Hi all!
There is a problem in Grub on IEEE1275 when it tries to call certain
functions via "call-method" - it does not check the "catch_result" in
some places to test whether the target function really exists,
continues with bad data, finally leading to some obscure crashes.
We've hit this problen with the the code in the scan() function in the
file grub-core/disk/ieee1275/ofdisk.c:
INIT_IEEE1275_COMMON (&args.common, "call-method", 2, 3);
args.method = (grub_ieee1275_cell_t) "vscsi-report-luns";
args.ihandle = ihandle;
args.table = 0;
args.nentries = 0;
if (IEEE1275_CALL_ENTRY_FN (&args) == -1)
{
grub_ieee1275_close (ihandle);
return 0;
}
We've got an implementation of Open Firmware that features vscsi, but
does not offer the vscsi-report-luns method (yet). Grub2 does not abort
after trying to call the method, but continues with bad results and
finally crashes.
The fix for the crash is quite easy: Simply test the "catch_result" in
the args structure. If it is non-zero, the call failed and the function
should abort here, ie. the if-statement should rather look like this:
if (IEEE1275_CALL_ENTRY_FN (&args) == -1
|| args.catch_result != 0)
{
grub_ieee1275_close (ihandle);
return 0;
}
Beside the code in ofdisk.c there are some other places in the code
where Grub ignores the catch_result (simply search for "call-method"
and have a look whether catch_result is being used or not). I guess
these other spots should be fixed, too.
Regards,
Thomas Huth
_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
