Re: Verifier running out of memory on ieee1275/powerpc64

2020-03-20 Thread Eric Snowberg 

> On Mar 19, 2020, at 10:37 AM, Stefan Berger  wrote:
> 
> On 3/18/20 6:17 PM, Simon Hardy wrote:
 I was wondering whether it would not be possible to load the raw file
 into memory, pass it to the firmware for hashing (and logging) via the
 verifier, and if we do not trust that the firmware treated the file data
 as a read-only array, load the file again into the same array right
 after. This way we wouldn't need more memory. [*] However, I am not sure
 how it fits into the architecture with the verifiers or whether the TPM
 verifier would have to take on a special role (possibly with a flag)
 then.
 
 You didn't pick up on the idea of a bigger heap. Is there a problem with
 the heap size somehow? My machine has GBs of memory, so it really
 shouldn't be a problem to get memory.
>>> I think that's the problem to solve, at least for this platform, since none
>>> of the verifiers will work due to the memory exhaustion issue.
>> Increasing the heap size may be the easiest way for you to solve this
>> problem. I am not so familiar with the issues around doing this, but I
>> have seen recent discussion on this list.
> 
> I found the lsmmap command and it shows me some impressive memory ranges to 
> be known:
> 
> base_addr = 0x4000, length = 0x17c000, available RAM
> 
> base_addr = 0x1f, length = 0x1, available RAM
> 
> base_addr = 0x21, length = 0x1, available RAM
> 
> base_addr = 0x200, length = 0x7bbf, available RAM
> 
> base_addr = 0x7feff, length = 0x1, available RAM
> 
> base_addr = 0x800903dc, length = 0x7ff6fc24, available RAM
> 
> There's more than needed memory here. It doesn't seem to be available for 
> grub_malloc, though.

On SPARC, I thought the code was never written to claim memory in different 
regions.
Does that same problem exist on PPC?

I ran into a lot of memory corruption problems with ofdisk.  I don’t know if 
this
will solve your problem, but you could try this patch:

https://lists.gnu.org/archive/html/grub-devel/2016-06/msg00035.html

I couldn’t get any new ieee1275 code to work without it.


___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel

Re: are posix-shell-compliant continuation lines valid/supported, or not, in /etc/default/grub ?

2020-03-20 Thread PGNet Dev 
On 3/19/20 8:17 PM, PGNet Dev wrote:
> On 3/19/20 8:04 PM, Eli Schwartz wrote:
>> On 3/19/20 10:02 PM, Dimitri John Ledkov wrote:
>>> I hope you do understand that it
>>> is intended for all of the Ubuntu installer & upgrade integrations to keep
>>> valid configs compatible.

For anyone similarly interested, it looks like Ubu 18 *LTS* will NOT be getting 
a fast fix for 'this' Posix support for a bit, if at all, as it remains a ... 
"highly unusual configuration".

  https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1868138/comments/8

"So given that 8.13 is affected - which was released a year ago, and it's a 
highly unusual configuration, this is not in need of an urgent hotfix."

::facepalm::



Eli, your admonition to consider a more 'stable' option moves to the front of 
the line.  Migrations to Grub + Arch & OpenSUSE spinning up today.

Thx for the comments folks.

___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel

Re: disk/mdraid1x_linux.c:181:15: warning: array subscript ...

2020-03-20 Thread Thomas Schmitt 
Hi,

Paul Menzel wrote:
>   181 |  (char *) _roles[grub_le_to_cpu32 (sb.dev_number)]
>98 |   grub_uint16_t dev_roles[]; /* Role in array, or 0x for a
>   127 |   struct grub_raid_super_1x sb;
> [...]
> Normally, it should be fixed by using `grub_uint16_t[]` instead of
> `grub_uint16_t[0]`, but I haven’t found out where yet.

I rather propose to consider this untested and not properly styled
change:

--- grub-core/disk/mdraid1x_linux.c 2018-09-05 11:41:09.690721520 +0200
+++ grub-core/disk/mdraid1x_linux.c.ts  2020-03-20 13:57:21.159675792 +0100
@@ -178,8 +178,9 @@ grub_mdraid_detect (grub_disk_t disk,
return NULL;

   if (grub_disk_read (disk, sector,
- (char *) _roles[grub_le_to_cpu32 
(sb.dev_number)]
- - (char *) ,
+ ((char *) _roles - (char *) sb)
+ + grub_le_to_cpu32 (sb.dev_number) * 
sizeof(grub_uint16_t),
  sizeof (role), ))
return NULL;


Reasoning:

I see
  grub_uint16_t dev_roles[0];
in
  
http://git.savannah.gnu.org/cgit/grub.git/tree/grub-core/disk/mdraid1x_linux.c#n98
It's a gcc extension.
  https://www.gnu.org/software/gnu-c-manual/gnu-c-manual.html#Declaring-Arrays
  "As a GNU extension, the number of elements can be as small as zero.
   Zero-length arrays are useful as the last element of a structure which
   is really a header for a variable-length object"

So isn't the problem rather about the allocation of the struct which
hosts .dev_roles ?
Currently there is in mdraid1x_linux.c:

  struct grub_raid_super_1x
  {
...
grub_uint16_t dev_roles[0];   /* Role in array, or 0x for a spare, or 
0xfffe for faulty.  */
  };

  ...

  static struct grub_diskfilter_vg *
  grub_mdraid_detect (grub_disk_t disk, ...
...
  struct grub_raid_super_1x sb;

The allocation as local variable does not appear to provide this extra
memory storage, which shall host the array members of dev_roles.
I fail to see how sb could get enlarged later. The stack neighbors of sb
do not look like they would provide their storage for an array.

