod = mod->next) + modcnt++; + +- mods = grub_malloc (sizeof (*mods) + sizeof (mods->mods[0]) * modcnt); ++ if (grub_mul (modcnt, sizeof (mods->mods[0]), &sz) || ++ grub_add (sz, sizeof (*mods), &sz)) ++ return GRUB_ERR_OUT_OF_RANGE; ++ ++ mods = grub_malloc (sz); + if (!mods) + return grub_errno; + +diff --git a/grub-core/net/dns.c b/grub-core/net/dns.c +index e332d5eb4..906ec7d67 100644 +--- a/grub-core/net/dns.c ++++ b/grub-core/net/dns.c +@@ -22,6 +22,7 @@ + #include + #include + #include ++#include + + struct dns_cache_element + { +@@ -51,9 +52,15 @@ grub_net_add_dns_server (const struct grub_net_network_level_address *s) + { + int na = dns_servers_alloc * 2; + struct grub_net_network_level_address *ns; ++ grub_size_t sz; ++ + if (na < 8) + na = 8; +- ns = grub_realloc (dns_servers, na * sizeof (ns[0])); ++ ++ if (grub_mul (na, sizeof (ns[0]), &sz)) ++ return GRUB_ERR_OUT_OF_RANGE; ++ ++ ns = grub_realloc (dns_servers, sz); + if (!ns) + return grub_errno; + dns_servers_alloc = na; +diff --git a/grub-core/normal/charset.c b/grub-core/normal/charset.c +index d57fb72fa..4dfcc3107 100644 +--- a/grub-core/normal/charset.c ++++ b/grub-core/normal/charset.c +@@ -48,6 +48,7 @@ + #include + #include + #include ++#include + + #if HAVE_FONT_SOURCE + #include "widthspec.h" +@@ -464,6 +465,7 @@ grub_unicode_aglomerate_comb (const grub_uint32_t *in, grub_size_t inlen, + { + struct grub_unicode_combining *n; + unsigned j; ++ grub_size_t sz; + + if (!haveout) + continue; +@@ -477,10 +479,14 @@ grub_unicode_aglomerate_comb (const grub_uint32_t *in, grub_size_t inlen, + n = out->combining_inline; + else if (out->ncomb > (int) ARRAY_SIZE (out->combining_inline)) + { +- n = grub_realloc (out->combining_ptr, +- sizeof (n[0]) * (out->ncomb + 1)); ++ if (grub_add (out->ncomb, 1, &sz) || ++ grub_mul (sz, sizeof (n[0]), &sz)) ++ goto fail; ++ ++ n = grub_realloc (out->combining_ptr, sz); + if (!n) + { ++ fail: + grub_errno = GRUB_ERR_NONE; + continue; + } +diff --git a/grub-core/normal/cmdline.c b/grub-core/normal/cmdline.c +index c57242e2e..de03fe63b 100644 +--- a/grub-core/normal/cmdline.c ++++ b/grub-core/normal/cmdline.c +@@ -28,6 +28,7 @@ + #include + #include + #include ++#include + + static grub_uint32_t *kill_buf; + +@@ -307,12 +308,21 @@ cl_insert (struct cmdline_term *cl_terms, unsigned nterms, + if (len + (*llen) >= (*max_len)) + { + grub_uint32_t *nbuf; +- (*max_len) *= 2; +- nbuf = grub_realloc ((*buf), sizeof (grub_uint32_t) * (*max_len)); ++ grub_size_t sz; ++ ++ if (grub_mul (*max_len, 2, max_len) || ++ grub_mul (*max_len, sizeof (grub_uint32_t), &sz)) ++ { ++ grub_errno = GRUB_ERR_OUT_OF_RANGE; ++ goto fail; ++ } ++ ++ nbuf = grub_realloc ((*buf), sz); + if (nbuf) + (*buf) = nbuf; + else + { ++ fail: + grub_print_error (); + grub_errno = GRUB_ERR_NONE; + (*max_len) /= 2; +diff --git a/grub-core/normal/menu_entry.c b/grub-core/normal/menu_entry.c +index f31487c1f..de64a367c 100644 +--- a/grub-core/normal/menu_entry.c ++++ b/grub-core/normal/menu_entry.c +@@ -27,6 +27,7 @@ + #include + #include + #include ++#include + + enum update_mode + { +@@ -113,10 +114,18 @@ ensure_space (struct line *linep, int extra) + { + if (linep->max_len < linep->len + extra) + { +- linep->max_len = 2 * (linep->len + extra); +- linep->buf = grub_realloc (linep->buf, (linep->max_len + 1) * sizeof (linep->buf[0])); ++ grub_size_t sz0, sz1; ++ ++ if (grub_add (linep->len, extra, &sz0) || ++ grub_mul (sz0, 2, &sz0) || ++ grub_add (sz0, 1, &sz1) || ++ grub_mul (sz1, sizeof (linep->buf[0]), &sz1)) ++ return 0; ++ ++ linep->buf = grub_realloc (linep->buf, sz1); + if (! linep->buf) + return 0; ++ linep->max_len = sz0; + } + + return 1; +diff --git a/grub-core/script/argv.c b/grub-core/script/argv.c +index 217ec5d1e..5751fdd57 100644 +--- a/grub-core/script/argv.c ++++ b/grub-core/script/argv.c +@@ -20,6 +20,7 @@ + #include + #include + #include ++#include + + /* Return nearest power of two that is >= v. */ + static unsigned +@@ -81,11 +82,16 @@ int + grub_script_argv_next (struct grub_script_argv *argv) + { + char **p = argv->args; ++ grub_size_t sz; + + if (argv->args && argv->argc && argv->args[argv->argc - 1] == 0) + return 0; + +- p = grub_realloc (p, round_up_exp ((argv->argc + 2) * sizeof (char *))); ++ if (grub_add (argv->argc, 2, &sz) || ++ grub_mul (sz, sizeof (char *), &sz)) ++ return 1; ++ ++ p = grub_realloc (p, round_up_exp (sz)); + if (! p) + return 1; + +@@ -105,13 +111,19 @@ grub_script_argv_append (struct grub_script_argv *argv, const char *s, + { + grub_size_t a; + char *p = argv->args[argv->argc - 1]; ++ grub_size_t sz; + + if (! s) + return 0; + + a = p ? grub_strlen (p) : 0; + +- p = grub_realloc (p, round_up_exp ((a + slen + 1) * sizeof (char))); ++ if (grub_add (a, slen, &sz) || ++ grub_add (sz, 1, &sz) || ++ grub_mul (sz, sizeof (char), &sz)) ++ return 1; ++ ++ p = grub_realloc (p, round_up_exp (sz)); + if (! p) + return 1; + +diff --git a/grub-core/script/lexer.c b/grub-core/script/lexer.c +index c6bd3172f..5fb0cbd0b 100644 +--- a/grub-core/script/lexer.c ++++ b/grub-core/script/lexer.c +@@ -24,6 +24,7 @@ + #include + #include + #include ++#include + + #define yytext_ptr char * + #include "grub_script.tab.h" +@@ -110,10 +111,14 @@ grub_script_lexer_record (struct grub_parser_param *parser, char *str) + old = lexer->recording; + if (lexer->recordlen < len) + lexer->recordlen = len; +- lexer->recordlen *= 2; ++ ++ if (grub_mul (lexer->recordlen, 2, &lexer->recordlen)) ++ goto fail; ++ + lexer->recording = grub_realloc (lexer->recording, lexer->recordlen); + if (!lexer->recording) + { ++ fail: + grub_free (old); + lexer->recordpos = 0; + lexer->recordlen = 0; +@@ -130,7 +135,7 @@ int + grub_script_lexer_yywrap (struct grub_parser_param *parserstate, + const char *input) + { +- grub_size_t len = 0; ++ grub_size_t len = 0, sz; + char *p = 0; + char *line = 0; + YY_BUFFER_STATE buffer; +@@ -168,12 +173,22 @@ grub_script_lexer_yywrap (struct grub_parser_param *parserstate, + } + else if (len && line[len - 1] != '\n') + { +- p = grub_realloc (line, len + 2); ++ if (grub_add (len, 2, &sz)) ++ { ++ grub_free (line); ++ grub_script_yyerror (parserstate, N_("overflow is detected")); ++ return 1; ++ } ++ ++ p = grub_realloc (line, sz); + if (p) + { + p[len++] = '\n'; + p[len] = '\0'; + } ++ else ++ grub_free (line); ++ + line = p; + } + +diff --git a/grub-core/video/bitmap.c b/grub-core/video/bitmap.c +index b2e031566..6256e209a 100644 +--- a/grub-core/video/bitmap.c ++++ b/grub-core/video/bitmap.c +@@ -23,6 +23,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -58,7 +59,7 @@ grub_video_bitmap_create (struct grub_video_bitmap **bitmap, + enum grub_video_blit_format blit_format) + { + struct grub_video_mode_info *mode_info; +- unsigned int size; ++ grub_size_t size; + + if (!bitmap) + return grub_error (GRUB_ERR_BUG, "invalid argument"); +@@ -137,19 +138,25 @@ grub_video_bitmap_create (struct grub_video_bitmap **bitmap, + + mode_info->pitch = width * mode_info->bytes_per_pixel; + +- /* Calculate size needed for the data. */ +- size = (width * mode_info->bytes_per_pixel) * height; ++ /* Calculate size needed for the data. */ ++ if (grub_mul (width, mode_info->bytes_per_pixel, &size) || ++ grub_mul (size, height, &size)) ++ { ++ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); ++ goto fail; ++ } + + (*bitmap)->data = grub_zalloc (size); + if (! (*bitmap)->data) +- { +- grub_free (*bitmap); +- *bitmap = 0; +- +- return grub_errno; +- } ++ goto fail; + + return GRUB_ERR_NONE; ++ ++ fail: ++ grub_free (*bitmap); ++ *bitmap = NULL; ++ ++ return grub_errno; + } + + /* Frees all resources allocated by bitmap. */ +diff --git a/grub-core/video/readers/png.c b/grub-core/video/readers/png.c +index e85df3c1b..719e647e4 100644 +--- a/grub-core/video/readers/png.c ++++ b/grub-core/video/readers/png.c +@@ -23,6 +23,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -301,9 +302,17 @@ grub_png_decode_image_header (struct grub_png_data *data) + data->bpp <<= 1; + + data->color_bits = color_bits; +- data->row_bytes = data->image_width * data->bpp; ++ ++ if (grub_mul (data->image_width, data->bpp, &data->row_bytes)) ++ return grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); ++ + if (data->color_bits <= 4) +- data->row_bytes = (data->image_width * data->color_bits + 7) / 8; ++ { ++ if (grub_mul (data->image_width, data->color_bits + 7, &data->row_bytes)) ++ return grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); ++ ++ data->row_bytes >>= 3; ++ } + + #ifndef GRUB_CPU_WORDS_BIGENDIAN + if (data->is_16bit || data->is_gray || data->is_palette) diff --git a/SOURCES/0286-iso9660-Don-t-leak-memory-on-realloc-failures.patch b/SOURCES/0286-iso9660-Don-t-leak-memory-on-realloc-failures.patch new file mode 100644 index 0000000..3360289 --- /dev/null +++ b/SOURCES/0286-iso9660-Don-t-leak-memory-on-realloc-failures.patch @@ -0,0 +1,66 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Sat, 4 Jul 2020 12:25:09 -0400 +Subject: [PATCH] iso9660: Don't leak memory on realloc() failures + +Signed-off-by: Peter Jones +Reviewed-by: Daniel Kiper +Upstream-commit-id: f2bd30b2fe7 +--- + grub-core/fs/iso9660.c | 24 ++++++++++++++++++++---- + 1 file changed, 20 insertions(+), 4 deletions(-) + +diff --git a/grub-core/fs/iso9660.c b/grub-core/fs/iso9660.c +index f45841e2b..6fc9302bc 100644 +--- a/grub-core/fs/iso9660.c ++++ b/grub-core/fs/iso9660.c +@@ -533,14 +533,20 @@ add_part (struct iterate_dir_ctx *ctx, + { + int size = ctx->symlink ? grub_strlen (ctx->symlink) : 0; + grub_size_t sz; ++ char *new; + + if (grub_add (size, len2, &sz) || + grub_add (sz, 1, &sz)) + return; + +- ctx->symlink = grub_realloc (ctx->symlink, sz); +- if (! ctx->symlink) +- return; ++ new = grub_realloc (ctx->symlink, sz); ++ if (!new) ++ { ++ grub_free (ctx->symlink); ++ ctx->symlink = NULL; ++ return; ++ } ++ ctx->symlink = new; + + grub_memcpy (ctx->symlink + size, part, len2); + ctx->symlink[size + len2] = 0; +@@ -634,7 +640,12 @@ susp_iterate_dir (struct grub_iso9660_susp_entry *entry, + is the length. Both are part of the `Component + Record'. */ + if (ctx->symlink && !ctx->was_continue) +- add_part (ctx, "/", 1); ++ { ++ add_part (ctx, "/", 1); ++ if (grub_errno) ++ return grub_errno; ++ } ++ + add_part (ctx, (char *) &entry->data[pos + 2], + entry->data[pos + 1]); + ctx->was_continue = (entry->data[pos] & 1); +@@ -653,6 +664,11 @@ susp_iterate_dir (struct grub_iso9660_susp_entry *entry, + add_part (ctx, "/", 1); + break; + } ++ ++ /* Check if grub_realloc() failed in add_part(). */ ++ if (grub_errno) ++ return grub_errno; ++ + /* In pos + 1 the length of the `Component Record' is + stored. */ + pos += entry->data[pos + 1] + 2; diff --git a/SOURCES/0287-font-Do-not-load-more-than-one-NAME-section.patch b/SOURCES/0287-font-Do-not-load-more-than-one-NAME-section.patch new file mode 100644 index 0000000..043a1f0 --- /dev/null +++ b/SOURCES/0287-font-Do-not-load-more-than-one-NAME-section.patch @@ -0,0 +1,35 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Kiper +Date: Tue, 7 Jul 2020 15:36:26 +0200 +Subject: [PATCH] font: Do not load more than one NAME section + +The GRUB font file can have one NAME section only. Though if somebody +crafts a broken font file with many NAME sections and loads it then the +GRUB leaks memory. So, prevent against that by loading first NAME +section and failing in controlled way on following one. + +Reported-by: Chris Coulson +Signed-off-by: Daniel Kiper +Reviewed-by: Jan Setje-Eilers +Upstream-commit-id: 482814113dc +--- + grub-core/font/font.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/grub-core/font/font.c b/grub-core/font/font.c +index d63354fb5..a7b955a1a 100644 +--- a/grub-core/font/font.c ++++ b/grub-core/font/font.c +@@ -532,6 +532,12 @@ grub_font_load (const char *filename) + if (grub_memcmp (section.name, FONT_FORMAT_SECTION_NAMES_FONT_NAME, + sizeof (FONT_FORMAT_SECTION_NAMES_FONT_NAME) - 1) == 0) + { ++ if (font->name != NULL) ++ { ++ grub_error (GRUB_ERR_BAD_FONT, "invalid font file: too many NAME sections"); ++ goto fail; ++ } ++ + font->name = read_section_as_string (§ion); + if (!font->name) + goto fail; diff --git a/SOURCES/0288-gfxmenu-Fix-double-free-in-load_image.patch b/SOURCES/0288-gfxmenu-Fix-double-free-in-load_image.patch new file mode 100644 index 0000000..0e0d1c6 --- /dev/null +++ b/SOURCES/0288-gfxmenu-Fix-double-free-in-load_image.patch @@ -0,0 +1,33 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Alexey Makhalov +Date: Wed, 8 Jul 2020 20:41:56 +0000 +Subject: [PATCH] gfxmenu: Fix double free in load_image() + +self->bitmap should be zeroed after free. Otherwise, there is a chance +to double free (USE_AFTER_FREE) it later in rescale_image(). + +Fixes: CID 292472 + +Signed-off-by: Alexey Makhalov +Reviewed-by: Daniel Kiper +Upstream-commit-id: 5d3e84b15a4 +--- + grub-core/gfxmenu/gui_image.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/grub-core/gfxmenu/gui_image.c b/grub-core/gfxmenu/gui_image.c +index 29784ed2d..6b2e976f1 100644 +--- a/grub-core/gfxmenu/gui_image.c ++++ b/grub-core/gfxmenu/gui_image.c +@@ -195,7 +195,10 @@ load_image (grub_gui_image_t self, const char *path) + return grub_errno; + + if (self->bitmap && (self->bitmap != self->raw_bitmap)) +- grub_video_bitmap_destroy (self->bitmap); ++ { ++ grub_video_bitmap_destroy (self->bitmap); ++ self->bitmap = 0; ++ } + if (self->raw_bitmap) + grub_video_bitmap_destroy (self->raw_bitmap); + diff --git a/SOURCES/0289-xnu-Fix-double-free-in-grub_xnu_devprop_add_property.patch b/SOURCES/0289-xnu-Fix-double-free-in-grub_xnu_devprop_add_property.patch new file mode 100644 index 0000000..fc4fe29 --- /dev/null +++ b/SOURCES/0289-xnu-Fix-double-free-in-grub_xnu_devprop_add_property.patch @@ -0,0 +1,53 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Alexey Makhalov +Date: Wed, 8 Jul 2020 21:30:43 +0000 +Subject: [PATCH] xnu: Fix double free in grub_xnu_devprop_add_property() + +grub_xnu_devprop_add_property() should not free utf8 and utf16 as it get +allocated and freed in the caller. + +Minor improvement: do prop fields initialization after memory allocations. + +Fixes: CID 292442, CID 292457, CID 292460, CID 292466 + +Signed-off-by: Alexey Makhalov +Reviewed-by: Daniel Kiper +Upstream-commit-id: 4d5e2d13519 +--- + grub-core/loader/i386/xnu.c | 19 +++++++++---------- + 1 file changed, 9 insertions(+), 10 deletions(-) + +diff --git a/grub-core/loader/i386/xnu.c b/grub-core/loader/i386/xnu.c +index ee0eaadc4..c760db30f 100644 +--- a/grub-core/loader/i386/xnu.c ++++ b/grub-core/loader/i386/xnu.c +@@ -262,20 +262,19 @@ grub_xnu_devprop_add_property (struct grub_xnu_devprop_device_descriptor *dev, + if (!prop) + return grub_errno; + ++ prop->data = grub_malloc (datalen); ++ if (!prop->data) ++ { ++ grub_free (prop); ++ return grub_errno; ++ } ++ grub_memcpy (prop->data, data, datalen); ++ + prop->name = utf8; + prop->name16 = utf16; + prop->name16len = utf16len; +- + prop->length = datalen; +- prop->data = grub_malloc (prop->length); +- if (!prop->data) +- { +- grub_free (prop->name); +- grub_free (prop->name16); +- grub_free (prop); +- return grub_errno; +- } +- grub_memcpy (prop->data, data, prop->length); ++ + grub_list_push (GRUB_AS_LIST_P (&dev->properties), + GRUB_AS_LIST (prop)); + return GRUB_ERR_NONE; diff --git a/SOURCES/0290-lzma-Make-sure-we-don-t-dereference-past-array.patch b/SOURCES/0290-lzma-Make-sure-we-don-t-dereference-past-array.patch new file mode 100644 index 0000000..b1346ac --- /dev/null +++ b/SOURCES/0290-lzma-Make-sure-we-don-t-dereference-past-array.patch @@ -0,0 +1,49 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Konrad Rzeszutek Wilk +Date: Thu, 9 Jul 2020 03:05:23 +0000 +Subject: [PATCH] lzma: Make sure we don't dereference past array + +The two dimensional array p->posSlotEncoder[4][64] is being dereferenced +using the GetLenToPosState() macro which checks if len is less than 5, +and if so subtracts 2 from it. If len = 0, that is 0 - 2 = 4294967294. +Obviously we don't want to dereference that far out so we check if the +position found is greater or equal kNumLenToPosStates (4) and bail out. + +N.B.: Upstream LZMA 18.05 and later has this function completely rewritten +without any history. + +Fixes: CID 51526 + +Signed-off-by: Konrad Rzeszutek Wilk +Reviewed-by: Daniel Kiper +Upstream-commit-id: f91e043bda4 +--- + grub-core/lib/LzmaEnc.c | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) + +diff --git a/grub-core/lib/LzmaEnc.c b/grub-core/lib/LzmaEnc.c +index f2ec04a8c..753e56a95 100644 +--- a/grub-core/lib/LzmaEnc.c ++++ b/grub-core/lib/LzmaEnc.c +@@ -1877,13 +1877,19 @@ static SRes LzmaEnc_CodeOneBlock(CLzmaEnc *p, Bool useLimits, UInt32 maxPackSize + } + else + { +- UInt32 posSlot; ++ UInt32 posSlot, lenToPosState; + RangeEnc_EncodeBit(&p->rc, &p->isRep[p->state], 0); + p->state = kMatchNextStates[p->state]; + LenEnc_Encode2(&p->lenEnc, &p->rc, len - LZMA_MATCH_LEN_MIN, posState, !p->fastMode, p->ProbPrices); + pos -= LZMA_NUM_REPS; + GetPosSlot(pos, posSlot); +- RcTree_Encode(&p->rc, p->posSlotEncoder[GetLenToPosState(len)], kNumPosSlotBits, posSlot); ++ lenToPosState = GetLenToPosState(len); ++ if (lenToPosState >= kNumLenToPosStates) ++ { ++ p->result = SZ_ERROR_DATA; ++ return CheckErrors(p); ++ } ++ RcTree_Encode(&p->rc, p->posSlotEncoder[lenToPosState], kNumPosSlotBits, posSlot); + + if (posSlot >= kStartPosModelIndex) + { diff --git a/SOURCES/0291-term-Fix-overflow-on-user-inputs.patch b/SOURCES/0291-term-Fix-overflow-on-user-inputs.patch new file mode 100644 index 0000000..031f348 --- /dev/null +++ b/SOURCES/0291-term-Fix-overflow-on-user-inputs.patch @@ -0,0 +1,63 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Konrad Rzeszutek Wilk +Date: Tue, 7 Jul 2020 15:12:25 -0400 +Subject: [PATCH] term: Fix overflow on user inputs + +This requires a very weird input from the serial interface but can cause +an overflow in input_buf (keys) overwriting the next variable (npending) +with the user choice: + +(pahole output) + +struct grub_terminfo_input_state { + int input_buf[6]; /* 0 24 */ + int npending; /* 24 4 */ <- CORRUPT + ...snip... + +The magic string requires causing this is "ESC,O,],0,1,2,q" and we overflow +npending with "q" (aka increase npending to 161). The simplest fix is to +just to disallow overwrites input_buf, which exactly what this patch does. + +Fixes: CID 292449 + +Signed-off-by: Konrad Rzeszutek Wilk +Reviewed-by: Daniel Kiper +Upstream-commit-id: 98dfa546777 +--- + grub-core/term/terminfo.c | 9 ++++++--- + 1 file changed, 6 insertions(+), 3 deletions(-) + +diff --git a/grub-core/term/terminfo.c b/grub-core/term/terminfo.c +index 537a5c0cb..44d0b3b19 100644 +--- a/grub-core/term/terminfo.c ++++ b/grub-core/term/terminfo.c +@@ -398,7 +398,7 @@ grub_terminfo_getwh (struct grub_term_output *term) + } + + static void +-grub_terminfo_readkey (struct grub_term_input *term, int *keys, int *len, ++grub_terminfo_readkey (struct grub_term_input *term, int *keys, int *len, int max_len, + int (*readkey) (struct grub_term_input *term)) + { + int c; +@@ -414,6 +414,9 @@ grub_terminfo_readkey (struct grub_term_input *term, int *keys, int *len, + if (c == -1) \ + return; \ + \ ++ if (*len >= max_len) \ ++ return; \ ++ \ + keys[*len] = c; \ + (*len)++; \ + } +@@ -602,8 +605,8 @@ grub_terminfo_getkey (struct grub_term_input *termi) + return ret; + } + +- grub_terminfo_readkey (termi, data->input_buf, +- &data->npending, data->readkey); ++ grub_terminfo_readkey (termi, data->input_buf, &data->npending, ++ GRUB_TERMINFO_READKEY_MAX_LEN, data->readkey); + + #if defined(__powerpc__) && defined(GRUB_MACHINE_IEEE1275) + if (data->npending == 1 && data->input_buf[0] == GRUB_TERM_ESC diff --git a/SOURCES/0292-udf-Fix-memory-leak.patch b/SOURCES/0292-udf-Fix-memory-leak.patch new file mode 100644 index 0000000..13427d6 --- /dev/null +++ b/SOURCES/0292-udf-Fix-memory-leak.patch @@ -0,0 +1,53 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Konrad Rzeszutek Wilk +Date: Tue, 7 Jul 2020 22:02:31 -0400 +Subject: [PATCH] udf: Fix memory leak + +Fixes: CID 73796 + +Signed-off-by: Konrad Rzeszutek Wilk +Reviewed-by: Daniel Kiper +Reviewed-by: Jan Setje-Eilers +Upstream-commit-id: 8da62d8183c +--- + grub-core/fs/udf.c | 17 +++++++++++++---- + 1 file changed, 13 insertions(+), 4 deletions(-) + +diff --git a/grub-core/fs/udf.c b/grub-core/fs/udf.c +index be41b48f9..6670beb56 100644 +--- a/grub-core/fs/udf.c ++++ b/grub-core/fs/udf.c +@@ -965,8 +965,10 @@ grub_udf_iterate_dir (grub_fshelp_node_t dir, + return 0; + + if (grub_udf_read_icb (dir->data, &dirent.icb, child)) +- return 0; +- ++ { ++ grub_free (child); ++ return 0; ++ } + if (dirent.characteristics & GRUB_UDF_FID_CHAR_PARENT) + { + /* This is the parent directory. */ +@@ -988,11 +990,18 @@ grub_udf_iterate_dir (grub_fshelp_node_t dir, + dirent.file_ident_length, + (char *) raw)) + != dirent.file_ident_length) +- return 0; ++ { ++ grub_free (child); ++ return 0; ++ } + + filename = read_string (raw, dirent.file_ident_length, 0); + if (!filename) +- grub_print_error (); ++ { ++ /* As the hook won't get called. */ ++ grub_free (child); ++ grub_print_error (); ++ } + + if (filename && hook (filename, type, child, hook_data)) + { diff --git a/SOURCES/0293-multiboot2-Fix-memory-leak-if-grub_create_loader_cmd.patch b/SOURCES/0293-multiboot2-Fix-memory-leak-if-grub_create_loader_cmd.patch new file mode 100644 index 0000000..b464aaa --- /dev/null +++ b/SOURCES/0293-multiboot2-Fix-memory-leak-if-grub_create_loader_cmd.patch @@ -0,0 +1,44 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Konrad Rzeszutek Wilk +Date: Fri, 26 Jun 2020 10:51:43 -0400 +Subject: [PATCH] multiboot2: Fix memory leak if grub_create_loader_cmdline() + fails + +Fixes: CID 292468 + +Signed-off-by: Konrad Rzeszutek Wilk +Reviewed-by: Daniel Kiper +Upstream-commit-id: cd6760b6289 +--- + grub-core/loader/multiboot_mbi2.c | 11 +++++++++-- + 1 file changed, 9 insertions(+), 2 deletions(-) + +diff --git a/grub-core/loader/multiboot_mbi2.c b/grub-core/loader/multiboot_mbi2.c +index 54078455e..872dcd42e 100644 +--- a/grub-core/loader/multiboot_mbi2.c ++++ b/grub-core/loader/multiboot_mbi2.c +@@ -1089,6 +1089,7 @@ grub_multiboot2_add_module (grub_addr_t start, grub_size_t size, + { + struct module *newmod; + grub_size_t len = 0; ++ grub_err_t err = 0; + + newmod = grub_malloc (sizeof (*newmod)); + if (!newmod) +@@ -1107,8 +1108,14 @@ grub_multiboot2_add_module (grub_addr_t start, grub_size_t size, + newmod->cmdline_size = len; + total_modcmd += ALIGN_UP (len, MULTIBOOT_TAG_ALIGN); + +- grub_create_loader_cmdline (argc, argv, newmod->cmdline, +- newmod->cmdline_size); ++ err = grub_create_loader_cmdline (argc, argv, newmod->cmdline, ++ newmod->cmdline_size); ++ if (err) ++ { ++ grub_free (newmod->cmdline); ++ grub_free (newmod); ++ return err; ++ } + + if (modules_last) + modules_last->next = newmod; diff --git a/SOURCES/0294-tftp-Do-not-use-priority-queue.patch b/SOURCES/0294-tftp-Do-not-use-priority-queue.patch new file mode 100644 index 0000000..38d1523 --- /dev/null +++ b/SOURCES/0294-tftp-Do-not-use-priority-queue.patch @@ -0,0 +1,286 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Alexey Makhalov +Date: Thu, 9 Jul 2020 08:10:40 +0000 +Subject: [PATCH] tftp: Do not use priority queue + +There is not need to reassemble the order of blocks. Per RFC 1350, +server must wait for the ACK, before sending next block. Data packets +can be served immediately without putting them to priority queue. + +Logic to handle incoming packet is this: + - if packet block id equal to expected block id, then + process the packet, + - if packet block id is less than expected - this is retransmit + of old packet, then ACK it and drop the packet, + - if packet block id is more than expected - that shouldn't + happen, just drop the packet. + +It makes the tftp receive path code simpler, smaller and faster. +As a benefit, this change fixes CID# 73624 and CID# 96690, caused +by following while loop: + + while (cmp_block (grub_be_to_cpu16 (tftph->u.data.block), data->block + 1) == 0) + +where tftph pointer is not moving from one iteration to another, causing +to serve same packet again. Luckily, double serving didn't happen due to +data->block++ during the first iteration. + +Fixes: CID 73624, CID 96690 + +Signed-off-by: Alexey Makhalov +Reviewed-by: Daniel Kiper +Upstream-commit-id: 8316694c4f7 +--- + grub-core/net/tftp.c | 174 ++++++++++++++++----------------------------------- + 1 file changed, 54 insertions(+), 120 deletions(-) + +diff --git a/grub-core/net/tftp.c b/grub-core/net/tftp.c +index e267af354..79c16f9b0 100644 +--- a/grub-core/net/tftp.c ++++ b/grub-core/net/tftp.c +@@ -25,7 +25,6 @@ + #include + #include + #include +-#include + #include + + GRUB_MOD_LICENSE ("GPLv3+"); +@@ -106,31 +105,8 @@ typedef struct tftp_data + int have_oack; + struct grub_error_saved save_err; + grub_net_udp_socket_t sock; +- grub_priority_queue_t pq; + } *tftp_data_t; + +-static int +-cmp_block (grub_uint16_t a, grub_uint16_t b) +-{ +- grub_int16_t i = (grub_int16_t) (a - b); +- if (i > 0) +- return +1; +- if (i < 0) +- return -1; +- return 0; +-} +- +-static int +-cmp (const void *a__, const void *b__) +-{ +- struct grub_net_buff *a_ = *(struct grub_net_buff **) a__; +- struct grub_net_buff *b_ = *(struct grub_net_buff **) b__; +- struct tftphdr *a = (struct tftphdr *) a_->data; +- struct tftphdr *b = (struct tftphdr *) b_->data; +- /* We want the first elements to be on top. */ +- return -cmp_block (grub_be_to_cpu16 (a->u.data.block), grub_be_to_cpu16 (b->u.data.block)); +-} +- + static grub_err_t + ack (tftp_data_t data, grub_uint64_t block) + { +@@ -207,73 +183,60 @@ tftp_receive (grub_net_udp_socket_t sock __attribute__ ((unused)), + return GRUB_ERR_NONE; + } + +- err = grub_priority_queue_push (data->pq, &nb); +- if (err) +- return err; ++ /* Ack old/retransmitted block. */ ++ if (grub_be_to_cpu16 (tftph->u.data.block) < data->block + 1) ++ ack (data, grub_be_to_cpu16 (tftph->u.data.block)); ++ /* Ignore unexpected block. */ ++ else if (grub_be_to_cpu16 (tftph->u.data.block) > data->block + 1) ++ grub_dprintf ("tftp", "TFTP unexpected block # %d\n", tftph->u.data.block); ++ else ++ { ++ unsigned size; + +- { +- struct grub_net_buff **nb_top_p, *nb_top; +- while (1) +- { +- nb_top_p = grub_priority_queue_top (data->pq); +- if (!nb_top_p) +- return GRUB_ERR_NONE; +- nb_top = *nb_top_p; +- tftph = (struct tftphdr *) nb_top->data; +- if (cmp_block (grub_be_to_cpu16 (tftph->u.data.block), data->block + 1) >= 0) +- break; +- ack (data, grub_be_to_cpu16 (tftph->u.data.block)); +- grub_netbuff_free (nb_top); +- grub_priority_queue_pop (data->pq); +- } +- while (cmp_block (grub_be_to_cpu16 (tftph->u.data.block), data->block + 1) == 0) +- { +- unsigned size; +- +- grub_priority_queue_pop (data->pq); +- +- if (file->device->net->packs.count < 50) ++ if (file->device->net->packs.count < 50) ++ { + err = ack (data, data->block + 1); +- else +- { +- file->device->net->stall = 1; +- err = 0; +- } +- if (err) +- return err; ++ if (err) ++ return err; ++ } ++ else ++ file->device->net->stall = 1; + +- err = grub_netbuff_pull (nb_top, sizeof (tftph->opcode) + +- sizeof (tftph->u.data.block)); +- if (err) +- return err; +- size = nb_top->tail - nb_top->data; ++ err = grub_netbuff_pull (nb, sizeof (tftph->opcode) + ++ sizeof (tftph->u.data.block)); ++ if (err) ++ return err; ++ size = nb->tail - nb->data; + +- data->block++; +- if (size < data->block_size) +- { +- if (data->ack_sent < data->block) +- ack (data, data->block); +- file->device->net->eof = 1; +- file->device->net->stall = 1; +- grub_net_udp_close (data->sock); +- data->sock = NULL; +- } +- /* Prevent garbage in broken cards. Is it still necessary +- given that IP implementation has been fixed? +- */ +- if (size > data->block_size) +- { +- err = grub_netbuff_unput (nb_top, size - data->block_size); +- if (err) +- return err; +- } +- /* If there is data, puts packet in socket list. */ +- if ((nb_top->tail - nb_top->data) > 0) +- grub_net_put_packet (&file->device->net->packs, nb_top); +- else +- grub_netbuff_free (nb_top); +- } +- } ++ data->block++; ++ if (size < data->block_size) ++ { ++ if (data->ack_sent < data->block) ++ ack (data, data->block); ++ file->device->net->eof = 1; ++ file->device->net->stall = 1; ++ grub_net_udp_close (data->sock); ++ data->sock = NULL; ++ } ++ /* ++ * Prevent garbage in broken cards. Is it still necessary ++ * given that IP implementation has been fixed? ++ */ ++ if (size > data->block_size) ++ { ++ err = grub_netbuff_unput (nb, size - data->block_size); ++ if (err) ++ return err; ++ } ++ /* If there is data, puts packet in socket list. */ ++ if ((nb->tail - nb->data) > 0) ++ { ++ grub_net_put_packet (&file->device->net->packs, nb); ++ /* Do not free nb. */ ++ return GRUB_ERR_NONE; ++ } ++ } ++ grub_netbuff_free (nb); + return GRUB_ERR_NONE; + case TFTP_ERROR: + data->have_oack = 1; +@@ -287,22 +250,10 @@ tftp_receive (grub_net_udp_socket_t sock __attribute__ ((unused)), + } + } + +-static void +-destroy_pq (tftp_data_t data) +-{ +- struct grub_net_buff **nb_p; +- while ((nb_p = grub_priority_queue_top (data->pq))) +- { +- grub_netbuff_free (*nb_p); +- grub_priority_queue_pop (data->pq); +- } +- +- grub_priority_queue_destroy (data->pq); +-} +- +-/* Create a normalized copy of the filename. +- Compress any string of consecutive forward slashes to a single forward +- slash. */ ++/* ++ * Create a normalized copy of the filename. Compress any string of consecutive ++ * forward slashes to a single forward slash. ++ */ + static void + grub_normalize_filename (char *normalized, const char *filename) + { +@@ -395,22 +346,9 @@ tftp_open (struct grub_file *file, const char *filename) + file->not_easily_seekable = 1; + file->data = data; + +- data->pq = grub_priority_queue_new (sizeof (struct grub_net_buff *), cmp); +- if (!data->pq) +- { +- grub_free (data); +- return grub_errno; +- } +- +- grub_dprintf("tftp", "resolving address for %s\n", file->device->net->server); + err = grub_net_resolve_address (file->device->net->server, &addr); + if (err) + { +- grub_dprintf ("tftp", "Address resolution failed: %d\n", err); +- grub_dprintf ("tftp", "file_size is %llu, block_size is %llu\n", +- (unsigned long long)data->file_size, +- (unsigned long long)data->block_size); +- destroy_pq (data); + grub_free (data); + return err; + } +@@ -422,7 +360,6 @@ tftp_open (struct grub_file *file, const char *filename) + if (!data->sock) + { + grub_dprintf("tftp", "connection failed\n"); +- destroy_pq (data); + grub_free (data); + return grub_errno; + } +@@ -436,7 +373,6 @@ tftp_open (struct grub_file *file, const char *filename) + if (err) + { + grub_net_udp_close (data->sock); +- destroy_pq (data); + grub_free (data); + return err; + } +@@ -453,7 +389,6 @@ tftp_open (struct grub_file *file, const char *filename) + if (grub_errno) + { + grub_net_udp_close (data->sock); +- destroy_pq (data); + grub_free (data); + return grub_errno; + } +@@ -496,7 +431,6 @@ tftp_close (struct grub_file *file) + grub_print_error (); + grub_net_udp_close (data->sock); + } +- destroy_pq (data); + grub_free (data); + return GRUB_ERR_NONE; + } diff --git a/SOURCES/0295-relocator-Protect-grub_relocator_alloc_chunk_addr-in.patch b/SOURCES/0295-relocator-Protect-grub_relocator_alloc_chunk_addr-in.patch new file mode 100644 index 0000000..7a03461 --- /dev/null +++ b/SOURCES/0295-relocator-Protect-grub_relocator_alloc_chunk_addr-in.patch @@ -0,0 +1,147 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Alexey Makhalov +Date: Wed, 15 Jul 2020 06:42:37 +0000 +Subject: [PATCH] relocator: Protect grub_relocator_alloc_chunk_addr() input + args against integer underflow/overflow + +Use arithmetic macros from safemath.h to accomplish it. In this commit, +I didn't want to be too paranoid to check every possible math equation +for overflow/underflow. Only obvious places (with non zero chance of +overflow/underflow) were refactored. + +Signed-off-by: Alexey Makhalov +Reviewed-by: Daniel Kiper +Upstream-commit-id: ebb15735f10 +--- + grub-core/loader/i386/linux.c | 9 +++++++-- + grub-core/loader/i386/pc/linux.c | 9 +++++++-- + grub-core/loader/i386/xen.c | 12 ++++++++++-- + grub-core/loader/xnu.c | 11 +++++++---- + 4 files changed, 31 insertions(+), 10 deletions(-) + +diff --git a/grub-core/loader/i386/linux.c b/grub-core/loader/i386/linux.c +index 76304f057..b4a30f607 100644 +--- a/grub-core/loader/i386/linux.c ++++ b/grub-core/loader/i386/linux.c +@@ -37,6 +37,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -593,9 +594,13 @@ grub_linux_boot (void) + + { + grub_relocator_chunk_t ch; ++ grub_size_t sz; ++ ++ if (grub_add (ctx.real_size, efi_mmap_size, &sz)) ++ return GRUB_ERR_OUT_OF_RANGE; ++ + err = grub_relocator_alloc_chunk_addr (relocator, &ch, +- ctx.real_mode_target, +- (ctx.real_size + efi_mmap_size)); ++ ctx.real_mode_target, sz); + if (err) + return err; + real_mode_mem = get_virtual_current_address (ch); +diff --git a/grub-core/loader/i386/pc/linux.c b/grub-core/loader/i386/pc/linux.c +index 783a3cd93..540891371 100644 +--- a/grub-core/loader/i386/pc/linux.c ++++ b/grub-core/loader/i386/pc/linux.c +@@ -36,6 +36,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -231,8 +232,12 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + setup_sects = GRUB_LINUX_DEFAULT_SETUP_SECTS; + + real_size = setup_sects << GRUB_DISK_SECTOR_BITS; +- grub_linux16_prot_size = grub_file_size (file) +- - real_size - GRUB_DISK_SECTOR_SIZE; ++ if (grub_sub (grub_file_size (file), real_size, &grub_linux16_prot_size) || ++ grub_sub (grub_linux16_prot_size, GRUB_DISK_SECTOR_SIZE, &grub_linux16_prot_size)) ++ { ++ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); ++ goto fail; ++ } + + if (! grub_linux_is_bzimage + && GRUB_LINUX_ZIMAGE_ADDR + grub_linux16_prot_size +diff --git a/grub-core/loader/i386/xen.c b/grub-core/loader/i386/xen.c +index 3073f64d5..85b93347b 100644 +--- a/grub-core/loader/i386/xen.c ++++ b/grub-core/loader/i386/xen.c +@@ -40,6 +40,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -635,6 +636,7 @@ grub_cmd_xen (grub_command_t cmd __attribute__ ((unused)), + grub_relocator_chunk_t ch; + grub_addr_t kern_start; + grub_addr_t kern_end; ++ grub_size_t sz; + + if (argc == 0) + return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected")); +@@ -699,8 +701,14 @@ grub_cmd_xen (grub_command_t cmd __attribute__ ((unused)), + + xen_state.max_addr = ALIGN_UP (kern_end, PAGE_SIZE); + +- err = grub_relocator_alloc_chunk_addr (xen_state.relocator, &ch, kern_start, +- kern_end - kern_start); ++ ++ if (grub_sub (kern_end, kern_start, &sz)) ++ { ++ err = GRUB_ERR_OUT_OF_RANGE; ++ goto fail; ++ } ++ ++ err = grub_relocator_alloc_chunk_addr (xen_state.relocator, &ch, kern_start, sz); + if (err) + goto fail; + kern_chunk_src = get_virtual_current_address (ch); +diff --git a/grub-core/loader/xnu.c b/grub-core/loader/xnu.c +index dc7d5409e..2bf02489b 100644 +--- a/grub-core/loader/xnu.c ++++ b/grub-core/loader/xnu.c +@@ -34,6 +34,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -59,15 +60,17 @@ grub_xnu_heap_malloc (int size, void **src, grub_addr_t *target) + { + grub_err_t err; + grub_relocator_chunk_t ch; ++ grub_addr_t tgt; ++ ++ if (grub_add (grub_xnu_heap_target_start, grub_xnu_heap_size, &tgt)) ++ return GRUB_ERR_OUT_OF_RANGE; + +- err = grub_relocator_alloc_chunk_addr (grub_xnu_relocator, &ch, +- grub_xnu_heap_target_start +- + grub_xnu_heap_size, size); ++ err = grub_relocator_alloc_chunk_addr (grub_xnu_relocator, &ch, tgt, size); + if (err) + return err; + + *src = get_virtual_current_address (ch); +- *target = grub_xnu_heap_target_start + grub_xnu_heap_size; ++ *target = tgt; + grub_xnu_heap_size += size; + grub_dprintf ("xnu", "val=%p\n", *src); + return GRUB_ERR_NONE; diff --git a/SOURCES/0296-relocator-Protect-grub_relocator_alloc_chunk_align-m.patch b/SOURCES/0296-relocator-Protect-grub_relocator_alloc_chunk_align-m.patch new file mode 100644 index 0000000..abab3aa --- /dev/null +++ b/SOURCES/0296-relocator-Protect-grub_relocator_alloc_chunk_align-m.patch @@ -0,0 +1,335 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Alexey Makhalov +Date: Wed, 8 Jul 2020 01:44:38 +0000 +Subject: [PATCH] relocator: Protect grub_relocator_alloc_chunk_align() + max_addr against integer underflow + +This commit introduces integer underflow mitigation in max_addr calculation +in grub_relocator_alloc_chunk_align() invocation. + +It consists of 2 fixes: + 1. Introduced grub_relocator_alloc_chunk_align_safe() wrapper function to perform + sanity check for min/max and size values, and to make safe invocation of + grub_relocator_alloc_chunk_align() with validated max_addr value. Replace all + invocations such as grub_relocator_alloc_chunk_align(..., min_addr, max_addr - size, size, ...) + by grub_relocator_alloc_chunk_align_safe(..., min_addr, max_addr, size, ...). + 2. Introduced UP_TO_TOP32(s) macro for the cases where max_addr is 32-bit top + address (0xffffffff - size + 1) or similar. + +Signed-off-by: Alexey Makhalov +Reviewed-by: Daniel Kiper +Upstream-commit-id: 10498c8ba17 +--- + grub-core/lib/i386/relocator.c | 28 +++++++++++----------------- + grub-core/lib/mips/relocator.c | 6 ++---- + grub-core/lib/powerpc/relocator.c | 6 ++---- + grub-core/lib/x86_64/efi/relocator.c | 7 +++---- + grub-core/loader/i386/linux.c | 5 ++--- + grub-core/loader/i386/multiboot_mbi.c | 7 +++---- + grub-core/loader/i386/pc/linux.c | 6 ++---- + grub-core/loader/mips/linux.c | 9 +++------ + grub-core/loader/multiboot.c | 2 +- + grub-core/loader/multiboot_elfxx.c | 10 +++++----- + grub-core/loader/multiboot_mbi2.c | 10 +++++----- + grub-core/loader/xnu_resume.c | 2 +- + include/grub/relocator.h | 29 +++++++++++++++++++++++++++++ + 13 files changed, 69 insertions(+), 58 deletions(-) + +diff --git a/grub-core/lib/i386/relocator.c b/grub-core/lib/i386/relocator.c +index 71dd4f0ab..34cbe834f 100644 +--- a/grub-core/lib/i386/relocator.c ++++ b/grub-core/lib/i386/relocator.c +@@ -83,11 +83,10 @@ grub_relocator32_boot (struct grub_relocator *rel, + /* Specific memory range due to Global Descriptor Table for use by payload + that we will store in returned chunk. The address range and preference + are based on "THE LINUX/x86 BOOT PROTOCOL" specification. */ +- err = grub_relocator_alloc_chunk_align (rel, &ch, 0x1000, +- 0x9a000 - RELOCATOR_SIZEOF (32), +- RELOCATOR_SIZEOF (32), 16, +- GRUB_RELOCATOR_PREFERENCE_LOW, +- avoid_efi_bootservices); ++ err = grub_relocator_alloc_chunk_align_safe (rel, &ch, 0x1000, 0x9a000, ++ RELOCATOR_SIZEOF (32), 16, ++ GRUB_RELOCATOR_PREFERENCE_LOW, ++ avoid_efi_bootservices); + if (err) + return err; + +@@ -125,13 +124,10 @@ grub_relocator16_boot (struct grub_relocator *rel, + grub_relocator_chunk_t ch; + + /* Put it higher than the byte it checks for A20 check. */ +- err = grub_relocator_alloc_chunk_align (rel, &ch, 0x8010, +- 0xa0000 - RELOCATOR_SIZEOF (16) +- - GRUB_RELOCATOR16_STACK_SIZE, +- RELOCATOR_SIZEOF (16) +- + GRUB_RELOCATOR16_STACK_SIZE, 16, +- GRUB_RELOCATOR_PREFERENCE_NONE, +- 0); ++ err = grub_relocator_alloc_chunk_align_safe (rel, &ch, 0x8010, 0xa0000, ++ RELOCATOR_SIZEOF (16) + ++ GRUB_RELOCATOR16_STACK_SIZE, 16, ++ GRUB_RELOCATOR_PREFERENCE_NONE, 0); + if (err) + return err; + +@@ -183,11 +179,9 @@ grub_relocator64_boot (struct grub_relocator *rel, + void *relst; + grub_relocator_chunk_t ch; + +- err = grub_relocator_alloc_chunk_align (rel, &ch, min_addr, +- max_addr - RELOCATOR_SIZEOF (64), +- RELOCATOR_SIZEOF (64), 16, +- GRUB_RELOCATOR_PREFERENCE_NONE, +- 0); ++ err = grub_relocator_alloc_chunk_align_safe (rel, &ch, min_addr, max_addr, ++ RELOCATOR_SIZEOF (64), 16, ++ GRUB_RELOCATOR_PREFERENCE_NONE, 0); + if (err) + return err; + +diff --git a/grub-core/lib/mips/relocator.c b/grub-core/lib/mips/relocator.c +index 9d5f49cb9..743b213e6 100644 +--- a/grub-core/lib/mips/relocator.c ++++ b/grub-core/lib/mips/relocator.c +@@ -120,10 +120,8 @@ grub_relocator32_boot (struct grub_relocator *rel, + unsigned i; + grub_addr_t vtarget; + +- err = grub_relocator_alloc_chunk_align (rel, &ch, 0, +- (0xffffffff - stateset_size) +- + 1, stateset_size, +- sizeof (grub_uint32_t), ++ err = grub_relocator_alloc_chunk_align (rel, &ch, 0, UP_TO_TOP32 (stateset_size), ++ stateset_size, sizeof (grub_uint32_t), + GRUB_RELOCATOR_PREFERENCE_NONE, 0); + if (err) + return err; +diff --git a/grub-core/lib/powerpc/relocator.c b/grub-core/lib/powerpc/relocator.c +index bdf2b111b..8ffb8b686 100644 +--- a/grub-core/lib/powerpc/relocator.c ++++ b/grub-core/lib/powerpc/relocator.c +@@ -115,10 +115,8 @@ grub_relocator32_boot (struct grub_relocator *rel, + unsigned i; + grub_relocator_chunk_t ch; + +- err = grub_relocator_alloc_chunk_align (rel, &ch, 0, +- (0xffffffff - stateset_size) +- + 1, stateset_size, +- sizeof (grub_uint32_t), ++ err = grub_relocator_alloc_chunk_align (rel, &ch, 0, UP_TO_TOP32 (stateset_size), ++ stateset_size, sizeof (grub_uint32_t), + GRUB_RELOCATOR_PREFERENCE_NONE, 0); + if (err) + return err; +diff --git a/grub-core/lib/x86_64/efi/relocator.c b/grub-core/lib/x86_64/efi/relocator.c +index 3caef7a40..7d200a125 100644 +--- a/grub-core/lib/x86_64/efi/relocator.c ++++ b/grub-core/lib/x86_64/efi/relocator.c +@@ -50,10 +50,9 @@ grub_relocator64_efi_boot (struct grub_relocator *rel, + * 64-bit relocator code may live above 4 GiB quite well. + * However, I do not want ask for problems. Just in case. + */ +- err = grub_relocator_alloc_chunk_align (rel, &ch, 0, +- 0x100000000 - RELOCATOR_SIZEOF (64_efi), +- RELOCATOR_SIZEOF (64_efi), 16, +- GRUB_RELOCATOR_PREFERENCE_NONE, 1); ++ err = grub_relocator_alloc_chunk_align_safe (rel, &ch, 0, 0x100000000, ++ RELOCATOR_SIZEOF (64_efi), 16, ++ GRUB_RELOCATOR_PREFERENCE_NONE, 1); + if (err) + return err; + +diff --git a/grub-core/loader/i386/linux.c b/grub-core/loader/i386/linux.c +index b4a30f607..191f1631e 100644 +--- a/grub-core/loader/i386/linux.c ++++ b/grub-core/loader/i386/linux.c +@@ -231,9 +231,8 @@ allocate_pages (grub_size_t prot_size, grub_size_t *align, + for (; err && *align + 1 > min_align; (*align)--) + { + grub_errno = GRUB_ERR_NONE; +- err = grub_relocator_alloc_chunk_align (relocator, &ch, +- 0x1000000, +- 0xffffffff & ~prot_size, ++ err = grub_relocator_alloc_chunk_align (relocator, &ch, 0x1000000, ++ UP_TO_TOP32 (prot_size), + prot_size, 1 << *align, + GRUB_RELOCATOR_PREFERENCE_LOW, + 1); +diff --git a/grub-core/loader/i386/multiboot_mbi.c b/grub-core/loader/i386/multiboot_mbi.c +index ca85358f7..9d3466d6a 100644 +--- a/grub-core/loader/i386/multiboot_mbi.c ++++ b/grub-core/loader/i386/multiboot_mbi.c +@@ -470,10 +470,9 @@ grub_multiboot_make_mbi (grub_uint32_t *target) + + bufsize = grub_multiboot_get_mbi_size (); + +- err = grub_relocator_alloc_chunk_align (grub_multiboot_relocator, &ch, +- 0x10000, 0xa0000 - bufsize, +- bufsize, 4, +- GRUB_RELOCATOR_PREFERENCE_NONE, 0); ++ err = grub_relocator_alloc_chunk_align_safe (grub_multiboot_relocator, &ch, ++ 0x10000, 0xa0000, bufsize, 4, ++ GRUB_RELOCATOR_PREFERENCE_NONE, 0); + if (err) + return err; + ptrorig = get_virtual_current_address (ch); +diff --git a/grub-core/loader/i386/pc/linux.c b/grub-core/loader/i386/pc/linux.c +index 540891371..63736fae9 100644 +--- a/grub-core/loader/i386/pc/linux.c ++++ b/grub-core/loader/i386/pc/linux.c +@@ -460,10 +460,8 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), + + { + grub_relocator_chunk_t ch; +- err = grub_relocator_alloc_chunk_align (relocator, &ch, +- addr_min, addr_max - size, +- size, 0x1000, +- GRUB_RELOCATOR_PREFERENCE_HIGH, 0); ++ err = grub_relocator_alloc_chunk_align_safe (relocator, &ch, addr_min, addr_max, size, ++ 0x1000, GRUB_RELOCATOR_PREFERENCE_HIGH, 0); + if (err) + return err; + initrd_chunk = get_virtual_current_address (ch); +diff --git a/grub-core/loader/mips/linux.c b/grub-core/loader/mips/linux.c +index 5f383be3d..27c1db84a 100644 +--- a/grub-core/loader/mips/linux.c ++++ b/grub-core/loader/mips/linux.c +@@ -434,12 +434,9 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), + { + grub_relocator_chunk_t ch; + +- err = grub_relocator_alloc_chunk_align (relocator, &ch, +- (target_addr & 0x1fffffff) +- + linux_size + 0x10000, +- (0x10000000 - size), +- size, 0x10000, +- GRUB_RELOCATOR_PREFERENCE_NONE, 0); ++ err = grub_relocator_alloc_chunk_align_safe (relocator, &ch, (target_addr & 0x1fffffff) + ++ linux_size + 0x10000, 0x10000000, size, ++ 0x10000, GRUB_RELOCATOR_PREFERENCE_NONE, 0); + + if (err) + goto fail; +diff --git a/grub-core/loader/multiboot.c b/grub-core/loader/multiboot.c +index 9a8dae556..f455e8039 100644 +--- a/grub-core/loader/multiboot.c ++++ b/grub-core/loader/multiboot.c +@@ -407,7 +407,7 @@ grub_cmd_module (grub_command_t cmd __attribute__ ((unused)), + { + grub_relocator_chunk_t ch; + err = grub_relocator_alloc_chunk_align (GRUB_MULTIBOOT (relocator), &ch, +- lowest_addr, (0xffffffff - size) + 1, ++ lowest_addr, UP_TO_TOP32 (size), + size, MULTIBOOT_MOD_ALIGN, + GRUB_RELOCATOR_PREFERENCE_NONE, 1); + if (err) +diff --git a/grub-core/loader/multiboot_elfxx.c b/grub-core/loader/multiboot_elfxx.c +index cc6853692..f2318e0d1 100644 +--- a/grub-core/loader/multiboot_elfxx.c ++++ b/grub-core/loader/multiboot_elfxx.c +@@ -109,10 +109,10 @@ CONCAT(grub_multiboot_load_elf, XX) (mbi_load_data_t *mld) + if (load_size > mld->max_addr || mld->min_addr > mld->max_addr - load_size) + return grub_error (GRUB_ERR_BAD_OS, "invalid min/max address and/or load size"); + +- err = grub_relocator_alloc_chunk_align (GRUB_MULTIBOOT (relocator), &ch, +- mld->min_addr, mld->max_addr - load_size, +- load_size, mld->align ? mld->align : 1, +- mld->preference, mld->avoid_efi_boot_services); ++ err = grub_relocator_alloc_chunk_align_safe (GRUB_MULTIBOOT (relocator), &ch, ++ mld->min_addr, mld->max_addr, ++ load_size, mld->align ? mld->align : 1, ++ mld->preference, mld->avoid_efi_boot_services); + + if (err) + { +@@ -256,7 +256,7 @@ CONCAT(grub_multiboot_load_elf, XX) (mbi_load_data_t *mld) + continue; + + err = grub_relocator_alloc_chunk_align (GRUB_MULTIBOOT (relocator), &ch, 0, +- (0xffffffff - sh->sh_size) + 1, ++ UP_TO_TOP32 (sh->sh_size), + sh->sh_size, sh->sh_addralign, + GRUB_RELOCATOR_PREFERENCE_NONE, + mld->avoid_efi_boot_services); +diff --git a/grub-core/loader/multiboot_mbi2.c b/grub-core/loader/multiboot_mbi2.c +index 872dcd42e..3cfb47650 100644 +--- a/grub-core/loader/multiboot_mbi2.c ++++ b/grub-core/loader/multiboot_mbi2.c +@@ -298,10 +298,10 @@ grub_multiboot2_load (grub_file_t file, const char *filename) + return grub_error (GRUB_ERR_BAD_OS, "invalid min/max address and/or load size"); + } + +- err = grub_relocator_alloc_chunk_align (grub_multiboot2_relocator, &ch, +- mld.min_addr, mld.max_addr - code_size, +- code_size, mld.align ? mld.align : 1, +- mld.preference, keep_bs); ++ err = grub_relocator_alloc_chunk_align_safe (grub_multiboot2_relocator, &ch, ++ mld.min_addr, mld.max_addr, ++ code_size, mld.align ? mld.align : 1, ++ mld.preference, keep_bs); + } + else + err = grub_relocator_alloc_chunk_addr (grub_multiboot2_relocator, +@@ -747,7 +747,7 @@ grub_multiboot2_make_mbi (grub_uint32_t *target) + COMPILE_TIME_ASSERT (MULTIBOOT_TAG_ALIGN % sizeof (grub_properly_aligned_t) == 0); + + err = grub_relocator_alloc_chunk_align (grub_multiboot2_relocator, &ch, +- 0, 0xffffffff - bufsize, ++ 0, UP_TO_TOP32 (bufsize), + bufsize, MULTIBOOT_TAG_ALIGN, + GRUB_RELOCATOR_PREFERENCE_NONE, 1); + if (err) +diff --git a/grub-core/loader/xnu_resume.c b/grub-core/loader/xnu_resume.c +index 534a74438..99119558d 100644 +--- a/grub-core/loader/xnu_resume.c ++++ b/grub-core/loader/xnu_resume.c +@@ -129,7 +129,7 @@ grub_xnu_resume (char *imagename) + { + grub_relocator_chunk_t ch; + err = grub_relocator_alloc_chunk_align (grub_xnu_relocator, &ch, 0, +- (0xffffffff - hibhead.image_size) + 1, ++ UP_TO_TOP32 (hibhead.image_size), + hibhead.image_size, + GRUB_XNU_PAGESIZE, + GRUB_RELOCATOR_PREFERENCE_NONE, 0); +diff --git a/include/grub/relocator.h b/include/grub/relocator.h +index 24d8672d2..1b3bdd92a 100644 +--- a/include/grub/relocator.h ++++ b/include/grub/relocator.h +@@ -49,6 +49,35 @@ grub_relocator_alloc_chunk_align (struct grub_relocator *rel, + int preference, + int avoid_efi_boot_services); + ++/* ++ * Wrapper for grub_relocator_alloc_chunk_align() with purpose of ++ * protecting against integer underflow. ++ * ++ * Compare to its callee, max_addr has different meaning here. ++ * It covers entire chunk and not just start address of the chunk. ++ */ ++static inline grub_err_t ++grub_relocator_alloc_chunk_align_safe (struct grub_relocator *rel, ++ grub_relocator_chunk_t *out, ++ grub_phys_addr_t min_addr, ++ grub_phys_addr_t max_addr, ++ grub_size_t size, grub_size_t align, ++ int preference, ++ int avoid_efi_boot_services) ++{ ++ /* Sanity check and ensure following equation (max_addr - size) is safe. */ ++ if (max_addr < size || (max_addr - size) < min_addr) ++ return GRUB_ERR_OUT_OF_RANGE; ++ ++ return grub_relocator_alloc_chunk_align (rel, out, min_addr, ++ max_addr - size, ++ size, align, preference, ++ avoid_efi_boot_services); ++} ++ ++/* Top 32-bit address minus s bytes and plus 1 byte. */ ++#define UP_TO_TOP32(s) ((~(s) & 0xffffffff) + 1) ++ + #define GRUB_RELOCATOR_PREFERENCE_NONE 0 + #define GRUB_RELOCATOR_PREFERENCE_LOW 1 + #define GRUB_RELOCATOR_PREFERENCE_HIGH 2 diff --git a/SOURCES/0297-script-Remove-unused-fields-from-grub_script_functio.patch b/SOURCES/0297-script-Remove-unused-fields-from-grub_script_functio.patch new file mode 100644 index 0000000..3c9e704 --- /dev/null +++ b/SOURCES/0297-script-Remove-unused-fields-from-grub_script_functio.patch @@ -0,0 +1,30 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Chris Coulson +Date: Fri, 10 Jul 2020 11:21:14 +0100 +Subject: [PATCH] script: Remove unused fields from grub_script_function struct + +Signed-off-by: Chris Coulson +Reviewed-by: Daniel Kiper +Upstream-commit-id: d04089c8e52 +--- + include/grub/script_sh.h | 5 ----- + 1 file changed, 5 deletions(-) + +diff --git a/include/grub/script_sh.h b/include/grub/script_sh.h +index 360c2be1f..b382bcf09 100644 +--- a/include/grub/script_sh.h ++++ b/include/grub/script_sh.h +@@ -359,13 +359,8 @@ struct grub_script_function + /* The script function. */ + struct grub_script *func; + +- /* The flags. */ +- unsigned flags; +- + /* The next element. */ + struct grub_script_function *next; +- +- int references; + }; + typedef struct grub_script_function *grub_script_function_t; + diff --git a/SOURCES/0298-script-Avoid-a-use-after-free-when-redefining-a-func.patch b/SOURCES/0298-script-Avoid-a-use-after-free-when-redefining-a-func.patch new file mode 100644 index 0000000..6f4b1e3 --- /dev/null +++ b/SOURCES/0298-script-Avoid-a-use-after-free-when-redefining-a-func.patch @@ -0,0 +1,105 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Chris Coulson +Date: Fri, 10 Jul 2020 14:41:45 +0100 +Subject: [PATCH] script: Avoid a use-after-free when redefining a function + during execution + +Defining a new function with the same name as a previously defined +function causes the grub_script and associated resources for the +previous function to be freed. If the previous function is currently +executing when a function with the same name is defined, this results +in use-after-frees when processing subsequent commands in the original +function. + +Instead, reject a new function definition if it has the same name as +a previously defined function, and that function is currently being +executed. Although a behavioural change, this should be backwards +compatible with existing configurations because they can't be +dependent on the current behaviour without being broken. + +Signed-off-by: Chris Coulson +Reviewed-by: Daniel Kiper +Upstream-commit-id: f6253a1f540 +--- + grub-core/script/execute.c | 2 ++ + grub-core/script/function.c | 16 +++++++++++++--- + include/grub/script_sh.h | 2 ++ + grub-core/script/parser.y | 3 ++- + 4 files changed, 19 insertions(+), 4 deletions(-) + +diff --git a/grub-core/script/execute.c b/grub-core/script/execute.c +index 528ddfd36..a1aadb9ee 100644 +--- a/grub-core/script/execute.c ++++ b/grub-core/script/execute.c +@@ -872,7 +872,9 @@ grub_script_function_call (grub_script_function_t func, int argc, char **args) + old_scope = scope; + scope = &new_scope; + ++ func->executing++; + ret = grub_script_execute (func->func); ++ func->executing--; + + function_return = 0; + active_loops = loops; +diff --git a/grub-core/script/function.c b/grub-core/script/function.c +index d36655e51..3aad04bf9 100644 +--- a/grub-core/script/function.c ++++ b/grub-core/script/function.c +@@ -34,6 +34,7 @@ grub_script_function_create (struct grub_script_arg *functionname_arg, + func = (grub_script_function_t) grub_malloc (sizeof (*func)); + if (! func) + return 0; ++ func->executing = 0; + + func->name = grub_strdup (functionname_arg->str); + if (! func->name) +@@ -60,10 +61,19 @@ grub_script_function_create (struct grub_script_arg *functionname_arg, + grub_script_function_t q; + + q = *p; +- grub_script_free (q->func); +- q->func = cmd; + grub_free (func); +- func = q; ++ if (q->executing > 0) ++ { ++ grub_error (GRUB_ERR_BAD_ARGUMENT, ++ N_("attempt to redefine a function being executed")); ++ func = NULL; ++ } ++ else ++ { ++ grub_script_free (q->func); ++ q->func = cmd; ++ func = q; ++ } + } + else + { +diff --git a/include/grub/script_sh.h b/include/grub/script_sh.h +index b382bcf09..6c48e0751 100644 +--- a/include/grub/script_sh.h ++++ b/include/grub/script_sh.h +@@ -361,6 +361,8 @@ struct grub_script_function + + /* The next element. */ + struct grub_script_function *next; ++ ++ unsigned executing; + }; + typedef struct grub_script_function *grub_script_function_t; + +diff --git a/grub-core/script/parser.y b/grub-core/script/parser.y +index 4f0ab8319..f80b86b6f 100644 +--- a/grub-core/script/parser.y ++++ b/grub-core/script/parser.y +@@ -289,7 +289,8 @@ function: "function" "name" + grub_script_mem_free (state->func_mem); + else { + script->children = state->scripts; +- grub_script_function_create ($2, script); ++ if (!grub_script_function_create ($2, script)) ++ grub_script_free (script); + } + + state->scripts = $3; diff --git a/SOURCES/0299-relocator-Fix-grub_relocator_alloc_chunk_align-top-m.patch b/SOURCES/0299-relocator-Fix-grub_relocator_alloc_chunk_align-top-m.patch new file mode 100644 index 0000000..eff2fb9 --- /dev/null +++ b/SOURCES/0299-relocator-Fix-grub_relocator_alloc_chunk_align-top-m.patch @@ -0,0 +1,43 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Alexey Makhalov +Date: Fri, 17 Jul 2020 05:17:26 +0000 +Subject: [PATCH] relocator: Fix grub_relocator_alloc_chunk_align() top memory + allocation + +Current implementation of grub_relocator_alloc_chunk_align() +does not allow allocation of the top byte. + +Assuming input args are: + max_addr = 0xfffff000; + size = 0x1000; + +And this is valid. But following overflow protection will +unnecessarily move max_addr one byte down (to 0xffffefff): + if (max_addr > ~size) + max_addr = ~size; + +~size + 1 will fix the situation. In addition, check size +for non zero to do not zero max_addr. + +Signed-off-by: Alexey Makhalov +Reviewed-by: Daniel Kiper +Upstream-commit-id: ab80a97eb1f +--- + grub-core/lib/relocator.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/grub-core/lib/relocator.c b/grub-core/lib/relocator.c +index 5847aac36..f2c1944c2 100644 +--- a/grub-core/lib/relocator.c ++++ b/grub-core/lib/relocator.c +@@ -1386,8 +1386,8 @@ grub_relocator_alloc_chunk_align (struct grub_relocator *rel, + }; + grub_addr_t min_addr2 = 0, max_addr2; + +- if (max_addr > ~size) +- max_addr = ~size; ++ if (size && (max_addr > ~size)) ++ max_addr = ~size + 1; + + #ifdef GRUB_MACHINE_PCBIOS + if (min_addr < 0x1000) diff --git a/SOURCES/0300-hfsplus-fix-two-more-overflows.patch b/SOURCES/0300-hfsplus-fix-two-more-overflows.patch new file mode 100644 index 0000000..f9232c0 --- /dev/null +++ b/SOURCES/0300-hfsplus-fix-two-more-overflows.patch @@ -0,0 +1,54 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Sun, 19 Jul 2020 14:43:31 -0400 +Subject: [PATCH] hfsplus: fix two more overflows + +Both node->size and node->namelen come from the supplied filesystem, +which may be user-supplied. We can't trust them for the math unless we +know they don't overflow; making sure they go through calloc() first +will give us that. + +Signed-off-by: Peter Jones +Reviewed-by: Darren Kenny +Upstream-commit-id: b4915078903 +--- + grub-core/fs/hfsplus.c | 11 ++++++++--- + 1 file changed, 8 insertions(+), 3 deletions(-) + +diff --git a/grub-core/fs/hfsplus.c b/grub-core/fs/hfsplus.c +index f1cd72398..8b17ebba2 100644 +--- a/grub-core/fs/hfsplus.c ++++ b/grub-core/fs/hfsplus.c +@@ -31,6 +31,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -475,8 +476,12 @@ grub_hfsplus_read_symlink (grub_fshelp_node_t node) + { + char *symlink; + grub_ssize_t numread; ++ grub_size_t sz = node->size; + +- symlink = grub_malloc (node->size + 1); ++ if (grub_add (sz, 1, &sz)) ++ return NULL; ++ ++ symlink = grub_malloc (sz); + if (!symlink) + return 0; + +@@ -715,8 +720,8 @@ list_nodes (void *record, void *hook_arg) + if (type == GRUB_FSHELP_UNKNOWN) + return 0; + +- filename = grub_malloc (grub_be_to_cpu16 (catkey->namelen) +- * GRUB_MAX_UTF8_PER_UTF16 + 1); ++ filename = grub_calloc (grub_be_to_cpu16 (catkey->namelen), ++ GRUB_MAX_UTF8_PER_UTF16 + 1); + if (! filename) + return 0; + diff --git a/SOURCES/0301-lvm-fix-two-more-potential-data-dependent-alloc-over.patch b/SOURCES/0301-lvm-fix-two-more-potential-data-dependent-alloc-over.patch new file mode 100644 index 0000000..5300a55 --- /dev/null +++ b/SOURCES/0301-lvm-fix-two-more-potential-data-dependent-alloc-over.patch @@ -0,0 +1,109 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Sun, 19 Jul 2020 15:48:20 -0400 +Subject: [PATCH] lvm: fix two more potential data-dependent alloc overflows + +It appears to be possible to make a (possibly invalid) lvm PV with a +metadata size field that overflows our type when adding it to the +address we've allocated. Even if it doesn't, it may be possible to do +so with the math using the outcome of that as an operand. Check them +both. + +Signed-off-by: Peter Jones +Signed-off-by: Darren Kenny +Upstream-commit-id: 45ec6046ea0 +--- + grub-core/disk/lvm.c | 48 ++++++++++++++++++++++++++++++++++++++++-------- + 1 file changed, 40 insertions(+), 8 deletions(-) + +diff --git a/grub-core/disk/lvm.c b/grub-core/disk/lvm.c +index d1df640b3..ca09d4699 100644 +--- a/grub-core/disk/lvm.c ++++ b/grub-core/disk/lvm.c +@@ -25,6 +25,7 @@ + #include + #include + #include ++#include + + #ifdef GRUB_UTIL + #include +@@ -102,10 +103,12 @@ grub_lvm_detect (grub_disk_t disk, + { + grub_err_t err; + grub_uint64_t mda_offset, mda_size; ++ grub_size_t ptr; + char buf[GRUB_LVM_LABEL_SIZE]; + char vg_id[GRUB_LVM_ID_STRLEN+1]; + char pv_id[GRUB_LVM_ID_STRLEN+1]; +- char *metadatabuf, *p, *q, *vgname; ++ char *metadatabuf, *mda_end, *vgname; ++ char *p, *q; + struct grub_lvm_label_header *lh = (struct grub_lvm_label_header *) buf; + struct grub_lvm_pv_header *pvh; + struct grub_lvm_disk_locn *dlocn; +@@ -205,19 +208,31 @@ grub_lvm_detect (grub_disk_t disk, + grub_le_to_cpu64 (rlocn->size) - + grub_le_to_cpu64 (mdah->size)); + } +- p = q = metadatabuf + grub_le_to_cpu64 (rlocn->offset); + +- while (*q != ' ' && q < metadatabuf + mda_size) +- q++; +- +- if (q == metadatabuf + mda_size) ++ if (grub_add ((grub_size_t)metadatabuf, ++ (grub_size_t)grub_le_to_cpu64 (rlocn->offset), ++ &ptr)) + { ++error_parsing_metadata: + #ifdef GRUB_UTIL + grub_util_info ("error parsing metadata"); + #endif + goto fail2; + } + ++ p = q = (char *)ptr; ++ ++ if (grub_add ((grub_size_t)metadatabuf, (grub_size_t)mda_size, &ptr)) ++ goto error_parsing_metadata; ++ ++ mda_end = (char *)ptr; ++ ++ while (*q != ' ' && q < mda_end) ++ q++; ++ ++ if (q == mda_end) ++ goto error_parsing_metadata; ++ + vgname_len = q - p; + vgname = grub_malloc (vgname_len + 1); + if (!vgname) +@@ -367,8 +382,25 @@ grub_lvm_detect (grub_disk_t disk, + { + const char *iptr; + char *optr; +- lv->fullname = grub_malloc (sizeof ("lvm/") - 1 + 2 * vgname_len +- + 1 + 2 * s + 1); ++ ++ /* this is kind of hard to read with our safe (but rather ++ * baroque) math primatives, but it boils down to: ++ * ++ * sz0 = vgname_len * 2 + 1 ++ * + s * 2 + 1 ++ * + sizeof ("lvm/") - 1; ++ */ ++ grub_size_t sz0 = vgname_len, sz1 = s; ++ ++ if (grub_mul (sz0, 2, &sz0) || ++ grub_add (sz0, 1, &sz0) || ++ grub_mul (sz1, 2, &sz1) || ++ grub_add (sz1, 1, &sz1) || ++ grub_add (sz0, sz1, &sz0) || ++ grub_add (sz0, sizeof ("lvm/") - 1, &sz0)) ++ goto lvs_fail; ++ ++ lv->fullname = grub_malloc (sz0); + if (!lv->fullname) + goto lvs_fail; + diff --git a/SOURCES/0302-emu-make-grub_free-NULL-safe.patch b/SOURCES/0302-emu-make-grub_free-NULL-safe.patch new file mode 100644 index 0000000..01cfe58 --- /dev/null +++ b/SOURCES/0302-emu-make-grub_free-NULL-safe.patch @@ -0,0 +1,31 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Sun, 19 Jul 2020 16:08:08 -0400 +Subject: [PATCH] emu: make grub_free(NULL) safe + +The grub_free() implementation in kern/mm.c safely handles NULL +pointers, and code at many places depends on this. We don't know that +the same is true on all host OSes, so we need to handle the same +behavior in grub-emu's implementation. + +Signed-off-by: Peter Jones +Reviewed-by: Darren Kenny +Upstream-commit-id: 96bb109e658 +--- + grub-core/kern/emu/mm.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/grub-core/kern/emu/mm.c b/grub-core/kern/emu/mm.c +index 145b01d37..4d1046a21 100644 +--- a/grub-core/kern/emu/mm.c ++++ b/grub-core/kern/emu/mm.c +@@ -60,7 +60,8 @@ grub_zalloc (grub_size_t size) + void + grub_free (void *ptr) + { +- free (ptr); ++ if (ptr) ++ free (ptr); + } + + void * diff --git a/SOURCES/0303-efi-fix-some-malformed-device-path-arithmetic-errors.patch b/SOURCES/0303-efi-fix-some-malformed-device-path-arithmetic-errors.patch new file mode 100644 index 0000000..5103046 --- /dev/null +++ b/SOURCES/0303-efi-fix-some-malformed-device-path-arithmetic-errors.patch @@ -0,0 +1,248 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Sun, 19 Jul 2020 16:53:27 -0400 +Subject: [PATCH] efi: fix some malformed device path arithmetic errors. + +Several places we take the length of a device path and subtract 4 from +it, without ever checking that it's >= 4. There are also cases where +this kind of malformation will result in unpredictable iteration, +including treating the length from one dp node as the type in the next +node. These are all errors, no matter where the data comes from. + +This patch adds a checking macro, GRUB_EFI_DEVICE_PATH_VALID(), which +can be used in several places, and makes GRUB_EFI_NEXT_DEVICE_PATH() +return NULL and GRUB_EFI_END_ENTIRE_DEVICE_PATH() evaluate as true when +the length is too small. Additionally, it makes several places in the +code check for and return errors in these cases. + +Signed-off-by: Peter Jones +Upstream-commit-id: 23e68a83990 +--- + grub-core/kern/efi/efi.c | 67 ++++++++++++++++++++++++++++++++------ + grub-core/loader/efi/chainloader.c | 19 +++++++++-- + grub-core/loader/i386/xnu.c | 9 ++--- + include/grub/efi/api.h | 14 +++++--- + 4 files changed, 88 insertions(+), 21 deletions(-) + +diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c +index b1379b92f..03de9cb14 100644 +--- a/grub-core/kern/efi/efi.c ++++ b/grub-core/kern/efi/efi.c +@@ -344,7 +344,7 @@ grub_efi_get_filename (grub_efi_device_path_t *dp0) + + dp = dp0; + +- while (1) ++ while (dp) + { + grub_efi_uint8_t type = GRUB_EFI_DEVICE_PATH_TYPE (dp); + grub_efi_uint8_t subtype = GRUB_EFI_DEVICE_PATH_SUBTYPE (dp); +@@ -354,9 +354,15 @@ grub_efi_get_filename (grub_efi_device_path_t *dp0) + if (type == GRUB_EFI_MEDIA_DEVICE_PATH_TYPE + && subtype == GRUB_EFI_FILE_PATH_DEVICE_PATH_SUBTYPE) + { +- grub_efi_uint16_t len; +- len = ((GRUB_EFI_DEVICE_PATH_LENGTH (dp) - 4) +- / sizeof (grub_efi_char16_t)); ++ grub_efi_uint16_t len = GRUB_EFI_DEVICE_PATH_LENGTH (dp); ++ ++ if (len < 4) ++ { ++ grub_error (GRUB_ERR_OUT_OF_RANGE, ++ "malformed EFI Device Path node has length=%d", len); ++ return NULL; ++ } ++ len = (len - 4) / sizeof (grub_efi_char16_t); + filesize += GRUB_MAX_UTF8_PER_UTF16 * len + 2; + } + +@@ -372,7 +378,7 @@ grub_efi_get_filename (grub_efi_device_path_t *dp0) + if (!name) + return NULL; + +- while (1) ++ while (dp) + { + grub_efi_uint8_t type = GRUB_EFI_DEVICE_PATH_TYPE (dp); + grub_efi_uint8_t subtype = GRUB_EFI_DEVICE_PATH_SUBTYPE (dp); +@@ -388,8 +394,15 @@ grub_efi_get_filename (grub_efi_device_path_t *dp0) + + *p++ = '/'; + +- len = ((GRUB_EFI_DEVICE_PATH_LENGTH (dp) - 4) +- / sizeof (grub_efi_char16_t)); ++ len = GRUB_EFI_DEVICE_PATH_LENGTH (dp); ++ if (len < 4) ++ { ++ grub_error (GRUB_ERR_OUT_OF_RANGE, ++ "malformed EFI Device Path node has length=%d", len); ++ return NULL; ++ } ++ ++ len = (len - 4) / sizeof (grub_efi_char16_t); + fp = (grub_efi_file_path_device_path_t *) dp; + /* According to EFI spec Path Name is NULL terminated */ + while (len > 0 && fp->path_name[len - 1] == 0) +@@ -464,7 +477,26 @@ grub_efi_duplicate_device_path (const grub_efi_device_path_t *dp) + ; + p = GRUB_EFI_NEXT_DEVICE_PATH (p)) + { +- total_size += GRUB_EFI_DEVICE_PATH_LENGTH (p); ++ grub_size_t len = GRUB_EFI_DEVICE_PATH_LENGTH (p); ++ ++ /* ++ * In the event that we find a node that's completely garbage, for ++ * example if we get to 0x7f 0x01 0x02 0x00 ... (EndInstance with a size ++ * of 2), GRUB_EFI_END_ENTIRE_DEVICE_PATH() will be true and ++ * GRUB_EFI_NEXT_DEVICE_PATH() will return NULL, so we won't continue, ++ * and neither should our consumers, but there won't be any error raised ++ * even though the device path is junk. ++ * ++ * This keeps us from passing junk down back to our caller. ++ */ ++ if (len < 4) ++ { ++ grub_error (GRUB_ERR_OUT_OF_RANGE, ++ "malformed EFI Device Path node has length=%d", len); ++ return NULL; ++ } ++ ++ total_size += len; + if (GRUB_EFI_END_ENTIRE_DEVICE_PATH (p)) + break; + } +@@ -509,7 +541,7 @@ dump_vendor_path (const char *type, grub_efi_vendor_device_path_t *vendor) + void + grub_efi_print_device_path (grub_efi_device_path_t *dp) + { +- while (1) ++ while (GRUB_EFI_DEVICE_PATH_VALID (dp)) + { + grub_efi_uint8_t type = GRUB_EFI_DEVICE_PATH_TYPE (dp); + grub_efi_uint8_t subtype = GRUB_EFI_DEVICE_PATH_SUBTYPE (dp); +@@ -981,7 +1013,11 @@ grub_efi_compare_device_paths (const grub_efi_device_path_t *dp1, + /* Return non-zero. */ + return 1; + +- while (1) ++ if (dp1 == dp2) ++ return 0; ++ ++ while (GRUB_EFI_DEVICE_PATH_VALID (dp1) ++ && GRUB_EFI_DEVICE_PATH_VALID (dp2)) + { + grub_efi_uint8_t type1, type2; + grub_efi_uint8_t subtype1, subtype2; +@@ -1017,5 +1053,16 @@ grub_efi_compare_device_paths (const grub_efi_device_path_t *dp1, + dp2 = (grub_efi_device_path_t *) ((char *) dp2 + len2); + } + ++ /* ++ * There's no "right" answer here, but we probably don't want to call a valid ++ * dp and an invalid dp equal, so pick one way or the other. ++ */ ++ if (GRUB_EFI_DEVICE_PATH_VALID (dp1) && ++ !GRUB_EFI_DEVICE_PATH_VALID (dp2)) ++ return 1; ++ else if (!GRUB_EFI_DEVICE_PATH_VALID (dp1) && ++ GRUB_EFI_DEVICE_PATH_VALID (dp2)) ++ return -1; ++ + return 0; + } +diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c +index 2da119ad5..c2411b6da 100644 +--- a/grub-core/loader/efi/chainloader.c ++++ b/grub-core/loader/efi/chainloader.c +@@ -125,6 +125,12 @@ copy_file_path (grub_efi_file_path_device_path_t *fp, + fp->header.type = GRUB_EFI_MEDIA_DEVICE_PATH_TYPE; + fp->header.subtype = GRUB_EFI_FILE_PATH_DEVICE_PATH_SUBTYPE; + ++ if (!GRUB_EFI_DEVICE_PATH_VALID ((grub_efi_device_path_t *)fp)) ++ { ++ grub_error (GRUB_ERR_BAD_ARGUMENT, "EFI Device Path is invalid"); ++ return; ++ } ++ + path_name = grub_calloc (len, GRUB_MAX_UTF16_PER_UTF8 * sizeof (*path_name)); + if (!path_name) + return; +@@ -164,9 +170,18 @@ make_file_path (grub_efi_device_path_t *dp, const char *filename) + + size = 0; + d = dp; +- while (1) ++ while (d) + { +- size += GRUB_EFI_DEVICE_PATH_LENGTH (d); ++ grub_size_t len = GRUB_EFI_DEVICE_PATH_LENGTH (d); ++ ++ if (len < 4) ++ { ++ grub_error (GRUB_ERR_OUT_OF_RANGE, ++ "malformed EFI Device Path node has length=%d", len); ++ return NULL; ++ } ++ ++ size += len; + if ((GRUB_EFI_END_ENTIRE_DEVICE_PATH (d))) + break; + d = GRUB_EFI_NEXT_DEVICE_PATH (d); +diff --git a/grub-core/loader/i386/xnu.c b/grub-core/loader/i386/xnu.c +index c760db30f..44f7ebfa2 100644 +--- a/grub-core/loader/i386/xnu.c ++++ b/grub-core/loader/i386/xnu.c +@@ -515,14 +515,15 @@ grub_cmd_devprop_load (grub_command_t cmd __attribute__ ((unused)), + + devhead = buf; + buf = devhead + 1; +- dpstart = buf; ++ dp = dpstart = buf; + +- do ++ while (GRUB_EFI_DEVICE_PATH_VALID (dp) && buf < bufend) + { +- dp = buf; + buf = (char *) buf + GRUB_EFI_DEVICE_PATH_LENGTH (dp); ++ if (GRUB_EFI_END_ENTIRE_DEVICE_PATH (dp)) ++ break; ++ dp = buf; + } +- while (!GRUB_EFI_END_ENTIRE_DEVICE_PATH (dp) && buf < bufend); + + dev = grub_xnu_devprop_add_device (dpstart, (char *) buf + - (char *) dpstart); +diff --git a/include/grub/efi/api.h b/include/grub/efi/api.h +index 6c440c613..a092fddb6 100644 +--- a/include/grub/efi/api.h ++++ b/include/grub/efi/api.h +@@ -671,6 +671,7 @@ typedef struct grub_efi_device_path grub_efi_device_path_protocol_t; + #define GRUB_EFI_DEVICE_PATH_TYPE(dp) ((dp)->type & 0x7f) + #define GRUB_EFI_DEVICE_PATH_SUBTYPE(dp) ((dp)->subtype) + #define GRUB_EFI_DEVICE_PATH_LENGTH(dp) ((dp)->length) ++#define GRUB_EFI_DEVICE_PATH_VALID(dp) ((dp) != NULL && GRUB_EFI_DEVICE_PATH_LENGTH (dp) >= 4) + + /* The End of Device Path nodes. */ + #define GRUB_EFI_END_DEVICE_PATH_TYPE (0xff & 0x7f) +@@ -679,13 +680,16 @@ typedef struct grub_efi_device_path grub_efi_device_path_protocol_t; + #define GRUB_EFI_END_THIS_DEVICE_PATH_SUBTYPE 0x01 + + #define GRUB_EFI_END_ENTIRE_DEVICE_PATH(dp) \ +- (GRUB_EFI_DEVICE_PATH_TYPE (dp) == GRUB_EFI_END_DEVICE_PATH_TYPE \ +- && (GRUB_EFI_DEVICE_PATH_SUBTYPE (dp) \ +- == GRUB_EFI_END_ENTIRE_DEVICE_PATH_SUBTYPE)) ++ (!GRUB_EFI_DEVICE_PATH_VALID (dp) || \ ++ (GRUB_EFI_DEVICE_PATH_TYPE (dp) == GRUB_EFI_END_DEVICE_PATH_TYPE \ ++ && (GRUB_EFI_DEVICE_PATH_SUBTYPE (dp) \ ++ == GRUB_EFI_END_ENTIRE_DEVICE_PATH_SUBTYPE))) + + #define GRUB_EFI_NEXT_DEVICE_PATH(dp) \ +- ((grub_efi_device_path_t *) ((char *) (dp) \ +- + GRUB_EFI_DEVICE_PATH_LENGTH (dp))) ++ (GRUB_EFI_DEVICE_PATH_VALID (dp) \ ++ ? ((grub_efi_device_path_t *) \ ++ ((char *) (dp) + GRUB_EFI_DEVICE_PATH_LENGTH (dp))) \ ++ : NULL) + + /* Hardware Device Path. */ + #define GRUB_EFI_HARDWARE_DEVICE_PATH_TYPE 1 diff --git a/SOURCES/0304-Fix-a-regression-caused-by-efi-fix-some-malformed-de.patch b/SOURCES/0304-Fix-a-regression-caused-by-efi-fix-some-malformed-de.patch new file mode 100644 index 0000000..5682b8a --- /dev/null +++ b/SOURCES/0304-Fix-a-regression-caused-by-efi-fix-some-malformed-de.patch @@ -0,0 +1,85 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Chris Coulson +Date: Wed, 22 Jul 2020 17:06:04 +0100 +Subject: [PATCH] Fix a regression caused by "efi: fix some malformed device + path arithmetic errors" + +This commit introduced a bogus check inside copy_file_path to +determine whether the destination grub_efi_file_path_device_path_t +was valid before anything was copied to it. Depending on the +contents of the heap buffer, this check could fail which would +result in copy_file_path returning early. + +Without any error propagated to the caller, make_file_path would +then try to advance the invalid device path node with +GRUB_EFI_NEXT_DEVICE_PATH, which would also fail, returning a NULL +pointer that would subsequently be dereferenced. + +Remove the bogus check, and also propagate errors from copy_file_path. +--- + grub-core/loader/efi/chainloader.c | 26 ++++++++++++++------------ + 1 file changed, 14 insertions(+), 12 deletions(-) + +diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c +index c2411b6da..8b99cf23e 100644 +--- a/grub-core/loader/efi/chainloader.c ++++ b/grub-core/loader/efi/chainloader.c +@@ -115,7 +115,7 @@ grub_chainloader_boot (void) + return grub_errno; + } + +-static void ++static grub_err_t + copy_file_path (grub_efi_file_path_device_path_t *fp, + const char *str, grub_efi_uint16_t len) + { +@@ -125,15 +125,9 @@ copy_file_path (grub_efi_file_path_device_path_t *fp, + fp->header.type = GRUB_EFI_MEDIA_DEVICE_PATH_TYPE; + fp->header.subtype = GRUB_EFI_FILE_PATH_DEVICE_PATH_SUBTYPE; + +- if (!GRUB_EFI_DEVICE_PATH_VALID ((grub_efi_device_path_t *)fp)) +- { +- grub_error (GRUB_ERR_BAD_ARGUMENT, "EFI Device Path is invalid"); +- return; +- } +- + path_name = grub_calloc (len, GRUB_MAX_UTF16_PER_UTF8 * sizeof (*path_name)); + if (!path_name) +- return; ++ return grub_error (GRUB_ERR_OUT_OF_MEMORY, "failed to allocate path buffer"); + + size = grub_utf8_to_utf16 (path_name, len * GRUB_MAX_UTF16_PER_UTF8, + (const grub_uint8_t *) str, len, 0); +@@ -145,6 +139,8 @@ copy_file_path (grub_efi_file_path_device_path_t *fp, + /* File Path is NULL terminated */ + fp->path_name[size++] = '\0'; + fp->header.length = size * sizeof (grub_efi_char16_t) + sizeof (*fp); ++ grub_free (path_name); ++ return GRUB_ERR_NONE; + } + + static grub_efi_device_path_t * +@@ -202,13 +198,19 @@ make_file_path (grub_efi_device_path_t *dp, const char *filename) + /* Fill the file path for the directory. */ + d = (grub_efi_device_path_t *) ((char *) file_path + + ((char *) d - (char *) dp)); +- copy_file_path ((grub_efi_file_path_device_path_t *) d, +- dir_start, dir_end - dir_start); ++ if (copy_file_path ((grub_efi_file_path_device_path_t *) d, ++ dir_start, dir_end - dir_start) != GRUB_ERR_NONE) ++ { ++ fail: ++ grub_free (file_path); ++ return 0; ++ } + + /* Fill the file path for the file. */ + d = GRUB_EFI_NEXT_DEVICE_PATH (d); +- copy_file_path ((grub_efi_file_path_device_path_t *) d, +- dir_end + 1, grub_strlen (dir_end + 1)); ++ if (copy_file_path ((grub_efi_file_path_device_path_t *) d, ++ dir_end + 1, grub_strlen (dir_end + 1)) != GRUB_ERR_NONE) ++ goto fail; + + /* Fill the end of device path nodes. */ + d = GRUB_EFI_NEXT_DEVICE_PATH (d); diff --git a/SOURCES/0305-update-safemath-with-fallback-code-for-gcc-older-tha.patch b/SOURCES/0305-update-safemath-with-fallback-code-for-gcc-older-tha.patch new file mode 100644 index 0000000..50ed132 --- /dev/null +++ b/SOURCES/0305-update-safemath-with-fallback-code-for-gcc-older-tha.patch @@ -0,0 +1,147 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Alexander Burmashev +Date: Wed, 22 Jul 2020 06:04:38 -0700 +Subject: [PATCH] update safemath with fallback code for gcc older than 5.1 + +The code used in the header was taken from linux kernel commit +f0907827a8a9152aedac2833ed1b674a7b2a44f2. Rasmus Villemoes +, the original author of the patch, was +contacted directly, confirmed his authorship of the code, and gave his +permission on treating that dual license as MIT and including into GRUB2 +sources + +Signed-off-by: Alex Burmashev +--- + include/grub/safemath.h | 119 +++++++++++++++++++++++++++++++++++++++++++++++- + 1 file changed, 118 insertions(+), 1 deletion(-) + +diff --git a/include/grub/safemath.h b/include/grub/safemath.h +index c17b89bba..1ccac276b 100644 +--- a/include/grub/safemath.h ++++ b/include/grub/safemath.h +@@ -31,7 +31,124 @@ + #define grub_mul(a, b, res) __builtin_mul_overflow(a, b, res) + + #else +-#error gcc 5.1 or newer or clang 3.8 or newer is required ++/* ++ * Copyright 2020 Rasmus Villemoes ++ * ++ * Permission is hereby granted, free of charge, to any person obtaining a copy ++ * of this software and associated documentation files (the "Software"), to ++ * deal in the Software without restriction, including without limitation the ++ * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or ++ * sell copies of the Software, and to permit persons to whom the Software is ++ * furnished to do so, subject to the following conditions: ++ * ++ * The above copyright notice and this permission notice shall be included in ++ * all copies or substantial portions of the Software. ++ ++ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR ++ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, ++ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE ++ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER ++ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING ++ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS ++ * IN THE SOFTWARE. ++ */ ++/* ++ * The code used in this header was taken from linux kernel commit ++ * f0907827a8a9152aedac2833ed1b674a7b2a44f2 ++ * Rasmus Villemoes , the original author of the ++ * patch, was contacted directly, confirmed his authorship of the code, and ++ * gave his permission on treating that dual license as MIT and including into ++ * GRUB2 sources ++ */ ++ ++#include ++#define is_signed_type(type) (((type)(-1)) < (type)1) ++#define __type_half_max(type) ((type)1 << (8*sizeof(type) - 1 - is_signed_type(type))) ++#define type_max(T) ((T)((__type_half_max(T) - 1) + __type_half_max(T))) ++#define type_min(T) ((T)((T)-type_max(T)-(T)1)) ++ ++#define __unsigned_add_overflow(a, b, d) ({ \ ++ typeof(+(a)) __a = (a); \ ++ typeof(+(b)) __b = (b); \ ++ typeof(d) __d = (d); \ ++ (void) (&__a == &__b); \ ++ (void) (&__a == __d); \ ++ *__d = __a + __b; \ ++ *__d < __a; \ ++}) ++#define __unsigned_sub_overflow(a, b, d) ({ \ ++ typeof(+(a)) __a = (a); \ ++ typeof(+(b)) __b = (b); \ ++ typeof(d) __d = (d); \ ++ (void) (&__a == &__b); \ ++ (void) (&__a == __d); \ ++ *__d = __a - __b; \ ++ __a < __b; \ ++}) ++#define __unsigned_mul_overflow(a, b, d) ({ \ ++ typeof(+(a)) __a = (a); \ ++ typeof(+(b)) __b = (b); \ ++ typeof(d) __d = (d); \ ++ (void) (&__a == &__b); \ ++ (void) (&__a == __d); \ ++ *__d = __a * __b; \ ++ __builtin_constant_p(__b) ? \ ++ __b > 0 && __a > type_max(typeof(__a)) / __b :\ ++ __a > 0 && __b > type_max(typeof(__b)) / __a; \ ++}) ++ ++#define __signed_add_overflow(a, b, d) ({ \ ++ typeof(+(a)) __a = (a); \ ++ typeof(+(b)) __b = (b); \ ++ typeof(d) __d = (d); \ ++ (void) (&__a == &__b); \ ++ (void) (&__a == __d); \ ++ *__d = (grub_uint64_t)__a + (grub_uint64_t)__b; \ ++ (((~(__a ^ __b)) & (*__d ^ __a)) \ ++ & type_min(typeof(__a))) != 0; \ ++}) ++ ++#define __signed_sub_overflow(a, b, d) ({ \ ++ typeof(+(a)) __a = (a); \ ++ typeof(+(b)) __b = (b); \ ++ typeof(d) __d = (d); \ ++ (void) (&__a == &__b); \ ++ (void) (&__a == __d); \ ++ *__d = (grub_uint64_t)__a - (grub_uint64_t)__b; \ ++ ((((__a ^ __b)) & (*__d ^ __a)) \ ++ & type_min(typeof(__a))) != 0; \ ++}) ++ ++#define __signed_mul_overflow(a, b, d) ({ \ ++ typeof(+(a)) __a = (a); \ ++ typeof(+(b)) __b = (b); \ ++ typeof(d) __d = (d); \ ++ typeof(+(a)) __tmax = type_max(typeof(+(a))); \ ++ typeof(+(a)) __tmin = type_min(typeof(+(a))); \ ++ (void) (&__a == &__b); \ ++ (void) (&__a == __d); \ ++ *__d = (grub_uint64_t)__a * (grub_uint64_t)__b; \ ++ (__b > 0 && (__a > __tmax/__b || __a < __tmin/__b)) ||\ ++ (__b < (typeof(__b))-1 && \ ++ (__a > __tmin/__b || __a < __tmax/__b)) || \ ++ (__b == (typeof(__b))-1 && __a == __tmin); \ ++}) ++ ++#define grub_add(a, b, d) \ ++ __builtin_choose_expr(is_signed_type(typeof(+(a))), \ ++ __signed_add_overflow(a, b, d), \ ++ __unsigned_add_overflow(a, b, d)) ++ ++#define grub_sub(a, b, d) \ ++ __builtin_choose_expr(is_signed_type(typeof(+(a))), \ ++ __signed_sub_overflow(a, b, d), \ ++ __unsigned_sub_overflow(a, b, d)) ++ ++#define grub_mul(a, b, d) \ ++ __builtin_choose_expr(is_signed_type(typeof(+(a))), \ ++ __signed_mul_overflow(a, b, d), \ ++ __unsigned_mul_overflow(a, b, d)) ++ + #endif + + #endif /* GRUB_SAFEMATH_H */ diff --git a/SOURCES/0306-efi-Fix-use-after-free-in-halt-reboot-path.patch b/SOURCES/0306-efi-Fix-use-after-free-in-halt-reboot-path.patch new file mode 100644 index 0000000..7080ac5 --- /dev/null +++ b/SOURCES/0306-efi-Fix-use-after-free-in-halt-reboot-path.patch @@ -0,0 +1,162 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Alexey Makhalov +Date: Mon, 20 Jul 2020 23:03:05 +0000 +Subject: [PATCH] efi: Fix use-after-free in halt/reboot path + +commit 92bfc33db984 ("efi: Free malloc regions on exit") +introduced memory freeing in grub_efi_fini(), which is +used not only by exit path but by halt/reboot one as well. +As result of memory freeing, code and data regions used by +modules, such as halt, reboot, acpi (used by halt) also got +freed. After return to module code, CPU executes, filled +by UEFI firmware (tested with edk2), 0xAFAFAFAF pattern as +a code. Which leads to #UD exception later. + +grub> halt +!!!! X64 Exception Type - 06(#UD - Invalid Opcode) CPU Apic ID - 00000000 !!!! +RIP - 0000000003F4EC28, CS - 0000000000000038, RFLAGS - 0000000000200246 +RAX - 0000000000000000, RCX - 00000000061DA188, RDX - 0A74C0854DC35D41 +RBX - 0000000003E10E08, RSP - 0000000007F0F860, RBP - 0000000000000000 +RSI - 00000000064DB768, RDI - 000000000832C5C3 +R8 - 0000000000000002, R9 - 0000000000000000, R10 - 00000000061E2E52 +R11 - 0000000000000020, R12 - 0000000003EE5C1F, R13 - 00000000061E0FF4 +R14 - 0000000003E10D80, R15 - 00000000061E2F60 +DS - 0000000000000030, ES - 0000000000000030, FS - 0000000000000030 +GS - 0000000000000030, SS - 0000000000000030 +CR0 - 0000000080010033, CR2 - 0000000000000000, CR3 - 0000000007C01000 +CR4 - 0000000000000668, CR8 - 0000000000000000 +DR0 - 0000000000000000, DR1 - 0000000000000000, DR2 - 0000000000000000 +DR3 - 0000000000000000, DR6 - 00000000FFFF0FF0, DR7 - 0000000000000400 +GDTR - 00000000079EEA98 0000000000000047, LDTR - 0000000000000000 +IDTR - 0000000007598018 0000000000000FFF, TR - 0000000000000000 +FXSAVE_STATE - 0000000007F0F4C0 + +Proposal here is to continue to free allocated memory for +exit boot services path but keep it for halt/reboot path +as it won't be much security concern here. +Introduced GRUB_LOADER_FLAG_EFI_KEEP_ALLOCATED_MEMORY +loader flag to be used by efi halt/reboot path. + +Signed-off-by: Alexey Makhalov +Reviewed-by: Darren Kenny +--- + grub-core/kern/arm/efi/init.c | 3 +++ + grub-core/kern/arm64/efi/init.c | 3 +++ + grub-core/kern/efi/efi.c | 3 ++- + grub-core/kern/efi/init.c | 1 - + grub-core/kern/i386/efi/init.c | 9 +++++++-- + grub-core/kern/ia64/efi/init.c | 9 +++++++-- + grub-core/lib/efi/halt.c | 3 ++- + include/grub/loader.h | 1 + + 8 files changed, 25 insertions(+), 7 deletions(-) + +diff --git a/grub-core/kern/arm/efi/init.c b/grub-core/kern/arm/efi/init.c +index 06df60e2f..40c3b467f 100644 +--- a/grub-core/kern/arm/efi/init.c ++++ b/grub-core/kern/arm/efi/init.c +@@ -71,4 +71,7 @@ grub_machine_fini (int flags) + efi_call_1 (b->close_event, tmr_evt); + + grub_efi_fini (); ++ ++ if (!(flags & GRUB_LOADER_FLAG_EFI_KEEP_ALLOCATED_MEMORY)) ++ grub_efi_memory_fini (); + } +diff --git a/grub-core/kern/arm64/efi/init.c b/grub-core/kern/arm64/efi/init.c +index 6224999ec..5010caefd 100644 +--- a/grub-core/kern/arm64/efi/init.c ++++ b/grub-core/kern/arm64/efi/init.c +@@ -57,4 +57,7 @@ grub_machine_fini (int flags) + return; + + grub_efi_fini (); ++ ++ if (!(flags & GRUB_LOADER_FLAG_EFI_KEEP_ALLOCATED_MEMORY)) ++ grub_efi_memory_fini (); + } +diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c +index 03de9cb14..5dfcf9433 100644 +--- a/grub-core/kern/efi/efi.c ++++ b/grub-core/kern/efi/efi.c +@@ -157,7 +157,8 @@ grub_efi_get_loaded_image (grub_efi_handle_t image_handle) + void + grub_reboot (void) + { +- grub_machine_fini (GRUB_LOADER_FLAG_NORETURN); ++ grub_machine_fini (GRUB_LOADER_FLAG_NORETURN | ++ GRUB_LOADER_FLAG_EFI_KEEP_ALLOCATED_MEMORY); + efi_call_4 (grub_efi_system_table->runtime_services->reset_system, + GRUB_EFI_RESET_COLD, GRUB_EFI_SUCCESS, 0, NULL); + for (;;) ; +diff --git a/grub-core/kern/efi/init.c b/grub-core/kern/efi/init.c +index e6183a4c4..79243b364 100644 +--- a/grub-core/kern/efi/init.c ++++ b/grub-core/kern/efi/init.c +@@ -136,5 +136,4 @@ grub_efi_fini (void) + { + grub_efidisk_fini (); + grub_console_fini (); +- grub_efi_memory_fini (); + } +diff --git a/grub-core/kern/i386/efi/init.c b/grub-core/kern/i386/efi/init.c +index a28316cc6..46476e27e 100644 +--- a/grub-core/kern/i386/efi/init.c ++++ b/grub-core/kern/i386/efi/init.c +@@ -38,6 +38,11 @@ grub_machine_init (void) + void + grub_machine_fini (int flags) + { +- if (flags & GRUB_LOADER_FLAG_NORETURN) +- grub_efi_fini (); ++ if (!(flags & GRUB_LOADER_FLAG_NORETURN)) ++ return; ++ ++ grub_efi_fini (); ++ ++ if (!(flags & GRUB_LOADER_FLAG_EFI_KEEP_ALLOCATED_MEMORY)) ++ grub_efi_memory_fini (); + } +diff --git a/grub-core/kern/ia64/efi/init.c b/grub-core/kern/ia64/efi/init.c +index b5ecbd091..f1965571b 100644 +--- a/grub-core/kern/ia64/efi/init.c ++++ b/grub-core/kern/ia64/efi/init.c +@@ -70,6 +70,11 @@ grub_machine_init (void) + void + grub_machine_fini (int flags) + { +- if (flags & GRUB_LOADER_FLAG_NORETURN) +- grub_efi_fini (); ++ if (!(flags & GRUB_LOADER_FLAG_NORETURN)) ++ return; ++ ++ grub_efi_fini (); ++ ++ if (!(flags & GRUB_LOADER_FLAG_EFI_KEEP_ALLOCATED_MEMORY)) ++ grub_efi_memory_fini (); + } +diff --git a/grub-core/lib/efi/halt.c b/grub-core/lib/efi/halt.c +index e9441c844..a69a77681 100644 +--- a/grub-core/lib/efi/halt.c ++++ b/grub-core/lib/efi/halt.c +@@ -28,7 +28,8 @@ + void + grub_halt (void) + { +- grub_machine_fini (GRUB_LOADER_FLAG_NORETURN); ++ grub_machine_fini (GRUB_LOADER_FLAG_NORETURN | ++ GRUB_LOADER_FLAG_EFI_KEEP_ALLOCATED_MEMORY); + #if !defined(__ia64__) && !defined(__arm__) && !defined(__aarch64__) + grub_acpi_halt (); + #endif +diff --git a/include/grub/loader.h b/include/grub/loader.h +index 7f82a499f..b20864282 100644 +--- a/include/grub/loader.h ++++ b/include/grub/loader.h +@@ -33,6 +33,7 @@ enum + { + GRUB_LOADER_FLAG_NORETURN = 1, + GRUB_LOADER_FLAG_PXE_NOT_UNLOAD = 2, ++ GRUB_LOADER_FLAG_EFI_KEEP_ALLOCATED_MEMORY = 4, + }; + + void EXPORT_FUNC (grub_loader_set) (grub_err_t (*boot) (void), diff --git a/SOURCES/0307-efi-dhcp-fix-some-allocation-error-checking.patch b/SOURCES/0307-efi-dhcp-fix-some-allocation-error-checking.patch new file mode 100644 index 0000000..b705d12 --- /dev/null +++ b/SOURCES/0307-efi-dhcp-fix-some-allocation-error-checking.patch @@ -0,0 +1,37 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Sun, 19 Jul 2020 17:11:06 -0400 +Subject: [PATCH] efi+dhcp: fix some allocation error checking. + +Signed-off-by: Peter Jones +--- + grub-core/net/efi/dhcp.c | 9 ++++++--- + 1 file changed, 6 insertions(+), 3 deletions(-) + +diff --git a/grub-core/net/efi/dhcp.c b/grub-core/net/efi/dhcp.c +index dbef63d8c..e5c79b748 100644 +--- a/grub-core/net/efi/dhcp.c ++++ b/grub-core/net/efi/dhcp.c +@@ -80,7 +80,7 @@ grub_efi_dhcp4_parse_dns (grub_efi_dhcp4_protocol_t *dhcp4, grub_efi_dhcp4_packe + if (status != GRUB_EFI_BUFFER_TOO_SMALL) + return NULL; + +- option_list = grub_malloc (option_count * sizeof(*option_list)); ++ option_list = grub_calloc (option_count, sizeof(*option_list)); + if (!option_list) + return NULL; + +@@ -360,8 +360,11 @@ grub_cmd_efi_bootp6 (struct grub_command *cmd __attribute__ ((unused)), + + if (status == GRUB_EFI_BUFFER_TOO_SMALL && count) + { +- options = grub_malloc (count * sizeof(*options)); +- status = efi_call_4 (dev->dhcp6->parse, dev->dhcp6, mode.ia->reply_packet, &count, options); ++ options = grub_calloc (count, sizeof(*options)); ++ if (options) ++ status = efi_call_4 (dev->dhcp6->parse, dev->dhcp6, mode.ia->reply_packet, &count, options); ++ else ++ status = GRUB_EFI_OUT_OF_RESOURCES; + } + + if (status != GRUB_EFI_SUCCESS) diff --git a/SOURCES/0308-efi-http-fix-some-allocation-error-checking.patch b/SOURCES/0308-efi-http-fix-some-allocation-error-checking.patch new file mode 100644 index 0000000..6aa40dd --- /dev/null +++ b/SOURCES/0308-efi-http-fix-some-allocation-error-checking.patch @@ -0,0 +1,39 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Sun, 19 Jul 2020 17:14:15 -0400 +Subject: [PATCH] efi+http: fix some allocation error checking. + +Signed-off-by: Peter Jones +--- + grub-core/net/efi/http.c | 11 +++++++---- + 1 file changed, 7 insertions(+), 4 deletions(-) + +diff --git a/grub-core/net/efi/http.c b/grub-core/net/efi/http.c +index fc8cb25ae..26647a50f 100644 +--- a/grub-core/net/efi/http.c ++++ b/grub-core/net/efi/http.c +@@ -412,8 +412,8 @@ grub_efihttp_open (struct grub_efi_net_device *dev, + int type) + { + grub_err_t err; +- grub_off_t size; +- char *buf; ++ grub_off_t size = 0; ++ char *buf = NULL; + char *file_name = NULL; + const char *http_path; + +@@ -441,8 +441,11 @@ grub_efihttp_open (struct grub_efi_net_device *dev, + return err; + } + +- buf = grub_malloc (size); +- efihttp_read (dev, buf, size); ++ if (size) ++ { ++ buf = grub_malloc (size); ++ efihttp_read (dev, buf, size); ++ } + + file->size = size; + file->data = buf; diff --git a/SOURCES/0309-efi-ip-46-_config.c-fix-some-potential-allocation-ov.patch b/SOURCES/0309-efi-ip-46-_config.c-fix-some-potential-allocation-ov.patch new file mode 100644 index 0000000..6886f98 --- /dev/null +++ b/SOURCES/0309-efi-ip-46-_config.c-fix-some-potential-allocation-ov.patch @@ -0,0 +1,127 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Sun, 19 Jul 2020 17:27:00 -0400 +Subject: [PATCH] efi/ip[46]_config.c: fix some potential allocation overflows + +In theory all of this data comes from the firmware stack and it should +be safe, but it's better to be paranoid. + +Signed-off-by: Peter Jones +--- + grub-core/net/efi/ip4_config.c | 25 ++++++++++++++++++------- + grub-core/net/efi/ip6_config.c | 13 ++++++++++--- + 2 files changed, 28 insertions(+), 10 deletions(-) + +diff --git a/grub-core/net/efi/ip4_config.c b/grub-core/net/efi/ip4_config.c +index 6117e60ab..5ea5ed039 100644 +--- a/grub-core/net/efi/ip4_config.c ++++ b/grub-core/net/efi/ip4_config.c +@@ -4,15 +4,20 @@ + #include + #include + #include ++#include + + char * + grub_efi_hw_address_to_string (grub_efi_uint32_t hw_address_size, grub_efi_mac_address_t hw_address) + { + char *hw_addr, *p; +- int sz, s; +- int i; ++ grub_size_t sz, s, i; + +- sz = (int)hw_address_size * (sizeof ("XX:") - 1) + 1; ++ if (grub_mul (hw_address_size, sizeof ("XX:") - 1, &sz) || ++ grub_add (sz, 1, &sz)) ++ { ++ grub_errno = GRUB_ERR_OUT_OF_RANGE; ++ return NULL; ++ } + + hw_addr = grub_malloc (sz); + if (!hw_addr) +@@ -20,7 +25,7 @@ grub_efi_hw_address_to_string (grub_efi_uint32_t hw_address_size, grub_efi_mac_a + + p = hw_addr; + s = sz; +- for (i = 0; i < (int)hw_address_size; i++) ++ for (i = 0; i < hw_address_size; i++) + { + grub_snprintf (p, sz, "%02x:", hw_address[i]); + p += sizeof ("XX:") - 1; +@@ -238,14 +243,20 @@ grub_efi_ip4_interface_route_table (struct grub_efi_net_device *dev) + { + grub_efi_ip4_config2_interface_info_t *interface_info; + char **ret; +- int i, id; ++ int id; ++ grub_size_t i, nmemb; + + interface_info = efi_ip4_config_interface_info (dev->ip4_config); + if (!interface_info) + return NULL; + +- ret = grub_malloc (sizeof (*ret) * (interface_info->route_table_size + 1)); ++ if (grub_add (interface_info->route_table_size, 1, &nmemb)) ++ { ++ grub_errno = GRUB_ERR_OUT_OF_RANGE; ++ return NULL; ++ } + ++ ret = grub_calloc (nmemb, sizeof (*ret)); + if (!ret) + { + grub_free (interface_info); +@@ -253,7 +264,7 @@ grub_efi_ip4_interface_route_table (struct grub_efi_net_device *dev) + } + + id = 0; +- for (i = 0; i < (int)interface_info->route_table_size; i++) ++ for (i = 0; i < interface_info->route_table_size; i++) + { + char *subnet, *gateway, *mask; + grub_uint32_t u32_subnet, u32_gateway; +diff --git a/grub-core/net/efi/ip6_config.c b/grub-core/net/efi/ip6_config.c +index e0e00c23d..1c5415d71 100644 +--- a/grub-core/net/efi/ip6_config.c ++++ b/grub-core/net/efi/ip6_config.c +@@ -3,6 +3,7 @@ + #include + #include + #include ++#include + + char * + grub_efi_ip6_address_to_string (grub_efi_pxe_ipv6_address_t *address) +@@ -228,14 +229,20 @@ grub_efi_ip6_interface_route_table (struct grub_efi_net_device *dev) + { + grub_efi_ip6_config_interface_info_t *interface_info; + char **ret; +- int i, id; ++ int id; ++ grub_size_t i, nmemb; + + interface_info = efi_ip6_config_interface_info (dev->ip6_config); + if (!interface_info) + return NULL; + +- ret = grub_malloc (sizeof (*ret) * (interface_info->route_count + 1)); ++ if (grub_add (interface_info->route_count, 1, &nmemb)) ++ { ++ grub_errno = GRUB_ERR_OUT_OF_RANGE; ++ return NULL; ++ } + ++ ret = grub_calloc (nmemb, sizeof (*ret)); + if (!ret) + { + grub_free (interface_info); +@@ -243,7 +250,7 @@ grub_efi_ip6_interface_route_table (struct grub_efi_net_device *dev) + } + + id = 0; +- for (i = 0; i < (int)interface_info->route_count ; i++) ++ for (i = 0; i < interface_info->route_count ; i++) + { + char *gateway, *destination; + grub_uint64_t u64_gateway[2]; diff --git a/SOURCES/0310-Fix-up-some-types-for-gcc-4.8-compat-safemath.h.patch b/SOURCES/0310-Fix-up-some-types-for-gcc-4.8-compat-safemath.h.patch new file mode 100644 index 0000000..b671318 --- /dev/null +++ b/SOURCES/0310-Fix-up-some-types-for-gcc-4.8-compat-safemath.h.patch @@ -0,0 +1,216 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Thu, 23 Jul 2020 15:02:48 -0400 +Subject: [PATCH] Fix up some types for gcc 4.8 compat safemath.h + +The compat macros aren't as forgiving as __builtin_*_overflow(). + +Signed-off-by: Peter Jones +--- + grub-core/disk/lvm.c | 22 ++++++++++++---------- + grub-core/font/font.c | 4 ++-- + grub-core/fs/btrfs.c | 20 +++++++++++++++----- + grub-core/fs/ext2.c | 3 ++- + grub-core/fs/hfsplus.c | 2 +- + grub-core/fs/iso9660.c | 8 ++++---- + grub-core/normal/charset.c | 5 +++-- + 7 files changed, 39 insertions(+), 25 deletions(-) + +diff --git a/grub-core/disk/lvm.c b/grub-core/disk/lvm.c +index ca09d4699..4fbb3eac0 100644 +--- a/grub-core/disk/lvm.c ++++ b/grub-core/disk/lvm.c +@@ -103,7 +103,7 @@ grub_lvm_detect (grub_disk_t disk, + { + grub_err_t err; + grub_uint64_t mda_offset, mda_size; +- grub_size_t ptr; ++ grub_uint64_t ptr; + char buf[GRUB_LVM_LABEL_SIZE]; + char vg_id[GRUB_LVM_ID_STRLEN+1]; + char pv_id[GRUB_LVM_ID_STRLEN+1]; +@@ -209,9 +209,9 @@ grub_lvm_detect (grub_disk_t disk, + grub_le_to_cpu64 (mdah->size)); + } + +- if (grub_add ((grub_size_t)metadatabuf, +- (grub_size_t)grub_le_to_cpu64 (rlocn->offset), +- &ptr)) ++ grub_uint64_t mdb = (grub_uint64_t)metadatabuf; ++ grub_uint64_t addend = (grub_uint64_t)grub_le_to_cpu64 (rlocn->offset); ++ if (grub_add (mdb, addend, &ptr)) + { + error_parsing_metadata: + #ifdef GRUB_UTIL +@@ -222,7 +222,7 @@ error_parsing_metadata: + + p = q = (char *)ptr; + +- if (grub_add ((grub_size_t)metadatabuf, (grub_size_t)mda_size, &ptr)) ++ if (grub_add (mdb, mda_size, &ptr)) + goto error_parsing_metadata; + + mda_end = (char *)ptr; +@@ -391,13 +391,15 @@ error_parsing_metadata: + * + sizeof ("lvm/") - 1; + */ + grub_size_t sz0 = vgname_len, sz1 = s; ++ grub_size_t one = 1, two = 2; ++ grub_size_t lvm_str_sz = sizeof ("lvm/") - 1; + +- if (grub_mul (sz0, 2, &sz0) || +- grub_add (sz0, 1, &sz0) || +- grub_mul (sz1, 2, &sz1) || +- grub_add (sz1, 1, &sz1) || ++ if (grub_mul (sz0, two, &sz0) || ++ grub_add (sz0, one, &sz0) || ++ grub_mul (sz1, two, &sz1) || ++ grub_add (sz1, one, &sz1) || + grub_add (sz0, sz1, &sz0) || +- grub_add (sz0, sizeof ("lvm/") - 1, &sz0)) ++ grub_add (sz0, lvm_str_sz, &sz0)) + goto lvs_fail; + + lv->fullname = grub_malloc (sz0); +diff --git a/grub-core/font/font.c b/grub-core/font/font.c +index a7b955a1a..b36a099b8 100644 +--- a/grub-core/font/font.c ++++ b/grub-core/font/font.c +@@ -361,10 +361,10 @@ static char * + read_section_as_string (struct font_file_section *section) + { + char *str; +- grub_size_t sz; ++ grub_size_t sz = section->length, one = 1; + grub_ssize_t ret; + +- if (grub_add (section->length, 1, &sz)) ++ if (grub_add (sz, one, &sz)) + return NULL; + + str = grub_malloc (sz); +diff --git a/grub-core/fs/btrfs.c b/grub-core/fs/btrfs.c +index 1d801f6c9..3faf9056c 100644 +--- a/grub-core/fs/btrfs.c ++++ b/grub-core/fs/btrfs.c +@@ -323,10 +323,15 @@ save_ref (struct grub_btrfs_leaf_descriptor *desc, + { + void *newdata; + grub_size_t sz; ++ grub_size_t alloced, datasz, two = 2; + +- if (grub_mul (desc->allocated, 2, &desc->allocated) || +- grub_mul (desc->allocated, sizeof (desc->data[0]), &sz)) ++ alloced = desc->allocated; ++ datasz = sizeof (desc->data[0]); ++ ++ if (grub_mul (alloced, two, &alloced) || ++ grub_mul (alloced, datasz, &sz)) + return GRUB_ERR_OUT_OF_RANGE; ++ desc->allocated = alloced; + + newdata = grub_realloc (desc->data, sz); + if (!newdata) +@@ -624,12 +629,17 @@ find_device (struct grub_btrfs_data *data, grub_uint64_t id, int do_rescan) + { + void *tmp; + grub_size_t sz; ++ grub_size_t alloced = data->n_devices_allocated; ++ grub_size_t attached_sz = sizeof(data->devices_attached[0]); ++ grub_size_t attached = data->n_devices_attached; ++ const grub_size_t one = 1, two = 2; + +- if (grub_mul (data->n_devices_attached, 2, &data->n_devices_allocated) || +- grub_add (data->n_devices_allocated, 1, &data->n_devices_allocated) || +- grub_mul (data->n_devices_allocated, sizeof (data->devices_attached[0]), &sz)) ++ if (grub_mul (attached, two, &alloced) || ++ grub_add (alloced, one, &alloced) || ++ grub_mul (alloced, attached_sz, &sz)) + goto fail; + ++ data->n_devices_allocated = alloced; + data->devices_attached = grub_realloc (tmp = data->devices_attached, sz); + if (!data->devices_attached) + { +diff --git a/grub-core/fs/ext2.c b/grub-core/fs/ext2.c +index b4bd019f4..3d59cf131 100644 +--- a/grub-core/fs/ext2.c ++++ b/grub-core/fs/ext2.c +@@ -719,7 +719,8 @@ grub_ext2_read_symlink (grub_fshelp_node_t node) + } + } + +- if (grub_add (grub_le_to_cpu32 (diro->inode.size), 1, &sz)) ++ sz = grub_le_to_cpu32 (diro->inode.size); ++ if (grub_add (sz, (grub_size_t)1, &sz)) + { + grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); + return NULL; +diff --git a/grub-core/fs/hfsplus.c b/grub-core/fs/hfsplus.c +index 8b17ebba2..e06bcbb9b 100644 +--- a/grub-core/fs/hfsplus.c ++++ b/grub-core/fs/hfsplus.c +@@ -478,7 +478,7 @@ grub_hfsplus_read_symlink (grub_fshelp_node_t node) + grub_ssize_t numread; + grub_size_t sz = node->size; + +- if (grub_add (sz, 1, &sz)) ++ if (grub_add (sz, (grub_size_t)1, &sz)) + return NULL; + + symlink = grub_malloc (sz); +diff --git a/grub-core/fs/iso9660.c b/grub-core/fs/iso9660.c +index 6fc9302bc..a4403e29d 100644 +--- a/grub-core/fs/iso9660.c ++++ b/grub-core/fs/iso9660.c +@@ -536,7 +536,7 @@ add_part (struct iterate_dir_ctx *ctx, + char *new; + + if (grub_add (size, len2, &sz) || +- grub_add (sz, 1, &sz)) ++ grub_add (sz, (grub_size_t)1, &sz)) + return; + + new = grub_realloc (ctx->symlink, sz); +@@ -580,14 +580,14 @@ susp_iterate_dir (struct grub_iso9660_susp_entry *entry, + { + off = grub_strlen (ctx->filename); + if (grub_add (csize, off, &sz) || +- grub_add (sz, 1, &sz)) ++ grub_add (sz, (grub_size_t)1, &sz)) + return GRUB_ERR_OUT_OF_RANGE; + ctx->filename = grub_realloc (ctx->filename, sz); + } + else + { + off = 0; +- if (grub_add (csize, 1, &sz)) ++ if (grub_add (csize, (grub_size_t)1, &sz)) + return GRUB_ERR_OUT_OF_RANGE; + ctx->filename = grub_zalloc (sz); + } +@@ -807,7 +807,7 @@ grub_iso9660_iterate_dir (grub_fshelp_node_t dir, + struct grub_fshelp_node *new_node; + grub_size_t sz; + +- if (grub_mul (node->alloc_dirents, 2, &node->alloc_dirents) || ++ if (grub_mul (node->alloc_dirents, (grub_size_t)2, &node->alloc_dirents) || + grub_sub (node->alloc_dirents, ARRAY_SIZE (node->dirents), &sz) || + grub_mul (sz, sizeof (node->dirents[0]), &sz) || + grub_add (sz, sizeof (struct grub_fshelp_node), &sz)) +diff --git a/grub-core/normal/charset.c b/grub-core/normal/charset.c +index 4dfcc3107..f902b13b4 100644 +--- a/grub-core/normal/charset.c ++++ b/grub-core/normal/charset.c +@@ -479,8 +479,9 @@ grub_unicode_aglomerate_comb (const grub_uint32_t *in, grub_size_t inlen, + n = out->combining_inline; + else if (out->ncomb > (int) ARRAY_SIZE (out->combining_inline)) + { +- if (grub_add (out->ncomb, 1, &sz) || +- grub_mul (sz, sizeof (n[0]), &sz)) ++ grub_size_t ncomb = out->ncomb, one = 1, nsz = sizeof (n[0]); ++ if (grub_add (ncomb, one, &sz) || ++ grub_mul (sz, nsz, &sz)) + goto fail; + + n = grub_realloc (out->combining_ptr, sz); diff --git a/SOURCES/0311-efilinux-Fix-integer-overflows-in-grub_cmd_initrd.patch b/SOURCES/0311-efilinux-Fix-integer-overflows-in-grub_cmd_initrd.patch new file mode 100644 index 0000000..3d73542 --- /dev/null +++ b/SOURCES/0311-efilinux-Fix-integer-overflows-in-grub_cmd_initrd.patch @@ -0,0 +1,48 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Colin Watson +Date: Fri, 24 Jul 2020 17:18:09 +0100 +Subject: [PATCH] efilinux: Fix integer overflows in grub_cmd_initrd + +These could be triggered by an extremely large number of arguments to +the initrd command on 32-bit architectures, or a crafted filesystem with +very large files on any architecture. + +Signed-off-by: Colin Watson +--- + grub-core/loader/i386/efi/linux.c | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c +index ea9f5134e..ade7ab8f5 100644 +--- a/grub-core/loader/i386/efi/linux.c ++++ b/grub-core/loader/i386/efi/linux.c +@@ -28,6 +28,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -94,7 +95,7 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), + goto fail; + } + +- files = grub_zalloc (argc * sizeof (files[0])); ++ files = grub_calloc (argc, sizeof (files[0])); + if (!files) + goto fail; + +@@ -105,7 +106,11 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), + if (! files[i]) + goto fail; + nfiles++; +- size += ALIGN_UP (grub_file_size (files[i]), 4); ++ if (grub_add (size, ALIGN_UP (grub_file_size (files[i]), 4), &size)) ++ { ++ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); ++ goto fail; ++ } + } + + initrd_mem = grub_efi_allocate_pages_max (0x3fffffff, BYTES_TO_PAGES(size)); diff --git a/SOURCES/0312-linux-loader-avoid-overflow-on-initrd-size-calculati.patch b/SOURCES/0312-linux-loader-avoid-overflow-on-initrd-size-calculati.patch new file mode 100644 index 0000000..c21fd30 --- /dev/null +++ b/SOURCES/0312-linux-loader-avoid-overflow-on-initrd-size-calculati.patch @@ -0,0 +1,25 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Fri, 24 Jul 2020 13:57:27 -0400 +Subject: [PATCH] linux loader: avoid overflow on initrd size calculation + +Signed-off-by: Peter Jones +--- + grub-core/loader/linux.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/grub-core/loader/linux.c b/grub-core/loader/linux.c +index c2c7cfcd0..61a2e144d 100644 +--- a/grub-core/loader/linux.c ++++ b/grub-core/loader/linux.c +@@ -152,8 +152,8 @@ grub_initrd_init (int argc, char *argv[], + initrd_ctx->nfiles = 0; + initrd_ctx->components = 0; + +- initrd_ctx->components = grub_zalloc (argc +- * sizeof (initrd_ctx->components[0])); ++ initrd_ctx->components = grub_calloc (argc, ++ sizeof (initrd_ctx->components[0])); + if (!initrd_ctx->components) + return grub_errno; + diff --git a/SOURCES/0313-linuxefi-fail-kernel-validation-without-shim-protoco.patch b/SOURCES/0313-linuxefi-fail-kernel-validation-without-shim-protoco.patch new file mode 100644 index 0000000..101a75f --- /dev/null +++ b/SOURCES/0313-linuxefi-fail-kernel-validation-without-shim-protoco.patch @@ -0,0 +1,97 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Dimitri John Ledkov +Date: Wed, 22 Jul 2020 11:31:43 +0100 +Subject: [PATCH] linuxefi: fail kernel validation without shim protocol. + +If certificates that signed grub are installed into db, grub can be +booted directly. It will then boot any kernel without signature +validation. The booted kernel will think it was booted in secureboot +mode and will implement lockdown, yet it could have been tampered. + +This version of the patch skips calling verification, when booted +without secureboot. And is indented with gnu ident. + +CVE-2020-15705 + +Reported-by: Mathieu Trudel-Lapierre +Signed-off-by: Dimitri John Ledkov +--- + grub-core/loader/arm64/linux.c | 12 ++++++++---- + grub-core/loader/efi/chainloader.c | 1 + + grub-core/loader/efi/linux.c | 1 + + grub-core/loader/i386/efi/linux.c | 13 ++++++++----- + 4 files changed, 18 insertions(+), 9 deletions(-) + +diff --git a/grub-core/loader/arm64/linux.c b/grub-core/loader/arm64/linux.c +index e1110749e..7a076c131 100644 +--- a/grub-core/loader/arm64/linux.c ++++ b/grub-core/loader/arm64/linux.c +@@ -381,11 +381,15 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + + grub_dprintf ("linux", "kernel @ %p\n", kernel_addr); + +- rc = grub_linuxefi_secure_validate (kernel_addr, kernel_size); +- if (rc < 0) ++ if (grub_efi_secure_boot ()) + { +- grub_error (GRUB_ERR_INVALID_COMMAND, N_("%s has invalid signature"), argv[0]); +- goto fail; ++ rc = grub_linuxefi_secure_validate (kernel_addr, kernel_size); ++ if (rc <= 0) ++ { ++ grub_error (GRUB_ERR_INVALID_COMMAND, ++ N_("%s has invalid signature"), argv[0]); ++ goto fail; ++ } + } + + pe = (void *)((unsigned long)kernel_addr + lh.hdr_offset); +diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c +index 8b99cf23e..a93edc975 100644 +--- a/grub-core/loader/efi/chainloader.c ++++ b/grub-core/loader/efi/chainloader.c +@@ -1079,6 +1079,7 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), + + return 0; + } ++ // -1 fall-through to fail + + fail: + if (dev) +diff --git a/grub-core/loader/efi/linux.c b/grub-core/loader/efi/linux.c +index e09f82486..927d89a90 100644 +--- a/grub-core/loader/efi/linux.c ++++ b/grub-core/loader/efi/linux.c +@@ -33,6 +33,7 @@ struct grub_efi_shim_lock + }; + typedef struct grub_efi_shim_lock grub_efi_shim_lock_t; + ++// Returns 1 on success, -1 on error, 0 when not available + int + grub_linuxefi_secure_validate (void *data, grub_uint32_t size) + { +diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c +index ade7ab8f5..361e503cb 100644 +--- a/grub-core/loader/i386/efi/linux.c ++++ b/grub-core/loader/i386/efi/linux.c +@@ -206,12 +206,15 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + grub_tpm_measure (kernel, filelen, GRUB_BINARY_PCR, "grub_linuxefi", "Kernel"); + grub_print_error(); + +- rc = grub_linuxefi_secure_validate (kernel, filelen); +- if (rc < 0) ++ if (grub_efi_secure_boot ()) + { +- grub_error (GRUB_ERR_INVALID_COMMAND, N_("%s has invalid signature"), +- argv[0]); +- goto fail; ++ rc = grub_linuxefi_secure_validate (kernel, filelen); ++ if (rc <= 0) ++ { ++ grub_error (GRUB_ERR_INVALID_COMMAND, ++ N_("%s has invalid signature"), argv[0]); ++ goto fail; ++ } + } + + params = grub_efi_allocate_pages_max (0x3fffffff, diff --git a/SOURCES/0314-linux-Fix-integer-overflows-in-initrd-size-handling.patch b/SOURCES/0314-linux-Fix-integer-overflows-in-initrd-size-handling.patch new file mode 100644 index 0000000..0ba6a8d --- /dev/null +++ b/SOURCES/0314-linux-Fix-integer-overflows-in-initrd-size-handling.patch @@ -0,0 +1,165 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Colin Watson +Date: Sat, 25 Jul 2020 12:15:37 +0100 +Subject: [PATCH] linux: Fix integer overflows in initrd size handling + +These could be triggered by a crafted filesystem with very large files. + +Fixes: CVE-2020-15707 + +Signed-off-by: Colin Watson +Reviewed-by: Jan Setje-Eilers +--- + grub-core/loader/linux.c | 74 +++++++++++++++++++++++++++++++++++------------- + 1 file changed, 54 insertions(+), 20 deletions(-) + +diff --git a/grub-core/loader/linux.c b/grub-core/loader/linux.c +index 61a2e144d..0953f6d32 100644 +--- a/grub-core/loader/linux.c ++++ b/grub-core/loader/linux.c +@@ -5,6 +5,7 @@ + #include + #include + #include ++#include + + struct newc_head + { +@@ -99,13 +100,13 @@ free_dir (struct dir *root) + grub_free (root); + } + +-static grub_size_t ++static grub_err_t + insert_dir (const char *name, struct dir **root, +- grub_uint8_t *ptr) ++ grub_uint8_t *ptr, grub_size_t *size) + { + struct dir *cur, **head = root; + const char *cb, *ce = name; +- grub_size_t size = 0; ++ *size = 0; + while (1) + { + for (cb = ce; *cb == '/'; cb++); +@@ -131,14 +132,22 @@ insert_dir (const char *name, struct dir **root, + ptr = make_header (ptr, name, ce - name, + 040777, 0); + } +- size += ALIGN_UP ((ce - (char *) name) +- + sizeof (struct newc_head), 4); ++ if (grub_add (*size, ++ ALIGN_UP ((ce - (char *) name) ++ + sizeof (struct newc_head), 4), ++ size)) ++ { ++ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); ++ grub_free (n->name); ++ grub_free (n); ++ return grub_errno; ++ } + *head = n; + cur = n; + } + root = &cur->next; + } +- return size; ++ return GRUB_ERR_NONE; + } + + grub_err_t +@@ -175,26 +184,33 @@ grub_initrd_init (int argc, char *argv[], + if (eptr) + { + grub_file_filter_disable_compression (); ++ grub_size_t dir_size, name_len; ++ + initrd_ctx->components[i].newc_name = grub_strndup (ptr, eptr - ptr); +- if (!initrd_ctx->components[i].newc_name) ++ if (!initrd_ctx->components[i].newc_name || ++ insert_dir (initrd_ctx->components[i].newc_name, &root, 0, ++ &dir_size)) + { + grub_initrd_close (initrd_ctx); + return grub_errno; + } +- initrd_ctx->size +- += ALIGN_UP (sizeof (struct newc_head) +- + grub_strlen (initrd_ctx->components[i].newc_name), +- 4); +- initrd_ctx->size += insert_dir (initrd_ctx->components[i].newc_name, +- &root, 0); ++ name_len = grub_strlen (initrd_ctx->components[i].newc_name); ++ if (grub_add (initrd_ctx->size, ++ ALIGN_UP (sizeof (struct newc_head) + name_len, 4), ++ &initrd_ctx->size) || ++ grub_add (initrd_ctx->size, dir_size, &initrd_ctx->size)) ++ goto overflow; + newc = 1; + fname = eptr + 1; + } + } + else if (newc) + { +- initrd_ctx->size += ALIGN_UP (sizeof (struct newc_head) +- + sizeof ("TRAILER!!!") - 1, 4); ++ if (grub_add (initrd_ctx->size, ++ ALIGN_UP (sizeof (struct newc_head) ++ + sizeof ("TRAILER!!!") - 1, 4), ++ &initrd_ctx->size)) ++ goto overflow; + free_dir (root); + root = 0; + newc = 0; +@@ -209,19 +225,29 @@ grub_initrd_init (int argc, char *argv[], + initrd_ctx->nfiles++; + initrd_ctx->components[i].size + = grub_file_size (initrd_ctx->components[i].file); +- initrd_ctx->size += initrd_ctx->components[i].size; ++ if (grub_add (initrd_ctx->size, initrd_ctx->components[i].size, ++ &initrd_ctx->size)) ++ goto overflow; + } + + if (newc) + { + initrd_ctx->size = ALIGN_UP (initrd_ctx->size, 4); +- initrd_ctx->size += ALIGN_UP (sizeof (struct newc_head) +- + sizeof ("TRAILER!!!") - 1, 4); ++ if (grub_add (initrd_ctx->size, ++ ALIGN_UP (sizeof (struct newc_head) ++ + sizeof ("TRAILER!!!") - 1, 4), ++ &initrd_ctx->size)) ++ goto overflow; + free_dir (root); + root = 0; + } + + return GRUB_ERR_NONE; ++ ++overflow: ++ free_dir (root); ++ grub_initrd_close (initrd_ctx); ++ return grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); + } + + grub_size_t +@@ -262,8 +288,16 @@ grub_initrd_load (struct grub_linux_initrd_context *initrd_ctx, + + if (initrd_ctx->components[i].newc_name) + { +- ptr += insert_dir (initrd_ctx->components[i].newc_name, +- &root, ptr); ++ grub_size_t dir_size; ++ ++ if (insert_dir (initrd_ctx->components[i].newc_name, &root, ptr, ++ &dir_size)) ++ { ++ free_dir (root); ++ grub_initrd_close (initrd_ctx); ++ return grub_errno; ++ } ++ ptr += dir_size; + ptr = make_header (ptr, initrd_ctx->components[i].newc_name, + grub_strlen (initrd_ctx->components[i].newc_name), + 0100777, diff --git a/SOURCES/0315-blscfg-Always-look-for-BLS-snippets-in-the-root-devi.patch b/SOURCES/0315-blscfg-Always-look-for-BLS-snippets-in-the-root-devi.patch new file mode 100644 index 0000000..838ddd7 --- /dev/null +++ b/SOURCES/0315-blscfg-Always-look-for-BLS-snippets-in-the-root-devi.patch @@ -0,0 +1,47 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Tue, 11 Aug 2020 13:16:39 +0200 +Subject: [PATCH] blscfg: Always look for BLS snippets in the root device + +The blscfg command trying to load the BLS snippets from different devices +is a left over from when these where located in the ESP in the EFI case. + +But now that are always located in the /boot directory, the BLS snippets +have to be loaded from the root device just like the other files that are +in the /boot directory (kernel and initrd images). + +This only worked for legacy BIOS because the boot and root variables were +set to the same value. But doesn't work when trying to use a common GRUB +config file that could be shared between an EFI and legacy BIOS install. + +That kind of configuration is needed for example on hybrid images that are +booted using either EFI or legacy BIOS firmwares. + +Resolves: rhbz#1850193 + +Signed-off-by: Javier Martinez Canillas +--- + grub-core/commands/blscfg.c | 6 ++---- + 1 file changed, 2 insertions(+), 4 deletions(-) + +diff --git a/grub-core/commands/blscfg.c b/grub-core/commands/blscfg.c +index c92e1c845..70ce5c7bf 100644 +--- a/grub-core/commands/blscfg.c ++++ b/grub-core/commands/blscfg.c +@@ -874,14 +874,12 @@ grub_cmd_blscfg (grub_extcmd_context_t ctxt UNUSED, + + #ifdef GRUB_MACHINE_EMU + devid = "host"; +-#elif defined(GRUB_MACHINE_EFI) ++#else + devid = grub_env_get ("root"); +-#else +- devid = grub_env_get ("boot"); + #endif + if (!devid) + return grub_error (GRUB_ERR_FILE_NOT_FOUND, +- N_("variable `%s' isn't set"), "boot"); ++ N_("variable `%s' isn't set"), "root"); + + grub_dprintf ("blscfg", "opening %s\n", devid); + dev = grub_device_open (devid); diff --git a/SOURCES/0316-blscfg-Don-t-hardcode-an-env-var-as-fallback-for-the.patch b/SOURCES/0316-blscfg-Don-t-hardcode-an-env-var-as-fallback-for-the.patch new file mode 100644 index 0000000..b1d68be --- /dev/null +++ b/SOURCES/0316-blscfg-Don-t-hardcode-an-env-var-as-fallback-for-the.patch @@ -0,0 +1,47 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Tue, 11 Aug 2020 13:16:45 +0200 +Subject: [PATCH] blscfg: Don't hardcode an env var as fallback for the BLS + options field + +If the BLS fragments don't have an options field or if this was set to an +environment variable that was not defined in the grubenv file, the blscfg +module searches for a default_kernelopts variable that is defined in the +grub.cfg file. + +But the blscfg module shouldn't hardcode fallbacks variables and instead +this logic should be handled in the GRUB config file itself. + +Also, add a comment explaining where the kernelopts variable is supposed +to be defined and what is the process for the user to change its value. + +Resolves: rhbz#1850193 + +Signed-off-by: Javier Martinez Canillas +--- + util/grub.d/10_linux.in | 12 +++++++++++- + 1 file changed, 11 insertions(+), 1 deletion(-) + +diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in +index 58d185047..48857bb81 100644 +--- a/util/grub.d/10_linux.in ++++ b/util/grub.d/10_linux.in +@@ -158,7 +158,17 @@ linux_entry () + populate_header_warn + + cat << EOF +-set default_kernelopts="root=${linux_root_device_thisversion} ro ${args}" ++# The kernelopts variable should be defined in the grubenv file. But to ensure that menu ++# entries populated from BootLoaderSpec files that use this variable work correctly even ++# without a grubenv file, define a fallback kernelopts variable if this has not been set. ++# ++# The kernelopts variable in the grubenv file can be modified using the grubby tool or by ++# executing the grub2-mkconfig tool. For the latter, the values of the GRUB_CMDLINE_LINUX ++# and GRUB_CMDLINE_LINUX_DEFAULT options from /etc/default/grub file are used to set both ++# the kernelopts variable in the grubenv file and the fallback kernelopts variable. ++if [ -z "\${kernelopts}" ]; then ++ set kernelopts="root=${linux_root_device_thisversion} ro ${args}" ++fi + + insmod blscfg + blscfg diff --git a/SOURCES/0317-tftp-roll-over-block-counter-to-prevent-timeouts-wit.patch b/SOURCES/0317-tftp-roll-over-block-counter-to-prevent-timeouts-wit.patch new file mode 100644 index 0000000..a4637cf --- /dev/null +++ b/SOURCES/0317-tftp-roll-over-block-counter-to-prevent-timeouts-wit.patch @@ -0,0 +1,51 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Mon, 24 Aug 2020 14:46:27 +0200 +Subject: [PATCH] tftp: roll over block counter to prevent timeouts with data + packets + +The block number is a 16-bit counter which only allows to fetch +files no bigger than 65535 * blksize. To avoid this limit, the +counter is rolled over. This behavior isn't defined in RFC 1350 +but is handled by many TFTP servers and it's what GRUB was doing +before implicitly due an overflow. + +Fixing that bug led to TFTP timeouts, since GRUB wasn't acking +data packets anymore for files with size bigger than the maximum +mentioned above. Restore the old behavior to prevent this issue. + +Resolves: rhbz#1871034 + +Suggested-by: Peter Jones +Signed-off-by: Javier Martinez Canillas +--- + grub-core/net/tftp.c | 16 ++++++++++++++-- + 1 file changed, 14 insertions(+), 2 deletions(-) + +diff --git a/grub-core/net/tftp.c b/grub-core/net/tftp.c +index 79c16f9b0..b9a4b607a 100644 +--- a/grub-core/net/tftp.c ++++ b/grub-core/net/tftp.c +@@ -183,8 +183,20 @@ tftp_receive (grub_net_udp_socket_t sock __attribute__ ((unused)), + return GRUB_ERR_NONE; + } + +- /* Ack old/retransmitted block. */ +- if (grub_be_to_cpu16 (tftph->u.data.block) < data->block + 1) ++ /* ++ * Ack old/retransmitted block. ++ * ++ * The block number is a 16-bit counter which only allows to fetch ++ * files no bigger than 65535 * blksize. To avoid this limit, the ++ * counter is rolled over. This behavior isn't defined in RFC 1350 ++ * but is handled by many TFTP servers and it's what GRUB was doing ++ * before implicitly due an overflow. ++ * ++ * Fixing that bug led to TFTP timeouts, since GRUB wasn't acking ++ * data packets anymore for files with size bigger than the maximum ++ * mentioned above. Restore the old behavior to prevent this issue. ++ */ ++ if (grub_be_to_cpu16 (tftph->u.data.block) < ((data->block + 1) & 0xffffu)) + ack (data, grub_be_to_cpu16 (tftph->u.data.block)); + /* Ignore unexpected block. */ + else if (grub_be_to_cpu16 (tftph->u.data.block) > data->block + 1) diff --git a/SOURCES/0318-at_keyboard-use-set-1-when-keyboard-is-in-Translate-.patch b/SOURCES/0318-at_keyboard-use-set-1-when-keyboard-is-in-Translate-.patch new file mode 100644 index 0000000..a8f4c58 --- /dev/null +++ b/SOURCES/0318-at_keyboard-use-set-1-when-keyboard-is-in-Translate-.patch @@ -0,0 +1,121 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Renaud=20M=C3=A9trich?= +Date: Thu, 3 Dec 2020 09:13:24 +0100 +Subject: [PATCH] at_keyboard: use set 1 when keyboard is in Translate mode +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +When keyboard controller acts in Translate mode (0x40 mask), then use +set 1 since translation is done. +Otherwise use the mode queried from the controller (usually set 2). + +Added "atkeyb" debugging messages in at_keyboard module as well. + +Resolves: rhbz#1897587 + +Tested on: +- Asus N53SN (set 1 used) +- Dell Precision (set 1 used) +- HP Elitebook (set 2 used) +- HP G5430 (set 1 used, keyboard in XT mode!) +- Lenovo P71 & Lenovo T460s (set 2 used) +- QEMU/KVM (set 1 used) + +Signed-off-by: Renaud Métrich +--- + grub-core/term/at_keyboard.c | 29 ++++++++++++++++++++++++----- + include/grub/at_keyboard.h | 4 ++++ + 2 files changed, 28 insertions(+), 5 deletions(-) + +diff --git a/grub-core/term/at_keyboard.c b/grub-core/term/at_keyboard.c +index f0a986eb1..69d99b61d 100644 +--- a/grub-core/term/at_keyboard.c ++++ b/grub-core/term/at_keyboard.c +@@ -135,20 +135,28 @@ query_mode (void) + int e; + + e = write_mode (0); +- if (!e) ++ if (!e) { ++ grub_dprintf("atkeyb", "query_mode: write_mode(0) failed\n"); + return 0; ++ } + + do { + keyboard_controller_wait_until_ready (); + ret = grub_inb (KEYBOARD_REG_DATA); + } while (ret == GRUB_AT_ACK); + /* QEMU translates the set even in no-translate mode. */ +- if (ret == 0x43 || ret == 1) ++ if (ret == 0x43 || ret == 1) { ++ grub_dprintf("atkeyb", "query_mode: returning 1 (ret=0x%x)\n", ret); + return 1; +- if (ret == 0x41 || ret == 2) ++ } ++ if (ret == 0x41 || ret == 2) { ++ grub_dprintf("atkeyb", "query_mode: returning 2 (ret=0x%x)\n", ret); + return 2; +- if (ret == 0x3f || ret == 3) ++ } ++ if (ret == 0x3f || ret == 3) { ++ grub_dprintf("atkeyb", "query_mode: returning 3 (ret=0x%x)\n", ret); + return 3; ++ } + return 0; + } + +@@ -165,7 +173,13 @@ set_scancodes (void) + } + + #if !USE_SCANCODE_SET +- ps2_state.current_set = 1; ++ if ((grub_keyboard_controller_orig & KEYBOARD_AT_TRANSLATE) == KEYBOARD_AT_TRANSLATE) { ++ grub_dprintf ("atkeyb", "queried set is %d but keyboard in Translate mode, so actually in set 1\n", grub_keyboard_orig_set); ++ ps2_state.current_set = 1; ++ } else { ++ grub_dprintf ("atkeyb", "using queried set %d\n", grub_keyboard_orig_set); ++ ps2_state.current_set = grub_keyboard_orig_set; ++ } + return; + #else + +@@ -266,6 +280,7 @@ grub_keyboard_controller_init (void) + grub_keyboard_orig_set = 2; + #else + grub_keyboard_controller_orig = grub_keyboard_controller_read (); ++ grub_dprintf ("atkeyb", "grub_keyboard_controller_orig = 0x%x\n", grub_keyboard_controller_orig); + grub_keyboard_orig_set = query_mode (); + #endif + set_scancodes (); +@@ -275,11 +290,15 @@ grub_keyboard_controller_init (void) + static grub_err_t + grub_keyboard_controller_fini (struct grub_term_input *term __attribute__ ((unused))) + { ++/* In !USE_SCANCODE_SET mode, we didn't change anything, so nothing to restore */ ++#if USE_SCANCODE_SET + if (ps2_state.current_set == 0) + return GRUB_ERR_NONE; ++ grub_dprintf ("atkeyb", "restoring set %d, controller 0x%x\n", grub_keyboard_orig_set, grub_keyboard_controller_orig); + if (grub_keyboard_orig_set) + write_mode (grub_keyboard_orig_set); + grub_keyboard_controller_write (grub_keyboard_controller_orig); ++#endif + return GRUB_ERR_NONE; + } + +diff --git a/include/grub/at_keyboard.h b/include/grub/at_keyboard.h +index bcb4d9ba7..9414dc1b9 100644 +--- a/include/grub/at_keyboard.h ++++ b/include/grub/at_keyboard.h +@@ -19,6 +19,10 @@ + #ifndef GRUB_AT_KEYBOARD_HEADER + #define GRUB_AT_KEYBOARD_HEADER 1 + ++/* ++ * Refer to https://wiki.osdev.org/%228042%22_PS/2_Controller for details. ++ */ ++ + /* Used for sending commands to the controller. */ + #define KEYBOARD_COMMAND_ISREADY(x) !((x) & 0x02) + #define KEYBOARD_COMMAND_READ 0x20 diff --git a/SOURCES/0319-grub-install-disable-support-for-EFI-platforms.patch b/SOURCES/0319-grub-install-disable-support-for-EFI-platforms.patch new file mode 100644 index 0000000..7142181 --- /dev/null +++ b/SOURCES/0319-grub-install-disable-support-for-EFI-platforms.patch @@ -0,0 +1,118 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Jan Hlavac +Date: Fri, 20 Nov 2020 23:51:47 +0100 +Subject: [PATCH] grub-install: disable support for EFI platforms + +For each platform, GRUB is shipped as a kernel image and a set of +modules. These files are then used by the grub-install utility to +install GRUB on a specific device. However, in order to support UEFI +Secure Boot, the resulting EFI binary must be signed by a recognized +private key. For this reason, for EFI platforms, most distributions also +ship prebuilt EFI binaries signed by a distribution-specific private +key. In this case, however, the grub-install utility should not be used +because it would overwrite the signed EFI binary. + +The current fix is suboptimal because it preserves all EFI-related code. +A better solution could be to modularize the code and provide a +build-time option. + +Resolves: rhbz#1737444 + +Signed-off-by: Jan Hlavac +--- + util/grub-install.c | 35 ++++++++++++++++------------------- + docs/grub.texi | 7 +++++++ + util/grub-install.8 | 4 +++- + 3 files changed, 26 insertions(+), 20 deletions(-) + +diff --git a/util/grub-install.c b/util/grub-install.c +index 3bf0e063a..65bb2f99e 100644 +--- a/util/grub-install.c ++++ b/util/grub-install.c +@@ -888,6 +888,22 @@ main (int argc, char *argv[]) + + platform = grub_install_get_target (grub_install_source_directory); + ++ switch (platform) ++ { ++ case GRUB_INSTALL_PLATFORM_ARM_EFI: ++ case GRUB_INSTALL_PLATFORM_ARM64_EFI: ++ case GRUB_INSTALL_PLATFORM_I386_EFI: ++ case GRUB_INSTALL_PLATFORM_IA64_EFI: ++ case GRUB_INSTALL_PLATFORM_X86_64_EFI: ++ is_efi = 1; ++ grub_util_error (_("this utility cannot be used for EFI platforms" ++ " because it does not support UEFI Secure Boot")); ++ break; ++ default: ++ is_efi = 0; ++ break; ++ } ++ + { + char *platname = grub_install_get_platform_name (platform); + fprintf (stderr, _("Installing for %s platform.\n"), platname); +@@ -994,26 +1010,7 @@ main (int argc, char *argv[]) + grub_hostfs_init (); + grub_host_init (); + +- switch (platform) +- { +- case GRUB_INSTALL_PLATFORM_I386_EFI: +- case GRUB_INSTALL_PLATFORM_X86_64_EFI: +- case GRUB_INSTALL_PLATFORM_ARM_EFI: +- case GRUB_INSTALL_PLATFORM_ARM64_EFI: +- case GRUB_INSTALL_PLATFORM_IA64_EFI: +- is_efi = 1; +- break; +- default: +- is_efi = 0; +- break; +- +- /* pacify warning. */ +- case GRUB_INSTALL_PLATFORM_MAX: +- break; +- } +- + /* Find the EFI System Partition. */ +- + if (is_efi) + { + grub_fs_t fs; +diff --git a/docs/grub.texi b/docs/grub.texi +index c54bee316..fa11cc0af 100644 +--- a/docs/grub.texi ++++ b/docs/grub.texi +@@ -6185,6 +6185,13 @@ grub2-install @var{install_device} + The device name @var{install_device} is an OS device name or a GRUB + device name. + ++In order to support UEFI Secure Boot, the resulting GRUB EFI binary must ++be signed by a recognized private key. For this reason, for EFI ++platforms, most distributions also ship prebuilt GRUB EFI binaries ++signed by a distribution-specific private key. In this case, however, ++@command{grub2-install} should not be used because it would overwrite ++the signed EFI binary. ++ + @command{grub2-install} accepts the following options: + + @table @option +diff --git a/util/grub-install.8 b/util/grub-install.8 +index 76272a39d..02371930f 100644 +--- a/util/grub-install.8 ++++ b/util/grub-install.8 +@@ -1,4 +1,4 @@ +-.TH GRUB-INSTALL 1 "Wed Feb 26 2014" ++.TH GRUB-INSTALL 1 "Fri Nov 20 2020" + .SH NAME + \fBgrub-install\fR \(em Install GRUB on a device. + +@@ -31,6 +31,8 @@ + .SH DESCRIPTION + \fBgrub-install\fR installs GRUB onto a device. This includes copying GRUB images into the target directory (generally \fI/boot/grub\fR), and on some platforms may also include installing GRUB onto a boot sector. + ++In order to support UEFI Secure Boot, the resulting GRUB EFI binary must be signed by a recognized private key. For this reason, for EFI platforms, most distributions also ship prebuilt GRUB EFI binaries signed by a distribution-specific private key. In this case, however, the \fBgrub-install\fR utility should not be used because it would overwrite the signed EFI binary. ++ + .SH OPTIONS + .TP + \fB--modules\fR=\fIMODULES\fR\! diff --git a/SOURCES/0320-New-with-debug-timestamps-configure-flag-to-prepend-.patch b/SOURCES/0320-New-with-debug-timestamps-configure-flag-to-prepend-.patch new file mode 100644 index 0000000..c39ae03 --- /dev/null +++ b/SOURCES/0320-New-with-debug-timestamps-configure-flag-to-prepend-.patch @@ -0,0 +1,112 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Renaud=20M=C3=A9trich?= +Date: Sat, 23 Nov 2019 14:57:41 +0100 +Subject: [PATCH] New --with-debug-timestamps configure flag to prepend debug + traces with absolute and relative timestamp +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Signed-off-by: Renaud Métrich +--- + configure.ac | 18 ++++++++++++++++++ + grub-core/kern/misc.c | 20 ++++++++++++++++++++ + config.h.in | 1 + + 3 files changed, 39 insertions(+) + +diff --git a/configure.ac b/configure.ac +index 9323c1254..0059b938a 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -1514,6 +1514,17 @@ else + fi + AC_SUBST([BOOT_TIME_STATS]) + ++AC_ARG_WITH([debug-timestamps], ++ AS_HELP_STRING([--with-debug-timestamps], ++ [prepend debug traces with absolute and relative timestamps])) ++ ++if test x$with_debug_timestamps = xyes; then ++ DEBUG_WITH_TIMESTAMPS=1 ++else ++ DEBUG_WITH_TIMESTAMPS=0 ++fi ++AC_SUBST([DEBUG_WITH_TIMESTAMPS]) ++ + AC_ARG_ENABLE([grub-emu-sdl], + [AS_HELP_STRING([--enable-grub-emu-sdl], + [build and install the `grub-emu' debugging utility with SDL support (default=guessed)])]) +@@ -2092,6 +2103,7 @@ AM_CONDITIONAL([COND_APPLE_LINKER], [test x$TARGET_APPLE_LINKER = x1]) + AM_CONDITIONAL([COND_ENABLE_EFIEMU], [test x$enable_efiemu = xyes]) + AM_CONDITIONAL([COND_ENABLE_CACHE_STATS], [test x$DISK_CACHE_STATS = x1]) + AM_CONDITIONAL([COND_ENABLE_BOOT_TIME_STATS], [test x$BOOT_TIME_STATS = x1]) ++AM_CONDITIONAL([COND_DEBUG_WITH_TIMESTAMPS], [test x$DEBUG_WITH_TIMESTAMPS = x1]) + + AM_CONDITIONAL([COND_HAVE_CXX], [test x$HAVE_CXX = xyes]) + +@@ -2187,6 +2199,12 @@ else + echo With boot time statistics: No + fi + ++if [ x"$with_debug_timestamps" = xyes ]; then ++echo Debug traces with timestamps: Yes ++else ++echo Debug traces with timestamps: No ++fi ++ + if [ x"$efiemu_excuse" = x ]; then + echo efiemu runtime: Yes + else +diff --git a/grub-core/kern/misc.c b/grub-core/kern/misc.c +index c034f49f9..11f2974fc 100644 +--- a/grub-core/kern/misc.c ++++ b/grub-core/kern/misc.c +@@ -25,6 +25,9 @@ + #include + #include + #include ++#if DEBUG_WITH_TIMESTAMPS ++#include ++#endif + + union printf_arg + { +@@ -179,9 +182,26 @@ grub_real_dprintf (const char *file, const int line, const char *condition, + const char *fmt, ...) + { + va_list args; ++#if DEBUG_WITH_TIMESTAMPS ++ static long unsigned int last_time = 0; ++ static int last_had_cr = 1; ++#endif + + if (grub_debug_enabled (condition)) + { ++#if DEBUG_WITH_TIMESTAMPS ++ /* Don't print timestamp if last printed message isn't terminated yet */ ++ if (last_had_cr) { ++ long unsigned int tmabs = (long unsigned int) grub_get_time_ms(); ++ long unsigned int tmrel = tmabs - last_time; ++ last_time = tmabs; ++ grub_printf ("%3lu.%03lus +%2lu.%03lus ", tmabs / 1000, tmabs % 1000, tmrel / 1000, tmrel % 1000); ++ } ++ if (fmt[grub_strlen(fmt)-1] == '\n') ++ last_had_cr = 1; ++ else ++ last_had_cr = 0; ++#endif + grub_printf ("%s:%d: ", file, line); + va_start (args, fmt); + grub_vprintf (fmt, args); +diff --git a/config.h.in b/config.h.in +index 9e8f9911b..d15480b41 100644 +--- a/config.h.in ++++ b/config.h.in +@@ -12,6 +12,7 @@ + /* Define to 1 to enable disk cache statistics. */ + #define DISK_CACHE_STATS @DISK_CACHE_STATS@ + #define BOOT_TIME_STATS @BOOT_TIME_STATS@ ++#define DEBUG_WITH_TIMESTAMPS @DEBUG_WITH_TIMESTAMPS@ + + /* We don't need those. */ + #define MINILZO_CFG_SKIP_LZO_PTR 1 diff --git a/SOURCES/0321-Added-debug-statements-to-grub_disk_open-and-grub_di.patch b/SOURCES/0321-Added-debug-statements-to-grub_disk_open-and-grub_di.patch new file mode 100644 index 0000000..9432f04 --- /dev/null +++ b/SOURCES/0321-Added-debug-statements-to-grub_disk_open-and-grub_di.patch @@ -0,0 +1,47 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Renaud=20M=C3=A9trich?= +Date: Sat, 23 Nov 2019 15:22:16 +0100 +Subject: [PATCH] Added debug statements to grub_disk_open() and + grub_disk_close() on success +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Signed-off-by: Renaud Métrich +--- + grub-core/kern/disk.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/grub-core/kern/disk.c b/grub-core/kern/disk.c +index 789f8c052..7f58c5614 100644 +--- a/grub-core/kern/disk.c ++++ b/grub-core/kern/disk.c +@@ -285,6 +285,8 @@ grub_disk_open (const char *name) + return 0; + } + ++ grub_dprintf ("disk", "Opening `%s' succeeded.\n", name); ++ + return disk; + } + +@@ -292,7 +294,7 @@ void + grub_disk_close (grub_disk_t disk) + { + grub_partition_t part; +- grub_dprintf ("disk", "Closing `%s'.\n", disk->name); ++ grub_dprintf ("disk", "Closing `%s'...\n", disk->name); + + if (disk->dev && disk->dev->close) + (disk->dev->close) (disk); +@@ -306,8 +308,10 @@ grub_disk_close (grub_disk_t disk) + grub_free (disk->partition); + disk->partition = part; + } ++ grub_dprintf ("disk", "Closing `%s' succeeded.\n", disk->name); + grub_free ((void *) disk->name); + grub_free (disk); ++ + } + + /* Small read (less than cache size and not pass across cache unit boundaries). diff --git a/SOURCES/0322-Introduce-function-grub_debug_is_enabled-void-return.patch b/SOURCES/0322-Introduce-function-grub_debug_is_enabled-void-return.patch new file mode 100644 index 0000000..4bfd325 --- /dev/null +++ b/SOURCES/0322-Introduce-function-grub_debug_is_enabled-void-return.patch @@ -0,0 +1,51 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Renaud=20M=C3=A9trich?= +Date: Mon, 25 Nov 2019 09:29:53 +0100 +Subject: [PATCH] Introduce function grub_debug_is_enabled(void) returning 1 if + 'debug' is in the environment and not empty +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Signed-off-by: Renaud Métrich +--- + grub-core/kern/misc.c | 13 +++++++++++++ + include/grub/misc.h | 1 + + 2 files changed, 14 insertions(+) + +diff --git a/grub-core/kern/misc.c b/grub-core/kern/misc.c +index 11f2974fc..97378c48b 100644 +--- a/grub-core/kern/misc.c ++++ b/grub-core/kern/misc.c +@@ -162,6 +162,19 @@ int grub_err_printf (const char *fmt, ...) + __attribute__ ((alias("grub_printf"))); + #endif + ++/* Return 1 if 'debug' is set and not empty */ ++int ++grub_debug_is_enabled (void) ++{ ++ const char *debug; ++ ++ debug = grub_env_get ("debug"); ++ if (!debug || debug[0] == '\0') ++ return 0; ++ ++ return 1; ++} ++ + int + grub_debug_enabled (const char * condition) + { +diff --git a/include/grub/misc.h b/include/grub/misc.h +index 1258ec6bb..6ca03c4d6 100644 +--- a/include/grub/misc.h ++++ b/include/grub/misc.h +@@ -367,6 +367,7 @@ grub_puts (const char *s) + } + + int EXPORT_FUNC(grub_puts_) (const char *s); ++int EXPORT_FUNC(grub_debug_is_enabled) (void); + int EXPORT_FUNC(grub_debug_enabled) (const char *condition); + void EXPORT_FUNC(grub_real_dprintf) (const char *file, + const int line, diff --git a/SOURCES/0323-Don-t-clear-screen-when-debugging-is-enabled.patch b/SOURCES/0323-Don-t-clear-screen-when-debugging-is-enabled.patch new file mode 100644 index 0000000..92711ab --- /dev/null +++ b/SOURCES/0323-Don-t-clear-screen-when-debugging-is-enabled.patch @@ -0,0 +1,27 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Renaud=20M=C3=A9trich?= +Date: Sat, 23 Nov 2019 16:23:54 +0100 +Subject: [PATCH] Don't clear screen when debugging is enabled +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Signed-off-by: Renaud Métrich +--- + grub-core/normal/main.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/grub-core/normal/main.c b/grub-core/normal/main.c +index 04ae9ed02..59fd54eb0 100644 +--- a/grub-core/normal/main.c ++++ b/grub-core/normal/main.c +@@ -204,7 +204,8 @@ void + grub_normal_init_page (struct grub_term_output *term, + int y __attribute__((__unused__))) + { +- grub_term_cls (term); ++ if (! grub_debug_is_enabled ()) ++ grub_term_cls (term); + + #if 0 + grub_ssize_t msg_len; diff --git a/SOURCES/0324-grub_file_-instrumentation-new-file-debug-tag.patch b/SOURCES/0324-grub_file_-instrumentation-new-file-debug-tag.patch new file mode 100644 index 0000000..8608891 --- /dev/null +++ b/SOURCES/0324-grub_file_-instrumentation-new-file-debug-tag.patch @@ -0,0 +1,71 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Renaud=20M=C3=A9trich?= +Date: Fri, 29 Nov 2019 11:02:00 +0100 +Subject: [PATCH] grub_file_* instrumentation (new 'file' debug tag) +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Signed-off-by: Renaud Métrich +--- + grub-core/kern/file.c | 14 ++++++++++++++ + 1 file changed, 14 insertions(+) + +diff --git a/grub-core/kern/file.c b/grub-core/kern/file.c +index 668f8930b..c2d9a5500 100644 +--- a/grub-core/kern/file.c ++++ b/grub-core/kern/file.c +@@ -67,6 +67,8 @@ grub_file_open (const char *name) + const char *file_name; + grub_file_filter_id_t filter; + ++ grub_dprintf ("file", "Opening `%s' ...\n", name); ++ + device_name = grub_file_get_device_name (name); + if (grub_errno) + goto fail; +@@ -127,6 +129,8 @@ grub_file_open (const char *name) + grub_memcpy (grub_file_filters_enabled, grub_file_filters_all, + sizeof (grub_file_filters_enabled)); + ++ grub_dprintf ("file", "Opening `%s' succeeded.\n", name); ++ + return file; + + fail: +@@ -140,6 +144,8 @@ grub_file_open (const char *name) + grub_memcpy (grub_file_filters_enabled, grub_file_filters_all, + sizeof (grub_file_filters_enabled)); + ++ grub_dprintf ("file", "Opening `%s' failed.\n", name); ++ + return 0; + } + +@@ -171,6 +177,7 @@ grub_file_read (grub_file_t file, void *buf, grub_size_t len) + + if (len == 0) + return 0; ++ + read_hook = file->read_hook; + read_hook_data = file->read_hook_data; + if (!file->read_hook) +@@ -191,11 +198,18 @@ grub_file_read (grub_file_t file, void *buf, grub_size_t len) + grub_err_t + grub_file_close (grub_file_t file) + { ++ grub_dprintf ("file", "Closing `%s' ...\n", file->name); + if (file->fs->close) + (file->fs->close) (file); + + if (file->device) + grub_device_close (file->device); ++ ++ if (grub_errno == GRUB_ERR_NONE) ++ grub_dprintf ("file", "Closing `%s' succeeded.\n", file->name); ++ else ++ grub_dprintf ("file", "Closing `%s' failed with %d.\n", file->name, grub_errno); ++ + grub_free (file->name); + grub_free (file); + return grub_errno; diff --git a/SOURCES/0325-ieee1275-Avoiding-many-unecessary-open-close.patch b/SOURCES/0325-ieee1275-Avoiding-many-unecessary-open-close.patch new file mode 100644 index 0000000..bcaf386 --- /dev/null +++ b/SOURCES/0325-ieee1275-Avoiding-many-unecessary-open-close.patch @@ -0,0 +1,136 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Diego Domingos +Date: Mon, 14 Dec 2020 17:42:45 +0100 +Subject: [PATCH] ieee1275: Avoiding many unecessary open/close + +Signed-off-by: Diego Domingos +--- + grub-core/disk/ieee1275/ofdisk.c | 64 ++++++++++++++++++++++------------------ + 1 file changed, 35 insertions(+), 29 deletions(-) + +diff --git a/grub-core/disk/ieee1275/ofdisk.c b/grub-core/disk/ieee1275/ofdisk.c +index d887d4b6e..f3a6ecd79 100644 +--- a/grub-core/disk/ieee1275/ofdisk.c ++++ b/grub-core/disk/ieee1275/ofdisk.c +@@ -44,7 +44,7 @@ struct ofdisk_hash_ent + }; + + static grub_err_t +-grub_ofdisk_get_block_size (const char *device, grub_uint32_t *block_size, ++grub_ofdisk_get_block_size (grub_uint32_t *block_size, + struct ofdisk_hash_ent *op); + + #define OFDISK_HASH_SZ 8 +@@ -461,6 +461,7 @@ grub_ofdisk_open (const char *name, grub_disk_t disk) + grub_ssize_t actual; + grub_uint32_t block_size = 0; + grub_err_t err; ++ struct ofdisk_hash_ent *op; + + if (grub_strncmp (name, "ieee1275/", sizeof ("ieee1275/") - 1) != 0) + return grub_error (GRUB_ERR_UNKNOWN_DEVICE, +@@ -471,6 +472,35 @@ grub_ofdisk_open (const char *name, grub_disk_t disk) + + grub_dprintf ("disk", "Opening `%s'.\n", devpath); + ++ op = ofdisk_hash_find (devpath); ++ if (!op) ++ op = ofdisk_hash_add (devpath, NULL); ++ if (!op) ++ { ++ grub_free (devpath); ++ return grub_errno; ++ } ++ ++ /* Check if the call to open is the same to the last disk already opened */ ++ if (last_devpath && !grub_strcmp(op->open_path,last_devpath)) ++ { ++ goto finish; ++ } ++ ++ /* If not, we need to close the previous disk and open the new one */ ++ else { ++ if (last_ihandle){ ++ grub_ieee1275_close (last_ihandle); ++ } ++ last_ihandle = 0; ++ last_devpath = NULL; ++ ++ grub_ieee1275_open (op->open_path, &last_ihandle); ++ if (! last_ihandle) ++ return grub_error (GRUB_ERR_UNKNOWN_DEVICE, "can't open device"); ++ last_devpath = op->open_path; ++ } ++ + if (grub_ieee1275_finddevice (devpath, &dev)) + { + grub_free (devpath); +@@ -491,25 +521,18 @@ grub_ofdisk_open (const char *name, grub_disk_t disk) + return grub_error (GRUB_ERR_UNKNOWN_DEVICE, "not a block device"); + } + ++ ++ finish: + /* XXX: There is no property to read the number of blocks. There + should be a property `#blocks', but it is not there. Perhaps it + is possible to use seek for this. */ + disk->total_sectors = GRUB_DISK_SIZE_UNKNOWN; + + { +- struct ofdisk_hash_ent *op; +- op = ofdisk_hash_find (devpath); +- if (!op) +- op = ofdisk_hash_add (devpath, NULL); +- if (!op) +- { +- grub_free (devpath); +- return grub_errno; +- } + disk->id = (unsigned long) op; + disk->data = op->open_path; + +- err = grub_ofdisk_get_block_size (devpath, &block_size, op); ++ err = grub_ofdisk_get_block_size (&block_size, op); + if (err) + { + grub_free (devpath); +@@ -532,13 +555,6 @@ grub_ofdisk_open (const char *name, grub_disk_t disk) + static void + grub_ofdisk_close (grub_disk_t disk) + { +- if (disk->data == last_devpath) +- { +- if (last_ihandle) +- grub_ieee1275_close (last_ihandle); +- last_ihandle = 0; +- last_devpath = NULL; +- } + disk->data = 0; + } + +@@ -685,7 +701,7 @@ grub_ofdisk_init (void) + } + + static grub_err_t +-grub_ofdisk_get_block_size (const char *device, grub_uint32_t *block_size, ++grub_ofdisk_get_block_size (grub_uint32_t *block_size, + struct ofdisk_hash_ent *op) + { + struct size_args_ieee1275 +@@ -698,16 +714,6 @@ grub_ofdisk_get_block_size (const char *device, grub_uint32_t *block_size, + grub_ieee1275_cell_t size2; + } args_ieee1275; + +- if (last_ihandle) +- grub_ieee1275_close (last_ihandle); +- +- last_ihandle = 0; +- last_devpath = NULL; +- +- grub_ieee1275_open (device, &last_ihandle); +- if (! last_ihandle) +- return grub_error (GRUB_ERR_UNKNOWN_DEVICE, "can't open device"); +- + *block_size = 0; + + if (op->block_size_fails >= 2) diff --git a/SOURCES/0326-ieee1275-powerpc-implements-fibre-channel-discovery-.patch b/SOURCES/0326-ieee1275-powerpc-implements-fibre-channel-discovery-.patch new file mode 100644 index 0000000..94f4eb7 --- /dev/null +++ b/SOURCES/0326-ieee1275-powerpc-implements-fibre-channel-discovery-.patch @@ -0,0 +1,90 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Diego Domingos +Date: Mon, 14 Dec 2020 17:45:28 +0100 +Subject: [PATCH] ieee1275/powerpc: implements fibre channel discovery for + ofpathname + +grub-ofpathname doesn't work with fibre channel because there is no +function currently implemented for it. +This patch enables it by prividing a function that looks for the port +name, building the entire path for OF devices. + +Signed-off-by: Diego Domingos +--- + grub-core/osdep/linux/ofpath.c | 49 ++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 49 insertions(+) + +diff --git a/grub-core/osdep/linux/ofpath.c b/grub-core/osdep/linux/ofpath.c +index a6153d359..0f5d54e9f 100644 +--- a/grub-core/osdep/linux/ofpath.c ++++ b/grub-core/osdep/linux/ofpath.c +@@ -350,6 +350,38 @@ of_path_of_ide(const char *sys_devname __attribute__((unused)), const char *devi + return ret; + } + ++ ++static void ++of_fc_port_name(const char *path, const char *subpath, char *port_name) ++{ ++ char *bname, *basepath, *p; ++ int fd; ++ ++ bname = xmalloc(sizeof(char)*150); ++ basepath = xmalloc(strlen(path)); ++ ++ /* Generate the path to get port name information from the drive */ ++ strncpy(basepath,path,subpath-path); ++ basepath[subpath-path-1] = '\0'; ++ p = get_basename(basepath); ++ snprintf(bname,sizeof(char)*150,"%s/fc_transport/%s/port_name",basepath,p); ++ ++ /* Read the information from the port name */ ++ fd = open (bname, O_RDONLY); ++ if (fd < 0) ++ grub_util_error (_("cannot open `%s': %s"), bname, strerror (errno)); ++ ++ if (read(fd,port_name,sizeof(char)*19) < 0) ++ grub_util_error (_("cannot read `%s': %s"), bname, strerror (errno)); ++ ++ sscanf(port_name,"0x%s",port_name); ++ ++ close(fd); ++ ++ free(bname); ++ free(basepath); ++} ++ + #ifdef __sparc__ + static char * + of_path_of_nvme(const char *sys_devname __attribute__((unused)), +@@ -577,6 +609,16 @@ of_path_of_scsi(const char *sys_devname __attribute__((unused)), const char *dev + digit_string = trailing_digits (device); + if (strncmp (of_path, "/vdevice/", sizeof ("/vdevice/") - 1) == 0) + { ++ if(strstr(of_path,"vfc-client")) ++ { ++ char * port_name = xmalloc(sizeof(char)*17); ++ of_fc_port_name(sysfs_path, p, port_name); ++ ++ snprintf(disk,sizeof(disk),"/%s@%s", disk_name, port_name); ++ free(port_name); ++ } ++ else ++ { + unsigned long id = 0x8000 | (tgt << 8) | (bus << 5) | lun; + if (*digit_string == '\0') + { +@@ -590,6 +632,13 @@ of_path_of_scsi(const char *sys_devname __attribute__((unused)), const char *dev + snprintf(disk, sizeof (disk), + "/%s@%04lx000000000000:%c", disk_name, id, 'a' + (part - 1)); + } ++ } ++ } else if (strstr(of_path,"fibre-channel")||(strstr(of_path,"vfc-client"))){ ++ char * port_name = xmalloc(sizeof(char)*17); ++ of_fc_port_name(sysfs_path, p, port_name); ++ ++ snprintf(disk,sizeof(disk),"/%s@%s", disk_name, port_name); ++ free(port_name); + } + else + { diff --git a/SOURCES/0327-ieee1275-powerpc-enables-device-mapper-discovery.patch b/SOURCES/0327-ieee1275-powerpc-enables-device-mapper-discovery.patch new file mode 100644 index 0000000..8bb1934 --- /dev/null +++ b/SOURCES/0327-ieee1275-powerpc-enables-device-mapper-discovery.patch @@ -0,0 +1,106 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Diego Domingos +Date: Mon, 14 Dec 2020 17:47:16 +0100 +Subject: [PATCH] ieee1275/powerpc: enables device mapper discovery + +this patch enables the device mapper discovery on ofpath.c. Currently, +when we are dealing with a device like /dev/dm-* the ofpath returns null +since there is no function implemented to handle this case. + +This patch implements a function that will look into /sys/block/dm-* +devices and search recursively inside slaves directory to find the root +disk. + +Signed-off-by: Diego Domingos +--- + grub-core/osdep/linux/ofpath.c | 64 +++++++++++++++++++++++++++++++++++++++++- + 1 file changed, 63 insertions(+), 1 deletion(-) + +diff --git a/grub-core/osdep/linux/ofpath.c b/grub-core/osdep/linux/ofpath.c +index 0f5d54e9f..cc849d9c9 100644 +--- a/grub-core/osdep/linux/ofpath.c ++++ b/grub-core/osdep/linux/ofpath.c +@@ -37,6 +37,7 @@ + #include + #include + #include ++#include + + #ifdef __sparc__ + typedef enum +@@ -755,13 +756,74 @@ strip_trailing_digits (const char *p) + return new; + } + ++static char * ++get_slave_from_dm(const char * device){ ++ char *curr_device, *tmp; ++ char *directory; ++ char *ret = NULL; ++ ++ directory = grub_strdup (device); ++ tmp = get_basename(directory); ++ curr_device = grub_strdup (tmp); ++ *tmp = '\0'; ++ ++ /* Recursively check for slaves devices so we can find the root device */ ++ while ((curr_device[0] == 'd') && (curr_device[1] == 'm') && (curr_device[2] == '-')){ ++ DIR *dp; ++ struct dirent *ep; ++ char* device_path; ++ ++ device_path = grub_xasprintf ("/sys/block/%s/slaves", curr_device); ++ dp = opendir(device_path); ++ free(device_path); ++ ++ if (dp != NULL) ++ { ++ ep = readdir (dp); ++ while (ep != NULL){ ++ ++ /* avoid some system directories */ ++ if (!strcmp(ep->d_name,".")) ++ goto next_dir; ++ if (!strcmp(ep->d_name,"..")) ++ goto next_dir; ++ ++ free (curr_device); ++ free (ret); ++ curr_device = grub_strdup (ep->d_name); ++ ret = grub_xasprintf ("%s%s", directory, curr_device); ++ break; ++ ++ next_dir: ++ ep = readdir (dp); ++ continue; ++ } ++ closedir (dp); ++ } ++ else ++ grub_util_warn (_("cannot open directory `%s'"), device_path); ++ } ++ ++ free (directory); ++ free (curr_device); ++ ++ return ret; ++} ++ + char * + grub_util_devname_to_ofpath (const char *sys_devname) + { +- char *name_buf, *device, *devnode, *devicenode, *ofpath; ++ char *name_buf, *device, *devnode, *devicenode, *ofpath, *realname; + + name_buf = xrealpath (sys_devname); + ++ realname = get_slave_from_dm (name_buf); ++ if (realname) ++ { ++ free (name_buf); ++ name_buf = realname; ++ } ++ + device = get_basename (name_buf); + devnode = strip_trailing_digits (name_buf); + devicenode = strip_trailing_digits (device); diff --git a/SOURCES/0328-Add-at_keyboard_fallback_set-var-to-force-the-set-ma.patch b/SOURCES/0328-Add-at_keyboard_fallback_set-var-to-force-the-set-ma.patch new file mode 100644 index 0000000..02ea7d5 --- /dev/null +++ b/SOURCES/0328-Add-at_keyboard_fallback_set-var-to-force-the-set-ma.patch @@ -0,0 +1,239 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Renaud=20M=C3=A9trich?= +Date: Fri, 18 Dec 2020 15:39:26 +0100 +Subject: [PATCH] Add 'at_keyboard_fallback_set' var to force the set manually + +This seems required with HP DL380p Gen 8 systems. +Indeed, with this system, we can see the following sequence: + +1. controller is queried to get current configuration (returns 0x30 which is quite standard) +2. controller is queried to get the current keyboard set in used, using code 0xf0 (first part) +3. controller answers with 0xfa which means "ACK" (== ok) +4. then we send "0" to tell "we want to know which set your are supporting" +5. controller answers with 0xfa ("ACK") +6. controller should then give us 1, 2, 3 or 0x43, 0x41, 0x3f, but here it gives us 0xfe which means "NACK" + +Since there seems no way to determine the current set, and in fact the +controller expects set2 to be used, we need to rely on an environment +variable. +Everything has been tested on this system: using 0xFE (resend command), +making sure we wait for ACK in the 2 steps "write_mode", etc. + +Below is litterature I used to come up with "there is no other +solution": +- https://wiki.osdev.org/%228042%22_PS/2_Controller +- http://www-ug.eecg.toronto.edu/msl/nios_devices/datasheets/PS2%20Keyboard%20Protocol.htm +- http://www.s100computers.com/My%20System%20Pages/MSDOS%20Board/PC%20Keyboard.pdf +--- + grub-core/term/at_keyboard.c | 121 ++++++++++++++++++++++++++++++++++--------- + 1 file changed, 96 insertions(+), 25 deletions(-) + +diff --git a/grub-core/term/at_keyboard.c b/grub-core/term/at_keyboard.c +index 69d99b61d..c805cccbd 100644 +--- a/grub-core/term/at_keyboard.c ++++ b/grub-core/term/at_keyboard.c +@@ -31,6 +31,7 @@ GRUB_MOD_LICENSE ("GPLv3+"); + static grub_uint8_t grub_keyboard_controller_orig; + static grub_uint8_t grub_keyboard_orig_set; + struct grub_ps2_state ps2_state; ++static int fallback_set; + + static int ping_sent; + +@@ -76,6 +77,8 @@ at_command (grub_uint8_t data) + break; + return 0; + } ++ if (i == GRUB_AT_TRIES) ++ grub_dprintf ("atkeyb", "at_command() timed out! (stopped after %d tries)\n", i); + return (i != GRUB_AT_TRIES); + } + +@@ -105,6 +108,21 @@ grub_keyboard_controller_read (void) + + #endif + ++static int ++resend_last_result (void) ++{ ++ grub_uint8_t ret; ++ keyboard_controller_wait_until_ready (); ++ grub_dprintf ("atkeyb", "resend_last_result: sending 0xfe\n"); ++ grub_outb (0xfe, KEYBOARD_REG_DATA); ++ ret = wait_ack (); ++ grub_dprintf ("atkeyb", "resend_last_result: wait_ack() returned 0x%x\n", ret); ++ keyboard_controller_wait_until_ready (); ++ ret = grub_inb (KEYBOARD_REG_DATA); ++ grub_dprintf ("atkeyb", "resend_last_result: read 0x%x from controller\n", ret); ++ return ret; ++} ++ + static int + write_mode (int mode) + { +@@ -113,11 +131,14 @@ write_mode (int mode) + { + grub_uint8_t ack; + keyboard_controller_wait_until_ready (); ++ grub_dprintf ("atkeyb", "write_mode: sending 0xf0\n"); + grub_outb (0xf0, KEYBOARD_REG_DATA); + keyboard_controller_wait_until_ready (); ++ grub_dprintf ("atkeyb", "write_mode: sending mode %d\n", mode); + grub_outb (mode, KEYBOARD_REG_DATA); + keyboard_controller_wait_until_ready (); + ack = wait_ack (); ++ grub_dprintf ("atkeyb", "write_mode: wait_ack() returned 0x%x\n", ack); + if (ack == GRUB_AT_NACK) + continue; + if (ack == GRUB_AT_ACK) +@@ -125,6 +146,9 @@ write_mode (int mode) + return 0; + } + ++ if (i == GRUB_AT_TRIES) ++ grub_dprintf ("atkeyb", "write_mode() timed out! (stopped after %d tries)\n", i); ++ + return (i != GRUB_AT_TRIES); + } + +@@ -132,31 +156,66 @@ static int + query_mode (void) + { + grub_uint8_t ret; ++ grub_uint64_t endtime; ++ unsigned i; + int e; ++ char *envvar; + +- e = write_mode (0); +- if (!e) { +- grub_dprintf("atkeyb", "query_mode: write_mode(0) failed\n"); +- return 0; +- } ++ for (i = 0; i < GRUB_AT_TRIES; i++) { ++ grub_dprintf ("atkeyb", "query_mode: sending command to controller\n"); ++ e = write_mode (0); ++ if (!e) { ++ grub_dprintf ("atkeyb", "query_mode: write_mode(0) failed\n"); ++ return 0; ++ } + +- do { +- keyboard_controller_wait_until_ready (); +- ret = grub_inb (KEYBOARD_REG_DATA); +- } while (ret == GRUB_AT_ACK); +- /* QEMU translates the set even in no-translate mode. */ +- if (ret == 0x43 || ret == 1) { +- grub_dprintf("atkeyb", "query_mode: returning 1 (ret=0x%x)\n", ret); +- return 1; +- } +- if (ret == 0x41 || ret == 2) { +- grub_dprintf("atkeyb", "query_mode: returning 2 (ret=0x%x)\n", ret); +- return 2; ++ endtime = grub_get_time_ms () + 20; ++ do { ++ keyboard_controller_wait_until_ready (); ++ ret = grub_inb (KEYBOARD_REG_DATA); ++ grub_dprintf ("atkeyb", "query_mode/loop: read 0x%x from controller\n", ret); ++ } while ((ret == GRUB_AT_ACK || ret == GRUB_AT_NACK) && grub_get_time_ms () < endtime); ++ if (ret == 0xfe) { ++ grub_dprintf ("atkeyb", "query_mode: asking controller to resend last result\n"); ++ ret = resend_last_result(); ++ grub_dprintf ("atkeyb", "query_mode: read 0x%x from controller\n", ret); ++ } ++ /* QEMU translates the set even in no-translate mode. */ ++ if (ret == 0x43 || ret == 1) { ++ grub_dprintf ("atkeyb", "query_mode: controller returned 0x%x, returning 1\n", ret); ++ return 1; ++ } ++ if (ret == 0x41 || ret == 2) { ++ grub_dprintf ("atkeyb", "query_mode: controller returned 0x%x, returning 2\n", ret); ++ return 2; ++ } ++ if (ret == 0x3f || ret == 3) { ++ grub_dprintf ("atkeyb", "query_mode: controller returned 0x%x, returning 3\n", ret); ++ return 3; ++ } ++ grub_dprintf ("atkeyb", "query_mode: controller returned unexpected value 0x%x, retrying\n", ret); + } +- if (ret == 0x3f || ret == 3) { +- grub_dprintf("atkeyb", "query_mode: returning 3 (ret=0x%x)\n", ret); +- return 3; ++ ++ /* ++ * Falling here means we tried querying and the controller returned something ++ * we don't understand, try to use 'at_keyboard_fallback_set' if it exists, ++ * otherwise return 0. ++ */ ++ envvar = grub_env_get ("at_keyboard_fallback_set"); ++ if (envvar) { ++ fallback_set = grub_strtoul (envvar, 0, 10); ++ if ((grub_errno) || (fallback_set < 1) || (fallback_set > 3)) { ++ grub_dprintf ("atkeyb", "WARNING: ignoring unexpected value '%s' for '%s' variable\n", ++ envvar, "at_keyboard_fallback_set"); ++ fallback_set = 0; ++ } else { ++ grub_dprintf ("atkeyb", "query_mode: '%s' specified in environment, returning %d\n", ++ "at_keyboard_fallback_set", fallback_set); ++ } ++ return fallback_set; + } ++ grub_dprintf ("atkeyb", "WARNING: no '%s' specified in environment, returning 0\n", ++ "at_keyboard_fallback_set"); + return 0; + } + +@@ -165,14 +224,25 @@ set_scancodes (void) + { + /* You must have visited computer museum. Keyboard without scancode set + knowledge. Assume XT. */ +- if (!grub_keyboard_orig_set) +- { +- grub_dprintf ("atkeyb", "No sets support assumed\n"); +- ps2_state.current_set = 1; ++ if (!grub_keyboard_orig_set) { ++ if (fallback_set) { ++ grub_dprintf ("atkeyb", "No sets support assumed but set forced to %d\n", fallback_set); ++ ps2_state.current_set = fallback_set; + return; + } ++ grub_dprintf ("atkeyb", "No sets support assumed, forcing to set 1\n"); ++ ps2_state.current_set = 1; ++ return; ++ } + + #if !USE_SCANCODE_SET ++ if (fallback_set) { ++ grub_dprintf ("atkeyb", "queried set is %d but set forced to %d\n", ++ grub_keyboard_orig_set, fallback_set); ++ ps2_state.current_set = fallback_set; ++ return; ++ } ++ + if ((grub_keyboard_controller_orig & KEYBOARD_AT_TRANSLATE) == KEYBOARD_AT_TRANSLATE) { + grub_dprintf ("atkeyb", "queried set is %d but keyboard in Translate mode, so actually in set 1\n", grub_keyboard_orig_set); + ps2_state.current_set = 1; +@@ -261,6 +331,7 @@ grub_at_keyboard_getkey (struct grub_term_input *term __attribute__ ((unused))) + static void + grub_keyboard_controller_init (void) + { ++ grub_dprintf ("atkeyb", "initializing the controller\n"); + ps2_state.at_keyboard_status = 0; + /* Drain input buffer. */ + while (1) +@@ -282,6 +353,7 @@ grub_keyboard_controller_init (void) + grub_keyboard_controller_orig = grub_keyboard_controller_read (); + grub_dprintf ("atkeyb", "grub_keyboard_controller_orig = 0x%x\n", grub_keyboard_controller_orig); + grub_keyboard_orig_set = query_mode (); ++ grub_dprintf ("atkeyb", "grub_keyboard_orig_set = %d\n", grub_keyboard_orig_set); + #endif + set_scancodes (); + keyboard_controller_led (ps2_state.led_status); +@@ -329,7 +401,6 @@ grub_at_restore_hw (void) + return GRUB_ERR_NONE; + } + +- + static struct grub_term_input grub_at_keyboard_term = + { + .name = "at_keyboard", diff --git a/SOURCES/0329-bufio-Use-grub_size_t-instead-of-plain-int-for-size.patch b/SOURCES/0329-bufio-Use-grub_size_t-instead-of-plain-int-for-size.patch new file mode 100644 index 0000000..197b087 --- /dev/null +++ b/SOURCES/0329-bufio-Use-grub_size_t-instead-of-plain-int-for-size.patch @@ -0,0 +1,60 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Kiper +Date: Mon, 29 Oct 2018 13:25:25 +0100 +Subject: [PATCH] bufio: Use grub_size_t instead of plain int for size + +Signed-off-by: Vladimir Serbinenko +Signed-off-by: Daniel Kiper +Reviewed-by: Ross Philipson +(cherry picked from commit f3f8347569383e7f483f37ca70d41eb1af9f990f) +Signed-off-by: Daniel Axtens +--- + grub-core/io/bufio.c | 6 +++--- + include/grub/bufio.h | 4 ++-- + 2 files changed, 5 insertions(+), 5 deletions(-) + +diff --git a/grub-core/io/bufio.c b/grub-core/io/bufio.c +index 6118bade5..2781afe05 100644 +--- a/grub-core/io/bufio.c ++++ b/grub-core/io/bufio.c +@@ -43,7 +43,7 @@ typedef struct grub_bufio *grub_bufio_t; + static struct grub_fs grub_bufio_fs; + + grub_file_t +-grub_bufio_open (grub_file_t io, int size) ++grub_bufio_open (grub_file_t io, grub_size_t size) + { + grub_file_t file; + grub_bufio_t bufio = 0; +@@ -57,7 +57,7 @@ grub_bufio_open (grub_file_t io, int size) + else if (size > GRUB_BUFIO_MAX_SIZE) + size = GRUB_BUFIO_MAX_SIZE; + +- if ((size < 0) || ((unsigned) size > io->size)) ++ if (size > io->size) + size = ((io->size > GRUB_BUFIO_MAX_SIZE) ? GRUB_BUFIO_MAX_SIZE : + io->size); + +@@ -88,7 +88,7 @@ grub_bufio_open (grub_file_t io, int size) + } + + grub_file_t +-grub_buffile_open (const char *name, int size) ++grub_buffile_open (const char *name, grub_size_t size) + { + grub_file_t io, file; + +diff --git a/include/grub/bufio.h b/include/grub/bufio.h +index acdd0c882..77eb8ee56 100644 +--- a/include/grub/bufio.h ++++ b/include/grub/bufio.h +@@ -22,7 +22,7 @@ + + #include + +-grub_file_t EXPORT_FUNC (grub_bufio_open) (grub_file_t io, int size); +-grub_file_t EXPORT_FUNC (grub_buffile_open) (const char *name, int size); ++grub_file_t EXPORT_FUNC (grub_bufio_open) (grub_file_t io, grub_size_t size); ++grub_file_t EXPORT_FUNC (grub_buffile_open) (const char *name, grub_size_t size); + + #endif /* ! GRUB_BUFIO_H */ diff --git a/SOURCES/0330-verifiers-File-type-for-fine-grained-signature-verif.patch b/SOURCES/0330-verifiers-File-type-for-fine-grained-signature-verif.patch new file mode 100644 index 0000000..3683ed3 --- /dev/null +++ b/SOURCES/0330-verifiers-File-type-for-fine-grained-signature-verif.patch @@ -0,0 +1,1738 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Vladimir Serbinenko +Date: Wed, 20 Nov 2013 02:28:29 +0100 +Subject: [PATCH] verifiers: File type for fine-grained signature-verification + controlling + +Let's provide file type info to the I/O layer. This way verifiers +framework and its users will be able to differentiate files and verify +only required ones. + +This is preparatory patch. + +Signed-off-by: Vladimir Serbinenko +Signed-off-by: Daniel Kiper +Reviewed-by: Ross Philipson +(backported from commit ca0a4f689a02c2c5a5e385f874aaaa38e151564e) +Signed-off-by: Daniel Axtens +--- + grub-core/commands/acpi.c | 2 +- + grub-core/commands/blocklist.c | 4 +- + grub-core/commands/cat.c | 2 +- + grub-core/commands/cmp.c | 4 +- + grub-core/commands/efi/loadbios.c | 4 +- + grub-core/commands/file.c | 5 +- + grub-core/commands/hashsum.c | 22 ++-- + grub-core/commands/hexdump.c | 2 +- + grub-core/commands/i386/pc/play.c | 2 +- + grub-core/commands/keylayouts.c | 2 +- + grub-core/commands/legacycfg.c | 2 +- + grub-core/commands/loadenv.c | 24 +++-- + grub-core/commands/ls.c | 8 +- + grub-core/commands/minicmd.c | 2 +- + grub-core/commands/nativedisk.c | 3 +- + grub-core/commands/parttool.c | 2 +- + grub-core/commands/search.c | 4 +- + grub-core/commands/test.c | 4 +- + grub-core/commands/testload.c | 2 +- + grub-core/commands/testspeed.c | 2 +- + grub-core/commands/verify.c | 51 ++++----- + grub-core/disk/loopback.c | 3 +- + grub-core/efiemu/main.c | 2 +- + grub-core/font/font.c | 4 +- + grub-core/fs/zfs/zfscrypt.c | 2 +- + grub-core/gettext/gettext.c | 2 +- + grub-core/gfxmenu/theme_loader.c | 2 +- + grub-core/io/bufio.c | 4 +- + grub-core/io/gzio.c | 5 +- + grub-core/io/lzopio.c | 6 +- + grub-core/io/offset.c | 7 +- + grub-core/io/xzio.c | 6 +- + grub-core/kern/dl.c | 2 +- + grub-core/kern/elf.c | 4 +- + grub-core/kern/file.c | 22 ++-- + grub-core/lib/syslinux_parse.c | 2 +- + grub-core/loader/efi/chainloader.c | 2 +- + grub-core/loader/i386/bsd.c | 16 +-- + grub-core/loader/i386/coreboot/chainloader.c | 2 +- + grub-core/loader/i386/linux.c | 2 +- + grub-core/loader/i386/pc/chainloader.c | 4 +- + grub-core/loader/i386/pc/freedos.c | 2 +- + grub-core/loader/i386/pc/linux.c | 2 +- + grub-core/loader/i386/pc/ntldr.c | 2 +- + grub-core/loader/i386/pc/plan9.c | 2 +- + grub-core/loader/i386/pc/pxechainloader.c | 2 +- + grub-core/loader/i386/pc/truecrypt.c | 2 +- + grub-core/loader/i386/xen.c | 7 +- + grub-core/loader/i386/xen_file.c | 2 +- + grub-core/loader/i386/xnu.c | 2 +- + grub-core/loader/linux.c | 6 +- + grub-core/loader/macho.c | 4 +- + grub-core/loader/mips/linux.c | 2 +- + grub-core/loader/multiboot.c | 8 +- + grub-core/loader/xnu.c | 16 +-- + grub-core/loader/xnu_resume.c | 4 +- + grub-core/normal/autofs.c | 11 +- + grub-core/normal/crypto.c | 2 +- + grub-core/normal/dyncmd.c | 2 +- + grub-core/normal/main.c | 2 +- + grub-core/normal/term.c | 2 +- + grub-core/video/readers/jpeg.c | 2 +- + grub-core/video/readers/png.c | 2 +- + grub-core/video/readers/tga.c | 2 +- + util/grub-fstest.c | 6 +- + util/grub-mount.c | 6 +- + include/grub/bufio.h | 4 +- + include/grub/elfload.h | 2 +- + include/grub/file.h | 152 +++++++++++++++++++-------- + include/grub/machoload.h | 3 +- + 70 files changed, 292 insertions(+), 221 deletions(-) + +diff --git a/grub-core/commands/acpi.c b/grub-core/commands/acpi.c +index 9f02f2201..5a1499aa0 100644 +--- a/grub-core/commands/acpi.c ++++ b/grub-core/commands/acpi.c +@@ -635,7 +635,7 @@ grub_cmd_acpi (struct grub_extcmd_context *ctxt, int argc, char **args) + grub_size_t size; + char *buf; + +- file = grub_file_open (args[i]); ++ file = grub_file_open (args[i], GRUB_FILE_TYPE_ACPI_TABLE); + if (! file) + { + free_tables (); +diff --git a/grub-core/commands/blocklist.c b/grub-core/commands/blocklist.c +index d1a47b504..944449b77 100644 +--- a/grub-core/commands/blocklist.c ++++ b/grub-core/commands/blocklist.c +@@ -121,8 +121,8 @@ grub_cmd_blocklist (grub_command_t cmd __attribute__ ((unused)), + if (argc < 1) + return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected")); + +- grub_file_filter_disable_compression (); +- file = grub_file_open (args[0]); ++ file = grub_file_open (args[0], GRUB_FILE_TYPE_PRINT_BLOCKLIST ++ | GRUB_FILE_TYPE_NO_DECOMPRESS); + if (! file) + return grub_errno; + +diff --git a/grub-core/commands/cat.c b/grub-core/commands/cat.c +index 88d904436..ba5f0061a 100644 +--- a/grub-core/commands/cat.c ++++ b/grub-core/commands/cat.c +@@ -56,7 +56,7 @@ grub_cmd_cat (grub_extcmd_context_t ctxt, int argc, char **args) + if (argc != 1) + return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected")); + +- file = grub_file_open (args[0]); ++ file = grub_file_open (args[0], GRUB_FILE_TYPE_CAT); + if (! file) + return grub_errno; + +diff --git a/grub-core/commands/cmp.c b/grub-core/commands/cmp.c +index cc23ee67e..e9c3b25d3 100644 +--- a/grub-core/commands/cmp.c ++++ b/grub-core/commands/cmp.c +@@ -45,8 +45,8 @@ grub_cmd_cmp (grub_command_t cmd __attribute__ ((unused)), + grub_printf_ (N_("Compare file `%s' with `%s':\n"), args[0], + args[1]); + +- file1 = grub_file_open (args[0]); +- file2 = grub_file_open (args[1]); ++ file1 = grub_file_open (args[0], GRUB_FILE_TYPE_CMP); ++ file2 = grub_file_open (args[1], GRUB_FILE_TYPE_CMP); + if (! file1 || ! file2) + goto cleanup; + +diff --git a/grub-core/commands/efi/loadbios.c b/grub-core/commands/efi/loadbios.c +index 132cadbc7..d41d521a4 100644 +--- a/grub-core/commands/efi/loadbios.c ++++ b/grub-core/commands/efi/loadbios.c +@@ -169,7 +169,7 @@ grub_cmd_loadbios (grub_command_t cmd __attribute__ ((unused)), + + if (argc > 1) + { +- file = grub_file_open (argv[1]); ++ file = grub_file_open (argv[1], GRUB_FILE_TYPE_VBE_DUMP); + if (! file) + return grub_errno; + +@@ -183,7 +183,7 @@ grub_cmd_loadbios (grub_command_t cmd __attribute__ ((unused)), + return grub_errno; + } + +- file = grub_file_open (argv[0]); ++ file = grub_file_open (argv[0], GRUB_FILE_TYPE_VBE_DUMP); + if (! file) + return grub_errno; + +diff --git a/grub-core/commands/file.c b/grub-core/commands/file.c +index 3ff6d5522..4f81aa1f9 100644 +--- a/grub-core/commands/file.c ++++ b/grub-core/commands/file.c +@@ -165,7 +165,7 @@ grub_cmd_file (grub_extcmd_context_t ctxt, int argc, char **args) + if (type == -1) + return grub_error (GRUB_ERR_BAD_ARGUMENT, "no type specified"); + +- file = grub_file_open (args[0]); ++ file = grub_file_open (args[0], GRUB_FILE_TYPE_XNU_KERNEL); + if (!file) + return grub_errno; + switch (type) +@@ -546,7 +546,8 @@ grub_cmd_file (grub_extcmd_context_t ctxt, int argc, char **args) + case IS_XNU64: + case IS_XNU32: + { +- macho = grub_macho_open (args[0], (type == IS_XNU64)); ++ macho = grub_macho_open (args[0], GRUB_FILE_TYPE_XNU_KERNEL, ++ (type == IS_XNU64)); + if (!macho) + break; + /* FIXME: more checks? */ +diff --git a/grub-core/commands/hashsum.c b/grub-core/commands/hashsum.c +index d18687351..456ba908b 100644 +--- a/grub-core/commands/hashsum.c ++++ b/grub-core/commands/hashsum.c +@@ -113,7 +113,7 @@ check_list (const gcry_md_spec_t *hash, const char *hashfilename, + if (hash->mdlen > GRUB_CRYPTO_MAX_MDLEN) + return grub_error (GRUB_ERR_BUG, "mdlen is too long"); + +- hashlist = grub_file_open (hashfilename); ++ hashlist = grub_file_open (hashfilename, GRUB_FILE_TYPE_HASHLIST); + if (!hashlist) + return grub_errno; + +@@ -141,17 +141,15 @@ check_list (const gcry_md_spec_t *hash, const char *hashfilename, + filename = grub_xasprintf ("%s/%s", prefix, p); + if (!filename) + return grub_errno; +- if (!uncompress) +- grub_file_filter_disable_compression (); +- file = grub_file_open (filename); ++ file = grub_file_open (filename, GRUB_FILE_TYPE_TO_HASH ++ | (!uncompress ? GRUB_FILE_TYPE_NO_DECOMPRESS ++ : GRUB_FILE_TYPE_NONE)); + grub_free (filename); + } + else +- { +- if (!uncompress) +- grub_file_filter_disable_compression (); +- file = grub_file_open (p); +- } ++ file = grub_file_open (p, GRUB_FILE_TYPE_TO_HASH ++ | (!uncompress ? GRUB_FILE_TYPE_NO_DECOMPRESS ++ : GRUB_FILE_TYPE_NONE)); + if (!file) + { + grub_file_close (hashlist); +@@ -242,9 +240,9 @@ grub_cmd_hashsum (struct grub_extcmd_context *ctxt, + grub_file_t file; + grub_err_t err; + unsigned j; +- if (!uncompress) +- grub_file_filter_disable_compression (); +- file = grub_file_open (args[i]); ++ file = grub_file_open (args[i], GRUB_FILE_TYPE_TO_HASH ++ | (!uncompress ? GRUB_FILE_TYPE_NO_DECOMPRESS ++ : GRUB_FILE_TYPE_NONE)); + if (!file) + { + if (!keep) +diff --git a/grub-core/commands/hexdump.c b/grub-core/commands/hexdump.c +index 4c884b3a1..eaa12465b 100644 +--- a/grub-core/commands/hexdump.c ++++ b/grub-core/commands/hexdump.c +@@ -90,7 +90,7 @@ grub_cmd_hexdump (grub_extcmd_context_t ctxt, int argc, char **args) + { + grub_file_t file; + +- file = grub_file_open (args[0]); ++ file = grub_file_open (args[0], GRUB_FILE_TYPE_HEXCAT); + if (! file) + return 0; + +diff --git a/grub-core/commands/i386/pc/play.c b/grub-core/commands/i386/pc/play.c +index 7712e2a36..c81813105 100644 +--- a/grub-core/commands/i386/pc/play.c ++++ b/grub-core/commands/i386/pc/play.c +@@ -93,7 +93,7 @@ grub_cmd_play (grub_command_t cmd __attribute__ ((unused)), + grub_uint32_t tempo; + grub_file_t file; + +- file = grub_file_open (args[0]); ++ file = grub_file_open (args[0], GRUB_FILE_TYPE_AUDIO); + + if (! file) + return grub_errno; +diff --git a/grub-core/commands/keylayouts.c b/grub-core/commands/keylayouts.c +index f35d3a369..c05d6128a 100644 +--- a/grub-core/commands/keylayouts.c ++++ b/grub-core/commands/keylayouts.c +@@ -220,7 +220,7 @@ grub_cmd_keymap (struct grub_command *cmd __attribute__ ((unused)), + else + filename = argv[0]; + +- file = grub_file_open (filename); ++ file = grub_file_open (filename, GRUB_FILE_TYPE_KEYBOARD_LAYOUT); + if (! file) + goto fail; + +diff --git a/grub-core/commands/legacycfg.c b/grub-core/commands/legacycfg.c +index 0de070eac..f5696a51a 100644 +--- a/grub-core/commands/legacycfg.c ++++ b/grub-core/commands/legacycfg.c +@@ -56,7 +56,7 @@ legacy_file (const char *filename) + if (!suffix) + return grub_errno; + +- file = grub_file_open (filename); ++ file = grub_file_open (filename, GRUB_FILE_TYPE_CONFIG); + if (! file) + { + grub_free (suffix); +diff --git a/grub-core/commands/loadenv.c b/grub-core/commands/loadenv.c +index 91c994560..163b9a090 100644 +--- a/grub-core/commands/loadenv.c ++++ b/grub-core/commands/loadenv.c +@@ -46,7 +46,8 @@ static const struct grub_arg_option options[] = + PUBKEY filter (that insists upon properly signed files) as well. PUBKEY + filter is restored before the function returns. */ + static grub_file_t +-open_envblk_file (char *filename, int untrusted) ++open_envblk_file (char *filename, ++ enum grub_file_type type) + { + grub_file_t file; + char *buf = 0; +@@ -74,13 +75,7 @@ open_envblk_file (char *filename, int untrusted) + grub_strcpy (filename + len + 1, GRUB_ENVBLK_DEFCFG); + } + +- /* The filters that are disabled will be re-enabled by the call to +- grub_file_open() after this particular file is opened. */ +- grub_file_filter_disable_compression (); +- if (untrusted) +- grub_file_filter_disable_pubkey (); +- +- file = grub_file_open (filename); ++ file = grub_file_open (filename, type); + + grub_free (buf); + return file; +@@ -98,7 +93,10 @@ grub_cmd_load_env (grub_extcmd_context_t ctxt, int argc, char **args) + whitelist.list = args; + + /* state[0] is the -f flag; state[1] is the --skip-sig flag */ +- file = open_envblk_file ((state[0].set) ? state[0].arg : 0, state[1].set); ++ file = open_envblk_file ((state[0].set) ? state[0].arg : 0, ++ GRUB_FILE_TYPE_LOADENV ++ | (state[1].set ++ ? GRUB_FILE_TYPE_SKIP_SIGNATURE : GRUB_FILE_TYPE_NONE)); + if (! file) + return grub_errno; + +@@ -133,7 +131,10 @@ grub_cmd_list_env (grub_extcmd_context_t ctxt, + grub_file_t file; + grub_envblk_t envblk; + +- file = open_envblk_file ((state[0].set) ? state[0].arg : 0, 0); ++ file = open_envblk_file ((state[0].set) ? state[0].arg : 0, ++ GRUB_FILE_TYPE_LOADENV ++ | (state[1].set ++ ? GRUB_FILE_TYPE_SKIP_SIGNATURE : GRUB_FILE_TYPE_NONE)); + if (! file) + return grub_errno; + +@@ -317,7 +318,8 @@ grub_cmd_save_env (grub_extcmd_context_t ctxt, int argc, char **args) + return grub_error (GRUB_ERR_BAD_ARGUMENT, "no variable is specified"); + + file = open_envblk_file ((state[0].set) ? state[0].arg : 0, +- 1 /* allow untrusted */); ++ GRUB_FILE_TYPE_SAVEENV ++ | GRUB_FILE_TYPE_SKIP_SIGNATURE); + if (! file) + return grub_errno; + +diff --git a/grub-core/commands/ls.c b/grub-core/commands/ls.c +index c25161cc4..2cdb2acc5 100644 +--- a/grub-core/commands/ls.c ++++ b/grub-core/commands/ls.c +@@ -129,8 +129,8 @@ print_files_long (const char *filename, const struct grub_dirhook_info *info, + + /* XXX: For ext2fs symlinks are detected as files while they + should be reported as directories. */ +- grub_file_filter_disable_compression (); +- file = grub_file_open (pathname); ++ file = grub_file_open (pathname, GRUB_FILE_TYPE_GET_SIZE ++ | GRUB_FILE_TYPE_NO_DECOMPRESS); + if (! file) + { + grub_errno = 0; +@@ -234,8 +234,8 @@ grub_ls_list_files (char *dirname, int longlist, int all, int human) + struct grub_dirhook_info info; + grub_errno = 0; + +- grub_file_filter_disable_compression (); +- file = grub_file_open (dirname); ++ file = grub_file_open (dirname, GRUB_FILE_TYPE_GET_SIZE ++ | GRUB_FILE_TYPE_NO_DECOMPRESS); + if (! file) + goto fail; + +diff --git a/grub-core/commands/minicmd.c b/grub-core/commands/minicmd.c +index b25ca4b9f..46bf135e8 100644 +--- a/grub-core/commands/minicmd.c ++++ b/grub-core/commands/minicmd.c +@@ -43,7 +43,7 @@ grub_mini_cmd_cat (struct grub_command *cmd __attribute__ ((unused)), + if (argc < 1) + return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected")); + +- file = grub_file_open (argv[0]); ++ file = grub_file_open (argv[0], GRUB_FILE_TYPE_CAT); + if (! file) + return grub_errno; + +diff --git a/grub-core/commands/nativedisk.c b/grub-core/commands/nativedisk.c +index d69214f6d..f200a5ce0 100644 +--- a/grub-core/commands/nativedisk.c ++++ b/grub-core/commands/nativedisk.c +@@ -242,7 +242,8 @@ grub_cmd_nativedisk (grub_command_t cmd __attribute__ ((unused)), + if (! filename) + goto fail; + +- file = grub_file_open (filename); ++ file = grub_file_open (filename, ++ GRUB_FILE_TYPE_GRUB_MODULE); + grub_free (filename); + if (! file) + goto fail; +diff --git a/grub-core/commands/parttool.c b/grub-core/commands/parttool.c +index 36dadc0b1..051e31320 100644 +--- a/grub-core/commands/parttool.c ++++ b/grub-core/commands/parttool.c +@@ -199,7 +199,7 @@ grub_cmd_parttool (grub_command_t cmd __attribute__ ((unused)), + { + grub_file_t file; + +- file = grub_file_open (filename); ++ file = grub_file_open (filename, GRUB_FILE_TYPE_GRUB_MODULE_LIST); + if (file) + { + char *buf = 0; +diff --git a/grub-core/commands/search.c b/grub-core/commands/search.c +index 7dd32e445..ddda6e7c5 100644 +--- a/grub-core/commands/search.c ++++ b/grub-core/commands/search.c +@@ -81,8 +81,8 @@ iterate_device (const char *name, void *data) + if (! buf) + return 1; + +- grub_file_filter_disable_compression (); +- file = grub_file_open (buf); ++ file = grub_file_open (buf, GRUB_FILE_TYPE_FS_SEARCH ++ | GRUB_FILE_TYPE_NO_DECOMPRESS); + if (file) + { + found = 1; +diff --git a/grub-core/commands/test.c b/grub-core/commands/test.c +index 5f06642f6..13c6ed953 100644 +--- a/grub-core/commands/test.c ++++ b/grub-core/commands/test.c +@@ -355,8 +355,8 @@ test_parse (char **args, int *argn, int argc) + if (grub_strcmp (args[*argn], "-s") == 0) + { + grub_file_t file; +- grub_file_filter_disable_compression (); +- file = grub_file_open (args[*argn + 1]); ++ file = grub_file_open (args[*argn + 1], GRUB_FILE_TYPE_GET_SIZE ++ | GRUB_FILE_TYPE_NO_DECOMPRESS); + update_val (file && (grub_file_size (file) != 0), &ctx); + if (file) + grub_file_close (file); +diff --git a/grub-core/commands/testload.c b/grub-core/commands/testload.c +index cfab6763d..ff01a0516 100644 +--- a/grub-core/commands/testload.c ++++ b/grub-core/commands/testload.c +@@ -57,7 +57,7 @@ grub_cmd_testload (struct grub_command *cmd __attribute__ ((unused)), + if (argc < 1) + return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected")); + +- file = grub_file_open (argv[0]); ++ file = grub_file_open (argv[0], GRUB_FILE_TYPE_TESTLOAD); + if (! file) + return grub_errno; + +diff --git a/grub-core/commands/testspeed.c b/grub-core/commands/testspeed.c +index 042645f8d..c13a9b8d8 100644 +--- a/grub-core/commands/testspeed.c ++++ b/grub-core/commands/testspeed.c +@@ -61,7 +61,7 @@ grub_cmd_testspeed (grub_extcmd_context_t ctxt, int argc, char **args) + if (buffer == NULL) + return grub_errno; + +- file = grub_file_open (args[0]); ++ file = grub_file_open (args[0], GRUB_FILE_TYPE_TESTLOAD); + if (file == NULL) + goto quit; + +diff --git a/grub-core/commands/verify.c b/grub-core/commands/verify.c +index 67cb1c785..f0dfeceeb 100644 +--- a/grub-core/commands/verify.c ++++ b/grub-core/commands/verify.c +@@ -680,10 +680,12 @@ grub_cmd_trust (grub_extcmd_context_t ctxt, + if (argc < 1) + return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("one argument expected")); + +- grub_file_filter_disable_compression (); +- if (ctxt->state[OPTION_SKIP_SIG].set) +- grub_file_filter_disable_pubkey (); +- pkf = grub_file_open (args[0]); ++ pkf = grub_file_open (args[0], ++ GRUB_FILE_TYPE_PUBLIC_KEY_TRUST ++ | GRUB_FILE_TYPE_NO_DECOMPRESS ++ | (ctxt->state[OPTION_SKIP_SIG].set ++ ? GRUB_FILE_TYPE_SKIP_SIGNATURE ++ : GRUB_FILE_TYPE_NONE)); + if (!pkf) + return grub_errno; + pk = grub_load_public_key (pkf); +@@ -771,10 +773,12 @@ grub_cmd_verify_signature (grub_extcmd_context_t ctxt, + if (argc > 2) + { + grub_file_t pkf; +- grub_file_filter_disable_compression (); +- if (ctxt->state[OPTION_SKIP_SIG].set) +- grub_file_filter_disable_pubkey (); +- pkf = grub_file_open (args[2]); ++ pkf = grub_file_open (args[2], ++ GRUB_FILE_TYPE_PUBLIC_KEY ++ | GRUB_FILE_TYPE_NO_DECOMPRESS ++ | (ctxt->state[OPTION_SKIP_SIG].set ++ ? GRUB_FILE_TYPE_SKIP_SIGNATURE ++ : GRUB_FILE_TYPE_NONE)); + if (!pkf) + return grub_errno; + pk = grub_load_public_key (pkf); +@@ -786,16 +790,16 @@ grub_cmd_verify_signature (grub_extcmd_context_t ctxt, + grub_file_close (pkf); + } + +- grub_file_filter_disable_all (); +- f = grub_file_open (args[0]); ++ f = grub_file_open (args[0], GRUB_FILE_TYPE_VERIFY_SIGNATURE); + if (!f) + { + err = grub_errno; + goto fail; + } + +- grub_file_filter_disable_all (); +- sig = grub_file_open (args[1]); ++ sig = grub_file_open (args[1], ++ GRUB_FILE_TYPE_SIGNATURE ++ | GRUB_FILE_TYPE_NO_DECOMPRESS); + if (!sig) + { + err = grub_errno; +@@ -858,33 +862,32 @@ struct grub_fs verified_fs = + }; + + static grub_file_t +-grub_pubkey_open (grub_file_t io, const char *filename) ++grub_pubkey_open (grub_file_t io, enum grub_file_type type) + { + grub_file_t sig; + char *fsuf, *ptr; + grub_err_t err; +- grub_file_filter_t curfilt[GRUB_FILE_FILTER_MAX]; + grub_file_t ret; + grub_verified_t verified; + ++ if ((type & GRUB_FILE_TYPE_MASK) == GRUB_FILE_TYPE_SIGNATURE ++ || (type & GRUB_FILE_TYPE_MASK) == GRUB_FILE_TYPE_VERIFY_SIGNATURE ++ || (type & GRUB_FILE_TYPE_SKIP_SIGNATURE)) ++ return io; ++ + if (!sec) + return io; + if (io->device->disk && + (io->device->disk->dev->id == GRUB_DISK_DEVICE_MEMDISK_ID + || io->device->disk->dev->id == GRUB_DISK_DEVICE_PROCFS_ID)) + return io; +- fsuf = grub_malloc (grub_strlen (filename) + sizeof (".sig")); ++ fsuf = grub_malloc (grub_strlen (io->name) + sizeof (".sig")); + if (!fsuf) + return NULL; +- ptr = grub_stpcpy (fsuf, filename); ++ ptr = grub_stpcpy (fsuf, io->name); + grub_memcpy (ptr, ".sig", sizeof (".sig")); + +- grub_memcpy (curfilt, grub_file_filters_enabled, +- sizeof (curfilt)); +- grub_file_filter_disable_all (); +- sig = grub_file_open (fsuf); +- grub_memcpy (grub_file_filters_enabled, curfilt, +- sizeof (curfilt)); ++ sig = grub_file_open (fsuf, GRUB_FILE_TYPE_SIGNATURE); + grub_free (fsuf); + if (!sig) + return NULL; +@@ -918,7 +921,7 @@ grub_pubkey_open (grub_file_t io, const char *filename) + if (!verified->buf) + { + grub_file_close (sig); +- grub_free (verified); ++ verified_free (verified); + grub_free (ret); + return NULL; + } +@@ -926,7 +929,7 @@ grub_pubkey_open (grub_file_t io, const char *filename) + { + if (!grub_errno) + grub_error (GRUB_ERR_FILE_READ_ERROR, N_("premature end of file %s"), +- filename); ++ io->name); + grub_file_close (sig); + verified_free (verified); + grub_free (ret); +diff --git a/grub-core/disk/loopback.c b/grub-core/disk/loopback.c +index 2d8deaeaf..9406d931c 100644 +--- a/grub-core/disk/loopback.c ++++ b/grub-core/disk/loopback.c +@@ -92,7 +92,8 @@ grub_cmd_loopback (grub_extcmd_context_t ctxt, int argc, char **args) + if (argc < 2) + return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected")); + +- file = grub_file_open (args[1]); ++ file = grub_file_open (args[1], GRUB_FILE_TYPE_LOOPBACK ++ | GRUB_FILE_TYPE_NO_DECOMPRESS); + if (! file) + return grub_errno; + +diff --git a/grub-core/efiemu/main.c b/grub-core/efiemu/main.c +index f6813b1ed..a81934725 100644 +--- a/grub-core/efiemu/main.c ++++ b/grub-core/efiemu/main.c +@@ -187,7 +187,7 @@ grub_efiemu_load_file (const char *filename) + grub_file_t file; + grub_err_t err; + +- file = grub_file_open (filename); ++ file = grub_file_open (filename, GRUB_FILE_TYPE_GRUB_MODULE); + if (! file) + return grub_errno; + +diff --git a/grub-core/font/font.c b/grub-core/font/font.c +index b36a099b8..b67507fcc 100644 +--- a/grub-core/font/font.c ++++ b/grub-core/font/font.c +@@ -422,7 +422,7 @@ grub_font_load (const char *filename) + #endif + + if (filename[0] == '(' || filename[0] == '/' || filename[0] == '+') +- file = grub_buffile_open (filename, 1024); ++ file = grub_buffile_open (filename, GRUB_FILE_TYPE_FONT, 1024); + else + { + const char *prefix = grub_env_get ("prefix"); +@@ -442,7 +442,7 @@ grub_font_load (const char *filename) + ptr = grub_stpcpy (ptr, filename); + ptr = grub_stpcpy (ptr, ".pf2"); + *ptr = 0; +- file = grub_buffile_open (fullname, 1024); ++ file = grub_buffile_open (fullname, GRUB_FILE_TYPE_FONT, 1024); + grub_free (fullname); + } + if (!file) +diff --git a/grub-core/fs/zfs/zfscrypt.c b/grub-core/fs/zfs/zfscrypt.c +index f8488c353..de3b015f5 100644 +--- a/grub-core/fs/zfs/zfscrypt.c ++++ b/grub-core/fs/zfs/zfscrypt.c +@@ -430,7 +430,7 @@ grub_cmd_zfs_key (grub_extcmd_context_t ctxt, int argc, char **args) + if (argc > 0) + { + grub_file_t file; +- file = grub_file_open (args[0]); ++ file = grub_file_open (args[0], GRUB_FILE_TYPE_ZFS_ENCRYPTION_KEY); + if (!file) + return grub_errno; + real_size = grub_file_read (file, buf, 1024); +diff --git a/grub-core/gettext/gettext.c b/grub-core/gettext/gettext.c +index b22e1bcc9..84d520cd4 100644 +--- a/grub-core/gettext/gettext.c ++++ b/grub-core/gettext/gettext.c +@@ -291,7 +291,7 @@ grub_mofile_open (struct grub_gettext_context *ctx, + /* Using fd_mo and not another variable because + it's needed for grub_gettext_get_info. */ + +- fd = grub_file_open (filename); ++ fd = grub_file_open (filename, GRUB_FILE_TYPE_GETTEXT_CATALOG); + + if (!fd) + return grub_errno; +diff --git a/grub-core/gfxmenu/theme_loader.c b/grub-core/gfxmenu/theme_loader.c +index 02978392c..d6829bb5e 100644 +--- a/grub-core/gfxmenu/theme_loader.c ++++ b/grub-core/gfxmenu/theme_loader.c +@@ -743,7 +743,7 @@ grub_gfxmenu_view_load_theme (grub_gfxmenu_view_t view, const char *theme_path) + p.view = view; + p.theme_dir = grub_get_dirname (theme_path); + +- file = grub_file_open (theme_path); ++ file = grub_file_open (theme_path, GRUB_FILE_TYPE_THEME); + if (! file) + { + grub_free (p.theme_dir); +diff --git a/grub-core/io/bufio.c b/grub-core/io/bufio.c +index 2781afe05..0dbac1b3a 100644 +--- a/grub-core/io/bufio.c ++++ b/grub-core/io/bufio.c +@@ -88,11 +88,11 @@ grub_bufio_open (grub_file_t io, grub_size_t size) + } + + grub_file_t +-grub_buffile_open (const char *name, grub_size_t size) ++grub_buffile_open (const char *name, enum grub_file_type type, grub_size_t size) + { + grub_file_t io, file; + +- io = grub_file_open (name); ++ io = grub_file_open (name, type); + if (! io) + return 0; + +diff --git a/grub-core/io/gzio.c b/grub-core/io/gzio.c +index 7024cda84..2ecf076dd 100644 +--- a/grub-core/io/gzio.c ++++ b/grub-core/io/gzio.c +@@ -1156,11 +1156,14 @@ initialize_tables (grub_gzio_t gzio) + even if IO does not contain data compressed by gzip, return a valid file + object. Note that this function won't close IO, even if an error occurs. */ + static grub_file_t +-grub_gzio_open (grub_file_t io, const char *name __attribute__ ((unused))) ++grub_gzio_open (grub_file_t io, enum grub_file_type type) + { + grub_file_t file; + grub_gzio_t gzio = 0; + ++ if (type & GRUB_FILE_TYPE_NO_DECOMPRESS) ++ return io; ++ + file = (grub_file_t) grub_zalloc (sizeof (*file)); + if (! file) + return 0; +diff --git a/grub-core/io/lzopio.c b/grub-core/io/lzopio.c +index 7559c6c9c..84edf6dd2 100644 +--- a/grub-core/io/lzopio.c ++++ b/grub-core/io/lzopio.c +@@ -407,12 +407,14 @@ CORRUPTED: + } + + static grub_file_t +-grub_lzopio_open (grub_file_t io, +- const char *name __attribute__ ((unused))) ++grub_lzopio_open (grub_file_t io, enum grub_file_type type) + { + grub_file_t file; + grub_lzopio_t lzopio; + ++ if (type & GRUB_FILE_TYPE_NO_DECOMPRESS) ++ return io; ++ + file = (grub_file_t) grub_zalloc (sizeof (*file)); + if (!file) + return 0; +diff --git a/grub-core/io/offset.c b/grub-core/io/offset.c +index ebed0ebe6..ec8e23208 100644 +--- a/grub-core/io/offset.c ++++ b/grub-core/io/offset.c +@@ -69,7 +69,8 @@ grub_file_offset_close (grub_file_t file) + } + + grub_file_t +-grub_file_offset_open (grub_file_t parent, grub_off_t start, grub_off_t size) ++grub_file_offset_open (grub_file_t parent, enum grub_file_type type, ++ grub_off_t start, grub_off_t size) + { + struct grub_offset_file *off_data; + grub_file_t off_file, last_off_file; +@@ -95,10 +96,10 @@ grub_file_offset_open (grub_file_t parent, grub_off_t start, grub_off_t size) + last_off_file = NULL; + for (filter = GRUB_FILE_FILTER_COMPRESSION_FIRST; + off_file && filter <= GRUB_FILE_FILTER_COMPRESSION_LAST; filter++) +- if (grub_file_filters_enabled[filter]) ++ if (grub_file_filters[filter]) + { + last_off_file = off_file; +- off_file = grub_file_filters_enabled[filter] (off_file, parent->name); ++ off_file = grub_file_filters[filter] (off_file, type); + } + + if (!off_file) +diff --git a/grub-core/io/xzio.c b/grub-core/io/xzio.c +index a3536ad73..42afeedcd 100644 +--- a/grub-core/io/xzio.c ++++ b/grub-core/io/xzio.c +@@ -169,12 +169,14 @@ ERROR: + } + + static grub_file_t +-grub_xzio_open (grub_file_t io, +- const char *name __attribute__ ((unused))) ++grub_xzio_open (grub_file_t io, enum grub_file_type type) + { + grub_file_t file; + grub_xzio_t xzio; + ++ if (type & GRUB_FILE_TYPE_NO_DECOMPRESS) ++ return io; ++ + file = (grub_file_t) grub_zalloc (sizeof (*file)); + if (!file) + return 0; +diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c +index 91105bc46..d7a7c8f97 100644 +--- a/grub-core/kern/dl.c ++++ b/grub-core/kern/dl.c +@@ -806,7 +806,7 @@ grub_dl_load_file (const char *filename) + + grub_boot_time ("Loading module %s", filename); + +- file = grub_file_open (filename); ++ file = grub_file_open (filename, GRUB_FILE_TYPE_GRUB_MODULE); + if (! file) + return 0; + +diff --git a/grub-core/kern/elf.c b/grub-core/kern/elf.c +index 4f282c9cf..9d7149b38 100644 +--- a/grub-core/kern/elf.c ++++ b/grub-core/kern/elf.c +@@ -136,12 +136,12 @@ fail: + } + + grub_elf_t +-grub_elf_open (const char *name) ++grub_elf_open (const char *name, enum grub_file_type type) + { + grub_file_t file; + grub_elf_t elf; + +- file = grub_file_open (name); ++ file = grub_file_open (name, type); + if (! file) + return 0; + +diff --git a/grub-core/kern/file.c b/grub-core/kern/file.c +index c2d9a5500..2efc31da9 100644 +--- a/grub-core/kern/file.c ++++ b/grub-core/kern/file.c +@@ -28,8 +28,7 @@ + + void (*EXPORT_VAR (grub_grubnet_fini)) (void); + +-grub_file_filter_t grub_file_filters_all[GRUB_FILE_FILTER_MAX]; +-grub_file_filter_t grub_file_filters_enabled[GRUB_FILE_FILTER_MAX]; ++grub_file_filter_t grub_file_filters[GRUB_FILE_FILTER_MAX]; + + /* Get the device part of the filename NAME. It is enclosed by parentheses. */ + char * +@@ -59,7 +58,7 @@ grub_file_get_device_name (const char *name) + } + + grub_file_t +-grub_file_open (const char *name) ++grub_file_open (const char *name, enum grub_file_type type) + { + grub_device_t device = 0; + grub_file_t file = 0, last_file = 0; +@@ -116,18 +115,20 @@ grub_file_open (const char *name) + file->name = grub_strdup (name); + grub_errno = GRUB_ERR_NONE; + +- for (filter = 0; file && filter < ARRAY_SIZE (grub_file_filters_enabled); ++ for (filter = 0; file && filter < ARRAY_SIZE (grub_file_filters); + filter++) +- if (grub_file_filters_enabled[filter]) ++ if (grub_file_filters[filter]) + { + last_file = file; +- file = grub_file_filters_enabled[filter] (file, name); ++ file = grub_file_filters[filter] (file, type); ++ if (file && file != last_file) ++ { ++ file->name = grub_strdup (name); ++ grub_errno = GRUB_ERR_NONE; ++ } + } + if (!file) + grub_file_close (last_file); +- +- grub_memcpy (grub_file_filters_enabled, grub_file_filters_all, +- sizeof (grub_file_filters_enabled)); + + grub_dprintf ("file", "Opening `%s' succeeded.\n", name); + +@@ -141,9 +142,6 @@ grub_file_open (const char *name) + + grub_free (file); + +- grub_memcpy (grub_file_filters_enabled, grub_file_filters_all, +- sizeof (grub_file_filters_enabled)); +- + grub_dprintf ("file", "Opening `%s' failed.\n", name); + + return 0; +diff --git a/grub-core/lib/syslinux_parse.c b/grub-core/lib/syslinux_parse.c +index 21ca040ad..83e7bdb91 100644 +--- a/grub-core/lib/syslinux_parse.c ++++ b/grub-core/lib/syslinux_parse.c +@@ -696,7 +696,7 @@ syslinux_parse_real (struct syslinux_menu *menu) + char *buf = NULL; + grub_err_t err = GRUB_ERR_NONE; + +- file = grub_file_open (menu->filename); ++ file = grub_file_open (menu->filename, GRUB_FILE_TYPE_CONFIG); + if (!file) + return grub_errno; + while ((grub_free (buf), buf = grub_file_getline (file))) +diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c +index a93edc975..29663f718 100644 +--- a/grub-core/loader/efi/chainloader.c ++++ b/grub-core/loader/efi/chainloader.c +@@ -941,7 +941,7 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), + *(--p16) = 0; + } + +- file = grub_file_open (filename); ++ file = grub_file_open (filename, GRUB_FILE_TYPE_EFI_CHAINLOADED_IMAGE); + if (! file) + goto fail; + +diff --git a/grub-core/loader/i386/bsd.c b/grub-core/loader/i386/bsd.c +index 0f317632a..8306b415a 100644 +--- a/grub-core/loader/i386/bsd.c ++++ b/grub-core/loader/i386/bsd.c +@@ -1464,7 +1464,7 @@ grub_bsd_load (int argc, char *argv[]) + goto fail; + } + +- file = grub_file_open (argv[0]); ++ file = grub_file_open (argv[0], GRUB_FILE_TYPE_BSD_KERNEL); + if (!file) + goto fail; + +@@ -1541,7 +1541,7 @@ grub_cmd_freebsd (grub_extcmd_context_t ctxt, int argc, char *argv[]) + if (err) + return err; + +- file = grub_file_open (argv[0]); ++ file = grub_file_open (argv[0], GRUB_FILE_TYPE_BSD_KERNEL); + if (! file) + return grub_errno; + +@@ -1700,7 +1700,7 @@ grub_cmd_netbsd (grub_extcmd_context_t ctxt, int argc, char *argv[]) + { + grub_file_t file; + +- file = grub_file_open (argv[0]); ++ file = grub_file_open (argv[0], GRUB_FILE_TYPE_BSD_KERNEL); + if (! file) + return grub_errno; + +@@ -1809,7 +1809,7 @@ grub_cmd_freebsd_loadenv (grub_command_t cmd __attribute__ ((unused)), + goto fail; + } + +- file = grub_file_open (argv[0]); ++ file = grub_file_open (argv[0], GRUB_FILE_TYPE_FREEBSD_ENV); + if ((!file) || (!file->size)) + goto fail; + +@@ -1914,7 +1914,7 @@ grub_cmd_freebsd_module (grub_command_t cmd __attribute__ ((unused)), + return 0; + } + +- file = grub_file_open (argv[0]); ++ file = grub_file_open (argv[0], GRUB_FILE_TYPE_FREEBSD_MODULE); + if ((!file) || (!file->size)) + goto fail; + +@@ -1965,7 +1965,7 @@ grub_netbsd_module_load (char *filename, grub_uint32_t type) + void *src; + grub_err_t err; + +- file = grub_file_open (filename); ++ file = grub_file_open (filename, GRUB_FILE_TYPE_NETBSD_MODULE); + if ((!file) || (!file->size)) + goto fail; + +@@ -2055,7 +2055,7 @@ grub_cmd_freebsd_module_elf (grub_command_t cmd __attribute__ ((unused)), + return 0; + } + +- file = grub_file_open (argv[0]); ++ file = grub_file_open (argv[0], GRUB_FILE_TYPE_FREEBSD_MODULE_ELF); + if (!file) + return grub_errno; + if (!file->size) +@@ -2095,7 +2095,7 @@ grub_cmd_openbsd_ramdisk (grub_command_t cmd __attribute__ ((unused)), + if (!openbsd_ramdisk.max_size) + return grub_error (GRUB_ERR_BAD_OS, "your kOpenBSD doesn't support ramdisk"); + +- file = grub_file_open (args[0]); ++ file = grub_file_open (args[0], GRUB_FILE_TYPE_OPENBSD_RAMDISK); + if (! file) + return grub_errno; + +diff --git a/grub-core/loader/i386/coreboot/chainloader.c b/grub-core/loader/i386/coreboot/chainloader.c +index 2cb78eee0..0a19ebb9c 100644 +--- a/grub-core/loader/i386/coreboot/chainloader.c ++++ b/grub-core/loader/i386/coreboot/chainloader.c +@@ -439,7 +439,7 @@ grub_cmd_chain (grub_command_t cmd __attribute__ ((unused)), + + grub_loader_unset (); + +- file = grub_file_open (argv[0]); ++ file = grub_file_open (argv[0], GRUB_FILE_TYPE_COREBOOT_CHAINLOADER); + if (!file) + return grub_errno; + +diff --git a/grub-core/loader/i386/linux.c b/grub-core/loader/i386/linux.c +index 191f1631e..aa2cbc4e7 100644 +--- a/grub-core/loader/i386/linux.c ++++ b/grub-core/loader/i386/linux.c +@@ -709,7 +709,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + goto fail; + } + +- file = grub_file_open (argv[0]); ++ file = grub_file_open (argv[0], GRUB_FILE_TYPE_LINUX_KERNEL); + if (! file) + goto fail; + +diff --git a/grub-core/loader/i386/pc/chainloader.c b/grub-core/loader/i386/pc/chainloader.c +index ef3a322b7..976fea73a 100644 +--- a/grub-core/loader/i386/pc/chainloader.c ++++ b/grub-core/loader/i386/pc/chainloader.c +@@ -172,8 +172,8 @@ grub_chainloader_cmd (const char *filename, grub_chainloader_flags_t flags) + + grub_dl_ref (my_mod); + +- grub_file_filter_disable_compression (); +- file = grub_file_open (filename); ++ file = grub_file_open (filename, GRUB_FILE_TYPE_PCCHAINLOADER ++ | GRUB_FILE_TYPE_NO_DECOMPRESS); + if (! file) + goto fail; + +diff --git a/grub-core/loader/i386/pc/freedos.c b/grub-core/loader/i386/pc/freedos.c +index 478f3c513..aac6c9715 100644 +--- a/grub-core/loader/i386/pc/freedos.c ++++ b/grub-core/loader/i386/pc/freedos.c +@@ -110,7 +110,7 @@ grub_cmd_freedos (grub_command_t cmd __attribute__ ((unused)), + if (!rel) + goto fail; + +- file = grub_file_open (argv[0]); ++ file = grub_file_open (argv[0], GRUB_FILE_TYPE_FREEDOS); + if (! file) + goto fail; + +diff --git a/grub-core/loader/i386/pc/linux.c b/grub-core/loader/i386/pc/linux.c +index 63736fae9..b5c28c658 100644 +--- a/grub-core/loader/i386/pc/linux.c ++++ b/grub-core/loader/i386/pc/linux.c +@@ -142,7 +142,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + goto fail; + } + +- file = grub_file_open (argv[0]); ++ file = grub_file_open (argv[0], GRUB_FILE_TYPE_LINUX_KERNEL); + if (! file) + goto fail; + +diff --git a/grub-core/loader/i386/pc/ntldr.c b/grub-core/loader/i386/pc/ntldr.c +index 1b88f40d8..f0d74145b 100644 +--- a/grub-core/loader/i386/pc/ntldr.c ++++ b/grub-core/loader/i386/pc/ntldr.c +@@ -90,7 +90,7 @@ grub_cmd_ntldr (grub_command_t cmd __attribute__ ((unused)), + if (!rel) + goto fail; + +- file = grub_file_open (argv[0]); ++ file = grub_file_open (argv[0], GRUB_FILE_TYPE_NTLDR); + if (! file) + goto fail; + +diff --git a/grub-core/loader/i386/pc/plan9.c b/grub-core/loader/i386/pc/plan9.c +index 814a49d50..0351090da 100644 +--- a/grub-core/loader/i386/pc/plan9.c ++++ b/grub-core/loader/i386/pc/plan9.c +@@ -413,7 +413,7 @@ grub_cmd_plan9 (grub_extcmd_context_t ctxt, int argc, char *argv[]) + if (!rel) + goto fail; + +- fill_ctx.file = grub_file_open (argv[0]); ++ fill_ctx.file = grub_file_open (argv[0], GRUB_FILE_TYPE_PLAN9_KERNEL); + if (! fill_ctx.file) + goto fail; + +diff --git a/grub-core/loader/i386/pc/pxechainloader.c b/grub-core/loader/i386/pc/pxechainloader.c +index e60c62b1b..acb061169 100644 +--- a/grub-core/loader/i386/pc/pxechainloader.c ++++ b/grub-core/loader/i386/pc/pxechainloader.c +@@ -99,7 +99,7 @@ grub_cmd_pxechain (grub_command_t cmd __attribute__ ((unused)), + if (!rel) + goto fail; + +- file = grub_file_open (argv[0]); ++ file = grub_file_open (argv[0], GRUB_FILE_TYPE_PXECHAINLOADER); + if (! file) + goto fail; + +diff --git a/grub-core/loader/i386/pc/truecrypt.c b/grub-core/loader/i386/pc/truecrypt.c +index 9ea4fde42..cbeeec7be 100644 +--- a/grub-core/loader/i386/pc/truecrypt.c ++++ b/grub-core/loader/i386/pc/truecrypt.c +@@ -99,7 +99,7 @@ grub_cmd_truecrypt (grub_command_t cmd __attribute__ ((unused)), + + grub_dl_ref (my_mod); + +- file = grub_file_open (argv[0]); ++ file = grub_file_open (argv[0], GRUB_FILE_TYPE_TRUECRYPT); + if (! file) + goto fail; + +diff --git a/grub-core/loader/i386/xen.c b/grub-core/loader/i386/xen.c +index 85b93347b..82350d3a1 100644 +--- a/grub-core/loader/i386/xen.c ++++ b/grub-core/loader/i386/xen.c +@@ -650,7 +650,7 @@ grub_cmd_xen (grub_command_t cmd __attribute__ ((unused)), + (char *) xen_state.next_start.cmd_line, + sizeof (xen_state.next_start.cmd_line) - 1); + +- file = grub_file_open (argv[0]); ++ file = grub_file_open (argv[0], GRUB_FILE_TYPE_LINUX_KERNEL); + if (!file) + return grub_errno; + +@@ -901,9 +901,8 @@ grub_cmd_module (grub_command_t cmd __attribute__ ((unused)), + + xen_state.max_addr = ALIGN_UP (xen_state.max_addr, PAGE_SIZE); + +- if (nounzip) +- grub_file_filter_disable_compression (); +- file = grub_file_open (argv[0]); ++ file = grub_file_open (argv[0], GRUB_FILE_TYPE_LINUX_INITRD | ++ (nounzip ? GRUB_FILE_TYPE_NO_DECOMPRESS : GRUB_FILE_TYPE_NONE)); + if (!file) + return grub_errno; + size = grub_file_size (file); +diff --git a/grub-core/loader/i386/xen_file.c b/grub-core/loader/i386/xen_file.c +index 77a93e7b2..9af5d66df 100644 +--- a/grub-core/loader/i386/xen_file.c ++++ b/grub-core/loader/i386/xen_file.c +@@ -78,7 +78,7 @@ grub_xen_file (grub_file_t file) + Trim it. */ + if (grub_memcmp (magic, XZ_MAGIC, sizeof (XZ_MAGIC) - 1) == 0) + payload_length -= 4; +- off_file = grub_file_offset_open (file, payload_offset, ++ off_file = grub_file_offset_open (file, GRUB_FILE_TYPE_LINUX_KERNEL, payload_offset, + payload_length); + if (!off_file) + goto fail; +diff --git a/grub-core/loader/i386/xnu.c b/grub-core/loader/i386/xnu.c +index 44f7ebfa2..a70093607 100644 +--- a/grub-core/loader/i386/xnu.c ++++ b/grub-core/loader/i386/xnu.c +@@ -486,7 +486,7 @@ grub_cmd_devprop_load (grub_command_t cmd __attribute__ ((unused)), + if (argc != 1) + return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected")); + +- file = grub_file_open (args[0]); ++ file = grub_file_open (args[0], GRUB_FILE_XNU_DEVPROP); + if (! file) + return grub_errno; + size = grub_file_size (file); +diff --git a/grub-core/loader/linux.c b/grub-core/loader/linux.c +index 0953f6d32..2b2f798e7 100644 +--- a/grub-core/loader/linux.c ++++ b/grub-core/loader/linux.c +@@ -183,7 +183,6 @@ grub_initrd_init (int argc, char *argv[], + eptr = grub_strchr (ptr, ':'); + if (eptr) + { +- grub_file_filter_disable_compression (); + grub_size_t dir_size, name_len; + + initrd_ctx->components[i].newc_name = grub_strndup (ptr, eptr - ptr); +@@ -215,8 +214,9 @@ grub_initrd_init (int argc, char *argv[], + root = 0; + newc = 0; + } +- grub_file_filter_disable_compression (); +- initrd_ctx->components[i].file = grub_file_open (fname); ++ initrd_ctx->components[i].file = grub_file_open (fname, ++ GRUB_FILE_TYPE_LINUX_INITRD ++ | GRUB_FILE_TYPE_NO_DECOMPRESS); + if (!initrd_ctx->components[i].file) + { + grub_initrd_close (initrd_ctx); +diff --git a/grub-core/loader/macho.c b/grub-core/loader/macho.c +index f61341af5..05710c48e 100644 +--- a/grub-core/loader/macho.c ++++ b/grub-core/loader/macho.c +@@ -188,12 +188,12 @@ fail: + } + + grub_macho_t +-grub_macho_open (const char *name, int is_64bit) ++grub_macho_open (const char *name, enum grub_file_type type, int is_64bit) + { + grub_file_t file; + grub_macho_t macho; + +- file = grub_file_open (name); ++ file = grub_file_open (name, type); + if (! file) + return 0; + +diff --git a/grub-core/loader/mips/linux.c b/grub-core/loader/mips/linux.c +index 27c1db84a..103588544 100644 +--- a/grub-core/loader/mips/linux.c ++++ b/grub-core/loader/mips/linux.c +@@ -237,7 +237,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + if (argc == 0) + return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected")); + +- elf = grub_elf_open (argv[0]); ++ elf = grub_elf_open (argv[0], GRUB_FILE_TYPE_LINUX_KERNEL); + if (! elf) + return grub_errno; + +diff --git a/grub-core/loader/multiboot.c b/grub-core/loader/multiboot.c +index f455e8039..e8963d7cd 100644 +--- a/grub-core/loader/multiboot.c ++++ b/grub-core/loader/multiboot.c +@@ -323,7 +323,7 @@ grub_cmd_multiboot (grub_command_t cmd __attribute__ ((unused)), + if (argc == 0) + return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected")); + +- file = grub_file_open (argv[0]); ++ file = grub_file_open (argv[0], GRUB_FILE_TYPE_MULTIBOOT_KERNEL); + if (! file) + return grub_errno; + +@@ -389,10 +389,8 @@ grub_cmd_module (grub_command_t cmd __attribute__ ((unused)), + return grub_error (GRUB_ERR_BAD_ARGUMENT, + N_("you need to load the kernel first")); + +- if (nounzip) +- grub_file_filter_disable_compression (); +- +- file = grub_file_open (argv[0]); ++ file = grub_file_open (argv[0], GRUB_FILE_TYPE_MULTIBOOT_MODULE ++ | (nounzip ? GRUB_FILE_TYPE_NO_DECOMPRESS : GRUB_FILE_TYPE_NONE)); + if (! file) + return grub_errno; + +diff --git a/grub-core/loader/xnu.c b/grub-core/loader/xnu.c +index 2bf02489b..9f78abb05 100644 +--- a/grub-core/loader/xnu.c ++++ b/grub-core/loader/xnu.c +@@ -355,7 +355,7 @@ grub_cmd_xnu_kernel (grub_command_t cmd __attribute__ ((unused)), + + grub_xnu_unload (); + +- macho = grub_macho_open (args[0], 0); ++ macho = grub_macho_open (args[0], GRUB_FILE_TYPE_XNU_KERNEL, 0); + if (! macho) + return grub_errno; + +@@ -460,7 +460,7 @@ grub_cmd_xnu_kernel64 (grub_command_t cmd __attribute__ ((unused)), + + grub_xnu_unload (); + +- macho = grub_macho_open (args[0], 1); ++ macho = grub_macho_open (args[0], GRUB_FILE_TYPE_XNU_KERNEL, 1); + if (! macho) + return grub_errno; + +@@ -678,7 +678,7 @@ grub_xnu_load_driver (char *infoplistname, grub_file_t binaryfile, + macho = 0; + + if (infoplistname) +- infoplist = grub_file_open (infoplistname); ++ infoplist = grub_file_open (infoplistname, GRUB_FILE_TYPE_XNU_INFO_PLIST); + else + infoplist = 0; + grub_errno = GRUB_ERR_NONE; +@@ -775,7 +775,7 @@ grub_cmd_xnu_mkext (grub_command_t cmd __attribute__ ((unused)), + if (! grub_xnu_heap_size) + return grub_error (GRUB_ERR_BAD_OS, N_("you need to load the kernel first")); + +- file = grub_file_open (args[0]); ++ file = grub_file_open (args[0], GRUB_FILE_TYPE_XNU_MKEXT); + if (! file) + return grub_errno; + +@@ -889,7 +889,7 @@ grub_cmd_xnu_ramdisk (grub_command_t cmd __attribute__ ((unused)), + if (! grub_xnu_heap_size) + return grub_error (GRUB_ERR_BAD_OS, N_("you need to load the kernel first")); + +- file = grub_file_open (args[0]); ++ file = grub_file_open (args[0], GRUB_FILE_TYPE_XNU_RAMDISK); + if (! file) + return grub_errno; + +@@ -929,7 +929,7 @@ grub_xnu_check_os_bundle_required (char *plistname, + if (binname) + *binname = 0; + +- file = grub_file_open (plistname); ++ file = grub_file_open (plistname, GRUB_FILE_TYPE_XNU_INFO_PLIST); + if (! file) + return 0; + +@@ -1214,7 +1214,7 @@ grub_xnu_load_kext_from_dir (char *dirname, const char *osbundlerequired, + grub_strcpy (binname + grub_strlen (binname), "/"); + grub_strcpy (binname + grub_strlen (binname), binsuffix); + grub_dprintf ("xnu", "%s:%s\n", ctx.plistname, binname); +- binfile = grub_file_open (binname); ++ binfile = grub_file_open (binname, GRUB_FILE_TYPE_XNU_KEXT); + if (! binfile) + grub_errno = GRUB_ERR_NONE; + +@@ -1257,7 +1257,7 @@ grub_cmd_xnu_kext (grub_command_t cmd __attribute__ ((unused)), + /* User explicitly specified plist and binary. */ + if (grub_strcmp (args[1], "-") != 0) + { +- binfile = grub_file_open (args[1]); ++ binfile = grub_file_open (args[1], GRUB_FILE_TYPE_XNU_KEXT); + if (! binfile) + return grub_errno; + } +diff --git a/grub-core/loader/xnu_resume.c b/grub-core/loader/xnu_resume.c +index 99119558d..d648ef0cd 100644 +--- a/grub-core/loader/xnu_resume.c ++++ b/grub-core/loader/xnu_resume.c +@@ -53,8 +53,8 @@ grub_xnu_resume (char *imagename) + grub_addr_t target_image; + grub_err_t err; + +- grub_file_filter_disable_compression (); +- file = grub_file_open (imagename); ++ file = grub_file_open (imagename, GRUB_FILE_TYPE_XNU_HIBERNATE_IMAGE ++ | GRUB_FILE_TYPE_NO_DECOMPRESS); + if (! file) + return 0; + +diff --git a/grub-core/normal/autofs.c b/grub-core/normal/autofs.c +index 721b9c325..7a7cf2b0f 100644 +--- a/grub-core/normal/autofs.c ++++ b/grub-core/normal/autofs.c +@@ -33,12 +33,6 @@ autoload_fs_module (void) + { + grub_named_list_t p; + int ret = 0; +- grub_file_filter_t grub_file_filters_was[GRUB_FILE_FILTER_MAX]; +- +- grub_memcpy (grub_file_filters_was, grub_file_filters_enabled, +- sizeof (grub_file_filters_enabled)); +- grub_memcpy (grub_file_filters_enabled, grub_file_filters_all, +- sizeof (grub_file_filters_enabled)); + + while ((p = fs_module_list) != NULL) + { +@@ -56,9 +50,6 @@ autoload_fs_module (void) + grub_free (p); + } + +- grub_memcpy (grub_file_filters_enabled, grub_file_filters_was, +- sizeof (grub_file_filters_enabled)); +- + return ret; + } + +@@ -82,7 +73,7 @@ read_fs_list (const char *prefix) + tmp_autoload_hook = grub_fs_autoload_hook; + grub_fs_autoload_hook = NULL; + +- file = grub_file_open (filename); ++ file = grub_file_open (filename, GRUB_FILE_TYPE_GRUB_MODULE_LIST); + if (file) + { + /* Override previous fs.lst. */ +diff --git a/grub-core/normal/crypto.c b/grub-core/normal/crypto.c +index e6d345f33..d01e6f271 100644 +--- a/grub-core/normal/crypto.c ++++ b/grub-core/normal/crypto.c +@@ -94,7 +94,7 @@ read_crypto_list (const char *prefix) + return; + } + +- file = grub_file_open (filename); ++ file = grub_file_open (filename, GRUB_FILE_TYPE_GRUB_MODULE_LIST); + grub_free (filename); + if (!file) + { +diff --git a/grub-core/normal/dyncmd.c b/grub-core/normal/dyncmd.c +index 169c126f5..719ebf477 100644 +--- a/grub-core/normal/dyncmd.c ++++ b/grub-core/normal/dyncmd.c +@@ -106,7 +106,7 @@ read_command_list (const char *prefix) + { + grub_file_t file; + +- file = grub_file_open (filename); ++ file = grub_file_open (filename, GRUB_FILE_TYPE_GRUB_MODULE_LIST); + if (file) + { + char *buf = NULL; +diff --git a/grub-core/normal/main.c b/grub-core/normal/main.c +index 59fd54eb0..cee71a4c2 100644 +--- a/grub-core/normal/main.c ++++ b/grub-core/normal/main.c +@@ -127,7 +127,7 @@ read_config_file (const char *config) + } + + /* Try to open the config file. */ +- rawfile = grub_file_open (config); ++ rawfile = grub_file_open (config, GRUB_FILE_TYPE_CONFIG); + if (! rawfile) + return 0; + +diff --git a/grub-core/normal/term.c b/grub-core/normal/term.c +index 93a3a0d91..cc8c173b6 100644 +--- a/grub-core/normal/term.c ++++ b/grub-core/normal/term.c +@@ -331,7 +331,7 @@ read_terminal_list (const char *prefix) + return; + } + +- file = grub_file_open (filename); ++ file = grub_file_open (filename, GRUB_FILE_TYPE_GRUB_MODULE_LIST); + grub_free (filename); + if (!file) + { +diff --git a/grub-core/video/readers/jpeg.c b/grub-core/video/readers/jpeg.c +index 21b0d9ded..31359a4c9 100644 +--- a/grub-core/video/readers/jpeg.c ++++ b/grub-core/video/readers/jpeg.c +@@ -772,7 +772,7 @@ grub_video_reader_jpeg (struct grub_video_bitmap **bitmap, + grub_file_t file; + struct grub_jpeg_data *data; + +- file = grub_buffile_open (filename, 0); ++ file = grub_buffile_open (filename, GRUB_FILE_TYPE_PIXMAP, 0); + if (!file) + return grub_errno; + +diff --git a/grub-core/video/readers/png.c b/grub-core/video/readers/png.c +index 719e647e4..0157ff742 100644 +--- a/grub-core/video/readers/png.c ++++ b/grub-core/video/readers/png.c +@@ -1095,7 +1095,7 @@ grub_video_reader_png (struct grub_video_bitmap **bitmap, + grub_file_t file; + struct grub_png_data *data; + +- file = grub_buffile_open (filename, 0); ++ file = grub_buffile_open (filename, GRUB_FILE_TYPE_PIXMAP, 0); + if (!file) + return grub_errno; + +diff --git a/grub-core/video/readers/tga.c b/grub-core/video/readers/tga.c +index c7a16fa9c..7cb9d1d2a 100644 +--- a/grub-core/video/readers/tga.c ++++ b/grub-core/video/readers/tga.c +@@ -297,7 +297,7 @@ grub_video_reader_tga (struct grub_video_bitmap **bitmap, + + grub_memset (&data, 0, sizeof (data)); + +- data.file = grub_buffile_open (filename, 0); ++ data.file = grub_buffile_open (filename, GRUB_FILE_TYPE_PIXMAP, 0); + if (! data.file) + return grub_errno; + +diff --git a/util/grub-fstest.c b/util/grub-fstest.c +index 793aefa02..fe5982220 100644 +--- a/util/grub-fstest.c ++++ b/util/grub-fstest.c +@@ -120,9 +120,9 @@ read_file (char *pathname, int (*hook) (grub_off_t ofs, char *buf, int len, void + return; + } + +- if (uncompress == 0) +- grub_file_filter_disable_compression (); +- file = grub_file_open (pathname); ++ file = grub_file_open (pathname, ((uncompress == 0) ++ ? GRUB_FILE_TYPE_NO_DECOMPRESS : GRUB_FILE_TYPE_NONE) ++ | GRUB_FILE_TYPE_FSTEST); + if (!file) + { + grub_util_error (_("cannot open `%s': %s"), pathname, +diff --git a/util/grub-mount.c b/util/grub-mount.c +index a25db8a71..e32b502e7 100644 +--- a/util/grub-mount.c ++++ b/util/grub-mount.c +@@ -208,7 +208,7 @@ fuse_getattr (const char *path, struct stat *st) + if (!ctx.file_info.dir) + { + grub_file_t file; +- file = grub_file_open (path); ++ file = grub_file_open (path, GRUB_FILE_TYPE_GET_SIZE); + if (! file && grub_errno == GRUB_ERR_BAD_FILE_TYPE) + { + grub_errno = GRUB_ERR_NONE; +@@ -244,7 +244,7 @@ static int + fuse_open (const char *path, struct fuse_file_info *fi __attribute__ ((unused))) + { + grub_file_t file; +- file = grub_file_open (path); ++ file = grub_file_open (path, GRUB_FILE_TYPE_MOUNT); + if (! file) + return translate_error (); + files[first_fd++] = file; +@@ -308,7 +308,7 @@ fuse_readdir_call_fill (const char *filename, + grub_file_t file; + char *tmp; + tmp = xasprintf ("%s/%s", ctx->path, filename); +- file = grub_file_open (tmp); ++ file = grub_file_open (tmp, GRUB_FILE_TYPE_GET_SIZE); + free (tmp); + /* Symlink to directory. */ + if (! file && grub_errno == GRUB_ERR_BAD_FILE_TYPE) +diff --git a/include/grub/bufio.h b/include/grub/bufio.h +index 77eb8ee56..0ff72d103 100644 +--- a/include/grub/bufio.h ++++ b/include/grub/bufio.h +@@ -23,6 +23,8 @@ + #include + + grub_file_t EXPORT_FUNC (grub_bufio_open) (grub_file_t io, grub_size_t size); +-grub_file_t EXPORT_FUNC (grub_buffile_open) (const char *name, grub_size_t size); ++grub_file_t EXPORT_FUNC (grub_buffile_open) (const char *name, ++ enum grub_file_type type, ++ grub_size_t size); + + #endif /* ! GRUB_BUFIO_H */ +diff --git a/include/grub/elfload.h b/include/grub/elfload.h +index 9a7ae4ebb..dbb609c9b 100644 +--- a/include/grub/elfload.h ++++ b/include/grub/elfload.h +@@ -42,7 +42,7 @@ typedef int (*grub_elf32_phdr_iterate_hook_t) + typedef int (*grub_elf64_phdr_iterate_hook_t) + (grub_elf_t elf, Elf64_Phdr *phdr, void *arg); + +-grub_elf_t grub_elf_open (const char *); ++grub_elf_t grub_elf_open (const char *, enum grub_file_type type); + grub_elf_t grub_elf_file (grub_file_t file, const char *filename); + grub_err_t grub_elf_close (grub_elf_t); + +diff --git a/include/grub/file.h b/include/grub/file.h +index 739488cbe..5b47c5f91 100644 +--- a/include/grub/file.h ++++ b/include/grub/file.h +@@ -25,6 +25,109 @@ + #include + #include + ++enum grub_file_type ++ { ++ GRUB_FILE_TYPE_NONE = 0, ++ /* GRUB module to be loaded. */ ++ GRUB_FILE_TYPE_GRUB_MODULE, ++ /* Loopback file to be represented as disk. */ ++ GRUB_FILE_TYPE_LOOPBACK, ++ /* Linux kernel to be loaded. */ ++ GRUB_FILE_TYPE_LINUX_KERNEL, ++ /* Linux initrd. */ ++ GRUB_FILE_TYPE_LINUX_INITRD, ++ ++ /* Multiboot kernel. */ ++ GRUB_FILE_TYPE_MULTIBOOT_KERNEL, ++ /* Multiboot module. */ ++ GRUB_FILE_TYPE_MULTIBOOT_MODULE, ++ ++ GRUB_FILE_TYPE_BSD_KERNEL, ++ GRUB_FILE_TYPE_FREEBSD_ENV, ++ GRUB_FILE_TYPE_FREEBSD_MODULE, ++ GRUB_FILE_TYPE_FREEBSD_MODULE_ELF, ++ GRUB_FILE_TYPE_NETBSD_MODULE, ++ GRUB_FILE_TYPE_OPENBSD_RAMDISK, ++ ++ GRUB_FILE_TYPE_XNU_INFO_PLIST, ++ GRUB_FILE_TYPE_XNU_MKEXT, ++ GRUB_FILE_TYPE_XNU_KEXT, ++ GRUB_FILE_TYPE_XNU_KERNEL, ++ GRUB_FILE_TYPE_XNU_RAMDISK, ++ GRUB_FILE_TYPE_XNU_HIBERNATE_IMAGE, ++ GRUB_FILE_XNU_DEVPROP, ++ ++ GRUB_FILE_TYPE_PLAN9_KERNEL, ++ ++ GRUB_FILE_TYPE_NTLDR, ++ GRUB_FILE_TYPE_TRUECRYPT, ++ GRUB_FILE_TYPE_FREEDOS, ++ GRUB_FILE_TYPE_PXECHAINLOADER, ++ GRUB_FILE_TYPE_PCCHAINLOADER, ++ ++ GRUB_FILE_TYPE_COREBOOT_CHAINLOADER, ++ ++ GRUB_FILE_TYPE_EFI_CHAINLOADED_IMAGE, ++ ++ /* File holding signature. */ ++ GRUB_FILE_TYPE_SIGNATURE, ++ /* File holding public key to verify signature once. */ ++ GRUB_FILE_TYPE_PUBLIC_KEY, ++ /* File holding public key to add to trused keys. */ ++ GRUB_FILE_TYPE_PUBLIC_KEY_TRUST, ++ /* File of which we intend to print a blocklist to the user. */ ++ GRUB_FILE_TYPE_PRINT_BLOCKLIST, ++ /* File we intend to use for test loading or testing speed. */ ++ GRUB_FILE_TYPE_TESTLOAD, ++ /* File we open only to get its size. E.g. in ls output. */ ++ GRUB_FILE_TYPE_GET_SIZE, ++ /* Font file. */ ++ GRUB_FILE_TYPE_FONT, ++ /* File holding encryption key for encrypted ZFS. */ ++ GRUB_FILE_TYPE_ZFS_ENCRYPTION_KEY, ++ /* File we open n grub-fstest. */ ++ GRUB_FILE_TYPE_FSTEST, ++ /* File we open n grub-mount. */ ++ GRUB_FILE_TYPE_MOUNT, ++ /* File which we attempt to identify the type of. */ ++ GRUB_FILE_TYPE_FILE_ID, ++ /* File holding ACPI table. */ ++ GRUB_FILE_TYPE_ACPI_TABLE, ++ /* File we intend show to user. */ ++ GRUB_FILE_TYPE_CAT, ++ GRUB_FILE_TYPE_HEXCAT, ++ /* One of pair of files we intend to compare. */ ++ GRUB_FILE_TYPE_CMP, ++ /* List of hashes for hashsum. */ ++ GRUB_FILE_TYPE_HASHLIST, ++ /* File hashed by hashsum. */ ++ GRUB_FILE_TYPE_TO_HASH, ++ /* Keyboard layout. */ ++ GRUB_FILE_TYPE_KEYBOARD_LAYOUT, ++ /* Picture file. */ ++ GRUB_FILE_TYPE_PIXMAP, ++ /* *.lst shipped by GRUB. */ ++ GRUB_FILE_TYPE_GRUB_MODULE_LIST, ++ /* config file. */ ++ GRUB_FILE_TYPE_CONFIG, ++ GRUB_FILE_TYPE_THEME, ++ GRUB_FILE_TYPE_GETTEXT_CATALOG, ++ GRUB_FILE_TYPE_FS_SEARCH, ++ GRUB_FILE_TYPE_AUDIO, ++ GRUB_FILE_TYPE_VBE_DUMP, ++ ++ GRUB_FILE_TYPE_LOADENV, ++ GRUB_FILE_TYPE_SAVEENV, ++ ++ GRUB_FILE_TYPE_VERIFY_SIGNATURE, ++ ++ GRUB_FILE_TYPE_MASK = 0xffff, ++ ++ /* --skip-sig is specified. */ ++ GRUB_FILE_TYPE_SKIP_SIGNATURE = 0x10000, ++ GRUB_FILE_TYPE_NO_DECOMPRESS = 0x20000 ++ }; ++ + /* File description. */ + struct grub_file + { +@@ -77,61 +180,26 @@ typedef enum grub_file_filter_id + GRUB_FILE_FILTER_COMPRESSION_LAST = GRUB_FILE_FILTER_LZOPIO, + } grub_file_filter_id_t; + +-typedef grub_file_t (*grub_file_filter_t) (grub_file_t in, const char *filename); ++typedef grub_file_t (*grub_file_filter_t) (grub_file_t in, enum grub_file_type type); + +-extern grub_file_filter_t EXPORT_VAR(grub_file_filters_all)[GRUB_FILE_FILTER_MAX]; +-extern grub_file_filter_t EXPORT_VAR(grub_file_filters_enabled)[GRUB_FILE_FILTER_MAX]; ++extern grub_file_filter_t EXPORT_VAR(grub_file_filters)[GRUB_FILE_FILTER_MAX]; + + static inline void + grub_file_filter_register (grub_file_filter_id_t id, grub_file_filter_t filter) + { +- grub_file_filters_all[id] = filter; +- grub_file_filters_enabled[id] = filter; ++ grub_file_filters[id] = filter; + } + + static inline void + grub_file_filter_unregister (grub_file_filter_id_t id) + { +- grub_file_filters_all[id] = 0; +- grub_file_filters_enabled[id] = 0; +-} +- +-static inline void +-grub_file_filter_disable (grub_file_filter_id_t id) +-{ +- grub_file_filters_enabled[id] = 0; +-} +- +-static inline void +-grub_file_filter_disable_compression (void) +-{ +- grub_file_filter_id_t id; +- +- for (id = GRUB_FILE_FILTER_COMPRESSION_FIRST; +- id <= GRUB_FILE_FILTER_COMPRESSION_LAST; id++) +- grub_file_filters_enabled[id] = 0; +-} +- +-static inline void +-grub_file_filter_disable_all (void) +-{ +- grub_file_filter_id_t id; +- +- for (id = 0; +- id < GRUB_FILE_FILTER_MAX; id++) +- grub_file_filters_enabled[id] = 0; +-} +- +-static inline void +-grub_file_filter_disable_pubkey (void) +-{ +- grub_file_filters_enabled[GRUB_FILE_FILTER_PUBKEY] = 0; ++ grub_file_filters[id] = 0; + } + + /* Get a device name from NAME. */ + char *EXPORT_FUNC(grub_file_get_device_name) (const char *name); + +-grub_file_t EXPORT_FUNC(grub_file_open) (const char *name); ++grub_file_t EXPORT_FUNC(grub_file_open) (const char *name, enum grub_file_type type); + grub_ssize_t EXPORT_FUNC(grub_file_read) (grub_file_t file, void *buf, + grub_size_t len); + grub_off_t EXPORT_FUNC(grub_file_seek) (grub_file_t file, grub_off_t offset); +@@ -159,8 +227,8 @@ grub_file_seekable (const grub_file_t file) + } + + grub_file_t +-grub_file_offset_open (grub_file_t parent, grub_off_t start, +- grub_off_t size); ++grub_file_offset_open (grub_file_t parent, enum grub_file_type type, ++ grub_off_t start, grub_off_t size); + void + grub_file_offset_close (grub_file_t file); + +diff --git a/include/grub/machoload.h b/include/grub/machoload.h +index 1eec118f1..f1157f410 100644 +--- a/include/grub/machoload.h ++++ b/include/grub/machoload.h +@@ -49,7 +49,8 @@ struct grub_macho_file + }; + typedef struct grub_macho_file *grub_macho_t; + +-grub_macho_t grub_macho_open (const char *, int is_64bit); ++grub_macho_t grub_macho_open (const char *, enum grub_file_type type, ++ int is_64bit); + grub_macho_t grub_macho_file (grub_file_t file, const char *filename, + int is_64bit); + grub_err_t grub_macho_close (grub_macho_t); diff --git a/SOURCES/0331-verifiers-Framework-core.patch b/SOURCES/0331-verifiers-Framework-core.patch new file mode 100644 index 0000000..e091336 --- /dev/null +++ b/SOURCES/0331-verifiers-Framework-core.patch @@ -0,0 +1,1026 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Vladimir Serbinenko +Date: Sun, 5 Feb 2017 14:25:47 +0100 +Subject: [PATCH] verifiers: Framework core + +Verifiers framework provides core file verification functionality which +can be used by various security mechanisms, e.g., UEFI secure boot, TPM, +PGP signature verification, etc. + +The patch contains PGP code changes and probably they should be extracted +to separate patch for the sake of clarity. + +Signed-off-by: Vladimir Serbinenko +Signed-off-by: Daniel Kiper +Reviewed-by: Ross Philipson +(cherry picked from commit 75a919e334f8514b6adbc024743cfcd9b88fa394) +Signed-off-by: Daniel Axtens +--- + grub-core/Makefile.core.def | 5 + + grub-core/commands/verifiers.c | 197 ++++++++++++++ + grub-core/commands/verify.c | 566 ++++++++++++++++++++--------------------- + include/grub/file.h | 2 +- + include/grub/list.h | 1 + + include/grub/verify.h | 65 +++++ + 6 files changed, 539 insertions(+), 297 deletions(-) + create mode 100644 grub-core/commands/verifiers.c + create mode 100644 include/grub/verify.h + +diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def +index c8a50b4fc..29c3bf6cd 100644 +--- a/grub-core/Makefile.core.def ++++ b/grub-core/Makefile.core.def +@@ -921,6 +921,11 @@ module = { + cppflags = '-I$(srcdir)/lib/posix_wrap'; + }; + ++module = { ++ name = verifiers; ++ common = commands/verifiers.c; ++}; ++ + module = { + name = hdparm; + common = commands/hdparm.c; +diff --git a/grub-core/commands/verifiers.c b/grub-core/commands/verifiers.c +new file mode 100644 +index 000000000..fde88318d +--- /dev/null ++++ b/grub-core/commands/verifiers.c +@@ -0,0 +1,197 @@ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2017 Free Software Foundation, Inc. ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ * ++ * Verifiers helper. ++ */ ++ ++#include ++#include ++#include ++ ++GRUB_MOD_LICENSE ("GPLv3+"); ++ ++struct grub_file_verifier *grub_file_verifiers; ++ ++struct grub_verified ++{ ++ grub_file_t file; ++ void *buf; ++}; ++typedef struct grub_verified *grub_verified_t; ++ ++static void ++verified_free (grub_verified_t verified) ++{ ++ if (verified) ++ { ++ grub_free (verified->buf); ++ grub_free (verified); ++ } ++} ++ ++static grub_ssize_t ++verified_read (struct grub_file *file, char *buf, grub_size_t len) ++{ ++ grub_verified_t verified = file->data; ++ ++ grub_memcpy (buf, (char *) verified->buf + file->offset, len); ++ return len; ++} ++ ++static grub_err_t ++verified_close (struct grub_file *file) ++{ ++ grub_verified_t verified = file->data; ++ ++ grub_file_close (verified->file); ++ verified_free (verified); ++ file->data = 0; ++ ++ /* Device and name are freed by parent. */ ++ file->device = 0; ++ file->name = 0; ++ ++ return grub_errno; ++} ++ ++struct grub_fs verified_fs = ++{ ++ .name = "verified_read", ++ .read = verified_read, ++ .close = verified_close ++}; ++ ++static grub_file_t ++grub_verifiers_open (grub_file_t io, enum grub_file_type type) ++{ ++ grub_verified_t verified = NULL; ++ struct grub_file_verifier *ver; ++ void *context; ++ grub_file_t ret = 0; ++ grub_err_t err; ++ ++ grub_dprintf ("verify", "file: %s type: %d\n", io->name, type); ++ ++ if ((type & GRUB_FILE_TYPE_MASK) == GRUB_FILE_TYPE_SIGNATURE ++ || (type & GRUB_FILE_TYPE_MASK) == GRUB_FILE_TYPE_VERIFY_SIGNATURE ++ || (type & GRUB_FILE_TYPE_SKIP_SIGNATURE)) ++ return io; ++ ++ if (io->device->disk && ++ (io->device->disk->dev->id == GRUB_DISK_DEVICE_MEMDISK_ID ++ || io->device->disk->dev->id == GRUB_DISK_DEVICE_PROCFS_ID)) ++ return io; ++ ++ FOR_LIST_ELEMENTS(ver, grub_file_verifiers) ++ { ++ enum grub_verify_flags flags = 0; ++ err = ver->init (io, type, &context, &flags); ++ if (err) ++ goto fail_noclose; ++ if (!(flags & GRUB_VERIFY_FLAGS_SKIP_VERIFICATION)) ++ break; ++ } ++ ++ if (!ver) ++ /* No verifiers wanted to verify. Just return underlying file. */ ++ return io; ++ ++ ret = grub_malloc (sizeof (*ret)); ++ if (!ret) ++ { ++ goto fail; ++ } ++ *ret = *io; ++ ++ ret->fs = &verified_fs; ++ ret->not_easily_seekable = 0; ++ if (ret->size >> (sizeof (grub_size_t) * GRUB_CHAR_BIT - 1)) ++ { ++ grub_error (GRUB_ERR_NOT_IMPLEMENTED_YET, ++ N_("big file signature isn't implemented yet")); ++ goto fail; ++ } ++ verified = grub_malloc (sizeof (*verified)); ++ if (!verified) ++ { ++ goto fail; ++ } ++ verified->buf = grub_malloc (ret->size); ++ if (!verified->buf) ++ { ++ goto fail; ++ } ++ if (grub_file_read (io, verified->buf, ret->size) != (grub_ssize_t) ret->size) ++ { ++ if (!grub_errno) ++ grub_error (GRUB_ERR_FILE_READ_ERROR, N_("premature end of file %s"), ++ io->name); ++ goto fail; ++ } ++ ++ err = ver->write (context, verified->buf, ret->size); ++ if (err) ++ goto fail; ++ ++ err = ver->fini ? ver->fini (context) : GRUB_ERR_NONE; ++ if (err) ++ goto fail; ++ ++ if (ver->close) ++ ver->close (context); ++ ++ FOR_LIST_ELEMENTS_NEXT(ver, grub_file_verifiers) ++ { ++ enum grub_verify_flags flags = 0; ++ err = ver->init (io, type, &context, &flags); ++ if (err) ++ goto fail_noclose; ++ if (flags & GRUB_VERIFY_FLAGS_SKIP_VERIFICATION) ++ continue; ++ err = ver->write (context, verified->buf, ret->size); ++ if (err) ++ goto fail; ++ ++ err = ver->fini ? ver->fini (context) : GRUB_ERR_NONE; ++ if (err) ++ goto fail; ++ ++ if (ver->close) ++ ver->close (context); ++ } ++ ++ verified->file = io; ++ ret->data = verified; ++ return ret; ++ ++ fail: ++ ver->close (context); ++ fail_noclose: ++ verified_free (verified); ++ grub_free (ret); ++ return NULL; ++} ++ ++GRUB_MOD_INIT(verifiers) ++{ ++ grub_file_filter_register (GRUB_FILE_FILTER_VERIFY, grub_verifiers_open); ++} ++ ++GRUB_MOD_FINI(verifiers) ++{ ++ grub_file_filter_unregister (GRUB_FILE_FILTER_VERIFY); ++} +diff --git a/grub-core/commands/verify.c b/grub-core/commands/verify.c +index f0dfeceeb..29e74a640 100644 +--- a/grub-core/commands/verify.c ++++ b/grub-core/commands/verify.c +@@ -30,16 +30,10 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +-struct grub_verified +-{ +- grub_file_t file; +- void *buf; +-}; +-typedef struct grub_verified *grub_verified_t; +- + enum + { + OPTION_SKIP_SIG = 0 +@@ -445,23 +439,27 @@ rsa_pad (gcry_mpi_t *hmpi, grub_uint8_t *hval, + return ret; + } + +-static grub_err_t +-grub_verify_signature_real (char *buf, grub_size_t size, +- grub_file_t f, grub_file_t sig, +- struct grub_public_key *pkey) ++struct grub_pubkey_context + { +- grub_size_t len; ++ grub_file_t sig; ++ struct signature_v4_header v4; + grub_uint8_t v; ++ const gcry_md_spec_t *hash; ++ void *hash_context; ++}; ++ ++static grub_err_t ++grub_verify_signature_init (struct grub_pubkey_context *ctxt, grub_file_t sig) ++{ ++ grub_size_t len; + grub_uint8_t h; + grub_uint8_t t; + grub_uint8_t pk; +- const gcry_md_spec_t *hash; +- struct signature_v4_header v4; + grub_err_t err; +- grub_size_t i; +- gcry_mpi_t mpis[10]; + grub_uint8_t type = 0; + ++ grub_memset (ctxt, 0, sizeof (*ctxt)); ++ + err = read_packet_header (sig, &type, &len); + if (err) + return err; +@@ -469,18 +467,18 @@ grub_verify_signature_real (char *buf, grub_size_t size, + if (type != 0x2) + return grub_error (GRUB_ERR_BAD_SIGNATURE, N_("bad signature")); + +- if (grub_file_read (sig, &v, sizeof (v)) != sizeof (v)) ++ if (grub_file_read (sig, &ctxt->v, sizeof (ctxt->v)) != sizeof (ctxt->v)) + return grub_error (GRUB_ERR_BAD_SIGNATURE, N_("bad signature")); + +- if (v != 4) ++ if (ctxt->v != 4) + return grub_error (GRUB_ERR_BAD_SIGNATURE, N_("bad signature")); + +- if (grub_file_read (sig, &v4, sizeof (v4)) != sizeof (v4)) ++ if (grub_file_read (sig, &ctxt->v4, sizeof (ctxt->v4)) != sizeof (ctxt->v4)) + return grub_error (GRUB_ERR_BAD_SIGNATURE, N_("bad signature")); + +- h = v4.hash; +- t = v4.type; +- pk = v4.pkeyalgo; ++ h = ctxt->v4.hash; ++ t = ctxt->v4.type; ++ pk = ctxt->v4.pkeyalgo; + + if (t != 0) + return grub_error (GRUB_ERR_BAD_SIGNATURE, N_("bad signature")); +@@ -491,183 +489,233 @@ grub_verify_signature_real (char *buf, grub_size_t size, + if (pk >= ARRAY_SIZE (pkalgos) || pkalgos[pk].name == NULL) + return grub_error (GRUB_ERR_BAD_SIGNATURE, N_("bad signature")); + +- hash = grub_crypto_lookup_md_by_name (hashes[h]); +- if (!hash) ++ ctxt->hash = grub_crypto_lookup_md_by_name (hashes[h]); ++ if (!ctxt->hash) + return grub_error (GRUB_ERR_BAD_SIGNATURE, "hash `%s' not loaded", hashes[h]); + + grub_dprintf ("crypt", "alive\n"); + +- { +- void *context = NULL; +- unsigned char *hval; +- grub_ssize_t rem = grub_be_to_cpu16 (v4.hashed_sub); +- grub_uint32_t headlen = grub_cpu_to_be32 (rem + 6); +- grub_uint8_t s; +- grub_uint16_t unhashed_sub; +- grub_ssize_t r; +- grub_uint8_t hash_start[2]; +- gcry_mpi_t hmpi; +- grub_uint64_t keyid = 0; +- struct grub_public_subkey *sk; +- grub_uint8_t *readbuf = NULL; ++ ctxt->sig = sig; + +- context = grub_zalloc (hash->contextsize); +- readbuf = grub_zalloc (READBUF_SIZE); +- if (!context || !readbuf) +- goto fail; +- +- hash->init (context); +- if (buf) +- hash->write (context, buf, size); +- else +- while (1) +- { +- r = grub_file_read (f, readbuf, READBUF_SIZE); +- if (r < 0) +- goto fail; +- if (r == 0) +- break; +- hash->write (context, readbuf, r); +- } +- +- hash->write (context, &v, sizeof (v)); +- hash->write (context, &v4, sizeof (v4)); +- while (rem) +- { +- r = grub_file_read (sig, readbuf, +- rem < READBUF_SIZE ? rem : READBUF_SIZE); +- if (r < 0) +- goto fail; +- if (r == 0) +- break; +- hash->write (context, readbuf, r); +- rem -= r; +- } +- hash->write (context, &v, sizeof (v)); +- s = 0xff; +- hash->write (context, &s, sizeof (s)); +- hash->write (context, &headlen, sizeof (headlen)); +- r = grub_file_read (sig, &unhashed_sub, sizeof (unhashed_sub)); +- if (r != sizeof (unhashed_sub)) +- goto fail; +- { +- grub_uint8_t *ptr; +- grub_uint32_t l; +- rem = grub_be_to_cpu16 (unhashed_sub); +- if (rem > READBUF_SIZE) +- goto fail; +- r = grub_file_read (sig, readbuf, rem); +- if (r != rem) +- goto fail; +- for (ptr = readbuf; ptr < readbuf + rem; ptr += l) +- { +- if (*ptr < 192) +- l = *ptr++; +- else if (*ptr < 255) +- { +- if (ptr + 1 >= readbuf + rem) +- break; +- l = (((ptr[0] & ~192) << GRUB_CHAR_BIT) | ptr[1]) + 192; +- ptr += 2; +- } +- else +- { +- if (ptr + 5 >= readbuf + rem) +- break; +- l = grub_be_to_cpu32 (grub_get_unaligned32 (ptr + 1)); +- ptr += 5; +- } +- if (*ptr == 0x10 && l >= 8) +- keyid = grub_get_unaligned64 (ptr + 1); +- } +- } +- +- hash->final (context); +- +- grub_dprintf ("crypt", "alive\n"); +- +- hval = hash->read (context); +- +- if (grub_file_read (sig, hash_start, sizeof (hash_start)) != sizeof (hash_start)) +- goto fail; +- if (grub_memcmp (hval, hash_start, sizeof (hash_start)) != 0) +- goto fail; +- +- grub_dprintf ("crypt", "@ %x\n", (int)grub_file_tell (sig)); +- +- for (i = 0; i < pkalgos[pk].nmpisig; i++) +- { +- grub_uint16_t l; +- grub_size_t lb; +- grub_dprintf ("crypt", "alive\n"); +- if (grub_file_read (sig, &l, sizeof (l)) != sizeof (l)) +- goto fail; +- grub_dprintf ("crypt", "alive\n"); +- lb = (grub_be_to_cpu16 (l) + 7) / 8; +- grub_dprintf ("crypt", "l = 0x%04x\n", grub_be_to_cpu16 (l)); +- if (lb > READBUF_SIZE - sizeof (grub_uint16_t)) +- goto fail; +- grub_dprintf ("crypt", "alive\n"); +- if (grub_file_read (sig, readbuf + sizeof (grub_uint16_t), lb) != (grub_ssize_t) lb) +- goto fail; +- grub_dprintf ("crypt", "alive\n"); +- grub_memcpy (readbuf, &l, sizeof (l)); +- grub_dprintf ("crypt", "alive\n"); +- +- if (gcry_mpi_scan (&mpis[i], GCRYMPI_FMT_PGP, +- readbuf, lb + sizeof (grub_uint16_t), 0)) +- goto fail; +- grub_dprintf ("crypt", "alive\n"); +- } +- +- if (pkey) +- sk = grub_crypto_pk_locate_subkey (keyid, pkey); +- else +- sk = grub_crypto_pk_locate_subkey_in_trustdb (keyid); +- if (!sk) +- { +- /* TRANSLATORS: %08x is 32-bit key id. */ +- grub_error (GRUB_ERR_BAD_SIGNATURE, N_("public key %08x not found"), +- keyid); +- goto fail; +- } +- +- if (pkalgos[pk].pad (&hmpi, hval, hash, sk)) +- goto fail; +- if (!*pkalgos[pk].algo) +- { +- grub_dl_load (pkalgos[pk].module); +- grub_errno = GRUB_ERR_NONE; +- } +- +- if (!*pkalgos[pk].algo) +- { +- grub_error (GRUB_ERR_BAD_SIGNATURE, N_("module `%s' isn't loaded"), +- pkalgos[pk].module); +- goto fail; +- } +- if ((*pkalgos[pk].algo)->verify (0, hmpi, mpis, sk->mpis, 0, 0)) +- goto fail; +- +- grub_free (context); +- grub_free (readbuf); +- +- return GRUB_ERR_NONE; +- +- fail: +- grub_free (context); +- grub_free (readbuf); +- if (!grub_errno) +- return grub_error (GRUB_ERR_BAD_SIGNATURE, N_("bad signature")); ++ ctxt->hash_context = grub_zalloc (ctxt->hash->contextsize); ++ if (!ctxt->hash_context) + return grub_errno; ++ ++ ctxt->hash->init (ctxt->hash_context); ++ ++ return GRUB_ERR_NONE; ++} ++ ++static grub_err_t ++grub_pubkey_write (void *ctxt_, void *buf, grub_size_t size) ++{ ++ struct grub_pubkey_context *ctxt = ctxt_; ++ ctxt->hash->write (ctxt->hash_context, buf, size); ++ return GRUB_ERR_NONE; ++} ++ ++static grub_err_t ++grub_verify_signature_real (struct grub_pubkey_context *ctxt, ++ struct grub_public_key *pkey) ++{ ++ gcry_mpi_t mpis[10]; ++ grub_uint8_t pk = ctxt->v4.pkeyalgo; ++ grub_size_t i; ++ grub_uint8_t *readbuf = NULL; ++ unsigned char *hval; ++ grub_ssize_t rem = grub_be_to_cpu16 (ctxt->v4.hashed_sub); ++ grub_uint32_t headlen = grub_cpu_to_be32 (rem + 6); ++ grub_uint8_t s; ++ grub_uint16_t unhashed_sub; ++ grub_ssize_t r; ++ grub_uint8_t hash_start[2]; ++ gcry_mpi_t hmpi; ++ grub_uint64_t keyid = 0; ++ struct grub_public_subkey *sk; ++ ++ readbuf = grub_malloc (READBUF_SIZE); ++ if (!readbuf) ++ goto fail; ++ ++ ctxt->hash->write (ctxt->hash_context, &ctxt->v, sizeof (ctxt->v)); ++ ctxt->hash->write (ctxt->hash_context, &ctxt->v4, sizeof (ctxt->v4)); ++ while (rem) ++ { ++ r = grub_file_read (ctxt->sig, readbuf, ++ rem < READBUF_SIZE ? rem : READBUF_SIZE); ++ if (r < 0) ++ goto fail; ++ if (r == 0) ++ break; ++ ctxt->hash->write (ctxt->hash_context, readbuf, r); ++ rem -= r; ++ } ++ ctxt->hash->write (ctxt->hash_context, &ctxt->v, sizeof (ctxt->v)); ++ s = 0xff; ++ ctxt->hash->write (ctxt->hash_context, &s, sizeof (s)); ++ ctxt->hash->write (ctxt->hash_context, &headlen, sizeof (headlen)); ++ r = grub_file_read (ctxt->sig, &unhashed_sub, sizeof (unhashed_sub)); ++ if (r != sizeof (unhashed_sub)) ++ goto fail; ++ { ++ grub_uint8_t *ptr; ++ grub_uint32_t l; ++ rem = grub_be_to_cpu16 (unhashed_sub); ++ if (rem > READBUF_SIZE) ++ goto fail; ++ r = grub_file_read (ctxt->sig, readbuf, rem); ++ if (r != rem) ++ goto fail; ++ for (ptr = readbuf; ptr < readbuf + rem; ptr += l) ++ { ++ if (*ptr < 192) ++ l = *ptr++; ++ else if (*ptr < 255) ++ { ++ if (ptr + 1 >= readbuf + rem) ++ break; ++ l = (((ptr[0] & ~192) << GRUB_CHAR_BIT) | ptr[1]) + 192; ++ ptr += 2; ++ } ++ else ++ { ++ if (ptr + 5 >= readbuf + rem) ++ break; ++ l = grub_be_to_cpu32 (grub_get_unaligned32 (ptr + 1)); ++ ptr += 5; ++ } ++ if (*ptr == 0x10 && l >= 8) ++ keyid = grub_get_unaligned64 (ptr + 1); ++ } + } ++ ++ ctxt->hash->final (ctxt->hash_context); ++ ++ grub_dprintf ("crypt", "alive\n"); ++ ++ hval = ctxt->hash->read (ctxt->hash_context); ++ ++ if (grub_file_read (ctxt->sig, hash_start, sizeof (hash_start)) != sizeof (hash_start)) ++ goto fail; ++ if (grub_memcmp (hval, hash_start, sizeof (hash_start)) != 0) ++ goto fail; ++ ++ grub_dprintf ("crypt", "@ %x\n", (int)grub_file_tell (ctxt->sig)); ++ ++ for (i = 0; i < pkalgos[pk].nmpisig; i++) ++ { ++ grub_uint16_t l; ++ grub_size_t lb; ++ grub_dprintf ("crypt", "alive\n"); ++ if (grub_file_read (ctxt->sig, &l, sizeof (l)) != sizeof (l)) ++ goto fail; ++ grub_dprintf ("crypt", "alive\n"); ++ lb = (grub_be_to_cpu16 (l) + 7) / 8; ++ grub_dprintf ("crypt", "l = 0x%04x\n", grub_be_to_cpu16 (l)); ++ if (lb > READBUF_SIZE - sizeof (grub_uint16_t)) ++ goto fail; ++ grub_dprintf ("crypt", "alive\n"); ++ if (grub_file_read (ctxt->sig, readbuf + sizeof (grub_uint16_t), lb) != (grub_ssize_t) lb) ++ goto fail; ++ grub_dprintf ("crypt", "alive\n"); ++ grub_memcpy (readbuf, &l, sizeof (l)); ++ grub_dprintf ("crypt", "alive\n"); ++ ++ if (gcry_mpi_scan (&mpis[i], GCRYMPI_FMT_PGP, ++ readbuf, lb + sizeof (grub_uint16_t), 0)) ++ goto fail; ++ grub_dprintf ("crypt", "alive\n"); ++ } ++ ++ if (pkey) ++ sk = grub_crypto_pk_locate_subkey (keyid, pkey); ++ else ++ sk = grub_crypto_pk_locate_subkey_in_trustdb (keyid); ++ if (!sk) ++ { ++ /* TRANSLATORS: %08x is 32-bit key id. */ ++ grub_error (GRUB_ERR_BAD_SIGNATURE, N_("public key %08x not found"), ++ keyid); ++ goto fail; ++ } ++ ++ if (pkalgos[pk].pad (&hmpi, hval, ctxt->hash, sk)) ++ goto fail; ++ if (!*pkalgos[pk].algo) ++ { ++ grub_dl_load (pkalgos[pk].module); ++ grub_errno = GRUB_ERR_NONE; ++ } ++ ++ if (!*pkalgos[pk].algo) ++ { ++ grub_error (GRUB_ERR_BAD_SIGNATURE, N_("module `%s' isn't loaded"), ++ pkalgos[pk].module); ++ goto fail; ++ } ++ if ((*pkalgos[pk].algo)->verify (0, hmpi, mpis, sk->mpis, 0, 0)) ++ goto fail; ++ ++ grub_free (readbuf); ++ ++ return GRUB_ERR_NONE; ++ ++ fail: ++ grub_free (readbuf); ++ if (!grub_errno) ++ return grub_error (GRUB_ERR_BAD_SIGNATURE, N_("bad signature")); ++ return grub_errno; ++} ++ ++static void ++grub_pubkey_close_real (struct grub_pubkey_context *ctxt) ++{ ++ if (ctxt->sig) ++ grub_file_close (ctxt->sig); ++ if (ctxt->hash_context) ++ grub_free (ctxt->hash_context); ++} ++ ++static void ++grub_pubkey_close (void *ctxt) ++{ ++ grub_pubkey_close_real (ctxt); ++ grub_free (ctxt); + } + + grub_err_t + grub_verify_signature (grub_file_t f, grub_file_t sig, + struct grub_public_key *pkey) + { +- return grub_verify_signature_real (0, 0, f, sig, pkey); ++ grub_err_t err; ++ struct grub_pubkey_context ctxt; ++ grub_uint8_t *readbuf = NULL; ++ ++ err = grub_verify_signature_init (&ctxt, sig); ++ if (err) ++ return err; ++ ++ readbuf = grub_zalloc (READBUF_SIZE); ++ if (!readbuf) ++ goto fail; ++ ++ while (1) ++ { ++ grub_ssize_t r; ++ r = grub_file_read (f, readbuf, READBUF_SIZE); ++ if (r < 0) ++ goto fail; ++ if (r == 0) ++ break; ++ err = grub_pubkey_write (&ctxt, readbuf, r); ++ if (err) ++ return err; ++ } ++ ++ grub_verify_signature_real (&ctxt, pkey); ++ fail: ++ grub_pubkey_close_real (&ctxt); ++ return grub_errno; + } + + static grub_err_t +@@ -819,134 +867,52 @@ grub_cmd_verify_signature (grub_extcmd_context_t ctxt, + + static int sec = 0; + +-static void +-verified_free (grub_verified_t verified) +-{ +- if (verified) +- { +- grub_free (verified->buf); +- grub_free (verified); +- } +-} +- +-static grub_ssize_t +-verified_read (struct grub_file *file, char *buf, grub_size_t len) +-{ +- grub_verified_t verified = file->data; +- +- grub_memcpy (buf, (char *) verified->buf + file->offset, len); +- return len; +-} +- + static grub_err_t +-verified_close (struct grub_file *file) +-{ +- grub_verified_t verified = file->data; +- +- grub_file_close (verified->file); +- verified_free (verified); +- file->data = 0; +- +- /* device and name are freed by parent */ +- file->device = 0; +- file->name = 0; +- +- return grub_errno; +-} +- +-struct grub_fs verified_fs = +-{ +- .name = "verified_read", +- .read = verified_read, +- .close = verified_close +-}; +- +-static grub_file_t +-grub_pubkey_open (grub_file_t io, enum grub_file_type type) ++grub_pubkey_init (grub_file_t io, enum grub_file_type type __attribute__ ((unused)), ++ void **context, enum grub_verify_flags *flags) + { + grub_file_t sig; + char *fsuf, *ptr; + grub_err_t err; +- grub_file_t ret; +- grub_verified_t verified; +- +- if ((type & GRUB_FILE_TYPE_MASK) == GRUB_FILE_TYPE_SIGNATURE +- || (type & GRUB_FILE_TYPE_MASK) == GRUB_FILE_TYPE_VERIFY_SIGNATURE +- || (type & GRUB_FILE_TYPE_SKIP_SIGNATURE)) +- return io; ++ struct grub_pubkey_context *ctxt; + + if (!sec) +- return io; +- if (io->device->disk && +- (io->device->disk->dev->id == GRUB_DISK_DEVICE_MEMDISK_ID +- || io->device->disk->dev->id == GRUB_DISK_DEVICE_PROCFS_ID)) +- return io; ++ { ++ *flags = GRUB_VERIFY_FLAGS_SKIP_VERIFICATION; ++ return GRUB_ERR_NONE; ++ } ++ + fsuf = grub_malloc (grub_strlen (io->name) + sizeof (".sig")); + if (!fsuf) +- return NULL; ++ return grub_errno; + ptr = grub_stpcpy (fsuf, io->name); + grub_memcpy (ptr, ".sig", sizeof (".sig")); + + sig = grub_file_open (fsuf, GRUB_FILE_TYPE_SIGNATURE); + grub_free (fsuf); + if (!sig) +- return NULL; ++ return grub_errno; + +- ret = grub_malloc (sizeof (*ret)); +- if (!ret) ++ ctxt = grub_malloc (sizeof (*ctxt)); ++ if (!ctxt) + { + grub_file_close (sig); +- return NULL; ++ return grub_errno; + } +- *ret = *io; +- +- ret->fs = &verified_fs; +- ret->not_easily_seekable = 0; +- if (ret->size >> (sizeof (grub_size_t) * GRUB_CHAR_BIT - 1)) +- { +- grub_error (GRUB_ERR_NOT_IMPLEMENTED_YET, +- "big file signature isn't implemented yet"); +- grub_file_close (sig); +- grub_free (ret); +- return NULL; +- } +- verified = grub_malloc (sizeof (*verified)); +- if (!verified) +- { +- grub_file_close (sig); +- grub_free (ret); +- return NULL; +- } +- verified->buf = grub_malloc (ret->size); +- if (!verified->buf) +- { +- grub_file_close (sig); +- verified_free (verified); +- grub_free (ret); +- return NULL; +- } +- if (grub_file_read (io, verified->buf, ret->size) != (grub_ssize_t) ret->size) +- { +- if (!grub_errno) +- grub_error (GRUB_ERR_FILE_READ_ERROR, N_("premature end of file %s"), +- io->name); +- grub_file_close (sig); +- verified_free (verified); +- grub_free (ret); +- return NULL; +- } +- +- err = grub_verify_signature_real (verified->buf, ret->size, 0, sig, NULL); +- grub_file_close (sig); ++ err = grub_verify_signature_init (ctxt, sig); + if (err) + { +- verified_free (verified); +- grub_free (ret); +- return NULL; ++ grub_pubkey_close (ctxt); ++ return err; + } +- verified->file = io; +- ret->data = verified; +- return ret; ++ *context = ctxt; ++ return GRUB_ERR_NONE; ++} ++ ++static grub_err_t ++grub_pubkey_fini (void *ctxt) ++{ ++ return grub_verify_signature_real (ctxt, NULL); + } + + static char * +@@ -970,8 +936,16 @@ struct grub_fs pseudo_fs = + { + .name = "pseudo", + .read = pseudo_read +-}; ++ }; + ++struct grub_file_verifier grub_pubkey_verifier = ++ { ++ .name = "pgp", ++ .init = grub_pubkey_init, ++ .fini = grub_pubkey_fini, ++ .write = grub_pubkey_write, ++ .close = grub_pubkey_close, ++ }; + + static grub_extcmd_t cmd, cmd_trust; + static grub_command_t cmd_distrust, cmd_list; +@@ -986,8 +960,6 @@ GRUB_MOD_INIT(verify) + sec = 1; + else + sec = 0; +- +- grub_file_filter_register (GRUB_FILE_FILTER_PUBKEY, grub_pubkey_open); + + grub_register_variable_hook ("check_signatures", 0, grub_env_write_sec); + grub_env_export ("check_signatures"); +@@ -1033,11 +1005,13 @@ GRUB_MOD_INIT(verify) + cmd_distrust = grub_register_command ("distrust", grub_cmd_distrust, + N_("PUBKEY_ID"), + N_("Remove PUBKEY_ID from trusted keys.")); ++ ++ grub_verifier_register (&grub_pubkey_verifier); + } + + GRUB_MOD_FINI(verify) + { +- grub_file_filter_unregister (GRUB_FILE_FILTER_PUBKEY); ++ grub_verifier_unregister (&grub_pubkey_verifier); + grub_unregister_extcmd (cmd); + grub_unregister_extcmd (cmd_trust); + grub_unregister_command (cmd_list); +diff --git a/include/grub/file.h b/include/grub/file.h +index 5b47c5f91..19dda67f6 100644 +--- a/include/grub/file.h ++++ b/include/grub/file.h +@@ -171,7 +171,7 @@ extern grub_disk_read_hook_t EXPORT_VAR(grub_file_progress_hook); + /* Filters with lower ID are executed first. */ + typedef enum grub_file_filter_id + { +- GRUB_FILE_FILTER_PUBKEY, ++ GRUB_FILE_FILTER_VERIFY, + GRUB_FILE_FILTER_GZIO, + GRUB_FILE_FILTER_XZIO, + GRUB_FILE_FILTER_LZOPIO, +diff --git a/include/grub/list.h b/include/grub/list.h +index d170ff6da..b13acb962 100644 +--- a/include/grub/list.h ++++ b/include/grub/list.h +@@ -35,6 +35,7 @@ void EXPORT_FUNC(grub_list_push) (grub_list_t *head, grub_list_t item); + void EXPORT_FUNC(grub_list_remove) (grub_list_t item); + + #define FOR_LIST_ELEMENTS(var, list) for ((var) = (list); (var); (var) = (var)->next) ++#define FOR_LIST_ELEMENTS_NEXT(var, list) for ((var) = (var)->next; (var); (var) = (var)->next) + #define FOR_LIST_ELEMENTS_SAFE(var, nxt, list) for ((var) = (list), (nxt) = ((var) ? (var)->next : 0); (var); (var) = (nxt), ((nxt) = (var) ? (var)->next : 0)) + + static inline void * +diff --git a/include/grub/verify.h b/include/grub/verify.h +new file mode 100644 +index 000000000..298120f57 +--- /dev/null ++++ b/include/grub/verify.h +@@ -0,0 +1,65 @@ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2017 Free Software Foundation, Inc. ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ */ ++ ++#include ++#include ++ ++enum grub_verify_flags ++ { ++ GRUB_VERIFY_FLAGS_SKIP_VERIFICATION = 1, ++ GRUB_VERIFY_FLAGS_SINGLE_CHUNK = 2 ++ }; ++ ++struct grub_file_verifier ++{ ++ struct grub_file_verifier *next; ++ struct grub_file_verifier **prev; ++ ++ const char *name; ++ ++ /* ++ * Check if file needs to be verified and set up context. ++ * init/read/fini is structured in the same way as hash interface. ++ */ ++ grub_err_t (*init) (grub_file_t io, enum grub_file_type type, ++ void **context, enum grub_verify_flags *flags); ++ ++ /* ++ * Right now we pass the whole file in one call but it may ++ * change in the future. If you insist on single buffer you ++ * need to set GRUB_VERIFY_FLAGS_SINGLE_CHUNK in verify_flags. ++ */ ++ grub_err_t (*write) (void *context, void *buf, grub_size_t size); ++ ++ grub_err_t (*fini) (void *context); ++ void (*close) (void *context); ++}; ++ ++extern struct grub_file_verifier *grub_file_verifiers; ++ ++static inline void ++grub_verifier_register (struct grub_file_verifier *ver) ++{ ++ grub_list_push (GRUB_AS_LIST_P (&grub_file_verifiers), GRUB_AS_LIST (ver)); ++} ++ ++static inline void ++grub_verifier_unregister (struct grub_file_verifier *ver) ++{ ++ grub_list_remove (GRUB_AS_LIST (ver)); ++} diff --git a/SOURCES/0332-verifiers-Add-possibility-to-verify-kernel-and-modul.patch b/SOURCES/0332-verifiers-Add-possibility-to-verify-kernel-and-modul.patch new file mode 100644 index 0000000..9868893 --- /dev/null +++ b/SOURCES/0332-verifiers-Add-possibility-to-verify-kernel-and-modul.patch @@ -0,0 +1,520 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Vladimir Serbinenko +Date: Tue, 7 Feb 2017 02:10:14 +0100 +Subject: [PATCH] verifiers: Add possibility to verify kernel and modules + command lines + +Signed-off-by: Vladimir Serbinenko +Signed-off-by: Daniel Kiper +Reviewed-by: Ross Philipson +(backported from 4d4a8c96e3593d76fe7b025665ccdecc70a53c1f) +Signed-off-by: Daniel Axtens +--- + grub-core/commands/verifiers.c | 14 ++++++++++++++ + grub-core/lib/cmdline.c | 7 ++++--- + grub-core/loader/arm/linux.c | 8 ++++++-- + grub-core/loader/arm64/linux.c | 10 +++++++--- + grub-core/loader/i386/bsd.c | 6 ++++++ + grub-core/loader/i386/linux.c | 16 +++++++++++----- + grub-core/loader/i386/multiboot_mbi.c | 16 ++++++++++------ + grub-core/loader/i386/pc/linux.c | 13 ++++++++----- + grub-core/loader/i386/pc/plan9.c | 11 +++++++++++ + grub-core/loader/i386/xen.c | 7 +++++++ + grub-core/loader/ia64/efi/linux.c | 7 +++++++ + grub-core/loader/mips/linux.c | 8 ++++++++ + grub-core/loader/multiboot_mbi2.c | 8 +++----- + grub-core/loader/powerpc/ieee1275/linux.c | 5 +++-- + grub-core/loader/sparc64/ieee1275/linux.c | 5 +++-- + grub-core/loader/xnu.c | 9 +++++++++ + include/grub/lib/cmdline.h | 5 +++-- + include/grub/verify.h | 11 +++++++++++ + 18 files changed, 131 insertions(+), 35 deletions(-) + +diff --git a/grub-core/commands/verifiers.c b/grub-core/commands/verifiers.c +index fde88318d..59ea418a2 100644 +--- a/grub-core/commands/verifiers.c ++++ b/grub-core/commands/verifiers.c +@@ -186,6 +186,20 @@ grub_verifiers_open (grub_file_t io, enum grub_file_type type) + return NULL; + } + ++grub_err_t ++grub_verify_string (char *str, enum grub_verify_string_type type) ++{ ++ struct grub_file_verifier *ver; ++ FOR_LIST_ELEMENTS(ver, grub_file_verifiers) ++ { ++ grub_err_t err; ++ err = ver->verify_string ? ver->verify_string (str, type) : GRUB_ERR_NONE; ++ if (err) ++ return err; ++ } ++ return GRUB_ERR_NONE; ++} ++ + GRUB_MOD_INIT(verifiers) + { + grub_file_filter_register (GRUB_FILE_FILTER_VERIFY, grub_verifiers_open); +diff --git a/grub-core/lib/cmdline.c b/grub-core/lib/cmdline.c +index d5c12957c..463c3c65c 100644 +--- a/grub-core/lib/cmdline.c ++++ b/grub-core/lib/cmdline.c +@@ -75,8 +75,9 @@ unsigned int grub_loader_cmdline_size (int argc, char *argv[]) + return size; + } + +-int grub_create_loader_cmdline (int argc, char *argv[], char *buf, +- grub_size_t size) ++grub_err_t ++grub_create_loader_cmdline (int argc, char *argv[], char *buf, ++ grub_size_t size, enum grub_verify_string_type type) + { + int i, space; + unsigned int arg_size; +@@ -130,5 +131,5 @@ int grub_create_loader_cmdline (int argc, char *argv[], char *buf, + "grub_kernel_cmdline", orig); + grub_print_error(); + +- return i; ++ return grub_verify_string (orig, type); + } +diff --git a/grub-core/loader/arm/linux.c b/grub-core/loader/arm/linux.c +index ea29d7a72..beceda520 100644 +--- a/grub-core/loader/arm/linux.c ++++ b/grub-core/loader/arm/linux.c +@@ -28,6 +28,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -383,8 +384,11 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + + /* Create kernel command line. */ + grub_memcpy (linux_args, LINUX_IMAGE, sizeof (LINUX_IMAGE)); +- grub_create_loader_cmdline (argc, argv, +- linux_args + sizeof (LINUX_IMAGE) - 1, size); ++ err = grub_create_loader_cmdline (argc, argv, ++ linux_args + sizeof (LINUX_IMAGE) - 1, size, ++ GRUB_VERIFY_KERNEL_CMDLINE); ++ if (err) ++ goto fail; + + return GRUB_ERR_NONE; + +diff --git a/grub-core/loader/arm64/linux.c b/grub-core/loader/arm64/linux.c +index 7a076c131..48ea66596 100644 +--- a/grub-core/loader/arm64/linux.c ++++ b/grub-core/loader/arm64/linux.c +@@ -33,6 +33,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -403,9 +404,12 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + goto fail; + } + grub_memcpy (linux_args, LINUX_IMAGE, sizeof (LINUX_IMAGE)); +- grub_create_loader_cmdline (argc, argv, +- linux_args + sizeof (LINUX_IMAGE) - 1, +- cmdline_size); ++ err = grub_create_loader_cmdline (argc, argv, ++ linux_args + sizeof (LINUX_IMAGE) - 1, ++ cmdline_size, ++ GRUB_VERIFY_KERNEL_CMDLINE); ++ if (err) ++ goto fail; + + if (grub_errno == GRUB_ERR_NONE) + { +diff --git a/grub-core/loader/i386/bsd.c b/grub-core/loader/i386/bsd.c +index 8306b415a..45a715099 100644 +--- a/grub-core/loader/i386/bsd.c ++++ b/grub-core/loader/i386/bsd.c +@@ -36,6 +36,7 @@ + #include + #include + #include ++#include + #ifdef GRUB_MACHINE_PCBIOS + #include + #endif +@@ -418,6 +419,8 @@ grub_freebsd_add_meta_module (const char *filename, const char *type, + grub_addr_t addr, grub_uint32_t size) + { + const char *name; ++ grub_err_t err; ++ + name = grub_strrchr (filename, '/'); + if (name) + name++; +@@ -471,6 +474,9 @@ grub_freebsd_add_meta_module (const char *filename, const char *type, + *(p++) = ' '; + } + *p = 0; ++ err = grub_verify_string (cmdline, GRUB_VERIFY_MODULE_CMDLINE); ++ if (err) ++ return err; + } + } + +diff --git a/grub-core/loader/i386/linux.c b/grub-core/loader/i386/linux.c +index aa2cbc4e7..ef8fcb9e1 100644 +--- a/grub-core/loader/i386/linux.c ++++ b/grub-core/loader/i386/linux.c +@@ -1039,11 +1039,17 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + if (!linux_cmdline) + goto fail; + grub_memcpy (linux_cmdline, LINUX_IMAGE, sizeof (LINUX_IMAGE)); +- grub_create_loader_cmdline (argc, argv, +- linux_cmdline +- + sizeof (LINUX_IMAGE) - 1, +- maximal_cmdline_size +- - (sizeof (LINUX_IMAGE) - 1)); ++ { ++ grub_err_t err; ++ err = grub_create_loader_cmdline (argc, argv, ++ linux_cmdline ++ + sizeof (LINUX_IMAGE) - 1, ++ maximal_cmdline_size ++ - (sizeof (LINUX_IMAGE) - 1), ++ GRUB_VERIFY_KERNEL_CMDLINE); ++ if (err) ++ goto fail; ++ } + + len = prot_file_size; + grub_memcpy (prot_mode_mem, kernel + kernel_offset, len); +diff --git a/grub-core/loader/i386/multiboot_mbi.c b/grub-core/loader/i386/multiboot_mbi.c +index 9d3466d6a..525446b56 100644 +--- a/grub-core/loader/i386/multiboot_mbi.c ++++ b/grub-core/loader/i386/multiboot_mbi.c +@@ -676,10 +676,8 @@ grub_multiboot_init_mbi (int argc, char *argv[]) + return grub_errno; + cmdline_size = len; + +- grub_create_loader_cmdline (argc, argv, cmdline, +- cmdline_size); +- +- return GRUB_ERR_NONE; ++ return grub_create_loader_cmdline (argc, argv, cmdline, ++ cmdline_size, GRUB_VERIFY_KERNEL_CMDLINE); + } + + grub_err_t +@@ -688,6 +686,7 @@ grub_multiboot_add_module (grub_addr_t start, grub_size_t size, + { + struct module *newmod; + grub_size_t len = 0; ++ grub_err_t err; + + newmod = grub_malloc (sizeof (*newmod)); + if (!newmod) +@@ -707,8 +706,13 @@ grub_multiboot_add_module (grub_addr_t start, grub_size_t size, + newmod->cmdline_size = len; + total_modcmd += ALIGN_UP (len, 4); + +- grub_create_loader_cmdline (argc, argv, newmod->cmdline, +- newmod->cmdline_size); ++ err = grub_create_loader_cmdline (argc, argv, newmod->cmdline, ++ newmod->cmdline_size, GRUB_VERIFY_MODULE_CMDLINE); ++ if (err) ++ { ++ grub_free (newmod); ++ return grub_errno; ++ } + + if (modules_last) + modules_last->next = newmod; +diff --git a/grub-core/loader/i386/pc/linux.c b/grub-core/loader/i386/pc/linux.c +index b5c28c658..f631225f5 100644 +--- a/grub-core/loader/i386/pc/linux.c ++++ b/grub-core/loader/i386/pc/linux.c +@@ -348,11 +348,14 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + /* Create kernel command line. */ + grub_memcpy ((char *)grub_linux_real_chunk + GRUB_LINUX_CL_OFFSET, + LINUX_IMAGE, sizeof (LINUX_IMAGE)); +- grub_create_loader_cmdline (argc, argv, +- (char *)grub_linux_real_chunk +- + GRUB_LINUX_CL_OFFSET + sizeof (LINUX_IMAGE) - 1, +- maximal_cmdline_size +- - (sizeof (LINUX_IMAGE) - 1)); ++ err = grub_create_loader_cmdline (argc, argv, ++ (char *)grub_linux_real_chunk ++ + GRUB_LINUX_CL_OFFSET + sizeof (LINUX_IMAGE) - 1, ++ maximal_cmdline_size ++ - (sizeof (LINUX_IMAGE) - 1), ++ GRUB_VERIFY_KERNEL_CMDLINE); ++ if (err) ++ goto fail; + + if (grub_linux_is_bzimage) + grub_linux_prot_target = GRUB_LINUX_BZIMAGE_ADDR; +diff --git a/grub-core/loader/i386/pc/plan9.c b/grub-core/loader/i386/pc/plan9.c +index 0351090da..37550155d 100644 +--- a/grub-core/loader/i386/pc/plan9.c ++++ b/grub-core/loader/i386/pc/plan9.c +@@ -33,6 +33,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -505,6 +506,7 @@ grub_cmd_plan9 (grub_extcmd_context_t ctxt, int argc, char *argv[]) + configptr = grub_stpcpy (configptr, "bootfile="); + configptr = grub_stpcpy (configptr, bootpath); + *configptr++ = '\n'; ++ char *cmdline = configptr; + { + int i; + for (i = 1; i < argc; i++) +@@ -513,6 +515,15 @@ grub_cmd_plan9 (grub_extcmd_context_t ctxt, int argc, char *argv[]) + *configptr++ = '\n'; + } + } ++ ++ { ++ grub_err_t err; ++ *configptr = '\0'; ++ err = grub_verify_string (cmdline, GRUB_VERIFY_KERNEL_CMDLINE); ++ if (err) ++ goto fail; ++ } ++ + configptr = grub_stpcpy (configptr, fill_ctx.pmap); + + { +diff --git a/grub-core/loader/i386/xen.c b/grub-core/loader/i386/xen.c +index 82350d3a1..07a4837c5 100644 +--- a/grub-core/loader/i386/xen.c ++++ b/grub-core/loader/i386/xen.c +@@ -41,6 +41,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -649,6 +650,9 @@ grub_cmd_xen (grub_command_t cmd __attribute__ ((unused)), + grub_create_loader_cmdline (argc - 1, argv + 1, + (char *) xen_state.next_start.cmd_line, + sizeof (xen_state.next_start.cmd_line) - 1); ++ err = grub_verify_string (xen_state.next_start.cmd_line, GRUB_VERIFY_MODULE_CMDLINE); ++ if (err) ++ return err; + + file = grub_file_open (argv[0], GRUB_FILE_TYPE_LINUX_KERNEL); + if (!file) +@@ -916,6 +920,9 @@ grub_cmd_module (grub_command_t cmd __attribute__ ((unused)), + + grub_create_loader_cmdline (argc - 1, argv + 1, + get_virtual_current_address (ch), cmdline_len); ++ err = grub_verify_string (get_virtual_current_address (ch), GRUB_VERIFY_MODULE_CMDLINE); ++ if (err) ++ goto fail; + + xen_state.module_info_page[xen_state.n_modules].cmdline = + xen_state.max_addr - xen_state.modules_target_start; +diff --git a/grub-core/loader/ia64/efi/linux.c b/grub-core/loader/ia64/efi/linux.c +index 750330d45..e325fe0ee 100644 +--- a/grub-core/loader/ia64/efi/linux.c ++++ b/grub-core/loader/ia64/efi/linux.c +@@ -33,6 +33,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -543,6 +544,12 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + p = grub_stpcpy (p, argv[i]); + } + cmdline[10] = '='; ++ ++ *p = '\0'; ++ ++ err = grub_verify_string (cmdline, GRUB_VERIFY_KERNEL_CMDLINE); ++ if (err) ++ goto fail; + + boot_param->command_line = (grub_uint64_t) cmdline; + boot_param->efi_systab = (grub_uint64_t) grub_efi_system_table; +diff --git a/grub-core/loader/mips/linux.c b/grub-core/loader/mips/linux.c +index 103588544..20135ce25 100644 +--- a/grub-core/loader/mips/linux.c ++++ b/grub-core/loader/mips/linux.c +@@ -327,6 +327,8 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + linux_argv++; + linux_args += ALIGN_UP (sizeof ("a0"), 4); + ++ char *params = linux_args; ++ + #ifdef GRUB_MACHINE_MIPS_LOONGSON + { + unsigned mtype = grub_arch_machine; +@@ -352,6 +354,12 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + linux_args += ALIGN_UP (grub_strlen (argv[i]) + 1, 4); + } + ++ *linux_args = '\0'; ++ ++ err = grub_verify_string (params, GRUB_VERIFY_KERNEL_CMDLINE); ++ if (err) ++ return err; ++ + /* Reserve space for rd arguments. */ + rd_addr_arg_off = (grub_uint8_t *) linux_args - (grub_uint8_t *) playground; + linux_args += ALIGN_UP (sizeof ("rd_start=0xXXXXXXXXXXXXXXXX"), 4); +diff --git a/grub-core/loader/multiboot_mbi2.c b/grub-core/loader/multiboot_mbi2.c +index 3cfb47650..f64a857e3 100644 +--- a/grub-core/loader/multiboot_mbi2.c ++++ b/grub-core/loader/multiboot_mbi2.c +@@ -1077,10 +1077,8 @@ grub_multiboot2_init_mbi (int argc, char *argv[]) + return grub_errno; + cmdline_size = len; + +- grub_create_loader_cmdline (argc, argv, cmdline, +- cmdline_size); +- +- return GRUB_ERR_NONE; ++ return grub_create_loader_cmdline (argc, argv, cmdline, cmdline_size, ++ GRUB_VERIFY_KERNEL_CMDLINE); + } + + grub_err_t +@@ -1109,7 +1107,7 @@ grub_multiboot2_add_module (grub_addr_t start, grub_size_t size, + total_modcmd += ALIGN_UP (len, MULTIBOOT_TAG_ALIGN); + + err = grub_create_loader_cmdline (argc, argv, newmod->cmdline, +- newmod->cmdline_size); ++ newmod->cmdline_size, GRUB_VERIFY_MODULE_CMDLINE); + if (err) + { + grub_free (newmod->cmdline); +diff --git a/grub-core/loader/powerpc/ieee1275/linux.c b/grub-core/loader/powerpc/ieee1275/linux.c +index 6e814649f..c114e7df4 100644 +--- a/grub-core/loader/powerpc/ieee1275/linux.c ++++ b/grub-core/loader/powerpc/ieee1275/linux.c +@@ -302,8 +302,9 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + + /* Create kernel command line. */ + grub_memcpy (linux_args, LINUX_IMAGE, sizeof (LINUX_IMAGE)); +- grub_create_loader_cmdline (argc, argv, linux_args + sizeof (LINUX_IMAGE) - 1, +- size); ++ if (grub_create_loader_cmdline (argc, argv, linux_args + sizeof (LINUX_IMAGE) - 1, ++ size)) ++ goto out; + + out: + +diff --git a/grub-core/loader/sparc64/ieee1275/linux.c b/grub-core/loader/sparc64/ieee1275/linux.c +index 67ef04883..abe46faa0 100644 +--- a/grub-core/loader/sparc64/ieee1275/linux.c ++++ b/grub-core/loader/sparc64/ieee1275/linux.c +@@ -340,8 +340,9 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + + /* Create kernel command line. */ + grub_memcpy (linux_args, LINUX_IMAGE, sizeof (LINUX_IMAGE)); +- grub_create_loader_cmdline (argc, argv, linux_args + sizeof (LINUX_IMAGE) - 1, +- size); ++ if (grub_create_loader_cmdline (argc, argv, linux_args + sizeof (LINUX_IMAGE) - 1, ++ size, GRUB_VERIFY_KERNEL_CMDLINE)) ++ goto out; + + out: + if (elf) +diff --git a/grub-core/loader/xnu.c b/grub-core/loader/xnu.c +index 9f78abb05..5944dc5ea 100644 +--- a/grub-core/loader/xnu.c ++++ b/grub-core/loader/xnu.c +@@ -35,6 +35,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -429,6 +430,10 @@ grub_cmd_xnu_kernel (grub_command_t cmd __attribute__ ((unused)), + if (ptr != grub_xnu_cmdline) + *(ptr - 1) = 0; + ++ err = grub_verify_string (grub_xnu_cmdline, GRUB_VERIFY_KERNEL_CMDLINE); ++ if (err) ++ return err; ++ + #if defined (__i386) && !defined (GRUB_MACHINE_EFI) + err = grub_efiemu_autocore (); + if (err) +@@ -538,6 +543,10 @@ grub_cmd_xnu_kernel64 (grub_command_t cmd __attribute__ ((unused)), + if (ptr != grub_xnu_cmdline) + *(ptr - 1) = 0; + ++ err = grub_verify_string (grub_xnu_cmdline, GRUB_VERIFY_KERNEL_CMDLINE); ++ if (err) ++ return err; ++ + #if defined (__i386) && !defined (GRUB_MACHINE_EFI) + err = grub_efiemu_autocore (); + if (err) +diff --git a/include/grub/lib/cmdline.h b/include/grub/lib/cmdline.h +index 1fe8d0179..cdca09b7a 100644 +--- a/include/grub/lib/cmdline.h ++++ b/include/grub/lib/cmdline.h +@@ -21,11 +21,12 @@ + #define GRUB_CMDLINE_HEADER 1 + + #include ++#include + + #define LINUX_IMAGE "BOOT_IMAGE=" + + unsigned int grub_loader_cmdline_size (int argc, char *argv[]); +-int grub_create_loader_cmdline (int argc, char *argv[], char *buf, +- grub_size_t size); ++grub_err_t grub_create_loader_cmdline (int argc, char *argv[], char *buf, ++ grub_size_t size, enum grub_verify_string_type type); + + #endif /* ! GRUB_CMDLINE_HEADER */ +diff --git a/include/grub/verify.h b/include/grub/verify.h +index 298120f57..9f892d8fe 100644 +--- a/include/grub/verify.h ++++ b/include/grub/verify.h +@@ -25,6 +25,12 @@ enum grub_verify_flags + GRUB_VERIFY_FLAGS_SINGLE_CHUNK = 2 + }; + ++enum grub_verify_string_type ++ { ++ GRUB_VERIFY_KERNEL_CMDLINE, ++ GRUB_VERIFY_MODULE_CMDLINE, ++ }; ++ + struct grub_file_verifier + { + struct grub_file_verifier *next; +@@ -48,6 +54,8 @@ struct grub_file_verifier + + grub_err_t (*fini) (void *context); + void (*close) (void *context); ++ ++ grub_err_t (*verify_string) (char *str, enum grub_verify_string_type type); + }; + + extern struct grub_file_verifier *grub_file_verifiers; +@@ -63,3 +71,6 @@ grub_verifier_unregister (struct grub_file_verifier *ver) + { + grub_list_remove (GRUB_AS_LIST (ver)); + } ++ ++grub_err_t ++grub_verify_string (char *str, enum grub_verify_string_type type); diff --git a/SOURCES/0333-verifiers-Add-possibility-to-defer-verification-to-o.patch b/SOURCES/0333-verifiers-Add-possibility-to-defer-verification-to-o.patch new file mode 100644 index 0000000..d8c5a6e --- /dev/null +++ b/SOURCES/0333-verifiers-Add-possibility-to-defer-verification-to-o.patch @@ -0,0 +1,91 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Kiper +Date: Wed, 26 Sep 2018 13:17:52 +0200 +Subject: [PATCH] verifiers: Add possibility to defer verification to other + verifiers + +This way if a verifier requires verification of a given file it can defer task +to another verifier (another authority) if it is not able to do it itself. E.g. +shim_lock verifier, posted as a subsequent patch, is able to verify only PE +files. This means that it is not able to verify any of GRUB2 modules which have +to be trusted on UEFI systems with secure boot enabled. So, it can defer +verification to other verifier, e.g. PGP one. + +I silently assume that other verifiers are trusted and will do good job for us. +Or at least they will not do any harm. + +Signed-off-by: Daniel Kiper +Reviewed-by: Ross Philipson +--- + grub-core/commands/verifiers.c | 23 ++++++++++++++++++++--- + include/grub/verify.h | 4 +++- + 2 files changed, 23 insertions(+), 4 deletions(-) + +diff --git a/grub-core/commands/verifiers.c b/grub-core/commands/verifiers.c +index 59ea418a2..c638d5f43 100644 +--- a/grub-core/commands/verifiers.c ++++ b/grub-core/commands/verifiers.c +@@ -83,6 +83,7 @@ grub_verifiers_open (grub_file_t io, enum grub_file_type type) + void *context; + grub_file_t ret = 0; + grub_err_t err; ++ int defer = 0; + + grub_dprintf ("verify", "file: %s type: %d\n", io->name, type); + +@@ -102,13 +103,27 @@ grub_verifiers_open (grub_file_t io, enum grub_file_type type) + err = ver->init (io, type, &context, &flags); + if (err) + goto fail_noclose; ++ if (flags & GRUB_VERIFY_FLAGS_DEFER_AUTH) ++ { ++ defer = 1; ++ continue; ++ } + if (!(flags & GRUB_VERIFY_FLAGS_SKIP_VERIFICATION)) + break; + } + + if (!ver) +- /* No verifiers wanted to verify. Just return underlying file. */ +- return io; ++ { ++ if (defer) ++ { ++ grub_error (GRUB_ERR_ACCESS_DENIED, ++ N_("verification requested but nobody cares: %s"), io->name); ++ goto fail_noclose; ++ } ++ ++ /* No verifiers wanted to verify. Just return underlying file. */ ++ return io; ++ } + + ret = grub_malloc (sizeof (*ret)); + if (!ret) +@@ -160,7 +175,9 @@ grub_verifiers_open (grub_file_t io, enum grub_file_type type) + err = ver->init (io, type, &context, &flags); + if (err) + goto fail_noclose; +- if (flags & GRUB_VERIFY_FLAGS_SKIP_VERIFICATION) ++ if (flags & GRUB_VERIFY_FLAGS_SKIP_VERIFICATION || ++ /* Verification done earlier. So, we are happy here. */ ++ flags & GRUB_VERIFY_FLAGS_DEFER_AUTH) + continue; + err = ver->write (context, verified->buf, ret->size); + if (err) +diff --git a/include/grub/verify.h b/include/grub/verify.h +index 9f892d8fe..79022b422 100644 +--- a/include/grub/verify.h ++++ b/include/grub/verify.h +@@ -22,7 +22,9 @@ + enum grub_verify_flags + { + GRUB_VERIFY_FLAGS_SKIP_VERIFICATION = 1, +- GRUB_VERIFY_FLAGS_SINGLE_CHUNK = 2 ++ GRUB_VERIFY_FLAGS_SINGLE_CHUNK = 2, ++ /* Defer verification to another authority. */ ++ GRUB_VERIFY_FLAGS_DEFER_AUTH = 4 + }; + + enum grub_verify_string_type diff --git a/SOURCES/0334-verifiers-Rename-verify-module-to-pgp-module.patch b/SOURCES/0334-verifiers-Rename-verify-module-to-pgp-module.patch new file mode 100644 index 0000000..9fb13a8 --- /dev/null +++ b/SOURCES/0334-verifiers-Rename-verify-module-to-pgp-module.patch @@ -0,0 +1,36 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Kiper +Date: Tue, 2 Oct 2018 22:36:43 +0200 +Subject: [PATCH] verifiers: Rename verify module to pgp module + +Just for clarity. No functional change. + +Signed-off-by: Daniel Kiper +Reviewed-by: Ross Philipson +(cherry picked from commit b07feb8746c3bb845e3f0d33d37c0bded704d14d) +Signed-off-by: Daniel Axtens +--- + grub-core/Makefile.core.def | 4 ++-- + grub-core/commands/{verify.c => pgp.c} | 0 + 2 files changed, 2 insertions(+), 2 deletions(-) + rename grub-core/commands/{verify.c => pgp.c} (100%) + +diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def +index 29c3bf6cd..809f11fea 100644 +--- a/grub-core/Makefile.core.def ++++ b/grub-core/Makefile.core.def +@@ -915,8 +915,8 @@ module = { + }; + + module = { +- name = verify; +- common = commands/verify.c; ++ name = pgp; ++ common = commands/pgp.c; + cflags = '$(CFLAGS_POSIX)'; + cppflags = '-I$(srcdir)/lib/posix_wrap'; + }; +diff --git a/grub-core/commands/verify.c b/grub-core/commands/pgp.c +similarity index 100% +rename from grub-core/commands/verify.c +rename to grub-core/commands/pgp.c diff --git a/SOURCES/0335-pgp-Fix-emu-build-and-tests-after-pgp-module-renamin.patch b/SOURCES/0335-pgp-Fix-emu-build-and-tests-after-pgp-module-renamin.patch new file mode 100644 index 0000000..6199a40 --- /dev/null +++ b/SOURCES/0335-pgp-Fix-emu-build-and-tests-after-pgp-module-renamin.patch @@ -0,0 +1,55 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Colin Watson +Date: Wed, 9 Jan 2019 14:54:39 +0000 +Subject: [PATCH] pgp: Fix emu build and tests after pgp module renaming + +Commit b07feb8746c3bb845e3f0d33d37c0bded704d14d (verifiers: Rename +verify module to pgp module) renamed the "verify" module to "pgp", but +the GRUB_MOD_INIT and GRUB_MOD_FINI macros were left as "verify", which +broke the emu target build; and file_filter_test still referred to the +now non-existent "verify" module. Fix both of these. + +Signed-off-by: Colin Watson +Reviewed-by: Daniel Kiper +(cherry picked from commit ed087f0460516737e174222f01e2bf6ccbd45674) +Signed-off-by: Daniel Axtens +--- + grub-core/commands/pgp.c | 4 ++-- + tests/file_filter_test.in | 2 +- + 2 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/grub-core/commands/pgp.c b/grub-core/commands/pgp.c +index 29e74a640..5c913c2e2 100644 +--- a/grub-core/commands/pgp.c ++++ b/grub-core/commands/pgp.c +@@ -950,7 +950,7 @@ struct grub_file_verifier grub_pubkey_verifier = + static grub_extcmd_t cmd, cmd_trust; + static grub_command_t cmd_distrust, cmd_list; + +-GRUB_MOD_INIT(verify) ++GRUB_MOD_INIT(pgp) + { + const char *val; + struct grub_module_header *header; +@@ -1009,7 +1009,7 @@ GRUB_MOD_INIT(verify) + grub_verifier_register (&grub_pubkey_verifier); + } + +-GRUB_MOD_FINI(verify) ++GRUB_MOD_FINI(pgp) + { + grub_verifier_unregister (&grub_pubkey_verifier); + grub_unregister_extcmd (cmd); +diff --git a/tests/file_filter_test.in b/tests/file_filter_test.in +index bfb638227..ed6abcb5a 100644 +--- a/tests/file_filter_test.in ++++ b/tests/file_filter_test.in +@@ -19,7 +19,7 @@ grubshell=@builddir@/grub-shell + + . "@builddir@/grub-core/modinfo.sh" + +-filters="gzio xzio lzopio verify" ++filters="gzio xzio lzopio pgp" + modules="cat mpi" + + for mod in $(cut -d ' ' -f 2 "@builddir@/grub-core/crypto.lst" | sort -u); do diff --git a/SOURCES/0336-include-grub-file.h-Add-device-tree-file-type.patch b/SOURCES/0336-include-grub-file.h-Add-device-tree-file-type.patch new file mode 100644 index 0000000..d96521e --- /dev/null +++ b/SOURCES/0336-include-grub-file.h-Add-device-tree-file-type.patch @@ -0,0 +1,30 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Leif Lindholm +Date: Wed, 14 Nov 2018 19:29:16 +0000 +Subject: [PATCH] include/grub/file.h: Add device tree file type + +The API change of grub_file_open() for adding verifiers did not include +a type for device tree blobs. Add GRUB_FILE_TYPE_DEVICE_TREE_IMAGE to +the grub_file_type enum. + +Signed-off-by: Leif Lindholm +Reviewed-by: Daniel Kiper +(cherry picked from commit 7453c2cc32525a5eebe3b268433d0dfc73622917) +Signed-off-by: Daniel Axtens +--- + include/grub/file.h | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/include/grub/file.h b/include/grub/file.h +index 19dda67f6..9aae46355 100644 +--- a/include/grub/file.h ++++ b/include/grub/file.h +@@ -69,6 +69,8 @@ enum grub_file_type + + GRUB_FILE_TYPE_EFI_CHAINLOADED_IMAGE, + ++ GRUB_FILE_TYPE_DEVICE_TREE_IMAGE, ++ + /* File holding signature. */ + GRUB_FILE_TYPE_SIGNATURE, + /* File holding public key to verify signature once. */ diff --git a/SOURCES/0337-grub-core-loader-efi-fdt.c-Fixup-grub_file_open-call.patch b/SOURCES/0337-grub-core-loader-efi-fdt.c-Fixup-grub_file_open-call.patch new file mode 100644 index 0000000..257466c --- /dev/null +++ b/SOURCES/0337-grub-core-loader-efi-fdt.c-Fixup-grub_file_open-call.patch @@ -0,0 +1,28 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Leif Lindholm +Date: Wed, 14 Nov 2018 19:29:17 +0000 +Subject: [PATCH] grub-core/loader/efi/fdt.c: Fixup grub_file_open() call + +The verifiers framework changed the API of grub_file_open(), but did not +fix up all users. Add the file type GRUB_FILE_TYPE_DEVICE_TREE_IMAGE +to the "devicetree" command handler call. + +Signed-off-by: Leif Lindholm +Reviewed-by: Daniel Kiper +--- + grub-core/loader/efi/fdt.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/grub-core/loader/efi/fdt.c b/grub-core/loader/efi/fdt.c +index a9dbcfdfe..e3ee3ad79 100644 +--- a/grub-core/loader/efi/fdt.c ++++ b/grub-core/loader/efi/fdt.c +@@ -125,7 +125,7 @@ grub_cmd_devicetree (grub_command_t cmd __attribute__ ((unused)), + return GRUB_ERR_NONE; + } + +- dtb = grub_file_open (argv[0]); ++ dtb = grub_file_open (argv[0], GRUB_FILE_TYPE_DEVICE_TREE_IMAGE); + if (!dtb) + goto out; + diff --git a/SOURCES/0338-arm64-efi-Fix-breakage-caused-by-verifiers.patch b/SOURCES/0338-arm64-efi-Fix-breakage-caused-by-verifiers.patch new file mode 100644 index 0000000..78c7eac --- /dev/null +++ b/SOURCES/0338-arm64-efi-Fix-breakage-caused-by-verifiers.patch @@ -0,0 +1,38 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Leif Lindholm +Date: Wed, 14 Nov 2018 19:29:18 +0000 +Subject: [PATCH] arm64/efi: Fix breakage caused by verifiers + + - add variable "err" (used but not defined), + - add GRUB_FILE_TYPE_LINUX_KERNEL to grub_file_open() call. + +Signed-off-by: Leif Lindholm +Reviewed-by: Daniel Kiper + +Conflicts: + grub-core/loader/arm64/linux.c +--- + grub-core/loader/arm64/linux.