Re: [programmer11...@programist.ru: Bug#1021846: grub-install is broken since 2.06-3: error: unknown filesystem]
On Sat, Dec 10, 2022 at 07:40:47AM +0300, программист некто wrote: >Hello. Sorry for long wait. > >>программист некто: could you please try these changes and report back? > >I tried the first patch with grub 2.06-7. Result: grub-install works without >error. Cool, thanks for confirming! -- Steve McIntyre, Cambridge, UK.st...@einval.com "Since phone messaging became popular, the young generation has lost the ability to read or write anything that is longer than one hundred and sixty characters." -- Ignatios Souvatzis ___ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
[programmer11...@programist.ru: Bug#1021846: grub-install is broken since 2.06-3: error: unknown filesystem]
Hello. Sorry for long wait. >программист некто: could you please try these changes and report back? I tried the first patch with grub 2.06-7. Result: grub-install works without error. ___ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
Re: [programmer11...@programist.ru: Bug#1021846: grub-install is broken since 2.06-3: error: unknown filesystem]
Daniel Axtens on Sat, 2022/12/03 01:41:
> Please try the following:
>
> diff --git a/grub-core/fs/f2fs.c b/grub-core/fs/f2fs.c
> index df6beb544cbd..855e24618c2b 100644
> --- a/grub-core/fs/f2fs.c
> +++ b/grub-core/fs/f2fs.c
> @@ -650,7 +650,7 @@ get_blkaddr_from_nat_journal (struct grub_f2fs_data
> *data, grub_uint32_t nid, grub_uint16_t n = grub_le_to_cpu16
> (data->nat_j.n_nats); grub_uint16_t i;
>
> - if (n >= NAT_JOURNAL_ENTRIES)
> + if (n > NAT_JOURNAL_ENTRIES)
> return grub_error (GRUB_ERR_BAD_FS,
> "invalid number of nat journal entries");
I have a confirmation in Arch downstream bug report that this indeed does
fix the issue.
https://bugs.archlinux.org/task/76168#comment213505
Pleas commit into master. Thanks a lot!
--
main(a){char*c=/*Schoene Gruesse */"B?IJj;MEH"
"CX:;",b;for(a/*Best regards my address:*/=0;b=c[a++];)
putchar(b-1/(/*Chriscc -ox -xc - && ./x*/b/42*2-3)*42);}
pgp75MieUztUX.pgp
Description: OpenPGP digital signature
___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
Re: [programmer11...@programist.ru: Bug#1021846: grub-install is broken since 2.06-3: error: unknown filesystem]
Certainly, I will try these changes. 03.12.2022, 20:44, "Steve McIntyre" : программист некто: could you please try these changes and report back? --Steve McIntyre, Cambridge, UK. st...@einval.com Armed with "Valor": "Centurion" represents quality of Discipline, Honor, Integrity and Loyalty. Now you don't have to be a Caesar to concord the digital world while feeling safe and proud. ___ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
Re: [programmer11...@programist.ru: Bug#1021846: grub-install is broken since 2.06-3: error: unknown filesystem]
Hi Daniel! On Sat, Dec 03, 2022 at 01:41:51AM +1100, Daniel Axtens wrote: >Steve McIntyre writes: >> >> программист некто (in CC) reported this bug a few weeks back in >> Debian. Since I applied the bundle of filesystem bounds-checking fixes >> a few months back, he can't run grub-install. He's done the work to >> determine that the patch that breaks things for him is >> >> 2d014248d540c7e087934a94b6e7a2aa7fc2c704 fs/f2fs: Do not read past the end >> of nat journal entries >> >> The full thread of our discussion is at https://bugs.debian.org/1021846 >> >> I don't have any knowledge of f2fs to go any further here. Help please! :-) > >Ergh, apologies