This is likely an issue stemming from a bad interaction between the
firmware's PE loader and the kernel's efi stub.
The reason peimage can appear to fix this as it bypasses the
firmware's PE loader for secure boot reasons.
Hiding bugs in said PE loader is a coincidental side benefit and not
an
Signed-off-by: Mate Kukri
---
grub-core/kern/efi/sb.c | 28
grub-core/loader/efi/linux.c | 12 +++-
include/grub/efi/api.h | 2 ++
include/grub/efi/sb.h| 2 ++
4 files changed, 39 insertions(+), 5 deletions(-)
diff --git a/grub-core/kern
From: Julian Andres Klode
These can be used to register a different implementation later,
for example, when shim provides a protocol with those functions.
Signed-off-by: Mate Kukri
---
grub-core/kern/efi/efi.c | 57 ++
grub-core/loader/efi/chainloader.c
implementation that returns
GRUB_ERR_NONE.
On EFI platforms, it implements the primitives using the EFI
Memory Attribute Protocol (defined in UEFI 2.10 specification).
Original-Author: Peter Jones
Signed-off-by: Mate Kukri
---
grub-core/kern/efi/mm.c | 127
include
Jones
Signed-off-by: Jan Setje-Eilers
Signed-off-by: Mate Kukri
Reviewed-By: Vladimir Serbinenko
---
grub-core/kern/dl.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c
index 0bf40caa6..37db9fab0 100644
--- a/grub-core/kern/dl.c
+++ b/grub-core/kern
Signed-off-by: Mate Kukri
---
grub-core/kern/efi/sb.c | 39 +---
grub-core/loader/efi/linux.c | 16 ---
include/grub/efi/api.h | 5 +
include/grub/efi/efi.h | 19 +++---
include/grub/efi/sb.h| 3 ---
5 files
t.
Signed-off-by: Peter Jones
Signed-off-by: Jan Setje-Eilers
Signed-off-by: Mate Kukri
Reviewed-By: Vladimir Serbinenko
---
include/grub/dl.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/grub/dl.h b/include/grub/dl.h
index cd1f46c8b..750fc8d3d 100644
--- a/in
SHF_WRITE set, and clears
the No eXecute flag on sections with SHF_EXECINSTR set. In all other
cases it sets both flags.
Original-Author: Peter Jones
Original-Author: Robbie Harwood
Original-Author: Laszlo Ersek
Signed-off-by: Mate Kukri
---
grub-core/kern/dl.c | 104
on
future
hardware).
Julian Andres Klode (1):
efi: Provide wrappers for load_image, start_image, unload_image
Mate Kukri (6):
modules: load module sections at page-aligned addresses
nx: add memory attribute get/set API
nx: set page permissions for loaded modules.
nx: set the nx compatible
*
Note that the glob there won't work without a new enough linker, but the
failure is just reversion to the status quo, so that's not a big problem.
Signed-off-by: Peter Jones
Signed-off-by: Jan Setje-Eilers
Signed-off-by: Mate Kukri
Reviewed-By: Vladimir Serbinenko
---
grub-core/genmod.sh.in
are applied, so the relocations
factor that in with no change.
Original-Author: Peter Jones
Original-Author: Laszlo Ersek
Signed-off-by: Mate Kukri
---
docs/grub-dev.texi | 6 ++---
grub-core/kern/arm/dl.c | 13 +
grub-core/kern/arm64/dl.c | 13 +
grub-core/kern/dl.c
- the binary knows how to use the EFI Memory Attributes protocol on code
it is loading.
This patch
- adds a definition for the PE DLL Characteristics flag GRUB_PE32_NX_COMPAT
- changes grub-mkimage to set that flag.
Original-Author: Peter Jones
Signed-off-by: Mate Kukri
---
include/grub/efi/pe32.h
to double frees.
Signed-off-by: Mate Kukri
---
grub-core/kern/efi/mm.c | 6 --
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/grub-core/kern/efi/mm.c b/grub-core/kern/efi/mm.c
index 661319194..d45d0e2ac 100644
--- a/grub-core/kern/efi/mm.c
+++ b/grub-core/kern/efi/mm.c
@@ -95,8
ere.