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/grub-core/loader/arm64/linux.c b/grub-core/loader/arm64/linux.c +index 48ea66596..864724dd4 100644 +--- a/grub-core/loader/arm64/linux.c ++++ b/grub-core/loader/arm64/linux.c +@@ -338,6 +338,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + struct linux_armxx_kernel_header lh; + struct grub_armxx_linux_pe_header *pe; + int rc; ++ grub_err_t err; + + grub_dl_ref (my_mod); + +@@ -347,7 +348,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + goto fail; + } + +- file = grub_file_open (argv[0]); ++ file = grub_file_open (argv[0], GRUB_FILE_TYPE_LINUX_KERNEL); + if (!file) + goto fail; + diff --git a/SOURCES/0339-arm-uboot-ia64-sparc64-Fix-up-grub_file_open-calls.patch b/SOURCES/0339-arm-uboot-ia64-sparc64-Fix-up-grub_file_open-calls.patch new file mode 100644 index 0000000..9603b36 --- /dev/null +++ b/SOURCES/0339-arm-uboot-ia64-sparc64-Fix-up-grub_file_open-calls.patch @@ -0,0 +1,74 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Leif Lindholm +Date: Wed, 14 Nov 2018 19:29:19 +0000 +Subject: [PATCH] arm-uboot, ia64, sparc64: Fix up grub_file_open() calls + +The verifiers framework changed the grub_file_open() interface, breaking all +non-x86 linux loaders. Add file types to the grub_file_open() calls to make +them build again. + +Signed-off-by: Leif Lindholm +Reviewed-by: Daniel Kiper +--- + grub-core/loader/arm/linux.c | 6 +++--- + grub-core/loader/ia64/efi/linux.c | 2 +- + grub-core/loader/sparc64/ieee1275/linux.c | 2 +- + 3 files changed, 5 insertions(+), 5 deletions(-) + +diff --git a/grub-core/loader/arm/linux.c b/grub-core/loader/arm/linux.c +index beceda520..1e944a2b6 100644 +--- a/grub-core/loader/arm/linux.c ++++ b/grub-core/loader/arm/linux.c +@@ -363,7 +363,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + if (argc == 0) + return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected")); + +- file = grub_file_open (argv[0]); ++ file = grub_file_open (argv[0], GRUB_FILE_TYPE_LINUX_KERNEL); + if (!file) + goto fail; + +@@ -408,7 +408,7 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), + if (argc == 0) + return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected")); + +- file = grub_file_open (argv[0]); ++ file = grub_file_open (argv[0], GRUB_FILE_TYPE_LINUX_INITRD); + if (!file) + return grub_errno; + +@@ -471,7 +471,7 @@ grub_cmd_devicetree (grub_command_t cmd __attribute__ ((unused)), + if (argc != 1) + return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected")); + +- dtb = grub_file_open (argv[0]); ++ dtb = grub_file_open (argv[0], GRUB_FILE_TYPE_DEVICE_TREE_IMAGE); + if (!dtb) + return grub_errno; + +diff --git a/grub-core/loader/ia64/efi/linux.c b/grub-core/loader/ia64/efi/linux.c +index e325fe0ee..2ad0b0c04 100644 +--- a/grub-core/loader/ia64/efi/linux.c ++++ b/grub-core/loader/ia64/efi/linux.c +@@ -502,7 +502,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + goto fail; + } + +- file = grub_file_open (argv[0]); ++ file = grub_file_open (argv[0], GRUB_FILE_TYPE_LINUX_KERNEL); + if (! file) + goto fail; + +diff --git a/grub-core/loader/sparc64/ieee1275/linux.c b/grub-core/loader/sparc64/ieee1275/linux.c +index abe46faa0..bb47ee0cc 100644 +--- a/grub-core/loader/sparc64/ieee1275/linux.c ++++ b/grub-core/loader/sparc64/ieee1275/linux.c +@@ -306,7 +306,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + goto out; + } + +- file = grub_file_open (argv[0]); ++ file = grub_file_open (argv[0], GRUB_FILE_TYPE_LINUX_KERNEL); + if (!file) + goto out; + diff --git a/SOURCES/0340-verifiers-fix-double-close-on-pgp-s-sig-file-descrip.patch b/SOURCES/0340-verifiers-fix-double-close-on-pgp-s-sig-file-descrip.patch new file mode 100644 index 0000000..036aa1f --- /dev/null +++ b/SOURCES/0340-verifiers-fix-double-close-on-pgp-s-sig-file-descrip.patch @@ -0,0 +1,146 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Michael Chang +Date: Tue, 20 Nov 2018 19:15:37 +0800 +Subject: [PATCH] verifiers: fix double close on pgp's sig file descriptor + +An error emerged as when I was testing the verifiers branch, so instead +of putting it in pgp prefix, the verifiers is used to reflect what the +patch is based on. + +While running verify_detached, grub aborts with error. + +verify_detached /@/.snapshots/1/snapshot/boot/grub/grub.cfg +/@/.snapshots/1/snapshot/boot/grub/grub.cfg.sig + +alloc magic is broken at 0x7beea660: 0 +Aborted. Press any key to exit. + +The error is caused by sig file descriptor been closed twice, first time +in grub_verify_signature() to which it is passed as parameter. Second in +grub_cmd_verify_signature() or in whichever opens the sig file +descriptor. The second close is not consider as bug to me either, as in +common rule of what opens a file has to close it to avoid file +descriptor leakage. + +After all the design of grub_verify_signature() makes it difficult to keep +a good trace on opened file descriptor from it's caller. Let's refine +the application interface to accept file path rather than descriptor, in +this way the caller doesn't have to care about closing the descriptor by +delegating it to grub_verify_signature() with full tracing to opened +file descriptor by itself. + +Also making it clear that sig descriptor is not referenced in error +returning path of grub_verify_signature_init(), so it can be closed +directly by it's caller. This also makes delegating it to +grub_pubkey_close() infeasible to help in relieving file descriptor +leakage as it has to depend on uncertainty of ctxt fields in error +returning path. + +Signed-off-by: Michael Chang +Reviewed-by: Daniel Kiper +--- + grub-core/commands/pgp.c | 35 +++++++++++++++++------------------ + include/grub/pubkey.h | 2 +- + 2 files changed, 18 insertions(+), 19 deletions(-) + +diff --git a/grub-core/commands/pgp.c b/grub-core/commands/pgp.c +index 5c913c2e2..d39846d8c 100644 +--- a/grub-core/commands/pgp.c ++++ b/grub-core/commands/pgp.c +@@ -495,13 +495,12 @@ grub_verify_signature_init (struct grub_pubkey_context *ctxt, grub_file_t sig) + + grub_dprintf ("crypt", "alive\n"); + +- ctxt->sig = sig; +- + ctxt->hash_context = grub_zalloc (ctxt->hash->contextsize); + if (!ctxt->hash_context) + return grub_errno; + + ctxt->hash->init (ctxt->hash_context); ++ ctxt->sig = sig; + + return GRUB_ERR_NONE; + } +@@ -684,16 +683,26 @@ grub_pubkey_close (void *ctxt) + } + + grub_err_t +-grub_verify_signature (grub_file_t f, grub_file_t sig, ++grub_verify_signature (grub_file_t f, const char *fsig, + struct grub_public_key *pkey) + { ++ grub_file_t sig; + grub_err_t err; + struct grub_pubkey_context ctxt; + grub_uint8_t *readbuf = NULL; + ++ sig = grub_file_open (fsig, ++ GRUB_FILE_TYPE_SIGNATURE ++ | GRUB_FILE_TYPE_NO_DECOMPRESS); ++ if (!sig) ++ return grub_errno; ++ + err = grub_verify_signature_init (&ctxt, sig); + if (err) +- return err; ++ { ++ grub_file_close (sig); ++ return err; ++ } + + readbuf = grub_zalloc (READBUF_SIZE); + if (!readbuf) +@@ -807,7 +816,7 @@ static grub_err_t + grub_cmd_verify_signature (grub_extcmd_context_t ctxt, + int argc, char **args) + { +- grub_file_t f = NULL, sig = NULL; ++ grub_file_t f = NULL; + grub_err_t err = GRUB_ERR_NONE; + struct grub_public_key *pk = NULL; + +@@ -845,19 +854,8 @@ grub_cmd_verify_signature (grub_extcmd_context_t ctxt, + goto fail; + } + +- sig = grub_file_open (args[1], +- GRUB_FILE_TYPE_SIGNATURE +- | GRUB_FILE_TYPE_NO_DECOMPRESS); +- if (!sig) +- { +- err = grub_errno; +- goto fail; +- } +- +- err = grub_verify_signature (f, sig, pk); ++ err = grub_verify_signature (f, args[1], pk); + fail: +- if (sig) +- grub_file_close (sig); + if (f) + grub_file_close (f); + if (pk) +@@ -902,7 +900,8 @@ grub_pubkey_init (grub_file_t io, enum grub_file_type type __attribute__ ((unuse + err = grub_verify_signature_init (ctxt, sig); + if (err) + { +- grub_pubkey_close (ctxt); ++ grub_free (ctxt); ++ grub_file_close (sig); + return err; + } + *context = ctxt; +diff --git a/include/grub/pubkey.h b/include/grub/pubkey.h +index 4a9d04b43..fb8be9cbb 100644 +--- a/include/grub/pubkey.h ++++ b/include/grub/pubkey.h +@@ -25,7 +25,7 @@ struct grub_public_key * + grub_load_public_key (grub_file_t f); + + grub_err_t +-grub_verify_signature (grub_file_t f, grub_file_t sig, ++grub_verify_signature (grub_file_t f, const char *fsig, + struct grub_public_key *pk); + + diff --git a/SOURCES/0341-verifiers-Xen-fallout-cleanup.patch b/SOURCES/0341-verifiers-Xen-fallout-cleanup.patch new file mode 100644 index 0000000..92fd669 --- /dev/null +++ b/SOURCES/0341-verifiers-Xen-fallout-cleanup.patch @@ -0,0 +1,46 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Kiper +Date: Thu, 6 Dec 2018 13:38:15 +0100 +Subject: [PATCH] verifiers: Xen fallout cleanup + +Xen fallout cleanup after commit ca0a4f689 (verifiers: File type for +fine-grained signature-verification controlling). + +Signed-off-by: Daniel Kiper +Reviewed-by: Ross Philipson +--- + grub-core/loader/i386/xen.c | 14 +++++++------- + 1 file changed, 7 insertions(+), 7 deletions(-) + +diff --git a/grub-core/loader/i386/xen.c b/grub-core/loader/i386/xen.c +index 07a4837c5..071b530d7 100644 +--- a/grub-core/loader/i386/xen.c ++++ b/grub-core/loader/i386/xen.c +@@ -647,10 +647,10 @@ grub_cmd_xen (grub_command_t cmd __attribute__ ((unused)), + + grub_xen_reset (); + +- grub_create_loader_cmdline (argc - 1, argv + 1, +- (char *) xen_state.next_start.cmd_line, +- sizeof (xen_state.next_start.cmd_line) - 1); +- err = grub_verify_string (xen_state.next_start.cmd_line, GRUB_VERIFY_MODULE_CMDLINE); ++ err = grub_create_loader_cmdline (argc - 1, argv + 1, ++ (char *) xen_state.next_start.cmd_line, ++ sizeof (xen_state.next_start.cmd_line) - 1, ++ GRUB_VERIFY_KERNEL_CMDLINE); + if (err) + return err; + +@@ -918,9 +918,9 @@ grub_cmd_module (grub_command_t cmd __attribute__ ((unused)), + if (err) + goto fail; + +- grub_create_loader_cmdline (argc - 1, argv + 1, +- get_virtual_current_address (ch), cmdline_len); +- err = grub_verify_string (get_virtual_current_address (ch), GRUB_VERIFY_MODULE_CMDLINE); ++ err = grub_create_loader_cmdline (argc - 1, argv + 1, ++ get_virtual_current_address (ch), cmdline_len, ++ GRUB_VERIFY_MODULE_CMDLINE); + if (err) + goto fail; + diff --git a/SOURCES/0342-verifiers-ARM-Xen-fallout-cleanup.patch b/SOURCES/0342-verifiers-ARM-Xen-fallout-cleanup.patch new file mode 100644 index 0000000..8cedfab --- /dev/null +++ b/SOURCES/0342-verifiers-ARM-Xen-fallout-cleanup.patch @@ -0,0 +1,63 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Kiper +Date: Thu, 6 Dec 2018 13:43:05 +0100 +Subject: [PATCH] verifiers: ARM Xen fallout cleanup + +ARM Xen fallout cleanup after commit ca0a4f689 (verifiers: File type for +fine-grained signature-verification controlling). + +Signed-off-by: Daniel Kiper +Reviewed-by: Ross Philipson +[javierm: remove grub_file_filter_disable_compression() call leftovers] +Signed-off-by: Javier Martinez Canillas + +Conflicts: + grub-core/loader/arm64/xen_boot.c +--- + grub-core/loader/arm64/xen_boot.c | 9 +++++---- + include/grub/file.h | 5 +++++ + 2 files changed, 10 insertions(+), 4 deletions(-) + +diff --git a/grub-core/loader/arm64/xen_boot.c b/grub-core/loader/arm64/xen_boot.c +index f35b16caa..318c833de 100644 +--- a/grub-core/loader/arm64/xen_boot.c ++++ b/grub-core/loader/arm64/xen_boot.c +@@ -427,9 +427,10 @@ grub_cmd_xen_module (grub_command_t cmd __attribute__((unused)), + + grub_dprintf ("xen_loader", "Init module and node info\n"); + +- if (nounzip) +- grub_file_filter_disable_compression (); +- file = grub_file_open (argv[0]); ++ file = grub_file_open (argv[0], GRUB_FILE_TYPE_XEN_MODULE ++ | (nounzip ? GRUB_FILE_TYPE_NO_DECOMPRESS ++ : GRUB_FILE_TYPE_NONE)); ++ + if (!file) + goto fail; + +@@ -461,7 +462,7 @@ grub_cmd_xen_hypervisor (grub_command_t cmd __attribute__ ((unused)), + goto fail; + } + +- file = grub_file_open (argv[0]); ++ file = grub_file_open (argv[0], GRUB_FILE_TYPE_XEN_HYPERVISOR); + if (!file) + goto fail; + +diff --git a/include/grub/file.h b/include/grub/file.h +index 9aae46355..cbbd29465 100644 +--- a/include/grub/file.h ++++ b/include/grub/file.h +@@ -42,6 +42,11 @@ enum grub_file_type + /* Multiboot module. */ + GRUB_FILE_TYPE_MULTIBOOT_MODULE, + ++ /* Xen hypervisor - used on ARM only. */ ++ GRUB_FILE_TYPE_XEN_HYPERVISOR, ++ /* Xen module - used on ARM only. */ ++ GRUB_FILE_TYPE_XEN_MODULE, ++ + GRUB_FILE_TYPE_BSD_KERNEL, + GRUB_FILE_TYPE_FREEBSD_ENV, + GRUB_FILE_TYPE_FREEBSD_MODULE, diff --git a/SOURCES/0343-verifiers-IA-64-fallout-cleanup.patch b/SOURCES/0343-verifiers-IA-64-fallout-cleanup.patch new file mode 100644 index 0000000..b810f79 --- /dev/null +++ b/SOURCES/0343-verifiers-IA-64-fallout-cleanup.patch @@ -0,0 +1,28 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Kiper +Date: Thu, 14 Mar 2019 16:18:31 +0100 +Subject: [PATCH] verifiers: IA-64 fallout cleanup + +IA-64 fallout cleanup after commit 4d4a8c96e (verifiers: Add possibility +to verify kernel and modules command lines). + +Signed-off-by: Daniel Kiper +Reviewed-by: Ross Philipson +--- + grub-core/loader/ia64/efi/linux.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/grub-core/loader/ia64/efi/linux.c b/grub-core/loader/ia64/efi/linux.c +index 2ad0b0c04..cfeb2c145 100644 +--- a/grub-core/loader/ia64/efi/linux.c ++++ b/grub-core/loader/ia64/efi/linux.c +@@ -547,8 +547,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + + *p = '\0'; + +- err = grub_verify_string (cmdline, GRUB_VERIFY_KERNEL_CMDLINE); +- if (err) ++ if (grub_verify_string (cmdline, GRUB_VERIFY_KERNEL_CMDLINE)) + goto fail; + + boot_param->command_line = (grub_uint64_t) cmdline; diff --git a/SOURCES/0344-verifiers-PowerPC-fallout-cleanup.patch b/SOURCES/0344-verifiers-PowerPC-fallout-cleanup.patch new file mode 100644 index 0000000..d625613 --- /dev/null +++ b/SOURCES/0344-verifiers-PowerPC-fallout-cleanup.patch @@ -0,0 +1,37 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Kiper +Date: Thu, 14 Mar 2019 19:45:17 +0100 +Subject: [PATCH] verifiers: PowerPC fallout cleanup + +PowerPC fallout cleanup after commit 4d4a8c96e (verifiers: Add possibility +to verify kernel and modules command lines) and ca0a4f689 (verifiers: File +type for fine-grained signature-verification controlling). + +Signed-off-by: Daniel Kiper +Reviewed-by: Ross Philipson +--- + grub-core/loader/powerpc/ieee1275/linux.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/grub-core/loader/powerpc/ieee1275/linux.c b/grub-core/loader/powerpc/ieee1275/linux.c +index c114e7df4..818b2a86d 100644 +--- a/grub-core/loader/powerpc/ieee1275/linux.c ++++ b/grub-core/loader/powerpc/ieee1275/linux.c +@@ -270,7 +270,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + goto out; + } + +- elf = grub_elf_open (argv[0]); ++ elf = grub_elf_open (argv[0], GRUB_FILE_TYPE_LINUX_KERNEL); + if (! elf) + goto out; + +@@ -303,7 +303,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + /* Create kernel command line. */ + grub_memcpy (linux_args, LINUX_IMAGE, sizeof (LINUX_IMAGE)); + if (grub_create_loader_cmdline (argc, argv, linux_args + sizeof (LINUX_IMAGE) - 1, +- size)) ++ size, GRUB_VERIFY_KERNEL_CMDLINE)) + goto out; + + out: diff --git a/SOURCES/0345-verifiers-MIPS-fallout-cleanup.patch b/SOURCES/0345-verifiers-MIPS-fallout-cleanup.patch new file mode 100644 index 0000000..0c12255 --- /dev/null +++ b/SOURCES/0345-verifiers-MIPS-fallout-cleanup.patch @@ -0,0 +1,27 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Kiper +Date: Mon, 18 Mar 2019 13:09:22 +0100 +Subject: [PATCH] verifiers: MIPS fallout cleanup + +MIPS fallout cleanup after commit 4d4a8c96e (verifiers: Add possibility +to verify kernel and modules command lines). + +Signed-off-by: Daniel Kiper +Reviewed-by: Ross Philipson +--- + grub-core/loader/mips/linux.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/grub-core/loader/mips/linux.c b/grub-core/loader/mips/linux.c +index 20135ce25..e4ed95921 100644 +--- a/grub-core/loader/mips/linux.c ++++ b/grub-core/loader/mips/linux.c +@@ -314,7 +314,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + + grub_memcpy (params, LINUX_IMAGE, sizeof (LINUX_IMAGE)); + grub_create_loader_cmdline (argc, argv, params + sizeof (LINUX_IMAGE) - 1, +- size); ++ size, GRUB_VERIFY_KERNEL_CMDLINE); + #else + linux_argv = extra; + argv_off = (grub_uint8_t *) linux_argv - (grub_uint8_t *) playground; diff --git a/SOURCES/0346-verifiers-Fix-calling-uninitialized-function-pointer.patch b/SOURCES/0346-verifiers-Fix-calling-uninitialized-function-pointer.patch new file mode 100644 index 0000000..a85b1ca --- /dev/null +++ b/SOURCES/0346-verifiers-Fix-calling-uninitialized-function-pointer.patch @@ -0,0 +1,41 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Michael Chang +Date: Tue, 18 Feb 2020 18:08:18 +0800 +Subject: [PATCH] verifiers: Fix calling uninitialized function pointer + +The necessary check for NULL before use of function ver->close is not +taking place in the failure path. This patch simply adds the missing +check and fixes the problem that GRUB hangs indefinitely after booting +rogue image without valid signature if secure boot is turned on. + +Now it displays like this for booting rogue UEFI image: + + error: bad shim signature + error: you need to load the kernel first + + Press any key to continue... + +and then you can go back to boot menu by pressing any key or after a few +seconds expired. + +Signed-off-by: Michael Chang +Reviewed-by: Javier Martinez Canillas +Reviewed-by: Daniel Kiper +--- + grub-core/commands/verifiers.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/grub-core/commands/verifiers.c b/grub-core/commands/verifiers.c +index c638d5f43..599d79b75 100644 +--- a/grub-core/commands/verifiers.c ++++ b/grub-core/commands/verifiers.c +@@ -196,7 +196,8 @@ grub_verifiers_open (grub_file_t io, enum grub_file_type type) + return ret; + + fail: +- ver->close (context); ++ if (ver->close) ++ ver->close (context); + fail_noclose: + verified_free (verified); + grub_free (ret); diff --git a/SOURCES/0347-rhel-extra-file-type-fixes.patch b/SOURCES/0347-rhel-extra-file-type-fixes.patch new file mode 100644 index 0000000..7edbf2f --- /dev/null +++ b/SOURCES/0347-rhel-extra-file-type-fixes.patch @@ -0,0 +1,124 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Tue, 12 May 2020 17:26:26 +1000 +Subject: [PATCH] rhel: extra file type fixes + +Signed-off-by: Daniel Axtens +[javierm: fix a couple of build errors caused by mismerges] +Signed-off-by: Javier Martinez Canillas +--- + grub-core/commands/blscfg.c | 2 +- + grub-core/loader/arm64/linux.c | 1 + + grub-core/loader/i386/efi/linux.c | 9 +++++---- + grub-core/net/net.c | 2 +- + grub-core/normal/main.c | 2 +- + grub-core/osdep/generic/blocklist.c | 4 ++-- + 6 files changed, 11 insertions(+), 9 deletions(-) + +diff --git a/grub-core/commands/blscfg.c b/grub-core/commands/blscfg.c +index 70ce5c7bf..795a9f9f1 100644 +--- a/grub-core/commands/blscfg.c ++++ b/grub-core/commands/blscfg.c +@@ -463,7 +463,7 @@ static int read_entry ( + + p = grub_xasprintf ("(%s)%s/%s", info->devid, info->dirname, filename); + +- f = grub_file_open (p); ++ f = grub_file_open (p, GRUB_FILE_TYPE_CONFIG); + if (!f) + goto finish; + +diff --git a/grub-core/loader/arm64/linux.c b/grub-core/loader/arm64/linux.c +index 864724dd4..e1923cf72 100644 +--- a/grub-core/loader/arm64/linux.c ++++ b/grub-core/loader/arm64/linux.c +@@ -31,6 +31,7 @@ + #include + #include + #include ++#include + #include + #include + #include +diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c +index 361e503cb..576f8c07e 100644 +--- a/grub-core/loader/i386/efi/linux.c ++++ b/grub-core/loader/i386/efi/linux.c +@@ -101,8 +101,8 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), + + for (i = 0; i < argc; i++) + { +- grub_file_filter_disable_compression (); +- files[i] = grub_file_open (argv[i]); ++ files[i] = grub_file_open (argv[i], GRUB_FILE_TYPE_LINUX_INITRD | ++ GRUB_FILE_TYPE_NO_DECOMPRESS); + if (! files[i]) + goto fail; + nfiles++; +@@ -182,7 +182,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + goto fail; + } + +- file = grub_file_open (argv[0]); ++ file = grub_file_open (argv[0], GRUB_FILE_TYPE_LINUX_KERNEL); + if (! file) + goto fail; + +@@ -302,7 +302,8 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + grub_memcpy (linux_cmdline, LINUX_IMAGE, sizeof (LINUX_IMAGE)); + grub_create_loader_cmdline (argc, argv, + linux_cmdline + sizeof (LINUX_IMAGE) - 1, +- lh->cmdline_size - (sizeof (LINUX_IMAGE) - 1)); ++ lh->cmdline_size - (sizeof (LINUX_IMAGE) - 1), ++ GRUB_VERIFY_KERNEL_CMDLINE); + + grub_dprintf ("linux", "cmdline:%s\n", linux_cmdline); + grub_dprintf ("linux", "setting lh->cmd_line_ptr\n"); +diff --git a/grub-core/net/net.c b/grub-core/net/net.c +index 0e72bbb9b..1fd104aea 100644 +--- a/grub-core/net/net.c ++++ b/grub-core/net/net.c +@@ -1907,7 +1907,7 @@ grub_net_search_configfile (char *config) + grub_dprintf ("net", "probe %s\n", config); + + grub_file_t file; +- file = grub_file_open (config); ++ file = grub_file_open (config, GRUB_FILE_TYPE_CONFIG); + + if (file) + { +diff --git a/grub-core/normal/main.c b/grub-core/normal/main.c +index cee71a4c2..49141039f 100644 +--- a/grub-core/normal/main.c ++++ b/grub-core/normal/main.c +@@ -363,7 +363,7 @@ grub_try_normal (const char *variable) + if (config) + { + grub_file_t file; +- file = grub_file_open (config); ++ file = grub_file_open (config, GRUB_FILE_TYPE_CONFIG); + if (file) + { + grub_file_close (file); +diff --git a/grub-core/osdep/generic/blocklist.c b/grub-core/osdep/generic/blocklist.c +index 74024fd06..ab1f96da6 100644 +--- a/grub-core/osdep/generic/blocklist.c ++++ b/grub-core/osdep/generic/blocklist.c +@@ -60,7 +60,7 @@ grub_install_get_blocklist (grub_device_t root_dev, + grub_disk_cache_invalidate_all (); + + grub_file_filter_disable_compression (); +- file = grub_file_open (core_path_dev); ++ file = grub_file_open (core_path_dev, GRUB_FILE_TYPE_NONE); + if (file) + { + if (grub_file_size (file) != core_size) +@@ -118,7 +118,7 @@ grub_install_get_blocklist (grub_device_t root_dev, + grub_file_t file; + /* Now read the core image to determine where the sectors are. */ + grub_file_filter_disable_compression (); +- file = grub_file_open (core_path_dev); ++ file = grub_file_open (core_path_dev, GRUB_FILE_TYPE_NONE); + if (! file) + grub_util_error ("%s", grub_errmsg); + diff --git a/SOURCES/0348-dl-Add-support-for-persistent-modules.patch b/SOURCES/0348-dl-Add-support-for-persistent-modules.patch new file mode 100644 index 0000000..82b76e4 --- /dev/null +++ b/SOURCES/0348-dl-Add-support-for-persistent-modules.patch @@ -0,0 +1,65 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Kiper +Date: Tue, 2 Oct 2018 18:49:26 +0200 +Subject: [PATCH] dl: Add support for persistent modules + +This type of modules cannot be unloaded. This is useful if a given +functionality, e.g. UEFI secure boot shim signature verification, should +not be disabled if it was enabled at some point in time. Somebody may +say that we can use standalone GRUB2 here. That is true. However, the +code is not so big nor complicated hence it make sense to support +modularized configs too. + +Signed-off-by: Daniel Kiper +Reviewed-by: Ross Philipson +(cherry picked from commit ee7808e2197cbf5e8515d90ecbd81c9d0dd6fc15) +--- + grub-core/commands/minicmd.c | 3 +++ + include/grub/dl.h | 13 +++++++++++++ + 2 files changed, 16 insertions(+) + +diff --git a/grub-core/commands/minicmd.c b/grub-core/commands/minicmd.c +index 46bf135e8..6d66b7c45 100644 +--- a/grub-core/commands/minicmd.c ++++ b/grub-core/commands/minicmd.c +@@ -137,6 +137,9 @@ grub_mini_cmd_rmmod (struct grub_command *cmd __attribute__ ((unused)), + if (! mod) + return grub_error (GRUB_ERR_BAD_ARGUMENT, "no such module"); + ++ if (grub_dl_is_persistent (mod)) ++ return grub_error (GRUB_ERR_BAD_ARGUMENT, "cannot unload persistent module"); ++ + if (grub_dl_unref (mod) <= 0) + grub_dl_unload (mod); + +diff --git a/include/grub/dl.h b/include/grub/dl.h +index 7b5bfb07c..f7cfe6482 100644 +--- a/include/grub/dl.h ++++ b/include/grub/dl.h +@@ -177,6 +177,7 @@ struct grub_dl + { + char *name; + int ref_count; ++ int persistent; + grub_dl_dep_t dep; + grub_dl_segment_t segment; + Elf_Sym *symtab; +@@ -242,6 +243,18 @@ grub_dl_get (const char *name) + return 0; + } + ++static inline void ++grub_dl_set_persistent (grub_dl_t mod) ++{ ++ mod->persistent = 1; ++} ++ ++static inline int ++grub_dl_is_persistent (grub_dl_t mod) ++{ ++ return mod->persistent; ++} ++ + #endif + + void * EXPORT_FUNC(grub_resolve_symbol) (const char *name); diff --git a/SOURCES/0349-Add-suport-for-signing-grub-with-an-appended-signatu.patch b/SOURCES/0349-Add-suport-for-signing-grub-with-an-appended-signatu.patch new file mode 100644 index 0000000..9804cca --- /dev/null +++ b/SOURCES/0349-Add-suport-for-signing-grub-with-an-appended-signatu.patch @@ -0,0 +1,309 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Rashmica Gupta +Date: Thu, 11 Jun 2020 11:26:23 +1000 +Subject: [PATCH] Add suport for signing grub with an appended signature + +Add infrastructure to allow firmware to verify the integrity of grub +by use of a Linux-kernel-module-style appended signature. We initially +target powerpc-ieee1275, but the code should be extensible to other +platforms. + +Usually these signatures are appended to a file without modifying the +ELF file itself. (This is what the 'sign-file' tool does, for example.) +The verifier loads the signed file from the file system and looks at the +end of the file for the appended signature. However, on powerpc-ieee1275 +platforms, the bootloader is often stored directly in the PReP partition +as raw bytes without a file-system. This makes determining the location +of an appended signature more difficult. + +To address this, we add a new ELF note. + +The name field of shall be the string "Appended-Signature", zero-padded +to 4 byte alignment. The type field shall be 0x41536967 (the ASCII values +for the string "ASig"). It must be the final section in the ELF binary. + +The description shall contain the appended signature structure as defined +by the Linux kernel. The description will also be padded to be a multiple +of 4 bytes. The padding shall be added before the appended signature +structure (not at the end) so that the final bytes of a signed ELF file +are the appended signature magic. + +A subsequent patch documents how to create a grub core.img validly signed +under this scheme. + +Signed-off-by: Daniel Axtens +Signed-off-by: Rashmica Gupta + +--- + +You can experiment with this code with a patched version of SLOF +that verifies these signatures. You can find one at: + https://github.com/daxtens/SLOF + +I will be proposing this for inclusion in a future Power Architecture +Platform Reference (PAPR). +--- + util/grub-install-common.c | 16 +++++++++++++--- + util/grub-mkimage.c | 11 +++++++++++ + util/grub-mkimagexx.c | 39 ++++++++++++++++++++++++++++++++++++++- + util/mkimage.c | 10 +++++----- + include/grub/util/install.h | 8 ++++++-- + include/grub/util/mkimage.h | 4 ++-- + 6 files changed, 75 insertions(+), 13 deletions(-) + +diff --git a/util/grub-install-common.c b/util/grub-install-common.c +index cf993c059..561e671ff 100644 +--- a/util/grub-install-common.c ++++ b/util/grub-install-common.c +@@ -303,10 +303,12 @@ handle_install_list (struct install_list *il, const char *val, + static char **pubkeys; + static size_t npubkeys; + static grub_compression_t compression; ++static size_t appsig_size; + + int + grub_install_parse (int key, char *arg) + { ++ const char *end; + switch (key) + { + case 'C': +@@ -395,6 +397,12 @@ grub_install_parse (int key, char *arg) + grub_util_error (_("Unrecognized compression `%s'"), arg); + case GRUB_INSTALL_OPTIONS_GRUB_MKIMAGE: + return 1; ++ case GRUB_INSTALL_OPTIONS_APPENDED_SIGNATURE_SIZE: ++ grub_errno = 0; ++ appsig_size = grub_strtol(arg, &end, 10); ++ if (grub_errno) ++ return 0; ++ return 1; + default: + return 0; + } +@@ -493,10 +501,12 @@ grub_install_make_image_wrap_file (const char *dir, const char *prefix, + grub_util_info ("grub-mkimage --directory '%s' --prefix '%s'" + " --output '%s' " + " --dtb '%s' " +- "--format '%s' --compression '%s' %s %s\n", ++ "--format '%s' --compression '%s' " ++ "--appended-signature-size %zu %s %s\n", + dir, prefix, + outname, dtb ? : "", mkimage_target, +- compnames[compression], note ? "--note" : "", s); ++ compnames[compression], appsig_size, ++ note ? "--note" : "", s); + free (s); + + tgt = grub_install_get_image_target (mkimage_target); +@@ -506,7 +516,7 @@ grub_install_make_image_wrap_file (const char *dir, const char *prefix, + grub_install_generate_image (dir, prefix, fp, outname, + modules.entries, memdisk_path, + pubkeys, npubkeys, config_path, tgt, +- note, compression, dtb); ++ note, appsig_size, compression, dtb); + while (dc--) + grub_install_pop_module (); + } +diff --git a/util/grub-mkimage.c b/util/grub-mkimage.c +index 98d24cc06..65a015d8a 100644 +--- a/util/grub-mkimage.c ++++ b/util/grub-mkimage.c +@@ -82,6 +82,7 @@ static struct argp_option options[] = { + {"format", 'O', N_("FORMAT"), 0, 0, 0}, + {"compression", 'C', "(xz|none|auto)", 0, N_("choose the compression to use for core image"), 0}, + {"verbose", 'v', 0, 0, N_("print verbose messages."), 0}, ++ {"appended-signature-size", 'S', N_("SIZE"), 0, N_("Add a note segment reserving SIZE bytes for an appended signature"), 0}, + { 0, 0, 0, 0, 0, 0 } + }; + +@@ -124,6 +125,7 @@ struct arguments + char *font; + char *config; + int note; ++ size_t appsig_size; + const struct grub_install_image_target_desc *image_target; + grub_compression_t comp; + }; +@@ -134,6 +136,7 @@ argp_parser (int key, char *arg, struct argp_state *state) + /* Get the input argument from argp_parse, which we + know is a pointer to our arguments structure. */ + struct arguments *arguments = state->input; ++ const char* end; + + switch (key) + { +@@ -166,6 +169,13 @@ argp_parser (int key, char *arg, struct argp_state *state) + arguments->note = 1; + break; + ++ case 'S': ++ grub_errno = 0; ++ arguments->appsig_size = grub_strtol(arg, &end, 10); ++ if (grub_errno) ++ return 0; ++ break; ++ + case 'm': + if (arguments->memdisk) + free (arguments->memdisk); +@@ -309,6 +319,7 @@ main (int argc, char *argv[]) + arguments.memdisk, arguments.pubkeys, + arguments.npubkeys, arguments.config, + arguments.image_target, arguments.note, ++ arguments.appsig_size, + arguments.comp, arguments.dtb); + + grub_util_file_sync (fp); +diff --git a/util/grub-mkimagexx.c b/util/grub-mkimagexx.c +index f9aa1a033..1bb5eb84c 100644 +--- a/util/grub-mkimagexx.c ++++ b/util/grub-mkimagexx.c +@@ -82,6 +82,15 @@ struct grub_ieee1275_note + struct grub_ieee1275_note_desc descriptor; + }; + ++#define GRUB_APPENDED_SIGNATURE_NOTE_NAME "Appended-Signature" ++#define GRUB_APPENDED_SIGNATURE_NOTE_TYPE 0x41536967 /* "ASig" */ ++ ++struct grub_appended_signature_note ++{ ++ Elf32_Nhdr header; ++ char name[ALIGN_UP(sizeof (GRUB_APPENDED_SIGNATURE_NOTE_NAME), 4)]; ++}; ++ + #define GRUB_XEN_NOTE_NAME "Xen" + + struct fixup_block_list +@@ -205,7 +214,7 @@ grub_arm_reloc_jump24 (grub_uint32_t *target, Elf32_Addr sym_addr) + + void + SUFFIX (grub_mkimage_generate_elf) (const struct grub_install_image_target_desc *image_target, +- int note, char **core_img, size_t *core_size, ++ int note, size_t appsig_size, char **core_img, size_t *core_size, + Elf_Addr target_addr, + struct grub_mkimage_layout *layout) + { +@@ -219,6 +228,12 @@ SUFFIX (grub_mkimage_generate_elf) (const struct grub_install_image_target_desc + int shnum = 4; + int string_size = sizeof (".text") + sizeof ("mods") + 1; + ++ if (appsig_size) ++ { ++ phnum++; ++ footer_size += ALIGN_UP(sizeof (struct grub_appended_signature_note) + appsig_size, 4); ++ } ++ + if (image_target->id != IMAGE_LOONGSON_ELF) + phnum += 2; + +@@ -449,6 +464,28 @@ SUFFIX (grub_mkimage_generate_elf) (const struct grub_install_image_target_desc + phdr->p_offset = grub_host_to_target32 (header_size + program_size); + } + ++ if (appsig_size) { ++ int note_size = ALIGN_UP(sizeof (struct grub_appended_signature_note) + appsig_size, 4); ++ struct grub_appended_signature_note *note_ptr = (struct grub_appended_signature_note *) ++ (elf_img + program_size + header_size + (note ? sizeof (struct grub_ieee1275_note) : 0)); ++ ++ note_ptr->header.n_namesz = grub_host_to_target32 (sizeof (GRUB_APPENDED_SIGNATURE_NOTE_NAME)); ++ /* needs to sit at the end, so we round this up and sign some zero padding */ ++ note_ptr->header.n_descsz = grub_host_to_target32 (ALIGN_UP(appsig_size, 4)); ++ note_ptr->header.n_type = grub_host_to_target32 (GRUB_APPENDED_SIGNATURE_NOTE_TYPE); ++ strcpy (note_ptr->name, GRUB_APPENDED_SIGNATURE_NOTE_NAME); ++ ++ phdr++; ++ phdr->p_type = grub_host_to_target32 (PT_NOTE); ++ phdr->p_flags = grub_host_to_target32 (PF_R); ++ phdr->p_align = grub_host_to_target32 (image_target->voidp_sizeof); ++ phdr->p_vaddr = 0; ++ phdr->p_paddr = 0; ++ phdr->p_filesz = grub_host_to_target32 (note_size); ++ phdr->p_memsz = 0; ++ phdr->p_offset = grub_host_to_target32 (header_size + program_size + (note ? sizeof (struct grub_ieee1275_note) : 0)); ++ } ++ + { + char *str_start = (elf_img + sizeof (*ehdr) + phnum * sizeof (*phdr) + + shnum * sizeof (*shdr)); +diff --git a/util/mkimage.c b/util/mkimage.c +index e22d82afa..a81120f26 100644 +--- a/util/mkimage.c ++++ b/util/mkimage.c +@@ -777,7 +777,7 @@ grub_install_generate_image (const char *dir, const char *prefix, + char *memdisk_path, char **pubkey_paths, + size_t npubkeys, char *config_path, + const struct grub_install_image_target_desc *image_target, +- int note, grub_compression_t comp, const char *dtb_path) ++ int note, size_t appsig_size, grub_compression_t comp, const char *dtb_path) + { + char *kernel_img, *core_img; + size_t total_module_size, core_size; +@@ -1694,11 +1694,11 @@ grub_install_generate_image (const char *dir, const char *prefix, + else + target_addr = image_target->link_addr; + if (image_target->voidp_sizeof == 4) +- grub_mkimage_generate_elf32 (image_target, note, &core_img, &core_size, +- target_addr, &layout); ++ grub_mkimage_generate_elf32 (image_target, note, appsig_size, &core_img, ++ &core_size, target_addr, &layout); + else +- grub_mkimage_generate_elf64 (image_target, note, &core_img, &core_size, +- target_addr, &layout); ++ grub_mkimage_generate_elf64 (image_target, note, appsig_size, &core_img, ++ &core_size, target_addr, &layout); + } + break; + } +diff --git a/include/grub/util/install.h b/include/grub/util/install.h +index 0dba8b67f..ba5e6a2ea 100644 +--- a/include/grub/util/install.h ++++ b/include/grub/util/install.h +@@ -63,6 +63,9 @@ + /* TRANSLATORS: "embed" is a verb (command description). "*/ \ + { "pubkey", 'k', N_("FILE"), 0, \ + N_("embed FILE as public key for signature checking"), 0}, \ ++ { "appended-signature-size", GRUB_INSTALL_OPTIONS_APPENDED_SIGNATURE_SIZE,\ ++ "SIZE", 0, N_("Add a note segment reserving SIZE bytes for an appended signature"), \ ++ 1}, \ + { "verbose", 'v', 0, 0, \ + N_("print verbose messages."), 1 } + +@@ -119,7 +122,8 @@ enum grub_install_options { + GRUB_INSTALL_OPTIONS_THEMES_DIRECTORY, + GRUB_INSTALL_OPTIONS_GRUB_MKIMAGE, + GRUB_INSTALL_OPTIONS_INSTALL_CORE_COMPRESS, +- GRUB_INSTALL_OPTIONS_DTB ++ GRUB_INSTALL_OPTIONS_DTB, ++ GRUB_INSTALL_OPTIONS_APPENDED_SIGNATURE_SIZE + }; + + extern char *grub_install_source_directory; +@@ -179,7 +183,7 @@ grub_install_generate_image (const char *dir, const char *prefix, + size_t npubkeys, + char *config_path, + const struct grub_install_image_target_desc *image_target, +- int note, ++ int note, size_t appsig_size, + grub_compression_t comp, const char *dtb_file); + + const struct grub_install_image_target_desc * +diff --git a/include/grub/util/mkimage.h b/include/grub/util/mkimage.h +index b3a5ca132..cef7fffa7 100644 +--- a/include/grub/util/mkimage.h ++++ b/include/grub/util/mkimage.h +@@ -50,12 +50,12 @@ grub_mkimage_load_image64 (const char *kernel_path, + const struct grub_install_image_target_desc *image_target); + void + grub_mkimage_generate_elf32 (const struct grub_install_image_target_desc *image_target, +- int note, char **core_img, size_t *core_size, ++ int note, size_t appsig_size, char **core_img, size_t *core_size, + Elf32_Addr target_addr, + struct grub_mkimage_layout *layout); + void + grub_mkimage_generate_elf64 (const struct grub_install_image_target_desc *image_target, +- int note, char **core_img, size_t *core_size, ++ int note, size_t appsig_size, char **core_img, size_t *core_size, + Elf64_Addr target_addr, + struct grub_mkimage_layout *layout); + diff --git a/SOURCES/0350-docs-grub-Document-signing-grub-under-UEFI.patch b/SOURCES/0350-docs-grub-Document-signing-grub-under-UEFI.patch new file mode 100644 index 0000000..3b01e54 --- /dev/null +++ b/SOURCES/0350-docs-grub-Document-signing-grub-under-UEFI.patch @@ -0,0 +1,59 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Sat, 15 Aug 2020 02:00:57 +1000 +Subject: [PATCH] docs/grub: Document signing grub under UEFI + +Before adding information about how grub is signed with an appended +signature scheme, it's worth adding some information about how it +can currently be signed for UEFI. + +(adjusted from upstream - s/grub/grub2/ in the docs) +Signed-off-by: Daniel Axtens +--- + docs/grub.texi | 19 ++++++++++++++++++- + 1 file changed, 18 insertions(+), 1 deletion(-) + +diff --git a/docs/grub.texi b/docs/grub.texi +index fa11cc0af..acace6c07 100644 +--- a/docs/grub.texi ++++ b/docs/grub.texi +@@ -5610,6 +5610,7 @@ environment variables and commands are listed in the same order. + @menu + * Authentication and authorisation:: Users and access control + * Using digital signatures:: Booting digitally signed code ++* Signing GRUB itself:: Ensuring the integrity of the GRUB core image + @end menu + + @node Authentication and authorisation +@@ -5687,7 +5688,7 @@ commands. + + GRUB's @file{core.img} can optionally provide enforcement that all files + subsequently read from disk are covered by a valid digital signature. +-This document does @strong{not} cover how to ensure that your ++This section does @strong{not} cover how to ensure that your + platform's firmware (e.g., Coreboot) validates @file{core.img}. + + If environment variable @code{check_signatures} +@@ -5772,6 +5773,22 @@ or BIOS) configuration to cause the machine to boot from a different + (attacker-controlled) device. GRUB is at best only one link in a + secure boot chain. + ++@node Signing GRUB itself ++@section Signing GRUB itself ++ ++To ensure a complete secure-boot chain, there must be a way for the code that ++loads GRUB to verify the integrity of the core image. ++ ++This is ultimately platform-specific and individual platforms can define their ++own mechanisms. However, there are general-purpose mechanisms that can be used ++with GRUB. ++ ++@section Signing GRUB for UEFI secure boot ++ ++On UEFI platforms, @file{core.img} is a PE binary. Therefore, it can be signed ++with a tool such as @command{pesign} or @command{sbsign}. It will also be ++necessary to enrol the public key used into a relevant firmware key database. ++ + @node Platform limitations + @chapter Platform limitations + diff --git a/SOURCES/0351-docs-grub-Document-signing-grub-with-an-appended-sig.patch b/SOURCES/0351-docs-grub-Document-signing-grub-with-an-appended-sig.patch new file mode 100644 index 0000000..d3410d5 --- /dev/null +++ b/SOURCES/0351-docs-grub-Document-signing-grub-with-an-appended-sig.patch @@ -0,0 +1,67 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Sat, 15 Aug 2020 02:19:36 +1000 +Subject: [PATCH] docs/grub: Document signing grub with an appended signature + +Signing grub for firmware that verifies an appended signature is a +bit fiddly. I don't want people to have to figure it out from scratch +so document it here. + +Signed-off-by: Daniel Axtens +--- + docs/grub.texi | 42 ++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 42 insertions(+) + +diff --git a/docs/grub.texi b/docs/grub.texi +index acace6c07..61c92a1e0 100644 +--- a/docs/grub.texi ++++ b/docs/grub.texi +@@ -5789,6 +5789,48 @@ On UEFI platforms, @file{core.img} is a PE binary. Therefore, it can be signed + with a tool such as @command{pesign} or @command{sbsign}. It will also be + necessary to enrol the public key used into a relevant firmware key database. + ++@section Signing GRUB with an appended signature ++ ++The @file{core.img} itself can be signed with a Linux kernel module-style ++appended signature. ++ ++To support IEEE1275 platforms where the boot image is often loaded directly ++from a disk partition rather than from a file system, the @file{core.img} ++can specify the size and location of the appended signature with an ELF ++note added by @command{grub-install}. ++ ++An image can be signed this way using the @command{sign-file} command from ++the Linux kernel: ++ ++@example ++@group ++# grub.key is your private key and certificate.der is your public key ++ ++# Determine the size of the appended signature. It depends on the signing ++# certificate and the hash algorithm ++touch empty ++sign-file SHA256 grub.key certificate.der empty empty.sig ++SIG_SIZE=`stat -c '%s' empty.sig` ++rm empty empty.sig ++ ++# Build a grub image with $SIG_SIZE reserved for the signature ++grub-install --appended-signature-size $SIG_SIZE --modules="..." ... ++ ++# Replace the reserved size with a signature: ++# cut off the last $SIG_SIZE bytes with truncate's minus modifier ++truncate -s -$SIG_SIZE /boot/grub/powerpc-ieee1275/core.elf core.elf.unsigned ++# sign the trimmed file with an appended signature, restoring the correct size ++sign-file SHA256 grub.key certificate.der core.elf.unsigned core.elf.signed ++ ++# Don't forget to install the signed image as required ++# (e.g. on powerpc-ieee1275, to the PReP partition) ++@end group ++@end example ++ ++As with UEFI secure boot, it is necessary to build in the required modules, ++or sign them separately. ++ ++ + @node Platform limitations + @chapter Platform limitations + diff --git a/SOURCES/0352-docs-grub-grub-install-is-no-longer-a-shell-script.patch b/SOURCES/0352-docs-grub-grub-install-is-no-longer-a-shell-script.patch new file mode 100644 index 0000000..2322ea5 --- /dev/null +++ b/SOURCES/0352-docs-grub-grub-install-is-no-longer-a-shell-script.patch @@ -0,0 +1,33 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Sat, 15 Aug 2020 01:00:11 +1000 +Subject: [PATCH] docs/grub: grub-install is no longer a shell script + +Since commit cd46aa6cefab in 2013, grub-install hasn't been a shell +script. The para doesn't really add that much, especially since it's +the user manual, so just drop it. + +(adjust docs: s/grub/grub2) +Signed-off-by: Daniel Axtens +--- + docs/grub.texi | 7 ------- + 1 file changed, 7 deletions(-) + +diff --git a/docs/grub.texi b/docs/grub.texi +index 61c92a1e0..34517e674 100644 +--- a/docs/grub.texi ++++ b/docs/grub.texi +@@ -695,13 +695,6 @@ floppy instead of exposing the USB drive as a hard disk (they call it + This install doesn't conflict with standard install as long as they are in + separate directories. + +-Note that @command{grub2-install} is actually just a shell script and the +-real task is done by other tools such as @command{grub2-mkimage}. Therefore, +-you may run those commands directly to install GRUB, without using +-@command{grub2-install}. Don't do that, however, unless you are very familiar +-with the internals of GRUB. Installing a boot loader on a running OS may be +-extremely dangerous. +- + On EFI systems for fixed disk install you have to mount EFI System Partition. + If you mount it at @file{/boot/efi} then you don't need any special arguments: + diff --git a/SOURCES/0353-docs-grub-pubkey-has-been-supported-for-some-time.patch b/SOURCES/0353-docs-grub-pubkey-has-been-supported-for-some-time.patch new file mode 100644 index 0000000..b2c9248 --- /dev/null +++ b/SOURCES/0353-docs-grub-pubkey-has-been-supported-for-some-time.patch @@ -0,0 +1,36 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Sat, 15 Aug 2020 02:04:01 +1000 +Subject: [PATCH] docs/grub: --pubkey has been supported for some time + +--pubkey is supported, so we can now document it. + +(adjust docs: s/grub/grub2) +Signed-off-by: Daniel Axtens +--- + docs/grub.texi | 12 +++--------- + 1 file changed, 3 insertions(+), 9 deletions(-) + +diff --git a/docs/grub.texi b/docs/grub.texi +index 34517e674..a833364d5 100644 +--- a/docs/grub.texi ++++ b/docs/grub.texi +@@ -5695,15 +5695,9 @@ verified with a public key currently trusted by GRUB + validation fails, then file @file{foo} cannot be opened. This failure + may halt or otherwise impact the boot process. + +-@comment Unfortunately --pubkey is not yet supported by grub2-install, +-@comment but we should not bring up internal detail grub2-mkimage here +-@comment in the user guide (as opposed to developer's manual). +- +-@comment An initial trusted public key can be embedded within the GRUB +-@comment @file{core.img} using the @code{--pubkey} option to +-@comment @command{grub2-mkimage} (@pxref{Invoking grub2-install}). Presently it +-@comment is necessary to write a custom wrapper around @command{grub2-mkimage} +-@comment using the @code{--grub-mkimage} flag to @command{grub2-install}. ++An initial trusted public key can be embedded within the GRUB ++@file{core.img} using the @code{--pubkey} option to ++@command{grub2-install} (@pxref{Invoking grub2-install}). + + GRUB uses GPG-style detached signatures (meaning that a file + @file{foo.sig} will be produced when file @file{foo} is signed), and diff --git a/SOURCES/0354-dl-provide-a-fake-grub_dl_set_persistent-for-the-emu.patch b/SOURCES/0354-dl-provide-a-fake-grub_dl_set_persistent-for-the-emu.patch new file mode 100644 index 0000000..bc42873 --- /dev/null +++ b/SOURCES/0354-dl-provide-a-fake-grub_dl_set_persistent-for-the-emu.patch @@ -0,0 +1,44 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Thu, 30 Jul 2020 00:13:21 +1000 +Subject: [PATCH] dl: provide a fake grub_dl_set_persistent for the emu target + +Trying to start grub-emu with a module that calls grub_dl_set_persistent +will crash because grub-emu fakes modules and passes NULL to the module +init function. + +Provide an empty function for the emu case. + +Fixes: ee7808e2197c (dl: Add support for persistent modules) +Signed-off-by: Daniel Axtens +--- + include/grub/dl.h | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +diff --git a/include/grub/dl.h b/include/grub/dl.h +index f7cfe6482..877821dcb 100644 +--- a/include/grub/dl.h ++++ b/include/grub/dl.h +@@ -243,11 +243,22 @@ grub_dl_get (const char *name) + return 0; + } + ++#ifdef GRUB_MACHINE_EMU ++/* ++ * Under grub-emu, modules are faked and NULL is passed to GRUB_MOD_INIT. ++ * So we fake this out to avoid a NULL deref. ++ */ ++static inline void ++grub_dl_set_persistent (grub_dl_t mod __attribute__((unused))) ++{ ++} ++#else + static inline void + grub_dl_set_persistent (grub_dl_t mod) + { + mod->persistent = 1; + } ++#endif + + static inline int + grub_dl_is_persistent (grub_dl_t mod) diff --git a/SOURCES/0355-verifiers-provide-unsafe-module-list.patch b/SOURCES/0355-verifiers-provide-unsafe-module-list.patch new file mode 100644 index 0000000..1fa7301 --- /dev/null +++ b/SOURCES/0355-verifiers-provide-unsafe-module-list.patch @@ -0,0 +1,96 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Wed, 29 Jul 2020 17:46:16 +1000 +Subject: [PATCH] verifiers: provide unsafe module list + +Other verifiers that implement secure boot may want to be able to +use this list and behaviour. + +Upstream, this factors the list out of the shim_lock verifier. +However, that hasn't hit the RHEL8.4 tree yet, so instead +of factoring it out of that we just create it. + +Signed-off-by: Daniel Axtens +--- + grub-core/commands/verifiers.c | 46 ++++++++++++++++++++++++++++++++++++++++++ + include/grub/verify.h | 13 ++++++++++++ + 2 files changed, 59 insertions(+) + +diff --git a/grub-core/commands/verifiers.c b/grub-core/commands/verifiers.c +index 599d79b75..f64343ac9 100644 +--- a/grub-core/commands/verifiers.c ++++ b/grub-core/commands/verifiers.c +@@ -218,6 +218,52 @@ grub_verify_string (char *str, enum grub_verify_string_type type) + return GRUB_ERR_NONE; + } + ++/* List of modules which may allow for verifcation to be bypassed. */ ++static const char *const disabled_mods[] = { "iorw", "memrw", "wrmsr", NULL }; ++ ++/* ++ * Does the module in file `io' allow for the a verifier to be bypassed? ++ * ++ * Returns 1 if so, otherwise 0. ++ */ ++char ++grub_is_dangerous_module (grub_file_t io) ++{ ++ char *b, *e; ++ int i; ++ ++ /* Establish GRUB module name. */ ++ b = grub_strrchr (io->name, '/'); ++ e = grub_strrchr (io->name, '.'); ++ ++ b = b ? (b + 1) : io->name; ++ e = e ? e : io->name + grub_strlen (io->name); ++ e = (e > b) ? e : io->name + grub_strlen (io->name); ++ ++ for (i = 0; disabled_mods[i]; i++) ++ if (!grub_strncmp (b, disabled_mods[i], ++ grub_strlen (b) - grub_strlen (e))) ++ return 1; ++ return 0; ++} ++ ++/* ++ * Is there already an unsafe module in memory? ++ * Returns the name if one is loaded, otherwise NULL. ++ */ ++const char * ++grub_dangerous_module_loaded (void) ++{ ++ int i; ++ ++ for (i = 0; disabled_mods[i]; i++) ++ if (grub_dl_get (disabled_mods[i])) ++ { ++ return disabled_mods[i]; ++ } ++ return NULL; ++} ++ + GRUB_MOD_INIT(verifiers) + { + grub_file_filter_register (GRUB_FILE_FILTER_VERIFY, grub_verifiers_open); +diff --git a/include/grub/verify.h b/include/grub/verify.h +index 79022b422..60c13e7ea 100644 +--- a/include/grub/verify.h ++++ b/include/grub/verify.h +@@ -76,3 +76,16 @@ grub_verifier_unregister (struct grub_file_verifier *ver) + + grub_err_t + grub_verify_string (char *str, enum grub_verify_string_type type); ++ ++/* ++ * Does the module in file `io' allow for the a verifier to be bypassed? ++ * ++ * Returns 1 if so, otherwise 0. ++ */ ++char grub_is_dangerous_module (grub_file_t io); ++ ++/* ++ * Is there already an unsafe module in memory? ++ * Returns the name if one is loaded, otherwise NULL. ++ */ ++const char *grub_dangerous_module_loaded (void); diff --git a/SOURCES/0356-pgp-factor-out-rsa_pad.patch b/SOURCES/0356-pgp-factor-out-rsa_pad.patch new file mode 100644 index 0000000..6900cc5 --- /dev/null +++ b/SOURCES/0356-pgp-factor-out-rsa_pad.patch @@ -0,0 +1,191 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Thu, 1 Oct 2020 20:23:48 +1000 +Subject: [PATCH] pgp: factor out rsa_pad + +rsa_pad does the PKCS#1 v1.5 padding for the RSA signature scheme. +We want to use it in other RSA signature verification applications. + +I considered and rejected putting it in lib/crypto.c. That file doesn't +currently require any MPI functions, but rsa_pad does. That's not so +much of a problem for the grub kernel and modules, but crypto.c also +gets built into all the grub utilities. So - despite the utils not +using any asymmetric ciphers - we would need to built the entire MPI +infrastructure in to them. + +A better and simpler solution is just to spin rsa_pad out into its own +PKCS#1 v1.5 module. + +Signed-off-by: Daniel Axtens +--- + grub-core/Makefile.core.def | 8 ++++++ + grub-core/commands/pgp.c | 28 ++------------------- + grub-core/lib/pkcs1_v15.c | 59 +++++++++++++++++++++++++++++++++++++++++++++ + include/grub/pkcs1_v15.h | 27 +++++++++++++++++++++ + 4 files changed, 96 insertions(+), 26 deletions(-) + create mode 100644 grub-core/lib/pkcs1_v15.c + create mode 100644 include/grub/pkcs1_v15.h + +diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def +index 809f11fea..99615c07b 100644 +--- a/grub-core/Makefile.core.def ++++ b/grub-core/Makefile.core.def +@@ -2387,6 +2387,14 @@ module = { + cppflags = '$(CPPFLAGS_GCRY)'; + }; + ++module = { ++ name = pkcs1_v15; ++ common = lib/pkcs1_v15.c; ++ ++ cflags = '$(CFLAGS_GCRY) -Wno-redundant-decls -Wno-sign-compare'; ++ cppflags = '$(CPPFLAGS_GCRY)'; ++}; ++ + module = { + name = all_video; + common = lib/fake_module.c; +diff --git a/grub-core/commands/pgp.c b/grub-core/commands/pgp.c +index d39846d8c..bb6543819 100644 +--- a/grub-core/commands/pgp.c ++++ b/grub-core/commands/pgp.c +@@ -24,6 +24,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -411,32 +412,7 @@ static int + rsa_pad (gcry_mpi_t *hmpi, grub_uint8_t *hval, + const gcry_md_spec_t *hash, struct grub_public_subkey *sk) + { +- grub_size_t tlen, emlen, fflen; +- grub_uint8_t *em, *emptr; +- unsigned nbits = gcry_mpi_get_nbits (sk->mpis[0]); +- int ret; +- tlen = hash->mdlen + hash->asnlen; +- emlen = (nbits + 7) / 8; +- if (emlen < tlen + 11) +- return 1; +- +- em = grub_malloc (emlen); +- if (!em) +- return 1; +- +- em[0] = 0x00; +- em[1] = 0x01; +- fflen = emlen - tlen - 3; +- for (emptr = em + 2; emptr < em + 2 + fflen; emptr++) +- *emptr = 0xff; +- *emptr++ = 0x00; +- grub_memcpy (emptr, hash->asnoid, hash->asnlen); +- emptr += hash->asnlen; +- grub_memcpy (emptr, hval, hash->mdlen); +- +- ret = gcry_mpi_scan (hmpi, GCRYMPI_FMT_USG, em, emlen, 0); +- grub_free (em); +- return ret; ++ return grub_crypto_rsa_pad(hmpi, hval, hash, sk->mpis[0]); + } + + struct grub_pubkey_context +diff --git a/grub-core/lib/pkcs1_v15.c b/grub-core/lib/pkcs1_v15.c +new file mode 100644 +index 000000000..dbacd563d +--- /dev/null ++++ b/grub-core/lib/pkcs1_v15.c +@@ -0,0 +1,59 @@ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2013 Free Software Foundation, Inc. ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ */ ++ ++#include ++#include ++ ++GRUB_MOD_LICENSE ("GPLv3+"); ++ ++/* ++ * Given a hash value 'hval', of hash specification 'hash', perform ++ * the EMSA-PKCS1-v1_5 padding suitable for a key with modulus 'mod' ++ * (see RFC 8017 s 9.2) and place the result in 'hmpi'. ++ */ ++gcry_err_code_t ++grub_crypto_rsa_pad (gcry_mpi_t * hmpi, grub_uint8_t * hval, ++ const gcry_md_spec_t * hash, gcry_mpi_t mod) ++{ ++ grub_size_t tlen, emlen, fflen; ++ grub_uint8_t *em, *emptr; ++ unsigned nbits = gcry_mpi_get_nbits (mod); ++ int ret; ++ tlen = hash->mdlen + hash->asnlen; ++ emlen = (nbits + 7) / 8; ++ if (emlen < tlen + 11) ++ return GPG_ERR_TOO_SHORT; ++ ++ em = grub_malloc (emlen); ++ if (!em) ++ return 1; ++ ++ em[0] = 0x00; ++ em[1] = 0x01; ++ fflen = emlen - tlen - 3; ++ for (emptr = em + 2; emptr < em + 2 + fflen; emptr++) ++ *emptr = 0xff; ++ *emptr++ = 0x00; ++ grub_memcpy (emptr, hash->asnoid, hash->asnlen); ++ emptr += hash->asnlen; ++ grub_memcpy (emptr, hval, hash->mdlen); ++ ++ ret = gcry_mpi_scan (hmpi, GCRYMPI_FMT_USG, em, emlen, 0); ++ grub_free (em); ++ return ret; ++} +diff --git a/include/grub/pkcs1_v15.h b/include/grub/pkcs1_v15.h +new file mode 100644 +index 000000000..5c338c84a +--- /dev/null ++++ b/include/grub/pkcs1_v15.h +@@ -0,0 +1,27 @@ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2013 Free Software Foundation, Inc. ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ */ ++ ++/* ++ * Given a hash value 'hval', of hash specification 'hash', perform ++ * the EMSA-PKCS1-v1_5 padding suitable for a key with modulus 'mod' ++ * (See RFC 8017 s 9.2) ++ */ ++gcry_err_code_t ++grub_crypto_rsa_pad (gcry_mpi_t * hmpi, grub_uint8_t * hval, ++ const gcry_md_spec_t * hash, gcry_mpi_t mod); ++ diff --git a/SOURCES/0357-crypto-move-storage-for-grub_crypto_pk_-to-crypto.c.patch b/SOURCES/0357-crypto-move-storage-for-grub_crypto_pk_-to-crypto.c.patch new file mode 100644 index 0000000..ba7101e --- /dev/null +++ b/SOURCES/0357-crypto-move-storage-for-grub_crypto_pk_-to-crypto.c.patch @@ -0,0 +1,71 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Fri, 2 Oct 2020 10:49:26 +1000 +Subject: [PATCH] crypto: move storage for grub_crypto_pk_* to crypto.c + +The way gcry_rsa and friends (the asymmetric ciphers) are loaded for the +pgp module is a bit quirky. + +include/grub/crypto.h contains: + extern struct gcry_pk_spec *grub_crypto_pk_rsa; + +commands/pgp.c contains the actual storage: + struct gcry_pk_spec *grub_crypto_pk_rsa; + +And the module itself saves to the storage in pgp.c: + GRUB_MOD_INIT(gcry_rsa) + { + grub_crypto_pk_rsa = &_gcry_pubkey_spec_rsa; + } + +This is annoying: gcry_rsa now has a dependency on pgp! + +We want to be able to bring in gcry_rsa without bringing in PGP, +so move the storage to crypto.c. + +Previously, gcry_rsa depended on pgp and mpi. Now it depends on +crypto and mpi. As pgp depends on crypto, this doesn't add any new +module dependencies using the PGP verfier. + +[FWIW, the story is different for the symmetric ciphers. cryptodisk +and friends (zfs encryption etc) use grub_crypto_lookup_cipher_by_name() +to get a cipher handle. That depends on grub_ciphers being populated +by people calling grub_cipher_register. import_gcry.py ensures that the +symmetric ciphers call it.] + +Signed-off-by: Daniel Axtens +--- + grub-core/commands/pgp.c | 4 ---- + grub-core/lib/crypto.c | 4 ++++ + 2 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/grub-core/commands/pgp.c b/grub-core/commands/pgp.c +index bb6543819..75de32c2a 100644 +--- a/grub-core/commands/pgp.c ++++ b/grub-core/commands/pgp.c +@@ -147,10 +147,6 @@ const char *hashes[] = { + [0x0b] = "sha224" + }; + +-struct gcry_pk_spec *grub_crypto_pk_dsa; +-struct gcry_pk_spec *grub_crypto_pk_ecdsa; +-struct gcry_pk_spec *grub_crypto_pk_rsa; +- + static int + dsa_pad (gcry_mpi_t *hmpi, grub_uint8_t *hval, + const gcry_md_spec_t *hash, struct grub_public_subkey *sk); +diff --git a/grub-core/lib/crypto.c b/grub-core/lib/crypto.c +index e6c78d16d..ff62fa30e 100644 +--- a/grub-core/lib/crypto.c ++++ b/grub-core/lib/crypto.c +@@ -121,6 +121,10 @@ grub_md_unregister (gcry_md_spec_t *cipher) + } + } + ++struct gcry_pk_spec *grub_crypto_pk_dsa; ++struct gcry_pk_spec *grub_crypto_pk_ecdsa; ++struct gcry_pk_spec *grub_crypto_pk_rsa; ++ + void + grub_crypto_hash (const gcry_md_spec_t *hash, void *out, const void *in, + grub_size_t inlen) diff --git a/SOURCES/0358-posix_wrap-tweaks-in-preparation-for-libtasn1.patch b/SOURCES/0358-posix_wrap-tweaks-in-preparation-for-libtasn1.patch new file mode 100644 index 0000000..7ff703e --- /dev/null +++ b/SOURCES/0358-posix_wrap-tweaks-in-preparation-for-libtasn1.patch @@ -0,0 +1,64 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Sat, 2 May 2020 00:27:57 +1000 +Subject: [PATCH] posix_wrap: tweaks in preparation for libtasn1 + + - Define SIZEOF_UNSIGNED_LONG_INT, it's the same as + SIZEOF_UNSIGNED_LONG. + + - Define WORD_BIT, the size in bits of an int. This is a defined + in the Single Unix Specification and in gnulib's limits.h. gnulib + assumes it's 32 bits on all our platforms, including 64 bit + platforms, so we also use that value. + + - Provide strto[u]l[l] preprocessor macros that resolve to + grub_strto[u]l[l]. To avoid gcrypt redefining strtoul, we + also define HAVE_STRTOUL here. + +Signed-off-by: Daniel Axtens +--- + grub-core/lib/posix_wrap/limits.h | 1 + + grub-core/lib/posix_wrap/stdlib.h | 8 ++++++++ + grub-core/lib/posix_wrap/sys/types.h | 1 + + 3 files changed, 10 insertions(+) + +diff --git a/grub-core/lib/posix_wrap/limits.h b/grub-core/lib/posix_wrap/limits.h +index 955295403..474a923b0 100644 +--- a/grub-core/lib/posix_wrap/limits.h ++++ b/grub-core/lib/posix_wrap/limits.h +@@ -31,5 +31,6 @@ + #define INT_MAX GRUB_INT_MAX + + #define CHAR_BIT 8 ++#define WORD_BIT 32 + + #endif +diff --git a/grub-core/lib/posix_wrap/stdlib.h b/grub-core/lib/posix_wrap/stdlib.h +index 7a8d385e9..4634db09f 100644 +--- a/grub-core/lib/posix_wrap/stdlib.h ++++ b/grub-core/lib/posix_wrap/stdlib.h +@@ -58,4 +58,12 @@ abs (int c) + return (c >= 0) ? c : -c; + } + ++#define strtol grub_strtol ++ ++/* for libgcrypt */ ++#define HAVE_STRTOUL ++#define strtoul grub_strtoul ++ ++#define strtoull grub_strtoull ++ + #endif +diff --git a/grub-core/lib/posix_wrap/sys/types.h b/grub-core/lib/posix_wrap/sys/types.h +index 854eb0122..f63412c8d 100644 +--- a/grub-core/lib/posix_wrap/sys/types.h ++++ b/grub-core/lib/posix_wrap/sys/types.h +@@ -51,6 +51,7 @@ typedef grub_uint8_t byte; + typedef grub_addr_t uintptr_t; + + #define SIZEOF_UNSIGNED_LONG GRUB_CPU_SIZEOF_LONG ++#define SIZEOF_UNSIGNED_LONG_INT GRUB_CPU_SIZEOF_LONG + #define SIZEOF_UNSIGNED_INT 4 + #define SIZEOF_UNSIGNED_LONG_LONG 8 + #define SIZEOF_UNSIGNED_SHORT 2 diff --git a/SOURCES/0359-libtasn1-import-libtasn1-4.16.0.patch b/SOURCES/0359-libtasn1-import-libtasn1-4.16.0.patch new file mode 100644 index 0000000..7a7b05d --- /dev/null +++ b/SOURCES/0359-libtasn1-import-libtasn1-4.16.0.patch @@ -0,0 +1,8934 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Wed, 10 Jun 2020 16:31:22 +1000 +Subject: [PATCH] libtasn1: import libtasn1-4.16.0 + +Import a very trimmed-down set of libtasn1 files: + +pushd /tmp +wget https://ftp.gnu.org/gnu/libtasn1/libtasn1-4.16.0.tar.gz +popd +pushd grub-core/lib +mkdir libtasn1 +cp /tmp/libtasn1-4.16.0/{README.md,LICENSE} libtasn1/ +mkdir libtasn1/lib +cp /tmp/libtasn1-4.16.0/lib/{coding.c,decoding.c,element.c,element.h,errors.c,gstr.c,gstr.h,int.h,parser_aux.c,parser_aux.h,structure.c,structure.h} libtasn1/lib +cp /tmp/libtasn1-4.16.0/lib/includes/libtasn1.h ../../include/grub/ +git add libtasn1/ ../../include/grub/libtasn1.h +popd + +Signed-off-by: Daniel Axtens +--- + grub-core/lib/libtasn1/lib/coding.c | 1415 ++++++++++++++++++ + grub-core/lib/libtasn1/lib/decoding.c | 2478 +++++++++++++++++++++++++++++++ + grub-core/lib/libtasn1/lib/element.c | 1111 ++++++++++++++ + grub-core/lib/libtasn1/lib/errors.c | 100 ++ + grub-core/lib/libtasn1/lib/gstr.c | 74 + + grub-core/lib/libtasn1/lib/parser_aux.c | 1173 +++++++++++++++ + grub-core/lib/libtasn1/lib/structure.c | 1220 +++++++++++++++ + grub-core/lib/libtasn1/lib/element.h | 40 + + grub-core/lib/libtasn1/lib/gstr.h | 47 + + grub-core/lib/libtasn1/lib/int.h | 221 +++ + grub-core/lib/libtasn1/lib/parser_aux.h | 172 +++ + grub-core/lib/libtasn1/lib/structure.h | 45 + + include/grub/libtasn1.h | 588 ++++++++ + grub-core/lib/libtasn1/LICENSE | 16 + + grub-core/lib/libtasn1/README.md | 91 ++ + 15 files changed, 8791 insertions(+) + create mode 100644 grub-core/lib/libtasn1/lib/coding.c + create mode 100644 grub-core/lib/libtasn1/lib/decoding.c + create mode 100644 grub-core/lib/libtasn1/lib/element.c + create mode 100644 grub-core/lib/libtasn1/lib/errors.c + create mode 100644 grub-core/lib/libtasn1/lib/gstr.c + create mode 100644 grub-core/lib/libtasn1/lib/parser_aux.c + create mode 100644 grub-core/lib/libtasn1/lib/structure.c + create mode 100644 grub-core/lib/libtasn1/lib/element.h + create mode 100644 grub-core/lib/libtasn1/lib/gstr.h + create mode 100644 grub-core/lib/libtasn1/lib/int.h + create mode 100644 grub-core/lib/libtasn1/lib/parser_aux.h + create mode 100644 grub-core/lib/libtasn1/lib/structure.h + create mode 100644 include/grub/libtasn1.h + create mode 100644 grub-core/lib/libtasn1/LICENSE + create mode 100644 grub-core/lib/libtasn1/README.md + +diff --git a/grub-core/lib/libtasn1/lib/coding.c b/grub-core/lib/libtasn1/lib/coding.c +new file mode 100644 +index 000000000..245ea64cf +--- /dev/null ++++ b/grub-core/lib/libtasn1/lib/coding.c +@@ -0,0 +1,1415 @@ ++/* ++ * Copyright (C) 2002-2014 Free Software Foundation, Inc. ++ * ++ * This file is part of LIBTASN1. ++ * ++ * The LIBTASN1 library is free software; you can redistribute it ++ * and/or modify it under the terms of the GNU Lesser General Public ++ * License as published by the Free Software Foundation; either ++ * version 2.1 of the License, or (at your option) any later version. ++ * ++ * This library is distributed in the hope that it will be useful, but ++ * WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ * Lesser General Public License for more details. ++ * ++ * You should have received a copy of the GNU Lesser General Public ++ * License along with this library; if not, write to the Free Software ++ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA ++ * 02110-1301, USA ++ */ ++ ++ ++/*****************************************************/ ++/* File: coding.c */ ++/* Description: Functions to create a DER coding of */ ++/* an ASN1 type. */ ++/*****************************************************/ ++ ++#include ++#include "parser_aux.h" ++#include ++#include "element.h" ++#include "minmax.h" ++#include ++ ++#define MAX_TAG_LEN 16 ++ ++/******************************************************/ ++/* Function : _asn1_error_description_value_not_found */ ++/* Description: creates the ErrorDescription string */ ++/* for the ASN1_VALUE_NOT_FOUND error. */ ++/* Parameters: */ ++/* node: node of the tree where the value is NULL. */ ++/* ErrorDescription: string returned. */ ++/* Return: */ ++/******************************************************/ ++static void ++_asn1_error_description_value_not_found (asn1_node node, ++ char *ErrorDescription) ++{ ++ ++ if (ErrorDescription == NULL) ++ return; ++ ++ Estrcpy (ErrorDescription, ":: value of element '"); ++ _asn1_hierarchical_name (node, ErrorDescription + strlen (ErrorDescription), ++ ASN1_MAX_ERROR_DESCRIPTION_SIZE - 40); ++ Estrcat (ErrorDescription, "' not found"); ++ ++} ++ ++/** ++ * asn1_length_der: ++ * @len: value to convert. ++ * @der: buffer to hold the returned encoding (may be %NULL). ++ * @der_len: number of meaningful bytes of ANS (der[0]..der[der_len-1]). ++ * ++ * Creates the DER encoding of the provided length value. ++ * The @der buffer must have enough room for the output. The maximum ++ * length this function will encode is %ASN1_MAX_LENGTH_SIZE. ++ * ++ * To know the size of the DER encoding use a %NULL value for @der. ++ **/ ++void ++asn1_length_der (unsigned long int len, unsigned char *der, int *der_len) ++{ ++ int k; ++ unsigned char temp[ASN1_MAX_LENGTH_SIZE]; ++#if SIZEOF_UNSIGNED_LONG_INT > 8 ++ len &= 0xFFFFFFFFFFFFFFFF; ++#endif ++ ++ if (len < 128) ++ { ++ /* short form */ ++ if (der != NULL) ++ der[0] = (unsigned char) len; ++ *der_len = 1; ++ } ++ else ++ { ++ /* Long form */ ++ k = 0; ++ while (len) ++ { ++ temp[k++] = len & 0xFF; ++ len = len >> 8; ++ } ++ *der_len = k + 1; ++ if (der != NULL) ++ { ++ der[0] = ((unsigned char) k & 0x7F) + 128; ++ while (k--) ++ der[*der_len - 1 - k] = temp[k]; ++ } ++ } ++} ++ ++/******************************************************/ ++/* Function : _asn1_tag_der */ ++/* Description: creates the DER coding for the CLASS */ ++/* and TAG parameters. */ ++/* It is limited by the ASN1_MAX_TAG_SIZE variable */ ++/* Parameters: */ ++/* class: value to convert. */ ++/* tag_value: value to convert. */ ++/* ans: string returned. */ ++/* ans_len: number of meaningful bytes of ANS */ ++/* (ans[0]..ans[ans_len-1]). */ ++/* Return: */ ++/******************************************************/ ++static void ++_asn1_tag_der (unsigned char class, unsigned int tag_value, ++ unsigned char ans[ASN1_MAX_TAG_SIZE], int *ans_len) ++{ ++ int k; ++ unsigned char temp[ASN1_MAX_TAG_SIZE]; ++ ++ if (tag_value < 31) ++ { ++ /* short form */ ++ ans[0] = (class & 0xE0) + ((unsigned char) (tag_value & 0x1F)); ++ *ans_len = 1; ++ } ++ else ++ { ++ /* Long form */ ++ ans[0] = (class & 0xE0) + 31; ++ k = 0; ++ while (tag_value != 0) ++ { ++ temp[k++] = tag_value & 0x7F; ++ tag_value >>= 7; ++ ++ if (k > ASN1_MAX_TAG_SIZE - 1) ++ break; /* will not encode larger tags */ ++ } ++ *ans_len = k + 1; ++ while (k--) ++ ans[*ans_len - 1 - k] = temp[k] + 128; ++ ans[*ans_len - 1] -= 128; ++ } ++} ++ ++/** ++ * asn1_octet_der: ++ * @str: the input data. ++ * @str_len: STR length (str[0]..str[*str_len-1]). ++ * @der: encoded string returned. ++ * @der_len: number of meaningful bytes of DER (der[0]..der[der_len-1]). ++ * ++ * Creates a length-value DER encoding for the input data. ++ * The DER encoding of the input data will be placed in the @der variable. ++ * ++ * Note that the OCTET STRING tag is not included in the output. ++ * ++ * This function does not return any value because it is expected ++ * that @der_len will contain enough bytes to store the string ++ * plus the DER encoding. The DER encoding size can be obtained using ++ * asn1_length_der(). ++ **/ ++void ++asn1_octet_der (const unsigned char *str, int str_len, ++ unsigned char *der, int *der_len) ++{ ++ int len_len; ++ ++ if (der == NULL || str_len < 0) ++ return; ++ ++ asn1_length_der (str_len, der, &len_len); ++ memcpy (der + len_len, str, str_len); ++ *der_len = str_len + len_len; ++} ++ ++ ++/** ++ * asn1_encode_simple_der: ++ * @etype: The type of the string to be encoded (ASN1_ETYPE_) ++ * @str: the string data. ++ * @str_len: the string length ++ * @tl: the encoded tag and length ++ * @tl_len: the bytes of the @tl field ++ * ++ * Creates the DER encoding for various simple ASN.1 types like strings etc. ++ * It stores the tag and length in @tl, which should have space for at least ++ * %ASN1_MAX_TL_SIZE bytes. Initially @tl_len should contain the size of @tl. ++ * ++ * The complete DER encoding should consist of the value in @tl appended ++ * with the provided @str. ++ * ++ * Returns: %ASN1_SUCCESS if successful or an error value. ++ **/ ++int ++asn1_encode_simple_der (unsigned int etype, const unsigned char *str, ++ unsigned int str_len, unsigned char *tl, ++ unsigned int *tl_len) ++{ ++ int tag_len, len_len; ++ unsigned tlen; ++ unsigned char der_tag[ASN1_MAX_TAG_SIZE]; ++ unsigned char der_length[ASN1_MAX_LENGTH_SIZE]; ++ unsigned char *p; ++ ++ if (str == NULL) ++ return ASN1_VALUE_NOT_VALID; ++ ++ if (ETYPE_OK (etype) == 0) ++ return ASN1_VALUE_NOT_VALID; ++ ++ /* doesn't handle constructed classes */ ++ if (ETYPE_CLASS (etype) != ASN1_CLASS_UNIVERSAL) ++ return ASN1_VALUE_NOT_VALID; ++ ++ _asn1_tag_der (ETYPE_CLASS (etype), ETYPE_TAG (etype), der_tag, &tag_len); ++ ++ asn1_length_der (str_len, der_length, &len_len); ++ ++ if (tag_len <= 0 || len_len <= 0) ++ return ASN1_VALUE_NOT_VALID; ++ ++ tlen = tag_len + len_len; ++ ++ if (*tl_len < tlen) ++ return ASN1_MEM_ERROR; ++ ++ p = tl; ++ memcpy (p, der_tag, tag_len); ++ p += tag_len; ++ memcpy (p, der_length, len_len); ++ ++ *tl_len = tlen; ++ ++ return ASN1_SUCCESS; ++} ++ ++/******************************************************/ ++/* Function : _asn1_time_der */ ++/* Description: creates the DER coding for a TIME */ ++/* type (length included). */ ++/* Parameters: */ ++/* str: TIME null-terminated string. */ ++/* der: string returned. */ ++/* der_len: number of meaningful bytes of DER */ ++/* (der[0]..der[ans_len-1]). Initially it */ ++/* if must store the lenght of DER. */ ++/* Return: */ ++/* ASN1_MEM_ERROR when DER isn't big enough */ ++/* ASN1_SUCCESS otherwise */ ++/******************************************************/ ++static int ++_asn1_time_der (unsigned char *str, int str_len, unsigned char *der, ++ int *der_len) ++{ ++ int len_len; ++ int max_len; ++ ++ if (der == NULL) ++ return ASN1_VALUE_NOT_VALID; ++ ++ max_len = *der_len; ++ ++ asn1_length_der (str_len, (max_len > 0) ? der : NULL, &len_len); ++ ++ if ((len_len + str_len) <= max_len) ++ memcpy (der + len_len, str, str_len); ++ *der_len = len_len + str_len; ++ ++ if ((*der_len) > max_len) ++ return ASN1_MEM_ERROR; ++ ++ return ASN1_SUCCESS; ++} ++ ++ ++/* ++void ++_asn1_get_utctime_der(unsigned char *der,int *der_len,unsigned char *str) ++{ ++ int len_len,str_len; ++ char temp[20]; ++ ++ if(str==NULL) return; ++ str_len=asn1_get_length_der(der,*der_len,&len_len); ++ if (str_len<0) return; ++ memcpy(temp,der+len_len,str_len); ++ *der_len=str_len+len_len; ++ switch(str_len) ++ { ++ case 11: ++ temp[10]=0; ++ strcat(temp,"00+0000"); ++ break; ++ case 13: ++ temp[12]=0; ++ strcat(temp,"+0000"); ++ break; ++ case 15: ++ temp[15]=0; ++ memmove(temp+12,temp+10,6); ++ temp[10]=temp[11]='0'; ++ break; ++ case 17: ++ temp[17]=0; ++ break; ++ default: ++ return; ++ } ++ strcpy(str,temp); ++} ++*/ ++ ++static ++void encode_val(uint64_t val, unsigned char *der, int max_len, int *der_len) ++{ ++ int first, k; ++ unsigned char bit7; ++ ++ first = 0; ++ for (k = sizeof(val); k >= 0; k--) ++ { ++ bit7 = (val >> (k * 7)) & 0x7F; ++ if (bit7 || first || !k) ++ { ++ if (k) ++ bit7 |= 0x80; ++ if (max_len > (*der_len)) ++ der[*der_len] = bit7; ++ (*der_len)++; ++ first = 1; ++ } ++ } ++} ++ ++/******************************************************/ ++/* Function : _asn1_object_id_der */ ++/* Description: creates the DER coding for an */ ++/* OBJECT IDENTIFIER type (length included). */ ++/* Parameters: */ ++/* str: OBJECT IDENTIFIER null-terminated string. */ ++/* der: string returned. */ ++/* der_len: number of meaningful bytes of DER */ ++/* (der[0]..der[ans_len-1]). Initially it */ ++/* must store the length of DER. */ ++/* Return: */ ++/* ASN1_MEM_ERROR when DER isn't big enough */ ++/* ASN1_SUCCESS if succesful */ ++/* or an error value. */ ++/******************************************************/ ++static int ++_asn1_object_id_der (const char *str, unsigned char *der, int *der_len) ++{ ++ int len_len, counter, max_len; ++ char *temp, *n_end, *n_start; ++ uint64_t val, val1 = 0; ++ int str_len = _asn1_strlen (str); ++ ++ max_len = *der_len; ++ *der_len = 0; ++ ++ if (der == NULL && max_len > 0) ++ return ASN1_VALUE_NOT_VALID; ++ ++ temp = malloc (str_len + 2); ++ if (temp == NULL) ++ return ASN1_MEM_ALLOC_ERROR; ++ ++ memcpy (temp, str, str_len); ++ temp[str_len] = '.'; ++ temp[str_len + 1] = 0; ++ ++ counter = 0; ++ n_start = temp; ++ while ((n_end = strchr (n_start, '.'))) ++ { ++ *n_end = 0; ++ val = _asn1_strtou64 (n_start, NULL, 10); ++ counter++; ++ ++ if (counter == 1) ++ { ++ val1 = val; ++ } ++ else if (counter == 2) ++ { ++ uint64_t val0; ++ ++ if (val1 > 2) ++ { ++ free(temp); ++ return ASN1_VALUE_NOT_VALID; ++ } ++ else if ((val1 == 0 || val1 == 1) && val > 39) ++ { ++ free(temp); ++ return ASN1_VALUE_NOT_VALID; ++ } ++ ++ val0 = 40 * val1 + val; ++ encode_val(val0, der, max_len, der_len); ++ } ++ else ++ { ++ encode_val(val, der, max_len, der_len); ++ } ++ n_start = n_end + 1; ++ } ++ ++ asn1_length_der (*der_len, NULL, &len_len); ++ if (max_len >= (*der_len + len_len)) ++ { ++ memmove (der + len_len, der, *der_len); ++ asn1_length_der (*der_len, der, &len_len); ++ } ++ *der_len += len_len; ++ ++ free (temp); ++ ++ if (max_len < (*der_len)) ++ return ASN1_MEM_ERROR; ++ ++ return ASN1_SUCCESS; ++} ++ ++/** ++ * asn1_object_id_der: ++ * @str: An object identifier in numeric, dot format. ++ * @der: buffer to hold the returned encoding (may be %NULL). ++ * @der_len: initially the size of @der; will hold the final size. ++ * @flags: must be zero ++ * ++ * Creates the DER encoding of the provided object identifier. ++ * ++ * Returns: %ASN1_SUCCESS if DER encoding was OK, %ASN1_VALUE_NOT_VALID ++ * if @str is not a valid OID, %ASN1_MEM_ERROR if the @der ++ * vector isn't big enough and in this case @der_len will contain the ++ * length needed. ++ **/ ++int asn1_object_id_der(const char *str, unsigned char *der, int *der_len, unsigned flags) ++{ ++ unsigned char tag_der[MAX_TAG_LEN]; ++ int tag_len = 0, r; ++ int max_len = *der_len; ++ ++ *der_len = 0; ++ ++ _asn1_tag_der (ETYPE_CLASS (ASN1_ETYPE_OBJECT_ID), ETYPE_TAG (ASN1_ETYPE_OBJECT_ID), ++ tag_der, &tag_len); ++ ++ if (max_len > tag_len) ++ { ++ memcpy(der, tag_der, tag_len); ++ } ++ max_len -= tag_len; ++ der += tag_len; ++ ++ r = _asn1_object_id_der (str, der, &max_len); ++ if (r == ASN1_MEM_ERROR || r == ASN1_SUCCESS) ++ { ++ *der_len = max_len + tag_len; ++ } ++ ++ return r; ++} ++ ++static const unsigned char bit_mask[] = ++ { 0xFF, 0xFE, 0xFC, 0xF8, 0xF0, 0xE0, 0xC0, 0x80 }; ++ ++/** ++ * asn1_bit_der: ++ * @str: BIT string. ++ * @bit_len: number of meaningful bits in STR. ++ * @der: string returned. ++ * @der_len: number of meaningful bytes of DER ++ * (der[0]..der[ans_len-1]). ++ * ++ * Creates a length-value DER encoding for the input data ++ * as it would have been for a BIT STRING. ++ * The DER encoded data will be copied in @der. ++ * ++ * Note that the BIT STRING tag is not included in the output. ++ * ++ * This function does not return any value because it is expected ++ * that @der_len will contain enough bytes to store the string ++ * plus the DER encoding. The DER encoding size can be obtained using ++ * asn1_length_der(). ++ **/ ++void ++asn1_bit_der (const unsigned char *str, int bit_len, ++ unsigned char *der, int *der_len) ++{ ++ int len_len, len_byte, len_pad; ++ ++ if (der == NULL) ++ return; ++ ++ len_byte = bit_len >> 3; ++ len_pad = 8 - (bit_len & 7); ++ if (len_pad == 8) ++ len_pad = 0; ++ else ++ len_byte++; ++ asn1_length_der (len_byte + 1, der, &len_len); ++ der[len_len] = len_pad; ++ ++ if (str) ++ memcpy (der + len_len + 1, str, len_byte); ++ der[len_len + len_byte] &= bit_mask[len_pad]; ++ *der_len = len_byte + len_len + 1; ++} ++ ++ ++/******************************************************/ ++/* Function : _asn1_complete_explicit_tag */ ++/* Description: add the length coding to the EXPLICIT */ ++/* tags. */ ++/* Parameters: */ ++/* node: pointer to the tree element. */ ++/* der: string with the DER coding of the whole tree*/ ++/* counter: number of meaningful bytes of DER */ ++/* (der[0]..der[*counter-1]). */ ++/* max_len: size of der vector */ ++/* Return: */ ++/* ASN1_MEM_ERROR if der vector isn't big enough, */ ++/* otherwise ASN1_SUCCESS. */ ++/******************************************************/ ++static int ++_asn1_complete_explicit_tag (asn1_node node, unsigned char *der, ++ int *counter, int *max_len) ++{ ++ asn1_node p; ++ int is_tag_implicit, len2, len3; ++ unsigned char temp[SIZEOF_UNSIGNED_INT]; ++ ++ if (der == NULL && *max_len > 0) ++ return ASN1_VALUE_NOT_VALID; ++ ++ is_tag_implicit = 0; ++ ++ if (node->type & CONST_TAG) ++ { ++ p = node->down; ++ if (p == NULL) ++ return ASN1_DER_ERROR; ++ /* When there are nested tags we must complete them reverse to ++ the order they were created. This is because completing a tag ++ modifies all data within it, including the incomplete tags ++ which store buffer positions -- simon@josefsson.org 2002-09-06 ++ */ ++ while (p->right) ++ p = p->right; ++ while (p && p != node->down->left) ++ { ++ if (type_field (p->type) == ASN1_ETYPE_TAG) ++ { ++ if (p->type & CONST_EXPLICIT) ++ { ++ len2 = strtol (p->name, NULL, 10); ++ _asn1_set_name (p, NULL); ++ ++ asn1_length_der (*counter - len2, temp, &len3); ++ if (len3 <= (*max_len)) ++ { ++ memmove (der + len2 + len3, der + len2, ++ *counter - len2); ++ memcpy (der + len2, temp, len3); ++ } ++ *max_len -= len3; ++ *counter += len3; ++ is_tag_implicit = 0; ++ } ++ else ++ { /* CONST_IMPLICIT */ ++ if (!is_tag_implicit) ++ { ++ is_tag_implicit = 1; ++ } ++ } ++ } ++ p = p->left; ++ } ++ } ++ ++ if (*max_len < 0) ++ return ASN1_MEM_ERROR; ++ ++ return ASN1_SUCCESS; ++} ++ ++const tag_and_class_st _asn1_tags[] = { ++ [ASN1_ETYPE_GENERALSTRING] = ++ {ASN1_TAG_GENERALSTRING, ASN1_CLASS_UNIVERSAL, "type:GENERALSTRING"}, ++ [ASN1_ETYPE_NUMERIC_STRING] = ++ {ASN1_TAG_NUMERIC_STRING, ASN1_CLASS_UNIVERSAL, "type:NUMERIC_STR"}, ++ [ASN1_ETYPE_IA5_STRING] = ++ {ASN1_TAG_IA5_STRING, ASN1_CLASS_UNIVERSAL, "type:IA5_STR"}, ++ [ASN1_ETYPE_TELETEX_STRING] = ++ {ASN1_TAG_TELETEX_STRING, ASN1_CLASS_UNIVERSAL, "type:TELETEX_STR"}, ++ [ASN1_ETYPE_PRINTABLE_STRING] = ++ {ASN1_TAG_PRINTABLE_STRING, ASN1_CLASS_UNIVERSAL, "type:PRINTABLE_STR"}, ++ [ASN1_ETYPE_UNIVERSAL_STRING] = ++ {ASN1_TAG_UNIVERSAL_STRING, ASN1_CLASS_UNIVERSAL, "type:UNIVERSAL_STR"}, ++ [ASN1_ETYPE_BMP_STRING] = ++ {ASN1_TAG_BMP_STRING, ASN1_CLASS_UNIVERSAL, "type:BMP_STR"}, ++ [ASN1_ETYPE_UTF8_STRING] = ++ {ASN1_TAG_UTF8_STRING, ASN1_CLASS_UNIVERSAL, "type:UTF8_STR"}, ++ [ASN1_ETYPE_VISIBLE_STRING] = ++ {ASN1_TAG_VISIBLE_STRING, ASN1_CLASS_UNIVERSAL, "type:VISIBLE_STR"}, ++ [ASN1_ETYPE_OCTET_STRING] = ++ {ASN1_TAG_OCTET_STRING, ASN1_CLASS_UNIVERSAL, "type:OCT_STR"}, ++ [ASN1_ETYPE_BIT_STRING] = ++ {ASN1_TAG_BIT_STRING, ASN1_CLASS_UNIVERSAL, "type:BIT_STR"}, ++ [ASN1_ETYPE_OBJECT_ID] = ++ {ASN1_TAG_OBJECT_ID, ASN1_CLASS_UNIVERSAL, "type:OBJ_ID"}, ++ [ASN1_ETYPE_NULL] = {ASN1_TAG_NULL, ASN1_CLASS_UNIVERSAL, "type:NULL"}, ++ [ASN1_ETYPE_BOOLEAN] = ++ {ASN1_TAG_BOOLEAN, ASN1_CLASS_UNIVERSAL, "type:BOOLEAN"}, ++ [ASN1_ETYPE_INTEGER] = ++ {ASN1_TAG_INTEGER, ASN1_CLASS_UNIVERSAL, "type:INTEGER"}, ++ [ASN1_ETYPE_ENUMERATED] = ++ {ASN1_TAG_ENUMERATED, ASN1_CLASS_UNIVERSAL, "type:ENUMERATED"}, ++ [ASN1_ETYPE_SEQUENCE] = ++ {ASN1_TAG_SEQUENCE, ASN1_CLASS_UNIVERSAL | ASN1_CLASS_STRUCTURED, ++ "type:SEQUENCE"}, ++ [ASN1_ETYPE_SEQUENCE_OF] = ++ {ASN1_TAG_SEQUENCE, ASN1_CLASS_UNIVERSAL | ASN1_CLASS_STRUCTURED, ++ "type:SEQ_OF"}, ++ [ASN1_ETYPE_SET] = ++ {ASN1_TAG_SET, ASN1_CLASS_UNIVERSAL | ASN1_CLASS_STRUCTURED, "type:SET"}, ++ [ASN1_ETYPE_SET_OF] = ++ {ASN1_TAG_SET, ASN1_CLASS_UNIVERSAL | ASN1_CLASS_STRUCTURED, ++ "type:SET_OF"}, ++ [ASN1_ETYPE_GENERALIZED_TIME] = ++ {ASN1_TAG_GENERALIZEDTime, ASN1_CLASS_UNIVERSAL, "type:GENERALIZED_TIME"}, ++ [ASN1_ETYPE_UTC_TIME] = ++ {ASN1_TAG_UTCTime, ASN1_CLASS_UNIVERSAL, "type:UTC_TIME"}, ++}; ++ ++unsigned int _asn1_tags_size = sizeof (_asn1_tags) / sizeof (_asn1_tags[0]); ++ ++/******************************************************/ ++/* Function : _asn1_insert_tag_der */ ++/* Description: creates the DER coding of tags of one */ ++/* NODE. */ ++/* Parameters: */ ++/* node: pointer to the tree element. */ ++/* der: string returned */ ++/* counter: number of meaningful bytes of DER */ ++/* (counter[0]..der[*counter-1]). */ ++/* max_len: size of der vector */ ++/* Return: */ ++/* ASN1_GENERIC_ERROR if the type is unknown, */ ++/* ASN1_MEM_ERROR if der vector isn't big enough, */ ++/* otherwise ASN1_SUCCESS. */ ++/******************************************************/ ++static int ++_asn1_insert_tag_der (asn1_node node, unsigned char *der, int *counter, ++ int *max_len) ++{ ++ asn1_node p; ++ int tag_len, is_tag_implicit; ++ unsigned char class, class_implicit = 0, temp[MAX(SIZEOF_UNSIGNED_INT * 3 + 1, LTOSTR_MAX_SIZE)]; ++ unsigned long tag_implicit = 0; ++ unsigned char tag_der[MAX_TAG_LEN]; ++ ++ is_tag_implicit = 0; ++ ++ if (node->type & CONST_TAG) ++ { ++ p = node->down; ++ while (p) ++ { ++ if (type_field (p->type) == ASN1_ETYPE_TAG) ++ { ++ if (p->type & CONST_APPLICATION) ++ class = ASN1_CLASS_APPLICATION; ++ else if (p->type & CONST_UNIVERSAL) ++ class = ASN1_CLASS_UNIVERSAL; ++ else if (p->type & CONST_PRIVATE) ++ class = ASN1_CLASS_PRIVATE; ++ else ++ class = ASN1_CLASS_CONTEXT_SPECIFIC; ++ ++ if (p->type & CONST_EXPLICIT) ++ { ++ if (is_tag_implicit) ++ _asn1_tag_der (class_implicit, tag_implicit, tag_der, ++ &tag_len); ++ else ++ _asn1_tag_der (class | ASN1_CLASS_STRUCTURED, ++ _asn1_strtoul (p->value, NULL, 10), ++ tag_der, &tag_len); ++ ++ *max_len -= tag_len; ++ if (der && *max_len >= 0) ++ memcpy (der + *counter, tag_der, tag_len); ++ *counter += tag_len; ++ ++ _asn1_ltostr (*counter, (char *) temp); ++ _asn1_set_name (p, (const char *) temp); ++ ++ is_tag_implicit = 0; ++ } ++ else ++ { /* CONST_IMPLICIT */ ++ if (!is_tag_implicit) ++ { ++ if ((type_field (node->type) == ASN1_ETYPE_SEQUENCE) || ++ (type_field (node->type) == ASN1_ETYPE_SEQUENCE_OF) ++ || (type_field (node->type) == ASN1_ETYPE_SET) ++ || (type_field (node->type) == ASN1_ETYPE_SET_OF)) ++ class |= ASN1_CLASS_STRUCTURED; ++ class_implicit = class; ++ tag_implicit = _asn1_strtoul (p->value, NULL, 10); ++ is_tag_implicit = 1; ++ } ++ } ++ } ++ p = p->right; ++ } ++ } ++ ++ if (is_tag_implicit) ++ { ++ _asn1_tag_der (class_implicit, tag_implicit, tag_der, &tag_len); ++ } ++ else ++ { ++ unsigned type = type_field (node->type); ++ switch (type) ++ { ++ CASE_HANDLED_ETYPES: ++ _asn1_tag_der (_asn1_tags[type].class, _asn1_tags[type].tag, ++ tag_der, &tag_len); ++ break; ++ case ASN1_ETYPE_TAG: ++ case ASN1_ETYPE_CHOICE: ++ case ASN1_ETYPE_ANY: ++ tag_len = 0; ++ break; ++ default: ++ return ASN1_GENERIC_ERROR; ++ } ++ } ++ ++ *max_len -= tag_len; ++ if (der && *max_len >= 0) ++ memcpy (der + *counter, tag_der, tag_len); ++ *counter += tag_len; ++ ++ if (*max_len < 0) ++ return ASN1_MEM_ERROR; ++ ++ return ASN1_SUCCESS; ++} ++ ++/******************************************************/ ++/* Function : _asn1_ordering_set */ ++/* Description: puts the elements of a SET type in */ ++/* the correct order according to DER rules. */ ++/* Parameters: */ ++/* der: string with the DER coding. */ ++/* node: pointer to the SET element. */ ++/* Return: */ ++/* ASN1_SUCCESS if successful */ ++/* or an error value. */ ++/******************************************************/ ++static int ++_asn1_ordering_set (unsigned char *der, int der_len, asn1_node node) ++{ ++ struct vet ++ { ++ int end; ++ unsigned long value; ++ struct vet *next, *prev; ++ }; ++ ++ int counter, len, len2; ++ struct vet *first, *last, *p_vet, *p2_vet; ++ asn1_node p; ++ unsigned char class, *temp; ++ unsigned long tag, t; ++ int err; ++ ++ counter = 0; ++ ++ if (type_field (node->type) != ASN1_ETYPE_SET) ++ return ASN1_VALUE_NOT_VALID; ++ ++ p = node->down; ++ while (p && ((type_field (p->type) == ASN1_ETYPE_TAG) || ++ (type_field (p->type) == ASN1_ETYPE_SIZE))) ++ p = p->right; ++ ++ if ((p == NULL) || (p->right == NULL)) ++ return ASN1_SUCCESS; ++ ++ first = last = NULL; ++ while (p) ++ { ++ p_vet = malloc (sizeof (struct vet)); ++ if (p_vet == NULL) ++ { ++ err = ASN1_MEM_ALLOC_ERROR; ++ goto error; ++ } ++ ++ p_vet->next = NULL; ++ p_vet->prev = last; ++ if (first == NULL) ++ first = p_vet; ++ else ++ last->next = p_vet; ++ last = p_vet; ++ ++ /* tag value calculation */ ++ err = asn1_get_tag_der (der + counter, der_len - counter, &class, &len2, ++ &tag); ++ if (err != ASN1_SUCCESS) ++ goto error; ++ ++ t = ((unsigned int)class) << 24; ++ p_vet->value = t | tag; ++ counter += len2; ++ ++ /* extraction and length */ ++ len2 = asn1_get_length_der (der + counter, der_len - counter, &len); ++ if (len2 < 0) ++ { ++ err = ASN1_DER_ERROR; ++ goto error; ++ } ++ counter += len + len2; ++ ++ p_vet->end = counter; ++ p = p->right; ++ } ++ ++ p_vet = first; ++ ++ while (p_vet) ++ { ++ p2_vet = p_vet->next; ++ counter = 0; ++ while (p2_vet) ++ { ++ if (p_vet->value > p2_vet->value) ++ { ++ /* change position */ ++ temp = malloc (p_vet->end - counter); ++ if (temp == NULL) ++ { ++ err = ASN1_MEM_ALLOC_ERROR; ++ goto error; ++ } ++ ++ memcpy (temp, der + counter, p_vet->end - counter); ++ memcpy (der + counter, der + p_vet->end, ++ p2_vet->end - p_vet->end); ++ memcpy (der + counter + p2_vet->end - p_vet->end, temp, ++ p_vet->end - counter); ++ free (temp); ++ ++ tag = p_vet->value; ++ p_vet->value = p2_vet->value; ++ p2_vet->value = tag; ++ ++ p_vet->end = counter + (p2_vet->end - p_vet->end); ++ } ++ counter = p_vet->end; ++ ++ p2_vet = p2_vet->next; ++ p_vet = p_vet->next; ++ } ++ ++ if (p_vet != first) ++ p_vet->prev->next = NULL; ++ else ++ first = NULL; ++ free (p_vet); ++ p_vet = first; ++ } ++ return ASN1_SUCCESS; ++ ++error: ++ while (first != NULL) ++ { ++ p_vet = first; ++ first = first->next; ++ free(p_vet); ++ } ++ return err; ++} ++ ++struct vet ++{ ++ unsigned char *ptr; ++ int size; ++}; ++ ++static int setof_compar(const void *_e1, const void *_e2) ++{ ++ unsigned length; ++ const struct vet *e1 = _e1, *e2 = _e2; ++ int rval; ++ ++ /* The encodings of the component values of a set-of value shall ++ * appear in ascending order, the encodings being compared ++ * as octet strings with the shorter components being ++ * padded at their trailing end with 0-octets. ++ * The padding octets are for comparison purposes and ++ * do not appear in the encodings. ++ */ ++ length = MIN(e1->size, e2->size); ++ ++ rval = memcmp(e1->ptr, e2->ptr, length); ++ if (rval == 0 && e1->size != e2->size) ++ { ++ if (e1->size > e2->size) ++ rval = 1; ++ else if (e2->size > e1->size) ++ rval = -1; ++ } ++ ++ return rval; ++} ++ ++/******************************************************/ ++/* Function : _asn1_ordering_set_of */ ++/* Description: puts the elements of a SET OF type in */ ++/* the correct order according to DER rules. */ ++/* Parameters: */ ++/* der: string with the DER coding. */ ++/* node: pointer to the SET OF element. */ ++/* Return: */ ++/* ASN1_SUCCESS if successful */ ++/* or an error value. */ ++/******************************************************/ ++static int ++_asn1_ordering_set_of (unsigned char *der, int der_len, asn1_node node) ++{ ++ int counter, len, len2; ++ struct vet *list = NULL, *tlist; ++ unsigned list_size = 0; ++ struct vet *p_vet; ++ asn1_node p; ++ unsigned char class; ++ unsigned i; ++ unsigned char *out = NULL; ++ int err; ++ ++ if (der == NULL) ++ return ASN1_VALUE_NOT_VALID; ++ ++ counter = 0; ++ ++ if (type_field (node->type) != ASN1_ETYPE_SET_OF) ++ return ASN1_VALUE_NOT_VALID; ++ ++ p = node->down; ++ while (p && ((type_field (p->type) == ASN1_ETYPE_TAG) || ++ (type_field (p->type) == ASN1_ETYPE_SIZE))) ++ p = p->right; ++ if (p == NULL) ++ return ASN1_VALUE_NOT_VALID; ++ p = p->right; ++ ++ if ((p == NULL) || (p->right == NULL)) ++ return ASN1_SUCCESS; ++ ++ while (p) ++ { ++ list_size++; ++ tlist = realloc (list, list_size*sizeof(struct vet)); ++ if (tlist == NULL) ++ { ++ err = ASN1_MEM_ALLOC_ERROR; ++ goto error; ++ } ++ list = tlist; ++ p_vet = &list[list_size-1]; ++ ++ p_vet->ptr = der+counter; ++ p_vet->size = 0; ++ ++ /* extraction of tag and length */ ++ if (der_len - counter > 0) ++ { ++ err = asn1_get_tag_der (der + counter, der_len - counter, &class, ++ &len, NULL); ++ if (err != ASN1_SUCCESS) ++ goto error; ++ counter += len; ++ p_vet->size += len; ++ ++ len2 = asn1_get_length_der (der + counter, der_len - counter, &len); ++ if (len2 < 0) ++ { ++ err = ASN1_DER_ERROR; ++ goto error; ++ } ++ counter += len + len2; ++ p_vet->size += len + len2; ++ ++ } ++ else ++ { ++ err = ASN1_DER_ERROR; ++ goto error; ++ } ++ p = p->right; ++ } ++ ++ if (counter > der_len) ++ { ++ err = ASN1_DER_ERROR; ++ goto error; ++ } ++ ++ qsort(list, list_size, sizeof(struct vet), setof_compar); ++ ++ out = malloc(der_len); ++ if (out == NULL) ++ { ++ err = ASN1_MEM_ERROR; ++ goto error; ++ } ++ ++ /* the sum of p_vet->size == der_len */ ++ counter = 0; ++ for (i = 0; i < list_size; i++) ++ { ++ p_vet = &list[i]; ++ memcpy(out+counter, p_vet->ptr, p_vet->size); ++ counter += p_vet->size; ++ } ++ memcpy(der, out, der_len); ++ free(out); ++ ++ err = ASN1_SUCCESS; ++ ++error: ++ free(list); ++ return err; ++} ++ ++/** ++ * asn1_der_coding: ++ * @element: pointer to an ASN1 element ++ * @name: the name of the structure you want to encode (it must be ++ * inside *POINTER). ++ * @ider: vector that will contain the DER encoding. DER must be a ++ * pointer to memory cells already allocated. ++ * @len: number of bytes of *@ider: @ider[0]..@ider[len-1], Initialy ++ * holds the sizeof of der vector. ++ * @ErrorDescription: return the error description or an empty ++ * string if success. ++ * ++ * Creates the DER encoding for the NAME structure (inside *POINTER ++ * structure). ++ * ++ * Returns: %ASN1_SUCCESS if DER encoding OK, %ASN1_ELEMENT_NOT_FOUND ++ * if @name is not a valid element, %ASN1_VALUE_NOT_FOUND if there ++ * is an element without a value, %ASN1_MEM_ERROR if the @ider ++ * vector isn't big enough and in this case @len will contain the ++ * length needed. ++ **/ ++int ++asn1_der_coding (asn1_node_const element, const char *name, void *ider, int *len, ++ char *ErrorDescription) ++{ ++ asn1_node node, p, p2; ++ unsigned char temp[MAX(LTOSTR_MAX_SIZE, SIZEOF_UNSIGNED_LONG_INT * 3 + 1)]; ++ int counter, counter_old, len2, len3, move, max_len, max_len_old; ++ int err; ++ unsigned char *der = ider; ++ ++ if (ErrorDescription) ++ ErrorDescription[0] = 0; ++ ++ node = asn1_find_node (element, name); ++ if (node == NULL) ++ return ASN1_ELEMENT_NOT_FOUND; ++ ++ /* Node is now a locally allocated variable. ++ * That is because in some point we modify the ++ * structure, and I don't know why! --nmav ++ */ ++ node = _asn1_copy_structure3 (node); ++ if (node == NULL) ++ return ASN1_ELEMENT_NOT_FOUND; ++ ++ max_len = *len; ++ ++ if (der == NULL && max_len > 0) ++ return ASN1_VALUE_NOT_VALID; ++ ++ counter = 0; ++ move = DOWN; ++ p = node; ++ ++ while (1) ++ { ++ ++ counter_old = counter; ++ max_len_old = max_len; ++ if (move != UP) ++ { ++ p->start = counter; ++ err = _asn1_insert_tag_der (p, der, &counter, &max_len); ++ if (err != ASN1_SUCCESS && err != ASN1_MEM_ERROR) ++ goto error; ++ } ++ switch (type_field (p->type)) ++ { ++ case ASN1_ETYPE_NULL: ++ max_len--; ++ if (der != NULL && max_len >= 0) ++ der[counter] = 0; ++ counter++; ++ move = RIGHT; ++ break; ++ case ASN1_ETYPE_BOOLEAN: ++ if ((p->type & CONST_DEFAULT) && (p->value == NULL)) ++ { ++ counter = counter_old; ++ max_len = max_len_old; ++ } ++ else ++ { ++ if (p->value == NULL) ++ { ++ _asn1_error_description_value_not_found (p, ++ ErrorDescription); ++ err = ASN1_VALUE_NOT_FOUND; ++ goto error; ++ } ++ max_len -= 2; ++ if (der != NULL && max_len >= 0) ++ { ++ der[counter++] = 1; ++ if (p->value[0] == 'F') ++ der[counter++] = 0; ++ else ++ der[counter++] = 0xFF; ++ } ++ else ++ counter += 2; ++ } ++ move = RIGHT; ++ break; ++ case ASN1_ETYPE_INTEGER: ++ case ASN1_ETYPE_ENUMERATED: ++ if ((p->type & CONST_DEFAULT) && (p->value == NULL)) ++ { ++ counter = counter_old; ++ max_len = max_len_old; ++ } ++ else ++ { ++ if (p->value == NULL) ++ { ++ _asn1_error_description_value_not_found (p, ++ ErrorDescription); ++ err = ASN1_VALUE_NOT_FOUND; ++ goto error; ++ } ++ len2 = asn1_get_length_der (p->value, p->value_len, &len3); ++ if (len2 < 0) ++ { ++ err = ASN1_DER_ERROR; ++ goto error; ++ } ++ max_len -= len2 + len3; ++ if (der != NULL && max_len >= 0) ++ memcpy (der + counter, p->value, len3 + len2); ++ counter += len3 + len2; ++ } ++ move = RIGHT; ++ break; ++ case ASN1_ETYPE_OBJECT_ID: ++ if ((p->type & CONST_DEFAULT) && (p->value == NULL)) ++ { ++ counter = counter_old; ++ max_len = max_len_old; ++ } ++ else ++ { ++ if (p->value == NULL) ++ { ++ _asn1_error_description_value_not_found (p, ++ ErrorDescription); ++ err = ASN1_VALUE_NOT_FOUND; ++ goto error; ++ } ++ len2 = max_len; ++ err = _asn1_object_id_der ((char*)p->value, der + counter, &len2); ++ if (err != ASN1_SUCCESS && err != ASN1_MEM_ERROR) ++ goto error; ++ ++ max_len -= len2; ++ counter += len2; ++ } ++ move = RIGHT; ++ break; ++ case ASN1_ETYPE_GENERALIZED_TIME: ++ case ASN1_ETYPE_UTC_TIME: ++ if (p->value == NULL) ++ { ++ _asn1_error_description_value_not_found (p, ErrorDescription); ++ err = ASN1_VALUE_NOT_FOUND; ++ goto error; ++ } ++ len2 = max_len; ++ err = _asn1_time_der (p->value, p->value_len, der + counter, &len2); ++ if (err != ASN1_SUCCESS && err != ASN1_MEM_ERROR) ++ goto error; ++ ++ max_len -= len2; ++ counter += len2; ++ move = RIGHT; ++ break; ++ case ASN1_ETYPE_OCTET_STRING: ++ case ASN1_ETYPE_GENERALSTRING: ++ case ASN1_ETYPE_NUMERIC_STRING: ++ case ASN1_ETYPE_IA5_STRING: ++ case ASN1_ETYPE_TELETEX_STRING: ++ case ASN1_ETYPE_PRINTABLE_STRING: ++ case ASN1_ETYPE_UNIVERSAL_STRING: ++ case ASN1_ETYPE_BMP_STRING: ++ case ASN1_ETYPE_UTF8_STRING: ++ case ASN1_ETYPE_VISIBLE_STRING: ++ case ASN1_ETYPE_BIT_STRING: ++ if (p->value == NULL) ++ { ++ _asn1_error_description_value_not_found (p, ErrorDescription); ++ err = ASN1_VALUE_NOT_FOUND; ++ goto error; ++ } ++ len2 = asn1_get_length_der (p->value, p->value_len, &len3); ++ if (len2 < 0) ++ { ++ err = ASN1_DER_ERROR; ++ goto error; ++ } ++ max_len -= len2 + len3; ++ if (der != NULL && max_len >= 0) ++ memcpy (der + counter, p->value, len3 + len2); ++ counter += len3 + len2; ++ move = RIGHT; ++ break; ++ case ASN1_ETYPE_SEQUENCE: ++ case ASN1_ETYPE_SET: ++ if (move != UP) ++ { ++ p->tmp_ival = counter; ++ if (p->down == NULL) ++ { ++ move = UP; ++ continue; ++ } ++ else ++ { ++ p2 = p->down; ++ while (p2 && (type_field (p2->type) == ASN1_ETYPE_TAG)) ++ p2 = p2->right; ++ if (p2) ++ { ++ p = p2; ++ move = RIGHT; ++ continue; ++ } ++ move = UP; ++ continue; ++ } ++ } ++ else ++ { /* move==UP */ ++ len2 = p->tmp_ival; ++ p->tmp_ival = 0; ++ if ((type_field (p->type) == ASN1_ETYPE_SET) && (max_len >= 0)) ++ { ++ err = _asn1_ordering_set (der + len2, counter - len2, p); ++ if (err != ASN1_SUCCESS) ++ goto error; ++ } ++ asn1_length_der (counter - len2, temp, &len3); ++ max_len -= len3; ++ if (der != NULL && max_len >= 0) ++ { ++ memmove (der + len2 + len3, der + len2, counter - len2); ++ memcpy (der + len2, temp, len3); ++ } ++ counter += len3; ++ move = RIGHT; ++ } ++ break; ++ case ASN1_ETYPE_SEQUENCE_OF: ++ case ASN1_ETYPE_SET_OF: ++ if (move != UP) ++ { ++ p->tmp_ival = counter; ++ p = p->down; ++ while ((type_field (p->type) == ASN1_ETYPE_TAG) ++ || (type_field (p->type) == ASN1_ETYPE_SIZE)) ++ p = p->right; ++ if (p->right) ++ { ++ p = p->right; ++ move = RIGHT; ++ continue; ++ } ++ else ++ p = _asn1_find_up (p); ++ move = UP; ++ } ++ if (move == UP) ++ { ++ len2 = p->tmp_ival; ++ p->tmp_ival = 0; ++ if ((type_field (p->type) == ASN1_ETYPE_SET_OF) ++ && (counter - len2 > 0) && (max_len >= 0)) ++ { ++ err = _asn1_ordering_set_of (der + len2, counter - len2, p); ++ if (err != ASN1_SUCCESS) ++ goto error; ++ } ++ asn1_length_der (counter - len2, temp, &len3); ++ max_len -= len3; ++ if (der != NULL && max_len >= 0) ++ { ++ memmove (der + len2 + len3, der + len2, counter - len2); ++ memcpy (der + len2, temp, len3); ++ } ++ counter += len3; ++ move = RIGHT; ++ } ++ break; ++ case ASN1_ETYPE_ANY: ++ if (p->value == NULL) ++ { ++ _asn1_error_description_value_not_found (p, ErrorDescription); ++ err = ASN1_VALUE_NOT_FOUND; ++ goto error; ++ } ++ len2 = asn1_get_length_der (p->value, p->value_len, &len3); ++ if (len2 < 0) ++ { ++ err = ASN1_DER_ERROR; ++ goto error; ++ } ++ max_len -= len2; ++ if (der != NULL && max_len >= 0) ++ memcpy (der + counter, p->value + len3, len2); ++ counter += len2; ++ move = RIGHT; ++ break; ++ default: ++ move = (move == UP) ? RIGHT : DOWN; ++ break; ++ } ++ ++ if ((move != DOWN) && (counter != counter_old)) ++ { ++ p->end = counter - 1; ++ err = _asn1_complete_explicit_tag (p, der, &counter, &max_len); ++ if (err != ASN1_SUCCESS && err != ASN1_MEM_ERROR) ++ goto error; ++ } ++ ++ if (p == node && move != DOWN) ++ break; ++ ++ if (move == DOWN) ++ { ++ if (p->down) ++ p = p->down; ++ else ++ move = RIGHT; ++ } ++ if (move == RIGHT) ++ { ++ if (p->right) ++ p = p->right; ++ else ++ move = UP; ++ } ++ if (move == UP) ++ p = _asn1_find_up (p); ++ } ++ ++ *len = counter; ++ ++ if (max_len < 0) ++ { ++ err = ASN1_MEM_ERROR; ++ goto error; ++ } ++ ++ err = ASN1_SUCCESS; ++ ++error: ++ asn1_delete_structure (&node); ++ return err; ++} +diff --git a/grub-core/lib/libtasn1/lib/decoding.c b/grub-core/lib/libtasn1/lib/decoding.c +new file mode 100644 +index 000000000..ff04eb778 +--- /dev/null ++++ b/grub-core/lib/libtasn1/lib/decoding.c +@@ -0,0 +1,2478 @@ ++/* ++ * Copyright (C) 2002-2016 Free Software Foundation, Inc. ++ * ++ * This file is part of LIBTASN1. ++ * ++ * The LIBTASN1 library is free software; you can redistribute it ++ * and/or modify it under the terms of the GNU Lesser General Public ++ * License as published by the Free Software Foundation; either ++ * version 2.1 of the License, or (at your option) any later version. ++ * ++ * This library is distributed in the hope that it will be useful, but ++ * WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ * Lesser General Public License for more details. ++ * ++ * You should have received a copy of the GNU Lesser General Public ++ * License along with this library; if not, write to the Free Software ++ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA ++ * 02110-1301, USA ++ */ ++ ++ ++/*****************************************************/ ++/* File: decoding.c */ ++/* Description: Functions to manage DER decoding */ ++/*****************************************************/ ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++#ifdef DEBUG ++# define warn() fprintf(stderr, "%s: %d\n", __func__, __LINE__) ++#else ++# define warn() ++#endif ++ ++#define IS_ERR(len, flags) (len < -1 || ((flags & ASN1_DECODE_FLAG_STRICT_DER) && len < 0)) ++ ++#define HAVE_TWO(x) (x>=2?1:0) ++ ++/* Decoding flags (dflags) used in several decoding functions. ++ * DECODE_FLAG_HAVE_TAG: The provided buffer includes a tag ++ * DECODE_FLAG_CONSTRUCTED: The provided buffer is of indefinite encoding (useful ++ * when no tags are present). ++ * DECODE_FLAG_LEVEL1: Internal flag to indicate a level of recursion for BER strings. ++ * DECODE_FLAG_LEVEL2: Internal flag to indicate two levels of recursion for BER strings. ++ * DECODE_FLAG_LEVEL3: Internal flag to indicate three levels of recursion for BER strings. ++ * This is the maximum levels of recursion possible to prevent stack ++ * exhaustion. ++ */ ++ ++#define DECODE_FLAG_HAVE_TAG 1 ++#define DECODE_FLAG_CONSTRUCTED (1<<1) ++#define DECODE_FLAG_LEVEL1 (1<<2) ++#define DECODE_FLAG_LEVEL2 (1<<3) ++#define DECODE_FLAG_LEVEL3 (1<<4) ++ ++#define DECR_LEN(l, s) do { \ ++ l -= s; \ ++ if (l < 0) { \ ++ warn(); \ ++ result = ASN1_DER_ERROR; \ ++ goto cleanup; \ ++ } \ ++ } while (0) ++ ++static int ++_asn1_get_indefinite_length_string (const unsigned char *der, int der_len, int *len); ++ ++static int ++_asn1_decode_simple_ber (unsigned int etype, const unsigned char *der, ++ unsigned int _der_len, unsigned char **str, ++ unsigned int *str_len, unsigned int *ber_len, ++ unsigned dflags); ++ ++static int ++_asn1_decode_simple_der (unsigned int etype, const unsigned char *der, ++ unsigned int _der_len, const unsigned char **str, ++ unsigned int *str_len, unsigned dflags); ++ ++static void ++_asn1_error_description_tag_error (asn1_node node, char *ErrorDescription) ++{ ++ ++ Estrcpy (ErrorDescription, ":: tag error near element '"); ++ _asn1_hierarchical_name (node, ErrorDescription + strlen (ErrorDescription), ++ ASN1_MAX_ERROR_DESCRIPTION_SIZE - 40); ++ Estrcat (ErrorDescription, "'"); ++ ++} ++ ++/** ++ * asn1_get_length_der: ++ * @der: DER data to decode. ++ * @der_len: Length of DER data to decode. ++ * @len: Output variable containing the length of the DER length field. ++ * ++ * Extract a length field from DER data. ++ * ++ * Returns: Return the decoded length value, or -1 on indefinite ++ * length, or -2 when the value was too big to fit in a int, or -4 ++ * when the decoded length value plus @len would exceed @der_len. ++ **/ ++long ++asn1_get_length_der (const unsigned char *der, int der_len, int *len) ++{ ++ unsigned int ans; ++ int k, punt, sum; ++ ++ *len = 0; ++ if (der_len <= 0) ++ return 0; ++ ++ if (!(der[0] & 128)) ++ { ++ /* short form */ ++ *len = 1; ++ ans = der[0]; ++ } ++ else ++ { ++ /* Long form */ ++ k = der[0] & 0x7F; ++ punt = 1; ++ if (k) ++ { /* definite length method */ ++ ans = 0; ++ while (punt <= k && punt < der_len) ++ { ++ if (INT_MULTIPLY_OVERFLOW (ans, 256)) ++ return -2; ++ ans *= 256; ++ ++ if (INT_ADD_OVERFLOW (ans, ((unsigned) der[punt]))) ++ return -2; ++ ans += der[punt]; ++ punt++; ++ } ++ } ++ else ++ { /* indefinite length method */ ++ *len = punt; ++ return -1; ++ } ++ ++ *len = punt; ++ } ++ ++ sum = ans; ++ if (ans >= INT_MAX || INT_ADD_OVERFLOW (sum, (*len))) ++ return -2; ++ sum += *len; ++ ++ if (sum > der_len) ++ return -4; ++ ++ return ans; ++} ++ ++/** ++ * asn1_get_tag_der: ++ * @der: DER data to decode. ++ * @der_len: Length of DER data to decode. ++ * @cls: Output variable containing decoded class. ++ * @len: Output variable containing the length of the DER TAG data. ++ * @tag: Output variable containing the decoded tag (may be %NULL). ++ * ++ * Decode the class and TAG from DER code. ++ * ++ * Returns: Returns %ASN1_SUCCESS on success, or an error. ++ **/ ++int ++asn1_get_tag_der (const unsigned char *der, int der_len, ++ unsigned char *cls, int *len, unsigned long *tag) ++{ ++ unsigned int ris; ++ int punt; ++ ++ if (der == NULL || der_len < 2 || len == NULL) ++ return ASN1_DER_ERROR; ++ ++ *cls = der[0] & 0xE0; ++ if ((der[0] & 0x1F) != 0x1F) ++ { ++ /* short form */ ++ *len = 1; ++ ris = der[0] & 0x1F; ++ } ++ else ++ { ++ /* Long form */ ++ punt = 1; ++ ris = 0; ++ while (punt < der_len && der[punt] & 128) ++ { ++ ++ if (INT_MULTIPLY_OVERFLOW (ris, 128)) ++ return ASN1_DER_ERROR; ++ ris *= 128; ++ ++ if (INT_ADD_OVERFLOW (ris, ((unsigned) (der[punt] & 0x7F)))) ++ return ASN1_DER_ERROR; ++ ris += (der[punt] & 0x7F); ++ punt++; ++ } ++ ++ if (punt >= der_len) ++ return ASN1_DER_ERROR; ++ ++ if (INT_MULTIPLY_OVERFLOW (ris, 128)) ++ return ASN1_DER_ERROR; ++ ris *= 128; ++ ++ if (INT_ADD_OVERFLOW (ris, ((unsigned) (der[punt] & 0x7F)))) ++ return ASN1_DER_ERROR; ++ ris += (der[punt] & 0x7F); ++ punt++; ++ ++ *len = punt; ++ } ++ ++ if (tag) ++ *tag = ris; ++ return ASN1_SUCCESS; ++} ++ ++/** ++ * asn1_get_length_ber: ++ * @ber: BER data to decode. ++ * @ber_len: Length of BER data to decode. ++ * @len: Output variable containing the length of the BER length field. ++ * ++ * Extract a length field from BER data. The difference to ++ * asn1_get_length_der() is that this function will return a length ++ * even if the value has indefinite encoding. ++ * ++ * Returns: Return the decoded length value, or negative value when ++ * the value was too big. ++ * ++ * Since: 2.0 ++ **/ ++long ++asn1_get_length_ber (const unsigned char *ber, int ber_len, int *len) ++{ ++ int ret; ++ long err; ++ ++ ret = asn1_get_length_der (ber, ber_len, len); ++ ++ if (ret == -1 && ber_len > 1) ++ { /* indefinite length method */ ++ err = _asn1_get_indefinite_length_string (ber + 1, ber_len-1, &ret); ++ if (err != ASN1_SUCCESS) ++ return -3; ++ } ++ ++ return ret; ++} ++ ++/** ++ * asn1_get_octet_der: ++ * @der: DER data to decode containing the OCTET SEQUENCE. ++ * @der_len: The length of the @der data to decode. ++ * @ret_len: Output variable containing the encoded length of the DER data. ++ * @str: Pre-allocated output buffer to put decoded OCTET SEQUENCE in. ++ * @str_size: Length of pre-allocated output buffer. ++ * @str_len: Output variable containing the length of the contents of the OCTET SEQUENCE. ++ * ++ * Extract an OCTET SEQUENCE from DER data. Note that this function ++ * expects the DER data past the tag field, i.e., the length and ++ * content octets. ++ * ++ * Returns: Returns %ASN1_SUCCESS on success, or an error. ++ **/ ++int ++asn1_get_octet_der (const unsigned char *der, int der_len, ++ int *ret_len, unsigned char *str, int str_size, ++ int *str_len) ++{ ++ int len_len = 0; ++ ++ if (der_len <= 0) ++ return ASN1_GENERIC_ERROR; ++ ++ *str_len = asn1_get_length_der (der, der_len, &len_len); ++ ++ if (*str_len < 0) ++ return ASN1_DER_ERROR; ++ ++ *ret_len = *str_len + len_len; ++ if (str_size >= *str_len) ++ { ++ if (*str_len > 0 && str != NULL) ++ memcpy (str, der + len_len, *str_len); ++ } ++ else ++ { ++ return ASN1_MEM_ERROR; ++ } ++ ++ return ASN1_SUCCESS; ++} ++ ++ ++/*- ++ * _asn1_get_time_der: ++ * @type: %ASN1_ETYPE_GENERALIZED_TIME or %ASN1_ETYPE_UTC_TIME ++ * @der: DER data to decode containing the time ++ * @der_len: Length of DER data to decode. ++ * @ret_len: Output variable containing the length of the DER data. ++ * @str: Pre-allocated output buffer to put the textual time in. ++ * @str_size: Length of pre-allocated output buffer. ++ * @flags: Zero or %ASN1_DECODE_FLAG_STRICT_DER ++ * ++ * Performs basic checks in the DER encoded time object and returns its textual form. ++ * The textual form will be in the YYYYMMDD000000Z format for GeneralizedTime ++ * and YYMMDD000000Z for UTCTime. ++ * ++ * Returns: %ASN1_SUCCESS on success, or an error. ++ -*/ ++static int ++_asn1_get_time_der (unsigned type, const unsigned char *der, int der_len, int *ret_len, ++ char *str, int str_size, unsigned flags) ++{ ++ int len_len, str_len; ++ unsigned i; ++ unsigned sign_count = 0; ++ unsigned dot_count = 0; ++ const unsigned char *p; ++ ++ if (der_len <= 0 || str == NULL) ++ return ASN1_DER_ERROR; ++ ++ str_len = asn1_get_length_der (der, der_len, &len_len); ++ if (str_len <= 0 || str_size < str_len) ++ return ASN1_DER_ERROR; ++ ++ /* perform some sanity checks on the data */ ++ if (str_len < 8) ++ { ++ warn(); ++ return ASN1_TIME_ENCODING_ERROR; ++ } ++ ++ if ((flags & ASN1_DECODE_FLAG_STRICT_DER) && !(flags & ASN1_DECODE_FLAG_ALLOW_INCORRECT_TIME)) ++ { ++ p = &der[len_len]; ++ for (i=0;i<(unsigned)(str_len-1);i++) ++ { ++ if (c_isdigit(p[i]) == 0) ++ { ++ if (type == ASN1_ETYPE_GENERALIZED_TIME) ++ { ++ /* tolerate lax encodings */ ++ if (p[i] == '.' && dot_count == 0) ++ { ++ dot_count++; ++ continue; ++ } ++ ++ /* This is not really valid DER, but there are ++ * structures using that */ ++ if (!(flags & ASN1_DECODE_FLAG_STRICT_DER) && ++ (p[i] == '+' || p[i] == '-') && sign_count == 0) ++ { ++ sign_count++; ++ continue; ++ } ++ } ++ ++ warn(); ++ return ASN1_TIME_ENCODING_ERROR; ++ } ++ } ++ ++ if (sign_count == 0 && p[str_len-1] != 'Z') ++ { ++ warn(); ++ return ASN1_TIME_ENCODING_ERROR; ++ } ++ } ++ memcpy (str, der + len_len, str_len); ++ str[str_len] = 0; ++ *ret_len = str_len + len_len; ++ ++ return ASN1_SUCCESS; ++} ++ ++/** ++ * asn1_get_object_id_der: ++ * @der: DER data to decode containing the OBJECT IDENTIFIER ++ * @der_len: Length of DER data to decode. ++ * @ret_len: Output variable containing the length of the DER data. ++ * @str: Pre-allocated output buffer to put the textual object id in. ++ * @str_size: Length of pre-allocated output buffer. ++ * ++ * Converts a DER encoded object identifier to its textual form. This ++ * function expects the DER object identifier without the tag. ++ * ++ * Returns: %ASN1_SUCCESS on success, or an error. ++ **/ ++int ++asn1_get_object_id_der (const unsigned char *der, int der_len, int *ret_len, ++ char *str, int str_size) ++{ ++ int len_len, len, k; ++ int leading, parsed; ++ char temp[LTOSTR_MAX_SIZE]; ++ uint64_t val, val1, val0; ++ ++ *ret_len = 0; ++ if (str && str_size > 0) ++ str[0] = 0; /* no oid */ ++ ++ if (str == NULL || der_len <= 0) ++ return ASN1_GENERIC_ERROR; ++ ++ len = asn1_get_length_der (der, der_len, &len_len); ++ ++ if (len <= 0 || len + len_len > der_len) ++ return ASN1_DER_ERROR; ++ ++ /* leading octet can never be 0x80 */ ++ if (der[len_len] == 0x80) ++ return ASN1_DER_ERROR; ++ ++ val0 = 0; ++ ++ for (k = 0; k < len; k++) ++ { ++ if (INT_LEFT_SHIFT_OVERFLOW (val0, 7)) ++ return ASN1_DER_ERROR; ++ ++ val0 <<= 7; ++ val0 |= der[len_len + k] & 0x7F; ++ if (!(der[len_len + k] & 0x80)) ++ break; ++ } ++ parsed = ++k; ++ ++ /* val0 = (X*40) + Y, X={0,1,2}, Y<=39 when X={0,1} */ ++ /* X = val, Y = val1 */ ++ ++ /* check if X == 0 */ ++ val = 0; ++ val1 = val0; ++ if (val1 > 39) ++ { ++ val = 1; ++ val1 = val0 - 40; ++ if (val1 > 39) ++ { ++ val = 2; ++ val1 = val0 - 80; ++ } ++ } ++ ++ _asn1_str_cpy (str, str_size, _asn1_ltostr (val, temp)); ++ _asn1_str_cat (str, str_size, "."); ++ _asn1_str_cat (str, str_size, _asn1_ltostr (val1, temp)); ++ ++ val = 0; ++ leading = 1; ++ for (k = parsed; k < len; k++) ++ { ++ /* X.690 mandates that the leading byte must never be 0x80 ++ */ ++ if (leading != 0 && der[len_len + k] == 0x80) ++ return ASN1_DER_ERROR; ++ leading = 0; ++ ++ /* check for wrap around */ ++ if (INT_LEFT_SHIFT_OVERFLOW (val, 7)) ++ return ASN1_DER_ERROR; ++ ++ val = val << 7; ++ val |= der[len_len + k] & 0x7F; ++ ++ if (!(der[len_len + k] & 0x80)) ++ { ++ _asn1_str_cat (str, str_size, "."); ++ _asn1_str_cat (str, str_size, _asn1_ltostr (val, temp)); ++ val = 0; ++ leading = 1; ++ } ++ } ++ ++ if (INT_ADD_OVERFLOW (len, len_len)) ++ return ASN1_DER_ERROR; ++ ++ *ret_len = len + len_len; ++ ++ return ASN1_SUCCESS; ++} ++ ++/** ++ * asn1_get_bit_der: ++ * @der: DER data to decode containing the BIT SEQUENCE. ++ * @der_len: Length of DER data to decode. ++ * @ret_len: Output variable containing the length of the DER data. ++ * @str: Pre-allocated output buffer to put decoded BIT SEQUENCE in. ++ * @str_size: Length of pre-allocated output buffer. ++ * @bit_len: Output variable containing the size of the BIT SEQUENCE. ++ * ++ * Extract a BIT SEQUENCE from DER data. ++ * ++ * Returns: %ASN1_SUCCESS on success, or an error. ++ **/ ++int ++asn1_get_bit_der (const unsigned char *der, int der_len, ++ int *ret_len, unsigned char *str, int str_size, ++ int *bit_len) ++{ ++ int len_len = 0, len_byte; ++ ++ if (der_len <= 0) ++ return ASN1_GENERIC_ERROR; ++ ++ len_byte = asn1_get_length_der (der, der_len, &len_len) - 1; ++ if (len_byte < 0) ++ return ASN1_DER_ERROR; ++ ++ *ret_len = len_byte + len_len + 1; ++ *bit_len = len_byte * 8 - der[len_len]; ++ ++ if (*bit_len < 0) ++ return ASN1_DER_ERROR; ++ ++ if (str_size >= len_byte) ++ { ++ if (len_byte > 0 && str) ++ memcpy (str, der + len_len + 1, len_byte); ++ } ++ else ++ { ++ return ASN1_MEM_ERROR; ++ } ++ ++ return ASN1_SUCCESS; ++} ++ ++/* tag_len: the total tag length (explicit+inner) ++ * inner_tag_len: the inner_tag length ++ */ ++static int ++_asn1_extract_tag_der (asn1_node node, const unsigned char *der, int der_len, ++ int *tag_len, int *inner_tag_len, unsigned flags) ++{ ++ asn1_node p; ++ int counter, len2, len3, is_tag_implicit; ++ int result; ++ unsigned long tag, tag_implicit = 0; ++ unsigned char class, class2, class_implicit = 0; ++ ++ if (der_len <= 0) ++ return ASN1_GENERIC_ERROR; ++ ++ counter = is_tag_implicit = 0; ++ ++ if (node->type & CONST_TAG) ++ { ++ p = node->down; ++ while (p) ++ { ++ if (type_field (p->type) == ASN1_ETYPE_TAG) ++ { ++ if (p->type & CONST_APPLICATION) ++ class2 = ASN1_CLASS_APPLICATION; ++ else if (p->type & CONST_UNIVERSAL) ++ class2 = ASN1_CLASS_UNIVERSAL; ++ else if (p->type & CONST_PRIVATE) ++ class2 = ASN1_CLASS_PRIVATE; ++ else ++ class2 = ASN1_CLASS_CONTEXT_SPECIFIC; ++ ++ if (p->type & CONST_EXPLICIT) ++ { ++ if (asn1_get_tag_der ++ (der + counter, der_len, &class, &len2, ++ &tag) != ASN1_SUCCESS) ++ return ASN1_DER_ERROR; ++ ++ DECR_LEN(der_len, len2); ++ counter += len2; ++ ++ if (flags & ASN1_DECODE_FLAG_STRICT_DER) ++ len3 = ++ asn1_get_length_der (der + counter, der_len, ++ &len2); ++ else ++ len3 = ++ asn1_get_length_ber (der + counter, der_len, ++ &len2); ++ if (len3 < 0) ++ return ASN1_DER_ERROR; ++ ++ DECR_LEN(der_len, len2); ++ counter += len2; ++ ++ if (!is_tag_implicit) ++ { ++ if ((class != (class2 | ASN1_CLASS_STRUCTURED)) || ++ (tag != strtoul ((char *) p->value, NULL, 10))) ++ return ASN1_TAG_ERROR; ++ } ++ else ++ { /* ASN1_TAG_IMPLICIT */ ++ if ((class != class_implicit) || (tag != tag_implicit)) ++ return ASN1_TAG_ERROR; ++ } ++ is_tag_implicit = 0; ++ } ++ else ++ { /* ASN1_TAG_IMPLICIT */ ++ if (!is_tag_implicit) ++ { ++ if ((type_field (node->type) == ASN1_ETYPE_SEQUENCE) || ++ (type_field (node->type) == ASN1_ETYPE_SEQUENCE_OF) ++ || (type_field (node->type) == ASN1_ETYPE_SET) ++ || (type_field (node->type) == ASN1_ETYPE_SET_OF)) ++ class2 |= ASN1_CLASS_STRUCTURED; ++ class_implicit = class2; ++ tag_implicit = strtoul ((char *) p->value, NULL, 10); ++ is_tag_implicit = 1; ++ } ++ } ++ } ++ p = p->right; ++ } ++ } ++ ++ if (is_tag_implicit) ++ { ++ if (asn1_get_tag_der ++ (der + counter, der_len, &class, &len2, ++ &tag) != ASN1_SUCCESS) ++ return ASN1_DER_ERROR; ++ ++ DECR_LEN(der_len, len2); ++ ++ if ((class != class_implicit) || (tag != tag_implicit)) ++ { ++ if (type_field (node->type) == ASN1_ETYPE_OCTET_STRING) ++ { ++ class_implicit |= ASN1_CLASS_STRUCTURED; ++ if ((class != class_implicit) || (tag != tag_implicit)) ++ return ASN1_TAG_ERROR; ++ } ++ else ++ return ASN1_TAG_ERROR; ++ } ++ } ++ else ++ { ++ unsigned type = type_field (node->type); ++ if (type == ASN1_ETYPE_TAG) ++ { ++ *tag_len = 0; ++ if (inner_tag_len) ++ *inner_tag_len = 0; ++ return ASN1_SUCCESS; ++ } ++ ++ if (asn1_get_tag_der ++ (der + counter, der_len, &class, &len2, ++ &tag) != ASN1_SUCCESS) ++ return ASN1_DER_ERROR; ++ ++ DECR_LEN(der_len, len2); ++ ++ switch (type) ++ { ++ case ASN1_ETYPE_NULL: ++ case ASN1_ETYPE_BOOLEAN: ++ case ASN1_ETYPE_INTEGER: ++ case ASN1_ETYPE_ENUMERATED: ++ case ASN1_ETYPE_OBJECT_ID: ++ case ASN1_ETYPE_GENERALSTRING: ++ case ASN1_ETYPE_NUMERIC_STRING: ++ case ASN1_ETYPE_IA5_STRING: ++ case ASN1_ETYPE_TELETEX_STRING: ++ case ASN1_ETYPE_PRINTABLE_STRING: ++ case ASN1_ETYPE_UNIVERSAL_STRING: ++ case ASN1_ETYPE_BMP_STRING: ++ case ASN1_ETYPE_UTF8_STRING: ++ case ASN1_ETYPE_VISIBLE_STRING: ++ case ASN1_ETYPE_BIT_STRING: ++ case ASN1_ETYPE_SEQUENCE: ++ case ASN1_ETYPE_SEQUENCE_OF: ++ case ASN1_ETYPE_SET: ++ case ASN1_ETYPE_SET_OF: ++ case ASN1_ETYPE_GENERALIZED_TIME: ++ case ASN1_ETYPE_UTC_TIME: ++ if ((class != _asn1_tags[type].class) ++ || (tag != _asn1_tags[type].tag)) ++ return ASN1_DER_ERROR; ++ break; ++ ++ case ASN1_ETYPE_OCTET_STRING: ++ /* OCTET STRING is handled differently to allow ++ * BER encodings (structured class). */ ++ if (((class != ASN1_CLASS_UNIVERSAL) ++ && (class != (ASN1_CLASS_UNIVERSAL | ASN1_CLASS_STRUCTURED))) ++ || (tag != ASN1_TAG_OCTET_STRING)) ++ return ASN1_DER_ERROR; ++ break; ++ case ASN1_ETYPE_ANY: ++ counter -= len2; ++ break; ++ case ASN1_ETYPE_CHOICE: ++ counter -= len2; ++ break; ++ default: ++ return ASN1_DER_ERROR; ++ break; ++ } ++ } ++ ++ counter += len2; ++ *tag_len = counter; ++ if (inner_tag_len) ++ *inner_tag_len = len2; ++ return ASN1_SUCCESS; ++ ++cleanup: ++ return result; ++} ++ ++static int ++extract_tag_der_recursive(asn1_node node, const unsigned char *der, int der_len, ++ int *ret_len, int *inner_len, unsigned flags) ++{ ++asn1_node p; ++int ris = ASN1_DER_ERROR; ++ ++ if (type_field (node->type) == ASN1_ETYPE_CHOICE) ++ { ++ p = node->down; ++ while (p) ++ { ++ ris = _asn1_extract_tag_der (p, der, der_len, ret_len, inner_len, flags); ++ if (ris == ASN1_SUCCESS) ++ break; ++ p = p->right; ++ } ++ ++ *ret_len = 0; ++ return ris; ++ } ++ else ++ return _asn1_extract_tag_der (node, der, der_len, ret_len, inner_len, flags); ++} ++ ++static int ++_asn1_delete_not_used (asn1_node node) ++{ ++ asn1_node p, p2; ++ ++ if (node == NULL) ++ return ASN1_ELEMENT_NOT_FOUND; ++ ++ p = node; ++ while (p) ++ { ++ if (p->type & CONST_NOT_USED) ++ { ++ p2 = NULL; ++ if (p != node) ++ { ++ p2 = _asn1_find_left (p); ++ if (!p2) ++ p2 = _asn1_find_up (p); ++ } ++ asn1_delete_structure (&p); ++ p = p2; ++ } ++ ++ if (!p) ++ break; /* reach node */ ++ ++ if (p->down) ++ { ++ p = p->down; ++ } ++ else ++ { ++ if (p == node) ++ p = NULL; ++ else if (p->right) ++ p = p->right; ++ else ++ { ++ while (1) ++ { ++ p = _asn1_find_up (p); ++ if (p == node) ++ { ++ p = NULL; ++ break; ++ } ++ if (p->right) ++ { ++ p = p->right; ++ break; ++ } ++ } ++ } ++ } ++ } ++ return ASN1_SUCCESS; ++} ++ ++static int ++_asn1_get_indefinite_length_string (const unsigned char *der, ++ int der_len, int *len) ++{ ++ int len2, len3, counter, indefinite; ++ int result; ++ unsigned long tag; ++ unsigned char class; ++ ++ counter = indefinite = 0; ++ ++ while (1) ++ { ++ if (HAVE_TWO(der_len) && (der[counter] == 0) && (der[counter + 1] == 0)) ++ { ++ counter += 2; ++ DECR_LEN(der_len, 2); ++ ++ indefinite--; ++ if (indefinite <= 0) ++ break; ++ else ++ continue; ++ } ++ ++ if (asn1_get_tag_der ++ (der + counter, der_len, &class, &len2, ++ &tag) != ASN1_SUCCESS) ++ return ASN1_DER_ERROR; ++ ++ DECR_LEN(der_len, len2); ++ counter += len2; ++ ++ len2 = asn1_get_length_der (der + counter, der_len, &len3); ++ if (len2 < -1) ++ return ASN1_DER_ERROR; ++ ++ if (len2 == -1) ++ { ++ indefinite++; ++ counter += 1; ++ DECR_LEN(der_len, 1); ++ } ++ else ++ { ++ counter += len2 + len3; ++ DECR_LEN(der_len, len2+len3); ++ } ++ } ++ ++ *len = counter; ++ return ASN1_SUCCESS; ++ ++cleanup: ++ return result; ++} ++ ++static void delete_unneeded_choice_fields(asn1_node p) ++{ ++ asn1_node p2; ++ ++ while (p->right) ++ { ++ p2 = p->right; ++ asn1_delete_structure (&p2); ++ } ++} ++ ++ ++/** ++ * asn1_der_decoding2 ++ * @element: pointer to an ASN1 structure. ++ * @ider: vector that contains the DER encoding. ++ * @max_ider_len: pointer to an integer giving the information about the ++ * maximal number of bytes occupied by *@ider. The real size of the DER ++ * encoding is returned through this pointer. ++ * @flags: flags controlling the behaviour of the function. ++ * @errorDescription: null-terminated string contains details when an ++ * error occurred. ++ * ++ * Fill the structure *@element with values of a DER encoding string. The ++ * structure must just be created with function asn1_create_element(). ++ * ++ * If %ASN1_DECODE_FLAG_ALLOW_PADDING flag is set then the function will ignore ++ * padding after the decoded DER data. Upon a successful return the value of ++ * *@max_ider_len will be set to the number of bytes decoded. ++ * ++ * If %ASN1_DECODE_FLAG_STRICT_DER flag is set then the function will ++ * not decode any BER-encoded elements. ++ * ++ * Returns: %ASN1_SUCCESS if DER encoding OK, %ASN1_ELEMENT_NOT_FOUND ++ * if @ELEMENT is %NULL, and %ASN1_TAG_ERROR or ++ * %ASN1_DER_ERROR if the der encoding doesn't match the structure ++ * name (*@ELEMENT deleted). ++ **/ ++int ++asn1_der_decoding2 (asn1_node *element, const void *ider, int *max_ider_len, ++ unsigned int flags, char *errorDescription) ++{ ++ asn1_node node, p, p2, p3; ++ char temp[128]; ++ int counter, len2, len3, len4, move, ris, tlen; ++ struct node_tail_cache_st tcache = {NULL, NULL}; ++ unsigned char class; ++ unsigned long tag; ++ int tag_len; ++ int indefinite, result, total_len = *max_ider_len, ider_len = *max_ider_len; ++ int inner_tag_len; ++ unsigned char *ptmp; ++ const unsigned char *ptag; ++ const unsigned char *der = ider; ++ ++ node = *element; ++ ++ if (errorDescription != NULL) ++ errorDescription[0] = 0; ++ ++ if (node == NULL) ++ return ASN1_ELEMENT_NOT_FOUND; ++ ++ if (node->type & CONST_OPTION) ++ { ++ result = ASN1_GENERIC_ERROR; ++ warn(); ++ goto cleanup; ++ } ++ ++ counter = 0; ++ move = DOWN; ++ p = node; ++ while (1) ++ { ++ tag_len = 0; ++ inner_tag_len = 0; ++ ris = ASN1_SUCCESS; ++ if (move != UP) ++ { ++ if (p->type & CONST_SET) ++ { ++ p2 = _asn1_find_up (p); ++ len2 = p2->tmp_ival; ++ if (len2 == -1) ++ { ++ if (HAVE_TWO(ider_len) && !der[counter] && !der[counter + 1]) ++ { ++ p = p2; ++ move = UP; ++ counter += 2; ++ DECR_LEN(ider_len, 2); ++ continue; ++ } ++ } ++ else if (counter == len2) ++ { ++ p = p2; ++ move = UP; ++ continue; ++ } ++ else if (counter > len2) ++ { ++ result = ASN1_DER_ERROR; ++ warn(); ++ goto cleanup; ++ } ++ p2 = p2->down; ++ while (p2) ++ { ++ if ((p2->type & CONST_SET) && (p2->type & CONST_NOT_USED)) ++ { ++ ris = ++ extract_tag_der_recursive (p2, der + counter, ++ ider_len, &len2, NULL, flags); ++ if (ris == ASN1_SUCCESS) ++ { ++ p2->type &= ~CONST_NOT_USED; ++ p = p2; ++ break; ++ } ++ } ++ p2 = p2->right; ++ } ++ if (p2 == NULL) ++ { ++ result = ASN1_DER_ERROR; ++ warn(); ++ goto cleanup; ++ } ++ } ++ ++ /* the position in the DER structure this starts */ ++ p->start = counter; ++ p->end = total_len - 1; ++ ++ if ((p->type & CONST_OPTION) || (p->type & CONST_DEFAULT)) ++ { ++ p2 = _asn1_find_up (p); ++ len2 = p2->tmp_ival; ++ if (counter == len2) ++ { ++ if (p->right) ++ { ++ p2 = p->right; ++ move = RIGHT; ++ } ++ else ++ move = UP; ++ ++ if (p->type & CONST_OPTION) ++ asn1_delete_structure (&p); ++ ++ p = p2; ++ continue; ++ } ++ } ++ ++ if (type_field (p->type) == ASN1_ETYPE_CHOICE) ++ { ++ while (p->down) ++ { ++ ris = ++ extract_tag_der_recursive (p->down, der + counter, ++ ider_len, &len2, NULL, flags); ++ ++ if (ris == ASN1_SUCCESS) ++ { ++ delete_unneeded_choice_fields(p->down); ++ break; ++ } ++ else if (ris == ASN1_ERROR_TYPE_ANY) ++ { ++ result = ASN1_ERROR_TYPE_ANY; ++ warn(); ++ goto cleanup; ++ } ++ else ++ { ++ p2 = p->down; ++ asn1_delete_structure (&p2); ++ } ++ } ++ ++ if (p->down == NULL) ++ { ++ if (!(p->type & CONST_OPTION)) ++ { ++ result = ASN1_DER_ERROR; ++ warn(); ++ goto cleanup; ++ } ++ } ++ else if (type_field (p->type) != ASN1_ETYPE_CHOICE) ++ p = p->down; ++ ++ p->start = counter; ++ } ++ ++ if ((p->type & CONST_OPTION) || (p->type & CONST_DEFAULT)) ++ { ++ p2 = _asn1_find_up (p); ++ len2 = p2->tmp_ival; ++ ++ if ((len2 != -1) && (counter > len2)) ++ ris = ASN1_TAG_ERROR; ++ } ++ ++ if (ris == ASN1_SUCCESS) ++ ris = ++ extract_tag_der_recursive (p, der + counter, ider_len, ++ &tag_len, &inner_tag_len, flags); ++ ++ if (ris != ASN1_SUCCESS) ++ { ++ if (p->type & CONST_OPTION) ++ { ++ p->type |= CONST_NOT_USED; ++ move = RIGHT; ++ } ++ else if (p->type & CONST_DEFAULT) ++ { ++ _asn1_set_value (p, NULL, 0); ++ move = RIGHT; ++ } ++ else ++ { ++ if (errorDescription != NULL) ++ _asn1_error_description_tag_error (p, errorDescription); ++ ++ result = ASN1_TAG_ERROR; ++ warn(); ++ goto cleanup; ++ } ++ } ++ else ++ { ++ DECR_LEN(ider_len, tag_len); ++ counter += tag_len; ++ } ++ } ++ ++ if (ris == ASN1_SUCCESS) ++ { ++ switch (type_field (p->type)) ++ { ++ case ASN1_ETYPE_NULL: ++ DECR_LEN(ider_len, 1); ++ if (der[counter]) ++ { ++ result = ASN1_DER_ERROR; ++ warn(); ++ goto cleanup; ++ } ++ counter++; ++ move = RIGHT; ++ break; ++ case ASN1_ETYPE_BOOLEAN: ++ DECR_LEN(ider_len, 2); ++ ++ if (der[counter++] != 1) ++ { ++ result = ASN1_DER_ERROR; ++ warn(); ++ goto cleanup; ++ } ++ if (der[counter++] == 0) ++ _asn1_set_value (p, "F", 1); ++ else ++ _asn1_set_value (p, "T", 1); ++ move = RIGHT; ++ break; ++ case ASN1_ETYPE_INTEGER: ++ case ASN1_ETYPE_ENUMERATED: ++ len2 = ++ asn1_get_length_der (der + counter, ider_len, &len3); ++ if (len2 < 0) ++ { ++ result = ASN1_DER_ERROR; ++ warn(); ++ goto cleanup; ++ } ++ ++ DECR_LEN(ider_len, len3+len2); ++ ++ _asn1_set_value (p, der + counter, len3 + len2); ++ counter += len3 + len2; ++ move = RIGHT; ++ break; ++ case ASN1_ETYPE_OBJECT_ID: ++ result = ++ asn1_get_object_id_der (der + counter, ider_len, &len2, ++ temp, sizeof (temp)); ++ if (result != ASN1_SUCCESS) ++ { ++ warn(); ++ goto cleanup; ++ } ++ ++ DECR_LEN(ider_len, len2); ++ ++ tlen = strlen (temp); ++ if (tlen > 0) ++ _asn1_set_value (p, temp, tlen + 1); ++ ++ counter += len2; ++ move = RIGHT; ++ break; ++ case ASN1_ETYPE_GENERALIZED_TIME: ++ case ASN1_ETYPE_UTC_TIME: ++ result = ++ _asn1_get_time_der (type_field (p->type), der + counter, ider_len, &len2, temp, ++ sizeof (temp) - 1, flags); ++ if (result != ASN1_SUCCESS) ++ { ++ warn(); ++ goto cleanup; ++ } ++ ++ DECR_LEN(ider_len, len2); ++ ++ tlen = strlen (temp); ++ if (tlen > 0) ++ _asn1_set_value (p, temp, tlen); ++ ++ counter += len2; ++ move = RIGHT; ++ break; ++ case ASN1_ETYPE_OCTET_STRING: ++ if (counter < inner_tag_len) ++ { ++ result = ASN1_DER_ERROR; ++ warn(); ++ goto cleanup; ++ } ++ ++ ptag = der + counter - inner_tag_len; ++ if ((flags & ASN1_DECODE_FLAG_STRICT_DER) || !(ptag[0] & ASN1_CLASS_STRUCTURED)) ++ { ++ if (ptag[0] & ASN1_CLASS_STRUCTURED) ++ { ++ result = ASN1_DER_ERROR; ++ warn(); ++ goto cleanup; ++ } ++ ++ len2 = ++ asn1_get_length_der (der + counter, ider_len, &len3); ++ if (len2 < 0) ++ { ++ result = ASN1_DER_ERROR; ++ warn(); ++ goto cleanup; ++ } ++ ++ DECR_LEN(ider_len, len3+len2); ++ ++ _asn1_set_value (p, der + counter, len3 + len2); ++ counter += len3 + len2; ++ } ++ else ++ { ++ unsigned dflags = 0, vlen, ber_len; ++ ++ if (ptag[0] & ASN1_CLASS_STRUCTURED) ++ dflags |= DECODE_FLAG_CONSTRUCTED; ++ ++ result = _asn1_decode_simple_ber(type_field (p->type), der+counter, ider_len, &ptmp, &vlen, &ber_len, dflags); ++ if (result != ASN1_SUCCESS) ++ { ++ warn(); ++ goto cleanup; ++ } ++ ++ DECR_LEN(ider_len, ber_len); ++ ++ _asn1_set_value_lv (p, ptmp, vlen); ++ ++ counter += ber_len; ++ free(ptmp); ++ } ++ move = RIGHT; ++ break; ++ case ASN1_ETYPE_GENERALSTRING: ++ case ASN1_ETYPE_NUMERIC_STRING: ++ case ASN1_ETYPE_IA5_STRING: ++ case ASN1_ETYPE_TELETEX_STRING: ++ case ASN1_ETYPE_PRINTABLE_STRING: ++ case ASN1_ETYPE_UNIVERSAL_STRING: ++ case ASN1_ETYPE_BMP_STRING: ++ case ASN1_ETYPE_UTF8_STRING: ++ case ASN1_ETYPE_VISIBLE_STRING: ++ case ASN1_ETYPE_BIT_STRING: ++ len2 = ++ asn1_get_length_der (der + counter, ider_len, &len3); ++ if (len2 < 0) ++ { ++ result = ASN1_DER_ERROR; ++ warn(); ++ goto cleanup; ++ } ++ ++ DECR_LEN(ider_len, len3+len2); ++ ++ _asn1_set_value (p, der + counter, len3 + len2); ++ counter += len3 + len2; ++ move = RIGHT; ++ break; ++ case ASN1_ETYPE_SEQUENCE: ++ case ASN1_ETYPE_SET: ++ if (move == UP) ++ { ++ len2 = p->tmp_ival; ++ p->tmp_ival = 0; ++ if (len2 == -1) ++ { /* indefinite length method */ ++ DECR_LEN(ider_len, 2); ++ if ((der[counter]) || der[counter + 1]) ++ { ++ result = ASN1_DER_ERROR; ++ warn(); ++ goto cleanup; ++ } ++ counter += 2; ++ } ++ else ++ { /* definite length method */ ++ if (len2 != counter) ++ { ++ result = ASN1_DER_ERROR; ++ warn(); ++ goto cleanup; ++ } ++ } ++ move = RIGHT; ++ } ++ else ++ { /* move==DOWN || move==RIGHT */ ++ len3 = ++ asn1_get_length_der (der + counter, ider_len, &len2); ++ if (IS_ERR(len3, flags)) ++ { ++ result = ASN1_DER_ERROR; ++ warn(); ++ goto cleanup; ++ } ++ ++ DECR_LEN(ider_len, len2); ++ counter += len2; ++ ++ if (len3 > 0) ++ { ++ p->tmp_ival = counter + len3; ++ move = DOWN; ++ } ++ else if (len3 == 0) ++ { ++ p2 = p->down; ++ while (p2) ++ { ++ if (type_field (p2->type) != ASN1_ETYPE_TAG) ++ { ++ p3 = p2->right; ++ asn1_delete_structure (&p2); ++ p2 = p3; ++ } ++ else ++ p2 = p2->right; ++ } ++ move = RIGHT; ++ } ++ else ++ { /* indefinite length method */ ++ p->tmp_ival = -1; ++ move = DOWN; ++ } ++ } ++ break; ++ case ASN1_ETYPE_SEQUENCE_OF: ++ case ASN1_ETYPE_SET_OF: ++ if (move == UP) ++ { ++ len2 = p->tmp_ival; ++ if (len2 == -1) ++ { /* indefinite length method */ ++ if (!HAVE_TWO(ider_len) || ((der[counter]) || der[counter + 1])) ++ { ++ result = _asn1_append_sequence_set (p, &tcache); ++ if (result != 0) ++ { ++ warn(); ++ goto cleanup; ++ } ++ p = tcache.tail; ++ move = RIGHT; ++ continue; ++ } ++ ++ p->tmp_ival = 0; ++ tcache.tail = NULL; /* finished decoding this structure */ ++ tcache.head = NULL; ++ DECR_LEN(ider_len, 2); ++ counter += 2; ++ } ++ else ++ { /* definite length method */ ++ if (len2 > counter) ++ { ++ result = _asn1_append_sequence_set (p, &tcache); ++ if (result != 0) ++ { ++ warn(); ++ goto cleanup; ++ } ++ p = tcache.tail; ++ move = RIGHT; ++ continue; ++ } ++ ++ p->tmp_ival = 0; ++ tcache.tail = NULL; /* finished decoding this structure */ ++ tcache.head = NULL; ++ ++ if (len2 != counter) ++ { ++ result = ASN1_DER_ERROR; ++ warn(); ++ goto cleanup; ++ } ++ } ++ } ++ else ++ { /* move==DOWN || move==RIGHT */ ++ len3 = ++ asn1_get_length_der (der + counter, ider_len, &len2); ++ if (IS_ERR(len3, flags)) ++ { ++ result = ASN1_DER_ERROR; ++ warn(); ++ goto cleanup; ++ } ++ ++ DECR_LEN(ider_len, len2); ++ counter += len2; ++ if (len3) ++ { ++ if (len3 > 0) ++ { /* definite length method */ ++ p->tmp_ival = counter + len3; ++ } ++ else ++ { /* indefinite length method */ ++ p->tmp_ival = -1; ++ } ++ ++ p2 = p->down; ++ if (p2 == NULL) ++ { ++ result = ASN1_DER_ERROR; ++ warn(); ++ goto cleanup; ++ } ++ ++ while ((type_field (p2->type) == ASN1_ETYPE_TAG) ++ || (type_field (p2->type) == ASN1_ETYPE_SIZE)) ++ p2 = p2->right; ++ if (p2->right == NULL) ++ { ++ result = _asn1_append_sequence_set (p, &tcache); ++ if (result != 0) ++ { ++ warn(); ++ goto cleanup; ++ } ++ } ++ p = p2; ++ } ++ } ++ move = RIGHT; ++ break; ++ case ASN1_ETYPE_ANY: ++ /* Check indefinite lenth method in an EXPLICIT TAG */ ++ ++ if (!(flags & ASN1_DECODE_FLAG_STRICT_DER) && (p->type & CONST_TAG) && ++ tag_len == 2 && (der[counter - 1] == 0x80)) ++ indefinite = 1; ++ else ++ indefinite = 0; ++ ++ if (asn1_get_tag_der ++ (der + counter, ider_len, &class, &len2, ++ &tag) != ASN1_SUCCESS) ++ { ++ result = ASN1_DER_ERROR; ++ warn(); ++ goto cleanup; ++ } ++ ++ DECR_LEN(ider_len, len2); ++ ++ len4 = ++ asn1_get_length_der (der + counter + len2, ++ ider_len, &len3); ++ if (IS_ERR(len4, flags)) ++ { ++ result = ASN1_DER_ERROR; ++ warn(); ++ goto cleanup; ++ } ++ if (len4 != -1) /* definite */ ++ { ++ len2 += len4; ++ ++ DECR_LEN(ider_len, len4+len3); ++ _asn1_set_value_lv (p, der + counter, len2 + len3); ++ counter += len2 + len3; ++ } ++ else /* == -1 */ ++ { /* indefinite length */ ++ ider_len += len2; /* undo DECR_LEN */ ++ ++ if (counter == 0) ++ { ++ result = ASN1_DER_ERROR; ++ warn(); ++ goto cleanup; ++ } ++ ++ result = ++ _asn1_get_indefinite_length_string (der + counter, ider_len, &len2); ++ if (result != ASN1_SUCCESS) ++ { ++ warn(); ++ goto cleanup; ++ } ++ ++ DECR_LEN(ider_len, len2); ++ _asn1_set_value_lv (p, der + counter, len2); ++ counter += len2; ++ ++ } ++ ++ /* Check if a couple of 0x00 are present due to an EXPLICIT TAG with ++ an indefinite length method. */ ++ if (indefinite) ++ { ++ DECR_LEN(ider_len, 2); ++ if (!der[counter] && !der[counter + 1]) ++ { ++ counter += 2; ++ } ++ else ++ { ++ result = ASN1_DER_ERROR; ++ warn(); ++ goto cleanup; ++ } ++ } ++ ++ move = RIGHT; ++ break; ++ default: ++ move = (move == UP) ? RIGHT : DOWN; ++ break; ++ } ++ } ++ ++ if (p) ++ { ++ p->end = counter - 1; ++ } ++ ++ if (p == node && move != DOWN) ++ break; ++ ++ if (move == DOWN) ++ { ++ if (p->down) ++ p = p->down; ++ else ++ move = RIGHT; ++ } ++ if ((move == RIGHT) && !(p->type & CONST_SET)) ++ { ++ if (p->right) ++ p = p->right; ++ else ++ move = UP; ++ } ++ if (move == UP) ++ p = _asn1_find_up (p); ++ } ++ ++ _asn1_delete_not_used (*element); ++ ++ if ((ider_len < 0) || ++ (!(flags & ASN1_DECODE_FLAG_ALLOW_PADDING) && (ider_len != 0))) ++ { ++ warn(); ++ result = ASN1_DER_ERROR; ++ goto cleanup; ++ } ++ ++ *max_ider_len = total_len - ider_len; ++ ++ return ASN1_SUCCESS; ++ ++cleanup: ++ asn1_delete_structure (element); ++ return result; ++} ++ ++ ++/** ++ * asn1_der_decoding: ++ * @element: pointer to an ASN1 structure. ++ * @ider: vector that contains the DER encoding. ++ * @ider_len: number of bytes of *@ider: @ider[0]..@ider[len-1]. ++ * @errorDescription: null-terminated string contains details when an ++ * error occurred. ++ * ++ * Fill the structure *@element with values of a DER encoding ++ * string. The structure must just be created with function ++ * asn1_create_element(). ++ * ++ * Note that the *@element variable is provided as a pointer for ++ * historical reasons. ++ * ++ * Returns: %ASN1_SUCCESS if DER encoding OK, %ASN1_ELEMENT_NOT_FOUND ++ * if @ELEMENT is %NULL, and %ASN1_TAG_ERROR or ++ * %ASN1_DER_ERROR if the der encoding doesn't match the structure ++ * name (*@ELEMENT deleted). ++ **/ ++int ++asn1_der_decoding (asn1_node * element, const void *ider, int ider_len, ++ char *errorDescription) ++{ ++ return asn1_der_decoding2 (element, ider, &ider_len, 0, errorDescription); ++} ++ ++/** ++ * asn1_der_decoding_element: ++ * @structure: pointer to an ASN1 structure ++ * @elementName: name of the element to fill ++ * @ider: vector that contains the DER encoding of the whole structure. ++ * @len: number of bytes of *der: der[0]..der[len-1] ++ * @errorDescription: null-terminated string contains details when an ++ * error occurred. ++ * ++ * Fill the element named @ELEMENTNAME with values of a DER encoding ++ * string. The structure must just be created with function ++ * asn1_create_element(). The DER vector must contain the encoding ++ * string of the whole @STRUCTURE. If an error occurs during the ++ * decoding procedure, the *@STRUCTURE is deleted and set equal to ++ * %NULL. ++ * ++ * This function is deprecated and may just be an alias to asn1_der_decoding ++ * in future versions. Use asn1_der_decoding() instead. ++ * ++ * Returns: %ASN1_SUCCESS if DER encoding OK, %ASN1_ELEMENT_NOT_FOUND ++ * if ELEMENT is %NULL or @elementName == NULL, and ++ * %ASN1_TAG_ERROR or %ASN1_DER_ERROR if the der encoding doesn't ++ * match the structure @structure (*ELEMENT deleted). ++ **/ ++int ++asn1_der_decoding_element (asn1_node * structure, const char *elementName, ++ const void *ider, int len, char *errorDescription) ++{ ++ return asn1_der_decoding(structure, ider, len, errorDescription); ++} ++ ++/** ++ * asn1_der_decoding_startEnd: ++ * @element: pointer to an ASN1 element ++ * @ider: vector that contains the DER encoding. ++ * @ider_len: number of bytes of *@ider: @ider[0]..@ider[len-1] ++ * @name_element: an element of NAME structure. ++ * @start: the position of the first byte of NAME_ELEMENT decoding ++ * (@ider[*start]) ++ * @end: the position of the last byte of NAME_ELEMENT decoding ++ * (@ider[*end]) ++ * ++ * Find the start and end point of an element in a DER encoding ++ * string. I mean that if you have a der encoding and you have already ++ * used the function asn1_der_decoding() to fill a structure, it may ++ * happen that you want to find the piece of string concerning an ++ * element of the structure. ++ * ++ * One example is the sequence "tbsCertificate" inside an X509 ++ * certificate. ++ * ++ * Note that since libtasn1 3.7 the @ider and @ider_len parameters ++ * can be omitted, if the element is already decoded using asn1_der_decoding(). ++ * ++ * Returns: %ASN1_SUCCESS if DER encoding OK, %ASN1_ELEMENT_NOT_FOUND ++ * if ELEMENT is %asn1_node EMPTY or @name_element is not a valid ++ * element, %ASN1_TAG_ERROR or %ASN1_DER_ERROR if the der encoding ++ * doesn't match the structure ELEMENT. ++ **/ ++int ++asn1_der_decoding_startEnd (asn1_node element, const void *ider, int ider_len, ++ const char *name_element, int *start, int *end) ++{ ++ asn1_node node, node_to_find; ++ int result = ASN1_DER_ERROR; ++ ++ node = element; ++ ++ if (node == NULL) ++ return ASN1_ELEMENT_NOT_FOUND; ++ ++ node_to_find = asn1_find_node (node, name_element); ++ ++ if (node_to_find == NULL) ++ return ASN1_ELEMENT_NOT_FOUND; ++ ++ *start = node_to_find->start; ++ *end = node_to_find->end; ++ ++ if (*start == 0 && *end == 0) ++ { ++ if (ider == NULL || ider_len == 0) ++ return ASN1_GENERIC_ERROR; ++ ++ /* it seems asn1_der_decoding() wasn't called before. Do it now */ ++ result = asn1_der_decoding (&node, ider, ider_len, NULL); ++ if (result != ASN1_SUCCESS) ++ { ++ warn(); ++ return result; ++ } ++ ++ node_to_find = asn1_find_node (node, name_element); ++ if (node_to_find == NULL) ++ return ASN1_ELEMENT_NOT_FOUND; ++ ++ *start = node_to_find->start; ++ *end = node_to_find->end; ++ } ++ ++ if (*end < *start) ++ return ASN1_GENERIC_ERROR; ++ ++ return ASN1_SUCCESS; ++} ++ ++/** ++ * asn1_expand_any_defined_by: ++ * @definitions: ASN1 definitions ++ * @element: pointer to an ASN1 structure ++ * ++ * Expands every "ANY DEFINED BY" element of a structure created from ++ * a DER decoding process (asn1_der_decoding function). The element ++ * ANY must be defined by an OBJECT IDENTIFIER. The type used to ++ * expand the element ANY is the first one following the definition of ++ * the actual value of the OBJECT IDENTIFIER. ++ * ++ * Returns: %ASN1_SUCCESS if Substitution OK, %ASN1_ERROR_TYPE_ANY if ++ * some "ANY DEFINED BY" element couldn't be expanded due to a ++ * problem in OBJECT_ID -> TYPE association, or other error codes ++ * depending on DER decoding. ++ **/ ++int ++asn1_expand_any_defined_by (asn1_node_const definitions, asn1_node * element) ++{ ++ char name[2 * ASN1_MAX_NAME_SIZE + 2], ++ value[ASN1_MAX_NAME_SIZE]; ++ int retCode = ASN1_SUCCESS, result; ++ int len, len2, len3; ++ asn1_node_const p2; ++ asn1_node p, p3, aux = NULL; ++ char errorDescription[ASN1_MAX_ERROR_DESCRIPTION_SIZE]; ++ const char *definitionsName; ++ ++ if ((definitions == NULL) || (*element == NULL)) ++ return ASN1_ELEMENT_NOT_FOUND; ++ ++ definitionsName = definitions->name; ++ ++ p = *element; ++ while (p) ++ { ++ ++ switch (type_field (p->type)) ++ { ++ case ASN1_ETYPE_ANY: ++ if ((p->type & CONST_DEFINED_BY) && (p->value)) ++ { ++ /* search the "DEF_BY" element */ ++ p2 = p->down; ++ while ((p2) && (type_field (p2->type) != ASN1_ETYPE_CONSTANT)) ++ p2 = p2->right; ++ ++ if (!p2) ++ { ++ retCode = ASN1_ERROR_TYPE_ANY; ++ break; ++ } ++ ++ p3 = _asn1_find_up (p); ++ ++ if (!p3) ++ { ++ retCode = ASN1_ERROR_TYPE_ANY; ++ break; ++ } ++ ++ p3 = p3->down; ++ while (p3) ++ { ++ if (!(strcmp (p3->name, p2->name))) ++ break; ++ p3 = p3->right; ++ } ++ ++ if ((!p3) || (type_field (p3->type) != ASN1_ETYPE_OBJECT_ID) || ++ (p3->value == NULL)) ++ { ++ ++ p3 = _asn1_find_up (p); ++ p3 = _asn1_find_up (p3); ++ ++ if (!p3) ++ { ++ retCode = ASN1_ERROR_TYPE_ANY; ++ break; ++ } ++ ++ p3 = p3->down; ++ ++ while (p3) ++ { ++ if (!(strcmp (p3->name, p2->name))) ++ break; ++ p3 = p3->right; ++ } ++ ++ if ((!p3) || (type_field (p3->type) != ASN1_ETYPE_OBJECT_ID) ++ || (p3->value == NULL)) ++ { ++ retCode = ASN1_ERROR_TYPE_ANY; ++ break; ++ } ++ } ++ ++ /* search the OBJECT_ID into definitions */ ++ p2 = definitions->down; ++ while (p2) ++ { ++ if ((type_field (p2->type) == ASN1_ETYPE_OBJECT_ID) && ++ (p2->type & CONST_ASSIGN)) ++ { ++ snprintf(name, sizeof(name), "%s.%s", definitionsName, p2->name); ++ ++ len = ASN1_MAX_NAME_SIZE; ++ result = ++ asn1_read_value (definitions, name, value, &len); ++ ++ if ((result == ASN1_SUCCESS) ++ && (!_asn1_strcmp (p3->value, value))) ++ { ++ p2 = p2->right; /* pointer to the structure to ++ use for expansion */ ++ while ((p2) && (p2->type & CONST_ASSIGN)) ++ p2 = p2->right; ++ ++ if (p2) ++ { ++ snprintf(name, sizeof(name), "%s.%s", definitionsName, p2->name); ++ ++ result = ++ asn1_create_element (definitions, name, &aux); ++ if (result == ASN1_SUCCESS) ++ { ++ _asn1_cpy_name (aux, p); ++ len2 = ++ asn1_get_length_der (p->value, ++ p->value_len, &len3); ++ if (len2 < 0) ++ return ASN1_DER_ERROR; ++ ++ result = ++ asn1_der_decoding (&aux, p->value + len3, ++ len2, ++ errorDescription); ++ if (result == ASN1_SUCCESS) ++ { ++ ++ _asn1_set_right (aux, p->right); ++ _asn1_set_right (p, aux); ++ ++ result = asn1_delete_structure (&p); ++ if (result == ASN1_SUCCESS) ++ { ++ p = aux; ++ aux = NULL; ++ break; ++ } ++ else ++ { /* error with asn1_delete_structure */ ++ asn1_delete_structure (&aux); ++ retCode = result; ++ break; ++ } ++ } ++ else ++ { /* error with asn1_der_decoding */ ++ retCode = result; ++ break; ++ } ++ } ++ else ++ { /* error with asn1_create_element */ ++ retCode = result; ++ break; ++ } ++ } ++ else ++ { /* error with the pointer to the structure to exapand */ ++ retCode = ASN1_ERROR_TYPE_ANY; ++ break; ++ } ++ } ++ } ++ p2 = p2->right; ++ } /* end while */ ++ ++ if (!p2) ++ { ++ retCode = ASN1_ERROR_TYPE_ANY; ++ break; ++ } ++ ++ } ++ break; ++ default: ++ break; ++ } ++ ++ ++ if (p->down) ++ { ++ p = p->down; ++ } ++ else if (p == *element) ++ { ++ p = NULL; ++ break; ++ } ++ else if (p->right) ++ p = p->right; ++ else ++ { ++ while (1) ++ { ++ p = _asn1_find_up (p); ++ if (p == *element) ++ { ++ p = NULL; ++ break; ++ } ++ if (p->right) ++ { ++ p = p->right; ++ break; ++ } ++ } ++ } ++ } ++ ++ return retCode; ++} ++ ++/** ++ * asn1_expand_octet_string: ++ * @definitions: ASN1 definitions ++ * @element: pointer to an ASN1 structure ++ * @octetName: name of the OCTECT STRING field to expand. ++ * @objectName: name of the OBJECT IDENTIFIER field to use to define ++ * the type for expansion. ++ * ++ * Expands an "OCTET STRING" element of a structure created from a DER ++ * decoding process (the asn1_der_decoding() function). The type used ++ * for expansion is the first one following the definition of the ++ * actual value of the OBJECT IDENTIFIER indicated by OBJECTNAME. ++ * ++ * Returns: %ASN1_SUCCESS if substitution OK, %ASN1_ELEMENT_NOT_FOUND ++ * if @objectName or @octetName are not correct, ++ * %ASN1_VALUE_NOT_VALID if it wasn't possible to find the type to ++ * use for expansion, or other errors depending on DER decoding. ++ **/ ++int ++asn1_expand_octet_string (asn1_node_const definitions, asn1_node * element, ++ const char *octetName, const char *objectName) ++{ ++ char name[2 * ASN1_MAX_NAME_SIZE + 1], value[ASN1_MAX_NAME_SIZE]; ++ int retCode = ASN1_SUCCESS, result; ++ int len, len2, len3; ++ asn1_node_const p2; ++ asn1_node aux = NULL; ++ asn1_node octetNode = NULL, objectNode = NULL; ++ char errorDescription[ASN1_MAX_ERROR_DESCRIPTION_SIZE]; ++ ++ if ((definitions == NULL) || (*element == NULL)) ++ return ASN1_ELEMENT_NOT_FOUND; ++ ++ octetNode = asn1_find_node (*element, octetName); ++ if (octetNode == NULL) ++ return ASN1_ELEMENT_NOT_FOUND; ++ if (type_field (octetNode->type) != ASN1_ETYPE_OCTET_STRING) ++ return ASN1_ELEMENT_NOT_FOUND; ++ if (octetNode->value == NULL) ++ return ASN1_VALUE_NOT_FOUND; ++ ++ objectNode = asn1_find_node (*element, objectName); ++ if (objectNode == NULL) ++ return ASN1_ELEMENT_NOT_FOUND; ++ ++ if (type_field (objectNode->type) != ASN1_ETYPE_OBJECT_ID) ++ return ASN1_ELEMENT_NOT_FOUND; ++ ++ if (objectNode->value == NULL) ++ return ASN1_VALUE_NOT_FOUND; ++ ++ ++ /* search the OBJECT_ID into definitions */ ++ p2 = definitions->down; ++ while (p2) ++ { ++ if ((type_field (p2->type) == ASN1_ETYPE_OBJECT_ID) && ++ (p2->type & CONST_ASSIGN)) ++ { ++ strcpy (name, definitions->name); ++ strcat (name, "."); ++ strcat (name, p2->name); ++ ++ len = sizeof (value); ++ result = asn1_read_value (definitions, name, value, &len); ++ ++ if ((result == ASN1_SUCCESS) ++ && (!_asn1_strcmp (objectNode->value, value))) ++ { ++ ++ p2 = p2->right; /* pointer to the structure to ++ use for expansion */ ++ while ((p2) && (p2->type & CONST_ASSIGN)) ++ p2 = p2->right; ++ ++ if (p2) ++ { ++ strcpy (name, definitions->name); ++ strcat (name, "."); ++ strcat (name, p2->name); ++ ++ result = asn1_create_element (definitions, name, &aux); ++ if (result == ASN1_SUCCESS) ++ { ++ _asn1_cpy_name (aux, octetNode); ++ len2 = ++ asn1_get_length_der (octetNode->value, ++ octetNode->value_len, &len3); ++ if (len2 < 0) ++ return ASN1_DER_ERROR; ++ ++ result = ++ asn1_der_decoding (&aux, octetNode->value + len3, ++ len2, errorDescription); ++ if (result == ASN1_SUCCESS) ++ { ++ ++ _asn1_set_right (aux, octetNode->right); ++ _asn1_set_right (octetNode, aux); ++ ++ result = asn1_delete_structure (&octetNode); ++ if (result == ASN1_SUCCESS) ++ { ++ aux = NULL; ++ break; ++ } ++ else ++ { /* error with asn1_delete_structure */ ++ asn1_delete_structure (&aux); ++ retCode = result; ++ break; ++ } ++ } ++ else ++ { /* error with asn1_der_decoding */ ++ retCode = result; ++ break; ++ } ++ } ++ else ++ { /* error with asn1_create_element */ ++ retCode = result; ++ break; ++ } ++ } ++ else ++ { /* error with the pointer to the structure to exapand */ ++ retCode = ASN1_VALUE_NOT_VALID; ++ break; ++ } ++ } ++ } ++ ++ p2 = p2->right; ++ ++ } ++ ++ if (!p2) ++ retCode = ASN1_VALUE_NOT_VALID; ++ ++ return retCode; ++} ++ ++/*- ++ * _asn1_decode_simple_der: ++ * @etype: The type of the string to be encoded (ASN1_ETYPE_) ++ * @der: the encoded string ++ * @_der_len: the bytes of the encoded string ++ * @str: a pointer to the data ++ * @str_len: the length of the data ++ * @dflags: DECODE_FLAG_* ++ * ++ * Decodes a simple DER encoded type (e.g. a string, which is not constructed). ++ * The output is a pointer inside the @der. ++ * ++ * Returns: %ASN1_SUCCESS if successful or an error value. ++ -*/ ++static int ++_asn1_decode_simple_der (unsigned int etype, const unsigned char *der, ++ unsigned int _der_len, const unsigned char **str, ++ unsigned int *str_len, unsigned dflags) ++{ ++ int tag_len, len_len; ++ const unsigned char *p; ++ int der_len = _der_len; ++ unsigned char class; ++ unsigned long tag; ++ long ret; ++ ++ if (der == NULL || der_len == 0) ++ return ASN1_VALUE_NOT_VALID; ++ ++ if (ETYPE_OK (etype) == 0 || ETYPE_IS_STRING(etype) == 0) ++ return ASN1_VALUE_NOT_VALID; ++ ++ /* doesn't handle constructed classes */ ++ class = ETYPE_CLASS(etype); ++ if (class != ASN1_CLASS_UNIVERSAL) ++ return ASN1_VALUE_NOT_VALID; ++ ++ p = der; ++ ++ if (dflags & DECODE_FLAG_HAVE_TAG) ++ { ++ ret = asn1_get_tag_der (p, der_len, &class, &tag_len, &tag); ++ if (ret != ASN1_SUCCESS) ++ return ret; ++ ++ if (class != ETYPE_CLASS (etype) || tag != ETYPE_TAG (etype)) ++ { ++ warn(); ++ return ASN1_DER_ERROR; ++ } ++ ++ p += tag_len; ++ der_len -= tag_len; ++ if (der_len <= 0) ++ return ASN1_DER_ERROR; ++ } ++ ++ ret = asn1_get_length_der (p, der_len, &len_len); ++ if (ret < 0) ++ return ASN1_DER_ERROR; ++ ++ p += len_len; ++ der_len -= len_len; ++ if (der_len <= 0) ++ return ASN1_DER_ERROR; ++ ++ *str_len = ret; ++ *str = p; ++ ++ return ASN1_SUCCESS; ++} ++ ++/** ++ * asn1_decode_simple_der: ++ * @etype: The type of the string to be encoded (ASN1_ETYPE_) ++ * @der: the encoded string ++ * @_der_len: the bytes of the encoded string ++ * @str: a pointer to the data ++ * @str_len: the length of the data ++ * ++ * Decodes a simple DER encoded type (e.g. a string, which is not constructed). ++ * The output is a pointer inside the @der. ++ * ++ * Returns: %ASN1_SUCCESS if successful or an error value. ++ **/ ++int ++asn1_decode_simple_der (unsigned int etype, const unsigned char *der, ++ unsigned int _der_len, const unsigned char **str, ++ unsigned int *str_len) ++{ ++ return _asn1_decode_simple_der(etype, der, _der_len, str, str_len, DECODE_FLAG_HAVE_TAG); ++} ++ ++static int append(uint8_t **dst, unsigned *dst_size, const unsigned char *src, unsigned src_size) ++{ ++ if (src_size == 0) ++ return ASN1_SUCCESS; ++ ++ *dst = _asn1_realloc(*dst, *dst_size+src_size); ++ if (*dst == NULL) ++ return ASN1_MEM_ALLOC_ERROR; ++ memcpy(*dst + *dst_size, src, src_size); ++ *dst_size += src_size; ++ return ASN1_SUCCESS; ++} ++ ++/*- ++ * _asn1_decode_simple_ber: ++ * @etype: The type of the string to be encoded (ASN1_ETYPE_) ++ * @der: the encoded string ++ * @_der_len: the bytes of the encoded string ++ * @str: a pointer to the data ++ * @str_len: the length of the data ++ * @ber_len: the total length occupied by BER (may be %NULL) ++ * @have_tag: whether a DER tag is included ++ * ++ * Decodes a BER encoded type. The output is an allocated value ++ * of the data. This decodes BER STRINGS only. Other types are ++ * decoded as DER. ++ * ++ * Returns: %ASN1_SUCCESS if successful or an error value. ++ -*/ ++static int ++_asn1_decode_simple_ber (unsigned int etype, const unsigned char *der, ++ unsigned int _der_len, unsigned char **str, ++ unsigned int *str_len, unsigned int *ber_len, ++ unsigned dflags) ++{ ++ int tag_len, len_len; ++ const unsigned char *p; ++ int der_len = _der_len; ++ uint8_t *total = NULL; ++ unsigned total_size = 0; ++ unsigned char class; ++ unsigned long tag; ++ unsigned char *out = NULL; ++ const unsigned char *cout = NULL; ++ unsigned out_len; ++ long result; ++ ++ if (ber_len) *ber_len = 0; ++ ++ if (der == NULL || der_len == 0) ++ { ++ warn(); ++ return ASN1_VALUE_NOT_VALID; ++ } ++ ++ if (ETYPE_OK (etype) == 0) ++ { ++ warn(); ++ return ASN1_VALUE_NOT_VALID; ++ } ++ ++ /* doesn't handle constructed + definite classes */ ++ class = ETYPE_CLASS (etype); ++ if (class != ASN1_CLASS_UNIVERSAL) ++ { ++ warn(); ++ return ASN1_VALUE_NOT_VALID; ++ } ++ ++ p = der; ++ ++ if (dflags & DECODE_FLAG_HAVE_TAG) ++ { ++ result = asn1_get_tag_der (p, der_len, &class, &tag_len, &tag); ++ if (result != ASN1_SUCCESS) ++ { ++ warn(); ++ return result; ++ } ++ ++ if (tag != ETYPE_TAG (etype)) ++ { ++ warn(); ++ return ASN1_DER_ERROR; ++ } ++ ++ p += tag_len; ++ ++ DECR_LEN(der_len, tag_len); ++ ++ if (ber_len) *ber_len += tag_len; ++ } ++ ++ /* indefinite constructed */ ++ if ((((dflags & DECODE_FLAG_CONSTRUCTED) || class == ASN1_CLASS_STRUCTURED) && ETYPE_IS_STRING(etype)) && ++ !(dflags & DECODE_FLAG_LEVEL3)) ++ { ++ if (der_len == 0) ++ { ++ warn(); ++ result = ASN1_DER_ERROR; ++ goto cleanup; ++ } ++ ++ if (der_len > 0 && p[0] == 0x80) /* indefinite */ ++ { ++ len_len = 1; ++ DECR_LEN(der_len, len_len); ++ p += len_len; ++ ++ if (ber_len) *ber_len += len_len; ++ ++ /* decode the available octet strings */ ++ do ++ { ++ unsigned tmp_len; ++ unsigned flags = DECODE_FLAG_HAVE_TAG; ++ ++ if (dflags & DECODE_FLAG_LEVEL1) ++ flags |= DECODE_FLAG_LEVEL2; ++ else if (dflags & DECODE_FLAG_LEVEL2) ++ flags |= DECODE_FLAG_LEVEL3; ++ else ++ flags |= DECODE_FLAG_LEVEL1; ++ ++ result = _asn1_decode_simple_ber(etype, p, der_len, &out, &out_len, &tmp_len, ++ flags); ++ if (result != ASN1_SUCCESS) ++ { ++ warn(); ++ goto cleanup; ++ } ++ ++ p += tmp_len; ++ DECR_LEN(der_len, tmp_len); ++ ++ if (ber_len) *ber_len += tmp_len; ++ ++ DECR_LEN(der_len, 2); /* we need the EOC */ ++ ++ result = append(&total, &total_size, out, out_len); ++ if (result != ASN1_SUCCESS) ++ { ++ warn(); ++ goto cleanup; ++ } ++ ++ free(out); ++ out = NULL; ++ ++ if (p[0] == 0 && p[1] == 0) /* EOC */ ++ { ++ if (ber_len) *ber_len += 2; ++ break; ++ } ++ ++ /* no EOC */ ++ der_len += 2; ++ ++ if (der_len == 2) ++ { ++ warn(); ++ result = ASN1_DER_ERROR; ++ goto cleanup; ++ } ++ } ++ while(1); ++ } ++ else /* constructed */ ++ { ++ long const_len; ++ ++ result = asn1_get_length_ber(p, der_len, &len_len); ++ if (result < 0) ++ { ++ warn(); ++ result = ASN1_DER_ERROR; ++ goto cleanup; ++ } ++ ++ DECR_LEN(der_len, len_len); ++ p += len_len; ++ ++ const_len = result; ++ ++ if (ber_len) *ber_len += len_len; ++ ++ /* decode the available octet strings */ ++ while(const_len > 0) ++ { ++ unsigned tmp_len; ++ unsigned flags = DECODE_FLAG_HAVE_TAG; ++ ++ if (dflags & DECODE_FLAG_LEVEL1) ++ flags |= DECODE_FLAG_LEVEL2; ++ else if (dflags & DECODE_FLAG_LEVEL2) ++ flags |= DECODE_FLAG_LEVEL3; ++ else ++ flags |= DECODE_FLAG_LEVEL1; ++ ++ result = _asn1_decode_simple_ber(etype, p, der_len, &out, &out_len, &tmp_len, ++ flags); ++ if (result != ASN1_SUCCESS) ++ { ++ warn(); ++ goto cleanup; ++ } ++ ++ p += tmp_len; ++ DECR_LEN(der_len, tmp_len); ++ DECR_LEN(const_len, tmp_len); ++ ++ if (ber_len) *ber_len += tmp_len; ++ ++ result = append(&total, &total_size, out, out_len); ++ if (result != ASN1_SUCCESS) ++ { ++ warn(); ++ goto cleanup; ++ } ++ ++ free(out); ++ out = NULL; ++ } ++ } ++ } ++ else if (class == ETYPE_CLASS(etype)) ++ { ++ if (ber_len) ++ { ++ result = asn1_get_length_der (p, der_len, &len_len); ++ if (result < 0) ++ { ++ warn(); ++ result = ASN1_DER_ERROR; ++ goto cleanup; ++ } ++ *ber_len += result + len_len; ++ } ++ ++ /* non-string values are decoded as DER */ ++ result = _asn1_decode_simple_der(etype, der, _der_len, &cout, &out_len, dflags); ++ if (result != ASN1_SUCCESS) ++ { ++ warn(); ++ goto cleanup; ++ } ++ ++ result = append(&total, &total_size, cout, out_len); ++ if (result != ASN1_SUCCESS) ++ { ++ warn(); ++ goto cleanup; ++ } ++ } ++ else ++ { ++ warn(); ++ result = ASN1_DER_ERROR; ++ goto cleanup; ++ } ++ ++ *str = total; ++ *str_len = total_size; ++ ++ return ASN1_SUCCESS; ++cleanup: ++ free(out); ++ free(total); ++ return result; ++} ++ ++/** ++ * asn1_decode_simple_ber: ++ * @etype: The type of the string to be encoded (ASN1_ETYPE_) ++ * @der: the encoded string ++ * @_der_len: the bytes of the encoded string ++ * @str: a pointer to the data ++ * @str_len: the length of the data ++ * @ber_len: the total length occupied by BER (may be %NULL) ++ * ++ * Decodes a BER encoded type. The output is an allocated value ++ * of the data. This decodes BER STRINGS only. Other types are ++ * decoded as DER. ++ * ++ * Returns: %ASN1_SUCCESS if successful or an error value. ++ **/ ++int ++asn1_decode_simple_ber (unsigned int etype, const unsigned char *der, ++ unsigned int _der_len, unsigned char **str, ++ unsigned int *str_len, unsigned int *ber_len) ++{ ++ return _asn1_decode_simple_ber(etype, der, _der_len, str, str_len, ber_len, DECODE_FLAG_HAVE_TAG); ++} +diff --git a/grub-core/lib/libtasn1/lib/element.c b/grub-core/lib/libtasn1/lib/element.c +new file mode 100644 +index 000000000..997eb2725 +--- /dev/null ++++ b/grub-core/lib/libtasn1/lib/element.c +@@ -0,0 +1,1111 @@ ++/* ++ * Copyright (C) 2000-2014 Free Software Foundation, Inc. ++ * ++ * This file is part of LIBTASN1. ++ * ++ * The LIBTASN1 library is free software; you can redistribute it ++ * and/or modify it under the terms of the GNU Lesser General Public ++ * License as published by the Free Software Foundation; either ++ * version 2.1 of the License, or (at your option) any later version. ++ * ++ * This library is distributed in the hope that it will be useful, but ++ * WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ * Lesser General Public License for more details. ++ * ++ * You should have received a copy of the GNU Lesser General Public ++ * License along with this library; if not, write to the Free Software ++ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA ++ * 02110-1301, USA ++ */ ++ ++/*****************************************************/ ++/* File: element.c */ ++/* Description: Functions with the read and write */ ++/* functions. */ ++/*****************************************************/ ++ ++ ++#include ++#include "parser_aux.h" ++#include ++#include "structure.h" ++#include "c-ctype.h" ++#include "element.h" ++ ++void ++_asn1_hierarchical_name (asn1_node_const node, char *name, int name_size) ++{ ++ asn1_node_const p; ++ char tmp_name[64]; ++ ++ p = node; ++ ++ name[0] = 0; ++ ++ while (p != NULL) ++ { ++ if (p->name[0] != 0) ++ { ++ _asn1_str_cpy (tmp_name, sizeof (tmp_name), name), ++ _asn1_str_cpy (name, name_size, p->name); ++ _asn1_str_cat (name, name_size, "."); ++ _asn1_str_cat (name, name_size, tmp_name); ++ } ++ p = _asn1_find_up (p); ++ } ++ ++ if (name[0] == 0) ++ _asn1_str_cpy (name, name_size, "ROOT"); ++} ++ ++ ++/******************************************************************/ ++/* Function : _asn1_convert_integer */ ++/* Description: converts an integer from a null terminated string */ ++/* to der decoding. The convertion from a null */ ++/* terminated string to an integer is made with */ ++/* the 'strtol' function. */ ++/* Parameters: */ ++/* value: null terminated string to convert. */ ++/* value_out: convertion result (memory must be already */ ++/* allocated). */ ++/* value_out_size: number of bytes of value_out. */ ++/* len: number of significant byte of value_out. */ ++/* Return: ASN1_MEM_ERROR or ASN1_SUCCESS */ ++/******************************************************************/ ++int ++_asn1_convert_integer (const unsigned char *value, unsigned char *value_out, ++ int value_out_size, int *len) ++{ ++ char negative; ++ unsigned char val[SIZEOF_UNSIGNED_LONG_INT]; ++ long valtmp; ++ int k, k2; ++ ++ valtmp = _asn1_strtol (value, NULL, 10); ++ ++ for (k = 0; k < SIZEOF_UNSIGNED_LONG_INT; k++) ++ { ++ val[SIZEOF_UNSIGNED_LONG_INT - k - 1] = (valtmp >> (8 * k)) & 0xFF; ++ } ++ ++ if (val[0] & 0x80) ++ negative = 1; ++ else ++ negative = 0; ++ ++ for (k = 0; k < SIZEOF_UNSIGNED_LONG_INT - 1; k++) ++ { ++ if (negative && (val[k] != 0xFF)) ++ break; ++ else if (!negative && val[k]) ++ break; ++ } ++ ++ if ((negative && !(val[k] & 0x80)) || (!negative && (val[k] & 0x80))) ++ k--; ++ ++ *len = SIZEOF_UNSIGNED_LONG_INT - k; ++ ++ if (SIZEOF_UNSIGNED_LONG_INT - k > value_out_size) ++ /* VALUE_OUT is too short to contain the value conversion */ ++ return ASN1_MEM_ERROR; ++ ++ if (value_out != NULL) ++ { ++ for (k2 = k; k2 < SIZEOF_UNSIGNED_LONG_INT; k2++) ++ value_out[k2 - k] = val[k2]; ++ } ++ ++#if 0 ++ printf ("_asn1_convert_integer: valueIn=%s, lenOut=%d", value, *len); ++ for (k = 0; k < SIZEOF_UNSIGNED_LONG_INT; k++) ++ printf (", vOut[%d]=%d", k, value_out[k]); ++ printf ("\n"); ++#endif ++ ++ return ASN1_SUCCESS; ++} ++ ++/* Appends a new element into the sequence (or set) defined by this ++ * node. The new element will have a name of '?number', where number ++ * is a monotonically increased serial number. ++ * ++ * The last element in the list may be provided in @pcache, to avoid ++ * traversing the list, an expensive operation in long lists. ++ * ++ * On success it returns in @pcache the added element (which is the ++ * tail in the list of added elements). ++ */ ++int ++_asn1_append_sequence_set (asn1_node node, struct node_tail_cache_st *pcache) ++{ ++ asn1_node p, p2; ++ char temp[LTOSTR_MAX_SIZE]; ++ long n; ++ ++ if (!node || !(node->down)) ++ return ASN1_GENERIC_ERROR; ++ ++ p = node->down; ++ while ((type_field (p->type) == ASN1_ETYPE_TAG) ++ || (type_field (p->type) == ASN1_ETYPE_SIZE)) ++ p = p->right; ++ ++ p2 = _asn1_copy_structure3 (p); ++ if (p2 == NULL) ++ return ASN1_GENERIC_ERROR; ++ ++ if (pcache == NULL || pcache->tail == NULL || pcache->head != node) ++ { ++ while (p->right) ++ { ++ p = p->right; ++ } ++ } ++ else ++ { ++ p = pcache->tail; ++ } ++ ++ _asn1_set_right (p, p2); ++ if (pcache) ++ { ++ pcache->head = node; ++ pcache->tail = p2; ++ } ++ ++ if (p->name[0] == 0) ++ _asn1_str_cpy (temp, sizeof (temp), "?1"); ++ else ++ { ++ n = strtol (p->name + 1, NULL, 0); ++ n++; ++ temp[0] = '?'; ++ _asn1_ltostr (n, temp + 1); ++ } ++ _asn1_set_name (p2, temp); ++ /* p2->type |= CONST_OPTION; */ ++ ++ return ASN1_SUCCESS; ++} ++ ++ ++/** ++ * asn1_write_value: ++ * @node_root: pointer to a structure ++ * @name: the name of the element inside the structure that you want to set. ++ * @ivalue: vector used to specify the value to set. If len is >0, ++ * VALUE must be a two's complement form integer. if len=0 *VALUE ++ * must be a null terminated string with an integer value. ++ * @len: number of bytes of *value to use to set the value: ++ * value[0]..value[len-1] or 0 if value is a null terminated string ++ * ++ * Set the value of one element inside a structure. ++ * ++ * If an element is OPTIONAL and you want to delete it, you must use ++ * the value=NULL and len=0. Using "pkix.asn": ++ * ++ * result=asn1_write_value(cert, "tbsCertificate.issuerUniqueID", ++ * NULL, 0); ++ * ++ * Description for each type: ++ * ++ * INTEGER: VALUE must contain a two's complement form integer. ++ * ++ * value[0]=0xFF , len=1 -> integer=-1. ++ * value[0]=0xFF value[1]=0xFF , len=2 -> integer=-1. ++ * value[0]=0x01 , len=1 -> integer= 1. ++ * value[0]=0x00 value[1]=0x01 , len=2 -> integer= 1. ++ * value="123" , len=0 -> integer= 123. ++ * ++ * ENUMERATED: As INTEGER (but only with not negative numbers). ++ * ++ * BOOLEAN: VALUE must be the null terminated string "TRUE" or ++ * "FALSE" and LEN != 0. ++ * ++ * value="TRUE" , len=1 -> boolean=TRUE. ++ * value="FALSE" , len=1 -> boolean=FALSE. ++ * ++ * OBJECT IDENTIFIER: VALUE must be a null terminated string with ++ * each number separated by a dot (e.g. "1.2.3.543.1"). LEN != 0. ++ * ++ * value="1 2 840 10040 4 3" , len=1 -> OID=dsa-with-sha. ++ * ++ * UTCTime: VALUE must be a null terminated string in one of these ++ * formats: "YYMMDDhhmmssZ", "YYMMDDhhmmssZ", ++ * "YYMMDDhhmmss+hh'mm'", "YYMMDDhhmmss-hh'mm'", ++ * "YYMMDDhhmm+hh'mm'", or "YYMMDDhhmm-hh'mm'". LEN != 0. ++ * ++ * value="9801011200Z" , len=1 -> time=Jannuary 1st, 1998 ++ * at 12h 00m Greenwich Mean Time ++ * ++ * GeneralizedTime: VALUE must be in one of this format: ++ * "YYYYMMDDhhmmss.sZ", "YYYYMMDDhhmmss.sZ", ++ * "YYYYMMDDhhmmss.s+hh'mm'", "YYYYMMDDhhmmss.s-hh'mm'", ++ * "YYYYMMDDhhmm+hh'mm'", or "YYYYMMDDhhmm-hh'mm'" where ss.s ++ * indicates the seconds with any precision like "10.1" or "01.02". ++ * LEN != 0 ++ * ++ * value="2001010112001.12-0700" , len=1 -> time=Jannuary ++ * 1st, 2001 at 12h 00m 01.12s Pacific Daylight Time ++ * ++ * OCTET STRING: VALUE contains the octet string and LEN is the ++ * number of octets. ++ * ++ * value="$\backslash$x01$\backslash$x02$\backslash$x03" , ++ * len=3 -> three bytes octet string ++ * ++ * GeneralString: VALUE contains the generalstring and LEN is the ++ * number of octets. ++ * ++ * value="$\backslash$x01$\backslash$x02$\backslash$x03" , ++ * len=3 -> three bytes generalstring ++ * ++ * BIT STRING: VALUE contains the bit string organized by bytes and ++ * LEN is the number of bits. ++ * ++ * value="$\backslash$xCF" , len=6 -> bit string="110011" (six ++ * bits) ++ * ++ * CHOICE: if NAME indicates a choice type, VALUE must specify one of ++ * the alternatives with a null terminated string. LEN != 0. Using ++ * "pkix.asn"\: ++ * ++ * result=asn1_write_value(cert, ++ * "certificate1.tbsCertificate.subject", "rdnSequence", ++ * 1); ++ * ++ * ANY: VALUE indicates the der encoding of a structure. LEN != 0. ++ * ++ * SEQUENCE OF: VALUE must be the null terminated string "NEW" and ++ * LEN != 0. With this instruction another element is appended in ++ * the sequence. The name of this element will be "?1" if it's the ++ * first one, "?2" for the second and so on. ++ * ++ * Using "pkix.asn"\: ++ * ++ * result=asn1_write_value(cert, ++ * "certificate1.tbsCertificate.subject.rdnSequence", "NEW", 1); ++ * ++ * SET OF: the same as SEQUENCE OF. Using "pkix.asn": ++ * ++ * result=asn1_write_value(cert, ++ * "tbsCertificate.subject.rdnSequence.?LAST", "NEW", 1); ++ * ++ * Returns: %ASN1_SUCCESS if the value was set, ++ * %ASN1_ELEMENT_NOT_FOUND if @name is not a valid element, and ++ * %ASN1_VALUE_NOT_VALID if @ivalue has a wrong format. ++ **/ ++int ++asn1_write_value (asn1_node node_root, const char *name, ++ const void *ivalue, int len) ++{ ++ asn1_node node, p, p2; ++ unsigned char *temp, *value_temp = NULL, *default_temp = NULL; ++ int len2, k, k2, negative; ++ size_t i; ++ const unsigned char *value = ivalue; ++ unsigned int type; ++ ++ node = asn1_find_node (node_root, name); ++ if (node == NULL) ++ return ASN1_ELEMENT_NOT_FOUND; ++ ++ if ((node->type & CONST_OPTION) && (value == NULL) && (len == 0)) ++ { ++ asn1_delete_structure (&node); ++ return ASN1_SUCCESS; ++ } ++ ++ type = type_field (node->type); ++ ++ if ((type == ASN1_ETYPE_SEQUENCE_OF || type == ASN1_ETYPE_SET_OF) && (value == NULL) && (len == 0)) ++ { ++ p = node->down; ++ while ((type_field (p->type) == ASN1_ETYPE_TAG) ++ || (type_field (p->type) == ASN1_ETYPE_SIZE)) ++ p = p->right; ++ ++ while (p->right) ++ asn1_delete_structure (&p->right); ++ ++ return ASN1_SUCCESS; ++ } ++ ++ /* Don't allow element deletion for other types */ ++ if (value == NULL) ++ { ++ return ASN1_VALUE_NOT_VALID; ++ } ++ ++ switch (type) ++ { ++ case ASN1_ETYPE_BOOLEAN: ++ if (!_asn1_strcmp (value, "TRUE")) ++ { ++ if (node->type & CONST_DEFAULT) ++ { ++ p = node->down; ++ while (type_field (p->type) != ASN1_ETYPE_DEFAULT) ++ p = p->right; ++ if (p->type & CONST_TRUE) ++ _asn1_set_value (node, NULL, 0); ++ else ++ _asn1_set_value (node, "T", 1); ++ } ++ else ++ _asn1_set_value (node, "T", 1); ++ } ++ else if (!_asn1_strcmp (value, "FALSE")) ++ { ++ if (node->type & CONST_DEFAULT) ++ { ++ p = node->down; ++ while (type_field (p->type) != ASN1_ETYPE_DEFAULT) ++ p = p->right; ++ if (p->type & CONST_FALSE) ++ _asn1_set_value (node, NULL, 0); ++ else ++ _asn1_set_value (node, "F", 1); ++ } ++ else ++ _asn1_set_value (node, "F", 1); ++ } ++ else ++ return ASN1_VALUE_NOT_VALID; ++ break; ++ case ASN1_ETYPE_INTEGER: ++ case ASN1_ETYPE_ENUMERATED: ++ if (len == 0) ++ { ++ if ((c_isdigit (value[0])) || (value[0] == '-')) ++ { ++ value_temp = malloc (SIZEOF_UNSIGNED_LONG_INT); ++ if (value_temp == NULL) ++ return ASN1_MEM_ALLOC_ERROR; ++ ++ _asn1_convert_integer (value, value_temp, ++ SIZEOF_UNSIGNED_LONG_INT, &len); ++ } ++ else ++ { /* is an identifier like v1 */ ++ if (!(node->type & CONST_LIST)) ++ return ASN1_VALUE_NOT_VALID; ++ p = node->down; ++ while (p) ++ { ++ if (type_field (p->type) == ASN1_ETYPE_CONSTANT) ++ { ++ if (!_asn1_strcmp (p->name, value)) ++ { ++ value_temp = malloc (SIZEOF_UNSIGNED_LONG_INT); ++ if (value_temp == NULL) ++ return ASN1_MEM_ALLOC_ERROR; ++ ++ _asn1_convert_integer (p->value, ++ value_temp, ++ SIZEOF_UNSIGNED_LONG_INT, ++ &len); ++ break; ++ } ++ } ++ p = p->right; ++ } ++ if (p == NULL) ++ return ASN1_VALUE_NOT_VALID; ++ } ++ } ++ else ++ { /* len != 0 */ ++ value_temp = malloc (len); ++ if (value_temp == NULL) ++ return ASN1_MEM_ALLOC_ERROR; ++ memcpy (value_temp, value, len); ++ } ++ ++ if (value_temp[0] & 0x80) ++ negative = 1; ++ else ++ negative = 0; ++ ++ if (negative && (type_field (node->type) == ASN1_ETYPE_ENUMERATED)) ++ { ++ free (value_temp); ++ return ASN1_VALUE_NOT_VALID; ++ } ++ ++ for (k = 0; k < len - 1; k++) ++ if (negative && (value_temp[k] != 0xFF)) ++ break; ++ else if (!negative && value_temp[k]) ++ break; ++ ++ if ((negative && !(value_temp[k] & 0x80)) || ++ (!negative && (value_temp[k] & 0x80))) ++ k--; ++ ++ _asn1_set_value_lv (node, value_temp + k, len - k); ++ ++ if (node->type & CONST_DEFAULT) ++ { ++ p = node->down; ++ while (type_field (p->type) != ASN1_ETYPE_DEFAULT) ++ p = p->right; ++ if ((c_isdigit (p->value[0])) || (p->value[0] == '-')) ++ { ++ default_temp = malloc (SIZEOF_UNSIGNED_LONG_INT); ++ if (default_temp == NULL) ++ { ++ free (value_temp); ++ return ASN1_MEM_ALLOC_ERROR; ++ } ++ ++ _asn1_convert_integer (p->value, default_temp, ++ SIZEOF_UNSIGNED_LONG_INT, &len2); ++ } ++ else ++ { /* is an identifier like v1 */ ++ if (!(node->type & CONST_LIST)) ++ { ++ free (value_temp); ++ return ASN1_VALUE_NOT_VALID; ++ } ++ p2 = node->down; ++ while (p2) ++ { ++ if (type_field (p2->type) == ASN1_ETYPE_CONSTANT) ++ { ++ if (!_asn1_strcmp (p2->name, p->value)) ++ { ++ default_temp = malloc (SIZEOF_UNSIGNED_LONG_INT); ++ if (default_temp == NULL) ++ { ++ free (value_temp); ++ return ASN1_MEM_ALLOC_ERROR; ++ } ++ ++ _asn1_convert_integer (p2->value, ++ default_temp, ++ SIZEOF_UNSIGNED_LONG_INT, ++ &len2); ++ break; ++ } ++ } ++ p2 = p2->right; ++ } ++ if (p2 == NULL) ++ { ++ free (value_temp); ++ return ASN1_VALUE_NOT_VALID; ++ } ++ } ++ ++ ++ if ((len - k) == len2) ++ { ++ for (k2 = 0; k2 < len2; k2++) ++ if (value_temp[k + k2] != default_temp[k2]) ++ { ++ break; ++ } ++ if (k2 == len2) ++ _asn1_set_value (node, NULL, 0); ++ } ++ free (default_temp); ++ } ++ free (value_temp); ++ break; ++ case ASN1_ETYPE_OBJECT_ID: ++ for (i = 0; i < _asn1_strlen (value); i++) ++ if ((!c_isdigit (value[i])) && (value[i] != '.') && (value[i] != '+')) ++ return ASN1_VALUE_NOT_VALID; ++ if (node->type & CONST_DEFAULT) ++ { ++ p = node->down; ++ while (type_field (p->type) != ASN1_ETYPE_DEFAULT) ++ p = p->right; ++ if (!_asn1_strcmp (value, p->value)) ++ { ++ _asn1_set_value (node, NULL, 0); ++ break; ++ } ++ } ++ _asn1_set_value (node, value, _asn1_strlen (value) + 1); ++ break; ++ case ASN1_ETYPE_UTC_TIME: ++ { ++ len = _asn1_strlen (value); ++ if (len < 11) ++ return ASN1_VALUE_NOT_VALID; ++ for (k = 0; k < 10; k++) ++ if (!c_isdigit (value[k])) ++ return ASN1_VALUE_NOT_VALID; ++ switch (len) ++ { ++ case 11: ++ if (value[10] != 'Z') ++ return ASN1_VALUE_NOT_VALID; ++ break; ++ case 13: ++ if ((!c_isdigit (value[10])) || (!c_isdigit (value[11])) || ++ (value[12] != 'Z')) ++ return ASN1_VALUE_NOT_VALID; ++ break; ++ case 15: ++ if ((value[10] != '+') && (value[10] != '-')) ++ return ASN1_VALUE_NOT_VALID; ++ for (k = 11; k < 15; k++) ++ if (!c_isdigit (value[k])) ++ return ASN1_VALUE_NOT_VALID; ++ break; ++ case 17: ++ if ((!c_isdigit (value[10])) || (!c_isdigit (value[11]))) ++ return ASN1_VALUE_NOT_VALID; ++ if ((value[12] != '+') && (value[12] != '-')) ++ return ASN1_VALUE_NOT_VALID; ++ for (k = 13; k < 17; k++) ++ if (!c_isdigit (value[k])) ++ return ASN1_VALUE_NOT_VALID; ++ break; ++ default: ++ return ASN1_VALUE_NOT_FOUND; ++ } ++ _asn1_set_value (node, value, len); ++ } ++ break; ++ case ASN1_ETYPE_GENERALIZED_TIME: ++ len = _asn1_strlen (value); ++ _asn1_set_value (node, value, len); ++ break; ++ case ASN1_ETYPE_OCTET_STRING: ++ case ASN1_ETYPE_GENERALSTRING: ++ case ASN1_ETYPE_NUMERIC_STRING: ++ case ASN1_ETYPE_IA5_STRING: ++ case ASN1_ETYPE_TELETEX_STRING: ++ case ASN1_ETYPE_PRINTABLE_STRING: ++ case ASN1_ETYPE_UNIVERSAL_STRING: ++ case ASN1_ETYPE_BMP_STRING: ++ case ASN1_ETYPE_UTF8_STRING: ++ case ASN1_ETYPE_VISIBLE_STRING: ++ if (len == 0) ++ len = _asn1_strlen (value); ++ _asn1_set_value_lv (node, value, len); ++ break; ++ case ASN1_ETYPE_BIT_STRING: ++ if (len == 0) ++ len = _asn1_strlen (value); ++ asn1_length_der ((len >> 3) + 2, NULL, &len2); ++ temp = malloc ((len >> 3) + 2 + len2); ++ if (temp == NULL) ++ return ASN1_MEM_ALLOC_ERROR; ++ ++ asn1_bit_der (value, len, temp, &len2); ++ _asn1_set_value_m (node, temp, len2); ++ temp = NULL; ++ break; ++ case ASN1_ETYPE_CHOICE: ++ p = node->down; ++ while (p) ++ { ++ if (!_asn1_strcmp (p->name, value)) ++ { ++ p2 = node->down; ++ while (p2) ++ { ++ if (p2 != p) ++ { ++ asn1_delete_structure (&p2); ++ p2 = node->down; ++ } ++ else ++ p2 = p2->right; ++ } ++ break; ++ } ++ p = p->right; ++ } ++ if (!p) ++ return ASN1_ELEMENT_NOT_FOUND; ++ break; ++ case ASN1_ETYPE_ANY: ++ _asn1_set_value_lv (node, value, len); ++ break; ++ case ASN1_ETYPE_SEQUENCE_OF: ++ case ASN1_ETYPE_SET_OF: ++ if (_asn1_strcmp (value, "NEW")) ++ return ASN1_VALUE_NOT_VALID; ++ _asn1_append_sequence_set (node, NULL); ++ break; ++ default: ++ return ASN1_ELEMENT_NOT_FOUND; ++ break; ++ } ++ ++ return ASN1_SUCCESS; ++} ++ ++ ++#define PUT_VALUE( ptr, ptr_size, data, data_size) \ ++ *len = data_size; \ ++ if (ptr_size < data_size) { \ ++ return ASN1_MEM_ERROR; \ ++ } else { \ ++ if (ptr && data_size > 0) \ ++ memcpy (ptr, data, data_size); \ ++ } ++ ++#define PUT_STR_VALUE( ptr, ptr_size, data) \ ++ *len = _asn1_strlen (data) + 1; \ ++ if (ptr_size < *len) { \ ++ return ASN1_MEM_ERROR; \ ++ } else { \ ++ /* this strcpy is checked */ \ ++ if (ptr) { \ ++ _asn1_strcpy (ptr, data); \ ++ } \ ++ } ++ ++#define PUT_AS_STR_VALUE( ptr, ptr_size, data, data_size) \ ++ *len = data_size + 1; \ ++ if (ptr_size < *len) { \ ++ return ASN1_MEM_ERROR; \ ++ } else { \ ++ /* this strcpy is checked */ \ ++ if (ptr) { \ ++ if (data_size > 0) \ ++ memcpy (ptr, data, data_size); \ ++ ptr[data_size] = 0; \ ++ } \ ++ } ++ ++#define ADD_STR_VALUE( ptr, ptr_size, data) \ ++ *len += _asn1_strlen(data); \ ++ if (ptr_size < (int) *len) { \ ++ (*len)++; \ ++ return ASN1_MEM_ERROR; \ ++ } else { \ ++ /* this strcat is checked */ \ ++ if (ptr) _asn1_strcat (ptr, data); \ ++ } ++ ++/** ++ * asn1_read_value: ++ * @root: pointer to a structure. ++ * @name: the name of the element inside a structure that you want to read. ++ * @ivalue: vector that will contain the element's content, must be a ++ * pointer to memory cells already allocated (may be %NULL). ++ * @len: number of bytes of *value: value[0]..value[len-1]. Initialy ++ * holds the sizeof value. ++ * ++ * Returns the value of one element inside a structure. ++ * If an element is OPTIONAL and this returns ++ * %ASN1_ELEMENT_NOT_FOUND, it means that this element wasn't present ++ * in the der encoding that created the structure. The first element ++ * of a SEQUENCE_OF or SET_OF is named "?1". The second one "?2" and ++ * so on. If the @root provided is a node to specific sequence element, ++ * then the keyword "?CURRENT" is also acceptable and indicates the ++ * current sequence element of this node. ++ * ++ * Note that there can be valid values with length zero. In these case ++ * this function will succeed and @len will be zero. ++ * ++ * INTEGER: VALUE will contain a two's complement form integer. ++ * ++ * integer=-1 -> value[0]=0xFF , len=1. ++ * integer=1 -> value[0]=0x01 , len=1. ++ * ++ * ENUMERATED: As INTEGER (but only with not negative numbers). ++ * ++ * BOOLEAN: VALUE will be the null terminated string "TRUE" or ++ * "FALSE" and LEN=5 or LEN=6. ++ * ++ * OBJECT IDENTIFIER: VALUE will be a null terminated string with ++ * each number separated by a dot (i.e. "1.2.3.543.1"). ++ * ++ * LEN = strlen(VALUE)+1 ++ * ++ * UTCTime: VALUE will be a null terminated string in one of these ++ * formats: "YYMMDDhhmmss+hh'mm'" or "YYMMDDhhmmss-hh'mm'". ++ * LEN=strlen(VALUE)+1. ++ * ++ * GeneralizedTime: VALUE will be a null terminated string in the ++ * same format used to set the value. ++ * ++ * OCTET STRING: VALUE will contain the octet string and LEN will be ++ * the number of octets. ++ * ++ * GeneralString: VALUE will contain the generalstring and LEN will ++ * be the number of octets. ++ * ++ * BIT STRING: VALUE will contain the bit string organized by bytes ++ * and LEN will be the number of bits. ++ * ++ * CHOICE: If NAME indicates a choice type, VALUE will specify the ++ * alternative selected. ++ * ++ * ANY: If NAME indicates an any type, VALUE will indicate the DER ++ * encoding of the structure actually used. ++ * ++ * Returns: %ASN1_SUCCESS if value is returned, ++ * %ASN1_ELEMENT_NOT_FOUND if @name is not a valid element, ++ * %ASN1_VALUE_NOT_FOUND if there isn't any value for the element ++ * selected, and %ASN1_MEM_ERROR if The value vector isn't big enough ++ * to store the result, and in this case @len will contain the number of ++ * bytes needed. On the occasion that the stored data are of zero-length ++ * this function may return %ASN1_SUCCESS even if the provided @len is zero. ++ **/ ++int ++asn1_read_value (asn1_node_const root, const char *name, void *ivalue, int *len) ++{ ++ return asn1_read_value_type (root, name, ivalue, len, NULL); ++} ++ ++/** ++ * asn1_read_value_type: ++ * @root: pointer to a structure. ++ * @name: the name of the element inside a structure that you want to read. ++ * @ivalue: vector that will contain the element's content, must be a ++ * pointer to memory cells already allocated (may be %NULL). ++ * @len: number of bytes of *value: value[0]..value[len-1]. Initialy ++ * holds the sizeof value. ++ * @etype: The type of the value read (ASN1_ETYPE) ++ * ++ * Returns the type and value of one element inside a structure. ++ * If an element is OPTIONAL and this returns ++ * %ASN1_ELEMENT_NOT_FOUND, it means that this element wasn't present ++ * in the der encoding that created the structure. The first element ++ * of a SEQUENCE_OF or SET_OF is named "?1". The second one "?2" and ++ * so on. If the @root provided is a node to specific sequence element, ++ * then the keyword "?CURRENT" is also acceptable and indicates the ++ * current sequence element of this node. ++ * ++ * Note that there can be valid values with length zero. In these case ++ * this function will succeed and @len will be zero. ++ * ++ * ++ * INTEGER: VALUE will contain a two's complement form integer. ++ * ++ * integer=-1 -> value[0]=0xFF , len=1. ++ * integer=1 -> value[0]=0x01 , len=1. ++ * ++ * ENUMERATED: As INTEGER (but only with not negative numbers). ++ * ++ * BOOLEAN: VALUE will be the null terminated string "TRUE" or ++ * "FALSE" and LEN=5 or LEN=6. ++ * ++ * OBJECT IDENTIFIER: VALUE will be a null terminated string with ++ * each number separated by a dot (i.e. "1.2.3.543.1"). ++ * ++ * LEN = strlen(VALUE)+1 ++ * ++ * UTCTime: VALUE will be a null terminated string in one of these ++ * formats: "YYMMDDhhmmss+hh'mm'" or "YYMMDDhhmmss-hh'mm'". ++ * LEN=strlen(VALUE)+1. ++ * ++ * GeneralizedTime: VALUE will be a null terminated string in the ++ * same format used to set the value. ++ * ++ * OCTET STRING: VALUE will contain the octet string and LEN will be ++ * the number of octets. ++ * ++ * GeneralString: VALUE will contain the generalstring and LEN will ++ * be the number of octets. ++ * ++ * BIT STRING: VALUE will contain the bit string organized by bytes ++ * and LEN will be the number of bits. ++ * ++ * CHOICE: If NAME indicates a choice type, VALUE will specify the ++ * alternative selected. ++ * ++ * ANY: If NAME indicates an any type, VALUE will indicate the DER ++ * encoding of the structure actually used. ++ * ++ * Returns: %ASN1_SUCCESS if value is returned, ++ * %ASN1_ELEMENT_NOT_FOUND if @name is not a valid element, ++ * %ASN1_VALUE_NOT_FOUND if there isn't any value for the element ++ * selected, and %ASN1_MEM_ERROR if The value vector isn't big enough ++ * to store the result, and in this case @len will contain the number of ++ * bytes needed. On the occasion that the stored data are of zero-length ++ * this function may return %ASN1_SUCCESS even if the provided @len is zero. ++ **/ ++int ++asn1_read_value_type (asn1_node_const root, const char *name, void *ivalue, ++ int *len, unsigned int *etype) ++{ ++ asn1_node_const node, p, p2; ++ int len2, len3, result; ++ int value_size = *len; ++ unsigned char *value = ivalue; ++ unsigned type; ++ ++ node = asn1_find_node (root, name); ++ if (node == NULL) ++ return ASN1_ELEMENT_NOT_FOUND; ++ ++ type = type_field (node->type); ++ ++ if ((type != ASN1_ETYPE_NULL) && ++ (type != ASN1_ETYPE_CHOICE) && ++ !(node->type & CONST_DEFAULT) && !(node->type & CONST_ASSIGN) && ++ (node->value == NULL)) ++ return ASN1_VALUE_NOT_FOUND; ++ ++ if (etype) ++ *etype = type; ++ switch (type) ++ { ++ case ASN1_ETYPE_NULL: ++ PUT_STR_VALUE (value, value_size, "NULL"); ++ break; ++ case ASN1_ETYPE_BOOLEAN: ++ if ((node->type & CONST_DEFAULT) && (node->value == NULL)) ++ { ++ p = node->down; ++ while (type_field (p->type) != ASN1_ETYPE_DEFAULT) ++ p = p->right; ++ if (p->type & CONST_TRUE) ++ { ++ PUT_STR_VALUE (value, value_size, "TRUE"); ++ } ++ else ++ { ++ PUT_STR_VALUE (value, value_size, "FALSE"); ++ } ++ } ++ else if (node->value[0] == 'T') ++ { ++ PUT_STR_VALUE (value, value_size, "TRUE"); ++ } ++ else ++ { ++ PUT_STR_VALUE (value, value_size, "FALSE"); ++ } ++ break; ++ case ASN1_ETYPE_INTEGER: ++ case ASN1_ETYPE_ENUMERATED: ++ if ((node->type & CONST_DEFAULT) && (node->value == NULL)) ++ { ++ p = node->down; ++ while (type_field (p->type) != ASN1_ETYPE_DEFAULT) ++ p = p->right; ++ if ((c_isdigit (p->value[0])) || (p->value[0] == '-') ++ || (p->value[0] == '+')) ++ { ++ result = _asn1_convert_integer ++ (p->value, value, value_size, len); ++ if (result != ASN1_SUCCESS) ++ return result; ++ } ++ else ++ { /* is an identifier like v1 */ ++ p2 = node->down; ++ while (p2) ++ { ++ if (type_field (p2->type) == ASN1_ETYPE_CONSTANT) ++ { ++ if (!_asn1_strcmp (p2->name, p->value)) ++ { ++ result = _asn1_convert_integer ++ (p2->value, value, value_size, ++ len); ++ if (result != ASN1_SUCCESS) ++ return result; ++ break; ++ } ++ } ++ p2 = p2->right; ++ } ++ } ++ } ++ else ++ { ++ len2 = -1; ++ result = asn1_get_octet_der ++ (node->value, node->value_len, &len2, value, value_size, ++ len); ++ if (result != ASN1_SUCCESS) ++ return result; ++ } ++ break; ++ case ASN1_ETYPE_OBJECT_ID: ++ if (node->type & CONST_ASSIGN) ++ { ++ *len = 0; ++ if (value) ++ value[0] = 0; ++ p = node->down; ++ while (p) ++ { ++ if (type_field (p->type) == ASN1_ETYPE_CONSTANT) ++ { ++ ADD_STR_VALUE (value, value_size, p->value); ++ if (p->right) ++ { ++ ADD_STR_VALUE (value, value_size, "."); ++ } ++ } ++ p = p->right; ++ } ++ (*len)++; ++ } ++ else if ((node->type & CONST_DEFAULT) && (node->value == NULL)) ++ { ++ p = node->down; ++ while (type_field (p->type) != ASN1_ETYPE_DEFAULT) ++ p = p->right; ++ PUT_STR_VALUE (value, value_size, p->value); ++ } ++ else ++ { ++ PUT_STR_VALUE (value, value_size, node->value); ++ } ++ break; ++ case ASN1_ETYPE_GENERALIZED_TIME: ++ case ASN1_ETYPE_UTC_TIME: ++ PUT_AS_STR_VALUE (value, value_size, node->value, node->value_len); ++ break; ++ case ASN1_ETYPE_OCTET_STRING: ++ case ASN1_ETYPE_GENERALSTRING: ++ case ASN1_ETYPE_NUMERIC_STRING: ++ case ASN1_ETYPE_IA5_STRING: ++ case ASN1_ETYPE_TELETEX_STRING: ++ case ASN1_ETYPE_PRINTABLE_STRING: ++ case ASN1_ETYPE_UNIVERSAL_STRING: ++ case ASN1_ETYPE_BMP_STRING: ++ case ASN1_ETYPE_UTF8_STRING: ++ case ASN1_ETYPE_VISIBLE_STRING: ++ len2 = -1; ++ result = asn1_get_octet_der ++ (node->value, node->value_len, &len2, value, value_size, ++ len); ++ if (result != ASN1_SUCCESS) ++ return result; ++ break; ++ case ASN1_ETYPE_BIT_STRING: ++ len2 = -1; ++ result = asn1_get_bit_der ++ (node->value, node->value_len, &len2, value, value_size, ++ len); ++ if (result != ASN1_SUCCESS) ++ return result; ++ break; ++ case ASN1_ETYPE_CHOICE: ++ PUT_STR_VALUE (value, value_size, node->down->name); ++ break; ++ case ASN1_ETYPE_ANY: ++ len3 = -1; ++ len2 = asn1_get_length_der (node->value, node->value_len, &len3); ++ if (len2 < 0) ++ return ASN1_DER_ERROR; ++ PUT_VALUE (value, value_size, node->value + len3, len2); ++ break; ++ default: ++ return ASN1_ELEMENT_NOT_FOUND; ++ break; ++ } ++ return ASN1_SUCCESS; ++} ++ ++ ++/** ++ * asn1_read_tag: ++ * @root: pointer to a structure ++ * @name: the name of the element inside a structure. ++ * @tagValue: variable that will contain the TAG value. ++ * @classValue: variable that will specify the TAG type. ++ * ++ * Returns the TAG and the CLASS of one element inside a structure. ++ * CLASS can have one of these constants: %ASN1_CLASS_APPLICATION, ++ * %ASN1_CLASS_UNIVERSAL, %ASN1_CLASS_PRIVATE or ++ * %ASN1_CLASS_CONTEXT_SPECIFIC. ++ * ++ * Returns: %ASN1_SUCCESS if successful, %ASN1_ELEMENT_NOT_FOUND if ++ * @name is not a valid element. ++ **/ ++int ++asn1_read_tag (asn1_node_const root, const char *name, int *tagValue, ++ int *classValue) ++{ ++ asn1_node node, p, pTag; ++ ++ node = asn1_find_node (root, name); ++ if (node == NULL) ++ return ASN1_ELEMENT_NOT_FOUND; ++ ++ p = node->down; ++ ++ /* pTag will points to the IMPLICIT TAG */ ++ pTag = NULL; ++ if (node->type & CONST_TAG) ++ { ++ while (p) ++ { ++ if (type_field (p->type) == ASN1_ETYPE_TAG) ++ { ++ if ((p->type & CONST_IMPLICIT) && (pTag == NULL)) ++ pTag = p; ++ else if (p->type & CONST_EXPLICIT) ++ pTag = NULL; ++ } ++ p = p->right; ++ } ++ } ++ ++ if (pTag) ++ { ++ *tagValue = _asn1_strtoul (pTag->value, NULL, 10); ++ ++ if (pTag->type & CONST_APPLICATION) ++ *classValue = ASN1_CLASS_APPLICATION; ++ else if (pTag->type & CONST_UNIVERSAL) ++ *classValue = ASN1_CLASS_UNIVERSAL; ++ else if (pTag->type & CONST_PRIVATE) ++ *classValue = ASN1_CLASS_PRIVATE; ++ else ++ *classValue = ASN1_CLASS_CONTEXT_SPECIFIC; ++ } ++ else ++ { ++ unsigned type = type_field (node->type); ++ *classValue = ASN1_CLASS_UNIVERSAL; ++ ++ switch (type) ++ { ++ CASE_HANDLED_ETYPES: ++ *tagValue = _asn1_tags[type].tag; ++ break; ++ case ASN1_ETYPE_TAG: ++ case ASN1_ETYPE_CHOICE: ++ case ASN1_ETYPE_ANY: ++ *tagValue = -1; ++ break; ++ default: ++ break; ++ } ++ } ++ ++ return ASN1_SUCCESS; ++} ++ ++/** ++ * asn1_read_node_value: ++ * @node: pointer to a node. ++ * @data: a point to a asn1_data_node_st ++ * ++ * Returns the value a data node inside a asn1_node structure. ++ * The data returned should be handled as constant values. ++ * ++ * Returns: %ASN1_SUCCESS if the node exists. ++ **/ ++int ++asn1_read_node_value (asn1_node_const node, asn1_data_node_st * data) ++{ ++ data->name = node->name; ++ data->value = node->value; ++ data->value_len = node->value_len; ++ data->type = type_field (node->type); ++ ++ return ASN1_SUCCESS; ++} +diff --git a/grub-core/lib/libtasn1/lib/errors.c b/grub-core/lib/libtasn1/lib/errors.c +new file mode 100644 +index 000000000..cee74daf7 +--- /dev/null ++++ b/grub-core/lib/libtasn1/lib/errors.c +@@ -0,0 +1,100 @@ ++/* ++ * Copyright (C) 2002-2014 Free Software Foundation, Inc. ++ * ++ * This file is part of LIBTASN1. ++ * ++ * The LIBTASN1 library is free software; you can redistribute it ++ * and/or modify it under the terms of the GNU Lesser General Public ++ * License as published by the Free Software Foundation; either ++ * version 2.1 of the License, or (at your option) any later version. ++ * ++ * This library is distributed in the hope that it will be useful, but ++ * WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ * Lesser General Public License for more details. ++ * ++ * You should have received a copy of the GNU Lesser General Public ++ * License along with this library; if not, write to the Free Software ++ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA ++ * 02110-1301, USA ++ */ ++ ++#include ++#ifdef STDC_HEADERS ++#include ++#endif ++ ++#define LIBTASN1_ERROR_ENTRY(name) { #name, name } ++ ++struct libtasn1_error_entry ++{ ++ const char *name; ++ int number; ++}; ++typedef struct libtasn1_error_entry libtasn1_error_entry; ++ ++static const libtasn1_error_entry error_algorithms[] = { ++ LIBTASN1_ERROR_ENTRY (ASN1_SUCCESS), ++ LIBTASN1_ERROR_ENTRY (ASN1_FILE_NOT_FOUND), ++ LIBTASN1_ERROR_ENTRY (ASN1_ELEMENT_NOT_FOUND), ++ LIBTASN1_ERROR_ENTRY (ASN1_IDENTIFIER_NOT_FOUND), ++ LIBTASN1_ERROR_ENTRY (ASN1_DER_ERROR), ++ LIBTASN1_ERROR_ENTRY (ASN1_VALUE_NOT_FOUND), ++ LIBTASN1_ERROR_ENTRY (ASN1_GENERIC_ERROR), ++ LIBTASN1_ERROR_ENTRY (ASN1_VALUE_NOT_VALID), ++ LIBTASN1_ERROR_ENTRY (ASN1_TAG_ERROR), ++ LIBTASN1_ERROR_ENTRY (ASN1_TAG_IMPLICIT), ++ LIBTASN1_ERROR_ENTRY (ASN1_ERROR_TYPE_ANY), ++ LIBTASN1_ERROR_ENTRY (ASN1_SYNTAX_ERROR), ++ LIBTASN1_ERROR_ENTRY (ASN1_MEM_ERROR), ++ LIBTASN1_ERROR_ENTRY (ASN1_MEM_ALLOC_ERROR), ++ LIBTASN1_ERROR_ENTRY (ASN1_DER_OVERFLOW), ++ LIBTASN1_ERROR_ENTRY (ASN1_NAME_TOO_LONG), ++ LIBTASN1_ERROR_ENTRY (ASN1_ARRAY_ERROR), ++ LIBTASN1_ERROR_ENTRY (ASN1_ELEMENT_NOT_EMPTY), ++ LIBTASN1_ERROR_ENTRY (ASN1_TIME_ENCODING_ERROR), ++ LIBTASN1_ERROR_ENTRY (ASN1_RECURSION), ++ {0, 0} ++}; ++ ++/** ++ * asn1_perror: ++ * @error: is an error returned by a libtasn1 function. ++ * ++ * Prints a string to stderr with a description of an error. This ++ * function is like perror(). The only difference is that it accepts ++ * an error returned by a libtasn1 function. ++ * ++ * Since: 1.6 ++ **/ ++void ++asn1_perror (int error) ++{ ++ const char *str = asn1_strerror (error); ++ fprintf (stderr, "LIBTASN1 ERROR: %s\n", str ? str : "(null)"); ++} ++ ++/** ++ * asn1_strerror: ++ * @error: is an error returned by a libtasn1 function. ++ * ++ * Returns a string with a description of an error. This function is ++ * similar to strerror. The only difference is that it accepts an ++ * error (number) returned by a libtasn1 function. ++ * ++ * Returns: Pointer to static zero-terminated string describing error ++ * code. ++ * ++ * Since: 1.6 ++ **/ ++const char * ++asn1_strerror (int error) ++{ ++ const libtasn1_error_entry *p; ++ ++ for (p = error_algorithms; p->name != NULL; p++) ++ if (p->number == error) ++ return p->name + sizeof ("ASN1_") - 1; ++ ++ return NULL; ++} +diff --git a/grub-core/lib/libtasn1/lib/gstr.c b/grub-core/lib/libtasn1/lib/gstr.c +new file mode 100644 +index 000000000..e91a3a151 +--- /dev/null ++++ b/grub-core/lib/libtasn1/lib/gstr.c +@@ -0,0 +1,74 @@ ++/* ++ * Copyright (C) 2002-2014 Free Software Foundation, Inc. ++ * ++ * This file is part of LIBTASN1. ++ * ++ * The LIBTASN1 library is free software; you can redistribute it ++ * and/or modify it under the terms of the GNU Lesser General Public ++ * License as published by the Free Software Foundation; either ++ * version 2.1 of the License, or (at your option) any later version. ++ * ++ * This library is distributed in the hope that it will be useful, but ++ * WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ * Lesser General Public License for more details. ++ * ++ * You should have received a copy of the GNU Lesser General Public ++ * License along with this library; if not, write to the Free Software ++ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA ++ * 02110-1301, USA ++ */ ++ ++#include ++#include "gstr.h" ++ ++/* These function are like strcat, strcpy. They only ++ * do bounds checking (they shouldn't cause buffer overruns), ++ * and they always produce null terminated strings. ++ * ++ * They should be used only with null terminated strings. ++ */ ++void ++_asn1_str_cat (char *dest, size_t dest_tot_size, const char *src) ++{ ++ size_t str_size = strlen (src); ++ size_t dest_size = strlen (dest); ++ ++ if (dest_tot_size - dest_size > str_size) ++ { ++ strcat (dest, src); ++ } ++ else ++ { ++ if (dest_tot_size - dest_size > 0) ++ { ++ strncat (dest, src, (dest_tot_size - dest_size) - 1); ++ dest[dest_tot_size - 1] = 0; ++ } ++ } ++} ++ ++/* Returns the bytes copied (not including the null terminator) */ ++unsigned int ++_asn1_str_cpy (char *dest, size_t dest_tot_size, const char *src) ++{ ++ size_t str_size = strlen (src); ++ ++ if (dest_tot_size > str_size) ++ { ++ strcpy (dest, src); ++ return str_size; ++ } ++ else ++ { ++ if (dest_tot_size > 0) ++ { ++ str_size = dest_tot_size - 1; ++ memcpy (dest, src, str_size); ++ dest[str_size] = 0; ++ return str_size; ++ } ++ else ++ return 0; ++ } ++} +diff --git a/grub-core/lib/libtasn1/lib/parser_aux.c b/grub-core/lib/libtasn1/lib/parser_aux.c +new file mode 100644 +index 000000000..d5dbbf876 +--- /dev/null ++++ b/grub-core/lib/libtasn1/lib/parser_aux.c +@@ -0,0 +1,1173 @@ ++/* ++ * Copyright (C) 2000-2016 Free Software Foundation, Inc. ++ * ++ * This file is part of LIBTASN1. ++ * ++ * The LIBTASN1 library is free software; you can redistribute it ++ * and/or modify it under the terms of the GNU Lesser General Public ++ * License as published by the Free Software Foundation; either ++ * version 2.1 of the License, or (at your option) any later version. ++ * ++ * This library is distributed in the hope that it will be useful, but ++ * WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ * Lesser General Public License for more details. ++ * ++ * You should have received a copy of the GNU Lesser General Public ++ * License along with this library; if not, write to the Free Software ++ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA ++ * 02110-1301, USA ++ */ ++ ++#include // WORD_BIT ++ ++#include "int.h" ++#include "parser_aux.h" ++#include "gstr.h" ++#include "structure.h" ++#include "element.h" ++#include "c-ctype.h" ++ ++char _asn1_identifierMissing[ASN1_MAX_NAME_SIZE + 1]; /* identifier name not found */ ++ ++/* Return a hash of the N bytes of X using the method described by ++ Bruno Haible in https://www.haible.de/bruno/hashfunc.html. ++ Note that while many hash functions reduce their result via modulo ++ to a 0..table_size-1 range, this function does not do that. ++ ++ This implementation has been changed from size_t -> unsigned int. */ ++ ++#ifdef __clang__ ++__attribute__((no_sanitize("integer"))) ++#endif ++_GL_ATTRIBUTE_PURE ++static unsigned int ++_asn1_hash_name (const char *x) ++{ ++ const unsigned char *s = (unsigned char *) x; ++ unsigned h = 0; ++ ++ while (*s) ++ h = (*s++) + ((h << 9) | (h >> (WORD_BIT - 9))); ++ ++ return h; ++} ++ ++/******************************************************/ ++/* Function : _asn1_add_static_node */ ++/* Description: creates a new NODE_ASN element and */ ++/* puts it in the list pointed by e_list. */ ++/* Parameters: */ ++/* e_list: of type list_type; must be NULL initially */ ++/* type: type of the new element (see ASN1_ETYPE_ */ ++/* and CONST_ constants). */ ++/* Return: pointer to the new element. */ ++/******************************************************/ ++asn1_node ++_asn1_add_static_node (list_type **e_list, unsigned int type) ++{ ++ list_type *p; ++ asn1_node punt; ++ ++ punt = calloc (1, sizeof (struct asn1_node_st)); ++ if (punt == NULL) ++ return NULL; ++ ++ p = malloc (sizeof (list_type)); ++ if (p == NULL) ++ { ++ free (punt); ++ return NULL; ++ } ++ ++ p->node = punt; ++ p->next = *e_list; ++ *e_list = p; ++ ++ punt->type = type; ++ ++ return punt; ++} ++ ++static ++int _asn1_add_static_node2 (list_type **e_list, asn1_node node) ++{ ++ list_type *p; ++ ++ p = malloc (sizeof (list_type)); ++ if (p == NULL) ++ { ++ return -1; ++ } ++ ++ p->node = node; ++ p->next = *e_list; ++ *e_list = p; ++ ++ return 0; ++} ++ ++/** ++ * asn1_find_node: ++ * @pointer: NODE_ASN element pointer. ++ * @name: null terminated string with the element's name to find. ++ * ++ * Searches for an element called @name starting from @pointer. The ++ * name is composed by different identifiers separated by dots. When ++ * *@pointer has a name, the first identifier must be the name of ++ * *@pointer, otherwise it must be the name of one child of *@pointer. ++ * ++ * Returns: the search result, or %NULL if not found. ++ **/ ++asn1_node ++asn1_find_node (asn1_node_const pointer, const char *name) ++{ ++ asn1_node_const p; ++ char *n_end, n[ASN1_MAX_NAME_SIZE + 1]; ++ const char *n_start; ++ unsigned int nsize; ++ unsigned int nhash; ++ ++ if (pointer == NULL) ++ return NULL; ++ ++ if (name == NULL) ++ return NULL; ++ ++ p = pointer; ++ n_start = name; ++ ++ if (name[0] == '?' && name[1] == 'C' && p->name[0] == '?') ++ { /* ?CURRENT */ ++ n_start = strchr(n_start, '.'); ++ if (n_start) ++ n_start++; ++ } ++ else if (p->name[0] != 0) ++ { /* has *pointer got a name ? */ ++ n_end = strchr (n_start, '.'); /* search the first dot */ ++ if (n_end) ++ { ++ nsize = n_end - n_start; ++ if (nsize >= sizeof(n)) ++ return NULL; ++ ++ memcpy (n, n_start, nsize); ++ n[nsize] = 0; ++ n_start = n_end; ++ n_start++; ++ ++ nhash = _asn1_hash_name (n); ++ } ++ else ++ { ++ _asn1_str_cpy (n, sizeof (n), n_start); ++ nhash = _asn1_hash_name (n); ++ ++ n_start = NULL; ++ } ++ ++ while (p) ++ { ++ if (nhash == p->name_hash && (!strcmp (p->name, n))) ++ break; ++ else ++ p = p->right; ++ } /* while */ ++ ++ if (p == NULL) ++ return NULL; ++ } ++ else ++ { /* *pointer doesn't have a name */ ++ if (n_start[0] == 0) ++ return (asn1_node) p; ++ } ++ ++ while (n_start) ++ { /* Has the end of NAME been reached? */ ++ n_end = strchr (n_start, '.'); /* search the next dot */ ++ if (n_end) ++ { ++ nsize = n_end - n_start; ++ if (nsize >= sizeof(n)) ++ return NULL; ++ ++ memcpy (n, n_start, nsize); ++ n[nsize] = 0; ++ n_start = n_end; ++ n_start++; ++ ++ nhash = _asn1_hash_name (n); ++ } ++ else ++ { ++ _asn1_str_cpy (n, sizeof (n), n_start); ++ nhash = _asn1_hash_name (n); ++ n_start = NULL; ++ } ++ ++ if (p->down == NULL) ++ return NULL; ++ ++ p = p->down; ++ if (p == NULL) ++ return NULL; ++ ++ /* The identifier "?LAST" indicates the last element ++ in the right chain. */ ++ if (n[0] == '?' && n[1] == 'L') /* ?LAST */ ++ { ++ while (p->right) ++ p = p->right; ++ } ++ else ++ { /* no "?LAST" */ ++ while (p) ++ { ++ if (p->name_hash == nhash && !strcmp (p->name, n)) ++ break; ++ else ++ p = p->right; ++ } ++ } ++ if (p == NULL) ++ return NULL; ++ } /* while */ ++ ++ return (asn1_node) p; ++} ++ ++ ++/******************************************************************/ ++/* Function : _asn1_set_value */ ++/* Description: sets the field VALUE in a NODE_ASN element. The */ ++/* previous value (if exist) will be lost */ ++/* Parameters: */ ++/* node: element pointer. */ ++/* value: pointer to the value that you want to set. */ ++/* len: character number of value. */ ++/* Return: pointer to the NODE_ASN element. */ ++/******************************************************************/ ++asn1_node ++_asn1_set_value (asn1_node node, const void *value, unsigned int len) ++{ ++ if (node == NULL) ++ return node; ++ if (node->value) ++ { ++ if (node->value != node->small_value) ++ free (node->value); ++ node->value = NULL; ++ node->value_len = 0; ++ } ++ ++ if (!len) ++ return node; ++ ++ if (len < sizeof (node->small_value)) ++ { ++ node->value = node->small_value; ++ } ++ else ++ { ++ node->value = malloc (len); ++ if (node->value == NULL) ++ return NULL; ++ } ++ node->value_len = len; ++ ++ memcpy (node->value, value, len); ++ return node; ++} ++ ++/******************************************************************/ ++/* Function : _asn1_set_value_lv */ ++/* Description: sets the field VALUE in a NODE_ASN element. The */ ++/* previous value (if exist) will be lost. The value */ ++/* given is stored as an length-value format (LV */ ++/* Parameters: */ ++/* node: element pointer. */ ++/* value: pointer to the value that you want to set. */ ++/* len: character number of value. */ ++/* Return: pointer to the NODE_ASN element. */ ++/******************************************************************/ ++asn1_node ++_asn1_set_value_lv (asn1_node node, const void *value, unsigned int len) ++{ ++ int len2; ++ void *temp; ++ ++ if (node == NULL) ++ return node; ++ ++ asn1_length_der (len, NULL, &len2); ++ temp = malloc (len + len2); ++ if (temp == NULL) ++ return NULL; ++ ++ asn1_octet_der (value, len, temp, &len2); ++ return _asn1_set_value_m (node, temp, len2); ++} ++ ++/* the same as _asn1_set_value except that it sets an already malloc'ed ++ * value. ++ */ ++asn1_node ++_asn1_set_value_m (asn1_node node, void *value, unsigned int len) ++{ ++ if (node == NULL) ++ return node; ++ ++ if (node->value) ++ { ++ if (node->value != node->small_value) ++ free (node->value); ++ node->value = NULL; ++ node->value_len = 0; ++ } ++ ++ if (!len) ++ return node; ++ ++ node->value = value; ++ node->value_len = len; ++ ++ return node; ++} ++ ++/******************************************************************/ ++/* Function : _asn1_append_value */ ++/* Description: appends to the field VALUE in a NODE_ASN element. */ ++/* */ ++/* Parameters: */ ++/* node: element pointer. */ ++/* value: pointer to the value that you want to be appended. */ ++/* len: character number of value. */ ++/* Return: pointer to the NODE_ASN element. */ ++/******************************************************************/ ++asn1_node ++_asn1_append_value (asn1_node node, const void *value, unsigned int len) ++{ ++ if (node == NULL) ++ return node; ++ ++ if (node->value == NULL) ++ return _asn1_set_value (node, value, len); ++ ++ if (len == 0) ++ return node; ++ ++ if (node->value == node->small_value) ++ { ++ /* value is in node */ ++ int prev_len = node->value_len; ++ node->value_len += len; ++ node->value = malloc (node->value_len); ++ if (node->value == NULL) ++ { ++ node->value_len = 0; ++ return NULL; ++ } ++ ++ if (prev_len > 0) ++ memcpy (node->value, node->small_value, prev_len); ++ ++ memcpy (&node->value[prev_len], value, len); ++ ++ return node; ++ } ++ else /* if (node->value != NULL && node->value != node->small_value) */ ++ { ++ /* value is allocated */ ++ int prev_len = node->value_len; ++ node->value_len += len; ++ ++ node->value = _asn1_realloc (node->value, node->value_len); ++ if (node->value == NULL) ++ { ++ node->value_len = 0; ++ return NULL; ++ } ++ ++ memcpy (&node->value[prev_len], value, len); ++ ++ return node; ++ } ++} ++ ++/******************************************************************/ ++/* Function : _asn1_set_name */ ++/* Description: sets the field NAME in a NODE_ASN element. The */ ++/* previous value (if exist) will be lost */ ++/* Parameters: */ ++/* node: element pointer. */ ++/* name: a null terminated string with the name that you want */ ++/* to set. */ ++/* Return: pointer to the NODE_ASN element. */ ++/******************************************************************/ ++asn1_node ++_asn1_set_name (asn1_node node, const char *name) ++{ ++ if (node == NULL) ++ return node; ++ ++ _asn1_str_cpy (node->name, sizeof (node->name), name ? name : ""); ++ node->name_hash = _asn1_hash_name (node->name); ++ ++ return node; ++} ++ ++/******************************************************************/ ++/* Function : _asn1_cpy_name */ ++/* Description: copies the field NAME in a NODE_ASN element. */ ++/* Parameters: */ ++/* dst: a dest element pointer. */ ++/* src: a source element pointer. */ ++/* Return: pointer to the NODE_ASN element. */ ++/******************************************************************/ ++asn1_node ++_asn1_cpy_name (asn1_node dst, asn1_node_const src) ++{ ++ if (dst == NULL) ++ return dst; ++ ++ if (src == NULL) ++ { ++ dst->name[0] = 0; ++ dst->name_hash = _asn1_hash_name (dst->name); ++ return dst; ++ } ++ ++ _asn1_str_cpy (dst->name, sizeof (dst->name), src->name); ++ dst->name_hash = src->name_hash; ++ ++ return dst; ++} ++ ++/******************************************************************/ ++/* Function : _asn1_set_right */ ++/* Description: sets the field RIGHT in a NODE_ASN element. */ ++/* Parameters: */ ++/* node: element pointer. */ ++/* right: pointer to a NODE_ASN element that you want be pointed*/ ++/* by NODE. */ ++/* Return: pointer to *NODE. */ ++/******************************************************************/ ++asn1_node ++_asn1_set_right (asn1_node node, asn1_node right) ++{ ++ if (node == NULL) ++ return node; ++ node->right = right; ++ if (right) ++ right->left = node; ++ return node; ++} ++ ++ ++/******************************************************************/ ++/* Function : _asn1_get_last_right */ ++/* Description: return the last element along the right chain. */ ++/* Parameters: */ ++/* node: starting element pointer. */ ++/* Return: pointer to the last element along the right chain. */ ++/******************************************************************/ ++asn1_node ++_asn1_get_last_right (asn1_node_const node) ++{ ++ asn1_node_const p; ++ ++ if (node == NULL) ++ return NULL; ++ p = node; ++ while (p->right) ++ p = p->right; ++ return (asn1_node) p; ++} ++ ++/******************************************************************/ ++/* Function : _asn1_remove_node */ ++/* Description: gets free the memory allocated for an NODE_ASN */ ++/* element (not the elements pointed by it). */ ++/* Parameters: */ ++/* node: NODE_ASN element pointer. */ ++/* flags: ASN1_DELETE_FLAG_* */ ++/******************************************************************/ ++void ++_asn1_remove_node (asn1_node node, unsigned int flags) ++{ ++ if (node == NULL) ++ return; ++ ++ if (node->value != NULL) ++ { ++ if (flags & ASN1_DELETE_FLAG_ZEROIZE) ++ { ++ safe_memset(node->value, 0, node->value_len); ++ } ++ ++ if (node->value != node->small_value) ++ free (node->value); ++ } ++ free (node); ++} ++ ++/******************************************************************/ ++/* Function : _asn1_find_up */ ++/* Description: return the father of the NODE_ASN element. */ ++/* Parameters: */ ++/* node: NODE_ASN element pointer. */ ++/* Return: Null if not found. */ ++/******************************************************************/ ++asn1_node ++_asn1_find_up (asn1_node_const node) ++{ ++ asn1_node_const p; ++ ++ if (node == NULL) ++ return NULL; ++ ++ p = node; ++ ++ while ((p->left != NULL) && (p->left->right == p)) ++ p = p->left; ++ ++ return p->left; ++} ++ ++static ++unsigned _asn1_is_up (asn1_node_const up_cand, asn1_node_const down) ++{ ++ asn1_node_const d, u; ++ ++ if (up_cand == NULL || down == NULL) ++ return 0; ++ ++ d = down; ++ ++ while ((u = _asn1_find_up(d)) != NULL && u != d) ++ { ++ if (u == up_cand) ++ return 1; ++ d = u; ++ } ++ ++ return 0; ++} ++ ++/******************************************************************/ ++/* Function : _asn1_delete_node_from_list */ ++/* Description: deletes the list element given */ ++/******************************************************************/ ++void ++_asn1_delete_node_from_list (list_type *list, asn1_node node) ++{ ++ list_type *p = list; ++ ++ while (p) ++ { ++ if (p->node == node) ++ p->node = NULL; ++ p = p->next; ++ } ++} ++ ++/******************************************************************/ ++/* Function : _asn1_delete_list */ ++/* Description: deletes the list elements (not the elements */ ++/* pointed by them). */ ++/******************************************************************/ ++void ++_asn1_delete_list (list_type *e_list) ++{ ++ list_type *p; ++ ++ while (e_list) ++ { ++ p = e_list; ++ e_list = e_list->next; ++ free (p); ++ } ++} ++ ++/******************************************************************/ ++/* Function : _asn1_delete_list_and nodes */ ++/* Description: deletes the list elements and the elements */ ++/* pointed by them. */ ++/******************************************************************/ ++void ++_asn1_delete_list_and_nodes (list_type *e_list) ++{ ++ list_type *p; ++ ++ while (e_list) ++ { ++ p = e_list; ++ e_list = e_list->next; ++ _asn1_remove_node (p->node, 0); ++ free (p); ++ } ++} ++ ++ ++char * ++_asn1_ltostr (int64_t v, char str[LTOSTR_MAX_SIZE]) ++{ ++ uint64_t d, r; ++ char temp[LTOSTR_MAX_SIZE]; ++ int count, k, start; ++ uint64_t val; ++ ++ if (v < 0) ++ { ++ str[0] = '-'; ++ start = 1; ++ val = -((uint64_t)v); ++ } ++ else ++ { ++ val = v; ++ start = 0; ++ } ++ ++ count = 0; ++ do ++ { ++ d = val / 10; ++ r = val - d * 10; ++ temp[start + count] = '0' + (char) r; ++ count++; ++ val = d; ++ } ++ while (val && ((start+count) < LTOSTR_MAX_SIZE-1)); ++ ++ for (k = 0; k < count; k++) ++ str[k + start] = temp[start + count - k - 1]; ++ str[count + start] = 0; ++ return str; ++} ++ ++ ++/******************************************************************/ ++/* Function : _asn1_change_integer_value */ ++/* Description: converts into DER coding the value assign to an */ ++/* INTEGER constant. */ ++/* Parameters: */ ++/* node: root of an ASN1element. */ ++/* Return: */ ++/* ASN1_ELEMENT_NOT_FOUND if NODE is NULL, */ ++/* otherwise ASN1_SUCCESS */ ++/******************************************************************/ ++int ++_asn1_change_integer_value (asn1_node node) ++{ ++ asn1_node p; ++ unsigned char val[SIZEOF_UNSIGNED_LONG_INT]; ++ unsigned char val2[SIZEOF_UNSIGNED_LONG_INT + 1]; ++ int len; ++ ++ if (node == NULL) ++ return ASN1_ELEMENT_NOT_FOUND; ++ ++ p = node; ++ while (p) ++ { ++ if ((type_field (p->type) == ASN1_ETYPE_INTEGER) ++ && (p->type & CONST_ASSIGN)) ++ { ++ if (p->value) ++ { ++ _asn1_convert_integer (p->value, val, sizeof (val), &len); ++ asn1_octet_der (val, len, val2, &len); ++ _asn1_set_value (p, val2, len); ++ } ++ } ++ ++ if (p->down) ++ { ++ p = p->down; ++ } ++ else ++ { ++ if (p == node) ++ p = NULL; ++ else if (p->right) ++ p = p->right; ++ else ++ { ++ while (1) ++ { ++ p = _asn1_find_up (p); ++ if (p == node) ++ { ++ p = NULL; ++ break; ++ } ++ if (p && p->right) ++ { ++ p = p->right; ++ break; ++ } ++ } ++ } ++ } ++ } ++ ++ return ASN1_SUCCESS; ++} ++ ++#define MAX_CONSTANTS 1024 ++/******************************************************************/ ++/* Function : _asn1_expand_object_id */ ++/* Description: expand the IDs of an OBJECT IDENTIFIER constant. */ ++/* Parameters: */ ++/* list: root of an object list */ ++/* node: root of an ASN1 element. */ ++/* Return: */ ++/* ASN1_ELEMENT_NOT_FOUND if NODE is NULL, */ ++/* otherwise ASN1_SUCCESS */ ++/******************************************************************/ ++int ++_asn1_expand_object_id (list_type **list, asn1_node node) ++{ ++ asn1_node p, p2, p3, p4, p5; ++ char name_root[ASN1_MAX_NAME_SIZE], name2[2 * ASN1_MAX_NAME_SIZE + 1]; ++ int move, tlen, tries; ++ unsigned max_constants; ++ ++ if (node == NULL) ++ return ASN1_ELEMENT_NOT_FOUND; ++ ++ _asn1_str_cpy (name_root, sizeof (name_root), node->name); ++ ++ p = node; ++ move = DOWN; ++ tries = 0; ++ ++ while (!((p == node) && (move == UP))) ++ { ++ if (move != UP) ++ { ++ if ((type_field (p->type) == ASN1_ETYPE_OBJECT_ID) ++ && (p->type & CONST_ASSIGN)) ++ { ++ p2 = p->down; ++ if (p2 && (type_field (p2->type) == ASN1_ETYPE_CONSTANT)) ++ { ++ if (p2->value && !c_isdigit (p2->value[0])) ++ { ++ _asn1_str_cpy (name2, sizeof (name2), name_root); ++ _asn1_str_cat (name2, sizeof (name2), "."); ++ _asn1_str_cat (name2, sizeof (name2), (char *) p2->value); ++ p3 = asn1_find_node (node, name2); ++ if (!p3 || _asn1_is_up(p2, p3) || ++ (type_field (p3->type) != ASN1_ETYPE_OBJECT_ID) || ++ !(p3->type & CONST_ASSIGN)) ++ return ASN1_ELEMENT_NOT_FOUND; ++ ++ _asn1_set_down (p, p2->right); ++ if (p2->down) ++ _asn1_delete_structure (*list, &p2->down, 0); ++ _asn1_delete_node_from_list(*list, p2); ++ _asn1_remove_node (p2, 0); ++ p2 = p; ++ p4 = p3->down; ++ max_constants = 0; ++ while (p4) ++ { ++ if (type_field (p4->type) == ASN1_ETYPE_CONSTANT) ++ { ++ max_constants++; ++ if (max_constants == MAX_CONSTANTS) ++ return ASN1_RECURSION; ++ ++ p5 = ++ _asn1_add_single_node (ASN1_ETYPE_CONSTANT); ++ _asn1_set_name (p5, p4->name); ++ if (p4->value) ++ { ++ tlen = _asn1_strlen (p4->value); ++ if (tlen > 0) ++ _asn1_set_value (p5, p4->value, tlen + 1); ++ } ++ _asn1_add_static_node2(list, p5); ++ ++ if (p2 == p) ++ { ++ _asn1_set_right (p5, p->down); ++ _asn1_set_down (p, p5); ++ } ++ else ++ { ++ _asn1_set_right (p5, p2->right); ++ _asn1_set_right (p2, p5); ++ } ++ p2 = p5; ++ } ++ p4 = p4->right; ++ } ++ move = DOWN; ++ ++ tries++; ++ if (tries >= EXPAND_OBJECT_ID_MAX_RECURSION) ++ return ASN1_RECURSION; ++ ++ continue; ++ } ++ } ++ } ++ move = DOWN; ++ } ++ else ++ move = RIGHT; ++ ++ tries = 0; ++ if (move == DOWN) ++ { ++ if (p->down) ++ p = p->down; ++ else ++ move = RIGHT; ++ } ++ ++ if (p == node) ++ { ++ move = UP; ++ continue; ++ } ++ ++ if (move == RIGHT) ++ { ++ if (p && p->right) ++ p = p->right; ++ else ++ move = UP; ++ } ++ if (move == UP) ++ p = _asn1_find_up (p); ++ } ++ ++ /*******************************/ ++ /* expand DEFAULT */ ++ /*******************************/ ++ p = node; ++ move = DOWN; ++ ++ while (!((p == node) && (move == UP))) ++ { ++ if (move != UP) ++ { ++ if ((type_field (p->type) == ASN1_ETYPE_OBJECT_ID) && ++ (p->type & CONST_DEFAULT)) ++ { ++ p2 = p->down; ++ if (p2 && (type_field (p2->type) == ASN1_ETYPE_DEFAULT)) ++ { ++ _asn1_str_cpy (name2, sizeof (name2), name_root); ++ _asn1_str_cat (name2, sizeof (name2), "."); ++ if (p2->value) ++ _asn1_str_cat (name2, sizeof (name2), (char *) p2->value); ++ p3 = asn1_find_node (node, name2); ++ if (!p3 || (type_field (p3->type) != ASN1_ETYPE_OBJECT_ID) ++ || !(p3->type & CONST_ASSIGN)) ++ return ASN1_ELEMENT_NOT_FOUND; ++ p4 = p3->down; ++ name2[0] = 0; ++ while (p4) ++ { ++ if (type_field (p4->type) == ASN1_ETYPE_CONSTANT) ++ { ++ if (p4->value == NULL) ++ return ASN1_VALUE_NOT_FOUND; ++ ++ if (name2[0]) ++ _asn1_str_cat (name2, sizeof (name2), "."); ++ _asn1_str_cat (name2, sizeof (name2), ++ (char *) p4->value); ++ } ++ p4 = p4->right; ++ } ++ tlen = strlen (name2); ++ if (tlen > 0) ++ _asn1_set_value (p2, name2, tlen + 1); ++ } ++ } ++ move = DOWN; ++ } ++ else ++ move = RIGHT; ++ ++ if (move == DOWN) ++ { ++ if (p->down) ++ p = p->down; ++ else ++ move = RIGHT; ++ } ++ ++ if (p == node) ++ { ++ move = UP; ++ continue; ++ } ++ ++ if (move == RIGHT) ++ { ++ if (p && p->right) ++ p = p->right; ++ else ++ move = UP; ++ } ++ if (move == UP) ++ p = _asn1_find_up (p); ++ } ++ ++ return ASN1_SUCCESS; ++} ++ ++ ++/******************************************************************/ ++/* Function : _asn1_type_set_config */ ++/* Description: sets the CONST_SET and CONST_NOT_USED properties */ ++/* in the fields of the SET elements. */ ++/* Parameters: */ ++/* node: root of an ASN1 element. */ ++/* Return: */ ++/* ASN1_ELEMENT_NOT_FOUND if NODE is NULL, */ ++/* otherwise ASN1_SUCCESS */ ++/******************************************************************/ ++int ++_asn1_type_set_config (asn1_node node) ++{ ++ asn1_node p, p2; ++ int move; ++ ++ if (node == NULL) ++ return ASN1_ELEMENT_NOT_FOUND; ++ ++ p = node; ++ move = DOWN; ++ ++ while (!((p == node) && (move == UP))) ++ { ++ if (move != UP) ++ { ++ if (type_field (p->type) == ASN1_ETYPE_SET) ++ { ++ p2 = p->down; ++ while (p2) ++ { ++ if (type_field (p2->type) != ASN1_ETYPE_TAG) ++ p2->type |= CONST_SET | CONST_NOT_USED; ++ p2 = p2->right; ++ } ++ } ++ move = DOWN; ++ } ++ else ++ move = RIGHT; ++ ++ if (move == DOWN) ++ { ++ if (p->down) ++ p = p->down; ++ else ++ move = RIGHT; ++ } ++ ++ if (p == node) ++ { ++ move = UP; ++ continue; ++ } ++ ++ if (move == RIGHT) ++ { ++ if (p && p->right) ++ p = p->right; ++ else ++ move = UP; ++ } ++ if (move == UP) ++ p = _asn1_find_up (p); ++ } ++ ++ return ASN1_SUCCESS; ++} ++ ++ ++/******************************************************************/ ++/* Function : _asn1_check_identifier */ ++/* Description: checks the definitions of all the identifiers */ ++/* and the first element of an OBJECT_ID (e.g. {pkix 0 4}). */ ++/* The _asn1_identifierMissing global variable is filled if */ ++/* necessary. */ ++/* Parameters: */ ++/* node: root of an ASN1 element. */ ++/* Return: */ ++/* ASN1_ELEMENT_NOT_FOUND if NODE is NULL, */ ++/* ASN1_IDENTIFIER_NOT_FOUND if an identifier is not defined, */ ++/* otherwise ASN1_SUCCESS */ ++/******************************************************************/ ++int ++_asn1_check_identifier (asn1_node_const node) ++{ ++ asn1_node_const p, p2; ++ char name2[ASN1_MAX_NAME_SIZE * 2 + 2]; ++ ++ if (node == NULL) ++ return ASN1_ELEMENT_NOT_FOUND; ++ ++ p = node; ++ while (p) ++ { ++ if (p->value && type_field (p->type) == ASN1_ETYPE_IDENTIFIER) ++ { ++ _asn1_str_cpy (name2, sizeof (name2), node->name); ++ _asn1_str_cat (name2, sizeof (name2), "."); ++ _asn1_str_cat (name2, sizeof (name2), (char *) p->value); ++ p2 = asn1_find_node (node, name2); ++ if (p2 == NULL) ++ { ++ if (p->value) ++ _asn1_str_cpy (_asn1_identifierMissing, sizeof(_asn1_identifierMissing), (char*)p->value); ++ else ++ _asn1_strcpy (_asn1_identifierMissing, "(null)"); ++ return ASN1_IDENTIFIER_NOT_FOUND; ++ } ++ } ++ else if ((type_field (p->type) == ASN1_ETYPE_OBJECT_ID) && ++ (p->type & CONST_DEFAULT)) ++ { ++ p2 = p->down; ++ if (p2 && (type_field (p2->type) == ASN1_ETYPE_DEFAULT)) ++ { ++ _asn1_str_cpy (name2, sizeof (name2), node->name); ++ if (p2->value) ++ { ++ _asn1_str_cat (name2, sizeof (name2), "."); ++ _asn1_str_cat (name2, sizeof (name2), (char *) p2->value); ++ _asn1_str_cpy (_asn1_identifierMissing, sizeof(_asn1_identifierMissing), (char*)p2->value); ++ } ++ else ++ _asn1_strcpy (_asn1_identifierMissing, "(null)"); ++ ++ p2 = asn1_find_node (node, name2); ++ if (!p2 || (type_field (p2->type) != ASN1_ETYPE_OBJECT_ID) || ++ !(p2->type & CONST_ASSIGN)) ++ return ASN1_IDENTIFIER_NOT_FOUND; ++ else ++ _asn1_identifierMissing[0] = 0; ++ } ++ } ++ else if ((type_field (p->type) == ASN1_ETYPE_OBJECT_ID) && ++ (p->type & CONST_ASSIGN)) ++ { ++ p2 = p->down; ++ if (p2 && (type_field (p2->type) == ASN1_ETYPE_CONSTANT)) ++ { ++ if (p2->value && !c_isdigit (p2->value[0])) ++ { ++ _asn1_str_cpy (name2, sizeof (name2), node->name); ++ _asn1_str_cat (name2, sizeof (name2), "."); ++ _asn1_str_cat (name2, sizeof (name2), (char *) p2->value); ++ _asn1_str_cpy (_asn1_identifierMissing, sizeof(_asn1_identifierMissing), (char*)p2->value); ++ ++ p2 = asn1_find_node (node, name2); ++ if (!p2 || (type_field (p2->type) != ASN1_ETYPE_OBJECT_ID) ++ || !(p2->type & CONST_ASSIGN)) ++ return ASN1_IDENTIFIER_NOT_FOUND; ++ else ++ _asn1_identifierMissing[0] = 0; ++ } ++ } ++ } ++ ++ if (p->down) ++ { ++ p = p->down; ++ } ++ else if (p->right) ++ p = p->right; ++ else ++ { ++ while (p) ++ { ++ p = _asn1_find_up (p); ++ if (p == node) ++ { ++ p = NULL; ++ break; ++ } ++ if (p && p->right) ++ { ++ p = p->right; ++ break; ++ } ++ } ++ } ++ } ++ ++ return ASN1_SUCCESS; ++} ++ ++ ++/******************************************************************/ ++/* Function : _asn1_set_default_tag */ ++/* Description: sets the default IMPLICIT or EXPLICIT property in */ ++/* the tagged elements that don't have this declaration. */ ++/* Parameters: */ ++/* node: pointer to a DEFINITIONS element. */ ++/* Return: */ ++/* ASN1_ELEMENT_NOT_FOUND if NODE is NULL or not a pointer to */ ++/* a DEFINITIONS element, */ ++/* otherwise ASN1_SUCCESS */ ++/******************************************************************/ ++int ++_asn1_set_default_tag (asn1_node node) ++{ ++ asn1_node p; ++ ++ if ((node == NULL) || (type_field (node->type) != ASN1_ETYPE_DEFINITIONS)) ++ return ASN1_ELEMENT_NOT_FOUND; ++ ++ p = node; ++ while (p) ++ { ++ if ((type_field (p->type) == ASN1_ETYPE_TAG) && ++ !(p->type & CONST_EXPLICIT) && !(p->type & CONST_IMPLICIT)) ++ { ++ if (node->type & CONST_EXPLICIT) ++ p->type |= CONST_EXPLICIT; ++ else ++ p->type |= CONST_IMPLICIT; ++ } ++ ++ if (p->down) ++ { ++ p = p->down; ++ } ++ else if (p->right) ++ p = p->right; ++ else ++ { ++ while (1) ++ { ++ p = _asn1_find_up (p); ++ if (p == node) ++ { ++ p = NULL; ++ break; ++ } ++ if (p && p->right) ++ { ++ p = p->right; ++ break; ++ } ++ } ++ } ++ } ++ ++ return ASN1_SUCCESS; ++} +diff --git a/grub-core/lib/libtasn1/lib/structure.c b/grub-core/lib/libtasn1/lib/structure.c +new file mode 100644 +index 000000000..8189c56a4 +--- /dev/null ++++ b/grub-core/lib/libtasn1/lib/structure.c +@@ -0,0 +1,1220 @@ ++/* ++ * Copyright (C) 2002-2014 Free Software Foundation, Inc. ++ * ++ * This file is part of LIBTASN1. ++ * ++ * The LIBTASN1 library is free software; you can redistribute it ++ * and/or modify it under the terms of the GNU Lesser General Public ++ * License as published by the Free Software Foundation; either ++ * version 2.1 of the License, or (at your option) any later version. ++ * ++ * This library is distributed in the hope that it will be useful, but ++ * WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ * Lesser General Public License for more details. ++ * ++ * You should have received a copy of the GNU Lesser General Public ++ * License along with this library; if not, write to the Free Software ++ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA ++ * 02110-1301, USA ++ */ ++ ++ ++/*****************************************************/ ++/* File: structure.c */ ++/* Description: Functions to create and delete an */ ++/* ASN1 tree. */ ++/*****************************************************/ ++ ++ ++#include ++#include ++#include "parser_aux.h" ++#include ++ ++ ++extern char _asn1_identifierMissing[]; ++ ++ ++/******************************************************/ ++/* Function : _asn1_add_single_node */ ++/* Description: creates a new NODE_ASN element. */ ++/* Parameters: */ ++/* type: type of the new element (see ASN1_ETYPE_ */ ++/* and CONST_ constants). */ ++/* Return: pointer to the new element. */ ++/******************************************************/ ++asn1_node ++_asn1_add_single_node (unsigned int type) ++{ ++ asn1_node punt; ++ ++ punt = calloc (1, sizeof (struct asn1_node_st)); ++ if (punt == NULL) ++ return NULL; ++ ++ punt->type = type; ++ ++ return punt; ++} ++ ++ ++/******************************************************************/ ++/* Function : _asn1_find_left */ ++/* Description: returns the NODE_ASN element with RIGHT field that*/ ++/* points the element NODE. */ ++/* Parameters: */ ++/* node: NODE_ASN element pointer. */ ++/* Return: NULL if not found. */ ++/******************************************************************/ ++asn1_node ++_asn1_find_left (asn1_node_const node) ++{ ++ if ((node == NULL) || (node->left == NULL) || (node->left->down == node)) ++ return NULL; ++ ++ return node->left; ++} ++ ++ ++int ++_asn1_create_static_structure (asn1_node_const pointer, char *output_file_name, ++ char *vector_name) ++{ ++ FILE *file; ++ asn1_node_const p; ++ unsigned long t; ++ ++ file = fopen (output_file_name, "w"); ++ ++ if (file == NULL) ++ return ASN1_FILE_NOT_FOUND; ++ ++ fprintf (file, "#if HAVE_CONFIG_H\n"); ++ fprintf (file, "# include \"config.h\"\n"); ++ fprintf (file, "#endif\n\n"); ++ ++ fprintf (file, "#include \n\n"); ++ ++ fprintf (file, "const asn1_static_node %s[] = {\n", vector_name); ++ ++ p = pointer; ++ ++ while (p) ++ { ++ fprintf (file, " { "); ++ ++ if (p->name[0] != 0) ++ fprintf (file, "\"%s\", ", p->name); ++ else ++ fprintf (file, "NULL, "); ++ ++ t = p->type; ++ if (p->down) ++ t |= CONST_DOWN; ++ if (p->right) ++ t |= CONST_RIGHT; ++ ++ fprintf (file, "%lu, ", t); ++ ++ if (p->value) ++ fprintf (file, "\"%s\"},\n", p->value); ++ else ++ fprintf (file, "NULL },\n"); ++ ++ if (p->down) ++ { ++ p = p->down; ++ } ++ else if (p->right) ++ { ++ p = p->right; ++ } ++ else ++ { ++ while (1) ++ { ++ p = _asn1_find_up (p); ++ if (p == pointer) ++ { ++ p = NULL; ++ break; ++ } ++ if (p->right) ++ { ++ p = p->right; ++ break; ++ } ++ } ++ } ++ } ++ ++ fprintf (file, " { NULL, 0, NULL }\n};\n"); ++ ++ fclose (file); ++ ++ return ASN1_SUCCESS; ++} ++ ++ ++/** ++ * asn1_array2tree: ++ * @array: specify the array that contains ASN.1 declarations ++ * @definitions: return the pointer to the structure created by ++ * *ARRAY ASN.1 declarations ++ * @errorDescription: return the error description. ++ * ++ * Creates the structures needed to manage the ASN.1 definitions. ++ * @array is a vector created by asn1_parser2array(). ++ * ++ * Returns: %ASN1_SUCCESS if structure was created correctly, ++ * %ASN1_ELEMENT_NOT_EMPTY if *@definitions not NULL, ++ * %ASN1_IDENTIFIER_NOT_FOUND if in the file there is an identifier ++ * that is not defined (see @errorDescription for more information), ++ * %ASN1_ARRAY_ERROR if the array pointed by @array is wrong. ++ **/ ++int ++asn1_array2tree (const asn1_static_node * array, asn1_node * definitions, ++ char *errorDescription) ++{ ++ asn1_node p, p_last = NULL; ++ unsigned long k; ++ int move; ++ int result; ++ unsigned int type; ++ list_type *e_list = NULL; ++ ++ if (errorDescription) ++ errorDescription[0] = 0; ++ ++ if (*definitions != NULL) ++ return ASN1_ELEMENT_NOT_EMPTY; ++ ++ move = UP; ++ ++ for (k = 0; array[k].value || array[k].type || array[k].name; k++) ++ { ++ type = convert_old_type (array[k].type); ++ ++ p = _asn1_add_static_node (&e_list, type & (~CONST_DOWN)); ++ if (array[k].name) ++ _asn1_set_name (p, array[k].name); ++ if (array[k].value) ++ _asn1_set_value (p, array[k].value, strlen (array[k].value) + 1); ++ ++ if (*definitions == NULL) ++ *definitions = p; ++ ++ if (move == DOWN) ++ { ++ if (p_last && p_last->down) ++ _asn1_delete_structure (e_list, &p_last->down, 0); ++ _asn1_set_down (p_last, p); ++ } ++ else if (move == RIGHT) ++ { ++ if (p_last && p_last->right) ++ _asn1_delete_structure (e_list, &p_last->right, 0); ++ _asn1_set_right (p_last, p); ++ } ++ ++ p_last = p; ++ ++ if (type & CONST_DOWN) ++ move = DOWN; ++ else if (type & CONST_RIGHT) ++ move = RIGHT; ++ else ++ { ++ while (p_last != *definitions) ++ { ++ p_last = _asn1_find_up (p_last); ++ ++ if (p_last == NULL) ++ break; ++ ++ if (p_last->type & CONST_RIGHT) ++ { ++ p_last->type &= ~CONST_RIGHT; ++ move = RIGHT; ++ break; ++ } ++ } /* while */ ++ } ++ } /* while */ ++ ++ if (p_last == *definitions) ++ { ++ result = _asn1_check_identifier (*definitions); ++ if (result == ASN1_SUCCESS) ++ { ++ _asn1_change_integer_value (*definitions); ++ result = _asn1_expand_object_id (&e_list, *definitions); ++ } ++ } ++ else ++ { ++ result = ASN1_ARRAY_ERROR; ++ } ++ ++ if (errorDescription != NULL) ++ { ++ if (result == ASN1_IDENTIFIER_NOT_FOUND) ++ { ++ Estrcpy (errorDescription, ":: identifier '"); ++ Estrcat (errorDescription, _asn1_identifierMissing); ++ Estrcat (errorDescription, "' not found"); ++ } ++ else ++ errorDescription[0] = 0; ++ } ++ ++ if (result != ASN1_SUCCESS) ++ { ++ _asn1_delete_list_and_nodes (e_list); ++ *definitions = NULL; ++ } ++ else ++ _asn1_delete_list (e_list); ++ ++ return result; ++} ++ ++/** ++ * asn1_delete_structure: ++ * @structure: pointer to the structure that you want to delete. ++ * ++ * Deletes the structure *@structure. At the end, *@structure is set ++ * to NULL. ++ * ++ * Returns: %ASN1_SUCCESS if successful, %ASN1_ELEMENT_NOT_FOUND if ++ * *@structure was NULL. ++ **/ ++int ++asn1_delete_structure (asn1_node * structure) ++{ ++ return _asn1_delete_structure (NULL, structure, 0); ++} ++ ++/** ++ * asn1_delete_structure2: ++ * @structure: pointer to the structure that you want to delete. ++ * @flags: additional flags (see %ASN1_DELETE_FLAG) ++ * ++ * Deletes the structure *@structure. At the end, *@structure is set ++ * to NULL. ++ * ++ * Returns: %ASN1_SUCCESS if successful, %ASN1_ELEMENT_NOT_FOUND if ++ * *@structure was NULL. ++ **/ ++int ++asn1_delete_structure2 (asn1_node * structure, unsigned int flags) ++{ ++ return _asn1_delete_structure (NULL, structure, flags); ++} ++ ++int ++_asn1_delete_structure (list_type *e_list, asn1_node * structure, unsigned int flags) ++{ ++ asn1_node p, p2, p3; ++ ++ if (*structure == NULL) ++ return ASN1_ELEMENT_NOT_FOUND; ++ ++ p = *structure; ++ while (p) ++ { ++ if (p->down) ++ { ++ p = p->down; ++ } ++ else ++ { /* no down */ ++ p2 = p->right; ++ if (p != *structure) ++ { ++ p3 = _asn1_find_up (p); ++ _asn1_set_down (p3, p2); ++ if (e_list) ++ _asn1_delete_node_from_list (e_list, p); ++ _asn1_remove_node (p, flags); ++ p = p3; ++ } ++ else ++ { /* p==root */ ++ p3 = _asn1_find_left (p); ++ if (!p3) ++ { ++ p3 = _asn1_find_up (p); ++ if (p3) ++ _asn1_set_down (p3, p2); ++ else ++ { ++ if (p->right) ++ p->right->left = NULL; ++ } ++ } ++ else ++ _asn1_set_right (p3, p2); ++ if (e_list) ++ _asn1_delete_node_from_list (e_list, p); ++ _asn1_remove_node (p, flags); ++ p = NULL; ++ } ++ } ++ } ++ ++ *structure = NULL; ++ return ASN1_SUCCESS; ++} ++ ++ ++/** ++ * asn1_delete_element: ++ * @structure: pointer to the structure that contains the element you ++ * want to delete. ++ * @element_name: element's name you want to delete. ++ * ++ * Deletes the element named *@element_name inside *@structure. ++ * ++ * Returns: %ASN1_SUCCESS if successful, %ASN1_ELEMENT_NOT_FOUND if ++ * the @element_name was not found. ++ **/ ++int ++asn1_delete_element (asn1_node structure, const char *element_name) ++{ ++ asn1_node p2, p3, source_node; ++ ++ source_node = asn1_find_node (structure, element_name); ++ ++ if (source_node == NULL) ++ return ASN1_ELEMENT_NOT_FOUND; ++ ++ p2 = source_node->right; ++ p3 = _asn1_find_left (source_node); ++ if (!p3) ++ { ++ p3 = _asn1_find_up (source_node); ++ if (p3) ++ _asn1_set_down (p3, p2); ++ else if (source_node->right) ++ source_node->right->left = NULL; ++ } ++ else ++ _asn1_set_right (p3, p2); ++ ++ return asn1_delete_structure (&source_node); ++} ++ ++#ifndef __clang_analyzer__ ++asn1_node ++_asn1_copy_structure3 (asn1_node_const source_node) ++{ ++ asn1_node_const p_s; ++ asn1_node dest_node, p_d, p_d_prev; ++ int move; ++ ++ if (source_node == NULL) ++ return NULL; ++ ++ dest_node = _asn1_add_single_node (source_node->type); ++ ++ p_s = source_node; ++ p_d = dest_node; ++ ++ move = DOWN; ++ ++ do ++ { ++ if (move != UP) ++ { ++ if (p_s->name[0] != 0) ++ _asn1_cpy_name (p_d, p_s); ++ if (p_s->value) ++ _asn1_set_value (p_d, p_s->value, p_s->value_len); ++ if (p_s->down) ++ { ++ p_s = p_s->down; ++ p_d_prev = p_d; ++ p_d = _asn1_add_single_node (p_s->type); ++ _asn1_set_down (p_d_prev, p_d); ++ continue; ++ } ++ p_d->start = p_s->start; ++ p_d->end = p_s->end; ++ } ++ ++ if (p_s == source_node) ++ break; ++ ++ if (p_s->right) ++ { ++ move = RIGHT; ++ p_s = p_s->right; ++ p_d_prev = p_d; ++ p_d = _asn1_add_single_node (p_s->type); ++ _asn1_set_right (p_d_prev, p_d); ++ } ++ else ++ { ++ move = UP; ++ p_s = _asn1_find_up (p_s); ++ p_d = _asn1_find_up (p_d); ++ } ++ } ++ while (p_s != source_node); ++ return dest_node; ++} ++#else ++ ++/* Non-production code */ ++asn1_node ++_asn1_copy_structure3 (asn1_node_const source_node) ++{ ++ return NULL; ++} ++#endif /* __clang_analyzer__ */ ++ ++ ++static asn1_node ++_asn1_copy_structure2 (asn1_node_const root, const char *source_name) ++{ ++ asn1_node source_node; ++ ++ source_node = asn1_find_node (root, source_name); ++ ++ return _asn1_copy_structure3 (source_node); ++ ++} ++ ++ ++static int ++_asn1_type_choice_config (asn1_node node) ++{ ++ asn1_node p, p2, p3, p4; ++ int move, tlen; ++ ++ if (node == NULL) ++ return ASN1_ELEMENT_NOT_FOUND; ++ ++ p = node; ++ move = DOWN; ++ ++ while (!((p == node) && (move == UP))) ++ { ++ if (move != UP) ++ { ++ if ((type_field (p->type) == ASN1_ETYPE_CHOICE) ++ && (p->type & CONST_TAG)) ++ { ++ p2 = p->down; ++ while (p2) ++ { ++ if (type_field (p2->type) != ASN1_ETYPE_TAG) ++ { ++ p2->type |= CONST_TAG; ++ p3 = _asn1_find_left (p2); ++ while (p3) ++ { ++ if (type_field (p3->type) == ASN1_ETYPE_TAG) ++ { ++ p4 = _asn1_add_single_node (p3->type); ++ tlen = _asn1_strlen (p3->value); ++ if (tlen > 0) ++ _asn1_set_value (p4, p3->value, tlen + 1); ++ _asn1_set_right (p4, p2->down); ++ _asn1_set_down (p2, p4); ++ } ++ p3 = _asn1_find_left (p3); ++ } ++ } ++ p2 = p2->right; ++ } ++ p->type &= ~(CONST_TAG); ++ p2 = p->down; ++ while (p2) ++ { ++ p3 = p2->right; ++ if (type_field (p2->type) == ASN1_ETYPE_TAG) ++ asn1_delete_structure (&p2); ++ p2 = p3; ++ } ++ } ++ move = DOWN; ++ } ++ else ++ move = RIGHT; ++ ++ if (move == DOWN) ++ { ++ if (p->down) ++ p = p->down; ++ else ++ move = RIGHT; ++ } ++ ++ if (p == node) ++ { ++ move = UP; ++ continue; ++ } ++ ++ if (move == RIGHT) ++ { ++ if (p->right) ++ p = p->right; ++ else ++ move = UP; ++ } ++ if (move == UP) ++ p = _asn1_find_up (p); ++ } ++ ++ return ASN1_SUCCESS; ++} ++ ++ ++static int ++_asn1_expand_identifier (asn1_node * node, asn1_node_const root) ++{ ++ asn1_node p, p2, p3; ++ char name2[ASN1_MAX_NAME_SIZE + 2]; ++ int move; ++ ++ if (node == NULL) ++ return ASN1_ELEMENT_NOT_FOUND; ++ ++ p = *node; ++ move = DOWN; ++ ++ while (!((p == *node) && (move == UP))) ++ { ++ if (move != UP) ++ { ++ if (type_field (p->type) == ASN1_ETYPE_IDENTIFIER) ++ { ++ snprintf (name2, sizeof (name2), "%s.%s", root->name, p->value); ++ p2 = _asn1_copy_structure2 (root, name2); ++ if (p2 == NULL) ++ { ++ return ASN1_IDENTIFIER_NOT_FOUND; ++ } ++ _asn1_cpy_name (p2, p); ++ p2->right = p->right; ++ p2->left = p->left; ++ if (p->right) ++ p->right->left = p2; ++ p3 = p->down; ++ if (p3) ++ { ++ while (p3->right) ++ p3 = p3->right; ++ _asn1_set_right (p3, p2->down); ++ _asn1_set_down (p2, p->down); ++ } ++ ++ p3 = _asn1_find_left (p); ++ if (p3) ++ _asn1_set_right (p3, p2); ++ else ++ { ++ p3 = _asn1_find_up (p); ++ if (p3) ++ _asn1_set_down (p3, p2); ++ else ++ { ++ p2->left = NULL; ++ } ++ } ++ ++ if (p->type & CONST_SIZE) ++ p2->type |= CONST_SIZE; ++ if (p->type & CONST_TAG) ++ p2->type |= CONST_TAG; ++ if (p->type & CONST_OPTION) ++ p2->type |= CONST_OPTION; ++ if (p->type & CONST_DEFAULT) ++ p2->type |= CONST_DEFAULT; ++ if (p->type & CONST_SET) ++ p2->type |= CONST_SET; ++ if (p->type & CONST_NOT_USED) ++ p2->type |= CONST_NOT_USED; ++ ++ if (p == *node) ++ *node = p2; ++ _asn1_remove_node (p, 0); ++ p = p2; ++ move = DOWN; ++ continue; ++ } ++ move = DOWN; ++ } ++ else ++ move = RIGHT; ++ ++ if (move == DOWN) ++ { ++ if (p->down) ++ p = p->down; ++ else ++ move = RIGHT; ++ } ++ ++ if (p == *node) ++ { ++ move = UP; ++ continue; ++ } ++ ++ if (move == RIGHT) ++ { ++ if (p->right) ++ p = p->right; ++ else ++ move = UP; ++ } ++ if (move == UP) ++ p = _asn1_find_up (p); ++ } ++ ++ return ASN1_SUCCESS; ++} ++ ++ ++/** ++ * asn1_create_element: ++ * @definitions: pointer to the structure returned by "parser_asn1" function ++ * @source_name: the name of the type of the new structure (must be ++ * inside p_structure). ++ * @element: pointer to the structure created. ++ * ++ * Creates a structure of type @source_name. Example using ++ * "pkix.asn": ++ * ++ * rc = asn1_create_element(cert_def, "PKIX1.Certificate", certptr); ++ * ++ * Returns: %ASN1_SUCCESS if creation OK, %ASN1_ELEMENT_NOT_FOUND if ++ * @source_name is not known. ++ **/ ++int ++asn1_create_element (asn1_node_const definitions, const char *source_name, ++ asn1_node * element) ++{ ++ asn1_node dest_node; ++ int res; ++ ++ dest_node = _asn1_copy_structure2 (definitions, source_name); ++ ++ if (dest_node == NULL) ++ return ASN1_ELEMENT_NOT_FOUND; ++ ++ _asn1_set_name (dest_node, ""); ++ ++ res = _asn1_expand_identifier (&dest_node, definitions); ++ _asn1_type_choice_config (dest_node); ++ ++ *element = dest_node; ++ ++ return res; ++} ++ ++ ++/** ++ * asn1_print_structure: ++ * @out: pointer to the output file (e.g. stdout). ++ * @structure: pointer to the structure that you want to visit. ++ * @name: an element of the structure ++ * @mode: specify how much of the structure to print, can be ++ * %ASN1_PRINT_NAME, %ASN1_PRINT_NAME_TYPE, ++ * %ASN1_PRINT_NAME_TYPE_VALUE, or %ASN1_PRINT_ALL. ++ * ++ * Prints on the @out file descriptor the structure's tree starting ++ * from the @name element inside the structure @structure. ++ **/ ++void ++asn1_print_structure (FILE * out, asn1_node_const structure, const char *name, ++ int mode) ++{ ++ asn1_node_const p, root; ++ int k, indent = 0, len, len2, len3; ++ ++ if (out == NULL) ++ return; ++ ++ root = asn1_find_node (structure, name); ++ ++ if (root == NULL) ++ return; ++ ++ p = root; ++ while (p) ++ { ++ if (mode == ASN1_PRINT_ALL) ++ { ++ for (k = 0; k < indent; k++) ++ fprintf (out, " "); ++ fprintf (out, "name:"); ++ if (p->name[0] != 0) ++ fprintf (out, "%s ", p->name); ++ else ++ fprintf (out, "NULL "); ++ } ++ else ++ { ++ switch (type_field (p->type)) ++ { ++ case ASN1_ETYPE_CONSTANT: ++ case ASN1_ETYPE_TAG: ++ case ASN1_ETYPE_SIZE: ++ break; ++ default: ++ for (k = 0; k < indent; k++) ++ fprintf (out, " "); ++ fprintf (out, "name:"); ++ if (p->name[0] != 0) ++ fprintf (out, "%s ", p->name); ++ else ++ fprintf (out, "NULL "); ++ } ++ } ++ ++ if (mode != ASN1_PRINT_NAME) ++ { ++ unsigned type = type_field (p->type); ++ switch (type) ++ { ++ case ASN1_ETYPE_CONSTANT: ++ if (mode == ASN1_PRINT_ALL) ++ fprintf (out, "type:CONST"); ++ break; ++ case ASN1_ETYPE_TAG: ++ if (mode == ASN1_PRINT_ALL) ++ fprintf (out, "type:TAG"); ++ break; ++ case ASN1_ETYPE_SIZE: ++ if (mode == ASN1_PRINT_ALL) ++ fprintf (out, "type:SIZE"); ++ break; ++ case ASN1_ETYPE_DEFAULT: ++ fprintf (out, "type:DEFAULT"); ++ break; ++ case ASN1_ETYPE_IDENTIFIER: ++ fprintf (out, "type:IDENTIFIER"); ++ break; ++ case ASN1_ETYPE_ANY: ++ fprintf (out, "type:ANY"); ++ break; ++ case ASN1_ETYPE_CHOICE: ++ fprintf (out, "type:CHOICE"); ++ break; ++ case ASN1_ETYPE_DEFINITIONS: ++ fprintf (out, "type:DEFINITIONS"); ++ break; ++ CASE_HANDLED_ETYPES: ++ fprintf (out, "%s", _asn1_tags[type].desc); ++ break; ++ default: ++ break; ++ } ++ } ++ ++ if ((mode == ASN1_PRINT_NAME_TYPE_VALUE) || (mode == ASN1_PRINT_ALL)) ++ { ++ switch (type_field (p->type)) ++ { ++ case ASN1_ETYPE_CONSTANT: ++ if (mode == ASN1_PRINT_ALL) ++ if (p->value) ++ fprintf (out, " value:%s", p->value); ++ break; ++ case ASN1_ETYPE_TAG: ++ if (mode == ASN1_PRINT_ALL) ++ if (p->value) ++ fprintf (out, " value:%s", p->value); ++ break; ++ case ASN1_ETYPE_SIZE: ++ if (mode == ASN1_PRINT_ALL) ++ if (p->value) ++ fprintf (out, " value:%s", p->value); ++ break; ++ case ASN1_ETYPE_DEFAULT: ++ if (p->value) ++ fprintf (out, " value:%s", p->value); ++ else if (p->type & CONST_TRUE) ++ fprintf (out, " value:TRUE"); ++ else if (p->type & CONST_FALSE) ++ fprintf (out, " value:FALSE"); ++ break; ++ case ASN1_ETYPE_IDENTIFIER: ++ if (p->value) ++ fprintf (out, " value:%s", p->value); ++ break; ++ case ASN1_ETYPE_INTEGER: ++ if (p->value) ++ { ++ len2 = -1; ++ len = asn1_get_length_der (p->value, p->value_len, &len2); ++ fprintf (out, " value:0x"); ++ if (len > 0) ++ for (k = 0; k < len; k++) ++ fprintf (out, "%02x", (unsigned) (p->value)[k + len2]); ++ } ++ break; ++ case ASN1_ETYPE_ENUMERATED: ++ if (p->value) ++ { ++ len2 = -1; ++ len = asn1_get_length_der (p->value, p->value_len, &len2); ++ fprintf (out, " value:0x"); ++ if (len > 0) ++ for (k = 0; k < len; k++) ++ fprintf (out, "%02x", (unsigned) (p->value)[k + len2]); ++ } ++ break; ++ case ASN1_ETYPE_BOOLEAN: ++ if (p->value) ++ { ++ if (p->value[0] == 'T') ++ fprintf (out, " value:TRUE"); ++ else if (p->value[0] == 'F') ++ fprintf (out, " value:FALSE"); ++ } ++ break; ++ case ASN1_ETYPE_BIT_STRING: ++ if (p->value) ++ { ++ len2 = -1; ++ len = asn1_get_length_der (p->value, p->value_len, &len2); ++ if (len > 0) ++ { ++ fprintf (out, " value(%i):", ++ (len - 1) * 8 - (p->value[len2])); ++ for (k = 1; k < len; k++) ++ fprintf (out, "%02x", (unsigned) (p->value)[k + len2]); ++ } ++ } ++ break; ++ case ASN1_ETYPE_GENERALIZED_TIME: ++ case ASN1_ETYPE_UTC_TIME: ++ if (p->value) ++ { ++ fprintf (out, " value:"); ++ for (k = 0; k < p->value_len; k++) ++ fprintf (out, "%c", (p->value)[k]); ++ } ++ break; ++ case ASN1_ETYPE_GENERALSTRING: ++ case ASN1_ETYPE_NUMERIC_STRING: ++ case ASN1_ETYPE_IA5_STRING: ++ case ASN1_ETYPE_TELETEX_STRING: ++ case ASN1_ETYPE_PRINTABLE_STRING: ++ case ASN1_ETYPE_UNIVERSAL_STRING: ++ case ASN1_ETYPE_UTF8_STRING: ++ case ASN1_ETYPE_VISIBLE_STRING: ++ if (p->value) ++ { ++ len2 = -1; ++ len = asn1_get_length_der (p->value, p->value_len, &len2); ++ fprintf (out, " value:"); ++ if (len > 0) ++ for (k = 0; k < len; k++) ++ fprintf (out, "%c", (p->value)[k + len2]); ++ } ++ break; ++ case ASN1_ETYPE_BMP_STRING: ++ case ASN1_ETYPE_OCTET_STRING: ++ if (p->value) ++ { ++ len2 = -1; ++ len = asn1_get_length_der (p->value, p->value_len, &len2); ++ fprintf (out, " value:"); ++ if (len > 0) ++ for (k = 0; k < len; k++) ++ fprintf (out, "%02x", (unsigned) (p->value)[k + len2]); ++ } ++ break; ++ case ASN1_ETYPE_OBJECT_ID: ++ if (p->value) ++ fprintf (out, " value:%s", p->value); ++ break; ++ case ASN1_ETYPE_ANY: ++ if (p->value) ++ { ++ len3 = -1; ++ len2 = asn1_get_length_der (p->value, p->value_len, &len3); ++ fprintf (out, " value:"); ++ if (len2 > 0) ++ for (k = 0; k < len2; k++) ++ fprintf (out, "%02x", (unsigned) (p->value)[k + len3]); ++ } ++ break; ++ case ASN1_ETYPE_SET: ++ case ASN1_ETYPE_SET_OF: ++ case ASN1_ETYPE_CHOICE: ++ case ASN1_ETYPE_DEFINITIONS: ++ case ASN1_ETYPE_SEQUENCE_OF: ++ case ASN1_ETYPE_SEQUENCE: ++ case ASN1_ETYPE_NULL: ++ break; ++ default: ++ break; ++ } ++ } ++ ++ if (mode == ASN1_PRINT_ALL) ++ { ++ if (p->type & 0x1FFFFF00) ++ { ++ fprintf (out, " attr:"); ++ if (p->type & CONST_UNIVERSAL) ++ fprintf (out, "UNIVERSAL,"); ++ if (p->type & CONST_PRIVATE) ++ fprintf (out, "PRIVATE,"); ++ if (p->type & CONST_APPLICATION) ++ fprintf (out, "APPLICATION,"); ++ if (p->type & CONST_EXPLICIT) ++ fprintf (out, "EXPLICIT,"); ++ if (p->type & CONST_IMPLICIT) ++ fprintf (out, "IMPLICIT,"); ++ if (p->type & CONST_TAG) ++ fprintf (out, "TAG,"); ++ if (p->type & CONST_DEFAULT) ++ fprintf (out, "DEFAULT,"); ++ if (p->type & CONST_TRUE) ++ fprintf (out, "TRUE,"); ++ if (p->type & CONST_FALSE) ++ fprintf (out, "FALSE,"); ++ if (p->type & CONST_LIST) ++ fprintf (out, "LIST,"); ++ if (p->type & CONST_MIN_MAX) ++ fprintf (out, "MIN_MAX,"); ++ if (p->type & CONST_OPTION) ++ fprintf (out, "OPTION,"); ++ if (p->type & CONST_1_PARAM) ++ fprintf (out, "1_PARAM,"); ++ if (p->type & CONST_SIZE) ++ fprintf (out, "SIZE,"); ++ if (p->type & CONST_DEFINED_BY) ++ fprintf (out, "DEF_BY,"); ++ if (p->type & CONST_GENERALIZED) ++ fprintf (out, "GENERALIZED,"); ++ if (p->type & CONST_UTC) ++ fprintf (out, "UTC,"); ++ if (p->type & CONST_SET) ++ fprintf (out, "SET,"); ++ if (p->type & CONST_NOT_USED) ++ fprintf (out, "NOT_USED,"); ++ if (p->type & CONST_ASSIGN) ++ fprintf (out, "ASSIGNMENT,"); ++ } ++ } ++ ++ if (mode == ASN1_PRINT_ALL) ++ { ++ fprintf (out, "\n"); ++ } ++ else ++ { ++ switch (type_field (p->type)) ++ { ++ case ASN1_ETYPE_CONSTANT: ++ case ASN1_ETYPE_TAG: ++ case ASN1_ETYPE_SIZE: ++ break; ++ default: ++ fprintf (out, "\n"); ++ } ++ } ++ ++ if (p->down) ++ { ++ p = p->down; ++ indent += 2; ++ } ++ else if (p == root) ++ { ++ p = NULL; ++ break; ++ } ++ else if (p->right) ++ p = p->right; ++ else ++ { ++ while (1) ++ { ++ p = _asn1_find_up (p); ++ if (p == root) ++ { ++ p = NULL; ++ break; ++ } ++ indent -= 2; ++ if (p->right) ++ { ++ p = p->right; ++ break; ++ } ++ } ++ } ++ } ++} ++ ++ ++ ++/** ++ * asn1_number_of_elements: ++ * @element: pointer to the root of an ASN1 structure. ++ * @name: the name of a sub-structure of ROOT. ++ * @num: pointer to an integer where the result will be stored ++ * ++ * Counts the number of elements of a sub-structure called NAME with ++ * names equal to "?1","?2", ... ++ * ++ * Returns: %ASN1_SUCCESS if successful, %ASN1_ELEMENT_NOT_FOUND if ++ * @name is not known, %ASN1_GENERIC_ERROR if pointer @num is %NULL. ++ **/ ++int ++asn1_number_of_elements (asn1_node_const element, const char *name, int *num) ++{ ++ asn1_node_const node, p; ++ ++ if (num == NULL) ++ return ASN1_GENERIC_ERROR; ++ ++ *num = 0; ++ ++ node = asn1_find_node (element, name); ++ if (node == NULL) ++ return ASN1_ELEMENT_NOT_FOUND; ++ ++ p = node->down; ++ ++ while (p) ++ { ++ if (p->name[0] == '?') ++ (*num)++; ++ p = p->right; ++ } ++ ++ return ASN1_SUCCESS; ++} ++ ++ ++/** ++ * asn1_find_structure_from_oid: ++ * @definitions: ASN1 definitions ++ * @oidValue: value of the OID to search (e.g. "1.2.3.4"). ++ * ++ * Search the structure that is defined just after an OID definition. ++ * ++ * Returns: %NULL when @oidValue not found, otherwise the pointer to a ++ * constant string that contains the element name defined just after ++ * the OID. ++ **/ ++const char * ++asn1_find_structure_from_oid (asn1_node_const definitions, const char *oidValue) ++{ ++ char name[2 * ASN1_MAX_NAME_SIZE + 2]; ++ char value[ASN1_MAX_NAME_SIZE]; ++ asn1_node p; ++ int len; ++ int result; ++ const char *definitionsName; ++ ++ if ((definitions == NULL) || (oidValue == NULL)) ++ return NULL; /* ASN1_ELEMENT_NOT_FOUND; */ ++ ++ definitionsName = definitions->name; ++ ++ /* search the OBJECT_ID into definitions */ ++ p = definitions->down; ++ while (p) ++ { ++ if ((type_field (p->type) == ASN1_ETYPE_OBJECT_ID) && ++ (p->type & CONST_ASSIGN)) ++ { ++ snprintf(name, sizeof(name), "%s.%s", definitionsName, p->name); ++ ++ len = ASN1_MAX_NAME_SIZE; ++ result = asn1_read_value (definitions, name, value, &len); ++ ++ if ((result == ASN1_SUCCESS) && (!strcmp (oidValue, value))) ++ { ++ p = p->right; ++ if (p == NULL) /* reach the end of ASN1 definitions */ ++ return NULL; /* ASN1_ELEMENT_NOT_FOUND; */ ++ ++ return p->name; ++ } ++ } ++ p = p->right; ++ } ++ ++ return NULL; /* ASN1_ELEMENT_NOT_FOUND; */ ++} ++ ++/** ++ * asn1_copy_node: ++ * @dst: Destination asn1 node. ++ * @dst_name: Field name in destination node. ++ * @src: Source asn1 node. ++ * @src_name: Field name in source node. ++ * ++ * Create a deep copy of a asn1_node variable. That ++ * function requires @dst to be expanded using asn1_create_element(). ++ * ++ * Returns: Return %ASN1_SUCCESS on success. ++ **/ ++int ++asn1_copy_node (asn1_node dst, const char *dst_name, ++ asn1_node_const src, const char *src_name) ++{ ++ int result; ++ asn1_node dst_node; ++ void *data = NULL; ++ int size = 0; ++ ++ result = asn1_der_coding (src, src_name, NULL, &size, NULL); ++ if (result != ASN1_MEM_ERROR) ++ return result; ++ ++ data = malloc (size); ++ if (data == NULL) ++ return ASN1_MEM_ERROR; ++ ++ result = asn1_der_coding (src, src_name, data, &size, NULL); ++ if (result != ASN1_SUCCESS) ++ { ++ free (data); ++ return result; ++ } ++ ++ dst_node = asn1_find_node (dst, dst_name); ++ if (dst_node == NULL) ++ { ++ free (data); ++ return ASN1_ELEMENT_NOT_FOUND; ++ } ++ ++ result = asn1_der_decoding (&dst_node, data, size, NULL); ++ ++ free (data); ++ ++ return result; ++} ++ ++/** ++ * asn1_dup_node: ++ * @src: Source asn1 node. ++ * @src_name: Field name in source node. ++ * ++ * Create a deep copy of a asn1_node variable. This function ++ * will return an exact copy of the provided structure. ++ * ++ * Returns: Return %NULL on failure. ++ **/ ++asn1_node ++asn1_dup_node (asn1_node_const src, const char *src_name) ++{ ++ return _asn1_copy_structure2(src, src_name); ++} +diff --git a/grub-core/lib/libtasn1/lib/element.h b/grub-core/lib/libtasn1/lib/element.h +new file mode 100644 +index 000000000..440a33f4b +--- /dev/null ++++ b/grub-core/lib/libtasn1/lib/element.h +@@ -0,0 +1,40 @@ ++/* ++ * Copyright (C) 2000-2014 Free Software Foundation, Inc. ++ * ++ * This file is part of LIBTASN1. ++ * ++ * The LIBTASN1 library is free software; you can redistribute it ++ * and/or modify it under the terms of the GNU Lesser General Public ++ * License as published by the Free Software Foundation; either ++ * version 2.1 of the License, or (at your option) any later version. ++ * ++ * This library is distributed in the hope that it will be useful, but ++ * WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ * Lesser General Public License for more details. ++ * ++ * You should have received a copy of the GNU Lesser General Public ++ * License along with this library; if not, write to the Free Software ++ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA ++ * 02110-1301, USA ++ */ ++ ++#ifndef _ELEMENT_H ++#define _ELEMENT_H ++ ++ ++struct node_tail_cache_st ++{ ++ asn1_node head; /* the first element of the sequence */ ++ asn1_node tail; ++}; ++ ++int _asn1_append_sequence_set (asn1_node node, struct node_tail_cache_st *pcached); ++ ++int _asn1_convert_integer (const unsigned char *value, ++ unsigned char *value_out, ++ int value_out_size, int *len); ++ ++void _asn1_hierarchical_name (asn1_node_const node, char *name, int name_size); ++ ++#endif +diff --git a/grub-core/lib/libtasn1/lib/gstr.h b/grub-core/lib/libtasn1/lib/gstr.h +new file mode 100644 +index 000000000..48229844f +--- /dev/null ++++ b/grub-core/lib/libtasn1/lib/gstr.h +@@ -0,0 +1,47 @@ ++/* ++ * Copyright (C) 2002-2014 Free Software Foundation, Inc. ++ * ++ * This file is part of LIBTASN1. ++ * ++ * The LIBTASN1 library is free software; you can redistribute it ++ * and/or modify it under the terms of the GNU Lesser General Public ++ * License as published by the Free Software Foundation; either ++ * version 2.1 of the License, or (at your option) any later version. ++ * ++ * This library is distributed in the hope that it will be useful, but ++ * WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ * Lesser General Public License for more details. ++ * ++ * You should have received a copy of the GNU Lesser General Public ++ * License along with this library; if not, write to the Free Software ++ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA ++ * 02110-1301, USA ++ */ ++ ++#ifndef GSTR_H ++# define GSTR_H ++ ++unsigned int _asn1_str_cpy (char *dest, size_t dest_tot_size, ++ const char *src); ++void _asn1_str_cat (char *dest, size_t dest_tot_size, const char *src); ++ ++#define Estrcpy(x,y) _asn1_str_cpy(x,ASN1_MAX_ERROR_DESCRIPTION_SIZE,y) ++#define Estrcat(x,y) _asn1_str_cat(x,ASN1_MAX_ERROR_DESCRIPTION_SIZE,y) ++ ++inline static ++void safe_memset(void *data, int c, size_t size) ++{ ++ volatile unsigned volatile_zero = 0; ++ volatile char *vdata = (volatile char*)data; ++ ++ /* This is based on a nice trick for safe memset, ++ * sent by David Jacobson in the openssl-dev mailing list. ++ */ ++ ++ if (size > 0) do { ++ memset(data, c, size); ++ } while(vdata[volatile_zero] != c); ++} ++ ++#endif /* GSTR_H */ +diff --git a/grub-core/lib/libtasn1/lib/int.h b/grub-core/lib/libtasn1/lib/int.h +new file mode 100644 +index 000000000..ea1625786 +--- /dev/null ++++ b/grub-core/lib/libtasn1/lib/int.h +@@ -0,0 +1,221 @@ ++/* ++ * Copyright (C) 2002-2014 Free Software Foundation, Inc. ++ * ++ * This file is part of LIBTASN1. ++ * ++ * The LIBTASN1 library is free software; you can redistribute it ++ * and/or modify it under the terms of the GNU Lesser General Public ++ * License as published by the Free Software Foundation; either ++ * version 2.1 of the License, or (at your option) any later version. ++ * ++ * This library is distributed in the hope that it will be useful, but ++ * WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ * Lesser General Public License for more details. ++ * ++ * You should have received a copy of the GNU Lesser General Public ++ * License along with this library; if not, write to the Free Software ++ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA ++ * 02110-1301, USA ++ */ ++ ++#ifndef INT_H ++#define INT_H ++ ++#ifdef HAVE_CONFIG_H ++#include ++#endif ++ ++#include ++#include ++#include ++#include ++ ++#ifdef HAVE_SYS_TYPES_H ++#include ++#endif ++ ++#include ++ ++#define ASN1_SMALL_VALUE_SIZE 16 ++ ++/* This structure is also in libtasn1.h, but then contains less ++ fields. You cannot make any modifications to these first fields ++ without breaking ABI. */ ++struct asn1_node_st ++{ ++ /* public fields: */ ++ char name[ASN1_MAX_NAME_SIZE + 1]; /* Node name */ ++ unsigned int name_hash; ++ unsigned int type; /* Node type */ ++ unsigned char *value; /* Node value */ ++ int value_len; ++ asn1_node down; /* Pointer to the son node */ ++ asn1_node right; /* Pointer to the brother node */ ++ asn1_node left; /* Pointer to the next list element */ ++ /* private fields: */ ++ unsigned char small_value[ASN1_SMALL_VALUE_SIZE]; /* For small values */ ++ ++ /* values used during decoding/coding */ ++ int tmp_ival; ++ unsigned start; /* the start of the DER sequence - if decoded */ ++ unsigned end; /* the end of the DER sequence - if decoded */ ++}; ++ ++typedef struct tag_and_class_st ++{ ++ unsigned tag; ++ unsigned class; ++ const char *desc; ++} tag_and_class_st; ++ ++/* the types that are handled in _asn1_tags */ ++#define CASE_HANDLED_ETYPES \ ++ case ASN1_ETYPE_NULL: \ ++ case ASN1_ETYPE_BOOLEAN: \ ++ case ASN1_ETYPE_INTEGER: \ ++ case ASN1_ETYPE_ENUMERATED: \ ++ case ASN1_ETYPE_OBJECT_ID: \ ++ case ASN1_ETYPE_OCTET_STRING: \ ++ case ASN1_ETYPE_GENERALSTRING: \ ++ case ASN1_ETYPE_NUMERIC_STRING: \ ++ case ASN1_ETYPE_IA5_STRING: \ ++ case ASN1_ETYPE_TELETEX_STRING: \ ++ case ASN1_ETYPE_PRINTABLE_STRING: \ ++ case ASN1_ETYPE_UNIVERSAL_STRING: \ ++ case ASN1_ETYPE_BMP_STRING: \ ++ case ASN1_ETYPE_UTF8_STRING: \ ++ case ASN1_ETYPE_VISIBLE_STRING: \ ++ case ASN1_ETYPE_BIT_STRING: \ ++ case ASN1_ETYPE_SEQUENCE: \ ++ case ASN1_ETYPE_SEQUENCE_OF: \ ++ case ASN1_ETYPE_SET: \ ++ case ASN1_ETYPE_UTC_TIME: \ ++ case ASN1_ETYPE_GENERALIZED_TIME: \ ++ case ASN1_ETYPE_SET_OF ++ ++#define ETYPE_TAG(etype) (_asn1_tags[etype].tag) ++#define ETYPE_CLASS(etype) (_asn1_tags[etype].class) ++#define ETYPE_OK(etype) (((etype) != ASN1_ETYPE_INVALID && \ ++ (etype) <= _asn1_tags_size && \ ++ _asn1_tags[(etype)].desc != NULL)?1:0) ++ ++#define ETYPE_IS_STRING(etype) ((etype == ASN1_ETYPE_GENERALSTRING || \ ++ etype == ASN1_ETYPE_NUMERIC_STRING || etype == ASN1_ETYPE_IA5_STRING || \ ++ etype == ASN1_ETYPE_TELETEX_STRING || etype == ASN1_ETYPE_PRINTABLE_STRING || \ ++ etype == ASN1_ETYPE_UNIVERSAL_STRING || etype == ASN1_ETYPE_BMP_STRING || \ ++ etype == ASN1_ETYPE_UTF8_STRING || etype == ASN1_ETYPE_VISIBLE_STRING || \ ++ etype == ASN1_ETYPE_OCTET_STRING)?1:0) ++ ++extern unsigned int _asn1_tags_size; ++extern const tag_and_class_st _asn1_tags[]; ++ ++#define _asn1_strlen(s) strlen((const char *) s) ++#define _asn1_strtol(n,e,b) strtol((const char *) n, e, b) ++#define _asn1_strtoul(n,e,b) strtoul((const char *) n, e, b) ++#define _asn1_strcmp(a,b) strcmp((const char *)a, (const char *)b) ++#define _asn1_strcpy(a,b) strcpy((char *)a, (const char *)b) ++#define _asn1_strcat(a,b) strcat((char *)a, (const char *)b) ++ ++#if SIZEOF_UNSIGNED_LONG_INT == 8 ++# define _asn1_strtou64(n,e,b) strtoul((const char *) n, e, b) ++#else ++# define _asn1_strtou64(n,e,b) strtoull((const char *) n, e, b) ++#endif ++ ++#define MAX_LOG_SIZE 1024 /* maximum number of characters of a log message */ ++ ++/* Define used for visiting trees. */ ++#define UP 1 ++#define RIGHT 2 ++#define DOWN 3 ++ ++/***********************************************************************/ ++/* List of constants to better specify the type of typedef asn1_node_st. */ ++/***********************************************************************/ ++/* Used with TYPE_TAG */ ++#define CONST_UNIVERSAL (1U<<8) ++#define CONST_PRIVATE (1U<<9) ++#define CONST_APPLICATION (1U<<10) ++#define CONST_EXPLICIT (1U<<11) ++#define CONST_IMPLICIT (1U<<12) ++ ++#define CONST_TAG (1U<<13) /* Used in ASN.1 assignement */ ++#define CONST_OPTION (1U<<14) ++#define CONST_DEFAULT (1U<<15) ++#define CONST_TRUE (1U<<16) ++#define CONST_FALSE (1U<<17) ++ ++#define CONST_LIST (1U<<18) /* Used with TYPE_INTEGER and TYPE_BIT_STRING */ ++#define CONST_MIN_MAX (1U<<19) ++ ++#define CONST_1_PARAM (1U<<20) ++ ++#define CONST_SIZE (1U<<21) ++ ++#define CONST_DEFINED_BY (1U<<22) ++ ++/* Those two are deprecated and used for backwards compatibility */ ++#define CONST_GENERALIZED (1U<<23) ++#define CONST_UTC (1U<<24) ++ ++/* #define CONST_IMPORTS (1U<<25) */ ++ ++#define CONST_NOT_USED (1U<<26) ++#define CONST_SET (1U<<27) ++#define CONST_ASSIGN (1U<<28) ++ ++#define CONST_DOWN (1U<<29) ++#define CONST_RIGHT (1U<<30) ++ ++ ++#define ASN1_ETYPE_TIME 17 ++/****************************************/ ++/* Returns the first 8 bits. */ ++/* Used with the field type of asn1_node_st */ ++/****************************************/ ++inline static unsigned int ++type_field (unsigned int ntype) ++{ ++ return (ntype & 0xff); ++} ++ ++/* To convert old types from a static structure */ ++inline static unsigned int ++convert_old_type (unsigned int ntype) ++{ ++ unsigned int type = ntype & 0xff; ++ if (type == ASN1_ETYPE_TIME) ++ { ++ if (ntype & CONST_UTC) ++ type = ASN1_ETYPE_UTC_TIME; ++ else ++ type = ASN1_ETYPE_GENERALIZED_TIME; ++ ++ ntype &= ~(CONST_UTC | CONST_GENERALIZED); ++ ntype &= 0xffffff00; ++ ntype |= type; ++ ++ return ntype; ++ } ++ else ++ return ntype; ++} ++ ++static inline ++void *_asn1_realloc(void *ptr, size_t size) ++{ ++ void *ret; ++ ++ if (size == 0) ++ return ptr; ++ ++ ret = realloc(ptr, size); ++ if (ret == NULL) ++ { ++ free(ptr); ++ } ++ return ret; ++} ++ ++#endif /* INT_H */ +diff --git a/grub-core/lib/libtasn1/lib/parser_aux.h b/grub-core/lib/libtasn1/lib/parser_aux.h +new file mode 100644 +index 000000000..598e684b3 +--- /dev/null ++++ b/grub-core/lib/libtasn1/lib/parser_aux.h +@@ -0,0 +1,172 @@ ++/* ++ * Copyright (C) 2000-2014 Free Software Foundation, Inc. ++ * ++ * This file is part of LIBTASN1. ++ * ++ * The LIBTASN1 library is free software; you can redistribute it ++ * and/or modify it under the terms of the GNU Lesser General Public ++ * License as published by the Free Software Foundation; either ++ * version 2.1 of the License, or (at your option) any later version. ++ * ++ * This library is distributed in the hope that it will be useful, but ++ * WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ * Lesser General Public License for more details. ++ * ++ * You should have received a copy of the GNU Lesser General Public ++ * License along with this library; if not, write to the Free Software ++ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA ++ * 02110-1301, USA ++ */ ++ ++#ifndef _PARSER_AUX_H ++#define _PARSER_AUX_H ++ ++/***********************************************/ ++/* Type: list_type */ ++/* Description: type used in the list during */ ++/* the structure creation. */ ++/***********************************************/ ++typedef struct list_struct ++{ ++ asn1_node node; ++ struct list_struct *next; ++} list_type; ++ ++/***************************************/ ++/* Functions used by ASN.1 parser */ ++/***************************************/ ++asn1_node _asn1_add_static_node (list_type **e_list, unsigned int type); ++ ++void _asn1_delete_list (list_type *e_list); ++ ++void _asn1_delete_list_and_nodes (list_type *e_list); ++ ++void _asn1_delete_node_from_list (list_type *list, asn1_node node); ++ ++asn1_node ++_asn1_set_value (asn1_node node, const void *value, unsigned int len); ++ ++asn1_node _asn1_set_value_m (asn1_node node, void *value, unsigned int len); ++ ++asn1_node ++_asn1_set_value_lv (asn1_node node, const void *value, unsigned int len); ++ ++asn1_node ++_asn1_append_value (asn1_node node, const void *value, unsigned int len); ++ ++asn1_node _asn1_set_name (asn1_node node, const char *name); ++ ++asn1_node _asn1_cpy_name (asn1_node dst, asn1_node_const src); ++ ++asn1_node _asn1_set_right (asn1_node node, asn1_node right); ++ ++asn1_node _asn1_get_last_right (asn1_node_const node); ++ ++void _asn1_remove_node (asn1_node node, unsigned int flags); ++ ++/* Max 64-bit integer length is 20 chars + 1 for sign + 1 for null termination */ ++#define LTOSTR_MAX_SIZE 22 ++char *_asn1_ltostr (int64_t v, char str[LTOSTR_MAX_SIZE]); ++ ++asn1_node _asn1_find_up (asn1_node_const node); ++ ++int _asn1_change_integer_value (asn1_node node); ++ ++#define EXPAND_OBJECT_ID_MAX_RECURSION 16 ++int _asn1_expand_object_id (list_type **list, asn1_node node); ++ ++int _asn1_type_set_config (asn1_node node); ++ ++int _asn1_check_identifier (asn1_node_const node); ++ ++int _asn1_set_default_tag (asn1_node node); ++ ++/******************************************************************/ ++/* Function : _asn1_get_right */ ++/* Description: returns the element pointed by the RIGHT field of */ ++/* a NODE_ASN element. */ ++/* Parameters: */ ++/* node: NODE_ASN element pointer. */ ++/* Return: field RIGHT of NODE. */ ++/******************************************************************/ ++inline static asn1_node ++_asn1_get_right (asn1_node_const node) ++{ ++ if (node == NULL) ++ return NULL; ++ return node->right; ++} ++ ++/******************************************************************/ ++/* Function : _asn1_set_down */ ++/* Description: sets the field DOWN in a NODE_ASN element. */ ++/* Parameters: */ ++/* node: element pointer. */ ++/* down: pointer to a NODE_ASN element that you want be pointed */ ++/* by NODE. */ ++/* Return: pointer to *NODE. */ ++/******************************************************************/ ++inline static asn1_node ++_asn1_set_down (asn1_node node, asn1_node down) ++{ ++ if (node == NULL) ++ return node; ++ node->down = down; ++ if (down) ++ down->left = node; ++ return node; ++} ++ ++/******************************************************************/ ++/* Function : _asn1_get_down */ ++/* Description: returns the element pointed by the DOWN field of */ ++/* a NODE_ASN element. */ ++/* Parameters: */ ++/* node: NODE_ASN element pointer. */ ++/* Return: field DOWN of NODE. */ ++/******************************************************************/ ++inline static asn1_node ++_asn1_get_down (asn1_node_const node) ++{ ++ if (node == NULL) ++ return NULL; ++ return node->down; ++} ++ ++/******************************************************************/ ++/* Function : _asn1_get_name */ ++/* Description: returns the name of a NODE_ASN element. */ ++/* Parameters: */ ++/* node: NODE_ASN element pointer. */ ++/* Return: a null terminated string. */ ++/******************************************************************/ ++inline static char * ++_asn1_get_name (asn1_node_const node) ++{ ++ if (node == NULL) ++ return NULL; ++ return (char *) node->name; ++} ++ ++/******************************************************************/ ++/* Function : _asn1_mod_type */ ++/* Description: change the field TYPE of an NODE_ASN element. */ ++/* The new value is the old one | (bitwise or) the */ ++/* paramener VALUE. */ ++/* Parameters: */ ++/* node: NODE_ASN element pointer. */ ++/* value: the integer value that must be or-ed with the current */ ++/* value of field TYPE. */ ++/* Return: NODE pointer. */ ++/******************************************************************/ ++inline static asn1_node ++_asn1_mod_type (asn1_node node, unsigned int value) ++{ ++ if (node == NULL) ++ return node; ++ node->type |= value; ++ return node; ++} ++ ++#endif +diff --git a/grub-core/lib/libtasn1/lib/structure.h b/grub-core/lib/libtasn1/lib/structure.h +new file mode 100644 +index 000000000..99e685da0 +--- /dev/null ++++ b/grub-core/lib/libtasn1/lib/structure.h +@@ -0,0 +1,45 @@ ++/* ++ * Copyright (C) 2002-2014 Free Software Foundation, Inc. ++ * ++ * This file is part of LIBTASN1. ++ * ++ * The LIBTASN1 library is free software; you can redistribute it ++ * and/or modify it under the terms of the GNU Lesser General Public ++ * License as published by the Free Software Foundation; either ++ * version 2.1 of the License, or (at your option) any later version. ++ * ++ * This library is distributed in the hope that it will be useful, but ++ * WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ * Lesser General Public License for more details. ++ * ++ * You should have received a copy of the GNU Lesser General Public ++ * License along with this library; if not, write to the Free Software ++ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA ++ * 02110-1301, USA ++ */ ++ ++/*************************************************/ ++/* File: structure.h */ ++/* Description: list of exported object by */ ++/* "structure.c" */ ++/*************************************************/ ++ ++#ifndef _STRUCTURE_H ++#define _STRUCTURE_H ++ ++#include "parser_aux.h" // list_type ++ ++int _asn1_create_static_structure (asn1_node_const pointer, ++ char *output_file_name, char *vector_name); ++ ++asn1_node _asn1_copy_structure3 (asn1_node_const source_node); ++ ++asn1_node _asn1_add_single_node (unsigned int type); ++ ++asn1_node _asn1_find_left (asn1_node_const node); ++ ++int ++_asn1_delete_structure (list_type *e_list, asn1_node *structure, unsigned int flags); ++ ++#endif +diff --git a/include/grub/libtasn1.h b/include/grub/libtasn1.h +new file mode 100644 +index 000000000..6fd7a30dc +--- /dev/null ++++ b/include/grub/libtasn1.h +@@ -0,0 +1,588 @@ ++/* ++ * Copyright (C) 2002-2014 Free Software Foundation, Inc. ++ * ++ * This file is part of LIBTASN1. ++ * ++ * LIBTASN1 is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU Lesser General Public License as ++ * published by the Free Software Foundation; either version 2.1 of ++ * the License, or (at your option) any later version. ++ * ++ * LIBTASN1 is distributed in the hope that it will be useful, but ++ * WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ * Lesser General Public License for more details. ++ * ++ * You should have received a copy of the GNU Lesser General Public ++ * License along with LIBTASN1; if not, write to the Free Software ++ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA ++ * 02110-1301, USA ++ * ++ */ ++ ++/** ++ * libtasn1:Short_Description: ++ * ++ * GNU ASN.1 library ++ */ ++/** ++ * libtasn1:Long_Description: ++ * ++ * The Libtasn1 library provides Abstract Syntax Notation One (ASN.1, as ++ * specified by the X.680 ITU-T recommendation) parsing and structures ++ * management, and Distinguished Encoding Rules (DER, as per X.690) ++ * encoding and decoding functions. ++ */ ++ ++ ++#ifndef LIBTASN1_H ++#define LIBTASN1_H ++ ++#ifndef ASN1_API ++#if defined ASN1_BUILDING && defined HAVE_VISIBILITY && HAVE_VISIBILITY ++#define ASN1_API __attribute__((__visibility__("default"))) ++#elif defined ASN1_BUILDING && defined _MSC_VER && ! defined ASN1_STATIC ++#define ASN1_API __declspec(dllexport) ++#elif defined _MSC_VER && ! defined ASN1_STATIC ++#define ASN1_API __declspec(dllimport) ++#else ++#define ASN1_API ++#endif ++#endif ++ ++#ifdef __GNUC__ ++# define __LIBTASN1_CONST__ __attribute__((const)) ++# define __LIBTASN1_PURE__ __attribute__((pure)) ++#else ++# define __LIBTASN1_CONST__ ++# define __LIBTASN1_PURE__ ++#endif ++ ++#include ++#include ++#include /* for FILE* */ ++ ++#ifdef __cplusplus ++extern "C" ++{ ++#endif ++ ++/** ++ * ASN1_VERSION: ++ * ++ * Version of the library as a string. ++ */ ++#define ASN1_VERSION "4.16.0" ++ ++/** ++ * ASN1_VERSION_MAJOR: ++ * ++ * Major version number of the library. ++ */ ++#define ASN1_VERSION_MAJOR 4 ++ ++/** ++ * ASN1_VERSION_MINOR: ++ * ++ * Minor version number of the library. ++ */ ++#define ASN1_VERSION_MINOR 16 ++ ++/** ++ * ASN1_VERSION_PATCH: ++ * ++ * Patch version number of the library. ++ */ ++#define ASN1_VERSION_PATCH 0 ++ ++/** ++ * ASN1_VERSION_NUMBER: ++ * ++ * Version number of the library as a number. ++ */ ++#define ASN1_VERSION_NUMBER 0x041000 ++ ++ ++#if defined __GNUC__ && !defined ASN1_INTERNAL_BUILD ++# define _ASN1_GCC_VERSION (__GNUC__ * 10000 + __GNUC_MINOR__ * 100 + __GNUC_PATCHLEVEL__) ++# if _ASN1_GCC_VERSION >= 30100 ++# define _ASN1_GCC_ATTR_DEPRECATED __attribute__ ((__deprecated__)) ++# endif ++#endif ++ ++#ifndef _ASN1_GCC_ATTR_DEPRECATED ++#define _ASN1_GCC_ATTR_DEPRECATED ++#endif ++ ++/*****************************************/ ++/* Errors returned by libtasn1 functions */ ++/*****************************************/ ++#define ASN1_SUCCESS 0 ++#define ASN1_FILE_NOT_FOUND 1 ++#define ASN1_ELEMENT_NOT_FOUND 2 ++#define ASN1_IDENTIFIER_NOT_FOUND 3 ++#define ASN1_DER_ERROR 4 ++#define ASN1_VALUE_NOT_FOUND 5 ++#define ASN1_GENERIC_ERROR 6 ++#define ASN1_VALUE_NOT_VALID 7 ++#define ASN1_TAG_ERROR 8 ++#define ASN1_TAG_IMPLICIT 9 ++#define ASN1_ERROR_TYPE_ANY 10 ++#define ASN1_SYNTAX_ERROR 11 ++#define ASN1_MEM_ERROR 12 ++#define ASN1_MEM_ALLOC_ERROR 13 ++#define ASN1_DER_OVERFLOW 14 ++#define ASN1_NAME_TOO_LONG 15 ++#define ASN1_ARRAY_ERROR 16 ++#define ASN1_ELEMENT_NOT_EMPTY 17 ++#define ASN1_TIME_ENCODING_ERROR 18 ++#define ASN1_RECURSION 19 ++ ++/*************************************/ ++/* Constants used in asn1_visit_tree */ ++/*************************************/ ++#define ASN1_PRINT_NAME 1 ++#define ASN1_PRINT_NAME_TYPE 2 ++#define ASN1_PRINT_NAME_TYPE_VALUE 3 ++#define ASN1_PRINT_ALL 4 ++ ++/*****************************************/ ++/* Constants returned by asn1_read_tag */ ++/*****************************************/ ++#define ASN1_CLASS_UNIVERSAL 0x00 /* old: 1 */ ++#define ASN1_CLASS_APPLICATION 0x40 /* old: 2 */ ++#define ASN1_CLASS_CONTEXT_SPECIFIC 0x80 /* old: 3 */ ++#define ASN1_CLASS_PRIVATE 0xC0 /* old: 4 */ ++#define ASN1_CLASS_STRUCTURED 0x20 ++ ++/*****************************************/ ++/* Constants returned by asn1_read_tag */ ++/*****************************************/ ++#define ASN1_TAG_BOOLEAN 0x01 ++#define ASN1_TAG_INTEGER 0x02 ++#define ASN1_TAG_SEQUENCE 0x10 ++#define ASN1_TAG_SET 0x11 ++#define ASN1_TAG_OCTET_STRING 0x04 ++#define ASN1_TAG_BIT_STRING 0x03 ++#define ASN1_TAG_UTCTime 0x17 ++#define ASN1_TAG_GENERALIZEDTime 0x18 ++#define ASN1_TAG_OBJECT_ID 0x06 ++#define ASN1_TAG_ENUMERATED 0x0A ++#define ASN1_TAG_NULL 0x05 ++#define ASN1_TAG_GENERALSTRING 0x1B ++#define ASN1_TAG_NUMERIC_STRING 0x12 ++#define ASN1_TAG_IA5_STRING 0x16 ++#define ASN1_TAG_TELETEX_STRING 0x14 ++#define ASN1_TAG_PRINTABLE_STRING 0x13 ++#define ASN1_TAG_UNIVERSAL_STRING 0x1C ++#define ASN1_TAG_BMP_STRING 0x1E ++#define ASN1_TAG_UTF8_STRING 0x0C ++#define ASN1_TAG_VISIBLE_STRING 0x1A ++ ++/** ++ * asn1_node: ++ * ++ * Structure definition used for the node of the tree ++ * that represents an ASN.1 DEFINITION. ++ */ ++typedef struct asn1_node_st asn1_node_st; ++ ++typedef asn1_node_st *asn1_node; ++typedef const asn1_node_st *asn1_node_const; ++ ++/** ++ * ASN1_MAX_NAME_SIZE: ++ * ++ * Maximum number of characters of a name ++ * inside a file with ASN1 definitions. ++ */ ++#define ASN1_MAX_NAME_SIZE 64 ++ ++ ++/** ++ * asn1_static_node: ++ * @name: Node name ++ * @type: Node typ ++ * @value: Node value ++ * ++ * For the on-disk format of ASN.1 trees, created by asn1_parser2array(). ++ */ ++struct asn1_static_node_st ++{ ++ const char *name; /* Node name */ ++ unsigned int type; /* Node type */ ++ const void *value; /* Node value */ ++}; ++typedef struct asn1_static_node_st asn1_static_node; ++ ++/* List of constants for field type of node_asn */ ++#define ASN1_ETYPE_INVALID 0 ++#define ASN1_ETYPE_CONSTANT 1 ++#define ASN1_ETYPE_IDENTIFIER 2 ++#define ASN1_ETYPE_INTEGER 3 ++#define ASN1_ETYPE_BOOLEAN 4 ++#define ASN1_ETYPE_SEQUENCE 5 ++#define ASN1_ETYPE_BIT_STRING 6 ++#define ASN1_ETYPE_OCTET_STRING 7 ++#define ASN1_ETYPE_TAG 8 ++#define ASN1_ETYPE_DEFAULT 9 ++#define ASN1_ETYPE_SIZE 10 ++#define ASN1_ETYPE_SEQUENCE_OF 11 ++#define ASN1_ETYPE_OBJECT_ID 12 ++#define ASN1_ETYPE_ANY 13 ++#define ASN1_ETYPE_SET 14 ++#define ASN1_ETYPE_SET_OF 15 ++#define ASN1_ETYPE_DEFINITIONS 16 ++#define ASN1_ETYPE_CHOICE 18 ++#define ASN1_ETYPE_IMPORTS 19 ++#define ASN1_ETYPE_NULL 20 ++#define ASN1_ETYPE_ENUMERATED 21 ++#define ASN1_ETYPE_GENERALSTRING 27 ++#define ASN1_ETYPE_NUMERIC_STRING 28 ++#define ASN1_ETYPE_IA5_STRING 29 ++#define ASN1_ETYPE_TELETEX_STRING 30 ++#define ASN1_ETYPE_PRINTABLE_STRING 31 ++#define ASN1_ETYPE_UNIVERSAL_STRING 32 ++#define ASN1_ETYPE_BMP_STRING 33 ++#define ASN1_ETYPE_UTF8_STRING 34 ++#define ASN1_ETYPE_VISIBLE_STRING 35 ++#define ASN1_ETYPE_UTC_TIME 36 ++#define ASN1_ETYPE_GENERALIZED_TIME 37 ++ ++/** ++ * ASN1_DELETE_FLAG_ZEROIZE: ++ * ++ * Used by: asn1_delete_structure2() ++ * ++ * Zeroize values prior to deinitialization. ++ */ ++#define ASN1_DELETE_FLAG_ZEROIZE 1 ++ ++/** ++ * ASN1_DECODE_FLAG_ALLOW_PADDING: ++ * ++ * Used by: asn1_der_decoding2() ++ * ++ * This flag would allow arbitrary data past the DER data. ++ */ ++#define ASN1_DECODE_FLAG_ALLOW_PADDING 1 ++/** ++ * ASN1_DECODE_FLAG_STRICT_DER: ++ * ++ * Used by: asn1_der_decoding2() ++ * ++ * This flag would ensure that no BER decoding takes place. ++ */ ++#define ASN1_DECODE_FLAG_STRICT_DER (1<<1) ++/** ++ * ASN1_DECODE_FLAG_ALLOW_INCORRECT_TIME: ++ * ++ * Used by: asn1_der_decoding2() ++ * ++ * This flag will tolerate Time encoding errors when in strict DER. ++ */ ++#define ASN1_DECODE_FLAG_ALLOW_INCORRECT_TIME (1<<2) ++ ++ ++/** ++ * asn1_data_node_st: ++ * @name: Node name ++ * @value: Node value ++ * @value_len: Node value size ++ * @type: Node value type (ASN1_ETYPE_*) ++ * ++ * Data node inside a #asn1_node structure. ++ */ ++struct asn1_data_node_st ++{ ++ const char *name; /* Node name */ ++ const void *value; /* Node value */ ++ unsigned int value_len; /* Node value size */ ++ unsigned int type; /* Node value type (ASN1_ETYPE_*) */ ++}; ++typedef struct asn1_data_node_st asn1_data_node_st; ++ ++/***********************************/ ++/* Fixed constants */ ++/***********************************/ ++ ++/** ++ * ASN1_MAX_ERROR_DESCRIPTION_SIZE: ++ * ++ * Maximum number of characters ++ * of a description message ++ * (null character included). ++ */ ++#define ASN1_MAX_ERROR_DESCRIPTION_SIZE 128 ++ ++/***********************************/ ++/* Functions definitions */ ++/***********************************/ ++ ++extern ASN1_API int ++ asn1_parser2tree (const char *file, ++ asn1_node * definitions, char *error_desc); ++ ++extern ASN1_API int ++ asn1_parser2array (const char *inputFileName, ++ const char *outputFileName, ++ const char *vectorName, char *error_desc); ++ ++extern ASN1_API int ++ asn1_array2tree (const asn1_static_node * array, ++ asn1_node * definitions, char *errorDescription); ++ ++extern ASN1_API void ++ asn1_print_structure (FILE * out, asn1_node_const structure, ++ const char *name, int mode); ++ ++extern ASN1_API int ++ asn1_create_element (asn1_node_const definitions, ++ const char *source_name, asn1_node * element); ++ ++extern ASN1_API int asn1_delete_structure (asn1_node * structure); ++ ++extern ASN1_API int asn1_delete_structure2 (asn1_node * structure, unsigned int flags); ++ ++extern ASN1_API int ++ asn1_delete_element (asn1_node structure, const char *element_name); ++ ++extern ASN1_API int ++ asn1_write_value (asn1_node node_root, const char *name, ++ const void *ivalue, int len); ++ ++extern ASN1_API int ++ asn1_read_value (asn1_node_const root, const char *name, ++ void *ivalue, int *len); ++ ++extern ASN1_API int ++ asn1_read_value_type (asn1_node_const root, const char *name, ++ void *ivalue, int *len, unsigned int *etype); ++ ++extern ASN1_API int ++ asn1_read_node_value (asn1_node_const node, asn1_data_node_st * data); ++ ++extern ASN1_API int ++ asn1_number_of_elements (asn1_node_const element, const char *name, int *num); ++ ++extern ASN1_API int ++ asn1_der_coding (asn1_node_const element, const char *name, ++ void *ider, int *len, char *ErrorDescription); ++ ++extern ASN1_API int ++ asn1_der_decoding2 (asn1_node *element, const void *ider, ++ int *max_ider_len, unsigned int flags, ++ char *errorDescription); ++ ++extern ASN1_API int ++ asn1_der_decoding (asn1_node * element, const void *ider, ++ int ider_len, char *errorDescription); ++ ++/* Do not use. Use asn1_der_decoding() instead. */ ++extern ASN1_API int ++ asn1_der_decoding_element (asn1_node * structure, ++ const char *elementName, ++ const void *ider, int len, ++ char *errorDescription) _ASN1_GCC_ATTR_DEPRECATED; ++ ++extern ASN1_API int ++ asn1_der_decoding_startEnd (asn1_node element, ++ const void *ider, int ider_len, ++ const char *name_element, ++ int *start, int *end); ++ ++extern ASN1_API int ++ asn1_expand_any_defined_by (asn1_node_const definitions, asn1_node * element); ++ ++extern ASN1_API int ++ asn1_expand_octet_string (asn1_node_const definitions, ++ asn1_node * element, ++ const char *octetName, const char *objectName); ++ ++extern ASN1_API int ++ asn1_read_tag (asn1_node_const root, const char *name, ++ int *tagValue, int *classValue); ++ ++extern ASN1_API const char *asn1_find_structure_from_oid (asn1_node_const ++ definitions, ++ const char ++ *oidValue); ++ ++__LIBTASN1_PURE__ ++extern ASN1_API const char *asn1_check_version (const char *req_version); ++ ++__LIBTASN1_PURE__ ++extern ASN1_API const char *asn1_strerror (int error); ++ ++extern ASN1_API void asn1_perror (int error); ++ ++#define ASN1_MAX_TAG_SIZE 4 ++#define ASN1_MAX_LENGTH_SIZE 9 ++#define ASN1_MAX_TL_SIZE (ASN1_MAX_TAG_SIZE+ASN1_MAX_LENGTH_SIZE) ++extern ASN1_API long ++ asn1_get_length_der (const unsigned char *der, int der_len, int *len); ++ ++extern ASN1_API long ++ asn1_get_length_ber (const unsigned char *ber, int ber_len, int *len); ++ ++extern ASN1_API void ++ asn1_length_der (unsigned long int len, unsigned char *der, int *der_len); ++ ++/* Other utility functions. */ ++ ++extern ASN1_API ++ int asn1_decode_simple_der (unsigned int etype, const unsigned char *der, ++ unsigned int _der_len, ++ const unsigned char **str, ++ unsigned int *str_len); ++ ++extern ASN1_API ++ int asn1_decode_simple_ber (unsigned int etype, const unsigned char *der, ++ unsigned int _der_len, ++ unsigned char **str, ++ unsigned int *str_len, ++ unsigned int *ber_len); ++ ++extern ASN1_API int ++ asn1_encode_simple_der (unsigned int etype, const unsigned char *str, ++ unsigned int str_len, unsigned char *tl, ++ unsigned int *tl_len); ++ ++extern ASN1_API asn1_node ++ asn1_find_node (asn1_node_const pointer, const char *name); ++ ++extern ASN1_API int ++ asn1_copy_node (asn1_node dst, const char *dst_name, ++ asn1_node_const src, const char *src_name); ++extern ASN1_API asn1_node ++ asn1_dup_node (asn1_node_const src, const char *src_name); ++ ++/* Internal and low-level DER utility functions. */ ++ ++extern ASN1_API int ++ asn1_get_tag_der (const unsigned char *der, int der_len, ++ unsigned char *cls, int *len, unsigned long *tag); ++ ++extern ASN1_API void ++ asn1_octet_der (const unsigned char *str, int str_len, ++ unsigned char *der, int *der_len); ++ ++extern ASN1_API int ++ asn1_get_octet_der (const unsigned char *der, int der_len, ++ int *ret_len, unsigned char *str, ++ int str_size, int *str_len); ++ ++extern ASN1_API void asn1_bit_der (const unsigned char *str, int bit_len, ++ unsigned char *der, int *der_len); ++ ++extern ASN1_API int ++ asn1_get_bit_der (const unsigned char *der, int der_len, ++ int *ret_len, unsigned char *str, ++ int str_size, int *bit_len); ++ ++extern ASN1_API int ++ asn1_get_object_id_der (const unsigned char *der, ++ int der_len, int *ret_len, ++ char *str, int str_size); ++ ++extern ASN1_API int ++ asn1_object_id_der (const char *str, unsigned char *der, int *der_len, ++ unsigned flags); ++ ++/* Compatibility types */ ++ ++/** ++ * asn1_retCode: ++ * ++ * Type formerly returned by libtasn1 functions. ++ * ++ * Deprecated: 3.0: Use int instead. ++ */ ++typedef int asn1_retCode; ++ ++/** ++ * node_asn_struct: ++ * ++ * Compat #define. ++ * ++ * Deprecated: 3.0: Use #asn1_node instead. ++ */ ++#define node_asn_struct asn1_node_st ++ ++/** ++ * node_asn: ++ * ++ * Compat #define. ++ * ++ * Deprecated: 3.0: Use #asn1_node instead. ++ */ ++#define node_asn asn1_node_st ++ ++/** ++ * ASN1_TYPE: ++ * ++ * Compat #define. ++ * ++ * Deprecated: 3.0: Use #asn1_node instead. ++ */ ++#define ASN1_TYPE asn1_node ++ ++/** ++ * ASN1_TYPE_EMPTY: ++ * ++ * Compat #define. ++ * ++ * Deprecated: 3.0: Use NULL instead. ++ */ ++#define ASN1_TYPE_EMPTY NULL ++ ++/** ++ * static_struct_asn: ++ * ++ * Compat #define. ++ * ++ * Deprecated: 3.0: Use #asn1_static_node instead. ++ */ ++#define static_struct_asn asn1_static_node_st ++ ++/** ++ * ASN1_ARRAY_TYPE: ++ * ++ * Compat #define. ++ * ++ * Deprecated: 3.0: Use #asn1_static_node instead. ++ */ ++#define ASN1_ARRAY_TYPE asn1_static_node ++ ++/** ++ * asn1_static_node_t: ++ * ++ * Compat #define. ++ * ++ * Deprecated: 3.0: Use #asn1_static_node instead. ++ */ ++#define asn1_static_node_t asn1_static_node ++ ++/** ++ * node_data_struct: ++ * ++ * Compat #define. ++ * ++ * Deprecated: 3.0: Use #asn1_data_node_st instead. ++ */ ++#define node_data_struct asn1_data_node_st ++ ++/** ++ * ASN1_DATA_NODE: ++ * ++ * Compat #define. ++ * ++ * Deprecated: 3.0: Use #asn1_data_node_st instead. ++ */ ++#define ASN1_DATA_NODE asn1_data_node_st ++ ++#ifdef __cplusplus ++} ++#endif ++ ++#endif /* LIBTASN1_H */ +diff --git a/grub-core/lib/libtasn1/LICENSE b/grub-core/lib/libtasn1/LICENSE +new file mode 100644 +index 000000000..e8b3628db +--- /dev/null ++++ b/grub-core/lib/libtasn1/LICENSE +@@ -0,0 +1,16 @@ ++LICENSING ++========= ++ ++The libtasn1 library is released under the GNU Lesser General Public ++License (LGPL) version 2.1 or later; see [COPYING.LESSER](doc/COPYING.LESSER) ++for the license terms. ++ ++The GNU LGPL applies to the main libtasn1 library, while the ++included applications library are under the GNU GPL version 3. ++The libtasn1 library is located in the lib directory, while the applications ++in src/. ++ ++The documentation in doc/ is under the GNU FDL license 1.3. ++ ++For any copyright year range specified as YYYY-ZZZZ in this package ++note that the range specifies every single year in that closed interval. +diff --git a/grub-core/lib/libtasn1/README.md b/grub-core/lib/libtasn1/README.md +new file mode 100644 +index 000000000..50a864229 +--- /dev/null ++++ b/grub-core/lib/libtasn1/README.md +@@ -0,0 +1,91 @@ ++|Branch|CI system|Status| ++|:----:|:-------:|-----:| ++|Master|Gitlab|[![build status](https://gitlab.com/gnutls/libtasn1/badges/master/pipeline.svg)](https://gitlab.com/gnutls/libtasn1/commits/master)[![coverage report](https://gitlab.com/gnutls/libtasn1/badges/master/coverage.svg)](https://gnutls.gitlab.io/libtasn1/coverage)| ++ ++# libtasn1 ++ ++This is GNU Libtasn1, a small ASN.1 library. ++ ++The C library (libtasn1.