From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from list by lists.gnu.org with archive (Exim 4.71)
	id 1fGTB0-0000HY-JR
	for mharc-grub-devel@gnu.org; Wed, 09 May 2018 13:46:54 -0400
Received: from eggs.gnu.org ([2001:4830:134:3::10]:45008)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <ajeddelo@redhat.com>) id 1fGTAy-0000HS-NQ
	for grub-devel@gnu.org; Wed, 09 May 2018 13:46:53 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <ajeddelo@redhat.com>) id 1fGTAv-0005cg-LM
	for grub-devel@gnu.org; Wed, 09 May 2018 13:46:52 -0400
Received: from mail-qk0-f195.google.com ([209.85.220.195]:42390)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <ajeddelo@redhat.com>) id 1fGTAv-0005bZ-HA
	for grub-devel@gnu.org; Wed, 09 May 2018 13:46:49 -0400
Received: by mail-qk0-f195.google.com with SMTP id j10so28205510qke.9
	for <grub-devel@gnu.org>; Wed, 09 May 2018 10:46:48 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
	bh=qAEUOhcefGCSaFSCW1193rX+Hct/QTWicQN8QY8ajQk=;
	b=d4nFx0fZ3IQlaTZaxdFDaaPLTdM8F2e2sFPUysu1JIwXYtvh4v+lyTsRyI2jWPW0Z9
	IqrR5kLIp3Ou4cmz1RkRWsWM5GwpiLaGrmTsrY4WmSYbPEhNj3D4YqQbYnIKIikrziD3
	XM/s2Pf3azG/Il4yq6IIvCUUnOMfd8Oa9m4hoLvyjhm0axC6s1A+xkr2gXpQ7tu8Wf6D
	QwSDT2NwyOVJuyGI+1DNPCPbVtCSpBAI73FVhoQ2ZZDnMtidIjeWFfAGi0sL1U56FKhI
	qoEmSEu25XG2Bk5XzfRct2p9rR7b7aA9KjkDHZr70mELQxuqFT9f4RjgshIvKlozhDQ7
	1/NQ==
X-Gm-Message-State: ALQs6tCuE505KD/+kGBJU5EesAWaQUHfBVVpEJWBFLcoWqlOt5tAWDVO
	sNrX4KRNi3e4c0UDyyRf9qoaeyOeydif+/GLu2/CIPsa
X-Google-Smtp-Source: AB8JxZoVKAi9hOZ8DpLWAq/x5M8YVAbC/0iUPkjw8EGSUwF5klb0TS+yi4jcQkRuq8Z3IrIFiyTSGdqHErSuAZk0jVw=
X-Received: by 10.55.186.196 with SMTP id k187mr36409733qkf.66.1525888007890; 
	Wed, 09 May 2018 10:46:47 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.12.139.75 with HTTP; Wed, 9 May 2018 10:46:47 -0700 (PDT)
From: Andrew Jeddeloh <andrew.jeddeloh@redhat.com>
Date: Wed, 9 May 2018 10:46:47 -0700
Message-ID: <CAK=WzweAuG_ygdHjJNB9uxfX-T3WvLDjxnkAaBdzsoKriGXa6g@mail.gmail.com>
Subject: [PATCH] loader/i386/linux: calculate the size of the setup header
To: grub-devel@gnu.org
Content-Type: text/plain; charset="UTF-8"
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
	[fuzzy]
X-Received-From: 209.85.220.195
X-BeenThere: grub-devel@gnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: The development of GNU GRUB <grub-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/grub-devel>,
	<mailto:grub-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/grub-devel/>
List-Post: <mailto:grub-devel@gnu.org>
List-Help: <mailto:grub-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/grub-devel>,
	<mailto:grub-devel-request@gnu.org?subject=subscribe>
X-List-Received-Date: Wed, 09 May 2018 17:46:54 -0000

This patch is prompted from a question I asked a while ago about why
the disk read is necessary. See the thread here [1].

This changes the disk read to use the length of the setup header as
calculated by the x86 32 bit linux boot protocol [1]. I'm not 100%
sure its patch that's wanted however. The idea was that grub should
only read the amount specified by the boot protocol and not more, but
it turns out the size of the linux_kernel_params struct is already
sized such that grub reads the exact amount anyway (at least with the
recent kernels I've tested with). This introduces two changes:
 - if a new version of linux makes the setup headers section larger,
this will fail instead of only readiing the old fields. I'm not sure
if this behavior is desired.
 - If older versions have a smaller setup header section, less will be read.

[1] http://lists.gnu.org/archive/html/grub-devel/2018-04/msg00073.html
[2] https://raw.githubusercontent.com/torvalds/linux/master/Documentation/x86/boot.txt


Previously the length was just assumed to be the size of the
linux_params struct. The linux x86 32 bit boot protocol says the size of
the setup header is 0x202 + the byte at 0x201 in the boot params.
Calculate the size of the header, rather than assume it is the size of
the linux_params struct.

Signed-off-by: Andrew Jeddeloh <andrew.jeddeloh@coreos.com>
---
 grub-core/loader/i386/linux.c | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/grub-core/loader/i386/linux.c b/grub-core/loader/i386/linux.c
index 44301e126..9b4d33785 100644
--- a/grub-core/loader/i386/linux.c
+++ b/grub-core/loader/i386/linux.c
@@ -805,7 +805,16 @@ grub_cmd_linux (grub_command_t cmd __attribute__
((unused)),
   linux_params.kernel_alignment = (1 << align);
   linux_params.ps_mouse = linux_params.padding10 =  0;

-  len = sizeof (linux_params) - sizeof (lh);
+  // The linux 32 bit boot protocol defines the setup header size to
be 0x202 + the size of
+  // the jump at 0x200. We've already read sizeof(lh)
+  len = *((char *)&linux_params.jump + 1) + 0x202 - sizeof(lh);
+
+  // Verify the struct is big enough so we do not write past the end
+  if (len + sizeof(lh) > sizeof(linux_params)) {
+    grub_error (GRUB_ERR_BAD_OS, "boot params setup header too big
for linux_params struct");
+    goto fail;
+  }
+
   if (grub_file_read (file, (char *) &linux_params + sizeof (lh), len) != len)
     {
       if (!grub_errno)
-- 
2.14.1