Signed-off-by: Mate Kukri
---
grub-core/kern/efi/mm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/grub-core/kern/efi/mm.c b/grub-core/kern/efi/mm.c
index 4fec188ae..661319194 100644
--- a/grub-core/kern/efi/mm.c
+++ b/grub-core/kern/efi/mm.c
@@ -150,7 +15
map, and
results in the heap getting trashed and the firmware ASSERTING on
corrupted heap guard values when GRUB exits.
Signed-off-by: Mate Kukri
---
grub-core/kern/efi/mm.c | 14 +++---
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/grub-core/kern/efi/mm.c b/grub-core/kern
are applied, so the relocations
factor that in with no change.
Original-Author: Peter Jones
Original-Author: Laszlo Ersek
Signed-off-by: Mate Kukri
---
docs/grub-dev.texi | 6 ++---
grub-core/kern/arm/dl.c | 13 +
grub-core/kern/arm64/dl.c | 13 +
grub-core/kern/dl.c
SHF_WRITE set, and clears
the No eXecute flag on sections with SHF_EXECINSTR set. In all other
cases it sets both flags.
Original-Author: Peter Jones
Original-Author: Robbie Harwood
Original-Author: Laszlo Ersek
Signed-off-by: Mate Kukri
---
grub-core/kern/dl.c | 104
- the binary knows how to use the EFI Memory Attributes protocol on code
it is loading.
This patch
- adds a definition for the PE DLL Characteristics flag GRUB_PE32_NX_COMPAT
- changes grub-mkimage to set that flag.
Original-Author: Peter Jones
Signed-off-by: Mate Kukri
---
include/grub/efi/pe32.h
*
Note that the glob there won't work without a new enough linker, but the
failure is just reversion to the status quo, so that's not a big problem.
Signed-off-by: Peter Jones
Signed-off-by: Jan Setje-Eilers
Signed-off-by: Mate Kukri
Reviewed-By: Vladimir Serbinenko
---
grub-core/genmod.sh.in
Signed-off-by: Mate Kukri
---
grub-core/kern/efi/sb.c | 27 +++
grub-core/loader/efi/linux.c | 12 +++-
include/grub/efi/api.h | 2 ++
include/grub/efi/sb.h| 2 ++
4 files changed, 38 insertions(+), 5 deletions(-)
diff --git a/grub-core/kern
Signed-off-by: Mate Kukri
---
grub-core/kern/efi/sb.c | 39 +---
grub-core/loader/efi/linux.c | 16 ---
include/grub/efi/api.h | 5 +
include/grub/efi/efi.h | 19 +++---
include/grub/efi/sb.h| 3 ---
5 files
From: Julian Andres Klode
These can be used to register a different implementation later,
for example, when shim provides a protocol with those functions.
Signed-off-by: Mate Kukri
---
grub-core/kern/efi/efi.c | 57 ++
grub-core/loader/efi/chainloader.c
implementation that returns
GRUB_ERR_NONE.
On EFI platforms, it implements the primitives using the EFI
Memory Attribute Protocol (defined in UEFI 2.10 specification).
Original-Author: Peter Jones
Signed-off-by: Mate Kukri
---
grub-core/kern/efi/mm.c | 127
include
Jones
Signed-off-by: Jan Setje-Eilers
Signed-off-by: Mate Kukri
Reviewed-By: Vladimir Serbinenko
---
grub-core/kern/dl.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c
index 0bf40caa6..37db9fab0 100644
--- a/grub-core/kern/dl.c
+++ b/grub-core/kern
t.
Signed-off-by: Peter Jones
Signed-off-by: Jan Setje-Eilers
Signed-off-by: Mate Kukri
Reviewed-By: Vladimir Serbinenko
---
include/grub/dl.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/grub/dl.h b/include/grub/dl.h
index cd1f46c8b..750fc8d3d 100644
--- a/in
on
future
hardware).
Julian Andres Klode (1):
efi: Provide wrappers for load_image, start_image, unload_image
Mate Kukri (6):
modules: load module sections at page-aligned addresses
nx: add memory attribute get/set API
nx: set page permissions for loaded modules.
nx: set the nx compatible
are applied, so the relocations
factor that in with no change.
