Verified Commit 4df3abdf authored by Sherif Nagy's avatar Sherif Nagy
Browse files

Adding more patches based on review board feedback...

Adding more patches based on review board feedback https://github.com/rhboot/shim-review/issues/194#issuecomment-894187000 and cherry pick 15.4..4583db41ea58195956d4cdf97c43a195939f906b
parent 48649287
......@@ -59,7 +59,67 @@ add {
}
add {
file: "ROCKY/_supporting/365.patch"
file: "ROCKY/_supporting/0011-.gitignore-ignore-.gdb-not-just-.gdbinit.patch"
}
add {
file: "ROCKY/_supporting/0012-shim-rename-pause-to-wait_for_debug.patch"
}
add {
file: "ROCKY/_supporting/0013-test.h-make-some-of-the-asserts-a-little-more-friend.patch"
}
add {
file: "ROCKY/_supporting/0014-test.h-add-some-decls-for-some-of-the-stuff-in-efili.patch"
}
add {
file: "ROCKY/_supporting/0015-test.c-Conditionally-do-not-declare-stuff-that-s-in-.patch"
}
add {
file: "ROCKY/_supporting/0016-Make-test-cases-link-against-libefi.a.patch"
}
add {
file: "ROCKY/_supporting/0017-test.c-add-some-simple-mock-functions-for-BS-Allocat.patch"
}
add {
file: "ROCKY/_supporting/0018-test.h-add-assert_not_equal_.patch"
}
add {
file: "ROCKY/_supporting/0019-test-Add-a-basic-traceback-printer.patch"
}
add {
file: "ROCKY/_supporting/0020-shim-move-the-bulk-of-set_second_stage-to-its-own-fi.patch"
}
add {
file: "ROCKY/_supporting/0021-Add-a-tester-for-parse_load_options.patch"
}
add {
file: "ROCKY/_supporting/0022-shim-don-t-fail-on-the-odd-LoadOptions-length.patch"
}
add {
file: "ROCKY/_supporting/0023-arm-aa64-fix-the-size-of-.rela-sections.patch"
}
add {
file: "ROCKY/_supporting/0024-mok-fix-potential-buffer-overrun-in-import_mok_state.patch"
}
add {
file: "ROCKY/_supporting/0025-mok-relax-the-maximum-variable-size-check.patch"
}
add {
file: "ROCKY/_supporting/0026-Don-t-unhook-ExitBootServices-when-EBS-protection-is.patch"
}
add {
......@@ -167,7 +227,97 @@ spec_change {
}
file {
name: "365.patch"
name: "0011-.gitignore-ignore-.gdb-not-just-.gdbinit.patch"
type: Patch
add: true
}
file {
name: "0012-shim-rename-pause-to-wait_for_debug.patch"
type: Patch
add: true
}
file {
name: "0013-test.h-make-some-of-the-asserts-a-little-more-friend.patch"
type: Patch
add: true
}
file {
name: "0014-test.h-add-some-decls-for-some-of-the-stuff-in-efili.patch"
type: Patch
add: true
}
file {
name: "0015-test.c-Conditionally-do-not-declare-stuff-that-s-in-.patch"
type: Patch
add: true
}
file {
name: "0016-Make-test-cases-link-against-libefi.a.patch"
type: Patch
add: true
}
file {
name: "0017-test.c-add-some-simple-mock-functions-for-BS-Allocat.patch"
type: Patch
add: true
}
file {
name: "0018-test.h-add-assert_not_equal_.patch"
type: Patch
add: true
}
file {
name: "0019-test-Add-a-basic-traceback-printer.patch"
type: Patch
add: true
}
file {
name: "0020-shim-move-the-bulk-of-set_second_stage-to-its-own-fi.patch"
type: Patch
add: true
}
file {
name: "0021-Add-a-tester-for-parse_load_options.patch"
type: Patch
add: true
}
file {
name: "0022-shim-don-t-fail-on-the-odd-LoadOptions-length.patch"
type: Patch
add: true
}
file {
name: "0023-arm-aa64-fix-the-size-of-.rela-sections.patch"
type: Patch
add: true
}
file {
name: "0024-mok-fix-potential-buffer-overrun-in-import_mok_state.patch"
type: Patch
add: true
}
file {
name: "0025-mok-relax-the-maximum-variable-size-check.patch"
type: Patch
add: true
}
file {
name: "0026-Don-t-unhook-ExitBootServices-when-EBS-protection-is.patch"
type: Patch
add: true
}
......@@ -177,6 +327,7 @@ spec_change {
type: Patch
add: true
}
file {
name: "PR393-2.patch"
type: Patch
......@@ -216,7 +367,7 @@ spec_change {
changelog {
author_name: "Sherif Nagy"
author_email: "sherif@rockylinux.org"
message: "Adding more patches based on review board feedback https://github.com/rhboot/shim-review/issues/194#issuecomment-894187000"
message: "Adding more patches based on review board feedback https://github.com/rhboot/shim-review/issues/194#issuecomment-894187000 and cherry-pick patches for shim-reivew git 15.4..4583db41ea58195956d4cdf97c43a195939f906b"
}
changelog {
......