Now why didn't this fail earlier ?
That's because the bad array index use is not for memory access but for
pointer arithmetics:

 
http://git.savannah.gnu.org/cgit/grub.git/tree/grub-core/disk/mdraid1x_linux.c#n180

 if (grub_disk_read (disk, sector,
  (char *) _roles[grub_le_to_cpu32 (sb.dev_number)]
   - (char *) ,
  sizeof (role), ))

The code wants a number which shall be used as parameter grub_off_t offset
of grub_disk_read() (in grub-core/kern/disk.c).

I think that the following expression produces the same number without
virtual access to a virtual array member:

 (char *) _roles - (char *) sb
 + grub_le_to_cpu32 (sb.dev_number) * sizeof(grub_uint16_t)


Have a nice day :)

Thomas


___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel

disk/mdraid1x_linux.c:181:15: warning: array subscript is outside array bounds of ‘grub_uint16_t[0]’ {aka ‘short unsigned int[0]’} [-Warray-bounds]

2020-03-20 Thread Paul Menzel 

Dear GRUB folks,


Using Debian Sid/unstable with

gcc (Debian 10-20200312-2) 10.0.1 20200312 (experimental) [master 
revision c56871dd15a:7ba6e7f0f21:daf2852b883762d921361462dad1f99320faca2a]


building GRUB fails with the error below due to treating warnings as errors.


gcc -DHAVE_CONFIG_H -I. -I..  -Wall -W  -DGRUB_MACHINE_EFI=1 -DGRUB_MACHINE=X86_64_EFI 
-m64 -nostdinc -isystem /usr/lib/gcc/x86_64-linux-gnu/10/include -I../include 
-I../include -DGRUB_FILE=\"disk/mdraid1x_linux.c\" -I. -I. -I.. -I.. 
-I../include -I../include -I../grub-core/lib/libgcrypt-grub/src/
-D_FILE_OFFSET_BITS=64 -Os -m64 -Wall -W -Wshadow -Wpointer-arith -Wundef 
-Wchar-subscripts -Wcomment -Wdeprecated-declarations -Wdisabled-optimization 
-Wdiv-by-zero -Wfloat-equal -Wformat-extra-args -Wformat-security -Wformat-y2k -Wimplicit 
-Wimplicit-function-declaration -Wimplicit-int -Wmain -Wmissing-braces 
-Wmissing-format-attribute -Wmultichar -Wparentheses -Wreturn-type -Wsequence-point 
-Wshadow -Wsign-compare -Wswitch -Wtrigraphs -Wunknown-pragmas -Wunused -Wunused-function 
-Wunused-label -Wunused-parameter -Wunused-value  -Wunused-variable -Wwrite-strings 
-Wnested-externs -Wstrict-prototypes -g -Wredundant-decls -Wmissing-prototypes 
-Wmissing-declarations  -Wextra -Wattributes -Wendif-labels -Winit-self 
-Wint-to-pointer-cast -Winvalid-pch -Wmissing-field-initializers -Wnonnull -Woverflow 
-Wvla -Wpointer-to-int-cast -Wstrict-aliasing -Wvariadic-macros -Wvolatile-register-var 
-Wpointer-sign -Wmissing-include-dirs -Wmissing-prototypes -Wmissing-declarations 
-Wformat=2 -freg-struct-return -mno-mmx -mno-sse -mno-sse2 -mno-sse3 -mno-3dnow 
-msoft-float -fno-dwarf2-cfi-asm -mno-stack-arg-probe -fno-asynchronous-unwind-tables 
-fno-unwind-tables -fno-ident -mcmodel=large -mno-red-zone -fno-PIE -fno-pie 
-fno-stack-protector -Wtrampolines   -ffreestanding   -MT 
disk/mdraid1x_module-mdraid1x_linux.o -MD -MP -MF 
disk/.deps-core/mdraid1x_module-mdraid1x_linux.Tpo -c -o 
disk/mdraid1x_module-mdraid1x_linux.o `test -f 'disk/mdraid1x_linux.c' || echo 
'./'`disk/mdraid1x_linux.c
disk/mdraid1x_linux.c: In function ‘grub_mdraid_detect’:
disk/mdraid1x_linux.c:181:15: warning: array subscript  is outside 
array bounds of ‘grub_uint16_t[0]’ {aka ‘short unsigned int[0]’} [-Warray-bounds]
  181 |  (char *) _roles[grub_le_to_cpu32 (sb.dev_number)]
  |   ^~~
disk/mdraid1x_linux.c:98:17: note: while referencing ‘dev_roles’
   98 |   grub_uint16_t dev_roles[]; /* Role in array, or 0x for a spare, 
or 0xfffe for faulty.  */
  | ^
disk/mdraid1x_linux.c:127:33: note: defined here ‘sb’
  127 |   struct grub_raid_super_1x sb;
  |


Code in question seems to be:

  if (grub_disk_read (disk, sector,
  (char *) _roles[grub_le_to_cpu32 
(sb.dev_number)]

  - (char *) ,
  sizeof (role), ))
return NULL;

Normally, it should be fixed by using `grub_uint16_t[]` instead of 
`grub_uint16_t[0]`, but I haven’t found out where yet.



Kind regards,

Paul
___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel