Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 2149020 - grub2 memory allocation is *still* broken
Summary: grub2 memory allocation is *still* broken
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: grub2
Version: 38
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Javier Martinez Canillas
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2022-11-28 15:29 UTC by Gerd Hoffmann
Modified: 2023-09-25 01:42 UTC (History)
7 users (show)

Fixed In Version: grub2-2.06-100.fc38 grub2-2.06-100.fc39
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2023-09-18 18:07:25 UTC
Type: Bug
Embargoed:


Attachments (Terms of Use)

Description Gerd Hoffmann 2022-11-28 15:29:34 UTC
Description of problem:

edk2-stable202211 is more strict when it comes to memory
allocations.

edk2 commit is:

commit 2997ae38739756ecba9b0de19e86032ebc689ef9
Author: Ard Biesheuvel <ardb>
Date:   Tue Aug 2 11:48:04 2022 +0200

    ArmVirtPkg: make EFI_LOADER_DATA non-executable
    
    When the memory protections were implemented and enabled on ArmVirtQemu
    5+ years ago, we had to work around the fact that GRUB at the time
    expected EFI_LOADER_DATA to be executable, as that is the memory type it
    allocates when loading its modules.
    
    This has been fixed in GRUB in August 2017, so by now, we should be able
    to tighten this, and remove execute permissions from EFI_LOADER_DATA
    allocations.
    
    Signed-off-by: Ard Biesheuvel <ardb>

referenced upstream grub commit seems to be:

commit f826330683675f0deb55b58fd229afd7d65fb053
Author: Leif Lindholm <leif.lindholm>
Date:   Thu Aug 3 11:04:32 2017 +0100

    efi: change heap allocation type to GRUB_EFI_LOADER_CODE
    
    With upcoming changes to EDK2, allocations of type EFI_LOADER_DATA may
    not return regions with execute ability. Since modules are loaded onto
    the heap, change the heap allocation type to GRUB_EFI_LOADER_CODE in
    order to permit execution on systems with this feature enabled.
    
    Closes: 50420
    
    Signed-off-by: Leif Lindholm <leif.lindholm>

Fedora 37 grub version apparently *still* has that bug which has been fixed upstream more than 5(!) years ago.

Comment 1 Gerd Hoffmann 2022-11-28 15:33:03 UTC
Reproduce:
Install edk2-20221117gitfff6d81270b5-1.fc38 on host, try boof fedora guest.
(must be that specific version, the newer -2 build has the edk2 change reverted as workaround).

Comment 2 Gerd Hoffmann 2022-11-28 15:34:09 UTC
> edk2-20221117gitfff6d81270b5-1.fc38

https://koji.fedoraproject.org/koji/buildinfo?buildID=2092827

Comment 3 Ben Cotton 2023-02-07 15:00:02 UTC
This bug appears to have been reported against 'rawhide' during the Fedora Linux 38 development cycle.
Changing version to 38.

Comment 4 Jonathan Arnett 2023-08-03 18:45:02 UTC
This bug is the suspected cause of an issue preventing Fedora from booting on Surface devices after a recent firmware update: https://github.com/linux-surface/linux-surface/issues/1162.

Comment 5 Jeremy Linton 2023-08-15 15:19:33 UTC
This is also the cause of boot failures with the x13s, and there is a PR here: https://github.com/rhboot/grub2/pull/101 which fixes it.

Comment 6 Jeremy Linton 2023-08-16 00:40:20 UTC
I opened a PR against fedora directly merging the above fix here: https://src.fedoraproject.org/rpms/grub2/pull-request/27

Comment 7 Fedora Update System 2023-09-15 15:04:20 UTC
FEDORA-2023-8b959d8040 has been submitted as an update to Fedora 38. https://bodhi.fedoraproject.org/updates/FEDORA-2023-8b959d8040

Comment 8 Fedora Update System 2023-09-16 01:48:24 UTC
FEDORA-2023-75934fce38 has been pushed to the Fedora 39 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2023-75934fce38`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2023-75934fce38

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 9 Fedora Update System 2023-09-16 03:17:49 UTC
FEDORA-2023-8b959d8040 has been pushed to the Fedora 38 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2023-8b959d8040`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2023-8b959d8040

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 10 Fedora Update System 2023-09-18 18:07:25 UTC
FEDORA-2023-8b959d8040 has been pushed to the Fedora 38 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 11 Fedora Update System 2023-09-25 01:42:27 UTC
FEDORA-2023-75934fce38 has been pushed to the Fedora 39 stable repository.
If problem still persists, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.