From 822d07ad4f07ef66fe447a130e1027c88d02a394 Mon Sep 17 00:00:00 2001
From: Adam Williamson <awilliam@redhat.com>
Date: Thu, 8 Apr 2021 22:39:02 -0700
Subject: [PATCH 01/10] Fix handling of ignore_db and user_insecure_mode
Subject: [PATCH 01/26] Fix handling of ignore_db and user_insecure_mode
In 65be350308783a8ef537246c8ad0545b4e6ad069, import_mok_state() is split
up into a function that manages the whole mok state, and one that
......
From a0f701501f73a0aabd1ef8d568183d05611b0a52 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Wed, 31 Mar 2021 09:44:53 -0400
Subject: [PATCH 02/10] shim-15.4 branch: update .gitmodules to point at
Subject: [PATCH 02/26] shim-15.4 branch: update .gitmodules to point at
shim-15.4 in gnu-efi
This is purely superficial, as the commit points at the shim-15.4 branch
......
From 5b3ca0d2f7b5f425ba1a14db8ce98b8d95a2f89f Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Wed, 31 Mar 2021 14:54:52 -0400
Subject: [PATCH 03/10] Fix a broken file header on ia32
Subject: [PATCH 03/26] Fix a broken file header on ia32
Commit c6281c6a195edee61185 needs to have included a ". = ALIGN(4096)"
directive before .reloc, but fails to do so.
......
From 4068fd42c891ea6ebdec056f461babc6e4048844 Mon Sep 17 00:00:00 2001
From: Gary Lin <glin@suse.com>
Date: Thu, 8 Apr 2021 16:23:03 +0800
Subject: [PATCH 04/10] mok: allocate MOK config table as BootServicesData
Subject: [PATCH 04/26] mok: allocate MOK config table as BootServicesData
Linux kernel is picky when reserving the memory for x86 and it only
expects BootServicesData:
......
From 493bd940e5c6e28e673034687de7adef9529efff Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Sat, 10 Apr 2021 16:05:23 -0400
Subject: [PATCH 05/10] Don't call QueryVariableInfo() on EFI 1.10 machines
Subject: [PATCH 05/26] Don't call QueryVariableInfo() on EFI 1.10 machines
The EFI 1.10 spec (and presumably earlier revisions as well) didn't have
RT->QueryVariableInfo(), and on Chris Murphy's MacBookPro8,2 , that
......
From 05875f3aed1c90fe071c66de05744ca2bcbc2b9e Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Thu, 13 May 2021 20:42:18 -0400
Subject: [PATCH 06/10] Post-process our PE to be sure.
Subject: [PATCH 06/26] Post-process our PE to be sure.
On some versions of binutils[0], including binutils-2.23.52.0.1-55.el7,
do not correctly initialize the data when computing the PE optional
......
From 9f973e4e95b1136b8c98051dbbdb1773072cc998 Mon Sep 17 00:00:00 2001
From: Gary Lin <glin@suse.com>
Date: Tue, 11 May 2021 10:41:43 +0800
Subject: [PATCH 07/10] Relax the check for import_mok_state()
Subject: [PATCH 07/26] Relax the check for import_mok_state()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
......
