diff options
author | Jason M. Bills <jason.m.bills@linux.intel.com> | 2021-05-24 22:35:24 +0300 |
---|---|---|
committer | Jason M. Bills <jason.m.bills@linux.intel.com> | 2021-05-24 22:35:24 +0300 |
commit | 0e0df451ae365f09d5c0c766b253f23de26901f2 (patch) | |
tree | db4d7d3ce85e02ee01ad58a86ede02ac876aae77 /poky/meta/recipes-bsp | |
parent | e370fd750e2821620ec427f26f8efab0069824ff (diff) | |
parent | 7e10dee74964afa47859704886128dd256acf854 (diff) | |
download | openbmc-0e0df451ae365f09d5c0c766b253f23de26901f2.tar.xz |
Merge tag '0.52' of ssh://git-amr-1.devtools.intel.com:29418/openbmc-openbmc into update
Diffstat (limited to 'poky/meta/recipes-bsp')
28 files changed, 1213 insertions, 4362 deletions
diff --git a/poky/meta/recipes-bsp/formfactor/files/qemuppc64/machconfig b/poky/meta/recipes-bsp/formfactor/files/qemuppc64/machconfig new file mode 100755 index 000000000..e4717730e --- /dev/null +++ b/poky/meta/recipes-bsp/formfactor/files/qemuppc64/machconfig @@ -0,0 +1,10 @@ +HAVE_TOUCHSCREEN=0 +HAVE_KEYBOARD=0 + +DISPLAY_CAN_ROTATE=0 +DISPLAY_ORIENTATION=0 +#DISPLAY_WIDTH_PIXELS=640 +#DISPLAY_HEIGHT_PIXELS=480 +#DISPLAY_BPP=16 +DISPLAY_DPI=150 +DISPLAY_SUBPIXEL_ORDER=vrgb diff --git a/poky/meta/recipes-bsp/grub/files/0001-RISC-V-Restore-the-typcast-to-long.patch b/poky/meta/recipes-bsp/grub/files/0001-RISC-V-Restore-the-typcast-to-long.patch new file mode 100644 index 000000000..2f15a91f6 --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/0001-RISC-V-Restore-the-typcast-to-long.patch @@ -0,0 +1,39 @@ +From e4c41db74b8972285cbdfe614c95c1ffd97d70e1 Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Fri, 26 Mar 2021 11:59:43 -0700 +Subject: [PATCH] RISC-V: Restore the typcast to 64bit type + +this makes the type promotions clear and explicit +It was already typecasted to long but was accidentally dropped in [1] +which stated to cause failures on riscv32 as reported in [2] + +[1] https://git.savannah.gnu.org/cgit/grub.git/commit/?id=2bf40e9e5be9808b17852e688eead87acff14420 +[2] https://savannah.gnu.org/bugs/index.php?60283 + +Upstream-Status: Submitted +Signed-off-by: Khem Raj <raj.khem@gmail.com> +Cc: Andreas Schwab <schwab@suse.de> +Cc: Daniel Kiper <daniel.kiper@oracle.com> +Cc: Chester Lin <clin@suse.com> +Cc: Nikita Ermakov <arei@altlinux.org> +Cc: Alistair Francis <alistair.francis@wdc.com> +--- + util/grub-mkimagexx.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/util/grub-mkimagexx.c b/util/grub-mkimagexx.c +index 00f49ccaa..ac677d03d 100644 +--- a/util/grub-mkimagexx.c ++++ b/util/grub-mkimagexx.c +@@ -1242,7 +1242,7 @@ SUFFIX (relocate_addrs) (Elf_Ehdr *e, struct section_metadata *smd, + */ + + sym_addr += addend; +- off = sym_addr - target_section_addr - offset - image_target->vaddr_offset; ++ off = (grub_int64_t)sym_addr - target_section_addr - offset - image_target->vaddr_offset; + + switch (ELF_R_TYPE (info)) + { +-- +2.31.1 + diff --git a/poky/meta/recipes-bsp/grub/files/6643507ce30f775008e093580f0c9499dfb2c485.patch b/poky/meta/recipes-bsp/grub/files/6643507ce30f775008e093580f0c9499dfb2c485.patch deleted file mode 100644 index 8aa209144..000000000 --- a/poky/meta/recipes-bsp/grub/files/6643507ce30f775008e093580f0c9499dfb2c485.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 6643507ce30f775008e093580f0c9499dfb2c485 Mon Sep 17 00:00:00 2001 -From: Simon Hardy <simon.hardy@itdev.co.uk> -Date: Tue, 24 Mar 2020 13:29:12 +0000 -Subject: build: Fix GRUB i386-pc build with Ubuntu gcc - -With recent versions of gcc on Ubuntu a very large lzma_decompress.img file is -output. (e.g. 134479600 bytes instead of 2864.) This causes grub-mkimage to -fail with: "error: Decompressor is too big." - -This seems to be caused by a section .note.gnu.property that is placed at an -offset such that objcopy needs to pad the img file with zeros. - -This issue is present on: -Ubuntu 19.10 with gcc (Ubuntu 8.3.0-26ubuntu1~19.10) 8.3.0 -Ubuntu 19.10 with gcc (Ubuntu 9.2.1-9ubuntu2) 9.2.1 20191008 - -This issue is not present on: -Ubuntu 19.10 with gcc (Ubuntu 7.5.0-3ubuntu1~19.10) 7.5.0 -RHEL 8.0 with gcc 8.3.1 20190507 (Red Hat 8.3.1-4) - -The issue can be fixed by removing the section using objcopy as shown in -this patch. - -Signed-off-by: Simon Hardy <simon.hardy@itdev.co.uk> -Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> ---- - gentpl.py | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -Upstream-Status: Backport - -diff --git a/gentpl.py b/gentpl.py -index 387588c05..c86550d4f 100644 ---- a/gentpl.py -+++ b/gentpl.py -@@ -766,7 +766,7 @@ def image(defn, platform): - if test x$(TARGET_APPLE_LINKER) = x1; then \ - $(MACHO2IMG) $< $@; \ - else \ -- $(TARGET_OBJCOPY) $(""" + cname(defn) + """_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .ARM.exidx $< $@; \ -+ $(TARGET_OBJCOPY) $(""" + cname(defn) + """_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .note.gnu.property -R .ARM.exidx $< $@; \ - fi - """) - --- -cgit v1.2.1 - diff --git a/poky/meta/recipes-bsp/grub/files/CVE-2020-10713.patch b/poky/meta/recipes-bsp/grub/files/CVE-2020-10713.patch deleted file mode 100644 index c507ed3ea..000000000 --- a/poky/meta/recipes-bsp/grub/files/CVE-2020-10713.patch +++ /dev/null @@ -1,73 +0,0 @@ -From a4d3fbdff1e3ca8f87642af2ac8752c30c617a3e Mon Sep 17 00:00:00 2001 -From: Peter Jones <pjones@redhat.com> -Date: Wed, 15 Apr 2020 15:45:02 -0400 -Subject: yylex: Make lexer fatal errors actually be fatal - -When presented with a command that can't be tokenized to anything -smaller than YYLMAX characters, the parser calls YY_FATAL_ERROR(errmsg), -expecting that will stop further processing, as such: - - #define YY_DO_BEFORE_ACTION \ - yyg->yytext_ptr = yy_bp; \ - yyleng = (int) (yy_cp - yy_bp); \ - yyg->yy_hold_char = *yy_cp; \ - *yy_cp = '\0'; \ - if ( yyleng >= YYLMAX ) \ - YY_FATAL_ERROR( "token too large, exceeds YYLMAX" ); \ - yy_flex_strncpy( yytext, yyg->yytext_ptr, yyleng + 1 , yyscanner); \ - yyg->yy_c_buf_p = yy_cp; - -The code flex generates expects that YY_FATAL_ERROR() will either return -for it or do some form of longjmp(), or handle the error in some way at -least, and so the strncpy() call isn't in an "else" clause, and thus if -YY_FATAL_ERROR() is *not* actually fatal, it does the call with the -questionable limit, and predictable results ensue. - -Unfortunately, our implementation of YY_FATAL_ERROR() is: - - #define YY_FATAL_ERROR(msg) \ - do { \ - grub_printf (_("fatal error: %s\n"), _(msg)); \ - } while (0) - -The same pattern exists in yyless(), and similar problems exist in users -of YY_INPUT(), several places in the main parsing loop, -yy_get_next_buffer(), yy_load_buffer_state(), yyensure_buffer_stack, -yy_scan_buffer(), etc. - -All of these callers expect YY_FATAL_ERROR() to actually be fatal, and -the things they do if it returns after calling it are wildly unsafe. - -Fixes: CVE-2020-10713 - -Signed-off-by: Peter Jones <pjones@redhat.com> -Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> - -Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=a4d3fbdff1e3ca8f87642af2ac8752c30c617a3e] -CVE: CVE-2020-10713 -Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> ---- - grub-core/script/yylex.l | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/grub-core/script/yylex.l b/grub-core/script/yylex.l -index 7b44c37b7..b7203c823 100644 ---- a/grub-core/script/yylex.l -+++ b/grub-core/script/yylex.l -@@ -37,11 +37,11 @@ - - /* - * As we don't have access to yyscanner, we cannot do much except to -- * print the fatal error. -+ * print the fatal error and exit. - */ - #define YY_FATAL_ERROR(msg) \ - do { \ -- grub_printf (_("fatal error: %s\n"), _(msg)); \ -+ grub_fatal (_("fatal error: %s\n"), _(msg));\ - } while (0) - - #define COPY(str, hint) \ --- -cgit v1.2.1 - diff --git a/poky/meta/recipes-bsp/grub/files/CVE-2020-14308-calloc-Use-calloc-at-most-places.patch b/poky/meta/recipes-bsp/grub/files/CVE-2020-14308-calloc-Use-calloc-at-most-places.patch deleted file mode 100644 index 637e368cb..000000000 --- a/poky/meta/recipes-bsp/grub/files/CVE-2020-14308-calloc-Use-calloc-at-most-places.patch +++ /dev/null @@ -1,1863 +0,0 @@ -From bcdd6a55952222ec9829a59348240a4f983b0b56 Mon Sep 17 00:00:00 2001 -From: Peter Jones <pjones@redhat.com> -Date: Mon, 15 Jun 2020 12:26:01 -0400 -Subject: [PATCH 4/9] calloc: Use calloc() at most places - -This modifies most of the places we do some form of: - - X = malloc(Y * Z); - -to use calloc(Y, Z) instead. - -Among other issues, this fixes: - - allocation of integer overflow in grub_png_decode_image_header() - reported by Chris Coulson, - - allocation of integer overflow in luks_recover_key() - reported by Chris Coulson, - - allocation of integer overflow in grub_lvm_detect() - reported by Chris Coulson. - -Fixes: CVE-2020-14308 - -Signed-off-by: Peter Jones <pjones@redhat.com> -Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> - -Upstream-Status: Backport -CVE: CVE-2020-14308 - -Reference to upstream patch: -https://git.savannah.gnu.org/cgit/grub.git/commit/?id=f725fa7cb2ece547c5af01eeeecfe8d95802ed41 - -[YL: don't patch on grub-core/lib/json/json.c, which is not existing in grub 2.04] -Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com> ---- - grub-core/bus/usb/usbhub.c | 8 ++++---- - grub-core/commands/efi/lsefisystab.c | 3 ++- - grub-core/commands/legacycfg.c | 6 +++--- - grub-core/commands/menuentry.c | 2 +- - grub-core/commands/nativedisk.c | 2 +- - grub-core/commands/parttool.c | 12 +++++++++--- - grub-core/commands/regexp.c | 2 +- - grub-core/commands/search_wrap.c | 2 +- - grub-core/disk/diskfilter.c | 4 ++-- - grub-core/disk/ieee1275/ofdisk.c | 2 +- - grub-core/disk/ldm.c | 14 +++++++------- - grub-core/disk/luks.c | 2 +- - grub-core/disk/lvm.c | 12 ++++++------ - grub-core/disk/xen/xendisk.c | 2 +- - grub-core/efiemu/loadcore.c | 2 +- - grub-core/efiemu/mm.c | 6 +++--- - grub-core/font/font.c | 3 +-- - grub-core/fs/affs.c | 6 +++--- - grub-core/fs/btrfs.c | 6 +++--- - grub-core/fs/hfs.c | 2 +- - grub-core/fs/hfsplus.c | 6 +++--- - grub-core/fs/iso9660.c | 2 +- - grub-core/fs/ntfs.c | 4 ++-- - grub-core/fs/sfs.c | 2 +- - grub-core/fs/tar.c | 2 +- - grub-core/fs/udf.c | 4 ++-- - grub-core/fs/zfs/zfs.c | 4 ++-- - grub-core/gfxmenu/gui_string_util.c | 2 +- - grub-core/gfxmenu/widget-box.c | 4 ++-- - grub-core/io/gzio.c | 2 +- - grub-core/kern/efi/efi.c | 6 +++--- - grub-core/kern/emu/hostdisk.c | 2 +- - grub-core/kern/fs.c | 2 +- - grub-core/kern/misc.c | 2 +- - grub-core/kern/parser.c | 2 +- - grub-core/kern/uboot/uboot.c | 2 +- - grub-core/lib/libgcrypt/cipher/ac.c | 8 ++++---- - grub-core/lib/libgcrypt/cipher/primegen.c | 4 ++-- - grub-core/lib/libgcrypt/cipher/pubkey.c | 4 ++-- - grub-core/lib/priority_queue.c | 2 +- - grub-core/lib/reed_solomon.c | 7 +++---- - grub-core/lib/relocator.c | 10 +++++----- - grub-core/lib/zstd/fse_decompress.c | 2 +- - grub-core/loader/arm/linux.c | 2 +- - grub-core/loader/efi/chainloader.c | 2 +- - grub-core/loader/i386/bsdXX.c | 2 +- - grub-core/loader/i386/xnu.c | 4 ++-- - grub-core/loader/macho.c | 2 +- - grub-core/loader/multiboot_elfxx.c | 2 +- - grub-core/loader/xnu.c | 2 +- - grub-core/mmap/mmap.c | 4 ++-- - grub-core/net/bootp.c | 2 +- - grub-core/net/dns.c | 10 +++++----- - grub-core/net/net.c | 4 ++-- - grub-core/normal/charset.c | 10 +++++----- - grub-core/normal/cmdline.c | 14 +++++++------- - grub-core/normal/menu_entry.c | 14 +++++++------- - grub-core/normal/menu_text.c | 4 ++-- - grub-core/normal/term.c | 4 ++-- - grub-core/osdep/linux/getroot.c | 6 +++--- - grub-core/osdep/unix/config.c | 2 +- - grub-core/osdep/windows/getroot.c | 2 +- - grub-core/osdep/windows/hostdisk.c | 4 ++-- - grub-core/osdep/windows/init.c | 2 +- - grub-core/osdep/windows/platform.c | 4 ++-- - grub-core/osdep/windows/relpath.c | 2 +- - grub-core/partmap/gpt.c | 2 +- - grub-core/partmap/msdos.c | 2 +- - grub-core/script/execute.c | 2 +- - grub-core/tests/fake_input.c | 2 +- - grub-core/tests/video_checksum.c | 6 +++--- - grub-core/video/capture.c | 2 +- - grub-core/video/emu/sdl.c | 2 +- - grub-core/video/i386/pc/vga.c | 2 +- - grub-core/video/readers/png.c | 2 +- - include/grub/unicode.h | 4 ++-- - util/getroot.c | 2 +- - util/grub-file.c | 2 +- - util/grub-fstest.c | 4 ++-- - util/grub-install-common.c | 2 +- - util/grub-install.c | 4 ++-- - util/grub-mkimagexx.c | 6 ++---- - util/grub-mkrescue.c | 4 ++-- - util/grub-mkstandalone.c | 2 +- - util/grub-pe2elf.c | 12 +++++------- - util/grub-probe.c | 4 ++-- - 86 files changed, 178 insertions(+), 177 deletions(-) - -diff --git a/grub-core/bus/usb/usbhub.c b/grub-core/bus/usb/usbhub.c -index 34a7ff1..a06cce3 100644 ---- a/grub-core/bus/usb/usbhub.c -+++ b/grub-core/bus/usb/usbhub.c -@@ -149,8 +149,8 @@ grub_usb_add_hub (grub_usb_device_t dev) - grub_usb_set_configuration (dev, 1); - - dev->nports = hubdesc.portcnt; -- dev->children = grub_zalloc (hubdesc.portcnt * sizeof (dev->children[0])); -- dev->ports = grub_zalloc (dev->nports * sizeof (dev->ports[0])); -+ dev->children = grub_calloc (hubdesc.portcnt, sizeof (dev->children[0])); -+ dev->ports = grub_calloc (dev->nports, sizeof (dev->ports[0])); - if (!dev->children || !dev->ports) - { - grub_free (dev->children); -@@ -268,8 +268,8 @@ grub_usb_controller_dev_register_iter (grub_usb_controller_t controller, void *d - - /* Query the number of ports the root Hub has. */ - hub->nports = controller->dev->hubports (controller); -- hub->devices = grub_zalloc (sizeof (hub->devices[0]) * hub->nports); -- hub->ports = grub_zalloc (sizeof (hub->ports[0]) * hub->nports); -+ hub->devices = grub_calloc (hub->nports, sizeof (hub->devices[0])); -+ hub->ports = grub_calloc (hub->nports, sizeof (hub->ports[0])); - if (!hub->devices || !hub->ports) - { - grub_free (hub->devices); -diff --git a/grub-core/commands/efi/lsefisystab.c b/grub-core/commands/efi/lsefisystab.c -index df10302..cd81507 100644 ---- a/grub-core/commands/efi/lsefisystab.c -+++ b/grub-core/commands/efi/lsefisystab.c -@@ -71,7 +71,8 @@ grub_cmd_lsefisystab (struct grub_command *cmd __attribute__ ((unused)), - grub_printf ("Vendor: "); - - for (vendor_utf16 = st->firmware_vendor; *vendor_utf16; vendor_utf16++); -- vendor = grub_malloc (4 * (vendor_utf16 - st->firmware_vendor) + 1); -+ /* Allocate extra 3 bytes to simplify math. */ -+ vendor = grub_calloc (4, vendor_utf16 - st->firmware_vendor + 1); - if (!vendor) - return grub_errno; - *grub_utf16_to_utf8 ((grub_uint8_t *) vendor, st->firmware_vendor, -diff --git a/grub-core/commands/legacycfg.c b/grub-core/commands/legacycfg.c -index db7a8f0..5e3ec0d 100644 ---- a/grub-core/commands/legacycfg.c -+++ b/grub-core/commands/legacycfg.c -@@ -314,7 +314,7 @@ grub_cmd_legacy_kernel (struct grub_command *mycmd __attribute__ ((unused)), - if (argc < 2) - return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected")); - -- cutargs = grub_malloc (sizeof (cutargs[0]) * (argc - 1)); -+ cutargs = grub_calloc (argc - 1, sizeof (cutargs[0])); - if (!cutargs) - return grub_errno; - cutargc = argc - 1; -@@ -436,7 +436,7 @@ grub_cmd_legacy_kernel (struct grub_command *mycmd __attribute__ ((unused)), - { - char rbuf[3] = "-r"; - bsdargc = cutargc + 2; -- bsdargs = grub_malloc (sizeof (bsdargs[0]) * bsdargc); -+ bsdargs = grub_calloc (bsdargc, sizeof (bsdargs[0])); - if (!bsdargs) - { - err = grub_errno; -@@ -559,7 +559,7 @@ grub_cmd_legacy_initrdnounzip (struct grub_command *mycmd __attribute__ ((unused - return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("can't find command `%s'"), - "module"); - -- newargs = grub_malloc ((argc + 1) * sizeof (newargs[0])); -+ newargs = grub_calloc (argc + 1, sizeof (newargs[0])); - if (!newargs) - return grub_errno; - grub_memcpy (newargs + 1, args, argc * sizeof (newargs[0])); -diff --git a/grub-core/commands/menuentry.c b/grub-core/commands/menuentry.c -index 2c5363d..9164df7 100644 ---- a/grub-core/commands/menuentry.c -+++ b/grub-core/commands/menuentry.c -@@ -154,7 +154,7 @@ grub_normal_add_menu_entry (int argc, const char **args, - goto fail; - - /* Save argc, args to pass as parameters to block arg later. */ -- menu_args = grub_malloc (sizeof (char*) * (argc + 1)); -+ menu_args = grub_calloc (argc + 1, sizeof (char *)); - if (! menu_args) - goto fail; - -diff --git a/grub-core/commands/nativedisk.c b/grub-core/commands/nativedisk.c -index 699447d..7c8f97f 100644 ---- a/grub-core/commands/nativedisk.c -+++ b/grub-core/commands/nativedisk.c -@@ -195,7 +195,7 @@ grub_cmd_nativedisk (grub_command_t cmd __attribute__ ((unused)), - else - path_prefix = prefix; - -- mods = grub_malloc (argc * sizeof (mods[0])); -+ mods = grub_calloc (argc, sizeof (mods[0])); - if (!mods) - return grub_errno; - -diff --git a/grub-core/commands/parttool.c b/grub-core/commands/parttool.c -index 22b46b1..051e313 100644 ---- a/grub-core/commands/parttool.c -+++ b/grub-core/commands/parttool.c -@@ -59,7 +59,13 @@ grub_parttool_register(const char *part_name, - for (nargs = 0; args[nargs].name != 0; nargs++); - cur->nargs = nargs; - cur->args = (struct grub_parttool_argdesc *) -- grub_malloc ((nargs + 1) * sizeof (struct grub_parttool_argdesc)); -+ grub_calloc (nargs + 1, sizeof (struct grub_parttool_argdesc)); -+ if (!cur->args) -+ { -+ grub_free (cur); -+ curhandle--; -+ return -1; -+ } - grub_memcpy (cur->args, args, - (nargs + 1) * sizeof (struct grub_parttool_argdesc)); - -@@ -257,7 +263,7 @@ grub_cmd_parttool (grub_command_t cmd __attribute__ ((unused)), - return err; - } - -- parsed = (int *) grub_zalloc (argc * sizeof (int)); -+ parsed = (int *) grub_calloc (argc, sizeof (int)); - - for (i = 1; i < argc; i++) - if (! parsed[i]) -@@ -290,7 +296,7 @@ grub_cmd_parttool (grub_command_t cmd __attribute__ ((unused)), - } - ptool = cur; - pargs = (struct grub_parttool_args *) -- grub_zalloc (ptool->nargs * sizeof (struct grub_parttool_args)); -+ grub_calloc (ptool->nargs, sizeof (struct grub_parttool_args)); - for (j = i; j < argc; j++) - if (! parsed[j]) - { -diff --git a/grub-core/commands/regexp.c b/grub-core/commands/regexp.c -index f00b184..4019164 100644 ---- a/grub-core/commands/regexp.c -+++ b/grub-core/commands/regexp.c -@@ -116,7 +116,7 @@ grub_cmd_regexp (grub_extcmd_context_t ctxt, int argc, char **args) - if (ret) - goto fail; - -- matches = grub_zalloc (sizeof (*matches) * (regex.re_nsub + 1)); -+ matches = grub_calloc (regex.re_nsub + 1, sizeof (*matches)); - if (! matches) - goto fail; - -diff --git a/grub-core/commands/search_wrap.c b/grub-core/commands/search_wrap.c -index d7fd26b..47fc8eb 100644 ---- a/grub-core/commands/search_wrap.c -+++ b/grub-core/commands/search_wrap.c -@@ -122,7 +122,7 @@ grub_cmd_search (grub_extcmd_context_t ctxt, int argc, char **args) - for (i = 0; state[SEARCH_HINT_BAREMETAL].args[i]; i++) - nhints++; - -- hints = grub_malloc (sizeof (hints[0]) * nhints); -+ hints = grub_calloc (nhints, sizeof (hints[0])); - if (!hints) - return grub_errno; - j = 0; -diff --git a/grub-core/disk/diskfilter.c b/grub-core/disk/diskfilter.c -index c3b578a..68ca9e0 100644 ---- a/grub-core/disk/diskfilter.c -+++ b/grub-core/disk/diskfilter.c -@@ -1134,7 +1134,7 @@ grub_diskfilter_make_raid (grub_size_t uuidlen, char *uuid, int nmemb, - array->lvs->segments->node_count = nmemb; - array->lvs->segments->raid_member_size = disk_size; - array->lvs->segments->nodes -- = grub_zalloc (nmemb * sizeof (array->lvs->segments->nodes[0])); -+ = grub_calloc (nmemb, sizeof (array->lvs->segments->nodes[0])); - array->lvs->segments->stripe_size = stripe_size; - for (i = 0; i < nmemb; i++) - { -@@ -1226,7 +1226,7 @@ insert_array (grub_disk_t disk, const struct grub_diskfilter_pv_id *id, - grub_partition_t p; - for (p = disk->partition; p; p = p->parent) - s++; -- pv->partmaps = xmalloc (s * sizeof (pv->partmaps[0])); -+ pv->partmaps = xcalloc (s, sizeof (pv->partmaps[0])); - s = 0; - for (p = disk->partition; p; p = p->parent) - pv->partmaps[s++] = xstrdup (p->partmap->name); -diff --git a/grub-core/disk/ieee1275/ofdisk.c b/grub-core/disk/ieee1275/ofdisk.c -index f73257e..03674cb 100644 ---- a/grub-core/disk/ieee1275/ofdisk.c -+++ b/grub-core/disk/ieee1275/ofdisk.c -@@ -297,7 +297,7 @@ dev_iterate (const struct grub_ieee1275_devalias *alias) - /* Power machines documentation specify 672 as maximum SAS disks in - one system. Using a slightly larger value to be safe. */ - table_size = 768; -- table = grub_malloc (table_size * sizeof (grub_uint64_t)); -+ table = grub_calloc (table_size, sizeof (grub_uint64_t)); - - if (!table) - { -diff --git a/grub-core/disk/ldm.c b/grub-core/disk/ldm.c -index 2a22d2d..e632370 100644 ---- a/grub-core/disk/ldm.c -+++ b/grub-core/disk/ldm.c -@@ -323,8 +323,8 @@ make_vg (grub_disk_t disk, - lv->segments->type = GRUB_DISKFILTER_MIRROR; - lv->segments->node_count = 0; - lv->segments->node_alloc = 8; -- lv->segments->nodes = grub_zalloc (sizeof (*lv->segments->nodes) -- * lv->segments->node_alloc); -+ lv->segments->nodes = grub_calloc (lv->segments->node_alloc, -+ sizeof (*lv->segments->nodes)); - if (!lv->segments->nodes) - goto fail2; - ptr = vblk[i].dynamic; -@@ -543,8 +543,8 @@ make_vg (grub_disk_t disk, - { - comp->segment_alloc = 8; - comp->segment_count = 0; -- comp->segments = grub_malloc (sizeof (*comp->segments) -- * comp->segment_alloc); -+ comp->segments = grub_calloc (comp->segment_alloc, -+ sizeof (*comp->segments)); - if (!comp->segments) - goto fail2; - } -@@ -590,8 +590,8 @@ make_vg (grub_disk_t disk, - } - comp->segments->node_count = read_int (ptr + 1, *ptr); - comp->segments->node_alloc = comp->segments->node_count; -- comp->segments->nodes = grub_zalloc (sizeof (*comp->segments->nodes) -- * comp->segments->node_alloc); -+ comp->segments->nodes = grub_calloc (comp->segments->node_alloc, -+ sizeof (*comp->segments->nodes)); - if (!lv->segments->nodes) - goto fail2; - } -@@ -1017,7 +1017,7 @@ grub_util_ldm_embed (struct grub_disk *disk, unsigned int *nsectors, - *nsectors = lv->size; - if (*nsectors > max_nsectors) - *nsectors = max_nsectors; -- *sectors = grub_malloc (*nsectors * sizeof (**sectors)); -+ *sectors = grub_calloc (*nsectors, sizeof (**sectors)); - if (!