for the regression. > >[somewhat off-topic: The fix came from a crash derived from fuzzing. I >am not really knowledgeable about f2fs either - I was just trying to do >my best based on what we could derive from the existing driver. In >general, filesystems are a nightmare for fuzzing fixes because testing >beyond the (quite decent!) tests that the grub test-suite runs is very >challenging. There is usually no-one who is both involved in grub >security and an expert on any given file system either. We do the best >we can. Sadly our regression rate has been climbing, so we may need to >come up with some other way to secure file systems or get access to >sufficient expertise in the future.] ACK. I used to develop amd maintain filesystems as a day job, I understand the issue! Writing good and comprehensive tests is hard, and therefore quite rare! >I had a massive, massive work-in-progress spiel where I looked at this >code and compared the linux code and counted sizes and so on and so >forth. I was getting nowhere. But eventually I realised I had just made >an off-by-one error in the test. You're allowed to have up to n = >NAT_JOURNAL_ENTRIES entries _inclusive_, because the loop below uses i < >n, not i <= n. D'oh. Doh indeed! :-) >Please try the following: > >diff --git a/grub-core/fs/f2fs.c b/grub-core/fs/f2fs.c >index df6beb544cbd..855e24618c2b 100644 >--- a/grub-core/fs/f2fs.c >+++ b/grub-core/fs/f2fs.c >@@ -650,7 +650,7 @@ get_blkaddr_from_nat_journal (struct grub_f2fs_data *data, >grub_uint32_t nid, > grub_uint16_t n = grub_le_to_cpu16 (data->nat_j.n_nats); > grub_uint16_t i; > >- if (n >= NAT_JOURNAL_ENTRIES) >+ if (n > NAT_JOURNAL_ENTRIES) > return grub_error (GRUB_ERR_BAD_FS, >"invalid number of nat journal entries"); > > >If for some reason that doesn't work, please add the following debug >code and report the results: > >diff --git a/grub-core/fs/f2fs.c b/grub-core/fs/f2fs.c >index 855e24618c2b..6e49a6d17b7a 100644 >--- a/grub-core/fs/f2fs.c >+++ b/grub-core/fs/f2fs.c >@@ -643,6 +643,10 @@ get_nat_journal (struct grub_f2fs_data *data) > return err; > } > >+#ifdef GRUB_UTIL >+#include >+#endif >+ > static grub_err_t > get_blkaddr_from_nat_journal (struct grub_f2fs_data *data, grub_uint32_t nid, > grub_uint32_t *blkaddr) >@@ -650,6 +654,10 @@ get_blkaddr_from_nat_journal (struct grub_f2fs_data >*data, grub_uint32_t nid, > grub_uint16_t n = grub_le_to_cpu16 (data->nat_j.n_nats); > grub_uint16_t i; > >+#ifdef GRUB_UTIL >+ fprintf(stderr, "%s: n = %hu\n", __func__, n); >+#endif >+ > if (n > NAT_JOURNAL_ENTRIES) > return grub_error (GRUB_ERR_BAD_FS, >"invalid number of nat journal entries"); > программист некто: could you please try these changes and report back? >Amusingly the debug code shows that the grub-fs-tester tests always have >n = 0, which makes sense for a test that doesn't really stress the >file-system, and also explains why we didn't catch the bug when it was >introduced. Right. -- Steve McIntyre, Cambridge, UK.st...@einval.com Armed with "Valor": "Centurion" represents quality of Discipline, Honor, Integrity and Loyalty. Now you don't have to be a Caesar to concord the digital world while feeling safe and proud. ___ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
Re: [programmer11...@programist.ru: Bug#1021846: grub-install is broken since 2.06-3: error: unknown filesystem]
