From 23a4c6f1d0f09b4cf0727cad068d0d9df7a238f5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E8=82=96=E5=9C=A8?= Date: Sat, 11 May 2024 09:32:27 +0800 Subject: [PATCH 1/5] Handle non-continuous data blocks in directory extents The directory extent list does not have to be a continuous list of data blocks. When GRUB tries to read a non-existant member of the list, grub_xfs_read_file() will return a block of zero'ed memory. Checking for a zero'ed magic number is sufficient to skip this non-existant data block. (cherry picked from commit 242fa05f2412202b241bbea01dc2bd69214b2e33) --- ...nuous-data-blocks-in-directory-exten.patch | 41 +++++++++++++++++++ grub.patches | 1 + grub2.spec | 12 +++++- 3 files changed, 53 insertions(+), 1 deletion(-) create mode 100644 Handle-non-continuous-data-blocks-in-directory-exten.patch diff --git a/Handle-non-continuous-data-blocks-in-directory-exten.patch b/Handle-non-continuous-data-blocks-in-directory-exten.patch new file mode 100644 index 0000000..f2c5c5c --- /dev/null +++ b/Handle-non-continuous-data-blocks-in-directory-exten.patch @@ -0,0 +1,41 @@ +From edb3f9c9b1fd510775332e6788dc1a4d4af68666 Mon Sep 17 00:00:00 2001 +From: openEuler Buildteam +Date: Sat, 11 May 2024 09:22:03 +0800 +Subject: [PATCH] Handle non-continuous data blocks in directory extents + +--- + grub-core/fs/xfs.c | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +diff --git a/grub-core/fs/xfs.c b/grub-core/fs/xfs.c +index 1ce5fa4..ed52586 100644 +--- a/grub-core/fs/xfs.c ++++ b/grub-core/fs/xfs.c +@@ -904,6 +904,7 @@ grub_xfs_iterate_dir (grub_fshelp_node_t dir, + + int entries = -1; + char *end = dirblock + dirblk_size; ++ grub_uint32_t magic; + + numread = grub_xfs_read_file (dir, 0, 0, + blk << dirblk_log2, +@@ -914,6 +915,16 @@ grub_xfs_iterate_dir (grub_fshelp_node_t dir, + return 0; + } + ++ /* ++ * If this data block isn't actually part of the extent list then ++ * grub_xfs_read_file() returns a block of zeros. So, if the magic ++ * number field is all zeros then this block should be skipped. ++ */ ++ magic = *(grub_uint32_t *)(void *) dirblock; ++ if (!magic) ++ continue; ++ ++ + /* + * Leaf and tail information are only in the data block if the number + * of extents is 1. +-- +2.33.0 + diff --git a/grub.patches b/grub.patches index 97ff027..76867b6 100644 --- a/grub.patches +++ b/grub.patches @@ -227,3 +227,4 @@ Patch226: 0038-Add-grub-get-kernel-settings-and-use-it-in-10_linux.patch Patch227: 0084-grub-editenv-Add-incr-command-to-increment-integer-v.patch Patch228: 0002-Revert-templates-Properly-disable-the-os-prober-by-d.patch Patch229: 0003-Revert-templates-Disable-the-os-prober-by-default.patch +Patch230: Handle-non-continuous-data-blocks-in-directory-exten.patch diff --git a/grub2.spec b/grub2.spec index 96d5b6e..2fc2879 100644 --- a/grub2.spec +++ b/grub2.spec @@ -14,7 +14,7 @@ Name: grub2 Epoch: 1 Version: 2.12 -Release: 9 +Release: 10 Summary: Bootloader with support for Linux, Multiboot and more License: GPLv3+ URL: http://www.gnu.org/software/grub/ @@ -447,6 +447,16 @@ fi %{_datadir}/man/man* %changelog +* Sat May 11 2024 xiaozai - 1:2.12-10 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:Handle non-continuous data blocks in directory extents + The directory extent list does not have to be a continuous list of data + blocks. When GRUB tries to read a non-existant member of the list, + grub_xfs_read_file() will return a block of zero'ed memory. Checking for + a zero'ed magic number is sufficient to skip this non-existant data block. + * Tue May 7 2024 zhangqiumiao - 1:2.12-9 - Type:bugfix - CVE:NA -- Gitee From a2b94147abe15926d3cc995dd6908047ea57046f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E8=82=96=E5=9C=A8?= Date: Sat, 11 May 2024 01:46:46 +0000 Subject: [PATCH 2/5] Revert " Handle non-continuous data blocks in" This reverts commit 242fa05f2412202b241bbea01dc2bd69214b2e33. (cherry picked from commit fd1e9fdd653fbd874133cbfd0a7885bd1fb2916f) --- ...nuous-data-blocks-in-directory-exten.patch | 41 ------------------- grub.patches | 1 - grub2.spec | 12 +----- 3 files changed, 1 insertion(+), 53 deletions(-) delete mode 100644 Handle-non-continuous-data-blocks-in-directory-exten.patch diff --git a/Handle-non-continuous-data-blocks-in-directory-exten.patch b/Handle-non-continuous-data-blocks-in-directory-exten.patch deleted file mode 100644 index f2c5c5c..0000000 --- a/Handle-non-continuous-data-blocks-in-directory-exten.patch +++ /dev/null @@ -1,41 +0,0 @@ -From edb3f9c9b1fd510775332e6788dc1a4d4af68666 Mon Sep 17 00:00:00 2001 -From: openEuler Buildteam -Date: Sat, 11 May 2024 09:22:03 +0800 -Subject: [PATCH] Handle non-continuous data blocks in directory extents - ---- - grub-core/fs/xfs.c | 11 +++++++++++ - 1 file changed, 11 insertions(+) - -diff --git a/grub-core/fs/xfs.c b/grub-core/fs/xfs.c -index 1ce5fa4..ed52586 100644 ---- a/grub-core/fs/xfs.c -+++ b/grub-core/fs/xfs.c -@@ -904,6 +904,7 @@ grub_xfs_iterate_dir (grub_fshelp_node_t dir, - - int entries = -1; - char *end = dirblock + dirblk_size; -+ grub_uint32_t magic; - - numread = grub_xfs_read_file (dir, 0, 0, - blk << dirblk_log2, -@@ -914,6 +915,16 @@ grub_xfs_iterate_dir (grub_fshelp_node_t dir, - return 0; - } - -+ /* -+ * If this data block isn't actually part of the extent list then -+ * grub_xfs_read_file() returns a block of zeros. So, if the magic -+ * number field is all zeros then this block should be skipped. -+ */ -+ magic = *(grub_uint32_t *)(void *) dirblock; -+ if (!magic) -+ continue; -+ -+ - /* - * Leaf and tail information are only in the data block if the number - * of extents is 1. --- -2.33.0 - diff --git a/grub.patches b/grub.patches index 76867b6..97ff027 100644 --- a/grub.patches +++ b/grub.patches @@ -227,4 +227,3 @@ Patch226: 0038-Add-grub-get-kernel-settings-and-use-it-in-10_linux.patch Patch227: 0084-grub-editenv-Add-incr-command-to-increment-integer-v.patch Patch228: 0002-Revert-templates-Properly-disable-the-os-prober-by-d.patch Patch229: 0003-Revert-templates-Disable-the-os-prober-by-default.patch -Patch230: Handle-non-continuous-data-blocks-in-directory-exten.patch diff --git a/grub2.spec b/grub2.spec index 2fc2879..96d5b6e 100644 --- a/grub2.spec +++ b/grub2.spec @@ -14,7 +14,7 @@ Name: grub2 Epoch: 1 Version: 2.12 -Release: 10 +Release: 9 Summary: Bootloader with support for Linux, Multiboot and more License: GPLv3+ URL: http://www.gnu.org/software/grub/ @@ -447,16 +447,6 @@ fi %{_datadir}/man/man* %changelog -* Sat May 11 2024 xiaozai - 1:2.12-10 -- Type:bugfix -- CVE:NA -- SUG:NA -- DESC:Handle non-continuous data blocks in directory extents - The directory extent list does not have to be a continuous list of data - blocks. When GRUB tries to read a non-existant member of the list, - grub_xfs_read_file() will return a block of zero'ed memory. Checking for - a zero'ed magic number is sufficient to skip this non-existant data block. - * Tue May 7 2024 zhangqiumiao - 1:2.12-9 - Type:bugfix - CVE:NA -- Gitee From 10587ba6bfe736db82356d911c53a68553f8ba7e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E8=82=96=E5=9C=A8?= Date: Sat, 11 May 2024 10:06:01 +0800 Subject: [PATCH 3/5] Handle non-continuous data blocks in directory extents The directory extent list does not have to be a continuous list of data blocks. When GRUB tries to read a non-existant member of the list, grub_xfs_read_file() will return a block of zero'ed memory. Checking for a zero'ed magic number is sufficient to skip this non-existant data block. Prior to commit 07318ee7e (fs/xfs: Fix XFS directory extent parsing) this was handled as a subtle side effect of reading the (non-existant) tail data structure. Since the