*sectors) - return grub_errno; - for (i = 0; i < *nsectors; i++) -diff --git a/grub-core/disk/luks.c b/grub-core/disk/luks.c -index 86c50c6..18b3a8b 100644 ---- a/grub-core/disk/luks.c -+++ b/grub-core/disk/luks.c -@@ -336,7 +336,7 @@ luks_recover_key (grub_disk_t source, - && grub_be_to_cpu32 (header.keyblock[i].stripes) > max_stripes) - max_stripes = grub_be_to_cpu32 (header.keyblock[i].stripes); - -- split_key = grub_malloc (keysize * max_stripes); -+ split_key = grub_calloc (keysize, max_stripes); - if (!split_key) - return grub_errno; - -diff --git a/grub-core/disk/lvm.c b/grub-core/disk/lvm.c -index dc6b83b..7b5fbbc 100644 ---- a/grub-core/disk/lvm.c -+++ b/grub-core/disk/lvm.c -@@ -209,7 +209,7 @@ grub_lvm_detect (grub_disk_t disk, - first one. */ - - /* Allocate buffer space for the circular worst-case scenario. */ -- metadatabuf = grub_malloc (2 * mda_size); -+ metadatabuf = grub_calloc (2, mda_size); - if (! metadatabuf) - goto fail; - -@@ -464,7 +464,7 @@ grub_lvm_detect (grub_disk_t disk, - #endif - goto lvs_fail; - } -- lv->segments = grub_zalloc (sizeof (*seg) * lv->segment_count); -+ lv->segments = grub_calloc (lv->segment_count, sizeof (*seg)); - seg = lv->segments; - - for (i = 0; i < lv->segment_count; i++) -@@ -521,8 +521,8 @@ grub_lvm_detect (grub_disk_t disk, - if (seg->node_count != 1) - seg->stripe_size = grub_lvm_getvalue (&p, "stripe_size = "); - -- seg->nodes = grub_zalloc (sizeof (*stripe) -- * seg->node_count); -+ seg->nodes = grub_calloc (seg->node_count, -+ sizeof (*stripe)); - stripe = seg->nodes; - - p = grub_strstr (p, "stripes = ["); -@@ -898,7 +898,7 @@ grub_lvm_detect (grub_disk_t disk, - break; - if (lv) - { -- cache->lv->segments = grub_malloc (lv->segment_count * sizeof (*lv->segments)); -+ cache->lv->segments = grub_calloc (lv->segment_count, sizeof (*lv->segments)); - if (!cache->lv->segments) - { - grub_lvm_free_cache_lvs (cache_lvs); -@@ -911,7 +911,7 @@ grub_lvm_detect (grub_disk_t disk, - struct grub_diskfilter_node *nodes = lv->segments[i].nodes; - grub_size_t node_count = lv->segments[i].node_count; - -- cache->lv->segments[i].nodes = grub_malloc (node_count * sizeof (*nodes)); -+ cache->lv->segments[i].nodes = grub_calloc (node_count, sizeof (*nodes)); - if (!cache->lv->segments[i].nodes) - { - for (j = 0; j < i; ++j) -diff --git a/grub-core/disk/xen/xendisk.c b/grub-core/disk/xen/xendisk.c -index 48476cb..d6612ee 100644 ---- a/grub-core/disk/xen/xendisk.c -+++ b/grub-core/disk/xen/xendisk.c -@@ -426,7 +426,7 @@ grub_xendisk_init (void) - if (!ctr) - return; - -- virtdisks = grub_malloc (ctr * sizeof (virtdisks[0])); -+ virtdisks = grub_calloc (ctr, sizeof (virtdisks[0])); - if (!virtdisks) - return; - if (grub_xenstore_dir ("device/vbd", fill, &ctr)) -diff --git a/grub-core/efiemu/loadcore.c b/grub-core/efiemu/loadcore.c -index 44085ef..2b92462 100644 ---- a/grub-core/efiemu/loadcore.c -+++ b/grub-core/efiemu/loadcore.c -@@ -201,7 +201,7 @@ grub_efiemu_count_symbols (const Elf_Ehdr *e) - - grub_efiemu_nelfsyms = (unsigned) s->sh_size / (unsigned) s->sh_entsize; - grub_efiemu_elfsyms = (struct grub_efiemu_elf_sym *) -- grub_malloc (sizeof (struct grub_efiemu_elf_sym) * grub_efiemu_nelfsyms); -+ grub_calloc (grub_efiemu_nelfsyms, sizeof (struct grub_efiemu_elf_sym)); - - /* Relocators */ - for (i = 0, s = (Elf_Shdr *) ((char *) e + e->e_shoff); -diff --git a/grub-core/efiemu/mm.c b/grub-core/efiemu/mm.c -index 52a032f..9b8e0d0 100644 ---- a/grub-core/efiemu/mm.c -+++ b/grub-core/efiemu/mm.c -@@ -554,11 +554,11 @@ grub_efiemu_mmap_sort_and_uniq (void) - /* Initialize variables*/ - grub_memset (present, 0, sizeof (int) * GRUB_EFI_MAX_MEMORY_TYPE); - scanline_events = (struct grub_efiemu_mmap_scan *) -- grub_malloc (sizeof (struct grub_efiemu_mmap_scan) * 2 * mmap_num); -+ grub_calloc (mmap_num, sizeof (struct grub_efiemu_mmap_scan) * 2); - - /* Number of chunks can't increase more than by factor of 2 */ - result = (grub_efi_memory_descriptor_t *) -- grub_malloc (sizeof (grub_efi_memory_descriptor_t) * 2 * mmap_num); -+ grub_calloc (mmap_num, sizeof (grub_efi_memory_descriptor_t) * 2); - if (!result || !scanline_events) - { - grub_free (result); -@@ -660,7 +660,7 @@ grub_efiemu_mm_do_alloc (void) - - /* Preallocate mmap */ - efiemu_mmap = (grub_efi_memory_descriptor_t *) -- grub_malloc (mmap_reserved_size * sizeof (grub_efi_memory_descriptor_t)); -+ grub_calloc (mmap_reserved_size, sizeof (grub_efi_memory_descriptor_t)); - if (!efiemu_mmap) - { - grub_efiemu_unload (); -diff --git a/grub-core/font/font.c b/grub-core/font/font.c -index 85a2925..8e118b3 100644 ---- a/grub-core/font/font.c -+++ b/grub-core/font/font.c -@@ -293,8 +293,7 @@ load_font_index (grub_file_t file, grub_uint32_t sect_length, struct - font->num_chars = sect_length / FONT_CHAR_INDEX_ENTRY_SIZE; - - /* Allocate the character index array. */ -- font->char_index = grub_malloc (font->num_chars -- * sizeof (struct char_index_entry)); -+ font->char_index = grub_calloc (font->num_chars, sizeof (struct char_index_entry)); - if (!font->char_index) - return 1; - font->bmp_idx = grub_malloc (0x10000 * sizeof (grub_uint16_t)); -diff --git a/grub-core/fs/affs.c b/grub-core/fs/affs.c -index 6b6a2bc..220b371 100644 ---- a/grub-core/fs/affs.c -+++ b/grub-core/fs/affs.c -@@ -301,7 +301,7 @@ grub_affs_read_symlink (grub_fshelp_node_t node) - return 0; - } - latin1[symlink_size] = 0; -- utf8 = grub_malloc (symlink_size * GRUB_MAX_UTF8_PER_LATIN1 + 1); -+ utf8 = grub_calloc (GRUB_MAX_UTF8_PER_LATIN1 + 1, symlink_size); - if (!utf8) - { - grub_free (latin1); -@@ -422,7 +422,7 @@ grub_affs_iterate_dir (grub_fshelp_node_t dir, - return 1; - } - -- hashtable = grub_zalloc (data->htsize * sizeof (*hashtable)); -+ hashtable = grub_calloc (data->htsize, sizeof (*hashtable)); - if (!hashtable) - return 1; - -@@ -628,7 +628,7 @@ grub_affs_label (grub_device_t device, char **label) - len = file.namelen; - if (len > sizeof (file.name)) - len = sizeof (file.name); -- *label = grub_malloc (len * GRUB_MAX_UTF8_PER_LATIN1 + 1); -+ *label = grub_calloc (GRUB_MAX_UTF8_PER_LATIN1 + 1, len); - if (*label) - *grub_latin1_to_utf8 ((grub_uint8_t *) *label, file.name, len) = '\0'; - } -diff --git a/grub-core/fs/btrfs.c b/grub-core/fs/btrfs.c -index 48bd3d0..11272ef 100644 ---- a/grub-core/fs/btrfs.c -+++ b/grub-core/fs/btrfs.c -@@ -413,7 +413,7 @@ lower_bound (struct grub_btrfs_data *data, - { - desc->allocated = 16; - desc->depth = 0; -- desc->data = grub_malloc (sizeof (desc->data[0]) * desc->allocated); -+ desc->data = grub_calloc (desc->allocated, sizeof (desc->data[0])); - if (!desc->data) - return grub_errno; - } -@@ -752,7 +752,7 @@ raid56_read_retry (struct grub_btrfs_data *data, - grub_err_t ret = GRUB_ERR_OUT_OF_MEMORY; - grub_uint64_t i, failed_devices; - -- buffers = grub_zalloc (sizeof(*buffers) * nstripes); -+ buffers = grub_calloc (nstripes, sizeof (*buffers)); - if (!buffers) - goto cleanup; - -@@ -2160,7 +2160,7 @@ grub_btrfs_embed (grub_device_t device __attribute__ ((unused)), - *nsectors = 64 * 2 - 1; - if (*nsectors > max_nsectors) - *nsectors = max_nsectors; -- *sectors = grub_malloc (*nsectors * sizeof (**sectors)); -+ *sectors = grub_calloc (*nsectors, sizeof (**sectors)); - if (!*sectors) - return grub_errno; - for (i = 0; i < *nsectors; i++) -diff --git a/grub-core/fs/hfs.c b/grub-core/fs/hfs.c -index ac0a409..3fe842b 100644 ---- a/grub-core/fs/hfs.c -+++ b/grub-core/fs/hfs.c -@@ -1360,7 +1360,7 @@ grub_hfs_label (grub_device_t device, char **label) - grub_size_t len = data->sblock.volname[0]; - if (len > sizeof (data->sblock.volname) - 1) - len = sizeof (data->sblock.volname) - 1; -- *label = grub_malloc (len * MAX_UTF8_PER_MAC_ROMAN + 1); -+ *label = grub_calloc (MAX_UTF8_PER_MAC_ROMAN + 1, len); - if (*label) - macroman_to_utf8 (*label, data->sblock.volname + 1, - len + 1, 0); -diff --git a/grub-core/fs/hfsplus.c b/grub-core/fs/hfsplus.c -index 54786bb..dae43be 100644 ---- a/grub-core/fs/hfsplus.c -+++ b/grub-core/fs/hfsplus.c -@@ -720,7 +720,7 @@ list_nodes (void *record, void *hook_arg) - if (! filename) - return 0; - -- keyname = grub_malloc (grub_be_to_cpu16 (catkey->namelen) * sizeof (*keyname)); -+ keyname = grub_calloc (grub_be_to_cpu16 (catkey->namelen), sizeof (*keyname)); - if (!keyname) - { - grub_free (filename); -@@ -1007,7 +1007,7 @@ grub_hfsplus_label (grub_device_t device, char **label) - grub_hfsplus_btree_recptr (&data->catalog_tree, node, ptr); - - label_len = grub_be_to_cpu16 (catkey->namelen); -- label_name = grub_malloc (label_len * sizeof (*label_name)); -+ label_name = grub_calloc (label_len, sizeof (*label_name)); - if (!label_name) - { - grub_free (node); -@@ -1029,7 +1029,7 @@ grub_hfsplus_label (grub_device_t device, char **label) - } - } - -- *label = grub_malloc (label_len * GRUB_MAX_UTF8_PER_UTF16 + 1); -+ *label = grub_calloc (label_len, GRUB_MAX_UTF8_PER_UTF16 + 1); - if (! *label) - { - grub_free (label_name); -diff --git a/grub-core/fs/iso9660.c b/grub-core/fs/iso9660.c -index 49c0c63..4f1b52a 100644 ---- a/grub-core/fs/iso9660.c -+++ b/grub-core/fs/iso9660.c -@@ -331,7 +331,7 @@ grub_iso9660_convert_string (grub_uint8_t *us, int len) - int i; - grub_uint16_t t[MAX_NAMELEN / 2 + 1]; - -- p = grub_malloc (len * GRUB_MAX_UTF8_PER_UTF16 + 1); -+ p = grub_calloc (len, GRUB_MAX_UTF8_PER_UTF16 + 1); - if (! p) - return NULL; - -diff --git a/grub-core/fs/ntfs.c b/grub-core/fs/ntfs.c -index fc4e1f6..2f34f76 100644 ---- a/grub-core/fs/ntfs.c -+++ b/grub-core/fs/ntfs.c -@@ -556,8 +556,8 @@ get_utf8 (grub_uint8_t *in, grub_size_t len) - grub_uint16_t *tmp; - grub_size_t i; - -- buf = grub_malloc (len * GRUB_MAX_UTF8_PER_UTF16 + 1); -- tmp = grub_malloc (len * sizeof (tmp[0])); -+ buf = grub_calloc (len, GRUB_MAX_UTF8_PER_UTF16 + 1); -+ tmp = grub_calloc (len, sizeof (tmp[0])); - if (!buf || !tmp) - { - grub_free (buf); -diff --git a/grub-core/fs/sfs.c b/grub-core/fs/sfs.c -index 50c1fe7..90f7fb3 100644 ---- a/grub-core/fs/sfs.c -+++ b/grub-core/fs/sfs.c -@@ -266,7 +266,7 @@ grub_sfs_read_block (grub_fshelp_node_t node, grub_disk_addr_t fileblock) - node->next_extent = node->block; - node->cache_size = 0; - -- node->cache = grub_malloc (sizeof (node->cache[0]) * cache_size); -+ node->cache = grub_calloc (cache_size, sizeof (node->cache[0])); - if (!node->cache) - { - grub_errno = 0; -diff --git a/grub-core/fs/tar.c b/grub-core/fs/tar.c -index 7d63e0c..c551ed6 100644 ---- a/grub-core/fs/tar.c -+++ b/grub-core/fs/tar.c -@@ -120,7 +120,7 @@ grub_cpio_find_file (struct grub_archelp_data *data, char **name, - if (data->linkname_alloc < linksize + 1) - { - char *n; -- n = grub_malloc (2 * (linksize + 1)); -+ n = grub_calloc (2, linksize + 1); - if (!n) - return grub_errno; - grub_free (data->linkname); -diff --git a/grub-core/fs/udf.c b/grub-core/fs/udf.c -index dc8b6e2..a837616 100644 ---- a/grub-core/fs/udf.c -+++ b/grub-core/fs/udf.c -@@ -873,7 +873,7 @@ read_string (const grub_uint8_t *raw, grub_size_t sz, char *outbuf) - { - unsigned i; - utf16len = sz - 1; -- utf16 = grub_malloc (utf16len * sizeof (utf16[0])); -+ utf16 = grub_calloc (utf16len, sizeof (utf16[0])); - if (!utf16) - return NULL; - for (i = 0; i < utf16len; i++) -@@ -883,7 +883,7 @@ read_string (const grub_uint8_t *raw, grub_size_t sz, char *outbuf) - { - unsigned i; - utf16len = (sz - 1) / 2; -- utf16 = grub_malloc (utf16len * sizeof (utf16[0])); -+ utf16 = grub_calloc (utf16len, sizeof (utf16[0])); - if (!utf16) - return NULL; - for (i = 0; i < utf16len; i++) -diff --git a/grub-core/fs/zfs/zfs.c b/grub-core/fs/zfs/zfs.c -index 2f72e42..381dde5 100644 ---- a/grub-core/fs/zfs/zfs.c -+++ b/grub-core/fs/zfs/zfs.c -@@ -3325,7 +3325,7 @@ dnode_get_fullpath (const char *fullpath, struct subvolume *subvol, - } - subvol->nkeys = 0; - zap_iterate (&keychain_dn, 8, count_zap_keys, &ctx, data); -- subvol->keyring = grub_zalloc (subvol->nkeys * sizeof (subvol->keyring[0])); -+ subvol->keyring = grub_calloc (subvol->nkeys, sizeof (subvol->keyring[0])); - if (!subvol->keyring) - { - grub_free (fsname); -@@ -4336,7 +4336,7 @@ grub_zfs_embed (grub_device_t device __attribute__ ((unused)), - *nsectors = (VDEV_BOOT_SIZE >> GRUB_DISK_SECTOR_BITS); - if (*nsectors > max_nsectors) - *nsectors = max_nsectors; -- *sectors = grub_malloc (*nsectors * sizeof (**sectors)); -+ *sectors = grub_calloc (*nsectors, sizeof (**sectors)); - if (!*sectors) - return grub_errno; - for (i = 0; i < *nsectors; i++) -diff --git a/grub-core/gfxmenu/gui_string_util.c b/grub-core/gfxmenu/gui_string_util.c -index a9a415e..ba1e1ea 100644 ---- a/grub-core/gfxmenu/gui_string_util.c -+++ b/grub-core/gfxmenu/gui_string_util.c -@@ -55,7 +55,7 @@ canonicalize_path (const char *path) - if (*p == '/') - components++; - -- char **path_array = grub_malloc (components * sizeof (*path_array)); -+ char **path_array = grub_calloc (components, sizeof (*path_array)); - if (! path_array) - return 0; - -diff --git a/grub-core/gfxmenu/widget-box.c b/grub-core/gfxmenu/widget-box.c -index b606028..470597d 100644 ---- a/grub-core/gfxmenu/widget-box.c -+++ b/grub-core/gfxmenu/widget-box.c -@@ -303,10 +303,10 @@ grub_gfxmenu_create_box (const char *pixmaps_prefix, - box->content_height = 0; - box->raw_pixmaps = - (struct grub_video_bitmap **) -- grub_malloc (BOX_NUM_PIXMAPS * sizeof (struct grub_video_bitmap *)); -+ grub_calloc (BOX_NUM_PIXMAPS, sizeof (struct grub_video_bitmap *)); - box->scaled_pixmaps = - (struct grub_video_bitmap **) -- grub_malloc (BOX_NUM_PIXMAPS * sizeof (struct grub_video_bitmap *)); -+ grub_calloc (BOX_NUM_PIXMAPS, sizeof (struct grub_video_bitmap *)); - - /* Initialize all pixmap pointers to NULL so that proper destruction can - be performed if an error is encountered partway through construction. */ -diff --git a/grub-core/io/gzio.c b/grub-core/io/gzio.c -index 6208a97..43d98a7 100644 ---- a/grub-core/io/gzio.c -+++ b/grub-core/io/gzio.c -@@ -554,7 +554,7 @@ huft_build (unsigned *b, /* code lengths in bits (all assumed <= BMAX) */ - z = 1 << j; /* table entries for j-bit table */ - - /* allocate and link in new table */ -- q = (struct huft *) grub_zalloc ((z + 1) * sizeof (struct huft)); -+ q = (struct huft *) grub_calloc (z + 1, sizeof (struct huft)); - if (! q) - { - if (h) -diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c -index 6e1ceb9..dc31caa 100644 ---- a/grub-core/kern/efi/efi.c -+++ b/grub-core/kern/efi/efi.c -@@ -202,7 +202,7 @@ grub_efi_set_variable(const char *var, const grub_efi_guid_t *guid, - - len = grub_strlen (var); - len16 = len * GRUB_MAX_UTF16_PER_UTF8; -- var16 = grub_malloc ((len16 + 1) * sizeof (var16[0])); -+ var16 = grub_calloc (len16 + 1, sizeof (var16[0])); - if (!var16) - return grub_errno; - len16 = grub_utf8_to_utf16 (var16, len16, (grub_uint8_t *) var, len, NULL); -@@ -237,7 +237,7 @@ grub_efi_get_variable (const char *var, const grub_efi_guid_t *guid, - - len = grub_strlen (var); - len16 = len * GRUB_MAX_UTF16_PER_UTF8; -- var16 = grub_malloc ((len16 + 1) * sizeof (var16[0])); -+ var16 = grub_calloc (len16 + 1, sizeof (var16[0])); - if (!var16) - return NULL; - len16 = grub_utf8_to_utf16 (var16, len16, (grub_uint8_t *) var, len, NULL); -@@ -383,7 +383,7 @@ grub_efi_get_filename (grub_efi_device_path_t *dp0) - while (len > 0 && fp->path_name[len - 1] == 0) - len--; - -- dup_name = grub_malloc (len * sizeof (*dup_name)); -+ dup_name = grub_calloc (len, sizeof (*dup_name)); - if (!dup_name) - { - grub_free (name); -diff --git a/grub-core/kern/emu/hostdisk.c b/grub-core/kern/emu/hostdisk.c -index e9ec680..d975265 100644 ---- a/grub-core/kern/emu/hostdisk.c -+++ b/grub-core/kern/emu/hostdisk.c -@@ -615,7 +615,7 @@ static char * - grub_util_path_concat_real (size_t n, int ext, va_list ap) - { - size_t totlen = 0; -- char **l = xmalloc ((n + ext) * sizeof (l[0])); -+ char **l = xcalloc (n + ext, sizeof (l[0])); - char *r, *p, *pi; - size_t i; - int first = 1; -diff --git a/grub-core/kern/fs.c b/grub-core/kern/fs.c -index 2b85f49..f90be65 100644 ---- a/grub-core/kern/fs.c -+++ b/grub-core/kern/fs.c -@@ -151,7 +151,7 @@ grub_fs_blocklist_open (grub_file_t file, const char *name) - while (p); - - /* Allocate a block list. */ -- blocks = grub_zalloc (sizeof (struct grub_fs_block) * (num + 1)); -+ blocks = grub_calloc (num + 1, sizeof (struct grub_fs_block)); - if (! blocks) - return 0; - -diff --git a/grub-core/kern/misc.c b/grub-core/kern/misc.c -index 3b633d5..a7abd36 100644 ---- a/grub-core/kern/misc.c -+++ b/grub-core/kern/misc.c -@@ -690,7 +690,7 @@ parse_printf_args (const char *fmt0, struct printf_args *args, - args->ptr = args->prealloc; - else - { -- args->ptr = grub_malloc (args->count * sizeof (args->ptr[0])); -+ args->ptr = grub_calloc (args->count, sizeof (args->ptr[0])); - if (!args->ptr) - { - grub_errno = GRUB_ERR_NONE; -diff --git a/grub-core/kern/parser.c b/grub-core/kern/parser.c -index 78175aa..619db31 100644 ---- a/grub-core/kern/parser.c -+++ b/grub-core/kern/parser.c -@@ -213,7 +213,7 @@ grub_parser_split_cmdline (const char *cmdline, - return grub_errno; - grub_memcpy (args, buffer, bp - buffer); - -- *argv = grub_malloc (sizeof (char *) * (*argc + 1)); -+ *argv = grub_calloc (*argc + 1, sizeof (char *)); - if (!*argv) - { - grub_free (args); -diff --git a/grub-core/kern/uboot/uboot.c b/grub-core/kern/uboot/uboot.c -index be4816f..aac8f9a 100644 ---- a/grub-core/kern/uboot/uboot.c -+++ b/grub-core/kern/uboot/uboot.c -@@ -133,7 +133,7 @@ grub_uboot_dev_enum (void) - return num_devices; - - max_devices = 2; -- enum_devices = grub_malloc (sizeof(struct device_info) * max_devices); -+ enum_devices = grub_calloc (max_devices, sizeof(struct device_info)); - if (!enum_devices) - return 0; - -diff --git a/grub-core/lib/libgcrypt/cipher/ac.c b/grub-core/lib/libgcrypt/cipher/ac.c -index f5e946a..63f6fcd 100644 ---- a/grub-core/lib/libgcrypt/cipher/ac.c -+++ b/grub-core/lib/libgcrypt/cipher/ac.c -@@ -185,7 +185,7 @@ ac_data_mpi_copy (gcry_ac_mpi_t *data_mpis, unsigned int data_mpis_n, - gcry_mpi_t mpi; - char *label; - -- data_mpis_new = gcry_malloc (sizeof (*data_mpis_new) * data_mpis_n); -+ data_mpis_new = gcry_calloc (data_mpis_n, sizeof (*data_mpis_new)); - if (! data_mpis_new) - { - err = gcry_error_from_errno (errno); -@@ -572,7 +572,7 @@ _gcry_ac_data_to_sexp (gcry_ac_data_t data, gcry_sexp_t *sexp, - } - - /* Add MPI list. */ -- arg_list = gcry_malloc (sizeof (*arg_list) * (data_n + 1)); -+ arg_list = gcry_calloc (data_n + 1, sizeof (*arg_list)); - if (! arg_list) - { - err = gcry_error_from_errno (errno); -@@ -1283,7 +1283,7 @@ ac_data_construct (const char *identifier, int include_flags, - /* We build a list of arguments to pass to - gcry_sexp_build_array(). */ - data_length = _gcry_ac_data_length (data); -- arg_list = gcry_malloc (sizeof (*arg_list) * (data_length * 2)); -+ arg_list = gcry_calloc (data_length, sizeof (*arg_list) * 2); - if (! arg_list) - { - err = gcry_error_from_errno (errno); -@@ -1593,7 +1593,7 @@ _gcry_ac_key_pair_generate (gcry_ac_handle_t handle, unsigned int nbits, - arg_list_n += 2; - - /* Allocate list. */ -- arg_list = gcry_malloc (sizeof (*arg_list) * arg_list_n); -+ arg_list = gcry_calloc (arg_list_n, sizeof (*arg_list)); - if (! arg_list) - { - err = gcry_error_from_errno (errno); -diff --git a/grub-core/lib/libgcrypt/cipher/primegen.c b/grub-core/lib/libgcrypt/cipher/primegen.c -index 2788e34..b12e79b 100644 ---- a/grub-core/lib/libgcrypt/cipher/primegen.c -+++ b/grub-core/lib/libgcrypt/cipher/primegen.c -@@ -383,7 +383,7 @@ prime_generate_internal (int need_q_factor, - } - - /* Allocate an array to track pool usage. */ -- pool_in_use = gcry_malloc (n * sizeof *pool_in_use); -+ pool_in_use = gcry_calloc (n, sizeof *pool_in_use); - if (!pool_in_use) - { - err = gpg_err_code_from_errno (errno); -@@ -765,7 +765,7 @@ gen_prime (unsigned int nbits, int secret, int randomlevel, - if (nbits < 16) - log_fatal ("can't generate a prime with less than %d bits\n", 16); - -- mods = gcry_xmalloc( no_of_small_prime_numbers * sizeof *mods ); -+ mods = gcry_xcalloc( no_of_small_prime_numbers, sizeof *mods); - /* Make nbits fit into gcry_mpi_t implementation. */ - val_2 = mpi_alloc_set_ui( 2 ); - val_3 = mpi_alloc_set_ui( 3); -diff --git a/grub-core/lib/libgcrypt/cipher/pubkey.c b/grub-core/lib/libgcrypt/cipher/pubkey.c -index 9109821..ca087ad 100644 ---- a/grub-core/lib/libgcrypt/cipher/pubkey.c -+++ b/grub-core/lib/libgcrypt/cipher/pubkey.c -@@ -2941,7 +2941,7 @@ gcry_pk_encrypt (gcry_sexp_t *r_ciph, gcry_sexp_t s_data, gcry_sexp_t s_pkey) - * array to a format string, so we have to do it this way :-(. */ - /* FIXME: There is now such a format specifier, so we can - change the code to be more clear. */ -- arg_list = malloc (nelem * sizeof *arg_list); -+ arg_list = calloc (nelem, sizeof *arg_list); - if (!arg_list) - { - rc = gpg_err_code_from_syserror (); -@@ -3233,7 +3233,7 @@ gcry_pk_sign (gcry_sexp_t *r_sig, gcry_sexp_t s_hash, gcry_sexp_t s_skey) - } - strcpy (p, "))"); - -- arg_list = malloc (nelem * sizeof *arg_list); -+ arg_list = calloc (nelem, sizeof *arg_list); - if (!arg_list) - { - rc = gpg_err_code_from_syserror (); -diff --git a/grub-core/lib/priority_queue.c b/grub-core/lib/priority_queue.c -index 659be0b..7d5e7c0 100644 ---- a/grub-core/lib/priority_queue.c -+++ b/grub-core/lib/priority_queue.c -@@ -92,7 +92,7 @@ grub_priority_queue_new (grub_size_t elsize, - { - struct grub_priority_queue *ret; - void *els; -- els = grub_malloc (elsize * 8); -+ els = grub_calloc (8, elsize); - if (!els) - return 0; - ret = (struct grub_priority_queue *) grub_malloc (sizeof (*ret)); -diff --git a/grub-core/lib/reed_solomon.c b/grub-core/lib/reed_solomon.c -index ee9fa7b..467305b 100644 ---- a/grub-core/lib/reed_solomon.c -+++ b/grub-core/lib/reed_solomon.c -@@ -20,6 +20,7 @@ - #include <stdio.h> - #include <string.h> - #include <stdlib.h> -+#define xcalloc calloc - #define xmalloc malloc - #define grub_memset memset - #define grub_memcpy memcpy -@@ -158,11 +159,9 @@ rs_encode (gf_single_t *data, grub_size_t s, grub_size_t rs) - gf_single_t *rs_polynomial; - int i, j; - gf_single_t *m; -- m = xmalloc ((s + rs) * sizeof (gf_single_t)); -+ m = xcalloc (s + rs, sizeof (gf_single_t)); - grub_memcpy (m, data, s * sizeof (gf_single_t)); -- grub_memset (m + s, 0, rs * sizeof (gf_single_t)); -- rs_polynomial = xmalloc ((rs + 1) * sizeof (gf_single_t)); -- grub_memset (rs_polynomial, 0, (rs + 1) * sizeof (gf_single_t)); -+ rs_polynomial = xcalloc (rs + 1, sizeof (gf_single_t)); - rs_polynomial[rs] = 1; - /* Multiply with X - a^r */ - for (j = 0; j < rs; j++) -diff --git a/grub-core/lib/relocator.c b/grub-core/lib/relocator.c -index ea3ebc7..5847aac 100644 ---- a/grub-core/lib/relocator.c -+++ b/grub-core/lib/relocator.c -@@ -495,9 +495,9 @@ malloc_in_range (struct grub_relocator *rel, - } - #endif - -- eventt = grub_malloc (maxevents * sizeof (events[0])); -+ eventt = grub_calloc (maxevents, sizeof (events[0])); - counter = grub_malloc ((DIGITSORT_MASK + 2) * sizeof (counter[0])); -- events = grub_malloc (maxevents * sizeof (events[0])); -+ events = grub_calloc (maxevents, sizeof (events[0])); - if (!events || !eventt || !counter) - { - grub_dprintf ("relocator", "events or counter allocation failed %d\n", -@@ -963,7 +963,7 @@ malloc_in_range (struct grub_relocator *rel, - #endif - unsigned cural = 0; - int oom = 0; -- res->subchunks = grub_malloc (sizeof (res->subchunks[0]) * nallocs); -+ res->subchunks = grub_calloc (nallocs, sizeof (res->subchunks[0])); - if (!res->subchunks) - oom = 1; - res->nsubchunks = nallocs; -@@ -1562,8 +1562,8 @@ grub_relocator_prepare_relocs (struct grub_relocator *rel, grub_addr_t addr, - count[(chunk->src & 0xff) + 1]++; - } - } -- from = grub_malloc (nchunks * sizeof (sorted[0])); -- to = grub_malloc (nchunks * sizeof (sorted[0])); -+ from = grub_calloc (nchunks, sizeof (sorted[0])); -+ to = grub_calloc (nchunks, sizeof (sorted[0])); - if (!from || !to) - { - grub_free (from); -diff --git a/grub-core/lib/zstd/fse_decompress.c b/grub-core/lib/zstd/fse_decompress.c -index 72bbead..2227b84 100644 ---- a/grub-core/lib/zstd/fse_decompress.c -+++ b/grub-core/lib/zstd/fse_decompress.c -@@ -82,7 +82,7 @@ - FSE_DTable* FSE_createDTable (unsigned tableLog) - { - if (tableLog > FSE_TABLELOG_ABSOLUTE_MAX) tableLog = FSE_TABLELOG_ABSOLUTE_MAX; -- return (FSE_DTable*)malloc( FSE_DTABLE_SIZE_U32(tableLog) * sizeof (U32) ); -+ return (FSE_DTable*)calloc( FSE_DTABLE_SIZE_U32(tableLog), sizeof (U32) ); - } - - void FSE_freeDTable (FSE_DTable* dt) -diff --git a/grub-core/loader/arm/linux.c b/grub-core/loader/arm/linux.c -index 5168491..d70c174 100644 ---- a/grub-core/loader/arm/linux.c -+++ b/grub-core/loader/arm/linux.c -@@ -78,7 +78,7 @@ linux_prepare_atag (void *target_atag) - - /* some place for cmdline, initrd and terminator. */ - tmp_size = get_atag_size (atag_orig) + 20 + (arg_size) / 4; -- tmp_atag = grub_malloc (tmp_size * sizeof (grub_uint32_t)); -+ tmp_atag = grub_calloc (tmp_size, sizeof (grub_uint32_t)); - if (!tmp_atag) - return grub_errno; - -diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c -index cd92ea3..daf8c6b 100644 ---- a/grub-core/loader/efi/chainloader.c -+++ b/grub-core/loader/efi/chainloader.c -@@ -116,7 +116,7 @@ copy_file_path (grub_efi_file_path_device_path_t *fp, - fp->header.type = GRUB_EFI_MEDIA_DEVICE_PATH_TYPE; - fp->header.subtype = GRUB_EFI_FILE_PATH_DEVICE_PATH_SUBTYPE; - -- path_name = grub_malloc (len * GRUB_MAX_UTF16_PER_UTF8 * sizeof (*path_name)); -+ path_name = grub_calloc (len, GRUB_MAX_UTF16_PER_UTF8 * sizeof (*path_name)); - if (!path_name) - return; - -diff --git a/grub-core/loader/i386/bsdXX.c b/grub-core/loader/i386/bsdXX.c -index af6741d..a8d8bf7 100644 ---- a/grub-core/loader/i386/bsdXX.c -+++ b/grub-core/loader/i386/bsdXX.c -@@ -48,7 +48,7 @@ read_headers (grub_file_t file, const char *filename, Elf_Ehdr *e, char **shdr) - if (e->e_ident[EI_CLASS] != SUFFIX (ELFCLASS)) - return grub_error (GRUB_ERR_BAD_OS, N_("invalid arch-dependent ELF magic")); - -- *shdr = grub_malloc ((grub_uint32_t) e->e_shnum * e->e_shentsize); -+ *shdr = grub_calloc (e->e_shnum, e->e_shentsize); - if (! *shdr) - return grub_errno; - -diff --git a/grub-core/loader/i386/xnu.c b/grub-core/loader/i386/xnu.c -index e64ed08..b7d176b 100644 ---- a/grub-core/loader/i386/xnu.c -+++ b/grub-core/loader/i386/xnu.c -@@ -295,7 +295,7 @@ grub_xnu_devprop_add_property_utf8 (struct grub_xnu_devprop_device_descriptor *d - return grub_errno; - - len = grub_strlen (name); -- utf16 = grub_malloc (sizeof (grub_uint16_t) * len); -+ utf16 = grub_calloc (len, sizeof (grub_uint16_t)); - if (!utf16) - { - grub_free (utf8); -@@ -331,7 +331,7 @@ grub_xnu_devprop_add_property_utf16 (struct grub_xnu_devprop_device_descriptor * - grub_uint16_t *utf16; - grub_err_t err; - -- utf16 = grub_malloc (sizeof (grub_uint16_t) * namelen); -+ utf16 = grub_calloc (namelen, sizeof (grub_uint16_t)); - if (!utf16) - return grub_errno; - grub_memcpy (utf16, name, sizeof (grub_uint16_t) * namelen); -diff --git a/grub-core/loader/macho.c b/grub-core/loader/macho.c -index 085f9c6..05710c4 100644 ---- a/grub-core/loader/macho.c -+++ b/grub-core/loader/macho.c -@@ -97,7 +97,7 @@ grub_macho_file (grub_file_t file, const char *filename, int is_64bit) - if (grub_file_seek (macho->file, sizeof (struct grub_macho_fat_header)) - == (grub_off_t) -1) - goto fail; -- archs = grub_malloc (sizeof (struct grub_macho_fat_arch) * narchs); -+ archs = grub_calloc (narchs, sizeof (struct grub_macho_fat_arch)); - if (!archs) - goto fail; - if (grub_file_read (macho->file, archs, -diff --git a/grub-core/loader/multiboot_elfxx.c b/grub-core/loader/multiboot_elfxx.c -index 70cd1db..cc68536 100644 ---- a/grub-core/loader/multiboot_elfxx.c -+++ b/grub-core/loader/multiboot_elfxx.c -@@ -217,7 +217,7 @@ CONCAT(grub_multiboot_load_elf, XX) (mbi_load_data_t *mld) - { - grub_uint8_t *shdr, *shdrptr; - -- shdr = grub_malloc ((grub_uint32_t) ehdr->e_shnum * ehdr->e_shentsize); -+ shdr = grub_calloc (ehdr->e_shnum, ehdr->e_shentsize); - if (!shdr) - return grub_errno; - -diff --git a/grub-core/loader/xnu.c b/grub-core/loader/xnu.c -index 7f74d1d..77d7060 100644 ---- a/grub-core/loader/xnu.c -+++ b/grub-core/loader/xnu.c -@@ -800,7 +800,7 @@ grub_cmd_xnu_mkext (grub_command_t cmd __attribute__ ((unused)), - if (grub_be_to_cpu32 (head.magic) == GRUB_MACHO_FAT_MAGIC) - { - narchs = grub_be_to_cpu32 (head.nfat_arch); -- archs = grub_malloc (sizeof (struct grub_macho_fat_arch) * narchs); -+ archs = grub_calloc (narchs, sizeof (struct grub_macho_fat_arch)); - if (! archs) - { - grub_file_close (file); -diff --git a/grub-core/mmap/mmap.c b/grub-core/mmap/mmap.c -index 6a31cba..57b4e9a 100644 ---- a/grub-core/mmap/mmap.c -+++ b/grub-core/mmap/mmap.c -@@ -143,9 +143,9 @@ grub_mmap_iterate (grub_memory_hook_t hook, void *hook_data) - - /* Initialize variables. */ - ctx.scanline_events = (struct grub_mmap_scan *) -- grub_malloc (sizeof (struct grub_mmap_scan) * 2 * mmap_num); -+ grub_calloc (mmap_num, sizeof (struct grub_mmap_scan) * 2); - -- present = grub_zalloc (sizeof (present[0]) * current_priority); -+ present = grub_calloc (current_priority, sizeof (present[0])); - - if (! ctx.scanline_events || !present) - { -diff --git a/grub-core/net/bootp.c b/grub-core/net/bootp.c -index 04cfbb0..6539572 100644 ---- a/grub-core/net/bootp.c -+++ b/grub-core/net/bootp.c -@@ -766,7 +766,7 @@ grub_cmd_bootp (struct grub_command *cmd __attribute__ ((unused)), - if (ncards == 0) - return grub_error (GRUB_ERR_NET_NO_CARD, N_("no network card found")); - -- ifaces = grub_zalloc (ncards * sizeof (ifaces[0])); -+ ifaces = grub_calloc (ncards, sizeof (ifaces[0])); - if (!ifaces) - return grub_errno; - -diff --git a/grub-core/net/dns.c b/grub-core/net/dns.c -index 5d9afe0..e332d5e 100644 ---- a/grub-core/net/dns.c -+++ b/grub-core/net/dns.c -@@ -285,8 +285,8 @@ recv_hook (grub_net_udp_socket_t sock __attribute__ ((unused)), - ptr++; - ptr += 4; - } -- *data->addresses = grub_malloc (sizeof ((*data->addresses)[0]) -- * grub_be_to_cpu16 (head->ancount)); -+ *data->addresses = grub_calloc (grub_be_to_cpu16 (head->ancount), -+ sizeof ((*data->addresses)[0])); - if (!