Steve McIntyre writes: > Hi all! > > программист некто (in CC) reported this bug a few weeks back in > Debian. Since I applied the bundle of filesystem bounds-checking fixes > a few months back, he can't run grub-install. He's done the work to > determine that the patch that breaks things for him is > > 2d014248d540c7e087934a94b6e7a2aa7fc2c704 fs/f2fs: Do not read past the end of > nat journal entries > > The full thread of our discussion is at https://bugs.debian.org/1021846 > > I don't have any knowledge of f2fs to go any further here. Help please! :-) Ergh, apologies for the regression. [somewhat off-topic: The fix came from a crash derived from fuzzing. I am not really knowledgeable about f2fs either - I was just trying to do my best based on what we could derive from the existing driver. In general, filesystems are a nightmare for fuzzing fixes because testing beyond the (quite decent!) tests that the grub test-suite runs is very challenging. There is usually no-one who is both involved in grub security and an expert on any given file system either. We do the best we can. Sadly our regression rate has been climbing, so we may need to come up with some other way to secure file systems or get access to sufficient expertise in the future.] I had a massive, massive work-in-progress spiel where I looked at this code and compared the linux code and counted sizes and so on and so forth. I was getting nowhere. But eventually I realised I had just made an off-by-one error in the test. You're allowed to have up to n = NAT_JOURNAL_ENTRIES entries _inclusive_, because the loop below uses i < n, not i <= n. D'oh. Please try the following: diff --git a/grub-core/fs/f2fs.c b/grub-core/fs/f2fs.c index df6beb544cbd..855e24618c2b 100644 --- a/grub-core/fs/f2fs.c +++ b/grub-core/fs/f2fs.c @@ -650,7 +650,7 @@ get_blkaddr_from_nat_journal (struct grub_f2fs_data *data, grub_uint32_t nid, grub_uint16_t n = grub_le_to_cpu16 (data->nat_j.n_nats); grub_uint16_t i; - if (n >= NAT_JOURNAL_ENTRIES) + if (n > NAT_JOURNAL_ENTRIES) return grub_error (GRUB_ERR_BAD_FS, "invalid number of nat journal entries"); If for some reason that doesn't work, please add the following debug code and report the results: diff --git a/grub-core/fs/f2fs.c b/grub-core/fs/f2fs.c index 855e24618c2b..6e49a6d17b7a 100644 --- a/grub-core/fs/f2fs.c +++ b/grub-core/fs/f2fs.c @@ -643,6 +643,10 @@ get_nat_journal (struct grub_f2fs_data *data) return err; } +#ifdef GRUB_UTIL +#include +#endif + static grub_err_t get_blkaddr_from_nat_journal (struct grub_f2fs_data *data, grub_uint32_t nid, grub_uint32_t *blkaddr) @@ -650,6 +654,10 @@ get_blkaddr_from_nat_journal (struct grub_f2fs_data *data, grub_uint32_t nid, grub_uint16_t n = grub_le_to_cpu16 (data->nat_j.n_nats); grub_uint16_t i; +#ifdef GRUB_UTIL + fprintf(stderr, "%s: n = %hu\n", __func__, n); +#endif + if (n > NAT_JOURNAL_ENTRIES) return grub_error (GRUB_ERR_BAD_FS, "invalid number of nat journal entries"); Amusingly the debug code shows that the grub-fs-tester tests always have n = 0, which makes sense for a test that doesn't really stress the file-system, and also explains why we didn't catch the bug when it was introduced. Kind regards, Daniel > > - Forwarded message from программист некто > - > > From: программист некто > To: sub...@bugs.debian.org > Date: Sat, 15 Oct 2022 23:54:36 +0300 > Subject: Bug#1021846: grub-install is broken since 2.06-3: error: unknown > filesystem > Message-Id: <3168731665867...