Original-Author: Peter Jones
Original-Author: Laszlo Ersek
Signed-off-by: Mate Kukri
---
docs/grub-dev.texi | 6 ++---
grub-core/kern/arm/dl.c | 13 +
grub-core/kern/arm64/dl.c | 13 +
grub-core/kern/dl.c
Jones
Signed-off-by: Jan Setje-Eilers
Signed-off-by: Mate Kukri
Reviewed-By: Vladimir Serbinenko
---
grub-core/kern/dl.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c
index 0bf40caa6..37db9fab0 100644
--- a/grub-core/kern/dl.c
+++ b/grub-core/kern
implementation that returns
GRUB_ERR_NONE.
On EFI platforms, it implements the primitives using the EFI
Memory Attribute Protocol (defined in UEFI 2.10 specification).
Original-Author: Peter Jones
Signed-off-by: Mate Kukri
---
grub-core/kern/efi/mm.c | 127
include
Signed-off-by: Mate Kukri
---
grub-core/loader/efi/linux.c | 41 +++-
1 file changed, 36 insertions(+), 5 deletions(-)
diff --git a/grub-core/loader/efi/linux.c b/grub-core/loader/efi/linux.c
index 99365536a..e44692c92 100644
--- a/grub-core/loader/efi/linux.c
From: Julian Andres Klode
These can be used to register a different implementation later,
for example, when shim provides a protocol with those functions.
Signed-off-by: Mate Kukri
---
grub-core/kern/efi/efi.c | 57 ++
grub-core/loader/efi/chainloader.c
SHF_WRITE set, and clears
the No eXecute flag on sections with SHF_EXECINSTR set. In all other
cases it sets both flags.
Original-Author: Peter Jones
Original-Author: Robbie Harwood
Original-Author: Laszlo Ersek
Signed-off-by: Mate Kukri
---
grub-core/kern/dl.c | 104
- the binary knows how to use the EFI Memory Attributes protocol on code
it is loading.
This patch
- adds a definition for the PE DLL Characteristics flag GRUB_PE32_NX_COMPAT
- changes grub-mkimage to set that flag.
Original-Author: Peter Jones
Signed-off-by: Mate Kukri
---
include/grub/efi/pe32.h
Signed-off-by: Mate Kukri
---
grub-core/kern/efi/sb.c | 39 +---
grub-core/loader/efi/linux.c | 16 ---
include/grub/efi/api.h | 5 +
include/grub/efi/efi.h | 19 +++---
include/grub/efi/sb.h| 3 ---
5 files
*
Note that the glob there won't work without a new enough linker, but the
failure is just reversion to the status quo, so that's not a big problem.
Signed-off-by: Peter Jones
Signed-off-by: Jan Setje-Eilers
Signed-off-by: Mate Kukri
Reviewed-By: Vladimir Serbinenko
---
grub-core/genmod.sh.in
on
future
hardware).
Julian Andres Klode (1):
efi: Provide wrappers for load_image, start_image, unload_image
Mate Kukri (6):
modules: load module sections at page-aligned addresses
nx: add memory attribute get/set API
nx: set page permissions for loaded modules.
nx: set the nx compatible
t.
Signed-off-by: Peter Jones
Signed-off-by: Jan Setje-Eilers
Signed-off-by: Mate Kukri
Reviewed-By: Vladimir Serbinenko
---
include/grub/dl.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/grub/dl.h b/include/grub/dl.h
index cd1f46c8b..750fc8d3d 100644
--- a/in
Hi Vladimir,
Thanks for the reviews, I'll get back to addressing your comments next week.
In the meantime, I am not sure what happened to patch 15/15, but I at
least tried sending it, and it seems to be available in the archive
here:
Signed-off-by: Mate Kukri
---
grub-core/loader/efi/linux.c | 41 +++-
1 file changed, 36 insertions(+), 5 deletions(-)
diff --git a/grub-core/loader/efi/linux.c b/grub-core/loader/efi/linux.c
index 99365536a..e44692c92 100644
--- a/grub-core/loader/efi/linux.c
c74)
Signed-off-by: Jan Setje-Eilers
Signed-off-by: Mate Kukri
Conflicts:
grub-core/kern/dl.c (obvious)
---
grub-core/kern/dl.c | 102 ++--
include/grub/dl.h | 44 +++
2 files changed, 133 insertions(+), 13 deletions(-)
diff --
Jones
(cherry picked from commit 0f76b53f2fe86542123c7aa1ae39c90852972a99)
Signed-off-by: Jan Setje-Eilers
Signed-off-by: Mate Kukri
---
grub-core/kern/dl.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c
index 0bf40caa6..37db9fab0 100644
--- a/grub
*
Note that the glob there won't work without a new enough linker, but the
failure is just reversion to the status quo, so that's not a big problem.