*data->addresses) - { - grub_errno = GRUB_ERR_NONE; -@@ -406,8 +406,8 @@ recv_hook (grub_net_udp_socket_t sock __attribute__ ((unused)), - dns_cache[h].addresses = 0; - dns_cache[h].name = grub_strdup (data->oname); - dns_cache[h].naddresses = *data->naddresses; -- dns_cache[h].addresses = grub_malloc (*data->naddresses -- * sizeof (dns_cache[h].addresses[0])); -+ dns_cache[h].addresses = grub_calloc (*data->naddresses, -+ sizeof (dns_cache[h].addresses[0])); - dns_cache[h].limit_time = grub_get_time_ms () + 1000 * ttl_all; - if (!dns_cache[h].addresses || !dns_cache[h].name) - { -@@ -479,7 +479,7 @@ grub_net_dns_lookup (const char *name, - } - } - -- sockets = grub_malloc (sizeof (sockets[0]) * n_servers); -+ sockets = grub_calloc (n_servers, sizeof (sockets[0])); - if (!sockets) - return grub_errno; - -diff --git a/grub-core/net/net.c b/grub-core/net/net.c -index d5d726a..38f19df 100644 ---- a/grub-core/net/net.c -+++ b/grub-core/net/net.c -@@ -333,8 +333,8 @@ grub_cmd_ipv6_autoconf (struct grub_command *cmd __attribute__ ((unused)), - ncards++; - } - -- ifaces = grub_zalloc (ncards * sizeof (ifaces[0])); -- slaacs = grub_zalloc (ncards * sizeof (slaacs[0])); -+ ifaces = grub_calloc (ncards, sizeof (ifaces[0])); -+ slaacs = grub_calloc (ncards, sizeof (slaacs[0])); - if (!ifaces || !slaacs) - { - grub_free (ifaces); -diff --git a/grub-core/normal/charset.c b/grub-core/normal/charset.c -index b0ab47d..d57fb72 100644 ---- a/grub-core/normal/charset.c -+++ b/grub-core/normal/charset.c -@@ -203,7 +203,7 @@ grub_utf8_to_ucs4_alloc (const char *msg, grub_uint32_t **unicode_msg, - { - grub_size_t msg_len = grub_strlen (msg); - -- *unicode_msg = grub_malloc (msg_len * sizeof (grub_uint32_t)); -+ *unicode_msg = grub_calloc (msg_len, sizeof (grub_uint32_t)); - - if (!*unicode_msg) - return -1; -@@ -488,7 +488,7 @@ grub_unicode_aglomerate_comb (const grub_uint32_t *in, grub_size_t inlen, - } - else - { -- n = grub_malloc (sizeof (n[0]) * (out->ncomb + 1)); -+ n = grub_calloc (out->ncomb + 1, sizeof (n[0])); - if (!n) - { - grub_errno = GRUB_ERR_NONE; -@@ -842,7 +842,7 @@ grub_bidi_line_logical_to_visual (const grub_uint32_t *logical, - } \ - } - -- visual = grub_malloc (sizeof (visual[0]) * logical_len); -+ visual = grub_calloc (logical_len, sizeof (visual[0])); - if (!visual) - return -1; - -@@ -1165,8 +1165,8 @@ grub_bidi_logical_to_visual (const grub_uint32_t *logical, - { - const grub_uint32_t *line_start = logical, *ptr; - struct grub_unicode_glyph *visual_ptr; -- *visual_out = visual_ptr = grub_malloc (3 * sizeof (visual_ptr[0]) -- * (logical_len + 2)); -+ *visual_out = visual_ptr = grub_calloc (logical_len + 2, -+ 3 * sizeof (visual_ptr[0])); - if (!visual_ptr) - return -1; - for (ptr = logical; ptr <= logical + logical_len; ptr++) -diff --git a/grub-core/normal/cmdline.c b/grub-core/normal/cmdline.c -index c037d50..c57242e 100644 ---- a/grub-core/normal/cmdline.c -+++ b/grub-core/normal/cmdline.c -@@ -41,7 +41,7 @@ grub_err_t - grub_set_history (int newsize) - { - grub_uint32_t **old_hist_lines = hist_lines; -- hist_lines = grub_malloc (sizeof (grub_uint32_t *) * newsize); -+ hist_lines = grub_calloc (newsize, sizeof (grub_uint32_t *)); - - /* Copy the old lines into the new buffer. */ - if (old_hist_lines) -@@ -114,7 +114,7 @@ static void - grub_history_set (int pos, grub_uint32_t *s, grub_size_t len) - { - grub_free (hist_lines[pos]); -- hist_lines[pos] = grub_malloc ((len + 1) * sizeof (grub_uint32_t)); -+ hist_lines[pos] = grub_calloc (len + 1, sizeof (grub_uint32_t)); - if (!hist_lines[pos]) - { - grub_print_error (); -@@ -349,7 +349,7 @@ grub_cmdline_get (const char *prompt_translated) - char *ret; - unsigned nterms; - -- buf = grub_malloc (max_len * sizeof (grub_uint32_t)); -+ buf = grub_calloc (max_len, sizeof (grub_uint32_t)); - if (!buf) - return 0; - -@@ -377,7 +377,7 @@ grub_cmdline_get (const char *prompt_translated) - FOR_ACTIVE_TERM_OUTPUTS(cur) - nterms++; - -- cl_terms = grub_malloc (sizeof (cl_terms[0]) * nterms); -+ cl_terms = grub_calloc (nterms, sizeof (cl_terms[0])); - if (!cl_terms) - { - grub_free (buf); -@@ -385,7 +385,7 @@ grub_cmdline_get (const char *prompt_translated) - } - cl_term_cur = cl_terms; - -- unicode_msg = grub_malloc (msg_len * sizeof (grub_uint32_t)); -+ unicode_msg = grub_calloc (msg_len, sizeof (grub_uint32_t)); - if (!unicode_msg) - { - grub_free (buf); -@@ -495,7 +495,7 @@ grub_cmdline_get (const char *prompt_translated) - grub_uint32_t *insert; - - insertlen = grub_strlen (insertu8); -- insert = grub_malloc ((insertlen + 1) * sizeof (grub_uint32_t)); -+ insert = grub_calloc (insertlen + 1, sizeof (grub_uint32_t)); - if (!insert) - { - grub_free (insertu8); -@@ -602,7 +602,7 @@ grub_cmdline_get (const char *prompt_translated) - - grub_free (kill_buf); - -- kill_buf = grub_malloc ((n + 1) * sizeof(grub_uint32_t)); -+ kill_buf = grub_calloc (n + 1, sizeof (grub_uint32_t)); - if (grub_errno) - { - grub_print_error (); -diff --git a/grub-core/normal/menu_entry.c b/grub-core/normal/menu_entry.c -index cdf3590..1993995 100644 ---- a/grub-core/normal/menu_entry.c -+++ b/grub-core/normal/menu_entry.c -@@ -95,8 +95,8 @@ init_line (struct screen *screen, struct line *linep) - { - linep->len = 0; - linep->max_len = 80; -- linep->buf = grub_malloc ((linep->max_len + 1) * sizeof (linep->buf[0])); -- linep->pos = grub_zalloc (screen->nterms * sizeof (linep->pos[0])); -+ linep->buf = grub_calloc (linep->max_len + 1, sizeof (linep->buf[0])); -+ linep->pos = grub_calloc (screen->nterms, sizeof (linep->pos[0])); - if (! linep->buf || !linep->pos) - { - grub_free (linep->buf); -@@ -287,7 +287,7 @@ update_screen (struct screen *screen, struct per_term_screen *term_screen, - pos = linep->pos + (term_screen - screen->terms); - - if (!*pos) -- *pos = grub_zalloc ((linep->len + 1) * sizeof (**pos)); -+ *pos = grub_calloc (linep->len + 1, sizeof (**pos)); - - if (i == region_start || linep == screen->lines + screen->line - || (i > region_start && mode == ALL_LINES)) -@@ -471,7 +471,7 @@ insert_string (struct screen *screen, const char *s, int update) - - /* Insert the string. */ - current_linep = screen->lines + screen->line; -- unicode_msg = grub_malloc ((p - s) * sizeof (grub_uint32_t)); -+ unicode_msg = grub_calloc (p - s, sizeof (grub_uint32_t)); - - if (!unicode_msg) - return 0; -@@ -1023,7 +1023,7 @@ complete (struct screen *screen, int continuous, int update) - if (completion_buffer.buf) - { - buflen = grub_strlen (completion_buffer.buf); -- ucs4 = grub_malloc (sizeof (grub_uint32_t) * (buflen + 1)); -+ ucs4 = grub_calloc (buflen + 1, sizeof (grub_uint32_t)); - - if (!ucs4) - { -@@ -1268,7 +1268,7 @@ grub_menu_entry_run (grub_menu_entry_t entry) - for (i = 0; i < (unsigned) screen->num_lines; i++) - { - grub_free (screen->lines[i].pos); -- screen->lines[i].pos = grub_zalloc (screen->nterms * sizeof (screen->lines[i].pos[0])); -+ screen->lines[i].pos = grub_calloc (screen->nterms, sizeof (screen->lines[i].pos[0])); - if (! screen->lines[i].pos) - { - grub_print_error (); -@@ -1278,7 +1278,7 @@ grub_menu_entry_run (grub_menu_entry_t entry) - } - } - -- screen->terms = grub_zalloc (screen->nterms * sizeof (screen->terms[0])); -+ screen->terms = grub_calloc (screen->nterms, sizeof (screen->terms[0])); - if (!screen->terms) - { - grub_print_error (); -diff --git a/grub-core/normal/menu_text.c b/grub-core/normal/menu_text.c -index e22bb91..18240e7 100644 ---- a/grub-core/normal/menu_text.c -+++ b/grub-core/normal/menu_text.c -@@ -78,7 +78,7 @@ grub_print_message_indented_real (const char *msg, int margin_left, - grub_size_t msg_len = grub_strlen (msg) + 2; - int ret = 0; - -- unicode_msg = grub_malloc (msg_len * sizeof (grub_uint32_t)); -+ unicode_msg = grub_calloc (msg_len, sizeof (grub_uint32_t)); - - if (!unicode_msg) - return 0; -@@ -211,7 +211,7 @@ print_entry (int y, int highlight, grub_menu_entry_t entry, - - title = entry ? entry->title : ""; - title_len = grub_strlen (title); -- unicode_title = grub_malloc (title_len * sizeof (*unicode_title)); -+ unicode_title = grub_calloc (title_len, sizeof (*unicode_title)); - if (! unicode_title) - /* XXX How to show this error? */ - return; -diff --git a/grub-core/normal/term.c b/grub-core/normal/term.c -index a1e5c5a..cc8c173 100644 ---- a/grub-core/normal/term.c -+++ b/grub-core/normal/term.c -@@ -264,7 +264,7 @@ grub_term_save_pos (void) - FOR_ACTIVE_TERM_OUTPUTS(cur) - cnt++; - -- ret = grub_malloc (cnt * sizeof (ret[0])); -+ ret = grub_calloc (cnt, sizeof (ret[0])); - if (!ret) - return NULL; - -@@ -1013,7 +1013,7 @@ grub_xnputs (const char *str, grub_size_t msg_len) - - grub_error_push (); - -- unicode_str = grub_malloc (msg_len * sizeof (grub_uint32_t)); -+ unicode_str = grub_calloc (msg_len, sizeof (grub_uint32_t)); - - grub_error_pop (); - -diff --git a/grub-core/osdep/linux/getroot.c b/grub-core/osdep/linux/getroot.c -index 90d92d3..5b41ad0 100644 ---- a/grub-core/osdep/linux/getroot.c -+++ b/grub-core/osdep/linux/getroot.c -@@ -168,7 +168,7 @@ grub_util_raid_getmembers (const char *name, int bootable) - if (ret != 0) - grub_util_error (_("ioctl GET_ARRAY_INFO error: %s"), strerror (errno)); - -- devicelist = xmalloc ((info.nr_disks + 1) * sizeof (char *)); -+ devicelist = xcalloc (info.nr_disks + 1, sizeof (char *)); - - for (i = 0, j = 0; j < info.nr_disks; i++) - { -@@ -241,7 +241,7 @@ grub_find_root_devices_from_btrfs (const char *dir) - return NULL; - } - -- ret = xmalloc ((fsi.num_devices + 1) * sizeof (ret[0])); -+ ret = xcalloc (fsi.num_devices + 1, sizeof (ret[0])); - - for (i = 1; i <= fsi.max_id && j < fsi.num_devices; i++) - { -@@ -396,7 +396,7 @@ grub_find_root_devices_from_mountinfo (const char *dir, char **relroot) - if (relroot) - *relroot = NULL; - -- entries = xmalloc (entry_max * sizeof (*entries)); -+ entries = xcalloc (entry_max, sizeof (*entries)); - - again: - fp = grub_util_fopen ("/proc/self/mountinfo", "r"); -diff --git a/grub-core/osdep/unix/config.c b/grub-core/osdep/unix/config.c -index 65effa9..7d63251 100644 ---- a/grub-core/osdep/unix/config.c -+++ b/grub-core/osdep/unix/config.c -@@ -89,7 +89,7 @@ grub_util_load_config (struct grub_util_config *cfg) - argv[0] = "sh"; - argv[1] = "-c"; - -- script = xmalloc (4 * strlen (cfgfile) + 300); -+ script = xcalloc (4, strlen (cfgfile) + 300); - - ptr = script; - memcpy (ptr, ". '", 3); -diff --git a/grub-core/osdep/windows/getroot.c b/grub-core/osdep/windows/getroot.c -index 661d954..eada663 100644 ---- a/grub-core/osdep/windows/getroot.c -+++ b/grub-core/osdep/windows/getroot.c -@@ -59,7 +59,7 @@ grub_get_mount_point (const TCHAR *path) - - for (ptr = path; *ptr; ptr++); - allocsize = (ptr - path + 10) * 2; -- out = xmalloc (allocsize * sizeof (out[0])); -+ out = xcalloc (allocsize, sizeof (out[0])); - - /* When pointing to EFI system partition GetVolumePathName fails - for ESP root and returns abberant information for everything -diff --git a/grub-core/osdep/windows/hostdisk.c b/grub-core/osdep/windows/hostdisk.c -index 3551007..0be3273 100644 ---- a/grub-core/osdep/windows/hostdisk.c -+++ b/grub-core/osdep/windows/hostdisk.c -@@ -111,7 +111,7 @@ grub_util_get_windows_path_real (const char *path) - - while (1) - { -- fpa = xmalloc (alloc * sizeof (fpa[0])); -+ fpa = xcalloc (alloc, sizeof (fpa[0])); - - len = GetFullPathName (tpath, alloc, fpa, NULL); - if (len >= alloc) -@@ -399,7 +399,7 @@ grub_util_fd_opendir (const char *name) - for (l = 0; name_windows[l]; l++); - for (l--; l >= 0 && (name_windows[l] == '\\' || name_windows[l] == '/'); l--); - l++; -- pattern = xmalloc ((l + 3) * sizeof (pattern[0])); -+ pattern = xcalloc (l + 3, sizeof (pattern[0])); - memcpy (pattern, name_windows, l * sizeof (pattern[0])); - pattern[l] = '\\'; - pattern[l + 1] = '*'; -diff --git a/grub-core/osdep/windows/init.c b/grub-core/osdep/windows/init.c -index e8ffd62..6297de6 100644 ---- a/grub-core/osdep/windows/init.c -+++ b/grub-core/osdep/windows/init.c -@@ -161,7 +161,7 @@ grub_util_host_init (int *argc __attribute__ ((unused)), - LPWSTR *targv; - - targv = CommandLineToArgvW (tcmdline, argc); -- *argv = xmalloc ((*argc + 1) * sizeof (argv[0])); -+ *argv = xcalloc (*argc + 1, sizeof (argv[0])); - - for (i = 0; i < *argc; i++) - (*argv)[i] = grub_util_tchar_to_utf8 (targv[i]); -diff --git a/grub-core/osdep/windows/platform.c b/grub-core/osdep/windows/platform.c -index 7eb53fe..1ef86bf 100644 ---- a/grub-core/osdep/windows/platform.c -+++ b/grub-core/osdep/windows/platform.c -@@ -225,8 +225,8 @@ grub_install_register_efi (grub_device_t efidir_grub_dev, - grub_util_error ("%s", _("no EFI routines are available when running in BIOS mode")); - - distrib8_len = grub_strlen (efi_distributor); -- distributor16 = xmalloc ((distrib8_len + 1) * GRUB_MAX_UTF16_PER_UTF8 -- * sizeof (grub_uint16_t)); -+ distributor16 = xcalloc (distrib8_len + 1, -+ GRUB_MAX_UTF16_PER_UTF8 * sizeof (grub_uint16_t)); - distrib16_len = grub_utf8_to_utf16 (distributor16, distrib8_len * GRUB_MAX_UTF16_PER_UTF8, - (const grub_uint8_t *) efi_distributor, - distrib8_len, 0); -diff --git a/grub-core/osdep/windows/relpath.c b/grub-core/osdep/windows/relpath.c -index cb08617..478e8ef 100644 ---- a/grub-core/osdep/windows/relpath.c -+++ b/grub-core/osdep/windows/relpath.c -@@ -72,7 +72,7 @@ grub_make_system_path_relative_to_its_root (const char *path) - if (dirwindows[0] && dirwindows[1] == ':') - offset = 2; - } -- ret = xmalloc (sizeof (ret[0]) * (flen - offset + 2)); -+ ret = xcalloc (flen - offset + 2, sizeof (ret[0])); - if (dirwindows[offset] != '\\' - && dirwindows[offset] != '/' - && dirwindows[offset]) -diff --git a/grub-core/partmap/gpt.c b/grub-core/partmap/gpt.c -index 103f679..72a2e37 100644 ---- a/grub-core/partmap/gpt.c -+++ b/grub-core/partmap/gpt.c -@@ -199,7 +199,7 @@ gpt_partition_map_embed (struct grub_disk *disk, unsigned int *nsectors, - *nsectors = ctx.len; - if (*nsectors > max_nsectors) - *nsectors = max_nsectors; -- *sectors = grub_malloc (*nsectors * sizeof (**sectors)); -+ *sectors = grub_calloc (*nsectors, sizeof (**sectors)); - if (!*sectors) - return grub_errno; - for (i = 0; i < *nsectors; i++) -diff --git a/grub-core/partmap/msdos.c b/grub-core/partmap/msdos.c -index 7b8e450..ee3f249 100644 ---- a/grub-core/partmap/msdos.c -+++ b/grub-core/partmap/msdos.c -@@ -337,7 +337,7 @@ pc_partition_map_embed (struct grub_disk *disk, unsigned int *nsectors, - avail_nsectors = *nsectors; - if (*nsectors > max_nsectors) - *nsectors = max_nsectors; -- *sectors = grub_malloc (*nsectors * sizeof (**sectors)); -+ *sectors = grub_calloc (*nsectors, sizeof (**sectors)); - if (!*sectors) - return grub_errno; - for (i = 0; i < *nsectors; i++) -diff --git a/grub-core/script/execute.c b/grub-core/script/execute.c -index ee299fd..c8d6806 100644 ---- a/grub-core/script/execute.c -+++ b/grub-core/script/execute.c -@@ -553,7 +553,7 @@ gettext_append (struct grub_script_argv *result, const char *orig_str) - for (iptr = orig_str; *iptr; iptr++) - if (*iptr == '$') - dollar_cnt++; -- ctx.allowed_strings = grub_malloc (sizeof (ctx.allowed_strings[0]) * dollar_cnt); -+ ctx.allowed_strings = grub_calloc (dollar_cnt, sizeof (ctx.allowed_strings[0])); - - if (parse_string (orig_str, gettext_save_allow, &ctx, 0)) - goto fail; -diff --git a/grub-core/tests/fake_input.c b/grub-core/tests/fake_input.c -index 2d60852..b5eb516 100644 ---- a/grub-core/tests/fake_input.c -+++ b/grub-core/tests/fake_input.c -@@ -49,7 +49,7 @@ grub_terminal_input_fake_sequence (int *seq_in, int nseq_in) - saved = grub_term_inputs; - if (seq) - grub_free (seq); -- seq = grub_malloc (nseq_in * sizeof (seq[0])); -+ seq = grub_calloc (nseq_in, sizeof (seq[0])); - if (!seq) - return; - -diff --git a/grub-core/tests/video_checksum.c b/grub-core/tests/video_checksum.c -index 74d5b65..44d0810 100644 ---- a/grub-core/tests/video_checksum.c -+++ b/grub-core/tests/video_checksum.c -@@ -336,7 +336,7 @@ grub_video_capture_write_bmp (const char *fname, - { - case 4: - { -- grub_uint8_t *buffer = xmalloc (mode_info->width * 3); -+ grub_uint8_t *buffer = xcalloc (3, mode_info->width); - grub_uint32_t rmask = ((1 << mode_info->red_mask_size) - 1); - grub_uint32_t gmask = ((1 << mode_info->green_mask_size) - 1); - grub_uint32_t bmask = ((1 << mode_info->blue_mask_size) - 1); -@@ -367,7 +367,7 @@ grub_video_capture_write_bmp (const char *fname, - } - case 3: - { -- grub_uint8_t *buffer = xmalloc (mode_info->width * 3); -+ grub_uint8_t *buffer = xcalloc (3, mode_info->width); - grub_uint32_t rmask = ((1 << mode_info->red_mask_size) - 1); - grub_uint32_t gmask = ((1 << mode_info->green_mask_size) - 1); - grub_uint32_t bmask = ((1 << mode_info->blue_mask_size) - 1); -@@ -407,7 +407,7 @@ grub_video_capture_write_bmp (const char *fname, - } - case 2: - { -- grub_uint8_t *buffer = xmalloc (mode_info->width * 3); -+ grub_uint8_t *buffer = xcalloc (3, mode_info->width); - grub_uint16_t rmask = ((1 << mode_info->red_mask_size) - 1); - grub_uint16_t gmask = ((1 << mode_info->green_mask_size) - 1); - grub_uint16_t bmask = ((1 << mode_info->blue_mask_size) - 1); -diff --git a/grub-core/video/capture.c b/grub-core/video/capture.c -index 4f83c74..4d3195e 100644 ---- a/grub-core/video/capture.c -+++ b/grub-core/video/capture.c -@@ -89,7 +89,7 @@ grub_video_capture_start (const struct grub_video_mode_info *mode_info, - framebuffer.mode_info = *mode_info; - framebuffer.mode_info.blit_format = grub_video_get_blit_format (&framebuffer.mode_info); - -- framebuffer.ptr = grub_malloc (framebuffer.mode_info.height * framebuffer.mode_info.pitch); -+ framebuffer.ptr = grub_calloc (framebuffer.mode_info.height, framebuffer.mode_info.pitch); - if (!framebuffer.ptr) - return grub_errno; - -diff --git a/grub-core/video/emu/sdl.c b/grub-core/video/emu/sdl.c -index a2f639f..0ebab6f 100644 ---- a/grub-core/video/emu/sdl.c -+++ b/grub-core/video/emu/sdl.c -@@ -172,7 +172,7 @@ grub_video_sdl_set_palette (unsigned int start, unsigned int count, - if (start + count > mode_info.number_of_colors) - count = mode_info.number_of_colors - start; - -- tmp = grub_malloc (count * sizeof (tmp[0])); -+ tmp = grub_calloc (count, sizeof (tmp[0])); - for (i = 0; i < count; i++) - { - tmp[i].r = palette_data[i].r; -diff --git a/grub-core/video/i386/pc/vga.c b/grub-core/video/i386/pc/vga.c -index 01f4711..b2f776c 100644 ---- a/grub-core/video/i386/pc/vga.c -+++ b/grub-core/video/i386/pc/vga.c -@@ -127,7 +127,7 @@ grub_video_vga_setup (unsigned int width, unsigned int height, - - vga_height = height ? : 480; - -- framebuffer.temporary_buffer = grub_malloc (vga_height * VGA_WIDTH); -+ framebuffer.temporary_buffer = grub_calloc (vga_height, VGA_WIDTH); - framebuffer.front_page = 0; - framebuffer.back_page = 0; - if (!framebuffer.temporary_buffer) -diff --git a/grub-core/video/readers/png.c b/grub-core/video/readers/png.c -index 777e713..61bd645 100644 ---- a/grub-core/video/readers/png.c -+++ b/grub-core/video/readers/png.c -@@ -309,7 +309,7 @@ grub_png_decode_image_header (struct grub_png_data *data) - if (data->is_16bit || data->is_gray || data->is_palette) - #endif - { -- data->image_data = grub_malloc (data->image_height * data->row_bytes); -+ data->image_data = grub_calloc (data->image_height, data->row_bytes); - if (grub_errno) - return grub_errno; - -diff --git a/include/grub/unicode.h b/include/grub/unicode.h -index a0403e9..4de986a 100644 ---- a/include/grub/unicode.h -+++ b/include/grub/unicode.h -@@ -293,7 +293,7 @@ grub_unicode_glyph_dup (const struct grub_unicode_glyph *in) - grub_memcpy (out, in, sizeof (*in)); - if (in->ncomb > ARRAY_SIZE (out->combining_inline)) - { -- out->combining_ptr = grub_malloc (in->ncomb * sizeof (out->combining_ptr[0])); -+ out->combining_ptr = grub_calloc (in->ncomb, sizeof (out->combining_ptr[0])); - if (!out->combining_ptr) - { - grub_free (out); -@@ -315,7 +315,7 @@ grub_unicode_set_glyph (struct grub_unicode_glyph *out, - grub_memcpy (out, in, sizeof (*in)); - if (in->ncomb > ARRAY_SIZE (out->combining_inline)) - { -- out->combining_ptr = grub_malloc (in->ncomb * sizeof (out->combining_ptr[0])); -+ out->combining_ptr = grub_calloc (in->ncomb, sizeof (out->combining_ptr[0])); - if (!out->combining_ptr) - return; - grub_memcpy (out->combining_ptr, in->combining_ptr, -diff --git a/util/getroot.c b/util/getroot.c -index 847406f..a5eaa64 100644 ---- a/util/getroot.c -+++ b/util/getroot.c -@@ -200,7 +200,7 @@ make_device_name (const char *drive) - char *ret, *ptr; - const char *iptr; - -- ret = xmalloc (strlen (drive) * 2); -+ ret = xcalloc (2, strlen (drive)); - ptr = ret; - for (iptr = drive; *iptr; iptr++) - { -diff --git a/util/grub-file.c b/util/grub-file.c -index 50c18b6..b2e7dd6 100644 ---- a/util/grub-file.c -+++ b/util/grub-file.c -@@ -54,7 +54,7 @@ main (int argc, char *argv[]) - - grub_util_host_init (&argc, &argv); - -- argv2 = xmalloc (argc * sizeof (argv2[0])); -+ argv2 = xcalloc (argc, sizeof (argv2[0])); - - if (argc == 2 && strcmp (argv[1], "--version") == 0) - { -diff --git a/util/grub-fstest.c b/util/grub-fstest.c -index f14e02d..57246af 100644 ---- a/util/grub-fstest.c -+++ b/util/grub-fstest.c -@@ -650,7 +650,7 @@ argp_parser (int key, char *arg, struct argp_state *state) - if (args_count < num_disks) - { - if (args_count == 0) -- images = xmalloc (num_disks * sizeof (images[0])); -+ images = xcalloc (num_disks, sizeof (images[0])); - images[args_count] = grub_canonicalize_file_name (arg); - args_count++; - return 0; -@@ -734,7 +734,7 @@ main (int argc, char *argv[]) - - grub_util_host_init (&argc, &argv); - -- args = xmalloc (argc * sizeof (args[0])); -+ args = xcalloc (argc, sizeof (args[0])); - - argp_parse (&argp, argc, argv, 0, 0, 0); - -diff --git a/util/grub-install-common.c b/util/grub-install-common.c -index ca0ac61..0295d40 100644 ---- a/util/grub-install-common.c -+++ b/util/grub-install-common.c -@@ -286,7 +286,7 @@ handle_install_list (struct install_list *il, const char *val, - il->n_entries++; - } - il->n_alloc = il->n_entries + 1; -- il->entries = xmalloc (il->n_alloc * sizeof (il->entries[0])); -+ il->entries = xcalloc (il->n_alloc, sizeof (il->entries[0])); - ptr = val; - for (ce = il->entries; ; ce++) - { -diff --git a/util/grub-install.c b/util/grub-install.c -index 8a55ad4..a82725f 100644 ---- a/util/grub-install.c -+++ b/util/grub-install.c -@@ -626,7 +626,7 @@ device_map_check_duplicates (const char *dev_map) - if (! fp) - return; - -- d = xmalloc (alloced * sizeof (d[0])); -+ d = xcalloc (alloced, sizeof (d[0])); - - while (fgets (buf, sizeof (buf), fp)) - { -@@ -1260,7 +1260,7 @@ main (int argc, char *argv[]) - ndev++; - } - -- grub_drives = xmalloc (sizeof (grub_drives[0]) * (ndev + 1)); -+ grub_drives = xcalloc (ndev + 1, sizeof (grub_drives[0])); - - for (curdev = grub_devices, curdrive = grub_drives; *curdev; curdev++, - curdrive++) -diff --git a/util/grub-mkimagexx.c b/util/grub-mkimagexx.c -index bc087c2..d97d0e7 100644 ---- a/util/grub-mkimagexx.c -+++ b/util/grub-mkimagexx.c -@@ -2294,10 +2294,8 @@ SUFFIX (grub_mkimage_load_image) (const char *kernel_path, - + grub_host_to_target16 (e->e_shstrndx) * smd.section_entsize); - smd.strtab = (char *) e + grub_host_to_target_addr (s->sh_offset); - -- smd.addrs = xmalloc (sizeof (*smd.addrs) * smd.num_sections); -- memset (smd.addrs, 0, sizeof (*smd.addrs) * smd.num_sections); -- smd.vaddrs = xmalloc (sizeof (*smd.vaddrs) * smd.num_sections); -- memset (smd.vaddrs, 0, sizeof (*smd.vaddrs) * smd.num_sections); -+ smd.addrs = xcalloc (smd.num_sections, sizeof (*smd.addrs)); -+ smd.vaddrs = xcalloc (smd.num_sections, sizeof (*smd.vaddrs)); - - SUFFIX (locate_sections) (e, kernel_path, &smd, layout, image_target); - -diff --git a/util/grub-mkrescue.c b/util/grub-mkrescue.c -index ce2cbc4..5183102 100644 ---- a/util/grub-mkrescue.c -+++ b/util/grub-mkrescue.c -@@ -441,8 +441,8 @@ main (int argc, char *argv[]) - xorriso = xstrdup ("xorriso"); - label_font = grub_util_path_concat (2, pkgdatadir, "unicode.pf2"); - -- argp_argv = xmalloc (sizeof (argp_argv[0]) * argc); -- xorriso_tail_argv = xmalloc (sizeof (argp_argv[0]) * argc); -+ argp_argv = xcalloc (argc, sizeof (argp_argv[0])); -+ xorriso_tail_argv = xcalloc (argc, sizeof (argp_argv[0])); - - xorriso_tail_argc = 0; - /* Program name */ -diff --git a/util/grub-mkstandalone.c b/util/grub-mkstandalone.c -index 4907d44..edf3097 100644 ---- a/util/grub-mkstandalone.c -+++ b/util/grub-mkstandalone.c -@@ -296,7 +296,7 @@ main (int argc, char *argv[]) - grub_util_host_init (&argc, &argv); - grub_util_disable_fd_syncs (); - -- files = xmalloc ((argc + 1) * sizeof (files[0])); -+ files = xcalloc (argc + 1, sizeof (files[0])); - - argp_parse (&argp, argc, argv, 0, 0, 0); - -diff --git a/util/grub-pe2elf.c b/util/grub-pe2elf.c -index 0d4084a..1133129 100644 ---- a/util/grub-pe2elf.c -+++ b/util/grub-pe2elf.c -@@ -100,9 +100,9 @@ write_section_data (FILE* fp, const char *name, char *image, - char *pe_strtab = (image + pe_chdr->symtab_offset - + pe_chdr->num_symbols * sizeof (struct grub_pe32_symbol)); - -- section_map = xmalloc ((2 * pe_chdr->num_sections + 5) * sizeof (int)); -+ section_map = xcalloc (2 * pe_chdr->num_sections + 5, sizeof (int)); - section_map[0] = 0; -- shdr = xmalloc ((2 * pe_chdr->num_sections + 5) * sizeof (shdr[0])); -+ shdr = xcalloc (2 * pe_chdr->num_sections + 5, sizeof (shdr[0])); - idx = 1; - idx_reloc = pe_chdr->num_sections + 1; - -@@ -233,7 +233,7 @@ write_reloc_section (FILE* fp, const char *name, char *image, - - pe_sec = pe_shdr + shdr[i].sh_link; - pe_rel = (struct grub_pe32_reloc *) (image + pe_sec->relocations_offset); -- rel = (elf_reloc_t *) xmalloc (pe_sec->num_relocations * sizeof (elf_reloc_t)); -+ rel = (elf_reloc_t *) xcalloc (pe_sec->num_relocations, sizeof (elf_reloc_t)); - num_rels = 0; - modified = 0; - -@@ -365,12 +365,10 @@ write_symbol_table (FILE* fp, const char *name, char *image, - pe_symtab = (struct grub_pe32_symbol *) (image + pe_chdr->symtab_offset); - pe_strtab = (char *) (pe_symtab + pe_chdr->num_symbols); - -- symtab = (Elf_Sym *) xmalloc ((pe_chdr->num_symbols + 1) * -- sizeof (Elf_Sym)); -- memset (symtab, 0, (pe_chdr->num_symbols + 1) * sizeof (Elf_Sym)); -+ symtab = (Elf_Sym *) xcalloc (pe_chdr->num_symbols + 1, sizeof (Elf_Sym)); - num_syms = 1; - -- symtab_map = (int *) xmalloc (pe_chdr->num_symbols * sizeof (int)); -+ symtab_map = (int *) xcalloc (pe_chdr->num_symbols, sizeof (int)); - - for (i = 0; i < (int) pe_chdr->num_symbols; - i += pe_symtab->num_aux + 1, pe_symtab += pe_symtab->num_aux + 1) -diff --git a/util/grub-probe.c b/util/grub-probe.c -index 81d27ee..cbe6ed9 100644 ---- a/util/grub-probe.c -+++ b/util/grub-probe.c -@@ -361,8 +361,8 @@ probe (const char *path, char **device_names, char delim) - grub_util_pull_device (*curdev); - ndev++; - } -- -- drives_names = xmalloc (sizeof (drives_names[0]) * (ndev + 1)); -+ -+ drives_names = xcalloc (ndev + 1, sizeof (drives_names[0])); - - for (curdev = device_names, curdrive = drives_names; *curdev; curdev++, - curdrive++) --- -2.14.4 - diff --git a/poky/meta/recipes-bsp/grub/files/CVE-2020-14309-CVE-2020-14310-CVE-2020-14311-malloc-Use-overflow-checking-primitives-where-we-do-.patch b/poky/meta/recipes-bsp/grub/files/CVE-2020-14309-CVE-2020-14310-CVE-2020-14311-malloc-Use-overflow-checking-primitives-where-we-do-.patch deleted file mode 100644 index 7214ead9a..000000000 --- a/poky/meta/recipes-bsp/grub/files/CVE-2020-14309-CVE-2020-14310-CVE-2020-14311-malloc-Use-overflow-checking-primitives-where-we-do-.patch +++ /dev/null @@ -1,1330 +0,0 @@ -From eb77d1ef65e25746acff43545f62a71360b15eec Mon Sep 17 00:00:00 2001 -From: Peter Jones <pjones@redhat.com> -Date: Mon, 15 Jun 2020 12:28:27 -0400 -Subject: [PATCH 6/9] malloc: Use overflow checking primitives where we do - complex allocations - -This attempts to fix the places where we do the following where -arithmetic_expr may include unvalidated data: - - X = grub_malloc(arithmetic_expr); - -It accomplishes this by doing the arithmetic ahead of time using grub_add(), -grub_sub(), grub_mul() and testing for overflow before proceeding. - -Among other issues, this fixes: - - allocation of integer overflow in grub_video_bitmap_create() - reported by Chris Coulson, - - allocation of integer overflow in grub_png_decode_image_header() - reported by Chris Coulson, - - allocation of integer overflow in grub_squash_read_symlink() - reported by Chris Coulson, - - allocation of integer overflow in grub_ext2_read_symlink() - reported by Chris Coulson, - - allocation of integer overflow in read_section_as_string() - reported by Chris Coulson. - -Fixes: CVE-2020-14309, CVE-2020-14310, CVE-2020-14311 - -Signed-off-by: Peter Jones <pjones@redhat.com> -Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> - -Upstream-Status: Backport -CVE: CVE-2020-14309 CVE-2020-14310 CVE-2020-14311 - -Reference to upstream patch: -https://git.savannah.gnu.org/cgit/grub.git/commit/?id=3f05d693d1274965ffbe4ba99080dc2c570944c6 - -Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com> ---- - grub-core/commands/legacycfg.c | 29 +++++++++++++++++++----- - grub-core/commands/wildcard.c | 36 ++++++++++++++++++++++++----- - grub-core/disk/ldm.c | 32 ++++++++++++++++++-------- - grub-core/font/font.c | 7 +++++- - grub-core/fs/btrfs.c | 28 +++++++++++++++-------- - grub-core/fs/ext2.c | 10 ++++++++- - grub-core/fs/iso9660.c | 51 +++++++++++++++++++++++++++++------------- - grub-core/fs/sfs.c | 27 +++++++++++++++++----- - grub-core/fs/squash4.c | 45 ++++++++++++++++++++++++++++--------- - grub-core/fs/udf.c | 41 +++++++++++++++++++++------------ - grub-core/fs/xfs.c | 11 +++++---- - grub-core/fs/zfs/zfs.c | 22 ++++++++++++------ - grub-core/fs/zfs/zfscrypt.c | 7 +++++- - grub-core/lib/arg.c | 20 +++++++++++++++-- - grub-core/loader/i386/bsd.c | 8 ++++++- - grub-core/net/dns.c | 9 +++++++- - grub-core/normal/charset.c | 10 +++++++-- - grub-core/normal/cmdline.c | 14 ++++++++++-- - grub-core/normal/menu_entry.c | 13 +++++++++-- - grub-core/script/argv.c | 16 +++++++++++-- - grub-core/script/lexer.c | 21 ++++++++++++++--- - grub-core/video/bitmap.c | 25 +++++++++++++-------- - grub-core/video/readers/png.c | 13 +++++++++-- - 23 files changed, 382 insertions(+), 113 deletions(-) - -diff --git a/grub-core/commands/legacycfg.c b/grub-core/commands/legacycfg.c -index 5e3ec0d..cc5971f 100644 ---- a/grub-core/commands/legacycfg.c -+++ b/grub-core/commands/legacycfg.c -@@ -32,6 +32,7 @@ - #include <grub/auth.h> - #include <grub/disk.h> - #include <grub/partition.h> -+#include <grub/safemath.h> - - GRUB_MOD_LICENSE ("GPLv3+"); - -@@ -104,13 +105,22 @@ legacy_file (const char *filename) - if (newsuffix) - { - char *t; -- -+ grub_size_t sz; -+ -+ if (grub_add (grub_strlen (suffix), grub_strlen (newsuffix), &sz) || -+ grub_add (sz, 1, &sz)) -+ { -+ grub_errno = GRUB_ERR_OUT_OF_RANGE; -+ goto fail_0; -+ } -+ - t = suffix; -- suffix = grub_realloc (suffix, grub_strlen (suffix) -- + grub_strlen (newsuffix) + 1); -+ suffix = grub_realloc (suffix, sz); - if (!suffix) - { - grub_free (t); -+ -+ fail_0: - grub_free (entrysrc); - grub_free (parsed); - grub_free (newsuffix); -@@ -154,13 +164,22 @@ legacy_file (const char *filename) - else - { - char *t; -+ grub_size_t sz; -+ -+ if (grub_add (grub_strlen (entrysrc), grub_strlen (parsed), &sz) || -+ grub_add (sz, 1, &sz)) -+ { -+ grub_errno = GRUB_ERR_OUT_OF_RANGE; -+ goto fail_1; -+ } - - t = entrysrc; -- entrysrc = grub_realloc (entrysrc, grub_strlen (entrysrc) -- + grub_strlen (parsed) + 1); -+ entrysrc = grub_realloc (entrysrc, sz); - if (!entrysrc) - { - grub_free (t); -+ -+ fail_1: - grub_free (parsed); - grub_free (suffix); - return grub_errno; -diff --git a/grub-core/commands/wildcard.c b/grub-core/commands/wildcard.c -index 4a106ca..cc32903 100644 ---- a/grub-core/commands/wildcard.c -+++ b/grub-core/commands/wildcard.c -@@ -23,6 +23,7 @@ - #include <grub/file.h> - #include <grub/device.h> - #include <grub/script_sh.h> -+#include <grub/safemath.h> - - #include <regex.h> - -@@ -48,6 +49,7 @@ merge (char **dest, char **ps) - int i; - int j; - char **p; -+ grub_size_t sz; - - if (! dest) - return ps; -@@ -60,7 +62,12 @@ merge (char **dest, char **ps) - for (j = 0; ps[j]; j++) - ; - -- p = grub_realloc (dest, sizeof (char*) * (i + j + 1)); -+ if (grub_add (i, j, &sz) || -+ grub_add (sz, 1, &sz) || -+ grub_mul (sz, sizeof (char *), &sz)) -+ return dest; -+ -+ p = grub_realloc (dest, sz); - if (! p) - { - grub_free (dest); -@@ -115,8 +122,15 @@ make_regex (const char *start, const char *end, regex_t *regexp) - char ch; - int i = 0; - unsigned len = end - start; -- char *buffer = grub_malloc (len * 2 + 2 + 1); /* worst case size. */ -+ char *buffer; -+ grub_size_t sz; - -+ /* Worst case size is (len * 2 + 2 + 1). */ -+ if (grub_mul (len, 2, &sz) || -+ grub_add (sz, 3, &sz)) -+ return 1; -+ -+ buffer = grub_malloc (sz); - if (! buffer) - return 1; - -@@ -226,6 +240,7 @@ match_devices_iter (const char *name, void *data) - struct match_devices_ctx *ctx = data; - char **t; - char *buffer; -+ grub_size_t sz; - - /* skip partitions if asked to. */ - if (ctx->noparts && grub_strchr (name, ',')) -@@ -239,11 +254,16 @@ match_devices_iter (const char *name, void *data) - if (regexec (ctx->regexp, buffer, 0, 0, 0)) - { - grub_dprintf ("expand", "not matched\n"); -+ fail: - grub_free (buffer); - return 0; - } - -- t = grub_realloc (ctx->devs, sizeof (char*) * (ctx->ndev + 2)); -+ if (grub_add (ctx->ndev, 2, &sz) || -+ grub_mul (sz, sizeof (char *), &sz)) -+ goto fail; -+ -+ t = grub_realloc (ctx->devs, sz); - if (! t) - { - grub_free (buffer); -@@ -300,6 +320,7 @@ match_files_iter (const char *name, - struct match_files_ctx *ctx = data; - char **t; - char *buffer; -+ grub_size_t sz; - - /* skip . and .. names */ - if (grub_strcmp(".", name) == 0 || grub_strcmp("..", name) == 0) -@@ -315,9 +336,14 @@ match_files_iter (const char *name, - if (! buffer) - return 1; - -- t = grub_realloc (ctx->files, sizeof (char*) * (ctx->nfile + 2)); -- if (! t) -+ if (grub_add (ctx->nfile, 2, &sz) || -+ grub_mul (sz, sizeof (char *), &sz)) -+ goto fail; -+ -+ t = grub_realloc (ctx->files, sz); -+ if (!t) - { -+ fail: - grub_free (buffer); - return 1; - } -diff --git a/grub-core/disk/ldm.c b/grub-core/disk/ldm.c -index e632370..58f8a53 100644 ---- a/grub-core/disk/ldm.c -+++ b/grub-core/disk/ldm.c -@@ -25,6 +25,7 @@ - #include <grub/msdos_partition.h> - #include <grub/gpt_partition.h> - #include <grub/i18n.h> -+#include <grub/safemath.h> - - #ifdef GRUB_UTIL - #include <grub/emu/misc.h> -@@ -289,6 +290,7 @@ make_vg (grub_disk_t disk, - struct grub_ldm_vblk vblk[GRUB_DISK_SECTOR_SIZE - / sizeof (struct grub_ldm_vblk)]; - unsigned i; -+ grub_size_t sz; - err = grub_disk_read (disk, cursec, 0, - sizeof(vblk), &vblk); - if (err) -@@ -350,7 +352,13 @@ make_vg (grub_disk_t disk, - grub_free (lv); - goto fail2; - } -- lv->name = grub_malloc (*ptr + 1); -+ if (grub_add (*ptr, 1, &sz)) -+ { -+ grub_free (lv->internal_id); -+ grub_free (lv); -+ goto fail2; -+ } -+ lv->name = grub_malloc (sz); - if (!lv->name) - { - grub_free (lv->internal_id); -@@ -599,10 +607,13 @@ make_vg (grub_disk_t disk, - if (lv->segments->node_alloc == lv->segments->node_count) - { - void *t; -- lv->segments->node_alloc *= 2; -- t = grub_realloc (lv->segments->nodes, -- sizeof (*lv->segments->nodes) -- * lv->segments->node_alloc); -+ grub_size_t sz; -+ -+ if (grub_mul (lv->segments->node_alloc, 2, &lv->segments->node_alloc) || -+ grub_mul (lv->segments->node_alloc, sizeof (*lv->segments->nodes), &sz)) -+ goto fail2; -+ -+ t = grub_realloc (lv->segments->nodes, sz); - if (!t) - goto fail2; - lv->segments->nodes = t; -@@ -723,10 +734,13 @@ make_vg (grub_disk_t disk, - if (comp->segment_alloc == comp->segment_count) - { - void *t; -- comp->segment_alloc *= 2; -- t = grub_realloc (comp->segments, -- comp->segment_alloc -- * sizeof (*comp->segments)); -+ grub_size_t sz; -+ -+ if (grub_mul (comp->segment_alloc, 2, &comp->segment_alloc) || -+ grub_mul (comp->segment_alloc, sizeof (*comp->segments), &sz)) -+ goto fail2; -+ -+ t = grub_realloc (comp->segments, sz); - if (!t) - goto fail2; - comp->segments = t; -diff --git a/grub-core/font/font.c b/grub-core/font/font.c -index 8e118b3..5edb477 100644 ---- a/grub-core/font/font.c -+++ b/grub-core/font/font.c -@@ -30,6 +30,7 @@ - #include <grub/unicode.h> - #include <grub/fontformat.h> - #include <grub/env.h> -+#include <grub/safemath.h> - - GRUB_MOD_LICENSE ("GPLv3+"); - -@@ -360,9 +361,13 @@ static char * - read_section_as_string (struct font_file_section *section) - { - char *str; -+ grub_size_t sz; - grub_ssize_t ret; - -- str = grub_malloc (section->length + 1); -+ if (grub_add (section->length, 1, &sz)) -+ return NULL; -+ -+ str = grub_malloc (sz); - if (!str) - return 0; - -diff --git a/grub-core/fs/btrfs.c b/grub-core/fs/btrfs.c -index 11272ef..2b65bd5 100644 ---- a/grub-core/fs/btrfs.c -+++ b/grub-core/fs/btrfs.c -@@ -40,6 +40,7 @@ - #include <grub/btrfs.h> - #include <grub/crypto.h> - #include <grub/diskfilter.h> -+#include <grub/safemath.h> - - GRUB_MOD_LICENSE ("GPLv3+"); - -@@ -329,9 +330,13 @@ save_ref (struct grub_btrfs_leaf_descriptor *desc, - if (desc->allocated < desc->depth) - { - void *newdata; -- desc->allocated *= 2; -- newdata = grub_realloc (desc->data, sizeof (desc->data[0]) -- * desc->allocated); -+ grub_size_t sz; -+ -+ if (grub_mul (desc->allocated, 2, &desc->allocated) || -+ grub_mul (desc->allocated, sizeof (desc->data[0]), &sz)) -+ return GRUB_ERR_OUT_OF_RANGE; -+ -+ newdata = grub_realloc (desc->data, sz); - if (!newdata) - return grub_errno; - desc->data = newdata; -@@ -622,16 +627,21 @@ find_device (struct grub_btrfs_data *data, grub_uint64_t id) - if (data->n_devices_attached > data->n_devices_allocated) - { - void *tmp; -- data->n_devices_allocated = 2 * data->n_devices_attached + 1; -- data->devices_attached -- = grub_realloc (tmp = data->devices_attached, -- data->n_devices_allocated -- * sizeof (data->devices_attached[0])); -+ grub_size_t sz; -+ -+ if (grub_mul (data->n_devices_attached, 2, &data->n_devices_allocated) || -+ grub_add (data->n_devices_allocated, 1, &data->n_devices_allocated) || -+ grub_mul (data->n_devices_allocated, sizeof (data->devices_attached[0]), &sz)) -+ goto fail; -+ -+ data->devices_attached = grub_realloc (tmp = data->devices_attached, sz); - if (!data->devices_attached) - { -+ data->devices_attached = tmp; -+ -+ fail: - if (ctx.dev_found) - grub_device_close (ctx.dev_found); -- data->devices_attached = tmp; - return NULL; - } - } -diff --git a/grub-core/fs/ext2.c b/grub-core/fs/ext2.c -index 9b38980..ac33bcd 100644 ---- a/grub-core/fs/ext2.c -+++ b/grub-core/fs/ext2.c -@@ -46,6 +46,7 @@ - #include <grub/dl.h> - #include <grub/types.h> - #include <grub/fshelp.h> -+#include <grub/safemath.h> - - GRUB_MOD_LICENSE ("GPLv3+"); - -@@ -703,6 +704,7 @@ grub_ext2_read_symlink (grub_fshelp_node_t node) - { - char *symlink; - struct grub_fshelp_node *diro = node; -+ grub_size_t sz; - - if (! diro->inode_read) - { -@@ -717,7 +719,13 @@ grub_ext2_read_symlink (grub_fshelp_node_t node) - } - } - -- symlink = grub_malloc (grub_le_to_cpu32 (diro->inode.size) + 1); -+ if (grub_add (grub_le_to_cpu32 (diro->inode.size), 1, &sz)) -+ { -+ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); -+ return NULL; -+ } -+ -+ symlink = grub_malloc (sz); - if (! symlink) - return 0; - -diff --git a/grub-core/fs/iso9660.c b/grub-core/fs/iso9660.c -index 4f1b52a..7ba5b30 100644 ---- a/grub-core/fs/iso9660.c -+++ b/grub-core/fs/iso9660.c -@@ -28,6 +28,7 @@ - #include <grub/fshelp.h> - #include <grub/charset.h> - #include <grub/datetime.h> -+#include <grub/safemath.h> - - GRUB_MOD_LICENSE ("GPLv3+"); - -@@ -531,8 +532,13 @@ add_part (struct iterate_dir_ctx *ctx, - int len2) - { - int size = ctx->symlink ? grub_strlen (ctx->symlink) : 0; -+ grub_size_t sz; - -- ctx->symlink = grub_realloc (ctx->symlink, size + len2 + 1); -+ if (grub_add (size, len2, &sz) || -+ grub_add (sz, 1, &sz)) -+ return; -+ -+ ctx->symlink = grub_realloc (ctx->symlink, sz); - if (! ctx->symlink) - return; - -@@ -560,17 +566,24 @@ susp_iterate_dir (struct grub_iso9660_susp_entry *entry, - { - grub_size_t off = 0, csize = 1; - char *old; -+ grub_size_t sz; -+ - csize = entry->len - 5; - old = ctx->filename; - if (ctx->filename_alloc) - { - off = grub_strlen (ctx->filename); -- ctx->filename = grub_realloc (ctx->filename, csize + off + 1); -+ if (grub_add (csize, off, &sz) || -+ grub_add (sz, 1, &sz)) -+ return GRUB_ERR_OUT_OF_RANGE; -+ ctx->filename = grub_realloc (ctx->filename, sz); - } - else - { - off = 0; -- ctx->filename = grub_zalloc (csize + 1); -+ if (grub_add (csize, 1, &sz)) -+ return GRUB_ERR_OUT_OF_RANGE; -+ ctx->filename = grub_zalloc (sz); - } - if (!ctx->filename) - { -@@ -776,14 +789,18 @@ grub_iso9660_iterate_dir (grub_fshelp_node_t dir, - if (node->have_dirents >= node->alloc_dirents) - { - struct grub_fshelp_node *new_node; -- node->alloc_dirents *= 2; -- new_node = grub_realloc (node, -- sizeof (struct grub_fshelp_node) -- + ((node->alloc_dirents -- - ARRAY_SIZE (node->dirents)) -- * sizeof (node->dirents[0]))); -+ grub_size_t sz; -+ -+ if (grub_mul (node->alloc_dirents, 2, &node->alloc_dirents) || -+ grub_sub (node->alloc_dirents, ARRAY_SIZE (node->dirents), &sz) || -+ grub_mul (sz, sizeof (node->dirents[0]), &sz) || -+ grub_add (sz, sizeof (struct grub_fshelp_node), &sz)) -+ goto fail_0; -+ -+ new_node = grub_realloc (node, sz); - if (!new_node) - { -+ fail_0: - if (ctx.filename_alloc) - grub_free (ctx.filename); - grub_free (node); -@@ -799,14 +816,18 @@ grub_iso9660_iterate_dir (grub_fshelp_node_t dir, - * sizeof (node->dirents[0]) < grub_strlen (ctx.symlink) + 1) - { - struct grub_fshelp_node *new_node; -- new_node = grub_realloc (node, -- sizeof (struct grub_fshelp_node) -- + ((node->alloc_dirents -- - ARRAY_SIZE (node->dirents)) -- * sizeof (node->dirents[0])) -- + grub_strlen (ctx.symlink) + 1); -+ grub_size_t sz; -+ -+ if (grub_sub (node->alloc_dirents, ARRAY_SIZE (node->dirents), &sz) || -+ grub_mul (sz, sizeof (node->dirents[0]), &sz) || -+ grub_add (sz, sizeof (struct grub_fshelp_node) + 1, &sz) || -+ grub_add (sz, grub_strlen (ctx.symlink), &sz)) -+ goto fail_1; -+ -+ new_node = grub_realloc (node, sz); - if (!new_node) - { -+ fail_1: - if (ctx.filename_alloc) - grub_free (ctx.filename); - grub_free (node); -diff --git a/grub-core/fs/sfs.c b/grub-core/fs/sfs.c -index 90f7fb3..de2b107 100644 ---- a/grub-core/fs/sfs.c -+++ b/grub-core/fs/sfs.c -@@ -26,6 +26,7 @@ - #include <grub/types.h> - #include <grub/fshelp.h> - #include <grub/charset.h> -+#include <grub/safemath.h> - - GRUB_MOD_LICENSE ("GPLv3+"); - -@@ -307,10 +308,15 @@ grub_sfs_read_block (grub_fshelp_node_t node, grub_disk_addr_t fileblock) - if (node->cache && node->cache_size >= node->cache_allocated) - { - struct cache_entry *e = node->cache; -- e = grub_realloc (node->cache,node->cache_allocated * 2 -- * sizeof (e[0])); -+ grub_size_t sz; -+ -+ if (grub_mul (node->cache_allocated, 2 * sizeof (e[0]), &sz)) -+ goto fail; -+ -+ e = grub_realloc (node->cache, sz); - if (!e) - { -+ fail: - grub_errno = 0; - grub_free (node->cache); - node->cache = 0; -@@ -477,10 +483,16 @@ grub_sfs_create_node (struct grub_fshelp_node **node, - grub_size_t len = grub_strlen (name); - grub_uint8_t *name_u8; - int ret; -+ grub_size_t sz; -+ -+ if (grub_mul (len, GRUB_MAX_UTF8_PER_LATIN1, &sz) || -+ grub_add (sz, 1, &sz)) -+ return 1; -+ - *node = grub_malloc (sizeof (**node)); - if (!*node) - return 1; -- name_u8 = grub_malloc (len * GRUB_MAX_UTF8_PER_LATIN1 + 1); -+ name_u8 = grub_malloc (sz); - if (!name_u8) - { - grub_free (*node); -@@ -724,8 +736,13 @@ grub_sfs_label (grub_device_t device, char **label) - data = grub_sfs_mount (disk); - if (data) - { -- grub_size_t len = grub_strlen (data->label); -- *label = grub_malloc (len * GRUB_MAX_UTF8_PER_LATIN1 + 1); -+ grub_size_t sz, len = grub_strlen (data->label); -+ -+ if (grub_mul (len, GRUB_MAX_UTF8_PER_LATIN1, &sz) || -+ grub_add (sz, 1, &sz)) -+ return GRUB_ERR_OUT_OF_RANGE; -+ -+ *label = grub_malloc (sz); - if (*label) - *grub_latin1_to_utf8 ((grub_uint8_t *) *label, - (const grub_uint8_t *) data->label, -diff --git a/grub-core/fs/squash4.c b/grub-core/fs/squash4.c -index 95d5c1e..7851238 100644 ---- a/grub-core/fs/squash4.c -+++ b/grub-core/fs/squash4.c -@@ -26,6 +26,7 @@ - #include <grub/types.h> - #include <grub/fshelp.h> - #include <grub/deflate.h> -+#include <grub/safemath.h> - #include <minilzo.h> - - #include "xz.h" -@@ -459,7 +460,17 @@ grub_squash_read_symlink (grub_fshelp_node_t node) - { - char *ret; - grub_err_t err; -- ret = grub_malloc (grub_le_to_cpu32 (node->ino.symlink.namelen) + 1); -+ grub_size_t sz; -+ -+ if (grub_add (grub_le_to_cpu32 (node->ino.symlink.namelen), 1, &sz)) -+ { -+ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); -+ return NULL; -+ } -+ -+ ret = grub_malloc (sz); -+ if (!ret) -+ return NULL; - - err = read_chunk (node->data, ret, - grub_le_to_cpu32 (node->ino.symlink.namelen), -@@ -506,11 +517,16 @@ grub_squash_iterate_dir (grub_fshelp_node_t dir, - - { - grub_fshelp_node_t node; -- node = grub_malloc (sizeof (*node) + dir->stsize * sizeof (dir->stack[0])); -+ grub_size_t sz; -+ -+ if (grub_mul (dir->stsize, sizeof (dir->stack[0]), &sz) || -+ grub_add (sz, sizeof (*node), &sz)) -+ return 0; -+ -+ node = grub_malloc (sz); - if (!node) - return 0; -- grub_memcpy (node, dir, -- sizeof (*node) + dir->stsize * sizeof (dir->stack[0])); -+ grub_memcpy (node, dir, sz); - if (hook (".", GRUB_FSHELP_DIR, node, hook_data)) - return 1; - -@@ -518,12 +534,15 @@ grub_squash_iterate_dir (grub_fshelp_node_t dir, - { - grub_err_t err; - -- node = grub_malloc (sizeof (*node) + dir->stsize * sizeof (dir->stack[0])); -+ if (grub_mul (dir->stsize, sizeof (dir->stack[0]), &sz) || -+ grub_add (sz, sizeof (*node), &sz)) -+ return 0; -+ -+ node = grub_malloc (sz); - if (!node) - return 0; - -- grub_memcpy (node, dir, -- sizeof (*node) + dir->stsize * sizeof (dir->stack[0])); -+ grub_memcpy (node, dir, sz); - - node->stsize--; - err = read_chunk (dir->data, &node->ino, sizeof (node->ino), -@@ -557,6 +576,7 @@ grub_squash_iterate_dir (grub_fshelp_node_t dir, - enum grub_fshelp_filetype filetype = GRUB_FSHELP_REG; - struct grub_squash_dirent di; - struct grub_squash_inode ino; -+ grub_size_t sz; - - err = read_chunk (dir->data, &di, sizeof (di), - grub_le_to_cpu64 (dir->data->sb.diroffset) -@@ -589,13 +609,16 @@ grub_squash_iterate_dir (grub_fshelp_node_t dir, - if (grub_le_to_cpu16 (di.type) == SQUASH_TYPE_SYMLINK) - filetype = GRUB_FSHELP_SYMLINK; - -- node = grub_malloc (sizeof (*node) -- + (dir->stsize + 1) * sizeof (dir->stack[0])); -+ if (grub_add (dir->stsize, 1, &sz) || -+ grub_mul (sz, sizeof (dir->stack[0]), &sz) || -+ grub_add (sz, sizeof (*node), &sz)) -+ return 0; -+ -+ node = grub_malloc (sz); - if (! node) - return 0; - -- grub_memcpy (node, dir, -- sizeof (*node) + dir->stsize * sizeof (dir->stack[0])); -+ grub_memcpy (node, dir, sz - sizeof(dir->stack[0])); - - node->ino = ino; - node->stack[node->stsize].ino_chunk = grub_le_to_cpu32 (dh.ino_chunk); -diff --git a/grub-core/fs/udf.c b/grub-core/fs/udf.c -index a837616..21ac7f4 100644 ---- a/grub-core/fs/udf.c -+++ b/grub-core/fs/udf.c -@@ -28,6 +28,7 @@ - #include <grub/charset.h> - #include <grub/datetime.h> - #include <grub/udf.h> -+#include <grub/safemath.h> - - GRUB_MOD_LICENSE ("GPLv3+"); - -@@ -890,9 +891,19 @@ read_string (const grub_uint8_t *raw, grub_size_t sz, char *outbuf) - utf16[i] = (raw[2 * i + 1] << 8) | raw[2*i + 2]; - } - if (!outbuf) -- outbuf = grub_malloc (utf16len * GRUB_MAX_UTF8_PER_UTF16 + 1); -+ { -+ grub_size_t size; -+ -+ if (grub_mul (utf16len, GRUB_MAX_UTF8_PER_UTF16, &size) || -+ grub_add (size, 1, &size)) -+ goto fail; -+ -+ outbuf = grub_malloc (size); -+ } - if (outbuf) - *grub_utf16_to_utf8 ((grub_uint8_t *) outbuf, utf16, utf16len) = '\0'; -+ -+ fail: - grub_free (utf16); - return outbuf; - } -@@ -1005,7 +1016,7 @@ grub_udf_read_symlink (grub_fshelp_node_t node) - grub_size_t sz = U64 (node->block.fe.file_size); - grub_uint8_t *raw; - const grub_uint8_t *ptr; -- char *out, *optr; -+ char *out = NULL, *optr; - - if (sz < 4) - return NULL; -@@ -1013,14 +1024,16 @@ grub_udf_read_symlink (grub_fshelp_node_t node) - if (!raw) - return NULL; - if (grub_udf_read_file (node, NULL, NULL, 0, sz, (char *) raw) < 0) -- { -- grub_free (raw); -- return NULL; -- } -+ goto fail_1; - -- out = grub_malloc (sz * 2 + 1); -+ if (grub_mul (sz, 2, &sz) || -+ grub_add (sz, 1, &sz)) -+ goto fail_0; -+ -+ out = grub_malloc (sz); - if (!out) - { -+ fail_0: - grub_free (raw); - return NULL; - } -@@ -1031,17 +1044,17 @@ grub_udf_read_symlink (grub_fshelp_node_t node) - { - grub_size_t s; - if ((grub_size_t) (ptr - raw + 4) > sz) -- goto fail; -+ goto fail_1; - if (!