@wf4nrjvtssjecb53.iva.yp-c.yandex.net> > > Package: grub-pc > Version: 2.06-3~deb11u1 > Severity: critical > > Hello. Since version 2.06-3, grub-install is broken: it fails with "error: > unknown filesystem". > I test command /usr/sbin/grub-install -v /dev/sda > in some versions. Results in mail attachments. > Versions older than 2.06-3 works without error (2.06-2 and lower). > Tested versions: 2.04-20, 2.06-1, 2.06-2, 2.06-3~deb10u1, 2.06-3~deb11u1, > 2.06-4. > > Disk partitions: > > # fdisk --list-details > Disk /dev/sda: 29,82 GiB, 32017047552 bytes, 62533296 sectors > Disk model: TS32GSSD370S > Units: sectors of 1 * 512 = 512 bytes > Sector size (logical/physical): 512 bytes / 512 bytes > I/O size (minimum/optimal): 512 bytes / 512 bytes > Disklabel type: dos > Disk identifier: 0xc7177f7e > > Device Boot Start End Sectors Id Type Start-C/H/S End-C/H/S Attrs > /dev/sda1 2048 22763519 22761472 83 Linux 4/4/1 1023/254/2 > /dev/sda2 * 25866240 62531583 36665344 7 HPFS/ 1023/254/2 1023/254/2 80 > > $ disktype /dev/sda1 > --- /dev/sda1 > Block device, size 10.85 GiB (11653873664 bytes) > F2FS file system (version 1.14) > > $ disktype /dev/sda2 > --- /dev/sda2 > Block device, size 17.48 GiB (18772656128 bytes) > NTFS file system > Volume size 17.48 GiB (18772652032 bytes, 36665336 sectors) > > > > > > > > > - End forwarded message - > -- >
Re: [programmer11...@programist.ru: Bug#1021846: grub-install is broken since 2.06-3: error: unknown filesystem]
Steve McIntyre writes: > Hi all! > > программист некто (in CC) reported this bug a few weeks back in > Debian. Since I applied the bundle of filesystem bounds-checking fixes > a few months back, he can't run grub-install. He's done the work to > determine that the patch that breaks things for him is > > 2d014248d540c7e087934a94b6e7a2aa7fc2c704 fs/f2fs: Do not read past the end of > nat journal entries > > The full thread of our discussion is at https://bugs.debian.org/1021846 > > I don't have any knowledge of f2fs to go any further here. Help please! :-) I don't know much about f2fs either, but has the value of `n` been captured versus NAT_JOURNAL_ENTRIES in the failing case? Might be useful to know how much it's going over by. Be well, --Robbie signature.asc Description: PGP signature ___ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
Re: [programmer11...@programist.ru: Bug#1021846: grub-install is broken since 2.06-3: error: unknown filesystem]
Hi Sudhakar! On Fri, Nov 25, 2022 at 10:52:39AM +0530, sudhakar wrote: >Hi Steve, > >It seems invalid Commit id which you reported. It should be >4bd9877f62166b7e369773ab92fe24a39f6515f8 >did you applied below patch and tested? Could you please confirm that. > >fs/f2fs: Do not read past the end of nat journal entries > >https://git.savannah.gnu.org/cgit/grub.git/patch/?id=4bd9877f62166b7e369773ab92fe24a39f6515f8 It's exactly the same patch, just the commit hash is different when pulled into our 2.06 tree. Cheers, Steve -- Steve McIntyre, Cambridge, UK.st...@einval.com Welcome my son, welcome to the machine. ___ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
Re: [programmer11...@programist.ru: Bug#1021846: grub-install is broken since 2.06-3: error: unknown filesystem]