Signed-off-by: Peter Jones
(cherry picked from commit 0f66524e94d3c4f4d669d75c2122b0f1036776ea)
Signed-off-by: Jan Setje-Eilers
Signed-off-by: Mate
a9ec858bd62b004c331cad9b5b00071d3081b626)
Signed-off-by: Jan Setje-Eilers
Conflicts:
util/mkimage.c
Signed-off-by: Mate Kukri
---
util/mkimage.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/util/mkimage.c b/util/mkimage.c
index 4237383ac..9b4720e21 100644
--- a/util/mkimage.c
+++ b/util
Signed-off-by: Mate Kukri
---
grub-core/kern/efi/mm.c | 8
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/grub-core/kern/efi/mm.c b/grub-core/kern/efi/mm.c
index 46f2266e1..1064036f4 100644
--- a/grub-core/kern/efi/mm.c
+++ b/grub-core/kern/efi/mm.c
@@ -741,7 +741,7
nx primitives using
it.
Signed-off-by: Peter Jones
[rharwood: add pjones's none/nyi fixup]
Signed-off-by: Robbie Harwood
(cherry picked from commit 45bfb1cc8316096a5ce1e58850ce5f8a6e0e100c)
Signed-off-by: Jan Setje-Eilers
Signed-off-by: Mate Kukri
Conflicts:
grub-core/kern/efi/mm.c
now, add a self-check that reports this bug (and prevents the crash by
skipping the write protection).
Example log after the patch:
> kern/dl.c:742:BUG: trying to protect pages outside of module allocation
> ("video_fb"): module base 0x13b87d000, size 0xe4f0; tramp/GOT base
> 0x13b8
Signed-off-by: Mate Kukri
---
grub-core/kern/efi/sb.c | 39 +---
grub-core/loader/efi/linux.c | 16 ---
include/grub/efi/api.h | 5 +
include/grub/efi/efi.h | 19 +++---
include/grub/efi/sb.h| 3 ---
5 files
rom commit c850db5c0478c8328ebdd48ee8cce02995d4ead0)
Signed-off-by: Jan Setje-Eilers
Conflicts:
grub-core/loader/arm64/linux.c (deleted)
include/grub/efi/pe32.h (fixup)
Signed-off-by: Mate Kukri
---
include/grub/efi/pe32.h | 98 ++---
1 file c
tributes for GOT and trampolines ("video_fb")
Fixes: ad1b904d325b (nx: set page permissions for loaded modules.)
Signed-off-by: Laszlo Ersek
(cherry picked from commit ee58dd70d627df54b806e94409673a11caab5a5d)
Signed-off-by: Jan Setje-Eilers
Signed-off-by: Mate Kukri
---
grub-core/kern/dl
From: Julian Andres Klode
These can be used to register a different implementation later,
for example, when shim provides a protocol with those functions.
Signed-off-by: Mate Kukri
---
grub-core/kern/efi/efi.c | 57 ++
grub-core/loader/efi/chainloader.c
t.
Signed-off-by: Peter Jones
(cherry picked from commit f6563e15bb490bb76a1a95cd3648fe03d1134d14)
Signed-off-by: Jan Setje-Eilers
Signed-off-by: Mate Kukri
---
include/grub/dl.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/grub/dl.h b/include/grub/dl.h
index
(obvious)
Signed-off-by: Mate Kukri
---
grub-core/kern/dl.c | 24
1 file changed, 16 insertions(+), 8 deletions(-)
diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c
index 2784fae7a..9f31ad3b9 100644
--- a/grub-core/kern/dl.c
+++ b/grub-core/kern/dl.c
@@ -228,7
applicable.