*) is licensed under the GNU Lesser General ++Public License version 2.1 or later. See the file COPYING.LIB. ++ ++The command line tool, self tests, examples, and other auxilliary ++files, are licensed under the GNU General Public License version 3.0 ++or later. See the file COPYING. ++ ++## Building the library ++ ++We require several tools to build the software, including: ++ ++* [Make](https://www.gnu.org/software/make/) ++* [Automake](https://www.gnu.org/software/automake/) (use 1.11.3 or later) ++* [Autoconf](https://www.gnu.org/software/autoconf/) ++* [Libtool](https://www.gnu.org/software/libtool/) ++* [Texinfo](https://www.gnu.org/software/texinfo/) ++* [help2man](http://www.gnu.org/software/help2man/) ++* [Tar](https://www.gnu.org/software/tar/) ++* [Gzip](https://www.gnu.org/software/gzip/) ++* [bison](https://www.gnu.org/software/bison/) ++* [Texlive & epsf](https://www.tug.org/texlive/) (for PDF manual) ++* [GTK-DOC](https://www.gtk.org/gtk-doc/) (for API manual) ++* [Git](https://git-scm.com/) ++* [libabigail](https://pagure.io/libabigail/) (for abi comparison in make dist) ++* [Valgrind](https://valgrind.org/) (optional) ++ ++The required software is typically distributed with your operating ++system, and the instructions for installing them differ. Here are ++some hints: ++ ++gNewSense/Debian/Ubuntu: ++``` ++sudo apt-get install make git-core autoconf automake libtool ++sudo apt-get install texinfo texlive texlive-generic-recommended texlive-extra-utils ++sudo apt-get install help2man gtk-doc-tools valgrind abigail-tools ++``` ++ ++The next step is to run autoreconf, ./configure, etc: ++ ++``` ++$ ./bootstrap ++``` ++ ++Then build the project normally: ++ ++``` ++$ make ++$ make check ++``` ++ ++Happy hacking! ++ ++ ++## Manual ++ ++The manual is in the `doc/` directory of the release. You can also browse ++the manual online at: ++ ++ - https://gnutls.gitlab.io/libtasn1/ ++ ++ ++## Code coverage report ++ ++The coverage report is at: ++ ++ - https://gnutls.gitlab.io/libtasn1/coverage ++ ++ ++## Issue trackers ++ ++ - [Main issue tracker](https://gitlab.com/gnutls/libtasn1/issues) ++ - [oss-fuzz found issues](https://bugs.chromium.org/p/oss-fuzz/issues/list?q=libtasn1&can=2) ++ ++ ++## Homepage ++ ++The project homepage at the gnu site is at: ++ ++http://www.gnu.org/software/libtasn1/ ++ ++ ++For any copyright year range specified as YYYY-ZZZZ in this package ++note that the range specifies every single year in that closed interval. diff --git a/SOURCES/0360-libtasn1-disable-code-not-needed-in-grub.patch b/SOURCES/0360-libtasn1-disable-code-not-needed-in-grub.patch new file mode 100644 index 0000000..082cdb9 --- /dev/null +++ b/SOURCES/0360-libtasn1-disable-code-not-needed-in-grub.patch @@ -0,0 +1,307 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Fri, 1 May 2020 17:12:23 +1000 +Subject: [PATCH] libtasn1: disable code not needed in grub + +We don't expect to be able to write ASN.1, only read it, +so we can disable some code. + +Do that with #if 0/#endif, rather than deletion. This means +that the difference between upstream and grub is smaller, +which should make updating libtasn1 easier in the future. + +With these exclusions we also avoid the need for minmax.h, +which is convenient because it means we don't have to +import it from gnulib. + +Signed-off-by: Daniel Axtens +--- + grub-core/lib/libtasn1/lib/coding.c | 12 ++++++++++-- + grub-core/lib/libtasn1/lib/decoding.c | 2 ++ + grub-core/lib/libtasn1/lib/element.c | 4 ++-- + grub-core/lib/libtasn1/lib/errors.c | 3 +++ + grub-core/lib/libtasn1/lib/structure.c | 10 ++++++---- + include/grub/libtasn1.h | 15 +++++++++++++++ + 6 files changed, 38 insertions(+), 8 deletions(-) + +diff --git a/grub-core/lib/libtasn1/lib/coding.c b/grub-core/lib/libtasn1/lib/coding.c +index 245ea64cf..52def5983 100644 +--- a/grub-core/lib/libtasn1/lib/coding.c ++++ b/grub-core/lib/libtasn1/lib/coding.c +@@ -30,11 +30,11 @@ + #include "parser_aux.h" + #include + #include "element.h" +-#include "minmax.h" + #include + + #define MAX_TAG_LEN 16 + ++#if 0 + /******************************************************/ + /* Function : _asn1_error_description_value_not_found */ + /* Description: creates the ErrorDescription string */ +@@ -58,6 +58,7 @@ _asn1_error_description_value_not_found (asn1_node node, + Estrcat (ErrorDescription, "' not found"); + + } ++#endif + + /** + * asn1_length_der: +@@ -244,6 +245,7 @@ asn1_encode_simple_der (unsigned int etype, const unsigned char *str, + return ASN1_SUCCESS; + } + ++#if 0 + /******************************************************/ + /* Function : _asn1_time_der */ + /* Description: creates the DER coding for a TIME */ +@@ -281,7 +283,7 @@ _asn1_time_der (unsigned char *str, int str_len, unsigned char *der, + + return ASN1_SUCCESS; + } +- ++#endif + + /* + void +@@ -520,6 +522,7 @@ asn1_bit_der (const unsigned char *str, int bit_len, + } + + ++#if 0 + /******************************************************/ + /* Function : _asn1_complete_explicit_tag */ + /* Description: add the length coding to the EXPLICIT */ +@@ -596,6 +599,7 @@ _asn1_complete_explicit_tag (asn1_node node, unsigned char *der, + + return ASN1_SUCCESS; + } ++#endif + + const tag_and_class_st _asn1_tags[] = { + [ASN1_ETYPE_GENERALSTRING] = +@@ -648,6 +652,8 @@ const tag_and_class_st _asn1_tags[] = { + + unsigned int _asn1_tags_size = sizeof (_asn1_tags) / sizeof (_asn1_tags[0]); + ++ ++#if 0 + /******************************************************/ + /* Function : _asn1_insert_tag_der */ + /* Description: creates the DER coding of tags of one */ +@@ -1413,3 +1419,5 @@ error: + asn1_delete_structure (&node); + return err; + } ++ ++#endif +\ No newline at end of file +diff --git a/grub-core/lib/libtasn1/lib/decoding.c b/grub-core/lib/libtasn1/lib/decoding.c +index ff04eb778..42f9a92b5 100644 +--- a/grub-core/lib/libtasn1/lib/decoding.c ++++ b/grub-core/lib/libtasn1/lib/decoding.c +@@ -1613,6 +1613,7 @@ asn1_der_decoding (asn1_node * element, const void *ider, int ider_len, + return asn1_der_decoding2 (element, ider, &ider_len, 0, errorDescription); + } + ++#if 0 + /** + * asn1_der_decoding_element: + * @structure: pointer to an ASN1 structure +@@ -1643,6 +1644,7 @@ asn1_der_decoding_element (asn1_node * structure, const char *elementName, + { + return asn1_der_decoding(structure, ider, len, errorDescription); + } ++#endif + + /** + * asn1_der_decoding_startEnd: +diff --git a/grub-core/lib/libtasn1/lib/element.c b/grub-core/lib/libtasn1/lib/element.c +index 997eb2725..539008d8e 100644 +--- a/grub-core/lib/libtasn1/lib/element.c ++++ b/grub-core/lib/libtasn1/lib/element.c +@@ -191,7 +191,7 @@ _asn1_append_sequence_set (asn1_node node, struct node_tail_cache_st *pcache) + return ASN1_SUCCESS; + } + +- ++#if 0 + /** + * asn1_write_value: + * @node_root: pointer to a structure +@@ -645,7 +645,7 @@ asn1_write_value (asn1_node node_root, const char *name, + + return ASN1_SUCCESS; + } +- ++#endif + + #define PUT_VALUE( ptr, ptr_size, data, data_size) \ + *len = data_size; \ +diff --git a/grub-core/lib/libtasn1/lib/errors.c b/grub-core/lib/libtasn1/lib/errors.c +index cee74daf7..42785e862 100644 +--- a/grub-core/lib/libtasn1/lib/errors.c ++++ b/grub-core/lib/libtasn1/lib/errors.c +@@ -57,6 +57,8 @@ static const libtasn1_error_entry error_algorithms[] = { + {0, 0} + }; + ++ ++#if 0 + /** + * asn1_perror: + * @error: is an error returned by a libtasn1 function. +@@ -73,6 +75,7 @@ asn1_perror (int error) + const char *str = asn1_strerror (error); + fprintf (stderr, "LIBTASN1 ERROR: %s\n", str ? str : "(null)"); + } ++#endif + + /** + * asn1_strerror: +diff --git a/grub-core/lib/libtasn1/lib/structure.c b/grub-core/lib/libtasn1/lib/structure.c +index 8189c56a4..fcfde01a3 100644 +--- a/grub-core/lib/libtasn1/lib/structure.c ++++ b/grub-core/lib/libtasn1/lib/structure.c +@@ -76,7 +76,7 @@ _asn1_find_left (asn1_node_const node) + return node->left; + } + +- ++#if 0 + int + _asn1_create_static_structure (asn1_node_const pointer, char *output_file_name, + char *vector_name) +@@ -155,7 +155,7 @@ _asn1_create_static_structure (asn1_node_const pointer, char *output_file_name, + + return ASN1_SUCCESS; + } +- ++#endif + + /** + * asn1_array2tree: +@@ -718,7 +718,7 @@ asn1_create_element (asn1_node_const definitions, const char *source_name, + return res; + } + +- ++#if 0 + /** + * asn1_print_structure: + * @out: pointer to the output file (e.g. stdout). +@@ -1058,7 +1058,7 @@ asn1_print_structure (FILE * out, asn1_node_const structure, const char *name, + } + } + } +- ++#endif + + + /** +@@ -1153,6 +1153,7 @@ asn1_find_structure_from_oid (asn1_node_const definitions, const char *oidValue) + return NULL; /* ASN1_ELEMENT_NOT_FOUND; */ + } + ++#if 0 + /** + * asn1_copy_node: + * @dst: Destination asn1 node. +@@ -1202,6 +1203,7 @@ asn1_copy_node (asn1_node dst, const char *dst_name, + + return result; + } ++#endif + + /** + * asn1_dup_node: +diff --git a/include/grub/libtasn1.h b/include/grub/libtasn1.h +index 6fd7a30dc..785eda2ae 100644 +--- a/include/grub/libtasn1.h ++++ b/include/grub/libtasn1.h +@@ -319,6 +319,8 @@ typedef struct asn1_data_node_st asn1_data_node_st; + /* Functions definitions */ + /***********************************/ + ++/* These functions are not used in grub and should not be referenced. */ ++#if 0 + extern ASN1_API int + asn1_parser2tree (const char *file, + asn1_node * definitions, char *error_desc); +@@ -327,14 +329,17 @@ extern ASN1_API int + asn1_parser2array (const char *inputFileName, + const char *outputFileName, + const char *vectorName, char *error_desc); ++#endif + + extern ASN1_API int + asn1_array2tree (const asn1_static_node * array, + asn1_node * definitions, char *errorDescription); + ++#if 0 + extern ASN1_API void + asn1_print_structure (FILE * out, asn1_node_const structure, + const char *name, int mode); ++#endif + + extern ASN1_API int + asn1_create_element (asn1_node_const definitions, +@@ -347,9 +352,11 @@ extern ASN1_API int asn1_delete_structure2 (asn1_node * structure, unsigned int + extern ASN1_API int + asn1_delete_element (asn1_node structure, const char *element_name); + ++#if 0 + extern ASN1_API int + asn1_write_value (asn1_node node_root, const char *name, + const void *ivalue, int len); ++#endif + + extern ASN1_API int + asn1_read_value (asn1_node_const root, const char *name, +@@ -365,9 +372,11 @@ extern ASN1_API int + extern ASN1_API int + asn1_number_of_elements (asn1_node_const element, const char *name, int *num); + ++#if 0 + extern ASN1_API int + asn1_der_coding (asn1_node_const element, const char *name, + void *ider, int *len, char *ErrorDescription); ++#endif + + extern ASN1_API int + asn1_der_decoding2 (asn1_node *element, const void *ider, +@@ -378,12 +387,14 @@ extern ASN1_API int + asn1_der_decoding (asn1_node * element, const void *ider, + int ider_len, char *errorDescription); + ++#if 0 + /* Do not use. Use asn1_der_decoding() instead. */ + extern ASN1_API int + asn1_der_decoding_element (asn1_node * structure, + const char *elementName, + const void *ider, int len, + char *errorDescription) _ASN1_GCC_ATTR_DEPRECATED; ++#endif + + extern ASN1_API int + asn1_der_decoding_startEnd (asn1_node element, +@@ -408,13 +419,17 @@ extern ASN1_API const char *asn1_find_structure_from_oid (asn1_node_const + const char + *oidValue); + ++#if 0 + __LIBTASN1_PURE__ + extern ASN1_API const char *asn1_check_version (const char *req_version); ++#endif + + __LIBTASN1_PURE__ + extern ASN1_API const char *asn1_strerror (int error); + ++#if 0 + extern ASN1_API void asn1_perror (int error); ++#endif + + #define ASN1_MAX_TAG_SIZE 4 + #define ASN1_MAX_LENGTH_SIZE 9 diff --git a/SOURCES/0361-libtasn1-changes-for-grub-compatibility.patch b/SOURCES/0361-libtasn1-changes-for-grub-compatibility.patch new file mode 100644 index 0000000..35ceb56 --- /dev/null +++ b/SOURCES/0361-libtasn1-changes-for-grub-compatibility.patch @@ -0,0 +1,202 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Fri, 1 May 2020 20:44:29 +1000 +Subject: [PATCH] libtasn1: changes for grub compatibility + +Do a few things to make libtasn1 compile as part of grub: + + - replace strcat. grub removed strcat so replace it with the appropriate + calls to memcpy and strlen. + + - replace c_isdigit with grub_isdigit (and don't import c-ctype from + gnulib) grub_isdigit provides the same functionality as c_isdigit: it + determines if the input is an ASCII digit without regard for locale. + + - replace GL_ATTRIBUTE_PURE with __attribute__((pure)) which been + supported since gcc-2.96. This avoids messing around with gnulib. + + - adjust libtasn1.h: drop the ASN1_API logic, it's not needed for our + modules. Unconditionally support const and pure attributes and adjust + header paths. + + - adjust header paths to "grub/libtasn1.h". + + - replace a 64 bit division with a call to grub_divmod64, preventing + creation of __udivdi3 calls on 32 bit platforms. + +Signed-off-by: Daniel Axtens +--- + grub-core/lib/libtasn1/lib/decoding.c | 11 ++++++----- + grub-core/lib/libtasn1/lib/element.c | 3 ++- + grub-core/lib/libtasn1/lib/gstr.c | 4 ++-- + grub-core/lib/libtasn1/lib/parser_aux.c | 7 ++++--- + grub-core/lib/libtasn1/lib/int.h | 4 ++-- + include/grub/libtasn1.h | 26 ++++++-------------------- + 6 files changed, 22 insertions(+), 33 deletions(-) + +diff --git a/grub-core/lib/libtasn1/lib/decoding.c b/grub-core/lib/libtasn1/lib/decoding.c +index 42f9a92b5..7856858b2 100644 +--- a/grub-core/lib/libtasn1/lib/decoding.c ++++ b/grub-core/lib/libtasn1/lib/decoding.c +@@ -32,7 +32,8 @@ + #include + #include + #include +-#include ++ ++#define c_isdigit grub_isdigit + + #ifdef DEBUG + # define warn() fprintf(stderr, "%s: %d\n", __func__, __LINE__) +@@ -2008,8 +2009,8 @@ asn1_expand_octet_string (asn1_node_const definitions, asn1_node * element, + (p2->type & CONST_ASSIGN)) + { + strcpy (name, definitions->name); +- strcat (name, "."); +- strcat (name, p2->name); ++ memcpy (name + strlen(name), ".", sizeof(" . ")); ++ memcpy (name + strlen(name), p2->name, strlen(p2->name) + 1); + + len = sizeof (value); + result = asn1_read_value (definitions, name, value, &len); +@@ -2026,8 +2027,8 @@ asn1_expand_octet_string (asn1_node_const definitions, asn1_node * element, + if (p2) + { + strcpy (name, definitions->name); +- strcat (name, "."); +- strcat (name, p2->name); ++ memcpy (name + strlen(name), ".", sizeof(" . ")); ++ memcpy (name + strlen(name), p2->name, strlen(p2->name) + 1); + + result = asn1_create_element (definitions, name, &aux); + if (result == ASN1_SUCCESS) +diff --git a/grub-core/lib/libtasn1/lib/element.c b/grub-core/lib/libtasn1/lib/element.c +index 539008d8e..ed761ff56 100644 +--- a/grub-core/lib/libtasn1/lib/element.c ++++ b/grub-core/lib/libtasn1/lib/element.c +@@ -30,9 +30,10 @@ + #include "parser_aux.h" + #include + #include "structure.h" +-#include "c-ctype.h" + #include "element.h" + ++#define c_isdigit grub_isdigit ++ + void + _asn1_hierarchical_name (asn1_node_const node, char *name, int name_size) + { +diff --git a/grub-core/lib/libtasn1/lib/gstr.c b/grub-core/lib/libtasn1/lib/gstr.c +index e91a3a151..e33875c2c 100644 +--- a/grub-core/lib/libtasn1/lib/gstr.c ++++ b/grub-core/lib/libtasn1/lib/gstr.c +@@ -36,13 +36,13 @@ _asn1_str_cat (char *dest, size_t dest_tot_size, const char *src) + + if (dest_tot_size - dest_size > str_size) + { +- strcat (dest, src); ++ memcpy (dest + dest_size, src, str_size + 1); + } + else + { + if (dest_tot_size - dest_size > 0) + { +- strncat (dest, src, (dest_tot_size - dest_size) - 1); ++ memcpy (dest + dest_size, src, (dest_tot_size - dest_size) - 1); + dest[dest_tot_size - 1] = 0; + } + } +diff --git a/grub-core/lib/libtasn1/lib/parser_aux.c b/grub-core/lib/libtasn1/lib/parser_aux.c +index d5dbbf876..89c9be69d 100644 +--- a/grub-core/lib/libtasn1/lib/parser_aux.c ++++ b/grub-core/lib/libtasn1/lib/parser_aux.c +@@ -26,7 +26,8 @@ + #include "gstr.h" + #include "structure.h" + #include "element.h" +-#include "c-ctype.h" ++ ++#define c_isdigit grub_isdigit + + char _asn1_identifierMissing[ASN1_MAX_NAME_SIZE + 1]; /* identifier name not found */ + +@@ -40,7 +41,7 @@ char _asn1_identifierMissing[ASN1_MAX_NAME_SIZE + 1]; /* identifier name not fou + #ifdef __clang__ + __attribute__((no_sanitize("integer"))) + #endif +-_GL_ATTRIBUTE_PURE ++__attribute__((__pure__)) + static unsigned int + _asn1_hash_name (const char *x) + { +@@ -634,7 +635,7 @@ _asn1_ltostr (int64_t v, char str[LTOSTR_MAX_SIZE]) + count = 0; + do + { +- d = val / 10; ++ d = grub_divmod64(val, 10, NULL); + r = val - d * 10; + temp[start + count] = '0' + (char) r; + count++; +diff --git a/grub-core/lib/libtasn1/lib/int.h b/grub-core/lib/libtasn1/lib/int.h +index ea1625786..4a568efee 100644 +--- a/grub-core/lib/libtasn1/lib/int.h ++++ b/grub-core/lib/libtasn1/lib/int.h +@@ -35,7 +35,7 @@ + #include + #endif + +-#include ++#include "grub/libtasn1.h" + + #define ASN1_SMALL_VALUE_SIZE 16 + +@@ -115,7 +115,7 @@ extern const tag_and_class_st _asn1_tags[]; + #define _asn1_strtoul(n,e,b) strtoul((const char *) n, e, b) + #define _asn1_strcmp(a,b) strcmp((const char *)a, (const char *)b) + #define _asn1_strcpy(a,b) strcpy((char *)a, (const char *)b) +-#define _asn1_strcat(a,b) strcat((char *)a, (const char *)b) ++#define _asn1_strcat(a,b) memcpy((char *)a + strlen((const char *)a), (const char *)b, strlen((const char *)b) + 1) + + #if SIZEOF_UNSIGNED_LONG_INT == 8 + # define _asn1_strtou64(n,e,b) strtoul((const char *) n, e, b) +diff --git a/include/grub/libtasn1.h b/include/grub/libtasn1.h +index 785eda2ae..28dbf16c4 100644 +--- a/include/grub/libtasn1.h ++++ b/include/grub/libtasn1.h +@@ -38,29 +38,15 @@ + #ifndef LIBTASN1_H + #define LIBTASN1_H + +-#ifndef ASN1_API +-#if defined ASN1_BUILDING && defined HAVE_VISIBILITY && HAVE_VISIBILITY +-#define ASN1_API __attribute__((__visibility__("default"))) +-#elif defined ASN1_BUILDING && defined _MSC_VER && ! defined ASN1_STATIC +-#define ASN1_API __declspec(dllexport) +-#elif defined _MSC_VER && ! defined ASN1_STATIC +-#define ASN1_API __declspec(dllimport) +-#else ++/* grub: ASN1_API is not used */ + #define ASN1_API +-#endif +-#endif + +-#ifdef __GNUC__ +-# define __LIBTASN1_CONST__ __attribute__((const)) +-# define __LIBTASN1_PURE__ __attribute__((pure)) +-#else +-# define __LIBTASN1_CONST__ +-# define __LIBTASN1_PURE__ +-#endif ++/* grub: all our supported compilers support these attributes */ ++#define __LIBTASN1_CONST__ __attribute__((const)) ++#define __LIBTASN1_PURE__ __attribute__((pure)) + +-#include +-#include +-#include /* for FILE* */ ++#include ++#include + + #ifdef __cplusplus + extern "C" diff --git a/SOURCES/0362-libtasn1-compile-into-asn1-module.patch b/SOURCES/0362-libtasn1-compile-into-asn1-module.patch new file mode 100644 index 0000000..7aa35f5 --- /dev/null +++ b/SOURCES/0362-libtasn1-compile-into-asn1-module.patch @@ -0,0 +1,70 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Fri, 5 Jun 2020 17:47:25 +1000 +Subject: [PATCH] libtasn1: compile into asn1 module + +Create a wrapper file that specifies the module license. +Set up the makefile so it is built. + +Signed-off-by: Daniel Axtens +--- + grub-core/Makefile.core.def | 15 +++++++++++++++ + grub-core/lib/libtasn1_wrap/wrap.c | 26 ++++++++++++++++++++++++++ + 2 files changed, 41 insertions(+) + create mode 100644 grub-core/lib/libtasn1_wrap/wrap.c + +diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def +index 99615c07b..c2d922e6d 100644 +--- a/grub-core/Makefile.core.def ++++ b/grub-core/Makefile.core.def +@@ -2436,3 +2436,18 @@ module = { + common = loader/i386/xen_file64.c; + extra_dist = loader/i386/xen_fileXX.c; + }; ++ ++module = { ++ name = asn1; ++ common = lib/libtasn1/lib/decoding.c; ++ common = lib/libtasn1/lib/coding.c; ++ common = lib/libtasn1/lib/element.c; ++ common = lib/libtasn1/lib/structure.c; ++ common = lib/libtasn1/lib/parser_aux.c; ++ common = lib/libtasn1/lib/gstr.c; ++ common = lib/libtasn1/lib/errors.c; ++ common = lib/libtasn1_wrap/wrap.c; ++ cflags = '$(CFLAGS_POSIX) $(CFLAGS_GNULIB)'; ++ // -Wno-type-limits comes from libtasn1's configure.ac ++ cppflags = '$(CPPFLAGS_POSIX) $(CPPFLAGS_GNULIB) -I$(srcdir)/lib/libtasn1/lib -Wno-type-limits'; ++}; +diff --git a/grub-core/lib/libtasn1_wrap/wrap.c b/grub-core/lib/libtasn1_wrap/wrap.c +new file mode 100644 +index 000000000..622ba942e +--- /dev/null ++++ b/grub-core/lib/libtasn1_wrap/wrap.c +@@ -0,0 +1,26 @@ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2020 IBM Corporation ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ */ ++ ++#include ++ ++/* ++ * libtasn1 is provided under LGPL2.1+, which is compatible ++ * with GPL3+. As Grub as a whole is under GPL3+, this module ++ * is therefore under GPL3+ also. ++ */ ++GRUB_MOD_LICENSE ("GPLv3+"); diff --git a/SOURCES/0363-test_asn1-test-module-for-libtasn1.patch b/SOURCES/0363-test_asn1-test-module-for-libtasn1.patch new file mode 100644 index 0000000..416580d --- /dev/null +++ b/SOURCES/0363-test_asn1-test-module-for-libtasn1.patch @@ -0,0 +1,1455 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Wed, 10 Jun 2020 17:48:42 +1000 +Subject: [PATCH] test_asn1: test module for libtasn1 + +Import tests from libtasn1 that don't use functionality we don't +import. I have put them here rather than in the libtasn1 directory +because: + + - They need much more significant changes to run in the grub + context. + + - I don't expect they will need to be changed when updating + libtasn1: I expect the old tests will usually continue to pass on + new versions. + +This doesn't test the full decoder but that will be exercised in +test suites for coming patch sets. + +Signed-off-by: Daniel Axtens +--- + Makefile.util.def | 6 + + grub-core/Makefile.core.def | 13 ++ + .../lib/libtasn1_wrap/tests/CVE-2018-1000654.c | 61 ++++++ + grub-core/lib/libtasn1_wrap/tests/Test_overflow.c | 138 ++++++++++++++ + grub-core/lib/libtasn1_wrap/tests/Test_simple.c | 207 ++++++++++++++++++++ + grub-core/lib/libtasn1_wrap/tests/Test_strings.c | 150 +++++++++++++++ + .../lib/libtasn1_wrap/tests/object-id-decoding.c | 116 +++++++++++ + .../lib/libtasn1_wrap/tests/object-id-encoding.c | 120 ++++++++++++ + grub-core/lib/libtasn1_wrap/tests/octet-string.c | 211 +++++++++++++++++++++ + grub-core/lib/libtasn1_wrap/tests/reproducers.c | 81 ++++++++ + grub-core/lib/libtasn1_wrap/wrap_tests.c | 75 ++++++++ + .../tests/CVE-2018-1000654-1_asn1_tab.h | 32 ++++ + .../tests/CVE-2018-1000654-2_asn1_tab.h | 36 ++++ + grub-core/lib/libtasn1_wrap/wrap_tests.h | 38 ++++ + .gitignore | 1 + + tests/test_asn1.in | 12 ++ + 16 files changed, 1297 insertions(+) + create mode 100644 grub-core/lib/libtasn1_wrap/tests/CVE-2018-1000654.c + create mode 100644 grub-core/lib/libtasn1_wrap/tests/Test_overflow.c + create mode 100644 grub-core/lib/libtasn1_wrap/tests/Test_simple.c + create mode 100644 grub-core/lib/libtasn1_wrap/tests/Test_strings.c + create mode 100644 grub-core/lib/libtasn1_wrap/tests/object-id-decoding.c + create mode 100644 grub-core/lib/libtasn1_wrap/tests/object-id-encoding.c + create mode 100644 grub-core/lib/libtasn1_wrap/tests/octet-string.c + create mode 100644 grub-core/lib/libtasn1_wrap/tests/reproducers.c + create mode 100644 grub-core/lib/libtasn1_wrap/wrap_tests.c + create mode 100644 grub-core/lib/libtasn1_wrap/tests/CVE-2018-1000654-1_asn1_tab.h + create mode 100644 grub-core/lib/libtasn1_wrap/tests/CVE-2018-1000654-2_asn1_tab.h + create mode 100644 grub-core/lib/libtasn1_wrap/wrap_tests.h + create mode 100644 tests/test_asn1.in + +diff --git a/Makefile.util.def b/Makefile.util.def +index 5062a0e50..3987d4cda 100644 +--- a/Makefile.util.def ++++ b/Makefile.util.def +@@ -1275,6 +1275,12 @@ script = { + common = tests/syslinux_test.in; + }; + ++script = { ++ testcase; ++ name = test_asn1; ++ common = tests/test_asn1.in; ++}; ++ + program = { + testcase; + name = example_unit_test; +diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def +index c2d922e6d..fd1229c63 100644 +--- a/grub-core/Makefile.core.def ++++ b/grub-core/Makefile.core.def +@@ -2451,3 +2451,16 @@ module = { + // -Wno-type-limits comes from libtasn1's configure.ac + cppflags = '$(CPPFLAGS_POSIX) $(CPPFLAGS_GNULIB) -I$(srcdir)/lib/libtasn1/lib -Wno-type-limits'; + }; ++ ++module = { ++ name = test_asn1; ++ common = lib/libtasn1_wrap/tests/CVE-2018-1000654.c; ++ common = lib/libtasn1_wrap/tests/object-id-decoding.c; ++ common = lib/libtasn1_wrap/tests/object-id-encoding.c; ++ common = lib/libtasn1_wrap/tests/octet-string.c; ++ common = lib/libtasn1_wrap/tests/reproducers.c; ++ common = lib/libtasn1_wrap/tests/Test_overflow.c; ++ common = lib/libtasn1_wrap/tests/Test_simple.c; ++ common = lib/libtasn1_wrap/tests/Test_strings.c; ++ common = lib/libtasn1_wrap/wrap_tests.c; ++}; +diff --git a/grub-core/lib/libtasn1_wrap/tests/CVE-2018-1000654.c b/grub-core/lib/libtasn1_wrap/tests/CVE-2018-1000654.c +new file mode 100644 +index 000000000..534e30452 +--- /dev/null ++++ b/grub-core/lib/libtasn1_wrap/tests/CVE-2018-1000654.c +@@ -0,0 +1,61 @@ ++/* ++ * Copyright (C) 2002-2018 Free Software Foundation, Inc. ++ * ++ * This file is part of LIBTASN1. ++ * ++ * This program is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * This program is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with this program. If not, see . ++ * ++ */ ++ ++/****************************************************************/ ++/* Description: reproducer for CVE-2018-1000654 */ ++/****************************************************************/ ++ ++#include ++#include ++#include ++#include ++#include ++#include "../wrap_tests.h" ++ ++#include "CVE-2018-1000654-1_asn1_tab.h" ++#include "CVE-2018-1000654-2_asn1_tab.h" ++ ++void ++test_CVE_2018_1000654 (void) ++{ ++ int result; ++ asn1_node definitions = NULL; ++ char errorDescription[ASN1_MAX_ERROR_DESCRIPTION_SIZE]; ++ ++ result = asn1_array2tree (CVE_2018_1000654_1_asn1_tab, &definitions, errorDescription); ++ if (result != ASN1_RECURSION) ++ { ++ grub_fatal ("Error: %s\nErrorDescription = %s\n\n", ++ asn1_strerror (result), errorDescription); ++ return; ++ } ++ ++ asn1_delete_structure (&definitions); ++ ++ result = asn1_array2tree (CVE_2018_1000654_2_asn1_tab, &definitions, errorDescription); ++ if (result != ASN1_RECURSION) ++ { ++ grub_fatal ("Error: %s\nErrorDescription = %s\n\n", ++ asn1_strerror (result), errorDescription); ++ return; ++ } ++ ++ asn1_delete_structure (&definitions); ++} +diff --git a/grub-core/lib/libtasn1_wrap/tests/Test_overflow.c b/grub-core/lib/libtasn1_wrap/tests/Test_overflow.c +new file mode 100644 +index 000000000..f48aea0ef +--- /dev/null ++++ b/grub-core/lib/libtasn1_wrap/tests/Test_overflow.c +@@ -0,0 +1,138 @@ ++/* ++ * Copyright (C) 2012-2014 Free Software Foundation, Inc. ++ * ++ * This file is part of LIBTASN1. ++ * ++ * This program is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * This program is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with this program. If not, see . ++ * ++ */ ++ ++/* Written by Simon Josefsson */ ++ ++#include ++#include ++#include ++#include ++#include ++#include "../wrap_tests.h" ++ ++void ++test_overflow(void) ++{ ++ /* Test that values larger than long are rejected. This has worked ++ fine with all versions of libtasn1. */ ++ ++ { ++ unsigned char der[] = "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF"; ++ long l; ++ int len; ++ ++ l = asn1_get_length_der (der, sizeof der, &len); ++ ++ if (l != -2L) ++ { ++ grub_fatal ("ERROR: asn1_get_length_der bignum (l %ld len %d)\n", l, len); ++ return; ++ } ++ } ++ ++ /* Test that values larger than int but smaller than long are ++ rejected. This limitation was introduced with libtasn1 2.12. */ ++#if (GRUB_LONG_MAX > GRUB_INT_MAX) ++ { ++ unsigned long num = ((long) GRUB_UINT_MAX) << 2; ++ unsigned char der[20]; ++ int der_len; ++ long l; ++ int len; ++ ++ asn1_length_der (num, der, &der_len); ++ ++ l = asn1_get_length_der (der, der_len, &len); ++ ++ if (l != -2L) ++ { ++ grub_fatal ("ERROR: asn1_get_length_der intnum (l %ld len %d)\n", l, ++ len); ++ return; ++ } ++ } ++#endif ++ ++ /* Test that values larger than would fit in the input string are ++ rejected. This problem was fixed in libtasn1 2.12. */ ++ { ++ unsigned long num = 64; ++ unsigned char der[20]; ++ int der_len; ++ long l; ++ int len; ++ ++ asn1_length_der (num, der, &der_len); ++ ++ der_len = sizeof (der); ++ l = asn1_get_length_der (der, der_len, &len); ++ ++ if (l != -4L) ++ { ++ grub_fatal ("ERROR: asn1_get_length_der overflow-small (l %ld len %d)\n", ++ l, len); ++ return; ++ } ++ } ++ ++ /* Test that values larger than would fit in the input string are ++ rejected. This problem was fixed in libtasn1 2.12. */ ++ { ++ unsigned long num = 1073741824; ++ unsigned char der[20]; ++ int der_len; ++ long l; ++ int len; ++ ++ asn1_length_der (num, der, &der_len); ++ ++ der_len = sizeof (der); ++ l = asn1_get_length_der (der, der_len, &len); ++ ++ if (l != -4L) ++ { ++ grub_fatal ("ERROR: asn1_get_length_der overflow-large1 (l %ld len %d)\n", ++ l, len); ++ return; ++ } ++ } ++ ++ /* Test that values larger than would fit in the input string are ++ rejected. This problem was fixed in libtasn1 2.12. */ ++ { ++ unsigned long num = 2147483649; ++ unsigned char der[20]; ++ int der_len; ++ long l; ++ int len; ++ ++ asn1_length_der (num, der, &der_len); ++ ++ der_len = sizeof (der); ++ l = asn1_get_length_der (der, der_len, &len); ++ ++ if (l != -2L) ++ { ++ grub_fatal ("ERROR: asn1_get_length_der overflow-large2 (l %ld len %d)\n", ++ l, len); ++ return; ++ } ++ } ++} +diff --git a/grub-core/lib/libtasn1_wrap/tests/Test_simple.c b/grub-core/lib/libtasn1_wrap/tests/Test_simple.c +new file mode 100644 +index 000000000..9f01006dd +--- /dev/null ++++ b/grub-core/lib/libtasn1_wrap/tests/Test_simple.c +@@ -0,0 +1,207 @@ ++/* ++ * Copyright (C) 2011-2014 Free Software Foundation, Inc. ++ * ++ * This file is part of LIBTASN1. ++ * ++ * This program is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * This program is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with this program. If not, see . ++ * ++ * Written by Simon Josefsson ++ * ++ */ ++ ++#include ++#include ++#include ++#include ++#include "../wrap_tests.h" ++ ++struct tv ++{ ++ int bitlen; ++ const char *bitstr; ++ int derlen; ++ const char *der; ++}; ++ ++static const struct tv tv[] = { ++ {0, "", 2, "\x01\x00"}, ++ {1, "\x00", 3, "\x02\x07\x00"}, ++ {2, "\x00", 3, "\x02\x06\x00"}, ++ {3, "\x00", 3, "\x02\x05\x00"}, ++ {4, "\x00", 3, "\x02\x04\x00"}, ++ {5, "\x00", 3, "\x02\x03\x00"}, ++ {6, "\x00", 3, "\x02\x02\x00"}, ++ {7, "\x00", 3, "\x02\x01\x00"}, ++ {8, "\x00\x00", 3, "\x02\x00\x00"}, ++ {9, "\x00\x00", 4, "\x03\x07\x00\x00"}, ++ {10, "\x00\x00", 4, "\x03\x06\x00\x00"}, ++ {11, "\x00\x00", 4, "\x03\x05\x00\x00"}, ++ {12, "\x00\x00", 4, "\x03\x04\x00\x00"}, ++ {13, "\x00\x00", 4, "\x03\x03\x00\x00"}, ++ {14, "\x00\x00", 4, "\x03\x02\x00\x00"}, ++ {15, "\x00\x00", 4, "\x03\x01\x00\x00"}, ++ {16, "\x00\x00", 4, "\x03\x00\x00\x00"}, ++ {17, "\x00\x00\x00", 5, "\x04\x07\x00\x00\x00"}, ++ {18, "\x00\x00\x00", 5, "\x04\x06\x00\x00\x00"}, ++ {19, "\x00\x00\x00", 5, "\x04\x05\x00\x00\x00"}, ++ {1, "\xFF", 3, "\x02\x07\x80"}, ++ {2, "\xFF", 3, "\x02\x06\xc0"}, ++ {3, "\xFF", 3, "\x02\x05\xe0"}, ++ {4, "\xFF", 3, "\x02\x04\xf0"}, ++ {5, "\xFF", 3, "\x02\x03\xf8"}, ++ {6, "\xFF", 3, "\x02\x02\xfc"}, ++ {7, "\xFF", 3, "\x02\x01\xfe"}, ++ {8, "\xFF\xFF", 3, "\x02\x00\xff"}, ++ {9, "\xFF\xFF", 4, "\x03\x07\xff\x80"}, ++ {10, "\xFF\xFF", 4, "\x03\x06\xff\xc0"}, ++ {11, "\xFF\xFF", 4, "\x03\x05\xff\xe0"}, ++ {12, "\xFF\xFF", 4, "\x03\x04\xff\xf0"}, ++ {13, "\xFF\xFF", 4, "\x03\x03\xff\xf8"}, ++ {14, "\xFF\xFF", 4, "\x03\x02\xff\xfc"}, ++ {15, "\xFF\xFF", 4, "\x03\x01\xff\xfe"}, ++ {16, "\xFF\xFF", 4, "\x03\x00\xff\xff"}, ++ {17, "\xFF\xFF\xFF", 5, "\x04\x07\xff\xff\x80"}, ++ {18, "\xFF\xFF\xFF", 5, "\x04\x06\xff\xff\xc0"}, ++ {19, "\xFF\xFF\xFF", 5, "\x04\x05\xff\xff\xe0"}, ++}; ++ ++void ++test_simple (void) ++{ ++ int result; ++ unsigned char der[100]; ++ unsigned char str[100]; ++ int der_len = sizeof (der); ++ int str_size = sizeof (str); ++ int ret_len, bit_len; ++ grub_size_t i; ++ ++ /* Dummy test */ ++ ++ asn1_bit_der (NULL, 0, der, &der_len); ++ result = asn1_get_bit_der (der, 0, &ret_len, str, str_size, &bit_len); ++ if (result != ASN1_GENERIC_ERROR) ++ { ++ grub_fatal ("asn1_get_bit_der zero\n"); ++ return; ++ } ++ ++ /* Encode short strings with increasing bit lengths */ ++ ++ for (i = 0; i < sizeof (tv) / sizeof (tv[0]); i++) ++ { ++ /* Encode */ ++ ++ asn1_bit_der ((const unsigned char *) tv[i].bitstr, tv[i].bitlen, ++ der, &der_len); ++ ++#if 0 ++ { ++ size_t j; ++ for (j = 0; j < der_len; j++) ++ printf ("\\x%02x", der[j]); ++ printf ("\n"); ++ } ++#endif ++ ++ if (der_len != tv[i].derlen || grub_memcmp (der, tv[i].der, der_len) != 0) ++ { ++ grub_fatal ("asn1_bit_der iter %lu\n", (unsigned long) i); ++ return; ++ } ++ ++ /* Decode it */ ++ ++ result = asn1_get_bit_der (der, der_len, &ret_len, str, ++ str_size, &bit_len); ++ if (result != ASN1_SUCCESS || ret_len != tv[i].derlen ++ || bit_len != tv[i].bitlen) ++ { ++ grub_fatal ("asn1_get_bit_der iter %lu, err: %d\n", (unsigned long) i, result); ++ return; ++ } ++ } ++ ++ ++ /* Decode sample from "A Layman's Guide to a Subset of ASN.1, BER, ++ and DER" section 5.4 "BIT STRING": "The BER encoding of the BIT ++ STRING value "011011100101110111" can be any of the following, ++ among others, depending on the choice of padding bits, the form ++ of length octets [...]". ++ */ ++ ++ /* 03 04 06 6e 5d c0 DER encoding */ ++ ++ grub_memcpy (der, "\x04\x06\x6e\x5d\xc0", 5); ++ der_len = 5; ++ ++ result = asn1_get_bit_der (der, der_len, &ret_len, str, str_size, &bit_len); ++ if (result != ASN1_SUCCESS || ret_len != 5 ++ || bit_len != 18 || grub_memcmp (str, "\x6e\x5d\xc0", 3) != 0) ++ { ++ grub_fatal ("asn1_get_bit_der example\n"); ++ return; ++ } ++ ++ der_len = sizeof (der); ++ asn1_bit_der (str, bit_len, der, &der_len); ++ if (der_len != 5 || grub_memcmp (der, "\x04\x06\x6e\x5d\xc0", 5) != 0) ++ { ++ grub_fatal ("asn1_bit_der example roundtrip\n"); ++ return; ++ } ++ ++ /* 03 04 06 6e 5d e0 padded with "100000" */ ++ ++ grub_memcpy (der, "\x04\x06\x6e\x5d\xe0", 5); ++ der_len = 5; ++ ++ result = asn1_get_bit_der (der, der_len, &ret_len, str, str_size, &bit_len); ++ if (result != ASN1_SUCCESS || ret_len != 5 ++ || bit_len != 18 || grub_memcmp (str, "\x6e\x5d\xe0", 3) != 0) ++ { ++ grub_fatal ("asn1_get_bit_der example padded\n"); ++ return; ++ } ++ ++ der_len = sizeof (der); ++ asn1_bit_der (str, bit_len, der, &der_len); ++ if (der_len != 5 || grub_memcmp (der, "\x04\x06\x6e\x5d\xc0", 5) != 0) ++ { ++ grub_fatal ("asn1_bit_der example roundtrip\n"); ++ return; ++ } ++ ++ /* 03 81 04 06 6e 5d c0 long form of length octets */ ++ ++ grub_memcpy (der, "\x81\x04\x06\x6e\x5d\xc0", 6); ++ der_len = 6; ++ ++ result = asn1_get_bit_der (der, der_len, &ret_len, str, str_size, &bit_len); ++ ++ if (result != ASN1_SUCCESS || ret_len != 6 ++ || bit_len != 18 || grub_memcmp (str, "\x6e\x5d\xc0", 3) != 0) ++ { ++ grub_fatal ("asn1_get_bit_der example long form\n"); ++ return; ++ } ++ ++ der_len = sizeof (der); ++ asn1_bit_der (str, bit_len, der, &der_len); ++ if (der_len != 5 || grub_memcmp (der, "\x04\x06\x6e\x5d\xc0", 5) != 0) ++ { ++ grub_fatal ("asn1_bit_der example roundtrip\n"); ++ return; ++ } ++} +diff --git a/grub-core/lib/libtasn1_wrap/tests/Test_strings.c b/grub-core/lib/libtasn1_wrap/tests/Test_strings.c +new file mode 100644 +index 000000000..dbe1474b2 +--- /dev/null ++++ b/grub-core/lib/libtasn1_wrap/tests/Test_strings.c +@@ -0,0 +1,150 @@ ++/* ++ * Copyright (C) 2012-2014 Free Software Foundation, Inc. ++ * ++ * This file is part of LIBTASN1. ++ * ++ * This program is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * This program is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with this program. If not, see . ++ * ++ * Written by Simon Josefsson ++ * ++ */ ++ ++#include ++#include ++#include ++#include ++#include "../wrap_tests.h" ++ ++struct tv ++{ ++ unsigned int etype; ++ unsigned int str_len; ++ const void *str; ++ unsigned int der_len; ++ const void *der; ++}; ++ ++static const struct tv tv[] = { ++ {ASN1_ETYPE_IA5_STRING, 20, ++ "\x63\x73\x63\x61\x40\x70\x61\x73\x73\x70\x6f\x72\x74\x2e\x67\x6f\x76\x2e\x67\x72", ++ 22, ++ "\x16\x14\x63\x73\x63\x61\x40\x70\x61\x73\x73\x70\x6f\x72\x74\x2e\x67\x6f\x76\x2e\x67\x72"}, ++ {ASN1_ETYPE_PRINTABLE_STRING, 5, "\x4e\x69\x6b\x6f\x73", ++ 7, "\x13\x05\x4e\x69\x6b\x6f\x73"}, ++ {ASN1_ETYPE_UTF8_STRING, 12, "Αττική", ++ 14, "\x0c\x0c\xce\x91\xcf\x84\xcf\x84\xce\xb9\xce\xba\xce\xae"}, ++ {ASN1_ETYPE_TELETEX_STRING, 15, ++ "\x53\x69\x6d\x6f\x6e\x20\x4a\x6f\x73\x65\x66\x73\x73\x6f\x6e", ++ 17, ++ "\x14\x0f\x53\x69\x6d\x6f\x6e\x20\x4a\x6f\x73\x65\x66\x73\x73\x6f\x6e"}, ++ {ASN1_ETYPE_OCTET_STRING, 36, ++ "\x30\x22\x80\x0F\x32\x30\x31\x31\x30\x38\x32\x31\x30\x38\x30\x30\x30\x36\x5A\x81\x0F\x32\x30\x31\x31\x30\x38\x32\x33\x32\x30\x35\x39\x35\x39\x5A", ++ 38, ++ "\x04\x24\x30\x22\x80\x0F\x32\x30\x31\x31\x30\x38\x32\x31\x30\x38\x30\x30\x30\x36\x5A\x81\x0F\x32\x30\x31\x31\x30\x38\x32\x33\x32\x30\x35\x39\x35\x39\x5A"} ++}; ++ ++#define SSTR(x) sizeof(x)-1,x ++static const struct tv ber[] = { ++ {ASN1_ETYPE_OCTET_STRING, ++ SSTR("\xa0\xa0"), ++ SSTR("\x24\x80\x04\x82\x00\x02\xa0\xa0\x00\x00")}, ++ {ASN1_ETYPE_OCTET_STRING, ++ SSTR("\xa0\xa0\xb0\xb0\xb0"), ++ SSTR("\x24\x80\x04\x82\x00\x02\xa0\xa0\x04\x82\x00\x03\xb0\xb0\xb0\x00\x00")}, ++ {ASN1_ETYPE_OCTET_STRING, ++ SSTR("\xa0\xa0\xb0\xb0\xb0\xa1\xa1"), ++ SSTR("\x24\x80\x04\x82\x00\x02\xa0\xa0\x04\x82\x00\x03\xb0\xb0\xb0\x24\x80\x04\x82\x00\x02\xa1\xa1\x00\x00\x00\x00")}, ++ {ASN1_ETYPE_OCTET_STRING, ++ SSTR("\xa0\xa0\xb0\xb0\xb0\xa1\xa1\xc1"), ++ SSTR("\x24\x80\x04\x82\x00\x02\xa0\xa0\x04\x82\x00\x03\xb0\xb0\xb0\x24\x80\x04\x82\x00\x02\xa1\xa1\x04\x82\x00\x01\xc1\x00\x00\x00\x00")}, ++}; ++ ++void ++test_strings () ++{ ++ int ret; ++ unsigned char tl[ASN1_MAX_TL_SIZE]; ++ unsigned int tl_len, der_len, str_len; ++ const unsigned char *str; ++ unsigned char *b; ++ unsigned int i; ++ ++ /* Dummy test */ ++ ++ for (i = 0; i < sizeof (tv) / sizeof (tv[0]); i++) ++ { ++ /* Encode */ ++ tl_len = sizeof (tl); ++ ret = asn1_encode_simple_der (tv[i].etype, tv[i].str, tv[i].str_len, ++ tl, &tl_len); ++ if (ret != ASN1_SUCCESS) ++ { ++ grub_fatal ("Encoding error in %u: %s\n", i, ++ asn1_strerror (ret)); ++ return; ++ } ++ der_len = tl_len + tv[i].str_len; ++ ++ if (der_len != tv[i].der_len || grub_memcmp (tl, tv[i].der, tl_len) != 0) ++ { ++ grub_fatal ( ++ "DER encoding differs in %u! (size: %u, expected: %u)\n", ++ i, der_len, tv[i].der_len); ++ return; ++ } ++ ++ /* decoding */ ++ ret = ++ asn1_decode_simple_der (tv[i].etype, tv[i].der, tv[i].der_len, &str, ++ &str_len); ++ if (ret != ASN1_SUCCESS) ++ { ++ grub_fatal ("Decoding error in %u: %s\n", i, ++ asn1_strerror (ret)); ++ return; ++ } ++ ++ if (str_len != tv[i].str_len || grub_memcmp (str, tv[i].str, str_len) != 0) ++ { ++ grub_fatal ( ++ "DER decoded data differ in %u! (size: %u, expected: %u)\n", ++ i, der_len, tv[i].str_len); ++ return; ++ } ++ } ++ ++ /* BER decoding */ ++ for (i = 0; i < sizeof (ber) / sizeof (ber[0]); i++) ++ { ++ /* decoding */ ++ ret = ++ asn1_decode_simple_ber (ber[i].etype, ber[i].der, ber[i].der_len, &b, ++ &str_len, NULL); ++ if (ret != ASN1_SUCCESS) ++ { ++ grub_fatal ("BER decoding error in %u: %s\n", i, ++ asn1_strerror (ret)); ++ return; ++ } ++ ++ if (str_len != ber[i].str_len || grub_memcmp (b, ber[i].str, str_len) != 0) ++ { ++ grub_fatal ( ++ "BER decoded data differ in %u! (size: %u, expected: %u)\n", ++ i, str_len, ber[i].str_len); ++ return; ++ } ++ grub_free(b); ++ } ++} +diff --git a/grub-core/lib/libtasn1_wrap/tests/object-id-decoding.c b/grub-core/lib/libtasn1_wrap/tests/object-id-decoding.c +new file mode 100644 +index 000000000..d367bbfb5 +--- /dev/null ++++ b/grub-core/lib/libtasn1_wrap/tests/object-id-decoding.c +@@ -0,0 +1,116 @@ ++/* ++ * Copyright (C) 2016 Red Hat, Inc. ++ * ++ * This file is part of LIBTASN1. ++ * ++ * This program is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * This program is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with this program. If not, see . ++ * ++ */ ++ ++#include ++#include ++#include ++#include ++#include "../wrap_tests.h" ++ ++struct tv ++{ ++ int der_len; ++ const unsigned char *der; ++ const char *oid; ++ int expected_error; ++}; ++ ++static const struct tv tv[] = { ++ {.der_len = 5, ++ .der = (void *) "\x06\x03\x80\x37\x03", ++ .oid = "2.999.3", ++ .expected_error = ASN1_DER_ERROR /* leading 0x80 */ ++ }, ++ {.der_len = 12, ++ .der = (void *) "\x06\x0a\x2b\x06\x01\x80\x01\x92\x08\x09\x05\x01", ++ .oid = "1.3.6.1.4.1.2312.9.5.1", ++ .expected_error = ASN1_DER_ERROR /* leading 0x80 */ ++ }, ++ {.der_len = 6, ++ .der = (void *) "\x06\x04\x01\x02\x03\x04", ++ .oid = "0.1.2.3.4", ++ .expected_error = ASN1_SUCCESS}, ++ {.der_len = 5, ++ .der = (void *) "\x06\x03\x51\x02\x03", ++ .oid = "2.1.2.3", ++ .expected_error = ASN1_SUCCESS}, ++ {.der_len = 5, ++ .der = (void *) "\x06\x03\x88\x37\x03", ++ .oid = "2.999.3", ++ .expected_error = ASN1_SUCCESS}, ++ {.der_len = 12, ++ .der = (void *) "\x06\x0a\x2b\x06\x01\x04\x01\x92\x08\x09\x05\x01", ++ .oid = "1.3.6.1.4.1.2312.9.5.1", ++ .expected_error = ASN1_SUCCESS}, ++ {.der_len = 19, ++ .der = (void *) "\x06\x11\xfa\x80\x00\x00\x00\x0e\x01\x0e\xfa\x80\x00\x00\x00\x0e\x63\x6f\x6d", ++ .oid = "2.1998768.0.0.14.1.14.1998848.0.0.14.99.111.109", ++ .expected_error = ASN1_SUCCESS}, ++ {.der_len = 19, ++ .der = ++ (void *) ++ "\x06\x11\x2b\x06\x01\x04\x01\x92\x08\x09\x02\xaa\xda\xbe\xbe\xfa\x72\x01\x07", ++ .oid = "1.3.6.1.4.1.2312.9.2.1467399257458.1.7", ++ .expected_error = ASN1_SUCCESS}, ++}; ++ ++void ++test_object_id_decoding (void) ++{ ++ char str[128]; ++ int ret, ret_len; ++ grub_size_t i; ++ ++ for (i = 0; i < sizeof (tv) / sizeof (tv[0]); i++) ++ { ++ /* decode */ ++ ret = ++ asn1_get_object_id_der (tv[i].der+1, ++ tv[i].der_len-1, &ret_len, str, ++ sizeof (str)); ++ if (ret != tv[i].expected_error) ++ { ++ grub_fatal ( ++ "%d: asn1_get_object_id_der iter %lu: got '%s' expected %d\n", ++ __LINE__, (unsigned long) i, asn1_strerror(ret), tv[i].expected_error); ++ return; ++ } ++ ++ if (tv[i].expected_error != ASN1_SUCCESS) ++ continue; ++ ++ if (ret_len != tv[i].der_len-1) ++ { ++ grub_fatal ( ++ "%d: iter %lu: error in DER, length returned is %d, had %d\n", ++ __LINE__, (unsigned long)i, ret_len, tv[i].der_len-1); ++ return; ++ } ++ ++ if (grub_strcmp (tv[i].oid, str) != 0) ++ { ++ grub_fatal ( ++ "%d: strcmp iter %lu: got invalid OID: %s, expected: %s\n", ++ __LINE__, (unsigned long) i, str, tv[i].oid); ++ return; ++ } ++ ++ } ++} +diff --git a/grub-core/lib/libtasn1_wrap/tests/object-id-encoding.c b/grub-core/lib/libtasn1_wrap/tests/object-id-encoding.c +new file mode 100644 +index 000000000..3a83b58c5 +--- /dev/null ++++ b/grub-core/lib/libtasn1_wrap/tests/object-id-encoding.c +@@ -0,0 +1,120 @@ ++/* ++ * Copyright (C) 2019 Nikos Mavrogiannopoulos ++ * ++ * This file is part of LIBTASN1. ++ * ++ * This program is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * This program is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with this program. If not, see . ++ * ++ */ ++ ++#include ++#include ++#include ++#include ++#include "../wrap_tests.h" ++ ++struct tv ++{ ++ int der_len; ++ const unsigned char *der; ++ const char *oid; ++ int expected_error; ++}; ++ ++static const struct tv tv[] = { ++ {.der_len = 0, ++ .der = (void *) "", ++ .oid = "5.999.3", ++ .expected_error = ASN1_VALUE_NOT_VALID /* cannot start with 5 */ ++ }, ++ {.der_len = 0, ++ .der = (void *) "", ++ .oid = "0.48.9", ++ .expected_error = ASN1_VALUE_NOT_VALID /* second field cannot be 48 */ ++ }, ++ {.der_len = 0, ++ .der = (void *) "", ++ .oid = "1.40.9", ++ .expected_error = ASN1_VALUE_NOT_VALID /* second field cannot be 40 */ ++ }, ++ {.der_len = 4, ++ .der = (void *) "\x06\x02\x4f\x63", ++ .oid = "1.39.99", ++ .expected_error = ASN1_SUCCESS, ++ }, ++ {.der_len = 6, ++ .der = (void *) "\x06\x04\x01\x02\x03\x04", ++ .oid = "0.1.2.3.4", ++ .expected_error = ASN1_SUCCESS}, ++ {.der_len = 5, ++ .der = (void *) "\x06\x03\x51\x02\x03", ++ .oid = "2.1.2.3", ++ .expected_error = ASN1_SUCCESS}, ++ {.der_len = 5, ++ .der = (void *) "\x06\x03\x88\x37\x03", ++ .oid = "2.999.3", ++ .expected_error = ASN1_SUCCESS}, ++ {.der_len = 12, ++ .der = (void *) "\x06\x0a\x2b\x06\x01\x04\x01\x92\x08\x09\x05\x01", ++ .oid = "1.3.6.1.4.1.2312.9.5.1", ++ .expected_error = ASN1_SUCCESS}, ++ {.der_len = 19, ++ .der = (void *) "\x06\x11\xfa\x80\x00\x00\x00\x0e\x01\x0e\xfa\x80\x00\x00\x00\x0e\x63\x6f\x6d", ++ .oid = "2.1998768.0.0.14.1.14.1998848.0.0.14.99.111.109", ++ .expected_error = ASN1_SUCCESS}, ++ {.der_len = 19, ++ .der = ++ (void *) ++ "\x06\x11\x2b\x06\x01\x04\x01\x92\x08\x09\x02\xaa\xda\xbe\xbe\xfa\x72\x01\x07", ++ .oid = "1.3.6.1.4.1.2312.9.2.1467399257458.1.7", ++ .expected_error = ASN1_SUCCESS}, ++}; ++ ++void ++test_object_id_encoding(void) ++{ ++ unsigned char der[128]; ++ int ret, der_len, i; ++ ++ for (i = 0; i < (int)(sizeof (tv) / sizeof (tv[0])); i++) ++ { ++ der_len = sizeof(der); ++ ret = asn1_object_id_der(tv[i].oid, der, &der_len, 0); ++ if (ret != ASN1_SUCCESS) ++ { ++ if (ret == tv[i].expected_error) ++ continue; ++ grub_fatal ( ++ "%d: iter %lu, encoding of OID failed: %s\n", ++ __LINE__, (unsigned long) i, asn1_strerror(ret)); ++ return; ++ } ++ else if (ret != tv[i].expected_error) ++ { ++ grub_fatal ( ++ "%d: iter %lu, encoding of OID %s succeeded when expecting failure\n", ++ __LINE__, (unsigned long) i, tv[i].oid); ++ return; ++ } ++ ++ if (der_len != tv[i].der_len || grub_memcmp(der, tv[i].der, der_len) != 0) ++ { ++ grub_fatal ( ++ "%d: iter %lu, re-encoding of OID %s resulted to different string (%d vs %d bytes)\n", ++ __LINE__, (unsigned long) i, tv[i].oid, der_len, tv[i].der_len); ++ ++ return; ++ } ++ } ++} +diff --git a/grub-core/lib/libtasn1_wrap/tests/octet-string.c b/grub-core/lib/libtasn1_wrap/tests/octet-string.c +new file mode 100644 +index 000000000..d8a049e8d +--- /dev/null ++++ b/grub-core/lib/libtasn1_wrap/tests/octet-string.c +@@ -0,0 +1,211 @@ ++/* ++ * Copyright (C) 2011-2020 Free Software Foundation, Inc. ++ * ++ * This file is part of LIBTASN1. ++ * ++ * This program is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * This program is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with this program. If not, see . ++ * ++ * Written by Simon Josefsson and Nikos Mavrogiannopoulos ++ * ++ */ ++ ++#include ++#include ++#include ++#include ++#include "../wrap_tests.h" ++ ++ ++struct tv ++{ ++ const char *name; ++ int der_len; ++ const unsigned char *der_str; ++ int len; ++ const unsigned char *string; ++ int expected_error; ++ int ber; ++}; ++ ++static const struct tv tv[] = { ++ {.name = "primitive octet strings", ++ .der_len = 10, ++ .der_str = ++ (void*)"\x04\x08\x01\x23\x45\x67\x89\xab\xcd\xef", ++ .len = 8, ++ .string = ++ (void*)"\x01\x23\x45\x67\x89\xab\xcd\xef", ++ .ber = 0}, ++ {.der_len = 22, ++ .der_str = ++ (void*)"\x04\x14\x13\x00\xd9\xa8\x47\xf7\xf2\x1c\xf4\xb0\xec\x5f\xc1\x73\xe5\x1b\x25\xc2\x62\x27", ++ .len = 20, ++ .string = ++ (void*)"\x13\x00\xD9\xA8\x47\xF7\xF2\x1C\xF4\xB0\xEC\x5F\xC1\x73\xE5\x1B\x25\xC2\x62\x27"}, ++ ++ {.name = "long type of length", ++ .der_len = 23, ++ .der_str = ++ (void*)"\x04\x81\x14\x13\x00\xd9\xa8\x47\xf7\xf2\x1c\xf4\xb0\xec\x5f\xc1\x73\xe5\x1b\x25\xc2\x62\x27", ++ .len = 20, ++ .string = ++ (void*)"\x13\x00\xD9\xA8\x47\xF7\xF2\x1C\xF4\xB0\xEC\x5F\xC1\x73\xE5\x1B\x25\xC2\x62\x27", ++ .ber = 1}, ++ {.der_len = 11, ++ .der_str = ++ (void*)"\x04\x81\x08\x01\x23\x45\x67\x89\xab\xcd\xef", ++ .len = 8, ++ .string = ++ (void*)"\x01\x23\x45\x67\x89\xab\xcd\xef", ++ .ber = 1}, ++ ++ {.name = "constructed - indefinite", ++ .der_len = 11, ++ .der_str = (void*)"\x24\x80\x04\x05\x01\x02\x03\x04\x05\x00\x00", ++ .len = 5, ++ .string = (void*)"\x01\x02\x03\x04\x05", ++ .ber = 1, ++ }, ++ ++ {.name = "constructed - definite - concat", ++ .der_len = 12, ++ .der_str = (void*)"\x24\x0a\x04\x04\x0a\x0b\x0c\x0d\x04\x02\x0e\x0f", ++ .len = 6, ++ .string = (void*)"\x0a\x0b\x0c\x0d\x0e\x0f", ++ .ber = 1, ++ }, ++ {.name = "constructed - definite - recursive", ++ .der_len = 15, ++ .der_str = (void*)"\x24\x0d\x04\x04\x0a\x0b\x0c\x0d\x24\x05\x04\x00\x04\x01\x0f", ++ .len = 5, ++ .string = (void*)"\x0a\x0b\x0c\x0d\x0f", ++ .ber = 1, ++ }, ++ {.name = "constructed - definite - single", ++ .der_len = 7, ++ .der_str = (void*)"\x24\x05\x04\x03\x01\x02\x03", ++ .len = 3, ++ .string = (void*)"\x01\x02\x03", ++ .ber = 1, ++ }, ++ ++ /* a large amount of recursive indefinite encoding */ ++ {.name = "a large amount of recursive indefinite encoding", ++ .der_len = 29325, ++ .der_str = (void*)"\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80\x24\x80", ++ .len = 0, ++ .ber = 1, ++ .expected_error = ASN1_DER_ERROR ++ } ++}; ++ ++void ++test_octet_string (void) ++{ ++ unsigned char str[100]; ++ unsigned char der[100]; ++ int der_len = sizeof (der); ++ int str_size = sizeof (str); ++ unsigned char *tmp = NULL; ++ int ret, ret_len; ++ grub_size_t i; ++ ++ for (i = 0; i < sizeof (tv) / sizeof (tv[0]); i++) ++ { ++ /* Decode */ ++ ++ if (tv[i].ber == 0) ++ { ++ str_size = sizeof (str); ++ ret = ++ asn1_get_octet_der (tv[i].der_str + 1, ++ tv[i].der_len - 1, &ret_len, str, ++ sizeof (str), &str_size); ++ if (ret != tv[i].expected_error) ++ { ++ grub_fatal ( ++ "%d: asn1_get_octet_der: %s: got %d expected %d\n", ++ __LINE__, tv[i].name, ret, ++ tv[i].expected_error); ++ return; ++ } ++ if (tv[i].expected_error) ++ continue; ++ ++ if (ret_len != tv[i].der_len - 1) ++ { ++ grub_fatal ( ++ "%d: error in DER, length returned is %d, had %d\n", ++ __LINE__, ret_len, tv[i].der_len - 1); ++ return; ++ } ++ ++ if (str_size != tv[i].len ++ || grub_memcmp (tv[i].string, str, tv[i].len) != 0) ++ { ++ grub_fatal ( ++ "%d: memcmp: %s: got invalid decoding\n", ++ __LINE__, tv[i].name); ++ ++ return; ++ } ++ ++ /* Encode */ ++ der_len = sizeof (der); ++ asn1_octet_der (str, str_size, der, &der_len); ++ ++ if (der_len != tv[i].der_len - 1 ++ || grub_memcmp (tv[i].der_str + 1, der, tv[i].der_len - 1) != 0) ++ { ++ grub_fatal ( ++ "encoding: %s: got invalid encoding\n", ++ tv[i].name); ++ return; ++ } ++ } ++ ++ ret = ++ asn1_decode_simple_ber (ASN1_ETYPE_OCTET_STRING, ++ tv[i].der_str, tv[i].der_len, ++ &tmp, (unsigned int*)&str_size, (unsigned int*)&der_len); ++ if (ret != tv[i].expected_error) ++ { ++ grub_fatal ( ++ "%d: asn1_decode_simple_ber: %s: got %s expected %s\n", ++ __LINE__, tv[i].name, asn1_strerror(ret), asn1_strerror(tv[i].expected_error)); ++ return; ++ } ++ if (tv[i].expected_error) ++ continue; ++ ++ if (der_len != tv[i].der_len) ++ { ++ grub_fatal ( ++ "%d: error: %s: DER, length returned is %d, had %d\n", ++ __LINE__, tv[i].name, der_len, tv[i].der_len); ++ return; ++ } ++ ++ if (str_size != tv[i].len || grub_memcmp (tv[i].string, tmp, tv[i].len) != 0) ++ { ++ grub_fatal ( ++ "%d: memcmp: %s: got invalid decoding\n", ++ __LINE__, tv[i].name); ++ return; ++ } ++ grub_free (tmp); ++ tmp = NULL; ++ ++ } ++} +diff --git a/grub-core/lib/libtasn1_wrap/tests/reproducers.c b/grub-core/lib/libtasn1_wrap/tests/reproducers.c +new file mode 100644 +index 000000000..dc7268d4c +--- /dev/null ++++ b/grub-core/lib/libtasn1_wrap/tests/reproducers.c +@@ -0,0 +1,81 @@ ++/* ++ * Copyright (C) 2019 Free Software Foundation, Inc. ++ * ++ * This file is part of LIBTASN1. ++ * ++ * This program is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * This program is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with this program. If not, see . ++ * ++ */ ++ ++/****************************************************************/ ++/* Description: run reproducers for several fixed issues */ ++/****************************************************************/ ++ ++#include ++#include ++#include ++#include "../wrap_tests.h" ++ ++#define CONST_DOWN (1U<<29) ++ ++/* produces endless loop (fixed by d4b624b2): ++ * The following translates into a single node with all pointers ++ * (right,left,down) set to NULL. */ ++const asn1_static_node endless_asn1_tab[] = { ++ { "TEST_TREE", 536875024, NULL }, ++ { NULL, 0, NULL } ++}; ++ ++/* produces memory leak (fixed by f16d1ff9): ++ * 152 bytes in 1 blocks are definitely lost in loss record 1 of 1 ++ * at 0x4837B65: calloc (vg_replace_malloc.c:762) ++ * by 0x4851C0D: _asn1_add_static_node (parser_aux.c:71) ++ * by 0x4853AAC: asn1_array2tree (structure.c:200) ++ * by 0x10923B: main (single_node.c:67) ++ */ ++const asn1_static_node tab[] = { ++{ "a", CONST_DOWN, "" }, ++{ "b", 0, "" }, ++{ "c", 0, "" }, ++{ NULL, 0, NULL } ++}; ++ ++void ++test_reproducers (void) ++{ ++ int result; ++ asn1_node definitions = NULL; ++ char errorDescription[ASN1_MAX_ERROR_DESCRIPTION_SIZE]; ++ ++ result = asn1_array2tree (endless_asn1_tab, &definitions, errorDescription); ++ if (result != ASN1_SUCCESS) ++ { ++ grub_fatal ("Error: %s\nErrorDescription = %s\n\n", ++ asn1_strerror (result), errorDescription); ++ return; ++ } ++ ++ asn1_delete_structure (&definitions); ++ ++ definitions = NULL; ++ result = asn1_array2tree (tab, &definitions, errorDescription); ++ if (result != ASN1_SUCCESS) ++ { ++ grub_fatal ("Error: %s\nErrorDescription = %s\n\n", ++ asn1_strerror (result), errorDescription); ++ return; ++ } ++ ++ asn1_delete_structure (&definitions); ++} +diff --git a/grub-core/lib/libtasn1_wrap/wrap_tests.c b/grub-core/lib/libtasn1_wrap/wrap_tests.c +new file mode 100644 +index 000000000..75fcd21f0 +--- /dev/null ++++ b/grub-core/lib/libtasn1_wrap/wrap_tests.c +@@ -0,0 +1,75 @@ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2020 IBM Corporation ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ */ ++ ++#include ++#include ++#include ++#include "wrap_tests.h" ++ ++/* ++ * libtasn1 tests - from which this is derived - are provided under GPL3+. ++ */ ++GRUB_MOD_LICENSE ("GPLv3+"); ++ ++static grub_command_t cmd; ++ ++static grub_err_t ++grub_cmd_asn1test (grub_command_t cmdd __attribute__((unused)), ++ int argc __attribute__((unused)), ++ char **args __attribute__((unused))) ++{ ++ grub_printf ("test_CVE_2018_1000654\n"); ++ test_CVE_2018_1000654 (); ++ ++ grub_printf ("test_object_id_decoding\n"); ++ test_object_id_decoding (); ++ ++ grub_printf ("test_object_id_encoding\n"); ++ test_object_id_encoding (); ++ ++ grub_printf ("test_octet_string\n"); ++ test_octet_string (); ++ ++ grub_printf ("test_overflow\n"); ++ test_overflow (); ++ ++ grub_printf ("test_reproducers\n"); ++ test_overflow (); ++ ++ grub_printf ("test_simple\n"); ++ test_simple (); ++ ++ grub_printf ("test_strings\n"); ++ test_strings (); ++ ++ grub_printf ("ASN.1 self-tests passed\n"); ++ ++ return GRUB_ERR_NONE; ++} ++ ++ ++GRUB_MOD_INIT(test_asn1) ++{ ++ cmd = grub_register_command ("test_asn1", grub_cmd_asn1test, NULL, ++ "Run self-tests for the ASN.1 parser."); ++} ++ ++GRUB_MOD_FINI(test_asn1) ++{ ++ grub_unregister_command (cmd); ++} +diff --git a/grub-core/lib/libtasn1_wrap/tests/CVE-2018-1000654-1_asn1_tab.h b/grub-core/lib/libtasn1_wrap/tests/CVE-2018-1000654-1_asn1_tab.h +new file mode 100644 +index 000000000..1e7d3d64f +--- /dev/null ++++ b/grub-core/lib/libtasn1_wrap/tests/CVE-2018-1000654-1_asn1_tab.h +@@ -0,0 +1,32 @@ ++#if HAVE_CONFIG_H ++# include "config.h" ++#endif ++ ++#include ++ ++const asn1_static_node CVE_2018_1000654_1_asn1_tab[] = { ++ { "TEST_TREE", 536875024, NULL }, ++ { NULL, 1610612748, NULL }, ++ { "iso", 1073741825, "1"}, ++ { "identified-organization", 1073741825, "3"}, ++ { "dod", 1073741825, "6"}, ++ { "internet", 1073741825, "1"}, ++ { "security", 1073741825, "5"}, ++ { "mechanisms", 1073741825, "5"}, ++ { "pkix", 1073741825, "7"}, ++ { "id-mod", 1073741825, "0"}, ++ { "id-pkix1-implicit-88", 1, "2"}, ++ { "id-xnyTest", 1879048204, NULL }, ++ { NULL, 1073741825, "id-ix"}, ++ { NULL, 1073741825, "29"}, ++ { NULL, 1, "1"}, ++ { "id-ix", 1880096780, "OBJECR"}, ++ { NULL, 1073741825, "id-ix"}, ++ { NULL, 1073741825, "29"}, ++ { NULL, 1, "2"}, ++ { "id-xnyTest", 805306380, NULL }, ++ { NULL, 1073741825, "id-ix"}, ++ { NULL, 1073741825, "29"}, ++ { NULL, 1, "1"}, ++ { NULL, 0, NULL } ++}; +diff --git a/grub-core/lib/libtasn1_wrap/tests/CVE-2018-1000654-2_asn1_tab.h b/grub-core/lib/libtasn1_wrap/tests/CVE-2018-1000654-2_asn1_tab.h +new file mode 100644 +index 000000000..e2561e5ec +--- /dev/null ++++ b/grub-core/lib/libtasn1_wrap/tests/CVE-2018-1000654-2_asn1_tab.h +@@ -0,0 +1,36 @@ ++#if HAVE_CONFIG_H ++# include "config.h" ++#endif ++ ++#include ++ ++const asn1_static_node CVE_2018_1000654_2_asn1_tab[] = { ++ { "TEST_TREE", 536875024, NULL }, ++ { NULL, 1610612748, NULL }, ++ { "iso", 1073741825, "1"}, ++ { "identified-organization", 1073741825, "3"}, ++ { "dod", 1073741825, "6"}, ++ { "internet", 1073741825, "1"}, ++ { "security", 1073741825, "5"}, ++ { "mechanisms", 1073741825, "5"}, ++ { "pkix", 1073741825, "7"}, ++ { "id-mod", 1073741825, "0"}, ++ { "id-pkix1-implicit-88", 1, "2"}, ++ { "id-oneTest", 1879048204, NULL }, ++ { NULL, 1073741825, "id-two"}, ++ { NULL, 1073741825, "9"}, ++ { NULL, 1, "1"}, ++ { "id-two", 1879048204, NULL }, ++ { NULL, 1073741825, "id-three"}, ++ { NULL, 1073741825, "2"}, ++ { NULL, 1, "2"}, ++ { "id-three", 1879048204, NULL }, ++ { NULL, 1073741825, "id-four"}, ++ { NULL, 1073741825, "3"}, ++ { NULL, 1, "3"}, ++ { "id-four", 805306380, NULL }, ++ { NULL, 1073741825, "id-two"}, ++ { NULL, 1073741825, "3"}, ++ { NULL, 1, "3"}, ++ { NULL, 0, NULL } ++}; +diff --git a/grub-core/lib/libtasn1_wrap/wrap_tests.h b/grub-core/lib/libtasn1_wrap/wrap_tests.h +new file mode 100644 +index 000000000..555e56dd2 +--- /dev/null ++++ b/grub-core/lib/libtasn1_wrap/wrap_tests.h +@@ -0,0 +1,38 @@ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2020 IBM Corporation ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ */ ++ ++#ifndef LIBTASN1_WRAP_TESTS_H ++#define LIBTASN1_WRAP_TESTS_H ++ ++void test_CVE_2018_1000654 (void); ++ ++void test_object_id_encoding (void); ++ ++void test_object_id_decoding (void); ++ ++void test_octet_string (void); ++ ++void test_overflow (void); ++ ++void test_reproducers (void); ++ ++void test_simple (void); ++ ++void test_strings (void); ++ ++#endif +diff --git a/.gitignore b/.gitignore +index 7aaae594d..146f4662a 100644 +--- a/.gitignore ++++ b/.gitignore +@@ -131,4 +131,5 @@ grub-*.tar.* + /libgrub_a_init.c + /libgrub_a_init.lst + /stamp-h.in ++/test_asn1 + /widthspec.h +diff --git a/tests/test_asn1.in b/tests/test_asn1.in +new file mode 100644 +index 000000000..8173c5c27 +--- /dev/null ++++ b/tests/test_asn1.in +@@ -0,0 +1,12 @@ ++#! @BUILD_SHEBANG@ ++set -e ++ ++. "@builddir@/grub-core/modinfo.sh" ++ ++out=`echo test_asn1 | @builddir@/grub-shell` ++ ++if [ "$(echo "$out" | tail -n 1)" != "ASN.1 self-tests passed" ]; then ++ echo "ASN.1 test failure: $out" ++ exit 1 ++fi ++ diff --git a/SOURCES/0364-grub-install-support-embedding-x509-certificates.patch b/SOURCES/0364-grub-install-support-embedding-x509-certificates.patch new file mode 100644 index 0000000..fffe18e --- /dev/null +++ b/SOURCES/0364-grub-install-support-embedding-x509-certificates.patch @@ -0,0 +1,255 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Alastair D'Silva +Date: Mon, 6 Jul 2020 13:33:04 +1000 +Subject: [PATCH] grub-install: support embedding x509 certificates + +To support verification of appended signatures, we need a way to +embed the necessary public keys. Existing appended signature schemes +in the Linux kernel use X.509 certificates, so allow certificates to +be embedded in the grub core image in the same way as PGP keys. + +Signed-off-by: Alastair D'Silva +Signed-off-by: Daniel Axtens +--- + grub-core/commands/pgp.c | 2 +- + util/grub-install-common.c | 23 ++++++++++++++++++++++- + util/grub-mkimage.c | 15 +++++++++++++-- + util/mkimage.c | 41 ++++++++++++++++++++++++++++++++++++++--- + include/grub/kernel.h | 3 ++- + include/grub/util/install.h | 7 +++++-- + 6 files changed, 81 insertions(+), 10 deletions(-) + +diff --git a/grub-core/commands/pgp.c b/grub-core/commands/pgp.c +index 75de32c2a..55d354be0 100644 +--- a/grub-core/commands/pgp.c ++++ b/grub-core/commands/pgp.c +@@ -944,7 +944,7 @@ GRUB_MOD_INIT(pgp) + grub_memset (&pseudo_file, 0, sizeof (pseudo_file)); + + /* Not an ELF module, skip. */ +- if (header->type != OBJ_TYPE_PUBKEY) ++ if (header->type != OBJ_TYPE_GPG_PUBKEY) + continue; + + pseudo_file.fs = &pseudo_fs; +diff --git a/util/grub-install-common.c b/util/grub-install-common.c +index 561e671ff..fa6b65347 100644 +--- a/util/grub-install-common.c ++++ b/util/grub-install-common.c +@@ -302,6 +302,8 @@ handle_install_list (struct install_list *il, const char *val, + + static char **pubkeys; + static size_t npubkeys; ++static char **x509keys; ++static size_t nx509keys; + static grub_compression_t compression; + static size_t appsig_size; + +@@ -334,6 +336,12 @@ grub_install_parse (int key, char *arg) + * (npubkeys + 1)); + pubkeys[npubkeys++] = xstrdup (arg); + return 1; ++ case 'x': ++ x509keys = xrealloc (x509keys, ++ sizeof (x509keys[0]) ++ * (nx509keys + 1)); ++ x509keys[nx509keys++] = xstrdup (arg); ++ return 1; + + case GRUB_INSTALL_OPTIONS_VERBOSITY: + verbosity++; +@@ -460,6 +468,9 @@ grub_install_make_image_wrap_file (const char *dir, const char *prefix, + for (pk = pubkeys; pk < pubkeys + npubkeys; pk++) + slen += 20 + grub_strlen (*pk); + ++ for (pk = x509keys; pk < x509keys + nx509keys; pk++) ++ slen += 10 + grub_strlen (*pk); ++ + for (md = modules.entries; *md; md++) + { + slen += 10 + grub_strlen (*md); +@@ -488,6 +499,14 @@ grub_install_make_image_wrap_file (const char *dir, const char *prefix, + *p++ = ' '; + } + ++ for (pk = x509keys; pk < x509keys + nx509keys; pk++) ++ { ++ p = grub_stpcpy (p, "--x509 '"); ++ p = grub_stpcpy (p, *pk); ++ *p++ = '\''; ++ *p++ = ' '; ++ } ++ + for (md = modules.entries; *md; md++) + { + *p++ = '\''; +@@ -515,7 +534,9 @@ grub_install_make_image_wrap_file (const char *dir, const char *prefix, + + grub_install_generate_image (dir, prefix, fp, outname, + modules.entries, memdisk_path, +- pubkeys, npubkeys, config_path, tgt, ++ pubkeys, npubkeys, ++ x509keys, nx509keys, ++ config_path, tgt, + note, appsig_size, compression, dtb); + while (dc--) + grub_install_pop_module (); +diff --git a/util/grub-mkimage.c b/util/grub-mkimage.c +index 65a015d8a..394d2dc5f 100644 +--- a/util/grub-mkimage.c ++++ b/util/grub-mkimage.c +@@ -75,7 +75,8 @@ static struct argp_option options[] = { + /* TRANSLATORS: "embed" is a verb (command description). "*/ + {"config", 'c', N_("FILE"), 0, N_("embed FILE as an early config"), 0}, + /* TRANSLATORS: "embed" is a verb (command description). "*/ +- {"pubkey", 'k', N_("FILE"), 0, N_("embed FILE as public key for signature checking"), 0}, ++ {"pubkey", 'k', N_("FILE"), 0, N_("embed FILE as public key for PGP signature checking"), 0}, ++ {"x509", 'x', N_("FILE"), 0, N_("embed FILE as an x509 certificate for appended signature checking"), 0}, + /* TRANSLATORS: NOTE is a name of segment. */ + {"note", 'n', 0, 0, N_("add NOTE segment for CHRP IEEE1275"), 0}, + {"output", 'o', N_("FILE"), 0, N_("output a generated image to FILE [default=stdout]"), 0}, +@@ -122,6 +123,8 @@ struct arguments + char *dtb; + char **pubkeys; + size_t npubkeys; ++ char **x509keys; ++ size_t nx509keys; + char *font; + char *config; + int note; +@@ -202,6 +205,13 @@ argp_parser (int key, char *arg, struct argp_state *state) + arguments->pubkeys[arguments->npubkeys++] = xstrdup (arg); + break; + ++ case 'x': ++ arguments->x509keys = xrealloc (arguments->x509keys, ++ sizeof (arguments->x509keys[0]) ++ * (arguments->nx509keys + 1)); ++ arguments->x509keys[arguments->nx509keys++] = xstrdup (arg); ++ break; ++ + case 'c': + if (arguments->config) + free (arguments->config); +@@ -317,7 +327,8 @@ main (int argc, char *argv[]) + grub_install_generate_image (arguments.dir, arguments.prefix, fp, + arguments.output, arguments.modules, + arguments.memdisk, arguments.pubkeys, +- arguments.npubkeys, arguments.config, ++ arguments.npubkeys, arguments.x509keys, ++ arguments.nx509keys, arguments.config, + arguments.image_target, arguments.note, + arguments.appsig_size, + arguments.comp, arguments.dtb); +diff --git a/util/mkimage.c b/util/mkimage.c +index a81120f26..2529de4bb 100644 +--- a/util/mkimage.c ++++ b/util/mkimage.c +@@ -774,8 +774,10 @@ grub_install_get_image_targets_string (void) + void + grub_install_generate_image (const char *dir, const char *prefix, + FILE *out, const char *outname, char *mods[], +- char *memdisk_path, char **pubkey_paths, +- size_t npubkeys, char *config_path, ++ char *memdisk_path, ++ char **pubkey_paths, size_t npubkeys, ++ char **x509key_paths, size_t nx509keys, ++ char *config_path, + const struct grub_install_image_target_desc *image_target, + int note, size_t appsig_size, grub_compression_t comp, const char *dtb_path) + { +@@ -819,6 +821,19 @@ grub_install_generate_image (const char *dir, const char *prefix, + } + } + ++ { ++ size_t i; ++ for (i = 0; i < nx509keys; i++) ++ { ++ size_t curs; ++ curs = ALIGN_ADDR (grub_util_get_image_size (x509key_paths[i])); ++ grub_util_info ("the size of x509 public key %u is 0x%" ++ GRUB_HOST_PRIxLONG_LONG, ++ (unsigned) i, (unsigned long long) curs); ++ total_module_size += curs + sizeof (struct grub_module_header); ++ } ++ } ++ + if (memdisk_path) + { + memdisk_size = ALIGN_UP(grub_util_get_image_size (memdisk_path), 512); +@@ -933,7 +948,7 @@ grub_install_generate_image (const char *dir, const char *prefix, + curs = grub_util_get_image_size (pubkey_paths[i]); + + header = (struct grub_module_header *) (kernel_img + offset); +- header->type = grub_host_to_target32 (OBJ_TYPE_PUBKEY); ++ header->type = grub_host_to_target32 (OBJ_TYPE_GPG_PUBKEY); + header->size = grub_host_to_target32 (curs + sizeof (*header)); + offset += sizeof (*header); + +@@ -942,6 +957,26 @@ grub_install_generate_image (const char *dir, const char *prefix, + } + } + ++ { ++ size_t i; ++ for (i = 0; i < nx509keys; i++) ++ { ++ size_t curs; ++ struct grub_module_header *header; ++ ++ curs = grub_util_get_image_size (x509key_paths[i]); ++ ++ header = (struct grub_module_header *) (kernel_img + offset); ++ header->type = grub_host_to_target32 (OBJ_TYPE_X509_PUBKEY); ++ header->size = grub_host_to_target32 (curs + sizeof (*header)); ++ offset += sizeof (*header); ++ ++ grub_util_load_image (x509key_paths[i], kernel_img + offset); ++ offset += ALIGN_ADDR (curs); ++ } ++ } ++ ++ + if (memdisk_path) + { + struct grub_module_header *header; +diff --git a/include/grub/kernel.h b/include/grub/kernel.h +index 9548d552a..75a057d46 100644 +--- a/include/grub/kernel.h ++++ b/include/grub/kernel.h +@@ -28,7 +28,8 @@ enum + OBJ_TYPE_MEMDISK, + OBJ_TYPE_CONFIG, + OBJ_TYPE_PREFIX, +- OBJ_TYPE_PUBKEY, ++ OBJ_TYPE_GPG_PUBKEY, ++ OBJ_TYPE_X509_PUBKEY, + OBJ_TYPE_DTB + }; + +diff --git a/include/grub/util/install.h b/include/grub/util/install.h +index ba5e6a2ea..95059285b 100644 +--- a/include/grub/util/install.h ++++ b/include/grub/util/install.h +@@ -63,6 +63,8 @@ + /* TRANSLATORS: "embed" is a verb (command description). "*/ \ + { "pubkey", 'k', N_("FILE"), 0, \ + N_("embed FILE as public key for signature checking"), 0}, \ ++ { "x509key", 'x', N_("FILE"), 0, \ ++ N_("embed FILE as an x509 certificate for signature checking"), 0}, \ + { "appended-signature-size", GRUB_INSTALL_OPTIONS_APPENDED_SIGNATURE_SIZE,\ + "SIZE", 0, N_("Add a note segment reserving SIZE bytes for an appended signature"), \ + 1}, \ +@@ -179,8 +181,9 @@ void + grub_install_generate_image (const char *dir, const char *prefix, + FILE *out, + const char *outname, char *mods[], +- char *memdisk_path, char **pubkey_paths, +- size_t npubkeys, ++ char *memdisk_path, ++ char **pubkey_paths, size_t npubkeys, ++ char **x509key_paths, size_t nx509keys, + char *config_path, + const struct grub_install_image_target_desc *image_target, + int note, size_t appsig_size, diff --git a/SOURCES/0365-appended-signatures-import-GNUTLS-s-ASN.1-descriptio.patch b/SOURCES/0365-appended-signatures-import-GNUTLS-s-ASN.1-descriptio.patch new file mode 100644 index 0000000..a9ee5b4 --- /dev/null +++ b/SOURCES/0365-appended-signatures-import-GNUTLS-s-ASN.1-descriptio.patch @@ -0,0 +1,639 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Thu, 30 Jul 2020 01:35:10 +1000 +Subject: [PATCH] appended signatures: import GNUTLS's ASN.1 description files + +In order to parse PKCS#7 messages and X.509 certificates with libtasn1, +we need some information about how they are encoded. + +We get these from GNUTLS, which has the benefit that they support the +features we need and are well tested. + +The GNUTLS license is LGPLv2.1+, which is GPLv3 compatible, allowing +us to import it without issue. + +Signed-off-by: Daniel Axtens +--- + grub-core/commands/appendedsig/gnutls_asn1_tab.c | 121 ++++++ + grub-core/commands/appendedsig/pkix_asn1_tab.c | 484 +++++++++++++++++++++++ + 2 files changed, 605 insertions(+) + create mode 100644 grub-core/commands/appendedsig/gnutls_asn1_tab.c + create mode 100644 grub-core/commands/appendedsig/pkix_asn1_tab.c + +diff --git a/grub-core/commands/appendedsig/gnutls_asn1_tab.c b/grub-core/commands/appendedsig/gnutls_asn1_tab.c +new file mode 100644 +index 000000000..ddd1314e6 +--- /dev/null ++++ b/grub-core/commands/appendedsig/gnutls_asn1_tab.c +@@ -0,0 +1,121 @@ ++#include ++#include ++ ++const asn1_static_node gnutls_asn1_tab[] = { ++ { "GNUTLS", 536872976, NULL }, ++ { NULL, 1073741836, NULL }, ++ { "RSAPublicKey", 1610612741, NULL }, ++ { "modulus", 1073741827, NULL }, ++ { "publicExponent", 3, NULL }, ++ { "RSAPrivateKey", 1610612741, NULL }, ++ { "version", 1073741827, NULL }, ++ { "modulus", 1073741827, NULL }, ++ { "publicExponent", 1073741827, NULL }, ++ { "privateExponent", 1073741827, NULL }, ++ { "prime1", 1073741827, NULL }, ++ { "prime2", 1073741827, NULL }, ++ { "exponent1", 1073741827, NULL }, ++ { "exponent2", 1073741827, NULL }, ++ { "coefficient", 1073741827, NULL }, ++ { "otherPrimeInfos", 16386, "OtherPrimeInfos"}, ++ { "ProvableSeed", 1610612741, NULL }, ++ { "algorithm", 1073741836, NULL }, ++ { "seed", 7, NULL }, ++ { "OtherPrimeInfos", 1612709899, NULL }, ++ { "MAX", 1074266122, "1"}, ++ { NULL, 2, "OtherPrimeInfo"}, ++ { "OtherPrimeInfo", 1610612741, NULL }, ++ { "prime", 1073741827, NULL }, ++ { "exponent", 1073741827, NULL }, ++ { "coefficient", 3, NULL }, ++ { "AlgorithmIdentifier", 1610612741, NULL }, ++ { "algorithm", 1073741836, NULL }, ++ { "parameters", 541081613, NULL }, ++ { "algorithm", 1, NULL }, ++ { "DigestInfo", 1610612741, NULL }, ++ { "digestAlgorithm", 1073741826, "DigestAlgorithmIdentifier"}, ++ { "digest", 7, NULL }, ++ { "DigestAlgorithmIdentifier", 1073741826, "AlgorithmIdentifier"}, ++ { "DSAPublicKey", 1073741827, NULL }, ++ { "DSAParameters", 1610612741, NULL }, ++ { "p", 1073741827, NULL }, ++ { "q", 1073741827, NULL }, ++ { "g", 3, NULL }, ++ { "DSASignatureValue", 1610612741, NULL }, ++ { "r", 1073741827, NULL }, ++ { "s", 3, NULL }, ++ { "DSAPrivateKey", 1610612741, NULL }, ++ { "version", 1073741827, NULL }, ++ { "p", 1073741827, NULL }, ++ { "q", 1073741827, NULL }, ++ { "g", 1073741827, NULL }, ++ { "Y", 1073741827, NULL }, ++ { "priv", 3, NULL }, ++ { "DHParameter", 1610612741, NULL }, ++ { "prime", 1073741827, NULL }, ++ { "base", 1073741827, NULL }, ++ { "privateValueLength", 16387, NULL }, ++ { "ECParameters", 1610612754, NULL }, ++ { "namedCurve", 12, NULL }, ++ { "ECPrivateKey", 1610612741, NULL }, ++ { "Version", 1073741827, NULL }, ++ { "privateKey", 1073741831, NULL }, ++ { "parameters", 1610637314, "ECParameters"}, ++ { NULL, 2056, "0"}, ++ { "publicKey", 536895494, NULL }, ++ { NULL, 2056, "1"}, ++ { "PrincipalName", 1610612741, NULL }, ++ { "name-type", 1610620931, NULL }, ++ { NULL, 2056, "0"}, ++ { "name-string", 536879115, NULL }, ++ { NULL, 1073743880, "1"}, ++ { NULL, 27, NULL }, ++ { "KRB5PrincipalName", 1610612741, NULL }, ++ { "realm", 1610620955, NULL }, ++ { NULL, 2056, "0"}, ++ { "principalName", 536879106, "PrincipalName"}, ++ { NULL, 2056, "1"}, ++ { "RSAPSSParameters", 1610612741, NULL }, ++ { "hashAlgorithm", 1610637314, "AlgorithmIdentifier"}, ++ { NULL, 2056, "0"}, ++ { "maskGenAlgorithm", 1610637314, "AlgorithmIdentifier"}, ++ { NULL, 2056, "1"}, ++ { "saltLength", 1610653699, NULL }, ++ { NULL, 1073741833, "20"}, ++ { NULL, 2056, "2"}, ++ { "trailerField", 536911875, NULL }, ++ { NULL, 1073741833, "1"}, ++ { NULL, 2056, "3"}, ++ { "GOSTParameters", 1610612741, NULL }, ++ { "publicKeyParamSet", 1073741836, NULL }, ++ { "digestParamSet", 16396, NULL }, ++ { "GOSTParametersOld", 1610612741, NULL }, ++ { "publicKeyParamSet", 1073741836, NULL }, ++ { "digestParamSet", 1073741836, NULL }, ++ { "encryptionParamSet", 16396, NULL }, ++ { "GOSTPrivateKey", 1073741831, NULL }, ++ { "GOSTPrivateKeyOld", 1073741827, NULL }, ++ { "IssuerSignTool", 1610612741, NULL }, ++ { "signTool", 1073741858, NULL }, ++ { "cATool", 1073741858, NULL }, ++ { "signToolCert", 1073741858, NULL }, ++ { "cAToolCert", 34, NULL }, ++ { "Gost28147-89-EncryptedKey", 1610612741, NULL }, ++ { "encryptedKey", 1073741831, NULL }, ++ { "maskKey", 1610637319, NULL }, ++ { NULL, 4104, "0"}, ++ { "macKey", 7, NULL }, ++ { "SubjectPublicKeyInfo", 1610612741, NULL }, ++ { "algorithm", 1073741826, "AlgorithmIdentifier"}, ++ { "subjectPublicKey", 6, NULL }, ++ { "GostR3410-TransportParameters", 1610612741, NULL }, ++ { "encryptionParamSet", 1073741836, NULL }, ++ { "ephemeralPublicKey", 1610637314, "SubjectPublicKeyInfo"}, ++ { NULL, 4104, "0"}, ++ { "ukm", 7, NULL }, ++ { "GostR3410-KeyTransport", 536870917, NULL }, ++ { "sessionEncryptedKey", 1073741826, "Gost28147-89-EncryptedKey"}, ++ { "transportParameters", 536895490, "GostR3410-TransportParameters"}, ++ { NULL, 4104, "0"}, ++ { NULL, 0, NULL } ++}; +diff --git a/grub-core/commands/appendedsig/pkix_asn1_tab.c b/grub-core/commands/appendedsig/pkix_asn1_tab.c +new file mode 100644 +index 000000000..adef69d95 +--- /dev/null ++++ b/grub-core/commands/appendedsig/pkix_asn1_tab.c +@@ -0,0 +1,484 @@ ++#include ++#include ++ ++const asn1_static_node pkix_asn1_tab[] = { ++ { "PKIX1", 536875024, NULL }, ++ { NULL, 1073741836, NULL }, ++ { "PrivateKeyUsagePeriod", 1610612741, NULL }, ++ { "notBefore", 1610637349, NULL }, ++ { NULL, 4104, "0"}, ++ { "notAfter", 536895525, NULL }, ++ { NULL, 4104, "1"}, ++ { "AuthorityKeyIdentifier", 1610612741, NULL }, ++ { "keyIdentifier", 1610637319, NULL }, ++ { NULL, 4104, "0"}, ++ { "authorityCertIssuer", 1610637314, "GeneralNames"}, ++ { NULL, 4104, "1"}, ++ { "authorityCertSerialNumber", 536895490, "CertificateSerialNumber"}, ++ { NULL, 4104, "2"}, ++ { "SubjectKeyIdentifier", 1073741831, NULL }, ++ { "KeyUsage", 1073741830, NULL }, ++ { "DirectoryString", 1610612754, NULL }, ++ { "teletexString", 1612709918, NULL }, ++ { "MAX", 524298, "1"}, ++ { "printableString", 1612709919, NULL }, ++ { "MAX", 524298, "1"}, ++ { "universalString", 1612709920, NULL }, ++ { "MAX", 524298, "1"}, ++ { "utf8String", 1612709922, NULL }, ++ { "MAX", 524298, "1"}, ++ { "bmpString", 1612709921, NULL }, ++ { "MAX", 524298, "1"}, ++ { "ia5String", 538968093, NULL }, ++ { "MAX", 524298, "1"}, ++ { "SubjectAltName", 1073741826, "GeneralNames"}, ++ { "GeneralNames", 1612709899, NULL }, ++ { "MAX", 1074266122, "1"}, ++ { NULL, 2, "GeneralName"}, ++ { "GeneralName", 1610612754, NULL }, ++ { "otherName", 1610620930, "AnotherName"}, ++ { NULL, 4104, "0"}, ++ { "rfc822Name", 1610620957, NULL }, ++ { NULL, 4104, "1"}, ++ { "dNSName", 1610620957, NULL }, ++ { NULL, 4104, "2"}, ++ { "x400Address", 1610620941, NULL }, ++ { NULL, 4104, "3"}, ++ { "directoryName", 1610620939, NULL }, ++ { NULL, 1073743880, "4"}, ++ { NULL, 2, "RelativeDistinguishedName"}, ++ { "ediPartyName", 1610620941, NULL }, ++ { NULL, 4104, "5"}, ++ { "uniformResourceIdentifier", 1610620957, NULL }, ++ { NULL, 4104, "6"}, ++ { "iPAddress", 1610620935, NULL }, ++ { NULL, 4104, "7"}, ++ { "registeredID", 536879116, NULL }, ++ { NULL, 4104, "8"}, ++ { "AnotherName", 1610612741, NULL }, ++ { "type-id", 1073741836, NULL }, ++ { "value", 541073421, NULL }, ++ { NULL, 1073743880, "0"}, ++ { "type-id", 1, NULL }, ++ { "IssuerAltName", 1073741826, "GeneralNames"}, ++ { "BasicConstraints", 1610612741, NULL }, ++ { "cA", 1610645508, NULL }, ++ { NULL, 131081, NULL }, ++ { "pathLenConstraint", 537411587, NULL }, ++ { "0", 10, "MAX"}, ++ { "CRLDistributionPoints", 1612709899, NULL }, ++ { "MAX", 1074266122, "1"}, ++ { NULL, 2, "DistributionPoint"}, ++ { "DistributionPoint", 1610612741, NULL }, ++ { "distributionPoint", 1610637314, "DistributionPointName"}, ++ { NULL, 2056, "0"}, ++ { "reasons", 1610637314, "ReasonFlags"}, ++ { NULL, 4104, "1"}, ++ { "cRLIssuer", 536895490, "GeneralNames"}, ++ { NULL, 4104, "2"}, ++ { "DistributionPointName", 1610612754, NULL }, ++ { "fullName", 1610620930, "GeneralNames"}, ++ { NULL, 4104, "0"}, ++ { "nameRelativeToCRLIssuer", 536879106, "RelativeDistinguishedName"}, ++ { NULL, 4104, "1"}, ++ { "ReasonFlags", 1073741830, NULL }, ++ { "ExtKeyUsageSyntax", 1612709899, NULL }, ++ { "MAX", 1074266122, "1"}, ++ { NULL, 12, NULL }, ++ { "AuthorityInfoAccessSyntax", 1612709899, NULL }, ++ { "MAX", 1074266122, "1"}, ++ { NULL, 2, "AccessDescription"}, ++ { "AccessDescription", 1610612741, NULL }, ++ { "accessMethod", 1073741836, NULL }, ++ { "accessLocation", 2, "GeneralName"}, ++ { "Attribute", 1610612741, NULL }, ++ { "type", 1073741836, NULL }, ++ { "values", 536870927, NULL }, ++ { NULL, 13, NULL }, ++ { "AttributeTypeAndValue", 1610612741, NULL }, ++ { "type", 1073741836, NULL }, ++ { "value", 13, NULL }, ++ { "Name", 1610612754, NULL }, ++ { "rdnSequence", 536870923, NULL }, ++ { NULL, 2, "RelativeDistinguishedName"}, ++ { "DistinguishedName", 1610612747, NULL }, ++ { NULL, 2, "RelativeDistinguishedName"}, ++ { "RelativeDistinguishedName", 1612709903, NULL }, ++ { "MAX", 1074266122, "1"}, ++ { NULL, 2, "AttributeTypeAndValue"}, ++ { "Certificate", 1610612741, NULL }, ++ { "tbsCertificate", 1073741826, "TBSCertificate"}, ++ { "signatureAlgorithm", 1073741826, "AlgorithmIdentifier"}, ++ { "signature", 6, NULL }, ++ { "TBSCertificate", 1610612741, NULL }, ++ { "version", 1610653699, NULL }, ++ { NULL, 1073741833, "0"}, ++ { NULL, 2056, "0"}, ++ { "serialNumber", 1073741826, "CertificateSerialNumber"}, ++ { "signature", 1073741826, "AlgorithmIdentifier"}, ++ { "issuer", 1073741826, "Name"}, ++ { "validity", 1073741826, "Validity"}, ++ { "subject", 1073741826, "Name"}, ++ { "subjectPublicKeyInfo", 1073741826, "SubjectPublicKeyInfo"}, ++ { "issuerUniqueID", 1610637314, "UniqueIdentifier"}, ++ { NULL, 4104, "1"}, ++ { "subjectUniqueID", 1610637314, "UniqueIdentifier"}, ++ { NULL, 4104, "2"}, ++ { "extensions", 536895490, "Extensions"}, ++ { NULL, 2056, "3"}, ++ { "CertificateSerialNumber", 1073741827, NULL }, ++ { "Validity", 1610612741, NULL }, ++ { "notBefore", 1073741826, "Time"}, ++ { "notAfter", 2, "Time"}, ++ { "Time", 1610612754, NULL }, ++ { "utcTime", 1073741860, NULL }, ++ { "generalTime", 37, NULL }, ++ { "UniqueIdentifier", 1073741830, NULL }, ++ { "SubjectPublicKeyInfo", 1610612741, NULL }, ++ { "algorithm", 1073741826, "AlgorithmIdentifier"}, ++ { "subjectPublicKey", 6, NULL }, ++ { "Extensions", 1612709899, NULL }, ++ { "MAX", 1074266122, "1"}, ++ { NULL, 2, "Extension"}, ++ { "Extension", 1610612741, NULL }, ++ { "extnID", 1073741836, NULL }, ++ { "critical", 1610645508, NULL }, ++ { NULL, 131081, NULL }, ++ { "extnValue", 7, NULL }, ++ { "CertificateList", 1610612741, NULL }, ++ { "tbsCertList", 1073741826, "TBSCertList"}, ++ { "signatureAlgorithm", 1073741826, "AlgorithmIdentifier"}, ++ { "signature", 6, NULL }, ++ { "TBSCertList", 1610612741, NULL }, ++ { "version", 1073758211, NULL }, ++ { "signature", 1073741826, "AlgorithmIdentifier"}, ++ { "issuer", 1073741826, "Name"}, ++ { "thisUpdate", 1073741826, "Time"}, ++ { "nextUpdate", 1073758210, "Time"}, ++ { "revokedCertificates", 1610629131, NULL }, ++ { NULL, 536870917, NULL }, ++ { "userCertificate", 1073741826, "CertificateSerialNumber"}, ++ { "revocationDate", 1073741826, "Time"}, ++ { "crlEntryExtensions", 16386, "Extensions"}, ++ { "crlExtensions", 536895490, "Extensions"}, ++ { NULL, 2056, "0"}, ++ { "AlgorithmIdentifier", 1610612741, NULL }, ++ { "algorithm", 1073741836, NULL }, ++ { "parameters", 541081613, NULL }, ++ { "algorithm", 1, NULL }, ++ { "Dss-Sig-Value", 1610612741, NULL }, ++ { "r", 1073741827, NULL }, ++ { "s", 3, NULL }, ++ { "Dss-Parms", 1610612741, NULL }, ++ { "p", 1073741827, NULL }, ++ { "q", 1073741827, NULL }, ++ { "g", 3, NULL }, ++ { "pkcs-7-ContentInfo", 1610612741, NULL }, ++ { "contentType", 1073741836, NULL }, ++ { "content", 541073421, NULL }, ++ { NULL, 1073743880, "0"}, ++ { "contentType", 1, NULL }, ++ { "pkcs-7-DigestInfo", 1610612741, NULL }, ++ { "digestAlgorithm", 1073741826, "AlgorithmIdentifier"}, ++ { "digest", 7, NULL }, ++ { "pkcs-7-SignedData", 1610612741, NULL }, ++ { "version", 1073741827, NULL }, ++ { "digestAlgorithms", 1073741826, "pkcs-7-DigestAlgorithmIdentifiers"}, ++ { "encapContentInfo", 1073741826, "pkcs-7-EncapsulatedContentInfo"}, ++ { "certificates", 1610637314, "pkcs-7-CertificateSet"}, ++ { NULL, 4104, "0"}, ++ { "crls", 1610637314, "pkcs-7-CertificateRevocationLists"}, ++ { NULL, 4104, "1"}, ++ { "signerInfos", 2, "pkcs-7-SignerInfos"}, ++ { "pkcs-7-DigestAlgorithmIdentifiers", 1610612751, NULL }, ++ { NULL, 2, "AlgorithmIdentifier"}, ++ { "pkcs-7-EncapsulatedContentInfo", 1610612741, NULL }, ++ { "eContentType", 1073741836, NULL }, ++ { "eContent", 536895501, NULL }, ++ { NULL, 2056, "0"}, ++ { "pkcs-7-CertificateRevocationLists", 1610612751, NULL }, ++ { NULL, 13, NULL }, ++ { "pkcs-7-CertificateChoices", 1610612754, NULL }, ++ { "certificate", 13, NULL }, ++ { "pkcs-7-CertificateSet", 1610612751, NULL }, ++ { NULL, 2, "pkcs-7-CertificateChoices"}, ++ { "IssuerAndSerialNumber", 1610612741, NULL }, ++ { "issuer", 1073741826, "Name"}, ++ { "serialNumber", 2, "CertificateSerialNumber"}, ++ { "pkcs-7-SignerInfo", 1610612741, NULL }, ++ { "version", 1073741827, NULL }, ++ { "sid", 1073741826, "SignerIdentifier"}, ++ { "digestAlgorithm", 1073741826, "AlgorithmIdentifier"}, ++ { "signedAttrs", 1610637314, "SignedAttributes"}, ++ { NULL, 4104, "0"}, ++ { "signatureAlgorithm", 1073741826, "AlgorithmIdentifier"}, ++ { "signature", 1073741831, NULL }, ++ { "unsignedAttrs", 536895490, "SignedAttributes"}, ++ { NULL, 4104, "1"}, ++ { "SignedAttributes", 1612709903, NULL }, ++ { "MAX", 1074266122, "1"}, ++ { NULL, 2, "Attribute"}, ++ { "SignerIdentifier", 1610612754, NULL }, ++ { "issuerAndSerialNumber", 1073741826, "IssuerAndSerialNumber"}, ++ { "subjectKeyIdentifier", 536879111, NULL }, ++ { NULL, 4104, "0"}, ++ { "pkcs-7-SignerInfos", 1610612751, NULL }, ++ { NULL, 2, "pkcs-7-SignerInfo"}, ++ { "pkcs-10-CertificationRequestInfo", 1610612741, NULL }, ++ { "version", 1073741827, NULL }, ++ { "subject", 1073741826, "Name"}, ++ { "subjectPKInfo", 1073741826, "SubjectPublicKeyInfo"}, ++ { "attributes", 536879106, "Attributes"}, ++ { NULL, 4104, "0"}, ++ { "Attributes", 1610612751, NULL }, ++ { NULL, 2, "Attribute"}, ++ { "pkcs-10-CertificationRequest", 1610612741, NULL }, ++ { "certificationRequestInfo", 1073741826, "pkcs-10-CertificationRequestInfo"}, ++ { "signatureAlgorithm", 1073741826, "AlgorithmIdentifier"}, ++ { "signature", 6, NULL }, ++ { "pkcs-9-at-challengePassword", 1879048204, NULL }, ++ { "iso", 1073741825, "1"}, ++ { "member-body", 1073741825, "2"}, ++ { "us", 1073741825, "840"}, ++ { "rsadsi", 1073741825, "113549"}, ++ { "pkcs", 1073741825, "1"}, ++ { NULL, 1073741825, "9"}, ++ { NULL, 1, "7"}, ++ { "pkcs-9-challengePassword", 1610612754, NULL }, ++ { "printableString", 1073741855, NULL }, ++ { "utf8String", 34, NULL }, ++ { "pkcs-9-localKeyId", 1073741831, NULL }, ++ { "pkcs-8-PrivateKeyInfo", 1610612741, NULL }, ++ { "version", 1073741827, NULL }, ++ { "privateKeyAlgorithm", 1073741826, "AlgorithmIdentifier"}, ++ { "privateKey", 1073741831, NULL }, ++ { "attributes", 536895490, "Attributes"}, ++ { NULL, 4104, "0"}, ++ { "pkcs-8-EncryptedPrivateKeyInfo", 1610612741, NULL }, ++ { "encryptionAlgorithm", 1073741826, "AlgorithmIdentifier"}, ++ { "encryptedData", 2, "pkcs-8-EncryptedData"}, ++ { "pkcs-8-EncryptedData", 1073741831, NULL }, ++ { "pkcs-5-des-CBC-params", 1612709895, NULL }, ++ { NULL, 1048586, "8"}, ++ { "pkcs-5-des-EDE3-CBC-params", 1612709895, NULL }, ++ { NULL, 1048586, "8"}, ++ { "pkcs-5-aes128-CBC-params", 1612709895, NULL }, ++ { NULL, 1048586, "16"}, ++ { "pkcs-5-aes192-CBC-params", 1612709895, NULL }, ++ { NULL, 1048586, "16"}, ++ { "pkcs-5-aes256-CBC-params", 1612709895, NULL }, ++ { NULL, 1048586, "16"}, ++ { "Gost28147-89-Parameters", 1610612741, NULL }, ++ { "iv", 1073741831, NULL }, ++ { "encryptionParamSet", 12, NULL }, ++ { "pkcs-5-PBE-params", 1610612741, NULL }, ++ { "salt", 1073741831, NULL }, ++ { "iterationCount", 3, NULL }, ++ { "pkcs-5-PBES2-params", 1610612741, NULL }, ++ { "keyDerivationFunc", 1073741826, "AlgorithmIdentifier"}, ++ { "encryptionScheme", 2, "AlgorithmIdentifier"}, ++ { "pkcs-5-PBKDF2-params", 1610612741, NULL }, ++ { "salt", 1610612754, NULL }, ++ { "specified", 1073741831, NULL }, ++ { "otherSource", 2, "AlgorithmIdentifier"}, ++ { "iterationCount", 1611137027, NULL }, ++ { "1", 10, "MAX"}, ++ { "keyLength", 1611153411, NULL }, ++ { "1", 10, "MAX"}, ++ { "prf", 16386, "AlgorithmIdentifier"}, ++ { "pkcs-12-PFX", 1610612741, NULL }, ++ { "version", 1610874883, NULL }, ++ { "v3", 1, "3"}, ++ { "authSafe", 1073741826, "pkcs-7-ContentInfo"}, ++ { "macData", 16386, "pkcs-12-MacData"}, ++ { "pkcs-12-PbeParams", 1610612741, NULL }, ++ { "salt", 1073741831, NULL }, ++ { "iterations", 3, NULL }, ++ { "pkcs-12-MacData", 1610612741, NULL }, ++ { "mac", 1073741826, "pkcs-7-DigestInfo"}, ++ { "macSalt", 1073741831, NULL }, ++ { "iterations", 536903683, NULL }, ++ { NULL, 9, "1"}, ++ { "pkcs-12-AuthenticatedSafe", 1610612747, NULL }, ++ { NULL, 2, "pkcs-7-ContentInfo"}, ++ { "pkcs-12-SafeContents", 1610612747, NULL }, ++ { NULL, 2, "pkcs-12-SafeBag"}, ++ { "pkcs-12-SafeBag", 1610612741, NULL }, ++ { "bagId", 1073741836, NULL }, ++ { "bagValue", 1614815245, NULL }, ++ { NULL, 1073743880, "0"}, ++ { "badId", 1, NULL }, ++ { "bagAttributes", 536887311, NULL }, ++ { NULL, 2, "Attribute"}, ++ { "pkcs-12-CertBag", 1610612741, NULL }, ++ { "certId", 1073741836, NULL }, ++ { "certValue", 541073421, NULL }, ++ { NULL, 1073743880, "0"}, ++ { "certId", 1, NULL }, ++ { "pkcs-12-CRLBag", 1610612741, NULL }, ++ { "crlId", 1073741836, NULL }, ++ { "crlValue", 541073421, NULL }, ++ { NULL, 1073743880, "0"}, ++ { "crlId", 1, NULL }, ++ { "pkcs-12-SecretBag", 1610612741, NULL }, ++ { "secretTypeId", 1073741836, NULL }, ++ { "secretValue", 541073421, NULL }, ++ { NULL, 1073743880, "0"}, ++ { "secretTypeId", 1, NULL }, ++ { "pkcs-7-Data", 1073741831, NULL }, ++ { "pkcs-7-EncryptedData", 1610612741, NULL }, ++ { "version", 1073741827, NULL }, ++ { "encryptedContentInfo", 1073741826, "pkcs-7-EncryptedContentInfo"}, ++ { "unprotectedAttrs", 536895490, "pkcs-7-UnprotectedAttributes"}, ++ { NULL, 4104, "1"}, ++ { "pkcs-7-EncryptedContentInfo", 1610612741, NULL }, ++ { "contentType", 1073741836, NULL }, ++ { "contentEncryptionAlgorithm", 1073741826, "pkcs-7-ContentEncryptionAlgorithmIdentifier"}, ++ { "encryptedContent", 536895495, NULL }, ++ { NULL, 4104, "0"}, ++ { "pkcs-7-ContentEncryptionAlgorithmIdentifier", 1073741826, "AlgorithmIdentifier"}, ++ { "pkcs-7-UnprotectedAttributes", 1612709903, NULL }, ++ { "MAX", 1074266122, "1"}, ++ { NULL, 2, "Attribute"}, ++ { "ProxyCertInfo", 1610612741, NULL }, ++ { "pCPathLenConstraint", 1611153411, NULL }, ++ { "0", 10, "MAX"}, ++ { "proxyPolicy", 2, "ProxyPolicy"}, ++ { "ProxyPolicy", 1610612741, NULL }, ++ { "policyLanguage", 1073741836, NULL }, ++ { "policy", 16391, NULL }, ++ { "certificatePolicies", 1612709899, NULL }, ++ { "MAX", 1074266122, "1"}, ++ { NULL, 2, "PolicyInformation"}, ++ { "PolicyInformation", 1610612741, NULL }, ++ { "policyIdentifier", 1073741836, NULL }, ++ { "policyQualifiers", 538984459, NULL }, ++ { "MAX", 1074266122, "1"}, ++ { NULL, 2, "PolicyQualifierInfo"}, ++ { "PolicyQualifierInfo", 1610612741, NULL }, ++ { "policyQualifierId", 1073741836, NULL }, ++ { "qualifier", 541065229, NULL }, ++ { "policyQualifierId", 1, NULL }, ++ { "CPSuri", 1073741853, NULL }, ++ { "UserNotice", 1610612741, NULL }, ++ { "noticeRef", 1073758210, "NoticeReference"}, ++ { "explicitText", 16386, "DisplayText"}, ++ { "NoticeReference", 1610612741, NULL }, ++ { "organization", 1073741826, "DisplayText"}, ++ { "noticeNumbers", 536870923, NULL }, ++ { NULL, 3, NULL }, ++ { "DisplayText", 1610612754, NULL }, ++ { "ia5String", 1612709917, NULL }, ++ { "200", 524298, "1"}, ++ { "visibleString", 1612709923, NULL }, ++ { "200", 524298, "1"}, ++ { "bmpString", 1612709921, NULL }, ++ { "200", 524298, "1"}, ++ { "utf8String", 538968098, NULL }, ++ { "200", 524298, "1"}, ++ { "OCSPRequest", 1610612741, NULL }, ++ { "tbsRequest", 1073741826, "TBSRequest"}, ++ { "optionalSignature", 536895490, "Signature"}, ++ { NULL, 2056, "0"}, ++ { "TBSRequest", 1610612741, NULL }, ++ { "version", 1610653699, NULL }, ++ { NULL, 1073741833, "0"}, ++ { NULL, 2056, "0"}, ++ { "requestorName", 1610637314, "GeneralName"}, ++ { NULL, 2056, "1"}, ++ { "requestList", 1610612747, NULL }, ++ { NULL, 2, "Request"}, ++ { "requestExtensions", 536895490, "Extensions"}, ++ { NULL, 2056, "2"}, ++ { "Signature", 1610612741, NULL }, ++ { "signatureAlgorithm", 1073741826, "AlgorithmIdentifier"}, ++ { "signature", 1073741830, NULL }, ++ { "certs", 536895499, NULL }, ++ { NULL, 1073743880, "0"}, ++ { NULL, 2, "Certificate"}, ++ { "Request", 1610612741, NULL }, ++ { "reqCert", 1073741826, "CertID"}, ++ { "singleRequestExtensions", 536895490, "Extensions"}, ++ { NULL, 2056, "0"}, ++ { "CertID", 1610612741, NULL }, ++ { "hashAlgorithm", 1073741826, "AlgorithmIdentifier"}, ++ { "issuerNameHash", 1073741831, NULL }, ++ { "issuerKeyHash", 1073741831, NULL }, ++ { "serialNumber", 2, "CertificateSerialNumber"}, ++ { "OCSPResponse", 1610612741, NULL }, ++ { "responseStatus", 1073741826, "OCSPResponseStatus"}, ++ { "responseBytes", 536895490, "ResponseBytes"}, ++ { NULL, 2056, "0"}, ++ { "OCSPResponseStatus", 1610874901, NULL }, ++ { "successful", 1073741825, "0"}, ++ { "malformedRequest", 1073741825, "1"}, ++ { "internalError", 1073741825, "2"}, ++ { "tryLater", 1073741825, "3"}, ++ { "sigRequired", 1073741825, "5"}, ++ { "unauthorized", 1, "6"}, ++ { "ResponseBytes", 1610612741, NULL }, ++ { "responseType", 1073741836, NULL }, ++ { "response", 7, NULL }, ++ { "BasicOCSPResponse", 1610612741, NULL }, ++ { "tbsResponseData", 1073741826, "ResponseData"}, ++ { "signatureAlgorithm", 1073741826, "AlgorithmIdentifier"}, ++ { "signature", 1073741830, NULL }, ++ { "certs", 536895499, NULL }, ++ { NULL, 1073743880, "0"}, ++ { NULL, 2, "Certificate"}, ++ { "ResponseData", 1610612741, NULL }, ++ { "version", 1610653699, NULL }, ++ { NULL, 1073741833, "0"}, ++ { NULL, 2056, "0"}, ++ { "responderID", 1073741826, "ResponderID"}, ++ { "producedAt", 1073741861, NULL }, ++ { "responses", 1610612747, NULL }, ++ { NULL, 2, "SingleResponse"}, ++ { "responseExtensions", 536895490, "Extensions"}, ++ { NULL, 2056, "1"}, ++ { "ResponderID", 1610612754, NULL }, ++ { "byName", 1610620939, NULL }, ++ { NULL, 1073743880, "1"}, ++ { NULL, 2, "RelativeDistinguishedName"}, ++ { "byKey", 536879111, NULL }, ++ { NULL, 2056, "2"}, ++ { "SingleResponse", 1610612741, NULL }, ++ { "certID", 1073741826, "CertID"}, ++ { "certStatus", 1073741826, "CertStatus"}, ++ { "thisUpdate", 1073741861, NULL }, ++ { "nextUpdate", 1610637349, NULL }, ++ { NULL, 2056, "0"}, ++ { "singleExtensions", 536895490, "Extensions"}, ++ { NULL, 2056, "1"}, ++ { "CertStatus", 1610612754, NULL }, ++ { "good", 1610620948, NULL }, ++ { NULL, 4104, "0"}, ++ { "revoked", 1610620930, "RevokedInfo"}, ++ { NULL, 4104, "1"}, ++ { "unknown", 536879106, "UnknownInfo"}, ++ { NULL, 4104, "2"}, ++ { "RevokedInfo", 1610612741, NULL }, ++ { "revocationTime", 1073741861, NULL }, ++ { "revocationReason", 537157653, NULL }, ++ { NULL, 1073743880, "0"}, ++ { "unspecified", 1, "0"}, ++ { "UnknownInfo", 1073741844, NULL }, ++ { "NameConstraints", 1610612741, NULL }, ++ { "permittedSubtrees", 1610637314, "GeneralSubtrees"}, ++ { NULL, 4104, "0"}, ++ { "excludedSubtrees", 536895490, "GeneralSubtrees"}, ++ { NULL, 4104, "1"}, ++ { "GeneralSubtrees", 1612709899, NULL }, ++ { "MAX", 1074266122, "1"}, ++ { NULL, 2, "GeneralSubtree"}, ++ { "GeneralSubtree", 1610612741, NULL }, ++ { "base", 1073741826, "GeneralName"}, ++ { "minimum", 1610653699, NULL }, ++ { NULL, 1073741833, "0"}, ++ { NULL, 4104, "0"}, ++ { "maximum", 536895491, NULL }, ++ { NULL, 4104, "1"}, ++ { "TlsFeatures", 536870923, NULL }, ++ { NULL, 3, NULL }, ++ { NULL, 0, NULL } ++}; diff --git a/SOURCES/0366-appended-signatures-parse-PKCS-7-signedData-and-X.50.patch b/SOURCES/0366-appended-signatures-parse-PKCS-7-signedData-and-X.50.patch new file mode 100644 index 0000000..64b47ac --- /dev/null +++ b/SOURCES/0366-appended-signatures-parse-PKCS-7-signedData-and-X.50.patch @@ -0,0 +1,1542 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Thu, 30 Jul 2020 01:33:46 +1000 +Subject: [PATCH] appended signatures: parse PKCS#7 signedData and X.509 + certificates + +This code allows us to parse: + + - PKCS#7 signedData messages. Only a single signerInfo is supported, + which is all that the Linux sign-file utility supports creating + out-of-the-box. Only RSA, SHA-256 and SHA-512 are supported. + Any certificate embedded in the PKCS#7 message will be ignored. + + - X.509 certificates: at least enough to verify the signatures on the + PKCS#7 messages. We expect that the certificates embedded in grub will + be leaf certificates, not CA certificates. The parser enforces this. + +Signed-off-by: Daniel Axtens +--- + grub-core/commands/appendedsig/asn1util.c | 102 +++ + grub-core/commands/appendedsig/pkcs7.c | 305 +++++++++ + grub-core/commands/appendedsig/x509.c | 972 +++++++++++++++++++++++++++ + grub-core/commands/appendedsig/appendedsig.h | 110 +++ + 4 files changed, 1489 insertions(+) + create mode 100644 grub-core/commands/appendedsig/asn1util.c + create mode 100644 grub-core/commands/appendedsig/pkcs7.c + create mode 100644 grub-core/commands/appendedsig/x509.c + create mode 100644 grub-core/commands/appendedsig/appendedsig.h + +diff --git a/grub-core/commands/appendedsig/asn1util.c b/grub-core/commands/appendedsig/asn1util.c +new file mode 100644 +index 000000000..eff095a9d +--- /dev/null ++++ b/grub-core/commands/appendedsig/asn1util.c +@@ -0,0 +1,102 @@ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2020 IBM Corporation. ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ */ ++ ++#include ++#include ++#include ++#include ++#include ++#include ++ ++#include "appendedsig.h" ++ ++asn1_node _gnutls_gnutls_asn = ASN1_TYPE_EMPTY; ++asn1_node _gnutls_pkix_asn = ASN1_TYPE_EMPTY; ++ ++extern const ASN1_ARRAY_TYPE gnutls_asn1_tab[]; ++extern const ASN1_ARRAY_TYPE pkix_asn1_tab[]; ++ ++/* ++ * Read a value from an ASN1 node, allocating memory to store it. ++ * ++ * It will work for anything where the size libtasn1 returns is right: ++ * - Integers ++ * - Octet strings ++ * - DER encoding of other structures ++ * It will _not_ work for things where libtasn1 size requires adjustment: ++ * - Strings that require an extra NULL byte at the end ++ * - Bit strings because libtasn1 returns the length in bits, not bytes. ++ * ++ * If the function returns a non-NULL value, the caller must free it. ++ */ ++void * ++grub_asn1_allocate_and_read (asn1_node node, const char *name, ++ const char *friendly_name, int *content_size) ++{ ++ int result; ++ grub_uint8_t *tmpstr = NULL; ++ int tmpstr_size = 0; ++ ++ result = asn1_read_value (node, name, NULL, &tmpstr_size); ++ if (result != ASN1_MEM_ERROR) ++ { ++ grub_snprintf (grub_errmsg, sizeof (grub_errmsg), ++ _ ++ ("Reading size of %s did not return expected status: %s"), ++ friendly_name, asn1_strerror (result)); ++ grub_errno = GRUB_ERR_BAD_FILE_TYPE; ++ return NULL; ++ } ++ ++ tmpstr = grub_malloc (tmpstr_size); ++ if (tmpstr == NULL) ++ { ++ grub_snprintf (grub_errmsg, sizeof (grub_errmsg), ++ "Could not allocate memory to store %s", friendly_name); ++ grub_errno = GRUB_ERR_OUT_OF_MEMORY; ++ return NULL; ++ } ++ ++ result = asn1_read_value (node, name, tmpstr, &tmpstr_size); ++ if (result != ASN1_SUCCESS) ++ { ++ grub_free (tmpstr); ++ grub_snprintf (grub_errmsg, sizeof (grub_errmsg), ++ "Error reading %s: %s", ++ friendly_name, asn1_strerror (result)); ++ grub_errno = GRUB_ERR_BAD_FILE_TYPE; ++ return NULL; ++ } ++ ++ *content_size = tmpstr_size; ++ ++ return tmpstr; ++} ++ ++int ++asn1_init (void) ++{ ++ int res; ++ res = asn1_array2tree (gnutls_asn1_tab, &_gnutls_gnutls_asn, NULL); ++ if (res != ASN1_SUCCESS) ++ { ++ return res; ++ } ++ res = asn1_array2tree (pkix_asn1_tab, &_gnutls_pkix_asn, NULL); ++ return res; ++} +diff --git a/grub-core/commands/appendedsig/pkcs7.c b/grub-core/commands/appendedsig/pkcs7.c +new file mode 100644 +index 000000000..dc6afe203 +--- /dev/null ++++ b/grub-core/commands/appendedsig/pkcs7.c +@@ -0,0 +1,305 @@ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2020 IBM Corporation. ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ */ ++ ++#include "appendedsig.h" ++#include ++#include ++#include ++ ++ ++static char asn1_error[ASN1_MAX_ERROR_DESCRIPTION_SIZE]; ++ ++/* ++ * RFC 5652 s 5.1 ++ */ ++const char *signedData_oid = "1.2.840.113549.1.7.2"; ++ ++/* ++ * RFC 4055 s 2.1 ++ */ ++const char *sha256_oid = "2.16.840.1.101.3.4.2.1"; ++const char *sha512_oid = "2.16.840.1.101.3.4.2.3"; ++ ++static grub_err_t ++process_content (grub_uint8_t * content, int size, ++ struct pkcs7_signedData *msg) ++{ ++ int res; ++ asn1_node signed_part; ++ grub_err_t err = GRUB_ERR_NONE; ++ char algo_oid[MAX_OID_LEN]; ++ int algo_oid_size = sizeof (algo_oid); ++ int algo_count; ++ char version; ++ int version_size = sizeof (version); ++ grub_uint8_t *result_buf; ++ int result_size = 0; ++ int crls_size = 0; ++ gcry_error_t gcry_err; ++ ++ res = asn1_create_element (_gnutls_pkix_asn, "PKIX1.pkcs-7-SignedData", ++ &signed_part); ++ if (res != ASN1_SUCCESS) ++ { ++ return grub_error (GRUB_ERR_OUT_OF_MEMORY, ++ "Could not create ASN.1 structure for PKCS#7 signed part."); ++ } ++ ++ res = asn1_der_decoding2 (&signed_part, content, &size, ++ ASN1_DECODE_FLAG_STRICT_DER, asn1_error); ++ if (res != ASN1_SUCCESS) ++ { ++ err = ++ grub_error (GRUB_ERR_BAD_SIGNATURE, ++ "Error reading PKCS#7 signed data: %s", asn1_error); ++ goto cleanup_signed_part; ++ } ++ ++ /* SignedData ::= SEQUENCE { ++ * version CMSVersion, ++ * digestAlgorithms DigestAlgorithmIdentifiers, ++ * encapContentInfo EncapsulatedContentInfo, ++ * certificates [0] IMPLICIT CertificateSet OPTIONAL, ++ * crls [1] IMPLICIT RevocationInfoChoices OPTIONAL, ++ * signerInfos SignerInfos } ++ */ ++ ++ /* version per the algo in 5.1, must be 1 */ ++ res = asn1_read_value (signed_part, "version", &version, &version_size); ++ if (res != ASN1_SUCCESS) ++ { ++ err = ++ grub_error (GRUB_ERR_BAD_SIGNATURE, ++ "Error reading signedData version: %s", ++ asn1_strerror (res)); ++ goto cleanup_signed_part; ++ } ++ ++ if (version != 1) ++ { ++ err = ++ grub_error (GRUB_ERR_BAD_SIGNATURE, ++ "Unexpected signature version v%d, only v1 supported", ++ version); ++ goto cleanup_signed_part; ++ } ++ ++ /* ++ * digestAlgorithms DigestAlgorithmIdentifiers ++ * ++ * DigestAlgorithmIdentifiers ::= SET OF DigestAlgorithmIdentifier ++ * DigestAlgorithmIdentifer is an X.509 AlgorithmIdentifier (10.1.1) ++ * ++ * RFC 4055 s 2.1: ++ * sha256Identifier AlgorithmIdentifier ::= { id-sha256, NULL } ++ * sha512Identifier AlgorithmIdentifier ::= { id-sha512, NULL } ++ * ++ * We only support 1 element in the set, and we do not check parameters atm. ++ */ ++ res = ++ asn1_number_of_elements (signed_part, "digestAlgorithms", &algo_count); ++ if (res != ASN1_SUCCESS) ++ { ++ err = ++ grub_error (GRUB_ERR_BAD_SIGNATURE, ++ "Error counting number of digest algorithms: %s", ++ asn1_strerror (res)); ++ goto cleanup_signed_part; ++ } ++ ++ if (algo_count != 1) ++ { ++ err = ++ grub_error (GRUB_ERR_NOT_IMPLEMENTED_YET, ++ "Only 1 digest algorithm is supported"); ++ goto cleanup_signed_part; ++ } ++ ++ res = ++ asn1_read_value (signed_part, "digestAlgorithms.?1.algorithm", algo_oid, ++ &algo_oid_size); ++ if (res != ASN1_SUCCESS) ++ { ++ err = ++ grub_error (GRUB_ERR_BAD_SIGNATURE, ++ "Error reading digest algorithm: %s", ++ asn1_strerror (res)); ++ goto cleanup_signed_part; ++ } ++ ++ if (grub_strncmp (sha512_oid, algo_oid, algo_oid_size) == 0) ++ { ++ msg->hash = grub_crypto_lookup_md_by_name ("sha512"); ++ } ++ else if (grub_strncmp (sha256_oid, algo_oid, algo_oid_size) == 0) ++ { ++ msg->hash = grub_crypto_lookup_md_by_name ("sha256"); ++ } ++ else ++ { ++ err = ++ grub_error (GRUB_ERR_NOT_IMPLEMENTED_YET, ++ "Only SHA-256 and SHA-512 hashes are supported, found OID %s", ++ algo_oid); ++ goto cleanup_signed_part; ++ } ++ ++ if (!msg->hash) ++ { ++ err = ++ grub_error (GRUB_ERR_BAD_SIGNATURE, ++ "Hash algorithm for OID %s not loaded", algo_oid); ++ goto cleanup_signed_part; ++ } ++ ++ /* ++ * We ignore the certificates, but we don't permit CRLs. ++ * A CRL entry might be revoking the certificate we're using, and we have ++ * no way of dealing with that at the moment. ++ */ ++ res = asn1_read_value (signed_part, "crls", NULL, &crls_size); ++ if (res != ASN1_ELEMENT_NOT_FOUND) ++ { ++ err = ++ grub_error (GRUB_ERR_NOT_IMPLEMENTED_YET, ++ "PKCS#7 messages with embedded CRLs are not supported"); ++ goto cleanup_signed_part; ++ } ++ ++ /* read the signature */ ++ result_buf = ++ grub_asn1_allocate_and_read (signed_part, "signerInfos.?1.signature", ++ "signature data", &result_size); ++ if (!result_buf) ++ { ++ err = grub_errno; ++ goto cleanup_signed_part; ++ } ++ ++ gcry_err = ++ gcry_mpi_scan (&(msg->sig_mpi), GCRYMPI_FMT_USG, result_buf, result_size, ++ NULL); ++ if (gcry_err != GPG_ERR_NO_ERROR) ++ { ++ err = ++ grub_error (GRUB_ERR_BAD_SIGNATURE, ++ "Error loading signature into MPI structure: %d", ++ gcry_err); ++ goto cleanup_result; ++ } ++ ++cleanup_result: ++ grub_free (result_buf); ++cleanup_signed_part: ++ asn1_delete_structure (&signed_part); ++ ++ return err; ++} ++ ++grub_err_t ++parse_pkcs7_signedData (void *sigbuf, grub_size_t data_size, ++ struct pkcs7_signedData *msg) ++{ ++ int res; ++ asn1_node content_info; ++ grub_err_t err = GRUB_ERR_NONE; ++ char content_oid[MAX_OID_LEN]; ++ grub_uint8_t *content; ++ int content_size; ++ int content_oid_size = sizeof (content_oid); ++ int size; ++ ++ if (data_size > GRUB_INT_MAX) ++ return grub_error (GRUB_ERR_OUT_OF_RANGE, ++ "Cannot parse a PKCS#7 message where data size > INT_MAX"); ++ size = (int) data_size; ++ ++ res = asn1_create_element (_gnutls_pkix_asn, ++ "PKIX1.pkcs-7-ContentInfo", &content_info); ++ if (res != ASN1_SUCCESS) ++ { ++ return grub_error (GRUB_ERR_OUT_OF_MEMORY, ++ "Could not create ASN.1 structure for PKCS#7 data: %s", ++ asn1_strerror (res)); ++ } ++ ++ res = asn1_der_decoding2 (&content_info, sigbuf, &size, ++ ASN1_DECODE_FLAG_STRICT_DER, asn1_error); ++ if (res != ASN1_SUCCESS) ++ { ++ err = ++ grub_error (GRUB_ERR_BAD_SIGNATURE, ++ "Error decoding PKCS#7 message DER: %s", asn1_error); ++ goto cleanup; ++ } ++ ++ /* ++ * ContentInfo ::= SEQUENCE { ++ * contentType ContentType, ++ * content [0] EXPLICIT ANY DEFINED BY contentType } ++ * ++ * ContentType ::= OBJECT IDENTIFIER ++ */ ++ res = ++ asn1_read_value (content_info, "contentType", content_oid, ++ &content_oid_size); ++ if (res != ASN1_SUCCESS) ++ { ++ err = ++ grub_error (GRUB_ERR_BAD_SIGNATURE, ++ "Error reading PKCS#7 content type: %s", ++ asn1_strerror (res)); ++ goto cleanup; ++ } ++ ++ /* OID for SignedData defined in 5.1 */ ++ if (grub_strncmp (signedData_oid, content_oid, content_oid_size) != 0) ++ { ++ err = ++ grub_error (GRUB_ERR_BAD_SIGNATURE, ++ "Unexpected content type in PKCS#7 message: OID %s", ++ content_oid); ++ goto cleanup; ++ } ++ ++ content = ++ grub_asn1_allocate_and_read (content_info, "content", ++ "PKCS#7 message content", &content_size); ++ if (!content) ++ { ++ err = grub_errno; ++ goto cleanup; ++ } ++ ++ err = process_content (content, content_size, msg); ++ grub_free (content); ++ ++cleanup: ++ asn1_delete_structure (&content_info); ++ return err; ++} ++ ++/* ++ * Release all the storage associated with the PKCS#7 message. ++ * If the caller dynamically allocated the message, it must free it. ++ */ ++void ++pkcs7_signedData_release (struct pkcs7_signedData *msg) ++{ ++ gcry_mpi_release (msg->sig_mpi); ++} +diff --git a/grub-core/commands/appendedsig/x509.c b/grub-core/commands/appendedsig/x509.c +new file mode 100644 +index 000000000..652e4f168 +--- /dev/null ++++ b/grub-core/commands/appendedsig/x509.c +@@ -0,0 +1,972 @@ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2020 IBM Corporation. ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ */ ++ ++#include ++#include ++#include ++#include ++#include ++#include ++ ++#include "appendedsig.h" ++ ++static char asn1_error[ASN1_MAX_ERROR_DESCRIPTION_SIZE]; ++ ++/* ++ * RFC 3279 2.3.1 RSA Keys ++ */ ++const char *rsaEncryption_oid = "1.2.840.113549.1.1.1"; ++ ++/* ++ * RFC 5280 Appendix A ++ */ ++const char *commonName_oid = "2.5.4.3"; ++ ++/* ++ * RFC 5280 4.2.1.3 Key Usage ++ */ ++const char *keyUsage_oid = "2.5.29.15"; ++ ++/* ++ * RFC 5280 4.2.1.9 Basic Constraints ++ */ ++const char *basicConstraints_oid = "2.5.29.19"; ++ ++/* ++ * RFC 3279 2.3.1 ++ * ++ * The RSA public key MUST be encoded using the ASN.1 type RSAPublicKey: ++ * ++ * RSAPublicKey ::= SEQUENCE { ++ * modulus INTEGER, -- n ++ * publicExponent INTEGER } -- e ++ * ++ * where modulus is the modulus n, and publicExponent is the public ++ * exponent e. ++ */ ++static grub_err_t ++grub_parse_rsa_pubkey (grub_uint8_t * der, int dersize, ++ struct x509_certificate *certificate) ++{ ++ int result; ++ asn1_node spk = ASN1_TYPE_EMPTY; ++ grub_uint8_t *m_data, *e_data; ++ int m_size, e_size; ++ grub_err_t err = GRUB_ERR_NONE; ++ gcry_error_t gcry_err; ++ ++ result = ++ asn1_create_element (_gnutls_gnutls_asn, "GNUTLS.RSAPublicKey", &spk); ++ if (result != ASN1_SUCCESS) ++ { ++ return grub_error (GRUB_ERR_OUT_OF_MEMORY, ++ "Cannot create storage for public key ASN.1 data"); ++ } ++ ++ result = asn1_der_decoding2 (&spk, der, &dersize, ++ ASN1_DECODE_FLAG_STRICT_DER, asn1_error); ++ if (result != ASN1_SUCCESS) ++ { ++ err = ++ grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "Cannot decode certificate public key DER: %s", ++ asn1_error); ++ goto cleanup; ++ } ++ ++ m_data = ++ grub_asn1_allocate_and_read (spk, "modulus", "RSA modulus", &m_size); ++ if (!m_data) ++ { ++ err = grub_errno; ++ goto cleanup; ++ } ++ ++ e_data = ++ grub_asn1_allocate_and_read (spk, "publicExponent", "RSA public exponent", ++ &e_size); ++ if (!e_data) ++ { ++ err = grub_errno; ++ goto cleanup_m_data; ++ } ++ ++ /* ++ * convert m, e to mpi ++ * ++ * nscanned is not set for FMT_USG, it's only set for FMT_PGP, ++ * so we can't verify it ++ */ ++ gcry_err = ++ gcry_mpi_scan (&certificate->mpis[0], GCRYMPI_FMT_USG, m_data, m_size, ++ NULL); ++ if (gcry_err != GPG_ERR_NO_ERROR) ++ { ++ err = ++ grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "Error loading RSA modulus into MPI structure: %d", ++ gcry_err); ++ goto cleanup_e_data; ++ } ++ ++ gcry_err = ++ gcry_mpi_scan (&certificate->mpis[1], GCRYMPI_FMT_USG, e_data, e_size, ++ NULL); ++ if (gcry_err != GPG_ERR_NO_ERROR) ++ { ++ err = ++ grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "Error loading RSA exponent into MPI structure: %d", ++ gcry_err); ++ goto cleanup_m_mpi; ++ } ++ ++ grub_free (e_data); ++ grub_free (m_data); ++ asn1_delete_structure (&spk); ++ return GRUB_ERR_NONE; ++ ++cleanup_m_mpi: ++ gcry_mpi_release (certificate->mpis[0]); ++cleanup_e_data: ++ grub_free (e_data); ++cleanup_m_data: ++ grub_free (m_data); ++cleanup: ++ asn1_delete_structure (&spk); ++ return err; ++} ++ ++ ++/* ++ * RFC 5280: ++ * SubjectPublicKeyInfo ::= SEQUENCE { ++ * algorithm AlgorithmIdentifier, ++ * subjectPublicKey BIT STRING } ++ * ++ * AlgorithmIdentifiers come from RFC 3279, we are not strictly compilant as we ++ * only support RSA Encryption. ++ */ ++ ++static grub_err_t ++grub_x509_read_subject_public_key (asn1_node asn, ++ struct x509_certificate *results) ++{ ++ int result; ++ grub_err_t err; ++ const char *algo_name = ++ "tbsCertificate.subjectPublicKeyInfo.algorithm.algorithm"; ++ const char *params_name = ++ "tbsCertificate.subjectPublicKeyInfo.algorithm.parameters"; ++ const char *pk_name = ++ "tbsCertificate.subjectPublicKeyInfo.subjectPublicKey"; ++ char algo_oid[MAX_OID_LEN]; ++ int algo_size = sizeof (algo_oid); ++ char params_value[2]; ++ int params_size = sizeof (params_value); ++ grub_uint8_t *key_data = NULL; ++ int key_size = 0; ++ unsigned int key_type; ++ ++ /* algorithm: see notes for rsaEncryption_oid */ ++ result = asn1_read_value (asn, algo_name, algo_oid, &algo_size); ++ if (result != ASN1_SUCCESS) ++ { ++ return grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "Error reading x509 public key algorithm: %s", ++ asn1_strerror (result)); ++ } ++ ++ if (grub_strncmp (algo_oid, rsaEncryption_oid, sizeof (rsaEncryption_oid)) ++ != 0) ++ { ++ return grub_error (GRUB_ERR_NOT_IMPLEMENTED_YET, ++ "Unsupported x509 public key algorithm: %s", ++ algo_oid); ++ } ++ ++ /* ++ * RFC 3279 2.3.1 ++ * The rsaEncryption OID is intended to be used in the algorithm field ++ * of a value of type AlgorithmIdentifier. The parameters field MUST ++ * have ASN.1 type NULL for this algorithm identifier. ++ */ ++ result = asn1_read_value (asn, params_name, params_value, ¶ms_size); ++ if (result != ASN1_SUCCESS) ++ { ++ return grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "Error reading x509 public key parameters: %s", ++ asn1_strerror (result)); ++ } ++ ++ if (params_value[0] != ASN1_TAG_NULL) ++ { ++ return grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "Invalid x509 public key parameters: expected NULL"); ++ } ++ ++ /* ++ * RFC 3279 2.3.1: The DER encoded RSAPublicKey is the value of the BIT ++ * STRING subjectPublicKey. ++ */ ++ result = asn1_read_value_type (asn, pk_name, NULL, &key_size, &key_type); ++ if (result != ASN1_MEM_ERROR) ++ { ++ return grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "Error reading size of x509 public key: %s", ++ asn1_strerror (result)); ++ } ++ if (key_type != ASN1_ETYPE_BIT_STRING) ++ { ++ return grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "Unexpected ASN.1 type when reading x509 public key: %x", ++ key_type); ++ } ++ ++ /* length is in bits */ ++ key_size = (key_size + 7) / 8; ++ ++ key_data = grub_malloc (key_size); ++ if (!key_data) ++ { ++ return grub_error (GRUB_ERR_OUT_OF_MEMORY, ++ "Out of memory for x509 public key"); ++ } ++ ++ result = asn1_read_value (asn, pk_name, key_data, &key_size); ++ if (result != ASN1_SUCCESS) ++ { ++ grub_free (key_data); ++ return grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "Error reading public key data"); ++ } ++ key_size = (key_size + 7) / 8; ++ ++ err = grub_parse_rsa_pubkey (key_data, key_size, results); ++ grub_free (key_data); ++ ++ return err; ++} ++ ++/* Decode a string as defined in Appendix A */ ++static grub_err_t ++decode_string (char *der, int der_size, char **string, ++ grub_size_t * string_size) ++{ ++ asn1_node strasn; ++ int result; ++ char *choice; ++ int choice_size = 0; ++ int tmp_size = 0; ++ grub_err_t err = GRUB_ERR_NONE; ++ ++ result = ++ asn1_create_element (_gnutls_pkix_asn, "PKIX1.DirectoryString", &strasn); ++ if (result != ASN1_SUCCESS) ++ { ++ return grub_error (GRUB_ERR_OUT_OF_MEMORY, ++ "Could not create ASN.1 structure for certificate: %s", ++ asn1_strerror (result)); ++ } ++ ++ result = asn1_der_decoding2 (&strasn, der, &der_size, ++ ASN1_DECODE_FLAG_STRICT_DER, asn1_error); ++ if (result != ASN1_SUCCESS) ++ { ++ err = ++ grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "Could not parse DER for DirectoryString: %s", ++ asn1_error); ++ goto cleanup; ++ } ++ ++ choice = ++ grub_asn1_allocate_and_read (strasn, "", "DirectoryString choice", ++ &choice_size); ++ if (!choice) ++ { ++ err = grub_errno; ++ goto cleanup; ++ } ++ ++ if (grub_strncmp ("utf8String", choice, choice_size) == 0) ++ { ++ result = asn1_read_value (strasn, "utf8String", NULL, &tmp_size); ++ if (result != ASN1_MEM_ERROR) ++ { ++ err = ++ grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "Error reading size of UTF-8 string: %s", ++ asn1_strerror (result)); ++ goto cleanup_choice; ++ } ++ } ++ else if (grub_strncmp("printableString", choice, choice_size) == 0) ++ { ++ result = asn1_read_value (strasn, "printableString", NULL, &tmp_size); ++ if (result != ASN1_MEM_ERROR) ++ { ++ err = ++ grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "Error reading size of UTF-8 string: %s", ++ asn1_strerror (result)); ++ goto cleanup_choice; ++ } ++ } ++ else ++ { ++ err = ++ grub_error (GRUB_ERR_NOT_IMPLEMENTED_YET, ++ "Only UTF-8 and printable DirectoryStrings are supported, got %s", ++ choice); ++ goto cleanup_choice; ++ } ++ ++ /* read size does not include trailing null */ ++ tmp_size++; ++ ++ *string = grub_malloc (tmp_size); ++ if (!*string) ++ { ++ err = ++ grub_error (GRUB_ERR_OUT_OF_MEMORY, ++ "Cannot allocate memory for DirectoryString contents"); ++ goto cleanup_choice; ++ } ++ ++ result = asn1_read_value (strasn, choice, *string, &tmp_size); ++ if (result != ASN1_SUCCESS) ++ { ++ err = ++ grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "Error reading out %s in DirectoryString: %s", ++ choice, asn1_strerror (result)); ++ grub_free (*string); ++ goto cleanup_choice; ++ } ++ *string_size = tmp_size + 1; ++ (*string)[tmp_size] = '\0'; ++ ++cleanup_choice: ++ grub_free (choice); ++cleanup: ++ asn1_delete_structure (&strasn); ++ return err; ++} ++ ++/* ++ * TBSCertificate ::= SEQUENCE { ++ * version [0] EXPLICIT Version DEFAULT v1, ++ * ... ++ * ++ * Version ::= INTEGER { v1(0), v2(1), v3(2) } ++ */ ++static grub_err_t ++check_version (asn1_node certificate) ++{ ++ int rc; ++ const char *name = "tbsCertificate.version"; ++ grub_uint8_t version; ++ int len = 1; ++ ++ rc = asn1_read_value (certificate, name, &version, &len); ++ ++ /* require version 3 */ ++ if (rc != ASN1_SUCCESS || len != 1) ++ return grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "Error reading certificate version"); ++ ++ if (version != 0x02) ++ return grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "Invalid x509 certificate version, expected v3 (0x02), got 0x%02x", ++ version); ++ ++ return GRUB_ERR_NONE; ++} ++ ++/* ++ * This is an X.501 Name, which is complex. ++ * ++ * For simplicity, we extract only the CN. ++ */ ++static grub_err_t ++read_name (asn1_node asn, const char *name_path, char **name, ++ grub_size_t * name_size) ++{ ++ int seq_components, set_components; ++ int result; ++ int i, j; ++ char *top_path, *set_path, *type_path, *val_path; ++ char type[MAX_OID_LEN]; ++ int type_len = sizeof (type); ++ int string_size = 0; ++ char *string_der; ++ grub_err_t err; ++ ++ *name = NULL; ++ ++ top_path = grub_xasprintf ("%s.rdnSequence", name_path); ++ if (!top_path) ++ return grub_error (GRUB_ERR_OUT_OF_MEMORY, ++ "Could not allocate memory for %s name parsing path", ++ name_path); ++ ++ result = asn1_number_of_elements (asn, top_path, &seq_components); ++ if (result != ASN1_SUCCESS) ++ { ++ err = ++ grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "Error counting name components: %s", ++ asn1_strerror (result)); ++ goto cleanup; ++ } ++ ++ for (i = 1; i <= seq_components; i++) ++ { ++ set_path = grub_xasprintf ("%s.?%d", top_path, i); ++ if (!set_path) ++ { ++ err = ++ grub_error (GRUB_ERR_OUT_OF_MEMORY, ++ "Could not allocate memory for %s name set parsing path", ++ name_path); ++ goto cleanup_set; ++ } ++ /* this brings us, hopefully, to a set */ ++ result = asn1_number_of_elements (asn, set_path, &set_components); ++ if (result != ASN1_SUCCESS) ++ { ++ err = ++ grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "Error counting name sub-components components (element %d): %s", ++ i, asn1_strerror (result)); ++ goto cleanup_set; ++ } ++ for (j = 1; j <= set_components; j++) ++ { ++ type_path = grub_xasprintf ("%s.?%d.?%d.type", top_path, i, j); ++ if (!type_path) ++ { ++ err = ++ grub_error (GRUB_ERR_OUT_OF_MEMORY, ++ "Could not allocate memory for %s name component type path", ++ name_path); ++ goto cleanup_set; ++ } ++ type_len = sizeof (type); ++ result = asn1_read_value (asn, type_path, type, &type_len); ++ if (result != ASN1_SUCCESS) ++ { ++ err = ++ grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "Error reading %s name component type: %s", ++ name_path, asn1_strerror (result)); ++ goto cleanup_type; ++ } ++ ++ if (grub_strncmp (type, commonName_oid, type_len) != 0) ++ { ++ grub_free (type_path); ++ continue; ++ } ++ ++ val_path = grub_xasprintf ("%s.?%d.?%d.value", top_path, i, j); ++ if (!val_path) ++ { ++ err = ++ grub_error (GRUB_ERR_OUT_OF_MEMORY, ++ "Could not allocate memory for %s name component value path", ++ name_path); ++ goto cleanup_set; ++ } ++ ++ string_der = ++ grub_asn1_allocate_and_read (asn, val_path, name_path, ++ &string_size); ++ if (!string_der) ++ { ++ err = grub_errno; ++ goto cleanup_val_path; ++ } ++ ++ err = decode_string (string_der, string_size, name, name_size); ++ if (err) ++ goto cleanup_string; ++ ++ grub_free (string_der); ++ grub_free (type_path); ++ grub_free (val_path); ++ break; ++ } ++ grub_free (set_path); ++ ++ if (*name) ++ break; ++ } ++ ++ return GRUB_ERR_NONE; ++ ++cleanup_string: ++ grub_free (string_der); ++cleanup_val_path: ++ grub_free (val_path); ++cleanup_type: ++ grub_free (type_path); ++cleanup_set: ++ grub_free (set_path); ++cleanup: ++ grub_free (top_path); ++ return err; ++} ++ ++/* ++ * details here ++ */ ++static grub_err_t ++verify_key_usage (grub_uint8_t * value, int value_size) ++{ ++ asn1_node usageasn; ++ int result; ++ grub_err_t err = GRUB_ERR_NONE; ++ grub_uint8_t usage = 0xff; ++ int usage_size = 1; ++ ++ result = ++ asn1_create_element (_gnutls_pkix_asn, "PKIX1.KeyUsage", &usageasn); ++ if (result != ASN1_SUCCESS) ++ { ++ return grub_error (GRUB_ERR_OUT_OF_MEMORY, ++ "Could not create ASN.1 structure for key usage"); ++ } ++ ++ result = asn1_der_decoding2 (&usageasn, value, &value_size, ++ ASN1_DECODE_FLAG_STRICT_DER, asn1_error); ++ if (result != ASN1_SUCCESS) ++ { ++ err = ++ grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "Error parsing DER for Key Usage: %s", asn1_error); ++ goto cleanup; ++ } ++ ++ result = asn1_read_value (usageasn, "", &usage, &usage_size); ++ if (result != ASN1_SUCCESS) ++ { ++ err = ++ grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "Error reading Key Usage value: %s", ++ asn1_strerror (result)); ++ goto cleanup; ++ } ++ ++ /* Only the first bit is permitted to be set */ ++ if (usage != 0x80) ++ { ++ err = ++ grub_error (GRUB_ERR_BAD_FILE_TYPE, "Unexpected Key Usage value: %x", ++ usage); ++ goto cleanup; ++ } ++ ++cleanup: ++ asn1_delete_structure (&usageasn); ++ return err; ++} ++ ++/* ++ * BasicConstraints ::= SEQUENCE { ++ * cA BOOLEAN DEFAULT FALSE, ++ * pathLenConstraint INTEGER (0..MAX) OPTIONAL } ++ */ ++static grub_err_t ++verify_basic_constraints (grub_uint8_t * value, int value_size) ++{ ++ asn1_node basicasn; ++ int result; ++ grub_err_t err = GRUB_ERR_NONE; ++ char cA[6]; /* FALSE or TRUE */ ++ int cA_size = sizeof (cA); ++ ++ result = ++ asn1_create_element (_gnutls_pkix_asn, "PKIX1.BasicConstraints", ++ &basicasn); ++ if (result != ASN1_SUCCESS) ++ { ++ return grub_error (GRUB_ERR_OUT_OF_MEMORY, ++ "Could not create ASN.1 structure for Basic Constraints"); ++ } ++ ++ result = asn1_der_decoding2 (&basicasn, value, &value_size, ++ ASN1_DECODE_FLAG_STRICT_DER, asn1_error); ++ if (result != ASN1_SUCCESS) ++ { ++ err = ++ grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "Error parsing DER for Basic Constraints: %s", ++ asn1_error); ++ goto cleanup; ++ } ++ ++ result = asn1_read_value (basicasn, "cA", cA, &cA_size); ++ if (result == ASN1_ELEMENT_NOT_FOUND) ++ { ++ /* Not present, default is False, so this is OK */ ++ err = GRUB_ERR_NONE; ++ goto cleanup; ++ } ++ else if (result != ASN1_SUCCESS) ++ { ++ err = ++ grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "Error reading Basic Constraints cA value: %s", ++ asn1_strerror (result)); ++ goto cleanup; ++ } ++ ++ /* The certificate must not be a CA certificate */ ++ if (grub_strncmp ("FALSE", cA, cA_size) != 0) ++ { ++ err = grub_error (GRUB_ERR_BAD_FILE_TYPE, "Unexpected CA value: %s", ++ cA); ++ goto cleanup; ++ } ++ ++cleanup: ++ asn1_delete_structure (&basicasn); ++ return err; ++} ++ ++ ++/* ++ * Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension ++ * ++ * Extension ::= SEQUENCE { ++ * extnID OBJECT IDENTIFIER, ++ * critical BOOLEAN DEFAULT FALSE, ++ * extnValue OCTET STRING ++ * -- contains the DER encoding of an ASN.1 value ++ * -- corresponding to the extension type identified ++ * -- by extnID ++ * } ++ * ++ * We require that a certificate: ++ * - contain the Digital Signature usage only ++ * - not be a CA ++ * - MUST not contain any other critical extensions (RFC 5280 s 4.2) ++ */ ++static grub_err_t ++verify_extensions (asn1_node cert) ++{ ++ int result; ++ int ext, num_extensions = 0; ++ int usage_present = 0, constraints_present = 0; ++ char *oid_path, *critical_path, *value_path; ++ char extnID[MAX_OID_LEN]; ++ int extnID_size; ++ grub_err_t err; ++ char critical[6]; /* we get either "TRUE" or "FALSE" */ ++ int critical_size; ++ grub_uint8_t *value; ++ int value_size; ++ ++ result = ++ asn1_number_of_elements (cert, "tbsCertificate.extensions", ++ &num_extensions); ++ if (result != ASN1_SUCCESS) ++ { ++ return grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "Error counting number of extensions: %s", ++ asn1_strerror (result)); ++ } ++ ++ if (num_extensions < 2) ++ { ++ return grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "Insufficient number of extensions for certificate, need at least 2, got %d", ++ num_extensions); ++ } ++ ++ for (ext = 1; ext <= num_extensions; ext++) ++ { ++ oid_path = grub_xasprintf ("tbsCertificate.extensions.?%d.extnID", ext); ++ ++ extnID_size = sizeof (extnID); ++ result = asn1_read_value (cert, oid_path, extnID, &extnID_size); ++ if (result != GRUB_ERR_NONE) ++ { ++ err = ++ grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "Error reading extension OID: %s", ++ asn1_strerror (result)); ++ goto cleanup_oid_path; ++ } ++ ++ critical_path = ++ grub_xasprintf ("tbsCertificate.extensions.?%d.critical", ext); ++ critical_size = sizeof (critical); ++ result = ++ asn1_read_value (cert, critical_path, critical, &critical_size); ++ if (result == ASN1_ELEMENT_NOT_FOUND) ++ { ++ critical[0] = '\0'; ++ } ++ else if (result != ASN1_SUCCESS) ++ { ++ err = ++ grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "Error reading extension criticality: %s", ++ asn1_strerror (result)); ++ goto cleanup_critical_path; ++ } ++ ++ value_path = ++ grub_xasprintf ("tbsCertificate.extensions.?%d.extnValue", ext); ++ value = ++ grub_asn1_allocate_and_read (cert, value_path, ++ "certificate extension value", ++ &value_size); ++ if (!value) ++ { ++ err = grub_errno; ++ goto cleanup_value_path; ++ } ++ ++ /* ++ * Now we must see if we recognise the OID. ++ * If we have an unrecognised critical extension we MUST bail. ++ */ ++ if (grub_strncmp (keyUsage_oid, extnID, extnID_size) == 0) ++ { ++ err = verify_key_usage (value, value_size); ++ if (err != GRUB_ERR_NONE) ++ { ++ goto cleanup_value; ++ } ++ usage_present++; ++ } ++ else if (grub_strncmp (basicConstraints_oid, extnID, extnID_size) == 0) ++ { ++ err = verify_basic_constraints (value, value_size); ++ if (err != GRUB_ERR_NONE) ++ { ++ goto cleanup_value; ++ } ++ constraints_present++; ++ } ++ else if (grub_strncmp ("TRUE", critical, critical_size) == 0) ++ { ++ /* ++ * per the RFC, we must not process a certificate with ++ * a critical extension we do not understand. ++ */ ++ err = ++ grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "Unhandled critical x509 extension with OID %s", ++ extnID); ++ goto cleanup_value; ++ } ++ ++ grub_free (value); ++ grub_free (value_path); ++ grub_free (critical_path); ++ grub_free (oid_path); ++ } ++ ++ if (usage_present != 1) ++ { ++ return grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "Unexpected number of Key Usage extensions - expected 1, got %d", ++ usage_present); ++ } ++ if (constraints_present != 1) ++ { ++ return grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "Unexpected number of basic constraints extensions - expected 1, got %d", ++ constraints_present); ++ } ++ return GRUB_ERR_NONE; ++ ++cleanup_value: ++ grub_free (value); ++cleanup_value_path: ++ grub_free (value_path); ++cleanup_critical_path: ++ grub_free (critical_path); ++cleanup_oid_path: ++ grub_free (oid_path); ++ return err; ++} ++ ++/* ++ * Parse a certificate whose DER-encoded form is in @data, of size @data_size. ++ * Return the results in @results, which must point to an allocated x509 certificate. ++ */ ++grub_err_t ++certificate_import (void *data, grub_size_t data_size, ++ struct x509_certificate *results) ++{ ++ int result = 0; ++ asn1_node cert; ++ grub_err_t err; ++ int size; ++ int tmp_size; ++ ++ if (data_size > GRUB_INT_MAX) ++ return grub_error (GRUB_ERR_OUT_OF_RANGE, ++ "Cannot parse a certificate where data size > INT_MAX"); ++ size = (int) data_size; ++ ++ result = asn1_create_element (_gnutls_pkix_asn, "PKIX1.Certificate", &cert); ++ if (result != ASN1_SUCCESS) ++ { ++ return grub_error (GRUB_ERR_OUT_OF_MEMORY, ++ "Could not create ASN.1 structure for certificate: %s", ++ asn1_strerror (result)); ++ } ++ ++ result = asn1_der_decoding2 (&cert, data, &size, ++ ASN1_DECODE_FLAG_STRICT_DER, asn1_error); ++ if (result != ASN1_SUCCESS) ++ { ++ err = ++ grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "Could not parse DER for certificate: %s", asn1_error); ++ goto cleanup; ++ } ++ ++ /* ++ * TBSCertificate ::= SEQUENCE { ++ * version [0] EXPLICIT Version DEFAULT v1 ++ */ ++ err = check_version (cert); ++ if (err != GRUB_ERR_NONE) ++ { ++ goto cleanup; ++ } ++ ++ /* ++ * serialNumber CertificateSerialNumber, ++ * ++ * CertificateSerialNumber ::= INTEGER ++ */ ++ results->serial = ++ grub_asn1_allocate_and_read (cert, "tbsCertificate.serialNumber", ++ "certificate serial number", &tmp_size); ++ if (!results->serial) ++ { ++ err = grub_errno; ++ goto cleanup; ++ } ++ /* ++ * It's safe to cast the signed int to an unsigned here, we know ++ * length is non-negative ++ */ ++ results->serial_len = tmp_size; ++ ++ /* ++ * signature AlgorithmIdentifier, ++ * ++ * We don't load the signature or issuer at the moment, ++ * as we don't attempt x509 verification. ++ */ ++ ++ /* ++ * issuer Name, ++ * ++ * The RFC only requires the serial number to be unique within ++ * issuers, so to avoid ambiguity we _technically_ ought to make ++ * this available. ++ */ ++ ++ /* ++ * validity Validity, ++ * ++ * Validity ::= SEQUENCE { ++ * notBefore Time, ++ * notAfter Time } ++ * ++ * We can't validate this reasonably, we have no true time source on several ++ * platforms. For now we do not parse them. ++ */ ++ ++ /* ++ * subject Name, ++ * ++ * This is an X501 name, we parse out just the CN. ++ */ ++ err = ++ read_name (cert, "tbsCertificate.subject", &results->subject, ++ &results->subject_len); ++ if (err != GRUB_ERR_NONE) ++ goto cleanup_serial; ++ ++ /* ++ * TBSCertificate ::= SEQUENCE { ++ * ... ++ * subjectPublicKeyInfo SubjectPublicKeyInfo, ++ * ... ++ */ ++ err = grub_x509_read_subject_public_key (cert, results); ++ if (err != GRUB_ERR_NONE) ++ goto cleanup_name; ++ ++ /* ++ * TBSCertificate ::= SEQUENCE { ++ * ... ++ * extensions [3] EXPLICIT Extensions OPTIONAL ++ * -- If present, version MUST be v3 ++ * } ++ */ ++ ++ err = verify_extensions (cert); ++ if (err != GRUB_ERR_NONE) ++ goto cleanup_name; ++ ++ ++ /* ++ * We do not read or check the signature on the certificate: ++ * as discussed we do not try to validate the certificate but trust ++ * it implictly. ++ */ ++ ++ asn1_delete_structure (&cert); ++ return GRUB_ERR_NONE; ++ ++ ++cleanup_name: ++ grub_free (results->subject); ++cleanup_serial: ++ grub_free (results->serial); ++cleanup: ++ asn1_delete_structure (&cert); ++ return err; ++} ++ ++/* ++ * Release all the storage associated with the x509 certificate. ++ * If the caller dynamically allocated the certificate, it must free it. ++ * The caller is also responsible for maintenance of the linked list. ++ */ ++void ++certificate_release (struct x509_certificate *cert) ++{ ++ grub_free (cert->subject); ++ grub_free (cert->serial); ++ gcry_mpi_release (cert->mpis[0]); ++ gcry_mpi_release (cert->mpis[1]); ++} +diff --git a/grub-core/commands/appendedsig/appendedsig.h b/grub-core/commands/appendedsig/appendedsig.h +new file mode 100644 +index 000000000..9792ef390 +--- /dev/null ++++ b/grub-core/commands/appendedsig/appendedsig.h +@@ -0,0 +1,110 @@ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2020 IBM Corporation. ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ */ ++ ++#include ++#include ++ ++extern asn1_node _gnutls_gnutls_asn; ++extern asn1_node _gnutls_pkix_asn; ++ ++#define MAX_OID_LEN 32 ++ ++/* ++ * One or more x509 certificates. ++ * ++ * We do limited parsing: extracting only the serial, CN and RSA public key. ++ */ ++struct x509_certificate ++{ ++ struct x509_certificate *next; ++ ++ grub_uint8_t *serial; ++ grub_size_t serial_len; ++ ++ char *subject; ++ grub_size_t subject_len; ++ ++ /* We only support RSA public keys. This encodes [modulus, publicExponent] */ ++ gcry_mpi_t mpis[2]; ++}; ++ ++/* ++ * A PKCS#7 signedData message. ++ * ++ * We make no attempt to match intelligently, so we don't save any info about ++ * the signer. We also support only 1 signerInfo, so we only store a single ++ * MPI for the signature. ++ */ ++struct pkcs7_signedData ++{ ++ const gcry_md_spec_t *hash; ++ gcry_mpi_t sig_mpi; ++}; ++ ++ ++/* Do libtasn1 init */ ++int asn1_init (void); ++ ++/* ++ * Import a DER-encoded certificate at 'data', of size 'size'. ++ * ++ * Place the results into 'results', which must be already allocated. ++ */ ++grub_err_t ++certificate_import (void *data, grub_size_t size, ++ struct x509_certificate *results); ++ ++/* ++ * Release all the storage associated with the x509 certificate. ++ * If the caller dynamically allocated the certificate, it must free it. ++ * The caller is also responsible for maintenance of the linked list. ++ */ ++void certificate_release (struct x509_certificate *cert); ++ ++/* ++ * Parse a PKCS#7 message, which must be a signedData message. ++ * ++ * The message must be in 'sigbuf' and of size 'data_size'. The result is ++ * placed in 'msg', which must already be allocated. ++ */ ++grub_err_t ++parse_pkcs7_signedData (void *sigbuf, grub_size_t data_size, ++ struct pkcs7_signedData *msg); ++ ++/* ++ * Release all the storage associated with the PKCS#7 message. ++ * If the caller dynamically allocated the message, it must free it. ++ */ ++void pkcs7_signedData_release (struct pkcs7_signedData *msg); ++ ++/* ++ * Read a value from an ASN1 node, allocating memory to store it. ++ * ++ * It will work for anything where the size libtasn1 returns is right: ++ * - Integers ++ * - Octet strings ++ * - DER encoding of other structures ++ * It will _not_ work for things where libtasn1 size requires adjustment: ++ * - Strings that require an extra NULL byte at the end ++ * - Bit strings because libtasn1 returns the length in bits, not bytes. ++ * ++ * If the function returns a non-NULL value, the caller must free it. ++ */ ++void *grub_asn1_allocate_and_read (asn1_node node, const char *name, ++ const char *friendly_name, ++ int *content_size); diff --git a/SOURCES/0367-appended-signatures-support-verifying-appended-signa.patch b/SOURCES/0367-appended-signatures-support-verifying-appended-signa.patch new file mode 100644 index 0000000..02f5afc --- /dev/null +++ b/SOURCES/0367-appended-signatures-support-verifying-appended-signa.patch @@ -0,0 +1,719 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Thu, 30 Jul 2020 01:35:43 +1000 +Subject: [PATCH] appended signatures: support verifying appended signatures + +Building on the parsers and the ability to embed x509 certificates, as +well as the existing gcrypt functionality, add a module for verifying +appended signatures. + +This includes: + + - a verifier that requires that kernels and grub modules have appended + signatures. It shares lots of logic with shim-lock verifier about what + files need to be verified and what modules are unsafe to have loaded. + + - commands to manage the list of trusted certificates for verification. + +Similar to the PGP verifier, if a certificate is embedded in the core +image, verification will be enforced unless disabled on the the grub +command line or by load_env. + +Thus, as with the PGP verifier, it is not a complete secure-boot solution: +other mechanisms must be used to ensure that a user cannot drop to the +grub shell and disable verification. + +Signed-off-by: Daniel Axtens +--- + grub-core/Makefile.core.def | 12 + + grub-core/commands/appendedsig/appendedsig.c | 644 +++++++++++++++++++++++++++ + include/grub/file.h | 2 + + 3 files changed, 658 insertions(+) + create mode 100644 grub-core/commands/appendedsig/appendedsig.c + +diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def +index fd1229c63..1cf6b60f8 100644 +--- a/grub-core/Makefile.core.def ++++ b/grub-core/Makefile.core.def +@@ -921,6 +921,18 @@ module = { + cppflags = '-I$(srcdir)/lib/posix_wrap'; + }; + ++module = { ++ name = appendedsig; ++ common = commands/appendedsig/appendedsig.c; ++ common = commands/appendedsig/x509.c; ++ common = commands/appendedsig/pkcs7.c; ++ common = commands/appendedsig/asn1util.c; ++ common = commands/appendedsig/gnutls_asn1_tab.c; ++ common = commands/appendedsig/pkix_asn1_tab.c; ++ cflags = '$(CFLAGS_POSIX)'; ++ cppflags = '-I$(srcdir)/lib/posix_wrap'; ++}; ++ + module = { + name = verifiers; + common = commands/verifiers.c; +diff --git a/grub-core/commands/appendedsig/appendedsig.c b/grub-core/commands/appendedsig/appendedsig.c +new file mode 100644 +index 000000000..5d8897be5 +--- /dev/null ++++ b/grub-core/commands/appendedsig/appendedsig.c +@@ -0,0 +1,644 @@ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2020 IBM Corporation. ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ */ ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++#include "appendedsig.h" ++ ++GRUB_MOD_LICENSE ("GPLv3+"); ++ ++const char magic[] = "~Module signature appended~\n"; ++ ++/* ++ * This structure is extracted from scripts/sign-file.c in the linux kernel ++ * source. It was licensed as LGPLv2.1+, which is GPLv3+ compatible. ++ */ ++struct module_signature ++{ ++ grub_uint8_t algo; /* Public-key crypto algorithm [0] */ ++ grub_uint8_t hash; /* Digest algorithm [0] */ ++ grub_uint8_t id_type; /* Key identifier type [PKEY_ID_PKCS7] */ ++ grub_uint8_t signer_len; /* Length of signer's name [0] */ ++ grub_uint8_t key_id_len; /* Length of key identifier [0] */ ++ grub_uint8_t __pad[3]; ++ grub_uint32_t sig_len; /* Length of signature data */ ++} GRUB_PACKED; ++ ++ ++/* This represents an entire, parsed, appended signature */ ++struct grub_appended_signature ++{ ++ grub_size_t signature_len; /* Length of PKCS#7 data + ++ * metadata + magic */ ++ ++ struct module_signature sig_metadata; /* Module signature metadata */ ++ struct pkcs7_signedData pkcs7; /* Parsed PKCS#7 data */ ++}; ++ ++/* Trusted certificates for verifying appended signatures */ ++struct x509_certificate *grub_trusted_key; ++ ++/* ++ * Force gcry_rsa to be a module dependency. ++ * ++ * If we use grub_crypto_pk_rsa, then then the gcry_rsa module won't be built ++ * in if you add 'appendedsig' to grub-install --modules. You would need to ++ * add 'gcry_rsa' too. That's confusing and seems suboptimal, especially when ++ * we only support RSA. ++ * ++ * Dynamic loading also causes some concerns. We can't load gcry_rsa from the ++ * the filesystem after we install the verifier - we won't be able to verify ++ * it without having it already present. We also shouldn't load it before we ++ * install the verifier, because that would mean it wouldn't be verified - an ++ * attacker could insert any code they wanted into the module. ++ * ++ * So instead, reference the internal symbol from gcry_rsa. That creates a ++ * direct dependency on gcry_rsa, so it will be built in when this module ++ * is built in. Being built in (assuming the core image is itself signed!) ++ * also resolves our concerns about loading from the filesystem. ++ */ ++extern gcry_pk_spec_t _gcry_pubkey_spec_rsa; ++ ++static int check_sigs = 0; ++ ++static char * ++grub_env_write_sec (struct grub_env_var *var __attribute__((unused)), ++ const char *val) ++{ ++ check_sigs = (*val == '1') || (*val == 'e'); ++ return grub_strdup (check_sigs ? "enforce" : "no"); ++} ++ ++static grub_err_t ++read_cert_from_file (grub_file_t f, struct x509_certificate *certificate) ++{ ++ grub_err_t err; ++ grub_uint8_t *buf = NULL; ++ grub_ssize_t read_size; ++ grub_off_t total_read_size = 0; ++ grub_off_t file_size = grub_file_size (f); ++ ++ ++ if (file_size == GRUB_FILE_SIZE_UNKNOWN) ++ return grub_error (GRUB_ERR_BAD_ARGUMENT, ++ N_("Cannot parse a certificate file of unknown size")); ++ ++ buf = grub_zalloc (file_size); ++ if (!buf) ++ return grub_error (GRUB_ERR_OUT_OF_MEMORY, ++ N_("Could not allocate buffer for certificate file contents")); ++ ++ while (total_read_size < file_size) ++ { ++ read_size = ++ grub_file_read (f, &buf[total_read_size], ++ file_size - total_read_size); ++ if (read_size < 0) ++ { ++ err = grub_error (GRUB_ERR_READ_ERROR, ++ N_("Error reading certificate file")); ++ goto cleanup_buf; ++ } ++ total_read_size += read_size; ++ } ++ ++ err = certificate_import (buf, total_read_size, certificate); ++ if (err != GRUB_ERR_NONE) ++ goto cleanup_buf; ++ ++ return GRUB_ERR_NONE; ++ ++cleanup_buf: ++ grub_free (buf); ++ return err; ++} ++ ++static grub_err_t ++extract_appended_signature (grub_uint8_t * buf, grub_size_t bufsize, ++ struct grub_appended_signature *sig) ++{ ++ grub_err_t err; ++ grub_size_t pkcs7_size; ++ grub_size_t remaining_len; ++ grub_uint8_t *appsigdata = buf + bufsize - grub_strlen (magic); ++ ++ if (bufsize < grub_strlen (magic)) ++ return grub_error (GRUB_ERR_BAD_SIGNATURE, ++ N_("File too short for signature magic")); ++ ++ if (grub_memcmp (appsigdata, (grub_uint8_t *) magic, grub_strlen (magic))) ++ return grub_error (GRUB_ERR_BAD_SIGNATURE, ++ N_("Missing or invalid signature magic")); ++ ++ remaining_len = bufsize - grub_strlen (magic); ++ ++ if (remaining_len < sizeof (struct module_signature)) ++ return grub_error (GRUB_ERR_BAD_SIGNATURE, ++ N_("File too short for signature metadata")); ++ ++ appsigdata -= sizeof (struct module_signature); ++ ++ /* extract the metadata */ ++ grub_memcpy (&(sig->sig_metadata), appsigdata, ++ sizeof (struct module_signature)); ++ ++ remaining_len -= sizeof (struct module_signature); ++ ++ if (sig->sig_metadata.id_type != 2) ++ return grub_error (GRUB_ERR_BAD_SIGNATURE, N_("Wrong signature type")); ++ ++#ifdef GRUB_TARGET_WORDS_BIGENDIAN ++ pkcs7_size = sig->sig_metadata.sig_len; ++#else ++ pkcs7_size = __builtin_bswap32 (sig->sig_metadata.sig_len); ++#endif ++ ++ if (pkcs7_size > remaining_len) ++ return grub_error (GRUB_ERR_BAD_SIGNATURE, ++ N_("File too short for PKCS#7 message")); ++ ++ grub_dprintf ("appendedsig", "sig len %" PRIuGRUB_SIZE "\n", pkcs7_size); ++ ++ sig->signature_len = ++ grub_strlen (magic) + sizeof (struct module_signature) + pkcs7_size; ++ ++ /* rewind pointer and parse pkcs7 data */ ++ appsigdata -= pkcs7_size; ++ ++ err = parse_pkcs7_signedData (appsigdata, pkcs7_size, &sig->pkcs7); ++ if (err != GRUB_ERR_NONE) ++ return err; ++ ++ return GRUB_ERR_NONE; ++} ++ ++static grub_err_t ++grub_verify_appended_signature (grub_uint8_t * buf, grub_size_t bufsize) ++{ ++ grub_err_t err = GRUB_ERR_NONE; ++ grub_size_t datasize; ++ void *context; ++ unsigned char *hash; ++ gcry_mpi_t hashmpi; ++ gcry_err_code_t rc; ++ struct x509_certificate *pk; ++ struct grub_appended_signature sig; ++ ++ if (!grub_trusted_key) ++ return grub_error (GRUB_ERR_BAD_SIGNATURE, ++ N_("No trusted keys to verify against")); ++ ++ err = extract_appended_signature (buf, bufsize, &sig); ++ if (err != GRUB_ERR_NONE) ++ return err; ++ ++ datasize = bufsize - sig.signature_len; ++ ++ context = grub_zalloc (sig.pkcs7.hash->contextsize); ++ if (!context) ++ return grub_errno; ++ ++ sig.pkcs7.hash->init (context); ++ sig.pkcs7.hash->write (context, buf, datasize); ++ sig.pkcs7.hash->final (context); ++ hash = sig.pkcs7.hash->read (context); ++ grub_dprintf ("appendedsig", ++ "data size %" PRIxGRUB_SIZE ", hash %02x%02x%02x%02x...\n", ++ datasize, hash[0], hash[1], hash[2], hash[3]); ++ ++ err = GRUB_ERR_BAD_SIGNATURE; ++ for (pk = grub_trusted_key; pk; pk = pk->next) ++ { ++ rc = grub_crypto_rsa_pad (&hashmpi, hash, sig.pkcs7.hash, pk->mpis[0]); ++ if (rc) ++ { ++ err = grub_error (GRUB_ERR_BAD_SIGNATURE, ++ N_("Error padding hash for RSA verification: %d"), ++ rc); ++ goto cleanup; ++ } ++ ++ rc = _gcry_pubkey_spec_rsa.verify (0, hashmpi, &sig.pkcs7.sig_mpi, ++ pk->mpis, NULL, NULL); ++ gcry_mpi_release (hashmpi); ++ ++ if (rc == 0) ++ { ++ grub_dprintf ("appendedsig", "verify with key '%s' succeeded\n", ++ pk->subject); ++ err = GRUB_ERR_NONE; ++ break; ++ } ++ ++ grub_dprintf ("appendedsig", "verify with key '%s' failed with %d\n", ++ pk->subject, rc); ++ } ++ ++ /* If we didn't verify, provide a neat message */ ++ if (err != GRUB_ERR_NONE) ++ err = grub_error (GRUB_ERR_BAD_SIGNATURE, ++ N_("Failed to verify signature against a trusted key")); ++ ++cleanup: ++ grub_free (context); ++ pkcs7_signedData_release (&sig.pkcs7); ++ ++ return err; ++} ++ ++static grub_err_t ++grub_cmd_verify_signature (grub_command_t cmd __attribute__((unused)), ++ int argc, char **args) ++{ ++ grub_file_t f; ++ grub_err_t err = GRUB_ERR_NONE; ++ grub_uint8_t *data; ++ grub_ssize_t read_size; ++ grub_off_t file_size, total_read_size = 0; ++ ++ if (argc < 1) ++ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("one argument expected")); ++ ++ grub_dprintf ("appendedsig", "verifying %s\n", args[0]); ++ ++ f = grub_file_open (args[0], GRUB_FILE_TYPE_VERIFY_SIGNATURE); ++ if (!f) ++ { ++ err = grub_errno; ++ goto cleanup; ++ } ++ ++ file_size = grub_file_size (f); ++ if (file_size == GRUB_FILE_SIZE_UNKNOWN) ++ return grub_error (GRUB_ERR_BAD_ARGUMENT, ++ N_("Cannot verify the signature of a file of unknown size")); ++ ++ data = grub_malloc (file_size); ++ if (!data) ++ return grub_error (GRUB_ERR_OUT_OF_MEMORY, ++ N_("Could not allocate data buffer size " ++ PRIuGRUB_UINT64_T " for verification"), file_size); ++ ++ while (total_read_size < file_size) ++ { ++ read_size = ++ grub_file_read (f, &data[total_read_size], ++ file_size - total_read_size); ++ if (read_size < 0) ++ { ++ err = grub_error (GRUB_ERR_READ_ERROR, ++ N_("Error reading file to verify")); ++ goto cleanup_data; ++ } ++ total_read_size += read_size; ++ } ++ ++ err = grub_verify_appended_signature (data, file_size); ++ ++cleanup_data: ++ grub_free (data); ++cleanup: ++ if (f) ++ grub_file_close (f); ++ return err; ++} ++ ++static grub_err_t ++grub_cmd_distrust (grub_command_t cmd __attribute__((unused)), ++ int argc, char **args) ++{ ++ unsigned long cert_num, i; ++ struct x509_certificate *cert, *prev; ++ ++ if (argc != 1) ++ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("One argument expected")); ++ ++ grub_errno = GRUB_ERR_NONE; ++ cert_num = grub_strtoul (args[0], NULL, 10); ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; ++ ++ if (cert_num < 1) ++ return grub_error (GRUB_ERR_BAD_ARGUMENT, ++ N_("Certificate number too small - numbers start at 1")); ++ ++ if (cert_num == 1) ++ { ++ cert = grub_trusted_key; ++ grub_trusted_key = cert->next; ++ ++ certificate_release (cert); ++ grub_free (cert); ++ return GRUB_ERR_NONE; ++ } ++ i = 2; ++ prev = grub_trusted_key; ++ cert = grub_trusted_key->next; ++ while (cert) ++ { ++ if (i == cert_num) ++ { ++ prev->next = cert->next; ++ certificate_release (cert); ++ grub_free (cert); ++ return GRUB_ERR_NONE; ++ } ++ i++; ++ prev = cert; ++ cert = cert->next; ++ } ++ ++ return grub_error (GRUB_ERR_BAD_ARGUMENT, ++ N_("No certificate number %d found - only %d certificates in the store"), ++ cert_num, i - 1); ++} ++ ++static grub_err_t ++grub_cmd_trust (grub_command_t cmd __attribute__((unused)), ++ int argc, char **args) ++{ ++ grub_file_t certf; ++ struct x509_certificate *cert = NULL; ++ grub_err_t err; ++ ++ if (argc != 1) ++ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("one argument expected")); ++ ++ certf = grub_file_open (args[0], ++ GRUB_FILE_TYPE_CERTIFICATE_TRUST ++ | GRUB_FILE_TYPE_NO_DECOMPRESS); ++ if (!certf) ++ return grub_errno; ++ ++ ++ cert = grub_zalloc (sizeof (struct x509_certificate)); ++ if (!cert) ++ return grub_error (GRUB_ERR_OUT_OF_MEMORY, ++ N_("Could not allocate memory for certificate")); ++ ++ err = read_cert_from_file (certf, cert); ++ grub_file_close (certf); ++ if (err != GRUB_ERR_NONE) ++ { ++ grub_free (cert); ++ return err; ++ } ++ grub_dprintf ("appendedsig", "Loaded certificate with CN: %s\n", ++ cert->subject); ++ ++ cert->next = grub_trusted_key; ++ grub_trusted_key = cert; ++ ++ return GRUB_ERR_NONE; ++} ++ ++static grub_err_t ++grub_cmd_list (grub_command_t cmd __attribute__((unused)), ++ int argc __attribute__((unused)), ++ char **args __attribute__((unused))) ++{ ++ struct x509_certificate *cert; ++ int cert_num = 1; ++ grub_size_t i; ++ ++ for (cert = grub_trusted_key; cert; cert = cert->next) ++ { ++ grub_printf (N_("Certificate %d:\n"), cert_num); ++ ++ grub_printf (N_("\tSerial: ")); ++ for (i = 0; i < cert->serial_len - 1; i++) ++ { ++ grub_printf ("%02x:", cert->serial[i]); ++ } ++ grub_printf ("%02x\n", cert->serial[cert->serial_len - 1]); ++ ++ grub_printf ("\tCN: %s\n\n", cert->subject); ++ cert_num++; ++ ++ } ++ ++ return GRUB_ERR_NONE; ++} ++ ++static grub_err_t ++appendedsig_init (grub_file_t io, enum grub_file_type type, ++ void **context __attribute__((unused)), ++ enum grub_verify_flags *flags) ++{ ++ const char *dangerous_mod; ++ ++ if (!check_sigs) ++ { ++ *flags = GRUB_VERIFY_FLAGS_SKIP_VERIFICATION; ++ return GRUB_ERR_NONE; ++ } ++ ++ switch (type & GRUB_FILE_TYPE_MASK) ++ { ++ case GRUB_FILE_TYPE_GRUB_MODULE: ++ if (grub_is_dangerous_module (io)) ++ return grub_error (GRUB_ERR_ACCESS_DENIED, ++ N_("module cannot be loaded in appended signature mode: %s"), ++ io->name); ++ ++ *flags = GRUB_VERIFY_FLAGS_SINGLE_CHUNK; ++ return GRUB_ERR_NONE; ++ ++ case GRUB_FILE_TYPE_ACPI_TABLE: ++ case GRUB_FILE_TYPE_DEVICE_TREE_IMAGE: ++ *flags = GRUB_VERIFY_FLAGS_DEFER_AUTH; ++ return GRUB_ERR_NONE; ++ ++ case GRUB_FILE_TYPE_CERTIFICATE_TRUST: ++ /* ++ * This is a certificate to add to trusted keychain. ++ * ++ * This needs to be verified or blocked. Ideally we'd write an x509 ++ * verifier, but we lack the hubris required to take this on. Instead, ++ * require that it have an appended signature. ++ */ ++ ++ /* Fall through */ ++ ++ case GRUB_FILE_TYPE_LINUX_KERNEL: ++ case GRUB_FILE_TYPE_MULTIBOOT_KERNEL: ++ case GRUB_FILE_TYPE_BSD_KERNEL: ++ case GRUB_FILE_TYPE_XNU_KERNEL: ++ case GRUB_FILE_TYPE_PLAN9_KERNEL: ++ ++ dangerous_mod = grub_dangerous_module_loaded (); ++ if (dangerous_mod) ++ return grub_error (GRUB_ERR_ACCESS_DENIED, ++ N_("cannot proceed due to dangerous module in memory: %s"), ++ dangerous_mod); ++ ++ *flags = GRUB_VERIFY_FLAGS_SINGLE_CHUNK; ++ return GRUB_ERR_NONE; ++ ++ default: ++ /* ++ * powerpc only supports the linux loader. If you support more, ++ * (especially chain loaded binaries) make sure they're checked! ++ */ ++ *flags = GRUB_VERIFY_FLAGS_SKIP_VERIFICATION; ++ return GRUB_ERR_NONE; ++ } ++} ++ ++static grub_err_t ++appendedsig_write (void *ctxt __attribute__((unused)), ++ void *buf, grub_size_t size) ++{ ++ return grub_verify_appended_signature (buf, size); ++} ++ ++struct grub_file_verifier grub_appendedsig_verifier = { ++ .name = "appendedsig", ++ .init = appendedsig_init, ++ .write = appendedsig_write, ++}; ++ ++static grub_ssize_t ++pseudo_read (struct grub_file *file, char *buf, grub_size_t len) ++{ ++ grub_memcpy (buf, (grub_uint8_t *) file->data + file->offset, len); ++ return len; ++} ++ ++/* Filesystem descriptor. */ ++static struct grub_fs pseudo_fs = { ++ .name = "pseudo", ++ .read = pseudo_read ++}; ++ ++static grub_command_t cmd_verify, cmd_list, cmd_distrust, cmd_trust; ++ ++GRUB_MOD_INIT (appendedsig) ++{ ++ int rc; ++ struct grub_module_header *header; ++ const char *val; ++ ++ val = grub_env_get ("check_appended_signatures"); ++ grub_dprintf ("appendedsig", "check_appended_signatures='%s'\n", val); ++ ++ if (val && (val[0] == '1' || val[0] == 'e')) ++ check_sigs = 1; ++ else ++ check_sigs = 0; ++ ++ grub_trusted_key = NULL; ++ ++ grub_register_variable_hook ("check_appended_signatures", 0, ++ grub_env_write_sec); ++ grub_env_export ("check_appended_signatures"); ++ ++ rc = asn1_init (); ++ if (rc) ++ grub_fatal ("Error initing ASN.1 data structures: %d: %s\n", rc, ++ asn1_strerror (rc)); ++ ++ FOR_MODULES (header) ++ { ++ struct grub_file pseudo_file; ++ struct x509_certificate *pk = NULL; ++ grub_err_t err; ++ ++ /* Not an ELF module, skip. */ ++ if (header->type != OBJ_TYPE_X509_PUBKEY) ++ continue; ++ ++ grub_memset (&pseudo_file, 0, sizeof (pseudo_file)); ++ pseudo_file.fs = &pseudo_fs; ++ pseudo_file.size = header->size - sizeof (struct grub_module_header); ++ pseudo_file.data = (char *) header + sizeof (struct grub_module_header); ++ ++ grub_dprintf ("appendedsig", ++ "Found an x509 key, size=%" PRIuGRUB_UINT64_T "\n", ++ pseudo_file.size); ++ ++ pk = grub_zalloc (sizeof (struct x509_certificate)); ++ if (!pk) ++ { ++ grub_fatal ("Out of memory loading initial certificates"); ++ } ++ ++ err = read_cert_from_file (&pseudo_file, pk); ++ if (err != GRUB_ERR_NONE) ++ grub_fatal ("Error loading initial key: %s", grub_errmsg); ++ ++ grub_dprintf ("appendedsig", "loaded certificate CN='%s'\n", pk->subject); ++ ++ pk->next = grub_trusted_key; ++ grub_trusted_key = pk; ++ } ++ ++ if (!val || val[0] == '\0') ++ { ++ grub_env_set ("check_appended_signatures", ++ grub_trusted_key ? "enforce" : "no"); ++ } ++ ++ cmd_trust = ++ grub_register_command ("trust_certificate", grub_cmd_trust, ++ N_("X509_CERTIFICATE"), ++ N_("Add X509_CERTIFICATE to trusted certificates.")); ++ cmd_list = ++ grub_register_command ("list_certificates", grub_cmd_list, 0, ++ N_("Show the list of trusted x509 certificates.")); ++ cmd_verify = ++ grub_register_command ("verify_appended", grub_cmd_verify_signature, ++ N_("FILE"), ++ N_("Verify FILE against the trusted x509 certificates.")); ++ cmd_distrust = ++ grub_register_command ("distrust_certificate", grub_cmd_distrust, ++ N_("CERT_NUMBER"), ++ N_("Remove CERT_NUMBER (as listed by list_certificates) from trusted certificates.")); ++ ++ grub_verifier_register (&grub_appendedsig_verifier); ++ grub_dl_set_persistent (mod); ++} ++ ++GRUB_MOD_FINI (appendedsig) ++{ ++ /* ++ * grub_dl_set_persistent should prevent this from actually running, but ++ * it does still run under emu. ++ */ ++ ++ grub_verifier_unregister (&grub_appendedsig_verifier); ++ grub_unregister_command (cmd_verify); ++ grub_unregister_command (cmd_list); ++ grub_unregister_command (cmd_trust); ++ grub_unregister_command (cmd_distrust); ++} +diff --git a/include/grub/file.h b/include/grub/file.h +index cbbd29465..2e337dbd6 100644 +--- a/include/grub/file.h ++++ b/include/grub/file.h +@@ -82,6 +82,8 @@ enum grub_file_type + GRUB_FILE_TYPE_PUBLIC_KEY, + /* File holding public key to add to trused keys. */ + GRUB_FILE_TYPE_PUBLIC_KEY_TRUST, ++ /* File holding x509 certificiate to add to trusted keys. */ ++ GRUB_FILE_TYPE_CERTIFICATE_TRUST, + /* File of which we intend to print a blocklist to the user. */ + GRUB_FILE_TYPE_PRINT_BLOCKLIST, + /* File we intend to use for test loading or testing speed. */ diff --git a/SOURCES/0368-appended-signatures-verification-tests.patch b/SOURCES/0368-appended-signatures-verification-tests.patch new file mode 100644 index 0000000..06e97d4 --- /dev/null +++ b/SOURCES/0368-appended-signatures-verification-tests.patch @@ -0,0 +1,897 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Thu, 30 Jul 2020 01:31:02 +1000 +Subject: [PATCH] appended signatures: verification tests + +These tests are run through all_functional_test and test a range +of commands and behaviours. + +Signed-off-by: Daniel Axtens +--- + grub-core/Makefile.core.def | 6 + + grub-core/tests/appended_signature_test.c | 281 +++++++++++++++ + grub-core/tests/lib/functional_test.c | 1 + + grub-core/tests/appended_signatures.h | 557 ++++++++++++++++++++++++++++++ + 4 files changed, 845 insertions(+) + create mode 100644 grub-core/tests/appended_signature_test.c + create mode 100644 grub-core/tests/appended_signatures.h + +diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def +index 1cf6b60f8..8914083d1 100644 +--- a/grub-core/Makefile.core.def ++++ b/grub-core/Makefile.core.def +@@ -2040,6 +2040,12 @@ module = { + common = tests/setjmp_test.c; + }; + ++module = { ++ name = appended_signature_test; ++ common = tests/appended_signature_test.c; ++ common = tests/appended_signatures.h; ++}; ++ + module = { + name = signature_test; + common = tests/signature_test.c; +diff --git a/grub-core/tests/appended_signature_test.c b/grub-core/tests/appended_signature_test.c +new file mode 100644 +index 000000000..88a485200 +--- /dev/null ++++ b/grub-core/tests/appended_signature_test.c +@@ -0,0 +1,281 @@ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2020 IBM Corporation. ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ */ ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++#include "appended_signatures.h" ++ ++GRUB_MOD_LICENSE ("GPLv3+"); ++ ++#define DEFINE_TEST_CASE(case_name) \ ++static char * \ ++get_ ## case_name (grub_size_t *sz) \ ++{ \ ++ char *ret; \ ++ *sz = case_name ## _len; \ ++ ret = grub_malloc (*sz); \ ++ if (ret) \ ++ grub_memcpy (ret, case_name, *sz); \ ++ return ret; \ ++} \ ++\ ++static struct grub_procfs_entry case_name ## _entry = \ ++{ \ ++ .name = #case_name, \ ++ .get_contents = get_ ## case_name \ ++} ++ ++#define DO_TEST(case_name, is_valid) \ ++{ \ ++ grub_procfs_register (#case_name, &case_name ## _entry); \ ++ do_verify ("(proc)/" #case_name, is_valid); \ ++ grub_procfs_unregister (&case_name ## _entry); \ ++} ++ ++ ++DEFINE_TEST_CASE (hi_signed); ++DEFINE_TEST_CASE (hi_signed_sha256); ++DEFINE_TEST_CASE (hj_signed); ++DEFINE_TEST_CASE (short_msg); ++DEFINE_TEST_CASE (unsigned_msg); ++DEFINE_TEST_CASE (hi_signed_2nd); ++ ++static char * ++get_certificate_der (grub_size_t * sz) ++{ ++ char *ret; ++ *sz = certificate_der_len; ++ ret = grub_malloc (*sz); ++ if (ret) ++ grub_memcpy (ret, certificate_der, *sz); ++ return ret; ++} ++ ++static struct grub_procfs_entry certificate_der_entry = { ++ .name = "certificate.der", ++ .get_contents = get_certificate_der ++}; ++ ++static char * ++get_certificate2_der (grub_size_t * sz) ++{ ++ char *ret; ++ *sz = certificate2_der_len; ++ ret = grub_malloc (*sz); ++ if (ret) ++ grub_memcpy (ret, certificate2_der, *sz); ++ return ret; ++} ++ ++static struct grub_procfs_entry certificate2_der_entry = { ++ .name = "certificate2.der", ++ .get_contents = get_certificate2_der ++}; ++ ++static char * ++get_certificate_printable_der (grub_size_t * sz) ++{ ++ char *ret; ++ *sz = certificate_printable_der_len; ++ ret = grub_malloc (*sz); ++ if (ret) ++ grub_memcpy (ret, certificate_printable_der, *sz); ++ return ret; ++} ++ ++static struct grub_procfs_entry certificate_printable_der_entry = { ++ .name = "certificate_printable.der", ++ .get_contents = get_certificate_printable_der ++}; ++ ++ ++static void ++do_verify (const char *f, int is_valid) ++{ ++ grub_command_t cmd; ++ char *args[] = { (char *) f, NULL }; ++ grub_err_t err; ++ ++ cmd = grub_command_find ("verify_appended"); ++ if (!cmd) ++ { ++ grub_test_assert (0, "can't find command `%s'", "verify_appended"); ++ return; ++ } ++ err = (cmd->func) (cmd, 1, args); ++ if (is_valid) ++ { ++ grub_test_assert (err == GRUB_ERR_NONE, ++ "verification of %s failed: %d: %s", f, grub_errno, ++ grub_errmsg); ++ } ++ else ++ { ++ grub_test_assert (err == GRUB_ERR_BAD_SIGNATURE, ++ "verification of %s unexpectedly succeeded", f); ++ } ++ grub_errno = GRUB_ERR_NONE; ++ ++} ++ ++static void ++appended_signature_test (void) ++{ ++ grub_command_t cmd_trust, cmd_distrust; ++ char *trust_args[] = { (char *) "(proc)/certificate.der", NULL }; ++ char *trust_args2[] = { (char *) "(proc)/certificate2.der", NULL }; ++ char *trust_args_printable[] = { (char *) "(proc)/certificate_printable.der", ++ NULL }; ++ char *distrust_args[] = { (char *) "1", NULL }; ++ char *distrust2_args[] = { (char *) "2", NULL }; ++ grub_err_t err; ++ ++ grub_procfs_register ("certificate.der", &certificate_der_entry); ++ grub_procfs_register ("certificate2.der", &certificate2_der_entry); ++ grub_procfs_register ("certificate_printable.der", ++ &certificate_printable_der_entry); ++ ++ cmd_trust = grub_command_find ("trust_certificate"); ++ if (!cmd_trust) ++ { ++ grub_test_assert (0, "can't find command `%s'", "trust_certificate"); ++ return; ++ } ++ err = (cmd_trust->func) (cmd_trust, 1, trust_args); ++ ++ grub_test_assert (err == GRUB_ERR_NONE, ++ "loading certificate failed: %d: %s", grub_errno, ++ grub_errmsg); ++ ++ /* If we have no certificate the remainder of the tests are meaningless */ ++ if (err != GRUB_ERR_NONE) ++ return; ++ ++ /* ++ * Reload the command: this works around some 'interesting' behaviour in the ++ * dynamic command dispatcher. The first time you call cmd->func you get a ++ * dispatcher that loads the module, finds the real cmd, calls it, and then ++ * releases some internal storage. This means it's not safe to call a second ++ * time and we need to reload it. ++ */ ++ cmd_trust = grub_command_find ("trust_certificate"); ++ ++ DO_TEST (hi_signed, 1); ++ DO_TEST (hi_signed_sha256, 1); ++ DO_TEST (hj_signed, 0); ++ DO_TEST (short_msg, 0); ++ DO_TEST (unsigned_msg, 0); ++ ++ /* ++ * in enforcing mode, we shouldn't be able to load a certificate that isn't ++ * signed by an existing trusted key. ++ * ++ * However, procfs files automatically skip the verification test, so we can't ++ * easily test this. ++ */ ++ ++ /* ++ * verify that testing with 2 trusted certs works ++ */ ++ DO_TEST (hi_signed_2nd, 0); ++ ++ err = (cmd_trust->func) (cmd_trust, 1, trust_args2); ++ ++ grub_test_assert (err == GRUB_ERR_NONE, ++ "loading certificate 2 failed: %d: %s", grub_errno, ++ grub_errmsg); ++ ++ if (err != GRUB_ERR_NONE) ++ return; ++ ++ DO_TEST (hi_signed_2nd, 1); ++ DO_TEST (hi_signed, 1); ++ ++ /* ++ * Check certificate removal. They're added to the _top_ of the list and ++ * removed by position in the list. Current the list looks like [#2, #1]. ++ * ++ * First test removing the second certificate in the list, which is ++ * certificate #1, giving us just [#2]. ++ */ ++ cmd_distrust = grub_command_find ("distrust_certificate"); ++ if (!cmd_distrust) ++ { ++ grub_test_assert (0, "can't find command `%s'", "distrust_certificate"); ++ return; ++ } ++ ++ err = (cmd_distrust->func) (cmd_distrust, 1, distrust2_args); ++ grub_test_assert (err == GRUB_ERR_NONE, ++ "distrusting certificate 1 failed: %d: %s", grub_errno, ++ grub_errmsg); ++ DO_TEST (hi_signed_2nd, 1); ++ DO_TEST (hi_signed, 0); ++ ++ /* ++ * Now reload certificate #1. This will make the list look like [#1, #2] ++ */ ++ err = (cmd_trust->func) (cmd_trust, 1, trust_args); ++ ++ grub_test_assert (err == GRUB_ERR_NONE, ++ "reloading certificate 1 failed: %d: %s", grub_errno, ++ grub_errmsg); ++ DO_TEST (hi_signed, 1); ++ ++ /* Remove the first certificate in the list, giving us just [#2] */ ++ err = (cmd_distrust->func) (cmd_distrust, 1, distrust_args); ++ grub_test_assert (err == GRUB_ERR_NONE, ++ "distrusting certificate 1 (first time) failed: %d: %s", ++ grub_errno, grub_errmsg); ++ DO_TEST (hi_signed_2nd, 1); ++ DO_TEST (hi_signed, 0); ++ ++ /* ++ * Remove the first certificate again, giving an empty list. ++ * ++ * verify_appended should fail if there are no certificates to verify against. ++ */ ++ err = (cmd_distrust->func) (cmd_distrust, 1, distrust_args); ++ grub_test_assert (err == GRUB_ERR_NONE, ++ "distrusting certificate 1 (second time) failed: %d: %s", ++ grub_errno, grub_errmsg); ++ DO_TEST (hi_signed_2nd, 0); ++ ++ /* ++ * Lastly, check a certificate that uses printableString rather than ++ * utf8String loads properly. ++ */ ++ err = (cmd_trust->func) (cmd_trust, 1, trust_args_printable); ++ grub_test_assert (err == GRUB_ERR_NONE, ++ "distrusting printable certificate failed: %d: %s", ++ grub_errno, grub_errmsg); ++ ++ grub_procfs_unregister (&certificate_der_entry); ++ grub_procfs_unregister (&certificate2_der_entry); ++ grub_procfs_unregister (&certificate_printable_der_entry); ++} ++ ++GRUB_FUNCTIONAL_TEST (appended_signature_test, appended_signature_test); +diff --git a/grub-core/tests/lib/functional_test.c b/grub-core/tests/lib/functional_test.c +index 96781fb39..403fa5c78 100644 +--- a/grub-core/tests/lib/functional_test.c ++++ b/grub-core/tests/lib/functional_test.c +@@ -73,6 +73,7 @@ grub_functional_all_tests (grub_extcmd_context_t ctxt __attribute__ ((unused)), + grub_dl_load ("xnu_uuid_test"); + grub_dl_load ("pbkdf2_test"); + grub_dl_load ("signature_test"); ++ grub_dl_load ("appended_signature_test"); + grub_dl_load ("sleep_test"); + grub_dl_load ("bswap_test"); + grub_dl_load ("ctz_test"); +diff --git a/grub-core/tests/appended_signatures.h b/grub-core/tests/appended_signatures.h +new file mode 100644 +index 000000000..aa3dc6278 +--- /dev/null ++++ b/grub-core/tests/appended_signatures.h +@@ -0,0 +1,557 @@ ++unsigned char certificate_der[] = { ++ 0x30, 0x82, 0x03, 0x88, 0x30, 0x82, 0x02, 0x70, 0xa0, 0x03, 0x02, 0x01, ++ 0x02, 0x02, 0x14, 0x25, 0x2e, 0xb8, 0xfd, 0x12, 0x62, 0x2e, 0xcd, 0x5d, ++ 0xa7, 0x53, 0xd2, 0x0b, 0xc2, 0x61, 0x7c, 0x14, 0xe0, 0x0f, 0x5c, 0x30, ++ 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, ++ 0x05, 0x00, 0x30, 0x49, 0x31, 0x28, 0x30, 0x26, 0x06, 0x03, 0x55, 0x04, ++ 0x03, 0x0c, 0x1f, 0x47, 0x72, 0x75, 0x62, 0x20, 0x41, 0x70, 0x70, 0x65, ++ 0x6e, 0x64, 0x65, 0x64, 0x20, 0x53, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, ++ 0x72, 0x65, 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1d, ++ 0x30, 0x1b, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, ++ 0x01, 0x16, 0x0e, 0x64, 0x6a, 0x61, 0x40, 0x61, 0x78, 0x74, 0x65, 0x6e, ++ 0x73, 0x2e, 0x6e, 0x65, 0x74, 0x30, 0x20, 0x17, 0x0d, 0x32, 0x30, 0x30, ++ 0x37, 0x30, 0x39, 0x30, 0x36, 0x32, 0x32, 0x30, 0x37, 0x5a, 0x18, 0x0f, ++ 0x32, 0x31, 0x32, 0x30, 0x30, 0x36, 0x31, 0x35, 0x30, 0x36, 0x32, 0x32, ++ 0x30, 0x37, 0x5a, 0x30, 0x52, 0x31, 0x31, 0x30, 0x2f, 0x06, 0x03, 0x55, ++ 0x04, 0x03, 0x0c, 0x28, 0x47, 0x72, 0x75, 0x62, 0x20, 0x41, 0x70, 0x70, ++ 0x65, 0x6e, 0x64, 0x65, 0x64, 0x20, 0x53, 0x69, 0x67, 0x6e, 0x61, 0x74, ++ 0x75, 0x72, 0x65, 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x53, 0x69, 0x67, ++ 0x6e, 0x69, 0x6e, 0x67, 0x20, 0x4b, 0x65, 0x79, 0x31, 0x1d, 0x30, 0x1b, ++ 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, ++ 0x0e, 0x64, 0x6a, 0x61, 0x40, 0x61, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x2e, ++ 0x6e, 0x65, 0x74, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, ++ 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, ++ 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, ++ 0xcd, 0xe8, 0x1c, 0x08, 0x68, 0x2e, 0xcb, 0xfe, 0x8c, 0x4b, 0x3b, 0x61, ++ 0xe7, 0x8e, 0x80, 0x58, 0x85, 0x85, 0xea, 0xc8, 0x3b, 0x42, 0xba, 0x72, ++ 0x84, 0x65, 0x20, 0xbc, 0x48, 0xa2, 0x25, 0x49, 0x6e, 0x1c, 0xb9, 0x7d, ++ 0xeb, 0xc1, 0x0c, 0xa8, 0xb7, 0xcc, 0x13, 0x78, 0xba, 0x11, 0xa4, 0x98, ++ 0xd7, 0xd0, 0x7c, 0xdd, 0xf5, 0x5a, 0xb7, 0xcd, 0x31, 0x0e, 0xcd, 0x9e, ++ 0xa7, 0x19, 0xf0, 0xbd, 0x0f, 0xa6, 0xfe, 0x8a, 0x11, 0x97, 0xed, 0x8b, ++ 0xe5, 0x16, 0xa6, 0x21, 0x13, 0x36, 0xad, 0x05, 0x49, 0xec, 0x29, 0x12, ++ 0x38, 0xa7, 0x4b, 0x0f, 0xa1, 0xfb, 0x72, 0xc0, 0xc0, 0x09, 0x67, 0x78, ++ 0xa8, 0xb6, 0xd6, 0x1a, 0x39, 0xc0, 0xa8, 0xbf, 0x5f, 0x14, 0x89, 0x5c, ++ 0xbc, 0x41, 0x0c, 0x0c, 0x5d, 0x42, 0x2e, 0x1c, 0xdf, 0x1f, 0x1d, 0xc9, ++ 0x43, 0x94, 0x5b, 0x6e, 0x8f, 0x15, 0x8c, 0x8f, 0x94, 0x73, 0x4f, 0x97, ++ 0x54, 0xf1, 0x86, 0x8a, 0xbc, 0xe4, 0xe4, 0x93, 0xc1, 0x5e, 0xc2, 0x3e, ++ 0x31, 0x5e, 0xd4, 0x85, 0x57, 0x14, 0xd0, 0x11, 0x07, 0x65, 0xf4, 0x7c, ++ 0x8f, 0x07, 0x57, 0xe1, 0x22, 0xd4, 0x78, 0x47, 0x65, 0x4e, 0xa9, 0xb3, ++ 0xaa, 0xce, 0xc7, 0x36, 0xfe, 0xda, 0x66, 0x02, 0xb6, 0x8d, 0x18, 0x2f, ++ 0x3b, 0x41, 0x8d, 0x02, 0x08, 0x72, 0x4b, 0x69, 0xbd, 0x1e, 0x58, 0xfc, ++ 0x1b, 0x64, 0x04, 0x52, 0x35, 0x35, 0xe2, 0x3d, 0x3e, 0xde, 0xd6, 0x64, ++ 0xf4, 0xec, 0x57, 0x7e, 0x65, 0x59, 0x00, 0xa6, 0xd3, 0x4b, 0x09, 0x93, ++ 0x2a, 0x95, 0x0f, 0x30, 0xb6, 0xa1, 0x8c, 0xe7, 0x8b, 0x49, 0xa4, 0x1d, ++ 0x25, 0x2d, 0x65, 0x48, 0x8a, 0x0f, 0xcf, 0x2a, 0xa2, 0xe1, 0xef, 0x72, ++ 0x92, 0xc3, 0xf5, 0x21, 0x37, 0x83, 0x9b, 0x6d, 0x0b, 0x1b, 0xb3, 0xa2, ++ 0x32, 0x38, 0x11, 0xb1, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x5d, 0x30, ++ 0x5b, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, ++ 0x02, 0x30, 0x00, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x04, 0x04, ++ 0x03, 0x02, 0x07, 0x80, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, ++ 0x16, 0x04, 0x14, 0xe5, 0x2a, 0x4f, 0xf2, 0x84, 0x91, 0x57, 0x91, 0xaf, ++ 0x12, 0xd2, 0xf1, 0xa1, 0x87, 0x73, 0x0f, 0x90, 0x25, 0xa0, 0x7a, 0x30, ++ 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, ++ 0x56, 0xd1, 0xfd, 0xe2, 0x1e, 0x7e, 0x1c, 0x63, 0x4f, 0x47, 0xdb, 0xe4, ++ 0xc4, 0x51, 0x04, 0x03, 0x9a, 0x48, 0x35, 0x6e, 0x30, 0x0d, 0x06, 0x09, ++ 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, ++ 0x82, 0x01, 0x01, 0x00, 0x65, 0x82, 0xd5, 0x88, 0x30, 0xe2, 0x2c, 0x47, ++ 0xf3, 0x31, 0x39, 0xa1, 0x75, 0x9a, 0xb0, 0x8a, 0x6c, 0x4b, 0xac, 0xdf, ++ 0x09, 0x7b, 0x90, 0xb6, 0x9e, 0x76, 0x62, 0x94, 0xc1, 0x3a, 0x99, 0x49, ++ 0x68, 0x29, 0x47, 0x42, 0xc3, 0x06, 0xcb, 0x88, 0x75, 0xe6, 0x79, 0x13, ++ 0x8c, 0x4b, 0x49, 0x6a, 0xb5, 0x56, 0x95, 0xc0, 0x42, 0x21, 0x9b, 0xd4, ++ 0x61, 0xd0, 0x02, 0x41, 0xdd, 0x20, 0x61, 0xe5, 0x91, 0xdf, 0x75, 0x00, ++ 0x25, 0x0e, 0x99, 0x65, 0x5c, 0x54, 0x49, 0x32, 0xa3, 0xe2, 0xcd, 0xa1, ++ 0x5f, 0x40, 0xf3, 0xc5, 0x81, 0xd9, 0x3c, 0xa3, 0x63, 0x5a, 0x38, 0x79, ++ 0xab, 0x77, 0x98, 0xde, 0x8f, 0x4e, 0x9e, 0x26, 0xbc, 0x4e, 0x80, 0x9e, ++ 0x8f, 0xbe, 0xf1, 0x00, 0xb3, 0x78, 0xb9, 0x4b, 0x1d, 0xc7, 0xa4, 0x83, ++ 0x59, 0x56, 0x11, 0xd1, 0x11, 0x1e, 0x50, 0x39, 0xd5, 0x78, 0x14, 0xf3, ++ 0xb9, 0x1d, 0xda, 0xe4, 0xc4, 0x63, 0x74, 0x26, 0xab, 0xa3, 0xfd, 0x9d, ++ 0x58, 0xa2, 0xee, 0x7b, 0x28, 0x34, 0xa3, 0xbe, 0x85, 0x7e, 0xaa, 0x97, ++ 0xb7, 0x5b, 0x9d, 0xa9, 0x4d, 0x96, 0xdb, 0x6b, 0x21, 0xe1, 0x96, 0x5d, ++ 0xc7, 0xad, 0x23, 0x03, 0x9a, 0x16, 0xdb, 0xa4, 0x1f, 0x63, 0xef, 0xaf, ++ 0x1e, 0x4f, 0xf8, 0x27, 0xdc, 0x4b, 0xfc, 0x2b, 0x68, 0x2e, 0xa0, 0xd3, ++ 0xae, 0xf2, 0xce, 0xf5, 0xfc, 0x97, 0x92, 0xd2, 0x29, 0x0f, 0x4f, 0x4b, ++ 0x29, 0xeb, 0x06, 0xcb, 0xf8, 0x21, 0x6e, 0xbc, 0x8b, 0x5c, 0xc5, 0xc9, ++ 0xf7, 0xe2, 0x7c, 0x47, 0xcd, 0x43, 0x98, 0xc4, 0xa3, 0x9a, 0xd7, 0x3e, ++ 0xdc, 0x01, 0x13, 0x28, 0x96, 0xc4, 0x60, 0x83, 0xe2, 0x79, 0xa1, 0x46, ++ 0xef, 0xf5, 0xa4, 0x7b, 0x00, 0xe3, 0x3d, 0x7d, 0xbc, 0xa8, 0x98, 0x49, ++ 0xa8, 0xcf, 0x3b, 0x41, 0xb6, 0x09, 0x97, 0x07 ++}; ++unsigned int certificate_der_len = 908; ++ ++unsigned char hi_signed[] = { ++ 0x68, 0x69, 0x0a, 0x30, 0x82, 0x01, 0xc0, 0x06, 0x09, 0x2a, 0x86, 0x48, ++ 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x02, 0xa0, 0x82, 0x01, 0xb1, 0x30, 0x82, ++ 0x01, 0xad, 0x02, 0x01, 0x01, 0x31, 0x0d, 0x30, 0x0b, 0x06, 0x09, 0x60, ++ 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x30, 0x0b, 0x06, 0x09, ++ 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01, 0x31, 0x82, 0x01, ++ 0x8a, 0x30, 0x82, 0x01, 0x86, 0x02, 0x01, 0x01, 0x30, 0x61, 0x30, 0x49, ++ 0x31, 0x28, 0x30, 0x26, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x1f, 0x47, ++ 0x72, 0x75, 0x62, 0x20, 0x41, 0x70, 0x70, 0x65, 0x6e, 0x64, 0x65, 0x64, ++ 0x20, 0x53, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x20, 0x54, ++ 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1d, 0x30, 0x1b, 0x06, 0x09, ++ 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x0e, 0x64, ++ 0x6a, 0x61, 0x40, 0x61, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x2e, 0x6e, 0x65, ++ 0x74, 0x02, 0x14, 0x25, 0x2e, 0xb8, 0xfd, 0x12, 0x62, 0x2e, 0xcd, 0x5d, ++ 0xa7, 0x53, 0xd2, 0x0b, 0xc2, 0x61, 0x7c, 0x14, 0xe0, 0x0f, 0x5c, 0x30, ++ 0x0b, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, ++ 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, ++ 0x01, 0x05, 0x00, 0x04, 0x82, 0x01, 0x00, 0xc7, 0x69, 0x35, 0x21, 0x66, ++ 0x4d, 0x50, 0xd4, 0x73, 0xde, 0xbd, 0x3a, 0xf6, 0x45, 0xe3, 0xe4, 0xd0, ++ 0xb6, 0xa1, 0xe7, 0xc0, 0xa2, 0xc9, 0xf4, 0xf0, 0x05, 0x8c, 0xa4, 0x16, ++ 0x9e, 0x81, 0x0d, 0x21, 0x68, 0xf3, 0xfe, 0x03, 0x96, 0x77, 0x31, 0x69, ++ 0x01, 0xd8, 0x26, 0xd9, 0x48, 0x95, 0xcf, 0xd1, 0x17, 0xb1, 0x0b, 0x6b, ++ 0x2c, 0xf1, 0xb0, 0xab, 0x65, 0x65, 0x56, 0xf8, 0x0c, 0xa7, 0xf7, 0xbb, ++ 0xf6, 0x5a, 0x55, 0x98, 0x14, 0x07, 0x8d, 0x2a, 0xbc, 0x16, 0x48, 0x94, ++ 0xab, 0x2f, 0x85, 0x97, 0x90, 0x51, 0x78, 0xa0, 0xda, 0x60, 0xb5, 0x41, ++ 0x4b, 0xe8, 0x78, 0xc5, 0xa6, 0x04, 0x9d, 0x54, 0x2a, 0x85, 0xfd, 0x86, ++ 0x0b, 0x6d, 0xc2, 0xd2, 0xad, 0x07, 0xff, 0x16, 0x42, 0x82, 0xe3, 0x5c, ++ 0xaa, 0x22, 0x59, 0x78, 0x92, 0xea, 0x94, 0xc3, 0x41, 0xb7, 0xa1, 0x86, ++ 0x44, 0xea, 0xd1, 0xdb, 0xe5, 0xac, 0x30, 0x32, 0xfb, 0x7d, 0x3f, 0xf7, ++ 0x8b, 0x11, 0x7f, 0x80, 0x3b, 0xe5, 0xc7, 0x82, 0x0f, 0x92, 0x07, 0x14, ++ 0x66, 0x01, 0x6e, 0x85, 0xab, 0x3a, 0x14, 0xcf, 0x76, 0xd1, 0x7e, 0x14, ++ 0x85, 0xca, 0x01, 0x73, 0x72, 0x38, 0xdc, 0xde, 0x30, 0x5c, 0xfb, 0xc0, ++ 0x3d, 0x93, 0xef, 0x9c, 0xbc, 0xf8, 0xcc, 0xd2, 0xbf, 0x47, 0xec, 0xf8, ++ 0x88, 0x9b, 0xe1, 0x43, 0xbe, 0xa7, 0x47, 0x96, 0xb6, 0x5d, 0x46, 0x0e, ++ 0x7a, 0x78, 0x38, 0x19, 0xbc, 0xb5, 0xbc, 0x9b, 0x3c, 0x39, 0x92, 0x70, ++ 0x0d, 0x9d, 0x8a, 0x35, 0xaf, 0xb4, 0x9e, 0xf4, 0xef, 0xc1, 0xb8, 0x25, ++ 0xd0, 0x14, 0x91, 0xd6, 0xc2, 0xb6, 0xc7, 0x3c, 0x72, 0x91, 0x0f, 0xad, ++ 0xde, 0xb2, 0x36, 0xf8, 0x4e, 0x59, 0xd4, 0xa4, 0x21, 0x9f, 0x03, 0x95, ++ 0x48, 0x01, 0xb4, 0x05, 0xc3, 0x39, 0x60, 0x51, 0x08, 0xd0, 0xbe, 0x00, ++ 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xc4, 0x7e, ++ 0x4d, 0x6f, 0x64, 0x75, 0x6c, 0x65, 0x20, 0x73, 0x69, 0x67, 0x6e, 0x61, ++ 0x74, 0x75, 0x72, 0x65, 0x20, 0x61, 0x70, 0x70, 0x65, 0x6e, 0x64, 0x65, ++ 0x64, 0x7e, 0x0a ++}; ++unsigned int hi_signed_len = 495; ++ ++unsigned char hj_signed[] = { ++ 0x68, 0x6a, 0x0a, 0x30, 0x82, 0x01, 0xc0, 0x06, 0x09, 0x2a, 0x86, 0x48, ++ 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x02, 0xa0, 0x82, 0x01, 0xb1, 0x30, 0x82, ++ 0x01, 0xad, 0x02, 0x01, 0x01, 0x31, 0x0d, 0x30, 0x0b, 0x06, 0x09, 0x60, ++ 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x30, 0x0b, 0x06, 0x09, ++ 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01, 0x31, 0x82, 0x01, ++ 0x8a, 0x30, 0x82, 0x01, 0x86, 0x02, 0x01, 0x01, 0x30, 0x61, 0x30, 0x49, ++ 0x31, 0x28, 0x30, 0x26, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x1f, 0x47, ++ 0x72, 0x75, 0x62, 0x20, 0x41, 0x70, 0x70, 0x65, 0x6e, 0x64, 0x65, 0x64, ++ 0x20, 0x53, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x20, 0x54, ++ 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1d, 0x30, 0x1b, 0x06, 0x09, ++ 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x0e, 0x64, ++ 0x6a, 0x61, 0x40, 0x61, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x2e, 0x6e, 0x65, ++ 0x74, 0x02, 0x14, 0x25, 0x2e, 0xb8, 0xfd, 0x12, 0x62, 0x2e, 0xcd, 0x5d, ++ 0xa7, 0x53, 0xd2, 0x0b, 0xc2, 0x61, 0x7c, 0x14, 0xe0, 0x0f, 0x5c, 0x30, ++ 0x0b, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, ++ 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, ++ 0x01, 0x05, 0x00, 0x04, 0x82, 0x01, 0x00, 0xc7, 0x69, 0x35, 0x21, 0x66, ++ 0x4d, 0x50, 0xd4, 0x73, 0xde, 0xbd, 0x3a, 0xf6, 0x45, 0xe3, 0xe4, 0xd0, ++ 0xb6, 0xa1, 0xe7, 0xc0, 0xa2, 0xc9, 0xf4, 0xf0, 0x05, 0x8c, 0xa4, 0x16, ++ 0x9e, 0x81, 0x0d, 0x21, 0x68, 0xf3, 0xfe, 0x03, 0x96, 0x77, 0x31, 0x69, ++ 0x01, 0xd8, 0x26, 0xd9, 0x48, 0x95, 0xcf, 0xd1, 0x17, 0xb1, 0x0b, 0x6b, ++ 0x2c, 0xf1, 0xb0, 0xab, 0x65, 0x65, 0x56, 0xf8, 0x0c, 0xa7, 0xf7, 0xbb, ++ 0xf6, 0x5a, 0x55, 0x98, 0x14, 0x07, 0x8d, 0x2a, 0xbc, 0x16, 0x48, 0x94, ++ 0xab, 0x2f, 0x85, 0x97, 0x90, 0x51, 0x78, 0xa0, 0xda, 0x60, 0xb5, 0x41, ++ 0x4b, 0xe8, 0x78, 0xc5, 0xa6, 0x04, 0x9d, 0x54, 0x2a, 0x85, 0xfd, 0x86, ++ 0x0b, 0x6d, 0xc2, 0xd2, 0xad, 0x07, 0xff, 0x16, 0x42, 0x82, 0xe3, 0x5c, ++ 0xaa, 0x22, 0x59, 0x78, 0x92, 0xea, 0x94, 0xc3, 0x41, 0xb7, 0xa1, 0x86, ++ 0x44, 0xea, 0xd1, 0xdb, 0xe5, 0xac, 0x30, 0x32, 0xfb, 0x7d, 0x3f, 0xf7, ++ 0x8b, 0x11, 0x7f, 0x80, 0x3b, 0xe5, 0xc7, 0x82, 0x0f, 0x92, 0x07, 0x14, ++ 0x66, 0x01, 0x6e, 0x85, 0xab, 0x3a, 0x14, 0xcf, 0x76, 0xd1, 0x7e, 0x14, ++ 0x85, 0xca, 0x01, 0x73, 0x72, 0x38, 0xdc, 0xde, 0x30, 0x5c, 0xfb, 0xc0, ++ 0x3d, 0x93, 0xef, 0x9c, 0xbc, 0xf8, 0xcc, 0xd2, 0xbf, 0x47, 0xec, 0xf8, ++ 0x88, 0x9b, 0xe1, 0x43, 0xbe, 0xa7, 0x47, 0x96, 0xb6, 0x5d, 0x46, 0x0e, ++ 0x7a, 0x78, 0x38, 0x19, 0xbc, 0xb5, 0xbc, 0x9b, 0x3c, 0x39, 0x92, 0x70, ++ 0x0d, 0x9d, 0x8a, 0x35, 0xaf, 0xb4, 0x9e, 0xf4, 0xef, 0xc1, 0xb8, 0x25, ++ 0xd0, 0x14, 0x91, 0xd6, 0xc2, 0xb6, 0xc7, 0x3c, 0x72, 0x91, 0x0f, 0xad, ++ 0xde, 0xb2, 0x36, 0xf8, 0x4e, 0x59, 0xd4, 0xa4, 0x21, 0x9f, 0x03, 0x95, ++ 0x48, 0x01, 0xb4, 0x05, 0xc3, 0x39, 0x60, 0x51, 0x08, 0xd0, 0xbe, 0x00, ++ 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xc4, 0x7e, ++ 0x4d, 0x6f, 0x64, 0x75, 0x6c, 0x65, 0x20, 0x73, 0x69, 0x67, 0x6e, 0x61, ++ 0x74, 0x75, 0x72, 0x65, 0x20, 0x61, 0x70, 0x70, 0x65, 0x6e, 0x64, 0x65, ++ 0x64, 0x7e, 0x0a ++}; ++unsigned int hj_signed_len = 495; ++ ++unsigned char hi_signed_sha256[] = { ++ 0x68, 0x69, 0x0a, 0x30, 0x82, 0x01, 0xc0, 0x06, 0x09, 0x2a, 0x86, 0x48, ++ 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x02, 0xa0, 0x82, 0x01, 0xb1, 0x30, 0x82, ++ 0x01, 0xad, 0x02, 0x01, 0x01, 0x31, 0x0d, 0x30, 0x0b, 0x06, 0x09, 0x60, ++ 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x30, 0x0b, 0x06, 0x09, ++ 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01, 0x31, 0x82, 0x01, ++ 0x8a, 0x30, 0x82, 0x01, 0x86, 0x02, 0x01, 0x01, 0x30, 0x61, 0x30, 0x49, ++ 0x31, 0x28, 0x30, 0x26, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x1f, 0x47, ++ 0x72, 0x75, 0x62, 0x20, 0x41, 0x70, 0x70, 0x65, 0x6e, 0x64, 0x65, 0x64, ++ 0x20, 0x53, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x20, 0x54, ++ 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1d, 0x30, 0x1b, 0x06, 0x09, ++ 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x0e, 0x64, ++ 0x6a, 0x61, 0x40, 0x61, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x2e, 0x6e, 0x65, ++ 0x74, 0x02, 0x14, 0x25, 0x2e, 0xb8, 0xfd, 0x12, 0x62, 0x2e, 0xcd, 0x5d, ++ 0xa7, 0x53, 0xd2, 0x0b, 0xc2, 0x61, 0x7c, 0x14, 0xe0, 0x0f, 0x5c, 0x30, ++ 0x0b, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, ++ 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, ++ 0x01, 0x05, 0x00, 0x04, 0x82, 0x01, 0x00, 0x7b, 0x5e, 0x82, 0x1d, 0x21, ++ 0xb6, 0x40, 0xd3, 0x33, 0x79, 0xa7, 0x52, 0x2b, 0xfc, 0x46, 0x51, 0x26, ++ 0xfe, 0x0f, 0x81, 0x90, 0x81, 0xab, 0x57, 0x5e, 0xf6, 0x45, 0x41, 0xa3, ++ 0x7b, 0x48, 0xdd, 0xd6, 0x59, 0x60, 0x51, 0x31, 0x14, 0x14, 0x7b, 0xb4, ++ 0x55, 0x7b, 0x4d, 0xfe, 0x09, 0x7a, 0x5d, 0xae, 0xc4, 0x58, 0x50, 0x80, ++ 0x75, 0xf2, 0x23, 0x20, 0x62, 0xe3, 0x7c, 0x26, 0x1d, 0x2a, 0x4d, 0x9f, ++ 0x89, 0xf0, 0x4f, 0x95, 0x8a, 0x80, 0x6e, 0x1a, 0xea, 0x87, 0xdb, 0x1f, ++ 0xf3, 0xda, 0x04, 0x91, 0x37, 0xea, 0x0a, 0xfb, 0x6c, 0xc9, 0x3d, 0x73, ++ 0xf9, 0x58, 0x7c, 0x15, 0x6b, 0xa2, 0x52, 0x5a, 0x97, 0xff, 0xd6, 0xb0, ++ 0xf1, 0xbf, 0xa5, 0x04, 0x6d, 0x91, 0xc1, 0x54, 0x05, 0xdc, 0x7f, 0x5d, ++ 0x19, 0xaf, 0x55, 0xec, 0x51, 0xfb, 0x66, 0x0a, 0xa4, 0x4e, 0x96, 0x47, ++ 0x43, 0x54, 0x7c, 0x64, 0xa8, 0xaa, 0xb4, 0x90, 0x02, 0xf3, 0xa7, 0x0b, ++ 0xb7, 0xbf, 0x06, 0xdb, 0x5e, 0x9c, 0x32, 0x6d, 0x45, 0x14, 0x1c, 0xaf, ++ 0x46, 0x30, 0x08, 0x55, 0x49, 0x78, 0xfa, 0x57, 0xda, 0x3d, 0xf5, 0xa0, ++ 0xef, 0x11, 0x0a, 0x81, 0x0d, 0x82, 0xcd, 0xaf, 0xdb, 0xda, 0x0e, 0x1a, ++ 0x44, 0xd1, 0xee, 0xc4, 0xb8, 0xde, 0x97, 0xb4, 0xda, 0xb4, 0x8b, 0x4f, ++ 0x58, 0x24, 0x59, 0xc0, 0xe0, 0x08, 0x97, 0x14, 0x68, 0xbe, 0x31, 0x09, ++ 0x5e, 0x67, 0x45, 0xf0, 0xcb, 0x81, 0x4f, 0x17, 0x44, 0x61, 0xe0, 0xe2, ++ 0xf0, 0xfc, 0x1e, 0xb9, 0x73, 0xaf, 0x42, 0xff, 0x33, 0xde, 0x61, 0x6b, ++ 0x7f, 0xc2, 0x69, 0x0d, 0x66, 0x54, 0xae, 0xf6, 0xde, 0x20, 0x47, 0x44, ++ 0x9b, 0x73, 0xd1, 0x07, 0x6e, 0x77, 0x37, 0x0a, 0xbb, 0x7f, 0xa0, 0x93, ++ 0x2d, 0x8d, 0x44, 0xba, 0xe2, 0xdd, 0x34, 0x32, 0xd7, 0x56, 0x71, 0x00, ++ 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xc4, 0x7e, ++ 0x4d, 0x6f, 0x64, 0x75, 0x6c, 0x65, 0x20, 0x73, 0x69, 0x67, 0x6e, 0x61, ++ 0x74, 0x75, 0x72, 0x65, 0x20, 0x61, 0x70, 0x70, 0x65, 0x6e, 0x64, 0x65, ++ 0x64, 0x7e, 0x0a ++}; ++unsigned int hi_signed_sha256_len = 495; ++ ++unsigned char short_msg[] = { ++ 0x68, 0x69, 0x0a ++}; ++unsigned int short_msg_len = 3; ++ ++unsigned char unsigned_msg[] = { ++ 0x53, 0x65, 0x64, 0x20, 0x75, 0x74, 0x20, 0x70, 0x65, 0x72, 0x73, 0x70, ++ 0x69, 0x63, 0x69, 0x61, 0x74, 0x69, 0x73, 0x20, 0x75, 0x6e, 0x64, 0x65, ++ 0x20, 0x6f, 0x6d, 0x6e, 0x69, 0x73, 0x20, 0x69, 0x73, 0x74, 0x65, 0x20, ++ 0x6e, 0x61, 0x74, 0x75, 0x73, 0x20, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x20, ++ 0x73, 0x69, 0x74, 0x20, 0x76, 0x6f, 0x6c, 0x75, 0x70, 0x74, 0x61, 0x74, ++ 0x65, 0x6d, 0x20, 0x61, 0x63, 0x63, 0x75, 0x73, 0x61, 0x6e, 0x74, 0x69, ++ 0x75, 0x6d, 0x20, 0x64, 0x6f, 0x6c, 0x6f, 0x72, 0x65, 0x6d, 0x71, 0x75, ++ 0x65, 0x20, 0x6c, 0x61, 0x75, 0x64, 0x61, 0x6e, 0x74, 0x69, 0x75, 0x6d, ++ 0x2c, 0x20, 0x74, 0x6f, 0x74, 0x61, 0x6d, 0x20, 0x72, 0x65, 0x6d, 0x20, ++ 0x61, 0x70, 0x65, 0x72, 0x69, 0x61, 0x6d, 0x2c, 0x20, 0x65, 0x61, 0x71, ++ 0x75, 0x65, 0x20, 0x69, 0x70, 0x73, 0x61, 0x20, 0x71, 0x75, 0x61, 0x65, ++ 0x20, 0x61, 0x62, 0x20, 0x69, 0x6c, 0x6c, 0x6f, 0x20, 0x69, 0x6e, 0x76, ++ 0x65, 0x6e, 0x74, 0x6f, 0x72, 0x65, 0x20, 0x76, 0x65, 0x72, 0x69, 0x74, ++ 0x61, 0x74, 0x69, 0x73, 0x20, 0x65, 0x74, 0x20, 0x71, 0x75, 0x61, 0x73, ++ 0x69, 0x20, 0x61, 0x72, 0x63, 0x68, 0x69, 0x74, 0x65, 0x63, 0x74, 0x6f, ++ 0x20, 0x62, 0x65, 0x61, 0x74, 0x61, 0x65, 0x20, 0x76, 0x69, 0x74, 0x61, ++ 0x65, 0x20, 0x64, 0x69, 0x63, 0x74, 0x61, 0x20, 0x73, 0x75, 0x6e, 0x74, ++ 0x20, 0x65, 0x78, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x62, 0x6f, 0x2e, 0x20, ++ 0x4e, 0x65, 0x6d, 0x6f, 0x20, 0x65, 0x6e, 0x69, 0x6d, 0x20, 0x69, 0x70, ++ 0x73, 0x61, 0x6d, 0x20, 0x76, 0x6f, 0x6c, 0x75, 0x70, 0x74, 0x61, 0x74, ++ 0x65, 0x6d, 0x20, 0x71, 0x75, 0x69, 0x61, 0x20, 0x76, 0x6f, 0x6c, 0x75, ++ 0x70, 0x74, 0x61, 0x73, 0x20, 0x73, 0x69, 0x74, 0x20, 0x61, 0x73, 0x70, ++ 0x65, 0x72, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x20, 0x61, 0x75, 0x74, 0x20, ++ 0x6f, 0x64, 0x69, 0x74, 0x20, 0x61, 0x75, 0x74, 0x20, 0x66, 0x75, 0x67, ++ 0x69, 0x74, 0x2c, 0x20, 0x73, 0x65, 0x64, 0x20, 0x71, 0x75, 0x69, 0x61, ++ 0x20, 0x63, 0x6f, 0x6e, 0x73, 0x65, 0x71, 0x75, 0x75, 0x6e, 0x74, 0x75, ++ 0x72, 0x20, 0x6d, 0x61, 0x67, 0x6e, 0x69, 0x20, 0x64, 0x6f, 0x6c, 0x6f, ++ 0x72, 0x65, 0x73, 0x20, 0x65, 0x6f, 0x73, 0x20, 0x71, 0x75, 0x69, 0x20, ++ 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x65, 0x20, 0x76, 0x6f, 0x6c, 0x75, ++ 0x70, 0x74, 0x61, 0x74, 0x65, 0x6d, 0x20, 0x73, 0x65, 0x71, 0x75, 0x69, ++ 0x20, 0x6e, 0x65, 0x73, 0x63, 0x69, 0x75, 0x6e, 0x74, 0x2e, 0x20, 0x4e, ++ 0x65, 0x71, 0x75, 0x65, 0x20, 0x70, 0x6f, 0x72, 0x72, 0x6f, 0x20, 0x71, ++ 0x75, 0x69, 0x73, 0x71, 0x75, 0x61, 0x6d, 0x20, 0x65, 0x73, 0x74, 0x2c, ++ 0x20, 0x71, 0x75, 0x69, 0x20, 0x64, 0x6f, 0x6c, 0x6f, 0x72, 0x65, 0x6d, ++ 0x20, 0x69, 0x70, 0x73, 0x75, 0x6d, 0x20, 0x71, 0x75, 0x69, 0x61, 0x20, ++ 0x64, 0x6f, 0x6c, 0x6f, 0x72, 0x20, 0x73, 0x69, 0x74, 0x20, 0x61, 0x6d, ++ 0x65, 0x74, 0x2c, 0x20, 0x63, 0x6f, 0x6e, 0x73, 0x65, 0x63, 0x74, 0x65, ++ 0x74, 0x75, 0x72, 0x2c, 0x20, 0x61, 0x64, 0x69, 0x70, 0x69, 0x73, 0x63, ++ 0x69, 0x20, 0x76, 0x65, 0x6c, 0x69, 0x74, 0x2c, 0x20, 0x73, 0x65, 0x64, ++ 0x20, 0x71, 0x75, 0x69, 0x61, 0x20, 0x6e, 0x6f, 0x6e, 0x20, 0x6e, 0x75, ++ 0x6d, 0x71, 0x75, 0x61, 0x6d, 0x20, 0x65, 0x69, 0x75, 0x73, 0x20, 0x6d, ++ 0x6f, 0x64, 0x69, 0x20, 0x74, 0x65, 0x6d, 0x70, 0x6f, 0x72, 0x61, 0x20, ++ 0x69, 0x6e, 0x63, 0x69, 0x64, 0x75, 0x6e, 0x74, 0x20, 0x75, 0x74, 0x20, ++ 0x6c, 0x61, 0x62, 0x6f, 0x72, 0x65, 0x20, 0x65, 0x74, 0x20, 0x64, 0x6f, ++ 0x6c, 0x6f, 0x72, 0x65, 0x20, 0x6d, 0x61, 0x67, 0x6e, 0x61, 0x6d, 0x20, ++ 0x61, 0x6c, 0x69, 0x71, 0x75, 0x61, 0x6d, 0x20, 0x71, 0x75, 0x61, 0x65, ++ 0x72, 0x61, 0x74, 0x20, 0x76, 0x6f, 0x6c, 0x75, 0x70, 0x74, 0x61, 0x74, ++ 0x65, 0x6d, 0x2e, 0x20, 0x55, 0x74, 0x20, 0x65, 0x6e, 0x69, 0x6d, 0x20, ++ 0x61, 0x64, 0x20, 0x6d, 0x69, 0x6e, 0x69, 0x6d, 0x61, 0x20, 0x76, 0x65, ++ 0x6e, 0x69, 0x61, 0x6d, 0x2c, 0x20, 0x71, 0x75, 0x69, 0x73, 0x20, 0x6e, ++ 0x6f, 0x73, 0x74, 0x72, 0x75, 0x6d, 0x20, 0x65, 0x78, 0x65, 0x72, 0x63, ++ 0x69, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x65, 0x6d, 0x20, 0x75, 0x6c, ++ 0x6c, 0x61, 0x6d, 0x20, 0x63, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x69, 0x73, ++ 0x20, 0x73, 0x75, 0x73, 0x63, 0x69, 0x70, 0x69, 0x74, 0x20, 0x6c, 0x61, ++ 0x62, 0x6f, 0x72, 0x69, 0x6f, 0x73, 0x61, 0x6d, 0x2c, 0x20, 0x6e, 0x69, ++ 0x73, 0x69, 0x20, 0x75, 0x74, 0x20, 0x61, 0x6c, 0x69, 0x71, 0x75, 0x69, ++ 0x64, 0x20, 0x65, 0x78, 0x20, 0x65, 0x61, 0x20, 0x63, 0x6f, 0x6d, 0x6d, ++ 0x6f, 0x64, 0x69, 0x20, 0x63, 0x6f, 0x6e, 0x73, 0x65, 0x71, 0x75, 0x61, ++ 0x74, 0x75, 0x72, 0x3f, 0x20, 0x51, 0x75, 0x69, 0x73, 0x20, 0x61, 0x75, ++ 0x74, 0x65, 0x6d, 0x20, 0x76, 0x65, 0x6c, 0x20, 0x65, 0x75, 0x6d, 0x20, ++ 0x69, 0x75, 0x72, 0x65, 0x20, 0x72, 0x65, 0x70, 0x72, 0x65, 0x68, 0x65, ++ 0x6e, 0x64, 0x65, 0x72, 0x69, 0x74, 0x20, 0x71, 0x75, 0x69, 0x20, 0x69, ++ 0x6e, 0x20, 0x65, 0x61, 0x20, 0x76, 0x6f, 0x6c, 0x75, 0x70, 0x74, 0x61, ++ 0x74, 0x65, 0x20, 0x76, 0x65, 0x6c, 0x69, 0x74, 0x20, 0x65, 0x73, 0x73, ++ 0x65, 0x20, 0x71, 0x75, 0x61, 0x6d, 0x20, 0x6e, 0x69, 0x68, 0x69, 0x6c, ++ 0x20, 0x6d, 0x6f, 0x6c, 0x65, 0x73, 0x74, 0x69, 0x61, 0x65, 0x20, 0x63, ++ 0x6f, 0x6e, 0x73, 0x65, 0x71, 0x75, 0x61, 0x74, 0x75, 0x72, 0x2c, 0x20, ++ 0x76, 0x65, 0x6c, 0x20, 0x69, 0x6c, 0x6c, 0x75, 0x6d, 0x20, 0x71, 0x75, ++ 0x69, 0x20, 0x64, 0x6f, 0x6c, 0x6f, 0x72, 0x65, 0x6d, 0x20, 0x65, 0x75, ++ 0x6d, 0x20, 0x66, 0x75, 0x67, 0x69, 0x61, 0x74, 0x20, 0x71, 0x75, 0x6f, ++ 0x20, 0x76, 0x6f, 0x6c, 0x75, 0x70, 0x74, 0x61, 0x73, 0x20, 0x6e, 0x75, ++ 0x6c, 0x6c, 0x61, 0x20, 0x70, 0x61, 0x72, 0x69, 0x61, 0x74, 0x75, 0x72, ++ 0x3f, 0x0a ++}; ++unsigned int unsigned_msg_len = 866; ++ ++unsigned char certificate2_der[] = { ++ 0x30, 0x82, 0x05, 0x52, 0x30, 0x82, 0x03, 0x3a, 0xa0, 0x03, 0x02, 0x01, ++ 0x02, 0x02, 0x14, 0x5b, 0x5e, 0x59, 0xf2, 0x5f, 0x75, 0x4c, 0x8e, 0xc5, ++ 0x3a, 0x91, 0x07, 0xe9, 0xe7, 0x6d, 0x3c, 0xd0, 0x7f, 0x91, 0xff, 0x30, ++ 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, ++ 0x05, 0x00, 0x30, 0x3a, 0x31, 0x38, 0x30, 0x36, 0x06, 0x03, 0x55, 0x04, ++ 0x03, 0x0c, 0x2f, 0x47, 0x72, 0x75, 0x62, 0x20, 0x32, 0x6e, 0x64, 0x20, ++ 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x20, ++ 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, ++ 0x63, 0x61, 0x74, 0x65, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, ++ 0x74, 0x79, 0x30, 0x20, 0x17, 0x0d, 0x32, 0x30, 0x30, 0x37, 0x32, 0x38, ++ 0x31, 0x33, 0x32, 0x34, 0x32, 0x39, 0x5a, 0x18, 0x0f, 0x32, 0x31, 0x32, ++ 0x30, 0x30, 0x37, 0x30, 0x34, 0x31, 0x33, 0x32, 0x34, 0x32, 0x39, 0x5a, ++ 0x30, 0x2b, 0x31, 0x29, 0x30, 0x27, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, ++ 0x20, 0x47, 0x72, 0x75, 0x62, 0x20, 0x32, 0x6e, 0x64, 0x20, 0x43, 0x65, ++ 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x20, 0x53, 0x69, ++ 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x20, 0x4b, 0x65, 0x79, 0x30, 0x82, 0x02, ++ 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, ++ 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x02, 0x0f, 0x00, 0x30, 0x82, 0x02, ++ 0x0a, 0x02, 0x82, 0x02, 0x01, 0x00, 0xb0, 0x2f, 0x50, 0x01, 0x9c, 0x0e, ++ 0xd6, 0x8c, 0x07, 0xca, 0xc1, 0xcf, 0xbc, 0x03, 0xdd, 0xd3, 0xfa, 0xe3, ++ 0x4f, 0x71, 0xc1, 0x30, 0xaa, 0x09, 0x96, 0xe4, 0xd0, 0x6c, 0x42, 0x93, ++ 0xdb, 0x35, 0xf6, 0x7e, 0x1b, 0x67, 0xc0, 0xc2, 0x2d, 0x5b, 0xec, 0xca, ++ 0x35, 0x06, 0x32, 0x6c, 0x7b, 0x2c, 0xd3, 0x71, 0x2b, 0xe9, 0x7a, 0x19, ++ 0xd1, 0xf2, 0xa0, 0x7f, 0xd7, 0x4d, 0x6e, 0x28, 0xbb, 0xae, 0x49, 0x4a, ++ 0xbc, 0xea, 0x47, 0x67, 0xb8, 0x36, 0xa6, 0xf5, 0x0d, 0x0e, 0x20, 0x14, ++ 0x0c, 0x66, 0x67, 0x28, 0xb5, 0x97, 0x8b, 0x1f, 0x5e, 0x32, 0x06, 0x29, ++ 0x9c, 0x99, 0x92, 0x0f, 0x73, 0xac, 0xfd, 0xd2, 0x1d, 0xf2, 0xa8, 0x55, ++ 0x9d, 0x1b, 0xd8, 0x3d, 0xb0, 0x76, 0x9a, 0xb6, 0x6c, 0x9f, 0x62, 0x37, ++ 0x2f, 0xc0, 0xef, 0x44, 0xb3, 0x0d, 0x4a, 0x3e, 0x4f, 0x7d, 0xbd, 0xdb, ++ 0xd8, 0x75, 0x5f, 0x68, 0xe3, 0xf0, 0xec, 0x82, 0x66, 0x7c, 0x31, 0x70, ++ 0xa9, 0xa1, 0x6f, 0x38, 0x9f, 0xdf, 0xf5, 0xf0, 0x7d, 0x23, 0x9d, 0x34, ++ 0xa5, 0x85, 0xd3, 0xdf, 0x68, 0x41, 0xfc, 0x4f, 0x89, 0x45, 0x3c, 0x24, ++ 0x81, 0xa6, 0xf2, 0x3c, 0x02, 0x26, 0x09, 0x48, 0xdd, 0xfe, 0x4b, 0xb6, ++ 0x66, 0xbf, 0x8f, 0xe5, 0x5f, 0xf0, 0x5d, 0x8a, 0x61, 0x2e, 0x5f, 0x9f, ++ 0x80, 0xd9, 0xd5, 0xe6, 0x41, 0xd8, 0x10, 0x5e, 0x7a, 0xc6, 0xdb, 0x89, ++ 0xc7, 0xca, 0x6c, 0x5b, 0xb1, 0x4e, 0x7d, 0x0c, 0x03, 0xfd, 0x50, 0xca, ++ 0xbf, 0xbb, 0xe2, 0x69, 0x4b, 0x4e, 0xc2, 0x3d, 0x75, 0xfa, 0xd1, 0xcc, ++ 0xd6, 0xf9, 0x39, 0xb9, 0xdc, 0x53, 0xad, 0x62, 0xfb, 0x1b, 0x94, 0x26, ++ 0x7f, 0x21, 0x54, 0x5c, 0xb7, 0xdc, 0xe7, 0x96, 0x8c, 0xce, 0x75, 0xe0, ++ 0x17, 0x01, 0x3a, 0x3c, 0x77, 0x6e, 0xa4, 0x8b, 0x7a, 0x83, 0x28, 0x7a, ++ 0xf7, 0xb0, 0x5f, 0xfc, 0x7f, 0x2d, 0x2e, 0xec, 0xf5, 0xeb, 0x9c, 0x63, ++ 0x74, 0xd0, 0xe5, 0xdc, 0x19, 0xe4, 0x71, 0xc5, 0x4a, 0x8a, 0x54, 0xa4, ++ 0xe0, 0x7d, 0x4e, 0xbf, 0x53, 0x30, 0xaf, 0xd0, 0xeb, 0x96, 0xc3, 0xbb, ++ 0x65, 0xf7, 0x67, 0xf5, 0xae, 0xd3, 0x96, 0xf2, 0x63, 0xc8, 0x69, 0xf7, ++ 0x47, 0xcb, 0x27, 0x79, 0xe1, 0xff, 0x2f, 0x68, 0xdf, 0x1e, 0xb3, 0xb8, ++ 0x0c, 0xc5, 0x58, 0x73, 0xcc, 0xfe, 0x8c, 0xda, 0x4e, 0x3b, 0x01, 0x04, ++ 0xcd, 0xcb, 0xb8, 0x3e, 0x06, 0xfd, 0x4c, 0x0a, 0x9f, 0x5e, 0x76, 0x8c, ++ 0x0c, 0x83, 0x75, 0x09, 0x08, 0xb2, 0xdb, 0xf4, 0x49, 0x4e, 0xa0, 0xf2, ++ 0x0c, 0x7b, 0x87, 0x38, 0x9e, 0x22, 0x67, 0xbd, 0xd1, 0x97, 0x57, 0x24, ++ 0xf1, 0x46, 0x07, 0xf9, 0xd2, 0x1b, 0xec, 0x25, 0x5e, 0x67, 0xd9, 0x66, ++ 0x23, 0x1b, 0xd3, 0xe4, 0xaa, 0xec, 0x88, 0xf0, 0x7e, 0x15, 0x83, 0x51, ++ 0x31, 0x67, 0x51, 0x76, 0x5f, 0x55, 0xd7, 0x36, 0xdf, 0x4a, 0x84, 0x0b, ++ 0x6f, 0x5c, 0xbb, 0x5b, 0x8f, 0x37, 0x23, 0x7f, 0xf8, 0x17, 0x84, 0xa2, ++ 0x70, 0x20, 0x07, 0x0c, 0x90, 0x3a, 0x04, 0xfd, 0xf0, 0x08, 0x4a, 0xb1, ++ 0x16, 0x0f, 0xe6, 0xf6, 0x40, 0x51, 0x83, 0xd2, 0x87, 0x40, 0x9c, 0x1c, ++ 0x9f, 0x13, 0x38, 0x17, 0xd3, 0x34, 0x58, 0xad, 0x05, 0x71, 0xa0, 0x73, ++ 0xca, 0x40, 0xa6, 0xa4, 0x81, 0x02, 0xee, 0xa8, 0x72, 0x41, 0xa1, 0x41, ++ 0x18, 0x64, 0x8a, 0x86, 0x8a, 0x5d, 0xe6, 0x4f, 0x0a, 0xc5, 0x95, 0x98, ++ 0xf9, 0x78, 0xfe, 0x19, 0x0d, 0xc9, 0xb3, 0x89, 0xc1, 0x2b, 0x09, 0xbe, ++ 0xf1, 0xd2, 0x04, 0x5d, 0xcc, 0x28, 0xf5, 0x4b, 0xd2, 0x20, 0x4f, 0xc5, ++ 0x41, 0x9d, 0x8c, 0x85, 0xd8, 0xb0, 0x68, 0x5e, 0xc1, 0x0c, 0xb7, 0x24, ++ 0x4d, 0x67, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x5d, 0x30, 0x5b, 0x30, ++ 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x02, 0x30, ++ 0x00, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, ++ 0x07, 0x80, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, ++ 0x14, 0xac, 0xf5, 0x47, 0x17, 0xd9, 0x7d, 0xc1, 0xb1, 0xc4, 0x41, 0xe1, ++ 0x41, 0x60, 0xcb, 0x37, 0x11, 0x60, 0x28, 0x78, 0x5f, 0x30, 0x1f, 0x06, ++ 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x21, 0x94, ++ 0xfb, 0xf9, 0xb2, 0x43, 0xe9, 0x33, 0xd7, 0x50, 0x7d, 0xc7, 0x37, 0xdb, ++ 0xd5, 0x82, 0x5a, 0x4e, 0xbe, 0x1b, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, ++ 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x02, ++ 0x01, 0x00, 0x96, 0x70, 0x65, 0x26, 0x42, 0xf8, 0xdc, 0x69, 0xde, 0xcf, ++ 0x41, 0x3a, 0x2e, 0x7f, 0x5b, 0xf1, 0xf9, 0x3b, 0x9b, 0xd2, 0x4e, 0x64, ++ 0x48, 0x81, 0xe4, 0x5d, 0x1e, 0x22, 0xce, 0x68, 0x63, 0x62, 0xe5, 0x1b, ++ 0x9b, 0xf2, 0xc7, 0x12, 0xda, 0x1e, 0x9b, 0x90, 0x84, 0x79, 0x48, 0x12, ++ 0xe6, 0x21, 0x6f, 0x2f, 0x7e, 0x18, 0x77, 0xdb, 0x8c, 0xc4, 0xd1, 0x0d, ++ 0x91, 0xbf, 0x39, 0x22, 0x0f, 0x64, 0xcf, 0x25, 0x2e, 0x8c, 0x1f, 0x91, ++ 0x81, 0xb5, 0xe9, 0x6c, 0x02, 0x3a, 0xf8, 0x07, 0xa2, 0x6f, 0x46, 0x5d, ++ 0x7b, 0xfd, 0x43, 0xff, 0x41, 0x0f, 0xe2, 0x57, 0x1c, 0xbd, 0x48, 0x60, ++ 0x53, 0x11, 0x48, 0x87, 0x88, 0x9d, 0x13, 0x82, 0x40, 0x68, 0x44, 0x2c, ++ 0xc6, 0xc8, 0x95, 0x27, 0x4f, 0xb6, 0xb9, 0x4a, 0x22, 0x0a, 0xfd, 0xe4, ++ 0x46, 0x8f, 0x35, 0x12, 0x98, 0x5a, 0x34, 0x6f, 0x2b, 0x57, 0x62, 0xa1, ++ 0x4d, 0x8d, 0x79, 0x37, 0xe4, 0x6b, 0x8a, 0x32, 0x5b, 0xcb, 0xef, 0x79, ++ 0x11, 0xed, 0xa7, 0xf8, 0x7a, 0x1c, 0xbd, 0x86, 0xdc, 0x0e, 0x2e, 0xfd, ++ 0xd3, 0x51, 0xbb, 0x73, 0xad, 0x00, 0xa0, 0x1b, 0xf9, 0x1d, 0xd1, 0x4a, ++ 0xe4, 0xd4, 0x02, 0x63, 0x2b, 0x39, 0x5f, 0x18, 0x08, 0x2f, 0x42, 0xb7, ++ 0x23, 0x4b, 0x48, 0x46, 0x1f, 0x63, 0x87, 0xae, 0x6d, 0xd5, 0xdb, 0x60, ++ 0xf8, 0x5f, 0xd3, 0x13, 0xec, 0xca, 0xdd, 0x60, 0x60, 0x79, 0x52, 0x70, ++ 0x47, 0xae, 0x1d, 0x38, 0x78, 0x71, 0xcf, 0xb3, 0x04, 0x03, 0xbe, 0xba, ++ 0x81, 0xba, 0x74, 0xb1, 0x30, 0x35, 0xdc, 0xea, 0x21, 0x4a, 0x9b, 0x70, ++ 0xfb, 0xd6, 0x60, 0x59, 0x78, 0x0c, 0x4d, 0x39, 0x19, 0x1d, 0xe5, 0x75, ++ 0xba, 0x07, 0xf4, 0x22, 0x37, 0x64, 0xb7, 0xf2, 0x9a, 0xc9, 0x11, 0x2d, ++ 0x8e, 0x58, 0xa6, 0xcf, 0x83, 0xf1, 0xcb, 0x6c, 0x7f, 0x02, 0xbd, 0xda, ++ 0x03, 0x92, 0xa9, 0x45, 0x24, 0x56, 0xc5, 0xbd, 0x41, 0xd1, 0x20, 0x86, ++ 0xc0, 0xb6, 0xb7, 0xe8, 0xa7, 0xb2, 0x46, 0xf7, 0x8e, 0xa9, 0x38, 0x0e, ++ 0x23, 0x77, 0x3c, 0x0d, 0x66, 0x83, 0x6a, 0x1a, 0x6b, 0x7f, 0x54, 0x11, ++ 0x58, 0x0d, 0x4a, 0xb5, 0x74, 0x60, 0xca, 0xed, 0xff, 0x91, 0x47, 0xd9, ++ 0x29, 0xe0, 0xaa, 0x8c, 0xa8, 0x8f, 0x10, 0x4c, 0x15, 0x7d, 0xce, 0x95, ++ 0xf9, 0x87, 0x1e, 0x18, 0x38, 0x18, 0xfc, 0xcc, 0xaf, 0x91, 0x17, 0x3f, ++ 0xfa, 0xf0, 0x8a, 0x09, 0x6f, 0xba, 0x4e, 0x53, 0xf7, 0xfa, 0x4f, 0x20, ++ 0xa3, 0xf4, 0x4a, 0x5a, 0xde, 0x17, 0x1c, 0x29, 0x6a, 0x6f, 0x03, 0x48, ++ 0xdf, 0xad, 0x4f, 0xe4, 0xbc, 0x71, 0xc4, 0x72, 0x32, 0x11, 0x84, 0xac, ++ 0x09, 0xd2, 0x18, 0x44, 0x35, 0xf1, 0xcd, 0xaf, 0xa8, 0x98, 0xe0, 0x8b, ++ 0xec, 0xa0, 0x83, 0x37, 0xc3, 0x35, 0x85, 0xd6, 0xd8, 0x1b, 0xe0, 0x75, ++ 0xdc, 0xfd, 0xde, 0xc9, 0xeb, 0xd5, 0x18, 0x0f, 0xd3, 0x4c, 0x2f, 0x71, ++ 0xdc, 0x48, 0xe3, 0x14, 0xeb, 0xda, 0x00, 0x24, 0x24, 0x9e, 0xa3, 0x8e, ++ 0x3e, 0x08, 0x6f, 0x22, 0x24, 0xd6, 0xc4, 0x85, 0x8f, 0x68, 0x00, 0x4a, ++ 0x82, 0x4c, 0x33, 0x6e, 0xa5, 0x35, 0x7b, 0xeb, 0x4b, 0xdc, 0xa0, 0xa6, ++ 0x65, 0x6f, 0x5a, 0x7a, 0xdf, 0x8a, 0x01, 0x52, 0xa1, 0x6c, 0xff, 0x59, ++ 0x22, 0x7f, 0xe1, 0x96, 0x1b, 0x19, 0xb8, 0xf9, 0x5d, 0x44, 0x9f, 0x91, ++ 0x03, 0x3c, 0x3d, 0xa1, 0x2a, 0xb6, 0x5a, 0x51, 0xa0, 0xce, 0x4a, 0x88, ++ 0x22, 0x72, 0x9c, 0xdc, 0xc0, 0x47, 0x76, 0x35, 0x84, 0x75, 0x9b, 0x87, ++ 0x5c, 0xd3, 0xcf, 0xe7, 0xdd, 0xa3, 0x57, 0x14, 0xdf, 0x00, 0xfd, 0x19, ++ 0x2a, 0x7d, 0x89, 0x27, 0x1c, 0x78, 0x97, 0x04, 0x58, 0x48 ++}; ++unsigned int certificate2_der_len = 1366; ++ ++unsigned char hi_signed_2nd[] = { ++ 0x68, 0x69, 0x0a, 0x30, 0x82, 0x02, 0xb1, 0x06, 0x09, 0x2a, 0x86, 0x48, ++ 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x02, 0xa0, 0x82, 0x02, 0xa2, 0x30, 0x82, ++ 0x02, 0x9e, 0x02, 0x01, 0x01, 0x31, 0x0d, 0x30, 0x0b, 0x06, 0x09, 0x60, ++ 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x30, 0x0b, 0x06, 0x09, ++ 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01, 0x31, 0x82, 0x02, ++ 0x7b, 0x30, 0x82, 0x02, 0x77, 0x02, 0x01, 0x01, 0x30, 0x52, 0x30, 0x3a, ++ 0x31, 0x38, 0x30, 0x36, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x2f, 0x47, ++ 0x72, 0x75, 0x62, 0x20, 0x32, 0x6e, 0x64, 0x20, 0x43, 0x65, 0x72, 0x74, ++ 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x20, 0x54, 0x65, 0x73, 0x74, ++ 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, ++ 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x02, 0x14, ++ 0x5b, 0x5e, 0x59, 0xf2, 0x5f, 0x75, 0x4c, 0x8e, 0xc5, 0x3a, 0x91, 0x07, ++ 0xe9, 0xe7, 0x6d, 0x3c, 0xd0, 0x7f, 0x91, 0xff, 0x30, 0x0b, 0x06, 0x09, ++ 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x30, 0x0d, 0x06, ++ 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, ++ 0x04, 0x82, 0x02, 0x00, 0x0e, 0xc2, 0x30, 0x38, 0x81, 0x23, 0x68, 0x90, ++ 0xae, 0x5f, 0xce, 0xf7, 0x27, 0xb1, 0x8c, 0x2e, 0x12, 0x10, 0xc6, 0x99, ++ 0xdc, 0x4d, 0x4b, 0x79, 0xda, 0xe4, 0x32, 0x10, 0x46, 0x1c, 0x16, 0x07, ++ 0x87, 0x66, 0x55, 0xff, 0x64, 0x1c, 0x61, 0x25, 0xd5, 0xb9, 0xe1, 0xfe, ++ 0xea, 0x5a, 0xcd, 0x56, 0xa5, 0xc3, 0xbe, 0xb1, 0x61, 0xc7, 0x6f, 0x5f, ++ 0x69, 0x20, 0x64, 0x50, 0x6f, 0x12, 0x78, 0xb6, 0x0c, 0x72, 0x44, 0x4f, ++ 0x60, 0x0f, 0x9f, 0xa2, 0x83, 0x3b, 0xc2, 0x83, 0xd5, 0x14, 0x1f, 0x6f, ++ 0x3e, 0xb2, 0x47, 0xb5, 0x58, 0xc5, 0xa7, 0xb4, 0x82, 0x53, 0x2e, 0x53, ++ 0x95, 0x4e, 0x3d, 0xe4, 0x62, 0xe8, 0xa1, 0xaf, 0xae, 0xbf, 0xa9, 0xd2, ++ 0x22, 0x07, 0xbe, 0x71, 0x37, 0x2c, 0x5a, 0xa7, 0x6c, 0xaf, 0x14, 0xc0, ++ 0x6c, 0x2f, 0xbf, 0x4f, 0x15, 0xc2, 0x0f, 0x8b, 0xdc, 0x68, 0x45, 0xdf, ++ 0xf3, 0xa5, 0x7f, 0x11, 0x6a, 0x54, 0xcd, 0x67, 0xb9, 0x2e, 0x7d, 0x05, ++ 0xe3, 0x1c, 0x1d, 0xcc, 0x77, 0x8e, 0x97, 0xb1, 0xa0, 0x11, 0x09, 0x3d, ++ 0x90, 0x54, 0xfc, 0x7e, 0xbb, 0xbb, 0x21, 0x23, 0x03, 0x44, 0xbf, 0x7d, ++ 0x2c, 0xc9, 0x15, 0x42, 0xe5, 0xa0, 0x3b, 0xa2, 0xd1, 0x5b, 0x73, 0x81, ++ 0xff, 0xfa, 0x90, 0xfc, 0x27, 0x7b, 0x2f, 0x86, 0x9c, 0x1d, 0x14, 0x36, ++ 0x94, 0xa2, 0x6e, 0xe8, 0x9d, 0xa0, 0x5f, 0xfc, 0x5a, 0x0d, 0xa4, 0xd5, ++ 0x2f, 0x8d, 0xd6, 0x00, 0xfa, 0x93, 0x5b, 0x09, 0x7f, 0x42, 0x78, 0xcc, ++ 0x8c, 0x49, 0xda, 0xd9, 0xf6, 0x43, 0xe7, 0xe1, 0x3c, 0xa2, 0xe2, 0x70, ++ 0xe2, 0x6a, 0x99, 0xc5, 0xd6, 0xa2, 0xe3, 0x0b, 0xd4, 0x09, 0xac, 0x94, ++ 0xaf, 0xb7, 0xf0, 0xb3, 0x0c, 0x1e, 0xf5, 0x16, 0x4f, 0x53, 0x9a, 0xe3, ++ 0xcc, 0xe2, 0x0c, 0x4a, 0xb9, 0xe6, 0x06, 0xbb, 0xf7, 0x41, 0x43, 0x20, ++ 0x04, 0xee, 0x99, 0x2f, 0xd8, 0x9f, 0xda, 0x3f, 0xfd, 0x49, 0xb8, 0xc2, ++ 0xbd, 0xd9, 0xc5, 0x72, 0xfd, 0xe3, 0xce, 0x1c, 0xbc, 0xe4, 0x39, 0xac, ++ 0x2a, 0x99, 0xe9, 0xb4, 0x3e, 0x74, 0x10, 0xeb, 0xd5, 0x14, 0xcc, 0xdb, ++ 0xf1, 0x04, 0x63, 0x36, 0xfb, 0x1f, 0x2b, 0xe2, 0x73, 0xd4, 0xd8, 0x49, ++ 0x31, 0xa8, 0x55, 0xcc, 0xa7, 0x76, 0x36, 0x6e, 0x18, 0xdc, 0xb9, 0xb0, ++ 0x29, 0x99, 0xcf, 0x49, 0xbf, 0xf9, 0xdb, 0x7f, 0x24, 0x42, 0x02, 0xcb, ++ 0xc1, 0xaa, 0xcb, 0xba, 0x18, 0x85, 0x86, 0xc7, 0xf4, 0x1c, 0x62, 0x76, ++ 0xbc, 0x73, 0xfb, 0xe4, 0x15, 0xb8, 0xdd, 0x5d, 0xa6, 0x68, 0x39, 0xa5, ++ 0x3d, 0x33, 0xaf, 0xd5, 0x92, 0x4d, 0x48, 0xdb, 0x22, 0xc0, 0xdc, 0x49, ++ 0x5f, 0x7b, 0xa8, 0xd2, 0x62, 0x2d, 0xa7, 0x39, 0x93, 0x48, 0xe7, 0x6b, ++ 0x23, 0xba, 0xd4, 0xe0, 0xc1, 0x29, 0x55, 0xc4, 0x34, 0xe3, 0xac, 0x25, ++ 0xa7, 0x15, 0xad, 0xab, 0xb3, 0xb7, 0x25, 0xca, 0x37, 0x88, 0x40, 0x2e, ++ 0x47, 0x6e, 0x92, 0x20, 0x09, 0x2e, 0x5a, 0xec, 0xf2, 0xfb, 0xb3, 0xa0, ++ 0x16, 0xb6, 0x93, 0xf2, 0xf5, 0x8b, 0xfe, 0xaf, 0x25, 0xee, 0x2e, 0x98, ++ 0x6c, 0x0a, 0xfe, 0xae, 0x0b, 0x57, 0xf5, 0x9f, 0x3c, 0x80, 0xe9, 0x8b, ++ 0xaf, 0x92, 0x8a, 0xad, 0xe7, 0xa0, 0xe4, 0xe6, 0x0a, 0xa0, 0xc7, 0x83, ++ 0xb5, 0x48, 0x58, 0x5f, 0x55, 0x9e, 0x9b, 0x27, 0xcd, 0x31, 0x1f, 0x3e, ++ 0x50, 0x5a, 0x91, 0xad, 0x21, 0x1b, 0x97, 0x5b, 0xe8, 0xfa, 0x29, 0x8a, ++ 0xa4, 0x17, 0xe8, 0xab, 0x87, 0x02, 0xd6, 0x18, 0x8c, 0x9f, 0x65, 0xb7, ++ 0x2a, 0xfa, 0xde, 0x5f, 0x77, 0x30, 0x6c, 0x04, 0x22, 0xe6, 0x58, 0x26, ++ 0x14, 0x0d, 0x9c, 0x41, 0x0a, 0x82, 0x77, 0xdb, 0x40, 0xa1, 0x58, 0xac, ++ 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xb5, ++ 0x7e, 0x4d, 0x6f, 0x64, 0x75, 0x6c, 0x65, 0x20, 0x73, 0x69, 0x67, 0x6e, ++ 0x61, 0x74, 0x75, 0x72, 0x65, 0x20, 0x61, 0x70, 0x70, 0x65, 0x6e, 0x64, ++ 0x65, 0x64, 0x7e, 0x0a ++}; ++unsigned int hi_signed_2nd_len = 736; ++ ++unsigned char certificate_printable_der[] = { ++ 0x30, 0x82, 0x03, 0x39, 0x30, 0x82, 0x02, 0x21, 0xa0, 0x03, 0x02, 0x01, ++ 0x02, 0x02, 0x09, 0x00, 0xde, 0xf6, 0x22, 0xc4, 0xf2, 0xf1, 0x86, 0x02, ++ 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, ++ 0x0b, 0x05, 0x00, 0x30, 0x2a, 0x31, 0x28, 0x30, 0x26, 0x06, 0x03, 0x55, ++ 0x04, 0x03, 0x13, 0x1f, 0x52, 0x65, 0x64, 0x20, 0x48, 0x61, 0x74, 0x20, ++ 0x53, 0x65, 0x63, 0x75, 0x72, 0x65, 0x20, 0x42, 0x6f, 0x6f, 0x74, 0x20, ++ 0x43, 0x41, 0x20, 0x32, 0x20, 0x28, 0x62, 0x65, 0x74, 0x61, 0x29, 0x30, ++ 0x1e, 0x17, 0x0d, 0x31, 0x34, 0x31, 0x30, 0x33, 0x31, 0x31, 0x34, 0x31, ++ 0x39, 0x32, 0x33, 0x5a, 0x17, 0x0d, 0x33, 0x37, 0x31, 0x30, 0x32, 0x35, ++ 0x31, 0x34, 0x31, 0x39, 0x32, 0x33, 0x5a, 0x30, 0x2f, 0x31, 0x2d, 0x30, ++ 0x2b, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x24, 0x52, 0x65, 0x64, 0x20, ++ 0x48, 0x61, 0x74, 0x20, 0x53, 0x65, 0x63, 0x75, 0x72, 0x65, 0x20, 0x42, ++ 0x6f, 0x6f, 0x74, 0x20, 0x53, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x20, ++ 0x33, 0x20, 0x28, 0x62, 0x65, 0x74, 0x61, 0x29, 0x30, 0x82, 0x01, 0x22, ++ 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, ++ 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, ++ 0x02, 0x82, 0x01, 0x01, 0x00, 0xbd, 0xda, 0xa1, 0xed, 0x8d, 0x8e, 0x15, ++ 0x5c, 0xf8, 0x01, 0x77, 0x48, 0x4a, 0x60, 0x96, 0xf9, 0x27, 0xfa, 0xe2, ++ 0xb1, 0x69, 0x0f, 0x51, 0x19, 0x52, 0x7e, 0xc4, 0x34, 0x8e, 0xe1, 0x9b, ++ 0x9c, 0xa4, 0xb1, 0x5c, 0xd6, 0x81, 0x98, 0x78, 0xfe, 0xa9, 0xe5, 0x0b, ++ 0x00, 0xba, 0x9c, 0x64, 0x7e, 0xc7, 0xcc, 0x72, 0xb1, 0x73, 0x4b, 0x11, ++ 0x07, 0x52, 0xf0, 0x20, 0x96, 0x8b, 0x99, 0x39, 0xde, 0xdb, 0xfa, 0x3d, ++ 0x45, 0xe2, 0x98, 0x7b, 0x0c, 0x41, 0xe4, 0x0c, 0xb5, 0x5d, 0x92, 0x74, ++ 0x39, 0x96, 0xe1, 0x97, 0x97, 0xa1, 0xad, 0x2e, 0xcc, 0xd0, 0x1b, 0x4d, ++ 0x9d, 0xbd, 0x3e, 0xa9, 0x36, 0x8e, 0xcc, 0xc7, 0x5f, 0x6a, 0x7d, 0x39, ++ 0x5e, 0x0b, 0x8d, 0xca, 0xe4, 0x83, 0xe9, 0x3b, 0x5c, 0x86, 0x47, 0xd4, ++ 0xba, 0x7d, 0x98, 0x26, 0xa1, 0xf4, 0xe8, 0x90, 0x6b, 0x0f, 0xf1, 0x6b, ++ 0x8c, 0xe3, 0xa2, 0x80, 0x3c, 0x96, 0xf1, 0x0a, 0xb6, 0x66, 0xc0, 0x4b, ++ 0x61, 0xf7, 0x74, 0xcd, 0xd3, 0x7b, 0x8e, 0x5e, 0x39, 0xda, 0x99, 0x20, ++ 0x33, 0x93, 0xd3, 0xf0, 0x7f, 0xad, 0x35, 0xe9, 0x88, 0x8d, 0x9c, 0xbf, ++ 0x65, 0xf1, 0x47, 0x02, 0xf9, 0x7c, 0xed, 0x27, 0x5f, 0x4a, 0x65, 0x3c, ++ 0xcf, 0x5f, 0x0e, 0x88, 0x95, 0x74, 0xde, 0xfb, 0x9e, 0x2e, 0x91, 0x9b, ++ 0x45, 0x37, 0xc8, 0x85, 0xff, 0xe3, 0x41, 0x70, 0xfe, 0xd5, 0xef, 0x0e, ++ 0x82, 0x22, 0x08, 0xb7, 0x3b, 0x44, 0x3e, 0xdc, 0x5b, 0x7f, 0xba, 0xbf, ++ 0xe6, 0x58, 0x9d, 0x02, 0x6e, 0x75, 0xbf, 0x50, 0xec, 0xcf, 0x3f, 0xa5, ++ 0x91, 0x0a, 0xe2, 0x59, 0x2c, 0xc3, 0xe7, 0x05, 0x03, 0xe8, 0xf2, 0x6f, ++ 0x2a, 0x04, 0x68, 0x9a, 0x31, 0x32, 0x8f, 0x04, 0x35, 0xcd, 0x1f, 0x34, ++ 0xcc, 0x4f, 0x79, 0x5a, 0x99, 0x8d, 0x9d, 0x5c, 0xf5, 0x02, 0x03, 0x01, ++ 0x00, 0x01, 0xa3, 0x5d, 0x30, 0x5b, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, ++ 0x13, 0x01, 0x01, 0xff, 0x04, 0x02, 0x30, 0x00, 0x30, 0x0b, 0x06, 0x03, ++ 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, 0x07, 0x80, 0x30, 0x1d, 0x06, ++ 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x65, 0xc5, 0xbe, 0xca, ++ 0xe6, 0x59, 0x6a, 0xfd, 0x6c, 0x71, 0xc4, 0xa7, 0x98, 0xc6, 0x25, 0x8d, ++ 0x7b, 0x67, 0x05, 0xd0, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, ++ 0x18, 0x30, 0x16, 0x80, 0x14, 0x81, 0xf8, 0xee, 0x47, 0x5c, 0x3e, 0xed, ++ 0xfb, 0xce, 0xa5, 0x84, 0xbe, 0xd7, 0xae, 0xdb, 0xd3, 0x7d, 0x64, 0xb3, ++ 0x2a, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, ++ 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x66, 0x1e, 0x3d, ++ 0x1d, 0x53, 0x33, 0xde, 0x4e, 0xc7, 0xc4, 0xf4, 0xdf, 0xda, 0x18, 0x19, ++ 0x8a, 0xa9, 0xff, 0xe2, 0x63, 0x2b, 0xbe, 0xf2, 0x61, 0x63, 0xe2, 0xf6, ++ 0xed, 0x47, 0x1a, 0x71, 0x02, 0xec, 0x2a, 0xef, 0x89, 0x77, 0xe3, 0xfd, ++ 0x86, 0x69, 0xf1, 0x3f, 0x0d, 0xf9, 0x6e, 0xf9, 0x3b, 0xad, 0x26, 0x47, ++ 0xb7, 0xf2, 0x0d, 0xad, 0x23, 0xa3, 0x67, 0x3b, 0xcb, 0x6d, 0x9e, 0x03, ++ 0x0f, 0xbc, 0x69, 0x73, 0x9f, 0xd4, 0xa5, 0x0f, 0x6f, 0xf8, 0xab, 0x4d, ++ 0x36, 0xd1, 0xe0, 0xe0, 0x5d, 0x20, 0x43, 0x90, 0xc4, 0x65, 0x61, 0x93, ++ 0xe2, 0x0f, 0x51, 0x59, 0x0a, 0xf7, 0x88, 0x70, 0x57, 0xb9, 0x04, 0xa9, ++ 0x32, 0x57, 0x9c, 0xb3, 0x57, 0x38, 0x8b, 0x8e, 0x46, 0xc8, 0x32, 0x6c, ++ 0xb4, 0xf3, 0x96, 0x7f, 0x4b, 0xf0, 0x88, 0xf9, 0x7f, 0xe2, 0x71, 0xe1, ++ 0x8b, 0xe2, 0x14, 0xf1, 0x4b, 0x25, 0x00, 0x48, 0x1c, 0x7e, 0xe5, 0x8d, ++ 0x65, 0x2d, 0xeb, 0x72, 0x4f, 0x92, 0x44, 0xf3, 0xe6, 0xe0, 0xd0, 0xdf, ++ 0x85, 0xa8, 0x13, 0x4a, 0xfb, 0x99, 0xca, 0x14, 0x2c, 0x97, 0x80, 0x93, ++ 0x27, 0xd3, 0x20, 0xf8, 0x6d, 0x29, 0x28, 0x2c, 0xb9, 0x77, 0xea, 0xb1, ++ 0x63, 0xbd, 0x7d, 0x53, 0xfd, 0x4a, 0x62, 0x64, 0x0b, 0x98, 0xa8, 0xae, ++ 0x11, 0xfc, 0x6e, 0x8d, 0x63, 0xd4, 0x15, 0x55, 0xc6, 0x4c, 0x74, 0xf5, ++ 0x5f, 0xa0, 0xb9, 0x2c, 0x2d, 0x9a, 0x7a, 0x87, 0x6e, 0xf0, 0x5e, 0x25, ++ 0xed, 0xfc, 0xd8, 0xc4, 0x34, 0x33, 0x32, 0xad, 0x01, 0xd4, 0x4b, 0x49, ++ 0x51, 0xc2, 0x07, 0x7f, 0x90, 0x6d, 0xea, 0xf5, 0x4c, 0x41, 0x71, 0x64, ++ 0xeb, 0x1f, 0x29, 0xa3, 0x1f, 0x64, 0xa2, 0x1e, 0x0e, 0x6f, 0xa1, 0x67, ++ 0x99, 0x8d, 0x98, 0x1c, 0xb8, 0x53, 0x9d, 0x30, 0x1d, 0xae, 0x32, 0x56, ++ 0xd2 ++}; ++unsigned int certificate_printable_der_len = 829; diff --git a/SOURCES/0369-appended-signatures-documentation.patch b/SOURCES/0369-appended-signatures-documentation.patch new file mode 100644 index 0000000..7161b83 --- /dev/null +++ b/SOURCES/0369-appended-signatures-documentation.patch @@ -0,0 +1,329 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Thu, 1 Oct 2020 13:02:09 +1000 +Subject: [PATCH] appended signatures: documentation + +This explains how appended signatures can be used to form part of +a secure boot chain, and documents the commands and variables +introduced. + +(docs: s/grub/grub2/) +Signed-off-by: Daniel Axtens +--- + docs/grub.texi | 185 +++++++++++++++++++++++++++++++++++++++++++++++++++++---- + 1 file changed, 172 insertions(+), 13 deletions(-) + +diff --git a/docs/grub.texi b/docs/grub.texi +index a833364d5..97f0f47e0 100644 +--- a/docs/grub.texi ++++ b/docs/grub.texi +@@ -3160,6 +3160,7 @@ These variables have special meaning to GRUB. + + @menu + * biosnum:: ++* check_appended_signatures:: + * check_signatures:: + * chosen:: + * cmdpath:: +@@ -3219,11 +3220,18 @@ For an alternative approach which also changes BIOS drive mappings for the + chain-loaded system, @pxref{drivemap}. + + ++@node check_appended_signatures ++@subsection check_appended_signatures ++ ++This variable controls whether GRUB enforces appended signature validation on ++certain loaded files. @xref{Using appended signatures}. ++ ++ + @node check_signatures + @subsection check_signatures + +-This variable controls whether GRUB enforces digital signature +-validation on loaded files. @xref{Using digital signatures}. ++This variable controls whether GRUB enforces GPG-style digital signature ++validation on loaded files. @xref{Using GPG-style digital signatures}. + + @node chosen + @subsection chosen +@@ -3937,6 +3945,7 @@ you forget a command, you can run the command @command{help} + * date:: Display or set current date and time + * devicetree:: Load a device tree blob + * distrust:: Remove a pubkey from trusted keys ++* distrust_certificate:: Remove a certificate from the list of trusted certificates + * drivemap:: Map a drive to another + * echo:: Display a line of text + * eval:: Evaluate agruments as GRUB commands +@@ -3953,6 +3962,7 @@ you forget a command, you can run the command @command{help} + * keystatus:: Check key modifier status + * linux:: Load a Linux kernel + * linux16:: Load a Linux kernel (16-bit mode) ++* list_certificates:: List trusted certificates + * list_env:: List variables in environment block + * list_trusted:: List trusted public keys + * load_env:: Load variables from environment block +@@ -3989,9 +3999,11 @@ you forget a command, you can run the command @command{help} + * test:: Check file types and compare values + * true:: Do nothing, successfully + * trust:: Add public key to list of trusted keys ++* trust_certificate:: Add an x509 certificate to the list of trusted certificates + * unset:: Unset an environment variable + * uppermem:: Set the upper memory size + @comment * vbeinfo:: List available video modes ++* verify_appended:: Verify appended digital signature + * verify_detached:: Verify detached digital signature + * videoinfo:: List available video modes + @comment * xen_*:: Xen boot commands for AArch64 +@@ -4282,9 +4294,28 @@ These keys are used to validate signatures when environment variable + @code{check_signatures} is set to @code{enforce} + (@pxref{check_signatures}), and by some invocations of + @command{verify_detached} (@pxref{verify_detached}). @xref{Using +-digital signatures}, for more information. ++GPG-style digital signatures}, for more information. + @end deffn + ++ ++@node distrust_certificate ++@subsection distrust_certificate ++ ++@deffn Command distrust_certificate cert_number ++Remove the x509 certificate numbered @var{cert_number} from GRUB's keyring of ++trusted x509 certificates for verifying appended signatures. ++ ++@var{cert_number} is the certificate number as listed by ++@command{list_certificates} (@pxref{list_certificates}). ++ ++These certificates are used to validate appended signatures when environment ++variable @code{check_appended_signatures} is set to @code{enforce} ++(@pxref{check_appended_signatures}), and by @command{verify_appended} ++(@pxref{verify_appended}). See @xref{Using appended signatures} for more ++information. ++@end deffn ++ ++ + @node drivemap + @subsection drivemap + +@@ -4542,6 +4573,21 @@ This command is only available on x86 systems. + @end deffn + + ++@node list_certificates ++@subsection list_certificates ++ ++@deffn Command list_certificates ++List all x509 certificates trusted by GRUB for validating appended signatures. ++The output is a numbered list of certificates, showing the certificate's serial ++number and Common Name. ++ ++The certificate number can be used as an argument to ++@command{distrust_certificate} (@pxref{distrust_certificate}). ++ ++See @xref{Using appended signatures} for more information. ++@end deffn ++ ++ + @node list_env + @subsection list_env + +@@ -4561,7 +4607,7 @@ The output is in GPG's v4 key fingerprint format (i.e., the output of + @code{gpg --fingerprint}). The least significant four bytes (last + eight hexadecimal digits) can be used as an argument to + @command{distrust} (@pxref{distrust}). +-@xref{Using digital signatures}, for more information about uses for ++@xref{Using GPG-style digital signatures}, for more information about uses for + these keys. + @end deffn + +@@ -4596,8 +4642,12 @@ When used with care, @option{--skip-sig} and the whitelist enable an + administrator to configure a system to boot only signed + configurations, but to allow the user to select from among multiple + configurations, and to enable ``one-shot'' boot attempts and +-``savedefault'' behavior. @xref{Using digital signatures}, for more ++``savedefault'' behavior. @xref{Using GPG-style digital signatures}, for more + information. ++ ++Extra care should be taken when combining this command with appended signatures ++(@pxref{Using appended signatures}), as this file is not validated by an ++appended signature and could set @code{check_appended_signatures=no}. + @end deffn + + +@@ -4883,7 +4933,7 @@ read. It is possible to modify a digitally signed environment block + file from within GRUB using this command, such that its signature will + no longer be valid on subsequent boots. Care should be taken in such + advanced configurations to avoid rendering the system +-unbootable. @xref{Using digital signatures}, for more information. ++unbootable. @xref{Using GPG-style digital signatures}, for more information. + @end deffn + + +@@ -5208,11 +5258,31 @@ signatures when environment variable @code{check_signatures} is set to + must itself be properly signed. The @option{--skip-sig} option can be + used to disable signature-checking when reading @var{pubkey_file} + itself. It is expected that @option{--skip-sig} is useful for testing +-and manual booting. @xref{Using digital signatures}, for more ++and manual booting. @xref{Using GPG-style digital signatures}, for more + information. + @end deffn + + ++@node trust_certificate ++@subsection trust_certificate ++ ++@deffn Command trust_certificate x509_certificate ++Read an DER-formatted x509 certificate from the file @var{x509_certificate} ++and add it to GRUB's internal list of trusted x509 certificates. These ++certificates are used to validate appended signatures when the environment ++variable @code{check_appended_signatures} is set to @code{enforce}. ++ ++Note that if @code{check_appended_signatures} is set to @code{enforce} ++when @command{trust_certificate} is executed, then @var{x509_certificate} ++must itself bear an appended signature. (It is not sufficient that ++@var{x509_certificate} be signed by a trusted certificate according to the ++x509 rules: grub does not include support for validating signatures within x509 ++certificates themselves.) ++ ++See @xref{Using appended signatures} for more information. ++@end deffn ++ ++ + @node unset + @subsection unset + +@@ -5237,6 +5307,18 @@ only on PC BIOS platforms. + @end deffn + @end ignore + ++@node verify_appended ++@subsection verify_appended ++ ++@deffn Command verify_appended file ++Verifies an appended signature on @var{file} against the trusted certificates ++known to GRUB (See @pxref{list_certificates}, @pxref{trust_certificate}, and ++@pxref{distrust_certificate}). ++ ++Exit code @code{$?} is set to 0 if the signature validates ++successfully. If validation fails, it is set to a non-zero value. ++See @xref{Using appended signatures}, for more information. ++@end deffn + + @node verify_detached + @subsection verify_detached +@@ -5255,7 +5337,7 @@ tried. + + Exit code @code{$?} is set to 0 if the signature validates + successfully. If validation fails, it is set to a non-zero value. +-@xref{Using digital signatures}, for more information. ++@xref{Using GPG-style digital signatures}, for more information. + @end deffn + + @node videoinfo +@@ -5601,9 +5683,10 @@ environment variables and commands are listed in the same order. + @chapter Security + + @menu +-* Authentication and authorisation:: Users and access control +-* Using digital signatures:: Booting digitally signed code +-* Signing GRUB itself:: Ensuring the integrity of the GRUB core image ++* Authentication and authorisation:: Users and access control ++* Using GPG-style digital signatures:: Booting digitally signed code ++* Using appended signatures:: An alternative approach to booting digitally signed code ++* Signing GRUB itself:: Ensuring the integrity of the GRUB core image + @end menu + + @node Authentication and authorisation +@@ -5676,8 +5759,8 @@ generating configuration files with authentication. You can use + adding @kbd{set superusers=} and @kbd{password} or @kbd{password_pbkdf2} + commands. + +-@node Using digital signatures +-@section Using digital signatures in GRUB ++@node Using GPG-style digital signatures ++@section Using GPG-style digital signatures in GRUB + + GRUB's @file{core.img} can optionally provide enforcement that all files + subsequently read from disk are covered by a valid digital signature. +@@ -5760,6 +5843,82 @@ or BIOS) configuration to cause the machine to boot from a different + (attacker-controlled) device. GRUB is at best only one link in a + secure boot chain. + ++@node Using appended signatures ++@section Using appended signatures in GRUB ++ ++GRUB supports verifying Linux-style 'appended signatures' for secure boot. ++Appended signatures are PKCS#7 messages containing a signature over the ++contents of a file, plus some metadata, appended to the end of a file. A file ++with an appended signature ends with the magic string: ++ ++@example ++~Module signature appended~\n ++@end example ++ ++where @code{\n} represents the carriage-return character, @code{0x0a}. ++ ++To enable appended signature verification, load the appendedsig module and an ++x509 certificate for verification. Building the appendedsig module into the ++core grub image is recommended. ++ ++Certificates can be managed at boot time using the @pxref{trust_certificate}, ++@pxref{distrust_certificate} and @pxref{list_certificates} commands. ++Certificates can also be built in to the core image using the @code{--x509} ++parameter to @command{grub-install} or @command{grub-mkimage}. ++ ++A file can be explictly verified using the @pxref{verify_appended} command. ++ ++Only signatures made with the SHA-256 or SHA-512 hash algorithm are supported, ++and only RSA signatures are supported. ++ ++A file can be signed with the @command{sign-file} utility supplied with the ++Linux kernel source. For example, if you have @code{signing.key} as the private ++key and @code{certificate.der} as the x509 certificate containing the public key: ++ ++@example ++sign-file SHA256 signing.key certificate.der vmlinux vmlinux.signed ++@end example ++ ++Enforcement of signature verification is controlled by the ++@code{check_appended_signatures} variable. Verification will only take place ++when files are loaded if the variable is set to @code{enforce}. If a ++certificate is built into the grub core image with the @code{--x509} parameter, ++the variable will be automatically set to @code{enforce} when the appendedsig ++module is loaded. ++ ++Unlike GPG-style signatures, not all files loaded by GRUB are required to be ++signed. Once verification is turned on, the following file types must carry ++appended signatures: ++ ++@enumerate ++@item Linux, Multiboot, BSD, XNU and Plan9 kernels ++@item Grub modules, except those built in to the core image ++@item Any new certificate files to be trusted ++@end enumerate ++ ++ACPI tables and Device Tree images will not be checked for appended signatures ++but must be verified by another mechanism such as GPG-style signatures before ++they will be loaded. ++ ++No attempt is made to validate any other file type. In particular, ++chain-loaded binaries are not verified - if your platform supports ++chain-loading and this cannot be disabled, consider an alternative secure ++boot mechanism. ++ ++As with GPG-style appended signatures, signature checking does @strong{not} ++stop an attacker with console access from dropping manually to the GRUB ++console and executing: ++ ++@example ++set check_appended_signatures=no ++@end example ++ ++Refer to the section on password-protecting GRUB (@pxref{Authentication ++and authorisation}) for more information on preventing this. ++ ++Additionally, special care must be taken around the @command{loadenv} command, ++which can be used to turn off @code{check_appended_signature}. ++ + @node Signing GRUB itself + @section Signing GRUB itself + diff --git a/SOURCES/0370-ieee1275-link-appended-signature-enforcement-to-ibm-.patch b/SOURCES/0370-ieee1275-link-appended-signature-enforcement-to-ibm-.patch new file mode 100644 index 0000000..e3e8f31 --- /dev/null +++ b/SOURCES/0370-ieee1275-link-appended-signature-enforcement-to-ibm-.patch @@ -0,0 +1,137 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Mon, 28 Sep 2020 11:11:17 +1000 +Subject: [PATCH] ieee1275: link appended-signature enforcement to + /ibm,secure-boot + +If the 'ibm,secure-boot' property of the root node is 2 or greater, +require that the kernel pass appended-signature verification. + +Do not consider the presence of a certificate to enforce verification. + +Signed-off-by: Daniel Axtens +--- + grub-core/commands/appendedsig/appendedsig.c | 44 +++++++++++++++++++++------- + grub-core/kern/ieee1275/init.c | 26 ++++++++++++++++ + 2 files changed, 60 insertions(+), 10 deletions(-) + +diff --git a/grub-core/commands/appendedsig/appendedsig.c b/grub-core/commands/appendedsig/appendedsig.c +index 5d8897be5..4ef2ec289 100644 +--- a/grub-core/commands/appendedsig/appendedsig.c ++++ b/grub-core/commands/appendedsig/appendedsig.c +@@ -95,10 +95,24 @@ static char * + grub_env_write_sec (struct grub_env_var *var __attribute__((unused)), + const char *val) + { ++ if (check_sigs == 2) ++ return grub_strdup ("forced"); + check_sigs = (*val == '1') || (*val == 'e'); + return grub_strdup (check_sigs ? "enforce" : "no"); + } + ++static const char * ++grub_env_read_sec (struct grub_env_var *var __attribute__ ((unused)), ++ const char *val __attribute__ ((unused))) ++{ ++ if (check_sigs == 2) ++ return "forced"; ++ else if (check_sigs == 1) ++ return "enforce"; ++ else ++ return "no"; ++} ++ + static grub_err_t + read_cert_from_file (grub_file_t f, struct x509_certificate *certificate) + { +@@ -552,14 +566,20 @@ GRUB_MOD_INIT (appendedsig) + val = grub_env_get ("check_appended_signatures"); + grub_dprintf ("appendedsig", "check_appended_signatures='%s'\n", val); + +- if (val && (val[0] == '1' || val[0] == 'e')) +- check_sigs = 1; +- else +- check_sigs = 0; ++ if (val) ++ { ++ if (val[0] == '2' || val[0] == 'f') ++ check_sigs = 2; ++ else if (val[0] == '1' || val[0] == 'e') ++ check_sigs = 1; ++ else ++ check_sigs = 0; ++ } + + grub_trusted_key = NULL; + +- grub_register_variable_hook ("check_appended_signatures", 0, ++ grub_register_variable_hook ("check_appended_signatures", ++ grub_env_read_sec, + grub_env_write_sec); + grub_env_export ("check_appended_signatures"); + +@@ -603,11 +623,15 @@ GRUB_MOD_INIT (appendedsig) + grub_trusted_key = pk; + } + +- if (!val || val[0] == '\0') +- { +- grub_env_set ("check_appended_signatures", +- grub_trusted_key ? "enforce" : "no"); +- } ++ /* ++ * When controlled by ibm,secure-boot, we don't want the presence of ++ * a certificate to enforce secure boot. ++ * if (!val || val[0] == '\0') ++ * { ++ * grub_env_set ("check_appended_signatures", ++ * grub_trusted_key ? "enforce" : "no"); ++ * } ++ */ + + cmd_trust = + grub_register_command ("trust_certificate", grub_cmd_trust, +diff --git a/grub-core/kern/ieee1275/init.c b/grub-core/kern/ieee1275/init.c +index e731a57a4..22dc3013d 100644 +--- a/grub-core/kern/ieee1275/init.c ++++ b/grub-core/kern/ieee1275/init.c +@@ -268,6 +268,30 @@ grub_parse_cmdline (void) + } + } + ++static void ++grub_get_ieee1275_secure_boot (void) ++{ ++ grub_ieee1275_phandle_t root; ++ int rc; ++ grub_uint32_t is_sb; ++ ++ grub_ieee1275_finddevice ("/", &root); ++ ++ rc = grub_ieee1275_get_integer_property (root, "ibm,secure-boot", &is_sb, ++ sizeof (is_sb), 0); ++ ++ /* ibm,secure-boot: ++ * 0 - disabled ++ * 1 - audit ++ * 2 - enforce ++ * 3 - enforce + OS-specific behaviour ++ * ++ * We only support enforce. ++ */ ++ if (rc >= 0 && is_sb >= 2) ++ grub_env_set("check_appended_signatures", "forced"); ++} ++ + grub_addr_t grub_modbase; + + void +@@ -290,6 +314,8 @@ grub_machine_init (void) + #else + grub_install_get_time_ms (grub_rtc_get_time_ms); + #endif ++ ++ grub_get_ieee1275_secure_boot (); + } + + void diff --git a/SOURCES/0371-include-grub-verify.h-Add-include-guard.patch b/SOURCES/0371-include-grub-verify.h-Add-include-guard.patch new file mode 100644 index 0000000..b1d13f3 --- /dev/null +++ b/SOURCES/0371-include-grub-verify.h-Add-include-guard.patch @@ -0,0 +1,37 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Leif Lindholm +Date: Wed, 14 Nov 2018 19:29:15 +0000 +Subject: [PATCH] include/grub/verify.h: Add include guard + +verify.h was added without include guards. This means compiling anything +including both include/grub/verify.h and include/grub/lib/cmdline.h fails +(at least grub-core/loader/arm64/linux.c. + +Add the necessary include guard. + +Signed-off-by: Leif Lindholm +Reviewed-by: Daniel Kiper +--- + include/grub/verify.h | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/include/grub/verify.h b/include/grub/verify.h +index 60c13e7ea..ace72d746 100644 +--- a/include/grub/verify.h ++++ b/include/grub/verify.h +@@ -16,6 +16,9 @@ + * along with GRUB. If not, see . + */ + ++#ifndef GRUB_VERIFY_HEADER ++#define GRUB_VERIFY_HEADER 1 ++ + #include + #include + +@@ -89,3 +92,5 @@ char grub_is_dangerous_module (grub_file_t io); + * Returns the name if one is loaded, otherwise NULL. + */ + const char *grub_dangerous_module_loaded (void); ++ ++#endif /* ! GRUB_VERIFY_HEADER */ diff --git a/SOURCES/0372-arm64-xen-Fix-too-few-arguments-to-function-grub_cre.patch b/SOURCES/0372-arm64-xen-Fix-too-few-arguments-to-function-grub_cre.patch new file mode 100644 index 0000000..4ce69e8 --- /dev/null +++ b/SOURCES/0372-arm64-xen-Fix-too-few-arguments-to-function-grub_cre.patch @@ -0,0 +1,40 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Lee Jones +Date: Tue, 20 Nov 2018 10:45:04 +0000 +Subject: [PATCH] arm64/xen: Fix too few arguments to function + grub_create_loader_cmdline() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Without this fix, building xen_boot.c omits: + +loader/arm64/xen_boot.c: In function ‘xen_boot_binary_load’: +loader/arm64/xen_boot.c:370:7: error: too few arguments to function ‘grub_create_loader_cmdline’ + grub_create_loader_cmdline (argc - 1, argv + 1, binary->cmdline, + ^~~~~~~~~~~~~~~~~~~~~~~~~~ +In file included from loader/arm64/xen_boot.c:36:0: +../include/grub/lib/cmdline.h:29:12: note: declared here + grub_err_t grub_create_loader_cmdline (int argc, char *argv[], char *buf, + +Signed-off-by: Lee Jones +Reviewed-by: Julien Grall +Reviewed-by: Daniel Kiper +--- + grub-core/loader/arm64/xen_boot.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/grub-core/loader/arm64/xen_boot.c b/grub-core/loader/arm64/xen_boot.c +index 318c833de..1a337866f 100644 +--- a/grub-core/loader/arm64/xen_boot.c ++++ b/grub-core/loader/arm64/xen_boot.c +@@ -367,7 +367,8 @@ xen_boot_binary_load (struct xen_boot_binary *binary, grub_file_t file, + return; + } + grub_create_loader_cmdline (argc - 1, argv + 1, binary->cmdline, +- binary->cmdline_size); ++ binary->cmdline_size, ++ GRUB_VERIFY_KERNEL_CMDLINE); + grub_dprintf ("xen_loader", + "Xen_boot cmdline @ %p %s, size: %d\n", + binary->cmdline, binary->cmdline, binary->cmdline_size); diff --git a/SOURCES/0373-kern-Add-lockdown-support.patch b/SOURCES/0373-kern-Add-lockdown-support.patch new file mode 100644 index 0000000..8d05fc2 --- /dev/null +++ b/SOURCES/0373-kern-Add-lockdown-support.patch @@ -0,0 +1,440 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Fri, 19 Feb 2021 10:33:54 +0100 +Subject: [PATCH] kern: Add lockdown support + +When the GRUB starts on a secure boot platform, some commands can be +used to subvert the protections provided by the verification mechanism and +could lead to booting untrusted system. + +To prevent that situation, allow GRUB to be locked down. That way the code +may check if GRUB has been locked down and further restrict the commands +that are registered or what subset of their functionality could be used. + +The lockdown support adds the following components: + +* The grub_lockdown() function which can be used to lockdown GRUB if, + e.g., UEFI Secure Boot is enabled. + +* The grub_is_lockdown() function which can be used to check if the GRUB + was locked down. + +* A verifier that flags OS kernels, the GRUB modules, Device Trees and ACPI + tables as GRUB_VERIFY_FLAGS_DEFER_AUTH to defer verification to other + verifiers. These files are only successfully verified if another registered + verifier returns success. Otherwise, the whole verification process fails. + + For example, PE/COFF binaries verification can be done by the shim_lock + verifier which validates the signatures using the shim_lock protocol. + However, the verification is not deferred directly to the shim_lock verifier. + The shim_lock verifier is hooked into the verification process instead. + +* A set of grub_{command,extcmd}_lockdown functions that can be used by + code registering command handlers, to only register unsafe commands if + the GRUB has not been locked down. + +Signed-off-by: Javier Martinez Canillas +Reviewed-by: Daniel Kiper +--- + grub-core/Makefile.core.def | 1 + + grub-core/commands/extcmd.c | 23 +++++++++++ + grub-core/kern/command.c | 24 ++++++++++++ + grub-core/kern/lockdown.c | 93 +++++++++++++++++++++++++++++++++++++++++++++ + include/grub/command.h | 5 +++ + include/grub/extcmd.h | 7 ++++ + include/grub/lockdown.h | 44 +++++++++++++++++++++ + conf/Makefile.common | 2 + + docs/grub-dev.texi | 27 +++++++++++++ + docs/grub.texi | 8 ++++ + grub-core/Makefile.am | 5 ++- + 11 files changed, 238 insertions(+), 1 deletion(-) + create mode 100644 grub-core/kern/lockdown.c + create mode 100644 include/grub/lockdown.h + +diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def +index 8914083d1..02fbecd4b 100644 +--- a/grub-core/Makefile.core.def ++++ b/grub-core/Makefile.core.def +@@ -197,6 +197,7 @@ kernel = { + efi = term/efi/console.c; + efi = kern/acpi.c; + efi = kern/efi/acpi.c; ++ efi = kern/lockdown.c; + efi = lib/envblk.c; + efi = kern/efi/tpm.c; + i386_coreboot = kern/i386/pc/acpi.c; +diff --git a/grub-core/commands/extcmd.c b/grub-core/commands/extcmd.c +index 69574e2b0..90a5ca24a 100644 +--- a/grub-core/commands/extcmd.c ++++ b/grub-core/commands/extcmd.c +@@ -19,6 +19,7 @@ + + #include + #include ++#include + #include + #include + #include +@@ -110,6 +111,28 @@ grub_register_extcmd (const char *name, grub_extcmd_func_t func, + summary, description, parser, 1); + } + ++static grub_err_t ++grub_extcmd_lockdown (grub_extcmd_context_t ctxt __attribute__ ((unused)), ++ int argc __attribute__ ((unused)), ++ char **argv __attribute__ ((unused))) ++{ ++ return grub_error (GRUB_ERR_ACCESS_DENIED, ++ N_("%s: the command is not allowed when lockdown is enforced"), ++ ctxt->extcmd->cmd->name); ++} ++ ++grub_extcmd_t ++grub_register_extcmd_lockdown (const char *name, grub_extcmd_func_t func, ++ grub_command_flags_t flags, const char *summary, ++ const char *description, ++ const struct grub_arg_option *parser) ++{ ++ if (grub_is_lockdown () == GRUB_LOCKDOWN_ENABLED) ++ func = grub_extcmd_lockdown; ++ ++ return grub_register_extcmd (name, func, flags, summary, description, parser); ++} ++ + void + grub_unregister_extcmd (grub_extcmd_t ext) + { +diff --git a/grub-core/kern/command.c b/grub-core/kern/command.c +index acd721879..4aabcd4b5 100644 +--- a/grub-core/kern/command.c ++++ b/grub-core/kern/command.c +@@ -17,6 +17,7 @@ + * along with GRUB. If not, see . + */ + ++#include + #include + #include + +@@ -77,6 +78,29 @@ grub_register_command_prio (const char *name, + return cmd; + } + ++static grub_err_t ++grub_cmd_lockdown (grub_command_t cmd __attribute__ ((unused)), ++ int argc __attribute__ ((unused)), ++ char **argv __attribute__ ((unused))) ++ ++{ ++ return grub_error (GRUB_ERR_ACCESS_DENIED, ++ N_("%s: the command is not allowed when lockdown is enforced"), ++ cmd->name); ++} ++ ++grub_command_t ++grub_register_command_lockdown (const char *name, ++ grub_command_func_t func, ++ const char *summary, ++ const char *description) ++{ ++ if (grub_is_lockdown () == GRUB_LOCKDOWN_ENABLED) ++ func = grub_cmd_lockdown; ++ ++ return grub_register_command_prio (name, func, summary, description, 0); ++} ++ + void + grub_unregister_command (grub_command_t cmd) + { +diff --git a/grub-core/kern/lockdown.c b/grub-core/kern/lockdown.c +new file mode 100644 +index 000000000..f87ddaeb1 +--- /dev/null ++++ b/grub-core/kern/lockdown.c +@@ -0,0 +1,93 @@ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2020 Free Software Foundation, Inc. ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ * ++ */ ++ ++#include ++#include ++#include ++ ++/* There is no verifier framework in grub 2.02 */ ++#if 0 ++#include ++#endif ++ ++static int lockdown = GRUB_LOCKDOWN_DISABLED; ++ ++/* There is no verifier framework in grub 2.02 */ ++#if 0 ++static grub_err_t ++lockdown_verifier_init (grub_file_t io __attribute__ ((unused)), ++ enum grub_file_type type, ++ void **context __attribute__ ((unused)), ++ enum grub_verify_flags *flags) ++{ ++ *flags = GRUB_VERIFY_FLAGS_SKIP_VERIFICATION; ++ ++ switch (type & GRUB_FILE_TYPE_MASK) ++ { ++ case GRUB_FILE_TYPE_GRUB_MODULE: ++ case GRUB_FILE_TYPE_LINUX_KERNEL: ++ case GRUB_FILE_TYPE_MULTIBOOT_KERNEL: ++ case GRUB_FILE_TYPE_XEN_HYPERVISOR: ++ case GRUB_FILE_TYPE_BSD_KERNEL: ++ case GRUB_FILE_TYPE_XNU_KERNEL: ++ case GRUB_FILE_TYPE_PLAN9_KERNEL: ++ case GRUB_FILE_TYPE_NTLDR: ++ case GRUB_FILE_TYPE_TRUECRYPT: ++ case GRUB_FILE_TYPE_FREEDOS: ++ case GRUB_FILE_TYPE_PXECHAINLOADER: ++ case GRUB_FILE_TYPE_PCCHAINLOADER: ++ case GRUB_FILE_TYPE_COREBOOT_CHAINLOADER: ++ case GRUB_FILE_TYPE_EFI_CHAINLOADED_IMAGE: ++ case GRUB_FILE_TYPE_ACPI_TABLE: ++ case GRUB_FILE_TYPE_DEVICE_TREE_IMAGE: ++ *flags = GRUB_VERIFY_FLAGS_DEFER_AUTH; ++ ++ /* Fall through. */ ++ ++ default: ++ return GRUB_ERR_NONE; ++ } ++} ++ ++struct grub_file_verifier lockdown_verifier = ++ { ++ .name = "lockdown_verifier", ++ .init = lockdown_verifier_init, ++ }; ++#endif ++ ++void ++grub_lockdown (void) ++{ ++ lockdown = GRUB_LOCKDOWN_ENABLED; ++ ++ /* ++ * XXX: The lockdown verifier doesn't make sense until ++ * GRUB has moved to the shim_lock verifier. ++ */ ++#if 0 ++ grub_verifier_register (&lockdown_verifier); ++#endif ++} ++ ++int ++grub_is_lockdown (void) ++{ ++ return lockdown; ++} +diff --git a/include/grub/command.h b/include/grub/command.h +index eee4e847e..2a6f7f846 100644 +--- a/include/grub/command.h ++++ b/include/grub/command.h +@@ -86,6 +86,11 @@ EXPORT_FUNC(grub_register_command_prio) (const char *name, + const char *summary, + const char *description, + int prio); ++grub_command_t ++EXPORT_FUNC(grub_register_command_lockdown) (const char *name, ++ grub_command_func_t func, ++ const char *summary, ++ const char *description); + void EXPORT_FUNC(grub_unregister_command) (grub_command_t cmd); + + static inline grub_command_t +diff --git a/include/grub/extcmd.h b/include/grub/extcmd.h +index 19fe59266..fe9248b8b 100644 +--- a/include/grub/extcmd.h ++++ b/include/grub/extcmd.h +@@ -62,6 +62,13 @@ grub_extcmd_t EXPORT_FUNC(grub_register_extcmd) (const char *name, + const char *description, + const struct grub_arg_option *parser); + ++grub_extcmd_t EXPORT_FUNC(grub_register_extcmd_lockdown) (const char *name, ++ grub_extcmd_func_t func, ++ grub_command_flags_t flags, ++ const char *summary, ++ const char *description, ++ const struct grub_arg_option *parser); ++ + grub_extcmd_t EXPORT_FUNC(grub_register_extcmd_prio) (const char *name, + grub_extcmd_func_t func, + grub_command_flags_t flags, +diff --git a/include/grub/lockdown.h b/include/grub/lockdown.h +new file mode 100644 +index 000000000..40531fa82 +--- /dev/null ++++ b/include/grub/lockdown.h +@@ -0,0 +1,44 @@ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2020 Free Software Foundation, Inc. ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ */ ++ ++#ifndef GRUB_LOCKDOWN_H ++#define GRUB_LOCKDOWN_H 1 ++ ++#include ++ ++#define GRUB_LOCKDOWN_DISABLED 0 ++#define GRUB_LOCKDOWN_ENABLED 1 ++ ++#ifdef GRUB_MACHINE_EFI ++extern void ++EXPORT_FUNC (grub_lockdown) (void); ++extern int ++EXPORT_FUNC (grub_is_lockdown) (void); ++#else ++static inline void ++grub_lockdown (void) ++{ ++} ++ ++static inline int ++grub_is_lockdown (void) ++{ ++ return GRUB_LOCKDOWN_DISABLED; ++} ++#endif ++#endif /* ! GRUB_LOCKDOWN_H */ +diff --git a/conf/Makefile.common b/conf/Makefile.common +index b93879804..521cdda1f 100644 +--- a/conf/Makefile.common ++++ b/conf/Makefile.common +@@ -85,7 +85,9 @@ CPPFLAGS_PARTTOOL_LIST = -Dgrub_parttool_register=PARTTOOL_LIST_MARKER + CPPFLAGS_TERMINAL_LIST = '-Dgrub_term_register_input(...)=INPUT_TERMINAL_LIST_MARKER(__VA_ARGS__)' + CPPFLAGS_TERMINAL_LIST += '-Dgrub_term_register_output(...)=OUTPUT_TERMINAL_LIST_MARKER(__VA_ARGS__)' + CPPFLAGS_COMMAND_LIST = '-Dgrub_register_command(...)=COMMAND_LIST_MARKER(__VA_ARGS__)' ++CPPFLAGS_COMMAND_LIST += '-Dgrub_register_command_lockdown(...)=COMMAND_LOCKDOWN_LIST_MARKER(__VA_ARGS__)' + CPPFLAGS_COMMAND_LIST += '-Dgrub_register_extcmd(...)=EXTCOMMAND_LIST_MARKER(__VA_ARGS__)' ++CPPFLAGS_COMMAND_LIST += '-Dgrub_register_extcmd_lockdown(...)=EXTCOMMAND_LOCKDOWN_LIST_MARKER(__VA_ARGS__)' + CPPFLAGS_COMMAND_LIST += '-Dgrub_register_command_p1(...)=P1COMMAND_LIST_MARKER(__VA_ARGS__)' + CPPFLAGS_FDT_LIST := '-Dgrub_fdtbus_register(...)=FDT_DRIVER_LIST_MARKER(__VA_ARGS__)' + CPPFLAGS_MARKER = $(CPPFLAGS_FS_LIST) $(CPPFLAGS_VIDEO_LIST) \ +diff --git a/docs/grub-dev.texi b/docs/grub-dev.texi +index 3ce827ab7..421dd410e 100644 +--- a/docs/grub-dev.texi ++++ b/docs/grub-dev.texi +@@ -84,6 +84,7 @@ This edition documents version @value{VERSION}. + * Video Subsystem:: + * PFF2 Font File Format:: + * Graphical Menu Software Design:: ++* Lockdown framework:: + * Copying This Manual:: Copying This Manual + * Index:: + @end menu +@@ -1949,6 +1950,32 @@ the graphics mode that was in use before @code{grub_video_setup()} was called + might fix some of the problems. + + ++@node Lockdown framework ++@chapter Lockdown framework ++ ++The GRUB can be locked down, which is a restricted mode where some operations ++are not allowed. For instance, some commands cannot be used when the GRUB is ++locked down. ++ ++The function ++@code{grub_lockdown()} is used to lockdown GRUB and the function ++@code{grub_is_lockdown()} function can be used to check whether lockdown is ++enabled or not. When enabled, the function returns @samp{GRUB_LOCKDOWN_ENABLED} ++and @samp{GRUB_LOCKDOWN_DISABLED} when is not enabled. ++ ++The following functions can be used to register the commands that can only be ++used when lockdown is disabled: ++ ++@itemize ++ ++@item @code{grub_cmd_lockdown()} registers command which should not run when the ++GRUB is in lockdown mode. ++ ++@item @code{grub_cmd_lockdown()} registers extended command which should not run ++when the GRUB is in lockdown mode. ++ ++@end itemize ++ + @node Copying This Manual + @appendix Copying This Manual + +diff --git a/docs/grub.texi b/docs/grub.texi +index 97f0f47e0..f957535db 100644 +--- a/docs/grub.texi ++++ b/docs/grub.texi +@@ -5687,6 +5687,7 @@ environment variables and commands are listed in the same order. + * Using GPG-style digital signatures:: Booting digitally signed code + * Using appended signatures:: An alternative approach to booting digitally signed code + * Signing GRUB itself:: Ensuring the integrity of the GRUB core image ++* Lockdown:: Lockdown when booting on a secure setup + @end menu + + @node Authentication and authorisation +@@ -5977,6 +5978,13 @@ As with UEFI secure boot, it is necessary to build in the required modules, + or sign them separately. + + ++@node Lockdown ++@section Lockdown when booting on a secure setup ++ ++The GRUB can be locked down when booted on a secure boot environment, for example ++if the UEFI secure boot is enabled. On a locked down configuration, the GRUB will ++be restricted and some operations/commands cannot be executed. ++ + @node Platform limitations + @chapter Platform limitations + +diff --git a/grub-core/Makefile.am b/grub-core/Makefile.am +index 406265250..a6f1b0dcd 100644 +--- a/grub-core/Makefile.am ++++ b/grub-core/Makefile.am +@@ -82,6 +82,7 @@ KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/fs.h + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/i18n.h + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/kernel.h + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/list.h ++KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/lockdown.h + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/misc.h + if COND_emu + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/compiler-rt-emu.h +@@ -350,8 +351,10 @@ command.lst: $(MARKER_FILES) + b=`basename $$pp .marker`; \ + sed -n \ + -e "/EXTCOMMAND_LIST_MARKER *( *\"/{s/.*( *\"\([^\"]*\)\".*/*\1: $$b/;p;}" \ ++ -e "/EXTCOMMAND_LOCKDOWN_LIST_MARKER *( *\"/{s/.*( *\"\([^\"]*\)\".*/*\1: $$b/;p;}" \ + -e "/P1COMMAND_LIST_MARKER *( *\"/{s/.*( *\"\([^\"]*\)\".*/*\1: $$b/;p;}" \ +- -e "/COMMAND_LIST_MARKER *( *\"/{s/.*( *\"\([^\"]*\)\".*/\1: $$b/;p;}" $$pp; \ ++ -e "/COMMAND_LIST_MARKER *( *\"/{s/.*( *\"\([^\"]*\)\".*/\1: $$b/;p;}" \ ++ -e "/COMMAND_LOCKDOWN_LIST_MARKER *( *\"/{s/.*( *\"\([^\"]*\)\".*/\1: $$b/;p;}" $$pp; \ + done) | sort -u > $@ + platform_DATA += command.lst + CLEANFILES += command.lst diff --git a/SOURCES/0374-kern-lockdown-Set-a-variable-if-the-GRUB-is-locked-d.patch b/SOURCES/0374-kern-lockdown-Set-a-variable-if-the-GRUB-is-locked-d.patch new file mode 100644 index 0000000..ab93b27 --- /dev/null +++ b/SOURCES/0374-kern-lockdown-Set-a-variable-if-the-GRUB-is-locked-d.patch @@ -0,0 +1,53 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Tue, 2 Feb 2021 19:59:48 +0100 +Subject: [PATCH] kern/lockdown: Set a variable if the GRUB is locked down + +It may be useful for scripts to determine whether the GRUB is locked +down or not. Add the lockdown variable which is set to "y" when the GRUB +is locked down. + +Suggested-by: Dimitri John Ledkov +Signed-off-by: Javier Martinez Canillas +Reviewed-by: Daniel Kiper +--- + grub-core/kern/lockdown.c | 4 ++++ + docs/grub.texi | 3 +++ + 2 files changed, 7 insertions(+) + +diff --git a/grub-core/kern/lockdown.c b/grub-core/kern/lockdown.c +index f87ddaeb1..30cba7f5e 100644 +--- a/grub-core/kern/lockdown.c ++++ b/grub-core/kern/lockdown.c +@@ -18,6 +18,7 @@ + */ + + #include ++#include + #include + #include + +@@ -84,6 +85,9 @@ grub_lockdown (void) + #if 0 + grub_verifier_register (&lockdown_verifier); + #endif ++ ++ grub_env_set ("lockdown", "y"); ++ grub_env_export ("lockdown"); + } + + int +diff --git a/docs/grub.texi b/docs/grub.texi +index f957535db..755de88d7 100644 +--- a/docs/grub.texi ++++ b/docs/grub.texi +@@ -5985,6 +5985,9 @@ The GRUB can be locked down when booted on a secure boot environment, for exampl + if the UEFI secure boot is enabled. On a locked down configuration, the GRUB will + be restricted and some operations/commands cannot be executed. + ++The @samp{lockdown} variable is set to @samp{y} when the GRUB is locked down. ++Otherwise it does not exit. ++ + @node Platform limitations + @chapter Platform limitations + diff --git a/SOURCES/0375-efi-Lockdown-the-GRUB-when-the-UEFI-Secure-Boot-is-e.patch b/SOURCES/0375-efi-Lockdown-the-GRUB-when-the-UEFI-Secure-Boot-is-e.patch new file mode 100644 index 0000000..b9a62d8 --- /dev/null +++ b/SOURCES/0375-efi-Lockdown-the-GRUB-when-the-UEFI-Secure-Boot-is-e.patch @@ -0,0 +1,52 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Mon, 28 Sep 2020 20:08:29 +0200 +Subject: [PATCH] efi: Lockdown the GRUB when the UEFI Secure Boot is enabled + +If the UEFI Secure Boot is enabled then the GRUB must be locked down +to prevent executing code that can potentially be used to subvert its +verification mechanisms. + +Signed-off-by: Javier Martinez Canillas +Reviewed-by: Daniel Kiper +--- + grub-core/kern/efi/init.c | 19 +++++++++++++++++++ + 1 file changed, 19 insertions(+) + +diff --git a/grub-core/kern/efi/init.c b/grub-core/kern/efi/init.c +index 79243b364..97bf36906 100644 +--- a/grub-core/kern/efi/init.c ++++ b/grub-core/kern/efi/init.c +@@ -20,6 +20,8 @@ + #include + #include + #include ++#include ++#include + #include + #include + #include +@@ -93,6 +95,23 @@ grub_efi_init (void) + /* Initialize the memory management system. */ + grub_efi_mm_init (); + ++ /* ++ * Lockdown the GRUB and register the shim_lock verifier ++ * if the UEFI Secure Boot is enabled. ++ */ ++ if (grub_efi_secure_boot ()) ++ { ++ grub_lockdown (); ++ ++ /* ++ * TODO: Move GRUB to using the shim_lock verifier and ++ * enable the lockdown verifier. ++ */ ++#if 0 ++ grub_shim_lock_verifier_setup (); ++#endif ++ } ++ + efi_call_4 (grub_efi_system_table->boot_services->set_watchdog_timer, + 0, 0, 0, NULL); + diff --git a/SOURCES/0376-efi-Use-grub_is_lockdown-instead-of-hardcoding-a-dis.patch b/SOURCES/0376-efi-Use-grub_is_lockdown-instead-of-hardcoding-a-dis.patch new file mode 100644 index 0000000..fb274b2 --- /dev/null +++ b/SOURCES/0376-efi-Use-grub_is_lockdown-instead-of-hardcoding-a-dis.patch @@ -0,0 +1,137 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Mon, 28 Sep 2020 20:08:33 +0200 +Subject: [PATCH] efi: Use grub_is_lockdown() instead of hardcoding a disabled + modules list + +Now the GRUB can check if it has been locked down and this can be used to +prevent executing commands that can be utilized to circumvent the UEFI +Secure Boot mechanisms. So, instead of hardcoding a list of modules that +have to be disabled, prevent the usage of commands that can be dangerous. + +This not only allows the commands to be disabled on other platforms, but +also properly separate the concerns. Since the shim_lock verifier logic +should be only about preventing to run untrusted binaries and not about +defining these kind of policies. + +Signed-off-by: Javier Martinez Canillas +Reviewed-by: Daniel Kiper +--- + grub-core/commands/iorw.c | 26 ++++++++++---------------- + grub-core/commands/memrw.c | 26 ++++++++++---------------- + 2 files changed, 20 insertions(+), 32 deletions(-) + +diff --git a/grub-core/commands/iorw.c b/grub-core/commands/iorw.c +index 41a7f3f04..584baec8f 100644 +--- a/grub-core/commands/iorw.c ++++ b/grub-core/commands/iorw.c +@@ -23,7 +23,7 @@ + #include + #include + #include +-#include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -119,9 +119,6 @@ grub_cmd_write (grub_command_t cmd, int argc, char **argv) + + GRUB_MOD_INIT(memrw) + { +- if (grub_efi_secure_boot()) +- return; +- + cmd_read_byte = + grub_register_extcmd ("inb", grub_cmd_read, 0, + N_("PORT"), N_("Read 8-bit value from PORT."), +@@ -135,24 +132,21 @@ GRUB_MOD_INIT(memrw) + N_("PORT"), N_("Read 32-bit value from PORT."), + options); + cmd_write_byte = +- grub_register_command ("outb", grub_cmd_write, +- N_("PORT VALUE [MASK]"), +- N_("Write 8-bit VALUE to PORT.")); ++ grub_register_command_lockdown ("outb", grub_cmd_write, ++ N_("PORT VALUE [MASK]"), ++ N_("Write 8-bit VALUE to PORT.")); + cmd_write_word = +- grub_register_command ("outw", grub_cmd_write, +- N_("PORT VALUE [MASK]"), +- N_("Write 16-bit VALUE to PORT.")); ++ grub_register_command_lockdown ("outw", grub_cmd_write, ++ N_("PORT VALUE [MASK]"), ++ N_("Write 16-bit VALUE to PORT.")); + cmd_write_dword = +- grub_register_command ("outl", grub_cmd_write, +- N_("ADDR VALUE [MASK]"), +- N_("Write 32-bit VALUE to PORT.")); ++ grub_register_command_lockdown ("outl", grub_cmd_write, ++ N_("ADDR VALUE [MASK]"), ++ N_("Write 32-bit VALUE to PORT.")); + } + + GRUB_MOD_FINI(memrw) + { +- if (grub_efi_secure_boot()) +- return; +- + grub_unregister_extcmd (cmd_read_byte); + grub_unregister_extcmd (cmd_read_word); + grub_unregister_extcmd (cmd_read_dword); +diff --git a/grub-core/commands/memrw.c b/grub-core/commands/memrw.c +index 088cbe9e2..d401a6db0 100644 +--- a/grub-core/commands/memrw.c ++++ b/grub-core/commands/memrw.c +@@ -22,7 +22,7 @@ + #include + #include + #include +-#include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -121,9 +121,6 @@ grub_cmd_write (grub_command_t cmd, int argc, char **argv) + + GRUB_MOD_INIT(memrw) + { +- if (grub_efi_secure_boot()) +- return; +- + cmd_read_byte = + grub_register_extcmd ("read_byte", grub_cmd_read, 0, + N_("ADDR"), N_("Read 8-bit value from ADDR."), +@@ -137,24 +134,21 @@ GRUB_MOD_INIT(memrw) + N_("ADDR"), N_("Read 32-bit value from ADDR."), + options); + cmd_write_byte = +- grub_register_command ("write_byte", grub_cmd_write, +- N_("ADDR VALUE [MASK]"), +- N_("Write 8-bit VALUE to ADDR.")); ++ grub_register_command_lockdown ("write_byte", grub_cmd_write, ++ N_("ADDR VALUE [MASK]"), ++ N_("Write 8-bit VALUE to ADDR.")); + cmd_write_word = +- grub_register_command ("write_word", grub_cmd_write, +- N_("ADDR VALUE [MASK]"), +- N_("Write 16-bit VALUE to ADDR.")); ++ grub_register_command_lockdown ("write_word", grub_cmd_write, ++ N_("ADDR VALUE [MASK]"), ++ N_("Write 16-bit VALUE to ADDR.")); + cmd_write_dword = +- grub_register_command ("write_dword", grub_cmd_write, +- N_("ADDR VALUE [MASK]"), +- N_("Write 32-bit VALUE to ADDR.")); ++ grub_register_command_lockdown ("write_dword", grub_cmd_write, ++ N_("ADDR VALUE [MASK]"), ++ N_("Write 32-bit VALUE to ADDR.")); + } + + GRUB_MOD_FINI(memrw) + { +- if (grub_efi_secure_boot()) +- return; +- + grub_unregister_extcmd (cmd_read_byte); + grub_unregister_extcmd (cmd_read_word); + grub_unregister_extcmd (cmd_read_dword); diff --git a/SOURCES/0377-acpi-Don-t-register-the-acpi-command-when-locked-dow.patch b/SOURCES/0377-acpi-Don-t-register-the-acpi-command-when-locked-dow.patch new file mode 100644 index 0000000..3eb7fc9 --- /dev/null +++ b/SOURCES/0377-acpi-Don-t-register-the-acpi-command-when-locked-dow.patch @@ -0,0 +1,72 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Mon, 28 Sep 2020 20:08:41 +0200 +Subject: [PATCH] acpi: Don't register the acpi command when locked down +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The command is not allowed when lockdown is enforced. Otherwise an +attacker can instruct the GRUB to load an SSDT table to overwrite +the kernel lockdown configuration and later load and execute +unsigned code. + +Fixes: CVE-2020-14372 + +Reported-by: Máté Kukri +Signed-off-by: Javier Martinez Canillas +Reviewed-by: Daniel Kiper +--- + grub-core/commands/acpi.c | 15 ++++++++------- + docs/grub.texi | 5 +++++ + 2 files changed, 13 insertions(+), 7 deletions(-) + +diff --git a/grub-core/commands/acpi.c b/grub-core/commands/acpi.c +index 5a1499aa0..1215f2a62 100644 +--- a/grub-core/commands/acpi.c ++++ b/grub-core/commands/acpi.c +@@ -27,6 +27,7 @@ + #include + #include + #include ++#include + + #ifdef GRUB_MACHINE_EFI + #include +@@ -775,13 +776,13 @@ static grub_extcmd_t cmd; + + GRUB_MOD_INIT(acpi) + { +- cmd = grub_register_extcmd ("acpi", grub_cmd_acpi, 0, +- N_("[-1|-2] [--exclude=TABLE1,TABLE2|" +- "--load-only=TABLE1,TABLE2] FILE1" +- " [FILE2] [...]"), +- N_("Load host ACPI tables and tables " +- "specified by arguments."), +- options); ++ cmd = grub_register_extcmd_lockdown ("acpi", grub_cmd_acpi, 0, ++ N_("[-1|-2] [--exclude=TABLE1,TABLE2|" ++ "--load-only=TABLE1,TABLE2] FILE1" ++ " [FILE2] [...]"), ++ N_("Load host ACPI tables and tables " ++ "specified by arguments."), ++ options); + } + + GRUB_MOD_FINI(acpi) +diff --git a/docs/grub.texi b/docs/grub.texi +index 755de88d7..01acf672b 100644 +--- a/docs/grub.texi ++++ b/docs/grub.texi +@@ -4038,6 +4038,11 @@ Normally, this command will replace the Root System Description Pointer + (RSDP) in the Extended BIOS Data Area to point to the new tables. If the + @option{--no-ebda} option is used, the new tables will be known only to + GRUB, but may be used by GRUB's EFI emulation. ++ ++Note: The command is not allowed when lockdown is enforced (@pxref{Lockdown}). ++ Otherwise an attacker can instruct the GRUB to load an SSDT table to ++ overwrite the kernel lockdown configuration and later load and execute ++ unsigned code. + @end deffn + + diff --git a/SOURCES/0378-mmap-Don-t-register-cutmem-and-badram-commands-when-.patch b/SOURCES/0378-mmap-Don-t-register-cutmem-and-badram-commands-when-.patch new file mode 100644 index 0000000..d1d5b07 --- /dev/null +++ b/SOURCES/0378-mmap-Don-t-register-cutmem-and-badram-commands-when-.patch @@ -0,0 +1,66 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Wed, 14 Oct 2020 16:33:42 +0200 +Subject: [PATCH] mmap: Don't register cutmem and badram commands when lockdown + is enforced + +The cutmem and badram commands can be used to remove EFI memory regions +and potentially disable the UEFI Secure Boot. Prevent the commands to be +registered if the GRUB is locked down. + +Fixes: CVE-2020-27779 + +Reported-by: Teddy Reed +Signed-off-by: Javier Martinez Canillas +Reviewed-by: Daniel Kiper +--- + grub-core/mmap/mmap.c | 13 +++++++------ + docs/grub.texi | 4 ++++ + 2 files changed, 11 insertions(+), 6 deletions(-) + +diff --git a/grub-core/mmap/mmap.c b/grub-core/mmap/mmap.c +index 57b4e9a72..7ebf32e1e 100644 +--- a/grub-core/mmap/mmap.c ++++ b/grub-core/mmap/mmap.c +@@ -20,6 +20,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -534,12 +535,12 @@ static grub_command_t cmd, cmd_cut; + + GRUB_MOD_INIT(mmap) + { +- cmd = grub_register_command ("badram", grub_cmd_badram, +- N_("ADDR1,MASK1[,ADDR2,MASK2[,...]]"), +- N_("Declare memory regions as faulty (badram).")); +- cmd_cut = grub_register_command ("cutmem", grub_cmd_cutmem, +- N_("FROM[K|M|G] TO[K|M|G]"), +- N_("Remove any memory regions in specified range.")); ++ cmd = grub_register_command_lockdown ("badram", grub_cmd_badram, ++ N_("ADDR1,MASK1[,ADDR2,MASK2[,...]]"), ++ N_("Declare memory regions as faulty (badram).")); ++ cmd_cut = grub_register_command_lockdown ("cutmem", grub_cmd_cutmem, ++ N_("FROM[K|M|G] TO[K|M|G]"), ++ N_("Remove any memory regions in specified range.")); + + } + +diff --git a/docs/grub.texi b/docs/grub.texi +index 01acf672b..f1675b614 100644 +--- a/docs/grub.texi ++++ b/docs/grub.texi +@@ -4103,6 +4103,10 @@ this page is to be filtered. This syntax makes it easy to represent patterns + that are often result of memory damage, due to physical distribution of memory + cells. + ++Note: The command is not allowed when lockdown is enforced (@pxref{Lockdown}). ++ This prevents removing EFI memory regions to potentially subvert the ++ security mechanisms provided by the UEFI secure boot. ++ + @node blocklist + @subsection blocklist + diff --git a/SOURCES/0379-commands-Restrict-commands-that-can-load-BIOS-or-DT-.patch b/SOURCES/0379-commands-Restrict-commands-that-can-load-BIOS-or-DT-.patch new file mode 100644 index 0000000..b615d0e --- /dev/null +++ b/SOURCES/0379-commands-Restrict-commands-that-can-load-BIOS-or-DT-.patch @@ -0,0 +1,108 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Wed, 24 Feb 2021 09:00:05 +0100 +Subject: [PATCH] commands: Restrict commands that can load BIOS or DT blobs + when locked down + +There are some more commands that should be restricted when the GRUB is +locked down. Following is the list of commands and reasons to restrict: + + * fakebios: creates BIOS-like structures for backward compatibility with + existing OSes. This should not be allowed when locked down. + + * loadbios: reads a BIOS dump from storage and loads it. This action + should not be allowed when locked down. + + * devicetree: loads a Device Tree blob and passes it to the OS. It replaces + any Device Tree provided by the firmware. This also should + not be allowed when locked down. + +Signed-off-by: Javier Martinez Canillas +Reviewed-by: Daniel Kiper +--- + grub-core/commands/efi/loadbios.c | 14 +++++++------- + grub-core/loader/arm/linux.c | 6 +++--- + grub-core/loader/efi/fdt.c | 4 ++-- + docs/grub.texi | 6 ++++-- + 4 files changed, 16 insertions(+), 14 deletions(-) + +diff --git a/grub-core/commands/efi/loadbios.c b/grub-core/commands/efi/loadbios.c +index d41d521a4..5c7725f8b 100644 +--- a/grub-core/commands/efi/loadbios.c ++++ b/grub-core/commands/efi/loadbios.c +@@ -205,14 +205,14 @@ static grub_command_t cmd_fakebios, cmd_loadbios; + + GRUB_MOD_INIT(loadbios) + { +- cmd_fakebios = grub_register_command ("fakebios", grub_cmd_fakebios, +- 0, N_("Create BIOS-like structures for" +- " backward compatibility with" +- " existing OS.")); ++ cmd_fakebios = grub_register_command_lockdown ("fakebios", grub_cmd_fakebios, ++ 0, N_("Create BIOS-like structures for" ++ " backward compatibility with" ++ " existing OS.")); + +- cmd_loadbios = grub_register_command ("loadbios", grub_cmd_loadbios, +- N_("BIOS_DUMP [INT10_DUMP]"), +- N_("Load BIOS dump.")); ++ cmd_loadbios = grub_register_command_lockdown ("loadbios", grub_cmd_loadbios, ++ N_("BIOS_DUMP [INT10_DUMP]"), ++ N_("Load BIOS dump.")); + } + + GRUB_MOD_FINI(loadbios) +diff --git a/grub-core/loader/arm/linux.c b/grub-core/loader/arm/linux.c +index 1e944a2b6..653f2e076 100644 +--- a/grub-core/loader/arm/linux.c ++++ b/grub-core/loader/arm/linux.c +@@ -493,9 +493,9 @@ GRUB_MOD_INIT (linux) + 0, N_("Load Linux.")); + cmd_initrd = grub_register_command ("initrd", grub_cmd_initrd, + 0, N_("Load initrd.")); +- cmd_devicetree = grub_register_command ("devicetree", grub_cmd_devicetree, +- /* TRANSLATORS: DTB stands for device tree blob. */ +- 0, N_("Load DTB file.")); ++ cmd_devicetree = grub_register_command_lockdown ("devicetree", grub_cmd_devicetree, ++ /* TRANSLATORS: DTB stands for device tree blob. */ ++ 0, N_("Load DTB file.")); + my_mod = mod; + current_fdt = (const void *) grub_arm_firmware_get_boot_data (); + machine_type = grub_arm_firmware_get_machine_type (); +diff --git a/grub-core/loader/efi/fdt.c b/grub-core/loader/efi/fdt.c +index e3ee3ad79..64c560f56 100644 +--- a/grub-core/loader/efi/fdt.c ++++ b/grub-core/loader/efi/fdt.c +@@ -167,8 +167,8 @@ static grub_command_t cmd_devicetree; + GRUB_MOD_INIT (fdt) + { + cmd_devicetree = +- grub_register_command ("devicetree", grub_cmd_devicetree, 0, +- N_("Load DTB file.")); ++ grub_register_command_lockdown ("devicetree", grub_cmd_devicetree, 0, ++ N_("Load DTB file.")); + } + + GRUB_MOD_FINI (fdt) +diff --git a/docs/grub.texi b/docs/grub.texi +index f1675b614..c55452307 100644 +--- a/docs/grub.texi ++++ b/docs/grub.texi +@@ -4281,13 +4281,15 @@ hour, minute, and second unchanged. + + + @node devicetree +-@subsection linux ++@subsection devicetree + + @deffn Command devicetree file + Load a device tree blob (.dtb) from a filesystem, for later use by a Linux + kernel. Does not perform merging with any device tree supplied by firmware, + but rather replaces it completely. +-@ref{GNU/Linux}. ++ ++Note: The command is not allowed when lockdown is enforced (@pxref{Lockdown}). ++ This is done to prevent subverting various security mechanisms. + @end deffn + + @node distrust diff --git a/SOURCES/0380-commands-setpci-Restrict-setpci-command-when-locked-.patch b/SOURCES/0380-commands-setpci-Restrict-setpci-command-when-locked-.patch new file mode 100644 index 0000000..ddb1827 --- /dev/null +++ b/SOURCES/0380-commands-setpci-Restrict-setpci-command-when-locked-.patch @@ -0,0 +1,33 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Wed, 24 Feb 2021 22:59:59 +0100 +Subject: [PATCH] commands/setpci: Restrict setpci command when locked down + +This command can set PCI devices register values, which makes it dangerous +in a locked down configuration. Restrict it so can't be used on this setup. + +Signed-off-by: Javier Martinez Canillas +Reviewed-by: Daniel Kiper +--- + grub-core/commands/setpci.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/grub-core/commands/setpci.c b/grub-core/commands/setpci.c +index d5bc97d60..fa2ba7d89 100644 +--- a/grub-core/commands/setpci.c ++++ b/grub-core/commands/setpci.c +@@ -329,10 +329,10 @@ static grub_extcmd_t cmd; + + GRUB_MOD_INIT(setpci) + { +- cmd = grub_register_extcmd ("setpci", grub_cmd_setpci, 0, +- N_("[-s POSITION] [-d DEVICE] [-v VAR] " +- "REGISTER[=VALUE[:MASK]]"), +- N_("Manipulate PCI devices."), options); ++ cmd = grub_register_extcmd_lockdown ("setpci", grub_cmd_setpci, 0, ++ N_("[-s POSITION] [-d DEVICE] [-v VAR] " ++ "REGISTER[=VALUE[:MASK]]"), ++ N_("Manipulate PCI devices."), options); + } + + GRUB_MOD_FINI(setpci) diff --git a/SOURCES/0381-commands-hdparm-Restrict-hdparm-command-when-locked-.patch b/SOURCES/0381-commands-hdparm-Restrict-hdparm-command-when-locked-.patch new file mode 100644 index 0000000..39d0b1a --- /dev/null +++ b/SOURCES/0381-commands-hdparm-Restrict-hdparm-command-when-locked-.patch @@ -0,0 +1,31 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Wed, 24 Feb 2021 12:59:29 +0100 +Subject: [PATCH] commands/hdparm: Restrict hdparm command when locked down + +The command can be used to get/set ATA disk parameters. Some of these can +be dangerous since change the disk behavior. Restrict it when locked down. + +Signed-off-by: Javier Martinez Canillas +Reviewed-by: Daniel Kiper +--- + grub-core/commands/hdparm.