From 9a8a6cdb5e862648ee663eee6124bed05208639a Mon Sep 17 00:00:00 2001
From: Serge Hallyn <serge@hallyn.com>
Date: Wed, 14 Jul 2021 07:49:34 -0500
Subject: [PATCH 08/10] SBAT.md: trivial fixes
Subject: [PATCH 08/26] SBAT.md: trivial fixes
1. Use : instead of , to separate a list.
2. Fix spelling of therefore.
......
From 0f40cb0d08798ed7557887958b382a42253c715d Mon Sep 17 00:00:00 2001
From: Serge Hallyn <serge@hallyn.com>
Date: Wed, 14 Jul 2021 08:01:48 -0500
Subject: [PATCH 09/10] SBAT.md: fix "will should"
Subject: [PATCH 09/26] SBAT.md: fix "will should"
Use the stronger "will" rather than "will should". I'm not sure based on
what's there, but suspect "must" would be appropriate instead?
......
From 4d64389c6c941d21548b06423b8131c872e3c3c7 Mon Sep 17 00:00:00 2001
From: Chris Coulson <chris.coulson@canonical.com>
Date: Mon, 7 Jun 2021 16:34:18 +0100
Subject: [PATCH 10/10] shim: another attempt to fix load options handling
Subject: [PATCH 10/26] shim: another attempt to fix load options handling
The load options handling is quite complicated and tries to accomodate
several scenarios, but there are currently multiple issues:
......
From 352a741bc5fa9a71776d56750f51d80f9f2e808f Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Fri, 2 Jul 2021 14:37:04 -0400
Subject: [PATCH 11/26] .gitignore: ignore .gdb*, not just .gdbinit
Signed-off-by: Peter Jones <pjones@redhat.com>
---
.gitignore | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.gitignore b/.gitignore
index d37fcd6..2a4598b 100644
--- a/.gitignore
+++ b/.gitignore
@@ -14,7 +14,7 @@ Make.local
*.efi.debug
*.efi.signed
*.esl
-*.gdbinit
+*.gdb*
*.hash
*.key
*.key
--
2.32.0
From 3ecfa301f4a8c4c2168f95f27d0313f4158ab53d Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Fri, 2 Jul 2021 13:11:59 -0400
Subject: [PATCH 12/26] shim: rename pause() to wait_for_debug()
pause() is a posix function, and having it named the same as this makes
it hard to include the asm.h header in some test cases.
Signed-off-by: Peter Jones <pjones@redhat.com>
---
include/asm.h | 6 +++---
shim.c | 2 +-
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/include/asm.h b/include/asm.h
index 8458d5d..03b0655 100644
--- a/include/asm.h
+++ b/include/asm.h
@@ -26,17 +26,17 @@ static inline uint64_t read_counter(void)
}
#if defined(__x86_64__) || defined(__i386__) || defined(__i686__)
-static inline void pause(void)
+static inline void wait_for_debug(void)
{
__asm__ __volatile__("pause");
}
#elif defined(__aarch64__)
-static inline void pause(void)
+static inline void wait_for_debug(void)
{
__asm__ __volatile__("wfi");
}
#else
-static inline void pause(void)
+static inline void wait_for_debug(void)
{
uint64_t a, b;
int x;
diff --git a/shim.c b/shim.c
index ecf6ee5..2ae6024 100644
--- a/shim.c
+++ b/shim.c
@@ -1817,7 +1817,7 @@ debug_hook(void)
if (x > 12000)
break;
#endif
- pause();
+ wait_for_debug();
}
x = 1;
}
--
2.32.0
From 32697356c6a99a53bf0027ceb3e348278799b9ef Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Fri, 2 Jul 2021 13:10:38 -0400
Subject: [PATCH 13/26] test.h: make some of the asserts a little more friendly
to pointer types.
