Bug 671392

Summary: [RHEL6.1] anaconda: MBR on >2.2TB on GPT labelled disk locates grub stage-2 outside valid partition
Product: Red Hat Enterprise Linux 6 Reporter: Tony Camuso <tcamuso>
Component: grubAssignee: Peter Jones <pjones>
Status: CLOSED WONTFIX QA Contact: Release Test Team <release-test-team>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 6.0CC: bzeranski, eric.whitney, nagananda.chumbalkar, sandy.garza, tcamuso
Target Milestone: rc   
Target Release: 6.2   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-05-20 20:34:53 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 557876, 580566, 705163    

Description Tony Camuso 2011-01-21 14:16:53 UTC 
Description of problem:

Anaconda places grub stage 2 of GPT labelled disk in a region outside of a valid partition, exposing it to corruption or deletion, which would make the disk unbootable.

Following is a detailed description of the problem provided by Robert Elliott of HP <elliott>

Based on this excerpt from grub-0.97 stage1.S, which is probably the source code for the content of LBA 0 (the MBR):

stage1_version:                
                .byte     COMPAT_VERSION_MAJOR, COMPAT_VERSION_MINOR
boot_drive:        
                .byte     GRUB_INVALID_DRIVE /* the disk to load stage2 from */
force_lba:
                .byte     0
stage2_address:
                .word    0x8000
stage2_sector:
                .long      1
stage2_segment:
                .word    0x800

after_BPB:

/* general setup */
                cli                            /* we're not safe here! */


Therefore, these contents of LBA 0 ...

00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 03 02  |................|
00000040  80 00 00 80 c8 49 08 00  00 08 fa 90 90 f6 c2 80  |.....I..........|

...mean...

00000040 80                   boot_drive:       .byte GRUB_INVALID_DRIVE
00000041 00                   force_lba:        .byte 0     
00000042 00 80          stage2_address:               .word    0x8000
00000044 c8 49 08 00    stage2_sector:                  .long      1
00000048 00 08          stage2_segment:             .word    0x800
00000049 fa                   cli

Whatever program writes grub stage1 and stage2 to disk must have overwritten "stage2_sector" at offset 44.  Although LBA 1 is used on MBR disks, that's used by the GPT header on GPT disks.

LBA 0x000849c8 = LBA 543,176 = byte offset 278,106,112 = 271,588 KiB

0x10 logical blocks are read by stage1 starting from that LBA,and that LBA lies between the end of the GPT partition tables and the start of the /boot partition, which is not safe.  The BIOS boot partition (used by grub-2) was created so grub doesn't have to sit in no-mans-land.

Partition Table: gpt

Number  Start   End     Size    File system  Name  Flags
 1      1049kB  525MB   524MB   ext4               boot
 2      525MB   3000GB  3000GB                     lvm


Here are the contents of that region, which indicates that is where grub stage-2 has been located. These contents were copied to a file using dd.

00000000  52 56 5e bf f8 81 66 8b  2d 83 7d 04 00 0f 84 c4  |RV^...f.-.}.....|
00000010  00 80 7c ff 00 74 3e 66  8b 1d 66 31 c0 b0 7f 39  |..|..t>f..f1...9|
00000020  45 04 7f 03 8b 45 04 29  45 04 66 01 05 c7 04 10  |E....E.)E.f.....|
00000030  00 89 44 02 66 89 5c 08  c7 44 06 00 70 50 66 31  |..D.f.\..D..pPf1|
00000040  c0 89 44 04 66 89 44 0c  b4 42 cd 13 0f 82 93 00  |..D.f.D..B......|
00000050  bb 00 70 eb 56 66 8b 05  66 31 d2 66 f7 34 88 54  |..p.Vf..f1.f.4.T|
00000060  0a 66 31 d2 66 f7 74 04  88 54 0b 89 44 0c 3b 44  |.f1.f.t..T..D.;D|
00000070  08 7d 68 8b 04 2a 44 0a  39 45 04 7f 03 8b 45 04  |.}h..*D.9E....E.|
00000080  29 45 04 66 01 05 8a 54  0d c0 e2 06 8a 4c 0a fe  |)E.f...T.....L..|
00000090  c1 08 d1 8a 6c 0c 5a 52  8a 74 0b 50 bb 00 70 8e  |....l.ZR.t.P..p.|
000000a0  c3 31 db b4 02 cd 13 72  3a 8c c3 8e 45 06 58 c1  |.1.....r:...E.X.|
000000b0  e0 05 01 45 06 60 1e c1  e0 04 89 c1 31 ff 31 f6  |...E.`......1.1.|
000000c0  8e db fc f3 a4 1f 61 83  7d 04 00 0f 85 42 ff 83  |......a.}....B..|
000000d0  ef 08 e9 34 ff 5a ea 00  82 00 00 be 05 81 e8 3d  |...4.Z.........=|
000000e0  00 eb 06 be 0a 81 e8 35  00 be 0f 81 e8 2f 00 eb  |.......5...../..|
000000f0  fe 4c 6f 61 64 69 6e 67  20 73 74 61 67 65 32 00  |.Loading stage2.|
00000100  2e 00 0d 0a 00 47 65 6f  6d 00 52 65 61 64 00 20  |.....Geom.Read. |
00000110  45 72 72 6f 72 00 bb 01  00 b4 0e cd 10 46 8a 04  |Error........F..|
00000120  3c 00 75 f2 c3 00 00 00  00 00 00 00 00 00 00 00  |<.u.............|
00000130  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
000001f0  00 00 00 00 00 00 00 00  b7 49 08 00 dc 00 20 08  |.........I.... .|
00000200  ea 70 82 00 00 00 03 02  ff ff 00 00 00 00 00 00  |.p..............|
00000210  00 00 30 2e 39 37 00 28  68 64 30 2c 30 29 2f 67  |..0.97.(hd0,0)/g|
00000220  72 75 62 2f 67 72 75 62  2e 63 6f 6e 66 00 00 00  |rub/grub.conf...|
00000230  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*


Version-Release number of selected component (if applicable):


How reproducible:
Every time

Steps to Reproduce:
1. Connect disk >2.2TB. I used the HP Configuration Utility to connect six 600GB drives in a RAID-5 configuration to present one 3TB disk.
2. Start RHEL6 install
3. Press CTRL-ALT-F2 to enter console mode
4. Type 
   # parted -s /dev/sda MKLABEL gpt
5. Allow install to complete using all defaults. You will see that the entire disk beyond 2.2TB is being utilized. 
6. After booting, from the command prompt, type
   # dd if=/dev/sda of=mbr bs=512 count=1
   # hexdump -C mbr
7. Use Robert Elliot's analysis (above) of the mbr hex dump starting at offset 0x30 to locate LBA containing grub stage-2 
8. Use dd to dump the contents of that LBA to show that it is indeed grub stage-2.
9. Use parted to display partition stats, and you will see that grub stage-2 is located in a region outside of a valid partition.

Actual results:
Grub stage-2 is located outside of a valid partition.

Expected results:
Grub stage-2 should be located inside of a valid partition.

Additional info:
Comment 2 RHEL Program Management 2011-01-21 14:48:19 UTC 
This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated
in the current release, Red Hat is unfortunately unable to
address this request at this time. Red Hat invites you to
ask your support representative to propose this request, if
appropriate and relevant, in the next release of Red Hat
Enterprise Linux. If you would like it considered as an
exception in the current release, please ask your support
representative.
Comment 5 RHEL Program Management 2011-05-20 20:34:53 UTC 
Development Management has reviewed and declined this request.  You may appeal
this decision by reopening this request.