From ca67b09c015d4af3ae3cce12aa72e60941dbb8b5 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 7 Apr 2024 18:29:52 +0200 Subject: Adding debian version 2.06-13+deb12u1. Signed-off-by: Daniel Baumann --- debian/patches/pc-verifiers-module.patch | 167 +++++++++++++++++++++++++++++++ 1 file changed, 167 insertions(+) create mode 100644 debian/patches/pc-verifiers-module.patch (limited to 'debian/patches/pc-verifiers-module.patch') diff --git a/debian/patches/pc-verifiers-module.patch b/debian/patches/pc-verifiers-module.patch new file mode 100644 index 0000000..a3c1303 --- /dev/null +++ b/debian/patches/pc-verifiers-module.patch @@ -0,0 +1,167 @@ +From 4a6abe501f39c4c8afe4ed7405ff99aff8559a13 Mon Sep 17 00:00:00 2001 +From: Michael Chang +Date: Thu, 18 Mar 2021 19:30:26 +0800 +Subject: i386-pc: build verifiers API as module + +Given no core functions on i386-pc would require verifiers to work and +the only consumer of the verifier API is the pgp module, it looks good +to me that we can move the verifiers out of the kernel image and let +moddep.lst to auto-load it when pgp is loaded on i386-pc platform. + +This helps to reduce the size of core image and thus can relax the +tension of exploding on some i386-pc system with very short MBR gap +size. See also a very comprehensive summary from Colin [1] about the +details. + +[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00240.html + +V2: +Drop COND_NOT_i386_pc and use !COND_i386_pc. +Add comment in kern/verifiers.c to help understanding what's going on +without digging into the commit history. + +Reported-by: Colin Watson +Reviewed-by: Colin Watson +Signed-off-by: Michael Chang + +Origin: other, https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00251.html +Bug-Debian: https://bugs.debian.org/984488 +Bug-Debian: https://bugs.debian.org/985374 +Last-Update: 2021-09-24 + +Patch-Name: pc-verifiers-module.patch +--- + grub-core/Makefile.am | 2 ++ + grub-core/Makefile.core.def | 8 +++++++- + grub-core/kern/main.c | 4 ++++ + grub-core/kern/verifiers.c | 17 +++++++++++++++++ + include/grub/verify.h | 9 +++++++++ + 5 files changed, 39 insertions(+), 1 deletion(-) + +diff --git a/grub-core/Makefile.am b/grub-core/Makefile.am +index ee88e44e9..b6872d20f 100644 +--- a/grub-core/Makefile.am ++++ b/grub-core/Makefile.am +@@ -93,7 +93,9 @@ KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/partition.h + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/stack_protector.h + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/term.h + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/time.h ++if !COND_i386_pc + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/verify.h ++endif + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/mm_private.h + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/net.h + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/memory.h +diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def +index 2ff266806..da3269899 100644 +--- a/grub-core/Makefile.core.def ++++ b/grub-core/Makefile.core.def +@@ -141,7 +141,7 @@ kernel = { + common = kern/rescue_parser.c; + common = kern/rescue_reader.c; + common = kern/term.c; +- common = kern/verifiers.c; ++ nopc = kern/verifiers.c; + + noemu = kern/compiler-rt.c; + noemu = kern/mm.c; +@@ -946,6 +946,12 @@ module = { + cppflags = '-I$(srcdir)/lib/posix_wrap'; + }; + ++module = { ++ name = verifiers; ++ common = kern/verifiers.c; ++ enable = i386_pc; ++}; ++ + module = { + name = hdparm; + common = commands/hdparm.c; +diff --git a/grub-core/kern/main.c b/grub-core/kern/main.c +index 2879d644a..c6fb66853 100644 +--- a/grub-core/kern/main.c ++++ b/grub-core/kern/main.c +@@ -29,7 +29,9 @@ + #include + #include + #include ++#ifndef GRUB_MACHINE_PCBIOS + #include ++#endif + + #ifdef GRUB_MACHINE_PCBIOS + #include +@@ -285,8 +287,10 @@ grub_main (void) + grub_setcolorstate (GRUB_TERM_COLOR_STANDARD); + #endif + ++#ifndef GRUB_MACHINE_PCBIOS + /* Init verifiers API. */ + grub_verifiers_init (); ++#endif + + grub_load_config (); + +diff --git a/grub-core/kern/verifiers.c b/grub-core/kern/verifiers.c +index 75d7994cf..1245d0d9e 100644 +--- a/grub-core/kern/verifiers.c ++++ b/grub-core/kern/verifiers.c +@@ -221,8 +221,25 @@ grub_verify_string (char *str, enum grub_verify_string_type type) + return GRUB_ERR_NONE; + } + ++/* ++ * It is intended to build verifiers as module on i386-pc platform to minimize ++ * the impact of growing core image size could blow up the 63 sectors limit of ++ * some MBR gap one day. It is also adequate to do so, given no core function ++ * on i386-pc would require the verifiers API to work. ++ */ ++#ifdef GRUB_MACHINE_PCBIOS ++GRUB_MOD_INIT(verifiers) ++#else + void + grub_verifiers_init (void) ++#endif + { + grub_file_filter_register (GRUB_FILE_FILTER_VERIFY, grub_verifiers_open); + } ++ ++#ifdef GRUB_MACHINE_PCBIOS ++GRUB_MOD_FINI(verifiers) ++{ ++ grub_file_filter_unregister (GRUB_FILE_FILTER_VERIFY); ++} ++#endif +diff --git a/include/grub/verify.h b/include/grub/verify.h +index cd129c398..6fde244fc 100644 +--- a/include/grub/verify.h ++++ b/include/grub/verify.h +@@ -64,10 +64,14 @@ struct grub_file_verifier + grub_err_t (*verify_string) (char *str, enum grub_verify_string_type type); + }; + ++#ifdef GRUB_MACHINE_PCBIOS ++extern struct grub_file_verifier *grub_file_verifiers; ++#else + extern struct grub_file_verifier *EXPORT_VAR (grub_file_verifiers); + + extern void + grub_verifiers_init (void); ++#endif + + static inline void + grub_verifier_register (struct grub_file_verifier *ver) +@@ -81,7 +85,12 @@ grub_verifier_unregister (struct grub_file_verifier *ver) + grub_list_remove (GRUB_AS_LIST (ver)); + } + ++#ifdef GRUB_MACHINE_PCBIOS ++grub_err_t ++grub_verify_string (char *str, enum grub_verify_string_type type); ++#else + extern grub_err_t + EXPORT_FUNC (grub_verify_string) (char *str, enum grub_verify_string_type type); ++#endif + + #endif /* ! GRUB_VERIFY_HEADER */ -- cgit v1.2.3