(ptr[2] == 0 && ptr[3] == 0)) -- goto fail; -+ goto fail_1; - s = 4 + ptr[1]; - if ((grub_size_t) (ptr - raw + s) > sz) -- goto fail; -+ goto fail_1; - switch (*ptr) - { - case 1: - if (ptr[1]) -- goto fail; -+ goto fail_1; - /* Fallthrough. */ - case 2: - /* in 4 bytes. out: 1 byte. */ -@@ -1066,11 +1079,11 @@ grub_udf_read_symlink (grub_fshelp_node_t node) - if (optr != out) - *optr++ = '/'; - if (!read_string (ptr + 4, s - 4, optr)) -- goto fail; -+ goto fail_1; - optr += grub_strlen (optr); - break; - default: -- goto fail; -+ goto fail_1; - } - ptr += s; - } -@@ -1078,7 +1091,7 @@ grub_udf_read_symlink (grub_fshelp_node_t node) - grub_free (raw); - return out; - -- fail: -+ fail_1: - grub_free (raw); - grub_free (out); - grub_error (GRUB_ERR_BAD_FS, "invalid symlink"); -diff --git a/grub-core/fs/xfs.c b/grub-core/fs/xfs.c -index 96ffecb..ea65902 100644 ---- a/grub-core/fs/xfs.c -+++ b/grub-core/fs/xfs.c -@@ -25,6 +25,7 @@ - #include <grub/dl.h> - #include <grub/types.h> - #include <grub/fshelp.h> -+#include <grub/safemath.h> - - GRUB_MOD_LICENSE ("GPLv3+"); - -@@ -899,6 +900,7 @@ static struct grub_xfs_data * - grub_xfs_mount (grub_disk_t disk) - { - struct grub_xfs_data *data = 0; -+ grub_size_t sz; - - data = grub_zalloc (sizeof (struct grub_xfs_data)); - if (!data) -@@ -913,10 +915,11 @@ grub_xfs_mount (grub_disk_t disk) - if (!grub_xfs_sb_valid(data)) - goto fail; - -- data = grub_realloc (data, -- sizeof (struct grub_xfs_data) -- - sizeof (struct grub_xfs_inode) -- + grub_xfs_inode_size(data) + 1); -+ if (grub_add (grub_xfs_inode_size (data), -+ sizeof (struct grub_xfs_data) - sizeof (struct grub_xfs_inode) + 1, &sz)) -+ goto fail; -+ -+ data = grub_realloc (data, sz); - - if (! data) - goto fail; -diff --git a/grub-core/fs/zfs/zfs.c b/grub-core/fs/zfs/zfs.c -index 381dde5..36d0373 100644 ---- a/grub-core/fs/zfs/zfs.c -+++ b/grub-core/fs/zfs/zfs.c -@@ -55,6 +55,7 @@ - #include <grub/deflate.h> - #include <grub/crypto.h> - #include <grub/i18n.h> -+#include <grub/safemath.h> - - GRUB_MOD_LICENSE ("GPLv3+"); - -@@ -773,11 +774,14 @@ fill_vdev_info (struct grub_zfs_data *data, - if (data->n_devices_attached > data->n_devices_allocated) - { - void *tmp; -- data->n_devices_allocated = 2 * data->n_devices_attached + 1; -- data->devices_attached -- = grub_realloc (tmp = data->devices_attached, -- data->n_devices_allocated -- * sizeof (data->devices_attached[0])); -+ grub_size_t sz; -+ -+ if (grub_mul (data->n_devices_attached, 2, &data->n_devices_allocated) || -+ grub_add (data->n_devices_allocated, 1, &data->n_devices_allocated) || -+ grub_mul (data->n_devices_allocated, sizeof (data->devices_attached[0]), &sz)) -+ return GRUB_ERR_OUT_OF_RANGE; -+ -+ data->devices_attached = grub_realloc (tmp = data->devices_attached, sz); - if (!data->devices_attached) - { - data->devices_attached = tmp; -@@ -3468,14 +3472,18 @@ grub_zfs_nvlist_lookup_nvlist (const char *nvlist, const char *name) - { - char *nvpair; - char *ret; -- grub_size_t size; -+ grub_size_t size, sz; - int found; - - found = nvlist_find_value (nvlist, name, DATA_TYPE_NVLIST, &nvpair, - &size, 0); - if (!found) - return 0; -- ret = grub_zalloc (size + 3 * sizeof (grub_uint32_t)); -+ -+ if (grub_add (size, 3 * sizeof (grub_uint32_t), &sz)) -+ return 0; -+ -+ ret = grub_zalloc (sz); - if (!ret) - return 0; - grub_memcpy (ret, nvlist, sizeof (grub_uint32_t)); -diff --git a/grub-core/fs/zfs/zfscrypt.c b/grub-core/fs/zfs/zfscrypt.c -index 1402e0b..de3b015 100644 ---- a/grub-core/fs/zfs/zfscrypt.c -+++ b/grub-core/fs/zfs/zfscrypt.c -@@ -22,6 +22,7 @@ - #include <grub/misc.h> - #include <grub/disk.h> - #include <grub/partition.h> -+#include <grub/safemath.h> - #include <grub/dl.h> - #include <grub/types.h> - #include <grub/zfs/zfs.h> -@@ -82,9 +83,13 @@ grub_zfs_add_key (grub_uint8_t *key_in, - int passphrase) - { - struct grub_zfs_wrap_key *key; -+ grub_size_t sz; -+ - if (!passphrase && keylen > 32) - keylen = 32; -- key = grub_malloc (sizeof (*key) + keylen); -+ if (grub_add (sizeof (*key), keylen, &sz)) -+ return GRUB_ERR_OUT_OF_RANGE; -+ key = grub_malloc (sz); - if (!key) - return grub_errno; - key->is_passphrase = passphrase; -diff --git a/grub-core/lib/arg.c b/grub-core/lib/arg.c -index fd7744a..3288609 100644 ---- a/grub-core/lib/arg.c -+++ b/grub-core/lib/arg.c -@@ -23,6 +23,7 @@ - #include <grub/term.h> - #include <grub/extcmd.h> - #include <grub/i18n.h> -+#include <grub/safemath.h> - - /* Built-in parser for default options. */ - static const struct grub_arg_option help_options[] = -@@ -216,7 +217,13 @@ static inline grub_err_t - add_arg (char ***argl, int *num, char *s) - { - char **p = *argl; -- *argl = grub_realloc (*argl, (++(*num) + 1) * sizeof (char *)); -+ grub_size_t sz; -+ -+ if (grub_add (++(*num), 1, &sz) || -+ grub_mul (sz, sizeof (char *), &sz)) -+ return grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); -+ -+ *argl = grub_realloc (*argl, sz); - if (! *argl) - { - grub_free (p); -@@ -431,6 +438,7 @@ grub_arg_list_alloc(grub_extcmd_t extcmd, int argc, - grub_size_t argcnt; - struct grub_arg_list *list; - const struct grub_arg_option *options; -+ grub_size_t sz0, sz1; - - options = extcmd->options; - if (! options) -@@ -443,7 +451,15 @@ grub_arg_list_alloc(grub_extcmd_t extcmd, int argc, - argcnt += ((grub_size_t) argc + 1) / 2 + 1; /* max possible for any option */ - } - -- list = grub_zalloc (sizeof (*list) * i + sizeof (char*) * argcnt); -+ if (grub_mul (sizeof (*list), i, &sz0) || -+ grub_mul (sizeof (char *), argcnt, &sz1) || -+ grub_add (sz0, sz1, &sz0)) -+ { -+ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); -+ return 0; -+ } -+ -+ list = grub_zalloc (sz0); - if (! list) - return 0; - -diff --git a/grub-core/loader/i386/bsd.c b/grub-core/loader/i386/bsd.c -index 3730ed3..b92cbe9 100644 ---- a/grub-core/loader/i386/bsd.c -+++ b/grub-core/loader/i386/bsd.c -@@ -35,6 +35,7 @@ - #include <grub/ns8250.h> - #include <grub/bsdlabel.h> - #include <grub/crypto.h> -+#include <grub/safemath.h> - #include <grub/verify.h> - #ifdef GRUB_MACHINE_PCBIOS - #include <grub/machine/int.h> -@@ -1012,11 +1013,16 @@ grub_netbsd_add_modules (void) - struct grub_netbsd_btinfo_modules *mods; - unsigned i; - grub_err_t err; -+ grub_size_t sz; - - for (mod = netbsd_mods; mod; mod = mod->next) - modcnt++; - -- mods = grub_malloc (sizeof (*mods) + sizeof (mods->mods[0]) * modcnt); -+ if (grub_mul (modcnt, sizeof (mods->mods[0]), &sz) || -+ grub_add (sz, sizeof (*mods), &sz)) -+ return GRUB_ERR_OUT_OF_RANGE; -+ -+ mods = grub_malloc (sz); - if (!mods) - return grub_errno; - -diff --git a/grub-core/net/dns.c b/grub-core/net/dns.c -index e332d5e..906ec7d 100644 ---- a/grub-core/net/dns.c -+++ b/grub-core/net/dns.c -@@ -22,6 +22,7 @@ - #include <grub/i18n.h> - #include <grub/err.h> - #include <grub/time.h> -+#include <grub/safemath.h> - - struct dns_cache_element - { -@@ -51,9 +52,15 @@ grub_net_add_dns_server (const struct grub_net_network_level_address *s) - { - int na = dns_servers_alloc * 2; - struct grub_net_network_level_address *ns; -+ grub_size_t sz; -+ - if (na < 8) - na = 8; -- ns = grub_realloc (dns_servers, na * sizeof (ns[0])); -+ -+ if (grub_mul (na, sizeof (ns[0]), &sz)) -+ return GRUB_ERR_OUT_OF_RANGE; -+ -+ ns = grub_realloc (dns_servers, sz); - if (!ns) - return grub_errno; - dns_servers_alloc = na; -diff --git a/grub-core/normal/charset.c b/grub-core/normal/charset.c -index d57fb72..4dfcc31 100644 ---- a/grub-core/normal/charset.c -+++ b/grub-core/normal/charset.c -@@ -48,6 +48,7 @@ - #include <grub/unicode.h> - #include <grub/term.h> - #include <grub/normal.h> -+#include <grub/safemath.h> - - #if HAVE_FONT_SOURCE - #include "widthspec.h" -@@ -464,6 +465,7 @@ grub_unicode_aglomerate_comb (const grub_uint32_t *in, grub_size_t inlen, - { - struct grub_unicode_combining *n; - unsigned j; -+ grub_size_t sz; - - if (!haveout) - continue; -@@ -477,10 +479,14 @@ grub_unicode_aglomerate_comb (const grub_uint32_t *in, grub_size_t inlen, - n = out->combining_inline; - else if (out->ncomb > (int) ARRAY_SIZE (out->combining_inline)) - { -- n = grub_realloc (out->combining_ptr, -- sizeof (n[0]) * (out->ncomb + 1)); -+ if (grub_add (out->ncomb, 1, &sz) || -+ grub_mul (sz, sizeof (n[0]), &sz)) -+ goto fail; -+ -+ n = grub_realloc (out->combining_ptr, sz); - if (!n) - { -+ fail: - grub_errno = GRUB_ERR_NONE; - continue; - } -diff --git a/grub-core/normal/cmdline.c b/grub-core/normal/cmdline.c -index c57242e..de03fe6 100644 ---- a/grub-core/normal/cmdline.c -+++ b/grub-core/normal/cmdline.c -@@ -28,6 +28,7 @@ - #include <grub/env.h> - #include <grub/i18n.h> - #include <grub/charset.h> -+#include <grub/safemath.h> - - static grub_uint32_t *kill_buf; - -@@ -307,12 +308,21 @@ cl_insert (struct cmdline_term *cl_terms, unsigned nterms, - if (len + (*llen) >= (*max_len)) - { - grub_uint32_t *nbuf; -- (*max_len) *= 2; -- nbuf = grub_realloc ((*buf), sizeof (grub_uint32_t) * (*max_len)); -+ grub_size_t sz; -+ -+ if (grub_mul (*max_len, 2, max_len) || -+ grub_mul (*max_len, sizeof (grub_uint32_t), &sz)) -+ { -+ grub_errno = GRUB_ERR_OUT_OF_RANGE; -+ goto fail; -+ } -+ -+ nbuf = grub_realloc ((*buf), sz); - if (nbuf) - (*buf) = nbuf; - else - { -+ fail: - grub_print_error (); - grub_errno = GRUB_ERR_NONE; - (*max_len) /= 2; -diff --git a/grub-core/normal/menu_entry.c b/grub-core/normal/menu_entry.c -index 1993995..50eef91 100644 ---- a/grub-core/normal/menu_entry.c -+++ b/grub-core/normal/menu_entry.c -@@ -27,6 +27,7 @@ - #include <grub/auth.h> - #include <grub/i18n.h> - #include <grub/charset.h> -+#include <grub/safemath.h> - - enum update_mode - { -@@ -113,10 +114,18 @@ ensure_space (struct line *linep, int extra) - { - if (linep->max_len < linep->len + extra) - { -- linep->max_len = 2 * (linep->len + extra); -- linep->buf = grub_realloc (linep->buf, (linep->max_len + 1) * sizeof (linep->buf[0])); -+ grub_size_t sz0, sz1; -+ -+ if (grub_add (linep->len, extra, &sz0) || -+ grub_mul (sz0, 2, &sz0) || -+ grub_add (sz0, 1, &sz1) || -+ grub_mul (sz1, sizeof (linep->buf[0]), &sz1)) -+ return 0; -+ -+ linep->buf = grub_realloc (linep->buf, sz1); - if (! linep->buf) - return 0; -+ linep->max_len = sz0; - } - - return 1; -diff --git a/grub-core/script/argv.c b/grub-core/script/argv.c -index 217ec5d..5751fdd 100644 ---- a/grub-core/script/argv.c -+++ b/grub-core/script/argv.c -@@ -20,6 +20,7 @@ - #include <grub/mm.h> - #include <grub/misc.h> - #include <grub/script_sh.h> -+#include <grub/safemath.h> - - /* Return nearest power of two that is >= v. */ - static unsigned -@@ -81,11 +82,16 @@ int - grub_script_argv_next (struct grub_script_argv *argv) - { - char **p = argv->args; -+ grub_size_t sz; - - if (argv->args && argv->argc && argv->args[argv->argc - 1] == 0) - return 0; - -- p = grub_realloc (p, round_up_exp ((argv->argc + 2) * sizeof (char *))); -+ if (grub_add (argv->argc, 2, &sz) || -+ grub_mul (sz, sizeof (char *), &sz)) -+ return 1; -+ -+ p = grub_realloc (p, round_up_exp (sz)); - if (! p) - return 1; - -@@ -105,13 +111,19 @@ grub_script_argv_append (struct grub_script_argv *argv, const char *s, - { - grub_size_t a; - char *p = argv->args[argv->argc - 1]; -+ grub_size_t sz; - - if (! s) - return 0; - - a = p ? grub_strlen (p) : 0; - -- p = grub_realloc (p, round_up_exp ((a + slen + 1) * sizeof (char))); -+ if (grub_add (a, slen, &sz) || -+ grub_add (sz, 1, &sz) || -+ grub_mul (sz, sizeof (char), &sz)) -+ return 1; -+ -+ p = grub_realloc (p, round_up_exp (sz)); - if (! p) - return 1; - -diff --git a/grub-core/script/lexer.c b/grub-core/script/lexer.c -index c6bd317..5fb0cbd 100644 ---- a/grub-core/script/lexer.c -+++ b/grub-core/script/lexer.c -@@ -24,6 +24,7 @@ - #include <grub/mm.h> - #include <grub/script_sh.h> - #include <grub/i18n.h> -+#include <grub/safemath.h> - - #define yytext_ptr char * - #include "grub_script.tab.h" -@@ -110,10 +111,14 @@ grub_script_lexer_record (struct grub_parser_param *parser, char *str) - old = lexer->recording; - if (lexer->recordlen < len) - lexer->recordlen = len; -- lexer->recordlen *= 2; -+ -+ if (grub_mul (lexer->recordlen, 2, &lexer->recordlen)) -+ goto fail; -+ - lexer->recording = grub_realloc (lexer->recording, lexer->recordlen); - if (!lexer->recording) - { -+ fail: - grub_free (old); - lexer->recordpos = 0; - lexer->recordlen = 0; -@@ -130,7 +135,7 @@ int - grub_script_lexer_yywrap (struct grub_parser_param *parserstate, - const char *input) - { -- grub_size_t len = 0; -+ grub_size_t len = 0, sz; - char *p = 0; - char *line = 0; - YY_BUFFER_STATE buffer; -@@ -168,12 +173,22 @@ grub_script_lexer_yywrap (struct grub_parser_param *parserstate, - } - else if (len && line[len - 1] != '\n') - { -- p = grub_realloc (line, len + 2); -+ if (grub_add (len, 2, &sz)) -+ { -+ grub_free (line); -+ grub_script_yyerror (parserstate, N_("overflow is detected")); -+ return 1; -+ } -+ -+ p = grub_realloc (line, sz); - if (p) - { - p[len++] = '\n'; - p[len] = '\0'; - } -+ else -+ grub_free (line); -+ - line = p; - } - -diff --git a/grub-core/video/bitmap.c b/grub-core/video/bitmap.c -index b2e0315..6256e20 100644 ---- a/grub-core/video/bitmap.c -+++ b/grub-core/video/bitmap.c -@@ -23,6 +23,7 @@ - #include <grub/mm.h> - #include <grub/misc.h> - #include <grub/i18n.h> -+#include <grub/safemath.h> - - GRUB_MOD_LICENSE ("GPLv3+"); - -@@ -58,7 +59,7 @@ grub_video_bitmap_create (struct grub_video_bitmap **bitmap, - enum grub_video_blit_format blit_format) - { - struct grub_video_mode_info *mode_info; -- unsigned int size; -+ grub_size_t size; - - if (!bitmap) - return grub_error (GRUB_ERR_BUG, "invalid argument"); -@@ -137,19 +138,25 @@ grub_video_bitmap_create (struct grub_video_bitmap **bitmap, - - mode_info->pitch = width * mode_info->bytes_per_pixel; - -- /* Calculate size needed for the data. */ -- size = (width * mode_info->bytes_per_pixel) * height; -+ /* Calculate size needed for the data. */ -+ if (grub_mul (width, mode_info->bytes_per_pixel, &size) || -+ grub_mul (size, height, &size)) -+ { -+ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); -+ goto fail; -+ } - - (*bitmap)->data = grub_zalloc (size); - if (! (*bitmap)->data) -- { -- grub_free (*bitmap); -- *bitmap = 0; -- -- return grub_errno; -- } -+ goto fail; - - return GRUB_ERR_NONE; -+ -+ fail: -+ grub_free (*bitmap); -+ *bitmap = NULL; -+ -+ return grub_errno; - } - - /* Frees all resources allocated by bitmap. */ -diff --git a/grub-core/video/readers/png.c b/grub-core/video/readers/png.c -index 61bd645..0157ff7 100644 ---- a/grub-core/video/readers/png.c -+++ b/grub-core/video/readers/png.c -@@ -23,6 +23,7 @@ - #include <grub/mm.h> - #include <grub/misc.h> - #include <grub/bufio.h> -+#include <grub/safemath.h> - - GRUB_MOD_LICENSE ("GPLv3+"); - -@@ -301,9 +302,17 @@ grub_png_decode_image_header (struct grub_png_data *data) - data->bpp <<= 1; - - data->color_bits = color_bits; -- data->row_bytes = data->image_width * data->bpp; -+ -+ if (grub_mul (data->image_width, data->bpp, &data->row_bytes)) -+ return grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); -+ - if (data->color_bits <= 4) -- data->row_bytes = (data->image_width * data->color_bits + 7) / 8; -+ { -+ if (grub_mul (data->image_width, data->color_bits + 7, &data->row_bytes)) -+ return grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); -+ -+ data->row_bytes >>= 3; -+ } - - #ifndef GRUB_CPU_WORDS_BIGENDIAN - if (data->is_16bit || data->is_gray || data->is_palette) --- -2.14.4 - diff --git a/poky/meta/recipes-bsp/grub/files/CVE-2020-15706-script-Avoid-a-use-after-free-when-redefining-a-func.patch b/poky/meta/recipes-bsp/grub/files/CVE-2020-15706-script-Avoid-a-use-after-free-when-redefining-a-func.patch deleted file mode 100644 index 329e554a6..000000000 --- a/poky/meta/recipes-bsp/grub/files/CVE-2020-15706-script-Avoid-a-use-after-free-when-redefining-a-func.patch +++ /dev/null @@ -1,117 +0,0 @@ -From c65fc7e75b7b7e880d90766057040011701e97f4 Mon Sep 17 00:00:00 2001 -From: Chris Coulson <chris.coulson@canonical.com> -Date: Fri, 10 Jul 2020 14:41:45 +0100 -Subject: [PATCH 8/9] script: Avoid a use-after-free when redefining a function - during execution - -Defining a new function with the same name as a previously defined -function causes the grub_script and associated resources for the -previous function to be freed. If the previous function is currently -executing when a function with the same name is defined, this results -in use-after-frees when processing subsequent commands in the original -function. - -Instead, reject a new function definition if it has the same name as -a previously defined function, and that function is currently being -executed. Although a behavioural change, this should be backwards -compatible with existing configurations because they can't be -dependent on the current behaviour without being broken. - -Fixes: CVE-2020-15706 - -Signed-off-by: Chris Coulson <chris.coulson@canonical.com> -Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> - -Upstream-Status: Backport -CVE: CVE-2020-15706 - -Reference to upstream patch: -https://git.savannah.gnu.org/cgit/grub.git/commit/?id=426f57383d647406ae9c628c472059c27cd6e040 - -Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com> ---- - grub-core/script/execute.c | 2 ++ - grub-core/script/function.c | 16 +++++++++++++--- - grub-core/script/parser.y | 3 ++- - include/grub/script_sh.h | 2 ++ - 4 files changed, 19 insertions(+), 4 deletions(-) - -diff --git a/grub-core/script/execute.c b/grub-core/script/execute.c -index c8d6806..7e028e1 100644 ---- a/grub-core/script/execute.c -+++ b/grub-core/script/execute.c -@@ -838,7 +838,9 @@ grub_script_function_call (grub_script_function_t func, int argc, char **args) - old_scope = scope; - scope = &new_scope; - -+ func->executing++; - ret = grub_script_execute (func->func); -+ func->executing--; - - function_return = 0; - active_loops = loops; -diff --git a/grub-core/script/function.c b/grub-core/script/function.c -index d36655e..3aad04b 100644 ---- a/grub-core/script/function.c -+++ b/grub-core/script/function.c -@@ -34,6 +34,7 @@ grub_script_function_create (struct grub_script_arg *functionname_arg, - func = (grub_script_function_t) grub_malloc (sizeof (*func)); - if (! func) - return 0; -+ func->executing = 0; - - func->name = grub_strdup (functionname_arg->str); - if (! func->name) -@@ -60,10 +61,19 @@ grub_script_function_create (struct grub_script_arg *functionname_arg, - grub_script_function_t q; - - q = *p; -- grub_script_free (q->func); -- q->func = cmd; - grub_free (func); -- func = q; -+ if (q->executing > 0) -+ { -+ grub_error (GRUB_ERR_BAD_ARGUMENT, -+ N_("attempt to redefine a function being executed")); -+ func = NULL; -+ } -+ else -+ { -+ grub_script_free (q->func); -+ q->func = cmd; -+ func = q; -+ } - } - else - { -diff --git a/grub-core/script/parser.y b/grub-core/script/parser.y -index 4f0ab83..f80b86b 100644 ---- a/grub-core/script/parser.y -+++ b/grub-core/script/parser.y -@@ -289,7 +289,8 @@ function: "function" "name" - grub_script_mem_free (state->func_mem); - else { - script->children = state->scripts; -- grub_script_function_create ($2, script); -+ if (!grub_script_function_create ($2, script)) -+ grub_script_free (script); - } - - state->scripts = $<scripts>3; -diff --git a/include/grub/script_sh.h b/include/grub/script_sh.h -index b382bcf..6c48e07 100644 ---- a/include/grub/script_sh.h -+++ b/include/grub/script_sh.h -@@ -361,6 +361,8 @@ struct grub_script_function - - /* The next element. */ - struct grub_script_function *next; -+ -+ unsigned executing; - }; - typedef struct grub_script_function *grub_script_function_t; - --- -2.14.4 - diff --git a/poky/meta/recipes-bsp/grub/files/CVE-2020-15707-linux-Fix-integer-overflows-in-initrd-size-handling.patch b/poky/meta/recipes-bsp/grub/files/CVE-2020-15707-linux-Fix-integer-overflows-in-initrd-size-handling.patch deleted file mode 100644 index d4f9300c0..000000000 --- a/poky/meta/recipes-bsp/grub/files/CVE-2020-15707-linux-Fix-integer-overflows-in-initrd-size-handling.patch +++ /dev/null @@ -1,177 +0,0 @@ -From 68a09a74f6d726d79709847f3671c0a08e4fb5a0 Mon Sep 17 00:00:00 2001 -From: Colin Watson <cjwatson@debian.org> -Date: Sat, 25 Jul 2020 12:15:37 +0100 -Subject: [PATCH 9/9] linux: Fix integer overflows in initrd size handling - -These could be triggered by a crafted filesystem with very large files. - -Fixes: CVE-2020-15707 - -Signed-off-by: Colin Watson <cjwatson@debian.org> -Reviewed-by: Jan Setje-Eilers <jan.setjeeilers@oracle.com> -Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> - -Upstream-Status: Backport -CVE: CVE-2020-15707 - -Reference to upstream patch: -https://git.savannah.gnu.org/cgit/grub.git/commit/?id=e7b8856f8be3292afdb38d2e8c70ad8d62a61e10 - -Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com> ---- - grub-core/loader/linux.c | 74 +++++++++++++++++++++++++++++++++++------------- - 1 file changed, 54 insertions(+), 20 deletions(-) - -diff --git a/grub-core/loader/linux.c b/grub-core/loader/linux.c -index 471b214..8c8565a 100644 ---- a/grub-core/loader/linux.c -+++ b/grub-core/loader/linux.c -@@ -4,6 +4,7 @@ - #include <grub/misc.h> - #include <grub/file.h> - #include <grub/mm.h> -+#include <grub/safemath.h> - - struct newc_head - { -@@ -98,13 +99,13 @@ free_dir (struct dir *root) - grub_free (root); - } - --static grub_size_t -+static grub_err_t - insert_dir (const char *name, struct dir **root, -- grub_uint8_t *ptr) -+ grub_uint8_t *ptr, grub_size_t *size) - { - struct dir *cur, **head = root; - const char *cb, *ce = name; -- grub_size_t size = 0; -+ *size = 0; - while (1) - { - for (cb = ce; *cb == '/'; cb++); -@@ -130,14 +131,22 @@ insert_dir (const char *name, struct dir **root, - ptr = make_header (ptr, name, ce - name, - 040777, 0); - } -- size += ALIGN_UP ((ce - (char *) name) -- + sizeof (struct newc_head), 4); -+ if (grub_add (*size, -+ ALIGN_UP ((ce - (char *) name) -+ + sizeof (struct newc_head), 4), -+ size)) -+ { -+ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); -+ grub_free (n->name); -+ grub_free (n); -+ return grub_errno; -+ } - *head = n; - cur = n; - } - root = &cur->next; - } -- return size; -+ return GRUB_ERR_NONE; - } - - grub_err_t -@@ -173,26 +182,33 @@ grub_initrd_init (int argc, char *argv[], - eptr = grub_strchr (ptr, ':'); - if (eptr) - { -+ grub_size_t dir_size, name_len; -+ - initrd_ctx->components[i].newc_name = grub_strndup (ptr, eptr - ptr); -- if (!initrd_ctx->components[i].newc_name) -+ if (!initrd_ctx->components[i].newc_name || -+ insert_dir (initrd_ctx->components[i].newc_name, &root, 0, -+ &dir_size)) - { - grub_initrd_close (initrd_ctx); - return grub_errno; - } -- initrd_ctx->size -- += ALIGN_UP (sizeof (struct newc_head) -- + grub_strlen (initrd_ctx->components[i].newc_name), -- 4); -- initrd_ctx->size += insert_dir (initrd_ctx->components[i].newc_name, -- &root, 0); -+ name_len = grub_strlen (initrd_ctx->components[i].newc_name); -+ if (grub_add (initrd_ctx->size, -+ ALIGN_UP (sizeof (struct newc_head) + name_len, 4), -+ &initrd_ctx->size) || -+ grub_add (initrd_ctx->size, dir_size, &initrd_ctx->size)) -+ goto overflow; - newc = 1; - fname = eptr + 1; - } - } - else if (newc) - { -- initrd_ctx->size += ALIGN_UP (sizeof (struct newc_head) -- + sizeof ("TRAILER!!!") - 1, 4); -+ if (grub_add (initrd_ctx->size, -+ ALIGN_UP (sizeof (struct newc_head) -+ + sizeof ("TRAILER!!!") - 1, 4), -+ &initrd_ctx->size)) -+ goto overflow; - free_dir (root); - root = 0; - newc = 0; -@@ -208,19 +224,29 @@ grub_initrd_init (int argc, char *argv[], - initrd_ctx->nfiles++; - initrd_ctx->components[i].size - = grub_file_size (initrd_ctx->components[i].file); -- initrd_ctx->size += initrd_ctx->components[i].size; -+ if (grub_add (initrd_ctx->size, initrd_ctx->components[i].size, -+ &initrd_ctx->size)) -+ goto overflow; - } - - if (newc) - { - initrd_ctx->size = ALIGN_UP (initrd_ctx->size, 4); -- initrd_ctx->size += ALIGN_UP (sizeof (struct newc_head) -- + sizeof ("TRAILER!!!") - 1, 4); -+ if (grub_add (initrd_ctx->size, -+ ALIGN_UP (sizeof (struct newc_head) -+ + sizeof ("TRAILER!!!") - 1, 4), -+ &initrd_ctx->size)) -+ goto overflow; - free_dir (root); - root = 0; - } - - return GRUB_ERR_NONE; -+ -+ overflow: -+ free_dir (root); -+ grub_initrd_close (initrd_ctx); -+ return grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); - } - - grub_size_t -@@ -261,8 +287,16 @@ grub_initrd_load (struct grub_linux_initrd_context *initrd_ctx, - - if (initrd_ctx->components[i].newc_name) - { -- ptr += insert_dir (initrd_ctx->components[i].newc_name, -- &root, ptr); -+ grub_size_t dir_size; -+ -+ if (insert_dir (initrd_ctx->components[i].newc_name, &root, ptr, -+ &dir_size)) -+ { -+ free_dir (root); -+ grub_initrd_close (initrd_ctx); -+ return grub_errno; -+ } -+ ptr += dir_size; - ptr = make_header (ptr, initrd_ctx->components[i].newc_name, - grub_strlen (initrd_ctx->components[i].newc_name), - 0100777, --- -2.14.4 - diff --git a/poky/meta/recipes-bsp/grub/files/autogen.sh-exclude-pc.patch b/poky/meta/recipes-bsp/grub/files/autogen.sh-exclude-pc.patch index faa7fde23..1323a54a5 100644 --- a/poky/meta/recipes-bsp/grub/files/autogen.sh-exclude-pc.patch +++ b/poky/meta/recipes-bsp/grub/files/autogen.sh-exclude-pc.patch @@ -1,6 +1,6 @@ -From 72c30928d3d461e0e2d20c5ff33bd96b6991d585 Mon Sep 17 00:00:00 2001 -From: Robert Yang <liezhi.yang@windriver.com> -Date: Sat, 25 Jan 2014 23:49:44 -0500 +From 8790aa8bea736f52341a0430ff3e317d3be0f99b Mon Sep 17 00:00:00 2001 +From: Naveen Saini <naveen.kumar.saini@intel.com> +Date: Mon, 15 Mar 2021 14:44:15 +0800 Subject: [PATCH] autogen.sh: exclude .pc from po/POTFILES.in Exclude the .pc from po/POTFILES.in since quilt uses "patch --backup", @@ -13,23 +13,24 @@ Upstream-Status: Inappropriate [OE specific] Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> +Signed-off-by: Naveen Saini <naveen.kumar.saini@intel.com> --- autogen.