diff options
Diffstat (limited to 'meta/recipes-bsp/grub/files/CVE-2020-27779_7.patch')
| -rw-r--r-- | meta/recipes-bsp/grub/files/CVE-2020-27779_7.patch | 65 |
1 files changed, 65 insertions, 0 deletions
diff --git a/meta/recipes-bsp/grub/files/CVE-2020-27779_7.patch b/meta/recipes-bsp/grub/files/CVE-2020-27779_7.patch new file mode 100644 index 0000000000..e5d372a2b1 --- /dev/null +++ b/meta/recipes-bsp/grub/files/CVE-2020-27779_7.patch | |||
| @@ -0,0 +1,65 @@ | |||
| 1 | From dcc5a434e59f721b03cc809db0375a24aa2ac6d0 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Javier Martinez Canillas <javierm@redhat.com> | ||
| 3 | Date: Sat, 7 Nov 2020 01:03:18 +0100 | ||
| 4 | Subject: [PATCH] docs: Document the cutmem command | ||
| 5 | |||
| 6 | The command is not present in the docs/grub.texi user documentation. | ||
| 7 | |||
| 8 | Reported-by: Daniel Kiper <daniel.kiper@oracle.com> | ||
| 9 | Signed-off-by: Javier Martinez Canillas <javierm@redhat.com> | ||
| 10 | Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com> | ||
| 11 | Reviewed-by: Javier Martinez Canillas <javierm@redhat.com> | ||
| 12 | |||
| 13 | Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=f05e79a0143beb2d9a482a3ebf4fe0ce76778122] | ||
| 14 | CVE: CVE-2020-27779 | ||
| 15 | Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> | ||
| 16 | --- | ||
| 17 | docs/grub.texi | 21 +++++++++++++++++++++ | ||
| 18 | 1 file changed, 21 insertions(+) | ||
| 19 | |||
| 20 | diff --git a/docs/grub.texi b/docs/grub.texi | ||
| 21 | index ccf1908..ae85f55 100644 | ||
| 22 | --- a/docs/grub.texi | ||
| 23 | +++ b/docs/grub.texi | ||
| 24 | @@ -3892,6 +3892,7 @@ you forget a command, you can run the command @command{help} | ||
| 25 | * cpuid:: Check for CPU features | ||
| 26 | * crc:: Compute or check CRC32 checksums | ||
| 27 | * cryptomount:: Mount a crypto device | ||
| 28 | +* cutmem:: Remove memory regions | ||
| 29 | * date:: Display or set current date and time | ||
| 30 | * devicetree:: Load a device tree blob | ||
| 31 | * distrust:: Remove a pubkey from trusted keys | ||
| 32 | @@ -4051,6 +4052,8 @@ this page is to be filtered. This syntax makes it easy to represent patterns | ||
| 33 | that are often result of memory damage, due to physical distribution of memory | ||
| 34 | cells. | ||
| 35 | |||
| 36 | +The command is similar to @command{cutmem} command. | ||
| 37 | + | ||
| 38 | Note: The command is not allowed when lockdown is enforced (@pxref{Lockdown}). | ||
| 39 | This prevents removing EFI memory regions to potentially subvert the | ||
| 40 | security mechanisms provided by the UEFI secure boot. | ||
| 41 | @@ -4214,6 +4217,24 @@ GRUB suports devices encrypted using LUKS and geli. Note that necessary modules | ||
| 42 | be used. | ||
| 43 | @end deffn | ||
| 44 | |||
| 45 | +@node cutmem | ||
| 46 | +@subsection cutmem | ||
| 47 | + | ||
| 48 | +@deffn Command cutmem from[K|M|G] to[K|M|G] | ||
| 49 | +Remove any memory regions in specified range. | ||
| 50 | +@end deffn | ||
| 51 | + | ||
| 52 | +This command notifies the memory manager that specified regions of RAM ought to | ||
| 53 | +be filtered out. This remains in effect after a payload kernel has been loaded | ||
| 54 | +by GRUB, as long as the loaded kernel obtains its memory map from GRUB. Kernels | ||
| 55 | +that support this include Linux, GNU Mach, the kernel of FreeBSD and Multiboot | ||
| 56 | +kernels in general. | ||
| 57 | + | ||
| 58 | +The command is similar to @command{badram} command. | ||
| 59 | + | ||
| 60 | +Note: The command is not allowed when lockdown is enforced (@pxref{Lockdown}). | ||
| 61 | + This prevents removing EFI memory regions to potentially subvert the | ||
| 62 | + security mechanisms provided by the UEFI secure boot. | ||
| 63 | |||
| 64 | @node date | ||
| 65 | @subsection date | ||