diff --git a/Handle-non-continuous-data-blocks-in-directory-exten.patch b/Handle-non-continuous-data-blocks-in-directory-exten.patch new file mode 100644 index 0000000000000000000000000000000000000000..5381ee2a7881475c540b2dba8cae69641927db6d --- /dev/null +++ b/Handle-non-continuous-data-blocks-in-directory-exten.patch @@ -0,0 +1,57 @@ +From 68dd65cfdaad08b1f8ec01b84949b0bf88bc0d8c Mon Sep 17 00:00:00 2001 +From: Jon DeVree +Date: Sun, 11 Feb 2024 10:34:58 -0500 +Subject: [PATCH 0990/1000] fs/xfs: Handle non-continuous data blocks in + directory extents + +The directory extent list does not have to be a continuous list of data +blocks. When GRUB tries to read a non-existant member of the list, +grub_xfs_read_file() will return a block of zero'ed memory. Checking for +a zero'ed magic number is sufficient to skip this non-existant data block. + +Prior to commit 07318ee7e (fs/xfs: Fix XFS directory extent parsing) +this was handled as a subtle side effect of reading the (non-existant) +tail data structure. Since the block was zero'ed the computation of the +number of directory entries in the block would return 0 as well. + +Fixes: 07318ee7e (fs/xfs: Fix XFS directory extent parsing) +Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2254370 + +Signed-off-by: Jon DeVree +Reviewed-By: Vladimir Serbinenko +Reviewed-by: Daniel Kiper +--- + grub-core/fs/xfs.c | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/grub-core/fs/xfs.c b/grub-core/fs/xfs.c +index 1ce5fa4..2a22e26 100644 +--- a/grub-core/fs/xfs.c ++++ b/grub-core/fs/xfs.c +@@ -904,6 +904,7 @@ grub_xfs_iterate_dir (grub_fshelp_node_t dir, + + int entries = -1; + char *end = dirblock + dirblk_size; ++ grub_uint32_t magic; + + numread = grub_xfs_read_file (dir, 0, 0, + blk << dirblk_log2, +@@ -914,6 +915,15 @@ grub_xfs_iterate_dir (grub_fshelp_node_t dir, + return 0; + } + ++ /* ++ * If this data block isn't actually part of the extent list then ++ * grub_xfs_read_file() returns a block of zeros. So, if the magic ++ * number field is all zeros then this block should be skipped. ++ */ ++ magic = *(grub_uint32_t *)(void *) dirblock; ++ if (!magic) ++ continue; ++ + /* + * Leaf and tail information are only in the data block if the number + * of extents is 1. +-- +2.33.0 + diff --git a/grub.patches b/grub.patches index 97ff02778c2342aeeb4db466846eb243f0d55cac..76867b6faa8fbb8dbc1d87ce78eace936cb60686 100644 --- a/grub.patches +++ b/grub.patches @@ -227,3 +227,4 @@ Patch226: 0038-Add-grub-get-kernel-settings-and-use-it-in-10_linux.patch Patch227: 0084-grub-editenv-Add-incr-command-to-increment-integer-v.patch Patch228: 0002-Revert-templates-Properly-disable-the-os-prober-by-d.patch Patch229: 0003-Revert-templates-Disable-the-os-prober-by-default.patch +Patch230: Handle-non-continuous-data-blocks-in-directory-exten.patch diff --git a/grub2.spec b/grub2.spec index 96d5b6e6dcc93d503af47093ca61a46d33fb65a9..91cc87835091d934e5a1988c762cd7d30279b31f 100644 --- a/grub2.spec +++ b/grub2.spec @@ -14,7 +14,7 @@ Name: grub2 Epoch: 1 Version: 2.12 -Release: 9 +Release: 10 Summary: Bootloader with support for Linux, Multiboot and more License: GPLv3+ URL: http://www.gnu.org/software/grub/ @@ -447,6 +447,12 @@ fi %{_datadir}/man/man* %changelog +* Sat May 11 2024 xiaozai - 1:2.12-10 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:Handle non-continuous data blocks in directory extents + * Tue May 7 2024 zhangqiumiao - 1:2.12-9 - Type:bugfix - CVE:NA