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/grub-core/commands/hdparm.c b/grub-core/commands/hdparm.c +index d3fa9661e..2e2319e64 100644 +--- a/grub-core/commands/hdparm.c ++++ b/grub-core/commands/hdparm.c +@@ -436,9 +436,9 @@ static grub_extcmd_t cmd; + + GRUB_MOD_INIT(hdparm) + { +- cmd = grub_register_extcmd ("hdparm", grub_cmd_hdparm, 0, +- N_("[OPTIONS] DISK"), +- N_("Get/set ATA disk parameters."), options); ++ cmd = grub_register_extcmd_lockdown ("hdparm", grub_cmd_hdparm, 0, ++ N_("[OPTIONS] DISK"), ++ N_("Get/set ATA disk parameters."), options); + } + + GRUB_MOD_FINI(hdparm) diff --git a/SOURCES/0382-gdb-Restrict-GDB-access-when-locked-down.patch b/SOURCES/0382-gdb-Restrict-GDB-access-when-locked-down.patch new file mode 100644 index 0000000..8e345e1 --- /dev/null +++ b/SOURCES/0382-gdb-Restrict-GDB-access-when-locked-down.patch @@ -0,0 +1,58 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Wed, 24 Feb 2021 15:03:26 +0100 +Subject: [PATCH] gdb: Restrict GDB access when locked down + +The gdbstub* commands allow to start and control a GDB stub running on +local host that can be used to connect from a remote debugger. Restrict +this functionality when the GRUB is locked down. + +Signed-off-by: Javier Martinez Canillas +Reviewed-by: Daniel Kiper +--- + grub-core/gdb/gdb.c | 32 ++++++++++++++++++-------------- + 1 file changed, 18 insertions(+), 14 deletions(-) + +diff --git a/grub-core/gdb/gdb.c b/grub-core/gdb/gdb.c +index 847a1e1e3..1818cb6f8 100644 +--- a/grub-core/gdb/gdb.c ++++ b/grub-core/gdb/gdb.c +@@ -75,20 +75,24 @@ static grub_command_t cmd, cmd_stop, cmd_break; + GRUB_MOD_INIT (gdb) + { + grub_gdb_idtinit (); +- cmd = grub_register_command ("gdbstub", grub_cmd_gdbstub, +- N_("PORT"), +- /* TRANSLATORS: GDB stub is a small part of +- GDB functionality running on local host +- which allows remote debugger to +- connect to it. */ +- N_("Start GDB stub on given port")); +- cmd_break = grub_register_command ("gdbstub_break", grub_cmd_gdb_break, +- /* TRANSLATORS: this refers to triggering +- a breakpoint so that the user will land +- into GDB. */ +- 0, N_("Break into GDB")); +- cmd_stop = grub_register_command ("gdbstub_stop", grub_cmd_gdbstop, +- 0, N_("Stop GDB stub")); ++ cmd = grub_register_command_lockdown ("gdbstub", grub_cmd_gdbstub, ++ N_("PORT"), ++ /* ++ * TRANSLATORS: GDB stub is a small part of ++ * GDB functionality running on local host ++ * which allows remote debugger to ++ * connect to it. ++ */ ++ N_("Start GDB stub on given port")); ++ cmd_break = grub_register_command_lockdown ("gdbstub_break", grub_cmd_gdb_break, ++ /* ++ * TRANSLATORS: this refers to triggering ++ * a breakpoint so that the user will land ++ * into GDB. ++ */ ++ 0, N_("Break into GDB")); ++ cmd_stop = grub_register_command_lockdown ("gdbstub_stop", grub_cmd_gdbstop, ++ 0, N_("Stop GDB stub")); + } + + GRUB_MOD_FINI (gdb) diff --git a/SOURCES/0383-loader-xnu-Don-t-allow-loading-extension-and-package.patch b/SOURCES/0383-loader-xnu-Don-t-allow-loading-extension-and-package.patch new file mode 100644 index 0000000..16658e0 --- /dev/null +++ b/SOURCES/0383-loader-xnu-Don-t-allow-loading-extension-and-package.patch @@ -0,0 +1,57 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Wed, 24 Feb 2021 14:44:38 +0100 +Subject: [PATCH] loader/xnu: Don't allow loading extension and packages when + locked down + +The shim_lock verifier validates the XNU kernels but no its extensions +and packages. Prevent these to be loaded when the GRUB is locked down. + +Signed-off-by: Javier Martinez Canillas +Reviewed-by: Daniel Kiper +--- + grub-core/loader/xnu.c | 31 +++++++++++++++++-------------- + 1 file changed, 17 insertions(+), 14 deletions(-) + +diff --git a/grub-core/loader/xnu.c b/grub-core/loader/xnu.c +index 5944dc5ea..b33a38432 100644 +--- a/grub-core/loader/xnu.c ++++ b/grub-core/loader/xnu.c +@@ -1489,20 +1489,23 @@ GRUB_MOD_INIT(xnu) + N_("Load XNU image.")); + cmd_kernel64 = grub_register_command ("xnu_kernel64", grub_cmd_xnu_kernel64, + 0, N_("Load 64-bit XNU image.")); +- cmd_mkext = grub_register_command ("xnu_mkext", grub_cmd_xnu_mkext, 0, +- N_("Load XNU extension package.")); +- cmd_kext = grub_register_command ("xnu_kext", grub_cmd_xnu_kext, 0, +- N_("Load XNU extension.")); +- cmd_kextdir = grub_register_command ("xnu_kextdir", grub_cmd_xnu_kextdir, +- /* TRANSLATORS: OSBundleRequired is a +- variable name in xnu extensions +- manifests. It behaves mostly like +- GNU/Linux runlevels. +- */ +- N_("DIRECTORY [OSBundleRequired]"), +- /* TRANSLATORS: There are many extensions +- in extension directory. */ +- N_("Load XNU extension directory.")); ++ cmd_mkext = grub_register_command_lockdown ("xnu_mkext", grub_cmd_xnu_mkext, 0, ++ N_("Load XNU extension package.")); ++ cmd_kext = grub_register_command_lockdown ("xnu_kext", grub_cmd_xnu_kext, 0, ++ N_("Load XNU extension.")); ++ cmd_kextdir = grub_register_command_lockdown ("xnu_kextdir", grub_cmd_xnu_kextdir, ++ /* ++ * TRANSLATORS: OSBundleRequired is ++ * a variable name in xnu extensions ++ * manifests. It behaves mostly like ++ * GNU/Linux runlevels. ++ */ ++ N_("DIRECTORY [OSBundleRequired]"), ++ /* ++ * TRANSLATORS: There are many extensions ++ * in extension directory. ++ */ ++ N_("Load XNU extension directory.")); + cmd_ramdisk = grub_register_command ("xnu_ramdisk", grub_cmd_xnu_ramdisk, 0, + /* TRANSLATORS: ramdisk here isn't identifier. It can be translated. */ + N_("Load XNU ramdisk. " diff --git a/SOURCES/0384-docs-Document-the-cutmem-command.patch b/SOURCES/0384-docs-Document-the-cutmem-command.patch new file mode 100644 index 0000000..df8a765 --- /dev/null +++ b/SOURCES/0384-docs-Document-the-cutmem-command.patch @@ -0,0 +1,61 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Sat, 7 Nov 2020 01:03:18 +0100 +Subject: [PATCH] docs: Document the cutmem command + +The command is not present in the docs/grub.texi user documentation. + +Reported-by: Daniel Kiper +Signed-off-by: Javier Martinez Canillas +Signed-off-by: Daniel Kiper +Reviewed-by: Javier Martinez Canillas +--- + docs/grub.texi | 21 +++++++++++++++++++++ + 1 file changed, 21 insertions(+) + +diff --git a/docs/grub.texi b/docs/grub.texi +index c55452307..314bbeb84 100644 +--- a/docs/grub.texi ++++ b/docs/grub.texi +@@ -3942,6 +3942,7 @@ you forget a command, you can run the command @command{help} + * cpuid:: Check for CPU features + * crc:: Compute or check CRC32 checksums + * cryptomount:: Mount a crypto device ++* cutmem:: Remove memory regions + * date:: Display or set current date and time + * devicetree:: Load a device tree blob + * distrust:: Remove a pubkey from trusted keys +@@ -4103,6 +4104,8 @@ this page is to be filtered. This syntax makes it easy to represent patterns + that are often result of memory damage, due to physical distribution of memory + cells. + ++The command is similar to @command{cutmem} command. ++ + Note: The command is not allowed when lockdown is enforced (@pxref{Lockdown}). + This prevents removing EFI memory regions to potentially subvert the + security mechanisms provided by the UEFI secure boot. +@@ -4266,6 +4269,24 @@ GRUB suports devices encrypted using LUKS and geli. Note that necessary modules + be used. + @end deffn + ++@node cutmem ++@subsection cutmem ++ ++@deffn Command cutmem from[K|M|G] to[K|M|G] ++Remove any memory regions in specified range. ++@end deffn ++ ++This command notifies the memory manager that specified regions of RAM ought to ++be filtered out. This remains in effect after a payload kernel has been loaded ++by GRUB, as long as the loaded kernel obtains its memory map from GRUB. Kernels ++that support this include Linux, GNU Mach, the kernel of FreeBSD and Multiboot ++kernels in general. ++ ++The command is similar to @command{badram} command. ++ ++Note: The command is not allowed when lockdown is enforced (@pxref{Lockdown}). ++ This prevents removing EFI memory regions to potentially subvert the ++ security mechanisms provided by the UEFI secure boot. + + @node date + @subsection date diff --git a/SOURCES/0385-dl-Only-allow-unloading-modules-that-are-not-depende.patch b/SOURCES/0385-dl-Only-allow-unloading-modules-that-are-not-depende.patch new file mode 100644 index 0000000..018c590 --- /dev/null +++ b/SOURCES/0385-dl-Only-allow-unloading-modules-that-are-not-depende.patch @@ -0,0 +1,83 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Tue, 29 Sep 2020 14:08:55 +0200 +Subject: [PATCH] dl: Only allow unloading modules that are not dependencies + +When a module is attempted to be removed its reference counter is always +decremented. This means that repeated rmmod invocations will cause the +module to be unloaded even if another module depends on it. + +This may lead to a use-after-free scenario allowing an attacker to execute +arbitrary code and by-pass the UEFI Secure Boot protection. + +While being there, add the extern keyword to some function declarations in +that header file. + +Fixes: CVE-2020-25632 + +Reported-by: Chris Coulson +Signed-off-by: Javier Martinez Canillas +Reviewed-by: Daniel Kiper +--- + grub-core/commands/minicmd.c | 7 +++++-- + grub-core/kern/dl.c | 9 +++++++++ + include/grub/dl.h | 8 +++++--- + 3 files changed, 19 insertions(+), 5 deletions(-) + +diff --git a/grub-core/commands/minicmd.c b/grub-core/commands/minicmd.c +index 6d66b7c45..2bd3ac76f 100644 +--- a/grub-core/commands/minicmd.c ++++ b/grub-core/commands/minicmd.c +@@ -140,8 +140,11 @@ grub_mini_cmd_rmmod (struct grub_command *cmd __attribute__ ((unused)), + if (grub_dl_is_persistent (mod)) + return grub_error (GRUB_ERR_BAD_ARGUMENT, "cannot unload persistent module"); + +- if (grub_dl_unref (mod) <= 0) +- grub_dl_unload (mod); ++ if (grub_dl_ref_count (mod) > 1) ++ return grub_error (GRUB_ERR_BAD_ARGUMENT, "cannot unload referenced module"); ++ ++ grub_dl_unref (mod); ++ grub_dl_unload (mod); + + return 0; + } +diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c +index d7a7c8f97..520126bea 100644 +--- a/grub-core/kern/dl.c ++++ b/grub-core/kern/dl.c +@@ -621,6 +621,15 @@ grub_dl_unref (grub_dl_t mod) + return --mod->ref_count; + } + ++int ++grub_dl_ref_count (grub_dl_t mod) ++{ ++ if (mod == NULL) ++ return 0; ++ ++ return mod->ref_count; ++} ++ + static void + grub_dl_flush_cache (grub_dl_t mod) + { +diff --git a/include/grub/dl.h b/include/grub/dl.h +index 877821dcb..6a3e251b4 100644 +--- a/include/grub/dl.h ++++ b/include/grub/dl.h +@@ -205,9 +205,11 @@ grub_dl_t EXPORT_FUNC(grub_dl_load) (const char *name); + grub_dl_t grub_dl_load_core (void *addr, grub_size_t size); + grub_dl_t EXPORT_FUNC(grub_dl_load_core_noinit) (void *addr, grub_size_t size); + int EXPORT_FUNC(grub_dl_unload) (grub_dl_t mod); +-void grub_dl_unload_unneeded (void); +-int EXPORT_FUNC(grub_dl_ref) (grub_dl_t mod); +-int EXPORT_FUNC(grub_dl_unref) (grub_dl_t mod); ++extern void grub_dl_unload_unneeded (void); ++extern int EXPORT_FUNC(grub_dl_ref) (grub_dl_t mod); ++extern int EXPORT_FUNC(grub_dl_unref) (grub_dl_t mod); ++extern int EXPORT_FUNC(grub_dl_ref_count) (grub_dl_t mod); ++ + extern grub_dl_t EXPORT_VAR(grub_dl_head); + + #ifndef GRUB_UTIL diff --git a/SOURCES/0386-usb-Avoid-possible-out-of-bound-accesses-caused-by-m.patch b/SOURCES/0386-usb-Avoid-possible-out-of-bound-accesses-caused-by-m.patch new file mode 100644 index 0000000..7735ec6 --- /dev/null +++ b/SOURCES/0386-usb-Avoid-possible-out-of-bound-accesses-caused-by-m.patch @@ -0,0 +1,112 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Fri, 11 Dec 2020 19:19:21 +0100 +Subject: [PATCH] usb: Avoid possible out-of-bound accesses caused by malicious + devices + +The maximum number of configurations and interfaces are fixed but there is +no out-of-bound checking to prevent a malicious USB device to report large +values for these and cause accesses outside the arrays' memory. + +Fixes: CVE-2020-25647 + +Reported-by: Joseph Tartaro (IOActive) +Reported-by: Ilja Van Sprundel +Signed-off-by: Javier Martinez Canillas +Reviewed-by: Daniel Kiper +--- + grub-core/bus/usb/usb.c | 15 ++++++++++++--- + include/grub/usb.h | 10 +++++++--- + 2 files changed, 19 insertions(+), 6 deletions(-) + +diff --git a/grub-core/bus/usb/usb.c b/grub-core/bus/usb/usb.c +index 8da5e4c74..7cb3cc230 100644 +--- a/grub-core/bus/usb/usb.c ++++ b/grub-core/bus/usb/usb.c +@@ -75,6 +75,9 @@ grub_usb_controller_iterate (grub_usb_controller_iterate_hook_t hook, + grub_usb_err_t + grub_usb_clear_halt (grub_usb_device_t dev, int endpoint) + { ++ if (endpoint >= GRUB_USB_MAX_TOGGLE) ++ return GRUB_USB_ERR_BADDEVICE; ++ + dev->toggle[endpoint] = 0; + return grub_usb_control_msg (dev, (GRUB_USB_REQTYPE_OUT + | GRUB_USB_REQTYPE_STANDARD +@@ -134,10 +137,10 @@ grub_usb_device_initialize (grub_usb_device_t dev) + return err; + descdev = &dev->descdev; + +- for (i = 0; i < 8; i++) ++ for (i = 0; i < GRUB_USB_MAX_CONF; i++) + dev->config[i].descconf = NULL; + +- if (descdev->configcnt == 0) ++ if (descdev->configcnt == 0 || descdev->configcnt > GRUB_USB_MAX_CONF) + { + err = GRUB_USB_ERR_BADDEVICE; + goto fail; +@@ -172,6 +175,12 @@ grub_usb_device_initialize (grub_usb_device_t dev) + /* Skip the configuration descriptor. */ + pos = dev->config[i].descconf->length; + ++ if (dev->config[i].descconf->numif > GRUB_USB_MAX_IF) ++ { ++ err = GRUB_USB_ERR_BADDEVICE; ++ goto fail; ++ } ++ + /* Read all interfaces. */ + for (currif = 0; currif < dev->config[i].descconf->numif; currif++) + { +@@ -217,7 +226,7 @@ grub_usb_device_initialize (grub_usb_device_t dev) + + fail: + +- for (i = 0; i < 8; i++) ++ for (i = 0; i < GRUB_USB_MAX_CONF; i++) + grub_free (dev->config[i].descconf); + + return err; +diff --git a/include/grub/usb.h b/include/grub/usb.h +index 512ae1dd0..6475c552f 100644 +--- a/include/grub/usb.h ++++ b/include/grub/usb.h +@@ -23,6 +23,10 @@ + #include + #include + ++#define GRUB_USB_MAX_CONF 8 ++#define GRUB_USB_MAX_IF 32 ++#define GRUB_USB_MAX_TOGGLE 256 ++ + typedef struct grub_usb_device *grub_usb_device_t; + typedef struct grub_usb_controller *grub_usb_controller_t; + typedef struct grub_usb_controller_dev *grub_usb_controller_dev_t; +@@ -167,7 +171,7 @@ struct grub_usb_configuration + struct grub_usb_desc_config *descconf; + + /* Interfaces associated to this configuration. */ +- struct grub_usb_interface interf[32]; ++ struct grub_usb_interface interf[GRUB_USB_MAX_IF]; + }; + + struct grub_usb_hub_port +@@ -191,7 +195,7 @@ struct grub_usb_device + struct grub_usb_controller controller; + + /* Device configurations (after opening the device). */ +- struct grub_usb_configuration config[8]; ++ struct grub_usb_configuration config[GRUB_USB_MAX_CONF]; + + /* Device address. */ + int addr; +@@ -203,7 +207,7 @@ struct grub_usb_device + int initialized; + + /* Data toggle values (used for bulk transfers only). */ +- int toggle[256]; ++ int toggle[GRUB_USB_MAX_TOGGLE]; + + /* Used by libusb wrapper. Schedulded for removal. */ + void *data; diff --git a/SOURCES/0387-mmap-Fix-memory-leak-when-iterating-over-mapped-memo.patch b/SOURCES/0387-mmap-Fix-memory-leak-when-iterating-over-mapped-memo.patch new file mode 100644 index 0000000..7f52c07 --- /dev/null +++ b/SOURCES/0387-mmap-Fix-memory-leak-when-iterating-over-mapped-memo.patch @@ -0,0 +1,36 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Thu, 3 Dec 2020 14:39:45 +0000 +Subject: [PATCH] mmap: Fix memory leak when iterating over mapped memory + +When returning from grub_mmap_iterate() the memory allocated to present +is not being released causing it to leak. + +Fixes: CID 96655 + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper +--- + grub-core/mmap/mmap.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/grub-core/mmap/mmap.c b/grub-core/mmap/mmap.c +index 7ebf32e1e..8bf235f34 100644 +--- a/grub-core/mmap/mmap.c ++++ b/grub-core/mmap/mmap.c +@@ -270,6 +270,7 @@ grub_mmap_iterate (grub_memory_hook_t hook, void *hook_data) + hook_data)) + { + grub_free (ctx.scanline_events); ++ grub_free (present); + return GRUB_ERR_NONE; + } + +@@ -282,6 +283,7 @@ grub_mmap_iterate (grub_memory_hook_t hook, void *hook_data) + } + + grub_free (ctx.scanline_events); ++ grub_free (present); + return GRUB_ERR_NONE; + } + diff --git a/SOURCES/0388-net-net-Fix-possible-dereference-to-of-a-NULL-pointe.patch b/SOURCES/0388-net-net-Fix-possible-dereference-to-of-a-NULL-pointe.patch new file mode 100644 index 0000000..c342bbf --- /dev/null +++ b/SOURCES/0388-net-net-Fix-possible-dereference-to-of-a-NULL-pointe.patch @@ -0,0 +1,36 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Fri, 27 Nov 2020 15:10:26 +0000 +Subject: [PATCH] net/net: Fix possible dereference to of a NULL pointer + +It is always possible that grub_zalloc() could fail, so we should check for +a NULL return. Otherwise we run the risk of dereferencing a NULL pointer. + +Fixes: CID 296221 + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper +--- + grub-core/net/net.c | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +diff --git a/grub-core/net/net.c b/grub-core/net/net.c +index 1fd104aea..a27c53eee 100644 +--- a/grub-core/net/net.c ++++ b/grub-core/net/net.c +@@ -89,8 +89,13 @@ grub_net_link_layer_add_address (struct grub_net_card *card, + + /* Add sender to cache table. */ + if (card->link_layer_table == NULL) +- card->link_layer_table = grub_zalloc (LINK_LAYER_CACHE_SIZE +- * sizeof (card->link_layer_table[0])); ++ { ++ card->link_layer_table = grub_zalloc (LINK_LAYER_CACHE_SIZE ++ * sizeof (card->link_layer_table[0])); ++ if (card->link_layer_table == NULL) ++ return; ++ } ++ + entry = &(card->link_layer_table[card->new_ll_entry]); + entry->avail = 1; + grub_memcpy (&entry->ll_address, ll, sizeof (entry->ll_address)); diff --git a/SOURCES/0389-net-tftp-Fix-dangling-memory-pointer.patch b/SOURCES/0389-net-tftp-Fix-dangling-memory-pointer.patch new file mode 100644 index 0000000..609e2d5 --- /dev/null +++ b/SOURCES/0389-net-tftp-Fix-dangling-memory-pointer.patch @@ -0,0 +1,30 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Fri, 19 Feb 2021 17:12:23 +0000 +Subject: [PATCH] net/tftp: Fix dangling memory pointer + +The static code analysis tool, Parfait, reported that the valid of +file->data was left referencing memory that was freed by the call to +grub_free(data) where data was initialized from file->data. + +To ensure that there is no unintentional access to this memory +referenced by file->data we should set the pointer to NULL. + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper +--- + grub-core/net/tftp.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/grub-core/net/tftp.c b/grub-core/net/tftp.c +index b9a4b607a..aa0424dce 100644 +--- a/grub-core/net/tftp.c ++++ b/grub-core/net/tftp.c +@@ -444,6 +444,7 @@ tftp_close (struct grub_file *file) + grub_net_udp_close (data->sock); + } + grub_free (data); ++ file->data = NULL; + return GRUB_ERR_NONE; + } + diff --git a/SOURCES/0390-kern-parser-Fix-resource-leak-if-argc-0.patch b/SOURCES/0390-kern-parser-Fix-resource-leak-if-argc-0.patch new file mode 100644 index 0000000..1f48d2a --- /dev/null +++ b/SOURCES/0390-kern-parser-Fix-resource-leak-if-argc-0.patch @@ -0,0 +1,47 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Fri, 22 Jan 2021 12:32:41 +0000 +Subject: [PATCH] kern/parser: Fix resource leak if argc == 0 + +After processing the command-line yet arriving at the point where we are +setting argv, we are allocating memory, even if argc == 0, which makes +no sense since we never put anything into the allocated argv. + +The solution is to simply return that we've successfully processed the +arguments but that argc == 0, and also ensure that argv is NULL when +we're not allocating anything in it. + +There are only 2 callers of this function, and both are handling a zero +value in argc assuming nothing is allocated in argv. + +Fixes: CID 96680 + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper +--- + grub-core/kern/parser.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/grub-core/kern/parser.c b/grub-core/kern/parser.c +index 619db3122..d1cf061ad 100644 +--- a/grub-core/kern/parser.c ++++ b/grub-core/kern/parser.c +@@ -146,6 +146,7 @@ grub_parser_split_cmdline (const char *cmdline, + int i; + + *argc = 0; ++ *argv = NULL; + do + { + if (!rd || !*rd) +@@ -207,6 +208,10 @@ grub_parser_split_cmdline (const char *cmdline, + (*argc)++; + } + ++ /* If there are no args, then we're done. */ ++ if (!*argc) ++ return 0; ++ + /* Reserve memory for the return values. */ + args = grub_malloc (bp - buffer); + if (!args) diff --git a/SOURCES/0391-kern-efi-Fix-memory-leak-on-failure.patch b/SOURCES/0391-kern-efi-Fix-memory-leak-on-failure.patch new file mode 100644 index 0000000..2145cd4 --- /dev/null +++ b/SOURCES/0391-kern-efi-Fix-memory-leak-on-failure.patch @@ -0,0 +1,27 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Thu, 5 Nov 2020 10:15:25 +0000 +Subject: [PATCH] kern/efi: Fix memory leak on failure + +Free the memory allocated to name before returning on failure. + +Fixes: CID 296222 + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper +--- + grub-core/kern/efi/efi.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c +index 5dfcf9433..4b95a4004 100644 +--- a/grub-core/kern/efi/efi.c ++++ b/grub-core/kern/efi/efi.c +@@ -400,6 +400,7 @@ grub_efi_get_filename (grub_efi_device_path_t *dp0) + { + grub_error (GRUB_ERR_OUT_OF_RANGE, + "malformed EFI Device Path node has length=%d", len); ++ grub_free (name); + return NULL; + } + diff --git a/SOURCES/0392-kern-efi-mm-Fix-possible-NULL-pointer-dereference.patch b/SOURCES/0392-kern-efi-mm-Fix-possible-NULL-pointer-dereference.patch new file mode 100644 index 0000000..70958ba --- /dev/null +++ b/SOURCES/0392-kern-efi-mm-Fix-possible-NULL-pointer-dereference.patch @@ -0,0 +1,65 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Fri, 11 Dec 2020 15:03:13 +0000 +Subject: [PATCH] kern/efi/mm: Fix possible NULL pointer dereference + +The model of grub_efi_get_memory_map() is that if memory_map is NULL, +then the purpose is to discover how much memory should be allocated to +it for the subsequent call. + +The problem here is that with grub_efi_is_finished set to 1, there is no +check at all that the function is being called with a non-NULL memory_map. + +While this MAY be true, we shouldn't assume it. + +The solution to this is to behave as expected, and if memory_map is NULL, +then don't try to use it and allow memory_map_size to be filled in, and +return 0 as is done later in the code if the buffer is too small (or NULL). + +Additionally, drop unneeded ret = 1. + +Fixes: CID 96632 + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper +--- + grub-core/kern/efi/mm.c | 23 ++++++++++++++++------- + 1 file changed, 16 insertions(+), 7 deletions(-) + +diff --git a/grub-core/kern/efi/mm.c b/grub-core/kern/efi/mm.c +index 306924f73..2d9c9032b 100644 +--- a/grub-core/kern/efi/mm.c ++++ b/grub-core/kern/efi/mm.c +@@ -372,16 +372,25 @@ grub_efi_get_memory_map (grub_efi_uintn_t *memory_map_size, + if (grub_efi_is_finished) + { + int ret = 1; +- if (*memory_map_size < finish_mmap_size) ++ ++ if (memory_map != NULL) + { +- grub_memcpy (memory_map, finish_mmap_buf, *memory_map_size); ++ if (*memory_map_size < finish_mmap_size) ++ { ++ grub_memcpy (memory_map, finish_mmap_buf, *memory_map_size); ++ ret = 0; ++ } ++ else ++ grub_memcpy (memory_map, finish_mmap_buf, finish_mmap_size); ++ } ++ else ++ { ++ /* ++ * Incomplete, no buffer to copy into, same as ++ * GRUB_EFI_BUFFER_TOO_SMALL below. ++ */ + ret = 0; + } +- else +- { +- grub_memcpy (memory_map, finish_mmap_buf, finish_mmap_size); +- ret = 1; +- } + *memory_map_size = finish_mmap_size; + if (map_key) + *map_key = finish_key; diff --git a/SOURCES/0393-gnulib-regexec-Resolve-unused-variable.patch b/SOURCES/0393-gnulib-regexec-Resolve-unused-variable.patch new file mode 100644 index 0000000..63776c3 --- /dev/null +++ b/SOURCES/0393-gnulib-regexec-Resolve-unused-variable.patch @@ -0,0 +1,73 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Wed, 21 Oct 2020 14:41:27 +0000 +Subject: [PATCH] gnulib/regexec: Resolve unused variable + +This is a really minor issue where a variable is being assigned to but +not checked before it is overwritten again. + +The reason for this issue is that we are not building with DEBUG set and +this in turn means that the assert() that reads the value of the +variable match_last is being processed out. + +The solution, move the assignment to match_last in to an ifdef DEBUG too. + +Fixes: CID 292459 + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper +--- + grub-core/gnulib/regexec.c | 4 ++++ + conf/Makefile.extra-dist | 1 + + grub-core/gnulib-fix-unused-value.patch | 14 ++++++++++++++ + 3 files changed, 19 insertions(+) + create mode 100644 grub-core/gnulib-fix-unused-value.patch + +diff --git a/grub-core/gnulib/regexec.c b/grub-core/gnulib/regexec.c +index a7776f088..9264f2628 100644 +--- a/grub-core/gnulib/regexec.c ++++ b/grub-core/gnulib/regexec.c +@@ -879,7 +879,11 @@ re_search_internal (const regex_t *preg, + break; + if (BE (err != REG_NOMATCH, 0)) + goto free_return; ++#ifdef DEBUG ++ /* Only used for assertion below when DEBUG is set, otherwise ++ it will be over-written when we loop around. */ + match_last = REG_MISSING; ++#endif + } + else + break; /* We found a match. */ +diff --git a/conf/Makefile.extra-dist b/conf/Makefile.extra-dist +index 5946ec24a..b53fe6dfd 100644 +--- a/conf/Makefile.extra-dist ++++ b/conf/Makefile.extra-dist +@@ -31,6 +31,7 @@ EXTRA_DIST += grub-core/genemuinit.sh + EXTRA_DIST += grub-core/genemuinitheader.sh + + EXTRA_DIST += grub-core/gnulib-fix-null-deref.diff ++EXTRA_DIST += grub-core/gnulib-fix-unused-value.patch + EXTRA_DIST += grub-core/gnulib-fix-width.diff + EXTRA_DIST += grub-core/gnulib-no-abort.diff + EXTRA_DIST += grub-core/gnulib-no-gets.diff +diff --git a/grub-core/gnulib-fix-unused-value.patch b/grub-core/gnulib-fix-unused-value.patch +new file mode 100644 +index 000000000..452a87329 +--- /dev/null ++++ b/grub-core/gnulib-fix-unused-value.patch +@@ -0,0 +1,14 @@ ++--- grub-core/gnulib/regexec.c 2020-10-21 14:25:35.310195912 +0000 +++++ grub-core/gnulib/regexec.c 2020-10-21 14:32:07.961765604 +0000 ++@@ -828,7 +828,11 @@ ++ break; ++ if (BE (err != REG_NOMATCH, 0)) ++ goto free_return; +++#ifdef DEBUG +++ /* Only used for assertion below when DEBUG is set, otherwise +++ it will be over-written when we loop around. */ ++ match_last = REG_MISSING; +++#endif ++ } ++ else ++ break; /* We found a match. */ diff --git a/SOURCES/0394-gnulib-regcomp-Fix-uninitialized-token-structure.patch b/SOURCES/0394-gnulib-regcomp-Fix-uninitialized-token-structure.patch new file mode 100644 index 0000000..de86f37 --- /dev/null +++ b/SOURCES/0394-gnulib-regcomp-Fix-uninitialized-token-structure.patch @@ -0,0 +1,64 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Thu, 22 Oct 2020 13:54:06 +0000 +Subject: [PATCH] gnulib/regcomp: Fix uninitialized token structure + +The code is assuming that the value of br_token.constraint was +initialized to zero when it wasn't. + +While some compilers will ensure that, not all do, so it is better to +fix this explicitly than leave it to chance. + +Fixes: CID 73749 + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper +--- + grub-core/gnulib/regcomp.c | 2 +- + conf/Makefile.extra-dist | 1 + + grub-core/gnulib-fix-uninit-structure.patch | 11 +++++++++++ + 3 files changed, 13 insertions(+), 1 deletion(-) + create mode 100644 grub-core/gnulib-fix-uninit-structure.patch + +diff --git a/grub-core/gnulib/regcomp.c b/grub-core/gnulib/regcomp.c +index 596e0cf3e..de9f62208 100644 +--- a/grub-core/gnulib/regcomp.c ++++ b/grub-core/gnulib/regcomp.c +@@ -3641,7 +3641,7 @@ build_charclass_op (re_dfa_t *dfa, RE_TRANSLATE_TYPE trans, + Idx alloc = 0; + #endif /* not RE_ENABLE_I18N */ + reg_errcode_t ret; +- re_token_t br_token; ++ re_token_t br_token = {0}; + bin_tree_t *tree; + + sbcset = (re_bitset_ptr_t) calloc (sizeof (bitset_t), 1); +diff --git a/conf/Makefile.extra-dist b/conf/Makefile.extra-dist +index b53fe6dfd..883baba56 100644 +--- a/conf/Makefile.extra-dist ++++ b/conf/Makefile.extra-dist +@@ -31,6 +31,7 @@ EXTRA_DIST += grub-core/genemuinit.sh + EXTRA_DIST += grub-core/genemuinitheader.sh + + EXTRA_DIST += grub-core/gnulib-fix-null-deref.diff ++EXTRA_DIST += grub-core/gnulib-fix-uninit-structure.patch + EXTRA_DIST += grub-core/gnulib-fix-unused-value.patch + EXTRA_DIST += grub-core/gnulib-fix-width.diff + EXTRA_DIST += grub-core/gnulib-no-abort.diff +diff --git a/grub-core/gnulib-fix-uninit-structure.patch b/grub-core/gnulib-fix-uninit-structure.patch +new file mode 100644 +index 000000000..7b4d9f67a +--- /dev/null ++++ b/grub-core/gnulib-fix-uninit-structure.patch +@@ -0,0 +1,11 @@ ++--- a/lib/regcomp.c 2020-10-22 13:49:06.770168928 +0000 +++++ b/lib/regcomp.c 2020-10-22 13:50:37.026528298 +0000 ++@@ -3662,7 +3662,7 @@ ++ Idx alloc = 0; ++ #endif /* not RE_ENABLE_I18N */ ++ reg_errcode_t ret; ++- re_token_t br_token; +++ re_token_t br_token = {0}; ++ bin_tree_t *tree; ++ ++ sbcset = (re_bitset_ptr_t) calloc (sizeof (bitset_t), 1); diff --git a/SOURCES/0395-gnulib-argp-help-Fix-dereference-of-a-possibly-NULL-.patch b/SOURCES/0395-gnulib-argp-help-Fix-dereference-of-a-possibly-NULL-.patch new file mode 100644 index 0000000..ecb4373 --- /dev/null +++ b/SOURCES/0395-gnulib-argp-help-Fix-dereference-of-a-possibly-NULL-.patch @@ -0,0 +1,64 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Wed, 28 Oct 2020 14:43:01 +0000 +Subject: [PATCH] gnulib/argp-help: Fix dereference of a possibly NULL state + +All other instances of call to __argp_failure() where there is +a dgettext() call is first checking whether state is NULL before +attempting to dereference it to get the root_argp->argp_domain. + +Fixes: CID 292436 + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper +--- + grub-core/gnulib/argp-help.c | 3 ++- + conf/Makefile.extra-dist | 1 + + grub-core/gnulib-fix-null-state-deref.patch | 12 ++++++++++++ + 3 files changed, 15 insertions(+), 1 deletion(-) + create mode 100644 grub-core/gnulib-fix-null-state-deref.patch + +diff --git a/grub-core/gnulib/argp-help.c b/grub-core/gnulib/argp-help.c +index b9be63f40..8af8be073 100644 +--- a/grub-core/gnulib/argp-help.c ++++ b/grub-core/gnulib/argp-help.c +@@ -145,7 +145,8 @@ validate_uparams (const struct argp_state *state, struct uparams *upptr) + if (*(int *)((char *)upptr + up->uparams_offs) >= upptr->rmargin) + { + __argp_failure (state, 0, 0, +- dgettext (state->root_argp->argp_domain, ++ dgettext (state == NULL ? NULL ++ : state->root_argp->argp_domain, + "\ + ARGP_HELP_FMT: %s value is less than or equal to %s"), + "rmargin", up->name); +diff --git a/conf/Makefile.extra-dist b/conf/Makefile.extra-dist +index 883baba56..06606de8d 100644 +--- a/conf/Makefile.extra-dist ++++ b/conf/Makefile.extra-dist +@@ -31,6 +31,7 @@ EXTRA_DIST += grub-core/genemuinit.sh + EXTRA_DIST += grub-core/genemuinitheader.sh + + EXTRA_DIST += grub-core/gnulib-fix-null-deref.diff ++EXTRA_DIST += grub-core/gnulib-fix-null-state-deref.patch + EXTRA_DIST += grub-core/gnulib-fix-uninit-structure.patch + EXTRA_DIST += grub-core/gnulib-fix-unused-value.patch + EXTRA_DIST += grub-core/gnulib-fix-width.diff +diff --git a/grub-core/gnulib-fix-null-state-deref.patch b/grub-core/gnulib-fix-null-state-deref.patch +new file mode 100644 +index 000000000..813ec09c8 +--- /dev/null ++++ b/grub-core/gnulib-fix-null-state-deref.patch +@@ -0,0 +1,12 @@ ++--- a/lib/argp-help.c 2020-10-28 14:32:19.189215988 +0000 +++++ b/lib/argp-help.c 2020-10-28 14:38:21.204673940 +0000 ++@@ -145,7 +145,8 @@ ++ if (*(int *)((char *)upptr + up->uparams_offs) >= upptr->rmargin) ++ { ++ __argp_failure (state, 0, 0, ++- dgettext (state->root_argp->argp_domain, +++ dgettext (state == NULL ? NULL +++ : state->root_argp->argp_domain, ++ "\ ++ ARGP_HELP_FMT: %s value is less than or equal to %s"), ++ "rmargin", up->name); diff --git a/SOURCES/0396-gnulib-regexec-Fix-possible-null-dereference.patch b/SOURCES/0396-gnulib-regexec-Fix-possible-null-dereference.patch new file mode 100644 index 0000000..f5fcaaa --- /dev/null +++ b/SOURCES/0396-gnulib-regexec-Fix-possible-null-dereference.patch @@ -0,0 +1,65 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Thu, 5 Nov 2020 10:57:14 +0000 +Subject: [PATCH] gnulib/regexec: Fix possible null-dereference + +It appears to be possible that the mctx->state_log field may be NULL, +and the name of this function, clean_state_log_if_needed(), suggests +that it should be checking that it is valid to be cleaned before +assuming that it does. + +Fixes: CID 86720 + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper +--- + grub-core/gnulib/regexec.c | 3 +++ + conf/Makefile.extra-dist | 1 + + grub-core/gnulib-fix-regexec-null-deref.patch | 12 ++++++++++++ + 3 files changed, 16 insertions(+) + create mode 100644 grub-core/gnulib-fix-regexec-null-deref.patch + +diff --git a/grub-core/gnulib/regexec.c b/grub-core/gnulib/regexec.c +index 9264f2628..fdacff12c 100644 +--- a/grub-core/gnulib/regexec.c ++++ b/grub-core/gnulib/regexec.c +@@ -1754,6 +1754,9 @@ clean_state_log_if_needed (re_match_context_t *mctx, Idx next_state_log_idx) + { + Idx top = mctx->state_log_top; + ++ if (mctx->state_log == NULL) ++ return REG_NOERROR; ++ + if ((next_state_log_idx >= mctx->input.bufs_len + && mctx->input.bufs_len < mctx->input.len) + || (next_state_log_idx >= mctx->input.valid_len +diff --git a/conf/Makefile.extra-dist b/conf/Makefile.extra-dist +index 06606de8d..edbe7846e 100644 +--- a/conf/Makefile.extra-dist ++++ b/conf/Makefile.extra-dist +@@ -32,6 +32,7 @@ EXTRA_DIST += grub-core/genemuinitheader.sh + + EXTRA_DIST += grub-core/gnulib-fix-null-deref.diff + EXTRA_DIST += grub-core/gnulib-fix-null-state-deref.patch ++EXTRA_DIST += grub-core/gnulib-fix-regexec-null-deref.patch + EXTRA_DIST += grub-core/gnulib-fix-uninit-structure.patch + EXTRA_DIST += grub-core/gnulib-fix-unused-value.patch + EXTRA_DIST += grub-core/gnulib-fix-width.diff +diff --git a/grub-core/gnulib-fix-regexec-null-deref.patch b/grub-core/gnulib-fix-regexec-null-deref.patch +new file mode 100644 +index 000000000..db6dac9c9 +--- /dev/null ++++ b/grub-core/gnulib-fix-regexec-null-deref.patch +@@ -0,0 +1,12 @@ ++--- a/lib/regexec.c 2020-10-21 14:25:35.310195912 +0000 +++++ b/lib/regexec.c 2020-11-05 10:55:09.621542984 +0000 ++@@ -1692,6 +1692,9 @@ ++ { ++ Idx top = mctx->state_log_top; ++ +++ if (mctx->state_log == NULL) +++ return REG_NOERROR; +++ ++ if ((next_state_log_idx >= mctx->input.bufs_len ++ && mctx->input.bufs_len < mctx->input.len) ++ || (next_state_log_idx >= mctx->input.valid_len diff --git a/SOURCES/0397-gnulib-regcomp-Fix-uninitialized-re_token.patch b/SOURCES/0397-gnulib-regcomp-Fix-uninitialized-re_token.patch new file mode 100644 index 0000000..8324b57 --- /dev/null +++ b/SOURCES/0397-gnulib-regcomp-Fix-uninitialized-re_token.patch @@ -0,0 +1,64 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Tue, 24 Nov 2020 18:04:22 +0000 +Subject: [PATCH] gnulib/regcomp: Fix uninitialized re_token + +This issue has been fixed in the latest version of gnulib, so to +maintain consistency, I've backported that change rather than doing +something different. + +Fixes: CID 73828 + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper +--- + grub-core/gnulib/regcomp.c | 3 +-- + conf/Makefile.extra-dist | 1 + + grub-core/gnulib-fix-regcomp-uninit-token.patch | 12 ++++++++++++ + 3 files changed, 14 insertions(+), 2 deletions(-) + create mode 100644 grub-core/gnulib-fix-regcomp-uninit-token.patch + +diff --git a/grub-core/gnulib/regcomp.c b/grub-core/gnulib/regcomp.c +index de9f62208..6d0830ac6 100644 +--- a/grub-core/gnulib/regcomp.c ++++ b/grub-core/gnulib/regcomp.c +@@ -3790,8 +3790,7 @@ static bin_tree_t * + create_tree (re_dfa_t *dfa, bin_tree_t *left, bin_tree_t *right, + re_token_type_t type) + { +- re_token_t t; +- t.type = type; ++ re_token_t t = { .type = type }; + return create_token_tree (dfa, left, right, &t); + } + +diff --git a/conf/Makefile.extra-dist b/conf/Makefile.extra-dist +index edbe7846e..ee276a877 100644 +--- a/conf/Makefile.extra-dist ++++ b/conf/Makefile.extra-dist +@@ -32,6 +32,7 @@ EXTRA_DIST += grub-core/genemuinitheader.sh + + EXTRA_DIST += grub-core/gnulib-fix-null-deref.diff + EXTRA_DIST += grub-core/gnulib-fix-null-state-deref.patch ++EXTRA_DIST += grub-core/gnulib-fix-regcomp-uninit-token.patch + EXTRA_DIST += grub-core/gnulib-fix-regexec-null-deref.patch + EXTRA_DIST += grub-core/gnulib-fix-uninit-structure.patch + EXTRA_DIST += grub-core/gnulib-fix-unused-value.patch +diff --git a/grub-core/gnulib-fix-regcomp-uninit-token.patch b/grub-core/gnulib-fix-regcomp-uninit-token.patch +new file mode 100644 +index 000000000..d61574522 +--- /dev/null ++++ b/grub-core/gnulib-fix-regcomp-uninit-token.patch +@@ -0,0 +1,12 @@ ++--- grub-core/gnulib/regcomp.c +++++ grub-core/gnulib/regcomp.c ++@@ -3808,8 +3808,7 @@ static bin_tree_t * ++ create_tree (re_dfa_t *dfa, bin_tree_t *left, bin_tree_t *right, ++ re_token_type_t type) ++ { ++- re_token_t t; ++- t.type = type; +++ re_token_t t = { .type = type }; ++ return create_token_tree (dfa, left, right, &t); ++ } ++ diff --git a/SOURCES/0398-io-lzopio-Resolve-unnecessary-self-assignment-errors.patch b/SOURCES/0398-io-lzopio-Resolve-unnecessary-self-assignment-errors.patch new file mode 100644 index 0000000..7a5fc9b --- /dev/null +++ b/SOURCES/0398-io-lzopio-Resolve-unnecessary-self-assignment-errors.patch @@ -0,0 +1,38 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Wed, 21 Oct 2020 14:44:10 +0000 +Subject: [PATCH] io/lzopio: Resolve unnecessary self-assignment errors + +These 2 assignments are unnecessary since they are just assigning +to themselves. + +Fixes: CID 73643 + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper +--- + grub-core/io/lzopio.c | 4 ---- + 1 file changed, 4 deletions(-) + +diff --git a/grub-core/io/lzopio.c b/grub-core/io/lzopio.c +index 84edf6dd2..6bf14daf4 100644 +--- a/grub-core/io/lzopio.c ++++ b/grub-core/io/lzopio.c +@@ -125,8 +125,6 @@ read_block_header (struct grub_lzopio *lzopio) + sizeof (lzopio->block.ucheck)) != + sizeof (lzopio->block.ucheck)) + return -1; +- +- lzopio->block.ucheck = lzopio->block.ucheck; + } + + /* Read checksum of compressed data. */ +@@ -143,8 +141,6 @@ read_block_header (struct grub_lzopio *lzopio) + sizeof (lzopio->block.ccheck)) != + sizeof (lzopio->block.ccheck)) + return -1; +- +- lzopio->block.ccheck = lzopio->block.ccheck; + } + } + diff --git a/SOURCES/0399-kern-partition-Check-for-NULL-before-dereferencing-i.patch b/SOURCES/0399-kern-partition-Check-for-NULL-before-dereferencing-i.patch new file mode 100644 index 0000000..eb1bca8 --- /dev/null +++ b/SOURCES/0399-kern-partition-Check-for-NULL-before-dereferencing-i.patch @@ -0,0 +1,40 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Fri, 23 Oct 2020 09:49:59 +0000 +Subject: [PATCH] kern/partition: Check for NULL before dereferencing input + string + +There is the possibility that the value of str comes from an external +source and continuing to use it before ever checking its validity is +wrong. So, needs fixing. + +Additionally, drop unneeded part initialization. + +Fixes: CID 292444 + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper +--- + grub-core/kern/partition.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/grub-core/kern/partition.c b/grub-core/kern/partition.c +index 2c401b866..3068c4dca 100644 +--- a/grub-core/kern/partition.c ++++ b/grub-core/kern/partition.c +@@ -109,11 +109,14 @@ grub_partition_map_probe (const grub_partition_map_t partmap, + grub_partition_t + grub_partition_probe (struct grub_disk *disk, const char *str) + { +- grub_partition_t part = 0; ++ grub_partition_t part; + grub_partition_t curpart = 0; + grub_partition_t tail; + const char *ptr; + ++ if (str == NULL) ++ return 0; ++ + part = tail = disk->partition; + + for (ptr = str; *ptr;) diff --git a/SOURCES/0400-disk-ldm-Make-sure-comp-data-is-freed-before-exiting.patch b/SOURCES/0400-disk-ldm-Make-sure-comp-data-is-freed-before-exiting.patch new file mode 100644 index 0000000..ef22f3b --- /dev/null +++ b/SOURCES/0400-disk-ldm-Make-sure-comp-data-is-freed-before-exiting.patch @@ -0,0 +1,125 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Marco A Benatto +Date: Mon, 7 Dec 2020 11:53:03 -0300 +Subject: [PATCH] disk/ldm: Make sure comp data is freed before exiting from + make_vg() + +Several error handling paths in make_vg() do not free comp data before +jumping to fail2 label and returning from the function. This will leak +memory. So, let's fix all issues of that kind. + +Fixes: CID 73804 + +Signed-off-by: Marco A Benatto +Reviewed-by: Daniel Kiper +--- + grub-core/disk/ldm.c | 51 ++++++++++++++++++++++++++++++++++++++++++++------- + 1 file changed, 44 insertions(+), 7 deletions(-) + +diff --git a/grub-core/disk/ldm.c b/grub-core/disk/ldm.c +index 58f8a53e1..428415fac 100644 +--- a/grub-core/disk/ldm.c ++++ b/grub-core/disk/ldm.c +@@ -554,7 +554,11 @@ make_vg (grub_disk_t disk, + comp->segments = grub_calloc (comp->segment_alloc, + sizeof (*comp->segments)); + if (!comp->segments) +- goto fail2; ++ { ++ grub_free (comp->internal_id); ++ grub_free (comp); ++ goto fail2; ++ } + } + else + { +@@ -562,7 +566,11 @@ make_vg (grub_disk_t disk, + comp->segment_count = 1; + comp->segments = grub_malloc (sizeof (*comp->segments)); + if (!comp->segments) +- goto fail2; ++ { ++ grub_free (comp->internal_id); ++ grub_free (comp); ++ goto fail2; ++ } + comp->segments->start_extent = 0; + comp->segments->extent_count = lv->size; + comp->segments->layout = 0; +@@ -574,15 +582,26 @@ make_vg (grub_disk_t disk, + comp->segments->layout = GRUB_RAID_LAYOUT_SYMMETRIC_MASK; + } + else +- goto fail2; ++ { ++ grub_free (comp->segments); ++ grub_free (comp->internal_id); ++ grub_free (comp); ++ goto fail2; ++ } + ptr += *ptr + 1; + ptr++; + if (!(vblk[i].flags & 0x10)) +- goto fail2; ++ { ++ grub_free (comp->segments); ++ grub_free (comp->internal_id); ++ grub_free (comp); ++ goto fail2; ++ } + if (ptr >= vblk[i].dynamic + sizeof (vblk[i].dynamic) + || ptr + *ptr + 1 >= vblk[i].dynamic + + sizeof (vblk[i].dynamic)) + { ++ grub_free (comp->segments); + grub_free (comp->internal_id); + grub_free (comp); + goto fail2; +@@ -592,6 +611,7 @@ make_vg (grub_disk_t disk, + if (ptr + *ptr + 1 >= vblk[i].dynamic + + sizeof (vblk[i].dynamic)) + { ++ grub_free (comp->segments); + grub_free (comp->internal_id); + grub_free (comp); + goto fail2; +@@ -601,7 +621,12 @@ make_vg (grub_disk_t disk, + comp->segments->nodes = grub_calloc (comp->segments->node_alloc, + sizeof (*comp->segments->nodes)); + if (!lv->segments->nodes) +- goto fail2; ++ { ++ grub_free (comp->segments); ++ grub_free (comp->internal_id); ++ grub_free (comp); ++ goto fail2; ++ } + } + + if (lv->segments->node_alloc == lv->segments->node_count) +@@ -611,11 +636,23 @@ make_vg (grub_disk_t disk, + + if (grub_mul (lv->segments->node_alloc, 2, &lv->segments->node_alloc) || + grub_mul (lv->segments->node_alloc, sizeof (*lv->segments->nodes), &sz)) +- goto fail2; ++ { ++ grub_free (comp->segments->nodes); ++ grub_free (comp->segments); ++ grub_free (comp->internal_id); ++ grub_free (comp); ++ goto fail2; ++ } + + t = grub_realloc (lv->segments->nodes, sz); + if (!t) +- goto fail2; ++ { ++ grub_free (comp->segments->nodes); ++ grub_free (comp->segments); ++ grub_free (comp->internal_id); ++ grub_free (comp); ++ goto fail2; ++ } + lv->segments->nodes = t; + } + lv->segments->nodes[lv->segments->node_count].pv = 0; diff --git a/SOURCES/0401-disk-ldm-If-failed-then-free-vg-variable-too.patch b/SOURCES/0401-disk-ldm-If-failed-then-free-vg-variable-too.patch new file mode 100644 index 0000000..def9a62 --- /dev/null +++ b/SOURCES/0401-disk-ldm-If-failed-then-free-vg-variable-too.patch @@ -0,0 +1,25 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Paulo Flabiano Smorigo +Date: Mon, 7 Dec 2020 10:07:47 -0300 +Subject: [PATCH] disk/ldm: If failed then free vg variable too + +Fixes: CID 73809 + +Signed-off-by: Paulo Flabiano Smorigo +Reviewed-by: Daniel Kiper +--- + grub-core/disk/ldm.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/grub-core/disk/ldm.c b/grub-core/disk/ldm.c +index 428415fac..54713f45a 100644 +--- a/grub-core/disk/ldm.c ++++ b/grub-core/disk/ldm.c +@@ -199,6 +199,7 @@ make_vg (grub_disk_t disk, + { + grub_free (vg->uuid); + grub_free (vg->name); ++ grub_free (vg); + return NULL; + } + grub_memcpy (vg->uuid, label->group_guid, LDM_GUID_STRLEN); diff --git a/SOURCES/0402-disk-ldm-Fix-memory-leak-on-uninserted-lv-references.patch b/SOURCES/0402-disk-ldm-Fix-memory-leak-on-uninserted-lv-references.patch new file mode 100644 index 0000000..5d67655 --- /dev/null +++ b/SOURCES/0402-disk-ldm-Fix-memory-leak-on-uninserted-lv-references.patch @@ -0,0 +1,47 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Tue, 8 Dec 2020 10:00:51 +0000 +Subject: [PATCH] disk/ldm: Fix memory leak on uninserted lv references + +The problem here is that the memory allocated to the variable lv is not +yet inserted into the list that is being processed at the label fail2. + +As we can already see at line 342, which correctly frees lv before going +to fail2, we should also be doing that at these earlier jumps to fail2. + +Fixes: CID 73824 + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper +--- + grub-core/disk/ldm.c | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) + +diff --git a/grub-core/disk/ldm.c b/grub-core/disk/ldm.c +index 54713f45a..e82e9899f 100644 +--- a/grub-core/disk/ldm.c ++++ b/grub-core/disk/ldm.c +@@ -321,7 +321,10 @@ make_vg (grub_disk_t disk, + lv->visible = 1; + lv->segments = grub_zalloc (sizeof (*lv->segments)); + if (!lv->segments) +- goto fail2; ++ { ++ grub_free (lv); ++ goto fail2; ++ } + lv->segments->start_extent = 0; + lv->segments->type = GRUB_DISKFILTER_MIRROR; + lv->segments->node_count = 0; +@@ -329,7 +332,10 @@ make_vg (grub_disk_t disk, + lv->segments->nodes = grub_calloc (lv->segments->node_alloc, + sizeof (*lv->segments->nodes)); + if (!lv->segments->nodes) +- goto fail2; ++ { ++ grub_free (lv); ++ goto fail2; ++ } + ptr = vblk[i].dynamic; + if (ptr + *ptr + 1 >= vblk[i].dynamic + + sizeof (vblk[i].dynamic)) diff --git a/SOURCES/0403-disk-cryptodisk-Fix-potential-integer-overflow.patch b/SOURCES/0403-disk-cryptodisk-Fix-potential-integer-overflow.patch new file mode 100644 index 0000000..dfe8e1d --- /dev/null +++ b/SOURCES/0403-disk-cryptodisk-Fix-potential-integer-overflow.patch @@ -0,0 +1,47 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Thu, 21 Jan 2021 11:38:31 +0000 +Subject: [PATCH] disk/cryptodisk: Fix potential integer overflow + +The encrypt and decrypt functions expect a grub_size_t. So, we need to +ensure that the constant bit shift is using grub_size_t rather than +unsigned int when it is performing the shift. + +Fixes: CID 307788 + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper +--- + grub-core/disk/cryptodisk.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c +index bd60a66b3..78a902515 100644 +--- a/grub-core/disk/cryptodisk.c ++++ b/grub-core/disk/cryptodisk.c +@@ -311,10 +311,10 @@ grub_cryptodisk_endecrypt (struct grub_cryptodisk *dev, + case GRUB_CRYPTODISK_MODE_CBC: + if (do_encrypt) + err = grub_crypto_cbc_encrypt (dev->cipher, data + i, data + i, +- (1U << dev->log_sector_size), iv); ++ ((grub_size_t) 1 << dev->log_sector_size), iv); + else + err = grub_crypto_cbc_decrypt (dev->cipher, data + i, data + i, +- (1U << dev->log_sector_size), iv); ++ ((grub_size_t) 1 << dev->log_sector_size), iv); + if (err) + return err; + break; +@@ -322,10 +322,10 @@ grub_cryptodisk_endecrypt (struct grub_cryptodisk *dev, + case GRUB_CRYPTODISK_MODE_PCBC: + if (do_encrypt) + err = grub_crypto_pcbc_encrypt (dev->cipher, data + i, data + i, +- (1U << dev->log_sector_size), iv); ++ ((grub_size_t) 1 << dev->log_sector_size), iv); + else + err = grub_crypto_pcbc_decrypt (dev->cipher, data + i, data + i, +- (1U << dev->log_sector_size), iv); ++ ((grub_size_t) 1 << dev->log_sector_size), iv); + if (err) + return err; + break; diff --git a/SOURCES/0404-hfsplus-Check-that-the-volume-name-length-is-valid.patch b/SOURCES/0404-hfsplus-Check-that-the-volume-name-length-is-valid.patch new file mode 100644 index 0000000..e77307c --- /dev/null +++ b/SOURCES/0404-hfsplus-Check-that-the-volume-name-length-is-valid.patch @@ -0,0 +1,40 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Fri, 23 Oct 2020 17:09:31 +0000 +Subject: [PATCH] hfsplus: Check that the volume name length is valid + +HFS+ documentation suggests that the maximum filename and volume name is +255 Unicode characters in length. + +So, when converting from big-endian to little-endian, we should ensure +that the name of the volume has a length that is between 0 and 255, +inclusive. + +Fixes: CID 73641 + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper +--- + grub-core/fs/hfsplus.c | 9 +++++++++ + 1 file changed, 9 insertions(+) + +diff --git a/grub-core/fs/hfsplus.c b/grub-core/fs/hfsplus.c +index e06bcbb9b..03a33ea24 100644 +--- a/grub-core/fs/hfsplus.c ++++ b/grub-core/fs/hfsplus.c +@@ -1012,6 +1012,15 @@ grub_hfsplus_label (grub_device_t device, char **label) + grub_hfsplus_btree_recptr (&data->catalog_tree, node, ptr); + + label_len = grub_be_to_cpu16 (catkey->namelen); ++ ++ /* Ensure that the length is >= 0. */ ++ if (label_len < 0) ++ label_len = 0; ++ ++ /* Ensure label length is at most 255 Unicode characters. */ ++ if (label_len > 255) ++ label_len = 255; ++ + label_name = grub_calloc (label_len, sizeof (*label_name)); + if (!label_name) + { diff --git a/SOURCES/0405-zfs-Fix-possible-negative-shift-operation.patch b/SOURCES/0405-zfs-Fix-possible-negative-shift-operation.patch new file mode 100644 index 0000000..d265ad3 --- /dev/null +++ b/SOURCES/0405-zfs-Fix-possible-negative-shift-operation.patch @@ -0,0 +1,39 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Tue, 24 Nov 2020 16:41:49 +0000 +Subject: [PATCH] zfs: Fix possible negative shift operation + +While it is possible for the return value from zfs_log2() to be zero +(0), it is quite unlikely, given that the previous assignment to blksz +is shifted up by SPA_MINBLOCKSHIFT (9) before 9 is subtracted at the +assignment to epbs. + +But, while unlikely during a normal operation, it may be that a carefully +crafted ZFS filesystem could result in a zero (0) value to the +dn_datalbkszsec field, which means that the shift left does nothing +and assigns zero (0) to blksz, resulting in a negative epbs value. + +Fixes: CID 73608 + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper +--- + grub-core/fs/zfs/zfs.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/grub-core/fs/zfs/zfs.c b/grub-core/fs/zfs/zfs.c +index c6204367e..3dfde0807 100644 +--- a/grub-core/fs/zfs/zfs.c ++++ b/grub-core/fs/zfs/zfs.c +@@ -2667,6 +2667,11 @@ dnode_get (dnode_end_t * mdn, grub_uint64_t objnum, grub_uint8_t type, + blksz = grub_zfs_to_cpu16 (mdn->dn.dn_datablkszsec, + mdn->endian) << SPA_MINBLOCKSHIFT; + epbs = zfs_log2 (blksz) - DNODE_SHIFT; ++ ++ /* While this should never happen, we should check that epbs is not negative. */ ++ if (epbs < 0) ++ epbs = 0; ++ + blkid = objnum >> epbs; + idx = objnum & ((1 << epbs) - 1); + diff --git a/SOURCES/0406-zfs-Fix-resource-leaks-while-constructing-path.patch b/SOURCES/0406-zfs-Fix-resource-leaks-while-constructing-path.patch new file mode 100644 index 0000000..02f2e78 --- /dev/null +++ b/SOURCES/0406-zfs-Fix-resource-leaks-while-constructing-path.patch @@ -0,0 +1,118 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Paulo Flabiano Smorigo +Date: Mon, 14 Dec 2020 18:54:49 -0300 +Subject: [PATCH] zfs: Fix resource leaks while constructing path + +There are several exit points in dnode_get_path() that are causing possible +memory leaks. + +In the while(1) the correct exit mechanism should not be to do a direct return, +but to instead break out of the loop, setting err first if it is not already set. + +The reason behind this is that the dnode_path is a linked list, and while doing +through this loop, it is being allocated and built up - the only way to +correctly unravel it is to traverse it, which is what is being done at the end +of the function outside of the loop. + +Several of the existing exit points correctly did a break, but not all so this +change makes that more consistent and should resolve the leaking of memory as +found by Coverity. + +Fixes: CID 73741 + +Signed-off-by: Paulo Flabiano Smorigo +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper +--- + grub-core/fs/zfs/zfs.c | 30 +++++++++++++++++++++--------- + 1 file changed, 21 insertions(+), 9 deletions(-) + +diff --git a/grub-core/fs/zfs/zfs.c b/grub-core/fs/zfs/zfs.c +index 3dfde0807..44d8bde6b 100644 +--- a/grub-core/fs/zfs/zfs.c ++++ b/grub-core/fs/zfs/zfs.c +@@ -2836,8 +2836,8 @@ dnode_get_path (struct subvolume *subvol, const char *path_in, dnode_end_t *dn, + + if (dnode_path->dn.dn.dn_type != DMU_OT_DIRECTORY_CONTENTS) + { +- grub_free (path_buf); +- return grub_error (GRUB_ERR_BAD_FILE_TYPE, N_("not a directory")); ++ err = grub_error (GRUB_ERR_BAD_FILE_TYPE, N_("not a directory")); ++ break; + } + err = zap_lookup (&(dnode_path->dn), cname, &objnum, + data, subvol->case_insensitive); +@@ -2879,11 +2879,18 @@ dnode_get_path (struct subvolume *subvol, const char *path_in, dnode_end_t *dn, + << SPA_MINBLOCKSHIFT); + + if (blksz == 0) +- return grub_error(GRUB_ERR_BAD_FS, "0-sized block"); ++ { ++ err = grub_error (GRUB_ERR_BAD_FS, "0-sized block"); ++ break; ++ } + + sym_value = grub_malloc (sym_sz); + if (!sym_value) +- return grub_errno; ++ { ++ err = grub_errno; ++ break; ++ } ++ + for (block = 0; block < (sym_sz + blksz - 1) / blksz; block++) + { + void *t; +@@ -2893,7 +2900,7 @@ dnode_get_path (struct subvolume *subvol, const char *path_in, dnode_end_t *dn, + if (err) + { + grub_free (sym_value); +- return err; ++ break; + } + + movesize = sym_sz - block * blksz; +@@ -2903,6 +2910,8 @@ dnode_get_path (struct subvolume *subvol, const char *path_in, dnode_end_t *dn, + grub_memcpy (sym_value + block * blksz, t, movesize); + grub_free (t); + } ++ if (err) ++ break; + free_symval = 1; + } + path = path_buf = grub_malloc (sym_sz + grub_strlen (oldpath) + 1); +@@ -2911,7 +2920,8 @@ dnode_get_path (struct subvolume *subvol, const char *path_in, dnode_end_t *dn, + grub_free (oldpathbuf); + if (free_symval) + grub_free (sym_value); +- return grub_errno; ++ err = grub_errno; ++ break; + } + grub_memcpy (path, sym_value, sym_sz); + if (free_symval) +@@ -2949,11 +2959,12 @@ dnode_get_path (struct subvolume *subvol, const char *path_in, dnode_end_t *dn, + + err = zio_read (bp, dnode_path->dn.endian, &sahdrp, NULL, data); + if (err) +- return err; ++ break; + } + else + { +- return grub_error (GRUB_ERR_BAD_FS, "filesystem is corrupt"); ++ err = grub_error (GRUB_ERR_BAD_FS, "filesystem is corrupt"); ++ break; + } + + hdrsize = SA_HDR_SIZE (((sa_hdr_phys_t *) sahdrp)); +@@ -2974,7 +2985,8 @@ dnode_get_path (struct subvolume *subvol, const char *path_in, dnode_end_t *dn, + if (!path_buf) + { + grub_free (oldpathbuf); +- return grub_errno; ++ err = grub_errno; ++ break; + } + grub_memcpy (path, sym_value, sym_sz); + path [sym_sz] = 0; diff --git a/SOURCES/0407-zfs-Fix-possible-integer-overflows.patch b/SOURCES/0407-zfs-Fix-possible-integer-overflows.patch new file mode 100644 index 0000000..9938833 --- /dev/null +++ b/SOURCES/0407-zfs-Fix-possible-integer-overflows.patch @@ -0,0 +1,53 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Tue, 8 Dec 2020 22:17:04 +0000 +Subject: [PATCH] zfs: Fix possible integer overflows + +In all cases the problem is that the value being acted upon by +a left-shift is a 32-bit number which is then being used in the +context of a 64-bit number. + +To avoid overflow we ensure that the number being shifted is 64-bit +before the shift is done. + +Fixes: CID 73684, CID 73695, CID 73764 + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper +--- + grub-core/fs/zfs/zfs.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/grub-core/fs/zfs/zfs.c b/grub-core/fs/zfs/zfs.c +index 44d8bde6b..0d8c08eec 100644 +--- a/grub-core/fs/zfs/zfs.c ++++ b/grub-core/fs/zfs/zfs.c +@@ -564,7 +564,7 @@ find_bestub (uberblock_phys_t * ub_array, + ubptr = (uberblock_phys_t *) ((grub_properly_aligned_t *) ub_array + + ((i << ub_shift) + / sizeof (grub_properly_aligned_t))); +- err = uberblock_verify (ubptr, offset, 1 << ub_shift); ++ err = uberblock_verify (ubptr, offset, (grub_size_t) 1 << ub_shift); + if (err) + { + grub_errno = GRUB_ERR_NONE; +@@ -1543,7 +1543,7 @@ read_device (grub_uint64_t offset, struct grub_zfs_device_desc *desc, + + high = grub_divmod64 ((offset >> desc->ashift) + c, + desc->n_children, &devn); +- csize = bsize << desc->ashift; ++ csize = (grub_size_t) bsize << desc->ashift; + if (csize > len) + csize = len; + +@@ -1635,8 +1635,8 @@ read_device (grub_uint64_t offset, struct grub_zfs_device_desc *desc, + + while (len > 0) + { +- grub_size_t csize; +- csize = ((s / (desc->n_children - desc->nparity)) ++ grub_size_t csize = s; ++ csize = ((csize / (desc->n_children - desc->nparity)) + << desc->ashift); + if (csize > len) + csize = len; diff --git a/SOURCES/0408-zfsinfo-Correct-a-check-for-error-allocating-memory.patch b/SOURCES/0408-zfsinfo-Correct-a-check-for-error-allocating-memory.patch new file mode 100644 index 0000000..baa2aee --- /dev/null +++ b/SOURCES/0408-zfsinfo-Correct-a-check-for-error-allocating-memory.patch @@ -0,0 +1,32 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Thu, 26 Nov 2020 10:56:45 +0000 +Subject: [PATCH] zfsinfo: Correct a check for error allocating memory + +While arguably the check for grub_errno is correct, we should really be +checking the return value from the function since it is always possible +that grub_errno was set elsewhere, making this code behave incorrectly. + +Fixes: CID 73668 + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper +--- + grub-core/fs/zfs/zfsinfo.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/grub-core/fs/zfs/zfsinfo.c b/grub-core/fs/zfs/zfsinfo.c +index c8a28acf5..bf2918018 100644 +--- a/grub-core/fs/zfs/zfsinfo.c ++++ b/grub-core/fs/zfs/zfsinfo.c +@@ -358,8 +358,8 @@ grub_cmd_zfs_bootfs (grub_command_t cmd __attribute__ ((unused)), int argc, + return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("one argument expected")); + + devname = grub_file_get_device_name (args[0]); +- if (grub_errno) +- return grub_errno; ++ if (devname == NULL) ++ return GRUB_ERR_OUT_OF_MEMORY; + + dev = grub_device_open (devname); + grub_free (devname); diff --git a/SOURCES/0409-affs-Fix-memory-leaks.patch b/SOURCES/0409-affs-Fix-memory-leaks.patch new file mode 100644 index 0000000..128915c --- /dev/null +++ b/SOURCES/0409-affs-Fix-memory-leaks.patch @@ -0,0 +1,79 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Thu, 26 Nov 2020 12:48:07 +0000 +Subject: [PATCH] affs: Fix memory leaks + +The node structure reference is being allocated but not freed if it +reaches the end of the function. If any of the hooks had returned +a non-zero value, then node would have been copied in to the context +reference, but otherwise node is not stored and should be freed. + +Similarly, the call to grub_affs_create_node() replaces the allocated +memory in node with a newly allocated structure, leaking the existing +memory pointed by node. + +Finally, when dir->parent is set, then we again replace node with newly +allocated memory, which seems unnecessary when we copy in the values +from dir->parent immediately after. + +Fixes: CID 73759 + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper +--- + grub-core/fs/affs.c | 18 ++++++++---------- + 1 file changed, 8 insertions(+), 10 deletions(-) + +diff --git a/grub-core/fs/affs.c b/grub-core/fs/affs.c +index 91073795f..e4615c743 100644 +--- a/grub-core/fs/affs.c ++++ b/grub-core/fs/affs.c +@@ -400,12 +400,12 @@ grub_affs_iterate_dir (grub_fshelp_node_t dir, + { + unsigned int i; + struct grub_affs_file file; +- struct grub_fshelp_node *node = 0; ++ struct grub_fshelp_node *node, *orig_node; + struct grub_affs_data *data = dir->data; + grub_uint32_t *hashtable; + + /* Create the directory entries for `.' and `..'. */ +- node = grub_zalloc (sizeof (*node)); ++ node = orig_node = grub_zalloc (sizeof (*node)); + if (!node) + return 1; + +@@ -414,9 +414,6 @@ grub_affs_iterate_dir (grub_fshelp_node_t dir, + return 1; + if (dir->parent) + { +- node = grub_zalloc (sizeof (*node)); +- if (!node) +- return 1; + *node = *dir->parent; + if (hook ("..", GRUB_FSHELP_DIR, node, hook_data)) + return 1; +@@ -456,17 +453,18 @@ grub_affs_iterate_dir (grub_fshelp_node_t dir, + + if (grub_affs_create_node (dir, hook, hook_data, &node, &hashtable, + next, &file)) +- return 1; ++ { ++ /* Node has been replaced in function. */ ++ grub_free (orig_node); ++ return 1; ++ } + + next = grub_be_to_cpu32 (file.next); + } + } + +- grub_free (hashtable); +- return 0; +- + fail: +- grub_free (node); ++ grub_free (orig_node); + grub_free (hashtable); + return 0; + } diff --git a/SOURCES/0410-libgcrypt-mpi-Fix-possible-unintended-sign-extension.patch b/SOURCES/0410-libgcrypt-mpi-Fix-possible-unintended-sign-extension.patch new file mode 100644 index 0000000..3f31fc5 --- /dev/null +++ b/SOURCES/0410-libgcrypt-mpi-Fix-possible-unintended-sign-extension.patch @@ -0,0 +1,32 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Tue, 3 Nov 2020 16:43:37 +0000 +Subject: [PATCH] libgcrypt/mpi: Fix possible unintended sign extension + +The array of unsigned char gets promoted to a signed 32-bit int before +it is finally promoted to a size_t. There is the possibility that this +may result in the signed-bit being set for the intermediate signed +32-bit int. We should ensure that the promotion is to the correct type +before we bitwise-OR the values. + +Fixes: CID 96697 + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper +--- + grub-core/lib/libgcrypt/mpi/mpicoder.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/grub-core/lib/libgcrypt/mpi/mpicoder.c b/grub-core/lib/libgcrypt/mpi/mpicoder.c +index a3435ed14..7ecad27b2 100644 +--- a/grub-core/lib/libgcrypt/mpi/mpicoder.c ++++ b/grub-core/lib/libgcrypt/mpi/mpicoder.c +@@ -458,7 +458,7 @@ gcry_mpi_scan (struct gcry_mpi **ret_mpi, enum gcry_mpi_format format, + if (len && len < 4) + return gcry_error (GPG_ERR_TOO_SHORT); + +- n = (s[0] << 24 | s[1] << 16 | s[2] << 8 | s[3]); ++ n = ((size_t)s[0] << 24 | (size_t)s[1] << 16 | (size_t)s[2] << 8 | (size_t)s[3]); + s += 4; + if (len) + len -= 4; diff --git a/SOURCES/0411-libgcrypt-mpi-Fix-possible-NULL-dereference.patch b/SOURCES/0411-libgcrypt-mpi-Fix-possible-NULL-dereference.patch new file mode 100644 index 0000000..e9b67e6 --- /dev/null +++ b/SOURCES/0411-libgcrypt-mpi-Fix-possible-NULL-dereference.patch @@ -0,0 +1,30 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Thu, 26 Nov 2020 10:41:54 +0000 +Subject: [PATCH] libgcrypt/mpi: Fix possible NULL dereference + +The code in gcry_mpi_scan() assumes that buffer is not NULL, but there +is no explicit check for that, so we add one. + +Fixes: CID 73757 + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper +--- + grub-core/lib/libgcrypt/mpi/mpicoder.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/grub-core/lib/libgcrypt/mpi/mpicoder.c b/grub-core/lib/libgcrypt/mpi/mpicoder.c +index 7ecad27b2..6fe389165 100644 +--- a/grub-core/lib/libgcrypt/mpi/mpicoder.c ++++ b/grub-core/lib/libgcrypt/mpi/mpicoder.c +@@ -379,6 +379,9 @@ gcry_mpi_scan (struct gcry_mpi **ret_mpi, enum gcry_mpi_format format, + unsigned int len; + int secure = (buffer && gcry_is_secure (buffer)); + ++ if (!buffer) ++ return gcry_error (GPG_ERR_INV_ARG); ++ + if (format == GCRYMPI_FMT_SSH) + len = 0; + else diff --git a/SOURCES/0412-syslinux-Fix-memory-leak-while-parsing.patch b/SOURCES/0412-syslinux-Fix-memory-leak-while-parsing.patch new file mode 100644 index 0000000..d308ee4 --- /dev/null +++ b/SOURCES/0412-syslinux-Fix-memory-leak-while-parsing.patch @@ -0,0 +1,40 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Thu, 26 Nov 2020 15:31:53 +0000 +Subject: [PATCH] syslinux: Fix memory leak while parsing + +In syslinux_parse_real() the 2 points where return is being called +didn't release the memory stored in buf which is no longer required. + +Fixes: CID 176634 + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper +--- + grub-core/lib/syslinux_parse.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/grub-core/lib/syslinux_parse.c b/grub-core/lib/syslinux_parse.c +index 83e7bdb91..f477feff1 100644 +--- a/grub-core/lib/syslinux_parse.c ++++ b/grub-core/lib/syslinux_parse.c +@@ -737,7 +737,10 @@ syslinux_parse_real (struct syslinux_menu *menu) + && grub_strncasecmp ("help", ptr3, ptr4 - ptr3) == 0)) + { + if (helptext (ptr5, file, menu)) +- return 1; ++ { ++ grub_free (buf); ++ return 1; ++ } + continue; + } + +@@ -757,6 +760,7 @@ syslinux_parse_real (struct syslinux_menu *menu) + } + fail: + grub_file_close (file); ++ grub_free (buf); + return err; + } + diff --git a/SOURCES/0413-normal-completion-Fix-leaking-of-memory-when-process.patch b/SOURCES/0413-normal-completion-Fix-leaking-of-memory-when-process.patch new file mode 100644 index 0000000..d3491ec --- /dev/null +++ b/SOURCES/0413-normal-completion-Fix-leaking-of-memory-when-process.patch @@ -0,0 +1,49 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Fri, 4 Dec 2020 18:56:48 +0000 +Subject: [PATCH] normal/completion: Fix leaking of memory when processing a + completion + +It is possible for the code to reach the end of the function without +freeing the memory allocated to argv and argc still to be 0. + +We should always call grub_free(argv). The grub_free() will handle +a NULL argument correctly if it reaches that code without the memory +being allocated. + +Fixes: CID 96672 + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper +--- + grub-core/normal/completion.c | 10 ++++------ + 1 file changed, 4 insertions(+), 6 deletions(-) + +diff --git a/grub-core/normal/completion.c b/grub-core/normal/completion.c +index 93aa0d8ed..5036bcf2d 100644 +--- a/grub-core/normal/completion.c ++++ b/grub-core/normal/completion.c +@@ -401,8 +401,8 @@ char * + grub_normal_do_completion (char *buf, int *restore, + void (*hook) (const char *, grub_completion_type_t, int)) + { +- int argc; +- char **argv; ++ int argc = 0; ++ char **argv = NULL; + + /* Initialize variables. */ + match = 0; +@@ -517,10 +517,8 @@ grub_normal_do_completion (char *buf, int *restore, + + fail: + if (argc != 0) +- { +- grub_free (argv[0]); +- grub_free (argv); +- } ++ grub_free (argv[0]); ++ grub_free (argv); + grub_free (match); + grub_errno = GRUB_ERR_NONE; + diff --git a/SOURCES/0414-commands-hashsum-Fix-a-memory-leak.patch b/SOURCES/0414-commands-hashsum-Fix-a-memory-leak.patch new file mode 100644 index 0000000..eb165a8 --- /dev/null +++ b/SOURCES/0414-commands-hashsum-Fix-a-memory-leak.patch @@ -0,0 +1,53 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Chris Coulson +Date: Tue, 1 Dec 2020 23:41:24 +0000 +Subject: [PATCH] commands/hashsum: Fix a memory leak + +check_list() uses grub_file_getline(), which allocates a buffer. +If the hash list file contains invalid lines, the function leaks +this buffer when it returns an error. + +Fixes: CID 176635 + +Signed-off-by: Chris Coulson +Reviewed-by: Daniel Kiper +--- + grub-core/commands/hashsum.c | 15 ++++++++++++--- + 1 file changed, 12 insertions(+), 3 deletions(-) + +diff --git a/grub-core/commands/hashsum.c b/grub-core/commands/hashsum.c +index 456ba908b..b8a22b0c8 100644 +--- a/grub-core/commands/hashsum.c ++++ b/grub-core/commands/hashsum.c +@@ -128,11 +128,17 @@ check_list (const gcry_md_spec_t *hash, const char *hashfilename, + high = hextoval (*p++); + low = hextoval (*p++); + if (high < 0 || low < 0) +- return grub_error (GRUB_ERR_BAD_FILE_TYPE, "invalid hash list"); ++ { ++ grub_free (buf); ++ return grub_error (GRUB_ERR_BAD_FILE_TYPE, "invalid hash list"); ++ } + expected[i] = (high << 4) | low; + } + if ((p[0] != ' ' && p[0] != '\t') || (p[1] != ' ' && p[1] != '\t')) +- return grub_error (GRUB_ERR_BAD_FILE_TYPE, "invalid hash list"); ++ { ++ grub_free (buf); ++ return grub_error (GRUB_ERR_BAD_FILE_TYPE, "invalid hash list"); ++ } + p += 2; + if (prefix) + { +@@ -140,7 +146,10 @@ check_list (const gcry_md_spec_t *hash, const char *hashfilename, + + filename = grub_xasprintf ("%s/%s", prefix, p); + if (!filename) +- return grub_errno; ++ { ++ grub_free (buf); ++ return grub_errno; ++ } + file = grub_file_open (filename, GRUB_FILE_TYPE_TO_HASH + | (!uncompress ? GRUB_FILE_TYPE_NO_DECOMPRESS + : GRUB_FILE_TYPE_NONE)); diff --git a/SOURCES/0415-video-efi_gop-Remove-unnecessary-return-value-of-gru.patch b/SOURCES/0415-video-efi_gop-Remove-unnecessary-return-value-of-gru.patch new file mode 100644 index 0000000..9bd5250 --- /dev/null +++ b/SOURCES/0415-video-efi_gop-Remove-unnecessary-return-value-of-gru.patch @@ -0,0 +1,91 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Tue, 8 Dec 2020 21:14:31 +0000 +Subject: [PATCH] video/efi_gop: Remove unnecessary return value of + grub_video_gop_fill_mode_info() + +The return value of grub_video_gop_fill_mode_info() is never able to be +anything other than GRUB_ERR_NONE. So, rather than continue to return +a value and checking it each time, it is more correct to redefine the +function to not return anything and remove checks of its return value +altogether. + +Fixes: CID 96701 + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper +--- + grub-core/video/efi_gop.c | 25 ++++++------------------- + 1 file changed, 6 insertions(+), 19 deletions(-) + +diff --git a/grub-core/video/efi_gop.c b/grub-core/video/efi_gop.c +index c9e40e8d4..9fcc41ac0 100644 +--- a/grub-core/video/efi_gop.c ++++ b/grub-core/video/efi_gop.c +@@ -229,7 +229,7 @@ grub_video_gop_fill_real_mode_info (unsigned mode, + return GRUB_ERR_NONE; + } + +-static grub_err_t ++static void + grub_video_gop_fill_mode_info (unsigned mode, + struct grub_efi_gop_mode_info *in, + struct grub_video_mode_info *out) +@@ -254,8 +254,6 @@ grub_video_gop_fill_mode_info (unsigned mode, + out->blit_format = GRUB_VIDEO_BLIT_FORMAT_BGRA_8888; + out->mode_type |= (GRUB_VIDEO_MODE_TYPE_DOUBLE_BUFFERED + | GRUB_VIDEO_MODE_TYPE_UPDATING_SWAP); +- +- return GRUB_ERR_NONE; + } + + static int +@@ -268,7 +266,6 @@ grub_video_gop_iterate (int (*hook) (const struct grub_video_mode_info *info, vo + grub_efi_uintn_t size; + grub_efi_status_t status; + struct grub_efi_gop_mode_info *info = NULL; +- grub_err_t err; + struct grub_video_mode_info mode_info; + + status = efi_call_4 (gop->query_mode, gop, mode, &size, &info); +@@ -279,12 +276,7 @@ grub_video_gop_iterate (int (*hook) (const struct grub_video_mode_info *info, vo + continue; + } + +- err = grub_video_gop_fill_mode_info (mode, info, &mode_info); +- if (err) +- { +- grub_errno = GRUB_ERR_NONE; +- continue; +- } ++ grub_video_gop_fill_mode_info (mode, info, &mode_info); + if (hook (&mode_info, hook_arg)) + return 1; + } +@@ -468,13 +460,8 @@ grub_video_gop_setup (unsigned int width, unsigned int height, + + info = gop->mode->info; + +- err = grub_video_gop_fill_mode_info (gop->mode->mode, info, +- &framebuffer.mode_info); +- if (err) +- { +- grub_dprintf ("video", "GOP: couldn't fill mode info\n"); +- return err; +- } ++ grub_video_gop_fill_mode_info (gop->mode->mode, info, ++ &framebuffer.mode_info); + + framebuffer.ptr = (void *) (grub_addr_t) gop->mode->fb_base; + framebuffer.offscreen +@@ -488,8 +475,8 @@ grub_video_gop_setup (unsigned int width, unsigned int height, + { + grub_dprintf ("video", "GOP: couldn't allocate shadow\n"); + grub_errno = 0; +- err = grub_video_gop_fill_mode_info (gop->mode->mode, info, +- &framebuffer.mode_info); ++ grub_video_gop_fill_mode_info (gop->mode->mode, info, ++ &framebuffer.mode_info); + buffer = framebuffer.ptr; + } + diff --git a/SOURCES/0416-video-fb-fbfill-Fix-potential-integer-overflow.patch b/SOURCES/0416-video-fb-fbfill-Fix-potential-integer-overflow.patch new file mode 100644 index 0000000..5c4b778 --- /dev/null +++ b/SOURCES/0416-video-fb-fbfill-Fix-potential-integer-overflow.patch @@ -0,0 +1,75 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Wed, 4 Nov 2020 15:10:51 +0000 +Subject: [PATCH] video/fb/fbfill: Fix potential integer overflow + +The multiplication of 2 unsigned 32-bit integers may overflow before +promotion to unsigned 64-bit. We should ensure that the multiplication +is done with overflow detection. Additionally, use grub_sub() for +subtraction. + +Fixes: CID 73640, CID 73697, CID 73702, CID 73823 + +Signed-off-by: Darren Kenny +Signed-off-by: Marco A Benatto +Reviewed-by: Daniel Kiper +--- + grub-core/video/fb/fbfill.c | 17 +++++++++++++---- + 1 file changed, 13 insertions(+), 4 deletions(-) + +diff --git a/grub-core/video/fb/fbfill.c b/grub-core/video/fb/fbfill.c +index 11816d07a..a37acd1e2 100644 +--- a/grub-core/video/fb/fbfill.c ++++ b/grub-core/video/fb/fbfill.c +@@ -31,6 +31,7 @@ + #include + #include + #include ++#include + #include + + /* Generic filler that works for every supported mode. */ +@@ -61,7 +62,9 @@ grub_video_fbfill_direct32 (struct grub_video_fbblit_info *dst, + + /* Calculate the number of bytes to advance from the end of one line + to the beginning of the next line. */ +- rowskip = dst->mode_info->pitch - dst->mode_info->bytes_per_pixel * width; ++ if (grub_mul (dst->mode_info->bytes_per_pixel, width, &rowskip) || ++ grub_sub (dst->mode_info->pitch, rowskip, &rowskip)) ++ return; + + /* Get the start address. */ + dstptr = grub_video_fb_get_video_ptr (dst, x, y); +@@ -98,7 +101,9 @@ grub_video_fbfill_direct24 (struct grub_video_fbblit_info *dst, + #endif + /* Calculate the number of bytes to advance from the end of one line + to the beginning of the next line. */ +- rowskip = dst->mode_info->pitch - dst->mode_info->bytes_per_pixel * width; ++ if (grub_mul (dst->mode_info->bytes_per_pixel, width, &rowskip) || ++ grub_sub (dst->mode_info->pitch, rowskip, &rowskip)) ++ return; + + /* Get the start address. */ + dstptr = grub_video_fb_get_video_ptr (dst, x, y); +@@ -131,7 +136,9 @@ grub_video_fbfill_direct16 (struct grub_video_fbblit_info *dst, + + /* Calculate the number of bytes to advance from the end of one line + to the beginning of the next line. */ +- rowskip = (dst->mode_info->pitch - dst->mode_info->bytes_per_pixel * width); ++ if (grub_mul (dst->mode_info->bytes_per_pixel, width, &rowskip) || ++ grub_sub (dst->mode_info->pitch, rowskip, &rowskip)) ++ return; + + /* Get the start address. */ + dstptr = grub_video_fb_get_video_ptr (dst, x, y); +@@ -161,7 +168,9 @@ grub_video_fbfill_direct8 (struct grub_video_fbblit_info *dst, + + /* Calculate the number of bytes to advance from the end of one line + to the beginning of the next line. */ +- rowskip = dst->mode_info->pitch - dst->mode_info->bytes_per_pixel * width; ++ if (grub_mul (dst->mode_info->bytes_per_pixel, width, &rowskip) || ++ grub_sub (dst->mode_info->pitch, rowskip, &rowskip)) ++ return; + + /* Get the start address. */ + dstptr = grub_video_fb_get_video_ptr (dst, x, y); diff --git a/SOURCES/0417-video-fb-video_fb-Fix-multiple-integer-overflows.patch b/SOURCES/0417-video-fb-video_fb-Fix-multiple-integer-overflows.patch new file mode 100644 index 0000000..d317b06 --- /dev/null +++ b/SOURCES/0417-video-fb-video_fb-Fix-multiple-integer-overflows.patch @@ -0,0 +1,101 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Wed, 4 Nov 2020 14:43:44 +0000 +Subject: [PATCH] video/fb/video_fb: Fix multiple integer overflows + +The calculation of the unsigned 64-bit value is being generated by +multiplying 2, signed or unsigned, 32-bit integers which may overflow +before promotion to unsigned 64-bit. Fix all of them. + +Fixes: CID 73703, CID 73767, CID 73833 + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper +--- + grub-core/video/fb/video_fb.c | 52 ++++++++++++++++++++++++++++++------------- + 1 file changed, 36 insertions(+), 16 deletions(-) + +diff --git a/grub-core/video/fb/video_fb.c b/grub-core/video/fb/video_fb.c +index 1a602c8b2..1c9a138dc 100644 +--- a/grub-core/video/fb/video_fb.c ++++ b/grub-core/video/fb/video_fb.c +@@ -25,6 +25,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -1417,15 +1418,23 @@ doublebuf_blit_update_screen (void) + { + if (framebuffer.current_dirty.first_line + <= framebuffer.current_dirty.last_line) +- grub_memcpy ((char *) framebuffer.pages[0] +- + framebuffer.current_dirty.first_line +- * framebuffer.back_target->mode_info.pitch, +- (char *) framebuffer.back_target->data +- + framebuffer.current_dirty.first_line +- * framebuffer.back_target->mode_info.pitch, +- framebuffer.back_target->mode_info.pitch +- * (framebuffer.current_dirty.last_line +- - framebuffer.current_dirty.first_line)); ++ { ++ grub_size_t copy_size; ++ ++ if (grub_sub (framebuffer.current_dirty.last_line, ++ framebuffer.current_dirty.first_line, ©_size) || ++ grub_mul (framebuffer.back_target->mode_info.pitch, copy_size, ©_size)) ++ { ++ /* Shouldn't happen, but if it does we've a bug. */ ++ return GRUB_ERR_BUG; ++ } ++ ++ grub_memcpy ((char *) framebuffer.pages[0] + framebuffer.current_dirty.first_line * ++ framebuffer.back_target->mode_info.pitch, ++ (char *) framebuffer.back_target->data + framebuffer.current_dirty.first_line * ++ framebuffer.back_target->mode_info.pitch, ++ copy_size); ++ } + framebuffer.current_dirty.first_line + = framebuffer.back_target->mode_info.height; + framebuffer.current_dirty.last_line = 0; +@@ -1439,7 +1448,7 @@ grub_video_fb_doublebuf_blit_init (struct grub_video_fbrender_target **back, + volatile void *framebuf) + { + grub_err_t err; +- grub_size_t page_size = mode_info.pitch * mode_info.height; ++ grub_size_t page_size = (grub_size_t) mode_info.pitch * mode_info.height; + + framebuffer.offscreen_buffer = grub_zalloc (page_size); + if (! framebuffer.offscreen_buffer) +@@ -1482,12 +1491,23 @@ doublebuf_pageflipping_update_screen (void) + last_line = framebuffer.previous_dirty.last_line; + + if (first_line <= last_line) +- grub_memcpy ((char *) framebuffer.pages[framebuffer.render_page] +- + first_line * framebuffer.back_target->mode_info.pitch, +- (char *) framebuffer.back_target->data +- + first_line * framebuffer.back_target->mode_info.pitch, +- framebuffer.back_target->mode_info.pitch +- * (last_line - first_line)); ++ { ++ grub_size_t copy_size; ++ ++ if (grub_sub (last_line, first_line, ©_size) || ++ grub_mul (framebuffer.back_target->mode_info.pitch, copy_size, ©_size)) ++ { ++ /* Shouldn't happen, but if it does we've a bug. */ ++ return GRUB_ERR_BUG; ++ } ++ ++ grub_memcpy ((char *) framebuffer.pages[framebuffer.render_page] + first_line * ++ framebuffer.back_target->mode_info.pitch, ++ (char *) framebuffer.back_target->data + first_line * ++ framebuffer.back_target->mode_info.pitch, ++ copy_size); ++ } ++ + framebuffer.previous_dirty = framebuffer.current_dirty; + framebuffer.current_dirty.first_line + = framebuffer.back_target->mode_info.height; diff --git a/SOURCES/0418-video-fb-video_fb-Fix-possible-integer-overflow.patch b/SOURCES/0418-video-fb-video_fb-Fix-possible-integer-overflow.patch new file mode 100644 index 0000000..5846285 --- /dev/null +++ b/SOURCES/0418-video-fb-video_fb-Fix-possible-integer-overflow.patch @@ -0,0 +1,36 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Fri, 4 Dec 2020 14:51:30 +0000 +Subject: [PATCH] video/fb/video_fb: Fix possible integer overflow + +It is minimal possibility that the values being used here will overflow. +So, change the code to use the safemath function grub_mul() to ensure +that doesn't happen. + +Fixes: CID 73761 + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper +--- + grub-core/video/fb/video_fb.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/grub-core/video/fb/video_fb.c b/grub-core/video/fb/video_fb.c +index 1c9a138dc..ae6b89f9a 100644 +--- a/grub-core/video/fb/video_fb.c ++++ b/grub-core/video/fb/video_fb.c +@@ -1537,7 +1537,13 @@ doublebuf_pageflipping_init (struct grub_video_mode_info *mode_info, + volatile void *page1_ptr) + { + grub_err_t err; +- grub_size_t page_size = mode_info->pitch * mode_info->height; ++ grub_size_t page_size = 0; ++ ++ if (grub_mul (mode_info->pitch, mode_info->height, &page_size)) ++ { ++ /* Shouldn't happen, but if it does we've a bug. */ ++ return GRUB_ERR_BUG; ++ } + + framebuffer.offscreen_buffer = grub_malloc (page_size); + if (! framebuffer.offscreen_buffer) diff --git a/SOURCES/0419-video-readers-jpeg-Test-for-an-invalid-next-marker-r.patch b/SOURCES/0419-video-readers-jpeg-Test-for-an-invalid-next-marker-r.patch new file mode 100644 index 0000000..771205d --- /dev/null +++ b/SOURCES/0419-video-readers-jpeg-Test-for-an-invalid-next-marker-r.patch @@ -0,0 +1,35 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Fri, 4 Dec 2020 15:39:00 +0000 +Subject: [PATCH] video/readers/jpeg: Test for an invalid next marker reference + from a jpeg file + +While it may never happen, and potentially could be caught at the end of +the function, it is worth checking up front for a bad reference to the +next marker just in case of a maliciously crafted file being provided. + +Fixes: CID 73694 + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper +--- + grub-core/video/readers/jpeg.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/grub-core/video/readers/jpeg.c b/grub-core/video/readers/jpeg.c +index 31359a4c9..0b6ce3cee 100644 +--- a/grub-core/video/readers/jpeg.c ++++ b/grub-core/video/readers/jpeg.c +@@ -253,6 +253,12 @@ grub_jpeg_decode_quan_table (struct grub_jpeg_data *data) + next_marker = data->file->offset; + next_marker += grub_jpeg_get_word (data); + ++ if (next_marker > data->file->size) ++ { ++ /* Should never be set beyond the size of the file. */ ++ return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: invalid next reference"); ++ } ++ + while (data->file->offset + sizeof (data->quan_table[id]) + 1 + <= next_marker) + { diff --git a/SOURCES/0420-gfxmenu-gui_list-Remove-code-that-coverity-is-flaggi.patch b/SOURCES/0420-gfxmenu-gui_list-Remove-code-that-coverity-is-flaggi.patch new file mode 100644 index 0000000..e79397c --- /dev/null +++ b/SOURCES/0420-gfxmenu-gui_list-Remove-code-that-coverity-is-flaggi.patch @@ -0,0 +1,31 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Mon, 7 Dec 2020 14:44:47 +0000 +Subject: [PATCH] gfxmenu/gui_list: Remove code that coverity is flagging as + dead + +The test of value for NULL before calling grub_strdup() is not required, +since the if condition prior to this has already tested for value being +NULL and cannot reach this code if it is. + +Fixes: CID 73659 + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper +--- + grub-core/gfxmenu/gui_list.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/grub-core/gfxmenu/gui_list.c b/grub-core/gfxmenu/gui_list.c +index 01477cdf2..df334a6c5 100644 +--- a/grub-core/gfxmenu/gui_list.c ++++ b/grub-core/gfxmenu/gui_list.c +@@ -771,7 +771,7 @@ list_set_property (void *vself, const char *name, const char *value) + { + self->need_to_recreate_boxes = 1; + grub_free (self->selected_item_box_pattern); +- self->selected_item_box_pattern = value ? grub_strdup (value) : 0; ++ self->selected_item_box_pattern = grub_strdup (value); + self->selected_item_box_pattern_inherit = 0; + } + } diff --git a/SOURCES/0421-loader-bsd-Check-for-NULL-arg-up-front.patch b/SOURCES/0421-loader-bsd-Check-for-NULL-arg-up-front.patch new file mode 100644 index 0000000..fd589d4 --- /dev/null +++ b/SOURCES/0421-loader-bsd-Check-for-NULL-arg-up-front.patch @@ -0,0 +1,44 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Tue, 8 Dec 2020 21:47:13 +0000 +Subject: [PATCH] loader/bsd: Check for NULL arg up-front + +The code in the next block suggests that it is possible for .set to be +true but .arg may still be NULL. + +This code assumes that it is never NULL, yet later is testing if it is +NULL - that is inconsistent. + +So we should check first if .arg is not NULL, and remove this check that +is being flagged by Coverity since it is no longer required. + +Fixes: CID 292471 + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper +--- + grub-core/loader/i386/bsd.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/grub-core/loader/i386/bsd.c b/grub-core/loader/i386/bsd.c +index 45a715099..b5ab848ee 100644 +--- a/grub-core/loader/i386/bsd.c ++++ b/grub-core/loader/i386/bsd.c +@@ -1606,7 +1606,7 @@ grub_cmd_openbsd (grub_extcmd_context_t ctxt, int argc, char *argv[]) + kernel_type = KERNEL_TYPE_OPENBSD; + bootflags = grub_bsd_parse_flags (ctxt->state, openbsd_flags); + +- if (ctxt->state[OPENBSD_ROOT_ARG].set) ++ if (ctxt->state[OPENBSD_ROOT_ARG].set && ctxt->state[OPENBSD_ROOT_ARG].arg != NULL) + { + const char *arg = ctxt->state[OPENBSD_ROOT_ARG].arg; + unsigned type, unit, part; +@@ -1623,7 +1623,7 @@ grub_cmd_openbsd (grub_extcmd_context_t ctxt, int argc, char *argv[]) + "unknown disk type name"); + + unit = grub_strtoul (arg, (char **) &arg, 10); +- if (! (arg && *arg >= 'a' && *arg <= 'z')) ++ if (! (*arg >= 'a' && *arg <= 'z')) + return grub_error (GRUB_ERR_BAD_ARGUMENT, + "only device specifications of form " + " are supported"); diff --git a/SOURCES/0422-loader-xnu-Fix-memory-leak.patch b/SOURCES/0422-loader-xnu-Fix-memory-leak.patch new file mode 100644 index 0000000..6021137 --- /dev/null +++ b/SOURCES/0422-loader-xnu-Fix-memory-leak.patch @@ -0,0 +1,36 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Thu, 26 Nov 2020 12:53:10 +0000 +Subject: [PATCH] loader/xnu: Fix memory leak + +The code here is finished with the memory stored in name, but it only +frees it if there curvalue is valid, while it could actually free it +regardless. + +The fix is a simple relocation of the grub_free() to before the test +of curvalue. + +Fixes: CID 96646 + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper +--- + grub-core/loader/xnu.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/grub-core/loader/xnu.c b/grub-core/loader/xnu.c +index b33a38432..16bfa7cec 100644 +--- a/grub-core/loader/xnu.c ++++ b/grub-core/loader/xnu.c +@@ -1392,9 +1392,9 @@ grub_xnu_fill_devicetree (void) + name[len] = 0; + + curvalue = grub_xnu_create_value (curkey, name); +- if (!curvalue) +- return grub_errno; + grub_free (name); ++ if (!curvalue) ++ return grub_errno; + + data = grub_malloc (grub_strlen (var->value) + 1); + if (!data) diff --git a/SOURCES/0423-loader-xnu-Free-driverkey-data-when-an-error-is-dete.patch b/SOURCES/0423-loader-xnu-Free-driverkey-data-when-an-error-is-dete.patch new file mode 100644 index 0000000..462c0d2 --- /dev/null +++ b/SOURCES/0423-loader-xnu-Free-driverkey-data-when-an-error-is-dete.patch @@ -0,0 +1,74 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Marco A Benatto +Date: Mon, 30 Nov 2020 12:18:24 -0300 +Subject: [PATCH] loader/xnu: Free driverkey data when an error is detected in + grub_xnu_writetree_toheap() + +... to avoid memory leaks. + +Fixes: CID 96640 + +Signed-off-by: Marco A Benatto +Reviewed-by: Daniel Kiper +--- + grub-core/loader/xnu.c | 24 ++++++++++++++++++++---- + 1 file changed, 20 insertions(+), 4 deletions(-) + +diff --git a/grub-core/loader/xnu.c b/grub-core/loader/xnu.c +index 16bfa7cec..af885a648 100644 +--- a/grub-core/loader/xnu.c ++++ b/grub-core/loader/xnu.c +@@ -228,26 +228,33 @@ grub_xnu_writetree_toheap (grub_addr_t *target, grub_size_t *size) + if (! memorymap) + return grub_errno; + +- driverkey = (struct grub_xnu_devtree_key *) grub_malloc (sizeof (*driverkey)); ++ driverkey = (struct grub_xnu_devtree_key *) grub_zalloc (sizeof (*driverkey)); + if (! driverkey) + return grub_errno; + driverkey->name = grub_strdup ("DeviceTree"); + if (! driverkey->name) +- return grub_errno; ++ { ++ err = grub_errno; ++ goto fail; ++ } ++ + driverkey->datasize = sizeof (*extdesc); + driverkey->next = memorymap->first_child; + memorymap->first_child = driverkey; + driverkey->data = extdesc + = (struct grub_xnu_extdesc *) grub_malloc (sizeof (*extdesc)); + if (! driverkey->data) +- return grub_errno; ++ { ++ err = grub_errno; ++ goto fail; ++ } + + /* Allocate the space based on the size with dummy value. */ + *size = grub_xnu_writetree_get_size (grub_xnu_devtree_root, "/"); + err = grub_xnu_heap_malloc (ALIGN_UP (*size + 1, GRUB_XNU_PAGESIZE), + &src, target); + if (err) +- return err; ++ goto fail; + + /* Put real data in the dummy. */ + extdesc->addr = *target; +@@ -256,6 +263,15 @@ grub_xnu_writetree_toheap (grub_addr_t *target, grub_size_t *size) + /* Write the tree to heap. */ + grub_xnu_writetree_toheap_real (src, grub_xnu_devtree_root, "/"); + return GRUB_ERR_NONE; ++ ++ fail: ++ memorymap->first_child = NULL; ++ ++ grub_free (driverkey->data); ++ grub_free (driverkey->name); ++ grub_free (driverkey); ++ ++ return err; + } + + /* Find a key or value in parent key. */ diff --git a/SOURCES/0424-loader-xnu-Check-if-pointer-is-NULL-before-using-it.patch b/SOURCES/0424-loader-xnu-Check-if-pointer-is-NULL-before-using-it.patch new file mode 100644 index 0000000..a194b7f --- /dev/null +++ b/SOURCES/0424-loader-xnu-Check-if-pointer-is-NULL-before-using-it.patch @@ -0,0 +1,39 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Paulo Flabiano Smorigo +Date: Mon, 30 Nov 2020 10:36:00 -0300 +Subject: [PATCH] loader/xnu: Check if pointer is NULL before using it + +Fixes: CID 73654 + +Signed-off-by: Paulo Flabiano Smorigo +Reviewed-by: Daniel Kiper +--- + grub-core/loader/xnu.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/grub-core/loader/xnu.c b/grub-core/loader/xnu.c +index af885a648..49641b8bb 100644 +--- a/grub-core/loader/xnu.c ++++ b/grub-core/loader/xnu.c +@@ -671,6 +671,9 @@ grub_xnu_load_driver (char *infoplistname, grub_file_t binaryfile, + char *name, *nameend; + int namelen; + ++ if (infoplistname == NULL) ++ return grub_error (GRUB_ERR_BAD_FILENAME, N_("missing p-list filename")); ++ + name = get_name_ptr (infoplistname); + nameend = grub_strchr (name, '/'); + +@@ -702,10 +705,7 @@ grub_xnu_load_driver (char *infoplistname, grub_file_t binaryfile, + else + macho = 0; + +- if (infoplistname) +- infoplist = grub_file_open (infoplistname, GRUB_FILE_TYPE_XNU_INFO_PLIST); +- else +- infoplist = 0; ++ infoplist = grub_file_open (infoplistname, GRUB_FILE_TYPE_XNU_INFO_PLIST); + grub_errno = GRUB_ERR_NONE; + if (infoplist) + { diff --git a/SOURCES/0425-util-grub-editenv-Fix-incorrect-casting-of-a-signed-.patch b/SOURCES/0425-util-grub-editenv-Fix-incorrect-casting-of-a-signed-.patch new file mode 100644 index 0000000..96d9e84 --- /dev/null +++ b/SOURCES/0425-util-grub-editenv-Fix-incorrect-casting-of-a-signed-.patch @@ -0,0 +1,43 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Thu, 5 Nov 2020 14:33:50 +0000 +Subject: [PATCH] util/grub-editenv: Fix incorrect casting of a signed value + +The return value of ftell() may be negative (-1) on error. While it is +probably unlikely to occur, we should not blindly cast to an unsigned +value without first testing that it is not negative. + +Fixes: CID 73856 + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper +--- + util/grub-editenv.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/util/grub-editenv.c b/util/grub-editenv.c +index 2918bb71c..e9011e0fb 100644 +--- a/util/grub-editenv.c ++++ b/util/grub-editenv.c +@@ -128,6 +128,7 @@ open_envblk_file (const char *name) + { + FILE *fp; + char *buf; ++ long loc; + size_t size; + grub_envblk_t envblk; + +@@ -146,7 +147,12 @@ open_envblk_file (const char *name) + grub_util_error (_("cannot seek `%s': %s"), name, + strerror (errno)); + +- size = (size_t) ftell (fp); ++ loc = ftell (fp); ++ if (loc < 0) ++ grub_util_error (_("cannot get file location `%s': %s"), name, ++ strerror (errno)); ++ ++ size = (size_t) loc; + + if (fseek (fp, 0, SEEK_SET) < 0) + grub_util_error (_("cannot seek `%s': %s"), name, diff --git a/SOURCES/0426-util-glue-efi-Fix-incorrect-use-of-a-possibly-negati.patch b/SOURCES/0426-util-glue-efi-Fix-incorrect-use-of-a-possibly-negati.patch new file mode 100644 index 0000000..958246c --- /dev/null +++ b/SOURCES/0426-util-glue-efi-Fix-incorrect-use-of-a-possibly-negati.patch @@ -0,0 +1,47 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Fri, 4 Dec 2020 15:04:28 +0000 +Subject: [PATCH] util/glue-efi: Fix incorrect use of a possibly negative value + +It is possible for the ftell() function to return a negative value, +although it is fairly unlikely here, we should be checking for +a negative value before we assign it to an unsigned value. + +Fixes: CID 73744 + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper +--- + util/glue-efi.c | 14 ++++++++++++-- + 1 file changed, 12 insertions(+), 2 deletions(-) + +diff --git a/util/glue-efi.c b/util/glue-efi.c +index 68f53168b..de0fa6d33 100644 +--- a/util/glue-efi.c ++++ b/util/glue-efi.c +@@ -39,13 +39,23 @@ write_fat (FILE *in32, FILE *in64, FILE *out, const char *out_filename, + struct grub_macho_fat_header head; + struct grub_macho_fat_arch arch32, arch64; + grub_uint32_t size32, size64; ++ long size; + char *buf; + + fseek (in32, 0, SEEK_END); +- size32 = ftell (in32); ++ size = ftell (in32); ++ if (size < 0) ++ grub_util_error ("cannot get end of input file '%s': %s", ++ name32, strerror (errno)); ++ size32 = (grub_uint32_t) size; + fseek (in32, 0, SEEK_SET); ++ + fseek (in64, 0, SEEK_END); +- size64 = ftell (in64); ++ size = ftell (in64); ++ if (size < 0) ++ grub_util_error ("cannot get end of input file '%s': %s", ++ name64, strerror (errno)); ++ size64 = (grub_uint64_t) size; + fseek (in64, 0, SEEK_SET); + + head.magic = grub_cpu_to_le32_compile_time (GRUB_MACHO_FAT_EFI_MAGIC); diff --git a/SOURCES/0427-script-execute-Fix-NULL-dereference-in-grub_script_e.patch b/SOURCES/0427-script-execute-Fix-NULL-dereference-in-grub_script_e.patch new file mode 100644 index 0000000..5c30501 --- /dev/null +++ b/SOURCES/0427-script-execute-Fix-NULL-dereference-in-grub_script_e.patch @@ -0,0 +1,25 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Fri, 3 Apr 2020 23:05:13 +1100 +Subject: [PATCH] script/execute: Fix NULL dereference in + grub_script_execute_cmdline() + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +--- + grub-core/script/execute.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/grub-core/script/execute.c b/grub-core/script/execute.c +index a1aadb9ee..2e47c0467 100644 +--- a/grub-core/script/execute.c ++++ b/grub-core/script/execute.c +@@ -978,7 +978,7 @@ grub_script_execute_cmdline (struct grub_script_cmd *cmd) + struct grub_script_argv argv = { 0, 0, 0 }; + + /* Lookup the command. */ +- if (grub_script_arglist_to_argv (cmdline->arglist, &argv) || ! argv.args[0]) ++ if (grub_script_arglist_to_argv (cmdline->arglist, &argv) || ! argv.args || ! argv.args[0]) + return grub_errno; + + for (i = 0; i < argv.argc; i++) { diff --git a/SOURCES/0428-commands-ls-Require-device_name-is-not-NULL-before-p.patch b/SOURCES/0428-commands-ls-Require-device_name-is-not-NULL-before-p.patch new file mode 100644 index 0000000..4e5aa42 --- /dev/null +++ b/SOURCES/0428-commands-ls-Require-device_name-is-not-NULL-before-p.patch @@ -0,0 +1,30 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Mon, 11 Jan 2021 16:57:37 +1100 +Subject: [PATCH] commands/ls: Require device_name is not NULL before printing + +This can be triggered with: + ls -l (0 0*) +and causes a NULL deref in grub_normal_print_device_info(). + +I'm not sure if there's any implication with the IEEE 1275 platform. + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +--- + grub-core/commands/ls.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/grub-core/commands/ls.c b/grub-core/commands/ls.c +index 2cdb2acc5..d4dcffd31 100644 +--- a/grub-core/commands/ls.c ++++ b/grub-core/commands/ls.c +@@ -196,7 +196,7 @@ grub_ls_list_files (char *dirname, int longlist, int all, int human) + goto fail; + } + +- if (! *path) ++ if (! *path && device_name) + { + if (grub_errno == GRUB_ERR_UNKNOWN_FS) + grub_errno = GRUB_ERR_NONE; diff --git a/SOURCES/0429-script-execute-Avoid-crash-when-using-outside-a-func.patch b/SOURCES/0429-script-execute-Avoid-crash-when-using-outside-a-func.patch new file mode 100644 index 0000000..c99388a --- /dev/null +++ b/SOURCES/0429-script-execute-Avoid-crash-when-using-outside-a-func.patch @@ -0,0 +1,34 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Mon, 11 Jan 2021 17:30:42 +1100 +Subject: [PATCH] script/execute: Avoid crash when using "$#" outside a + function scope + +"$#" represents the number of arguments to a function. It is only +defined in a function scope, where "scope" is non-NULL. Currently, +if we attempt to evaluate "$#" outside a function scope, "scope" will +be NULL and we will crash with a NULL pointer dereference. + +Do not attempt to count arguments for "$#" if "scope" is NULL. This +will result in "$#" being interpreted as an empty string if evaluated +outside a function scope. + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +--- + grub-core/script/execute.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/grub-core/script/execute.c b/grub-core/script/execute.c +index 2e47c0467..17f4dcab2 100644 +--- a/grub-core/script/execute.c ++++ b/grub-core/script/execute.c +@@ -519,7 +519,7 @@ gettext_putvar (const char *str, grub_size_t len, + return 0; + + /* Enough for any number. */ +- if (len == 1 && str[0] == '#') ++ if (len == 1 && str[0] == '#' && scope != NULL) + { + grub_snprintf (*ptr, 30, "%u", scope->argv.argc); + *ptr += grub_strlen (*ptr); diff --git a/SOURCES/0430-lib-arg-Block-repeated-short-options-that-require-an.patch b/SOURCES/0430-lib-arg-Block-repeated-short-options-that-require-an.patch new file mode 100644 index 0000000..977a461 --- /dev/null +++ b/SOURCES/0430-lib-arg-Block-repeated-short-options-that-require-an.patch @@ -0,0 +1,51 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Fri, 22 Jan 2021 16:07:29 +1100 +Subject: [PATCH] lib/arg: Block repeated short options that require an + argument + +Fuzzing found the following crash: + + search -hhhhhhhhhhhhhf + +We didn't allocate enough option space for 13 hints because the +allocation code counts the number of discrete arguments (i.e. argc). +However, the shortopt parsing code will happily keep processing +a combination of short options without checking if those short +options require an argument. This means you can easily end writing +past the allocated option space. + +This fixes a OOB write which can cause heap corruption. + +Fixes: CVE-2021-20225 + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +--- + grub-core/lib/arg.c | 13 +++++++++++++ + 1 file changed, 13 insertions(+) + +diff --git a/grub-core/lib/arg.c b/grub-core/lib/arg.c +index 3288609a5..537c5e94b 100644 +--- a/grub-core/lib/arg.c ++++ b/grub-core/lib/arg.c +@@ -299,6 +299,19 @@ grub_arg_parse (grub_extcmd_t cmd, int argc, char **argv, + it can have an argument value. */ + if (*curshort) + { ++ /* ++ * Only permit further short opts if this one doesn't ++ * require a value. ++ */ ++ if (opt->type != ARG_TYPE_NONE && ++ !(opt->flags & GRUB_ARG_OPTION_OPTIONAL)) ++ { ++ grub_error (GRUB_ERR_BAD_ARGUMENT, ++ N_("missing mandatory option for `%s'"), ++ opt->longarg); ++ goto fail; ++ } ++ + if (parse_option (cmd, opt, 0, usr) || grub_errno) + goto fail; + } diff --git a/SOURCES/0431-script-execute-Don-t-crash-on-a-for-loop-with-no-ite.patch b/SOURCES/0431-script-execute-Don-t-crash-on-a-for-loop-with-no-ite.patch new file mode 100644 index 0000000..0ad1065 --- /dev/null +++ b/SOURCES/0431-script-execute-Don-t-crash-on-a-for-loop-with-no-ite.patch @@ -0,0 +1,36 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Fri, 22 Jan 2021 16:18:26 +1100 +Subject: [PATCH] script/execute: Don't crash on a "for" loop with no items + +The following crashes the parser: + + for x in; do + 0 + done + +This is because grub_script_arglist_to_argv() doesn't consider the +possibility that arglist is NULL. Catch that explicitly. + +This avoids a NULL pointer dereference. + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +--- + grub-core/script/execute.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/grub-core/script/execute.c b/grub-core/script/execute.c +index 17f4dcab2..266d99ed3 100644 +--- a/grub-core/script/execute.c ++++ b/grub-core/script/execute.c +@@ -658,6 +658,9 @@ grub_script_arglist_to_argv (struct grub_script_arglist *arglist, + struct grub_script_arg *arg = 0; + struct grub_script_argv result = { 0, 0, 0 }; + ++ if (arglist == NULL) ++ return 1; ++ + for (; arglist && arglist->arg; arglist = arglist->next) + { + if (grub_script_argv_next (&result)) diff --git a/SOURCES/0432-commands-menuentry-Fix-quoting-in-setparams_prefix.patch b/SOURCES/0432-commands-menuentry-Fix-quoting-in-setparams_prefix.patch new file mode 100644 index 0000000..d2d1bf4 --- /dev/null +++ b/SOURCES/0432-commands-menuentry-Fix-quoting-in-setparams_prefix.patch @@ -0,0 +1,43 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Fri, 22 Jan 2021 17:10:48 +1100 +Subject: [PATCH] commands/menuentry: Fix quoting in setparams_prefix() + +Commit 9acdcbf32542 (use single quotes in menuentry setparams command) +says that expressing a quoted single quote will require 3 characters. It +actually requires (and always did require!) 4 characters: + + str: a'b => a'\''b + len: 3 => 6 (2 for the letters + 4 for the quote) + +This leads to not allocating enough memory and thus out of bounds writes +that have been observed to cause heap corruption. + +Allocate 4 bytes for each single quote. + +Commit 22e7dbb2bb81 (Fix quoting in legacy parser.) does the same +quoting, but it adds 3 as extra overhead on top of the single byte that +the quote already needs. So it's correct. + +Fixes: CVE-2021-20233 +Fixes: 9acdcbf32542 (use single quotes in menuentry setparams command) + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +--- + grub-core/commands/menuentry.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/grub-core/commands/menuentry.c b/grub-core/commands/menuentry.c +index 4b5fcf2ce..7a533b974 100644 +--- a/grub-core/commands/menuentry.c ++++ b/grub-core/commands/menuentry.c +@@ -239,7 +239,7 @@ setparams_prefix (int argc, char **args) + len += 3; /* 3 = 1 space + 2 quotes */ + p = args[i]; + while (*p) +- len += (*p++ == '\'' ? 3 : 1); ++ len += (*p++ == '\'' ? 4 : 1); + } + + result = grub_malloc (len + 2); diff --git a/SOURCES/0433-kern-misc-Always-set-end-in-grub_strtoull.patch b/SOURCES/0433-kern-misc-Always-set-end-in-grub_strtoull.patch new file mode 100644 index 0000000..1a950f9 --- /dev/null +++ b/SOURCES/0433-kern-misc-Always-set-end-in-grub_strtoull.patch @@ -0,0 +1,43 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Wed, 13 Jan 2021 22:19:01 +1100 +Subject: [PATCH] kern/misc: Always set *end in grub_strtoull() + +Currently, if there is an error in grub_strtoull(), *end is not set. +This differs from the usual behavior of strtoull(), and also means that +some callers may use an uninitialized value for *end. + +Set *end unconditionally. + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +--- + grub-core/kern/misc.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/grub-core/kern/misc.c b/grub-core/kern/misc.c +index 97378c48b..475f3e0ef 100644 +--- a/grub-core/kern/misc.c ++++ b/grub-core/kern/misc.c +@@ -485,6 +485,10 @@ grub_strtoull (const char *str, const char ** const end, int base) + { + grub_error (GRUB_ERR_OUT_OF_RANGE, + N_("overflow is detected")); ++ ++ if (end) ++ *end = (char *) str; ++ + return ~0ULL; + } + +@@ -496,6 +500,10 @@ grub_strtoull (const char *str, const char ** const end, int base) + { + grub_error (GRUB_ERR_BAD_NUMBER, + N_("unrecognized number")); ++ ++ if (end) ++ *end = (char *) str; ++ + return 0; + } + diff --git a/SOURCES/0434-video-readers-jpeg-Catch-files-with-unsupported-quan.patch b/SOURCES/0434-video-readers-jpeg-Catch-files-with-unsupported-quan.patch new file mode 100644 index 0000000..afc7125 --- /dev/null +++ b/SOURCES/0434-video-readers-jpeg-Catch-files-with-unsupported-quan.patch @@ -0,0 +1,49 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Fri, 15 Jan 2021 12:57:04 +1100 +Subject: [PATCH] video/readers/jpeg: Catch files with unsupported quantization + or Huffman tables + +Our decoder only supports 2 quantization tables. If a file asks for +a quantization table with index > 1, reject it. + +Similarly, our decoder only supports 4 Huffman tables. If a file asks +for a Huffman table with index > 3, reject it. + +This fixes some out of bounds reads. It's not clear what degree of control +over subsequent execution could be gained by someone who can carefully +set up the contents of memory before loading an invalid JPEG file. + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +--- + grub-core/video/readers/jpeg.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/grub-core/video/readers/jpeg.c b/grub-core/video/readers/jpeg.c +index 0b6ce3cee..23f919aa0 100644 +--- a/grub-core/video/readers/jpeg.c ++++ b/grub-core/video/readers/jpeg.c +@@ -333,7 +333,11 @@ grub_jpeg_decode_sof (struct grub_jpeg_data *data) + else if (ss != JPEG_SAMPLING_1x1) + return grub_error (GRUB_ERR_BAD_FILE_TYPE, + "jpeg: sampling method not supported"); ++ + data->comp_index[id][0] = grub_jpeg_get_byte (data); ++ if (data->comp_index[id][0] > 1) ++ return grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "jpeg: too many quantization tables"); + } + + if (data->file->offset != next_marker) +@@ -602,6 +606,10 @@ grub_jpeg_decode_sos (struct grub_jpeg_data *data) + ht = grub_jpeg_get_byte (data); + data->comp_index[id][1] = (ht >> 4); + data->comp_index[id][2] = (ht & 0xF) + 2; ++ ++ if ((data->comp_index[id][1] < 0) || (data->comp_index[id][1] > 3) || ++ (data->comp_index[id][2] < 0) || (data->comp_index[id][2] > 3)) ++ return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: invalid hufftable index"); + } + + grub_jpeg_get_byte (data); /* Skip 3 unused bytes. */ diff --git a/SOURCES/0435-video-readers-jpeg-Catch-OOB-reads-writes-in-grub_jp.patch b/SOURCES/0435-video-readers-jpeg-Catch-OOB-reads-writes-in-grub_jp.patch new file mode 100644 index 0000000..ee9f1f5 --- /dev/null +++ b/SOURCES/0435-video-readers-jpeg-Catch-OOB-reads-writes-in-grub_jp.patch @@ -0,0 +1,44 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Fri, 15 Jan 2021 13:29:53 +1100 +Subject: [PATCH] video/readers/jpeg: Catch OOB reads/writes in + grub_jpeg_decode_du() + +The key line is: + + du[jpeg_zigzag_order[pos]] = val * (int) data->quan_table[qt][pos]; + +jpeg_zigzag_order is grub_uint8_t[64]. + +I don't understand JPEG decoders quite well enough to explain what's +going on here. However, I observe sometimes pos=64, which leads to an +OOB read of the jpeg_zigzag_order global then an OOB write to du. +That leads to various unpleasant memory corruption conditions. + +Catch where pos >= ARRAY_SIZE(jpeg_zigzag_order) and bail. + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +--- + grub-core/video/readers/jpeg.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/grub-core/video/readers/jpeg.c b/grub-core/video/readers/jpeg.c +index 23f919aa0..e5148120f 100644 +--- a/grub-core/video/readers/jpeg.c ++++ b/grub-core/video/readers/jpeg.c +@@ -526,6 +526,14 @@ grub_jpeg_decode_du (struct grub_jpeg_data *data, int id, jpeg_data_unit_t du) + val = grub_jpeg_get_number (data, num & 0xF); + num >>= 4; + pos += num; ++ ++ if (pos >= ARRAY_SIZE (jpeg_zigzag_order)) ++ { ++ grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "jpeg: invalid position in zigzag order!?"); ++ return; ++ } ++ + du[jpeg_zigzag_order[pos]] = val * (int) data->quan_table[qt][pos]; + pos++; + } diff --git a/SOURCES/0436-video-readers-jpeg-Don-t-decode-data-before-start-of.patch b/SOURCES/0436-video-readers-jpeg-Don-t-decode-data-before-start-of.patch new file mode 100644 index 0000000..0871ada --- /dev/null +++ b/SOURCES/0436-video-readers-jpeg-Don-t-decode-data-before-start-of.patch @@ -0,0 +1,36 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Fri, 15 Jan 2021 14:06:46 +1100 +Subject: [PATCH] video/readers/jpeg: Don't decode data before start of stream + +When a start of stream marker is encountered, we call grub_jpeg_decode_sos() +which allocates space for a bitmap. + +When a restart marker is encountered, we call grub_jpeg_decode_data() which +then fills in that bitmap. + +If we get a restart marker before the start of stream marker, we will +attempt to write to a bitmap_ptr that hasn't been allocated. Catch this +and bail out. This fixes an attempt to write to NULL. + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +--- + grub-core/video/readers/jpeg.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/grub-core/video/readers/jpeg.c b/grub-core/video/readers/jpeg.c +index e5148120f..e31602f76 100644 +--- a/grub-core/video/readers/jpeg.c ++++ b/grub-core/video/readers/jpeg.c +@@ -646,6 +646,10 @@ grub_jpeg_decode_data (struct grub_jpeg_data *data) + nr1 = (data->image_height + vb - 1) >> (3 + data->log_vs); + nc1 = (data->image_width + hb - 1) >> (3 + data->log_hs); + ++ if (data->bitmap_ptr == NULL) ++ return grub_error(GRUB_ERR_BAD_FILE_TYPE, ++ "jpeg: attempted to decode data before start of stream"); ++ + for (; data->r1 < nr1 && (!data->dri || rst); + data->r1++, data->bitmap_ptr += (vb * data->image_width - hb * nc1) * 3) + for (c1 = 0; c1 < nc1 && (!data->dri || rst); diff --git a/SOURCES/0437-term-gfxterm-Don-t-set-up-a-font-with-glyphs-that-ar.patch b/SOURCES/0437-term-gfxterm-Don-t-set-up-a-font-with-glyphs-that-ar.patch new file mode 100644 index 0000000..f0b6e33 --- /dev/null +++ b/SOURCES/0437-term-gfxterm-Don-t-set-up-a-font-with-glyphs-that-ar.patch @@ -0,0 +1,48 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Fri, 15 Jan 2021 20:03:20 +1100 +Subject: [PATCH] term/gfxterm: Don't set up a font with glyphs that are too + big + +Catch the case where we have a font so big that it causes the number of +rows or columns to be 0. Currently we continue and allocate a +virtual_screen.text_buffer of size 0. We then try to use that for glpyhs +and things go badly. + +On the emu platform, malloc() may give us a valid pointer, in which case +we'll access heap memory which we shouldn't. Alternatively, it may give us +NULL, in which case we'll crash. For other platforms, if I understand +grub_memalign() correctly, we will receive a valid but small allocation +that we will very likely later overrun. + +Prevent the creation of a virtual screen that isn't at least 40 cols +by 12 rows. This is arbitrary, but it seems that if your width or height +is half a standard 80x24 terminal, you're probably going to struggle to +read anything anyway. + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +--- + grub-core/term/gfxterm.c | 9 +++++++++ + 1 file changed, 9 insertions(+) + +diff --git a/grub-core/term/gfxterm.c b/grub-core/term/gfxterm.c +index af7c090a3..b40fcce91 100644 +--- a/grub-core/term/gfxterm.c ++++ b/grub-core/term/gfxterm.c +@@ -232,6 +232,15 @@ grub_virtual_screen_setup (unsigned int x, unsigned int y, + virtual_screen.columns = virtual_screen.width / virtual_screen.normal_char_width; + virtual_screen.rows = virtual_screen.height / virtual_screen.normal_char_height; + ++ /* ++ * There must be a minimum number of rows and columns for the screen to ++ * make sense. Arbitrarily pick half of 80x24. If either dimensions is 0 ++ * we would allocate 0 bytes for the text_buffer. ++ */ ++ if (virtual_screen.columns < 40 || virtual_screen.rows < 12) ++ return grub_error (GRUB_ERR_BAD_FONT, ++ "font: glyphs too large to fit on screen"); ++ + /* Allocate memory for text buffer. */ + virtual_screen.text_buffer = + (struct grub_colored_char *) grub_malloc (virtual_screen.columns diff --git a/SOURCES/0438-fs-fshelp-Catch-impermissibly-large-block-sizes-in-r.patch b/SOURCES/0438-fs-fshelp-Catch-impermissibly-large-block-sizes-in-r.patch new file mode 100644 index 0000000..c619e80 --- /dev/null +++ b/SOURCES/0438-fs-fshelp-Catch-impermissibly-large-block-sizes-in-r.patch @@ -0,0 +1,43 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Mon, 18 Jan 2021 11:46:39 +1100 +Subject: [PATCH] fs/fshelp: Catch impermissibly large block sizes in read + helper + +A fuzzed HFS+ filesystem had log2blocksize = 22. This gave +log2blocksize + GRUB_DISK_SECTOR_BITS = 31. 1 << 31 = 0x80000000, +which is -1 as an int. This caused some wacky behavior later on in +the function, leading to out-of-bounds writes on the destination buffer. + +Catch log2blocksize + GRUB_DISK_SECTOR_BITS >= 31. We could be stricter, +but this is the minimum that will prevent integer size weirdness. + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +--- + grub-core/fs/fshelp.c | 12 ++++++++++++ + 1 file changed, 12 insertions(+) + +diff --git a/grub-core/fs/fshelp.c b/grub-core/fs/fshelp.c +index 4c902adf3..a2d0d297a 100644 +--- a/grub-core/fs/fshelp.c ++++ b/grub-core/fs/fshelp.c +@@ -362,6 +362,18 @@ grub_fshelp_read_file (grub_disk_t disk, grub_fshelp_node_t node, + grub_disk_addr_t i, blockcnt; + int blocksize = 1 << (log2blocksize + GRUB_DISK_SECTOR_BITS); + ++ /* ++ * Catch blatantly invalid log2blocksize. We could be a lot stricter, but ++ * this is the most permissive we can be before we start to see integer ++ * overflow/underflow issues. ++ */ ++ if (log2blocksize + GRUB_DISK_SECTOR_BITS >= 31) ++ { ++ grub_error (GRUB_ERR_OUT_OF_RANGE, ++ N_("blocksize too large")); ++ return -1; ++ } ++ + if (pos > filesize) + { + grub_error (GRUB_ERR_OUT_OF_RANGE, diff --git a/SOURCES/0439-fs-hfsplus-Don-t-fetch-a-key-beyond-the-end-of-the-n.patch b/SOURCES/0439-fs-hfsplus-Don-t-fetch-a-key-beyond-the-end-of-the-n.patch new file mode 100644 index 0000000..782ee40 --- /dev/null +++ b/SOURCES/0439-fs-hfsplus-Don-t-fetch-a-key-beyond-the-end-of-the-n.patch @@ -0,0 +1,29 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Fri, 22 Jan 2021 18:13:56 +1100 +Subject: [PATCH] fs/hfsplus: Don't fetch a key beyond the end of the node + +Otherwise you get a wild pointer, leading to a bunch of invalid reads. +Check it falls inside the given node. + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +--- + grub-core/fs/hfsplus.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/grub-core/fs/hfsplus.c b/grub-core/fs/hfsplus.c +index 03a33ea24..423f4b956 100644 +--- a/grub-core/fs/hfsplus.c ++++ b/grub-core/fs/hfsplus.c +@@ -635,6 +635,10 @@ grub_hfsplus_btree_search (struct grub_hfsplus_btree *btree, + pointer = ((char *) currkey + + grub_be_to_cpu16 (currkey->keylen) + + 2); ++ ++ if ((char *) pointer > node + btree->nodesize - 2) ++ return grub_error (GRUB_ERR_BAD_FS, "HFS+ key beyond end of node"); ++ + currnode = grub_be_to_cpu32 (grub_get_unaligned32 (pointer)); + match = 1; + } diff --git a/SOURCES/0440-fs-hfsplus-Don-t-use-uninitialized-data-on-corrupt-f.patch b/SOURCES/0440-fs-hfsplus-Don-t-use-uninitialized-data-on-corrupt-f.patch new file mode 100644 index 0000000..612254b --- /dev/null +++ b/SOURCES/0440-fs-hfsplus-Don-t-use-uninitialized-data-on-corrupt-f.patch @@ -0,0 +1,104 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Tue, 2 Feb 2021 16:59:35 +1100 +Subject: [PATCH] fs/hfsplus: Don't use uninitialized data on corrupt + filesystems + +Valgrind identified the following use of uninitialized data: + + ==2782220== Conditional jump or move depends on uninitialised value(s) + ==2782220== at 0x42B364: grub_hfsplus_btree_search (hfsplus.c:566) + ==2782220== by 0x42B21D: grub_hfsplus_read_block (hfsplus.c:185) + ==2782220== by 0x42A693: grub_fshelp_read_file (fshelp.c:386) + ==2782220== by 0x42C598: grub_hfsplus_read_file (hfsplus.c:219) + ==2782220== by 0x42C598: grub_hfsplus_mount (hfsplus.c:330) + ==2782220== by 0x42B8C5: grub_hfsplus_dir (hfsplus.c:958) + ==2782220== by 0x4C1AE6: grub_fs_probe (fs.c:73) + ==2782220== by 0x407C94: grub_ls_list_files (ls.c:186) + ==2782220== by 0x407C94: grub_cmd_ls (ls.c:284) + ==2782220== by 0x4D7130: grub_extcmd_dispatcher (extcmd.c:55) + ==2782220== by 0x4045A6: execute_command (grub-fstest.c:59) + ==2782220== by 0x4045A6: fstest (grub-fstest.c:433) + ==2782220== by 0x4045A6: main (grub-fstest.c:772) + ==2782220== Uninitialised value was created by a heap allocation + ==2782220== at 0x483C7F3: malloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) + ==2782220== by 0x4C0305: grub_malloc (mm.c:42) + ==2782220== by 0x42C21D: grub_hfsplus_mount (hfsplus.c:239) + ==2782220== by 0x42B8C5: grub_hfsplus_dir (hfsplus.c:958) + ==2782220== by 0x4C1AE6: grub_fs_probe (fs.c:73) + ==2782220== by 0x407C94: grub_ls_list_files (ls.c:186) + ==2782220== by 0x407C94: grub_cmd_ls (ls.c:284) + ==2782220== by 0x4D7130: grub_extcmd_dispatcher (extcmd.c:55) + ==2782220== by 0x4045A6: execute_command (grub-fstest.c:59) + ==2782220== by 0x4045A6: fstest (grub-fstest.c:433) + ==2782220== by 0x4045A6: main (grub-fstest.c:772) + +This happens when the process of reading the catalog file goes sufficiently +wrong that there's an attempt to read the extent overflow file, which has +not yet been loaded. Keep track of when the extent overflow file is +fully loaded and refuse to use it before then. + +The load valgrind doesn't like is btree->nodesize, and that's then used +to allocate a data structure. It looks like there are subsequently a lot +of reads based on that pointer so OOB reads are likely, and indeed crashes +(albeit difficult-to-replicate ones) have been observed in fuzzing. + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +--- + grub-core/fs/hfsplus.c | 14 ++++++++++++++ + include/grub/hfsplus.h | 2 ++ + 2 files changed, 16 insertions(+) + +diff --git a/grub-core/fs/hfsplus.c b/grub-core/fs/hfsplus.c +index 423f4b956..8c0c80473 100644 +--- a/grub-core/fs/hfsplus.c ++++ b/grub-core/fs/hfsplus.c +@@ -177,6 +177,17 @@ grub_hfsplus_read_block (grub_fshelp_node_t node, grub_disk_addr_t fileblock) + break; + } + ++ /* ++ * If the extent overflow tree isn't ready yet, we can't look ++ * in it. This can happen where the catalog file is corrupted. ++ */ ++ if (!node->data->extoverflow_tree_ready) ++ { ++ grub_error (GRUB_ERR_BAD_FS, ++ "attempted to read extent overflow tree before loading"); ++ break; ++ } ++ + /* Set up the key to look for in the extent overflow file. */ + extoverflow.extkey.fileid = node->fileid; + extoverflow.extkey.type = 0; +@@ -241,6 +252,7 @@ grub_hfsplus_mount (grub_disk_t disk) + return 0; + + data->disk = disk; ++ data->extoverflow_tree_ready = 0; + + /* Read the bootblock. */ + grub_disk_read (disk, GRUB_HFSPLUS_SBLOCK, 0, sizeof (volheader), +@@ -357,6 +369,8 @@ grub_hfsplus_mount (grub_disk_t disk) + if (data->extoverflow_tree.nodesize < 2) + goto fail; + ++ data->extoverflow_tree_ready = 1; ++ + if (grub_hfsplus_read_file (&data->attr_tree.file, 0, 0, + sizeof (struct grub_hfsplus_btnode), + sizeof (header), (char *) &header) <= 0) +diff --git a/include/grub/hfsplus.h b/include/grub/hfsplus.h +index 117740ae2..e14dd31ff 100644 +--- a/include/grub/hfsplus.h ++++ b/include/grub/hfsplus.h +@@ -113,6 +113,8 @@ struct grub_hfsplus_data + struct grub_hfsplus_btree extoverflow_tree; + struct grub_hfsplus_btree attr_tree; + ++ int extoverflow_tree_ready; ++ + struct grub_hfsplus_file dirroot; + struct grub_hfsplus_file opened_file; + diff --git a/SOURCES/0441-fs-hfs-Disable-under-lockdown.patch b/SOURCES/0441-fs-hfs-Disable-under-lockdown.patch new file mode 100644 index 0000000..49f3f97 --- /dev/null +++ b/SOURCES/0441-fs-hfs-Disable-under-lockdown.patch @@ -0,0 +1,43 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Mon, 18 Jan 2021 12:19:07 +1100 +Subject: [PATCH] fs/hfs: Disable under lockdown + +HFS has issues such as infinite mutual recursion that are simply too +complex to fix for such a legacy format. So simply do not permit +it to be loaded under lockdown. + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +--- + grub-core/fs/hfs.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/grub-core/fs/hfs.c b/grub-core/fs/hfs.c +index 3fd4eec20..49d1831c8 100644 +--- a/grub-core/fs/hfs.c ++++ b/grub-core/fs/hfs.c +@@ -30,6 +30,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -1433,11 +1434,13 @@ static struct grub_fs grub_hfs_fs = + + GRUB_MOD_INIT(hfs) + { +- grub_fs_register (&grub_hfs_fs); ++ if (!grub_is_lockdown ()) ++ grub_fs_register (&grub_hfs_fs); + my_mod = mod; + } + + GRUB_MOD_FINI(hfs) + { +- grub_fs_unregister (&grub_hfs_fs); ++ if (!grub_is_lockdown()) ++ grub_fs_unregister (&grub_hfs_fs); + } diff --git a/SOURCES/0442-fs-sfs-Fix-over-read-of-root-object-name.patch b/SOURCES/0442-fs-sfs-Fix-over-read-of-root-object-name.patch new file mode 100644 index 0000000..35fe7cb --- /dev/null +++ b/SOURCES/0442-fs-sfs-Fix-over-read-of-root-object-name.patch @@ -0,0 +1,46 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Mon, 18 Jan 2021 14:34:58 +1100 +Subject: [PATCH] fs/sfs: Fix over-read of root object name + +There's a read of the name of the root object that assumes that the name +is nul-terminated within the root block. This isn't guaranteed - it seems +SFS would require you to read multiple blocks to get a full name in general, +but maybe that doesn't apply to the root object. + +Either way, figure out how much space is left in the root block and don't +over-read it. This fixes some OOB reads. + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +--- + grub-core/fs/sfs.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +diff --git a/grub-core/fs/sfs.c b/grub-core/fs/sfs.c +index 3ddc6b5e2..61d6c303c 100644 +--- a/grub-core/fs/sfs.c ++++ b/grub-core/fs/sfs.c +@@ -373,6 +373,7 @@ grub_sfs_mount (grub_disk_t disk) + struct grub_sfs_objc *rootobjc; + char *rootobjc_data = 0; + grub_uint32_t blk; ++ unsigned int max_len; + + data = grub_malloc (sizeof (*data)); + if (!data) +@@ -421,7 +422,13 @@ grub_sfs_mount (grub_disk_t disk) + data->diropen.data = data; + data->diropen.cache = 0; + data->disk = disk; +- data->label = grub_strdup ((char *) (rootobjc->objects[0].filename)); ++ ++ /* We only read 1 block of data, so truncate the name if needed. */ ++ max_len = ((GRUB_DISK_SECTOR_SIZE << data->log_blocksize) ++ - 24 /* offsetof (struct grub_sfs_objc, objects) */ ++ - 25); /* offsetof (struct grub_sfs_obj, filename) */ ++ data->label = grub_zalloc (max_len + 1); ++ grub_strncpy (data->label, (char *) rootobjc->objects[0].filename, max_len); + + grub_free (rootobjc_data); + return data; diff --git a/SOURCES/0443-fs-jfs-Do-not-move-to-leaf-level-if-name-length-is-n.patch b/SOURCES/0443-fs-jfs-Do-not-move-to-leaf-level-if-name-length-is-n.patch new file mode 100644 index 0000000..8c3ebf3 --- /dev/null +++ b/SOURCES/0443-fs-jfs-Do-not-move-to-leaf-level-if-name-length-is-n.patch @@ -0,0 +1,30 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Mon, 18 Jan 2021 14:51:11 +1100 +Subject: [PATCH] fs/jfs: Do not move to leaf level if name length is negative + +Fuzzing JFS revealed crashes where a negative number would be passed +to le_to_cpu16_copy(). There it would be cast to a large positive number +and the copy would read and write off the end of the respective buffers. + +Catch this at the top as well as the bottom of the loop. + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +--- + grub-core/fs/jfs.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/grub-core/fs/jfs.c b/grub-core/fs/jfs.c +index aab3e8c7b..1819899bd 100644 +--- a/grub-core/fs/jfs.c ++++ b/grub-core/fs/jfs.c +@@ -563,7 +563,7 @@ grub_jfs_getent (struct grub_jfs_diropen *diro) + + /* Move down to the leaf level. */ + nextent = leaf->next; +- if (leaf->next != 255) ++ if (leaf->next != 255 && len > 0) + do + { + next_leaf = &diro->next_leaf[nextent]; diff --git a/SOURCES/0444-fs-jfs-Limit-the-extents-that-getblk-can-consider.patch b/SOURCES/0444-fs-jfs-Limit-the-extents-that-getblk-can-consider.patch new file mode 100644 index 0000000..e84d344 --- /dev/null +++ b/SOURCES/0444-fs-jfs-Limit-the-extents-that-getblk-can-consider.patch @@ -0,0 +1,58 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Mon, 18 Jan 2021 14:57:17 +1100 +Subject: [PATCH] fs/jfs: Limit the extents that getblk() can consider + +getblk() implicitly trusts that treehead->count is an accurate count of +the number of extents. However, that value is read from disk and is not +trustworthy, leading to OOB reads and crashes. I am not sure to what +extent the data read from OOB can influence subsequent program execution. + +Require callers to pass in the maximum number of extents for which +they have storage. + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +--- + grub-core/fs/jfs.c | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +diff --git a/grub-core/fs/jfs.c b/grub-core/fs/jfs.c +index 1819899bd..6e81f37da 100644 +--- a/grub-core/fs/jfs.c ++++ b/grub-core/fs/jfs.c +@@ -261,13 +261,15 @@ static grub_err_t grub_jfs_lookup_symlink (struct grub_jfs_data *data, grub_uint + static grub_int64_t + getblk (struct grub_jfs_treehead *treehead, + struct grub_jfs_tree_extent *extents, ++ int max_extents, + struct grub_jfs_data *data, + grub_uint64_t blk) + { + int found = -1; + int i; + +- for (i = 0; i < grub_le_to_cpu16 (treehead->count) - 2; i++) ++ for (i = 0; i < grub_le_to_cpu16 (treehead->count) - 2 && ++ i < max_extents; i++) + { + if (treehead->flags & GRUB_JFS_TREE_LEAF) + { +@@ -302,7 +304,7 @@ getblk (struct grub_jfs_treehead *treehead, + << (grub_le_to_cpu16 (data->sblock.log2_blksz) + - GRUB_DISK_SECTOR_BITS), 0, + sizeof (*tree), (char *) tree)) +- ret = getblk (&tree->treehead, &tree->extents[0], data, blk); ++ ret = getblk (&tree->treehead, &tree->extents[0], 254, data, blk); + grub_free (tree); + return ret; + } +@@ -316,7 +318,7 @@ static grub_int64_t + grub_jfs_blkno (struct grub_jfs_data *data, struct grub_jfs_inode *inode, + grub_uint64_t blk) + { +- return getblk (&inode->file.tree, &inode->file.extents[0], data, blk); ++ return getblk (&inode->file.tree, &inode->file.extents[0], 16, data, blk); + } + + diff --git a/SOURCES/0445-fs-jfs-Catch-infinite-recursion.patch b/SOURCES/0445-fs-jfs-Catch-infinite-recursion.patch new file mode 100644 index 0000000..9201242 --- /dev/null +++ b/SOURCES/0445-fs-jfs-Catch-infinite-recursion.patch @@ -0,0 +1,42 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Mon, 18 Jan 2021 15:47:24 +1100 +Subject: [PATCH] fs/jfs: Catch infinite recursion + +It's possible with a fuzzed filesystem for JFS to keep getblk()-ing +the same data over and over again, leading to stack exhaustion. + +Check if we'd be calling the function with exactly the same data as +was passed in, and if so abort. + +I'm not sure what the performance impact of this is and am open to +better ideas. + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +--- + grub-core/fs/jfs.c | 11 ++++++++++- + 1 file changed, 10 insertions(+), 1 deletion(-) + +diff --git a/grub-core/fs/jfs.c b/grub-core/fs/jfs.c +index 6e81f37da..20d966abf 100644 +--- a/grub-core/fs/jfs.c ++++ b/grub-core/fs/jfs.c +@@ -304,7 +304,16 @@ getblk (struct grub_jfs_treehead *treehead, + << (grub_le_to_cpu16 (data->sblock.log2_blksz) + - GRUB_DISK_SECTOR_BITS), 0, + sizeof (*tree), (char *) tree)) +- ret = getblk (&tree->treehead, &tree->extents[0], 254, data, blk); ++ { ++ if (grub_memcmp (&tree->treehead, treehead, sizeof (struct grub_jfs_treehead)) || ++ grub_memcmp (&tree->extents, extents, 254 * sizeof (struct grub_jfs_tree_extent))) ++ ret = getblk (&tree->treehead, &tree->extents[0], 254, data, blk); ++ else ++ { ++ grub_error (GRUB_ERR_BAD_FS, "jfs: infinite recursion detected"); ++ ret = -1; ++ } ++ } + grub_free (tree); + return ret; + } diff --git a/SOURCES/0446-fs-nilfs2-Reject-too-large-keys.patch b/SOURCES/0446-fs-nilfs2-Reject-too-large-keys.patch new file mode 100644 index 0000000..af50c32 --- /dev/null +++ b/SOURCES/0446-fs-nilfs2-Reject-too-large-keys.patch @@ -0,0 +1,42 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Mon, 18 Jan 2021 16:49:09 +1100 +Subject: [PATCH] fs/nilfs2: Reject too-large keys + +NILFS2 has up to 7 keys, per the data structure. Do not permit array +indices in excess of that. + +This catches some OOB reads. I don't know how controllable the invalidly +read data is or if that could be used later in the program. + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +--- + grub-core/fs/nilfs2.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/grub-core/fs/nilfs2.c b/grub-core/fs/nilfs2.c +index 598a2a55b..61e8af9ff 100644 +--- a/grub-core/fs/nilfs2.c ++++ b/grub-core/fs/nilfs2.c +@@ -569,6 +569,11 @@ grub_nilfs2_btree_lookup (struct grub_nilfs2_data *data, + static inline grub_uint64_t + grub_nilfs2_direct_lookup (struct grub_nilfs2_inode *inode, grub_uint64_t key) + { ++ if (1 + key > 6) ++ { ++ grub_error (GRUB_ERR_BAD_FS, "key is too large"); ++ return 0xffffffffffffffff; ++ } + return grub_le_to_cpu64 (inode->i_bmap[1 + key]); + } + +@@ -584,7 +589,7 @@ grub_nilfs2_bmap_lookup (struct grub_nilfs2_data *data, + { + grub_uint64_t ptr; + ptr = grub_nilfs2_direct_lookup (inode, key); +- if (need_translate) ++ if (ptr != ((grub_uint64_t) 0xffffffffffffffff) && need_translate) + ptr = grub_nilfs2_dat_translate (data, ptr); + return ptr; + } diff --git a/SOURCES/0447-fs-nilfs2-Don-t-search-children-if-provided-number-i.patch b/SOURCES/0447-fs-nilfs2-Don-t-search-children-if-provided-number-i.patch new file mode 100644 index 0000000..abda89b --- /dev/null +++ b/SOURCES/0447-fs-nilfs2-Don-t-search-children-if-provided-number-i.patch @@ -0,0 +1,96 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Mon, 18 Jan 2021 16:49:44 +1100 +Subject: [PATCH] fs/nilfs2: Don't search children if provided number is too + large + +NILFS2 reads the number of children a node has from the node. Unfortunately, +that's not trustworthy. Check if it's beyond what the filesystem permits and +reject it if so. + +This blocks some OOB reads. I'm not sure how controllable the read is and what +could be done with invalidly read data later on. + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +--- + grub-core/fs/nilfs2.c | 38 +++++++++++++++++++++++--------------- + 1 file changed, 23 insertions(+), 15 deletions(-) + +diff --git a/grub-core/fs/nilfs2.c b/grub-core/fs/nilfs2.c +index 61e8af9ff..054ad3dc1 100644 +--- a/grub-core/fs/nilfs2.c ++++ b/grub-core/fs/nilfs2.c +@@ -416,14 +416,34 @@ grub_nilfs2_btree_node_get_key (struct grub_nilfs2_btree_node *node, + } + + static inline int +-grub_nilfs2_btree_node_lookup (struct grub_nilfs2_btree_node *node, ++grub_nilfs2_btree_node_nchildren_max (struct grub_nilfs2_data *data, ++ struct grub_nilfs2_btree_node *node) ++{ ++ int node_children_max = ((NILFS2_BLOCK_SIZE (data) - ++ sizeof (struct grub_nilfs2_btree_node) - ++ NILFS_BTREE_NODE_EXTRA_PAD_SIZE) / ++ (sizeof (grub_uint64_t) + sizeof (grub_uint64_t))); ++ ++ return (node->bn_flags & NILFS_BTREE_NODE_ROOT) ? 3 : node_children_max; ++} ++ ++static inline int ++grub_nilfs2_btree_node_lookup (struct grub_nilfs2_data *data, ++ struct grub_nilfs2_btree_node *node, + grub_uint64_t key, int *indexp) + { + grub_uint64_t nkey; + int index, low, high, s; + + low = 0; ++ + high = grub_le_to_cpu16 (node->bn_nchildren) - 1; ++ if (high >= grub_nilfs2_btree_node_nchildren_max (data, node)) ++ { ++ grub_error (GRUB_ERR_BAD_FS, "too many children"); ++ return 0; ++ } ++ + index = 0; + s = 0; + while (low <= high) +@@ -459,18 +479,6 @@ grub_nilfs2_btree_node_lookup (struct grub_nilfs2_btree_node *node, + return s == 0; + } + +-static inline int +-grub_nilfs2_btree_node_nchildren_max (struct grub_nilfs2_data *data, +- struct grub_nilfs2_btree_node *node) +-{ +- int node_children_max = ((NILFS2_BLOCK_SIZE (data) - +- sizeof (struct grub_nilfs2_btree_node) - +- NILFS_BTREE_NODE_EXTRA_PAD_SIZE) / +- (sizeof (grub_uint64_t) + sizeof (grub_uint64_t))); +- +- return (node->bn_flags & NILFS_BTREE_NODE_ROOT) ? 3 : node_children_max; +-} +- + static inline grub_uint64_t * + grub_nilfs2_btree_node_dptrs (struct grub_nilfs2_data *data, + struct grub_nilfs2_btree_node *node) +@@ -517,7 +525,7 @@ grub_nilfs2_btree_lookup (struct grub_nilfs2_data *data, + node = grub_nilfs2_btree_get_root (inode); + level = grub_nilfs2_btree_get_level (node); + +- found = grub_nilfs2_btree_node_lookup (node, key, &index); ++ found = grub_nilfs2_btree_node_lookup (data, node, key, &index); + ptr = grub_nilfs2_btree_node_get_ptr (data, node, index); + if (need_translate) + ptr = grub_nilfs2_dat_translate (data, ptr); +@@ -538,7 +546,7 @@ grub_nilfs2_btree_lookup (struct grub_nilfs2_data *data, + } + + if (!found) +- found = grub_nilfs2_btree_node_lookup (node, key, &index); ++ found = grub_nilfs2_btree_node_lookup (data, node, key, &index); + else + index = 0; + diff --git a/SOURCES/0448-fs-nilfs2-Properly-bail-on-errors-in-grub_nilfs2_btr.patch b/SOURCES/0448-fs-nilfs2-Properly-bail-on-errors-in-grub_nilfs2_btr.patch new file mode 100644 index 0000000..988bfa3 --- /dev/null +++ b/SOURCES/0448-fs-nilfs2-Properly-bail-on-errors-in-grub_nilfs2_btr.patch @@ -0,0 +1,64 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Mon, 18 Jan 2021 17:06:19 +1100 +Subject: [PATCH] fs/nilfs2: Properly bail on errors in + grub_nilfs2_btree_node_lookup() + +We just introduced an error return in grub_nilfs2_btree_node_lookup(). +Make sure the callers catch it. + +At the same time, make sure that grub_nilfs2_btree_node_lookup() always +inits the index pointer passed to it. + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +--- + grub-core/fs/nilfs2.c | 11 ++++++++--- + 1 file changed, 8 insertions(+), 3 deletions(-) + +diff --git a/grub-core/fs/nilfs2.c b/grub-core/fs/nilfs2.c +index 054ad3dc1..c4c4610be 100644 +--- a/grub-core/fs/nilfs2.c ++++ b/grub-core/fs/nilfs2.c +@@ -433,7 +433,7 @@ grub_nilfs2_btree_node_lookup (struct grub_nilfs2_data *data, + grub_uint64_t key, int *indexp) + { + grub_uint64_t nkey; +- int index, low, high, s; ++ int index = 0, low, high, s; + + low = 0; + +@@ -441,10 +441,10 @@ grub_nilfs2_btree_node_lookup (struct grub_nilfs2_data *data, + if (high >= grub_nilfs2_btree_node_nchildren_max (data, node)) + { + grub_error (GRUB_ERR_BAD_FS, "too many children"); ++ *indexp = index; + return 0; + } + +- index = 0; + s = 0; + while (low <= high) + { +@@ -526,6 +526,10 @@ grub_nilfs2_btree_lookup (struct grub_nilfs2_data *data, + level = grub_nilfs2_btree_get_level (node); + + found = grub_nilfs2_btree_node_lookup (data, node, key, &index); ++ ++ if (grub_errno != GRUB_ERR_NONE) ++ goto fail; ++ + ptr = grub_nilfs2_btree_node_get_ptr (data, node, index); + if (need_translate) + ptr = grub_nilfs2_dat_translate (data, ptr); +@@ -550,7 +554,8 @@ grub_nilfs2_btree_lookup (struct grub_nilfs2_data *data, + else + index = 0; + +- if (index < grub_nilfs2_btree_node_nchildren_max (data, node)) ++ if (index < grub_nilfs2_btree_node_nchildren_max (data, node) && ++ grub_errno == GRUB_ERR_NONE) + { + ptr = grub_nilfs2_btree_node_get_ptr (data, node, index); + if (need_translate) diff --git a/SOURCES/0449-io-gzio-Bail-if-gzio-tl-td-is-NULL.patch b/SOURCES/0449-io-gzio-Bail-if-gzio-tl-td-is-NULL.patch new file mode 100644 index 0000000..df88627 --- /dev/null +++ b/SOURCES/0449-io-gzio-Bail-if-gzio-tl-td-is-NULL.patch @@ -0,0 +1,63 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Wed, 13 Jan 2021 20:59:09 +1100 +Subject: [PATCH] io/gzio: Bail if gzio->tl/td is NULL + +This is an ugly fix that doesn't address why gzio->tl comes to be NULL. +However, it seems to be sufficient to patch up a bunch of NULL derefs. + +It would be good to revisit this in future and see if we can have +a cleaner solution that addresses some of the causes of the unexpected +NULL pointers. + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +--- + grub-core/io/gzio.c | 20 ++++++++++++++++++++ + 1 file changed, 20 insertions(+) + +diff --git a/grub-core/io/gzio.c b/grub-core/io/gzio.c +index 2ecf076dd..6e9b9c936 100644 +--- a/grub-core/io/gzio.c ++++ b/grub-core/io/gzio.c +@@ -669,6 +669,13 @@ inflate_codes_in_window (grub_gzio_t gzio) + { + if (! gzio->code_state) + { ++ ++ if (gzio->tl == NULL) ++ { ++ grub_error (GRUB_ERR_BAD_COMPRESSED_DATA, "NULL gzio->tl"); ++ return 1; ++ } ++ + NEEDBITS ((unsigned) gzio->bl); + if ((e = (t = gzio->tl + ((unsigned) b & ml))->e) > 16) + do +@@ -707,6 +714,12 @@ inflate_codes_in_window (grub_gzio_t gzio) + n = t->v.n + ((unsigned) b & mask_bits[e]); + DUMPBITS (e); + ++ if (gzio->td == NULL) ++ { ++ grub_error (GRUB_ERR_BAD_COMPRESSED_DATA, "NULL gzio->td"); ++ return 1; ++ } ++ + /* decode distance of block to copy */ + NEEDBITS ((unsigned) gzio->bd); + if ((e = (t = gzio->td + ((unsigned) b & md))->e) > 16) +@@ -917,6 +930,13 @@ init_dynamic_block (grub_gzio_t gzio) + n = nl + nd; + m = mask_bits[gzio->bl]; + i = l = 0; ++ ++ if (gzio->tl == NULL) ++ { ++ grub_error (GRUB_ERR_BAD_COMPRESSED_DATA, "NULL gzio->tl"); ++ return; ++ } ++ + while ((unsigned) i < n) + { + NEEDBITS ((unsigned) gzio->bl); diff --git a/SOURCES/0450-io-gzio-Add-init_dynamic_block-clean-up-if-unpacking.patch b/SOURCES/0450-io-gzio-Add-init_dynamic_block-clean-up-if-unpacking.patch new file mode 100644 index 0000000..ed7937a --- /dev/null +++ b/SOURCES/0450-io-gzio-Add-init_dynamic_block-clean-up-if-unpacking.patch @@ -0,0 +1,63 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Thu, 21 Jan 2021 00:05:58 +1100 +Subject: [PATCH] io/gzio: Add init_dynamic_block() clean up if unpacking codes + fails + +init_dynamic_block() didn't clean up gzio->tl and td in some error +paths. This left td pointing to part of tl. Then in grub_gzio_close(), +when tl was freed the storage for td would also be freed. The code then +attempts to free td explicitly, performing a UAF and then a double free. + +Explicitly clean up tl and td in the error paths. + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +--- + grub-core/io/gzio.c | 12 +++++++++--- + 1 file changed, 9 insertions(+), 3 deletions(-) + +diff --git a/grub-core/io/gzio.c b/grub-core/io/gzio.c +index 6e9b9c936..97b34f885 100644 +--- a/grub-core/io/gzio.c ++++ b/grub-core/io/gzio.c +@@ -953,7 +953,7 @@ init_dynamic_block (grub_gzio_t gzio) + if ((unsigned) i + j > n) + { + grub_error (GRUB_ERR_BAD_COMPRESSED_DATA, "too many codes found"); +- return; ++ goto fail; + } + while (j--) + ll[i++] = l; +@@ -966,7 +966,7 @@ init_dynamic_block (grub_gzio_t gzio) + if ((unsigned) i + j > n) + { + grub_error (GRUB_ERR_BAD_COMPRESSED_DATA, "too many codes found"); +- return; ++ goto fail; + } + while (j--) + ll[i++] = 0; +@@ -981,7 +981,7 @@ init_dynamic_block (grub_gzio_t gzio) + if ((unsigned) i + j > n) + { + grub_error (GRUB_ERR_BAD_COMPRESSED_DATA, "too many codes found"); +- return; ++ goto fail; + } + while (j--) + ll[i++] = 0; +@@ -1019,6 +1019,12 @@ init_dynamic_block (grub_gzio_t gzio) + /* indicate we're now working on a block */ + gzio->code_state = 0; + gzio->block_len++; ++ return; ++ ++ fail: ++ huft_free (gzio->tl); ++ gzio->td = NULL; ++ gzio->tl = NULL; + } + + diff --git a/SOURCES/0451-io-gzio-Catch-missing-values-in-huft_build-and-bail.patch b/SOURCES/0451-io-gzio-Catch-missing-values-in-huft_build-and-bail.patch new file mode 100644 index 0000000..ccbdc47 --- /dev/null +++ b/SOURCES/0451-io-gzio-Catch-missing-values-in-huft_build-and-bail.patch @@ -0,0 +1,53 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Thu, 21 Jan 2021 12:20:49 +1100 +Subject: [PATCH] io/gzio: Catch missing values in huft_build() and bail + +In huft_build(), "v" is a table of values in order of bit length. +The code later (when setting up table entries in "r") assumes that all +elements of this array corresponding to a code are initialized and less +than N_MAX. However, it doesn't enforce this. + +With sufficiently manipulated inputs (e.g. from fuzzing), there can be +elements of "v" that are not filled. Therefore a lookup into "e" or "d" +will use an uninitialized value. This can lead to an invalid/OOB read on +those values, often leading to a crash. + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +--- + grub-core/io/gzio.c | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +diff --git a/grub-core/io/gzio.c b/grub-core/io/gzio.c +index 97b34f885..f85dbae23 100644 +--- a/grub-core/io/gzio.c ++++ b/grub-core/io/gzio.c +@@ -507,6 +507,7 @@ huft_build (unsigned *b, /* code lengths in bits (all assumed <= BMAX) */ + } + + /* Make a table of values in order of bit lengths */ ++ grub_memset (v, N_MAX, ARRAY_SIZE (v)); + p = b; + i = 0; + do +@@ -588,11 +589,18 @@ huft_build (unsigned *b, /* code lengths in bits (all assumed <= BMAX) */ + r.v.n = (ush) (*p); /* simple code is just the value */ + p++; /* one compiler does not like *p++ */ + } +- else ++ else if (*p < N_MAX) + { + r.e = (uch) e[*p - s]; /* non-simple--look up in lists */ + r.v.n = d[*p++ - s]; + } ++ else ++ { ++ /* Detected an uninitialised value, abort. */ ++ if (h) ++ huft_free (u[0]); ++ return 2; ++ } + + /* fill code-like entries with r */ + f = 1 << (k - w); diff --git a/SOURCES/0452-io-gzio-Zero-gzio-tl-td-in-init_dynamic_block-if-huf.patch b/SOURCES/0452-io-gzio-Zero-gzio-tl-td-in-init_dynamic_block-if-huf.patch new file mode 100644 index 0000000..c566af6 --- /dev/null +++ b/SOURCES/0452-io-gzio-Zero-gzio-tl-td-in-init_dynamic_block-if-huf.patch @@ -0,0 +1,38 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Thu, 21 Jan 2021 12:22:28 +1100 +Subject: [PATCH] io/gzio: Zero gzio->tl/td in init_dynamic_block() if + huft_build() fails + +If huft_build() fails, gzio->tl or gzio->td could contain pointers that +are no longer valid. Zero them out. + +This prevents a double free when grub_gzio_close() comes through and +attempts to free them again. + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +--- + grub-core/io/gzio.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/grub-core/io/gzio.c b/grub-core/io/gzio.c +index f85dbae23..e9f332fbc 100644 +--- a/grub-core/io/gzio.c ++++ b/grub-core/io/gzio.c +@@ -1010,6 +1010,7 @@ init_dynamic_block (grub_gzio_t gzio) + gzio->bl = lbits; + if (huft_build (ll, nl, 257, cplens, cplext, &gzio->tl, &gzio->bl) != 0) + { ++ gzio->tl = 0; + grub_error (GRUB_ERR_BAD_COMPRESSED_DATA, + "failed in building a Huffman code table"); + return; +@@ -1019,6 +1020,7 @@ init_dynamic_block (grub_gzio_t gzio) + { + huft_free (gzio->tl); + gzio->tl = 0; ++ gzio->td = 0; + grub_error (GRUB_ERR_BAD_COMPRESSED_DATA, + "failed in building a Huffman code table"); + return; diff --git a/SOURCES/0453-disk-lvm-Don-t-go-beyond-the-end-of-the-data-we-read.patch b/SOURCES/0453-disk-lvm-Don-t-go-beyond-the-end-of-the-data-we-read.patch new file mode 100644 index 0000000..c09e1aa --- /dev/null +++ b/SOURCES/0453-disk-lvm-Don-t-go-beyond-the-end-of-the-data-we-read.patch @@ -0,0 +1,45 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Thu, 21 Jan 2021 17:59:14 +1100 +Subject: [PATCH] disk/lvm: Don't go beyond the end of the data we read from + disk + +We unconditionally trusted offset_xl from the LVM label header, even if +it told us that the PV header/disk locations were way off past the end +of the data we read from disk. + +Require that the offset be sane, fixing an OOB read and crash. + +Fixes: CID 314367, CID 314371 + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +--- + grub-core/disk/lvm.c | 14 ++++++++++++++ + 1 file changed, 14 insertions(+) + +diff --git a/grub-core/disk/lvm.c b/grub-core/disk/lvm.c +index 4fbb3eac0..0f466040a 100644 +--- a/grub-core/disk/lvm.c ++++ b/grub-core/disk/lvm.c +@@ -142,6 +142,20 @@ grub_lvm_detect (grub_disk_t disk, + goto fail; + } + ++ /* ++ * We read a grub_lvm_pv_header and then 2 grub_lvm_disk_locns that ++ * immediately follow the PV header. Make sure we have space for both. ++ */ ++ if (grub_le_to_cpu32 (lh->offset_xl) >= ++ GRUB_LVM_LABEL_SIZE - sizeof (struct grub_lvm_pv_header) - ++ 2 * sizeof (struct grub_lvm_disk_locn)) ++ { ++#ifdef GRUB_UTIL ++ grub_util_info ("LVM PV header/disk locations are beyond the end of the block"); ++#endif ++ goto fail; ++ } ++ + pvh = (struct grub_lvm_pv_header *) (buf + grub_le_to_cpu32(lh->offset_xl)); + + for (i = 0, j = 0; i < GRUB_LVM_ID_LEN; i++) diff --git a/SOURCES/0454-disk-lvm-Don-t-blast-past-the-end-of-the-circular-me.patch b/SOURCES/0454-disk-lvm-Don-t-blast-past-the-end-of-the-circular-me.patch new file mode 100644 index 0000000..bfe893d --- /dev/null +++ b/SOURCES/0454-disk-lvm-Don-t-blast-past-the-end-of-the-circular-me.patch @@ -0,0 +1,39 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Thu, 21 Jan 2021 18:19:51 +1100 +Subject: [PATCH] disk/lvm: Don't blast past the end of the circular metadata + buffer + +This catches at least some OOB reads, and it's possible I suppose that +if 2 * mda_size is less than GRUB_LVM_MDA_HEADER_SIZE it might catch some +OOB writes too (although that hasn't showed up as a crash in fuzzing yet). + +It's a bit ugly and I'd appreciate better suggestions. + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +--- + grub-core/disk/lvm.c | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/grub-core/disk/lvm.c b/grub-core/disk/lvm.c +index 0f466040a..ec3545e16 100644 +--- a/grub-core/disk/lvm.c ++++ b/grub-core/disk/lvm.c +@@ -215,6 +215,16 @@ grub_lvm_detect (grub_disk_t disk, + if (grub_le_to_cpu64 (rlocn->offset) + grub_le_to_cpu64 (rlocn->size) > + grub_le_to_cpu64 (mdah->size)) + { ++ if (2 * mda_size < GRUB_LVM_MDA_HEADER_SIZE || ++ (grub_le_to_cpu64 (rlocn->offset) + grub_le_to_cpu64 (rlocn->size) - ++ grub_le_to_cpu64 (mdah->size) > mda_size - GRUB_LVM_MDA_HEADER_SIZE)) ++ { ++#ifdef GRUB_UTIL ++ grub_util_info ("cannot copy metadata wrap in circular buffer"); ++#endif ++ goto fail2; ++ } ++ + /* Metadata is circular. Copy the wrap in place. */ + grub_memcpy (metadatabuf + mda_size, + metadatabuf + GRUB_LVM_MDA_HEADER_SIZE, diff --git a/SOURCES/0455-disk-lvm-Bail-on-missing-PV-list.patch b/SOURCES/0455-disk-lvm-Bail-on-missing-PV-list.patch new file mode 100644 index 0000000..8fc2573 --- /dev/null +++ b/SOURCES/0455-disk-lvm-Bail-on-missing-PV-list.patch @@ -0,0 +1,31 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Thu, 21 Jan 2021 18:54:29 +1100 +Subject: [PATCH] disk/lvm: Bail on missing PV list + +There's an if block for the presence of "physical_volumes {", but if +that block is absent, then p remains NULL and a NULL-deref will result +when looking for logical volumes. + +It doesn't seem like LVM makes sense without physical volumes, so error +out rather than crashing. + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +--- + grub-core/disk/lvm.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/grub-core/disk/lvm.c b/grub-core/disk/lvm.c +index ec3545e16..1e80137c4 100644 +--- a/grub-core/disk/lvm.c ++++ b/grub-core/disk/lvm.c +@@ -371,6 +371,8 @@ error_parsing_metadata: + goto fail4; + } + } ++ else ++ goto fail4; + + p = grub_strstr (p, "logical_volumes {"); + if (p) diff --git a/SOURCES/0456-disk-lvm-Do-not-crash-if-an-expected-string-is-not-f.patch b/SOURCES/0456-disk-lvm-Do-not-crash-if-an-expected-string-is-not-f.patch new file mode 100644 index 0000000..a62c44e --- /dev/null +++ b/SOURCES/0456-disk-lvm-Do-not-crash-if-an-expected-string-is-not-f.patch @@ -0,0 +1,79 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Thu, 21 Jan 2021 18:35:22 +1100 +Subject: [PATCH] disk/lvm: Do not crash if an expected string is not found + +Clean up a bunch of cases where we could have strstr() fail and lead to +us dereferencing NULL. + +We'll still leak memory in some cases (loops don't clean up allocations +from earlier iterations if a later iteration fails) but at least we're +not crashing. + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +--- + grub-core/disk/lvm.c | 22 +++++++++++++++++----- + 1 file changed, 17 insertions(+), 5 deletions(-) + +diff --git a/grub-core/disk/lvm.c b/grub-core/disk/lvm.c +index 1e80137c4..03587e744 100644 +--- a/grub-core/disk/lvm.c ++++ b/grub-core/disk/lvm.c +@@ -541,7 +541,16 @@ error_parsing_metadata: + } + + if (seg->node_count != 1) +- seg->stripe_size = grub_lvm_getvalue (&p, "stripe_size = "); ++ { ++ seg->stripe_size = grub_lvm_getvalue (&p, "stripe_size = "); ++ if (p == NULL) ++ { ++#ifdef GRUB_UTIL ++ grub_util_info ("unknown stripe_size"); ++#endif ++ goto lvs_segment_fail; ++ } ++ } + + seg->nodes = grub_calloc (seg->node_count, + sizeof (*stripe)); +@@ -561,7 +570,7 @@ error_parsing_metadata: + { + p = grub_strchr (p, '"'); + if (p == NULL) +- continue; ++ goto lvs_segment_fail2; + q = ++p; + while (*q != '"') + q++; +@@ -580,7 +589,10 @@ error_parsing_metadata: + stripe->start = grub_lvm_getvalue (&p, ",") + * vg->extent_size; + if (p == NULL) +- continue; ++ { ++ grub_free (stripe->name); ++ goto lvs_segment_fail2; ++ } + + stripe++; + } +@@ -617,7 +629,7 @@ error_parsing_metadata: + + p = grub_strchr (p, '"'); + if (p == NULL) +- continue; ++ goto lvs_segment_fail2; + q = ++p; + while (*q != '"') + q++; +@@ -705,7 +717,7 @@ error_parsing_metadata: + p = p ? grub_strchr (p + 1, '"') : 0; + p = p ? grub_strchr (p + 1, '"') : 0; + if (p == NULL) +- continue; ++ goto lvs_segment_fail2; + q = ++p; + while (*q != '"') + q++; diff --git a/SOURCES/0457-disk-lvm-Do-not-overread-metadata.patch b/SOURCES/0457-disk-lvm-Do-not-overread-metadata.patch new file mode 100644 index 0000000..631e1a3 --- /dev/null +++ b/SOURCES/0457-disk-lvm-Do-not-overread-metadata.patch @@ -0,0 +1,107 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Thu, 21 Jan 2021 18:35:22 +1100 +Subject: [PATCH] disk/lvm: Do not overread metadata + +We could reach the end of valid metadata and not realize, leading to +some buffer overreads. Check if we have reached the end and bail. + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +--- + grub-core/disk/lvm.c | 31 +++++++++++++++++++++++++------ + 1 file changed, 25 insertions(+), 6 deletions(-) + +diff --git a/grub-core/disk/lvm.c b/grub-core/disk/lvm.c +index 03587e744..267be7b95 100644 +--- a/grub-core/disk/lvm.c ++++ b/grub-core/disk/lvm.c +@@ -314,17 +314,23 @@ error_parsing_metadata: + while (1) + { + grub_ssize_t s; +- while (grub_isspace (*p)) ++ while (grub_isspace (*p) && p < mda_end) + p++; + ++ if (p == mda_end) ++ goto fail4; ++ + if (*p == '}') + break; + + pv = grub_zalloc (sizeof (*pv)); + q = p; +- while (*q != ' ') ++ while (*q != ' ' && q < mda_end) + q++; + ++ if (q == mda_end) ++ goto pvs_fail_noname; ++ + s = q - p; + pv->name = grub_malloc (s + 1); + grub_memcpy (pv->name, p, s); +@@ -367,6 +373,7 @@ error_parsing_metadata: + continue; + pvs_fail: + grub_free (pv->name); ++ pvs_fail_noname: + grub_free (pv); + goto fail4; + } +@@ -388,18 +395,24 @@ error_parsing_metadata: + struct grub_diskfilter_segment *seg; + int is_pvmove; + +- while (grub_isspace (*p)) ++ while (grub_isspace (*p) && p < mda_end) + p++; + ++ if (p == mda_end) ++ goto fail4; ++ + if (*p == '}') + break; + + lv = grub_zalloc (sizeof (*lv)); + + q = p; +- while (*q != ' ') ++ while (*q != ' ' && q < mda_end) + q++; + ++ if (q == mda_end) ++ goto lvs_fail; ++ + s = q - p; + lv->name = grub_strndup (p, s); + if (!lv->name) +@@ -572,9 +585,12 @@ error_parsing_metadata: + if (p == NULL) + goto lvs_segment_fail2; + q = ++p; +- while (*q != '"') ++ while (q < mda_end && *q != '"') + q++; + ++ if (q == mda_end) ++ goto lvs_segment_fail2; ++ + s = q - p; + + stripe->name = grub_malloc (s + 1); +@@ -631,9 +647,12 @@ error_parsing_metadata: + if (p == NULL) + goto lvs_segment_fail2; + q = ++p; +- while (*q != '"') ++ while (q < mda_end && *q != '"') + q++; + ++ if (q == mda_end) ++ goto lvs_segment_fail2; ++ + s = q - p; + + lvname = grub_malloc (s + 1); diff --git a/SOURCES/0458-disk-lvm-Sanitize-rlocn-offset-to-prevent-wild-read.patch b/SOURCES/0458-disk-lvm-Sanitize-rlocn-offset-to-prevent-wild-read.patch new file mode 100644 index 0000000..4dd753d --- /dev/null +++ b/SOURCES/0458-disk-lvm-Sanitize-rlocn-offset-to-prevent-wild-read.patch @@ -0,0 +1,37 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Fri, 22 Jan 2021 14:43:58 +1100 +Subject: [PATCH] disk/lvm: Sanitize rlocn->offset to prevent wild read + +rlocn->offset is read directly from disk and added to the metadatabuf +pointer to create a pointer to a block of metadata. It's a 64-bit +quantity so as long as you don't overflow you can set subsequent +pointers to point anywhere in memory. + +Require that rlocn->offset fits within the metadata buffer size. + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +--- + grub-core/disk/lvm.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/grub-core/disk/lvm.c b/grub-core/disk/lvm.c +index 267be7b95..9eda28d85 100644 +--- a/grub-core/disk/lvm.c ++++ b/grub-core/disk/lvm.c +@@ -212,6 +212,14 @@ grub_lvm_detect (grub_disk_t disk, + } + + rlocn = mdah->raw_locns; ++ if (grub_le_to_cpu64 (rlocn->offset) >= grub_le_to_cpu64 (mda_size)) ++ { ++#ifdef GRUB_UTIL ++ grub_util_info ("metadata offset is beyond end of metadata area"); ++#endif ++ goto fail2; ++ } ++ + if (grub_le_to_cpu64 (rlocn->offset) + grub_le_to_cpu64 (rlocn->size) > + grub_le_to_cpu64 (mdah->size)) + { diff --git a/SOURCES/0459-disk-lvm-Do-not-allow-a-LV-to-be-it-s-own-segment-s-.patch b/SOURCES/0459-disk-lvm-Do-not-allow-a-LV-to-be-it-s-own-segment-s-.patch new file mode 100644 index 0000000..2762f38 --- /dev/null +++ b/SOURCES/0459-disk-lvm-Do-not-allow-a-LV-to-be-it-s-own-segment-s-.patch @@ -0,0 +1,35 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Fri, 22 Jan 2021 14:42:21 +1100 +Subject: [PATCH] disk/lvm: Do not allow a LV to be it's own segment's node's + LV + +This prevents infinite recursion in the diskfilter verification code. + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +--- + grub-core/disk/lvm.c | 10 +++++++--- + 1 file changed, 7 insertions(+), 3 deletions(-) + +diff --git a/grub-core/disk/lvm.c b/grub-core/disk/lvm.c +index 9eda28d85..7e86bb7df 100644 +--- a/grub-core/disk/lvm.c ++++ b/grub-core/disk/lvm.c +@@ -840,9 +840,13 @@ error_parsing_metadata: + } + if (lv1->segments[i].nodes[j].pv == NULL) + for (lv2 = vg->lvs; lv2; lv2 = lv2->next) +- if (grub_strcmp (lv2->name, +- lv1->segments[i].nodes[j].name) == 0) +- lv1->segments[i].nodes[j].lv = lv2; ++ { ++ if (lv1 == lv2) ++ continue; ++ if (grub_strcmp (lv2->name, ++ lv1->segments[i].nodes[j].name) == 0) ++ lv1->segments[i].nodes[j].lv = lv2; ++ } + } + + } diff --git a/SOURCES/0460-kern-parser-Fix-a-memory-leak.patch b/SOURCES/0460-kern-parser-Fix-a-memory-leak.patch new file mode 100644 index 0000000..4d63c5c --- /dev/null +++ b/SOURCES/0460-kern-parser-Fix-a-memory-leak.patch @@ -0,0 +1,73 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Chris Coulson +Date: Wed, 18 Nov 2020 00:59:24 +0000 +Subject: [PATCH] kern/parser: Fix a memory leak + +The getline() function supplied to grub_parser_split_cmdline() returns +a newly allocated buffer and can be called multiple times, but the +returned buffer is never freed. + +Signed-off-by: Chris Coulson +Reviewed-by: Daniel Kiper +--- + grub-core/kern/parser.c | 20 ++++++++++++++++---- + 1 file changed, 16 insertions(+), 4 deletions(-) + +diff --git a/grub-core/kern/parser.c b/grub-core/kern/parser.c +index d1cf061ad..39e4df65b 100644 +--- a/grub-core/kern/parser.c ++++ b/grub-core/kern/parser.c +@@ -140,6 +140,7 @@ grub_parser_split_cmdline (const char *cmdline, + char buffer[1024]; + char *bp = buffer; + char *rd = (char *) cmdline; ++ char *rp = rd; + char varname[200]; + char *vp = varname; + char *args; +@@ -149,10 +150,18 @@ grub_parser_split_cmdline (const char *cmdline, + *argv = NULL; + do + { +- if (!rd || !*rd) ++ if (rp == NULL || *rp == '\0') + { ++ if (rd != cmdline) ++ { ++ grub_free (rd); ++ rd = rp = NULL; ++ } + if (getline) +- getline (&rd, 1, getline_data); ++ { ++ getline (&rd, 1, getline_data); ++ rp = rd; ++ } + else + break; + } +@@ -160,12 +169,12 @@ grub_parser_split_cmdline (const char *cmdline, + if (!rd) + break; + +- for (; *rd; rd++) ++ for (; *rp != '\0'; rp++) + { + grub_parser_state_t newstate; + char use; + +- newstate = grub_parser_cmdline_state (state, *rd, &use); ++ newstate = grub_parser_cmdline_state (state, *rp, &use); + + /* If a variable was being processed and this character does + not describe the variable anymore, write the variable to +@@ -198,6 +207,9 @@ grub_parser_split_cmdline (const char *cmdline, + } + while (state != GRUB_PARSER_STATE_TEXT && !check_varstate (state)); + ++ if (rd != cmdline) ++ grub_free (rd); ++ + /* A special case for when the last character was part of a + variable. */ + add_var (varname, &bp, &vp, state, GRUB_PARSER_STATE_TEXT); diff --git a/SOURCES/0461-kern-parser-Introduce-process_char-helper.patch b/SOURCES/0461-kern-parser-Introduce-process_char-helper.patch new file mode 100644 index 0000000..f4a11e3 --- /dev/null +++ b/SOURCES/0461-kern-parser-Introduce-process_char-helper.patch @@ -0,0 +1,116 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Chris Coulson +Date: Tue, 5 Jan 2021 22:17:28 +0000 +Subject: [PATCH] kern/parser: Introduce process_char() helper + +grub_parser_split_cmdline() iterates over each command line character. +In order to add error checking and to simplify the subsequent error +handling, split the character processing in to a separate function. + +Signed-off-by: Chris Coulson +Reviewed-by: Daniel Kiper +--- + grub-core/kern/parser.c | 74 ++++++++++++++++++++++++++++++------------------- + 1 file changed, 46 insertions(+), 28 deletions(-) + +diff --git a/grub-core/kern/parser.c b/grub-core/kern/parser.c +index 39e4df65b..0d3582bd8 100644 +--- a/grub-core/kern/parser.c ++++ b/grub-core/kern/parser.c +@@ -1,7 +1,7 @@ + /* parser.c - the part of the parser that can return partial tokens */ + /* + * GRUB -- GRand Unified Bootloader +- * Copyright (C) 2005,2007,2009 Free Software Foundation, Inc. ++ * Copyright (C) 2005,2007,2009,2021 Free Software Foundation, Inc. + * + * GRUB is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by +@@ -129,6 +129,46 @@ add_var (char *varname, char **bp, char **vp, + *((*bp)++) = *val; + } + ++static grub_err_t ++process_char (char c, char *buffer, char **bp, char *varname, char **vp, ++ grub_parser_state_t state, int *argc, ++ grub_parser_state_t *newstate) ++{ ++ char use; ++ ++ *newstate = grub_parser_cmdline_state (state, c, &use); ++ ++ /* ++ * If a variable was being processed and this character does ++ * not describe the variable anymore, write the variable to ++ * the buffer. ++ */ ++ add_var (varname, bp, vp, state, *newstate); ++ ++ if (check_varstate (*newstate)) ++ { ++ if (use) ++ *((*vp)++) = use; ++ } ++ else if (*newstate == GRUB_PARSER_STATE_TEXT && ++ state != GRUB_PARSER_STATE_ESC && grub_isspace (use)) ++ { ++ /* ++ * Don't add more than one argument if multiple ++ * spaces are used. ++ */ ++ if (*bp != buffer && *((*bp) - 1) != '\0') ++ { ++ *((*bp)++) = '\0'; ++ (*argc)++; ++ } ++ } ++ else if (use) ++ *((*bp)++) = use; ++ ++ return GRUB_ERR_NONE; ++} ++ + grub_err_t + grub_parser_split_cmdline (const char *cmdline, + grub_reader_getline_t getline, void *getline_data, +@@ -172,35 +212,13 @@ grub_parser_split_cmdline (const char *cmdline, + for (; *rp != '\0'; rp++) + { + grub_parser_state_t newstate; +- char use; + +- newstate = grub_parser_cmdline_state (state, *rp, &use); +- +- /* If a variable was being processed and this character does +- not describe the variable anymore, write the variable to +- the buffer. */ +- add_var (varname, &bp, &vp, state, newstate); +- +- if (check_varstate (newstate)) +- { +- if (use) +- *(vp++) = use; +- } +- else ++ if (process_char (*rp, buffer, &bp, varname, &vp, state, argc, ++ &newstate) != GRUB_ERR_NONE) + { +- if (newstate == GRUB_PARSER_STATE_TEXT +- && state != GRUB_PARSER_STATE_ESC && grub_isspace (use)) +- { +- /* Don't add more than one argument if multiple +- spaces are used. */ +- if (bp != buffer && *(bp - 1)) +- { +- *(bp++) = '\0'; +- (*argc)++; +- } +- } +- else if (use) +- *(bp++) = use; ++ if (rd != cmdline) ++ grub_free (rd); ++ return grub_errno; + } + state = newstate; + } diff --git a/SOURCES/0462-kern-parser-Introduce-terminate_arg-helper.patch b/SOURCES/0462-kern-parser-Introduce-terminate_arg-helper.patch new file mode 100644 index 0000000..d66dfc3 --- /dev/null +++ b/SOURCES/0462-kern-parser-Introduce-terminate_arg-helper.patch @@ -0,0 +1,62 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Chris Coulson +Date: Thu, 7 Jan 2021 19:53:55 +0000 +Subject: [PATCH] kern/parser: Introduce terminate_arg() helper + +process_char() and grub_parser_split_cmdline() use similar code for +terminating the most recent argument. Add a helper function for this. + +Signed-off-by: Chris Coulson +Reviewed-by: Daniel Kiper +--- + grub-core/kern/parser.c | 23 +++++++++++++---------- + 1 file changed, 13 insertions(+), 10 deletions(-) + +diff --git a/grub-core/kern/parser.c b/grub-core/kern/parser.c +index 0d3582bd8..572c67089 100644 +--- a/grub-core/kern/parser.c ++++ b/grub-core/kern/parser.c +@@ -129,6 +129,16 @@ add_var (char *varname, char **bp, char **vp, + *((*bp)++) = *val; + } + ++static void ++terminate_arg (char *buffer, char **bp, int *argc) ++{ ++ if (*bp != buffer && *((*bp) - 1) != '\0') ++ { ++ *((*bp)++) = '\0'; ++ (*argc)++; ++ } ++} ++ + static grub_err_t + process_char (char c, char *buffer, char **bp, char *varname, char **vp, + grub_parser_state_t state, int *argc, +@@ -157,11 +167,7 @@ process_char (char c, char *buffer, char **bp, char *varname, char **vp, + * Don't add more than one argument if multiple + * spaces are used. + */ +- if (*bp != buffer && *((*bp) - 1) != '\0') +- { +- *((*bp)++) = '\0'; +- (*argc)++; +- } ++ terminate_arg (buffer, bp, argc); + } + else if (use) + *((*bp)++) = use; +@@ -232,11 +238,8 @@ grub_parser_split_cmdline (const char *cmdline, + variable. */ + add_var (varname, &bp, &vp, state, GRUB_PARSER_STATE_TEXT); + +- if (bp != buffer && *(bp - 1)) +- { +- *(bp++) = '\0'; +- (*argc)++; +- } ++ /* Ensure that the last argument is terminated. */ ++ terminate_arg (buffer, &bp, argc); + + /* If there are no args, then we're done. */ + if (!*argc) diff --git a/SOURCES/0463-kern-parser-Refactor-grub_parser_split_cmdline-clean.patch b/SOURCES/0463-kern-parser-Refactor-grub_parser_split_cmdline-clean.patch new file mode 100644 index 0000000..1117cd2 --- /dev/null +++ b/SOURCES/0463-kern-parser-Refactor-grub_parser_split_cmdline-clean.patch @@ -0,0 +1,88 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Chris Coulson +Date: Wed, 6 Jan 2021 13:54:26 +0000 +Subject: [PATCH] kern/parser: Refactor grub_parser_split_cmdline() cleanup + +Introduce a common function epilogue used for cleaning up on all +return paths, which will simplify additional error handling to be +introduced in a subsequent commit. + +Signed-off-by: Chris Coulson +Reviewed-by: Daniel Kiper +--- + grub-core/kern/parser.c | 35 ++++++++++++++++++++--------------- + 1 file changed, 20 insertions(+), 15 deletions(-) + +diff --git a/grub-core/kern/parser.c b/grub-core/kern/parser.c +index 572c67089..e010eaa1f 100644 +--- a/grub-core/kern/parser.c ++++ b/grub-core/kern/parser.c +@@ -221,19 +221,13 @@ grub_parser_split_cmdline (const char *cmdline, + + if (process_char (*rp, buffer, &bp, varname, &vp, state, argc, + &newstate) != GRUB_ERR_NONE) +- { +- if (rd != cmdline) +- grub_free (rd); +- return grub_errno; +- } ++ goto fail; ++ + state = newstate; + } + } + while (state != GRUB_PARSER_STATE_TEXT && !check_varstate (state)); + +- if (rd != cmdline) +- grub_free (rd); +- + /* A special case for when the last character was part of a + variable. */ + add_var (varname, &bp, &vp, state, GRUB_PARSER_STATE_TEXT); +@@ -243,20 +237,20 @@ grub_parser_split_cmdline (const char *cmdline, + + /* If there are no args, then we're done. */ + if (!*argc) +- return 0; ++ { ++ grub_errno = GRUB_ERR_NONE; ++ goto out; ++ } + + /* Reserve memory for the return values. */ + args = grub_malloc (bp - buffer); + if (!args) +- return grub_errno; ++ goto fail; + grub_memcpy (args, buffer, bp - buffer); + + *argv = grub_calloc (*argc + 1, sizeof (char *)); + if (!*argv) +- { +- grub_free (args); +- return grub_errno; +- } ++ goto fail; + + /* The arguments are separated with 0's, setup argv so it points to + the right values. */ +@@ -269,7 +263,18 @@ grub_parser_split_cmdline (const char *cmdline, + bp++; + } + +- return 0; ++ grub_errno = GRUB_ERR_NONE; ++ ++ out: ++ if (rd != cmdline) ++ grub_free (rd); ++ ++ return grub_errno; ++ ++ fail: ++ grub_free (*argv); ++ grub_free (args); ++ goto out; + } + + /* Helper for grub_parser_execute. */ diff --git a/SOURCES/0464-kern-buffer-Add-variable-sized-heap-buffer.patch b/SOURCES/0464-kern-buffer-Add-variable-sized-heap-buffer.patch new file mode 100644 index 0000000..5ebe79b --- /dev/null +++ b/SOURCES/0464-kern-buffer-Add-variable-sized-heap-buffer.patch @@ -0,0 +1,304 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Chris Coulson +Date: Thu, 7 Jan 2021 15:15:43 +0000 +Subject: [PATCH] kern/buffer: Add variable sized heap buffer + +Add a new variable sized heap buffer type (grub_buffer_t) with simple +operations for appending data, accessing the data and maintaining +a read cursor. + +Signed-off-by: Chris Coulson +Reviewed-by: Daniel Kiper +--- + grub-core/Makefile.core.def | 1 + + grub-core/kern/buffer.c | 117 +++++++++++++++++++++++++++++++++++ + include/grub/buffer.h | 144 ++++++++++++++++++++++++++++++++++++++++++++ + 3 files changed, 262 insertions(+) + create mode 100644 grub-core/kern/buffer.c + create mode 100644 include/grub/buffer.h + +diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def +index 02fbecd4b..612df2e9c 100644 +--- a/grub-core/Makefile.core.def ++++ b/grub-core/Makefile.core.def +@@ -112,6 +112,7 @@ kernel = { + arm_efi_startup = kern/arm/efi/startup.S; + arm64_efi_startup = kern/arm64/efi/startup.S; + ++ common = kern/buffer.c; + common = kern/command.c; + common = kern/corecmd.c; + common = kern/device.c; +diff --git a/grub-core/kern/buffer.c b/grub-core/kern/buffer.c +new file mode 100644 +index 000000000..9f5f8b867 +--- /dev/null ++++ b/grub-core/kern/buffer.c +@@ -0,0 +1,117 @@ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2021 Free Software Foundation, Inc. ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ */ ++ ++#include ++#include ++#include ++#include ++#include ++#include ++ ++grub_buffer_t ++grub_buffer_new (grub_size_t sz) ++{ ++ struct grub_buffer *ret; ++ ++ ret = (struct grub_buffer *) grub_malloc (sizeof (*ret)); ++ if (ret == NULL) ++ return NULL; ++ ++ ret->data = (grub_uint8_t *) grub_malloc (sz); ++ if (ret->data == NULL) ++ { ++ grub_free (ret); ++ return NULL; ++ } ++ ++ ret->sz = sz; ++ ret->pos = 0; ++ ret->used = 0; ++ ++ return ret; ++} ++ ++void ++grub_buffer_free (grub_buffer_t buf) ++{ ++ grub_free (buf->data); ++ grub_free (buf); ++} ++ ++grub_err_t ++grub_buffer_ensure_space (grub_buffer_t buf, grub_size_t req) ++{ ++ grub_uint8_t *d; ++ grub_size_t newsz = 1; ++ ++ /* Is the current buffer size adequate? */ ++ if (buf->sz >= req) ++ return GRUB_ERR_NONE; ++ ++ /* Find the smallest power-of-2 size that satisfies the request. */ ++ while (newsz < req) ++ { ++ if (newsz == 0) ++ return grub_error (GRUB_ERR_OUT_OF_RANGE, ++ N_("requested buffer size is too large")); ++ newsz <<= 1; ++ } ++ ++ d = (grub_uint8_t *) grub_realloc (buf->data, newsz); ++ if (d == NULL) ++ return grub_errno; ++ ++ buf->data = d; ++ buf->sz = newsz; ++ ++ return GRUB_ERR_NONE; ++} ++ ++void * ++grub_buffer_take_data (grub_buffer_t buf) ++{ ++ void *data = buf->data; ++ ++ buf->data = NULL; ++ buf->sz = buf->pos = buf->used = 0; ++ ++ return data; ++} ++ ++void ++grub_buffer_reset (grub_buffer_t buf) ++{ ++ buf->pos = buf->used = 0; ++} ++ ++grub_err_t ++grub_buffer_advance_read_pos (grub_buffer_t buf, grub_size_t n) ++{ ++ grub_size_t newpos; ++ ++ if (grub_add (buf->pos, n, &newpos)) ++ return grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); ++ ++ if (newpos > buf->used) ++ return grub_error (GRUB_ERR_OUT_OF_RANGE, ++ N_("new read is position beyond the end of the written data")); ++ ++ buf->pos = newpos; ++ ++ return GRUB_ERR_NONE; ++} +diff --git a/include/grub/buffer.h b/include/grub/buffer.h +new file mode 100644 +index 000000000..f4b10cf28 +--- /dev/null ++++ b/include/grub/buffer.h +@@ -0,0 +1,144 @@ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2021 Free Software Foundation, Inc. ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ */ ++ ++#ifndef GRUB_BUFFER_H ++#define GRUB_BUFFER_H 1 ++ ++#include ++#include ++#include ++#include ++#include ++ ++struct grub_buffer ++{ ++ grub_uint8_t *data; ++ grub_size_t sz; ++ grub_size_t pos; ++ grub_size_t used; ++}; ++ ++/* ++ * grub_buffer_t represents a simple variable sized byte buffer with ++ * read and write cursors. It currently only implements ++ * functionality required by the only user in GRUB (append byte[s], ++ * peeking data at a specified position and updating the read cursor. ++ * Some things that this doesn't do yet are: ++ * - Reading a portion of the buffer by copying data from the current ++ * read position in to a caller supplied destination buffer and then ++ * automatically updating the read cursor. ++ * - Dropping the read part at the start of the buffer when an append ++ * requires more space. ++ */ ++typedef struct grub_buffer *grub_buffer_t; ++ ++/* Allocate a new buffer with the specified initial size. */ ++extern grub_buffer_t grub_buffer_new (grub_size_t sz); ++ ++/* Free the buffer and its resources. */ ++extern void grub_buffer_free (grub_buffer_t buf); ++ ++/* Return the number of unread bytes in this buffer. */ ++static inline grub_size_t ++grub_buffer_get_unread_bytes (grub_buffer_t buf) ++{ ++ return buf->used - buf->pos; ++} ++ ++/* ++ * Ensure that the buffer size is at least the requested ++ * number of bytes. ++ */ ++extern grub_err_t grub_buffer_ensure_space (grub_buffer_t buf, grub_size_t req); ++ ++/* ++ * Append the specified number of bytes from the supplied ++ * data to the buffer. ++ */ ++static inline grub_err_t ++grub_buffer_append_data (grub_buffer_t buf, const void *data, grub_size_t len) ++{ ++ grub_size_t req; ++ ++ if (grub_add (buf->used, len, &req)) ++ return grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); ++ ++ if (grub_buffer_ensure_space (buf, req) != GRUB_ERR_NONE) ++ return grub_errno; ++ ++ grub_memcpy (&buf->data[buf->used], data, len); ++ buf->used = req; ++ ++ return GRUB_ERR_NONE; ++} ++ ++/* Append the supplied character to the buffer. */ ++static inline grub_err_t ++grub_buffer_append_char (grub_buffer_t buf, char c) ++{ ++ return grub_buffer_append_data (buf, &c, 1); ++} ++ ++/* ++ * Forget and return the underlying data buffer. The caller ++ * becomes the owner of this buffer, and must free it when it ++ * is no longer required. ++ */ ++extern void *grub_buffer_take_data (grub_buffer_t buf); ++ ++/* Reset this buffer. Note that this does not deallocate any resources. */ ++void grub_buffer_reset (grub_buffer_t buf); ++ ++/* ++ * Return a pointer to the underlying data buffer at the specified ++ * offset from the current read position. Note that this pointer may ++ * become invalid if the buffer is mutated further. ++ */ ++static inline void * ++grub_buffer_peek_data_at (grub_buffer_t buf, grub_size_t off) ++{ ++ if (grub_add (buf->pos, off, &off)) ++ { ++ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected.")); ++ return NULL; ++ } ++ ++ if (off >= buf->used) ++ { ++ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("peek out of range")); ++ return NULL; ++ } ++ ++ return &buf->data[off]; ++} ++ ++/* ++ * Return a pointer to the underlying data buffer at the current ++ * read position. Note that this pointer may become invalid if the ++ * buffer is mutated further. ++ */ ++static inline void * ++grub_buffer_peek_data (grub_buffer_t buf) ++{ ++ return grub_buffer_peek_data_at (buf, 0); ++} ++ ++/* Advance the read position by the specified number of bytes. */ ++extern grub_err_t grub_buffer_advance_read_pos (grub_buffer_t buf, grub_size_t n); ++ ++#endif /* GRUB_BUFFER_H */ diff --git a/SOURCES/0465-kern-parser-Fix-a-stack-buffer-overflow.patch b/SOURCES/0465-kern-parser-Fix-a-stack-buffer-overflow.patch new file mode 100644 index 0000000..49a5a40 --- /dev/null +++ b/SOURCES/0465-kern-parser-Fix-a-stack-buffer-overflow.patch @@ -0,0 +1,244 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Chris Coulson +Date: Thu, 7 Jan 2021 19:21:03 +0000 +Subject: [PATCH] kern/parser: Fix a stack buffer overflow + +grub_parser_split_cmdline() expands variable names present in the supplied +command line in to their corresponding variable contents and uses a 1 kiB +stack buffer for temporary storage without sufficient bounds checking. If +the function is called with a command line that references a variable with +a sufficiently large payload, it is possible to overflow the stack +buffer via tab completion, corrupt the stack frame and potentially +control execution. + +Fixes: CVE-2020-27749 + +Reported-by: Chris Coulson +Signed-off-by: Chris Coulson +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper +--- + grub-core/kern/parser.c | 110 +++++++++++++++++++++++++++++------------------- + 1 file changed, 67 insertions(+), 43 deletions(-) + +diff --git a/grub-core/kern/parser.c b/grub-core/kern/parser.c +index e010eaa1f..6ab7aa427 100644 +--- a/grub-core/kern/parser.c ++++ b/grub-core/kern/parser.c +@@ -18,6 +18,7 @@ + */ + + #include ++#include + #include + #include + #include +@@ -107,8 +108,8 @@ check_varstate (grub_parser_state_t s) + } + + +-static void +-add_var (char *varname, char **bp, char **vp, ++static grub_err_t ++add_var (grub_buffer_t varname, grub_buffer_t buf, + grub_parser_state_t state, grub_parser_state_t newstate) + { + const char *val; +@@ -116,31 +117,41 @@ add_var (char *varname, char **bp, char **vp, + /* Check if a variable was being read in and the end of the name + was reached. */ + if (!(check_varstate (state) && !check_varstate (newstate))) +- return; ++ return GRUB_ERR_NONE; + +- *((*vp)++) = '\0'; +- val = grub_env_get (varname); +- *vp = varname; ++ if (grub_buffer_append_char (varname, '\0') != GRUB_ERR_NONE) ++ return grub_errno; ++ ++ val = grub_env_get ((const char *) grub_buffer_peek_data (varname)); ++ grub_buffer_reset (varname); + if (!val) +- return; ++ return GRUB_ERR_NONE; + + /* Insert the contents of the variable in the buffer. */ +- for (; *val; val++) +- *((*bp)++) = *val; ++ return grub_buffer_append_data (buf, val, grub_strlen (val)); + } + +-static void +-terminate_arg (char *buffer, char **bp, int *argc) ++static grub_err_t ++terminate_arg (grub_buffer_t buffer, int *argc) + { +- if (*bp != buffer && *((*bp) - 1) != '\0') +- { +- *((*bp)++) = '\0'; +- (*argc)++; +- } ++ grub_size_t unread = grub_buffer_get_unread_bytes (buffer); ++ ++ if (unread == 0) ++ return GRUB_ERR_NONE; ++ ++ if (*(const char *) grub_buffer_peek_data_at (buffer, unread - 1) == '\0') ++ return GRUB_ERR_NONE; ++ ++ if (grub_buffer_append_char (buffer, '\0') != GRUB_ERR_NONE) ++ return grub_errno; ++ ++ (*argc)++; ++ ++ return GRUB_ERR_NONE; + } + + static grub_err_t +-process_char (char c, char *buffer, char **bp, char *varname, char **vp, ++process_char (char c, grub_buffer_t buffer, grub_buffer_t varname, + grub_parser_state_t state, int *argc, + grub_parser_state_t *newstate) + { +@@ -153,12 +164,13 @@ process_char (char c, char *buffer, char **bp, char *varname, char **vp, + * not describe the variable anymore, write the variable to + * the buffer. + */ +- add_var (varname, bp, vp, state, *newstate); ++ if (add_var (varname, buffer, state, *newstate) != GRUB_ERR_NONE) ++ return grub_errno; + + if (check_varstate (*newstate)) + { + if (use) +- *((*vp)++) = use; ++ return grub_buffer_append_char (varname, use); + } + else if (*newstate == GRUB_PARSER_STATE_TEXT && + state != GRUB_PARSER_STATE_ESC && grub_isspace (use)) +@@ -167,10 +179,10 @@ process_char (char c, char *buffer, char **bp, char *varname, char **vp, + * Don't add more than one argument if multiple + * spaces are used. + */ +- terminate_arg (buffer, bp, argc); ++ return terminate_arg (buffer, argc); + } + else if (use) +- *((*bp)++) = use; ++ return grub_buffer_append_char (buffer, use); + + return GRUB_ERR_NONE; + } +@@ -181,19 +193,22 @@ grub_parser_split_cmdline (const char *cmdline, + int *argc, char ***argv) + { + grub_parser_state_t state = GRUB_PARSER_STATE_TEXT; +- /* XXX: Fixed size buffer, perhaps this buffer should be dynamically +- allocated. */ +- char buffer[1024]; +- char *bp = buffer; ++ grub_buffer_t buffer, varname; + char *rd = (char *) cmdline; + char *rp = rd; +- char varname[200]; +- char *vp = varname; +- char *args; + int i; + + *argc = 0; + *argv = NULL; ++ ++ buffer = grub_buffer_new (1024); ++ if (buffer == NULL) ++ return grub_errno; ++ ++ varname = grub_buffer_new (200); ++ if (varname == NULL) ++ goto fail; ++ + do + { + if (rp == NULL || *rp == '\0') +@@ -219,7 +234,7 @@ grub_parser_split_cmdline (const char *cmdline, + { + grub_parser_state_t newstate; + +- if (process_char (*rp, buffer, &bp, varname, &vp, state, argc, ++ if (process_char (*rp, buffer, varname, state, argc, + &newstate) != GRUB_ERR_NONE) + goto fail; + +@@ -230,10 +245,12 @@ grub_parser_split_cmdline (const char *cmdline, + + /* A special case for when the last character was part of a + variable. */ +- add_var (varname, &bp, &vp, state, GRUB_PARSER_STATE_TEXT); ++ if (add_var (varname, buffer, state, GRUB_PARSER_STATE_TEXT) != GRUB_ERR_NONE) ++ goto fail; + + /* Ensure that the last argument is terminated. */ +- terminate_arg (buffer, &bp, argc); ++ if (terminate_arg (buffer, argc) != GRUB_ERR_NONE) ++ goto fail; + + /* If there are no args, then we're done. */ + if (!*argc) +@@ -242,38 +259,45 @@ grub_parser_split_cmdline (const char *cmdline, + goto out; + } + +- /* Reserve memory for the return values. */ +- args = grub_malloc (bp - buffer); +- if (!args) +- goto fail; +- grub_memcpy (args, buffer, bp - buffer); +- + *argv = grub_calloc (*argc + 1, sizeof (char *)); + if (!*argv) + goto fail; + + /* The arguments are separated with 0's, setup argv so it points to + the right values. */ +- bp = args; + for (i = 0; i < *argc; i++) + { +- (*argv)[i] = bp; +- while (*bp) +- bp++; +- bp++; ++ char *arg; ++ ++ if (i > 0) ++ { ++ if (grub_buffer_advance_read_pos (buffer, 1) != GRUB_ERR_NONE) ++ goto fail; ++ } ++ ++ arg = (char *) grub_buffer_peek_data (buffer); ++ if (arg == NULL || ++ grub_buffer_advance_read_pos (buffer, grub_strlen (arg)) != GRUB_ERR_NONE) ++ goto fail; ++ ++ (*argv)[i] = arg; + } + ++ /* Keep memory for the return values. */ ++ grub_buffer_take_data (buffer); ++ + grub_errno = GRUB_ERR_NONE; + + out: + if (rd != cmdline) + grub_free (rd); ++ grub_buffer_free (buffer); ++ grub_buffer_free (varname); + + return grub_errno; + + fail: + grub_free (*argv); +- grub_free (args); + goto out; + } + diff --git a/SOURCES/0466-kern-efi-Add-initial-stack-protector-implementation.patch b/SOURCES/0466-kern-efi-Add-initial-stack-protector-implementation.patch new file mode 100644 index 0000000..717752d --- /dev/null +++ b/SOURCES/0466-kern-efi-Add-initial-stack-protector-implementation.patch @@ -0,0 +1,298 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Chris Coulson +Date: Fri, 19 Feb 2021 13:53:45 +0100 +Subject: [PATCH] kern/efi: Add initial stack protector implementation + +It works only on UEFI platforms but can be quite easily extended to +others architectures and platforms if needed. + +Signed-off-by: Chris Coulson +Signed-off-by: Daniel Kiper +Reviewed-by: Marco A Benatto +Reviewed-by: Javier Martinez Canillas +--- + configure.ac | 44 ++++++++++++++++++++++++++++++---- + grub-core/kern/efi/init.c | 54 ++++++++++++++++++++++++++++++++++++++++++ + include/grub/efi/api.h | 19 +++++++++++++++ + include/grub/stack_protector.h | 30 +++++++++++++++++++++++ + acinclude.m4 | 38 +++++++++++++++++++++++++++-- + grub-core/Makefile.am | 1 + + 6 files changed, 179 insertions(+), 7 deletions(-) + create mode 100644 include/grub/stack_protector.h + +diff --git a/configure.ac b/configure.ac +index 0059b938a..f59a7b86c 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -1330,12 +1330,41 @@ fi] + + CFLAGS="$TARGET_CFLAGS" + +-# Smashing stack protector. ++# Stack smashing protector. + grub_CHECK_STACK_PROTECTOR +-# Need that, because some distributions ship compilers that include +-# `-fstack-protector' in the default specs. +-if test "x$ssp_possible" = xyes; then +- TARGET_CFLAGS="$TARGET_CFLAGS -fno-stack-protector" ++AC_ARG_ENABLE([stack-protector], ++ AS_HELP_STRING([--enable-stack-protector], ++ [enable the stack protector]), ++ [], ++ [enable_stack_protector=no]) ++if test "x$enable_stack_protector" = xno; then ++ if test "x$ssp_possible" = xyes; then ++ # Need that, because some distributions ship compilers that include ++ # `-fstack-protector' in the default specs. ++ TARGET_CFLAGS="$TARGET_CFLAGS -fno-stack-protector" ++ fi ++elif test "x$platform" != xefi; then ++ AC_MSG_ERROR([--enable-stack-protector is only supported on EFI platforms]) ++elif test "x$ssp_global_possible" != xyes; then ++ AC_MSG_ERROR([--enable-stack-protector is not supported (compiler doesn't support -mstack-protector-guard=global)]) ++else ++ TARGET_CFLAGS="$TARGET_CFLAGS -mstack-protector-guard=global" ++ if test "x$enable_stack_protector" = xyes; then ++ if test "x$ssp_possible" != xyes; then ++ AC_MSG_ERROR([--enable-stack-protector is not supported (compiler doesn't support -fstack-protector)]) ++ fi ++ TARGET_CFLAGS="$TARGET_CFLAGS -fstack-protector" ++ elif test "x$enable_stack_protector" = xstrong; then ++ if test "x$ssp_strong_possible" != xyes; then ++ AC_MSG_ERROR([--enable-stack-protector=strong is not supported (compiler doesn't support -fstack-protector-strong)]) ++ fi ++ TARGET_CFLAGS="$TARGET_CFLAGS -fstack-protector-strong" ++ else ++ # Note, -fstack-protector-all requires that the protector is disabled for ++ # functions that appear in the call stack when the canary is initialized. ++ AC_MSG_ERROR([invalid value $enable_stack_protector for --enable-stack-protector]) ++ fi ++ TARGET_CPPFLAGS="$TARGET_CPPFLAGS -DGRUB_STACK_PROTECTOR=1" + fi + + CFLAGS="$TARGET_CFLAGS" +@@ -2247,5 +2276,10 @@ echo "Without liblzma (no support for XZ-compressed mips images) ($liblzma_excus + else + echo "With liblzma from $LIBLZMA (support for XZ-compressed mips images)" + fi ++if test "x$enable_stack_protector" != xno; then ++echo "With stack smashing protector: Yes" ++else ++echo "With stack smashing protector: No" ++fi + echo "*******************************************************" + ] +diff --git a/grub-core/kern/efi/init.c b/grub-core/kern/efi/init.c +index 97bf36906..501608f74 100644 +--- a/grub-core/kern/efi/init.c ++++ b/grub-core/kern/efi/init.c +@@ -28,6 +28,58 @@ + #include + #include + #include ++#include ++ ++#ifdef GRUB_STACK_PROTECTOR ++ ++static grub_efi_guid_t rng_protocol_guid = GRUB_EFI_RNG_PROTOCOL_GUID; ++ ++/* ++ * Don't put this on grub_efi_init()'s local stack to avoid it ++ * getting a stack check. ++ */ ++static grub_efi_uint8_t stack_chk_guard_buf[32]; ++ ++grub_addr_t __stack_chk_guard; ++ ++void __attribute__ ((noreturn)) ++__stack_chk_fail (void) ++{ ++ /* ++ * Assume it's not safe to call into EFI Boot Services. Sorry, that ++ * means no console message here. ++ */ ++ do ++ { ++ /* Do not optimize out the loop. */ ++ asm volatile (""); ++ } ++ while (1); ++} ++ ++static void ++stack_protector_init (void) ++{ ++ grub_efi_rng_protocol_t *rng; ++ ++ /* Set up the stack canary. Make errors here non-fatal for now. */ ++ rng = grub_efi_locate_protocol (&rng_protocol_guid, NULL); ++ if (rng != NULL) ++ { ++ grub_efi_status_t status; ++ ++ status = efi_call_4 (rng->get_rng, rng, NULL, sizeof (stack_chk_guard_buf), ++ stack_chk_guard_buf); ++ if (status == GRUB_EFI_SUCCESS) ++ grub_memcpy (&__stack_chk_guard, stack_chk_guard_buf, sizeof (__stack_chk_guard)); ++ } ++} ++#else ++static void ++stack_protector_init (void) ++{ ++} ++#endif + + grub_addr_t grub_modbase; + +@@ -92,6 +144,8 @@ grub_efi_init (void) + messages. */ + grub_console_init (); + ++ stack_protector_init (); ++ + /* Initialize the memory management system. */ + grub_efi_mm_init (); + +diff --git a/include/grub/efi/api.h b/include/grub/efi/api.h +index a092fddb6..37e7b1628 100644 +--- a/include/grub/efi/api.h ++++ b/include/grub/efi/api.h +@@ -344,6 +344,11 @@ + { 0x89, 0x29, 0x48, 0xbc, 0xd9, 0x0a, 0xd3, 0x1a } \ + } + ++#define GRUB_EFI_RNG_PROTOCOL_GUID \ ++ { 0x3152bca5, 0xeade, 0x433d, \ ++ { 0x86, 0x2e, 0xc0, 0x1c, 0xdc, 0x29, 0x1f, 0x44 } \ ++ } ++ + struct grub_efi_sal_system_table + { + grub_uint32_t signature; +@@ -2067,6 +2072,20 @@ struct grub_efi_ip6_config_manual_address { + }; + typedef struct grub_efi_ip6_config_manual_address grub_efi_ip6_config_manual_address_t; + ++typedef grub_efi_guid_t grub_efi_rng_algorithm_t; ++ ++struct grub_efi_rng_protocol ++{ ++ grub_efi_status_t (*get_info) (struct grub_efi_rng_protocol *this, ++ grub_efi_uintn_t *rng_algorithm_list_size, ++ grub_efi_rng_algorithm_t *rng_algorithm_list); ++ grub_efi_status_t (*get_rng) (struct grub_efi_rng_protocol *this, ++ grub_efi_rng_algorithm_t *rng_algorithm, ++ grub_efi_uintn_t rng_value_length, ++ grub_efi_uint8_t *rng_value); ++}; ++typedef struct grub_efi_rng_protocol grub_efi_rng_protocol_t; ++ + #if (GRUB_TARGET_SIZEOF_VOID_P == 4) || defined (__ia64__) \ + || defined (__aarch64__) || defined (__MINGW64__) || defined (__CYGWIN__) + +diff --git a/include/grub/stack_protector.h b/include/grub/stack_protector.h +new file mode 100644 +index 000000000..c88dc00b5 +--- /dev/null ++++ b/include/grub/stack_protector.h +@@ -0,0 +1,30 @@ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2021 Free Software Foundation, Inc. ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ */ ++ ++#ifndef GRUB_STACK_PROTECTOR_H ++#define GRUB_STACK_PROTECTOR_H 1 ++ ++#include ++#include ++ ++#ifdef GRUB_STACK_PROTECTOR ++extern grub_addr_t EXPORT_VAR (__stack_chk_guard); ++extern void __attribute__ ((noreturn)) EXPORT_FUNC (__stack_chk_fail) (void); ++#endif ++ ++#endif /* GRUB_STACK_PROTECTOR_H */ +diff --git a/acinclude.m4 b/acinclude.m4 +index 242e829ff..21238fcfd 100644 +--- a/acinclude.m4 ++++ b/acinclude.m4 +@@ -324,9 +324,9 @@ fi + ]) + + +-dnl Check if the C compiler supports `-fstack-protector'. ++dnl Check if the C compiler supports the stack protector + AC_DEFUN([grub_CHECK_STACK_PROTECTOR],[ +-[# Smashing stack protector. ++[# Stack smashing protector. + ssp_possible=yes] + AC_MSG_CHECKING([whether `$CC' accepts `-fstack-protector']) + # Is this a reliable test case? +@@ -343,6 +343,40 @@ else + ssp_possible=no] + AC_MSG_RESULT([no]) + [fi] ++[# Strong stack smashing protector. ++ssp_strong_possible=yes] ++AC_MSG_CHECKING([whether `$CC' accepts `-fstack-protector-strong']) ++# Is this a reliable test case? ++AC_LANG_CONFTEST([AC_LANG_SOURCE([[ ++void foo (void) { volatile char a[8]; a[3]; } ++]])]) ++[# `$CC -c -o ...' might not be portable. But, oh, well... Is calling ++# `ac_compile' like this correct, after all? ++if eval "$ac_compile -S -fstack-protector-strong -o conftest.s" 2> /dev/null; then] ++ AC_MSG_RESULT([yes]) ++ [# Should we clear up other files as well, having called `AC_LANG_CONFTEST'? ++ rm -f conftest.s ++else ++ ssp_strong_possible=no] ++ AC_MSG_RESULT([no]) ++[fi] ++[# Global stack smashing protector. ++ssp_global_possible=yes] ++AC_MSG_CHECKING([whether `$CC' accepts `-mstack-protector-guard=global']) ++# Is this a reliable test case? ++AC_LANG_CONFTEST([AC_LANG_SOURCE([[ ++void foo (void) { volatile char a[8]; a[3]; } ++]])]) ++[# `$CC -c -o ...' might not be portable. But, oh, well... Is calling ++# `ac_compile' like this correct, after all? ++if eval "$ac_compile -S -fstack-protector -mstack-protector-guard=global -o conftest.s" 2> /dev/null; then] ++ AC_MSG_RESULT([yes]) ++ [# Should we clear up other files as well, having called `AC_LANG_CONFTEST'? ++ rm -f conftest.s ++else ++ ssp_global_possible=no] ++ AC_MSG_RESULT([no]) ++[fi] + ]) + + dnl Check if the C compiler supports `-mstack-arg-probe' (Cygwin). +diff --git a/grub-core/Makefile.am b/grub-core/Makefile.am +index a6f1b0dcd..308ad8850 100644 +--- a/grub-core/Makefile.am ++++ b/grub-core/Makefile.am +@@ -92,6 +92,7 @@ endif + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/mm.h + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/parser.h + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/partition.h ++KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/stack_protector.h + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/term.h + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/time.h + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/mm_private.h diff --git a/SOURCES/0467-util-mkimage-Remove-unused-code-to-add-BSS-section.patch b/SOURCES/0467-util-mkimage-Remove-unused-code-to-add-BSS-section.patch new file mode 100644 index 0000000..c312809 --- /dev/null +++ b/SOURCES/0467-util-mkimage-Remove-unused-code-to-add-BSS-section.patch @@ -0,0 +1,57 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Thu, 11 Feb 2021 17:06:49 +0100 +Subject: [PATCH] util/mkimage: Remove unused code to add BSS section + +The code is compiled out so there is no reason to keep it. + +Additionally, don't set bss_size field since we do not add a BSS section. + +Signed-off-by: Javier Martinez Canillas +Reviewed-by: Daniel Kiper +--- + util/mkimage.c | 17 ----------------- + 1 file changed, 17 deletions(-) + +diff --git a/util/mkimage.c b/util/mkimage.c +index 2529de4bb..64f4f1398 100644 +--- a/util/mkimage.c ++++ b/util/mkimage.c +@@ -1292,7 +1292,6 @@ grub_install_generate_image (const char *dir, const char *prefix, + o->code_size = grub_host_to_target32 (layout.exec_size); + o->data_size = grub_cpu_to_le32 (reloc_addr - layout.exec_size + - header_size); +- o->bss_size = grub_cpu_to_le32 (layout.bss_size); + o->entry_addr = grub_cpu_to_le32 (layout.start_address); + o->code_base = grub_cpu_to_le32 (header_size); + +@@ -1330,7 +1329,6 @@ grub_install_generate_image (const char *dir, const char *prefix, + o->code_size = grub_host_to_target32 (layout.exec_size); + o->data_size = grub_cpu_to_le32 (reloc_addr - layout.exec_size + - header_size); +- o->bss_size = grub_cpu_to_le32 (layout.bss_size); + o->entry_addr = grub_cpu_to_le32 (layout.start_address); + o->code_base = grub_cpu_to_le32 (header_size); + o->image_base = 0; +@@ -1375,21 +1373,6 @@ grub_install_generate_image (const char *dir, const char *prefix, + = grub_cpu_to_le32_compile_time (GRUB_PE32_SCN_CNT_INITIALIZED_DATA + | GRUB_PE32_SCN_MEM_READ + | GRUB_PE32_SCN_MEM_WRITE); +- +-#if 0 +- bss_section = data_section + 1; +- strcpy (bss_section->name, ".bss"); +- bss_section->virtual_size = grub_cpu_to_le32 (layout.bss_size); +- bss_section->virtual_address = grub_cpu_to_le32 (header_size + layout.kernel_size); +- bss_section->raw_data_size = 0; +- bss_section->raw_data_offset = 0; +- bss_section->characteristics +- = grub_cpu_to_le32_compile_time (GRUB_PE32_SCN_MEM_READ +- | GRUB_PE32_SCN_MEM_WRITE +- | GRUB_PE32_SCN_ALIGN_64BYTES +- | GRUB_PE32_SCN_CNT_INITIALIZED_DATA +- | 0x80); +-#endif + + mods_section = data_section + 1; + strcpy (mods_section->name, "mods"); diff --git a/SOURCES/0468-util-mkimage-Use-grub_host_to_target32-instead-of-gr.patch b/SOURCES/0468-util-mkimage-Use-grub_host_to_target32-instead-of-gr.patch new file mode 100644 index 0000000..e634289 --- /dev/null +++ b/SOURCES/0468-util-mkimage-Use-grub_host_to_target32-instead-of-gr.patch @@ -0,0 +1,109 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Mon, 15 Feb 2021 13:59:21 +0100 +Subject: [PATCH] util/mkimage: Use grub_host_to_target32() instead of + grub_cpu_to_le32() + +The latter doesn't take into account the target image endianness. There is +a grub_cpu_to_le32_compile_time() but no compile time variant for function +grub_host_to_target32(). So, let's keep using the other one for this case. + +Signed-off-by: Peter Jones +Signed-off-by: Javier Martinez Canillas +Reviewed-by: Daniel Kiper +--- + util/mkimage.c | 44 ++++++++++++++++++++++---------------------- + 1 file changed, 22 insertions(+), 22 deletions(-) + +diff --git a/util/mkimage.c b/util/mkimage.c +index 64f4f1398..601521d34 100644 +--- a/util/mkimage.c ++++ b/util/mkimage.c +@@ -1290,10 +1290,10 @@ grub_install_generate_image (const char *dir, const char *prefix, + + sizeof (struct grub_pe32_coff_header)); + o->magic = grub_host_to_target16 (GRUB_PE32_PE32_MAGIC); + o->code_size = grub_host_to_target32 (layout.exec_size); +- o->data_size = grub_cpu_to_le32 (reloc_addr - layout.exec_size ++ o->data_size = grub_host_to_target32 (reloc_addr - layout.exec_size + - header_size); +- o->entry_addr = grub_cpu_to_le32 (layout.start_address); +- o->code_base = grub_cpu_to_le32 (header_size); ++ o->entry_addr = grub_host_to_target32 (layout.start_address); ++ o->code_base = grub_host_to_target32 (header_size); + + o->data_base = grub_host_to_target32 (header_size + layout.exec_size); + +@@ -1327,10 +1327,10 @@ grub_install_generate_image (const char *dir, const char *prefix, + + sizeof (struct grub_pe32_coff_header)); + o->magic = grub_host_to_target16 (GRUB_PE32_PE64_MAGIC); + o->code_size = grub_host_to_target32 (layout.exec_size); +- o->data_size = grub_cpu_to_le32 (reloc_addr - layout.exec_size ++ o->data_size = grub_host_to_target32 (reloc_addr - layout.exec_size + - header_size); +- o->entry_addr = grub_cpu_to_le32 (layout.start_address); +- o->code_base = grub_cpu_to_le32 (header_size); ++ o->entry_addr = grub_host_to_target32 (layout.start_address); ++ o->code_base = grub_host_to_target32 (header_size); + o->image_base = 0; + o->section_alignment = grub_host_to_target32 (image_target->section_align); + o->file_alignment = grub_host_to_target32 (image_target->section_align); +@@ -1354,10 +1354,10 @@ grub_install_generate_image (const char *dir, const char *prefix, + /* The sections. */ + text_section = sections; + strcpy (text_section->name, ".text"); +- text_section->virtual_size = grub_cpu_to_le32 (layout.exec_size); +- text_section->virtual_address = grub_cpu_to_le32 (header_size); +- text_section->raw_data_size = grub_cpu_to_le32 (layout.exec_size); +- text_section->raw_data_offset = grub_cpu_to_le32 (header_size); ++ text_section->virtual_size = grub_host_to_target32 (layout.exec_size); ++ text_section->virtual_address = grub_host_to_target32 (header_size); ++ text_section->raw_data_size = grub_host_to_target32 (layout.exec_size); ++ text_section->raw_data_offset = grub_host_to_target32 (header_size); + text_section->characteristics = grub_cpu_to_le32_compile_time ( + GRUB_PE32_SCN_CNT_CODE + | GRUB_PE32_SCN_MEM_EXECUTE +@@ -1365,10 +1365,10 @@ grub_install_generate_image (const char *dir, const char *prefix, + + data_section = text_section + 1; + strcpy (data_section->name, ".data"); +- data_section->virtual_size = grub_cpu_to_le32 (layout.kernel_size - layout.exec_size); +- data_section->virtual_address = grub_cpu_to_le32 (header_size + layout.exec_size); +- data_section->raw_data_size = grub_cpu_to_le32 (layout.kernel_size - layout.exec_size); +- data_section->raw_data_offset = grub_cpu_to_le32 (header_size + layout.exec_size); ++ data_section->virtual_size = grub_host_to_target32 (layout.kernel_size - layout.exec_size); ++ data_section->virtual_address = grub_host_to_target32 (header_size + layout.exec_size); ++ data_section->raw_data_size = grub_host_to_target32 (layout.kernel_size - layout.exec_size); ++ data_section->raw_data_offset = grub_host_to_target32 (header_size + layout.exec_size); + data_section->characteristics + = grub_cpu_to_le32_compile_time (GRUB_PE32_SCN_CNT_INITIALIZED_DATA + | GRUB_PE32_SCN_MEM_READ +@@ -1376,10 +1376,10 @@ grub_install_generate_image (const char *dir, const char *prefix, + + mods_section = data_section + 1; + strcpy (mods_section->name, "mods"); +- mods_section->virtual_size = grub_cpu_to_le32 (reloc_addr - layout.kernel_size - header_size); +- mods_section->virtual_address = grub_cpu_to_le32 (header_size + layout.kernel_size + layout.bss_size); +- mods_section->raw_data_size = grub_cpu_to_le32 (reloc_addr - layout.kernel_size - header_size); +- mods_section->raw_data_offset = grub_cpu_to_le32 (header_size + layout.kernel_size); ++ mods_section->virtual_size = grub_host_to_target32 (reloc_addr - layout.kernel_size - header_size); ++ mods_section->virtual_address = grub_host_to_target32 (header_size + layout.kernel_size + layout.bss_size); ++ mods_section->raw_data_size = grub_host_to_target32 (reloc_addr - layout.kernel_size - header_size); ++ mods_section->raw_data_offset = grub_host_to_target32 (header_size + layout.kernel_size); + mods_section->characteristics + = grub_cpu_to_le32_compile_time (GRUB_PE32_SCN_CNT_INITIALIZED_DATA + | GRUB_PE32_SCN_MEM_READ +@@ -1387,10 +1387,10 @@ grub_install_generate_image (const char *dir, const char *prefix, + + reloc_section = mods_section + 1; + strcpy (reloc_section->name, ".reloc"); +- reloc_section->virtual_size = grub_cpu_to_le32 (layout.reloc_size); +- reloc_section->virtual_address = grub_cpu_to_le32 (reloc_addr + layout.bss_size); +- reloc_section->raw_data_size = grub_cpu_to_le32 (layout.reloc_size); +- reloc_section->raw_data_offset = grub_cpu_to_le32 (reloc_addr); ++ reloc_section->virtual_size = grub_host_to_target32 (layout.reloc_size); ++ reloc_section->virtual_address = grub_host_to_target32 (reloc_addr + layout.bss_size); ++ reloc_section->raw_data_size = grub_host_to_target32 (layout.reloc_size); ++ reloc_section->raw_data_offset = grub_host_to_target32 (reloc_addr); + reloc_section->characteristics + = grub_cpu_to_le32_compile_time (GRUB_PE32_SCN_CNT_INITIALIZED_DATA + | GRUB_PE32_SCN_MEM_DISCARDABLE diff --git a/SOURCES/0469-util-mkimage-Always-use-grub_host_to_target32-to-ini.patch b/SOURCES/0469-util-mkimage-Always-use-grub_host_to_target32-to-ini.patch new file mode 100644 index 0000000..0690182 --- /dev/null +++ b/SOURCES/0469-util-mkimage-Always-use-grub_host_to_target32-to-ini.patch @@ -0,0 +1,35 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Mon, 15 Feb 2021 14:14:24 +0100 +Subject: [PATCH] util/mkimage: Always use grub_host_to_target32() to + initialize PE stack and heap stuff + +This change does not impact final result of initialization itself. +However, it eases PE code unification in subsequent patches. + +Signed-off-by: Peter Jones +Signed-off-by: Javier Martinez Canillas +Reviewed-by: Daniel Kiper +--- + util/mkimage.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/util/mkimage.c b/util/mkimage.c +index 601521d34..d2876cdb5 100644 +--- a/util/mkimage.c ++++ b/util/mkimage.c +@@ -1339,10 +1339,10 @@ grub_install_generate_image (const char *dir, const char *prefix, + o->subsystem = grub_host_to_target16 (GRUB_PE32_SUBSYSTEM_EFI_APPLICATION); + + /* Do these really matter? */ +- o->stack_reserve_size = grub_host_to_target64 (0x10000); +- o->stack_commit_size = grub_host_to_target64 (0x10000); +- o->heap_reserve_size = grub_host_to_target64 (0x10000); +- o->heap_commit_size = grub_host_to_target64 (0x10000); ++ o->stack_reserve_size = grub_host_to_target32 (0x10000); ++ o->stack_commit_size = grub_host_to_target32 (0x10000); ++ o->heap_reserve_size = grub_host_to_target32 (0x10000); ++ o->heap_commit_size = grub_host_to_target32 (0x10000); + + o->num_data_directories + = grub_host_to_target32 (GRUB_PE32_NUM_DATA_DIRECTORIES); diff --git a/SOURCES/0470-util-mkimage-Unify-more-of-the-PE32-and-PE32-header-.patch b/SOURCES/0470-util-mkimage-Unify-more-of-the-PE32-and-PE32-header-.patch new file mode 100644 index 0000000..23f300a --- /dev/null +++ b/SOURCES/0470-util-mkimage-Unify-more-of-the-PE32-and-PE32-header-.patch @@ -0,0 +1,165 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Fri, 19 Feb 2021 14:22:13 +0100 +Subject: [PATCH] util/mkimage: Unify more of the PE32 and PE32+ header set-up + +There's quite a bit of code duplication in the code that sets the optional +header for PE32 and PE32+. The two are very similar with the exception of +a few fields that have type grub_uint64_t instead of grub_uint32_t. + +Factor out the common code and add a PE_OHDR() macro that simplifies the +set-up and make the code more readable. + +Signed-off-by: Peter Jones +Signed-off-by: Javier Martinez Canillas +Reviewed-by: Daniel Kiper +--- + util/mkimage.c | 111 ++++++++++++++++++++++++++------------------------------- + 1 file changed, 51 insertions(+), 60 deletions(-) + +diff --git a/util/mkimage.c b/util/mkimage.c +index d2876cdb5..ff5462c98 100644 +--- a/util/mkimage.c ++++ b/util/mkimage.c +@@ -771,6 +771,21 @@ grub_install_get_image_targets_string (void) + return formats; + } + ++/* ++ * tmp_ is just here so the compiler knows we'll never derefernce a NULL. ++ * It should get fully optimized away. ++ */ ++#define PE_OHDR(o32, o64, field) (*( \ ++{ \ ++ __typeof__((o64)->field) tmp_; \ ++ __typeof__((o64)->field) *ret_ = &tmp_; \ ++ if (o32) \ ++ ret_ = (void *)(&((o32)->field)); \ ++ else if (o64) \ ++ ret_ = (void *)(&((o64)->field)); \ ++ ret_; \ ++})) ++ + void + grub_install_generate_image (const char *dir, const char *prefix, + FILE *out, const char *outname, char *mods[], +@@ -1240,6 +1255,8 @@ grub_install_generate_image (const char *dir, const char *prefix, + static const grub_uint8_t stub[] = GRUB_PE32_MSDOS_STUB; + int header_size; + int reloc_addr; ++ struct grub_pe32_optional_header *o32 = NULL; ++ struct grub_pe64_optional_header *o64 = NULL; + + if (image_target->voidp_sizeof == 4) + header_size = EFI32_HEADER_SIZE; +@@ -1281,76 +1298,50 @@ grub_install_generate_image (const char *dir, const char *prefix, + /* The PE Optional header. */ + if (image_target->voidp_sizeof == 4) + { +- struct grub_pe32_optional_header *o; +- + c->optional_header_size = grub_host_to_target16 (sizeof (struct grub_pe32_optional_header)); + +- o = (struct grub_pe32_optional_header *) +- (header + GRUB_PE32_MSDOS_STUB_SIZE + GRUB_PE32_SIGNATURE_SIZE +- + sizeof (struct grub_pe32_coff_header)); +- o->magic = grub_host_to_target16 (GRUB_PE32_PE32_MAGIC); +- o->code_size = grub_host_to_target32 (layout.exec_size); +- o->data_size = grub_host_to_target32 (reloc_addr - layout.exec_size +- - header_size); +- o->entry_addr = grub_host_to_target32 (layout.start_address); +- o->code_base = grub_host_to_target32 (header_size); ++ o32 = (struct grub_pe32_optional_header *) ++ (header + GRUB_PE32_MSDOS_STUB_SIZE + GRUB_PE32_SIGNATURE_SIZE + ++ sizeof (struct grub_pe32_coff_header)); ++ o32->magic = grub_host_to_target16 (GRUB_PE32_PE32_MAGIC); ++ o32->data_base = grub_host_to_target32 (header_size + layout.exec_size); + +- o->data_base = grub_host_to_target32 (header_size + layout.exec_size); +- +- o->image_base = 0; +- o->section_alignment = grub_host_to_target32 (image_target->section_align); +- o->file_alignment = grub_host_to_target32 (image_target->section_align); +- o->image_size = grub_host_to_target32 (pe_size); +- o->header_size = grub_host_to_target32 (header_size); +- o->subsystem = grub_host_to_target16 (GRUB_PE32_SUBSYSTEM_EFI_APPLICATION); +- +- /* Do these really matter? */ +- o->stack_reserve_size = grub_host_to_target32 (0x10000); +- o->stack_commit_size = grub_host_to_target32 (0x10000); +- o->heap_reserve_size = grub_host_to_target32 (0x10000); +- o->heap_commit_size = grub_host_to_target32 (0x10000); +- +- o->num_data_directories = grub_host_to_target32 (GRUB_PE32_NUM_DATA_DIRECTORIES); +- +- o->base_relocation_table.rva = grub_host_to_target32 (reloc_addr); +- o->base_relocation_table.size = grub_host_to_target32 (layout.reloc_size); +- sections = o + 1; ++ sections = o32 + 1; + } + else + { +- struct grub_pe64_optional_header *o; +- + c->optional_header_size = grub_host_to_target16 (sizeof (struct grub_pe64_optional_header)); + +- o = (struct grub_pe64_optional_header *) +- (header + GRUB_PE32_MSDOS_STUB_SIZE + GRUB_PE32_SIGNATURE_SIZE +- + sizeof (struct grub_pe32_coff_header)); +- o->magic = grub_host_to_target16 (GRUB_PE32_PE64_MAGIC); +- o->code_size = grub_host_to_target32 (layout.exec_size); +- o->data_size = grub_host_to_target32 (reloc_addr - layout.exec_size +- - header_size); +- o->entry_addr = grub_host_to_target32 (layout.start_address); +- o->code_base = grub_host_to_target32 (header_size); +- o->image_base = 0; +- o->section_alignment = grub_host_to_target32 (image_target->section_align); +- o->file_alignment = grub_host_to_target32 (image_target->section_align); +- o->image_size = grub_host_to_target32 (pe_size); +- o->header_size = grub_host_to_target32 (header_size); +- o->subsystem = grub_host_to_target16 (GRUB_PE32_SUBSYSTEM_EFI_APPLICATION); ++ o64 = (struct grub_pe64_optional_header *) ++ (header + GRUB_PE32_MSDOS_STUB_SIZE + GRUB_PE32_SIGNATURE_SIZE + ++ sizeof (struct grub_pe32_coff_header)); ++ o64->magic = grub_host_to_target16 (GRUB_PE32_PE64_MAGIC); + +- /* Do these really matter? */ +- o->stack_reserve_size = grub_host_to_target32 (0x10000); +- o->stack_commit_size = grub_host_to_target32 (0x10000); +- o->heap_reserve_size = grub_host_to_target32 (0x10000); +- o->heap_commit_size = grub_host_to_target32 (0x10000); +- +- o->num_data_directories +- = grub_host_to_target32 (GRUB_PE32_NUM_DATA_DIRECTORIES); +- +- o->base_relocation_table.rva = grub_host_to_target32 (reloc_addr); +- o->base_relocation_table.size = grub_host_to_target32 (layout.reloc_size); +- sections = o + 1; ++ sections = o64 + 1; + } ++ ++ PE_OHDR (o32, o64, code_size) = grub_host_to_target32 (layout.exec_size); ++ PE_OHDR (o32, o64, data_size) = grub_host_to_target32 (reloc_addr - layout.exec_size - header_size); ++ PE_OHDR (o32, o64, entry_addr) = grub_host_to_target32 (layout.start_address); ++ PE_OHDR (o32, o64, code_base) = grub_host_to_target32 (header_size); ++ ++ PE_OHDR (o32, o64, image_base) = 0; ++ PE_OHDR (o32, o64, section_alignment) = grub_host_to_target32 (image_target->section_align); ++ PE_OHDR (o32, o64, file_alignment) = grub_host_to_target32 (GRUB_PE32_FILE_ALIGNMENT); ++ PE_OHDR (o32, o64, image_size) = grub_host_to_target32 (pe_size); ++ PE_OHDR (o32, o64, header_size) = grub_host_to_target32 (header_size); ++ PE_OHDR (o32, o64, subsystem) = grub_host_to_target16 (GRUB_PE32_SUBSYSTEM_EFI_APPLICATION); ++ ++ /* Do these really matter? */ ++ PE_OHDR (o32, o64, stack_reserve_size) = grub_host_to_target32 (0x10000); ++ PE_OHDR (o32, o64, stack_commit_size) = grub_host_to_target32 (0x10000); ++ PE_OHDR (o32, o64, heap_reserve_size) = grub_host_to_target32 (0x10000); ++ PE_OHDR (o32, o64, heap_commit_size) = grub_host_to_target32 (0x10000); ++ ++ PE_OHDR (o32, o64, num_data_directories) = grub_host_to_target32 (GRUB_PE32_NUM_DATA_DIRECTORIES); ++ PE_OHDR (o32, o64, base_relocation_table.rva) = grub_host_to_target32 (reloc_addr); ++ PE_OHDR (o32, o64, base_relocation_table.size) = grub_host_to_target32 (layout.reloc_size); ++ + /* The sections. */ + text_section = sections; + strcpy (text_section->name, ".text"); diff --git a/SOURCES/0471-util-mkimage-Reorder-PE-optional-header-fields-set-u.patch b/SOURCES/0471-util-mkimage-Reorder-PE-optional-header-fields-set-u.patch new file mode 100644 index 0000000..74cf415 --- /dev/null +++ b/SOURCES/0471-util-mkimage-Reorder-PE-optional-header-fields-set-u.patch @@ -0,0 +1,69 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Mon, 15 Feb 2021 14:21:48 +0100 +Subject: [PATCH] util/mkimage: Reorder PE optional header fields set-up + +This makes the PE32 and PE32+ header fields set-up easier to follow by +setting them closer to the initialization of their related sections. + +Signed-off-by: Peter Jones +Signed-off-by: Javier Martinez Canillas +Reviewed-by: Daniel Kiper +--- + util/mkimage.c | 16 ++++++++-------- + 1 file changed, 8 insertions(+), 8 deletions(-) + +diff --git a/util/mkimage.c b/util/mkimage.c +index ff5462c98..e73a5864b 100644 +--- a/util/mkimage.c ++++ b/util/mkimage.c +@@ -1320,16 +1320,12 @@ grub_install_generate_image (const char *dir, const char *prefix, + sections = o64 + 1; + } + +- PE_OHDR (o32, o64, code_size) = grub_host_to_target32 (layout.exec_size); +- PE_OHDR (o32, o64, data_size) = grub_host_to_target32 (reloc_addr - layout.exec_size - header_size); ++ PE_OHDR (o32, o64, header_size) = grub_host_to_target32 (header_size); + PE_OHDR (o32, o64, entry_addr) = grub_host_to_target32 (layout.start_address); +- PE_OHDR (o32, o64, code_base) = grub_host_to_target32 (header_size); +- + PE_OHDR (o32, o64, image_base) = 0; ++ PE_OHDR (o32, o64, image_size) = grub_host_to_target32 (pe_size); + PE_OHDR (o32, o64, section_alignment) = grub_host_to_target32 (image_target->section_align); + PE_OHDR (o32, o64, file_alignment) = grub_host_to_target32 (GRUB_PE32_FILE_ALIGNMENT); +- PE_OHDR (o32, o64, image_size) = grub_host_to_target32 (pe_size); +- PE_OHDR (o32, o64, header_size) = grub_host_to_target32 (header_size); + PE_OHDR (o32, o64, subsystem) = grub_host_to_target16 (GRUB_PE32_SUBSYSTEM_EFI_APPLICATION); + + /* Do these really matter? */ +@@ -1339,10 +1335,10 @@ grub_install_generate_image (const char *dir, const char *prefix, + PE_OHDR (o32, o64, heap_commit_size) = grub_host_to_target32 (0x10000); + + PE_OHDR (o32, o64, num_data_directories) = grub_host_to_target32 (GRUB_PE32_NUM_DATA_DIRECTORIES); +- PE_OHDR (o32, o64, base_relocation_table.rva) = grub_host_to_target32 (reloc_addr); +- PE_OHDR (o32, o64, base_relocation_table.size) = grub_host_to_target32 (layout.reloc_size); + + /* The sections. */ ++ PE_OHDR (o32, o64, code_base) = grub_host_to_target32 (header_size); ++ PE_OHDR (o32, o64, code_size) = grub_host_to_target32 (layout.exec_size); + text_section = sections; + strcpy (text_section->name, ".text"); + text_section->virtual_size = grub_host_to_target32 (layout.exec_size); +@@ -1354,6 +1350,8 @@ grub_install_generate_image (const char *dir, const char *prefix, + | GRUB_PE32_SCN_MEM_EXECUTE + | GRUB_PE32_SCN_MEM_READ); + ++ PE_OHDR (o32, o64, data_size) = grub_host_to_target32 (reloc_addr - layout.exec_size - header_size); ++ + data_section = text_section + 1; + strcpy (data_section->name, ".data"); + data_section->virtual_size = grub_host_to_target32 (layout.kernel_size - layout.exec_size); +@@ -1376,6 +1374,8 @@ grub_install_generate_image (const char *dir, const char *prefix, + | GRUB_PE32_SCN_MEM_READ + | GRUB_PE32_SCN_MEM_WRITE); + ++ PE_OHDR (o32, o64, base_relocation_table.rva) = grub_host_to_target32 (reloc_addr); ++ PE_OHDR (o32, o64, base_relocation_table.size) = grub_host_to_target32 (layout.reloc_size); + reloc_section = mods_section + 1; + strcpy (reloc_section->name, ".reloc"); + reloc_section->virtual_size = grub_host_to_target32 (layout.reloc_size); diff --git a/SOURCES/0472-util-mkimage-Improve-data_size-value-calculation.patch b/SOURCES/0472-util-mkimage-Improve-data_size-value-calculation.patch new file mode 100644 index 0000000..555092f --- /dev/null +++ b/SOURCES/0472-util-mkimage-Improve-data_size-value-calculation.patch @@ -0,0 +1,46 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Thu, 11 Feb 2021 17:07:33 +0100 +Subject: [PATCH] util/mkimage: Improve data_size value calculation + +According to "Microsoft Portable Executable and Common Object File Format +Specification", the Optional Header SizeOfInitializedData field contains: + + Size of the initialized data section, or the sum of all such sections if + there are multiple data sections. + +Make this explicit by adding the GRUB kernel data size to the sum of all +the modules sizes. The ALIGN_UP() is not required by the PE spec but do +it to avoid alignment issues. + +Signed-off-by: Peter Jones +Signed-off-by: Javier Martinez Canillas +Reviewed-by: Daniel Kiper +--- + util/mkimage.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/util/mkimage.c b/util/mkimage.c +index e73a5864b..f22b398d9 100644 +--- a/util/mkimage.c ++++ b/util/mkimage.c +@@ -1248,6 +1248,7 @@ grub_install_generate_image (const char *dir, const char *prefix, + void *pe_img; + grub_uint8_t *header; + void *sections; ++ size_t scn_size; + size_t pe_size; + struct grub_pe32_coff_header *c; + struct grub_pe32_section_table *text_section, *data_section; +@@ -1350,7 +1351,10 @@ grub_install_generate_image (const char *dir, const char *prefix, + | GRUB_PE32_SCN_MEM_EXECUTE + | GRUB_PE32_SCN_MEM_READ); + +- PE_OHDR (o32, o64, data_size) = grub_host_to_target32 (reloc_addr - layout.exec_size - header_size); ++ scn_size = ALIGN_UP (layout.kernel_size - layout.exec_size, GRUB_PE32_FILE_ALIGNMENT); ++ PE_OHDR (o32, o64, data_size) = grub_host_to_target32 (scn_size + ++ ALIGN_UP (total_module_size, ++ GRUB_PE32_FILE_ALIGNMENT)); + + data_section = text_section + 1; + strcpy (data_section->name, ".data"); diff --git a/SOURCES/0473-util-mkimage-Refactor-section-setup-to-use-a-helper.patch b/SOURCES/0473-util-mkimage-Refactor-section-setup-to-use-a-helper.patch new file mode 100644 index 0000000..61c0b54 --- /dev/null +++ b/SOURCES/0473-util-mkimage-Refactor-section-setup-to-use-a-helper.patch @@ -0,0 +1,216 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Mon, 15 Feb 2021 14:58:06 +0100 +Subject: [PATCH] util/mkimage: Refactor section setup to use a helper + +Add a init_pe_section() helper function to setup PE sections. This makes +the code simpler and easier to read. + +Signed-off-by: Peter Jones +Signed-off-by: Javier Martinez Canillas +Reviewed-by: Daniel Kiper +--- + util/mkimage.c | 141 +++++++++++++++++++++++++++++++-------------------------- + 1 file changed, 76 insertions(+), 65 deletions(-) + +diff --git a/util/mkimage.c b/util/mkimage.c +index f22b398d9..0f5ae2a76 100644 +--- a/util/mkimage.c ++++ b/util/mkimage.c +@@ -771,6 +771,38 @@ grub_install_get_image_targets_string (void) + return formats; + } + ++/* ++ * The image_target parameter is used by the grub_host_to_target32() macro. ++ */ ++static struct grub_pe32_section_table * ++init_pe_section(const struct grub_install_image_target_desc *image_target, ++ struct grub_pe32_section_table *section, ++ const char * const name, ++ grub_uint32_t *vma, grub_uint32_t vsz, grub_uint32_t valign, ++ grub_uint32_t *rda, grub_uint32_t rsz, ++ grub_uint32_t characteristics) ++{ ++ size_t len = strlen (name); ++ ++ if (len > sizeof (section->name)) ++ grub_util_error (_("section name %s length is bigger than %lu"), ++ name, (unsigned long) sizeof (section->name)); ++ ++ memcpy (section->name, name, len); ++ ++ section->virtual_address = grub_host_to_target32 (*vma); ++ section->virtual_size = grub_host_to_target32 (vsz); ++ (*vma) = ALIGN_UP (*vma + vsz, valign); ++ ++ section->raw_data_offset = grub_host_to_target32 (*rda); ++ section->raw_data_size = grub_host_to_target32 (rsz); ++ (*rda) = ALIGN_UP (*rda + rsz, GRUB_PE32_FILE_ALIGNMENT); ++ ++ section->characteristics = grub_host_to_target32 (characteristics); ++ ++ return section + 1; ++} ++ + /* + * tmp_ is just here so the compiler knows we'll never derefernce a NULL. + * It should get fully optimized away. +@@ -1245,17 +1277,13 @@ grub_install_generate_image (const char *dir, const char *prefix, + break; + case IMAGE_EFI: + { +- void *pe_img; +- grub_uint8_t *header; +- void *sections; ++ char *pe_img, *header; ++ struct grub_pe32_section_table *section; + size_t scn_size; +- size_t pe_size; ++ grub_uint32_t vma, raw_data; ++ size_t pe_size, header_size; + struct grub_pe32_coff_header *c; +- struct grub_pe32_section_table *text_section, *data_section; +- struct grub_pe32_section_table *mods_section, *reloc_section; + static const grub_uint8_t stub[] = GRUB_PE32_MSDOS_STUB; +- int header_size; +- int reloc_addr; + struct grub_pe32_optional_header *o32 = NULL; + struct grub_pe64_optional_header *o64 = NULL; + +@@ -1264,17 +1292,12 @@ grub_install_generate_image (const char *dir, const char *prefix, + else + header_size = EFI64_HEADER_SIZE; + +- reloc_addr = ALIGN_UP (header_size + core_size, +- image_target->section_align); ++ vma = raw_data = header_size; ++ pe_size = ALIGN_UP (header_size + core_size, GRUB_PE32_FILE_ALIGNMENT) + ++ ALIGN_UP (layout.reloc_size, GRUB_PE32_FILE_ALIGNMENT); ++ header = pe_img = xcalloc (1, pe_size); + +- pe_size = ALIGN_UP (reloc_addr + layout.reloc_size, +- image_target->section_align); +- pe_img = xmalloc (reloc_addr + layout.reloc_size); +- memset (pe_img, 0, header_size); +- memcpy ((char *) pe_img + header_size, core_img, core_size); +- memset ((char *) pe_img + header_size + core_size, 0, reloc_addr - (header_size + core_size)); +- memcpy ((char *) pe_img + reloc_addr, layout.reloc_section, layout.reloc_size); +- header = pe_img; ++ memcpy (pe_img + raw_data, core_img, core_size); + + /* The magic. */ + memcpy (header, stub, GRUB_PE32_MSDOS_STUB_SIZE); +@@ -1307,18 +1330,17 @@ grub_install_generate_image (const char *dir, const char *prefix, + o32->magic = grub_host_to_target16 (GRUB_PE32_PE32_MAGIC); + o32->data_base = grub_host_to_target32 (header_size + layout.exec_size); + +- sections = o32 + 1; ++ section = (struct grub_pe32_section_table *)(o32 + 1); + } + else + { + c->optional_header_size = grub_host_to_target16 (sizeof (struct grub_pe64_optional_header)); +- + o64 = (struct grub_pe64_optional_header *) + (header + GRUB_PE32_MSDOS_STUB_SIZE + GRUB_PE32_SIGNATURE_SIZE + + sizeof (struct grub_pe32_coff_header)); + o64->magic = grub_host_to_target16 (GRUB_PE32_PE64_MAGIC); + +- sections = o64 + 1; ++ section = (struct grub_pe32_section_table *)(o64 + 1); + } + + PE_OHDR (o32, o64, header_size) = grub_host_to_target32 (header_size); +@@ -1338,58 +1360,47 @@ grub_install_generate_image (const char *dir, const char *prefix, + PE_OHDR (o32, o64, num_data_directories) = grub_host_to_target32 (GRUB_PE32_NUM_DATA_DIRECTORIES); + + /* The sections. */ +- PE_OHDR (o32, o64, code_base) = grub_host_to_target32 (header_size); ++ PE_OHDR (o32, o64, code_base) = grub_host_to_target32 (vma); + PE_OHDR (o32, o64, code_size) = grub_host_to_target32 (layout.exec_size); +- text_section = sections; +- strcpy (text_section->name, ".text"); +- text_section->virtual_size = grub_host_to_target32 (layout.exec_size); +- text_section->virtual_address = grub_host_to_target32 (header_size); +- text_section->raw_data_size = grub_host_to_target32 (layout.exec_size); +- text_section->raw_data_offset = grub_host_to_target32 (header_size); +- text_section->characteristics = grub_cpu_to_le32_compile_time ( +- GRUB_PE32_SCN_CNT_CODE +- | GRUB_PE32_SCN_MEM_EXECUTE +- | GRUB_PE32_SCN_MEM_READ); ++ section = init_pe_section (image_target, section, ".text", ++ &vma, layout.exec_size, ++ image_target->section_align, ++ &raw_data, layout.exec_size, ++ GRUB_PE32_SCN_CNT_CODE | ++ GRUB_PE32_SCN_MEM_EXECUTE | ++ GRUB_PE32_SCN_MEM_READ); + + scn_size = ALIGN_UP (layout.kernel_size - layout.exec_size, GRUB_PE32_FILE_ALIGNMENT); + PE_OHDR (o32, o64, data_size) = grub_host_to_target32 (scn_size + + ALIGN_UP (total_module_size, + GRUB_PE32_FILE_ALIGNMENT)); + +- data_section = text_section + 1; +- strcpy (data_section->name, ".data"); +- data_section->virtual_size = grub_host_to_target32 (layout.kernel_size - layout.exec_size); +- data_section->virtual_address = grub_host_to_target32 (header_size + layout.exec_size); +- data_section->raw_data_size = grub_host_to_target32 (layout.kernel_size - layout.exec_size); +- data_section->raw_data_offset = grub_host_to_target32 (header_size + layout.exec_size); +- data_section->characteristics +- = grub_cpu_to_le32_compile_time (GRUB_PE32_SCN_CNT_INITIALIZED_DATA +- | GRUB_PE32_SCN_MEM_READ +- | GRUB_PE32_SCN_MEM_WRITE); +- +- mods_section = data_section + 1; +- strcpy (mods_section->name, "mods"); +- mods_section->virtual_size = grub_host_to_target32 (reloc_addr - layout.kernel_size - header_size); +- mods_section->virtual_address = grub_host_to_target32 (header_size + layout.kernel_size + layout.bss_size); +- mods_section->raw_data_size = grub_host_to_target32 (reloc_addr - layout.kernel_size - header_size); +- mods_section->raw_data_offset = grub_host_to_target32 (header_size + layout.kernel_size); +- mods_section->characteristics +- = grub_cpu_to_le32_compile_time (GRUB_PE32_SCN_CNT_INITIALIZED_DATA +- | GRUB_PE32_SCN_MEM_READ +- | GRUB_PE32_SCN_MEM_WRITE); ++ section = init_pe_section (image_target, section, ".data", ++ &vma, scn_size, image_target->section_align, ++ &raw_data, scn_size, ++ GRUB_PE32_SCN_CNT_INITIALIZED_DATA | ++ GRUB_PE32_SCN_MEM_READ | ++ GRUB_PE32_SCN_MEM_WRITE); ++ ++ scn_size = pe_size - layout.reloc_size - raw_data; ++ section = init_pe_section (image_target, section, "mods", ++ &vma, scn_size, image_target->section_align, ++ &raw_data, scn_size, ++ GRUB_PE32_SCN_CNT_INITIALIZED_DATA | ++ GRUB_PE32_SCN_MEM_READ | ++ GRUB_PE32_SCN_MEM_WRITE); ++ ++ scn_size = layout.reloc_size; ++ PE_OHDR (o32, o64, base_relocation_table.rva) = grub_host_to_target32 (vma); ++ PE_OHDR (o32, o64, base_relocation_table.size) = grub_host_to_target32 (scn_size); ++ memcpy (pe_img + raw_data, layout.reloc_section, scn_size); ++ init_pe_section (image_target, section, ".reloc", ++ &vma, scn_size, image_target->section_align, ++ &raw_data, scn_size, ++ GRUB_PE32_SCN_CNT_INITIALIZED_DATA | ++ GRUB_PE32_SCN_MEM_DISCARDABLE | ++ GRUB_PE32_SCN_MEM_READ); + +- PE_OHDR (o32, o64, base_relocation_table.rva) = grub_host_to_target32 (reloc_addr); +- PE_OHDR (o32, o64, base_relocation_table.size) = grub_host_to_target32 (layout.reloc_size); +- reloc_section = mods_section + 1; +- strcpy (reloc_section->name, ".reloc"); +- reloc_section->virtual_size = grub_host_to_target32 (layout.reloc_size); +- reloc_section->virtual_address = grub_host_to_target32 (reloc_addr + layout.bss_size); +- reloc_section->raw_data_size = grub_host_to_target32 (layout.reloc_size); +- reloc_section->raw_data_offset = grub_host_to_target32 (reloc_addr); +- reloc_section->characteristics +- = grub_cpu_to_le32_compile_time (GRUB_PE32_SCN_CNT_INITIALIZED_DATA +- | GRUB_PE32_SCN_MEM_DISCARDABLE +- | GRUB_PE32_SCN_MEM_READ); + free (core_img); + core_img = pe_img; + core_size = pe_size; diff --git a/SOURCES/0474-util-mkimage-Add-an-option-to-import-SBAT-metadata-i.patch b/SOURCES/0474-util-mkimage-Add-an-option-to-import-SBAT-metadata-i.patch new file mode 100644 index 0000000..261addd --- /dev/null +++ b/SOURCES/0474-util-mkimage-Add-an-option-to-import-SBAT-metadata-i.patch @@ -0,0 +1,260 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Mon, 15 Feb 2021 17:07:00 +0100 +Subject: [PATCH] util/mkimage: Add an option to import SBAT metadata into a + .sbat section + +Add a --sbat option to the grub-mkimage tool which allows us to import +an SBAT metadata formatted as a CSV file into a .sbat section of the +EFI binary. + +Signed-off-by: Peter Jones +Signed-off-by: Javier Martinez Canillas +Reviewed-by: Daniel Kiper +--- + util/grub-install-common.c | 2 +- + util/grub-mkimage.c | 15 ++++++++++++++- + util/mkimage.c | 43 ++++++++++++++++++++++++++++++++++++------- + include/grub/util/install.h | 3 ++- + include/grub/util/mkimage.h | 1 + + docs/grub.texi | 19 +++++++++++++++++++ + 6 files changed, 73 insertions(+), 10 deletions(-) + +diff --git a/util/grub-install-common.c b/util/grub-install-common.c +index fa6b65347..fde4ca7fc 100644 +--- a/util/grub-install-common.c ++++ b/util/grub-install-common.c +@@ -537,7 +537,7 @@ grub_install_make_image_wrap_file (const char *dir, const char *prefix, + pubkeys, npubkeys, + x509keys, nx509keys, + config_path, tgt, +- note, appsig_size, compression, dtb); ++ note, appsig_size, compression, dtb, NULL); + while (dc--) + grub_install_pop_module (); + } +diff --git a/util/grub-mkimage.c b/util/grub-mkimage.c +index 394d2dc5f..17a86261f 100644 +--- a/util/grub-mkimage.c ++++ b/util/grub-mkimage.c +@@ -82,6 +82,7 @@ static struct argp_option options[] = { + {"output", 'o', N_("FILE"), 0, N_("output a generated image to FILE [default=stdout]"), 0}, + {"format", 'O', N_("FORMAT"), 0, 0, 0}, + {"compression", 'C', "(xz|none|auto)", 0, N_("choose the compression to use for core image"), 0}, ++ {"sbat", 's', N_("FILE"), 0, N_("SBAT metadata"), 0}, + {"verbose", 'v', 0, 0, N_("print verbose messages."), 0}, + {"appended-signature-size", 'S', N_("SIZE"), 0, N_("Add a note segment reserving SIZE bytes for an appended signature"), 0}, + { 0, 0, 0, 0, 0, 0 } +@@ -127,6 +128,7 @@ struct arguments + size_t nx509keys; + char *font; + char *config; ++ char *sbat; + int note; + size_t appsig_size; + const struct grub_install_image_target_desc *image_target; +@@ -244,6 +246,13 @@ argp_parser (int key, char *arg, struct argp_state *state) + arguments->prefix = xstrdup (arg); + break; + ++ case 's': ++ if (arguments->sbat) ++ free (arguments->sbat); ++ ++ arguments->sbat = xstrdup (arg); ++ break; ++ + case 'v': + verbosity++; + break; +@@ -331,7 +340,8 @@ main (int argc, char *argv[]) + arguments.nx509keys, arguments.config, + arguments.image_target, arguments.note, + arguments.appsig_size, +- arguments.comp, arguments.dtb); ++ arguments.comp, arguments.dtb, ++ arguments.sbat); + + grub_util_file_sync (fp); + fclose (fp); +@@ -346,5 +356,8 @@ main (int argc, char *argv[]) + if (arguments.output) + free (arguments.output); + ++ if (arguments.sbat) ++ free (arguments.sbat); ++ + return 0; + } +diff --git a/util/mkimage.c b/util/mkimage.c +index 0f5ae2a76..16418e245 100644 +--- a/util/mkimage.c ++++ b/util/mkimage.c +@@ -826,12 +826,13 @@ grub_install_generate_image (const char *dir, const char *prefix, + char **x509key_paths, size_t nx509keys, + char *config_path, + const struct grub_install_image_target_desc *image_target, +- int note, size_t appsig_size, grub_compression_t comp, const char *dtb_path) ++ int note, size_t appsig_size, grub_compression_t comp, ++ const char *dtb_path, const char *sbat_path) + { + char *kernel_img, *core_img; + size_t total_module_size, core_size; + size_t memdisk_size = 0, config_size = 0; +- size_t prefix_size = 0, dtb_size = 0; ++ size_t prefix_size = 0, dtb_size = 0, sbat_size = 0; + char *kernel_path; + size_t offset; + struct grub_util_path_list *path_list, *p; +@@ -895,6 +896,9 @@ grub_install_generate_image (const char *dir, const char *prefix, + total_module_size += dtb_size + sizeof (struct grub_module_header); + } + ++ if (sbat_path != NULL && image_target->id != IMAGE_EFI) ++ grub_util_error (_(".sbat section can be embedded into EFI images only")); ++ + if (config_path) + { + config_size = ALIGN_ADDR (grub_util_get_image_size (config_path) + 1); +@@ -1277,8 +1281,9 @@ grub_install_generate_image (const char *dir, const char *prefix, + break; + case IMAGE_EFI: + { +- char *pe_img, *header; ++ char *pe_img, *pe_sbat, *header; + struct grub_pe32_section_table *section; ++ size_t n_sections = 4; + size_t scn_size; + grub_uint32_t vma, raw_data; + size_t pe_size, header_size; +@@ -1293,8 +1298,15 @@ grub_install_generate_image (const char *dir, const char *prefix, + header_size = EFI64_HEADER_SIZE; + + vma = raw_data = header_size; ++ ++ if (sbat_path != NULL) ++ { ++ sbat_size = ALIGN_ADDR (grub_util_get_image_size (sbat_path)); ++ sbat_size = ALIGN_UP (sbat_size, GRUB_PE32_FILE_ALIGNMENT); ++ } ++ + pe_size = ALIGN_UP (header_size + core_size, GRUB_PE32_FILE_ALIGNMENT) + +- ALIGN_UP (layout.reloc_size, GRUB_PE32_FILE_ALIGNMENT); ++ ALIGN_UP (layout.reloc_size, GRUB_PE32_FILE_ALIGNMENT) + sbat_size; + header = pe_img = xcalloc (1, pe_size); + + memcpy (pe_img + raw_data, core_img, core_size); +@@ -1309,7 +1321,10 @@ grub_install_generate_image (const char *dir, const char *prefix, + + GRUB_PE32_SIGNATURE_SIZE); + c->machine = grub_host_to_target16 (image_target->pe_target); + +- c->num_sections = grub_host_to_target16 (4); ++ if (sbat_path != NULL) ++ n_sections++; ++ ++ c->num_sections = grub_host_to_target16 (n_sections); + c->time = grub_host_to_target32 (STABLE_EMBEDDING_TIMESTAMP); + c->characteristics = grub_host_to_target16 (GRUB_PE32_EXECUTABLE_IMAGE + | GRUB_PE32_LINE_NUMS_STRIPPED +@@ -1371,7 +1386,8 @@ grub_install_generate_image (const char *dir, const char *prefix, + GRUB_PE32_SCN_MEM_READ); + + scn_size = ALIGN_UP (layout.kernel_size - layout.exec_size, GRUB_PE32_FILE_ALIGNMENT); +- PE_OHDR (o32, o64, data_size) = grub_host_to_target32 (scn_size + ++ /* ALIGN_UP (sbat_size, GRUB_PE32_FILE_ALIGNMENT) is done earlier. */ ++ PE_OHDR (o32, o64, data_size) = grub_host_to_target32 (scn_size + sbat_size + + ALIGN_UP (total_module_size, + GRUB_PE32_FILE_ALIGNMENT)); + +@@ -1382,7 +1398,7 @@ grub_install_generate_image (const char *dir, const char *prefix, + GRUB_PE32_SCN_MEM_READ | + GRUB_PE32_SCN_MEM_WRITE); + +- scn_size = pe_size - layout.reloc_size - raw_data; ++ scn_size = pe_size - layout.reloc_size - sbat_size - raw_data; + section = init_pe_section (image_target, section, "mods", + &vma, scn_size, image_target->section_align, + &raw_data, scn_size, +@@ -1390,6 +1406,19 @@ grub_install_generate_image (const char *dir, const char *prefix, + GRUB_PE32_SCN_MEM_READ | + GRUB_PE32_SCN_MEM_WRITE); + ++ if (sbat_path != NULL) ++ { ++ pe_sbat = pe_img + raw_data; ++ grub_util_load_image (sbat_path, pe_sbat); ++ ++ section = init_pe_section (image_target, section, ".sbat", ++ &vma, sbat_size, ++ image_target->section_align, ++ &raw_data, sbat_size, ++ GRUB_PE32_SCN_CNT_INITIALIZED_DATA | ++ GRUB_PE32_SCN_MEM_READ); ++ } ++ + scn_size = layout.reloc_size; + PE_OHDR (o32, o64, base_relocation_table.rva) = grub_host_to_target32 (vma); + PE_OHDR (o32, o64, base_relocation_table.size) = grub_host_to_target32 (scn_size); +diff --git a/include/grub/util/install.h b/include/grub/util/install.h +index 95059285b..dad17561c 100644 +--- a/include/grub/util/install.h ++++ b/include/grub/util/install.h +@@ -187,7 +187,8 @@ grub_install_generate_image (const char *dir, const char *prefix, + char *config_path, + const struct grub_install_image_target_desc *image_target, + int note, size_t appsig_size, +- grub_compression_t comp, const char *dtb_file); ++ grub_compression_t comp, const char *dtb_file, ++ const char *sbat_path); + + const struct grub_install_image_target_desc * + grub_install_get_image_target (const char *arg); +diff --git a/include/grub/util/mkimage.h b/include/grub/util/mkimage.h +index cef7fffa7..f48d544c2 100644 +--- a/include/grub/util/mkimage.h ++++ b/include/grub/util/mkimage.h +@@ -24,6 +24,7 @@ struct grub_mkimage_layout + size_t exec_size; + size_t kernel_size; + size_t bss_size; ++ size_t sbat_size; + grub_uint64_t start_address; + void *reloc_section; + size_t reloc_size; +diff --git a/docs/grub.texi b/docs/grub.texi +index 314bbeb84..52e6e5763 100644 +--- a/docs/grub.texi ++++ b/docs/grub.texi +@@ -5719,6 +5719,7 @@ environment variables and commands are listed in the same order. + * Using GPG-style digital signatures:: Booting digitally signed code + * Using appended signatures:: An alternative approach to booting digitally signed code + * Signing GRUB itself:: Ensuring the integrity of the GRUB core image ++* Secure Boot Advanced Targeting:: Embedded information for generation number based revocation + * Lockdown:: Lockdown when booting on a secure setup + @end menu + +@@ -6010,6 +6011,24 @@ As with UEFI secure boot, it is necessary to build in the required modules, + or sign them separately. + + ++@node Secure Boot Advanced Targeting ++@section Embedded information for generation number based revocation ++ ++The Secure Boot Advanced Targeting (SBAT) is a mechanism to allow the revocation ++of components in the boot path by using generation numbers embedded into the EFI ++binaries. The SBAT metadata is located in an .sbat data section that has set of ++UTF-8 strings as comma-separated values (CSV). See ++@uref{https://github.com/rhboot/shim/blob/main/SBAT.md} for more details. ++ ++To add a data section containing the SBAT information into the binary, the ++@option{--sbat} option of @command{grub-mkimage} command should be used. The content ++of a CSV file, encoded with UTF-8, is copied as is to the .sbat data section into ++the generated EFI binary. The CSV file can be stored anywhere on the file system. ++ ++@example ++grub-mkimage -O x86_64-efi -o grubx64.efi -p '(tftp)/grub' --sbat sbat.csv efinet tftp ++@end example ++ + @node Lockdown + @section Lockdown when booting on a secure setup + diff --git a/SOURCES/0475-kern-misc-Split-parse_printf_args-into-format-parsin.patch b/SOURCES/0475-kern-misc-Split-parse_printf_args-into-format-parsin.patch new file mode 100644 index 0000000..131250a --- /dev/null +++ b/SOURCES/0475-kern-misc-Split-parse_printf_args-into-format-parsin.patch @@ -0,0 +1,46 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Thomas Frauendorfer | Miray Software +Date: Mon, 15 Feb 2021 13:40:16 +0100 +Subject: [PATCH] kern/misc: Split parse_printf_args() into format parsing and + va_list handling + +This patch is preparing for a follow up patch which will use +the format parsing part to compare the arguments in a printf() +format from an external source against a printf() format with +expected arguments. + +Signed-off-by: Thomas Frauendorfer | Miray Software +Reviewed-by: Daniel Kiper +--- + grub-core/kern/misc.c | 11 +++++++++-- + 1 file changed, 9 insertions(+), 2 deletions(-) + +diff --git a/grub-core/kern/misc.c b/grub-core/kern/misc.c +index 475f3e0ef..ebfcc95f0 100644 +--- a/grub-core/kern/misc.c ++++ b/grub-core/kern/misc.c +@@ -711,8 +711,7 @@ grub_lltoa (char *str, int c, unsigned long long n) + } + + static void +-parse_printf_args (const char *fmt0, struct printf_args *args, +- va_list args_in) ++parse_printf_arg_fmt (const char *fmt0, struct printf_args *args) + { + const char *fmt; + char c; +@@ -870,6 +869,14 @@ parse_printf_args (const char *fmt0, struct printf_args *args, + break; + } + } ++} ++ ++static void ++parse_printf_args (const char *fmt0, struct printf_args *args, va_list args_in) ++{ ++ grub_size_t n; ++ ++ parse_printf_arg_fmt (fmt0, args); + + for (n = 0; n < args->count; n++) + switch (args->ptr[n].type) diff --git a/SOURCES/0476-kern-misc-Add-STRING-type-for-internal-printf-format.patch b/SOURCES/0476-kern-misc-Add-STRING-type-for-internal-printf-format.patch new file mode 100644 index 0000000..f649799 --- /dev/null +++ b/SOURCES/0476-kern-misc-Add-STRING-type-for-internal-printf-format.patch @@ -0,0 +1,64 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Thomas Frauendorfer | Miray Software +Date: Mon, 15 Feb 2021 14:04:26 +0100 +Subject: [PATCH] kern/misc: Add STRING type for internal printf() format + handling + +Set printf() argument type for "%s" to new type STRING. This is in +preparation for a follow up patch to compare a printf() format string +against an expected printf() format string. + +For "%s" the corresponding printf() argument is dereferenced as pointer +while all other argument types are defined as integer value. However, +when validating a printf() format it is necessary to differentiate "%s" +from "%p" and other integers. So, let's do that. + +Signed-off-by: Thomas Frauendorfer | Miray Software +Reviewed-by: Daniel Kiper +--- + grub-core/kern/misc.c | 13 +++++++++++-- + 1 file changed, 11 insertions(+), 2 deletions(-) + +diff --git a/grub-core/kern/misc.c b/grub-core/kern/misc.c +index ebfcc95f0..07456faa2 100644 +--- a/grub-core/kern/misc.c ++++ b/grub-core/kern/misc.c +@@ -37,7 +37,8 @@ union printf_arg + enum + { + INT, LONG, LONGLONG, +- UNSIGNED_INT = 3, UNSIGNED_LONG, UNSIGNED_LONGLONG ++ UNSIGNED_INT = 3, UNSIGNED_LONG, UNSIGNED_LONGLONG, ++ STRING + } type; + long long ll; + }; +@@ -857,12 +858,14 @@ parse_printf_arg_fmt (const char *fmt0, struct printf_args *args) + args->ptr[curn].type = INT + longfmt; + break; + case 'p': +- case 's': + if (sizeof (void *) == sizeof (long long)) + args->ptr[curn].type = UNSIGNED_LONGLONG; + else + args->ptr[curn].type = UNSIGNED_INT; + break; ++ case 's': ++ args->ptr[curn].type = STRING; ++ break; + case 'C': + case 'c': + args->ptr[curn].type = INT; +@@ -897,6 +900,12 @@ parse_printf_args (const char *fmt0, struct printf_args *args, va_list args_in) + case UNSIGNED_LONGLONG: + args->ptr[n].ll = va_arg (args_in, long long); + break; ++ case STRING: ++ if (sizeof (void *) == sizeof (long long)) ++ args->ptr[n].ll = va_arg (args_in, long long); ++ else ++ args->ptr[n].ll = va_arg (args_in, unsigned int); ++ break; + } + } + diff --git a/SOURCES/0477-kern-misc-Add-function-to-check-printf-format-agains.patch b/SOURCES/0477-kern-misc-Add-function-to-check-printf-format-agains.patch new file mode 100644 index 0000000..2105439 --- /dev/null +++ b/SOURCES/0477-kern-misc-Add-function-to-check-printf-format-agains.patch @@ -0,0 +1,215 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Thomas Frauendorfer | Miray Software +Date: Thu, 4 Feb 2021 19:02:33 +0100 +Subject: [PATCH] kern/misc: Add function to check printf() format against + expected format + +The grub_printf_fmt_check() function parses the arguments of an untrusted +printf() format and an expected printf() format and then compares the +arguments counts and arguments types. The arguments count in the untrusted +format string must be less or equal to the arguments count in the expected +format string and both arguments types must match. + +To do this the parse_printf_arg_fmt() helper function is extended in the +following way: + + 1. Add a return value to report errors to the grub_printf_fmt_check(). + + 2. Add the fmt_check argument to enable stricter format verification: + - the function expects that arguments definitions are always + terminated by a supported conversion specifier. + - positional parameters, "$", are not allowed, as they cannot be + validated correctly with the current implementation. For example + "%s%1$d" would assign the first args entry twice while leaving the + second one unchanged. + - Return an error if preallocated space in args is too small and + allocation fails for the needed size. The grub_printf_fmt_check() + should verify all arguments. So, if validation is not possible for + any reason it should return an error. + This also adds a case entry to handle "%%", which is the escape + sequence to print "%" character. + + 3. Add the max_args argument to check for the maximum allowed arguments + count in a printf() string. This should be set to the arguments count + of the expected format. Then the parse_printf_arg_fmt() function will + return an error if the arguments count is exceeded. + +The two additional arguments allow us to use parse_printf_arg_fmt() in +printf() and grub_printf_fmt_check() calls. + +When parse_printf_arg_fmt() is used by grub_printf_fmt_check() the +function parse user provided untrusted format string too. So, in +that case it is better to be too strict than too lenient. + +Signed-off-by: Thomas Frauendorfer | Miray Software +Reviewed-by: Daniel Kiper +--- + grub-core/kern/misc.c | 82 ++++++++++++++++++++++++++++++++++++++++++++++++--- + include/grub/misc.h | 16 ++++++++++ + 2 files changed, 94 insertions(+), 4 deletions(-) + +diff --git a/grub-core/kern/misc.c b/grub-core/kern/misc.c +index 07456faa2..859d71659 100644 +--- a/grub-core/kern/misc.c ++++ b/grub-core/kern/misc.c +@@ -711,8 +711,26 @@ grub_lltoa (char *str, int c, unsigned long long n) + return p; + } + +-static void +-parse_printf_arg_fmt (const char *fmt0, struct printf_args *args) ++/* ++ * Parse printf() fmt0 string into args arguments. ++ * ++ * The parsed arguments are either used by a printf() function to format the fmt0 ++ * string or they are used to compare a format string from an untrusted source ++ * against a format string with expected arguments. ++ * ++ * When the fmt_check is set to !0, e.g. 1, then this function is executed in ++ * printf() format check mode. This enforces stricter rules for parsing the ++ * fmt0 to limit exposure to possible errors in printf() handling. It also ++ * disables positional parameters, "$", because some formats, e.g "%s%1$d", ++ * cannot be validated with the current implementation. ++ * ++ * The max_args allows to set a maximum number of accepted arguments. If the fmt0 ++ * string defines more arguments than the max_args then the parse_printf_arg_fmt() ++ * function returns an error. This is currently used for format check only. ++ */ ++static grub_err_t ++parse_printf_arg_fmt (const char *fmt0, struct printf_args *args, ++ int fmt_check, grub_size_t max_args) + { + const char *fmt; + char c; +@@ -739,7 +757,12 @@ parse_printf_arg_fmt (const char *fmt0, struct printf_args *args) + fmt++; + + if (*fmt == '$') +- fmt++; ++ { ++ if (fmt_check) ++ return grub_error (GRUB_ERR_BAD_ARGUMENT, ++ "positional arguments are not supported"); ++ fmt++; ++ } + + if (*fmt =='-') + fmt++; +@@ -771,9 +794,19 @@ parse_printf_arg_fmt (const char *fmt0, struct printf_args *args) + case 's': + args->count++; + break; ++ case '%': ++ /* "%%" is the escape sequence to output "%". */ ++ break; ++ default: ++ if (fmt_check) ++ return grub_error (GRUB_ERR_BAD_ARGUMENT, "unexpected format"); ++ break; + } + } + ++ if (fmt_check && args->count > max_args) ++ return grub_error (GRUB_ERR_BAD_ARGUMENT, "too many arguments"); ++ + if (args->count <= ARRAY_SIZE (args->prealloc)) + args->ptr = args->prealloc; + else +@@ -781,6 +814,9 @@ parse_printf_arg_fmt (const char *fmt0, struct printf_args *args) + args->ptr = grub_calloc (args->count, sizeof (args->ptr[0])); + if (!args->ptr) + { ++ if (fmt_check) ++ return grub_errno; ++ + grub_errno = GRUB_ERR_NONE; + args->ptr = args->prealloc; + args->count = ARRAY_SIZE (args->prealloc); +@@ -872,6 +908,8 @@ parse_printf_arg_fmt (const char *fmt0, struct printf_args *args) + break; + } + } ++ ++ return GRUB_ERR_NONE; + } + + static void +@@ -879,7 +917,7 @@ parse_printf_args (const char *fmt0, struct printf_args *args, va_list args_in) + { + grub_size_t n; + +- parse_printf_arg_fmt (fmt0, args); ++ parse_printf_arg_fmt (fmt0, args, 0, 0); + + for (n = 0; n < args->count; n++) + switch (args->ptr[n].type) +@@ -1187,6 +1225,42 @@ grub_xasprintf (const char *fmt, ...) + return ret; + } + ++grub_err_t ++grub_printf_fmt_check (const char *fmt, const char *fmt_expected) ++{ ++ struct printf_args args_expected, args_fmt; ++ grub_err_t ret; ++ grub_size_t n; ++ ++ if (fmt == NULL || fmt_expected == NULL) ++ return grub_error (GRUB_ERR_BAD_ARGUMENT, "invalid format"); ++ ++ ret = parse_printf_arg_fmt (fmt_expected, &args_expected, 1, GRUB_SIZE_MAX); ++ if (ret != GRUB_ERR_NONE) ++ return ret; ++ ++ /* Limit parsing to the number of expected arguments. */ ++ ret = parse_printf_arg_fmt (fmt, &args_fmt, 1, args_expected.count); ++ if (ret != GRUB_ERR_NONE) ++ { ++ free_printf_args (&args_expected); ++ return ret; ++ } ++ ++ for (n = 0; n < args_fmt.count; n++) ++ if (args_fmt.ptr[n].type != args_expected.ptr[n].type) ++ { ++ ret = grub_error (GRUB_ERR_BAD_ARGUMENT, "arguments types do not match"); ++ break; ++ } ++ ++ free_printf_args (&args_expected); ++ free_printf_args (&args_fmt); ++ ++ return ret; ++} ++ ++ + /* Abort GRUB. This function does not return. */ + static inline void __attribute__ ((noreturn)) + grub_abort (void) +diff --git a/include/grub/misc.h b/include/grub/misc.h +index 6ca03c4d6..6be6a88f6 100644 +--- a/include/grub/misc.h ++++ b/include/grub/misc.h +@@ -488,6 +488,22 @@ grub_error_load (const struct grub_error_saved *save) + grub_errno = save->grub_errno; + } + ++/* ++ * grub_printf_fmt_checks() a fmt string for printf() against an expected ++ * format. It is intended for cases where the fmt string could come from ++ * an outside source and cannot be trusted. ++ * ++ * While expected fmt accepts a printf() format string it should be kept ++ * as simple as possible. The printf() format strings with positional ++ * parameters are NOT accepted, neither for fmt nor for fmt_expected. ++ * ++ * The fmt is accepted if it has equal or less arguments than fmt_expected ++ * and if the type of all arguments match. ++ * ++ * Returns GRUB_ERR_NONE if fmt is acceptable. ++ */ ++grub_err_t EXPORT_FUNC (grub_printf_fmt_check) (const char *fmt, const char *fmt_expected); ++ + #if BOOT_TIME_STATS + struct grub_boot_time + { diff --git a/SOURCES/0478-gfxmenu-gui-Check-printf-format-in-the-gui_progress_.patch b/SOURCES/0478-gfxmenu-gui-Check-printf-format-in-the-gui_progress_.patch new file mode 100644 index 0000000..489c131 --- /dev/null +++ b/SOURCES/0478-gfxmenu-gui-Check-printf-format-in-the-gui_progress_.patch @@ -0,0 +1,58 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Thomas Frauendorfer | Miray Software +Date: Tue, 4 Aug 2020 13:49:51 +0200 +Subject: [PATCH] gfxmenu/gui: Check printf() format in the gui_progress_bar + and gui_label + +The gui_progress_bar and gui_label components can display the timeout +value. The format string can be set through a theme file. This patch +adds a validation step to the format string. + +If a user loads a theme file into the GRUB without this patch then +a GUI label with the following settings + + + label { + ... + id = "__timeout__" + text = "%s" + } + +will interpret the current timeout value as string pointer and print the +memory at that position on the screen. It is not desired behavior. + +Signed-off-by: Thomas Frauendorfer | Miray Software +Reviewed-by: Daniel Kiper +--- + grub-core/gfxmenu/gui_label.c | 4 ++++ + grub-core/gfxmenu/gui_progress_bar.c | 3 +++ + 2 files changed, 7 insertions(+) + +diff --git a/grub-core/gfxmenu/gui_label.c b/grub-core/gfxmenu/gui_label.c +index a4c817891..1c190542a 100644 +--- a/grub-core/gfxmenu/gui_label.c ++++ b/grub-core/gfxmenu/gui_label.c +@@ -193,6 +193,10 @@ label_set_property (void *vself, const char *name, const char *value) + else if (grub_strcmp (value, "@KEYMAP_SHORT@") == 0) + value = _("enter: boot, `e': options, `c': cmd-line"); + /* FIXME: Add more templates here if needed. */ ++ ++ if (grub_printf_fmt_check(value, "%d") != GRUB_ERR_NONE) ++ value = ""; /* Unsupported format. */ ++ + self->template = grub_strdup (value); + self->text = grub_xasprintf (value, self->value); + } +diff --git a/grub-core/gfxmenu/gui_progress_bar.c b/grub-core/gfxmenu/gui_progress_bar.c +index b128f0866..ace85a125 100644 +--- a/grub-core/gfxmenu/gui_progress_bar.c ++++ b/grub-core/gfxmenu/gui_progress_bar.c +@@ -348,6 +348,9 @@ progress_bar_set_property (void *vself, const char *name, const char *value) + Please use the shortest form available in you language. */ + value = _("%ds"); + ++ if (grub_printf_fmt_check(value, "%d") != GRUB_ERR_NONE) ++ value = ""; /* Unsupported format. */ ++ + self->template = grub_strdup (value); + } + else if (grub_strcmp (name, "font") == 0) diff --git a/SOURCES/0479-kern-mm-Fix-grub_debug_calloc-compilation-error.patch b/SOURCES/0479-kern-mm-Fix-grub_debug_calloc-compilation-error.patch new file mode 100644 index 0000000..1c0b46b --- /dev/null +++ b/SOURCES/0479-kern-mm-Fix-grub_debug_calloc-compilation-error.patch @@ -0,0 +1,29 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Marco A Benatto +Date: Tue, 9 Feb 2021 12:33:06 -0300 +Subject: [PATCH] kern/mm: Fix grub_debug_calloc() compilation error + +Fix compilation error due to missing parameter to +grub_printf() when MM_DEBUG is defined. + +Fixes: 64e26162e (calloc: Make sure we always have an overflow-checking calloc() available) + +Signed-off-by: Marco A Benatto +Reviewed-by: Daniel Kiper +--- + grub-core/kern/mm.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/grub-core/kern/mm.c b/grub-core/kern/mm.c +index 80d0720d0..d8c837757 100644 +--- a/grub-core/kern/mm.c ++++ b/grub-core/kern/mm.c +@@ -594,7 +594,7 @@ grub_debug_calloc (const char *file, int line, grub_size_t nmemb, grub_size_t si + + if (grub_mm_debug) + grub_printf ("%s:%d: calloc (0x%" PRIxGRUB_SIZE ", 0x%" PRIxGRUB_SIZE ") = ", +- file, line, size); ++ file, line, nmemb, size); + ptr = grub_calloc (nmemb, size); + if (grub_mm_debug) + grub_printf ("%p\n", ptr); diff --git a/SOURCES/0480-efi-net-Fix-malformed-device-path-arithmetic-errors-.patch b/SOURCES/0480-efi-net-Fix-malformed-device-path-arithmetic-errors-.patch new file mode 100644 index 0000000..bd30e11 --- /dev/null +++ b/SOURCES/0480-efi-net-Fix-malformed-device-path-arithmetic-errors-.patch @@ -0,0 +1,74 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Thomas Frauendorfer | Miray Software +Date: Tue, 4 Aug 2020 17:13:05 +0200 +Subject: [PATCH] efi/net: Fix malformed device path arithmetic errors in efi + net methods + +--- + grub-core/net/efi/net.c | 26 ++++++++++++++++++++------ + 1 file changed, 20 insertions(+), 6 deletions(-) + +diff --git a/grub-core/net/efi/net.c b/grub-core/net/efi/net.c +index 3ae1fbbe3..a58c24f63 100644 +--- a/grub-core/net/efi/net.c ++++ b/grub-core/net/efi/net.c +@@ -1318,11 +1318,18 @@ grub_efi_net_boot_from_https (void) + + dp = grub_efi_get_device_path (image->device_handle); + +- while (1) ++ while (dp) + { ++ grub_efi_uint16_t len = GRUB_EFI_DEVICE_PATH_LENGTH (dp); ++ if (len < 4) ++ { ++ grub_error(GRUB_ERR_OUT_OF_RANGE, ++ "malformed EFI Device Path node has length=%d", len); ++ break; ++ } ++ + grub_efi_uint8_t type = GRUB_EFI_DEVICE_PATH_TYPE (dp); + grub_efi_uint8_t subtype = GRUB_EFI_DEVICE_PATH_SUBTYPE (dp); +- grub_efi_uint16_t len = GRUB_EFI_DEVICE_PATH_LENGTH (dp); + + if ((type == GRUB_EFI_MESSAGING_DEVICE_PATH_TYPE) + && (subtype == GRUB_EFI_URI_DEVICE_PATH_SUBTYPE)) +@@ -1335,7 +1342,7 @@ grub_efi_net_boot_from_https (void) + + if (GRUB_EFI_END_ENTIRE_DEVICE_PATH (dp)) + break; +- dp = (grub_efi_device_path_t *) ((char *) dp + len); ++ dp = GRUB_EFI_NEXT_DEVICE_PATH(dp); + } + + return 0; +@@ -1353,11 +1360,18 @@ grub_efi_net_boot_from_opa (void) + + dp = grub_efi_get_device_path (image->device_handle); + +- while (1) ++ while (dp) + { ++ grub_efi_uint16_t len = GRUB_EFI_DEVICE_PATH_LENGTH (dp); ++ if (len < 4) ++ { ++ grub_error(GRUB_ERR_OUT_OF_RANGE, ++ "malformed EFI Device Path node has length=%d", len); ++ break; ++ } ++ + grub_efi_uint8_t type = GRUB_EFI_DEVICE_PATH_TYPE (dp); + grub_efi_uint8_t subtype = GRUB_EFI_DEVICE_PATH_SUBTYPE (dp); +- grub_efi_uint16_t len = GRUB_EFI_DEVICE_PATH_LENGTH (dp); + + if ((type == GRUB_EFI_MESSAGING_DEVICE_PATH_TYPE) + && (subtype == GRUB_EFI_MAC_ADDRESS_DEVICE_PATH_SUBTYPE)) +@@ -1368,7 +1382,7 @@ grub_efi_net_boot_from_opa (void) + + if (GRUB_EFI_END_ENTIRE_DEVICE_PATH (dp)) + break; +- dp = (grub_efi_device_path_t *) ((char *) dp + len); ++ dp = GRUB_EFI_NEXT_DEVICE_PATH(dp); + } + + return 0; diff --git a/SOURCES/0481-ieee1275-drop-HEAP_MAX_ADDR-HEAP_MIN_SIZE.patch b/SOURCES/0481-ieee1275-drop-HEAP_MAX_ADDR-HEAP_MIN_SIZE.patch new file mode 100644 index 0000000..a372d62 --- /dev/null +++ b/SOURCES/0481-ieee1275-drop-HEAP_MAX_ADDR-HEAP_MIN_SIZE.patch @@ -0,0 +1,75 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Wed, 14 Apr 2021 20:10:23 +1000 +Subject: [PATCH] ieee1275: drop HEAP_MAX_ADDR, HEAP_MIN_SIZE + +HEAP_MAX_ADDR is confusing. Currently it is set to 32MB, except +on ieee1275 on x86, where it is 64MB. + +There is a comment which purports to explain it: + +/* If possible, we will avoid claiming heap above this address, because it + seems to cause relocation problems with OSes that link at 4 MiB */ + +This doesn't make a lot of sense when the constants are well above 4MB +already. It was not always this way. Prior to +commit 7b5d0fe4440c ("Increase heap limit") in 2010, HEAP_MAX_SIZE and +HEAP_MAX_ADDR were indeed 4MB. However, when the constants were increased +the comment was left unchanged. + +It's been over a decade. It doesn't seem like we have problems with +claims over 4MB on powerpc or x86 ieee1275. (sparc does things completely +differently and never used the constant.) + +Drop the constant and the check. + +The only use of HEAP_MIN_SIZE was to potentially override the +HEAP_MAX_ADDR check. It is now unused. Remove it. + +Signed-off-by: Daniel Axtens +--- + grub-core/kern/ieee1275/init.c | 17 ----------------- + 1 file changed, 17 deletions(-) + +diff --git a/grub-core/kern/ieee1275/init.c b/grub-core/kern/ieee1275/init.c +index 22dc3013d..ee97d761d 100644 +--- a/grub-core/kern/ieee1275/init.c ++++ b/grub-core/kern/ieee1275/init.c +@@ -42,9 +42,6 @@ + #include + #endif + +-/* The minimal heap size we can live with. */ +-#define HEAP_MIN_SIZE (unsigned long) (2 * 1024 * 1024) +- + /* The maximum heap size we're going to claim */ + #ifdef __i386__ + #define HEAP_MAX_SIZE (unsigned long) (64 * 1024 * 1024) +@@ -52,14 +49,6 @@ + #define HEAP_MAX_SIZE (unsigned long) (32 * 1024 * 1024) + #endif + +-/* If possible, we will avoid claiming heap above this address, because it +- seems to cause relocation problems with OSes that link at 4 MiB */ +-#ifdef __i386__ +-#define HEAP_MAX_ADDR (unsigned long) (64 * 1024 * 1024) +-#else +-#define HEAP_MAX_ADDR (unsigned long) (32 * 1024 * 1024) +-#endif +- + extern char _end[]; + + #ifdef __sparc__ +@@ -181,12 +170,6 @@ heap_init (grub_uint64_t addr, grub_uint64_t len, grub_memory_type_t type, + if (*total + len > HEAP_MAX_SIZE) + len = HEAP_MAX_SIZE - *total; + +- /* Avoid claiming anything above HEAP_MAX_ADDR, if possible. */ +- if ((addr < HEAP_MAX_ADDR) && /* if it's too late, don't bother */ +- (addr + len > HEAP_MAX_ADDR) && /* if it wasn't available anyway, don't bother */ +- (*total + (HEAP_MAX_ADDR - addr) > HEAP_MIN_SIZE)) /* only limit ourselves when we can afford to */ +- len = HEAP_MAX_ADDR - addr; +- + /* In theory, firmware should already prevent this from happening by not + listing our own image in /memory/available. The check below is intended + as a safeguard in case that doesn't happen. However, it doesn't protect diff --git a/SOURCES/0482-ieee1275-claim-more-memory.patch b/SOURCES/0482-ieee1275-claim-more-memory.patch new file mode 100644 index 0000000..07184e9 --- /dev/null +++ b/SOURCES/0482-ieee1275-claim-more-memory.patch @@ -0,0 +1,252 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Wed, 15 Apr 2020 23:28:29 +1000 +Subject: [PATCH] ieee1275: claim more memory + +On powerpc-ieee1275, we are running out of memory trying to verify +anything. This is because: + + - we have to load an entire file into memory to verify it. This is + extremely difficult to change with appended signatures. + - We only have 32MB of heap. + - Distro kernels are now often around 30MB. + +So we want to claim more memory from OpenFirmware for our heap. + +There are some complications: + + - The grub mm code isn't the only thing that will make claims on + memory from OpenFirmware: + + * PFW/SLOF will have claimed some for their own use. + + * The ieee1275 loader will try to find other bits of memory that we + haven't claimed to place the kernel and initrd when we go to boot. + + * Once we load Linux, it will also try to claim memory. It claims + memory without any reference to /memory/available, it just starts + at min(top of RMO, 768MB) and works down. So we need to avoid this + area. See arch/powerpc/kernel/prom_init.c as of v5.11. + + - The smallest amount of memory a ppc64 KVM guest can have is 256MB. + It doesn't work with distro kernels but can work with custom kernels. + We should maintain support for that. (ppc32 can boot with even less, + and we shouldn't break that either.) + + - Even if a VM has more memory, the memory OpenFirmware makes available + as Real Memory Area can be restricted. A freshly created LPAR on a + PowerVM machine is likely to have only 256MB available to OpenFirmware + even if it has many gigabytes of memory allocated. + +EFI systems will attempt to allocate 1/4th of the available memory, +clamped to between 1M and 1600M. That seems like a good sort of +approach, we just need to figure out if 1/4 is the right fraction +for us. + +We don't know in advance how big the kernel and initrd are going to be, +which makes figuring out how much memory we can take a bit tricky. + +To figure out how much memory we should leave unused, I looked at: + + - an Ubuntu 20.04.1 ppc64le pseries KVM guest: + vmlinux: ~30MB + initrd: ~50MB + + - a RHEL8.2 ppc64le pseries KVM guest: + vmlinux: ~30MB + initrd: ~30MB + +Ubuntu VMs struggle to boot with just 256MB under SLOF. +RHEL likewise has a higher minimum supported memory figure. +So lets first consider a distro kernel and 512MB of addressible memory. +(This is the default case for anything booting under PFW.) Say we lose +131MB to PFW (based on some tests). This leaves us 381MB. 1/4 of 381MB +is ~95MB. That should be enough to verify a 30MB vmlinux and should +leave plenty of space to load Linux and the initrd. + +If we consider 256MB of RMA under PFW, we have just 125MB remaining. 