diff options
author | Yongxin Liu <yongxin.liu@windriver.com> | 2020-11-04 08:43:33 +0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2020-11-12 13:06:28 +0000 |
commit | 5232b03e22a49c368fbf4d79e05519ad5e48db4a (patch) | |
tree | c61b32194bddd6221fa3984406818f25bd6964f7 /meta/recipes-bsp/grub/files/safemath-Add-some-arithmetic-primitives-that-check-f.patch | |
parent | e2312cd8873297d29c76a3a7fb8a79df4e91dc17 (diff) | |
download | poky-5232b03e22a49c368fbf4d79e05519ad5e48db4a.tar.gz |
grub: clean up CVE patches
Clean up several patches introduced in commit 6732918498 ("grub:fix
several CVEs in grub 2.04").
1) Add CVE tags to individual patches.
2) Rename upstream patches and prefix them with CVE tags.
3) Add description of reference to upstream patch.
(From OE-Core rev: a1db1e71129c3e67ddd9dbef21e1c5eb31552e00)
Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit bcb8b6719beaf6625e6b703e91958fe8afba5819)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-bsp/grub/files/safemath-Add-some-arithmetic-primitives-that-check-f.patch')
-rw-r--r-- | meta/recipes-bsp/grub/files/safemath-Add-some-arithmetic-primitives-that-check-f.patch | 94 |
1 files changed, 94 insertions, 0 deletions
diff --git a/meta/recipes-bsp/grub/files/safemath-Add-some-arithmetic-primitives-that-check-f.patch b/meta/recipes-bsp/grub/files/safemath-Add-some-arithmetic-primitives-that-check-f.patch new file mode 100644 index 0000000000..29021e8d8f --- /dev/null +++ b/meta/recipes-bsp/grub/files/safemath-Add-some-arithmetic-primitives-that-check-f.patch | |||
@@ -0,0 +1,94 @@ | |||
1 | From 06c361a71c4998635493610e5d76d0d223925251 Mon Sep 17 00:00:00 2001 | ||
2 | From: Peter Jones <pjones@redhat.com> | ||
3 | Date: Mon, 15 Jun 2020 10:58:42 -0400 | ||
4 | Subject: [PATCH 5/9] safemath: Add some arithmetic primitives that check for | ||
5 | overflow | ||
6 | |||
7 | This adds a new header, include/grub/safemath.h, that includes easy to | ||
8 | use wrappers for __builtin_{add,sub,mul}_overflow() declared like: | ||
9 | |||
10 | bool OP(a, b, res) | ||
11 | |||
12 | where OP is grub_add, grub_sub or grub_mul. OP() returns true in the | ||
13 | case where the operation would overflow and res is not modified. | ||
14 | Otherwise, false is returned and the operation is executed. | ||
15 | |||
16 | These arithmetic primitives require newer compiler versions. So, bump | ||
17 | these requirements in the INSTALL file too. | ||
18 | |||
19 | Upstream-Status: Backport [commit 68708c4503018d61dbcce7ac11cbb511d6425f4d | ||
20 | from https://git.savannah.gnu.org/git/grub.git] | ||
21 | |||
22 | Signed-off-by: Peter Jones <pjones@redhat.com> | ||
23 | Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> | ||
24 | [YL: omit the change to INSTALL from original patch] | ||
25 | Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com> | ||
26 | --- | ||
27 | include/grub/compiler.h | 8 ++++++++ | ||
28 | include/grub/safemath.h | 37 +++++++++++++++++++++++++++++++++++++ | ||
29 | 2 files changed, 45 insertions(+) | ||
30 | create mode 100644 include/grub/safemath.h | ||
31 | |||
32 | diff --git a/include/grub/compiler.h b/include/grub/compiler.h | ||
33 | index c9e1d7a..8f3be3a 100644 | ||
34 | --- a/include/grub/compiler.h | ||
35 | +++ b/include/grub/compiler.h | ||
36 | @@ -48,4 +48,12 @@ | ||
37 | # define WARN_UNUSED_RESULT | ||
38 | #endif | ||
39 | |||
40 | +#if defined(__clang__) && defined(__clang_major__) && defined(__clang_minor__) | ||
41 | +# define CLANG_PREREQ(maj,min) \ | ||
42 | + ((__clang_major__ > (maj)) || \ | ||
43 | + (__clang_major__ == (maj) && __clang_minor__ >= (min))) | ||
44 | +#else | ||
45 | +# define CLANG_PREREQ(maj,min) 0 | ||
46 | +#endif | ||
47 | + | ||
48 | #endif /* ! GRUB_COMPILER_HEADER */ | ||
49 | diff --git a/include/grub/safemath.h b/include/grub/safemath.h | ||
50 | new file mode 100644 | ||
51 | index 0000000..c17b89b | ||
52 | --- /dev/null | ||
53 | +++ b/include/grub/safemath.h | ||
54 | @@ -0,0 +1,37 @@ | ||
55 | +/* | ||
56 | + * GRUB -- GRand Unified Bootloader | ||
57 | + * Copyright (C) 2020 Free Software Foundation, Inc. | ||
58 | + * | ||
59 | + * GRUB is free software: you can redistribute it and/or modify | ||
60 | + * it under the terms of the GNU General Public License as published by | ||
61 | + * the Free Software Foundation, either version 3 of the License, or | ||
62 | + * (at your option) any later version. | ||
63 | + * | ||
64 | + * GRUB is distributed in the hope that it will be useful, | ||
65 | + * but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
66 | + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
67 | + * GNU General Public License for more details. | ||
68 | + * | ||
69 | + * You should have received a copy of the GNU General Public License | ||
70 | + * along with GRUB. If not, see <http://www.gnu.org/licenses/>. | ||
71 | + * | ||
72 | + * Arithmetic operations that protect against overflow. | ||
73 | + */ | ||
74 | + | ||
75 | +#ifndef GRUB_SAFEMATH_H | ||
76 | +#define GRUB_SAFEMATH_H 1 | ||
77 | + | ||
78 | +#include <grub/compiler.h> | ||
79 | + | ||
80 | +/* These appear in gcc 5.1 and clang 3.8. */ | ||
81 | +#if GNUC_PREREQ(5, 1) || CLANG_PREREQ(3, 8) | ||
82 | + | ||
83 | +#define grub_add(a, b, res) __builtin_add_overflow(a, b, res) | ||
84 | +#define grub_sub(a, b, res) __builtin_sub_overflow(a, b, res) | ||
85 | +#define grub_mul(a, b, res) __builtin_mul_overflow(a, b, res) | ||
86 | + | ||
87 | +#else | ||
88 | +#error gcc 5.1 or newer or clang 3.8 or newer is required | ||
89 | +#endif | ||
90 | + | ||
91 | +#endif /* GRUB_SAFEMATH_H */ | ||
92 | -- | ||
93 | 2.14.4 | ||
94 | |||