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/autogen.sh b/autogen.sh -index ef43270..a7067a7 100755 +index 31b0ced7e..c63ae766c 100755 --- a/autogen.sh +++ b/autogen.sh @@ -13,7 +13,7 @@ fi export LC_COLLATE=C unset LC_ALL --find . -iname '*.[ch]' ! -ipath './grub-core/lib/libgcrypt-grub/*' ! -ipath './build-aux/*' ! -ipath './grub-core/lib/libgcrypt/src/misc.c' ! -ipath './grub-core/lib/libgcrypt/src/global.c' ! -ipath './grub-core/lib/libgcrypt/src/secmem.c' ! -ipath './util/grub-gen-widthspec.c' ! -ipath './util/grub-gen-asciih.c' ! -ipath './gnulib/*' ! -iname './grub-core/lib/gnulib/*' |sort > po/POTFILES.in -+find . -iname '*.[ch]' ! -ipath './grub-core/lib/libgcrypt-grub/*' ! -ipath './build-aux/*' ! -ipath './grub-core/lib/libgcrypt/src/misc.c' ! -ipath './grub-core/lib/libgcrypt/src/global.c' ! -ipath './grub-core/lib/libgcrypt/src/secmem.c' ! -ipath './util/grub-gen-widthspec.c' ! -ipath './util/grub-gen-asciih.c' ! -ipath './gnulib/*' ! -iname './grub-core/lib/gnulib/*' ! -path './.pc/*' |sort > po/POTFILES.in +-find . -iname '*.[ch]' ! -ipath './grub-core/lib/libgcrypt-grub/*' ! -ipath './build-aux/*' ! -ipath './grub-core/lib/libgcrypt/src/misc.c' ! -ipath './grub-core/lib/libgcrypt/src/global.c' ! -ipath './grub-core/lib/libgcrypt/src/secmem.c' ! -ipath './util/grub-gen-widthspec.c' ! -ipath './util/grub-gen-asciih.c' ! -ipath './gnulib/*' ! -ipath './grub-core/lib/gnulib/*' |sort > po/POTFILES.in ++find . -iname '*.[ch]' ! -ipath './grub-core/lib/libgcrypt-grub/*' ! -ipath './build-aux/*' ! -ipath './grub-core/lib/libgcrypt/src/misc.c' ! -ipath './grub-core/lib/libgcrypt/src/global.c' ! -ipath './grub-core/lib/libgcrypt/src/secmem.c' ! -ipath './util/grub-gen-widthspec.c' ! -ipath './util/grub-gen-asciih.c' ! -ipath './gnulib/*' ! -ipath './grub-core/lib/gnulib/*' ! -path './.pc/*' |sort > po/POTFILES.in find util -iname '*.in' ! -name Makefile.in |sort > po/POTFILES-shell.in echo "Importing unicode..." -- -2.7.4 +2.17.1 diff --git a/poky/meta/recipes-bsp/grub/files/calloc-Make-sure-we-always-have-an-overflow-checking.patch b/poky/meta/recipes-bsp/grub/files/calloc-Make-sure-we-always-have-an-overflow-checking.patch deleted file mode 100644 index c9536e68e..000000000 --- a/poky/meta/recipes-bsp/grub/files/calloc-Make-sure-we-always-have-an-overflow-checking.patch +++ /dev/null @@ -1,246 +0,0 @@ -From c005f62f5c4b26a77b916c8f76a852324439ecb3 Mon Sep 17 00:00:00 2001 -From: Peter Jones <pjones@redhat.com> -Date: Mon, 15 Jun 2020 12:15:29 -0400 -Subject: [PATCH 2/9] calloc: Make sure we always have an overflow-checking - calloc() available - -This tries to make sure that everywhere in this source tree, we always have -an appropriate version of calloc() (i.e. grub_calloc(), xcalloc(), etc.) -available, and that they all safely check for overflow and return NULL when -it would occur. - -Upstream-Status: Backport [commit 64e26162ebfe68317c143ca5ec996c892019f8f8 -from https://git.savannah.gnu.org/git/grub.git] - -Signed-off-by: Peter Jones <pjones@redhat.com> -Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> -Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com> ---- - grub-core/kern/emu/misc.c | 12 ++++++++++++ - grub-core/kern/emu/mm.c | 10 ++++++++++ - grub-core/kern/mm.c | 40 ++++++++++++++++++++++++++++++++++++++ - grub-core/lib/libgcrypt_wrap/mem.c | 11 +++++++++-- - grub-core/lib/posix_wrap/stdlib.h | 8 +++++++- - include/grub/emu/misc.h | 1 + - include/grub/mm.h | 6 ++++++ - 7 files changed, 85 insertions(+), 3 deletions(-) - -diff --git a/grub-core/kern/emu/misc.c b/grub-core/kern/emu/misc.c -index 65db79b..dfd8a8e 100644 ---- a/grub-core/kern/emu/misc.c -+++ b/grub-core/kern/emu/misc.c -@@ -85,6 +85,18 @@ grub_util_error (const char *fmt, ...) - exit (1); - } - -+void * -+xcalloc (grub_size_t nmemb, grub_size_t size) -+{ -+ void *p; -+ -+ p = calloc (nmemb, size); -+ if (!p) -+ grub_util_error ("%s", _("out of memory")); -+ -+ return p; -+} -+ - void * - xmalloc (grub_size_t size) - { -diff --git a/grub-core/kern/emu/mm.c b/grub-core/kern/emu/mm.c -index f262e95..145b01d 100644 ---- a/grub-core/kern/emu/mm.c -+++ b/grub-core/kern/emu/mm.c -@@ -25,6 +25,16 @@ - #include <string.h> - #include <grub/i18n.h> - -+void * -+grub_calloc (grub_size_t nmemb, grub_size_t size) -+{ -+ void *ret; -+ ret = calloc (nmemb, size); -+ if (!ret) -+ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory")); -+ return ret; -+} -+ - void * - grub_malloc (grub_size_t size) - { -diff --git a/grub-core/kern/mm.c b/grub-core/kern/mm.c -index ee88ff6..f2822a8 100644 ---- a/grub-core/kern/mm.c -+++ b/grub-core/kern/mm.c -@@ -67,8 +67,10 @@ - #include <grub/dl.h> - #include <grub/i18n.h> - #include <grub/mm_private.h> -+#include <grub/safemath.h> - - #ifdef MM_DEBUG -+# undef grub_calloc - # undef grub_malloc - # undef grub_zalloc - # undef grub_realloc -@@ -375,6 +377,30 @@ grub_memalign (grub_size_t align, grub_size_t size) - return 0; - } - -+/* -+ * Allocate NMEMB instances of SIZE bytes and return the pointer, or error on -+ * integer overflow. -+ */ -+void * -+grub_calloc (grub_size_t nmemb, grub_size_t size) -+{ -+ void *ret; -+ grub_size_t sz = 0; -+ -+ if (grub_mul (nmemb, size, &sz)) -+ { -+ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); -+ return NULL; -+ } -+ -+ ret = grub_memalign (0, sz); -+ if (!ret) -+ return NULL; -+ -+ grub_memset (ret, 0, sz); -+ return ret; -+} -+ - /* Allocate SIZE bytes and return the pointer. */ - void * - grub_malloc (grub_size_t size) -@@ -561,6 +587,20 @@ grub_mm_dump (unsigned lineno) - grub_printf ("\n"); - } - -+void * -+grub_debug_calloc (const char *file, int line, grub_size_t nmemb, grub_size_t size) -+{ -+ void *ptr; -+ -+ if (grub_mm_debug) -+ grub_printf ("%s:%d: calloc (0x%" PRIxGRUB_SIZE ", 0x%" PRIxGRUB_SIZE ") = ", -+ file, line, size); -+ ptr = grub_calloc (nmemb, size); -+ if (grub_mm_debug) -+ grub_printf ("%p\n", ptr); -+ return ptr; -+} -+ - void * - grub_debug_malloc (const char *file, int line, grub_size_t size) - { -diff --git a/grub-core/lib/libgcrypt_wrap/mem.c b/grub-core/lib/libgcrypt_wrap/mem.c -index beeb661..74c6eaf 100644 ---- a/grub-core/lib/libgcrypt_wrap/mem.c -+++ b/grub-core/lib/libgcrypt_wrap/mem.c -@@ -4,6 +4,7 @@ - #include <grub/crypto.h> - #include <grub/dl.h> - #include <grub/env.h> -+#include <grub/safemath.h> - - GRUB_MOD_LICENSE ("GPLv3+"); - -@@ -36,7 +37,10 @@ void * - gcry_xcalloc (size_t n, size_t m) - { - void *ret; -- ret = grub_zalloc (n * m); -+ size_t sz; -+ if (grub_mul (n, m, &sz)) -+ grub_fatal ("gcry_xcalloc would overflow"); -+ ret = grub_zalloc (sz); - if (!ret) - grub_fatal ("gcry_xcalloc failed"); - return ret; -@@ -56,7 +60,10 @@ void * - gcry_xcalloc_secure (size_t n, size_t m) - { - void *ret; -- ret = grub_zalloc (n * m); -+ size_t sz; -+ if (grub_mul (n, m, &sz)) -+ grub_fatal ("gcry_xcalloc would overflow"); -+ ret = grub_zalloc (sz); - if (!ret) - grub_fatal ("gcry_xcalloc failed"); - return ret; -diff --git a/grub-core/lib/posix_wrap/stdlib.h b/grub-core/lib/posix_wrap/stdlib.h -index 3b46f47..7a8d385 100644 ---- a/grub-core/lib/posix_wrap/stdlib.h -+++ b/grub-core/lib/posix_wrap/stdlib.h -@@ -21,6 +21,7 @@ - - #include <grub/mm.h> - #include <grub/misc.h> -+#include <grub/safemath.h> - - static inline void - free (void *ptr) -@@ -37,7 +38,12 @@ malloc (grub_size_t size) - static inline void * - calloc (grub_size_t size, grub_size_t nelem) - { -- return grub_zalloc (size * nelem); -+ grub_size_t sz; -+ -+ if (grub_mul (size, nelem, &sz)) -+ return NULL; -+ -+ return grub_zalloc (sz); - } - - static inline void * -diff --git a/include/grub/emu/misc.h b/include/grub/emu/misc.h -index ce464cf..ff9c48a 100644 ---- a/include/grub/emu/misc.h -+++ b/include/grub/emu/misc.h -@@ -47,6 +47,7 @@ grub_util_device_is_mapped (const char *dev); - #define GRUB_HOST_PRIuLONG_LONG "llu" - #define GRUB_HOST_PRIxLONG_LONG "llx" - -+void * EXPORT_FUNC(xcalloc) (grub_size_t nmemb, grub_size_t size) WARN_UNUSED_RESULT; - void * EXPORT_FUNC(xmalloc) (grub_size_t size) WARN_UNUSED_RESULT; - void * EXPORT_FUNC(xrealloc) (void *ptr, grub_size_t size) WARN_UNUSED_RESULT; - char * EXPORT_FUNC(xstrdup) (const char *str) WARN_UNUSED_RESULT; -diff --git a/include/grub/mm.h b/include/grub/mm.h -index 28e2e53..9c38dd3 100644 ---- a/include/grub/mm.h -+++ b/include/grub/mm.h -@@ -29,6 +29,7 @@ - #endif - - void grub_mm_init_region (void *addr, grub_size_t size); -+void *EXPORT_FUNC(grub_calloc) (grub_size_t nmemb, grub_size_t size); - void *EXPORT_FUNC(grub_malloc) (grub_size_t size); - void *EXPORT_FUNC(grub_zalloc) (grub_size_t size); - void EXPORT_FUNC(grub_free) (void *ptr); -@@ -48,6 +49,9 @@ extern int EXPORT_VAR(grub_mm_debug); - void grub_mm_dump_free (void); - void grub_mm_dump (unsigned lineno); - -+#define grub_calloc(nmemb, size) \ -+ grub_debug_calloc (GRUB_FILE, __LINE__, nmemb, size) -+ - #define grub_malloc(size) \ - grub_debug_malloc (GRUB_FILE, __LINE__, size) - -@@ -63,6 +67,8 @@ void grub_mm_dump (unsigned lineno); - #define grub_free(ptr) \ - grub_debug_free (GRUB_FILE, __LINE__, ptr) - -+void *EXPORT_FUNC(grub_debug_calloc) (const char *file, int line, -+ grub_size_t nmemb, grub_size_t size); - void *EXPORT_FUNC(grub_debug_malloc) (const char *file, int line, - grub_size_t size); - void *EXPORT_FUNC(grub_debug_zalloc) (const char *file, int line, --- -2.14.4 - diff --git a/poky/meta/recipes-bsp/grub/files/determinism.patch b/poky/meta/recipes-bsp/grub/files/determinism.patch index 3c1f562c7..2828e8097 100644 --- a/poky/meta/recipes-bsp/grub/files/determinism.patch +++ b/poky/meta/recipes-bsp/grub/files/determinism.patch @@ -1,6 +1,9 @@ -The output in moddep.lst generated from syminfo.lst using genmoddep.awk is -not deterministic since the order of the dependencies on each line can vary -depending on how awk sorts the values in the array. +From b6f9b3f6fa782807c4a7ec16ee8ef868cdfbf468 Mon Sep 17 00:00:00 2001 +From: Naveen Saini <naveen.kumar.saini@intel.com> +Date: Mon, 15 Mar 2021 14:56:18 +0800 +Subject: [PATCH] The output in moddep.lst generated from syminfo.lst using + genmoddep.awk is not deterministic since the order of the dependencies on + each line can vary depending on how awk sorts the values in the array. Be deterministic in the output by sorting the dependencies on each line. @@ -13,11 +16,29 @@ keys of the dict. Upstream-Status: Pending Richard Purdie <richard.purdie@linuxfoundation.org> +Signed-off-by: Naveen Saini <naveen.kumar.saini@intel.com> +--- + gentpl.py | 1 + + grub-core/genmoddep.awk | 4 +++- + util/import_unicode.py | 2 +- + 3 files changed, 5 insertions(+), 2 deletions(-) -Index: grub-2.04/grub-core/genmoddep.awk -=================================================================== ---- grub-2.04.orig/grub-core/genmoddep.awk -+++ grub-2.04/grub-core/genmoddep.awk +diff --git a/gentpl.py b/gentpl.py +index c86550d4f..589285192 100644 +--- a/gentpl.py ++++ b/gentpl.py +@@ -568,6 +568,7 @@ def foreach_platform_value(defn, platform, suffix, closure): + for group in RMAP[platform]: + for value in defn.find_all(group + suffix): + r.append(closure(value)) ++ r.sort() + return ''.join(r) + + def platform_conditional(platform, closure): +diff --git a/grub-core/genmoddep.awk b/grub-core/genmoddep.awk +index 04c2863e5..247436392 100644 +--- a/grub-core/genmoddep.awk ++++ b/grub-core/genmoddep.awk @@ -59,7 +59,9 @@ END { } modlist = "" @@ -29,22 +50,10 @@ Index: grub-2.04/grub-core/genmoddep.awk modlist = modlist " " depmod; inverse_dependencies[depmod] = inverse_dependencies[depmod] " " mod depcount[mod]++ -Index: grub-2.04/gentpl.py -=================================================================== ---- grub-2.04.orig/gentpl.py -+++ grub-2.04/gentpl.py -@@ -568,6 +568,7 @@ def foreach_platform_value(defn, platfor - for group in RMAP[platform]: - for value in defn.find_all(group + suffix): - r.append(closure(value)) -+ r.sort() - return ''.join(r) - - def platform_conditional(platform, closure): -Index: grub-2.04/util/import_unicode.py -=================================================================== ---- grub-2.04.orig/util/import_unicode.py -+++ grub-2.04/util/import_unicode.py +diff --git a/util/import_unicode.py b/util/import_unicode.py +index 08f80591e..1f434a069 100644 +--- a/util/import_unicode.py ++++ b/util/import_unicode.py @@ -174,7 +174,7 @@ infile.close () outfile.write ("struct grub_unicode_arabic_shape grub_unicode_arabic_shapes[] = {\n ") @@ -54,3 +63,6 @@ Index: grub-2.04/util/import_unicode.py try: if arabicsubst[x]['join'] == "DUAL": outfile.write ("{0x%x, 0x%x, 0x%x, 0x%x, 0x%x},\n " % (arabicsubst[x][0], arabicsubst[x][1], arabicsubst[x][2], arabicsubst[x][3], arabicsubst[x][4])) +-- +2.17.1 + diff --git a/poky/meta/recipes-bsp/grub/files/lvm-Add-LVM-cache-logical-volume-handling.patch b/poky/meta/recipes-bsp/grub/files/lvm-Add-LVM-cache-logical-volume-handling.patch deleted file mode 100644 index 2b8157f59..000000000 --- a/poky/meta/recipes-bsp/grub/files/lvm-Add-LVM-cache-logical-volume-handling.patch +++ /dev/null @@ -1,287 +0,0 @@ -From 8eb02bcb5897b238b29ff762402bb0c3028f0eab Mon Sep 17 00:00:00 2001 -From: Michael Chang <mchang@suse.com> -Date: Thu, 19 Mar 2020 13:56:13 +0800 -Subject: [PATCH 3/9] lvm: Add LVM cache logical volume handling - -The LVM cache logical volume is the logical volume consisting of the original -and the cache pool logical volume. The original is usually on a larger and -slower storage device while the cache pool is on a smaller and faster one. The -performance of the original volume can be improved by storing the frequently -used data on the cache pool to utilize the greater performance of faster -device. - -The default cache mode "writethrough" ensures that any data written will be -stored both in the cache and on the origin LV, therefore grub can be straight -to read the original lv as no data loss is guarenteed. - -The second cache mode is "writeback", which delays writing from the cache pool -back to the origin LV to have increased performance. The drawback is potential -data loss if losing the associated cache device. - -During the boot time grub reads the LVM offline i.e. LVM volumes are not -activated and mounted, hence it should be fine to read directly from original -lv since all cached data should have been flushed back in the process of taking -it offline. - -It is also not much helpful to the situation by adding fsync calls to the -install code. The fsync did not force to write back dirty cache to the original -device and rather it would update associated cache metadata to complete the -write transaction with the cache device. IOW the writes to cached blocks still -go only to the cache device. - -To write back dirty cache, as LVM cache did not support dirty cache flush per -block range, there'no way to do it for file. On the other hand the "cleaner" -policy is implemented and can be used to write back "all" dirty blocks in a -cache, which effectively drain all dirty cache gradually to attain and last in -the "clean" state, which can be useful for shrinking or decommissioning a -cache. The result and effect is not what we are looking for here. - -In conclusion, as it seems no way to enforce file writes to the original -device, grub may suffer from power failure as it cannot assemble the cache -device and read the dirty data from it. However since the case is only -applicable to writeback mode which is sensitive to data lost in nature, I'd -still like to propose my (relatively simple) patch and treat reading dirty -cache as improvement. - -Upstream-Status: Backport [commit 0454b0445393aafc5600e92ef0c39494e333b135 -from https://git.savannah.gnu.org/git/grub.git] - -Signed-off-by: Michael Chang <mchang@suse.com> -Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> -Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com> ---- - grub-core/disk/lvm.c | 190 +++++++++++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 190 insertions(+) - -diff --git a/grub-core/disk/lvm.c b/grub-core/disk/lvm.c -index 7b265c7..dc6b83b 100644 ---- a/grub-core/disk/lvm.c -+++ b/grub-core/disk/lvm.c -@@ -33,6 +33,14 @@ - - GRUB_MOD_LICENSE ("GPLv3+"); - -+struct cache_lv -+{ -+ struct grub_diskfilter_lv *lv; -+ char *cache_pool; -+ char *origin; -+ struct cache_lv *next; -+}; -+ - - /* Go the string STR and return the number after STR. *P will point - at the number. In case STR is not found, *P will be NULL and the -@@ -95,6 +103,34 @@ grub_lvm_check_flag (char *p, const char *str, const char *flag) - } - } - -+static void -+grub_lvm_free_cache_lvs (struct cache_lv *cache_lvs) -+{ -+ struct cache_lv *cache; -+ -+ while ((cache = cache_lvs)) -+ { -+ cache_lvs = cache_lvs->next; -+ -+ if (cache->lv) -+ { -+ unsigned int i; -+ -+ for (i = 0; i < cache->lv->segment_count; ++i) -+ if (cache->lv->segments) -+ grub_free (cache->lv->segments[i].nodes); -+ grub_free (cache->lv->segments); -+ grub_free (cache->lv->fullname); -+ grub_free (cache->lv->idname); -+ grub_free (cache->lv->name); -+ } -+ grub_free (cache->lv); -+ grub_free (cache->origin); -+ grub_free (cache->cache_pool); -+ grub_free (cache); -+ } -+} -+ - static struct grub_diskfilter_vg * - grub_lvm_detect (grub_disk_t disk, - struct grub_diskfilter_pv_id *id, -@@ -242,6 +278,8 @@ grub_lvm_detect (grub_disk_t disk, - - if (! vg) - { -+ struct cache_lv *cache_lvs = NULL; -+ - /* First time we see this volume group. We've to create the - whole volume group structure. */ - vg = grub_malloc (sizeof (*vg)); -@@ -671,6 +709,106 @@ grub_lvm_detect (grub_disk_t disk, - seg->nodes[seg->node_count - 1].name = tmp; - } - } -+ else if (grub_memcmp (p, "cache\"", -+ sizeof ("cache\"") - 1) == 0) -+ { -+ struct cache_lv *cache = NULL; -+ -+ char *p2, *p3; -+ grub_size_t sz; -+ -+ cache = grub_zalloc (sizeof (*cache)); -+ if (!cache) -+ goto cache_lv_fail; -+ cache->lv = grub_zalloc (sizeof (*cache->lv)); -+ if (!cache->lv) -+ goto cache_lv_fail; -+ grub_memcpy (cache->lv, lv, sizeof (*cache->lv)); -+ -+ if (lv->fullname) -+ { -+ cache->lv->fullname = grub_strdup (lv->fullname); -+ if (!cache->lv->fullname) -+ goto cache_lv_fail; -+ } -+ if (lv->idname) -+ { -+ cache->lv->idname = grub_strdup (lv->idname); -+ if (!cache->lv->idname) -+ goto cache_lv_fail; -+ } -+ if (lv->name) -+ { -+ cache->lv->name = grub_strdup (lv->name); -+ if (!cache->lv->name) -+ goto cache_lv_fail; -+ } -+ -+ skip_lv = 1; -+ -+ p2 = grub_strstr (p, "cache_pool = \""); -+ if (!p2) -+ goto cache_lv_fail; -+ -+ p2 = grub_strchr (p2, '"'); -+ if (!p2) -+ goto cache_lv_fail; -+ -+ p3 = ++p2; -+ p3 = grub_strchr (p3, '"'); -+ if (!p3) -+ goto cache_lv_fail; -+ -+ sz = p3 - p2; -+ -+ cache->cache_pool = grub_malloc (sz + 1); -+ if (!cache->cache_pool) -+ goto cache_lv_fail; -+ grub_memcpy (cache->cache_pool, p2, sz); -+ cache->cache_pool[sz] = '\0'; -+ -+ p2 = grub_strstr (p, "origin = \""); -+ if (!p2) -+ goto cache_lv_fail; -+ -+ p2 = grub_strchr (p2, '"'); -+ if (!p2) -+ goto cache_lv_fail; -+ -+ p3 = ++p2; -+ p3 = grub_strchr (p3, '"'); -+ if (!p3) -+ goto cache_lv_fail; -+ -+ sz = p3 - p2; -+ -+ cache->origin = grub_malloc (sz + 1); -+ if (!cache->origin) -+ goto cache_lv_fail; -+ grub_memcpy (cache->origin, p2, sz); -+ cache->origin[sz] = '\0'; -+ -+ cache->next = cache_lvs; -+ cache_lvs = cache; -+ break; -+ -+ cache_lv_fail: -+ if (cache) -+ { -+ grub_free (cache->origin); -+ grub_free (cache->cache_pool); -+ if (cache->lv) -+ { -+ grub_free (cache->lv->fullname); -+ grub_free (cache->lv->idname); -+ grub_free (cache->lv->name); -+ } -+ grub_free (cache->lv); -+ grub_free (cache); -+ } -+ grub_lvm_free_cache_lvs (cache_lvs); -+ goto fail4; -+ } - else - { - #ifdef GRUB_UTIL -@@ -747,6 +885,58 @@ grub_lvm_detect (grub_disk_t disk, - } - - } -+ -+ { -+ struct cache_lv *cache; -+ -+ for (cache = cache_lvs; cache; cache = cache->next) -+ { -+ struct grub_diskfilter_lv *lv; -+ -+ for (lv = vg->lvs; lv; lv = lv->next) -+ if (grub_strcmp (lv->name, cache->origin) == 0) -+ break; -+ if (lv) -+ { -+ cache->lv->segments = grub_malloc (lv->segment_count * sizeof (*lv->segments)); -+ if (!cache->lv->segments) -+ { -+ grub_lvm_free_cache_lvs (cache_lvs); -+ goto fail4; -+ } -+ grub_memcpy (cache->lv->segments, lv->segments, lv->segment_count * sizeof (*lv->segments)); -+ -+ for (i = 0; i < lv->segment_count; ++i) -+ { -+ struct grub_diskfilter_node *nodes = lv->segments[i].nodes; -+ grub_size_t node_count = lv->segments[i].node_count; -+ -+ cache->lv->segments[i].nodes = grub_malloc (node_count * sizeof (*nodes)); -+ if (!cache->lv->segments[i].nodes) -+ { -+ for (j = 0; j < i; ++j) -+ grub_free (cache->lv->segments[j].nodes); -+ grub_free (cache->lv->segments); -+ cache->lv->segments = NULL; -+ grub_lvm_free_cache_lvs (cache_lvs); -+ goto fail4; -+ } -+ grub_memcpy (cache->lv->segments[i].nodes, nodes, node_count * sizeof (*nodes)); -+ } -+ -+ if (cache->lv->segments) -+ { -+ cache->lv->segment_count = lv->segment_count; -+ cache->lv->vg = vg; -+ cache->lv->next = vg->lvs; -+ vg->lvs = cache->lv; -+ cache->lv = NULL; -+ } -+ } -+ } -+ } -+ -+ grub_lvm_free_cache_lvs (cache_lvs); - if (grub_diskfilter_vg_register (vg)) - goto fail4; - } --- -2.14.4 - diff --git a/poky/meta/recipes-bsp/grub/files/safemath-Add-some-arithmetic-primitives-that-check-f.patch