1/4 +of that is a smidge under 32MB, which gives us very poor odds of verifying +a distro-sized kernel. However, if we need 80MB just to put the kernel +and initrd in memory, we can't claim any more than 45MB anyway. So 1/4 +will do. We'll come back to this later. + +grub is always built as a 32-bit binary, even if it's loading a ppc64 +kernel. So we can't address memory beyond 4GB. This gives a natural cap +of 1GB for powerpc-ieee1275. + +Also apply this 1/4 approach to i386-ieee1275, but keep the 32MB cap. + +make check still works for both i386 and powerpc and I've booted +powerpc grub with this change under SLOF and PFW. + +Signed-off-by: Daniel Axtens +--- + grub-core/kern/ieee1275/init.c | 81 +++++++++++++++++++++++++++++++++--------- + docs/grub-dev.texi | 6 ++-- + 2 files changed, 69 insertions(+), 18 deletions(-) + +diff --git a/grub-core/kern/ieee1275/init.c b/grub-core/kern/ieee1275/init.c +index ee97d761d..a6e169bd0 100644 +--- a/grub-core/kern/ieee1275/init.c ++++ b/grub-core/kern/ieee1275/init.c +@@ -42,11 +42,12 @@ + #include + #endif + +-/* The maximum heap size we're going to claim */ ++/* The maximum heap size we're going to claim. Not used by sparc. ++ We allocate 1/4 of the available memory under 4G, up to this limit. */ + #ifdef __i386__ + #define HEAP_MAX_SIZE (unsigned long) (64 * 1024 * 1024) +-#else +-#define HEAP_MAX_SIZE (unsigned long) (32 * 1024 * 1024) ++#else // __powerpc__ ++#define HEAP_MAX_SIZE (unsigned long) (1 * 1024 * 1024 * 1024) + #endif + + extern char _end[]; +@@ -143,16 +144,45 @@ grub_claim_heap (void) + + GRUB_KERNEL_MACHINE_STACK_SIZE), 0x200000); + } + #else +-/* Helper for grub_claim_heap. */ ++/* Helper for grub_claim_heap on powerpc. */ ++static int ++heap_size (grub_uint64_t addr, grub_uint64_t len, grub_memory_type_t type, ++ void *data) ++{ ++ grub_uint32_t total = *(grub_uint32_t *)data; ++ ++ if (type != GRUB_MEMORY_AVAILABLE) ++ return 0; ++ ++ /* Do not consider memory beyond 4GB */ ++ if (addr > 0xffffffffUL) ++ return 0; ++ ++ if (addr + len > 0xffffffffUL) ++ len = 0xffffffffUL - addr; ++ ++ total += len; ++ *(grub_uint32_t *)data = total; ++ ++ return 0; ++} ++ + static int + heap_init (grub_uint64_t addr, grub_uint64_t len, grub_memory_type_t type, + void *data) + { +- unsigned long *total = data; ++ grub_uint32_t total = *(grub_uint32_t *)data; + + if (type != GRUB_MEMORY_AVAILABLE) + return 0; + ++ /* Do not consider memory beyond 4GB */ ++ if (addr > 0xffffffffUL) ++ return 0; ++ ++ if (addr + len > 0xffffffffUL) ++ len = 0xffffffffUL - addr; ++ + if (grub_ieee1275_test_flag (GRUB_IEEE1275_FLAG_NO_PRE1_5M_CLAIM)) + { + if (addr + len <= 0x180000) +@@ -166,10 +196,6 @@ heap_init (grub_uint64_t addr, grub_uint64_t len, grub_memory_type_t type, + } + len -= 1; /* Required for some firmware. */ + +- /* Never exceed HEAP_MAX_SIZE */ +- if (*total + len > HEAP_MAX_SIZE) +- len = HEAP_MAX_SIZE - *total; +- + /* In theory, firmware should already prevent this from happening by not + listing our own image in /memory/available. The check below is intended + as a safeguard in case that doesn't happen. However, it doesn't protect +@@ -181,6 +207,18 @@ heap_init (grub_uint64_t addr, grub_uint64_t len, grub_memory_type_t type, + len = 0; + } + ++ /* If this block contains 0x30000000 (768MB), do not claim below that. ++ Linux likes to claim memory at min(RMO top, 768MB) and works down ++ without reference to /memory/available. */ ++ if ((addr < 0x30000000) && ((addr + len) > 0x30000000)) ++ { ++ len = len - (0x30000000 - addr); ++ addr = 0x30000000; ++ } ++ ++ if (len > total) ++ len = total; ++ + if (len) + { + grub_err_t err; +@@ -189,10 +227,12 @@ heap_init (grub_uint64_t addr, grub_uint64_t len, grub_memory_type_t type, + if (err) + return err; + grub_mm_init_region ((void *) (grub_addr_t) addr, len); ++ total -= len; + } + +- *total += len; +- if (*total >= HEAP_MAX_SIZE) ++ *(grub_uint32_t *)data = total; ++ ++ if (total == 0) + return 1; + + return 0; +@@ -201,13 +241,22 @@ heap_init (grub_uint64_t addr, grub_uint64_t len, grub_memory_type_t type, + static void + grub_claim_heap (void) + { +- unsigned long total = 0; ++ grub_uint32_t total = 0; + + if (grub_ieee1275_test_flag (GRUB_IEEE1275_FLAG_FORCE_CLAIM)) +- heap_init (GRUB_IEEE1275_STATIC_HEAP_START, GRUB_IEEE1275_STATIC_HEAP_LEN, +- 1, &total); +- else +- grub_machine_mmap_iterate (heap_init, &total); ++ { ++ heap_init (GRUB_IEEE1275_STATIC_HEAP_START, GRUB_IEEE1275_STATIC_HEAP_LEN, ++ 1, &total); ++ return; ++ } ++ ++ grub_machine_mmap_iterate (heap_size, &total); ++ ++ total = total / 4; ++ if (total > HEAP_MAX_SIZE) ++ total = HEAP_MAX_SIZE; ++ ++ grub_machine_mmap_iterate (heap_init, &total); + } + #endif + +diff --git a/docs/grub-dev.texi b/docs/grub-dev.texi +index 421dd410e..03d53498c 100644 +--- a/docs/grub-dev.texi ++++ b/docs/grub-dev.texi +@@ -930,7 +930,9 @@ space is limited to 4GiB. GRUB allocates pages from EFI for its heap, at most + 1.6 GiB. + + On i386-ieee1275 and powerpc-ieee1275 GRUB uses same stack as IEEE1275. +-It allocates at most 32MiB for its heap. ++ ++On i386-ieee1275, GRUB allocates at most 32MiB for its heap. On ++powerpc-ieee1275, GRUB allocates up to 1GiB. + + On sparc64-ieee1275 stack is 256KiB and heap is 2MiB. + +@@ -958,7 +960,7 @@ In short: + @item i386-qemu @tab 60 KiB @tab < 4 GiB + @item *-efi @tab ? @tab < 1.6 GiB + @item i386-ieee1275 @tab ? @tab < 32 MiB +-@item powerpc-ieee1275 @tab ? @tab < 32 MiB ++@item powerpc-ieee1275 @tab ? @tab < 1 GiB + @item sparc64-ieee1275 @tab 256KiB @tab 2 MiB + @item arm-uboot @tab 256KiB @tab 2 MiB + @item mips(el)-qemu_mips @tab 2MiB @tab 253 MiB diff --git a/SOURCES/0483-ieee1275-request-memory-with-ibm-client-architecture.patch b/SOURCES/0483-ieee1275-request-memory-with-ibm-client-architecture.patch new file mode 100644 index 0000000..0a5d46e --- /dev/null +++ b/SOURCES/0483-ieee1275-request-memory-with-ibm-client-architecture.patch @@ -0,0 +1,268 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Fri, 16 Apr 2021 11:48:46 +1000 +Subject: [PATCH] ieee1275: request memory with ibm,client-architecture-support + +On PowerVM, the first time we boot a Linux partition, we may only get +256MB of real memory area, even if the partition has more memory. + +This isn't really enough. Fortunately, the Power Architecture Platform +Reference (PAPR) defines a method we can call to ask for more memory. +This is part of the broad and powerful ibm,client-architecture-support +(CAS) method. + +CAS can do an enormous amount of things on a PAPR platform: as well as +asking for memory, you can set the supported processor level, the interrupt +controller, hash vs radix mmu, and so on. We want to touch as little of +this as possible because we don't want to step on the toes of the future OS. + +If: + + - we are running under what we think is PowerVM (compatible property of / + begins with "IBM"), and + + - the full amount of RMA is less than 512MB (as determined by the reg + property of /memory) + +then call CAS as follows: (refer to the Linux on Power Architecture +Reference, LoPAR, which is public, at B.5.2.3): + + - Use the "any" PVR value and supply 2 option vectors. + + - Set option vector 1 (PowerPC Server Processor Architecture Level) + to "ignore". + + - Set option vector 2 with default or Linux-like options, including a + min-rma-size of 512MB. + +This will cause a CAS reboot and the partition will restart with 512MB +of RMA. Grub will notice the 512MB and not call CAS again. + +(A partition can be configured with only 256MB of memory, which would +mean this request couldn't be satisfied, but PFW refuses to load with +only 256MB of memory, so it's a bit moot. SLOF will run fine with 256MB, +but we will never call CAS under qemu/SLOF because /compatible won't +begin with "IBM".) + +One of the first things Linux does while still running under OpenFirmware +is to call CAS with a much fuller set of options (including asking for +512MB of memory). This includes a much more restrictive set of PVR values +and processor support levels, and this will induce another reboot. On this +reboot grub will again notice the higher RMA, and not call CAS. We will get +to Linux, Linux will call CAS but because the values are now set for Linux +this will not induce another CAS reboot and we will finally boot. + +On all subsequent boots, everything will be configured with 512MB of RMA +and all the settings Linux likes, so there will be no further CAS reboots. + +(phyp is super sticky with the RMA size - it persists even on cold boots. +So if you've ever booted Linux in a partition, you'll probably never have +grub call CAS. It'll only ever fire the first time a partition loads grub, +or if you deliberately lower the amount of memory your partition has below +512MB.) + +Signed-off-by: Daniel Axtens +--- + grub-core/kern/ieee1275/cmain.c | 3 + + grub-core/kern/ieee1275/init.c | 144 ++++++++++++++++++++++++++++++++++++++- + include/grub/ieee1275/ieee1275.h | 8 ++- + 3 files changed, 152 insertions(+), 3 deletions(-) + +diff --git a/grub-core/kern/ieee1275/cmain.c b/grub-core/kern/ieee1275/cmain.c +index 3e14f5393..9d5156462 100644 +--- a/grub-core/kern/ieee1275/cmain.c ++++ b/grub-core/kern/ieee1275/cmain.c +@@ -124,6 +124,9 @@ grub_ieee1275_find_options (void) + break; + } + } ++ ++ if (grub_strncmp (tmp, "IBM,", 4) == 0) ++ grub_ieee1275_set_flag (GRUB_IEEE1275_FLAG_CAN_TRY_CAS_FOR_MORE_MEMORY); + } + + if (is_smartfirmware) +diff --git a/grub-core/kern/ieee1275/init.c b/grub-core/kern/ieee1275/init.c +index a6e169bd0..adf4bd5a8 100644 +--- a/grub-core/kern/ieee1275/init.c ++++ b/grub-core/kern/ieee1275/init.c +@@ -238,6 +238,135 @@ heap_init (grub_uint64_t addr, grub_uint64_t len, grub_memory_type_t type, + return 0; + } + ++/* How much memory does OF believe it has? (regardless of whether ++ it's accessible or not) */ ++static grub_err_t ++grub_ieee1275_total_mem (grub_uint64_t *total) ++{ ++ grub_ieee1275_phandle_t root; ++ grub_ieee1275_phandle_t memory; ++ grub_uint32_t reg[4]; ++ grub_ssize_t reg_size; ++ grub_uint32_t address_cells = 1; ++ grub_uint32_t size_cells = 1; ++ grub_uint64_t size; ++ ++ /* If we fail to get to the end, report 0. */ ++ *total = 0; ++ ++ /* Determine the format of each entry in `reg'. */ ++ grub_ieee1275_finddevice ("/", &root); ++ grub_ieee1275_get_integer_property (root, "#address-cells", &address_cells, ++ sizeof address_cells, 0); ++ grub_ieee1275_get_integer_property (root, "#size-cells", &size_cells, ++ sizeof size_cells, 0); ++ ++ if (size_cells > address_cells) ++ address_cells = size_cells; ++ ++ /* Load `/memory/reg'. */ ++ if (grub_ieee1275_finddevice ("/memory", &memory)) ++ return grub_error (GRUB_ERR_UNKNOWN_DEVICE, ++ "couldn't find /memory node"); ++ if (grub_ieee1275_get_integer_property (memory, "reg", reg, ++ sizeof reg, ®_size)) ++ return grub_error (GRUB_ERR_UNKNOWN_DEVICE, ++ "couldn't examine /memory/reg property"); ++ if (reg_size < 0 || (grub_size_t) reg_size > sizeof (reg)) ++ return grub_error (GRUB_ERR_UNKNOWN_DEVICE, ++ "/memory response buffer exceeded"); ++ ++ if (grub_ieee1275_test_flag (GRUB_IEEE1275_FLAG_BROKEN_ADDRESS_CELLS)) ++ { ++ address_cells = 1; ++ size_cells = 1; ++ } ++ ++ /* Decode only the size */ ++ size = reg[address_cells]; ++ if (size_cells == 2) ++ size = (size << 32) | reg[address_cells + 1]; ++ ++ *total = size; ++ ++ return grub_errno; ++} ++ ++/* Based on linux - arch/powerpc/kernel/prom_init.c */ ++struct option_vector2 { ++ grub_uint8_t byte1; ++ grub_uint16_t reserved; ++ grub_uint32_t real_base; ++ grub_uint32_t real_size; ++ grub_uint32_t virt_base; ++ grub_uint32_t virt_size; ++ grub_uint32_t load_base; ++ grub_uint32_t min_rma; ++ grub_uint32_t min_load; ++ grub_uint8_t min_rma_percent; ++ grub_uint8_t max_pft_size; ++} __attribute__((packed)); ++ ++struct pvr_entry { ++ grub_uint32_t mask; ++ grub_uint32_t entry; ++}; ++ ++struct cas_vector { ++ struct { ++ struct pvr_entry terminal; ++ } pvr_list; ++ grub_uint8_t num_vecs; ++ grub_uint8_t vec1_size; ++ grub_uint8_t vec1; ++ grub_uint8_t vec2_size; ++ struct option_vector2 vec2; ++} __attribute__((packed)); ++ ++/* Call ibm,client-architecture-support to try to get more RMA. ++ We ask for 512MB which should be enough to verify a distro kernel. ++ We ignore most errors: if we don't succeed we'll proceed with whatever ++ memory we have. */ ++static void ++grub_ieee1275_ibm_cas (void) ++{ ++ int rc; ++ grub_ieee1275_ihandle_t root; ++ struct cas_args { ++ struct grub_ieee1275_common_hdr common; ++ grub_ieee1275_cell_t method; ++ grub_ieee1275_ihandle_t ihandle; ++ grub_ieee1275_cell_t cas_addr; ++ grub_ieee1275_cell_t result; ++ } args; ++ struct cas_vector vector = { ++ .pvr_list = { { 0x00000000, 0xffffffff } }, /* any processor */ ++ .num_vecs = 2 - 1, ++ .vec1_size = 0, ++ .vec1 = 0x80, /* ignore */ ++ .vec2_size = 1 + sizeof(struct option_vector2) - 2, ++ .vec2 = { ++ 0, 0, -1, -1, -1, -1, -1, 512, -1, 0, 48 ++ }, ++ }; ++ ++ INIT_IEEE1275_COMMON (&args.common, "call-method", 3, 2); ++ args.method = (grub_ieee1275_cell_t)"ibm,client-architecture-support"; ++ rc = grub_ieee1275_open("/", &root); ++ if (rc) { ++ grub_error (GRUB_ERR_IO, "could not open root when trying to call CAS"); ++ return; ++ } ++ args.ihandle = root; ++ args.cas_addr = (grub_ieee1275_cell_t)&vector; ++ ++ grub_printf("Calling ibm,client-architecture-support..."); ++ IEEE1275_CALL_ENTRY_FN (&args); ++ grub_printf("done\n"); ++ ++ grub_ieee1275_close(root); ++} ++ + static void + grub_claim_heap (void) + { +@@ -245,11 +374,22 @@ grub_claim_heap (void) + + if (grub_ieee1275_test_flag (GRUB_IEEE1275_FLAG_FORCE_CLAIM)) + { +- heap_init (GRUB_IEEE1275_STATIC_HEAP_START, GRUB_IEEE1275_STATIC_HEAP_LEN, +- 1, &total); ++ heap_init (GRUB_IEEE1275_STATIC_HEAP_START, ++ GRUB_IEEE1275_STATIC_HEAP_LEN, 1, &total); + return; + } + ++ if (grub_ieee1275_test_flag (GRUB_IEEE1275_FLAG_CAN_TRY_CAS_FOR_MORE_MEMORY)) ++ { ++ grub_uint64_t rma_size; ++ grub_err_t err; ++ ++ err = grub_ieee1275_total_mem (&rma_size); ++ /* if we have an error, don't call CAS, just hope for the best */ ++ if (!err && rma_size < (512 * 1024 * 1024)) ++ grub_ieee1275_ibm_cas(); ++ } ++ + grub_machine_mmap_iterate (heap_size, &total); + + total = total / 4; +diff --git a/include/grub/ieee1275/ieee1275.h b/include/grub/ieee1275/ieee1275.h +index ca08bd966..131808d61 100644 +--- a/include/grub/ieee1275/ieee1275.h ++++ b/include/grub/ieee1275/ieee1275.h +@@ -147,7 +147,13 @@ enum grub_ieee1275_flag + + GRUB_IEEE1275_FLAG_CURSORONOFF_ANSI_BROKEN, + +- GRUB_IEEE1275_FLAG_DISABLE_VIDEO_SUPPORT ++ GRUB_IEEE1275_FLAG_DISABLE_VIDEO_SUPPORT, ++ ++ /* On PFW, the first time we boot a Linux partition, we may only get 256MB ++ of real memory area, even if the partition has more memory. Set this flag ++ if we think we're running under PFW. Then, if this flag is set, and the ++ RMA is only 256MB in size, try asking for more with CAS. */ ++ GRUB_IEEE1275_FLAG_CAN_TRY_CAS_FOR_MORE_MEMORY, + }; + + extern int EXPORT_FUNC(grub_ieee1275_test_flag) (enum grub_ieee1275_flag flag); diff --git a/SOURCES/0484-appendedsig-x509-Also-handle-the-Extended-Key-Usage-.patch b/SOURCES/0484-appendedsig-x509-Also-handle-the-Extended-Key-Usage-.patch new file mode 100644 index 0000000..7d9f34c --- /dev/null +++ b/SOURCES/0484-appendedsig-x509-Also-handle-the-Extended-Key-Usage-.patch @@ -0,0 +1,315 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Sat, 8 May 2021 02:27:58 +0200 +Subject: [PATCH] appendedsig/x509: Also handle the Extended Key Usage + extension + +Red Hat certificates have both Key Usage and Extended Key Usage extensions +present, but the appended signatures x509 parser doesn't handle the latter +and so buils due finding an unrecognised critical extension: + +Error loading initial key: +../../grub-core/commands/appendedsig/x509.c:780:Unhandled critical x509 extension with OID 2.5.29.37 + +Fix this by also parsing the Extended Key Usage extension and handle it by +verifying that the certificate has a single purpose, that is code signing. + +Signed-off-by: Javier Martinez Canillas +Signed-off-by: Daniel Axtens +--- + grub-core/commands/appendedsig/x509.c | 94 ++++++++++++++++++++++++++++++- + grub-core/tests/appended_signature_test.c | 29 +++++++++- + grub-core/tests/appended_signatures.h | 81 ++++++++++++++++++++++++++ + 3 files changed, 201 insertions(+), 3 deletions(-) + +diff --git a/grub-core/commands/appendedsig/x509.c b/grub-core/commands/appendedsig/x509.c +index 652e4f168..34a2070a7 100644 +--- a/grub-core/commands/appendedsig/x509.c ++++ b/grub-core/commands/appendedsig/x509.c +@@ -47,6 +47,12 @@ const char *keyUsage_oid = "2.5.29.15"; + */ + const char *basicConstraints_oid = "2.5.29.19"; + ++/* ++ * RFC 5280 4.2.1.12 Extended Key Usage ++ */ ++const char *extendedKeyUsage_oid = "2.5.29.37"; ++const char *codeSigningUsage_oid = "1.3.6.1.5.5.7.3.3"; ++ + /* + * RFC 3279 2.3.1 + * +@@ -651,6 +657,77 @@ cleanup: + return err; + } + ++/* ++ * ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId ++ * ++ * KeyPurposeId ::= OBJECT IDENTIFIER ++ */ ++static grub_err_t ++verify_extended_key_usage (grub_uint8_t * value, int value_size) ++{ ++ asn1_node extendedasn; ++ int result, count; ++ grub_err_t err = GRUB_ERR_NONE; ++ char usage[MAX_OID_LEN]; ++ int usage_size = sizeof (usage); ++ ++ result = ++ asn1_create_element (_gnutls_pkix_asn, "PKIX1.ExtKeyUsageSyntax", ++ &extendedasn); ++ if (result != ASN1_SUCCESS) ++ { ++ return grub_error (GRUB_ERR_OUT_OF_MEMORY, ++ "Could not create ASN.1 structure for Extended Key Usage"); ++ } ++ ++ result = asn1_der_decoding2 (&extendedasn, value, &value_size, ++ ASN1_DECODE_FLAG_STRICT_DER, asn1_error); ++ if (result != ASN1_SUCCESS) ++ { ++ err = ++ grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "Error parsing DER for Extended Key Usage: %s", ++ asn1_error); ++ goto cleanup; ++ } ++ ++ /* ++ * If EKUs are present, there must be exactly 1 and it must be a ++ * codeSigning usage. ++ */ ++ result = asn1_number_of_elements(extendedasn, "", &count); ++ if (result != ASN1_SUCCESS) ++ { ++ err = ++ grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "Error counting number of Extended Key Usages: %s", ++ asn1_strerror (result)); ++ goto cleanup; ++ } ++ ++ result = asn1_read_value (extendedasn, "?1", usage, &usage_size); ++ if (result != ASN1_SUCCESS) ++ { ++ err = ++ grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "Error reading Extended Key Usage: %s", ++ asn1_strerror (result)); ++ goto cleanup; ++ } ++ ++ if (grub_strncmp (codeSigningUsage_oid, usage, usage_size) != 0) ++ { ++ err = ++ grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "Unexpected Extended Key Usage OID, got: %s", ++ usage); ++ goto cleanup; ++ } ++ ++cleanup: ++ asn1_delete_structure (&extendedasn); ++ return err; ++} + + /* + * Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension +@@ -674,7 +751,7 @@ verify_extensions (asn1_node cert) + { + int result; + int ext, num_extensions = 0; +- int usage_present = 0, constraints_present = 0; ++ int usage_present = 0, constraints_present = 0, extended_usage_present = 0; + char *oid_path, *critical_path, *value_path; + char extnID[MAX_OID_LEN]; + int extnID_size; +@@ -768,6 +845,15 @@ verify_extensions (asn1_node cert) + } + constraints_present++; + } ++ else if (grub_strncmp (extendedKeyUsage_oid, extnID, extnID_size) == 0) ++ { ++ err = verify_extended_key_usage (value, value_size); ++ if (err != GRUB_ERR_NONE) ++ { ++ goto cleanup_value; ++ } ++ extended_usage_present++; ++ } + else if (grub_strncmp ("TRUE", critical, critical_size) == 0) + { + /* +@@ -799,6 +885,12 @@ verify_extensions (asn1_node cert) + "Unexpected number of basic constraints extensions - expected 1, got %d", + constraints_present); + } ++ if (extended_usage_present > 1) ++ { ++ return grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "Unexpected number of Extended Key Usage extensions - expected 0 or 1, got %d", ++ extended_usage_present); ++ } + return GRUB_ERR_NONE; + + cleanup_value: +diff --git a/grub-core/tests/appended_signature_test.c b/grub-core/tests/appended_signature_test.c +index 88a485200..dbba06166 100644 +--- a/grub-core/tests/appended_signature_test.c ++++ b/grub-core/tests/appended_signature_test.c +@@ -111,6 +111,22 @@ static struct grub_procfs_entry certificate_printable_der_entry = { + .get_contents = get_certificate_printable_der + }; + ++static char * ++get_certificate_eku_der (grub_size_t * sz) ++{ ++ char *ret; ++ *sz = certificate_eku_der_len; ++ ret = grub_malloc (*sz); ++ if (ret) ++ grub_memcpy (ret, certificate_eku_der, *sz); ++ return ret; ++} ++ ++static struct grub_procfs_entry certificate_eku_der_entry = { ++ .name = "certificate_eku.der", ++ .get_contents = get_certificate_eku_der ++}; ++ + + static void + do_verify (const char *f, int is_valid) +@@ -149,6 +165,7 @@ appended_signature_test (void) + char *trust_args2[] = { (char *) "(proc)/certificate2.der", NULL }; + char *trust_args_printable[] = { (char *) "(proc)/certificate_printable.der", + NULL }; ++ char *trust_args_eku[] = { (char *) "(proc)/certificate_eku.der", NULL }; + char *distrust_args[] = { (char *) "1", NULL }; + char *distrust2_args[] = { (char *) "2", NULL }; + grub_err_t err; +@@ -157,6 +174,7 @@ appended_signature_test (void) + grub_procfs_register ("certificate2.der", &certificate2_der_entry); + grub_procfs_register ("certificate_printable.der", + &certificate_printable_der_entry); ++ grub_procfs_register ("certificate_eku.der", &certificate_eku_der_entry); + + cmd_trust = grub_command_find ("trust_certificate"); + if (!cmd_trust) +@@ -266,16 +284,23 @@ appended_signature_test (void) + + /* + * Lastly, check a certificate that uses printableString rather than +- * utf8String loads properly. ++ * utf8String loads properly, and that a certificate with an appropriate ++ * extended key usage loads. + */ + err = (cmd_trust->func) (cmd_trust, 1, trust_args_printable); + grub_test_assert (err == GRUB_ERR_NONE, +- "distrusting printable certificate failed: %d: %s", ++ "trusting printable certificate failed: %d: %s", ++ grub_errno, grub_errmsg); ++ ++ err = (cmd_trust->func) (cmd_trust, 1, trust_args_eku); ++ grub_test_assert (err == GRUB_ERR_NONE, ++ "trusting certificate with extended key usage failed: %d: %s", + grub_errno, grub_errmsg); + + grub_procfs_unregister (&certificate_der_entry); + grub_procfs_unregister (&certificate2_der_entry); + grub_procfs_unregister (&certificate_printable_der_entry); ++ grub_procfs_unregister (&certificate_eku_der_entry); + } + + GRUB_FUNCTIONAL_TEST (appended_signature_test, appended_signature_test); +diff --git a/grub-core/tests/appended_signatures.h b/grub-core/tests/appended_signatures.h +index aa3dc6278..2e5ebd7d8 100644 +--- a/grub-core/tests/appended_signatures.h ++++ b/grub-core/tests/appended_signatures.h +@@ -555,3 +555,84 @@ unsigned char certificate_printable_der[] = { + 0xd2 + }; + unsigned int certificate_printable_der_len = 829; ++ ++unsigned char certificate_eku_der[] = { ++ 0x30, 0x82, 0x03, 0x90, 0x30, 0x82, 0x02, 0x78, 0xa0, 0x03, 0x02, 0x01, ++ 0x02, 0x02, 0x09, 0x00, 0xd3, 0x9c, 0x41, 0x33, 0xdd, 0x6b, 0x5f, 0x45, ++ 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, ++ 0x0b, 0x05, 0x00, 0x30, 0x47, 0x31, 0x21, 0x30, 0x1f, 0x06, 0x03, 0x55, ++ 0x04, 0x03, 0x0c, 0x18, 0x52, 0x65, 0x64, 0x20, 0x48, 0x61, 0x74, 0x20, ++ 0x53, 0x65, 0x63, 0x75, 0x72, 0x65, 0x20, 0x42, 0x6f, 0x6f, 0x74, 0x20, ++ 0x43, 0x41, 0x20, 0x36, 0x31, 0x22, 0x30, 0x20, 0x06, 0x09, 0x2a, 0x86, ++ 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x13, 0x73, 0x65, 0x63, ++ 0x61, 0x6c, 0x65, 0x72, 0x74, 0x40, 0x72, 0x65, 0x64, 0x68, 0x61, 0x74, ++ 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x31, 0x30, 0x32, ++ 0x31, 0x35, 0x31, 0x34, 0x30, 0x30, 0x34, 0x34, 0x5a, 0x17, 0x0d, 0x33, ++ 0x38, 0x30, 0x31, 0x31, 0x37, 0x31, 0x34, 0x30, 0x30, 0x34, 0x34, 0x5a, ++ 0x30, 0x4e, 0x31, 0x28, 0x30, 0x26, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, ++ 0x1f, 0x52, 0x65, 0x64, 0x20, 0x48, 0x61, 0x74, 0x20, 0x53, 0x65, 0x63, ++ 0x75, 0x72, 0x65, 0x20, 0x42, 0x6f, 0x6f, 0x74, 0x20, 0x53, 0x69, 0x67, ++ 0x6e, 0x69, 0x6e, 0x67, 0x20, 0x36, 0x30, 0x32, 0x31, 0x22, 0x30, 0x20, ++ 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, ++ 0x13, 0x73, 0x65, 0x63, 0x61, 0x6c, 0x65, 0x72, 0x74, 0x40, 0x72, 0x65, ++ 0x64, 0x68, 0x61, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x82, 0x01, 0x22, ++ 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, ++ 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, ++ 0x02, 0x82, 0x01, 0x01, 0x00, 0xaa, 0x6f, 0xbb, 0x92, 0x77, 0xd7, 0x15, ++ 0xef, 0x88, 0x80, 0x88, 0xc0, 0xe7, 0x89, 0xeb, 0x35, 0x76, 0xf4, 0x85, ++ 0x05, 0x0f, 0x19, 0xe4, 0x5f, 0x25, 0xdd, 0xc1, 0xa2, 0xe5, 0x5c, 0x06, ++ 0xfb, 0xf1, 0x06, 0xb5, 0x65, 0x45, 0xcb, 0xbd, 0x19, 0x33, 0x54, 0xb5, ++ 0x1a, 0xcd, 0xe4, 0xa8, 0x35, 0x2a, 0xfe, 0x9c, 0x53, 0xf4, 0xc6, 0x76, ++ 0xdb, 0x1f, 0x8a, 0xd4, 0x7b, 0x18, 0x11, 0xaf, 0xa3, 0x90, 0xd4, 0xdd, ++ 0x4d, 0xd5, 0x42, 0xcc, 0x14, 0x9a, 0x64, 0x6b, 0xc0, 0x7f, 0xaa, 0x1c, ++ 0x94, 0x47, 0x4d, 0x79, 0xbd, 0x57, 0x9a, 0xbf, 0x99, 0x4e, 0x96, 0xa9, ++ 0x31, 0x2c, 0xa9, 0xe7, 0x14, 0x65, 0x86, 0xc8, 0xac, 0x79, 0x5e, 0x78, ++ 0xa4, 0x3c, 0x00, 0x24, 0xd3, 0xf7, 0xe1, 0xf5, 0x12, 0xad, 0xa0, 0x29, ++ 0xe5, 0xfe, 0x80, 0xae, 0xf8, 0xaa, 0x60, 0x36, 0xe7, 0xe8, 0x94, 0xcb, ++ 0xe9, 0xd1, 0xcc, 0x0b, 0x4d, 0xf7, 0xde, 0xeb, 0x52, 0xd2, 0x73, 0x09, ++ 0x28, 0xdf, 0x48, 0x99, 0x53, 0x9f, 0xc5, 0x9a, 0xd4, 0x36, 0xa3, 0xc6, ++ 0x5e, 0x8d, 0xbe, 0xd5, 0xdc, 0x76, 0xb4, 0x74, 0xb8, 0x26, 0x18, 0x27, ++ 0xfb, 0xf2, 0xfb, 0xd0, 0x9b, 0x3d, 0x7f, 0x10, 0xe2, 0xab, 0x44, 0xc7, ++ 0x88, 0x7f, 0xb4, 0x3d, 0x3e, 0xa3, 0xff, 0x6d, 0x06, 0x4b, 0x3e, 0x55, ++ 0xb2, 0x84, 0xf4, 0xad, 0x54, 0x88, 0x81, 0xc3, 0x9c, 0xf8, 0xb6, 0x68, ++ 0x96, 0x38, 0x8b, 0xcd, 0x90, 0x6d, 0x25, 0x4b, 0xbf, 0x0c, 0x44, 0x90, ++ 0xa5, 0x5b, 0x98, 0xd0, 0x40, 0x2f, 0xbb, 0x0d, 0xa8, 0x4b, 0x8a, 0x62, ++ 0x82, 0x46, 0x46, 0x18, 0x38, 0xae, 0x82, 0x07, 0xd0, 0xb4, 0x2f, 0x16, ++ 0x79, 0x55, 0x9f, 0x1b, 0xc5, 0x08, 0x6d, 0x85, 0xdf, 0x3f, 0xa9, 0x9b, ++ 0x4b, 0xc6, 0x28, 0xd3, 0x58, 0x72, 0x3d, 0x37, 0x11, 0x02, 0x03, 0x01, ++ 0x00, 0x01, 0xa3, 0x78, 0x30, 0x76, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, ++ 0x13, 0x01, 0x01, 0xff, 0x04, 0x02, 0x30, 0x00, 0x30, 0x0e, 0x06, 0x03, ++ 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x07, 0x80, ++ 0x30, 0x16, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x01, 0x01, 0xff, 0x04, 0x0c, ++ 0x30, 0x0a, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x03, ++ 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x6c, ++ 0xe4, 0x6c, 0x27, 0xaa, 0xcd, 0x0d, 0x4b, 0x74, 0x21, 0xa4, 0xf6, 0x5f, ++ 0x87, 0xb5, 0x31, 0xfe, 0x10, 0xbb, 0xa7, 0x30, 0x1f, 0x06, 0x03, 0x55, ++ 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xe8, 0x6a, 0x1c, 0xab, ++ 0x2c, 0x48, 0xf9, 0x60, 0x36, 0xa2, 0xf0, 0x7b, 0x8e, 0xd2, 0x9d, 0xb4, ++ 0x2a, 0x28, 0x98, 0xc8, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, ++ 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, ++ 0x55, 0x34, 0xe2, 0xfa, 0xf6, 0x89, 0x86, 0xad, 0x92, 0x21, 0xec, 0xb9, ++ 0x54, 0x0e, 0x18, 0x47, 0x0d, 0x1b, 0xa7, 0x58, 0xad, 0x69, 0xe4, 0xef, ++ 0x3b, 0xe6, 0x8d, 0xdd, 0xda, 0x0c, 0x45, 0xf6, 0xe8, 0x96, 0xa4, 0x29, ++ 0x0f, 0xbb, 0xcf, 0x16, 0xae, 0x93, 0xd0, 0xcb, 0x2a, 0x26, 0x1a, 0x7b, ++ 0xfc, 0x51, 0x22, 0x76, 0x98, 0x31, 0xa7, 0x0f, 0x29, 0x35, 0x79, 0xbf, ++ 0xe2, 0x4f, 0x0f, 0x14, 0xf5, 0x1f, 0xcb, 0xbf, 0x87, 0x65, 0x13, 0x32, ++ 0xa3, 0x19, 0x4a, 0xd1, 0x3f, 0x45, 0xd4, 0x4b, 0xe2, 0x00, 0x26, 0xa9, ++ 0x3e, 0xd7, 0xa5, 0x37, 0x9f, 0xf5, 0xad, 0x61, 0xe2, 0x40, 0xa9, 0x74, ++ 0x24, 0x53, 0xf2, 0x78, 0xeb, 0x10, 0x9b, 0x2c, 0x27, 0x88, 0x46, 0xcb, ++ 0xe4, 0x60, 0xca, 0xf5, 0x06, 0x24, 0x40, 0x2a, 0x97, 0x3a, 0xcc, 0xd0, ++ 0x81, 0xb1, 0x15, 0xa3, 0x4f, 0xd0, 0x2b, 0x4f, 0xca, 0x6e, 0xaa, 0x24, ++ 0x31, 0xb3, 0xac, 0xa6, 0x75, 0x05, 0xfe, 0x8a, 0xf4, 0x41, 0xc4, 0x06, ++ 0x8a, 0xc7, 0x0a, 0x83, 0x4e, 0x49, 0xd4, 0x3f, 0x83, 0x50, 0xec, 0x57, ++ 0x04, 0x97, 0x14, 0x49, 0xf5, 0xe1, 0xb1, 0x7a, 0x9c, 0x09, 0x4f, 0x61, ++ 0x87, 0xc3, 0x97, 0x22, 0x17, 0xc2, 0xeb, 0xcc, 0x32, 0x81, 0x31, 0x21, ++ 0x3f, 0x10, 0x57, 0x5b, 0x43, 0xbe, 0xcd, 0x68, 0x82, 0xbe, 0xe5, 0xc1, ++ 0x65, 0x94, 0x7e, 0xc2, 0x34, 0x76, 0x2b, 0xcf, 0x89, 0x3c, 0x2b, 0x81, ++ 0x23, 0x72, 0x95, 0xcf, 0xc9, 0x67, 0x19, 0x2a, 0xd5, 0x5c, 0xca, 0xa3, ++ 0x46, 0xbd, 0x48, 0x06, 0x0b, 0xa6, 0xa3, 0x96, 0x50, 0x28, 0xc7, 0x7e, ++ 0xcf, 0x62, 0xf2, 0xfa, 0xc4, 0xf2, 0x53, 0xe3, 0xc9, 0xe8, 0x2e, 0xdd, ++ 0x29, 0x37, 0x07, 0x47, 0xff, 0xff, 0x8a, 0x32, 0xbd, 0xa2, 0xb7, 0x21, ++ 0x89, 0xa0, 0x55, 0xf7 ++}; ++unsigned int certificate_eku_der_len = 916; diff --git a/SOURCES/0485-ieee1275-ofdisk-retry-on-open-failure.patch b/SOURCES/0485-ieee1275-ofdisk-retry-on-open-failure.patch new file mode 100644 index 0000000..f81e315 --- /dev/null +++ b/SOURCES/0485-ieee1275-ofdisk-retry-on-open-failure.patch @@ -0,0 +1,103 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Diego Domingos +Date: Wed, 10 Mar 2021 14:17:52 -0500 +Subject: [PATCH] ieee1275/ofdisk: retry on open failure + +This patch aims to make grub more robust when booting from SAN/Multipath disks. + +If a path is failing intermittently so grub will retry the OPEN and READ the +disk (grub_ieee1275_open and grub_ieee1275_read) until the total amount of times +specified in MAX_RETRIES. + +Signed-off-by: Diego Domingos +--- + grub-core/disk/ieee1275/ofdisk.c | 25 ++++++++++++++++++++----- + include/grub/ieee1275/ofdisk.h | 8 ++++++++ + 2 files changed, 28 insertions(+), 5 deletions(-) + +diff --git a/grub-core/disk/ieee1275/ofdisk.c b/grub-core/disk/ieee1275/ofdisk.c +index f3a6ecd79..98325ca98 100644 +--- a/grub-core/disk/ieee1275/ofdisk.c ++++ b/grub-core/disk/ieee1275/ofdisk.c +@@ -225,7 +225,9 @@ dev_iterate (const struct grub_ieee1275_devalias *alias) + char *buf, *bufptr; + unsigned i; + +- if (grub_ieee1275_open (alias->path, &ihandle)) ++ ++ RETRY_IEEE1275_OFDISK_OPEN(alias->path, &ihandle) ++ if (! ihandle) + return; + + /* This method doesn't need memory allocation for the table. Open +@@ -305,7 +307,9 @@ dev_iterate (const struct grub_ieee1275_devalias *alias) + return; + } + +- if (grub_ieee1275_open (alias->path, &ihandle)) ++ RETRY_IEEE1275_OFDISK_OPEN(alias->path, &ihandle); ++ ++ if (! ihandle) + { + grub_free (buf); + grub_free (table); +@@ -495,7 +499,7 @@ grub_ofdisk_open (const char *name, grub_disk_t disk) + last_ihandle = 0; + last_devpath = NULL; + +- grub_ieee1275_open (op->open_path, &last_ihandle); ++ RETRY_IEEE1275_OFDISK_OPEN(op->open_path, &last_ihandle); + if (! last_ihandle) + return grub_error (GRUB_ERR_UNKNOWN_DEVICE, "can't open device"); + last_devpath = op->open_path; +@@ -571,7 +575,7 @@ grub_ofdisk_prepare (grub_disk_t disk, grub_disk_addr_t sector) + last_ihandle = 0; + last_devpath = NULL; + +- grub_ieee1275_open (disk->data, &last_ihandle); ++ RETRY_IEEE1275_OFDISK_OPEN(disk->data, &last_ihandle); + if (! last_ihandle) + return grub_error (GRUB_ERR_UNKNOWN_DEVICE, "can't open device"); + last_devpath = disk->data; +@@ -598,12 +602,23 @@ grub_ofdisk_read (grub_disk_t disk, grub_disk_addr_t sector, + return err; + grub_ieee1275_read (last_ihandle, buf, size << disk->log_sector_size, + &actual); +- if (actual != (grub_ssize_t) (size << disk->log_sector_size)) ++ int i = 0; ++ while(actual != (grub_ssize_t) (size << disk->log_sector_size)){ ++ if (i>MAX_RETRIES){ + return grub_error (GRUB_ERR_READ_ERROR, N_("failure reading sector 0x%llx " + "from `%s'"), + (unsigned long long) sector, + disk->name); ++ } ++ last_devpath = NULL; ++ err = grub_ofdisk_prepare (disk, sector); ++ if (err) ++ return err; + ++ grub_ieee1275_read (last_ihandle, buf, size << disk->log_sector_size, ++ &actual); ++ i++; ++ } + return 0; + } + +diff --git a/include/grub/ieee1275/ofdisk.h b/include/grub/ieee1275/ofdisk.h +index 2f69e3f19..7d2d54093 100644 +--- a/include/grub/ieee1275/ofdisk.h ++++ b/include/grub/ieee1275/ofdisk.h +@@ -22,4 +22,12 @@ + extern void grub_ofdisk_init (void); + extern void grub_ofdisk_fini (void); + ++#define MAX_RETRIES 20 ++ ++ ++#define RETRY_IEEE1275_OFDISK_OPEN(device, last_ihandle) unsigned retry_i=0;for(retry_i=0; retry_i < MAX_RETRIES; retry_i++){ \ ++ if(!grub_ieee1275_open(device, last_ihandle)) \ ++ break; \ ++ grub_dprintf("ofdisk","Opening disk %s failed. Retrying...\n",device); } ++ + #endif /* ! GRUB_INIT_HEADER */ diff --git a/SOURCES/0486-normal-main-Discover-the-device-to-read-the-config-f.patch b/SOURCES/0486-normal-main-Discover-the-device-to-read-the-config-f.patch new file mode 100644 index 0000000..e04693a --- /dev/null +++ b/SOURCES/0486-normal-main-Discover-the-device-to-read-the-config-f.patch @@ -0,0 +1,123 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Thu, 8 Jul 2021 16:39:39 +0200 +Subject: [PATCH] normal/main: Discover the device to read the config from as a + fallback + +The GRUB core.img is generated locally, when this is done the grub2-probe +tool figures out the device and partition that needs to be read to parse +the GRUB configuration file. + +But in some cases the core.img can't be generated on the host and instead +has to be done at package build time. For example, if needs to get signed +with a key that's only available on the package building infrastructure. + +If that's the case, the prefix variable won't have a device and partition +but only a directory path. So there's no way for GRUB to know from which +device has to read the configuration file. + +To allow GRUB to continue working on that scenario, fallback to iterating +over all the available devices, if reading the config failed when using +the prefix and fw_path variables. + +Related: rhbz#1899864 + +Signed-off-by: Javier Martinez Canillas +--- + grub-core/normal/main.c | 58 +++++++++++++++++++++++++++++++++++++++++++------ + 1 file changed, 51 insertions(+), 7 deletions(-) + +diff --git a/grub-core/normal/main.c b/grub-core/normal/main.c +index 49141039f..93f33c167 100644 +--- a/grub-core/normal/main.c ++++ b/grub-core/normal/main.c +@@ -333,16 +333,11 @@ grub_enter_normal_mode (const char *config) + } + + static grub_err_t +-grub_try_normal (const char *variable) ++grub_try_normal_prefix (const char *prefix) + { + char *config; +- const char *prefix; + grub_err_t err = GRUB_ERR_FILE_NOT_FOUND; + +- prefix = grub_env_get (variable); +- if (!prefix) +- return GRUB_ERR_FILE_NOT_FOUND; +- + if (grub_strncmp (prefix + 1, "tftp", sizeof ("tftp") - 1) == 0) + { + grub_size_t config_len; +@@ -351,7 +346,7 @@ grub_try_normal (const char *variable) + config = grub_malloc (config_len); + + if (! config) +- return GRUB_ERR_FILE_NOT_FOUND; ++ return err; + + grub_snprintf (config, config_len, "%s/grub.cfg", prefix); + err = grub_net_search_configfile (config); +@@ -380,6 +375,53 @@ grub_try_normal (const char *variable) + return err; + } + ++static int ++grub_try_normal_dev (const char *name, void *data) ++{ ++ grub_err_t err; ++ const char *prefix = grub_xasprintf ("(%s)%s", name, (char *)data); ++ ++ if (!prefix) ++ return 0; ++ ++ err = grub_try_normal_prefix (prefix); ++ if (err == GRUB_ERR_NONE) ++ return 1; ++ ++ return 0; ++} ++ ++static grub_err_t ++grub_try_normal_discover (void) ++{ ++ char *prefix = grub_env_get ("prefix"); ++ grub_err_t err = GRUB_ERR_FILE_NOT_FOUND; ++ ++ if (!prefix) ++ return err; ++ ++ if (grub_device_iterate (grub_try_normal_dev, (void *)prefix)) ++ return GRUB_ERR_NONE; ++ ++ return err; ++} ++ ++static grub_err_t ++grub_try_normal (const char *variable) ++{ ++ grub_err_t err = GRUB_ERR_FILE_NOT_FOUND; ++ const char *prefix; ++ ++ if (!variable) ++ return err; ++ ++ prefix = grub_env_get (variable); ++ if (!prefix) ++ return err; ++ ++ return grub_try_normal_prefix (prefix); ++} ++ + /* Enter normal mode from rescue mode. */ + static grub_err_t + grub_cmd_normal (struct grub_command *cmd __attribute__ ((unused)), +@@ -394,6 +436,8 @@ grub_cmd_normal (struct grub_command *cmd __attribute__ ((unused)), + err = grub_try_normal ("fw_path"); + if (err == GRUB_ERR_FILE_NOT_FOUND) + err = grub_try_normal ("prefix"); ++ if (err == GRUB_ERR_FILE_NOT_FOUND) ++ err = grub_try_normal_discover (); + if (err == GRUB_ERR_FILE_NOT_FOUND) + grub_enter_normal_mode (0); + } diff --git a/SOURCES/0487-powerpc-adjust-setting-of-prefix-for-signed-binary-c.patch b/SOURCES/0487-powerpc-adjust-setting-of-prefix-for-signed-binary-c.patch new file mode 100644 index 0000000..e29fdf1 --- /dev/null +++ b/SOURCES/0487-powerpc-adjust-setting-of-prefix-for-signed-binary-c.patch @@ -0,0 +1,75 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Mon, 19 Jul 2021 14:35:55 +1000 +Subject: [PATCH] powerpc: adjust setting of prefix for signed binary case + +On RHEL-signed powerpc grub, we sign a grub with -p /grub2 and expect +that there's a boot partition. + +Unfortunately grub_set_prefix_and_root tries to convert this to +($fwdevice)/grub2. This ends up being (ieee1275/disk)/grub2 and that +falls apart pretty quickly - there's no file-system on ieee1275/disk, +and it makes the search routine try things like +(ieee1275/disk,msdos2)(ieee1275/disk)/grub2 which also doesn't work. + +Detect if we would be about to create (ieee1275/disk)/path and don't: +preserve a prefix of /path instead and hope the search later finds us. + +Related: rhbz#1899864 + +Signed-off-by: Daniel Axtens +--- + grub-core/kern/main.c | 38 +++++++++++++++++++++++++++++++++----- + 1 file changed, 33 insertions(+), 5 deletions(-) + +diff --git a/grub-core/kern/main.c b/grub-core/kern/main.c +index 9bf6a8b23..25dbcfef1 100644 +--- a/grub-core/kern/main.c ++++ b/grub-core/kern/main.c +@@ -215,13 +215,41 @@ grub_set_prefix_and_root (void) + if (device) + { + char *prefix_set; +- +- prefix_set = grub_xasprintf ("(%s)%s", device, path ? : ""); +- if (prefix_set) ++ ++#ifdef __powerpc__ ++ /* We have to be careful here on powerpc-ieee1275 + signed grub. We ++ will have signed something with a prefix that doesn't have a device ++ because we cannot know in advance what partition we're on. ++ ++ We will have had !device earlier, so we will have set device=fwdevice ++ However, we want to make sure we do not end up setting prefix to be ++ ($fwdevice)/path, because we will then end up trying to boot or search ++ based on a prefix of (ieee1275/disk)/path, which will not work because ++ it's missing a partition. ++ ++ Also: ++ - You can end up with a device with an FS directly on it, without ++ a partition, e.g. ieee1275/cdrom. ++ ++ - powerpc-ieee1275 + grub-install sets e.g. prefix=(,gpt2)/path, ++ which will have now been extended to device=$fwdisk,partition ++ and path=/path ++ ++ So we only need to act if device = ieee1275/disk exactly. ++ */ ++ if (grub_strncmp (device, "ieee1275/disk", 14) == 0) ++ grub_env_set ("prefix", path); ++ else ++#endif + { +- grub_env_set ("prefix", prefix_set); +- grub_free (prefix_set); ++ prefix_set = grub_xasprintf ("(%s)%s", device, path ? : ""); ++ if (prefix_set) ++ { ++ grub_env_set ("prefix", prefix_set); ++ grub_free (prefix_set); ++ } + } ++ + grub_env_set ("root", device); + } + diff --git a/SOURCES/0488-powerpc-fix-prefix-signed-grub-special-case-for-Powe.patch b/SOURCES/0488-powerpc-fix-prefix-signed-grub-special-case-for-Powe.patch new file mode 100644 index 0000000..66bdc31 --- /dev/null +++ b/SOURCES/0488-powerpc-fix-prefix-signed-grub-special-case-for-Powe.patch @@ -0,0 +1,43 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Mon, 16 Aug 2021 16:01:47 +1000 +Subject: [PATCH] powerpc: fix prefix + signed grub special case for PowerVM + +Mea culpa: when testing the PowerPC special case for signed grub, I +assumed qemu and PowerVM would behave identically. This was wrong, and +with hindsight a pretty dumb error. + +This fixes it. This time, I am actually testing on PowerVM. + +Signed-off-by: Daniel Axtens +--- + grub-core/kern/main.c | 15 +++++++++++++-- + 1 file changed, 13 insertions(+), 2 deletions(-) + +diff --git a/grub-core/kern/main.c b/grub-core/kern/main.c +index 25dbcfef1..40a709117 100644 +--- a/grub-core/kern/main.c ++++ b/grub-core/kern/main.c +@@ -235,9 +235,20 @@ grub_set_prefix_and_root (void) + which will have now been extended to device=$fwdisk,partition + and path=/path + +- So we only need to act if device = ieee1275/disk exactly. ++ - PowerVM will give us device names like ++ ieee1275//vdevice/v-scsi@3000006c/disk@8100000000000000 ++ and we don't want to try to encode some sort of truth table about ++ what sorts of paths represent disks with partition tables and those ++ without partition tables. ++ ++ So we act unless there is a comma in the device, which would indicate ++ a partition has already been specified. ++ ++ (If we only have a path, the code in normal to discover config files ++ will try both without partitions and then with any partitions so we ++ will cover both CDs and HDs.) + */ +- if (grub_strncmp (device, "ieee1275/disk", 14) == 0) ++ if (grub_strchr (device, ',') == NULL) + grub_env_set ("prefix", path); + else + #endif diff --git a/SOURCES/0489-grub-mkconfig-restore-umask-for-grub.cfg.patch b/SOURCES/0489-grub-mkconfig-restore-umask-for-grub.cfg.patch new file mode 100644 index 0000000..96e42df --- /dev/null +++ b/SOURCES/0489-grub-mkconfig-restore-umask-for-grub.cfg.patch @@ -0,0 +1,43 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Michael Chang via Grub-devel +Date: Fri, 3 Dec 2021 16:13:28 +0800 +Subject: [PATCH] grub-mkconfig: restore umask for grub.cfg + +Since commit: + + ab2e53c8a grub-mkconfig: Honor a symlink when generating configuration +by grub-mkconfig + +has inadvertently discarded umask for creating grub.cfg in the process +of grub-mkconfig. The resulting wrong permission (0644) would allow +unprivileged users to read grub's configuration file content. This +presents a low confidentiality risk as grub.cfg may contain non-secured +plain-text passwords. + +This patch restores the missing umask and set the file mode of creation +to 0600 preventing unprivileged access. + +Fixes: CVE-2021-3981 + +Signed-off-by: Michael Chang +(cherry picked from commit 2acad06610da1488bfa387f56a847119ab758766) +(cherry picked from commit 583bc3a468c9782696b2703e1098590f6f820add) +Signed-off-by: Robbie Harwood +--- + util/grub-mkconfig.in | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in +index 5e643e169..a1c00776d 100644 +--- a/util/grub-mkconfig.in ++++ b/util/grub-mkconfig.in +@@ -317,7 +317,9 @@ and /etc/grub.d/* files or please file a bug report with + exit 1 + else + # none of the children aborted with error, install the new grub.cfg ++ oldumask=$(umask); umask 077 + cat ${grub_cfg}.new > ${grub_cfg} ++ umask $oldumask + rm -f ${grub_cfg}.new + fi + fi diff --git a/SOURCES/0490-efinet-Add-DHCP-proxy-support.patch b/SOURCES/0490-efinet-Add-DHCP-proxy-support.patch new file mode 100644 index 0000000..054d975 --- /dev/null +++ b/SOURCES/0490-efinet-Add-DHCP-proxy-support.patch @@ -0,0 +1,53 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Ian Page Hands +Date: Tue, 8 Jun 2021 13:48:56 -0400 +Subject: [PATCH] efinet: Add DHCP proxy support + +If a proxyDHCP configuration is used, the server name, server IP and boot +file values should be taken from the DHCP proxy offer instead of the DHCP +server ack packet. Currently that case is not handled, add support for it. + +(cherry picked from commit 9cd94b23fe366b87ef25c13c95a531325af9016f) +Signed-off-by: Robbie Harwood +--- + grub-core/net/drivers/efi/efinet.c | 25 +++++++++++++++++++++++-- + 1 file changed, 23 insertions(+), 2 deletions(-) + +diff --git a/grub-core/net/drivers/efi/efinet.c b/grub-core/net/drivers/efi/efinet.c +index df7760ad2..25809050b 100644 +--- a/grub-core/net/drivers/efi/efinet.c ++++ b/grub-core/net/drivers/efi/efinet.c +@@ -850,10 +850,31 @@ grub_efi_net_config_real (grub_efi_handle_t hnd, char **device, + else + { + grub_dprintf ("efinet", "using ipv4 and dhcp\n"); ++ ++ struct grub_net_bootp_packet *dhcp_ack = &pxe_mode->dhcp_ack; ++ ++ if (pxe_mode->proxy_offer_received) ++ { ++ grub_dprintf ("efinet", "proxy offer receive"); ++ struct grub_net_bootp_packet *proxy_offer = &pxe_mode->proxy_offer; ++ ++ if (proxy_offer && dhcp_ack->boot_file[0] == '\0') ++ { ++ grub_dprintf ("efinet", "setting values from proxy offer"); ++ /* Here we got a proxy offer and the dhcp_ack has a nil boot_file ++ * Copy the proxy DHCP offer details into the bootp_packet we are ++ * sending forward as they are the deatils we need. ++ */ ++ *dhcp_ack->server_name = *proxy_offer->server_name; ++ *dhcp_ack->boot_file = *proxy_offer->boot_file; ++ dhcp_ack->server_ip = proxy_offer->server_ip; ++ } ++ } ++ + grub_net_configure_by_dhcp_ack (card->name, card, 0, + (struct grub_net_bootp_packet *) +- packet_buf, +- packet_bufsz, ++ &pxe_mode->dhcp_ack, ++ sizeof (pxe_mode->dhcp_ack), + 1, device, path); + grub_dprintf ("efinet", "device: `%s' path: `%s'\n", *device, *path); + } diff --git a/SOURCES/0491-at_keyboard-Fix-unreliable-key-presses.patch b/SOURCES/0491-at_keyboard-Fix-unreliable-key-presses.patch new file mode 100644 index 0000000..536b370 --- /dev/null +++ b/SOURCES/0491-at_keyboard-Fix-unreliable-key-presses.patch @@ -0,0 +1,49 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Michael Bideau +Date: Wed, 2 Oct 2019 23:48:10 +0200 +Subject: [PATCH] at_keyboard: Fix unreliable key presses + +This patch fixes an issue that prevented the at_keyboard module to work +(for me). The cause was a bad/wrong return value in the +grub_at_keyboard_getkey() function in grub-core/term/at_keyboard.c file +at line 237. My symptoms were to have an unresponsive keyboard. Keys +needed to be pressed 10x and more to effectively be printed sometimes +generating multiple key presses (after 1 or 2 sec of no printing). It +was very problematic when typing passphrase in early stage (with +GRUB_ENABLE_CRYPTODISK). When switched to "console" terminal input +keyboard worked perfectly. It also worked great with the GRUB 2.02 +packaged by Debian (2.02+dfsg1-20). It was not an output issue but an +input one. + +I've managed to analyze the issue and found that it came from the commit +216950a4e (at_keyboard: Split protocol from controller code.). Three +lines where moved from the fetch_key() function in +grub-core/term/at_keyboard.c file to the beginning of +grub_at_keyboard_getkey() function (same file). However, returning -1 +made sense when it happened in fetch_key() function but not anymore in +grub_at_keyboard_getkey() function which should return GRUB_TERM_NO_KEY. +I think it was just an incomplete cut-paste missing a small manual +correction. Let's fix it. + +Note: Commit message updated by Daniel Kiper. + +Signed-off-by: Michael Bideau +Reviewed-by: Daniel Kiper +(cherry picked from commit 33203ca3484717712b54e199c46ae8a818374284) +--- + grub-core/term/at_keyboard.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/grub-core/term/at_keyboard.c b/grub-core/term/at_keyboard.c +index c805cccbd..dac0f946f 100644 +--- a/grub-core/term/at_keyboard.c ++++ b/grub-core/term/at_keyboard.c +@@ -318,7 +318,7 @@ grub_at_keyboard_getkey (struct grub_term_input *term __attribute__ ((unused))) + return GRUB_TERM_NO_KEY; + + if (! KEYBOARD_ISREADY (grub_inb (KEYBOARD_REG_STATUS))) +- return -1; ++ return GRUB_TERM_NO_KEY; + at_key = grub_inb (KEYBOARD_REG_DATA); + old_led = ps2_state.led_status; + diff --git a/SOURCES/0492-commands-search-Fix-bug-stopping-iteration-when-no-f.patch b/SOURCES/0492-commands-search-Fix-bug-stopping-iteration-when-no-f.patch new file mode 100644 index 0000000..323564d --- /dev/null +++ b/SOURCES/0492-commands-search-Fix-bug-stopping-iteration-when-no-f.patch @@ -0,0 +1,35 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Renaud=20M=C3=A9trich?= +Date: Tue, 8 Feb 2022 08:39:10 +0100 +Subject: [PATCH] commands/search: Fix bug stopping iteration when --no-floppy + is used +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +When using --no-floppy and a floppy was encountered, iterate_device() +was returning 1, causing the iteration to stop instead of continuing. + +Signed-off-by: Renaud Métrich +Reviewed-by: Daniel Kiper +(cherry picked from commit 68ba54c2298604146be83cae144dafd1cfd1fe2d) +Signed-off-by: Robbie Harwood +(cherry picked from commit 7ada55e3fcd16e00773d3918955b2b945b7f063a) +(cherry picked from commit 44a58e304fd06155a56b650927728af01bbc647d) +--- + grub-core/commands/search.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/grub-core/commands/search.c b/grub-core/commands/search.c +index ddda6e7c5..d3180bf66 100644 +--- a/grub-core/commands/search.c ++++ b/grub-core/commands/search.c +@@ -64,7 +64,7 @@ iterate_device (const char *name, void *data) + /* Skip floppy drives when requested. */ + if (ctx->no_floppy && + name[0] == 'f' && name[1] == 'd' && name[2] >= '0' && name[2] <= '9') +- return 1; ++ return 0; + + #ifdef DO_SEARCH_FS_UUID + #define compare_fn grub_strcasecmp diff --git a/SOURCES/0493-search-new-efidisk-only-option-on-EFI-systems.patch b/SOURCES/0493-search-new-efidisk-only-option-on-EFI-systems.patch new file mode 100644 index 0000000..c5832bf --- /dev/null +++ b/SOURCES/0493-search-new-efidisk-only-option-on-EFI-systems.patch @@ -0,0 +1,170 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Renaud=20M=C3=A9trich?= +Date: Tue, 8 Feb 2022 08:39:11 +0100 +Subject: [PATCH] search: new --efidisk-only option on EFI systems +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +When using 'search' on EFI systems, we sometimes want to exclude devices +that are not EFI disks (e.g. md, lvm). +This is typically used when wanting to chainload when having a software +raid (md) for EFI partition: +with no option, 'search --file /EFI/redhat/shimx64.efi' sets root envvar +to 'md/boot_efi' which cannot be used for chainloading since there is no +effective EFI device behind. + +This commit also refactors handling of --no-floppy option. + +Signed-off-by: Renaud Métrich +[rharwood: apply rmetrich's flags initialization fix] +Signed-off-by: Robbie Harwood +(cherry picked from commit fdd8396f4fa750bbbabd4298f2593942f2b84710) +(cherry picked from commit bea473b58726705bb83a3db88f52d46fdcc6150e) +--- + grub-core/commands/search.c | 27 +++++++++++++++++++++++---- + grub-core/commands/search_wrap.c | 18 ++++++++++++------ + include/grub/search.h | 15 ++++++++++++--- + 3 files changed, 47 insertions(+), 13 deletions(-) + +diff --git a/grub-core/commands/search.c b/grub-core/commands/search.c +index d3180bf66..2036a756b 100644 +--- a/grub-core/commands/search.c ++++ b/grub-core/commands/search.c +@@ -47,7 +47,7 @@ struct search_ctx + { + const char *key; + const char *var; +- int no_floppy; ++ enum search_flags flags; + char **hints; + unsigned nhints; + int count; +@@ -62,10 +62,29 @@ iterate_device (const char *name, void *data) + int found = 0; + + /* Skip floppy drives when requested. */ +- if (ctx->no_floppy && ++ if (ctx->flags & SEARCH_FLAGS_NO_FLOPPY && + name[0] == 'f' && name[1] == 'd' && name[2] >= '0' && name[2] <= '9') + return 0; + ++ /* Limit to EFI disks when requested. */ ++ if (ctx->flags & SEARCH_FLAGS_EFIDISK_ONLY) ++ { ++ grub_device_t dev; ++ dev = grub_device_open (name); ++ if (! dev) ++ { ++ grub_errno = GRUB_ERR_NONE; ++ return 0; ++ } ++ if (! dev->disk || dev->disk->dev->id != GRUB_DISK_DEVICE_EFIDISK_ID) ++ { ++ grub_device_close (dev); ++ grub_errno = GRUB_ERR_NONE; ++ return 0; ++ } ++ grub_device_close (dev); ++ } ++ + #ifdef DO_SEARCH_FS_UUID + #define compare_fn grub_strcasecmp + #else +@@ -261,13 +280,13 @@ try (struct search_ctx *ctx) + } + + void +-FUNC_NAME (const char *key, const char *var, int no_floppy, ++FUNC_NAME (const char *key, const char *var, enum search_flags flags, + char **hints, unsigned nhints) + { + struct search_ctx ctx = { + .key = key, + .var = var, +- .no_floppy = no_floppy, ++ .flags = flags, + .hints = hints, + .nhints = nhints, + .count = 0, +diff --git a/grub-core/commands/search_wrap.c b/grub-core/commands/search_wrap.c +index 47fc8eb99..0b62acf85 100644 +--- a/grub-core/commands/search_wrap.c ++++ b/grub-core/commands/search_wrap.c +@@ -40,6 +40,7 @@ static const struct grub_arg_option options[] = + N_("Set a variable to the first device found."), N_("VARNAME"), + ARG_TYPE_STRING}, + {"no-floppy", 'n', 0, N_("Do not probe any floppy drive."), 0, 0}, ++ {"efidisk-only", 0, 0, N_("Only probe EFI disks."), 0, 0}, + {"hint", 'h', GRUB_ARG_OPTION_REPEATABLE, + N_("First try the device HINT. If HINT ends in comma, " + "also try subpartitions"), N_("HINT"), ARG_TYPE_STRING}, +@@ -73,6 +74,7 @@ enum options + SEARCH_FS_UUID, + SEARCH_SET, + SEARCH_NO_FLOPPY, ++ SEARCH_EFIDISK_ONLY, + SEARCH_HINT, + SEARCH_HINT_IEEE1275, + SEARCH_HINT_BIOS, +@@ -89,6 +91,7 @@ grub_cmd_search (grub_extcmd_context_t ctxt, int argc, char **args) + const char *id = 0; + int i = 0, j = 0, nhints = 0; + char **hints = NULL; ++ enum search_flags flags = 0; + + if (state[SEARCH_HINT].set) + for (i = 0; state[SEARCH_HINT].args[i]; i++) +@@ -180,15 +183,18 @@ grub_cmd_search (grub_extcmd_context_t ctxt, int argc, char **args) + goto out; + } + ++ if (state[SEARCH_NO_FLOPPY].set) ++ flags |= SEARCH_FLAGS_NO_FLOPPY; ++ ++ if (state[SEARCH_EFIDISK_ONLY].set) ++ flags |= SEARCH_FLAGS_EFIDISK_ONLY; ++ + if (state[SEARCH_LABEL].set) +- grub_search_label (id, var, state[SEARCH_NO_FLOPPY].set, +- hints, nhints); ++ grub_search_label (id, var, flags, hints, nhints); + else if (state[SEARCH_FS_UUID].set) +- grub_search_fs_uuid (id, var, state[SEARCH_NO_FLOPPY].set, +- hints, nhints); ++ grub_search_fs_uuid (id, var, flags, hints, nhints); + else if (state[SEARCH_FILE].set) +- grub_search_fs_file (id, var, state[SEARCH_NO_FLOPPY].set, +- hints, nhints); ++ grub_search_fs_file (id, var, flags, hints, nhints); + else + grub_error (GRUB_ERR_INVALID_COMMAND, "unspecified search type"); + +diff --git a/include/grub/search.h b/include/grub/search.h +index d80347df3..4190aeb2c 100644 +--- a/include/grub/search.h ++++ b/include/grub/search.h +@@ -19,11 +19,20 @@ + #ifndef GRUB_SEARCH_HEADER + #define GRUB_SEARCH_HEADER 1 + +-void grub_search_fs_file (const char *key, const char *var, int no_floppy, ++enum search_flags ++ { ++ SEARCH_FLAGS_NO_FLOPPY = 1, ++ SEARCH_FLAGS_EFIDISK_ONLY = 2 ++ }; ++ ++void grub_search_fs_file (const char *key, const char *var, ++ enum search_flags flags, + char **hints, unsigned nhints); +-void grub_search_fs_uuid (const char *key, const char *var, int no_floppy, ++void grub_search_fs_uuid (const char *key, const char *var, ++ enum search_flags flags, + char **hints, unsigned nhints); +-void grub_search_label (const char *key, const char *var, int no_floppy, ++void grub_search_label (const char *key, const char *var, ++ enum search_flags flags, + char **hints, unsigned nhints); + + #endif diff --git a/SOURCES/0494-efi-new-connectefi-command.patch b/SOURCES/0494-efi-new-connectefi-command.patch new file mode 100644 index 0000000..de905f7 --- /dev/null +++ b/SOURCES/0494-efi-new-connectefi-command.patch @@ -0,0 +1,397 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Renaud=20M=C3=A9trich?= +Date: Tue, 15 Feb 2022 14:05:22 +0100 +Subject: [PATCH] efi: new 'connectefi' command +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +When efi.quickboot is enabled on VMWare (which is the default for +hardware release 16 and later), it may happen that not all EFI devices +are connected. Due to this, browsing the devices in make_devices() just +fails to find devices, in particular disks or partitions for a given +disk. +This typically happens when network booting, then trying to chainload to +local disk (this is used in deployment tools such as Red Hat Satellite), +which is done through using the following grub.cfg snippet: +-------- 8< ---------------- 8< ---------------- 8< -------- +unset prefix +search --file --set=prefix /EFI/redhat/grubx64.efi +if [ -n "$prefix" ]; then + chainloader ($prefix)/EFI/redhat/grubx64/efi +... +-------- 8< ---------------- 8< ---------------- 8< -------- + +With efi.quickboot, none of the devices are connected, causing "search" +to fail. Sometimes devices are connected but not the partition of the +disk matching $prefix, causing partition to not be found by +"chainloader". + +This patch introduces a new "connectefi pciroot|scsi" command which +recursively connects all EFI devices starting from a given controller +type: +- if 'pciroot' is specified, recursion is performed for all PCI root + handles +- if 'scsi' is specified, recursion is performed for all SCSI I/O + handles (recommended usage to avoid connecting unwanted handles which + may impact Grub performances) + +Typical grub.cfg snippet would then be: +-------- 8< ---------------- 8< ---------------- 8< -------- +connectefi scsi +unset prefix +search --file --set=prefix /EFI/redhat/grubx64.efi +if [ -n "$prefix" ]; then + chainloader ($prefix)/EFI/redhat/grubx64/efi +... +-------- 8< ---------------- 8< ---------------- 8< -------- + +The code is easily extensible to handle other arguments in the future if +needed. + +Signed-off-by: Renaud Métrich +Signed-off-by: Robbie Harwood +(cherry picked from commit cc972c27314c841f80ab0fe8318fae06f078c680) +(cherry picked from commit 84b0c3f965a3918be64ca850139bea7c32d23ae9) +--- + grub-core/Makefile.core.def | 6 ++ + grub-core/commands/efi/connectefi.c | 205 ++++++++++++++++++++++++++++++++++++ + grub-core/commands/efi/lsefi.c | 1 + + grub-core/disk/efi/efidisk.c | 13 +++ + grub-core/kern/efi/efi.c | 13 +++ + include/grub/efi/disk.h | 2 + + include/grub/efi/efi.h | 5 + + NEWS | 2 +- + 8 files changed, 246 insertions(+), 1 deletion(-) + create mode 100644 grub-core/commands/efi/connectefi.c + +diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def +index 612df2e9c..ef06f8c95 100644 +--- a/grub-core/Makefile.core.def ++++ b/grub-core/Makefile.core.def +@@ -779,6 +779,12 @@ module = { + enable = efi; + }; + ++module = { ++ name = connectefi; ++ common = commands/efi/connectefi.c; ++ enable = efi; ++}; ++ + module = { + name = blocklist; + common = commands/blocklist.c; +diff --git a/grub-core/commands/efi/connectefi.c b/grub-core/commands/efi/connectefi.c +new file mode 100644 +index 000000000..8ab75bd51 +--- /dev/null ++++ b/grub-core/commands/efi/connectefi.c +@@ -0,0 +1,205 @@ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2022 Free Software Foundation, Inc. ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ */ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++GRUB_MOD_LICENSE ("GPLv3+"); ++ ++typedef struct handle_list ++{ ++ grub_efi_handle_t handle; ++ struct handle_list *next; ++} handle_list_t; ++ ++static handle_list_t *already_handled = NULL; ++ ++static grub_err_t ++add_handle (grub_efi_handle_t handle) ++{ ++ handle_list_t *e; ++ e = grub_malloc (sizeof (*e)); ++ if (! e) ++ return grub_errno; ++ e->handle = handle; ++ e->next = already_handled; ++ already_handled = e; ++ return GRUB_ERR_NONE; ++} ++ ++static int ++is_in_list (grub_efi_handle_t handle) ++{ ++ handle_list_t *e; ++ for (e = already_handled; e != NULL; e = e->next) ++ if (e->handle == handle) ++ return 1; ++ return 0; ++} ++ ++static void ++free_handle_list (void) ++{ ++ handle_list_t *e; ++ while ((e = already_handled) != NULL) ++ { ++ already_handled = already_handled->next; ++ grub_free (e); ++ } ++} ++ ++typedef enum searched_item_flag ++{ ++ SEARCHED_ITEM_FLAG_LOOP = 1, ++ SEARCHED_ITEM_FLAG_RECURSIVE = 2 ++} searched_item_flags; ++ ++typedef struct searched_item ++{ ++ grub_efi_guid_t guid; ++ const char *name; ++ searched_item_flags flags; ++} searched_items; ++ ++static grub_err_t ++grub_cmd_connectefi (grub_command_t cmd __attribute__ ((unused)), ++ int argc, char **args) ++{ ++ unsigned s; ++ searched_items pciroot_items[] = ++ { ++ { GRUB_EFI_PCI_ROOT_IO_GUID, "PCI root", SEARCHED_ITEM_FLAG_RECURSIVE } ++ }; ++ searched_items scsi_items[] = ++ { ++ { GRUB_EFI_PCI_ROOT_IO_GUID, "PCI root", 0 }, ++ { GRUB_EFI_PCI_IO_GUID, "PCI", SEARCHED_ITEM_FLAG_LOOP }, ++ { GRUB_EFI_SCSI_IO_PROTOCOL_GUID, "SCSI I/O", SEARCHED_ITEM_FLAG_RECURSIVE } ++ }; ++ searched_items *items = NULL; ++ unsigned nitems = 0; ++ grub_err_t grub_err = GRUB_ERR_NONE; ++ unsigned total_connected = 0; ++ ++ if (argc != 1) ++ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("one argument expected")); ++ ++ if (grub_strcmp(args[0], N_("pciroot")) == 0) ++ { ++ items = pciroot_items; ++ nitems = ARRAY_SIZE (pciroot_items); ++ } ++ else if (grub_strcmp(args[0], N_("scsi")) == 0) ++ { ++ items = scsi_items; ++ nitems = ARRAY_SIZE (scsi_items); ++ } ++ else ++ return grub_error (GRUB_ERR_BAD_ARGUMENT, ++ N_("unexpected argument `%s'"), args[0]); ++ ++ for (s = 0; s < nitems; s++) ++ { ++ grub_efi_handle_t *handles; ++ grub_efi_uintn_t num_handles; ++ unsigned i, connected = 0, loop = 0; ++ ++loop: ++ loop++; ++ grub_dprintf ("efi", "step '%s' loop %d:\n", items[s].name, loop); ++ ++ handles = grub_efi_locate_handle (GRUB_EFI_BY_PROTOCOL, ++ &items[s].guid, 0, &num_handles); ++ ++ if (!handles) ++ continue; ++ ++ for (i = 0; i < num_handles; i++) ++ { ++ grub_efi_handle_t handle = handles[i]; ++ grub_efi_status_t status; ++ unsigned j; ++ ++ /* Skip already handled handles */ ++ if (is_in_list (handle)) ++ { ++ grub_dprintf ("efi", " handle %p: already processed\n", ++ handle); ++ continue; ++ } ++ ++ status = grub_efi_connect_controller(handle, NULL, NULL, ++ items[s].flags & SEARCHED_ITEM_FLAG_RECURSIVE ? 1 : 0); ++ if (status == GRUB_EFI_SUCCESS) ++ { ++ connected++; ++ total_connected++; ++ grub_dprintf ("efi", " handle %p: connected\n", handle); ++ } ++ else ++ grub_dprintf ("efi", " handle %p: failed to connect (%d)\n", ++ handle, (grub_efi_int8_t) status); ++ ++ if ((grub_err = add_handle (handle)) != GRUB_ERR_NONE) ++ break; /* fatal */ ++ } ++ ++ grub_free (handles); ++ if (grub_err != GRUB_ERR_NONE) ++ break; /* fatal */ ++ ++ if (items[s].flags & SEARCHED_ITEM_FLAG_LOOP && connected) ++ { ++ connected = 0; ++ goto loop; ++ } ++ ++ free_handle_list (); ++ } ++ ++ free_handle_list (); ++ ++ if (total_connected) ++ grub_efidisk_reenumerate_disks (); ++ ++ return grub_err; ++} ++ ++static grub_command_t cmd; ++ ++GRUB_MOD_INIT(connectefi) ++{ ++ cmd = grub_register_command ("connectefi", grub_cmd_connectefi, ++ N_("pciroot|scsi"), ++ N_("Connect EFI handles." ++ " If 'pciroot' is specified, connect PCI" ++ " root EFI handles recursively." ++ " If 'scsi' is specified, connect SCSI" ++ " I/O EFI handles recursively.")); ++} ++ ++GRUB_MOD_FINI(connectefi) ++{ ++ grub_unregister_command (cmd); ++} +diff --git a/grub-core/commands/efi/lsefi.c b/grub-core/commands/efi/lsefi.c +index d1ce99af4..f2d2430e6 100644 +--- a/grub-core/commands/efi/lsefi.c ++++ b/grub-core/commands/efi/lsefi.c +@@ -19,6 +19,7 @@ + #include + #include + #include ++#include + #include + #include + #include +diff --git a/grub-core/disk/efi/efidisk.c b/grub-core/disk/efi/efidisk.c +index 5d2400f66..720a23fcc 100644 +--- a/grub-core/disk/efi/efidisk.c ++++ b/grub-core/disk/efi/efidisk.c +@@ -390,6 +390,19 @@ enumerate_disks (void) + free_devices (devices); + } + ++void ++grub_efidisk_reenumerate_disks (void) ++{ ++ free_devices (fd_devices); ++ free_devices (hd_devices); ++ free_devices (cd_devices); ++ fd_devices = 0; ++ hd_devices = 0; ++ cd_devices = 0; ++ ++ enumerate_disks (); ++} ++ + static int + grub_efidisk_iterate (grub_disk_dev_iterate_hook_t hook, void *hook_data, + grub_disk_pull_t pull) +diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c +index 4b95a4004..286395645 100644 +--- a/grub-core/kern/efi/efi.c ++++ b/grub-core/kern/efi/efi.c +@@ -95,6 +95,19 @@ grub_efi_locate_handle (grub_efi_locate_search_type_t search_type, + return buffer; + } + ++grub_efi_status_t ++grub_efi_connect_controller (grub_efi_handle_t controller_handle, ++ grub_efi_handle_t *driver_image_handle, ++ grub_efi_device_path_protocol_t *remaining_device_path, ++ grub_efi_boolean_t recursive) ++{ ++ grub_efi_boot_services_t *b; ++ ++ b = grub_efi_system_table->boot_services; ++ return efi_call_4 (b->connect_controller, controller_handle, ++ driver_image_handle, remaining_device_path, recursive); ++} ++ + void * + grub_efi_open_protocol (grub_efi_handle_t handle, + grub_efi_guid_t *protocol, +diff --git a/include/grub/efi/disk.h b/include/grub/efi/disk.h +index 254475c84..6845c2f1f 100644 +--- a/include/grub/efi/disk.h ++++ b/include/grub/efi/disk.h +@@ -27,6 +27,8 @@ grub_efi_handle_t + EXPORT_FUNC(grub_efidisk_get_device_handle) (grub_disk_t disk); + char *EXPORT_FUNC(grub_efidisk_get_device_name) (grub_efi_handle_t *handle); + ++void EXPORT_FUNC(grub_efidisk_reenumerate_disks) (void); ++ + void grub_efidisk_init (void); + void grub_efidisk_fini (void); + +diff --git a/include/grub/efi/efi.h b/include/grub/efi/efi.h +index 570a69361..4411ffa16 100644 +--- a/include/grub/efi/efi.h ++++ b/include/grub/efi/efi.h +@@ -36,6 +36,11 @@ EXPORT_FUNC(grub_efi_locate_handle) (grub_efi_locate_search_type_t search_type, + grub_efi_guid_t *protocol, + void *search_key, + grub_efi_uintn_t *num_handles); ++grub_efi_status_t ++EXPORT_FUNC(grub_efi_connect_controller) (grub_efi_handle_t controller_handle, ++ grub_efi_handle_t *driver_image_handle, ++ grub_efi_device_path_protocol_t *remaining_device_path, ++ grub_efi_boolean_t recursive); + void *EXPORT_FUNC(grub_efi_open_protocol) (grub_efi_handle_t handle, + grub_efi_guid_t *protocol, + grub_efi_uint32_t attributes); +diff --git a/NEWS b/NEWS +index 2ebd54e78..b04041507 100644 +--- a/NEWS ++++ b/NEWS +@@ -66,7 +66,7 @@ New in 2.02: + * Prefer pmtimer for TSC calibration. + + * New/improved platform support: +- * New `efifwsetup' and `lsefi' commands on EFI platforms. ++ * New `efifwsetup', `lsefi' and `connectefi` commands on EFI platforms. + * New `cmosdump' and `cmosset' commands on platforms with CMOS support. + * New command `pcidump' for PCI platforms. + * Improve opcode parsing in ACPI halt implementation. diff --git a/SOURCES/0495-Try-to-pick-better-locations-for-kernel-and-initrd.patch b/SOURCES/0495-Try-to-pick-better-locations-for-kernel-and-initrd.patch new file mode 100644 index 0000000..2d48c02 --- /dev/null +++ b/SOURCES/0495-Try-to-pick-better-locations-for-kernel-and-initrd.patch @@ -0,0 +1,203 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Thu, 11 Jul 2019 17:17:02 +0200 +Subject: [PATCH] Try to pick better locations for kernel and initrd + +- Don't limit allocations on 64-bit platforms to < 0x[37f]fffffff if + we're using the "large" code model ; use __UINTPTR_MAX__. +- Get the comparison right to check the address we've allocated. +- Fix the allocation for the command line as well. + +*But*, when we did this some systems started failing badly; coudln't +parse partition tables, etc. What's going on here is the disk controller +is silently failing DMAs to addresses above 4GB, so we're trying to parse +uninitialized (or HW zeroed) ram when looking for the partition table, +etc. + +So to limit this, we make grub_malloc() pick addresses below 4GB on +x86_64, but the direct EFI page allocation functions can get addresses +above that. + +Additionally, we now try to locate kernel+initrd+cmdline+etc below +0x7fffffff, and if they're too big to fit any memory window there, then +we try a higher address. + +Signed-off-by: Peter Jones +(cherry picked from commit 9035d4f9ea2f26a9d4412a0918d597ceb5365442) + +Conflicts: + grub-core/loader/i386/efi/linux.c + Context diffs in includes. + +Signed-off-by: Lenny Szubowicz +--- + grub-core/kern/efi/mm.c | 8 ++++---- + grub-core/loader/i386/efi/linux.c | 24 +++++++++++++++++------- + include/grub/arm/efi/memory.h | 1 + + include/grub/arm64/efi/memory.h | 1 + + include/grub/i386/efi/memory.h | 1 + + include/grub/ia64/efi/memory.h | 1 + + include/grub/x86_64/efi/memory.h | 4 +++- + 7 files changed, 28 insertions(+), 12 deletions(-) + +diff --git a/grub-core/kern/efi/mm.c b/grub-core/kern/efi/mm.c +index 2d9c9032b..9e76f23e5 100644 +--- a/grub-core/kern/efi/mm.c ++++ b/grub-core/kern/efi/mm.c +@@ -122,7 +122,7 @@ grub_efi_allocate_pages_max (grub_efi_physical_address_t max, + grub_efi_boot_services_t *b; + grub_efi_physical_address_t address = max; + +- if (max > 0xffffffff) ++ if (max > GRUB_EFI_MAX_USABLE_ADDRESS) + return 0; + + b = grub_efi_system_table->boot_services; +@@ -472,7 +472,7 @@ filter_memory_map (grub_efi_memory_descriptor_t *memory_map, + { + if (desc->type == GRUB_EFI_CONVENTIONAL_MEMORY + #if 1 +- && desc->physical_start <= GRUB_EFI_MAX_USABLE_ADDRESS ++ && desc->physical_start <= GRUB_EFI_MAX_ALLOCATION_ADDRESS + #endif + && desc->physical_start + PAGES_TO_BYTES (desc->num_pages) > 0x100000 + && desc->num_pages != 0) +@@ -490,9 +490,9 @@ filter_memory_map (grub_efi_memory_descriptor_t *memory_map, + #if 1 + if (BYTES_TO_PAGES (filtered_desc->physical_start) + + filtered_desc->num_pages +- > BYTES_TO_PAGES_DOWN (GRUB_EFI_MAX_USABLE_ADDRESS)) ++ > BYTES_TO_PAGES_DOWN (GRUB_EFI_MAX_ALLOCATION_ADDRESS)) + filtered_desc->num_pages +- = (BYTES_TO_PAGES_DOWN (GRUB_EFI_MAX_USABLE_ADDRESS) ++ = (BYTES_TO_PAGES_DOWN (GRUB_EFI_MAX_ALLOCATION_ADDRESS) + - BYTES_TO_PAGES (filtered_desc->physical_start)); + #endif + +diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c +index 576f8c07e..c5fdf522b 100644 +--- a/grub-core/loader/i386/efi/linux.c ++++ b/grub-core/loader/i386/efi/linux.c +@@ -27,6 +27,7 @@ + #include + #include + #include ++#include + #include + #include + +@@ -113,7 +114,9 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), + } + } + +- initrd_mem = grub_efi_allocate_pages_max (0x3fffffff, BYTES_TO_PAGES(size)); ++ initrd_mem = grub_efi_allocate_pages_max (GRUB_EFI_MAX_ALLOCATION_ADDRESS, BYTES_TO_PAGES(size)); ++ if (!initrd_mem) ++ initrd_mem = grub_efi_allocate_pages_max (GRUB_EFI_MAX_USABLE_ADDRESS, BYTES_TO_PAGES(size)); + if (!initrd_mem) + { + grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("can't allocate initrd")); +@@ -217,8 +220,11 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + } + } + +- params = grub_efi_allocate_pages_max (0x3fffffff, ++ params = grub_efi_allocate_pages_max (GRUB_EFI_MAX_ALLOCATION_ADDRESS, + BYTES_TO_PAGES(sizeof(*params))); ++ if (!params) ++ params = grub_efi_allocate_pages_max (GRUB_EFI_MAX_USABLE_ADDRESS, ++ BYTES_TO_PAGES(sizeof(*params))); + if (! params) + { + grub_error (GRUB_ERR_OUT_OF_MEMORY, "cannot allocate kernel parameters"); +@@ -288,8 +294,11 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + #endif + + grub_dprintf ("linux", "setting up cmdline\n"); +- linux_cmdline = grub_efi_allocate_pages_max(0x3fffffff, +- BYTES_TO_PAGES(lh->cmdline_size + 1)); ++ linux_cmdline = grub_efi_allocate_pages_max(GRUB_EFI_MAX_ALLOCATION_ADDRESS, ++ BYTES_TO_PAGES(lh->cmdline_size + 1)); ++ if (!linux_cmdline) ++ linux_cmdline = grub_efi_allocate_pages_max(GRUB_EFI_MAX_USABLE_ADDRESS, ++ BYTES_TO_PAGES(lh->cmdline_size + 1)); + if (!linux_cmdline) + { + grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("can't allocate cmdline")); +@@ -316,11 +325,12 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + + kernel_mem = grub_efi_allocate_pages_max(lh->pref_address, + BYTES_TO_PAGES(lh->init_size)); +- + if (!kernel_mem) +- kernel_mem = grub_efi_allocate_pages_max(0x3fffffff, ++ kernel_mem = grub_efi_allocate_pages_max(GRUB_EFI_MAX_ALLOCATION_ADDRESS, ++ BYTES_TO_PAGES(lh->init_size)); ++ if (!kernel_mem) ++ kernel_mem = grub_efi_allocate_pages_max(GRUB_EFI_MAX_USABLE_ADDRESS, + BYTES_TO_PAGES(lh->init_size)); +- + if (!kernel_mem) + { + grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("can't allocate kernel")); +diff --git a/include/grub/arm/efi/memory.h b/include/grub/arm/efi/memory.h +index 2c64918e3..a4c2ec835 100644 +--- a/include/grub/arm/efi/memory.h ++++ b/include/grub/arm/efi/memory.h +@@ -2,5 +2,6 @@ + #include + + #define GRUB_EFI_MAX_USABLE_ADDRESS 0xffffffff ++#define GRUB_EFI_MAX_ALLOCATION_ADDRESS GRUB_EFI_MAX_USABLE_ADDRESS + + #endif /* ! GRUB_MEMORY_CPU_HEADER */ +diff --git a/include/grub/arm64/efi/memory.h b/include/grub/arm64/efi/memory.h +index c6cb32417..acb61dca4 100644 +--- a/include/grub/arm64/efi/memory.h ++++ b/include/grub/arm64/efi/memory.h +@@ -2,5 +2,6 @@ + #include + + #define GRUB_EFI_MAX_USABLE_ADDRESS 0xffffffffffffULL ++#define GRUB_EFI_MAX_ALLOCATION_ADDRESS GRUB_EFI_MAX_USABLE_ADDRESS + + #endif /* ! GRUB_MEMORY_CPU_HEADER */ +diff --git a/include/grub/i386/efi/memory.h b/include/grub/i386/efi/memory.h +index 2c64918e3..a4c2ec835 100644 +--- a/include/grub/i386/efi/memory.h ++++ b/include/grub/i386/efi/memory.h +@@ -2,5 +2,6 @@ + #include + + #define GRUB_EFI_MAX_USABLE_ADDRESS 0xffffffff ++#define GRUB_EFI_MAX_ALLOCATION_ADDRESS GRUB_EFI_MAX_USABLE_ADDRESS + + #endif /* ! GRUB_MEMORY_CPU_HEADER */ +diff --git a/include/grub/ia64/efi/memory.h b/include/grub/ia64/efi/memory.h +index 2c64918e3..a4c2ec835 100644 +--- a/include/grub/ia64/efi/memory.h ++++ b/include/grub/ia64/efi/memory.h +@@ -2,5 +2,6 @@ + #include + + #define GRUB_EFI_MAX_USABLE_ADDRESS 0xffffffff ++#define GRUB_EFI_MAX_ALLOCATION_ADDRESS GRUB_EFI_MAX_USABLE_ADDRESS + + #endif /* ! GRUB_MEMORY_CPU_HEADER */ +diff --git a/include/grub/x86_64/efi/memory.h b/include/grub/x86_64/efi/memory.h +index 46e9145a3..e81cfb322 100644 +--- a/include/grub/x86_64/efi/memory.h ++++ b/include/grub/x86_64/efi/memory.h +@@ -2,9 +2,11 @@ + #include + + #if defined (__code_model_large__) +-#define GRUB_EFI_MAX_USABLE_ADDRESS 0xffffffff ++#define GRUB_EFI_MAX_USABLE_ADDRESS __UINTPTR_MAX__ ++#define GRUB_EFI_MAX_ALLOCATION_ADDRESS 0x7fffffff + #else + #define GRUB_EFI_MAX_USABLE_ADDRESS 0x7fffffff ++#define GRUB_EFI_MAX_ALLOCATION_ADDRESS GRUB_EFI_MAX_USABLE_ADDRESS + #endif + + #endif /* ! GRUB_MEMORY_CPU_HEADER */ diff --git a/SOURCES/0496-x86-efi-Use-bounce-buffers-for-reading-to-addresses-.patch b/SOURCES/0496-x86-efi-Use-bounce-buffers-for-reading-to-addresses-.patch new file mode 100644 index 0000000..5483204 --- /dev/null +++ b/SOURCES/0496-x86-efi-Use-bounce-buffers-for-reading-to-addresses-.patch @@ -0,0 +1,109 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Fri, 12 Jul 2019 09:53:32 +0200 +Subject: [PATCH] x86-efi: Use bounce buffers for reading to addresses > 4GB + +Lots of machines apparently can't DMA correctly above 4GB during UEFI, +so use bounce buffers for the initramfs read. + +Signed-off-by: Peter Jones +(cherry picked from commit 7765a790dee00f2e0d414cf3a3d016c493cf0d9b) + +Conflicts: + grub-core/loader/i386/efi/linux.c + git cherry-pick thought delete of prior def of MIN was a + conflict. + +Signed-off-by: Lenny Szubowicz +--- + grub-core/loader/i386/efi/linux.c | 52 +++++++++++++++++++++++++++++++++------ + 1 file changed, 45 insertions(+), 7 deletions(-) + +diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c +index c5fdf522b..73cd838e9 100644 +--- a/grub-core/loader/i386/efi/linux.c ++++ b/grub-core/loader/i386/efi/linux.c +@@ -37,11 +37,16 @@ static grub_dl_t my_mod; + static int loaded; + static void *kernel_mem; + static grub_uint64_t kernel_size; +-static grub_uint8_t *initrd_mem; ++static void *initrd_mem; + static grub_uint32_t handover_offset; + struct linux_kernel_params *params; + static char *linux_cmdline; + ++#define MIN(a, b) \ ++ ({ typeof (a) _a = (a); \ ++ typeof (b) _b = (b); \ ++ _a < _b ? _a : _b; }) ++ + #define BYTES_TO_PAGES(bytes) (((bytes) + 0xfff) >> 12) + + static grub_err_t +@@ -75,6 +80,44 @@ grub_linuxefi_unload (void) + return GRUB_ERR_NONE; + } + ++#define BOUNCE_BUFFER_MAX 0x10000000ull ++ ++static grub_ssize_t ++read(grub_file_t file, grub_uint8_t *bufp, grub_size_t len) ++{ ++ grub_ssize_t bufpos = 0; ++ static grub_size_t bbufsz = 0; ++ static char *bbuf = NULL; ++ ++ if (bbufsz == 0) ++ bbufsz = MIN(BOUNCE_BUFFER_MAX, len); ++ ++ while (!bbuf && bbufsz) ++ { ++ bbuf = grub_malloc(bbufsz); ++ if (!bbuf) ++ bbufsz >>= 1; ++ } ++ if (!bbuf) ++ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("cannot allocate bounce buffer")); ++ ++ while (bufpos < (long long)len) ++ { ++ grub_ssize_t sz; ++ ++ sz = grub_file_read (file, bbuf, MIN(bbufsz, len - bufpos)); ++ if (sz < 0) ++ return sz; ++ if (sz == 0) ++ break; ++ ++ grub_memcpy(bufp + bufpos, bbuf, sz); ++ bufpos += sz; ++ } ++ ++ return bufpos; ++} ++ + static grub_err_t + grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), + int argc, char *argv[]) +@@ -133,7 +176,7 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), + for (i = 0; i < nfiles; i++) + { + grub_ssize_t cursize = grub_file_size (files[i]); +- if (grub_file_read (files[i], ptr, cursize) != cursize) ++ if (read (files[i], ptr, cursize) != cursize) + { + if (!grub_errno) + grub_error (GRUB_ERR_FILE_READ_ERROR, N_("premature end of file %s"), +@@ -161,11 +204,6 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), + return grub_errno; + } + +-#define MIN(a, b) \ +- ({ typeof (a) _a = (a); \ +- typeof (b) _b = (b); \ +- _a < _b ? _a : _b; }) +- + static grub_err_t + grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + int argc, char *argv[]) diff --git a/SOURCES/0497-x86-efi-Re-arrange-grub_cmd_linux-a-little-bit.patch b/SOURCES/0497-x86-efi-Re-arrange-grub_cmd_linux-a-little-bit.patch new file mode 100644 index 0000000..4616842 --- /dev/null +++ b/SOURCES/0497-x86-efi-Re-arrange-grub_cmd_linux-a-little-bit.patch @@ -0,0 +1,134 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Thu, 13 Sep 2018 14:42:34 -0400 +Subject: [PATCH] x86-efi: Re-arrange grub_cmd_linux() a little bit. + +This just helps the next patch be easier to read. + +Signed-off-by: Peter Jones +(cherry picked from commit 486cdd48889b30b03143c393e59a75ea040b5c40) +--- + grub-core/loader/i386/efi/linux.c | 75 +++++++++++++++++++++------------------ + 1 file changed, 41 insertions(+), 34 deletions(-) + +diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c +index 73cd838e9..c9650561f 100644 +--- a/grub-core/loader/i386/efi/linux.c ++++ b/grub-core/loader/i386/efi/linux.c +@@ -258,32 +258,9 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + } + } + +- params = grub_efi_allocate_pages_max (GRUB_EFI_MAX_ALLOCATION_ADDRESS, +- BYTES_TO_PAGES(sizeof(*params))); +- if (!params) +- params = grub_efi_allocate_pages_max (GRUB_EFI_MAX_USABLE_ADDRESS, +- BYTES_TO_PAGES(sizeof(*params))); +- if (! params) +- { +- grub_error (GRUB_ERR_OUT_OF_MEMORY, "cannot allocate kernel parameters"); +- goto fail; +- } ++ lh = (struct linux_i386_kernel_header *)kernel; ++ grub_dprintf ("linux", "original lh is at %p\n", kernel); + +- grub_dprintf ("linux", "params = %p\n", params); +- +- grub_memset (params, 0, sizeof(*params)); +- +- setup_header_end_offset = *((grub_uint8_t *)kernel + 0x201); +- grub_dprintf ("linux", "copying %lu bytes from %p to %p\n", +- MIN((grub_size_t)0x202+setup_header_end_offset, +- sizeof (*params)) - 0x1f1, +- (grub_uint8_t *)kernel + 0x1f1, +- (grub_uint8_t *)params + 0x1f1); +- grub_memcpy ((grub_uint8_t *)params + 0x1f1, +- (grub_uint8_t *)kernel + 0x1f1, +- MIN((grub_size_t)0x202+setup_header_end_offset,sizeof (*params)) - 0x1f1); +- lh = (struct linux_i386_kernel_header *)params; +- grub_dprintf ("linux", "lh is at %p\n", lh); + grub_dprintf ("linux", "checking lh->boot_flag\n"); + if (lh->boot_flag != grub_cpu_to_le16 (0xaa55)) + { +@@ -331,6 +308,34 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + } + #endif + ++ params = grub_efi_allocate_pages_max (GRUB_EFI_MAX_ALLOCATION_ADDRESS, ++ BYTES_TO_PAGES(sizeof(*params))); ++ if (!params) ++ params = grub_efi_allocate_pages_max (GRUB_EFI_MAX_USABLE_ADDRESS, ++ BYTES_TO_PAGES(sizeof(*params))); ++ if (! params) ++ { ++ grub_error (GRUB_ERR_OUT_OF_MEMORY, "cannot allocate kernel parameters"); ++ goto fail; ++ } ++ ++ grub_dprintf ("linux", "params = %p\n", params); ++ ++ grub_memset (params, 0, sizeof(*params)); ++ ++ setup_header_end_offset = *((grub_uint8_t *)kernel + 0x201); ++ grub_dprintf ("linux", "copying %lu bytes from %p to %p\n", ++ MIN((grub_size_t)0x202+setup_header_end_offset, ++ sizeof (*params)) - 0x1f1, ++ (grub_uint8_t *)kernel + 0x1f1, ++ (grub_uint8_t *)params + 0x1f1); ++ grub_memcpy ((grub_uint8_t *)params + 0x1f1, ++ (grub_uint8_t *)kernel + 0x1f1, ++ MIN((grub_size_t)0x202+setup_header_end_offset,sizeof (*params)) - 0x1f1); ++ ++ lh = (struct linux_i386_kernel_header *)params; ++ grub_dprintf ("linux", "new lh is at %p\n", lh); ++ + grub_dprintf ("linux", "setting up cmdline\n"); + linux_cmdline = grub_efi_allocate_pages_max(GRUB_EFI_MAX_ALLOCATION_ADDRESS, + BYTES_TO_PAGES(lh->cmdline_size + 1)); +@@ -356,8 +361,8 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + grub_dprintf ("linux", "setting lh->cmd_line_ptr\n"); + lh->cmd_line_ptr = (grub_uint32_t)(grub_addr_t)linux_cmdline; + +- grub_dprintf ("linux", "computing handover offset\n"); + handover_offset = lh->handover_offset; ++ grub_dprintf("linux", "handover_offset: %08x\n", handover_offset); + + start = (lh->setup_sects + 1) * 512; + +@@ -374,26 +379,28 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("can't allocate kernel")); + goto fail; + } +- +- grub_dprintf ("linux", "kernel_mem = %lx\n", (unsigned long) kernel_mem); ++ grub_dprintf("linux", "kernel_mem = %p\n", kernel_mem); + + grub_loader_set (grub_linuxefi_boot, grub_linuxefi_unload, 0); +- loaded=1; ++ ++ loaded = 1; ++ + grub_dprintf ("linux", "setting lh->code32_start to %p\n", kernel_mem); + lh->code32_start = (grub_uint32_t)(grub_addr_t) kernel_mem; + + grub_memcpy (kernel_mem, (char *)kernel + start, filelen - start); + +- grub_dprintf ("linux", "setting lh->type_of_loader\n"); + lh->type_of_loader = 0x6; ++ grub_dprintf ("linux", "setting lh->type_of_loader = 0x%02x\n", ++ lh->type_of_loader); + +- grub_dprintf ("linux", "setting lh->ext_loader_{type,ver}\n"); + params->ext_loader_type = 0; + params->ext_loader_ver = 2; +- grub_dprintf("linux", "kernel_mem: %p handover_offset: %08x\n", +- kernel_mem, handover_offset); ++ grub_dprintf ("linux", ++ "setting lh->ext_loader_{type,ver} = {0x%02x,0x%02x}\n", ++ params->ext_loader_type, params->ext_loader_ver); + +- fail: ++fail: + if (file) + grub_file_close (file); + diff --git a/SOURCES/0498-x86-efi-Make-our-own-allocator-for-kernel-stuff.patch b/SOURCES/0498-x86-efi-Make-our-own-allocator-for-kernel-stuff.patch new file mode 100644 index 0000000..8c3b1e6 --- /dev/null +++ b/SOURCES/0498-x86-efi-Make-our-own-allocator-for-kernel-stuff.patch @@ -0,0 +1,259 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Wed, 12 Sep 2018 16:03:55 -0400 +Subject: [PATCH] x86-efi: Make our own allocator for kernel stuff + +This helps enable allocations above 4GB. + +Signed-off-by: Peter Jones +(cherry picked from commit cfea4ae780f8860d472cd2d5a9765ec2fe2adc83) +--- + grub-core/loader/i386/efi/linux.c | 167 +++++++++++++++++++++----------------- + 1 file changed, 94 insertions(+), 73 deletions(-) + +diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c +index c9650561f..5eed2014c 100644 +--- a/grub-core/loader/i386/efi/linux.c ++++ b/grub-core/loader/i386/efi/linux.c +@@ -49,6 +49,65 @@ static char *linux_cmdline; + + #define BYTES_TO_PAGES(bytes) (((bytes) + 0xfff) >> 12) + ++struct allocation_choice { ++ grub_efi_physical_address_t addr; ++ grub_efi_allocate_type_t alloc_type; ++}; ++ ++static struct allocation_choice max_addresses[] = ++ { ++ { GRUB_EFI_MAX_ALLOCATION_ADDRESS, GRUB_EFI_ALLOCATE_MAX_ADDRESS }, ++ { GRUB_EFI_MAX_ALLOCATION_ADDRESS, GRUB_EFI_ALLOCATE_MAX_ADDRESS }, ++ { GRUB_EFI_MAX_ALLOCATION_ADDRESS, GRUB_EFI_ALLOCATE_MAX_ADDRESS }, ++ { 0, 0 } ++ }; ++ ++static inline void ++kernel_free(void *addr, grub_efi_uintn_t size) ++{ ++ if (addr && size) ++ grub_efi_free_pages ((grub_efi_physical_address_t)(grub_addr_t)addr, ++ BYTES_TO_PAGES(size)); ++} ++ ++static void * ++kernel_alloc(grub_efi_uintn_t size, const char * const errmsg) ++{ ++ void *addr = 0; ++ unsigned int i; ++ grub_efi_physical_address_t prev_max = 0; ++ ++ for (i = 0; max_addresses[i].addr != 0 && addr == 0; i++) ++ { ++ grub_uint64_t max = max_addresses[i].addr; ++ grub_efi_uintn_t pages; ++ ++ if (max == prev_max) ++ continue; ++ ++ pages = BYTES_TO_PAGES(size); ++ grub_dprintf ("linux", "Trying to allocate %lu pages from %p\n", ++ pages, (void *)max); ++ ++ prev_max = max; ++ addr = grub_efi_allocate_pages_real (max, pages, ++ max_addresses[i].alloc_type, ++ GRUB_EFI_LOADER_DATA); ++ if (addr) ++ grub_dprintf ("linux", "Allocated at %p\n", addr); ++ } ++ ++ while (grub_error_pop ()) ++ { ++ ; ++ } ++ ++ if (addr == NULL) ++ grub_error (GRUB_ERR_OUT_OF_MEMORY, "%s", errmsg); ++ ++ return addr; ++} ++ + static grub_err_t + grub_linuxefi_boot (void) + { +@@ -64,19 +123,12 @@ grub_linuxefi_unload (void) + { + grub_dl_unref (my_mod); + loaded = 0; +- if (initrd_mem) +- grub_efi_free_pages ((grub_efi_physical_address_t)(grub_addr_t)initrd_mem, +- BYTES_TO_PAGES(params->ramdisk_size)); +- if (linux_cmdline) +- grub_efi_free_pages ((grub_efi_physical_address_t)(grub_addr_t) +- linux_cmdline, +- BYTES_TO_PAGES(params->cmdline_size + 1)); +- if (kernel_mem) +- grub_efi_free_pages ((grub_efi_physical_address_t)(grub_addr_t)kernel_mem, +- BYTES_TO_PAGES(kernel_size)); +- if (params) +- grub_efi_free_pages ((grub_efi_physical_address_t)(grub_addr_t)params, +- BYTES_TO_PAGES(16384)); ++ ++ kernel_free(initrd_mem, params->ramdisk_size); ++ kernel_free(linux_cmdline, params->cmdline_size + 1); ++ kernel_free(kernel_mem, kernel_size); ++ kernel_free(params, sizeof(*params)); ++ + return GRUB_ERR_NONE; + } + +@@ -157,19 +209,13 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), + } + } + +- initrd_mem = grub_efi_allocate_pages_max (GRUB_EFI_MAX_ALLOCATION_ADDRESS, BYTES_TO_PAGES(size)); +- if (!initrd_mem) +- initrd_mem = grub_efi_allocate_pages_max (GRUB_EFI_MAX_USABLE_ADDRESS, BYTES_TO_PAGES(size)); +- if (!initrd_mem) +- { +- grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("can't allocate initrd")); +- goto fail; +- } +- +- grub_dprintf ("linux", "initrd_mem = %lx\n", (unsigned long) initrd_mem); ++ initrd_mem = kernel_alloc(size, N_("can't allocate initrd")); ++ if (initrd_mem == NULL) ++ goto fail; ++ grub_dprintf ("linux", "initrd_mem = %p\n", initrd_mem); + + params->ramdisk_size = size; +- params->ramdisk_image = (grub_uint32_t)(grub_addr_t) initrd_mem; ++ params->ramdisk_image = initrd_mem; + + ptr = initrd_mem; + +@@ -230,7 +276,6 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + filelen = grub_file_size (file); + + kernel = grub_malloc(filelen); +- + if (!kernel) + { + grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("cannot allocate kernel buffer")); +@@ -289,7 +334,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + goto fail; + } + +-#if defined(__x86_64__) || defined(__aarch64__) ++#if defined(__x86_64__) + grub_dprintf ("linux", "checking lh->xloadflags\n"); + if (!(lh->xloadflags & LINUX_XLF_KERNEL_64)) + { +@@ -308,17 +353,9 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + } + #endif + +- params = grub_efi_allocate_pages_max (GRUB_EFI_MAX_ALLOCATION_ADDRESS, +- BYTES_TO_PAGES(sizeof(*params))); ++ params = kernel_alloc (sizeof(*params), "cannot allocate kernel parameters"); + if (!params) +- params = grub_efi_allocate_pages_max (GRUB_EFI_MAX_USABLE_ADDRESS, +- BYTES_TO_PAGES(sizeof(*params))); +- if (! params) +- { +- grub_error (GRUB_ERR_OUT_OF_MEMORY, "cannot allocate kernel parameters"); +- goto fail; +- } +- ++ goto fail; + grub_dprintf ("linux", "params = %p\n", params); + + grub_memset (params, 0, sizeof(*params)); +@@ -337,19 +374,10 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + grub_dprintf ("linux", "new lh is at %p\n", lh); + + grub_dprintf ("linux", "setting up cmdline\n"); +- linux_cmdline = grub_efi_allocate_pages_max(GRUB_EFI_MAX_ALLOCATION_ADDRESS, +- BYTES_TO_PAGES(lh->cmdline_size + 1)); ++ linux_cmdline = kernel_alloc (lh->cmdline_size + 1, N_("can't allocate cmdline")); + if (!linux_cmdline) +- linux_cmdline = grub_efi_allocate_pages_max(GRUB_EFI_MAX_USABLE_ADDRESS, +- BYTES_TO_PAGES(lh->cmdline_size + 1)); +- if (!linux_cmdline) +- { +- grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("can't allocate cmdline")); +- goto fail; +- } +- +- grub_dprintf ("linux", "linux_cmdline = %lx\n", +- (unsigned long)linux_cmdline); ++ goto fail; ++ grub_dprintf ("linux", "linux_cmdline = %p\n", linux_cmdline); + + grub_memcpy (linux_cmdline, LINUX_IMAGE, sizeof (LINUX_IMAGE)); + grub_create_loader_cmdline (argc, argv, +@@ -358,27 +386,24 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + GRUB_VERIFY_KERNEL_CMDLINE); + + grub_dprintf ("linux", "cmdline:%s\n", linux_cmdline); +- grub_dprintf ("linux", "setting lh->cmd_line_ptr\n"); +- lh->cmd_line_ptr = (grub_uint32_t)(grub_addr_t)linux_cmdline; ++ grub_dprintf ("linux", "setting lh->cmd_line_ptr to 0x%08x\n", ++ linux_cmdline); ++ lh->cmd_line_ptr = linux_cmdline; + + handover_offset = lh->handover_offset; +- grub_dprintf("linux", "handover_offset: %08x\n", handover_offset); ++ grub_dprintf("linux", "handover_offset: 0x%08x\n", handover_offset); + + start = (lh->setup_sects + 1) * 512; + +- kernel_mem = grub_efi_allocate_pages_max(lh->pref_address, +- BYTES_TO_PAGES(lh->init_size)); +- if (!kernel_mem) +- kernel_mem = grub_efi_allocate_pages_max(GRUB_EFI_MAX_ALLOCATION_ADDRESS, +- BYTES_TO_PAGES(lh->init_size)); +- if (!kernel_mem) +- kernel_mem = grub_efi_allocate_pages_max(GRUB_EFI_MAX_USABLE_ADDRESS, +- BYTES_TO_PAGES(lh->init_size)); +- if (!kernel_mem) ++ grub_dprintf ("linux", "lh->pref_address: %p\n", (void *)(grub_addr_t)lh->pref_address); ++ if (lh->pref_address < (grub_uint64_t)GRUB_EFI_MAX_ALLOCATION_ADDRESS) + { +- grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("can't allocate kernel")); +- goto fail; ++ max_addresses[0].addr = lh->pref_address; ++ max_addresses[0].alloc_type = GRUB_EFI_ALLOCATE_ADDRESS; + } ++ kernel_mem = kernel_alloc (lh->init_size, N_("can't allocate kernel")); ++ if (!kernel_mem) ++ goto fail; + grub_dprintf("linux", "kernel_mem = %p\n", kernel_mem); + + grub_loader_set (grub_linuxefi_boot, grub_linuxefi_unload, 0); +@@ -413,18 +438,14 @@ fail: + loaded = 0; + } + +- if (linux_cmdline && lh && !loaded) +- grub_efi_free_pages ((grub_efi_physical_address_t)(grub_addr_t) +- linux_cmdline, +- BYTES_TO_PAGES(lh->cmdline_size + 1)); ++ if (!loaded) ++ { ++ if (lh) ++ kernel_free (linux_cmdline, lh->cmdline_size + 1); + +- if (kernel_mem && !loaded) +- grub_efi_free_pages ((grub_efi_physical_address_t)(grub_addr_t)kernel_mem, +- BYTES_TO_PAGES(kernel_size)); +- +- if (params && !loaded) +- grub_efi_free_pages ((grub_efi_physical_address_t)(grub_addr_t)params, +- BYTES_TO_PAGES(16384)); ++ kernel_free (kernel_mem, kernel_size); ++ kernel_free (params, sizeof(*params)); ++ } + + return grub_errno; + } diff --git a/SOURCES/0499-x86-efi-Allow-initrd-params-cmdline-allocations-abov.patch b/SOURCES/0499-x86-efi-Allow-initrd-params-cmdline-allocations-abov.patch new file mode 100644 index 0000000..133fce1 --- /dev/null +++ b/SOURCES/0499-x86-efi-Allow-initrd-params-cmdline-allocations-abov.patch @@ -0,0 +1,172 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Wed, 12 Sep 2018 16:12:27 -0400 +Subject: [PATCH] x86-efi: Allow initrd+params+cmdline allocations above 4GB. + +This enables everything except the kernel itself to be above 4GB. +Putting the kernel up there still doesn't work, because of the way +params->code32_start is used. + +Signed-off-by: Peter Jones +(cherry picked from commit 2b636967018431b046b625ad4753c8de51f7f6b2) +--- + grub-core/loader/i386/efi/linux.c | 67 +++++++++++++++++++++++++++++++++++---- + include/grub/i386/linux.h | 6 +++- + 2 files changed, 65 insertions(+), 8 deletions(-) + +diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c +index 5eed2014c..e9d2c85b3 100644 +--- a/grub-core/loader/i386/efi/linux.c ++++ b/grub-core/loader/i386/efi/linux.c +@@ -54,13 +54,22 @@ struct allocation_choice { + grub_efi_allocate_type_t alloc_type; + }; + +-static struct allocation_choice max_addresses[] = ++static struct allocation_choice max_addresses[4] = + { ++ /* the kernel overrides this one with pref_address and ++ * GRUB_EFI_ALLOCATE_ADDRESS */ + { GRUB_EFI_MAX_ALLOCATION_ADDRESS, GRUB_EFI_ALLOCATE_MAX_ADDRESS }, ++ /* this one is always below 4GB, which we still *prefer* even if the flag ++ * is set. */ + { GRUB_EFI_MAX_ALLOCATION_ADDRESS, GRUB_EFI_ALLOCATE_MAX_ADDRESS }, ++ /* If the flag in params is set, this one gets changed to be above 4GB. */ + { GRUB_EFI_MAX_ALLOCATION_ADDRESS, GRUB_EFI_ALLOCATE_MAX_ADDRESS }, + { 0, 0 } + }; ++static struct allocation_choice saved_addresses[4]; ++ ++#define save_addresses() grub_memcpy(saved_addresses, max_addresses, sizeof(max_addresses)) ++#define restore_addresses() grub_memcpy(max_addresses, saved_addresses, sizeof(max_addresses)) + + static inline void + kernel_free(void *addr, grub_efi_uintn_t size) +@@ -82,6 +91,11 @@ kernel_alloc(grub_efi_uintn_t size, const char * const errmsg) + grub_uint64_t max = max_addresses[i].addr; + grub_efi_uintn_t pages; + ++ /* ++ * When we're *not* loading the kernel, or >4GB allocations aren't ++ * supported, these entries are basically all the same, so don't re-try ++ * the same parameters. ++ */ + if (max == prev_max) + continue; + +@@ -170,6 +184,9 @@ read(grub_file_t file, grub_uint8_t *bufp, grub_size_t len) + return bufpos; + } + ++#define LOW_U32(val) ((grub_uint32_t)(((grub_addr_t)(val)) & 0xffffffffull)) ++#define HIGH_U32(val) ((grub_uint32_t)(((grub_addr_t)(val) >> 32) & 0xffffffffull)) ++ + static grub_err_t + grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), + int argc, char *argv[]) +@@ -214,8 +231,12 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), + goto fail; + grub_dprintf ("linux", "initrd_mem = %p\n", initrd_mem); + +- params->ramdisk_size = size; +- params->ramdisk_image = initrd_mem; ++ params->ramdisk_size = LOW_U32(size); ++ params->ramdisk_image = LOW_U32(initrd_mem); ++#if defined(__x86_64__) ++ params->ext_ramdisk_size = HIGH_U32(size); ++ params->ext_ramdisk_image = HIGH_U32(initrd_mem); ++#endif + + ptr = initrd_mem; + +@@ -353,6 +374,18 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + } + #endif + ++#if defined(__x86_64__) ++ if (lh->xloadflags & LINUX_XLF_CAN_BE_LOADED_ABOVE_4G) ++ { ++ grub_dprintf ("linux", "Loading kernel above 4GB is supported; enabling.\n"); ++ max_addresses[2].addr = GRUB_EFI_MAX_USABLE_ADDRESS; ++ } ++ else ++ { ++ grub_dprintf ("linux", "Loading kernel above 4GB is not supported\n"); ++ } ++#endif ++ + params = kernel_alloc (sizeof(*params), "cannot allocate kernel parameters"); + if (!params) + goto fail; +@@ -387,21 +420,40 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + + grub_dprintf ("linux", "cmdline:%s\n", linux_cmdline); + grub_dprintf ("linux", "setting lh->cmd_line_ptr to 0x%08x\n", +- linux_cmdline); +- lh->cmd_line_ptr = linux_cmdline; ++ LOW_U32(linux_cmdline)); ++ lh->cmd_line_ptr = LOW_U32(linux_cmdline); ++#if defined(__x86_64__) ++ if ((grub_efi_uintn_t)linux_cmdline > 0xffffffffull) ++ { ++ grub_dprintf ("linux", "setting params->ext_cmd_line_ptr to 0x%08x\n", ++ HIGH_U32(linux_cmdline)); ++ params->ext_cmd_line_ptr = HIGH_U32(linux_cmdline); ++ } ++#endif + + handover_offset = lh->handover_offset; + grub_dprintf("linux", "handover_offset: 0x%08x\n", handover_offset); + + start = (lh->setup_sects + 1) * 512; + ++ /* ++ * AFAICS >4GB for kernel *cannot* work because of params->code32_start being ++ * 32-bit and getting called unconditionally in head_64.S from either entry ++ * point. ++ * ++ * so nerf that out here... ++ */ ++ save_addresses(); + grub_dprintf ("linux", "lh->pref_address: %p\n", (void *)(grub_addr_t)lh->pref_address); + if (lh->pref_address < (grub_uint64_t)GRUB_EFI_MAX_ALLOCATION_ADDRESS) + { + max_addresses[0].addr = lh->pref_address; + max_addresses[0].alloc_type = GRUB_EFI_ALLOCATE_ADDRESS; + } ++ max_addresses[1].addr = GRUB_EFI_MAX_ALLOCATION_ADDRESS; ++ max_addresses[2].addr = GRUB_EFI_MAX_ALLOCATION_ADDRESS; + kernel_mem = kernel_alloc (lh->init_size, N_("can't allocate kernel")); ++ restore_addresses(); + if (!kernel_mem) + goto fail; + grub_dprintf("linux", "kernel_mem = %p\n", kernel_mem); +@@ -410,8 +462,9 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + + loaded = 1; + +- grub_dprintf ("linux", "setting lh->code32_start to %p\n", kernel_mem); +- lh->code32_start = (grub_uint32_t)(grub_addr_t) kernel_mem; ++ grub_dprintf ("linux", "setting lh->code32_start to 0x%08x\n", ++ LOW_U32(kernel_mem)); ++ lh->code32_start = LOW_U32(kernel_mem); + + grub_memcpy (kernel_mem, (char *)kernel + start, filelen - start); + +diff --git a/include/grub/i386/linux.h b/include/grub/i386/linux.h +index 8474a857e..a4b37dcce 100644 +--- a/include/grub/i386/linux.h ++++ b/include/grub/i386/linux.h +@@ -230,7 +230,11 @@ struct linux_kernel_params + grub_uint32_t ofw_cif_handler; /* b8 */ + grub_uint32_t ofw_idt; /* bc */ + +- grub_uint8_t padding7[0x1b8 - 0xc0]; ++ grub_uint32_t ext_ramdisk_image; /* 0xc0 */ ++ grub_uint32_t ext_ramdisk_size; /* 0xc4 */ ++ grub_uint32_t ext_cmd_line_ptr; /* 0xc8 */ ++ ++ grub_uint8_t padding7[0x1b8 - 0xcc]; + + union + { diff --git a/SOURCES/0500-x86-efi-Reduce-maximum-bounce-buffer-size-to-16-MiB.patch b/SOURCES/0500-x86-efi-Reduce-maximum-bounce-buffer-size-to-16-MiB.patch new file mode 100644 index 0000000..aaadaa2 --- /dev/null +++ b/SOURCES/0500-x86-efi-Reduce-maximum-bounce-buffer-size-to-16-MiB.patch @@ -0,0 +1,41 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Tue, 26 May 2020 16:59:28 +0200 +Subject: [PATCH] x86-efi: Reduce maximum bounce buffer size to 16 MiB + +The EFI linux loader allocates a bounce buffer to copy the initrd since in +some machines doing DMA on addresses above 4GB is not possible during EFI. + +But the verifiers framework also allocates a buffer to copy the initrd in +its grub_file_open() handler. It does this since the data to verify has to +be passed as a single chunk to modules that use the verifiers framework. + +If the initrd image size is big there may not be enough memory in the heap +to allocate two buffers of that size. This causes an allocation failure in +the verifiers framework and leads to the initrd not being read. + +To prevent these allocation failures, let's reduce the maximum size of the +bounce buffer used in the EFI loader. Since the data read can be copied to +the actual initrd address in multilple chunks. + +Resolves: rhbz#1838633 + +Signed-off-by: Javier Martinez Canillas +(cherry picked from commit 1c0d2ebdddf69962395f0fa4578446654512f3c4) +--- + grub-core/loader/i386/efi/linux.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c +index e9d2c85b3..a043df891 100644 +--- a/grub-core/loader/i386/efi/linux.c ++++ b/grub-core/loader/i386/efi/linux.c +@@ -146,7 +146,7 @@ grub_linuxefi_unload (void) + return GRUB_ERR_NONE; + } + +-#define BOUNCE_BUFFER_MAX 0x10000000ull ++#define BOUNCE_BUFFER_MAX 0x1000000ull + + static grub_ssize_t + read(grub_file_t file, grub_uint8_t *bufp, grub_size_t len) diff --git a/SOURCES/0501-ibmvtpm-Add-support-for-trusted-boot-using-a-vTPM-2..patch b/SOURCES/0501-ibmvtpm-Add-support-for-trusted-boot-using-a-vTPM-2..patch new file mode 100644 index 0000000..a2d6ebc --- /dev/null +++ b/SOURCES/0501-ibmvtpm-Add-support-for-trusted-boot-using-a-vTPM-2..patch @@ -0,0 +1,221 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Stefan Berger +Date: Sun, 15 Mar 2020 12:37:10 -0400 +Subject: [PATCH] ibmvtpm: Add support for trusted boot using a vTPM 2.0 + +Add support for trusted boot using a vTPM 2.0 on the IBM IEEE1275 +PowerPC platform. With this patch grub now measures text and binary data +into the TPM's PCRs 8 and 9 in the same way as the x86_64 platform +does. + +This patch requires Daniel Axtens's patches for claiming more memory. + +For vTPM support to work on PowerVM, system driver levels 1010.30 +or 1020.00 are required. + +Note: Previous versions of firmware levels with the 2hash-ext-log +API call have a bug that, once this API call is invoked, has the +effect of disabling the vTPM driver under Linux causing an error +message to be displayed in the Linux kernel log. Those users will +have to update their machines to the firmware levels mentioned +above. + +Cc: Eric Snowberg +Signed-off-by: Stefan Berger +--- + grub-core/Makefile.core.def | 7 ++ + grub-core/commands/ieee1275/ibmvtpm.c | 152 ++++++++++++++++++++++++++++++++++ + include/grub/ieee1275/ieee1275.h | 3 + + 3 files changed, 162 insertions(+) + create mode 100644 grub-core/commands/ieee1275/ibmvtpm.c + +diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def +index ef06f8c95a..b11f74e6b2 100644 +--- a/grub-core/Makefile.core.def ++++ b/grub-core/Makefile.core.def +@@ -1104,6 +1104,13 @@ module = { + enable = powerpc_ieee1275; + }; + ++module = { ++ name = tpm; ++ common = commands/tpm.c; ++ ieee1275 = commands/ieee1275/ibmvtpm.c; ++ enable = powerpc_ieee1275; ++}; ++ + module = { + name = terminal; + common = commands/terminal.c; +diff --git a/grub-core/commands/ieee1275/ibmvtpm.c b/grub-core/commands/ieee1275/ibmvtpm.c +new file mode 100644 +index 0000000000..e68b8448bc +--- /dev/null ++++ b/grub-core/commands/ieee1275/ibmvtpm.c +@@ -0,0 +1,152 @@ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2021 Free Software Foundation, Inc. ++ * Copyright (C) 2021 IBM Corporation ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ * ++ * IBM vTPM support code. ++ */ ++ ++#include ++#include ++#include ++#include ++#include ++#include ++ ++static grub_ieee1275_ihandle_t tpm_ihandle; ++static grub_uint8_t tpm_version; ++ ++#define IEEE1275_IHANDLE_INVALID ((grub_ieee1275_ihandle_t)0) ++ ++static void ++tpm_get_tpm_version (void) ++{ ++ grub_ieee1275_phandle_t vtpm; ++ char buffer[20]; ++ ++ if (!grub_ieee1275_finddevice ("/vdevice/vtpm", &vtpm) && ++ !grub_ieee1275_get_property (vtpm, "compatible", buffer, ++ sizeof (buffer), NULL) && ++ !grub_strcmp (buffer, "IBM,vtpm20")) ++ tpm_version = 2; ++} ++ ++static grub_err_t ++tpm_init (void) ++{ ++ static int init_success = 0; ++ ++ if (!init_success) ++ { ++ if (grub_ieee1275_open ("/vdevice/vtpm", &tpm_ihandle) < 0) { ++ tpm_ihandle = IEEE1275_IHANDLE_INVALID; ++ return GRUB_ERR_UNKNOWN_DEVICE; ++ } ++ ++ init_success = 1; ++ ++ tpm_get_tpm_version (); ++ } ++ ++ return GRUB_ERR_NONE; ++} ++ ++static int ++ibmvtpm_2hash_ext_log (grub_uint8_t pcrindex, ++ grub_uint32_t eventtype, ++ const char *description, ++ grub_size_t description_size, ++ void *buf, grub_size_t size) ++{ ++ struct tpm_2hash_ext_log ++ { ++ struct grub_ieee1275_common_hdr common; ++ grub_ieee1275_cell_t method; ++ grub_ieee1275_cell_t ihandle; ++ grub_ieee1275_cell_t size; ++ grub_ieee1275_cell_t buf; ++ grub_ieee1275_cell_t description_size; ++ grub_ieee1275_cell_t description; ++ grub_ieee1275_cell_t eventtype; ++ grub_ieee1275_cell_t pcrindex; ++ grub_ieee1275_cell_t catch_result; ++ grub_ieee1275_cell_t rc; ++ } ++ args; ++ ++ INIT_IEEE1275_COMMON (&args.common, "call-method", 8, 2); ++ args.method = (grub_ieee1275_cell_t) "2hash-ext-log"; ++ args.ihandle = tpm_ihandle; ++ args.pcrindex = pcrindex; ++ args.eventtype = eventtype; ++ args.description = (grub_ieee1275_cell_t) description; ++ args.description_size = description_size; ++ args.buf = (grub_ieee1275_cell_t) buf; ++ args.size = (grub_ieee1275_cell_t) size; ++ ++ if (IEEE1275_CALL_ENTRY_FN (&args) == -1) ++ return -1; ++ ++ /* ++ * catch_result is set if firmware does not support 2hash-ext-log ++ * rc is GRUB_IEEE1275_CELL_FALSE (0) on failure ++ */ ++ if ((args.catch_result) || args.rc == GRUB_IEEE1275_CELL_FALSE) ++ return -1; ++ ++ return 0; ++} ++ ++static grub_err_t ++tpm2_log_event (unsigned char *buf, ++ grub_size_t size, grub_uint8_t pcr, ++ const char *description) ++{ ++ static int error_displayed = 0; ++ int err; ++ ++ err = ibmvtpm_2hash_ext_log (pcr, EV_IPL, ++ description, ++ grub_strlen(description) + 1, ++ buf, size); ++ if (err && !error_displayed) ++ { ++ error_displayed++; ++ return grub_error (GRUB_ERR_BAD_DEVICE, ++ "2HASH-EXT-LOG failed: Firmware is likely too old.\n"); ++ } ++ ++ return GRUB_ERR_NONE; ++} ++ ++grub_err_t ++grub_tpm_measure (unsigned char *buf, grub_size_t size, grub_uint8_t pcr, ++ const char *description) ++{ ++ grub_err_t err = tpm_init(); ++ ++ /* Absence of a TPM isn't a failure. */ ++ if (err != GRUB_ERR_NONE) ++ return GRUB_ERR_NONE; ++ ++ grub_dprintf ("tpm", "log_event, pcr = %d, size = 0x%" PRIxGRUB_SIZE ", %s\n", ++ pcr, size, description); ++ ++ if (tpm_version == 2) ++ return tpm2_log_event (buf, size, pcr, description); ++ ++ return GRUB_ERR_NONE; ++} +diff --git a/include/grub/ieee1275/ieee1275.h b/include/grub/ieee1275/ieee1275.h +index 131808d619..87b9f95d34 100644 +--- a/include/grub/ieee1275/ieee1275.h ++++ b/include/grub/ieee1275/ieee1275.h +@@ -24,6 +24,9 @@ + #include + #include + ++#define GRUB_IEEE1275_CELL_FALSE ((grub_ieee1275_cell_t) 0) ++#define GRUB_IEEE1275_CELL_TRUE ((grub_ieee1275_cell_t) -1) ++ + struct grub_ieee1275_mem_region + { + unsigned int start; diff --git a/SOURCES/0502-ibmvtpm-Backport-ibmvtpm-support-to-grub-2.02.patch b/SOURCES/0502-ibmvtpm-Backport-ibmvtpm-support-to-grub-2.02.patch new file mode 100644 index 0000000..ba6a869 --- /dev/null +++ b/SOURCES/0502-ibmvtpm-Backport-ibmvtpm-support-to-grub-2.02.patch @@ -0,0 +1,94 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Stefan Berger +Date: Fri, 11 Feb 2022 16:34:23 -0500 +Subject: [PATCH] ibmvtpm: Backport ibmvtpm support to grub 2.02 + +Backport ibmvtpm support to grub 2.02 by making as few changes to the +source as possible and building it into the core. + +Since ibmvtpm support is built into grub 2.02 do not print the error +message we would typically print if it was a module and the user had +a choice to not use vTPM support if there was no vTPM by avoiding +to use the module. + +Signed-off-by: Stefan Berger +--- + grub-core/Makefile.core.def | 8 +------- + grub-core/commands/ieee1275/ibmvtpm.c | 13 ++++++++++--- + include/grub/tpm.h | 2 +- + 3 files changed, 12 insertions(+), 11 deletions(-) + +diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def +index b11f74e6b2..637d7203e3 100644 +--- a/grub-core/Makefile.core.def ++++ b/grub-core/Makefile.core.def +@@ -298,6 +298,7 @@ kernel = { + powerpc_ieee1275 = kern/powerpc/cache.S; + powerpc_ieee1275 = kern/powerpc/dl.c; + powerpc_ieee1275 = kern/powerpc/compiler-rt.S; ++ powerpc_ieee1275 = commands/ieee1275/ibmvtpm.c; + + sparc64_ieee1275 = kern/sparc64/cache.S; + sparc64_ieee1275 = kern/sparc64/dl.c; +@@ -1104,13 +1105,6 @@ module = { + enable = powerpc_ieee1275; + }; + +-module = { +- name = tpm; +- common = commands/tpm.c; +- ieee1275 = commands/ieee1275/ibmvtpm.c; +- enable = powerpc_ieee1275; +-}; +- + module = { + name = terminal; + common = commands/terminal.c; +diff --git a/grub-core/commands/ieee1275/ibmvtpm.c b/grub-core/commands/ieee1275/ibmvtpm.c +index e68b8448bc..728b2cbdcd 100644 +--- a/grub-core/commands/ieee1275/ibmvtpm.c ++++ b/grub-core/commands/ieee1275/ibmvtpm.c +@@ -115,7 +115,8 @@ tpm2_log_event (unsigned char *buf, + grub_size_t size, grub_uint8_t pcr, + const char *description) + { +- static int error_displayed = 0; ++ /* Do not print error since vTPM support is built-in */ ++ static int error_displayed = 1; + int err; + + err = ibmvtpm_2hash_ext_log (pcr, EV_IPL, +@@ -132,8 +133,8 @@ tpm2_log_event (unsigned char *buf, + return GRUB_ERR_NONE; + } + +-grub_err_t +-grub_tpm_measure (unsigned char *buf, grub_size_t size, grub_uint8_t pcr, ++static grub_err_t ++_grub_tpm_measure (unsigned char *buf, grub_size_t size, grub_uint8_t pcr, + const char *description) + { + grub_err_t err = tpm_init(); +@@ -150,3 +151,9 @@ grub_tpm_measure (unsigned char *buf, grub_size_t size, grub_uint8_t pcr, + + return GRUB_ERR_NONE; + } ++ ++grub_err_t grub_tpm_log_event(unsigned char *buf, grub_size_t size, ++ grub_uint8_t pcr, const char *description) ++{ ++ return _grub_tpm_measure(buf, size, pcr, description); ++} +diff --git a/include/grub/tpm.h b/include/grub/tpm.h +index ce52be4ff7..52af2b8448 100644 +--- a/include/grub/tpm.h ++++ b/include/grub/tpm.h +@@ -69,7 +69,7 @@ typedef struct { + grub_err_t EXPORT_FUNC(grub_tpm_measure) (unsigned char *buf, grub_size_t size, + grub_uint8_t pcr, const char *kind, + const char *description); +-#if defined (GRUB_MACHINE_EFI) ++#if defined (GRUB_MACHINE_EFI) || defined (GRUB_MACHINE_IEEE1275) + grub_err_t grub_tpm_execute(PassThroughToTPM_InputParamBlock *inbuf, + PassThroughToTPM_OutputParamBlock *outbuf); + grub_err_t grub_tpm_log_event(unsigned char *buf, grub_size_t size, diff --git a/SOURCES/0503-powerpc-do-CAS-in-a-more-compatible-way.patch b/SOURCES/0503-powerpc-do-CAS-in-a-more-compatible-way.patch new file mode 100644 index 0000000..b33cab3 --- /dev/null +++ b/SOURCES/0503-powerpc-do-CAS-in-a-more-compatible-way.patch @@ -0,0 +1,112 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Fri, 8 Apr 2022 12:35:28 +1000 +Subject: [PATCH] powerpc: do CAS in a more compatible way + +I wrongly assumed that the most compatible way to perform CAS +negotiation was to only set the minimum number of vectors required +to ask for more memory. It turns out that this messes up booting +if the minimum VP capacity would be less than the default 10% in +vector 4. + +Linux configures the minimum capacity to be 1%, so copy it for that +and for vector 3 which we now need to specify as well. + +Signed-off-by: Daniel Axtens +(cherry picked from commit e6f02ad4e75cd995a8ee2954d28949c415b6cbfe) +(cherry picked from commit 9f825ebc319c56ca503741e6dc1a0f27ff36fe2d) +--- + grub-core/kern/ieee1275/init.c | 54 ++++++++++++++++++++++++------------------ + 1 file changed, 31 insertions(+), 23 deletions(-) + +diff --git a/grub-core/kern/ieee1275/init.c b/grub-core/kern/ieee1275/init.c +index adf4bd5a88..1414695cc6 100644 +--- a/grub-core/kern/ieee1275/init.c ++++ b/grub-core/kern/ieee1275/init.c +@@ -294,33 +294,37 @@ grub_ieee1275_total_mem (grub_uint64_t *total) + + /* Based on linux - arch/powerpc/kernel/prom_init.c */ + struct option_vector2 { +- grub_uint8_t byte1; +- grub_uint16_t reserved; +- grub_uint32_t real_base; +- grub_uint32_t real_size; +- grub_uint32_t virt_base; +- grub_uint32_t virt_size; +- grub_uint32_t load_base; +- grub_uint32_t min_rma; +- grub_uint32_t min_load; +- grub_uint8_t min_rma_percent; +- grub_uint8_t max_pft_size; ++ grub_uint8_t byte1; ++ grub_uint16_t reserved; ++ grub_uint32_t real_base; ++ grub_uint32_t real_size; ++ grub_uint32_t virt_base; ++ grub_uint32_t virt_size; ++ grub_uint32_t load_base; ++ grub_uint32_t min_rma; ++ grub_uint32_t min_load; ++ grub_uint8_t min_rma_percent; ++ grub_uint8_t max_pft_size; + } __attribute__((packed)); + + struct pvr_entry { +- grub_uint32_t mask; +- grub_uint32_t entry; ++ grub_uint32_t mask; ++ grub_uint32_t entry; + }; + + struct cas_vector { +- struct { +- struct pvr_entry terminal; +- } pvr_list; +- grub_uint8_t num_vecs; +- grub_uint8_t vec1_size; +- grub_uint8_t vec1; +- grub_uint8_t vec2_size; +- struct option_vector2 vec2; ++ struct { ++ struct pvr_entry terminal; ++ } pvr_list; ++ grub_uint8_t num_vecs; ++ grub_uint8_t vec1_size; ++ grub_uint8_t vec1; ++ grub_uint8_t vec2_size; ++ struct option_vector2 vec2; ++ grub_uint8_t vec3_size; ++ grub_uint16_t vec3; ++ grub_uint8_t vec4_size; ++ grub_uint16_t vec4; + } __attribute__((packed)); + + /* Call ibm,client-architecture-support to try to get more RMA. +@@ -341,13 +345,17 @@ grub_ieee1275_ibm_cas (void) + } args; + struct cas_vector vector = { + .pvr_list = { { 0x00000000, 0xffffffff } }, /* any processor */ +- .num_vecs = 2 - 1, ++ .num_vecs = 4 - 1, + .vec1_size = 0, + .vec1 = 0x80, /* ignore */ + .vec2_size = 1 + sizeof(struct option_vector2) - 2, + .vec2 = { + 0, 0, -1, -1, -1, -1, -1, 512, -1, 0, 48 + }, ++ .vec3_size = 2 - 1, ++ .vec3 = 0x00e0, // ask for FP + VMX + DFP but don't halt if unsatisfied ++ .vec4_size = 2 - 1, ++ .vec4 = 0x0001, // set required minimum capacity % to the lowest value + }; + + INIT_IEEE1275_COMMON (&args.common, "call-method", 3, 2); +@@ -360,7 +368,7 @@ grub_ieee1275_ibm_cas (void) + args.ihandle = root; + args.cas_addr = (grub_ieee1275_cell_t)&vector; + +- grub_printf("Calling ibm,client-architecture-support..."); ++ grub_printf("Calling ibm,client-architecture-support from grub..."); + IEEE1275_CALL_ENTRY_FN (&args); + grub_printf("done\n"); + diff --git a/SOURCES/0504-powerpc-prefix-detection-support-device-names-with-c.patch b/SOURCES/0504-powerpc-prefix-detection-support-device-names-with-c.patch new file mode 100644 index 0000000..50a5d64 --- /dev/null +++ b/SOURCES/0504-powerpc-prefix-detection-support-device-names-with-c.patch @@ -0,0 +1,73 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Thu, 24 Mar 2022 14:34:32 +1100 +Subject: [PATCH] powerpc: prefix detection: support device names with commas + +Frustratingly, the device name itself can contain an embedded comma: +e.g /pci@800000020000015/pci1014,034A@0/sas/disk@5000c50098a0ee8b + +So my previous approach was wrong: we cannot rely upon the presence +of a comma to say that a partition has been specified! + +It turns out for prefixes like (,gpt2)/grub2 we really want to make +up a full (device,partition)/patch prefix, because root discovery code +in 10_linux will reset the root variable and use search to fill it again. +If you have run grub-install, you probably don't have search built in, +and if you don't have prefix containing (device,partition), grub will +construct ($root)$prefix/powerpc-ieee1275/search.mod - but because $root +has just been changed, this will no longer work, and the boot will fail! + +Retain the gist of the logic, but instead of looking for a comma, look for +a leading '('. This matches the earlier code better anyway. + +There's certainly a better fix to be had. But any time you chose to build +with a bare prefix like '/grub2', you're almost certainly going to build in +search anyway, so this will do. + +Signed-off-by: Daniel Axtens +(cherry picked from commit 80b6eb5e55e6d1a4c9896361e61de31c29e6939d) +(cherry picked from commit f3df9f1c2335df22d020e80583d932e254594f0e) +--- + grub-core/kern/main.c | 27 +++++++++++++++++++++------ + 1 file changed, 21 insertions(+), 6 deletions(-) + +diff --git a/grub-core/kern/main.c b/grub-core/kern/main.c +index 40a709117f..abbf8af9e6 100644 +--- a/grub-core/kern/main.c ++++ b/grub-core/kern/main.c +@@ -241,14 +241,29 @@ grub_set_prefix_and_root (void) + what sorts of paths represent disks with partition tables and those + without partition tables. + +- So we act unless there is a comma in the device, which would indicate +- a partition has already been specified. ++ - Frustratingly, the device name itself can contain an embedded comma: ++ /pci@800000020000015/pci1014,034A@0/sas/disk@5000c50098a0ee8b ++ So we cannot even rely upon the presence of a comma to say that a ++ partition has been specified! + +- (If we only have a path, the code in normal to discover config files +- will try both without partitions and then with any partitions so we +- will cover both CDs and HDs.) ++ If we only have a path in $prefix, the code in normal to discover ++ config files will try all disks, both without partitions and then with ++ any partitions so we will cover both CDs and HDs. ++ ++ However, it doesn't then set the prefix to be something like ++ (discovered partition)/path, and so it is fragile against runtime ++ changes to $root. For example some of the stuff done in 10_linux to ++ reload $root sets root differently and then uses search to find it ++ again. If the search module is not built in, when we change root, grub ++ will look in (new root)/path/powerpc-ieee1275, that won't work, and we ++ will not be able to load the search module and the boot will fail. ++ ++ This is particularly likely to hit us in the grub-install ++ (,msdos2)/grub2 case, so we act unless the supplied prefix starts with ++ '(', which would likely indicate a partition has already been ++ specified. + */ +- if (grub_strchr (device, ',') == NULL) ++ if (prefix && prefix[0] != '(') + grub_env_set ("prefix", path); + else + #endif diff --git a/SOURCES/0505-make-ofdisk_retries-optional.patch b/SOURCES/0505-make-ofdisk_retries-optional.patch new file mode 100644 index 0000000..fce9702 --- /dev/null +++ b/SOURCES/0505-make-ofdisk_retries-optional.patch @@ -0,0 +1,43 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Diego Domingos +Date: Thu, 24 Mar 2022 13:14:42 -0400 +Subject: [PATCH] make ofdisk_retries optional + +The feature Retry on Fail added to GRUB can cause a LPM to take +longer if the SAN is slow. + +When a LPM to external site occur, the path of the disk can change +and thus the disk search function on grub can take some time since +it is used as a hint. This can cause the Retry on Fail feature to +try to access the disk 20x times (since this is hardcoded number) +and, if the SAN is slow, the boot time can increase a lot. +In some situations not acceptable. + +The following patch enables a configuration at user space of the +maximum number of retries we want for this feature. + +The variable ofdisk_retries should be set using grub2-editenv +and will be checked by retry function. If the variable is not set, +so the default number of retries will be used instead. +--- + include/grub/ieee1275/ofdisk.h | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/include/grub/ieee1275/ofdisk.h b/include/grub/ieee1275/ofdisk.h +index 7d2d540930..0074d55eee 100644 +--- a/include/grub/ieee1275/ofdisk.h ++++ b/include/grub/ieee1275/ofdisk.h +@@ -25,7 +25,12 @@ extern void grub_ofdisk_fini (void); + #define MAX_RETRIES 20 + + +-#define RETRY_IEEE1275_OFDISK_OPEN(device, last_ihandle) unsigned retry_i=0;for(retry_i=0; retry_i < MAX_RETRIES; retry_i++){ \ ++#define RETRY_IEEE1275_OFDISK_OPEN(device, last_ihandle) \ ++ unsigned max_retries = MAX_RETRIES; \ ++ if(grub_env_get("ofdisk_retries") != NULL) \ ++ max_retries = grub_strtoul(grub_env_get("ofdisk_retries"), 0, 10)+1; \ ++ grub_dprintf("ofdisk","MAX_RETRIES set to %u\n",max_retries); \ ++ unsigned retry_i=0;for(retry_i=0; retry_i < max_retries; retry_i++){ \ + if(!grub_ieee1275_open(device, last_ihandle)) \ + break; \ + grub_dprintf("ofdisk","Opening disk %s failed. Retrying...\n",device); } diff --git a/SOURCES/0506-loader-efi-chainloader-grub_load_and_start_image-doe.patch b/SOURCES/0506-loader-efi-chainloader-grub_load_and_start_image-doe.patch new file mode 100644 index 0000000..6472129 --- /dev/null +++ b/SOURCES/0506-loader-efi-chainloader-grub_load_and_start_image-doe.patch @@ -0,0 +1,71 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Chris Coulson +Date: Thu, 28 Apr 2022 21:53:36 +0100 +Subject: [PATCH] loader/efi/chainloader: grub_load_and_start_image doesn't + load and start + +grub_load_and_start_image only loads an image - it still requires the +caller to start it. This renames it to grub_load_image. + +It's called from 2 places: +- grub_cmd_chainloader when not using the shim protocol. +- grub_secureboot_chainloader_boot if handle_image returns an error. +In this case, the image is loaded and then nothing else happens which +seems strange. I assume the intention is that it falls back to LoadImage +and StartImage if handle_image fails, so I've made it do that. + +Signed-off-by: Chris Coulson +(cherry picked from commit b4d70820a65c00561045856b7b8355461a9545f6) +(cherry picked from commit 05b16a6be50b1910609740a66b561276fa490538) +(cherry picked from commit 16486a34f3aa41a94e334e86db1a1e21e9b0a45f) +--- + grub-core/loader/efi/chainloader.c | 16 +++++++++++++--- + 1 file changed, 13 insertions(+), 3 deletions(-) + +diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c +index 29663f7180..d75d345003 100644 +--- a/grub-core/loader/efi/chainloader.c ++++ b/grub-core/loader/efi/chainloader.c +@@ -835,7 +835,7 @@ grub_secureboot_chainloader_unload (void) + } + + static grub_err_t +-grub_load_and_start_image(void *boot_image) ++grub_load_image(void *boot_image) + { + grub_efi_boot_services_t *b; + grub_efi_status_t status; +@@ -877,13 +877,23 @@ grub_load_and_start_image(void *boot_image) + static grub_err_t + grub_secureboot_chainloader_boot (void) + { ++ grub_efi_boot_services_t *b; + int rc; ++ + rc = handle_image ((void *)(unsigned long)address, fsize); + if (rc == 0) + { +- grub_load_and_start_image((void *)(unsigned long)address); ++ /* We weren't able to attempt to execute the image, so fall back ++ * to LoadImage / StartImage. ++ */ ++ rc = grub_load_image((void *)(unsigned long)address); ++ if (rc == 0) ++ grub_chainloader_boot (); + } + ++ b = grub_efi_system_table->boot_services; ++ efi_call_1 (b->unload_image, image_handle); ++ + grub_loader_unset (); + return grub_errno; + } +@@ -1072,7 +1082,7 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), + } + else if (rc == 0) + { +- grub_load_and_start_image(boot_image); ++ grub_load_image(boot_image); + grub_file_close (file); + grub_device_close (dev); + grub_loader_set (grub_chainloader_boot, grub_chainloader_unload, 0); diff --git a/SOURCES/0507-loader-efi-chainloader-simplify-the-loader-state.patch b/SOURCES/0507-loader-efi-chainloader-simplify-the-loader-state.patch new file mode 100644 index 0000000..83b8823 --- /dev/null +++ b/SOURCES/0507-loader-efi-chainloader-simplify-the-loader-state.patch @@ -0,0 +1,334 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Chris Coulson +Date: Fri, 29 Apr 2022 21:13:08 +0100 +Subject: [PATCH] loader/efi/chainloader: simplify the loader state + +When not using the shim lock protocol, the chainloader command retains +the source buffer and device path passed to LoadImage, requiring the +unload hook passed to grub_loader_set to free them. It isn't required +to retain this state though - they aren't required by StartImage or +anything else in the boot hook, so clean them up before +grub_cmd_chainloader finishes. + +This also wraps the loader state when using the shim lock protocol +inside a struct. + +Signed-off-by: Chris Coulson +(cherry picked from commit fa39862933b3be1553a580a3a5c28073257d8046) +(cherry picked from commit 0333343ee99c4e88f062789263c94291c057251b) +[rharwood: verifying twice] +(cherry picked from commit 6080ad5d91d6a80d5f67c592dd33b6dd413e9453) +[rharwood: double frees and unintialized, context fuzz - orig_dp] +Signed-off-by: Robbie Harwood +--- + grub-core/loader/efi/chainloader.c | 160 +++++++++++++++++++++++-------------- + 1 file changed, 102 insertions(+), 58 deletions(-) + +diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c +index d75d345003..afeb1fc97e 100644 +--- a/grub-core/loader/efi/chainloader.c ++++ b/grub-core/loader/efi/chainloader.c +@@ -47,38 +47,21 @@ GRUB_MOD_LICENSE ("GPLv3+"); + + static grub_dl_t my_mod; + +-static grub_efi_physical_address_t address; +-static grub_efi_uintn_t pages; +-static grub_ssize_t fsize; +-static grub_efi_device_path_t *file_path; + static grub_efi_handle_t image_handle; +-static grub_efi_char16_t *cmdline; +-static grub_ssize_t cmdline_len; +-static grub_efi_handle_t dev_handle; + +-static grub_efi_status_t (*entry_point) (grub_efi_handle_t image_handle, grub_efi_system_table_t *system_table); ++struct grub_secureboot_chainloader_context { ++ grub_efi_physical_address_t address; ++ grub_efi_uintn_t pages; ++ grub_ssize_t fsize; ++ grub_efi_device_path_t *file_path; ++ grub_efi_char16_t *cmdline; ++ grub_ssize_t cmdline_len; ++ grub_efi_handle_t dev_handle; ++}; ++static struct grub_secureboot_chainloader_context *sb_context; + + static grub_err_t +-grub_chainloader_unload (void) +-{ +- grub_efi_boot_services_t *b; +- +- b = grub_efi_system_table->boot_services; +- efi_call_1 (b->unload_image, image_handle); +- grub_efi_free_pages (address, pages); +- +- grub_free (file_path); +- grub_free (cmdline); +- cmdline = 0; +- file_path = 0; +- dev_handle = 0; +- +- grub_dl_unref (my_mod); +- return GRUB_ERR_NONE; +-} +- +-static grub_err_t +-grub_chainloader_boot (void) ++grub_start_image (grub_efi_handle_t handle) + { + grub_efi_boot_services_t *b; + grub_efi_status_t status; +@@ -86,7 +69,7 @@ grub_chainloader_boot (void) + grub_efi_char16_t *exit_data = NULL; + + b = grub_efi_system_table->boot_services; +- status = efi_call_3 (b->start_image, image_handle, &exit_data_size, &exit_data); ++ status = efi_call_3 (b->start_image, handle, &exit_data_size, &exit_data); + if (status != GRUB_EFI_SUCCESS) + { + if (exit_data) +@@ -110,11 +93,37 @@ grub_chainloader_boot (void) + if (exit_data) + grub_efi_free_pool (exit_data); + +- grub_loader_unset (); +- + return grub_errno; + } + ++static grub_err_t ++grub_chainloader_unload (void) ++{ ++ grub_efi_loaded_image_t *loaded_image; ++ grub_efi_boot_services_t *b; ++ ++ loaded_image = grub_efi_get_loaded_image (image_handle); ++ if (loaded_image != NULL) ++ grub_free (loaded_image->load_options); ++ ++ b = grub_efi_system_table->boot_services; ++ efi_call_1 (b->unload_image, image_handle); ++ ++ grub_dl_unref (my_mod); ++ return GRUB_ERR_NONE; ++} ++ ++static grub_err_t ++grub_chainloader_boot (void) ++{ ++ grub_err_t err; ++ ++ err = grub_start_image (image_handle); ++ ++ grub_loader_unset (); ++ return err; ++} ++ + static grub_err_t + copy_file_path (grub_efi_file_path_device_path_t *fp, + const char *str, grub_efi_uint16_t len) +@@ -149,7 +158,7 @@ make_file_path (grub_efi_device_path_t *dp, const char *filename) + char *dir_start; + char *dir_end; + grub_size_t size; +- grub_efi_device_path_t *d; ++ grub_efi_device_path_t *d, *file_path; + + dir_start = grub_strchr (filename, ')'); + if (! dir_start) +@@ -520,10 +529,12 @@ grub_efi_get_media_file_path (grub_efi_device_path_t *dp) + } + + static grub_efi_boolean_t +-handle_image (void *data, grub_efi_uint32_t datasize) ++handle_image (struct grub_secureboot_chainloader_context *load_context) + { + grub_efi_loaded_image_t *li, li_bak; + grub_efi_status_t efi_status; ++ void *data = (void *)(unsigned long)load_context->address; ++ grub_efi_uint32_t datasize = load_context->fsize; + void *buffer = NULL; + char *buffer_aligned = NULL; + grub_efi_uint32_t i; +@@ -534,6 +545,7 @@ handle_image (void *data, grub_efi_uint32_t datasize) + grub_uint32_t buffer_size; + int found_entry_point = 0; + int rc; ++ grub_efi_status_t (*entry_point) (grub_efi_handle_t image_handle, grub_efi_system_table_t *system_table); + + rc = read_header (data, datasize, &context); + if (rc < 0) +@@ -791,10 +803,10 @@ handle_image (void *data, grub_efi_uint32_t datasize) + grub_memcpy (&li_bak, li, sizeof (grub_efi_loaded_image_t)); + li->image_base = buffer_aligned; + li->image_size = context.image_size; +- li->load_options = cmdline; +- li->load_options_size = cmdline_len; +- li->file_path = grub_efi_get_media_file_path (file_path); +- li->device_handle = dev_handle; ++ li->load_options = load_context->cmdline; ++ li->load_options_size = load_context->cmdline_len; ++ li->file_path = grub_efi_get_media_file_path (load_context->file_path); ++ li->device_handle = load_context->dev_handle; + if (!li->file_path) + { + grub_error (GRUB_ERR_UNKNOWN_DEVICE, "no matching file path found"); +@@ -823,19 +835,22 @@ error_exit: + static grub_err_t + grub_secureboot_chainloader_unload (void) + { +- grub_efi_free_pages (address, pages); +- grub_free (file_path); +- grub_free (cmdline); +- cmdline = 0; +- file_path = 0; +- dev_handle = 0; ++ grub_efi_free_pages (sb_context->address, sb_context->pages); ++ grub_free (sb_context->file_path); ++ grub_free (sb_context->cmdline); ++ grub_free (sb_context); ++ ++ sb_context = 0; + + grub_dl_unref (my_mod); + return GRUB_ERR_NONE; + } + + static grub_err_t +-grub_load_image(void *boot_image) ++grub_load_image(grub_efi_device_path_t *file_path, void *boot_image, ++ grub_efi_uintn_t image_size, grub_efi_handle_t dev_handle, ++ grub_efi_char16_t *cmdline, grub_ssize_t cmdline_len, ++ grub_efi_handle_t *image_handle_out) + { + grub_efi_boot_services_t *b; + grub_efi_status_t status; +@@ -844,7 +859,7 @@ grub_load_image(void *boot_image) + b = grub_efi_system_table->boot_services; + + status = efi_call_6 (b->load_image, 0, grub_efi_image_handle, file_path, +- boot_image, fsize, &image_handle); ++ boot_image, image_size, image_handle_out); + if (status != GRUB_EFI_SUCCESS) + { + if (status == GRUB_EFI_OUT_OF_RESOURCES) +@@ -857,7 +872,7 @@ grub_load_image(void *boot_image) + /* LoadImage does not set a device handler when the image is + loaded from memory, so it is necessary to set it explicitly here. + This is a mess. */ +- loaded_image = grub_efi_get_loaded_image (image_handle); ++ loaded_image = grub_efi_get_loaded_image (*image_handle_out); + if (! loaded_image) + { + grub_error (GRUB_ERR_BAD_OS, "no loaded image available"); +@@ -879,20 +894,25 @@ grub_secureboot_chainloader_boot (void) + { + grub_efi_boot_services_t *b; + int rc; ++ grub_efi_handle_t handle = 0; + +- rc = handle_image ((void *)(unsigned long)address, fsize); ++ rc = handle_image (sb_context); + if (rc == 0) + { + /* We weren't able to attempt to execute the image, so fall back + * to LoadImage / StartImage. + */ +- rc = grub_load_image((void *)(unsigned long)address); ++ rc = grub_load_image(sb_context->file_path, ++ (void *)(unsigned long)sb_context->address, ++ sb_context->fsize, sb_context->dev_handle, ++ sb_context->cmdline, sb_context->cmdline_len, ++ &handle); + if (rc == 0) +- grub_chainloader_boot (); ++ grub_start_image (handle); + } + + b = grub_efi_system_table->boot_services; +- efi_call_1 (b->unload_image, image_handle); ++ efi_call_1 (b->unload_image, handle); + + grub_loader_unset (); + return grub_errno; +@@ -906,10 +926,16 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), + grub_efi_status_t status; + grub_efi_boot_services_t *b; + grub_device_t dev = 0; +- grub_efi_device_path_t *dp = 0; ++ grub_efi_device_path_t *dp = 0, *file_path = 0; + char *filename; + void *boot_image = 0; + int rc; ++ grub_efi_physical_address_t address = 0; ++ grub_ssize_t fsize; ++ grub_efi_uintn_t pages = 0; ++ grub_efi_char16_t *cmdline = 0; ++ grub_ssize_t cmdline_len = 0; ++ grub_efi_handle_t dev_handle = 0; + + if (argc == 0) + return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected")); +@@ -917,12 +943,6 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), + + grub_dl_ref (my_mod); + +- /* Initialize some global variables. */ +- address = 0; +- image_handle = 0; +- file_path = 0; +- dev_handle = 0; +- + b = grub_efi_system_table->boot_services; + + if (argc > 1) +@@ -1074,17 +1094,35 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), + grub_dprintf ("chain", "linuxefi_secure_validate: %d\n", rc); + if (rc > 0) + { ++ sb_context = grub_malloc (sizeof (*sb_context)); ++ if (sb_context == NULL) ++ goto fail; ++ sb_context->address = address; ++ sb_context->fsize = fsize; ++ sb_context->pages = pages; ++ sb_context->file_path = file_path; ++ sb_context->cmdline = cmdline; ++ sb_context->cmdline_len = cmdline_len; ++ sb_context->dev_handle = dev_handle; ++ + grub_file_close (file); + grub_device_close (dev); ++ + grub_loader_set (grub_secureboot_chainloader_boot, + grub_secureboot_chainloader_unload, 0); + return 0; + } + else if (rc == 0) + { +- grub_load_image(boot_image); ++ grub_load_image(file_path, boot_image, fsize, dev_handle, cmdline, ++ cmdline_len, &image_handle); + grub_file_close (file); + grub_device_close (dev); ++ ++ /* We're finished with the source image buffer and file path now */ ++ efi_call_2 (b->free_pages, address, pages); ++ grub_free (file_path); ++ + grub_loader_set (grub_chainloader_boot, grub_chainloader_unload, 0); + + return 0; +@@ -1106,6 +1144,12 @@ fail: + if (cmdline) + grub_free (cmdline); + ++ if (image_handle != 0) ++ { ++ efi_call_1 (b->unload_image, image_handle); ++ image_handle = 0; ++ } ++ + grub_dl_unref (my_mod); + + return grub_errno; diff --git a/SOURCES/0508-commands-boot-Add-API-to-pass-context-to-loader.patch b/SOURCES/0508-commands-boot-Add-API-to-pass-context-to-loader.patch new file mode 100644 index 0000000..a036524 --- /dev/null +++ b/SOURCES/0508-commands-boot-Add-API-to-pass-context-to-loader.patch @@ -0,0 +1,160 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Chris Coulson +Date: Fri, 29 Apr 2022 21:16:02 +0100 +Subject: [PATCH] commands/boot: Add API to pass context to loader + +Loaders rely on global variables for saving context which is consumed +in the boot hook and freed in the unload hook. In the case where a loader +command is executed twice, calling grub_loader_set a second time executes +the unload hook, but in some cases this runs when the loader's global +context has already been updated, resulting in the updated context being +freed and potential use-after-free bugs when the boot hook is subsequently +called. + +This adds a new API (grub_loader_set_ex) which allows a loader to specify +context that is passed to its boot and unload hooks. This is an alternative +to requiring that loaders call grub_loader_unset before mutating their +global context. + +Signed-off-by: Chris Coulson +(cherry picked from commit 4322a64dde7e8fedb58e50b79408667129d45dd3) +(cherry picked from commit 937ad0e2159b6b8cb0d2ce3515da3a8b797c7927) +(cherry picked from commit 873038ae7048f6cae8a3ebb2f97a8d361a080e13) +--- + grub-core/commands/boot.c | 66 +++++++++++++++++++++++++++++++++++++++++------ + include/grub/loader.h | 5 ++++ + 2 files changed, 63 insertions(+), 8 deletions(-) + +diff --git a/grub-core/commands/boot.c b/grub-core/commands/boot.c +index bbca81e947..53691a62d9 100644 +--- a/grub-core/commands/boot.c ++++ b/grub-core/commands/boot.c +@@ -27,10 +27,20 @@ + + GRUB_MOD_LICENSE ("GPLv3+"); + +-static grub_err_t (*grub_loader_boot_func) (void); +-static grub_err_t (*grub_loader_unload_func) (void); ++static grub_err_t (*grub_loader_boot_func) (void *); ++static grub_err_t (*grub_loader_unload_func) (void *); ++static void *grub_loader_context; + static int grub_loader_flags; + ++struct grub_simple_loader_hooks ++{ ++ grub_err_t (*boot) (void); ++ grub_err_t (*unload) (void); ++}; ++ ++/* Don't heap allocate this to avoid making grub_loader_set fallible. */ ++static struct grub_simple_loader_hooks simple_loader_hooks; ++ + struct grub_preboot + { + grub_err_t (*preboot_func) (int); +@@ -44,6 +54,29 @@ static int grub_loader_loaded; + static struct grub_preboot *preboots_head = 0, + *preboots_tail = 0; + ++static grub_err_t ++grub_simple_boot_hook (void *context) ++{ ++ struct grub_simple_loader_hooks *hooks; ++ ++ hooks = (struct grub_simple_loader_hooks *) context; ++ return hooks->boot (); ++} ++ ++static grub_err_t ++grub_simple_unload_hook (void *context) ++{ ++ struct grub_simple_loader_hooks *hooks; ++ grub_err_t ret; ++ ++ hooks = (struct grub_simple_loader_hooks *) context; ++ ++ ret = hooks->unload (); ++ grub_memset (hooks, 0, sizeof (*hooks)); ++ ++ return ret; ++} ++ + int + grub_loader_is_loaded (void) + { +@@ -110,28 +143,45 @@ grub_loader_unregister_preboot_hook (struct grub_preboot *hnd) + } + + void +-grub_loader_set (grub_err_t (*boot) (void), +- grub_err_t (*unload) (void), +- int flags) ++grub_loader_set_ex (grub_err_t (*boot) (void *), ++ grub_err_t (*unload) (void *), ++ void *context, ++ int flags) + { + if (grub_loader_loaded && grub_loader_unload_func) +- grub_loader_unload_func (); ++ grub_loader_unload_func (grub_loader_context); + + grub_loader_boot_func = boot; + grub_loader_unload_func = unload; ++ grub_loader_context = context; + grub_loader_flags = flags; + + grub_loader_loaded = 1; + } + ++void ++grub_loader_set (grub_err_t (*boot) (void), ++ grub_err_t (*unload) (void), ++ int flags) ++{ ++ grub_loader_set_ex (grub_simple_boot_hook, ++ grub_simple_unload_hook, ++ &simple_loader_hooks, ++ flags); ++ ++ simple_loader_hooks.boot = boot; ++ simple_loader_hooks.unload = unload; ++} ++ + void + grub_loader_unset(void) + { + if (grub_loader_loaded && grub_loader_unload_func) +- grub_loader_unload_func (); ++ grub_loader_unload_func (grub_loader_context); + + grub_loader_boot_func = 0; + grub_loader_unload_func = 0; ++ grub_loader_context = 0; + + grub_loader_loaded = 0; + } +@@ -158,7 +208,7 @@ grub_loader_boot (void) + return err; + } + } +- err = (grub_loader_boot_func) (); ++ err = (grub_loader_boot_func) (grub_loader_context); + + for (cur = preboots_tail; cur; cur = cur->prev) + if (! err) +diff --git a/include/grub/loader.h b/include/grub/loader.h +index b208642821..1846fa6c5f 100644 +--- a/include/grub/loader.h ++++ b/include/grub/loader.h +@@ -40,6 +40,11 @@ void EXPORT_FUNC (grub_loader_set) (grub_err_t (*boot) (void), + grub_err_t (*unload) (void), + int flags); + ++void EXPORT_FUNC (grub_loader_set_ex) (grub_err_t (*boot) (void *), ++ grub_err_t (*unload) (void *), ++ void *context, ++ int flags); ++ + /* Unset current loader, if any. */ + void EXPORT_FUNC (grub_loader_unset) (void); + diff --git a/SOURCES/0509-loader-efi-chainloader-Use-grub_loader_set_ex.patch b/SOURCES/0509-loader-efi-chainloader-Use-grub_loader_set_ex.patch new file mode 100644 index 0000000..d494a85 --- /dev/null +++ b/SOURCES/0509-loader-efi-chainloader-Use-grub_loader_set_ex.patch @@ -0,0 +1,149 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Chris Coulson +Date: Fri, 29 Apr 2022 21:30:56 +0100 +Subject: [PATCH] loader/efi/chainloader: Use grub_loader_set_ex + +This ports the EFI chainloader to use grub_loader_set_ex in order to fix +a use-after-free bug that occurs when grub_cmd_chainloader is executed +more than once before a boot attempt is performed. + +Signed-off-by: Chris Coulson +(cherry picked from commit 4b7f0402b7cb0f67a93be736f2b75b818d7f44c9) +(cherry picked from commit fc1a79bf0e0bc019362ace46d908a92b48dcd55b) +(cherry picked from commit f5b653dfe00271384ff7fbd82db926ab95dbd80e) +[rharwood: context sludge from previous commit] +Signed-off-by: Robbie Harwood +--- + grub-core/loader/efi/chainloader.c | 38 ++++++++++++++++++++++---------------- + 1 file changed, 22 insertions(+), 16 deletions(-) + +diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c +index afeb1fc97e..720f6181e5 100644 +--- a/grub-core/loader/efi/chainloader.c ++++ b/grub-core/loader/efi/chainloader.c +@@ -47,8 +47,6 @@ GRUB_MOD_LICENSE ("GPLv3+"); + + static grub_dl_t my_mod; + +-static grub_efi_handle_t image_handle; +- + struct grub_secureboot_chainloader_context { + grub_efi_physical_address_t address; + grub_efi_uintn_t pages; +@@ -58,7 +56,6 @@ struct grub_secureboot_chainloader_context { + grub_ssize_t cmdline_len; + grub_efi_handle_t dev_handle; + }; +-static struct grub_secureboot_chainloader_context *sb_context; + + static grub_err_t + grub_start_image (grub_efi_handle_t handle) +@@ -97,11 +94,14 @@ grub_start_image (grub_efi_handle_t handle) + } + + static grub_err_t +-grub_chainloader_unload (void) ++grub_chainloader_unload (void *context) + { ++ grub_efi_handle_t image_handle; + grub_efi_loaded_image_t *loaded_image; + grub_efi_boot_services_t *b; + ++ image_handle = (grub_efi_handle_t) context; ++ + loaded_image = grub_efi_get_loaded_image (image_handle); + if (loaded_image != NULL) + grub_free (loaded_image->load_options); +@@ -114,10 +114,12 @@ grub_chainloader_unload (void) + } + + static grub_err_t +-grub_chainloader_boot (void) ++grub_chainloader_boot (void *context) + { ++ grub_efi_handle_t image_handle; + grub_err_t err; + ++ image_handle = (grub_efi_handle_t) context; + err = grub_start_image (image_handle); + + grub_loader_unset (); +@@ -833,15 +835,17 @@ error_exit: + } + + static grub_err_t +-grub_secureboot_chainloader_unload (void) ++grub_secureboot_chainloader_unload (void *context) + { ++ struct grub_secureboot_chainloader_context *sb_context; ++ ++ sb_context = (struct grub_secureboot_chainloader_context *) context; ++ + grub_efi_free_pages (sb_context->address, sb_context->pages); + grub_free (sb_context->file_path); + grub_free (sb_context->cmdline); + grub_free (sb_context); + +- sb_context = 0; +- + grub_dl_unref (my_mod); + return GRUB_ERR_NONE; + } +@@ -890,12 +894,15 @@ grub_load_image(grub_efi_device_path_t *file_path, void *boot_image, + } + + static grub_err_t +-grub_secureboot_chainloader_boot (void) ++grub_secureboot_chainloader_boot (void *context) + { ++ struct grub_secureboot_chainloader_context *sb_context; + grub_efi_boot_services_t *b; + int rc; + grub_efi_handle_t handle = 0; + ++ sb_context = (struct grub_secureboot_chainloader_context *) context; ++ + rc = handle_image (sb_context); + if (rc == 0) + { +@@ -936,6 +943,8 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), + grub_efi_char16_t *cmdline = 0; + grub_ssize_t cmdline_len = 0; + grub_efi_handle_t dev_handle = 0; ++ grub_efi_handle_t image_handle = 0; ++ struct grub_secureboot_chainloader_context *sb_context = 0; + + if (argc == 0) + return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected")); +@@ -1108,8 +1117,8 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), + grub_file_close (file); + grub_device_close (dev); + +- grub_loader_set (grub_secureboot_chainloader_boot, +- grub_secureboot_chainloader_unload, 0); ++ grub_loader_set_ex (grub_secureboot_chainloader_boot, ++ grub_secureboot_chainloader_unload, sb_context, 0); + return 0; + } + else if (rc == 0) +@@ -1123,7 +1132,7 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), + efi_call_2 (b->free_pages, address, pages); + grub_free (file_path); + +- grub_loader_set (grub_chainloader_boot, grub_chainloader_unload, 0); ++ grub_loader_set_ex (grub_chainloader_boot, grub_chainloader_unload, image_handle, 0); + + return 0; + } +@@ -1145,10 +1154,7 @@ fail: + grub_free (cmdline); + + if (image_handle != 0) +- { +- efi_call_1 (b->unload_image, image_handle); +- image_handle = 0; +- } ++ efi_call_1 (b->unload_image, image_handle); + + grub_dl_unref (my_mod); + diff --git a/SOURCES/0510-loader-i386-efi-linux-Avoid-a-use-after-free-in-the-.patch b/SOURCES/0510-loader-i386-efi-linux-Avoid-a-use-after-free-in-the-.patch new file mode 100644 index 0000000..f8809e6 --- /dev/null +++ b/SOURCES/0510-loader-i386-efi-linux-Avoid-a-use-after-free-in-the-.patch @@ -0,0 +1,43 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Chris Coulson +Date: Mon, 2 May 2022 14:39:31 +0200 +Subject: [PATCH] loader/i386/efi/linux: Avoid a use-after-free in the linuxefi + loader + +In some error paths in grub_cmd_linux, the pointer to lh may be +dereferenced after the buffer it points to has been freed. There aren't +any security implications from this because nothing else uses the +allocator after the buffer is freed and before the pointer is +dereferenced, but fix it anyway. + +Signed-off-by: Chris Coulson +(cherry picked from commit 8224f5a71af94bec8697de17e7e579792db9f9e2) +(cherry picked from commit 4744b62e20d07674017213ac54d7442d679f9d1a) +(cherry picked from commit 329633cb060957c3d2aca677ac733f07b213a63f) +--- + grub-core/loader/i386/efi/linux.c | 5 ++--- + 1 file changed, 2 insertions(+), 3 deletions(-) + +diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c +index a043df891f..c9a2b47370 100644 +--- a/grub-core/loader/i386/efi/linux.c ++++ b/grub-core/loader/i386/efi/linux.c +@@ -482,9 +482,6 @@ fail: + if (file) + grub_file_close (file); + +- if (kernel) +- grub_free (kernel); +- + if (grub_errno != GRUB_ERR_NONE) + { + grub_dl_unref (my_mod); +@@ -500,6 +497,8 @@ fail: + kernel_free (params, sizeof(*params)); + } + ++ grub_free (kernel); ++ + return grub_errno; + } + diff --git a/SOURCES/0511-loader-i386-efi-linux-Use-grub_loader_set_ex.patch b/SOURCES/0511-loader-i386-efi-linux-Use-grub_loader_set_ex.patch new file mode 100644 index 0000000..981ea45 --- /dev/null +++ b/SOURCES/0511-loader-i386-efi-linux-Use-grub_loader_set_ex.patch @@ -0,0 +1,299 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Chris Coulson +Date: Mon, 2 May 2022 17:04:23 +0200 +Subject: [PATCH] loader/i386/efi/linux: Use grub_loader_set_ex + +This ports the linuxefi loader to use grub_loader_set_ex in order to fix +a use-after-fre bug that occurs when grub_cmd_linux is executed more than +once before a boot attempt is performed. + +This is more complicated than for the chainloader command, as the initrd +command needs access to the loader state. To solve this, the linuxefi +module registers a dummy initrd command at startup that returns an error. +The linuxefi command then registers a proper initrd command with a higher +priority that is passed the loader state. + +Signed-off-by: Chris Coulson +(cherry picked from commit 7cf736436b4c934df5ddfa6f44b46a7e07d99fdc) +[rharwood/pjones: set kernel_size in context] +(cherry picked from commit 9c056391f7a36ea480de9a759c12e55a90f2040a) +[rharwood: verifying twice] +Signed-off-by: Robbie Harwood +(cherry picked from commit df804892f1a754d88a9779320f9429bf40d2a1b3) +--- + grub-core/loader/i386/efi/linux.c | 146 +++++++++++++++++++++++--------------- + 1 file changed, 87 insertions(+), 59 deletions(-) + +diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c +index c9a2b47370..77a0734786 100644 +--- a/grub-core/loader/i386/efi/linux.c ++++ b/grub-core/loader/i386/efi/linux.c +@@ -34,13 +34,19 @@ + GRUB_MOD_LICENSE ("GPLv3+"); + + static grub_dl_t my_mod; +-static int loaded; +-static void *kernel_mem; +-static grub_uint64_t kernel_size; +-static void *initrd_mem; +-static grub_uint32_t handover_offset; +-struct linux_kernel_params *params; +-static char *linux_cmdline; ++ ++static grub_command_t cmd_linux, cmd_initrd; ++static grub_command_t cmd_linuxefi, cmd_initrdefi; ++ ++struct grub_linuxefi_context { ++ void *kernel_mem; ++ grub_uint64_t kernel_size; ++ grub_uint32_t handover_offset; ++ struct linux_kernel_params *params; ++ char *cmdline; ++ ++ void *initrd_mem; ++}; + + #define MIN(a, b) \ + ({ typeof (a) _a = (a); \ +@@ -123,25 +129,32 @@ kernel_alloc(grub_efi_uintn_t size, const char * const errmsg) + } + + static grub_err_t +-grub_linuxefi_boot (void) ++grub_linuxefi_boot (void *data) + { ++ struct grub_linuxefi_context *context = (struct grub_linuxefi_context *) data; ++ + asm volatile ("cli"); + +- return grub_efi_linux_boot ((char *)kernel_mem, +- handover_offset, +- params); ++ return grub_efi_linux_boot ((char *)context->kernel_mem, ++ context->handover_offset, ++ context->params); + } + + static grub_err_t +-grub_linuxefi_unload (void) ++grub_linuxefi_unload (void *data) + { ++ struct grub_linuxefi_context *context = (struct grub_linuxefi_context *) data; ++ struct linux_kernel_params *params = context->params; ++ + grub_dl_unref (my_mod); +- loaded = 0; + +- kernel_free(initrd_mem, params->ramdisk_size); +- kernel_free(linux_cmdline, params->cmdline_size + 1); +- kernel_free(kernel_mem, kernel_size); +- kernel_free(params, sizeof(*params)); ++ kernel_free (context->initrd_mem, params->ramdisk_size); ++ kernel_free (context->cmdline, params->cmdline_size + 1); ++ kernel_free (context->kernel_mem, context->kernel_size); ++ kernel_free (params, sizeof(*params)); ++ cmd_initrd->data = 0; ++ cmd_initrdefi->data = 0; ++ grub_free (context); + + return GRUB_ERR_NONE; + } +@@ -188,13 +201,14 @@ read(grub_file_t file, grub_uint8_t *bufp, grub_size_t len) + #define HIGH_U32(val) ((grub_uint32_t)(((grub_addr_t)(val) >> 32) & 0xffffffffull)) + + static grub_err_t +-grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), +- int argc, char *argv[]) ++grub_cmd_initrd (grub_command_t cmd, int argc, char *argv[]) + { + grub_file_t *files = 0; + int i, nfiles = 0; + grub_size_t size = 0; + grub_uint8_t *ptr; ++ struct grub_linuxefi_context *context = (struct grub_linuxefi_context *) cmd->data; ++ struct linux_kernel_params *params; + + if (argc == 0) + { +@@ -202,12 +216,14 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), + goto fail; + } + +- if (!loaded) ++ if (!context) + { + grub_error (GRUB_ERR_BAD_ARGUMENT, N_("you need to load the kernel first")); + goto fail; + } + ++ params = context->params; ++ + files = grub_calloc (argc, sizeof (files[0])); + if (!files) + goto fail; +@@ -226,19 +242,19 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), + } + } + +- initrd_mem = kernel_alloc(size, N_("can't allocate initrd")); +- if (initrd_mem == NULL) ++ context->initrd_mem = kernel_alloc(size, N_("can't allocate initrd")); ++ if (context->initrd_mem == NULL) + goto fail; +- grub_dprintf ("linux", "initrd_mem = %p\n", initrd_mem); ++ grub_dprintf ("linux", "initrd_mem = %p\n", context->initrd_mem); + + params->ramdisk_size = LOW_U32(size); +- params->ramdisk_image = LOW_U32(initrd_mem); ++ params->ramdisk_image = LOW_U32(context->initrd_mem); + #if defined(__x86_64__) + params->ext_ramdisk_size = HIGH_U32(size); +- params->ext_ramdisk_image = HIGH_U32(initrd_mem); ++ params->ext_ramdisk_image = HIGH_U32(context->initrd_mem); + #endif + +- ptr = initrd_mem; ++ ptr = context->initrd_mem; + + for (i = 0; i < nfiles; i++) + { +@@ -264,8 +280,8 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), + grub_file_close (files[i]); + grub_free (files); + +- if (initrd_mem && grub_errno) +- grub_efi_free_pages ((grub_efi_physical_address_t)(grub_addr_t)initrd_mem, ++ if (context->initrd_mem && grub_errno) ++ grub_efi_free_pages ((grub_efi_physical_address_t)(grub_addr_t)context->initrd_mem, + BYTES_TO_PAGES(size)); + + return grub_errno; +@@ -281,6 +297,12 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + void *kernel = NULL; + int setup_header_end_offset; + int rc; ++ void *kernel_mem = 0; ++ grub_uint64_t kernel_size = 0; ++ grub_uint32_t handover_offset; ++ struct linux_kernel_params *params = 0; ++ char *cmdline = 0; ++ struct grub_linuxefi_context *context = 0; + + grub_dl_ref (my_mod); + +@@ -407,27 +429,27 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + grub_dprintf ("linux", "new lh is at %p\n", lh); + + grub_dprintf ("linux", "setting up cmdline\n"); +- linux_cmdline = kernel_alloc (lh->cmdline_size + 1, N_("can't allocate cmdline")); +- if (!linux_cmdline) ++ cmdline = kernel_alloc (lh->cmdline_size + 1, N_("can't allocate cmdline")); ++ if (!cmdline) + goto fail; +- grub_dprintf ("linux", "linux_cmdline = %p\n", linux_cmdline); ++ grub_dprintf ("linux", "cmdline = %p\n", cmdline); + +- grub_memcpy (linux_cmdline, LINUX_IMAGE, sizeof (LINUX_IMAGE)); ++ grub_memcpy (cmdline, LINUX_IMAGE, sizeof (LINUX_IMAGE)); + grub_create_loader_cmdline (argc, argv, +- linux_cmdline + sizeof (LINUX_IMAGE) - 1, ++ cmdline + sizeof (LINUX_IMAGE) - 1, + lh->cmdline_size - (sizeof (LINUX_IMAGE) - 1), + GRUB_VERIFY_KERNEL_CMDLINE); + +- grub_dprintf ("linux", "cmdline:%s\n", linux_cmdline); ++ grub_dprintf ("linux", "cmdline:%s\n", cmdline); + grub_dprintf ("linux", "setting lh->cmd_line_ptr to 0x%08x\n", +- LOW_U32(linux_cmdline)); +- lh->cmd_line_ptr = LOW_U32(linux_cmdline); ++ LOW_U32(cmdline)); ++ lh->cmd_line_ptr = LOW_U32(cmdline); + #if defined(__x86_64__) +- if ((grub_efi_uintn_t)linux_cmdline > 0xffffffffull) ++ if ((grub_efi_uintn_t)cmdline > 0xffffffffull) + { + grub_dprintf ("linux", "setting params->ext_cmd_line_ptr to 0x%08x\n", +- HIGH_U32(linux_cmdline)); +- params->ext_cmd_line_ptr = HIGH_U32(linux_cmdline); ++ HIGH_U32(cmdline)); ++ params->ext_cmd_line_ptr = HIGH_U32(cmdline); + } + #endif + +@@ -452,16 +474,13 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + } + max_addresses[1].addr = GRUB_EFI_MAX_ALLOCATION_ADDRESS; + max_addresses[2].addr = GRUB_EFI_MAX_ALLOCATION_ADDRESS; +- kernel_mem = kernel_alloc (lh->init_size, N_("can't allocate kernel")); ++ kernel_size = lh->init_size; ++ kernel_mem = kernel_alloc (kernel_size, N_("can't allocate kernel")); + restore_addresses(); + if (!kernel_mem) + goto fail; + grub_dprintf("linux", "kernel_mem = %p\n", kernel_mem); + +- grub_loader_set (grub_linuxefi_boot, grub_linuxefi_unload, 0); +- +- loaded = 1; +- + grub_dprintf ("linux", "setting lh->code32_start to 0x%08x\n", + LOW_U32(kernel_mem)); + lh->code32_start = LOW_U32(kernel_mem); +@@ -478,33 +497,42 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + "setting lh->ext_loader_{type,ver} = {0x%02x,0x%02x}\n", + params->ext_loader_type, params->ext_loader_ver); + ++ context = grub_zalloc (sizeof (*context)); ++ if (!context) ++ goto fail; ++ context->kernel_mem = kernel_mem; ++ context->kernel_size = kernel_size; ++ context->handover_offset = handover_offset; ++ context->params = params; ++ context->cmdline = cmdline; ++ ++ grub_loader_set_ex (grub_linuxefi_boot, grub_linuxefi_unload, context, 0); ++ ++ cmd_initrd->data = context; ++ cmd_initrdefi->data = context; ++ ++ grub_file_close (file); ++ grub_free (kernel); ++ return 0; ++ + fail: + if (file) + grub_file_close (file); + +- if (grub_errno != GRUB_ERR_NONE) +- { +- grub_dl_unref (my_mod); +- loaded = 0; +- } ++ grub_dl_unref (my_mod); + +- if (!loaded) +- { +- if (lh) +- kernel_free (linux_cmdline, lh->cmdline_size + 1); ++ if (lh) ++ kernel_free (cmdline, lh->cmdline_size + 1); + +- kernel_free (kernel_mem, kernel_size); +- kernel_free (params, sizeof(*params)); +- } ++ kernel_free (kernel_mem, kernel_size); ++ kernel_free (params, sizeof(*params)); + ++ grub_free (context); + grub_free (kernel); + + return grub_errno; + } + +-static grub_command_t cmd_linux, cmd_initrd; +-static grub_command_t cmd_linuxefi, cmd_initrdefi; +- + GRUB_MOD_INIT(linux) + { + cmd_linux = diff --git a/SOURCES/0512-loader-i386-efi-linux-Fix-a-memory-leak-in-the-initr.patch b/SOURCES/0512-loader-i386-efi-linux-Fix-a-memory-leak-in-the-initr.patch new file mode 100644 index 0000000..1a8cae9 --- /dev/null +++ b/SOURCES/0512-loader-i386-efi-linux-Fix-a-memory-leak-in-the-initr.patch @@ -0,0 +1,77 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Chris Coulson +Date: Tue, 3 May 2022 09:47:35 +0200 +Subject: [PATCH] loader/i386/efi/linux: Fix a memory leak in the initrd + command + +Subsequent invocations of the initrd command result in the previous +initrd being leaked, so fix that. + +Signed-off-by: Chris Coulson +(cherry picked from commit d98af31ce1e31bb22163960d53f5eb28c66582a0) +(cherry picked from commit 62234d6a00e6d1dd8e017ff161d359feb5234082) +(cherry picked from commit bda5a10716dc9676400dce1374232452f46d0bc4) +--- + grub-core/loader/i386/efi/linux.c | 21 ++++++++++++--------- + 1 file changed, 12 insertions(+), 9 deletions(-) + +diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c +index 77a0734786..8337191921 100644 +--- a/grub-core/loader/i386/efi/linux.c ++++ b/grub-core/loader/i386/efi/linux.c +@@ -209,6 +209,7 @@ grub_cmd_initrd (grub_command_t cmd, int argc, char *argv[]) + grub_uint8_t *ptr; + struct grub_linuxefi_context *context = (struct grub_linuxefi_context *) cmd->data; + struct linux_kernel_params *params; ++ void *initrd_mem = 0; + + if (argc == 0) + { +@@ -242,19 +243,19 @@ grub_cmd_initrd (grub_command_t cmd, int argc, char *argv[]) + } + } + +- context->initrd_mem = kernel_alloc(size, N_("can't allocate initrd")); +- if (context->initrd_mem == NULL) ++ initrd_mem = kernel_alloc(size, N_("can't allocate initrd")); ++ if (initrd_mem == NULL) + goto fail; +- grub_dprintf ("linux", "initrd_mem = %p\n", context->initrd_mem); ++ grub_dprintf ("linux", "initrd_mem = %p\n", initrd_mem); + + params->ramdisk_size = LOW_U32(size); +- params->ramdisk_image = LOW_U32(context->initrd_mem); ++ params->ramdisk_image = LOW_U32(initrd_mem); + #if defined(__x86_64__) + params->ext_ramdisk_size = HIGH_U32(size); +- params->ext_ramdisk_image = HIGH_U32(context->initrd_mem); ++ params->ext_ramdisk_image = HIGH_U32(initrd_mem); + #endif + +- ptr = context->initrd_mem; ++ ptr = initrd_mem; + + for (i = 0; i < nfiles; i++) + { +@@ -273,6 +274,9 @@ grub_cmd_initrd (grub_command_t cmd, int argc, char *argv[]) + ptr += ALIGN_UP_OVERHEAD (cursize, 4); + } + ++ kernel_free(context->initrd_mem, params->ramdisk_size); ++ ++ context->initrd_mem = initrd_mem; + params->ramdisk_size = size; + + fail: +@@ -280,9 +284,8 @@ grub_cmd_initrd (grub_command_t cmd, int argc, char *argv[]) + grub_file_close (files[i]); + grub_free (files); + +- if (context->initrd_mem && grub_errno) +- grub_efi_free_pages ((grub_efi_physical_address_t)(grub_addr_t)context->initrd_mem, +- BYTES_TO_PAGES(size)); ++ if (initrd_mem && grub_errno) ++ kernel_free (initrd_mem, size); + + return grub_errno; + } diff --git a/SOURCES/0513-kern-file-Do-not-leak-device_name-on-error-in-grub_f.patch b/SOURCES/0513-kern-file-Do-not-leak-device_name-on-error-in-grub_f.patch new file mode 100644 index 0000000..aff3231 --- /dev/null +++ b/SOURCES/0513-kern-file-Do-not-leak-device_name-on-error-in-grub_f.patch @@ -0,0 +1,41 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Fri, 25 Jun 2021 02:19:05 +1000 +Subject: [PATCH] kern/file: Do not leak device_name on error in + grub_file_open() + +If we have an error in grub_file_open() before we free device_name, we +will leak it. + +Free device_name in the error path and null out the pointer in the good +path once we free it there. + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +(cherry picked from commit 1499a5068839fa37cb77ecef4b5bdacbd1ed12ea) +(cherry picked from commit 2ec50b289d8b24922433439533113087f111f110) +(cherry picked from commit 17c36ae88d7d6040cabc01cd4a21e71ff4731668) +--- + grub-core/kern/file.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/grub-core/kern/file.c b/grub-core/kern/file.c +index 2efc31da94..f062fc21e7 100644 +--- a/grub-core/kern/file.c ++++ b/grub-core/kern/file.c +@@ -81,6 +81,7 @@ grub_file_open (const char *name, enum grub_file_type type) + + device = grub_device_open (device_name); + grub_free (device_name); ++ device_name = NULL; + if (! device) + goto fail; + +@@ -135,6 +136,7 @@ grub_file_open (const char *name, enum grub_file_type type) + return file; + + fail: ++ grub_free (device_name); + if (device) + grub_device_close (device); + diff --git a/SOURCES/0514-video-readers-png-Abort-sooner-if-a-read-operation-f.patch b/SOURCES/0514-video-readers-png-Abort-sooner-if-a-read-operation-f.patch new file mode 100644 index 0000000..12dba4d --- /dev/null +++ b/SOURCES/0514-video-readers-png-Abort-sooner-if-a-read-operation-f.patch @@ -0,0 +1,200 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Tue, 6 Jul 2021 14:02:55 +1000 +Subject: [PATCH] video/readers/png: Abort sooner if a read operation fails + +Fuzzing revealed some inputs that were taking a long time, potentially +forever, because they did not bail quickly upon encountering an I/O error. + +Try to catch I/O errors sooner and bail out. + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +(cherry picked from commit 882be97d1df6449b9fd4d593f0cb70005fde3494) +(cherry picked from commit 3f6fc3ebfd58fcdb3fe6c2f7a5a4fa05772ae786) +(cherry picked from commit aac5b8257d4078c3f764216aeae3367bdc19043f) +--- + grub-core/video/readers/png.c | 55 ++++++++++++++++++++++++++++++++++++------- + 1 file changed, 47 insertions(+), 8 deletions(-) + +diff --git a/grub-core/video/readers/png.c b/grub-core/video/readers/png.c +index 0157ff7420..e2a6b1cf3c 100644 +--- a/grub-core/video/readers/png.c ++++ b/grub-core/video/readers/png.c +@@ -142,6 +142,7 @@ static grub_uint8_t + grub_png_get_byte (struct grub_png_data *data) + { + grub_uint8_t r; ++ grub_ssize_t bytes_read = 0; + + if ((data->inside_idat) && (data->idat_remain == 0)) + { +@@ -175,7 +176,14 @@ grub_png_get_byte (struct grub_png_data *data) + } + + r = 0; +- grub_file_read (data->file, &r, 1); ++ bytes_read = grub_file_read (data->file, &r, 1); ++ ++ if (bytes_read != 1) ++ { ++ grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "png: unexpected end of data"); ++ return 0; ++ } + + if (data->inside_idat) + data->idat_remain--; +@@ -231,15 +239,16 @@ grub_png_decode_image_palette (struct grub_png_data *data, + if (len == 0) + return GRUB_ERR_NONE; + +- for (i = 0; 3 * i < len && i < 256; i++) ++ grub_errno = GRUB_ERR_NONE; ++ for (i = 0; 3 * i < len && i < 256 && grub_errno == GRUB_ERR_NONE; i++) + for (j = 0; j < 3; j++) + data->palette[i][j] = grub_png_get_byte (data); +- for (i *= 3; i < len; i++) ++ for (i *= 3; i < len && grub_errno == GRUB_ERR_NONE; i++) + grub_png_get_byte (data); + + grub_png_get_dword (data); + +- return GRUB_ERR_NONE; ++ return grub_errno; + } + + static grub_err_t +@@ -256,9 +265,13 @@ grub_png_decode_image_header (struct grub_png_data *data) + return grub_error (GRUB_ERR_BAD_FILE_TYPE, "png: invalid image size"); + + color_bits = grub_png_get_byte (data); ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; + data->is_16bit = (color_bits == 16); + + color_type = grub_png_get_byte (data); ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; + + /* According to PNG spec, no other types are valid. */ + if ((color_type & ~(PNG_COLOR_MASK_ALPHA | PNG_COLOR_MASK_COLOR)) +@@ -340,14 +353,20 @@ grub_png_decode_image_header (struct grub_png_data *data) + if (grub_png_get_byte (data) != PNG_COMPRESSION_BASE) + return grub_error (GRUB_ERR_BAD_FILE_TYPE, + "png: compression method not supported"); ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; + + if (grub_png_get_byte (data) != PNG_FILTER_TYPE_BASE) + return grub_error (GRUB_ERR_BAD_FILE_TYPE, + "png: filter method not supported"); ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; + + if (grub_png_get_byte (data) != PNG_INTERLACE_NONE) + return grub_error (GRUB_ERR_BAD_FILE_TYPE, + "png: interlace method not supported"); ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; + + /* Skip crc checksum. */ + grub_png_get_dword (data); +@@ -449,7 +468,7 @@ grub_png_get_huff_code (struct grub_png_data *data, struct huff_table *ht) + int code, i; + + code = 0; +- for (i = 0; i < ht->max_length; i++) ++ for (i = 0; i < ht->max_length && grub_errno == GRUB_ERR_NONE; i++) + { + code = (code << 1) + grub_png_get_bits (data, 1); + if (code < ht->maxval[i]) +@@ -504,8 +523,14 @@ grub_png_init_dynamic_block (struct grub_png_data *data) + grub_uint8_t lens[DEFLATE_HCLEN_MAX]; + + nl = DEFLATE_HLIT_BASE + grub_png_get_bits (data, 5); ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; + nd = DEFLATE_HDIST_BASE + grub_png_get_bits (data, 5); ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; + nb = DEFLATE_HCLEN_BASE + grub_png_get_bits (data, 4); ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; + + if ((nl > DEFLATE_HLIT_MAX) || (nd > DEFLATE_HDIST_MAX) || + (nb > DEFLATE_HCLEN_MAX)) +@@ -533,7 +558,7 @@ grub_png_init_dynamic_block (struct grub_png_data *data) + data->dist_offset); + + prev = 0; +- for (i = 0; i < nl + nd; i++) ++ for (i = 0; i < nl + nd && grub_errno == GRUB_ERR_NONE; i++) + { + int n, code; + struct huff_table *ht; +@@ -721,17 +746,21 @@ grub_png_read_dynamic_block (struct grub_png_data *data) + len = cplens[n]; + if (cplext[n]) + len += grub_png_get_bits (data, cplext[n]); ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; + + n = grub_png_get_huff_code (data, &data->dist_table); + dist = cpdist[n]; + if (cpdext[n]) + dist += grub_png_get_bits (data, cpdext[n]); ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; + + pos = data->wp - dist; + if (pos < 0) + pos += WSIZE; + +- while (len > 0) ++ while (len > 0 && grub_errno == GRUB_ERR_NONE) + { + data->slide[data->wp] = data->slide[pos]; + grub_png_output_byte (data, data->slide[data->wp]); +@@ -759,7 +788,11 @@ grub_png_decode_image_data (struct grub_png_data *data) + int final; + + cmf = grub_png_get_byte (data); ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; + flg = grub_png_get_byte (data); ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; + + if ((cmf & 0xF) != Z_DEFLATED) + return grub_error (GRUB_ERR_BAD_FILE_TYPE, +@@ -774,7 +807,11 @@ grub_png_decode_image_data (struct grub_png_data *data) + int block_type; + + final = grub_png_get_bits (data, 1); ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; + block_type = grub_png_get_bits (data, 2); ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; + + switch (block_type) + { +@@ -790,7 +827,7 @@ grub_png_decode_image_data (struct grub_png_data *data) + grub_png_get_byte (data); + grub_png_get_byte (data); + +- for (i = 0; i < len; i++) ++ for (i = 0; i < len && grub_errno == GRUB_ERR_NONE; i++) + grub_png_output_byte (data, grub_png_get_byte (data)); + + break; +@@ -1045,6 +1082,8 @@ grub_png_decode_png (struct grub_png_data *data) + + len = grub_png_get_dword (data); + type = grub_png_get_dword (data); ++ if (grub_errno != GRUB_ERR_NONE) ++ break; + data->next_offset = data->file->offset + len + 4; + + switch (type) diff --git a/SOURCES/0515-video-readers-png-Refuse-to-handle-multiple-image-he.patch b/SOURCES/0515-video-readers-png-Refuse-to-handle-multiple-image-he.patch new file mode 100644 index 0000000..e6bad78 --- /dev/null +++ b/SOURCES/0515-video-readers-png-Refuse-to-handle-multiple-image-he.patch @@ -0,0 +1,30 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Tue, 6 Jul 2021 14:13:40 +1000 +Subject: [PATCH] video/readers/png: Refuse to handle multiple image headers + +This causes the bitmap to be leaked. Do not permit multiple image headers. + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +(cherry picked from commit 8ce433557adeadbc46429aabb9f850b02ad2bdfb) +(cherry picked from commit 6e10bba6a4cbfd6c7bf116f41fd4e037465e19d8) +(cherry picked from commit 812272d919ecfd368c008f15b677d369616ada54) +--- + grub-core/video/readers/png.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/grub-core/video/readers/png.c b/grub-core/video/readers/png.c +index e2a6b1cf3c..8955b8ecfd 100644 +--- a/grub-core/video/readers/png.c ++++ b/grub-core/video/readers/png.c +@@ -258,6 +258,9 @@ grub_png_decode_image_header (struct grub_png_data *data) + int color_bits; + enum grub_video_blit_format blt; + ++ if (data->image_width || data->image_height) ++ return grub_error (GRUB_ERR_BAD_FILE_TYPE, "png: two image headers found"); ++ + data->image_width = grub_png_get_dword (data); + data->image_height = grub_png_get_dword (data); + diff --git a/SOURCES/0516-video-readers-png-Drop-greyscale-support-to-fix-heap.patch b/SOURCES/0516-video-readers-png-Drop-greyscale-support-to-fix-heap.patch new file mode 100644 index 0000000..5233539 --- /dev/null +++ b/SOURCES/0516-video-readers-png-Drop-greyscale-support-to-fix-heap.patch @@ -0,0 +1,172 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Tue, 6 Jul 2021 18:51:35 +1000 +Subject: [PATCH] video/readers/png: Drop greyscale support to fix heap + out-of-bounds write + +A 16-bit greyscale PNG without alpha is processed in the following loop: + + for (i = 0; i < (data->image_width * data->image_height); + i++, d1 += 4, d2 += 2) + { + d1[R3] = d2[1]; + d1[G3] = d2[1]; + d1[B3] = d2[1]; + } + +The increment of d1 is wrong. d1 is incremented by 4 bytes per iteration, +but there are only 3 bytes allocated for storage. This means that image +data will overwrite somewhat-attacker-controlled parts of memory - 3 bytes +out of every 4 following the end of the image. + +This has existed since greyscale support was added in 2013 in commit +3ccf16dff98f (grub-core/video/readers/png.c: Support grayscale). + +Saving starfield.png as a 16-bit greyscale image without alpha in the gimp +and attempting to load it causes grub-emu to crash - I don't think this code +has ever worked. + +Delete all PNG greyscale support. + +Fixes: CVE-2021-3695 + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +(cherry picked from commit 0e1d163382669bd734439d8864ee969616d971d9) +[rharwood: context conflict] +Signed-off-by: Robbie Harwood +(cherry picked from commit 4c631c8119206b3178912df2905434d967661c3d) +(cherry picked from commit 6d5d5f51266b8113c6ba560835500e3c135f3722) +--- + grub-core/video/readers/png.c | 85 +++---------------------------------------- + 1 file changed, 6 insertions(+), 79 deletions(-) + +diff --git a/grub-core/video/readers/png.c b/grub-core/video/readers/png.c +index 8955b8ecfd..a3161e25b6 100644 +--- a/grub-core/video/readers/png.c ++++ b/grub-core/video/readers/png.c +@@ -100,7 +100,7 @@ struct grub_png_data + + unsigned image_width, image_height; + int bpp, is_16bit; +- int raw_bytes, is_gray, is_alpha, is_palette; ++ int raw_bytes, is_alpha, is_palette; + int row_bytes, color_bits; + grub_uint8_t *image_data; + +@@ -296,13 +296,13 @@ grub_png_decode_image_header (struct grub_png_data *data) + data->bpp = 3; + else + { +- data->is_gray = 1; +- data->bpp = 1; ++ return grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "png: color type not supported"); + } + + if ((color_bits != 8) && (color_bits != 16) + && (color_bits != 4 +- || !(data->is_gray || data->is_palette))) ++ || !data->is_palette)) + return grub_error (GRUB_ERR_BAD_FILE_TYPE, + "png: bit depth must be 8 or 16"); + +@@ -331,7 +331,7 @@ grub_png_decode_image_header (struct grub_png_data *data) + } + + #ifndef GRUB_CPU_WORDS_BIGENDIAN +- if (data->is_16bit || data->is_gray || data->is_palette) ++ if (data->is_16bit || data->is_palette) + #endif + { + data->image_data = grub_calloc (data->image_height, data->row_bytes); +@@ -899,27 +899,8 @@ grub_png_convert_image (struct grub_png_data *data) + int shift; + int mask = (1 << data->color_bits) - 1; + unsigned j; +- if (data->is_gray) +- { +- /* Generic formula is +- (0xff * i) / ((1U << data->color_bits) - 1) +- but for allowed bit depth of 1, 2 and for it's +- equivalent to +- (0xff / ((1U << data->color_bits) - 1)) * i +- Precompute the multipliers to avoid division. +- */ + +- const grub_uint8_t multipliers[5] = { 0xff, 0xff, 0x55, 0x24, 0x11 }; +- for (i = 0; i < (1U << data->color_bits); i++) +- { +- grub_uint8_t col = multipliers[data->color_bits] * i; +- palette[i][0] = col; +- palette[i][1] = col; +- palette[i][2] = col; +- } +- } +- else +- grub_memcpy (palette, data->palette, 3 << data->color_bits); ++ grub_memcpy (palette, data->palette, 3 << data->color_bits); + d1c = d1; + d2c = d2; + for (j = 0; j < data->image_height; j++, d1c += data->image_width * 3, +@@ -956,60 +937,6 @@ grub_png_convert_image (struct grub_png_data *data) + } + return; + } +- +- if (data->is_gray) +- { +- switch (data->bpp) +- { +- case 4: +- /* 16-bit gray with alpha. */ +- for (i = 0; i < (data->image_width * data->image_height); +- i++, d1 += 4, d2 += 4) +- { +- d1[R4] = d2[3]; +- d1[G4] = d2[3]; +- d1[B4] = d2[3]; +- d1[A4] = d2[1]; +- } +- break; +- case 2: +- if (data->is_16bit) +- /* 16-bit gray without alpha. */ +- { +- for (i = 0; i < (data->image_width * data->image_height); +- i++, d1 += 4, d2 += 2) +- { +- d1[R3] = d2[1]; +- d1[G3] = d2[1]; +- d1[B3] = d2[1]; +- } +- } +- else +- /* 8-bit gray with alpha. */ +- { +- for (i = 0; i < (data->image_width * data->image_height); +- i++, d1 += 4, d2 += 2) +- { +- d1[R4] = d2[1]; +- d1[G4] = d2[1]; +- d1[B4] = d2[1]; +- d1[A4] = d2[0]; +- } +- } +- break; +- /* 8-bit gray without alpha. */ +- case 1: +- for (i = 0; i < (data->image_width * data->image_height); +- i++, d1 += 3, d2++) +- { +- d1[R3] = d2[0]; +- d1[G3] = d2[0]; +- d1[B3] = d2[0]; +- } +- break; +- } +- return; +- } + + { + /* Only copy the upper 8 bit. */ diff --git a/SOURCES/0517-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff-.patch b/SOURCES/0517-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff-.patch new file mode 100644 index 0000000..8c59310 --- /dev/null +++ b/SOURCES/0517-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff-.patch @@ -0,0 +1,42 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Tue, 6 Jul 2021 23:25:07 +1000 +Subject: [PATCH] video/readers/png: Avoid heap OOB R/W inserting huff table + items + +In fuzzing we observed crashes where a code would attempt to be inserted +into a huffman table before the start, leading to a set of heap OOB reads +and writes as table entries with negative indices were shifted around and +the new code written in. + +Catch the case where we would underflow the array and bail. + +Fixes: CVE-2021-3696 + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +(cherry picked from commit 1ae9a91d42cb40da8a6f11fac65541858e340afa) +(cherry picked from commit 132ccc681cf642ad748580f26b54c9259a7f43fd) +(cherry picked from commit 3a70e1f6e69af6e0d3c3cf526faa44dc0c80ac19) +--- + grub-core/video/readers/png.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/grub-core/video/readers/png.c b/grub-core/video/readers/png.c +index a3161e25b6..d7ed5aa6cf 100644 +--- a/grub-core/video/readers/png.c ++++ b/grub-core/video/readers/png.c +@@ -438,6 +438,13 @@ grub_png_insert_huff_item (struct huff_table *ht, int code, int len) + for (i = len; i < ht->max_length; i++) + n += ht->maxval[i]; + ++ if (n > ht->num_values) ++ { ++ grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "png: out of range inserting huffman table item"); ++ return; ++ } ++ + for (i = 0; i < n; i++) + ht->values[ht->num_values - i] = ht->values[ht->num_values - i - 1]; + diff --git a/SOURCES/0518-video-readers-png-Sanity-check-some-huffman-codes.patch b/SOURCES/0518-video-readers-png-Sanity-check-some-huffman-codes.patch new file mode 100644 index 0000000..ca2e209 --- /dev/null +++ b/SOURCES/0518-video-readers-png-Sanity-check-some-huffman-codes.patch @@ -0,0 +1,42 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Tue, 6 Jul 2021 19:19:11 +1000 +Subject: [PATCH] video/readers/png: Sanity check some huffman codes + +ASAN picked up two OOB global reads: we weren't checking if some code +values fit within the cplens or cpdext arrays. Check and throw an error +if not. + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +(cherry picked from commit c3a8ab0cbd24153ec7b1f84a96ddfdd72ef8d117) +(cherry picked from commit 5d09addf58086aa11d5f9a91af5632ff87c2d2ee) +(cherry picked from commit ff12584f9376a472f37d4ec14213fd29bf3b233a) +--- + grub-core/video/readers/png.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/grub-core/video/readers/png.c b/grub-core/video/readers/png.c +index d7ed5aa6cf..7f2ba7849b 100644 +--- a/grub-core/video/readers/png.c ++++ b/grub-core/video/readers/png.c +@@ -753,6 +753,9 @@ grub_png_read_dynamic_block (struct grub_png_data *data) + int len, dist, pos; + + n -= 257; ++ if (((unsigned int) n) >= ARRAY_SIZE (cplens)) ++ return grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "png: invalid huff code"); + len = cplens[n]; + if (cplext[n]) + len += grub_png_get_bits (data, cplext[n]); +@@ -760,6 +763,9 @@ grub_png_read_dynamic_block (struct grub_png_data *data) + return grub_errno; + + n = grub_png_get_huff_code (data, &data->dist_table); ++ if (((unsigned int) n) >= ARRAY_SIZE (cpdist)) ++ return grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "png: invalid huff code"); + dist = cpdist[n]; + if (cpdext[n]) + dist += grub_png_get_bits (data, cpdext[n]); diff --git a/SOURCES/0519-video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch b/SOURCES/0519-video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch new file mode 100644 index 0000000..5d71be6 --- /dev/null +++ b/SOURCES/0519-video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch @@ -0,0 +1,257 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Mon, 28 Jun 2021 14:16:14 +1000 +Subject: [PATCH] video/readers/jpeg: Abort sooner if a read operation fails + +Fuzzing revealed some inputs that were taking a long time, potentially +forever, because they did not bail quickly upon encountering an I/O error. + +Try to catch I/O errors sooner and bail out. + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +(cherry picked from commit ab2e5d2e4bff488bbb557ed435a61ae102ef9f0c) +(cherry picked from commit 1ff8df0d2dea8ec7c8575241d5e7d6622c204ec3) +(cherry picked from commit b07767383b74a0ce7135c09ba8701510d4ad32f0) +--- + grub-core/video/readers/jpeg.c | 86 ++++++++++++++++++++++++++++++++++-------- + 1 file changed, 70 insertions(+), 16 deletions(-) + +diff --git a/grub-core/video/readers/jpeg.c b/grub-core/video/readers/jpeg.c +index e31602f766..10225abd53 100644 +--- a/grub-core/video/readers/jpeg.c ++++ b/grub-core/video/readers/jpeg.c +@@ -109,9 +109,17 @@ static grub_uint8_t + grub_jpeg_get_byte (struct grub_jpeg_data *data) + { + grub_uint8_t r; ++ grub_ssize_t bytes_read; + + r = 0; +- grub_file_read (data->file, &r, 1); ++ bytes_read = grub_file_read (data->file, &r, 1); ++ ++ if (bytes_read != 1) ++ { ++ grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "jpeg: unexpected end of data"); ++ return 0; ++ } + + return r; + } +@@ -120,9 +128,17 @@ static grub_uint16_t + grub_jpeg_get_word (struct grub_jpeg_data *data) + { + grub_uint16_t r; ++ grub_ssize_t bytes_read; + + r = 0; +- grub_file_read (data->file, &r, sizeof (grub_uint16_t)); ++ bytes_read = grub_file_read (data->file, &r, sizeof (grub_uint16_t)); ++ ++ if (bytes_read != sizeof (grub_uint16_t)) ++ { ++ grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "jpeg: unexpected end of data"); ++ return 0; ++ } + + return grub_be_to_cpu16 (r); + } +@@ -135,6 +151,11 @@ grub_jpeg_get_bit (struct grub_jpeg_data *data) + if (data->bit_mask == 0) + { + data->bit_save = grub_jpeg_get_byte (data); ++ if (grub_errno != GRUB_ERR_NONE) { ++ grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "jpeg: file read error"); ++ return 0; ++ } + if (data->bit_save == JPEG_ESC_CHAR) + { + if (grub_jpeg_get_byte (data) != 0) +@@ -143,6 +164,11 @@ grub_jpeg_get_bit (struct grub_jpeg_data *data) + "jpeg: invalid 0xFF in data stream"); + return 0; + } ++ if (grub_errno != GRUB_ERR_NONE) ++ { ++ grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: file read error"); ++ return 0; ++ } + } + data->bit_mask = 0x80; + } +@@ -161,7 +187,7 @@ grub_jpeg_get_number (struct grub_jpeg_data *data, int num) + return 0; + + msb = value = grub_jpeg_get_bit (data); +- for (i = 1; i < num; i++) ++ for (i = 1; i < num && grub_errno == GRUB_ERR_NONE; i++) + value = (value << 1) + (grub_jpeg_get_bit (data) != 0); + if (!msb) + value += 1 - (1 << num); +@@ -202,6 +228,8 @@ grub_jpeg_decode_huff_table (struct grub_jpeg_data *data) + while (data->file->offset + sizeof (count) + 1 <= next_marker) + { + id = grub_jpeg_get_byte (data); ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; + ac = (id >> 4) & 1; + id &= 0xF; + if (id > 1) +@@ -252,6 +280,8 @@ grub_jpeg_decode_quan_table (struct grub_jpeg_data *data) + + next_marker = data->file->offset; + next_marker += grub_jpeg_get_word (data); ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; + + if (next_marker > data->file->size) + { +@@ -263,6 +293,8 @@ grub_jpeg_decode_quan_table (struct grub_jpeg_data *data) + <= next_marker) + { + id = grub_jpeg_get_byte (data); ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; + if (id >= 0x10) /* Upper 4-bit is precision. */ + return grub_error (GRUB_ERR_BAD_FILE_TYPE, + "jpeg: only 8-bit precision is supported"); +@@ -294,6 +326,9 @@ grub_jpeg_decode_sof (struct grub_jpeg_data *data) + next_marker = data->file->offset; + next_marker += grub_jpeg_get_word (data); + ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; ++ + if (grub_jpeg_get_byte (data) != 8) + return grub_error (GRUB_ERR_BAD_FILE_TYPE, + "jpeg: only 8-bit precision is supported"); +@@ -319,6 +354,8 @@ grub_jpeg_decode_sof (struct grub_jpeg_data *data) + return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: invalid index"); + + ss = grub_jpeg_get_byte (data); /* Sampling factor. */ ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; + if (!id) + { + grub_uint8_t vs, hs; +@@ -498,7 +535,7 @@ grub_jpeg_idct_transform (jpeg_data_unit_t du) + } + } + +-static void ++static grub_err_t + grub_jpeg_decode_du (struct grub_jpeg_data *data, int id, jpeg_data_unit_t du) + { + int h1, h2, qt; +@@ -513,6 +550,9 @@ grub_jpeg_decode_du (struct grub_jpeg_data *data, int id, jpeg_data_unit_t du) + data->dc_value[id] += + grub_jpeg_get_number (data, grub_jpeg_get_huff_code (data, h1)); + ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; ++ + du[0] = data->dc_value[id] * (int) data->quan_table[qt][0]; + pos = 1; + while (pos < ARRAY_SIZE (data->quan_table[qt])) +@@ -527,11 +567,13 @@ grub_jpeg_decode_du (struct grub_jpeg_data *data, int id, jpeg_data_unit_t du) + num >>= 4; + pos += num; + ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; ++ + if (pos >= ARRAY_SIZE (jpeg_zigzag_order)) + { +- grub_error (GRUB_ERR_BAD_FILE_TYPE, +- "jpeg: invalid position in zigzag order!?"); +- return; ++ return grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "jpeg: invalid position in zigzag order!?"); + } + + du[jpeg_zigzag_order[pos]] = val * (int) data->quan_table[qt][pos]; +@@ -539,6 +581,7 @@ grub_jpeg_decode_du (struct grub_jpeg_data *data, int id, jpeg_data_unit_t du) + } + + grub_jpeg_idct_transform (du); ++ return GRUB_ERR_NONE; + } + + static void +@@ -597,7 +640,8 @@ grub_jpeg_decode_sos (struct grub_jpeg_data *data) + data_offset += grub_jpeg_get_word (data); + + cc = grub_jpeg_get_byte (data); +- ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; + if (cc != 3 && cc != 1) + return grub_error (GRUB_ERR_BAD_FILE_TYPE, + "jpeg: component count must be 1 or 3"); +@@ -610,7 +654,8 @@ grub_jpeg_decode_sos (struct grub_jpeg_data *data) + id = grub_jpeg_get_byte (data) - 1; + if ((id < 0) || (id >= 3)) + return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: invalid index"); +- ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; + ht = grub_jpeg_get_byte (data); + data->comp_index[id][1] = (ht >> 4); + data->comp_index[id][2] = (ht & 0xF) + 2; +@@ -618,11 +663,14 @@ grub_jpeg_decode_sos (struct grub_jpeg_data *data) + if ((data->comp_index[id][1] < 0) || (data->comp_index[id][1] > 3) || + (data->comp_index[id][2] < 0) || (data->comp_index[id][2] > 3)) + return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: invalid hufftable index"); ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; + } + + grub_jpeg_get_byte (data); /* Skip 3 unused bytes. */ + grub_jpeg_get_word (data); +- ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; + if (data->file->offset != data_offset) + return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: extra byte in sos"); + +@@ -640,6 +688,7 @@ grub_jpeg_decode_data (struct grub_jpeg_data *data) + { + unsigned c1, vb, hb, nr1, nc1; + int rst = data->dri; ++ grub_err_t err = GRUB_ERR_NONE; + + vb = 8 << data->log_vs; + hb = 8 << data->log_hs; +@@ -660,17 +709,22 @@ grub_jpeg_decode_data (struct grub_jpeg_data *data) + + for (r2 = 0; r2 < (1U << data->log_vs); r2++) + for (c2 = 0; c2 < (1U << data->log_hs); c2++) +- grub_jpeg_decode_du (data, 0, data->ydu[r2 * 2 + c2]); ++ { ++ err = grub_jpeg_decode_du (data, 0, data->ydu[r2 * 2 + c2]); ++ if (err != GRUB_ERR_NONE) ++ return err; ++ } + + if (data->color_components >= 3) + { +- grub_jpeg_decode_du (data, 1, data->cbdu); +- grub_jpeg_decode_du (data, 2, data->crdu); ++ err = grub_jpeg_decode_du (data, 1, data->cbdu); ++ if (err != GRUB_ERR_NONE) ++ return err; ++ err = grub_jpeg_decode_du (data, 2, data->crdu); ++ if (err != GRUB_ERR_NONE) ++ return err; + } + +- if (grub_errno) +- return grub_errno; +- + nr2 = (data->r1 == nr1 - 1) ? (data->image_height - data->r1 * vb) : vb; + nc2 = (c1 == nc1 - 1) ? (data->image_width - c1 * hb) : hb; + diff --git a/SOURCES/0520-video-readers-jpeg-Do-not-reallocate-a-given-huff-ta.patch b/SOURCES/0520-video-readers-jpeg-Do-not-reallocate-a-given-huff-ta.patch new file mode 100644 index 0000000..fb89198 --- /dev/null +++ b/SOURCES/0520-video-readers-jpeg-Do-not-reallocate-a-given-huff-ta.patch @@ -0,0 +1,31 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Mon, 28 Jun 2021 14:16:58 +1000 +Subject: [PATCH] video/readers/jpeg: Do not reallocate a given huff table + +Fix a memory leak where an invalid file could cause us to reallocate +memory for a huffman table we had already allocated memory for. + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +(cherry picked from commit bc06e12b4de55cc6f926af9f064170c82b1403e9) +(cherry picked from commit 5298bf758ea39a90537f9a1c76541ff2f21b970b) +(cherry picked from commit aae6bac7f26c6b848156ed7adcff83309b833664) +--- + grub-core/video/readers/jpeg.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/grub-core/video/readers/jpeg.c b/grub-core/video/readers/jpeg.c +index 10225abd53..caa211f06d 100644 +--- a/grub-core/video/readers/jpeg.c ++++ b/grub-core/video/readers/jpeg.c +@@ -245,6 +245,9 @@ grub_jpeg_decode_huff_table (struct grub_jpeg_data *data) + n += count[i]; + + id += ac * 2; ++ if (data->huff_value[id] != NULL) ++ return grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "jpeg: attempt to reallocate huffman table"); + data->huff_value[id] = grub_malloc (n); + if (grub_errno) + return grub_errno; diff --git a/SOURCES/0521-video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch b/SOURCES/0521-video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch new file mode 100644 index 0000000..b484648 --- /dev/null +++ b/SOURCES/0521-video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch @@ -0,0 +1,46 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Mon, 28 Jun 2021 14:25:17 +1000 +Subject: [PATCH] video/readers/jpeg: Refuse to handle multiple start of + streams + +An invalid file could contain multiple start of stream blocks, which +would cause us to reallocate and leak our bitmap. Refuse to handle +multiple start of streams. + +Additionally, fix a grub_error() call formatting. + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +(cherry picked from commit f3a854def3e281b7ad4bbea730cd3046de1da52f) +(cherry picked from commit db0154828989a0a52ee59a4dda8c3803752bc827) +(cherry picked from commit 75afb375ef46bc99a7faf5879d0283934e34db97) +--- + grub-core/video/readers/jpeg.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/grub-core/video/readers/jpeg.c b/grub-core/video/readers/jpeg.c +index caa211f06d..1df1171d78 100644 +--- a/grub-core/video/readers/jpeg.c ++++ b/grub-core/video/readers/jpeg.c +@@ -677,6 +677,9 @@ grub_jpeg_decode_sos (struct grub_jpeg_data *data) + if (data->file->offset != data_offset) + return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: extra byte in sos"); + ++ if (*data->bitmap) ++ return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: too many start of scan blocks"); ++ + if (grub_video_bitmap_create (data->bitmap, data->image_width, + data->image_height, + GRUB_VIDEO_BLIT_FORMAT_RGB_888)) +@@ -699,8 +702,8 @@ grub_jpeg_decode_data (struct grub_jpeg_data *data) + nc1 = (data->image_width + hb - 1) >> (3 + data->log_hs); + + if (data->bitmap_ptr == NULL) +- return grub_error(GRUB_ERR_BAD_FILE_TYPE, +- "jpeg: attempted to decode data before start of stream"); ++ return grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "jpeg: attempted to decode data before start of stream"); + + for (; data->r1 < nr1 && (!data->dri || rst); + data->r1++, data->bitmap_ptr += (vb * data->image_width - hb * nc1) * 3) diff --git a/SOURCES/0522-video-readers-jpeg-Block-int-underflow-wild-pointer-.patch b/SOURCES/0522-video-readers-jpeg-Block-int-underflow-wild-pointer-.patch new file mode 100644 index 0000000..90decbc --- /dev/null +++ b/SOURCES/0522-video-readers-jpeg-Block-int-underflow-wild-pointer-.patch @@ -0,0 +1,55 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Wed, 7 Jul 2021 15:38:19 +1000 +Subject: [PATCH] video/readers/jpeg: Block int underflow -> wild pointer write + +Certain 1 px wide images caused a wild pointer write in +grub_jpeg_ycrcb_to_rgb(). This was caused because in grub_jpeg_decode_data(), +we have the following loop: + +for (; data->r1 < nr1 && (!data->dri || rst); + data->r1++, data->bitmap_ptr += (vb * data->image_width - hb * nc1) * 3) + +We did not check if vb * width >= hb * nc1. + +On a 64-bit platform, if that turns out to be negative, it will underflow, +be interpreted as unsigned 64-bit, then be added to the 64-bit pointer, so +we see data->bitmap_ptr jump, e.g.: + +0x6180_0000_0480 to +0x6181_0000_0498 + ^ + ~--- carry has occurred and this pointer is now far away from + any object. + +On a 32-bit platform, it will decrement the pointer, creating a pointer +that won't crash but will overwrite random data. + +Catch the underflow and error out. + +Fixes: CVE-2021-3697 + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +(cherry picked from commit 41aeb2004db9924fecd9f2dd64bc2a5a5594a4b5) +(cherry picked from commit 5f9582490792108306d047379fed2371bee286f8) +(cherry picked from commit 7e4bf25d9bb5219fbf11c523296dc3bd78b80698) +--- + grub-core/video/readers/jpeg.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/grub-core/video/readers/jpeg.c b/grub-core/video/readers/jpeg.c +index 1df1171d78..2da04094b3 100644 +--- a/grub-core/video/readers/jpeg.c ++++ b/grub-core/video/readers/jpeg.c +@@ -705,6 +705,10 @@ grub_jpeg_decode_data (struct grub_jpeg_data *data) + return grub_error (GRUB_ERR_BAD_FILE_TYPE, + "jpeg: attempted to decode data before start of stream"); + ++ if (vb * data->image_width <= hb * nc1) ++ return grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "jpeg: cannot decode image with these dimensions"); ++ + for (; data->r1 < nr1 && (!data->dri || rst); + data->r1++, data->bitmap_ptr += (vb * data->image_width - hb * nc1) * 3) + for (c1 = 0; c1 < nc1 && (!data->dri || rst); diff --git a/SOURCES/0523-normal-charset-Fix-array-out-of-bounds-formatting-un.patch b/SOURCES/0523-normal-charset-Fix-array-out-of-bounds-formatting-un.patch new file mode 100644 index 0000000..6cbd3a5 --- /dev/null +++ b/SOURCES/0523-normal-charset-Fix-array-out-of-bounds-formatting-un.patch @@ -0,0 +1,36 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Tue, 13 Jul 2021 13:24:38 +1000 +Subject: [PATCH] normal/charset: Fix array out-of-bounds formatting unicode + for display + +In some cases attempting to display arbitrary binary strings leads +to ASAN splats reading the widthspec array out of bounds. + +Check the index. If it would be out of bounds, return a width of 1. +I don't know if that's strictly correct, but we're not really expecting +great display of arbitrary binary data, and it's certainly not worse than +an OOB read. + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +(cherry picked from commit fdf32abc7a3928852422c0f291d8cd1dd6b34a8d) +(cherry picked from commit f2c10aaf335b88a69885375c4d68ffab2429df77) +(cherry picked from commit 4c942e1ba8d1f1199a58d2eb139022ae22f75cb2) +--- + grub-core/normal/charset.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/grub-core/normal/charset.c b/grub-core/normal/charset.c +index f902b13b44..7b2de12001 100644 +--- a/grub-core/normal/charset.c ++++ b/grub-core/normal/charset.c +@@ -395,6 +395,8 @@ grub_unicode_estimate_width (const struct grub_unicode_glyph *c) + { + if (grub_unicode_get_comb_type (c->base)) + return 0; ++ if (((unsigned long) (c->base >> 3)) >= ARRAY_SIZE (widthspec)) ++ return 1; + if (widthspec[c->base >> 3] & (1 << (c->base & 7))) + return 2; + else diff --git a/SOURCES/0524-net-netbuff-Block-overly-large-netbuff-allocs.patch b/SOURCES/0524-net-netbuff-Block-overly-large-netbuff-allocs.patch new file mode 100644 index 0000000..5a59ff4 --- /dev/null +++ b/SOURCES/0524-net-netbuff-Block-overly-large-netbuff-allocs.patch @@ -0,0 +1,48 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Tue, 8 Mar 2022 23:47:46 +1100 +Subject: [PATCH] net/netbuff: Block overly large netbuff allocs + +A netbuff shouldn't be too huge. It's bounded by MTU and TCP segment +reassembly. + +This helps avoid some bugs (and provides a spot to instrument to catch +them at their source). + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +(cherry picked from commit ee9591103004cd13b4efadda671536090ca7fd57) +(cherry picked from commit acde668bb9d9fa862a1a63e3bbd5fa47fdfa9183) +(cherry picked from commit e47ad2eb4fe38ef2bdcab52245286f31170e73e3) +--- + grub-core/net/netbuff.c | 13 +++++++++++++ + 1 file changed, 13 insertions(+) + +diff --git a/grub-core/net/netbuff.c b/grub-core/net/netbuff.c +index dbeeefe478..d5e9e9a0d7 100644 +--- a/grub-core/net/netbuff.c ++++ b/grub-core/net/netbuff.c +@@ -79,10 +79,23 @@ grub_netbuff_alloc (grub_size_t len) + + COMPILE_TIME_ASSERT (NETBUFF_ALIGN % sizeof (grub_properly_aligned_t) == 0); + ++ /* ++ * The largest size of a TCP packet is 64 KiB, and everything else ++ * should be a lot smaller - most MTUs are 1500 or less. Cap data ++ * size at 64 KiB + a buffer. ++ */ ++ if (len > 0xffffUL + 0x1000UL) ++ { ++ grub_error (GRUB_ERR_BUG, ++ "attempted to allocate a packet that is too big"); ++ return NULL; ++ } ++ + if (len < NETBUFFMINLEN) + len = NETBUFFMINLEN; + + len = ALIGN_UP (len, NETBUFF_ALIGN); ++ + #ifdef GRUB_MACHINE_EMU + data = grub_malloc (len + sizeof (*nb)); + #else diff --git a/SOURCES/0525-net-ip-Do-IP-fragment-maths-safely.patch b/SOURCES/0525-net-ip-Do-IP-fragment-maths-safely.patch new file mode 100644 index 0000000..e4b8f45 --- /dev/null +++ b/SOURCES/0525-net-ip-Do-IP-fragment-maths-safely.patch @@ -0,0 +1,46 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Mon, 20 Dec 2021 19:41:21 +1100 +Subject: [PATCH] net/ip: Do IP fragment maths safely + +This avoids an underflow and subsequent unpleasantness. + +Fixes: CVE-2022-28733 + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +(cherry picked from commit eb74e5743ca7e18a5e75c392fe0b21d1549a1936) +(cherry picked from commit 552ad34583e788542e9ca08524a0d4bc8f98c297) +(cherry picked from commit 2c8cb7e3b8b48b136a950e5692fa6251b76df90e) +--- + grub-core/net/ip.c | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +diff --git a/grub-core/net/ip.c b/grub-core/net/ip.c +index 9a4e589aa3..c766ac65f5 100644 +--- a/grub-core/net/ip.c ++++ b/grub-core/net/ip.c +@@ -25,6 +25,7 @@ + #include + #include + #include ++#include + #include + + struct iphdr { +@@ -552,7 +553,14 @@ grub_net_recv_ip4_packets (struct grub_net_buff *nb, + { + rsm->total_len = (8 * (grub_be_to_cpu16 (iph->frags) & OFFSET_MASK) + + (nb->tail - nb->data)); +- rsm->total_len -= ((iph->verhdrlen & 0xf) * sizeof (grub_uint32_t)); ++ ++ if (grub_sub (rsm->total_len, (iph->verhdrlen & 0xf) * sizeof (grub_uint32_t), ++ &rsm->total_len)) ++ { ++ grub_dprintf ("net", "IP reassembly size underflow\n"); ++ return GRUB_ERR_NONE; ++ } ++ + rsm->asm_netbuff = grub_netbuff_alloc (rsm->total_len); + if (!rsm->asm_netbuff) + { diff --git a/SOURCES/0526-net-dns-Fix-double-free-addresses-on-corrupt-DNS-res.patch b/SOURCES/0526-net-dns-Fix-double-free-addresses-on-corrupt-DNS-res.patch new file mode 100644 index 0000000..11f6cb6 --- /dev/null +++ b/SOURCES/0526-net-dns-Fix-double-free-addresses-on-corrupt-DNS-res.patch @@ -0,0 +1,58 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Thu, 16 Sep 2021 01:29:54 +1000 +Subject: [PATCH] net/dns: Fix double-free addresses on corrupt DNS response + +grub_net_dns_lookup() takes as inputs a pointer to an array of addresses +("addresses") for the given name, and pointer to a number of addresses +("naddresses"). grub_net_dns_lookup() is responsible for allocating +"addresses", and the caller is responsible for freeing it if +"naddresses" > 0. + +The DNS recv_hook will sometimes set and free the addresses array, +for example if the packet is too short: + + if (ptr + 10 >= nb->tail) + { + if (!*data->naddresses) + grub_free (*data->addresses); + grub_netbuff_free (nb); + return GRUB_ERR_NONE; + } + +Later on the nslookup command code unconditionally frees the "addresses" +array. Normally this is fine: the array is either populated with valid +data or is NULL. But in these sorts of error cases it is neither NULL +nor valid and we get a double-free. + +Only free "addresses" if "naddresses" > 0. + +It looks like the other use of grub_net_dns_lookup() is not affected. + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +(cherry picked from commit eb2e69fcf51307757e43f55ee8c9354d1ee42dd1) +(cherry picked from commit d801a27e7acec6c1a83067fab0bb975877eaf704) +(cherry picked from commit 4d8b6e36ddfda4084e370b3b08c432e8a462e9be) +--- + grub-core/net/dns.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/grub-core/net/dns.c b/grub-core/net/dns.c +index 906ec7d678..135faac035 100644 +--- a/grub-core/net/dns.c ++++ b/grub-core/net/dns.c +@@ -667,9 +667,11 @@ grub_cmd_nslookup (struct grub_command *cmd __attribute__ ((unused)), + grub_net_addr_to_str (&addresses[i], buf); + grub_printf ("%s\n", buf); + } +- grub_free (addresses); + if (naddresses) +- return GRUB_ERR_NONE; ++ { ++ grub_free (addresses); ++ return GRUB_ERR_NONE; ++ } + return grub_error (GRUB_ERR_NET_NO_DOMAIN, N_("no DNS record found")); + } + diff --git a/SOURCES/0527-net-dns-Don-t-read-past-the-end-of-the-string-we-re-.patch b/SOURCES/0527-net-dns-Don-t-read-past-the-end-of-the-string-we-re-.patch new file mode 100644 index 0000000..d641a9e --- /dev/null +++ b/SOURCES/0527-net-dns-Don-t-read-past-the-end-of-the-string-we-re-.patch @@ -0,0 +1,73 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Mon, 20 Dec 2021 21:55:43 +1100 +Subject: [PATCH] net/dns: Don't read past the end of the string we're checking + against + +I don't really understand what's going on here but fuzzing found +a bug where we read past the end of check_with. That's a C string, +so use grub_strlen() to make sure we don't overread it. + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +(cherry picked from commit 6a97b3f4b1d5173aa516edc6dedbc63de7306d21) +(cherry picked from commit e0589624e86bc96666cbdb62f6e55cafec2871b3) +(cherry picked from commit 95ecbc0b9aacfd43ba96cccc50daaf39eccd9f7f) +--- + grub-core/net/dns.c | 19 ++++++++++++++++--- + 1 file changed, 16 insertions(+), 3 deletions(-) + +diff --git a/grub-core/net/dns.c b/grub-core/net/dns.c +index 135faac035..17961a9f18 100644 +--- a/grub-core/net/dns.c ++++ b/grub-core/net/dns.c +@@ -146,11 +146,18 @@ check_name_real (const grub_uint8_t *name_at, const grub_uint8_t *head, + int *length, char *set) + { + const char *readable_ptr = check_with; ++ int readable_len; + const grub_uint8_t *ptr; + char *optr = set; + int bytes_processed = 0; + if (length) + *length = 0; ++ ++ if (readable_ptr != NULL) ++ readable_len = grub_strlen (readable_ptr); ++ else ++ readable_len = 0; ++ + for (ptr = name_at; ptr < tail && bytes_processed < tail - head + 2; ) + { + /* End marker. */ +@@ -172,13 +179,16 @@ check_name_real (const grub_uint8_t *name_at, const grub_uint8_t *head, + ptr = head + (((ptr[0] & 0x3f) << 8) | ptr[1]); + continue; + } +- if (readable_ptr && grub_memcmp (ptr + 1, readable_ptr, *ptr) != 0) ++ if (readable_ptr != NULL && (*ptr > readable_len || grub_memcmp (ptr + 1, readable_ptr, *ptr) != 0)) + return 0; + if (grub_memchr (ptr + 1, 0, *ptr) + || grub_memchr (ptr + 1, '.', *ptr)) + return 0; + if (readable_ptr) +- readable_ptr += *ptr; ++ { ++ readable_ptr += *ptr; ++ readable_len -= *ptr; ++ } + if (readable_ptr && *readable_ptr != '.' && *readable_ptr != 0) + return 0; + bytes_processed += *ptr + 1; +@@ -192,7 +202,10 @@ check_name_real (const grub_uint8_t *name_at, const grub_uint8_t *head, + if (optr) + *optr++ = '.'; + if (readable_ptr && *readable_ptr) +- readable_ptr++; ++ { ++ readable_ptr++; ++ readable_len--; ++ } + ptr += *ptr + 1; + } + return 0; diff --git a/SOURCES/0528-net-tftp-Prevent-a-UAF-and-double-free-from-a-failed.patch b/SOURCES/0528-net-tftp-Prevent-a-UAF-and-double-free-from-a-failed.patch new file mode 100644 index 0000000..dc4aab2 --- /dev/null +++ b/SOURCES/0528-net-tftp-Prevent-a-UAF-and-double-free-from-a-failed.patch @@ -0,0 +1,114 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Mon, 20 Sep 2021 01:12:24 +1000 +Subject: [PATCH] net/tftp: Prevent a UAF and double-free from a failed seek + +A malicious tftp server can cause UAFs and a double free. + +An attempt to read from a network file is handled by grub_net_fs_read(). If +the read is at an offset other than the current offset, grub_net_seek_real() +is invoked. + +In grub_net_seek_real(), if a backwards seek cannot be satisfied from the +currently received packets, and the underlying transport does not provide +a seek method, then grub_net_seek_real() will close and reopen the network +protocol layer. + +For tftp, the ->close() call goes to tftp_close() and frees the tftp_data_t +file->data. The file->data pointer is not nulled out after the free. + +If the ->open() call fails, the file->data will not be reallocated and will +continue point to a freed memory block. This could happen from a server +refusing to send the requisite ack to the new tftp request, for example. + +The seek and the read will then fail, but the grub_file continues to exist: +the failed seek does not necessarily cause the entire file to be thrown +away (e.g. where the file is checked to see if it is gzipped/lzio/xz/etc., +a read failure is interpreted as a decompressor passing on the file, not as +an invalidation of the entire grub_file_t structure). + +This means subsequent attempts to read or seek the file will use the old +file->data after free. Eventually, the file will be close()d again and +file->data will be freed again. + +Mark a net_fs file that doesn't reopen as broken. Do not permit read() or +close() on a broken file (seek is not exposed directly to the file API - +it is only called as part of read, so this blocks seeks as well). + +As an additional defence, null out the ->data pointer if tftp_open() fails. +That would have lead to a simple null pointer dereference rather than +a mess of UAFs. + +This may affect other protocols, I haven't checked. + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +(cherry picked from commit dada1dda695439bb55b2848dddc2d89843552f81) +(cherry picked from commit 352c5ae8a9fc715712e6ecbd7ccb6218122c748f) +(cherry picked from commit 61a010085ab9f0ecf42677773a6fc212f1579b0a) +--- + grub-core/net/net.c | 11 +++++++++-- + grub-core/net/tftp.c | 1 + + include/grub/net.h | 1 + + 3 files changed, 11 insertions(+), 2 deletions(-) + +diff --git a/grub-core/net/net.c b/grub-core/net/net.c +index a27c53eee1..b9e2a4d100 100644 +--- a/grub-core/net/net.c ++++ b/grub-core/net/net.c +@@ -1625,7 +1625,8 @@ grub_net_fs_close (grub_file_t file) + grub_netbuff_free (file->device->net->packs.first->nb); + grub_net_remove_packet (file->device->net->packs.first); + } +- file->device->net->protocol->close (file); ++ if (!file->device->net->broken) ++ file->device->net->protocol->close (file); + grub_free (file->device->net->name); + return GRUB_ERR_NONE; + } +@@ -1847,7 +1848,10 @@ grub_net_seek_real (struct grub_file *file, grub_off_t offset) + file->device->net->stall = 0; + err = file->device->net->protocol->open (file, file->device->net->name); + if (err) +- return err; ++ { ++ file->device->net->broken = 1; ++ return err; ++ } + grub_net_fs_read_real (file, NULL, offset); + return grub_errno; + } +@@ -1856,6 +1860,9 @@ grub_net_seek_real (struct grub_file *file, grub_off_t offset) + static grub_ssize_t + grub_net_fs_read (grub_file_t file, char *buf, grub_size_t len) + { ++ if (file->device->net->broken) ++ return -1; ++ + if (file->offset != file->device->net->offset) + { + grub_err_t err; +diff --git a/grub-core/net/tftp.c b/grub-core/net/tftp.c +index aa0424dcee..85be965470 100644 +--- a/grub-core/net/tftp.c ++++ b/grub-core/net/tftp.c +@@ -402,6 +402,7 @@ tftp_open (struct grub_file *file, const char *filename) + { + grub_net_udp_close (data->sock); + grub_free (data); ++ file->data = NULL; + return grub_errno; + } + +diff --git a/include/grub/net.h b/include/grub/net.h +index 9cf6da6897..0d31f00664 100644 +--- a/include/grub/net.h ++++ b/include/grub/net.h +@@ -280,6 +280,7 @@ typedef struct grub_net + grub_fs_t fs; + int eof; + int stall; ++ int broken; + } *grub_net_t; + + extern grub_net_t (*EXPORT_VAR (grub_net_open)) (const char *name); diff --git a/SOURCES/0529-misc-Format-string-for-grub_error-should-be-a-litera.patch b/SOURCES/0529-misc-Format-string-for-grub_error-should-be-a-litera.patch new file mode 100644 index 0000000..ae0ec53 --- /dev/null +++ b/SOURCES/0529-misc-Format-string-for-grub_error-should-be-a-litera.patch @@ -0,0 +1,53 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Glenn Washburn +Date: Thu, 4 Mar 2021 18:22:32 -0600 +Subject: [PATCH] misc: Format string for grub_error() should be a literal + +Signed-off-by: Glenn Washburn +Reviewed-by: Daniel Kiper +(cherry-picked from commit 60875f4e15d704b875969b415501802b531c4db3) +--- + grub-core/loader/efi/chainloader.c | 2 +- + grub-core/net/tftp.c | 2 +- + grub-core/script/lexer.c | 2 +- + 3 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c +index 720f6181e5..8e658f713e 100644 +--- a/grub-core/loader/efi/chainloader.c ++++ b/grub-core/loader/efi/chainloader.c +@@ -79,7 +79,7 @@ grub_start_image (grub_efi_handle_t handle) + *grub_utf16_to_utf8 ((grub_uint8_t *) buf, + exit_data, exit_data_size) = 0; + +- grub_error (GRUB_ERR_BAD_OS, buf); ++ grub_error (GRUB_ERR_BAD_OS, "%s", buf); + grub_free (buf); + } + } +diff --git a/grub-core/net/tftp.c b/grub-core/net/tftp.c +index 85be965470..69a9ba6979 100644 +--- a/grub-core/net/tftp.c ++++ b/grub-core/net/tftp.c +@@ -253,7 +253,7 @@ tftp_receive (grub_net_udp_socket_t sock __attribute__ ((unused)), + case TFTP_ERROR: + data->have_oack = 1; + grub_netbuff_free (nb); +- grub_error (GRUB_ERR_IO, (char *) tftph->u.err.errmsg); ++ grub_error (GRUB_ERR_IO, "%s", tftph->u.err.errmsg); + grub_error_save (&data->save_err); + return GRUB_ERR_NONE; + default: +diff --git a/grub-core/script/lexer.c b/grub-core/script/lexer.c +index 5fb0cbd0bc..27daad791c 100644 +--- a/grub-core/script/lexer.c ++++ b/grub-core/script/lexer.c +@@ -349,7 +349,7 @@ void + grub_script_yyerror (struct grub_parser_param *state, char const *err) + { + if (err) +- grub_error (GRUB_ERR_INVALID_COMMAND, err); ++ grub_error (GRUB_ERR_INVALID_COMMAND, "%s", err); + + grub_print_error (); + state->err++; diff --git a/SOURCES/0530-net-tftp-Avoid-a-trivial-UAF.patch b/SOURCES/0530-net-tftp-Avoid-a-trivial-UAF.patch new file mode 100644 index 0000000..f6f77f3 --- /dev/null +++ b/SOURCES/0530-net-tftp-Avoid-a-trivial-UAF.patch @@ -0,0 +1,37 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Tue, 18 Jan 2022 14:29:20 +1100 +Subject: [PATCH] net/tftp: Avoid a trivial UAF + +Under tftp errors, we print a tftp error message from the tftp header. +However, the tftph pointer is a pointer inside nb, the netbuff. Previously, +we were freeing the nb and then dereferencing it. Don't do that, use it +and then free it later. + +This isn't really _bad_ per se, especially as we're single-threaded, but +it trips up fuzzers. + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +(cherry picked from commit 956f4329cec23e4375182030ca9b2be631a61ba5) +(cherry picked from commit dbe9abcdee6ce796811111b67e3f24eefe2135d1) +(cherry picked from commit 72ae9c5d389d2c0337c44edead6e00db0bb84039) +--- + grub-core/net/tftp.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/grub-core/net/tftp.c b/grub-core/net/tftp.c +index 69a9ba6979..09e1511ccf 100644 +--- a/grub-core/net/tftp.c ++++ b/grub-core/net/tftp.c +@@ -252,9 +252,9 @@ tftp_receive (grub_net_udp_socket_t sock __attribute__ ((unused)), + return GRUB_ERR_NONE; + case TFTP_ERROR: + data->have_oack = 1; +- grub_netbuff_free (nb); + grub_error (GRUB_ERR_IO, "%s", tftph->u.err.errmsg); + grub_error_save (&data->save_err); ++ grub_netbuff_free (nb); + return GRUB_ERR_NONE; + default: + grub_netbuff_free (nb); diff --git a/SOURCES/0531-net-http-Do-not-tear-down-socket-if-it-s-already-bee.patch b/SOURCES/0531-net-http-Do-not-tear-down-socket-if-it-s-already-bee.patch new file mode 100644 index 0000000..6fcb3c6 --- /dev/null +++ b/SOURCES/0531-net-http-Do-not-tear-down-socket-if-it-s-already-bee.patch @@ -0,0 +1,44 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Tue, 1 Mar 2022 23:14:15 +1100 +Subject: [PATCH] net/http: Do not tear down socket if it's already been torn + down + +It's possible for data->sock to get torn down in tcp error handling. +If we unconditionally tear it down again we will end up doing writes +to an offset of the NULL pointer when we go to tear it down again. + +Detect if it has been torn down and don't do it again. + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +(cherry picked from commit ec233d3ecf995293304de443579aab5c46c49e85) +(cherry picked from commit d39cf87ed701b9f0900daed7f672e07994d37ce8) +(cherry picked from commit e0aa5c3acec70eac3489d6df1893a93726cbce3a) +--- + grub-core/net/http.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/grub-core/net/http.c b/grub-core/net/http.c +index b52b558d63..5223ca57a4 100644 +--- a/grub-core/net/http.c ++++ b/grub-core/net/http.c +@@ -427,7 +427,7 @@ http_establish (struct grub_file *file, grub_off_t offset, int initial) + return err; + } + +- for (i = 0; !data->headers_recv && i < 100; i++) ++ for (i = 0; data->sock && !data->headers_recv && i < 100; i++) + { + grub_net_tcp_retransmit (); + grub_net_poll_cards (300, &data->headers_recv); +@@ -435,7 +435,8 @@ http_establish (struct grub_file *file, grub_off_t offset, int initial) + + if (!data->headers_recv) + { +- grub_net_tcp_close (data->sock, GRUB_NET_TCP_ABORT); ++ if (data->sock) ++ grub_net_tcp_close (data->sock, GRUB_NET_TCP_ABORT); + if (data->err) + { + char *str = data->errmsg; diff --git a/SOURCES/0532-net-http-Fix-OOB-write-for-split-http-headers.patch b/SOURCES/0532-net-http-Fix-OOB-write-for-split-http-headers.patch new file mode 100644 index 0000000..daabc9e --- /dev/null +++ b/SOURCES/0532-net-http-Fix-OOB-write-for-split-http-headers.patch @@ -0,0 +1,48 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Tue, 8 Mar 2022 18:17:03 +1100 +Subject: [PATCH] net/http: Fix OOB write for split http headers + +GRUB has special code for handling an http header that is split +across two packets. + +The code tracks the end of line by looking for a "\n" byte. The +code for split headers has always advanced the pointer just past the +end of the line, whereas the code that handles unsplit headers does +not advance the pointer. This extra advance causes the length to be +one greater, which breaks an assumption in parse_line(), leading to +it writing a NUL byte one byte past the end of the buffer where we +reconstruct the line from the two packets. + +It's conceivable that an attacker controlled set of packets could +cause this to zero out the first byte of the "next" pointer of the +grub_mm_region structure following the current_line buffer. + +Do not advance the pointer in the split header case. + +Fixes: CVE-2022-28734 + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +(cherry picked from commit e9fb459638811c12b0989dbf64e3e124974ef617) +(cherry picked from commit b604916beb6c39e8ed27f72851eb16f3eaa293c5) +(cherry picked from commit c3c6b1167a43275991efd6847160a46ce3839fae) +--- + grub-core/net/http.c | 4 +--- + 1 file changed, 1 insertion(+), 3 deletions(-) + +diff --git a/grub-core/net/http.c b/grub-core/net/http.c +index 5223ca57a4..7fa2dcaea7 100644 +--- a/grub-core/net/http.c ++++ b/grub-core/net/http.c +@@ -193,9 +193,7 @@ http_receive (grub_net_tcp_socket_t sock __attribute__ ((unused)), + int have_line = 1; + char *t; + ptr = grub_memchr (nb->data, '\n', nb->tail - nb->data); +- if (ptr) +- ptr++; +- else ++ if (ptr == NULL) + { + have_line = 0; + ptr = (char *) nb->tail; diff --git a/SOURCES/0533-net-http-Error-out-on-headers-with-LF-without-CR.patch b/SOURCES/0533-net-http-Error-out-on-headers-with-LF-without-CR.patch new file mode 100644 index 0000000..86a3b28 --- /dev/null +++ b/SOURCES/0533-net-http-Error-out-on-headers-with-LF-without-CR.patch @@ -0,0 +1,50 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Tue, 8 Mar 2022 19:04:40 +1100 +Subject: [PATCH] net/http: Error out on headers with LF without CR + +In a similar vein to the previous patch, parse_line() would write +a NUL byte past the end of the buffer if there was an HTTP header +with a LF rather than a CRLF. + +RFC-2616 says: + + Many HTTP/1.1 header field values consist of words separated by LWS + or special characters. These special characters MUST be in a quoted + string to be used within a parameter value (as defined in section 3.6). + +We don't support quoted sections or continuation lines, etc. + +If we see an LF that's not part of a CRLF, bail out. + +Fixes: CVE-2022-28734 + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +(cherry picked from commit d232ad41ac4979a9de4d746e5fdff9caf0e303de) +(cherry picked from commit 8960e6d6137090a7e8c6592077da6e387a4ef972) +(cherry picked from commit 9b6b9398c90dd76ce0b935d21c4ecb8954c4b2b7) +--- + grub-core/net/http.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/grub-core/net/http.c b/grub-core/net/http.c +index 7fa2dcaea7..745f429b51 100644 +--- a/grub-core/net/http.c ++++ b/grub-core/net/http.c +@@ -69,7 +69,15 @@ parse_line (grub_file_t file, http_data_t data, char *ptr, grub_size_t len) + char *end = ptr + len; + while (end > ptr && *(end - 1) == '\r') + end--; ++ ++ /* LF without CR. */ ++ if (end == ptr + len) ++ { ++ data->errmsg = grub_strdup (_("invalid HTTP header - LF without CR")); ++ return GRUB_ERR_NONE; ++ } + *end = 0; ++ + /* Trailing CRLF. */ + if (data->in_chunk_len == 1) + { diff --git a/SOURCES/0534-fs-f2fs-Do-not-read-past-the-end-of-nat-journal-entr.patch b/SOURCES/0534-fs-f2fs-Do-not-read-past-the-end-of-nat-journal-entr.patch new file mode 100644 index 0000000..684fc75 --- /dev/null +++ b/SOURCES/0534-fs-f2fs-Do-not-read-past-the-end-of-nat-journal-entr.patch @@ -0,0 +1,74 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Sudhakar Kuppusamy +Date: Wed, 6 Apr 2022 18:03:37 +0530 +Subject: [PATCH] fs/f2fs: Do not read past the end of nat journal entries + +A corrupt f2fs file system could specify a nat journal entry count +that is beyond the maximum NAT_JOURNAL_ENTRIES. + +Check if the specified nat journal entry count before accessing the +array, and throw an error if it is too large. + +Signed-off-by: Sudhakar Kuppusamy +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +(cherry picked from commit a3988cb3f0a108dd67ac127a79a4c8479d23334e) +(cherry picked from commit 7125978aa7d6068812ef6da0ab38ce521ae7eba1) +(cherry picked from commit e488538cbf9fc63796c7047550b0598e1ef95c03) +--- + grub-core/fs/f2fs.c | 21 ++++++++++++++------- + 1 file changed, 14 insertions(+), 7 deletions(-) + +diff --git a/grub-core/fs/f2fs.c b/grub-core/fs/f2fs.c +index 1cad2615f3..09dc932420 100644 +--- a/grub-core/fs/f2fs.c ++++ b/grub-core/fs/f2fs.c +@@ -632,23 +632,27 @@ get_nat_journal (struct grub_f2fs_data *data) + return err; + } + +-static grub_uint32_t +-get_blkaddr_from_nat_journal (struct grub_f2fs_data *data, grub_uint32_t nid) ++static grub_err_t ++get_blkaddr_from_nat_journal (struct grub_f2fs_data *data, grub_uint32_t nid, ++ grub_uint32_t *blkaddr) + { + grub_uint16_t n = grub_le_to_cpu16 (data->nat_j.n_nats); +- grub_uint32_t blkaddr = 0; + grub_uint16_t i; + ++ if (n >= NAT_JOURNAL_ENTRIES) ++ return grub_error (GRUB_ERR_BAD_FS, ++ "invalid number of nat journal entries"); ++ + for (i = 0; i < n; i++) + { + if (grub_le_to_cpu32 (data->nat_j.entries[i].nid) == nid) + { +- blkaddr = grub_le_to_cpu32 (data->nat_j.entries[i].ne.block_addr); ++ *blkaddr = grub_le_to_cpu32 (data->nat_j.entries[i].ne.block_addr); + break; + } + } + +- return blkaddr; ++ return GRUB_ERR_NONE; + } + + static grub_uint32_t +@@ -656,10 +660,13 @@ get_node_blkaddr (struct grub_f2fs_data *data, grub_uint32_t nid) + { + struct grub_f2fs_nat_block *nat_block; + grub_uint32_t seg_off, block_off, entry_off, block_addr; +- grub_uint32_t blkaddr; ++ grub_uint32_t blkaddr = 0; + grub_err_t err; + +- blkaddr = get_blkaddr_from_nat_journal (data, nid); ++ err = get_blkaddr_from_nat_journal (data, nid, &blkaddr); ++ if (err != GRUB_ERR_NONE) ++ return 0; ++ + if (blkaddr) + return blkaddr; + diff --git a/SOURCES/0535-fs-f2fs-Do-not-read-past-the-end-of-nat-bitmap.patch b/SOURCES/0535-fs-f2fs-Do-not-read-past-the-end-of-nat-bitmap.patch new file mode 100644 index 0000000..30ea7c6 --- /dev/null +++ b/SOURCES/0535-fs-f2fs-Do-not-read-past-the-end-of-nat-bitmap.patch @@ -0,0 +1,134 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Sudhakar Kuppusamy +Date: Wed, 6 Apr 2022 18:49:09 +0530 +Subject: [PATCH] fs/f2fs: Do not read past the end of nat bitmap + +A corrupt f2fs filesystem could have a block offset or a bitmap +offset that would cause us to read beyond the bounds of the nat +bitmap. + +Introduce the nat_bitmap_size member in grub_f2fs_data which holds +the size of nat bitmap. + +Set the size when loading the nat bitmap in nat_bitmap_ptr(), and +catch when an invalid offset would create a pointer past the end of +the allocated space. + +Check against the bitmap size in grub_f2fs_test_bit() test bit to avoid +reading past the end of the nat bitmap. + +Signed-off-by: Sudhakar Kuppusamy +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +(cherry picked from commit 62d63d5e38c67a6e349148bf7cb87c560e935a7e) +(cherry picked from commit 92219e6d379b5b4d30b05361830b72ab1d95d281) +(cherry picked from commit c23d97e3b56594bf0f802d94062e14b221143115) +--- + grub-core/fs/f2fs.c | 33 +++++++++++++++++++++++++++------ + 1 file changed, 27 insertions(+), 6 deletions(-) + +diff --git a/grub-core/fs/f2fs.c b/grub-core/fs/f2fs.c +index 09dc932420..33e565b180 100644 +--- a/grub-core/fs/f2fs.c ++++ b/grub-core/fs/f2fs.c +@@ -122,6 +122,7 @@ GRUB_MOD_LICENSE ("GPLv3+"); + #define F2FS_INLINE_DOTS 0x10 /* File having implicit dot dentries. */ + + #define MAX_VOLUME_NAME 512 ++#define MAX_NAT_BITMAP_SIZE 3900 + + enum FILE_TYPE + { +@@ -183,7 +184,7 @@ struct grub_f2fs_checkpoint + grub_uint32_t checksum_offset; + grub_uint64_t elapsed_time; + grub_uint8_t alloc_type[MAX_ACTIVE_LOGS]; +- grub_uint8_t sit_nat_version_bitmap[3900]; ++ grub_uint8_t sit_nat_version_bitmap[MAX_NAT_BITMAP_SIZE]; + grub_uint32_t checksum; + } GRUB_PACKED; + +@@ -302,6 +303,7 @@ struct grub_f2fs_data + + struct grub_f2fs_nat_journal nat_j; + char *nat_bitmap; ++ grub_uint32_t nat_bitmap_size; + + grub_disk_t disk; + struct grub_f2fs_node *inode; +@@ -377,15 +379,20 @@ sum_blk_addr (struct grub_f2fs_data *data, int base, int type) + } + + static void * +-nat_bitmap_ptr (struct grub_f2fs_data *data) ++nat_bitmap_ptr (struct grub_f2fs_data *data, grub_uint32_t *nat_bitmap_size) + { + struct grub_f2fs_checkpoint *ckpt = &data->ckpt; + grub_uint32_t offset; ++ *nat_bitmap_size = MAX_NAT_BITMAP_SIZE; + + if (grub_le_to_cpu32 (data->sblock.cp_payload) > 0) + return ckpt->sit_nat_version_bitmap; + + offset = grub_le_to_cpu32 (ckpt->sit_ver_bitmap_bytesize); ++ if (offset >= MAX_NAT_BITMAP_SIZE) ++ return NULL; ++ ++ *nat_bitmap_size = *nat_bitmap_size - offset; + + return ckpt->sit_nat_version_bitmap + offset; + } +@@ -438,11 +445,15 @@ grub_f2fs_crc_valid (grub_uint32_t blk_crc, void *buf, const grub_uint32_t len) + } + + static int +-grub_f2fs_test_bit (grub_uint32_t nr, const char *p) ++grub_f2fs_test_bit (grub_uint32_t nr, const char *p, grub_uint32_t len) + { + int mask; ++ grub_uint32_t shifted_nr = (nr >> 3); + +- p += (nr >> 3); ++ if (shifted_nr >= len) ++ return -1; ++ ++ p += shifted_nr; + mask = 1 << (7 - (nr & 0x07)); + + return mask & *p; +@@ -662,6 +673,7 @@ get_node_blkaddr (struct grub_f2fs_data *data, grub_uint32_t nid) + grub_uint32_t seg_off, block_off, entry_off, block_addr; + grub_uint32_t blkaddr = 0; + grub_err_t err; ++ int result_bit; + + err = get_blkaddr_from_nat_journal (data, nid, &blkaddr); + if (err != GRUB_ERR_NONE) +@@ -682,8 +694,15 @@ get_node_blkaddr (struct grub_f2fs_data *data, grub_uint32_t nid) + ((seg_off * data->blocks_per_seg) << 1) + + (block_off & (data->blocks_per_seg - 1)); + +- if (grub_f2fs_test_bit (block_off, data->nat_bitmap)) ++ result_bit = grub_f2fs_test_bit (block_off, data->nat_bitmap, ++ data->nat_bitmap_size); ++ if (result_bit > 0) + block_addr += data->blocks_per_seg; ++ else if (result_bit == -1) ++ { ++ grub_free (nat_block); ++ return 0; ++ } + + err = grub_f2fs_block_read (data, block_addr, nat_block); + if (err) +@@ -832,7 +851,9 @@ grub_f2fs_mount (grub_disk_t disk) + if (err) + goto fail; + +- data->nat_bitmap = nat_bitmap_ptr (data); ++ data->nat_bitmap = nat_bitmap_ptr (data, &data->nat_bitmap_size); ++ if (data->nat_bitmap == NULL) ++ goto fail; + + err = get_nat_journal (data); + if (err) diff --git a/SOURCES/0536-fs-f2fs-Do-not-copy-file-names-that-are-too-long.patch b/SOURCES/0536-fs-f2fs-Do-not-copy-file-names-that-are-too-long.patch new file mode 100644 index 0000000..5ab2414 --- /dev/null +++ b/SOURCES/0536-fs-f2fs-Do-not-copy-file-names-that-are-too-long.patch @@ -0,0 +1,40 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Sudhakar Kuppusamy +Date: Wed, 6 Apr 2022 18:17:43 +0530 +Subject: [PATCH] fs/f2fs: Do not copy file names that are too long + +A corrupt f2fs file system might specify a name length which is greater +than the maximum name length supported by the GRUB f2fs driver. + +We will allocate enough memory to store the overly long name, but there +are only F2FS_NAME_LEN bytes in the source, so we would read past the end +of the source. + +While checking directory entries, do not copy a file name with an invalid +length. + +Signed-off-by: Sudhakar Kuppusamy +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper +(cherry picked from commit 9a891f638509e031d322c94e3cbcf38d36f3993a) +(cherry picked from commit 13f9160ae0d2806baed459884999356817096cd7) +(cherry picked from commit a48ba4d48b3c66431e6bbeb386078efc6602110c) +--- + grub-core/fs/f2fs.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/grub-core/fs/f2fs.c b/grub-core/fs/f2fs.c +index 33e565b180..07ea34196c 100644 +--- a/grub-core/fs/f2fs.c ++++ b/grub-core/fs/f2fs.c +@@ -998,6 +998,10 @@ grub_f2fs_check_dentries (struct grub_f2fs_dir_iter_ctx *ctx) + + ftype = ctx->dentry[i].file_type; + name_len = grub_le_to_cpu16 (ctx->dentry[i].name_len); ++ ++ if (name_len >= F2FS_NAME_LEN) ++ return 0; ++ + filename = grub_malloc (name_len + 1); + if (!filename) + return 0; diff --git a/SOURCES/0537-fs-btrfs-Fix-several-fuzz-issues-with-invalid-dir-it.patch b/SOURCES/0537-fs-btrfs-Fix-several-fuzz-issues-with-invalid-dir-it.patch new file mode 100644 index 0000000..21e95cf --- /dev/null +++ b/SOURCES/0537-fs-btrfs-Fix-several-fuzz-issues-with-invalid-dir-it.patch @@ -0,0 +1,81 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Tue, 29 Mar 2022 10:49:56 +0000 +Subject: [PATCH] fs/btrfs: Fix several fuzz issues with invalid dir item + sizing + +According to the btrfs code in Linux, the structure of a directory item +leaf should be of the form: + + |struct btrfs_dir_item|name|data| + +in GRUB the name len and data len are in the grub_btrfs_dir_item +structure's n and m fields respectively. + +The combined size of the structure, name and data should be less than +the allocated memory, a difference to the Linux kernel's struct +btrfs_dir_item is that the grub_btrfs_dir_item has an extra field for +where the name is stored, so we adjust for that too. + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper +(cherry picked from commit 6d3f06c0b6a8992b9b1bb0e62af93ac5ff2781f0) +[rharwood: we've an extra variable here] +Signed-off-by: Robbie Harwood +(cherry picked from commit e3e21b9a81aea09dd43368cf097c1029a8380d82) +(cherry picked from commit ab14a39777edb60c99751d4fdf1cc254a4faebf5) +--- + grub-core/fs/btrfs.c | 26 ++++++++++++++++++++++++++ + 1 file changed, 26 insertions(+) + +diff --git a/grub-core/fs/btrfs.c b/grub-core/fs/btrfs.c +index 3faf9056c7..9da2952f70 100644 +--- a/grub-core/fs/btrfs.c ++++ b/grub-core/fs/btrfs.c +@@ -1834,6 +1834,7 @@ grub_btrfs_dir (grub_device_t device, const char *path, + grub_uint64_t tree; + grub_uint8_t type; + char *new_path = NULL; ++ grub_size_t est_size = 0; + + if (!data) + return grub_errno; +@@ -1900,6 +1901,18 @@ grub_btrfs_dir (grub_device_t device, const char *path, + break; + } + ++ if (direl == NULL || ++ grub_add (grub_le_to_cpu16 (direl->n), ++ grub_le_to_cpu16 (direl->m), &est_size) || ++ grub_add (est_size, sizeof (*direl), &est_size) || ++ grub_sub (est_size, sizeof (direl->name), &est_size) || ++ est_size > allocated) ++ { ++ grub_errno = GRUB_ERR_OUT_OF_RANGE; ++ r = -grub_errno; ++ goto out; ++ } ++ + for (cdirel = direl; + (grub_uint8_t *) cdirel - (grub_uint8_t *) direl + < (grub_ssize_t) elemsize; +@@ -1910,6 +1923,19 @@ grub_btrfs_dir (grub_device_t device, const char *path, + char c; + struct grub_btrfs_inode inode; + struct grub_dirhook_info info; ++ ++ if (cdirel == NULL || ++ grub_add (grub_le_to_cpu16 (cdirel->n), ++ grub_le_to_cpu16 (cdirel->m), &est_size) || ++ grub_add (est_size, sizeof (*cdirel), &est_size) || ++ grub_sub (est_size, sizeof (cdirel->name), &est_size) || ++ est_size > allocated) ++ { ++ grub_errno = GRUB_ERR_OUT_OF_RANGE; ++ r = -grub_errno; ++ goto out; ++ } ++ + err = grub_btrfs_read_inode (data, &inode, cdirel->key.object_id, + tree); + grub_memset (&info, 0, sizeof (info)); diff --git a/SOURCES/0538-efi-Return-grub_efi_status_t-from-grub_efi_get_varia.patch b/SOURCES/0538-efi-Return-grub_efi_status_t-from-grub_efi_get_varia.patch new file mode 100644 index 0000000..184165b --- /dev/null +++ b/SOURCES/0538-efi-Return-grub_efi_status_t-from-grub_efi_get_varia.patch @@ -0,0 +1,143 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Kiper +Date: Thu, 3 Dec 2020 16:01:46 +0100 +Subject: [PATCH] efi: Return grub_efi_status_t from grub_efi_get_variable() + +This is needed to properly detect and report UEFI Secure Boot status +to the x86 Linux kernel. The functionality will be added by subsequent +patches. + +Signed-off-by: Daniel Kiper +Signed-off-by: Marco A Benatto +Signed-off-by: Javier Martinez Canillas +Reviewed-by: Daniel Kiper +(cherry picked from commit 04ae030d0eea8668d4417702d88bf2cf04713d80) +--- + grub-core/commands/efi/efifwsetup.c | 8 ++++---- + grub-core/kern/efi/efi.c | 16 +++++++++------- + grub-core/video/efi_gop.c | 2 +- + include/grub/efi/efi.h | 7 ++++--- + 4 files changed, 18 insertions(+), 15 deletions(-) + +diff --git a/grub-core/commands/efi/efifwsetup.c b/grub-core/commands/efi/efifwsetup.c +index 7a137a72a2..eaca032838 100644 +--- a/grub-core/commands/efi/efifwsetup.c ++++ b/grub-core/commands/efi/efifwsetup.c +@@ -38,8 +38,8 @@ grub_cmd_fwsetup (grub_command_t cmd __attribute__ ((unused)), + grub_size_t oi_size; + grub_efi_guid_t global = GRUB_EFI_GLOBAL_VARIABLE_GUID; + +- old_os_indications = grub_efi_get_variable ("OsIndications", &global, +- &oi_size); ++ grub_efi_get_variable ("OsIndications", &global, &oi_size, ++ (void **) &old_os_indications); + + if (old_os_indications != NULL && oi_size == sizeof (os_indications)) + os_indications |= *old_os_indications; +@@ -63,8 +63,8 @@ efifwsetup_is_supported (void) + grub_size_t oi_size = 0; + grub_efi_guid_t global = GRUB_EFI_GLOBAL_VARIABLE_GUID; + +- os_indications_supported = grub_efi_get_variable ("OsIndicationsSupported", +- &global, &oi_size); ++ grub_efi_get_variable ("OsIndicationsSupported", &global, &oi_size, ++ (void **) &os_indications_supported); + + if (!os_indications_supported) + return 0; +diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c +index 2863956458..335033975d 100644 +--- a/grub-core/kern/efi/efi.c ++++ b/grub-core/kern/efi/efi.c +@@ -241,9 +241,9 @@ grub_efi_set_variable(const char *var, const grub_efi_guid_t *guid, + return grub_error (GRUB_ERR_IO, "could not set EFI variable `%s'", var); + } + +-void * ++grub_efi_status_t + grub_efi_get_variable (const char *var, const grub_efi_guid_t *guid, +- grub_size_t *datasize_out) ++ grub_size_t *datasize_out, void **data_out) + { + grub_efi_status_t status; + grub_efi_uintn_t datasize = 0; +@@ -252,13 +252,14 @@ grub_efi_get_variable (const char *var, const grub_efi_guid_t *guid, + void *data; + grub_size_t len, len16; + ++ *data_out = NULL; + *datasize_out = 0; + + len = grub_strlen (var); + len16 = len * GRUB_MAX_UTF16_PER_UTF8; + var16 = grub_calloc (len16 + 1, sizeof (var16[0])); + if (!var16) +- return NULL; ++ return GRUB_EFI_OUT_OF_RESOURCES; + len16 = grub_utf8_to_utf16 (var16, len16, (grub_uint8_t *) var, len, NULL); + var16[len16] = 0; + +@@ -269,14 +270,14 @@ grub_efi_get_variable (const char *var, const grub_efi_guid_t *guid, + if (status != GRUB_EFI_BUFFER_TOO_SMALL || !datasize) + { + grub_free (var16); +- return NULL; ++ return status; + } + + data = grub_malloc (datasize); + if (!data) + { + grub_free (var16); +- return NULL; ++ return GRUB_EFI_OUT_OF_RESOURCES; + } + + status = efi_call_5 (r->get_variable, var16, guid, NULL, &datasize, data); +@@ -284,12 +285,13 @@ grub_efi_get_variable (const char *var, const grub_efi_guid_t *guid, + + if (status == GRUB_EFI_SUCCESS) + { ++ *data_out = data; + *datasize_out = datasize; +- return data; ++ return status; + } + + grub_free (data); +- return NULL; ++ return status; + } + + #pragma GCC diagnostic ignored "-Wcast-align" +diff --git a/grub-core/video/efi_gop.c b/grub-core/video/efi_gop.c +index 9fcc41ac03..ec217db70f 100644 +--- a/grub-core/video/efi_gop.c ++++ b/grub-core/video/efi_gop.c +@@ -302,7 +302,7 @@ grub_video_gop_get_edid (struct grub_video_edid_info *edid_info) + char edidname[] = "agp-internal-edid"; + grub_size_t datasize; + grub_uint8_t *data; +- data = grub_efi_get_variable (edidname, &efi_var_guid, &datasize); ++ grub_efi_get_variable (edidname, &efi_var_guid, &datasize, (void **) &data); + if (data && datasize > 16) + { + copy_size = datasize - 16; +diff --git a/include/grub/efi/efi.h b/include/grub/efi/efi.h +index 4411ffa16b..90a85d7d9a 100644 +--- a/include/grub/efi/efi.h ++++ b/include/grub/efi/efi.h +@@ -113,9 +113,10 @@ grub_err_t EXPORT_FUNC (grub_efi_set_virtual_address_map) (grub_efi_uintn_t memo + grub_efi_uintn_t descriptor_size, + grub_efi_uint32_t descriptor_version, + grub_efi_memory_descriptor_t *virtual_map); +-void *EXPORT_FUNC (grub_efi_get_variable) (const char *variable, +- const grub_efi_guid_t *guid, +- grub_size_t *datasize_out); ++grub_efi_status_t EXPORT_FUNC (grub_efi_get_variable) (const char *variable, ++ const grub_efi_guid_t *guid, ++ grub_size_t *datasize_out, ++ void **data_out); + grub_err_t + EXPORT_FUNC (grub_efi_set_variable) (const char *var, + const grub_efi_guid_t *guid, diff --git a/SOURCES/0539-efi-Add-a-function-to-read-EFI-variables-with-attrib.patch b/SOURCES/0539-efi-Add-a-function-to-read-EFI-variables-with-attrib.patch new file mode 100644 index 0000000..526a123 --- /dev/null +++ b/SOURCES/0539-efi-Add-a-function-to-read-EFI-variables-with-attrib.patch @@ -0,0 +1,76 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Kiper +Date: Thu, 3 Dec 2020 16:01:47 +0100 +Subject: [PATCH] efi: Add a function to read EFI variables with attributes + +It will be used to properly detect and report UEFI Secure Boot status to +the x86 Linux kernel. The functionality will be added by subsequent patches. + +Signed-off-by: Ignat Korchagin +Signed-off-by: Daniel Kiper +Signed-off-by: Marco A Benatto +Signed-off-by: Javier Martinez Canillas +Reviewed-by: Daniel Kiper +(cherry picked from commit ac5c9367548750e75ed1e7fc4354a3d20186d733) +--- + grub-core/kern/efi/efi.c | 16 +++++++++++++--- + include/grub/efi/efi.h | 5 +++++ + 2 files changed, 18 insertions(+), 3 deletions(-) + +diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c +index 335033975d..fccea20a01 100644 +--- a/grub-core/kern/efi/efi.c ++++ b/grub-core/kern/efi/efi.c +@@ -242,8 +242,11 @@ grub_efi_set_variable(const char *var, const grub_efi_guid_t *guid, + } + + grub_efi_status_t +-grub_efi_get_variable (const char *var, const grub_efi_guid_t *guid, +- grub_size_t *datasize_out, void **data_out) ++grub_efi_get_variable_with_attributes (const char *var, ++ const grub_efi_guid_t *guid, ++ grub_size_t *datasize_out, ++ void **data_out, ++ grub_efi_uint32_t *attributes) + { + grub_efi_status_t status; + grub_efi_uintn_t datasize = 0; +@@ -280,7 +283,7 @@ grub_efi_get_variable (const char *var, const grub_efi_guid_t *guid, + return GRUB_EFI_OUT_OF_RESOURCES; + } + +- status = efi_call_5 (r->get_variable, var16, guid, NULL, &datasize, data); ++ status = efi_call_5 (r->get_variable, var16, guid, attributes, &datasize, data); + grub_free (var16); + + if (status == GRUB_EFI_SUCCESS) +@@ -294,6 +297,13 @@ grub_efi_get_variable (const char *var, const grub_efi_guid_t *guid, + return status; + } + ++grub_efi_status_t ++grub_efi_get_variable (const char *var, const grub_efi_guid_t *guid, ++ grub_size_t *datasize_out, void **data_out) ++{ ++ return grub_efi_get_variable_with_attributes (var, guid, datasize_out, data_out, NULL); ++} ++ + #pragma GCC diagnostic ignored "-Wcast-align" + + /* Search the mods section from the PE32/PE32+ image. This code uses +diff --git a/include/grub/efi/efi.h b/include/grub/efi/efi.h +index 90a85d7d9a..7af979b184 100644 +--- a/include/grub/efi/efi.h ++++ b/include/grub/efi/efi.h +@@ -113,6 +113,11 @@ grub_err_t EXPORT_FUNC (grub_efi_set_virtual_address_map) (grub_efi_uintn_t memo + grub_efi_uintn_t descriptor_size, + grub_efi_uint32_t descriptor_version, + grub_efi_memory_descriptor_t *virtual_map); ++grub_efi_status_t EXPORT_FUNC (grub_efi_get_variable_with_attributes) (const char *variable, ++ const grub_efi_guid_t *guid, ++ grub_size_t *datasize_out, ++ void **data_out, ++ grub_efi_uint32_t *attributes); + grub_efi_status_t EXPORT_FUNC (grub_efi_get_variable) (const char *variable, + const grub_efi_guid_t *guid, + grub_size_t *datasize_out, diff --git a/SOURCES/0540-Define-GRUB_EFI_SHIM_LOCK_GUID.patch b/SOURCES/0540-Define-GRUB_EFI_SHIM_LOCK_GUID.patch new file mode 100644 index 0000000..354ec29 --- /dev/null +++ b/SOURCES/0540-Define-GRUB_EFI_SHIM_LOCK_GUID.patch @@ -0,0 +1,31 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Robbie Harwood +Date: Wed, 11 May 2022 16:20:52 -0400 +Subject: [PATCH] Define GRUB_EFI_SHIM_LOCK_GUID + +Added in f76a27996c34900f2c369a8a0d6ac72ae2faa988 ("efi: Make shim_lock +GUID and protocol type public"), but that commit also manipulates the +lock protocol definition and some other guids we don't care about right +now. + +Signed-off-by: Robbie Harwood +--- + include/grub/efi/api.h | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/include/grub/efi/api.h b/include/grub/efi/api.h +index 37e7b16287..2a243fd290 100644 +--- a/include/grub/efi/api.h ++++ b/include/grub/efi/api.h +@@ -349,6 +349,11 @@ + { 0x86, 0x2e, 0xc0, 0x1c, 0xdc, 0x29, 0x1f, 0x44 } \ + } + ++#define GRUB_EFI_SHIM_LOCK_GUID \ ++ { 0x605dab50, 0xe046, 0x4300, \ ++ { 0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23 } \ ++ } ++ + struct grub_efi_sal_system_table + { + grub_uint32_t signature; diff --git a/SOURCES/0541-misc-Make-grub_min-and-grub_max-more-resilient.patch b/SOURCES/0541-misc-Make-grub_min-and-grub_max-more-resilient.patch new file mode 100644 index 0000000..bf1741b --- /dev/null +++ b/SOURCES/0541-misc-Make-grub_min-and-grub_max-more-resilient.patch @@ -0,0 +1,84 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Mon, 21 Mar 2022 16:06:10 -0400 +Subject: [PATCH] misc: Make grub_min() and grub_max() more resilient. + +grub_min(a,b) and grub_max(a,b) use a relatively naive implementation +which leads to several problems: +- they evaluate their parameters more than once +- the naive way to address this, to declare temporary variables in a + statement-expression, isn't resilient against nested uses, because + MIN(a,MIN(b,c)) results in the temporary variables being declared in + two nested scopes, which may result in a build warning depending on + your build options. + +This patch changes our implementation to use a statement-expression +inside a helper macro, and creates the symbols for the temporary +variables with __COUNTER__ (A GNU C cpp extension) and token pasting to +create uniquely named internal variables. + +Signed-off-by: Peter Jones +(cherry picked from commit 2d6800450fa731d7b3ef9893986806e88e819eb6) +(cherry picked from commit adaf6a5ae66fb8a23274e3030e9df2714d0fc396) +--- + grub-core/loader/multiboot_elfxx.c | 4 +--- + include/grub/misc.h | 25 +++++++++++++++++++++++-- + 2 files changed, 24 insertions(+), 5 deletions(-) + +diff --git a/grub-core/loader/multiboot_elfxx.c b/grub-core/loader/multiboot_elfxx.c +index f2318e0d16..87f6e31aa6 100644 +--- a/grub-core/loader/multiboot_elfxx.c ++++ b/grub-core/loader/multiboot_elfxx.c +@@ -35,9 +35,7 @@ + #endif + + #include +- +-#define CONCAT(a,b) CONCAT_(a, b) +-#define CONCAT_(a,b) a ## b ++#include + + #pragma GCC diagnostic ignored "-Wcast-align" + +diff --git a/include/grub/misc.h b/include/grub/misc.h +index 6be6a88f65..7ef1a1a87e 100644 +--- a/include/grub/misc.h ++++ b/include/grub/misc.h +@@ -35,6 +35,14 @@ + #define ARRAY_SIZE(array) (sizeof (array) / sizeof (array[0])) + #define COMPILE_TIME_ASSERT(cond) switch (0) { case 1: case !(cond): ; } + ++#ifndef CONCAT_ ++#define CONCAT_(a, b) a ## b ++#endif ++ ++#ifndef CONCAT ++#define CONCAT(a, b) CONCAT_(a, b) ++#endif ++ + #define grub_dprintf(condition, ...) grub_real_dprintf(GRUB_FILE, __LINE__, condition, __VA_ARGS__) + + void *EXPORT_FUNC(grub_memmove) (void *dest, const void *src, grub_size_t n); +@@ -524,7 +532,20 @@ void EXPORT_FUNC(grub_real_boot_time) (const char *file, + #define grub_boot_time(...) + #endif + +-#define grub_max(a, b) (((a) > (b)) ? (a) : (b)) +-#define grub_min(a, b) (((a) < (b)) ? (a) : (b)) ++#define _grub_min(a, b, _a, _b) \ ++ ({ typeof (a) _a = (a); \ ++ typeof (b) _b = (b); \ ++ _a < _b ? _a : _b; }) ++#define grub_min(a, b) _grub_min(a, b, \ ++ CONCAT(_a_,__COUNTER__), \ ++ CONCAT(_b_,__COUNTER__)) ++ ++#define _grub_max(a, b, _a, _b) \ ++ ({ typeof (a) _a = (a); \ ++ typeof (b) _b = (b); \ ++ _a > _b ? _a : _b; }) ++#define grub_max(a, b) _grub_max(a, b, \ ++ CONCAT(_a_,__COUNTER__), \ ++ CONCAT(_b_,__COUNTER__)) + + #endif /* ! GRUB_MISC_HEADER */ diff --git a/SOURCES/0542-ReiserFS-switch-to-using-grub_min-grub_max.patch b/SOURCES/0542-ReiserFS-switch-to-using-grub_min-grub_max.patch new file mode 100644 index 0000000..e8688dc --- /dev/null +++ b/SOURCES/0542-ReiserFS-switch-to-using-grub_min-grub_max.patch @@ -0,0 +1,94 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Thu, 21 Apr 2022 16:31:17 -0400 +Subject: [PATCH] ReiserFS: switch to using grub_min()/grub_max() + +This is a minor cleanup patch to remove the bespoke MIN() and MAX() +definitions from the reiserfs driver, and uses grub_min() / grub_max() +instead. + +Signed-off-by: Peter Jones +(cherry picked from commit 5fc601574fce99b32fe4dfb55bd8f3ab0175fd6a) +(cherry picked from commit 31e581893c564582c729fd0c033d3ce021854be8) +--- + grub-core/fs/reiserfs.c | 28 +++++++++------------------- + 1 file changed, 9 insertions(+), 19 deletions(-) + +diff --git a/grub-core/fs/reiserfs.c b/grub-core/fs/reiserfs.c +index 39736f63c6..9556c15ff0 100644 +--- a/grub-core/fs/reiserfs.c ++++ b/grub-core/fs/reiserfs.c +@@ -42,16 +42,6 @@ + + GRUB_MOD_LICENSE ("GPLv3+"); + +-#define MIN(a, b) \ +- ({ typeof (a) _a = (a); \ +- typeof (b) _b = (b); \ +- _a < _b ? _a : _b; }) +- +-#define MAX(a, b) \ +- ({ typeof (a) _a = (a); \ +- typeof (b) _b = (b); \ +- _a > _b ? _a : _b; }) +- + #define REISERFS_SUPER_BLOCK_OFFSET 0x10000 + #define REISERFS_MAGIC_LEN 12 + #define REISERFS_MAGIC_STRING "ReIsEr" +@@ -1076,7 +1066,7 @@ grub_reiserfs_read_real (struct grub_fshelp_node *node, + grub_reiserfs_set_key_type (&key, GRUB_REISERFS_ANY, 2); + initial_position = off; + current_position = 0; +- final_position = MIN (len + initial_position, node->size); ++ final_position = grub_min (len + initial_position, node->size); + grub_dprintf ("reiserfs", + "Reading from %lld to %lld (%lld instead of requested %ld)\n", + (unsigned long long) initial_position, +@@ -1115,8 +1105,8 @@ grub_reiserfs_read_real (struct grub_fshelp_node *node, + grub_dprintf ("reiserfs_blocktype", "D: %u\n", (unsigned) block); + if (initial_position < current_position + item_size) + { +- offset = MAX ((signed) (initial_position - current_position), 0); +- length = (MIN (item_size, final_position - current_position) ++ offset = grub_max ((signed) (initial_position - current_position), 0); ++ length = (grub_min (item_size, final_position - current_position) + - offset); + grub_dprintf ("reiserfs", + "Reading direct block %u from %u to %u...\n", +@@ -1161,9 +1151,9 @@ grub_reiserfs_read_real (struct grub_fshelp_node *node, + grub_dprintf ("reiserfs_blocktype", "I: %u\n", (unsigned) block); + if (current_position + block_size >= initial_position) + { +- offset = MAX ((signed) (initial_position - current_position), +- 0); +- length = (MIN (block_size, final_position - current_position) ++ offset = grub_max ((signed) (initial_position - current_position), ++ 0); ++ length = (grub_min (block_size, final_position - current_position) + - offset); + grub_dprintf ("reiserfs", + "Reading indirect block %u from %u to %u...\n", +@@ -1205,7 +1195,7 @@ grub_reiserfs_read_real (struct grub_fshelp_node *node, + switch (found.type) + { + case GRUB_REISERFS_DIRECT: +- read_length = MIN (len, item_size - file->offset); ++ read_length = grub_min (len, item_size - file->offset); + grub_disk_read (found.data->disk, + (found.block_number * block_size) / GRUB_DISK_SECTOR_SIZE, + grub_le_to_cpu16 (found.header.item_location) + file->offset, +@@ -1224,12 +1214,12 @@ grub_reiserfs_read_real (struct grub_fshelp_node *node, + item_size, (char *) indirect_block_ptr); + if (grub_errno) + goto fail; +- len = MIN (len, file->size - file->offset); ++ len = grub_min (len, file->size - file->offset); + for (indirect_block = file->offset / block_size; + indirect_block < indirect_block_count && read_length < len; + indirect_block++) + { +- read = MIN (block_size, len - read_length); ++ read = grub_min (block_size, len - read_length); + grub_disk_read (found.data->disk, + (grub_le_to_cpu32 (indirect_block_ptr[indirect_block]) * block_size) / GRUB_DISK_SECTOR_SIZE, + file->offset % block_size, read, diff --git a/SOURCES/0543-misc-make-grub_boot_time-also-call-grub_dprintf-boot.patch b/SOURCES/0543-misc-make-grub_boot_time-also-call-grub_dprintf-boot.patch new file mode 100644 index 0000000..37cb0a8 --- /dev/null +++ b/SOURCES/0543-misc-make-grub_boot_time-also-call-grub_dprintf-boot.patch @@ -0,0 +1,48 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Thu, 24 Mar 2022 14:40:01 -0400 +Subject: [PATCH] misc: make grub_boot_time() also call + grub_dprintf("boot",...) + +Currently grub_boot_time() includes valuable debugging messages, but if +you build without BOOT_TIME_STATS enabled, they are silently and +confusingly compiled away. + +This patch changes grub_boot_time() to also log when "boot" is enabled +in DEBUG, regardless of BOOT_TIME_STATS. + +Signed-off-by: Peter Jones +(cherry picked from commit 4fd282de00df05ce289467861deb7a0e186cfbd7) +(cherry picked from commit cc7e60a9f3ad1fa74b9cd48a7e66b1976f9a554a) +--- + grub-core/kern/misc.c | 3 ++- + include/grub/misc.h | 2 +- + 2 files changed, 3 insertions(+), 2 deletions(-) + +diff --git a/grub-core/kern/misc.c b/grub-core/kern/misc.c +index 859d71659a..b375e486a4 100644 +--- a/grub-core/kern/misc.c ++++ b/grub-core/kern/misc.c +@@ -1336,7 +1336,8 @@ grub_real_boot_time (const char *file, + n->next = 0; + + va_start (args, fmt); +- n->msg = grub_xvasprintf (fmt, args); ++ n->msg = grub_xvasprintf (fmt, args); ++ grub_dprintf ("boot", "%s\n", n->msg); + va_end (args); + + *boot_time_last = n; +diff --git a/include/grub/misc.h b/include/grub/misc.h +index 7ef1a1a87e..1b722c8185 100644 +--- a/include/grub/misc.h ++++ b/include/grub/misc.h +@@ -529,7 +529,7 @@ void EXPORT_FUNC(grub_real_boot_time) (const char *file, + const char *fmt, ...) __attribute__ ((format (GNU_PRINTF, 3, 4))); + #define grub_boot_time(...) grub_real_boot_time(GRUB_FILE, __LINE__, __VA_ARGS__) + #else +-#define grub_boot_time(...) ++#define grub_boot_time(fmt, ...) grub_dprintf("boot", fmt "\n", ##__VA_ARGS__) + #endif + + #define _grub_min(a, b, _a, _b) \ diff --git a/SOURCES/0544-modules-make-.module_license-read-only.patch b/SOURCES/0544-modules-make-.module_license-read-only.patch new file mode 100644 index 0000000..e5af3e9 --- /dev/null +++ b/SOURCES/0544-modules-make-.module_license-read-only.patch @@ -0,0 +1,32 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Thu, 24 Feb 2022 16:32:51 -0500 +Subject: [PATCH] modules: make .module_license read-only + +Currently .module_license is set writable (that is, the section has the +SHF_WRITE flag set) in the module's ELF headers. This probably never +actually matters, but it can't possibly be correct. + +This patch sets that data as "const", which causes that flag not to be +set. + +Signed-off-by: Peter Jones +(cherry picked from commit 2eff3e2c9d9e6b75daa81b840c96f112ef7d5de6) +(cherry picked from commit 3c3c1858d1c056eee660d67888be80e7eae498ca) +--- + include/grub/dl.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/include/grub/dl.h b/include/grub/dl.h +index 6a3e251b45..9ec6caf3f9 100644 +--- a/include/grub/dl.h ++++ b/include/grub/dl.h +@@ -121,7 +121,7 @@ grub_mod_fini (void) + #define ATTRIBUTE_USED __unused__ + #endif + #define GRUB_MOD_LICENSE(license) \ +- static char grub_module_license[] __attribute__ ((section (GRUB_MOD_SECTION (module_license)), ATTRIBUTE_USED)) = "LICENSE=" license; ++ static const char grub_module_license[] __attribute__ ((section (GRUB_MOD_SECTION (module_license)), ATTRIBUTE_USED)) = "LICENSE=" license; + #define GRUB_MOD_DEP(name) \ + static const char grub_module_depend_##name[] \ + __attribute__((section(GRUB_MOD_SECTION(moddeps)), ATTRIBUTE_USED)) = #name diff --git a/SOURCES/0545-modules-strip-.llvm_addrsig-sections-and-similar.patch b/SOURCES/0545-modules-strip-.llvm_addrsig-sections-and-similar.patch new file mode 100644 index 0000000..c8a17de --- /dev/null +++ b/SOURCES/0545-modules-strip-.llvm_addrsig-sections-and-similar.patch @@ -0,0 +1,41 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Thu, 24 Feb 2022 16:40:11 -0500 +Subject: [PATCH] modules: strip .llvm_addrsig sections and similar. + +Currently grub modules built with clang or gcc have several sections +which we don't actually need or support. + +We already have a list of section to skip in genmod.sh, and this patch +adds the following sections to that list (as well as a few newlines): + +.note.gnu.property +.llvm* + +Note that the glob there won't work without a new enough linker, but the +failure is just reversion to the status quo, so that's not a big problem. + +Signed-off-by: Peter Jones +(cherry picked from commit e85d1c4d795f8135ad0acfa36d64760d12d6fed1) +(cherry picked from commit d3024204b2e2c69ecb91392eeb87c1e6835c3743) +--- + grub-core/genmod.sh.in | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/grub-core/genmod.sh.in b/grub-core/genmod.sh.in +index 1250589b3f..c2c5280d75 100644 +--- a/grub-core/genmod.sh.in ++++ b/grub-core/genmod.sh.in +@@ -57,8 +57,11 @@ if test x@TARGET_APPLE_LINKER@ != x1; then + @TARGET_STRIP@ --strip-unneeded \ + -K grub_mod_init -K grub_mod_fini \ + -K _grub_mod_init -K _grub_mod_fini \ +- -R .note.gnu.gold-version -R .note.GNU-stack \ ++ -R .note.GNU-stack \ ++ -R .note.gnu.gold-version \ ++ -R .note.gnu.property \ + -R .gnu.build.attributes \ ++ -R '.llvm*' \ + -R .rel.gnu.build.attributes \ + -R .rela.gnu.build.attributes \ + -R .eh_frame -R .rela.eh_frame -R .rel.eh_frame \ diff --git a/SOURCES/0546-modules-Don-t-allocate-space-for-non-allocable-secti.patch b/SOURCES/0546-modules-Don-t-allocate-space-for-non-allocable-secti.patch new file mode 100644 index 0000000..2f3bc0c --- /dev/null +++ b/SOURCES/0546-modules-Don-t-allocate-space-for-non-allocable-secti.patch @@ -0,0 +1,37 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Mon, 21 Mar 2022 16:56:10 -0400 +Subject: [PATCH] modules: Don't allocate space for non-allocable sections. + +Currently when loading grub modules, we allocate space for all sections, +including those without SHF_ALLOC set. We then copy the sections that +/do/ have SHF_ALLOC set into the allocated memory, leaving some of our +allocation untouched forever. Additionally, on platforms with GOT +fixups and trampolines, we currently compute alignment round-ups for the +sections and sections with sh_size = 0. + +This patch removes the extra space from the allocation computation, and +makes the allocation computation loop skip empty sections as the loading +loop does. + +Signed-off-by: Peter Jones +(cherry picked from commit 03215e342f552396ab08125ea769b1e166417ec1) +(cherry picked from commit 91518751b9bcba078e3f4385f4b2f6c39cab49cd) +--- + grub-core/kern/dl.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c +index 520126beab..ba1b33c20b 100644 +--- a/grub-core/kern/dl.c ++++ b/grub-core/kern/dl.c +@@ -290,6 +290,9 @@ grub_dl_load_segments (grub_dl_t mod, const Elf_Ehdr *e) + i < e->e_shnum; + i++, s = (const Elf_Shdr *)((const char *) s + e->e_shentsize)) + { ++ if (s->sh_size == 0 || !(s->sh_flags & SHF_ALLOC)) ++ continue; ++ + tsize = ALIGN_UP (tsize, s->sh_addralign) + s->sh_size; + if (talign < s->sh_addralign) + talign = s->sh_addralign; diff --git a/SOURCES/0547-pe-add-the-DOS-header-struct-and-fix-some-bad-naming.patch b/SOURCES/0547-pe-add-the-DOS-header-struct-and-fix-some-bad-naming.patch new file mode 100644 index 0000000..f9c2234 --- /dev/null +++ b/SOURCES/0547-pe-add-the-DOS-header-struct-and-fix-some-bad-naming.patch @@ -0,0 +1,83 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Fri, 25 Mar 2022 15:40:12 -0400 +Subject: [PATCH] pe: add the DOS header struct and fix some bad naming. + +In order to properly validate a loaded kernel's support for being loaded +without a writable stack or executable, we need to be able to properly +parse arbitrary PE headers. + +Currently, pe32.h is written in such a way that the MS-DOS header that +tells us where to find the PE header in the binary can't be accessed. +Further, for some reason it calls the DOS MZ magic "GRUB_PE32_MAGIC". + +This patch adds the structure for the DOS header, renames the DOS magic +define, and adds defines for the actual PE magic. + +Signed-off-by: Peter Jones +(cherry picked from commit 955f47aa8300387eecf18b0866d21dde7720593d) +(cherry picked from commit 662744c2e986cb770fe49e71e019aaf33a66272d) +--- + grub-core/loader/arm64/linux.c | 2 +- + include/grub/efi/pe32.h | 28 ++++++++++++++++++++++++++-- + 2 files changed, 27 insertions(+), 3 deletions(-) + +diff --git a/grub-core/loader/arm64/linux.c b/grub-core/loader/arm64/linux.c +index e1923cf725..24ab0f0074 100644 +--- a/grub-core/loader/arm64/linux.c ++++ b/grub-core/loader/arm64/linux.c +@@ -57,7 +57,7 @@ grub_armxx_efi_linux_check_image (struct linux_armxx_kernel_header * lh) + if (lh->magic != GRUB_LINUX_ARMXX_MAGIC_SIGNATURE) + return grub_error(GRUB_ERR_BAD_OS, "invalid magic number"); + +- if ((lh->code0 & 0xffff) != GRUB_PE32_MAGIC) ++ if ((lh->code0 & 0xffff) != GRUB_DOS_MAGIC) + return grub_error (GRUB_ERR_NOT_IMPLEMENTED_YET, + N_("plain image kernel not supported - rebuild with CONFIG_(U)EFI_STUB enabled")); + +diff --git a/include/grub/efi/pe32.h b/include/grub/efi/pe32.h +index c03cc599f6..2241f6317b 100644 +--- a/include/grub/efi/pe32.h ++++ b/include/grub/efi/pe32.h +@@ -45,7 +45,30 @@ + + #define GRUB_PE32_MSDOS_STUB_SIZE 0x80 + +-#define GRUB_PE32_MAGIC 0x5a4d ++#define GRUB_DOS_MAGIC 0x5a4d ++ ++struct grub_dos_header ++{ ++ grub_uint16_t magic; ++ grub_uint16_t cblp; ++ grub_uint16_t cp; ++ grub_uint16_t crlc; ++ grub_uint16_t cparhdr; ++ grub_uint16_t minalloc; ++ grub_uint16_t maxalloc; ++ grub_uint16_t ss; ++ grub_uint16_t sp; ++ grub_uint16_t csum; ++ grub_uint16_t ip; ++ grub_uint16_t cs; ++ grub_uint16_t lfarlc; ++ grub_uint16_t ovno; ++ grub_uint16_t res0[4]; ++ grub_uint16_t oemid; ++ grub_uint16_t oeminfo; ++ grub_uint16_t res1[10]; ++ grub_uint32_t lfanew; ++}; + + /* According to the spec, the minimal alignment is 512 bytes... + But some examples (such as EFI drivers in the Intel +@@ -271,7 +294,8 @@ struct grub_pe32_section_table + + + +-#define GRUB_PE32_SIGNATURE_SIZE 4 ++#define GRUB_PE32_SIGNATURE_SIZE 4 ++#define GRUB_PE32_SIGNATURE "PE\0\0" + + struct grub_pe32_header + { diff --git a/SOURCES/0548-EFI-allocate-kernel-in-EFI_RUNTIME_SERVICES_CODE-ins.patch b/SOURCES/0548-EFI-allocate-kernel-in-EFI_RUNTIME_SERVICES_CODE-ins.patch new file mode 100644 index 0000000..8644e51 --- /dev/null +++ b/SOURCES/0548-EFI-allocate-kernel-in-EFI_RUNTIME_SERVICES_CODE-ins.patch @@ -0,0 +1,87 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Wed, 9 Feb 2022 16:08:20 -0500 +Subject: [PATCH] EFI: allocate kernel in EFI_RUNTIME_SERVICES_CODE instead of + EFI_LOADER_DATA. + +On some of the firmwares with more security mitigations, EFI_LOADER_DATA +doesn't get you executable memory, and we take a fault and reboot when +we enter kernel. + +This patch correctly allocates the kernel code as EFI_RUNTIME_SERVICES_CODE +rather than EFI_LOADER_DATA. + +Signed-off-by: Peter Jones +[rharwood: use kernel_size] +Signed-off-by: Robbie Harwood +(cherry picked from commit 8b31058a12d3e85f0f0180ac90b98d6465fccbb7) +(cherry picked from commit 460df66aab9b3a57fc0d14a21a595cd467c4b13e) +--- + grub-core/loader/i386/efi/linux.c | 19 +++++++++++++------ + 1 file changed, 13 insertions(+), 6 deletions(-) + +diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c +index 8337191921..3d4069e4c6 100644 +--- a/grub-core/loader/i386/efi/linux.c ++++ b/grub-core/loader/i386/efi/linux.c +@@ -86,7 +86,9 @@ kernel_free(void *addr, grub_efi_uintn_t size) + } + + static void * +-kernel_alloc(grub_efi_uintn_t size, const char * const errmsg) ++kernel_alloc(grub_efi_uintn_t size, ++ grub_efi_memory_type_t memtype, ++ const char * const errmsg) + { + void *addr = 0; + unsigned int i; +@@ -112,7 +114,7 @@ kernel_alloc(grub_efi_uintn_t size, const char * const errmsg) + prev_max = max; + addr = grub_efi_allocate_pages_real (max, pages, + max_addresses[i].alloc_type, +- GRUB_EFI_LOADER_DATA); ++ memtype); + if (addr) + grub_dprintf ("linux", "Allocated at %p\n", addr); + } +@@ -243,7 +245,8 @@ grub_cmd_initrd (grub_command_t cmd, int argc, char *argv[]) + } + } + +- initrd_mem = kernel_alloc(size, N_("can't allocate initrd")); ++ initrd_mem = kernel_alloc(size, GRUB_EFI_RUNTIME_SERVICES_DATA, ++ N_("can't allocate initrd")); + if (initrd_mem == NULL) + goto fail; + grub_dprintf ("linux", "initrd_mem = %p\n", initrd_mem); +@@ -411,7 +414,8 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + } + #endif + +- params = kernel_alloc (sizeof(*params), "cannot allocate kernel parameters"); ++ params = kernel_alloc (sizeof(*params), GRUB_EFI_RUNTIME_SERVICES_DATA, ++ "cannot allocate kernel parameters"); + if (!params) + goto fail; + grub_dprintf ("linux", "params = %p\n", params); +@@ -432,7 +436,9 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + grub_dprintf ("linux", "new lh is at %p\n", lh); + + grub_dprintf ("linux", "setting up cmdline\n"); +- cmdline = kernel_alloc (lh->cmdline_size + 1, N_("can't allocate cmdline")); ++ cmdline = kernel_alloc (lh->cmdline_size + 1, ++ GRUB_EFI_RUNTIME_SERVICES_DATA, ++ N_("can't allocate cmdline")); + if (!cmdline) + goto fail; + grub_dprintf ("linux", "cmdline = %p\n", cmdline); +@@ -478,7 +484,8 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + max_addresses[1].addr = GRUB_EFI_MAX_ALLOCATION_ADDRESS; + max_addresses[2].addr = GRUB_EFI_MAX_ALLOCATION_ADDRESS; + kernel_size = lh->init_size; +- kernel_mem = kernel_alloc (kernel_size, N_("can't allocate kernel")); ++ kernel_mem = kernel_alloc (kernel_size, GRUB_EFI_RUNTIME_SERVICES_CODE, ++ N_("can't allocate kernel")); + restore_addresses(); + if (!kernel_mem) + goto fail; diff --git a/SOURCES/0549-modules-load-module-sections-at-page-aligned-address.patch b/SOURCES/0549-modules-load-module-sections-at-page-aligned-address.patch new file mode 100644 index 0000000..44ecd2b --- /dev/null +++ b/SOURCES/0549-modules-load-module-sections-at-page-aligned-address.patch @@ -0,0 +1,360 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Mon, 21 Mar 2022 17:45:40 -0400 +Subject: [PATCH] modules: load module sections at page-aligned addresses + +Currently we load module sections at whatever alignment gcc+ld happened +to dump into the ELF section header, which is often pretty useless. For +example, by default time.mod has these sections on a current x86_64 +build: + +$ eu-readelf -a grub-core/time.mod |& grep ^Section -A13 +Section Headers: +[Nr] Name Type Addr Off Size ES Flags Lk Inf Al +[ 0] NULL 0 00000000 00000000 0 0 0 0 +[ 1] .text PROGBITS 0 00000040 0000015e 0 AX 0 0 1 +[ 2] .rela.text RELA 0 00000458 000001e0 24 I 8 1 8 +[ 3] .rodata.str1.1 PROGBITS 0 0000019e 000000a1 1 AMS 0 0 1 +[ 4] .module_license PROGBITS 0 00000240 0000000f 0 A 0 0 8 +[ 5] .data PROGBITS 0 0000024f 00000000 0 WA 0 0 1 +[ 6] .bss NOBITS 0 00000250 00000008 0 WA 0 0 8 +[ 7] .modname PROGBITS 0 00000250 00000005 0 0 0 1 +[ 8] .symtab SYMTAB 0 00000258 00000150 24 9 6 8 +[ 9] .strtab STRTAB 0 000003a8 000000ab 0 0 0 1 +[10] .shstrtab STRTAB 0 00000638 00000059 0 0 0 1 + +With NX protections being page based, loading sections with either a 1 +or 8 *byte* alignment does absolutely nothing to help us out. + +This patch switches most EFI platforms to load module sections at 4kB +page-aligned addresses. To do so, it adds an new per-arch function, +grub_arch_dl_min_alignment(), which returns the alignment needed for +dynamically loaded sections (in bytes). Currently it sets it to 4096 +when GRUB_MACHINE_EFI is true on x86_64, i386, arm, arm64, and emu, and +1-byte alignment on everything else. + +It then changes the allocation size computation and the loader code in +grub_dl_load_segments() to align the locations and sizes up to these +boundaries, and fills any added padding with zeros. + +All of this happens before relocations are applied, so the relocations +factor that in with no change. + +As an aside, initially Daniel Kiper and I thought that it might be a +better idea to split the modules up into top-level sections as +.text.modules, .rodata.modules, .data.modules, etc., so that their page +permissions would get set by the loader that's loading grub itself. +This turns out to have two significant downsides: 1) either in mkimage +or in grub_dl_relocate_symbols(), you wind up having to dynamically +process the relocations to accommodate the moved module sections, and 2) +you then need to change the permissions on the modules and change them +back while relocating them in grub_dl_relocate_symbols(), which means +that any loader that /does/ honor the section flags but does /not/ +generally support NX with the memory attributes API will cause grub to +fail. + +Signed-off-by: Peter Jones +(cherry picked from commit 31d52500b281619d92b03b2c2d30fe15aedaf326) +(cherry picked from commit 04f1df6b665493e38de66018aebe377fdac4ceec) +[rharwood: not risc-v yet] +Signed-off-by: Robbie Harwood +--- + grub-core/kern/arm/dl.c | 13 +++++++++++++ + grub-core/kern/arm64/dl.c | 13 +++++++++++++ + grub-core/kern/dl.c | 29 +++++++++++++++++++++-------- + grub-core/kern/emu/full.c | 13 +++++++++++++ + grub-core/kern/i386/dl.c | 13 +++++++++++++ + grub-core/kern/ia64/dl.c | 9 +++++++++ + grub-core/kern/mips/dl.c | 8 ++++++++ + grub-core/kern/powerpc/dl.c | 9 +++++++++ + grub-core/kern/sparc64/dl.c | 9 +++++++++ + grub-core/kern/x86_64/dl.c | 13 +++++++++++++ + include/grub/dl.h | 2 ++ + docs/grub-dev.texi | 6 +++--- + 12 files changed, 126 insertions(+), 11 deletions(-) + +diff --git a/grub-core/kern/arm/dl.c b/grub-core/kern/arm/dl.c +index eab9d17ff2..9260737936 100644 +--- a/grub-core/kern/arm/dl.c ++++ b/grub-core/kern/arm/dl.c +@@ -278,3 +278,16 @@ grub_arch_dl_check_header (void *ehdr) + + return GRUB_ERR_NONE; + } ++ ++/* ++ * Tell the loader what our minimum section alignment is. ++ */ ++grub_size_t ++grub_arch_dl_min_alignment (void) ++{ ++#ifdef GRUB_MACHINE_EFI ++ return 4096; ++#else ++ return 1; ++#endif ++} +diff --git a/grub-core/kern/arm64/dl.c b/grub-core/kern/arm64/dl.c +index fb03373190..826f8e721e 100644 +--- a/grub-core/kern/arm64/dl.c ++++ b/grub-core/kern/arm64/dl.c +@@ -191,3 +191,16 @@ grub_arch_dl_relocate_symbols (grub_dl_t mod, void *ehdr, + + return GRUB_ERR_NONE; + } ++ ++/* ++ * Tell the loader what our minimum section alignment is. ++ */ ++grub_size_t ++grub_arch_dl_min_alignment (void) ++{ ++#ifdef GRUB_MACHINE_EFI ++ return 4096; ++#else ++ return 1; ++#endif ++} +diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c +index ba1b33c20b..5c2153acf9 100644 +--- a/grub-core/kern/dl.c ++++ b/grub-core/kern/dl.c +@@ -278,7 +278,7 @@ grub_dl_load_segments (grub_dl_t mod, const Elf_Ehdr *e) + { + unsigned i; + const Elf_Shdr *s; +- grub_size_t tsize = 0, talign = 1; ++ grub_size_t tsize = 0, talign = 1, arch_addralign = 1; + #if !defined (__i386__) && !defined (__x86_64__) + grub_size_t tramp; + grub_size_t got; +@@ -286,16 +286,24 @@ grub_dl_load_segments (grub_dl_t mod, const Elf_Ehdr *e) + #endif + char *ptr; + ++ arch_addralign = grub_arch_dl_min_alignment (); ++ + for (i = 0, s = (const Elf_Shdr *)((const char *) e + e->e_shoff); + i < e->e_shnum; + i++, s = (const Elf_Shdr *)((const char *) s + e->e_shentsize)) + { ++ grub_size_t sh_addralign; ++ grub_size_t sh_size; ++ + if (s->sh_size == 0 || !(s->sh_flags & SHF_ALLOC)) + continue; + +- tsize = ALIGN_UP (tsize, s->sh_addralign) + s->sh_size; +- if (talign < s->sh_addralign) +- talign = s->sh_addralign; ++ sh_addralign = ALIGN_UP(s->sh_addralign, arch_addralign); ++ sh_size = ALIGN_UP(s->sh_size, sh_addralign); ++ ++ tsize = ALIGN_UP (tsize, sh_addralign) + sh_size; ++ if (talign < sh_addralign) ++ talign = sh_addralign; + } + + #if !defined (__i386__) && !defined (__x86_64__) +@@ -324,6 +332,9 @@ grub_dl_load_segments (grub_dl_t mod, const Elf_Ehdr *e) + i < e->e_shnum; + i++, s = (Elf_Shdr *)((char *) s + e->e_shentsize)) + { ++ grub_size_t sh_addralign = ALIGN_UP(s->sh_addralign, arch_addralign); ++ grub_size_t sh_size = ALIGN_UP(s->sh_size, sh_addralign); ++ + if (s->sh_flags & SHF_ALLOC) + { + grub_dl_segment_t seg; +@@ -336,17 +347,19 @@ grub_dl_load_segments (grub_dl_t mod, const Elf_Ehdr *e) + { + void *addr; + +- ptr = (char *) ALIGN_UP ((grub_addr_t) ptr, s->sh_addralign); ++ ptr = (char *) ALIGN_UP ((grub_addr_t) ptr, sh_addralign); + addr = ptr; +- ptr += s->sh_size; ++ ptr += sh_size; + + switch (s->sh_type) + { + case SHT_PROGBITS: + grub_memcpy (addr, (char *) e + s->sh_offset, s->sh_size); ++ grub_memset ((char *)addr + s->sh_size, 0, ++ sh_size - s->sh_size); + break; + case SHT_NOBITS: +- grub_memset (addr, 0, s->sh_size); ++ grub_memset (addr, 0, sh_size); + break; + } + +@@ -355,7 +368,7 @@ grub_dl_load_segments (grub_dl_t mod, const Elf_Ehdr *e) + else + seg->addr = 0; + +- seg->size = s->sh_size; ++ seg->size = sh_size; + seg->section = i; + seg->next = mod->segment; + mod->segment = seg; +diff --git a/grub-core/kern/emu/full.c b/grub-core/kern/emu/full.c +index e8d63b1f5f..1de1c28eb0 100644 +--- a/grub-core/kern/emu/full.c ++++ b/grub-core/kern/emu/full.c +@@ -67,3 +67,16 @@ grub_arch_dl_init_linker (void) + } + #endif + ++ ++/* ++ * Tell the loader what our minimum section alignment is. ++ */ ++grub_size_t ++grub_arch_dl_min_alignment (void) ++{ ++#ifdef GRUB_MACHINE_EFI ++ return 4096; ++#else ++ return 1; ++#endif ++} +diff --git a/grub-core/kern/i386/dl.c b/grub-core/kern/i386/dl.c +index 1346da5cc9..d6b4681fc9 100644 +--- a/grub-core/kern/i386/dl.c ++++ b/grub-core/kern/i386/dl.c +@@ -79,3 +79,16 @@ grub_arch_dl_relocate_symbols (grub_dl_t mod, void *ehdr, + + return GRUB_ERR_NONE; + } ++ ++/* ++ * Tell the loader what our minimum section alignment is. ++ */ ++grub_size_t ++grub_arch_dl_min_alignment (void) ++{ ++#ifdef GRUB_MACHINE_EFI ++ return 4096; ++#else ++ return 1; ++#endif ++} +diff --git a/grub-core/kern/ia64/dl.c b/grub-core/kern/ia64/dl.c +index ebcf316298..3bb753a89b 100644 +--- a/grub-core/kern/ia64/dl.c ++++ b/grub-core/kern/ia64/dl.c +@@ -143,3 +143,12 @@ grub_arch_dl_relocate_symbols (grub_dl_t mod, void *ehdr, + } + return GRUB_ERR_NONE; + } ++ ++/* ++ * Tell the loader what our minimum section alignment is. ++ */ ++grub_size_t ++grub_arch_dl_min_alignment (void) ++{ ++ return 1; ++} +diff --git a/grub-core/kern/mips/dl.c b/grub-core/kern/mips/dl.c +index 5d7d299c74..6d83bd71e9 100644 +--- a/grub-core/kern/mips/dl.c ++++ b/grub-core/kern/mips/dl.c +@@ -272,3 +272,11 @@ grub_arch_dl_init_linker (void) + grub_dl_register_symbol ("_gp_disp", &_gp_disp_dummy, 0, 0); + } + ++/* ++ * Tell the loader what our minimum section alignment is. ++ */ ++grub_size_t ++grub_arch_dl_min_alignment (void) ++{ ++ return 1; ++} +diff --git a/grub-core/kern/powerpc/dl.c b/grub-core/kern/powerpc/dl.c +index 3a7fa3ed3d..577e27d871 100644 +--- a/grub-core/kern/powerpc/dl.c ++++ b/grub-core/kern/powerpc/dl.c +@@ -165,3 +165,12 @@ grub_arch_dl_relocate_symbols (grub_dl_t mod, void *ehdr, + + return GRUB_ERR_NONE; + } ++ ++/* ++ * Tell the loader what our minimum section alignment is. ++ */ ++grub_size_t ++grub_arch_dl_min_alignment (void) ++{ ++ return 1; ++} +diff --git a/grub-core/kern/sparc64/dl.c b/grub-core/kern/sparc64/dl.c +index 739be47174..c741c1782e 100644 +--- a/grub-core/kern/sparc64/dl.c ++++ b/grub-core/kern/sparc64/dl.c +@@ -184,3 +184,12 @@ grub_arch_dl_relocate_symbols (grub_dl_t mod, void *ehdr, + + return GRUB_ERR_NONE; + } ++ ++/* ++ * Tell the loader what our minimum section alignment is. ++ */ ++grub_size_t ++grub_arch_dl_min_alignment (void) ++{ ++ return 1; ++} +diff --git a/grub-core/kern/x86_64/dl.c b/grub-core/kern/x86_64/dl.c +index 3a73e6e6ce..6c20b7c367 100644 +--- a/grub-core/kern/x86_64/dl.c ++++ b/grub-core/kern/x86_64/dl.c +@@ -114,3 +114,16 @@ grub_arch_dl_relocate_symbols (grub_dl_t mod, void *ehdr, + + return GRUB_ERR_NONE; + } ++ ++/* ++ * Tell the loader what our minimum section alignment is. ++ */ ++grub_size_t ++grub_arch_dl_min_alignment (void) ++{ ++#ifdef GRUB_MACHINE_EFI ++ return 4096; ++#else ++ return 1; ++#endif ++} +diff --git a/include/grub/dl.h b/include/grub/dl.h +index 9ec6caf3f9..dd4c3e7ff4 100644 +--- a/include/grub/dl.h ++++ b/include/grub/dl.h +@@ -280,6 +280,8 @@ grub_err_t grub_arch_dl_check_header (void *ehdr); + grub_err_t + grub_arch_dl_relocate_symbols (grub_dl_t mod, void *ehdr, + Elf_Shdr *s, grub_dl_segment_t seg); ++grub_size_t ++grub_arch_dl_min_alignment (void); + #endif + + #if defined (_mips) +diff --git a/docs/grub-dev.texi b/docs/grub-dev.texi +index 03d53498c5..dbfb94bc06 100644 +--- a/docs/grub-dev.texi ++++ b/docs/grub-dev.texi +@@ -638,9 +638,9 @@ declare startup asm file ($cpu_$platform_startup) as well as any other files + (e.g. init.c and callwrap.S) (e.g. $cpu_$platform = kern/$cpu/$platform/init.c). + At this stage you will also need to add dummy dl.c and cache.S with functions + grub_err_t grub_arch_dl_check_header (void *ehdr), grub_err_t +-grub_arch_dl_relocate_symbols (grub_dl_t mod, void *ehdr) (dl.c) and +-void grub_arch_sync_caches (void *address, grub_size_t len) (cache.S). They +-won't be used for now. ++grub_arch_dl_relocate_symbols (grub_dl_t mod, void *ehdr) (dl.c), grub_uint32_t ++grub_arch_dl_min_alignment (void), and void grub_arch_sync_caches (void ++*address, grub_size_t len) (cache.S). They won't be used for now. + + You will need to create directory include/$cpu/$platform and a file + include/$cpu/types.h. The later folowing this template: diff --git a/SOURCES/0550-nx-add-memory-attribute-get-set-API.patch b/SOURCES/0550-nx-add-memory-attribute-get-set-API.patch new file mode 100644 index 0000000..41ae1d0 --- /dev/null +++ b/SOURCES/0550-nx-add-memory-attribute-get-set-API.patch @@ -0,0 +1,320 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Tue, 22 Mar 2022 10:56:21 -0400 +Subject: [PATCH] nx: add memory attribute get/set API + +For NX, we need to set the page access permission attributes for write +and execute permissions. + +This patch adds two new primitives, grub_set_mem_attrs() and +grub_clear_mem_attrs(), and associated constant definitions, to be used +for that purpose. + +For most platforms, it adds a dummy implementation that returns +GRUB_ERR_NONE. On EFI platforms, it adds a common helper function, +grub_efi_status_to_err(), which translates EFI error codes to grub error +codes, adds headers for the EFI Memory Attribute Protocol (still pending +standardization), and an implementation of the grub nx primitives using +it. + +Signed-off-by: Peter Jones +[rharwood: add pjones's none/nyi fixup] +(cherry picked from commit 35de78a8d32b9fad5291ec96fd3cbb9cf2f4a80b) +(cherry picked from commit 46cb4f9557bdba1db0a17d012df705d94d81a9f6) +[rharwood: context fuzz, guids] +Signed-off-by: Robbie Harwood +--- + grub-core/kern/efi/efi.c | 36 +++++++++++++ + grub-core/kern/efi/mm.c | 131 +++++++++++++++++++++++++++++++++++++++++++++++ + include/grub/efi/api.h | 25 +++++++++ + include/grub/efi/efi.h | 2 + + include/grub/mm.h | 32 ++++++++++++ + 5 files changed, 226 insertions(+) + +diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c +index fccea20a01..09468dc5d5 100644 +--- a/grub-core/kern/efi/efi.c ++++ b/grub-core/kern/efi/efi.c +@@ -1093,3 +1093,39 @@ grub_efi_compare_device_paths (const grub_efi_device_path_t *dp1, + + return 0; + } ++ ++grub_err_t ++grub_efi_status_to_err (grub_efi_status_t status) ++{ ++ grub_err_t err; ++ switch (status) ++ { ++ case GRUB_EFI_SUCCESS: ++ err = GRUB_ERR_NONE; ++ break; ++ case GRUB_EFI_INVALID_PARAMETER: ++ default: ++ err = GRUB_ERR_BAD_ARGUMENT; ++ break; ++ case GRUB_EFI_OUT_OF_RESOURCES: ++ err = GRUB_ERR_OUT_OF_MEMORY; ++ break; ++ case GRUB_EFI_DEVICE_ERROR: ++ err = GRUB_ERR_IO; ++ break; ++ case GRUB_EFI_WRITE_PROTECTED: ++ err = GRUB_ERR_WRITE_ERROR; ++ break; ++ case GRUB_EFI_SECURITY_VIOLATION: ++ err = GRUB_ERR_ACCESS_DENIED; ++ break; ++ case GRUB_EFI_NOT_FOUND: ++ err = GRUB_ERR_FILE_NOT_FOUND; ++ break; ++ case GRUB_EFI_ABORTED: ++ err = GRUB_ERR_WAIT; ++ break; ++ } ++ ++ return err; ++} +diff --git a/grub-core/kern/efi/mm.c b/grub-core/kern/efi/mm.c +index 9e76f23e5f..2cf4a4883a 100644 +--- a/grub-core/kern/efi/mm.c ++++ b/grub-core/kern/efi/mm.c +@@ -730,3 +730,134 @@ grub_efi_get_ram_base(grub_addr_t *base_addr) + return GRUB_ERR_NONE; + } + #endif ++ ++static inline grub_uint64_t ++grub_mem_attrs_to_uefi_mem_attrs (grub_uint64_t attrs) ++{ ++ grub_uint64_t ret = GRUB_EFI_MEMORY_RP | ++ GRUB_EFI_MEMORY_RO | ++ GRUB_EFI_MEMORY_XP; ++ ++ if (attrs & GRUB_MEM_ATTR_R) ++ ret &= ~GRUB_EFI_MEMORY_RP; ++ ++ if (attrs & GRUB_MEM_ATTR_W) ++ ret &= ~GRUB_EFI_MEMORY_RO; ++ ++ if (attrs & GRUB_MEM_ATTR_X) ++ ret &= ~GRUB_EFI_MEMORY_XP; ++ ++ return ret; ++} ++ ++static inline grub_uint64_t ++uefi_mem_attrs_to_grub_mem_attrs (grub_uint64_t attrs) ++{ ++ grub_uint64_t ret = GRUB_MEM_ATTR_R | ++ GRUB_MEM_ATTR_W | ++ GRUB_MEM_ATTR_X; ++ ++ if (attrs & GRUB_EFI_MEMORY_RP) ++ ret &= ~GRUB_MEM_ATTR_R; ++ ++ if (attrs & GRUB_EFI_MEMORY_RO) ++ ret &= ~GRUB_MEM_ATTR_W; ++ ++ if (attrs & GRUB_EFI_MEMORY_XP) ++ ret &= ~GRUB_MEM_ATTR_X; ++ ++ return ret; ++} ++ ++grub_err_t ++grub_get_mem_attrs (grub_addr_t addr, grub_size_t size, grub_uint64_t *attrs) ++{ ++ grub_efi_memory_attribute_protocol_t *proto; ++ grub_efi_physical_address_t physaddr = addr; ++ grub_efi_guid_t protocol_guid = GRUB_EFI_MEMORY_ATTRIBUTE_PROTOCOL_GUID; ++ grub_efi_status_t efi_status; ++ ++ proto = grub_efi_locate_protocol (&protocol_guid, 0); ++ if (!proto) ++ return GRUB_ERR_NOT_IMPLEMENTED_YET; ++ ++ if (physaddr & 0xfff || size & 0xfff || size == 0 || attrs == NULL) ++ { ++ grub_dprintf ("nx", "%s called on 0x%"PRIxGRUB_ADDR"-0x%"PRIxGRUB_ADDR" and attrs %p\n", ++ __func__, physaddr, physaddr+size-1, attrs); ++ return 0; ++ } ++ ++ efi_status = efi_call_4(proto->get_memory_attributes, ++ proto, physaddr, size, attrs); ++ *attrs = uefi_mem_attrs_to_grub_mem_attrs (*attrs); ++ ++ return grub_efi_status_to_err (efi_status); ++} ++ ++grub_err_t ++grub_update_mem_attrs (grub_addr_t addr, grub_size_t size, ++ grub_uint64_t set_attrs, grub_uint64_t clear_attrs) ++{ ++ grub_efi_memory_attribute_protocol_t *proto; ++ grub_efi_physical_address_t physaddr = addr; ++ grub_efi_guid_t protocol_guid = GRUB_EFI_MEMORY_ATTRIBUTE_PROTOCOL_GUID; ++ grub_efi_status_t efi_status = GRUB_EFI_SUCCESS; ++ grub_uint64_t before = 0, after = 0, uefi_set_attrs, uefi_clear_attrs; ++ grub_err_t err; ++ ++ proto = grub_efi_locate_protocol (&protocol_guid, 0); ++ if (!proto) ++ return GRUB_ERR_NONE; ++ ++ err = grub_get_mem_attrs (addr, size, &before); ++ if (err) ++ grub_dprintf ("nx", "grub_get_mem_attrs(0x%"PRIxGRUB_ADDR", %"PRIuGRUB_SIZE", %p) -> 0x%x\n", ++ addr, size, &before, err); ++ ++ if (physaddr & 0xfff || size & 0xfff || size == 0) ++ { ++ grub_dprintf ("nx", "%s called on 0x%"PRIxGRUB_ADDR"-0x%"PRIxGRUB_ADDR" +%s%s%s -%s%s%s\n", ++ __func__, physaddr, physaddr + size - 1, ++ (set_attrs & GRUB_MEM_ATTR_R) ? "r" : "", ++ (set_attrs & GRUB_MEM_ATTR_W) ? "w" : "", ++ (set_attrs & GRUB_MEM_ATTR_X) ? "x" : "", ++ (clear_attrs & GRUB_MEM_ATTR_R) ? "r" : "", ++ (clear_attrs & GRUB_MEM_ATTR_W) ? "w" : "", ++ (clear_attrs & GRUB_MEM_ATTR_X) ? "x" : ""); ++ return 0; ++ } ++ ++ uefi_set_attrs = grub_mem_attrs_to_uefi_mem_attrs (set_attrs); ++ grub_dprintf ("nx", "translating set_attrs from 0x%lx to 0x%lx\n", set_attrs, uefi_set_attrs); ++ uefi_clear_attrs = grub_mem_attrs_to_uefi_mem_attrs (clear_attrs); ++ grub_dprintf ("nx", "translating clear_attrs from 0x%lx to 0x%lx\n", clear_attrs, uefi_clear_attrs); ++ if (uefi_set_attrs) ++ efi_status = efi_call_4(proto->set_memory_attributes, ++ proto, physaddr, size, uefi_set_attrs); ++ if (efi_status == GRUB_EFI_SUCCESS && uefi_clear_attrs) ++ efi_status = efi_call_4(proto->clear_memory_attributes, ++ proto, physaddr, size, uefi_clear_attrs); ++ ++ err = grub_get_mem_attrs (addr, size, &after); ++ if (err) ++ grub_dprintf ("nx", "grub_get_mem_attrs(0x%"PRIxGRUB_ADDR", %"PRIuGRUB_SIZE", %p) -> 0x%x\n", ++ addr, size, &after, err); ++ ++ grub_dprintf ("nx", "set +%s%s%s -%s%s%s on 0x%"PRIxGRUB_ADDR"-0x%"PRIxGRUB_ADDR" before:%c%c%c after:%c%c%c\n", ++ (set_attrs & GRUB_MEM_ATTR_R) ? "r" : "", ++ (set_attrs & GRUB_MEM_ATTR_W) ? "w" : "", ++ (set_attrs & GRUB_MEM_ATTR_X) ? "x" : "", ++ (clear_attrs & GRUB_MEM_ATTR_R) ? "r" : "", ++ (clear_attrs & GRUB_MEM_ATTR_W) ? "w" : "", ++ (clear_attrs & GRUB_MEM_ATTR_X) ? "x" : "", ++ addr, addr + size - 1, ++ (before & GRUB_MEM_ATTR_R) ? 'r' : '-', ++ (before & GRUB_MEM_ATTR_W) ? 'w' : '-', ++ (before & GRUB_MEM_ATTR_X) ? 'x' : '-', ++ (after & GRUB_MEM_ATTR_R) ? 'r' : '-', ++ (after & GRUB_MEM_ATTR_W) ? 'w' : '-', ++ (after & GRUB_MEM_ATTR_X) ? 'x' : '-'); ++ ++ return grub_efi_status_to_err (efi_status); ++} +diff --git a/include/grub/efi/api.h b/include/grub/efi/api.h +index 2a243fd290..510a4030f5 100644 +--- a/include/grub/efi/api.h ++++ b/include/grub/efi/api.h +@@ -354,6 +354,11 @@ + { 0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23 } \ + } + ++#define GRUB_EFI_MEMORY_ATTRIBUTE_PROTOCOL_GUID \ ++ { 0xf4560cf6, 0x40ec, 0x4b4a, \ ++ { 0xa1, 0x92, 0xbf, 0x1d, 0x57, 0xd0, 0xb1, 0x89 } \ ++ } ++ + struct grub_efi_sal_system_table + { + grub_uint32_t signature; +@@ -2091,6 +2096,26 @@ struct grub_efi_rng_protocol + }; + typedef struct grub_efi_rng_protocol grub_efi_rng_protocol_t; + ++struct grub_efi_memory_attribute_protocol ++{ ++ grub_efi_status_t (*get_memory_attributes) ( ++ struct grub_efi_memory_attribute_protocol *this, ++ grub_efi_physical_address_t base_address, ++ grub_efi_uint64_t length, ++ grub_efi_uint64_t *attributes); ++ grub_efi_status_t (*set_memory_attributes) ( ++ struct grub_efi_memory_attribute_protocol *this, ++ grub_efi_physical_address_t base_address, ++ grub_efi_uint64_t length, ++ grub_efi_uint64_t attributes); ++ grub_efi_status_t (*clear_memory_attributes) ( ++ struct grub_efi_memory_attribute_protocol *this, ++ grub_efi_physical_address_t base_address, ++ grub_efi_uint64_t length, ++ grub_efi_uint64_t attributes); ++}; ++typedef struct grub_efi_memory_attribute_protocol grub_efi_memory_attribute_protocol_t; ++ + #if (GRUB_TARGET_SIZEOF_VOID_P == 4) || defined (__ia64__) \ + || defined (__aarch64__) || defined (__MINGW64__) || defined (__CYGWIN__) + +diff --git a/include/grub/efi/efi.h b/include/grub/efi/efi.h +index 7af979b184..a635bcb0a9 100644 +--- a/include/grub/efi/efi.h ++++ b/include/grub/efi/efi.h +@@ -159,4 +159,6 @@ struct grub_net_card; + grub_efi_handle_t + grub_efinet_get_device_handle (struct grub_net_card *card); + ++grub_err_t EXPORT_FUNC(grub_efi_status_to_err) (grub_efi_status_t status); ++ + #endif /* ! GRUB_EFI_EFI_HEADER */ +diff --git a/include/grub/mm.h b/include/grub/mm.h +index 9c38dd3ca5..d81623d226 100644 +--- a/include/grub/mm.h ++++ b/include/grub/mm.h +@@ -22,6 +22,7 @@ + + #include + #include ++#include + #include + + #ifndef NULL +@@ -38,6 +39,37 @@ void *EXPORT_FUNC(grub_realloc) (void *ptr, grub_size_t size); + void *EXPORT_FUNC(grub_memalign) (grub_size_t align, grub_size_t size); + #endif + ++#define GRUB_MEM_ATTR_R 0x0000000000000004LLU ++#define GRUB_MEM_ATTR_W 0x0000000000000002LLU ++#define GRUB_MEM_ATTR_X 0x0000000000000001LLU ++ ++#ifdef GRUB_MACHINE_EFI ++grub_err_t EXPORT_FUNC(grub_get_mem_attrs) (grub_addr_t addr, ++ grub_size_t size, ++ grub_uint64_t *attrs); ++grub_err_t EXPORT_FUNC(grub_update_mem_attrs) (grub_addr_t addr, ++ grub_size_t size, ++ grub_uint64_t set_attrs, ++ grub_uint64_t clear_attrs); ++#else /* !GRUB_MACHINE_EFI */ ++static inline grub_err_t ++grub_get_mem_attrs (grub_addr_t addr __attribute__((__unused__)), ++ grub_size_t size __attribute__((__unused__)), ++ grub_uint64_t *attrs __attribute__((__unused__))) ++{ ++ return GRUB_ERR_NONE; ++} ++ ++static inline grub_err_t ++grub_update_mem_attrs (grub_addr_t addr __attribute__((__unused__)), ++ grub_size_t size __attribute__((__unused__)), ++ grub_uint64_t set_attrs __attribute__((__unused__)), ++ grub_uint64_t clear_attrs __attribute__((__unused__))) ++{ ++ return GRUB_ERR_NONE; ++} ++#endif /* GRUB_MACHINE_EFI */ ++ + void grub_mm_check_real (const char *file, int line); + #define grub_mm_check() grub_mm_check_real (GRUB_FILE, __LINE__); + diff --git a/SOURCES/0551-nx-set-page-permissions-for-loaded-modules.patch b/SOURCES/0551-nx-set-page-permissions-for-loaded-modules.patch new file mode 100644 index 0000000..1032ea6 --- /dev/null +++ b/SOURCES/0551-nx-set-page-permissions-for-loaded-modules.patch @@ -0,0 +1,265 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Mon, 21 Mar 2022 17:46:35 -0400 +Subject: [PATCH] nx: set page permissions for loaded modules. + +For NX, we need to set write and executable permissions on the sections +of grub modules when we load them. + +On sections with SHF_ALLOC set, which is typically everything except +.modname and the symbol and string tables, this patch clears the Read +Only flag on sections that have the ELF flag SHF_WRITE set, and clears +the No eXecute flag on sections with SHF_EXECINSTR set. In all other +cases it sets both flags. + +Signed-off-by: Peter Jones +[rharwood: arm tgptr -> tgaddr] +Signed-off-by: Robbie Harwood +(cherry-picked from commit ca74904ede0406b594cbedc52ce8e38a6633d2ae) +(cherry picked from commit 2e2e72026f41cf7cffeb46a6a47f3c67d0b3be45) +--- + grub-core/kern/dl.c | 120 +++++++++++++++++++++++++++++++++++++++------------- + include/grub/dl.h | 44 +++++++++++++++++++ + 2 files changed, 134 insertions(+), 30 deletions(-) + +diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c +index 5c2153acf9..68d3177f5e 100644 +--- a/grub-core/kern/dl.c ++++ b/grub-core/kern/dl.c +@@ -286,6 +286,8 @@ grub_dl_load_segments (grub_dl_t mod, const Elf_Ehdr *e) + #endif + char *ptr; + ++ grub_dprintf ("modules", "loading segments for \"%s\"\n", mod->name); ++ + arch_addralign = grub_arch_dl_min_alignment (); + + for (i = 0, s = (const Elf_Shdr *)((const char *) e + e->e_shoff); +@@ -385,6 +387,7 @@ grub_dl_load_segments (grub_dl_t mod, const Elf_Ehdr *e) + ptr += got; + #endif + ++ grub_dprintf ("modules", "done loading segments for \"%s\"\n", mod->name); + return GRUB_ERR_NONE; + } + +@@ -518,23 +521,6 @@ grub_dl_find_section (Elf_Ehdr *e, const char *name) + return s; + return NULL; + } +-static long +-grub_dl_find_section_index (Elf_Ehdr *e, const char *name) +-{ +- Elf_Shdr *s; +- const char *str; +- unsigned i; +- +- s = (Elf_Shdr *) ((char *) e + e->e_shoff + e->e_shstrndx * e->e_shentsize); +- str = (char *) e + s->sh_offset; +- +- for (i = 0, s = (Elf_Shdr *) ((char *) e + e->e_shoff); +- i < e->e_shnum; +- i++, s = (Elf_Shdr *) ((char *) s + e->e_shentsize)) +- if (grub_strcmp (str + s->sh_name, name) == 0) +- return (long)i; +- return -1; +-} + + /* Me, Vladimir Serbinenko, hereby I add this module check as per new + GNU module policy. Note that this license check is informative only. +@@ -661,6 +647,7 @@ grub_dl_relocate_symbols (grub_dl_t mod, void *ehdr) + Elf_Shdr *s; + unsigned i; + ++ grub_dprintf ("modules", "relocating symbols for \"%s\"\n", mod->name); + for (i = 0, s = (Elf_Shdr *) ((char *) e + e->e_shoff); + i < e->e_shnum; + i++, s = (Elf_Shdr *) ((char *) s + e->e_shentsize)) +@@ -669,24 +656,95 @@ grub_dl_relocate_symbols (grub_dl_t mod, void *ehdr) + grub_dl_segment_t seg; + grub_err_t err; + +- /* Find the target segment. */ +- for (seg = mod->segment; seg; seg = seg->next) +- if (seg->section == s->sh_info) +- break; ++ seg = grub_dl_find_segment(mod, s->sh_info); ++ if (!seg) ++ continue; + +- if (seg) +- { +- if (!mod->symtab) +- return grub_error (GRUB_ERR_BAD_MODULE, "relocation without symbol table"); ++ if (!mod->symtab) ++ return grub_error (GRUB_ERR_BAD_MODULE, "relocation without symbol table"); + +- err = grub_arch_dl_relocate_symbols (mod, ehdr, s, seg); +- if (err) +- return err; +- } ++ err = grub_arch_dl_relocate_symbols (mod, ehdr, s, seg); ++ if (err) ++ return err; + } + ++ grub_dprintf ("modules", "done relocating symbols for \"%s\"\n", mod->name); + return GRUB_ERR_NONE; + } ++ ++static grub_err_t ++grub_dl_set_mem_attrs (grub_dl_t mod, void *ehdr) ++{ ++ unsigned i; ++ const Elf_Shdr *s; ++ const Elf_Ehdr *e = ehdr; ++#if !defined (__i386__) && !defined (__x86_64__) && !defined(__riscv) ++ grub_size_t arch_addralign = grub_arch_dl_min_alignment (); ++ grub_addr_t tgaddr; ++ grub_uint64_t tgsz; ++#endif ++ ++ grub_dprintf ("modules", "updating memory attributes for \"%s\"\n", ++ mod->name); ++ for (i = 0, s = (const Elf_Shdr *)((const char *) e + e->e_shoff); ++ i < e->e_shnum; ++ i++, s = (const Elf_Shdr *)((const char *) s + e->e_shentsize)) ++ { ++ grub_dl_segment_t seg; ++ grub_uint64_t set_attrs = GRUB_MEM_ATTR_R; ++ grub_uint64_t clear_attrs = GRUB_MEM_ATTR_W|GRUB_MEM_ATTR_X; ++ ++ seg = grub_dl_find_segment(mod, i); ++ if (!seg) ++ continue; ++ ++ if (seg->size == 0 || !