proxmox-mirrors/grub2
1
0
Fork 0
mirror of https://git.proxmox.com/git/grub2 synced 2025-07-15 23:15:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
10,203 Commits 1 Branch 0 Tags 41 MiB
21f954425f
Commit Graph

17 Commits

Author SHA1 Message Date
Javier Martinez Canillas
7630ec5397 dl: Only allow unloading modules that are not dependencies 
When a module is attempted to be removed its reference counter is always
decremented. This means that repeated rmmod invocations will cause the
module to be unloaded even if another module depends on it.

This may lead to a use-after-free scenario allowing an attacker to execute
arbitrary code and by-pass the UEFI Secure Boot protection.

While being there, add the extern keyword to some function declarations in
that header file.

Fixes: CVE-2020-25632

Reported-by: Chris Coulson <chris.coulson@canonical.com>
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
 2021-03-02 15:54:15 +01:00
Daniel Kiper
ee7808e219 dl: Add support for persistent modules 
This type of modules cannot be unloaded. This is useful if a given
functionality, e.g. UEFI secure boot shim signature verification, should
not be disabled if it was enabled at some point in time. Somebody may
say that we can use standalone GRUB2 here. That is true. However, the
code is not so big nor complicated hence it make sense to support
modularized configs too.

Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com>
Reviewed-by: Ross Philipson <ross.philipson@oracle.com>
 2018-11-09 13:25:31 +01:00
Vladimir Serbinenko
ca0a4f689a verifiers: File type for fine-grained signature-verification controlling 
Let's provide file type info to the I/O layer. This way verifiers
framework and its users will be able to differentiate files and verify
only required ones.

This is preparatory patch.

Signed-off-by: Vladimir Serbinenko <phcoder@gmail.com>
Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com>
Reviewed-by: Ross Philipson <ross.philipson@oracle.com>
 2018-11-09 13:25:31 +01:00
Vladimir Serbinenko
66a07ce2f8 * grub-core/commands/minicmd.c (grub_mini_cmd_dump): Handle LLP case. 2013-12-16 15:28:07 +01:00
Vladimir 'phcoder' Serbinenko
e7d2559bc1 * grub-core/commands/i386/pc/drivemap.c: Add TRANSLATORS comments. 
* grub-core/commands/lsmmap.c: Likewise.
	* grub-core/commands/minicmd.c: Likewise.
	* grub-core/commands/mips/loongson/lsspd.c: Likewise.
	* grub-core/commands/regexp.c: Likewise.
	* grub-core/gdb/gdb.c: Likewise.
	* grub-core/term/gfxterm.c: Likewise.
	* util/grub-mkconfig.in: Likewise.
	* util/grub-mkfont.c: Likewise.
	* util/grub-mklayout.c: Likewise.
	* util/grub-mknetdir.in: Likewise.
	* util/grub-mkrescue.in: Likewise.
	* util/grub.d/30_os-prober.in: Likewise.
 2012-03-02 15:09:10 +01:00
Vladimir 'phcoder' Serbinenko
ead2a8822b Remove prio_list 2012-02-12 03:52:17 +01:00
Vladimir 'phcoder' Serbinenko
9c4b5c13e6 Improve gettext support. Stylistic fixes and error handling fixes while 
on it.
 2012-02-08 19:26:01 +01:00
Vladimir 'phcoder' Serbinenko
b5c1f9bf41 * grub-core/commands/minicmd.c (GRUB_MOD_INIT): Add missing SIZE 
argument.
	* util/grub-fstest.c (options): Add missing DEVICE part.
 2012-02-05 11:32:11 +01:00
Vladimir 'phcoder' Serbinenko
02a2bf8384 Add noreturn attributes and remove unreachable code. 
* grub-core/bus/cs5536.c (grub_cs5536_smbus_wait): Remove unreachable
	code.
	* grub-core/commands/halt.c (grub_cmd_halt): Remove unreachable
	code. Mark as noreturn.
	* grub-core/commands/minicmd.c (grub_mini_cmd_exit): Likewise.
	* grub-core/commands/reboot.c (grub_cmd_reboot): Likewise.
	* grub-core/disk/efi/efidisk.c (grub_efidisk_get_device_name): Remove
	unreachable code.
	* grub-core/kern/main.c (grub_main): Mark as noreturn.
	* grub-core/kern/rescue_reader.c (grub_rescue_run): Likewise.
	* grub-core/lib/posix_wrap/stdlib.h (abort): Likewise.
	* grub-core/normal/menu.c (run_menu): Remove unreachable code.
	* include/grub/kernel.h (grub_main): Mark as noreturn.
	* include/grub/reader.h (grub_rescue_run): Likewise.
 2011-12-13 15:13:51 +01:00
Vladimir 'phcoder' Serbinenko
6e0632e28c * grub-core/commands/acpihalt.c: Gettextized. 
* grub-core/commands/cacheinfo.c: Likewise.
	* grub-core/commands/cmp.c: Likewise.
	* grub-core/commands/efi/loadbios.c: Likewise.
	* grub-core/commands/gptsync.c: Likewise.
	* grub-core/commands/ieee1275/suspend.c: Likewise.
	* grub-core/commands/legacycfg.c: Likewise.
	* grub-core/commands/memrw.c: Likewise.
	* grub-core/commands/minicmd.c: Likewise.
	* grub-core/commands/parttool.c: Likewise.
	* grub-core/commands/time.c: Likewise.
	* grub-core/commands/videoinfo.c: Likewise.
	* grub-core/disk/geli.c: Likewise.
	* grub-core/disk/i386/pc/biosdisk.c: Likewise.
	* grub-core/disk/luks.c: Likewise.
	* grub-core/disk/lvm.c: Likewise.
	* grub-core/font/font_cmd.c: Likewise.
	* grub-core/fs/zfs/zfscrypt.c: Likewise.
	* grub-core/fs/zfs/zfsinfo.c: Likewise.
	* grub-core/gfxmenu/view.c: Likewise.
	* grub-core/kern/emu/hostdisk.c: Likewise.
	* grub-core/kern/emu/main.c: Likewise.
	* grub-core/kern/emu/misc.c: Likewise.
	* grub-core/kern/emu/mm.c: Likewise.
	* grub-core/kern/mips/arc/init.c: Likewise.
	* grub-core/kern/mips/loongson/init.c: Likewise.
	* grub-core/kern/partition.c: Likewise.
	* grub-core/lib/i386/halt.c: Likewise.
	* grub-core/lib/mips/arc/reboot.c: Likewise.
	* grub-core/lib/mips/loongson/reboot.c: Likewise.
	* grub-core/loader/i386/pc/chainloader.c: Likewise.
	* grub-core/loader/i386/xnu.c: Likewise.
	* grub-core/loader/multiboot.c: Likewise.
	* grub-core/net/bootp.c: Likewise.
	* grub-core/net/net.c: Likewise.
	* grub-core/normal/term.c: Likewise.
	* grub-core/partmap/bsdlabel.c: Likewise.
	* grub-core/parttool/msdospart.c: Likewise.
	* grub-core/term/gfxterm.c: Likewise.
	* grub-core/term/terminfo.c: Likewise.
	* grub-core/video/i386/pc/vbe.c: Likewise.
	* util/grub-menulst2cfg.c: Likewise.
	* util/grub-mkdevicemap.c: Likewise.
	* util/grub-mklayout.c: Likewise.
	* util/grub-mkrelpath.c: Likewise.
	* util/grub-script-check.c: Likewise.
	* util/ieee1275/grub-ofpathname.c: Likewise.
	* util/resolve.c: Likewise.
 2011-11-11 21:44:56 +01:00
Szymon Janc
99cecb4fc7 merge trunk 2011-08-13 15:00:48 +02:00
Vladimir 'phcoder' Serbinenko
e745cf0ca6 Implement automatic module license checking according to new GNU 
guidelines.

