lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Sat, 11 Oct 2008 19:58:18 +0200
From:	Jens Axboe <jens.axboe@...cle.com>
To:	Ingo Molnar <mingo@...e.hu>
Cc:	Tejun Heo <tj@...nel.org>,
	Linus Torvalds <torvalds@...ux-foundation.org>,
	linux-kernel@...r.kernel.org,
	Andrew Morton <akpm@...ux-foundation.org>,
	Thomas Gleixner <tglx@...utronix.de>,
	"H. Peter Anvin" <hpa@...or.com>, Yinghai Lu <yinghai@...nel.org>
Subject: Re: [bug] latest -git boot hang

On Sat, Oct 11 2008, Ingo Molnar wrote:
> 
> * Jens Axboe <jens.axboe@...cle.com> wrote:
> 
> > On Sat, Oct 11 2008, Ingo Molnar wrote:
> > > 
> > > * Jens Axboe <jens.axboe@...cle.com> wrote:
> > > 
> > > > On Sat, Oct 11 2008, Ingo Molnar wrote:
> > > > > 
> > > > > * Tejun Heo <tj@...nel.org> wrote:
> > > > > 
> > > > > > > It does sound like perhaps the option should be hidden more, if it's 
> > > > > > > really only reasonably enabled for some very specialized distro 
> > > > > > > debuggers, not normal kernel people.
> > > > > > 
> > > > > > Yeap, if fedora didn't work, I think it should be hidden.  Do we 
> > > > > > already have place to hide things like this?
> > > > > 
> > > > > in my local testing i'm using simple annotations like the one attached 
> > > > > further below. Any objections against sending my BROKEN_BOOT_ALLOWED kit 
> > > > > upstream, and merge my annotations for various kernel features that 
> > > > > break a generic distro bootup?
> > > > > 
> > > > > Right now i have about 40 such annotations for -tip testing:
> > > > > 
> > > > >   fs/Kconfig:	depends on BROKEN_BOOT_ALLOWED
> > > > >   fs/Kconfig:	depends on BROKEN_BOOT_ALLOWED
> > > > >   security/selinux/Kconfig:	depends on BROKEN_BOOT_ALLOWED
> > > > >   security/smack/Kconfig:	depends on BROKEN_BOOT_ALLOWED
> > > > >   security/Kconfig:	depends on BROKEN_BOOT_ALLOWED
> > > > >   drivers/net/appletalk/Kconfig:	depends on BROKEN_BOOT_ALLOWED
> > > > >   drivers/net/Kconfig:	depends on BROKEN_BOOT_ALLOWED
> > > > >   drivers/media/video/Kconfig:	depends on BROKEN_BOOT_ALLOWED
> > > > >   drivers/scsi/Kconfig:	depends on BROKEN_BOOT_ALLOWED
> > > > >   drivers/watchdog/Kconfig:	depends on BROKEN_BOOT_ALLOWED
> > > > >   drivers/watchdog/Kconfig:	depends on BROKEN_BOOT_ALLOWED
> > > > >   drivers/ide/Kconfig:	depends on BROKEN_BOOT_ALLOWED
> > > > >   drivers/i2c/busses/Kconfig:	depends on BROKEN_BOOT_ALLOWED
> > > > >   drivers/block/Kconfig:	depends on BROKEN_BOOT_ALLOWED
> > > > >   drivers/video/Kconfig:	depends on BROKEN_BOOT_ALLOWED
> > > > >   drivers/video/Kconfig:	depends on BROKEN_BOOT_ALLOWED
> > > > >   drivers/video/Kconfig:	depends on BROKEN_BOOT_ALLOWED
> > > > >   drivers/video/Kconfig:	depends on BROKEN_BOOT_ALLOWED
> > > > >   drivers/video/Kconfig:	depends on BROKEN_BOOT_ALLOWED
> > > > >   drivers/video/Kconfig:	depends on BROKEN_BOOT_ALLOWED
> > > > >   drivers/video/Kconfig:	depends on BROKEN_BOOT_ALLOWED
> > > > >   drivers/video/console/Kconfig:	depends on BROKEN_BOOT_ALLOWED
> > > > >   drivers/video/console/Kconfig:	depends on BROKEN_BOOT_ALLOWED
> > > > >   drivers/mtd/Kconfig:	depends on BROKEN_BOOT_ALLOWED
> > > > >   drivers/isdn/icn/Kconfig:	depends on BROKEN_BOOT_ALLOWED
> > > > >   lib/Kconfig.kgdb:	depends on BROKEN_BOOT_ALLOWED
> > > > >   lib/Kconfig.debug:	depends on BROKEN_BOOT_ALLOWED
> > > > >   lib/Kconfig.debug:	depends on BROKEN_BOOT_ALLOWED
> > > > >   arch/x86/Kconfig.debug:	depends on BROKEN_BOOT_ALLOWED
> > > > >   arch/x86/Kconfig:	depends on BROKEN_BOOT_ALLOWED
> > > > >   arch/x86/Kconfig:	depends on BROKEN_BOOT_ALLOWED
> > > > >   arch/x86/Kconfig:	depends on BROKEN_BOOT_ALLOWED
> > > > >   arch/x86/Kconfig:	depends on BROKEN_BOOT_ALLOWED
> > > > >   arch/x86/Kconfig:	# depends on BROKEN_BOOT_ALLOWED
> > > > >   arch/x86/Kconfig:	depends on BROKEN_BOOT_ALLOWED
> > > > >   arch/x86/Kconfig:	depends on BROKEN_BOOT_ALLOWED
> > > > >   arch/x86/Kconfig:	depends on BROKEN_BOOT_ALLOWED
> > > > >   arch/x86/Kconfig:	depends on BROKEN_BOOT_ALLOWED
> > > > >   arch/x86/Kconfig.cpu:	depends on BROKEN_BOOT_ALLOWED
> > > > > 
> > > > > and note the stark contrast to CONFIG_BROKEN - sometimes a given 
> > > > > functionality is really not meant to be enabled on a generic system.
> > > > > 
> > > > > 	Ingo
> > > > > 
> > > > > ---------------->
> > > > > Subject: qa: no ext devt
> > > > > From: Ingo Molnar <mingo@...e.hu>
> > > > > Date: Fri Oct 10 22:54:57 CEST 2008
> > > > > 
> > > > > Signed-off-by: Ingo Molnar <mingo@...e.hu>
> > > > > ---
> > > > >  lib/Kconfig.debug |    2 ++
> > > > >  1 file changed, 2 insertions(+)
> > > > > 
> > > > > Index: linux/lib/Kconfig.debug
> > > > > ===================================================================
> > > > > --- linux.orig/lib/Kconfig.debug
> > > > > +++ linux/lib/Kconfig.debug
> > > > > @@ -670,6 +670,8 @@ config DEBUG_BLOCK_EXT_DEVT
> > > > >          bool "Force extended block device numbers and spread them"
> > > > >  	depends on DEBUG_KERNEL
> > > > >  	depends on BLOCK
> > > > > +	depends on BROKEN_BOOT_ALLOWED
> > > > > +	select BROKEN_BOOT
> > > > >  	default n
> > > > >  	help
> > > > >  	  Conventionally, block device numbers are allocated from
> > > > 
> > > > What is BROKEN_BOOT_ALLOWED? Honestly, I'd prefer to just put an extra 
> > > > 2-3 line paragraph in the help entry, saying that it's quite possible 
> > > > that current distros wont boot with this testing code enabled. Since 
> > > > it default to 'n', people should read the entry before turning it on 
> > > > anyway.
> > > 
> > > well, the extra BROKEN_BOOT_ALLOWED helps my automated test-setup to 
> > > decide whether a .config that it's testing (either sent by a reporter or 
> > > generated randomly) can be booted.
> > > 
> > > If CONFIG_BROKEN_BOOT_ALLOWED=y, then i allow config options that can 
> > > break the bootup. In that case, and _if_ such a possibly-boot-breaking 
> > > config option is enabled, CONFIG_BROKEN_BOOT is set - which my scripts 
> > > detect.
> > > 
> > > This gives the test harness the highest flexibility and annotates those 
> > > kernel features / drivers which can result in a (possibly) broken 
> > > bootup. The scripts cannot read help entries.
> > 
> > OK, makes sense to me then, thanks. I was afraid it was some user
> > exposed parameter, in which case it sounded... interesting :-)
> > 
> > For users, we just need to expand the help entry a bit.
> 
> We could perhaps rename it to:
> 
>   CONFIG_ALLOW_NON_GENERIC_FEATURES=y
> 
> ?