b/poky/meta/recipes-bsp/grub/files/safemath-Add-some-arithmetic-primitives-that-check-f.patch deleted file mode 100644 index 29021e8d8..000000000 --- a/poky/meta/recipes-bsp/grub/files/safemath-Add-some-arithmetic-primitives-that-check-f.patch +++ /dev/null @@ -1,94 +0,0 @@ -From 06c361a71c4998635493610e5d76d0d223925251 Mon Sep 17 00:00:00 2001 -From: Peter Jones <pjones@redhat.com> -Date: Mon, 15 Jun 2020 10:58:42 -0400 -Subject: [PATCH 5/9] safemath: Add some arithmetic primitives that check for - overflow - -This adds a new header, include/grub/safemath.h, that includes easy to -use wrappers for __builtin_{add,sub,mul}_overflow() declared like: - - bool OP(a, b, res) - -where OP is grub_add, grub_sub or grub_mul. OP() returns true in the -case where the operation would overflow and res is not modified. -Otherwise, false is returned and the operation is executed. - -These arithmetic primitives require newer compiler versions. So, bump -these requirements in the INSTALL file too. - -Upstream-Status: Backport [commit 68708c4503018d61dbcce7ac11cbb511d6425f4d -from https://git.savannah.gnu.org/git/grub.git] - -Signed-off-by: Peter Jones <pjones@redhat.com> -Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> -[YL: omit the change to INSTALL from original patch] -Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com> ---- - include/grub/compiler.h | 8 ++++++++ - include/grub/safemath.h | 37 +++++++++++++++++++++++++++++++++++++ - 2 files changed, 45 insertions(+) - create mode 100644 include/grub/safemath.h - -diff --git a/include/grub/compiler.h b/include/grub/compiler.h -index c9e1d7a..8f3be3a 100644 ---- a/include/grub/compiler.h -+++ b/include/grub/compiler.h -@@ -48,4 +48,12 @@ - # define WARN_UNUSED_RESULT - #endif - -+#if defined(__clang__) && defined(__clang_major__) && defined(__clang_minor__) -+# define CLANG_PREREQ(maj,min) \ -+ ((__clang_major__ > (maj)) || \ -+ (__clang_major__ == (maj) && __clang_minor__ >= (min))) -+#else -+# define CLANG_PREREQ(maj,min) 0 -+#endif -+ - #endif /* ! GRUB_COMPILER_HEADER */ -diff --git a/include/grub/safemath.h b/include/grub/safemath.h -new file mode 100644 -index 0000000..c17b89b ---- /dev/null -+++ b/include/grub/safemath.h -@@ -0,0 +1,37 @@ -+/* -+ * GRUB -- GRand Unified Bootloader -+ * Copyright (C) 2020 Free Software Foundation, Inc. -+ * -+ * GRUB is free software: you can redistribute it and/or modify -+ * it under the terms of the GNU General Public License as published by -+ * the Free Software Foundation, either version 3 of the License, or -+ * (at your option) any later version. -+ * -+ * GRUB is distributed in the hope that it will be useful, -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ * GNU General Public License for more details. -+ * -+ * You should have received a copy of the GNU General Public License -+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>. -+ * -+ * Arithmetic operations that protect against overflow. -+ */ -+ -+#ifndef GRUB_SAFEMATH_H -+#define GRUB_SAFEMATH_H 1 -+ -+#include <grub/compiler.h> -+ -+/* These appear in gcc 5.1 and clang 3.8. */ -+#if GNUC_PREREQ(5, 1) || CLANG_PREREQ(3, 8) -+ -+#define grub_add(a, b, res) __builtin_add_overflow(a, b, res) -+#define grub_sub(a, b, res) __builtin_sub_overflow(a, b, res) -+#define grub_mul(a, b, res) __builtin_mul_overflow(a, b, res) -+ -+#else -+#error gcc 5.1 or newer or clang 3.8 or newer is required -+#endif -+ -+#endif /* GRUB_SAFEMATH_H */ --- -2.14.4 - diff --git a/poky/meta/recipes-bsp/grub/files/script-Remove-unused-fields-from-grub_script_functio.patch b/poky/meta/recipes-bsp/grub/files/script-Remove-unused-fields-from-grub_script_functio.patch deleted file mode 100644 index 84a80d5ff..000000000 --- a/poky/meta/recipes-bsp/grub/files/script-Remove-unused-fields-from-grub_script_functio.patch +++ /dev/null @@ -1,37 +0,0 @@ -From e219bad8cee67b2bb21712df8f055706f8da25d2 Mon Sep 17 00:00:00 2001 -From: Chris Coulson <chris.coulson@canonical.com> -Date: Fri, 10 Jul 2020 11:21:14 +0100 -Subject: [PATCH 7/9] script: Remove unused fields from grub_script_function - struct - -Upstream-Status: Backport [commit 1a8d9c9b4ab6df7669b5aa36a56477f297825b96 -from https://git.savannah.gnu.org/git/grub.git] - -Signed-off-by: Chris Coulson <chris.coulson@canonical.com> -Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> -Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com> ---- - include/grub/script_sh.h | 5 ----- - 1 file changed, 5 deletions(-) - -diff --git a/include/grub/script_sh.h b/include/grub/script_sh.h -index 360c2be..b382bcf 100644 ---- a/include/grub/script_sh.h -+++ b/include/grub/script_sh.h -@@ -359,13 +359,8 @@ struct grub_script_function - /* The script function. */ - struct grub_script *func; - -- /* The flags. */ -- unsigned flags; -- - /* The next element. */ - struct grub_script_function *next; -- -- int references; - }; - typedef struct grub_script_function *grub_script_function_t; - --- -2.14.4 - diff --git a/poky/meta/recipes-bsp/grub/grub-efi_2.04.bb b/poky/meta/recipes-bsp/grub/grub-efi_git.bb index 287845c50..240fde7db 100644 --- a/poky/meta/recipes-bsp/grub/grub-efi_2.04.bb +++ b/poky/meta/recipes-bsp/grub/grub-efi_git.bb @@ -11,8 +11,6 @@ SRC_URI += " \ file://cfg \ " -S = "${WORKDIR}/grub-${PV}" - # Determine the target arch for the grub modules python __anonymous () { import re diff --git a/poky/meta/recipes-bsp/grub/grub2.inc b/poky/meta/recipes-bsp/grub/grub2.inc index f870d41f6..590deb8d9 100644 --- a/poky/meta/recipes-bsp/grub/grub2.inc +++ b/poky/meta/recipes-bsp/grub/grub2.inc @@ -13,25 +13,24 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504" CVE_PRODUCT = "grub2" -SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \ +SRC_URI = "https://alpha.gnu.org/gnu/grub/grub-${REALPV}.tar.xz \ file://0001-Disable-mfpmath-sse-as-well-when-SSE-is-disabled.patch \ file://autogen.sh-exclude-pc.patch \ file://grub-module-explicitly-keeps-symbole-.module_license.patch \ file://0001-grub.d-10_linux.in-add-oe-s-kernel-name.patch \ - file://CVE-2020-10713.patch \ - file://calloc-Make-sure-we-always-have-an-overflow-checking.patch \ - file://lvm-Add-LVM-cache-logical-volume-handling.patch \ - file://CVE-2020-14308-calloc-Use-calloc-at-most-places.patch \ - file://safemath-Add-some-arithmetic-primitives-that-check-f.patch \ - file://CVE-2020-14309-CVE-2020-14310-CVE-2020-14311-malloc-Use-overflow-checking-primitives-where-we-do-.patch \ - file://script-Remove-unused-fields-from-grub_script_functio.patch \ - file://CVE-2020-15706-script-Avoid-a-use-after-free-when-redefining-a-func.patch \ - file://CVE-2020-15707-linux-Fix-integer-overflows-in-initrd-size-handling.patch \ - file://6643507ce30f775008e093580f0c9499dfb2c485.patch \ file://determinism.patch \ + file://0001-RISC-V-Restore-the-typcast-to-long.patch \ " -SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934" -SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea" + +SRC_URI[sha256sum] = "2c87f1f21e2ab50043e6cd9163c08f1b6c3a6171556bf23ff9ed65b074145484" + +REALPV = "2.06~rc1" +PV = "2.04+${REALPV}" + +S = "${WORKDIR}/grub-${REALPV}" + +UPSTREAM_CHECK_URI = "${GNU_MIRROR}/grub" +UPSTREAM_CHECK_REGEX = "grub-(?P<pver>\d+(\.\d+)+)\.tar\.(gz|xz)" DEPENDS = "flex-native bison-native gettext-native" diff --git a/poky/meta/recipes-bsp/grub/grub_2.04.bb b/poky/meta/recipes-bsp/grub/grub_git.bb index d4e09faa4..d4e09faa4 100644 --- a/poky/meta/recipes-bsp/grub/grub_2.04.bb +++ b/poky/meta/recipes-bsp/grub/grub_git.bb diff --git a/poky/meta/recipes-bsp/u-boot/files/0001-add-valid-fdt-check.patch b/poky/meta/recipes-bsp/u-boot/files/0001-add-valid-fdt-check.patch new file mode 100644 index 000000000..d4ac9e2ed --- /dev/null +++ b/poky/meta/recipes-bsp/u-boot/files/0001-add-valid-fdt-check.patch @@ -0,0 +1,36 @@ +From ea1a9ec5f430359720d9a0621ed1acfbba6a142a Mon Sep 17 00:00:00 2001 +From: Heinrich Schuchardt <xypron.glpk@gmx.de> +Date: Wed, 13 Jan 2021 02:09:12 +0100 +Subject: [PATCH] image-fit: fit_check_format check for valid FDT + +fit_check_format() must check that the buffer contains a flattened device +tree before calling any device tree library functions. + +Failure to do may cause segmentation faults. + +Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> + +Upstream-Status: Backport[https://github.com/u-boot/u-boot/commit/ea1a9ec5f430359720d9a0621ed1acfbba6a142a] +Signed-off-by: Scott Murray <scott.murray@konsulko.com> + +--- + common/image-fit.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/common/image-fit.c b/common/image-fit.c +index 6a8787ca0a..21c44bdf69 100644 +--- a/common/image-fit.c ++++ b/common/image-fit.c +@@ -1553,6 +1553,12 @@ int fit_image_check_comp(const void *fit, int noffset, uint8_t comp) + */ + int fit_check_format(const void *fit) + { ++ /* A FIT image must be a valid FDT */ ++ if (fdt_check_header(fit)) { ++ debug("Wrong FIT format: not a flattened device tree\n"); ++ return 0; ++ } ++ + /* mandatory / node 'description' property */ + if (fdt_getprop(fit, 0, FIT_DESC_PROP, NULL) == NULL) { + debug("Wrong FIT format: no description\n"); diff --git a/poky/meta/recipes-bsp/u-boot/files/0001-riscv32-Use-double-float-ABI-for-rv32.patch b/poky/meta/recipes-bsp/u-boot/files/0001-riscv32-Use-double-float-ABI-for-rv32.patch new file mode 100644 index 000000000..0ed3de491 --- /dev/null +++ b/poky/meta/recipes-bsp/u-boot/files/0001-riscv32-Use-double-float-ABI-for-rv32.patch @@ -0,0 +1,42 @@ +From 66dfe0fa886f6289add06d1af8642ce2b5302852 Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Tue, 9 Feb 2021 16:40:12 -0800 +Subject: [PATCH] riscv32: Use double-float ABI for rv32 + +So it can use libgcc built with OE toolchain +Fixes +error: "can't link hard-float modules with soft-float modules" + +Signed-off-by: Khem Raj <raj.khem@gmail.com> +Upstream-Status: Inappropriate [embedded specific] +--- + arch/riscv/Makefile | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/arch/riscv/Makefile b/arch/riscv/Makefile +index 0b80eb8d86..7324946f48 100644 +--- a/arch/riscv/Makefile ++++ b/arch/riscv/Makefile +@@ -9,7 +9,9 @@ ifeq ($(CONFIG_ARCH_RV64I),y) + endif + ifeq ($(CONFIG_ARCH_RV32I),y) + ARCH_BASE = rv32im +- ABI = ilp32 ++ ABI = ilp32d ++ ARCH_D = d ++ ARCH_F = f + endif + ifeq ($(CONFIG_RISCV_ISA_A),y) + ARCH_A = a +@@ -24,7 +26,7 @@ ifeq ($(CONFIG_CMODEL_MEDANY),y) + CMODEL = medany + endif + +-ARCH_FLAGS = -march=$(ARCH_BASE)$(ARCH_A)$(ARCH_C) -mabi=$(ABI) \ ++ARCH_FLAGS = -march=$(ARCH_BASE)$(ARCH_A)$(ARCH_F)$(ARCH_D)$(ARCH_C) -mabi=$(ABI) \ + -mcmodel=$(CMODEL) + + PLATFORM_CPPFLAGS += $(ARCH_FLAGS) +-- +2.30.0 + diff --git a/poky/meta/recipes-bsp/u-boot/files/CVE-2021-27097-1.patch b/poky/meta/recipes-bsp/u-boot/files/CVE-2021-27097-1.patch new file mode 100644 index 000000000..98ec2c709 --- /dev/null +++ b/poky/meta/recipes-bsp/u-boot/files/CVE-2021-27097-1.patch @@ -0,0 +1,71 @@ +From 8a7d4cf9820ea16fabd25a6379351b4dc291204b Mon Sep 17 00:00:00 2001 +From: Simon Glass <sjg@chromium.org> +Date: Mon, 15 Feb 2021 17:08:05 -0700 +Subject: [PATCH] fdt_region: Check for a single root node of the correct name + +At present fdt_find_regions() assumes that the FIT is a valid devicetree. +If the FIT has two root nodes this is currently not detected in this +function, nor does libfdt's fdt_check_full() notice. Also it is possible +for the root node to have a name even though it should not. + +Add checks for these and return -FDT_ERR_BADSTRUCTURE if a problem is +detected. + +CVE-2021-27097 + +Signed-off-by: Simon Glass <sjg@chromium.org> +Reported-by: Bruce Monroe <bruce.monroe@intel.com> +Reported-by: Arie Haenel <arie.haenel@intel.com> +Reported-by: Julien Lenoir <julien.lenoir@intel.com> + +CVE: CVE-2021-27097 +Upstream-Status: Backport[https://github.com/u-boot/u-boot/commit/8a7d4cf9820ea16fabd25a6379351b4dc291204b] +Signed-off-by: Scott Murray <scott.murray@konsulko.com> + +--- + common/fdt_region.c | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +diff --git a/common/fdt_region.c b/common/fdt_region.c +index ff12c518e9..e4ef0ca770 100644 +--- a/common/fdt_region.c ++++ b/common/fdt_region.c +@@ -43,6 +43,7 @@ int fdt_find_regions(const void *fdt, char * const inc[], int inc_count, + int depth = -1; + int want = 0; + int base = fdt_off_dt_struct(fdt); ++ bool expect_end = false; + + end = path; + *end = '\0'; +@@ -59,6 +60,10 @@ int fdt_find_regions(const void *fdt, char * const inc[], int inc_count, + tag = fdt_next_tag(fdt, offset, &nextoffset); + stop_at = nextoffset; + ++ /* If we see two root nodes, something is wrong */ ++ if (expect_end && tag != FDT_END) ++ return -FDT_ERR_BADLAYOUT; ++ + switch (tag) { + case FDT_PROP: + include = want >= 2; +@@ -81,6 +86,10 @@ int fdt_find_regions(const void *fdt, char * const inc[], int inc_count, + if (depth == FDT_MAX_DEPTH) + return -FDT_ERR_BADSTRUCTURE; + name = fdt_get_name(fdt, offset, &len); ++ ++ /* The root node must have an empty name */ ++ if (!depth && *name) ++ return -FDT_ERR_BADLAYOUT; + if (end - path + 2 + len >= path_len) + return -FDT_ERR_NOSPACE; + if (end != path + 1) +@@ -108,6 +117,8 @@ int fdt_find_regions(const void *fdt, char * const inc[], int inc_count, + while (end > path && *--end != '/') + ; + *end = '\0'; ++ if (depth == -1) ++ expect_end = true; + break; + + case FDT_END: diff --git a/poky/meta/recipes-bsp/u-boot/files/CVE-2021-27097-2.patch b/poky/meta/recipes-bsp/u-boot/files/CVE-2021-27097-2.patch new file mode 100644 index 000000000..b13c44e78 --- /dev/null +++ b/poky/meta/recipes-bsp/u-boot/files/CVE-2021-27097-2.patch @@ -0,0 +1,419 @@ +From c5819701a3de61e2ba2ef7ad0b616565b32305e5 Mon Sep 17 00:00:00 2001 +From: Simon Glass <sjg@chromium.org> +Date: Mon, 15 Feb 2021 17:08:09 -0700 +Subject: [PATCH] image: Adjust the workings of fit_check_format() + +At present this function does not accept a size for the FIT. This means +that it must be read from the FIT itself, introducing potential security +risk. Update the function to include a size parameter, which can be +invalid, in which case fit_check_format() calculates it. + +For now no callers pass the size, but this can be updated later. + +Also adjust the return value to an error code so that all the different +types of problems can be distinguished by the user. + +Signed-off-by: Simon Glass <sjg@chromium.org> +Reported-by: Bruce Monroe <bruce.monroe@intel.com> +Reported-by: Arie Haenel <arie.haenel@intel.com> +Reported-by: Julien Lenoir <julien.lenoir@intel.com> + +CVE: CVE-2021-27097 CVE-2021-27138 +Upstream-Status: Backport[https://github.com/u-boot/u-boot/commit/c5819701a3de61e2ba2ef7ad0b616565b32305e5] +Signed-off-by: Scott Murray <scott.murray@konsulko.com> + +--- + arch/arm/cpu/armv8/sec_firmware.c | 2 +- + cmd/bootm.c | 6 ++--- + cmd/disk.c | 2 +- + cmd/fpga.c | 2 +- + cmd/nand.c | 2 +- + cmd/source.c | 2 +- + cmd/ximg.c | 2 +- + common/image-fdt.c | 2 +- + common/image-fit.c | 46 +++++++++++++++++--------------------- + common/splash_source.c | 6 ++--- + common/update.c | 4 ++-- + drivers/fpga/socfpga_arria10.c | 6 ++--- + drivers/net/fsl-mc/mc.c | 2 +- + drivers/net/pfe_eth/pfe_firmware.c | 2 +- + include/image.h | 21 ++++++++++++++++- + tools/fit_common.c | 3 ++- + tools/fit_image.c | 2 +- + tools/mkimage.h | 2 ++ + 18 files changed, 65 insertions(+), 49 deletions(-) + +diff --git a/arch/arm/cpu/armv8/sec_firmware.c b/arch/arm/cpu/armv8/sec_firmware.c +index bfc0fac3ef..0561f5efd1 100644 +--- a/arch/arm/cpu/armv8/sec_firmware.c ++++ b/arch/arm/cpu/armv8/sec_firmware.c +@@ -316,7 +316,7 @@ __weak bool sec_firmware_is_valid(const void *sec_firmware_img) + return false; + } + +- if (!fit_check_format(sec_firmware_img)) { ++ if (fit_check_format(sec_firmware_img, IMAGE_SIZE_INVAL)) { + printf("SEC Firmware: Bad firmware image (bad FIT header)\n"); + return false; + } +diff --git a/cmd/bootm.c b/cmd/bootm.c +index e6b0e04413..a0f823f968 100644 +--- a/cmd/bootm.c ++++ b/cmd/bootm.c +@@ -291,7 +291,7 @@ static int image_info(ulong addr) + case IMAGE_FORMAT_FIT: + puts(" FIT image found\n"); + +- if (!fit_check_format(hdr)) { ++ if (fit_check_format(hdr, IMAGE_SIZE_INVAL)) { + puts("Bad FIT image format!\n"); + unmap_sysmem(hdr); + return 1; +@@ -368,7 +368,7 @@ static int do_imls_nor(void) + #endif + #if defined(CONFIG_FIT) + case IMAGE_FORMAT_FIT: +- if (!fit_check_format(hdr)) ++ if (fit_check_format(hdr, IMAGE_SIZE_INVAL)) + goto next_sector; + + printf("FIT Image at %08lX:\n", (ulong)hdr); +@@ -448,7 +448,7 @@ static int nand_imls_fitimage(struct mtd_info *mtd, int nand_dev, loff_t off, + return ret; + } + +- if (!fit_check_format(imgdata)) { ++ if (fit_check_format(imgdata, IMAGE_SIZE_INVAL)) { + free(imgdata); + return 0; + } +diff --git a/cmd/disk.c b/cmd/disk.c +index 8060e753eb..3195db9127 100644 +--- a/cmd/disk.c ++++ b/cmd/disk.c +@@ -114,7 +114,7 @@ int common_diskboot(struct cmd_tbl *cmdtp, const char *intf, int argc, + /* This cannot be done earlier, + * we need complete FIT image in RAM first */ + if (genimg_get_format((void *) addr) == IMAGE_FORMAT_FIT) { +- if (!fit_check_format(fit_hdr)) { ++ if (fit_check_format(fit_hdr, IMAGE_SIZE_INVAL)) { + bootstage_error(BOOTSTAGE_ID_IDE_FIT_READ); + puts("** Bad FIT image format\n"); + return 1; +diff --git a/cmd/fpga.c b/cmd/fpga.c +index 8ae1c936fb..51410a8e42 100644 +--- a/cmd/fpga.c ++++ b/cmd/fpga.c +@@ -330,7 +330,7 @@ static int do_fpga_loadmk(struct cmd_tbl *cmdtp, int flag, int argc, + return CMD_RET_FAILURE; + } + +- if (!fit_check_format(fit_hdr)) { ++ if (fit_check_format(fit_hdr, IMAGE_SIZE_INVAL)) { + puts("Bad FIT image format\n"); + return CMD_RET_FAILURE; + } +diff --git a/cmd/nand.c b/cmd/nand.c +index 92d039af8f..97e117a979 100644 +--- a/cmd/nand.c ++++ b/cmd/nand.c +@@ -917,7 +917,7 @@ static int nand_load_image(struct cmd_tbl *cmdtp, struct mtd_info *mtd, + #if defined(CONFIG_FIT) + /* This cannot be done earlier, we need complete FIT image in RAM first */ + if (genimg_get_format ((void *)addr) == IMAGE_FORMAT_FIT) { +- if (!fit_check_format (fit_hdr)) { ++ if (fit_check_format(fit_hdr, IMAGE_SIZE_INVAL)) { + bootstage_error(BOOTSTAGE_ID_NAND_FIT_READ); + puts ("** Bad FIT image format\n"); + return 1; +diff --git a/cmd/source.c b/cmd/source.c +index b6c709a3d2..71f71528ad 100644 +--- a/cmd/source.c ++++ b/cmd/source.c +@@ -107,7 +107,7 @@ int image_source_script(ulong addr, const char *fit_uname) + #if defined(CONFIG_FIT) + case IMAGE_FORMAT_FIT: + fit_hdr = buf; +- if (!fit_check_format (fit_hdr)) { ++ if (fit_check_format(fit_hdr, IMAGE_SIZE_INVAL)) { + puts ("Bad FIT image format\n"); + return 1; + } +diff --git a/cmd/ximg.c b/cmd/ximg.c +index 159ba51648..ef738ebfa2 100644 +--- a/cmd/ximg.c ++++ b/cmd/ximg.c +@@ -136,7 +136,7 @@ do_imgextract(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[]) + "at %08lx ...\n", uname, addr); + + fit_hdr = (const void *)addr; +- if (!fit_check_format(fit_hdr)) { ++ if (fit_check_format(fit_hdr, IMAGE_SIZE_INVAL)) { + puts("Bad FIT image format\n"); + return 1; + } +diff --git a/common/image-fdt.c b/common/image-fdt.c +index 327a8c4c39..4105259212 100644 +--- a/common/image-fdt.c ++++ b/common/image-fdt.c +@@ -399,7 +399,7 @@ int boot_get_fdt(int flag, int argc, char *const argv[], uint8_t arch, + */ + #if CONFIG_IS_ENABLED(FIT) + /* check FDT blob vs FIT blob */ +- if (fit_check_format(buf)) { ++ if (!fit_check_format(buf, IMAGE_SIZE_INVAL)) { + ulong load, len; + + fdt_noffset = boot_get_fdt_fit(images, +diff --git a/common/image-fit.c b/common/image-fit.c +index 9637d747fb..402f08fc9d 100644 +--- a/common/image-fit.c ++++ b/common/image-fit.c +@@ -8,6 +8,8 @@ + * Wolfgang Denk, DENX Software Engineering, wd@denx.de. + */ + ++#define LOG_CATEGORY LOGC_BOOT ++ + #ifdef USE_HOSTCC + #include "mkimage.h" + #include <time.h> +@@ -1550,49 +1552,41 @@ int fit_image_check_comp(const void *fit, int noffset, uint8_t comp) + return (comp == image_comp); + } + +-/** +- * fit_check_format - sanity check FIT image format +- * @fit: pointer to the FIT format image header +- * +- * fit_check_format() runs a basic sanity FIT image verification. +- * Routine checks for mandatory properties, nodes, etc. +- * +- * returns: +- * 1, on success +- * 0, on failure +- */ +-int fit_check_format(const void *fit) ++int fit_check_format(const void *fit, ulong size) + { ++ int ret; ++ + /* A FIT image must be a valid FDT */ +- if (fdt_check_header(fit)) { +- debug("Wrong FIT format: not a flattened device tree\n"); +- return 0; ++ ret = fdt_check_header(fit); ++ if (ret) { ++ log_debug("Wrong FIT format: not a flattened device tree (err=%d)\n", ++ ret); ++ return -ENOEXEC; + } + + /* mandatory / node 'description' property */ +- if (fdt_getprop(fit, 0, FIT_DESC_PROP, NULL) == NULL) { +- debug("Wrong FIT format: no description\n"); +- return 0; ++ if (!fdt_getprop(fit, 0, FIT_DESC_PROP, NULL)) { ++ log_debug("Wrong FIT format: no description\n"); ++ return -ENOMSG; + } + + if (IMAGE_ENABLE_TIMESTAMP) { + /* mandatory / node 'timestamp' property */ +- if (fdt_getprop(fit, 0, FIT_TIMESTAMP_PROP, NULL) == NULL) { +- debug("Wrong FIT format: no timestamp\n"); +- return 0; ++ if (!fdt_getprop(fit, 0, FIT_TIMESTAMP_PROP, NULL)) { ++ log_debug("Wrong FIT format: no timestamp\n"); ++ return -ENODATA; + } + } + + /* mandatory subimages parent '/images' node */ + if (fdt_path_offset(fit, FIT_IMAGES_PATH) < 0) { +- debug("Wrong FIT format: no images parent node\n"); +- return 0; ++ log_debug("Wrong FIT format: no images parent node\n"); ++ return -ENOENT; + } + +- return 1; ++ return 0; + } + +- + /** + * fit_conf_find_compat + * @fit: pointer to the FIT format image header +@@ -1929,7 +1923,7 @@ int fit_image_load(bootm_headers_t *images, ulong addr, + printf("## Loading %s from FIT Image at %08lx ...\n", prop_name, addr); + + bootstage_mark(bootstage_id + BOOTSTAGE_SUB_FORMAT); +- if (!fit_check_format(fit)) { ++ if (fit_check_format(fit, IMAGE_SIZE_INVAL)) { + printf("Bad FIT %s image format!\n", prop_name); + bootstage_error(bootstage_id + BOOTSTAGE_SUB_FORMAT); + return -ENOEXEC; +diff --git a/common/splash_source.c b/common/splash_source.c +index f51ca5ddf3..bad9a7790a 100644 +--- a/common/splash_source.c ++++ b/common/splash_source.c +@@ -336,10 +336,10 @@ static int splash_load_fit(struct splash_location *location, u32 bmp_load_addr) + if (res < 0) + return res; + +- res = fit_check_format(fit_header); +- if (!res) { ++ res = fit_check_format(fit_header, IMAGE_SIZE_INVAL); ++ if (res) { + debug("Could not find valid FIT image\n"); +- return -EINVAL; ++ return res; + } + + /* Get the splash image node */ +diff --git a/common/update.c b/common/update.c +index a5879cb52c..f0848954e5 100644 +--- a/common/update.c ++++ b/common/update.c +@@ -286,7 +286,7 @@ int update_tftp(ulong addr, char *interface, char *devstring) + got_update_file: + fit = map_sysmem(addr, 0); + +- if (!fit_check_format((void *)fit)) { ++ if (fit_check_format((void *)fit, IMAGE_SIZE_INVAL)) { + printf("Bad FIT format of the update file, aborting " + "auto-update\n"); + return 1; +@@ -363,7 +363,7 @@ int fit_update(const void *fit) + if (!fit) + return -EINVAL; + +- if (!fit_check_format((void *)fit)) { ++ if (fit_check_format((void *)fit, IMAGE_SIZE_INVAL)) { + printf("Bad FIT format of the update file, aborting auto-update\n"); + return -EINVAL; + } +diff --git a/drivers/fpga/socfpga_arria10.c b/drivers/fpga/socfpga_arria10.c +index 44e1ac54c3..18f99676d2 100644 +--- a/drivers/fpga/socfpga_arria10.c ++++ b/drivers/fpga/socfpga_arria10.c +@@ -565,10 +565,10 @@ static int first_loading_rbf_to_buffer(struct udevice *dev, + if (ret < 0) + return ret; + +- ret = fit_check_format(buffer_p); +- if (!ret) { ++ ret = fit_check_format(buffer_p, IMAGE_SIZE_INVAL); ++ if (ret) { + debug("FPGA: No valid FIT image was found.