diff options
Diffstat (limited to 'meta/recipes-bsp/grub/files/CVE-2020-27779_7.patch')
-rw-r--r-- | meta/recipes-bsp/grub/files/CVE-2020-27779_7.patch | 65 |
1 files changed, 65 insertions, 0 deletions
diff --git a/meta/recipes-bsp/grub/files/CVE-2020-27779_7.patch b/meta/recipes-bsp/grub/files/CVE-2020-27779_7.patch new file mode 100644 index 0000000000..e5d372a2b1 --- /dev/null +++ b/meta/recipes-bsp/grub/files/CVE-2020-27779_7.patch | |||
@@ -0,0 +1,65 @@ | |||
1 | From dcc5a434e59f721b03cc809db0375a24aa2ac6d0 Mon Sep 17 00:00:00 2001 | ||
2 | From: Javier Martinez Canillas <javierm@redhat.com> | ||
3 | Date: Sat, 7 Nov 2020 01:03:18 +0100 | ||
4 | Subject: [PATCH] docs: Document the cutmem command | ||
5 | |||
6 | The command is not present in the docs/grub.texi user documentation. | ||
7 | |||
8 | Reported-by: Daniel Kiper <daniel.kiper@oracle.com> | ||
9 | Signed-off-by: Javier Martinez Canillas <javierm@redhat.com> | ||
10 | Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com> | ||
11 | Reviewed-by: Javier Martinez Canillas <javierm@redhat.com> | ||
12 | |||
13 | Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=f05e79a0143beb2d9a482a3ebf4fe0ce76778122] | ||
14 | CVE: CVE-2020-27779 | ||
15 | Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> | ||
16 | --- | ||
17 | docs/grub.texi | 21 +++++++++++++++++++++ | ||
18 | 1 file changed, 21 insertions(+) | ||
19 | |||
20 | diff --git a/docs/grub.texi b/docs/grub.texi | ||
21 | index ccf1908..ae85f55 100644 | ||
22 | --- a/docs/grub.texi | ||
23 | +++ b/docs/grub.texi | ||
24 | @@ -3892,6 +3892,7 @@ you forget a command, you can run the command @command{help} | ||
25 | * cpuid:: Check for CPU features | ||
26 | * crc:: Compute or check CRC32 checksums | ||
27 | * cryptomount:: Mount a crypto device | ||
28 | +* cutmem:: Remove memory regions | ||
29 | * date:: Display or set current date and time | ||
30 | * devicetree:: Load a device tree blob | ||
31 | * distrust:: Remove a pubkey from trusted keys | ||
32 | @@ -4051,6 +4052,8 @@ this page is to be filtered. This syntax makes it easy to represent patterns | ||
33 | that are often result of memory damage, due to physical distribution of memory | ||
34 | cells. | ||
35 | |||
36 | +The command is similar to @command{cutmem} command. | ||
37 | + | ||
38 | Note: The command is not allowed when lockdown is enforced (@pxref{Lockdown}). | ||
39 | This prevents removing EFI memory regions to potentially subvert the | ||
40 | security mechanisms provided by the UEFI secure boot. | ||
41 | @@ -4214,6 +4217,24 @@ GRUB suports devices encrypted using LUKS and geli. Note that necessary modules | ||
42 | be used. | ||
43 | @end deffn | ||
44 | |||
45 | +@node cutmem | ||
46 | +@subsection cutmem | ||
47 | + | ||
48 | +@deffn Command cutmem from[K|M|G] to[K|M|G] | ||
49 | +Remove any memory regions in specified range. | ||
50 | +@end deffn | ||
51 | + | ||
52 | +This command notifies the memory manager that specified regions of RAM ought to | ||
53 | +be filtered out. This remains in effect after a payload kernel has been loaded | ||
54 | +by GRUB, as long as the loaded kernel obtains its memory map from GRUB. Kernels | ||
55 | +that support this include Linux, GNU Mach, the kernel of FreeBSD and Multiboot | ||
56 | +kernels in general. | ||
57 | + | ||
58 | +The command is similar to @command{badram} command. | ||
59 | + | ||
60 | +Note: The command is not allowed when lockdown is enforced (@pxref{Lockdown}). | ||
61 | + This prevents removing EFI memory regions to potentially subvert the | ||
62 | + security mechanisms provided by the UEFI secure boot. | ||
63 | |||
64 | @node date | ||
65 | @subsection date | ||