Signed-off-by: Peter Jones <pjones@redhat.com>
---
include/test.h | 87 ++++++++++++++++++++++++++------------------------
1 file changed, 45 insertions(+), 42 deletions(-)
diff --git a/include/test.h b/include/test.h
index 012ffc5..1d9c7be 100644
--- a/include/test.h
+++ b/include/test.h
@@ -63,24 +63,24 @@ extern int debug;
assert(cond); \
})
-#define assert_true_as_expr(a, status, fmt, ...) \
- ({ \
- int rc_ = 0; \
- if (!(a)) { \
- printf("%s:%d:got %lld, expected nonzero " fmt, \
- __func__, __LINE__, (long long)(a), \
- ##__VA_ARGS__); \
- printf("%s:%d:Assertion `%s' failed.\n", __func__, \
- __LINE__, __stringify(!(a))); \
- rc_ = status; \
- } \
- rc_; \
+#define assert_true_as_expr(a, status, fmt, ...) \
+ ({ \
+ __typeof__(status) rc_ = 0; \
+ if (!(a)) { \
+ printf("%s:%d:got %lld, expected nonzero " fmt, \
+ __func__, __LINE__, (long long)(uintptr_t)(a), \
+ ##__VA_ARGS__); \
+ printf("%s:%d:Assertion `%s' failed.\n", __func__, \
+ __LINE__, __stringify(!(a))); \
+ rc_ = status; \
+ } \
+ rc_; \
})
#define assert_nonzero_as_expr(a, ...) assert_true_as_expr(a, ##__VA_ARGS__)
#define assert_false_as_expr(a, status, fmt, ...) \
({ \
- int rc_ = 0; \
+ __typeof__(status) rc_ = (__typeof__(status))0; \
if (a) { \
printf("%s:%d:got %lld, expected zero " fmt, __func__, \
__LINE__, (long long)(a), ##__VA_ARGS__); \
@@ -94,7 +94,7 @@ extern int debug;
#define assert_positive_as_expr(a, status, fmt, ...) \
({ \
- int rc_ = 0; \
+ __typeof__(status) rc_ = (__typeof__(status))0; \
if ((a) <= 0) { \
printf("%s:%d:got %lld, expected > 0 " fmt, __func__, \
__LINE__, (long long)(a), ##__VA_ARGS__); \
@@ -107,7 +107,7 @@ extern int debug;
#define assert_negative_as_expr(a, status, fmt, ...) \
({ \
- int rc_ = 0; \
+ __typeof__(status) rc_ = (__typeof__(status))0; \
if ((a) >= 0) { \
printf("%s:%d:got %lld, expected < 0 " fmt, __func__, \
__LINE__, (long long)(a), ##__VA_ARGS__); \
@@ -120,7 +120,7 @@ extern int debug;
#define assert_equal_as_expr(a, b, status, fmt, ...) \
({ \
- int rc_ = 0; \
+ __typeof__(status) rc_ = (__typeof__(status))0; \
if (!((a) == (b))) { \
printf("%s:%d:" fmt, __func__, __LINE__, (a), (b), \
##__VA_ARGS__); \
@@ -133,7 +133,7 @@ extern int debug;
#define assert_as_expr(cond, status, fmt, ...) \
({ \
- int rc_ = 0; \
+ __typeof__(status) rc_ = (__typeof__(status))0; \
if (!(cond)) { \
printf("%s:%d:" fmt, __func__, __LINE__, \
##__VA_ARGS__); \
@@ -144,51 +144,54 @@ extern int debug;
rc_; \
})
-#define assert_true_return(a, status, fmt, ...) \
- ({ \
- int rc_ = assert_true_as_expr(a, status, fmt, ##__VA_ARGS__); \
- if (rc_ != 0) \
- return rc_; \
+#define assert_true_return(a, status, fmt, ...) \
+ ({ \
+ __typeof__(status) rc_ = \
+ assert_true_as_expr(a, status, fmt, ##__VA_ARGS__); \
+ if (rc_ != 0) \
+ return rc_; \
})
#define assert_nonzero_return(a, ...) assert_true_return(a, ##__VA_ARGS__)
-#define assert_false_return(a, status, fmt, ...) \
- ({ \
- int rc_ = assert_false_as_expr(a, status, fmt, ##__VA_ARGS__); \
- if (rc_ != 0) \
- return rc_; \
+#define assert_false_return(a, status, fmt, ...) \
+ ({ \
+ __typeof__(status) rc_ = \
+ assert_false_as_expr(a, status, fmt, ##__VA_ARGS__); \
+ if (rc_ != 0) \
+ return rc_; \
})
#define assert_zero_return(a, ...) assert_false_return(a, ##__VA_ARGS__)