(s->sh_flags & SHF_ALLOC)) ++ continue; ++ ++ if (s->sh_flags & SHF_WRITE) ++ { ++ set_attrs |= GRUB_MEM_ATTR_W; ++ clear_attrs &= ~GRUB_MEM_ATTR_W; ++ } ++ ++ if (s->sh_flags & SHF_EXECINSTR) ++ { ++ set_attrs |= GRUB_MEM_ATTR_X; ++ clear_attrs &= ~GRUB_MEM_ATTR_X; ++ } ++ ++ grub_dprintf ("modules", "setting memory attrs for section \"%s\" to -%s%s%s+%s%s%s\n", ++ grub_dl_get_section_name(e, s), ++ (clear_attrs & GRUB_MEM_ATTR_R) ? "r" : "", ++ (clear_attrs & GRUB_MEM_ATTR_W) ? "w" : "", ++ (clear_attrs & GRUB_MEM_ATTR_X) ? "x" : "", ++ (set_attrs & GRUB_MEM_ATTR_R) ? "r" : "", ++ (set_attrs & GRUB_MEM_ATTR_W) ? "w" : "", ++ (set_attrs & GRUB_MEM_ATTR_X) ? "x" : ""); ++ grub_update_mem_attrs ((grub_addr_t)(seg->addr), seg->size, set_attrs, clear_attrs); ++ } ++ ++#if !defined (__i386__) && !defined (__x86_64__) && !defined(__riscv) ++ tgaddr = grub_min((grub_addr_t)mod->tramp, (grub_addr_t)mod->got); ++ tgsz = grub_max((grub_addr_t)mod->trampptr, (grub_addr_t)mod->gotptr) - tgaddr; ++ ++ if (tgsz) ++ { ++ tgsz = ALIGN_UP(tgsz, arch_addralign); ++ ++ grub_dprintf ("modules", "updating attributes for GOT and trampolines\n", ++ mod->name); ++ grub_update_mem_attrs (tgaddr, tgsz, GRUB_MEM_ATTR_R|GRUB_MEM_ATTR_X, ++ GRUB_MEM_ATTR_W); ++ } ++#endif ++ ++ grub_dprintf ("modules", "done updating module memory attributes for \"%s\"\n", ++ mod->name); ++ ++ return GRUB_ERR_NONE; ++} ++ + static void + grub_dl_print_gdb_info (grub_dl_t mod, Elf_Ehdr *e) + { +@@ -752,6 +810,7 @@ grub_dl_load_core_noinit (void *addr, grub_size_t size) + mod->ref_count = 1; + + grub_dprintf ("modules", "relocating to %p\n", mod); ++ + /* Me, Vladimir Serbinenko, hereby I add this module check as per new + GNU module policy. Note that this license check is informative only. + Modules have to be licensed under GPLv3 or GPLv3+ (optionally +@@ -765,7 +824,8 @@ grub_dl_load_core_noinit (void *addr, grub_size_t size) + || grub_dl_resolve_dependencies (mod, e) + || grub_dl_load_segments (mod, e) + || grub_dl_resolve_symbols (mod, e) +- || grub_dl_relocate_symbols (mod, e)) ++ || grub_dl_relocate_symbols (mod, e) ++ || grub_dl_set_mem_attrs (mod, e)) + { + mod->fini = 0; + grub_dl_unload (mod); +diff --git a/include/grub/dl.h b/include/grub/dl.h +index dd4c3e7ff4..6f46b7e86f 100644 +--- a/include/grub/dl.h ++++ b/include/grub/dl.h +@@ -27,6 +27,7 @@ + #include + #include + #include ++#include + #endif + + /* +@@ -268,6 +269,49 @@ grub_dl_is_persistent (grub_dl_t mod) + return mod->persistent; + } + ++static inline const char * ++grub_dl_get_section_name (const Elf_Ehdr *e, const Elf_Shdr *s) ++{ ++ Elf_Shdr *str_s; ++ const char *str; ++ ++ str_s = (Elf_Shdr *) ((char *) e + e->e_shoff + e->e_shstrndx * e->e_shentsize); ++ str = (char *) e + str_s->sh_offset; ++ ++ return str + s->sh_name; ++} ++ ++static inline long ++grub_dl_find_section_index (Elf_Ehdr *e, const char *name) ++{ ++ Elf_Shdr *s; ++ const char *str; ++ unsigned i; ++ ++ s = (Elf_Shdr *) ((char *) e + e->e_shoff + e->e_shstrndx * e->e_shentsize); ++ str = (char *) e + s->sh_offset; ++ ++ for (i = 0, s = (Elf_Shdr *) ((char *) e + e->e_shoff); ++ i < e->e_shnum; ++ i++, s = (Elf_Shdr *) ((char *) s + e->e_shentsize)) ++ if (grub_strcmp (str + s->sh_name, name) == 0) ++ return (long)i; ++ return -1; ++} ++ ++/* Return the segment for a section of index N */ ++static inline grub_dl_segment_t ++grub_dl_find_segment (grub_dl_t mod, unsigned n) ++{ ++ grub_dl_segment_t seg; ++ ++ for (seg = mod->segment; seg; seg = seg->next) ++ if (seg->section == n) ++ return seg; ++ ++ return NULL; ++} ++ + #endif + + void * EXPORT_FUNC(grub_resolve_symbol) (const char *name); diff --git a/SOURCES/0552-nx-set-attrs-in-our-kernel-loaders.patch b/SOURCES/0552-nx-set-attrs-in-our-kernel-loaders.patch new file mode 100644 index 0000000..e4c4c3e --- /dev/null +++ b/SOURCES/0552-nx-set-attrs-in-our-kernel-loaders.patch @@ -0,0 +1,571 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Tue, 22 Mar 2022 10:57:07 -0400 +Subject: [PATCH] nx: set attrs in our kernel loaders + +For NX, our kernel loaders need to set write and execute page +permissions on allocated pages and the stack. + +This patch adds those calls. + +Signed-off-by: Peter Jones +[rharwood: fix aarch64 callsites] +(cherry-picked from commit a9f79a997f01a83b36cdfa89ef2e72ac2a17c06c) +[rharwood: double verification] +(cherry picked from commit daba852bd3e4d7b7784b19cf7acf107dc3c0dce4) +[rharwood: stack_attrs initialization, no risc-v, arm renames, arm age] +Signed-off-by: Robbie Harwood +--- + grub-core/kern/efi/mm.c | 78 ++++++++++++++++++ + grub-core/loader/arm64/linux.c | 16 +++- + grub-core/loader/arm64/xen_boot.c | 4 +- + grub-core/loader/efi/chainloader.c | 11 +++ + grub-core/loader/efi/linux.c | 162 ++++++++++++++++++++++++++++++++++++- + grub-core/loader/i386/efi/linux.c | 26 +++++- + grub-core/loader/i386/linux.c | 5 ++ + include/grub/efi/efi.h | 6 +- + include/grub/efi/linux.h | 17 +++- + include/grub/efi/pe32.h | 2 + + 10 files changed, 312 insertions(+), 15 deletions(-) + +diff --git a/grub-core/kern/efi/mm.c b/grub-core/kern/efi/mm.c +index 2cf4a4883a..8a896144df 100644 +--- a/grub-core/kern/efi/mm.c ++++ b/grub-core/kern/efi/mm.c +@@ -602,6 +602,82 @@ print_memory_map (grub_efi_memory_descriptor_t *memory_map, + } + #endif + ++grub_addr_t grub_stack_addr = (grub_addr_t)-1ll; ++grub_size_t grub_stack_size = 0; ++ ++static void ++grub_nx_init (void) ++{ ++ grub_uint64_t attrs, stack_attrs; ++ grub_err_t err; ++ grub_addr_t stack_current, stack_end; ++ const grub_uint64_t page_size = 4096; ++ const grub_uint64_t page_mask = ~(page_size - 1); ++ ++ /* ++ * These are to confirm that the flags are working as expected when ++ * debugging. ++ */ ++ attrs = 0; ++ stack_current = (grub_addr_t)grub_nx_init & page_mask; ++ err = grub_get_mem_attrs (stack_current, page_size, &attrs); ++ if (err) ++ { ++ grub_dprintf ("nx", ++ "grub_get_mem_attrs(0x%"PRIxGRUB_UINT64_T", ...) -> 0x%x\n", ++ stack_current, err); ++ grub_error_pop (); ++ } ++ else ++ grub_dprintf ("nx", "page attrs for grub_nx_init (%p) are %c%c%c\n", ++ grub_dl_load_core, ++ (attrs & GRUB_MEM_ATTR_R) ? 'r' : '-', ++ (attrs & GRUB_MEM_ATTR_R) ? 'w' : '-', ++ (attrs & GRUB_MEM_ATTR_R) ? 'x' : '-'); ++ ++ stack_current = (grub_addr_t)&stack_current & page_mask; ++ err = grub_get_mem_attrs (stack_current, page_size, &stack_attrs); ++ if (err) ++ { ++ grub_dprintf ("nx", ++ "grub_get_mem_attrs(0x%"PRIxGRUB_UINT64_T", ...) -> 0x%x\n", ++ stack_current, err); ++ grub_error_pop (); ++ } ++ else ++ { ++ attrs = stack_attrs; ++ grub_dprintf ("nx", "page attrs for stack (%p) are %c%c%c\n", ++ &attrs, ++ (attrs & GRUB_MEM_ATTR_R) ? 'r' : '-', ++ (attrs & GRUB_MEM_ATTR_R) ? 'w' : '-', ++ (attrs & GRUB_MEM_ATTR_R) ? 'x' : '-'); ++ } ++ ++ for (stack_end = stack_current + page_size ; ++ !(attrs & GRUB_MEM_ATTR_R); ++ stack_end += page_size) ++ { ++ err = grub_get_mem_attrs (stack_current, page_size, &attrs); ++ if (err) ++ { ++ grub_dprintf ("nx", ++ "grub_get_mem_attrs(0x%"PRIxGRUB_UINT64_T", ...) -> 0x%x\n", ++ stack_current, err); ++ grub_error_pop (); ++ break; ++ } ++ } ++ if (stack_end > stack_current) ++ { ++ grub_stack_addr = stack_current; ++ grub_stack_size = stack_end - stack_current; ++ grub_dprintf ("nx", ++ "detected stack from 0x%"PRIxGRUB_ADDR" to 0x%"PRIxGRUB_ADDR"\n", ++ grub_stack_addr, grub_stack_addr + grub_stack_size - 1); ++ } ++} ++ + void + grub_efi_mm_init (void) + { +@@ -615,6 +691,8 @@ grub_efi_mm_init (void) + grub_efi_uint64_t required_pages; + int mm_status; + ++ grub_nx_init (); ++ + /* Prepare a memory region to store two memory maps. */ + memory_map = grub_efi_allocate_any_pages (2 * BYTES_TO_PAGES (MEMORY_MAP_SIZE)); + if (! memory_map) +diff --git a/grub-core/loader/arm64/linux.c b/grub-core/loader/arm64/linux.c +index 24ab0f0074..37f5d0c7eb 100644 +--- a/grub-core/loader/arm64/linux.c ++++ b/grub-core/loader/arm64/linux.c +@@ -191,7 +191,8 @@ free_params (void) + } + + grub_err_t +-grub_armxx_efi_linux_boot_image (grub_addr_t addr, char *args) ++grub_armxx_efi_linux_boot_image (grub_addr_t addr, grub_size_t size, char *args, ++ int nx_supported) + { + grub_err_t retval; + +@@ -201,7 +202,8 @@ grub_armxx_efi_linux_boot_image (grub_addr_t addr, char *args) + + grub_dprintf ("linux", "linux command line: '%s'\n", args); + +- retval = grub_efi_linux_boot ((char *)addr, handover_offset, (void *)addr); ++ retval = grub_efi_linux_boot (addr, size, handover_offset, ++ (void *)addr, nx_supported); + + /* Never reached... */ + free_params(); +@@ -211,7 +213,10 @@ grub_armxx_efi_linux_boot_image (grub_addr_t addr, char *args) + static grub_err_t + grub_linux_boot (void) + { +- return grub_armxx_efi_linux_boot_image((grub_addr_t)kernel_addr, linux_args); ++ return grub_armxx_efi_linux_boot_image((grub_addr_t)kernel_addr, ++ (grub_size_t)kernel_size, ++ linux_args, ++ 0); + } + + static grub_err_t +@@ -340,6 +345,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + struct grub_armxx_linux_pe_header *pe; + int rc; + grub_err_t err; ++ int nx_supported = 1; + + grub_dl_ref (my_mod); + +@@ -395,6 +401,10 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + } + } + ++ err = grub_efi_check_nx_image_support((grub_addr_t) kernel_addr, kernel_size, &nx_supported); ++ if (err != GRUB_ERR_NONE) ++ goto fail; ++ + pe = (void *)((unsigned long)kernel_addr + lh.hdr_offset); + handover_offset = pe->opt.entry_addr; + +diff --git a/grub-core/loader/arm64/xen_boot.c b/grub-core/loader/arm64/xen_boot.c +index 1a337866f0..1fd1bbb4bd 100644 +--- a/grub-core/loader/arm64/xen_boot.c ++++ b/grub-core/loader/arm64/xen_boot.c +@@ -266,7 +266,9 @@ xen_boot (void) + return err; + + return grub_armxx_efi_linux_boot_image (xen_hypervisor->start, +- xen_hypervisor->cmdline); ++ xen_hypervisor->size, ++ xen_hypervisor->cmdline, ++ 0); + } + + static void +diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c +index 8e658f713e..b72e6bd5e3 100644 +--- a/grub-core/loader/efi/chainloader.c ++++ b/grub-core/loader/efi/chainloader.c +@@ -1055,6 +1055,17 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), + goto fail; + } + ++ /* ++ * The OS kernel is going to set its own permissions when it takes over ++ * paging a few million instructions from now, and load_image() will set up ++ * anything that's needed based on the section headers, so there's no point ++ * in doing anything but clearing the protection bits here. ++ */ ++ grub_dprintf("nx", "setting attributes for %p (%lu bytes) to %llx\n", ++ (void *)(grub_addr_t)address, fsize, 0llu); ++ grub_update_mem_attrs (address, fsize, ++ GRUB_MEM_ATTR_R|GRUB_MEM_ATTR_W|GRUB_MEM_ATTR_X, 0); ++ + #if defined (__i386__) || defined (__x86_64__) + if (fsize >= (grub_ssize_t) sizeof (struct grub_macho_fat_header)) + { +diff --git a/grub-core/loader/efi/linux.c b/grub-core/loader/efi/linux.c +index 927d89a90d..421502bd25 100644 +--- a/grub-core/loader/efi/linux.c ++++ b/grub-core/loader/efi/linux.c +@@ -66,16 +66,125 @@ grub_linuxefi_secure_validate (void *data, grub_uint32_t size) + + #pragma GCC diagnostic push + #pragma GCC diagnostic ignored "-Wcast-align" ++#pragma GCC diagnostic ignored "-Wint-to-pointer-cast" ++ ++grub_err_t ++grub_efi_check_nx_image_support (grub_addr_t kernel_addr, ++ grub_size_t kernel_size, ++ int *nx_supported) ++{ ++ struct grub_dos_header *doshdr; ++ grub_size_t sz = sizeof (*doshdr); ++ ++ struct grub_pe32_header_32 *pe32; ++ struct grub_pe32_header_64 *pe64; ++ ++ int image_is_compatible = 0; ++ int is_64_bit; ++ ++ if (kernel_size < sz) ++ return grub_error (GRUB_ERR_BAD_OS, N_("kernel is too small")); ++ ++ doshdr = (void *)kernel_addr; ++ ++ if ((doshdr->magic & 0xffff) != GRUB_DOS_MAGIC) ++ return grub_error (GRUB_ERR_BAD_OS, N_("kernel DOS magic is invalid")); ++ ++ sz = doshdr->lfanew + sizeof (*pe32); ++ if (kernel_size < sz) ++ return grub_error (GRUB_ERR_BAD_OS, N_("kernel is too small")); ++ ++ pe32 = (struct grub_pe32_header_32 *)(kernel_addr + doshdr->lfanew); ++ pe64 = (struct grub_pe32_header_64 *)pe32; ++ ++ if (grub_memcmp (pe32->signature, GRUB_PE32_SIGNATURE, ++ GRUB_PE32_SIGNATURE_SIZE) != 0) ++ return grub_error (GRUB_ERR_BAD_OS, N_("kernel PE magic is invalid")); ++ ++ switch (pe32->coff_header.machine) ++ { ++ case GRUB_PE32_MACHINE_ARMTHUMB_MIXED: ++ case GRUB_PE32_MACHINE_I386: ++ is_64_bit = 0; ++ break; ++ case GRUB_PE32_MACHINE_ARM64: ++ case GRUB_PE32_MACHINE_IA64: ++ case GRUB_PE32_MACHINE_X86_64: ++ is_64_bit = 1; ++ break; ++ default: ++ return grub_error (GRUB_ERR_BAD_OS, N_("PE machine type 0x%04hx unknown"), ++ pe32->coff_header.machine); ++ } ++ ++ if (is_64_bit) ++ { ++ sz = doshdr->lfanew + sizeof (*pe64); ++ if (kernel_size < sz) ++ return grub_error (GRUB_ERR_BAD_OS, N_("kernel is too small")); ++ ++ if (pe64->optional_header.dll_characteristics & GRUB_PE32_NX_COMPAT) ++ image_is_compatible = 1; ++ } ++ else ++ { ++ if (pe32->optional_header.dll_characteristics & GRUB_PE32_NX_COMPAT) ++ image_is_compatible = 1; ++ } ++ ++ *nx_supported = image_is_compatible; ++ return GRUB_ERR_NONE; ++} ++ ++grub_err_t ++grub_efi_check_nx_required (int *nx_required) ++{ ++ grub_efi_status_t status; ++ grub_efi_guid_t guid = GRUB_EFI_SHIM_LOCK_GUID; ++ grub_size_t mok_policy_sz = 0; ++ char *mok_policy = NULL; ++ grub_uint32_t mok_policy_attrs = 0; ++ ++ status = grub_efi_get_variable_with_attributes ("MokPolicy", &guid, ++ &mok_policy_sz, ++ (void **)&mok_policy, ++ &mok_policy_attrs); ++ if (status == GRUB_EFI_NOT_FOUND || ++ mok_policy_sz == 0 || ++ mok_policy == NULL) ++ { ++ *nx_required = 0; ++ return GRUB_ERR_NONE; ++ } ++ ++ *nx_required = 0; ++ if (mok_policy_sz < 1 || ++ mok_policy_attrs != (GRUB_EFI_VARIABLE_BOOTSERVICE_ACCESS | ++ GRUB_EFI_VARIABLE_RUNTIME_ACCESS) || ++ (mok_policy[mok_policy_sz-1] & GRUB_MOK_POLICY_NX_REQUIRED)) ++ *nx_required = 1; ++ ++ return GRUB_ERR_NONE; ++} + + typedef void (*handover_func) (void *, grub_efi_system_table_t *, void *); + + grub_err_t +-grub_efi_linux_boot (void *kernel_addr, grub_off_t handover_offset, +- void *kernel_params) ++grub_efi_linux_boot (grub_addr_t kernel_addr, grub_size_t kernel_size, ++ grub_off_t handover_offset, void *kernel_params, ++ int nx_supported) + { + grub_efi_loaded_image_t *loaded_image = NULL; + handover_func hf; + int offset = 0; ++ grub_uint64_t stack_set_attrs = GRUB_MEM_ATTR_R | ++ GRUB_MEM_ATTR_W | ++ GRUB_MEM_ATTR_X; ++ grub_uint64_t stack_clear_attrs = 0; ++ grub_uint64_t kernel_set_attrs = stack_set_attrs; ++ grub_uint64_t kernel_clear_attrs = stack_clear_attrs; ++ grub_uint64_t attrs; ++ int nx_required = 0; + + #ifdef __x86_64__ + offset = 512; +@@ -88,12 +197,57 @@ grub_efi_linux_boot (void *kernel_addr, grub_off_t handover_offset, + */ + loaded_image = grub_efi_get_loaded_image (grub_efi_image_handle); + if (loaded_image) +- loaded_image->image_base = kernel_addr; ++ loaded_image->image_base = (void *)kernel_addr; + else + grub_dprintf ("linux", "Loaded Image base address could not be set\n"); + + grub_dprintf ("linux", "kernel_addr: %p handover_offset: %p params: %p\n", +- kernel_addr, (void *)(grub_efi_uintn_t)handover_offset, kernel_params); ++ (void *)kernel_addr, (void *)handover_offset, kernel_params); ++ ++ ++ if (nx_required && !nx_supported) ++ return grub_error (GRUB_ERR_BAD_OS, N_("kernel does not support NX loading required by policy")); ++ ++ if (nx_supported) ++ { ++ kernel_set_attrs &= ~GRUB_MEM_ATTR_W; ++ kernel_clear_attrs |= GRUB_MEM_ATTR_W; ++ stack_set_attrs &= ~GRUB_MEM_ATTR_X; ++ stack_clear_attrs |= GRUB_MEM_ATTR_X; ++ } ++ ++ grub_dprintf ("nx", "Setting attributes for 0x%"PRIxGRUB_ADDR"-0x%"PRIxGRUB_ADDR" to r%cx\n", ++ kernel_addr, kernel_addr + kernel_size - 1, ++ (kernel_set_attrs & GRUB_MEM_ATTR_W) ? 'w' : '-'); ++ grub_update_mem_attrs (kernel_addr, kernel_size, ++ kernel_set_attrs, kernel_clear_attrs); ++ ++ grub_get_mem_attrs (kernel_addr, 4096, &attrs); ++ grub_dprintf ("nx", "permissions for 0x%"PRIxGRUB_ADDR" are %s%s%s\n", ++ (grub_addr_t)kernel_addr, ++ (attrs & GRUB_MEM_ATTR_R) ? "r" : "-", ++ (attrs & GRUB_MEM_ATTR_W) ? "w" : "-", ++ (attrs & GRUB_MEM_ATTR_X) ? "x" : "-"); ++ if (grub_stack_addr != (grub_addr_t)-1ll) ++ { ++ grub_dprintf ("nx", "Setting attributes for stack at 0x%"PRIxGRUB_ADDR"-0x%"PRIxGRUB_ADDR" to rw%c\n", ++ grub_stack_addr, grub_stack_addr + grub_stack_size - 1, ++ (stack_set_attrs & GRUB_MEM_ATTR_X) ? 'x' : '-'); ++ grub_update_mem_attrs (grub_stack_addr, grub_stack_size, ++ stack_set_attrs, stack_clear_attrs); ++ ++ grub_get_mem_attrs (grub_stack_addr, 4096, &attrs); ++ grub_dprintf ("nx", "permissions for 0x%"PRIxGRUB_ADDR" are %s%s%s\n", ++ grub_stack_addr, ++ (attrs & GRUB_MEM_ATTR_R) ? "r" : "-", ++ (attrs & GRUB_MEM_ATTR_W) ? "w" : "-", ++ (attrs & GRUB_MEM_ATTR_X) ? "x" : "-"); ++ } ++ ++#if defined(__i386__) || defined(__x86_64__) ++ asm volatile ("cli"); ++#endif ++ + hf = (handover_func)((char *)kernel_addr + handover_offset + offset); + grub_dprintf ("linux", "handover_func() = %p\n", hf); + hf (grub_efi_image_handle, grub_efi_system_table, kernel_params); +diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c +index 3d4069e4c6..d80d6ec312 100644 +--- a/grub-core/loader/i386/efi/linux.c ++++ b/grub-core/loader/i386/efi/linux.c +@@ -44,7 +44,7 @@ struct grub_linuxefi_context { + grub_uint32_t handover_offset; + struct linux_kernel_params *params; + char *cmdline; +- ++ int nx_supported; + void *initrd_mem; + }; + +@@ -110,13 +110,19 @@ kernel_alloc(grub_efi_uintn_t size, + pages = BYTES_TO_PAGES(size); + grub_dprintf ("linux", "Trying to allocate %lu pages from %p\n", + pages, (void *)max); ++ size = pages * GRUB_EFI_PAGE_SIZE; + + prev_max = max; + addr = grub_efi_allocate_pages_real (max, pages, + max_addresses[i].alloc_type, + memtype); + if (addr) +- grub_dprintf ("linux", "Allocated at %p\n", addr); ++ { ++ grub_dprintf ("linux", "Allocated at %p\n", addr); ++ grub_update_mem_attrs ((grub_addr_t)addr, size, ++ GRUB_MEM_ATTR_R|GRUB_MEM_ATTR_W, ++ GRUB_MEM_ATTR_X); ++ } + } + + while (grub_error_pop ()) +@@ -137,9 +143,11 @@ grub_linuxefi_boot (void *data) + + asm volatile ("cli"); + +- return grub_efi_linux_boot ((char *)context->kernel_mem, ++ return grub_efi_linux_boot ((grub_addr_t)context->kernel_mem, ++ context->kernel_size, + context->handover_offset, +- context->params); ++ context->params, ++ context->nx_supported); + } + + static grub_err_t +@@ -308,7 +316,9 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + grub_uint32_t handover_offset; + struct linux_kernel_params *params = 0; + char *cmdline = 0; ++ int nx_supported = 1; + struct grub_linuxefi_context *context = 0; ++ grub_err_t err; + + grub_dl_ref (my_mod); + +@@ -352,6 +362,13 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + } + } + ++ err = grub_efi_check_nx_image_support ((grub_addr_t)kernel, filelen, ++ &nx_supported); ++ if (err != GRUB_ERR_NONE) ++ return err; ++ grub_dprintf ("linux", "nx is%s supported by this kernel\n", ++ nx_supported ? "" : " not"); ++ + lh = (struct linux_i386_kernel_header *)kernel; + grub_dprintf ("linux", "original lh is at %p\n", kernel); + +@@ -515,6 +532,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + context->handover_offset = handover_offset; + context->params = params; + context->cmdline = cmdline; ++ context->nx_supported = nx_supported; + + grub_loader_set_ex (grub_linuxefi_boot, grub_linuxefi_unload, context, 0); + +diff --git a/grub-core/loader/i386/linux.c b/grub-core/loader/i386/linux.c +index ef8fcb9e1b..c160ddb0ea 100644 +--- a/grub-core/loader/i386/linux.c ++++ b/grub-core/loader/i386/linux.c +@@ -831,6 +831,11 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + grub_memset (&linux_params, 0, sizeof (linux_params)); + grub_memcpy (&linux_params.setup_sects, &lh.setup_sects, sizeof (lh) - 0x1F1); + ++ grub_dprintf("efi", "setting attributes for %p (%zu bytes) to +rw-x\n", ++ &linux_params, sizeof (lh) + len); ++ grub_update_mem_attrs ((grub_addr_t)&linux_params, sizeof (lh) + len, ++ GRUB_MEM_ATTR_R|GRUB_MEM_ATTR_W, GRUB_MEM_ATTR_X); ++ + linux_params.code32_start = prot_mode_target + lh.code32_start - GRUB_LINUX_BZIMAGE_ADDR; + linux_params.kernel_alignment = (1 << align); + linux_params.ps_mouse = linux_params.padding10 = 0; +diff --git a/include/grub/efi/efi.h b/include/grub/efi/efi.h +index a635bcb0a9..8ca8c38f9a 100644 +--- a/include/grub/efi/efi.h ++++ b/include/grub/efi/efi.h +@@ -135,12 +135,16 @@ extern void (*EXPORT_VAR(grub_efi_net_config)) (grub_efi_handle_t hnd, + char **device, + char **path); + ++extern grub_addr_t EXPORT_VAR(grub_stack_addr); ++extern grub_size_t EXPORT_VAR(grub_stack_size); ++ + #if defined(__arm__) || defined(__aarch64__) + void *EXPORT_FUNC(grub_efi_get_firmware_fdt)(void); + grub_err_t EXPORT_FUNC(grub_efi_get_ram_base)(grub_addr_t *); + #include + grub_err_t grub_armxx_efi_linux_check_image(struct linux_armxx_kernel_header *lh); +-grub_err_t grub_armxx_efi_linux_boot_image(grub_addr_t addr, char *args); ++grub_err_t grub_armxx_efi_linux_boot_image(grub_addr_t addr, grub_size_t size, ++ char *args, int nx_enabled); + #endif + + grub_addr_t grub_efi_section_addr (const char *section); +diff --git a/include/grub/efi/linux.h b/include/grub/efi/linux.h +index 0033d9305a..8130b19590 100644 +--- a/include/grub/efi/linux.h ++++ b/include/grub/efi/linux.h +@@ -22,10 +22,23 @@ + #include + #include + ++#define GRUB_MOK_POLICY_NX_REQUIRED 0x1 ++ + int + EXPORT_FUNC(grub_linuxefi_secure_validate) (void *data, grub_uint32_t size); ++ + grub_err_t +-EXPORT_FUNC(grub_efi_linux_boot) (void *kernel_address, grub_off_t offset, +- void *kernel_param); ++EXPORT_FUNC(grub_efi_linux_boot) (grub_addr_t kernel_address, ++ grub_size_t kernel_size, ++ grub_off_t handover_offset, ++ void *kernel_param, int nx_enabled); ++ ++grub_err_t ++EXPORT_FUNC(grub_efi_check_nx_image_support) (grub_addr_t kernel_addr, ++ grub_size_t kernel_size, ++ int *nx_supported); ++ ++grub_err_t ++EXPORT_FUNC(grub_efi_check_nx_required) (int *nx_required); + + #endif /* ! GRUB_EFI_LINUX_HEADER */ +diff --git a/include/grub/efi/pe32.h b/include/grub/efi/pe32.h +index 2241f6317b..45c9f8b756 100644 +--- a/include/grub/efi/pe32.h ++++ b/include/grub/efi/pe32.h +@@ -172,6 +172,8 @@ struct grub_pe32_optional_header + struct grub_pe32_data_directory reserved_entry; + }; + ++#define GRUB_PE32_NX_COMPAT 0x0100 ++ + struct grub_pe64_optional_header + { + grub_uint16_t magic; diff --git a/SOURCES/0553-nx-set-the-nx-compatible-flag-in-EFI-grub-images.patch b/SOURCES/0553-nx-set-the-nx-compatible-flag-in-EFI-grub-images.patch new file mode 100644 index 0000000..662de5d --- /dev/null +++ b/SOURCES/0553-nx-set-the-nx-compatible-flag-in-EFI-grub-images.patch @@ -0,0 +1,38 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Tue, 22 Mar 2022 10:57:20 -0400 +Subject: [PATCH] nx: set the nx compatible flag in EFI grub images + +For NX, we need the grub binary to announce that it is compatible with +the NX feature. This implies that when loading the executable grub +image, several attributes are true: + +- the binary doesn't need an executable stack +- the binary doesn't need sections to be both executable and writable +- the binary knows how to use the EFI Memory Attributes protocol on code + it is loading. + +This patch adds a definition for the PE DLL Characteristics flag +GRUB_PE32_NX_COMPAT, and changes grub-mkimage to set that flag. + +Signed-off-by: Peter Jones +(cherry picked from commit 0c7f1aed5a87f75051b421903a900ccb4bbd795a) +(cherry picked from commit 2f9446d488da96de963f4ffe03b0a1c60a4664f5) +[rharwood: fix uninitialized use of stack_attrs] +Signed-off-by: Robbie Harwood +--- + util/mkimage.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/util/mkimage.c b/util/mkimage.c +index 16418e245d..c77025904c 100644 +--- a/util/mkimage.c ++++ b/util/mkimage.c +@@ -1358,6 +1358,7 @@ grub_install_generate_image (const char *dir, const char *prefix, + section = (struct grub_pe32_section_table *)(o64 + 1); + } + ++ PE_OHDR (o32, o64, dll_characteristics) = grub_host_to_target16 (GRUB_PE32_NX_COMPAT); + PE_OHDR (o32, o64, header_size) = grub_host_to_target32 (header_size); + PE_OHDR (o32, o64, entry_addr) = grub_host_to_target32 (layout.start_address); + PE_OHDR (o32, o64, image_base) = 0; diff --git a/SOURCES/0554-Fixup-grub_efi_get_variable-type-in-our-loaders.patch b/SOURCES/0554-Fixup-grub_efi_get_variable-type-in-our-loaders.patch new file mode 100644 index 0000000..7d0ca72 --- /dev/null +++ b/SOURCES/0554-Fixup-grub_efi_get_variable-type-in-our-loaders.patch @@ -0,0 +1,51 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Robbie Harwood +Date: Wed, 11 May 2022 16:37:14 -0400 +Subject: [PATCH] Fixup grub_efi_get_variable() type in our loaders + +Has a new type now that we have 04ae030d0eea8668d4417702d88bf2cf04713d80 +("efi: Return grub_efi_status_t from grub_efi_get_variable()"). + +Signed-off-by: Robbie Harwood +--- + grub-core/kern/efi/init.c | 4 ++-- + grub-core/kern/efi/sb.c | 4 ++-- + 2 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/grub-core/kern/efi/init.c b/grub-core/kern/efi/init.c +index 501608f743..565ce541f5 100644 +--- a/grub-core/kern/efi/init.c ++++ b/grub-core/kern/efi/init.c +@@ -104,8 +104,8 @@ grub_efi_env_init (void) + struct grub_envblk envblk_s = { NULL, 0 }; + grub_envblk_t envblk = &envblk_s; + +- envblk_s.buf = grub_efi_get_variable ("GRUB_ENV", &efi_grub_guid, +- &envblk_s.size); ++ grub_efi_get_variable ("GRUB_ENV", &efi_grub_guid, &envblk_s.size, ++ &envblk_s.buf); + if (!envblk_s.buf || envblk_s.size < 1) + return; + +diff --git a/grub-core/kern/efi/sb.c b/grub-core/kern/efi/sb.c +index d74778b0ca..f84d7d3080 100644 +--- a/grub-core/kern/efi/sb.c ++++ b/grub-core/kern/efi/sb.c +@@ -35,7 +35,7 @@ grub_efi_secure_boot (void) + char *setup_mode = NULL; + grub_efi_boolean_t ret = 0; + +- secure_boot = grub_efi_get_variable("SecureBoot", &efi_var_guid, &datasize); ++ grub_efi_get_variable("SecureBoot", &efi_var_guid, &datasize, &secure_boot); + if (datasize != 1 || !secure_boot) + { + grub_dprintf ("secureboot", "No SecureBoot variable\n"); +@@ -43,7 +43,7 @@ grub_efi_secure_boot (void) + } + grub_dprintf ("secureboot", "SecureBoot: %d\n", *secure_boot); + +- setup_mode = grub_efi_get_variable("SetupMode", &efi_var_guid, &datasize); ++ grub_efi_get_variable("SetupMode", &efi_var_guid, &datasize, &setup_mode); + if (datasize != 1 || !setup_mode) + { + grub_dprintf ("secureboot", "No SetupMode variable\n"); diff --git a/SOURCES/0555-Make-debug-file-show-which-file-filters-get-run.patch b/SOURCES/0555-Make-debug-file-show-which-file-filters-get-run.patch new file mode 100644 index 0000000..b614ef3 --- /dev/null +++ b/SOURCES/0555-Make-debug-file-show-which-file-filters-get-run.patch @@ -0,0 +1,47 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Fri, 29 Jul 2022 15:56:00 -0400 +Subject: [PATCH] Make debug=file show which file filters get run. + +If one of the file filters breaks things, it's hard to figure out where +it has happened. + +This makes grub log which filter is being run, which makes it easier to +figure out where you are in the sequence of events. + +Signed-off-by: Peter Jones +(cherry picked from commit d3d6518a13b5440a3be6c66b0ae47447182f2891) +(cherry picked from commit d197e70761b1383827e9008e21ee41c6c7015776) +--- + grub-core/kern/file.c | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +diff --git a/grub-core/kern/file.c b/grub-core/kern/file.c +index f062fc21e7..5e1f29d0dd 100644 +--- a/grub-core/kern/file.c ++++ b/grub-core/kern/file.c +@@ -30,6 +30,14 @@ void (*EXPORT_VAR (grub_grubnet_fini)) (void); + + grub_file_filter_t grub_file_filters[GRUB_FILE_FILTER_MAX]; + ++static char *filter_names[] = { ++ [GRUB_FILE_FILTER_VERIFY] = "GRUB_FILE_FILTER_VERIFY", ++ [GRUB_FILE_FILTER_GZIO] = "GRUB_FILE_FILTER_GZIO", ++ [GRUB_FILE_FILTER_XZIO] = "GRUB_FILE_FILTER_XZIO", ++ [GRUB_FILE_FILTER_LZOPIO] = "GRUB_FILE_FILTER_LZOPIO", ++ [GRUB_FILE_FILTER_MAX] = "GRUB_FILE_FILTER_MAX" ++}; ++ + /* Get the device part of the filename NAME. It is enclosed by parentheses. */ + char * + grub_file_get_device_name (const char *name) +@@ -121,6 +129,9 @@ grub_file_open (const char *name, enum grub_file_type type) + if (grub_file_filters[filter]) + { + last_file = file; ++ if (filter < GRUB_FILE_FILTER_MAX) ++ grub_dprintf ("file", "Running %s file filter\n", ++ filter_names[filter]); + file = grub_file_filters[filter] (file, type); + if (file && file != last_file) + { diff --git a/SOURCES/0556-efi-use-enumerated-array-positions-for-our-allocatio.patch b/SOURCES/0556-efi-use-enumerated-array-positions-for-our-allocatio.patch new file mode 100644 index 0000000..6f1bfc7 --- /dev/null +++ b/SOURCES/0556-efi-use-enumerated-array-positions-for-our-allocatio.patch @@ -0,0 +1,83 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Mon, 1 Aug 2022 14:06:30 -0400 +Subject: [PATCH] efi: use enumerated array positions for our allocation + choices + +In our kernel allocator on EFI systems, we currently have a growing +amount of code that references the various allocation policies by +position in the array, and of course maintenance of this code scales +very poorly. + +This patch changes them to be enumerated, so they're easier to refer to +farther along in the code without confusion. + +Signed-off-by: Peter Jones +(cherry picked from commit 6768026270cca015d7fef0ecc8a4119e9b3d3923) +(cherry picked from commit 50b2ca3274b6950393a4ffc7edde04a1a3de594e) +--- + grub-core/loader/i386/efi/linux.c | 31 ++++++++++++++++++++----------- + 1 file changed, 20 insertions(+), 11 deletions(-) + +diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c +index d80d6ec312..23b27f6507 100644 +--- a/grub-core/loader/i386/efi/linux.c ++++ b/grub-core/loader/i386/efi/linux.c +@@ -60,17 +60,26 @@ struct allocation_choice { + grub_efi_allocate_type_t alloc_type; + }; + +-static struct allocation_choice max_addresses[4] = ++enum { ++ KERNEL_PREF_ADDRESS, ++ KERNEL_4G_LIMIT, ++ KERNEL_NO_LIMIT, ++}; ++ ++static struct allocation_choice max_addresses[] = + { + /* the kernel overrides this one with pref_address and + * GRUB_EFI_ALLOCATE_ADDRESS */ +- { GRUB_EFI_MAX_ALLOCATION_ADDRESS, GRUB_EFI_ALLOCATE_MAX_ADDRESS }, ++ [KERNEL_PREF_ADDRESS] = ++ { GRUB_EFI_MAX_ALLOCATION_ADDRESS, GRUB_EFI_ALLOCATE_MAX_ADDRESS }, ++ /* If the flag in params is set, this one gets changed to be above 4GB. */ ++ [KERNEL_4G_LIMIT] = ++ { GRUB_EFI_MAX_ALLOCATION_ADDRESS, GRUB_EFI_ALLOCATE_MAX_ADDRESS }, + /* this one is always below 4GB, which we still *prefer* even if the flag + * is set. */ +- { GRUB_EFI_MAX_ALLOCATION_ADDRESS, GRUB_EFI_ALLOCATE_MAX_ADDRESS }, +- /* If the flag in params is set, this one gets changed to be above 4GB. */ +- { GRUB_EFI_MAX_ALLOCATION_ADDRESS, GRUB_EFI_ALLOCATE_MAX_ADDRESS }, +- { 0, 0 } ++ [KERNEL_NO_LIMIT] = ++ { GRUB_EFI_MAX_ALLOCATION_ADDRESS, GRUB_EFI_ALLOCATE_MAX_ADDRESS }, ++ { NO_MEM, 0, 0 } + }; + static struct allocation_choice saved_addresses[4]; + +@@ -423,7 +432,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + if (lh->xloadflags & LINUX_XLF_CAN_BE_LOADED_ABOVE_4G) + { + grub_dprintf ("linux", "Loading kernel above 4GB is supported; enabling.\n"); +- max_addresses[2].addr = GRUB_EFI_MAX_USABLE_ADDRESS; ++ max_addresses[KERNEL_NO_LIMIT].addr = GRUB_EFI_MAX_USABLE_ADDRESS; + } + else + { +@@ -495,11 +504,11 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + grub_dprintf ("linux", "lh->pref_address: %p\n", (void *)(grub_addr_t)lh->pref_address); + if (lh->pref_address < (grub_uint64_t)GRUB_EFI_MAX_ALLOCATION_ADDRESS) + { +- max_addresses[0].addr = lh->pref_address; +- max_addresses[0].alloc_type = GRUB_EFI_ALLOCATE_ADDRESS; ++ max_addresses[KERNEL_PREF_ADDRESS].addr = lh->pref_address; ++ max_addresses[KERNEL_PREF_ADDRESS].alloc_type = GRUB_EFI_ALLOCATE_ADDRESS; + } +- max_addresses[1].addr = GRUB_EFI_MAX_ALLOCATION_ADDRESS; +- max_addresses[2].addr = GRUB_EFI_MAX_ALLOCATION_ADDRESS; ++ max_addresses[KERNEL_4G_LIMIT].addr = GRUB_EFI_MAX_ALLOCATION_ADDRESS; ++ max_addresses[KERNEL_NO_LIMIT].addr = GRUB_EFI_MAX_ALLOCATION_ADDRESS; + kernel_size = lh->init_size; + kernel_mem = kernel_alloc (kernel_size, GRUB_EFI_RUNTIME_SERVICES_CODE, + N_("can't allocate kernel")); diff --git a/SOURCES/0557-efi-split-allocation-policy-for-kernel-vs-initrd-mem.patch b/SOURCES/0557-efi-split-allocation-policy-for-kernel-vs-initrd-mem.patch new file mode 100644 index 0000000..08d2765 --- /dev/null +++ b/SOURCES/0557-efi-split-allocation-policy-for-kernel-vs-initrd-mem.patch @@ -0,0 +1,129 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Mon, 1 Aug 2022 14:24:39 -0400 +Subject: [PATCH] efi: split allocation policy for kernel vs initrd memories. + +Currently in our kernel allocator, we use the same set of choices for +all of our various kernel and initramfs allocations, though they do not +have exactly the same constraints. + +This patch adds the concept of an allocation purpose, which currently +can be KERNEL_MEM or INITRD_MEM, and updates kernel_alloc() calls +appropriately, but does not change any current policy decision. It +also adds a few debug prints. + +Signed-off-by: Peter Jones +(cherry picked from commit 36307bed28cd838116fc4af26a30719660d62d4c) +(cherry picked from commit dc1196350b0cbe89582832f44df0fce67e0c9fb2) +--- + grub-core/loader/i386/efi/linux.c | 35 +++++++++++++++++++++++++++-------- + 1 file changed, 27 insertions(+), 8 deletions(-) + +diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c +index 23b27f6507..09e7596064 100644 +--- a/grub-core/loader/i386/efi/linux.c ++++ b/grub-core/loader/i386/efi/linux.c +@@ -55,7 +55,14 @@ struct grub_linuxefi_context { + + #define BYTES_TO_PAGES(bytes) (((bytes) + 0xfff) >> 12) + ++typedef enum { ++ NO_MEM, ++ KERNEL_MEM, ++ INITRD_MEM, ++} kernel_alloc_purpose_t; ++ + struct allocation_choice { ++ kernel_alloc_purpose_t purpose; + grub_efi_physical_address_t addr; + grub_efi_allocate_type_t alloc_type; + }; +@@ -64,6 +71,7 @@ enum { + KERNEL_PREF_ADDRESS, + KERNEL_4G_LIMIT, + KERNEL_NO_LIMIT, ++ INITRD_MAX_ADDRESS, + }; + + static struct allocation_choice max_addresses[] = +@@ -71,14 +79,17 @@ static struct allocation_choice max_addresses[] = + /* the kernel overrides this one with pref_address and + * GRUB_EFI_ALLOCATE_ADDRESS */ + [KERNEL_PREF_ADDRESS] = +- { GRUB_EFI_MAX_ALLOCATION_ADDRESS, GRUB_EFI_ALLOCATE_MAX_ADDRESS }, ++ { KERNEL_MEM, GRUB_EFI_MAX_ALLOCATION_ADDRESS, GRUB_EFI_ALLOCATE_MAX_ADDRESS }, + /* If the flag in params is set, this one gets changed to be above 4GB. */ + [KERNEL_4G_LIMIT] = +- { GRUB_EFI_MAX_ALLOCATION_ADDRESS, GRUB_EFI_ALLOCATE_MAX_ADDRESS }, ++ { KERNEL_MEM, GRUB_EFI_MAX_ALLOCATION_ADDRESS, GRUB_EFI_ALLOCATE_MAX_ADDRESS }, + /* this one is always below 4GB, which we still *prefer* even if the flag + * is set. */ + [KERNEL_NO_LIMIT] = +- { GRUB_EFI_MAX_ALLOCATION_ADDRESS, GRUB_EFI_ALLOCATE_MAX_ADDRESS }, ++ { KERNEL_MEM, GRUB_EFI_MAX_ALLOCATION_ADDRESS, GRUB_EFI_ALLOCATE_MAX_ADDRESS }, ++ /* this is for the initrd */ ++ [INITRD_MAX_ADDRESS] = ++ { INITRD_MEM, GRUB_EFI_MAX_ALLOCATION_ADDRESS, GRUB_EFI_ALLOCATE_MAX_ADDRESS }, + { NO_MEM, 0, 0 } + }; + static struct allocation_choice saved_addresses[4]; +@@ -95,7 +106,8 @@ kernel_free(void *addr, grub_efi_uintn_t size) + } + + static void * +-kernel_alloc(grub_efi_uintn_t size, ++kernel_alloc(kernel_alloc_purpose_t purpose, ++ grub_efi_uintn_t size, + grub_efi_memory_type_t memtype, + const char * const errmsg) + { +@@ -108,6 +120,9 @@ kernel_alloc(grub_efi_uintn_t size, + grub_uint64_t max = max_addresses[i].addr; + grub_efi_uintn_t pages; + ++ if (purpose != max_addresses[i].purpose) ++ continue; ++ + /* + * When we're *not* loading the kernel, or >4GB allocations aren't + * supported, these entries are basically all the same, so don't re-try +@@ -262,7 +277,8 @@ grub_cmd_initrd (grub_command_t cmd, int argc, char *argv[]) + } + } + +- initrd_mem = kernel_alloc(size, GRUB_EFI_RUNTIME_SERVICES_DATA, ++ grub_dprintf ("linux", "Trying to allocate initrd mem\n"); ++ initrd_mem = kernel_alloc(INITRD_MEM, size, GRUB_EFI_RUNTIME_SERVICES_DATA, + N_("can't allocate initrd")); + if (initrd_mem == NULL) + goto fail; +@@ -440,7 +456,8 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + } + #endif + +- params = kernel_alloc (sizeof(*params), GRUB_EFI_RUNTIME_SERVICES_DATA, ++ params = kernel_alloc (KERNEL_MEM, sizeof(*params), ++ GRUB_EFI_RUNTIME_SERVICES_DATA, + "cannot allocate kernel parameters"); + if (!params) + goto fail; +@@ -462,7 +479,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + grub_dprintf ("linux", "new lh is at %p\n", lh); + + grub_dprintf ("linux", "setting up cmdline\n"); +- cmdline = kernel_alloc (lh->cmdline_size + 1, ++ cmdline = kernel_alloc (KERNEL_MEM, lh->cmdline_size + 1, + GRUB_EFI_RUNTIME_SERVICES_DATA, + N_("can't allocate cmdline")); + if (!cmdline) +@@ -510,7 +527,9 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + max_addresses[KERNEL_4G_LIMIT].addr = GRUB_EFI_MAX_ALLOCATION_ADDRESS; + max_addresses[KERNEL_NO_LIMIT].addr = GRUB_EFI_MAX_ALLOCATION_ADDRESS; + kernel_size = lh->init_size; +- kernel_mem = kernel_alloc (kernel_size, GRUB_EFI_RUNTIME_SERVICES_CODE, ++ grub_dprintf ("linux", "Trying to allocate kernel mem\n"); ++ kernel_mem = kernel_alloc (KERNEL_MEM, kernel_size, ++ GRUB_EFI_RUNTIME_SERVICES_CODE, + N_("can't allocate kernel")); + restore_addresses(); + if (!kernel_mem) diff --git a/SOURCES/0558-efi-use-EFI_LOADER_-CODE-DATA-for-kernel-and-initrd-.patch b/SOURCES/0558-efi-use-EFI_LOADER_-CODE-DATA-for-kernel-and-initrd-.patch new file mode 100644 index 0000000..28f603e --- /dev/null +++ b/SOURCES/0558-efi-use-EFI_LOADER_-CODE-DATA-for-kernel-and-initrd-.patch @@ -0,0 +1,63 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Mon, 1 Aug 2022 13:04:43 -0400 +Subject: [PATCH] efi: use EFI_LOADER_(CODE|DATA) for kernel and initrd + allocations + +At some point due to an erroneous kernel warning, we switched kernel and +initramfs to being loaded in EFI_RUNTIME_SERVICES_CODE and +EFI_RUNTIME_SERVICES_DATA memory pools. This doesn't appear to be +correct according to the spec, and that kernel warning has gone away. + +This patch puts them back in EFI_LOADER_CODE and EFI_LOADER_DATA +allocations, respectively. + +Resolves: rhbz#2108456 + +Signed-off-by: Peter Jones +(cherry picked from commit 35b5d5fa47bc394c76022e6595b173e68f53225e) +(cherry picked from commit 66e1c922b40957fca488435e06a2f875a219844b) +--- + grub-core/loader/i386/efi/linux.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c +index 09e7596064..4d39023792 100644 +--- a/grub-core/loader/i386/efi/linux.c ++++ b/grub-core/loader/i386/efi/linux.c +@@ -278,7 +278,7 @@ grub_cmd_initrd (grub_command_t cmd, int argc, char *argv[]) + } + + grub_dprintf ("linux", "Trying to allocate initrd mem\n"); +- initrd_mem = kernel_alloc(INITRD_MEM, size, GRUB_EFI_RUNTIME_SERVICES_DATA, ++ initrd_mem = kernel_alloc(INITRD_MEM, size, GRUB_EFI_LOADER_DATA, + N_("can't allocate initrd")); + if (initrd_mem == NULL) + goto fail; +@@ -457,7 +457,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + #endif + + params = kernel_alloc (KERNEL_MEM, sizeof(*params), +- GRUB_EFI_RUNTIME_SERVICES_DATA, ++ GRUB_EFI_LOADER_DATA, + "cannot allocate kernel parameters"); + if (!params) + goto fail; +@@ -480,7 +480,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + + grub_dprintf ("linux", "setting up cmdline\n"); + cmdline = kernel_alloc (KERNEL_MEM, lh->cmdline_size + 1, +- GRUB_EFI_RUNTIME_SERVICES_DATA, ++ GRUB_EFI_LOADER_DATA, + N_("can't allocate cmdline")); + if (!cmdline) + goto fail; +@@ -529,7 +529,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + kernel_size = lh->init_size; + grub_dprintf ("linux", "Trying to allocate kernel mem\n"); + kernel_mem = kernel_alloc (KERNEL_MEM, kernel_size, +- GRUB_EFI_RUNTIME_SERVICES_CODE, ++ GRUB_EFI_LOADER_CODE, + N_("can't allocate kernel")); + restore_addresses(); + if (!kernel_mem) diff --git a/SOURCES/0559-ieee1275-implement-vec5-for-cas-negotiation.patch b/SOURCES/0559-ieee1275-implement-vec5-for-cas-negotiation.patch new file mode 100644 index 0000000..ff614f8 --- /dev/null +++ b/SOURCES/0559-ieee1275-implement-vec5-for-cas-negotiation.patch @@ -0,0 +1,72 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Diego Domingos +Date: Thu, 25 Aug 2022 11:37:56 -0400 +Subject: [PATCH] ieee1275: implement vec5 for cas negotiation + +As a legacy support, if the vector 5 is not implemented, Power +Hypervisor will consider the max CPUs as 64 instead 256 currently +supported during client-architecture-support negotiation. + +This patch implements the vector 5 and set the MAX CPUs to 256 while +setting the others values to 0 (default). + +Signed-off-by: Diego Domingos +Signed-off-by: Robbie Harwood +(cherry picked from commit f735c65b6da8a9d4251242b37774e1a517511253) +(cherry picked from commit 1639f43b2db4ac405ac2a92e50ed4cff351c3baa) +--- + grub-core/kern/ieee1275/init.c | 20 +++++++++++++++++++- + 1 file changed, 19 insertions(+), 1 deletion(-) + +diff --git a/grub-core/kern/ieee1275/init.c b/grub-core/kern/ieee1275/init.c +index 1414695cc6..37f3098c39 100644 +--- a/grub-core/kern/ieee1275/init.c ++++ b/grub-core/kern/ieee1275/init.c +@@ -307,6 +307,18 @@ struct option_vector2 { + grub_uint8_t max_pft_size; + } __attribute__((packed)); + ++struct option_vector5 { ++ grub_uint8_t byte1; ++ grub_uint8_t byte2; ++ grub_uint8_t byte3; ++ grub_uint8_t cmo; ++ grub_uint8_t associativity; ++ grub_uint8_t bin_opts; ++ grub_uint8_t micro_checkpoint; ++ grub_uint8_t reserved0; ++ grub_uint32_t max_cpus; ++} __attribute__((packed)); ++ + struct pvr_entry { + grub_uint32_t mask; + grub_uint32_t entry; +@@ -325,6 +337,8 @@ struct cas_vector { + grub_uint16_t vec3; + grub_uint8_t vec4_size; + grub_uint16_t vec4; ++ grub_uint8_t vec5_size; ++ struct option_vector5 vec5; + } __attribute__((packed)); + + /* Call ibm,client-architecture-support to try to get more RMA. +@@ -345,7 +359,7 @@ grub_ieee1275_ibm_cas (void) + } args; + struct cas_vector vector = { + .pvr_list = { { 0x00000000, 0xffffffff } }, /* any processor */ +- .num_vecs = 4 - 1, ++ .num_vecs = 5 - 1, + .vec1_size = 0, + .vec1 = 0x80, /* ignore */ + .vec2_size = 1 + sizeof(struct option_vector2) - 2, +@@ -356,6 +370,10 @@ grub_ieee1275_ibm_cas (void) + .vec3 = 0x00e0, // ask for FP + VMX + DFP but don't halt if unsatisfied + .vec4_size = 2 - 1, + .vec4 = 0x0001, // set required minimum capacity % to the lowest value ++ .vec5_size = 1 + sizeof(struct option_vector5) - 2, ++ .vec5 = { ++ 0, 0, 0, 0, 0, 0, 0, 0, 256 ++ } + }; + + INIT_IEEE1275_COMMON (&args.common, "call-method", 3, 2); diff --git a/SOURCES/0560-x86-efi-Fix-an-incorrect-array-size-in-kernel-alloca.patch b/SOURCES/0560-x86-efi-Fix-an-incorrect-array-size-in-kernel-alloca.patch new file mode 100644 index 0000000..a422b99 --- /dev/null +++ b/SOURCES/0560-x86-efi-Fix-an-incorrect-array-size-in-kernel-alloca.patch @@ -0,0 +1,38 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Tue, 11 Oct 2022 17:00:50 -0400 +Subject: [PATCH] x86-efi: Fix an incorrect array size in kernel allocation + +In 81a6ebf62bbe166ddc968463df2e8bd481bf697c ("efi: split allocation +policy for kernel vs initrd memories."), I introduced a split in the +kernel allocator to allow for different dynamic policies for the kernel +and the initrd allocations. + +Unfortunately, that change increased the size of the policy data used to +make decisions, but did not change the size of the temporary storage we +use to back it up and restore. This results in some of .data getting +clobbered at runtime, and hilarity ensues. + +This patch makes the size of the backup storage be based on the size of +the initial policy data. + +Signed-off-by: Peter Jones +(cherry picked from commit 37747b22342499a798ca3a8895770cd93b6e1258) +(cherry picked from commit 72713ce761720235c86bbda412480c97b2892e00) +--- + grub-core/loader/i386/efi/linux.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c +index 4d39023792..3d55f8b8d2 100644 +--- a/grub-core/loader/i386/efi/linux.c ++++ b/grub-core/loader/i386/efi/linux.c +@@ -92,7 +92,7 @@ static struct allocation_choice max_addresses[] = + { INITRD_MEM, GRUB_EFI_MAX_ALLOCATION_ADDRESS, GRUB_EFI_ALLOCATE_MAX_ADDRESS }, + { NO_MEM, 0, 0 } + }; +-static struct allocation_choice saved_addresses[4]; ++static struct allocation_choice saved_addresses[sizeof(max_addresses) / sizeof(max_addresses[0])]; + + #define save_addresses() grub_memcpy(saved_addresses, max_addresses, sizeof(max_addresses)) + #define restore_addresses() grub_memcpy(max_addresses, saved_addresses, sizeof(max_addresses)) diff --git a/SOURCES/0561-switch-to-blscfg-don-t-assume-newline-at-end-of-cfg.patch b/SOURCES/0561-switch-to-blscfg-don-t-assume-newline-at-end-of-cfg.patch new file mode 100644 index 0000000..fee71eb --- /dev/null +++ b/SOURCES/0561-switch-to-blscfg-don-t-assume-newline-at-end-of-cfg.patch @@ -0,0 +1,25 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Robbie Harwood +Date: Tue, 18 Oct 2022 14:15:28 -0400 +Subject: [PATCH] switch-to-blscfg: don't assume newline at end of cfg + +Signed-off-by: Robbie Harwood +--- + util/grub-switch-to-blscfg.in | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/util/grub-switch-to-blscfg.in b/util/grub-switch-to-blscfg.in +index eeea130770..5a97954c39 100644 +--- a/util/grub-switch-to-blscfg.in ++++ b/util/grub-switch-to-blscfg.in +@@ -277,7 +277,9 @@ if grep '^GRUB_ENABLE_BLSCFG=.*' "${etcdefaultgrub}" \ + fi + GENERATE=1 + elif ! grep -q '^GRUB_ENABLE_BLSCFG=.*' "${etcdefaultgrub}" ; then +- if ! echo 'GRUB_ENABLE_BLSCFG=true' >> "${etcdefaultgrub}" ; then ++ # prepend in case admins have been bad at newlines ++ sed -i '1iGRUB_ENABLE_BLSCFG=true' "${etcdefaultgrub}" ++ if ! grep -q '^GRUB_ENABLE_BLSCFG=true' "${etcdefaultgrub}" ; then + gettext_printf "Updating %s failed\n" "${etcdefaultgrub}" + exit 1 + fi diff --git a/SOURCES/0562-font-Reject-glyphs-exceeds-font-max_glyph_width-or-f.patch b/SOURCES/0562-font-Reject-glyphs-exceeds-font-max_glyph_width-or-f.patch new file mode 100644 index 0000000..e7f7a0c --- /dev/null +++ b/SOURCES/0562-font-Reject-glyphs-exceeds-font-max_glyph_width-or-f.patch @@ -0,0 +1,33 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Zhang Boyang +Date: Wed, 3 Aug 2022 19:45:33 +0800 +Subject: [PATCH] font: Reject glyphs exceeds font->max_glyph_width or + font->max_glyph_height + +Check glyph's width and height against limits specified in font's +metadata. Reject the glyph (and font) if such limits are exceeded. + +Signed-off-by: Zhang Boyang +Reviewed-by: Daniel Kiper +(cherry picked from commit 5760fcfd466cc757540ea0d591bad6a08caeaa16) +(cherry picked from commit 3b410ef4bb95e607cadeba2193fa90ae9bddb98d) +(cherry picked from commit 8ebe587def61af7893ebcae87d45c883f3cfb713) +--- + grub-core/font/font.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/grub-core/font/font.c b/grub-core/font/font.c +index b67507fcc8..8d1a990401 100644 +--- a/grub-core/font/font.c ++++ b/grub-core/font/font.c +@@ -760,7 +760,9 @@ grub_font_get_glyph_internal (grub_font_t font, grub_uint32_t code) + || read_be_uint16 (font->file, &height) != 0 + || read_be_int16 (font->file, &xoff) != 0 + || read_be_int16 (font->file, &yoff) != 0 +- || read_be_int16 (font->file, &dwidth) != 0) ++ || read_be_int16 (font->file, &dwidth) != 0 ++ || width > font->max_char_width ++ || height > font->max_char_height) + { + remove_font (font); + return 0; diff --git a/SOURCES/0563-font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch b/SOURCES/0563-font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch new file mode 100644 index 0000000..df3a705 --- /dev/null +++ b/SOURCES/0563-font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch @@ -0,0 +1,112 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Zhang Boyang +Date: Fri, 5 Aug 2022 00:51:20 +0800 +Subject: [PATCH] font: Fix size overflow in grub_font_get_glyph_internal() + +The length of memory allocation and file read may overflow. This patch +fixes the problem by using safemath macros. + +There is a lot of code repetition like "(x * y + 7) / 8". It is unsafe +if overflow happens. This patch introduces grub_video_bitmap_calc_1bpp_bufsz(). +It is safe replacement for such code. It has safemath-like prototype. + +This patch also introduces grub_cast(value, pointer), it casts value to +typeof(*pointer) then store the value to *pointer. It returns true when +overflow occurs or false if there is no overflow. The semantics of arguments +and return value are designed to be consistent with other safemath macros. + +Signed-off-by: Zhang Boyang +Reviewed-by: Daniel Kiper +(cherry picked from commit 941d10ad6f1dcbd12fb613002249e29ba035f985) +(cherry picked from commit 6bca9693878bdf61dd62b8c784862a48e75f569a) +(cherry picked from commit edbbda5486cf8c3dc2b68fbd3dead822ab448022) +--- + grub-core/font/font.c | 17 +++++++++++++---- + include/grub/bitmap.h | 18 ++++++++++++++++++ + include/grub/safemath.h | 2 ++ + 3 files changed, 33 insertions(+), 4 deletions(-) + +diff --git a/grub-core/font/font.c b/grub-core/font/font.c +index 8d1a990401..d6df79602d 100644 +--- a/grub-core/font/font.c ++++ b/grub-core/font/font.c +@@ -739,7 +739,8 @@ grub_font_get_glyph_internal (grub_font_t font, grub_uint32_t code) + grub_int16_t xoff; + grub_int16_t yoff; + grub_int16_t dwidth; +- int len; ++ grub_ssize_t len; ++ grub_size_t sz; + + if (index_entry->glyph) + /* Return cached glyph. */ +@@ -768,9 +769,17 @@ grub_font_get_glyph_internal (grub_font_t font, grub_uint32_t code) + return 0; + } + +- len = (width * height + 7) / 8; +- glyph = grub_malloc (sizeof (struct grub_font_glyph) + len); +- if (!glyph) ++ /* Calculate real struct size of current glyph. */ ++ if (grub_video_bitmap_calc_1bpp_bufsz (width, height, &len) || ++ grub_add (sizeof (struct grub_font_glyph), len, &sz)) ++ { ++ remove_font (font); ++ return 0; ++ } ++ ++ /* Allocate and initialize the glyph struct. */ ++ glyph = grub_malloc (sz); ++ if (glyph == NULL) + { + remove_font (font); + return 0; +diff --git a/include/grub/bitmap.h b/include/grub/bitmap.h +index 5728f8ca3a..0d9603f619 100644 +--- a/include/grub/bitmap.h ++++ b/include/grub/bitmap.h +@@ -23,6 +23,7 @@ + #include + #include + #include ++#include + + struct grub_video_bitmap + { +@@ -79,6 +80,23 @@ grub_video_bitmap_get_height (struct grub_video_bitmap *bitmap) + return bitmap->mode_info.height; + } + ++/* ++ * Calculate and store the size of data buffer of 1bit bitmap in result. ++ * Equivalent to "*result = (width * height + 7) / 8" if no overflow occurs. ++ * Return true when overflow occurs or false if there is no overflow. ++ * This function is intentionally implemented as a macro instead of ++ * an inline function. Although a bit awkward, it preserves data types for ++ * safemath macros and reduces macro side effects as much as possible. ++ * ++ * XXX: Will report false overflow if width * height > UINT64_MAX. ++ */ ++#define grub_video_bitmap_calc_1bpp_bufsz(width, height, result) \ ++({ \ ++ grub_uint64_t _bitmap_pixels; \ ++ grub_mul ((width), (height), &_bitmap_pixels) ? 1 : \ ++ grub_cast (_bitmap_pixels / GRUB_CHAR_BIT + !!(_bitmap_pixels % GRUB_CHAR_BIT), (result)); \ ++}) ++ + void EXPORT_FUNC (grub_video_bitmap_get_mode_info) (struct grub_video_bitmap *bitmap, + struct grub_video_mode_info *mode_info); + +diff --git a/include/grub/safemath.h b/include/grub/safemath.h +index 1ccac276b5..30800ad6a1 100644 +--- a/include/grub/safemath.h ++++ b/include/grub/safemath.h +@@ -30,6 +30,8 @@ + #define grub_sub(a, b, res) __builtin_sub_overflow(a, b, res) + #define grub_mul(a, b, res) __builtin_mul_overflow(a, b, res) + ++#define grub_cast(a, res) grub_add ((a), 0, (res)) ++ + #else + /* + * Copyright 2020 Rasmus Villemoes diff --git a/SOURCES/0564-font-Fix-several-integer-overflows-in-grub_font_cons.patch b/SOURCES/0564-font-Fix-several-integer-overflows-in-grub_font_cons.patch new file mode 100644 index 0000000..0afdf93 --- /dev/null +++ b/SOURCES/0564-font-Fix-several-integer-overflows-in-grub_font_cons.patch @@ -0,0 +1,81 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Zhang Boyang +Date: Fri, 5 Aug 2022 01:58:27 +0800 +Subject: [PATCH] font: Fix several integer overflows in + grub_font_construct_glyph() + +This patch fixes several integer overflows in grub_font_construct_glyph(). +Glyphs of invalid size, zero or leading to an overflow, are rejected. +The inconsistency between "glyph" and "max_glyph_size" when grub_malloc() +returns NULL is fixed too. + +Fixes: CVE-2022-2601 + +Reported-by: Zhang Boyang +Signed-off-by: Zhang Boyang +Reviewed-by: Daniel Kiper +(cherry picked from commit b1805f251b31a9d3cfae5c3572ddfa630145dbbf) +(cherry picked from commit b91eb9bd6c724339b7d7bb4765b9d36f1ee88b84) +(cherry picked from commit 1ebafd82dd19e522f0d753fd9828553fe8bcac78) +--- + grub-core/font/font.c | 29 +++++++++++++++++------------ + 1 file changed, 17 insertions(+), 12 deletions(-) + +diff --git a/grub-core/font/font.c b/grub-core/font/font.c +index d6df79602d..129aaa3838 100644 +--- a/grub-core/font/font.c ++++ b/grub-core/font/font.c +@@ -1517,6 +1517,7 @@ grub_font_construct_glyph (grub_font_t hinted_font, + struct grub_video_signed_rect bounds; + static struct grub_font_glyph *glyph = 0; + static grub_size_t max_glyph_size = 0; ++ grub_size_t cur_glyph_size; + + ensure_comb_space (glyph_id); + +@@ -1533,29 +1534,33 @@ grub_font_construct_glyph (grub_font_t hinted_font, + if (!glyph_id->ncomb && !glyph_id->attributes) + return main_glyph; + +- if (max_glyph_size < sizeof (*glyph) + (bounds.width * bounds.height + GRUB_CHAR_BIT - 1) / GRUB_CHAR_BIT) ++ if (grub_video_bitmap_calc_1bpp_bufsz (bounds.width, bounds.height, &cur_glyph_size) || ++ grub_add (sizeof (*glyph), cur_glyph_size, &cur_glyph_size)) ++ return main_glyph; ++ ++ if (max_glyph_size < cur_glyph_size) + { + grub_free (glyph); +- max_glyph_size = (sizeof (*glyph) + (bounds.width * bounds.height + GRUB_CHAR_BIT - 1) / GRUB_CHAR_BIT) * 2; +- if (max_glyph_size < 8) +- max_glyph_size = 8; +- glyph = grub_malloc (max_glyph_size); ++ if (grub_mul (cur_glyph_size, 2, &max_glyph_size)) ++ max_glyph_size = 0; ++ glyph = max_glyph_size > 0 ? grub_malloc (max_glyph_size) : NULL; + } + if (!glyph) + { ++ max_glyph_size = 0; + grub_errno = GRUB_ERR_NONE; + return main_glyph; + } + +- grub_memset (glyph, 0, sizeof (*glyph) +- + (bounds.width * bounds.height +- + GRUB_CHAR_BIT - 1) / GRUB_CHAR_BIT); ++ grub_memset (glyph, 0, cur_glyph_size); + + glyph->font = main_glyph->font; +- glyph->width = bounds.width; +- glyph->height = bounds.height; +- glyph->offset_x = bounds.x; +- glyph->offset_y = bounds.y; ++ if (bounds.width == 0 || bounds.height == 0 || ++ grub_cast (bounds.width, &glyph->width) || ++ grub_cast (bounds.height, &glyph->height) || ++ grub_cast (bounds.x, &glyph->offset_x) || ++ grub_cast (bounds.y, &glyph->offset_y)) ++ return main_glyph; + + if (glyph_id->attributes & GRUB_UNICODE_GLYPH_ATTRIBUTE_MIRROR) + grub_font_blit_glyph_mirror (glyph, main_glyph, diff --git a/SOURCES/0565-font-Remove-grub_font_dup_glyph.patch b/SOURCES/0565-font-Remove-grub_font_dup_glyph.patch new file mode 100644 index 0000000..2f9a33e --- /dev/null +++ b/SOURCES/0565-font-Remove-grub_font_dup_glyph.patch @@ -0,0 +1,42 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Zhang Boyang +Date: Fri, 5 Aug 2022 02:13:29 +0800 +Subject: [PATCH] font: Remove grub_font_dup_glyph() + +Remove grub_font_dup_glyph() since nobody is using it since 2013, and +I'm too lazy to fix the integer overflow problem in it. + +Signed-off-by: Zhang Boyang +Reviewed-by: Daniel Kiper +(cherry picked from commit 25ad31c19c331aaa2dbd9bd2b2e2655de5766a9d) +(cherry picked from commit ad950e1e033318bb50222ed268a6dcfb97389035) +(cherry picked from commit 71644fccc1d43309f0a379dcfe9341ec3bd9657d) +--- + grub-core/font/font.c | 14 -------------- + 1 file changed, 14 deletions(-) + +diff --git a/grub-core/font/font.c b/grub-core/font/font.c +index 129aaa3838..347e9dfa29 100644 +--- a/grub-core/font/font.c ++++ b/grub-core/font/font.c +@@ -1055,20 +1055,6 @@ grub_font_get_glyph_with_fallback (grub_font_t font, grub_uint32_t code) + return best_glyph; + } + +-#if 0 +-static struct grub_font_glyph * +-grub_font_dup_glyph (struct grub_font_glyph *glyph) +-{ +- static struct grub_font_glyph *ret; +- ret = grub_malloc (sizeof (*ret) + (glyph->width * glyph->height + 7) / 8); +- if (!ret) +- return NULL; +- grub_memcpy (ret, glyph, sizeof (*ret) +- + (glyph->width * glyph->height + 7) / 8); +- return ret; +-} +-#endif +- + /* FIXME: suboptimal. */ + static void + grub_font_blit_glyph (struct grub_font_glyph *target, diff --git a/SOURCES/0566-font-Fix-integer-overflow-in-ensure_comb_space.patch b/SOURCES/0566-font-Fix-integer-overflow-in-ensure_comb_space.patch new file mode 100644 index 0000000..baa2d74 --- /dev/null +++ b/SOURCES/0566-font-Fix-integer-overflow-in-ensure_comb_space.patch @@ -0,0 +1,48 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Zhang Boyang +Date: Fri, 5 Aug 2022 02:27:05 +0800 +Subject: [PATCH] font: Fix integer overflow in ensure_comb_space() + +In fact it can't overflow at all because glyph_id->ncomb is only 8-bit +wide. But let's keep safe if somebody changes the width of glyph_id->ncomb +in the future. This patch also fixes the inconsistency between +render_max_comb_glyphs and render_combining_glyphs when grub_malloc() +returns NULL. + +Signed-off-by: Zhang Boyang +Reviewed-by: Daniel Kiper +(cherry picked from commit b2740b7e4a03bb8331d48b54b119afea76bb9d5f) +(cherry picked from commit f66ea1e60c347408e92b6695d5105c7e0f24d568) +(cherry picked from commit 0e07159c24cdbb62a9d19fba8199065b049e03c7) +--- + grub-core/font/font.c | 14 +++++++++----- + 1 file changed, 9 insertions(+), 5 deletions(-) + +diff --git a/grub-core/font/font.c b/grub-core/font/font.c +index 347e9dfa29..1367e44743 100644 +--- a/grub-core/font/font.c ++++ b/grub-core/font/font.c +@@ -1468,14 +1468,18 @@ ensure_comb_space (const struct grub_unicode_glyph *glyph_id) + if (glyph_id->ncomb <= render_max_comb_glyphs) + return; + +- render_max_comb_glyphs = 2 * glyph_id->ncomb; +- if (render_max_comb_glyphs < 8) ++ if (grub_mul (glyph_id->ncomb, 2, &render_max_comb_glyphs)) ++ render_max_comb_glyphs = 0; ++ if (render_max_comb_glyphs > 0 && render_max_comb_glyphs < 8) + render_max_comb_glyphs = 8; + grub_free (render_combining_glyphs); +- render_combining_glyphs = grub_malloc (render_max_comb_glyphs +- * sizeof (render_combining_glyphs[0])); ++ render_combining_glyphs = (render_max_comb_glyphs > 0) ? ++ grub_calloc (render_max_comb_glyphs, sizeof (render_combining_glyphs[0])) : NULL; + if (!render_combining_glyphs) +- grub_errno = 0; ++ { ++ render_max_comb_glyphs = 0; ++ grub_errno = GRUB_ERR_NONE; ++ } + } + + int diff --git a/SOURCES/0567-font-Fix-integer-overflow-in-BMP-index.patch b/SOURCES/0567-font-Fix-integer-overflow-in-BMP-index.patch new file mode 100644 index 0000000..c28337d --- /dev/null +++ b/SOURCES/0567-font-Fix-integer-overflow-in-BMP-index.patch @@ -0,0 +1,65 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Zhang Boyang +Date: Mon, 15 Aug 2022 02:04:58 +0800 +Subject: [PATCH] font: Fix integer overflow in BMP index + +The BMP index (font->bmp_idx) is designed as a reverse lookup table of +char entries (font->char_index), in order to speed up lookups for BMP +chars (i.e. code < 0x10000). The values in BMP index are the subscripts +of the corresponding char entries, stored in grub_uint16_t, while 0xffff +means not found. + +This patch fixes the problem of large subscript truncated to grub_uint16_t, +leading BMP index to return wrong char entry or report false miss. The +code now checks for bounds and uses BMP index as a hint, and fallbacks +to binary-search if necessary. + +On the occasion add a comment about BMP index is initialized to 0xffff. + +Signed-off-by: Zhang Boyang +Reviewed-by: Daniel Kiper +(cherry picked from commit afda8b60ba0712abe01ae1e64c5f7a067a0e6492) +(cherry picked from commit 6d90568929e11739b56f09ebbce9185ca9c23519) +(cherry picked from commit b8c47c3dd6894b3135db861e3e563f661efad5c3) +--- + grub-core/font/font.c | 13 +++++++++---- + 1 file changed, 9 insertions(+), 4 deletions(-) + +diff --git a/grub-core/font/font.c b/grub-core/font/font.c +index 1367e44743..059c23dff7 100644 +--- a/grub-core/font/font.c ++++ b/grub-core/font/font.c +@@ -300,6 +300,8 @@ load_font_index (grub_file_t file, grub_uint32_t sect_length, struct + font->bmp_idx = grub_malloc (0x10000 * sizeof (grub_uint16_t)); + if (!font->bmp_idx) + return 1; ++ ++ /* Init the BMP index array to 0xffff. */ + grub_memset (font->bmp_idx, 0xff, 0x10000 * sizeof (grub_uint16_t)); + + +@@ -328,7 +330,7 @@ load_font_index (grub_file_t file, grub_uint32_t sect_length, struct + return 1; + } + +- if (entry->code < 0x10000) ++ if (entry->code < 0x10000 && i < 0xffff) + font->bmp_idx[entry->code] = i; + + last_code = entry->code; +@@ -696,9 +698,12 @@ find_glyph (const grub_font_t font, grub_uint32_t code) + /* Use BMP index if possible. */ + if (code < 0x10000 && font->bmp_idx) + { +- if (font->bmp_idx[code] == 0xffff) +- return 0; +- return &table[font->bmp_idx[code]]; ++ if (font->bmp_idx[code] < 0xffff) ++ return &table[font->bmp_idx[code]]; ++ /* ++ * When we are here then lookup in BMP index result in miss, ++ * fallthough to binary-search. ++ */ + } + + /* Do a binary search in `char_index', which is ordered by code point. */ diff --git a/SOURCES/0568-font-Fix-integer-underflow-in-binary-search-of-char-.patch b/SOURCES/0568-font-Fix-integer-underflow-in-binary-search-of-char-.patch new file mode 100644 index 0000000..31b66af --- /dev/null +++ b/SOURCES/0568-font-Fix-integer-underflow-in-binary-search-of-char-.patch @@ -0,0 +1,85 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Zhang Boyang +Date: Sun, 14 Aug 2022 18:09:38 +0800 +Subject: [PATCH] font: Fix integer underflow in binary search of char index + +If search target is less than all entries in font->index then "hi" +variable is set to -1, which translates to SIZE_MAX and leads to errors. + +This patch fixes the problem by replacing the entire binary search code +with the libstdc++'s std::lower_bound() implementation. + +Signed-off-by: Zhang Boyang +Reviewed-by: Daniel Kiper +(cherry picked from commit c140a086838e7c9af87842036f891b8393a8c4bc) +(cherry picked from commit e110997335b1744464ea232d57a7d86e16ca8dee) +(cherry picked from commit 403053a5116ae945f9515a82c37ff8cfb927362c) +--- + grub-core/font/font.c | 40 ++++++++++++++++++++++------------------ + 1 file changed, 22 insertions(+), 18 deletions(-) + +diff --git a/grub-core/font/font.c b/grub-core/font/font.c +index 059c23dff7..31786ab339 100644 +--- a/grub-core/font/font.c ++++ b/grub-core/font/font.c +@@ -688,12 +688,12 @@ read_be_int16 (grub_file_t file, grub_int16_t * value) + static inline struct char_index_entry * + find_glyph (const grub_font_t font, grub_uint32_t code) + { +- struct char_index_entry *table; +- grub_size_t lo; +- grub_size_t hi; +- grub_size_t mid; ++ struct char_index_entry *table, *first, *end; ++ grub_size_t len; + + table = font->char_index; ++ if (table == NULL) ++ return NULL; + + /* Use BMP index if possible. */ + if (code < 0x10000 && font->bmp_idx) +@@ -706,25 +706,29 @@ find_glyph (const grub_font_t font, grub_uint32_t code) + */ + } + +- /* Do a binary search in `char_index', which is ordered by code point. */ +- lo = 0; +- hi = font->num_chars - 1; ++ /* ++ * Do a binary search in char_index which is ordered by code point. ++ * The code below is the same as libstdc++'s std::lower_bound(). ++ */ ++ first = table; ++ len = font->num_chars; ++ end = first + len; + +- if (!table) +- return 0; +- +- while (lo <= hi) ++ while (len > 0) + { +- mid = lo + (hi - lo) / 2; +- if (code < table[mid].code) +- hi = mid - 1; +- else if (code > table[mid].code) +- lo = mid + 1; ++ grub_size_t half = len >> 1; ++ struct char_index_entry *middle = first + half; ++ ++ if (middle->code < code) ++ { ++ first = middle + 1; ++ len = len - half - 1; ++ } + else +- return &table[mid]; ++ len = half; + } + +- return 0; ++ return (first < end && first->code == code) ? first : NULL; + } + + /* Get a glyph for the Unicode character CODE in FONT. The glyph is loaded diff --git a/SOURCES/0569-fbutil-Fix-integer-overflow.patch b/SOURCES/0569-fbutil-Fix-integer-overflow.patch new file mode 100644 index 0000000..8854410 --- /dev/null +++ b/SOURCES/0569-fbutil-Fix-integer-overflow.patch @@ -0,0 +1,85 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Zhang Boyang +Date: Tue, 6 Sep 2022 03:03:21 +0800 +Subject: [PATCH] fbutil: Fix integer overflow + +Expressions like u64 = u32 * u32 are unsafe because their products are +truncated to u32 even if left hand side is u64. This patch fixes all +problems like that one in fbutil. + +To get right result not only left hand side have to be u64 but it's also +necessary to cast at least one of the operands of all leaf operators of +right hand side to u64, e.g. u64 = u32 * u32 + u32 * u32 should be +u64 = (u64)u32 * u32 + (u64)u32 * u32. + +For 1-bit bitmaps grub_uint64_t have to be used. It's safe because any +combination of values in (grub_uint64_t)u32 * u32 + u32 expression will +not overflow grub_uint64_t. + +Other expressions like ptr + u32 * u32 + u32 * u32 are also vulnerable. +They should be ptr + (grub_addr_t)u32 * u32 + (grub_addr_t)u32 * u32. + +This patch also adds a comment to grub_video_fb_get_video_ptr() which +says it's arguments must be valid and no sanity check is performed +(like its siblings in grub-core/video/fb/fbutil.c). + +Signed-off-by: Zhang Boyang +Reviewed-by: Daniel Kiper +(cherry picked from commit 50a11a81bc842c58962244a2dc86bbd31a426e12) +(cherry picked from commit 8fa75d647362c938c4cc302cf5945b31fb92c078) +(cherry picked from commit 91005e39b3c8b6ca8dcc84ecb19ac9328966aaea) +--- + grub-core/video/fb/fbutil.c | 4 ++-- + include/grub/fbutil.h | 13 +++++++++---- + 2 files changed, 11 insertions(+), 6 deletions(-) + +diff --git a/grub-core/video/fb/fbutil.c b/grub-core/video/fb/fbutil.c +index b98bb51fe8..25ef39f47d 100644 +--- a/grub-core/video/fb/fbutil.c ++++ b/grub-core/video/fb/fbutil.c +@@ -67,7 +67,7 @@ get_pixel (struct grub_video_fbblit_info *source, + case 1: + if (source->mode_info->blit_format == GRUB_VIDEO_BLIT_FORMAT_1BIT_PACKED) + { +- int bit_index = y * source->mode_info->width + x; ++ grub_uint64_t bit_index = (grub_uint64_t) y * source->mode_info->width + x; + grub_uint8_t *ptr = source->data + bit_index / 8; + int bit_pos = 7 - bit_index % 8; + color = (*ptr >> bit_pos) & 0x01; +@@ -138,7 +138,7 @@ set_pixel (struct grub_video_fbblit_info *source, + case 1: + if (source->mode_info->blit_format == GRUB_VIDEO_BLIT_FORMAT_1BIT_PACKED) + { +- int bit_index = y * source->mode_info->width + x; ++ grub_uint64_t bit_index = (grub_uint64_t) y * source->mode_info->width + x; + grub_uint8_t *ptr = source->data + bit_index / 8; + int bit_pos = 7 - bit_index % 8; + *ptr = (*ptr & ~(1 << bit_pos)) | ((color & 0x01) << bit_pos); +diff --git a/include/grub/fbutil.h b/include/grub/fbutil.h +index 4205eb917f..78a1ab3b45 100644 +--- a/include/grub/fbutil.h ++++ b/include/grub/fbutil.h +@@ -31,14 +31,19 @@ struct grub_video_fbblit_info + grub_uint8_t *data; + }; + +-/* Don't use for 1-bit bitmaps, addressing needs to be done at the bit level +- and it doesn't make sense, in general, to ask for a pointer +- to a particular pixel's data. */ ++/* ++ * Don't use for 1-bit bitmaps, addressing needs to be done at the bit level ++ * and it doesn't make sense, in general, to ask for a pointer ++ * to a particular pixel's data. ++ * ++ * This function assumes that bounds checking has been done in previous phase ++ * and they are opted out in here. ++ */ + static inline void * + grub_video_fb_get_video_ptr (struct grub_video_fbblit_info *source, + unsigned int x, unsigned int y) + { +- return source->data + y * source->mode_info->pitch + x * source->mode_info->bytes_per_pixel; ++ return source->data + (grub_addr_t) y * source->mode_info->pitch + (grub_addr_t) x * source->mode_info->bytes_per_pixel; + } + + /* Advance pointer by VAL bytes. If there is no unaligned access available, diff --git a/SOURCES/0570-font-Fix-an-integer-underflow-in-blit_comb.patch b/SOURCES/0570-font-Fix-an-integer-underflow-in-blit_comb.patch new file mode 100644 index 0000000..8da101f --- /dev/null +++ b/SOURCES/0570-font-Fix-an-integer-underflow-in-blit_comb.patch @@ -0,0 +1,91 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Zhang Boyang +Date: Mon, 24 Oct 2022 08:05:35 +0800 +Subject: [PATCH] font: Fix an integer underflow in blit_comb() + +The expression (ctx.bounds.height - combining_glyphs[i]->height) / 2 may +evaluate to a very big invalid value even if both ctx.bounds.height and +combining_glyphs[i]->height are small integers. For example, if +ctx.bounds.height is 10 and combining_glyphs[i]->height is 12, this +expression evaluates to 2147483647 (expected -1). This is because +coordinates are allowed to be negative but ctx.bounds.height is an +unsigned int. So, the subtraction operates on unsigned ints and +underflows to a very big value. The division makes things even worse. +The quotient is still an invalid value even if converted back to int. + +This patch fixes the problem by casting ctx.bounds.height to int. As +a result the subtraction will operate on int and grub_uint16_t which +will be promoted to an int. So, the underflow will no longer happen. Other +uses of ctx.bounds.height (and ctx.bounds.width) are also casted to int, +to ensure coordinates are always calculated on signed integers. + +Fixes: CVE-2022-3775 + +Reported-by: Daniel Axtens +Signed-off-by: Zhang Boyang +Reviewed-by: Daniel Kiper +(cherry picked from commit 6d2668dea3774ed74c4cd1eadd146f1b846bc3d4) +(cherry picked from commit 05e532fb707bbf79aa4e1efbde4d208d7da89d6b) +(cherry picked from commit 0b2592fbb245d53c5c42885d695ece03ddb0eb12) +--- + grub-core/font/font.c | 16 ++++++++-------- + 1 file changed, 8 insertions(+), 8 deletions(-) + +diff --git a/grub-core/font/font.c b/grub-core/font/font.c +index 31786ab339..fc9d92fce4 100644 +--- a/grub-core/font/font.c ++++ b/grub-core/font/font.c +@@ -1203,12 +1203,12 @@ blit_comb (const struct grub_unicode_glyph *glyph_id, + ctx.bounds.height = main_glyph->height; + + above_rightx = main_glyph->offset_x + main_glyph->width; +- above_righty = ctx.bounds.y + ctx.bounds.height; ++ above_righty = ctx.bounds.y + (int) ctx.bounds.height; + + above_leftx = main_glyph->offset_x; +- above_lefty = ctx.bounds.y + ctx.bounds.height; ++ above_lefty = ctx.bounds.y + (int) ctx.bounds.height; + +- below_rightx = ctx.bounds.x + ctx.bounds.width; ++ below_rightx = ctx.bounds.x + (int) ctx.bounds.width; + below_righty = ctx.bounds.y; + + comb = grub_unicode_get_comb (glyph_id); +@@ -1221,7 +1221,7 @@ blit_comb (const struct grub_unicode_glyph *glyph_id, + + if (!combining_glyphs[i]) + continue; +- targetx = (ctx.bounds.width - combining_glyphs[i]->width) / 2 + ctx.bounds.x; ++ targetx = ((int) ctx.bounds.width - combining_glyphs[i]->width) / 2 + ctx.bounds.x; + /* CGJ is to avoid diacritics reordering. */ + if (comb[i].code + == GRUB_UNICODE_COMBINING_GRAPHEME_JOINER) +@@ -1231,8 +1231,8 @@ blit_comb (const struct grub_unicode_glyph *glyph_id, + case GRUB_UNICODE_COMB_OVERLAY: + do_blit (combining_glyphs[i], + targetx, +- (ctx.bounds.height - combining_glyphs[i]->height) / 2 +- - (ctx.bounds.height + ctx.bounds.y), &ctx); ++ ((int) ctx.bounds.height - combining_glyphs[i]->height) / 2 ++ - ((int) ctx.bounds.height + ctx.bounds.y), &ctx); + if (min_devwidth < combining_glyphs[i]->width) + min_devwidth = combining_glyphs[i]->width; + break; +@@ -1305,7 +1305,7 @@ blit_comb (const struct grub_unicode_glyph *glyph_id, + /* Fallthrough. */ + case GRUB_UNICODE_STACK_ATTACHED_ABOVE: + do_blit (combining_glyphs[i], targetx, +- -(ctx.bounds.height + ctx.bounds.y + space ++ -((int) ctx.bounds.height + ctx.bounds.y + space + + combining_glyphs[i]->height), &ctx); + if (min_devwidth < combining_glyphs[i]->width) + min_devwidth = combining_glyphs[i]->width; +@@ -1313,7 +1313,7 @@ blit_comb (const struct grub_unicode_glyph *glyph_id, + + case GRUB_UNICODE_COMB_HEBREW_DAGESH: + do_blit (combining_glyphs[i], targetx, +- -(ctx.bounds.height / 2 + ctx.bounds.y ++ -((int) ctx.bounds.height / 2 + ctx.bounds.y + + combining_glyphs[i]->height / 2), &ctx); + if (min_devwidth < combining_glyphs[i]->width) + min_devwidth = combining_glyphs[i]->width; diff --git a/SOURCES/0571-font-Harden-grub_font_blit_glyph-and-grub_font_blit_.patch b/SOURCES/0571-font-Harden-grub_font_blit_glyph-and-grub_font_blit_.patch new file mode 100644 index 0000000..87b8e33 --- /dev/null +++ b/SOURCES/0571-font-Harden-grub_font_blit_glyph-and-grub_font_blit_.patch @@ -0,0 +1,75 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Zhang Boyang +Date: Mon, 24 Oct 2022 07:15:41 +0800 +Subject: [PATCH] font: Harden grub_font_blit_glyph() and + grub_font_blit_glyph_mirror() + +As a mitigation and hardening measure add sanity checks to +grub_font_blit_glyph() and grub_font_blit_glyph_mirror(). This patch +makes these two functions do nothing if target blitting area isn't fully +contained in target bitmap. Therefore, if complex calculations in caller +overflows and malicious coordinates are given, we are still safe because +any coordinates which result in out-of-bound-write are rejected. However, +this patch only checks for invalid coordinates, and doesn't provide any +protection against invalid source glyph or destination glyph, e.g. +mismatch between glyph size and buffer size. + +This hardening measure is designed to mitigate possible overflows in +blit_comb(). If overflow occurs, it may return invalid bounding box +during dry run and call grub_font_blit_glyph() with malicious +coordinates during actual blitting. However, we are still safe because +the scratch glyph itself is valid, although its size makes no sense, and +any invalid coordinates are rejected. + +It would be better to call grub_fatal() if illegal parameter is detected. +However, doing this may end up in a dangerous recursion because grub_fatal() +would print messages to the screen and we are in the progress of drawing +characters on the screen. + +Reported-by: Daniel Axtens +Signed-off-by: Zhang Boyang +Reviewed-by: Daniel Kiper +(cherry picked from commit fcd7aa0c278f7cf3fb9f93f1a3966e1792339eb6) +(cherry picked from commit 1d37ec63a1c76a14fdf70f548eada92667b42ddb) +(cherry picked from commit 686c72ea0a841343b7d8ab64e815751aa36e24b5) +--- + grub-core/font/font.c | 14 ++++++++++++++ + 1 file changed, 14 insertions(+) + +diff --git a/grub-core/font/font.c b/grub-core/font/font.c +index fc9d92fce4..cfa4bd5096 100644 +--- a/grub-core/font/font.c ++++ b/grub-core/font/font.c +@@ -1069,8 +1069,15 @@ static void + grub_font_blit_glyph (struct grub_font_glyph *target, + struct grub_font_glyph *src, unsigned dx, unsigned dy) + { ++ grub_uint16_t max_x, max_y; + unsigned src_bit, tgt_bit, src_byte, tgt_byte; + unsigned i, j; ++ ++ /* Harden against out-of-bound writes. */ ++ if ((grub_add (dx, src->width, &max_x) || max_x > target->width) || ++ (grub_add (dy, src->height, &max_y) || max_y > target->height)) ++ return; ++ + for (i = 0; i < src->height; i++) + { + src_bit = (src->width * i) % 8; +@@ -1102,9 +1109,16 @@ grub_font_blit_glyph_mirror (struct grub_font_glyph *target, + struct grub_font_glyph *src, + unsigned dx, unsigned dy) + { ++ grub_uint16_t max_x, max_y; + unsigned tgt_bit, src_byte, tgt_byte; + signed src_bit; + unsigned i, j; ++ ++ /* Harden against out-of-bound writes. */ ++ if ((grub_add (dx, src->width, &max_x) || max_x > target->width) || ++ (grub_add (dy, src->height, &max_y) || max_y > target->height)) ++ return; ++ + for (i = 0; i < src->height; i++) + { + src_bit = (src->width * i + src->width - 1) % 8; diff --git a/SOURCES/0572-font-Assign-null_font-to-glyphs-in-ascii_font_glyph.patch b/SOURCES/0572-font-Assign-null_font-to-glyphs-in-ascii_font_glyph.patch new file mode 100644 index 0000000..981d5df --- /dev/null +++ b/SOURCES/0572-font-Assign-null_font-to-glyphs-in-ascii_font_glyph.patch @@ -0,0 +1,36 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Zhang Boyang +Date: Fri, 28 Oct 2022 17:29:16 +0800 +Subject: [PATCH] font: Assign null_font to glyphs in ascii_font_glyph[] + +The calculations in blit_comb() need information from glyph's font, e.g. +grub_font_get_xheight(main_glyph->font). However, main_glyph->font is +NULL if main_glyph comes from ascii_font_glyph[]. Therefore +grub_font_get_*() crashes because of NULL pointer. + +There is already a solution, the null_font. So, assign it to those glyphs +in ascii_font_glyph[]. + +Reported-by: Daniel Axtens +Signed-off-by: Zhang Boyang +Reviewed-by: Daniel Kiper +(cherry picked from commit dd539d695482069d28b40f2d3821f710cdcf6ee6) +(cherry picked from commit 87526376857eaceae474c9797e3cee5b50597332) +(cherry picked from commit b4807bbb09d9adf82fe9ae12a3af1c852dc4e32d) +--- + grub-core/font/font.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/grub-core/font/font.c b/grub-core/font/font.c +index cfa4bd5096..30cd1fe07f 100644 +--- a/grub-core/font/font.c ++++ b/grub-core/font/font.c +@@ -137,7 +137,7 @@ ascii_glyph_lookup (grub_uint32_t code) + ascii_font_glyph[current]->offset_x = 0; + ascii_font_glyph[current]->offset_y = -2; + ascii_font_glyph[current]->device_width = 8; +- ascii_font_glyph[current]->font = NULL; ++ ascii_font_glyph[current]->font = &null_font; + + grub_memcpy (ascii_font_glyph[current]->bitmap, + &ascii_bitmaps[current * ASCII_BITMAP_SIZE], diff --git a/SOURCES/0573-normal-charset-Fix-an-integer-overflow-in-grub_unico.patch b/SOURCES/0573-normal-charset-Fix-an-integer-overflow-in-grub_unico.patch new file mode 100644 index 0000000..283d560 --- /dev/null +++ b/SOURCES/0573-normal-charset-Fix-an-integer-overflow-in-grub_unico.patch @@ -0,0 +1,55 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Zhang Boyang +Date: Fri, 28 Oct 2022 21:31:39 +0800 +Subject: [PATCH] normal/charset: Fix an integer overflow in + grub_unicode_aglomerate_comb() + +The out->ncomb is a bit-field of 8 bits. So, the max possible value is 255. +However, code in grub_unicode_aglomerate_comb() doesn't check for an +overflow when incrementing out->ncomb. If out->ncomb is already 255, +after incrementing it will get 0 instead of 256, and cause illegal +memory access in subsequent processing. + +This patch introduces GRUB_UNICODE_NCOMB_MAX to represent the max +acceptable value of ncomb. The code now checks for this limit and +ignores additional combining characters when limit is reached. + +Reported-by: Daniel Axtens +Signed-off-by: Zhang Boyang +Reviewed-by: Daniel Kiper +(cherry picked from commit da90d62316a3b105d2fbd7334d6521936bd6dcf6) +(cherry picked from commit 26fafec86000b5322837722a115279ef03922ca6) +(cherry picked from commit 872fba1c44dee2ab5cb36b2c7a883847f91ed907) +--- + grub-core/normal/charset.c | 3 +++ + include/grub/unicode.h | 2 ++ + 2 files changed, 5 insertions(+) + +diff --git a/grub-core/normal/charset.c b/grub-core/normal/charset.c +index 7b2de12001..4849cf06f7 100644 +--- a/grub-core/normal/charset.c ++++ b/grub-core/normal/charset.c +@@ -472,6 +472,9 @@ grub_unicode_aglomerate_comb (const grub_uint32_t *in, grub_size_t inlen, + if (!haveout) + continue; + ++ if (out->ncomb == GRUB_UNICODE_NCOMB_MAX) ++ continue; ++ + if (comb_type == GRUB_UNICODE_COMB_MC + || comb_type == GRUB_UNICODE_COMB_ME + || comb_type == GRUB_UNICODE_COMB_MN) +diff --git a/include/grub/unicode.h b/include/grub/unicode.h +index 4de986a857..c4f6fca043 100644 +--- a/include/grub/unicode.h ++++ b/include/grub/unicode.h +@@ -147,7 +147,9 @@ struct grub_unicode_glyph + grub_uint8_t bidi_level:6; /* minimum: 6 */ + enum grub_bidi_type bidi_type:5; /* minimum: :5 */ + ++#define GRUB_UNICODE_NCOMB_MAX ((1 << 8) - 1) + unsigned ncomb:8; ++ + /* Hint by unicode subsystem how wide this character usually is. + Real width is determined by font. Set only in UTF-8 stream. */ + int estimated_width:8; diff --git a/SOURCES/0574-Enable-TDX-measurement-to-RTMR-register.patch b/SOURCES/0574-Enable-TDX-measurement-to-RTMR-register.patch new file mode 100644 index 0000000..3fd5d5a --- /dev/null +++ b/SOURCES/0574-Enable-TDX-measurement-to-RTMR-register.patch @@ -0,0 +1,227 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Lu Ken +Date: Sat, 3 Jul 2021 10:50:37 -0400 +Subject: [PATCH] Enable TDX measurement to RTMR register + +Intel Trust Domain Extensions(Intel TDX) refers to an Intel technology +that extends Virtual Machine Extensions(VMX) and Multi-Key Total Memory +Encryption(MK-TME) with a new kind of virtual machine guest called a +Trust Domain(TD)[1]. A TD runs in a CPU mode that protects the confidentiality +of its memory contents and its CPU state from any other software, including +the hosting Virtual Machine Monitor (VMM). + +Trust Domain Virtual Firmware (TDVF) is required to provide TD services to +the TD guest OS.[2] Its reference code is available at https://github.com/tianocore/edk2-staging/tree/TDVF. + +To support TD measurement/attestation, TDs provide 4 RTMR registers like +TPM/TPM2 PCR as below: +- RTMR[0] is for TDVF configuration +- RTMR[1] is for the TD OS loader and kernel +- RTMR[2] is for the OS application +- RTMR[3] is reserved for special usage only + +This patch adds TD Measurement protocol support along with TPM/TPM2 protocol. + +References: +[1] https://software.intel.com/content/dam/develop/external/us/en/documents/tdx-whitepaper-v4.pdf +[2] https://software.intel.com/content/dam/develop/external/us/en/documents/tdx-virtual-firmware-design-guide-rev-1.pdf + +Signed-off-by: Lu Ken +(cherry picked from commit 841a0977397cf12a5498d439b8aaf8bf28ff8544) +--- + grub-core/Makefile.core.def | 1 + + grub-core/kern/efi/tdx.c | 70 +++++++++++++++++++++++++++++++++++++++++++++ + grub-core/kern/tpm.c | 4 +++ + include/grub/efi/tdx.h | 26 +++++++++++++++++ + include/grub/tdx.h | 36 +++++++++++++++++++++++ + 5 files changed, 137 insertions(+) + create mode 100644 grub-core/kern/efi/tdx.c + create mode 100644 include/grub/efi/tdx.h + create mode 100644 include/grub/tdx.h + +diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def +index 637d7203e3..2787d59c52 100644 +--- a/grub-core/Makefile.core.def ++++ b/grub-core/Makefile.core.def +@@ -200,6 +200,7 @@ kernel = { + efi = kern/efi/acpi.c; + efi = kern/lockdown.c; + efi = lib/envblk.c; ++ efi = kern/efi/tdx.c; + efi = kern/efi/tpm.c; + i386_coreboot = kern/i386/pc/acpi.c; + i386_multiboot = kern/i386/pc/acpi.c; +diff --git a/grub-core/kern/efi/tdx.c b/grub-core/kern/efi/tdx.c +new file mode 100644 +index 0000000000..3a49f8d117 +--- /dev/null ++++ b/grub-core/kern/efi/tdx.c +@@ -0,0 +1,70 @@ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++static grub_efi_guid_t tdx_guid = EFI_TDX_GUID; ++ ++static inline grub_err_t grub_tdx_dprintf(grub_efi_status_t status) ++{ ++ switch (status) { ++ case GRUB_EFI_SUCCESS: ++ return 0; ++ case GRUB_EFI_DEVICE_ERROR: ++ grub_dprintf ("tdx", "Command failed: 0x%"PRIxGRUB_EFI_STATUS"\n", ++ status); ++ return GRUB_ERR_IO; ++ case GRUB_EFI_INVALID_PARAMETER: ++ grub_dprintf ("tdx", "Invalid parameter: 0x%"PRIxGRUB_EFI_STATUS"\n", ++ status); ++ return GRUB_ERR_BAD_ARGUMENT; ++ case GRUB_EFI_VOLUME_FULL: ++ grub_dprintf ("tdx", "Volume is full: 0x%"PRIxGRUB_EFI_STATUS"\n", ++ status); ++ return GRUB_ERR_BAD_ARGUMENT; ++ case GRUB_EFI_UNSUPPORTED: ++ grub_dprintf ("tdx", "TDX unavailable: 0x%"PRIxGRUB_EFI_STATUS"\n", ++ status); ++ return GRUB_ERR_UNKNOWN_DEVICE; ++ default: ++ grub_dprintf ("tdx", "Unknown TDX error: 0x%"PRIxGRUB_EFI_STATUS"\n", ++ status); ++ return GRUB_ERR_UNKNOWN_DEVICE; ++ } ++} ++ ++grub_err_t ++grub_tdx_log_event(unsigned char *buf, grub_size_t size, grub_uint8_t pcr, ++ const char *description) ++{ ++ EFI_TCG2_EVENT *event; ++ grub_efi_status_t status; ++ grub_efi_tdx_protocol_t *tdx; ++ ++ tdx = grub_efi_locate_protocol (&tdx_guid, NULL); ++ ++ if (!tdx) ++ return 0; ++ ++ event = grub_zalloc(sizeof (EFI_TCG2_EVENT) + grub_strlen(description) + 1); ++ if (!event) ++ return grub_error (GRUB_ERR_OUT_OF_MEMORY, ++ N_("cannot allocate TCG2 event buffer")); ++ ++ event->Header.HeaderSize = sizeof(EFI_TCG2_EVENT_HEADER); ++ event->Header.HeaderVersion = 1; ++ event->Header.PCRIndex = pcr; ++ event->Header.EventType = EV_IPL; ++ event->Size = sizeof(*event) - sizeof(event->Event) + grub_strlen(description) + 1; ++ grub_memcpy(event->Event, description, grub_strlen(description) + 1); ++ ++ status = efi_call_5 (tdx->hash_log_extend_event, tdx, 0, (unsigned long) buf, ++ (grub_uint64_t) size, event); ++ ++ return grub_tdx_dprintf(status); ++} +\ No newline at end of file +diff --git a/grub-core/kern/tpm.c b/grub-core/kern/tpm.c +index e5e8fced62..71cc4252c1 100644 +--- a/grub-core/kern/tpm.c ++++ b/grub-core/kern/tpm.c +@@ -4,6 +4,7 @@ + #include + #include + #include ++#include + + grub_err_t + grub_tpm_measure (unsigned char *buf, grub_size_t size, grub_uint8_t pcr, +@@ -13,6 +14,9 @@ grub_tpm_measure (unsigned char *buf, grub_size_t size, grub_uint8_t pcr, + char *desc = grub_xasprintf("%s %s", kind, description); + if (!desc) + return GRUB_ERR_OUT_OF_MEMORY; ++ ++ grub_tdx_log_event(buf, size, pcr, desc); ++ + ret = grub_tpm_log_event(buf, size, pcr, desc); + grub_free(desc); + return ret; +diff --git a/include/grub/efi/tdx.h b/include/grub/efi/tdx.h +new file mode 100644 +index 0000000000..9bdac2a275 +--- /dev/null ++++ b/include/grub/efi/tdx.h +@@ -0,0 +1,26 @@ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2015 Free Software Foundation, Inc. ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ */ ++ ++#ifndef GRUB_EFI_TDX_HEADER ++#define GRUB_EFI_TDX_HEADER 1 ++ ++#define EFI_TDX_GUID {0x96751a3d, 0x72f4, 0x41a6, {0xa7, 0x94, 0xed, 0x5d, 0x0e, 0x67, 0xae, 0x6b}}; ++ ++typedef grub_efi_tpm2_protocol_t grub_efi_tdx_protocol_t; ++ ++#endif +\ No newline at end of file +diff --git a/include/grub/tdx.h b/include/grub/tdx.h +new file mode 100644 +index 0000000000..4a98008e39 +--- /dev/null ++++ b/include/grub/tdx.h +@@ -0,0 +1,36 @@ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2015 Free Software Foundation, Inc. ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ */ ++ ++#ifndef GRUB_TDX_HEADER ++#define GRUB_TDX_HEADER 1 ++ ++#if defined (GRUB_MACHINE_EFI) ++grub_err_t grub_tdx_log_event(unsigned char *buf, grub_size_t size, ++ grub_uint8_t pcr, const char *description); ++#else ++static inline grub_err_t grub_tdx_log_event( ++ unsigned char *buf __attribute__ ((unused)), ++ grub_size_t size __attribute__ ((unused)), ++ grub_uint8_t pcr __attribute__ ((unused)), ++ const char *description __attribute__ ((unused))) ++{ ++ return 0; ++}; ++#endif ++ ++#endif diff --git a/SOURCES/0575-Enable-shared-processor-mode-in-vector-5.patch b/SOURCES/0575-Enable-shared-processor-mode-in-vector-5.patch new file mode 100644 index 0000000..b7563d7 --- /dev/null +++ b/SOURCES/0575-Enable-shared-processor-mode-in-vector-5.patch @@ -0,0 +1,28 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Avnish Chouhan +Date: Tue, 24 Jan 2023 08:01:47 -0500 +Subject: [PATCH] Enable shared processor mode in vector 5 + +This patch is to update the vector 5 which is troubling some +machines to bootup properly in shared processor mode. + +Signed-off-by: Avnish Chouhan +(cherry picked from commit 30d2ee836649386a336f9437c8a149c8e642a46b) +(cherry picked from commit 7e309d139c5eca1f03659e612a14499213e79c95) +--- + grub-core/kern/ieee1275/init.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/grub-core/kern/ieee1275/init.c b/grub-core/kern/ieee1275/init.c +index 37f3098c39..3ea9b73b2a 100644 +--- a/grub-core/kern/ieee1275/init.c ++++ b/grub-core/kern/ieee1275/init.c +@@ -372,7 +372,7 @@ grub_ieee1275_ibm_cas (void) + .vec4 = 0x0001, // set required minimum capacity % to the lowest value + .vec5_size = 1 + sizeof(struct option_vector5) - 2, + .vec5 = { +- 0, 0, 0, 0, 0, 0, 0, 0, 256 ++ 0, 192, 0, 128, 0, 0, 0, 0, 256 + } + }; + diff --git a/SOURCES/0576-efi-http-change-uint32_t-to-uintn_t-for-grub_efi_htt.patch b/SOURCES/0576-efi-http-change-uint32_t-to-uintn_t-for-grub_efi_htt.patch new file mode 100644 index 0000000..65ac476 --- /dev/null +++ b/SOURCES/0576-efi-http-change-uint32_t-to-uintn_t-for-grub_efi_htt.patch @@ -0,0 +1,30 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Matt Hsiao +Date: Mon, 24 Apr 2023 13:39:05 +0800 +Subject: [PATCH] efi/http: change uint32_t to uintn_t for + grub_efi_http_message_t + +Modify UINT32 to UINTN in EFI_HTTP_MESSAGE to be UEFI 2.9 compliant. + +Signed-off-by: Matt Hsiao +Signed-off-by: Nicolas Frayer +--- + include/grub/efi/http.h | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/include/grub/efi/http.h b/include/grub/efi/http.h +index c5e9a89f5050..ad164ba1913d 100644 +--- a/include/grub/efi/http.h ++++ b/include/grub/efi/http.h +@@ -171,9 +171,9 @@ typedef struct { + grub_efi_http_request_data_t *request; + grub_efi_http_response_data_t *response; + } data; +- grub_efi_uint32_t header_count; ++ grub_efi_uintn_t header_count; + grub_efi_http_header_t *headers; +- grub_efi_uint32_t body_length; ++ grub_efi_uintn_t body_length; + void *body; + } grub_efi_http_message_t; + diff --git a/SOURCES/0577-ieee1275-Converting-plain-numbers-to-constants-in-Ve.patch b/SOURCES/0577-ieee1275-Converting-plain-numbers-to-constants-in-Ve.patch new file mode 100644 index 0000000..ce3e113 --- /dev/null +++ b/SOURCES/0577-ieee1275-Converting-plain-numbers-to-constants-in-Ve.patch @@ -0,0 +1,46 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Avnish Chouhan +Date: Thu, 23 Mar 2023 08:16:25 -0400 +Subject: [PATCH] ieee1275 : Converting plain numbers to constants in Vec5 + +This patch converts the plain numbers used in Vec5 properties to +constants. + +1. LPAR : Client program supports logical partitioning and + associated hcall()s. +2. SPLPAR : Client program supports the Shared + Processor LPAR Option. +3. CMO : Enables the Cooperative Memory Over-commitment Option. +4. MAX_CPU : Defines maximum number of CPUs supported. + +Signed-off-by: Avnish Chouhan +--- + grub-core/kern/ieee1275/init.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/grub-core/kern/ieee1275/init.c b/grub-core/kern/ieee1275/init.c +index 3ea9b73b2a59..2516e02091cb 100644 +--- a/grub-core/kern/ieee1275/init.c ++++ b/grub-core/kern/ieee1275/init.c +@@ -56,6 +56,12 @@ extern char _end[]; + grub_addr_t grub_ieee1275_original_stack; + #endif + ++#define LPAR 0x80 ++#define SPLPAR 0x40 ++#define BYTE2 (LPAR | SPLPAR) ++#define CMO 0x80 ++#define MAX_CPU 256 ++ + void + grub_exit (int rc __attribute__((unused))) + { +@@ -372,7 +378,7 @@ grub_ieee1275_ibm_cas (void) + .vec4 = 0x0001, // set required minimum capacity % to the lowest value + .vec5_size = 1 + sizeof(struct option_vector5) - 2, + .vec5 = { +- 0, 192, 0, 128, 0, 0, 0, 0, 256 ++ 0, BYTE2, 0, CMO, 0, 0, 0, 0, MAX_CPU + } + }; + diff --git a/SOURCES/0578-ieee1275-extended-support-in-options-vector5.patch b/SOURCES/0578-ieee1275-extended-support-in-options-vector5.patch new file mode 100644 index 0000000..48b224c --- /dev/null +++ b/SOURCES/0578-ieee1275-extended-support-in-options-vector5.patch @@ -0,0 +1,125 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Avnish Chouhan +Date: Thu, 23 Mar 2023 08:33:12 -0400 +Subject: [PATCH] ieee1275 : extended support in options vector5 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This patch enables the multiple options in Options Vector5 which are +required and solves the boot issue seen on some machines which are looking for these specific options. + +1. LPAR : Client program supports logical partitioning and + associated hcall()s. +2. SPLPAR : Client program supports the Shared + Processor LPAR Option. +3. DYN_RCON_MEM : Client program supports the + “ibm,dynamic-reconfiguration-memory” property and it may be + presented in the device tree. +4. LARGE_PAGES : Client supports pages larger than 4 KB. +5. DONATE_DCPU_CLS : Client supports donating dedicated processor cycles. +6. PCI_EXP : Client supports PCI Express implementations + utilizing Message Signaled Interrupts (MSIs). + +7. CMOC : Enables the Cooperative Memory Over-commitment Option. +8. EXT_CMO : Enables the Extended Cooperative Memory Over-commit + Option. + +9. ASSOC_REF : Enables “ibm,associativity” and + “ibm,associativity-reference-points” properties. +10. AFFINITY : Enables Platform Resource Reassignment Notification. +11. NUMA : Supports NUMA Distance Lookup Table Option. + +12. HOTPLUG_INTRPT : Supports Hotplug Interrupts. +13. HPT_RESIZE : Enable Hash Page Table Resize Option. + +14. MAX_CPU : Defines maximum number of CPUs supported. + +15. PFO_HWRNG : Supports Random Number Generator. +16. PFO_HW_COMP : Supports Compression Engine. +17. PFO_ENCRYPT : Supports Encryption Engine. + +18. SUB_PROCESSORS : Supports Sub-Processors. + +19. DY_MEM_V2 : Client program supports the “ibm,dynamic-memory-v2” property in the + “ibm,dynamic-reconfiguration-memory” node and it may be presented in the device tree. +20. DRC_INFO : Client program supports the “ibm,drc-info” property definition and it may be + presented in the device tree. + +Signed-off-by: Avnish Chouhan +--- + grub-core/kern/ieee1275/init.c | 47 ++++++++++++++++++++++++++++++++++++------ + 1 file changed, 41 insertions(+), 6 deletions(-) + +diff --git a/grub-core/kern/ieee1275/init.c b/grub-core/kern/ieee1275/init.c +index 2516e02091cb..1fae84440403 100644 +--- a/grub-core/kern/ieee1275/init.c ++++ b/grub-core/kern/ieee1275/init.c +@@ -56,11 +56,41 @@ extern char _end[]; + grub_addr_t grub_ieee1275_original_stack; + #endif + +-#define LPAR 0x80 +-#define SPLPAR 0x40 +-#define BYTE2 (LPAR | SPLPAR) +-#define CMO 0x80 +-#define MAX_CPU 256 ++/* Options vector5 properties */ ++ ++#define LPAR 0x80 ++#define SPLPAR 0x40 ++#define DYN_RCON_MEM 0x20 ++#define LARGE_PAGES 0x10 ++#define DONATE_DCPU_CLS 0x02 ++#define PCI_EXP 0x01 ++#define BYTE2 (LPAR | SPLPAR | DYN_RCON_MEM | LARGE_PAGES | DONATE_DCPU_CLS | PCI_EXP) ++ ++#define CMOC 0x80 ++#define EXT_CMO 0x40 ++#define CMO (CMOC | EXT_CMO) ++ ++#define ASSOC_REF 0x80 ++#define AFFINITY 0x40 ++#define NUMA 0x20 ++#define ASSOCIATIVITY (ASSOC_REF | AFFINITY | NUMA) ++ ++#define HOTPLUG_INTRPT 0x04 ++#define HPT_RESIZE 0x01 ++#define BIN_OPTS (HOTPLUG_INTRPT | HPT_RESIZE) ++ ++#define MAX_CPU 256 ++ ++#define PFO_HWRNG 0x80000000 ++#define PFO_HW_COMP 0x40000000 ++#define PFO_ENCRYPT 0x20000000 ++#define PLATFORM_FACILITIES (PFO_HWRNG | PFO_HW_COMP | PFO_ENCRYPT) ++ ++#define SUB_PROCESSORS 1 ++ ++#define DY_MEM_V2 0x80 ++#define DRC_INFO 0x40 ++#define BYTE22 (DY_MEM_V2 | DRC_INFO) + + void + grub_exit (int rc __attribute__((unused))) +@@ -323,6 +353,11 @@ struct option_vector5 { + grub_uint8_t micro_checkpoint; + grub_uint8_t reserved0; + grub_uint32_t max_cpus; ++ grub_uint16_t base_PAPR; ++ grub_uint16_t mem_reference; ++ grub_uint32_t platform_facilities; ++ grub_uint8_t sub_processors; ++ grub_uint8_t byte22; + } __attribute__((packed)); + + struct pvr_entry { +@@ -378,7 +413,7 @@ grub_ieee1275_ibm_cas (void) + .vec4 = 0x0001, // set required minimum capacity % to the lowest value + .vec5_size = 1 + sizeof(struct option_vector5) - 2, + .vec5 = { +- 0, BYTE2, 0, CMO, 0, 0, 0, 0, MAX_CPU ++ 0, BYTE2, 0, CMO, ASSOCIATIVITY, BIN_OPTS, 0, 0, MAX_CPU, 0, 0, PLATFORM_FACILITIES, SUB_PROCESSORS, BYTE22 + } + }; + diff --git a/SOURCES/0579-Regenerate-kernelopts-if-missing-on-ppc.patch b/SOURCES/0579-Regenerate-kernelopts-if-missing-on-ppc.patch new file mode 100644 index 0000000..4895dd1 --- /dev/null +++ b/SOURCES/0579-Regenerate-kernelopts-if-missing-on-ppc.patch @@ -0,0 +1,36 @@ +From 8c74431327e0c7d7fe47462b0e69fcbe3bbac56e Mon Sep 17 00:00:00 2001 +From: Marta Lewandowska +Date: Fri, 24 Mar 2023 09:14:29 -0400 +Subject: [PATCH] Regenerate kernelopts if missing on ppc + +Signed-off-by: Marta Lewandowska +--- + util/grub.d/10_linux_bls.in | 12 ++++++++++++ + 1 file changed, 12 insertions(+) + +diff --git a/util/grub.d/10_linux_bls.in b/util/grub.d/10_linux_bls.in +index 855dbdd..f2281bc 100644 +--- a/util/grub.d/10_linux_bls.in ++++ b/util/grub.d/10_linux_bls.in +@@ -117,6 +117,18 @@ cat < +Date: Tue, 8 Aug 2023 12:21:55 -0400 +Subject: [PATCH] kern/ieee1275/init: ppc64: Restrict high memory in presence + of fadump + +This is a backport of the patch with the same name to grub 2.02. + +When a kernel dump is present then restrict the high memory regions to +avoid allocating memory where the kernel dump resides. Use the +ibm,kernel-dump node under /rtas to determine whether a kernel dump exists +and up to which limit grub can use available memory. Set the +upper_mem_limit to the size of the kernel dump section of type +'REAL_MODE_REGION' and therefore only allow grub's memory usage for high +addresses from 768MB to 'upper_mem_limit'. This means that grub can +use high memory in the range of 768MB to upper_mem_limit and +the kernel-dump memory regions above 'upper_mem_limit' remain untouched. +This change has no effect on memory allocations below 640MB. + +Also, fall back to allocating below 640MB in case the chunk of +memory there would be larger than the chunk of memory above 768MB. +This can for example occur if a free memory area is found starting at 300MB +extending up to 1GB but a kernel dump is located at 768MB and therefore +does not allow the allocation of the high memory area but requiring to use +the chunk starting at 300MB to avoid an unnecessary out-of-memory +condition. + +Signed-off-by: Stefan Berger +Cc: Hari Bathini +Cc: Pavithra Prakash +Cc: Michael Ellerman +Cc: Carolyn Scherrer +Cc: Mahesh Salgaonkar +Cc: Sourabh Jain +--- + grub-core/kern/ieee1275/init.c | 139 +++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 139 insertions(+) + +diff --git a/grub-core/kern/ieee1275/init.c b/grub-core/kern/ieee1275/init.c +index 1fae84440403..31843ab70a62 100644 +--- a/grub-core/kern/ieee1275/init.c ++++ b/grub-core/kern/ieee1275/init.c +@@ -17,6 +17,8 @@ + * along with GRUB. If not, see . + */ + ++#include /* offsetof() */ ++ + #include + #include + #include +@@ -180,6 +182,97 @@ grub_claim_heap (void) + + GRUB_KERNEL_MACHINE_STACK_SIZE), 0x200000); + } + #else ++ ++/* ibm,kernel-dump data structures */ ++struct kd_section ++{ ++ grub_uint32_t flags; ++ grub_uint16_t src_datatype; ++#define KD_SRC_DATATYPE_REAL_MODE_REGION 0x0011 ++ grub_uint16_t error_flags; ++ grub_uint64_t src_address; ++ grub_uint64_t num_bytes; ++ grub_uint64_t act_bytes; ++ grub_uint64_t dst_address; ++} GRUB_PACKED; ++ ++#define MAX_KD_SECTIONS 10 ++ ++struct kernel_dump ++{ ++ grub_uint32_t format; ++ grub_uint16_t num_sections; ++ grub_uint16_t status_flags; ++ grub_uint32_t offset_1st_section; ++ grub_uint32_t num_blocks; ++ grub_uint64_t start_block; ++ grub_uint64_t num_blocks_avail; ++ grub_uint32_t offet_path_string; ++ grub_uint32_t max_time_allowed; ++ struct kd_section kds[MAX_KD_SECTIONS]; /* offset_1st_section should point to kds[0] */ ++} GRUB_PACKED; ++ ++/* ++ * Determine if a kernel dump exists and if it does, then determine the highest ++ * address that grub can use for memory allocations. ++ * The caller must have initialized *highest to ~0. *highest will not ++ * be modified if no kernel dump is found. ++ */ ++static int ++check_kernel_dump (grub_uint64_t *highest) ++{ ++ struct kernel_dump kernel_dump; ++ grub_ssize_t kernel_dump_size; ++ grub_ieee1275_phandle_t rtas; ++ struct kd_section *kds; ++ grub_size_t i; ++ ++ /* If there's a kernel-dump it must have at least one section */ ++ if (grub_ieee1275_finddevice ("/rtas", &rtas) || ++ grub_ieee1275_get_property (rtas, "ibm,kernel-dump", &kernel_dump, ++ sizeof (kernel_dump), &kernel_dump_size) || ++ kernel_dump_size <= (grub_ssize_t) offsetof (struct kernel_dump, kds[1])) ++ return 0; ++ ++ kernel_dump_size = grub_min (kernel_dump_size, (grub_ssize_t) sizeof (kernel_dump)); ++ ++ if (grub_be_to_cpu32 (kernel_dump.format) != 1) ++ { ++ grub_printf (_("Error: ibm,kernel-dump has an unexpected format version '%u'\n"), ++ grub_be_to_cpu32 (kernel_dump.format)); ++ return 0; ++ } ++ ++ if (grub_be_to_cpu16 (kernel_dump.num_sections) > MAX_KD_SECTIONS) ++ { ++ grub_printf (_("Error: Too many kernel dump sections: %d\n"), ++ grub_be_to_cpu32 (kernel_dump.num_sections)); ++ return 0; ++ } ++ ++ for (i = 0; i < grub_be_to_cpu16 (kernel_dump.num_sections); i++) ++ { ++ kds = (struct kd_section *) ((grub_addr_t) &kernel_dump + ++ grub_be_to_cpu32 (kernel_dump.offset_1st_section) + ++ i * sizeof (struct kd_section)); ++ /* sanity check the address is within the 'kernel_dump' struct */ ++ if ((grub_addr_t) kds > (grub_addr_t) &kernel_dump + kernel_dump_size + sizeof (*kds)) ++ { ++ grub_printf (_("Error: 'kds' address beyond last available section\n")); ++ return 0; ++ } ++ ++ if ((grub_be_to_cpu16 (kds->src_datatype) == KD_SRC_DATATYPE_REAL_MODE_REGION) && ++ (grub_be_to_cpu64 (kds->src_address) == 0)) ++ { ++ *highest = grub_min (*highest, grub_be_to_cpu64 (kds->num_bytes)); ++ break; ++ } ++ } ++ ++ return 1; ++} ++ + /* Helper for grub_claim_heap on powerpc. */ + static int + heap_size (grub_uint64_t addr, grub_uint64_t len, grub_memory_type_t type, +@@ -207,7 +300,9 @@ static int + heap_init (grub_uint64_t addr, grub_uint64_t len, grub_memory_type_t type, + void *data) + { ++ grub_uint64_t upper_mem_limit = ~0; + grub_uint32_t total = *(grub_uint32_t *)data; ++ int has_kernel_dump; + + if (type != GRUB_MEMORY_AVAILABLE) + return 0; +@@ -243,6 +338,50 @@ heap_init (grub_uint64_t addr, grub_uint64_t len, grub_memory_type_t type, + len = 0; + } + ++ has_kernel_dump = check_kernel_dump (&upper_mem_limit); ++ if (has_kernel_dump) ++ { ++ grub_uint64_t lo_len = 0, hi_len = 0; ++ ++ if (addr > upper_mem_limit || upper_mem_limit == (grub_uint64_t)~0) ++ return 0; ++ ++ /* limit len to stay below upper_mem_limit */ ++ if (addr < upper_mem_limit && (addr + len) > upper_mem_limit) ++ { ++ len = grub_min (len, upper_mem_limit - addr); ++ } ++ ++ /* We can allocate below 640MB or above 768MB. ++ * Choose the bigger chunk below 640MB or above 768MB. ++ */ ++ if (addr < 0x28000000) ++ { ++ lo_len = grub_min (len, 0x28000000 - addr); ++ } ++ if (addr + len > 0x30000000) ++ { ++ if (addr < 0x30000000) ++ hi_len = len - (0x30000000 - addr); ++ else ++ hi_len = len; ++ } ++ ++ if (hi_len > lo_len) ++ { ++ len = hi_len; ++ if (addr < 0x30000000) ++ addr = 0x30000000; ++ } ++ else ++ { ++ len = lo_len; ++ } ++ ++ if (len == 0) ++ return 0; ++ } ++ + /* If this block contains 0x30000000 (768MB), do not claim below that. + Linux likes to claim memory at min(RMO top, 768MB) and works down + without reference to /memory/available. */ diff --git a/SOURCES/0581-util-Enable-default-kernel-for-updates.patch b/SOURCES/0581-util-Enable-default-kernel-for-updates.patch new file mode 100644 index 0000000..64c5def --- /dev/null +++ b/SOURCES/0581-util-Enable-default-kernel-for-updates.patch @@ -0,0 +1,34 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Nicolas Frayer +Date: Wed, 24 May 2023 11:22:47 +0200 +Subject: [PATCH] util: Enable default kernel for updates + +Several kernel variants can be installed on a system in parallel. +In order to allow the user to choose which kernel will be set to +default after an update, re-enable grub's usage of DEFAULTKERNEL as +set in /etc/sysconfig/kernel + +Signed-off-by: Nicolas Frayer +--- + util/grub-get-kernel-settings.in | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/util/grub-get-kernel-settings.in b/util/grub-get-kernel-settings.in +index 7e87dfccc0e4..f71bc64360b0 100644 +--- a/util/grub-get-kernel-settings.in ++++ b/util/grub-get-kernel-settings.in +@@ -68,6 +68,14 @@ if test -f /etc/sysconfig/kernel ; then + . /etc/sysconfig/kernel + fi + ++GRUB_DEFAULT_KERNEL_TYPE=${DEFAULTKERNEL/-core/} ++if [ "$GRUB_DEFAULT_KERNEL_TYPE" != "kernel" ]; then ++ echo GRUB_NON_STANDARD_KERNEL=true ++ echo export GRUB_NON_STANDARD_KERNEL ++ GRUB_DEFAULT_KERNEL_TYPE=${GRUB_DEFAULT_KERNEL_TYPE/kernel-/} ++fi ++echo GRUB_DEFAULT_KERNEL_TYPE=$GRUB_DEFAULT_KERNEL_TYPE ++echo export GRUB_DEFAULT_KERNEL_TYPE + if [ "$MAKEDEBUG" = "yes" ]; then + echo GRUB_LINUX_MAKE_DEBUG=true + echo export GRUB_LINUX_MAKE_DEBUG diff --git a/SOURCES/0582-grub-set-bootflag-Conservative-partial-fix-for-CVE-2.patch b/SOURCES/0582-grub-set-bootflag-Conservative-partial-fix-for-CVE-2.patch new file mode 100644 index 0000000..ca9d396 --- /dev/null +++ b/SOURCES/0582-grub-set-bootflag-Conservative-partial-fix-for-CVE-2.patch @@ -0,0 +1,150 @@ +From 9ca4c3fe1c7dbd62e8ad6a23cb1b1fda695fdb44 Mon Sep 17 00:00:00 2001 +From: Solar Designer +Date: Tue, 6 Feb 2024 21:39:41 +0100 +Subject: [PATCH 1/3] grub-set-bootflag: Conservative partial fix for + CVE-2024-1048 + +Following up on CVE-2019-14865 and taking a fresh look at +grub2-set-bootflag now (through my work at CIQ on Rocky Linux), I saw some +other ways in which users could still abuse this little program: + +1. After CVE-2019-14865 fix, grub2-set-bootflag no longer rewrites the +grubenv file in-place, but writes into a temporary file and renames it +over the original, checking for error returns from each call first. +This prevents the original file truncation vulnerability, but it can +leave the temporary file around if the program is killed before it can +rename or remove the file. There are still many ways to get the program +killed, such as through RLIMIT_FSIZE triggering SIGXFSZ (tested, +reliable) or by careful timing (tricky) of signals sent by process group +leader, pty, pre-scheduled timers, SIGXCPU (probably not an exhaustive +list). Invoking the program multiple times fills up /boot (or if /boot +is not separate, then it can fill up the root filesystem). Since the +files are tiny, the filesystem is likely to run out of free inodes +before it'd run out of blocks, but the effect is similar - can't create +new files after this point (but still can add data to existing files, +such as logs). + +2. After CVE-2019-14865 fix, grub2-set-bootflag naively tries to protect +itself from signals by becoming full root. (This does protect it from +signals sent by the user directly to the PID, but e.g. "kill -9 -1" by +the user still works.) A side effect of such "protection" is that it's +possible to invoke more concurrent instances of grub2-set-bootflag than +the user's RLIMIT_NPROC would normally permit (as specified e.g. in +/etc/security/limits.conf, or say in Apache httpd's RLimitNPROC if +grub2-set-bootflag would be abused by a website script), thereby +exhausting system resources (e.g., bypassing RAM usage limit if +RLIMIT_AS was also set). + +3. umask is inherited. Again, due to how the CVE-2019-14865 fix creates +a new file, and due to how mkstemp() works, this affects grubenv's new +file permissions. Luckily, mkstemp() forces them to be no more relaxed +than 0600, but the user ends up being able to set them e.g. to 0. +Luckily, at least in my testing GRUB still works fine even when the file +has such (lack of) permissions. + +This commit deals with the abuses above as follows: + +1. RLIMIT_FSIZE is pre-checked, so this specific way to get the process +killed should no longer work. However, this isn't a complete fix +because there are other ways to get the process killed after it has +created the temporary file. + +The commit also fixes bug 1975892 ("RFE: grub2-set-bootflag should not +write the grubenv when the flag being written is already set") and +similar for "menu_show_once", which further reduces the abuse potential. + +2. RLIMIT_NPROC bypass should be avoided by not becoming full root (aka +dropping the partial "kill protection"). + +3. A safe umask is set. + +This is a partial fix (temporary files can still accumulate, but this is +harder to trigger). + +While at it, this commit also fixes potential 1- or 2-byte over-read of +env[] if its content is malformed - this was not a security issue since the +grubenv file is trusted input, and the fix is just for robustness. + +Signed-off-by: Solar Designer +--- + util/grub-set-bootflag.c | 29 ++++++++++++++++------------- + 1 file changed, 16 insertions(+), 13 deletions(-) + +diff --git a/util/grub-set-bootflag.c b/util/grub-set-bootflag.c +index a85f11fceacb..5b932f76b6f4 100644 +--- a/util/grub-set-bootflag.c ++++ b/util/grub-set-bootflag.c +@@ -32,6 +32,8 @@ + #include + #include + #include ++#include ++#include + + #define GRUBENV "/" GRUB_BOOT_DIR_NAME "/" GRUB_DIR_NAME "/" GRUB_ENVBLK_DEFCFG + #define GRUBENV_SIZE 1024 +@@ -54,12 +56,17 @@ static void usage(void) + int main(int argc, char *argv[]) + { + /* NOTE buf must be at least the longest bootflag length + 4 bytes */ +- char env[GRUBENV_SIZE + 1], buf[64], *s; ++ char env[GRUBENV_SIZE + 1 + 2], buf[64], *s; + /* +1 for 0 termination, +6 for "XXXXXX" in tmp filename */ + char env_filename[PATH_MAX + 1], tmp_filename[PATH_MAX + 6 + 1]; + const char *bootflag; + int i, fd, len, ret; + FILE *f; ++ struct rlimit rlim; ++ ++ if (getrlimit(RLIMIT_FSIZE, &rlim) || rlim.rlim_cur < GRUBENV_SIZE || rlim.rlim_max < GRUBENV_SIZE) ++ return 1; ++ umask(077); + + if (argc != 2) + { +@@ -81,20 +88,11 @@ int main(int argc, char *argv[]) + len = strlen (bootflag); + + /* +- * Really become root. setuid avoids an user killing us, possibly leaking +- * the tmpfile. setgid avoids the new grubenv's gid being that of the user. ++ * setegid avoids the new grubenv's gid being that of the user. + */ +- ret = setuid(0); +- if (ret) +- { +- perror ("Error setuid(0) failed"); +- return 1; +- } +- +- ret = setgid(0); +- if (ret) ++ if (setegid(0)) + { +- perror ("Error setgid(0) failed"); ++ perror ("Error setegid(0) failed"); + return 1; + } + +@@ -123,6 +121,9 @@ int main(int argc, char *argv[]) + + /* 0 terminate env */ + env[GRUBENV_SIZE] = 0; ++ /* not a valid flag value */ ++ env[GRUBENV_SIZE + 1] = 0; ++ env[GRUBENV_SIZE + 2] = 0; + + if (strncmp (env, GRUB_ENVBLK_SIGNATURE, strlen (GRUB_ENVBLK_SIGNATURE))) + { +@@ -158,6 +159,8 @@ int main(int argc, char *argv[]) + + /* The grubenv is not 0 terminated, so memcpy the name + '=' , '1', '\n' */ + snprintf(buf, sizeof(buf), "%s=1\n", bootflag); ++ if (!memcmp(s, buf, len + 3)) ++ return 0; /* nothing to do */ + memcpy(s, buf, len + 3); + + +-- +2.43.0 + diff --git a/SOURCES/0583-grub-set-bootflag-More-complete-fix-for-CVE-2024-104.patch b/SOURCES/0583-grub-set-bootflag-More-complete-fix-for-CVE-2024-104.patch new file mode 100644 index 0000000..a7416c1 --- /dev/null +++ b/SOURCES/0583-grub-set-bootflag-More-complete-fix-for-CVE-2024-104.patch @@ -0,0 +1,187 @@ +From f4c7783c2b695794938748a6567e86456ed2314a Mon Sep 17 00:00:00 2001 +From: Solar Designer +Date: Tue, 6 Feb 2024 21:56:21 +0100 +Subject: [PATCH 2/3] grub-set-bootflag: More complete fix for CVE-2024-1048 + +Switch to per-user fixed temporary filenames along with a weird locking +mechanism, which is explained in source code comments. This is a more +complete fix than the previous commit (temporary files can't accumulate). +Unfortunately, it introduces new risks (by working on a temporary file +shared between the user's invocations), which are _hopefully_ avoided by +the patch's elaborate logic. I actually got it wrong at first, which +suggests that this logic is hard to reason about, and more errors or +omissions are possible. It also relies on the kernel's primitives' exact +semantics to a greater extent (nothing out of the ordinary, though). + +Remaining issues that I think cannot reasonably be fixed without a +redesign (e.g., having per-flag files with nothing else in them) and +without introducing new issues: + +A. A user can still revert a concurrent user's attempt of setting the +other flag - or of making other changes to grubenv by means other than +this program. + +B. One leftover temporary file per user is still possible. + +Signed-off-by: Solar Designer +--- + util/grub-set-bootflag.c | 87 ++++++++++++++++++++++++++++++++++------ + 1 file changed, 75 insertions(+), 12 deletions(-) + +diff --git a/util/grub-set-bootflag.c b/util/grub-set-bootflag.c +index 5b932f76b6f4..698b55a1ab93 100644 +--- a/util/grub-set-bootflag.c ++++ b/util/grub-set-bootflag.c +@@ -32,6 +32,7 @@ + #include + #include + #include ++#include + #include + #include + +@@ -57,15 +58,12 @@ int main(int argc, char *argv[]) + { + /* NOTE buf must be at least the longest bootflag length + 4 bytes */ + char env[GRUBENV_SIZE + 1 + 2], buf[64], *s; +- /* +1 for 0 termination, +6 for "XXXXXX" in tmp filename */ +- char env_filename[PATH_MAX + 1], tmp_filename[PATH_MAX + 6 + 1]; ++ /* +1 for 0 termination, +11 for ".%u" in tmp filename */ ++ char env_filename[PATH_MAX + 1], tmp_filename[PATH_MAX + 11 + 1]; + const char *bootflag; + int i, fd, len, ret; + FILE *f; +- struct rlimit rlim; + +- if (getrlimit(RLIMIT_FSIZE, &rlim) || rlim.rlim_cur < GRUBENV_SIZE || rlim.rlim_max < GRUBENV_SIZE) +- return 1; + umask(077); + + if (argc != 2) +@@ -92,7 +90,7 @@ int main(int argc, char *argv[]) + */ + if (setegid(0)) + { +- perror ("Error setegid(0) failed"); ++ perror ("setegid(0) failed"); + return 1; + } + +@@ -163,19 +161,82 @@ int main(int argc, char *argv[]) + return 0; /* nothing to do */ + memcpy(s, buf, len + 3); + ++ struct rlimit rlim; ++ if (getrlimit(RLIMIT_FSIZE, &rlim) || rlim.rlim_cur < GRUBENV_SIZE || rlim.rlim_max < GRUBENV_SIZE) ++ { ++ fprintf (stderr, "Resource limits undetermined or too low\n"); ++ return 1; ++ } ++ ++ /* ++ * Here we work under the premise that we shouldn't write into the target ++ * file directly because we might not be able to have all of our changes ++ * written completely and atomically. That was CVE-2019-14865, known to ++ * have been triggerable via RLIMIT_FSIZE. While we've dealt with that ++ * specific attack via the check above, there may be other possibilities. ++ */ + + /* + * Create a tempfile for writing the new env. Use the canonicalized filename + * for the template so that the tmpfile is in the same dir / on same fs. ++ * ++ * We now use per-user fixed temporary filenames, so that a user cannot cause ++ * multiple files to accumulate. ++ * ++ * We don't use O_EXCL so that a stale temporary file doesn't prevent further ++ * usage of the program by the user. + */ +- snprintf(tmp_filename, sizeof(tmp_filename), "%sXXXXXX", env_filename); +- fd = mkstemp(tmp_filename); ++ snprintf(tmp_filename, sizeof(tmp_filename), "%s.%u", env_filename, getuid()); ++ fd = open(tmp_filename, O_CREAT | O_WRONLY, 0600); + if (fd == -1) + { + perror ("Creating tmpfile failed"); + return 1; + } + ++ /* ++ * The lock prevents the same user from reaching further steps ending in ++ * rename() concurrently, in which case the temporary file only partially ++ * written by one invocation could be renamed to the target file by another. ++ * ++ * The lock also guards the slow fsync() from concurrent calls. After the ++ * first time that and the rename() complete, further invocations for the ++ * same flag become no-ops. ++ * ++ * We lock the temporary file rather than the target file because locking the ++ * latter would allow any user having SIGSTOP'ed their process to make all ++ * other users' invocations fail (or lock up if we'd use blocking mode). ++ * ++ * We use non-blocking mode (LOCK_NB) because the lock having been taken by ++ * another process implies that the other process would normally have already ++ * renamed the file to target by the time it releases the lock (and we could ++ * acquire it), so we'd be working directly on the target if we proceeded, ++ * which is undesirable, and we'd kind of fail on the already-done rename. ++ */ ++ if (flock(fd, LOCK_EX | LOCK_NB)) ++ { ++ perror ("Locking tmpfile failed"); ++ return 1; ++ } ++ ++ /* ++ * Deal with the potential that another invocation proceeded all the way to ++ * rename() and process exit while we were between open() and flock(). ++ */ ++ { ++ struct stat st1, st2; ++ if (fstat(fd, &st1) || stat(tmp_filename, &st2)) ++ { ++ perror ("stat of tmpfile failed"); ++ return 1; ++ } ++ if (st1.st_dev != st2.st_dev || st1.st_ino != st2.st_ino) ++ { ++ fprintf (stderr, "Another invocation won race\n"); ++ return 1; ++ } ++ } ++ + f = fdopen (fd, "w"); + if (!f) + { +@@ -200,23 +261,25 @@ int main(int argc, char *argv[]) + return 1; + } + +- ret = fsync (fileno (f)); ++ ret = ftruncate (fileno (f), GRUBENV_SIZE); + if (ret) + { +- perror ("Error syncing tmpfile"); ++ perror ("Error truncating tmpfile"); + unlink(tmp_filename); + return 1; + } + +- ret = fclose (f); ++ ret = fsync (fileno (f)); + if (ret) + { +- perror ("Error closing tmpfile"); ++ perror ("Error syncing tmpfile"); + unlink(tmp_filename); + return 1; + } + + /* ++ * We must not close the file before rename() as that would remove the lock. ++ * + * And finally rename the tmpfile with the new env over the old env, the + * linux kernel guarantees that this is atomic (from a syscall pov). + */ +-- +2.43.0 + diff --git a/SOURCES/0584-grub-set-bootflag-Exit-calmly-when-not-running-as-ro.patch b/SOURCES/0584-grub-set-bootflag-Exit-calmly-when-not-running-as-ro.patch new file mode 100644 index 0000000..3e13dfc --- /dev/null +++ b/SOURCES/0584-grub-set-bootflag-Exit-calmly-when-not-running-as-ro.patch @@ -0,0 +1,39 @@ +From a7192a650c1e94221a86b49f5132fb47a4dda6ea Mon Sep 17 00:00:00 2001 +From: Solar Designer +Date: Tue, 6 Feb 2024 22:05:45 +0100 +Subject: [PATCH 3/3] grub-set-bootflag: Exit calmly when not running as root + +Exit calmly when not installed SUID root and invoked by non-root. This +allows installing user/grub-boot-success.service unconditionally while +supporting non-SUID installation of the program for some limited usage. + +Signed-off-by: Solar Designer +--- + util/grub-set-bootflag.c | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +diff --git a/util/grub-set-bootflag.c b/util/grub-set-bootflag.c +index 698b55a1ab93..a51805fa8cec 100644 +--- a/util/grub-set-bootflag.c ++++ b/util/grub-set-bootflag.c +@@ -85,6 +85,17 @@ int main(int argc, char *argv[]) + bootflag = bootflags[i]; + len = strlen (bootflag); + ++ /* ++ * Exit calmly when not installed SUID root and invoked by non-root. This ++ * allows installing user/grub-boot-success.service unconditionally while ++ * supporting non-SUID installation of the program for some limited usage. ++ */ ++ if (geteuid()) ++ { ++ printf ("grub-set-bootflag not running as root, no action taken\n"); ++ return 0; ++ } ++ + /* + * setegid avoids the new grubenv's gid being that of the user. + */ +-- +2.43.0 + diff --git a/SOURCES/0585-fs-ntfs-Fix-an-OOB-write-when-parsing-the-ATTRIBUTE_.patch b/SOURCES/0585-fs-ntfs-Fix-an-OOB-write-when-parsing-the-ATTRIBUTE_.patch new file mode 100644 index 0000000..8234f67 --- /dev/null +++ b/SOURCES/0585-fs-ntfs-Fix-an-OOB-write-when-parsing-the-ATTRIBUTE_.patch @@ -0,0 +1,93 @@ +From 43651027d24e62a7a463254165e1e46e42aecdea Mon Sep 17 00:00:00 2001 +From: Maxim Suhanov +Date: Mon, 28 Aug 2023 16:31:57 +0300 +Subject: [PATCH 1/6] fs/ntfs: Fix an OOB write when parsing the + $ATTRIBUTE_LIST attribute for the $MFT file + +When parsing an extremely fragmented $MFT file, i.e., the file described +using the $ATTRIBUTE_LIST attribute, current NTFS code will reuse a buffer +containing bytes read from the underlying drive to store sector numbers, +which are consumed later to read data from these sectors into another buffer. + +These sectors numbers, two 32-bit integers, are always stored at predefined +offsets, 0x10 and 0x14, relative to first byte of the selected entry within +the $ATTRIBUTE_LIST attribute. Usually, this won't cause any problem. + +However, when parsing a specially-crafted file system image, this may cause +the NTFS code to write these integers beyond the buffer boundary, likely +causing the GRUB memory allocator to misbehave or fail. These integers contain +values which are controlled by on-disk structures of the NTFS file system. + +Such modification and resulting misbehavior may touch a memory range not +assigned to the GRUB and owned by firmware or another EFI application/driver. + +This fix introduces checks to ensure that these sector numbers are never +written beyond the boundary. + +Fixes: CVE-2023-4692 + +Reported-by: Maxim Suhanov +Signed-off-by: Maxim Suhanov +Reviewed-by: Daniel Kiper +--- + grub-core/fs/ntfs.c | 18 +++++++++++++++++- + 1 file changed, 17 insertions(+), 1 deletion(-) + +diff --git a/grub-core/fs/ntfs.c b/grub-core/fs/ntfs.c +index bbdbe24ada83..c3c4db117bba 100644 +--- a/grub-core/fs/ntfs.c ++++ b/grub-core/fs/ntfs.c +@@ -184,7 +184,7 @@ find_attr (struct grub_ntfs_attr *at, grub_uint8_t attr) + } + if (at->attr_end) + { +- grub_uint8_t *pa; ++ grub_uint8_t *pa, *pa_end; + + at->emft_buf = grub_malloc (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR); + if (at->emft_buf == NULL) +@@ -209,11 +209,13 @@ find_attr (struct grub_ntfs_attr *at, grub_uint8_t attr) + } + at->attr_nxt = at->edat_buf; + at->attr_end = at->edat_buf + u32at (pa, 0x30); ++ pa_end = at->edat_buf + n; + } + else + { + at->attr_nxt = at->attr_end + u16at (pa, 0x14); + at->attr_end = at->attr_end + u32at (pa, 4); ++ pa_end = at->mft->buf + (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR); + } + at->flags |= GRUB_NTFS_AF_ALST; + while (at->attr_nxt < at->attr_end) +@@ -230,6 +232,13 @@ find_attr (struct grub_ntfs_attr *at, grub_uint8_t attr) + at->flags |= GRUB_NTFS_AF_GPOS; + at->attr_cur = at->attr_nxt; + pa = at->attr_cur; ++ ++ if ((pa >= pa_end) || (pa_end - pa < 0x18)) ++ { ++ grub_error (GRUB_ERR_BAD_FS, "can\'t parse attribute list"); ++ return NULL; ++ } ++ + grub_set_unaligned32 ((char *) pa + 0x10, + grub_cpu_to_le32 (at->mft->data->mft_start)); + grub_set_unaligned32 ((char *) pa + 0x14, +@@ -240,6 +249,13 @@ find_attr (struct grub_ntfs_attr *at, grub_uint8_t attr) + { + if (*pa != attr) + break; ++ ++ if ((pa >= pa_end) || (pa_end - pa < 0x18)) ++ { ++ grub_error (GRUB_ERR_BAD_FS, "can\'t parse attribute list"); ++ return NULL; ++ } ++ + if (read_attr + (at, pa + 0x10, + u32at (pa, 0x10) * (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR), +-- +2.43.0 + diff --git a/SOURCES/0586-fs-ntfs-Fix-an-OOB-read-when-reading-data-from-the-r.patch b/SOURCES/0586-fs-ntfs-Fix-an-OOB-read-when-reading-data-from-the-r.patch new file mode 100644 index 0000000..a90e077 --- /dev/null +++ b/SOURCES/0586-fs-ntfs-Fix-an-OOB-read-when-reading-data-from-the-r.patch @@ -0,0 +1,58 @@ +From 0ed2458cc4eff6d9a9199527e2a0b6d445802f94 Mon Sep 17 00:00:00 2001 +From: Maxim Suhanov +Date: Mon, 28 Aug 2023 16:32:33 +0300 +Subject: [PATCH 2/6] fs/ntfs: Fix an OOB read when reading data from the + resident $DATA attribute + +When reading a file containing resident data, i.e., the file data is stored in +the $DATA attribute within the NTFS file record, not in external clusters, +there are no checks that this resident data actually fits the corresponding +file record segment. + +When parsing a specially-crafted file system image, the current NTFS code will +read the file data from an arbitrary, attacker-chosen memory offset and of +arbitrary, attacker-chosen length. + +This allows an attacker to display arbitrary chunks of memory, which could +contain sensitive information like password hashes or even plain-text, +obfuscated passwords from BS EFI variables. + +This fix implements a check to ensure that resident data is read from the +corresponding file record segment only. + +Fixes: CVE-2023-4693 + +Reported-by: Maxim Suhanov +Signed-off-by: Maxim Suhanov +Reviewed-by: Daniel Kiper +--- + grub-core/fs/ntfs.c | 13 ++++++++++++- + 1 file changed, 12 insertions(+), 1 deletion(-) + +diff --git a/grub-core/fs/ntfs.c b/grub-core/fs/ntfs.c +index c3c4db117bba..a68e173d8285 100644 +--- a/grub-core/fs/ntfs.c ++++ b/grub-core/fs/ntfs.c +@@ -401,7 +401,18 @@ read_data (struct grub_ntfs_attr *at, grub_uint8_t *pa, grub_uint8_t *dest, + { + if (ofs + len > u32at (pa, 0x10)) + return grub_error (GRUB_ERR_BAD_FS, "read out of range"); +- grub_memcpy (dest, pa + u32at (pa, 0x14) + ofs, len); ++ ++ if (u32at (pa, 0x10) > (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR)) ++ return grub_error (GRUB_ERR_BAD_FS, "resident attribute too large"); ++ ++ if (pa >= at->mft->buf + (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR)) ++ return grub_error (GRUB_ERR_BAD_FS, "resident attribute out of range"); ++ ++ if (u16at (pa, 0x14) + u32at (pa, 0x10) > ++ (grub_addr_t) at->mft->buf + (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR) - (grub_addr_t) pa) ++ return grub_error (GRUB_ERR_BAD_FS, "resident attribute out of range"); ++ ++ grub_memcpy (dest, pa + u16at (pa, 0x14) + ofs, len); + return 0; + } + +-- +2.43.0 + diff --git a/SOURCES/0587-fs-ntfs-Fix-an-OOB-read-when-parsing-directory-entri.patch b/SOURCES/0587-fs-ntfs-Fix-an-OOB-read-when-parsing-directory-entri.patch new file mode 100644 index 0000000..fb3eb31 --- /dev/null +++ b/SOURCES/0587-fs-ntfs-Fix-an-OOB-read-when-parsing-directory-entri.patch @@ -0,0 +1,73 @@ +From 7e5f031a6a6a3decc2360a7b0c71abbe598e7354 Mon Sep 17 00:00:00 2001 +From: Maxim Suhanov +Date: Mon, 28 Aug 2023 16:33:17 +0300 +Subject: [PATCH 3/6] fs/ntfs: Fix an OOB read when parsing directory entries + from resident and non-resident index attributes + +This fix introduces checks to ensure that index entries are never read +beyond the corresponding directory index. + +The lack of this check is a minor issue, likely not exploitable in any way. + +Reported-by: Maxim Suhanov +Signed-off-by: Maxim Suhanov +Reviewed-by: Daniel Kiper +--- + grub-core/fs/ntfs.c | 13 +++++++++++-- + 1 file changed, 11 insertions(+), 2 deletions(-) + +diff --git a/grub-core/fs/ntfs.c b/grub-core/fs/ntfs.c +index a68e173d8285..2d78b96e19fb 100644 +--- a/grub-core/fs/ntfs.c ++++ b/grub-core/fs/ntfs.c +@@ -599,7 +599,7 @@ get_utf8 (grub_uint8_t *in, grub_size_t len) + } + + static int +-list_file (struct grub_ntfs_file *diro, grub_uint8_t *pos, ++list_file (struct grub_ntfs_file *diro, grub_uint8_t *pos, grub_uint8_t *end_pos, + grub_fshelp_iterate_dir_hook_t hook, void *hook_data) + { + grub_uint8_t *np; +@@ -610,6 +610,9 @@ list_file (struct grub_ntfs_file *diro, grub_uint8_t *pos, + grub_uint8_t namespace; + char *ustr; + ++ if ((pos >= end_pos) || (end_pos - pos < 0x52)) ++ break; ++ + if (pos[0xC] & 2) /* end signature */ + break; + +@@ -617,6 +620,9 @@ list_file (struct grub_ntfs_file *diro, grub_uint8_t *pos, + ns = *(np++); + namespace = *(np++); + ++ if (2 * ns > end_pos - pos - 0x52) ++ break; ++ + /* + * Ignore files in DOS namespace, as they will reappear as Win32 + * names. +@@ -806,7 +812,9 @@ grub_ntfs_iterate_dir (grub_fshelp_node_t dir, + } + + cur_pos += 0x10; /* Skip index root */ +- ret = list_file (mft, cur_pos + u16at (cur_pos, 0), hook, hook_data); ++ ret = list_file (mft, cur_pos + u16at (cur_pos, 0), ++ at->mft->buf + (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR), ++ hook, hook_data); + if (ret) + goto done; + +@@ -893,6 +901,7 @@ grub_ntfs_iterate_dir (grub_fshelp_node_t dir, + (const grub_uint8_t *) "INDX"))) + goto done; + ret = list_file (mft, &indx[0x18 + u16at (indx, 0x18)], ++ indx + (mft->data->idx_size << GRUB_NTFS_BLK_SHR), + hook, hook_data); + if (ret) + goto done; +-- +2.43.0 + diff --git a/SOURCES/0588-fs-ntfs-Fix-an-OOB-read-when-parsing-bitmaps-for-ind.patch b/SOURCES/0588-fs-ntfs-Fix-an-OOB-read-when-parsing-bitmaps-for-ind.patch new file mode 100644 index 0000000..c121cf3 --- /dev/null +++ b/SOURCES/0588-fs-ntfs-Fix-an-OOB-read-when-parsing-bitmaps-for-ind.patch @@ -0,0 +1,51 @@ +From 7a5a116739fa6d8a625da7d6b9272c9a2462f967 Mon Sep 17 00:00:00 2001 +From: Maxim Suhanov +Date: Mon, 28 Aug 2023 16:33:44 +0300 +Subject: [PATCH 4/6] fs/ntfs: Fix an OOB read when parsing bitmaps for index + attributes + +This fix introduces checks to ensure that bitmaps for directory indices +are never read beyond their actual sizes. + +The lack of this check is a minor issue, likely not exploitable in any way. + +Reported-by: Maxim Suhanov +Signed-off-by: Maxim Suhanov +Reviewed-by: Daniel Kiper +--- + grub-core/fs/ntfs.c | 19 +++++++++++++++++++ + 1 file changed, 19 insertions(+) + +diff --git a/grub-core/fs/ntfs.c b/grub-core/fs/ntfs.c +index 2d78b96e19fb..bb70c89fb803 100644 +--- a/grub-core/fs/ntfs.c ++++ b/grub-core/fs/ntfs.c +@@ -843,6 +843,25 @@ grub_ntfs_iterate_dir (grub_fshelp_node_t dir, + + if (is_resident) + { ++ if (bitmap_len > (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR)) ++ { ++ grub_error (GRUB_ERR_BAD_FS, "resident bitmap too large"); ++ goto done; ++ } ++ ++ if (cur_pos >= at->mft->buf + (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR)) ++ { ++ grub_error (GRUB_ERR_BAD_FS, "resident bitmap out of range"); ++ goto done; ++ } ++ ++ if (u16at (cur_pos, 0x14) + u32at (cur_pos, 0x10) > ++ (grub_addr_t) at->mft->buf + (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR) - (grub_addr_t) cur_pos) ++ { ++ grub_error (GRUB_ERR_BAD_FS, "resident bitmap out of range"); ++ goto done; ++ } ++ + grub_memcpy (bmp, cur_pos + u16at (cur_pos, 0x14), + bitmap_len); + } +-- +2.43.0 + diff --git a/SOURCES/0589-fs-ntfs-Fix-an-OOB-read-when-parsing-a-volume-label.patch b/SOURCES/0589-fs-ntfs-Fix-an-OOB-read-when-parsing-a-volume-label.patch new file mode 100644 index 0000000..efeb21d --- /dev/null +++ b/SOURCES/0589-fs-ntfs-Fix-an-OOB-read-when-parsing-a-volume-label.patch @@ -0,0 +1,61 @@ +From 1fe82c41e070385e273d7bb1cfb482627a3c28e8 Mon Sep 17 00:00:00 2001 +From: Maxim Suhanov +Date: Mon, 28 Aug 2023 16:38:19 +0300 +Subject: [PATCH 5/6] fs/ntfs: Fix an OOB read when parsing a volume label + +This fix introduces checks to ensure that an NTFS volume label is always +read from the corresponding file record segment. + +The current NTFS code allows the volume label string to be read from an +arbitrary, attacker-chosen memory location. However, the bytes read are +always treated as UTF-16LE. So, the final string displayed is mostly +unreadable and it can't be easily converted back to raw bytes. + +The lack of this check is a minor issue, likely not causing a significant +data leak. + +Reported-by: Maxim Suhanov +Signed-off-by: Maxim Suhanov +Reviewed-by: Daniel Kiper +--- + grub-core/fs/ntfs.c | 18 +++++++++++++++++- + 1 file changed, 17 insertions(+), 1 deletion(-) + +diff --git a/grub-core/fs/ntfs.c b/grub-core/fs/ntfs.c +index bb70c89fb803..ff5e3740f0dd 100644 +--- a/grub-core/fs/ntfs.c ++++ b/grub-core/fs/ntfs.c +@@ -1213,13 +1213,29 @@ grub_ntfs_label (grub_device_t device, char **label) + + init_attr (&mft->attr, mft); + pa = find_attr (&mft->attr, GRUB_NTFS_AT_VOLUME_NAME); ++ ++ if (pa >= mft->buf + (mft->data->mft_size << GRUB_NTFS_BLK_SHR)) ++ { ++ grub_error (GRUB_ERR_BAD_FS, "can\'t parse volume label"); ++ goto fail; ++ } ++ ++ if (mft->buf + (mft->data->mft_size << GRUB_NTFS_BLK_SHR) - pa < 0x16) ++ { ++ grub_error (GRUB_ERR_BAD_FS, "can\'t parse volume label"); ++ goto fail; ++ } ++ + if ((pa) && (pa[8] == 0) && (u32at (pa, 0x10))) + { + int len; + + len = u32at (pa, 0x10) / 2; + pa += u16at (pa, 0x14); +- *label = get_utf8 (pa, len); ++ if (mft->buf + (mft->data->mft_size << GRUB_NTFS_BLK_SHR) - pa >= 2 * len) ++ *label = get_utf8 (pa, len); ++ else ++ grub_error (GRUB_ERR_BAD_FS, "can\'t parse volume label"); + } + + fail: +-- +2.43.0 + diff --git a/SOURCES/0590-fs-ntfs-Make-code-more-readable.patch b/SOURCES/0590-fs-ntfs-Make-code-more-readable.patch new file mode 100644 index 0000000..2f00384 --- /dev/null +++ b/SOURCES/0590-fs-ntfs-Make-code-more-readable.patch @@ -0,0 +1,159 @@ +From e58b870ff926415e23fc386af41ff81b2f588763 Mon Sep 17 00:00:00 2001 +From: Maxim Suhanov +Date: Mon, 28 Aug 2023 16:40:07 +0300 +Subject: [PATCH 6/6] fs/ntfs: Make code more readable + +Move some calls used to access NTFS attribute header fields into +functions with human-readable names. + +Suggested-by: Daniel Kiper +Signed-off-by: Maxim Suhanov +Reviewed-by: Daniel Kiper +--- + grub-core/fs/ntfs.c | 48 +++++++++++++++++++++++++++++++-------------- + 1 file changed, 33 insertions(+), 15 deletions(-) + +diff --git a/grub-core/fs/ntfs.c b/grub-core/fs/ntfs.c +index ff5e3740f0dd..de435aa14d85 100644 +--- a/grub-core/fs/ntfs.c ++++ b/grub-core/fs/ntfs.c +@@ -52,6 +52,24 @@ u64at (void *ptr, grub_size_t ofs) + return grub_le_to_cpu64 (grub_get_unaligned64 ((char *) ptr + ofs)); + } + ++static grub_uint16_t ++first_attr_off (void *mft_buf_ptr) ++{ ++ return u16at (mft_buf_ptr, 0x14); ++} ++ ++static grub_uint16_t ++res_attr_data_off (void *res_attr_ptr) ++{ ++ return u16at (res_attr_ptr, 0x14); ++} ++ ++static grub_uint32_t ++res_attr_data_len (void *res_attr_ptr) ++{ ++ return u32at (res_attr_ptr, 0x10); ++} ++ + grub_ntfscomp_func_t grub_ntfscomp_func; + + static grub_err_t +@@ -106,7 +124,7 @@ init_attr (struct grub_ntfs_attr *at, struct grub_ntfs_file *mft) + { + at->mft = mft; + at->flags = (mft == &mft->data->mmft) ? GRUB_NTFS_AF_MMFT : 0; +- at->attr_nxt = mft->buf + u16at (mft->buf, 0x14); ++ at->attr_nxt = mft->buf + first_attr_off (mft->buf); + at->attr_end = at->emft_buf = at->edat_buf = at->sbuf = NULL; + } + +@@ -154,7 +172,7 @@ find_attr (struct grub_ntfs_attr *at, grub_uint8_t attr) + return NULL; + } + +- new_pos = &at->emft_buf[u16at (at->emft_buf, 0x14)]; ++ new_pos = &at->emft_buf[first_attr_off (at->emft_buf)]; + while (*new_pos != 0xFF) + { + if ((*new_pos == *at->attr_cur) +@@ -213,7 +231,7 @@ find_attr (struct grub_ntfs_attr *at, grub_uint8_t attr) + } + else + { +- at->attr_nxt = at->attr_end + u16at (pa, 0x14); ++ at->attr_nxt = at->attr_end + res_attr_data_off (pa); + at->attr_end = at->attr_end + u32at (pa, 4); + pa_end = at->mft->buf + (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR); + } +@@ -399,20 +417,20 @@ read_data (struct grub_ntfs_attr *at, grub_uint8_t *pa, grub_uint8_t *dest, + + if (pa[8] == 0) + { +- if (ofs + len > u32at (pa, 0x10)) ++ if (ofs + len > res_attr_data_len (pa)) + return grub_error (GRUB_ERR_BAD_FS, "read out of range"); + +- if (u32at (pa, 0x10) > (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR)) ++ if (res_attr_data_len (pa) > (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR)) + return grub_error (GRUB_ERR_BAD_FS, "resident attribute too large"); + + if (pa >= at->mft->buf + (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR)) + return grub_error (GRUB_ERR_BAD_FS, "resident attribute out of range"); + +- if (u16at (pa, 0x14) + u32at (pa, 0x10) > ++ if (res_attr_data_off (pa) + res_attr_data_len (pa) > + (grub_addr_t) at->mft->buf + (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR) - (grub_addr_t) pa) + return grub_error (GRUB_ERR_BAD_FS, "resident attribute out of range"); + +- grub_memcpy (dest, pa + u16at (pa, 0x14) + ofs, len); ++ grub_memcpy (dest, pa + res_attr_data_off (pa) + ofs, len); + return 0; + } + +@@ -556,7 +574,7 @@ init_file (struct grub_ntfs_file *mft, grub_uint64_t mftno) + (unsigned long long) mftno); + + if (!pa[8]) +- mft->size = u32at (pa, 0x10); ++ mft->size = res_attr_data_len (pa); + else + mft->size = u64at (pa, 0x30); + +@@ -805,7 +823,7 @@ grub_ntfs_iterate_dir (grub_fshelp_node_t dir, + (u32at (cur_pos, 0x18) != 0x490024) || + (u32at (cur_pos, 0x1C) != 0x300033)) + continue; +- cur_pos += u16at (cur_pos, 0x14); ++ cur_pos += res_attr_data_off (cur_pos); + if (*cur_pos != 0x30) /* Not filename index */ + continue; + break; +@@ -834,7 +852,7 @@ grub_ntfs_iterate_dir (grub_fshelp_node_t dir, + { + int is_resident = (cur_pos[8] == 0); + +- bitmap_len = ((is_resident) ? u32at (cur_pos, 0x10) : ++ bitmap_len = ((is_resident) ? res_attr_data_len (cur_pos) : + u32at (cur_pos, 0x28)); + + bmp = grub_malloc (bitmap_len); +@@ -855,14 +873,14 @@ grub_ntfs_iterate_dir (grub_fshelp_node_t dir, + goto done; + } + +- if (u16at (cur_pos, 0x14) + u32at (cur_pos, 0x10) > ++ if (res_attr_data_off (cur_pos) + res_attr_data_len (cur_pos) > + (grub_addr_t) at->mft->buf + (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR) - (grub_addr_t) cur_pos) + { + grub_error (GRUB_ERR_BAD_FS, "resident bitmap out of range"); + goto done; + } + +- grub_memcpy (bmp, cur_pos + u16at (cur_pos, 0x14), ++ grub_memcpy (bmp, cur_pos + res_attr_data_off (cur_pos), + bitmap_len); + } + else +@@ -1226,12 +1244,12 @@ grub_ntfs_label (grub_device_t device, char **label) + goto fail; + } + +- if ((pa) && (pa[8] == 0) && (u32at (pa, 0x10))) ++ if ((pa) && (pa[8] == 0) && (res_attr_data_len (pa))) + { + int len; + +- len = u32at (pa, 0x10) / 2; +- pa += u16at (pa, 0x14); ++ len = res_attr_data_len (pa) / 2; ++ pa += res_attr_data_off (pa); + if (mft->buf + (mft->data->mft_size << GRUB_NTFS_BLK_SHR) - pa >= 2 * len) + *label = get_utf8 (pa, len); + else +-- +2.43.0 + diff --git a/SOURCES/20-grub.install b/SOURCES/20-grub.install new file mode 100755 index 0000000..dd2018a --- /dev/null +++ b/SOURCES/20-grub.install @@ -0,0 +1,181 @@ +#!/bin/bash + +if ! [[ $KERNEL_INSTALL_MACHINE_ID ]]; then + exit 0 +fi + +[[ -f /etc/default/grub ]] && . /etc/default/grub +[[ -f /etc/os-release ]] && . /etc/os-release + +COMMAND="$1" +KERNEL_VERSION="$2" +BOOT_DIR_ABS="$3" +KERNEL_IMAGE="$4" + +KERNEL_DIR="${KERNEL_IMAGE%/*}" + +MACHINE_ID=$KERNEL_INSTALL_MACHINE_ID + +# Remove it, since for grub2 the images are always installed in /boot +rm -rf "${BOOT_DIR_ABS%/*}" + +BLS_DIR="/boot/loader/entries" + +mkbls() { + local kernelver=$1 && shift + local datetime=$1 && shift + + local debugname="" + local debugid="" + local flavor="" + + if [[ "$kernelver" == *\+* ]] ; then + local flavor=-"${kernelver##*+}" + if [[ "${flavor}" == "-debug" ]]; then + local debugname=" with debugging" + local debugid="-debug" + fi + fi + + cat </dev/null && \ + restorecon -R "/boot/${i##*/}-${KERNEL_VERSION}" + done + # hmac is .vmlinuz-.hmac so needs a special treatment + i="$KERNEL_DIR/.${KERNEL_IMAGE##*/}.hmac" + if [[ -e "$i" ]]; then + rm -f "/boot/.${KERNEL_IMAGE##*/}-${KERNEL_VERSION}.hmac" + cp -a "$i" "/boot/.${KERNEL_IMAGE##*/}-${KERNEL_VERSION}.hmac" + command -v restorecon &>/dev/null && \ + restorecon "/boot/.${KERNEL_IMAGE##*/}-${KERNEL_VERSION}.hmac" + fi + # symvers is symvers-.gz symlink, needs a special treatment + i="$KERNEL_DIR/symvers.gz" + if [[ -e "$i" ]]; then + rm -f "/boot/symvers-${KERNEL_VERSION}.gz" + ln -s "$i" "/boot/symvers-${KERNEL_VERSION}.gz" + command -v restorecon &>/dev/null && \ + restorecon "/boot/symvers-${KERNEL_VERSION}.gz" + fi + fi + + if [[ "x${GRUB_ENABLE_BLSCFG}" = "xtrue" ]] || [[ ! -f /sbin/new-kernel-pkg ]]; then + eval "$(grub2-get-kernel-settings)" || true + [[ -d "$BLS_DIR" ]] || mkdir -m 0700 -p "$BLS_DIR" + BLS_ID="${MACHINE_ID}-${KERNEL_VERSION}" + BLS_TARGET="${BLS_DIR}/${BLS_ID}.conf" + if [[ -f "${KERNEL_DIR}/bls.conf" ]]; then + cp -aT "${KERNEL_DIR}/bls.conf" "${BLS_TARGET}" || exit $? + else + mkbls "${KERNEL_VERSION}" \ + "$(date -u +%Y%m%d%H%M%S -d "$(stat -c '%y' "${KERNEL_DIR}")")" \ + >"${BLS_TARGET}" + fi + + LINUX="$(grep '^linux[ \t]' "${BLS_TARGET}" | sed -e 's,^linux[ \t]*,,')" + INITRD="$(grep '^initrd[ \t]' "${BLS_TARGET}" | sed -e 's,^initrd[ \t]*,,')" + LINUX_RELPATH="$(grub2-mkrelpath /boot${LINUX})" + BOOTPREFIX="$(dirname ${LINUX_RELPATH})" + ROOTPREFIX="$(dirname "/boot${LINUX}")" + + if [[ $LINUX != $LINUX_RELPATH ]]; then + sed -i -e "s,^linux.*,linux ${BOOTPREFIX}${LINUX},g" "${BLS_TARGET}" + sed -i -e "s,^initrd.*,initrd ${BOOTPREFIX}${INITRD},g" "${BLS_TARGET}" + fi + + if ( [[ "$KERNEL_VERSION" != *${GRUB_DEFAULT_KERNEL_TYPE}* ]] && \ + [ "x$GRUB_NON_STANDARD_KERNEL" == "xtrue" ] ) || \ + ( echo "$KERNEL_VERSION" | grep -E -q "64k|auto|rt|uki" && \ + [ "x$GRUB_NON_STANDARD_KERNEL" != "xtrue" ] ) || \ + ( [[ "$KERNEL_VERSION" == *debug* ]] && [ "x$GRUB_DEFAULT_TO_DEBUG" != "xtrue" ] ); then + GRUB_UPDATE_DEFAULT_KERNEL=false + fi + + if [ "x$GRUB_UPDATE_DEFAULT_KERNEL" = "xtrue" ]; then + NEWDEFAULT="${BLS_ID}" + fi + + if [ "x$GRUB_LINUX_MAKE_DEBUG" = "xtrue" ]; then + ARCH="$(uname -m)" + BLS_DEBUG_ID="$(echo ${BLS_ID} | sed -e "s/${KERNEL_VERSION}/${KERNEL_VERSION}~debug/")" + BLS_DEBUG="$(echo ${BLS_TARGET} | sed -e "s/${KERNEL_VERSION}/${KERNEL_VERSION}~debug/")" + cp -aT "${BLS_TARGET}" "${BLS_DEBUG}" + TITLE="$(grep '^title[ \t]' "${BLS_DEBUG}" | sed -e 's/^title[ \t]*//')" + sed -i -e "s/^title.*/title ${TITLE}${GRUB_LINUX_DEBUG_TITLE_POSTFIX}/" "${BLS_DEBUG}" + sed -i -e "s/^id.*/id ${BLS_DEBUG_ID}/" "${BLS_DEBUG}" + sed -i -e "s/^options.*/options \$kernelopts ${GRUB_CMDLINE_LINUX_DEBUG}/" "${BLS_DEBUG}" + if [ -n "$NEWDEFAULT" -a "x$GRUB_DEFAULT_TO_DEBUG" = "xtrue" ]; then + NEWDEFAULT="${BLS_DEBUG_ID}" + fi + fi + if [ -n "$NEWDEFAULT" ]; then + grub2-editenv - set "saved_entry=${NEWDEFAULT}" + fi + + # this probably isn't the best place to do this, but it will do for now. + if [ -e "${ROOTPREFIX}${INITRD}" -a -e "${ROOTPREFIX}${LINUX}" -a \ + "${ROOTPREFIX}${INITRD}" -ot "${ROOTPREFIX}${LINUX}" -a \ + -x /usr/lib/kernel/install.d/50-dracut.install ]; then + rm -f "${ROOTPREFIX}${INITRD}" + fi + exit 0 + fi + + /sbin/new-kernel-pkg --package "kernel${flavor}" --install "$KERNEL_VERSION" || exit $? + /sbin/new-kernel-pkg --package "kernel${flavor}" --mkinitrd --dracut --depmod --update "$KERNEL_VERSION" || exit $? + /sbin/new-kernel-pkg --package "kernel${flavor}" --rpmposttrans "$KERNEL_VERSION" || exit $? + # If grubby is used there's no need to run other installation plugins + exit 77 + ;; + remove) + + if [[ "x${GRUB_ENABLE_BLSCFG}" = "xtrue" ]] || [[ ! -f /sbin/new-kernel-pkg ]]; then + ARCH="$(uname -m)" + BLS_TARGET="${BLS_DIR}/${MACHINE_ID}-${KERNEL_VERSION}.conf" + BLS_DEBUG="$(echo ${BLS_TARGET} | sed -e "s/${KERNEL_VERSION}/${KERNEL_VERSION}~debug/")" + rm -f "${BLS_TARGET}" "${BLS_DEBUG}" + + for i in vmlinuz System.map config zImage.stub dtb; do + rm -rf "/boot/${i}-${KERNEL_VERSION}" + done + # hmac is .vmlinuz-.hmac so needs a special treatment + rm -f "/boot/.vmlinuz-${KERNEL_VERSION}.hmac" + # symvers is symvers-.gz symlink, needs a special treatment + rm -f "/boot/symvers-${KERNEL_VERSION}.gz" + + exit 0 + fi + + /sbin/new-kernel-pkg --package "kernel${flavor+-$flavor}" --rminitrd --rmmoddep --remove "$KERNEL_VERSION" || exit $? + # If grubby is used there's no need to run other installation plugins + exit 77 + ;; + *) + ;; +esac diff --git a/SOURCES/99-grub-mkconfig.install b/SOURCES/99-grub-mkconfig.install new file mode 100644 index 0000000..b14fc82 --- /dev/null +++ b/SOURCES/99-grub-mkconfig.install @@ -0,0 +1,25 @@ +#!/bin/bash + +if ! [[ $KERNEL_INSTALL_MACHINE_ID ]]; then + exit 0 +fi + +ARCH=$(uname -m) + +[[ -f /etc/default/grub ]] && . /etc/default/grub + +# Can't assume a BLS capable bootloader on ppc64 +if [[ x$GRUB_ENABLE_BLSCFG != xfalse && + $ARCH != "ppc64" && $ARCH != "ppc64le" ]]; then + exit 0 +fi + +COMMAND="$1" + +case "$COMMAND" in + add|remove) + grub2-mkconfig --no-grubenv-update -o /boot/grub2/grub.cfg >& /dev/null + ;; + *) + ;; +esac diff --git a/SOURCES/gitignore b/SOURCES/gitignore new file mode 100644 index 0000000..eca17be --- /dev/null +++ b/SOURCES/gitignore @@ -0,0 +1,249 @@ +00_header +10_* +20_linux_xen +30_os-prober +40_custom +41_custom +*.1 +*.8 +aclocal.m4 +ahci_test +ascii.bitmaps +ascii.h +autom4te.cache +build-grub-gen-asciih +build-grub-gen-widthspec +build-grub-mkfont +cdboot_test +cmp_test +config.cache +config.guess +config.h +config-util.h +config-util.h.in +config.log +config.status +config.sub +configure +core_compress_test +DISTLIST +docs/*.info +docs/stamp-vti +docs/version.texi +ehci_test +example_grub_script_test +example_scripted_test +example_unit_test +*.exec +*.exec.exe +fddboot_test +genkernsyms.sh +gensymlist.sh +gentrigtables +gentrigtables.exe +gettext_strings_test +grub-bin2h +/grub-bios-setup +/grub-bios-setup.exe +grub_cmd_date +grub_cmd_echo +grub_cmd_regexp +grub_cmd_set_date +grub_cmd_sleep +/grub-editenv +/grub-editenv.exe +grub-emu +grub-emu-lite +grub-emu.exe +grub-emu-lite.exe +grub_emu_init.c +grub_emu_init.h +/grub-file +/grub-file.exe +grub-fstest +grub-fstest.exe +grub_fstest_init.c +grub_fstest_init.h +grub_func_test +grub-install +grub-install.exe +grub-kbdcomp +/grub-macbless +/grub-macbless.exe +grub-macho2img +/grub-menulst2cfg +/grub-menulst2cfg.exe +/grub-mk* +grub-mount +/grub-ofpathname +/grub-ofpathname.exe +grub-core/build-grub-pe2elf.exe +/grub-probe +/grub-probe.exe +grub_probe_init.c +grub_probe_init.h +/grub-reboot +grub_script_blanklines +grub_script_blockarg +grub_script_break +grub-script-check +grub-script-check.exe +grub_script_check_init.c +grub_script_check_init.h +grub_script_comments +grub_script_continue +grub_script_dollar +grub_script_echo1 +grub_script_echo_keywords +grub_script_escape_comma +grub_script_eval +grub_script_expansion +grub_script_final_semicolon +grub_script_for1 +grub_script_functions +grub_script_gettext +grub_script_if +grub_script_leading_whitespace +grub_script_no_commands +grub_script_not +grub_script_return +grub_script_setparams +grub_script_shift +grub_script_strcmp +grub_script_test +grub_script_vars1 +grub_script_while1 +grub_script.tab.c +grub_script.tab.h +grub_script.yy.c +grub_script.yy.h +grub-set-default +grub_setup_init.c +grub_setup_init.h +grub-shell +grub-shell-tester +grub-sparc64-setup +grub-sparc64-setup.exe +/grub-syslinux2cfg +/grub-syslinux2cfg.exe +gzcompress_test +hddboot_test +help_test +*.img +*.image +*.image.exe +include/grub/cpu +include/grub/machine +install-sh +lib/libgcrypt-grub +libgrub_a_init.c +*.log +*.lst +lzocompress_test +*.marker +Makefile +*.mod +mod-*.c +missing +netboot_test +*.o +*.a +ohci_test +partmap_test +pata_test +*.pf2 +*.pp +po/*.mo +po/grub.pot +po/POTFILES +po/stamp-po +printf_test +priority_queue_unit_test +pseries_test +stamp-h +stamp-h1 +stamp-h.in +symlist.c +symlist.h +trigtables.c +*.trs +uhci_test +update-grub_lib +unidata.c +xzcompress_test +Makefile.in +GPATH +GRTAGS +GSYMS +GTAGS +compile +depcomp +mdate-sh +texinfo.tex +grub-core/lib/libgcrypt-grub +.deps +.deps-util +.deps-core +.dirstamp +Makefile.util.am +contrib +grub-core/bootinfo.txt +grub-core/Makefile.core.am +grub-core/Makefile.gcry.def +grub-core/contrib +grub-core/gdb_grub +grub-core/genmod.sh +grub-core/gensyminfo.sh +grub-core/gmodule.pl +grub-core/grub.chrp +grub-core/modinfo.sh +grub-core/*.module +grub-core/*.module.exe +grub-core/*.pp +grub-core/kernel.img.bin +util/bash-completion.d/grub +grub-core/gnulib/alloca.h +grub-core/gnulib/arg-nonnull.h +grub-core/gnulib/c++defs.h +grub-core/gnulib/charset.alias +grub-core/gnulib/configmake.h +grub-core/gnulib/float.h +grub-core/gnulib/getopt.h +grub-core/gnulib/langinfo.h +grub-core/gnulib/ref-add.sed +grub-core/gnulib/ref-del.sed +grub-core/gnulib/stdio.h +grub-core/gnulib/stdlib.h +grub-core/gnulib/string.h +grub-core/gnulib/strings.h +grub-core/gnulib/sys +grub-core/gnulib/unistd.h +grub-core/gnulib/warn-on-use.h +grub-core/gnulib/wchar.h +grub-core/gnulib/wctype.h +grub-core/rs_decoder.h +widthspec.bin +widthspec.h +docs/stamp-1 +docs/version-dev.texi +Makefile.utilgcry.def +po/*.po +po/*.gmo +po/LINGUAS +po/remove-potcdate.sed +include/grub/gcrypt/gcrypt.h +include/grub/gcrypt/g10lib.h +po/POTFILES.in +po/POTFILES-shell.in +/grub-glue-efi +/grub-render-label +/grub-glue-efi.exe +/grub-render-label.exe +grub-core/gnulib/locale.h +grub-core/gnulib/unitypes.h +grub-core/gnulib/uniwidth.h +build-aux/test-driver +/garbage-gen +/garbage-gen.exe +/grub-fs-tester +grub-core/build-grub-module-verifier diff --git a/SOURCES/grub.macros b/SOURCES/grub.macros new file mode 100644 index 0000000..c9ed442 --- /dev/null +++ b/SOURCES/grub.macros @@ -0,0 +1,649 @@ +# vim:filetype=spec +# Modules always contain just 32-bit code +%global _libdir %{_exec_prefix}/lib +%global _binaries_in_noarch_packages_terminate_build 0 +#%%undefine _missing_build_ids_terminate_build +%{expand:%%{!?buildsubdir:%%global buildsubdir grub-%{tarversion}}} +%{expand:%%{!?_licensedir:%%global license %%%%doc}} + +%global _configure ../configure + +%if %{?_with_ccache: 1}%{?!_with_ccache: 0} +%global cc_equals CC=/usr/%{_lib}/ccache/gcc +%else +%global cc_equals %{nil} +%endif + +%global cflags_sed \\\ + sed \\\ + -e 's/-O. //g' \\\ + -e 's/-fplugin=annobin //g' \\\ + -e 's,-specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 ,,g' \\\ + -e 's/-fstack-protector[[:alpha:]-]\\+//g' \\\ + -e 's/-Wp,-D_FORTIFY_SOURCE=[[:digit:]]\\+//g' \\\ + -e 's/--param=ssp-buffer-size=4//g' \\\ + -e 's/-mregparm=3/-mregparm=4/g' \\\ + -e 's/-fexceptions//g' \\\ + -e 's/-fasynchronous-unwind-tables//g' \\\ + -e 's/^/ -fno-strict-aliasing /' \\\ + %{nil} + + +%global host_cflags %{expand:%%(echo %{build_cflags} %{?_hardening_cflags} | %{cflags_sed})} +%global legacy_host_cflags \\\ + %{expand:%%(echo %{host_cflags} | \\\ + %{cflags_sed} \\\ + -e 's/-m64//g' \\\ + -e 's/-mcpu=power[[:alnum:]]\\+/-mcpu=power6/g' \\\ + )} +%global efi_host_cflags %{expand:%%(echo %{host_cflags})} + +%global target_cflags %{expand:%%(echo %{build_cflags} | %{cflags_sed})} +%global legacy_target_cflags \\\ + %{expand:%%(echo %{target_cflags} | \\\ + %{cflags_sed} \\\ + -e 's/-m64//g' \\\ + -e 's/-mcpu=power[[:alnum:]]\\+/-mcpu=power6/g' \\\ + )} +%global efi_target_cflags %{expand:%%(echo %{target_cflags})} + +%global ldflags_sed \\\ + sed \\\ + -e 's/^$//' \\\ + %{nil} + +%global host_ldflags %{expand:%%(echo %{build_ldflags} %{?_hardening_ldflags} | %{ldflags_sed})} +%global legacy_host_ldflags \\\ + %{expand:%%(echo %{host_ldflags} | \\\ + %{ldflags_sed} \\\ + )} +%global efi_host_ldflags %{expand:%%(echo %{host_ldflags})} + +%global target_ldflags %{expand:%%(echo %{build_ldflags} -static | %{ldflags_sed})} +%global legacy_target_ldflags \\\ + %{expand:%%(echo %{target_ldflags} | \\\ + %{ldflags_sed} \\\ + )} +%global efi_target_ldflags %{expand:%%(echo %{target_ldflags})} + +%global with_efi_arch 0 +%global with_alt_efi_arch 0 +%global with_legacy_arch 0 +%global grubefiarch %{nil} +%global grublegacyarch %{nil} +%global grubelfname %{nil} + +# sparc is always compiled 64 bit +%ifarch %{sparc} +%global target_cpu_name sparc64 +%global _target_platform %{target_cpu_name}-%{_vendor}-%{_target_os}%{?_gnu} +%global legacy_target_cpu_name %{_arch} +%global legacy_package_arch ieee1275 +%global platform ieee1275 +%endif +# ppc is always compiled 64 bit +%ifarch ppc ppc64 ppc64le +%global target_cpu_name %{_arch} +%global legacy_target_cpu_name powerpc +%global legacy_package_arch %{_arch} +%global legacy_grub_dir powerpc-ieee1275 +%global _target_platform %{target_cpu_name}-%{_vendor}-%{_target_os}%{?_gnu} +%global platform ieee1275 +%endif + + +%global efi_only aarch64 %{arm} +%global efi_arch x86_64 ia64 %{efi_only} +%ifarch %{efi_arch} +%global with_efi_arch 1 +%else +%global with_efi_arch 0 +%endif +%ifarch %{efi_only} +%global with_efi_only 1 +%else +%global with_efi_only 0 +%endif +%{!?with_efi_arch:%global without_efi_arch 0} +%{?with_efi_arch:%global without_efi_arch 1} +%{!?with_efi_only:%global without_efi_only 0} +%{?with_efi_only:%global without_efi_only 1} + + +%ifarch %{efi_arch} +%global efi_modules " efi_netfs efifwsetup efinet lsefi lsefimmap connectefi " +%endif + +%ifarch x86_64 %{ix86} +%global platform_modules " backtrace chain usb usbserial_common usbserial_pl2303 usbserial_ftdi usbserial_usbdebug keylayouts at_keyboard " +%endif + +%ifarch ppc64le +%global platform_modules " appendedsig " +%endif + +%ifarch aarch64 %{arm} +%global platform_modules " " +%endif + + +%ifarch aarch64 %{arm} +%global legacy_provides -l +%endif + +%ifarch %{ix86} +%global efiarch ia32 +%global target_cpu_name i386 +%global grub_target_name i386-efi +%global package_arch efi-ia32 + +%global legacy_target_cpu_name i386 +%global legacy_package_arch pc +%global platform pc +%endif + +%ifarch x86_64 +%global efiarch x64 +%global target_cpu_name %{_arch} +%global grub_target_name %{_arch}-efi +%global package_arch efi-x64 + +%global legacy_target_cpu_name i386 +%global legacy_package_arch pc +%global platform pc + +%global alt_efi_arch ia32 +%global alt_target_cpu_name i386 +%global alt_grub_target_name i386-efi +%global alt_platform efi +%global alt_package_arch efi-ia32 + +%global alt_efi_host_cflags %{expand:%%(echo %{efi_host_cflags})} +%global alt_efi_target_cflags \\\ + %{expand:%%(echo %{target_cflags} | \\\ + %{cflags_sed} \\\ + -e 's/-m64//g' \\\ + )} +%endif + +%ifarch aarch64 +%global efiarch aa64 +%global target_cpu_name aarch64 +%global grub_target_name arm64-efi +%global package_arch efi-aa64 +%endif + +%ifarch %{arm} +%global efiarch arm +%global target_cpu_name arm +%global grub_target_name arm-efi +%global package_arch efi-arm +%global efi_target_cflags \\\ + %{expand:%%(echo %{optflags} | \\\ + %{cflags_sed} \\\ + -e 's/-march=armv7-a[[:alnum:]+-]*/&+nofp/g' \\\ + -e 's/-mfpu=[[:alnum:]-]\\+//g' \\\ + -e 's/-mfloat-abi=[[:alpha:]]\\+/-mfloat-abi=soft/g' \\\ + )} +%endif + +%global _target_platform %{target_cpu_name}-%{_vendor}-%{_target_os}%{?_gnu} +%global _alt_target_platform %{alt_target_cpu_name}-%{_vendor}-%{_target_os}%{?_gnu} + +%ifarch %{efi_arch} +%global with_efi_arch 1 +%global grubefiname grub%{efiarch}.efi +%global grubeficdname gcd%{efiarch}.efi +%global grubefiarch %{target_cpu_name}-efi +%ifarch %{ix86} +%global with_efi_modules 0 +%global without_efi_modules 1 +%else +%global with_efi_modules 1 +%global without_efi_modules 0 +%endif +%endif + +%if 0%{?alt_efi_arch:1} +%global with_alt_efi_arch 1 +%global grubaltefiname grub%{alt_efi_arch}.efi +%global grubalteficdname gcd%{alt_efi_arch}.efi +%global grubaltefiarch %{alt_target_cpu_name}-efi +%endif + +%ifnarch %{efi_only} +%global with_legacy_arch 1 +%global grublegacyarch %{legacy_target_cpu_name}-%{platform} +%global moduledir %{legacy_target_cpu_name}-%{platform} +%global grubelfname core.elf +%endif + +%global evr %{epoch}:%{version}-%{release} + +%ifarch x86_64 +%global with_efi_common 1 +%global with_legacy_modules 0 +%global with_legacy_common 0 +%else +%global with_efi_common 0 +%global with_legacy_common 1 +%global with_legacy_modules 1 +%endif + +%define define_legacy_variant() \ +%{expand:%%package %%{1}} \ +Summary: Bootloader with support for Linux, Multiboot, and more \ +Group: System Environment/Base \ +Provides: %{name} = %{evr} \ +Obsoletes: %{name} < %{evr} \ +Requires: %{name}-common = %{evr} \ +Requires: %{name}-tools-minimal = %{evr} \ +Requires: %{name}-%{1}-modules = %{evr} \ +Requires: gettext which file \ +Requires: %{name}-tools-extra = %{evr} \ +Requires: %{name}-tools = %{evr} \ +Requires(pre): dracut \ +Requires(post): dracut \ +%{expand:%%description %%{1}} \ +%{desc} \ +This subpackage provides support for %%{1} systems. \ + \ +%{expand:%%{?!buildsubdir:%%define buildsubdir grub-%%{1}-%{tarversion}}}\ +%{expand:%%if 0%%{with_legacy_modules} \ +%%package %%{1}-modules \ +Summary: Modules used to build custom grub images \ +Group: System Environment/Base \ +BuildArch: noarch \ +Requires: %%{name}-common = %%{evr} \ +%%description %%{1}-modules \ +%%{desc} \ +This subpackage provides support for rebuilding your own grub.efi. \ +%%endif \ +} \ + \ +%{expand:%%{?!buildsubdir:%%define buildsubdir grub-%%{1}-%{tarversion}}}\ +%{expand:%%package %%{1}-tools} \ +Summary: Support tools for GRUB. \ +Group: System Environment/Base \ +Requires: gettext os-prober which file system-logos \ +Requires: %{name}-common = %{evr} \ +Requires: %{name}-tools-minimal = %{evr} \ +Requires: os-prober >= 1.58-11 \ +Requires: gettext which file \ + \ +%{expand:%%description %%{1}-tools} \ +%{desc} \ +This subpackage provides tools for support of %%{1} platforms. \ +%{nil} + +%define define_efi_variant(o) \ +%{expand:%%package %{1}} \ +Summary: GRUB for EFI systems. \ +Group: System Environment/Base \ +Requires: efi-filesystem \ +Requires: %{name}-common = %{evr} \ +Requires: %{name}-tools-minimal >= %{evr} \ +Requires: %{name}-tools-extra = %{evr} \ +Requires: %{name}-tools = %{evr} \ +Provides: %{name}-efi = %{evr} \ +%{?legacy_provides:Provides: %{name} = %{evr}} \ +%{-o:Obsoletes: %{name}-efi < %{evr}} \ + \ +%{expand:%%description %{1}} \ +%{desc} \ +This subpackage provides support for %{1} systems. \ + \ +%{expand:%%{?!buildsubdir:%%define buildsubdir grub-%{1}-%{tarversion}}}\ +%{expand:%if 0%{?with_efi_modules} \ +%{expand:%%package %{1}-modules} \ +Summary: Modules used to build custom grub.efi images \ +Group: System Environment/Base \ +BuildArch: noarch \ +Requires: %{name}-common = %{evr} \ +Provides: %{name}-efi-modules = %{evr} \ +Obsoletes: %{name}-efi-modules < %{evr} \ +%{expand:%%description %{1}-modules} \ +%{desc} \ +This subpackage provides support for rebuilding your own grub.efi. \ +%endif} \ + \ +%{expand:%%package %{1}-cdboot} \ +Summary: Files used to boot removeable media with EFI \ +Group: System Environment/Base \ +Requires: %{name}-common = %{evr} \ +Provides: %{name}-efi-cdboot = %{evr} \ +%{expand:%%description %{1}-cdboot} \ +%{desc} \ +This subpackage provides optional components of grub used with removeable media on %{1} systems.\ +%{nil} + +%global do_common_setup() \ +%setup -q -n grub-%{tarversion} \ +rm -fv docs/*.info \ +cp %{SOURCE6} .gitignore \ +cp %{SOURCE8} ./grub-core/tests/strtoull_test.c \ +git init \ +echo '![[:digit:]][[:digit:]]_*.in' > util/grub.d/.gitignore \ +echo '!*.[[:digit:]]' > util/.gitignore \ +echo '!config.h' > include/grub/emu/.gitignore \ +git config user.email "%{name}-owner@fedoraproject.org" \ +git config user.name "Fedora Ninjas" \ +git config gc.auto 0 \ +rm -f configure \ +git add . \ +git commit -a -q -m "%{tarversion} baseline." \ +git apply --index --whitespace=nowarn %{SOURCE3} \ +git commit -a -q -m "%{tarversion} master." \ +git am --whitespace=nowarn %%{patches} . ++ */ ++ ++#include ++#include ++#include ++ ++static const void *dtb; ++static grub_size_t root_address_cells, root_size_cells; ++/* Pointer to this symbol signals invalid mapping. */ ++char grub_fdtbus_invalid_mapping[1]; ++ ++struct grub_fdtbus_dev *devs; ++struct grub_fdtbus_driver *drivers; ++ ++int ++grub_fdtbus_is_compatible (const char *compat_string, ++ const struct grub_fdtbus_dev *dev) ++{ ++ grub_size_t compatible_size; ++ const char *compatible = grub_fdt_get_prop (dtb, dev->node, "compatible", ++ &compatible_size); ++ if (!compatible) ++ return 0; ++ const char *compatible_end = compatible + compatible_size; ++ while (compatible < compatible_end) ++ { ++ if (grub_strcmp (compat_string, compatible) == 0) ++ return 1; ++ compatible += grub_strlen (compatible) + 1; ++ } ++ return 0; ++} ++ ++static void ++fdtbus_scan (struct grub_fdtbus_dev *parent) ++{ ++ int node; ++ for (node = grub_fdt_first_node (dtb, parent ? parent->node : 0); node >= 0; ++ node = grub_fdt_next_node (dtb, node)) ++ { ++ struct grub_fdtbus_dev *dev; ++ struct grub_fdtbus_driver *driver; ++ dev = grub_zalloc (sizeof (*dev)); ++ if (!dev) ++ { ++ grub_print_error (); ++ return; ++ } ++ dev->node = node; ++ dev->next = devs; ++ dev->parent = parent; ++ devs = dev; ++ FOR_LIST_ELEMENTS(driver, drivers) ++ if (!dev->driver && grub_fdtbus_is_compatible (driver->compatible, dev)) ++ { ++ grub_dprintf ("fdtbus", "Attaching %s\n", driver->compatible); ++ if (driver->attach (dev) == GRUB_ERR_NONE) ++ { ++ grub_dprintf ("fdtbus", "Attached %s\n", driver->compatible); ++ dev->driver = driver; ++ break; ++ } ++ grub_print_error (); ++ } ++ fdtbus_scan (dev); ++ } ++} ++ ++void ++grub_fdtbus_register (struct grub_fdtbus_driver *driver) ++{ ++ struct grub_fdtbus_dev *dev; ++ grub_dprintf ("fdtbus", "Registering %s\n", driver->compatible); ++ grub_list_push (GRUB_AS_LIST_P (&drivers), ++ GRUB_AS_LIST (driver)); ++ for (dev = devs; dev; dev = dev->next) ++ if (!dev->driver && grub_fdtbus_is_compatible (driver->compatible, dev)) ++ { ++ grub_dprintf ("fdtbus", "Attaching %s (%p)\n", driver->compatible, dev); ++ if (driver->attach (dev) == GRUB_ERR_NONE) ++ { ++ grub_dprintf ("fdtbus", "Attached %s\n", driver->compatible); ++ dev->driver = driver; ++ } ++ grub_print_error (); ++ } ++} ++ ++void ++grub_fdtbus_unregister (struct grub_fdtbus_driver *driver) ++{ ++ grub_list_remove (GRUB_AS_LIST (driver)); ++ struct grub_fdtbus_dev *dev; ++ for (dev = devs; dev; dev = dev->next) ++ if (dev->driver == driver) ++ { ++ if (driver->detach) ++ driver->detach(dev); ++ dev->driver = 0; ++ } ++} ++ ++void ++grub_fdtbus_init (const void *dtb_in, grub_size_t size) ++{ ++ if (!dtb_in || grub_fdt_check_header (dtb_in, size) < 0) ++ grub_fatal ("invalid FDT"); ++ dtb = dtb_in; ++ const grub_uint32_t *prop = grub_fdt_get_prop (dtb, 0, "#address-cells", 0); ++ if (prop) ++ root_address_cells = grub_be_to_cpu32 (*prop); ++ else ++ root_address_cells = 1; ++ ++ prop = grub_fdt_get_prop (dtb, 0, "#size-cells", 0); ++ if (prop) ++ root_size_cells = grub_be_to_cpu32 (*prop); ++ else ++ root_size_cells = 1; ++ ++ fdtbus_scan (0); ++} ++ ++static int ++get_address_cells (const struct grub_fdtbus_dev *dev) ++{ ++ const grub_uint32_t *prop; ++ if (!dev) ++ return root_address_cells; ++ prop = grub_fdt_get_prop (dtb, dev->node, "#address-cells", 0); ++ if (prop) ++ return grub_be_to_cpu32 (*prop); ++ return 1; ++} ++ ++static int ++get_size_cells (const struct grub_fdtbus_dev *dev) ++{ ++ const grub_uint32_t *prop; ++ if (!dev) ++ return root_size_cells; ++ prop = grub_fdt_get_prop (dtb, dev->node, "#size-cells", 0); ++ if (prop) ++ return grub_be_to_cpu32 (*prop); ++ return 1; ++} ++ ++static grub_uint64_t ++get64 (const grub_uint32_t *reg, grub_size_t cells) ++{ ++ grub_uint64_t val = 0; ++ if (cells >= 1) ++ val = grub_be_to_cpu32 (reg[cells - 1]); ++ if (cells >= 2) ++ val |= ((grub_uint64_t) grub_be_to_cpu32 (reg[cells - 2])) << 32; ++ return val; ++} ++ ++static volatile void * ++translate (const struct grub_fdtbus_dev *dev, const grub_uint32_t *reg) ++{ ++ volatile void *ret; ++ const grub_uint32_t *ranges; ++ grub_size_t ranges_size, cells_per_mapping; ++ grub_size_t parent_address_cells, child_address_cells, child_size_cells; ++ grub_size_t nmappings, i; ++ if (dev == 0) ++ { ++ grub_uint64_t val; ++ val = get64 (reg, root_address_cells); ++ if (sizeof (void *) == 4 && (val >> 32)) ++ return grub_fdtbus_invalid_mapping; ++ return (void *) (grub_addr_t) val; ++ } ++ ranges = grub_fdt_get_prop (dtb, dev->node, "ranges", &ranges_size); ++ if (!ranges) ++ return grub_fdtbus_invalid_mapping; ++ if (ranges_size == 0) ++ return translate (dev->parent, reg); ++ parent_address_cells = get_address_cells (dev->parent); ++ child_address_cells = get_address_cells (dev); ++ child_size_cells = get_size_cells (dev); ++ cells_per_mapping = parent_address_cells + child_address_cells + child_size_cells; ++ nmappings = ranges_size / 4 / cells_per_mapping; ++ for (i = 0; i < nmappings; i++) ++ { ++ const grub_uint32_t *child_addr = &ranges[i * cells_per_mapping]; ++ const grub_uint32_t *parent_addr = child_addr + child_address_cells; ++ grub_uint64_t child_size = get64 (parent_addr + parent_address_cells, child_size_cells); ++ ++ if (child_address_cells > 2 && grub_memcmp (reg, child_addr, (child_address_cells - 2) * 4) != 0) ++ continue; ++ if (get64 (reg, child_address_cells) < get64 (child_addr, child_address_cells)) ++ continue; ++ ++ grub_uint64_t offset = get64 (reg, child_address_cells) - get64 (child_addr, child_address_cells); ++ if (offset >= child_size) ++ continue; ++ ++ ret = translate (dev->parent, parent_addr); ++ if (grub_fdtbus_is_mapping_valid (ret)) ++ ret = (volatile char *) ret + offset; ++ return ret; ++ } ++ return grub_fdtbus_invalid_mapping; ++} ++ ++volatile void * ++grub_fdtbus_map_reg (const struct grub_fdtbus_dev *dev, int regno, grub_size_t *size) ++{ ++ grub_size_t address_cells, size_cells; ++ address_cells = get_address_cells (dev->parent); ++ size_cells = get_size_cells (dev->parent); ++ const grub_uint32_t *reg = grub_fdt_get_prop (dtb, dev->node, "reg", 0); ++ if (size && size_cells) ++ *size = reg[(address_cells + size_cells) * regno + address_cells]; ++ if (size && !size_cells) ++ *size = 0; ++ return translate (dev->parent, reg + (address_cells + size_cells) * regno); ++} ++ ++const char * ++grub_fdtbus_get_name (const struct grub_fdtbus_dev *dev) ++{ ++ return grub_fdt_get_nodename (dtb, dev->node); ++} ++ ++const void * ++grub_fdtbus_get_prop (const struct grub_fdtbus_dev *dev, ++ const char *name, ++ grub_uint32_t *len) ++{ ++ return grub_fdt_get_prop (dtb, dev->node, name, len); ++} ++ ++const void * ++grub_fdtbus_get_fdt (void) ++{ ++ return dtb; ++} +diff --git a/grub-core/bus/spi/rk3288_spi.c b/grub-core/bus/spi/rk3288_spi.c +new file mode 100644 +index 0000000000000000000000000000000000000000..aacb79ffef103bdbff1bb66dd70229b85b1e8030 +--- /dev/null ++++ b/grub-core/bus/spi/rk3288_spi.c +@@ -0,0 +1,103 @@ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * ++ * Copyright (C) 2012 Google Inc. ++ * Copyright (C) 2016 Free Software Foundation, Inc. ++ * ++ * This is based on depthcharge code. ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ */ ++ ++#include ++#include ++#include ++#include ++#include ++ ++static grub_err_t ++spi_send (const struct grub_fdtbus_dev *dev, const void *data, grub_size_t sz) ++{ ++ const grub_uint8_t *ptr = data, *end = ptr + sz; ++ volatile grub_uint32_t *spi = grub_fdtbus_map_reg (dev, 0, 0); ++ spi[2] = 0; ++ spi[1] = sz - 1; ++ spi[0] = ((1 << 18) | spi[0]) & ~(1 << 19); ++ spi[2] = 1; ++ while (ptr < end) ++ { ++ while (spi[9] & 2); ++ spi[256] = *ptr++; ++ } ++ while (spi[9] & 1); ++ return GRUB_ERR_NONE; ++} ++ ++static grub_err_t ++spi_receive (const struct grub_fdtbus_dev *dev, void *data, grub_size_t sz) ++{ ++ grub_uint8_t *ptr = data, *end = ptr + sz; ++ volatile grub_uint32_t *spi = grub_fdtbus_map_reg (dev, 0, 0); ++ spi[2] = 0; ++ spi[1] = sz - 1; ++ spi[0] = ((1 << 19) | spi[0]) & ~(1 << 18); ++ spi[2] = 1; ++ while (ptr < end) ++ { ++ while (spi[9] & 8); ++ *ptr++ = spi[512]; ++ } ++ while (spi[9] & 1); ++ return GRUB_ERR_NONE; ++} ++ ++static grub_err_t ++spi_start (const struct grub_fdtbus_dev *dev) ++{ ++ volatile grub_uint32_t *spi = grub_fdtbus_map_reg (dev, 0, 0); ++ spi[3] = 1; ++ return GRUB_ERR_NONE; ++} ++ ++static void ++spi_stop (const struct grub_fdtbus_dev *dev) ++{ ++ volatile grub_uint32_t *spi = grub_fdtbus_map_reg (dev, 0, 0); ++ spi[3] = 0; ++} ++ ++static grub_err_t ++spi_attach(const struct grub_fdtbus_dev *dev) ++{ ++ if (!grub_fdtbus_is_mapping_valid (grub_fdtbus_map_reg (dev, 0, 0))) ++ return GRUB_ERR_IO; ++ ++ return GRUB_ERR_NONE; ++} ++ ++static struct grub_fdtbus_driver spi = ++{ ++ .compatible = "rockchip,rk3288-spi", ++ .attach = spi_attach, ++ .send = spi_send, ++ .receive = spi_receive, ++ .start = spi_start, ++ .stop = spi_stop, ++}; ++ ++void ++grub_rk3288_spi_init (void) ++{ ++ grub_fdtbus_register (&spi); ++} +diff --git a/grub-core/bus/usb/ehci-fdt.c b/grub-core/bus/usb/ehci-fdt.c +new file mode 100644 +index 0000000000000000000000000000000000000000..29b50bdd5c30d192cc3cba1d7f466a9bcf321d92 +--- /dev/null ++++ b/grub-core/bus/usb/ehci-fdt.c +@@ -0,0 +1,45 @@ ++/* ehci.c - EHCI Support. */ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2011 Free Software Foundation, Inc. ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ */ ++ ++#include ++#include ++#include ++#include ++#include ++ ++static grub_err_t ++ehci_attach(const struct grub_fdtbus_dev *dev) ++{ ++ grub_dprintf ("ehci", "Found generic-ehci\n"); ++ ++ grub_ehci_init_device (grub_fdtbus_map_reg (dev, 0, 0)); ++ return 0; ++} ++ ++struct grub_fdtbus_driver ehci = ++{ ++ .compatible = "generic-ehci", ++ .attach = ehci_attach ++}; ++ ++void ++grub_ehci_pci_scan (void) ++{ ++ grub_fdtbus_register (&ehci); ++} +diff --git a/grub-core/bus/usb/ehci-pci.c b/grub-core/bus/usb/ehci-pci.c +new file mode 100644 +index 0000000000000000000000000000000000000000..65e6cb57438b7dfa35b80bbbe36a1e50629f025f +--- /dev/null ++++ b/grub-core/bus/usb/ehci-pci.c +@@ -0,0 +1,208 @@ ++/* ehci.c - EHCI Support. */ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2011 Free Software Foundation, Inc. ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ */ ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++#define GRUB_EHCI_PCI_SBRN_REG 0x60 ++#define GRUB_EHCI_ADDR_MEM_MASK (~0xff) ++ ++/* USBLEGSUP bits and related OS OWNED byte offset */ ++enum ++{ ++ GRUB_EHCI_BIOS_OWNED = (1 << 16), ++ GRUB_EHCI_OS_OWNED = (1 << 24) ++}; ++ ++/* PCI iteration function... */ ++static int ++grub_ehci_pci_iter (grub_pci_device_t dev, grub_pci_id_t pciid, ++ void *data __attribute__ ((unused))) ++{ ++ volatile grub_uint32_t *regs; ++ grub_uint32_t base, base_h; ++ grub_uint32_t eecp_offset; ++ grub_uint32_t usblegsup = 0; ++ grub_uint64_t maxtime; ++ grub_uint32_t interf; ++ grub_uint32_t subclass; ++ grub_uint32_t class; ++ grub_uint8_t release; ++ grub_uint32_t class_code; ++ ++ grub_dprintf ("ehci", "EHCI grub_ehci_pci_iter: begin\n"); ++ ++ if (pciid == GRUB_CS5536_PCIID) ++ { ++ grub_uint64_t basereg; ++ ++ basereg = grub_cs5536_read_msr (dev, GRUB_CS5536_MSR_USB_EHCI_BASE); ++ if (!(basereg & GRUB_CS5536_MSR_USB_BASE_MEMORY_ENABLE)) ++ { ++ /* Shouldn't happen. */ ++ grub_dprintf ("ehci", "No EHCI address is assigned\n"); ++ return 0; ++ } ++ base = (basereg & GRUB_CS5536_MSR_USB_BASE_ADDR_MASK); ++ basereg |= GRUB_CS5536_MSR_USB_BASE_BUS_MASTER; ++ basereg &= ~GRUB_CS5536_MSR_USB_BASE_PME_ENABLED; ++ basereg &= ~GRUB_CS5536_MSR_USB_BASE_PME_STATUS; ++ basereg &= ~GRUB_CS5536_MSR_USB_BASE_SMI_ENABLE; ++ grub_cs5536_write_msr (dev, GRUB_CS5536_MSR_USB_EHCI_BASE, basereg); ++ } ++ else ++ { ++ grub_pci_address_t addr; ++ addr = grub_pci_make_address (dev, GRUB_PCI_REG_CLASS); ++ class_code = grub_pci_read (addr) >> 8; ++ interf = class_code & 0xFF; ++ subclass = (class_code >> 8) & 0xFF; ++ class = class_code >> 16; ++ ++ /* If this is not an EHCI controller, just return. */ ++ if (class != 0x0c || subclass != 0x03 || interf != 0x20) ++ return 0; ++ ++ grub_dprintf ("ehci", "EHCI grub_ehci_pci_iter: class OK\n"); ++ ++ /* Check Serial Bus Release Number */ ++ addr = grub_pci_make_address (dev, GRUB_EHCI_PCI_SBRN_REG); ++ release = grub_pci_read_byte (addr); ++ if (release != 0x20) ++ { ++ grub_dprintf ("ehci", "EHCI grub_ehci_pci_iter: Wrong SBRN: %0x\n", ++ release); ++ return 0; ++ } ++ grub_dprintf ("ehci", "EHCI grub_ehci_pci_iter: bus rev. num. OK\n"); ++ ++ /* Determine EHCI EHCC registers base address. */ ++ addr = grub_pci_make_address (dev, GRUB_PCI_REG_ADDRESS_REG0); ++ base = grub_pci_read (addr); ++ addr = grub_pci_make_address (dev, GRUB_PCI_REG_ADDRESS_REG1); ++ base_h = grub_pci_read (addr); ++ /* Stop if registers are mapped above 4G - GRUB does not currently ++ * work with registers mapped above 4G */ ++ if (((base & GRUB_PCI_ADDR_MEM_TYPE_MASK) != GRUB_PCI_ADDR_MEM_TYPE_32) ++ && (base_h != 0)) ++ { ++ grub_dprintf ("ehci", ++ "EHCI grub_ehci_pci_iter: registers above 4G are not supported\n"); ++ return 0; ++ } ++ base &= GRUB_PCI_ADDR_MEM_MASK; ++ if (!base) ++ { ++ grub_dprintf ("ehci", ++ "EHCI: EHCI is not mapped\n"); ++ return 0; ++ } ++ ++ /* Set bus master - needed for coreboot, VMware, broken BIOSes etc. */ ++ addr = grub_pci_make_address (dev, GRUB_PCI_REG_COMMAND); ++ grub_pci_write_word(addr, ++ GRUB_PCI_COMMAND_MEM_ENABLED ++ | GRUB_PCI_COMMAND_BUS_MASTER ++ | grub_pci_read_word(addr)); ++ ++ grub_dprintf ("ehci", "EHCI grub_ehci_pci_iter: 32-bit EHCI OK\n"); ++ } ++ ++ grub_dprintf ("ehci", "EHCI grub_ehci_pci_iter: iobase of EHCC: %08x\n", ++ (base & GRUB_EHCI_ADDR_MEM_MASK)); ++ ++ regs = grub_pci_device_map_range (dev, ++ (base & GRUB_EHCI_ADDR_MEM_MASK), ++ 0x100); ++ ++ /* Is there EECP ? */ ++ eecp_offset = (grub_le_to_cpu32 (regs[2]) >> 8) & 0xff; ++ ++ /* Determine and change ownership. */ ++ /* EECP offset valid in HCCPARAMS */ ++ /* Ownership can be changed via EECP only */ ++ if (pciid != GRUB_CS5536_PCIID && eecp_offset >= 0x40) ++ { ++ grub_pci_address_t pciaddr_eecp; ++ pciaddr_eecp = grub_pci_make_address (dev, eecp_offset); ++ ++ usblegsup = grub_pci_read (pciaddr_eecp); ++ if (usblegsup & GRUB_EHCI_BIOS_OWNED) ++ { ++ grub_boot_time ("Taking ownership of EHCI controller"); ++ grub_dprintf ("ehci", ++ "EHCI grub_ehci_pci_iter: EHCI owned by: BIOS\n"); ++ /* Ownership change - set OS_OWNED bit */ ++ grub_pci_write (pciaddr_eecp, usblegsup | GRUB_EHCI_OS_OWNED); ++ /* Ensure PCI register is written */ ++ grub_pci_read (pciaddr_eecp); ++ ++ /* Wait for finish of ownership change, EHCI specification ++ * doesn't say how long it can take... */ ++ maxtime = grub_get_time_ms () + 1000; ++ while ((grub_pci_read (pciaddr_eecp) & GRUB_EHCI_BIOS_OWNED) ++ && (grub_get_time_ms () < maxtime)); ++ if (grub_pci_read (pciaddr_eecp) & GRUB_EHCI_BIOS_OWNED) ++ { ++ grub_dprintf ("ehci", ++ "EHCI grub_ehci_pci_iter: EHCI change ownership timeout"); ++ /* Change ownership in "hard way" - reset BIOS ownership */ ++ grub_pci_write (pciaddr_eecp, GRUB_EHCI_OS_OWNED); ++ /* Ensure PCI register is written */ ++ grub_pci_read (pciaddr_eecp); ++ } ++ } ++ else if (usblegsup & GRUB_EHCI_OS_OWNED) ++ /* XXX: What to do in this case - nothing ? Can it happen ? */ ++ grub_dprintf ("ehci", "EHCI grub_ehci_pci_iter: EHCI owned by: OS\n"); ++ else ++ { ++ grub_dprintf ("ehci", ++ "EHCI grub_ehci_pci_iter: EHCI owned by: NONE\n"); ++ /* XXX: What to do in this case ? Can it happen ? ++ * Is code below correct ? */ ++ /* Ownership change - set OS_OWNED bit */ ++ grub_pci_write (pciaddr_eecp, GRUB_EHCI_OS_OWNED); ++ /* Ensure PCI register is written */ ++ grub_pci_read (pciaddr_eecp); ++ } ++ ++ /* Disable SMI, just to be sure. */ ++ pciaddr_eecp = grub_pci_make_address (dev, eecp_offset + 4); ++ grub_pci_write (pciaddr_eecp, 0); ++ /* Ensure PCI register is written */ ++ grub_pci_read (pciaddr_eecp); ++ } ++ ++ grub_dprintf ("ehci", "inithw: EHCI grub_ehci_pci_iter: ownership OK\n"); ++ ++ grub_ehci_init_device (regs); ++ return 0; ++} ++ ++void ++grub_ehci_pci_scan (void) ++{ ++ grub_pci_iterate (grub_ehci_pci_iter, NULL); ++} +diff --git a/grub-core/bus/usb/ehci.c b/grub-core/bus/usb/ehci.c +index 5f4297bb21ec4c28824abb0c442a87a3dd4a872e..d966fc21002602fab3f1b68668ddcb5bfa639442 100644 +--- a/grub-core/bus/usb/ehci.c ++++ b/grub-core/bus/usb/ehci.c +@@ -22,13 +22,10 @@ + #include + #include + #include +-#include +-#include +-#include + #include + #include +-#include + #include ++#include + #include + + GRUB_MOD_LICENSE ("GPLv3+"); +@@ -39,8 +36,6 @@ GRUB_MOD_LICENSE ("GPLv3+"); + * - is not supporting interrupt transfers + */ + +-#define GRUB_EHCI_PCI_SBRN_REG 0x60 +- + /* Capability registers offsets */ + enum + { +@@ -54,7 +49,6 @@ enum + #define GRUB_EHCI_EECP_MASK (0xff << 8) + #define GRUB_EHCI_EECP_SHIFT 8 + +-#define GRUB_EHCI_ADDR_MEM_MASK (~0xff) + #define GRUB_EHCI_POINTER_MASK (~0x1f) + + /* Capability register SPARAMS bits */ +@@ -85,13 +79,6 @@ enum + + #define GRUB_EHCI_QH_EMPTY 1 + +-/* USBLEGSUP bits and related OS OWNED byte offset */ +-enum +-{ +- GRUB_EHCI_BIOS_OWNED = (1 << 16), +- GRUB_EHCI_OS_OWNED = (1 << 24) +-}; +- + /* Operational registers offsets */ + enum + { +@@ -455,9 +442,10 @@ grub_ehci_reset (struct grub_ehci *e) + + sync_all_caches (e); + ++ grub_dprintf ("ehci", "reset\n"); ++ + grub_ehci_oper_write32 (e, GRUB_EHCI_COMMAND, +- GRUB_EHCI_CMD_HC_RESET +- | grub_ehci_oper_read32 (e, GRUB_EHCI_COMMAND)); ++ GRUB_EHCI_CMD_HC_RESET); + /* Ensure command is written */ + grub_ehci_oper_read32 (e, GRUB_EHCI_COMMAND); + /* XXX: How long time could take reset of HC ? */ +@@ -473,116 +461,24 @@ grub_ehci_reset (struct grub_ehci *e) + } + + /* PCI iteration function... */ +-static int +-grub_ehci_pci_iter (grub_pci_device_t dev, grub_pci_id_t pciid, +- void *data __attribute__ ((unused))) ++void ++grub_ehci_init_device (volatile void *regs) + { +- grub_uint8_t release; +- grub_uint32_t class_code; +- grub_uint32_t interf; +- grub_uint32_t subclass; +- grub_uint32_t class; +- grub_uint32_t base, base_h; + struct grub_ehci *e; +- grub_uint32_t eecp_offset; + grub_uint32_t fp; + int i; +- grub_uint32_t usblegsup = 0; +- grub_uint64_t maxtime; + grub_uint32_t n_ports; + grub_uint8_t caplen; + +- grub_dprintf ("ehci", "EHCI grub_ehci_pci_iter: begin\n"); +- +- if (pciid == GRUB_CS5536_PCIID) +- { +- grub_uint64_t basereg; +- +- basereg = grub_cs5536_read_msr (dev, GRUB_CS5536_MSR_USB_EHCI_BASE); +- if (!(basereg & GRUB_CS5536_MSR_USB_BASE_MEMORY_ENABLE)) +- { +- /* Shouldn't happen. */ +- grub_dprintf ("ehci", "No EHCI address is assigned\n"); +- return 0; +- } +- base = (basereg & GRUB_CS5536_MSR_USB_BASE_ADDR_MASK); +- basereg |= GRUB_CS5536_MSR_USB_BASE_BUS_MASTER; +- basereg &= ~GRUB_CS5536_MSR_USB_BASE_PME_ENABLED; +- basereg &= ~GRUB_CS5536_MSR_USB_BASE_PME_STATUS; +- basereg &= ~GRUB_CS5536_MSR_USB_BASE_SMI_ENABLE; +- grub_cs5536_write_msr (dev, GRUB_CS5536_MSR_USB_EHCI_BASE, basereg); +- } +- else +- { +- grub_pci_address_t addr; +- addr = grub_pci_make_address (dev, GRUB_PCI_REG_CLASS); +- class_code = grub_pci_read (addr) >> 8; +- interf = class_code & 0xFF; +- subclass = (class_code >> 8) & 0xFF; +- class = class_code >> 16; +- +- /* If this is not an EHCI controller, just return. */ +- if (class != 0x0c || subclass != 0x03 || interf != 0x20) +- return 0; +- +- grub_dprintf ("ehci", "EHCI grub_ehci_pci_iter: class OK\n"); +- +- /* Check Serial Bus Release Number */ +- addr = grub_pci_make_address (dev, GRUB_EHCI_PCI_SBRN_REG); +- release = grub_pci_read_byte (addr); +- if (release != 0x20) +- { +- grub_dprintf ("ehci", "EHCI grub_ehci_pci_iter: Wrong SBRN: %0x\n", +- release); +- return 0; +- } +- grub_dprintf ("ehci", "EHCI grub_ehci_pci_iter: bus rev. num. OK\n"); +- +- /* Determine EHCI EHCC registers base address. */ +- addr = grub_pci_make_address (dev, GRUB_PCI_REG_ADDRESS_REG0); +- base = grub_pci_read (addr); +- addr = grub_pci_make_address (dev, GRUB_PCI_REG_ADDRESS_REG1); +- base_h = grub_pci_read (addr); +- /* Stop if registers are mapped above 4G - GRUB does not currently +- * work with registers mapped above 4G */ +- if (((base & GRUB_PCI_ADDR_MEM_TYPE_MASK) != GRUB_PCI_ADDR_MEM_TYPE_32) +- && (base_h != 0)) +- { +- grub_dprintf ("ehci", +- "EHCI grub_ehci_pci_iter: registers above 4G are not supported\n"); +- return 0; +- } +- base &= GRUB_PCI_ADDR_MEM_MASK; +- if (!base) +- { +- grub_dprintf ("ehci", +- "EHCI: EHCI is not mapped\n"); +- return 0; +- } +- +- /* Set bus master - needed for coreboot, VMware, broken BIOSes etc. */ +- addr = grub_pci_make_address (dev, GRUB_PCI_REG_COMMAND); +- grub_pci_write_word(addr, +- GRUB_PCI_COMMAND_MEM_ENABLED +- | GRUB_PCI_COMMAND_BUS_MASTER +- | grub_pci_read_word(addr)); +- +- grub_dprintf ("ehci", "EHCI grub_ehci_pci_iter: 32-bit EHCI OK\n"); +- } +- + /* Allocate memory for the controller and fill basic values. */ + e = grub_zalloc (sizeof (*e)); + if (!e) +- return 1; ++ return; + e->framelist_chunk = NULL; + e->td_chunk = NULL; + e->qh_chunk = NULL; +- e->iobase_ehcc = grub_pci_device_map_range (dev, +- (base & GRUB_EHCI_ADDR_MEM_MASK), +- 0x100); ++ e->iobase_ehcc = regs; + +- grub_dprintf ("ehci", "EHCI grub_ehci_pci_iter: iobase of EHCC: %08x\n", +- (base & GRUB_EHCI_ADDR_MEM_MASK)); + grub_dprintf ("ehci", "EHCI grub_ehci_pci_iter: CAPLEN: %02x\n", + grub_ehci_ehcc_read8 (e, GRUB_EHCI_EHCC_CAPLEN)); + grub_dprintf ("ehci", "EHCI grub_ehci_pci_iter: VERSION: %04x\n", +@@ -598,7 +494,7 @@ grub_ehci_pci_iter (grub_pci_device_t dev, grub_pci_id_t pciid, + if (caplen & (sizeof (grub_uint32_t) - 1)) + { + grub_dprintf ("ehci", "Unaligned caplen\n"); +- return 0; ++ return; + } + e->iobase = ((volatile grub_uint32_t *) e->iobase_ehcc + + (caplen / sizeof (grub_uint32_t))); +@@ -608,8 +504,8 @@ grub_ehci_pci_iter (grub_pci_device_t dev, grub_pci_id_t pciid, + #endif + + grub_dprintf ("ehci", +- "EHCI grub_ehci_pci_iter: iobase of oper. regs: %08x\n", +- (base & GRUB_EHCI_ADDR_MEM_MASK) + caplen); ++ "EHCI grub_ehci_pci_iter: iobase of oper. regs: %08llxx\n", ++ (unsigned long long) (grub_addr_t) e->iobase_ehcc + caplen); + grub_dprintf ("ehci", "EHCI grub_ehci_pci_iter: COMMAND: %08x\n", + grub_ehci_oper_read32 (e, GRUB_EHCI_COMMAND)); + grub_dprintf ("ehci", "EHCI grub_ehci_pci_iter: STATUS: %08x\n", +@@ -625,10 +521,6 @@ grub_ehci_pci_iter (grub_pci_device_t dev, grub_pci_id_t pciid, + grub_dprintf ("ehci", "EHCI grub_ehci_pci_iter: CONFIG_FLAG: %08x\n", + grub_ehci_oper_read32 (e, GRUB_EHCI_CONFIG_FLAG)); + +- /* Is there EECP ? */ +- eecp_offset = (grub_ehci_ehcc_read32 (e, GRUB_EHCI_EHCC_CPARAMS) +- & GRUB_EHCI_EECP_MASK) >> GRUB_EHCI_EECP_SHIFT; +- + /* Check format of data structures requested by EHCI */ + /* XXX: In fact it is not used at any place, it is prepared for future + * This implementation uses 32-bits pointers only */ +@@ -732,65 +624,6 @@ grub_ehci_pci_iter (grub_pci_device_t dev, grub_pci_id_t pciid, + + grub_dprintf ("ehci", "EHCI grub_ehci_pci_iter: QH/TD init. OK\n"); + +- /* Determine and change ownership. */ +- /* EECP offset valid in HCCPARAMS */ +- /* Ownership can be changed via EECP only */ +- if (pciid != GRUB_CS5536_PCIID && eecp_offset >= 0x40) +- { +- grub_pci_address_t pciaddr_eecp; +- pciaddr_eecp = grub_pci_make_address (dev, eecp_offset); +- +- usblegsup = grub_pci_read (pciaddr_eecp); +- if (usblegsup & GRUB_EHCI_BIOS_OWNED) +- { +- grub_boot_time ("Taking ownership of EHCI controller"); +- grub_dprintf ("ehci", +- "EHCI grub_ehci_pci_iter: EHCI owned by: BIOS\n"); +- /* Ownership change - set OS_OWNED bit */ +- grub_pci_write (pciaddr_eecp, usblegsup | GRUB_EHCI_OS_OWNED); +- /* Ensure PCI register is written */ +- grub_pci_read (pciaddr_eecp); +- +- /* Wait for finish of ownership change, EHCI specification +- * doesn't say how long it can take... */ +- maxtime = grub_get_time_ms () + 1000; +- while ((grub_pci_read (pciaddr_eecp) & GRUB_EHCI_BIOS_OWNED) +- && (grub_get_time_ms () < maxtime)); +- if (grub_pci_read (pciaddr_eecp) & GRUB_EHCI_BIOS_OWNED) +- { +- grub_dprintf ("ehci", +- "EHCI grub_ehci_pci_iter: EHCI change ownership timeout"); +- /* Change ownership in "hard way" - reset BIOS ownership */ +- grub_pci_write (pciaddr_eecp, GRUB_EHCI_OS_OWNED); +- /* Ensure PCI register is written */ +- grub_pci_read (pciaddr_eecp); +- } +- } +- else if (usblegsup & GRUB_EHCI_OS_OWNED) +- /* XXX: What to do in this case - nothing ? Can it happen ? */ +- grub_dprintf ("ehci", "EHCI grub_ehci_pci_iter: EHCI owned by: OS\n"); +- else +- { +- grub_dprintf ("ehci", +- "EHCI grub_ehci_pci_iter: EHCI owned by: NONE\n"); +- /* XXX: What to do in this case ? Can it happen ? +- * Is code below correct ? */ +- /* Ownership change - set OS_OWNED bit */ +- grub_pci_write (pciaddr_eecp, GRUB_EHCI_OS_OWNED); +- /* Ensure PCI register is written */ +- grub_pci_read (pciaddr_eecp); +- } +- +- /* Disable SMI, just to be sure. */ +- pciaddr_eecp = grub_pci_make_address (dev, eecp_offset + 4); +- grub_pci_write (pciaddr_eecp, 0); +- /* Ensure PCI register is written */ +- grub_pci_read (pciaddr_eecp); +- +- } +- +- grub_dprintf ("ehci", "inithw: EHCI grub_ehci_pci_iter: ownership OK\n"); +- + /* Now we can setup EHCI (maybe...) */ + + /* Check if EHCI is halted and halt it if not */ +@@ -863,8 +696,8 @@ grub_ehci_pci_iter (grub_pci_device_t dev, grub_pci_id_t pciid, + grub_dprintf ("ehci", "EHCI grub_ehci_pci_iter: OK at all\n"); + + grub_dprintf ("ehci", +- "EHCI grub_ehci_pci_iter: iobase of oper. regs: %08x\n", +- (base & GRUB_EHCI_ADDR_MEM_MASK)); ++ "EHCI grub_ehci_pci_iter: iobase of oper. regs: %08llx\n", ++ (unsigned long long) (grub_addr_t) regs); + grub_dprintf ("ehci", "EHCI grub_ehci_pci_iter: COMMAND: %08x\n", + grub_ehci_oper_read32 (e, GRUB_EHCI_COMMAND)); + grub_dprintf ("ehci", "EHCI grub_ehci_pci_iter: STATUS: %08x\n", +@@ -880,7 +713,7 @@ grub_ehci_pci_iter (grub_pci_device_t dev, grub_pci_id_t pciid, + grub_dprintf ("ehci", "EHCI grub_ehci_pci_iter: CONFIG_FLAG: %08x\n", + grub_ehci_oper_read32 (e, GRUB_EHCI_CONFIG_FLAG)); + +- return 0; ++ return; + + fail: + if (e) +@@ -894,7 +727,7 @@ fail: + } + grub_free (e); + +- return 0; ++ return; + } + + static int +@@ -1891,12 +1724,6 @@ grub_ehci_detect_dev (grub_usb_controller_t dev, int port, int *changed) + } + } + +-static void +-grub_ehci_inithw (void) +-{ +- grub_pci_iterate (grub_ehci_pci_iter, NULL); +-} +- + static grub_err_t + grub_ehci_restore_hw (void) + { +@@ -1997,7 +1824,7 @@ GRUB_MOD_INIT (ehci) + grub_stop_disk_firmware (); + + grub_boot_time ("Initing EHCI hardware"); +- grub_ehci_inithw (); ++ grub_ehci_pci_scan (); + grub_boot_time ("Registering EHCI driver"); + grub_usb_controller_dev_register (&usb_controller); + grub_boot_time ("EHCI driver registered"); +diff --git a/grub-core/bus/usb/usbtrans.c b/grub-core/bus/usb/usbtrans.c +index 9266e49311c4471d0915aebf9fae05509d0fa5c7..85f081fffb3a2aa7354816c79977ae45a79b1c80 100644 +--- a/grub-core/bus/usb/usbtrans.c ++++ b/grub-core/bus/usb/usbtrans.c +@@ -18,7 +18,7 @@ + */ + + #include +-#include ++#include + #include + #include + #include +diff --git a/grub-core/commands/efi/lsefi.c b/grub-core/commands/efi/lsefi.c +index d901c3892630f2500eda9822c712aae278017907..d1ce99af438914692d1b71b0017050689dd73db9 100644 +--- a/grub-core/commands/efi/lsefi.c ++++ b/grub-core/commands/efi/lsefi.c +@@ -109,8 +109,10 @@ grub_cmd_lsefi (grub_command_t cmd __attribute__ ((unused)), + + status = efi_call_3 (grub_efi_system_table->boot_services->protocols_per_handle, + handle, &protocols, &num_protocols); +- if (status != GRUB_EFI_SUCCESS) ++ if (status != GRUB_EFI_SUCCESS) { + grub_printf ("Unable to retrieve protocols\n"); ++ continue; ++ } + for (j = 0; j < num_protocols; j++) + { + for (k = 0; k < ARRAY_SIZE (known_protocols); k++) +diff --git a/grub-core/commands/file.c b/grub-core/commands/file.c +index 12fba99e06a23cb72af67fc4bfb758d97bfa0e67..3ff6d5522d2d572c2af16fec371faeb8e4b28f9d 100644 +--- a/grub-core/commands/file.c ++++ b/grub-core/commands/file.c +@@ -27,6 +27,8 @@ + #include + #include + #include ++#include ++#include + #include + #include + #include +@@ -383,21 +385,19 @@ grub_cmd_file (grub_extcmd_context_t ctxt, int argc, char **args) + } + case IS_ARM_LINUX: + { +- grub_uint32_t sig, sig_pi; +- if (grub_file_read (file, &sig_pi, 4) != 4) ++ struct linux_arm_kernel_header lh; ++ ++ if (grub_file_read (file, &lh, sizeof (lh)) != sizeof (lh)) + break; +- /* Raspberry pi. */ +- if (sig_pi == grub_cpu_to_le32_compile_time (0xea000006)) ++ /* Short forward branch in A32 state (for Raspberry pi kernels). */ ++ if (lh.code0 == grub_cpu_to_le32_compile_time (0xea000006)) + { + ret = 1; + break; + } + +- if (grub_file_seek (file, 0x24) == (grub_size_t) -1) +- break; +- if (grub_file_read (file, &sig, 4) != 4) +- break; +- if (sig == grub_cpu_to_le32_compile_time (0x016f2818)) ++ if (lh.magic == ++ grub_cpu_to_le32_compile_time (GRUB_LINUX_ARM_MAGIC_SIGNATURE)) + { + ret = 1; + break; +@@ -406,13 +406,13 @@ grub_cmd_file (grub_extcmd_context_t ctxt, int argc, char **args) + } + case IS_ARM64_LINUX: + { +- grub_uint32_t sig; ++ struct linux_arm64_kernel_header lh; + +- if (grub_file_seek (file, 0x38) == (grub_size_t) -1) ++ if (grub_file_read (file, &lh, sizeof (lh)) != sizeof (lh)) + break; +- if (grub_file_read (file, &sig, 4) != 4) +- break; +- if (sig == grub_cpu_to_le32_compile_time (0x644d5241)) ++ ++ if (lh.magic == ++ grub_cpu_to_le32_compile_time (GRUB_LINUX_ARM64_MAGIC_SIGNATURE)) + { + ret = 1; + break; +@@ -497,7 +497,7 @@ grub_cmd_file (grub_extcmd_context_t ctxt, int argc, char **args) + case IS_X86_LINUX32: + case IS_X86_LINUX: + { +- struct linux_kernel_header lh; ++ struct linux_i386_kernel_header lh; + if (grub_file_read (file, &lh, sizeof (lh)) != sizeof (lh)) + break; + if (lh.boot_flag != grub_cpu_to_le16_compile_time (0xaa55)) +@@ -508,7 +508,7 @@ grub_cmd_file (grub_extcmd_context_t ctxt, int argc, char **args) + + /* FIXME: some really old kernels (< 1.3.73) will fail this. */ + if (lh.header != +- grub_cpu_to_le32_compile_time (GRUB_LINUX_MAGIC_SIGNATURE) ++ grub_cpu_to_le32_compile_time (GRUB_LINUX_I386_MAGIC_SIGNATURE) + || grub_le_to_cpu16 (lh.version) < 0x0200) + break; + +@@ -521,7 +521,7 @@ grub_cmd_file (grub_extcmd_context_t ctxt, int argc, char **args) + /* FIXME: 2.03 is not always good enough (Linux 2.4 can be 2.03 and + still not support 32-bit boot. */ + if (lh.header != +- grub_cpu_to_le32_compile_time (GRUB_LINUX_MAGIC_SIGNATURE) ++ grub_cpu_to_le32_compile_time (GRUB_LINUX_I386_MAGIC_SIGNATURE) + || grub_le_to_cpu16 (lh.version) < 0x0203) + break; + +diff --git a/grub-core/commands/i386/coreboot/cb_timestamps.c b/grub-core/commands/i386/coreboot/cb_timestamps.c +index e72f38d6e057dccfb981d6bbc483d2bdd8a06c98..e97ea6bed98b42d4f03f06ab5bc076fadbfee67f 100644 +--- a/grub-core/commands/i386/coreboot/cb_timestamps.c ++++ b/grub-core/commands/i386/coreboot/cb_timestamps.c +@@ -20,7 +20,7 @@ + #include + #include + #include +-#include ++#include + #include + + GRUB_MOD_LICENSE ("GPLv3+"); +diff --git a/grub-core/commands/i386/coreboot/cbls.c b/grub-core/commands/i386/coreboot/cbls.c +index e0a10596fe279331cca94172e1f452fdfe18394f..102291f424ab782c6cd3bcd4ae1effd836cd832e 100644 +--- a/grub-core/commands/i386/coreboot/cbls.c ++++ b/grub-core/commands/i386/coreboot/cbls.c +@@ -20,7 +20,7 @@ + #include + #include + #include +-#include ++#include + #include + + GRUB_MOD_LICENSE ("GPLv3+"); +diff --git a/grub-core/commands/keylayouts.c b/grub-core/commands/keylayouts.c +index f4b7730208ab8ffafb1b0283294a140248839d7a..f35d3a369bad7125cb04e25f0e32c01c00c673b0 100644 +--- a/grub-core/commands/keylayouts.c ++++ b/grub-core/commands/keylayouts.c +@@ -40,7 +40,7 @@ static struct grub_keyboard_layout layout_us = { + /* 0x10 */ 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', + /* 0x18 */ 'u', 'v', 'w', 'x', 'y', 'z', '1', '2', + /* 0x20 */ '3', '4', '5', '6', '7', '8', '9', '0', +- /* 0x28 */ '\n', '\e', '\b', '\t', ' ', '-', '=', '[', ++ /* 0x28 */ '\n', GRUB_TERM_ESC, GRUB_TERM_BACKSPACE, GRUB_TERM_TAB, ' ', '-', '=', '[', + /* According to usage table 0x31 should be mapped to '/' + but testing with real keyboard shows that 0x32 is remapped to '/'. + Map 0x31 to 0. +@@ -82,8 +82,8 @@ static struct grub_keyboard_layout layout_us = { + /* 0x10 */ 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', + /* 0x18 */ 'U', 'V', 'W', 'X', 'Y', 'Z', '!', '@', + /* 0x20 */ '#', '$', '%', '^', '&', '*', '(', ')', +- /* 0x28 */ '\n' | GRUB_TERM_SHIFT, '\e' | GRUB_TERM_SHIFT, +- /* 0x2a */ '\b' | GRUB_TERM_SHIFT, '\t' | GRUB_TERM_SHIFT, ++ /* 0x28 */ '\n' | GRUB_TERM_SHIFT, GRUB_TERM_ESC | GRUB_TERM_SHIFT, ++ /* 0x2a */ GRUB_TERM_BACKSPACE | GRUB_TERM_SHIFT, GRUB_TERM_TAB | GRUB_TERM_SHIFT, + /* 0x2c */ ' ' | GRUB_TERM_SHIFT, '_', '+', '{', + /* According to usage table 0x31 should be mapped to '/' + but testing with real keyboard shows that 0x32 is remapped to '/'. +diff --git a/grub-core/commands/ls.c b/grub-core/commands/ls.c +index 0eaf836527944ba69d499050ad080f919d3e57ef..c25161cc4f2c6d4fce6781bfac9bf7796fceb0c7 100644 +--- a/grub-core/commands/ls.c ++++ b/grub-core/commands/ls.c +@@ -201,6 +201,15 @@ grub_ls_list_files (char *dirname, int longlist, int all, int human) + if (grub_errno == GRUB_ERR_UNKNOWN_FS) + grub_errno = GRUB_ERR_NONE; + ++#ifdef GRUB_MACHINE_IEEE1275 ++ /* ++ * Close device to prevent a double open in grub_normal_print_device_info(). ++ * Otherwise it may lead to hangs on some IEEE 1275 platforms. ++ */ ++ grub_device_close (dev); ++ dev = NULL; ++#endif ++ + grub_normal_print_device_info (device_name); + } + else if (fs) +diff --git a/grub-core/commands/menuentry.c b/grub-core/commands/menuentry.c +index 58d4dadf6ee4ec392a09d433802803520704cd7b..2c5363da7f549b85ae04d1d88a78db0b85504c51 100644 +--- a/grub-core/commands/menuentry.c ++++ b/grub-core/commands/menuentry.c +@@ -52,8 +52,8 @@ static struct + int key; + } hotkey_aliases[] = + { +- {"backspace", '\b'}, +- {"tab", '\t'}, ++ {"backspace", GRUB_TERM_BACKSPACE}, ++ {"tab", GRUB_TERM_TAB}, + {"delete", GRUB_TERM_KEY_DC}, + {"insert", GRUB_TERM_KEY_INSERT}, + {"f1", GRUB_TERM_KEY_F1}, +diff --git a/grub-core/disk/ahci.c b/grub-core/disk/ahci.c +index 494a1b7734ef44fef6e887f62b6eb30d0a494284..f2f606423aca4f842f5b16b797a1084cc5791cbb 100644 +--- a/grub-core/disk/ahci.c ++++ b/grub-core/disk/ahci.c +@@ -82,6 +82,20 @@ enum grub_ahci_hba_port_command + GRUB_AHCI_HBA_PORT_CMD_FR = 0x4000, + }; + ++enum grub_ahci_hba_port_int_status ++ { ++ GRUB_AHCI_HBA_PORT_IS_IFS = (1UL << 27), ++ GRUB_AHCI_HBA_PORT_IS_HBDS = (1UL << 28), ++ GRUB_AHCI_HBA_PORT_IS_HBFS = (1UL << 29), ++ GRUB_AHCI_HBA_PORT_IS_TFES = (1UL << 30), ++ }; ++ ++#define GRUB_AHCI_HBA_PORT_IS_FATAL_MASK ( \ ++ GRUB_AHCI_HBA_PORT_IS_IFS | \ ++ GRUB_AHCI_HBA_PORT_IS_HBDS | \ ++ GRUB_AHCI_HBA_PORT_IS_HBFS | \ ++ GRUB_AHCI_HBA_PORT_IS_TFES) ++ + struct grub_ahci_hba + { + grub_uint32_t cap; +@@ -1026,7 +1040,8 @@ grub_ahci_readwrite_real (struct grub_ahci_device *dev, + + endtime = grub_get_time_ms () + (spinup ? 20000 : 20000); + while ((dev->hba->ports[dev->port].command_issue & 1)) +- if (grub_get_time_ms () > endtime) ++ if (grub_get_time_ms () > endtime || ++ (dev->hba->ports[dev->port].intstatus & GRUB_AHCI_HBA_PORT_IS_FATAL_MASK)) + { + grub_dprintf ("ahci", "AHCI status <%x %x %x %x>\n", + dev->hba->ports[dev->port].command_issue, +@@ -1034,7 +1049,10 @@ grub_ahci_readwrite_real (struct grub_ahci_device *dev, + dev->hba->ports[dev->port].intstatus, + dev->hba->ports[dev->port].task_file_data); + dev->hba->ports[dev->port].command_issue = 0; +- err = grub_error (GRUB_ERR_IO, "AHCI transfer timed out"); ++ if (dev->hba->ports[dev->port].intstatus & GRUB_AHCI_HBA_PORT_IS_FATAL_MASK) ++ err = grub_error (GRUB_ERR_IO, "AHCI transfer error"); ++ else ++ err = grub_error (GRUB_ERR_IO, "AHCI transfer timed out"); + if (!reset) + grub_ahci_reset_port (dev, 1); + break; +diff --git a/grub-core/disk/ldm.c b/grub-core/disk/ldm.c +index 0f978ad05079c9535d7ef9bb16462c7d7adeb80e..2a22d2d6c1c3121ec889f33f2aaaf3077723a6c1 100644 +--- a/grub-core/disk/ldm.c ++++ b/grub-core/disk/ldm.c +@@ -135,7 +135,7 @@ msdos_has_ldm_partition (grub_disk_t dsk) + return has_ldm; + } + +-static const grub_gpt_part_type_t ldm_type = GRUB_GPT_PARTITION_TYPE_LDM; ++static const grub_gpt_part_guid_t ldm_type = GRUB_GPT_PARTITION_TYPE_LDM; + + /* Helper for gpt_ldm_sector. */ + static int +diff --git a/grub-core/efiemu/i386/loadcore64.c b/grub-core/efiemu/i386/loadcore64.c +index e49d0b6ff17e02e22e09b306d0a6a32a3b083b78..18facf47fd7678007deb730fb71256edff6292ad 100644 +--- a/grub-core/efiemu/i386/loadcore64.c ++++ b/grub-core/efiemu/i386/loadcore64.c +@@ -98,6 +98,7 @@ grub_arch_efiemu_relocate_symbols64 (grub_efiemu_segment_t segs, + break; + + case R_X86_64_PC32: ++ case R_X86_64_PLT32: + err = grub_efiemu_write_value (addr, + *addr32 + rel->r_addend + + sym.off +diff --git a/grub-core/fs/btrfs.c b/grub-core/fs/btrfs.c +index 4849c1ceb6533c1b19eb64d754d45d44282b5acb..be195448dbeb55abcfb117723cd2fc6d75e6e344 100644 +--- a/grub-core/fs/btrfs.c ++++ b/grub-core/fs/btrfs.c +@@ -175,7 +175,7 @@ struct grub_btrfs_time + { + grub_int64_t sec; + grub_uint32_t nanosec; +-} __attribute__ ((aligned (4))); ++} GRUB_PACKED; + + struct grub_btrfs_inode + { +diff --git a/grub-core/fs/ext2.c b/grub-core/fs/ext2.c +index cdce63bcc9d57e82b7a4f6a644803a1d8320935d..b8ad75a0ff7c4f72b67bef123510d99231531daf 100644 +--- a/grub-core/fs/ext2.c ++++ b/grub-core/fs/ext2.c +@@ -102,6 +102,7 @@ GRUB_MOD_LICENSE ("GPLv3+"); + #define EXT4_FEATURE_INCOMPAT_64BIT 0x0080 + #define EXT4_FEATURE_INCOMPAT_MMP 0x0100 + #define EXT4_FEATURE_INCOMPAT_FLEX_BG 0x0200 ++#define EXT4_FEATURE_INCOMPAT_ENCRYPT 0x10000 + + /* The set of back-incompatible features this driver DOES support. Add (OR) + * flags here as the related features are implemented into the driver. */ +@@ -109,7 +110,8 @@ GRUB_MOD_LICENSE ("GPLv3+"); + | EXT4_FEATURE_INCOMPAT_EXTENTS \ + | EXT4_FEATURE_INCOMPAT_FLEX_BG \ + | EXT2_FEATURE_INCOMPAT_META_BG \ +- | EXT4_FEATURE_INCOMPAT_64BIT) ++ | EXT4_FEATURE_INCOMPAT_64BIT \ ++ | EXT4_FEATURE_INCOMPAT_ENCRYPT) + /* List of rationales for the ignored "incompatible" features: + * needs_recovery: Not really back-incompatible - was added as such to forbid + * ext2 drivers from mounting an ext3 volume with a dirty +@@ -138,6 +140,7 @@ GRUB_MOD_LICENSE ("GPLv3+"); + #define EXT3_JOURNAL_FLAG_DELETED 4 + #define EXT3_JOURNAL_FLAG_LAST_TAG 8 + ++#define EXT4_ENCRYPT_FLAG 0x800 + #define EXT4_EXTENTS_FLAG 0x80000 + + /* The ext2 superblock. */ +@@ -706,6 +709,12 @@ grub_ext2_read_symlink (grub_fshelp_node_t node) + grub_ext2_read_inode (diro->data, diro->ino, &diro->inode); + if (grub_errno) + return 0; ++ ++ if (diro->inode.flags & grub_cpu_to_le32_compile_time (EXT4_ENCRYPT_FLAG)) ++ { ++ grub_error (GRUB_ERR_NOT_IMPLEMENTED_YET, "symlink is encrypted"); ++ return 0; ++ } + } + + symlink = grub_malloc (grub_le_to_cpu32 (diro->inode.size) + 1); +@@ -749,6 +758,12 @@ grub_ext2_iterate_dir (grub_fshelp_node_t dir, + return 0; + } + ++ if (diro->inode.flags & grub_cpu_to_le32_compile_time (EXT4_ENCRYPT_FLAG)) ++ { ++ grub_error (GRUB_ERR_NOT_IMPLEMENTED_YET, "directory is encrypted"); ++ return 0; ++ } ++ + /* Search the file. */ + while (fpos < grub_le_to_cpu32 (diro->inode.size)) + { +@@ -859,6 +874,12 @@ grub_ext2_open (struct grub_file *file, const char *name) + goto fail; + } + ++ if (fdiro->inode.flags & grub_cpu_to_le32_compile_time (EXT4_ENCRYPT_FLAG)) ++ { ++ err = grub_error (GRUB_ERR_NOT_IMPLEMENTED_YET, "file is encrypted"); ++ goto fail; ++ } ++ + grub_memcpy (data->inode, &fdiro->inode, sizeof (struct grub_ext2_inode)); + grub_free (fdiro); + +diff --git a/grub-core/fs/f2fs.c b/grub-core/fs/f2fs.c +new file mode 100644 +index 0000000000000000000000000000000000000000..1cad2615f3c9e65e57a12d18b76f4ecc1caa31d8 +--- /dev/null ++++ b/grub-core/fs/f2fs.c +@@ -0,0 +1,1314 @@ ++/* ++ * f2fs.c - Flash-Friendly File System ++ * ++ * Written by Jaegeuk Kim ++ * ++ * Copyright (C) 2015 Free Software Foundation, Inc. ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ */ ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++GRUB_MOD_LICENSE ("GPLv3+"); ++ ++/* F2FS Magic Number. */ ++#define F2FS_SUPER_MAGIC 0xf2f52010 ++ ++#define CHECKSUM_OFFSET 4092 /* Must be aligned 4 bytes. */ ++#define U32_CHECKSUM_OFFSET (CHECKSUM_OFFSET >> 2) ++#define CRCPOLY_LE 0xedb88320 ++ ++/* Byte-size offset. */ ++#define F2FS_SUPER_OFFSET ((grub_disk_addr_t)1024) ++#define F2FS_SUPER_OFFSET0 (F2FS_SUPER_OFFSET >> GRUB_DISK_SECTOR_BITS) ++#define F2FS_SUPER_OFFSET1 ((F2FS_SUPER_OFFSET + F2FS_BLKSIZE) >> \ ++ GRUB_DISK_SECTOR_BITS) ++ ++/* 9 bits for 512 bytes. */ ++#define F2FS_MIN_LOG_SECTOR_SIZE 9 ++ ++/* Support only 4KB block. */ ++#define F2FS_BLK_BITS 12 ++#define F2FS_BLKSIZE (1 << F2FS_BLK_BITS) ++#define F2FS_BLK_SEC_BITS (F2FS_BLK_BITS - GRUB_DISK_SECTOR_BITS) ++ ++#define VERSION_LEN 256 ++#define F2FS_MAX_EXTENSION 64 ++ ++#define CP_COMPACT_SUM_FLAG 0x00000004 ++#define CP_UMOUNT_FLAG 0x00000001 ++ ++#define MAX_ACTIVE_LOGS 16 ++#define MAX_ACTIVE_NODE_LOGS 8 ++#define MAX_ACTIVE_DATA_LOGS 8 ++#define NR_CURSEG_DATA_TYPE 3 ++#define NR_CURSEG_NODE_TYPE 3 ++#define NR_CURSEG_TYPE (NR_CURSEG_DATA_TYPE + NR_CURSEG_NODE_TYPE) ++ ++#define ENTRIES_IN_SUM 512 ++#define SUMMARY_SIZE 7 ++#define SUM_FOOTER_SIZE 5 ++#define JENTRY_SIZE (sizeof(struct grub_f2fs_nat_jent)) ++#define SUM_ENTRIES_SIZE (SUMMARY_SIZE * ENTRIES_IN_SUM) ++#define SUM_JOURNAL_SIZE (F2FS_BLKSIZE - SUM_FOOTER_SIZE - SUM_ENTRIES_SIZE) ++#define NAT_JOURNAL_ENTRIES ((SUM_JOURNAL_SIZE - 2) / JENTRY_SIZE) ++#define NAT_JOURNAL_RESERVED ((SUM_JOURNAL_SIZE - 2) % JENTRY_SIZE) ++ ++#define NAT_ENTRY_SIZE (sizeof(struct grub_f2fs_nat_entry)) ++#define NAT_ENTRY_PER_BLOCK (F2FS_BLKSIZE / NAT_ENTRY_SIZE) ++ ++#define F2FS_NAME_LEN 255 ++#define F2FS_SLOT_LEN 8 ++#define NR_DENTRY_IN_BLOCK 214 ++#define SIZE_OF_DIR_ENTRY 11 /* By byte. */ ++#define BITS_PER_BYTE 8 ++#define SIZE_OF_DENTRY_BITMAP ((NR_DENTRY_IN_BLOCK + BITS_PER_BYTE - 1) / \ ++ BITS_PER_BYTE) ++#define SIZE_OF_RESERVED (F2FS_BLKSIZE - \ ++ ((SIZE_OF_DIR_ENTRY + F2FS_SLOT_LEN) * \ ++ NR_DENTRY_IN_BLOCK + SIZE_OF_DENTRY_BITMAP)) ++ ++#define F2FS_INLINE_XATTR_ADDRS 50 /* 200 bytes for inline xattrs. */ ++#define DEF_ADDRS_PER_INODE 923 /* Address Pointers in an Inode. */ ++ ++#define ADDRS_PER_BLOCK 1018 /* Address Pointers in a Direct Block. */ ++#define NIDS_PER_BLOCK 1018 /* Node IDs in an Indirect Block. */ ++#define NODE_DIR1_BLOCK (DEF_ADDRS_PER_INODE + 1) ++#define NODE_DIR2_BLOCK (DEF_ADDRS_PER_INODE + 2) ++#define NODE_IND1_BLOCK (DEF_ADDRS_PER_INODE + 3) ++#define NODE_IND2_BLOCK (DEF_ADDRS_PER_INODE + 4) ++#define NODE_DIND_BLOCK (DEF_ADDRS_PER_INODE + 5) ++ ++#define MAX_INLINE_DATA (4 * (DEF_ADDRS_PER_INODE - \ ++ F2FS_INLINE_XATTR_ADDRS - 1)) ++#define NR_INLINE_DENTRY (MAX_INLINE_DATA * BITS_PER_BYTE / \ ++ ((SIZE_OF_DIR_ENTRY + F2FS_SLOT_LEN) * \ ++ BITS_PER_BYTE + 1)) ++#define INLINE_DENTRY_BITMAP_SIZE ((NR_INLINE_DENTRY + BITS_PER_BYTE - 1) / \ ++ BITS_PER_BYTE) ++#define INLINE_RESERVED_SIZE (MAX_INLINE_DATA - \ ++ ((SIZE_OF_DIR_ENTRY + F2FS_SLOT_LEN) * \ ++ NR_INLINE_DENTRY + \ ++ INLINE_DENTRY_BITMAP_SIZE)) ++#define CURSEG_HOT_DATA 0 ++ ++#define CKPT_FLAG_SET(ckpt, f) (ckpt)->ckpt_flags & \ ++ grub_cpu_to_le32_compile_time (f) ++ ++#define F2FS_INLINE_XATTR 0x01 /* File inline xattr flag. */ ++#define F2FS_INLINE_DATA 0x02 /* File inline data flag. */ ++#define F2FS_INLINE_DENTRY 0x04 /* File inline dentry flag. */ ++#define F2FS_DATA_EXIST 0x08 /* File inline data exist flag. */ ++#define F2FS_INLINE_DOTS 0x10 /* File having implicit dot dentries. */ ++ ++#define MAX_VOLUME_NAME 512 ++ ++enum FILE_TYPE ++{ ++ F2FS_FT_UNKNOWN, ++ F2FS_FT_REG_FILE = 1, ++ F2FS_FT_DIR = 2, ++ F2FS_FT_SYMLINK = 7 ++}; ++ ++struct grub_f2fs_superblock ++{ ++ grub_uint32_t magic; ++ grub_uint16_t dummy1[2]; ++ grub_uint32_t log_sectorsize; ++ grub_uint32_t log_sectors_per_block; ++ grub_uint32_t log_blocksize; ++ grub_uint32_t log_blocks_per_seg; ++ grub_uint32_t segs_per_sec; ++ grub_uint32_t secs_per_zone; ++ grub_uint32_t checksum_offset; ++ grub_uint8_t dummy2[40]; ++ grub_uint32_t cp_blkaddr; ++ grub_uint32_t sit_blkaddr; ++ grub_uint32_t nat_blkaddr; ++ grub_uint32_t ssa_blkaddr; ++ grub_uint32_t main_blkaddr; ++ grub_uint32_t root_ino; ++ grub_uint32_t node_ino; ++ grub_uint32_t meta_ino; ++ grub_uint8_t uuid[16]; ++ grub_uint16_t volume_name[MAX_VOLUME_NAME]; ++ grub_uint32_t extension_count; ++ grub_uint8_t extension_list[F2FS_MAX_EXTENSION][8]; ++ grub_uint32_t cp_payload; ++ grub_uint8_t version[VERSION_LEN]; ++ grub_uint8_t init_version[VERSION_LEN]; ++} GRUB_PACKED; ++ ++struct grub_f2fs_checkpoint ++{ ++ grub_uint64_t checkpoint_ver; ++ grub_uint64_t user_block_count; ++ grub_uint64_t valid_block_count; ++ grub_uint32_t rsvd_segment_count; ++ grub_uint32_t overprov_segment_count; ++ grub_uint32_t free_segment_count; ++ grub_uint32_t cur_node_segno[MAX_ACTIVE_NODE_LOGS]; ++ grub_uint16_t cur_node_blkoff[MAX_ACTIVE_NODE_LOGS]; ++ grub_uint32_t cur_data_segno[MAX_ACTIVE_DATA_LOGS]; ++ grub_uint16_t cur_data_blkoff[MAX_ACTIVE_DATA_LOGS]; ++ grub_uint32_t ckpt_flags; ++ grub_uint32_t cp_pack_total_block_count; ++ grub_uint32_t cp_pack_start_sum; ++ grub_uint32_t valid_node_count; ++ grub_uint32_t valid_inode_count; ++ grub_uint32_t next_free_nid; ++ grub_uint32_t sit_ver_bitmap_bytesize; ++ grub_uint32_t nat_ver_bitmap_bytesize; ++ grub_uint32_t checksum_offset; ++ grub_uint64_t elapsed_time; ++ grub_uint8_t alloc_type[MAX_ACTIVE_LOGS]; ++ grub_uint8_t sit_nat_version_bitmap[3900]; ++ grub_uint32_t checksum; ++} GRUB_PACKED; ++ ++struct grub_f2fs_nat_entry { ++ grub_uint8_t version; ++ grub_uint32_t ino; ++ grub_uint32_t block_addr; ++} GRUB_PACKED; ++ ++struct grub_f2fs_nat_jent ++{ ++ grub_uint32_t nid; ++ struct grub_f2fs_nat_entry ne; ++} GRUB_PACKED; ++ ++struct grub_f2fs_nat_journal { ++ grub_uint16_t n_nats; ++ struct grub_f2fs_nat_jent entries[NAT_JOURNAL_ENTRIES]; ++ grub_uint8_t reserved[NAT_JOURNAL_RESERVED]; ++} GRUB_PACKED; ++ ++struct grub_f2fs_nat_block { ++ struct grub_f2fs_nat_entry ne[NAT_ENTRY_PER_BLOCK]; ++} GRUB_PACKED; ++ ++struct grub_f2fs_dir_entry ++{ ++ grub_uint32_t hash_code; ++ grub_uint32_t ino; ++ grub_uint16_t name_len; ++ grub_uint8_t file_type; ++} GRUB_PACKED; ++ ++struct grub_f2fs_inline_dentry ++{ ++ grub_uint8_t dentry_bitmap[INLINE_DENTRY_BITMAP_SIZE]; ++ grub_uint8_t reserved[INLINE_RESERVED_SIZE]; ++ struct grub_f2fs_dir_entry dentry[NR_INLINE_DENTRY]; ++ grub_uint8_t filename[NR_INLINE_DENTRY][F2FS_SLOT_LEN]; ++} GRUB_PACKED; ++ ++struct grub_f2fs_dentry_block { ++ grub_uint8_t dentry_bitmap[SIZE_OF_DENTRY_BITMAP]; ++ grub_uint8_t reserved[SIZE_OF_RESERVED]; ++ struct grub_f2fs_dir_entry dentry[NR_DENTRY_IN_BLOCK]; ++ grub_uint8_t filename[NR_DENTRY_IN_BLOCK][F2FS_SLOT_LEN]; ++} GRUB_PACKED; ++ ++struct grub_f2fs_inode ++{ ++ grub_uint16_t i_mode; ++ grub_uint8_t i_advise; ++ grub_uint8_t i_inline; ++ grub_uint32_t i_uid; ++ grub_uint32_t i_gid; ++ grub_uint32_t i_links; ++ grub_uint64_t i_size; ++ grub_uint64_t i_blocks; ++ grub_uint64_t i_atime; ++ grub_uint64_t i_ctime; ++ grub_uint64_t i_mtime; ++ grub_uint32_t i_atime_nsec; ++ grub_uint32_t i_ctime_nsec; ++ grub_uint32_t i_mtime_nsec; ++ grub_uint32_t i_generation; ++ grub_uint32_t i_current_depth; ++ grub_uint32_t i_xattr_nid; ++ grub_uint32_t i_flags; ++ grub_uint32_t i_pino; ++ grub_uint32_t i_namelen; ++ grub_uint8_t i_name[F2FS_NAME_LEN]; ++ grub_uint8_t i_dir_level; ++ grub_uint8_t i_ext[12]; ++ grub_uint32_t i_addr[DEF_ADDRS_PER_INODE]; ++ grub_uint32_t i_nid[5]; ++} GRUB_PACKED; ++ ++struct grub_direct_node { ++ grub_uint32_t addr[ADDRS_PER_BLOCK]; ++} GRUB_PACKED; ++ ++struct grub_indirect_node { ++ grub_uint32_t nid[NIDS_PER_BLOCK]; ++} GRUB_PACKED; ++ ++struct grub_f2fs_node ++{ ++ union ++ { ++ struct grub_f2fs_inode i; ++ struct grub_direct_node dn; ++ struct grub_indirect_node in; ++ /* Should occupy F2FS_BLKSIZE totally. */ ++ char buf[F2FS_BLKSIZE - 40]; ++ }; ++ grub_uint8_t dummy[40]; ++} GRUB_PACKED; ++ ++struct grub_fshelp_node ++{ ++ struct grub_f2fs_data *data; ++ struct grub_f2fs_node inode; ++ grub_uint32_t ino; ++ int inode_read; ++}; ++ ++struct grub_f2fs_data ++{ ++ struct grub_f2fs_superblock sblock; ++ struct grub_f2fs_checkpoint ckpt; ++ ++ grub_uint32_t root_ino; ++ grub_uint32_t blocks_per_seg; ++ grub_uint32_t cp_blkaddr; ++ grub_uint32_t nat_blkaddr; ++ ++ struct grub_f2fs_nat_journal nat_j; ++ char *nat_bitmap; ++ ++ grub_disk_t disk; ++ struct grub_f2fs_node *inode; ++ struct grub_fshelp_node diropen; ++}; ++ ++struct grub_f2fs_dir_iter_ctx ++{ ++ struct grub_f2fs_data *data; ++ grub_fshelp_iterate_dir_hook_t hook; ++ void *hook_data; ++ grub_uint8_t *bitmap; ++ grub_uint8_t (*filename)[F2FS_SLOT_LEN]; ++ struct grub_f2fs_dir_entry *dentry; ++ int max; ++}; ++ ++struct grub_f2fs_dir_ctx ++{ ++ grub_fs_dir_hook_t hook; ++ void *hook_data; ++ struct grub_f2fs_data *data; ++}; ++ ++static grub_dl_t my_mod; ++ ++static int ++grub_f2fs_test_bit_le (int nr, const grub_uint8_t *addr) ++{ ++ return addr[nr >> 3] & (1 << (nr & 7)); ++} ++ ++static char * ++get_inline_addr (struct grub_f2fs_inode *inode) ++{ ++ return (char *) &inode->i_addr[1]; ++} ++ ++static grub_uint64_t ++grub_f2fs_file_size (struct grub_f2fs_inode *inode) ++{ ++ return grub_le_to_cpu64 (inode->i_size); ++} ++ ++static grub_uint32_t ++start_cp_addr (struct grub_f2fs_data *data) ++{ ++ struct grub_f2fs_checkpoint *ckpt = &data->ckpt; ++ grub_uint32_t start_addr = data->cp_blkaddr; ++ ++ if (!(ckpt->checkpoint_ver & grub_cpu_to_le64_compile_time(1))) ++ return start_addr + data->blocks_per_seg; ++ ++ return start_addr; ++} ++ ++static grub_uint32_t ++start_sum_block (struct grub_f2fs_data *data) ++{ ++ struct grub_f2fs_checkpoint *ckpt = &data->ckpt; ++ ++ return start_cp_addr (data) + grub_le_to_cpu32 (ckpt->cp_pack_start_sum); ++} ++ ++static grub_uint32_t ++sum_blk_addr (struct grub_f2fs_data *data, int base, int type) ++{ ++ struct grub_f2fs_checkpoint *ckpt = &data->ckpt; ++ ++ return start_cp_addr (data) + ++ grub_le_to_cpu32 (ckpt->cp_pack_total_block_count) - ++ (base + 1) + type; ++} ++ ++static void * ++nat_bitmap_ptr (struct grub_f2fs_data *data) ++{ ++ struct grub_f2fs_checkpoint *ckpt = &data->ckpt; ++ grub_uint32_t offset; ++ ++ if (grub_le_to_cpu32 (data->sblock.cp_payload) > 0) ++ return ckpt->sit_nat_version_bitmap; ++ ++ offset = grub_le_to_cpu32 (ckpt->sit_ver_bitmap_bytesize); ++ ++ return ckpt->sit_nat_version_bitmap + offset; ++} ++ ++static grub_uint32_t ++get_node_id (struct grub_f2fs_node *rn, int off, int inode_block) ++{ ++ if (inode_block) ++ return grub_le_to_cpu32 (rn->i.i_nid[off - NODE_DIR1_BLOCK]); ++ ++ return grub_le_to_cpu32 (rn->in.nid[off]); ++} ++ ++static grub_err_t ++grub_f2fs_block_read (struct grub_f2fs_data *data, grub_uint32_t blkaddr, ++ void *buf) ++{ ++ return grub_disk_read (data->disk, ++ ((grub_disk_addr_t)blkaddr) << F2FS_BLK_SEC_BITS, ++ 0, F2FS_BLKSIZE, buf); ++} ++ ++/* CRC32 */ ++static grub_uint32_t ++grub_f2fs_cal_crc32 (const void *buf, const grub_uint32_t len) ++{ ++ grub_uint32_t crc = F2FS_SUPER_MAGIC; ++ unsigned char *p = (unsigned char *)buf; ++ grub_uint32_t tmp = len; ++ int i; ++ ++ while (tmp--) ++ { ++ crc ^= *p++; ++ for (i = 0; i < 8; i++) ++ crc = (crc >> 1) ^ ((crc & 1) ? CRCPOLY_LE : 0); ++ } ++ ++ return crc; ++} ++ ++static int ++grub_f2fs_crc_valid (grub_uint32_t blk_crc, void *buf, const grub_uint32_t len) ++{ ++ grub_uint32_t cal_crc = 0; ++ ++ cal_crc = grub_f2fs_cal_crc32 (buf, len); ++ ++ return (cal_crc == blk_crc) ? 1 : 0; ++} ++ ++static int ++grub_f2fs_test_bit (grub_uint32_t nr, const char *p) ++{ ++ int mask; ++ ++ p += (nr >> 3); ++ mask = 1 << (7 - (nr & 0x07)); ++ ++ return mask & *p; ++} ++ ++static int ++grub_f2fs_sanity_check_sb (struct grub_f2fs_superblock *sb) ++{ ++ grub_uint32_t log_sectorsize, log_sectors_per_block; ++ ++ if (sb->magic != grub_cpu_to_le32_compile_time (F2FS_SUPER_MAGIC)) ++ return -1; ++ ++ if (sb->log_blocksize != grub_cpu_to_le32_compile_time (F2FS_BLK_BITS)) ++ return -1; ++ ++ log_sectorsize = grub_le_to_cpu32 (sb->log_sectorsize); ++ log_sectors_per_block = grub_le_to_cpu32 (sb->log_sectors_per_block); ++ ++ if (log_sectorsize > F2FS_BLK_BITS) ++ return -1; ++ ++ if (log_sectorsize < F2FS_MIN_LOG_SECTOR_SIZE) ++ return -1; ++ ++ if (log_sectors_per_block + log_sectorsize != F2FS_BLK_BITS) ++ return -1; ++ ++ return 0; ++} ++ ++static int ++grub_f2fs_read_sb (struct grub_f2fs_data *data, grub_disk_addr_t offset) ++{ ++ grub_disk_t disk = data->disk; ++ grub_err_t err; ++ ++ /* Read first super block. */ ++ err = grub_disk_read (disk, offset, 0, sizeof (data->sblock), &data->sblock); ++ if (err) ++ return -1; ++ ++ return grub_f2fs_sanity_check_sb (&data->sblock); ++} ++ ++static void * ++validate_checkpoint (struct grub_f2fs_data *data, grub_uint32_t cp_addr, ++ grub_uint64_t *version) ++{ ++ grub_uint32_t *cp_page_1, *cp_page_2; ++ struct grub_f2fs_checkpoint *cp_block; ++ grub_uint64_t cur_version = 0, pre_version = 0; ++ grub_uint32_t crc = 0; ++ grub_uint32_t crc_offset; ++ grub_err_t err; ++ ++ /* Read the 1st cp block in this CP pack. */ ++ cp_page_1 = grub_malloc (F2FS_BLKSIZE); ++ if (!cp_page_1) ++ return NULL; ++ ++ err = grub_f2fs_block_read (data, cp_addr, cp_page_1); ++ if (err) ++ goto invalid_cp1; ++ ++ cp_block = (struct grub_f2fs_checkpoint *)cp_page_1; ++ crc_offset = grub_le_to_cpu32 (cp_block->checksum_offset); ++ if (crc_offset != CHECKSUM_OFFSET) ++ goto invalid_cp1; ++ ++ crc = grub_le_to_cpu32 (*(cp_page_1 + U32_CHECKSUM_OFFSET)); ++ if (!grub_f2fs_crc_valid (crc, cp_block, crc_offset)) ++ goto invalid_cp1; ++ ++ pre_version = grub_le_to_cpu64 (cp_block->checkpoint_ver); ++ ++ /* Read the 2nd cp block in this CP pack. */ ++ cp_page_2 = grub_malloc (F2FS_BLKSIZE); ++ if (!cp_page_2) ++ goto invalid_cp1; ++ ++ cp_addr += grub_le_to_cpu32 (cp_block->cp_pack_total_block_count) - 1; ++ ++ err = grub_f2fs_block_read (data, cp_addr, cp_page_2); ++ if (err) ++ goto invalid_cp2; ++ ++ cp_block = (struct grub_f2fs_checkpoint *)cp_page_2; ++ crc_offset = grub_le_to_cpu32 (cp_block->checksum_offset); ++ if (crc_offset != CHECKSUM_OFFSET) ++ goto invalid_cp2; ++ ++ crc = grub_le_to_cpu32 (*(cp_page_2 + U32_CHECKSUM_OFFSET)); ++ if (!grub_f2fs_crc_valid (crc, cp_block, crc_offset)) ++ goto invalid_cp2; ++ ++ cur_version = grub_le_to_cpu64 (cp_block->checkpoint_ver); ++ if (cur_version == pre_version) ++ { ++ *version = cur_version; ++ grub_free (cp_page_2); ++ ++ return cp_page_1; ++ } ++ ++ invalid_cp2: ++ grub_free (cp_page_2); ++ ++ invalid_cp1: ++ grub_free (cp_page_1); ++ ++ return NULL; ++} ++ ++static grub_err_t ++grub_f2fs_read_cp (struct grub_f2fs_data *data) ++{ ++ void *cp1, *cp2, *cur_page; ++ grub_uint64_t cp1_version = 0, cp2_version = 0; ++ grub_uint64_t cp_start_blk_no; ++ ++ /* ++ * Finding out valid cp block involves read both ++ * sets (cp pack1 and cp pack 2). ++ */ ++ cp_start_blk_no = data->cp_blkaddr; ++ cp1 = validate_checkpoint (data, cp_start_blk_no, &cp1_version); ++ if (!cp1 && grub_errno) ++ return grub_errno; ++ ++ /* The second checkpoint pack should start at the next segment. */ ++ cp_start_blk_no += data->blocks_per_seg; ++ cp2 = validate_checkpoint (data, cp_start_blk_no, &cp2_version); ++ if (!cp2 && grub_errno) ++ { ++ grub_free (cp1); ++ return grub_errno; ++ } ++ ++ if (cp1 && cp2) ++ cur_page = (cp2_version > cp1_version) ? cp2 : cp1; ++ else if (cp1) ++ cur_page = cp1; ++ else if (cp2) ++ cur_page = cp2; ++ else ++ return grub_error (GRUB_ERR_BAD_FS, "no checkpoints"); ++ ++ grub_memcpy (&data->ckpt, cur_page, F2FS_BLKSIZE); ++ ++ grub_free (cp1); ++ grub_free (cp2); ++ ++ return 0; ++} ++ ++static grub_err_t ++get_nat_journal (struct grub_f2fs_data *data) ++{ ++ grub_uint32_t block; ++ char *buf; ++ grub_err_t err; ++ ++ buf = grub_malloc (F2FS_BLKSIZE); ++ if (!buf) ++ return grub_errno; ++ ++ if (CKPT_FLAG_SET(&data->ckpt, CP_COMPACT_SUM_FLAG)) ++ block = start_sum_block (data); ++ else if (CKPT_FLAG_SET (&data->ckpt, CP_UMOUNT_FLAG)) ++ block = sum_blk_addr (data, NR_CURSEG_TYPE, CURSEG_HOT_DATA); ++ else ++ block = sum_blk_addr (data, NR_CURSEG_DATA_TYPE, CURSEG_HOT_DATA); ++ ++ err = grub_f2fs_block_read (data, block, buf); ++ if (err) ++ goto fail; ++ ++ if (CKPT_FLAG_SET (&data->ckpt, CP_COMPACT_SUM_FLAG)) ++ grub_memcpy (&data->nat_j, buf, SUM_JOURNAL_SIZE); ++ else ++ grub_memcpy (&data->nat_j, buf + SUM_ENTRIES_SIZE, SUM_JOURNAL_SIZE); ++ ++ fail: ++ grub_free (buf); ++ ++ return err; ++} ++ ++static grub_uint32_t ++get_blkaddr_from_nat_journal (struct grub_f2fs_data *data, grub_uint32_t nid) ++{ ++ grub_uint16_t n = grub_le_to_cpu16 (data->nat_j.n_nats); ++ grub_uint32_t blkaddr = 0; ++ grub_uint16_t i; ++ ++ for (i = 0; i < n; i++) ++ { ++ if (grub_le_to_cpu32 (data->nat_j.entries[i].nid) == nid) ++ { ++ blkaddr = grub_le_to_cpu32 (data->nat_j.entries[i].ne.block_addr); ++ break; ++ } ++ } ++ ++ return blkaddr; ++} ++ ++static grub_uint32_t ++get_node_blkaddr (struct grub_f2fs_data *data, grub_uint32_t nid) ++{ ++ struct grub_f2fs_nat_block *nat_block; ++ grub_uint32_t seg_off, block_off, entry_off, block_addr; ++ grub_uint32_t blkaddr; ++ grub_err_t err; ++ ++ blkaddr = get_blkaddr_from_nat_journal (data, nid); ++ if (blkaddr) ++ return blkaddr; ++ ++ nat_block = grub_malloc (F2FS_BLKSIZE); ++ if (!nat_block) ++ return 0; ++ ++ block_off = nid / NAT_ENTRY_PER_BLOCK; ++ entry_off = nid % NAT_ENTRY_PER_BLOCK; ++ ++ seg_off = block_off / data->blocks_per_seg; ++ block_addr = data->nat_blkaddr + ++ ((seg_off * data->blocks_per_seg) << 1) + ++ (block_off & (data->blocks_per_seg - 1)); ++ ++ if (grub_f2fs_test_bit (block_off, data->nat_bitmap)) ++ block_addr += data->blocks_per_seg; ++ ++ err = grub_f2fs_block_read (data, block_addr, nat_block); ++ if (err) ++ { ++ grub_free (nat_block); ++ return 0; ++ } ++ ++ blkaddr = grub_le_to_cpu32 (nat_block->ne[entry_off].block_addr); ++ ++ grub_free (nat_block); ++ ++ return blkaddr; ++} ++ ++static int ++grub_get_node_path (struct grub_f2fs_inode *inode, grub_uint32_t block, ++ grub_uint32_t offset[4], grub_uint32_t noffset[4]) ++{ ++ grub_uint32_t direct_blks = ADDRS_PER_BLOCK; ++ grub_uint32_t dptrs_per_blk = NIDS_PER_BLOCK; ++ grub_uint32_t indirect_blks = ADDRS_PER_BLOCK * NIDS_PER_BLOCK; ++ grub_uint32_t dindirect_blks = indirect_blks * NIDS_PER_BLOCK; ++ grub_uint32_t direct_index = DEF_ADDRS_PER_INODE; ++ int n = 0; ++ int level = 0; ++ ++ if (inode->i_inline & F2FS_INLINE_XATTR) ++ direct_index -= F2FS_INLINE_XATTR_ADDRS; ++ ++ noffset[0] = 0; ++ ++ if (block < direct_index) ++ { ++ offset[n] = block; ++ goto got; ++ } ++ ++ block -= direct_index; ++ if (block < direct_blks) ++ { ++ offset[n++] = NODE_DIR1_BLOCK; ++ noffset[n] = 1; ++ offset[n] = block; ++ level = 1; ++ goto got; ++ } ++ ++ block -= direct_blks; ++ if (block < direct_blks) ++ { ++ offset[n++] = NODE_DIR2_BLOCK; ++ noffset[n] = 2; ++ offset[n] = block; ++ level = 1; ++ goto got; ++ } ++ ++ block -= direct_blks; ++ if (block < indirect_blks) ++ { ++ offset[n++] = NODE_IND1_BLOCK; ++ noffset[n] = 3; ++ offset[n++] = block / direct_blks; ++ noffset[n] = 4 + offset[n - 1]; ++ offset[n] = block % direct_blks; ++ level = 2; ++ goto got; ++ } ++ ++ block -= indirect_blks; ++ if (block < indirect_blks) ++ { ++ offset[n++] = NODE_IND2_BLOCK; ++ noffset[n] = 4 + dptrs_per_blk; ++ offset[n++] = block / direct_blks; ++ noffset[n] = 5 + dptrs_per_blk + offset[n - 1]; ++ offset[n] = block % direct_blks; ++ level = 2; ++ goto got; ++ } ++ ++ block -= indirect_blks; ++ if (block < dindirect_blks) ++ { ++ offset[n++] = NODE_DIND_BLOCK; ++ noffset[n] = 5 + (dptrs_per_blk * 2); ++ offset[n++] = block / indirect_blks; ++ noffset[n] = 6 + (dptrs_per_blk * 2) + ++ offset[n - 1] * (dptrs_per_blk + 1); ++ offset[n++] = (block / direct_blks) % dptrs_per_blk; ++ noffset[n] = 7 + (dptrs_per_blk * 2) + ++ offset[n - 2] * (dptrs_per_blk + 1) + offset[n - 1]; ++ offset[n] = block % direct_blks; ++ level = 3; ++ goto got; ++ } ++ ++ got: ++ return level; ++} ++ ++static grub_err_t ++grub_f2fs_read_node (struct grub_f2fs_data *data, ++ grub_uint32_t nid, struct grub_f2fs_node *np) ++{ ++ grub_uint32_t blkaddr; ++ ++ blkaddr = get_node_blkaddr (data, nid); ++ if (!blkaddr) ++ return grub_errno; ++ ++ return grub_f2fs_block_read (data, blkaddr, np); ++} ++ ++static struct grub_f2fs_data * ++grub_f2fs_mount (grub_disk_t disk) ++{ ++ struct grub_f2fs_data *data; ++ grub_err_t err; ++ ++ data = grub_malloc (sizeof (*data)); ++ if (!data) ++ return NULL; ++ ++ data->disk = disk; ++ ++ if (grub_f2fs_read_sb (data, F2FS_SUPER_OFFSET0)) ++ { ++ if (grub_f2fs_read_sb (data, F2FS_SUPER_OFFSET1)) ++ { ++ if (grub_errno == GRUB_ERR_NONE) ++ grub_error (GRUB_ERR_BAD_FS, ++ "not a F2FS filesystem (no superblock)"); ++ goto fail; ++ } ++ } ++ ++ data->root_ino = grub_le_to_cpu32 (data->sblock.root_ino); ++ data->cp_blkaddr = grub_le_to_cpu32 (data->sblock.cp_blkaddr); ++ data->nat_blkaddr = grub_le_to_cpu32 (data->sblock.nat_blkaddr); ++ data->blocks_per_seg = 1 << ++ grub_le_to_cpu32 (data->sblock.log_blocks_per_seg); ++ ++ err = grub_f2fs_read_cp (data); ++ if (err) ++ goto fail; ++ ++ data->nat_bitmap = nat_bitmap_ptr (data); ++ ++ err = get_nat_journal (data); ++ if (err) ++ goto fail; ++ ++ data->diropen.data = data; ++ data->diropen.ino = data->root_ino; ++ data->diropen.inode_read = 1; ++ data->inode = &data->diropen.inode; ++ ++ err = grub_f2fs_read_node (data, data->root_ino, data->inode); ++ if (err) ++ goto fail; ++ ++ return data; ++ ++ fail: ++ grub_free (data); ++ ++ return NULL; ++} ++ ++/* Guarantee inline_data was handled by caller. */ ++static grub_disk_addr_t ++grub_f2fs_get_block (grub_fshelp_node_t node, grub_disk_addr_t block_ofs) ++{ ++ struct grub_f2fs_data *data = node->data; ++ struct grub_f2fs_inode *inode = &node->inode.i; ++ grub_uint32_t offset[4], noffset[4], nids[4]; ++ struct grub_f2fs_node *node_block; ++ grub_uint32_t block_addr = -1; ++ int level, i; ++ ++ level = grub_get_node_path (inode, block_ofs, offset, noffset); ++ if (level == 0) ++ return grub_le_to_cpu32 (inode->i_addr[offset[0]]); ++ ++ node_block = grub_malloc (F2FS_BLKSIZE); ++ if (!node_block) ++ return -1; ++ ++ nids[1] = get_node_id (&node->inode, offset[0], 1); ++ ++ /* Get indirect or direct nodes. */ ++ for (i = 1; i <= level; i++) ++ { ++ grub_f2fs_read_node (data, nids[i], node_block); ++ if (grub_errno) ++ goto fail; ++ ++ if (i < level) ++ nids[i + 1] = get_node_id (node_block, offset[i], 0); ++ } ++ ++ block_addr = grub_le_to_cpu32 (node_block->dn.addr[offset[level]]); ++ ++ fail: ++ grub_free (node_block); ++ ++ return block_addr; ++} ++ ++static grub_ssize_t ++grub_f2fs_read_file (grub_fshelp_node_t node, ++ grub_disk_read_hook_t read_hook, void *read_hook_data, ++ grub_off_t pos, grub_size_t len, char *buf) ++{ ++ struct grub_f2fs_inode *inode = &node->inode.i; ++ grub_off_t filesize = grub_f2fs_file_size (inode); ++ char *inline_addr = get_inline_addr (inode); ++ ++ if (inode->i_inline & F2FS_INLINE_DATA) ++ { ++ if (filesize > MAX_INLINE_DATA) ++ return -1; ++ ++ if (len > filesize - pos) ++ len = filesize - pos; ++ ++ grub_memcpy (buf, inline_addr + pos, len); ++ return len; ++ } ++ ++ return grub_fshelp_read_file (node->data->disk, node, ++ read_hook, read_hook_data, ++ pos, len, buf, grub_f2fs_get_block, ++ filesize, ++ F2FS_BLK_SEC_BITS, 0); ++} ++ ++static char * ++grub_f2fs_read_symlink (grub_fshelp_node_t node) ++{ ++ char *symlink; ++ struct grub_fshelp_node *diro = node; ++ grub_uint64_t filesize; ++ ++ if (!diro->inode_read) ++ { ++ grub_f2fs_read_node (diro->data, diro->ino, &diro->inode); ++ if (grub_errno) ++ return 0; ++ } ++ ++ filesize = grub_f2fs_file_size(&diro->inode.i); ++ ++ symlink = grub_malloc (filesize + 1); ++ if (!symlink) ++ return 0; ++ ++ grub_f2fs_read_file (diro, 0, 0, 0, filesize, symlink); ++ if (grub_errno) ++ { ++ grub_free (symlink); ++ return 0; ++ } ++ ++ symlink[filesize] = '\0'; ++ ++ return symlink; ++} ++ ++static int ++grub_f2fs_check_dentries (struct grub_f2fs_dir_iter_ctx *ctx) ++{ ++ struct grub_fshelp_node *fdiro; ++ int i; ++ ++ for (i = 0; i < ctx->max;) ++ { ++ char *filename; ++ enum grub_fshelp_filetype type = GRUB_FSHELP_UNKNOWN; ++ enum FILE_TYPE ftype; ++ int name_len; ++ int ret; ++ ++ if (grub_f2fs_test_bit_le (i, ctx->bitmap) == 0) ++ { ++ i++; ++ continue; ++ } ++ ++ ftype = ctx->dentry[i].file_type; ++ name_len = grub_le_to_cpu16 (ctx->dentry[i].name_len); ++ filename = grub_malloc (name_len + 1); ++ if (!filename) ++ return 0; ++ ++ grub_memcpy (filename, ctx->filename[i], name_len); ++ filename[name_len] = 0; ++ ++ fdiro = grub_malloc (sizeof (struct grub_fshelp_node)); ++ if (!fdiro) ++ { ++ grub_free(filename); ++ return 0; ++ } ++ ++ if (ftype == F2FS_FT_DIR) ++ type = GRUB_FSHELP_DIR; ++ else if (ftype == F2FS_FT_SYMLINK) ++ type = GRUB_FSHELP_SYMLINK; ++ else if (ftype == F2FS_FT_REG_FILE) ++ type = GRUB_FSHELP_REG; ++ ++ fdiro->data = ctx->data; ++ fdiro->ino = grub_le_to_cpu32 (ctx->dentry[i].ino); ++ fdiro->inode_read = 0; ++ ++ ret = ctx->hook (filename, type, fdiro, ctx->hook_data); ++ grub_free(filename); ++ if (ret) ++ return 1; ++ ++ i += (name_len + F2FS_SLOT_LEN - 1) / F2FS_SLOT_LEN; ++ } ++ ++ return 0; ++} ++ ++static int ++grub_f2fs_iterate_inline_dir (struct grub_f2fs_inode *dir, ++ struct grub_f2fs_dir_iter_ctx *ctx) ++{ ++ struct grub_f2fs_inline_dentry *de_blk; ++ ++ de_blk = (struct grub_f2fs_inline_dentry *) get_inline_addr (dir); ++ ++ ctx->bitmap = de_blk->dentry_bitmap; ++ ctx->dentry = de_blk->dentry; ++ ctx->filename = de_blk->filename; ++ ctx->max = NR_INLINE_DENTRY; ++ ++ return grub_f2fs_check_dentries (ctx); ++} ++ ++static int ++grub_f2fs_iterate_dir (grub_fshelp_node_t dir, ++ grub_fshelp_iterate_dir_hook_t hook, void *hook_data) ++{ ++ struct grub_fshelp_node *diro = (struct grub_fshelp_node *) dir; ++ struct grub_f2fs_inode *inode; ++ struct grub_f2fs_dir_iter_ctx ctx = { ++ .data = diro->data, ++ .hook = hook, ++ .hook_data = hook_data ++ }; ++ grub_off_t fpos = 0; ++ ++ if (!diro->inode_read) ++ { ++ grub_f2fs_read_node (diro->data, diro->ino, &diro->inode); ++ if (grub_errno) ++ return 0; ++ } ++ ++ inode = &diro->inode.i; ++ ++ if (inode->i_inline & F2FS_INLINE_DENTRY) ++ return grub_f2fs_iterate_inline_dir (inode, &ctx); ++ ++ while (fpos < grub_f2fs_file_size (inode)) ++ { ++ struct grub_f2fs_dentry_block *de_blk; ++ char *buf; ++ int ret; ++ ++ buf = grub_zalloc (F2FS_BLKSIZE); ++ if (!buf) ++ return 0; ++ ++ grub_f2fs_read_file (diro, 0, 0, fpos, F2FS_BLKSIZE, buf); ++ if (grub_errno) ++ { ++ grub_free (buf); ++ return 0; ++ } ++ ++ de_blk = (struct grub_f2fs_dentry_block *) buf; ++ ++ ctx.bitmap = de_blk->dentry_bitmap; ++ ctx.dentry = de_blk->dentry; ++ ctx.filename = de_blk->filename; ++ ctx.max = NR_DENTRY_IN_BLOCK; ++ ++ ret = grub_f2fs_check_dentries (&ctx); ++ grub_free (buf); ++ if (ret) ++ return 1; ++ ++ fpos += F2FS_BLKSIZE; ++ } ++ ++ return 0; ++} ++ ++static int ++grub_f2fs_dir_iter (const char *filename, enum grub_fshelp_filetype filetype, ++ grub_fshelp_node_t node, void *data) ++{ ++ struct grub_f2fs_dir_ctx *ctx = data; ++ struct grub_dirhook_info info; ++ ++ grub_memset (&info, 0, sizeof (info)); ++ if (!node->inode_read) ++ { ++ grub_f2fs_read_node (ctx->data, node->ino, &node->inode); ++ if (!grub_errno) ++ node->inode_read = 1; ++ grub_errno = GRUB_ERR_NONE; ++ } ++ if (node->inode_read) ++ { ++ info.mtimeset = 1; ++ info.mtime = grub_le_to_cpu64 (node->inode.i.i_mtime); ++ } ++ ++ info.dir = ((filetype & GRUB_FSHELP_TYPE_MASK) == GRUB_FSHELP_DIR); ++ grub_free (node); ++ ++ return ctx->hook (filename, &info, ctx->hook_data); ++} ++ ++static grub_err_t ++grub_f2fs_dir (grub_device_t device, const char *path, ++ grub_fs_dir_hook_t hook, void *hook_data) ++{ ++ struct grub_f2fs_dir_ctx ctx = { ++ .hook = hook, ++ .hook_data = hook_data ++ }; ++ struct grub_fshelp_node *fdiro = 0; ++ ++ grub_dl_ref (my_mod); ++ ++ ctx.data = grub_f2fs_mount (device->disk); ++ if (!ctx.data) ++ goto fail; ++ ++ grub_fshelp_find_file (path, &ctx.data->diropen, &fdiro, ++ grub_f2fs_iterate_dir, grub_f2fs_read_symlink, ++ GRUB_FSHELP_DIR); ++ if (grub_errno) ++ goto fail; ++ ++ grub_f2fs_iterate_dir (fdiro, grub_f2fs_dir_iter, &ctx); ++ ++ fail: ++ if (fdiro != &ctx.data->diropen) ++ grub_free (fdiro); ++ grub_free (ctx.data); ++ grub_dl_unref (my_mod); ++ ++ return grub_errno; ++} ++ ++/* Open a file named NAME and initialize FILE. */ ++static grub_err_t ++grub_f2fs_open (struct grub_file *file, const char *name) ++{ ++ struct grub_f2fs_data *data = NULL; ++ struct grub_fshelp_node *fdiro = 0; ++ struct grub_f2fs_inode *inode; ++ ++ grub_dl_ref (my_mod); ++ ++ data = grub_f2fs_mount (file->device->disk); ++ if (!data) ++ goto fail; ++ ++ grub_fshelp_find_file (name, &data->diropen, &fdiro, ++ grub_f2fs_iterate_dir, grub_f2fs_read_symlink, ++ GRUB_FSHELP_REG); ++ if (grub_errno) ++ goto fail; ++ ++ if (!fdiro->inode_read) ++ { ++ grub_f2fs_read_node (data, fdiro->ino, &fdiro->inode); ++ if (grub_errno) ++ goto fail; ++ } ++ ++ grub_memcpy (data->inode, &fdiro->inode, sizeof (*data->inode)); ++ grub_free (fdiro); ++ ++ inode = &(data->inode->i); ++ file->size = grub_f2fs_file_size (inode); ++ file->data = data; ++ file->offset = 0; ++ ++ if (inode->i_inline & F2FS_INLINE_DATA && file->size > MAX_INLINE_DATA) ++ grub_error (GRUB_ERR_BAD_FS, "corrupted inline_data: need fsck"); ++ ++ return 0; ++ ++ fail: ++ if (fdiro != &data->diropen) ++ grub_free (fdiro); ++ grub_free (data); ++ ++ grub_dl_unref (my_mod); ++ ++ return grub_errno; ++} ++ ++static grub_ssize_t ++grub_f2fs_read (grub_file_t file, char *buf, grub_size_t len) ++{ ++ struct grub_f2fs_data *data = (struct grub_f2fs_data *) file->data; ++ ++ return grub_f2fs_read_file (&data->diropen, ++ file->read_hook, file->read_hook_data, ++ file->offset, len, buf); ++} ++ ++static grub_err_t ++grub_f2fs_close (grub_file_t file) ++{ ++ struct grub_f2fs_data *data = (struct grub_f2fs_data *) file->data; ++ ++ grub_free (data); ++ ++ grub_dl_unref (my_mod); ++ ++ return GRUB_ERR_NONE; ++} ++ ++static grub_uint8_t * ++grub_f2fs_utf16_to_utf8 (grub_uint16_t *in_buf_le) ++{ ++ grub_uint16_t in_buf[MAX_VOLUME_NAME]; ++ grub_uint8_t *out_buf; ++ int len = 0; ++ ++ out_buf = grub_malloc (MAX_VOLUME_NAME * GRUB_MAX_UTF8_PER_UTF16 + 1); ++ if (!out_buf) ++ return NULL; ++ ++ while (*in_buf_le != 0 && len < MAX_VOLUME_NAME) { ++ in_buf[len] = grub_le_to_cpu16 (in_buf_le[len]); ++ len++; ++ } ++ ++ *grub_utf16_to_utf8 (out_buf, in_buf, len) = '\0'; ++ ++ return out_buf; ++} ++ ++static grub_err_t ++grub_f2fs_label (grub_device_t device, char **label) ++{ ++ struct grub_f2fs_data *data; ++ grub_disk_t disk = device->disk; ++ ++ grub_dl_ref (my_mod); ++ ++ data = grub_f2fs_mount (disk); ++ if (data) ++ *label = (char *) grub_f2fs_utf16_to_utf8 (data->sblock.volume_name); ++ else ++ *label = NULL; ++ ++ grub_free (data); ++ grub_dl_unref (my_mod); ++ ++ return grub_errno; ++} ++ ++static grub_err_t ++grub_f2fs_uuid (grub_device_t device, char **uuid) ++{ ++ struct grub_f2fs_data *data; ++ grub_disk_t disk = device->disk; ++ ++ grub_dl_ref (my_mod); ++ ++ data = grub_f2fs_mount (disk); ++ if (data) ++ { ++ *uuid = ++ grub_xasprintf ++ ("%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x", ++ data->sblock.uuid[0], data->sblock.uuid[1], ++ data->sblock.uuid[2], data->sblock.uuid[3], ++ data->sblock.uuid[4], data->sblock.uuid[5], ++ data->sblock.uuid[6], data->sblock.uuid[7], ++ data->sblock.uuid[8], data->sblock.uuid[9], ++ data->sblock.uuid[10], data->sblock.uuid[11], ++ data->sblock.uuid[12], data->sblock.uuid[13], ++ data->sblock.uuid[14], data->sblock.uuid[15]); ++ } ++ else ++ *uuid = NULL; ++ ++ grub_free (data); ++ grub_dl_unref (my_mod); ++ ++ return grub_errno; ++} ++ ++static struct grub_fs grub_f2fs_fs = { ++ .name = "f2fs", ++ .dir = grub_f2fs_dir, ++ .open = grub_f2fs_open, ++ .read = grub_f2fs_read, ++ .close = grub_f2fs_close, ++ .label = grub_f2fs_label, ++ .uuid = grub_f2fs_uuid, ++#ifdef GRUB_UTIL ++ .reserved_first_sector = 1, ++ .blocklist_install = 0, ++#endif ++ .next = 0 ++}; ++ ++GRUB_MOD_INIT (f2fs) ++{ ++ grub_fs_register (&grub_f2fs_fs); ++ my_mod = mod; ++} ++ ++GRUB_MOD_FINI (f2fs) ++{ ++ grub_fs_unregister (&grub_f2fs_fs); ++} +diff --git a/grub-core/fs/udf.c b/grub-core/fs/udf.c +index 839bff88963baba7730d788869e1f50481a66a30..00a16098b47aff52a352fa9433e279beae261329 100644 +--- a/grub-core/fs/udf.c ++++ b/grub-core/fs/udf.c +@@ -321,6 +321,32 @@ struct grub_udf_partmap + }; + } GRUB_PACKED; + ++struct grub_udf_pvd ++{ ++ struct grub_udf_tag tag; ++ grub_uint32_t seq_num; ++ grub_uint32_t pvd_num; ++ grub_uint8_t ident[32]; ++ grub_uint16_t vol_seq_num; ++ grub_uint16_t max_vol_seq_num; ++ grub_uint16_t interchange_level; ++ grub_uint16_t max_interchange_level; ++ grub_uint32_t charset_list; ++ grub_uint32_t max_charset_list; ++ grub_uint8_t volset_ident[128]; ++ struct grub_udf_charspec desc_charset; ++ struct grub_udf_charspec expl_charset; ++ struct grub_udf_extent_ad vol_abstract; ++ struct grub_udf_extent_ad vol_copyright; ++ struct grub_udf_regid app_ident; ++ struct grub_udf_timestamp recording_time; ++ struct grub_udf_regid imp_ident; ++ grub_uint8_t imp_use[64]; ++ grub_uint32_t pred_vds_loc; ++ grub_uint16_t flags; ++ grub_uint8_t reserved[22]; ++} GRUB_PACKED; ++ + struct grub_udf_lvd + { + struct grub_udf_tag tag; +@@ -348,6 +374,7 @@ struct grub_udf_aed + struct grub_udf_data + { + grub_disk_t disk; ++ struct grub_udf_pvd pvd; + struct grub_udf_lvd lvd; + struct grub_udf_pd pds[GRUB_UDF_MAX_PDS]; + struct grub_udf_partmap *pms[GRUB_UDF_MAX_PMS]; +@@ -692,7 +719,17 @@ grub_udf_mount (grub_disk_t disk) + } + + tag.tag_ident = U16 (tag.tag_ident); +- if (tag.tag_ident == GRUB_UDF_TAG_IDENT_PD) ++ if (tag.tag_ident == GRUB_UDF_TAG_IDENT_PVD) ++ { ++ if (grub_disk_read (disk, block << lbshift, 0, ++ sizeof (struct grub_udf_pvd), ++ &data->pvd)) ++ { ++ grub_error (GRUB_ERR_BAD_FS, "not an UDF filesystem"); ++ goto fail; ++ } ++ } ++ else if (tag.tag_ident == GRUB_UDF_TAG_IDENT_PD) + { + if (data->npd >= GRUB_UDF_MAX_PDS) + { +@@ -860,6 +897,25 @@ read_string (const grub_uint8_t *raw, grub_size_t sz, char *outbuf) + return outbuf; + } + ++static char * ++read_dstring (const grub_uint8_t *raw, grub_size_t sz) ++{ ++ grub_size_t len; ++ ++ if (raw[0] == 0) { ++ char *outbuf = grub_malloc (1); ++ if (!outbuf) ++ return NULL; ++ outbuf[0] = 0; ++ return outbuf; ++ } ++ ++ len = raw[sz - 1]; ++ if (len > sz - 1) ++ len = sz - 1; ++ return read_string (raw, len, NULL); ++} ++ + static int + grub_udf_iterate_dir (grub_fshelp_node_t dir, + grub_fshelp_iterate_dir_hook_t hook, void *hook_data) +@@ -1197,7 +1253,7 @@ grub_udf_label (grub_device_t device, char **label) + + if (data) + { +- *label = read_string (data->lvd.ident, sizeof (data->lvd.ident), 0); ++ *label = read_dstring (data->lvd.ident, sizeof (data->lvd.ident)); + grub_free (data); + } + else +@@ -1206,6 +1262,87 @@ grub_udf_label (grub_device_t device, char **label) + return grub_errno; + } + ++static char * ++gen_uuid_from_volset (char *volset_ident) ++{ ++ grub_size_t i; ++ grub_size_t len; ++ grub_size_t nonhexpos; ++ grub_uint8_t buf[17]; ++ char *uuid; ++ ++ len = grub_strlen (volset_ident); ++ if (len < 8) ++ return NULL; ++ ++ uuid = grub_malloc (17); ++ if (!uuid) ++ return NULL; ++ ++ if (len > 16) ++ len = 16; ++ ++ grub_memset (buf, 0, sizeof (buf)); ++ grub_memcpy (buf, volset_ident, len); ++ ++ nonhexpos = 16; ++ for (i = 0; i < 16; ++i) ++ { ++ if (!grub_isxdigit (buf[i])) ++ { ++ nonhexpos = i; ++ break; ++ } ++ } ++ ++ if (nonhexpos < 8) ++ { ++ grub_snprintf (uuid, 17, "%02x%02x%02x%02x%02x%02x%02x%02x", ++ buf[0], buf[1], buf[2], buf[3], ++ buf[4], buf[5], buf[6], buf[7]); ++ } ++ else if (nonhexpos < 16) ++ { ++ for (i = 0; i < 8; ++i) ++ uuid[i] = grub_tolower (buf[i]); ++ grub_snprintf (uuid+8, 9, "%02x%02x%02x%02x", ++ buf[8], buf[9], buf[10], buf[11]); ++ } ++ else ++ { ++ for (i = 0; i < 16; ++i) ++ uuid[i] = grub_tolower (buf[i]); ++ uuid[16] = 0; ++ } ++ ++ return uuid; ++} ++ ++static grub_err_t ++grub_udf_uuid (grub_device_t device, char **uuid) ++{ ++ char *volset_ident; ++ struct grub_udf_data *data; ++ data = grub_udf_mount (device->disk); ++ ++ if (data) ++ { ++ volset_ident = read_dstring (data->pvd.volset_ident, sizeof (data->pvd.volset_ident)); ++ if (volset_ident) ++ { ++ *uuid = gen_uuid_from_volset (volset_ident); ++ grub_free (volset_ident); ++ } ++ else ++ *uuid = 0; ++ grub_free (data); ++ } ++ else ++ *uuid = 0; ++ ++ return grub_errno; ++} ++ + static struct grub_fs grub_udf_fs = { + .name = "udf", + .dir = grub_udf_dir, +@@ -1213,6 +1350,7 @@ static struct grub_fs grub_udf_fs = { + .read = grub_udf_read, + .close = grub_udf_close, + .label = grub_udf_label, ++ .uuid = grub_udf_uuid, + #ifdef GRUB_UTIL + .reserved_first_sector = 1, + .blocklist_install = 1, +diff --git a/grub-core/fs/xfs.c b/grub-core/fs/xfs.c +index 9f66dd6e4c6491e6b2cbfc7866335b432c824502..3b00c744e23c34243df781baa96e5b1b0d88417d 100644 +--- a/grub-core/fs/xfs.c ++++ b/grub-core/fs/xfs.c +@@ -79,9 +79,18 @@ GRUB_MOD_LICENSE ("GPLv3+"); + #define XFS_SB_FEAT_INCOMPAT_SPINODES (1 << 1) /* sparse inode chunks */ + #define XFS_SB_FEAT_INCOMPAT_META_UUID (1 << 2) /* metadata UUID */ + +-/* We do not currently verify metadata UUID so it is safe to read such filesystem */ ++/* ++ * Directory entries with ftype are explicitly handled by GRUB code. ++ * ++ * We do not currently read the inode btrees, so it is safe to read filesystems ++ * with the XFS_SB_FEAT_INCOMPAT_SPINODES feature. ++ * ++ * We do not currently verify metadata UUID, so it is safe to read filesystems ++ * with the XFS_SB_FEAT_INCOMPAT_META_UUID feature. ++ */ + #define XFS_SB_FEAT_INCOMPAT_SUPPORTED \ + (XFS_SB_FEAT_INCOMPAT_FTYPE | \ ++ XFS_SB_FEAT_INCOMPAT_SPINODES | \ + XFS_SB_FEAT_INCOMPAT_META_UUID) + + struct grub_xfs_sblock +@@ -828,6 +837,9 @@ grub_xfs_iterate_dir (grub_fshelp_node_t dir, + entries = (grub_be_to_cpu32 (tail->leaf_count) + - grub_be_to_cpu32 (tail->leaf_stale)); + ++ if (!entries) ++ continue; ++ + /* Iterate over all entries within this block. */ + while ((char *)direntry < (char *)tail) + { +diff --git a/grub-core/fs/zfs/zfs_lz4.c b/grub-core/fs/zfs/zfs_lz4.c +index 2f73449f0d4c63cadc7b5b4388250a4d474594b6..5453822d0258527ba751e551cbb54753f0331043 100644 +--- a/grub-core/fs/zfs/zfs_lz4.c ++++ b/grub-core/fs/zfs/zfs_lz4.c +@@ -73,7 +73,6 @@ static int LZ4_uncompress_unknownOutputSize(const char *source, char *dest, + #define U32 grub_uint32_t + #define S32 grub_int32_t + #define U64 grub_uint64_t +-typedef grub_size_t size_t; + + typedef struct _U16_S { + U16 v; +@@ -133,10 +132,10 @@ typedef struct _U64_S { + + /* Decompression functions */ + grub_err_t +-lz4_decompress(void *s_start, void *d_start, size_t s_len, size_t d_len); ++lz4_decompress(void *s_start, void *d_start, grub_size_t s_len, grub_size_t d_len); + + grub_err_t +-lz4_decompress(void *s_start, void *d_start, size_t s_len, size_t d_len) ++lz4_decompress(void *s_start, void *d_start, grub_size_t s_len, grub_size_t d_len) + { + const BYTE *src = s_start; + U32 bufsiz = (src[0] << 24) | (src[1] << 16) | (src[2] << 8) | +@@ -167,7 +166,7 @@ LZ4_uncompress_unknownOutputSize(const char *source, + BYTE *const oend = op + maxOutputSize; + BYTE *cpy; + +- size_t dec[] = { 0, 3, 2, 3, 0, 0, 0, 0 }; ++ grub_size_t dec[] = { 0, 3, 2, 3, 0, 0, 0, 0 }; + + /* Main Loop */ + while (ip < iend) { +@@ -237,8 +236,8 @@ LZ4_uncompress_unknownOutputSize(const char *source, + /* copy repeated sequence */ + if unlikely(op - ref < STEPSIZE) { + #if LZ4_ARCH64 +- size_t dec2table[] = { 0, 0, 0, -1, 0, 1, 2, 3 }; +- size_t dec2 = dec2table[op - ref]; ++ grub_size_t dec2table[] = { 0, 0, 0, -1, 0, 1, 2, 3 }; ++ grub_size_t dec2 = dec2table[op - ref]; + #else + const int dec2 = 0; + #endif +diff --git a/grub-core/io/bufio.c b/grub-core/io/bufio.c +index 22438277d7456358dfc6bcbb51317fd704987738..dbed64744317c2f849fb2bda8fd5a6b142affe91 100644 +--- a/grub-core/io/bufio.c ++++ b/grub-core/io/bufio.c +@@ -61,6 +61,13 @@ grub_bufio_open (grub_file_t io, int size) + size = ((io->size > GRUB_BUFIO_MAX_SIZE) ? GRUB_BUFIO_MAX_SIZE : + io->size); + ++ /* ++ * Round up size to power of 2 which the binary math to ++ * calculate next_buf in grub_bufio_read() requires. ++ */ ++ while (size & (size - 1)) ++ size = (size | (size - 1)) + 1; ++ + bufio = grub_zalloc (sizeof (struct grub_bufio) + size); + if (! bufio) + { +diff --git a/grub-core/io/gzio.c b/grub-core/io/gzio.c +index 0f2ea6bd845227265eef205c212e7c52ee03ebcf..86ea8cfdea2e0abd1f73c6df4dca58806c8f2d9b 100644 +--- a/grub-core/io/gzio.c ++++ b/grub-core/io/gzio.c +@@ -43,6 +43,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -94,6 +95,14 @@ struct grub_gzio + struct huft *tl; + /* The distance code table. */ + struct huft *td; ++ /* The checksum algorithm */ ++ const gcry_md_spec_t *hdesc; ++ /* The wanted checksum */ ++ grub_uint32_t orig_checksum; ++ /* The uncompressed length */ ++ grub_size_t orig_len; ++ /* Context for checksum calculation */ ++ grub_uint8_t *hcontext; + /* The lookup bits for the literal/length code table. */ + int bl; + /* The lookup bits for the distance code table. */ +@@ -140,24 +149,24 @@ eat_field (grub_file_t file, int len) + #define OLD_GZIP_MAGIC grub_le_to_cpu16 (0x9E1F) + + /* Compression methods (see algorithm.doc) */ +-#define STORED 0 +-#define COMPRESSED 1 +-#define PACKED 2 +-#define LZHED 3 ++#define GRUB_GZ_STORED 0 ++#define GRUB_GZ_COMPRESSED 1 ++#define GRUB_GZ_PACKED 2 ++#define GRUB_GZ_LZHED 3 + /* methods 4 to 7 reserved */ +-#define DEFLATED 8 +-#define MAX_METHODS 9 ++#define GRUB_GZ_DEFLATED 8 ++#define GRUB_GZ_MAX_METHODS 9 + + /* gzip flag byte */ +-#define ASCII_FLAG 0x01 /* bit 0 set: file probably ascii text */ +-#define CONTINUATION 0x02 /* bit 1 set: continuation of multi-part gzip file */ +-#define EXTRA_FIELD 0x04 /* bit 2 set: extra field present */ +-#define ORIG_NAME 0x08 /* bit 3 set: original file name present */ +-#define COMMENT 0x10 /* bit 4 set: file comment present */ +-#define ENCRYPTED 0x20 /* bit 5 set: file is encrypted */ +-#define RESERVED 0xC0 /* bit 6,7: reserved */ ++#define GRUB_GZ_ASCII_FLAG 0x01 /* bit 0 set: file probably ascii text */ ++#define GRUB_GZ_CONTINUATION 0x02 /* bit 1 set: continuation of multi-part gzip file */ ++#define GRUB_GZ_EXTRA_FIELD 0x04 /* bit 2 set: extra field present */ ++#define GRUB_GZ_ORIG_NAME 0x08 /* bit 3 set: original file name present */ ++#define GRUB_GZ_COMMENT 0x10 /* bit 4 set: file comment present */ ++#define GRUB_GZ_ENCRYPTED 0x20 /* bit 5 set: file is encrypted */ ++#define GRUB_GZ_RESERVED 0xC0 /* bit 6,7: reserved */ + +-#define UNSUPPORTED_FLAGS (CONTINUATION | ENCRYPTED | RESERVED) ++#define GRUB_GZ_UNSUPPORTED_FLAGS (GRUB_GZ_CONTINUATION | GRUB_GZ_ENCRYPTED | GRUB_GZ_RESERVED) + + /* inflate block codes */ + #define INFLATE_STORED 0 +@@ -180,7 +189,7 @@ test_gzip_header (grub_file_t file) + grub_uint8_t os_type; + } hdr; + grub_uint16_t extra_len; +- grub_uint32_t orig_len; ++ grub_uint32_t crc32; + grub_gzio_t gzio = file->data; + + if (grub_file_tell (gzio->file) != 0) +@@ -201,26 +210,29 @@ test_gzip_header (grub_file_t file) + * problem occurs from here on, then we have corrupt or otherwise + * bad data, and the error should be reported to the user. + */ +- if (hdr.method != DEFLATED +- || (hdr.flags & UNSUPPORTED_FLAGS) +- || ((hdr.flags & EXTRA_FIELD) ++ if (hdr.method != GRUB_GZ_DEFLATED ++ || (hdr.flags & GRUB_GZ_UNSUPPORTED_FLAGS) ++ || ((hdr.flags & GRUB_GZ_EXTRA_FIELD) + && (grub_file_read (gzio->file, &extra_len, 2) != 2 + || eat_field (gzio->file, + grub_le_to_cpu16 (extra_len)))) +- || ((hdr.flags & ORIG_NAME) && eat_field (gzio->file, -1)) +- || ((hdr.flags & COMMENT) && eat_field (gzio->file, -1))) ++ || ((hdr.flags & GRUB_GZ_ORIG_NAME) && eat_field (gzio->file, -1)) ++ || ((hdr.flags & GRUB_GZ_COMMENT) && eat_field (gzio->file, -1))) + return 0; + + gzio->data_offset = grub_file_tell (gzio->file); + + /* FIXME: don't do this on not easily seekable files. */ + { +- grub_file_seek (gzio->file, grub_file_size (gzio->file) - 4); +- if (grub_file_read (gzio->file, &orig_len, 4) != 4) ++ grub_file_seek (gzio->file, grub_file_size (gzio->file) - 8); ++ if (grub_file_read (gzio->file, &crc32, 4) != 4) ++ return 0; ++ gzio->orig_checksum = grub_le_to_cpu32 (crc32); ++ if (grub_file_read (gzio->file, &gzio->orig_len, 4) != 4) + return 0; + /* FIXME: this does not handle files whose original size is over 4GB. + But how can we know the real original size? */ +- file->size = grub_le_to_cpu32 (orig_len); ++ file->size = grub_le_to_cpu32 (gzio->orig_len); + } + + initialize_tables (gzio); +@@ -1095,7 +1107,23 @@ inflate_window (grub_gzio_t gzio) + + gzio->saved_offset += gzio->wp; + +- /* XXX do CRC calculation here! */ ++ if (gzio->hcontext) ++ { ++ gzio->hdesc->write (gzio->hcontext, gzio->slide, gzio->wp); ++ ++ if (gzio->saved_offset == gzio->orig_len) ++ { ++ grub_uint32_t csum; ++ ++ gzio->hdesc->final (gzio->hcontext); ++ csum = grub_get_unaligned32 (gzio->hdesc->read (gzio->hcontext)); ++ csum = grub_be_to_cpu32 (csum); ++ if (csum != gzio->orig_checksum) ++ grub_error (GRUB_ERR_BAD_COMPRESSED_DATA, ++ "checksum mismatch %08x/%08x", ++ gzio->orig_checksum, csum); ++ } ++ } + } + + +@@ -1118,6 +1146,9 @@ initialize_tables (grub_gzio_t gzio) + huft_free (gzio->td); + gzio->tl = NULL; + gzio->td = NULL; ++ ++ if (gzio->hcontext) ++ gzio->hdesc->init(gzio->hcontext); + } + + +@@ -1143,6 +1174,9 @@ grub_gzio_open (grub_file_t io, const char *name __attribute__ ((unused))) + + gzio->file = io; + ++ gzio->hdesc = GRUB_MD_CRC32; ++ gzio->hcontext = grub_malloc(gzio->hdesc->contextsize); ++ + file->device = io->device; + file->data = gzio; + file->fs = &grub_gzio_fs; +@@ -1151,6 +1185,7 @@ grub_gzio_open (grub_file_t io, const char *name __attribute__ ((unused))) + if (! test_gzip_header (file)) + { + grub_errno = GRUB_ERR_NONE; ++ grub_free (gzio->hcontext); + grub_free (gzio); + grub_free (file); + grub_file_seek (io, 0); +@@ -1183,7 +1218,7 @@ test_zlib_header (grub_gzio_t gzio) + flg = get_byte (gzio); + + /* Check that compression method is DEFLATE. */ +- if ((cmf & 0xf) != DEFLATED) ++ if ((cmf & 0xf) != GRUB_GZ_DEFLATED) + { + /* TRANSLATORS: It's about given file having some strange format, not + complete lack of gzip support. */ +@@ -1287,6 +1322,7 @@ grub_gzio_close (grub_file_t file) + grub_file_close (gzio->file); + huft_free (gzio->tl); + huft_free (gzio->td); ++ grub_free (gzio->hcontext); + grub_free (gzio); + + /* No need to close the same device twice. */ +diff --git a/grub-core/kern/arm/cache.c b/grub-core/kern/arm/cache.c +index 34154ccdb0e09d7d9fd91c4164fe8577ce449260..af1c4bbf544f0ebcca5c0f58c847c8dddc1f2e91 100644 +--- a/grub-core/kern/arm/cache.c ++++ b/grub-core/kern/arm/cache.c +@@ -29,6 +29,8 @@ void grub_arm_clean_dcache_range_armv6 (grub_addr_t start, grub_addr_t end, + grub_addr_t dlinesz); + void grub_arm_clean_dcache_range_armv7 (grub_addr_t start, grub_addr_t end, + grub_addr_t dlinesz); ++void grub_arm_clean_dcache_range_poc_armv7 (grub_addr_t start, grub_addr_t end, ++ grub_addr_t dlinesz); + void grub_arm_invalidate_icache_range_armv6 (grub_addr_t start, grub_addr_t end, + grub_addr_t dlinesz); + void grub_arm_invalidate_icache_range_armv7 (grub_addr_t start, grub_addr_t end, +@@ -252,6 +254,38 @@ grub_arch_sync_caches (void *address, grub_size_t len) + } + } + ++void ++grub_arch_sync_dma_caches (volatile void *address, grub_size_t len) ++{ ++ grub_addr_t start = (grub_addr_t) address; ++ grub_addr_t end = start + len; ++ ++ if (type == ARCH_UNKNOWN) ++ probe_caches (); ++ start = ALIGN_DOWN (start, grub_arch_cache_max_linesz); ++ end = ALIGN_UP (end, grub_arch_cache_max_linesz); ++ switch (type) ++ { ++ case ARCH_ARMV6: ++ grub_arm_clean_dcache_range_armv6 (start, end, grub_arch_cache_dlinesz); ++ grub_arm_invalidate_icache_range_armv6 (start, end, ++ grub_arch_cache_ilinesz); ++ break; ++ case ARCH_ARMV5_WRITE_THROUGH: ++ case ARCH_ARMV6_UNIFIED: ++ grub_arm_clean_dcache_range_armv6 (start, end, grub_arch_cache_dlinesz); ++ break; ++ case ARCH_ARMV7: ++ grub_arm_clean_dcache_range_poc_armv7 (start, end, grub_arch_cache_dlinesz); ++ grub_arm_invalidate_icache_range_armv7 (start, end, ++ grub_arch_cache_ilinesz); ++ break; ++ /* Pacify GCC. */ ++ case ARCH_UNKNOWN: ++ break; ++ } ++} ++ + void + grub_arm_disable_caches_mmu (void) + { +diff --git a/grub-core/kern/arm/coreboot/cbtable.c b/grub-core/kern/arm/coreboot/cbtable.c +new file mode 100644 +index 0000000000000000000000000000000000000000..8a655bb5cc28fb013674dc792531d8a9ba1c4b85 +--- /dev/null ++++ b/grub-core/kern/arm/coreboot/cbtable.c +@@ -0,0 +1,40 @@ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2007,2008,2013 Free Software Foundation, Inc. ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ */ ++ ++#include ++#include ++#include ++#include ++#include ++#include ++ ++GRUB_MOD_LICENSE ("GPLv3+"); ++ ++#pragma GCC diagnostic ignored "-Wcast-align" ++ ++grub_linuxbios_table_header_t ++grub_linuxbios_get_tables (void) ++{ ++ grub_linuxbios_table_header_t table_header ++ = (grub_linuxbios_table_header_t) grub_arm_saved_registers.r[0]; ++ ++ if (!grub_linuxbios_check_signature (table_header)) ++ return 0; ++ ++ return table_header; ++} +diff --git a/grub-core/kern/arm/coreboot/dma.c b/grub-core/kern/arm/coreboot/dma.c +new file mode 100644 +index 0000000000000000000000000000000000000000..2c2a6278904631c91bd29b3c4338c606471672fe +--- /dev/null ++++ b/grub-core/kern/arm/coreboot/dma.c +@@ -0,0 +1,59 @@ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2007,2009 Free Software Foundation, Inc. ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ */ ++ ++#include ++#include ++#include ++#include ++#include ++#include ++ ++struct grub_pci_dma_chunk * ++grub_memalign_dma32 (grub_size_t align, grub_size_t size) ++{ ++ void *ret; ++ if (align < 64) ++ align = 64; ++ size = ALIGN_UP (size, align); ++ ret = grub_memalign (align, size); ++ if (!ret) ++ return 0; ++ grub_arch_sync_dma_caches (ret, size); ++ return ret; ++} ++ ++void ++grub_dma_free (struct grub_pci_dma_chunk *ch) ++{ ++ grub_size_t size = (((struct grub_mm_header *) ch) - 1)->size * GRUB_MM_ALIGN; ++ grub_arch_sync_dma_caches (ch, size); ++ grub_free (ch); ++} ++ ++volatile void * ++grub_dma_get_virt (struct grub_pci_dma_chunk *ch) ++{ ++ return (void *) ch; ++} ++ ++grub_uint32_t ++grub_dma_get_phys (struct grub_pci_dma_chunk *ch) ++{ ++ return (grub_uint32_t) (grub_addr_t) ch; ++} ++ +diff --git a/grub-core/kern/arm/coreboot/init.c b/grub-core/kern/arm/coreboot/init.c +new file mode 100644 +index 0000000000000000000000000000000000000000..8d8c5b8291eff9743b0325b76f851d52509b1f4f +--- /dev/null ++++ b/grub-core/kern/arm/coreboot/init.c +@@ -0,0 +1,151 @@ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2002,2003,2004,2005,2006,2007,2008,2009,2013 Free Software Foundation, Inc. ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ */ ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++extern grub_uint8_t _start[]; ++extern grub_uint8_t _end[]; ++extern grub_uint8_t _edata[]; ++grub_addr_t start_of_ram = ~(grub_addr_t)0; ++ ++void __attribute__ ((noreturn)) ++grub_exit (void) ++{ ++ /* We can't use grub_fatal() in this function. This would create an infinite ++ loop, since grub_fatal() calls grub_abort() which in turn calls grub_exit(). */ ++ while (1) ++ grub_cpu_idle (); ++} ++ ++static grub_uint64_t modend; ++static int have_memory = 0; ++ ++/* Helper for grub_machine_init. */ ++static int ++heap_init (grub_uint64_t addr, grub_uint64_t size, grub_memory_type_t type, ++ void *data __attribute__ ((unused))) ++{ ++ grub_uint64_t begin = addr, end = addr + size; ++ ++#if GRUB_CPU_SIZEOF_VOID_P == 4 ++ /* Restrict ourselves to 32-bit memory space. */ ++ if (begin > GRUB_ULONG_MAX) ++ return 0; ++ if (end > GRUB_ULONG_MAX) ++ end = GRUB_ULONG_MAX; ++#endif ++ ++ if (start_of_ram > begin) ++ start_of_ram = begin; ++ ++ if (type != GRUB_MEMORY_AVAILABLE) ++ return 0; ++ ++ if (modend && begin < modend) ++ { ++ if (begin < (grub_addr_t)_start) ++ { ++ grub_mm_init_region ((void *) (grub_addr_t) begin, (grub_size_t) ((grub_addr_t)_start - begin)); ++ have_memory = 1; ++ } ++ begin = modend; ++ } ++ ++ /* Avoid DMA problems. */ ++ if (end >= 0xfe000000) ++ end = 0xfe000000; ++ ++ if (end <= begin) ++ return 0; ++ ++ grub_mm_init_region ((void *) (grub_addr_t) begin, (grub_size_t) (end - begin)); ++ ++ have_memory = 1; ++ ++ return 0; ++} ++ ++void ++grub_machine_init (void) ++{ ++ struct grub_module_header *header; ++ void *dtb = 0; ++ grub_size_t dtb_size = 0; ++ ++ modend = grub_modules_get_end (); ++ ++ grub_video_coreboot_fb_early_init (); ++ ++ grub_machine_mmap_iterate (heap_init, NULL); ++ if (!have_memory) ++ grub_fatal ("No memory found"); ++ ++ grub_video_coreboot_fb_late_init (); ++ ++ grub_font_init (); ++ grub_gfxterm_init (); ++ ++ FOR_MODULES (header) ++ if (header->type == OBJ_TYPE_DTB) ++ { ++ char *dtb_orig_addr, *dtb_copy; ++ dtb_orig_addr = (char *) header + sizeof (struct grub_module_header); ++ ++ dtb_size = header->size - sizeof (struct grub_module_header); ++ dtb = dtb_copy = grub_malloc (dtb_size); ++ grub_memmove (dtb_copy, dtb_orig_addr, dtb_size); ++ break; ++ } ++ if (!dtb) ++ grub_fatal ("No DTB found"); ++ grub_fdtbus_init (dtb, dtb_size); ++ ++ grub_rk3288_spi_init (); ++ ++ grub_machine_timer_init (); ++ grub_cros_init (); ++ grub_pl050_init (); ++} ++ ++void ++grub_machine_get_bootlocation (char **device __attribute__ ((unused)), ++ char **path __attribute__ ((unused))) ++{ ++} ++ ++void ++grub_machine_fini (int flags __attribute__ ((unused))) ++{ ++} +diff --git a/grub-core/kern/arm/coreboot/timer.c b/grub-core/kern/arm/coreboot/timer.c +new file mode 100644 +index 0000000000000000000000000000000000000000..d97b844f8487c064922a552a5ea4d5f220031dba +--- /dev/null ++++ b/grub-core/kern/arm/coreboot/timer.c +@@ -0,0 +1,101 @@ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2016 Free Software Foundation, Inc. ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ */ ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++grub_uint64_t ++grub_armv7_get_timer_value(void); ++ ++grub_uint32_t ++grub_armv7_get_timer_frequency(void); ++ ++grub_uint32_t ++grub_arm_pfr1(void); ++ ++static int have_timer = 0; ++static volatile grub_uint32_t *sp804_regs; ++ ++static grub_uint64_t ++sp804_get_time_ms (void) ++{ ++ static grub_uint32_t high, last_low; ++ grub_uint32_t low = ~sp804_regs[1]; ++ if (last_low > low) ++ high++; ++ last_low = low; ++ return grub_divmod64 ((((grub_uint64_t) high) << 32) | low, ++ 1000, 0); ++} ++ ++static grub_err_t ++sp804_attach(const struct grub_fdtbus_dev *dev) ++{ ++ if (have_timer) ++ return GRUB_ERR_NONE; ++ sp804_regs = grub_fdtbus_map_reg (dev, 0, 0); ++ if (!grub_fdtbus_is_mapping_valid (sp804_regs)) ++ return grub_error (GRUB_ERR_IO, "could not map sp804: %p", sp804_regs); ++ grub_install_get_time_ms (sp804_get_time_ms); ++ have_timer = 1; ++ return GRUB_ERR_NONE; ++} ++ ++struct grub_fdtbus_driver sp804 = ++{ ++ .compatible = "arm,sp804", ++ .attach = sp804_attach ++}; ++ ++static grub_uint32_t timer_frequency_in_khz; ++ ++static grub_uint64_t ++generic_get_time_ms (void) ++{ ++ return grub_divmod64 (grub_armv7_get_timer_value(), timer_frequency_in_khz, 0); ++} ++ ++static int ++try_generic_timer (void) ++{ ++ if (((grub_arm_pfr1 () >> 16) & 0xf) != 1) ++ return 0; ++ grub_printf ("freq = %x\n", grub_armv7_get_timer_frequency()); ++ timer_frequency_in_khz = 0x016e3600 / 1000; //grub_armv7_get_timer_frequency() / 1000; ++ if (timer_frequency_in_khz == 0) ++ return 0; ++ grub_install_get_time_ms (generic_get_time_ms); ++ have_timer = 1; ++ return 1; ++} ++ ++void ++grub_machine_timer_init (void) ++{ ++ grub_fdtbus_register (&sp804); ++ ++ if (!have_timer) ++ try_generic_timer (); ++ if (!have_timer) ++ grub_fatal ("No timer found"); ++} +diff --git a/grub-core/kern/arm/efi/misc.c b/grub-core/kern/arm/efi/misc.c +deleted file mode 100644 +index 7cd41842ae7662018c2ce5ff847aeb250572ec85..0000000000000000000000000000000000000000 +--- a/grub-core/kern/arm/efi/misc.c ++++ /dev/null +@@ -1,202 +0,0 @@ +-/* misc.c - various system functions for an arm-based EFI system */ +-/* +- * GRUB -- GRand Unified Bootloader +- * Copyright (C) 2013 Free Software Foundation, Inc. +- * +- * GRUB is free software: you can redistribute it and/or modify +- * it under the terms of the GNU General Public License as published by +- * the Free Software Foundation, either version 3 of the License, or +- * (at your option) any later version. +- * +- * GRUB is distributed in the hope that it will be useful, +- * but WITHOUT ANY WARRANTY; without even the implied warranty of +- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +- * GNU General Public License for more details. +- * +- * You should have received a copy of the GNU General Public License +- * along with GRUB. If not, see . +- */ +- +-#include +-#include +-#include +-#include +-#include +-#include +- +-static inline grub_size_t +-page_align (grub_size_t size) +-{ +- return (size + (1 << 12) - 1) & (~((1 << 12) - 1)); +-} +- +-/* Find the optimal number of pages for the memory map. Is it better to +- move this code to efi/mm.c? */ +-static grub_efi_uintn_t +-find_mmap_size (void) +-{ +- static grub_efi_uintn_t mmap_size = 0; +- +- if (mmap_size != 0) +- return mmap_size; +- +- mmap_size = (1 << 12); +- while (1) +- { +- int ret; +- grub_efi_memory_descriptor_t *mmap; +- grub_efi_uintn_t desc_size; +- +- mmap = grub_malloc (mmap_size); +- if (! mmap) +- return 0; +- +- ret = grub_efi_get_memory_map (&mmap_size, mmap, 0, &desc_size, 0); +- grub_free (mmap); +- +- if (ret < 0) +- { +- grub_error (GRUB_ERR_IO, "cannot get memory map"); +- return 0; +- } +- else if (ret > 0) +- break; +- +- mmap_size += (1 << 12); +- } +- +- /* Increase the size a bit for safety, because GRUB allocates more on +- later, and EFI itself may allocate more. */ +- mmap_size += (1 << 12); +- +- return page_align (mmap_size); +-} +- +-#define NEXT_MEMORY_DESCRIPTOR(desc, size) \ +- ((grub_efi_memory_descriptor_t *) ((char *) (desc) + (size))) +-#define PAGE_SHIFT 12 +- +-void * +-grub_efi_allocate_loader_memory (grub_uint32_t min_offset, grub_uint32_t size) +-{ +- grub_efi_uintn_t desc_size; +- grub_efi_memory_descriptor_t *mmap, *mmap_end; +- grub_efi_uintn_t mmap_size, tmp_mmap_size; +- grub_efi_memory_descriptor_t *desc; +- void *mem = NULL; +- grub_addr_t min_start = 0; +- +- mmap_size = find_mmap_size(); +- if (!mmap_size) +- return NULL; +- +- mmap = grub_malloc(mmap_size); +- if (!mmap) +- return NULL; +- +- tmp_mmap_size = mmap_size; +- if (grub_efi_get_memory_map (&tmp_mmap_size, mmap, 0, &desc_size, 0) <= 0) +- { +- grub_error (GRUB_ERR_IO, "cannot get memory map"); +- goto fail; +- } +- +- mmap_end = NEXT_MEMORY_DESCRIPTOR (mmap, tmp_mmap_size); +- /* Find lowest accessible RAM location */ +- { +- int found = 0; +- for (desc = mmap ; !found && (desc < mmap_end) ; +- desc = NEXT_MEMORY_DESCRIPTOR(desc, desc_size)) +- { +- switch (desc->type) +- { +- case GRUB_EFI_CONVENTIONAL_MEMORY: +- case GRUB_EFI_LOADER_CODE: +- case GRUB_EFI_LOADER_DATA: +- min_start = desc->physical_start + min_offset; +- found = 1; +- break; +- default: +- break; +- } +- } +- } +- +- /* First, find free pages for the real mode code +- and the memory map buffer. */ +- for (desc = mmap ; desc < mmap_end ; +- desc = NEXT_MEMORY_DESCRIPTOR(desc, desc_size)) +- { +- grub_uint64_t start, end; +- +- grub_dprintf("mm", "%s: 0x%08x bytes @ 0x%08x\n", +- __FUNCTION__, +- (grub_uint32_t) (desc->num_pages << PAGE_SHIFT), +- (grub_uint32_t) (desc->physical_start)); +- +- if (desc->type != GRUB_EFI_CONVENTIONAL_MEMORY) +- continue; +- +- start = desc->physical_start; +- end = start + (desc->num_pages << PAGE_SHIFT); +- grub_dprintf("mm", "%s: start=0x%016llx, end=0x%016llx\n", +- __FUNCTION__, start, end); +- start = start < min_start ? min_start : start; +- if (start + size > end) +- continue; +- grub_dprintf("mm", "%s: let's allocate some (0x%x) pages @ 0x%08x...\n", +- __FUNCTION__, (size >> PAGE_SHIFT), (grub_addr_t) start); +- mem = grub_efi_allocate_pages (start, (size >> PAGE_SHIFT) + 1); +- grub_dprintf("mm", "%s: retval=0x%08x\n", +- __FUNCTION__, (grub_addr_t) mem); +- if (! mem) +- { +- grub_error (GRUB_ERR_OUT_OF_MEMORY, "cannot allocate memory"); +- goto fail; +- } +- break; +- } +- +- if (! mem) +- { +- grub_error (GRUB_ERR_OUT_OF_MEMORY, "cannot allocate memory"); +- goto fail; +- } +- +- grub_free (mmap); +- return mem; +- +- fail: +- grub_free (mmap); +- return NULL; +-} +- +-grub_err_t +-grub_efi_prepare_platform (void) +-{ +- grub_efi_uintn_t mmap_size; +- grub_efi_uintn_t map_key; +- grub_efi_uintn_t desc_size; +- grub_efi_uint32_t desc_version; +- grub_efi_memory_descriptor_t *mmap_buf; +- grub_err_t err; +- +- /* +- * Cloned from IA64 +- * Must be done after grub_machine_fini because map_key is used by +- *exit_boot_services. +- */ +- mmap_size = find_mmap_size (); +- if (! mmap_size) +- return GRUB_ERR_OUT_OF_MEMORY; +- mmap_buf = grub_efi_allocate_pages (0, page_align (mmap_size) >> 12); +- if (! mmap_buf) +- return GRUB_ERR_OUT_OF_MEMORY; +- +- err = grub_efi_finish_boot_services (&mmap_size, mmap_buf, &map_key, +- &desc_size, &desc_version); +- if (err != GRUB_ERR_NONE) +- return err; +- +- return GRUB_ERR_NONE; +-} +diff --git a/grub-core/kern/arm/uboot/init.c b/grub-core/kern/arm/uboot/init.c +new file mode 100644 +index 0000000000000000000000000000000000000000..2a6aa3fdd3dd049848015f6c67dfc0f30a79a9c4 +--- /dev/null ++++ b/grub-core/kern/arm/uboot/init.c +@@ -0,0 +1,70 @@ ++/* init.c - generic U-Boot initialization and finalization */ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2016 Free Software Foundation, Inc. ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ */ ++ ++#include ++#include ++#include ++ ++extern int (*grub_uboot_syscall_ptr) (int, int *, ...); ++ ++grub_uint32_t ++grub_uboot_get_machine_type (void) ++{ ++ return grub_arm_saved_registers.r[1]; ++} ++ ++grub_addr_t ++grub_uboot_get_boot_data (void) ++{ ++ return grub_arm_saved_registers.r[2]; ++} ++ ++int ++grub_uboot_api_init (void) ++{ ++ struct api_signature *start, *end; ++ struct api_signature *p; ++ grub_addr_t grub_uboot_search_hint = grub_arm_saved_registers.sp; ++ if (grub_uboot_search_hint) ++ { ++ /* Extended search range to work around Trim Slice U-Boot issue */ ++ start = (struct api_signature *) ((grub_uboot_search_hint & ~0x000fffff) ++ - 0x00500000); ++ end = ++ (struct api_signature *) ((grub_addr_t) start + UBOOT_API_SEARCH_LEN - ++ API_SIG_MAGLEN + 0x00500000); ++ } ++ else ++ { ++ start = 0; ++ end = (struct api_signature *) (256 * 1024 * 1024); ++ } ++ ++ /* Structure alignment is (at least) 8 bytes */ ++ for (p = start; p < end; p = (void *) ((grub_addr_t) p + 8)) ++ { ++ if (grub_memcmp (&(p->magic), API_SIG_MAGIC, API_SIG_MAGLEN) == 0) ++ { ++ grub_uboot_syscall_ptr = p->syscall; ++ return p->version; ++ } ++ } ++ ++ return 0; ++} +diff --git a/grub-core/kern/coreboot/cbtable.c b/grub-core/kern/coreboot/cbtable.c +new file mode 100644 +index 0000000000000000000000000000000000000000..aec63dbd1209e4c3cbbe165d54a78277ea72f361 +--- /dev/null ++++ b/grub-core/kern/coreboot/cbtable.c +@@ -0,0 +1,72 @@ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2007,2008,2013 Free Software Foundation, Inc. ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ */ ++ ++#include ++#include ++#include ++#include ++#include ++#include ++ ++#pragma GCC diagnostic ignored "-Wcast-align" ++ ++/* Helper for grub_linuxbios_table_iterate. */ ++int ++grub_linuxbios_check_signature (grub_linuxbios_table_header_t tbl_header) ++{ ++ if (! grub_memcmp (tbl_header->signature, "LBIO", 4)) ++ return 1; ++ ++ return 0; ++} ++ ++grub_err_t ++grub_linuxbios_table_iterate (int (*hook) (grub_linuxbios_table_item_t, ++ void *), ++ void *hook_data) ++{ ++ grub_linuxbios_table_header_t table_header = grub_linuxbios_get_tables (); ++ grub_linuxbios_table_item_t table_item; ++ ++ if (!table_header) ++ return 0; ++ ++signature_found: ++ ++ table_item = ++ (grub_linuxbios_table_item_t) ((char *) table_header + ++ table_header->header_size); ++ for (; table_item < (grub_linuxbios_table_item_t) ((char *) table_header ++ + table_header->header_size ++ + table_header->table_size); ++ table_item = (grub_linuxbios_table_item_t) ((char *) table_item + table_item->size)) ++ { ++ if (table_item->tag == GRUB_LINUXBIOS_MEMBER_LINK ++ && grub_linuxbios_check_signature ((grub_linuxbios_table_header_t) (grub_addr_t) ++ *(grub_uint64_t *) (table_item + 1))) ++ { ++ table_header = (grub_linuxbios_table_header_t) (grub_addr_t) ++ *(grub_uint64_t *) (table_item + 1); ++ goto signature_found; ++ } ++ if (hook (table_item, hook_data)) ++ return 1; ++ } ++ ++ return 0; ++} +diff --git a/grub-core/kern/i386/coreboot/mmap.c b/grub-core/kern/coreboot/mmap.c +similarity index 97% +rename from grub-core/kern/i386/coreboot/mmap.c +rename to grub-core/kern/coreboot/mmap.c +index 4d29f6b7d90591939cf5d837b39c5d259a55efb0..caf8f7cef1b4552c720eb3b7ca355eb6cec32955 100644 +--- a/grub-core/kern/i386/coreboot/mmap.c ++++ b/grub-core/kern/coreboot/mmap.c +@@ -16,8 +16,8 @@ + * along with GRUB. If not, see . + */ + +-#include +-#include ++#include ++#include + #include + #include + #include +@@ -49,6 +49,7 @@ iterate_linuxbios_table (grub_linuxbios_table_item_t table_item, void *data) + { + grub_uint64_t start = mem_region->addr; + grub_uint64_t end = mem_region->addr + mem_region->size; ++#ifdef __i386__ + /* Mark region 0xa0000 - 0x100000 as reserved. */ + if (start < 0x100000 && end >= 0xa0000 + && mem_region->type == GRUB_MACHINE_MEMORY_AVAILABLE) +@@ -75,6 +76,7 @@ iterate_linuxbios_table (grub_linuxbios_table_item_t table_item, void *data) + if (end <= start) + continue; + } ++#endif + if (ctx->hook (start, end - start, + /* Multiboot mmaps match with the coreboot mmap + definition. Therefore, we can just pass type +diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c +index d467785fc6ce0763ec1392a65d6b30f1747ab5c4..708581fcbde007fc0174be636771b401d5e69ea2 100644 +--- a/grub-core/kern/efi/efi.c ++++ b/grub-core/kern/efi/efi.c +@@ -154,6 +154,15 @@ grub_efi_get_loaded_image (grub_efi_handle_t image_handle) + GRUB_EFI_OPEN_PROTOCOL_GET_PROTOCOL); + } + ++void ++grub_reboot (void) ++{ ++ grub_machine_fini (GRUB_LOADER_FLAG_NORETURN); ++ efi_call_4 (grub_efi_system_table->runtime_services->reset_system, ++ GRUB_EFI_RESET_COLD, GRUB_EFI_SUCCESS, 0, NULL); ++ for (;;) ; ++} ++ + void + grub_exit (void) + { +diff --git a/grub-core/kern/efi/init.c b/grub-core/kern/efi/init.c +index 2c31847bf6db77fab377c90e7ed36897439d6027..3dfdf2d22b02ae8847a3e19a175517d2d71544fa 100644 +--- a/grub-core/kern/efi/init.c ++++ b/grub-core/kern/efi/init.c +@@ -80,4 +80,5 @@ grub_efi_fini (void) + { + grub_efidisk_fini (); + grub_console_fini (); ++ grub_efi_memory_fini (); + } +diff --git a/grub-core/kern/efi/mm.c b/grub-core/kern/efi/mm.c +index 20a47aaf5d0df376090510ddb8337ecc8aa18e98..42ad7c570a5532c4f6a5bef9d1ff3295f413aa11 100644 +--- a/grub-core/kern/efi/mm.c ++++ b/grub-core/kern/efi/mm.c +@@ -49,38 +49,86 @@ static grub_efi_uintn_t finish_desc_size; + static grub_efi_uint32_t finish_desc_version; + int grub_efi_is_finished = 0; + ++/* ++ * We need to roll back EFI allocations on exit. Remember allocations that ++ * we'll free on exit. ++ */ ++struct efi_allocation; ++struct efi_allocation { ++ grub_efi_physical_address_t address; ++ grub_efi_uint64_t pages; ++ struct efi_allocation *next; ++}; ++static struct efi_allocation *efi_allocated_memory; ++ ++static void ++grub_efi_store_alloc (grub_efi_physical_address_t address, ++ grub_efi_uintn_t pages) ++{ ++ grub_efi_boot_services_t *b; ++ struct efi_allocation *alloc; ++ grub_efi_status_t status; ++ ++ b = grub_efi_system_table->boot_services; ++ status = efi_call_3 (b->allocate_pool, GRUB_EFI_LOADER_DATA, ++ sizeof(*alloc), (void**)&alloc); ++ ++ if (status == GRUB_EFI_SUCCESS) ++ { ++ alloc->next = efi_allocated_memory; ++ alloc->address = address; ++ alloc->pages = pages; ++ efi_allocated_memory = alloc; ++ } ++ else ++ grub_printf ("Could not malloc memory to remember EFI allocation. " ++ "Exiting GRUB won't free all memory.