From fe7a13df6200bda934fcc0246458df249f1ef4f2 Mon Sep 17 00:00:00 2001 From: Marco A Benatto Date: Wed, 23 Sep 2020 11:33:33 -0400 Subject: [PATCH] verifiers: Move verifiers API to kernel image Move verifiers API from a module to the kernel image, so it can be used there as well. There are no functional changes in this patch. Signed-off-by: Marco A Benatto Signed-off-by: Javier Martinez Canillas Reviewed-by: Daniel Kiper Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=9e95f45ceeef36fcf93cbfffcf004276883dbc99] CVE: CVE-2020-14372 Signed-off-by: Marta Rybczynska --- grub-core/Makefile.am | 1 + grub-core/Makefile.core.def | 6 +----- grub-core/kern/main.c | 4 ++++ grub-core/{commands => kern}/verifiers.c | 8 ++------ include/grub/verify.h | 9 ++++++--- 5 files changed, 14 insertions(+), 14 deletions(-) rename grub-core/{commands => kern}/verifiers.c (97%) diff --git a/grub-core/Makefile.am b/grub-core/Makefile.am index 3ea8e7f..375c30d 100644 --- a/grub-core/Makefile.am +++ b/grub-core/Makefile.am @@ -90,6 +90,7 @@ KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/parser.h KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/partition.h KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/term.h KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/time.h +KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/verify.h KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/mm_private.h KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/net.h KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/memory.h diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def index 474a63e..cff02f2 100644 --- a/grub-core/Makefile.core.def +++ b/grub-core/Makefile.core.def @@ -140,6 +140,7 @@ kernel = { common = kern/rescue_parser.c; common = kern/rescue_reader.c; common = kern/term.c; + common = kern/verifiers.c; noemu = kern/compiler-rt.c; noemu = kern/mm.c; @@ -942,11 +943,6 @@ module = { cppflags = '-I$(srcdir)/lib/posix_wrap'; }; -module = { - name = verifiers; - common = commands/verifiers.c; -}; - module = { name = shim_lock; common = commands/efi/shim_lock.c; diff --git a/grub-core/kern/main.c b/grub-core/kern/main.c index 9cad0c4..73967e2 100644 --- a/grub-core/kern/main.c +++ b/grub-core/kern/main.c @@ -29,6 +29,7 @@ #include #include #include +#include #ifdef GRUB_MACHINE_PCBIOS #include @@ -274,6 +275,9 @@ grub_main (void) grub_printf ("Welcome to GRUB!\n\n"); grub_setcolorstate (GRUB_TERM_COLOR_STANDARD); + /* Init verifiers API. */ + grub_verifiers_init (); + grub_load_config (); grub_boot_time ("Before loading embedded modules."); diff --git a/grub-core/commands/verifiers.c b/grub-core/kern/verifiers.c similarity index 97% rename from grub-core/commands/verifiers.c rename to grub-core/kern/verifiers.c index 0dde481..aa3dc7c 100644 --- a/grub-core/commands/verifiers.c +++ b/grub-core/kern/verifiers.c @@ -217,12 +217,8 @@ grub_verify_string (char *str, enum grub_verify_string_type type) return GRUB_ERR_NONE; } -GRUB_MOD_INIT(verifiers) +void +grub_verifiers_init (void) { grub_file_filter_register (GRUB_FILE_FILTER_VERIFY, grub_verifiers_open); } - -GRUB_MOD_FINI(verifiers) -{ - grub_file_filter_unregister (GRUB_FILE_FILTER_VERIFY); -} diff --git a/include/grub/verify.h b/include/grub/verify.h index ea04914..cd129c3 100644 --- a/include/grub/verify.h +++ b/include/grub/verify.h @@ -64,7 +64,10 @@ struct grub_file_verifier grub_err_t (*verify_string) (char *str, enum grub_verify_string_type type); }; -extern struct grub_file_verifier *grub_file_verifiers; +extern struct grub_file_verifier *EXPORT_VAR (grub_file_verifiers); + +extern void +grub_verifiers_init (void); static inline void grub_verifier_register (struct grub_file_verifier *ver) @@ -78,7 +81,7 @@ grub_verifier_unregister (struct grub_file_verifier *ver) grub_list_remove (GRUB_AS_LIST (ver)); } -grub_err_t -grub_verify_string (char *str, enum grub_verify_string_type type); +extern grub_err_t +EXPORT_FUNC (grub_verify_string) (char *str, enum grub_verify_string_type type); #endif /* ! GRUB_VERIFY_HEADER */