Julian Andres Klode (1):
efi: Provide wrappers for load_image, start_image, unload_image
Laszlo Ersek (3):
grub_dl_load_segments(): page-align the tramp/GOT areas too
grub_dl_set_mem_attrs(): add self-check for the tramp/GOT sizes
grub_dl_set_mem_attrs(): fix format string
Mate Kukri
dl.c (obvious)
Signed-off-by: Mate Kukri
---
docs/grub-dev.texi | 6 +++---
grub-core/kern/arm/dl.c | 13 +
grub-core/kern/arm64/dl.c | 13 +
grub-core/kern/dl.c | 29 +
grub-core/kern/emu/full.c
Hello,
Do you have a proposed use-case for this in mind?
On MBR disks there is usually enough space for core.img before the
first partition.
On GPT you can simply create a so-called "BIOS boot partition" to
store core.img.
But in either, BIOS is a legacy platform, so I doubt many new users of
From: David F
Work around firmware bugs that cause large reads to fail from certain
devices.
Report-By: David F
Signed-off-by: Mate Kukri
---
grub-core/disk/efi/efidisk.c | 43 +---
1 file changed, 30 insertions(+), 13 deletions(-)
diff --git a/grub-core/disk
if anything else is effected by this.
Mate Kukri
___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
ase-sensitive prefix match as opposed to a case-insensitive substring
search.
- The Windows code just searches for an entry to re-use, or an empty
entry to fill, but unlike Unix, the existing entries with a matching
name are not deleted.
Mate
On Thu, Feb 1, 2024 at 9:29 AM Mate Kukri wrote:
- Allow entries to be called things like "Debian" and "Ubuntu".
- If there is no `GRUB_DISTRIBUTOR` assume it is "GRUB".
- When deleting previous boot options, allow matching against both
the old "efi_distributor" value and the new "efi_title&quo
to gain more memory protections, including un-mapped
zero-page (alongside NX), it might even be a good idea to add more
such assignments instead of removing them.
Best regards,
Mate Kukri
On Sat, Jan 20, 2024 at 2:54 AM Alec Brown wrote:
>
> In grub-core/osdep/unix/getroot.c, coverity s
154dcb1aea9f8fc42b2bce98bebed004d7783a7d broke out of tree builds by
introducing the extra_deps.lst file into the source tree but referencing
it just by name in grub-core/Makefile.am.
Signed-off-by: Mate Kukri
---
grub-core/Makefile.am | 4 ++--
1 file changed, 2 insertions(+), 2 deletions
The previous grub-install patch delaying the copying of files caused a
regression when installing without an existing directory structure.
This patch ensures that the platform directory actually exists by the
time the code tries to canonicalize its filename.
Signed-off-by: Mate Kukri
---
util
Replace definition of `HTTP_PORT` with a pre-processor macro that converts
the constant to the correct type `grub_uint16_t`.
Change the defintion of local variable `port` in `http_establish()` to
have the same type.
Signed-off-by: Mate Kukri
---
grub-core/net/http.c | 8 ++--
1 file
Add explicit casts of HTTP_PORT to int to match the type of the port
variable.
Signed-off-by: Mate Kukri
---
grub-core/net/http.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/grub-core/net/http.c b/grub-core/net/http.c
index df690acf6..d7b91c1f6 100644
--- a/grub-core
the modules after at least some install_device
validation was done, and thus reduces reliance on successful rollback.
Signed-off-by: Mate Kukri
---
util/grub-install.c | 38 --
1 file changed, 20 insertions(+), 18 deletions(-)
diff --git a/util/grub-install.c b/util
wrote:
>
> On Wed, Nov 22, 2023 at 11:53:13AM +, Mate Kukri wrote:
> > Previously grub-install copied modules to grubdir before doing any
> > validation on
> > the install_device.
> >
> > When grub-install was called with an invalid install_device, modu
the modules after at least some install_device
validation was done, and thus reduces reliance on successful rollback.
Signed-off-by: Mate Kukri
Reviewed-by: Julian Andres Klode
---
util/grub-install.c | 38 --
1 file changed, 20 insertions(+), 18 deletions(-)
diff
Previously grub-install copied modules to grubdir before doing any validation on
the install_device.
When grub-install was called with an invalid install_device, modules
were already copied to /boot before it found out and was forced to rely
on atexit rollback.
This patch delays copying the
Previously grub-install copied modules to grubdir before doing any validation on
the install_device.
When grub-install was called with an invalid install_device, modules
were already copied to /boot before it found out and was forced to rely
on atexit rollback.
This patch delays copying the
69 matches
Mail list logo