From 0d6e07c4884a779c5110eefec5e44ae62d891462 Mon Sep 17 00:00:00 2001 From: t_feng Date: Sat, 27 Feb 2021 17:22:42 +0800 Subject: [PATCH] tftp-roll-over-block-counter-to-prevent-timeouts-with-data-packets (cherry picked from commit f5cae601cd2a45982d8c56c23480e98c597e6d9a) --- ...lock-counter-to-prevent-timeouts-wit.patch | 51 +++++++++++++++++++ grub.patches | 2 + grub2.spec | 9 +++- 3 files changed, 61 insertions(+), 1 deletion(-) create mode 100644 0250-tftp-roll-over-block-counter-to-prevent-timeouts-wit.patch diff --git a/0250-tftp-roll-over-block-counter-to-prevent-timeouts-wit.patch b/0250-tftp-roll-over-block-counter-to-prevent-timeouts-wit.patch new file mode 100644 index 0000000..e7b5c6e --- /dev/null +++ b/0250-tftp-roll-over-block-counter-to-prevent-timeouts-wit.patch @@ -0,0 +1,51 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Mon, 24 Aug 2020 14:46:27 +0200 +Subject: [PATCH] tftp: roll over block counter to prevent timeouts with data + packets + +The block number is a 16-bit counter which only allows to fetch +files no bigger than 65535 * blksize. To avoid this limit, the +counter is rolled over. This behavior isn't defined in RFC 1350 +but is handled by many TFTP servers and it's what GRUB was doing +before implicitly due an overflow. + +Fixing that bug led to TFTP timeouts, since GRUB wasn't acking +data packets anymore for files with size bigger than the maximum +mentioned above. Restore the old behavior to prevent this issue. + +Resolves: rhbz#1869335 + +Suggested-by: Peter Jones +Signed-off-by: Javier Martinez Canillas +--- + grub-core/net/tftp.c | 16 ++++++++++++++-- + 1 file changed, 14 insertions(+), 2 deletions(-) + +diff --git a/grub-core/net/tftp.c b/grub-core/net/tftp.c +index 22badd74316..acbb01c10e7 100644 +--- a/grub-core/net/tftp.c ++++ b/grub-core/net/tftp.c +@@ -183,8 +183,20 @@ tftp_receive (grub_net_udp_socket_t sock __attribute__ ((unused)), + return GRUB_ERR_NONE; + } + +- /* Ack old/retransmitted block. */ +- if (grub_be_to_cpu16 (tftph->u.data.block) < data->block + 1) ++ /* ++ * Ack old/retransmitted block. ++ * ++ * The block number is a 16-bit counter which only allows to fetch ++ * files no bigger than 65535 * blksize. To avoid this limit, the ++ * counter is rolled over. This behavior isn't defined in RFC 1350 ++ * but is handled by many TFTP servers and it's what GRUB was doing ++ * before implicitly due an overflow. ++ * ++ * Fixing that bug led to TFTP timeouts, since GRUB wasn't acking ++ * data packets anymore for files with size bigger than the maximum ++ * mentioned above. Restore the old behavior to prevent this issue. ++ */ ++ if (grub_be_to_cpu16 (tftph->u.data.block) < ((data->block + 1) & 0xffffu)) + ack (data, grub_be_to_cpu16 (tftph->u.data.block)); + /* Ignore unexpected block. */ + else if (grub_be_to_cpu16 (tftph->u.data.block) > data->block + 1) diff --git a/grub.patches b/grub.patches index e6cdc00..43501a6 100644 --- a/grub.patches +++ b/grub.patches @@ -246,3 +246,5 @@ Patch0245: 0245-efi-Fix-use-after-free-in-halt-reboot-path.patch Patch0246: 0246-loader-linux-Avoid-overflow-on-initrd-size-calculati.patch Patch0247: 0247-linux-Fix-integer-overflows-in-initrd-size-handling.patch Patch0248: 0248-linuxefi-fail-kernel-validation-without-shim-protoco.patch +Patch0249: 0249-remove-08_fallback_counting.in-apply-grubby.patch +Patch0250: 0250-tftp-roll-over-block-counter-to-prevent-timeouts-wit.patch diff --git a/grub2.spec b/grub2.spec index 681ed53..9f0d9e8 100644 --- a/grub2.spec +++ b/grub2.spec @@ -7,7 +7,7 @@ Name: grub2 Epoch: 1 Version: 2.04 -Release: 8 +Release: 9 Summary: Bootloader with support for Linux, Multiboot and more License: GPLv3+ URL: http://www.gnu.org/software/grub/ @@ -393,6 +393,13 @@ rm -r /boot/grub2.tmp/ || : %{_datadir}/man/man* %changelog +* Sat Feb 27 2021 fengtao - 2.04-9 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:tftp roll over block counter to prevent timeouts with + data packets + * Mon Feb 22 2021 zhangqiumiao - 2.04-8 - Type:bugfix - ID:NA -- Gitee