block was zero'ed the computation of the number of directory entries in the block would return 0 as well. (cherry picked from commit e0cd43f8a5486debeba17349abbb088001164d70) --- ...nuous-data-blocks-in-directory-exten.patch | 49 +++++++++++++++++++ grub.patches | 1 + grub2.spec | 12 ++++- 3 files changed, 61 insertions(+), 1 deletion(-) create mode 100644 Handle-non-continuous-data-blocks-in-directory-exten.patch diff --git a/Handle-non-continuous-data-blocks-in-directory-exten.patch b/Handle-non-continuous-data-blocks-in-directory-exten.patch new file mode 100644 index 0000000..20162aa --- /dev/null +++ b/Handle-non-continuous-data-blocks-in-directory-exten.patch @@ -0,0 +1,49 @@ +From 426d43bdf15e3e65c9b2cc80aa4b416750c643c3 Mon Sep 17 00:00:00 2001 +From: openEuler Buildteam +Date: Sat, 11 May 2024 10:00:32 +0800 +Subject: [PATCH] Handle non-continuous data blocks in directory extents + +The directory extent list does not have to be a continuous list of data +blocks. When GRUB tries to read a non-existant member of the list, +grub_xfs_read_file() will return a block of zero'ed memory. Checking for +a zero'ed magic number is sufficient to skip this non-existant data block. + +Prior to commit 07318ee7e (fs/xfs: Fix XFS directory extent parsing) +this was handled as a subtle side effect of reading the (non-existant) +tail data structure. Since the block was zero'ed the computation of the +number of directory entries in the block would return 0 as well. +--- + grub-core/fs/xfs.c | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/grub-core/fs/xfs.c b/grub-core/fs/xfs.c +index 1ce5fa4..2a22e26 100644 +--- a/grub-core/fs/xfs.c ++++ b/grub-core/fs/xfs.c +@@ -904,6 +904,7 @@ grub_xfs_iterate_dir (grub_fshelp_node_t dir, + + int entries = -1; + char *end = dirblock + dirblk_size; ++ grub_uint32_t magic; + + numread = grub_xfs_read_file (dir, 0, 0, + blk << dirblk_log2, +@@ -914,6 +915,15 @@ grub_xfs_iterate_dir (grub_fshelp_node_t dir, + return 0; + } + ++ /* ++ * If this data block isn't actually part of the extent list then ++ * grub_xfs_read_file() returns a block of zeros. So, if the magic ++ * number field is all zeros then this block should be skipped. ++ */ ++ magic = *(grub_uint32_t *)(void *) dirblock; ++ if (!magic) ++ continue; ++ + /* + * Leaf and tail information are only in the data block if the number + * of extents is 1. +-- +2.33.0 + diff --git a/grub.patches b/grub.patches index 97ff027..76867b6 100644 --- a/grub.patches +++ b/grub.patches @@ -227,3 +227,4 @@ Patch226: 0038-Add-grub-get-kernel-settings-and-use-it-in-10_linux.patch Patch227: 0084-grub-editenv-Add-incr-command-to-increment-integer-v.patch Patch228: 0002-Revert-templates-Properly-disable-the-os-prober-by-d.patch Patch229: 0003-Revert-templates-Disable-the-os-prober-by-default.patch +Patch230: Handle-non-continuous-data-blocks-in-directory-exten.patch diff --git a/grub2.spec b/grub2.spec index 96d5b6e..2fc2879 100644 --- a/grub2.spec +++ b/grub2.spec @@ -14,7 +14,7 @@ Name: grub2 Epoch: 1 Version: 2.12 -Release: 9 +Release: 10 Summary: Bootloader with support for Linux, Multiboot and more License: GPLv3+ URL: http://www.gnu.org/software/grub/ @@ -447,6 +447,16 @@ fi %{_datadir}/man/man* %changelog +* Sat May 11 2024 xiaozai - 1:2.12-10 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:Handle non-continuous data blocks in directory extents + The directory extent list does not have to be a continuous list of data + blocks. When GRUB tries to read a non-existant member of the list, + grub_xfs_read_file() will return a block of zero'ed memory. Checking for + a zero'ed magic number is sufficient to skip this non-existant data block. + * Tue May 7 2024 zhangqiumiao - 1:2.12-9 - Type:bugfix - CVE:NA -- Gitee From 3e8531a1a59712131c01daff9bacbf86d79cfd16 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E8=82=96=E5=9C=A8?