Hi Steve, It seems invalid Commit id which you reported. It should be 4bd9877f62166b7e369773ab92fe24a39f6515f8 did you applied below patch and tested? Could you please confirm that. fs/f2fs: Do not read past the end of nat journal entries https://git.savannah.gnu.org/cgit/grub.git/patch/?id=4bd9877f62166b7e369773ab92fe24a39f6515f8 thanks, Sudhakar Kuppusamy On 2022-11-24 20:39, Daniel Kiper wrote: Adding Daniel Axtens... On Tue, Nov 15, 2022 at 06:31:45PM +, Steve McIntyre wrote: Hi all! программист некто (in CC) reported this bug a few weeks back in Debian. Since I applied the bundle of filesystem bounds-checking fixes a few months back, he can't run grub-install. He's done the work to determine that the patch that breaks things for him is 2d014248d540c7e087934a94b6e7a2aa7fc2c704 fs/f2fs: Do not read past the end of nat journal entries The full thread of our discussion is at https://bugs.debian.org/1021846 I don't have any knowledge of f2fs to go any further here. Help please! :-) - Forwarded message from программист некто - From: программист некто To: sub...@bugs.debian.org Date: Sat, 15 Oct 2022 23:54:36 +0300 Subject: Bug#1021846: grub-install is broken since 2.06-3: error: unknown filesystem Message-Id: <3168731665867...@wf4nrjvtssjecb53.iva.yp-c.yandex.net> Package: grub-pc Version: 2.06-3~deb11u1 Severity: critical Hello. Since version 2.06-3, grub-install is broken: it fails with "error: unknown filesystem". I test command /usr/sbin/grub-install -v /dev/sda in some versions. Results in mail attachments. Versions older than 2.06-3 works without error (2.06-2 and lower). Tested versions: 2.04-20, 2.06-1, 2.06-2, 2.06-3~deb10u1, 2.06-3~deb11u1, 2.06-4. Disk partitions: # fdisk --list-details Disk /dev/sda: 29,82 GiB, 32017047552 bytes, 62533296 sectors Disk model: TS32GSSD370S Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disklabel type: dos Disk identifier: 0xc7177f7e Device Boot Start End Sectors Id Type Start-C/H/S End-C/H/S Attrs /dev/sda1 2048 22763519 22761472 83 Linux 4/4/1 1023/254/2 /dev/sda2 * 25866240 62531583 36665344 7 HPFS/ 1023/254/2 1023/254/2 80 $ disktype /dev/sda1 --- /dev/sda1 Block device, size 10.85 GiB (11653873664 bytes) F2FS file system (version 1.14) $ disktype /dev/sda2 --- /dev/sda2 Block device, size 17.48 GiB (18772656128 bytes) NTFS file system Volume size 17.48 GiB (18772652032 bytes, 36665336 sectors) - End forwarded message - -- Steve McIntyre, Cambridge, UK. st...@einval.com Mature Sporty Personal More Innovation More Adult A Man in Dandism Powered Midship Specialty ___ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
Re: [programmer11...@programist.ru: Bug#1021846: grub-install is broken since 2.06-3: error: unknown filesystem]
Adding Daniel Axtens... On Tue, Nov 15, 2022 at 06:31:45PM +, Steve McIntyre wrote: > Hi all! > > программист некто (in CC) reported this bug a few weeks back in > Debian. Since I applied the bundle of filesystem bounds-checking fixes > a few months back, he can't run grub-install. He's done the work to > determine that the patch that breaks things for him is > > 2d014248d540c7e087934a94b6e7a2aa7fc2c704 fs/f2fs: Do not read past the end of > nat journal entries > > The full thread of our discussion is at https://bugs.debian.org/1021846 > > I don't have any knowledge of f2fs to go any further here. Help please! :-) > > - Forwarded message from программист некто > - > > From: программист некто > To: sub...@bugs.debian.org > Date: Sat, 15 Oct 2022 23:54:36 +0300 > Subject: Bug#1021846: grub-install is broken since 2.06-3: error: unknown > filesystem > Message-Id: <3168731665867...