\n"); +- return -EBADF; ++ return ret; + } + + confs_noffset = fdt_path_offset(buffer_p, FIT_CONFS_PATH); +diff --git a/drivers/net/fsl-mc/mc.c b/drivers/net/fsl-mc/mc.c +index 84db6be624..81265ee356 100644 +--- a/drivers/net/fsl-mc/mc.c ++++ b/drivers/net/fsl-mc/mc.c +@@ -141,7 +141,7 @@ int parse_mc_firmware_fit_image(u64 mc_fw_addr, + return -EINVAL; + } + +- if (!fit_check_format(fit_hdr)) { ++ if (fit_check_format(fit_hdr, IMAGE_SIZE_INVAL)) { + printf("fsl-mc: ERR: Bad firmware image (bad FIT header)\n"); + return -EINVAL; + } +diff --git a/drivers/net/pfe_eth/pfe_firmware.c b/drivers/net/pfe_eth/pfe_firmware.c +index 41999e176d..eee70a2e73 100644 +--- a/drivers/net/pfe_eth/pfe_firmware.c ++++ b/drivers/net/pfe_eth/pfe_firmware.c +@@ -160,7 +160,7 @@ static int pfe_fit_check(void) + return ret; + } + +- if (!fit_check_format(pfe_fit_addr)) { ++ if (fit_check_format(pfe_fit_addr, IMAGE_SIZE_INVAL)) { + printf("PFE Firmware: Bad firmware image (bad FIT header)\n"); + ret = -1; + return ret; +diff --git a/include/image.h b/include/image.h +index 41473dbb9c..8c152c5c5f 100644 +--- a/include/image.h ++++ b/include/image.h +@@ -134,6 +134,9 @@ extern ulong image_load_addr; /* Default Load Address */ + extern ulong image_save_addr; /* Default Save Address */ + extern ulong image_save_size; /* Default Save Size */ + ++/* An invalid size, meaning that the image size is not known */ ++#define IMAGE_SIZE_INVAL (-1UL) ++ + enum ih_category { + IH_ARCH, + IH_COMP, +@@ -1141,7 +1144,23 @@ int fit_image_check_os(const void *fit, int noffset, uint8_t os); + int fit_image_check_arch(const void *fit, int noffset, uint8_t arch); + int fit_image_check_type(const void *fit, int noffset, uint8_t type); + int fit_image_check_comp(const void *fit, int noffset, uint8_t comp); +-int fit_check_format(const void *fit); ++ ++/** ++ * fit_check_format() - Check that the FIT is valid ++ * ++ * This performs various checks on the FIT to make sure it is suitable for ++ * use, looking for mandatory properties, nodes, etc. ++ * ++ * If FIT_FULL_CHECK is enabled, it also runs it through libfdt to make ++ * sure that there are no strange tags or broken nodes in the FIT. ++ * ++ * @fit: pointer to the FIT format image header ++ * @return 0 if OK, -ENOEXEC if not an FDT file, -EINVAL if the full FDT check ++ * failed (e.g. due to bad structure), -ENOMSG if the description is ++ * missing, -ENODATA if the timestamp is missing, -ENOENT if the /images ++ * path is missing ++ */ ++int fit_check_format(const void *fit, ulong size); + + int fit_conf_find_compat(const void *fit, const void *fdt); + +diff --git a/tools/fit_common.c b/tools/fit_common.c +index cdf987d3c1..52b63296f8 100644 +--- a/tools/fit_common.c ++++ b/tools/fit_common.c +@@ -26,7 +26,8 @@ + int fit_verify_header(unsigned char *ptr, int image_size, + struct image_tool_params *params) + { +- if (fdt_check_header(ptr) != EXIT_SUCCESS || !fit_check_format(ptr)) ++ if (fdt_check_header(ptr) != EXIT_SUCCESS || ++ fit_check_format(ptr, IMAGE_SIZE_INVAL)) + return EXIT_FAILURE; + + return EXIT_SUCCESS; +diff --git a/tools/fit_image.c b/tools/fit_image.c +index 06faeda7c2..d440d143c6 100644 +--- a/tools/fit_image.c ++++ b/tools/fit_image.c +@@ -883,7 +883,7 @@ static int fit_extract_contents(void *ptr, struct image_tool_params *params) + /* Indent string is defined in header image.h */ + p = IMAGE_INDENT_STRING; + +- if (!fit_check_format(fit)) { ++ if (fit_check_format(fit, IMAGE_SIZE_INVAL)) { + printf("Bad FIT image format\n"); + return -1; + } +diff --git a/tools/mkimage.h b/tools/mkimage.h +index 5b096a545b..0d3148444c 100644 +--- a/tools/mkimage.h ++++ b/tools/mkimage.h +@@ -29,6 +29,8 @@ + #define debug(fmt,args...) + #endif /* MKIMAGE_DEBUG */ + ++#define log_debug(fmt, args...) debug(fmt, ##args) ++ + static inline void *map_sysmem(ulong paddr, unsigned long len) + { + return (void *)(uintptr_t)paddr; diff --git a/poky/meta/recipes-bsp/u-boot/files/CVE-2021-27097-3.patch b/poky/meta/recipes-bsp/u-boot/files/CVE-2021-27097-3.patch new file mode 100644 index 000000000..86f7e8ce5 --- /dev/null +++ b/poky/meta/recipes-bsp/u-boot/files/CVE-2021-27097-3.patch @@ -0,0 +1,105 @@ +From 6f3c2d8aa5e6cbd80b5e869bbbddecb66c329d01 Mon Sep 17 00:00:00 2001 +From: Simon Glass <sjg@chromium.org> +Date: Mon, 15 Feb 2021 17:08:10 -0700 +Subject: [PATCH] image: Add an option to do a full check of the FIT + +Some strange modifications of the FIT can introduce security risks. Add an +option to check it thoroughly, using libfdt's fdt_check_full() function. + +Enable this by default if signature verification is enabled. + +CVE-2021-27097 + +Signed-off-by: Simon Glass <sjg@chromium.org> +Reported-by: Bruce Monroe <bruce.monroe@intel.com> +Reported-by: Arie Haenel <arie.haenel@intel.com> +Reported-by: Julien Lenoir <julien.lenoir@intel.com> + +CVE: CVE-2021-27097 +Upstream-Status: Backport[https://github.com/u-boot/u-boot/commit/6f3c2d8aa5e6cbd80b5e869bbbddecb66c329d01] +Signed-off-by: Scott Murray <scott.murray@konsulko.com> + +--- + common/Kconfig.boot | 20 ++++++++++++++++++++ + common/image-fit.c | 16 ++++++++++++++++ + 2 files changed, 36 insertions(+) + +diff --git a/common/Kconfig.boot b/common/Kconfig.boot +index 5eaabdfc27..7532e55edb 100644 +--- a/common/Kconfig.boot ++++ b/common/Kconfig.boot +@@ -63,6 +63,15 @@ config FIT_ENABLE_SHA512_SUPPORT + SHA512 checksum is a 512-bit (64-byte) hash value used to check that + the image contents have not been corrupted. + ++config FIT_FULL_CHECK ++ bool "Do a full check of the FIT before using it" ++ default y ++ help ++ Enable this do a full check of the FIT to make sure it is valid. This ++ helps to protect against carefully crafted FITs which take advantage ++ of bugs or omissions in the code. This includes a bad structure, ++ multiple root nodes and the like. ++ + config FIT_SIGNATURE + bool "Enable signature verification of FIT uImages" + depends on DM +@@ -70,6 +79,7 @@ config FIT_SIGNATURE + select RSA + select RSA_VERIFY + select IMAGE_SIGN_INFO ++ select FIT_FULL_CHECK + help + This option enables signature verification of FIT uImages, + using a hash signed and verified using RSA. If +@@ -159,6 +169,15 @@ config SPL_FIT_PRINT + help + Support printing the content of the fitImage in a verbose manner in SPL. + ++config SPL_FIT_FULL_CHECK ++ bool "Do a full check of the FIT before using it" ++ help ++ Enable this do a full check of the FIT to make sure it is valid. This ++ helps to protect against carefully crafted FITs which take advantage ++ of bugs or omissions in the code. This includes a bad structure, ++ multiple root nodes and the like. ++ ++ + config SPL_FIT_SIGNATURE + bool "Enable signature verification of FIT firmware within SPL" + depends on SPL_DM +@@ -168,6 +187,7 @@ config SPL_FIT_SIGNATURE + select SPL_RSA + select SPL_RSA_VERIFY + select SPL_IMAGE_SIGN_INFO ++ select SPL_FIT_FULL_CHECK + + config SPL_LOAD_FIT + bool "Enable SPL loading U-Boot as a FIT (basic fitImage features)" +diff --git a/common/image-fit.c b/common/image-fit.c +index f6c0428a96..bcf395f6a1 100644 +--- a/common/image-fit.c ++++ b/common/image-fit.c +@@ -1580,6 +1580,22 @@ int fit_check_format(const void *fit, ulong size) + return -ENOEXEC; + } + ++ if (CONFIG_IS_ENABLED(FIT_FULL_CHECK)) { ++ /* ++ * If we are not given the size, make do wtih calculating it. ++ * This is not as secure, so we should consider a flag to ++ * control this. ++ */ ++ if (size == IMAGE_SIZE_INVAL) ++ size = fdt_totalsize(fit); ++ ret = fdt_check_full(fit, size); ++ ++ if (ret) { ++ log_debug("FIT check error %d\n", ret); ++ return -EINVAL; ++ } ++ } ++ + /* mandatory / node 'description' property */ + if (!fdt_getprop(fit, 0, FIT_DESC_PROP, NULL)) { + log_debug("Wrong FIT format: no description\n"); diff --git a/poky/meta/recipes-bsp/u-boot/files/CVE-2021-27097-4.patch b/poky/meta/recipes-bsp/u-boot/files/CVE-2021-27097-4.patch new file mode 100644 index 000000000..060cac1cf --- /dev/null +++ b/poky/meta/recipes-bsp/u-boot/files/CVE-2021-27097-4.patch @@ -0,0 +1,73 @@ +From 124c255731c76a2b09587378b2bcce561bcd3f2d Mon Sep 17 00:00:00 2001 +From: Simon Glass <sjg@chromium.org> +Date: Mon, 15 Feb 2021 17:08:11 -0700 +Subject: [PATCH] libfdt: Check for multiple/invalid root nodes + +It is possible to construct a devicetree blob with multiple root nodes. +Update fdt_check_full() to check for this, along with a root node with an +invalid name. + +CVE-2021-27097 + +Signed-off-by: Simon Glass <sjg@chromium.org> +Reported-by: Bruce Monroe <bruce.monroe@intel.com> +Reported-by: Arie Haenel <arie.haenel@intel.com> +Reported-by: Julien Lenoir <julien.lenoir@intel.com> + +CVE: CVE-2021-27097 +Upstream-Status: Backport[https://github.com/u-boot/u-boot/commit/124c255731c76a2b09587378b2bcce561bcd3f2d] +Signed-off-by: Scott Murray <scott.murray@konsulko.com> + +--- + scripts/dtc/libfdt/fdt_ro.c | 17 +++++++++++++++++ + test/py/tests/test_vboot.py | 3 ++- + 2 files changed, 19 insertions(+), 1 deletion(-) + +diff --git a/scripts/dtc/libfdt/fdt_ro.c b/scripts/dtc/libfdt/fdt_ro.c +index d984bab036..efe7efe921 100644 +--- a/scripts/dtc/libfdt/fdt_ro.c ++++ b/scripts/dtc/libfdt/fdt_ro.c +@@ -867,6 +867,7 @@ int fdt_check_full(const void *fdt, size_t bufsize) + unsigned depth = 0; + const void *prop; + const char *propname; ++ bool expect_end = false; + + if (bufsize < FDT_V1_SIZE) + return -FDT_ERR_TRUNCATED; +@@ -887,6 +888,10 @@ int fdt_check_full(const void *fdt, size_t bufsize) + if (nextoffset < 0) + return nextoffset; + ++ /* If we see two root nodes, something is wrong */ ++ if (expect_end && tag != FDT_END) ++ return -FDT_ERR_BADLAYOUT; ++ + switch (tag) { + case FDT_NOP: + break; +@@ -900,12 +905,24 @@ int fdt_check_full(const void *fdt, size_t bufsize) + depth++; + if (depth > INT_MAX) + return -FDT_ERR_BADSTRUCTURE; ++ ++ /* The root node must have an empty name */ ++ if (depth == 1) { ++ const char *name; ++ int len; ++ ++ name = fdt_get_name(fdt, offset, &len); ++ if (*name || len) ++ return -FDT_ERR_BADLAYOUT; ++ } + break; + + case FDT_END_NODE: + if (depth == 0) + return -FDT_ERR_BADSTRUCTURE; + depth--; ++ if (depth == 0) ++ expect_end = true; + break; + + case FDT_PROP: diff --git a/poky/meta/recipes-bsp/u-boot/files/CVE-2021-27138-1.patch b/poky/meta/recipes-bsp/u-boot/files/CVE-2021-27138-1.patch new file mode 100644 index 000000000..562f8151b --- /dev/null +++ b/poky/meta/recipes-bsp/u-boot/files/CVE-2021-27138-1.patch @@ -0,0 +1,245 @@ +From 79af75f7776fc20b0d7eb6afe1e27c00fdb4b9b4 Mon Sep 17 00:00:00 2001 +From: Simon Glass <sjg@chromium.org> +Date: Mon, 15 Feb 2021 17:08:06 -0700 +Subject: [PATCH] fit: Don't allow verification of images with @ nodes + +When searching for a node called 'fred', any unit address appended to the +name is ignored by libfdt, meaning that 'fred' can match 'fred@1'. This +means that we cannot be sure that the node originally intended is the one +that is used. + +Disallow use of nodes with unit addresses. + +Update the forge test also, since it uses @ addresses. + +CVE-2021-27138 + +Signed-off-by: Simon Glass <sjg@chromium.org> +Reported-by: Bruce Monroe <bruce.monroe@intel.com> +Reported-by: Arie Haenel <arie.haenel@intel.com> +Reported-by: Julien Lenoir <julien.lenoir@intel.com> + +CVE: CVE-2021-27138 +Upstream-Status: Backport[https://github.com/u-boot/u-boot/commit/79af75f7776fc20b0d7eb6afe1e27c00fdb4b9b4] +Signed-off-by: Scott Murray <scott.murray@konsulko.com> + +--- + common/image-fit-sig.c | 22 ++++++++++++++++++++-- + common/image-fit.c | 20 +++++++++++++++----- + test/py/tests/test_fit.py | 24 ++++++++++++------------ + test/py/tests/vboot_forge.py | 12 ++++++------ + 4 files changed, 53 insertions(+), 25 deletions(-) + +diff --git a/common/image-fit-sig.c b/common/image-fit-sig.c +index 897e04c7a3..34ebb8edfe 100644 +--- a/common/image-fit-sig.c ++++ b/common/image-fit-sig.c +@@ -149,6 +149,14 @@ static int fit_image_verify_sig(const void *fit, int image_noffset, + fdt_for_each_subnode(noffset, fit, image_noffset) { + const char *name = fit_get_name(fit, noffset, NULL); + ++ /* ++ * We don't support this since libfdt considers names with the ++ * name root but different @ suffix to be equal ++ */ ++ if (strchr(name, '@')) { ++ err_msg = "Node name contains @"; ++ goto error; ++ } + if (!strncmp(name, FIT_SIG_NODENAME, + strlen(FIT_SIG_NODENAME))) { + ret = fit_image_check_sig(fit, noffset, data, +@@ -398,9 +406,10 @@ error: + return -EPERM; + } + +-int fit_config_verify_required_sigs(const void *fit, int conf_noffset, +- const void *sig_blob) ++static int fit_config_verify_required_sigs(const void *fit, int conf_noffset, ++ const void *sig_blob) + { ++ const char *name = fit_get_name(fit, conf_noffset, NULL); + int noffset; + int sig_node; + int verified = 0; +@@ -408,6 +417,15 @@ int fit_config_verify_required_sigs(const void *fit, int conf_noffset, + bool reqd_policy_all = true; + const char *reqd_mode; + ++ /* ++ * We don't support this since libfdt considers names with the ++ * name root but different @ suffix to be equal ++ */ ++ if (strchr(name, '@')) { ++ printf("Configuration node '%s' contains '@'\n", name); ++ return -EPERM; ++ } ++ + /* Work out what we need to verify */ + sig_node = fdt_subnode_offset(sig_blob, 0, FIT_SIG_NODENAME); + if (sig_node < 0) { +diff --git a/common/image-fit.c b/common/image-fit.c +index adc3e551de..c3dc814115 100644 +--- a/common/image-fit.c ++++ b/common/image-fit.c +@@ -1369,21 +1369,31 @@ error: + */ + int fit_image_verify(const void *fit, int image_noffset) + { ++ const char *name = fit_get_name(fit, image_noffset, NULL); + const void *data; + size_t size; +- int noffset = 0; + char *err_msg = ""; + ++ if (strchr(name, '@')) { ++ /* ++ * We don't support this since libfdt considers names with the ++ * name root but different @ suffix to be equal ++ */ ++ err_msg = "Node name contains @"; ++ goto err; ++ } + /* Get image data and data length */ + if (fit_image_get_data_and_size(fit, image_noffset, &data, &size)) { + err_msg = "Can't get image data/size"; +- printf("error!\n%s for '%s' hash node in '%s' image node\n", +- err_msg, fit_get_name(fit, noffset, NULL), +- fit_get_name(fit, image_noffset, NULL)); +- return 0; ++ goto err; + } + + return fit_image_verify_with_data(fit, image_noffset, data, size); ++ ++err: ++ printf("error!\n%s in '%s' image node\n", err_msg, ++ fit_get_name(fit, image_noffset, NULL)); ++ return 0; + } + + /** +diff --git a/test/py/tests/test_fit.py b/test/py/tests/test_fit.py +index 84b3f95850..6d5b43c3ba 100755 +--- a/test/py/tests/test_fit.py ++++ b/test/py/tests/test_fit.py +@@ -17,7 +17,7 @@ base_its = ''' + #address-cells = <1>; + + images { +- kernel@1 { ++ kernel-1 { + data = /incbin/("%(kernel)s"); + type = "kernel"; + arch = "sandbox"; +@@ -26,7 +26,7 @@ base_its = ''' + load = <0x40000>; + entry = <0x8>; + }; +- kernel@2 { ++ kernel-2 { + data = /incbin/("%(loadables1)s"); + type = "kernel"; + arch = "sandbox"; +@@ -35,19 +35,19 @@ base_its = ''' + %(loadables1_load)s + entry = <0x0>; + }; +- fdt@1 { ++ fdt-1 { + description = "snow"; + data = /incbin/("%(fdt)s"); + type = "flat_dt"; + arch = "sandbox"; + %(fdt_load)s + compression = "%(compression)s"; +- signature@1 { ++ signature-1 { + algo = "sha1,rsa2048"; + key-name-hint = "dev"; + }; + }; +- ramdisk@1 { ++ ramdisk-1 { + description = "snow"; + data = /incbin/("%(ramdisk)s"); + type = "ramdisk"; +@@ -56,7 +56,7 @@ base_its = ''' + %(ramdisk_load)s + compression = "%(compression)s"; + }; +- ramdisk@2 { ++ ramdisk-2 { + description = "snow"; + data = /incbin/("%(loadables2)s"); + type = "ramdisk"; +@@ -67,10 +67,10 @@ base_its = ''' + }; + }; + configurations { +- default = "conf@1"; +- conf@1 { +- kernel = "kernel@1"; +- fdt = "fdt@1"; ++ default = "conf-1"; ++ conf-1 { ++ kernel = "kernel-1"; ++ fdt = "fdt-1"; + %(ramdisk_config)s + %(loadables_config)s + }; +@@ -410,7 +410,7 @@ def test_fit(u_boot_console): + + # Try a ramdisk + with cons.log.section('Kernel + FDT + Ramdisk load'): +- params['ramdisk_config'] = 'ramdisk = "ramdisk@1";' ++ params['ramdisk_config'] = 'ramdisk = "ramdisk-1";' + params['ramdisk_load'] = 'load = <%#x>;' % params['ramdisk_addr'] + fit = make_fit(mkimage, params) + cons.restart_uboot() +@@ -419,7 +419,7 @@ def test_fit(u_boot_console): + + # Configuration with some Loadables + with cons.log.section('Kernel + FDT + Ramdisk load + Loadables'): +- params['loadables_config'] = 'loadables = "kernel@2", "ramdisk@2";' ++ params['loadables_config'] = 'loadables = "kernel-2", "ramdisk-2";' + params['loadables1_load'] = ('load = <%#x>;' % + params['loadables1_addr']) + params['loadables2_load'] = ('load = <%#x>;' % +diff --git a/test/py/tests/vboot_forge.py b/test/py/tests/vboot_forge.py +index 0fb7ef4024..b41105bd0e 100644 +--- a/test/py/tests/vboot_forge.py ++++ b/test/py/tests/vboot_forge.py +@@ -376,12 +376,12 @@ def manipulate(root, strblock): + """ + Maliciously manipulates the structure to create a crafted FIT file + """ +- # locate /images/kernel@1 (frankly, it just expects it to be the first one) ++ # locate /images/kernel-1 (frankly, it just expects it to be the first one) + kernel_node = root[0][0] + # clone it to save time filling all the properties + fake_kernel = kernel_node.clone() + # rename the node +- fake_kernel.name = b'kernel@2' ++ fake_kernel.name = b'kernel-2' + # get rid of signatures/hashes + fake_kernel.children = [] + # NOTE: this simply replaces the first prop... either description or data +@@ -391,13 +391,13 @@ def manipulate(root, strblock): + root[0].children.append(fake_kernel) + + # modify the default configuration +- root[1].props[0].value = b'conf@2\x00' ++ root[1].props[0].value = b'conf-2\x00' + # clone the first (only?) configuration + fake_conf = root[1][0].clone() + # rename and change kernel and fdt properties to select the crafted kernel +- fake_conf.name = b'conf@2' +- fake_conf.props[0].value = b'kernel@2\x00' +- fake_conf.props[1].value = b'fdt@1\x00' ++ fake_conf.name = b'conf-2' ++ fake_conf.props[0].value = b'kernel-2\x00' ++ fake_conf.props[1].value = b'fdt-1\x00' + # insert the new configuration under /configurations + root[1].children.append(fake_conf) + diff --git a/poky/meta/recipes-bsp/u-boot/files/CVE-2021-27138-2.patch b/poky/meta/recipes-bsp/u-boot/files/CVE-2021-27138-2.patch new file mode 100644 index 000000000..946196c37 --- /dev/null +++ b/poky/meta/recipes-bsp/u-boot/files/CVE-2021-27138-2.patch @@ -0,0 +1,109 @@ +From 3f04db891a353f4b127ed57279279f851c6b4917 Mon Sep 17 00:00:00 2001 +From: Simon Glass <sjg@chromium.org> +Date: Mon, 15 Feb 2021 17:08:12 -0700 +Subject: [PATCH] image: Check for unit addresses in FITs + +Using unit addresses in a FIT is a security risk. Add a check for this +and disallow it. + +CVE-2021-27138 + +Signed-off-by: Simon Glass <sjg@chromium.org> +Reported-by: Bruce Monroe <bruce.monroe@intel.com> +Reported-by: Arie Haenel <arie.haenel@intel.com> +Reported-by: Julien Lenoir <julien.lenoir@intel.com> + +CVE: CVE-2021-27138 +Upstream-Status: Backport[https://github.com/u-boot/u-boot/commit/3f04db891a353f4b127ed57279279f851c6b4917] +Signed-off-by: Scott Murray <scott.murray@konsulko.com> + +--- + common/image-fit.c | 56 +++++++++++++++++++++++++++++++++++++++++---- + test/py/tests/test_vboot.py | 9 ++++---- + 2 files changed, 57 insertions(+), 8 deletions(-) + +diff --git a/common/image-fit.c b/common/image-fit.c +index bcf395f6a1..28b3d2b191 100644 +--- a/common/image-fit.c ++++ b/common/image-fit.c +@@ -1568,6 +1568,34 @@ int fit_image_check_comp(const void *fit, int noffset, uint8_t comp) + return (comp == image_comp); + } + ++/** ++ * fdt_check_no_at() - Check for nodes whose names contain '@' ++ * ++ * This checks the parent node and all subnodes recursively ++ * ++ * @fit: FIT to check ++ * @parent: Parent node to check ++ * @return 0 if OK, -EADDRNOTAVAIL is a node has a name containing '@' ++ */ ++static int fdt_check_no_at(const void *fit, int parent) ++{ ++ const char *name; ++ int node; ++ int ret; ++ ++ name = fdt_get_name(fit, parent, NULL); ++ if (!name || strchr(name, '@')) ++ return -EADDRNOTAVAIL; ++ ++ fdt_for_each_subnode(node, fit, parent) { ++ ret = fdt_check_no_at(fit, node); ++ if (ret) ++ return ret; ++ } ++ ++ return 0; ++} ++ + int fit_check_format(const void *fit, ulong size) + { + int ret; +@@ -1589,10 +1617,27 @@ int fit_check_format(const void *fit, ulong size) + if (size == IMAGE_SIZE_INVAL) + size = fdt_totalsize(fit); + ret = fdt_check_full(fit, size); ++ if (ret) ++ ret = -EINVAL; ++ ++ /* ++ * U-Boot stopped using unit addressed in 2017. Since libfdt ++ * can match nodes ignoring any unit address, signature ++ * verification can see the wrong node if one is inserted with ++ * the same name as a valid node but with a unit address ++ * attached. Protect against this by disallowing unit addresses. ++ */ ++ if (!ret && CONFIG_IS_ENABLED(FIT_SIGNATURE)) { ++ ret = fdt_check_no_at(fit, 0); + ++ if (ret) { ++ log_debug("FIT check error %d\n", ret); ++ return ret; ++ } ++ } + if (ret) { + log_debug("FIT check error %d\n", ret); +- return -EINVAL; ++ return ret; + } + } + +@@ -1955,10 +2000,13 @@ int fit_image_load(bootm_headers_t *images, ulong addr, + printf("## Loading %s from FIT Image at %08lx ...\n", prop_name, addr); + + bootstage_mark(bootstage_id + BOOTSTAGE_SUB_FORMAT); +- if (fit_check_format(fit, IMAGE_SIZE_INVAL)) { +- printf("Bad FIT %s image format!\n", prop_name); ++ ret = fit_check_format(fit, IMAGE_SIZE_INVAL); ++ if (ret) { ++ printf("Bad FIT %s image format! (err=%d)\n", prop_name, ret); ++ if (CONFIG_IS_ENABLED(FIT_SIGNATURE) && ret == -EADDRNOTAVAIL) ++ printf("Signature checking prevents use of unit addresses (@) in nodes\n"); + bootstage_error(bootstage_id + BOOTSTAGE_SUB_FORMAT); +- return -ENOEXEC; ++ return ret; + } + bootstage_mark(bootstage_id + BOOTSTAGE_SUB_FORMAT_OK); + if (fit_uname) { diff --git a/poky/meta/recipes-bsp/u-boot/u-boot-common.inc b/poky/meta/recipes-bsp/u-boot/u-boot-common.inc index 5a8035f43..993478a73 100644 --- a/poky/meta/recipes-bsp/u-boot/u-boot-common.inc +++ b/poky/meta/recipes-bsp/u-boot/u-boot-common.inc @@ -15,6 +15,13 @@ PE = "1" SRCREV = "c4fddedc48f336eabc4ce3f74940e6aa372de18c" SRC_URI = "git://git.denx.de/u-boot.git \ + file://0001-add-valid-fdt-check.patch \ + file://CVE-2021-27097-1.patch \ + file://CVE-2021-27097-2.patch \ + file://CVE-2021-27097-3.patch \ + file://CVE-2021-27097-4.patch \ + file://CVE-2021-27138-1.patch \ + file://CVE-2021-27138-2.patch \ " S = "${WORKDIR}/git" diff --git a/poky/meta/recipes-bsp/u-boot/u-boot.inc b/poky/meta/recipes-bsp/u-boot/u-boot.inc index 251178db3..5398c2e62 100644 --- a/poky/meta/recipes-bsp/u-boot/u-boot.inc +++ b/poky/meta/recipes-bsp/u-boot/u-boot.inc @@ -24,52 +24,6 @@ PACKAGECONFIG[openssl] = ",,openssl-native" # file already exists it will not be overwritten. UBOOT_LOCALVERSION ?= "" -# Some versions of u-boot use .bin and others use .img. By default use .bin -# but enable individual recipes to change this value. -UBOOT_SUFFIX ??= "bin" -UBOOT_IMAGE ?= "u-boot-${MACHINE}-${PV}-${PR}.${UBOOT_SUFFIX}" -UBOOT_SYMLINK ?= "u-boot-${MACHINE}.${UBOOT_SUFFIX}" -UBOOT_MAKE_TARGET ?= "all" - -# Output the ELF generated. Some platforms can use the ELF file and directly -# load it (JTAG booting, QEMU) additionally the ELF can be used for debugging -# purposes. -UBOOT_ELF ?= "" -UBOOT_ELF_SUFFIX ?= "elf" -UBOOT_ELF_IMAGE ?= "u-boot-${MACHINE}-${PV}-${PR}.${UBOOT_ELF_SUFFIX}" -UBOOT_ELF_BINARY ?= "u-boot.${UBOOT_ELF_SUFFIX}" -UBOOT_ELF_SYMLINK ?= "u-boot-${MACHINE}.${UBOOT_ELF_SUFFIX}" - -# Some versions of u-boot build an SPL (Second Program Loader) image that -# should be packaged along with the u-boot binary as well as placed in the -# deploy directory. For those versions they can set the following variables -# to allow packaging the SPL. -SPL_BINARY ?= "" -SPL_BINARYNAME ?= "${@os.path.basename(d.getVar("SPL_BINARY"))}" -SPL_IMAGE ?= "${SPL_BINARYNAME}-${MACHINE}-${PV}-${PR}" -SPL_SYMLINK ?= "${SPL_BINARYNAME}-${MACHINE}" - -# Additional environment variables or a script can be installed alongside -# u-boot to be used automatically on boot. This file, typically 'uEnv.txt' -# or 'boot.scr', should be packaged along with u-boot as well as placed in the -# deploy directory. Machine configurations needing one of these files should -# include it in the SRC_URI and set the UBOOT_ENV parameter. -UBOOT_ENV_SUFFIX ?= "txt" -UBOOT_ENV ?= "" -UBOOT_ENV_BINARY ?= "${UBOOT_ENV}.${UBOOT_ENV_SUFFIX}" -UBOOT_ENV_IMAGE ?= "${UBOOT_ENV}-${MACHINE}-${PV}-${PR}.${UBOOT_ENV_SUFFIX}" -UBOOT_ENV_SYMLINK ?= "${UBOOT_ENV}-${MACHINE}.${UBOOT_ENV_SUFFIX}" - -# Default name of u-boot initial env, but enable individual recipes to change -# this value. -UBOOT_INITIAL_ENV ?= "${PN}-initial-env" - -# U-Boot EXTLINUX variables. U-Boot searches for /boot/extlinux/extlinux.conf -# to find EXTLINUX conf file. -UBOOT_EXTLINUX_INSTALL_DIR ?= "/boot/extlinux" -UBOOT_EXTLINUX_CONF_NAME ?= "extlinux.conf" -UBOOT_EXTLINUX_SYMLINK ?= "${UBOOT_EXTLINUX_CONF_NAME}-${MACHINE}-${PR}" - do_configure () { if [ -n "${UBOOT_CONFIG}" ]; then unset i j diff --git a/poky/meta/recipes-bsp/u-boot/u-boot_2021.01.bb b/poky/meta/recipes-bsp/u-boot/u-boot_2021.01.bb index 2eef1e900..bbbc99bf8 100644 --- a/poky/meta/recipes-bsp/u-boot/u-boot_2021.01.bb +++ b/poky/meta/recipes-bsp/u-boot/u-boot_2021.01.bb @@ -1,4 +1,6 @@ require u-boot-common.inc require u-boot.inc +SRC_URI_append = " file://0001-riscv32-Use-double-float-ABI-for-rv32.patch" + DEPENDS += "bc-native dtc-native python3-setuptools-native" |