\n"); ++} ++ ++static void ++grub_efi_drop_alloc (grub_efi_physical_address_t address, ++ grub_efi_uintn_t pages) ++{ ++ struct efi_allocation *ea, *eap; ++ grub_efi_boot_services_t *b; ++ ++ b = grub_efi_system_table->boot_services; ++ ++ for (eap = NULL, ea = efi_allocated_memory; ea; eap = ea, ea = ea->next) ++ { ++ if (ea->address != address || ea->pages != pages) ++ continue; ++ ++ /* Remove the current entry from the list. */ ++ if (eap) ++ eap->next = ea->next; ++ else ++ efi_allocated_memory = ea->next; ++ ++ /* Then free the memory backing it. */ ++ efi_call_1 (b->free_pool, ea); ++ ++ /* And leave, we're done. */ ++ break; ++ } ++} ++ + /* Allocate pages. Return the pointer to the first of allocated pages. */ + void * +-grub_efi_allocate_pages (grub_efi_physical_address_t address, +- grub_efi_uintn_t pages) ++grub_efi_allocate_pages_real (grub_efi_physical_address_t address, ++ grub_efi_uintn_t pages, ++ grub_efi_allocate_type_t alloctype, ++ grub_efi_memory_type_t memtype) + { +- grub_efi_allocate_type_t type; + grub_efi_status_t status; + grub_efi_boot_services_t *b; + +-#if 1 + /* Limit the memory access to less than 4GB for 32-bit platforms. */ + if (address > GRUB_EFI_MAX_USABLE_ADDRESS) + return 0; +-#endif +- +-#if 1 +- if (address == 0) +- { +- type = GRUB_EFI_ALLOCATE_MAX_ADDRESS; +- address = GRUB_EFI_MAX_USABLE_ADDRESS; +- } +- else +- type = GRUB_EFI_ALLOCATE_ADDRESS; +-#else +- if (address == 0) +- type = GRUB_EFI_ALLOCATE_ANY_PAGES; +- else +- type = GRUB_EFI_ALLOCATE_ADDRESS; +-#endif + + b = grub_efi_system_table->boot_services; +- status = efi_call_4 (b->allocate_pages, type, GRUB_EFI_LOADER_DATA, pages, &address); ++ status = efi_call_4 (b->allocate_pages, alloctype, memtype, pages, &address); + if (status != GRUB_EFI_SUCCESS) + return 0; + +@@ -89,15 +137,34 @@ grub_efi_allocate_pages (grub_efi_physical_address_t address, + /* Uggh, the address 0 was allocated... This is too annoying, + so reallocate another one. */ + address = GRUB_EFI_MAX_USABLE_ADDRESS; +- status = efi_call_4 (b->allocate_pages, type, GRUB_EFI_LOADER_DATA, pages, &address); ++ status = efi_call_4 (b->allocate_pages, alloctype, memtype, pages, &address); + grub_efi_free_pages (0, pages); + if (status != GRUB_EFI_SUCCESS) + return 0; + } + ++ grub_efi_store_alloc (address, pages); ++ + return (void *) ((grub_addr_t) address); + } + ++void * ++grub_efi_allocate_any_pages (grub_efi_uintn_t pages) ++{ ++ return grub_efi_allocate_pages_real (GRUB_EFI_MAX_USABLE_ADDRESS, ++ pages, GRUB_EFI_ALLOCATE_MAX_ADDRESS, ++ GRUB_EFI_LOADER_DATA); ++} ++ ++void * ++grub_efi_allocate_fixed (grub_efi_physical_address_t address, ++ grub_efi_uintn_t pages) ++{ ++ return grub_efi_allocate_pages_real (address, pages, ++ GRUB_EFI_ALLOCATE_ADDRESS, ++ GRUB_EFI_LOADER_DATA); ++} ++ + /* Free pages starting from ADDRESS. */ + void + grub_efi_free_pages (grub_efi_physical_address_t address, +@@ -107,6 +174,8 @@ grub_efi_free_pages (grub_efi_physical_address_t address, + + b = grub_efi_system_table->boot_services; + efi_call_2 (b->free_pages, address, pages); ++ ++ grub_efi_drop_alloc (address, pages); + } + + #if defined (__i386__) || defined (__x86_64__) +@@ -217,6 +286,30 @@ grub_efi_finish_boot_services (grub_efi_uintn_t *outbuf_size, void *outbuf, + return GRUB_ERR_NONE; + } + ++/* ++ * To obtain the UEFI memory map, we must pass a buffer of sufficient size ++ * to hold the entire map. This function returns a sane start value for ++ * buffer size. ++ */ ++grub_efi_uintn_t ++grub_efi_find_mmap_size (void) ++{ ++ grub_efi_uintn_t mmap_size = 0; ++ grub_efi_uintn_t desc_size; ++ ++ if (grub_efi_get_memory_map (&mmap_size, NULL, NULL, &desc_size, 0) < 0) ++ { ++ grub_error (GRUB_ERR_IO, "cannot get EFI memory map size"); ++ return 0; ++ } ++ ++ /* ++ * Add an extra page, since UEFI can alter the memory map itself on ++ * callbacks or explicit calls, including console output. ++ */ ++ return ALIGN_UP (mmap_size + GRUB_EFI_PAGE_SIZE, GRUB_EFI_PAGE_SIZE); ++} ++ + /* Get the memory map as defined in the EFI spec. Return 1 if successful, + return 0 if partial, or return -1 if an error occurs. */ + int +@@ -402,7 +495,9 @@ add_memory_regions (grub_efi_memory_descriptor_t *memory_map, + pages = required_pages; + } + +- addr = grub_efi_allocate_pages (start, pages); ++ addr = grub_efi_allocate_pages_real (start, pages, ++ GRUB_EFI_ALLOCATE_ADDRESS, ++ GRUB_EFI_LOADER_CODE); + if (! addr) + grub_fatal ("cannot allocate conventional memory %p with %u pages", + (void *) ((grub_addr_t) start), +@@ -419,6 +514,20 @@ add_memory_regions (grub_efi_memory_descriptor_t *memory_map, + grub_fatal ("too little memory"); + } + ++void ++grub_efi_memory_fini (void) ++{ ++ /* ++ * Free all stale allocations. grub_efi_free_pages() will remove ++ * the found entry from the list and it will always find the first ++ * list entry (efi_allocated_memory is the list start). Hence we ++ * remove all entries from the list until none is left altogether. ++ */ ++ while (efi_allocated_memory) ++ grub_efi_free_pages (efi_allocated_memory->address, ++ efi_allocated_memory->pages); ++} ++ + #if 0 + /* Print the memory map. */ + static void +@@ -454,8 +563,7 @@ grub_efi_mm_init (void) + int mm_status; + + /* Prepare a memory region to store two memory maps. */ +- memory_map = grub_efi_allocate_pages (0, +- 2 * BYTES_TO_PAGES (MEMORY_MAP_SIZE)); ++ memory_map = grub_efi_allocate_any_pages (2 * BYTES_TO_PAGES (MEMORY_MAP_SIZE)); + if (! memory_map) + grub_fatal ("cannot allocate memory"); + +@@ -473,7 +581,7 @@ grub_efi_mm_init (void) + /* Freeing/allocating operations may increase memory map size. */ + map_size += desc_size * 32; + +- memory_map = grub_efi_allocate_pages (0, 2 * BYTES_TO_PAGES (map_size)); ++ memory_map = grub_efi_allocate_any_pages (2 * BYTES_TO_PAGES (map_size)); + if (! memory_map) + grub_fatal ("cannot allocate memory"); + +@@ -525,3 +633,34 @@ grub_efi_mm_init (void) + grub_efi_free_pages ((grub_addr_t) memory_map, + 2 * BYTES_TO_PAGES (MEMORY_MAP_SIZE)); + } ++ ++#if defined (__aarch64__) || defined (__arm__) ++grub_err_t ++grub_efi_get_ram_base(grub_addr_t *base_addr) ++{ ++ grub_efi_memory_descriptor_t *memory_map, *desc; ++ grub_efi_uintn_t memory_map_size, desc_size; ++ int ret; ++ ++ memory_map_size = grub_efi_find_mmap_size(); ++ ++ memory_map = grub_malloc (memory_map_size); ++ if (! memory_map) ++ return GRUB_ERR_OUT_OF_MEMORY; ++ ret = grub_efi_get_memory_map (&memory_map_size, memory_map, NULL, ++ &desc_size, NULL); ++ ++ if (ret < 1) ++ return GRUB_ERR_BUG; ++ ++ for (desc = memory_map, *base_addr = GRUB_UINT_MAX; ++ (grub_addr_t) desc < ((grub_addr_t) memory_map + memory_map_size); ++ desc = NEXT_MEMORY_DESCRIPTOR (desc, desc_size)) ++ if (desc->attribute & GRUB_EFI_MEMORY_WB) ++ *base_addr = grub_min (*base_addr, desc->physical_start); ++ ++ grub_free(memory_map); ++ ++ return GRUB_ERR_NONE; ++} ++#endif +diff --git a/grub-core/kern/i386/coreboot/cbtable.c b/grub-core/kern/i386/coreboot/cbtable.c +index 1669bc0ca23a2fe5dcfb8e2b6c973ddb5e27e880..34a2b59be1ffa926e9dcc931140695cc82be223c 100644 +--- a/grub-core/kern/i386/coreboot/cbtable.c ++++ b/grub-core/kern/i386/coreboot/cbtable.c +@@ -17,7 +17,7 @@ + */ + + #include +-#include ++#include + #include + #include + #include +@@ -25,59 +25,20 @@ + + GRUB_MOD_LICENSE ("GPLv3+"); + +-/* Helper for grub_linuxbios_table_iterate. */ +-static int +-check_signature (grub_linuxbios_table_header_t tbl_header) +-{ +- if (! grub_memcmp (tbl_header->signature, "LBIO", 4)) +- return 1; +- +- return 0; +-} +- +-grub_err_t +-grub_linuxbios_table_iterate (int (*hook) (grub_linuxbios_table_item_t, +- void *), +- void *hook_data) ++grub_linuxbios_table_header_t ++grub_linuxbios_get_tables (void) + { + grub_linuxbios_table_header_t table_header; +- grub_linuxbios_table_item_t table_item; +- + /* Assuming table_header is aligned to its size (8 bytes). */ +- + for (table_header = (grub_linuxbios_table_header_t) 0x500; + table_header < (grub_linuxbios_table_header_t) 0x1000; table_header++) +- if (check_signature (table_header)) +- goto signature_found; ++ if (grub_linuxbios_check_signature (table_header)) ++ return table_header; + + for (table_header = (grub_linuxbios_table_header_t) 0xf0000; + table_header < (grub_linuxbios_table_header_t) 0x100000; table_header++) +- if (check_signature (table_header)) +- goto signature_found; +- +- return 0; +- +-signature_found: +- +- table_item = +- (grub_linuxbios_table_item_t) ((char *) table_header + +- table_header->header_size); +- for (; table_item < (grub_linuxbios_table_item_t) ((char *) table_header +- + table_header->header_size +- + table_header->table_size); +- table_item = (grub_linuxbios_table_item_t) ((char *) table_item + table_item->size)) +- { +- if (table_item->tag == GRUB_LINUXBIOS_MEMBER_LINK +- && check_signature ((grub_linuxbios_table_header_t) (grub_addr_t) +- *(grub_uint64_t *) (table_item + 1))) +- { +- table_header = (grub_linuxbios_table_header_t) (grub_addr_t) +- *(grub_uint64_t *) (table_item + 1); +- goto signature_found; +- } +- if (hook (table_item, hook_data)) +- return 1; +- } ++ if (grub_linuxbios_check_signature (table_header)) ++ return table_header; + + return 0; + } +diff --git a/grub-core/kern/i386/tsc.c b/grub-core/kern/i386/tsc.c +index 2e85289d848946da8260b826ed36114557299278..f266eb13185f20dd4c8f67fdffa9a4790d9e01da 100644 +--- a/grub-core/kern/i386/tsc.c ++++ b/grub-core/kern/i386/tsc.c +@@ -68,7 +68,7 @@ grub_tsc_init (void) + #ifdef GRUB_MACHINE_XEN + (void) (grub_tsc_calibrate_from_xen () || calibrate_tsc_hardcode()); + #elif defined (GRUB_MACHINE_EFI) +- (void) (grub_tsc_calibrate_from_pit () || grub_tsc_calibrate_from_pmtimer () || grub_tsc_calibrate_from_efi() || calibrate_tsc_hardcode()); ++ (void) (grub_tsc_calibrate_from_pmtimer () || grub_tsc_calibrate_from_pit () || grub_tsc_calibrate_from_efi() || calibrate_tsc_hardcode()); + #elif defined (GRUB_MACHINE_COREBOOT) + (void) (grub_tsc_calibrate_from_pmtimer () || grub_tsc_calibrate_from_pit () || calibrate_tsc_hardcode()); + #else +diff --git a/grub-core/kern/ieee1275/ieee1275.c b/grub-core/kern/ieee1275/ieee1275.c +index 98217029f458dcef3a5b227b300762ff14cf8c52..86f81a3c4671be293d823cd3235a66dff9774faa 100644 +--- a/grub-core/kern/ieee1275/ieee1275.c ++++ b/grub-core/kern/ieee1275/ieee1275.c +@@ -19,6 +19,7 @@ + + #include + #include ++#include + + #define IEEE1275_PHANDLE_INVALID ((grub_ieee1275_cell_t) -1) + #define IEEE1275_IHANDLE_INVALID ((grub_ieee1275_cell_t) 0) +@@ -482,6 +483,91 @@ grub_ieee1275_close (grub_ieee1275_ihandle_t ihandle) + return 0; + } + ++int ++grub_ieee1275_decode_unit4 (grub_ieee1275_ihandle_t ihandle, ++ void *addr, grub_size_t size, ++ grub_uint32_t *phy_lo, grub_uint32_t *phy_hi, ++ grub_uint32_t *lun_lo, grub_uint32_t *lun_hi) ++{ ++ struct decode_args ++ { ++ struct grub_ieee1275_common_hdr common; ++ grub_ieee1275_cell_t method; ++ grub_ieee1275_cell_t ihandle; ++ grub_ieee1275_cell_t size; ++ grub_ieee1275_cell_t addr; ++ grub_ieee1275_cell_t catch_result; ++ grub_ieee1275_cell_t tgt_h; ++ grub_ieee1275_cell_t tgt_l; ++ grub_ieee1275_cell_t lun_h; ++ grub_ieee1275_cell_t lun_l; ++ } ++ args; ++ ++ INIT_IEEE1275_COMMON (&args.common, "call-method", 4, 5); ++ args.method = (grub_ieee1275_cell_t) "decode-unit"; ++ args.ihandle = ihandle; ++ args.size = size; ++ args.addr = (grub_ieee1275_cell_t) addr; ++ args.catch_result = 1; ++ ++ if ((IEEE1275_CALL_ENTRY_FN (&args) == -1) || (args.catch_result)) ++ { ++ grub_error (GRUB_ERR_OUT_OF_RANGE, "decode-unit failed\n"); ++ return -1; ++ } ++ ++ *phy_lo = args.tgt_l; ++ *phy_hi = args.tgt_h; ++ *lun_lo = args.lun_l; ++ *lun_hi = args.lun_h; ++ return 0; ++} ++ ++char * ++grub_ieee1275_encode_uint4 (grub_ieee1275_ihandle_t ihandle, ++ grub_uint32_t phy_lo, grub_uint32_t phy_hi, ++ grub_uint32_t lun_lo, grub_uint32_t lun_hi, ++ grub_size_t *size) ++{ ++ char *addr; ++ struct encode_args ++ { ++ struct grub_ieee1275_common_hdr common; ++ grub_ieee1275_cell_t method; ++ grub_ieee1275_cell_t ihandle; ++ grub_ieee1275_cell_t tgt_h; ++ grub_ieee1275_cell_t tgt_l; ++ grub_ieee1275_cell_t lun_h; ++ grub_ieee1275_cell_t lun_l; ++ grub_ieee1275_cell_t catch_result; ++ grub_ieee1275_cell_t size; ++ grub_ieee1275_cell_t addr; ++ } ++ args; ++ ++ INIT_IEEE1275_COMMON (&args.common, "call-method", 6, 3); ++ args.method = (grub_ieee1275_cell_t) "encode-unit"; ++ args.ihandle = ihandle; ++ ++ args.tgt_l = phy_lo; ++ args.tgt_h = phy_hi; ++ args.lun_l = lun_lo; ++ args.lun_h = lun_hi; ++ args.catch_result = 1; ++ ++ if ((IEEE1275_CALL_ENTRY_FN (&args) == -1) || (args.catch_result)) ++ { ++ grub_error (GRUB_ERR_OUT_OF_RANGE, "encode-unit failed\n"); ++ return 0; ++ } ++ ++ addr = (void *)args.addr; ++ *size = args.size; ++ addr = grub_strdup ((char *)args.addr); ++ return addr; ++} ++ + int + grub_ieee1275_claim (grub_addr_t addr, grub_size_t size, unsigned int align, + grub_addr_t *result) +@@ -607,3 +693,117 @@ grub_ieee1275_milliseconds (grub_uint32_t *msecs) + *msecs = args.msecs; + return 0; + } ++ ++int ++grub_ieee1275_set_address (grub_ieee1275_ihandle_t ihandle, ++ grub_uint32_t target, grub_uint32_t lun) ++{ ++ struct set_address ++ { ++ struct grub_ieee1275_common_hdr common; ++ grub_ieee1275_cell_t method; ++ grub_ieee1275_cell_t ihandle; ++ grub_ieee1275_cell_t tgt; ++ grub_ieee1275_cell_t lun; ++ grub_ieee1275_cell_t catch_result; ++ } ++ args; ++ ++ INIT_IEEE1275_COMMON (&args.common, "call-method", 4, 1); ++ ++ /* ++ * IEEE 1275-1994 Standard for Boot (Initialization Configuration) ++ * Firmware: Core Requirements and Practices ++ * E.3.2.2 Bus-specific methods for bus nodes ++ * ++ * A package implementing the scsi-2 device type shall implement the ++ * following bus-specific method: ++ * ++ * set-address ( unit# target# -- ) ++ * Sets the SCSI target number (0x0..0xf) and unit number (0..7) to which ++ * subsequent commands apply. ++ */ ++ args.method = (grub_ieee1275_cell_t) "set-address"; ++ args.ihandle = ihandle; ++ args.tgt = target; ++ args.lun = lun; ++ ++ if (IEEE1275_CALL_ENTRY_FN (&args) == -1) ++ return -1; ++ ++ return args.catch_result; ++} ++ ++int ++grub_ieee1275_no_data_command (grub_ieee1275_ihandle_t ihandle, ++ const void *cmd_addr, grub_ssize_t *result) ++{ ++ struct set_address ++ { ++ struct grub_ieee1275_common_hdr common; ++ grub_ieee1275_cell_t method; ++ grub_ieee1275_cell_t ihandle; ++ grub_ieee1275_cell_t cmd_addr; ++ grub_ieee1275_cell_t error; ++ grub_ieee1275_cell_t catch_result; ++ } ++ args; ++ ++ INIT_IEEE1275_COMMON (&args.common, "call-method", 3, 2); ++ ++ /* ++ * IEEE 1275-1994 Standard for Boot (Initialization Configuration) ++ * Firmware: Core Requirements and Practices ++ * ++ * E.3.2.2 Bus-specific methods for bus nodes ++ * ++ * A package implementing the scsi-2 device type shall implement the ++ * following bus-specific method: ++ * ++ * no-data-command ( cmd-addr -- error? ) ++ * Executes a simple SCSI command, automatically retrying under ++ * certain conditions. cmd-addr is the address of a 6-byte command buffer ++ * containing an SCSI command that does not have a data transfer phase. ++ * Executes the command, retrying indefinitely with the same retry criteria ++ * as retry-command. ++ * ++ * error? is nonzero if an error occurred, zero otherwise. ++ * NOTE no-data-command is a convenience function. It provides ++ * no capabilities that are not present in retry-command, but for ++ * those commands that meet its restrictions, it is easier to use. ++ */ ++ args.method = (grub_ieee1275_cell_t) "no-data-command"; ++ args.ihandle = ihandle; ++ args.cmd_addr = (grub_ieee1275_cell_t) cmd_addr; ++ ++ if (IEEE1275_CALL_ENTRY_FN (&args) == -1) ++ return -1; ++ ++ if (result) ++ *result = args.error; ++ ++ return args.catch_result; ++} ++ ++int ++grub_ieee1275_get_block_size (grub_ieee1275_ihandle_t ihandle) ++{ ++ struct size_args_ieee1275 ++ { ++ struct grub_ieee1275_common_hdr common; ++ grub_ieee1275_cell_t method; ++ grub_ieee1275_cell_t ihandle; ++ grub_ieee1275_cell_t result; ++ grub_ieee1275_cell_t size; ++ } args; ++ ++ INIT_IEEE1275_COMMON (&args.common, "call-method", 2, 2); ++ args.method = (grub_ieee1275_cell_t) "block-size"; ++ args.ihandle = ihandle; ++ args.result = 1; ++ ++ if ((IEEE1275_CALL_ENTRY_FN (&args) == -1) || (args.result)) ++ return 0; ++ ++ return args.size; ++} +diff --git a/grub-core/kern/ieee1275/init.c b/grub-core/kern/ieee1275/init.c +index 12590225eca1483066ea5e7b7443cea3198f6d9b..0d8ebf58b95e220b233e043d2b380007b48e1235 100644 +--- a/grub-core/kern/ieee1275/init.c ++++ b/grub-core/kern/ieee1275/init.c +@@ -94,28 +94,12 @@ void + grub_machine_get_bootlocation (char **device, char **path) + { + char *bootpath; +- grub_ssize_t bootpath_size; + char *filename; + char *type; + +- if (grub_ieee1275_get_property_length (grub_ieee1275_chosen, "bootpath", +- &bootpath_size) +- || bootpath_size <= 0) +- { +- /* Should never happen. */ +- grub_printf ("/chosen/bootpath property missing!\n"); +- return; +- } +- +- bootpath = (char *) grub_malloc ((grub_size_t) bootpath_size + 64); ++ bootpath = grub_ieee1275_get_boot_dev (); + if (! bootpath) +- { +- grub_print_error (); +- return; +- } +- grub_ieee1275_get_property (grub_ieee1275_chosen, "bootpath", bootpath, +- (grub_size_t) bootpath_size + 1, 0); +- bootpath[bootpath_size] = '\0'; ++ return; + + /* Transform an OF device path to a GRUB path. */ + +@@ -126,6 +110,8 @@ grub_machine_get_bootlocation (char **device, char **path) + char *ptr; + dev = grub_ieee1275_get_aliasdevname (bootpath); + canon = grub_ieee1275_canonicalise_devname (dev); ++ if (! canon) ++ return; + ptr = canon + grub_strlen (canon) - 1; + while (ptr > canon && (*ptr == ',' || *ptr == ':')) + ptr--; +diff --git a/grub-core/kern/ieee1275/openfw.c b/grub-core/kern/ieee1275/openfw.c +index ddb778340e4ab74148898b32cd27139fd4f1465b..62929d983bfaa2c83158ee4fe6797125c6d6b844 100644 +--- a/grub-core/kern/ieee1275/openfw.c ++++ b/grub-core/kern/ieee1275/openfw.c +@@ -561,3 +561,30 @@ grub_ieee1275_canonicalise_devname (const char *path) + return NULL; + } + ++char * ++grub_ieee1275_get_boot_dev (void) ++{ ++ char *bootpath; ++ grub_ssize_t bootpath_size; ++ ++ if (grub_ieee1275_get_property_length (grub_ieee1275_chosen, "bootpath", ++ &bootpath_size) ++ || bootpath_size <= 0) ++ { ++ /* Should never happen. */ ++ grub_printf ("/chosen/bootpath property missing!\n"); ++ return NULL; ++ } ++ ++ bootpath = (char *) grub_malloc ((grub_size_t) bootpath_size + 64); ++ if (! bootpath) ++ { ++ grub_print_error (); ++ return NULL; ++ } ++ grub_ieee1275_get_property (grub_ieee1275_chosen, "bootpath", bootpath, ++ (grub_size_t) bootpath_size + 1, 0); ++ bootpath[bootpath_size] = '\0'; ++ ++ return bootpath; ++} +diff --git a/grub-core/kern/misc.c b/grub-core/kern/misc.c +index d1a54df6c12e3358e07aa86366c65af22ca3af5c..3b633d51f4c63e2983e8b3419dc057437224fb93 100644 +--- a/grub-core/kern/misc.c ++++ b/grub-core/kern/misc.c +@@ -391,12 +391,13 @@ grub_strtoull (const char *str, char **end, int base) + unsigned long digit; + + digit = grub_tolower (*str) - '0'; +- if (digit > 9) +- { +- digit += '0' - 'a' + 10; +- if (digit >= (unsigned long) base) +- break; +- } ++ if (digit >= 'a' - '0') ++ digit += '0' - 'a' + 10; ++ else if (digit > 9) ++ break; ++ ++ if (digit >= (unsigned long) base) ++ break; + + found = 1; + +diff --git a/grub-core/kern/sparc64/ieee1275/ieee1275.c b/grub-core/kern/sparc64/ieee1275/ieee1275.c +index 53be692c3d88940572d423ceb09e4187372fcb5b..5a59aaf06193442fa5ec7a537c9cfb10dd3081aa 100644 +--- a/grub-core/kern/sparc64/ieee1275/ieee1275.c ++++ b/grub-core/kern/sparc64/ieee1275/ieee1275.c +@@ -89,3 +89,59 @@ grub_ieee1275_alloc_physmem (grub_addr_t *paddr, grub_size_t size, + + return args.catch_result; + } ++ ++grub_uint64_t ++grub_ieee1275_num_blocks (grub_ieee1275_ihandle_t ihandle) ++{ ++ struct nblocks_args_ieee1275 ++ { ++ struct grub_ieee1275_common_hdr common; ++ grub_ieee1275_cell_t method; ++ grub_ieee1275_cell_t ihandle; ++ grub_ieee1275_cell_t catch_result; ++ grub_ieee1275_cell_t blocks; ++ } ++ args; ++ ++ INIT_IEEE1275_COMMON (&args.common, "call-method", 2, 2); ++ args.method = (grub_ieee1275_cell_t) "#blocks"; ++ args.ihandle = ihandle; ++ args.catch_result = 1; ++ ++ if ((IEEE1275_CALL_ENTRY_FN (&args) == -1) || (args.catch_result != 0)) ++ return -1; ++ ++ /* ++ * If the number of blocks exceeds the range of an unsigned number, ++ * return 0 to alert the caller to try the #blocks64 command. ++ */ ++ if (args.blocks >= 0xffffffffULL) ++ return 0; ++ ++ return args.blocks; ++} ++ ++grub_uint64_t ++grub_ieee1275_num_blocks64 (grub_ieee1275_ihandle_t ihandle) ++{ ++ struct nblocks_args_ieee1275 ++ { ++ struct grub_ieee1275_common_hdr common; ++ grub_ieee1275_cell_t method; ++ grub_ieee1275_cell_t ihandle; ++ grub_ieee1275_cell_t catch_result; ++ grub_ieee1275_cell_t hi_blocks; ++ grub_ieee1275_cell_t lo_blocks; ++ } ++ args; ++ ++ INIT_IEEE1275_COMMON (&args.common, "call-method", 2, 3); ++ args.method = (grub_ieee1275_cell_t) "#blocks64"; ++ args.ihandle = ihandle; ++ args.catch_result = 1; ++ ++ if ((IEEE1275_CALL_ENTRY_FN (&args) == -1) || (args.catch_result != 0)) ++ return -1; ++ ++ return ((args.hi_blocks << 32) | (args.lo_blocks)); ++} +diff --git a/grub-core/kern/uboot/init.c b/grub-core/kern/uboot/init.c +index 5dcc106ed9bcc1fa2cdbe2ba6cbb9e709420ceb3..3e338645c573aa707343235029d9fc45d515a9dc 100644 +--- a/grub-core/kern/uboot/init.c ++++ b/grub-core/kern/uboot/init.c +@@ -36,30 +36,14 @@ + extern char __bss_start[]; + extern char _end[]; + extern grub_size_t grub_total_module_size; +-extern int (*grub_uboot_syscall_ptr) (int, int *, ...); + static unsigned long timer_start; + +-extern grub_uint32_t grub_uboot_machine_type; +-extern grub_addr_t grub_uboot_boot_data; +- + void + grub_exit (void) + { + grub_uboot_return (0); + } + +-grub_uint32_t +-grub_uboot_get_machine_type (void) +-{ +- return grub_uboot_machine_type; +-} +- +-grub_addr_t +-grub_uboot_get_boot_data (void) +-{ +- return grub_uboot_boot_data; +-} +- + static grub_uint64_t + uboot_timer_ms (void) + { +diff --git a/grub-core/kern/uboot/uboot.c b/grub-core/kern/uboot/uboot.c +index 6800a4beb1c4e83ef9f4ac5da872d2557d8471e1..cf0168e62ddd26db50efd2351499fa7f74fce26c 100644 +--- a/grub-core/kern/uboot/uboot.c ++++ b/grub-core/kern/uboot/uboot.c +@@ -39,48 +39,13 @@ + * returns: 0 if the call not found, 1 if serviced + */ + +-extern int (*grub_uboot_syscall_ptr) (int, int *, ...); + extern int grub_uboot_syscall (int, int *, ...); +-extern grub_addr_t grub_uboot_search_hint; + + static struct sys_info uboot_sys_info; + static struct mem_region uboot_mem_info[5]; + static struct device_info * devices; + static int num_devices; + +-int +-grub_uboot_api_init (void) +-{ +- struct api_signature *start, *end; +- struct api_signature *p; +- +- if (grub_uboot_search_hint) +- { +- /* Extended search range to work around Trim Slice U-Boot issue */ +- start = (struct api_signature *) ((grub_uboot_search_hint & ~0x000fffff) +- - 0x00500000); +- end = +- (struct api_signature *) ((grub_addr_t) start + UBOOT_API_SEARCH_LEN - +- API_SIG_MAGLEN + 0x00500000); +- } +- else +- { +- start = 0; +- end = (struct api_signature *) (256 * 1024 * 1024); +- } +- +- /* Structure alignment is (at least) 8 bytes */ +- for (p = start; p < end; p = (void *) ((grub_addr_t) p + 8)) +- { +- if (grub_memcmp (&(p->magic), API_SIG_MAGIC, API_SIG_MAGLEN) == 0) +- { +- grub_uboot_syscall_ptr = p->syscall; +- return p->version; +- } +- } +- +- return 0; +-} + + /* + * All functions below are wrappers around the grub_uboot_syscall() function +diff --git a/grub-core/kern/x86_64/dl.c b/grub-core/kern/x86_64/dl.c +index 44069067312a890b4e3ebb5130861ed23572bc54..3a73e6e6ce2c5aefc33313e583cb259ea9bc2645 100644 +--- a/grub-core/kern/x86_64/dl.c ++++ b/grub-core/kern/x86_64/dl.c +@@ -70,6 +70,7 @@ grub_arch_dl_relocate_symbols (grub_dl_t mod, void *ehdr, + break; + + case R_X86_64_PC32: ++ case R_X86_64_PLT32: + { + grub_int64_t value; + value = ((grub_int32_t) *addr32) + rel->r_addend + sym->st_value - +diff --git a/grub-core/lib/crypto.c b/grub-core/lib/crypto.c +index 683a8aaa711c4eab0208d116cd7275a6ac678986..ca334d5a40e0716bdc9afbb79135c47d174532da 100644 +--- a/grub-core/lib/crypto.c ++++ b/grub-core/lib/crypto.c +@@ -462,7 +462,7 @@ grub_password_get (char buf[], unsigned buf_size) + if (key == '\n' || key == '\r') + break; + +- if (key == '\e') ++ if (key == GRUB_TERM_ESC) + { + cur_len = 0; + break; +@@ -487,7 +487,7 @@ grub_password_get (char buf[], unsigned buf_size) + grub_xputs ("\n"); + grub_refresh (); + +- return (key != '\e'); ++ return (key != GRUB_TERM_ESC); + } + #endif + +diff --git a/grub-core/lib/uboot/datetime.c b/grub-core/lib/dummy/datetime.c +similarity index 91% +rename from grub-core/lib/uboot/datetime.c +rename to grub-core/lib/dummy/datetime.c +index 4be716928a55b789510dfdcdd1833e29e5cd11fe..cf693fc6b621376b5cae0ca0a74b4421799b5a9e 100644 +--- a/grub-core/lib/uboot/datetime.c ++++ b/grub-core/lib/dummy/datetime.c +@@ -18,7 +18,6 @@ + + #include + #include +-#include + #include + #include + +@@ -30,12 +29,12 @@ grub_err_t + grub_get_datetime (struct grub_datetime *datetime __attribute__ ((unused))) + { + return grub_error (GRUB_ERR_INVALID_COMMAND, +- "can\'t get datetime using U-Boot"); ++ "can\'t get datetime on this machine"); + } + + grub_err_t + grub_set_datetime (struct grub_datetime * datetime __attribute__ ((unused))) + { + return grub_error (GRUB_ERR_INVALID_COMMAND, +- "can\'t set datetime using U-Boot"); ++ "can\'t set datetime on this machine"); + } +diff --git a/grub-core/lib/uboot/halt.c b/grub-core/lib/dummy/halt.c +similarity index 100% +rename from grub-core/lib/uboot/halt.c +rename to grub-core/lib/dummy/halt.c +diff --git a/grub-core/lib/efi/reboot.c b/grub-core/lib/dummy/reboot.c +similarity index 77% +rename from grub-core/lib/efi/reboot.c +rename to grub-core/lib/dummy/reboot.c +index 7de8bcb5d6ea128dd406001d970d18ff00ea0f3c..b8cbed8f8117ca9c53cc2087dee87ae68876d64f 100644 +--- a/grub-core/lib/efi/reboot.c ++++ b/grub-core/lib/dummy/reboot.c +@@ -1,6 +1,6 @@ + /* + * GRUB -- GRand Unified Bootloader +- * Copyright (C) 2011 Free Software Foundation, Inc. ++ * Copyright (C) 2013 Free Software Foundation, Inc. + * + * GRUB is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by +@@ -16,10 +16,8 @@ + * along with GRUB. If not, see . + */ + +-#include +-#include +-#include + #include ++#include + #include + #include + +@@ -27,7 +25,8 @@ void + grub_reboot (void) + { + grub_machine_fini (GRUB_LOADER_FLAG_NORETURN); +- efi_call_4 (grub_efi_system_table->runtime_services->reset_system, +- GRUB_EFI_RESET_COLD, GRUB_EFI_SUCCESS, 0, NULL); +- for (;;) ; ++ ++ /* Just stop here */ ++ ++ while (1); + } +diff --git a/grub-core/lib/fdt.c b/grub-core/lib/fdt.c +index b5d520f208886aa663d4aac36cec9b43a2d0da42..0d371c5633e84bbf47114bfe2c23427982e25192 100644 +--- a/grub-core/lib/fdt.c ++++ b/grub-core/lib/fdt.c +@@ -41,11 +41,6 @@ GRUB_MOD_LICENSE ("GPLv3+"); + (2 * sizeof(grub_uint32_t) \ + + ALIGN_UP (grub_strlen (name) + 1, sizeof(grub_uint32_t))) + +-/* Size needed by a property entry: 1 token (FDT_PROPERTY), plus len and nameoff +- fields, plus the property value, plus padding if needed. */ +-#define prop_entry_size(prop_len) \ +- (3 * sizeof(grub_uint32_t) + ALIGN_UP(prop_len, sizeof(grub_uint32_t))) +- + #define SKIP_NODE_NAME(name, token, end) \ + name = (char *) ((token) + 1); \ + while (name < (char *) end) \ +@@ -86,7 +81,7 @@ static grub_uint32_t *get_next_node (const void *fdt, char *node_name) + case FDT_PROP: + /* Skip property token and following data (len, nameoff and property + value). */ +- token += prop_entry_size(grub_be_to_cpu32(*(token + 1))) ++ token += grub_fdt_prop_entry_size(grub_be_to_cpu32(*(token + 1))) + / sizeof(*token); + break; + case FDT_NOP: +@@ -102,13 +97,13 @@ static grub_uint32_t *get_next_node (const void *fdt, char *node_name) + static int get_mem_rsvmap_size (const void *fdt) + { + int size = 0; +- grub_uint64_t *ptr = (void *) ((grub_addr_t) fdt +- + grub_fdt_get_off_mem_rsvmap (fdt)); ++ grub_unaligned_uint64_t *ptr = (void *) ((grub_addr_t) fdt ++ + grub_fdt_get_off_mem_rsvmap (fdt)); + + do + { + size += 2 * sizeof(*ptr); +- if (!*ptr && !*(ptr + 1)) ++ if (!ptr[0].val && !ptr[1].val) + return size; + ptr += 2; + } while ((grub_addr_t) ptr <= (grub_addr_t) fdt + grub_fdt_get_totalsize (fdt) +@@ -150,7 +145,7 @@ static int add_subnode (void *fdt, int parentoffset, const char *name) + { + case FDT_PROP: + /* Skip len, nameoff and property value. */ +- token += prop_entry_size(grub_be_to_cpu32(*(token + 1))) ++ token += grub_fdt_prop_entry_size(grub_be_to_cpu32(*(token + 1))) + / sizeof(*token); + break; + case FDT_BEGIN_NODE: +@@ -229,7 +224,7 @@ static int rearrange_blocks (void *fdt, unsigned int clearance) + return 0; + } + +-static grub_uint32_t *find_prop (void *fdt, unsigned int nodeoffset, ++static grub_uint32_t *find_prop (const void *fdt, unsigned int nodeoffset, + const char *name) + { + grub_uint32_t *prop = (void *) ((grub_addr_t) fdt +@@ -249,12 +244,12 @@ static grub_uint32_t *find_prop (void *fdt, unsigned int nodeoffset, + && !grub_strcmp (name, (char *) fdt + + grub_fdt_get_off_dt_strings (fdt) + nameoff)) + { +- if (prop + prop_entry_size(grub_be_to_cpu32(*(prop + 1))) ++ if (prop + grub_fdt_prop_entry_size(grub_be_to_cpu32(*(prop + 1))) + / sizeof (*prop) >= end) + return NULL; + return prop; + } +- prop += prop_entry_size(grub_be_to_cpu32(*(prop + 1))) / sizeof (*prop); ++ prop += grub_fdt_prop_entry_size(grub_be_to_cpu32(*(prop + 1))) / sizeof (*prop); + } + else if (grub_be_to_cpu32(*prop) == FDT_NOP) + prop++; +@@ -268,9 +263,9 @@ static grub_uint32_t *find_prop (void *fdt, unsigned int nodeoffset, + the size allocated for the FDT; if this function is called before the other + functions in this file and returns success, the other functions are + guaranteed not to access memory locations outside the allocated memory. */ +-int grub_fdt_check_header_nosize (void *fdt) ++int grub_fdt_check_header_nosize (const void *fdt) + { +- if (((grub_addr_t) fdt & 0x7) || (grub_fdt_get_magic (fdt) != FDT_MAGIC) ++ if (((grub_addr_t) fdt & 0x3) || (grub_fdt_get_magic (fdt) != FDT_MAGIC) + || (grub_fdt_get_version (fdt) < FDT_SUPPORTED_VERSION) + || (grub_fdt_get_last_comp_version (fdt) > FDT_SUPPORTED_VERSION) + || (grub_fdt_get_off_dt_struct (fdt) & 0x00000003) +@@ -286,7 +281,7 @@ int grub_fdt_check_header_nosize (void *fdt) + return 0; + } + +-int grub_fdt_check_header (void *fdt, unsigned int size) ++int grub_fdt_check_header (const void *fdt, unsigned int size) + { + if (size < sizeof (grub_fdt_header_t) + || (grub_fdt_get_totalsize (fdt) > size) +@@ -295,52 +290,105 @@ int grub_fdt_check_header (void *fdt, unsigned int size) + return 0; + } + ++static const grub_uint32_t * ++advance_token (const void *fdt, const grub_uint32_t *token, const grub_uint32_t *end, int skip_current) ++{ ++ for (; token < end; skip_current = 0) ++ { ++ switch (grub_be_to_cpu32 (*token)) ++ { ++ case FDT_BEGIN_NODE: ++ if (skip_current) ++ { ++ token = get_next_node (fdt, (char *) (token + 1)); ++ continue; ++ } ++ char *ptr; ++ for (ptr = (char *) (token + 1); *ptr && ptr < (char *) end; ptr++) ++ ; ++ if (ptr >= (char *) end) ++ return 0; ++ return token; ++ case FDT_PROP: ++ /* Skip property token and following data (len, nameoff and property ++ value). */ ++ if (token >= end - 1) ++ return 0; ++ token += grub_fdt_prop_entry_size(grub_be_to_cpu32(*(token + 1))) ++ / sizeof(*token); ++ break; ++ case FDT_NOP: ++ token++; ++ break; ++ default: ++ return 0; ++ } ++ } ++ return 0; ++} ++ ++int grub_fdt_next_node (const void *fdt, unsigned int currentoffset) ++{ ++ const grub_uint32_t *token = (const grub_uint32_t *) fdt + (currentoffset + grub_fdt_get_off_dt_struct (fdt)) / 4; ++ token = advance_token (fdt, token, (const void *) struct_end (fdt), 1); ++ if (!token) ++ return -1; ++ return (int) ((grub_addr_t) token - (grub_addr_t) fdt ++ - grub_fdt_get_off_dt_struct (fdt)); ++} ++ ++int grub_fdt_first_node (const void *fdt, unsigned int parentoffset) ++{ ++ const grub_uint32_t *token, *end; ++ char *node_name; ++ ++ if (parentoffset & 0x3) ++ return -1; ++ token = (const void *) ((grub_addr_t) fdt + grub_fdt_get_off_dt_struct(fdt) ++ + parentoffset); ++ end = (const void *) struct_end (fdt); ++ if ((token >= end) || (grub_be_to_cpu32(*token) != FDT_BEGIN_NODE)) ++ return -1; ++ SKIP_NODE_NAME(node_name, token, end); ++ token = advance_token (fdt, token, end, 0); ++ if (!token) ++ return -1; ++ return (int) ((grub_addr_t) token - (grub_addr_t) fdt ++ - grub_fdt_get_off_dt_struct (fdt)); ++} ++ + /* Find a direct sub-node of a given parent node. */ + int grub_fdt_find_subnode (const void *fdt, unsigned int parentoffset, + const char *name) + { +- grub_uint32_t *token, *end; +- char *node_name; ++ const grub_uint32_t *token, *end; ++ const char *node_name; ++ int skip_current = 0; + + if (parentoffset & 0x3) + return -1; +- token = (void *) ((grub_addr_t) fdt + grub_fdt_get_off_dt_struct(fdt) ++ token = (const void *) ((grub_addr_t) fdt + grub_fdt_get_off_dt_struct(fdt) + + parentoffset); +- end = (void *) struct_end (fdt); ++ end = (const void *) struct_end (fdt); + if ((token >= end) || (grub_be_to_cpu32(*token) != FDT_BEGIN_NODE)) + return -1; + SKIP_NODE_NAME(node_name, token, end); +- while (token < end) +- { +- switch (grub_be_to_cpu32(*token)) +- { +- case FDT_BEGIN_NODE: +- node_name = (char *) (token + 1); +- if (node_name + grub_strlen (name) >= (char *) end) +- return -1; +- if (!grub_strcmp (node_name, name)) +- return (int) ((grub_addr_t) token - (grub_addr_t) fdt +- - grub_fdt_get_off_dt_struct (fdt)); +- token = get_next_node (fdt, node_name); +- if (!token) +- return -1; +- break; +- case FDT_PROP: +- /* Skip property token and following data (len, nameoff and property +- value). */ +- if (token >= end - 1) +- return -1; +- token += prop_entry_size(grub_be_to_cpu32(*(token + 1))) +- / sizeof(*token); +- break; +- case FDT_NOP: +- token++; +- break; +- default: +- return -1; +- } ++ while (1) { ++ token = advance_token (fdt, token, end, skip_current); ++ if (!token) ++ return -1; ++ skip_current = 1; ++ node_name = (const char *) token + 4; ++ if (grub_strcmp (node_name, name) == 0) ++ return (int) ((grub_addr_t) token - (grub_addr_t) fdt ++ - grub_fdt_get_off_dt_struct (fdt)); + } +- return -1; ++} ++ ++const char * ++grub_fdt_get_nodename (const void *fdt, unsigned int nodeoffset) ++{ ++ return (const char *) fdt + grub_fdt_get_off_dt_struct(fdt) + nodeoffset + 4; + } + + int grub_fdt_add_subnode (void *fdt, unsigned int parentoffset, +@@ -359,6 +407,24 @@ int grub_fdt_add_subnode (void *fdt, unsigned int parentoffset, + return add_subnode (fdt, parentoffset, name); + } + ++const void * ++grub_fdt_get_prop (const void *fdt, unsigned int nodeoffset, const char *name, ++ grub_uint32_t *len) ++{ ++ grub_uint32_t *prop; ++ if ((nodeoffset >= grub_fdt_get_size_dt_struct (fdt)) || (nodeoffset & 0x3) ++ || (grub_be_to_cpu32(*(grub_uint32_t *) ((grub_addr_t) fdt ++ + grub_fdt_get_off_dt_struct (fdt) + nodeoffset)) ++ != FDT_BEGIN_NODE)) ++ return 0; ++ prop = find_prop (fdt, nodeoffset, name); ++ if (!prop) ++ return 0; ++ if (len) ++ *len = grub_be_to_cpu32 (*(prop + 1)); ++ return prop + 3; ++} ++ + int grub_fdt_set_prop (void *fdt, unsigned int nodeoffset, const char *name, + const void *val, grub_uint32_t len) + { +@@ -396,12 +462,12 @@ int grub_fdt_set_prop (void *fdt, unsigned int nodeoffset, const char *name, + unsigned int needed_space = 0; + + if (!prop) +- needed_space = prop_entry_size(len); ++ needed_space = grub_fdt_prop_entry_size(len); + if (!prop_name_present) + needed_space += grub_strlen (name) + 1; + if (needed_space > get_free_space (fdt)) + return -1; +- if (rearrange_blocks (fdt, !prop ? prop_entry_size(len) : 0) < 0) ++ if (rearrange_blocks (fdt, !prop ? grub_fdt_prop_entry_size(len) : 0) < 0) + return -1; + } + if (!prop_name_present) { +@@ -418,10 +484,10 @@ int grub_fdt_set_prop (void *fdt, unsigned int nodeoffset, const char *name, + + sizeof(grub_uint32_t)); + + prop = (void *) (node_name + ALIGN_UP(grub_strlen(node_name) + 1, 4)); +- grub_memmove (prop + prop_entry_size(len) / sizeof(*prop), prop, ++ grub_memmove (prop + grub_fdt_prop_entry_size(len) / sizeof(*prop), prop, + struct_end(fdt) - (grub_addr_t) prop); + grub_fdt_set_size_dt_struct (fdt, grub_fdt_get_size_dt_struct (fdt) +- + prop_entry_size(len)); ++ + grub_fdt_prop_entry_size(len)); + *prop = grub_cpu_to_be32_compile_time (FDT_PROP); + *(prop + 2) = grub_cpu_to_be32 (nameoff); + } +@@ -429,7 +495,7 @@ int grub_fdt_set_prop (void *fdt, unsigned int nodeoffset, const char *name, + + /* Insert padding bytes at the end of the value; if they are not needed, they + will be overwritten by the following memcpy. */ +- *(prop + prop_entry_size(len) / sizeof(grub_uint32_t) - 1) = 0; ++ *(prop + grub_fdt_prop_entry_size(len) / sizeof(grub_uint32_t) - 1) = 0; + + grub_memcpy (prop + 3, val, len); + return 0; +diff --git a/grub-core/lib/i386/reboot.c b/grub-core/lib/i386/reboot.c +index a234244dce5b4c5afd5c68e579c4519a870cda36..dce0b563dcd39ce7acc6d5ec0cc759e67c8c8b87 100644 +--- a/grub-core/lib/i386/reboot.c ++++ b/grub-core/lib/i386/reboot.c +@@ -16,6 +16,8 @@ + * along with GRUB. If not, see . + */ + ++#ifndef GRUB_MACHINE_EFI ++ + #include + #include + #include +@@ -58,3 +60,5 @@ grub_reboot (void) + + while (1); + } ++ ++#endif /* GRUB_MACHINE_EFI */ +diff --git a/grub-core/lib/libgcrypt/cipher/crc.c b/grub-core/lib/libgcrypt/cipher/crc.c +index 9e406f1b19b4d1d49c1ba5140c47d630972c0d8e..28454f8ab728c657d0b440371765030deb35a407 100644 +--- a/grub-core/lib/libgcrypt/cipher/crc.c ++++ b/grub-core/lib/libgcrypt/cipher/crc.c +@@ -28,116 +28,8 @@ + #include "cipher.h" + + #include "bithelp.h" ++#include "bufhelp.h" + +-/* Table of CRCs of all 8-bit messages. Generated by running code +- from RFC 1952 modified to print out the table. */ +-static u32 crc32_table[256] = { +- 0x00000000, 0x77073096, 0xee0e612c, 0x990951ba, 0x076dc419, 0x706af48f, +- 0xe963a535, 0x9e6495a3, 0x0edb8832, 0x79dcb8a4, 0xe0d5e91e, 0x97d2d988, +- 0x09b64c2b, 0x7eb17cbd, 0xe7b82d07, 0x90bf1d91, 0x1db71064, 0x6ab020f2, +- 0xf3b97148, 0x84be41de, 0x1adad47d, 0x6ddde4eb, 0xf4d4b551, 0x83d385c7, +- 0x136c9856, 0x646ba8c0, 0xfd62f97a, 0x8a65c9ec, 0x14015c4f, 0x63066cd9, +- 0xfa0f3d63, 0x8d080df5, 0x3b6e20c8, 0x4c69105e, 0xd56041e4, 0xa2677172, +- 0x3c03e4d1, 0x4b04d447, 0xd20d85fd, 0xa50ab56b, 0x35b5a8fa, 0x42b2986c, +- 0xdbbbc9d6, 0xacbcf940, 0x32d86ce3, 0x45df5c75, 0xdcd60dcf, 0xabd13d59, +- 0x26d930ac, 0x51de003a, 0xc8d75180, 0xbfd06116, 0x21b4f4b5, 0x56b3c423, +- 0xcfba9599, 0xb8bda50f, 0x2802b89e, 0x5f058808, 0xc60cd9b2, 0xb10be924, +- 0x2f6f7c87, 0x58684c11, 0xc1611dab, 0xb6662d3d, 0x76dc4190, 0x01db7106, +- 0x98d220bc, 0xefd5102a, 0x71b18589, 0x06b6b51f, 0x9fbfe4a5, 0xe8b8d433, +- 0x7807c9a2, 0x0f00f934, 0x9609a88e, 0xe10e9818, 0x7f6a0dbb, 0x086d3d2d, +- 0x91646c97, 0xe6635c01, 0x6b6b51f4, 0x1c6c6162, 0x856530d8, 0xf262004e, +- 0x6c0695ed, 0x1b01a57b, 0x8208f4c1, 0xf50fc457, 0x65b0d9c6, 0x12b7e950, +- 0x8bbeb8ea, 0xfcb9887c, 0x62dd1ddf, 0x15da2d49, 0x8cd37cf3, 0xfbd44c65, +- 0x4db26158, 0x3ab551ce, 0xa3bc0074, 0xd4bb30e2, 0x4adfa541, 0x3dd895d7, +- 0xa4d1c46d, 0xd3d6f4fb, 0x4369e96a, 0x346ed9fc, 0xad678846, 0xda60b8d0, +- 0x44042d73, 0x33031de5, 0xaa0a4c5f, 0xdd0d7cc9, 0x5005713c, 0x270241aa, +- 0xbe0b1010, 0xc90c2086, 0x5768b525, 0x206f85b3, 0xb966d409, 0xce61e49f, +- 0x5edef90e, 0x29d9c998, 0xb0d09822, 0xc7d7a8b4, 0x59b33d17, 0x2eb40d81, +- 0xb7bd5c3b, 0xc0ba6cad, 0xedb88320, 0x9abfb3b6, 0x03b6e20c, 0x74b1d29a, +- 0xead54739, 0x9dd277af, 0x04db2615, 0x73dc1683, 0xe3630b12, 0x94643b84, +- 0x0d6d6a3e, 0x7a6a5aa8, 0xe40ecf0b, 0x9309ff9d, 0x0a00ae27, 0x7d079eb1, +- 0xf00f9344, 0x8708a3d2, 0x1e01f268, 0x6906c2fe, 0xf762575d, 0x806567cb, +- 0x196c3671, 0x6e6b06e7, 0xfed41b76, 0x89d32be0, 0x10da7a5a, 0x67dd4acc, +- 0xf9b9df6f, 0x8ebeeff9, 0x17b7be43, 0x60b08ed5, 0xd6d6a3e8, 0xa1d1937e, +- 0x38d8c2c4, 0x4fdff252, 0xd1bb67f1, 0xa6bc5767, 0x3fb506dd, 0x48b2364b, +- 0xd80d2bda, 0xaf0a1b4c, 0x36034af6, 0x41047a60, 0xdf60efc3, 0xa867df55, +- 0x316e8eef, 0x4669be79, 0xcb61b38c, 0xbc66831a, 0x256fd2a0, 0x5268e236, +- 0xcc0c7795, 0xbb0b4703, 0x220216b9, 0x5505262f, 0xc5ba3bbe, 0xb2bd0b28, +- 0x2bb45a92, 0x5cb36a04, 0xc2d7ffa7, 0xb5d0cf31, 0x2cd99e8b, 0x5bdeae1d, +- 0x9b64c2b0, 0xec63f226, 0x756aa39c, 0x026d930a, 0x9c0906a9, 0xeb0e363f, +- 0x72076785, 0x05005713, 0x95bf4a82, 0xe2b87a14, 0x7bb12bae, 0x0cb61b38, +- 0x92d28e9b, 0xe5d5be0d, 0x7cdcefb7, 0x0bdbdf21, 0x86d3d2d4, 0xf1d4e242, +- 0x68ddb3f8, 0x1fda836e, 0x81be16cd, 0xf6b9265b, 0x6fb077e1, 0x18b74777, +- 0x88085ae6, 0xff0f6a70, 0x66063bca, 0x11010b5c, 0x8f659eff, 0xf862ae69, +- 0x616bffd3, 0x166ccf45, 0xa00ae278, 0xd70dd2ee, 0x4e048354, 0x3903b3c2, +- 0xa7672661, 0xd06016f7, 0x4969474d, 0x3e6e77db, 0xaed16a4a, 0xd9d65adc, +- 0x40df0b66, 0x37d83bf0, 0xa9bcae53, 0xdebb9ec5, 0x47b2cf7f, 0x30b5ffe9, +- 0xbdbdf21c, 0xcabac28a, 0x53b39330, 0x24b4a3a6, 0xbad03605, 0xcdd70693, +- 0x54de5729, 0x23d967bf, 0xb3667a2e, 0xc4614ab8, 0x5d681b02, 0x2a6f2b94, +- 0xb40bbe37, 0xc30c8ea1, 0x5a05df1b, 0x2d02ef8d +-}; +- +-/* +- * The following function was extracted from RFC 1952 by Simon +- * Josefsson, for the Shishi project, and modified to be compatible +- * with the modified CRC-32 used by RFC 1510, and subsequently +- * modified for GNU Libgcrypt to allow it to be used for calculating +- * both unmodified CRC-32 and modified CRC-32 values. Original +- * copyright and notice from the document follows: +- * +- * Copyright (c) 1996 L. Peter Deutsch +- * +- * Permission is granted to copy and distribute this document for +- * any purpose and without charge, including translations into +- * other languages and incorporation into compilations, provided +- * that the copyright notice and this notice are preserved, and +- * that any substantive changes or deletions from the original are +- * clearly marked. +- * +- * The copyright on RFCs, and consequently the function below, are +- * supposedly also retroactively claimed by the Internet Society +- * (according to rfc-editor@rfc-editor.org), with the following +- * copyright notice: +- * +- * Copyright (C) The Internet Society. All Rights Reserved. +- * +- * This document and translations of it may be copied and furnished +- * to others, and derivative works that comment on or otherwise +- * explain it or assist in its implementation may be prepared, +- * copied, published and distributed, in whole or in part, without +- * restriction of any kind, provided that the above copyright +- * notice and this paragraph are included on all such copies and +- * derivative works. However, this document itself may not be +- * modified in any way, such as by removing the copyright notice or +- * references to the Internet Society or other Internet +- * organizations, except as needed for the purpose of developing +- * Internet standards in which case the procedures for copyrights +- * defined in the Internet Standards process must be followed, or +- * as required to translate it into languages other than English. +- * +- * The limited permissions granted above are perpetual and will not be +- * revoked by the Internet Society or its successors or assigns. +- * +- * This document and the information contained herein is provided +- * on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET +- * ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR +- * IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE +- * OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY +- * IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A +- * PARTICULAR PURPOSE. +- * +- */ +-static u32 +-update_crc32 (u32 crc, const void *buf_arg, size_t len) +-{ +- const char *buf = buf_arg; +- size_t n; +- +- for (n = 0; n < len; n++) +- crc = crc32_table[(crc ^ buf[n]) & 0xff] ^ (crc >> 8); +- +- return crc; +-} + + typedef struct + { +@@ -146,8 +38,302 @@ typedef struct + } + CRC_CONTEXT; + ++ ++/* ++ * Code generated by universal_crc by Danjel McGougan ++ * ++ * CRC parameters used: ++ * bits: 32 ++ * poly: 0x04c11db7 ++ * init: 0xffffffff ++ * xor: 0xffffffff ++ * reverse: true ++ * non-direct: false ++ * ++ * CRC of the string "123456789" is 0xcbf43926 ++ */ ++ ++static const u32 crc32_table[1024] = { ++ 0x00000000, 0x77073096, 0xee0e612c, 0x990951ba, ++ 0x076dc419, 0x706af48f, 0xe963a535, 0x9e6495a3, ++ 0x0edb8832, 0x79dcb8a4, 0xe0d5e91e, 0x97d2d988, ++ 0x09b64c2b, 0x7eb17cbd, 0xe7b82d07, 0x90bf1d91, ++ 0x1db71064, 0x6ab020f2, 0xf3b97148, 0x84be41de, ++ 0x1adad47d, 0x6ddde4eb, 0xf4d4b551, 0x83d385c7, ++ 0x136c9856, 0x646ba8c0, 0xfd62f97a, 0x8a65c9ec, ++ 0x14015c4f, 0x63066cd9, 0xfa0f3d63, 0x8d080df5, ++ 0x3b6e20c8, 0x4c69105e, 0xd56041e4, 0xa2677172, ++ 0x3c03e4d1, 0x4b04d447, 0xd20d85fd, 0xa50ab56b, ++ 0x35b5a8fa, 0x42b2986c, 0xdbbbc9d6, 0xacbcf940, ++ 0x32d86ce3, 0x45df5c75, 0xdcd60dcf, 0xabd13d59, ++ 0x26d930ac, 0x51de003a, 0xc8d75180, 0xbfd06116, ++ 0x21b4f4b5, 0x56b3c423, 0xcfba9599, 0xb8bda50f, ++ 0x2802b89e, 0x5f058808, 0xc60cd9b2, 0xb10be924, ++ 0x2f6f7c87, 0x58684c11, 0xc1611dab, 0xb6662d3d, ++ 0x76dc4190, 0x01db7106, 0x98d220bc, 0xefd5102a, ++ 0x71b18589, 0x06b6b51f, 0x9fbfe4a5, 0xe8b8d433, ++ 0x7807c9a2, 0x0f00f934, 0x9609a88e, 0xe10e9818, ++ 0x7f6a0dbb, 0x086d3d2d, 0x91646c97, 0xe6635c01, ++ 0x6b6b51f4, 0x1c6c6162, 0x856530d8, 0xf262004e, ++ 0x6c0695ed, 0x1b01a57b, 0x8208f4c1, 0xf50fc457, ++ 0x65b0d9c6, 0x12b7e950, 0x8bbeb8ea, 0xfcb9887c, ++ 0x62dd1ddf, 0x15da2d49, 0x8cd37cf3, 0xfbd44c65, ++ 0x4db26158, 0x3ab551ce, 0xa3bc0074, 0xd4bb30e2, ++ 0x4adfa541, 0x3dd895d7, 0xa4d1c46d, 0xd3d6f4fb, ++ 0x4369e96a, 0x346ed9fc, 0xad678846, 0xda60b8d0, ++ 0x44042d73, 0x33031de5, 0xaa0a4c5f, 0xdd0d7cc9, ++ 0x5005713c, 0x270241aa, 0xbe0b1010, 0xc90c2086, ++ 0x5768b525, 0x206f85b3, 0xb966d409, 0xce61e49f, ++ 0x5edef90e, 0x29d9c998, 0xb0d09822, 0xc7d7a8b4, ++ 0x59b33d17, 0x2eb40d81, 0xb7bd5c3b, 0xc0ba6cad, ++ 0xedb88320, 0x9abfb3b6, 0x03b6e20c, 0x74b1d29a, ++ 0xead54739, 0x9dd277af, 0x04db2615, 0x73dc1683, ++ 0xe3630b12, 0x94643b84, 0x0d6d6a3e, 0x7a6a5aa8, ++ 0xe40ecf0b, 0x9309ff9d, 0x0a00ae27, 0x7d079eb1, ++ 0xf00f9344, 0x8708a3d2, 0x1e01f268, 0x6906c2fe, ++ 0xf762575d, 0x806567cb, 0x196c3671, 0x6e6b06e7, ++ 0xfed41b76, 0x89d32be0, 0x10da7a5a, 0x67dd4acc, ++ 0xf9b9df6f, 0x8ebeeff9, 0x17b7be43, 0x60b08ed5, ++ 0xd6d6a3e8, 0xa1d1937e, 0x38d8c2c4, 0x4fdff252, ++ 0xd1bb67f1, 0xa6bc5767, 0x3fb506dd, 0x48b2364b, ++ 0xd80d2bda, 0xaf0a1b4c, 0x36034af6, 0x41047a60, ++ 0xdf60efc3, 0xa867df55, 0x316e8eef, 0x4669be79, ++ 0xcb61b38c, 0xbc66831a, 0x256fd2a0, 0x5268e236, ++ 0xcc0c7795, 0xbb0b4703, 0x220216b9, 0x5505262f, ++ 0xc5ba3bbe, 0xb2bd0b28, 0x2bb45a92, 0x5cb36a04, ++ 0xc2d7ffa7, 0xb5d0cf31, 0x2cd99e8b, 0x5bdeae1d, ++ 0x9b64c2b0, 0xec63f226, 0x756aa39c, 0x026d930a, ++ 0x9c0906a9, 0xeb0e363f, 0x72076785, 0x05005713, ++ 0x95bf4a82, 0xe2b87a14, 0x7bb12bae, 0x0cb61b38, ++ 0x92d28e9b, 0xe5d5be0d, 0x7cdcefb7, 0x0bdbdf21, ++ 0x86d3d2d4, 0xf1d4e242, 0x68ddb3f8, 0x1fda836e, ++ 0x81be16cd, 0xf6b9265b, 0x6fb077e1, 0x18b74777, ++ 0x88085ae6, 0xff0f6a70, 0x66063bca, 0x11010b5c, ++ 0x8f659eff, 0xf862ae69, 0x616bffd3, 0x166ccf45, ++ 0xa00ae278, 0xd70dd2ee, 0x4e048354, 0x3903b3c2, ++ 0xa7672661, 0xd06016f7, 0x4969474d, 0x3e6e77db, ++ 0xaed16a4a, 0xd9d65adc, 0x40df0b66, 0x37d83bf0, ++ 0xa9bcae53, 0xdebb9ec5, 0x47b2cf7f, 0x30b5ffe9, ++ 0xbdbdf21c, 0xcabac28a, 0x53b39330, 0x24b4a3a6, ++ 0xbad03605, 0xcdd70693, 0x54de5729, 0x23d967bf, ++ 0xb3667a2e, 0xc4614ab8, 0x5d681b02, 0x2a6f2b94, ++ 0xb40bbe37, 0xc30c8ea1, 0x5a05df1b, 0x2d02ef8d, ++ 0x00000000, 0x191b3141, 0x32366282, 0x2b2d53c3, ++ 0x646cc504, 0x7d77f445, 0x565aa786, 0x4f4196c7, ++ 0xc8d98a08, 0xd1c2bb49, 0xfaefe88a, 0xe3f4d9cb, ++ 0xacb54f0c, 0xb5ae7e4d, 0x9e832d8e, 0x87981ccf, ++ 0x4ac21251, 0x53d92310, 0x78f470d3, 0x61ef4192, ++ 0x2eaed755, 0x37b5e614, 0x1c98b5d7, 0x05838496, ++ 0x821b9859, 0x9b00a918, 0xb02dfadb, 0xa936cb9a, ++ 0xe6775d5d, 0xff6c6c1c, 0xd4413fdf, 0xcd5a0e9e, ++ 0x958424a2, 0x8c9f15e3, 0xa7b24620, 0xbea97761, ++ 0xf1e8e1a6, 0xe8f3d0e7, 0xc3de8324, 0xdac5b265, ++ 0x5d5daeaa, 0x44469feb, 0x6f6bcc28, 0x7670fd69, ++ 0x39316bae, 0x202a5aef, 0x0b07092c, 0x121c386d, ++ 0xdf4636f3, 0xc65d07b2, 0xed705471, 0xf46b6530, ++ 0xbb2af3f7, 0xa231c2b6, 0x891c9175, 0x9007a034, ++ 0x179fbcfb, 0x0e848dba, 0x25a9de79, 0x3cb2ef38, ++ 0x73f379ff, 0x6ae848be, 0x41c51b7d, 0x58de2a3c, ++ 0xf0794f05, 0xe9627e44, 0xc24f2d87, 0xdb541cc6, ++ 0x94158a01, 0x8d0ebb40, 0xa623e883, 0xbf38d9c2, ++ 0x38a0c50d, 0x21bbf44c, 0x0a96a78f, 0x138d96ce, ++ 0x5ccc0009, 0x45d73148, 0x6efa628b, 0x77e153ca, ++ 0xbabb5d54, 0xa3a06c15, 0x888d3fd6, 0x91960e97, ++ 0xded79850, 0xc7cca911, 0xece1fad2, 0xf5facb93, ++ 0x7262d75c, 0x6b79e61d, 0x4054b5de, 0x594f849f, ++ 0x160e1258, 0x0f152319, 0x243870da, 0x3d23419b, ++ 0x65fd6ba7, 0x7ce65ae6, 0x57cb0925, 0x4ed03864, ++ 0x0191aea3, 0x188a9fe2, 0x33a7cc21, 0x2abcfd60, ++ 0xad24e1af, 0xb43fd0ee, 0x9f12832d, 0x8609b26c, ++ 0xc94824ab, 0xd05315ea, 0xfb7e4629, 0xe2657768, ++ 0x2f3f79f6, 0x362448b7, 0x1d091b74, 0x04122a35, ++ 0x4b53bcf2, 0x52488db3, 0x7965de70, 0x607eef31, ++ 0xe7e6f3fe, 0xfefdc2bf, 0xd5d0917c, 0xcccba03d, ++ 0x838a36fa, 0x9a9107bb, 0xb1bc5478, 0xa8a76539, ++ 0x3b83984b, 0x2298a90a, 0x09b5fac9, 0x10aecb88, ++ 0x5fef5d4f, 0x46f46c0e, 0x6dd93fcd, 0x74c20e8c, ++ 0xf35a1243, 0xea412302, 0xc16c70c1, 0xd8774180, ++ 0x9736d747, 0x8e2de606, 0xa500b5c5, 0xbc1b8484, ++ 0x71418a1a, 0x685abb5b, 0x4377e898, 0x5a6cd9d9, ++ 0x152d4f1e, 0x0c367e5f, 0x271b2d9c, 0x3e001cdd, ++ 0xb9980012, 0xa0833153, 0x8bae6290, 0x92b553d1, ++ 0xddf4c516, 0xc4eff457, 0xefc2a794, 0xf6d996d5, ++ 0xae07bce9, 0xb71c8da8, 0x9c31de6b, 0x852aef2a, ++ 0xca6b79ed, 0xd37048ac, 0xf85d1b6f, 0xe1462a2e, ++ 0x66de36e1, 0x7fc507a0, 0x54e85463, 0x4df36522, ++ 0x02b2f3e5, 0x1ba9c2a4, 0x30849167, 0x299fa026, ++ 0xe4c5aeb8, 0xfdde9ff9, 0xd6f3cc3a, 0xcfe8fd7b, ++ 0x80a96bbc, 0x99b25afd, 0xb29f093e, 0xab84387f, ++ 0x2c1c24b0, 0x350715f1, 0x1e2a4632, 0x07317773, ++ 0x4870e1b4, 0x516bd0f5, 0x7a468336, 0x635db277, ++ 0xcbfad74e, 0xd2e1e60f, 0xf9ccb5cc, 0xe0d7848d, ++ 0xaf96124a, 0xb68d230b, 0x9da070c8, 0x84bb4189, ++ 0x03235d46, 0x1a386c07, 0x31153fc4, 0x280e0e85, ++ 0x674f9842, 0x7e54a903, 0x5579fac0, 0x4c62cb81, ++ 0x8138c51f, 0x9823f45e, 0xb30ea79d, 0xaa1596dc, ++ 0xe554001b, 0xfc4f315a, 0xd7626299, 0xce7953d8, ++ 0x49e14f17, 0x50fa7e56, 0x7bd72d95, 0x62cc1cd4, ++ 0x2d8d8a13, 0x3496bb52, 0x1fbbe891, 0x06a0d9d0, ++ 0x5e7ef3ec, 0x4765c2ad, 0x6c48916e, 0x7553a02f, ++ 0x3a1236e8, 0x230907a9, 0x0824546a, 0x113f652b, ++ 0x96a779e4, 0x8fbc48a5, 0xa4911b66, 0xbd8a2a27, ++ 0xf2cbbce0, 0xebd08da1, 0xc0fdde62, 0xd9e6ef23, ++ 0x14bce1bd, 0x0da7d0fc, 0x268a833f, 0x3f91b27e, ++ 0x70d024b9, 0x69cb15f8, 0x42e6463b, 0x5bfd777a, ++ 0xdc656bb5, 0xc57e5af4, 0xee530937, 0xf7483876, ++ 0xb809aeb1, 0xa1129ff0, 0x8a3fcc33, 0x9324fd72, ++ 0x00000000, 0x01c26a37, 0x0384d46e, 0x0246be59, ++ 0x0709a8dc, 0x06cbc2eb, 0x048d7cb2, 0x054f1685, ++ 0x0e1351b8, 0x0fd13b8f, 0x0d9785d6, 0x0c55efe1, ++ 0x091af964, 0x08d89353, 0x0a9e2d0a, 0x0b5c473d, ++ 0x1c26a370, 0x1de4c947, 0x1fa2771e, 0x1e601d29, ++ 0x1b2f0bac, 0x1aed619b, 0x18abdfc2, 0x1969b5f5, ++ 0x1235f2c8, 0x13f798ff, 0x11b126a6, 0x10734c91, ++ 0x153c5a14, 0x14fe3023, 0x16b88e7a, 0x177ae44d, ++ 0x384d46e0, 0x398f2cd7, 0x3bc9928e, 0x3a0bf8b9, ++ 0x3f44ee3c, 0x3e86840b, 0x3cc03a52, 0x3d025065, ++ 0x365e1758, 0x379c7d6f, 0x35dac336, 0x3418a901, ++ 0x3157bf84, 0x3095d5b3, 0x32d36bea, 0x331101dd, ++ 0x246be590, 0x25a98fa7, 0x27ef31fe, 0x262d5bc9, ++ 0x23624d4c, 0x22a0277b, 0x20e69922, 0x2124f315, ++ 0x2a78b428, 0x2bbade1f, 0x29fc6046, 0x283e0a71, ++ 0x2d711cf4, 0x2cb376c3, 0x2ef5c89a, 0x2f37a2ad, ++ 0x709a8dc0, 0x7158e7f7, 0x731e59ae, 0x72dc3399, ++ 0x7793251c, 0x76514f2b, 0x7417f172, 0x75d59b45, ++ 0x7e89dc78, 0x7f4bb64f, 0x7d0d0816, 0x7ccf6221, ++ 0x798074a4, 0x78421e93, 0x7a04a0ca, 0x7bc6cafd, ++ 0x6cbc2eb0, 0x6d7e4487, 0x6f38fade, 0x6efa90e9, ++ 0x6bb5866c, 0x6a77ec5b, 0x68315202, 0x69f33835, ++ 0x62af7f08, 0x636d153f, 0x612bab66, 0x60e9c151, ++ 0x65a6d7d4, 0x6464bde3, 0x662203ba, 0x67e0698d, ++ 0x48d7cb20, 0x4915a117, 0x4b531f4e, 0x4a917579, ++ 0x4fde63fc, 0x4e1c09cb, 0x4c5ab792, 0x4d98dda5, ++ 0x46c49a98, 0x4706f0af, 0x45404ef6, 0x448224c1, ++ 0x41cd3244, 0x400f5873, 0x4249e62a, 0x438b8c1d, ++ 0x54f16850, 0x55330267, 0x5775bc3e, 0x56b7d609, ++ 0x53f8c08c, 0x523aaabb, 0x507c14e2, 0x51be7ed5, ++ 0x5ae239e8, 0x5b2053df, 0x5966ed86, 0x58a487b1, ++ 0x5deb9134, 0x5c29fb03, 0x5e6f455a, 0x5fad2f6d, ++ 0xe1351b80, 0xe0f771b7, 0xe2b1cfee, 0xe373a5d9, ++ 0xe63cb35c, 0xe7fed96b, 0xe5b86732, 0xe47a0d05, ++ 0xef264a38, 0xeee4200f, 0xeca29e56, 0xed60f461, ++ 0xe82fe2e4, 0xe9ed88d3, 0xebab368a, 0xea695cbd, ++ 0xfd13b8f0, 0xfcd1d2c7, 0xfe976c9e, 0xff5506a9, ++ 0xfa1a102c, 0xfbd87a1b, 0xf99ec442, 0xf85cae75, ++ 0xf300e948, 0xf2c2837f, 0xf0843d26, 0xf1465711, ++ 0xf4094194, 0xf5cb2ba3, 0xf78d95fa, 0xf64fffcd, ++ 0xd9785d60, 0xd8ba3757, 0xdafc890e, 0xdb3ee339, ++ 0xde71f5bc, 0xdfb39f8b, 0xddf521d2, 0xdc374be5, ++ 0xd76b0cd8, 0xd6a966ef, 0xd4efd8b6, 0xd52db281, ++ 0xd062a404, 0xd1a0ce33, 0xd3e6706a, 0xd2241a5d, ++ 0xc55efe10, 0xc49c9427, 0xc6da2a7e, 0xc7184049, ++ 0xc25756cc, 0xc3953cfb, 0xc1d382a2, 0xc011e895, ++ 0xcb4dafa8, 0xca8fc59f, 0xc8c97bc6, 0xc90b11f1, ++ 0xcc440774, 0xcd866d43, 0xcfc0d31a, 0xce02b92d, ++ 0x91af9640, 0x906dfc77, 0x922b422e, 0x93e92819, ++ 0x96a63e9c, 0x976454ab, 0x9522eaf2, 0x94e080c5, ++ 0x9fbcc7f8, 0x9e7eadcf, 0x9c381396, 0x9dfa79a1, ++ 0x98b56f24, 0x99770513, 0x9b31bb4a, 0x9af3d17d, ++ 0x8d893530, 0x8c4b5f07, 0x8e0de15e, 0x8fcf8b69, ++ 0x8a809dec, 0x8b42f7db, 0x89044982, 0x88c623b5, ++ 0x839a6488, 0x82580ebf, 0x801eb0e6, 0x81dcdad1, ++ 0x8493cc54, 0x8551a663, 0x8717183a, 0x86d5720d, ++ 0xa9e2d0a0, 0xa820ba97, 0xaa6604ce, 0xaba46ef9, ++ 0xaeeb787c, 0xaf29124b, 0xad6fac12, 0xacadc625, ++ 0xa7f18118, 0xa633eb2f, 0xa4755576, 0xa5b73f41, ++ 0xa0f829c4, 0xa13a43f3, 0xa37cfdaa, 0xa2be979d, ++ 0xb5c473d0, 0xb40619e7, 0xb640a7be, 0xb782cd89, ++ 0xb2cddb0c, 0xb30fb13b, 0xb1490f62, 0xb08b6555, ++ 0xbbd72268, 0xba15485f, 0xb853f606, 0xb9919c31, ++ 0xbcde8ab4, 0xbd1ce083, 0xbf5a5eda, 0xbe9834ed, ++ 0x00000000, 0xb8bc6765, 0xaa09c88b, 0x12b5afee, ++ 0x8f629757, 0x37def032, 0x256b5fdc, 0x9dd738b9, ++ 0xc5b428ef, 0x7d084f8a, 0x6fbde064, 0xd7018701, ++ 0x4ad6bfb8, 0xf26ad8dd, 0xe0df7733, 0x58631056, ++ 0x5019579f, 0xe8a530fa, 0xfa109f14, 0x42acf871, ++ 0xdf7bc0c8, 0x67c7a7ad, 0x75720843, 0xcdce6f26, ++ 0x95ad7f70, 0x2d111815, 0x3fa4b7fb, 0x8718d09e, ++ 0x1acfe827, 0xa2738f42, 0xb0c620ac, 0x087a47c9, ++ 0xa032af3e, 0x188ec85b, 0x0a3b67b5, 0xb28700d0, ++ 0x2f503869, 0x97ec5f0c, 0x8559f0e2, 0x3de59787, ++ 0x658687d1, 0xdd3ae0b4, 0xcf8f4f5a, 0x7733283f, ++ 0xeae41086, 0x525877e3, 0x40edd80d, 0xf851bf68, ++ 0xf02bf8a1, 0x48979fc4, 0x5a22302a, 0xe29e574f, ++ 0x7f496ff6, 0xc7f50893, 0xd540a77d, 0x6dfcc018, ++ 0x359fd04e, 0x8d23b72b, 0x9f9618c5, 0x272a7fa0, ++ 0xbafd4719, 0x0241207c, 0x10f48f92, 0xa848e8f7, ++ 0x9b14583d, 0x23a83f58, 0x311d90b6, 0x89a1f7d3, ++ 0x1476cf6a, 0xaccaa80f, 0xbe7f07e1, 0x06c36084, ++ 0x5ea070d2, 0xe61c17b7, 0xf4a9b859, 0x4c15df3c, ++ 0xd1c2e785, 0x697e80e0, 0x7bcb2f0e, 0xc377486b, ++ 0xcb0d0fa2, 0x73b168c7, 0x6104c729, 0xd9b8a04c, ++ 0x446f98f5, 0xfcd3ff90, 0xee66507e, 0x56da371b, ++ 0x0eb9274d, 0xb6054028, 0xa4b0efc6, 0x1c0c88a3, ++ 0x81dbb01a, 0x3967d77f, 0x2bd27891, 0x936e1ff4, ++ 0x3b26f703, 0x839a9066, 0x912f3f88, 0x299358ed, ++ 0xb4446054, 0x0cf80731, 0x1e4da8df, 0xa6f1cfba, ++ 0xfe92dfec, 0x462eb889, 0x549b1767, 0xec277002, ++ 0x71f048bb, 0xc94c2fde, 0xdbf98030, 0x6345e755, ++ 0x6b3fa09c, 0xd383c7f9, 0xc1366817, 0x798a0f72, ++ 0xe45d37cb, 0x5ce150ae, 0x4e54ff40, 0xf6e89825, ++ 0xae8b8873, 0x1637ef16, 0x048240f8, 0xbc3e279d, ++ 0x21e91f24, 0x99557841, 0x8be0d7af, 0x335cb0ca, ++ 0xed59b63b, 0x55e5d15e, 0x47507eb0, 0xffec19d5, ++ 0x623b216c, 0xda874609, 0xc832e9e7, 0x708e8e82, ++ 0x28ed9ed4, 0x9051f9b1, 0x82e4565f, 0x3a58313a, ++ 0xa78f0983, 0x1f336ee6, 0x0d86c108, 0xb53aa66d, ++ 0xbd40e1a4, 0x05fc86c1, 0x1749292f, 0xaff54e4a, ++ 0x322276f3, 0x8a9e1196, 0x982bbe78, 0x2097d91d, ++ 0x78f4c94b, 0xc048ae2e, 0xd2fd01c0, 0x6a4166a5, ++ 0xf7965e1c, 0x4f2a3979, 0x5d9f9697, 0xe523f1f2, ++ 0x4d6b1905, 0xf5d77e60, 0xe762d18e, 0x5fdeb6eb, ++ 0xc2098e52, 0x7ab5e937, 0x680046d9, 0xd0bc21bc, ++ 0x88df31ea, 0x3063568f, 0x22d6f961, 0x9a6a9e04, ++ 0x07bda6bd, 0xbf01c1d8, 0xadb46e36, 0x15080953, ++ 0x1d724e9a, 0xa5ce29ff, 0xb77b8611, 0x0fc7e174, ++ 0x9210d9cd, 0x2aacbea8, 0x38191146, 0x80a57623, ++ 0xd8c66675, 0x607a0110, 0x72cfaefe, 0xca73c99b, ++ 0x57a4f122, 0xef189647, 0xfdad39a9, 0x45115ecc, ++ 0x764dee06, 0xcef18963, 0xdc44268d, 0x64f841e8, ++ 0xf92f7951, 0x41931e34, 0x5326b1da, 0xeb9ad6bf, ++ 0xb3f9c6e9, 0x0b45a18c, 0x19f00e62, 0xa14c6907, ++ 0x3c9b51be, 0x842736db, 0x96929935, 0x2e2efe50, ++ 0x2654b999, 0x9ee8defc, 0x8c5d7112, 0x34e11677, ++ 0xa9362ece, 0x118a49ab, 0x033fe645, 0xbb838120, ++ 0xe3e09176, 0x5b5cf613, 0x49e959fd, 0xf1553e98, ++ 0x6c820621, 0xd43e6144, 0xc68bceaa, 0x7e37a9cf, ++ 0xd67f4138, 0x6ec3265d, 0x7c7689b3, 0xc4caeed6, ++ 0x591dd66f, 0xe1a1b10a, 0xf3141ee4, 0x4ba87981, ++ 0x13cb69d7, 0xab770eb2, 0xb9c2a15c, 0x017ec639, ++ 0x9ca9fe80, 0x241599e5, 0x36a0360b, 0x8e1c516e, ++ 0x866616a7, 0x3eda71c2, 0x2c6fde2c, 0x94d3b949, ++ 0x090481f0, 0xb1b8e695, 0xa30d497b, 0x1bb12e1e, ++ 0x43d23e48, 0xfb6e592d, 0xe9dbf6c3, 0x516791a6, ++ 0xccb0a91f, 0x740cce7a, 0x66b96194, 0xde0506f1 ++}; ++ + /* CRC32 */ + ++static inline u32 ++crc32_next (u32 crc, byte data) ++{ ++ return (crc >> 8) ^ crc32_table[(crc & 0xff) ^ data]; ++} ++ ++/* ++ * Process 4 bytes in one go ++ */ ++static inline u32 ++crc32_next4 (u32 crc, u32 data) ++{ ++ crc ^= data; ++ crc = crc32_table[(crc & 0xff) + 0x300] ^ ++ crc32_table[((crc >> 8) & 0xff) + 0x200] ^ ++ crc32_table[((crc >> 16) & 0xff) + 0x100] ^ ++ crc32_table[(crc >> 24) & 0xff]; ++ return crc; ++} ++ + static void + crc32_init (void *context) + { +@@ -156,12 +342,40 @@ crc32_init (void *context) + } + + static void +-crc32_write (void *context, const void *inbuf, size_t inlen) ++crc32_write (void *context, const void *inbuf_arg, size_t inlen) + { + CRC_CONTEXT *ctx = (CRC_CONTEXT *) context; +- if (!inbuf) ++ const byte *inbuf = inbuf_arg; ++ u32 crc; ++ ++ if (!inbuf || !inlen) + return; +- ctx->CRC = update_crc32 (ctx->CRC, inbuf, inlen); ++ ++ crc = ctx->CRC; ++ ++ while (inlen >= 16) ++ { ++ inlen -= 16; ++ crc = crc32_next4(crc, buf_get_le32(&inbuf[0])); ++ crc = crc32_next4(crc, buf_get_le32(&inbuf[4])); ++ crc = crc32_next4(crc, buf_get_le32(&inbuf[8])); ++ crc = crc32_next4(crc, buf_get_le32(&inbuf[12])); ++ inbuf += 16; ++ } ++ ++ while (inlen >= 4) ++ { ++ inlen -= 4; ++ crc = crc32_next4(crc, buf_get_le32(inbuf)); ++ inbuf += 4; ++ } ++ ++ while (inlen--) ++ { ++ crc = crc32_next(crc, *inbuf++); ++ } ++ ++ ctx->CRC = crc; + } + + static byte * +@@ -176,13 +390,12 @@ crc32_final (void *context) + { + CRC_CONTEXT *ctx = (CRC_CONTEXT *) context; + ctx->CRC ^= 0xffffffffL; +- ctx->buf[0] = (ctx->CRC >> 24) & 0xFF; +- ctx->buf[1] = (ctx->CRC >> 16) & 0xFF; +- ctx->buf[2] = (ctx->CRC >> 8) & 0xFF; +- ctx->buf[3] = (ctx->CRC ) & 0xFF; ++ buf_put_be32 (ctx->buf, ctx->CRC); + } + + /* CRC32 a'la RFC 1510 */ ++/* CRC of the string "123456789" is 0x2dfd2d88 */ ++ + static void + crc32rfc1510_init (void *context) + { +@@ -194,82 +407,366 @@ static void + crc32rfc1510_final (void *context) + { + CRC_CONTEXT *ctx = (CRC_CONTEXT *) context; +- ctx->buf[0] = (ctx->CRC >> 24) & 0xFF; +- ctx->buf[1] = (ctx->CRC >> 16) & 0xFF; +- ctx->buf[2] = (ctx->CRC >> 8) & 0xFF; +- ctx->buf[3] = (ctx->CRC ) & 0xFF; ++ buf_put_be32(ctx->buf, ctx->CRC); + } + + /* CRC24 a'la RFC 2440 */ + /* +- * The following CRC 24 routines are adapted from RFC 2440, which has +- * the following copyright notice: ++ * Code generated by universal_crc by Danjel McGougan + * +- * Copyright (C) The Internet Society (1998). All Rights Reserved. ++ * CRC parameters used: ++ * bits: 24 ++ * poly: 0x864cfb ++ * init: 0xb704ce ++ * xor: 0x000000 ++ * reverse: false ++ * non-direct: false + * +- * This document and translations of it may be copied and furnished +- * to others, and derivative works that comment on or otherwise +- * explain it or assist in its implementation may be prepared, +- * copied, published and distributed, in whole or in part, without +- * restriction of any kind, provided that the above copyright notice +- * and this paragraph are included on all such copies and derivative +- * works. However, this document itself may not be modified in any +- * way, such as by removing the copyright notice or references to +- * the Internet Society or other Internet organizations, except as +- * needed for the purpose of developing Internet standards in which +- * case the procedures for copyrights defined in the Internet +- * Standards process must be followed, or as required to translate +- * it into languages other than English. +- * +- * The limited permissions granted above are perpetual and will not be +- * revoked by the Internet Society or its successors or assigns. +- * +- * This document and the information contained herein is provided on +- * an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET +- * ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR +- * IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE +- * OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY +- * IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR +- * PURPOSE. ++ * CRC of the string "123456789" is 0x21cf02 ++ */ ++ ++static const u32 crc24_table[1024] = ++{ ++ 0x00000000, 0x00fb4c86, 0x000dd58a, 0x00f6990c, ++ 0x00e1e693, 0x001aaa15, 0x00ec3319, 0x00177f9f, ++ 0x003981a1, 0x00c2cd27, 0x0034542b, 0x00cf18ad, ++ 0x00d86732, 0x00232bb4, 0x00d5b2b8, 0x002efe3e, ++ 0x00894ec5, 0x00720243, 0x00849b4f, 0x007fd7c9, ++ 0x0068a856, 0x0093e4d0, 0x00657ddc, 0x009e315a, ++ 0x00b0cf64, 0x004b83e2, 0x00bd1aee, 0x00465668, ++ 0x005129f7, 0x00aa6571, 0x005cfc7d, 0x00a7b0fb, ++ 0x00e9d10c, 0x00129d8a, 0x00e40486, 0x001f4800, ++ 0x0008379f, 0x00f37b19, 0x0005e215, 0x00feae93, ++ 0x00d050ad, 0x002b1c2b, 0x00dd8527, 0x0026c9a1, ++ 0x0031b63e, 0x00cafab8, 0x003c63b4, 0x00c72f32, ++ 0x00609fc9, 0x009bd34f, 0x006d4a43, 0x009606c5, ++ 0x0081795a, 0x007a35dc, 0x008cacd0, 0x0077e056, ++ 0x00591e68, 0x00a252ee, 0x0054cbe2, 0x00af8764, ++ 0x00b8f8fb, 0x0043b47d, 0x00b52d71, 0x004e61f7, ++ 0x00d2a319, 0x0029ef9f, 0x00df7693, 0x00243a15, ++ 0x0033458a, 0x00c8090c, 0x003e9000, 0x00c5dc86, ++ 0x00eb22b8, 0x00106e3e, 0x00e6f732, 0x001dbbb4, ++ 0x000ac42b, 0x00f188ad, 0x000711a1, 0x00fc5d27, ++ 0x005beddc, 0x00a0a15a, 0x00563856, 0x00ad74d0, ++ 0x00ba0b4f, 0x004147c9, 0x00b7dec5, 0x004c9243, ++ 0x00626c7d, 0x009920fb, 0x006fb9f7, 0x0094f571, ++ 0x00838aee, 0x0078c668, 0x008e5f64, 0x007513e2, ++ 0x003b7215, 0x00c03e93, 0x0036a79f, 0x00cdeb19, ++ 0x00da9486, 0x0021d800, 0x00d7410c, 0x002c0d8a, ++ 0x0002f3b4, 0x00f9bf32, 0x000f263e, 0x00f46ab8, ++ 0x00e31527, 0x001859a1, 0x00eec0ad, 0x00158c2b, ++ 0x00b23cd0, 0x00497056, 0x00bfe95a, 0x0044a5dc, ++ 0x0053da43, 0x00a896c5, 0x005e0fc9, 0x00a5434f, ++ 0x008bbd71, 0x0070f1f7, 0x008668fb, 0x007d247d, ++ 0x006a5be2, 0x00911764, 0x00678e68, 0x009cc2ee, ++ 0x00a44733, 0x005f0bb5, 0x00a992b9, 0x0052de3f, ++ 0x0045a1a0, 0x00beed26, 0x0048742a, 0x00b338ac, ++ 0x009dc692, 0x00668a14, 0x00901318, 0x006b5f9e, ++ 0x007c2001, 0x00876c87, 0x0071f58b, 0x008ab90d, ++ 0x002d09f6, 0x00d64570, 0x0020dc7c, 0x00db90fa, ++ 0x00ccef65, 0x0037a3e3, 0x00c13aef, 0x003a7669, ++ 0x00148857, 0x00efc4d1, 0x00195ddd, 0x00e2115b, ++ 0x00f56ec4, 0x000e2242, 0x00f8bb4e, 0x0003f7c8, ++ 0x004d963f, 0x00b6dab9, 0x004043b5, 0x00bb0f33, ++ 0x00ac70ac, 0x00573c2a, 0x00a1a526, 0x005ae9a0, ++ 0x0074179e, 0x008f5b18, 0x0079c214, 0x00828e92, ++ 0x0095f10d, 0x006ebd8b, 0x00982487, 0x00636801, ++ 0x00c4d8fa, 0x003f947c, 0x00c90d70, 0x003241f6, ++ 0x00253e69, 0x00de72ef, 0x0028ebe3, 0x00d3a765, ++ 0x00fd595b, 0x000615dd, 0x00f08cd1, 0x000bc057, ++ 0x001cbfc8, 0x00e7f34e, 0x00116a42, 0x00ea26c4, ++ 0x0076e42a, 0x008da8ac, 0x007b31a0, 0x00807d26, ++ 0x009702b9, 0x006c4e3f, 0x009ad733, 0x00619bb5, ++ 0x004f658b, 0x00b4290d, 0x0042b001, 0x00b9fc87, ++ 0x00ae8318, 0x0055cf9e, 0x00a35692, 0x00581a14, ++ 0x00ffaaef, 0x0004e669, 0x00f27f65, 0x000933e3, ++ 0x001e4c7c, 0x00e500fa, 0x001399f6, 0x00e8d570, ++ 0x00c62b4e, 0x003d67c8, 0x00cbfec4, 0x0030b242, ++ 0x0027cddd, 0x00dc815b, 0x002a1857, 0x00d154d1, ++ 0x009f3526, 0x006479a0, 0x0092e0ac, 0x0069ac2a, ++ 0x007ed3b5, 0x00859f33, 0x0073063f, 0x00884ab9, ++ 0x00a6b487, 0x005df801, 0x00ab610d, 0x00502d8b, ++ 0x00475214, 0x00bc1e92, 0x004a879e, 0x00b1cb18, ++ 0x00167be3, 0x00ed3765, 0x001bae69, 0x00e0e2ef, ++ 0x00f79d70, 0x000cd1f6, 0x00fa48fa, 0x0001047c, ++ 0x002ffa42, 0x00d4b6c4, 0x00222fc8, 0x00d9634e, ++ 0x00ce1cd1, 0x00355057, 0x00c3c95b, 0x003885dd, ++ 0x00000000, 0x00488f66, 0x00901ecd, 0x00d891ab, ++ 0x00db711c, 0x0093fe7a, 0x004b6fd1, 0x0003e0b7, ++ 0x00b6e338, 0x00fe6c5e, 0x0026fdf5, 0x006e7293, ++ 0x006d9224, 0x00251d42, 0x00fd8ce9, 0x00b5038f, ++ 0x006cc771, 0x00244817, 0x00fcd9bc, 0x00b456da, ++ 0x00b7b66d, 0x00ff390b, 0x0027a8a0, 0x006f27c6, ++ 0x00da2449, 0x0092ab2f, 0x004a3a84, 0x0002b5e2, ++ 0x00015555, 0x0049da33, 0x00914b98, 0x00d9c4fe, ++ 0x00d88ee3, 0x00900185, 0x0048902e, 0x00001f48, ++ 0x0003ffff, 0x004b7099, 0x0093e132, 0x00db6e54, ++ 0x006e6ddb, 0x0026e2bd, 0x00fe7316, 0x00b6fc70, ++ 0x00b51cc7, 0x00fd93a1, 0x0025020a, 0x006d8d6c, ++ 0x00b44992, 0x00fcc6f4, 0x0024575f, 0x006cd839, ++ 0x006f388e, 0x0027b7e8, 0x00ff2643, 0x00b7a925, ++ 0x0002aaaa, 0x004a25cc, 0x0092b467, 0x00da3b01, ++ 0x00d9dbb6, 0x009154d0, 0x0049c57b, 0x00014a1d, ++ 0x004b5141, 0x0003de27, 0x00db4f8c, 0x0093c0ea, ++ 0x0090205d, 0x00d8af3b, 0x00003e90, 0x0048b1f6, ++ 0x00fdb279, 0x00b53d1f, 0x006dacb4, 0x002523d2, ++ 0x0026c365, 0x006e4c03, 0x00b6dda8, 0x00fe52ce, ++ 0x00279630, 0x006f1956, 0x00b788fd, 0x00ff079b, ++ 0x00fce72c, 0x00b4684a, 0x006cf9e1, 0x00247687, ++ 0x00917508, 0x00d9fa6e, 0x00016bc5, 0x0049e4a3, ++ 0x004a0414, 0x00028b72, 0x00da1ad9, 0x009295bf, ++ 0x0093dfa2, 0x00db50c4, 0x0003c16f, 0x004b4e09, ++ 0x0048aebe, 0x000021d8, 0x00d8b073, 0x00903f15, ++ 0x00253c9a, 0x006db3fc, 0x00b52257, 0x00fdad31, ++ 0x00fe4d86, 0x00b6c2e0, 0x006e534b, 0x0026dc2d, ++ 0x00ff18d3, 0x00b797b5, 0x006f061e, 0x00278978, ++ 0x002469cf, 0x006ce6a9, 0x00b47702, 0x00fcf864, ++ 0x0049fbeb, 0x0001748d, 0x00d9e526, 0x00916a40, ++ 0x00928af7, 0x00da0591, 0x0002943a, 0x004a1b5c, ++ 0x0096a282, 0x00de2de4, 0x0006bc4f, 0x004e3329, ++ 0x004dd39e, 0x00055cf8, 0x00ddcd53, 0x00954235, ++ 0x002041ba, 0x0068cedc, 0x00b05f77, 0x00f8d011, ++ 0x00fb30a6, 0x00b3bfc0, 0x006b2e6b, 0x0023a10d, ++ 0x00fa65f3, 0x00b2ea95, 0x006a7b3e, 0x0022f458, ++ 0x002114ef, 0x00699b89, 0x00b10a22, 0x00f98544, ++ 0x004c86cb, 0x000409ad, 0x00dc9806, 0x00941760, ++ 0x0097f7d7, 0x00df78b1, 0x0007e91a, 0x004f667c, ++ 0x004e2c61, 0x0006a307, 0x00de32ac, 0x0096bdca, ++ 0x00955d7d, 0x00ddd21b, 0x000543b0, 0x004dccd6, ++ 0x00f8cf59, 0x00b0403f, 0x0068d194, 0x00205ef2, ++ 0x0023be45, 0x006b3123, 0x00b3a088, 0x00fb2fee, ++ 0x0022eb10, 0x006a6476, 0x00b2f5dd, 0x00fa7abb, ++ 0x00f99a0c, 0x00b1156a, 0x006984c1, 0x00210ba7, ++ 0x00940828, 0x00dc874e, 0x000416e5, 0x004c9983, ++ 0x004f7934, 0x0007f652, 0x00df67f9, 0x0097e89f, ++ 0x00ddf3c3, 0x00957ca5, 0x004ded0e, 0x00056268, ++ 0x000682df, 0x004e0db9, 0x00969c12, 0x00de1374, ++ 0x006b10fb, 0x00239f9d, 0x00fb0e36, 0x00b38150, ++ 0x00b061e7, 0x00f8ee81, 0x00207f2a, 0x0068f04c, ++ 0x00b134b2, 0x00f9bbd4, 0x00212a7f, 0x0069a519, ++ 0x006a45ae, 0x0022cac8, 0x00fa5b63, 0x00b2d405, ++ 0x0007d78a, 0x004f58ec, 0x0097c947, 0x00df4621, ++ 0x00dca696, 0x009429f0, 0x004cb85b, 0x0004373d, ++ 0x00057d20, 0x004df246, 0x009563ed, 0x00ddec8b, ++ 0x00de0c3c, 0x0096835a, 0x004e12f1, 0x00069d97, ++ 0x00b39e18, 0x00fb117e, 0x002380d5, 0x006b0fb3, ++ 0x0068ef04, 0x00206062, 0x00f8f1c9, 0x00b07eaf, ++ 0x0069ba51, 0x00213537, 0x00f9a49c, 0x00b12bfa, ++ 0x00b2cb4d, 0x00fa442b, 0x0022d580, 0x006a5ae6, ++ 0x00df5969, 0x0097d60f, 0x004f47a4, 0x0007c8c2, ++ 0x00042875, 0x004ca713, 0x009436b8, 0x00dcb9de, ++ 0x00000000, 0x00d70983, 0x00555f80, 0x00825603, ++ 0x0051f286, 0x0086fb05, 0x0004ad06, 0x00d3a485, ++ 0x0059a88b, 0x008ea108, 0x000cf70b, 0x00dbfe88, ++ 0x00085a0d, 0x00df538e, 0x005d058d, 0x008a0c0e, ++ 0x00491c91, 0x009e1512, 0x001c4311, 0x00cb4a92, ++ 0x0018ee17, 0x00cfe794, 0x004db197, 0x009ab814, ++ 0x0010b41a, 0x00c7bd99, 0x0045eb9a, 0x0092e219, ++ 0x0041469c, 0x00964f1f, 0x0014191c, 0x00c3109f, ++ 0x006974a4, 0x00be7d27, 0x003c2b24, 0x00eb22a7, ++ 0x00388622, 0x00ef8fa1, 0x006dd9a2, 0x00bad021, ++ 0x0030dc2f, 0x00e7d5ac, 0x006583af, 0x00b28a2c, ++ 0x00612ea9, 0x00b6272a, 0x00347129, 0x00e378aa, ++ 0x00206835, 0x00f761b6, 0x007537b5, 0x00a23e36, ++ 0x00719ab3, 0x00a69330, 0x0024c533, 0x00f3ccb0, ++ 0x0079c0be, 0x00aec93d, 0x002c9f3e, 0x00fb96bd, ++ 0x00283238, 0x00ff3bbb, 0x007d6db8, 0x00aa643b, ++ 0x0029a4ce, 0x00fead4d, 0x007cfb4e, 0x00abf2cd, ++ 0x00785648, 0x00af5fcb, 0x002d09c8, 0x00fa004b, ++ 0x00700c45, 0x00a705c6, 0x002553c5, 0x00f25a46, ++ 0x0021fec3, 0x00f6f740, 0x0074a143, 0x00a3a8c0, ++ 0x0060b85f, 0x00b7b1dc, 0x0035e7df, 0x00e2ee5c, ++ 0x00314ad9, 0x00e6435a, 0x00641559, 0x00b31cda, ++ 0x003910d4, 0x00ee1957, 0x006c4f54, 0x00bb46d7, ++ 0x0068e252, 0x00bfebd1, 0x003dbdd2, 0x00eab451, ++ 0x0040d06a, 0x0097d9e9, 0x00158fea, 0x00c28669, ++ 0x001122ec, 0x00c62b6f, 0x00447d6c, 0x009374ef, ++ 0x001978e1, 0x00ce7162, 0x004c2761, 0x009b2ee2, ++ 0x00488a67, 0x009f83e4, 0x001dd5e7, 0x00cadc64, ++ 0x0009ccfb, 0x00dec578, 0x005c937b, 0x008b9af8, ++ 0x00583e7d, 0x008f37fe, 0x000d61fd, 0x00da687e, ++ 0x00506470, 0x00876df3, 0x00053bf0, 0x00d23273, ++ 0x000196f6, 0x00d69f75, 0x0054c976, 0x0083c0f5, ++ 0x00a9041b, 0x007e0d98, 0x00fc5b9b, 0x002b5218, ++ 0x00f8f69d, 0x002fff1e, 0x00ada91d, 0x007aa09e, ++ 0x00f0ac90, 0x0027a513, 0x00a5f310, 0x0072fa93, ++ 0x00a15e16, 0x00765795, 0x00f40196, 0x00230815, ++ 0x00e0188a, 0x00371109, 0x00b5470a, 0x00624e89, ++ 0x00b1ea0c, 0x0066e38f, 0x00e4b58c, 0x0033bc0f, ++ 0x00b9b001, 0x006eb982, 0x00ecef81, 0x003be602, ++ 0x00e84287, 0x003f4b04, 0x00bd1d07, 0x006a1484, ++ 0x00c070bf, 0x0017793c, 0x00952f3f, 0x004226bc, ++ 0x00918239, 0x00468bba, 0x00c4ddb9, 0x0013d43a, ++ 0x0099d834, 0x004ed1b7, 0x00cc87b4, 0x001b8e37, ++ 0x00c82ab2, 0x001f2331, 0x009d7532, 0x004a7cb1, ++ 0x00896c2e, 0x005e65ad, 0x00dc33ae, 0x000b3a2d, ++ 0x00d89ea8, 0x000f972b, 0x008dc128, 0x005ac8ab, ++ 0x00d0c4a5, 0x0007cd26, 0x00859b25, 0x005292a6, ++ 0x00813623, 0x00563fa0, 0x00d469a3, 0x00036020, ++ 0x0080a0d5, 0x0057a956, 0x00d5ff55, 0x0002f6d6, ++ 0x00d15253, 0x00065bd0, 0x00840dd3, 0x00530450, ++ 0x00d9085e, 0x000e01dd, 0x008c57de, 0x005b5e5d, ++ 0x0088fad8, 0x005ff35b, 0x00dda558, 0x000aacdb, ++ 0x00c9bc44, 0x001eb5c7, 0x009ce3c4, 0x004bea47, ++ 0x00984ec2, 0x004f4741, 0x00cd1142, 0x001a18c1, ++ 0x009014cf, 0x00471d4c, 0x00c54b4f, 0x001242cc, ++ 0x00c1e649, 0x0016efca, 0x0094b9c9, 0x0043b04a, ++ 0x00e9d471, 0x003eddf2, 0x00bc8bf1, 0x006b8272, ++ 0x00b826f7, 0x006f2f74, 0x00ed7977, 0x003a70f4, ++ 0x00b07cfa, 0x00677579, 0x00e5237a, 0x00322af9, ++ 0x00e18e7c, 0x003687ff, 0x00b4d1fc, 0x0063d87f, ++ 0x00a0c8e0, 0x0077c163, 0x00f59760, 0x00229ee3, ++ 0x00f13a66, 0x002633e5, 0x00a465e6, 0x00736c65, ++ 0x00f9606b, 0x002e69e8, 0x00ac3feb, 0x007b3668, ++ 0x00a892ed, 0x007f9b6e, 0x00fdcd6d, 0x002ac4ee, ++ 0x00000000, 0x00520936, 0x00a4126c, 0x00f61b5a, ++ 0x004825d8, 0x001a2cee, 0x00ec37b4, 0x00be3e82, ++ 0x006b0636, 0x00390f00, 0x00cf145a, 0x009d1d6c, ++ 0x002323ee, 0x00712ad8, 0x00873182, 0x00d538b4, ++ 0x00d60c6c, 0x0084055a, 0x00721e00, 0x00201736, ++ 0x009e29b4, 0x00cc2082, 0x003a3bd8, 0x006832ee, ++ 0x00bd0a5a, 0x00ef036c, 0x00191836, 0x004b1100, ++ 0x00f52f82, 0x00a726b4, 0x00513dee, 0x000334d8, ++ 0x00ac19d8, 0x00fe10ee, 0x00080bb4, 0x005a0282, ++ 0x00e43c00, 0x00b63536, 0x00402e6c, 0x0012275a, ++ 0x00c71fee, 0x009516d8, 0x00630d82, 0x003104b4, ++ 0x008f3a36, 0x00dd3300, 0x002b285a, 0x0079216c, ++ 0x007a15b4, 0x00281c82, 0x00de07d8, 0x008c0eee, ++ 0x0032306c, 0x0060395a, 0x00962200, 0x00c42b36, ++ 0x00111382, 0x00431ab4, 0x00b501ee, 0x00e708d8, ++ 0x0059365a, 0x000b3f6c, 0x00fd2436, 0x00af2d00, ++ 0x00a37f36, 0x00f17600, 0x00076d5a, 0x0055646c, ++ 0x00eb5aee, 0x00b953d8, 0x004f4882, 0x001d41b4, ++ 0x00c87900, 0x009a7036, 0x006c6b6c, 0x003e625a, ++ 0x00805cd8, 0x00d255ee, 0x00244eb4, 0x00764782, ++ 0x0075735a, 0x00277a6c, 0x00d16136, 0x00836800, ++ 0x003d5682, 0x006f5fb4, 0x009944ee, 0x00cb4dd8, ++ 0x001e756c, 0x004c7c5a, 0x00ba6700, 0x00e86e36, ++ 0x005650b4, 0x00045982, 0x00f242d8, 0x00a04bee, ++ 0x000f66ee, 0x005d6fd8, 0x00ab7482, 0x00f97db4, ++ 0x00474336, 0x00154a00, 0x00e3515a, 0x00b1586c, ++ 0x006460d8, 0x003669ee, 0x00c072b4, 0x00927b82, ++ 0x002c4500, 0x007e4c36, 0x0088576c, 0x00da5e5a, ++ 0x00d96a82, 0x008b63b4, 0x007d78ee, 0x002f71d8, ++ 0x00914f5a, 0x00c3466c, 0x00355d36, 0x00675400, ++ 0x00b26cb4, 0x00e06582, 0x00167ed8, 0x004477ee, ++ 0x00fa496c, 0x00a8405a, 0x005e5b00, 0x000c5236, ++ 0x0046ff6c, 0x0014f65a, 0x00e2ed00, 0x00b0e436, ++ 0x000edab4, 0x005cd382, 0x00aac8d8, 0x00f8c1ee, ++ 0x002df95a, 0x007ff06c, 0x0089eb36, 0x00dbe200, ++ 0x0065dc82, 0x0037d5b4, 0x00c1ceee, 0x0093c7d8, ++ 0x0090f300, 0x00c2fa36, 0x0034e16c, 0x0066e85a, ++ 0x00d8d6d8, 0x008adfee, 0x007cc4b4, 0x002ecd82, ++ 0x00fbf536, 0x00a9fc00, 0x005fe75a, 0x000dee6c, ++ 0x00b3d0ee, 0x00e1d9d8, 0x0017c282, 0x0045cbb4, ++ 0x00eae6b4, 0x00b8ef82, 0x004ef4d8, 0x001cfdee, ++ 0x00a2c36c, 0x00f0ca5a, 0x0006d100, 0x0054d836, ++ 0x0081e082, 0x00d3e9b4, 0x0025f2ee, 0x0077fbd8, ++ 0x00c9c55a, 0x009bcc6c, 0x006dd736, 0x003fde00, ++ 0x003cead8, 0x006ee3ee, 0x0098f8b4, 0x00caf182, ++ 0x0074cf00, 0x0026c636, 0x00d0dd6c, 0x0082d45a, ++ 0x0057ecee, 0x0005e5d8, 0x00f3fe82, 0x00a1f7b4, ++ 0x001fc936, 0x004dc000, 0x00bbdb5a, 0x00e9d26c, ++ 0x00e5805a, 0x00b7896c, 0x00419236, 0x00139b00, ++ 0x00ada582, 0x00ffacb4, 0x0009b7ee, 0x005bbed8, ++ 0x008e866c, 0x00dc8f5a, 0x002a9400, 0x00789d36, ++ 0x00c6a3b4, 0x0094aa82, 0x0062b1d8, 0x0030b8ee, ++ 0x00338c36, 0x00618500, 0x00979e5a, 0x00c5976c, ++ 0x007ba9ee, 0x0029a0d8, 0x00dfbb82, 0x008db2b4, ++ 0x00588a00, 0x000a8336, 0x00fc986c, 0x00ae915a, ++ 0x0010afd8, 0x0042a6ee, 0x00b4bdb4, 0x00e6b482, ++ 0x00499982, 0x001b90b4, 0x00ed8bee, 0x00bf82d8, ++ 0x0001bc5a, 0x0053b56c, 0x00a5ae36, 0x00f7a700, ++ 0x00229fb4, 0x00709682, 0x00868dd8, 0x00d484ee, ++ 0x006aba6c, 0x0038b35a, 0x00cea800, 0x009ca136, ++ 0x009f95ee, 0x00cd9cd8, 0x003b8782, 0x00698eb4, ++ 0x00d7b036, 0x0085b900, 0x0073a25a, 0x0021ab6c, ++ 0x00f493d8, 0x00a69aee, 0x005081b4, 0x00028882, ++ 0x00bcb600, 0x00eebf36, 0x0018a46c, 0x004aad5a ++}; ++ ++static inline ++u32 crc24_init (void) ++{ ++ return 0xce04b7; ++} ++ ++static inline ++u32 crc24_next (u32 crc, byte data) ++{ ++ return (crc >> 8) ^ crc24_table[(crc & 0xff) ^ data]; ++} ++ ++/* ++ * Process 4 bytes in one go + */ ++static inline ++u32 crc24_next4 (u32 crc, u32 data) ++{ ++ crc ^= data; ++ crc = crc24_table[(crc & 0xff) + 0x300] ^ ++ crc24_table[((crc >> 8) & 0xff) + 0x200] ^ ++ crc24_table[((crc >> 16) & 0xff) + 0x100] ^ ++ crc24_table[(crc >> 24) & 0xff]; ++ return crc; ++} + +-#define CRC24_INIT 0xb704ceL +-#define CRC24_POLY 0x1864cfbL ++static inline ++u32 crc24_final (u32 crc) ++{ ++ return crc & 0xffffff; ++} + + static void + crc24rfc2440_init (void *context) + { + CRC_CONTEXT *ctx = (CRC_CONTEXT *) context; +- ctx->CRC = CRC24_INIT; ++ ctx->CRC = crc24_init(); + } + + static void + crc24rfc2440_write (void *context, const void *inbuf_arg, size_t inlen) + { + const unsigned char *inbuf = inbuf_arg; +- int i; + CRC_CONTEXT *ctx = (CRC_CONTEXT *) context; ++ u32 crc; + +- if (!inbuf) ++ if (!inbuf || !inlen) + return; + +- while (inlen--) { +- ctx->CRC ^= (*inbuf++) << 16; +- for (i = 0; i < 8; i++) { +- ctx->CRC <<= 1; +- if (ctx->CRC & 0x1000000) +- ctx->CRC ^= CRC24_POLY; ++ crc = ctx->CRC; ++ ++ while (inlen >= 16) ++ { ++ inlen -= 16; ++ crc = crc24_next4(crc, buf_get_le32(&inbuf[0])); ++ crc = crc24_next4(crc, buf_get_le32(&inbuf[4])); ++ crc = crc24_next4(crc, buf_get_le32(&inbuf[8])); ++ crc = crc24_next4(crc, buf_get_le32(&inbuf[12])); ++ inbuf += 16; + } +- } ++ ++ while (inlen >= 4) ++ { ++ inlen -= 4; ++ crc = crc24_next4(crc, buf_get_le32(inbuf)); ++ inbuf += 4; ++ } ++ ++ while (inlen--) ++ { ++ crc = crc24_next(crc, *inbuf++); ++ } ++ ++ ctx->CRC = crc; + } + + static void + crc24rfc2440_final (void *context) + { + CRC_CONTEXT *ctx = (CRC_CONTEXT *) context; +- ctx->buf[0] = (ctx->CRC >> 16) & 0xFF; +- ctx->buf[1] = (ctx->CRC >> 8) & 0xFF; +- ctx->buf[2] = (ctx->CRC ) & 0xFF; ++ ctx->CRC = crc24_final(ctx->CRC); ++ buf_put_le32 (ctx->buf, ctx->CRC); + } + + gcry_md_spec_t _gcry_digest_spec_crc32 = +diff --git a/grub-core/loader/arm/linux.c b/grub-core/loader/arm/linux.c +index 5b39f02bb2e592d85639891db6eb68a97ce12dfa..b4f609d2d01184b8d0a3e5aff448725f80a36a93 100644 +--- a/grub-core/loader/arm/linux.c ++++ b/grub-core/loader/arm/linux.c +@@ -42,21 +42,18 @@ static grub_size_t linux_size; + static char *linux_args; + + static grub_uint32_t machine_type; +-static void *fdt_addr; ++static const void *current_fdt; + + typedef void (*kernel_entry_t) (int, unsigned long, void *); + +-#define LINUX_ZIMAGE_OFFSET 0x24 +-#define LINUX_ZIMAGE_MAGIC 0x016f2818 +- + #define LINUX_PHYS_OFFSET (0x00008000) + #define LINUX_INITRD_PHYS_OFFSET (LINUX_PHYS_OFFSET + 0x02000000) + #define LINUX_FDT_PHYS_OFFSET (LINUX_INITRD_PHYS_OFFSET - 0x10000) + + static grub_size_t +-get_atag_size (grub_uint32_t *atag) ++get_atag_size (const grub_uint32_t *atag) + { +- grub_uint32_t *atag0 = atag; ++ const grub_uint32_t *atag0 = atag; + while (atag[0] && atag[1]) + atag += atag[0]; + return atag - atag0; +@@ -68,10 +65,11 @@ get_atag_size (grub_uint32_t *atag) + * Merges in command line parameters and sets up initrd addresses. + */ + static grub_err_t +-linux_prepare_atag (void) ++linux_prepare_atag (void *target_atag) + { +- grub_uint32_t *atag_orig = (grub_uint32_t *) fdt_addr; +- grub_uint32_t *tmp_atag, *from, *to; ++ const grub_uint32_t *atag_orig = (const grub_uint32_t *) current_fdt; ++ grub_uint32_t *tmp_atag, *to; ++ const grub_uint32_t *from; + grub_size_t tmp_size; + grub_size_t arg_size = grub_strlen (linux_args); + char *cmdline_orig = NULL; +@@ -142,7 +140,7 @@ linux_prepare_atag (void) + to += 2; + + /* Copy updated FDT to its launch location */ +- grub_memcpy (atag_orig, tmp_atag, sizeof (grub_uint32_t) * (to - tmp_atag)); ++ grub_memcpy (target_atag, tmp_atag, sizeof (grub_uint32_t) * (to - tmp_atag)); + grub_free (tmp_atag); + + grub_dprintf ("loader", "ATAG updated for Linux boot\n"); +@@ -156,19 +154,19 @@ linux_prepare_atag (void) + * Merges in command line parameters and sets up initrd addresses. + */ + static grub_err_t +-linux_prepare_fdt (void) ++linux_prepare_fdt (void *target_fdt) + { + int node; + int retval; + int tmp_size; + void *tmp_fdt; + +- tmp_size = grub_fdt_get_totalsize (fdt_addr) + 0x100 + grub_strlen (linux_args); ++ tmp_size = grub_fdt_get_totalsize (current_fdt) + 0x100 + grub_strlen (linux_args); + tmp_fdt = grub_malloc (tmp_size); + if (!tmp_fdt) + return grub_errno; + +- grub_memcpy (tmp_fdt, fdt_addr, grub_fdt_get_totalsize (fdt_addr)); ++ grub_memcpy (tmp_fdt, current_fdt, grub_fdt_get_totalsize (current_fdt)); + grub_fdt_set_totalsize (tmp_fdt, tmp_size); + + /* Find or create '/chosen' node */ +@@ -209,7 +207,7 @@ linux_prepare_fdt (void) + } + + /* Copy updated FDT to its launch location */ +- grub_memcpy (fdt_addr, tmp_fdt, tmp_size); ++ grub_memcpy (target_fdt, tmp_fdt, tmp_size); + grub_free (tmp_fdt); + + grub_dprintf ("loader", "FDT updated for Linux boot\n"); +@@ -226,16 +224,17 @@ linux_boot (void) + { + kernel_entry_t linuxmain; + int fdt_valid, atag_valid; ++ void *target_fdt = 0; + +- fdt_valid = (fdt_addr && grub_fdt_check_header_nosize (fdt_addr) == 0); +- atag_valid = ((((grub_uint16_t *) fdt_addr)[3] & ~3) == 0x5440 +- && *((grub_uint32_t *) fdt_addr)); ++ fdt_valid = (current_fdt && grub_fdt_check_header_nosize (current_fdt) == 0); ++ atag_valid = ((((const grub_uint16_t *) current_fdt)[3] & ~3) == 0x5440 ++ && *((const grub_uint32_t *) current_fdt)); + grub_dprintf ("loader", "atag: %p, %x, %x, %s, %s\n", +- fdt_addr, +- ((grub_uint16_t *) fdt_addr)[3], +- *((grub_uint32_t *) fdt_addr), +- (char *) fdt_addr, +- (char *) fdt_addr + 1); ++ current_fdt, ++ ((const grub_uint16_t *) current_fdt)[3], ++ *((const grub_uint32_t *) current_fdt), ++ (const char *) current_fdt, ++ (const char *) current_fdt + 1); + + if (!fdt_valid && machine_type == GRUB_ARM_MACHINE_TYPE_FDT) + return grub_error (GRUB_ERR_FILE_NOT_FOUND, +@@ -245,23 +244,40 @@ linux_boot (void) + + grub_dprintf ("loader", "Kernel at: 0x%x\n", linux_addr); + ++ if (fdt_valid || atag_valid) ++ { ++#ifdef GRUB_MACHINE_EFI ++ grub_size_t size; ++ if (fdt_valid) ++ size = grub_fdt_get_totalsize (current_fdt); ++ else ++ size = 4 * get_atag_size (current_fdt); ++ size += grub_strlen (linux_args) + 256; ++ target_fdt = grub_efi_allocate_loader_memory (LINUX_FDT_PHYS_OFFSET, size); ++ if (!target_fdt) ++ return grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory")); ++#else ++ target_fdt = (void *) LINUX_FDT_ADDRESS; ++#endif ++ } ++ + if (fdt_valid) + { + grub_err_t err; + +- err = linux_prepare_fdt (); ++ err = linux_prepare_fdt (target_fdt); + if (err) + return err; +- grub_dprintf ("loader", "FDT @ 0x%p\n", fdt_addr); ++ grub_dprintf ("loader", "FDT @ %p\n", target_fdt); + } + else if (atag_valid) + { + grub_err_t err; + +- err = linux_prepare_atag (); ++ err = linux_prepare_atag (target_fdt); + if (err) + return err; +- grub_dprintf ("loader", "ATAG @ 0x%p\n", fdt_addr); ++ grub_dprintf ("loader", "ATAG @ %p\n", target_fdt); + } + + grub_dprintf ("loader", "Jumping to Linux...\n"); +@@ -274,18 +290,9 @@ linux_boot (void) + */ + linuxmain = (kernel_entry_t) linux_addr; + +-#ifdef GRUB_MACHINE_EFI +- { +- grub_err_t err; +- err = grub_efi_prepare_platform(); +- if (err != GRUB_ERR_NONE) +- return err; +- } +-#endif +- + grub_arm_disable_caches_mmu (); + +- linuxmain (0, machine_type, fdt_addr); ++ linuxmain (0, machine_type, target_fdt); + + return grub_error (GRUB_ERR_BAD_OS, "Linux call returned"); + } +@@ -296,17 +303,12 @@ linux_boot (void) + static grub_err_t + linux_load (const char *filename, grub_file_t file) + { ++ struct linux_arm_kernel_header *lh; + int size; + + size = grub_file_size (file); + +-#ifdef GRUB_MACHINE_EFI +- linux_addr = (grub_addr_t) grub_efi_allocate_loader_memory (LINUX_PHYS_OFFSET, size); +- if (!linux_addr) +- return grub_errno; +-#else + linux_addr = LINUX_ADDRESS; +-#endif + grub_dprintf ("loader", "Loading Linux to 0x%08x\n", + (grub_addr_t) linux_addr); + +@@ -318,9 +320,10 @@ linux_load (const char *filename, grub_file_t file) + return grub_errno; + } + +- if (size > LINUX_ZIMAGE_OFFSET + 4 +- && *(grub_uint32_t *) (linux_addr + LINUX_ZIMAGE_OFFSET) +- == LINUX_ZIMAGE_MAGIC) ++ lh = (void *) linux_addr; ++ ++ if ((grub_size_t) size > sizeof (*lh) && ++ lh->magic == GRUB_LINUX_ARM_MAGIC_SIGNATURE) + ; + else if (size > 0x8000 && *(grub_uint32_t *) (linux_addr) == 0xea000006 + && machine_type == GRUB_ARM_MACHINE_TYPE_RASPBERRY_PI) +@@ -410,20 +413,7 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), + + size = grub_get_initrd_size (&initrd_ctx); + +-#ifdef GRUB_MACHINE_EFI +- if (initrd_start) +- grub_efi_free_pages (initrd_start, +- (initrd_end - initrd_start + 0xfff) >> 12); +- initrd_start = (grub_addr_t) grub_efi_allocate_loader_memory (LINUX_INITRD_PHYS_OFFSET, size); +- +- if (!initrd_start) +- { +- grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory")); +- goto fail; +- } +-#else + initrd_start = LINUX_INITRD_ADDRESS; +-#endif + + grub_dprintf ("loader", "Loading initrd to 0x%08x\n", + (grub_addr_t) initrd_start); +@@ -444,11 +434,26 @@ fail: + static grub_err_t + load_dtb (grub_file_t dtb, int size) + { +- if ((grub_file_read (dtb, fdt_addr, size) != size) +- || (grub_fdt_check_header (fdt_addr, size) != 0)) +- return grub_error (GRUB_ERR_BAD_OS, N_("invalid device tree")); ++ void *new_fdt = grub_zalloc (size); ++ if (!new_fdt) ++ return grub_errno; ++ grub_dprintf ("loader", "Loading device tree to %p\n", ++ new_fdt); ++ if ((grub_file_read (dtb, new_fdt, size) != size) ++ || (grub_fdt_check_header (new_fdt, size) != 0)) ++ { ++ grub_free (new_fdt); ++ return grub_error (GRUB_ERR_BAD_OS, N_("invalid device tree")); ++ } ++ ++ grub_fdt_set_totalsize (new_fdt, size); ++ current_fdt = new_fdt; ++ /* ++ * We've successfully loaded an FDT, so any machine type passed ++ * from firmware is now obsolete. ++ */ ++ machine_type = GRUB_ARM_MACHINE_TYPE_FDT; + +- grub_fdt_set_totalsize (fdt_addr, size); + return GRUB_ERR_NONE; + } + +@@ -464,42 +469,13 @@ grub_cmd_devicetree (grub_command_t cmd __attribute__ ((unused)), + + dtb = grub_file_open (argv[0]); + if (!dtb) +- goto out; ++ return grub_errno; + + size = grub_file_size (dtb); + if (size == 0) +- { +- grub_error (GRUB_ERR_BAD_OS, "empty file"); +- goto out; +- } +- +-#ifdef GRUB_MACHINE_EFI +- fdt_addr = grub_efi_allocate_loader_memory (LINUX_FDT_PHYS_OFFSET, size); +- if (!fdt_addr) +- { +- grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory")); +- goto out; +- } +-#else +- fdt_addr = (void *) LINUX_FDT_ADDRESS; +-#endif +- +- grub_dprintf ("loader", "Loading device tree to 0x%08x\n", +- (grub_addr_t) fdt_addr); +- load_dtb (dtb, size); +- if (grub_errno != GRUB_ERR_NONE) +- { +- fdt_addr = NULL; +- goto out; +- } +- +- /* +- * We've successfully loaded an FDT, so any machine type passed +- * from firmware is now obsolete. +- */ +- machine_type = GRUB_ARM_MACHINE_TYPE_FDT; +- +- out: ++ grub_error (GRUB_ERR_BAD_OS, "empty file"); ++ else ++ load_dtb (dtb, size); + grub_file_close (dtb); + + return grub_errno; +@@ -517,7 +493,7 @@ GRUB_MOD_INIT (linux) + /* TRANSLATORS: DTB stands for device tree blob. */ + 0, N_("Load DTB file.")); + my_mod = mod; +- fdt_addr = (void *) grub_arm_firmware_get_boot_data (); ++ current_fdt = (const void *) grub_arm_firmware_get_boot_data (); + machine_type = grub_arm_firmware_get_machine_type (); + } + +diff --git a/grub-core/loader/arm64/linux.c b/grub-core/loader/arm64/linux.c +index 9519d2e4d3ec1229a76eb4bce773c78c7af24a6e..1f86229f86b01e4700bb13c9f936490ea9ac859f 100644 +--- a/grub-core/loader/arm64/linux.c ++++ b/grub-core/loader/arm64/linux.c +@@ -26,8 +26,9 @@ + #include + #include + #include +-#include + #include ++#include ++#include + #include + #include + #include +@@ -47,18 +48,16 @@ static grub_addr_t initrd_start; + static grub_addr_t initrd_end; + + grub_err_t +-grub_arm64_uefi_check_image (struct grub_arm64_linux_kernel_header * lh) ++grub_armxx_efi_linux_check_image (struct linux_armxx_kernel_header * lh) + { +- if (lh->magic != GRUB_ARM64_LINUX_MAGIC) ++ if (lh->magic != GRUB_LINUX_ARMXX_MAGIC_SIGNATURE) + return grub_error(GRUB_ERR_BAD_OS, "invalid magic number"); + +- if ((lh->code0 & 0xffff) != GRUB_EFI_PE_MAGIC) ++ if ((lh->code0 & 0xffff) != GRUB_PE32_MAGIC) + return grub_error (GRUB_ERR_NOT_IMPLEMENTED_YET, + N_("plain image kernel not supported - rebuild with CONFIG_(U)EFI_STUB enabled")); + + grub_dprintf ("linux", "UEFI stub kernel:\n"); +- grub_dprintf ("linux", "text_offset = 0x%012llx\n", +- (long long unsigned) lh->text_offset); + grub_dprintf ("linux", "PE/COFF header @ %08x\n", lh->hdr_offset); + + return GRUB_ERR_NONE; +@@ -86,8 +85,8 @@ finalize_params_linux (void) + /* Set initrd info */ + if (initrd_start && initrd_end > initrd_start) + { +- grub_dprintf ("linux", "Initrd @ 0x%012lx-0x%012lx\n", +- initrd_start, initrd_end); ++ grub_dprintf ("linux", "Initrd @ %p-%p\n", ++ (void *) initrd_start, (void *) initrd_end); + + retval = grub_fdt_set_prop64 (fdt, node, "linux,initrd-start", + initrd_start); +@@ -110,7 +109,7 @@ failure: + } + + grub_err_t +-grub_arm64_uefi_boot_image (grub_addr_t addr, grub_size_t size, char *args) ++grub_armxx_efi_linux_boot_image (grub_addr_t addr, grub_size_t size, char *args) + { + grub_efi_memory_mapped_device_path_t *mempath; + grub_efi_handle_t image_handle; +@@ -148,8 +147,7 @@ grub_arm64_uefi_boot_image (grub_addr_t addr, grub_size_t size, char *args) + loaded_image->load_options_size = len = + (grub_strlen (args) + 1) * sizeof (grub_efi_char16_t); + loaded_image->load_options = +- grub_efi_allocate_pages (0, +- GRUB_EFI_BYTES_TO_PAGES (loaded_image->load_options_size)); ++ grub_efi_allocate_any_pages (GRUB_EFI_BYTES_TO_PAGES (loaded_image->load_options_size)); + if (!loaded_image->load_options) + return grub_errno; + +@@ -162,7 +160,7 @@ grub_arm64_uefi_boot_image (grub_addr_t addr, grub_size_t size, char *args) + + /* When successful, not reached */ + b->unload_image (image_handle); +- grub_efi_free_pages ((grub_efi_physical_address_t) loaded_image->load_options, ++ grub_efi_free_pages ((grub_addr_t) loaded_image->load_options, + GRUB_EFI_BYTES_TO_PAGES (loaded_image->load_options_size)); + + return grub_errno; +@@ -174,8 +172,8 @@ grub_linux_boot (void) + if (finalize_params_linux () != GRUB_ERR_NONE) + return grub_errno; + +- return (grub_arm64_uefi_boot_image((grub_addr_t)kernel_addr, +- kernel_size, linux_args)); ++ return (grub_armxx_efi_linux_boot_image((grub_addr_t)kernel_addr, ++ kernel_size, linux_args)); + } + + static grub_err_t +@@ -189,12 +187,48 @@ grub_linux_unload (void) + initrd_start = initrd_end = 0; + grub_free (linux_args); + if (kernel_addr) +- grub_efi_free_pages ((grub_efi_physical_address_t) kernel_addr, ++ grub_efi_free_pages ((grub_addr_t) kernel_addr, + GRUB_EFI_BYTES_TO_PAGES (kernel_size)); + grub_fdt_unload (); + return GRUB_ERR_NONE; + } + ++/* ++ * As per linux/Documentation/arm/Booting ++ * ARM initrd needs to be covered by kernel linear mapping, ++ * so place it in the first 512MB of DRAM. ++ * ++ * As per linux/Documentation/arm64/booting.txt ++ * ARM64 initrd needs to be contained entirely within a 1GB aligned window ++ * of up to 32GB of size that covers the kernel image as well. ++ * Since the EFI stub loader will attempt to load the kernel near start of ++ * RAM, place the buffer in the first 32GB of RAM. ++ */ ++#ifdef __arm__ ++#define INITRD_MAX_ADDRESS_OFFSET (512U * 1024 * 1024) ++#else /* __aarch64__ */ ++#define INITRD_MAX_ADDRESS_OFFSET (32ULL * 1024 * 1024 * 1024) ++#endif ++ ++/* ++ * This function returns a pointer to a legally allocated initrd buffer, ++ * or NULL if unsuccessful ++ */ ++static void * ++allocate_initrd_mem (int initrd_pages) ++{ ++ grub_addr_t max_addr; ++ ++ if (grub_efi_get_ram_base (&max_addr) != GRUB_ERR_NONE) ++ return NULL; ++ ++ max_addr += INITRD_MAX_ADDRESS_OFFSET - 1; ++ ++ return grub_efi_allocate_pages_real (max_addr, initrd_pages, ++ GRUB_EFI_ALLOCATE_MAX_ADDRESS, ++ GRUB_EFI_LOADER_DATA); ++} ++ + static grub_err_t + grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), + int argc, char *argv[]) +@@ -223,7 +257,8 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), + grub_dprintf ("linux", "Loading initrd\n"); + + initrd_pages = (GRUB_EFI_BYTES_TO_PAGES (initrd_size)); +- initrd_mem = grub_efi_allocate_pages (0, initrd_pages); ++ initrd_mem = allocate_initrd_mem (initrd_pages); ++ + if (!initrd_mem) + { + grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory")); +@@ -241,8 +276,7 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), + fail: + grub_initrd_close (&initrd_ctx); + if (initrd_mem && !initrd_start) +- grub_efi_free_pages ((grub_efi_physical_address_t) initrd_mem, +- initrd_pages); ++ grub_efi_free_pages ((grub_addr_t) initrd_mem, initrd_pages); + + return grub_errno; + } +@@ -252,7 +286,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + int argc, char *argv[]) + { + grub_file_t file = 0; +- struct grub_arm64_linux_kernel_header lh; ++ struct linux_armxx_kernel_header lh; + + grub_dl_ref (my_mod); + +@@ -271,13 +305,13 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + if (grub_file_read (file, &lh, sizeof (lh)) < (long) sizeof (lh)) + return grub_errno; + +- if (grub_arm64_uefi_check_image (&lh) != GRUB_ERR_NONE) ++ if (grub_armxx_efi_linux_check_image (&lh) != GRUB_ERR_NONE) + goto fail; + + grub_loader_unset(); + + grub_dprintf ("linux", "kernel file size: %lld\n", (long long) kernel_size); +- kernel_addr = grub_efi_allocate_pages (0, GRUB_EFI_BYTES_TO_PAGES (kernel_size)); ++ kernel_addr = grub_efi_allocate_any_pages (GRUB_EFI_BYTES_TO_PAGES (kernel_size)); + grub_dprintf ("linux", "kernel numpages: %lld\n", + (long long) GRUB_EFI_BYTES_TO_PAGES (kernel_size)); + if (!kernel_addr) +@@ -329,7 +363,7 @@ fail: + grub_free (linux_args); + + if (kernel_addr && !loaded) +- grub_efi_free_pages ((grub_efi_physical_address_t) kernel_addr, ++ grub_efi_free_pages ((grub_addr_t) kernel_addr, + GRUB_EFI_BYTES_TO_PAGES (kernel_size)); + + return grub_errno; +diff --git a/grub-core/loader/arm64/xen_boot.c b/grub-core/loader/arm64/xen_boot.c +index a914eb8e2df24ebaab41a2eb0ed205bcebafcf5d..1003a0b9997a46ea7e5106da02ef77e9be3a21fc 100644 +--- a/grub-core/loader/arm64/xen_boot.c ++++ b/grub-core/loader/arm64/xen_boot.c +@@ -27,9 +27,10 @@ + #include + #include + #include +-#include + #include + #include ++#include ++#include + #include /* required by struct xen_hypervisor_header */ + #include + #include +@@ -66,7 +67,7 @@ typedef enum module_type module_type_t; + + struct xen_hypervisor_header + { +- struct grub_arm64_linux_kernel_header efi_head; ++ struct linux_arm64_kernel_header efi_head; + + /* This is always PE\0\0. */ + grub_uint8_t signature[GRUB_PE32_SIGNATURE_SIZE]; +@@ -115,6 +116,17 @@ prepare_xen_hypervisor_params (void *xen_boot_fdt) + if (chosen_node < 1) + return grub_error (GRUB_ERR_IO, "failed to get chosen node in FDT"); + ++ /* ++ * The address and size are always written using 64-bits value. Set ++ * #address-cells and #size-cells accordingly. ++ */ ++ retval = grub_fdt_set_prop32 (xen_boot_fdt, chosen_node, "#address-cells", 2); ++ if (retval) ++ return grub_error (GRUB_ERR_IO, "failed to set #address-cells"); ++ retval = grub_fdt_set_prop32 (xen_boot_fdt, chosen_node, "#size-cells", 2); ++ if (retval) ++ return grub_error (GRUB_ERR_IO, "failed to set #size-cells"); ++ + grub_dprintf ("xen_loader", + "Xen Hypervisor cmdline : %s @ %p size:%d\n", + xen_hypervisor->cmdline, xen_hypervisor->cmdline, +@@ -156,7 +168,7 @@ prepare_xen_module_params (struct xen_boot_binary *module, void *xen_boot_fdt) + grub_fdt_add_subnode (xen_boot_fdt, chosen_node, module_name); + + retval = grub_fdt_set_prop (xen_boot_fdt, module_node, "compatible", +- MODULE_CUSTOM_COMPATIBLE, sizeof(MODULE_CUSTOM_COMPATIBLE) - 1); ++ MODULE_CUSTOM_COMPATIBLE, sizeof(MODULE_CUSTOM_COMPATIBLE)); + if (retval) + return grub_error (GRUB_ERR_IO, "failed to update FDT"); + +@@ -253,9 +265,9 @@ xen_boot (void) + if (err) + return err; + +- return grub_arm64_uefi_boot_image (xen_hypervisor->start, +- xen_hypervisor->size, +- xen_hypervisor->cmdline); ++ return grub_armxx_efi_linux_boot_image (xen_hypervisor->start, ++ xen_hypervisor->size, ++ xen_hypervisor->cmdline); + } + + static void +@@ -324,10 +336,9 @@ xen_boot_binary_load (struct xen_boot_binary *binary, grub_file_t file, + grub_dprintf ("xen_loader", "Xen_boot file size: 0x%lx\n", binary->size); + + binary->start +- = (grub_addr_t) grub_efi_allocate_pages (0, +- GRUB_EFI_BYTES_TO_PAGES +- (binary->size + +- binary->align)); ++ = (grub_addr_t) grub_efi_allocate_any_pages (GRUB_EFI_BYTES_TO_PAGES ++ (binary->size + ++ binary->align)); + if (!binary->start) + { + grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory")); +@@ -379,6 +390,20 @@ grub_cmd_xen_module (grub_command_t cmd __attribute__((unused)), + + struct xen_boot_binary *module = NULL; + grub_file_t file = 0; ++ int nounzip = 0; ++ ++ if (!argc) ++ { ++ grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected")); ++ goto fail; ++ } ++ ++ if (grub_strcmp (argv[0], "--nounzip") == 0) ++ { ++ argv++; ++ argc--; ++ nounzip = 1; ++ } + + if (!argc) + { +@@ -403,6 +428,8 @@ grub_cmd_xen_module (grub_command_t cmd __attribute__((unused)), + + grub_dprintf ("xen_loader", "Init module and node info\n"); + ++ if (nounzip) ++ grub_file_filter_disable_compression (); + file = grub_file_open (argv[0]); + if (!file) + goto fail; +@@ -441,8 +468,8 @@ grub_cmd_xen_hypervisor (grub_command_t cmd __attribute__ ((unused)), + + if (grub_file_read (file, &sh, sizeof (sh)) != (long) sizeof (sh)) + goto fail; +- if (grub_arm64_uefi_check_image +- ((struct grub_arm64_linux_kernel_header *) &sh) != GRUB_ERR_NONE) ++ if (grub_armxx_efi_linux_check_image ++ ((struct linux_armxx_kernel_header *) &sh) != GRUB_ERR_NONE) + goto fail; + grub_file_seek (file, 0); + +diff --git a/grub-core/loader/arm64/fdt.c b/grub-core/loader/efi/fdt.c +similarity index 79% +rename from grub-core/loader/arm64/fdt.c +rename to grub-core/loader/efi/fdt.c +index db49cf64991764686c3f643e5289abbd4874a559..a4c6e8036454c1a53deefad791133488281462ea 100644 +--- a/grub-core/loader/arm64/fdt.c ++++ b/grub-core/loader/efi/fdt.c +@@ -18,26 +18,33 @@ + + #include + #include +-#include + #include + #include + #include + #include + #include ++#include ++#include + + static void *loaded_fdt; + static void *fdt; + ++#define FDT_ADDR_CELLS_STRING "#address-cells" ++#define FDT_SIZE_CELLS_STRING "#size-cells" ++#define FDT_ADDR_SIZE_EXTRA ((2 * grub_fdt_prop_entry_size (sizeof(grub_uint32_t))) + \ ++ sizeof (FDT_ADDR_CELLS_STRING) + \ ++ sizeof (FDT_SIZE_CELLS_STRING)) ++ + void * + grub_fdt_load (grub_size_t additional_size) + { + void *raw_fdt; +- grub_size_t size; ++ unsigned int size; + + if (fdt) + { + size = GRUB_EFI_BYTES_TO_PAGES (grub_fdt_get_totalsize (fdt)); +- grub_efi_free_pages ((grub_efi_physical_address_t) fdt, size); ++ grub_efi_free_pages ((grub_addr_t) fdt, size); + } + + if (loaded_fdt) +@@ -45,12 +52,15 @@ grub_fdt_load (grub_size_t additional_size) + else + raw_fdt = grub_efi_get_firmware_fdt(); + +- size = +- raw_fdt ? grub_fdt_get_totalsize (raw_fdt) : GRUB_FDT_EMPTY_TREE_SZ; ++ if (raw_fdt) ++ size = grub_fdt_get_totalsize (raw_fdt); ++ else ++ size = GRUB_FDT_EMPTY_TREE_SZ + FDT_ADDR_SIZE_EXTRA; ++ + size += additional_size; + +- grub_dprintf ("linux", "allocating %ld bytes for fdt\n", size); +- fdt = grub_efi_allocate_pages (0, GRUB_EFI_BYTES_TO_PAGES (size)); ++ grub_dprintf ("linux", "allocating %d bytes for fdt\n", size); ++ fdt = grub_efi_allocate_any_pages (GRUB_EFI_BYTES_TO_PAGES (size)); + if (!fdt) + return NULL; + +@@ -62,6 +72,8 @@ grub_fdt_load (grub_size_t additional_size) + else + { + grub_fdt_create_empty_tree (fdt, size); ++ grub_fdt_set_prop32 (fdt, 0, FDT_ADDR_CELLS_STRING, 2); ++ grub_fdt_set_prop32 (fdt, 0, FDT_SIZE_CELLS_STRING, 2); + } + return fdt; + } +@@ -88,7 +100,7 @@ grub_fdt_unload (void) { + if (!fdt) { + return; + } +- grub_efi_free_pages ((grub_efi_physical_address_t) fdt, ++ grub_efi_free_pages ((grub_addr_t) fdt, + GRUB_EFI_BYTES_TO_PAGES (grub_fdt_get_totalsize (fdt))); + fdt = NULL; + } +diff --git a/grub-core/loader/i386/linux.c b/grub-core/loader/i386/linux.c +index 083f9417cb65e509e673dba09a71616c5661ab05..9b53d3168f9bb78eab7a124518e83915183912b9 100644 +--- a/grub-core/loader/i386/linux.c ++++ b/grub-core/loader/i386/linux.c +@@ -306,6 +306,12 @@ grub_linux_setup_video (struct linux_kernel_params *params) + params->lfb_line_len = mode_info.pitch; + + params->lfb_base = (grub_size_t) framebuffer; ++ ++#if defined (GRUB_MACHINE_EFI) && defined (__x86_64__) ++ params->ext_lfb_base = (grub_size_t) (((grub_uint64_t)(grub_size_t) framebuffer) >> 32); ++ params->capabilities |= VIDEO_CAPABILITY_64BIT_BASE; ++#endif ++ + params->lfb_size = ALIGN_UP (params->lfb_line_len * params->lfb_height, 65536); + + params->red_mask_size = mode_info.red_mask_size; +@@ -678,7 +684,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + int argc, char *argv[]) + { + grub_file_t file = 0; +- struct linux_kernel_header lh; ++ struct linux_i386_kernel_header lh; + grub_uint8_t setup_sects; + grub_size_t real_size, prot_size, prot_file_size; + grub_ssize_t len; +@@ -721,7 +727,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + + /* FIXME: 2.03 is not always good enough (Linux 2.4 can be 2.03 and + still not support 32-bit boot. */ +- if (lh.header != grub_cpu_to_le32_compile_time (GRUB_LINUX_MAGIC_SIGNATURE) ++ if (lh.header != grub_cpu_to_le32_compile_time (GRUB_LINUX_I386_MAGIC_SIGNATURE) + || grub_le_to_cpu16 (lh.version) < 0x0203) + { + grub_error (GRUB_ERR_BAD_OS, "version too old for 32-bit boot" +diff --git a/grub-core/loader/i386/multiboot_mbi.c b/grub-core/loader/i386/multiboot_mbi.c +index fd7b41b0cad4f26d1170d70692ac1ac27fd6bd73..dc98dbcae258b340e155c64f1f73213ac724806a 100644 +--- a/grub-core/loader/i386/multiboot_mbi.c ++++ b/grub-core/loader/i386/multiboot_mbi.c +@@ -239,7 +239,7 @@ grub_multiboot_get_mbi_size (void) + ret = sizeof (struct multiboot_info) + ALIGN_UP (cmdline_size, 4) + + modcnt * sizeof (struct multiboot_mod_list) + total_modcmd + + ALIGN_UP (sizeof(PACKAGE_STRING), 4) +- + grub_get_multiboot_mmap_count () * sizeof (struct multiboot_mmap_entry) ++ + grub_multiboot_get_mmap_count () * sizeof (struct multiboot_mmap_entry) + + elf_sec_entsize * elf_sec_num + + 256 * sizeof (struct multiboot_color) + #if GRUB_MACHINE_HAS_VBE || GRUB_MACHINE_HAS_VGA_TEXT +@@ -542,7 +542,7 @@ grub_multiboot_make_mbi (grub_uint32_t *target) + mbi->mods_count = 0; + } + +- mmap_size = grub_get_multiboot_mmap_count () ++ mmap_size = grub_multiboot_get_mmap_count () + * sizeof (struct multiboot_mmap_entry); + grub_fill_multiboot_mmap ((struct multiboot_mmap_entry *) ptrorig); + mbi->mmap_length = mmap_size; +diff --git a/grub-core/loader/i386/pc/chainloader.c b/grub-core/loader/i386/pc/chainloader.c +index c79c4fe0fc99a876b3e92f0a24f16cd636e00a0d..ef3a322b78cf10a406c0420780f821e2e1d1b284 100644 +--- a/grub-core/loader/i386/pc/chainloader.c ++++ b/grub-core/loader/i386/pc/chainloader.c +@@ -19,6 +19,7 @@ + + #include + #include ++#include + #include + #include + #include +@@ -86,9 +87,16 @@ grub_chainloader_unload (void) + void + grub_chainloader_patch_bpb (void *bs, grub_device_t dev, grub_uint8_t dl) + { +- grub_uint32_t part_start = 0; ++ grub_uint32_t part_start = 0, heads = 0, sectors = 0; + if (dev && dev->disk) +- part_start = grub_partition_get_start (dev->disk->partition); ++ { ++ part_start = grub_partition_get_start (dev->disk->partition); ++ if (dev->disk->data) ++ { ++ heads = ((struct grub_biosdisk_data *)(dev->disk->data))->heads; ++ sectors = ((struct grub_biosdisk_data *)(dev->disk->data))->sectors; ++ } ++ } + if (grub_memcmp ((char *) &((struct grub_ntfs_bpb *) bs)->oem_name, + "NTFS", 4) == 0) + { +@@ -117,7 +125,7 @@ grub_chainloader_patch_bpb (void *bs, grub_device_t dev, grub_uint8_t dl) + + if (bpb->num_reserved_sectors == 0) + break; +- if (bpb->num_total_sectors_16 == 0 || bpb->num_total_sectors_32 == 0) ++ if (bpb->num_total_sectors_16 == 0 && bpb->num_total_sectors_32 == 0) + break; + + if (bpb->num_fats == 0) +@@ -127,12 +135,20 @@ grub_chainloader_patch_bpb (void *bs, grub_device_t dev, grub_uint8_t dl) + { + bpb->num_hidden_sectors = grub_cpu_to_le32 (part_start); + bpb->version_specific.fat12_or_fat16.num_ph_drive = dl; ++ if (sectors) ++ bpb->sectors_per_track = grub_cpu_to_le16 (sectors); ++ if (heads) ++ bpb->num_heads = grub_cpu_to_le16 (heads); + return; + } + if (bpb->version_specific.fat32.sectors_per_fat_32) + { + bpb->num_hidden_sectors = grub_cpu_to_le32 (part_start); + bpb->version_specific.fat32.num_ph_drive = dl; ++ if (sectors) ++ bpb->sectors_per_track = grub_cpu_to_le16 (sectors); ++ if (heads) ++ bpb->num_heads = grub_cpu_to_le16 (heads); + return; + } + break; +diff --git a/grub-core/loader/i386/pc/linux.c b/grub-core/loader/i386/pc/linux.c +index a293b17aa101b308635bbed4086ae1547b91b884..b69cb7a3a7f8a9ca96a91a78c47fa1515e628699 100644 +--- a/grub-core/loader/i386/pc/linux.c ++++ b/grub-core/loader/i386/pc/linux.c +@@ -121,7 +121,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + int argc, char *argv[]) + { + grub_file_t file = 0; +- struct linux_kernel_header lh; ++ struct linux_i386_kernel_header lh; + grub_uint8_t setup_sects; + grub_size_t real_size; + grub_ssize_t len; +@@ -169,7 +169,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + + maximal_cmdline_size = 256; + +- if (lh.header == grub_cpu_to_le32_compile_time (GRUB_LINUX_MAGIC_SIGNATURE) ++ if (lh.header == grub_cpu_to_le32_compile_time (GRUB_LINUX_I386_MAGIC_SIGNATURE) + && grub_le_to_cpu16 (lh.version) >= 0x0200) + { + grub_linux_is_bzimage = (lh.loadflags & GRUB_LINUX_FLAG_BIG_KERNEL); +@@ -322,7 +322,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + goto fail; + } + +- if (lh.header != grub_cpu_to_le32_compile_time (GRUB_LINUX_MAGIC_SIGNATURE) ++ if (lh.header != grub_cpu_to_le32_compile_time (GRUB_LINUX_I386_MAGIC_SIGNATURE) + || grub_le_to_cpu16 (lh.version) < 0x0200) + /* Clear the heap space. */ + grub_memset (grub_linux_real_chunk +@@ -387,7 +387,7 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), + { + grub_size_t size = 0; + grub_addr_t addr_max, addr_min; +- struct linux_kernel_header *lh; ++ struct linux_i386_kernel_header *lh; + grub_uint8_t *initrd_chunk; + grub_addr_t initrd_addr; + grub_err_t err; +@@ -405,9 +405,9 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), + goto fail; + } + +- lh = (struct linux_kernel_header *) grub_linux_real_chunk; ++ lh = (struct linux_i386_kernel_header *) grub_linux_real_chunk; + +- if (!(lh->header == grub_cpu_to_le32_compile_time (GRUB_LINUX_MAGIC_SIGNATURE) ++ if (!(lh->header == grub_cpu_to_le32_compile_time (GRUB_LINUX_I386_MAGIC_SIGNATURE) + && grub_le_to_cpu16 (lh->version) >= 0x0200)) + { + grub_error (GRUB_ERR_BAD_OS, "the kernel is too old for initrd"); +diff --git a/grub-core/loader/i386/xen_file.c b/grub-core/loader/i386/xen_file.c +index 99fad4cadae42ab09497babca15cd9606557fcd2..77a93e7b228316e1df731e01e51e67f9225b4482 100644 +--- a/grub-core/loader/i386/xen_file.c ++++ b/grub-core/loader/i386/xen_file.c +@@ -26,7 +26,7 @@ grub_elf_t + grub_xen_file (grub_file_t file) + { + grub_elf_t elf; +- struct linux_kernel_header lh; ++ struct linux_i386_kernel_header lh; + grub_file_t off_file; + grub_uint32_t payload_offset, payload_length; + grub_uint8_t magic[6]; +@@ -43,7 +43,7 @@ grub_xen_file (grub_file_t file) + goto fail; + + if (lh.boot_flag != grub_cpu_to_le16_compile_time (0xaa55) +- || lh.header != grub_cpu_to_le32_compile_time (GRUB_LINUX_MAGIC_SIGNATURE) ++ || lh.header != grub_cpu_to_le32_compile_time (GRUB_LINUX_I386_MAGIC_SIGNATURE) + || grub_le_to_cpu16 (lh.version) < 0x0208) + { + grub_error (GRUB_ERR_BAD_OS, "version too old for xen boot"); +diff --git a/grub-core/loader/ia64/efi/linux.c b/grub-core/loader/ia64/efi/linux.c +index efaa42ccdd2bf74321de20cf5033a80676cc7dc3..750330d4572d0dcd09d02b4b75c1f03045fa897b 100644 +--- a/grub-core/loader/ia64/efi/linux.c ++++ b/grub-core/loader/ia64/efi/linux.c +@@ -252,7 +252,7 @@ allocate_pages (grub_uint64_t align, grub_uint64_t size_pages, + aligned_start += align; + if (aligned_start + size > end) + continue; +- mem = grub_efi_allocate_pages (aligned_start, size_pages); ++ mem = grub_efi_allocate_fixed (aligned_start, size_pages); + if (! mem) + { + grub_error (GRUB_ERR_OUT_OF_MEMORY, "cannot allocate memory"); +@@ -326,7 +326,7 @@ grub_linux_boot (void) + mmap_size = find_mmap_size (); + if (! mmap_size) + return grub_errno; +- mmap_buf = grub_efi_allocate_pages (0, page_align (mmap_size) >> 12); ++ mmap_buf = grub_efi_allocate_any_pages (page_align (mmap_size) >> 12); + if (! mmap_buf) + return grub_error (GRUB_ERR_IO, "cannot allocate memory map"); + err = grub_efi_finish_boot_services (&mmap_size, mmap_buf, &map_key, +@@ -422,7 +422,7 @@ grub_load_elf64 (grub_file_t file, void *buffer, const char *filename) + relocate = grub_env_get ("linux_relocate"); + if (!relocate || grub_strcmp (relocate, "force") != 0) + { +- kernel_mem = grub_efi_allocate_pages (low_addr, kernel_pages); ++ kernel_mem = grub_efi_allocate_fixed (low_addr, kernel_pages); + reloc_offset = 0; + } + /* Try to relocate. */ +@@ -524,7 +524,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + len += grub_strlen (argv[i]) + 1; + len += sizeof (struct ia64_boot_param) + 512; /* Room for extensions. */ + boot_param_pages = page_align (len) >> 12; +- boot_param = grub_efi_allocate_pages (0, boot_param_pages); ++ boot_param = grub_efi_allocate_any_pages (boot_param_pages); + if (boot_param == 0) + { + grub_error (GRUB_ERR_OUT_OF_MEMORY, +@@ -589,7 +589,7 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), + grub_dprintf ("linux", "Loading initrd\n"); + + initrd_pages = (page_align (initrd_size) >> 12); +- initrd_mem = grub_efi_allocate_pages (0, initrd_pages); ++ initrd_mem = grub_efi_allocate_any_pages (initrd_pages); + if (! initrd_mem) + { + grub_error (GRUB_ERR_OUT_OF_MEMORY, "cannot allocate pages"); +diff --git a/grub-core/loader/multiboot.c b/grub-core/loader/multiboot.c +index bd9d5b3e698588db594a2c334d715e0e883bab92..40c67e82489ec3ecf891ae564cde810bf280b242 100644 +--- a/grub-core/loader/multiboot.c ++++ b/grub-core/loader/multiboot.c +@@ -28,7 +28,15 @@ + + #include + #include ++#ifdef GRUB_USE_MULTIBOOT2 ++#include ++#define GRUB_MULTIBOOT_CONSOLE_FRAMEBUFFER GRUB_MULTIBOOT2_CONSOLE_FRAMEBUFFER ++#define GRUB_MULTIBOOT_CONSOLE_EGA_TEXT GRUB_MULTIBOOT2_CONSOLE_EGA_TEXT ++#define GRUB_MULTIBOOT(x) grub_multiboot2_ ## x ++#else + #include ++#define GRUB_MULTIBOOT(x) grub_multiboot_ ## x ++#endif + #include + #include + #include +@@ -49,8 +57,8 @@ GRUB_MOD_LICENSE ("GPLv3+"); + #include + #endif + +-struct grub_relocator *grub_multiboot_relocator = NULL; +-grub_uint32_t grub_multiboot_payload_eip; ++struct grub_relocator *GRUB_MULTIBOOT (relocator) = NULL; ++grub_uint32_t GRUB_MULTIBOOT (payload_eip); + #if defined (GRUB_MACHINE_PCBIOS) || defined (GRUB_MACHINE_MULTIBOOT) || defined (GRUB_MACHINE_COREBOOT) || defined (GRUB_MACHINE_QEMU) + #define DEFAULT_VIDEO_MODE "text" + #else +@@ -78,7 +86,7 @@ count_hook (grub_uint64_t addr __attribute__ ((unused)), + /* Return the length of the Multiboot mmap that will be needed to allocate + our platform's map. */ + grub_uint32_t +-grub_get_multiboot_mmap_count (void) ++GRUB_MULTIBOOT (get_mmap_count) (void) + { + grub_size_t count = 0; + +@@ -88,7 +96,7 @@ grub_get_multiboot_mmap_count (void) + } + + grub_err_t +-grub_multiboot_set_video_mode (void) ++GRUB_MULTIBOOT (set_video_mode) (void) + { + grub_err_t err; + const char *modevar; +@@ -130,9 +138,12 @@ static void + efi_boot (struct grub_relocator *rel, + grub_uint32_t target) + { ++#ifdef GRUB_USE_MULTIBOOT2 ++ struct grub_relocator_efi_state state_efi = MULTIBOOT2_EFI_INITIAL_STATE; ++#else + struct grub_relocator_efi_state state_efi = MULTIBOOT_EFI_INITIAL_STATE; +- +- state_efi.MULTIBOOT_EFI_ENTRY_REGISTER = grub_multiboot_payload_eip; ++#endif ++ state_efi.MULTIBOOT_EFI_ENTRY_REGISTER = GRUB_MULTIBOOT (payload_eip); + state_efi.MULTIBOOT_EFI_MBI_REGISTER = target; + + grub_relocator_efi_boot (rel, state_efi); +@@ -164,19 +175,23 @@ static grub_err_t + grub_multiboot_boot (void) + { + grub_err_t err; ++ ++#ifdef GRUB_USE_MULTIBOOT2 ++ struct grub_relocator32_state state = MULTIBOOT2_INITIAL_STATE; ++#else + struct grub_relocator32_state state = MULTIBOOT_INITIAL_STATE; ++#endif ++ state.MULTIBOOT_ENTRY_REGISTER = GRUB_MULTIBOOT (payload_eip); + +- state.MULTIBOOT_ENTRY_REGISTER = grub_multiboot_payload_eip; +- +- err = grub_multiboot_make_mbi (&state.MULTIBOOT_MBI_REGISTER); ++ err = GRUB_MULTIBOOT (make_mbi) (&state.MULTIBOOT_MBI_REGISTER); + + if (err) + return err; + + if (grub_efi_is_finished) +- normal_boot (grub_multiboot_relocator, state); ++ normal_boot (GRUB_MULTIBOOT (relocator), state); + else +- efi_boot (grub_multiboot_relocator, state.MULTIBOOT_MBI_REGISTER); ++ efi_boot (GRUB_MULTIBOOT (relocator), state.MULTIBOOT_MBI_REGISTER); + + /* Not reached. */ + return GRUB_ERR_NONE; +@@ -185,10 +200,10 @@ grub_multiboot_boot (void) + static grub_err_t + grub_multiboot_unload (void) + { +- grub_multiboot_free_mbi (); ++ GRUB_MULTIBOOT (free_mbi) (); + +- grub_relocator_unload (grub_multiboot_relocator); +- grub_multiboot_relocator = NULL; ++ grub_relocator_unload (GRUB_MULTIBOOT (relocator)); ++ GRUB_MULTIBOOT (relocator) = NULL; + + grub_dl_unref (my_mod); + +@@ -207,7 +222,7 @@ static grub_uint64_t highest_load; + + /* Load ELF32 or ELF64. */ + grub_err_t +-grub_multiboot_load_elf (mbi_load_data_t *mld) ++GRUB_MULTIBOOT (load_elf) (mbi_load_data_t *mld) + { + if (grub_multiboot_is_elf32 (mld->buffer)) + return grub_multiboot_load_elf32 (mld); +@@ -218,9 +233,9 @@ grub_multiboot_load_elf (mbi_load_data_t *mld) + } + + grub_err_t +-grub_multiboot_set_console (int console_type, int accepted_consoles, +- int width, int height, int depth, +- int console_req) ++GRUB_MULTIBOOT (set_console) (int console_type, int accepted_consoles, ++ int width, int height, int depth, ++ int console_req) + { + console_required = console_req; + if (!(accepted_consoles +@@ -313,19 +328,19 @@ grub_cmd_multiboot (grub_command_t cmd __attribute__ ((unused)), + grub_dl_ref (my_mod); + + /* Skip filename. */ +- grub_multiboot_init_mbi (argc - 1, argv + 1); ++ GRUB_MULTIBOOT (init_mbi) (argc - 1, argv + 1); + +- grub_relocator_unload (grub_multiboot_relocator); +- grub_multiboot_relocator = grub_relocator_new (); ++ grub_relocator_unload (GRUB_MULTIBOOT (relocator)); ++ GRUB_MULTIBOOT (relocator) = grub_relocator_new (); + +- if (!grub_multiboot_relocator) ++ if (!GRUB_MULTIBOOT (relocator)) + goto fail; + +- err = grub_multiboot_load (file, argv[0]); ++ err = GRUB_MULTIBOOT (load) (file, argv[0]); + if (err) + goto fail; + +- grub_multiboot_set_bootdev (); ++ GRUB_MULTIBOOT (set_bootdev) (); + + grub_loader_set (grub_multiboot_boot, grub_multiboot_unload, 0); + +@@ -335,8 +350,8 @@ grub_cmd_multiboot (grub_command_t cmd __attribute__ ((unused)), + + if (grub_errno != GRUB_ERR_NONE) + { +- grub_relocator_unload (grub_multiboot_relocator); +- grub_multiboot_relocator = NULL; ++ grub_relocator_unload (GRUB_MULTIBOOT (relocator)); ++ GRUB_MULTIBOOT (relocator) = NULL; + grub_dl_unref (my_mod); + } + +@@ -368,7 +383,7 @@ grub_cmd_module (grub_command_t cmd __attribute__ ((unused)), + if (argc == 0) + return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected")); + +- if (!grub_multiboot_relocator) ++ if (!GRUB_MULTIBOOT (relocator)) + return grub_error (GRUB_ERR_BAD_ARGUMENT, + N_("you need to load the kernel first")); + +@@ -389,7 +404,7 @@ grub_cmd_module (grub_command_t cmd __attribute__ ((unused)), + if (size) + { + grub_relocator_chunk_t ch; +- err = grub_relocator_alloc_chunk_align (grub_multiboot_relocator, &ch, ++ err = grub_relocator_alloc_chunk_align (GRUB_MULTIBOOT (relocator), &ch, + lowest_addr, (0xffffffff - size) + 1, + size, MULTIBOOT_MOD_ALIGN, + GRUB_RELOCATOR_PREFERENCE_NONE, 1); +@@ -407,7 +422,7 @@ grub_cmd_module (grub_command_t cmd __attribute__ ((unused)), + target = 0; + } + +- err = grub_multiboot_add_module (target, size, argc - 1, argv + 1); ++ err = GRUB_MULTIBOOT (add_module) (target, size, argc - 1, argv + 1); + if (err) + { + grub_file_close (file); +diff --git a/grub-core/loader/multiboot_elfxx.c b/grub-core/loader/multiboot_elfxx.c +index 5e649ed2545bee3fbe9602c9d97079160dc6420a..70cd1db513e679f0e02e06dc2de24747a62b88ba 100644 +--- a/grub-core/loader/multiboot_elfxx.c ++++ b/grub-core/loader/multiboot_elfxx.c +@@ -57,9 +57,9 @@ CONCAT(grub_multiboot_load_elf, XX) (mbi_load_data_t *mld) + char *phdr_base; + grub_err_t err; + grub_relocator_chunk_t ch; +- grub_uint32_t load_offset, load_size; ++ grub_uint32_t load_offset = 0, load_size; + int i; +- void *source; ++ void *source = NULL; + + if (ehdr->e_ident[EI_MAG0] != ELFMAG0 + || ehdr->e_ident[EI_MAG1] != ELFMAG1 +@@ -97,38 +97,38 @@ CONCAT(grub_multiboot_load_elf, XX) (mbi_load_data_t *mld) + return grub_error (GRUB_ERR_BAD_OS, "segment crosses 4 GiB border"); + #endif + +- load_size = highest_load - mld->link_base_addr; +- + if (mld->relocatable) + { ++ load_size = highest_load - mld->link_base_addr; ++ ++ grub_dprintf ("multiboot_loader", "align=0x%lx, preference=0x%x, " ++ "load_size=0x%x, avoid_efi_boot_services=%d\n", ++ (long) mld->align, mld->preference, load_size, ++ mld->avoid_efi_boot_services); ++ + if (load_size > mld->max_addr || mld->min_addr > mld->max_addr - load_size) + return grub_error (GRUB_ERR_BAD_OS, "invalid min/max address and/or load size"); + +- err = grub_relocator_alloc_chunk_align (grub_multiboot_relocator, &ch, ++ err = grub_relocator_alloc_chunk_align (GRUB_MULTIBOOT (relocator), &ch, + mld->min_addr, mld->max_addr - load_size, + load_size, mld->align ? mld->align : 1, + mld->preference, mld->avoid_efi_boot_services); ++ ++ if (err) ++ { ++ grub_dprintf ("multiboot_loader", "Cannot allocate memory for OS image\n"); ++ return err; ++ } ++ ++ mld->load_base_addr = get_physical_target_address (ch); ++ source = get_virtual_current_address (ch); + } + else +- err = grub_relocator_alloc_chunk_addr (grub_multiboot_relocator, &ch, +- mld->link_base_addr, load_size); ++ mld->load_base_addr = mld->link_base_addr; + +- if (err) +- { +- grub_dprintf ("multiboot_loader", "Cannot allocate memory for OS image\n"); +- return err; +- } +- +- mld->load_base_addr = get_physical_target_address (ch); +- source = get_virtual_current_address (ch); +- +- grub_dprintf ("multiboot_loader", "link_base_addr=0x%x, load_base_addr=0x%x, " +- "load_size=0x%x, relocatable=%d\n", mld->link_base_addr, +- mld->load_base_addr, load_size, mld->relocatable); +- +- if (mld->relocatable) +- grub_dprintf ("multiboot_loader", "align=0x%lx, preference=0x%x, avoid_efi_boot_services=%d\n", +- (long) mld->align, mld->preference, mld->avoid_efi_boot_services); ++ grub_dprintf ("multiboot_loader", "relocatable=%d, link_base_addr=0x%x, " ++ "load_base_addr=0x%x\n", mld->relocatable, ++ mld->link_base_addr, mld->load_base_addr); + + /* Load every loadable segment in memory. */ + for (i = 0; i < ehdr->e_phnum; i++) +@@ -139,7 +139,24 @@ CONCAT(grub_multiboot_load_elf, XX) (mbi_load_data_t *mld) + grub_dprintf ("multiboot_loader", "segment %d: paddr=0x%lx, memsz=0x%lx, vaddr=0x%lx\n", + i, (long) phdr(i)->p_paddr, (long) phdr(i)->p_memsz, (long) phdr(i)->p_vaddr); + +- load_offset = phdr(i)->p_paddr - mld->link_base_addr; ++ if (mld->relocatable) ++ { ++ load_offset = phdr(i)->p_paddr - mld->link_base_addr; ++ grub_dprintf ("multiboot_loader", "segment %d: load_offset=0x%x\n", i, load_offset); ++ } ++ else ++ { ++ err = grub_relocator_alloc_chunk_addr (GRUB_MULTIBOOT (relocator), &ch, ++ phdr(i)->p_paddr, phdr(i)->p_memsz); ++ ++ if (err) ++ { ++ grub_dprintf ("multiboot_loader", "Cannot allocate memory for OS image\n"); ++ return err; ++ } ++ ++ source = get_virtual_current_address (ch); ++ } + + if (phdr(i)->p_filesz != 0) + { +@@ -167,7 +184,7 @@ CONCAT(grub_multiboot_load_elf, XX) (mbi_load_data_t *mld) + if (phdr(i)->p_vaddr <= ehdr->e_entry + && phdr(i)->p_vaddr + phdr(i)->p_memsz > ehdr->e_entry) + { +- grub_multiboot_payload_eip = (ehdr->e_entry - phdr(i)->p_vaddr) ++ GRUB_MULTIBOOT (payload_eip) = (ehdr->e_entry - phdr(i)->p_vaddr) + + phdr(i)->p_paddr; + #ifdef MULTIBOOT_LOAD_ELF64 + # ifdef __mips +@@ -191,7 +208,7 @@ CONCAT(grub_multiboot_load_elf, XX) (mbi_load_data_t *mld) + #if defined (__i386__) || defined (__x86_64__) + + #elif defined (__mips) +- grub_multiboot_payload_eip |= 0x80000000; ++ GRUB_MULTIBOOT (payload_eip) |= 0x80000000; + #else + #error Please complete this + #endif +@@ -238,7 +255,7 @@ CONCAT(grub_multiboot_load_elf, XX) (mbi_load_data_t *mld) + if (sh->sh_size == 0) + continue; + +- err = grub_relocator_alloc_chunk_align (grub_multiboot_relocator, &ch, 0, ++ err = grub_relocator_alloc_chunk_align (GRUB_MULTIBOOT (relocator), &ch, 0, + (0xffffffff - sh->sh_size) + 1, + sh->sh_size, sh->sh_addralign, + GRUB_RELOCATOR_PREFERENCE_NONE, +@@ -264,8 +281,8 @@ CONCAT(grub_multiboot_load_elf, XX) (mbi_load_data_t *mld) + } + sh->sh_addr = target; + } +- grub_multiboot_add_elfsyms (ehdr->e_shnum, ehdr->e_shentsize, +- ehdr->e_shstrndx, shdr); ++ GRUB_MULTIBOOT (add_elfsyms) (ehdr->e_shnum, ehdr->e_shentsize, ++ ehdr->e_shstrndx, shdr); + } + + #undef phdr +diff --git a/grub-core/loader/multiboot_mbi2.c b/grub-core/loader/multiboot_mbi2.c +index b0679a9f6c9848d81cb74cf799ad3a7b235d937c..4df6595954d889028e4525bb66b42cf391f4c9ce 100644 +--- a/grub-core/loader/multiboot_mbi2.c ++++ b/grub-core/loader/multiboot_mbi2.c +@@ -22,7 +22,7 @@ + #include + #include + #endif +-#include ++#include + #include + #include + #include +@@ -71,7 +71,7 @@ static int keep_bs = 0; + static grub_uint32_t load_base_addr; + + void +-grub_multiboot_add_elfsyms (grub_size_t num, grub_size_t entsize, ++grub_multiboot2_add_elfsyms (grub_size_t num, grub_size_t entsize, + unsigned shndx, void *data) + { + elf_sec_num = num; +@@ -90,17 +90,17 @@ find_header (grub_properly_aligned_t *buffer, grub_ssize_t len) + ((char *) header <= (char *) buffer + len - 12); + header = (struct multiboot_header *) ((grub_uint32_t *) header + MULTIBOOT_HEADER_ALIGN / 4)) + { +- if (header->magic == MULTIBOOT_HEADER_MAGIC ++ if (header->magic == MULTIBOOT2_HEADER_MAGIC + && !(header->magic + header->architecture + + header->header_length + header->checksum) +- && header->architecture == MULTIBOOT_ARCHITECTURE_CURRENT) ++ && header->architecture == MULTIBOOT2_ARCHITECTURE_CURRENT) + return header; + } + return NULL; + } + + grub_err_t +-grub_multiboot_load (grub_file_t file, const char *filename) ++grub_multiboot2_load (grub_file_t file, const char *filename) + { + grub_ssize_t len; + struct multiboot_header *header; +@@ -112,7 +112,7 @@ grub_multiboot_load (grub_file_t file, const char *filename) + grub_addr_t entry = 0, efi_entry = 0; + grub_uint32_t console_required = 0; + struct multiboot_header_tag_framebuffer *fbtag = NULL; +- int accepted_consoles = GRUB_MULTIBOOT_CONSOLE_EGA_TEXT; ++ int accepted_consoles = GRUB_MULTIBOOT2_CONSOLE_EGA_TEXT; + mbi_load_data_t mld; + + mld.mbi_ver = 2; +@@ -210,7 +210,7 @@ grub_multiboot_load (grub_file_t file, const char *filename) + case MULTIBOOT_HEADER_TAG_CONSOLE_FLAGS: + if (!(((struct multiboot_header_tag_console_flags *) tag)->console_flags + & MULTIBOOT_CONSOLE_FLAGS_EGA_TEXT_SUPPORTED)) +- accepted_consoles &= ~GRUB_MULTIBOOT_CONSOLE_EGA_TEXT; ++ accepted_consoles &= ~GRUB_MULTIBOOT2_CONSOLE_EGA_TEXT; + if (((struct multiboot_header_tag_console_flags *) tag)->console_flags + & MULTIBOOT_CONSOLE_FLAGS_CONSOLE_REQUIRED) + console_required = 1; +@@ -218,7 +218,7 @@ grub_multiboot_load (grub_file_t file, const char *filename) + + case MULTIBOOT_HEADER_TAG_FRAMEBUFFER: + fbtag = (struct multiboot_header_tag_framebuffer *) tag; +- accepted_consoles |= GRUB_MULTIBOOT_CONSOLE_FRAMEBUFFER; ++ accepted_consoles |= GRUB_MULTIBOOT2_CONSOLE_FRAMEBUFFER; + break; + + case MULTIBOOT_HEADER_TAG_RELOCATABLE: +@@ -295,13 +295,13 @@ grub_multiboot_load (grub_file_t file, const char *filename) + return grub_error (GRUB_ERR_BAD_OS, "invalid min/max address and/or load size"); + } + +- err = grub_relocator_alloc_chunk_align (grub_multiboot_relocator, &ch, ++ err = grub_relocator_alloc_chunk_align (grub_multiboot2_relocator, &ch, + mld.min_addr, mld.max_addr - code_size, + code_size, mld.align ? mld.align : 1, + mld.preference, keep_bs); + } + else +- err = grub_relocator_alloc_chunk_addr (grub_multiboot_relocator, ++ err = grub_relocator_alloc_chunk_addr (grub_multiboot2_relocator, + &ch, load_addr, code_size); + if (err) + { +@@ -343,7 +343,7 @@ grub_multiboot_load (grub_file_t file, const char *filename) + mld.file = file; + mld.filename = filename; + mld.avoid_efi_boot_services = keep_bs; +- err = grub_multiboot_load_elf (&mld); ++ err = grub_multiboot2_load_elf (&mld); + if (err) + { + grub_free (mld.buffer); +@@ -354,9 +354,9 @@ grub_multiboot_load (grub_file_t file, const char *filename) + load_base_addr = mld.load_base_addr; + + if (keep_bs && efi_entry_specified) +- grub_multiboot_payload_eip = efi_entry; ++ grub_multiboot2_payload_eip = efi_entry; + else if (entry_specified) +- grub_multiboot_payload_eip = entry; ++ grub_multiboot2_payload_eip = entry; + + if (mld.relocatable) + { +@@ -370,20 +370,20 @@ grub_multiboot_load (grub_file_t file, const char *filename) + * 64-bit int here. + */ + if (mld.load_base_addr >= mld.link_base_addr) +- grub_multiboot_payload_eip += mld.load_base_addr - mld.link_base_addr; ++ grub_multiboot2_payload_eip += mld.load_base_addr - mld.link_base_addr; + else +- grub_multiboot_payload_eip -= mld.link_base_addr - mld.load_base_addr; ++ grub_multiboot2_payload_eip -= mld.link_base_addr - mld.load_base_addr; + } + + if (fbtag) +- err = grub_multiboot_set_console (GRUB_MULTIBOOT_CONSOLE_FRAMEBUFFER, +- accepted_consoles, +- fbtag->width, fbtag->height, +- fbtag->depth, console_required); ++ err = grub_multiboot2_set_console (GRUB_MULTIBOOT2_CONSOLE_FRAMEBUFFER, ++ accepted_consoles, ++ fbtag->width, fbtag->height, ++ fbtag->depth, console_required); + else +- err = grub_multiboot_set_console (GRUB_MULTIBOOT_CONSOLE_EGA_TEXT, +- accepted_consoles, +- 0, 0, 0, console_required); ++ err = grub_multiboot2_set_console (GRUB_MULTIBOOT2_CONSOLE_EGA_TEXT, ++ accepted_consoles, ++ 0, 0, 0, console_required); + return err; + } + +@@ -459,7 +459,7 @@ net_size (void) + } + + static grub_size_t +-grub_multiboot_get_mbi_size (void) ++grub_multiboot2_get_mbi_size (void) + { + #ifdef GRUB_MACHINE_EFI + if (!keep_bs && !efi_mmap_size) +@@ -478,7 +478,7 @@ grub_multiboot_get_mbi_size (void) + + ALIGN_UP (sizeof (struct multiboot_tag_elf_sections), MULTIBOOT_TAG_ALIGN) + + ALIGN_UP (elf_sec_entsize * elf_sec_num, MULTIBOOT_TAG_ALIGN) + + ALIGN_UP ((sizeof (struct multiboot_tag_mmap) +- + grub_get_multiboot_mmap_count () ++ + grub_multiboot2_get_mmap_count () + * sizeof (struct multiboot_mmap_entry)), MULTIBOOT_TAG_ALIGN) + + ALIGN_UP (sizeof (struct multiboot_tag_framebuffer), MULTIBOOT_TAG_ALIGN) + + ALIGN_UP (sizeof (struct multiboot_tag_old_acpi) +@@ -522,7 +522,7 @@ grub_fill_multiboot_mmap (struct multiboot_tag_mmap *tag) + + tag->type = MULTIBOOT_TAG_TYPE_MMAP; + tag->size = sizeof (struct multiboot_tag_mmap) +- + sizeof (struct multiboot_mmap_entry) * grub_get_multiboot_mmap_count (); ++ + sizeof (struct multiboot_mmap_entry) * grub_multiboot2_get_mmap_count (); + tag->entry_size = sizeof (struct multiboot_mmap_entry); + tag->entry_version = 0; + +@@ -588,7 +588,7 @@ retrieve_video_parameters (grub_properly_aligned_t **ptrorig) + struct multiboot_tag_framebuffer *tag + = (struct multiboot_tag_framebuffer *) *ptrorig; + +- err = grub_multiboot_set_video_mode (); ++ err = grub_multiboot2_set_video_mode (); + if (err) + { + grub_print_error (); +@@ -731,7 +731,7 @@ retrieve_video_parameters (grub_properly_aligned_t **ptrorig) + } + + grub_err_t +-grub_multiboot_make_mbi (grub_uint32_t *target) ++grub_multiboot2_make_mbi (grub_uint32_t *target) + { + grub_properly_aligned_t *ptrorig; + grub_properly_aligned_t *mbistart; +@@ -739,11 +739,11 @@ grub_multiboot_make_mbi (grub_uint32_t *target) + grub_size_t bufsize; + grub_relocator_chunk_t ch; + +- bufsize = grub_multiboot_get_mbi_size (); ++ bufsize = grub_multiboot2_get_mbi_size (); + + COMPILE_TIME_ASSERT (MULTIBOOT_TAG_ALIGN % sizeof (grub_properly_aligned_t) == 0); + +- err = grub_relocator_alloc_chunk_align (grub_multiboot_relocator, &ch, ++ err = grub_relocator_alloc_chunk_align (grub_multiboot2_relocator, &ch, + 0, 0xffffffff - bufsize, + bufsize, MULTIBOOT_TAG_ALIGN, + GRUB_RELOCATOR_PREFERENCE_NONE, 1); +@@ -1039,7 +1039,7 @@ grub_multiboot_make_mbi (grub_uint32_t *target) + } + + void +-grub_multiboot_free_mbi (void) ++grub_multiboot2_free_mbi (void) + { + struct module *cur, *next; + +@@ -1061,11 +1061,11 @@ grub_multiboot_free_mbi (void) + } + + grub_err_t +-grub_multiboot_init_mbi (int argc, char *argv[]) ++grub_multiboot2_init_mbi (int argc, char *argv[]) + { + grub_ssize_t len = 0; + +- grub_multiboot_free_mbi (); ++ grub_multiboot2_free_mbi (); + + len = grub_loader_cmdline_size (argc, argv); + +@@ -1081,7 +1081,7 @@ grub_multiboot_init_mbi (int argc, char *argv[]) + } + + grub_err_t +-grub_multiboot_add_module (grub_addr_t start, grub_size_t size, ++grub_multiboot2_add_module (grub_addr_t start, grub_size_t size, + int argc, char *argv[]) + { + struct module *newmod; +@@ -1119,7 +1119,7 @@ grub_multiboot_add_module (grub_addr_t start, grub_size_t size, + } + + void +-grub_multiboot_set_bootdev (void) ++grub_multiboot2_set_bootdev (void) + { + grub_device_t dev; + +diff --git a/grub-core/net/arp.c b/grub-core/net/arp.c +index 4b68c4151a11db214602f74e111e7552801d8450..54306e3b16d25fe5d3bdf9502683822237be488d 100644 +--- a/grub-core/net/arp.c ++++ b/grub-core/net/arp.c +@@ -111,8 +111,8 @@ grub_net_arp_send_request (struct grub_net_network_level_interface *inf, + } + + grub_err_t +-grub_net_arp_receive (struct grub_net_buff *nb, +- struct grub_net_card *card) ++grub_net_arp_receive (struct grub_net_buff *nb, struct grub_net_card *card, ++ grub_uint16_t *vlantag) + { + struct arppkt *arp_packet = (struct arppkt *) nb->data; + grub_net_network_level_address_t sender_addr, target_addr; +@@ -138,6 +138,14 @@ grub_net_arp_receive (struct grub_net_buff *nb, + + FOR_NET_NETWORK_LEVEL_INTERFACES (inf) + { ++ /* Verify vlantag id */ ++ if (inf->card == card && inf->vlantag != *vlantag) ++ { ++ grub_dprintf ("net", "invalid vlantag! %x != %x\n", ++ inf->vlantag, *vlantag); ++ break; ++ } ++ + /* Am I the protocol address target? */ + if (grub_net_addr_cmp (&inf->address, &target_addr) == 0 + && arp_packet->op == grub_cpu_to_be16_compile_time (ARP_REQUEST)) +diff --git a/grub-core/net/drivers/ieee1275/ofnet.c b/grub-core/net/drivers/ieee1275/ofnet.c +index a78d164db1a0abbaf0417f70dc7180b9b2c4df76..002446be1c385934762824a965806ffb75f422a0 100644 +--- a/grub-core/net/drivers/ieee1275/ofnet.c ++++ b/grub-core/net/drivers/ieee1275/ofnet.c +@@ -153,11 +153,11 @@ grub_ieee1275_parse_bootpath (const char *devpath, char *bootpath, + char *comma_char = 0; + char *equal_char = 0; + grub_size_t field_counter = 0; +- + grub_net_network_level_address_t client_addr, gateway_addr, subnet_mask; + grub_net_link_level_address_t hw_addr; + grub_net_interface_flags_t flags = 0; + struct grub_net_network_level_interface *inter = NULL; ++ grub_uint16_t vlantag = 0; + + hw_addr.type = GRUB_NET_LINK_LEVEL_PROTOCOL_ETHERNET; + +@@ -175,6 +175,11 @@ grub_ieee1275_parse_bootpath (const char *devpath, char *bootpath, + *equal_char = 0; + grub_env_set_net_property ((*card)->name, args, equal_char + 1, + grub_strlen(equal_char + 1)); ++ ++ if ((grub_strcmp (args, "vtag") == 0) && ++ (grub_strlen (equal_char + 1) == 8)) ++ vlantag = grub_strtoul (equal_char + 1 + 4, 0, 16); ++ + *equal_char = '='; + } + else +@@ -213,8 +218,10 @@ grub_ieee1275_parse_bootpath (const char *devpath, char *bootpath, + hw_addr.mac, sizeof(hw_addr.mac), 0); + inter = grub_net_add_addr ((*card)->name, *card, &client_addr, &hw_addr, + flags); ++ inter->vlantag = vlantag; + grub_net_add_ipv4_local (inter, + __builtin_ctz (~grub_le_to_cpu32 (subnet_mask.ipv4))); ++ + } + + if (gateway_addr.ipv4 != 0) +diff --git a/grub-core/net/ethernet.c b/grub-core/net/ethernet.c +index c397b1b348ce559070cabe1e0b6e28e4dbf254d8..4d7ceed6f93c7e87019546b544a4365a504f5f9f 100644 +--- a/grub-core/net/ethernet.c ++++ b/grub-core/net/ethernet.c +@@ -18,6 +18,7 @@ + + #include + #include ++#include + #include + #include + #include +@@ -56,10 +57,17 @@ send_ethernet_packet (struct grub_net_network_level_interface *inf, + { + struct etherhdr *eth; + grub_err_t err; ++ grub_uint8_t etherhdr_size; ++ grub_uint16_t vlantag_id = VLANTAG_IDENTIFIER; + +- COMPILE_TIME_ASSERT (sizeof (*eth) < GRUB_NET_MAX_LINK_HEADER_SIZE); ++ etherhdr_size = sizeof (*eth); ++ COMPILE_TIME_ASSERT (sizeof (*eth) + 4 < GRUB_NET_MAX_LINK_HEADER_SIZE); + +- err = grub_netbuff_push (nb, sizeof (*eth)); ++ /* Increase ethernet header in case of vlantag */ ++ if (inf->vlantag != 0) ++ etherhdr_size += 4; ++ ++ err = grub_netbuff_push (nb, etherhdr_size); + if (err) + return err; + eth = (struct etherhdr *) nb->data; +@@ -76,6 +84,19 @@ send_ethernet_packet (struct grub_net_network_level_interface *inf, + return err; + inf->card->opened = 1; + } ++ ++ /* Check and add a vlan-tag if needed. */ ++ if (inf->vlantag != 0) ++ { ++ /* Move eth type to the right */ ++ grub_memcpy ((char *) nb->data + etherhdr_size - 2, ++ (char *) nb->data + etherhdr_size - 6, 2); ++ ++ /* Add the tag in the middle */ ++ grub_memcpy ((char *) nb->data + etherhdr_size - 6, &vlantag_id, 2); ++ grub_memcpy ((char *) nb->data + etherhdr_size - 4, (char *) &(inf->vlantag), 2); ++ } ++ + return inf->card->driver->send (inf->card, nb); + } + +@@ -90,10 +111,25 @@ grub_net_recv_ethernet_packet (struct grub_net_buff *nb, + grub_net_link_level_address_t hwaddress; + grub_net_link_level_address_t src_hwaddress; + grub_err_t err; ++ grub_uint8_t etherhdr_size = sizeof (*eth); ++ grub_uint16_t vlantag = 0; ++ ++ ++ /* Check if a vlan-tag is present. If so, the ethernet header is 4 bytes */ ++ /* longer than the original one. The vlantag id is extracted and the header */ ++ /* is reseted to the original size. */ ++ if (grub_get_unaligned16 (nb->data + etherhdr_size - 2) == VLANTAG_IDENTIFIER) ++ { ++ vlantag = grub_get_unaligned16 (nb->data + etherhdr_size); ++ etherhdr_size += 4; ++ /* Move eth type to the original position */ ++ grub_memcpy((char *) nb->data + etherhdr_size - 6, ++ (char *) nb->data + etherhdr_size - 2, 2); ++ } + + eth = (struct etherhdr *) nb->data; + type = grub_be_to_cpu16 (eth->type); +- err = grub_netbuff_pull (nb, sizeof (*eth)); ++ err = grub_netbuff_pull (nb, etherhdr_size); + if (err) + return err; + +@@ -121,13 +157,14 @@ grub_net_recv_ethernet_packet (struct grub_net_buff *nb, + { + /* ARP packet. */ + case GRUB_NET_ETHERTYPE_ARP: +- grub_net_arp_receive (nb, card); ++ grub_net_arp_receive (nb, card, &vlantag); + grub_netbuff_free (nb); + return GRUB_ERR_NONE; + /* IP packet. */ + case GRUB_NET_ETHERTYPE_IP: + case GRUB_NET_ETHERTYPE_IP6: +- return grub_net_recv_ip_packets (nb, card, &hwaddress, &src_hwaddress); ++ return grub_net_recv_ip_packets (nb, card, &hwaddress, &src_hwaddress, ++ &vlantag); + } + grub_netbuff_free (nb); + return GRUB_ERR_NONE; +diff --git a/grub-core/net/ip.c b/grub-core/net/ip.c +index aba4f89087bc14b1fe28a77794dd6792beb0bf36..7c95cc7464a09af4b223c94d6653a03f0dbee062 100644 +--- a/grub-core/net/ip.c ++++ b/grub-core/net/ip.c +@@ -228,12 +228,13 @@ handle_dgram (struct grub_net_buff *nb, + grub_net_ip_protocol_t proto, + const grub_net_network_level_address_t *source, + const grub_net_network_level_address_t *dest, ++ grub_uint16_t *vlantag, + grub_uint8_t ttl) + { + struct grub_net_network_level_interface *inf = NULL; + grub_err_t err; + int multicast = 0; +- ++ + /* DHCP needs special treatment since we don't know IP yet. */ + { + struct udphdr *udph; +@@ -293,6 +294,15 @@ handle_dgram (struct grub_net_buff *nb, + && grub_net_addr_cmp (&inf->address, dest) == 0 + && grub_net_hwaddr_cmp (&inf->hwaddress, hwaddress) == 0) + break; ++ ++ /* Verify vlantag id */ ++ if (inf->card == card && inf->vlantag != *vlantag) ++ { ++ grub_dprintf ("net", "invalid vlantag! %x != %x\n", ++ inf->vlantag, *vlantag); ++ break; ++ } ++ + /* Solicited node multicast. */ + if (inf->card == card + && inf->address.type == GRUB_NET_NETWORK_LEVEL_PROTOCOL_IPV6 +@@ -383,7 +393,8 @@ static grub_err_t + grub_net_recv_ip4_packets (struct grub_net_buff *nb, + struct grub_net_card *card, + const grub_net_link_level_address_t *hwaddress, +- const grub_net_link_level_address_t *src_hwaddress) ++ const grub_net_link_level_address_t *src_hwaddress, ++ grub_uint16_t *vlantag) + { + struct iphdr *iph = (struct iphdr *) nb->data; + grub_err_t err; +@@ -458,7 +469,7 @@ grub_net_recv_ip4_packets (struct grub_net_buff *nb, + dest.ipv4 = iph->dest; + + return handle_dgram (nb, card, src_hwaddress, hwaddress, iph->protocol, +- &source, &dest, iph->ttl); ++ &source, &dest, vlantag, iph->ttl); + } + + for (prev = &reassembles, rsm = *prev; rsm; prev = &rsm->next, rsm = *prev) +@@ -594,7 +605,7 @@ grub_net_recv_ip4_packets (struct grub_net_buff *nb, + dest.ipv4 = dst; + + return handle_dgram (ret, card, src_hwaddress, +- hwaddress, proto, &source, &dest, ++ hwaddress, proto, &source, &dest, vlantag, + ttl); + } + } +@@ -652,7 +663,8 @@ static grub_err_t + grub_net_recv_ip6_packets (struct grub_net_buff *nb, + struct grub_net_card *card, + const grub_net_link_level_address_t *hwaddress, +- const grub_net_link_level_address_t *src_hwaddress) ++ const grub_net_link_level_address_t *src_hwaddress, ++ grub_uint16_t *vlantag) + { + struct ip6hdr *iph = (struct ip6hdr *) nb->data; + grub_err_t err; +@@ -703,21 +715,24 @@ grub_net_recv_ip6_packets (struct grub_net_buff *nb, + grub_memcpy (dest.ipv6, &iph->dest, sizeof (dest.ipv6)); + + return handle_dgram (nb, card, src_hwaddress, hwaddress, iph->protocol, +- &source, &dest, iph->ttl); ++ &source, &dest, vlantag, iph->ttl); + } + + grub_err_t + grub_net_recv_ip_packets (struct grub_net_buff *nb, + struct grub_net_card *card, + const grub_net_link_level_address_t *hwaddress, +- const grub_net_link_level_address_t *src_hwaddress) ++ const grub_net_link_level_address_t *src_hwaddress, ++ grub_uint16_t *vlantag) + { + struct iphdr *iph = (struct iphdr *) nb->data; + + if ((iph->verhdrlen >> 4) == 4) +- return grub_net_recv_ip4_packets (nb, card, hwaddress, src_hwaddress); ++ return grub_net_recv_ip4_packets (nb, card, hwaddress, src_hwaddress, ++ vlantag); + if ((iph->verhdrlen >> 4) == 6) +- return grub_net_recv_ip6_packets (nb, card, hwaddress, src_hwaddress); ++ return grub_net_recv_ip6_packets (nb, card, hwaddress, src_hwaddress, ++ vlantag); + grub_dprintf ("net", "Bad IP version: %d\n", (iph->verhdrlen >> 4)); + grub_netbuff_free (nb); + return GRUB_ERR_NONE; +diff --git a/grub-core/normal/auth.c b/grub-core/normal/auth.c +index 7338f8245e3a9bbe47e821fb43c2b699b9527ffb..6be678c0de1ac236b60f765e767ae43d113b1117 100644 +--- a/grub-core/normal/auth.c ++++ b/grub-core/normal/auth.c +@@ -166,13 +166,13 @@ grub_username_get (char buf[], unsigned buf_size) + if (key == '\n' || key == '\r') + break; + +- if (key == '\e') ++ if (key == GRUB_TERM_ESC) + { + cur_len = 0; + break; + } + +- if (key == '\b') ++ if (key == GRUB_TERM_BACKSPACE) + { + if (cur_len) + { +@@ -197,7 +197,7 @@ grub_username_get (char buf[], unsigned buf_size) + grub_xputs ("\n"); + grub_refresh (); + +- return (key != '\e'); ++ return (key != GRUB_TERM_ESC); + } + + grub_err_t +diff --git a/grub-core/normal/cmdline.c b/grub-core/normal/cmdline.c +index a36180d75305f421e96903a46acb9dd99af06572..c037d5050ed2b34fa3b2ac0c7564e4208ca143c4 100644 +--- a/grub-core/normal/cmdline.c ++++ b/grub-core/normal/cmdline.c +@@ -626,12 +626,12 @@ grub_cmdline_get (const char *prompt_translated) + cl_insert (cl_terms, nterms, &lpos, &llen, &max_len, &buf, kill_buf); + break; + +- case '\e': ++ case GRUB_TERM_ESC: + grub_free (cl_terms); + grub_free (buf); + return 0; + +- case '\b': ++ case GRUB_TERM_BACKSPACE: + if (lpos > 0) + { + lpos--; +diff --git a/grub-core/normal/crypto.c b/grub-core/normal/crypto.c +index 2bfd67c8ef388097701a7415df3cd7321c6a1e57..e6d345f33458a167e703235d611afdd8c2a245b0 100644 +--- a/grub-core/normal/crypto.c ++++ b/grub-core/normal/crypto.c +@@ -147,8 +147,8 @@ read_crypto_list (const char *prefix) + if (! cur->modname) + { + grub_errno = GRUB_ERR_NONE; +- grub_free (cur); + grub_free (cur->name); ++ grub_free (cur); + continue; + } + cur->next = crypto_specs; +diff --git a/grub-core/normal/menu.c b/grub-core/normal/menu.c +index 719e2fb1c260b16d96cea2b787d7f7e592b428b7..e7a83c2d6e2aaa8248ed739b28f2c6be76622eb4 100644 +--- a/grub-core/normal/menu.c ++++ b/grub-core/normal/menu.c +@@ -763,7 +763,7 @@ run_menu (grub_menu_t menu, int nested, int *auto_boot) + *auto_boot = 0; + return current_entry; + +- case '\e': ++ case GRUB_TERM_ESC: + if (nested) + { + menu_fini (); +diff --git a/grub-core/normal/menu_entry.c b/grub-core/normal/menu_entry.c +index eeeee5580abea9798278ef85cf417366cf4f0e0a..cdf3590a3646ce4be0caf99cafedcbc38cbe51e4 100644 +--- a/grub-core/normal/menu_entry.c ++++ b/grub-core/normal/menu_entry.c +@@ -1403,7 +1403,7 @@ grub_menu_entry_run (grub_menu_entry_t entry) + goto fail; + break; + +- case '\e': ++ case GRUB_TERM_ESC: + destroy_screen (screen); + return; + +diff --git a/grub-core/osdep/linux/ofpath.c b/grub-core/osdep/linux/ofpath.c +index a79682a5e31e1b4e77d9b99f55cc5a1fca9e159b..a6153d359546d237933cba0f300e7d59fdb1007b 100644 +--- a/grub-core/osdep/linux/ofpath.c ++++ b/grub-core/osdep/linux/ofpath.c +@@ -38,6 +38,46 @@ + #include + #include + ++#ifdef __sparc__ ++typedef enum ++ { ++ GRUB_OFPATH_SPARC_WWN_ADDR = 1, ++ GRUB_OFPATH_SPARC_TGT_LUN, ++ } ofpath_sparc_addressing; ++ ++struct ofpath_sparc_hba ++{ ++ grub_uint32_t device_id; ++ ofpath_sparc_addressing addressing; ++}; ++ ++static struct ofpath_sparc_hba sparc_lsi_hba[] = { ++ /* Rhea, Jasper 320, LSI53C1020/1030. */ ++ {0x30, GRUB_OFPATH_SPARC_TGT_LUN}, ++ /* SAS-1068E. */ ++ {0x50, GRUB_OFPATH_SPARC_TGT_LUN}, ++ /* SAS-1064E. */ ++ {0x56, GRUB_OFPATH_SPARC_TGT_LUN}, ++ /* Pandora SAS-1068E. */ ++ {0x58, GRUB_OFPATH_SPARC_TGT_LUN}, ++ /* Aspen, Invader, LSI SAS-3108. */ ++ {0x5d, GRUB_OFPATH_SPARC_TGT_LUN}, ++ /* Niwot, SAS 2108. */ ++ {0x79, GRUB_OFPATH_SPARC_TGT_LUN}, ++ /* Erie, Falcon, LSI SAS 2008. */ ++ {0x72, GRUB_OFPATH_SPARC_WWN_ADDR}, ++ /* LSI WarpDrive 6203. */ ++ {0x7e, GRUB_OFPATH_SPARC_WWN_ADDR}, ++ /* LSI SAS 2308. */ ++ {0x87, GRUB_OFPATH_SPARC_WWN_ADDR}, ++ /* LSI SAS 3008. */ ++ {0x97, GRUB_OFPATH_SPARC_WWN_ADDR}, ++ {0, 0} ++}; ++ ++static const int LSI_VENDOR_ID = 0x1000; ++#endif ++ + #ifdef OFPATH_STANDALONE + #define xmalloc malloc + void +@@ -120,6 +160,8 @@ find_obppath (const char *sysfs_path_orig) + #endif + + fd = open(path, O_RDONLY); ++ ++#ifndef __sparc__ + if (fd < 0 || fstat (fd, &st) < 0) + { + if (fd >= 0) +@@ -127,6 +169,7 @@ find_obppath (const char *sysfs_path_orig) + snprintf(path, path_size, "%s/devspec", sysfs_path); + fd = open(path, O_RDONLY); + } ++#endif + + if (fd < 0 || fstat (fd, &st) < 0) + { +@@ -307,6 +350,55 @@ of_path_of_ide(const char *sys_devname __attribute__((unused)), const char *devi + return ret; + } + ++#ifdef __sparc__ ++static char * ++of_path_of_nvme(const char *sys_devname __attribute__((unused)), ++ const char *device, ++ const char *devnode __attribute__((unused)), ++ const char *devicenode) ++{ ++ char *sysfs_path, *of_path, disk[MAX_DISK_CAT]; ++ const char *digit_string, *part_end; ++ ++ digit_string = trailing_digits (device); ++ part_end = devicenode + strlen (devicenode) - 1; ++ ++ if ((*digit_string != '\0') && (*part_end == 'p')) ++ { ++ /* We have a partition number, strip it off. */ ++ int part; ++ char *nvmedev, *end; ++ ++ nvmedev = strdup (devicenode); ++ ++ if (!nvmedev) ++ return NULL; ++ ++ end = nvmedev + strlen (nvmedev) - 1; ++ /* Remove the p. */ ++ *end = '\0'; ++ sscanf (digit_string, "%d", &part); ++ snprintf (disk, sizeof (disk), "/disk@1:%c", 'a' + (part - 1)); ++ sysfs_path = block_device_get_sysfs_path_and_link (nvmedev); ++ free (nvmedev); ++ } ++ else ++ { ++ /* We do not have the parition. */ ++ snprintf (disk, sizeof (disk), "/disk@1"); ++ sysfs_path = block_device_get_sysfs_path_and_link (device); ++ } ++ ++ of_path = find_obppath (sysfs_path); ++ ++ if (of_path) ++ strcat (of_path, disk); ++ ++ free (sysfs_path); ++ return of_path; ++} ++#endif ++ + static int + vendor_is_ATA(const char *path) + { +@@ -335,6 +427,64 @@ vendor_is_ATA(const char *path) + return (memcmp(bufcont, "ATA", 3) == 0); + } + ++#ifdef __sparc__ ++static void ++check_hba_identifiers (const char *sysfs_path, int *vendor, int *device_id) ++{ ++ char *ed = strstr (sysfs_path, "host"); ++ size_t path_size; ++ char *p, *path; ++ char buf[8]; ++ int fd; ++ ++ if (!ed) ++ return; ++ ++ p = xstrdup (sysfs_path); ++ ed = strstr (p, "host"); ++ ++ *ed = '\0'; ++ ++ path_size = (strlen (p) + sizeof ("vendor")); ++ path = xmalloc (path_size); ++ ++ if (!path) ++ goto out; ++ ++ snprintf (path, path_size, "%svendor", p); ++ fd = open (path, O_RDONLY); ++ ++ if (fd < 0) ++ goto out; ++ ++ memset (buf, 0, sizeof (buf)); ++ ++ if (read (fd, buf, sizeof (buf) - 1) < 0) ++ goto out; ++ ++ close (fd); ++ sscanf (buf, "%x", vendor); ++ ++ snprintf (path, path_size, "%sdevice", p); ++ fd = open (path, O_RDONLY); ++ ++ if (fd < 0) ++ goto out; ++ ++ memset (buf, 0, sizeof (buf)); ++ ++ if (read (fd, buf, sizeof (buf) - 1) < 0) ++ goto out; ++ ++ close (fd); ++ sscanf (buf, "%x", device_id); ++ ++ out: ++ free (path); ++ free (p); ++} ++#endif ++ + static void + check_sas (const char *sysfs_path, int *tgt, unsigned long int *sas_address) + { +@@ -396,7 +546,7 @@ of_path_of_scsi(const char *sys_devname __attribute__((unused)), const char *dev + { + const char *p, *digit_string, *disk_name; + int host, bus, tgt, lun; +- unsigned long int sas_address; ++ unsigned long int sas_address = 0; + char *sysfs_path, disk[MAX_DISK_CAT - sizeof ("/fp@0,0")]; + char *of_path; + +@@ -413,9 +563,8 @@ of_path_of_scsi(const char *sys_devname __attribute__((unused)), const char *dev + } + + of_path = find_obppath(sysfs_path); +- free (sysfs_path); + if (!of_path) +- return NULL; ++ goto out; + + if (strstr (of_path, "qlc")) + strcat (of_path, "/fp@0,0"); +@@ -444,6 +593,46 @@ of_path_of_scsi(const char *sys_devname __attribute__((unused)), const char *dev + } + else + { ++#ifdef __sparc__ ++ ofpath_sparc_addressing addressing = GRUB_OFPATH_SPARC_TGT_LUN; ++ int vendor = 0, device_id = 0; ++ char *optr = disk; ++ ++ check_hba_identifiers (sysfs_path, &vendor, &device_id); ++ ++ if (vendor == LSI_VENDOR_ID) ++ { ++ struct ofpath_sparc_hba *lsi_hba; ++ ++ /* ++ * Over time different OF addressing schemes have been supported. ++ * There is no generic addressing scheme that works across ++ * every HBA. ++ */ ++ for (lsi_hba = sparc_lsi_hba; lsi_hba->device_id; lsi_hba++) ++ if (lsi_hba->device_id == device_id) ++ { ++ addressing = lsi_hba->addressing; ++ break; ++ } ++ } ++ ++ if (addressing == GRUB_OFPATH_SPARC_WWN_ADDR) ++ optr += snprintf (disk, sizeof (disk), "/%s@w%lx,%x", disk_name, ++ sas_address, lun); ++ else ++ optr += snprintf (disk, sizeof (disk), "/%s@%x,%x", disk_name, tgt, ++ lun); ++ ++ if (*digit_string != '\0') ++ { ++ int part; ++ ++ sscanf (digit_string, "%d", &part); ++ snprintf (optr, sizeof (disk) - (optr - disk - 1), ":%c", 'a' ++ + (part - 1)); ++ } ++#else + if (lun == 0) + { + int sas_id = 0; +@@ -491,8 +680,12 @@ of_path_of_scsi(const char *sys_devname __attribute__((unused)), const char *dev + } + free (lunstr); + } ++#endif + } + strcat(of_path, disk); ++ ++ out: ++ free (sysfs_path); + return of_path; + } + +@@ -537,6 +730,11 @@ grub_util_devname_to_ofpath (const char *sys_devname) + /* All the models I've seen have a devalias "floppy". + New models have no floppy at all. */ + ofpath = xstrdup ("floppy"); ++#ifdef __sparc__ ++ else if (device[0] == 'n' && device[1] == 'v' && device[2] == 'm' ++ && device[3] == 'e') ++ ofpath = of_path_of_nvme (name_buf, device, devnode, devicenode); ++#endif + else + { + grub_util_warn (_("unknown device type %s"), device); +diff --git a/grub-core/osdep/unix/exec.c b/grub-core/osdep/unix/exec.c +index 935ff120ebe117f7492715813789db364ef1b12f..db3259f6504d5d5958cfa330bfd4a8b12b64f970 100644 +--- a/grub-core/osdep/unix/exec.c ++++ b/grub-core/osdep/unix/exec.c +@@ -99,7 +99,7 @@ grub_util_exec_redirect_all (const char *const *argv, const char *stdin_file, + { + fd = open (stdin_file, O_RDONLY); + if (fd < 0) +- exit (127); ++ _exit (127); + dup2 (fd, STDIN_FILENO); + close (fd); + } +@@ -108,7 +108,7 @@ grub_util_exec_redirect_all (const char *const *argv, const char *stdin_file, + { + fd = open (stdout_file, O_WRONLY | O_CREAT, 0700); + if (fd < 0) +- exit (127); ++ _exit (127); + dup2 (fd, STDOUT_FILENO); + close (fd); + } +@@ -117,7 +117,7 @@ grub_util_exec_redirect_all (const char *const *argv, const char *stdin_file, + { + fd = open (stderr_file, O_WRONLY | O_CREAT, 0700); + if (fd < 0) +- exit (127); ++ _exit (127); + dup2 (fd, STDERR_FILENO); + close (fd); + } +@@ -126,7 +126,7 @@ grub_util_exec_redirect_all (const char *const *argv, const char *stdin_file, + setenv ("LC_ALL", "C", 1); + + execvp ((char *) argv[0], (char **) argv); +- exit (127); ++ _exit (127); + } + waitpid (pid, &status, 0); + if (!WIFEXITED (status)) +diff --git a/grub-core/osdep/unix/getroot.c b/grub-core/osdep/unix/getroot.c +index 4bf37b027be660a14994fb316f08dd478490c4e2..3046e22cc012d1012add87931a018043e3ecc714 100644 +--- a/grub-core/osdep/unix/getroot.c ++++ b/grub-core/osdep/unix/getroot.c +@@ -428,8 +428,11 @@ grub_find_device (const char *dir, dev_t dev) + { + #ifdef __linux__ + /* Skip device names like /dev/dm-0, which are short-hand aliases +- to more descriptive device names, e.g. those under /dev/mapper */ +- if (ent->d_name[0] == 'd' && ++ to more descriptive device names, e.g. those under /dev/mapper. ++ Also, don't skip devices which names start with dm-[0-9] in ++ directories below /dev, e.g. /dev/mapper/dm-0-luks. */ ++ if (strcmp (dir, "/dev") == 0 && ++ ent->d_name[0] == 'd' && + ent->d_name[1] == 'm' && + ent->d_name[2] == '-' && + ent->d_name[3] >= '0' && +diff --git a/grub-core/osdep/unix/hostdisk.c b/grub-core/osdep/unix/hostdisk.c +index 2a8c5882e3d10b98bc305a116f8cca06acfe89f5..5450cf4166e04c2cfab806e93dfa63c6abdb9698 100644 +--- a/grub-core/osdep/unix/hostdisk.c ++++ b/grub-core/osdep/unix/hostdisk.c +@@ -77,11 +77,19 @@ grub_util_get_fd_size (grub_util_fd_t fd, const char *name, unsigned *log_secsiz + int + grub_util_fd_seek (grub_util_fd_t fd, grub_uint64_t off) + { ++#if SIZEOF_OFF_T == 8 + off_t offset = (off_t) off; + + if (lseek (fd, offset, SEEK_SET) != offset) + return -1; ++#elif SIZEOF_OFF64_T == 8 ++ off64_t offset = (off64_t) off; + ++ if (lseek64 (fd, offset, SEEK_SET) != offset) ++ return -1; ++#else ++#error "No large file support" ++#endif + return 0; + } + +diff --git a/grub-core/osdep/unix/platform.c b/grub-core/osdep/unix/platform.c +index a3fcfcacaa814d3ab62104f0dd406ef0c2163613..ca448bc11a05b9e0c6203a799ff62ab1dd75274f 100644 +--- a/grub-core/osdep/unix/platform.c ++++ b/grub-core/osdep/unix/platform.c +@@ -78,19 +78,20 @@ get_ofpathname (const char *dev) + dev); + } + +-static void ++static int + grub_install_remove_efi_entries_by_distributor (const char *efi_distributor) + { + int fd; + pid_t pid = grub_util_exec_pipe ((const char * []){ "efibootmgr", NULL }, &fd); + char *line = NULL; + size_t len = 0; ++ int rc; + + if (!pid) + { + grub_util_warn (_("Unable to open stream from %s: %s"), + "efibootmgr", strerror (errno)); +- return; ++ return errno; + } + + FILE *fp = fdopen (fd, "r"); +@@ -98,7 +99,7 @@ grub_install_remove_efi_entries_by_distributor (const char *efi_distributor) + { + grub_util_warn (_("Unable to open stream from %s: %s"), + "efibootmgr", strerror (errno)); +- return; ++ return errno; + } + + line = xmalloc (80); +@@ -119,23 +120,25 @@ grub_install_remove_efi_entries_by_distributor (const char *efi_distributor) + bootnum = line + sizeof ("Boot") - 1; + bootnum[4] = '\0'; + if (!verbosity) +- grub_util_exec ((const char * []){ "efibootmgr", "-q", ++ rc = grub_util_exec ((const char * []){ "efibootmgr", "-q", + "-b", bootnum, "-B", NULL }); + else +- grub_util_exec ((const char * []){ "efibootmgr", ++ rc = grub_util_exec ((const char * []){ "efibootmgr", + "-b", bootnum, "-B", NULL }); + } + + free (line); ++ return rc; + } + +-void ++int + grub_install_register_efi (grub_device_t efidir_grub_dev, + const char *efifile_path, + const char *efi_distributor) + { + const char * efidir_disk; + int efidir_part; ++ int ret; + efidir_disk = grub_util_biosdisk_get_osdev (efidir_grub_dev->disk); + efidir_part = efidir_grub_dev->disk->partition ? efidir_grub_dev->disk->partition->number + 1 : 1; + +@@ -151,23 +154,26 @@ grub_install_register_efi (grub_device_t efidir_grub_dev, + grub_util_exec ((const char * []){ "modprobe", "-q", "efivars", NULL }); + #endif + /* Delete old entries from the same distributor. */ +- grub_install_remove_efi_entries_by_distributor (efi_distributor); ++ ret = grub_install_remove_efi_entries_by_distributor (efi_distributor); ++ if (ret) ++ return ret; + + char *efidir_part_str = xasprintf ("%d", efidir_part); + + if (!verbosity) +- grub_util_exec ((const char * []){ "efibootmgr", "-q", ++ ret = grub_util_exec ((const char * []){ "efibootmgr", "-q", + "-c", "-d", efidir_disk, + "-p", efidir_part_str, "-w", + "-L", efi_distributor, "-l", + efifile_path, NULL }); + else +- grub_util_exec ((const char * []){ "efibootmgr", ++ ret = grub_util_exec ((const char * []){ "efibootmgr", + "-c", "-d", efidir_disk, + "-p", efidir_part_str, "-w", + "-L", efi_distributor, "-l", + efifile_path, NULL }); + free (efidir_part_str); ++ return ret; + } + + void +diff --git a/grub-core/partmap/gpt.c b/grub-core/partmap/gpt.c +index 83bcba7791421825da6922a7ee346f4fd5fcd7a4..103f6796f39f38209b0f554842aa6697faa5df2f 100644 +--- a/grub-core/partmap/gpt.c ++++ b/grub-core/partmap/gpt.c +@@ -33,10 +33,10 @@ static grub_uint8_t grub_gpt_magic[8] = + 0x45, 0x46, 0x49, 0x20, 0x50, 0x41, 0x52, 0x54 + }; + +-static const grub_gpt_part_type_t grub_gpt_partition_type_empty = GRUB_GPT_PARTITION_TYPE_EMPTY; ++static const grub_gpt_part_guid_t grub_gpt_partition_type_empty = GRUB_GPT_PARTITION_TYPE_EMPTY; + + #ifdef GRUB_UTIL +-static const grub_gpt_part_type_t grub_gpt_partition_type_bios_boot = GRUB_GPT_PARTITION_TYPE_BIOS_BOOT; ++static const grub_gpt_part_guid_t grub_gpt_partition_type_bios_boot = GRUB_GPT_PARTITION_TYPE_BIOS_BOOT; + #endif + + /* 512 << 7 = 65536 byte sectors. */ +diff --git a/grub-core/term/arm/cros.c b/grub-core/term/arm/cros.c +new file mode 100644 +index 0000000000000000000000000000000000000000..1ff9f8ccfb8270884ba962a05ca99df4c6ed1f41 +--- /dev/null ++++ b/grub-core/term/arm/cros.c +@@ -0,0 +1,125 @@ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * ++ * Copyright (C) 2012 Google Inc. ++ * Copyright (C) 2016 Free Software Foundation, Inc. ++ * ++ * This is based on depthcharge code. ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ */ ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++struct grub_ps2_state ps2_state; ++ ++struct grub_cros_ec_keyscan old_scan; ++ ++static const struct grub_fdtbus_dev *cros_ec; ++ ++static grub_uint8_t map_code[GRUB_CROS_EC_KEYSCAN_COLS][GRUB_CROS_EC_KEYSCAN_ROWS]; ++ ++static grub_uint8_t e0_translate[16] = ++ { ++ 0x1c, 0x1d, 0x35, 0x00, ++ 0x38, 0x00, 0x47, 0x48, ++ 0x49, 0x4b, 0x4d, 0x4f, ++ 0x50, 0x51, 0x52, 0x53, ++ }; ++ ++/* If there is a character pending, return it; ++ otherwise return GRUB_TERM_NO_KEY. */ ++static int ++grub_cros_keyboard_getkey (struct grub_term_input *term __attribute__ ((unused))) ++{ ++ struct grub_cros_ec_keyscan scan; ++ int i, j; ++ if (grub_cros_ec_scan_keyboard (cros_ec, &scan) < 0) ++ return GRUB_TERM_NO_KEY; ++ for (i = 0; i < GRUB_CROS_EC_KEYSCAN_COLS; i++) ++ if (scan.data[i] ^ old_scan.data[i]) ++ for (j = 0; j < GRUB_CROS_EC_KEYSCAN_ROWS; j++) ++ if ((scan.data[i] ^ old_scan.data[i]) & (1 << j)) ++ { ++ grub_uint8_t code = map_code[i][j]; ++ int ret; ++ grub_uint8_t brk = 0; ++ if (!(scan.data[i] & (1 << j))) ++ brk = 0x80; ++ grub_dprintf ("cros_keyboard", "key <%d, %d> code %x\n", i, j, code); ++ if (code < 0x60) ++ ret = grub_ps2_process_incoming_byte (&ps2_state, code | brk); ++ else if (code >= 0x60 && code < 0x70 && e0_translate[code - 0x60]) ++ { ++ grub_ps2_process_incoming_byte (&ps2_state, 0xe0); ++ ret = grub_ps2_process_incoming_byte (&ps2_state, e0_translate[code - 0x60] | brk); ++ } ++ else ++ ret = GRUB_TERM_NO_KEY; ++ old_scan.data[i] ^= (1 << j); ++ if (ret != GRUB_TERM_NO_KEY) ++ return ret; ++ } ++ return GRUB_TERM_NO_KEY; ++} ++ ++static struct grub_term_input grub_cros_keyboard_term = ++ { ++ .name = "cros_keyboard", ++ .getkey = grub_cros_keyboard_getkey ++ }; ++ ++static grub_err_t ++cros_attach (const struct grub_fdtbus_dev *dev) ++{ ++ grub_size_t keymap_size, i; ++ const grub_uint8_t *keymap = grub_fdtbus_get_prop (dev, "linux,keymap", &keymap_size); ++ ++ if (!dev->parent || !grub_cros_ec_validate (dev->parent)) ++ return GRUB_ERR_IO; ++ ++ if (keymap) ++ { ++ for (i = 0; i + 3 < keymap_size; i += 4) ++ if (keymap[i+1] < GRUB_CROS_EC_KEYSCAN_COLS && keymap[i] < GRUB_CROS_EC_KEYSCAN_ROWS ++ && keymap[i+2] == 0 && keymap[i+3] < 0x80) ++ map_code[keymap[i+1]][keymap[i]] = keymap[i+3]; ++ } ++ ++ cros_ec = dev->parent; ++ ps2_state.current_set = 1; ++ ps2_state.at_keyboard_status = 0; ++ grub_term_register_input ("cros_keyboard", &grub_cros_keyboard_term); ++ return GRUB_ERR_NONE; ++} ++ ++static struct grub_fdtbus_driver cros = ++{ ++ .compatible = "google,cros-ec-keyb", ++ .attach = cros_attach ++}; ++ ++void ++grub_cros_init (void) ++{ ++ grub_fdtbus_register (&cros); ++} +diff --git a/grub-core/term/arm/cros_ec.c b/grub-core/term/arm/cros_ec.c +new file mode 100644 +index 0000000000000000000000000000000000000000..f4144818b5bfdb9a512316ccc321586d539653ac +--- /dev/null ++++ b/grub-core/term/arm/cros_ec.c +@@ -0,0 +1,238 @@ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * ++ * Copyright (C) 2012 Google Inc. ++ * Copyright (C) 2016 Free Software Foundation, Inc. ++ * ++ * This is based on depthcharge code. ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ */ ++ ++#include ++#include ++#include ++#include ++#include ++ ++static const grub_uint64_t FRAMING_TIMEOUT_MS = 300; ++ ++static const grub_uint8_t EC_FRAMING_BYTE = 0xec; ++ ++#define EC_CMD_MKBP_STATE 0x60 ++#define EC_CMD_VERSION0 0xdc ++ ++static grub_uint64_t last_transfer; ++ ++static void ++stop_bus (const struct grub_fdtbus_dev *spi) ++{ ++ spi->driver->stop (spi); ++ last_transfer = grub_get_time_ms (); ++} ++ ++static int ++wait_for_frame (const struct grub_fdtbus_dev *spi) ++{ ++ grub_uint64_t start = grub_get_time_ms (); ++ grub_uint8_t byte; ++ do ++ { ++ if (spi->driver->receive (spi, &byte, 1)) ++ return -1; ++ if (byte != EC_FRAMING_BYTE && ++ grub_get_time_ms () - start > FRAMING_TIMEOUT_MS) ++ { ++ grub_dprintf ("cros", "Timeout waiting for framing byte.\n"); ++ return -1; ++ } ++ } ++ while (byte != EC_FRAMING_BYTE); ++ return 0; ++} ++ ++/* ++ * Calculate a simple 8-bit checksum of a data block ++ * ++ * @param data Data block to checksum ++ * @param size Size of data block in bytes ++ * @return checksum value (0 to 255) ++ */ ++static grub_uint8_t ++cros_ec_calc_checksum (const void *data, int size) ++{ ++ grub_uint8_t csum; ++ const grub_uint8_t *bytes = data; ++ int i; ++ ++ for (i = csum = 0; i < size; i++) ++ csum += bytes[i]; ++ return csum & 0xff; ++} ++ ++enum ++{ ++ /* response, arglen */ ++ CROS_EC_SPI_IN_HDR_SIZE = 2, ++ /* version, cmd, arglen */ ++ CROS_EC_SPI_OUT_HDR_SIZE = 3 ++}; ++ ++static grub_uint8_t busbuf[256]; ++#define MSG_BYTES ((int)sizeof (busbuf)) ++ ++static int ++ec_command (const struct grub_fdtbus_dev *dev, int cmd, int cmd_version, ++ const void *dout, int dout_len, void *din, int din_len) ++{ ++ const struct grub_fdtbus_dev *spi = dev->parent; ++ grub_uint8_t *bytes; ++ ++ /* Header + data + checksum. */ ++ grub_uint32_t out_bytes = CROS_EC_SPI_OUT_HDR_SIZE + dout_len + 1; ++ grub_uint32_t in_bytes = CROS_EC_SPI_IN_HDR_SIZE + din_len + 1; ++ ++ /* ++ * Sanity-check I/O sizes given transaction overhead in internal ++ * buffers. ++ */ ++ if (out_bytes > MSG_BYTES) ++ { ++ grub_dprintf ("cros", "Cannot send %d bytes\n", dout_len); ++ return -1; ++ } ++ if (in_bytes > MSG_BYTES) ++ { ++ grub_dprintf ("cros", "Cannot receive %d bytes\n", din_len); ++ return -1; ++ } ++ ++ /* Prepare the output. */ ++ bytes = busbuf; ++ *bytes++ = EC_CMD_VERSION0 + cmd_version; ++ *bytes++ = cmd; ++ *bytes++ = dout_len; ++ grub_memcpy (bytes, dout, dout_len); ++ bytes += dout_len; ++ ++ *bytes++ = cros_ec_calc_checksum (busbuf, ++ CROS_EC_SPI_OUT_HDR_SIZE + dout_len); ++ ++ /* Depthcharge uses 200 us here but GRUB timer resolution is only 1ms, ++ decrease this when we increase timer resolution. */ ++ while (grub_get_time_ms () - last_transfer < 1) ++ ; ++ ++ if (spi->driver->start (spi)) ++ return -1; ++ ++ /* Allow EC to ramp up clock after being awoken. */ ++ /* Depthcharge only waits 100 us here but GRUB timer resolution is only 1ms, ++ decrease this when we increase timer resolution. */ ++ grub_millisleep (1); ++ ++ if (spi->driver->send (spi, busbuf, out_bytes)) ++ { ++ stop_bus (spi); ++ return -1; ++ } ++ ++ /* Wait until the EC is ready. */ ++ if (wait_for_frame (spi)) ++ { ++ stop_bus (spi); ++ return -1; ++ } ++ ++ /* Read the response code and the data length. */ ++ bytes = busbuf; ++ if (spi->driver->receive (spi, bytes, 2)) ++ { ++ stop_bus (spi); ++ return -1; ++ } ++ grub_uint8_t result = *bytes++; ++ grub_uint8_t length = *bytes++; ++ ++ /* Make sure there's enough room for the data. */ ++ if (CROS_EC_SPI_IN_HDR_SIZE + length + 1 > MSG_BYTES) ++ { ++ grub_dprintf ("cros", "Received length %#02x too large\n", length); ++ stop_bus (spi); ++ return -1; ++ } ++ ++ /* Read the data and the checksum, and finish up. */ ++ if (spi->driver->receive (spi, bytes, length + 1)) ++ { ++ stop_bus (spi); ++ return -1; ++ } ++ bytes += length; ++ int expected = *bytes++; ++ stop_bus (spi); ++ ++ /* Check the integrity of the response. */ ++ if (result != 0) ++ { ++ grub_dprintf ("cros", "Received bad result code %d\n", result); ++ return -result; ++ } ++ ++ int csum = cros_ec_calc_checksum (busbuf, ++ CROS_EC_SPI_IN_HDR_SIZE + length); ++ ++ if (csum != expected) ++ { ++ grub_dprintf ("cros", "Invalid checksum rx %#02x, calced %#02x\n", ++ expected, csum); ++ return -1; ++ } ++ ++ /* If the caller wants the response, copy it out for them. */ ++ if (length < din_len) ++ din_len = length; ++ if (din) ++ { ++ grub_memcpy (din, (grub_uint8_t *) busbuf + CROS_EC_SPI_IN_HDR_SIZE, din_len); ++ } ++ ++ return din_len; ++} ++ ++int ++grub_cros_ec_scan_keyboard (const struct grub_fdtbus_dev *dev, struct grub_cros_ec_keyscan *scan) ++{ ++ if (ec_command (dev, EC_CMD_MKBP_STATE, 0, NULL, 0, scan, ++ sizeof (*scan)) < (int) sizeof (*scan)) ++ return -1; ++ ++ return 0; ++} ++ ++int ++grub_cros_ec_validate (const struct grub_fdtbus_dev *dev) ++{ ++ if (!grub_fdtbus_is_compatible("google,cros-ec-spi", dev)) ++ return 0; ++ if (!dev->parent) ++ return 0; ++ if (!dev->parent->driver) ++ return 0; ++ if (!dev->parent->driver->send ++ || !dev->parent->driver->receive) ++ return 0; ++ return 1; ++} ++ +diff --git a/grub-core/term/arm/pl050.c b/grub-core/term/arm/pl050.c +new file mode 100644 +index 0000000000000000000000000000000000000000..e4cda305666df20eba26e10d74b879361e83d6ea +--- /dev/null ++++ b/grub-core/term/arm/pl050.c +@@ -0,0 +1,189 @@ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2007,2008,2009 Free Software Foundation, Inc. ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ */ ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++static volatile grub_uint32_t *pl050_regs; ++ ++struct grub_ps2_state ps2_state; ++ ++static void ++keyboard_controller_wait_until_ready (void) ++{ ++ while (! (pl050_regs[1] & 0x40)); ++} ++ ++static grub_uint8_t ++wait_ack (void) ++{ ++ grub_uint64_t endtime; ++ grub_uint8_t ack; ++ ++ endtime = grub_get_time_ms () + 20; ++ do ++ ack = pl050_regs[2]; ++ while (ack != GRUB_AT_ACK && ack != GRUB_AT_NACK ++ && grub_get_time_ms () < endtime); ++ return ack; ++} ++ ++ ++static int ++write_mode (int mode) ++{ ++ unsigned i; ++ for (i = 0; i < GRUB_AT_TRIES; i++) ++ { ++ grub_uint8_t ack; ++ keyboard_controller_wait_until_ready (); ++ pl050_regs[2] = 0xf0; ++ keyboard_controller_wait_until_ready (); ++ pl050_regs[2] = mode; ++ keyboard_controller_wait_until_ready (); ++ ack = wait_ack (); ++ if (ack == GRUB_AT_NACK) ++ continue; ++ if (ack == GRUB_AT_ACK) ++ break; ++ return 0; ++ } ++ ++ return (i != GRUB_AT_TRIES); ++} ++ ++static int ++query_mode (void) ++{ ++ grub_uint8_t ret; ++ int e; ++ ++ e = write_mode (0); ++ if (!e) ++ return 0; ++ ++ keyboard_controller_wait_until_ready (); ++ ++ do ++ ret = pl050_regs[2]; ++ while (ret == GRUB_AT_ACK); ++ ++ /* QEMU translates the set even in no-translate mode. */ ++ if (ret == 0x43 || ret == 1) ++ return 1; ++ if (ret == 0x41 || ret == 2) ++ return 2; ++ if (ret == 0x3f || ret == 3) ++ return 3; ++ return 0; ++} ++ ++static void ++set_scancodes (void) ++{ ++ write_mode (2); ++ ps2_state.current_set = query_mode (); ++ grub_dprintf ("atkeyb", "returned set %d\n", ps2_state.current_set); ++ if (ps2_state.current_set == 2) ++ return; ++ ++ write_mode (1); ++ ps2_state.current_set = query_mode (); ++ grub_dprintf ("atkeyb", "returned set %d\n", ps2_state.current_set); ++ if (ps2_state.current_set == 1) ++ return; ++ grub_dprintf ("atkeyb", "no supported scancode set found\n"); ++} ++ ++static void ++keyboard_controller_led (grub_uint8_t leds) ++{ ++ keyboard_controller_wait_until_ready (); ++ pl050_regs[2] = 0xed; ++ keyboard_controller_wait_until_ready (); ++ pl050_regs[2] = leds & 0x7; ++} ++ ++/* If there is a character pending, return it; ++ otherwise return GRUB_TERM_NO_KEY. */ ++static int ++grub_pl050_keyboard_getkey (struct grub_term_input *term __attribute__ ((unused))) ++{ ++ grub_uint8_t at_key; ++ int ret; ++ grub_uint8_t old_led; ++ ++ if (!(pl050_regs[1] & 0x10)) ++ return -1; ++ at_key = pl050_regs[2]; ++ old_led = ps2_state.led_status; ++ ++ ret = grub_ps2_process_incoming_byte (&ps2_state, at_key); ++ if (old_led != ps2_state.led_status) ++ keyboard_controller_led (ps2_state.led_status); ++ return ret; ++} ++ ++static struct grub_term_input grub_pl050_keyboard_term = ++ { ++ .name = "pl050_keyboard", ++ .getkey = grub_pl050_keyboard_getkey ++ }; ++ ++static grub_err_t ++pl050_attach(const struct grub_fdtbus_dev *dev) ++{ ++ const grub_uint32_t *reg; ++ reg = grub_fdtbus_get_prop (dev, "reg", 0); ++ ++ /* Mouse. Nothing to do. */ ++ if (grub_be_to_cpu32 (*reg) == 0x7000) ++ return 0; ++ ++ pl050_regs = grub_fdtbus_map_reg (dev, 0, 0); ++ ++ if (!grub_fdtbus_is_mapping_valid (pl050_regs)) ++ return grub_error (GRUB_ERR_IO, "could not map pl050"); ++ ++ ps2_state.at_keyboard_status = 0; ++ set_scancodes (); ++ keyboard_controller_led (ps2_state.led_status); ++ ++ grub_term_register_input ("pl050_keyboard", &grub_pl050_keyboard_term); ++ return GRUB_ERR_NONE; ++} ++ ++struct grub_fdtbus_driver pl050 = ++{ ++ .compatible = "arm,pl050", ++ .attach = pl050_attach ++}; ++ ++void ++grub_pl050_init (void) ++{ ++ grub_fdtbus_register (&pl050); ++} +diff --git a/grub-core/term/at_keyboard.c b/grub-core/term/at_keyboard.c +index b4ea9ff7e637f59c653b86cea79d4d664c78af84..f0a986eb176aef6c4fe3f5a65c646756e5bbde56 100644 +--- a/grub-core/term/at_keyboard.c ++++ b/grub-core/term/at_keyboard.c +@@ -22,215 +22,26 @@ + #include + #include + #include +-#include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +-static short at_keyboard_status = 0; +-static int e0_received = 0; +-static int f0_received = 0; +- +-static grub_uint8_t led_status; +- +-#define KEYBOARD_LED_SCROLL (1 << 0) +-#define KEYBOARD_LED_NUM (1 << 1) +-#define KEYBOARD_LED_CAPS (1 << 2) +- + static grub_uint8_t grub_keyboard_controller_orig; + static grub_uint8_t grub_keyboard_orig_set; +-static grub_uint8_t current_set; +- +-static void +-grub_keyboard_controller_init (void); +- +-static const grub_uint8_t set1_mapping[128] = +- { +- /* 0x00 */ 0 /* Unused */, GRUB_KEYBOARD_KEY_ESCAPE, +- /* 0x02 */ GRUB_KEYBOARD_KEY_1, GRUB_KEYBOARD_KEY_2, +- /* 0x04 */ GRUB_KEYBOARD_KEY_3, GRUB_KEYBOARD_KEY_4, +- /* 0x06 */ GRUB_KEYBOARD_KEY_5, GRUB_KEYBOARD_KEY_6, +- /* 0x08 */ GRUB_KEYBOARD_KEY_7, GRUB_KEYBOARD_KEY_8, +- /* 0x0a */ GRUB_KEYBOARD_KEY_9, GRUB_KEYBOARD_KEY_0, +- /* 0x0c */ GRUB_KEYBOARD_KEY_DASH, GRUB_KEYBOARD_KEY_EQUAL, +- /* 0x0e */ GRUB_KEYBOARD_KEY_BACKSPACE, GRUB_KEYBOARD_KEY_TAB, +- /* 0x10 */ GRUB_KEYBOARD_KEY_Q, GRUB_KEYBOARD_KEY_W, +- /* 0x12 */ GRUB_KEYBOARD_KEY_E, GRUB_KEYBOARD_KEY_R, +- /* 0x14 */ GRUB_KEYBOARD_KEY_T, GRUB_KEYBOARD_KEY_Y, +- /* 0x16 */ GRUB_KEYBOARD_KEY_U, GRUB_KEYBOARD_KEY_I, +- /* 0x18 */ GRUB_KEYBOARD_KEY_O, GRUB_KEYBOARD_KEY_P, +- /* 0x1a */ GRUB_KEYBOARD_KEY_LBRACKET, GRUB_KEYBOARD_KEY_RBRACKET, +- /* 0x1c */ GRUB_KEYBOARD_KEY_ENTER, GRUB_KEYBOARD_KEY_LEFT_CTRL, +- /* 0x1e */ GRUB_KEYBOARD_KEY_A, GRUB_KEYBOARD_KEY_S, +- /* 0x20 */ GRUB_KEYBOARD_KEY_D, GRUB_KEYBOARD_KEY_F, +- /* 0x22 */ GRUB_KEYBOARD_KEY_G, GRUB_KEYBOARD_KEY_H, +- /* 0x24 */ GRUB_KEYBOARD_KEY_J, GRUB_KEYBOARD_KEY_K, +- /* 0x26 */ GRUB_KEYBOARD_KEY_L, GRUB_KEYBOARD_KEY_SEMICOLON, +- /* 0x28 */ GRUB_KEYBOARD_KEY_DQUOTE, GRUB_KEYBOARD_KEY_RQUOTE, +- /* 0x2a */ GRUB_KEYBOARD_KEY_LEFT_SHIFT, GRUB_KEYBOARD_KEY_BACKSLASH, +- /* 0x2c */ GRUB_KEYBOARD_KEY_Z, GRUB_KEYBOARD_KEY_X, +- /* 0x2e */ GRUB_KEYBOARD_KEY_C, GRUB_KEYBOARD_KEY_V, +- /* 0x30 */ GRUB_KEYBOARD_KEY_B, GRUB_KEYBOARD_KEY_N, +- /* 0x32 */ GRUB_KEYBOARD_KEY_M, GRUB_KEYBOARD_KEY_COMMA, +- /* 0x34 */ GRUB_KEYBOARD_KEY_DOT, GRUB_KEYBOARD_KEY_SLASH, +- /* 0x36 */ GRUB_KEYBOARD_KEY_RIGHT_SHIFT, GRUB_KEYBOARD_KEY_NUMMUL, +- /* 0x38 */ GRUB_KEYBOARD_KEY_LEFT_ALT, GRUB_KEYBOARD_KEY_SPACE, +- /* 0x3a */ GRUB_KEYBOARD_KEY_CAPS_LOCK, GRUB_KEYBOARD_KEY_F1, +- /* 0x3c */ GRUB_KEYBOARD_KEY_F2, GRUB_KEYBOARD_KEY_F3, +- /* 0x3e */ GRUB_KEYBOARD_KEY_F4, GRUB_KEYBOARD_KEY_F5, +- /* 0x40 */ GRUB_KEYBOARD_KEY_F6, GRUB_KEYBOARD_KEY_F7, +- /* 0x42 */ GRUB_KEYBOARD_KEY_F8, GRUB_KEYBOARD_KEY_F9, +- /* 0x44 */ GRUB_KEYBOARD_KEY_F10, GRUB_KEYBOARD_KEY_NUM_LOCK, +- /* 0x46 */ GRUB_KEYBOARD_KEY_SCROLL_LOCK, GRUB_KEYBOARD_KEY_NUM7, +- /* 0x48 */ GRUB_KEYBOARD_KEY_NUM8, GRUB_KEYBOARD_KEY_NUM9, +- /* 0x4a */ GRUB_KEYBOARD_KEY_NUMMINUS, GRUB_KEYBOARD_KEY_NUM4, +- /* 0x4c */ GRUB_KEYBOARD_KEY_NUM5, GRUB_KEYBOARD_KEY_NUM6, +- /* 0x4e */ GRUB_KEYBOARD_KEY_NUMPLUS, GRUB_KEYBOARD_KEY_NUM1, +- /* 0x50 */ GRUB_KEYBOARD_KEY_NUM2, GRUB_KEYBOARD_KEY_NUM3, +- /* 0x52 */ GRUB_KEYBOARD_KEY_NUM0, GRUB_KEYBOARD_KEY_NUMDOT, +- /* 0x54 */ 0, 0, +- /* 0x56 */ GRUB_KEYBOARD_KEY_102ND, GRUB_KEYBOARD_KEY_F11, +- /* 0x58 */ GRUB_KEYBOARD_KEY_F12, 0, +- /* 0x5a */ 0, 0, +- /* 0x5c */ 0, 0, +- /* 0x5e */ 0, 0, +- /* 0x60 */ 0, 0, +- /* 0x62 */ 0, 0, +- /* OLPC keys. Just mapped to normal keys. */ +- /* 0x64 */ 0, GRUB_KEYBOARD_KEY_UP, +- /* 0x66 */ GRUB_KEYBOARD_KEY_DOWN, GRUB_KEYBOARD_KEY_LEFT, +- /* 0x68 */ GRUB_KEYBOARD_KEY_RIGHT, 0, +- /* 0x6a */ 0, 0, +- /* 0x6c */ 0, 0, +- /* 0x6e */ 0, 0, +- /* 0x70 */ 0, 0, +- /* 0x72 */ 0, GRUB_KEYBOARD_KEY_JP_RO, +- /* 0x74 */ 0, 0, +- /* 0x76 */ 0, 0, +- /* 0x78 */ 0, 0, +- /* 0x7a */ 0, 0, +- /* 0x7c */ 0, GRUB_KEYBOARD_KEY_JP_YEN, +- /* 0x7e */ GRUB_KEYBOARD_KEY_KPCOMMA +- }; +- +-static const struct +-{ +- grub_uint8_t from, to; +-} set1_e0_mapping[] = +- { +- {0x1c, GRUB_KEYBOARD_KEY_NUMENTER}, +- {0x1d, GRUB_KEYBOARD_KEY_RIGHT_CTRL}, +- {0x35, GRUB_KEYBOARD_KEY_NUMSLASH }, +- {0x38, GRUB_KEYBOARD_KEY_RIGHT_ALT}, +- {0x47, GRUB_KEYBOARD_KEY_HOME}, +- {0x48, GRUB_KEYBOARD_KEY_UP}, +- {0x49, GRUB_KEYBOARD_KEY_PPAGE}, +- {0x4b, GRUB_KEYBOARD_KEY_LEFT}, +- {0x4d, GRUB_KEYBOARD_KEY_RIGHT}, +- {0x4f, GRUB_KEYBOARD_KEY_END}, +- {0x50, GRUB_KEYBOARD_KEY_DOWN}, +- {0x51, GRUB_KEYBOARD_KEY_NPAGE}, +- {0x52, GRUB_KEYBOARD_KEY_INSERT}, +- {0x53, GRUB_KEYBOARD_KEY_DELETE}, +- }; +- +-static const grub_uint8_t set2_mapping[256] = +- { +- /* 0x00 */ 0, GRUB_KEYBOARD_KEY_F9, +- /* 0x02 */ 0, GRUB_KEYBOARD_KEY_F5, +- /* 0x04 */ GRUB_KEYBOARD_KEY_F3, GRUB_KEYBOARD_KEY_F1, +- /* 0x06 */ GRUB_KEYBOARD_KEY_F2, GRUB_KEYBOARD_KEY_F12, +- /* 0x08 */ 0, GRUB_KEYBOARD_KEY_F10, +- /* 0x0a */ GRUB_KEYBOARD_KEY_F8, GRUB_KEYBOARD_KEY_F6, +- /* 0x0c */ GRUB_KEYBOARD_KEY_F4, GRUB_KEYBOARD_KEY_TAB, +- /* 0x0e */ GRUB_KEYBOARD_KEY_RQUOTE, 0, +- /* 0x10 */ 0, GRUB_KEYBOARD_KEY_LEFT_ALT, +- /* 0x12 */ GRUB_KEYBOARD_KEY_LEFT_SHIFT, 0, +- /* 0x14 */ GRUB_KEYBOARD_KEY_LEFT_CTRL, GRUB_KEYBOARD_KEY_Q, +- /* 0x16 */ GRUB_KEYBOARD_KEY_1, 0, +- /* 0x18 */ 0, 0, +- /* 0x1a */ GRUB_KEYBOARD_KEY_Z, GRUB_KEYBOARD_KEY_S, +- /* 0x1c */ GRUB_KEYBOARD_KEY_A, GRUB_KEYBOARD_KEY_W, +- /* 0x1e */ GRUB_KEYBOARD_KEY_2, 0, +- /* 0x20 */ 0, GRUB_KEYBOARD_KEY_C, +- /* 0x22 */ GRUB_KEYBOARD_KEY_X, GRUB_KEYBOARD_KEY_D, +- /* 0x24 */ GRUB_KEYBOARD_KEY_E, GRUB_KEYBOARD_KEY_4, +- /* 0x26 */ GRUB_KEYBOARD_KEY_3, 0, +- /* 0x28 */ 0, GRUB_KEYBOARD_KEY_SPACE, +- /* 0x2a */ GRUB_KEYBOARD_KEY_V, GRUB_KEYBOARD_KEY_F, +- /* 0x2c */ GRUB_KEYBOARD_KEY_T, GRUB_KEYBOARD_KEY_R, +- /* 0x2e */ GRUB_KEYBOARD_KEY_5, 0, +- /* 0x30 */ 0, GRUB_KEYBOARD_KEY_N, +- /* 0x32 */ GRUB_KEYBOARD_KEY_B, GRUB_KEYBOARD_KEY_H, +- /* 0x34 */ GRUB_KEYBOARD_KEY_G, GRUB_KEYBOARD_KEY_Y, +- /* 0x36 */ GRUB_KEYBOARD_KEY_6, 0, +- /* 0x38 */ 0, 0, +- /* 0x3a */ GRUB_KEYBOARD_KEY_M, GRUB_KEYBOARD_KEY_J, +- /* 0x3c */ GRUB_KEYBOARD_KEY_U, GRUB_KEYBOARD_KEY_7, +- /* 0x3e */ GRUB_KEYBOARD_KEY_8, 0, +- /* 0x40 */ 0, GRUB_KEYBOARD_KEY_COMMA, +- /* 0x42 */ GRUB_KEYBOARD_KEY_K, GRUB_KEYBOARD_KEY_I, +- /* 0x44 */ GRUB_KEYBOARD_KEY_O, GRUB_KEYBOARD_KEY_0, +- /* 0x46 */ GRUB_KEYBOARD_KEY_9, 0, +- /* 0x48 */ 0, GRUB_KEYBOARD_KEY_DOT, +- /* 0x4a */ GRUB_KEYBOARD_KEY_SLASH, GRUB_KEYBOARD_KEY_L, +- /* 0x4c */ GRUB_KEYBOARD_KEY_SEMICOLON, GRUB_KEYBOARD_KEY_P, +- /* 0x4e */ GRUB_KEYBOARD_KEY_DASH, 0, +- /* 0x50 */ 0, GRUB_KEYBOARD_KEY_JP_RO, +- /* 0x52 */ GRUB_KEYBOARD_KEY_DQUOTE, 0, +- /* 0x54 */ GRUB_KEYBOARD_KEY_LBRACKET, GRUB_KEYBOARD_KEY_EQUAL, +- /* 0x56 */ 0, 0, +- /* 0x58 */ GRUB_KEYBOARD_KEY_CAPS_LOCK, GRUB_KEYBOARD_KEY_RIGHT_SHIFT, +- /* 0x5a */ GRUB_KEYBOARD_KEY_ENTER, GRUB_KEYBOARD_KEY_RBRACKET, +- /* 0x5c */ 0, GRUB_KEYBOARD_KEY_BACKSLASH, +- /* 0x5e */ 0, 0, +- /* 0x60 */ 0, GRUB_KEYBOARD_KEY_102ND, +- /* 0x62 */ 0, 0, +- /* 0x64 */ 0, 0, +- /* 0x66 */ GRUB_KEYBOARD_KEY_BACKSPACE, 0, +- /* 0x68 */ 0, GRUB_KEYBOARD_KEY_NUM1, +- /* 0x6a */ GRUB_KEYBOARD_KEY_JP_YEN, GRUB_KEYBOARD_KEY_NUM4, +- /* 0x6c */ GRUB_KEYBOARD_KEY_NUM7, GRUB_KEYBOARD_KEY_KPCOMMA, +- /* 0x6e */ 0, 0, +- /* 0x70 */ GRUB_KEYBOARD_KEY_NUM0, GRUB_KEYBOARD_KEY_NUMDOT, +- /* 0x72 */ GRUB_KEYBOARD_KEY_NUM2, GRUB_KEYBOARD_KEY_NUM5, +- /* 0x74 */ GRUB_KEYBOARD_KEY_NUM6, GRUB_KEYBOARD_KEY_NUM8, +- /* 0x76 */ GRUB_KEYBOARD_KEY_ESCAPE, GRUB_KEYBOARD_KEY_NUM_LOCK, +- /* 0x78 */ GRUB_KEYBOARD_KEY_F11, GRUB_KEYBOARD_KEY_NUMPLUS, +- /* 0x7a */ GRUB_KEYBOARD_KEY_NUM3, GRUB_KEYBOARD_KEY_NUMMINUS, +- /* 0x7c */ GRUB_KEYBOARD_KEY_NUMMUL, GRUB_KEYBOARD_KEY_NUM9, +- /* 0x7e */ GRUB_KEYBOARD_KEY_SCROLL_LOCK, 0, +- /* 0x80 */ 0, 0, +- /* 0x82 */ 0, GRUB_KEYBOARD_KEY_F7, +- }; +- +-static const struct +-{ +- grub_uint8_t from, to; +-} set2_e0_mapping[] = +- { +- {0x11, GRUB_KEYBOARD_KEY_RIGHT_ALT}, +- {0x14, GRUB_KEYBOARD_KEY_RIGHT_CTRL}, +- {0x4a, GRUB_KEYBOARD_KEY_NUMSLASH}, +- {0x5a, GRUB_KEYBOARD_KEY_NUMENTER}, +- {0x69, GRUB_KEYBOARD_KEY_END}, +- {0x6b, GRUB_KEYBOARD_KEY_LEFT}, +- {0x6c, GRUB_KEYBOARD_KEY_HOME}, +- {0x70, GRUB_KEYBOARD_KEY_INSERT}, +- {0x71, GRUB_KEYBOARD_KEY_DELETE}, +- {0x72, GRUB_KEYBOARD_KEY_DOWN}, +- {0x74, GRUB_KEYBOARD_KEY_RIGHT}, +- {0x75, GRUB_KEYBOARD_KEY_UP}, +- {0x7a, GRUB_KEYBOARD_KEY_NPAGE}, +- {0x7d, GRUB_KEYBOARD_KEY_PPAGE}, +- }; ++struct grub_ps2_state ps2_state; + + static int ping_sent; + ++static void ++grub_keyboard_controller_init (void); ++ + static void + keyboard_controller_wait_until_ready (void) + { ++ /* 50 us would be enough but our current time resolution is 1ms. */ ++ grub_millisleep (1); + while (! KEYBOARD_COMMAND_ISREADY (grub_inb (KEYBOARD_REG_STATUS))); + } + +@@ -241,10 +52,11 @@ wait_ack (void) + grub_uint8_t ack; + + endtime = grub_get_time_ms () + 20; +- do ++ do { ++ keyboard_controller_wait_until_ready (); + ack = grub_inb (KEYBOARD_REG_DATA); +- while (ack != GRUB_AT_ACK && ack != GRUB_AT_NACK +- && grub_get_time_ms () < endtime); ++ } while (ack != GRUB_AT_ACK && ack != GRUB_AT_NACK ++ && grub_get_time_ms () < endtime); + return ack; + } + +@@ -326,12 +138,10 @@ query_mode (void) + if (!e) + return 0; + +- keyboard_controller_wait_until_ready (); +- +- do ++ do { ++ keyboard_controller_wait_until_ready (); + ret = grub_inb (KEYBOARD_REG_DATA); +- while (ret == GRUB_AT_ACK); +- ++ } while (ret == GRUB_AT_ACK); + /* QEMU translates the set even in no-translate mode. */ + if (ret == 0x43 || ret == 1) + return 1; +@@ -350,28 +160,32 @@ set_scancodes (void) + if (!grub_keyboard_orig_set) + { + grub_dprintf ("atkeyb", "No sets support assumed\n"); +- current_set = 1; ++ ps2_state.current_set = 1; + return; + } + + #if !USE_SCANCODE_SET +- current_set = 1; ++ ps2_state.current_set = 1; + return; + #else + + grub_keyboard_controller_write (grub_keyboard_controller_orig +- & ~KEYBOARD_AT_TRANSLATE); ++ & ~KEYBOARD_AT_TRANSLATE ++ & ~KEYBOARD_AT_DISABLE); ++ ++ keyboard_controller_wait_until_ready (); ++ grub_outb (KEYBOARD_COMMAND_ENABLE, KEYBOARD_REG_DATA); + + write_mode (2); +- current_set = query_mode (); +- grub_dprintf ("atkeyb", "returned set %d\n", current_set); +- if (current_set == 2) ++ ps2_state.current_set = query_mode (); ++ grub_dprintf ("atkeyb", "returned set %d\n", ps2_state.current_set); ++ if (ps2_state.current_set == 2) + return; + + write_mode (1); +- current_set = query_mode (); +- grub_dprintf ("atkeyb", "returned set %d\n", current_set); +- if (current_set == 1) ++ ps2_state.current_set = query_mode (); ++ grub_dprintf ("atkeyb", "returned set %d\n", ps2_state.current_set); ++ if (ps2_state.current_set == 1) + return; + grub_dprintf ("atkeyb", "no supported scancode set found\n"); + #endif +@@ -386,164 +200,10 @@ keyboard_controller_led (grub_uint8_t leds) + grub_outb (leds & 0x7, KEYBOARD_REG_DATA); + } + +-static int +-fetch_key (int *is_break) +-{ +- int was_ext = 0; +- grub_uint8_t at_key; +- int ret = 0; +- +- if (! KEYBOARD_ISREADY (grub_inb (KEYBOARD_REG_STATUS))) +- return -1; +- at_key = grub_inb (KEYBOARD_REG_DATA); +- /* May happen if no keyboard is connected. Just ignore this. */ +- if (at_key == 0xff) +- return -1; +- if (at_key == 0xe0) +- { +- e0_received = 1; +- return -1; +- } +- +- if ((current_set == 2 || current_set == 3) && at_key == 0xf0) +- { +- f0_received = 1; +- return -1; +- } +- +- /* Setting LEDs may generate ACKs. */ +- if (at_key == GRUB_AT_ACK) +- return -1; +- +- was_ext = e0_received; +- e0_received = 0; +- +- switch (current_set) +- { +- case 1: +- *is_break = !!(at_key & 0x80); +- if (!was_ext) +- ret = set1_mapping[at_key & 0x7f]; +- else +- { +- unsigned i; +- for (i = 0; i < ARRAY_SIZE (set1_e0_mapping); i++) +- if (set1_e0_mapping[i].from == (at_key & 0x7f)) +- { +- ret = set1_e0_mapping[i].to; +- break; +- } +- } +- break; +- case 2: +- *is_break = f0_received; +- f0_received = 0; +- if (!was_ext) +- ret = set2_mapping[at_key]; +- else +- { +- unsigned i; +- for (i = 0; i < ARRAY_SIZE (set2_e0_mapping); i++) +- if (set2_e0_mapping[i].from == at_key) +- { +- ret = set2_e0_mapping[i].to; +- break; +- } +- } +- break; +- default: +- return -1; +- } +- if (!ret) +- { +- if (was_ext) +- grub_dprintf ("atkeyb", "Unknown key 0xe0+0x%02x from set %d\n", +- at_key, current_set); +- else +- grub_dprintf ("atkeyb", "Unknown key 0x%02x from set %d\n", +- at_key, current_set); +- return -1; +- } +- return ret; +-} +- +-/* FIXME: This should become an interrupt service routine. For now +- it's just used to catch events from control keys. */ +-static int +-grub_keyboard_isr (grub_keyboard_key_t key, int is_break) +-{ +- if (!is_break) +- switch (key) +- { +- case GRUB_KEYBOARD_KEY_LEFT_SHIFT: +- at_keyboard_status |= GRUB_TERM_STATUS_LSHIFT; +- return 1; +- case GRUB_KEYBOARD_KEY_RIGHT_SHIFT: +- at_keyboard_status |= GRUB_TERM_STATUS_RSHIFT; +- return 1; +- case GRUB_KEYBOARD_KEY_LEFT_CTRL: +- at_keyboard_status |= GRUB_TERM_STATUS_LCTRL; +- return 1; +- case GRUB_KEYBOARD_KEY_RIGHT_CTRL: +- at_keyboard_status |= GRUB_TERM_STATUS_RCTRL; +- return 1; +- case GRUB_KEYBOARD_KEY_RIGHT_ALT: +- at_keyboard_status |= GRUB_TERM_STATUS_RALT; +- return 1; +- case GRUB_KEYBOARD_KEY_LEFT_ALT: +- at_keyboard_status |= GRUB_TERM_STATUS_LALT; +- return 1; +- default: +- return 0; +- } +- else +- switch (key) +- { +- case GRUB_KEYBOARD_KEY_LEFT_SHIFT: +- at_keyboard_status &= ~GRUB_TERM_STATUS_LSHIFT; +- return 1; +- case GRUB_KEYBOARD_KEY_RIGHT_SHIFT: +- at_keyboard_status &= ~GRUB_TERM_STATUS_RSHIFT; +- return 1; +- case GRUB_KEYBOARD_KEY_LEFT_CTRL: +- at_keyboard_status &= ~GRUB_TERM_STATUS_LCTRL; +- return 1; +- case GRUB_KEYBOARD_KEY_RIGHT_CTRL: +- at_keyboard_status &= ~GRUB_TERM_STATUS_RCTRL; +- return 1; +- case GRUB_KEYBOARD_KEY_RIGHT_ALT: +- at_keyboard_status &= ~GRUB_TERM_STATUS_RALT; +- return 1; +- case GRUB_KEYBOARD_KEY_LEFT_ALT: +- at_keyboard_status &= ~GRUB_TERM_STATUS_LALT; +- return 1; +- default: +- return 0; +- } +-} +- +-/* If there is a raw key pending, return it; otherwise return -1. */ +-static int +-grub_keyboard_getkey (void) +-{ +- int key; +- int is_break = 0; +- +- key = fetch_key (&is_break); +- if (key == -1) +- return -1; +- +- if (grub_keyboard_isr (key, is_break)) +- return -1; +- if (is_break) +- return -1; +- return key; +-} +- + int + grub_at_keyboard_is_alive (void) + { +- if (current_set != 0) ++ if (ps2_state.current_set != 0) + return 1; + if (ping_sent + && KEYBOARD_COMMAND_ISREADY (grub_inb (KEYBOARD_REG_STATUS)) +@@ -566,51 +226,28 @@ grub_at_keyboard_is_alive (void) + static int + grub_at_keyboard_getkey (struct grub_term_input *term __attribute__ ((unused))) + { +- int code; ++ grub_uint8_t at_key; ++ int ret; ++ grub_uint8_t old_led; + + if (!grub_at_keyboard_is_alive ()) + return GRUB_TERM_NO_KEY; + +- code = grub_keyboard_getkey (); +- if (code == -1) +- return GRUB_TERM_NO_KEY; +-#ifdef DEBUG_AT_KEYBOARD +- grub_dprintf ("atkeyb", "Detected key 0x%x\n", code); +-#endif +- switch (code) +- { +- case GRUB_KEYBOARD_KEY_CAPS_LOCK: +- at_keyboard_status ^= GRUB_TERM_STATUS_CAPS; +- led_status ^= KEYBOARD_LED_CAPS; +- keyboard_controller_led (led_status); ++ if (! KEYBOARD_ISREADY (grub_inb (KEYBOARD_REG_STATUS))) ++ return -1; ++ at_key = grub_inb (KEYBOARD_REG_DATA); ++ old_led = ps2_state.led_status; + +-#ifdef DEBUG_AT_KEYBOARD +- grub_dprintf ("atkeyb", "caps_lock = %d\n", !!(at_keyboard_status & GRUB_KEYBOARD_STATUS_CAPS_LOCK)); +-#endif +- return GRUB_TERM_NO_KEY; +- case GRUB_KEYBOARD_KEY_NUM_LOCK: +- at_keyboard_status ^= GRUB_TERM_STATUS_NUM; +- led_status ^= KEYBOARD_LED_NUM; +- keyboard_controller_led (led_status); +- +-#ifdef DEBUG_AT_KEYBOARD +- grub_dprintf ("atkeyb", "num_lock = %d\n", !!(at_keyboard_status & GRUB_KEYBOARD_STATUS_NUM_LOCK)); +-#endif +- return GRUB_TERM_NO_KEY; +- case GRUB_KEYBOARD_KEY_SCROLL_LOCK: +- at_keyboard_status ^= GRUB_TERM_STATUS_SCROLL; +- led_status ^= KEYBOARD_LED_SCROLL; +- keyboard_controller_led (led_status); +- return GRUB_TERM_NO_KEY; +- default: +- return grub_term_map_key (code, at_keyboard_status); +- } ++ ret = grub_ps2_process_incoming_byte (&ps2_state, at_key); ++ if (old_led != ps2_state.led_status) ++ keyboard_controller_led (ps2_state.led_status); ++ return ret; + } + + static void + grub_keyboard_controller_init (void) + { +- at_keyboard_status = 0; ++ ps2_state.at_keyboard_status = 0; + /* Drain input buffer. */ + while (1) + { +@@ -632,13 +269,13 @@ grub_keyboard_controller_init (void) + grub_keyboard_orig_set = query_mode (); + #endif + set_scancodes (); +- keyboard_controller_led (led_status); ++ keyboard_controller_led (ps2_state.led_status); + } + + static grub_err_t + grub_keyboard_controller_fini (struct grub_term_input *term __attribute__ ((unused))) + { +- if (current_set == 0) ++ if (ps2_state.current_set == 0) + return GRUB_ERR_NONE; + if (grub_keyboard_orig_set) + write_mode (grub_keyboard_orig_set); +@@ -655,7 +292,7 @@ grub_at_fini_hw (int noreturn __attribute__ ((unused))) + static grub_err_t + grub_at_restore_hw (void) + { +- if (current_set == 0) ++ if (ps2_state.current_set == 0) + return GRUB_ERR_NONE; + + /* Drain input buffer. */ +@@ -668,7 +305,7 @@ grub_at_restore_hw (void) + grub_inb (KEYBOARD_REG_DATA); + } + set_scancodes (); +- keyboard_controller_led (led_status); ++ keyboard_controller_led (ps2_state.led_status); + + return GRUB_ERR_NONE; + } +diff --git a/grub-core/term/efi/console.c b/grub-core/term/efi/console.c +index 7d31095b1ef8d01886a0516343f2e5c5601265dd..4840cc59d3f68944fb2ca6b40cc6488e74b5da02 100644 +--- a/grub-core/term/efi/console.c ++++ b/grub-core/term/efi/console.c +@@ -104,7 +104,7 @@ const unsigned efi_codes[] = + GRUB_TERM_KEY_DC, GRUB_TERM_KEY_PPAGE, GRUB_TERM_KEY_NPAGE, GRUB_TERM_KEY_F1, + GRUB_TERM_KEY_F2, GRUB_TERM_KEY_F3, GRUB_TERM_KEY_F4, GRUB_TERM_KEY_F5, + GRUB_TERM_KEY_F6, GRUB_TERM_KEY_F7, GRUB_TERM_KEY_F8, GRUB_TERM_KEY_F9, +- GRUB_TERM_KEY_F10, GRUB_TERM_KEY_F11, GRUB_TERM_KEY_F12, '\e' ++ GRUB_TERM_KEY_F10, GRUB_TERM_KEY_F11, GRUB_TERM_KEY_F12, GRUB_TERM_ESC + }; + + static int +@@ -122,6 +122,9 @@ grub_efi_translate_key (grub_efi_input_key_t key) + else + return key.unicode_char; + } ++ /* Some devices send enter with scan_code 0x0d (F3) and unicode_char 0x0d. */ ++ else if (key.scan_code == '\r' && key.unicode_char == '\r') ++ return key.unicode_char; + else if (key.scan_code < ARRAY_SIZE (efi_codes)) + return efi_codes[key.scan_code]; + +diff --git a/grub-core/term/i386/coreboot/cbmemc.c b/grub-core/term/i386/coreboot/cbmemc.c +index 25e64a05c03286f644b39398e9e68cbdde333510..cea9b84315bdaf3b1238acc915f35ba6148ffbcf 100644 +--- a/grub-core/term/i386/coreboot/cbmemc.c ++++ b/grub-core/term/i386/coreboot/cbmemc.c +@@ -23,17 +23,20 @@ + #include + #include + #include +-#include ++#include + #include + #include + + GRUB_MOD_LICENSE ("GPLv3+"); + ++#define CURSOR_MASK ((1 << 28) - 1) ++#define OVERFLOW (1 << 31) ++ + struct grub_linuxbios_cbmemc + { + grub_uint32_t size; +- grub_uint32_t pointer; +- char data[0]; ++ grub_uint32_t cursor; ++ char body[0]; + }; + + static struct grub_linuxbios_cbmemc *cbmemc; +@@ -41,11 +44,20 @@ static struct grub_linuxbios_cbmemc *cbmemc; + static void + put (struct grub_term_output *term __attribute__ ((unused)), const int c) + { ++ grub_uint32_t flags, cursor; + if (!cbmemc) + return; +- if (cbmemc->pointer < cbmemc->size) +- cbmemc->data[cbmemc->pointer] = c; +- cbmemc->pointer++; ++ flags = cbmemc->cursor & ~CURSOR_MASK; ++ cursor = cbmemc->cursor & CURSOR_MASK; ++ if (cursor >= cbmemc->size) ++ return; ++ cbmemc->body[cursor++] = c; ++ if (cursor >= cbmemc->size) ++ { ++ cursor = 0; ++ flags |= OVERFLOW; ++ } ++ cbmemc->cursor = flags | cursor; + } + + struct grub_terminfo_output_state grub_cbmemc_terminfo_output = +@@ -87,21 +99,29 @@ grub_cmd_cbmemc (struct grub_command *cmd __attribute__ ((unused)), + int argc __attribute__ ((unused)), + char *argv[] __attribute__ ((unused))) + { +- grub_size_t len; +- char *str; +- struct grub_linuxbios_cbmemc *cbmemc_saved; ++ grub_size_t size, cursor; ++ struct grub_linuxbios_cbmemc *real_cbmemc; + + if (!cbmemc) + return grub_error (GRUB_ERR_IO, "no CBMEM console found"); + +- len = cbmemc->pointer; +- if (len > cbmemc->size) +- len = cbmemc->size; +- str = cbmemc->data; +- cbmemc_saved = cbmemc; ++ real_cbmemc = cbmemc; + cbmemc = 0; +- grub_xnputs (str, len); +- cbmemc = cbmemc_saved; ++ cursor = real_cbmemc->cursor & CURSOR_MASK; ++ if (!(real_cbmemc->cursor & OVERFLOW) && cursor < real_cbmemc->size) ++ size = cursor; ++ else ++ size = real_cbmemc->size; ++ if (real_cbmemc->cursor & OVERFLOW) ++ { ++ if (cursor > size) ++ cursor = 0; ++ grub_xnputs(real_cbmemc->body + cursor, size - cursor); ++ grub_xnputs(real_cbmemc->body, cursor); ++ } ++ else ++ grub_xnputs(real_cbmemc->body, size); ++ cbmemc = real_cbmemc; + return 0; + } + +diff --git a/grub-core/term/i386/pc/console.c b/grub-core/term/i386/pc/console.c +index 28de46b576a667fd40c5852b16a4bcc3ea681849..f6142a2dea8036f5301c81a9e2fbd5ddbff5fd90 100644 +--- a/grub-core/term/i386/pc/console.c ++++ b/grub-core/term/i386/pc/console.c +@@ -204,7 +204,7 @@ static int + grub_console_getkey (struct grub_term_input *term __attribute__ ((unused))) + { + const grub_uint16_t bypass_table[] = { +- 0x0100 | '\e', 0x0f00 | '\t', 0x0e00 | '\b', 0x1c00 | '\r', 0x1c00 | '\n' ++ 0x0100 | GRUB_TERM_ESC, 0x0f00 | GRUB_TERM_TAB, 0x0e00 | GRUB_TERM_BACKSPACE, 0x1c00 | '\r', 0x1c00 | '\n' + }; + struct grub_bios_int_registers regs; + unsigned i; +diff --git a/grub-core/term/ps2.c b/grub-core/term/ps2.c +new file mode 100644 +index 0000000000000000000000000000000000000000..7ae4e9f2f8cd4a0ba4405c21581f906f7b458379 +--- /dev/null ++++ b/grub-core/term/ps2.c +@@ -0,0 +1,387 @@ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2007,2008,2009 Free Software Foundation, Inc. ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ */ ++ ++#include ++#include ++#include ++#include ++#include ++ ++#define KEYBOARD_LED_SCROLL (1 << 0) ++#define KEYBOARD_LED_NUM (1 << 1) ++#define KEYBOARD_LED_CAPS (1 << 2) ++ ++static const grub_uint8_t set1_mapping[128] = ++ { ++ /* 0x00 */ 0 /* Unused */, GRUB_KEYBOARD_KEY_ESCAPE, ++ /* 0x02 */ GRUB_KEYBOARD_KEY_1, GRUB_KEYBOARD_KEY_2, ++ /* 0x04 */ GRUB_KEYBOARD_KEY_3, GRUB_KEYBOARD_KEY_4, ++ /* 0x06 */ GRUB_KEYBOARD_KEY_5, GRUB_KEYBOARD_KEY_6, ++ /* 0x08 */ GRUB_KEYBOARD_KEY_7, GRUB_KEYBOARD_KEY_8, ++ /* 0x0a */ GRUB_KEYBOARD_KEY_9, GRUB_KEYBOARD_KEY_0, ++ /* 0x0c */ GRUB_KEYBOARD_KEY_DASH, GRUB_KEYBOARD_KEY_EQUAL, ++ /* 0x0e */ GRUB_KEYBOARD_KEY_BACKSPACE, GRUB_KEYBOARD_KEY_TAB, ++ /* 0x10 */ GRUB_KEYBOARD_KEY_Q, GRUB_KEYBOARD_KEY_W, ++ /* 0x12 */ GRUB_KEYBOARD_KEY_E, GRUB_KEYBOARD_KEY_R, ++ /* 0x14 */ GRUB_KEYBOARD_KEY_T, GRUB_KEYBOARD_KEY_Y, ++ /* 0x16 */ GRUB_KEYBOARD_KEY_U, GRUB_KEYBOARD_KEY_I, ++ /* 0x18 */ GRUB_KEYBOARD_KEY_O, GRUB_KEYBOARD_KEY_P, ++ /* 0x1a */ GRUB_KEYBOARD_KEY_LBRACKET, GRUB_KEYBOARD_KEY_RBRACKET, ++ /* 0x1c */ GRUB_KEYBOARD_KEY_ENTER, GRUB_KEYBOARD_KEY_LEFT_CTRL, ++ /* 0x1e */ GRUB_KEYBOARD_KEY_A, GRUB_KEYBOARD_KEY_S, ++ /* 0x20 */ GRUB_KEYBOARD_KEY_D, GRUB_KEYBOARD_KEY_F, ++ /* 0x22 */ GRUB_KEYBOARD_KEY_G, GRUB_KEYBOARD_KEY_H, ++ /* 0x24 */ GRUB_KEYBOARD_KEY_J, GRUB_KEYBOARD_KEY_K, ++ /* 0x26 */ GRUB_KEYBOARD_KEY_L, GRUB_KEYBOARD_KEY_SEMICOLON, ++ /* 0x28 */ GRUB_KEYBOARD_KEY_DQUOTE, GRUB_KEYBOARD_KEY_RQUOTE, ++ /* 0x2a */ GRUB_KEYBOARD_KEY_LEFT_SHIFT, GRUB_KEYBOARD_KEY_BACKSLASH, ++ /* 0x2c */ GRUB_KEYBOARD_KEY_Z, GRUB_KEYBOARD_KEY_X, ++ /* 0x2e */ GRUB_KEYBOARD_KEY_C, GRUB_KEYBOARD_KEY_V, ++ /* 0x30 */ GRUB_KEYBOARD_KEY_B, GRUB_KEYBOARD_KEY_N, ++ /* 0x32 */ GRUB_KEYBOARD_KEY_M, GRUB_KEYBOARD_KEY_COMMA, ++ /* 0x34 */ GRUB_KEYBOARD_KEY_DOT, GRUB_KEYBOARD_KEY_SLASH, ++ /* 0x36 */ GRUB_KEYBOARD_KEY_RIGHT_SHIFT, GRUB_KEYBOARD_KEY_NUMMUL, ++ /* 0x38 */ GRUB_KEYBOARD_KEY_LEFT_ALT, GRUB_KEYBOARD_KEY_SPACE, ++ /* 0x3a */ GRUB_KEYBOARD_KEY_CAPS_LOCK, GRUB_KEYBOARD_KEY_F1, ++ /* 0x3c */ GRUB_KEYBOARD_KEY_F2, GRUB_KEYBOARD_KEY_F3, ++ /* 0x3e */ GRUB_KEYBOARD_KEY_F4, GRUB_KEYBOARD_KEY_F5, ++ /* 0x40 */ GRUB_KEYBOARD_KEY_F6, GRUB_KEYBOARD_KEY_F7, ++ /* 0x42 */ GRUB_KEYBOARD_KEY_F8, GRUB_KEYBOARD_KEY_F9, ++ /* 0x44 */ GRUB_KEYBOARD_KEY_F10, GRUB_KEYBOARD_KEY_NUM_LOCK, ++ /* 0x46 */ GRUB_KEYBOARD_KEY_SCROLL_LOCK, GRUB_KEYBOARD_KEY_NUM7, ++ /* 0x48 */ GRUB_KEYBOARD_KEY_NUM8, GRUB_KEYBOARD_KEY_NUM9, ++ /* 0x4a */ GRUB_KEYBOARD_KEY_NUMMINUS, GRUB_KEYBOARD_KEY_NUM4, ++ /* 0x4c */ GRUB_KEYBOARD_KEY_NUM5, GRUB_KEYBOARD_KEY_NUM6, ++ /* 0x4e */ GRUB_KEYBOARD_KEY_NUMPLUS, GRUB_KEYBOARD_KEY_NUM1, ++ /* 0x50 */ GRUB_KEYBOARD_KEY_NUM2, GRUB_KEYBOARD_KEY_NUM3, ++ /* 0x52 */ GRUB_KEYBOARD_KEY_NUM0, GRUB_KEYBOARD_KEY_NUMDOT, ++ /* 0x54 */ 0, 0, ++ /* 0x56 */ GRUB_KEYBOARD_KEY_102ND, GRUB_KEYBOARD_KEY_F11, ++ /* 0x58 */ GRUB_KEYBOARD_KEY_F12, 0, ++ /* 0x5a */ 0, 0, ++ /* 0x5c */ 0, 0, ++ /* 0x5e */ 0, 0, ++ /* 0x60 */ 0, 0, ++ /* 0x62 */ 0, 0, ++ /* OLPC keys. Just mapped to normal keys. */ ++ /* 0x64 */ 0, GRUB_KEYBOARD_KEY_UP, ++ /* 0x66 */ GRUB_KEYBOARD_KEY_DOWN, GRUB_KEYBOARD_KEY_LEFT, ++ /* 0x68 */ GRUB_KEYBOARD_KEY_RIGHT, 0, ++ /* 0x6a */ 0, 0, ++ /* 0x6c */ 0, 0, ++ /* 0x6e */ 0, 0, ++ /* 0x70 */ 0, 0, ++ /* 0x72 */ 0, GRUB_KEYBOARD_KEY_JP_RO, ++ /* 0x74 */ 0, 0, ++ /* 0x76 */ 0, 0, ++ /* 0x78 */ 0, 0, ++ /* 0x7a */ 0, 0, ++ /* 0x7c */ 0, GRUB_KEYBOARD_KEY_JP_YEN, ++ /* 0x7e */ GRUB_KEYBOARD_KEY_KPCOMMA ++ }; ++ ++static const struct ++{ ++ grub_uint8_t from, to; ++} set1_e0_mapping[] = ++ { ++ {0x1c, GRUB_KEYBOARD_KEY_NUMENTER}, ++ {0x1d, GRUB_KEYBOARD_KEY_RIGHT_CTRL}, ++ {0x35, GRUB_KEYBOARD_KEY_NUMSLASH }, ++ {0x38, GRUB_KEYBOARD_KEY_RIGHT_ALT}, ++ {0x47, GRUB_KEYBOARD_KEY_HOME}, ++ {0x48, GRUB_KEYBOARD_KEY_UP}, ++ {0x49, GRUB_KEYBOARD_KEY_PPAGE}, ++ {0x4b, GRUB_KEYBOARD_KEY_LEFT}, ++ {0x4d, GRUB_KEYBOARD_KEY_RIGHT}, ++ {0x4f, GRUB_KEYBOARD_KEY_END}, ++ {0x50, GRUB_KEYBOARD_KEY_DOWN}, ++ {0x51, GRUB_KEYBOARD_KEY_NPAGE}, ++ {0x52, GRUB_KEYBOARD_KEY_INSERT}, ++ {0x53, GRUB_KEYBOARD_KEY_DELETE}, ++ }; ++ ++static const grub_uint8_t set2_mapping[256] = ++ { ++ /* 0x00 */ 0, GRUB_KEYBOARD_KEY_F9, ++ /* 0x02 */ 0, GRUB_KEYBOARD_KEY_F5, ++ /* 0x04 */ GRUB_KEYBOARD_KEY_F3, GRUB_KEYBOARD_KEY_F1, ++ /* 0x06 */ GRUB_KEYBOARD_KEY_F2, GRUB_KEYBOARD_KEY_F12, ++ /* 0x08 */ 0, GRUB_KEYBOARD_KEY_F10, ++ /* 0x0a */ GRUB_KEYBOARD_KEY_F8, GRUB_KEYBOARD_KEY_F6, ++ /* 0x0c */ GRUB_KEYBOARD_KEY_F4, GRUB_KEYBOARD_KEY_TAB, ++ /* 0x0e */ GRUB_KEYBOARD_KEY_RQUOTE, 0, ++ /* 0x10 */ 0, GRUB_KEYBOARD_KEY_LEFT_ALT, ++ /* 0x12 */ GRUB_KEYBOARD_KEY_LEFT_SHIFT, 0, ++ /* 0x14 */ GRUB_KEYBOARD_KEY_LEFT_CTRL, GRUB_KEYBOARD_KEY_Q, ++ /* 0x16 */ GRUB_KEYBOARD_KEY_1, 0, ++ /* 0x18 */ 0, 0, ++ /* 0x1a */ GRUB_KEYBOARD_KEY_Z, GRUB_KEYBOARD_KEY_S, ++ /* 0x1c */ GRUB_KEYBOARD_KEY_A, GRUB_KEYBOARD_KEY_W, ++ /* 0x1e */ GRUB_KEYBOARD_KEY_2, 0, ++ /* 0x20 */ 0, GRUB_KEYBOARD_KEY_C, ++ /* 0x22 */ GRUB_KEYBOARD_KEY_X, GRUB_KEYBOARD_KEY_D, ++ /* 0x24 */ GRUB_KEYBOARD_KEY_E, GRUB_KEYBOARD_KEY_4, ++ /* 0x26 */ GRUB_KEYBOARD_KEY_3, 0, ++ /* 0x28 */ 0, GRUB_KEYBOARD_KEY_SPACE, ++ /* 0x2a */ GRUB_KEYBOARD_KEY_V, GRUB_KEYBOARD_KEY_F, ++ /* 0x2c */ GRUB_KEYBOARD_KEY_T, GRUB_KEYBOARD_KEY_R, ++ /* 0x2e */ GRUB_KEYBOARD_KEY_5, 0, ++ /* 0x30 */ 0, GRUB_KEYBOARD_KEY_N, ++ /* 0x32 */ GRUB_KEYBOARD_KEY_B, GRUB_KEYBOARD_KEY_H, ++ /* 0x34 */ GRUB_KEYBOARD_KEY_G, GRUB_KEYBOARD_KEY_Y, ++ /* 0x36 */ GRUB_KEYBOARD_KEY_6, 0, ++ /* 0x38 */ 0, 0, ++ /* 0x3a */ GRUB_KEYBOARD_KEY_M, GRUB_KEYBOARD_KEY_J, ++ /* 0x3c */ GRUB_KEYBOARD_KEY_U, GRUB_KEYBOARD_KEY_7, ++ /* 0x3e */ GRUB_KEYBOARD_KEY_8, 0, ++ /* 0x40 */ 0, GRUB_KEYBOARD_KEY_COMMA, ++ /* 0x42 */ GRUB_KEYBOARD_KEY_K, GRUB_KEYBOARD_KEY_I, ++ /* 0x44 */ GRUB_KEYBOARD_KEY_O, GRUB_KEYBOARD_KEY_0, ++ /* 0x46 */ GRUB_KEYBOARD_KEY_9, 0, ++ /* 0x48 */ 0, GRUB_KEYBOARD_KEY_DOT, ++ /* 0x4a */ GRUB_KEYBOARD_KEY_SLASH, GRUB_KEYBOARD_KEY_L, ++ /* 0x4c */ GRUB_KEYBOARD_KEY_SEMICOLON, GRUB_KEYBOARD_KEY_P, ++ /* 0x4e */ GRUB_KEYBOARD_KEY_DASH, 0, ++ /* 0x50 */ 0, GRUB_KEYBOARD_KEY_JP_RO, ++ /* 0x52 */ GRUB_KEYBOARD_KEY_DQUOTE, 0, ++ /* 0x54 */ GRUB_KEYBOARD_KEY_LBRACKET, GRUB_KEYBOARD_KEY_EQUAL, ++ /* 0x56 */ 0, 0, ++ /* 0x58 */ GRUB_KEYBOARD_KEY_CAPS_LOCK, GRUB_KEYBOARD_KEY_RIGHT_SHIFT, ++ /* 0x5a */ GRUB_KEYBOARD_KEY_ENTER, GRUB_KEYBOARD_KEY_RBRACKET, ++ /* 0x5c */ 0, GRUB_KEYBOARD_KEY_BACKSLASH, ++ /* 0x5e */ 0, 0, ++ /* 0x60 */ 0, GRUB_KEYBOARD_KEY_102ND, ++ /* 0x62 */ 0, 0, ++ /* 0x64 */ 0, 0, ++ /* 0x66 */ GRUB_KEYBOARD_KEY_BACKSPACE, 0, ++ /* 0x68 */ 0, GRUB_KEYBOARD_KEY_NUM1, ++ /* 0x6a */ GRUB_KEYBOARD_KEY_JP_YEN, GRUB_KEYBOARD_KEY_NUM4, ++ /* 0x6c */ GRUB_KEYBOARD_KEY_NUM7, GRUB_KEYBOARD_KEY_KPCOMMA, ++ /* 0x6e */ 0, 0, ++ /* 0x70 */ GRUB_KEYBOARD_KEY_NUM0, GRUB_KEYBOARD_KEY_NUMDOT, ++ /* 0x72 */ GRUB_KEYBOARD_KEY_NUM2, GRUB_KEYBOARD_KEY_NUM5, ++ /* 0x74 */ GRUB_KEYBOARD_KEY_NUM6, GRUB_KEYBOARD_KEY_NUM8, ++ /* 0x76 */ GRUB_KEYBOARD_KEY_ESCAPE, GRUB_KEYBOARD_KEY_NUM_LOCK, ++ /* 0x78 */ GRUB_KEYBOARD_KEY_F11, GRUB_KEYBOARD_KEY_NUMPLUS, ++ /* 0x7a */ GRUB_KEYBOARD_KEY_NUM3, GRUB_KEYBOARD_KEY_NUMMINUS, ++ /* 0x7c */ GRUB_KEYBOARD_KEY_NUMMUL, GRUB_KEYBOARD_KEY_NUM9, ++ /* 0x7e */ GRUB_KEYBOARD_KEY_SCROLL_LOCK, 0, ++ /* 0x80 */ 0, 0, ++ /* 0x82 */ 0, GRUB_KEYBOARD_KEY_F7, ++ }; ++ ++static const struct ++{ ++ grub_uint8_t from, to; ++} set2_e0_mapping[] = ++ { ++ {0x11, GRUB_KEYBOARD_KEY_RIGHT_ALT}, ++ {0x14, GRUB_KEYBOARD_KEY_RIGHT_CTRL}, ++ {0x4a, GRUB_KEYBOARD_KEY_NUMSLASH}, ++ {0x5a, GRUB_KEYBOARD_KEY_NUMENTER}, ++ {0x69, GRUB_KEYBOARD_KEY_END}, ++ {0x6b, GRUB_KEYBOARD_KEY_LEFT}, ++ {0x6c, GRUB_KEYBOARD_KEY_HOME}, ++ {0x70, GRUB_KEYBOARD_KEY_INSERT}, ++ {0x71, GRUB_KEYBOARD_KEY_DELETE}, ++ {0x72, GRUB_KEYBOARD_KEY_DOWN}, ++ {0x74, GRUB_KEYBOARD_KEY_RIGHT}, ++ {0x75, GRUB_KEYBOARD_KEY_UP}, ++ {0x7a, GRUB_KEYBOARD_KEY_NPAGE}, ++ {0x7d, GRUB_KEYBOARD_KEY_PPAGE}, ++ }; ++ ++static int ++fetch_key (struct grub_ps2_state *ps2_state, grub_uint8_t at_key, int *is_break) ++{ ++ int was_ext = 0; ++ int ret = 0; ++ ++ /* May happen if no keyboard is connected. Just ignore this. */ ++ if (at_key == 0xff) ++ return -1; ++ if (at_key == 0xe0) ++ { ++ ps2_state->e0_received = 1; ++ return -1; ++ } ++ ++ if ((ps2_state->current_set == 2 || ps2_state->current_set == 3) && at_key == 0xf0) ++ { ++ ps2_state->f0_received = 1; ++ return -1; ++ } ++ ++ /* Setting LEDs may generate ACKs. */ ++ if (at_key == GRUB_AT_ACK) ++ return -1; ++ ++ was_ext = ps2_state->e0_received; ++ ps2_state->e0_received = 0; ++ ++ switch (ps2_state->current_set) ++ { ++ case 1: ++ *is_break = !!(at_key & 0x80); ++ if (!was_ext) ++ ret = set1_mapping[at_key & 0x7f]; ++ else ++ { ++ unsigned i; ++ for (i = 0; i < ARRAY_SIZE (set1_e0_mapping); i++) ++ if (set1_e0_mapping[i].from == (at_key & 0x7f)) ++ { ++ ret = set1_e0_mapping[i].to; ++ break; ++ } ++ } ++ break; ++ case 2: ++ *is_break = ps2_state->f0_received; ++ ps2_state->f0_received = 0; ++ if (!was_ext) ++ ret = set2_mapping[at_key]; ++ else ++ { ++ unsigned i; ++ for (i = 0; i < ARRAY_SIZE (set2_e0_mapping); i++) ++ if (set2_e0_mapping[i].from == at_key) ++ { ++ ret = set2_e0_mapping[i].to; ++ break; ++ } ++ } ++ break; ++ default: ++ return -1; ++ } ++ if (!ret) ++ { ++ if (was_ext) ++ grub_dprintf ("atkeyb", "Unknown key 0xe0+0x%02x from set %d\n", ++ at_key, ps2_state->current_set); ++ else ++ grub_dprintf ("atkeyb", "Unknown key 0x%02x from set %d\n", ++ at_key, ps2_state->current_set); ++ return -1; ++ } ++ return ret; ++} ++ ++/* FIXME: This should become an interrupt service routine. For now ++ it's just used to catch events from control keys. */ ++static int ++grub_keyboard_isr (struct grub_ps2_state *ps2_state, ++ grub_keyboard_key_t key, int is_break) ++{ ++ if (!is_break) ++ switch (key) ++ { ++ case GRUB_KEYBOARD_KEY_LEFT_SHIFT: ++ ps2_state->at_keyboard_status |= GRUB_TERM_STATUS_LSHIFT; ++ return 1; ++ case GRUB_KEYBOARD_KEY_RIGHT_SHIFT: ++ ps2_state->at_keyboard_status |= GRUB_TERM_STATUS_RSHIFT; ++ return 1; ++ case GRUB_KEYBOARD_KEY_LEFT_CTRL: ++ ps2_state->at_keyboard_status |= GRUB_TERM_STATUS_LCTRL; ++ return 1; ++ case GRUB_KEYBOARD_KEY_RIGHT_CTRL: ++ ps2_state->at_keyboard_status |= GRUB_TERM_STATUS_RCTRL; ++ return 1; ++ case GRUB_KEYBOARD_KEY_RIGHT_ALT: ++ ps2_state->at_keyboard_status |= GRUB_TERM_STATUS_RALT; ++ return 1; ++ case GRUB_KEYBOARD_KEY_LEFT_ALT: ++ ps2_state->at_keyboard_status |= GRUB_TERM_STATUS_LALT; ++ return 1; ++ default: ++ return 0; ++ } ++ else ++ switch (key) ++ { ++ case GRUB_KEYBOARD_KEY_LEFT_SHIFT: ++ ps2_state->at_keyboard_status &= ~GRUB_TERM_STATUS_LSHIFT; ++ return 1; ++ case GRUB_KEYBOARD_KEY_RIGHT_SHIFT: ++ ps2_state->at_keyboard_status &= ~GRUB_TERM_STATUS_RSHIFT; ++ return 1; ++ case GRUB_KEYBOARD_KEY_LEFT_CTRL: ++ ps2_state->at_keyboard_status &= ~GRUB_TERM_STATUS_LCTRL; ++ return 1; ++ case GRUB_KEYBOARD_KEY_RIGHT_CTRL: ++ ps2_state->at_keyboard_status &= ~GRUB_TERM_STATUS_RCTRL; ++ return 1; ++ case GRUB_KEYBOARD_KEY_RIGHT_ALT: ++ ps2_state->at_keyboard_status &= ~GRUB_TERM_STATUS_RALT; ++ return 1; ++ case GRUB_KEYBOARD_KEY_LEFT_ALT: ++ ps2_state->at_keyboard_status &= ~GRUB_TERM_STATUS_LALT; ++ return 1; ++ default: ++ return 0; ++ } ++} ++ ++/* If there is a key pending, return it; otherwise return GRUB_TERM_NO_KEY. */ ++int ++grub_ps2_process_incoming_byte (struct grub_ps2_state *ps2_state, ++ grub_uint8_t at_key) ++{ ++ int code; ++ int is_break = 0; ++ ++ code = fetch_key (ps2_state, at_key, &is_break); ++ if (code == -1) ++ return GRUB_TERM_NO_KEY; ++ ++ if (grub_keyboard_isr (ps2_state, code, is_break)) ++ return GRUB_TERM_NO_KEY; ++ if (is_break) ++ return GRUB_TERM_NO_KEY; ++#ifdef DEBUG_AT_KEYBOARD ++ grub_dprintf ("atkeyb", "Detected key 0x%x\n", code); ++#endif ++ switch (code) ++ { ++ case GRUB_KEYBOARD_KEY_CAPS_LOCK: ++ ps2_state->at_keyboard_status ^= GRUB_TERM_STATUS_CAPS; ++ ps2_state->led_status ^= KEYBOARD_LED_CAPS; ++ ++#ifdef DEBUG_AT_KEYBOARD ++ grub_dprintf ("atkeyb", "caps_lock = %d\n", !!(ps2_state->at_keyboard_status & GRUB_KEYBOARD_STATUS_CAPS_LOCK)); ++#endif ++ return GRUB_TERM_NO_KEY; ++ case GRUB_KEYBOARD_KEY_NUM_LOCK: ++ ps2_state->at_keyboard_status ^= GRUB_TERM_STATUS_NUM; ++ ps2_state->led_status ^= KEYBOARD_LED_NUM; ++ ++#ifdef DEBUG_AT_KEYBOARD ++ grub_dprintf ("atkeyb", "num_lock = %d\n", !!(ps2_state->at_keyboard_status & GRUB_KEYBOARD_STATUS_NUM_LOCK)); ++#endif ++ return GRUB_TERM_NO_KEY; ++ case GRUB_KEYBOARD_KEY_SCROLL_LOCK: ++ ps2_state->at_keyboard_status ^= GRUB_TERM_STATUS_SCROLL; ++ ps2_state->led_status ^= KEYBOARD_LED_SCROLL; ++ return GRUB_TERM_NO_KEY; ++ default: ++ return grub_term_map_key (code, ps2_state->at_keyboard_status); ++ } ++} +diff --git a/grub-core/term/terminfo.c b/grub-core/term/terminfo.c +index f0d3e3debc60aa8dd04a5643a8a0537ffb88ec26..d317efa368d846963743a243fd672026a2221933 100644 +--- a/grub-core/term/terminfo.c ++++ b/grub-core/term/terminfo.c +@@ -426,12 +426,12 @@ grub_terminfo_readkey (struct grub_term_input *term, int *keys, int *len, + } + *len = 1; + keys[0] = c; +- if (c != ANSI_CSI && c != '\e') ++ if (c != ANSI_CSI && c != GRUB_TERM_ESC) + { + /* Backspace: Ctrl-h. */ + if (c == 0x7f) +- c = '\b'; +- if (c < 0x20 && c != '\t' && c!= '\b' && c != '\n' && c != '\r') ++ c = GRUB_TERM_BACKSPACE; ++ if (c < 0x20 && c != GRUB_TERM_TAB && c!= GRUB_TERM_BACKSPACE && c != '\n' && c != '\r') + c = GRUB_TERM_CTRL | (c - 1 + 'a'); + *len = 1; + keys[0] = c; +@@ -487,7 +487,7 @@ grub_terminfo_readkey (struct grub_term_input *term, int *keys, int *len, + GRUB_TERM_KEY_HOME, GRUB_TERM_KEY_END }; + unsigned i; + +- if (c == '\e') ++ if (c == GRUB_TERM_ESC) + { + CONTINUE_READ; + +@@ -606,7 +606,7 @@ grub_terminfo_getkey (struct grub_term_input *termi) + &data->npending, data->readkey); + + #if defined(__powerpc__) && defined(GRUB_MACHINE_IEEE1275) +- if (data->npending == 1 && data->input_buf[0] == '\e' ++ if (data->npending == 1 && data->input_buf[0] == GRUB_TERM_ESC + && grub_ieee1275_test_flag (GRUB_IEEE1275_FLAG_BROKEN_REPEAT) + && grub_get_time_ms () - data->last_key_time < 1000 + && (data->last_key & GRUB_TERM_EXTENDED)) +diff --git a/grub-core/tests/cmdline_cat_test.c b/grub-core/tests/cmdline_cat_test.c +index f1e21439e2be229d386cb310d62164fc9a5f4f92..baea7688a1d3c49d37a2c03e585109ccd04328f8 100644 +--- a/grub-core/tests/cmdline_cat_test.c ++++ b/grub-core/tests/cmdline_cat_test.c +@@ -103,7 +103,7 @@ cmdline_cat_test (void) + '/', 't', 'e', 's', 't', '.', + 't', 'x', 't', '\n', + GRUB_TERM_NO_KEY, +- GRUB_TERM_NO_KEY, '\e'}, ++ GRUB_TERM_NO_KEY, GRUB_TERM_ESC}, + 23); + + grub_video_checksum ("cmdline_cat"); +diff --git a/grub-core/tests/gfxterm_menu.c b/grub-core/tests/gfxterm_menu.c +index 8f63dc27a35bd769ecb5d94599de3ba9e97cf5dc..12836fb96598d98b5cbf371a953e6ec702eb50de 100644 +--- a/grub-core/tests/gfxterm_menu.c ++++ b/grub-core/tests/gfxterm_menu.c +@@ -146,7 +146,7 @@ gfxterm_menu (void) + return; + } + grub_terminal_input_fake_sequence ((int []) { -1, -1, -1, GRUB_TERM_KEY_DOWN, -1, 'e', +- -1, GRUB_TERM_KEY_RIGHT, -1, 'x', -1, '\e', -1, '\e' }, 14); ++ -1, GRUB_TERM_KEY_RIGHT, -1, 'x', -1, GRUB_TERM_ESC, -1, GRUB_TERM_ESC }, 14); + + grub_video_checksum (tests[j].name); + +diff --git a/grub-core/tests/lib/functional_test.c b/grub-core/tests/lib/functional_test.c +index d4822a12456525e4abc5f587bc897364db4e52b7..96781fb39b5f37b201345f60fe4297629bb672cf 100644 +--- a/grub-core/tests/lib/functional_test.c ++++ b/grub-core/tests/lib/functional_test.c +@@ -26,14 +26,23 @@ GRUB_MOD_LICENSE ("GPLv3+"); + + static grub_err_t + grub_functional_test (grub_extcmd_context_t ctxt __attribute__ ((unused)), +- int argc __attribute__ ((unused)), +- char **args __attribute__ ((unused))) ++ int argc, ++ char **args) + { + grub_test_t test; + int ok = 1; ++ int i; + + FOR_LIST_ELEMENTS (test, grub_test_list) + { ++ if (argc != 0) ++ { ++ for (i = 0; i < argc; i++) ++ if (grub_strcmp(args[i], test->name) == 0) ++ break; ++ if (i == argc) ++ continue; ++ } + grub_errno = 0; + ok = ok && !grub_test_run (test); + grub_errno = 0; +diff --git a/grub-core/video/i386/coreboot/cbfb.c b/grub-core/video/coreboot/cbfb.c +similarity index 99% +rename from grub-core/video/i386/coreboot/cbfb.c +rename to grub-core/video/coreboot/cbfb.c +index dede0c37ea3e8a8948cd6535d26d008e117206bc..9af81fa5b01b63677d97ba9a242e60080df84e5a 100644 +--- a/grub-core/video/i386/coreboot/cbfb.c ++++ b/grub-core/video/coreboot/cbfb.c +@@ -25,7 +25,7 @@ + #include + #include + #include +-#include ++#include + #include + + struct grub_linuxbios_table_framebuffer *grub_video_coreboot_fbtable; +diff --git a/grub-core/video/efi_uga.c b/grub-core/video/efi_uga.c +index 464ede874daff480fb4199927cb30d48f0558e8b..044af1d20d38f08e3b5c5dcec4281c0b452cf8ea 100644 +--- a/grub-core/video/efi_uga.c ++++ b/grub-core/video/efi_uga.c +@@ -94,10 +94,19 @@ static int + find_card (grub_pci_device_t dev, grub_pci_id_t pciid, void *data) + { + struct find_framebuf_ctx *ctx = data; +- grub_pci_address_t addr; ++ grub_pci_address_t addr, rcaddr; ++ grub_uint32_t subclass; + + addr = grub_pci_make_address (dev, GRUB_PCI_REG_CLASS); +- if (grub_pci_read (addr) >> 24 == 0x3) ++ subclass = (grub_pci_read (addr) >> 16) & 0xffff; ++ ++ if (subclass != GRUB_PCI_CLASS_SUBCLASS_VGA) ++ return 0; ++ ++ /* Enable MEM address spaces */ ++ rcaddr = grub_pci_make_address (dev, GRUB_PCI_REG_COMMAND); ++ grub_pci_write_word (rcaddr, grub_pci_read_word (rcaddr) | GRUB_PCI_COMMAND_MEM_ENABLED); ++ + { + int i; + +diff --git a/tests/printf_unit_test.c b/tests/printf_unit_test.c +index d7b12c6dbee6e84ace9d9f81d476622194810b26..098c29fd9ce2d28a5b83b74afc0f9e40b7c401ec 100644 +--- a/tests/printf_unit_test.c ++++ b/tests/printf_unit_test.c +@@ -23,6 +23,10 @@ + + #define MSG "printf test failed: %s, %s", real, expected + ++#if defined(__GNUC__) && __GNUC__ >= 7 ++#pragma GCC diagnostic ignored "-Wformat-truncation=" ++#endif ++ + static void + printf_test (void) + { +diff --git a/util/grub-install-common.c b/util/grub-install-common.c +index 452b230daedc3db0296cab014e89ddacf1c21347..0a2e24a79f11916527650d124e38c6184c4ceb93 100644 +--- a/util/grub-install-common.c ++++ b/util/grub-install-common.c +@@ -73,6 +73,7 @@ grub_install_help_filter (int key, const char *text, + + static int (*compress_func) (const char *src, const char *dest) = NULL; + char *grub_install_copy_buffer; ++static char *dtb; + + int + grub_install_copy_file (const char *src, +@@ -364,6 +365,11 @@ grub_install_parse (int key, char *arg) + case GRUB_INSTALL_OPTIONS_INSTALL_FONTS: + handle_install_list (&install_fonts, arg, 0); + return 1; ++ case GRUB_INSTALL_OPTIONS_DTB: ++ if (dtb) ++ free (dtb); ++ dtb = xstrdup (arg); ++ return 1; + case GRUB_INSTALL_OPTIONS_INSTALL_COMPRESS: + if (strcmp (arg, "no") == 0 + || strcmp (arg, "none") == 0) +@@ -486,9 +492,10 @@ grub_install_make_image_wrap_file (const char *dir, const char *prefix, + + grub_util_info ("grub-mkimage --directory '%s' --prefix '%s'" + " --output '%s' " ++ " --dtb '%s' " + "--format '%s' --compression '%s' %s %s\n", + dir, prefix, +- outname, mkimage_target, ++ outname, dtb ? : "", mkimage_target, + compnames[compression], note ? "--note" : "", s); + free (s); + +@@ -499,7 +506,7 @@ grub_install_make_image_wrap_file (const char *dir, const char *prefix, + grub_install_generate_image (dir, prefix, fp, outname, + modules.entries, memdisk_path, + pubkeys, npubkeys, config_path, tgt, +- note, compression); ++ note, compression, dtb); + while (dc--) + grub_install_pop_module (); + } +@@ -585,6 +592,7 @@ copy_all (const char *srcd, + grub_util_fd_closedir (d); + } + ++#if !(defined (GRUB_UTIL) && defined(ENABLE_NLS) && ENABLE_NLS) + static const char * + get_localedir (void) + { +@@ -639,6 +647,59 @@ copy_locales (const char *dstd) + } + grub_util_fd_closedir (d); + } ++#endif ++ ++static void ++grub_install_copy_nls(const char *src __attribute__ ((unused)), ++ const char *dst __attribute__ ((unused))) ++{ ++#if !(defined (GRUB_UTIL) && defined(ENABLE_NLS) && ENABLE_NLS) ++ char *dst_locale; ++ ++ dst_locale = grub_util_path_concat (2, dst, "locale"); ++ grub_install_mkdir_p (dst_locale); ++ clean_grub_dir (dst_locale); ++ ++ if (install_locales.is_default) ++ { ++ char *srcd = grub_util_path_concat (2, src, "po"); ++ copy_by_ext (srcd, dst_locale, ".mo", 0); ++ copy_locales (dst_locale); ++ free (srcd); ++ } ++ else ++ { ++ size_t i; ++ const char *locale_dir = get_localedir (); ++ ++ for (i = 0; i < install_locales.n_entries; i++) ++ { ++ char *srcf = grub_util_path_concat_ext (3, src, "po", ++ install_locales.entries[i], ++ ".mo"); ++ char *dstf = grub_util_path_concat_ext (2, dst_locale, ++ install_locales.entries[i], ++ ".mo"); ++ if (grub_install_compress_file (srcf, dstf, 0)) ++ { ++ free (srcf); ++ free (dstf); ++ continue; ++ } ++ free (srcf); ++ srcf = grub_util_path_concat_ext (4, locale_dir, ++ install_locales.entries[i], ++ "LC_MESSAGES", PACKAGE, ".mo"); ++ if (grub_install_compress_file (srcf, dstf, 0) == 0) ++ grub_util_error (_("cannot find locale `%s'"), ++ install_locales.entries[i]); ++ free (srcf); ++ free (dstf); ++ } ++ } ++ free (dst_locale); ++#endif ++} + + static struct + { +@@ -666,6 +727,7 @@ static struct + [GRUB_INSTALL_PLATFORM_ARM_EFI] = { "arm", "efi" }, + [GRUB_INSTALL_PLATFORM_ARM64_EFI] = { "arm64", "efi" }, + [GRUB_INSTALL_PLATFORM_ARM_UBOOT] = { "arm", "uboot" }, ++ [GRUB_INSTALL_PLATFORM_ARM_COREBOOT] = { "arm", "coreboot" }, + }; + + char * +@@ -723,7 +785,7 @@ grub_install_copy_files (const char *src, + const char *dst, + enum grub_install_plat platid) + { +- char *dst_platform, *dst_locale, *dst_fonts; ++ char *dst_platform, *dst_fonts; + const char *pkgdatadir = grub_util_get_pkgdatadir (); + char *themes_dir; + +@@ -734,13 +796,12 @@ grub_install_copy_files (const char *src, + dst_platform = grub_util_path_concat (2, dst, platform); + free (platform); + } +- dst_locale = grub_util_path_concat (2, dst, "locale"); + dst_fonts = grub_util_path_concat (2, dst, "fonts"); + grub_install_mkdir_p (dst_platform); +- grub_install_mkdir_p (dst_locale); + clean_grub_dir (dst); + clean_grub_dir (dst_platform); +- clean_grub_dir (dst_locale); ++ ++ grub_install_copy_nls(src, dst); + + if (install_modules.is_default) + copy_by_ext (src, dst_platform, ".mod", 1); +@@ -789,50 +850,6 @@ grub_install_copy_files (const char *src, + free (dstf); + } + +- if (install_locales.is_default) +- { +- char *srcd = grub_util_path_concat (2, src, "po"); +- copy_by_ext (srcd, dst_locale, ".mo", 0); +- copy_locales (dst_locale); +- free (srcd); +- } +- else +- { +- const char *locale_dir = get_localedir (); +- +- for (i = 0; i < install_locales.n_entries; i++) +- { +- char *srcf = grub_util_path_concat_ext (3, src, +- "po", +- install_locales.entries[i], +- ".mo"); +- char *dstf = grub_util_path_concat_ext (2, dst_locale, +- install_locales.entries[i], +- ".mo"); +- if (grub_install_compress_file (srcf, dstf, 0)) +- { +- free (srcf); +- free (dstf); +- continue; +- } +- free (srcf); +- srcf = grub_util_path_concat_ext (4, +- locale_dir, +- install_locales.entries[i], +- "LC_MESSAGES", +- PACKAGE, +- ".mo"); +- if (grub_install_compress_file (srcf, dstf, 0)) +- { +- free (srcf); +- free (dstf); +- continue; +- } +- grub_util_error (_("cannot find locale `%s'"), +- install_locales.entries[i]); +- } +- } +- + if (install_themes.is_default) + { + install_themes.is_default = 0; +@@ -895,7 +912,6 @@ grub_install_copy_files (const char *src, + } + + free (dst_platform); +- free (dst_locale); + free (dst_fonts); + } + +diff --git a/util/grub-install.c b/util/grub-install.c +index 9074d3e9e52d2a2e215a10b2f8b3cf627ca80db3..78d0138cb0a8c891f8140f1804d68d275eb690f6 100644 +--- a/util/grub-install.c ++++ b/util/grub-install.c +@@ -486,6 +486,7 @@ have_bootdev (enum grub_install_plat pl) + + case GRUB_INSTALL_PLATFORM_I386_QEMU: + case GRUB_INSTALL_PLATFORM_I386_COREBOOT: ++ case GRUB_INSTALL_PLATFORM_ARM_COREBOOT: + case GRUB_INSTALL_PLATFORM_I386_MULTIBOOT: + case GRUB_INSTALL_PLATFORM_MIPSEL_QEMU_MIPS: + case GRUB_INSTALL_PLATFORM_MIPS_QEMU_MIPS: +@@ -713,7 +714,7 @@ is_prep_partition (grub_device_t dev) + if (grub_disk_read (dev->disk, p->offset, p->index, + sizeof (gptdata), &gptdata) == 0) + { +- const grub_gpt_part_type_t template = { ++ const grub_gpt_part_guid_t template = { + grub_cpu_to_le32_compile_time (0x9e1a2d38), + grub_cpu_to_le16_compile_time (0xc612), + grub_cpu_to_le16_compile_time (0x4316), +@@ -911,6 +912,7 @@ main (int argc, char *argv[]) + + case GRUB_INSTALL_PLATFORM_I386_QEMU: + case GRUB_INSTALL_PLATFORM_I386_COREBOOT: ++ case GRUB_INSTALL_PLATFORM_ARM_COREBOOT: + case GRUB_INSTALL_PLATFORM_I386_MULTIBOOT: + case GRUB_INSTALL_PLATFORM_MIPSEL_LOONGSON: + case GRUB_INSTALL_PLATFORM_MIPSEL_QEMU_MIPS: +@@ -946,6 +948,7 @@ main (int argc, char *argv[]) + case GRUB_INSTALL_PLATFORM_ARM_UBOOT: + case GRUB_INSTALL_PLATFORM_I386_QEMU: + case GRUB_INSTALL_PLATFORM_I386_COREBOOT: ++ case GRUB_INSTALL_PLATFORM_ARM_COREBOOT: + case GRUB_INSTALL_PLATFORM_I386_MULTIBOOT: + case GRUB_INSTALL_PLATFORM_MIPSEL_LOONGSON: + case GRUB_INSTALL_PLATFORM_MIPSEL_QEMU_MIPS: +@@ -1448,6 +1451,7 @@ main (int argc, char *argv[]) + case GRUB_INSTALL_PLATFORM_MIPSEL_LOONGSON: + case GRUB_INSTALL_PLATFORM_I386_QEMU: + case GRUB_INSTALL_PLATFORM_I386_COREBOOT: ++ case GRUB_INSTALL_PLATFORM_ARM_COREBOOT: + case GRUB_INSTALL_PLATFORM_I386_MULTIBOOT: + case GRUB_INSTALL_PLATFORM_MIPSEL_QEMU_MIPS: + case GRUB_INSTALL_PLATFORM_MIPS_QEMU_MIPS: +@@ -1468,6 +1472,7 @@ main (int argc, char *argv[]) + { + grub_util_fprint_full_disk_name (load_cfg_f, g, dev); + fprintf (load_cfg_f, " "); ++ free (g); + } + if (dev != grub_dev) + grub_device_close (dev); +@@ -1542,6 +1547,7 @@ main (int argc, char *argv[]) + break; + + case GRUB_INSTALL_PLATFORM_I386_COREBOOT: ++ case GRUB_INSTALL_PLATFORM_ARM_COREBOOT: + case GRUB_INSTALL_PLATFORM_I386_MULTIBOOT: + case GRUB_INSTALL_PLATFORM_I386_IEEE1275: + case GRUB_INSTALL_PLATFORM_POWERPC_IEEE1275: +@@ -1629,6 +1635,7 @@ main (int argc, char *argv[]) + case GRUB_INSTALL_PLATFORM_MIPSEL_QEMU_MIPS: + case GRUB_INSTALL_PLATFORM_MIPS_QEMU_MIPS: + case GRUB_INSTALL_PLATFORM_I386_COREBOOT: ++ case GRUB_INSTALL_PLATFORM_ARM_COREBOOT: + case GRUB_INSTALL_PLATFORM_I386_MULTIBOOT: + case GRUB_INSTALL_PLATFORM_I386_PC: + case GRUB_INSTALL_PLATFORM_MIPSEL_ARC: +@@ -1841,9 +1848,13 @@ main (int argc, char *argv[]) + if (!removable && update_nvram) + { + /* Try to make this image bootable using the EFI Boot Manager, if available. */ +- grub_install_register_efi (efidir_grub_dev, +- "\\System\\Library\\CoreServices", +- efi_distributor); ++ int ret; ++ ret = grub_install_register_efi (efidir_grub_dev, ++ "\\System\\Library\\CoreServices", ++ efi_distributor); ++ if (ret) ++ grub_util_error (_("efibootmgr failed to register the boot entry: %s"), ++ strerror (ret)); + } + + grub_device_close (ins_dev); +@@ -1864,6 +1875,7 @@ main (int argc, char *argv[]) + { + char * efifile_path; + char * part; ++ int ret; + + /* Try to make this image bootable using the EFI Boot Manager, if available. */ + if (!efi_distributor || efi_distributor[0] == '\0') +@@ -1880,8 +1892,11 @@ main (int argc, char *argv[]) + efidir_grub_dev->disk->name, + (part ? ",": ""), (part ? : "")); + grub_free (part); +- grub_install_register_efi (efidir_grub_dev, +- efifile_path, efi_distributor); ++ ret = grub_install_register_efi (efidir_grub_dev, ++ efifile_path, efi_distributor); ++ if (ret) ++ grub_util_error (_("efibootmgr failed to register the boot entry: %s"), ++ strerror (ret)); + } + break; + +@@ -1889,6 +1904,7 @@ main (int argc, char *argv[]) + case GRUB_INSTALL_PLATFORM_MIPSEL_QEMU_MIPS: + case GRUB_INSTALL_PLATFORM_MIPS_QEMU_MIPS: + case GRUB_INSTALL_PLATFORM_I386_COREBOOT: ++ case GRUB_INSTALL_PLATFORM_ARM_COREBOOT: + case GRUB_INSTALL_PLATFORM_I386_MULTIBOOT: + case GRUB_INSTALL_PLATFORM_MIPSEL_ARC: + case GRUB_INSTALL_PLATFORM_ARM_UBOOT: +diff --git a/util/grub-mkimage.c b/util/grub-mkimage.c +index aba19d21b9a774e63ad49f166554d90f8c667e36..98d24cc06ea57b88a4f02f38f177f44ec4f38f3f 100644 +--- a/util/grub-mkimage.c ++++ b/util/grub-mkimage.c +@@ -71,6 +71,7 @@ static struct argp_option options[] = { + N_("embed FILE as a memdisk image\n" + "Implies `-p (memdisk)/boot/grub' and overrides any prefix supplied previously," + " but the prefix itself can be overridden by later options"), 0}, ++ {"dtb", 'D', N_("FILE"), 0, N_("embed FILE as a device tree (DTB)\n"), 0}, + /* TRANSLATORS: "embed" is a verb (command description). "*/ + {"config", 'c', N_("FILE"), 0, N_("embed FILE as an early config"), 0}, + /* TRANSLATORS: "embed" is a verb (command description). "*/ +@@ -117,6 +118,7 @@ struct arguments + char *dir; + char *prefix; + char *memdisk; ++ char *dtb; + char **pubkeys; + size_t npubkeys; + char *font; +@@ -176,6 +178,13 @@ argp_parser (int key, char *arg, struct argp_state *state) + arguments->prefix = xstrdup ("(memdisk)/boot/grub"); + break; + ++ case 'D': ++ if (arguments->dtb) ++ free (arguments->dtb); ++ ++ arguments->dtb = xstrdup (arg); ++ break; ++ + case 'k': + arguments->pubkeys = xrealloc (arguments->pubkeys, + sizeof (arguments->pubkeys[0]) +@@ -300,7 +309,7 @@ main (int argc, char *argv[]) + arguments.memdisk, arguments.pubkeys, + arguments.npubkeys, arguments.config, + arguments.image_target, arguments.note, +- arguments.comp); ++ arguments.comp, arguments.dtb); + + grub_util_file_sync (fp); + fclose (fp); +diff --git a/util/grub-mkimage32.c b/util/grub-mkimage32.c +index 9b31397bc40b95b69a1edc4f2d4c4b5d6eaa63cd..1f2ccccd225bbbb32e7e38801ddafeb90d9a69bb 100644 +--- a/util/grub-mkimage32.c ++++ b/util/grub-mkimage32.c +@@ -19,4 +19,6 @@ + # define ELF_ST_TYPE(val) ELF32_ST_TYPE(val) + #define XEN_NOTE_SIZE 132 + ++#ifndef GRUB_MKIMAGEXX + #include "grub-mkimagexx.c" ++#endif +diff --git a/util/grub-mkimage64.c b/util/grub-mkimage64.c +index d83345924705353b3c20a1e4dd087371ec5383ec..4ff72a625e0030d05cee0675a481b0803cda081e 100644 +--- a/util/grub-mkimage64.c ++++ b/util/grub-mkimage64.c +@@ -19,4 +19,6 @@ + # define ELF_ST_TYPE(val) ELF64_ST_TYPE(val) + #define XEN_NOTE_SIZE 120 + ++#ifndef GRUB_MKIMAGEXX + #include "grub-mkimagexx.c" ++#endif +diff --git a/util/grub-mkimagexx.c b/util/grub-mkimagexx.c +index e63f148e48cf6f66852b15063405f81371d95ae9..a483c674c4908bca02ecda73de78d04456667a37 100644 +--- a/util/grub-mkimagexx.c ++++ b/util/grub-mkimagexx.c +@@ -50,6 +50,15 @@ + + #pragma GCC diagnostic ignored "-Wcast-align" + ++#define GRUB_MKIMAGEXX ++#if !defined(MKIMAGE_ELF32) && !defined(MKIMAGE_ELF64) ++#if __SIZEOF_POINTER__ == 8 ++#include "grub-mkimage64.c" ++#else ++#include "grub-mkimage32.c" ++#endif ++#endif ++ + /* These structures are defined according to the CHRP binding to IEEE1275, + "Client Program Format" section. */ + +@@ -84,10 +93,22 @@ struct fixup_block_list + + #define ALIGN_ADDR(x) (ALIGN_UP((x), image_target->voidp_sizeof)) + ++struct section_metadata ++{ ++ Elf_Half num_sections; ++ Elf_Shdr *sections; ++ Elf_Addr *addrs; ++ Elf_Addr *vaddrs; ++ Elf_Half section_entsize; ++ Elf_Shdr *symtab; ++ const char *strtab; ++}; ++ + static int + is_relocatable (const struct grub_install_image_target_desc *image_target) + { +- return image_target->id == IMAGE_EFI || image_target->id == IMAGE_UBOOT; ++ return image_target->id == IMAGE_EFI || image_target->id == IMAGE_UBOOT ++ || (image_target->id == IMAGE_COREBOOT && image_target->elf_target == EM_ARM); + } + + #ifdef MKIMAGE_ELF32 +@@ -185,8 +206,8 @@ grub_arm_reloc_jump24 (grub_uint32_t *target, Elf32_Addr sym_addr) + void + SUFFIX (grub_mkimage_generate_elf) (const struct grub_install_image_target_desc *image_target, + int note, char **core_img, size_t *core_size, +- Elf_Addr target_addr, grub_size_t align, +- size_t kernel_size, size_t bss_size) ++ Elf_Addr target_addr, ++ struct grub_mkimage_layout *layout) + { + char *elf_img; + size_t program_size; +@@ -214,7 +235,7 @@ SUFFIX (grub_mkimage_generate_elf) (const struct grub_install_image_target_desc + footer_size += XEN_NOTE_SIZE; + } + header_size = ALIGN_UP (sizeof (*ehdr) + phnum * sizeof (*phdr) +- + shnum * sizeof (*shdr) + string_size, align); ++ + shnum * sizeof (*shdr) + string_size, layout->align); + + program_size = ALIGN_ADDR (*core_size); + +@@ -258,7 +279,8 @@ SUFFIX (grub_mkimage_generate_elf) (const struct grub_install_image_target_desc + ehdr->e_entry = grub_host_to_target32 (target_addr); + phdr->p_vaddr = grub_host_to_target32 (target_addr); + phdr->p_paddr = grub_host_to_target32 (target_addr); +- phdr->p_align = grub_host_to_target32 (align > image_target->link_align ? align : image_target->link_align); ++ phdr->p_align = grub_host_to_target32 (layout->align > image_target->link_align ? ++ layout->align : image_target->link_align); + if (image_target->id == IMAGE_LOONGSON_ELF) + ehdr->e_flags = grub_host_to_target32 (0x1000 | EF_MIPS_NOREORDER + | EF_MIPS_PIC | EF_MIPS_CPIC); +@@ -272,27 +294,34 @@ SUFFIX (grub_mkimage_generate_elf) (const struct grub_install_image_target_desc + else + { + grub_uint32_t target_addr_mods; +- phdr->p_filesz = grub_host_to_target32 (kernel_size); +- phdr->p_memsz = grub_host_to_target32 (kernel_size + bss_size); ++ phdr->p_filesz = grub_host_to_target32 (layout->kernel_size); ++ if (image_target->id == IMAGE_COREBOOT && image_target->elf_target == EM_ARM) ++ phdr->p_memsz = grub_host_to_target32 (layout->kernel_size); ++ else ++ phdr->p_memsz = grub_host_to_target32 (layout->kernel_size + layout->bss_size); + + phdr++; + phdr->p_type = grub_host_to_target32 (PT_GNU_STACK); +- phdr->p_offset = grub_host_to_target32 (header_size + kernel_size); ++ phdr->p_offset = grub_host_to_target32 (header_size + layout->kernel_size); + phdr->p_paddr = phdr->p_vaddr = phdr->p_filesz = phdr->p_memsz = 0; + phdr->p_flags = grub_host_to_target32 (PF_R | PF_W | PF_X); + phdr->p_align = grub_host_to_target32 (image_target->link_align); + + phdr++; + phdr->p_type = grub_host_to_target32 (PT_LOAD); +- phdr->p_offset = grub_host_to_target32 (header_size + kernel_size); ++ phdr->p_offset = grub_host_to_target32 (header_size + layout->kernel_size); + phdr->p_flags = grub_host_to_target32 (PF_R | PF_W | PF_X); + phdr->p_filesz = phdr->p_memsz +- = grub_host_to_target32 (*core_size - kernel_size); ++ = grub_host_to_target32 (*core_size - layout->kernel_size); + +- if (image_target->id == IMAGE_COREBOOT) ++ if (image_target->id == IMAGE_COREBOOT && image_target->elf_target == EM_386) + target_addr_mods = GRUB_KERNEL_I386_COREBOOT_MODULES_ADDR; ++ else if (image_target->id == IMAGE_COREBOOT && image_target->elf_target == EM_ARM) ++ target_addr_mods = ALIGN_UP (target_addr + layout->end ++ + image_target->mod_gap, ++ image_target->mod_align); + else +- target_addr_mods = ALIGN_UP (target_addr + kernel_size + bss_size ++ target_addr_mods = ALIGN_UP (target_addr + layout->kernel_size + layout->bss_size + + image_target->mod_gap, + image_target->mod_align); + phdr->p_vaddr = grub_host_to_target_addr (target_addr_mods); +@@ -434,7 +463,7 @@ SUFFIX (grub_mkimage_generate_elf) (const struct grub_install_image_target_desc + shdr->sh_size = grub_host_to_target32 (string_size); + shdr->sh_link = grub_host_to_target32 (0); + shdr->sh_info = grub_host_to_target32 (0); +- shdr->sh_addralign = grub_host_to_target32 (align); ++ shdr->sh_addralign = grub_host_to_target32 (layout->align); + shdr->sh_entsize = grub_host_to_target32 (0); + shdr++; + +@@ -445,10 +474,10 @@ SUFFIX (grub_mkimage_generate_elf) (const struct grub_install_image_target_desc + shdr->sh_type = grub_host_to_target32 (SHT_PROGBITS); + shdr->sh_addr = grub_host_to_target_addr (target_addr); + shdr->sh_offset = grub_host_to_target_addr (header_size); +- shdr->sh_size = grub_host_to_target32 (kernel_size); ++ shdr->sh_size = grub_host_to_target32 (layout->kernel_size); + shdr->sh_link = grub_host_to_target32 (0); + shdr->sh_info = grub_host_to_target32 (0); +- shdr->sh_addralign = grub_host_to_target32 (align); ++ shdr->sh_addralign = grub_host_to_target32 (layout->align); + shdr->sh_entsize = grub_host_to_target32 (0); + shdr++; + +@@ -456,9 +485,9 @@ SUFFIX (grub_mkimage_generate_elf) (const struct grub_install_image_target_desc + shdr->sh_name = grub_host_to_target32 (ptr - str_start); + ptr += sizeof ("mods"); + shdr->sh_type = grub_host_to_target32 (SHT_PROGBITS); +- shdr->sh_addr = grub_host_to_target_addr (target_addr + kernel_size); +- shdr->sh_offset = grub_host_to_target_addr (header_size + kernel_size); +- shdr->sh_size = grub_host_to_target32 (*core_size - kernel_size); ++ shdr->sh_addr = grub_host_to_target_addr (target_addr + layout->kernel_size); ++ shdr->sh_offset = grub_host_to_target_addr (header_size + layout->kernel_size); ++ shdr->sh_size = grub_host_to_target32 (*core_size - layout->kernel_size); + shdr->sh_link = grub_host_to_target32 (0); + shdr->sh_info = grub_host_to_target32 (0); + shdr->sh_addralign = grub_host_to_target32 (image_target->voidp_sizeof); +@@ -471,7 +500,7 @@ SUFFIX (grub_mkimage_generate_elf) (const struct grub_install_image_target_desc + shdr->sh_name = grub_host_to_target32 (ptr - str_start); + ptr += sizeof (".xen"); + shdr->sh_type = grub_host_to_target32 (SHT_PROGBITS); +- shdr->sh_addr = grub_host_to_target_addr (target_addr + kernel_size); ++ shdr->sh_addr = grub_host_to_target_addr (target_addr + layout->kernel_size); + shdr->sh_offset = grub_host_to_target_addr (program_size + header_size); + shdr->sh_size = grub_host_to_target32 (XEN_NOTE_SIZE); + shdr->sh_link = grub_host_to_target32 (0); +@@ -490,9 +519,7 @@ SUFFIX (grub_mkimage_generate_elf) (const struct grub_install_image_target_desc + /* Relocate symbols; note that this function overwrites the symbol table. + Return the address of a start symbol. */ + static Elf_Addr +-SUFFIX (relocate_symbols) (Elf_Ehdr *e, Elf_Shdr *sections, +- Elf_Shdr *symtab_section, Elf_Addr *section_addresses, +- Elf_Half section_entsize, Elf_Half num_sections, ++SUFFIX (relocate_symbols) (Elf_Ehdr *e, struct section_metadata *smd, + void *jumpers, Elf_Addr jumpers_addr, + Elf_Addr bss_start, Elf_Addr end, + const struct grub_install_image_target_desc *image_target) +@@ -502,19 +529,18 @@ SUFFIX (relocate_symbols) (Elf_Ehdr *e, Elf_Shdr *sections, + Elf_Addr start_address = (Elf_Addr) -1; + Elf_Sym *sym; + Elf_Word i; +- Elf_Shdr *strtab_section; +- const char *strtab; ++ Elf_Shdr *symtab_section; ++ const char *symtab; + grub_uint64_t *jptr = jumpers; + +- strtab_section +- = (Elf_Shdr *) ((char *) sections +- + (grub_target_to_host32 (symtab_section->sh_link) +- * section_entsize)); +- strtab = (char *) e + grub_target_to_host (strtab_section->sh_offset); ++ symtab_section = (Elf_Shdr *) ((char *) smd->sections ++ + grub_target_to_host32 (smd->symtab->sh_link) ++ * smd->section_entsize); ++ symtab = (char *) e + grub_target_to_host (symtab_section->sh_offset); + +- symtab_size = grub_target_to_host (symtab_section->sh_size); +- sym_size = grub_target_to_host (symtab_section->sh_entsize); +- symtab_offset = grub_target_to_host (symtab_section->sh_offset); ++ symtab_size = grub_target_to_host (smd->symtab->sh_size); ++ sym_size = grub_target_to_host (smd->symtab->sh_entsize); ++ symtab_offset = grub_target_to_host (smd->symtab->sh_offset); + num_syms = symtab_size / sym_size; + + for (i = 0, sym = (Elf_Sym *) ((char *) e + symtab_offset); +@@ -524,7 +550,7 @@ SUFFIX (relocate_symbols) (Elf_Ehdr *e, Elf_Shdr *sections, + Elf_Section cur_index; + const char *name; + +- name = strtab + grub_target_to_host32 (sym->st_name); ++ name = symtab + grub_target_to_host32 (sym->st_name); + + cur_index = grub_target_to_host16 (sym->st_shndx); + if (cur_index == STN_ABS) +@@ -542,12 +568,12 @@ SUFFIX (relocate_symbols) (Elf_Ehdr *e, Elf_Shdr *sections, + else + continue; + } +- else if (cur_index >= num_sections) ++ else if (cur_index >= smd->num_sections) + grub_util_error ("section %d does not exist", cur_index); + else + { + sym->st_value = (grub_target_to_host (sym->st_value) +- + section_addresses[cur_index]); ++ + smd->vaddrs[cur_index]); + } + + if (image_target->elf_target == EM_IA_64 && ELF_ST_TYPE (sym->st_info) +@@ -562,7 +588,7 @@ SUFFIX (relocate_symbols) (Elf_Ehdr *e, Elf_Shdr *sections, + grub_util_info ("locating %s at 0x%" GRUB_HOST_PRIxLONG_LONG + " (0x%" GRUB_HOST_PRIxLONG_LONG ")", name, + (unsigned long long) sym->st_value, +- (unsigned long long) section_addresses[cur_index]); ++ (unsigned long long) smd->vaddrs[cur_index]); + + if (start_address == (Elf_Addr)-1) + if (strcmp (name, "_start") == 0 || strcmp (name, "start") == 0) +@@ -699,17 +725,19 @@ arm_get_trampoline_size (Elf_Ehdr *e, + } + #endif + ++static int ++SUFFIX (is_kept_section) (Elf_Shdr *s, const struct grub_install_image_target_desc *image_target); ++static int ++SUFFIX (is_kept_reloc_section) (Elf_Shdr *s, const struct grub_install_image_target_desc *image_target, ++ struct section_metadata *smd); ++ + /* Deal with relocation information. This function relocates addresses + within the virtual address space starting from 0. So only relative + addresses can be fully resolved. Absolute addresses must be relocated + again by a PE32 relocator when loaded. */ + static void +-SUFFIX (relocate_addresses) (Elf_Ehdr *e, Elf_Shdr *sections, +- Elf_Addr *section_addresses, +- Elf_Half section_entsize, Elf_Half num_sections, +- const char *strtab, +- char *pe_target, Elf_Addr tramp_off, +- Elf_Addr got_off, ++SUFFIX (relocate_addrs) (Elf_Ehdr *e, struct section_metadata *smd, ++ char *pe_target, Elf_Addr tramp_off, Elf_Addr got_off, + const struct grub_install_image_target_desc *image_target) + { + Elf_Half i; +@@ -723,33 +751,37 @@ SUFFIX (relocate_addresses) (Elf_Ehdr *e, Elf_Shdr *sections, + grub_uint32_t *tr = (void *) (pe_target + tramp_off); + #endif + +- for (i = 0, s = sections; +- i < num_sections; +- i++, s = (Elf_Shdr *) ((char *) s + section_entsize)) ++ for (i = 0, s = smd->sections; ++ i < smd->num_sections; ++ i++, s = (Elf_Shdr *) ((char *) s + smd->section_entsize)) + if ((s->sh_type == grub_host_to_target32 (SHT_REL)) || + (s->sh_type == grub_host_to_target32 (SHT_RELA))) + { + Elf_Rela *r; + Elf_Word rtab_size, r_size, num_rs; + Elf_Off rtab_offset; +- Elf_Shdr *symtab_section; + Elf_Word target_section_index; + Elf_Addr target_section_addr; + Elf_Shdr *target_section; + Elf_Word j; + +- symtab_section = (Elf_Shdr *) ((char *) sections +- + (grub_target_to_host32 (s->sh_link) +- * section_entsize)); ++ if (!SUFFIX (is_kept_section) (s, image_target) && ++ !SUFFIX (is_kept_reloc_section) (s, image_target, smd)) ++ { ++ grub_util_info ("not translating relocations for omitted section %s", ++ smd->strtab + grub_le_to_cpu32 (s->sh_name)); ++ continue; ++ } ++ + target_section_index = grub_target_to_host32 (s->sh_info); +- target_section_addr = section_addresses[target_section_index]; +- target_section = (Elf_Shdr *) ((char *) sections ++ target_section_addr = smd->addrs[target_section_index]; ++ target_section = (Elf_Shdr *) ((char *) smd->sections + + (target_section_index +- * section_entsize)); ++ * smd->section_entsize)); + + grub_util_info ("dealing with the relocation section %s for %s", +- strtab + grub_target_to_host32 (s->sh_name), +- strtab + grub_target_to_host32 (target_section->sh_name)); ++ smd->strtab + grub_target_to_host32 (s->sh_name), ++ smd->strtab + grub_target_to_host32 (target_section->sh_name)); + + rtab_size = grub_target_to_host (s->sh_size); + r_size = grub_target_to_host (s->sh_entsize); +@@ -770,7 +802,7 @@ SUFFIX (relocate_addresses) (Elf_Ehdr *e, Elf_Shdr *sections, + target = SUFFIX (get_target_address) (e, target_section, + offset, image_target); + info = grub_target_to_host (r->r_info); +- sym_addr = SUFFIX (get_symbol_address) (e, symtab_section, ++ sym_addr = SUFFIX (get_symbol_address) (e, smd->symtab, + ELF_R_SYM (info), image_target); + + addend = (s->sh_type == grub_target_to_host32 (SHT_RELA)) ? +@@ -832,6 +864,7 @@ SUFFIX (relocate_addresses) (Elf_Ehdr *e, Elf_Shdr *sections, + break; + + case R_X86_64_PC32: ++ case R_X86_64_PLT32: + { + grub_uint32_t *t32 = (grub_uint32_t *) target; + *t32 = grub_host_to_target64 (grub_target_to_host32 (*t32) +@@ -900,8 +933,8 @@ SUFFIX (relocate_addresses) (Elf_Ehdr *e, Elf_Shdr *sections, + Elf_Sym *sym; + + sym = (Elf_Sym *) ((char *) e +- + grub_target_to_host (symtab_section->sh_offset) +- + ELF_R_SYM (info) * grub_target_to_host (symtab_section->sh_entsize)); ++ + grub_target_to_host (smd->symtab->sh_offset) ++ + ELF_R_SYM (info) * grub_target_to_host (smd->symtab->sh_entsize)); + if (ELF_ST_TYPE (sym->st_info) == STT_FUNC) + sym_addr = grub_target_to_host64 (*(grub_uint64_t *) (pe_target + + sym->st_value +@@ -1086,8 +1119,8 @@ SUFFIX (relocate_addresses) (Elf_Ehdr *e, Elf_Shdr *sections, + - (char *) e), + sym_addr); + sym = (Elf_Sym *) ((char *) e +- + grub_target_to_host (symtab_section->sh_offset) +- + ELF_R_SYM (info) * grub_target_to_host (symtab_section->sh_entsize)); ++ + grub_target_to_host (smd->symtab->sh_offset) ++ + ELF_R_SYM (info) * grub_target_to_host (smd->symtab->sh_entsize)); + if (ELF_ST_TYPE (sym->st_info) != STT_FUNC) + sym_addr |= 1; + if (!(sym_addr & 1)) +@@ -1625,9 +1658,7 @@ create_u64_fixups (struct translate_context *ctx, + /* Make a .reloc section. */ + static void + make_reloc_section (Elf_Ehdr *e, struct grub_mkimage_layout *layout, +- Elf_Addr *section_addresses, Elf_Shdr *sections, +- Elf_Half section_entsize, Elf_Half num_sections, +- const char *strtab, ++ struct section_metadata *smd, + const struct grub_install_image_target_desc *image_target) + { + unsigned i; +@@ -1636,8 +1667,8 @@ make_reloc_section (Elf_Ehdr *e, struct grub_mkimage_layout *layout, + + translate_reloc_start (&ctx, image_target); + +- for (i = 0, s = sections; i < num_sections; +- i++, s = (Elf_Shdr *) ((char *) s + section_entsize)) ++ for (i = 0, s = smd->sections; i < smd->num_sections; ++ i++, s = (Elf_Shdr *) ((char *) s + smd->section_entsize)) + if ((grub_target_to_host32 (s->sh_type) == SHT_REL) || + (grub_target_to_host32 (s->sh_type) == SHT_RELA)) + { +@@ -1647,15 +1678,22 @@ make_reloc_section (Elf_Ehdr *e, struct grub_mkimage_layout *layout, + Elf_Addr section_address; + Elf_Word j; + ++ if (!SUFFIX (is_kept_reloc_section) (s, image_target, smd)) ++ { ++ grub_util_info ("not translating the skipped relocation section %s", ++ smd->strtab + grub_le_to_cpu32 (s->sh_name)); ++ continue; ++ } ++ + grub_util_info ("translating the relocation section %s", +- strtab + grub_le_to_cpu32 (s->sh_name)); ++ smd->strtab + grub_le_to_cpu32 (s->sh_name)); + + rtab_size = grub_target_to_host (s->sh_size); + r_size = grub_target_to_host (s->sh_entsize); + rtab_offset = grub_target_to_host (s->sh_offset); + num_rs = rtab_size / r_size; + +- section_address = section_addresses[grub_le_to_cpu32 (s->sh_info)]; ++ section_address = smd->vaddrs[grub_le_to_cpu32 (s->sh_info)]; + + for (j = 0, r = (Elf_Rel *) ((char *) e + rtab_offset); + j < num_rs; +@@ -1722,6 +1760,56 @@ SUFFIX (is_bss_section) (Elf_Shdr *s, const struct grub_install_image_target_des + == SHF_ALLOC) && (grub_target_to_host32 (s->sh_type) == SHT_NOBITS); + } + ++/* Determine if a section is going to be in the final output */ ++static int ++SUFFIX (is_kept_section) (Elf_Shdr *s, const struct grub_install_image_target_desc *image_target) ++{ ++ /* We keep .text and .data */ ++ if (SUFFIX (is_text_section) (s, image_target) ++ || SUFFIX (is_data_section) (s, image_target)) ++ return 1; ++ ++ /* ++ * And we keep .bss if we're producing PE binaries or the target doesn't ++ * have a relocating loader. Platforms other than EFI and U-boot shouldn't ++ * have .bss in their binaries as we build with -Wl,-Ttext. ++ */ ++ if (SUFFIX (is_bss_section) (s, image_target) ++ && (image_target->id == IMAGE_EFI || !is_relocatable (image_target))) ++ return 1; ++ ++ /* Otherwise this is not a section we're keeping in the final output. */ ++ return 0; ++} ++ ++static int ++SUFFIX (is_kept_reloc_section) (Elf_Shdr *s, const struct grub_install_image_target_desc *image_target, ++ struct section_metadata *smd) ++{ ++ int i; ++ int r = 0; ++ const char *name = smd->strtab + grub_host_to_target32 (s->sh_name); ++ ++ if (!strncmp (name, ".rela.", 6)) ++ name += 5; ++ else if (!strncmp (name, ".rel.", 5)) ++ name += 4; ++ else ++ return 1; ++ ++ for (i = 0, s = smd->sections; i < smd->num_sections; ++ i++, s = (Elf_Shdr *) ((char *) s + smd->section_entsize)) ++ { ++ const char *sname = smd->strtab + grub_host_to_target32 (s->sh_name); ++ if (strcmp (sname, name)) ++ continue; ++ ++ return SUFFIX (is_kept_section) (s, image_target); ++ } ++ ++ return r; ++} ++ + /* Return if the ELF header is valid. */ + static int + SUFFIX (check_elf_header) (Elf_Ehdr *e, size_t size, const struct grub_install_image_target_desc *image_target) +@@ -1742,12 +1830,11 @@ SUFFIX (check_elf_header) (Elf_Ehdr *e, size_t size, const struct grub_install_i + static Elf_Addr + SUFFIX (put_section) (Elf_Shdr *s, int i, + Elf_Addr current_address, +- Elf_Addr *section_addresses, +- const char *strtab, ++ struct section_metadata *smd, + const struct grub_install_image_target_desc *image_target) + { + Elf_Word align = grub_host_to_target_addr (s->sh_addralign); +- const char *name = strtab + grub_host_to_target32 (s->sh_name); ++ const char *name = smd->strtab + grub_host_to_target32 (s->sh_name); + + if (align) + current_address = ALIGN_UP (current_address + image_target->vaddr_offset, +@@ -1759,24 +1846,23 @@ SUFFIX (put_section) (Elf_Shdr *s, int i, + name, (unsigned long long) current_address); + if (!is_relocatable (image_target)) + current_address = grub_host_to_target_addr (s->sh_addr) +- - image_target->link_addr; +- section_addresses[i] = current_address; ++ - image_target->link_addr; ++ smd->addrs[i] = current_address; + current_address += grub_host_to_target_addr (s->sh_size); + return current_address; + } + +-/* Locate section addresses by merging code sections and data sections +- into .text and .data, respectively. Return the array of section +- addresses. */ +-static Elf_Addr * ++/* ++ * Locate section addresses by merging code sections and data sections ++ * into .text and .data, respectively. ++ */ ++static void + SUFFIX (locate_sections) (Elf_Ehdr *e, const char *kernel_path, +- Elf_Shdr *sections, Elf_Half section_entsize, +- Elf_Half num_sections, const char *strtab, ++ struct section_metadata *smd, + struct grub_mkimage_layout *layout, + const struct grub_install_image_target_desc *image_target) + { + int i; +- Elf_Addr *section_addresses; + Elf_Shdr *s; + + layout->align = 1; +@@ -1784,30 +1870,23 @@ SUFFIX (locate_sections) (Elf_Ehdr *e, const char *kernel_path, + if (image_target->elf_target == EM_AARCH64) + layout->align = 4096; + +- section_addresses = xmalloc (sizeof (*section_addresses) * num_sections); +- memset (section_addresses, 0, sizeof (*section_addresses) * num_sections); +- + layout->kernel_size = 0; + +- for (i = 0, s = sections; +- i < num_sections; +- i++, s = (Elf_Shdr *) ((char *) s + section_entsize)) +- if ((grub_target_to_host (s->sh_flags) & SHF_ALLOC) ++ for (i = 0, s = smd->sections; ++ i < smd->num_sections; ++ i++, s = (Elf_Shdr *) ((char *) s + smd->section_entsize)) ++ if ((grub_target_to_host (s->sh_flags) & SHF_ALLOC) + && grub_host_to_target32 (s->sh_addralign) > layout->align) + layout->align = grub_host_to_target32 (s->sh_addralign); + +- + /* .text */ +- for (i = 0, s = sections; +- i < num_sections; +- i++, s = (Elf_Shdr *) ((char *) s + section_entsize)) ++ for (i = 0, s = smd->sections; ++ i < smd->num_sections; ++ i++, s = (Elf_Shdr *) ((char *) s + smd->section_entsize)) + if (SUFFIX (is_text_section) (s, image_target)) + { +- layout->kernel_size = SUFFIX (put_section) (s, i, +- layout->kernel_size, +- section_addresses, +- strtab, +- image_target); ++ layout->kernel_size = SUFFIX (put_section) (s, i, layout->kernel_size, ++ smd, image_target); + if (!is_relocatable (image_target) && + grub_host_to_target_addr (s->sh_addr) != image_target->link_addr) + { +@@ -1827,15 +1906,12 @@ SUFFIX (locate_sections) (Elf_Ehdr *e, const char *kernel_path, + layout->exec_size = layout->kernel_size; + + /* .data */ +- for (i = 0, s = sections; +- i < num_sections; +- i++, s = (Elf_Shdr *) ((char *) s + section_entsize)) ++ for (i = 0, s = smd->sections; ++ i < smd->num_sections; ++ i++, s = (Elf_Shdr *) ((char *) s + smd->section_entsize)) + if (SUFFIX (is_data_section) (s, image_target)) +- layout->kernel_size = SUFFIX (put_section) (s, i, +- layout->kernel_size, +- section_addresses, +- strtab, +- image_target); ++ layout->kernel_size = SUFFIX (put_section) (s, i, layout->kernel_size, smd, ++ image_target); + + #ifdef MKIMAGE_ELF32 + if (image_target->elf_target == EM_ARM) +@@ -1846,8 +1922,8 @@ SUFFIX (locate_sections) (Elf_Ehdr *e, const char *kernel_path, + + layout->kernel_size = ALIGN_UP (layout->kernel_size, 16); + +- tramp = arm_get_trampoline_size (e, sections, section_entsize, +- num_sections, image_target); ++ tramp = arm_get_trampoline_size (e, smd->sections, smd->section_entsize, ++ smd->num_sections, image_target); + + layout->tramp_off = layout->kernel_size; + layout->kernel_size += ALIGN_UP (tramp, 16); +@@ -1858,15 +1934,18 @@ SUFFIX (locate_sections) (Elf_Ehdr *e, const char *kernel_path, + layout->end = layout->kernel_size; + + /* .bss */ +- for (i = 0, s = sections; +- i < num_sections; +- i++, s = (Elf_Shdr *) ((char *) s + section_entsize)) +- if (SUFFIX (is_bss_section) (s, image_target)) +- layout->end = SUFFIX (put_section) (s, i, +- layout->end, +- section_addresses, +- strtab, +- image_target); ++ for (i = 0, s = smd->sections; ++ i < smd->num_sections; ++ i++, s = (Elf_Shdr *) ((char *) s + smd->section_entsize)) ++ { ++ if (SUFFIX (is_bss_section) (s, image_target)) ++ layout->end = SUFFIX (put_section) (s, i, layout->end, smd, image_target); ++ ++ /* ++ * This must to be in the last time this function passes through the loop. ++ */ ++ smd->vaddrs[i] = smd->addrs[i] + image_target->vaddr_offset; ++ } + + layout->end = ALIGN_UP (layout->end + image_target->vaddr_offset, + image_target->section_align) - image_target->vaddr_offset; +@@ -1875,10 +1954,8 @@ SUFFIX (locate_sections) (Elf_Ehdr *e, const char *kernel_path, + Platforms other than EFI and U-boot shouldn't have .bss in + their binaries as we build with -Wl,-Ttext. + */ +- if (image_target->id != IMAGE_UBOOT) ++ if (image_target->id == IMAGE_EFI || !is_relocatable (image_target)) + layout->kernel_size = layout->end; +- +- return section_addresses; + } + + char * +@@ -1888,18 +1965,12 @@ SUFFIX (grub_mkimage_load_image) (const char *kernel_path, + const struct grub_install_image_target_desc *image_target) + { + char *kernel_img, *out_img; +- const char *strtab; ++ struct section_metadata smd = { 0, 0, 0, 0, 0, 0, 0 }; + Elf_Ehdr *e; +- Elf_Shdr *sections; +- Elf_Addr *section_addresses; +- Elf_Addr *section_vaddresses; + int i; + Elf_Shdr *s; +- Elf_Half num_sections; + Elf_Off section_offset; +- Elf_Half section_entsize; + grub_size_t kernel_size; +- Elf_Shdr *symtab_section = 0; + + grub_memset (layout, 0, sizeof (*layout)); + +@@ -1914,48 +1985,45 @@ SUFFIX (grub_mkimage_load_image) (const char *kernel_path, + grub_util_error ("invalid ELF header"); + + section_offset = grub_target_to_host (e->e_shoff); +- section_entsize = grub_target_to_host16 (e->e_shentsize); +- num_sections = grub_target_to_host16 (e->e_shnum); ++ smd.section_entsize = grub_target_to_host16 (e->e_shentsize); ++ smd.num_sections = grub_target_to_host16 (e->e_shnum); + +- if (kernel_size < section_offset + (grub_uint32_t) section_entsize * num_sections) ++ if (kernel_size < section_offset ++ + (grub_uint32_t) smd.section_entsize * smd.num_sections) + grub_util_error (_("premature end of file %s"), kernel_path); + +- sections = (Elf_Shdr *) (kernel_img + section_offset); ++ smd.sections = (Elf_Shdr *) (kernel_img + section_offset); + + /* Relocate sections then symbols in the virtual address space. */ +- s = (Elf_Shdr *) ((char *) sections +- + grub_host_to_target16 (e->e_shstrndx) * section_entsize); +- strtab = (char *) e + grub_host_to_target_addr (s->sh_offset); ++ s = (Elf_Shdr *) ((char *) smd.sections ++ + grub_host_to_target16 (e->e_shstrndx) * smd.section_entsize); ++ smd.strtab = (char *) e + grub_host_to_target_addr (s->sh_offset); + +- section_addresses = SUFFIX (locate_sections) (e, kernel_path, +- sections, section_entsize, +- num_sections, strtab, +- layout, +- image_target); ++ smd.addrs = xmalloc (sizeof (*smd.addrs) * smd.num_sections); ++ memset (smd.addrs, 0, sizeof (*smd.addrs) * smd.num_sections); ++ smd.vaddrs = xmalloc (sizeof (*smd.vaddrs) * smd.num_sections); ++ memset (smd.vaddrs, 0, sizeof (*smd.vaddrs) * smd.num_sections); + +- section_vaddresses = xmalloc (sizeof (*section_addresses) * num_sections); +- +- for (i = 0; i < num_sections; i++) +- section_vaddresses[i] = section_addresses[i] + image_target->vaddr_offset; ++ SUFFIX (locate_sections) (e, kernel_path, &smd, layout, image_target); + + if (!is_relocatable (image_target)) + { + Elf_Addr current_address = layout->kernel_size; + +- for (i = 0, s = sections; +- i < num_sections; +- i++, s = (Elf_Shdr *) ((char *) s + section_entsize)) ++ for (i = 0, s = smd.sections; ++ i < smd.num_sections; ++ i++, s = (Elf_Shdr *) ((char *) s + smd.section_entsize)) + if (grub_target_to_host32 (s->sh_type) == SHT_NOBITS) + { + Elf_Word sec_align = grub_host_to_target_addr (s->sh_addralign); +- const char *name = strtab + grub_host_to_target32 (s->sh_name); ++ const char *name = smd.strtab + grub_host_to_target32 (s->sh_name); + + if (sec_align) + current_address = ALIGN_UP (current_address + + image_target->vaddr_offset, + sec_align) + - image_target->vaddr_offset; +- ++ + grub_util_info ("locating the section %s at 0x%" + GRUB_HOST_PRIxLONG_LONG, + name, (unsigned long long) current_address); +@@ -1963,7 +2031,7 @@ SUFFIX (grub_mkimage_load_image) (const char *kernel_path, + current_address = grub_host_to_target_addr (s->sh_addr) + - image_target->link_addr; + +- section_vaddresses[i] = current_address ++ smd.vaddrs[i] = current_address + + image_target->vaddr_offset; + current_address += grub_host_to_target_addr (s->sh_size); + } +@@ -1978,21 +2046,22 @@ SUFFIX (grub_mkimage_load_image) (const char *kernel_path, + if (image_target->id == IMAGE_SPARC64_AOUT + || image_target->id == IMAGE_SPARC64_RAW + || image_target->id == IMAGE_UBOOT ++ || image_target->id == IMAGE_COREBOOT + || image_target->id == IMAGE_SPARC64_CDCORE) + layout->kernel_size = ALIGN_UP (layout->kernel_size, image_target->mod_align); + + if (is_relocatable (image_target)) + { +- symtab_section = NULL; +- for (i = 0, s = sections; +- i < num_sections; +- i++, s = (Elf_Shdr *) ((char *) s + section_entsize)) ++ smd.symtab = NULL; ++ for (i = 0, s = smd.sections; ++ i < smd.num_sections; ++ i++, s = (Elf_Shdr *) ((char *) s + smd.section_entsize)) + if (s->sh_type == grub_host_to_target32 (SHT_SYMTAB)) + { +- symtab_section = s; ++ smd.symtab = s; + break; + } +- if (! symtab_section) ++ if (! smd.symtab) + grub_util_error ("%s", _("no symbol table")); + #ifdef MKIMAGE_ELF64 + if (image_target->elf_target == EM_IA_64) +@@ -2007,7 +2076,7 @@ SUFFIX (grub_mkimage_load_image) (const char *kernel_path, + layout->kernel_size += ALIGN_UP (tramp, 16); + + layout->ia64jmp_off = layout->kernel_size; +- layout->ia64jmpnum = SUFFIX (count_funcs) (e, symtab_section, ++ layout->ia64jmpnum = SUFFIX (count_funcs) (e, smd.symtab, + image_target); + layout->kernel_size += 16 * layout->ia64jmpnum; + +@@ -2038,31 +2107,19 @@ SUFFIX (grub_mkimage_load_image) (const char *kernel_path, + + if (is_relocatable (image_target)) + { +- layout->start_address = SUFFIX (relocate_symbols) (e, sections, symtab_section, +- section_vaddresses, section_entsize, +- num_sections, +- (char *) out_img + layout->ia64jmp_off, +- layout->ia64jmp_off +- + image_target->vaddr_offset, +- layout->bss_start, +- layout->end, +- image_target); ++ layout->start_address = SUFFIX (relocate_symbols) (e, &smd, ++ (char *) out_img + layout->ia64jmp_off, ++ layout->ia64jmp_off + image_target->vaddr_offset, ++ layout->bss_start, layout->end, image_target); ++ + if (layout->start_address == (Elf_Addr) -1) + grub_util_error ("start symbol is not defined"); + +- /* Resolve addresses in the virtual address space. */ +- SUFFIX (relocate_addresses) (e, sections, section_addresses, +- section_entsize, +- num_sections, strtab, +- out_img, layout->tramp_off, +- layout->got_off, +- image_target); ++ /* Resolve addrs in the virtual address space. */ ++ SUFFIX (relocate_addrs) (e, &smd, out_img, layout->tramp_off, ++ layout->got_off, image_target); + +- make_reloc_section (e, layout, +- section_vaddresses, sections, +- section_entsize, num_sections, +- strtab, +- image_target); ++ make_reloc_section (e, layout, &smd, image_target); + if (image_target->id != IMAGE_EFI) + { + out_img = xrealloc (out_img, layout->kernel_size + total_module_size +@@ -2074,30 +2131,25 @@ SUFFIX (grub_mkimage_load_image) (const char *kernel_path, + } + } + +- for (i = 0, s = sections; +- i < num_sections; +- i++, s = (Elf_Shdr *) ((char *) s + section_entsize)) +- if (SUFFIX (is_data_section) (s, image_target) +- /* Explicitly initialize BSS +- when producing PE32 to avoid a bug in EFI implementations. +- Platforms other than EFI and U-boot shouldn't have .bss in +- their binaries as we build with -Wl,-Ttext. +- */ +- || (SUFFIX (is_bss_section) (s, image_target) && (image_target->id != IMAGE_UBOOT)) +- || SUFFIX (is_text_section) (s, image_target)) ++ for (i = 0, s = smd.sections; ++ i < smd.num_sections; ++ i++, s = (Elf_Shdr *) ((char *) s + smd.section_entsize)) ++ if (SUFFIX (is_kept_section) (s, image_target)) + { + if (grub_target_to_host32 (s->sh_type) == SHT_NOBITS) +- memset (out_img + section_addresses[i], 0, ++ memset (out_img + smd.addrs[i], 0, + grub_host_to_target_addr (s->sh_size)); + else +- memcpy (out_img + section_addresses[i], ++ memcpy (out_img + smd.addrs[i], + kernel_img + grub_host_to_target_addr (s->sh_offset), + grub_host_to_target_addr (s->sh_size)); + } + free (kernel_img); + +- free (section_vaddresses); +- free (section_addresses); ++ free (smd.vaddrs); ++ smd.vaddrs = NULL; ++ free (smd.addrs); ++ smd.addrs = NULL; + + return out_img; + } +diff --git a/util/grub-mkrescue.c b/util/grub-mkrescue.c +index 238d4840e2f9613c6392e16cb88e7f413cae41c4..9545945d8f3b1a85dea8404fe1a0c9b3a3b84ba1 100644 +--- a/util/grub-mkrescue.c ++++ b/util/grub-mkrescue.c +@@ -323,6 +323,7 @@ check_xorriso (const char *val) + char *buf = NULL; + size_t len = 0; + int ret = 0; ++ int wstatus = 0; + + argv[0] = xorriso; + argv[1] = "-as"; +@@ -347,8 +348,10 @@ check_xorriso (const char *val) + } + + close (fd); +- waitpid (pid, NULL, 0); ++ waitpid (pid, &wstatus, 0); + free (buf); ++ if (!WIFEXITED (wstatus) || WEXITSTATUS(wstatus) != 0) ++ return 0; + return ret; + } + +@@ -426,6 +429,7 @@ main (int argc, char *argv[]) + char **argp_argv; + int xorriso_tail_argc; + char **xorriso_tail_argv; ++ int rv; + + grub_util_host_init (&argc, &argv); + grub_util_disable_fd_syncs (); +@@ -478,6 +482,10 @@ main (int argc, char *argv[]) + if (!output_image) + grub_util_error ("%s", _("output file must be specified")); + ++ if (!check_xorriso ("graft-points")) { ++ grub_util_error ("%s", _("xorriso not found")); ++ } ++ + grub_init_all (); + grub_hostfs_init (); + grub_host_init (); +@@ -787,7 +795,6 @@ main (int argc, char *argv[]) + free (efidir_efi_boot); + + efiimgfat = grub_util_path_concat (2, iso9660_dir, "efi.img"); +- int rv; + rv = grub_util_exec ((const char * []) { "mformat", "-C", "-f", "2880", "-L", "16", "-i", + efiimgfat, "::", NULL }); + if (rv != 0) +@@ -960,7 +967,9 @@ main (int argc, char *argv[]) + + xorriso_argv[xorriso_argc] = NULL; + +- grub_util_exec ((const char *const *)xorriso_argv); ++ rv = grub_util_exec ((const char *const *)xorriso_argv); ++ if (rv != 0) ++ grub_util_error ("`%s` invocation failed\n", "xorriso"); + + grub_util_unlink_recursive (iso9660_dir); + +diff --git a/util/grub-module-verifier.c b/util/grub-module-verifier.c +index 9179285a5ffe5d641a4c2726ce8367dba623d29e..a79271f663166f4d302e1f73d1bcd400c9e8604e 100644 +--- a/util/grub-module-verifier.c ++++ b/util/grub-module-verifier.c +@@ -19,6 +19,7 @@ struct grub_module_verifier_arch archs[] = { + -1 + }, (int[]){ + R_X86_64_PC32, ++ R_X86_64_PLT32, + -1 + } + }, +diff --git a/util/grub-probe.c b/util/grub-probe.c +index 8ac527d2f2a17142c5cf873d27c5818477d2c1a4..e45dbf9e049bd41f3122793330b2d0f7bcc844f8 100644 +--- a/util/grub-probe.c ++++ b/util/grub-probe.c +@@ -28,6 +28,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -62,6 +63,7 @@ enum { + PRINT_DRIVE, + PRINT_DEVICE, + PRINT_PARTMAP, ++ PRINT_PARTUUID, + PRINT_ABSTRACTION, + PRINT_CRYPTODISK_UUID, + PRINT_HINT_STR, +@@ -85,6 +87,7 @@ static const char *targets[] = + [PRINT_DRIVE] = "drive", + [PRINT_DEVICE] = "device", + [PRINT_PARTMAP] = "partmap", ++ [PRINT_PARTUUID] = "partuuid", + [PRINT_ABSTRACTION] = "abstraction", + [PRINT_CRYPTODISK_UUID] = "cryptodisk_uuid", + [PRINT_HINT_STR] = "hints_string", +@@ -129,6 +132,20 @@ get_targets_string (void) + return str; + } + ++static int ++print_gpt_guid (grub_gpt_part_guid_t guid) ++{ ++ guid.data1 = grub_le_to_cpu32 (guid.data1); ++ guid.data2 = grub_le_to_cpu16 (guid.data2); ++ guid.data3 = grub_le_to_cpu16 (guid.data3); ++ ++ return grub_printf ("%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x", ++ guid.data1, guid.data2, guid.data3, guid.data4[0], ++ guid.data4[1], guid.data4[2], guid.data4[3], ++ guid.data4[4], guid.data4[5], guid.data4[6], ++ guid.data4[7]); ++} ++ + static void + do_print (const char *x, void *data) + { +@@ -167,6 +184,45 @@ probe_partmap (grub_disk_t disk, char delim) + } + } + ++static void ++probe_partuuid (grub_disk_t disk, char delim) ++{ ++ grub_partition_t p = disk->partition; ++ ++ /* ++ * Nested partitions not supported for now. ++ * Non-nested partitions must have disk->partition->parent == NULL ++ */ ++ if (p && p->parent == NULL) ++ { ++ disk->partition = p->parent; ++ ++ if (strcmp(p->partmap->name, "msdos") == 0) ++ { ++ /* ++ * The partition GUID for MSDOS is the partition number (starting ++ * with 1) prepended with the NT disk signature. ++ */ ++ grub_uint32_t nt_disk_sig; ++ ++ if (grub_disk_read (disk, 0, GRUB_BOOT_MACHINE_WINDOWS_NT_MAGIC, ++ sizeof(nt_disk_sig), &nt_disk_sig) == 0) ++ grub_printf ("%08x-%02x", ++ grub_le_to_cpu32(nt_disk_sig), 1 + p->number); ++ } ++ else if (strcmp(p->partmap->name, "gpt") == 0) ++ { ++ struct grub_gpt_partentry gptdata; ++ ++ if (grub_disk_read (disk, p->offset, p->index, ++ sizeof(gptdata), &gptdata) == 0) ++ print_gpt_guid(gptdata.guid); ++ } ++ ++ disk->partition = p; ++ } ++} ++ + static void + probe_cryptodisk_uuid (grub_disk_t disk, char delim) + { +@@ -621,6 +677,12 @@ probe (const char *path, char **device_names, char delim) + /* Check if dev->disk itself is contained in a partmap. */ + probe_partmap (dev->disk, delim); + ++ else if (print == PRINT_PARTUUID) ++ { ++ probe_partuuid (dev->disk, delim); ++ putchar (delim); ++ } ++ + else if (print == PRINT_MSDOS_PARTTYPE) + { + if (dev->disk->partition +@@ -641,21 +703,7 @@ probe (const char *path, char **device_names, char delim) + + if (grub_disk_read (dev->disk, p->offset, p->index, + sizeof (gptdata), &gptdata) == 0) +- { +- grub_gpt_part_type_t gpttype; +- gpttype.data1 = grub_le_to_cpu32 (gptdata.type.data1); +- gpttype.data2 = grub_le_to_cpu16 (gptdata.type.data2); +- gpttype.data3 = grub_le_to_cpu16 (gptdata.type.data3); +- grub_memcpy (gpttype.data4, gptdata.type.data4, 8); +- +- grub_printf ("%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x", +- gpttype.data1, gpttype.data2, +- gpttype.data3, gpttype.data4[0], +- gpttype.data4[1], gpttype.data4[2], +- gpttype.data4[3], gpttype.data4[4], +- gpttype.data4[5], gpttype.data4[6], +- gpttype.data4[7]); +- } ++ print_gpt_guid(gptdata.type); + dev->disk->partition = p; + } + putchar (delim); +diff --git a/util/ieee1275/grub-ofpathname.c b/util/ieee1275/grub-ofpathname.c +index 8e5d766cb63871c1479a42626c8cfa7fddd6f771..300fbddad7c54e2b52d90a7de5eb868a9a1ae705 100644 +--- a/util/ieee1275/grub-ofpathname.c ++++ b/util/ieee1275/grub-ofpathname.c +@@ -46,7 +46,9 @@ int main(int argc, char **argv) + } + + of_path = grub_util_devname_to_ofpath (argv[1]); +- printf("%s\n", of_path); ++ ++ if (of_path) ++ printf ("%s\n", of_path); + + free (of_path); + +diff --git a/util/mkimage.c b/util/mkimage.c +index 9ad4cfe4223b661c11ab9d3783cb13c88100631c..e22d82afa61a6aa4209c7ab6d2aa5b58f95e1bfe 100644 +--- a/util/mkimage.c ++++ b/util/mkimage.c +@@ -533,6 +533,45 @@ static const struct grub_install_image_target_desc image_targets[] = + .mod_align = GRUB_KERNEL_ARM_UBOOT_MOD_ALIGN, + .link_align = 4 + }, ++ /* For coreboot versions that don't support self-relocating images. */ ++ { ++ .dirname = "arm-coreboot-vexpress", ++ .names = { "arm-coreboot-vexpress", NULL }, ++ .voidp_sizeof = 4, ++ .bigendian = 0, ++ .id = IMAGE_COREBOOT, ++ .flags = PLATFORM_FLAGS_NONE, ++ .total_module_size = GRUB_KERNEL_ARM_COREBOOT_TOTAL_MODULE_SIZE, ++ .decompressor_compressed_size = TARGET_NO_FIELD, ++ .decompressor_uncompressed_size = TARGET_NO_FIELD, ++ .decompressor_uncompressed_addr = TARGET_NO_FIELD, ++ .section_align = GRUB_KERNEL_ARM_COREBOOT_MOD_ALIGN, ++ .vaddr_offset = 0, ++ .elf_target = EM_ARM, ++ .mod_gap = GRUB_KERNEL_ARM_COREBOOT_MOD_GAP, ++ .mod_align = GRUB_KERNEL_ARM_COREBOOT_MOD_ALIGN, ++ .link_align = 4, ++ .link_addr = 0x62000000, ++ }, ++ { ++ .dirname = "arm-coreboot-veyron", ++ .names = { "arm-coreboot-veyron", NULL }, ++ .voidp_sizeof = 4, ++ .bigendian = 0, ++ .id = IMAGE_COREBOOT, ++ .flags = PLATFORM_FLAGS_NONE, ++ .total_module_size = GRUB_KERNEL_ARM_COREBOOT_TOTAL_MODULE_SIZE, ++ .decompressor_compressed_size = TARGET_NO_FIELD, ++ .decompressor_uncompressed_size = TARGET_NO_FIELD, ++ .decompressor_uncompressed_addr = TARGET_NO_FIELD, ++ .section_align = GRUB_KERNEL_ARM_COREBOOT_MOD_ALIGN, ++ .vaddr_offset = 0, ++ .elf_target = EM_ARM, ++ .mod_gap = GRUB_KERNEL_ARM_COREBOOT_MOD_GAP, ++ .mod_align = GRUB_KERNEL_ARM_COREBOOT_MOD_ALIGN, ++ .link_align = 4, ++ .link_addr = 0x43000000, ++ }, + { + .dirname = "arm-efi", + .names = { "arm-efi", NULL }, +@@ -738,13 +777,12 @@ grub_install_generate_image (const char *dir, const char *prefix, + char *memdisk_path, char **pubkey_paths, + size_t npubkeys, char *config_path, + const struct grub_install_image_target_desc *image_target, +- int note, +- grub_compression_t comp) ++ int note, grub_compression_t comp, const char *dtb_path) + { + char *kernel_img, *core_img; + size_t total_module_size, core_size; + size_t memdisk_size = 0, config_size = 0; +- size_t prefix_size = 0; ++ size_t prefix_size = 0, dtb_size = 0; + char *kernel_path; + size_t offset; + struct grub_util_path_list *path_list, *p; +@@ -789,6 +827,12 @@ grub_install_generate_image (const char *dir, const char *prefix, + total_module_size += memdisk_size + sizeof (struct grub_module_header); + } + ++ if (dtb_path) ++ { ++ dtb_size = ALIGN_UP(grub_util_get_image_size (dtb_path), 4); ++ total_module_size += dtb_size + sizeof (struct grub_module_header); ++ } ++ + if (config_path) + { + config_size = ALIGN_ADDR (grub_util_get_image_size (config_path) + 1); +@@ -911,6 +955,19 @@ grub_install_generate_image (const char *dir, const char *prefix, + offset += memdisk_size; + } + ++ if (dtb_path) ++ { ++ struct grub_module_header *header; ++ ++ header = (struct grub_module_header *) (kernel_img + offset); ++ header->type = grub_host_to_target32 (OBJ_TYPE_DTB); ++ header->size = grub_host_to_target32 (dtb_size + sizeof (*header)); ++ offset += sizeof (*header); ++ ++ grub_util_load_image (dtb_path, kernel_img + offset); ++ offset += dtb_size; ++ } ++ + if (config_path) + { + struct grub_module_header *header; +@@ -1033,7 +1090,7 @@ grub_install_generate_image (const char *dir, const char *prefix, + /* fallthrough */ + case IMAGE_COREBOOT: + case IMAGE_QEMU: +- if (layout.kernel_size + layout.bss_size + GRUB_KERNEL_I386_PC_LINK_ADDR > 0x68000) ++ if (image_target->elf_target != EM_ARM && layout.kernel_size + layout.bss_size + GRUB_KERNEL_I386_PC_LINK_ADDR > 0x68000) + grub_util_error (_("kernel image is too big (0x%x > 0x%x)"), + (unsigned) layout.kernel_size + (unsigned) layout.bss_size + + GRUB_KERNEL_I386_PC_LINK_ADDR, +@@ -1638,10 +1695,10 @@ grub_install_generate_image (const char *dir, const char *prefix, + target_addr = image_target->link_addr; + if (image_target->voidp_sizeof == 4) + grub_mkimage_generate_elf32 (image_target, note, &core_img, &core_size, +- target_addr, layout.align, layout.kernel_size, layout.bss_size); ++ target_addr, &layout); + else + grub_mkimage_generate_elf64 (image_target, note, &core_img, &core_size, +- target_addr, layout.align, layout.kernel_size, layout.bss_size); ++ target_addr, &layout); + } + break; + } +diff --git a/util/setup.c b/util/setup.c +index 8aa5a39a79465c33b0ff6a5a6b1bc82128df2e18..9c1e1b7da6a85ea7aece6433f2eaf81a6ccde451 100644 +--- a/util/setup.c ++++ b/util/setup.c +@@ -137,6 +137,9 @@ struct blocklists + struct grub_boot_blocklist *first_block, *block; + #ifdef GRUB_SETUP_BIOS + grub_uint16_t current_segment; ++#endif ++#ifdef GRUB_SETUP_SPARC64 ++ grub_uint64_t gpt_offset; + #endif + grub_uint16_t last_length; + grub_disk_addr_t first_sector; +@@ -151,6 +154,10 @@ save_blocklists (grub_disk_addr_t sector, unsigned offset, unsigned length, + struct grub_boot_blocklist *prev = bl->block + 1; + grub_uint64_t seclen; + ++#ifdef GRUB_SETUP_SPARC64 ++ sector -= bl->gpt_offset; ++#endif ++ + grub_util_info ("saving <%" GRUB_HOST_PRIuLONG_LONG ",%u,%u>", + (unsigned long long) sector, offset, length); + +@@ -298,9 +305,8 @@ SETUP (const char *dir, + bl.first_block = (struct grub_boot_blocklist *) (core_img + + GRUB_DISK_SECTOR_SIZE + - sizeof (*bl.block)); +- grub_util_info ("root is `%s', dest is `%s'", root, dest); + +- grub_util_info ("Opening dest"); ++ grub_util_info ("Opening dest `%s'", dest); + dest_dev = grub_device_open (dest); + if (! dest_dev) + grub_util_error ("%s", grub_errmsg); +@@ -662,6 +668,16 @@ unable_to_embed: + + bl.block = bl.first_block; + ++#ifdef GRUB_SETUP_SPARC64 ++ { ++ grub_partition_t container = root_dev->disk->partition; ++ bl.gpt_offset = 0; ++ ++ if (grub_strstr (container->partmap->name, "gpt")) ++ bl.gpt_offset = grub_partition_get_start (container); ++ } ++#endif ++ + grub_install_get_blocklist (root_dev, core_path, core_img, core_size, + save_blocklists, &bl); + +@@ -721,15 +737,18 @@ unable_to_embed: + { + char *buf, *ptr = core_img; + size_t len = core_size; +- grub_uint64_t blk; ++ grub_uint64_t blk, offset = 0; + grub_partition_t container = core_dev->disk->partition; + grub_err_t err; + + core_dev->disk->partition = 0; ++#ifdef GRUB_SETUP_SPARC64 ++ offset = bl.gpt_offset; ++#endif + + buf = xmalloc (core_size); + blk = bl.first_sector; +- err = grub_disk_read (core_dev->disk, blk, 0, GRUB_DISK_SECTOR_SIZE, buf); ++ err = grub_disk_read (core_dev->disk, blk + offset, 0, GRUB_DISK_SECTOR_SIZE, buf); + if (err) + grub_util_error (_("cannot read `%s': %s"), core_dev->disk->name, + grub_errmsg); +@@ -748,7 +767,7 @@ unable_to_embed: + if (cur > len) + cur = len; + +- err = grub_disk_read (core_dev->disk, blk, 0, cur, buf); ++ err = grub_disk_read (core_dev->disk, blk + offset, 0, cur, buf); + if (err) + grub_util_error (_("cannot read `%s': %s"), core_dev->disk->name, + grub_errmsg); +diff --git a/grub-core/lib/libgcrypt/cipher/bufhelp.h b/grub-core/lib/libgcrypt/cipher/bufhelp.h +new file mode 100644 +index 0000000000000000000000000000000000000000..df3559472312d8c6c0c038e27571c546ce489283 +--- /dev/null ++++ b/grub-core/lib/libgcrypt/cipher/bufhelp.h +@@ -0,0 +1,432 @@ ++/* bufhelp.h - Some buffer manipulation helpers ++ * Copyright (C) 2012 Jussi Kivilinna ++ * ++ * This file is part of Libgcrypt. ++ * ++ * Libgcrypt is free software; you can redistribute it and/or modify ++ * it under the terms of the GNU Lesser General Public License as ++ * published by the Free Software Foundation; either version 2.1 of ++ * the License, or (at your option) any later version. ++ * ++ * Libgcrypt is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU Lesser General Public License for more details. ++ * ++ * You should have received a copy of the GNU Lesser General Public ++ * License along with this program; if not, see . ++ */ ++#ifndef GCRYPT_BUFHELP_H ++#define GCRYPT_BUFHELP_H ++ ++ ++#include "bithelp.h" ++ ++ ++#undef BUFHELP_FAST_UNALIGNED_ACCESS ++#if defined(HAVE_GCC_ATTRIBUTE_PACKED) && \ ++ defined(HAVE_GCC_ATTRIBUTE_ALIGNED) && \ ++ (defined(__i386__) || defined(__x86_64__) || \ ++ (defined(__arm__) && defined(__ARM_FEATURE_UNALIGNED)) || \ ++ defined(__aarch64__)) ++/* These architectures are able of unaligned memory accesses and can ++ handle those fast. ++ */ ++# define BUFHELP_FAST_UNALIGNED_ACCESS 1 ++#endif ++ ++ ++#ifdef BUFHELP_FAST_UNALIGNED_ACCESS ++/* Define type with one-byte alignment on architectures with fast unaligned ++ memory accesses. ++ */ ++typedef struct bufhelp_int_s ++{ ++ uintptr_t a; ++} __attribute__((packed, aligned(1))) bufhelp_int_t; ++#else ++/* Define type with default alignment for other architectures (unaligned ++ accessed handled in per byte loops). ++ */ ++typedef struct bufhelp_int_s ++{ ++ uintptr_t a; ++} bufhelp_int_t; ++#endif ++ ++ ++/* Optimized function for small buffer copying */ ++static inline void ++buf_cpy(void *_dst, const void *_src, size_t len) ++{ ++#if __GNUC__ >= 4 && (defined(__x86_64__) || defined(__i386__)) ++ /* For AMD64 and i386, memcpy is faster. */ ++ memcpy(_dst, _src, len); ++#else ++ byte *dst = _dst; ++ const byte *src = _src; ++ bufhelp_int_t *ldst; ++ const bufhelp_int_t *lsrc; ++#ifndef BUFHELP_FAST_UNALIGNED_ACCESS ++ const unsigned int longmask = sizeof(bufhelp_int_t) - 1; ++ ++ /* Skip fast processing if buffers are unaligned. */ ++ if (((uintptr_t)dst | (uintptr_t)src) & longmask) ++ goto do_bytes; ++#endif ++ ++ ldst = (bufhelp_int_t *)(void *)dst; ++ lsrc = (const bufhelp_int_t *)(const void *)src; ++ ++ for (; len >= sizeof(bufhelp_int_t); len -= sizeof(bufhelp_int_t)) ++ (ldst++)->a = (lsrc++)->a; ++ ++ dst = (byte *)ldst; ++ src = (const byte *)lsrc; ++ ++#ifndef BUFHELP_FAST_UNALIGNED_ACCESS ++do_bytes: ++#endif ++ /* Handle tail. */ ++ for (; len; len--) ++ *dst++ = *src++; ++#endif /*__GNUC__ >= 4 && (__x86_64__ || __i386__)*/ ++} ++ ++ ++/* Optimized function for buffer xoring */ ++static inline void ++buf_xor(void *_dst, const void *_src1, const void *_src2, size_t len) ++{ ++ byte *dst = _dst; ++ const byte *src1 = _src1; ++ const byte *src2 = _src2; ++ bufhelp_int_t *ldst; ++ const bufhelp_int_t *lsrc1, *lsrc2; ++#ifndef BUFHELP_FAST_UNALIGNED_ACCESS ++ const unsigned int longmask = sizeof(bufhelp_int_t) - 1; ++ ++ /* Skip fast processing if buffers are unaligned. */ ++ if (((uintptr_t)dst | (uintptr_t)src1 | (uintptr_t)src2) & longmask) ++ goto do_bytes; ++#endif ++ ++ ldst = (bufhelp_int_t *)(void *)dst; ++ lsrc1 = (const bufhelp_int_t *)(const void *)src1; ++ lsrc2 = (const bufhelp_int_t *)(const void *)src2; ++ ++ for (; len >= sizeof(bufhelp_int_t); len -= sizeof(bufhelp_int_t)) ++ (ldst++)->a = (lsrc1++)->a ^ (lsrc2++)->a; ++ ++ dst = (byte *)ldst; ++ src1 = (const byte *)lsrc1; ++ src2 = (const byte *)lsrc2; ++ ++#ifndef BUFHELP_FAST_UNALIGNED_ACCESS ++do_bytes: ++#endif ++ /* Handle tail. */ ++ for (; len; len--) ++ *dst++ = *src1++ ^ *src2++; ++} ++ ++ ++/* Optimized function for in-place buffer xoring. */ ++static inline void ++buf_xor_1(void *_dst, const void *_src, size_t len) ++{ ++ byte *dst = _dst; ++ const byte *src = _src; ++ bufhelp_int_t *ldst; ++ const bufhelp_int_t *lsrc; ++#ifndef BUFHELP_FAST_UNALIGNED_ACCESS ++ const unsigned int longmask = sizeof(bufhelp_int_t) - 1; ++ ++ /* Skip fast processing if buffers are unaligned. */ ++ if (((uintptr_t)dst | (uintptr_t)src) & longmask) ++ goto do_bytes; ++#endif ++ ++ ldst = (bufhelp_int_t *)(void *)dst; ++ lsrc = (const bufhelp_int_t *)(const void *)src; ++ ++ for (; len >= sizeof(bufhelp_int_t); len -= sizeof(bufhelp_int_t)) ++ (ldst++)->a ^= (lsrc++)->a; ++ ++ dst = (byte *)ldst; ++ src = (const byte *)lsrc; ++ ++#ifndef BUFHELP_FAST_UNALIGNED_ACCESS ++do_bytes: ++#endif ++ /* Handle tail. */ ++ for (; len; len--) ++ *dst++ ^= *src++; ++} ++ ++ ++/* Optimized function for buffer xoring with two destination buffers. Used ++ mainly by CFB mode encryption. */ ++static inline void ++buf_xor_2dst(void *_dst1, void *_dst2, const void *_src, size_t len) ++{ ++ byte *dst1 = _dst1; ++ byte *dst2 = _dst2; ++ const byte *src = _src; ++ bufhelp_int_t *ldst1, *ldst2; ++ const bufhelp_int_t *lsrc; ++#ifndef BUFHELP_FAST_UNALIGNED_ACCESS ++ const unsigned int longmask = sizeof(bufhelp_int_t) - 1; ++ ++ /* Skip fast processing if buffers are unaligned. */ ++ if (((uintptr_t)src | (uintptr_t)dst1 | (uintptr_t)dst2) & longmask) ++ goto do_bytes; ++#endif ++ ++ ldst1 = (bufhelp_int_t *)(void *)dst1; ++ ldst2 = (bufhelp_int_t *)(void *)dst2; ++ lsrc = (const bufhelp_int_t *)(const void *)src; ++ ++ for (; len >= sizeof(bufhelp_int_t); len -= sizeof(bufhelp_int_t)) ++ (ldst1++)->a = ((ldst2++)->a ^= (lsrc++)->a); ++ ++ dst1 = (byte *)ldst1; ++ dst2 = (byte *)ldst2; ++ src = (const byte *)lsrc; ++ ++#ifndef BUFHELP_FAST_UNALIGNED_ACCESS ++do_bytes: ++#endif ++ /* Handle tail. */ ++ for (; len; len--) ++ *dst1++ = (*dst2++ ^= *src++); ++} ++ ++ ++/* Optimized function for combined buffer xoring and copying. Used by mainly ++ CBC mode decryption. */ ++static inline void ++buf_xor_n_copy_2(void *_dst_xor, const void *_src_xor, void *_srcdst_cpy, ++ const void *_src_cpy, size_t len) ++{ ++ byte *dst_xor = _dst_xor; ++ byte *srcdst_cpy = _srcdst_cpy; ++ const byte *src_xor = _src_xor; ++ const byte *src_cpy = _src_cpy; ++ byte temp; ++ bufhelp_int_t *ldst_xor, *lsrcdst_cpy; ++ const bufhelp_int_t *lsrc_cpy, *lsrc_xor; ++ uintptr_t ltemp; ++#ifndef BUFHELP_FAST_UNALIGNED_ACCESS ++ const unsigned int longmask = sizeof(bufhelp_int_t) - 1; ++ ++ /* Skip fast processing if buffers are unaligned. */ ++ if (((uintptr_t)src_cpy | (uintptr_t)src_xor | (uintptr_t)dst_xor | ++ (uintptr_t)srcdst_cpy) & longmask) ++ goto do_bytes; ++#endif ++ ++ ldst_xor = (bufhelp_int_t *)(void *)dst_xor; ++ lsrc_xor = (const bufhelp_int_t *)(void *)src_xor; ++ lsrcdst_cpy = (bufhelp_int_t *)(void *)srcdst_cpy; ++ lsrc_cpy = (const bufhelp_int_t *)(const void *)src_cpy; ++ ++ for (; len >= sizeof(bufhelp_int_t); len -= sizeof(bufhelp_int_t)) ++ { ++ ltemp = (lsrc_cpy++)->a; ++ (ldst_xor++)->a = (lsrcdst_cpy)->a ^ (lsrc_xor++)->a; ++ (lsrcdst_cpy++)->a = ltemp; ++ } ++ ++ dst_xor = (byte *)ldst_xor; ++ src_xor = (const byte *)lsrc_xor; ++ srcdst_cpy = (byte *)lsrcdst_cpy; ++ src_cpy = (const byte *)lsrc_cpy; ++ ++#ifndef BUFHELP_FAST_UNALIGNED_ACCESS ++do_bytes: ++#endif ++ /* Handle tail. */ ++ for (; len; len--) ++ { ++ temp = *src_cpy++; ++ *dst_xor++ = *srcdst_cpy ^ *src_xor++; ++ *srcdst_cpy++ = temp; ++ } ++} ++ ++ ++/* Optimized function for combined buffer xoring and copying. Used by mainly ++ CFB mode decryption. */ ++static inline void ++buf_xor_n_copy(void *_dst_xor, void *_srcdst_cpy, const void *_src, size_t len) ++{ ++ buf_xor_n_copy_2(_dst_xor, _src, _srcdst_cpy, _src, len); ++} ++ ++ ++/* Constant-time compare of two buffers. Returns 1 if buffers are equal, ++ and 0 if buffers differ. */ ++static inline int ++buf_eq_const(const void *_a, const void *_b, size_t len) ++{ ++ const byte *a = _a; ++ const byte *b = _b; ++ size_t diff, i; ++ ++ /* Constant-time compare. */ ++ for (i = 0, diff = 0; i < len; i++) ++ diff -= !!