@wf4nrjvtssjecb53.iva.yp-c.yandex.net> > > Package: grub-pc > Version: 2.06-3~deb11u1 > Severity: critical > > Hello. Since version 2.06-3, grub-install is broken: it fails with "error: > unknown filesystem". > I test command /usr/sbin/grub-install -v /dev/sda > in some versions. Results in mail attachments. > Versions older than 2.06-3 works without error (2.06-2 and lower). > Tested versions: 2.04-20, 2.06-1, 2.06-2, 2.06-3~deb10u1, 2.06-3~deb11u1, > 2.06-4. > > Disk partitions: > > # fdisk --list-details > Disk /dev/sda: 29,82 GiB, 32017047552 bytes, 62533296 sectors > Disk model: TS32GSSD370S > Units: sectors of 1 * 512 = 512 bytes > Sector size (logical/physical): 512 bytes / 512 bytes > I/O size (minimum/optimal): 512 bytes / 512 bytes > Disklabel type: dos > Disk identifier: 0xc7177f7e > > Device Boot Start End Sectors Id Type Start-C/H/S End-C/H/S Attrs > /dev/sda1 2048 22763519 22761472 83 Linux 4/4/1 1023/254/2 > /dev/sda2 * 25866240 62531583 36665344 7 HPFS/ 1023/254/2 1023/254/2 80 > > $ disktype /dev/sda1 > --- /dev/sda1 > Block device, size 10.85 GiB (11653873664 bytes) > F2FS file system (version 1.14) > > $ disktype /dev/sda2 > --- /dev/sda2 > Block device, size 17.48 GiB (18772656128 bytes) > NTFS file system > Volume size 17.48 GiB (18772652032 bytes, 36665336 sectors) > > - End forwarded message - > -- > Steve McIntyre, Cambridge, UK.st...@einval.com > Mature Sporty Personal > More Innovation More Adult > A Man in Dandism > Powered Midship Specialty ___ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
[programmer11...@programist.ru: Bug#1021846: grub-install is broken since 2.06-3: error: unknown filesystem]
Hi all! программист некто (in CC) reported this bug a few weeks back in Debian. Since I applied the bundle of filesystem bounds-checking fixes a few months back, he can't run grub-install. He's done the work to determine that the patch that breaks things for him is 2d014248d540c7e087934a94b6e7a2aa7fc2c704 fs/f2fs: Do not read past the end of nat journal entries The full thread of our discussion is at https://bugs.debian.org/1021846 I don't have any knowledge of f2fs to go any further here. Help please! :-) - Forwarded message from программист некто - From: программист некто To: sub...@bugs.debian.org Date: Sat, 15 Oct 2022 23:54:36 +0300 Subject: Bug#1021846: grub-install is broken since 2.06-3: error: unknown filesystem Message-Id: <3168731665867...@wf4nrjvtssjecb53.iva.yp-c.yandex.net> Package: grub-pc Version: 2.06-3~deb11u1 Severity: critical Hello. Since version 2.06-3, grub-install is broken: it fails with "error: unknown filesystem". I test command /usr/sbin/grub-install -v /dev/sda in some versions. Results in mail attachments. Versions older than 2.06-3 works without error (2.06-2 and lower). Tested versions: 2.04-20, 2.06-1, 2.06-2, 2.06-3~deb10u1, 2.06-3~deb11u1, 2.06-4. Disk partitions: # fdisk --list-details Disk /dev/sda: 29,82 GiB, 32017047552 bytes, 62533296 sectors Disk model: TS32GSSD370S Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disklabel type: dos Disk identifier: 0xc7177f7e Device Boot Start End Sectors Id Type Start-C/H/S End-C/H/S Attrs /dev/sda1 2048 22763519 22761472 83 Linux 4/4/1 1023/254/2 /dev/sda2 * 25866240 62531583 36665344 7 HPFS/ 1023/254/2 1023/254/2 80 $ disktype /dev/sda1 --- /dev/sda1 Block device, size 10.85 GiB (11653873664 bytes) F2FS file system (version 1.14) $ disktype /dev/sda2 --- /dev/sda2 Block device, size 17.48 GiB (18772656128 bytes) NTFS file system Volume size 17.48 GiB (18772652032 bytes, 36665336 sectors) - End forwarded message - -- Steve McIntyre, Cambridge, UK.st...@einval.com Mature Sporty Personal More Innovation More Adult A Man in Dandism Powered Midship Specialty ___ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