Hmm dunno, that option name still doesn't really tell me what the heck
it's about...

> It's usually things like ISA drivers or very specific hardware support 
> that falls into this category - none of our major features or drivers, 
> so you should not be worried about any limitation effects of such a 
> feature. The help text does not help me much in that case, it was not me 
> who enabled that option, i just want to use a .config from some other 
> person and want to reproduce a bugreport. I do that almost on a daily 
> basis.

Nope, for you the help text does not do anything. So I do agree that
having a config option helps that particular case.

> And this CONFIG_ALLOW_NON_GENERIC_FEATURES=y option could even be 
> exposed to users. I have three first-hand usecases for it:
> 
> First usecase: when i get a .config from a tester and want to test-boot 
> it on a box, i dont want to spend hours of .config bisection just to 
> find out that it has a driver enabled that is known to break generic 
> boxes. Yes, this has happened to me in the past.
> 
> The second usecase where i utilize it is random kernel testing: there 
> randconfig is what enables drivers, not me, so the help text does not 
> help much.
> 
> Third usecase: where i just accidentally enable something i should not 
> have enabled. It's nice to have tools around that can protect me from 
> such mistakes. This too has happened to me.
> 
> So i find it very convenient that i can just disable 
> CONFIG_ALLOW_NON_GENERIC_FEATURES - which automatically disables all 
> possibly-broken functionality.

There's still a multitude of ways you could get a broken kernel, but you
have a LOT more experience in this automated testing area so I'll take
you word for it...

-- 
Jens Axboe

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