= Date: Sat, 11 May 2024 03:26:36 +0000 Subject: [PATCH 4/5] Revert "Handle non-continuous data blocks in" This reverts commit e0cd43f8a5486debeba17349abbb088001164d70. (cherry picked from commit 88a9257d4914cb2aca40f3b0494a0dcb8927482d) --- ...nuous-data-blocks-in-directory-exten.patch | 49 ------------------- grub.patches | 1 - grub2.spec | 12 +---- 3 files changed, 1 insertion(+), 61 deletions(-) delete mode 100644 Handle-non-continuous-data-blocks-in-directory-exten.patch diff --git a/Handle-non-continuous-data-blocks-in-directory-exten.patch b/Handle-non-continuous-data-blocks-in-directory-exten.patch deleted file mode 100644 index 20162aa..0000000 --- a/Handle-non-continuous-data-blocks-in-directory-exten.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 426d43bdf15e3e65c9b2cc80aa4b416750c643c3 Mon Sep 17 00:00:00 2001 -From: openEuler Buildteam -Date: Sat, 11 May 2024 10:00:32 +0800 -Subject: [PATCH] Handle non-continuous data blocks in directory extents - -The directory extent list does not have to be a continuous list of data -blocks. When GRUB tries to read a non-existant member of the list, -grub_xfs_read_file() will return a block of zero'ed memory. Checking for -a zero'ed magic number is sufficient to skip this non-existant data block. - -Prior to commit 07318ee7e (fs/xfs: Fix XFS directory extent parsing) -this was handled as a subtle side effect of reading the (non-existant) -tail data structure. Since the block was zero'ed the computation of the -number of directory entries in the block would return 0 as well. ---- - grub-core/fs/xfs.c | 10 ++++++++++ - 1 file changed, 10 insertions(+) - -diff --git a/grub-core/fs/xfs.c b/grub-core/fs/xfs.c -index 1ce5fa4..2a22e26 100644 ---- a/grub-core/fs/xfs.c -+++ b/grub-core/fs/xfs.c -@@ -904,6 +904,7 @@ grub_xfs_iterate_dir (grub_fshelp_node_t dir, - - int entries = -1; - char *end = dirblock + dirblk_size; -+ grub_uint32_t magic; - - numread = grub_xfs_read_file (dir, 0, 0, - blk << dirblk_log2, -@@ -914,6 +915,15 @@ grub_xfs_iterate_dir (grub_fshelp_node_t dir, - return 0; - } - -+ /* -+ * If this data block isn't actually part of the extent list then -+ * grub_xfs_read_file() returns a block of zeros. So, if the magic -+ * number field is all zeros then this block should be skipped. -+ */ -+ magic = *(grub_uint32_t *)(void *) dirblock; -+ if (!magic) -+ continue; -+ - /* - * Leaf and tail information are only in the data block if the number - * of extents is 1. --- -2.33.0 - diff --git a/grub.patches b/grub.patches index 76867b6..97ff027 100644 --- a/grub.patches +++ b/grub.patches @@ -227,4 +227,3 @@ Patch226: 0038-Add-grub-get-kernel-settings-and-use-it-in-10_linux.patch Patch227: 0084-grub-editenv-Add-incr-command-to-increment-integer-v.patch Patch228: 0002-Revert-templates-Properly-disable-the-os-prober-by-d.patch Patch229: 0003-Revert-templates-Disable-the-os-prober-by-default.patch -Patch230: Handle-non-continuous-data-blocks-in-directory-exten.patch diff --git a/grub2.spec b/grub2.spec index 2fc2879..96d5b6e 100644 --- a/grub2.spec +++ b/grub2.spec @@ -14,7 +14,7 @@ Name: grub2 Epoch: 1 Version: 2.12 -Release: 10 +Release: 9 Summary: Bootloader with support for Linux, Multiboot and more License: GPLv3+ URL: http://www.gnu.org/software/grub/ @@ -447,16 +447,6 @@ fi %{_datadir}/man/man* %changelog -* Sat May 11 2024 xiaozai - 1:2.12-10 -- Type:bugfix -- CVE:NA -- SUG:NA -- DESC:Handle non-continuous data blocks in directory extents - The directory extent list does not have to be a continuous list of data - blocks. When GRUB tries to read a non-existant member of the list, - grub_xfs_read_file() will return a block of zero'ed memory. Checking for - a zero'ed magic number is sufficient to skip this non-existant data block. - * Tue May 7 2024 zhangqiumiao - 1:2.12-9 - Type:bugfix - CVE:NA -- Gitee From 15ec184dc904b9f1f07704932ac7918772a8fef5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E8=82=96=E5=9C=A8?