	* grub-core/kern/dl.c (grub_dl_check_license): New function.
	(grub_dl_load_core): Use grub_dl_check_license.
	* include/grub/dl.h (GRUB_MOD_SECTION): New macro.
	(GRUB_MOD_LICENSE): Likewise.
	(GRUB_MOD_DUAL_LICENSE): Likewise.
	All modules updated.
 2011-04-11 23:01:51 +02:00
Szymon Janc
c5dc16905a Make enable of disk cache statistics code configurable. 
* configure.ac: --enable-cache-stats added.
	* config.h.in (DISK_CACHE_STATS): New define.
	* grub-core/Makefile.core.def (cacheinfo): New command.
	* include/grub/disk.h(grub_disk_cache_get_performance): New function.
	* grub-core/commands/cacheinfo.c: New file.
	* grub-core/commands/minicmd.c (grub_rescue_cmd_info): Updated and
	moved to cacheinfo.c.
	* grub-core/kern/disk.c: Use DISK_CACHE_STATS to disable disk cache
	debug code.
	* include/grub/disk.h: Likewise.
 2010-10-06 19:57:01 +02:00
Vladimir 'phcoder' Serbinenko
545b752f88 Remove deprecated root command. 
* grub-core/commands/minicmd.c (grub_mini_cmd_root): Removed. All users
	updated.
 2010-09-14 22:21:35 +02:00
Vladimir 'phcoder' Serbinenko
06f7011716 Reintroduce testload. 
* grub-core/commands/minicmd.c (grub_rescue_cmd_testload) [0]: Moved
	from here ...
	* grub-core/commands/testload.c (grub_cmd_testload): ... here.
	(GRUB_MOD_INIT): New function.
	(GRUB_MOD_FINI): Likewise.
	* grub-core/Makefile.core.def (testload): New module.
 2010-09-05 16:40:41 +02:00
BVK Chaitanya
297f0c2b6e merge with mainline 2010-07-13 00:43:28 +05:30
BVK Chaitanya
8c41176882 automake commit without merge history 2010-05-06 11:34:04 +05:30