#define assert_positive_return(a, status, fmt, ...) \
({ \
- int rc_ = assert_positive_as_expr(a, status, fmt, \
- ##__VA_ARGS__); \
+ __typeof__(status) rc_ = assert_positive_as_expr( \
+ a, status, fmt, ##__VA_ARGS__); \
if (rc_ != 0) \
return rc_; \
})
#define assert_negative_return(a, status, fmt, ...) \
({ \
- int rc_ = assert_negative_as_expr(a, status, fmt, \
- ##__VA_ARGS__); \
+ __typeof__(status) rc_ = assert_negative_as_expr( \
+ a, status, fmt, ##__VA_ARGS__); \
if (rc_ != 0) \
return rc_; \
})
-#define assert_equal_return(a, b, status, fmt, ...) \
- ({ \
- int rc_ = assert_equal_as_expr(a, b, status, fmt, \
- ##__VA_ARGS__); \
- if (rc_ != 0) \
- return rc_; \
+#define assert_equal_return(a, b, status, fmt, ...) \
+ ({ \
+ __typeof__(status) rc_ = assert_equal_as_expr( \
+ a, b, status, fmt, ##__VA_ARGS__); \
+ if (rc_ != 0) \
+ return rc_; \
})
-#define assert_return(cond, status, fmt, ...) \
- ({ \
- int rc_ = assert_as_expr(cond, status, fmt, ##__VA_ARGS__); \
- if (rc_ != 0) \
- return rc_; \
+#define assert_return(cond, status, fmt, ...) \
+ ({ \
+ __typeof__(status) rc_ = \
+ assert_as_expr(cond, status, fmt, ##__VA_ARGS__); \
+ if (rc_ != 0) \
+ return rc_; \
})
#define assert_goto(cond, label, fmt, ...) \
--
2.32.0
From 5f08e671e4eb4ec43c1bf667e67f02b7454e13b0 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Fri, 2 Jul 2021 13:57:40 -0400
Subject: [PATCH 14/26] test.h: add some decls for some of the stuff in
efilib.h
In some test cases, it's useful to be able to call some of the very
common stuff in gnu-efi's efilib.h (i.e. CompareGuid()), but including
that header itself is too big for me to tackle right now.
This patch adds a few more decls to test.h.
Signed-off-by: Peter Jones <pjones@redhat.com>
---
include/test.h | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/include/test.h b/include/test.h
index 1d9c7be..811f92b 100644
--- a/include/test.h
+++ b/include/test.h
@@ -48,6 +48,17 @@
#define FreePool(x) free(x)
#define ReallocatePool(old, oldsz, newsz) realloc(old, newsz)
+INTN StrnCmp(IN CONST CHAR16 *s1,
+ IN CONST CHAR16 *s2,
+ IN UINTN len);
+CHAR16 *StrDuplicate(IN CONST CHAR16 *Src);
+UINTN StrLen(IN CONST CHAR16 *s1);
+UINTN StrSize(IN CONST CHAR16 *s1);
+VOID StrCat(IN CHAR16 *Dest, IN CONST CHAR16 *Src);
+CHAR16 *DevicePathToStr(EFI_DEVICE_PATH *DevPath);
+
+#define CompareGuid(a, b) memcmp(a, b, sizeof(a))
+
extern int debug;
#ifdef dprint
#undef dprint
--
2.32.0
From b092c85fc3e9caec83728b244a34ed8325a02c6d Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Fri, 2 Jul 2021 14:05:47 -0400
Subject: [PATCH 15/26] test.c: Conditionally do not declare stuff that's in
other places
test.c duplicates a couple of objects (StrnCmp, StrCmp) that are
in libefi.a, as well as SHIM_LOCK_GUID from lib/guid.o. While it's nice
to have these at some places, we need to disable them if we're actually
linking a test case against either of those.
This patch adds HAVE_foo guards around those objects.
Signed-off-by: Peter Jones <pjones@redhat.com>
---
test.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/test.c b/test.c
index dc71941..9da5cf5 100644
--- a/test.c
+++ b/test.c
@@ -22,6 +22,7 @@ LogError_(const char *file, int line, const char *func, const CHAR16 *fmt, ...)
return EFI_SUCCESS;
}