(a[i] - b[i]); ++ ++ return !diff; ++} ++ ++ ++#ifndef BUFHELP_FAST_UNALIGNED_ACCESS ++ ++/* Functions for loading and storing unaligned u32 values of different ++ endianness. */ ++static inline u32 buf_get_be32(const void *_buf) ++{ ++ const byte *in = _buf; ++ return ((u32)in[0] << 24) | ((u32)in[1] << 16) | \ ++ ((u32)in[2] << 8) | (u32)in[3]; ++} ++ ++static inline u32 buf_get_le32(const void *_buf) ++{ ++ const byte *in = _buf; ++ return ((u32)in[3] << 24) | ((u32)in[2] << 16) | \ ++ ((u32)in[1] << 8) | (u32)in[0]; ++} ++ ++static inline void buf_put_be32(void *_buf, u32 val) ++{ ++ byte *out = _buf; ++ out[0] = val >> 24; ++ out[1] = val >> 16; ++ out[2] = val >> 8; ++ out[3] = val; ++} ++ ++static inline void buf_put_le32(void *_buf, u32 val) ++{ ++ byte *out = _buf; ++ out[3] = val >> 24; ++ out[2] = val >> 16; ++ out[1] = val >> 8; ++ out[0] = val; ++} ++ ++ ++/* Functions for loading and storing unaligned u64 values of different ++ endianness. */ ++static inline u64 buf_get_be64(const void *_buf) ++{ ++ const byte *in = _buf; ++ return ((u64)in[0] << 56) | ((u64)in[1] << 48) | \ ++ ((u64)in[2] << 40) | ((u64)in[3] << 32) | \ ++ ((u64)in[4] << 24) | ((u64)in[5] << 16) | \ ++ ((u64)in[6] << 8) | (u64)in[7]; ++} ++ ++static inline u64 buf_get_le64(const void *_buf) ++{ ++ const byte *in = _buf; ++ return ((u64)in[7] << 56) | ((u64)in[6] << 48) | \ ++ ((u64)in[5] << 40) | ((u64)in[4] << 32) | \ ++ ((u64)in[3] << 24) | ((u64)in[2] << 16) | \ ++ ((u64)in[1] << 8) | (u64)in[0]; ++} ++ ++static inline void buf_put_be64(void *_buf, u64 val) ++{ ++ byte *out = _buf; ++ out[0] = val >> 56; ++ out[1] = val >> 48; ++ out[2] = val >> 40; ++ out[3] = val >> 32; ++ out[4] = val >> 24; ++ out[5] = val >> 16; ++ out[6] = val >> 8; ++ out[7] = val; ++} ++ ++static inline void buf_put_le64(void *_buf, u64 val) ++{ ++ byte *out = _buf; ++ out[7] = val >> 56; ++ out[6] = val >> 48; ++ out[5] = val >> 40; ++ out[4] = val >> 32; ++ out[3] = val >> 24; ++ out[2] = val >> 16; ++ out[1] = val >> 8; ++ out[0] = val; ++} ++ ++#else /*BUFHELP_FAST_UNALIGNED_ACCESS*/ ++ ++typedef struct bufhelp_u32_s ++{ ++ u32 a; ++} __attribute__((packed, aligned(1))) bufhelp_u32_t; ++ ++/* Functions for loading and storing unaligned u32 values of different ++ endianness. */ ++static inline u32 buf_get_be32(const void *_buf) ++{ ++ return be_bswap32(((const bufhelp_u32_t *)_buf)->a); ++} ++ ++static inline u32 buf_get_le32(const void *_buf) ++{ ++ return le_bswap32(((const bufhelp_u32_t *)_buf)->a); ++} ++ ++static inline void buf_put_be32(void *_buf, u32 val) ++{ ++ bufhelp_u32_t *out = _buf; ++ out->a = be_bswap32(val); ++} ++ ++static inline void buf_put_le32(void *_buf, u32 val) ++{ ++ bufhelp_u32_t *out = _buf; ++ out->a = le_bswap32(val); ++} ++ ++ ++typedef struct bufhelp_u64_s ++{ ++ u64 a; ++} __attribute__((packed, aligned(1))) bufhelp_u64_t; ++ ++/* Functions for loading and storing unaligned u64 values of different ++ endianness. */ ++static inline u64 buf_get_be64(const void *_buf) ++{ ++ return be_bswap64(((const bufhelp_u64_t *)_buf)->a); ++} ++ ++static inline u64 buf_get_le64(const void *_buf) ++{ ++ return le_bswap64(((const bufhelp_u64_t *)_buf)->a); ++} ++ ++static inline void buf_put_be64(void *_buf, u64 val) ++{ ++ bufhelp_u64_t *out = _buf; ++ out->a = be_bswap64(val); ++} ++ ++static inline void buf_put_le64(void *_buf, u64 val) ++{ ++ bufhelp_u64_t *out = _buf; ++ out->a = le_bswap64(val); ++} ++ ++ ++#endif /*BUFHELP_FAST_UNALIGNED_ACCESS*/ ++ ++#endif /*GCRYPT_BUFHELP_H*/ +diff --git a/grub-core/tests/checksums.h b/grub-core/tests/checksums.h +index 68d8ce7c7753ff721ab0d5a12d40b2aff20c694c..8273bd105deec0bf21f507e0eddb867f104afc5d 100644 +--- a/grub-core/tests/checksums.h ++++ b/grub-core/tests/checksums.h +@@ -1,129 +1,129 @@ +- { "cmdline_cat", 640, 480, 0x2, 16, 8, 1, 0, 0, 0, 0, 0, 0, 0, 0 /* 640x480xi16 */, (grub_uint32_t []) { 0x59c36f00, 0xcd5fc34e, 0xcd5fc34e, 0xeabbecab, 0xeabbecab, 0xc9950151, 0xc9950151, 0x2be222b6, 0x2be222b6, 0xe88c769e, 0xe88c769e, 0x6be4910e, 0x6be4910e, 0x1dc1fe4f, 0x1dc1fe4f, 0xd7613e8f, 0xd7613e8f, 0xf8124196, 0xf8124196, 0x130f5935, 0x130f5935, 0x2872330e, 0x2872330e, 0xaa7b7868, 0xaa7b7868, 0x558eaeea, 0x558eaeea, 0x92f7960f, 0x92f7960f, 0xc5bfc709, 0xc5bfc709, 0x699732fe, 0x699732fe, 0xc859125f, 0xc859125f, 0xfc6ac729, 0xfc6ac729, 0xcdab6cd4, 0xcdab6cd4, 0x58a8b7f8, 0x58a8b7f8, 0xc0e73385, 0x6560d6ef, 0x3be8bb5d, 0x3be8bb5d, }, 45 }, +- { "cmdline_cat", 800, 600, 0x2, 16, 8, 1, 0, 0, 0, 0, 0, 0, 0, 0 /* 800x600xi16 */, (grub_uint32_t []) { 0xaa4593fe, 0x13029f94, 0x13029f94, 0x7785fdab, 0x7785fdab, 0x95a7c1e8, 0x95a7c1e8, 0x315ab3e3, 0x315ab3e3, 0x6787f012, 0x6787f012, 0x79b1ecdc, 0x79b1ecdc, 0xdbc67810, 0xdbc67810, 0xafaa982e, 0xafaa982e, 0xc5cd0157, 0xc5cd0157, 0x3c50dd64, 0x3c50dd64, 0x1056cac0, 0x1056cac0, 0x1d7a41fa, 0x1d7a41fa, 0x5690b1e8, 0x5690b1e8, 0x616831d6, 0x616831d6, 0xfaf8e726, 0xfaf8e726, 0xd1ec5e26, 0xd1ec5e26, 0x3c269e1f, 0x3c269e1f, 0x1aa7952d, 0x1aa7952d, 0x6e7e2f99, 0x6e7e2f99, 0x98f4c02, 0x98f4c02, 0xc3f1abf2, 0xe348bb73, 0xea53cd60, 0xea53cd60, }, 45 }, +- { "cmdline_cat", 1024, 768, 0x2, 16, 8, 1, 0, 0, 0, 0, 0, 0, 0, 0 /* 1024x768xi16 */, (grub_uint32_t []) { 0xc9cbf769, 0x8fbb4f4c, 0x8fbb4f4c, 0x5dc00167, 0x5dc00167, 0xbc124df8, 0xbc124df8, 0x31cf0f8e, 0x31cf0f8e, 0x798cc4ed, 0x798cc4ed, 0xc5d2a091, 0xc5d2a091, 0xb58a0591, 0xb58a0591, 0x4d118aca, 0x4d118aca, 0xbb06c7ee, 0xbb06c7ee, 0x42179db7, 0x42179db7, 0x65f2d81e, 0x65f2d81e, 0xa2628bcb, 0xa2628bcb, 0xbdb7f4b, 0xbdb7f4b, 0x66b10309, 0x66b10309, 0x1a550ea9, 0x1a550ea9, 0x377a297d, 0x377a297d, 0x2ea99015, 0x2ea99015, 0x4e20d7bc, 0x4e20d7bc, 0x8ecbde02, 0x8ecbde02, 0xdfa2195a, 0xdfa2195a, 0xe113d2a, 0xe204ee5b, 0x734679c1, 0x734679c1, }, 45 }, +- { "cmdline_cat", 640, 480, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 640x480xrgba8888 */, (grub_uint32_t []) { 0x9813a416, 0xe2f6bfe1, 0xe2f6bfe1, 0xf18aee15, 0xf18aee15, 0x5e83b689, 0x5e83b689, 0xb7e8b42c, 0xb7e8b42c, 0x85d78f92, 0x85d78f92, 0xd56fadae, 0xd56fadae, 0x7632f5bf, 0x7632f5bf, 0x2769a748, 0x2769a748, 0x4a6112cd, 0x4a6112cd, 0x4f9b66a4, 0x4f9b66a4, 0x70457d38, 0x70457d38, 0x8cadb1a7, 0x8cadb1a7, 0x451341f, 0x451341f, 0x8a62e741, 0x8a62e741, 0x1b1f9031, 0x1b1f9031, 0x75ab630e, 0x75ab630e, 0xd5ff53ac, 0xd5ff53ac, 0x73a2b3c7, 0x73a2b3c7, 0x7b52acd5, 0x7b52acd5, 0xf6f3e48c, 0xf6f3e48c, 0x8d0db133, 0x8db24310, 0x7aef56d4, 0x7aef56d4, }, 45 }, +- { "cmdline_cat", 800, 600, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 800x600xrgba8888 */, (grub_uint32_t []) { 0x5fcf013d, 0x838a3f40, 0x838a3f40, 0x7351ba96, 0x7351ba96, 0x660963bb, 0x660963bb, 0x6f3362a6, 0x6f3362a6, 0x915d35d9, 0x915d35d9, 0xc7edaee9, 0xc7edaee9, 0xbc8ec24c, 0xbc8ec24c, 0xeb120ffd, 0xeb120ffd, 0x8f6d8232, 0x8f6d8232, 0x2de5d515, 0x2de5d515, 0x4f2ecd91, 0x4f2ecd91, 0x555a9b90, 0x555a9b90, 0x8f7b0d77, 0x8f7b0d77, 0x5f9536af, 0x5f9536af, 0x3dd79dbe, 0x3dd79dbe, 0xb555a0, 0xb555a0, 0x75aec882, 0x75aec882, 0xd5da89cb, 0xd5da89cb, 0xb47b3257, 0xb47b3257, 0x7c97c046, 0x7c97c046, 0x726a7abe, 0x4c8b8a56, 0xcffa0854, 0xcffa0854, }, 45 }, +- { "cmdline_cat", 1024, 768, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 1024x768xrgba8888 */, (grub_uint32_t []) { 0xdd28f52b, 0x7bf761e, 0x7bf761e, 0xaf0b6dae, 0xaf0b6dae, 0x7db15930, 0x7db15930, 0xc9720d56, 0xc9720d56, 0x55590d6c, 0x55590d6c, 0xa0d193d9, 0xa0d193d9, 0x728987b2, 0x728987b2, 0x28aecde6, 0x28aecde6, 0xa59bb094, 0xa59bb094, 0x2d0b049d, 0x2d0b049d, 0xd8421240, 0xd8421240, 0x51fa339, 0x51fa339, 0xc625cc46, 0xc625cc46, 0x2c9e6fcc, 0x2c9e6fcc, 0x3d06ffd5, 0x3d06ffd5, 0x8dd72816, 0x8dd72816, 0xfcf2a982, 0xfcf2a982, 0x6ef2870f, 0x6ef2870f, 0xba2caab7, 0xba2caab7, 0x8e5a5872, 0x8e5a5872, 0x62b2fedc, 0x2bd3b588, 0x34ebdb15, 0x34ebdb15, }, 45 }, +- { "cmdline_cat", 2560, 1440, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 2560x1440xrgba8888 */, (grub_uint32_t []) { 0x43d1f34, 0xa133280a, 0xa133280a, 0x1e8f4227, 0x1e8f4227, 0xa01cd911, 0xa01cd911, 0xdcb3d617, 0xdcb3d617, 0x51200351, 0x51200351, 0x609ba305, 0x609ba305, 0x5d96abfd, 0x5d96abfd, 0xd855cc70, 0xd855cc70, 0xdbfaf18d, 0xdbfaf18d, 0x84814843, 0x84814843, 0x4b00e630, 0x4b00e630, 0xd362b0f5, 0xd362b0f5, 0xec863355, 0xec863355, 0x195898d0, 0x195898d0, 0xe8c698c7, 0xe8c698c7, 0x884229e7, 0x884229e7, 0xb41ed3a9, 0xb41ed3a9, 0x2be1ce40, 0x2be1ce40, 0x8c33eb7c, 0x8c33eb7c, 0xbbce1da, 0xbbce1da, 0xef9415fa, 0x22fbc0d, 0xd82c182c, 0xd82c182c, }, 45 }, +- { "gfxterm_menu", 640, 480, 0x2, 16, 8, 1, 0, 0, 0, 0, 0, 0, 0, 0 /* 640x480xi16 */, (grub_uint32_t []) { 0x59c36f00, 0xbe029c, 0x6671ee1f, 0xbe029c, 0x4348cfdb, 0x59c36f00, 0x59c36f00, 0x3ad73295, 0x3ad73295, 0x3ad73295, 0x44575ff3, 0x44575ff3, 0x44575ff3, 0x26a14a21, 0x26a14a21, 0x26a14a21, 0x59c36f00, 0x4348cfdb, 0x4348cfdb, 0x59c36f00, }, 20 }, +- { "gfxterm_menu", 800, 600, 0x2, 16, 8, 1, 0, 0, 0, 0, 0, 0, 0, 0 /* 800x600xi16 */, (grub_uint32_t []) { 0xaa4593fe, 0x14e228ef, 0xb0c8af57, 0x14e228ef, 0x3ae7ad90, 0xaa4593fe, 0xaa4593fe, 0xbec19c1b, 0xbec19c1b, 0xbec19c1b, 0x1834917c, 0x1834917c, 0x1834917c, 0x350c3a04, 0x350c3a04, 0x350c3a04, 0xaa4593fe, 0x3ae7ad90, 0x3ae7ad90, 0xaa4593fe, }, 20 }, +- { "gfxterm_menu", 1024, 768, 0x2, 16, 8, 1, 0, 0, 0, 0, 0, 0, 0, 0 /* 1024x768xi16 */, (grub_uint32_t []) { 0xc9cbf769, 0x651fb144, 0xdf93ee9c, 0x651fb144, 0x3808dcc0, 0xc9cbf769, 0xc9cbf769, 0xe4861949, 0xe4861949, 0xe4861949, 0x1a5ed885, 0x1a5ed885, 0x1a5ed885, 0xf314678d, 0xf314678d, 0xf314678d, 0xc9cbf769, 0x3808dcc0, 0x3808dcc0, 0xc9cbf769, }, 20 }, +- { "gfxterm_menu", 640, 480, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 640x480xrgba8888 */, (grub_uint32_t []) { 0x9813a416, 0xdfd0119e, 0x6c7018a9, 0xdfd0119e, 0x71865846, 0x9813a416, 0x9813a416, 0xb5e8801c, 0xb5e8801c, 0xb5e8801c, 0x2433062f, 0x2433062f, 0x2433062f, 0x3d893bff, 0x3d893bff, 0x3d893bff, 0x9813a416, 0x71865846, 0x71865846, 0x9813a416, }, 20 }, +- { "gfxterm_menu", 800, 600, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 800x600xrgba8888 */, (grub_uint32_t []) { 0x5fcf013d, 0x4e4844e0, 0x5ebe5f81, 0x4e4844e0, 0x38ee7153, 0x5fcf013d, 0x5fcf013d, 0x819b5c4e, 0x819b5c4e, 0x819b5c4e, 0x538b4438, 0x538b4438, 0x538b4438, 0x45f87ba7, 0x45f87ba7, 0x45f87ba7, 0x5fcf013d, 0x38ee7153, 0x38ee7153, 0x5fcf013d, }, 20 }, +- { "gfxterm_menu", 1024, 768, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 1024x768xrgba8888 */, (grub_uint32_t []) { 0xdd28f52b, 0x701427d4, 0x246c830a, 0x701427d4, 0x6b11fdd3, 0xdd28f52b, 0xdd28f52b, 0xcd83646c, 0xcd83646c, 0xcd83646c, 0xecbf9d88, 0xecbf9d88, 0xecbf9d88, 0x91075604, 0x91075604, 0x91075604, 0xdd28f52b, 0x6b11fdd3, 0x6b11fdd3, 0xdd28f52b, }, 20 }, +- { "gfxterm_menu", 2560, 1440, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 2560x1440xrgba8888 */, (grub_uint32_t []) { 0x43d1f34, 0x7b5bd4c, 0xac246af1, 0x7b5bd4c, 0xf80aa6cc, 0x43d1f34, 0x43d1f34, 0xb200c08a, 0xb200c08a, 0xb200c08a, 0xcd0a6922, 0xcd0a6922, 0xcd0a6922, 0x545b6ca4, 0x545b6ca4, 0x545b6ca4, 0x43d1f34, 0xf80aa6cc, 0xf80aa6cc, 0x43d1f34, }, 20 }, +- { "gfxmenu", 640, 480, 0x2, 16, 8, 1, 0, 0, 0, 0, 0, 0, 0, 0 /* 640x480xi16 */, (grub_uint32_t []) { 0x59c36f00, 0x1027210c, 0x64e51c81, 0x1027210c, 0x45ca4a8a, 0x9a2e0d26, 0x12fd0f21, 0x12fd0f21, 0x12fd0f21, 0x4e25f9e1, 0x4e25f9e1, 0x4e25f9e1, 0x67bd3773, 0x67bd3773, 0x67bd3773, 0x59c36f00, 0x45ca4a8a, 0x45ca4a8a, }, 18 }, +- { "gfxmenu", 800, 600, 0x2, 16, 8, 1, 0, 0, 0, 0, 0, 0, 0, 0 /* 800x600xi16 */, (grub_uint32_t []) { 0xaa4593fe, 0x8d12f697, 0xc5b32248, 0x8d12f697, 0x56720aa4, 0xa9d58ccd, 0xf766a14d, 0xf766a14d, 0xf766a14d, 0xa2390b47, 0xa2390b47, 0xa2390b47, 0xcb0ac30e, 0xcb0ac30e, 0xcb0ac30e, 0xaa4593fe, 0x56720aa4, 0x56720aa4, }, 18 }, +- { "gfxmenu", 1024, 768, 0x2, 16, 8, 1, 0, 0, 0, 0, 0, 0, 0, 0 /* 1024x768xi16 */, (grub_uint32_t []) { 0xc9cbf769, 0xa5ec9f45, 0xdb7085d8, 0xa5ec9f45, 0x9caf1d3f, 0x5411be8b, 0xedc0ad83, 0xedc0ad83, 0xedc0ad83, 0x927e0b17, 0x927e0b17, 0x927e0b17, 0xd00a6b6f, 0xd00a6b6f, 0xd00a6b6f, 0xc9cbf769, 0x9caf1d3f, 0x9caf1d3f, }, 18 }, +- { "gfxmenu", 640, 480, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 640x480xrgba8888 */, (grub_uint32_t []) { 0x1c3742c9, 0xce8e83bf, 0xeb96c838, 0xce8e83bf, 0x73cb3bc1, 0x740d78cf, 0xb35c7e64, 0xb35c7e64, 0xb35c7e64, 0x58f99418, 0x58f99418, 0x58f99418, 0x5eb294e8, 0x5eb294e8, 0x5eb294e8, 0x1c3742c9, 0x73cb3bc1, 0x73cb3bc1, }, 18 }, +- { "gfxmenu", 800, 600, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 800x600xrgba8888 */, (grub_uint32_t []) { 0xcc5a7bed, 0x56a03e51, 0xee7d8d4b, 0x56a03e51, 0x5bdf9413, 0xbcda144c, 0x220f7a5e, 0x220f7a5e, 0x220f7a5e, 0x4d46a64f, 0x4d46a64f, 0x4d46a64f, 0x40b0384c, 0x40b0384c, 0x40b0384c, 0xcc5a7bed, 0x5bdf9413, 0x5bdf9413, }, 18 }, +- { "gfxmenu", 1024, 768, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 1024x768xrgba8888 */, (grub_uint32_t []) { 0xef4a3312, 0xea8a9cf0, 0x8929e522, 0xea8a9cf0, 0x78f3dfbc, 0x5d55a141, 0x377f1aeb, 0x377f1aeb, 0x377f1aeb, 0xf1cd5ef5, 0xf1cd5ef5, 0xf1cd5ef5, 0xe5a88e4a, 0xe5a88e4a, 0xe5a88e4a, 0xef4a3312, 0x78f3dfbc, 0x78f3dfbc, }, 18 }, +- { "gfxmenu", 2560, 1440, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 2560x1440xrgba8888 */, (grub_uint32_t []) { 0x54e48d80, 0x6dcf1d57, 0x925a4c8f, 0x6dcf1d57, 0x69005b38, 0x6d6bb4bc, 0x756a36b9, 0x756a36b9, 0x756a36b9, 0xf499c068, 0xf499c068, 0xf499c068, 0x623d7907, 0x623d7907, 0x623d7907, 0x54e48d80, 0x69005b38, 0x69005b38, }, 18 }, +- { "gfxterm_ar", 640, 480, 0x2, 16, 8, 1, 0, 0, 0, 0, 0, 0, 0, 0 /* 640x480xi16 */, (grub_uint32_t []) { 0x59c36f00, 0xa49d26b0, 0xaa7d9b28, 0xa49d26b0, 0xe76bebf7, 0x59c36f00, 0x59c36f00, 0xea6ab252, 0xea6ab252, 0xea6ab252, 0x94eadf34, 0x94eadf34, 0x94eadf34, 0xf61ccae6, 0xf61ccae6, 0xf61ccae6, 0x59c36f00, 0xe76bebf7, 0xe76bebf7, 0x59c36f00, }, 20 }, +- { "gfxterm_ar", 800, 600, 0x2, 16, 8, 1, 0, 0, 0, 0, 0, 0, 0, 0 /* 800x600xi16 */, (grub_uint32_t []) { 0xaa4593fe, 0x7a277db, 0xf3bf80f7, 0x7a277db, 0x29a7f2a4, 0xaa4593fe, 0xaa4593fe, 0xf1cd57e3, 0xf1cd57e3, 0xf1cd57e3, 0x57385a84, 0x57385a84, 0x57385a84, 0x7a00f1fc, 0x7a00f1fc, 0x7a00f1fc, 0xaa4593fe, 0x29a7f2a4, 0x29a7f2a4, 0xaa4593fe, }, 20 }, +- { "gfxterm_ar", 1024, 768, 0x2, 16, 8, 1, 0, 0, 0, 0, 0, 0, 0, 0 /* 1024x768xi16 */, (grub_uint32_t []) { 0xc9cbf769, 0x631edf85, 0x71926408, 0x631edf85, 0x3e09b201, 0xc9cbf769, 0xc9cbf769, 0xf224ab3, 0xf224ab3, 0xf224ab3, 0xf1fa8b7f, 0xf1fa8b7f, 0xf1fa8b7f, 0x18b03477, 0x18b03477, 0x18b03477, 0xc9cbf769, 0x3e09b201, 0x3e09b201, 0xc9cbf769, }, 20 }, +- { "gfxterm_ar", 640, 480, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 640x480xrgba8888 */, (grub_uint32_t []) { 0x9813a416, 0xfbaf4635, 0xe69ef474, 0xfbaf4635, 0x55f90fed, 0x9813a416, 0x9813a416, 0x3aad8f41, 0x3aad8f41, 0x3aad8f41, 0xab760972, 0xab760972, 0xab760972, 0xb2cc34a2, 0xb2cc34a2, 0xb2cc34a2, 0x9813a416, 0x55f90fed, 0x55f90fed, 0x9813a416, }, 20 }, +- { "gfxterm_ar", 800, 600, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 800x600xrgba8888 */, (grub_uint32_t []) { 0x5fcf013d, 0xdce50745, 0x1d8009e4, 0xdce50745, 0xaa4332f6, 0x5fcf013d, 0x5fcf013d, 0x354e5749, 0x354e5749, 0x354e5749, 0xe75e4f3f, 0xe75e4f3f, 0xe75e4f3f, 0xf12d70a0, 0xf12d70a0, 0xf12d70a0, 0x5fcf013d, 0xaa4332f6, 0xaa4332f6, 0x5fcf013d, }, 20 }, +- { "gfxterm_ar", 1024, 768, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 1024x768xrgba8888 */, (grub_uint32_t []) { 0xdd28f52b, 0x3efebeff, 0xf101dfe2, 0x3efebeff, 0x25fb64f8, 0xdd28f52b, 0xdd28f52b, 0x70c69ebd, 0x70c69ebd, 0x70c69ebd, 0x51fa6759, 0x51fa6759, 0x51fa6759, 0x2c42acd5, 0x2c42acd5, 0x2c42acd5, 0xdd28f52b, 0x25fb64f8, 0x25fb64f8, 0xdd28f52b, }, 20 }, +- { "gfxterm_ar", 2560, 1440, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 2560x1440xrgba8888 */, (grub_uint32_t []) { 0x43d1f34, 0x59a34c64, 0x281cca78, 0x59a34c64, 0xa61c57e4, 0x43d1f34, 0x43d1f34, 0x95131d4, 0x95131d4, 0x95131d4, 0x765b987c, 0x765b987c, 0x765b987c, 0xef0a9dfa, 0xef0a9dfa, 0xef0a9dfa, 0x43d1f34, 0xa61c57e4, 0xa61c57e4, 0x43d1f34, }, 20 }, +- { "gfxterm_cyr", 640, 480, 0x2, 16, 8, 1, 0, 0, 0, 0, 0, 0, 0, 0 /* 640x480xi16 */, (grub_uint32_t []) { 0x59c36f00, 0xa37c165, 0x72063383, 0xa37c165, 0x49c10c22, 0x59c36f00, 0x59c36f00, 0x4e53de8e, 0x4e53de8e, 0x4e53de8e, 0x30d3b3e8, 0x30d3b3e8, 0x30d3b3e8, 0x5225a63a, 0x5225a63a, 0x5225a63a, 0x59c36f00, 0x49c10c22, 0x49c10c22, 0x59c36f00, }, 20 }, +- { "gfxterm_cyr", 800, 600, 0x2, 16, 8, 1, 0, 0, 0, 0, 0, 0, 0, 0 /* 800x600xi16 */, (grub_uint32_t []) { 0xaa4593fe, 0x45bba0ba, 0xe60fd0b6, 0x45bba0ba, 0x6bbe25c5, 0xaa4593fe, 0xaa4593fe, 0x28de2b41, 0x28de2b41, 0x28de2b41, 0x8e2b2626, 0x8e2b2626, 0x8e2b2626, 0xa3138d5e, 0xa3138d5e, 0xa3138d5e, 0xaa4593fe, 0x6bbe25c5, 0x6bbe25c5, 0xaa4593fe, }, 20 }, +- { "gfxterm_cyr", 1024, 768, 0x2, 16, 8, 1, 0, 0, 0, 0, 0, 0, 0, 0 /* 1024x768xi16 */, (grub_uint32_t []) { 0xc9cbf769, 0xb43d4e9d, 0x16f88820, 0xb43d4e9d, 0xe92a2319, 0xc9cbf769, 0xc9cbf769, 0xb8959ec7, 0xb8959ec7, 0xb8959ec7, 0x464d5f0b, 0x464d5f0b, 0x464d5f0b, 0xaf07e003, 0xaf07e003, 0xaf07e003, 0xc9cbf769, 0xe92a2319, 0xe92a2319, 0xc9cbf769, }, 20 }, +- { "gfxterm_cyr", 640, 480, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 640x480xrgba8888 */, (grub_uint32_t []) { 0x9813a416, 0x46760365, 0x685ae30e, 0x46760365, 0xe8204abd, 0x9813a416, 0x9813a416, 0x8896050a, 0x8896050a, 0x8896050a, 0x194d8339, 0x194d8339, 0x194d8339, 0xf7bee9, 0xf7bee9, 0xf7bee9, 0x9813a416, 0xe8204abd, 0xe8204abd, 0x9813a416, }, 20 }, +- { "gfxterm_cyr", 800, 600, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 800x600xrgba8888 */, (grub_uint32_t []) { 0x5fcf013d, 0x6859aa86, 0xf3f11deb, 0x6859aa86, 0x1eff9f35, 0x5fcf013d, 0x5fcf013d, 0xd72b1482, 0xd72b1482, 0xd72b1482, 0x53b0cf4, 0x53b0cf4, 0x53b0cf4, 0x1348336b, 0x1348336b, 0x1348336b, 0x5fcf013d, 0x1eff9f35, 0x1eff9f35, 0x5fcf013d, }, 20 }, +- { "gfxterm_cyr", 1024, 768, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 1024x768xrgba8888 */, (grub_uint32_t []) { 0xdd28f52b, 0x688451e7, 0xf6936b72, 0x688451e7, 0x73818be0, 0xdd28f52b, 0xdd28f52b, 0xf12a65ac, 0xf12a65ac, 0xf12a65ac, 0xd0169c48, 0xd0169c48, 0xd0169c48, 0xadae57c4, 0xadae57c4, 0xadae57c4, 0xdd28f52b, 0x73818be0, 0x73818be0, 0xdd28f52b, }, 20 }, +- { "gfxterm_cyr", 2560, 1440, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 2560x1440xrgba8888 */, (grub_uint32_t []) { 0x43d1f34, 0x9616af94, 0xd466be40, 0x9616af94, 0x69a9b414, 0x43d1f34, 0x43d1f34, 0xf3bb3240, 0xf3bb3240, 0xf3bb3240, 0x8cb19be8, 0x8cb19be8, 0x8cb19be8, 0x15e09e6e, 0x15e09e6e, 0x15e09e6e, 0x43d1f34, 0x69a9b414, 0x69a9b414, 0x43d1f34, }, 20 }, +- { "gfxterm_heb", 640, 480, 0x2, 16, 8, 1, 0, 0, 0, 0, 0, 0, 0, 0 /* 640x480xi16 */, (grub_uint32_t []) { 0x59c36f00, 0x8708d1bd, 0x85dd5e9c, 0x8708d1bd, 0xc4fe1cfa, 0x59c36f00, 0x59c36f00, 0x7ae8aced, 0x7ae8aced, 0x7ae8aced, 0x468c18b, 0x468c18b, 0x468c18b, 0x669ed459, 0x669ed459, 0x669ed459, 0x59c36f00, 0xc4fe1cfa, 0xc4fe1cfa, 0x59c36f00, }, 20 }, +- { "gfxterm_heb", 800, 600, 0x2, 16, 8, 1, 0, 0, 0, 0, 0, 0, 0, 0 /* 800x600xi16 */, (grub_uint32_t []) { 0xaa4593fe, 0xa72b1043, 0x147d4ce0, 0xa72b1043, 0x892e953c, 0xaa4593fe, 0xaa4593fe, 0xb7b1dd40, 0xb7b1dd40, 0xb7b1dd40, 0x1144d027, 0x1144d027, 0x1144d027, 0x3c7c7b5f, 0x3c7c7b5f, 0x3c7c7b5f, 0xaa4593fe, 0x892e953c, 0x892e953c, 0xaa4593fe, }, 20 }, +- { "gfxterm_heb", 1024, 768, 0x2, 16, 8, 1, 0, 0, 0, 0, 0, 0, 0, 0 /* 1024x768xi16 */, (grub_uint32_t []) { 0xc9cbf769, 0xc5fb1817, 0x745fb26c, 0xc5fb1817, 0x98ec7593, 0xc9cbf769, 0xc9cbf769, 0xf5f17e2d, 0xf5f17e2d, 0xf5f17e2d, 0xb29bfe1, 0xb29bfe1, 0xb29bfe1, 0xe26300e9, 0xe26300e9, 0xe26300e9, 0xc9cbf769, 0x98ec7593, 0x98ec7593, 0xc9cbf769, }, 20 }, +- { "gfxterm_heb", 640, 480, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 640x480xrgba8888 */, (grub_uint32_t []) { 0x9813a416, 0x4be837e1, 0xbf4963ca, 0x4be837e1, 0xe5be7e39, 0x9813a416, 0x9813a416, 0xd886fca0, 0xd886fca0, 0xd886fca0, 0x495d7a93, 0x495d7a93, 0x495d7a93, 0x50e74743, 0x50e74743, 0x50e74743, 0x9813a416, 0xe5be7e39, 0xe5be7e39, 0x9813a416, }, 20 }, +- { "gfxterm_heb", 800, 600, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 800x600xrgba8888 */, (grub_uint32_t []) { 0x5fcf013d, 0x21a8ccb8, 0x17719be, 0x21a8ccb8, 0x570ef90b, 0x5fcf013d, 0x5fcf013d, 0x2a7b5333, 0x2a7b5333, 0x2a7b5333, 0xf86b4b45, 0xf86b4b45, 0xf86b4b45, 0xee1874da, 0xee1874da, 0xee1874da, 0x5fcf013d, 0x570ef90b, 0x570ef90b, 0x5fcf013d, }, 20 }, +- { "gfxterm_heb", 1024, 768, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 1024x768xrgba8888 */, (grub_uint32_t []) { 0xdd28f52b, 0x7001fe50, 0x4798153f, 0x7001fe50, 0x6b042457, 0xdd28f52b, 0xdd28f52b, 0x46489369, 0x46489369, 0x46489369, 0x67746a8d, 0x67746a8d, 0x67746a8d, 0x1acca101, 0x1acca101, 0x1acca101, 0xdd28f52b, 0x6b042457, 0x6b042457, 0xdd28f52b, }, 20 }, +- { "gfxterm_heb", 2560, 1440, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 2560x1440xrgba8888 */, (grub_uint32_t []) { 0x43d1f34, 0x6e10591c, 0x48bd926e, 0x6e10591c, 0x91af429c, 0x43d1f34, 0x43d1f34, 0x59cb829, 0x59cb829, 0x59cb829, 0x7a961181, 0x7a961181, 0x7a961181, 0xe3c71407, 0xe3c71407, 0xe3c71407, 0x43d1f34, 0x91af429c, 0x91af429c, 0x43d1f34, }, 20 }, +- { "gfxterm_gre", 640, 480, 0x2, 16, 8, 1, 0, 0, 0, 0, 0, 0, 0, 0 /* 640x480xi16 */, (grub_uint32_t []) { 0x59c36f00, 0x67627ed5, 0xdb276cef, 0x67627ed5, 0x2494b392, 0x59c36f00, 0x59c36f00, 0x43f511f3, 0x43f511f3, 0x43f511f3, 0x3d757c95, 0x3d757c95, 0x3d757c95, 0x5f836947, 0x5f836947, 0x5f836947, 0x59c36f00, 0x2494b392, 0x2494b392, 0x59c36f00, }, 20 }, +- { "gfxterm_gre", 800, 600, 0x2, 16, 8, 1, 0, 0, 0, 0, 0, 0, 0, 0 /* 800x600xi16 */, (grub_uint32_t []) { 0xaa4593fe, 0x987cbf71, 0x6e4c645c, 0x987cbf71, 0xb6793a0e, 0xaa4593fe, 0xaa4593fe, 0xb943d716, 0xb943d716, 0xb943d716, 0x1fb6da71, 0x1fb6da71, 0x1fb6da71, 0x328e7109, 0x328e7109, 0x328e7109, 0xaa4593fe, 0xb6793a0e, 0xb6793a0e, 0xaa4593fe, }, 20 }, +- { "gfxterm_gre", 1024, 768, 0x2, 16, 8, 1, 0, 0, 0, 0, 0, 0, 0, 0 /* 1024x768xi16 */, (grub_uint32_t []) { 0xc9cbf769, 0xf9987c07, 0x4a92eed9, 0xf9987c07, 0xa48f1183, 0xc9cbf769, 0xc9cbf769, 0x5eb3ddf4, 0x5eb3ddf4, 0x5eb3ddf4, 0xa06b1c38, 0xa06b1c38, 0xa06b1c38, 0x4921a330, 0x4921a330, 0x4921a330, 0xc9cbf769, 0xa48f1183, 0xa48f1183, 0xc9cbf769, }, 20 }, +- { "gfxterm_gre", 640, 480, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 640x480xrgba8888 */, (grub_uint32_t []) { 0x9813a416, 0xccd804e2, 0xb99e8d91, 0xccd804e2, 0x628e4d3a, 0x9813a416, 0x9813a416, 0x5aec5acc, 0x5aec5acc, 0x5aec5acc, 0xcb37dcff, 0xcb37dcff, 0xcb37dcff, 0xd28de12f, 0xd28de12f, 0xd28de12f, 0x9813a416, 0x628e4d3a, 0x628e4d3a, 0x9813a416, }, 20 }, +- { "gfxterm_gre", 800, 600, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 800x600xrgba8888 */, (grub_uint32_t []) { 0x5fcf013d, 0x4990d896, 0x2b3aa242, 0x4990d896, 0x3f36ed25, 0x5fcf013d, 0x5fcf013d, 0x3cc6048d, 0x3cc6048d, 0x3cc6048d, 0xeed61cfb, 0xeed61cfb, 0xeed61cfb, 0xf8a52364, 0xf8a52364, 0xf8a52364, 0x5fcf013d, 0x3f36ed25, 0x3f36ed25, 0x5fcf013d, }, 20 }, +- { "gfxterm_gre", 1024, 768, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 1024x768xrgba8888 */, (grub_uint32_t []) { 0xdd28f52b, 0x4ff5c69f, 0x66586489, 0x4ff5c69f, 0x54f01c98, 0xdd28f52b, 0xdd28f52b, 0xc3ff0bf5, 0xc3ff0bf5, 0xc3ff0bf5, 0xe2c3f211, 0xe2c3f211, 0xe2c3f211, 0x9f7b399d, 0x9f7b399d, 0x9f7b399d, 0xdd28f52b, 0x54f01c98, 0x54f01c98, 0xdd28f52b, }, 20 }, +- { "gfxterm_gre", 2560, 1440, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 2560x1440xrgba8888 */, (grub_uint32_t []) { 0x43d1f34, 0x909b7bb4, 0x2bb2a58c, 0x909b7bb4, 0x6f246034, 0x43d1f34, 0x43d1f34, 0x2df40751, 0x2df40751, 0x2df40751, 0x52feaef9, 0x52feaef9, 0x52feaef9, 0xcbafab7f, 0xcbafab7f, 0xcbafab7f, 0x43d1f34, 0x6f246034, 0x6f246034, 0x43d1f34, }, 20 }, +- { "gfxterm_ru", 640, 480, 0x2, 16, 8, 1, 0, 0, 0, 0, 0, 0, 0, 0 /* 640x480xi16 */, (grub_uint32_t []) { 0x59c36f00, 0xc77bfcc6, 0xffcdf45d, 0xc77bfcc6, 0x848d3181, 0x59c36f00, 0x59c36f00, 0xd79cd5e, 0xd79cd5e, 0xd79cd5e, 0x73f9a038, 0x73f9a038, 0x73f9a038, 0x110fb5ea, 0x110fb5ea, 0x110fb5ea, 0x59c36f00, 0x848d3181, 0x848d3181, 0x59c36f00, }, 20 }, +- { "gfxterm_ru", 800, 600, 0x2, 16, 8, 1, 0, 0, 0, 0, 0, 0, 0, 0 /* 800x600xi16 */, (grub_uint32_t []) { 0xaa4593fe, 0xd5494aa5, 0xa0924ec, 0xd5494aa5, 0xfb4ccfda, 0xaa4593fe, 0xaa4593fe, 0x8692c636, 0x8692c636, 0x8692c636, 0x2067cb51, 0x2067cb51, 0x2067cb51, 0xd5f6029, 0xd5f6029, 0xd5f6029, 0xaa4593fe, 0xfb4ccfda, 0xfb4ccfda, 0xaa4593fe, }, 20 }, +- { "gfxterm_ru", 1024, 768, 0x2, 16, 8, 1, 0, 0, 0, 0, 0, 0, 0, 0 /* 1024x768xi16 */, (grub_uint32_t []) { 0xc9cbf769, 0x2436c4f, 0x2cde4e0c, 0x2436c4f, 0x5f5401cb, 0xc9cbf769, 0xc9cbf769, 0x558f50ae, 0x558f50ae, 0x558f50ae, 0xab579162, 0xab579162, 0xab579162, 0x421d2e6a, 0x421d2e6a, 0x421d2e6a, 0xc9cbf769, 0x5f5401cb, 0x5f5401cb, 0xc9cbf769, }, 20 }, +- { "gfxterm_ru", 640, 480, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 640x480xrgba8888 */, (grub_uint32_t []) { 0x9813a416, 0x86f8a68c, 0xf4116451, 0x86f8a68c, 0x28aeef54, 0x9813a416, 0x9813a416, 0x7befbe43, 0x7befbe43, 0x7befbe43, 0xea343870, 0xea343870, 0xea343870, 0xf38e05a0, 0xf38e05a0, 0xf38e05a0, 0x9813a416, 0x28aeef54, 0x28aeef54, 0x9813a416, }, 20 }, +- { "gfxterm_ru", 800, 600, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 800x600xrgba8888 */, (grub_uint32_t []) { 0x5fcf013d, 0x156c292f, 0x3c8eb473, 0x156c292f, 0x63ca1c9c, 0x5fcf013d, 0x5fcf013d, 0x895ea16b, 0x895ea16b, 0x895ea16b, 0x5b4eb91d, 0x5b4eb91d, 0x5b4eb91d, 0x4d3d8682, 0x4d3d8682, 0x4d3d8682, 0x5fcf013d, 0x63ca1c9c, 0x63ca1c9c, 0x5fcf013d, }, 20 }, +- { "gfxterm_ru", 1024, 768, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 1024x768xrgba8888 */, (grub_uint32_t []) { 0xdd28f52b, 0xf57ebf12, 0x798b299b, 0xf57ebf12, 0xee7b6515, 0xdd28f52b, 0xdd28f52b, 0x22563fc6, 0x22563fc6, 0x22563fc6, 0x36ac622, 0x36ac622, 0x36ac622, 0x7ed20dae, 0x7ed20dae, 0x7ed20dae, 0xdd28f52b, 0xee7b6515, 0xee7b6515, 0xdd28f52b, }, 20 }, +- { "gfxterm_ru", 2560, 1440, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 2560x1440xrgba8888 */, (grub_uint32_t []) { 0x43d1f34, 0x2bc82eb1, 0x94064cc8, 0x2bc82eb1, 0xd4773531, 0x43d1f34, 0x43d1f34, 0x44cbf2f0, 0x44cbf2f0, 0x44cbf2f0, 0x3bc15b58, 0x3bc15b58, 0x3bc15b58, 0xa2905ede, 0xa2905ede, 0xa2905ede, 0x43d1f34, 0xd4773531, 0xd4773531, 0x43d1f34, }, 20 }, +- { "gfxterm_fr", 640, 480, 0x2, 16, 8, 1, 0, 0, 0, 0, 0, 0, 0, 0 /* 640x480xi16 */, (grub_uint32_t []) { 0x59c36f00, 0x7f6dd146, 0x548af474, 0x7f6dd146, 0x3c9b1c01, 0x59c36f00, 0x59c36f00, 0x7d913e8d, 0x7d913e8d, 0x7d913e8d, 0x31153eb, 0x31153eb, 0x31153eb, 0x61e74639, 0x61e74639, 0x61e74639, 0x59c36f00, 0x3c9b1c01, 0x3c9b1c01, 0x59c36f00, }, 20 }, +- { "gfxterm_fr", 800, 600, 0x2, 16, 8, 1, 0, 0, 0, 0, 0, 0, 0, 0 /* 800x600xi16 */, (grub_uint32_t []) { 0xaa4593fe, 0xf29ad079, 0x50d47c0, 0xf29ad079, 0xdc9f5506, 0xaa4593fe, 0xaa4593fe, 0x6bcf4c90, 0x6bcf4c90, 0x6bcf4c90, 0xcd3a41f7, 0xcd3a41f7, 0xcd3a41f7, 0xe002ea8f, 0xe002ea8f, 0xe002ea8f, 0xaa4593fe, 0xdc9f5506, 0xdc9f5506, 0xaa4593fe, }, 20 }, +- { "gfxterm_fr", 1024, 768, 0x2, 16, 8, 1, 0, 0, 0, 0, 0, 0, 0, 0 /* 1024x768xi16 */, (grub_uint32_t []) { 0xc9cbf769, 0xb25e3082, 0x2ed845dd, 0xb25e3082, 0xef495d06, 0xc9cbf769, 0xc9cbf769, 0xd5322575, 0xd5322575, 0xd5322575, 0x2beae4b9, 0x2beae4b9, 0x2beae4b9, 0xc2a05bb1, 0xc2a05bb1, 0xc2a05bb1, 0xc9cbf769, 0xef495d06, 0xef495d06, 0xc9cbf769, }, 20 }, +- { "gfxterm_fr", 640, 480, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 640x480xrgba8888 */, (grub_uint32_t []) { 0x9813a416, 0x4cdfcd2e, 0x8bf091f, 0x4cdfcd2e, 0xe28984f6, 0x9813a416, 0x9813a416, 0x8217f630, 0x8217f630, 0x8217f630, 0x13cc7003, 0x13cc7003, 0x13cc7003, 0xa764dd3, 0xa764dd3, 0xa764dd3, 0x9813a416, 0xe28984f6, 0xe28984f6, 0x9813a416, }, 20 }, +- { "gfxterm_fr", 800, 600, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 800x600xrgba8888 */, (grub_uint32_t []) { 0x5fcf013d, 0xf2b49f88, 0x2eff252d, 0xf2b49f88, 0x8412aa3b, 0x5fcf013d, 0x5fcf013d, 0x5d3b9fe7, 0x5d3b9fe7, 0x5d3b9fe7, 0x8f2b8791, 0x8f2b8791, 0x8f2b8791, 0x9958b80e, 0x9958b80e, 0x9958b80e, 0x5fcf013d, 0x8412aa3b, 0x8412aa3b, 0x5fcf013d, }, 20 }, +- { "gfxterm_fr", 1024, 768, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 1024x768xrgba8888 */, (grub_uint32_t []) { 0xdd28f52b, 0x786673be, 0x536f1359, 0x786673be, 0x6363a9b9, 0xdd28f52b, 0xdd28f52b, 0x38653b12, 0x38653b12, 0x38653b12, 0x1959c2f6, 0x1959c2f6, 0x1959c2f6, 0x64e1097a, 0x64e1097a, 0x64e1097a, 0xdd28f52b, 0x6363a9b9, 0x6363a9b9, 0xdd28f52b, }, 20 }, +- { "gfxterm_fr", 2560, 1440, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 2560x1440xrgba8888 */, (grub_uint32_t []) { 0x43d1f34, 0xac4a1127, 0x699c2ad8, 0xac4a1127, 0x53f50aa7, 0x43d1f34, 0x43d1f34, 0xfa47dfba, 0xfa47dfba, 0xfa47dfba, 0x854d7612, 0x854d7612, 0x854d7612, 0x1c1c7394, 0x1c1c7394, 0x1c1c7394, 0x43d1f34, 0x53f50aa7, 0x53f50aa7, 0x43d1f34, }, 20 }, +- { "gfxterm_quot", 640, 480, 0x2, 16, 8, 1, 0, 0, 0, 0, 0, 0, 0, 0 /* 640x480xi16 */, (grub_uint32_t []) { 0x59c36f00, 0xbc5f6633, 0xda908ab0, 0xbc5f6633, 0xffa9ab74, 0x59c36f00, 0x59c36f00, 0x3ad73295, 0x3ad73295, 0x3ad73295, 0x44575ff3, 0x44575ff3, 0x44575ff3, 0x26a14a21, 0x26a14a21, 0x26a14a21, 0x59c36f00, 0xffa9ab74, 0xffa9ab74, 0x59c36f00, }, 20 }, +- { "gfxterm_quot", 800, 600, 0x2, 16, 8, 1, 0, 0, 0, 0, 0, 0, 0, 0 /* 800x600xi16 */, (grub_uint32_t []) { 0xaa4593fe, 0xad820d6b, 0x9a88ad3, 0xad820d6b, 0x83878814, 0xaa4593fe, 0xaa4593fe, 0xbec19c1b, 0xbec19c1b, 0xbec19c1b, 0x1834917c, 0x1834917c, 0x1834917c, 0x350c3a04, 0x350c3a04, 0x350c3a04, 0xaa4593fe, 0x83878814, 0x83878814, 0xaa4593fe, }, 20 }, +- { "gfxterm_quot", 1024, 768, 0x2, 16, 8, 1, 0, 0, 0, 0, 0, 0, 0, 0 /* 1024x768xi16 */, (grub_uint32_t []) { 0xc9cbf769, 0xe5774112, 0x5ffb1eca, 0xe5774112, 0xb8602c96, 0xc9cbf769, 0xc9cbf769, 0xe4861949, 0xe4861949, 0xe4861949, 0x1a5ed885, 0x1a5ed885, 0x1a5ed885, 0xf314678d, 0xf314678d, 0xf314678d, 0xc9cbf769, 0xb8602c96, 0xb8602c96, 0xc9cbf769, }, 20 }, +- { "gfxterm_quot", 640, 480, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 640x480xrgba8888 */, (grub_uint32_t []) { 0x9813a416, 0x6af1a2bc, 0xd951ab8b, 0x6af1a2bc, 0xc4a7eb64, 0x9813a416, 0x9813a416, 0xb5e8801c, 0xb5e8801c, 0xb5e8801c, 0x2433062f, 0x2433062f, 0x2433062f, 0x3d893bff, 0x3d893bff, 0x3d893bff, 0x9813a416, 0xc4a7eb64, 0xc4a7eb64, 0x9813a416, }, 20 }, +- { "gfxterm_quot", 800, 600, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 800x600xrgba8888 */, (grub_uint32_t []) { 0x5fcf013d, 0xc6baa18, 0x1c9db179, 0xc6baa18, 0x7acd9fab, 0x5fcf013d, 0x5fcf013d, 0x819b5c4e, 0x819b5c4e, 0x819b5c4e, 0x538b4438, 0x538b4438, 0x538b4438, 0x45f87ba7, 0x45f87ba7, 0x45f87ba7, 0x5fcf013d, 0x7acd9fab, 0x7acd9fab, 0x5fcf013d, }, 20 }, +- { "gfxterm_quot", 1024, 768, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 1024x768xrgba8888 */, (grub_uint32_t []) { 0xdd28f52b, 0xe424a6ab, 0xb05c0275, 0xe424a6ab, 0xff217cac, 0xdd28f52b, 0xdd28f52b, 0xcd83646c, 0xcd83646c, 0xcd83646c, 0xecbf9d88, 0xecbf9d88, 0xecbf9d88, 0x91075604, 0x91075604, 0x91075604, 0xdd28f52b, 0xff217cac, 0xff217cac, 0xdd28f52b, }, 20 }, +- { "gfxterm_quot", 2560, 1440, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 2560x1440xrgba8888 */, (grub_uint32_t []) { 0x43d1f34, 0x4a7dff41, 0xe1ec28fc, 0x4a7dff41, 0xb5c2e4c1, 0x43d1f34, 0x43d1f34, 0xb200c08a, 0xb200c08a, 0xb200c08a, 0xcd0a6922, 0xcd0a6922, 0xcd0a6922, 0x545b6ca4, 0x545b6ca4, 0x545b6ca4, 0x43d1f34, 0xb5c2e4c1, 0xb5c2e4c1, 0x43d1f34, }, 20 }, +- { "gfxterm_piglatin", 640, 480, 0x2, 16, 8, 1, 0, 0, 0, 0, 0, 0, 0, 0 /* 640x480xi16 */, (grub_uint32_t []) { 0x59c36f00, 0xd3d3e4a2, 0x9c635046, 0xd3d3e4a2, 0x902529e5, 0x59c36f00, 0x59c36f00, 0x85e713, 0x85e713, 0x85e713, 0x7e058a75, 0x7e058a75, 0x7e058a75, 0x1cf39fa7, 0x1cf39fa7, 0x1cf39fa7, 0x59c36f00, 0x902529e5, 0x902529e5, 0x59c36f00, }, 20 }, +- { "gfxterm_piglatin", 800, 600, 0x2, 16, 8, 1, 0, 0, 0, 0, 0, 0, 0, 0 /* 800x600xi16 */, (grub_uint32_t []) { 0xaa4593fe, 0xd61c80f5, 0xdf78b496, 0xd61c80f5, 0xf819058a, 0xaa4593fe, 0xaa4593fe, 0xefc0f7e7, 0xefc0f7e7, 0xefc0f7e7, 0x4935fa80, 0x4935fa80, 0x4935fa80, 0x640d51f8, 0x640d51f8, 0x640d51f8, 0xaa4593fe, 0xf819058a, 0xf819058a, 0xaa4593fe, }, 20 }, +- { "gfxterm_piglatin", 1024, 768, 0x2, 16, 8, 1, 0, 0, 0, 0, 0, 0, 0, 0 /* 1024x768xi16 */, (grub_uint32_t []) { 0xc9cbf769, 0x936bc89d, 0x523a3e80, 0x936bc89d, 0xce7ca519, 0xc9cbf769, 0xc9cbf769, 0xaa99ffb1, 0xaa99ffb1, 0xaa99ffb1, 0x54413e7d, 0x54413e7d, 0x54413e7d, 0xbd0b8175, 0xbd0b8175, 0xbd0b8175, 0xc9cbf769, 0xce7ca519, 0xce7ca519, 0xc9cbf769, }, 20 }, +- { "gfxterm_piglatin", 640, 480, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 640x480xrgba8888 */, (grub_uint32_t []) { 0x9813a416, 0x4fdd0291, 0x133fa83d, 0x4fdd0291, 0xe18b4b49, 0x9813a416, 0x9813a416, 0x74c38e90, 0x74c38e90, 0x74c38e90, 0xe51808a3, 0xe51808a3, 0xe51808a3, 0xfca23573, 0xfca23573, 0xfca23573, 0x9813a416, 0xe18b4b49, 0xe18b4b49, 0x9813a416, }, 20 }, +- { "gfxterm_piglatin", 800, 600, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 800x600xrgba8888 */, (grub_uint32_t []) { 0x5fcf013d, 0x538203b0, 0x2a92e789, 0x538203b0, 0x25243603, 0x5fcf013d, 0x5fcf013d, 0x5e4d3dd8, 0x5e4d3dd8, 0x5e4d3dd8, 0x8c5d25ae, 0x8c5d25ae, 0x8c5d25ae, 0x9a2e1a31, 0x9a2e1a31, 0x9a2e1a31, 0x5fcf013d, 0x25243603, 0x25243603, 0x5fcf013d, }, 20 }, +- { "gfxterm_piglatin", 1024, 768, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 1024x768xrgba8888 */, (grub_uint32_t []) { 0xdd28f52b, 0xcfc85125, 0xa5b0e11b, 0xcfc85125, 0xd4cd8b22, 0xdd28f52b, 0xdd28f52b, 0x1af8cddc, 0x1af8cddc, 0x1af8cddc, 0x3bc43438, 0x3bc43438, 0x3bc43438, 0x467cffb4, 0x467cffb4, 0x467cffb4, 0xdd28f52b, 0xd4cd8b22, 0xd4cd8b22, 0xdd28f52b, }, 20 }, +- { "gfxterm_piglatin", 2560, 1440, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 2560x1440xrgba8888 */, (grub_uint32_t []) { 0x43d1f34, 0xf2469ffb, 0x1d0c1d2, 0xf2469ffb, 0xdf9847b, 0x43d1f34, 0x43d1f34, 0xa2837c7a, 0xa2837c7a, 0xa2837c7a, 0xdd89d5d2, 0xdd89d5d2, 0xdd89d5d2, 0x44d8d054, 0x44d8d054, 0x44d8d054, 0x43d1f34, 0xdf9847b, 0xdf9847b, 0x43d1f34, }, 20 }, +- { "gfxterm_ch", 640, 480, 0x2, 16, 8, 1, 0, 0, 0, 0, 0, 0, 0, 0 /* 640x480xi16 */, (grub_uint32_t []) { 0x59c36f00, 0x27851cc1, 0x15f731b5, 0x27851cc1, 0x6473d186, 0x59c36f00, 0x59c36f00, 0x125bcddf, 0x125bcddf, 0x125bcddf, 0x6cdba0b9, 0x6cdba0b9, 0x6cdba0b9, 0xe2db56b, 0xe2db56b, 0xe2db56b, 0x59c36f00, 0x6473d186, 0x6473d186, 0x59c36f00, }, 20 }, +- { "gfxterm_ch", 800, 600, 0x2, 16, 8, 1, 0, 0, 0, 0, 0, 0, 0, 0 /* 800x600xi16 */, (grub_uint32_t []) { 0xaa4593fe, 0xfcb223c, 0x2c2e18b9, 0xfcb223c, 0x21cea743, 0xaa4593fe, 0xaa4593fe, 0xd700be1a, 0xd700be1a, 0xd700be1a, 0x71f5b37d, 0x71f5b37d, 0x71f5b37d, 0x5ccd1805, 0x5ccd1805, 0x5ccd1805, 0xaa4593fe, 0x21cea743, 0x21cea743, 0xaa4593fe, }, 20 }, +- { "gfxterm_ch", 1024, 768, 0x2, 16, 8, 1, 0, 0, 0, 0, 0, 0, 0, 0 /* 1024x768xi16 */, (grub_uint32_t []) { 0xc9cbf769, 0x807efaa5, 0xb673036a, 0x807efaa5, 0xdd699721, 0xc9cbf769, 0xc9cbf769, 0xdca3ed4b, 0xdca3ed4b, 0xdca3ed4b, 0x227b2c87, 0x227b2c87, 0x227b2c87, 0xcb31938f, 0xcb31938f, 0xcb31938f, 0xc9cbf769, 0xdd699721, 0xdd699721, 0xc9cbf769, }, 20 }, +- { "gfxterm_ch", 640, 480, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 640x480xrgba8888 */, (grub_uint32_t []) { 0x9813a416, 0x651d0d50, 0xf0dc38fc, 0x651d0d50, 0xcb4b4488, 0x9813a416, 0x9813a416, 0x80d03ee8, 0x80d03ee8, 0x80d03ee8, 0x110bb8db, 0x110bb8db, 0x110bb8db, 0x8b1850b, 0x8b1850b, 0x8b1850b, 0x9813a416, 0xcb4b4488, 0xcb4b4488, 0x9813a416, }, 20 }, +- { "gfxterm_ch", 800, 600, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 800x600xrgba8888 */, (grub_uint32_t []) { 0x5fcf013d, 0xb9b068f, 0xdc68ac3c, 0xb9b068f, 0x7d3d333c, 0x5fcf013d, 0x5fcf013d, 0xa1f0a6e4, 0xa1f0a6e4, 0xa1f0a6e4, 0x73e0be92, 0x73e0be92, 0x73e0be92, 0x6593810d, 0x6593810d, 0x6593810d, 0x5fcf013d, 0x7d3d333c, 0x7d3d333c, 0x5fcf013d, }, 20 }, +- { "gfxterm_ch", 1024, 768, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 1024x768xrgba8888 */, (grub_uint32_t []) { 0xdd28f52b, 0xf0789d7e, 0x6f2f2b61, 0xf0789d7e, 0xeb7d4779, 0xdd28f52b, 0xdd28f52b, 0xb995630, 0xb995630, 0xb995630, 0x2aa5afd4, 0x2aa5afd4, 0x2aa5afd4, 0x571d6458, 0x571d6458, 0x571d6458, 0xdd28f52b, 0xeb7d4779, 0xeb7d4779, 0xdd28f52b, }, 20 }, +- { "gfxterm_ch", 2560, 1440, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 2560x1440xrgba8888 */, (grub_uint32_t []) { 0x43d1f34, 0x819821ff, 0xdd19128c, 0x819821ff, 0x7e273a7f, 0x43d1f34, 0x43d1f34, 0xf35981d3, 0xf35981d3, 0xf35981d3, 0x8c53287b, 0x8c53287b, 0x8c53287b, 0x15022dfd, 0x15022dfd, 0x15022dfd, 0x43d1f34, 0x7e273a7f, 0x7e273a7f, 0x43d1f34, }, 20 }, +- { "gfxterm_red", 640, 480, 0x2, 16, 8, 1, 0, 0, 0, 0, 0, 0, 0, 0 /* 640x480xi16 */, (grub_uint32_t []) { 0x59c36f00, 0xa99604d1, 0xcf59e852, 0xa99604d1, 0xfebbba0f, 0x59c36f00, 0x59c36f00, 0x53767ce3, 0x53767ce3, 0x53767ce3, 0x2df61185, 0x2df61185, 0x2df61185, 0x4f000457, 0x4f000457, 0x4f000457, 0x59c36f00, 0xfebbba0f, 0xfebbba0f, 0x59c36f00, }, 20 }, +- { "gfxterm_red", 800, 600, 0x2, 16, 8, 1, 0, 0, 0, 0, 0, 0, 0, 0 /* 800x600xi16 */, (grub_uint32_t []) { 0xaa4593fe, 0x7d0a218, 0xa3fa25a0, 0x7d0a218, 0xb777784e, 0xaa4593fe, 0xaa4593fe, 0x35db26e1, 0x35db26e1, 0x35db26e1, 0x932e2b86, 0x932e2b86, 0x932e2b86, 0xbe1680fe, 0xbe1680fe, 0xbe1680fe, 0xaa4593fe, 0xb777784e, 0xb777784e, 0xaa4593fe, }, 20 }, +- { "gfxterm_red", 1024, 768, 0x2, 16, 8, 1, 0, 0, 0, 0, 0, 0, 0, 0 /* 1024x768xi16 */, (grub_uint32_t []) { 0xc9cbf769, 0x63be90f4, 0xd932cf2c, 0x63be90f4, 0x739b8e5a, 0xc9cbf769, 0xc9cbf769, 0x70a00efe, 0x70a00efe, 0x70a00efe, 0x8e78cf32, 0x8e78cf32, 0x8e78cf32, 0x6732703a, 0x6732703a, 0x6732703a, 0xc9cbf769, 0x739b8e5a, 0x739b8e5a, 0xc9cbf769, }, 20 }, +- { "gfxterm_red", 640, 480, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 640x480xrgba8888 */, (grub_uint32_t []) { 0x9813a416, 0x53460c90, 0xe0e605a7, 0x53460c90, 0x6337f0bf, 0x9813a416, 0x9813a416, 0x4161864c, 0x4161864c, 0x4161864c, 0xd0ba007f, 0xd0ba007f, 0xd0ba007f, 0xc9003daf, 0xc9003daf, 0xc9003daf, 0x9813a416, 0x6337f0bf, 0x6337f0bf, 0x9813a416, }, 20 }, +- { "gfxterm_red", 800, 600, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 800x600xrgba8888 */, (grub_uint32_t []) { 0x5fcf013d, 0xf54761a0, 0xe5b17ac1, 0xf54761a0, 0x5b408e55, 0x5fcf013d, 0x5fcf013d, 0x580fda0e, 0x580fda0e, 0x580fda0e, 0x8a1fc278, 0x8a1fc278, 0x8a1fc278, 0x9c6cfde7, 0x9c6cfde7, 0x9c6cfde7, 0x5fcf013d, 0x5b408e55, 0x5b408e55, 0x5fcf013d, }, 20 }, +- { "gfxterm_red", 1024, 768, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 1024x768xrgba8888 */, (grub_uint32_t []) { 0xdd28f52b, 0xec78b0c1, 0xb800141f, 0xec78b0c1, 0x621c7b1b, 0xdd28f52b, 0xdd28f52b, 0x8f60179, 0x8f60179, 0x8f60179, 0x29caf89d, 0x29caf89d, 0x29caf89d, 0x54723311, 0x54723311, 0x54723311, 0xdd28f52b, 0x621c7b1b, 0x621c7b1b, 0xdd28f52b, }, 20 }, +- { "gfxterm_red", 2560, 1440, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 2560x1440xrgba8888 */, (grub_uint32_t []) { 0x43d1f34, 0xf209411b, 0x599896a6, 0xf209411b, 0x6551c7bb, 0x43d1f34, 0x43d1f34, 0x5ac6bb4a, 0x5ac6bb4a, 0x5ac6bb4a, 0x25cc12e2, 0x25cc12e2, 0x25cc12e2, 0xbc9d1764, 0xbc9d1764, 0xbc9d1764, 0x43d1f34, 0x6551c7bb, 0x6551c7bb, 0x43d1f34, }, 20 }, +- { "gfxterm_high", 640, 480, 0x2, 16, 8, 1, 0, 0, 0, 0, 0, 0, 0, 0 /* 640x480xi16 */, (grub_uint32_t []) { 0x59c36f00, 0x93b4fcd8, 0xf57b105b, 0x93b4fcd8, 0x2bfe5312, 0x59c36f00, 0x59c36f00, 0x3ad73295, 0x3ad73295, 0x3ad73295, 0x44575ff3, 0x44575ff3, 0x44575ff3, 0x26a14a21, 0x26a14a21, 0x26a14a21, 0x59c36f00, 0x2bfe5312, 0x2bfe5312, 0x59c36f00, }, 20 }, +- { "gfxterm_high", 800, 600, 0x2, 16, 8, 1, 0, 0, 0, 0, 0, 0, 0, 0 /* 800x600xi16 */, (grub_uint32_t []) { 0xaa4593fe, 0x656c9044, 0xc14617fc, 0x656c9044, 0xa6ea58cb, 0xaa4593fe, 0xaa4593fe, 0xbec19c1b, 0xbec19c1b, 0xbec19c1b, 0x1834917c, 0x1834917c, 0x1834917c, 0x350c3a04, 0x350c3a04, 0x350c3a04, 0xaa4593fe, 0xa6ea58cb, 0xa6ea58cb, 0xaa4593fe, }, 20 }, +- { "gfxterm_high", 1024, 768, 0x2, 16, 8, 1, 0, 0, 0, 0, 0, 0, 0, 0 /* 1024x768xi16 */, (grub_uint32_t []) { 0xc9cbf769, 0xa11479ed, 0x1b982635, 0xa11479ed, 0xe37185d0, 0xc9cbf769, 0xc9cbf769, 0xe4861949, 0xe4861949, 0xe4861949, 0x1a5ed885, 0x1a5ed885, 0x1a5ed885, 0xf314678d, 0xf314678d, 0xf314678d, 0xc9cbf769, 0xe37185d0, 0xe37185d0, 0xc9cbf769, }, 20 }, +- { "gfxterm_high", 640, 480, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 640x480xrgba8888 */, (grub_uint32_t []) { 0x9813a416, 0x244770a7, 0x97e77990, 0x244770a7, 0x6a54d2ee, 0x9813a416, 0x9813a416, 0xb5e8801c, 0xb5e8801c, 0xb5e8801c, 0x2433062f, 0x2433062f, 0x2433062f, 0x3d893bff, 0x3d893bff, 0x3d893bff, 0x9813a416, 0x6a54d2ee, 0x6a54d2ee, 0x9813a416, }, 20 }, +- { "gfxterm_high", 800, 600, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 800x600xrgba8888 */, (grub_uint32_t []) { 0x5fcf013d, 0x8ca34476, 0x9c555f17, 0x8ca34476, 0x1fc54b41, 0x5fcf013d, 0x5fcf013d, 0x819b5c4e, 0x819b5c4e, 0x819b5c4e, 0x538b4438, 0x538b4438, 0x538b4438, 0x45f87ba7, 0x45f87ba7, 0x45f87ba7, 0x5fcf013d, 0x1fc54b41, 0x1fc54b41, 0x5fcf013d, }, 20 }, +- { "gfxterm_high", 1024, 768, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 1024x768xrgba8888 */, (grub_uint32_t []) { 0xdd28f52b, 0xf19f6af8, 0xa5e7ce26, 0xf19f6af8, 0x1619aea6, 0xdd28f52b, 0xdd28f52b, 0xcd83646c, 0xcd83646c, 0xcd83646c, 0xecbf9d88, 0xecbf9d88, 0xecbf9d88, 0x91075604, 0x91075604, 0x91075604, 0xdd28f52b, 0x1619aea6, 0x1619aea6, 0xdd28f52b, }, 20 }, +- { "gfxterm_high", 2560, 1440, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 2560x1440xrgba8888 */, (grub_uint32_t []) { 0x43d1f34, 0x5f75414f, 0xf4e496f2, 0x5f75414f, 0x27fd1fe0, 0x43d1f34, 0x43d1f34, 0xb200c08a, 0xb200c08a, 0xb200c08a, 0xcd0a6922, 0xcd0a6922, 0xcd0a6922, 0x545b6ca4, 0x545b6ca4, 0x545b6ca4, 0x43d1f34, 0x27fd1fe0, 0x27fd1fe0, 0x43d1f34, }, 20 }, +- { "videotest", 640, 480, 0x2, 16, 8, 1, 0, 0, 0, 0, 0, 0, 0, 0 /* 640x480xi16 */, (grub_uint32_t []) { 0x1368a483, 0x1368a483, 0x1368a483, 0x1368a483, 0x1368a483, }, 5 }, +- { "videotest", 800, 600, 0x2, 16, 8, 1, 0, 0, 0, 0, 0, 0, 0, 0 /* 800x600xi16 */, (grub_uint32_t []) { 0x7033079c, 0x7033079c, 0x7033079c, 0x7033079c, 0x7033079c, }, 5 }, +- { "videotest", 1024, 768, 0x2, 16, 8, 1, 0, 0, 0, 0, 0, 0, 0, 0 /* 1024x768xi16 */, (grub_uint32_t []) { 0xff583fbf, 0xff583fbf, 0xff583fbf, 0xff583fbf, 0xff583fbf, }, 5 }, +- { "videotest", 640, 480, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 640x480xrgba8888 */, (grub_uint32_t []) { 0x4c2cef83, 0x1b215a88, 0xe2378595, 0xb53a309e, 0x15f64d5e, }, 5 }, +- { "videotest", 800, 600, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 800x600xrgba8888 */, (grub_uint32_t []) { 0x758f388c, 0xd4442397, 0x33f5784b, 0x923e6350, 0xf97bb902, }, 5 }, +- { "videotest", 1024, 768, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 1024x768xrgba8888 */, (grub_uint32_t []) { 0xb9f6f52a, 0x4e24e8b7, 0x53beb8e1, 0xa46ca57c, 0x688a184d, }, 5 }, +- { "videotest", 2560, 1440, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 2560x1440xrgba8888 */, (grub_uint32_t []) { 0x5bd98ce3, 0x15df7962, 0xc7d467e1, 0x89d29260, 0x662e2c16, }, 5 }, +- { "videotest", 640, 480, 0x2, 256, 8, 1, 0, 0, 0, 0, 0, 0, 0, 0 /* 640x480xi256 */, (grub_uint32_t []) { 0xf9847b65, 0xf9847b65, 0xf9847b65, 0xf9847b65, 0xf9847b65, }, 5 }, +- { "videotest", 800, 600, 0x2, 256, 8, 1, 0, 0, 0, 0, 0, 0, 0, 0 /* 800x600xi256 */, (grub_uint32_t []) { 0xc421716d, 0xc421716d, 0xc421716d, 0xc421716d, 0xc421716d, }, 5 }, +- { "videotest", 1024, 768, 0x2, 256, 8, 1, 0, 0, 0, 0, 0, 0, 0, 0 /* 1024x768xi256 */, (grub_uint32_t []) { 0x5d46f2a8, 0x5d46f2a8, 0x5d46f2a8, 0x5d46f2a8, 0x5d46f2a8, }, 5 }, +- { "videotest", 640, 480, 0x1, 256, 15, 2, 10, 5, 5, 5, 0, 5, 0, 0 /* 640x480xrgba5550 */, (grub_uint32_t []) { 0x25690db2, 0x25690db2, 0x25690db2, 0x25690db2, 0x25690db2, }, 5 }, +- { "videotest", 800, 600, 0x1, 256, 15, 2, 10, 5, 5, 5, 0, 5, 0, 0 /* 800x600xrgba5550 */, (grub_uint32_t []) { 0x7333f220, 0x7333f220, 0x7333f220, 0x7333f220, 0x7333f220, }, 5 }, +- { "videotest", 1024, 768, 0x1, 256, 15, 2, 10, 5, 5, 5, 0, 5, 0, 0 /* 1024x768xrgba5550 */, (grub_uint32_t []) { 0xac52d537, 0xac52d537, 0xac52d537, 0xac52d537, 0xac52d537, }, 5 }, +- { "videotest", 640, 480, 0x1, 256, 16, 2, 11, 5, 5, 6, 0, 5, 0, 0 /* 640x480xrgba5650 */, (grub_uint32_t []) { 0xd4cbcd66, 0xd4cbcd66, 0xd4cbcd66, 0xd4cbcd66, 0xd4cbcd66, }, 5 }, +- { "videotest", 800, 600, 0x1, 256, 16, 2, 11, 5, 5, 6, 0, 5, 0, 0 /* 800x600xrgba5650 */, (grub_uint32_t []) { 0x9d23f9d1, 0x9d23f9d1, 0x9d23f9d1, 0x9d23f9d1, 0x9d23f9d1, }, 5 }, +- { "videotest", 1024, 768, 0x1, 256, 16, 2, 11, 5, 5, 6, 0, 5, 0, 0 /* 1024x768xrgba5650 */, (grub_uint32_t []) { 0x89acbf88, 0x89acbf88, 0x89acbf88, 0x89acbf88, 0x89acbf88, }, 5 }, +- { "videotest", 640, 480, 0x1, 256, 24, 3, 16, 8, 8, 8, 0, 8, 0, 0 /* 640x480xrgba8880 */, (grub_uint32_t []) { 0x335fadcb, 0x1f517b5c, 0x6b4200e5, 0x474cd672, 0x8364f797, }, 5 }, +- { "videotest", 800, 600, 0x1, 256, 24, 3, 16, 8, 8, 8, 0, 8, 0, 0 /* 800x600xrgba8880 */, (grub_uint32_t []) { 0xcf9985f8, 0x1d92c7fc, 0x6e637701, 0xbc683505, 0x898016fb, }, 5 }, +- { "videotest", 1024, 768, 0x1, 256, 24, 3, 16, 8, 8, 8, 0, 8, 0, 0 /* 1024x768xrgba8880 */, (grub_uint32_t []) { 0xdb824190, 0x378d05dc, 0x670bff9, 0xea7ffbb5, 0x658bcbb3, }, 5 }, +- { "videotest", 640, 480, 0x1, 256, 15, 2, 0, 5, 5, 5, 10, 5, 0, 0 /* 640x480xbgra5550 */, (grub_uint32_t []) { 0x18ed532e, 0x18ed532e, 0x18ed532e, 0x18ed532e, 0x18ed532e, }, 5 }, +- { "videotest", 800, 600, 0x1, 256, 15, 2, 0, 5, 5, 5, 10, 5, 0, 0 /* 800x600xbgra5550 */, (grub_uint32_t []) { 0x2b35b09f, 0x2b35b09f, 0x2b35b09f, 0x2b35b09f, 0x2b35b09f, }, 5 }, +- { "videotest", 1024, 768, 0x1, 256, 15, 2, 0, 5, 5, 5, 10, 5, 0, 0 /* 1024x768xbgra5550 */, (grub_uint32_t []) { 0xa24c4d98, 0xa24c4d98, 0xa24c4d98, 0xa24c4d98, 0xa24c4d98, }, 5 }, +- { "videotest", 640, 480, 0x1, 256, 16, 2, 0, 5, 5, 6, 11, 5, 0, 0 /* 640x480xbgra5650 */, (grub_uint32_t []) { 0xc07dde33, 0xc07dde33, 0xc07dde33, 0xc07dde33, 0xc07dde33, }, 5 }, +- { "videotest", 800, 600, 0x1, 256, 16, 2, 0, 5, 5, 6, 11, 5, 0, 0 /* 800x600xbgra5650 */, (grub_uint32_t []) { 0x7e6ed757, 0x7e6ed757, 0x7e6ed757, 0x7e6ed757, 0x7e6ed757, }, 5 }, +- { "videotest", 1024, 768, 0x1, 256, 16, 2, 0, 5, 5, 6, 11, 5, 0, 0 /* 1024x768xbgra5650 */, (grub_uint32_t []) { 0x700255dd, 0x700255dd, 0x700255dd, 0x700255dd, 0x700255dd, }, 5 }, +- { "videotest", 640, 480, 0x1, 256, 24, 3, 0, 8, 8, 8, 16, 8, 0, 0 /* 640x480xbgra8880 */, (grub_uint32_t []) { 0x157232bd, 0x5e6bdacd, 0x8341e25d, 0xc8580a2d, 0x3cf9e58c, }, 5 }, +- { "videotest", 800, 600, 0x1, 256, 24, 3, 0, 8, 8, 8, 16, 8, 0, 0 /* 800x600xbgra8880 */, (grub_uint32_t []) { 0xbfafd7cd, 0x51650951, 0x67d61c04, 0x891cc298, 0xab036ae, }, 5 }, +- { "videotest", 1024, 768, 0x1, 256, 24, 3, 0, 8, 8, 8, 16, 8, 0, 0 /* 1024x768xbgra8880 */, (grub_uint32_t []) { 0x760580c9, 0xdc6d8205, 0x2739f3a0, 0x8d51f16c, 0xd47d661b, }, 5 }, +- { "videotest", 640, 480, 0x1, 256, 32, 4, 0, 8, 8, 8, 16, 8, 24, 8 /* 640x480xbgra8888 */, (grub_uint32_t []) { 0xada3b5f, 0x24cd61a6, 0x56f48ead, 0x78e3d454, 0xb28750bb, }, 5 }, +- { "videotest", 800, 600, 0x1, 256, 32, 4, 0, 8, 8, 8, 16, 8, 24, 8 /* 800x600xbgra8888 */, (grub_uint32_t []) { 0x827694e2, 0x9d97c3dd, 0xbdb43a9c, 0xa2556da3, 0xfdf3c81e, }, 5 }, +- { "videotest", 1024, 768, 0x1, 256, 32, 4, 0, 8, 8, 8, 16, 8, 24, 8 /* 1024x768xbgra8888 */, (grub_uint32_t []) { 0x664534a5, 0xcd0979a0, 0x3531d85e, 0x9e7d955b, 0xc0aced53, }, 5 }, ++ { "cmdline_cat", 640, 480, 0x2, 16, 8, 1, 0, 0, 0, 0, 0, 0, 0, 0 /* 640x480xi16 */, (grub_uint32_t []) { 0x59c36f00, 0xc69be699, 0xc69be699, 0xe17fc97c, 0xe17fc97c, 0xc2512486, 0xc2512486, 0x20260761, 0x20260761, 0xe3485349, 0xe3485349, 0x6020b4d9, 0x6020b4d9, 0x1605db98, 0x1605db98, 0xdca51b58, 0xdca51b58, 0xf3d66441, 0xf3d66441, 0x18cb7ce2, 0x18cb7ce2, 0x23b616d9, 0x23b616d9, 0xa1bf5dbf, 0xa1bf5dbf, 0x5e4a8b3d, 0x5e4a8b3d, 0x9933b3d8, 0x9933b3d8, 0xce7be2de, 0xce7be2de, 0x62531729, 0x62531729, 0xc39d3788, 0xc39d3788, 0xf7aee2fe, 0xf7aee2fe, 0xc66f4903, 0xc66f4903, 0x536c922f, 0x536c922f, 0xcb231652, 0x4ae07b67, 0x146816d5, 0x146816d5, }, 45 }, ++ { "cmdline_cat", 800, 600, 0x2, 16, 8, 1, 0, 0, 0, 0, 0, 0, 0, 0 /* 800x600xi16 */, (grub_uint32_t []) { 0xaa4593fe, 0x29d0cfb7, 0x29d0cfb7, 0x4d57ad88, 0x4d57ad88, 0xaf7591cb, 0xaf7591cb, 0xb88e3c0, 0xb88e3c0, 0x5d55a031, 0x5d55a031, 0x4363bcff, 0x4363bcff, 0xe1142833, 0xe1142833, 0x9578c80d, 0x9578c80d, 0xff1f5174, 0xff1f5174, 0x6828d47, 0x6828d47, 0x2a849ae3, 0x2a849ae3, 0x27a811d9, 0x27a811d9, 0x6c42e1cb, 0x6c42e1cb, 0x5bba61f5, 0x5bba61f5, 0xc02ab705, 0xc02ab705, 0xeb3e0e05, 0xeb3e0e05, 0x6f4ce3c, 0x6f4ce3c, 0x2075c50e, 0x2075c50e, 0x54ac7fba, 0x54ac7fba, 0x335d1c21, 0x335d1c21, 0xf923fbd1, 0x1b489d4d, 0x1253eb5e, 0x1253eb5e, }, 45 }, ++ { "cmdline_cat", 1024, 768, 0x2, 16, 8, 1, 0, 0, 0, 0, 0, 0, 0, 0 /* 1024x768xi16 */, (grub_uint32_t []) { 0xc9cbf769, 0x6ff92a98, 0x6ff92a98, 0xbd8264b3, 0xbd8264b3, 0x5c50282c, 0x5c50282c, 0xd18d6a5a, 0xd18d6a5a, 0x99cea139, 0x99cea139, 0x2590c545, 0x2590c545, 0x55c86045, 0x55c86045, 0xad53ef1e, 0xad53ef1e, 0x5b44a23a, 0x5b44a23a, 0xa255f863, 0xa255f863, 0x85b0bdca, 0x85b0bdca, 0x4220ee1f, 0x4220ee1f, 0xeb991a9f, 0xeb991a9f, 0x86f366dd, 0x86f366dd, 0xfa176b7d, 0xfa176b7d, 0xd7384ca9, 0xd7384ca9, 0xceebf5c1, 0xceebf5c1, 0xae62b268, 0xae62b268, 0x6e89bbd6, 0x6e89bbd6, 0x3fe07c8e, 0x3fe07c8e, 0xee5358fe, 0x162d1a8a, 0x876f8d10, 0x876f8d10, }, 45 }, ++ { "cmdline_cat", 640, 480, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 640x480xrgba8888 */, (grub_uint32_t []) { 0x9813a416, 0xb96afaea, 0xb96afaea, 0xaa16ab1e, 0xaa16ab1e, 0x51ff382, 0x51ff382, 0xec74f127, 0xec74f127, 0xde4bca99, 0xde4bca99, 0x8ef3e8a5, 0x8ef3e8a5, 0x2daeb0b4, 0x2daeb0b4, 0x7cf5e243, 0x7cf5e243, 0x11fd57c6, 0x11fd57c6, 0x140723af, 0x140723af, 0x2bd93833, 0x2bd93833, 0xd731f4ac, 0xd731f4ac, 0x5fcd7114, 0x5fcd7114, 0xd1fea24a, 0xd1fea24a, 0x4083d53a, 0x4083d53a, 0x2e372605, 0x2e372605, 0x8e6316a7, 0x8e6316a7, 0x283ef6cc, 0x283ef6cc, 0x20cee9de, 0x20cee9de, 0xad6fa187, 0xad6fa187, 0xd691f438, 0xf3257e63, 0x4786ba7, 0x4786ba7, }, 45 }, ++ { "cmdline_cat", 800, 600, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 800x600xrgba8888 */, (grub_uint32_t []) { 0x5fcf013d, 0x48acf1bf, 0x48acf1bf, 0xb8777469, 0xb8777469, 0xad2fad44, 0xad2fad44, 0xa415ac59, 0xa415ac59, 0x5a7bfb26, 0x5a7bfb26, 0xccb6016, 0xccb6016, 0x77a80cb3, 0x77a80cb3, 0x2034c102, 0x2034c102, 0x444b4ccd, 0x444b4ccd, 0xe6c31bea, 0xe6c31bea, 0x8408036e, 0x8408036e, 0x9e7c556f, 0x9e7c556f, 0x445dc388, 0x445dc388, 0x94b3f850, 0x94b3f850, 0xf6f15341, 0xf6f15341, 0xcb939b5f, 0xcb939b5f, 0xbe88067d, 0xbe88067d, 0x1efc4734, 0x1efc4734, 0x7f5dfca8, 0x7f5dfca8, 0xb7b10eb9, 0xb7b10eb9, 0xb94cb441, 0x9571329, 0x8a26912b, 0x8a26912b, }, 45 }, ++ { "cmdline_cat", 1024, 768, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 1024x768xrgba8888 */, (grub_uint32_t []) { 0xdd28f52b, 0xc508d04e, 0xc508d04e, 0x6dbccbfe, 0x6dbccbfe, 0xbf06ff60, 0xbf06ff60, 0xbc5ab06, 0xbc5ab06, 0x97eeab3c, 0x97eeab3c, 0x62663589, 0x62663589, 0xb03e21e2, 0xb03e21e2, 0xea196bb6, 0xea196bb6, 0x672c16c4, 0x672c16c4, 0xefbca2cd, 0xefbca2cd, 0x1af5b410, 0x1af5b410, 0xc7a80569, 0xc7a80569, 0x4926a16, 0x4926a16, 0xee29c99c, 0xee29c99c, 0xffb15985, 0xffb15985, 0x4f608e46, 0x4f608e46, 0x3e450fd2, 0x3e450fd2, 0xac45215f, 0xac45215f, 0x789b0ce7, 0x789b0ce7, 0x4cedfe22, 0x4cedfe22, 0xa005588c, 0x701da05c, 0x6f25cec1, 0x6f25cec1, }, 45 }, ++ { "cmdline_cat", 2560, 1440, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 2560x1440xrgba8888 */, (grub_uint32_t []) { 0x43d1f34, 0x29e7a7f, 0x29e7a7f, 0xbd221052, 0xbd221052, 0x3b18b64, 0x3b18b64, 0x7f1e8462, 0x7f1e8462, 0xf28d5124, 0xf28d5124, 0xc336f170, 0xc336f170, 0xfe3bf988, 0xfe3bf988, 0x7bf89e05, 0x7bf89e05, 0x7857a3f8, 0x7857a3f8, 0x272c1a36, 0x272c1a36, 0xe8adb445, 0xe8adb445, 0x70cfe280, 0x70cfe280, 0x4f2b6120, 0x4f2b6120, 0xbaf5caa5, 0xbaf5caa5, 0x4b6bcab2, 0x4b6bcab2, 0x2bef7b92, 0x2bef7b92, 0x17b381dc, 0x17b381dc, 0x884c9c35, 0x884c9c35, 0x2f9eb909, 0x2f9eb909, 0xa811b3af, 0xa811b3af, 0x4c39478f, 0x5a72c3ab, 0x8071678a, 0x8071678a, }, 45 }, ++ { "gfxterm_menu", 640, 480, 0x2, 16, 8, 1, 0, 0, 0, 0, 0, 0, 0, 0 /* 640x480xi16 */, (grub_uint32_t []) { 0x59c36f00, 0xd9f04953, 0xbf3fa5d0, 0xd9f04953, 0x9a068414, 0x59c36f00, 0x59c36f00, 0x620c0067, 0x620c0067, 0x620c0067, 0x1c8c6d01, 0x1c8c6d01, 0x1c8c6d01, 0xc3269013, 0xc3269013, 0xc3269013, 0x59c36f00, 0x9a068414, 0x9a068414, 0x59c36f00, }, 20 }, ++ { "gfxterm_menu", 800, 600, 0x2, 16, 8, 1, 0, 0, 0, 0, 0, 0, 0, 0 /* 800x600xi16 */, (grub_uint32_t []) { 0xaa4593fe, 0x9254157f, 0x367e92c7, 0x9254157f, 0xbc519000, 0xaa4593fe, 0xaa4593fe, 0xa8a596c8, 0xa8a596c8, 0xa8a596c8, 0xe509baf, 0xe509baf, 0xe509baf, 0x16f0dc06, 0x16f0dc06, 0x16f0dc06, 0xaa4593fe, 0xbc519000, 0xbc519000, 0xaa4593fe, }, 20 }, ++ { "gfxterm_menu", 1024, 768, 0x2, 16, 8, 1, 0, 0, 0, 0, 0, 0, 0, 0 /* 1024x768xi16 */, (grub_uint32_t []) { 0xc9cbf769, 0x354b1976, 0x8fc746ae, 0x354b1976, 0x685c74f2, 0xc9cbf769, 0xc9cbf769, 0x3ce35e1d, 0x3ce35e1d, 0x3ce35e1d, 0xc23b9fd1, 0xc23b9fd1, 0xc23b9fd1, 0x5b18528e, 0x5b18528e, 0x5b18528e, 0xc9cbf769, 0x685c74f2, 0x685c74f2, 0xc9cbf769, }, 20 }, ++ { "gfxterm_menu", 640, 480, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 640x480xrgba8888 */, (grub_uint32_t []) { 0x9813a416, 0x1c9ec014, 0xaf3ec923, 0x1c9ec014, 0x43f5296, 0x9813a416, 0x9813a416, 0x43fda3fa, 0x43fda3fa, 0x43fda3fa, 0xd22625c9, 0xd22625c9, 0xd22625c9, 0x76a62c0a, 0x76a62c0a, 0x76a62c0a, 0x9813a416, 0x43f5296, 0x43f5296, 0x9813a416, }, 20 }, ++ { "gfxterm_menu", 800, 600, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 800x600xrgba8888 */, (grub_uint32_t []) { 0x5fcf013d, 0xa704f7ea, 0xb7f2ec8b, 0xa704f7ea, 0xb279bf59, 0x5fcf013d, 0x5fcf013d, 0xf3582c48, 0xf3582c48, 0xf3582c48, 0x2148343e, 0x2148343e, 0x2148343e, 0x9c719024, 0x9c719024, 0x9c719024, 0x5fcf013d, 0xb279bf59, 0xb279bf59, 0x5fcf013d, }, 20 }, ++ { "gfxterm_menu", 1024, 768, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 1024x768xrgba8888 */, (grub_uint32_t []) { 0xdd28f52b, 0xf293ce36, 0xa6eb6ae8, 0xf293ce36, 0xcd87647e, 0xdd28f52b, 0xdd28f52b, 0xb3c7ef80, 0xb3c7ef80, 0xb3c7ef80, 0x92fb1664, 0x92fb1664, 0x92fb1664, 0xd15b5e2e, 0xd15b5e2e, 0xd15b5e2e, 0xdd28f52b, 0xcd87647e, 0xcd87647e, 0xdd28f52b, }, 20 }, ++ { "gfxterm_menu", 2560, 1440, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 2560x1440xrgba8888 */, (grub_uint32_t []) { 0x43d1f34, 0x31e75bd7, 0x9a768c6a, 0x31e75bd7, 0xa8fc31a6, 0x43d1f34, 0x43d1f34, 0xa0717008, 0xa0717008, 0xa0717008, 0xdf7bd9a0, 0xdf7bd9a0, 0xdf7bd9a0, 0x8e5a9312, 0x8e5a9312, 0x8e5a9312, 0x43d1f34, 0xa8fc31a6, 0xa8fc31a6, 0x43d1f34, }, 20 }, ++ { "gfxmenu", 640, 480, 0x2, 16, 8, 1, 0, 0, 0, 0, 0, 0, 0, 0 /* 640x480xi16 */, (grub_uint32_t []) { 0x59c36f00, 0x1ce7bd78, 0x682580f5, 0x1ce7bd78, 0x490ad6fe, 0x9a2e0d26, 0x64eb71ba, 0x64eb71ba, 0x64eb71ba, 0x3833877a, 0x3833877a, 0x3833877a, 0xcfc14f0a, 0xcfc14f0a, 0xcfc14f0a, 0x59c36f00, 0x490ad6fe, 0x490ad6fe, }, 18 }, ++ { "gfxmenu", 800, 600, 0x2, 16, 8, 1, 0, 0, 0, 0, 0, 0, 0, 0 /* 800x600xi16 */, (grub_uint32_t []) { 0xaa4593fe, 0x2b6ff87d, 0x63ce2ca2, 0x2b6ff87d, 0xf00f044e, 0xa9d58ccd, 0xe2c46577, 0xe2c46577, 0xe2c46577, 0xb79bcf7d, 0xb79bcf7d, 0xb79bcf7d, 0xbc30ed71, 0xbc30ed71, 0xbc30ed71, 0xaa4593fe, 0xf00f044e, 0xf00f044e, }, 18 }, ++ { "gfxmenu", 1024, 768, 0x2, 16, 8, 1, 0, 0, 0, 0, 0, 0, 0, 0 /* 1024x768xi16 */, (grub_uint32_t []) { 0xc9cbf769, 0xe61cadba, 0x9880b727, 0xe61cadba, 0xdf5f2fc0, 0x5411be8b, 0x4449774e, 0x4449774e, 0x4449774e, 0x3bf7d1da, 0x3bf7d1da, 0x3bf7d1da, 0xd2ddee01, 0xd2ddee01, 0xd2ddee01, 0xc9cbf769, 0xdf5f2fc0, 0xdf5f2fc0, }, 18 }, ++ { "gfxmenu", 640, 480, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 640x480xrgba8888 */, (grub_uint32_t []) { 0x1c3742c9, 0xbe54acf7, 0x9b4ce770, 0xbe54acf7, 0x3111489, 0x740d78cf, 0x314c4c59, 0x314c4c59, 0x314c4c59, 0xdae9a625, 0xdae9a625, 0xdae9a625, 0xcbf8af57, 0xcbf8af57, 0xcbf8af57, 0x1c3742c9, 0x3111489, 0x3111489, }, 18 }, ++ { "gfxmenu", 800, 600, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 800x600xrgba8888 */, (grub_uint32_t []) { 0xcc5a7bed, 0xee571de5, 0x568aaeff, 0xee571de5, 0xe328b7a7, 0xbcda144c, 0xf56e1b60, 0xf56e1b60, 0xf56e1b60, 0x9a27c771, 0x9a27c771, 0x9a27c771, 0xd6d05397, 0xd6d05397, 0xd6d05397, 0xcc5a7bed, 0xe328b7a7, 0xe328b7a7, }, 18 }, ++ { "gfxmenu", 1024, 768, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 1024x768xrgba8888 */, (grub_uint32_t []) { 0xef4a3312, 0x1db9877c, 0x7e1afeae, 0x1db9877c, 0x8fc0c430, 0x5d55a141, 0x96f335c6, 0x96f335c6, 0x96f335c6, 0x504171d8, 0x504171d8, 0x504171d8, 0x69f71c0, 0x69f71c0, 0x69f71c0, 0xef4a3312, 0x8fc0c430, 0x8fc0c430, }, 18 }, ++ { "gfxmenu", 2560, 1440, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 2560x1440xrgba8888 */, (grub_uint32_t []) { 0x54e48d80, 0x151819bd, 0xea8d4865, 0x151819bd, 0x11d75fd2, 0x6d6bb4bc, 0x650ccd09, 0x650ccd09, 0x650ccd09, 0xe4ff3bd8, 0xe4ff3bd8, 0xe4ff3bd8, 0xc5308b73, 0xc5308b73, 0xc5308b73, 0x54e48d80, 0x11d75fd2, 0x11d75fd2, }, 18 }, ++ { "gfxterm_ar", 640, 480, 0x2, 16, 8, 1, 0, 0, 0, 0, 0, 0, 0, 0 /* 640x480xi16 */, (grub_uint32_t []) { 0x59c36f00, 0xd0b06c3d, 0xde50d1a5, 0xd0b06c3d, 0x9346a17a, 0x59c36f00, 0x59c36f00, 0xacff5d47, 0xacff5d47, 0xacff5d47, 0xd27f3021, 0xd27f3021, 0xd27f3021, 0xdd5cd33, 0xdd5cd33, 0xdd5cd33, 0x59c36f00, 0x9346a17a, 0x9346a17a, 0x59c36f00, }, 20 }, ++ { "gfxterm_ar", 800, 600, 0x2, 16, 8, 1, 0, 0, 0, 0, 0, 0, 0, 0 /* 800x600xi16 */, (grub_uint32_t []) { 0xaa4593fe, 0xf32d50c1, 0x730a7ed, 0xf32d50c1, 0xdd28d5be, 0xaa4593fe, 0xaa4593fe, 0xba8a2d4c, 0xba8a2d4c, 0xba8a2d4c, 0x1c7f202b, 0x1c7f202b, 0x1c7f202b, 0x4df6782, 0x4df6782, 0x4df6782, 0xaa4593fe, 0xdd28d5be, 0xdd28d5be, 0xaa4593fe, }, 20 }, ++ { "gfxterm_ar", 1024, 768, 0x2, 16, 8, 1, 0, 0, 0, 0, 0, 0, 0, 0 /* 1024x768xi16 */, (grub_uint32_t []) { 0xc9cbf769, 0x711a4ac1, 0x6396f14c, 0x711a4ac1, 0x2c0d2745, 0xc9cbf769, 0xc9cbf769, 0x6b6ccbb0, 0x6b6ccbb0, 0x6b6ccbb0, 0x95b40a7c, 0x95b40a7c, 0x95b40a7c, 0xc97c723, 0xc97c723, 0xc97c723, 0xc9cbf769, 0x2c0d2745, 0x2c0d2745, 0xc9cbf769, }, 20 }, ++ { "gfxterm_ar", 640, 480, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 640x480xrgba8888 */, (grub_uint32_t []) { 0x9813a416, 0x29baad6a, 0x348b1f2b, 0x29baad6a, 0x311b3fe8, 0x9813a416, 0x9813a416, 0xe8e982cc, 0xe8e982cc, 0xe8e982cc, 0x793204ff, 0x793204ff, 0x793204ff, 0xddb20d3c, 0xddb20d3c, 0xddb20d3c, 0x9813a416, 0x311b3fe8, 0x311b3fe8, 0x9813a416, }, 20 }, ++ { "gfxterm_ar", 800, 600, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 800x600xrgba8888 */, (grub_uint32_t []) { 0x5fcf013d, 0xf834b3bb, 0x3951bd1a, 0xf834b3bb, 0xed49fb08, 0x5fcf013d, 0x5fcf013d, 0x5aefa2a7, 0x5aefa2a7, 0x5aefa2a7, 0x88ffbad1, 0x88ffbad1, 0x88ffbad1, 0x35c61ecb, 0x35c61ecb, 0x35c61ecb, 0x5fcf013d, 0xed49fb08, 0xed49fb08, 0x5fcf013d, }, 20 }, ++ { "gfxterm_ar", 1024, 768, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 1024x768xrgba8888 */, (grub_uint32_t []) { 0xdd28f52b, 0x7e9a7a47, 0xb1651b5a, 0x7e9a7a47, 0x418ed00f, 0xdd28f52b, 0xdd28f52b, 0x83f9db69, 0x83f9db69, 0x83f9db69, 0xa2c5228d, 0xa2c5228d, 0xa2c5228d, 0xe1656ac7, 0xe1656ac7, 0xe1656ac7, 0xdd28f52b, 0x418ed00f, 0x418ed00f, 0xdd28f52b, }, 20 }, ++ { "gfxterm_ar", 2560, 1440, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 2560x1440xrgba8888 */, (grub_uint32_t []) { 0x43d1f34, 0xc6a0340, 0x7dd5855c, 0xc6a0340, 0x95716931, 0x43d1f34, 0x43d1f34, 0x5f1c24c0, 0x5f1c24c0, 0x5f1c24c0, 0x20168d68, 0x20168d68, 0x20168d68, 0x7137c7da, 0x7137c7da, 0x7137c7da, 0x43d1f34, 0x95716931, 0x95716931, 0x43d1f34, }, 20 }, ++ { "gfxterm_cyr", 640, 480, 0x2, 16, 8, 1, 0, 0, 0, 0, 0, 0, 0, 0 /* 640x480xi16 */, (grub_uint32_t []) { 0x59c36f00, 0xd3798aaa, 0xab48784c, 0xd3798aaa, 0x908f47ed, 0x59c36f00, 0x59c36f00, 0x1688ec7c, 0x1688ec7c, 0x1688ec7c, 0x6808811a, 0x6808811a, 0x6808811a, 0xb7a27c08, 0xb7a27c08, 0xb7a27c08, 0x59c36f00, 0x908f47ed, 0x908f47ed, 0x59c36f00, }, 20 }, ++ { "gfxterm_cyr", 800, 600, 0x2, 16, 8, 1, 0, 0, 0, 0, 0, 0, 0, 0 /* 800x600xi16 */, (grub_uint32_t []) { 0xaa4593fe, 0xc30d9d2a, 0x60b9ed26, 0xc30d9d2a, 0xed081855, 0xaa4593fe, 0xaa4593fe, 0x3eba2192, 0x3eba2192, 0x3eba2192, 0x984f2cf5, 0x984f2cf5, 0x984f2cf5, 0x80ef6b5c, 0x80ef6b5c, 0x80ef6b5c, 0xaa4593fe, 0xed081855, 0xed081855, 0xaa4593fe, }, 20 }, ++ { "gfxterm_cyr", 1024, 768, 0x2, 16, 8, 1, 0, 0, 0, 0, 0, 0, 0, 0 /* 1024x768xi16 */, (grub_uint32_t []) { 0xc9cbf769, 0xe469e6af, 0x46ac2012, 0xe469e6af, 0xb97e8b2b, 0xc9cbf769, 0xc9cbf769, 0x60f0d993, 0x60f0d993, 0x60f0d993, 0x9e28185f, 0x9e28185f, 0x9e28185f, 0x70bd500, 0x70bd500, 0x70bd500, 0xc9cbf769, 0xb97e8b2b, 0xb97e8b2b, 0xc9cbf769, }, 20 }, ++ { "gfxterm_cyr", 640, 480, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 640x480xrgba8888 */, (grub_uint32_t []) { 0x9813a416, 0x8538d2ef, 0xab143284, 0x8538d2ef, 0x9d99406d, 0x9813a416, 0x9813a416, 0x7e8326ec, 0x7e8326ec, 0x7e8326ec, 0xef58a0df, 0xef58a0df, 0xef58a0df, 0x4bd8a91c, 0x4bd8a91c, 0x4bd8a91c, 0x9813a416, 0x9d99406d, 0x9d99406d, 0x9813a416, }, 20 }, ++ { "gfxterm_cyr", 800, 600, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 800x600xrgba8888 */, (grub_uint32_t []) { 0x5fcf013d, 0x8115198c, 0x1abdaee1, 0x8115198c, 0x9468513f, 0x5fcf013d, 0x5fcf013d, 0xa5e86484, 0xa5e86484, 0xa5e86484, 0x77f87cf2, 0x77f87cf2, 0x77f87cf2, 0xcac1d8e8, 0xcac1d8e8, 0xcac1d8e8, 0x5fcf013d, 0x9468513f, 0x9468513f, 0x5fcf013d, }, 20 }, ++ { "gfxterm_cyr", 1024, 768, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 1024x768xrgba8888 */, (grub_uint32_t []) { 0xdd28f52b, 0xea03b805, 0x74148290, 0xea03b805, 0xd517124d, 0xdd28f52b, 0xdd28f52b, 0x8f6eee40, 0x8f6eee40, 0x8f6eee40, 0xae5217a4, 0xae5217a4, 0xae5217a4, 0xedf25fee, 0xedf25fee, 0xedf25fee, 0xdd28f52b, 0xd517124d, 0xd517124d, 0xdd28f52b, }, 20 }, ++ { "gfxterm_cyr", 2560, 1440, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 2560x1440xrgba8888 */, (grub_uint32_t []) { 0x43d1f34, 0xa044490f, 0xe23458db, 0xa044490f, 0x395f237e, 0x43d1f34, 0x43d1f34, 0xe1ca82c2, 0xe1ca82c2, 0xe1ca82c2, 0x9ec02b6a, 0x9ec02b6a, 0x9ec02b6a, 0xcfe161d8, 0xcfe161d8, 0xcfe161d8, 0x43d1f34, 0x395f237e, 0x395f237e, 0x43d1f34, }, 20 }, ++ { "gfxterm_heb", 640, 480, 0x2, 16, 8, 1, 0, 0, 0, 0, 0, 0, 0, 0 /* 640x480xi16 */, (grub_uint32_t []) { 0x59c36f00, 0xf3259b30, 0xf1f01411, 0xf3259b30, 0xb0d35677, 0x59c36f00, 0x59c36f00, 0x97895f8e, 0x97895f8e, 0x97895f8e, 0xe90932e8, 0xe90932e8, 0xe90932e8, 0x36a3cffa, 0x36a3cffa, 0x36a3cffa, 0x59c36f00, 0xb0d35677, 0xb0d35677, 0x59c36f00, }, 20 }, ++ { "gfxterm_heb", 800, 600, 0x2, 16, 8, 1, 0, 0, 0, 0, 0, 0, 0, 0 /* 800x600xi16 */, (grub_uint32_t []) { 0xaa4593fe, 0x53a43759, 0xe0f26bfa, 0x53a43759, 0x7da1b226, 0xaa4593fe, 0xaa4593fe, 0xbf482a4e, 0xbf482a4e, 0xbf482a4e, 0x19bd2729, 0x19bd2729, 0x19bd2729, 0x11d6080, 0x11d6080, 0x11d6080, 0xaa4593fe, 0x7da1b226, 0x7da1b226, 0xaa4593fe, }, 20 }, ++ { "gfxterm_heb", 1024, 768, 0x2, 16, 8, 1, 0, 0, 0, 0, 0, 0, 0, 0 /* 1024x768xi16 */, (grub_uint32_t []) { 0xc9cbf769, 0xd7ff8d53, 0x665b2728, 0xd7ff8d53, 0x8ae8e0d7, 0xc9cbf769, 0xc9cbf769, 0x5a693e73, 0x5a693e73, 0x5a693e73, 0xa4b1ffbf, 0xa4b1ffbf, 0xa4b1ffbf, 0x3d9232e0, 0x3d9232e0, 0x3d9232e0, 0xc9cbf769, 0x8ae8e0d7, 0x8ae8e0d7, 0xc9cbf769, }, 20 }, ++ { "gfxterm_heb", 640, 480, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 640x480xrgba8888 */, (grub_uint32_t []) { 0x9813a416, 0x99fddcbe, 0x6d5c8895, 0x99fddcbe, 0x815c4e3c, 0x9813a416, 0x9813a416, 0x9bcf9821, 0x9bcf9821, 0x9bcf9821, 0xa141e12, 0xa141e12, 0xa141e12, 0xae9417d1, 0xae9417d1, 0xae9417d1, 0x9813a416, 0x815c4e3c, 0x815c4e3c, 0x9813a416, }, 20 }, ++ { "gfxterm_heb", 800, 600, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 800x600xrgba8888 */, (grub_uint32_t []) { 0x5fcf013d, 0x5797846, 0x25a6ad40, 0x5797846, 0x100430f5, 0x5fcf013d, 0x5fcf013d, 0xddc86daf, 0xddc86daf, 0xddc86daf, 0xfd875d9, 0xfd875d9, 0xfd875d9, 0xb2e1d1c3, 0xb2e1d1c3, 0xb2e1d1c3, 0x5fcf013d, 0x100430f5, 0x100430f5, 0x5fcf013d, }, 20 }, ++ { "gfxterm_heb", 1024, 768, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 1024x768xrgba8888 */, (grub_uint32_t []) { 0xdd28f52b, 0x30653ae8, 0x7fcd187, 0x30653ae8, 0xf7190a0, 0xdd28f52b, 0xdd28f52b, 0x24c3d325, 0x24c3d325, 0x24c3d325, 0x5ff2ac1, 0x5ff2ac1, 0x5ff2ac1, 0x465f628b, 0x465f628b, 0x465f628b, 0xdd28f52b, 0xf7190a0, 0xf7190a0, 0xdd28f52b, }, 20 }, ++ { "gfxterm_heb", 2560, 1440, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 2560x1440xrgba8888 */, (grub_uint32_t []) { 0x43d1f34, 0x3bd91638, 0x1d74dd4a, 0x3bd91638, 0xa2c27c49, 0x43d1f34, 0x43d1f34, 0x53d1ad3d, 0x53d1ad3d, 0x53d1ad3d, 0x2cdb0495, 0x2cdb0495, 0x2cdb0495, 0x7dfa4e27, 0x7dfa4e27, 0x7dfa4e27, 0x43d1f34, 0xa2c27c49, 0xa2c27c49, 0x43d1f34, }, 20 }, ++ { "gfxterm_gre", 640, 480, 0x2, 16, 8, 1, 0, 0, 0, 0, 0, 0, 0, 0 /* 640x480xi16 */, (grub_uint32_t []) { 0x59c36f00, 0xbe2c351a, 0x2692720, 0xbe2c351a, 0xfddaf85d, 0x59c36f00, 0x59c36f00, 0x1b2e2301, 0x1b2e2301, 0x1b2e2301, 0x65ae4e67, 0x65ae4e67, 0x65ae4e67, 0xba04b375, 0xba04b375, 0xba04b375, 0x59c36f00, 0xfddaf85d, 0xfddaf85d, 0x59c36f00, }, 20 }, ++ { "gfxterm_gre", 800, 600, 0x2, 16, 8, 1, 0, 0, 0, 0, 0, 0, 0, 0 /* 800x600xi16 */, (grub_uint32_t []) { 0xaa4593fe, 0x1eca82e1, 0xe8fa59cc, 0x1eca82e1, 0x30cf079e, 0xaa4593fe, 0xaa4593fe, 0xaf27ddc5, 0xaf27ddc5, 0xaf27ddc5, 0x9d2d0a2, 0x9d2d0a2, 0x9d2d0a2, 0x1172970b, 0x1172970b, 0x1172970b, 0xaa4593fe, 0x30cf079e, 0x30cf079e, 0xaa4593fe, }, 20 }, ++ { "gfxterm_gre", 1024, 768, 0x2, 16, 8, 1, 0, 0, 0, 0, 0, 0, 0, 0 /* 1024x768xi16 */, (grub_uint32_t []) { 0xc9cbf769, 0xa9ccd435, 0x1ac646eb, 0xa9ccd435, 0xf4dbb9b1, 0xc9cbf769, 0xc9cbf769, 0x86d69aa0, 0x86d69aa0, 0x86d69aa0, 0x780e5b6c, 0x780e5b6c, 0x780e5b6c, 0xe12d9633, 0xe12d9633, 0xe12d9633, 0xc9cbf769, 0xf4dbb9b1, 0xf4dbb9b1, 0xc9cbf769, }, 20 }, ++ { "gfxterm_gre", 640, 480, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 640x480xrgba8888 */, (grub_uint32_t []) { 0x9813a416, 0xf96d568, 0x7ad05c1b, 0xf96d568, 0x173747ea, 0x9813a416, 0x9813a416, 0xacf9792a, 0xacf9792a, 0xacf9792a, 0x3d22ff19, 0x3d22ff19, 0x3d22ff19, 0x99a2f6da, 0x99a2f6da, 0x99a2f6da, 0x9813a416, 0x173747ea, 0x173747ea, 0x9813a416, }, 20 }, ++ { "gfxterm_gre", 800, 600, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 800x600xrgba8888 */, (grub_uint32_t []) { 0x5fcf013d, 0xa0dc6b9c, 0xc2761148, 0xa0dc6b9c, 0xb5a1232f, 0x5fcf013d, 0x5fcf013d, 0x4e05748b, 0x4e05748b, 0x4e05748b, 0x9c156cfd, 0x9c156cfd, 0x9c156cfd, 0x212cc8e7, 0x212cc8e7, 0x212cc8e7, 0x5fcf013d, 0xb5a1232f, 0xb5a1232f, 0x5fcf013d, }, 20 }, ++ { "gfxterm_gre", 1024, 768, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 1024x768xrgba8888 */, (grub_uint32_t []) { 0xdd28f52b, 0xcd722f7d, 0xe4df8d6b, 0xcd722f7d, 0xf2668535, 0xdd28f52b, 0xdd28f52b, 0xbdbb8019, 0xbdbb8019, 0xbdbb8019, 0x9c8779fd, 0x9c8779fd, 0x9c8779fd, 0xdf2731b7, 0xdf2731b7, 0xdf2731b7, 0xdd28f52b, 0xf2668535, 0xf2668535, 0xdd28f52b, }, 20 }, ++ { "gfxterm_gre", 2560, 1440, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 2560x1440xrgba8888 */, (grub_uint32_t []) { 0x43d1f34, 0xa6c99d2f, 0x1de04317, 0xa6c99d2f, 0x3fd2f75e, 0x43d1f34, 0x43d1f34, 0x3f85b7d3, 0x3f85b7d3, 0x3f85b7d3, 0x408f1e7b, 0x408f1e7b, 0x408f1e7b, 0x11ae54c9, 0x11ae54c9, 0x11ae54c9, 0x43d1f34, 0x3fd2f75e, 0x3fd2f75e, 0x43d1f34, }, 20 }, ++ { "gfxterm_ru", 640, 480, 0x2, 16, 8, 1, 0, 0, 0, 0, 0, 0, 0, 0 /* 640x480xi16 */, (grub_uint32_t []) { 0x59c36f00, 0x1e35b709, 0x2683bf92, 0x1e35b709, 0x5dc37a4e, 0x59c36f00, 0x59c36f00, 0xd697967f, 0xd697967f, 0xd697967f, 0xa817fb19, 0xa817fb19, 0xa817fb19, 0x77bd060b, 0x77bd060b, 0x77bd060b, 0x59c36f00, 0x5dc37a4e, 0x5dc37a4e, 0x59c36f00, }, 20 }, ++ { "gfxterm_ru", 800, 600, 0x2, 16, 8, 1, 0, 0, 0, 0, 0, 0, 0, 0 /* 800x600xi16 */, (grub_uint32_t []) { 0xaa4593fe, 0x53ff7735, 0x8cbf197c, 0x53ff7735, 0x7dfaf24a, 0xaa4593fe, 0xaa4593fe, 0x389a922, 0x389a922, 0x389a922, 0xa57ca445, 0xa57ca445, 0xa57ca445, 0xbddce3ec, 0xbddce3ec, 0xbddce3ec, 0xaa4593fe, 0x7dfaf24a, 0x7dfaf24a, 0xaa4593fe, }, 20 }, ++ { "gfxterm_ru", 1024, 768, 0x2, 16, 8, 1, 0, 0, 0, 0, 0, 0, 0, 0 /* 1024x768xi16 */, (grub_uint32_t []) { 0xc9cbf769, 0x5217c47d, 0x7c8ae63e, 0x5217c47d, 0xf00a9f9, 0xc9cbf769, 0xc9cbf769, 0x3995409, 0x3995409, 0x3995409, 0xfd4195c5, 0xfd4195c5, 0xfd4195c5, 0x6462589a, 0x6462589a, 0x6462589a, 0xc9cbf769, 0xf00a9f9, 0xf00a9f9, 0xc9cbf769, }, 20 }, ++ { "gfxterm_ru", 640, 480, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 640x480xrgba8888 */, (grub_uint32_t []) { 0x9813a416, 0x45b67706, 0x375fb5db, 0x45b67706, 0x5d17e584, 0x9813a416, 0x9813a416, 0x8195719b, 0x8195719b, 0x8195719b, 0x104ef7a8, 0x104ef7a8, 0x104ef7a8, 0xb4cefe6b, 0xb4cefe6b, 0xb4cefe6b, 0x9813a416, 0x5d17e584, 0x5d17e584, 0x9813a416, }, 20 }, ++ { "gfxterm_ru", 800, 600, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 800x600xrgba8888 */, (grub_uint32_t []) { 0x5fcf013d, 0xfc209a25, 0xd5c20779, 0xfc209a25, 0xe95dd296, 0x5fcf013d, 0x5fcf013d, 0xe5699efe, 0xe5699efe, 0xe5699efe, 0x37798688, 0x37798688, 0x37798688, 0x8a402292, 0x8a402292, 0x8a402292, 0x5fcf013d, 0xe95dd296, 0xe95dd296, 0x5fcf013d, }, 20 }, ++ { "gfxterm_ru", 1024, 768, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 1024x768xrgba8888 */, (grub_uint32_t []) { 0xdd28f52b, 0x77f956f0, 0xfb0cc079, 0x77f956f0, 0x48edfcb8, 0xdd28f52b, 0xdd28f52b, 0xd51b1dc9, 0xd51b1dc9, 0xd51b1dc9, 0xf427e42d, 0xf427e42d, 0xf427e42d, 0xb787ac67, 0xb787ac67, 0xb787ac67, 0xdd28f52b, 0x48edfcb8, 0x48edfcb8, 0xdd28f52b, }, 20 }, ++ { "gfxterm_ru", 2560, 1440, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 2560x1440xrgba8888 */, (grub_uint32_t []) { 0x43d1f34, 0x1d9ac82a, 0xa254aa53, 0x1d9ac82a, 0x8481a25b, 0x43d1f34, 0x43d1f34, 0xc304df68, 0xc304df68, 0xc304df68, 0xbc0e76c0, 0xbc0e76c0, 0xbc0e76c0, 0xed2f3c72, 0xed2f3c72, 0xed2f3c72, 0x43d1f34, 0x8481a25b, 0x8481a25b, 0x43d1f34, }, 20 }, ++ { "gfxterm_fr", 640, 480, 0x2, 16, 8, 1, 0, 0, 0, 0, 0, 0, 0, 0 /* 640x480xi16 */, (grub_uint32_t []) { 0x59c36f00, 0xa6239a89, 0x8dc4bfbb, 0xa6239a89, 0xe5d557ce, 0x59c36f00, 0x59c36f00, 0x244cf807, 0x244cf807, 0x244cf807, 0x5acc9561, 0x5acc9561, 0x5acc9561, 0x85666873, 0x85666873, 0x85666873, 0x59c36f00, 0xe5d557ce, 0xe5d557ce, 0x59c36f00, }, 20 }, ++ { "gfxterm_fr", 800, 600, 0x2, 16, 8, 1, 0, 0, 0, 0, 0, 0, 0, 0 /* 800x600xi16 */, (grub_uint32_t []) { 0xaa4593fe, 0x742cede9, 0x83bb7a50, 0x742cede9, 0x5a296896, 0xaa4593fe, 0xaa4593fe, 0xd83f8aeb, 0xd83f8aeb, 0xd83f8aeb, 0x7eca878c, 0x7eca878c, 0x7eca878c, 0x666ac025, 0x666ac025, 0x666ac025, 0xaa4593fe, 0x5a296896, 0x5a296896, 0xaa4593fe, }, 20 }, ++ { "gfxterm_fr", 1024, 768, 0x2, 16, 8, 1, 0, 0, 0, 0, 0, 0, 0, 0 /* 1024x768xi16 */, (grub_uint32_t []) { 0xc9cbf769, 0xe20a98b0, 0x7e8cedef, 0xe20a98b0, 0xbf1df534, 0xc9cbf769, 0xc9cbf769, 0x2748b88c, 0x2748b88c, 0x2748b88c, 0xd9907940, 0xd9907940, 0xd9907940, 0x40b3b41f, 0x40b3b41f, 0x40b3b41f, 0xc9cbf769, 0xbf1df534, 0xbf1df534, 0xc9cbf769, }, 20 }, ++ { "gfxterm_fr", 640, 480, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 640x480xrgba8888 */, (grub_uint32_t []) { 0x9813a416, 0x8f911ca4, 0xcbf1d895, 0x8f911ca4, 0x97308e26, 0x9813a416, 0x9813a416, 0x5b359bf4, 0x5b359bf4, 0x5b359bf4, 0xcaee1dc7, 0xcaee1dc7, 0xcaee1dc7, 0x6e6e1404, 0x6e6e1404, 0x6e6e1404, 0x9813a416, 0x97308e26, 0x97308e26, 0x9813a416, }, 20 }, ++ { "gfxterm_fr", 800, 600, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 800x600xrgba8888 */, (grub_uint32_t []) { 0x5fcf013d, 0x1bf82c82, 0xc7b39627, 0x1bf82c82, 0xe856431, 0x5fcf013d, 0x5fcf013d, 0xa9dbae99, 0xa9dbae99, 0xa9dbae99, 0x7bcbb6ef, 0x7bcbb6ef, 0x7bcbb6ef, 0xc6f212f5, 0xc6f212f5, 0xc6f212f5, 0x5fcf013d, 0xe856431, 0xe856431, 0x5fcf013d, }, 20 }, ++ { "gfxterm_fr", 1024, 768, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 1024x768xrgba8888 */, (grub_uint32_t []) { 0xdd28f52b, 0xfae19a5c, 0xd1e8fabb, 0xfae19a5c, 0xc5f53014, 0xdd28f52b, 0xdd28f52b, 0xfa2c5565, 0xfa2c5565, 0xfa2c5565, 0xdb10ac81, 0xdb10ac81, 0xdb10ac81, 0x98b0e4cb, 0x98b0e4cb, 0x98b0e4cb, 0xdd28f52b, 0xc5f53014, 0xc5f53014, 0xdd28f52b, }, 20 }, ++ { "gfxterm_fr", 2560, 1440, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 2560x1440xrgba8888 */, (grub_uint32_t []) { 0x43d1f34, 0x9a18f7bc, 0x5fcecc43, 0x9a18f7bc, 0x3039dcd, 0x43d1f34, 0x43d1f34, 0x287a2b96, 0x287a2b96, 0x287a2b96, 0x5770823e, 0x5770823e, 0x5770823e, 0x651c88c, 0x651c88c, 0x651c88c, 0x43d1f34, 0x3039dcd, 0x3039dcd, 0x43d1f34, }, 20 }, ++ { "gfxterm_quot", 640, 480, 0x2, 16, 8, 1, 0, 0, 0, 0, 0, 0, 0, 0 /* 640x480xi16 */, (grub_uint32_t []) { 0x59c36f00, 0x65112dfc, 0x3dec17f, 0x65112dfc, 0x26e7e0bb, 0x59c36f00, 0x59c36f00, 0x620c0067, 0x620c0067, 0x620c0067, 0x1c8c6d01, 0x1c8c6d01, 0x1c8c6d01, 0xc3269013, 0xc3269013, 0xc3269013, 0x59c36f00, 0x26e7e0bb, 0x26e7e0bb, 0x59c36f00, }, 20 }, ++ { "gfxterm_quot", 800, 600, 0x2, 16, 8, 1, 0, 0, 0, 0, 0, 0, 0, 0 /* 800x600xi16 */, (grub_uint32_t []) { 0xaa4593fe, 0x2b3430fb, 0x8f1eb743, 0x2b3430fb, 0x531b584, 0xaa4593fe, 0xaa4593fe, 0xa8a596c8, 0xa8a596c8, 0xa8a596c8, 0xe509baf, 0xe509baf, 0xe509baf, 0x16f0dc06, 0x16f0dc06, 0x16f0dc06, 0xaa4593fe, 0x531b584, 0x531b584, 0xaa4593fe, }, 20 }, ++ { "gfxterm_quot", 1024, 768, 0x2, 16, 8, 1, 0, 0, 0, 0, 0, 0, 0, 0 /* 1024x768xi16 */, (grub_uint32_t []) { 0xc9cbf769, 0xb523e920, 0xfafb6f8, 0xb523e920, 0xe83484a4, 0xc9cbf769, 0xc9cbf769, 0x3ce35e1d, 0x3ce35e1d, 0x3ce35e1d, 0xc23b9fd1, 0xc23b9fd1, 0xc23b9fd1, 0x5b18528e, 0x5b18528e, 0x5b18528e, 0xc9cbf769, 0xe83484a4, 0xe83484a4, 0xc9cbf769, }, 20 }, ++ { "gfxterm_quot", 640, 480, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 640x480xrgba8888 */, (grub_uint32_t []) { 0x9813a416, 0xa9bf7336, 0x1a1f7a01, 0xa9bf7336, 0xb11ee1b4, 0x9813a416, 0x9813a416, 0x43fda3fa, 0x43fda3fa, 0x43fda3fa, 0xd22625c9, 0xd22625c9, 0xd22625c9, 0x76a62c0a, 0x76a62c0a, 0x76a62c0a, 0x9813a416, 0xb11ee1b4, 0xb11ee1b4, 0x9813a416, }, 20 }, ++ { "gfxterm_quot", 800, 600, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 800x600xrgba8888 */, (grub_uint32_t []) { 0x5fcf013d, 0xe5271912, 0xf5d10273, 0xe5271912, 0xf05a51a1, 0x5fcf013d, 0x5fcf013d, 0xf3582c48, 0xf3582c48, 0xf3582c48, 0x2148343e, 0x2148343e, 0x2148343e, 0x9c719024, 0x9c719024, 0x9c719024, 0x5fcf013d, 0xf05a51a1, 0xf05a51a1, 0x5fcf013d, }, 20 }, ++ { "gfxterm_quot", 1024, 768, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 1024x768xrgba8888 */, (grub_uint32_t []) { 0xdd28f52b, 0x66a34f49, 0x32dbeb97, 0x66a34f49, 0x59b7e501, 0xdd28f52b, 0xdd28f52b, 0xb3c7ef80, 0xb3c7ef80, 0xb3c7ef80, 0x92fb1664, 0x92fb1664, 0x92fb1664, 0xd15b5e2e, 0xd15b5e2e, 0xd15b5e2e, 0xdd28f52b, 0x59b7e501, 0x59b7e501, 0xdd28f52b, }, 20 }, ++ { "gfxterm_quot", 2560, 1440, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 2560x1440xrgba8888 */, (grub_uint32_t []) { 0x43d1f34, 0x7c2f19da, 0xd7bece67, 0x7c2f19da, 0xe53473ab, 0x43d1f34, 0x43d1f34, 0xa0717008, 0xa0717008, 0xa0717008, 0xdf7bd9a0, 0xdf7bd9a0, 0xdf7bd9a0, 0x8e5a9312, 0x8e5a9312, 0x8e5a9312, 0x43d1f34, 0xe53473ab, 0xe53473ab, 0x43d1f34, }, 20 }, ++ { "gfxterm_piglatin", 640, 480, 0x2, 16, 8, 1, 0, 0, 0, 0, 0, 0, 0, 0 /* 640x480xi16 */, (grub_uint32_t []) { 0x59c36f00, 0x37943894, 0x78248c70, 0x37943894, 0x7462f5d3, 0x59c36f00, 0x59c36f00, 0xf4be229a, 0xf4be229a, 0xf4be229a, 0x8a3e4ffc, 0x8a3e4ffc, 0x8a3e4ffc, 0x5594b2ee, 0x5594b2ee, 0x5594b2ee, 0x59c36f00, 0x7462f5d3, 0x7462f5d3, 0x59c36f00, }, 20 }, ++ { "gfxterm_piglatin", 800, 600, 0x2, 16, 8, 1, 0, 0, 0, 0, 0, 0, 0, 0 /* 800x600xi16 */, (grub_uint32_t []) { 0xaa4593fe, 0xd5158e6c, 0xdc71ba0f, 0xd5158e6c, 0xfb100b13, 0xaa4593fe, 0xaa4593fe, 0xd3ed72a3, 0xd3ed72a3, 0xd3ed72a3, 0x75187fc4, 0x75187fc4, 0x75187fc4, 0x6db8386d, 0x6db8386d, 0x6db8386d, 0xaa4593fe, 0xfb100b13, 0xfb100b13, 0xaa4593fe, }, 20 }, ++ { "gfxterm_piglatin", 1024, 768, 0x2, 16, 8, 1, 0, 0, 0, 0, 0, 0, 0, 0 /* 1024x768xi16 */, (grub_uint32_t []) { 0xc9cbf769, 0x6277a9e6, 0xa3265ffb, 0x6277a9e6, 0x3f60c462, 0xc9cbf769, 0xc9cbf769, 0x2dcf8a8d, 0x2dcf8a8d, 0x2dcf8a8d, 0xd3174b41, 0xd3174b41, 0xd3174b41, 0x4a34861e, 0x4a34861e, 0x4a34861e, 0xc9cbf769, 0x3f60c462, 0x3f60c462, 0xc9cbf769, }, 20 }, ++ { "gfxterm_piglatin", 640, 480, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 640x480xrgba8888 */, (grub_uint32_t []) { 0x9813a416, 0x81115dc4, 0xddf3f768, 0x81115dc4, 0x99b0cf46, 0x9813a416, 0x9813a416, 0x9b9d96df, 0x9b9d96df, 0x9b9d96df, 0xa4610ec, 0xa4610ec, 0xa4610ec, 0xaec6192f, 0xaec6192f, 0xaec6192f, 0x9813a416, 0x99b0cf46, 0x99b0cf46, 0x9813a416, }, 20 }, ++ { "gfxterm_piglatin", 800, 600, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 800x600xrgba8888 */, (grub_uint32_t []) { 0x5fcf013d, 0x5e96a904, 0x27864d3d, 0x5e96a904, 0x4bebe1b7, 0x5fcf013d, 0x5fcf013d, 0x18cae7f4, 0x18cae7f4, 0x18cae7f4, 0xcadaff82, 0xcadaff82, 0xcadaff82, 0x77e35b98, 0x77e35b98, 0x77e35b98, 0x5fcf013d, 0x4bebe1b7, 0x4bebe1b7, 0x5fcf013d, }, 20 }, ++ { "gfxterm_piglatin", 1024, 768, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 1024x768xrgba8888 */, (grub_uint32_t []) { 0xdd28f52b, 0xd00b19f8, 0xba73a9c6, 0xd00b19f8, 0xef1fb3b0, 0xdd28f52b, 0xdd28f52b, 0xb660046d, 0xb660046d, 0xb660046d, 0x975cfd89, 0x975cfd89, 0x975cfd89, 0xd4fcb5c3, 0xd4fcb5c3, 0xd4fcb5c3, 0xdd28f52b, 0xef1fb3b0, 0xef1fb3b0, 0xdd28f52b, }, 20 }, ++ { "gfxterm_piglatin", 2560, 1440, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 2560x1440xrgba8888 */, (grub_uint32_t []) { 0x43d1f34, 0x8b4b98cd, 0x78ddc6e4, 0x8b4b98cd, 0x1250f2bc, 0x43d1f34, 0x43d1f34, 0x4889d3fd, 0x4889d3fd, 0x4889d3fd, 0x37837a55, 0x37837a55, 0x37837a55, 0x66a230e7, 0x66a230e7, 0x66a230e7, 0x43d1f34, 0x1250f2bc, 0x1250f2bc, 0x43d1f34, }, 20 }, ++ { "gfxterm_ch", 640, 480, 0x2, 16, 8, 1, 0, 0, 0, 0, 0, 0, 0, 0 /* 640x480xi16 */, (grub_uint32_t []) { 0x59c36f00, 0xfecb570e, 0xccb97a7a, 0xfecb570e, 0xbd3d9a49, 0x59c36f00, 0x59c36f00, 0x40281258, 0x40281258, 0x40281258, 0x3ea87f3e, 0x3ea87f3e, 0x3ea87f3e, 0xe102822c, 0xe102822c, 0xe102822c, 0x59c36f00, 0xbd3d9a49, 0xbd3d9a49, 0x59c36f00, }, 20 }, ++ { "gfxterm_ch", 800, 600, 0x2, 16, 8, 1, 0, 0, 0, 0, 0, 0, 0, 0 /* 800x600xi16 */, (grub_uint32_t []) { 0xaa4593fe, 0x897d1fac, 0xaa982529, 0x897d1fac, 0xa7789ad3, 0xaa4593fe, 0xaa4593fe, 0xa482510, 0xa482510, 0xa482510, 0xacbd2877, 0xacbd2877, 0xacbd2877, 0xb41d6fde, 0xb41d6fde, 0xb41d6fde, 0xaa4593fe, 0xa7789ad3, 0xa7789ad3, 0xaa4593fe, }, 20 }, ++ { "gfxterm_ch", 1024, 768, 0x2, 16, 8, 1, 0, 0, 0, 0, 0, 0, 0, 0 /* 1024x768xi16 */, (grub_uint32_t []) { 0xc9cbf769, 0xd02a5297, 0xe627ab58, 0xd02a5297, 0x8d3d3f13, 0xc9cbf769, 0xc9cbf769, 0xbf0a8b7f, 0xbf0a8b7f, 0xbf0a8b7f, 0x41d24ab3, 0x41d24ab3, 0x41d24ab3, 0xd8f187ec, 0xd8f187ec, 0xd8f187ec, 0xc9cbf769, 0x8d3d3f13, 0x8d3d3f13, 0xc9cbf769, }, 20 }, ++ { "gfxterm_ch", 640, 480, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 640x480xrgba8888 */, (grub_uint32_t []) { 0x9813a416, 0xa653dcda, 0x3392e976, 0xa653dcda, 0xbef24e58, 0x9813a416, 0x9813a416, 0x4f2bc106, 0x4f2bc106, 0x4f2bc106, 0xdef04735, 0xdef04735, 0xdef04735, 0x7a704ef6, 0x7a704ef6, 0x7a704ef6, 0x9813a416, 0xbef24e58, 0xbef24e58, 0x9813a416, }, 20 }, ++ { "gfxterm_ch", 800, 600, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 800x600xrgba8888 */, (grub_uint32_t []) { 0x5fcf013d, 0xe2d7b585, 0x35241f36, 0xe2d7b585, 0xf7aafd36, 0x5fcf013d, 0x5fcf013d, 0xf2bd04db, 0xf2bd04db, 0xf2bd04db, 0x20ad1cad, 0x20ad1cad, 0x20ad1cad, 0x9d94b8b7, 0x9d94b8b7, 0x9d94b8b7, 0x5fcf013d, 0xf7aafd36, 0xf7aafd36, 0x5fcf013d, }, 20 }, ++ { "gfxterm_ch", 1024, 768, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 1024x768xrgba8888 */, (grub_uint32_t []) { 0xdd28f52b, 0x72ff749c, 0xeda8c283, 0x72ff749c, 0x4debded4, 0xdd28f52b, 0xdd28f52b, 0xb8c9cc22, 0xb8c9cc22, 0xb8c9cc22, 0x99f535c6, 0x99f535c6, 0x99f535c6, 0xda557d8c, 0xda557d8c, 0xda557d8c, 0xdd28f52b, 0x4debded4, 0x4debded4, 0xdd28f52b, }, 20 }, ++ { "gfxterm_ch", 2560, 1440, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 2560x1440xrgba8888 */, (grub_uint32_t []) { 0x43d1f34, 0xb7cac764, 0xeb4bf417, 0xb7cac764, 0x2ed1ad15, 0x43d1f34, 0x43d1f34, 0xce718801, 0xce718801, 0xce718801, 0xb17b21a9, 0xb17b21a9, 0xb17b21a9, 0xe05a6b1b, 0xe05a6b1b, 0xe05a6b1b, 0x43d1f34, 0x2ed1ad15, 0x2ed1ad15, 0x43d1f34, }, 20 }, ++ { "gfxterm_red", 640, 480, 0x2, 16, 8, 1, 0, 0, 0, 0, 0, 0, 0, 0 /* 640x480xi16 */, (grub_uint32_t []) { 0x59c36f00, 0x930e8e13, 0xf5c16290, 0x930e8e13, 0x27f5f1c0, 0x59c36f00, 0x59c36f00, 0xbad4e11, 0xbad4e11, 0xbad4e11, 0x752d2377, 0x752d2377, 0x752d2377, 0xaa87de65, 0xaa87de65, 0xaa87de65, 0x59c36f00, 0x27f5f1c0, 0x27f5f1c0, 0x59c36f00, }, 20 }, ++ { "gfxterm_red", 800, 600, 0x2, 16, 8, 1, 0, 0, 0, 0, 0, 0, 0, 0 /* 800x600xi16 */, (grub_uint32_t []) { 0xaa4593fe, 0xff9301f2, 0x5bb9864a, 0xff9301f2, 0x31c145de, 0xaa4593fe, 0xaa4593fe, 0x23bf2c32, 0x23bf2c32, 0x23bf2c32, 0x854a2155, 0x854a2155, 0x854a2155, 0x9dea66fc, 0x9dea66fc, 0x9dea66fc, 0xaa4593fe, 0x31c145de, 0x31c145de, 0xaa4593fe, }, 20 }, ++ { "gfxterm_red", 1024, 768, 0x2, 16, 8, 1, 0, 0, 0, 0, 0, 0, 0, 0 /* 1024x768xi16 */, (grub_uint32_t []) { 0xc9cbf769, 0xfc5938ef, 0x46d56737, 0xfc5938ef, 0x23cf2668, 0xc9cbf769, 0xc9cbf769, 0xa8c549aa, 0xa8c549aa, 0xa8c549aa, 0x561d8866, 0x561d8866, 0x561d8866, 0xcf3e4539, 0xcf3e4539, 0xcf3e4539, 0xc9cbf769, 0x23cf2668, 0x23cf2668, 0xc9cbf769, }, 20 }, ++ { "gfxterm_red", 640, 480, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 640x480xrgba8888 */, (grub_uint32_t []) { 0x9813a416, 0xe7160822, 0x54b60115, 0xe7160822, 0x168efa6f, 0x9813a416, 0x9813a416, 0xb774a5aa, 0xb774a5aa, 0xb774a5aa, 0x26af2399, 0x26af2399, 0x26af2399, 0x822f2a5a, 0x822f2a5a, 0x822f2a5a, 0x9813a416, 0x168efa6f, 0x168efa6f, 0x9813a416, }, 20 }, ++ { "gfxterm_red", 800, 600, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 800x600xrgba8888 */, (grub_uint32_t []) { 0x5fcf013d, 0xf655f9b2, 0xe6a3e2d3, 0xf655f9b2, 0xd1d7405f, 0x5fcf013d, 0x5fcf013d, 0x2accaa08, 0x2accaa08, 0x2accaa08, 0xf8dcb27e, 0xf8dcb27e, 0xf8dcb27e, 0x45e51664, 0x45e51664, 0x45e51664, 0x5fcf013d, 0xd1d7405f, 0xd1d7405f, 0x5fcf013d, }, 20 }, ++ { "gfxterm_red", 1024, 768, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 1024x768xrgba8888 */, (grub_uint32_t []) { 0xdd28f52b, 0x2d85ebdc, 0x79fd4f02, 0x2d85ebdc, 0xc48ae2b6, 0xdd28f52b, 0xdd28f52b, 0x76b28a95, 0x76b28a95, 0x76b28a95, 0x578e7371, 0x578e7371, 0x578e7371, 0x142e3b3b, 0x142e3b3b, 0x142e3b3b, 0xdd28f52b, 0xc48ae2b6, 0xc48ae2b6, 0xdd28f52b, }, 20 }, ++ { "gfxterm_red", 2560, 1440, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 2560x1440xrgba8888 */, (grub_uint32_t []) { 0x43d1f34, 0x29c00f98, 0x8251d825, 0x29c00f98, 0x35a750d1, 0x43d1f34, 0x43d1f34, 0x48b70bc8, 0x48b70bc8, 0x48b70bc8, 0x37bda260, 0x37bda260, 0x37bda260, 0x669ce8d2, 0x669ce8d2, 0x669ce8d2, 0x43d1f34, 0x35a750d1, 0x35a750d1, 0x43d1f34, }, 20 }, ++ { "gfxterm_high", 640, 480, 0x2, 16, 8, 1, 0, 0, 0, 0, 0, 0, 0, 0 /* 640x480xi16 */, (grub_uint32_t []) { 0x59c36f00, 0x4afab717, 0x2c355b94, 0x4afab717, 0x1166d9d0, 0x59c36f00, 0x59c36f00, 0x620c0067, 0x620c0067, 0x620c0067, 0x1c8c6d01, 0x1c8c6d01, 0x1c8c6d01, 0xc3269013, 0xc3269013, 0xc3269013, 0x59c36f00, 0x1166d9d0, 0x1166d9d0, 0x59c36f00, }, 20 }, ++ { "gfxterm_high", 800, 600, 0x2, 16, 8, 1, 0, 0, 0, 0, 0, 0, 0, 0 /* 800x600xi16 */, (grub_uint32_t []) { 0xaa4593fe, 0xe3daadd4, 0x47f02a6c, 0xe3daadd4, 0x5ea9fb21, 0xaa4593fe, 0xaa4593fe, 0xa8a596c8, 0xa8a596c8, 0xa8a596c8, 0xe509baf, 0xe509baf, 0xe509baf, 0x16f0dc06, 0x16f0dc06, 0x16f0dc06, 0xaa4593fe, 0x5ea9fb21, 0x5ea9fb21, 0xaa4593fe, }, 20 }, ++ { "gfxterm_high", 1024, 768, 0x2, 16, 8, 1, 0, 0, 0, 0, 0, 0, 0, 0 /* 1024x768xi16 */, (grub_uint32_t []) { 0xc9cbf769, 0xf140d1df, 0x4bcc8e07, 0xf140d1df, 0x7c962dcb, 0xc9cbf769, 0xc9cbf769, 0x3ce35e1d, 0x3ce35e1d, 0x3ce35e1d, 0xc23b9fd1, 0xc23b9fd1, 0xc23b9fd1, 0x5b18528e, 0x5b18528e, 0x5b18528e, 0xc9cbf769, 0x7c962dcb, 0x7c962dcb, 0xc9cbf769, }, 20 }, ++ { "gfxterm_high", 640, 480, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 640x480xrgba8888 */, (grub_uint32_t []) { 0x9813a416, 0xe709a12d, 0x54a9a81a, 0xe709a12d, 0xde04d65c, 0x9813a416, 0x9813a416, 0x43fda3fa, 0x43fda3fa, 0x43fda3fa, 0xd22625c9, 0xd22625c9, 0xd22625c9, 0x76a62c0a, 0x76a62c0a, 0x76a62c0a, 0x9813a416, 0xde04d65c, 0xde04d65c, 0x9813a416, }, 20 }, ++ { "gfxterm_high", 800, 600, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 800x600xrgba8888 */, (grub_uint32_t []) { 0x5fcf013d, 0x65eff77c, 0x7519ec1d, 0x65eff77c, 0x1cd7d353, 0x5fcf013d, 0x5fcf013d, 0xf3582c48, 0xf3582c48, 0xf3582c48, 0x2148343e, 0x2148343e, 0x2148343e, 0x9c719024, 0x9c719024, 0x9c719024, 0x5fcf013d, 0x1cd7d353, 0x1cd7d353, 0x5fcf013d, }, 20 }, ++ { "gfxterm_high", 1024, 768, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 1024x768xrgba8888 */, (grub_uint32_t []) { 0xdd28f52b, 0x7318831a, 0x276027c4, 0x7318831a, 0xd7e4f5bb, 0xdd28f52b, 0xdd28f52b, 0xb3c7ef80, 0xb3c7ef80, 0xb3c7ef80, 0x92fb1664, 0x92fb1664, 0x92fb1664, 0xd15b5e2e, 0xd15b5e2e, 0xd15b5e2e, 0xdd28f52b, 0xd7e4f5bb, 0xd7e4f5bb, 0xdd28f52b, }, 20 }, ++ { "gfxterm_high", 2560, 1440, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 2560x1440xrgba8888 */, (grub_uint32_t []) { 0x43d1f34, 0x6927a7d4, 0xc2b67069, 0x6927a7d4, 0xfc345163, 0x43d1f34, 0x43d1f34, 0xa0717008, 0xa0717008, 0xa0717008, 0xdf7bd9a0, 0xdf7bd9a0, 0xdf7bd9a0, 0x8e5a9312, 0x8e5a9312, 0x8e5a9312, 0x43d1f34, 0xfc345163, 0xfc345163, 0x43d1f34, }, 20 }, ++ { "videotest", 640, 480, 0x2, 16, 8, 1, 0, 0, 0, 0, 0, 0, 0, 0 /* 640x480xi16 */, (grub_uint32_t []) { 0xe6012f70, 0xe6012f70, 0xe6012f70, 0xe6012f70, 0xe6012f70, }, 5 }, ++ { "videotest", 800, 600, 0x2, 16, 8, 1, 0, 0, 0, 0, 0, 0, 0, 0 /* 800x600xi16 */, (grub_uint32_t []) { 0xfb6be77b, 0xfb6be77b, 0xfb6be77b, 0xfb6be77b, 0xfb6be77b, }, 5 }, ++ { "videotest", 1024, 768, 0x2, 16, 8, 1, 0, 0, 0, 0, 0, 0, 0, 0 /* 1024x768xi16 */, (grub_uint32_t []) { 0x67c0629f, 0x67c0629f, 0x67c0629f, 0x67c0629f, 0x67c0629f, }, 5 }, ++ { "videotest", 640, 480, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 640x480xrgba8888 */, (grub_uint32_t []) { 0x8f20afbb, 0xd8f7abc, 0x8f937344, 0xd3ca643, 0x8e471645, }, 5 }, ++ { "videotest", 800, 600, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 800x600xrgba8888 */, (grub_uint32_t []) { 0xdca764da, 0x9f76da9a, 0x5b04185a, 0x18d5a61a, 0xd60deb2b, }, 5 }, ++ { "videotest", 1024, 768, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 1024x768xrgba8888 */, (grub_uint32_t []) { 0x7b87af36, 0x7cb96093, 0x75fa307c, 0x72c4ffd9, 0x677c91a2, }, 5 }, ++ { "videotest", 2560, 1440, 0x1, 256, 32, 4, 16, 8, 8, 8, 0, 8, 24, 8 /* 2560x1440xrgba8888 */, (grub_uint32_t []) { 0x72981c65, 0x50120635, 0x378c28c5, 0x15063295, 0xf8b07525, }, 5 }, ++ { "videotest", 640, 480, 0x2, 256, 8, 1, 0, 0, 0, 0, 0, 0, 0, 0 /* 640x480xi256 */, (grub_uint32_t []) { 0xc8f64b58, 0xc8f64b58, 0xc8f64b58, 0xc8f64b58, 0xc8f64b58, }, 5 }, ++ { "videotest", 800, 600, 0x2, 256, 8, 1, 0, 0, 0, 0, 0, 0, 0, 0 /* 800x600xi256 */, (grub_uint32_t []) { 0x2b499dfa, 0x2b499dfa, 0x2b499dfa, 0x2b499dfa, 0x2b499dfa, }, 5 }, ++ { "videotest", 1024, 768, 0x2, 256, 8, 1, 0, 0, 0, 0, 0, 0, 0, 0 /* 1024x768xi256 */, (grub_uint32_t []) { 0x6156b420, 0x6156b420, 0x6156b420, 0x6156b420, 0x6156b420, }, 5 }, ++ { "videotest", 640, 480, 0x1, 256, 15, 2, 10, 5, 5, 5, 0, 5, 0, 0 /* 640x480xrgba5550 */, (grub_uint32_t []) { 0x363285ca, 0x363285ca, 0x363285ca, 0x363285ca, 0x363285ca, }, 5 }, ++ { "videotest", 800, 600, 0x1, 256, 15, 2, 10, 5, 5, 5, 0, 5, 0, 0 /* 800x600xrgba5550 */, (grub_uint32_t []) { 0x25bb37f4, 0x25bb37f4, 0x25bb37f4, 0x25bb37f4, 0x25bb37f4, }, 5 }, ++ { "videotest", 1024, 768, 0x1, 256, 15, 2, 10, 5, 5, 5, 0, 5, 0, 0 /* 1024x768xrgba5550 */, (grub_uint32_t []) { 0xeeab9e91, 0xeeab9e91, 0xeeab9e91, 0xeeab9e91, 0xeeab9e91, }, 5 }, ++ { "videotest", 640, 480, 0x1, 256, 16, 2, 11, 5, 5, 6, 0, 5, 0, 0 /* 640x480xrgba5650 */, (grub_uint32_t []) { 0x26a9a50b, 0x26a9a50b, 0x26a9a50b, 0x26a9a50b, 0x26a9a50b, }, 5 }, ++ { "videotest", 800, 600, 0x1, 256, 16, 2, 11, 5, 5, 6, 0, 5, 0, 0 /* 800x600xrgba5650 */, (grub_uint32_t []) { 0x2c0f4fe7, 0x2c0f4fe7, 0x2c0f4fe7, 0x2c0f4fe7, 0x2c0f4fe7, }, 5 }, ++ { "videotest", 1024, 768, 0x1, 256, 16, 2, 11, 5, 5, 6, 0, 5, 0, 0 /* 1024x768xrgba5650 */, (grub_uint32_t []) { 0x46c11052, 0x46c11052, 0x46c11052, 0x46c11052, 0x46c11052, }, 5 }, ++ { "videotest", 640, 480, 0x1, 256, 24, 3, 16, 8, 8, 8, 0, 8, 0, 0 /* 640x480xrgba8880 */, (grub_uint32_t []) { 0xe56cf615, 0xcd2be572, 0xb5e2d0db, 0x9da5c3bc, 0x4470bb89, }, 5 }, ++ { "videotest", 800, 600, 0x1, 256, 24, 3, 16, 8, 8, 8, 0, 8, 0, 0 /* 800x600xrgba8880 */, (grub_uint32_t []) { 0x2a25b871, 0x4bf85361, 0xe99e6e51, 0x88438541, 0xa8be62c0, }, 5 }, ++ { "videotest", 1024, 768, 0x1, 256, 24, 3, 16, 8, 8, 8, 0, 8, 0, 0 /* 1024x768xrgba8880 */, (grub_uint32_t []) { 0x81523037, 0xd8c0bfd3, 0x32772fff, 0x6be5a01b, 0xe2f47956, }, 5 }, ++ { "videotest", 640, 480, 0x1, 256, 15, 2, 0, 5, 5, 5, 10, 5, 0, 0 /* 640x480xbgra5550 */, (grub_uint32_t []) { 0x1833bb41, 0x1833bb41, 0x1833bb41, 0x1833bb41, 0x1833bb41, }, 5 }, ++ { "videotest", 800, 600, 0x1, 256, 15, 2, 0, 5, 5, 5, 10, 5, 0, 0 /* 800x600xbgra5550 */, (grub_uint32_t []) { 0x2c39a0e8, 0x2c39a0e8, 0x2c39a0e8, 0x2c39a0e8, 0x2c39a0e8, }, 5 }, ++ { "videotest", 1024, 768, 0x1, 256, 15, 2, 0, 5, 5, 5, 10, 5, 0, 0 /* 1024x768xbgra5550 */, (grub_uint32_t []) { 0xf0d4c23, 0xf0d4c23, 0xf0d4c23, 0xf0d4c23, 0xf0d4c23, }, 5 }, ++ { "videotest", 640, 480, 0x1, 256, 16, 2, 0, 5, 5, 6, 11, 5, 0, 0 /* 640x480xbgra5650 */, (grub_uint32_t []) { 0x456d063c, 0x456d063c, 0x456d063c, 0x456d063c, 0x456d063c, }, 5 }, ++ { "videotest", 800, 600, 0x1, 256, 16, 2, 0, 5, 5, 6, 11, 5, 0, 0 /* 800x600xbgra5650 */, (grub_uint32_t []) { 0x47e15a2e, 0x47e15a2e, 0x47e15a2e, 0x47e15a2e, 0x47e15a2e, }, 5 }, ++ { "videotest", 1024, 768, 0x1, 256, 16, 2, 0, 5, 5, 6, 11, 5, 0, 0 /* 1024x768xbgra5650 */, (grub_uint32_t []) { 0x54d7300d, 0x54d7300d, 0x54d7300d, 0x54d7300d, 0x54d7300d, }, 5 }, ++ { "videotest", 640, 480, 0x1, 256, 24, 3, 0, 8, 8, 8, 16, 8, 0, 0 /* 640x480xbgra8880 */, (grub_uint32_t []) { 0x770da211, 0x8ef2528e, 0x811e35de, 0x78e1c541, 0x9ec6fb7e, }, 5 }, ++ { "videotest", 800, 600, 0x1, 256, 24, 3, 0, 8, 8, 8, 16, 8, 0, 0 /* 800x600xbgra8880 */, (grub_uint32_t []) { 0xeb181fbc, 0xae648cc1, 0x61e13946, 0x249daa3b, 0xfb0624b9, }, 5 }, ++ { "videotest", 1024, 768, 0x1, 256, 24, 3, 0, 8, 8, 8, 16, 8, 0, 0 /* 1024x768xbgra8880 */, (grub_uint32_t []) { 0x2b6f64dc, 0xc25f8431, 0xfce2d3f7, 0x15d2331a, 0x81987c7b, }, 5 }, ++ { "videotest", 640, 480, 0x1, 256, 32, 4, 0, 8, 8, 8, 16, 8, 24, 8 /* 640x480xbgra8888 */, (grub_uint32_t []) { 0xa260f7dd, 0x3e2f4980, 0x9f13fd96, 0x35c43cb, 0xd886e34b, }, 5 }, ++ { "videotest", 800, 600, 0x1, 256, 32, 4, 0, 8, 8, 8, 16, 8, 24, 8 /* 800x600xbgra8888 */, (grub_uint32_t []) { 0x41a9bff8, 0xa0d3f7c3, 0x86b1597f, 0x67cb1144, 0xca740407, }, 5 }, ++ { "videotest", 1024, 768, 0x1, 256, 32, 4, 0, 8, 8, 8, 16, 8, 24, 8 /* 1024x768xbgra8888 */, (grub_uint32_t []) { 0x8f7a3b6d, 0xcb84c6e3, 0x687c071, 0x42793dff, 0x996dbba4, }, 5 }, +diff --git a/include/grub/aout.h b/include/grub/aout.h +index 10d7dde61ececf0e980c6ad62420764fcefd5e67..c8c1d94eca518042992a6fc5e3777f81a39b431d 100644 +--- a/include/grub/aout.h ++++ b/include/grub/aout.h +@@ -52,6 +52,7 @@ + #define GRUB_AOUT_HEADER 1 + + #include ++#include + + struct grub_aout32_header + { +diff --git a/include/grub/arc/arc.h b/include/grub/arc/arc.h +index 7615a49a92cac0ac16326c188e438b789b09acec..999de7196753b58781a02c5311c9bc3834408021 100644 +--- a/include/grub/arc/arc.h ++++ b/include/grub/arc/arc.h +@@ -53,7 +53,7 @@ enum grub_arc_memory_type + #ifndef GRUB_CPU_WORDS_BIGENDIAN + GRUB_ARC_MEMORY_FREE_CONTIGUOUS, + #endif +- } grub_arc_memory_type_t; ++ }; + + struct grub_arc_timeinfo + { +diff --git a/include/grub/arm/coreboot/console.h b/include/grub/arm/coreboot/console.h +new file mode 100644 +index 0000000000000000000000000000000000000000..13a14b783839a6cae96845973ae3087bcaef670e +--- /dev/null ++++ b/include/grub/arm/coreboot/console.h +@@ -0,0 +1,29 @@ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2009 Free Software Foundation, Inc. ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ */ ++ ++#ifndef GRUB_MACHINE_CONSOLE_HEADER ++#define GRUB_MACHINE_CONSOLE_HEADER 1 ++ ++void grub_video_coreboot_fb_init (void); ++void grub_video_coreboot_fb_early_init (void); ++void grub_video_coreboot_fb_late_init (void); ++void grub_video_coreboot_fb_fini (void); ++ ++extern struct grub_linuxbios_table_framebuffer *grub_video_coreboot_fbtable; ++ ++#endif /* ! GRUB_MACHINE_CONSOLE_HEADER */ +diff --git a/include/grub/arm/coreboot/kernel.h b/include/grub/arm/coreboot/kernel.h +new file mode 100644 +index 0000000000000000000000000000000000000000..2695053427050f306b8ca86ba066df90c519e8e0 +--- /dev/null ++++ b/include/grub/arm/coreboot/kernel.h +@@ -0,0 +1,44 @@ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2013 Free Software Foundation, Inc. ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ */ ++ ++#ifndef GRUB_KERNEL_MACHINE_HEADER ++#define GRUB_KERNEL_MACHINE_HEADER 1 ++ ++#ifndef ASM_FILE ++ ++#include ++#include ++ ++struct grub_fdt_board ++{ ++ const char *vendor, *part; ++ const grub_uint8_t *dtb; ++ grub_size_t dtb_size; ++}; ++ ++extern struct grub_fdt_board grub_fdt_boards[]; ++void grub_machine_timer_init (void); ++void grub_pl050_init (void); ++void grub_cros_init (void); ++void grub_rk3288_spi_init (void); ++extern grub_addr_t EXPORT_VAR (start_of_ram); ++#endif /* ! ASM_FILE */ ++ ++#define GRUB_KERNEL_MACHINE_STACK_SIZE GRUB_KERNEL_ARM_STACK_SIZE ++ ++#endif /* ! GRUB_KERNEL_MACHINE_HEADER */ +diff --git a/include/grub/arm/cros_ec.h b/include/grub/arm/cros_ec.h +new file mode 100644 +index 0000000000000000000000000000000000000000..45a372572a5c3c411c9b2b7f328135f5cbe551c8 +--- /dev/null ++++ b/include/grub/arm/cros_ec.h +@@ -0,0 +1,21 @@ ++#ifndef GRUB_ARM_CROS_EC_H ++#define GRUB_ARM_CROS_EC_H 1 ++ ++#include ++#include ++ ++#define GRUB_CROS_EC_KEYSCAN_COLS 13 ++#define GRUB_CROS_EC_KEYSCAN_ROWS 8 ++ ++struct grub_cros_ec_keyscan { ++ grub_uint8_t data[GRUB_CROS_EC_KEYSCAN_COLS]; ++}; ++ ++int ++grub_cros_ec_scan_keyboard (const struct grub_fdtbus_dev *dev, ++ struct grub_cros_ec_keyscan *scan); ++ ++int ++grub_cros_ec_validate (const struct grub_fdtbus_dev *dev); ++ ++#endif +diff --git a/include/grub/arm/linux.h b/include/grub/arm/linux.h +index a66caad13db8c5c3b0da10f624d01a81640eab44..712ba17b9ba30cf850b6a9011d08a04d57816227 100644 +--- a/include/grub/arm/linux.h ++++ b/include/grub/arm/linux.h +@@ -17,14 +17,28 @@ + * along with GRUB. If not, see . + */ + +-#ifndef GRUB_LINUX_CPU_HEADER +-#define GRUB_LINUX_CPU_HEADER 1 +- +-#define LINUX_ZIMAGE_OFFSET 0x24 +-#define LINUX_ZIMAGE_MAGIC 0x016f2818 ++#ifndef GRUB_ARM_LINUX_HEADER ++#define GRUB_ARM_LINUX_HEADER 1 + + #include "system.h" + ++#define GRUB_LINUX_ARM_MAGIC_SIGNATURE 0x016f2818 ++ ++struct linux_arm_kernel_header { ++ grub_uint32_t code0; ++ grub_uint32_t reserved1[8]; ++ grub_uint32_t magic; ++ grub_uint32_t start; /* _start */ ++ grub_uint32_t end; /* _edata */ ++ grub_uint32_t reserved2[4]; ++ grub_uint32_t hdr_offset; ++}; ++ ++#if defined(__arm__) ++# define GRUB_LINUX_ARMXX_MAGIC_SIGNATURE GRUB_LINUX_ARM_MAGIC_SIGNATURE ++# define linux_armxx_kernel_header linux_arm_kernel_header ++#endif ++ + #if defined GRUB_MACHINE_UBOOT + # include + # define LINUX_ADDRESS (start_of_ram + 0x8000) +@@ -32,15 +46,17 @@ + # define LINUX_FDT_ADDRESS (LINUX_INITRD_ADDRESS - 0x10000) + # define grub_arm_firmware_get_boot_data grub_uboot_get_boot_data + # define grub_arm_firmware_get_machine_type grub_uboot_get_machine_type +-#elif defined GRUB_MACHINE_EFI +-# include +-# include +-/* On UEFI platforms - load the images at the lowest available address not +- less than *_PHYS_OFFSET from the first available memory location. */ +-# define LINUX_PHYS_OFFSET (0x00008000) +-# define LINUX_INITRD_PHYS_OFFSET (LINUX_PHYS_OFFSET + 0x02000000) +-# define LINUX_FDT_PHYS_OFFSET (LINUX_INITRD_PHYS_OFFSET - 0x10000) +-# define grub_arm_firmware_get_boot_data (grub_addr_t)grub_efi_get_firmware_fdt ++#elif defined (GRUB_MACHINE_COREBOOT) ++#include ++#include ++# define LINUX_ADDRESS (start_of_ram + 0x8000) ++# define LINUX_INITRD_ADDRESS (start_of_ram + 0x02000000) ++# define LINUX_FDT_ADDRESS (LINUX_INITRD_ADDRESS - 0x10000) ++static inline const void * ++grub_arm_firmware_get_boot_data (void) ++{ ++ return grub_fdtbus_get_fdt (); ++} + static inline grub_uint32_t + grub_arm_firmware_get_machine_type (void) + { +@@ -48,6 +64,4 @@ grub_arm_firmware_get_machine_type (void) + } + #endif + +-#define FDT_ADDITIONAL_ENTRIES_SIZE 0x300 +- +-#endif /* ! GRUB_LINUX_CPU_HEADER */ ++#endif /* ! GRUB_ARM_LINUX_HEADER */ +diff --git a/include/grub/arm/startup.h b/include/grub/arm/startup.h +new file mode 100644 +index 0000000000000000000000000000000000000000..9afb6c57c0bc4c53e96f711bf545d94a8ed07aa5 +--- /dev/null ++++ b/include/grub/arm/startup.h +@@ -0,0 +1,16 @@ ++#ifndef GRUB_STARTUP_CPU_HEADER ++#define GRUB_STARTUP_CPU_HEADER ++ ++struct grub_arm_startup_registers ++{ ++ /* registers 0-11 */ ++ /* for U-boot r[1] is machine type */ ++ /* for U-boot r[2] is boot data */ ++ grub_uint32_t r[12]; ++ grub_uint32_t sp; ++ grub_uint32_t lr; ++}; ++ ++extern struct grub_arm_startup_registers grub_arm_saved_registers; ++ ++#endif +diff --git a/include/grub/arm64/linux.h b/include/grub/arm64/linux.h +index 1ea23696e7a096e53075af2314da11ecce91f8d7..8655067e03924793293ba86cb1bae2e44efa5fee 100644 +--- a/include/grub/arm64/linux.h ++++ b/include/grub/arm64/linux.h +@@ -16,17 +16,13 @@ + * along with GRUB. If not, see . + */ + +-#ifndef GRUB_LINUX_CPU_HEADER +-#define GRUB_LINUX_CPU_HEADER 1 ++#ifndef GRUB_ARM64_LINUX_HEADER ++#define GRUB_ARM64_LINUX_HEADER 1 + +-#include +- +-#define GRUB_ARM64_LINUX_MAGIC 0x644d5241 /* 'ARM\x64' */ +- +-#define GRUB_EFI_PE_MAGIC 0x5A4D ++#define GRUB_LINUX_ARM64_MAGIC_SIGNATURE 0x644d5241 /* 'ARM\x64' */ + + /* From linux/Documentation/arm64/booting.txt */ +-struct grub_arm64_linux_kernel_header ++struct linux_arm64_kernel_header + { + grub_uint32_t code0; /* Executable code */ + grub_uint32_t code1; /* Executable code */ +@@ -40,9 +36,9 @@ struct grub_arm64_linux_kernel_header + grub_uint32_t hdr_offset; /* Offset of PE/COFF header */ + }; + +-grub_err_t grub_arm64_uefi_check_image (struct grub_arm64_linux_kernel_header +- *lh); +-grub_err_t grub_arm64_uefi_boot_image (grub_addr_t addr, grub_size_t size, +- char *args); ++#if defined(__aarch64__) ++# define GRUB_LINUX_ARMXX_MAGIC_SIGNATURE GRUB_LINUX_ARM64_MAGIC_SIGNATURE ++# define linux_armxx_kernel_header linux_arm64_kernel_header ++#endif + +-#endif /* ! GRUB_LINUX_CPU_HEADER */ ++#endif /* ! GRUB_ARM64_LINUX_HEADER */ +diff --git a/include/grub/at_keyboard.h b/include/grub/at_keyboard.h +index b4f8ff0a06117756a770129683796edf0050b867..bcb4d9ba78f1376bdaa82249418f847eb4e543a6 100644 +--- a/include/grub/at_keyboard.h ++++ b/include/grub/at_keyboard.h +@@ -23,13 +23,11 @@ + #define KEYBOARD_COMMAND_ISREADY(x) !((x) & 0x02) + #define KEYBOARD_COMMAND_READ 0x20 + #define KEYBOARD_COMMAND_WRITE 0x60 ++#define KEYBOARD_COMMAND_ENABLE 0xf4 + #define KEYBOARD_COMMAND_REBOOT 0xfe + + #define KEYBOARD_AT_TRANSLATE 0x40 +- +-#define GRUB_AT_ACK 0xfa +-#define GRUB_AT_NACK 0xfe +-#define GRUB_AT_TRIES 5 ++#define KEYBOARD_AT_DISABLE 0x10 + + #define KEYBOARD_ISMAKE(x) !((x) & 0x80) + #define KEYBOARD_ISREADY(x) ((x) & 0x01) +diff --git a/include/grub/autoefi.h b/include/grub/autoefi.h +index b75591176eb9d785de3f2867e32edc1b9a626280..b7a252e079e2137b4d27639b5c981e9085cb8a82 100644 +--- a/include/grub/autoefi.h ++++ b/include/grub/autoefi.h +@@ -55,7 +55,7 @@ static inline grub_err_t grub_autoefi_prepare (void) + # define SYSTEM_TABLE_PTR GRUB_EFIEMU_SYSTEM_TABLE_PTR + # define SIZEOF_OF_UINTN GRUB_EFIEMU_SIZEOF_OF_UINTN + # define SYSTEM_TABLE GRUB_EFIEMU_SYSTEM_TABLE +-# define grub_efi_allocate_pages(x,y) (x) ++# define grub_efi_allocate_fixed(x,y) (x) + # define grub_efi_free_pages(x,y) GRUB_EFI_SUCCESS + # define grub_autoefi_finish_boot_services grub_efiemu_finish_boot_services + # define EFI_PRESENT 1 +diff --git a/include/grub/cache.h b/include/grub/cache.h +index fc669dfd1892c14bb43c6230e48067a0ff8e7c23..ccfa717e669625e0db96df0692c65f5a4c5ff916 100644 +--- a/include/grub/cache.h ++++ b/include/grub/cache.h +@@ -34,15 +34,16 @@ void EXPORT_FUNC(grub_arch_sync_caches) (void *address, grub_size_t len); + #endif + + #ifndef GRUB_MACHINE_EMU +-#ifdef _mips +-void EXPORT_FUNC(grub_arch_sync_dma_caches) (volatile void *address, +- grub_size_t len); +-#else ++#if defined (__aarch64__) || defined (__powerpc__) || defined (__sparc__) ++ ++#elif defined (__i386__) || defined (__x86_64__) + static inline void + grub_arch_sync_dma_caches (volatile void *address __attribute__ ((unused)), + grub_size_t len __attribute__ ((unused))) + { + } ++#else ++void EXPORT_FUNC(grub_arch_sync_dma_caches) (volatile void *address, grub_size_t len); + #endif + #endif + +diff --git a/include/grub/i386/coreboot/lbio.h b/include/grub/coreboot/lbio.h +similarity index 93% +rename from include/grub/i386/coreboot/lbio.h +rename to include/grub/coreboot/lbio.h +index 1c3fa6f1953c3a6b41ea3644c30f000c98524224..5076d36c71ba32e5c55a6242287e5fe159e09b4f 100644 +--- a/include/grub/i386/coreboot/lbio.h ++++ b/include/grub/coreboot/lbio.h +@@ -20,6 +20,9 @@ + #ifndef _GRUB_MACHINE_LBIO_HEADER + #define _GRUB_MACHINE_LBIO_HEADER 1 + ++#include ++#include ++ + struct grub_linuxbios_table_header + { + grub_uint8_t signature[4]; +@@ -102,4 +105,10 @@ EXPORT_FUNC(grub_linuxbios_table_iterate) (int (*hook) (grub_linuxbios_table_ite + void *), + void *hook_data); + ++grub_linuxbios_table_header_t ++grub_linuxbios_get_tables (void); ++ ++int ++grub_linuxbios_check_signature (grub_linuxbios_table_header_t tbl_header); ++ + #endif +diff --git a/include/grub/dma.h b/include/grub/dma.h +new file mode 100644 +index 0000000000000000000000000000000000000000..19992ebc131d4fc93a45f31992ad3c03b9de2821 +--- /dev/null ++++ b/include/grub/dma.h +@@ -0,0 +1,44 @@ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2008,2009 Free Software Foundation, Inc. ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ */ ++ ++#ifndef GRUB_DMA_H ++#define GRUB_DMA_H 1 ++ ++struct grub_pci_dma_chunk; ++ ++struct grub_pci_dma_chunk *EXPORT_FUNC(grub_memalign_dma32) (grub_size_t align, ++ grub_size_t size); ++void EXPORT_FUNC(grub_dma_free) (struct grub_pci_dma_chunk *ch); ++volatile void *EXPORT_FUNC(grub_dma_get_virt) (struct grub_pci_dma_chunk *ch); ++grub_uint32_t EXPORT_FUNC(grub_dma_get_phys) (struct grub_pci_dma_chunk *ch); ++ ++static inline void * ++grub_dma_phys2virt (grub_uint32_t phys, struct grub_pci_dma_chunk *chunk) ++{ ++ return ((grub_uint8_t *) grub_dma_get_virt (chunk) ++ + (phys - grub_dma_get_phys (chunk))); ++} ++ ++static inline grub_uint32_t ++grub_dma_virt2phys (volatile void *virt, struct grub_pci_dma_chunk *chunk) ++{ ++ return (((grub_uint8_t *) virt - (grub_uint8_t *) grub_dma_get_virt (chunk)) ++ + grub_dma_get_phys (chunk)); ++} ++ ++#endif +diff --git a/include/grub/efi/efi.h b/include/grub/efi/efi.h +index e9c601f34103ae1a4ced7e93be8204970bfef193..2c6648d46fc1a377312c81220c38470d9d1cc99a 100644 +--- a/include/grub/efi/efi.h ++++ b/include/grub/efi/efi.h +@@ -38,16 +38,25 @@ void *EXPORT_FUNC(grub_efi_open_protocol) (grub_efi_handle_t handle, + int EXPORT_FUNC(grub_efi_set_text_mode) (int on); + void EXPORT_FUNC(grub_efi_stall) (grub_efi_uintn_t microseconds); + void * +-EXPORT_FUNC(grub_efi_allocate_pages) (grub_efi_physical_address_t address, ++EXPORT_FUNC(grub_efi_allocate_pages_real) (grub_efi_physical_address_t address, ++ grub_efi_uintn_t pages, ++ grub_efi_allocate_type_t alloctype, ++ grub_efi_memory_type_t memtype); ++void * ++EXPORT_FUNC(grub_efi_allocate_fixed) (grub_efi_physical_address_t address, + grub_efi_uintn_t pages); ++void * ++EXPORT_FUNC(grub_efi_allocate_any_pages) (grub_efi_uintn_t pages); + void EXPORT_FUNC(grub_efi_free_pages) (grub_efi_physical_address_t address, + grub_efi_uintn_t pages); ++grub_efi_uintn_t EXPORT_FUNC(grub_efi_find_mmap_size) (void); + int + EXPORT_FUNC(grub_efi_get_memory_map) (grub_efi_uintn_t *memory_map_size, + grub_efi_memory_descriptor_t *memory_map, + grub_efi_uintn_t *map_key, + grub_efi_uintn_t *descriptor_size, + grub_efi_uint32_t *descriptor_version); ++void grub_efi_memory_fini (void); + grub_efi_loaded_image_t *EXPORT_FUNC(grub_efi_get_loaded_image) (grub_efi_handle_t image_handle); + void EXPORT_FUNC(grub_efi_print_device_path) (grub_efi_device_path_t *dp); + char *EXPORT_FUNC(grub_efi_get_filename) (grub_efi_device_path_t *dp); +@@ -83,6 +92,11 @@ extern void (*EXPORT_VAR(grub_efi_net_config)) (grub_efi_handle_t hnd, + + #if defined(__arm__) || defined(__aarch64__) + void *EXPORT_FUNC(grub_efi_get_firmware_fdt)(void); ++grub_err_t EXPORT_FUNC(grub_efi_get_ram_base)(grub_addr_t *); ++#include ++grub_err_t grub_armxx_efi_linux_check_image(struct linux_armxx_kernel_header *lh); ++grub_err_t grub_armxx_efi_linux_boot_image(grub_addr_t addr, grub_size_t size, ++ char *args); + #endif + + grub_addr_t grub_efi_modules_addr (void); +diff --git a/include/grub/arm64/fdtload.h b/include/grub/efi/fdtload.h +similarity index 89% +rename from include/grub/arm64/fdtload.h +rename to include/grub/efi/fdtload.h +index 7b9ddba916d9980fbad51e7b02d99f0737ebc3fa..713c9424d0a9ebe47b1923a247e691566842b2d0 100644 +--- a/include/grub/arm64/fdtload.h ++++ b/include/grub/efi/fdtload.h +@@ -29,7 +29,4 @@ grub_fdt_unload (void); + grub_err_t + grub_fdt_install (void); + +-#define GRUB_EFI_PAGE_SHIFT 12 +-#define GRUB_EFI_BYTES_TO_PAGES(bytes) (((bytes) + 0xfff) >> GRUB_EFI_PAGE_SHIFT) +- + #endif +diff --git a/include/grub/efi/memory.h b/include/grub/efi/memory.h +index 20526b14676de9295d17968f5ddc837a06bc56b6..08fe62277839dde3434e506cde78174f1977e9c9 100644 +--- a/include/grub/efi/memory.h ++++ b/include/grub/efi/memory.h +@@ -22,6 +22,13 @@ + #include + #include + ++/* The term "page" in UEFI refers only to a 4 KiB-aligned 4 KiB size region of ++ memory. It is not concerned with underlying translation management concepts, ++ but only used as the granule for memory allocations. */ ++#define GRUB_EFI_PAGE_SHIFT 12 ++#define GRUB_EFI_PAGE_SIZE (1 << GRUB_EFI_PAGE_SHIFT) ++#define GRUB_EFI_BYTES_TO_PAGES(bytes) (((bytes) + 0xfff) >> GRUB_EFI_PAGE_SHIFT) ++ + #define GRUB_MMAP_REGISTER_BY_FIRMWARE 1 + + grub_err_t grub_machine_mmap_register (grub_uint64_t start, grub_uint64_t size, +diff --git a/include/grub/efi/pe32.h b/include/grub/efi/pe32.h +index f79c36c026e0a518b3f9edaca36251d6d4943757..7d44732d2c353b74271262a1cf094d4aafd8dd10 100644 +--- a/include/grub/efi/pe32.h ++++ b/include/grub/efi/pe32.h +@@ -45,6 +45,8 @@ + + #define GRUB_PE32_MSDOS_STUB_SIZE 0x80 + ++#define GRUB_PE32_MAGIC 0x5a4d ++ + /* According to the spec, the minimal alignment is 512 bytes... + But some examples (such as EFI drivers in the Intel + Sample Implementation) use 32 bytes (0x20) instead, and it seems +diff --git a/include/grub/efiemu/runtime.h b/include/grub/efiemu/runtime.h +index 9b6b729f4ccde7274678b1324c16c9f6854477a2..36d2dedf47e4346b86f17882dc554207201b6401 100644 +--- a/include/grub/efiemu/runtime.h ++++ b/include/grub/efiemu/runtime.h +@@ -29,7 +29,7 @@ struct grub_efiemu_ptv_rel + + struct efi_variable + { +- grub_efi_guid_t guid; ++ grub_efi_packed_guid_t guid; + grub_uint32_t namelen; + grub_uint32_t size; + grub_efi_uint32_t attributes; +diff --git a/include/grub/fat.h b/include/grub/fat.h +index 4a5aab7934652cfde20c6fb291e00c29170b8753..8d7e4a1e54d644e6d70bb249802c699d5092728e 100644 +--- a/include/grub/fat.h ++++ b/include/grub/fat.h +@@ -28,20 +28,15 @@ struct grub_fat_bpb + grub_uint16_t bytes_per_sector; + grub_uint8_t sectors_per_cluster; + grub_uint16_t num_reserved_sectors; +- grub_uint8_t num_fats; +- /* 0x10 */ ++ grub_uint8_t num_fats; /* 0x10 */ + grub_uint16_t num_root_entries; + grub_uint16_t num_total_sectors_16; +- grub_uint8_t media; +- /*0 x15 */ ++ grub_uint8_t media; /* 0x15 */ + grub_uint16_t sectors_per_fat_16; +- grub_uint16_t sectors_per_track; +- /*0 x19 */ +- grub_uint16_t num_heads; +- /*0 x1b */ +- grub_uint32_t num_hidden_sectors; +- /* 0x1f */ +- grub_uint32_t num_total_sectors_32; ++ grub_uint16_t sectors_per_track; /* 0x18 */ ++ grub_uint16_t num_heads; /* 0x1A */ ++ grub_uint32_t num_hidden_sectors; /* 0x1C */ ++ grub_uint32_t num_total_sectors_32; /* 0x20 */ + union + { + struct +diff --git a/include/grub/fdt.h b/include/grub/fdt.h +index fdfca75bf487f17e8621fee5d1642f4874a2bf16..158b1bc4b3ad8bac60860e298b816781d6c57090 100644 +--- a/include/grub/fdt.h ++++ b/include/grub/fdt.h +@@ -20,6 +20,7 @@ + #define GRUB_FDT_HEADER 1 + + #include ++#include + + #define FDT_MAGIC 0xD00DFEED + +@@ -49,6 +50,11 @@ struct grub_fdt_empty_tree { + + #define GRUB_FDT_EMPTY_TREE_SZ sizeof (struct grub_fdt_empty_tree) + ++/* Size needed by a property entry: 1 token (FDT_PROPERTY), plus len and nameoff ++ fields, plus the property value, plus padding if needed. */ ++#define grub_fdt_prop_entry_size(prop_len) \ ++ (3 * sizeof(grub_uint32_t) + ALIGN_UP(prop_len, sizeof(grub_uint32_t))) ++ + #define grub_fdt_get_header(fdt, field) \ + grub_be_to_cpu32(((const grub_fdt_header_t *)(fdt))->field) + #define grub_fdt_set_header(fdt, field, value) \ +@@ -95,16 +101,22 @@ struct grub_fdt_empty_tree { + #define grub_fdt_set_size_dt_struct(fdt, value) \ + grub_fdt_set_header(fdt, size_dt_struct, value) + +-int grub_fdt_create_empty_tree (void *fdt, unsigned int size); +-int grub_fdt_check_header (void *fdt, unsigned int size); +-int grub_fdt_check_header_nosize (void *fdt); +-int grub_fdt_find_subnode (const void *fdt, unsigned int parentoffset, +- const char *name); +-int grub_fdt_add_subnode (void *fdt, unsigned int parentoffset, ++int EXPORT_FUNC(grub_fdt_create_empty_tree) (void *fdt, unsigned int size); ++int EXPORT_FUNC(grub_fdt_check_header) (const void *fdt, unsigned int size); ++int EXPORT_FUNC(grub_fdt_check_header_nosize) (const void *fdt); ++int EXPORT_FUNC(grub_fdt_find_subnode) (const void *fdt, unsigned int parentoffset, ++ const char *name); ++int EXPORT_FUNC(grub_fdt_first_node) (const void *fdt, unsigned int parentoffset); ++int EXPORT_FUNC(grub_fdt_next_node) (const void *fdt, unsigned int currentoffset); ++int EXPORT_FUNC(grub_fdt_add_subnode) (void *fdt, unsigned int parentoffset, + const char *name); ++const char * ++EXPORT_FUNC(grub_fdt_get_nodename) (const void *fdt, unsigned int nodeoffset); ++const void *EXPORT_FUNC(grub_fdt_get_prop) (const void *fdt, unsigned int nodeoffset, const char *name, ++ grub_uint32_t *len); + +-int grub_fdt_set_prop (void *fdt, unsigned int nodeoffset, const char *name, +- const void *val, grub_uint32_t len); ++int EXPORT_FUNC(grub_fdt_set_prop) (void *fdt, unsigned int nodeoffset, const char *name, ++ const void *val, grub_uint32_t len); + #define grub_fdt_set_prop32(fdt, nodeoffset, name, val) \ + ({ \ + grub_uint32_t _val = grub_cpu_to_be32(val); \ +diff --git a/include/grub/fdtbus.h b/include/grub/fdtbus.h +new file mode 100644 +index 0000000000000000000000000000000000000000..f519c40ec35faea9aeedca055164012d9d9b3fb5 +--- /dev/null ++++ b/include/grub/fdtbus.h +@@ -0,0 +1,89 @@ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2016 Free Software Foundation, Inc. ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ */ ++ ++#ifndef GRUB_FDTBUS_HEADER ++#define GRUB_FDTBUS_HEADER 1 ++ ++#include ++#include ++ ++struct grub_fdtbus_dev ++{ ++ struct grub_fdtbus_dev *next; ++ struct grub_fdtbus_dev *parent; ++ int node; ++ struct grub_fdtbus_driver *driver; ++}; ++ ++struct grub_fdtbus_driver ++{ ++ struct grub_fdtbus_driver *next; ++ struct grub_fdtbus_driver **prev; ++ ++ const char *compatible; ++ ++ grub_err_t (*attach) (const struct grub_fdtbus_dev *dev); ++ void (*detach) (const struct grub_fdtbus_dev *dev); ++ ++ /* Message bus operations. */ ++ grub_err_t (*send) (const struct grub_fdtbus_dev *dev, const void *data, grub_size_t sz); ++ grub_err_t (*receive) (const struct grub_fdtbus_dev *dev, void *data, grub_size_t sz); ++ grub_err_t (*start) (const struct grub_fdtbus_dev *dev); ++ void (*stop) (const struct grub_fdtbus_dev *dev); ++}; ++ ++extern char EXPORT_VAR(grub_fdtbus_invalid_mapping)[1]; ++ ++static inline int ++grub_fdtbus_is_mapping_valid (volatile void *m) ++{ ++ return m != grub_fdtbus_invalid_mapping; ++} ++ ++volatile void * ++EXPORT_FUNC(grub_fdtbus_map_reg) (const struct grub_fdtbus_dev *dev, int reg, grub_size_t *size); ++ ++const void * ++EXPORT_FUNC(grub_fdtbus_get_fdt) (void); ++ ++const char * ++EXPORT_FUNC(grub_fdtbus_get_name) (const struct grub_fdtbus_dev *dev); ++ ++const void * ++EXPORT_FUNC(grub_fdtbus_get_prop) (const struct grub_fdtbus_dev *dev, ++ const char *name, ++ grub_uint32_t *len); ++ ++void ++EXPORT_FUNC(grub_fdtbus_register) (struct grub_fdtbus_driver *driver); ++ ++void ++EXPORT_FUNC(grub_fdtbus_unregister) (struct grub_fdtbus_driver *driver); ++ ++int ++EXPORT_FUNC(grub_fdtbus_is_compatible) (const char *compat_string, ++ const struct grub_fdtbus_dev *dev); ++ ++/* Must be called before any register(). */ ++/* dtb is assumed to be unfreeable and must remain ++ valid for lifetime of GRUB. ++ */ ++void ++grub_fdtbus_init (const void *dtb, grub_size_t size); ++ ++#endif +diff --git a/include/grub/gpt_partition.h b/include/grub/gpt_partition.h +index 1b32f6725a498f16941991771efe6a7a04ed6f5e..7a93f43291cce490cbaecc140ef2e5e0577ae274 100644 +--- a/include/grub/gpt_partition.h ++++ b/include/grub/gpt_partition.h +@@ -22,14 +22,14 @@ + #include + #include + +-struct grub_gpt_part_type ++struct grub_gpt_part_guid + { + grub_uint32_t data1; + grub_uint16_t data2; + grub_uint16_t data3; + grub_uint8_t data4[8]; +-} __attribute__ ((aligned(8))); +-typedef struct grub_gpt_part_type grub_gpt_part_type_t; ++} GRUB_PACKED; ++typedef struct grub_gpt_part_guid grub_gpt_part_guid_t; + + #define GRUB_GPT_PARTITION_TYPE_EMPTY \ + { 0x0, 0x0, 0x0, \ +@@ -70,8 +70,8 @@ struct grub_gpt_header + + struct grub_gpt_partentry + { +- grub_gpt_part_type_t type; +- grub_uint8_t guid[16]; ++ grub_gpt_part_guid_t type; ++ grub_gpt_part_guid_t guid; + grub_uint64_t start; + grub_uint64_t end; + grub_uint64_t attrib; +diff --git a/include/grub/i386/linux.h b/include/grub/i386/linux.h +index da0ca3b83cdc7355fc5b9815415ad7fc8732d153..60c7c3b5e660276dc11d23f4a53ccc2f1e5536a5 100644 +--- a/include/grub/i386/linux.h ++++ b/include/grub/i386/linux.h +@@ -16,10 +16,10 @@ + * along with GRUB. If not, see . + */ + +-#ifndef GRUB_LINUX_MACHINE_HEADER +-#define GRUB_LINUX_MACHINE_HEADER 1 ++#ifndef GRUB_I386_LINUX_HEADER ++#define GRUB_I386_LINUX_HEADER 1 + +-#define GRUB_LINUX_MAGIC_SIGNATURE 0x53726448 /* "HdrS" */ ++#define GRUB_LINUX_I386_MAGIC_SIGNATURE 0x53726448 /* "HdrS" */ + #define GRUB_LINUX_DEFAULT_SETUP_SECTS 4 + #define GRUB_LINUX_INITRD_MAX_ADDRESS 0x37FFFFFF + #define GRUB_LINUX_MAX_SETUP_SECTS 64 +@@ -43,6 +43,9 @@ + + #define GRUB_LINUX_CL_MAGIC 0xA33F + ++#define VIDEO_CAPABILITY_SKIP_QUIRKS (1 << 0) ++#define VIDEO_CAPABILITY_64BIT_BASE (1 << 1) /* Frame buffer base is 64-bit. */ ++ + #ifdef __x86_64__ + + #define GRUB_LINUX_EFI_SIGNATURE \ +@@ -85,7 +88,7 @@ enum + }; + + /* For the Linux/i386 boot protocol version 2.10. */ +-struct linux_kernel_header ++struct linux_i386_kernel_header + { + grub_uint8_t code1[0x0020]; + grub_uint16_t cl_magic; /* Magic number 0xA33F */ +@@ -188,8 +191,9 @@ struct linux_kernel_params + grub_uint16_t lfb_pages; /* 32 */ + grub_uint16_t vesa_attrib; /* 34 */ + grub_uint32_t capabilities; /* 36 */ ++ grub_uint32_t ext_lfb_base; /* 3a */ + +- grub_uint8_t padding3[0x40 - 0x3a]; ++ grub_uint8_t padding3[0x40 - 0x3e]; + + grub_uint16_t apm_version; /* 40 */ + grub_uint16_t apm_code_segment; /* 42 */ +@@ -312,4 +316,4 @@ struct linux_kernel_params + } GRUB_PACKED; + #endif /* ! ASM_FILE */ + +-#endif /* ! GRUB_LINUX_MACHINE_HEADER */ ++#endif /* ! GRUB_I386_LINUX_HEADER */ +diff --git a/include/grub/i386/multiboot.h b/include/grub/i386/multiboot.h +index 807a1de27f900c8393476736051e20ee1af6717c..0b596fc2060a63f2fd9e1c67cb002279454aebe5 100644 +--- a/include/grub/i386/multiboot.h ++++ b/include/grub/i386/multiboot.h +@@ -19,6 +19,13 @@ + #ifndef GRUB_MULTIBOOT_CPU_HEADER + #define GRUB_MULTIBOOT_CPU_HEADER 1 + ++#define MULTIBOOT2_INITIAL_STATE { .eax = MULTIBOOT2_BOOTLOADER_MAGIC, \ ++ .ecx = 0, \ ++ .edx = 0, \ ++ /* Set esp to some random location in low memory to avoid breaking */ \ ++ /* non-compliant kernels. */ \ ++ .esp = 0x7ff00 \ ++ } + #define MULTIBOOT_INITIAL_STATE { .eax = MULTIBOOT_BOOTLOADER_MAGIC, \ + .ecx = 0, \ + .edx = 0, \ +@@ -28,7 +35,7 @@ + } + #define MULTIBOOT_ENTRY_REGISTER eip + #define MULTIBOOT_MBI_REGISTER ebx +-#define MULTIBOOT_ARCHITECTURE_CURRENT MULTIBOOT_ARCHITECTURE_I386 ++#define MULTIBOOT2_ARCHITECTURE_CURRENT MULTIBOOT2_ARCHITECTURE_I386 + + #ifdef GRUB_MACHINE_EFI + #ifdef __x86_64__ +@@ -36,6 +43,10 @@ + .rcx = 0, \ + .rdx = 0, \ + } ++#define MULTIBOOT2_EFI_INITIAL_STATE { .rax = MULTIBOOT2_BOOTLOADER_MAGIC, \ ++ .rcx = 0, \ ++ .rdx = 0, \ ++ } + #define MULTIBOOT_EFI_ENTRY_REGISTER rip + #define MULTIBOOT_EFI_MBI_REGISTER rbx + #endif +diff --git a/include/grub/ieee1275/ieee1275.h b/include/grub/ieee1275/ieee1275.h +index 8e425130327e193af1c1e34760e7255c9d6e6223..8868f3a756fe57b90188e25aaba2b203edacde13 100644 +--- a/include/grub/ieee1275/ieee1275.h ++++ b/include/grub/ieee1275/ieee1275.h +@@ -210,7 +210,25 @@ int EXPORT_FUNC(grub_ieee1275_set_property) (grub_ieee1275_phandle_t phandle, + int EXPORT_FUNC(grub_ieee1275_set_color) (grub_ieee1275_ihandle_t ihandle, + int index, int r, int g, int b); + int EXPORT_FUNC(grub_ieee1275_milliseconds) (grub_uint32_t *msecs); +- ++int EXPORT_FUNC(grub_ieee1275_set_address) (grub_ieee1275_ihandle_t ihandle, ++ grub_uint32_t target, ++ grub_uint32_t lun); ++int EXPORT_FUNC(grub_ieee1275_no_data_command) (grub_ieee1275_ihandle_t ihandle, ++ const void *cmd_addr, ++ grub_ssize_t *result); ++int EXPORT_FUNC(grub_ieee1275_decode_unit4) (grub_ieee1275_ihandle_t ihandle, ++ void *addr, grub_size_t size, ++ grub_uint32_t *phy_lo, ++ grub_uint32_t *phy_hi, ++ grub_uint32_t *lun_lo, ++ grub_uint32_t *lun_hi); ++char *EXPORT_FUNC(grub_ieee1275_encode_uint4) (grub_ieee1275_ihandle_t ihandle, ++ grub_uint32_t phy_lo, ++ grub_uint32_t phy_hi, ++ grub_uint32_t lun_lo, ++ grub_uint32_t lun_hi, ++ grub_size_t *size); ++int EXPORT_FUNC(grub_ieee1275_get_block_size) (grub_ieee1275_ihandle_t ihandle); + + grub_err_t EXPORT_FUNC(grub_claimmap) (grub_addr_t addr, grub_size_t size); + +@@ -235,6 +253,8 @@ void EXPORT_FUNC(grub_ieee1275_children_peer) (struct grub_ieee1275_devalias *al + void EXPORT_FUNC(grub_ieee1275_children_first) (const char *devpath, + struct grub_ieee1275_devalias *alias); + ++char *EXPORT_FUNC(grub_ieee1275_get_boot_dev) (void); ++ + #define FOR_IEEE1275_DEVALIASES(alias) for (grub_ieee1275_devalias_init_iterator (&(alias)); grub_ieee1275_devalias_next (&(alias));) + + #define FOR_IEEE1275_DEVCHILDREN(devpath, alias) for (grub_ieee1275_children_first ((devpath), &(alias)); \ +diff --git a/include/grub/kernel.h b/include/grub/kernel.h +index 20ddf2da297d5c883ed5b5542f2cfd99ee9c18da..ecd88ca72c6dea39be9f046463e7c51c874cb351 100644 +--- a/include/grub/kernel.h ++++ b/include/grub/kernel.h +@@ -28,7 +28,8 @@ enum + OBJ_TYPE_MEMDISK, + OBJ_TYPE_CONFIG, + OBJ_TYPE_PREFIX, +- OBJ_TYPE_PUBKEY ++ OBJ_TYPE_PUBKEY, ++ OBJ_TYPE_DTB + }; + + /* The module header. */ +diff --git a/include/grub/mips/multiboot.h b/include/grub/mips/multiboot.h +index 4aebf29e73240b575bb90c699fd02e8185ab5171..cdfb41e315af4aa22d549f76fb0131835abd957e 100644 +--- a/include/grub/mips/multiboot.h ++++ b/include/grub/mips/multiboot.h +@@ -19,11 +19,11 @@ + #ifndef GRUB_MULTIBOOT_CPU_HEADER + #define GRUB_MULTIBOOT_CPU_HEADER 1 + +-#define MULTIBOOT_INITIAL_STATE { .gpr[4] = MULTIBOOT_BOOTLOADER_MAGIC, \ ++#define MULTIBOOT2_INITIAL_STATE { .gpr[4] = MULTIBOOT2_BOOTLOADER_MAGIC, \ + .jumpreg = 1 } + #define MULTIBOOT_ENTRY_REGISTER gpr[1] + #define MULTIBOOT_MBI_REGISTER gpr[5] +-#define MULTIBOOT_ARCHITECTURE_CURRENT MULTIBOOT_ARCHITECTURE_MIPS32 ++#define MULTIBOOT2_ARCHITECTURE_CURRENT MULTIBOOT2_ARCHITECTURE_MIPS32 + + #define MULTIBOOT_ELF32_MACHINE EM_MIPS + #define MULTIBOOT_ELF64_MACHINE EM_MIPS +diff --git a/include/grub/misc.h b/include/grub/misc.h +index 2a9f87cc255eda94476733513807ec757c6d9cd9..372f009e84f12a58c3185dda63216bab7325be8f 100644 +--- a/include/grub/misc.h ++++ b/include/grub/misc.h +@@ -396,7 +396,8 @@ grub_abs (int x) + } + + /* Reboot the machine. */ +-#if defined (GRUB_MACHINE_EMU) || defined (GRUB_MACHINE_QEMU_MIPS) ++#if defined (GRUB_MACHINE_EMU) || defined (GRUB_MACHINE_QEMU_MIPS) || \ ++ defined (GRUB_MACHINE_EFI) + void EXPORT_FUNC(grub_reboot) (void) __attribute__ ((noreturn)); + #else + void grub_reboot (void) __attribute__ ((noreturn)); +diff --git a/include/grub/multiboot.h b/include/grub/multiboot.h +index c96492bb5fa771831a62d4ab1bac3798328093f0..bd0a9873e6c158f77190c38546007c544cb0d6c9 100644 +--- a/include/grub/multiboot.h ++++ b/include/grub/multiboot.h +@@ -22,19 +22,11 @@ + + #include + +-#ifdef GRUB_USE_MULTIBOOT2 +-#include +-/* Same thing as far as our loader is concerned. */ +-#define MULTIBOOT_BOOTLOADER_MAGIC MULTIBOOT2_BOOTLOADER_MAGIC +-#define MULTIBOOT_HEADER_MAGIC MULTIBOOT2_HEADER_MAGIC +-#else + #include +-#endif + + #include + #include + +-#ifndef GRUB_USE_MULTIBOOT2 + typedef enum + { + GRUB_MULTIBOOT_QUIRKS_NONE = 0, +@@ -42,7 +34,6 @@ typedef enum + GRUB_MULTIBOOT_QUIRK_MODULES_AFTER_KERNEL = 2 + } grub_multiboot_quirks_t; + extern grub_multiboot_quirks_t grub_multiboot_quirks; +-#endif + + extern struct grub_relocator *grub_multiboot_relocator; + +@@ -60,7 +51,7 @@ void + grub_multiboot_add_elfsyms (grub_size_t num, grub_size_t entsize, + unsigned shndx, void *data); + +-grub_uint32_t grub_get_multiboot_mmap_count (void); ++grub_uint32_t grub_multiboot_get_mmap_count (void); + grub_err_t grub_multiboot_set_video_mode (void); + + /* FIXME: support coreboot as well. */ +diff --git a/include/grub/multiboot2.h b/include/grub/multiboot2.h +new file mode 100644 +index 0000000000000000000000000000000000000000..502d34ef18045e898680f2198522139c3066b587 +--- /dev/null ++++ b/include/grub/multiboot2.h +@@ -0,0 +1,104 @@ ++/* multiboot.h - multiboot header file with grub definitions. */ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2003,2007,2008,2010 Free Software Foundation, Inc. ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ */ ++ ++#ifndef GRUB_MULTIBOOT2_HEADER ++#define GRUB_MULTIBOOT2_HEADER 1 ++ ++#include ++ ++#include ++ ++#include ++#include ++ ++extern struct grub_relocator *grub_multiboot2_relocator; ++ ++void grub_multiboot2 (int argc, char *argv[]); ++void grub_module2 (int argc, char *argv[]); ++ ++void grub_multiboot2_set_accepts_video (int val); ++grub_err_t grub_multiboot2_make_mbi (grub_uint32_t *target); ++void grub_multiboot2_free_mbi (void); ++grub_err_t grub_multiboot2_init_mbi (int argc, char *argv[]); ++grub_err_t grub_multiboot2_add_module (grub_addr_t start, grub_size_t size, ++ int argc, char *argv[]); ++void grub_multiboot2_set_bootdev (void); ++void ++grub_multiboot2_add_elfsyms (grub_size_t num, grub_size_t entsize, ++ unsigned shndx, void *data); ++ ++grub_uint32_t grub_multiboot2_get_mmap_count (void); ++grub_err_t grub_multiboot2_set_video_mode (void); ++ ++/* FIXME: support coreboot as well. */ ++#if defined (GRUB_MACHINE_PCBIOS) ++#define GRUB_MACHINE_HAS_VBE 1 ++#else ++#define GRUB_MACHINE_HAS_VBE 0 ++#endif ++ ++#if defined (GRUB_MACHINE_PCBIOS) || defined (GRUB_MACHINE_COREBOOT) || defined (GRUB_MACHINE_MULTIBOOT) || defined (GRUB_MACHINE_QEMU) ++#define GRUB_MACHINE_HAS_VGA_TEXT 1 ++#else ++#define GRUB_MACHINE_HAS_VGA_TEXT 0 ++#endif ++ ++#if defined (GRUB_MACHINE_EFI) || defined (GRUB_MACHINE_PCBIOS) || defined (GRUB_MACHINE_COREBOOT) || defined (GRUB_MACHINE_MULTIBOOT) ++#define GRUB_MACHINE_HAS_ACPI 1 ++#else ++#define GRUB_MACHINE_HAS_ACPI 0 ++#endif ++ ++#define GRUB_MULTIBOOT2_CONSOLE_EGA_TEXT 1 ++#define GRUB_MULTIBOOT2_CONSOLE_FRAMEBUFFER 2 ++ ++grub_err_t ++grub_multiboot2_set_console (int console_type, int accepted_consoles, ++ int width, int height, int depth, ++ int console_required); ++grub_err_t ++grub_multiboot2_load (grub_file_t file, const char *filename); ++ ++struct mbi_load_data ++{ ++ grub_file_t file; ++ const char *filename; ++ void *buffer; ++ unsigned int mbi_ver; ++ int relocatable; ++ grub_uint32_t min_addr; ++ grub_uint32_t max_addr; ++ grub_size_t align; ++ grub_uint32_t preference; ++ grub_uint32_t link_base_addr; ++ grub_uint32_t load_base_addr; ++ int avoid_efi_boot_services; ++}; ++typedef struct mbi_load_data mbi_load_data_t; ++ ++/* Load ELF32 or ELF64. */ ++grub_err_t ++grub_multiboot2_load_elf (mbi_load_data_t *mld); ++ ++extern grub_size_t grub_multiboot2_pure_size; ++extern grub_size_t grub_multiboot2_alloc_mbi; ++extern grub_uint32_t grub_multiboot2_payload_eip; ++ ++ ++#endif /* ! GRUB_MULTIBOOT_HEADER */ +diff --git a/include/grub/net.h b/include/grub/net.h +index 2192fa18628862e8e3a6046d854b12613e914ff9..1096b24322eb1ba36e8c996872fce2a255e6bccc 100644 +--- a/include/grub/net.h ++++ b/include/grub/net.h +@@ -291,6 +291,7 @@ struct grub_net_network_level_interface + grub_net_interface_flags_t flags; + struct grub_net_bootp_packet *dhcp_ack; + grub_size_t dhcp_acklen; ++ grub_uint16_t vlantag; + void *data; + }; + +@@ -561,4 +562,6 @@ extern char *grub_net_default_server; + #define GRUB_NET_INTERVAL 400 + #define GRUB_NET_INTERVAL_ADDITION 20 + ++#define VLANTAG_IDENTIFIER 0x8100 ++ + #endif /* ! GRUB_NET_HEADER */ +diff --git a/include/grub/net/arp.h b/include/grub/net/arp.h +index bb1703622e1529479618e7f71b0d5e88adb631d1..8d9d081134f52e2d33c23928baae7f6b4c08470f 100644 +--- a/include/grub/net/arp.h ++++ b/include/grub/net/arp.h +@@ -22,10 +22,11 @@ + #include + + extern grub_err_t grub_net_arp_receive (struct grub_net_buff *nb, +- struct grub_net_card *card); ++ struct grub_net_card *card, ++ grub_uint16_t *vlantag); + + grub_err_t + grub_net_arp_send_request (struct grub_net_network_level_interface *inf, +- const grub_net_network_level_address_t *proto_addr); ++ const grub_net_network_level_address_t *proto_addr); + + #endif +diff --git a/include/grub/net/ip.h b/include/grub/net/ip.h +index dcceaa56894605a39f87858964da7af11951ff11..ab9d68f98252b9772853a712ff1e8556162002ee 100644 +--- a/include/grub/net/ip.h ++++ b/include/grub/net/ip.h +@@ -48,7 +48,8 @@ grub_err_t + grub_net_recv_ip_packets (struct grub_net_buff *nb, + struct grub_net_card *card, + const grub_net_link_level_address_t *hwaddress, +- const grub_net_link_level_address_t *src_hwaddress); ++ const grub_net_link_level_address_t *src_hwaddress, ++ grub_uint16_t *vlantag); + + grub_err_t + grub_net_send_ip_packet (struct grub_net_network_level_interface *inf, +diff --git a/include/grub/offsets.h b/include/grub/offsets.h +index c88c86d4d2ebddddb23f25c50ad2c29b52e54ccb..330e4c70738abcacc3c1d53fb16ae1ec8896d9e3 100644 +--- a/include/grub/offsets.h ++++ b/include/grub/offsets.h +@@ -50,7 +50,7 @@ + /* The offset of GRUB_CORE_ENTRY_ADDR. */ + #define GRUB_KERNEL_I386_QEMU_CORE_ENTRY_ADDR 0x8 + +-#define GRUB_KERNEL_I386_QEMU_LINK_ADDR 0x8200 ++#define GRUB_KERNEL_I386_QEMU_LINK_ADDR 0x9000 + + /* The offset of GRUB_TOTAL_MODULE_SIZE. */ + #define GRUB_KERNEL_SPARC64_IEEE1275_TOTAL_MODULE_SIZE 0x8 +@@ -91,7 +91,7 @@ + + #define GRUB_KERNEL_MIPS_ARC_TOTAL_MODULE_SIZE 0x08 + +-#define GRUB_KERNEL_I386_COREBOOT_LINK_ADDR 0x8200 ++#define GRUB_KERNEL_I386_COREBOOT_LINK_ADDR 0x9000 + #define GRUB_KERNEL_I386_COREBOOT_MODULES_ADDR 0x100000 + + #define GRUB_KERNEL_I386_IEEE1275_LINK_ADDR 0x10000 +@@ -122,6 +122,12 @@ + #define GRUB_KERNEL_ARM_UBOOT_MOD_ALIGN 0x8 + #define GRUB_KERNEL_ARM_UBOOT_TOTAL_MODULE_SIZE 0x4 + ++#define GRUB_KERNEL_ARM_COREBOOT_MOD_ALIGN 0x8 ++#define GRUB_KERNEL_ARM_COREBOOT_TOTAL_MODULE_SIZE 0x4 ++ ++#define GRUB_KERNEL_ARM_STACK_SIZE 0x40000 ++#define GRUB_KERNEL_ARM_COREBOOT_MOD_GAP (GRUB_KERNEL_ARM_STACK_SIZE + 1024) ++ + /* Minimal gap between _end and the start of the modules. It's a hack + for PowerMac to prevent "CLAIM failed" error. The real fix is to + rewrite grub-mkimage to generate valid ELF files. */ +diff --git a/include/grub/pci.h b/include/grub/pci.h +index 70d9a05131b240bbe3c7fe12df899c8e3de237ce..262c89b748bbfccc98ffa27912ce7e2a5005f545 100644 +--- a/include/grub/pci.h ++++ b/include/grub/pci.h +@@ -142,27 +142,7 @@ grub_pci_address_t EXPORT_FUNC(grub_pci_make_address) (grub_pci_device_t dev, + void EXPORT_FUNC(grub_pci_iterate) (grub_pci_iteratefunc_t hook, + void *hook_data); + +-struct grub_pci_dma_chunk; +- +-struct grub_pci_dma_chunk *EXPORT_FUNC(grub_memalign_dma32) (grub_size_t align, +- grub_size_t size); +-void EXPORT_FUNC(grub_dma_free) (struct grub_pci_dma_chunk *ch); +-volatile void *EXPORT_FUNC(grub_dma_get_virt) (struct grub_pci_dma_chunk *ch); +-grub_uint32_t EXPORT_FUNC(grub_dma_get_phys) (struct grub_pci_dma_chunk *ch); +- +-static inline void * +-grub_dma_phys2virt (grub_uint32_t phys, struct grub_pci_dma_chunk *chunk) +-{ +- return ((grub_uint8_t *) grub_dma_get_virt (chunk) +- + (phys - grub_dma_get_phys (chunk))); +-} +- +-static inline grub_uint32_t +-grub_dma_virt2phys (volatile void *virt, struct grub_pci_dma_chunk *chunk) +-{ +- return (((grub_uint8_t *) virt - (grub_uint8_t *) grub_dma_get_virt (chunk)) +- + grub_dma_get_phys (chunk)); +-} ++#include + + grub_uint8_t + EXPORT_FUNC (grub_pci_find_capability) (grub_pci_device_t dev, grub_uint8_t cap); +diff --git a/include/grub/ps2.h b/include/grub/ps2.h +new file mode 100644 +index 0000000000000000000000000000000000000000..4f2e527e49767c297646f1ea3d0e09bdc2855892 +--- /dev/null ++++ b/include/grub/ps2.h +@@ -0,0 +1,43 @@ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2007,2008,2009 Free Software Foundation, Inc. ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ */ ++ ++#ifndef GRUB_PS2_HEADER ++#define GRUB_PS2_HEADER 1 ++ ++#include ++ ++#define GRUB_AT_ACK 0xfa ++#define GRUB_AT_NACK 0xfe ++#define GRUB_AT_TRIES 5 ++ ++/* Make sure it's zeroed-out and set current_set at init. */ ++struct grub_ps2_state ++{ ++ int e0_received; ++ int f0_received; ++ grub_uint8_t led_status; ++ short at_keyboard_status; ++ grub_uint8_t current_set; ++}; ++ ++/* If there is a key pending, return it; otherwise return GRUB_TERM_NO_KEY. */ ++int ++grub_ps2_process_incoming_byte (struct grub_ps2_state *ps2_state, ++ grub_uint8_t data); ++ ++#endif +diff --git a/include/grub/sparc64/ieee1275/ieee1275.h b/include/grub/sparc64/ieee1275/ieee1275.h +index 32c77f80f1a136c0127aecb6d5643ebd64cb5e88..4b18468d8d654bb3fe62050e7a4f439e1544889c 100644 +--- a/include/grub/sparc64/ieee1275/ieee1275.h ++++ b/include/grub/sparc64/ieee1275/ieee1275.h +@@ -42,6 +42,8 @@ extern int EXPORT_FUNC(grub_ieee1275_claim_vaddr) (grub_addr_t vaddr, + extern int EXPORT_FUNC(grub_ieee1275_alloc_physmem) (grub_addr_t *paddr, + grub_size_t size, + grub_uint32_t align); ++extern grub_uint64_t EXPORT_FUNC(grub_ieee1275_num_blocks) (grub_uint32_t ihandle); ++extern grub_uint64_t EXPORT_FUNC(grub_ieee1275_num_blocks64) (grub_uint32_t ihandle); + + extern grub_addr_t EXPORT_VAR (grub_ieee1275_original_stack); + +diff --git a/include/grub/term.h b/include/grub/term.h +index 5ffb38f69aaa8911a66bdc6f417a72666b19e514..8117e2a24dac3f270d05408f1897fae9f0fa1593 100644 +--- a/include/grub/term.h ++++ b/include/grub/term.h +@@ -55,7 +55,8 @@ + #define GRUB_TERM_KEY_INSERT (GRUB_TERM_EXTENDED | 0x52) + #define GRUB_TERM_KEY_CENTER (GRUB_TERM_EXTENDED | 0x4c) + +-#define GRUB_TERM_ESC '\e' ++/* Hex value is used for ESC, since '\e' is nonstandard */ ++#define GRUB_TERM_ESC 0x1b + #define GRUB_TERM_TAB '\t' + #define GRUB_TERM_BACKSPACE '\b' + +diff --git a/include/grub/usb.h b/include/grub/usb.h +index 11d96481ff6b58cc43f468bcb2020475663fa098..512ae1dd0e64931c852847c9d52efdbd6b2caccb 100644 +--- a/include/grub/usb.h ++++ b/include/grub/usb.h +@@ -321,5 +321,9 @@ grub_usb_err_t + grub_usb_check_transfer (grub_usb_transfer_t trans, grub_size_t *actual); + void + grub_usb_cancel_transfer (grub_usb_transfer_t trans); ++void ++grub_ehci_init_device (volatile void *regs); ++void ++grub_ehci_pci_scan (void); + + #endif /* GRUB_USB_H */ +diff --git a/include/grub/util/install.h b/include/grub/util/install.h +index 5ca4811cd130f6810f07e6fbce89af1de36827c7..0dba8b67f93d44f875f2d1065ed5bf745f7813a5 100644 +--- a/include/grub/util/install.h ++++ b/include/grub/util/install.h +@@ -29,6 +29,8 @@ + #define GRUB_INSTALL_OPTIONS \ + { "modules", GRUB_INSTALL_OPTIONS_MODULES, N_("MODULES"), \ + 0, N_("pre-load specified modules MODULES"), 1 }, \ ++ { "dtb", GRUB_INSTALL_OPTIONS_DTB, N_("FILE"), \ ++ 0, N_("embed a specific DTB"), 1 }, \ + { "install-modules", GRUB_INSTALL_OPTIONS_INSTALL_MODULES, \ + N_("MODULES"), 0, \ + N_("install only MODULES and their dependencies [default=all]"), 1 }, \ +@@ -99,6 +101,7 @@ enum grub_install_plat + GRUB_INSTALL_PLATFORM_I386_XEN, + GRUB_INSTALL_PLATFORM_X86_64_XEN, + GRUB_INSTALL_PLATFORM_ARM64_EFI, ++ GRUB_INSTALL_PLATFORM_ARM_COREBOOT, + GRUB_INSTALL_PLATFORM_MAX + }; + +@@ -115,7 +118,8 @@ enum grub_install_options { + GRUB_INSTALL_OPTIONS_LOCALE_DIRECTORY, + GRUB_INSTALL_OPTIONS_THEMES_DIRECTORY, + GRUB_INSTALL_OPTIONS_GRUB_MKIMAGE, +- GRUB_INSTALL_OPTIONS_INSTALL_CORE_COMPRESS ++ GRUB_INSTALL_OPTIONS_INSTALL_CORE_COMPRESS, ++ GRUB_INSTALL_OPTIONS_DTB + }; + + extern char *grub_install_source_directory; +@@ -176,7 +180,7 @@ grub_install_generate_image (const char *dir, const char *prefix, + char *config_path, + const struct grub_install_image_target_desc *image_target, + int note, +- grub_compression_t comp); ++ grub_compression_t comp, const char *dtb_file); + + const struct grub_install_image_target_desc * + grub_install_get_image_target (const char *arg); +@@ -206,7 +210,7 @@ grub_install_create_envblk_file (const char *name); + const char * + grub_install_get_default_x86_platform (void); + +-void ++int + grub_install_register_efi (grub_device_t efidir_grub_dev, + const char *efifile_path, + const char *efi_distributor); +diff --git a/include/grub/util/mkimage.h b/include/grub/util/mkimage.h +index 1a18708a89c6e5503dd29b0b76f5098cef3ac893..b3a5ca132bc4d336f8d85158726bcce77fd7cd37 100644 +--- a/include/grub/util/mkimage.h ++++ b/include/grub/util/mkimage.h +@@ -51,13 +51,13 @@ grub_mkimage_load_image64 (const char *kernel_path, + void + grub_mkimage_generate_elf32 (const struct grub_install_image_target_desc *image_target, + int note, char **core_img, size_t *core_size, +- Elf32_Addr target_addr, grub_size_t align, +- size_t kernel_size, size_t bss_size); ++ Elf32_Addr target_addr, ++ struct grub_mkimage_layout *layout); + void + grub_mkimage_generate_elf64 (const struct grub_install_image_target_desc *image_target, + int note, char **core_img, size_t *core_size, +- Elf64_Addr target_addr, grub_size_t align, +- size_t kernel_size, size_t bss_size); ++ Elf64_Addr target_addr, ++ struct grub_mkimage_layout *layout); + + struct grub_install_image_target_desc + { +diff --git a/include/multiboot2.h b/include/multiboot2.h +index 5a3db5a7cae38c26be516dc76a4fa6a9ad4ed354..5693923c014f2fa9e855dcc89c7328a19e0e6408 100644 +--- a/include/multiboot2.h ++++ b/include/multiboot2.h +@@ -75,8 +75,8 @@ + #define MULTIBOOT_HEADER_TAG_ENTRY_ADDRESS_EFI64 9 + #define MULTIBOOT_HEADER_TAG_RELOCATABLE 10 + +-#define MULTIBOOT_ARCHITECTURE_I386 0 +-#define MULTIBOOT_ARCHITECTURE_MIPS32 4 ++#define MULTIBOOT2_ARCHITECTURE_I386 0 ++#define MULTIBOOT2_ARCHITECTURE_MIPS32 4 + #define MULTIBOOT_HEADER_TAG_OPTIONAL 1 + + #define MULTIBOOT_LOAD_PREFERENCE_NONE 0 +diff --git a/grub-core/boot/i386/pc/diskboot.S b/grub-core/boot/i386/pc/diskboot.S +index 1ee4cf5b2e0fd03ba177e953fafdaf5e0ca457a6..c1addc0df29bc78009238690a9514ea301bf3a29 100644 +--- a/grub-core/boot/i386/pc/diskboot.S ++++ b/grub-core/boot/i386/pc/diskboot.S +@@ -37,8 +37,8 @@ + start: + _start: + /* +- * _start is loaded at 0x2000 and is jumped to with +- * CS:IP 0:0x2000 in kernel. ++ * _start is loaded at 0x8000 and is jumped to with ++ * CS:IP 0:0x8000 in kernel. + */ + + /* +diff --git a/grub-core/boot/sparc64/ieee1275/boot.S b/grub-core/boot/sparc64/ieee1275/boot.S +index 586efb4014e8648e560fb43eee8eea8b09da669b..9ea9b4e06627bbd8b7da422ffba3357b4fba0a6a 100644 +--- a/grub-core/boot/sparc64/ieee1275/boot.S ++++ b/grub-core/boot/sparc64/ieee1275/boot.S +@@ -69,6 +69,10 @@ prom_seek_name: .asciz "seek" + prom_read_name: .asciz "read" + prom_exit_name: .asciz "exit" + grub_name: .asciz "GRUB " ++#ifdef CDBOOT ++prom_close_name: .asciz "close" ++#endif ++ + #define GRUB_NAME_LEN 5 + + .align 4 +@@ -213,6 +217,12 @@ bootpath_known: + call prom_call_3_1_o1 + #ifdef CDBOOT + LDUW_ABS(kernel_size, 0x00, %o3) ++ ++ GET_ABS(prom_close_name, %o0) ++ mov 1, %g1 ++ mov 0, %o5 ++ call prom_call ++ mov BOOTDEV_REG, %o1 + #else + mov 512, %o3 + #endif +diff --git a/grub-core/kern/arm/cache_armv7.S b/grub-core/kern/arm/cache_armv7.S +index 1ef2754af8a7612c35c26011fab442dbba074dfd..5ae76a3d819c002676f54db3311f517791e0c4e8 100644 +--- a/grub-core/kern/arm/cache_armv7.S ++++ b/grub-core/kern/arm/cache_armv7.S +@@ -33,6 +33,18 @@ + # define ISB isb + #define ARMV7 1 + ++FUNCTION(grub_arm_clean_dcache_range_poc_armv7) ++ DSB ++ @ Clean data cache for range to point-of-coherence ++1: cmp r0, r1 ++ bge 2f ++ mcr p15, 0, r0, c7, c14, 1 @ DCCMVAC ++ add r0, r0, r2 @ Next line ++ b 1b ++2: DSB ++ bx lr ++ ++ + @ r0 - CLIDR + @ r1 - LoC + @ r2 - current level +diff --git a/include/grub/arm/efi/loader.h b/grub-core/kern/arm/coreboot/coreboot.S +similarity index 62% +rename from include/grub/arm/efi/loader.h +rename to grub-core/kern/arm/coreboot/coreboot.S +index 4bab18e83ee833d6932fea917d839fe7dcc212d1..a1104526c154bd5a9dfd9e3680d8bb787c1088ef 100644 +--- a/include/grub/arm/efi/loader.h ++++ b/grub-core/kern/arm/coreboot/coreboot.S +@@ -1,6 +1,6 @@ + /* + * GRUB -- GRand Unified Bootloader +- * Copyright (C) 2013 Free Software Foundation, Inc. ++ * Copyright (C) 2016 Free Software Foundation, Inc. + * + * GRUB is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by +@@ -16,11 +16,29 @@ + * along with GRUB. If not, see . + */ + +-#ifndef GRUB_LOADER_MACHINE_HEADER +-#define GRUB_LOADER_MACHINE_HEADER 1 ++#include + +-grub_err_t EXPORT_FUNC (grub_efi_prepare_platform) (void); +-void * EXPORT_FUNC (grub_efi_allocate_loader_memory) (grub_uint32_t min_offset, +- grub_uint32_t size); ++ .file "coreboot.S" ++ .text ++ .syntax unified ++#if !defined (__thumb2__) ++ .arch armv7a ++ .arm ++#else ++ .arch armv7 ++ .thumb ++#endif ++ ++FUNCTION(grub_arm_pfr1) ++ mrc p15, 0, r0, c0, c1, 1 ++ bx lr ++ ++FUNCTION(grub_armv7_get_timer_value) ++ isb ++ mrrc p15, 1, r0, r1, c14 ++ bx lr ++ ++FUNCTION(grub_armv7_get_timer_frequency) ++ mrc p15, 0, r0, c14, c0, 0 ++ bx lr + +-#endif /* ! GRUB_LOADER_MACHINE_HEADER */ +diff --git a/grub-core/kern/arm/uboot/startup.S b/grub-core/kern/arm/startup.S +similarity index 77% +rename from grub-core/kern/arm/uboot/startup.S +rename to grub-core/kern/arm/startup.S +index 5efaae16e838b48dd4d9a5debfc2937a558c65ba..3946fe8e183023f80e3a90ae4ee7b942f02f204d 100644 +--- a/grub-core/kern/arm/uboot/startup.S ++++ b/grub-core/kern/arm/startup.S +@@ -24,6 +24,7 @@ + * GRUB is called from U-Boot as a Linux Kernel type image, which + * means among other things that it always enters in ARM state. + * ++ * coreboot starts in ARM mode as well. + * + * Overview of GRUB image layout: + * +@@ -86,7 +87,7 @@ FUNCTION(codestart) + @ Stack pointer used as start address for signature probing + mov r12, sp + adr sp, entry_state +- push {r1-r12,lr} @ store U-Boot context (sp in r12) ++ push {r0-r12,lr} @ store U-Boot context (sp in r12) + + adr r1, _start + ldr r0, bss_start_ptr @ src +@@ -127,6 +128,8 @@ reloc_done: + + str r1, EXT_C(grub_modbase) + ++ /* Coreboot already places modules at right place. */ ++#ifndef GRUB_MACHINE_COREBOOT + add r1, r1, r2 + add r0, r0, r2 + sub r1, r1, #4 +@@ -136,6 +139,7 @@ reloc_done: + str r3, [r1], #-4 @ *dst-- = r3 + subs r2, #4 @ remaining -= 4 + bne 1b @ while remaining != 0 ++#endif + + @ Since we _are_ the C run-time, we need to manually zero the BSS + @ region before continuing +@@ -153,69 +157,21 @@ reloc_done: + + b EXT_C(grub_main) + +- /* +- * uboot_syscall(): +- * This function is effectively a veneer, so it cannot +- * modify the stack or corrupt any registers other than +- * r12 (ip). Furthermore it needs to restore r8 for +- * U-Boot (Global Data Pointer) and preserve it for Grub. +- */ +-FUNCTION(grub_uboot_syscall) +- str r8, transition_space +- str lr, transition_space + 4 +- str r9, transition_space + 8 +- +- ldr r8, gd_backup +- ldr r9, gd_backup + 4 +- +- bl do_syscall +- +- ldr r8, transition_space +- ldr lr, transition_space + 4 +- ldr r9, transition_space + 8 +- +- bx lr +-do_syscall: +- +- ldr ip, grub_uboot_syscall_ptr +- bx ip +- +-FUNCTION(grub_uboot_return) +- adr sp, entry_state_end +- pop {r4-r12, lr} +- mov sp, r12 +- bx lr +- +- + .align 3 +-@ U-boot context stack space +-entry_state_end: +-VARIABLE(grub_uboot_machine_type) ++@ U-boot/coreboot context stack space ++VARIABLE(grub_arm_saved_registers) ++ .long 0 @ r0 + .long 0 @ r1 +-VARIABLE(grub_uboot_boot_data) + .long 0 @ r2 + .long 0 @ r3 + .long 0 @ r4 + .long 0 @ r5 + .long 0 @ r6 + .long 0 @ r7 +-gd_backup: +- .long 0 @ r8 - U-Boot global data pointer up to 2013-09-21 +- .long 0 @ r9 - U-Boot global data pointer 2013-09-21 onwards +- .long 0 @ r10 +- .long 0 @ r11 +-VARIABLE(grub_uboot_search_hint)@ U-Boot stack pointer - +- .long 0 @ also API signature address hint. +- .long 0 @ lr +-entry_state: @ backup for U-Boot context +- +-@ GRUB context stack space +-transition_space: + .long 0 @ r8 +- .long 0 @ lr + .long 0 @ r9 +- +-VARIABLE(grub_uboot_syscall_ptr) +- .long 0 @ +- +- END ++ .long 0 @ r10 ++ .long 0 @ r11 ++ .long 0 @ sp ++ .long 0 @ lr ++entry_state: +diff --git a/grub-core/kern/arm/uboot/uboot.S b/grub-core/kern/arm/uboot/uboot.S +new file mode 100644 +index 0000000000000000000000000000000000000000..d128775f19ea1f862b46bc82b05b453be577d741 +--- /dev/null ++++ b/grub-core/kern/arm/uboot/uboot.S +@@ -0,0 +1,73 @@ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2013 Free Software Foundation, Inc. ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ */ ++ ++#include ++#include ++#include ++ ++ /* ++ * uboot_syscall(): ++ * This function is effectively a veneer, so it cannot ++ * modify the stack or corrupt any registers other than ++ * r12 (ip). Furthermore it needs to restore r8 for ++ * U-Boot (Global Data Pointer) and preserve it for Grub. ++ */ ++FUNCTION(grub_uboot_syscall) ++ str r8, transition_space ++ str lr, transition_space + 4 ++ str r9, transition_space + 8 ++ ++ ldr ip, saved_registers_ptr ++ ldr r8, [ip, #4 * 8] ++ ldr r9, [ip, #4 * 9] ++ ++ bl do_syscall ++ ++ ldr r8, transition_space ++ ldr lr, transition_space + 4 ++ ldr r9, transition_space + 8 ++ ++ bx lr ++do_syscall: ++ ++ ldr ip, grub_uboot_syscall_ptr ++ bx ip ++ ++FUNCTION(grub_uboot_return) ++ ldr ip, saved_registers_ptr ++ ldr sp, [ip, #4 * 4] ++ pop {r4-r12, lr} ++ mov sp, r12 ++ bx lr ++ ++ ++ .align 3 ++ ++@ GRUB context stack space ++transition_space: ++ .long 0 @ r8 ++ .long 0 @ lr ++ .long 0 @ r9 ++ ++saved_registers_ptr: ++ .long EXT_C(grub_arm_saved_registers) ++ ++VARIABLE(grub_uboot_syscall_ptr) ++ .long 0 @ ++ ++ END +diff --git a/conf/Makefile.common b/conf/Makefile.common +index 11296b550a7cd40ded498613620f556d78c67d84..311da61c6c59fed3de8cba06c2c581b217d8273f 100644 +--- a/conf/Makefile.common ++++ b/conf/Makefile.common +@@ -86,9 +86,11 @@ CPPFLAGS_TERMINAL_LIST += '-Dgrub_term_register_output(...)=OUTPUT_TERMINAL_LIST + CPPFLAGS_COMMAND_LIST = '-Dgrub_register_command(...)=COMMAND_LIST_MARKER(__VA_ARGS__)' + CPPFLAGS_COMMAND_LIST += '-Dgrub_register_extcmd(...)=EXTCOMMAND_LIST_MARKER(__VA_ARGS__)' + CPPFLAGS_COMMAND_LIST += '-Dgrub_register_command_p1(...)=P1COMMAND_LIST_MARKER(__VA_ARGS__)' ++CPPFLAGS_FDT_LIST := '-Dgrub_fdtbus_register(...)=FDT_DRIVER_LIST_MARKER(__VA_ARGS__)' + CPPFLAGS_MARKER = $(CPPFLAGS_FS_LIST) $(CPPFLAGS_VIDEO_LIST) \ + $(CPPFLAGS_PARTTOOL_LIST) $(CPPFLAGS_PARTMAP_LIST) \ +- $(CPPFLAGS_TERMINAL_LIST) $(CPPFLAGS_COMMAND_LIST) ++ $(CPPFLAGS_TERMINAL_LIST) $(CPPFLAGS_COMMAND_LIST) \ ++ $(CPPFLAGS_FDT_LIST) + + # Define these variables to calm down automake + +diff --git a/docs/grub.texi b/docs/grub.texi +index e935af33ea5e24d832e588d1345e3721b826d5a0..2adfa97bee8f8b2dcd53ead368dfd6f115b8cb82 100644 +--- a/docs/grub.texi ++++ b/docs/grub.texi +@@ -360,8 +360,9 @@ blocklist notation. The currently supported filesystem types are @dfn{Amiga + Fast FileSystem (AFFS)}, @dfn{AtheOS fs}, @dfn{BeFS}, + @dfn{BtrFS} (including raid0, raid1, raid10, gzip and lzo), + @dfn{cpio} (little- and big-endian bin, odc and newc variants), +-@dfn{Linux ext2/ext3/ext4}, @dfn{DOS FAT12/FAT16/FAT32}, @dfn{exFAT}, @dfn{HFS}, +-@dfn{HFS+}, @dfn{ISO9660} (including Joliet, Rock-ridge and multi-chunk files), ++@dfn{Linux ext2/ext3/ext4}, @dfn{DOS FAT12/FAT16/FAT32}, ++@dfn{exFAT}, @dfn{F2FS}, @dfn{HFS}, @dfn{HFS+}, ++@dfn{ISO9660} (including Joliet, Rock-ridge and multi-chunk files), + @dfn{JFS}, @dfn{Minix fs} (versions 1, 2 and 3), @dfn{nilfs2}, + @dfn{NTFS} (including compression), @dfn{ReiserFS}, @dfn{ROMFS}, + @dfn{Amiga Smart FileSystem (SFS)}, @dfn{Squash4}, @dfn{tar}, @dfn{UDF}, +@@ -1213,10 +1214,11 @@ GRUB is configured using @file{grub.cfg}, usually located under + need to write the whole thing by hand. + + @menu +-* Simple configuration:: Recommended for most users +-* Shell-like scripting:: For power users and developers +-* Multi-boot manual config:: For non-standard multi-OS scenarios +-* Embedded configuration:: Embedding a configuration file into GRUB ++* Simple configuration:: Recommended for most users ++* Root Identifcation Heuristics:: Summary on how the root file system is identified. ++* Shell-like scripting:: For power users and developers ++* Multi-boot manual config:: For non-standard multi-OS scenarios ++* Embedded configuration:: Embedding a configuration file into GRUB + @end menu + + +@@ -1398,6 +1400,25 @@ for all respectively normal entries. + The values of these options replace the values of @samp{GRUB_CMDLINE_LINUX} + and @samp{GRUB_CMDLINE_LINUX_DEFAULT} for Linux and Xen menu entries. + ++@item GRUB_EARLY_INITRD_LINUX_CUSTOM ++@itemx GRUB_EARLY_INITRD_LINUX_STOCK ++List of space-separated early initrd images to be loaded from @samp{/boot}. ++This is for loading things like CPU microcode, firmware, ACPI tables, crypto ++keys, and so on. These early images will be loaded in the order declared, ++and all will be loaded before the actual functional initrd image. ++ ++@samp{GRUB_EARLY_INITRD_LINUX_STOCK} is for your distribution to declare ++images that are provided by the distribution. It should not be modified ++without understanding the consequences. They will be loaded first. ++ ++@samp{GRUB_EARLY_INITRD_LINUX_CUSTOM} is for your custom created images. ++ ++The default stock images are as follows, though they may be overridden by ++your distribution: ++@example ++intel-uc.img intel-ucode.img amd-uc.img amd-ucode.img early_ucode.cpio microcode.cpio ++@end example ++ + @item GRUB_DISABLE_LINUX_UUID + Normally, @command{grub-mkconfig} will generate menu entries that use + universally-unique identifiers (UUIDs) to identify the root filesystem to +@@ -1405,6 +1426,17 @@ the Linux kernel, using a @samp{root=UUID=...} kernel parameter. This is + usually more reliable, but in some cases it may not be appropriate. To + disable the use of UUIDs, set this option to @samp{true}. + ++@item GRUB_DISABLE_LINUX_PARTUUID ++If @command{grub-mkconfig} cannot identify the root filesystem via its ++universally-unique indentifier (UUID), @command{grub-mkconfig} can use the UUID ++of the partition containing the filesystem to identify the root filesystem to ++the Linux kernel via a @samp{root=PARTUUID=...} kernel parameter. This is not ++as reliable as using the filesystem UUID, but is more reliable than using the ++Linux device names. When @samp{GRUB_DISABLE_LINUX_PARTUUID} is set to ++@samp{false}, the Linux kernel version must be 2.6.37 (3.10 for systems using ++the MSDOS partition scheme) or newer. This option defaults to @samp{true}. To ++enable the use of partition UUIDs, set this option to @samp{false}. ++ + @item GRUB_DISABLE_RECOVERY + If this option is set to @samp{true}, disable the generation of recovery + mode menu entries. +@@ -1536,6 +1568,53 @@ edit the scripts in @file{/etc/grub.d} directly. + menu entries; simply type the menu entries you want to add at the end of + that file, making sure to leave at least the first two lines intact. + ++@node Root Identifcation Heuristics ++@section Root Identifcation Heuristics ++If the target operating system uses the Linux kernel, @command{grub-mkconfig} ++attempts to identify the root file system via a heuristic algoirthm. This ++algorithm selects the identification method of the root file system by ++considering three factors. The first is if an initrd for the target operating ++system is also present. The second is @samp{GRUB_DISABLE_LINUX_UUID} and if set ++to @samp{true}, prevents @command{grub-mkconfig} from identifying the root file ++system by its UUID. The third is @samp{GRUB_DISABLE_LINUX_PARTUUID} and if set ++to @samp{true}, prevents @command{grub-mkconfig} from identifying the root file ++system via the UUID of its enclosing partition. If the variables are assigned ++any other value, that value is considered equivalent to @samp{false}. The ++variables are also considered to be set to @samp{false} if they are not set. ++ ++When booting, the Linux kernel will delegate the task of mounting the root ++filesystem to the initrd. Most initrd images determine the root file system by ++checking the Linux kernel's command-line for the @samp{root} key and use its ++value as the identification method of the root file system. To improve the ++reliability of booting, most initrd images also allow the root file system to be ++identified by its UUID. Because of this behavior, the @command{grub-mkconfig} ++command will set @samp{root} to @samp{root=UUID=...} to provide the initrd with ++the filesystem UUID of the root file system. ++ ++If no initrd is detected or @samp{GRUB_DISABLE_LINUX_UUID} is set to @samp{true} ++then @command{grub-command} will identify the root filesystem by setting the ++kernel command-line variable @samp{root} to @samp{root=PARTUUID=...} unless ++@samp{GRUB_DISABLE_LINUX_PARTUUID} is also set to @samp{true}. If ++@samp{GRUB_DISABLE_LINUX_PARTUUID} is also set to @samp{true}, ++@command{grub-command} will identify by its Linux device name. ++ ++The following table summarizes the behavior of the @command{grub-mkconfig} ++command. ++ ++@multitable {detected} {GRUB_DISABLE_LINUX_PARTUUID} {GRUB_DISABLE_LINUX_UUID} {Linux Root} ++@headitem Initrd detected @tab GRUB_DISABLE_LINUX_PARTUUID Set To @tab GRUB_DISABLE_LINUX_UUID Set To @tab Linux Root ID Method ++@item false @tab false @tab false @tab part UUID ++@item false @tab false @tab true @tab part UUID ++@item false @tab true @tab false @tab dev name ++@item false @tab true @tab true @tab dev name ++@item true @tab false @tab false @tab fs UUID ++@item true @tab false @tab true @tab part UUID ++@item true @tab true @tab false @tab fs UUID ++@item true @tab true @tab true @tab dev name ++@end multitable ++ ++Remember, @samp{GRUB_DISABLE_LINUX_PARTUUID} and @samp{GRUB_DISABLE_LINUX_UUID} ++are also considered to be set to @samp{false} when they are unset. + + @node Shell-like scripting + @section Writing full configuration files directly +@@ -3873,11 +3952,9 @@ you forget a command, you can run the command @command{help} + @comment * vbeinfo:: List available video modes + * verify_detached:: Verify detached digital signature + * videoinfo:: List available video modes +-@comment * xen_*:: Xen boot commands +-* xen_hypervisor:: Load xen hypervisor binary +-* xen_linux:: Load dom0 kernel for xen hypervisor +-* xen_initrd:: Load dom0 initrd for dom0 kernel +-* xen_xsm:: Load xen security module for xen hypervisor ++@comment * xen_*:: Xen boot commands for AArch64 ++* xen_hypervisor:: Load xen hypervisor binary (only on AArch64) ++* xen_module:: Load xen modules for xen hypervisor (only on AArch64) + @end menu + + +@@ -4645,7 +4722,7 @@ range 0-0xFF (prefix with @samp{0x} to enter it in hexadecimal). + When enabled, this hides the selected partition by setting the @dfn{hidden} + bit in its partition type code; when disabled, unhides the selected + partition by clearing this bit. This is useful only when booting DOS or +-Wwindows and multiple primary FAT partitions exist in one disk. See also ++Windows and multiple primary FAT partitions exist in one disk. See also + @ref{DOS/Windows}. + @end table + @end deffn +@@ -5153,32 +5230,22 @@ List available video modes. If resolution is given, show only matching modes. + Load a Xen hypervisor binary from @var{file}. The rest of the line is passed + verbatim as the @dfn{kernel command-line}. Any other binaries must be + reloaded after using this command. ++This command is only available on AArch64 systems. + @end deffn + +-@node xen_linux +-@subsection xen_linux ++@node xen_module ++@subsection xen_module + +-@deffn Command xen_linux file [arguments] +-Load a dom0 kernel image for xen hypervisor at the booting process of xen. ++@deffn Command xen_module [--nounzip] file [arguments] ++Load a module for xen hypervisor at the booting process of xen. + The rest of the line is passed verbatim as the module command line. ++Modules should be loaded in the following order: ++ - dom0 kernel image ++ - dom0 ramdisk if present ++ - XSM policy if present ++This command is only available on AArch64 systems. + @end deffn + +-@node xen_initrd +-@subsection xen_initrd +- +-@deffn Command xen_initrd file +-Load a initrd image for dom0 kernel at the booting process of xen. +-@end deffn +- +-@node xen_xsm +-@subsection xen_xsm +- +-@deffn Command xen_xsm file +-Load a xen security module for xen hypervisor at the booting process of xen. +-See @uref{http://wiki.xen.org/wiki/XSM} for more detail. +-@end deffn +- +- + @node Networking commands + @section The list of networking commands + +@@ -5368,7 +5435,7 @@ NTFS, JFS, UDF, HFS+, exFAT, long filenames in FAT, Joliet part of + ISO9660 are treated as UTF-16 as per specification. AFS and BFS are read + as UTF-8, again according to specification. BtrFS, cpio, tar, squash4, minix, + minix2, minix3, ROMFS, ReiserFS, XFS, ext2, ext3, ext4, FAT (short names), +-RockRidge part of ISO9660, nilfs2, UFS1, UFS2 and ZFS are assumed ++F2FS, RockRidge part of ISO9660, nilfs2, UFS1, UFS2 and ZFS are assumed + to be UTF-8. This might be false on systems configured with legacy charset + but as long as the charset used is superset of ASCII you should be able to + access ASCII-named files. And it's recommended to configure your system to use +diff --git a/gentpl.py b/gentpl.py +index f08bcc404f6a8bd8c3b13a6d5bb041ee32422776..da67965a41a40cde7c987b719fea39cd02ba10e5 100644 +--- a/gentpl.py ++++ b/gentpl.py +@@ -31,7 +31,8 @@ GRUB_PLATFORMS = [ "emu", "i386_pc", "i386_efi", "i386_qemu", "i386_coreboot", + "i386_xen", "x86_64_xen", + "mips_loongson", "sparc64_ieee1275", + "powerpc_ieee1275", "mips_arc", "ia64_efi", +- "mips_qemu_mips", "arm_uboot", "arm_efi", "arm64_efi" ] ++ "mips_qemu_mips", "arm_uboot", "arm_efi", "arm64_efi", ++ "arm_coreboot"] + + GROUPS = {} + +@@ -44,7 +45,7 @@ GROUPS["x86"] = GROUPS["i386"] + GROUPS["x86_64"] + GROUPS["mips"] = [ "mips_loongson", "mips_qemu_mips", "mips_arc" ] + GROUPS["sparc64"] = [ "sparc64_ieee1275" ] + GROUPS["powerpc"] = [ "powerpc_ieee1275" ] +-GROUPS["arm"] = [ "arm_uboot", "arm_efi" ] ++GROUPS["arm"] = [ "arm_uboot", "arm_efi", "arm_coreboot" ] + GROUPS["arm64"] = [ "arm64_efi" ] + + # Groups based on firmware +@@ -52,6 +53,7 @@ GROUPS["efi"] = [ "i386_efi", "x86_64_efi", "ia64_efi", "arm_efi", "arm64_efi" + GROUPS["ieee1275"] = [ "i386_ieee1275", "sparc64_ieee1275", "powerpc_ieee1275" ] + GROUPS["uboot"] = [ "arm_uboot" ] + GROUPS["xen"] = [ "i386_xen", "x86_64_xen" ] ++GROUPS["coreboot"] = [ "i386_coreboot", "arm_coreboot" ] + + # emu is a special case so many core functionality isn't needed on this platform + GROUPS["noemu"] = GRUB_PLATFORMS[:]; GROUPS["noemu"].remove("emu") +@@ -61,10 +63,10 @@ GROUPS["cmos"] = GROUPS["x86"][:] + ["mips_loongson", "mips_qemu_mips", + "sparc64_ieee1275", "powerpc_ieee1275"] + GROUPS["cmos"].remove("i386_efi"); GROUPS["cmos"].remove("x86_64_efi"); + GROUPS["pci"] = GROUPS["x86"] + ["mips_loongson"] +-GROUPS["usb"] = GROUPS["pci"] ++GROUPS["usb"] = GROUPS["pci"] + ["arm_coreboot"] + + # If gfxterm is main output console integrate it into kernel +-GROUPS["videoinkernel"] = ["mips_loongson", "i386_coreboot" ] ++GROUPS["videoinkernel"] = ["mips_loongson", "i386_coreboot", "arm_coreboot" ] + GROUPS["videomodules"] = GRUB_PLATFORMS[:]; + for i in GROUPS["videoinkernel"]: GROUPS["videomodules"].remove(i) + +diff --git a/grub-core/Makefile.am b/grub-core/Makefile.am +index 04e9395fd949460672c1113c3d49c90a5d4471ec..f4ff62b769ae99f1d9b2fadf51378966c93d835c 100644 +--- a/grub-core/Makefile.am ++++ b/grub-core/Makefile.am +@@ -112,7 +112,7 @@ endif + + if COND_i386_coreboot + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/i386/tsc.h +-KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/i386/coreboot/lbio.h ++KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/coreboot/lbio.h + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/video.h + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/video_fb.h + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/gfxterm.h +@@ -239,8 +239,21 @@ KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/lib/arg.h + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/arm/system.h + endif + ++if COND_arm_coreboot ++KERNEL_HEADER_FILES += $(top_builddir)/include/grub/keyboard_layouts.h ++KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/arm/system.h ++KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/video.h ++KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/video_fb.h ++KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/gfxterm.h ++KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/font.h ++KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/bufio.h ++KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/fdt.h ++KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/dma.h ++KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/arm/coreboot/kernel.h ++KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/fdtbus.h ++endif ++ + if COND_arm_efi +-KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/arm/efi/loader.h + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/efi/efi.h + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/efi/disk.h + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/arm/system.h +@@ -278,7 +291,7 @@ BUILT_SOURCES += symlist.h + + symlist.c: symlist.h gensymlist.sh + $(TARGET_CPP) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS_KERNEL) $(CPPFLAGS) -DGRUB_SYMBOL_GENERATOR=1 symlist.h > symlist.p || (rm -f symlist.p; exit 1) +- cat symlist.p | /bin/sh $(srcdir)/gensymlist.sh $(top_builddir)/config.h $(KERNEL_HEADER_FILES) >$@ || (rm -f $@; exit 1) ++ cat symlist.p | $(SHELL) $(srcdir)/gensymlist.sh $(top_builddir)/config.h $(KERNEL_HEADER_FILES) >$@ || (rm -f $@; exit 1) + rm -f symlist.p + CLEANFILES += symlist.c + BUILT_SOURCES += symlist.c +@@ -358,6 +371,16 @@ terminal.lst: $(MARKER_FILES) + platform_DATA += terminal.lst + CLEANFILES += terminal.lst + ++fdt.lst: $(MARKER_FILES) ++ (for pp in $^; do \ ++ b=`basename $$pp .marker`; \ ++ sed -n \ ++ -e "/FDT_DRIVER_LIST_MARKER *( *\"/{s/.*( *\"\([^\"]*\)\".*/i\1: $$b/;p;}" \ ++ -e "/FDT_DRIVER_LIST_MARKER *( *\"/{s/.*( *\"\([^\"]*\)\".*/o\1: $$b/;p;}" $$pp; \ ++ done) | sort -u > $@ ++platform_DATA += fdt.lst ++CLEANFILES += fdt.lst ++ + parttool.lst: $(MARKER_FILES) + (for pp in $^; do \ + b=`basename $$pp .marker`; \ +diff --git a/grub-core/genmod.sh.in b/grub-core/genmod.sh.in +index 03cc3b7f69ed3cfb69b744f8114895fd0e14fde7..1250589b3f5f88b52d7ea6de361427339fe7e578 100644 +--- a/grub-core/genmod.sh.in ++++ b/grub-core/genmod.sh.in +@@ -1,4 +1,4 @@ +-#! /bin/sh ++#! @BUILD_SHEBANG@ + set -e + + # Copyright (C) 2010 Free Software Foundation, Inc. +@@ -58,6 +58,10 @@ if test x@TARGET_APPLE_LINKER@ != x1; then + -K grub_mod_init -K grub_mod_fini \ + -K _grub_mod_init -K _grub_mod_fini \ + -R .note.gnu.gold-version -R .note.GNU-stack \ ++ -R .gnu.build.attributes \ ++ -R .rel.gnu.build.attributes \ ++ -R .rela.gnu.build.attributes \ ++ -R .eh_frame -R .rela.eh_frame -R .rel.eh_frame \ + -R .note -R .comment -R .ARM.exidx $tmpfile || exit 1 + fi + if ! test -z "${TARGET_OBJ2ELF}"; then +diff --git a/grub-core/genmoddep.awk b/grub-core/genmoddep.awk +index bd98d84cdd7427eef2f3651f455377d469955250..04c2863e5abfa4d950df2c41d579dea03a361927 100644 +--- a/grub-core/genmoddep.awk ++++ b/grub-core/genmoddep.awk +@@ -18,6 +18,10 @@ BEGIN { + + { + if ($1 == "defined") { ++ if ($3 !~ /^\.refptr\./ && $3 in symtab) { ++ printf "%s in %s is duplicated in %s\n", $3, $2, symtab[$3] >"/dev/stderr"; ++ error++; ++ } + symtab[$3] = $2; + modtab[$2] = "" modtab[$2] + } else if ($1 == "undefined") { +diff --git a/grub-core/gensyminfo.sh.in b/grub-core/gensyminfo.sh.in +index 2e8716b425cb04d9379ef5e2c629283d0f346c90..9bc7675327a6d9229492548671dd004054282434 100644 +--- a/grub-core/gensyminfo.sh.in ++++ b/grub-core/gensyminfo.sh.in +@@ -1,4 +1,4 @@ +-#! /bin/sh ++#! @BUILD_SHEBANG@ + set -e + + # Copyright (C) 2010 Free Software Foundation, Inc. +diff --git a/grub-core/modinfo.sh.in b/grub-core/modinfo.sh.in +index faf0ad30edbe878270a185add45aa70e245d8b3a..f6cd657ce0f8307547fc5d011efa35622c318e63 100644 +--- a/grub-core/modinfo.sh.in ++++ b/grub-core/modinfo.sh.in +@@ -1,4 +1,4 @@ +-#!/bin/sh ++#!@BUILD_SHEBANG@ + + # User-controllable options + grub_modinfo_target_cpu=@target_cpu@ +diff --git a/grub-core/script/yylex.l b/grub-core/script/yylex.l +index 95b2191705ac826833e0951fa323242a9f8859d1..7b44c37b76ffa87f24b6f04260b9519f0c8654c0 100644 +--- a/grub-core/script/yylex.l ++++ b/grub-core/script/yylex.l +@@ -91,7 +91,7 @@ typedef size_t yy_size_t; + #define stdin 0 + #define stdout 0 + +-#define fprintf(...) 0 ++#define fprintf(...) (void)0 + #define exit(...) grub_fatal("fatal error in lexer") + #endif + +diff --git a/po/Makefile.in.in b/po/Makefile.in.in +index 3619458e85f2bed3f92a76a9d919c26a30116dee..e68e9da843d927bfb6bbd519f4b3923c733abd7c 100644 +--- a/po/Makefile.in.in ++++ b/po/Makefile.in.in +@@ -15,7 +15,7 @@ PACKAGE = @PACKAGE@ + VERSION = @VERSION@ + PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ + +-SHELL = /bin/sh ++SHELL = @SHELL@ + @SET_MAKE@ + + srcdir = @srcdir@ +diff --git a/po/exclude.pot b/po/exclude.pot +index 0a9b215eaf1971bf2a2af8a36e9605043de38e36..816089c30cbd36939b2a72724b3d591a0ac8a290 100644 +GIT binary patch +delta 49 +zcmaEUhNJl`#|G_WNh^i)qS7SY?UJ|KB{OOs +F1^~&~5lR36 + +delta 27 +jcmZoZ%klgS#|G`>=`Ng%LX#(mur$XeZ;wr8R67g+m_Q0B + +diff --git a/tests/ahci_test.in b/tests/ahci_test.in +index 1d01d1f59a0aac8911ff7ca3e62565f2dee5954d..7df56046201e4c2e4a55bdcdd403853cde902268 100644 +--- a/tests/ahci_test.in ++++ b/tests/ahci_test.in +@@ -1,4 +1,4 @@ +-#! /bin/sh ++#! @BUILD_SHEBANG@ + # Copyright (C) 2013 Free Software Foundation, Inc. + # + # GRUB is free software: you can redistribute it and/or modify +diff --git a/tests/btrfs_test.in b/tests/btrfs_test.in +index c55d9477f78e01b6556bc0da9695f038523936f4..2b37ddd3324cc77f1edeb03feb369c22d03204a2 100644 +--- a/tests/btrfs_test.in ++++ b/tests/btrfs_test.in +@@ -1,4 +1,4 @@ +-#!/bin/sh ++#!@BUILD_SHEBANG@ + + set -e + +diff --git a/tests/cdboot_test.in b/tests/cdboot_test.in +index 1cc901977c229dcf839bf58bede2b34f04252d57..75acdfedb7fe4a634d4122e44b3cd01778ed6f35 100644 +--- a/tests/cdboot_test.in ++++ b/tests/cdboot_test.in +@@ -1,4 +1,4 @@ +-#! /bin/sh ++#! @BUILD_SHEBANG@ + # Copyright (C) 2013 Free Software Foundation, Inc. + # + # GRUB is free software: you can redistribute it and/or modify +diff --git a/tests/core_compress_test.in b/tests/core_compress_test.in +index 1003587ccca65616b0c7e3c1b90353ef7f459299..9d216ebcff60bfce04e3be4dbd1f8834800a6948 100644 +--- a/tests/core_compress_test.in ++++ b/tests/core_compress_test.in +@@ -1,4 +1,4 @@ +-#! /bin/sh ++#! @BUILD_SHEBANG@ + # Copyright (C) 2013 Free Software Foundation, Inc. + # + # GRUB is free software: you can redistribute it and/or modify +diff --git a/tests/cpio_test.in b/tests/cpio_test.in +index 0b09db549f07868a524376f0eb25fd6a2cac9e40..5742cf17b9d8f587d00590d481f0a00aaf6cada8 100644 +--- a/tests/cpio_test.in ++++ b/tests/cpio_test.in +@@ -1,4 +1,4 @@ +-#!/bin/sh ++#!@BUILD_SHEBANG@ + + set -e + +diff --git a/tests/ehci_test.in b/tests/ehci_test.in +index 7dd8d3e8fbd4a76b8efb88d69ecd8989546dc543..b197f8cdc922628ed35863dfa384eeef4cc4cc09 100644 +--- a/tests/ehci_test.in ++++ b/tests/ehci_test.in +@@ -1,4 +1,4 @@ +-#! /bin/sh ++#! @BUILD_SHEBANG@ + # Copyright (C) 2013 Free Software Foundation, Inc. + # + # GRUB is free software: you can redistribute it and/or modify +diff --git a/tests/example_scripted_test.in b/tests/example_scripted_test.in +index 09633e89341e079a05fda7461d867e1541df4287..783b7f13853f39f9ec63b8da1da6e8a1b3a887a5 100644 +--- a/tests/example_scripted_test.in ++++ b/tests/example_scripted_test.in +@@ -1,4 +1,4 @@ +-#!/bin/sh ++#!@BUILD_SHEBANG@ + set -e + + true +diff --git a/tests/exfat_test.in b/tests/exfat_test.in +index fc1a0fe5ec0306434434f0b49b20c44a1736dca1..cd3cd4cb2f70bb99df7edbfa8b5697f4316548ac 100644 +--- a/tests/exfat_test.in ++++ b/tests/exfat_test.in +@@ -1,4 +1,4 @@ +-#!/bin/sh ++#!@BUILD_SHEBANG@ + + set -e + +diff --git a/tests/ext234_test.in b/tests/ext234_test.in +index c986960a8bec696deb37a55cba00915219d77215..4f1eb527eb2ed41095266dba6d5013ead77d9be3 100644 +--- a/tests/ext234_test.in ++++ b/tests/ext234_test.in +@@ -1,4 +1,4 @@ +-#!/bin/sh ++#!@BUILD_SHEBANG@ + + set -e + +@@ -30,3 +30,4 @@ fi + "@builddir@/grub-fs-tester" ext3 + "@builddir@/grub-fs-tester" ext4 + "@builddir@/grub-fs-tester" ext4_metabg ++"@builddir@/grub-fs-tester" ext4_encrypt +diff --git a/tests/f2fs_test.in b/tests/f2fs_test.in +new file mode 100644 +index 0000000000000000000000000000000000000000..1ea77c826d32bd01e33d13ea7ad6639eb1cb77b0 +--- /dev/null ++++ b/tests/f2fs_test.in +@@ -0,0 +1,19 @@ ++#!/bin/sh ++ ++set -e ++ ++if [ "x$EUID" = "x" ] ; then ++ EUID=`id -u` ++fi ++ ++if [ "$EUID" != 0 ] ; then ++ exit 77 ++fi ++ ++if ! which mkfs.f2fs >/dev/null 2>&1; then ++ echo "mkfs.f2fs not installed; cannot test f2fs." ++ exit 77 ++fi ++ ++ ++"@builddir@/grub-fs-tester" f2fs +diff --git a/tests/fat_test.in b/tests/fat_test.in +index 1d132b51703c43e269d5500ca1740fa1e6b9a42c..b6b4748ca694b59337441a2f3111863e01799884 100644 +--- a/tests/fat_test.in ++++ b/tests/fat_test.in +@@ -1,4 +1,4 @@ +-#!/bin/sh ++#!@BUILD_SHEBANG@ + + set -e + +diff --git a/tests/fddboot_test.in b/tests/fddboot_test.in +index a59645b7f873872490ac2474a30420c2df7a5caf..2d7dfc8891f6d7fdf42f88dea1213428e23b6f2e 100644 +--- a/tests/fddboot_test.in ++++ b/tests/fddboot_test.in +@@ -1,4 +1,4 @@ +-#! /bin/sh ++#! @BUILD_SHEBANG@ + # Copyright (C) 2013 Free Software Foundation, Inc. + # + # GRUB is free software: you can redistribute it and/or modify +diff --git a/tests/file_filter_test.in b/tests/file_filter_test.in +index 8909e4021fb1d507cd5bf3b63319824fdc005dd5..bfb6382274e48d409d6cf6f918fc252f993f717f 100644 +--- a/tests/file_filter_test.in ++++ b/tests/file_filter_test.in +@@ -1,4 +1,4 @@ +-#! /bin/sh ++#! @BUILD_SHEBANG@ + # Copyright (C) 2014 Free Software Foundation, Inc. + # + # GRUB is free software: you can redistribute it and/or modify +diff --git a/tests/gettext_strings_test.in b/tests/gettext_strings_test.in +index 5c305e75b7e9583f6be8a23d389051cf1fe2c243..813999ebe6ea5ee35796669e58baa57d0a2ace95 100644 +--- a/tests/gettext_strings_test.in ++++ b/tests/gettext_strings_test.in +@@ -1,4 +1,4 @@ +-#!/bin/sh ++#!@BUILD_SHEBANG@ + + cd '@srcdir@' + +diff --git a/tests/grub_cmd_date.in b/tests/grub_cmd_date.in +index a459353e8a51c22fb966a842af532cff904de2a3..f7c9ca00432fa3307a2fb53ac88ca11115d7f73f 100644 +--- a/tests/grub_cmd_date.in ++++ b/tests/grub_cmd_date.in +@@ -1,4 +1,4 @@ +-#! /bin/bash ++#! @BUILD_SHEBANG@ + set -e + + . "@builddir@/grub-core/modinfo.sh" +@@ -9,7 +9,7 @@ if [ "${grub_modinfo_target_cpu}-${grub_modinfo_platform}" = sparc64-ieee1275 ]; + fi + + pdt="$(date -u +%s)" +-dt=`echo date | @builddir@/grub-shell` ++dt=`echo date | @builddir@/grub-shell | sed 's, [A-Z][a-z]*$,,'` + dtg="$(date -u -d "$dt" +%s)" + ndt="$(date -u +%s)" + +diff --git a/tests/grub_cmd_regexp.in b/tests/grub_cmd_regexp.in +index e7e6257011525ee42ca6945485208155fe717d24..6520bd6d79acc0c8f5bfddc443912d74e826a0c8 100644 +--- a/tests/grub_cmd_regexp.in ++++ b/tests/grub_cmd_regexp.in +@@ -1,4 +1,4 @@ +-#! /bin/bash ++#! @BUILD_SHEBANG@ + set -e + + # Run GRUB script in a Qemu instance +diff --git a/tests/grub_cmd_set_date.in b/tests/grub_cmd_set_date.in +index c594ae3fc14ebf7a6be86b90f4d048747383a69f..aac120a6c52731649678549d34372af14fef52d9 100644 +--- a/tests/grub_cmd_set_date.in ++++ b/tests/grub_cmd_set_date.in +@@ -1,4 +1,4 @@ +-#! /bin/bash ++#! @BUILD_SHEBANG@ + set -e + + . "@builddir@/grub-core/modinfo.sh" +diff --git a/tests/grub_cmd_sleep.in b/tests/grub_cmd_sleep.in +index eb362aa2439d713bf4246e2c56932bbc6200d710..8797f6632845f5a76ac22b813c223897ceddd672 100644 +--- a/tests/grub_cmd_sleep.in ++++ b/tests/grub_cmd_sleep.in +@@ -1,4 +1,4 @@ +-#! /bin/bash ++#! @BUILD_SHEBANG@ + set -e + + . "@builddir@/grub-core/modinfo.sh" +@@ -11,8 +11,8 @@ fi + # Compare RTC with interval timer. + # Not 100% proper but should check that timer is running ok + dt=`echo 'date; sleep 10; date' | @builddir@/grub-shell` +-dt1="$(date -u -d "$(echo "$dt" | head -n 1)" +%s)" +-dt2="$(date -u -d "$(echo "$dt" | tail -n 1)" +%s)" ++dt1="$(date -u -d "$(echo "$dt" | head -n 1 | sed 's, [A-Z][a-z]*$,,')" +%s)" ++dt2="$(date -u -d "$(echo "$dt" | tail -n 1 | sed 's, [A-Z][a-z]*$,,')" +%s)" + + # Ignore QEMU bug + if [ "${grub_modinfo_target_cpu}" = arm ] && [ $((dt2 - dt1)) -ge 15 ] && [ $((dt2 - dt1)) -le 17 ]; then +diff --git a/tests/grub_cmd_test.in b/tests/grub_cmd_test.in +index 6269891c9eeddb70f42da372e5636089e666818d..3399eb2929408570e9dad99db8dbc7215b41aea4 100644 +--- a/tests/grub_cmd_test.in ++++ b/tests/grub_cmd_test.in +@@ -1,4 +1,4 @@ +-#! /bin/bash ++#! @BUILD_SHEBANG@ + + # create a randome file + empty="`mktemp "${TMPDIR:-/tmp}/tmp.XXXXXXXXXX"`" || exit 1 +diff --git a/tests/grub_cmd_tr.in b/tests/grub_cmd_tr.in +index 3fb15e35c8ac3ac218abf580f8ff5cdcaa2925ca..bed469c03ddc9a762112896d75af399678af711e 100644 +--- a/tests/grub_cmd_tr.in ++++ b/tests/grub_cmd_tr.in +@@ -1,4 +1,4 @@ +-#! /bin/bash -e ++#! @BUILD_SHEBANG@ -e + + # Run GRUB script in a Qemu instance + # Copyright (C) 2010 Free Software Foundation, Inc. +diff --git a/tests/grub_func_test.in b/tests/grub_func_test.in +index c8cc263763377fd23d6c7f1eca49c1edafe530a7..c67f9e422534a402614eb280fe67d165fd0bb906 100644 +--- a/tests/grub_func_test.in ++++ b/tests/grub_func_test.in +@@ -1,4 +1,4 @@ +-#! /bin/bash ++#! @BUILD_SHEBANG@ + set -e + + . "@builddir@/grub-core/modinfo.sh" +diff --git a/tests/grub_script_blanklines.in b/tests/grub_script_blanklines.in +index 89ed763d3f4e0bb2a3ac3a61de9e0ec49b2eaccf..bd8735491be3b947c72fffbf5767d7ab6bcf91ae 100644 +--- a/tests/grub_script_blanklines.in ++++ b/tests/grub_script_blanklines.in +@@ -1,4 +1,4 @@ +-#! /bin/sh ++#! @BUILD_SHEBANG@ + set -e + + @builddir@/grub-script-check < 4096 + MAXBLKSIZE=4096;; +@@ -169,7 +196,12 @@ for ((LOGSECSIZE=MINLOGSECSIZE;LOGSECSIZE<=MAXLOGSECSIZE;LOGSECSIZE=LOGSECSIZE + + MINBLKSIZE=1024 + MAXBLKSIZE=4096;; + esac +- for ((BLKSIZE=MINBLKSIZE;BLKSIZE<=MAXBLKSIZE;BLKSIZE=BLKSTEP?BLKSIZE+BLKSTEP:2*BLKSIZE)); do ++ if test "$BLKSTEP" -eq 0; then ++ blksizes="$(powrange "$MINBLKSIZE" "$MAXBLKSIZE")" ++ else ++ blksizes="$(range "$MINBLKSIZE" "$MAXBLKSIZE" "$BLKSTEP")" ++ fi ++ for BLKSIZE in $blksizes; do + MAXDEVICES=1 + MINDEVICES=1 + export fs +@@ -199,13 +231,11 @@ for ((LOGSECSIZE=MINLOGSECSIZE;LOGSECSIZE<=MAXLOGSECSIZE;LOGSECSIZE=LOGSECSIZE + + MAXDEVICES=7;; + esac + +- for ((NDEVICES=MINDEVICES; NDEVICES <= MAXDEVICES; NDEVICES++)); do ++ for NDEVICES in $(range "$MINDEVICES" "$MAXDEVICES" 1); do + export NDEVICES +- unset FSIMAGES +- for ((i=0; i < NDEVICES; i++)); do +- FSIMAGES[i]="${tempdir}/${fs}_${SECSIZE}_${BLKSIZE}_${NDEVICES}_$i.img" +- done +- export FSIMAGES ++ unset FSIMAGEP ++ FSIMAGEP="${tempdir}/${fs}_${SECSIZE}_${BLKSIZE}_${NDEVICES}_" ++ export FSIMAGEP + unset NEED_IMAGES; + + case x$fs in +@@ -226,11 +256,7 @@ for ((LOGSECSIZE=MINLOGSECSIZE;LOGSECSIZE<=MAXLOGSECSIZE;LOGSECSIZE=LOGSECSIZE + + *) + NEED_IMAGES_N=$NDEVICES;; + esac +- for ((i=0;i < NEED_IMAGES_N; i++)); do +- NEED_IMAGES[i]="${FSIMAGES[i]}"; +- done + export NEED_IMAGES_N +- export NEED_IMAGES + + MNTPOINTRO="${tempdir}/${fs}_ro" + MNTPOINTRW="${tempdir}/${fs}_rw" +@@ -238,20 +264,25 @@ for ((LOGSECSIZE=MINLOGSECSIZE;LOGSECSIZE<=MAXLOGSECSIZE;LOGSECSIZE=LOGSECSIZE + + MOUNTFS="$fs" + MASTER="${tempdir}/master" + FSLABEL="grub_;/testé莭莽茝😁киритi urewfceniuewruevrewnuuireurevueurnievrewfnerfcnevirivinrewvnirewnivrewiuvcrewvnuewvrrrewniuerwreiuviurewiuviurewnuvewnvrenurnunuvrevuurerejiremvreijnvcreivire nverivnreivrevnureiorfnfrvoeoiroireoireoifrefoieroifoireoifoirefoireoifoijfoirereoireoivoioirevoinvoinreoinvnoieoinreoinveoinveoinreoinvoineoinoinoineoinernoiveoinvreoiioewdioewoirvnoireoivfoirewfewoifoijewoijfoijewfoijfewoijoijoijoijoijoijoijfewceniuewruevrewnuuireurevueurnievrewfnerfcnevirivinrewvnirewnivrewiuvcrewvnuewvrrrewniuerwreiuviurewiuviurewnuvewnvrenurnunuvrevuurerejiremvreijnvcreivire nverivnreivrevnureiorfnfrvoeoiroireoireoifrefoieroifoireoifoirefoireoifoijfoirereoireoivoioirevoinvoinreoinvnoieoinreoinveoinveoinreoinvoineoinoinoineoinernoiveoinvreoiioewdioewoirvnoireoivfoirewfewoifoijewoijfoijewfoijfewoijoijoijoijoijoijoijfewrewfceniuewruevrewnuuireurevueurnievrewfnerfcnevirivinrewvnirewnivrewiuvcrewvnuewvrrrewniuerwreiuviurewiuviurewnuvewnvrenurnunuvrevuurerejiremvreijnvcreivire nverivnreivrevnureiorfnfrvoeoiroireoireoifrefoieroifoireoifoirefoireoifoijfoirereoireoivoioirevoinvoinreoinvnoieoinreoinveoinveoinreoinvoineoinoinoineoinernoiveoinvreoiioewdioewoirvnoireoivfoirewfewoifoijewoijfoijewfoijfewoijoijoijoijoijoijoijfewceniuewruevrewnuuireurevueurnievrewfnerfcnevirivinrewvnirewnivrewiuvcrewvnuewvrrrewniuerwreiuviurewiuviurewnuvewnvrenurnunuvrevuurerejiremvreijnvcreivire nverivnreivrevnureiorfnfrvoeoiroireoireoifrefoieroifoireoifoirefoireoifoijfoirereoireoivoioirevoinvoinreoinvnoieoinreoinveoinveoinreoinvoineoinoinoineoinernoiveoinvreoiioewdioewoirvnoireoivfoirewfewoifoijewoijfoijewfoijfewoijoijoijoijoijoijoijfew" +- CFILESN=1 +- if test -f /usr/share/dict/american-english; then +- CFILESSRC[0]="/usr/share/dict/american-english" +- else +- CFILESSRC[0]="/usr/share/dict/linux.words" ++ CFILESRC= ++ for cand in /usr/share/dict/american-english /usr/share/dict/linux.words /data/data/com.termux/files/usr/share/hunspell/en_US.dic; do ++ if test -f "$cand" ; then ++ CFILESRC="$cand" ++ break ++ fi ++ done ++ if test "$CFILESRC" = "" ; then ++ echo "Couldn't find compressible file" >&2 ++ exit 1 + fi + case x"$fs" in + # FS LIMITATION: 8.3 names + xmsdos*) +- CFILES[0]="american.eng";; ++ CFILE="american.eng";; + xiso9660) +- CFILES[0]="american_english";; ++ CFILE="american_english";; + *) +- CFILES[0]="american-english";; ++ CFILE="american-english";; + esac + # OS LIMITATION: Limited by NAME_MAX (usually 255) in GNU/Linux + LONGNAME="qwertzuiopasdfghjklyxcvbnm1234567890qwertzuiopasdfghjklyxcvbnm1234567890oiewqfiewioqoiqoiurqruewqoiuwoieoiiuewqroreqiufieiuwrnureweriuvceoiroiewqoiricdsalkcndsakfirefoiwqeoircorejwoijfreoijojoiewjfwnfcoirenfoirefnreoifenoiwfnoi" +@@ -268,6 +299,10 @@ for ((LOGSECSIZE=MINLOGSECSIZE;LOGSECSIZE<=MAXLOGSECSIZE;LOGSECSIZE=LOGSECSIZE + + x"btrfs"*) + FSLABEL="grub_;/testé莭莽😁киритi urewfceniuewruevrewnuuireurevueurnievrewfnerfcnevirivinrewvnirewnivrewiuvcrewvnuewvrrrewniuerwreiuviurewiuviurewnuvewnvrenurnunuvrevuurerejiremvreijnvcreivire nverivnreivrevnureiorfnfrvoeoiroireoireoifrefoieroifoireoi";; + ++ # FS LIMITATION: f2fs label is at most 512 UTF-16 chars ++ x"f2fs") ++ FSLABEL="grub_;/testé䏌䐓䏕киритiurewfceniuewruewnuuireurevueurnievrewfnerfcnevirivinrewvnirewnivrewiuvcrewvnuewvrrrewniuerwreiuviurewiuviurewnuvewnvrenurnunuvrevuurerejiremvreijnvvcreivire nverivnreivrevnureiorfnfrvoeoiroireoireoifrefoieroifoirvcreivire nverivnreivrevnureiorfnfrvoeoiroireoireoifrefoieroifoircreivire nverivnreivrevnureiorfnfrvoeoiroireoireoifrefoieroifoireoifoiq";; ++ + # FS LIMITATION: exfat is at most 15 UTF-16 chars + x"exfat") + FSLABEL="géт ;/莭莽😁кир";; +@@ -388,8 +423,8 @@ for ((LOGSECSIZE=MINLOGSECSIZE;LOGSECSIZE<=MAXLOGSECSIZE;LOGSECSIZE=LOGSECSIZE + + ;; + x"vfat16" | xmsdos16) + BIGBLOCKCNT=$((25000 * BLKSIZE)) +- if [ $BIGBLOCKCNT -gt $((16#ffffffff)) ]; then +- BIGBLOCKCNT=$((16#ffffffff)) ++ if [ $BIGBLOCKCNT -gt 4294967295 ]; then ++ BIGBLOCKCNT=4294967295 + fi + ;; + x"minix") +@@ -410,7 +445,7 @@ for ((LOGSECSIZE=MINLOGSECSIZE;LOGSECSIZE<=MAXLOGSECSIZE;LOGSECSIZE=LOGSECSIZE + + BIGBLOCKCNT=$((4000 * 1048576));; + # FS LIMITATION: These FS have uint32 as file size field + x"vfat"* | xmsdos* | x"cpio_crc" | x"cpio_newc" | x"cpio_bin" | x"cpio_hpbin" | xsfs*) +- BIGBLOCKCNT=$((16#ffffffff));; ++ BIGBLOCKCNT=4294967295;; + # FS LIMITATION: These FS have int32 as file size field + # FIXME: not so sure about AFFS + # OS LIMITATION: minix2/minix3 could be formatted in a way to permit more. +@@ -477,7 +512,7 @@ for ((LOGSECSIZE=MINLOGSECSIZE;LOGSECSIZE<=MAXLOGSECSIZE;LOGSECSIZE=LOGSECSIZE + + # FIXME: Not sure about BtrFS, NTFS, JFS, AFS, UDF and SFS. Check it. + # FS LIMITATION: as far as I know those FS don't store their last modification date. + x"jfs_caseins" | x"jfs" | x"xfs" | x"xfs_crc" | x"btrfs"* | x"reiserfs_old" | x"reiserfs" \ +- | x"bfs" | x"afs" \ ++ | x"bfs" | x"afs" | x"f2fs" \ + | x"tarfs" | x"cpio_"* | x"minix" | x"minix2" \ + | x"minix3" | x"ntfs"* | x"udf" | x"sfs"*) + NOFSTIME=y;; +@@ -543,18 +578,18 @@ for ((LOGSECSIZE=MINLOGSECSIZE;LOGSECSIZE<=MAXLOGSECSIZE;LOGSECSIZE=LOGSECSIZE + + + PDIR="" + # OS LIMITATION: Limited by PATH_MAX (usually 1024) +- for ((i=0;i /dev/null +- LODEVICES[i]=`losetup -f` +- losetup "${LODEVICES[i]}" "${FSIMAGES[i]}" ++ for i in $(range 0 $((NDEVICES-1)) 1); do ++ dd if=/dev/zero of="$FSIMAGEP${i}.img" count=1 bs=1 seek=$((DISKSIZE-1)) &> /dev/null ++ LODEVICE=$(losetup --find --show "$FSIMAGEP${i}.img") ++ LODEVICES="$LODEVICES $LODEVICE" ++ if test "$i" = 0; then ++ MOUNTDEVICE="$LODEVICE" ++ fi + done ;; + esac + +- MOUNTDEVICE="${LODEVICES[0]}" + case x"$fs" in + x"afs") + ;; + x"btrfs") +- "mkfs.btrfs" -s $SECSIZE -L "$FSLABEL" "${LODEVICES[0]}" ;; ++ "mkfs.btrfs" -s $SECSIZE -L "$FSLABEL" "${MOUNTDEVICE}" ;; + x"btrfs_zlib" | x"btrfs_lzo") +- "mkfs.btrfs" -s $SECSIZE -L "$FSLABEL" "${LODEVICES[0]}" ++ "mkfs.btrfs" -s $SECSIZE -L "$FSLABEL" "${MOUNTDEVICE}" + MOUNTOPTS="compress=${fs/btrfs_/}," + MOUNTFS="btrfs" + ;; + x"btrfs_raid0") +- "mkfs.btrfs" -s $SECSIZE -d raid0 -m raid0 -L "$FSLABEL" "${LODEVICES[@]}" ++ "mkfs.btrfs" -s $SECSIZE -d raid0 -m raid0 -L "$FSLABEL" $LODEVICES + MOUNTFS="btrfs" + ;; + x"btrfs_raid1") +- "mkfs.btrfs" -s $SECSIZE -d raid1 -m raid1 -L "$FSLABEL" "${LODEVICES[@]}" ++ "mkfs.btrfs" -s $SECSIZE -d raid1 -m raid1 -L "$FSLABEL" $LODEVICES + MOUNTFS="btrfs" + ;; + x"btrfs_raid10") +- "mkfs.btrfs" -s $SECSIZE -d raid10 -m raid10 -L "$FSLABEL" "${LODEVICES[@]}" ++ "mkfs.btrfs" -s $SECSIZE -d raid10 -m raid10 -L "$FSLABEL" $LODEVICES + MOUNTFS="btrfs" + ;; + x"btrfs_single") +- "mkfs.btrfs" -s $SECSIZE -d single -L "$FSLABEL" "${LODEVICES[@]}" ++ "mkfs.btrfs" -s $SECSIZE -d single -L "$FSLABEL" $LODEVICES + MOUNTFS="btrfs" + ;; + x"exfat") +- "mkfs.$fs" -s $((BLKSIZE/512)) -n "$FSLABEL" "${LODEVICES[0]}" ++ "mkfs.$fs" -s $((BLKSIZE/512)) -n "$FSLABEL" "${MOUNTDEVICE}" + MOUNTOPTS="iocharset=utf8," + MOUNTFS="exfat-fuse";; + x"minix") +- "mkfs.minix" "${LODEVICES[0]}" ++ "mkfs.minix" "${MOUNTDEVICE}" + ;; + # mkfs.hfs and mkfs.hfsplus don't fill UUID. + x"hfsplus") +- "mkfs.hfsplus" -b $BLKSIZE -v "$FSLABEL" "${LODEVICES[0]}" +- dd if=/dev/urandom of="${LODEVICES[0]}" bs=1 seek=$((16#468)) conv=notrunc count=8 ;; ++ "mkfs.hfsplus" -b $BLKSIZE -v "$FSLABEL" "${MOUNTDEVICE}" ++ dd if=/dev/urandom of="${MOUNTDEVICE}" bs=1 seek=$((16#468)) conv=notrunc count=8 ;; + x"hfsplus_wrap") +- "mkfs.hfsplus" -w -b $BLKSIZE -v "$FSLABEL" "${LODEVICES[0]}" +- dd if=/dev/urandom of="${LODEVICES[0]}" bs=1 seek=$((16#468)) conv=notrunc count=8 ++ "mkfs.hfsplus" -w -b $BLKSIZE -v "$FSLABEL" "${MOUNTDEVICE}" ++ dd if=/dev/urandom of="${MOUNTDEVICE}" bs=1 seek=$((16#468)) conv=notrunc count=8 + MOUNTFS="hfsplus";; + x"hfsplus_casesens") +- "mkfs.hfsplus" -s -b $BLKSIZE -v "$FSLABEL" "${LODEVICES[0]}" +- dd if=/dev/urandom of="${LODEVICES[0]}" bs=1 seek=$((16#468)) conv=notrunc count=8 ++ "mkfs.hfsplus" -s -b $BLKSIZE -v "$FSLABEL" "${MOUNTDEVICE}" ++ dd if=/dev/urandom of="${MOUNTDEVICE}" bs=1 seek=$((16#468)) conv=notrunc count=8 + MOUNTFS="hfsplus";; + x"hfs") +- "mkfs.hfs" -b $BLKSIZE -v "`echo $FSLABEL |recode utf8..macroman`" -h "${LODEVICES[0]}" +- dd if=/dev/urandom of="${LODEVICES[0]}" bs=1 seek=$((16#474)) conv=notrunc count=8 ++ "mkfs.hfs" -b $BLKSIZE -v "`echo $FSLABEL |recode utf8..macroman`" -h "${MOUNTDEVICE}" ++ dd if=/dev/urandom of="${MOUNTDEVICE}" bs=1 seek=$((16#474)) conv=notrunc count=8 + MOUNTOPTS="iocharset=utf8,codepage=macroman," + ;; + x"vfat"*|xmsdos*) +@@ -643,98 +682,98 @@ for ((LOGSECSIZE=MINLOGSECSIZE;LOGSECSIZE<=MAXLOGSECSIZE;LOGSECSIZE=LOGSECSIZE + + else + A= + fi +- "mkfs.vfat" -a $A -S $SECSIZE -s $((BLKSIZE/SECSIZE)) -F "${BITS:0:2}" -n "$FSLABEL" "${FSIMAGES[0]}" ++ "mkfs.vfat" -a $A -S $SECSIZE -s $((BLKSIZE/SECSIZE)) -F "${BITS:0:2}" -n "$FSLABEL" "${MOUNTDEVICE}" + MOUNTOPTS="iocharset=utf8,codepage=437," + MOUNTFS="$(echo "$fs"|sed 's,[0-9]*a\?$,,')";; + x"minix2") +- "mkfs.minix" -v "${LODEVICES[0]}" ++ "mkfs.minix" -v "${MOUNTDEVICE}" + MOUNTFS="minix";; + x"minix3") +- "mkfs.minix" -B $BLKSIZE -3 "${LODEVICES[0]}" ++ "mkfs.minix" -B $BLKSIZE -3 "${MOUNTDEVICE}" + MOUNTFS="minix";; + x"ntfs"*) +- "mkfs.ntfs" -s "$SECSIZE" -c "$BLKSIZE" -L "$FSLABEL" -Q -q "${LODEVICES[0]}" ++ "mkfs.ntfs" -s "$SECSIZE" -c "$BLKSIZE" -L "$FSLABEL" -Q -q "${MOUNTDEVICE}" + MOUNTOPTS="iocharset=utf8,compression," + MOUNTFS="ntfs-3g";; + x"udf") +- "mkudffs" --utf8 -b $BLKSIZE --lvid="$FSLABEL" "${LODEVICES[0]}" ++ "mkudffs" --utf8 -b $BLKSIZE --lvid="$FSLABEL" "${MOUNTDEVICE}" + MOUNTOPTS="iocharset=utf8,bs=$BLKSIZE,";; + x"ufs2") +- "mkfs.ufs" -b $BLKSIZE -L "$FSLABEL" -O 2 "${LODEVICES[0]}" ++ "mkfs.ufs" -b $BLKSIZE -L "$FSLABEL" -O 2 "${MOUNTDEVICE}" + MOUNTOPTS="ufstype=ufs2," + MOUNTFS="ufs";; + x"ufs1") +- "mkfs.ufs" -b $BLKSIZE -L "$FSLABEL" -O 1 "${LODEVICES[0]}" ++ "mkfs.ufs" -b $BLKSIZE -L "$FSLABEL" -O 1 "${MOUNTDEVICE}" + MOUNTOPTS="ufstype=44bsd," + MOUNTFS="ufs";; + x"ufs1_sun") +- "mkfs.ufs" -b $BLKSIZE -L "$FSLABEL" -O 1 "${LODEVICES[0]}" ++ "mkfs.ufs" -b $BLKSIZE -L "$FSLABEL" -O 1 "${MOUNTDEVICE}" + MOUNTOPTS="ufstype=sun," + MOUNTFS="ufs";; + x"zfs") +- "zpool" create -R "$MNTPOINTRW" "$FSLABEL" "${LODEVICES[0]}" ++ "zpool" create -R "$MNTPOINTRW" "$FSLABEL" "${MOUNTDEVICE}" + sleep 1 + "zfs" create "$FSLABEL"/"grub fs" + sleep 1;; + x"zfs_caseins") +- "zpool" create -R "$MNTPOINTRW" "$FSLABEL" "${LODEVICES[0]}" ++ "zpool" create -R "$MNTPOINTRW" "$FSLABEL" "${MOUNTDEVICE}" + sleep 1 + "zfs" create -o casesensitivity=insensitive "$FSLABEL"/"grub fs" + sleep 1;; + x"zfs_lzjb" | xzfs_gzip | xzfs_zle) +- "zpool" create -O compression=${fs/zfs_/} -R "$MNTPOINTRW" "$FSLABEL" "${LODEVICES[0]}" ++ "zpool" create -O compression=${fs/zfs_/} -R "$MNTPOINTRW" "$FSLABEL" "${MOUNTDEVICE}" + sleep 1 + "zfs" create -o compression=${fs/zfs_/} "$FSLABEL"/"grub fs" + sleep 1;; + x"zfs_raidz") +- "zpool" create -R "$MNTPOINTRW" "$FSLABEL" raidz1 "${LODEVICES[@]}" ++ "zpool" create -R "$MNTPOINTRW" "$FSLABEL" raidz1 $LODEVICES + sleep 1 + "zfs" create "$FSLABEL"/"grub fs" + sleep 1;; + x"zfs_raidz2") +- "zpool" create -R "$MNTPOINTRW" "$FSLABEL" raidz2 "${LODEVICES[@]}" ++ "zpool" create -R "$MNTPOINTRW" "$FSLABEL" raidz2 $LODEVICES + sleep 1 + "zfs" create "$FSLABEL"/"grub fs" + sleep 1;; + x"zfs_raidz3") +- "zpool" create -R "$MNTPOINTRW" "$FSLABEL" raidz3 "${LODEVICES[@]}" ++ "zpool" create -R "$MNTPOINTRW" "$FSLABEL" raidz3 $LODEVICES + sleep 1 + "zfs" create "$FSLABEL"/"grub fs" + sleep 1;; + x"zfs_mirror") +- "zpool" create -R "$MNTPOINTRW" "$FSLABEL" mirror "${LODEVICES[@]}" ++ "zpool" create -R "$MNTPOINTRW" "$FSLABEL" mirror $LODEVICES + sleep 1 + "zfs" create "$FSLABEL"/"grub fs" + sleep 1;; + x"zfs_stripe") +- "zpool" create -R "$MNTPOINTRW" "$FSLABEL" "${LODEVICES[@]}" ++ "zpool" create -R "$MNTPOINTRW" "$FSLABEL" $LODEVICES + sleep 1 + "zfs" create "$FSLABEL"/"grub fs" + sleep 1;; + x"tarfs" | x"cpio_"* | x"iso9660" | xjoliet | xrockridge | xrockridge_joliet | x"iso9660_1999" | xjoliet_1999 | xrockridge_1999 | xrockridge_joliet_1999 | x"ziso9660" | x"romfs" | x"squash4_"*) + INSTDEVICE=/dev/null;; + x"reiserfs") +- "mkfs.reiserfs" --format=3.6 -b $BLKSIZE -l "$FSLABEL" -q "${LODEVICES[0]}" ;; ++ "mkfs.reiserfs" --format=3.6 -b $BLKSIZE -l "$FSLABEL" -q "${MOUNTDEVICE}" ;; + x"reiserfs_old") +- "mkfs.reiserfs" --format=3.5 -b $BLKSIZE -l "$FSLABEL" -q "${LODEVICES[0]}" ++ "mkfs.reiserfs" --format=3.5 -b $BLKSIZE -l "$FSLABEL" -q "${MOUNTDEVICE}" + MOUNTFS=reiserfs;; + x"jfs") +- "mkfs.jfs" -L "$FSLABEL" -q "${LODEVICES[0]}" ++ "mkfs.jfs" -L "$FSLABEL" -q "${MOUNTDEVICE}" + MOUNTOPTS="iocharset=utf8,";; + x"jfs_caseins") +- "mkfs.jfs" -O -L "$FSLABEL" -q "${LODEVICES[0]}" ++ "mkfs.jfs" -O -L "$FSLABEL" -q "${MOUNTDEVICE}" + MOUNTFS=jfs + MOUNTOPTS="iocharset=utf8,";; + x"mdraid"*) +- mdadm -C --chunk=$((BLKSIZE/1024)) --force -e "${fs:6:1}.${fs:7:1}" "/dev/md/${fs}_${NDEVICES}" --level="${fs:13}" --raid-devices="$NDEVICES" "${LODEVICES[@]}" ++ mdadm -C --chunk=$((BLKSIZE/1024)) --force -e "${fs:6:1}.${fs:7:1}" "/dev/md/${fs}_${NDEVICES}" --level="${fs:13}" --raid-devices="$NDEVICES" $LODEVICES + MOUNTDEVICE="/dev/md/${fs}_${NDEVICES}" + MOUNTFS=ext2 + "mkfs.ext2" -L "$FSLABEL" -q "${MOUNTDEVICE}" ;; + x"lvm"*) +- for ((i=0;i /dev/null; ++ cp "${CFILESRC}" "$MNTPOINTRW/$OSDIR/${CFILE}" &> /dev/null; + else +- for ((i=0;i<$CFILESN;i++)); do +- cp "${CFILESSRC[i]}" "$MNTPOINTRW/$OSDIR/${CFILES[i]}"; +- done ++ ++ cp "${CFILESRC}" "$MNTPOINTRW/$OSDIR/${CFILE}"; ++ + fi + + if [ x$NOSYMLINK != xy ]; then +@@ -968,48 +1015,48 @@ for ((LOGSECSIZE=MINLOGSECSIZE;LOGSECSIZE<=MAXLOGSECSIZE;LOGSECSIZE=LOGSECSIZE + + sleep 2 + ;; + x"tarfs") +- (cd "$MASTER"; tar cf "${FSIMAGES[0]}" .) ;; ++ (cd "$MASTER"; tar cf "${FSIMAGEP}0.img" .) ;; + x"cpio_"*) +- (cd "$MASTER"; find . | cpio -o -H "${fs/cpio_/}" > "${FSIMAGES[0]}" ) ;; ++ (cd "$MASTER"; find . | cpio -o -H "$(echo ${fs} | sed 's@^cpio_@@')" > "${FSIMAGEP}0.img" ) ;; + x"ziso9660") + FSUUID=$(date -u +%Y-%m-%d-%H-%M-%S-00); +- xorriso -compliance rec_mtime -set_filter_r --zisofs -- -zisofs default -as mkisofs -iso-level 3 -graft-points -R -J -joliet-long -V "$FSLABEL" --modification-date=$(echo ${FSUUID} | sed 's/-//g;') -o "${FSIMAGES[0]}" -- -set_filter_r --zisofs -- -zisofs default -add /="$MASTER" ;; ++ xorriso -compliance rec_mtime -set_filter_r --zisofs -- -zisofs default -as mkisofs -iso-level 3 -graft-points -R -J -joliet-long -V "$FSLABEL" --modification-date=$(echo ${FSUUID} | sed 's/-//g;') -o "${FSIMAGEP}0.img" -- -set_filter_r --zisofs -- -zisofs default -add /="$MASTER" ;; + x"iso9660") + FSUUID=$(date -u +%Y-%m-%d-%H-%M-%S-00); +- xorriso --rockridge off -compliance rec_mtime -as mkisofs -iso-level 3 -graft-points -V "$FSLABEL" --modification-date=$(echo ${FSUUID} | sed 's/-//g;') -o "${FSIMAGES[0]}" /="$MASTER" ;; ++ xorriso --rockridge off -compliance rec_mtime -as mkisofs -iso-level 3 -graft-points -V "$FSLABEL" --modification-date=$(echo ${FSUUID} | sed 's/-//g;') -o "${FSIMAGEP}0.img" /="$MASTER" ;; + x"joliet") + FSUUID=$(date -u +%Y-%m-%d-%H-%M-%S-00); +- xorriso --rockridge off -compliance rec_mtime -as mkisofs -iso-level 3 -graft-points -J -joliet-long -V "$FSLABEL" --modification-date=$(echo ${FSUUID} | sed 's/-//g;') -o "${FSIMAGES[0]}" /="$MASTER" ;; ++ xorriso --rockridge off -compliance rec_mtime -as mkisofs -iso-level 3 -graft-points -J -joliet-long -V "$FSLABEL" --modification-date=$(echo ${FSUUID} | sed 's/-//g;') -o "${FSIMAGEP}0.img" /="$MASTER" ;; + x"rockridge") + FSUUID=$(date -u +%Y-%m-%d-%H-%M-%S-00); +- xorriso --rockridge on -compliance rec_mtime -as mkisofs -iso-level 3 -graft-points -V "$FSLABEL" --modification-date=$(echo ${FSUUID} | sed 's/-//g;') -o "${FSIMAGES[0]}" /="$MASTER" ;; ++ xorriso --rockridge on -compliance rec_mtime -as mkisofs -iso-level 3 -graft-points -V "$FSLABEL" --modification-date=$(echo ${FSUUID} | sed 's/-//g;') -o "${FSIMAGEP}0.img" /="$MASTER" ;; + x"rockridge_joliet") + FSUUID=$(date -u +%Y-%m-%d-%H-%M-%S-00); +- xorriso --rockridge on -compliance rec_mtime -as mkisofs -iso-level 3 -graft-points -J -joliet-long -V "$FSLABEL" --modification-date=$(echo ${FSUUID} | sed 's/-//g;') -o "${FSIMAGES[0]}" /="$MASTER" ;; ++ xorriso --rockridge on -compliance rec_mtime -as mkisofs -iso-level 3 -graft-points -J -joliet-long -V "$FSLABEL" --modification-date=$(echo ${FSUUID} | sed 's/-//g;') -o "${FSIMAGEP}0.img" /="$MASTER" ;; + x"iso9660_1999") + FSUUID=$(date -u +%Y-%m-%d-%H-%M-%S-00); +- xorriso --rockridge off -compliance rec_mtime -as mkisofs -iso-level 4 -graft-points -V "$FSLABEL" --modification-date=$(echo ${FSUUID} | sed 's/-//g;') -o "${FSIMAGES[0]}" /="$MASTER" ;; ++ xorriso --rockridge off -compliance rec_mtime -as mkisofs -iso-level 4 -graft-points -V "$FSLABEL" --modification-date=$(echo ${FSUUID} | sed 's/-//g;') -o "${FSIMAGEP}0.img" /="$MASTER" ;; + x"joliet_1999") + FSUUID=$(date -u +%Y-%m-%d-%H-%M-%S-00); +- xorriso --rockridge off -compliance rec_mtime -as mkisofs -iso-level 4 -graft-points -J -joliet-long -V "$FSLABEL" --modification-date=$(echo ${FSUUID} | sed 's/-//g;') -o "${FSIMAGES[0]}" /="$MASTER" ;; ++ xorriso --rockridge off -compliance rec_mtime -as mkisofs -iso-level 4 -graft-points -J -joliet-long -V "$FSLABEL" --modification-date=$(echo ${FSUUID} | sed 's/-//g;') -o "${FSIMAGEP}0.img" /="$MASTER" ;; + x"rockridge_1999") + FSUUID=$(date -u +%Y-%m-%d-%H-%M-%S-00); +- xorriso --rockridge on -compliance rec_mtime -as mkisofs -iso-level 4 -graft-points -V "$FSLABEL" --modification-date=$(echo ${FSUUID} | sed 's/-//g;') -o "${FSIMAGES[0]}" /="$MASTER" ;; ++ xorriso --rockridge on -compliance rec_mtime -as mkisofs -iso-level 4 -graft-points -V "$FSLABEL" --modification-date=$(echo ${FSUUID} | sed 's/-//g;') -o "${FSIMAGEP}0.img" /="$MASTER" ;; + x"rockridge_joliet_1999") + FSUUID=$(date -u +%Y-%m-%d-%H-%M-%S-00); +- xorriso --rockridge on -compliance rec_mtime -as mkisofs -iso-level 4 -graft-points -J -joliet-long -V "$FSLABEL" --modification-date=$(echo ${FSUUID} | sed 's/-//g;') -o "${FSIMAGES[0]}" /="$MASTER" ;; ++ xorriso --rockridge on -compliance rec_mtime -as mkisofs -iso-level 4 -graft-points -J -joliet-long -V "$FSLABEL" --modification-date=$(echo ${FSUUID} | sed 's/-//g;') -o "${FSIMAGEP}0.img" /="$MASTER" ;; + x"romfs") +- genromfs -V "$FSLABEL" -f "${FSIMAGES[0]}" -d "$MASTER" ;; ++ genromfs -V "$FSLABEL" -f "${FSIMAGEP}0.img" -d "$MASTER" ;; + xsquash4_*) +- echo mksquashfs "$MASTER" "${FSIMAGES[0]}" -always-use-fragments -comp "${fs/squash4_/}" -b $BLKSIZE +- mksquashfs "$MASTER" "${FSIMAGES[0]}" -always-use-fragments -comp "${fs/squash4_/}" -b $BLKSIZE ;; ++ echo mksquashfs "$MASTER" "${FSIMAGEP}0.img" -always-use-fragments -comp "${fs/squash4_/}" -b $BLKSIZE ++ mksquashfs "$MASTER" "${FSIMAGEP}0.img" -always-use-fragments -comp "${fs/squash4_/}" -b $BLKSIZE ;; + x"bfs") + sleep 1 + fusermount -u "$MNTPOINTRW" + ;; + xlvm*) + sleep 1 +- for ((try=0;try < 20; try++)); do ++ for try in $(range 0 20 1); do + if umount "$MNTPOINTRW" ; then + break; + fi +@@ -1021,7 +1068,7 @@ for ((LOGSECSIZE=MINLOGSECSIZE;LOGSECSIZE<=MAXLOGSECSIZE;LOGSECSIZE=LOGSECSIZE + + ;; + xmdraid*) + sleep 1 +- for ((try=0;try < 20; try++)); do ++ for try in $(range 0 20 1); do + if umount "$MNTPOINTRW" ; then + break; + fi +@@ -1033,7 +1080,7 @@ for ((LOGSECSIZE=MINLOGSECSIZE;LOGSECSIZE<=MAXLOGSECSIZE;LOGSECSIZE=LOGSECSIZE + + ;; + *) + sleep 1 +- for ((try=0;try < 20; try++)); do ++ for try in $(range 0 20 1); do + if umount "$MNTPOINTRW" ; then + break; + fi +@@ -1066,7 +1113,7 @@ for ((LOGSECSIZE=MINLOGSECSIZE;LOGSECSIZE<=MAXLOGSECSIZE;LOGSECSIZE=LOGSECSIZE + + sleep 1 + mount -t "$MOUNTFS" "${MOUNTDEVICE}" "$MNTPOINTRO" -o ${MOUNTOPTS}${SELINUXOPTS}ro ;; + xmdraid*) +- mdadm --assemble /dev/md/"${fs}_$NDEVICES" "${LODEVICES[@]}" ++ mdadm --assemble /dev/md/"${fs}_$NDEVICES" $LODEVICES + sleep 1 + mount -t "$MOUNTFS" "${MOUNTDEVICE}" "$MNTPOINTRO" -o ${MOUNTOPTS}${SELINUXOPTS}ro ;; + *) +@@ -1085,7 +1132,7 @@ for ((LOGSECSIZE=MINLOGSECSIZE;LOGSECSIZE<=MAXLOGSECSIZE;LOGSECSIZE=LOGSECSIZE + + else + echo LIST FAIL + echo "$LSROUT" +- TZ=UTC ls --time-style=+%Y%m%d%H%M%S.%N -l "$MNTPOINTRO" ++ TZ=UTC ls -l "$MNTPOINTRO" + exit 1 + fi + +@@ -1094,7 +1141,7 @@ for ((LOGSECSIZE=MINLOGSECSIZE;LOGSECSIZE<=MAXLOGSECSIZE;LOGSECSIZE=LOGSECSIZE + + else + echo NLIST FAIL + echo "$LSROUT" +- TZ=UTC ls --time-style=+%Y%m%d%H%M%S.%N -lA "$MNTPOINTRO" ++ TZ=UTC ls -lA "$MNTPOINTRO" + exit 1 + fi + +@@ -1103,7 +1150,7 @@ for ((LOGSECSIZE=MINLOGSECSIZE;LOGSECSIZE<=MAXLOGSECSIZE;LOGSECSIZE=LOGSECSIZE + + else + echo ILIST FAIL + echo "$LSROUT" +- TZ=UTC ls --time-style=+%Y%m%d%H%M%S.%N -l "$MNTPOINTRO" ++ TZ=UTC ls -l "$MNTPOINTRO" + exit 1 + fi + +@@ -1112,7 +1159,7 @@ for ((LOGSECSIZE=MINLOGSECSIZE;LOGSECSIZE<=MAXLOGSECSIZE;LOGSECSIZE=LOGSECSIZE + + else + echo LONG LIST FAIL + echo "$LSROUT" +- TZ=UTC ls --time-style=+%Y%m%d%H%M%S.%N -l "$MNTPOINTRO" ++ TZ=UTC ls -l "$MNTPOINTRO" + exit 1 + fi + +@@ -1123,7 +1170,7 @@ for ((LOGSECSIZE=MINLOGSECSIZE;LOGSECSIZE<=MAXLOGSECSIZE;LOGSECSIZE=LOGSECSIZE + + else + echo TIME FAIL + echo "$LSROUT" +- TZ=UTC ls --time-style=+%Y%m%d%H%M%S.%N -l "$MNTPOINTRO" ++ TZ=UTC ls -l "$MNTPOINTRO" + exit 1 + fi + +@@ -1133,7 +1180,7 @@ for ((LOGSECSIZE=MINLOGSECSIZE;LOGSECSIZE<=MAXLOGSECSIZE;LOGSECSIZE=LOGSECSIZE + + else + echo LONG TIME FAIL + echo "$LSROUT" +- TZ=UTC ls --time-style=+%Y%m%d%H%M%S.%N -l "$MNTPOINTRO" ++ TZ=UTC ls -l "$MNTPOINTRO" + exit 1 + fi + fi +@@ -1149,7 +1196,7 @@ for ((LOGSECSIZE=MINLOGSECSIZE;LOGSECSIZE<=MAXLOGSECSIZE;LOGSECSIZE=LOGSECSIZE + + else + echo DOT IN ROOTDIR FAIL + echo "$LSROUT" +- TZ=UTC ls --time-style=+%Y%m%d%H%M%S.%N -l "$MNTPOINTRO" ++ TZ=UTC ls -l "$MNTPOINTRO" + exit 1 + fi + +@@ -1163,7 +1210,7 @@ for ((LOGSECSIZE=MINLOGSECSIZE;LOGSECSIZE<=MAXLOGSECSIZE;LOGSECSIZE=LOGSECSIZE + + else + echo DOTDOT IN ROOTDIR FAIL + echo "$LSROUT" +- TZ=UTC ls --time-style=+%Y%m%d%H%M%S.%N -l "$MNTPOINTRO" ++ TZ=UTC ls -l "$MNTPOINTRO" + exit 1 + fi + ;; +@@ -1180,7 +1227,7 @@ for ((LOGSECSIZE=MINLOGSECSIZE;LOGSECSIZE<=MAXLOGSECSIZE;LOGSECSIZE=LOGSECSIZE + + else + echo SLIST FAIL + echo "$LSROUT" +- TZ=UTC ls --time-style=+%Y%m%d%H%M%S.%N -l "$MNTPOINTRO/sdir" ++ TZ=UTC ls -l "$MNTPOINTRO/sdir" + exit 1 + fi + +@@ -1195,7 +1242,7 @@ for ((LOGSECSIZE=MINLOGSECSIZE;LOGSECSIZE<=MAXLOGSECSIZE;LOGSECSIZE=LOGSECSIZE + + else + echo PLIST FAIL + echo "$LSROUT" +- TZ=UTC ls --time-style=+%Y%m%d%H%M%S.%N -l "$MNTPOINTRO/$PDIR" ++ TZ=UTC ls -l "$MNTPOINTRO/$PDIR" + exit 1 + fi + +@@ -1210,7 +1257,7 @@ for ((LOGSECSIZE=MINLOGSECSIZE;LOGSECSIZE<=MAXLOGSECSIZE;LOGSECSIZE=LOGSECSIZE + + else + echo DOT IN SUBDIR FAIL + echo "$LSROUT" +- TZ=UTC ls --time-style=+%Y%m%d%H%M%S.%N -l "$MNTPOINTRO/$OSDIR/sdir" ++ TZ=UTC ls -l "$MNTPOINTRO/$OSDIR/sdir" + exit 1 + fi + +@@ -1225,7 +1272,7 @@ for ((LOGSECSIZE=MINLOGSECSIZE;LOGSECSIZE<=MAXLOGSECSIZE;LOGSECSIZE=LOGSECSIZE + + else + echo DOTDOT IN SUBDIR FAIL + echo "$LSROUT" +- TZ=UTC ls --time-style=+%Y%m%d%H%M%S.%N -l "$MNTPOINTRO/$OSDIR/ssdir" ++ TZ=UTC ls -l "$MNTPOINTRO/$OSDIR/ssdir" + exit 1 + fi + +@@ -1245,8 +1292,8 @@ for ((LOGSECSIZE=MINLOGSECSIZE;LOGSECSIZE<=MAXLOGSECSIZE;LOGSECSIZE=LOGSECSIZE + + case x"$fs" in + x"iso9660" | x"ziso9660" | xrockridge | xjoliet | xrockridge_joliet | x"iso9660_1999" | xrockridge_1999 | xjoliet_1999 | xrockridge_joliet_1999) ;; + x"zfs"*) +- for ((i=0;i /dev/null || echo "$LSOUT" | grep -F 'Last modification time '"$FSTIMEM1" > /dev/null || echo "$LSOUT" | grep -F 'Last modification time '"$FSTIMEM2" || echo "$LSOUT" | grep -F 'Last modification time '"$FSTIMEM3" > /dev/null; then +- : +- else +- echo FSTIME FAIL +- echo "$FSTIME" +- echo "$LSOUT" +- exit 1 ++ if echo "$LSOUT" | grep -F 'Last modification time '"$FSTIME" > /dev/null || echo "$LSOUT" | grep -F 'Last modification time '"$FSTIMEM1" > /dev/null || echo "$LSOUT" | grep -F 'Last modification time '"$FSTIMEM2" || echo "$LSOUT" | grep -F 'Last modification time '"$FSTIMEM3" > /dev/null; then ++ : ++ else ++ echo FSTIME FAIL ++ echo "$FSTIME" ++ echo "$LSOUT" ++ exit 1 ++ fi + fi + + if [ x$NOHARDLINK != xy ]; then +@@ -1410,11 +1457,9 @@ for ((LOGSECSIZE=MINLOGSECSIZE;LOGSECSIZE<=MAXLOGSECSIZE;LOGSECSIZE=LOGSECSIZE + + exit 1 + fi + ok=true +- for ((i=0;i<$CFILESN;i++)); do +- if ! run_grubfstest cmp "$GRUBDIR/${CFILES[i]}" "$MNTPOINTRO/$OSDIR/${CFILES[i]}" ; then +- ok=false; +- fi +- done ++ if ! run_grubfstest cmp "$GRUBDIR/${CFILE}" "$MNTPOINTRO/$OSDIR/${CFILE}" ; then ++ ok=false; ++ fi + if test x$ok = xtrue; then + : + else +@@ -1503,15 +1548,17 @@ for ((LOGSECSIZE=MINLOGSECSIZE;LOGSECSIZE<=MAXLOGSECSIZE;LOGSECSIZE=LOGSECSIZE + + sleep 1 + ;; + esac +- for ((i=0; i < NDEVICES; i++)); do +- case x"$fs" in +- x"tarfs" | x"cpio_"* | x"iso9660" | xrockridge | xjoliet | xrockridge_joliet | x"ziso9660" | x"romfs" | x"squash4_"* | x"iso9660_1999" | xrockridge_1999 | xjoliet_1999 | xrockridge_joliet_1999) ;; +- *) +- while ! losetup -d "${LODEVICES[i]}"; do ++ case x"$fs" in ++ x"tarfs" | x"cpio_"* | x"iso9660" | xrockridge | xjoliet | xrockridge_joliet | x"ziso9660" | x"romfs" | x"squash4_"* | x"iso9660_1999" | xrockridge_1999 | xjoliet_1999 | xrockridge_joliet_1999) ;; ++ *) ++ for lodev in $LODEVICES; do ++ while ! losetup -d "$lodev"; do + sleep 1 +- done;; +- esac +- rm "${FSIMAGES[i]}" ++ done ++ done;; ++ esac ++ for i in $(range 0 $((NDEVICES-1)) 1); do ++ rm "$FSIMAGEP${i}.img" + done + if [ x"$fs" = x"zfs" ]; then + rmdir "$MNTPOINTRW"/"grub fs" || true +diff --git a/tests/util/grub-shell-tester.in b/tests/util/grub-shell-tester.in +index 5adce0a47fe3208e14bbbf4820685d67b43ef9bb..8a87109b15240de9d61f2ac02becfcb5300582f1 100644 +--- a/tests/util/grub-shell-tester.in ++++ b/tests/util/grub-shell-tester.in +@@ -1,4 +1,4 @@ +-#! /bin/sh ++#! @BUILD_SHEBANG@ + set -e + + # Compares GRUB script output with BASH output. +diff --git a/tests/util/grub-shell.in b/tests/util/grub-shell.in +index 814f36c6bd2438b7f9c59f5f4a9777e95b9e38db..d690d6734efb82109f7635c4688b6fc7417a5751 100644 +--- a/tests/util/grub-shell.in ++++ b/tests/util/grub-shell.in +@@ -1,4 +1,4 @@ +-#! /bin/sh ++#! @BUILD_SHEBANG@ + set -e + + # Run GRUB script in a Qemu instance +diff --git a/tests/xfs_test.in b/tests/xfs_test.in +index 3807e2e5c77e244f8b2f0d43ec28b86b3f2f9e9b..03a3513595dc719cd72b4d9b7198f22b338cb588 100644 +--- a/tests/xfs_test.in ++++ b/tests/xfs_test.in +@@ -1,4 +1,4 @@ +-#!/bin/sh ++#!@BUILD_SHEBANG@ + + set -e + +diff --git a/tests/xzcompress_test.in b/tests/xzcompress_test.in +index b2bd999ec071c24205533e50cf51f46ec59a2218..03bfb5e951dd8dfb7ccb15fb6a31dd4aea639df9 100644 +--- a/tests/xzcompress_test.in ++++ b/tests/xzcompress_test.in +@@ -1,4 +1,4 @@ +-#! /bin/sh ++#! @BUILD_SHEBANG@ + # Copyright (C) 2013 Free Software Foundation, Inc. + # + # GRUB is free software: you can redistribute it and/or modify +diff --git a/tests/zfs_test.in b/tests/zfs_test.in +index 047120e47a0e042f0540d6762666edf4cb0b37fb..eee62c10d704ec42b090eba5ac16b4966ff760ad 100644 +--- a/tests/zfs_test.in ++++ b/tests/zfs_test.in +@@ -1,4 +1,4 @@ +-#!/bin/sh ++#!@BUILD_SHEBANG@ + + set -e + +diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in +index f8496d28bdf7f4bcbc2413888330834c1e252a64..33332360eecf954fc2952df944fe171006fc4143 100644 +--- a/util/grub-mkconfig.in ++++ b/util/grub-mkconfig.in +@@ -134,6 +134,7 @@ fi + # Device containing our userland. Typically used for root= parameter. + GRUB_DEVICE="`${grub_probe} --target=device /`" + GRUB_DEVICE_UUID="`${grub_probe} --device ${GRUB_DEVICE} --target=fs_uuid 2> /dev/null`" || true ++GRUB_DEVICE_PARTUUID="`${grub_probe} --device ${GRUB_DEVICE} --target=partuuid 2> /dev/null`" || true + + # Device containing our /boot partition. Usually the same as GRUB_DEVICE. + GRUB_DEVICE_BOOT="`${grub_probe} --target=device /boot`" +@@ -147,6 +148,12 @@ if [ x"$GRUB_FS" = xunknown ]; then + GRUB_FS="$(stat -f --printf=%T / || echo unknown)" + fi + ++# Provide a default set of stock linux early initrd images. ++# Define here so the list can be modified in the sourced config file. ++if [ "x${GRUB_EARLY_INITRD_LINUX_STOCK}" = "x" ]; then ++ GRUB_EARLY_INITRD_LINUX_STOCK="intel-uc.img intel-ucode.img amd-uc.img amd-ucode.img early_ucode.cpio microcode.cpio" ++fi ++ + if test -f ${sysconfdir}/default/grub ; then + . ${sysconfdir}/default/grub + fi +@@ -182,6 +189,7 @@ if [ "x${GRUB_ACTUAL_DEFAULT}" = "xsaved" ] ; then GRUB_ACTUAL_DEFAULT="`"${grub + # override them. + export GRUB_DEVICE \ + GRUB_DEVICE_UUID \ ++ GRUB_DEVICE_PARTUUID \ + GRUB_DEVICE_BOOT \ + GRUB_DEVICE_BOOT_UUID \ + GRUB_FS \ +@@ -211,10 +219,13 @@ export GRUB_DEFAULT \ + GRUB_CMDLINE_NETBSD \ + GRUB_CMDLINE_NETBSD_DEFAULT \ + GRUB_CMDLINE_GNUMACH \ ++ GRUB_EARLY_INITRD_LINUX_CUSTOM \ ++ GRUB_EARLY_INITRD_LINUX_STOCK \ + GRUB_TERMINAL_INPUT \ + GRUB_TERMINAL_OUTPUT \ + GRUB_SERIAL_COMMAND \ + GRUB_DISABLE_LINUX_UUID \ ++ GRUB_DISABLE_LINUX_PARTUUID \ + GRUB_DISABLE_RECOVERY \ + GRUB_VIDEO_BACKEND \ + GRUB_GFXMODE \ +diff --git a/util/grub-mkconfig_lib.in b/util/grub-mkconfig_lib.in +index 60b31caddeb42b5db338897dc18acdc156dd2c22..0f801cab3e4d05efface62c7fcb9b787c69995c3 100644 +--- a/util/grub-mkconfig_lib.in ++++ b/util/grub-mkconfig_lib.in +@@ -188,6 +188,7 @@ grub_file_is_not_garbage () + *.dpkg-*) return 1 ;; # debian dpkg + *.rpmsave|*.rpmnew) return 1 ;; + README*|*/README*) return 1 ;; # documentation ++ *.sig) return 1 ;; # signatures + esac + else + return 1 +diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in +index de9044c7f28611d56358f581ac52ca2d2b7fc982..61ebd7dc714e87aedb167345729f574426d69b77 100644 +--- a/util/grub.d/10_linux.in ++++ b/util/grub.d/10_linux.in +@@ -43,12 +43,22 @@ case ${GRUB_DEVICE} in + ;; + esac + ++# Default to disabling partition uuid support to maintian compatibility with ++# older kernels. ++GRUB_DISABLE_LINUX_PARTUUID=${GRUB_DISABLE_LINUX_PARTUUID-true} ++ + # btrfs may reside on multiple devices. We cannot pass them as value of root= parameter + # and mounting btrfs requires user space scanning, so force UUID in this case. +-if [ "x${GRUB_DEVICE_UUID}" = "x" ] || [ "x${GRUB_DISABLE_LINUX_UUID}" = "xtrue" ] \ +- || ! test -e "/dev/disk/by-uuid/${GRUB_DEVICE_UUID}" \ ++if ( [ "x${GRUB_DEVICE_UUID}" = "x" ] && [ "x${GRUB_DEVICE_PARTUUID}" = "x" ] ) \ ++ || ( [ "x${GRUB_DISABLE_LINUX_UUID}" = "xtrue" ] \ ++ && [ "x${GRUB_DISABLE_LINUX_PARTUUID}" = "xtrue" ] ) \ ++ || ( ! test -e "/dev/disk/by-uuid/${GRUB_DEVICE_UUID}" \ ++ && ! test -e "/dev/disk/by-partuuid/${GRUB_DEVICE_PARTUUID}" ) \ + || ( test -e "${GRUB_DEVICE}" && uses_abstraction "${GRUB_DEVICE}" lvm ); then + LINUX_ROOT_DEVICE=${GRUB_DEVICE} ++elif [ "x${GRUB_DEVICE_UUID}" = "x" ] \ ++ || [ "x${GRUB_DISABLE_LINUX_UUID}" = "xtrue" ]; then ++ LINUX_ROOT_DEVICE=PARTUUID=${GRUB_DEVICE_PARTUUID} + else + LINUX_ROOT_DEVICE=UUID=${GRUB_DEVICE_UUID} + fi +@@ -136,9 +146,13 @@ EOF + if test -n "${initrd}" ; then + # TRANSLATORS: ramdisk isn't identifier. Should be translated. + message="$(gettext_printf "Loading initial ramdisk ...")" ++ initrd_path= ++ for i in ${initrd}; do ++ initrd_path="${initrd_path} ${rel_dirname}/${i}" ++ done + sed "s/^/$submenu_indentation/" << EOF + echo '$(echo "$message" | grub_quote)' +- initrd ${rel_dirname}/${initrd} ++ initrd $(echo $initrd_path) + EOF + fi + sed "s/^/$submenu_indentation/" << EOF +@@ -188,7 +202,15 @@ while [ "x$list" != "x" ] ; do + alt_version=`echo $version | sed -e "s,\.old$,,g"` + linux_root_device_thisversion="${LINUX_ROOT_DEVICE}" + +- initrd= ++ initrd_early= ++ for i in ${GRUB_EARLY_INITRD_LINUX_STOCK} \ ++ ${GRUB_EARLY_INITRD_LINUX_CUSTOM}; do ++ if test -e "${dirname}/${i}" ; then ++ initrd_early="${initrd_early} ${i}" ++ fi ++ done ++ ++ initrd_real= + for i in "initrd.img-${version}" "initrd-${version}.img" "initrd-${version}.gz" \ + "initrd-${version}" "initramfs-${version}.img" \ + "initrd.img-${alt_version}" "initrd-${alt_version}.img" \ +@@ -198,11 +220,22 @@ while [ "x$list" != "x" ] ; do + "initramfs-genkernel-${GENKERNEL_ARCH}-${version}" \ + "initramfs-genkernel-${GENKERNEL_ARCH}-${alt_version}"; do + if test -e "${dirname}/${i}" ; then +- initrd="$i" ++ initrd_real="${i}" + break + fi + done + ++ initrd= ++ if test -n "${initrd_early}" || test -n "${initrd_real}"; then ++ initrd="${initrd_early} ${initrd_real}" ++ ++ initrd_display= ++ for i in ${initrd}; do ++ initrd_display="${initrd_display} ${dirname}/${i}" ++ done ++ gettext_printf "Found initrd image: %s\n" "$(echo $initrd_display)" >&2 ++ fi ++ + config= + for i in "${dirname}/config-${version}" "${dirname}/config-${alt_version}" "/etc/kernels/kernel-config-${version}" ; do + if test -e "${i}" ; then +@@ -216,12 +249,16 @@ while [ "x$list" != "x" ] ; do + initramfs=`grep CONFIG_INITRAMFS_SOURCE= "${config}" | cut -f2 -d= | tr -d \"` + fi + +- if test -n "${initrd}" ; then +- gettext_printf "Found initrd image: %s\n" "${dirname}/${initrd}" >&2 +- elif test -z "${initramfs}" ; then ++ if test -z "${initramfs}" && test -z "${initrd_real}" ; then + # "UUID=" and "ZFS=" magic is parsed by initrd or initramfs. Since there's + # no initrd or builtin initramfs, it can't work here. +- linux_root_device_thisversion=${GRUB_DEVICE} ++ if [ "x${GRUB_DEVICE_PARTUUID}" = "x" ] \ ++ || [ "x${GRUB_DISABLE_LINUX_PARTUUID}" = "xtrue" ]; then ++ ++ linux_root_device_thisversion=${GRUB_DEVICE} ++ else ++ linux_root_device_thisversion=PARTUUID=${GRUB_DEVICE_PARTUUID} ++ fi + fi + + if [ "x$is_top_level" = xtrue ] && [ "x${GRUB_DISABLE_SUBMENU}" != xy ]; then +diff --git a/util/grub.d/20_linux_xen.in b/util/grub.d/20_linux_xen.in +index c48af948d6ecdf672aa341f713912ba15de8f27d..e8143b079dc8bcdf21ec8a763b19a356c863a5e3 100644 +--- a/util/grub.d/20_linux_xen.in ++++ b/util/grub.d/20_linux_xen.in +@@ -43,12 +43,22 @@ case ${GRUB_DEVICE} in + ;; + esac + ++# Default to disabling partition uuid support to maintian compatibility with ++# older kernels. ++GRUB_DISABLE_LINUX_PARTUUID=${GRUB_DISABLE_LINUX_PARTUUID-true} ++ + # btrfs may reside on multiple devices. We cannot pass them as value of root= parameter + # and mounting btrfs requires user space scanning, so force UUID in this case. +-if [ "x${GRUB_DEVICE_UUID}" = "x" ] || [ "x${GRUB_DISABLE_LINUX_UUID}" = "xtrue" ] \ +- || ! test -e "/dev/disk/by-uuid/${GRUB_DEVICE_UUID}" \ ++if ( [ "x${GRUB_DEVICE_UUID}" = "x" ] && [ "x${GRUB_DEVICE_PARTUUID}" = "x" ] ) \ ++ || ( [ "x${GRUB_DISABLE_LINUX_UUID}" = "xtrue" ] \ ++ && [ "x${GRUB_DISABLE_LINUX_PARTUUID}" = "xtrue" ] ) \ ++ || ( ! test -e "/dev/disk/by-uuid/${GRUB_DEVICE_UUID}" \ ++ && ! test -e "/dev/disk/by-partuuid/${GRUB_DEVICE_PARTUUID}" ) \ + || ( test -e "${GRUB_DEVICE}" && uses_abstraction "${GRUB_DEVICE}" lvm ); then + LINUX_ROOT_DEVICE=${GRUB_DEVICE} ++elif [ "x${GRUB_DEVICE_UUID}" = "x" ] \ ++ || [ "x${GRUB_DISABLE_LINUX_UUID}" = "xtrue" ]; then ++ LINUX_ROOT_DEVICE=PARTUUID=${GRUB_DEVICE_PARTUUID} + else + LINUX_ROOT_DEVICE=UUID=${GRUB_DEVICE_UUID} + fi +@@ -122,16 +132,16 @@ linux_entry () + else + xen_rm_opts="no-real-mode edd=off" + fi +- multiboot ${rel_xen_dirname}/${xen_basename} placeholder ${xen_args} \${xen_rm_opts} ++ ${xen_loader} ${rel_xen_dirname}/${xen_basename} placeholder ${xen_args} \${xen_rm_opts} + echo '$(echo "$lmessage" | grub_quote)' +- module ${rel_dirname}/${basename} placeholder root=${linux_root_device_thisversion} ro ${args} ++ ${module_loader} ${rel_dirname}/${basename} placeholder root=${linux_root_device_thisversion} ro ${args} + EOF + if test -n "${initrd}" ; then + # TRANSLATORS: ramdisk isn't identifier. Should be translated. + message="$(gettext_printf "Loading initial ramdisk ...")" + sed "s/^/$submenu_indentation/" << EOF + echo '$(echo "$message" | grub_quote)' +- module --nounzip ${rel_dirname}/${initrd} ++ ${module_loader} --nounzip ${rel_dirname}/${initrd} + EOF + fi + sed "s/^/$submenu_indentation/" << EOF +@@ -206,6 +216,18 @@ while [ "x${xen_list}" != "x" ] ; do + if [ "x$is_top_level" != xtrue ]; then + echo " submenu '$(gettext_printf "Xen hypervisor, version %s" "${xen_version}" | grub_quote)' \$menuentry_id_option 'xen-hypervisor-$xen_version-$boot_device_id' {" + fi ++ if ($grub_file --is-arm64-efi $current_xen); then ++ xen_loader="xen_hypervisor" ++ module_loader="xen_module" ++ else ++ if ($grub_file --is-x86-multiboot2 $current_xen); then ++ xen_loader="multiboot2" ++ module_loader="module2" ++ else ++ xen_loader="multiboot" ++ module_loader="module" ++ fi ++ fi + while [ "x$list" != "x" ] ; do + linux=`version_find_latest $list` + gettext_printf "Found linux image: %s\n" "$linux" >&2 +@@ -234,7 +256,13 @@ while [ "x${xen_list}" != "x" ] ; do + gettext_printf "Found initrd image: %s\n" "${dirname}/${initrd}" >&2 + else + # "UUID=" magic is parsed by initrds. Since there's no initrd, it can't work here. +- linux_root_device_thisversion=${GRUB_DEVICE} ++ if [ "x${GRUB_DEVICE_PARTUUID}" = "x" ] \ ++ || [ "x${GRUB_DISABLE_LINUX_PARTUUID}" = "xtrue" ]; then ++ ++ linux_root_device_thisversion=${GRUB_DEVICE} ++ else ++ linux_root_device_thisversion=PARTUUID=${GRUB_DEVICE_PARTUUID} ++ fi + fi + + if [ "x$is_top_level" = xtrue ] && [ "x${GRUB_DISABLE_SUBMENU}" != xy ]; then diff --git a/SOURCES/sbat.csv.in b/SOURCES/sbat.csv.in new file mode 100755 index 0000000..b338b5f --- /dev/null +++ b/SOURCES/sbat.csv.in @@ -0,0 +1,3 @@ +sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md +grub,3,Free Software Foundation,grub,@@VERSION@@,https//www.gnu.org/software/grub/ +grub.rh,2,Red Hat,grub2,@@VERSION_RELEASE@@,mailto:secalert@redhat.com diff --git a/SOURCES/strtoull_test.c b/SOURCES/strtoull_test.c new file mode 100644 index 0000000..7da615f --- /dev/null +++ b/SOURCES/strtoull_test.c @@ -0,0 +1,63 @@ +/* + * GRUB -- GRand Unified Bootloader + * Copyright (C) 2016 Free Software Foundation, Inc. + * + * GRUB is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * GRUB is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GRUB. If not, see . + */ + +#include +#include + +GRUB_MOD_LICENSE ("GPLv3+"); + +static void +strtoull_testcase (const char *input, int base, unsigned long long expected, + int num_digits, grub_err_t error) +{ + char *output; + unsigned long long value; + grub_errno = 0; + value = grub_strtoull(input, &output, base); + grub_test_assert (grub_errno == error, + "unexpected error. Expected %d, got %d. Input \"%s\"", + error, grub_errno, input); + if (grub_errno) + { + grub_errno = 0; + return; + } + grub_test_assert (input + num_digits == output, + "unexpected number of digits. Expected %d, got %d, input \"%s\"", + num_digits, (int) (output - input), input); + grub_test_assert (value == expected, + "unexpected return value. Expected %llu, got %llu, input \"\%s\"", + expected, value, input); +} + +static void +strtoull_test (void) +{ + strtoull_testcase ("9", 0, 9, 1, GRUB_ERR_NONE); + strtoull_testcase ("0xaa", 0, 0xaa, 4, GRUB_ERR_NONE); + strtoull_testcase ("0xff", 0, 0xff, 4, GRUB_ERR_NONE); + strtoull_testcase ("0", 10, 0, 1, GRUB_ERR_NONE); + strtoull_testcase ("8", 8, 0, 0, GRUB_ERR_BAD_NUMBER); + strtoull_testcase ("38", 8, 3, 1, GRUB_ERR_NONE); + strtoull_testcase ("7", 8, 7, 1, GRUB_ERR_NONE); + strtoull_testcase ("1]", 16, 1, 1, GRUB_ERR_NONE); + strtoull_testcase ("18446744073709551616", 10, 0, 0, GRUB_ERR_OUT_OF_RANGE); +} + + +GRUB_FUNCTIONAL_TEST (strtoull_test, strtoull_test); diff --git a/SPECS/grub2.spec b/SPECS/grub2.spec new file mode 100644 index 0000000..84e53f7 --- /dev/null +++ b/SPECS/grub2.spec @@ -0,0 +1,1645 @@ +%undefine _hardened_build + +%global tarversion 2.02 +%undefine _missing_build_ids_terminate_build +%global _configure_gnuconfig_hack 0 + +Name: grub2 +Epoch: 1 +Version: 2.02 +Release: 156%{?dist} +Summary: Bootloader with support for Linux, Multiboot and more +Group: System Environment/Base +License: GPLv3+ +URL: http://www.gnu.org/software/grub/ +Obsoletes: grub < 1:0.98 +Source0: ftp://alpha.gnu.org/gnu/grub/grub-%{tarversion}.tar.xz +#Source0: ftp://ftp.gnu.org/gnu/grub/grub-%%{tarversion}.tar.xz +Source1: grub.macros +Source2: grub.patches +Source3: release-to-master.patch +Source4: http://unifoundry.com/unifont-5.1.20080820.pcf.gz +Source5: theme.tar.bz2 +Source6: gitignore +Source8: strtoull_test.c +Source9: 20-grub.install +Source12: 99-grub-mkconfig.install +Source13: redhatsecurebootca3.cer +Source14: redhatsecureboot301.cer +Source15: redhatsecurebootca5.cer +Source16: redhatsecureboot502.cer +Source17: redhatsecureboot601.cer +Source18: redhatsecureboot701.cer +Source19: sbat.csv.in + +%include %{SOURCE1} + +%if 0%{with_efi_arch} +%define old_sb_ca %{SOURCE13} +%define old_sb_cer %{SOURCE14} +%define old_sb_key redhatsecureboot301 +%define sb_ca %{SOURCE15} +%define sb_cer %{SOURCE16} +%define sb_key redhatsecureboot502 +%endif + +%ifarch ppc64le +%define old_sb_cer %{SOURCE17} +%define sb_cer %{SOURCE18} +%define sb_key redhatsecureboot702 +%endif + +# generate with do-rebase +%include %{SOURCE2} + +BuildRequires: gcc efi-srpm-macros +BuildRequires: flex bison binutils python3-devel +BuildRequires: ncurses-devel xz-devel bzip2-devel +BuildRequires: freetype-devel libusb-devel +BuildRequires: rpm-devel +BuildRequires: rpm-devel rpm-libs +BuildRequires: autoconf automake autogen device-mapper-devel +BuildRequires: freetype-devel gettext-devel git +BuildRequires: texinfo +BuildRequires: dejavu-sans-fonts +BuildRequires: help2man +# For %%_userunitdir macro +BuildRequires: systemd +%ifarch %{efi_arch} +BuildRequires: pesign >= 0.99-8 +%endif +%if %{?_with_ccache: 1}%{?!_with_ccache: 0} +BuildRequires: ccache +%endif + +ExcludeArch: s390 s390x %{arm} +Obsoletes: %{name} <= %{evr} + +%if 0%{with_legacy_arch} +Requires: %{name}-%{legacy_package_arch} = %{evr} +%else +Requires: %{name}-%{package_arch} = %{evr} +%endif + +%global desc \ +The GRand Unified Bootloader (GRUB) is a highly configurable and \ +customizable bootloader with modular architecture. It supports a rich \ +variety of kernel formats, file systems, computer architectures and \ +hardware devices.\ +%{nil} + +%description +%{desc} + +%package common +Summary: grub2 common layout +Group: System Environment/Base +BuildArch: noarch +Conflicts: grubby < 8.40-13 + +%description common +This package provides some directories which are required by various grub2 +subpackages. + +%package tools +Summary: Support tools for GRUB. +Group: System Environment/Base +Obsoletes: %{name}-tools < %{evr} +Requires: %{name}-common = %{epoch}:%{version}-%{release} +Requires: gettext os-prober which file +Requires(pre): dracut +Requires(post): dracut + +%description tools +%{desc} +This subpackage provides tools for support of all platforms. + +%ifarch x86_64 +%package tools-efi +Summary: Support tools for GRUB. +Group: System Environment/Base +Requires: gettext os-prober which file +Requires: %{name}-common = %{epoch}:%{version}-%{release} +Obsoletes: %{name}-tools < %{evr} + +%description tools-efi +%{desc} +This subpackage provides tools for support of EFI platforms. +%endif + +%package tools-minimal +Summary: Support tools for GRUB. +Group: System Environment/Base +Requires: gettext +Requires: %{name}-common = %{epoch}:%{version}-%{release} +Obsoletes: %{name}-tools < %{evr} + +%description tools-minimal +%{desc} +This subpackage provides tools for support of all platforms. + +%package tools-extra +Summary: Support tools for GRUB. +Group: System Environment/Base +Requires: gettext os-prober which file +Requires: %{name}-tools-minimal = %{epoch}:%{version}-%{release} +Requires: %{name}-common = %{epoch}:%{version}-%{release} +Obsoletes: %{name}-tools < %{evr} + +%description tools-extra +%{desc} +This subpackage provides tools for support of all platforms. + +%if 0%{with_efi_arch} +%{expand:%define_efi_variant %%{package_arch} -o} +%endif +%if 0%{with_alt_efi_arch} +%{expand:%define_efi_variant %%{alt_package_arch}} +%endif +%if 0%{with_legacy_arch} +%{expand:%define_legacy_variant %%{legacy_package_arch}} +%endif + +%prep +%do_common_setup +%if 0%{with_efi_arch} +mkdir grub-%{grubefiarch}-%{tarversion} +grep -A100000 '# stuff "make" creates' .gitignore > grub-%{grubefiarch}-%{tarversion}/.gitignore +cp %{SOURCE4} grub-%{grubefiarch}-%{tarversion}/unifont.pcf.gz +sed -e "s,@@VERSION@@,%{version},g" -e "s,@@VERSION_RELEASE@@,%{version}-%{release},g" \ + %{SOURCE19} > grub-%{grubefiarch}-%{tarversion}/sbat.csv +git add grub-%{grubefiarch}-%{tarversion} +%endif +%if 0%{with_alt_efi_arch} +mkdir grub-%{grubaltefiarch}-%{tarversion} +grep -A100000 '# stuff "make" creates' .gitignore > grub-%{grubaltefiarch}-%{tarversion}/.gitignore +cp %{SOURCE4} grub-%{grubaltefiarch}-%{tarversion}/unifont.pcf.gz +git add grub-%{grubaltefiarch}-%{tarversion} +%endif +%if 0%{with_legacy_arch} +mkdir grub-%{grublegacyarch}-%{tarversion} +grep -A100000 '# stuff "make" creates' .gitignore > grub-%{grublegacyarch}-%{tarversion}/.gitignore +cp %{SOURCE4} grub-%{grublegacyarch}-%{tarversion}/unifont.pcf.gz +git add grub-%{grublegacyarch}-%{tarversion} +%endif +git commit -m "After making subdirs" + +%build +%if 0%{with_efi_arch} +%{expand:%do_primary_efi_build %%{grubefiarch} %%{grubefiname} %%{grubeficdname} %%{_target_platform} %%{efi_target_cflags} %%{efi_host_cflags} %{old_sb_ca} %{old_sb_cer} %{old_sb_key} %{sb_ca} %{sb_cer} %{sb_key}} +%endif +%if 0%{with_alt_efi_arch} +%{expand:%do_alt_efi_build %%{grubaltefiarch} %%{grubaltefiname} %%{grubalteficdname} %%{_alt_target_platform} %%{alt_efi_target_cflags} %%{alt_efi_host_cflags} %{old_sb_ca} %{old_sb_cer} %{old_sb_key} %{sb_ca} %{sb_cer} %{sb_key}} +%endif +%if 0%{with_legacy_arch} +%{expand:%do_legacy_build %%{grublegacyarch}} +%endif +%ifarch ppc64le +%{expand:%do_ieee1275_build_images %%{grublegacyarch} %{grubelfname} %{old_sb_cer} %{sb_cer} %{sb_key}} +%endif +makeinfo --info --no-split -I docs -o docs/grub-dev.info \ + docs/grub-dev.texi +makeinfo --info --no-split -I docs -o docs/grub.info \ + docs/grub.texi +makeinfo --html --no-split -I docs -o docs/grub-dev.html \ + docs/grub-dev.texi +makeinfo --html --no-split -I docs -o docs/grub.html \ + docs/grub.texi + +%install +set -e +rm -fr $RPM_BUILD_ROOT + +%do_common_install +%if 0%{with_efi_arch} +%{expand:%do_efi_install %%{grubefiarch} %%{grubefiname} %%{grubeficdname}} +%endif +%if 0%{with_alt_efi_arch} +%{expand:%do_alt_efi_install %%{grubaltefiarch} %%{grubaltefiname} %%{grubalteficdname}} +%endif +%if 0%{with_legacy_arch} +%{expand:%do_legacy_install %%{grublegacyarch} %%{alt_grub_target_name} 0%{with_efi_arch}} +%endif + +rm -f $RPM_BUILD_ROOT%{_infodir}/dir +ln -s %{name}-set-password ${RPM_BUILD_ROOT}/%{_sbindir}/%{name}-setpassword +echo '.so man8/%{name}-set-password.8' > ${RPM_BUILD_ROOT}/%{_datadir}/man/man8/%{name}-setpassword.8 +%ifnarch x86_64 +rm -vf ${RPM_BUILD_ROOT}/%{_bindir}/%{name}-render-label +rm -vf ${RPM_BUILD_ROOT}/%{_sbindir}/%{name}-bios-setup +rm -vf ${RPM_BUILD_ROOT}/%{_sbindir}/%{name}-macbless +%endif + +%find_lang grub + +# Install kernel-install scripts +install -d -m 0755 %{buildroot}%{_prefix}/lib/kernel/install.d/ +install -D -m 0755 -t %{buildroot}%{_prefix}/lib/kernel/install.d/ %{SOURCE9} +install -D -m 0755 -t %{buildroot}%{_prefix}/lib/kernel/install.d/ %{SOURCE12} +install -d -m 0755 %{buildroot}%{_sysconfdir}/kernel/install.d/ +install -m 0644 /dev/null %{buildroot}%{_sysconfdir}/kernel/install.d/20-grubby.install +install -m 0644 /dev/null %{buildroot}%{_sysconfdir}/kernel/install.d/90-loaderentry.install +# Install systemd user service to set the boot_success flag +install -D -m 0755 -t %{buildroot}%{_userunitdir} \ + docs/grub-boot-success.{timer,service} +install -d -m 0755 %{buildroot}%{_userunitdir}/timers.target.wants +ln -s ../grub-boot-success.timer \ + %{buildroot}%{_userunitdir}/timers.target.wants +# Install systemd system-update unit to set boot_indeterminate for offline-upd +install -D -m 0755 -t %{buildroot}%{_unitdir} docs/grub-boot-indeterminate.service +install -d -m 0755 %{buildroot}%{_unitdir}/system-update.target.wants +ln -s ../grub-boot-indeterminate.service \ + %{buildroot}%{_unitdir}/system-update.target.wants + +# Don't run debuginfo on all the grub modules and whatnot; it just +# rejects them, complains, and slows down extraction. +%global finddebugroot "%{_builddir}/%{?buildsubdir}/debug" + +%global dip RPM_BUILD_ROOT=%{finddebugroot} %{__debug_install_post} +%define __debug_install_post ( \ + mkdir -p %{finddebugroot}/usr \ + mv ${RPM_BUILD_ROOT}/usr/bin %{finddebugroot}/usr/bin \ + mv ${RPM_BUILD_ROOT}/usr/sbin %{finddebugroot}/usr/sbin \ + %{dip} \ + install -m 0755 -d %{buildroot}/usr/lib/ %{buildroot}/usr/src/ \ + cp -al %{finddebugroot}/usr/lib/debug/ \\\ + %{buildroot}/usr/lib/debug/ \ + cp -al %{finddebugroot}/usr/src/debug/ \\\ + %{buildroot}/usr/src/debug/ ) \ + mv %{finddebugroot}/usr/bin %{buildroot}/usr/bin \ + mv %{finddebugroot}/usr/sbin %{buildroot}/usr/sbin \ + %{nil} + +%undefine buildsubdir + +%pre tools +if [ -f /boot/grub2/user.cfg ]; then + if grep -q '^GRUB_PASSWORD=' /boot/grub2/user.cfg ; then + sed -i 's/^GRUB_PASSWORD=/GRUB2_PASSWORD=/' /boot/grub2/user.cfg + fi +elif [ -f %{efi_esp_dir}/user.cfg ]; then + if grep -q '^GRUB_PASSWORD=' %{efi_esp_dir}/user.cfg ; then + sed -i 's/^GRUB_PASSWORD=/GRUB2_PASSWORD=/' \ + %{efi_esp_dir}/user.cfg + fi +elif [ -f /etc/grub.d/01_users ] && \ + grep -q '^password_pbkdf2 root' /etc/grub.d/01_users ; then + if [ -f %{efi_esp_dir}/grub.cfg ]; then + # on EFI we don't get permissions on the file, but + # the directory is protected. + grep '^password_pbkdf2 root' /etc/grub.d/01_users | \ + sed 's/^password_pbkdf2 root \(.*\)$/GRUB2_PASSWORD=\1/' \ + > %{efi_esp_dir}/user.cfg + fi + if [ -f /boot/grub2/grub.cfg ]; then + install -m 0600 /dev/null /boot/grub2/user.cfg + chmod 0600 /boot/grub2/user.cfg + grep '^password_pbkdf2 root' /etc/grub.d/01_users | \ + sed 's/^password_pbkdf2 root \(.*\)$/GRUB2_PASSWORD=\1/' \ + > /boot/grub2/user.cfg + fi +fi + +%post tools +if [ "$1" = 1 ]; then + /sbin/install-info --info-dir=%{_infodir} %{_infodir}/%{name}.info.gz || : + /sbin/install-info --info-dir=%{_infodir} %{_infodir}/%{name}-dev.info.gz || : +fi + +if [ "$1" = 2 ]; then + /sbin/grub2-switch-to-blscfg --backup-suffix=.rpmsave &>/dev/null || : +fi + +%triggerun -- grub2 < 1:1.99-4 +# grub2 < 1.99-4 removed a number of essential files in postun. To fix upgrades +# from the affected grub2 packages, we first back up the files in triggerun and +# later restore them in triggerpostun. +# https://bugzilla.redhat.com/show_bug.cgi?id=735259 + +# Back up the files before uninstalling old grub2 +mkdir -p /boot/grub2.tmp && +mv -f /boot/grub2/*.mod \ + /boot/grub2/*.img \ + /boot/grub2/*.lst \ + /boot/grub2/device.map \ + /boot/grub2.tmp/ || : + +%triggerpostun -- grub2 < 1:1.99-4 +# ... and restore the files. +test ! -f /boot/grub2/device.map && +test -d /boot/grub2.tmp && +mv -f /boot/grub2.tmp/*.mod \ + /boot/grub2.tmp/*.img \ + /boot/grub2.tmp/*.lst \ + /boot/grub2.tmp/device.map \ + /boot/grub2/ && +rm -r /boot/grub2.tmp/ || : + +%preun tools +if [ "$1" = 0 ]; then + /sbin/install-info --delete --info-dir=%{_infodir} %{_infodir}/%{name}.info.gz || : + /sbin/install-info --delete --info-dir=%{_infodir} %{_infodir}/%{name}-dev.info.gz || : +fi + +%files common -f grub.lang +%dir %{_libdir}/grub/ +%dir %{_datarootdir}/grub/ +%dir %{_datarootdir}/grub/themes/ +%exclude %{_datarootdir}/grub/themes/* +%attr(0700,root,root) %dir %{_sysconfdir}/grub.d +%{_prefix}/lib/kernel/install.d/20-grub.install +%{_sysconfdir}/kernel/install.d/20-grubby.install +%{_sysconfdir}/kernel/install.d/90-loaderentry.install +%{_prefix}/lib/kernel/install.d/99-grub-mkconfig.install +%dir %{_datarootdir}/grub +%exclude %{_datarootdir}/grub/* +%dir /boot/%{name} +%dir /boot/%{name}/themes/ +%dir /boot/%{name}/themes/system +%exclude /boot/%{name}/themes/system/* +%attr(0700,root,root) %dir /boot/grub2 +%exclude /boot/grub2/* +%dir %attr(0700,root,root) %{efi_esp_dir} +%exclude %{efi_esp_dir}/* +%license COPYING +%ghost %config(noreplace) %verify(not size mode md5 mtime) /boot/grub2/grubenv +%doc INSTALL +%doc NEWS +%doc README +%doc THANKS +%doc TODO +%doc docs/grub.html +%doc docs/grub-dev.html +%doc docs/font_char_metrics.png + +%files tools-minimal +%{_sbindir}/%{name}-get-kernel-settings +%attr(4755, root, root) %{_sbindir}/%{name}-set-bootflag +%{_sbindir}/%{name}-set-default +%{_sbindir}/%{name}-set*password +%{_bindir}/%{name}-editenv +%{_bindir}/%{name}-mkpasswd-pbkdf2 + +%{_datadir}/man/man3/%{name}-get-kernel-settings* +%{_datadir}/man/man8/%{name}-set-default* +%{_datadir}/man/man8/%{name}-set*password* +%{_datadir}/man/man1/%{name}-editenv* +%{_datadir}/man/man1/%{name}-mkpasswd-* + +%ifarch x86_64 +%files tools-efi +%{_sbindir}/%{name}-macbless +%{_bindir}/%{name}-render-label +%{_datadir}/man/man8/%{name}-macbless* +%{_datadir}/man/man1/%{name}-render-label* +%endif + +%files tools +%attr(0644,root,root) %ghost %config(noreplace) %{_sysconfdir}/default/grub +%config %{_sysconfdir}/grub.d/??_* +%ifarch ppc64 ppc64le +%exclude %{_sysconfdir}/grub.d/10_linux +%else +%exclude %{_sysconfdir}/grub.d/10_linux_bls +%endif +%{_sysconfdir}/grub.d/README +%{_userunitdir}/grub-boot-success.timer +%{_userunitdir}/grub-boot-success.service +%{_userunitdir}/timers.target.wants +%{_unitdir}/grub-boot-indeterminate.service +%{_unitdir}/system-update.target.wants +%{_infodir}/%{name}* +%{_datarootdir}/grub/* +%{_sbindir}/%{name}-install +%exclude %{_datarootdir}/grub/themes +%exclude %{_datarootdir}/grub/*.h +%{_datarootdir}/bash-completion/completions/grub +%{_sbindir}/%{name}-mkconfig +%{_sbindir}/%{name}-switch-to-blscfg +%{_sbindir}/%{name}-probe +%{_sbindir}/%{name}-rpm-sort +%{_sbindir}/%{name}-reboot +%{_bindir}/%{name}-file +%{_bindir}/%{name}-menulst2cfg +%{_bindir}/%{name}-mkimage +%{_bindir}/%{name}-mkrelpath +%{_bindir}/%{name}-script-check +%{_datadir}/man/man?/* + +# exclude man pages from tools-extra +%exclude %{_datadir}/man/man8/%{name}-sparc64-setup* +%exclude %{_datadir}/man/man8/%{name}-install* +%exclude %{_datadir}/man/man1/%{name}-fstest* +%exclude %{_datadir}/man/man1/%{name}-glue-efi* +%exclude %{_datadir}/man/man1/%{name}-kbdcomp* +%exclude %{_datadir}/man/man1/%{name}-mkfont* +%exclude %{_datadir}/man/man1/%{name}-mklayout* +%exclude %{_datadir}/man/man1/%{name}-mknetdir* +%exclude %{_datadir}/man/man1/%{name}-mkrescue* +%exclude %{_datadir}/man/man1/%{name}-mkstandalone* +%exclude %{_datadir}/man/man1/%{name}-syslinux2cfg* + +# exclude man pages from tools-minimal +%exclude %{_datadir}/man/man3/%{name}-get-kernel-settings* +%exclude %{_datadir}/man/man8/%{name}-set-default* +%exclude %{_datadir}/man/man8/%{name}-set*password* +%exclude %{_datadir}/man/man1/%{name}-editenv* +%exclude %{_datadir}/man/man1/%{name}-mkpasswd-* +%exclude %{_datadir}/man/man8/%{name}-macbless* +%exclude %{_datadir}/man/man1/%{name}-render-label* + +%if %{with_legacy_arch} +%{_sbindir}/%{name}-install +%ifarch x86_64 +%{_sbindir}/%{name}-bios-setup +%else +%exclude %{_sbindir}/%{name}-bios-setup +%exclude %{_datadir}/man/man8/%{name}-bios-setup* +%endif +%ifarch %{sparc} +%{_sbindir}/%{name}-sparc64-setup +%else +%exclude %{_sbindir}/%{name}-sparc64-setup +%exclude %{_datadir}/man/man8/%{name}-sparc64-setup* +%endif +%ifarch %{sparc} ppc ppc64 ppc64le +%{_sbindir}/%{name}-ofpathname +%else +%exclude %{_sbindir}/%{name}-ofpathname +%exclude %{_datadir}/man/man8/%{name}-ofpathname* +%endif +%endif + +%files tools-extra +%{_sbindir}/%{name}-sparc64-setup +%{_sbindir}/%{name}-ofpathname +%{_bindir}/%{name}-fstest +%{_bindir}/%{name}-glue-efi +%{_bindir}/%{name}-kbdcomp +%{_bindir}/%{name}-mkfont +%{_bindir}/%{name}-mklayout +%{_bindir}/%{name}-mknetdir +%ifnarch %{sparc} +%{_bindir}/%{name}-mkrescue +%endif +%{_bindir}/%{name}-mkstandalone +%{_bindir}/%{name}-syslinux2cfg +%{_sysconfdir}/sysconfig/grub +%{_datadir}/man/man8/%{name}-sparc64-setup* +%{_datadir}/man/man8/%{name}-install* +%{_datadir}/man/man1/%{name}-fstest* +%{_datadir}/man/man1/%{name}-glue-efi* +%{_datadir}/man/man1/%{name}-kbdcomp* +%{_datadir}/man/man1/%{name}-mkfont* +%{_datadir}/man/man1/%{name}-mklayout* +%{_datadir}/man/man1/%{name}-mknetdir* +%{_datadir}/man/man1/%{name}-mkrescue* +%{_datadir}/man/man1/%{name}-mkstandalone* +%{_datadir}/man/man8/%{name}-ofpathname* +%{_datadir}/man/man1/%{name}-syslinux2cfg* +%exclude %{_datarootdir}/grub/themes/starfield + +%if 0%{with_efi_arch} +%{expand:%define_efi_variant_files %%{package_arch} %%{grubefiname} %%{grubeficdname} %%{grubefiarch} %%{target_cpu_name} %%{grub_target_name}} +%endif +%if 0%{with_alt_efi_arch} +%{expand:%define_efi_variant_files %%{alt_package_arch} %%{grubaltefiname} %%{grubalteficdname} %%{grubaltefiarch} %%{alt_target_cpu_name} %%{alt_grub_target_name}} +%endif +%if 0%{with_legacy_arch} +%{expand:%define_legacy_variant_files %%{legacy_package_arch} %%{grublegacyarch}} +%endif + +%changelog +* Fri Mar 29 2024 MSVSphere Packaging Team - 2.02-156 +- Rebuilt for MSVSphere 8.10 beta + +* Tue Feb 20 2024 Nicolas Frayer - 2.02-156 +- fs/ntfs: OOB write fix +- (CVE-2023-4692) +- Resolves: #RHEL-11566 + +* Thu Feb 8 2024 Nicolas Frayer - 2.06-155 +- grub-set-bootflag: Fix for CVE-2024-1048 +- (CVE-2024-1048) +- Resolves: #RHEL-20746 + +* Mon Nov 27 2023 Nicolas Frayer - 2.02-154 +- Missing install script for previous commit +- Related: #RHEL-4343 + +* Fri Nov 24 2023 Nicolas Frayer - 2.02-153 +- util: Enable default kernel for updates +- Resolves: #RHEL-4343 + +* Fri Oct 20 2023 Nicolas Frayer - 2.02-152 +- kern/ieee1275/init: ppc64: Restrict high memory in presence + of fadump +- Resolves: #RHEL-14283 + +* Mon Aug 28 2023 Nicolas Frayer - 2.02-151 +- util: Regenerate kernelopts if missing on ppc +- Resolves: #2051889 + +* Fri Jun 16 2023 Nicolas Frayer - 2.02-150 +- kern/ieee1275/init: sync vec5 patchset with upstream +- Resolves: #2172111 + +* Wed Jun 14 2023 Nicolas Frayer - 2.02-149 +- efi/http: change uint32_t to uintn_t for grub_efi_http_message_t +- Resolves: #2178388 + +* Mon Feb 06 2023 Robbie Harwood - 2.02-148 +- ppc64le: cas5, take 3 +- Resolves: #2139508 + +* Tue Jan 10 2023 Robbie Harwood - 2.02-147 +- Enable TDX measurement to RTMR register +- Resolves: #1981485 + +* Wed Dec 14 2022 Robbie Harwood - 2.02-146 +- ppc64le: fix lpar cas5 +- Resolves: #2139508 + +* Tue Nov 08 2022 Robbie Harwood - 1:2.02-145 +- Font CVE fixes +- Resolves: CVE-2022-2601 + +* Tue Oct 18 2022 Robbie Harwood - 2.02-144 +- blscfg: don't assume newline at end of cfg +- Resolves: #2121132 + +* Wed Oct 12 2022 Robbie Harwood - 2.02-143 +- x86-efi: Fix an incorrect array size in kernel allocation +- Also merge with 8.7 +- Resolves: #2031288 + +* Thu Aug 25 2022 Robbie Harwood - 2.02-141 +- Implement vec5 for cas negotiation +- Resolves: #2117914 + +* Wed Aug 24 2022 Robbie Harwood - 2.02-140 +- Or two, because I forgot the debug patch +- Resolves: #2118896 + +* Thu Aug 18 2022 Robbie Harwood - 2.02-139 +- Kernel allocator fixups (in one pass) +- Resolves: #2118896 + +* Wed Jul 20 2022 Robbie Harwood - 2.02-138 +- Rotate signing keys on ppc64le +- Resolves: #2074762 + +* Fri Jun 03 2022 Robbie Harwood - 2.02-137 +- CVE fixes for 2022-06-07 +- CVE-2022-28736 CVE-2022-28735 CVE-2022-28734 CVE-2022-28733 +- CVE-2021-3697 CVE-2021-3696 CVE-2021-3695 +- Resolves: #2070687 + +* Mon May 16 2022 Robbie Harwood - 2.02-129 +- ppc64le: Slow boot after LPM +- Resolves: #2070347 + +* Wed May 04 2022 Robbie Harwood - 2.02-127 +- ppc64le: CAS improvements, prefix detection, and vTPM support +- Resolves: #2076795 +- Resolves: #2026568 +- Resolves: #2051331 + +* Wed May 04 2022 Robbie Harwood - 2.02-126 +- Fix rpm verification error on grub.cfg permissions +- Resolves: #2071643 + +* Wed Apr 20 2022 Robbie Harwood - 2.02-125 +- RHEL 8.6.0 import; no code changes +- Resolves: #2062892 + +* Mon Mar 28 2022 Robbie Harwood - 2.02-123 +- Bump for signing + +* Wed Mar 09 2022 Robbie Harwood - 2.02-122 +- Fix initialization on efidisk patch + +* Tue Mar 08 2022 Robbie Harwood - 2.02-121 +- Backport support for loading initrd above 4GB + +* Mon Feb 28 2022 Robbie Harwood - 2.02-120 +- Bump signing +- Resolves: #2032294 + +* Mon Feb 28 2022 Robbie Harwood - 2.02-119 +- Enable connectefi module +- Resolves: #2032294 + +* Fri Feb 25 2022 Robbie Harwood - 2.02-118 +- Fix check on blscfg conditional (mlewando) +- Resolves: #1899903 + +* Thu Feb 24 2022 Robbie Harwood - 2.02-117 +- Once more, for signing +- Resolves: #2048904 + +* Thu Feb 24 2022 Robbie Harwood - 2.02-116 +- Add efidisk/connectefi patches +- Resolves: #2048904 +- Resolves: #2032294 + +* Fri Feb 18 2022 Robbie Harwood - 2.02-115 +- Re-arm GRUB_ENABLE_BLSCFG=false +- Resolves: #1899903 + +* Mon Feb 14 2022 Robbie Harwood - 2.02-114 +- Fix behavior of GRUB_TERMINAL_INPUT=at_keyboard +- Resolves: #2020927 + +* Wed Feb 09 2022 Robbie Harwood - 2.02-113 +- Bump to fix target +- Resolves: #1809246 + +* Wed Feb 09 2022 Robbie Harwood - 2.02-112 +- Fix DHCP proxy efi booting +- Resolves: #1809246 + +* Mon Feb 07 2022 Robbie Harwood - 2.02-111 +- Bump to fix target +- Resolves: #1914575 + +* Mon Feb 07 2022 Robbie Harwood - 2.02-110 +- Don't run grub-boot-success.timer in a nspawn container +- Resolves: #1914575 + +* Mon Feb 07 2022 Robbie Harwood - 2.02-109 +- Drop prelink snippet +- Resolves: #2016269 + +* Wed Feb 02 2022 Robbie Harwood - 2.02-108 +- Bump version to fix build target +- Resolves: #2030359 + +* Wed Feb 02 2022 Robbie Harwood - 2.02-107 +- CVE-2021-3981 (Incorrect read permission in grub.cfg) +- Resolves: #2030359 + +* Thu Aug 19 2021 Javier Martinez Canillas - 2.02-106 +- Fix device discoverability on PowerVM when the prefix is not set (dja) + Related: rhbz#1899864 + +* Thu Jul 22 2021 Javier Martinez Canillas - 2.02-105 +- Discover the device to read the config from as a fallback + Related: rhbz#1899864 + +* Mon Jun 21 2021 Javier Martinez Canillas - 2.02-104 +- 20-grub-install: Create a symvers.gz symbolic link + Resolves: rhbz#1919125 + +* Mon May 17 2021 Javier Martinez Canillas - 2.02-103 +- Fix boot failures in ppc64le caused by storage race condition (diegodo) + Resolves: rhbz#1942152 + +* Tue May 11 2021 Javier Martinez Canillas - 2.02-102 +- Build and sign powerpc-ieee1275 images + Related: rhbz#1899864 + +* Fri Apr 23 2021 Javier Martinez Canillas - 2.02-101 +- Find and claim more memory for ieee1275 (dja) + Related: rhbz#1853410 + +* Fri Apr 23 2021 Javier Martinez Canillas - 2.02-100 +- Sync with the latest content of the rhel-8.4.0 branch + Resolves: rhbz#1952840 + +* Thu Feb 25 2021 Javier Martinez Canillas - 2.02-99 +- Fix bug of grub2-install not checking for the SBAT option + Resolves: CVE-2020-14372 + Resolves: CVE-2020-25632 + Resolves: CVE-2020-25647 + Resolves: CVE-2020-27749 + Resolves: CVE-2020-27779 + Resolves: CVE-2021-20225 + Resolves: CVE-2021-20233 + +* Thu Feb 25 2021 Javier Martinez Canillas - 2.02-98 +- Fix another batch of CVEs + Resolves: CVE-2020-14372 + Resolves: CVE-2020-25632 + Resolves: CVE-2020-25647 + Resolves: CVE-2020-27749 + Resolves: CVE-2020-27779 + Resolves: CVE-2021-20225 + Resolves: CVE-2021-20233 + +* Tue Feb 23 2021 Javier Martinez Canillas - 2.02-97 +- Fix keylayouts module listed twice in GRUB_MODULES variable + +* Tue Feb 23 2021 Javier Martinez Canillas - 2.02-96 +- Fix "Add 'at_keyboard_fallback_set' var to force the set manually" +- Fix a boot failure due patch "ieee1275: claim up to 256MB memory" + +* Tue Jan 26 2021 Javier Martinez Canillas - 2.02-95 +- Add appended signatures support for ppc64le LPAR Secure Boot (daxtens) + Resolves: rhbz#1853410 + +* Wed Jan 20 2021 Renaud Métrich - 2.02-94 +- Add 'at_keyboard_fallback_set' var to force the set manually +- Related: rhbz#1897587 + +* Mon Dec 14 2020 Javier Martinez Canillas - 2.02-93 +- add keylayouts and at_keyboard modules to UEFI Grub2 (rmetrich) + Related: rhbz#1897587 +- at_keyboard: use set 1 when keyboard is in Translate mode (rmetrich) + Resolves: rhbz#1897587 +- add GRUB enhanced debugging features (rmetrich) + Resolves: rhbz#1776249 +- ieee1275: Avoiding many unecessary open/close (diegodo) + Resolves: rhbz#1862632 +- ieee1275: device mapper and fibre channel discovery support (diegodo) + Resolves: rhbz#1873724 + +* Mon Nov 23 2020 Jan Hlavac - 2.02-92 +- grub2-install: disable support for EFI platforms + Resolves: rhbz#1737444 +- Include a few more modules to EFI build needed for LUKS support (javierm) + Related: rhbz#1873725 + +* Mon Nov 16 2020 Javier Martinez Canillas - 2.02-91 +- Fix tps-rpmtest failing due /boot/grub2/grubenv attributes mismatch + Resolves: rhbz#1813959 +- Include in EFI build the modules needed for LUKS support + Resolves: rhbz#1873725 +- Fix keyboards that report IBM PC AT scan codes + Resolves: rhbz#1897587 + +* Mon Aug 31 2020 Javier Martinez Canillas - 2.02-90 +- Roll over TFTP block counter to prevent timeouts with data packets + Resolves: rhbz#1871034 + +* Fri Aug 21 2020 Javier Martinez Canillas - 2.02-89 +- Fix TFTP timeouts when trying to fetch files larger than 65535 KiB + Resolves: rhbz#1871034 + +* Tue Aug 11 2020 Javier Martinez Canillas - 2.02-88 +- Fix a legacy BIOS boot issue when a using config file shared with EFI + Resolves: rhbz#1850193 + +* Mon Jul 27 2020 Peter Jones - 2.02-87 +- Couple more late fixes. + Resolves: CVE-2020-15705 + +* Sun Jul 26 2020 Peter Jones - 2.02-86 +- Couple more late fixes. + Resolves: CVE-2020-10713 + Resolves: CVE-2020-14308 + Resolves: CVE-2020-14309 + Resolves: CVE-2020-14310 + Resolves: CVE-2020-14311 + +* Mon Jul 20 2020 Peter Jones - 2.02-85 +- Fix several CVEs + Resolves: CVE-2020-10713 + Resolves: CVE-2020-14308 + Resolves: CVE-2020-14309 + Resolves: CVE-2020-14310 + Resolves: CVE-2020-14311 + +* Tue May 19 2020 Javier Martinez Canillas - 2.02-84 +- Add fixes for greenboot support + Resolves: rhbz#1832336 + +* Mon May 18 2020 Javier Martinez Canillas - 2.02-83 +- Fix a segfault in grub2-editenv when attempting to shrink a variable + Resolves: rhbz#1761496 + +* Mon Apr 27 2020 Javier Martinez Canillas - 2.02-82 +- Drop "Disable multiboot, multiboot2, and linux16 modules on EFI builds" + Resolves: rhbz#1779480 +- efi/http: Export {fw,http}_path variables to make them global + Resolves: rhbz#1811561 +- efi/http: Enclose literal IPv6 addresses in square brackets +- efi/net: Allow to specify a port number in addresses +- efi/ip4_config: Improve check to detect literal IPv6 addresses +- efi/net: Print a debug message if parsing the address fails + Resolves: rhbz#1811560 +- Set image base address before jumping to the PE/COFF entry point + Resolves: rhbz#1819624 + +* Thu Dec 05 2019 Javier Martinez Canillas - 2.02-81 +- Another fix for blscfg variable expansion support + Related: rhbz#1669252 + +* Thu Nov 28 2019 Javier Martinez Canillas - 2.02-80 +- Fix PRIxGRUB_EFI_STATUS definition + Related: rhbz#1761811 +- TPM: Print messages if measuraments fail as debug instead of error + Resolves: rhbz#1761811 +- unix/platform: Initialize variable to fix grub-install on UEFI system + Resolves: rhbz#1768689 +- blscfg: add a space char when appending fields for variable expansion + Resolves: rhbz#1669252 + +* Fri Nov 22 2019 Javier Martinez Canillas - 2.02-79 +- grub-set-bootflag: Write new env to tmpfile and then rename (hdegoede) + Resolves: CVE-2019-14865 + +* Thu Sep 26 2019 Javier Martinez Canillas - 2.02-77 +- 10_linux_bls: don't add --users option to generated menu entries + Resolves: rhbz#1755815 + +* Fri Aug 09 2019 Javier Martinez Canillas - 2.02-76 +- Include regexp module in EFI builds + Resolves: rhbz#1737670 + +* Wed Jun 19 2019 Javier Martinez Canillas - 2.02-75 +- Fix setting default entry on ppc64le when using OPAL + Resolves: rhbz#1721815 + +* Tue Jun 04 2019 Sergio Durigan Junior - 2.02-74 +- Use '-g' instead of '-g3' when compiling grub2. + Related: rhbz#1653961 + +* Wed May 29 2019 Peter Jones - 2.02-73 +- Rebuild once again to try to get rpmdiff happy. + Related: rhbz#1653961 + +* Mon May 27 2019 Javier Martinez Canillas - 2.02-72 +- Build with the correct target + Related: rhbz#1653961 + +* Fri May 24 2019 Peter Jones - 2.02-71 +- Fix (a fourth time, due to a typo) how LDFLAGS works on non-efi platforms. + Related: rhbz#1653961 + +* Thu May 23 2019 Peter Jones - 2.02-70 +- Fix (once again) how CFLAGS and LDFLAGS propogate the settings for hardened + builds, because rpmdiff doesn't like the current way failing. + Related: rhbz#1653961 + +* Tue May 21 2019 Javier Martinez Canillas - 2.02-69 +- Enable package gating + Resolves: rhbz#1653961 + +* Mon May 20 2019 Javier Martinez Canillas - 2.02-68 +- Avoid grub2-efi package to overwrite existing /boot/grub2/grubenv file + Resolves: rhbz#1680572 +- Try to set -fPIE and friends on libgnu.a (pjones) +- blscfg: fallback to default_kernelopts if BLS option field isn't set + Related: rhbz#1680572 +- Remove bogus load_env after blscfg command in 10_linux + +* Mon Apr 29 2019 Javier Martinez Canillas - 2.02-67 +- Fix failure to request grub.cfg over HTTP + Resolves: rhbz#1490991 + +* Wed Dec 19 2018 Javier Martinez Canillas - 2.02-66 +- Fix grub.cfg-XXX look up when booting over TFTP + Resolves: rhbz#1658500 + +* Mon Dec 17 2018 Peter Jones - 2.02-65 +- Don't build the grub2-efi-ia32-* packages on i686; it causes multilib + errors and we don't ship the result anyway. + Related: rhbz#1637875 + +* Tue Dec 11 2018 Javier Martinez Canillas - 2.02-64 +- Make grub2-mkconfig to honour GRUB_CMDLINE_LINUX in /etc/default/grub + Resolves: rhbz#1637875 +- docs: Stop using polkit / pkexec for grub-boot-success.timer / service + Resolves: rhbz#1655687 + +* Tue Dec 04 2018 Javier Martinez Canillas - 2.02-63 +- BLS files should only be copied by grub-switch-to-blscfg if BLS isn't set + Related: rhbz#1638117 +- Fix get_entry_number() wrongly dereferencing the tail pointer + Resolves: rhbz#1654936 + +* Fri Nov 30 2018 Javier Martinez Canillas - 2.02-62 +- Drop "Be more aggro about actually using the *configured* network device." + Resolves: rhbz#1654388 +- Fix menu entry selection based on title + Resolves: rhbz#1654936 + +* Tue Nov 27 2018 Javier Martinez Canillas - 2.02-61 +- Drop buggy downstream patch "efinet: retransmit if our device is busy" + Resolves: rhbz#1649048 +- Make the menu entry users option argument to be optional + Related: rhbz#1652434 +- 10_linux_bls: add missing menu entries options + Resolves: rhbz#1652434 + +* Wed Nov 21 2018 Javier Martinez Canillas - 2.02-60 +- Remove quotes when reading ID value from /etc/os-release + Related: rhbz#1650706 +- blscfg: expand grub_users before passing to grub_normal_add_menu_entry() + Resolves: rhbz#1650706 + +* Thu Nov 08 2018 Javier Martinez Canillas - 2.02-59 +- Remove installkernel-bls script + Related: rhbz#1647721 + +* Wed Oct 24 2018 Javier Martinez Canillas - 2.02-58 +- Don't unconditionally set default entry when installing debug kernels + Resolves: rhbz#1636346 + +* Fri Oct 19 2018 Peter Jones - 2.02-57 +- Fix menu entry selection based on ID and title + Resolves: rhbz#1640979 + +* Fri Oct 19 2018 Javier Martinez Canillas +- don't set saved_entry on grub2-mkconfig + Resolves: rhbz#1636466 + +* Tue Oct 16 2018 Peter Jones - 2.02-56 +- Rebuild for signing + Resolves: rhbz#1625565 +- blscfg: Make 10_linux_bls sort the same way as well + Related: rhbz#1638103 + +* Mon Oct 15 2018 Peter Jones - 2.02-55 +- blscfg: sort everything with rpm *package* comparison + Related: rhbz#1638103 + +* Thu Oct 11 2018 Peter Jones - 2.02-54 +- kernel-install: Remove existing initramfs if it's older than the kernel + Resolves: rhbz#1638405 +- Update the saved entry correctly after a kernel install + Resolves: rhbz#1638117 + +* Fri Oct 05 2018 Javier Martinez Canillas - 2.02-53 +- Only set kernelopts in grubenv if it wasn't set before + Resolves: rhbz#1636466 + +* Thu Oct 04 2018 Peter Jones - 2.02-52 +- Remove 01_fallback_counting entirely until we can sort its issues out. + Resolves: rhbz#1615954 + +* Thu Oct 04 2018 Javier Martinez Canillas - 2.02-51 +- add 10_linux_bls grub.d snippet to generate menu entries from BLS files + Resolves: rhbz#1636013 +- Fix syntax issues in 01_fallback_counting.in + Resolves: rhbz#1615954 + +* Mon Oct 01 2018 pjones - 1:2.02-50 +- Disable TPM (again) on BIOS; it really does not work reliably. + Resolves: rhbz#1579835 +- Make blscfg module loadable on other grub2 builds + Resolves: rhbz#1633646 +- Include blscfg module on ppc builds + Related: rhbz#1633646 +- Fix rpmdiff complaints about execstack + Related: rhbz#1633646 + +* Mon Sep 24 2018 Peter Jones - 2.02-49 +- Add an installkernel script for BLS configurations + Related: rhbz#1619344 + +* Fri Sep 14 2018 Peter Jones - 2.02-48 +- Go back to forcing all allocations on x86_64 to be 32-bit, as many UEFI + implementations seem to have drivers with DMA issues for addresses + above 4GB. + Resolves: rhbz#1628346 + +* Wed Sep 12 2018 Peter Jones - 2.02-47 +- BLS fixes from the F29 tree + - Use /boot/loader/entries as BLS dir also on EFI systems + - Make 20-grub.install to exit if there is no machine ID set + - More fixes for BLS + Resolves: rhbz#1620954 + +* Mon Aug 27 2018 Peter Jones - 2.02-46 +- Better memory allocation for kernel/initramfs on aarch64 + Resolves: rhbz#1620954 + +* Tue Aug 14 2018 Peter Jones - 2.02-45 +- Fix a typo in /etc/grub.d/01_fallback_counting + Resolves: rhbz#1615954 + +* Thu Aug 09 2018 Peter Jones - 2.02-44 +- Rebased to newer upstream for fedora-29 + +* Thu Aug 09 2018 pjones - 1:2.02-43 +- Rebased to newer upstream for fedora-29 + +* Tue Jul 17 2018 Peter Jones - 2.02-42 +- Fix some minor BLS issues +- Rework the FDT module linking to make aarch64 build and boot right + Resolves: rhbz#1601835 + +* Mon Jul 16 2018 pjones - 2.02-41 +- Pull in newer sb patches that do a better job with config file writing + +* Mon Jul 16 2018 Hans de Goede +- Make the user session automatically set the boot_success grubenv flag +- Make offline-updates increment the boot_indeterminate grubenv variable + +* Fri Jul 13 2018 Peter Jones - 2.02-40 +- Revert broken moduledir fix in this tree as well. + +* Tue Jul 10 2018 pjones - 2.02-39 +- Fix our linuxefi/linux command reunion. + +* Tue Jul 10 2018 pjones - 2.02-38 +- Rebased to newer upstream for RHEL-8 + +* Wed May 16 2018 Peter Jones - 2.02-37 +- Fixups to work with gcc 8 +- Experimental https boot support on UEFI +- XFS fixes for sparse inode support + Resolves: rhbz#1575797 + +* Thu May 10 2018 Javier Martinez Canillas - 2.02-36 +- Use version field to sort BLS entries if id field isn't defined +- Add version field to BLS fragments generated by 20-grub.install + +* Tue Apr 24 2018 Peter Jones - 2.02-35 +- A couple of fixes needed by Fedora Atomic - javierm + +* Mon Apr 23 2018 Peter Jones - 2.02-34 +- Put the os-prober dep back in - we need to change test plans and criteria + before it can go. + Resolves: rhbz#1569411 + +* Wed Apr 11 2018 Peter Jones - 2.02-33 +- Work around some issues with older automake found in CentOS. +- Make multiple initramfs images work in BLS. + +* Wed Apr 11 2018 Javier Martinez Canillas - 2.02-32 +- Make 20-grub.install to generate debug BLS when MAKEDEBUG is set. + +* Fri Apr 06 2018 Peter Jones - 2.02-31 +- Pull in some TPM fixes I missed. + +* Fri Apr 06 2018 Peter Jones - 2.02-30 +- Enable TPM measurements +- Set the default boot entry to the first entry when we're using BLS. + +* Tue Apr 03 2018 Peter Jones - 2.02-29 +- Add grub2-switch-to-blscfg +- Fix for BLS paths on BIOS / non-UEFI (javierm) + +* Fri Mar 09 2018 Javier Martinez Canillas - 2.02-28 +- Install kernel-install scripts. + +* Tue Mar 06 2018 Peter Jones - 2.02-27 +- Build the blscfg module in on EFI builds. + +* Wed Feb 28 2018 Peter Jones - 2.02-26 +- Try to fix things for new compiler madness. + I really don't know why gcc decided __attribute__((packed)) on a "typedef + struct" should imply __attribute__((align (1))) and that it should have a + warning that it does so. The obvious behavior would be to keep the alignment + of the first element unless it's used in another object or type that /also/ + hask the packed attribute. Why should it change the default alignment at + all? +- Merge in the BLS patches Javier and I wrote. +- Attempt to fix pmtimer initialization failures to not be super duper slow. + +* Fri Feb 09 2018 Igor Gnatenko +- Escape macros in %%changelog + +* Tue Jan 23 2018 Peter Jones - 2.02-24 +- Fix a merge error from 2.02-21 that affected kernel loading on Aarch64. + Related: rhbz#1519311 + Related: rhbz#1506704 + Related: rhbz#1502312 + +* Fri Jan 19 2018 Peter Jones - 2.02-23 +- Only nerf annobin, not -fstack-crash-protection. +- Fix a conflict on /boot/efi directory permissions between -cdboot and the + normal bootloader. + +* Thu Jan 18 2018 Peter Jones - 2.02-22 +- Nerf some gcc 7.2.1-6 'features' that cause grub to crash on start. + +* Thu Jan 18 2018 Peter Jones - 2.02-21 +- Fix grub2-efi-modules provides/obsoletes generation + Resolves: rhbz#1506704 +- *Also* build grub-efi-ia32{,-*,!-modules} packages for i686 builds + Resolves: rhbz#1502312 +- Make everything under /boot/efi be mode 0700, since that's what FAT will + show anyway. + +* Wed Jan 17 2018 Peter Jones - 2.02-20 +- Update to newer upstream for F28 +- Pull in patches for Apollo Lake hardware + Resolves: rhbz#1519311 + +* Tue Oct 24 2017 Peter Jones - 2.02-19 +- Handle xen module loading (somewhat) better + Resolves: rhbz#1486002 + +* Wed Sep 20 2017 Peter Jones - 2.02-18 +- Make grub2-efi-aa64 provide grub2 + Resolves: rhbz#1491045 + +* Mon Sep 11 2017 Dennis Gilmore - 2.02-17 +- bump for Obsoletes again + +* Wed Sep 06 2017 Peter Jones - 2.02-16 +- Fix Obsoletes on grub2-pc + +* Wed Aug 30 2017 Petr Šabata - 2.02-15 +- Limit the pattern matching in do_alt_efi_install to files to + unbreak module builds + +* Fri Aug 25 2017 Peter Jones - 2.02-14 +- Revert the /usr/lib/.build-id/ change: + https://fedoraproject.org/wiki/Changes/ParallelInstallableDebuginfo + says (without any particularly convincing reasoning): + The main build-id file should not be in the debuginfo file, but in the + main package (this was always a problem since the package and debuginfo + package installed might not match). If we want to make usr/lib/debug/ a + network resource then we will need to move the symlink to another + location (maybe /usr/lib/.build-id). + So do it that way. Of course it doesn't matter, because exclude gets + ignored due to implementation details. + +* Fri Aug 25 2017 Peter Jones - 2.02-13 +- Add some unconditional Provides: + grub2-efi on grub2-efi-${arch} + grub2-efi-cdboot on grub2-efi-${arch}-cdboot + grub2 on all grub2-${arch} pacakges +- Something is somehow adding /usr/lib/.build-id/... to all the -tools + subpackages, so exclude all that. + +* Thu Aug 24 2017 Peter Jones - 2.02-12 +- Fix arm kernel command line allocation + Resolves: rhbz#1484609 +- Get rid of the temporary extra efi packages hack. + +* Wed Aug 23 2017 Peter Jones - 2.02-11 +- Put grub2-mkimage in -tools, not -tools-extra. +- Fix i686 building +- Fix ppc HFS+ usage due to /boot/efi's presence. + +* Fri Aug 18 2017 Peter Jones - 2.02-10 +- Add the .img files into grub2-pc-modules (and all legacy variants) + +* Wed Aug 16 2017 Peter Jones - 2.02-9 +- Re-work for ia32-efi. + +* Wed Aug 16 2017 pjones - 2.02-8 +- Rebased to newer upstream for fedora-27 + +* Tue Aug 15 2017 Peter Jones - 2.02-7 +- Rebuild again with new fixed rpm. (bug #1480407) + +* Fri Aug 11 2017 Kevin Fenzi - 2.02-6 +- Rebuild again with new fixed rpm. (bug #1480407) + +* Thu Aug 10 2017 Kevin Fenzi - 2.02-5 +- Rebuild for rpm soname bump again. + +* Thu Aug 10 2017 Igor Gnatenko - 2.02-4 +- Rebuilt for RPM soname bump + +* Thu Aug 03 2017 Peter Jones - 2.02-3 +- Rebuild so it gets SB signed correctly. + Related: rhbz#1335533 +- Enable lsefi + +* Mon Jul 24 2017 Michael Cronenworth - 2.02-2 +- Fix symlink to work on both EFI and BIOS machines + Resolves: rhbz#1335533 + +* Mon Jul 10 2017 Peter Jones - 2.02-1 +- Rebased to newer upstream for fedora-27 + +* Wed Feb 01 2017 Stephen Gallagher - 2.02-0.39 +- Add missing %%license macro +- Fix deps that should have moved to -tools but didn't. + +* Thu Dec 08 2016 Peter Jones - 2.02-0.38 +- Fix regexp in power compile flags, and synchronize release number with + other branches. + +* Fri Dec 02 2016 pjones - 1:2.02-0.37 +- Rebased to newer upstream for fedora-26 + +* Thu Dec 01 2016 Peter Jones - 2.02-0.36 +- Update version to .36 because I already built an f25 one named 0.35 + +* Thu Dec 01 2016 pjones - 1:2.02-0.35 +- Rebased to newer upstream for fedora-26 + +* Thu Dec 01 2016 Peter Jones - 2.02-0.34 +- Fix power6 makefile bits for newer autoconf defaults. +- efi/chainloader: fix wrong sanity check in relocate_coff() (Laszlo Ersek) + Resolves: rhbz#1347291 + +* Thu Aug 25 2016 Peter Jones - 2.02-0.34 +- Update to be newer than f24's branch. +- Add grub2-get-kernel-settings + Related: rhbz#1226325 + +* Thu Apr 07 2016 pjones - 1:2.02-0.30 +- Revert 27e66193, which was replaced by upstream's 49426e9fd + Resolves: rhbz#1251600 + +* Thu Apr 07 2016 Peter Jones - 2.02-0.29 +- Fix ppc64 build failure and rebase to newer f24 code. + +* Tue Apr 05 2016 pjones - 1:2.02-0.27 +- Pull TPM updates from mjg59. + Resolves: rhbz#1318067 + +* Tue Mar 08 2016 pjones - 1:2.02-0.27 +- Fix aarch64 build problem. + +* Fri Mar 04 2016 Peter Jones - 2.02-0.26 +- Rebased to newer upstream (grub-2.02-beta3) for fedora-24 + +* Thu Dec 10 2015 Peter Jones - 2.02-0.25 +- Fix security issue when reading username and password + Related: CVE-2015-8370 +- Do a better job of handling GRUB2_PASSWORD + Related: rhbz#1284370 + +* Fri Nov 20 2015 Peter Jones - 2.02-0.24 +- Rebuild without multiboot* modules in the EFI image. + Related: rhbz#1264103 + +* Sat Sep 05 2015 Kalev Lember - 2.02-0.23 +- Rebuilt for librpm soname bump + +* Wed Aug 05 2015 Peter Jones - 2.02-0.21 +- Back out one of the debuginfo generation patches; it doesn't work right on + aarch64 yet. + Resolves: rhbz#1250197 + +* Mon Aug 03 2015 Peter Jones - 2.02-0.20 +- The previous fix was completely not right, so fix it a different way. + Resolves: rhbz#1249668 + +* Fri Jul 31 2015 Peter Jones - 2.02-0.19 +- Fix grub2-mkconfig's sort to put kernels in the right order. + Related: rhbz#1124074 + +* Thu Jul 30 2015 Peter Jones - 2.02-0.18 +- Fix a build failure on aarch64 + +* Wed Jul 22 2015 Peter Jones - 2.02-0.17 +- Don't build hardened (fixes FTBFS) (pbrobinson) +- Reconcile with the current upstream +- Fixes for gcc 5 + +* Tue Apr 28 2015 Peter Jones - 2.02-0.16 +- Make grub2-mkconfig produce the kernel titles we actually want. + Resolves: rhbz#1215839 + +* Sat Feb 21 2015 Till Maas +- Rebuilt for Fedora 23 Change + https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code + +* Mon Jan 05 2015 Peter Jones - 2.02-0.15 +- Bump release to rebuild with Ralf Corsépius's fixes. + +* Sun Jan 04 2015 Ralf Corsépius - 2.02-0.14 +- Move grub2.info/grub2-dev.info install-info scriptlets into *-tools package. +- Use sub-shell in %%__debug_install_post (RHBZ#1168732). +- Cleanup grub2-starfield-theme packaging. + +* Thu Dec 04 2014 Peter Jones - 2.02-0.13 +- Update minilzo to 2.08 for CVE-2014-4607 + Resolves: rhbz#1131793 + +* Thu Nov 13 2014 Peter Jones - 2.02-0.12 +- Make backtrace and usb conditional on !arm +- Make sure gcdaa64.efi is packaged. + Resolves: rhbz#1163481 + +* Fri Nov 07 2014 Peter Jones - 2.02-0.11 +- fix a copy-paste error in patch 0154. + Resolves: rhbz#964828 + +* Mon Oct 27 2014 Peter Jones - 2.02-0.10 +- Try to emit linux16/initrd16 and linuxefi/initrdefi when appropriate + in 30_os-prober. + Resolves: rhbz#1108296 +- If $fw_path doesn't work to find the config file, try $prefix as well + Resolves: rhbz#1148652 + +* Mon Sep 29 2014 Peter Jones - 2.02-0.9 +- Clean up the build a bit to make it faster +- Make grubenv work right on UEFI machines + Related: rhbz#1119943 +- Sort debug and rescue kernels later than normal ones + Related: rhbz#1065360 +- Allow "fallback" to include entries by title as well as number. + Related: rhbz#1026084 +- Fix a segfault on aarch64. +- Load arm with SB enabled if available. +- Add some serial port options to GRUB_MODULES. + +* Tue Aug 19 2014 Peter Jones - 2.02-0.8 +- Add ppc64le support. + Resolves: rhbz#1125540 + +* Thu Jul 24 2014 Peter Jones - 2.02-0.7 +- Enabled syslinuxcfg module. + +* Wed Jul 02 2014 Peter Jones - 2.02-0.6 +- Re-merge RHEL 7 changes and ARM works in progress. + +* Mon Jun 30 2014 Peter Jones - 2.02-0.5 +- Avoid munging raw spaces when we're escaping command line arguments. + Resolves: rhbz#923374 + +* Tue Jun 24 2014 Peter Jones - 2.02-0.4 +- Update to latest upstream. + +* Thu Mar 13 2014 Peter Jones - 2.02-0.3 +- Merge in RHEL 7 changes and ARM works in progress. + +* Mon Jan 06 2014 Peter Jones - 2.02-0.2 +- Update to grub-2.02~beta2 + +* Sat Aug 10 2013 Peter Jones - 2.00-25 +- Last build failed because of a hardware error on the builder. + +* Mon Aug 05 2013 Peter Jones - 2.00-24 +- Fix compiler flags to deal with -fstack-protector-strong + +* Sat Aug 03 2013 Fedora Release Engineering - 1:2.00-24 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Tue Jul 02 2013 Dennis Gilmore - 2.00-23 +- add epoch to obsoletes + +* Fri Jun 21 2013 Peter Jones - 2.00-22 +- Fix linewrapping in edit menu. + Resolves: rhbz #976643 + +* Thu Jun 20 2013 Peter Jones - 2.00-21 +- Fix obsoletes to pull in -starfield-theme subpackage when it should. + +* Fri Jun 14 2013 Peter Jones - 2.00-20 +- Put the theme entirely ento the subpackage where it belongs (#974667) + +* Wed Jun 12 2013 Peter Jones - 2.00-19 +- Rebase to upstream snapshot. +- Fix PPC build error (#967862) +- Fix crash on net_bootp command (#960624) +- Reset colors on ppc when appropriate (#908519) +- Left align "Loading..." messages (#908492) +- Fix probing of SAS disks on PPC (#953954) +- Add support for UEFI OSes returned by os-prober +- Disable "video" mode on PPC for now (#973205) +- Make grub fit better into the boot sequence, visually (#966719) + +* Fri May 10 2013 Matthias Clasen - 2.00-18 +- Move the starfield theme to a subpackage (#962004) +- Don't allow SSE or MMX on UEFI builds (#949761) + +* Wed Apr 24 2013 Peter Jones - 2.00-17.pj0 +- Rebase to upstream snapshot. + +* Thu Apr 04 2013 Peter Jones - 2.00-17 +- Fix booting from drives with 4k sectors on UEFI. +- Move bash completion to new location (#922997) +- Include lvm support for /boot (#906203) + +* Thu Feb 14 2013 Peter Jones - 2.00-16 +- Allow the user to disable submenu generation +- (partially) support BLS-style configuration stanzas. + +* Tue Feb 12 2013 Peter Jones - 2.00-15.pj0 +- Add various config file related changes. + +* Thu Dec 20 2012 Dennis Gilmore - 2.00-15 +- bump nvr + +* Mon Dec 17 2012 Karsten Hopp 2.00-14 +- add bootpath device to the device list (pfsmorigo, #886685) + +* Tue Nov 27 2012 Peter Jones - 2.00-13 +- Add vlan tag support (pfsmorigo, #871563) +- Follow symlinks during PReP installation in grub2-install (pfsmorigo, #874234) +- Improve search paths for config files on network boot (pfsmorigo, #873406) + +* Tue Oct 23 2012 Peter Jones - 2.00-12 +- Don't load modules when grub transitions to "normal" mode on UEFI. + +* Mon Oct 22 2012 Peter Jones - 2.00-11 +- Rebuild with newer pesign so we'll get signed with the final signing keys. + +* Thu Oct 18 2012 Peter Jones - 2.00-10 +- Various PPC fixes. +- Fix crash fetching from http (gustavold, #860834) +- Issue separate dns queries for ipv4 and ipv6 (gustavold, #860829) +- Support IBM CAS reboot (pfsmorigo, #859223) +- Include all modules in the core image on ppc (pfsmorigo, #866559) + +* Mon Oct 01 2012 Peter Jones - 1:2.00-9 +- Work around bug with using "\x20" in linux command line. + Related: rhbz#855849 + +* Thu Sep 20 2012 Peter Jones - 2.00-8 +- Don't error on insmod on UEFI/SB, but also don't do any insmodding. +- Increase device path size for ieee1275 + Resolves: rhbz#857936 +- Make network booting work on ieee1275 machines. + Resolves: rhbz#857936 + +* Wed Sep 05 2012 Matthew Garrett - 2.00-7 +- Add Apple partition map support for EFI + +* Thu Aug 23 2012 David Cantrell - 2.00-6 +- Only require pesign on EFI architectures (#851215) + +* Tue Aug 14 2012 Peter Jones - 2.00-5 +- Work around AHCI firmware bug in efidisk driver. +- Move to newer pesign macros +- Don't allow insmod if we're in secure-boot mode. + +* Wed Aug 08 2012 Peter Jones +- Split module lists for UEFI boot vs UEFI cd images. +- Add raid modules for UEFI image (related: #750794) +- Include a prelink whitelist for binaries that need execstack (#839813) +- Include fix efi memory map fix from upstream (#839363) + +* Wed Aug 08 2012 Peter Jones - 2.00-4 +- Correct grub-mkimage invocation to use efidir RPM macro (jwb) +- Sign with test keys on UEFI systems. +- PPC - Handle device paths with commas correctly. + Related: rhbz#828740 + +* Wed Jul 25 2012 Peter Jones - 2.00-3 +- Add some more code to support Secure Boot, and temporarily disable + some other bits that don't work well enough yet. + Resolves: rhbz#836695 + +* Wed Jul 11 2012 Matthew Garrett - 2.00-2 +- Set a prefix for the image - needed for installer work +- Provide the font in the EFI directory for the same reason + +* Thu Jun 28 2012 Peter Jones - 2.00-1 +- Rebase to grub-2.00 release. + +* Mon Jun 18 2012 Peter Jones - 2.0-0.37.beta6 +- Fix double-free in grub-probe. + +* Wed Jun 06 2012 Peter Jones - 2.0-0.36.beta6 +- Build with patch19 applied. + +* Wed Jun 06 2012 Peter Jones - 2.0-0.35.beta6 +- More ppc fixes. + +* Wed Jun 06 2012 Peter Jones - 2.0-0.34.beta6 +- Add IBM PPC fixes. + +* Mon Jun 04 2012 Peter Jones - 2.0-0.33.beta6 +- Update to beta6. +- Various fixes from mads. + +* Fri May 25 2012 Peter Jones - 2.0-0.32.beta5 +- Revert builddep change for crt1.o; it breaks ppc build. + +* Fri May 25 2012 Peter Jones - 2.0-0.31.beta5 +- Add fwsetup command (pjones) +- More ppc fixes (IBM) + +* Tue May 22 2012 Peter Jones - 2.0-0.30.beta5 +- Fix the /other/ grub2-tools require to include epoch. + +* Mon May 21 2012 Peter Jones - 2.0-0.29.beta5 +- Get rid of efi_uga and efi_gop, favoring all_video instead. + +* Mon May 21 2012 Peter Jones - 2.0-0.28.beta5 +- Name grub.efi something that's arch-appropriate (kiilerix, pjones) +- use EFI/$SOMETHING_DISTRO_BASED/ not always EFI/redhat/grub2-efi/ . +- move common stuff to -tools (kiilerix) +- spec file cleanups (kiilerix) + +* Mon May 14 2012 Peter Jones - 2.0-0.27.beta5 +- Fix module trampolining on ppc (benh) + +* Thu May 10 2012 Peter Jones - 2.0-0.27.beta5 +- Fix license of theme (mizmo) + Resolves: rhbz#820713 +- Fix some PPC bootloader detection IBM problem + Resolves: rhbz#820722 + +* Thu May 10 2012 Peter Jones - 2.0-0.26.beta5 +- Update to beta5. +- Update how efi building works (kiilerix) +- Fix theme support to bring in fonts correctly (kiilerix, pjones) + +* Wed May 09 2012 Peter Jones - 2.0-0.25.beta4 +- Include theme support (mizmo) +- Include locale support (kiilerix) +- Include html docs (kiilerix) + +* Thu Apr 26 2012 Peter Jones - 2.0-0.24 +- Various fixes from Mads Kiilerich + +* Thu Apr 19 2012 Peter Jones - 2.0-0.23 +- Update to 2.00~beta4 +- Make fonts work so we can do graphics reasonably + +* Thu Mar 29 2012 David Aquilina - 2.0-0.22 +- Fix ieee1275 platform define for ppc + +* Thu Mar 29 2012 Peter Jones - 2.0-0.21 +- Remove ppc excludearch lines (dwa) +- Update ppc terminfo patch (hamzy) + +* Wed Mar 28 2012 Peter Jones - 2.0-0.20 +- Fix ppc64 vs ppc exclude according to what dwa tells me they need +- Fix version number to better match policy. + +* Tue Mar 27 2012 Dan Horák - 1.99-19.2 +- Add support for serial terminal consoles on PPC by Mark Hamzy + +* Sun Mar 25 2012 Dan Horák - 1.99-19.1 +- Use Fix-tests-of-zeroed-partition patch by Mark Hamzy + +* Thu Mar 15 2012 Peter Jones - 1.99-19 +- Use --with-grubdir= on configure to make it behave like -17 did. + +* Wed Mar 14 2012 Peter Jones - 1.99-18 +- Rebase from 1.99 to 2.00~beta2 + +* Wed Mar 07 2012 Peter Jones - 1.99-17 +- Update for newer autotools and gcc 4.7.0 + Related: rhbz#782144 +- Add /etc/sysconfig/grub link to /etc/default/grub + Resolves: rhbz#800152 +- ExcludeArch s390*, which is not supported by this package. + Resolves: rhbz#758333 + +* Fri Feb 17 2012 Orion Poplawski - 1:1.99-16 +- Build with -Os (bug 782144) + +* Fri Jan 13 2012 Fedora Release Engineering - 1:1.99-15 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Wed Dec 14 2011 Matthew Garrett - 1.99-14 +- fix up various grub2-efi issues + +* Thu Dec 08 2011 Adam Williamson - 1.99-13 +- fix hardwired call to grub-probe in 30_os-prober (rhbz#737203) + +* Mon Nov 07 2011 Peter Jones - 1.99-12 +- Lots of .spec fixes from Mads Kiilerich: + Remove comment about update-grub - it isn't run in any scriptlets + patch info pages so they can be installed and removed correctly when renamed + fix references to grub/grub2 renames in info pages (#743964) + update README.Fedora (#734090) + fix comments for the hack for upgrading from grub2 < 1.99-4 + fix sed syntax error preventing use of $RPM_OPT_FLAGS (#704820) + make /etc/grub2*.cfg %%config(noreplace) + make grub.cfg %%ghost - an empty file is of no use anyway + create /etc/default/grub more like anaconda would create it (#678453) + don't create rescue entries by default - grubby will not maintain them anyway + set GRUB_SAVEDEFAULT=true so saved defaults works (rbhz#732058) + grub2-efi should have its own bash completion + don't set gfxpayload in efi mode - backport upstream r3402 +- Handle dmraid better. Resolves: rhbz#742226 + +* Wed Oct 26 2011 Fedora Release Engineering - 1:1.99-11 +- Rebuilt for glibc bug#747377 + +* Wed Oct 19 2011 Adam Williamson - 1.99-10 +- /etc/default/grub is explicitly intended for user customization, so + mark it as config(noreplace) + +* Tue Oct 11 2011 Peter Jones - 1.99-9 +- grub has an epoch, so we need that expressed in the obsolete as well. + Today isn't my day. + +* Tue Oct 11 2011 Peter Jones - 1.99-8 +- Fix my bad obsoletes syntax. + +* Thu Oct 06 2011 Peter Jones - 1.99-7 +- Obsolete grub + Resolves: rhbz#743381 + +* Wed Sep 14 2011 Peter Jones - 1.99-6 +- Use mv not cp to try to avoid moving disk blocks around for -5 fix + Related: rhbz#735259 +- handle initramfs on xen better (patch from Marko Ristola) + Resolves: rhbz#728775 + +* Sat Sep 03 2011 Kalev Lember - 1.99-5 +- Fix upgrades from grub2 < 1.99-4 (#735259) + +* Fri Sep 02 2011 Peter Jones - 1.99-4 +- Don't do sysadminny things in %%preun or %%post ever. (#735259) +- Actually include the changelog in this build (sorry about -3) + +* Thu Sep 01 2011 Peter Jones - 1.99-2 +- Require os-prober (#678456) (patch from Elad Alfassa) +- Require which (#734959) (patch from Elad Alfassa) + +* Thu Sep 01 2011 Peter Jones - 1.99-1 +- Update to grub-1.99 final. +- Fix crt1.o require on x86-64 (fix from Mads Kiilerich) +- Various CFLAGS fixes (from Mads Kiilerich) + - -fexceptions and -m64 +- Temporarily ignore translations (from Mads Kiilerich) + +* Thu Jul 21 2011 Peter Jones - 1.99-0.3 +- Use /sbin not /usr/sbin . + +* Thu Jun 23 2011 Peter Lemenkov - 1:1.99-0.2 +- Fixes for ppc and ppc64 + +* Wed Feb 09 2011 Fedora Release Engineering - 1:1.98-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild