i386-pc: build verifiers API as module

Given no core functions on i386-pc would require verifiers to work and the only consumer of the verifier API is the pgp module, it looks good to me that we can move the verifiers out of the kernel image and let moddep.lst to auto-load it when pgp is loaded on i386-pc platform. This helps to reduce the size of core image and thus can relax the tension of exploding on some i386-pc system with very short MBR gap size. See also a very comprehensive summary from Colin [1] about the details. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00240.html V2: Drop COND_NOT_i386_pc and use !COND_i386_pc. Add comment in kern/verifiers.c to help understanding what's going on without digging into the commit history. Reported-by: Colin Watson <cjwatson@debian.org> Reviewed-by: Colin Watson <cjwatson@debian.org> Signed-off-by: Michael Chang <mchang@suse.com> Origin: other, https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00251.html Bug-Debian: https://bugs.debian.org/984488 Bug-Debian: https://bugs.debian.org/985374 Last-Update: 2021-09-24 Patch-Name: pc-verifiers-module.patch
2025-10-04 15:29:30 +00:00 · 2021-03-18 19:30:26 +08:00 · 2021-03-18 19:30:26 +08:00 · 4a6abe501f
commit 4a6abe501f
parent 4d208a51f4
5 changed files with 39 additions and 1 deletions
--- a/grub-core/Makefile.am
+++ b/grub-core/Makefile.am
@ -93,7 +93,9 @@ KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/partition.h
 KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/stack_protector.h
 KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/term.h
 KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/time.h
+if !COND_i386_pc
 KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/verify.h
+endif
 KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/mm_private.h
 KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/net.h
 KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/memory.h
--- a/grub-core/Makefile.core.def
+++ b/grub-core/Makefile.core.def
@ -141,7 +141,7 @@ kernel = {
  common = kern/rescue_parser.c;
  common = kern/rescue_reader.c;
  common = kern/term.c;
-  common = kern/verifiers.c;
+  nopc = kern/verifiers.c;

  noemu = kern/compiler-rt.c;
  noemu = kern/mm.c;
@ -946,6 +946,12 @@ module = {
  cppflags = '-I$(srcdir)/lib/posix_wrap';
 };

+module = {
+  name = verifiers;
+  common = kern/verifiers.c;
+  enable = i386_pc;
+};
+
 module = {
  name = hdparm;
  common = commands/hdparm.c;
--- a/grub-core/kern/main.c
+++ b/grub-core/kern/main.c
@ -29,7 +29,9 @@
 #include <grub/command.h>
 #include <grub/reader.h>
 #include <grub/parser.h>
+#ifndef GRUB_MACHINE_PCBIOS
 #include <grub/verify.h>
+#endif

 #ifdef GRUB_MACHINE_PCBIOS
 #include <grub/machine/memory.h>
@ -285,8 +287,10 @@ grub_main (void)
  grub_setcolorstate (GRUB_TERM_COLOR_STANDARD);
 #endif

+#ifndef GRUB_MACHINE_PCBIOS
  /* Init verifiers API. */
  grub_verifiers_init ();
+#endif

  grub_load_config ();

--- a/grub-core/kern/verifiers.c
+++ b/grub-core/kern/verifiers.c
@ -221,8 +221,25 @@ grub_verify_string (char *str, enum grub_verify_string_type type)
  return GRUB_ERR_NONE;
 }

+/*
+ * It is intended to build verifiers as module on i386-pc platform to minimize
+ * the impact of growing core image size could blow up the 63 sectors limit of
+ * some MBR gap one day. It is also adequate to do so, given no core function
+ * on i386-pc would require the verifiers API to work.
+ */
+#ifdef GRUB_MACHINE_PCBIOS
+GRUB_MOD_INIT(verifiers)
+#else
 void
 grub_verifiers_init (void)
+#endif
 {
  grub_file_filter_register (GRUB_FILE_FILTER_VERIFY, grub_verifiers_open);
 }
+
+#ifdef GRUB_MACHINE_PCBIOS
+GRUB_MOD_FINI(verifiers)
+{
+  grub_file_filter_unregister (GRUB_FILE_FILTER_VERIFY);
+}
+#endif
--- a/include/grub/verify.h
+++ b/include/grub/verify.h
@ -64,10 +64,14 @@ struct grub_file_verifier
  grub_err_t (*verify_string) (char *str, enum grub_verify_string_type type);
 };

+#ifdef GRUB_MACHINE_PCBIOS
+extern struct grub_file_verifier *grub_file_verifiers;
+#else
 extern struct grub_file_verifier *EXPORT_VAR (grub_file_verifiers);

 extern void
 grub_verifiers_init (void);
+#endif

 static inline void
 grub_verifier_register (struct grub_file_verifier *ver)
@ -81,7 +85,12 @@ grub_verifier_unregister (struct grub_file_verifier *ver)
  grub_list_remove (GRUB_AS_LIST (ver));
 }

+#ifdef GRUB_MACHINE_PCBIOS
+grub_err_t
+grub_verify_string (char *str, enum grub_verify_string_type type);
+#else
 extern grub_err_t
 EXPORT_FUNC (grub_verify_string) (char *str, enum grub_verify_string_type type);
+#endif

 #endif /* ! GRUB_VERIFY_HEADER */