= Date: Sat, 11 May 2024 11:33:07 +0800 Subject: [PATCH 5/5] Handle non-continuous data blocks in directory extents (cherry picked from commit eaccc141e1795ac3b376afe158a54a6f52fc6b62) --- ...nuous-data-blocks-in-directory-exten.patch | 57 +++++++++++++++++++ grub.patches | 1 + grub2.spec | 8 ++- 3 files changed, 65 insertions(+), 1 deletion(-) create mode 100644 Handle-non-continuous-data-blocks-in-directory-exten.patch diff --git a/Handle-non-continuous-data-blocks-in-directory-exten.patch b/Handle-non-continuous-data-blocks-in-directory-exten.patch new file mode 100644 index 0000000..5381ee2 --- /dev/null +++ b/Handle-non-continuous-data-blocks-in-directory-exten.patch @@ -0,0 +1,57 @@ +From 68dd65cfdaad08b1f8ec01b84949b0bf88bc0d8c Mon Sep 17 00:00:00 2001 +From: Jon DeVree +Date: Sun, 11 Feb 2024 10:34:58 -0500 +Subject: [PATCH 0990/1000] fs/xfs: Handle non-continuous data blocks in + directory extents + +The directory extent list does not have to be a continuous list of data +blocks. When GRUB tries to read a non-existant member of the list, +grub_xfs_read_file() will return a block of zero'ed memory. Checking for +a zero'ed magic number is sufficient to skip this non-existant data block. + +Prior to commit 07318ee7e (fs/xfs: Fix XFS directory extent parsing) +this was handled as a subtle side effect of reading the (non-existant) +tail data structure. Since the block was zero'ed the computation of the +number of directory entries in the block would return 0 as well. + +Fixes: 07318ee7e (fs/xfs: Fix XFS directory extent parsing) +Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2254370 + +Signed-off-by: Jon DeVree +Reviewed-By: Vladimir Serbinenko +Reviewed-by: Daniel Kiper +--- + grub-core/fs/xfs.c | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/grub-core/fs/xfs.c b/grub-core/fs/xfs.c +index 1ce5fa4..2a22e26 100644 +--- a/grub-core/fs/xfs.c ++++ b/grub-core/fs/xfs.c +@@ -904,6 +904,7 @@ grub_xfs_iterate_dir (grub_fshelp_node_t dir, + + int entries = -1; + char *end = dirblock + dirblk_size; ++ grub_uint32_t magic; + + numread = grub_xfs_read_file (dir, 0, 0, + blk << dirblk_log2, +@@ -914,6 +915,15 @@ grub_xfs_iterate_dir (grub_fshelp_node_t dir, + return 0; + } + ++ /* ++ * If this data block isn't actually part of the extent list then ++ * grub_xfs_read_file() returns a block of zeros. So, if the magic ++ * number field is all zeros then this block should be skipped. ++ */ ++ magic = *(grub_uint32_t *)(void *) dirblock; ++ if (!magic) ++ continue; ++ + /* + * Leaf and tail information are only in the data block if the number + * of extents is 1. +-- +2.33.0 + diff --git a/grub.patches b/grub.patches index 97ff027..76867b6 100644 --- a/grub.patches +++ b/grub.patches @@ -227,3 +227,4 @@ Patch226: 0038-Add-grub-get-kernel-settings-and-use-it-in-10_linux.patch Patch227: 0084-grub-editenv-Add-incr-command-to-increment-integer-v.patch Patch228: 0002-Revert-templates-Properly-disable-the-os-prober-by-d.patch Patch229: 0003-Revert-templates-Disable-the-os-prober-by-default.patch +Patch230: Handle-non-continuous-data-blocks-in-directory-exten.patch diff --git a/grub2.spec b/grub2.spec index 96d5b6e..91cc878 100644 --- a/grub2.spec +++ b/grub2.spec @@ -14,7 +14,7 @@ Name: grub2 Epoch: 1 Version: 2.12 -Release: 9 +Release: 10 Summary: Bootloader with support for Linux, Multiboot and more License: GPLv3+ URL: http://www.gnu.org/software/grub/ @@ -447,6 +447,12 @@ fi %{_datadir}/man/man* %changelog +* Sat May 11 2024 xiaozai - 1:2.12-10 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:Handle non-continuous data blocks in directory extents + * Tue May 7 2024 zhangqiumiao - 1:2.12-9 - Type:bugfix - CVE:NA -- Gitee