proxmox-mirrors/grub2
1
0
Fork 0
mirror of https://git.proxmox.com/git/grub2 synced 2025-10-04 18:53:29 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

i386-pc: build verifiers API as module

Browse Source 
Given no core functions on i386-pc would require verifiers to work and
the only consumer of the verifier API is the pgp module, it looks good
to me that we can move the verifiers out of the kernel image and let
moddep.lst to auto-load it when pgp is loaded on i386-pc platform.

This helps to reduce the size of core image and thus can relax the
tension of exploding on some i386-pc system with very short MBR gap
size. See also a very comprehensive summary from Colin [1] about the
details.

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00240.html

V2:
Drop COND_NOT_i386_pc and use !COND_i386_pc.
Add comment in kern/verifiers.c to help understanding what's going on
without digging into the commit history.

Reported-by: Colin Watson <cjwatson@debian.org>
Reviewed-by: Colin Watson <cjwatson@debian.org>
Signed-off-by: Michael Chang <mchang@suse.com>

Origin: other, https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00251.html
Bug-Debian: https://bugs.debian.org/984488
Bug-Debian: https://bugs.debian.org/985374
Last-Update: 2021-09-24

Patch-Name: pc-verifiers-module.patch
This commit is contained in:
Michael Chang 2021-03-18 19:30:26 +08:00 committed by Colin Watson
parent 4d208a51f4
commit 4a6abe501f
5 changed files with 39 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
grub-core/Makefile.am
View File

@ -93,7 +93,9 @@ KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/partition.h
KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/stack_protector.h KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/stack_protector.h
KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/term.h KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/term.h
KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/time.h KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/time.h
if !COND_i386_pc
KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/verify.h KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/verify.h
endif
KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/mm_private.h KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/mm_private.h
KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/net.h KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/net.h
KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/memory.h KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/memory.h

8
grub-core/Makefile.core.def
View File

@ -141,7 +141,7 @@ kernel = {
common = kern/rescue_parser.c; common = kern/rescue_parser.c;
common = kern/rescue_reader.c; common = kern/rescue_reader.c;
common = kern/term.c; common = kern/term.c;
common = kern/verifiers.c; nopc = kern/verifiers.c;
noemu = kern/compiler-rt.c; noemu = kern/compiler-rt.c;
noemu = kern/mm.c; noemu = kern/mm.c;
@ -946,6 +946,12 @@ module = {
cppflags = '-I$(srcdir)/lib/posix_wrap'; cppflags = '-I$(srcdir)/lib/posix_wrap';
}; };
module = {
name = verifiers;
common = kern/verifiers.c;
enable = i386_pc;
};
module = { module = {
name = hdparm; name = hdparm;
common = commands/hdparm.c; common = commands/hdparm.c;

4
grub-core/kern/main.c
View File

@ -29,7 +29,9 @@
#include <grub/command.h> #include <grub/command.h>
#include <grub/reader.h> #include <grub/reader.h>
#include <grub/parser.h> #include <grub/parser.h>
#ifndef GRUB_MACHINE_PCBIOS
#include <grub/verify.h> #include <grub/verify.h>
#endif
#ifdef GRUB_MACHINE_PCBIOS #ifdef GRUB_MACHINE_PCBIOS
#include <grub/machine/memory.h> #include <grub/machine/memory.h>
@ -285,8 +287,10 @@ grub_main (void)
grub_setcolorstate (GRUB_TERM_COLOR_STANDARD); grub_setcolorstate (GRUB_TERM_COLOR_STANDARD);
#endif #endif
#ifndef GRUB_MACHINE_PCBIOS
/* Init verifiers API. */ /* Init verifiers API. */
grub_verifiers_init (); grub_verifiers_init ();
#endif
grub_load_config (); grub_load_config ();

17
grub-core/kern/verifiers.c
View File

@ -221,8 +221,25 @@ grub_verify_string (char *str, enum grub_verify_string_type type)
return GRUB_ERR_NONE; return GRUB_ERR_NONE;
} }
/*
* It is intended to build verifiers as module on i386-pc platform to minimize
* the impact of growing core image size could blow up the 63 sectors limit of
* some MBR gap one day. It is also adequate to do so, given no core function
* on i386-pc would require the verifiers API to work.
*/
#ifdef GRUB_MACHINE_PCBIOS
GRUB_MOD_INIT(verifiers)
#else
void void
grub_verifiers_init (void) grub_verifiers_init (void)
#endif
{ {
grub_file_filter_register (GRUB_FILE_FILTER_VERIFY, grub_verifiers_open); grub_file_filter_register (GRUB_FILE_FILTER_VERIFY, grub_verifiers_open);
} }
#ifdef GRUB_MACHINE_PCBIOS
GRUB_MOD_FINI(verifiers)
{
grub_file_filter_unregister (GRUB_FILE_FILTER_VERIFY);
}
#endif

9
include/grub/verify.h
View File

@ -64,10 +64,14 @@ struct grub_file_verifier
grub_err_t (*verify_string) (char *str, enum grub_verify_string_type type); grub_err_t (*verify_string) (char *str, enum grub_verify_string_type type);
}; };
#ifdef GRUB_MACHINE_PCBIOS
extern struct grub_file_verifier *grub_file_verifiers;
#else
extern struct grub_file_verifier *EXPORT_VAR (grub_file_verifiers); extern struct grub_file_verifier *EXPORT_VAR (grub_file_verifiers);
extern void extern void
grub_verifiers_init (void); grub_verifiers_init (void);
#endif
static inline void static inline void
grub_verifier_register (struct grub_file_verifier *ver) grub_verifier_register (struct grub_file_verifier *ver)
@ -81,7 +85,12 @@ grub_verifier_unregister (struct grub_file_verifier *ver)
grub_list_remove (GRUB_AS_LIST (ver)); grub_list_remove (GRUB_AS_LIST (ver));
} }
#ifdef GRUB_MACHINE_PCBIOS
grub_err_t
grub_verify_string (char *str, enum grub_verify_string_type type);
#else
extern grub_err_t extern grub_err_t
EXPORT_FUNC (grub_verify_string) (char *str, enum grub_verify_string_type type); EXPORT_FUNC (grub_verify_string) (char *str, enum grub_verify_string_type type);
#endif
#endif /* ! GRUB_VERIFY_HEADER */ #endif /* ! GRUB_VERIFY_HEADER */