From a0cb264a4f5d772e435c23db53c7e7921abb3d42 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E8=82=96=E5=9C=A8?= <xiaozai@kylinos.cn>
Date: Wed, 23 Oct 2024 10:21:52 +0800
Subject: [PATCH] fix crash in get_part_uuid

---
 grub.patches                                  |  1 +
 ...mands-bli-Fix-crash-in-get_part_uuid.patch | 83 +++++++++++++++++++
 grub2.spec                                    |  8 +-
 3 files changed, 91 insertions(+), 1 deletion(-)
 create mode 100644 grub2-commands-bli-Fix-crash-in-get_part_uuid.patch

diff --git a/grub.patches b/grub.patches
index cdaa74b..905f0fa 100644
--- a/grub.patches
+++ b/grub.patches
@@ -240,3 +240,4 @@ Patch239:       0021-blscfg-add-blscfg-module-to-parse-Boot-Loader-Specif.patch
 Patch240:       0061-Add-BLS-support-to-grub-mkconfig.patch
 Patch241:       0064-Add-grub2-switch-to-blscfg.patch
 Patch242:       0001-newfeature-tpcm-add-hygon-tpcm-support.patch
+Patch243:       grub2-commands-bli-Fix-crash-in-get_part_uuid.patch
diff --git a/grub2-commands-bli-Fix-crash-in-get_part_uuid.patch b/grub2-commands-bli-Fix-crash-in-get_part_uuid.patch
new file mode 100644
index 0000000..67bfaa5
--- /dev/null
+++ b/grub2-commands-bli-Fix-crash-in-get_part_uuid.patch
@@ -0,0 +1,83 @@
+From 9537f4403dd836d5a8a1c4e57b165837fc7239cf Mon Sep 17 00:00:00 2001
+From: Michael Chang <mchang@suse.com>
+Date: Wed, 17 Jul 2024 14:46:46 +0800
+Subject: [PATCH 0970/1000] commands/bli: Fix crash in get_part_uuid()
+
+The get_part_uuid() function made an assumption that the target GRUB
+device is a partition device and accessed device->disk->partition
+without checking for NULL. There are four situations where this
+assumption is problematic:
+
+1. The device is a net device instead of a disk.
+2. The device is an abstraction device, like LVM, RAID, or CRYPTO, which
+   is mostly logical "disk" ((lvmid/<UUID>) and so on).
+3. Firmware RAID may present the ESP to GRUB as an EFI disk (hd0) device
+   if it is contained within a Linux software RAID.
+4. When booting from a CD-ROM, the ESP is a VFAT image indexed by the El
+   Torito boot catalog. The boot device is set to (cd0), corresponding
+   to the CD-ROM image mounted as an ISO 9660 filesystem.
+
+As a result, get_part_uuid() could lead to a NULL pointer dereference
+and trigger a synchronous exception during boot if the ESP falls into
+one of these categories. This patch fixes the problem by adding the
+necessary checks to handle cases where the ESP is not a partition device.
+
+Additionally, to avoid disrupting the boot process, this patch relaxes
+the severity of the errors in this context to non-critical. Errors will
+be logged, but they will not prevent the boot process from continuing.
+
+Fixes: e0fa7dc84 (bli: Add a module for the Boot Loader Interface)
+
+Signed-off-by: Michael Chang <mchang@suse.com>
+Reviewed-By: Oliver Steffen <osteffen@redhat.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+---
+ grub-core/commands/bli.c | 20 +++++++++++++++++++-
+ 1 file changed, 19 insertions(+), 1 deletion(-)
+
+diff --git a/grub-core/commands/bli.c b/grub-core/commands/bli.c
+index e0d8a54f7..298c5f70a 100644
+--- a/grub-core/commands/bli.c
++++ b/grub-core/commands/bli.c
+@@ -48,6 +48,22 @@ get_part_uuid (const char *device_name, char **part_uuid)
+   if (device == NULL)
+     return grub_error (grub_errno, N_("cannot open device: %s"), device_name);
+ 
++  if (device->disk == NULL)
++    {
++      grub_dprintf ("bli", "%s is not a disk device, partuuid skipped\n", device_name);
++      *part_uuid = NULL;
++      grub_device_close (device);
++      return GRUB_ERR_NONE;
++    }
++
++  if (device->disk->partition == NULL)
++    {
++      grub_dprintf ("bli", "%s has no partition, partuuid skipped\n", device_name);
++      *part_uuid = NULL;
++      grub_device_close (device);
++      return GRUB_ERR_NONE;
++    }
++
+   disk = grub_disk_open (device->disk->name);
+   if (disk == NULL)
+     {
+@@ -99,7 +115,7 @@ set_loader_device_part_uuid (void)
+ 
+   status = get_part_uuid (device_name, &part_uuid);
+ 
+-  if (status == GRUB_ERR_NONE)
++  if (status == GRUB_ERR_NONE && part_uuid)
+     status = grub_efi_set_variable_to_string ("LoaderDevicePartUUID", &bli_vendor_guid, part_uuid,
+ 					      GRUB_EFI_VARIABLE_BOOTSERVICE_ACCESS |
+ 					      GRUB_EFI_VARIABLE_RUNTIME_ACCESS);
+@@ -117,4 +133,6 @@ GRUB_MOD_INIT (bli)
+ 				   GRUB_EFI_VARIABLE_BOOTSERVICE_ACCESS |
+ 				   GRUB_EFI_VARIABLE_RUNTIME_ACCESS);
+   set_loader_device_part_uuid ();
++  /* No error here is critical, other than being logged */
++  grub_print_error ();
+ }
+-- 
+2.33.0
+
diff --git a/grub2.spec b/grub2.spec
index f324e08..aea0682 100644
--- a/grub2.spec
+++ b/grub2.spec
@@ -14,7 +14,7 @@
 Name:		grub2
 Epoch:		1
 Version:	2.12
-Release:	24
+Release:	25
 Summary:	Bootloader with support for Linux, Multiboot and more
 License:	GPLv3+
 URL:		http://www.gnu.org/software/grub/
@@ -456,6 +456,12 @@ fi
 %{_datadir}/man/man*
 
 %changelog
+* Wed Oct 23 2024 xiaozai <xiaozai@kylinos.cn> - 1:2.12-25
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:fix crash in get_part_uuid()
+
 * Fri Aug 2 2024 chench <chench@hygon.cn>  - 1:2.12-24
 - Type:requirement
 - CVE:NA
-- 
Gitee