| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 28 Feb 2018 18:26:03 +0000
From: "Luis R. Rodriguez" <mcgrof@...nel.org>
To: Josh Triplett <josh@...htriplett.org>
Cc: "Luis R. Rodriguez" <mcgrof@...nel.org>,
Kees Cook <keescook@...omium.org>,
Greg KH <gregkh@...uxfoundation.org>,
Andrew Morton <akpm@...ux-foundation.org>,
Shuah Khan <shuah@...nel.org>,
Martin Fuzzey <mfuzzey@...keon.com>,
Mimi Zohar <zohar@...ux.vnet.ibm.com>,
David Howells <dhowells@...hat.com>, pali.rohar@...il.com,
Takashi Iwai <tiwai@...e.de>, arend.vanspriel@...adcom.com,
Rafał Miłecki <zajec5@...il.com>,
nbroeking@...com, Vikram Mulukutla <markivx@...eaurora.org>,
stephen.boyd@...aro.org, Mark Brown <broonie@...nel.org>,
Dmitry Torokhov <dmitry.torokhov@...il.com>,
David Woodhouse <dwmw2@...radead.org>,
Linus Torvalds <torvalds@...ux-foundation.org>,
Abhay_Salunke@...l.com, bjorn.andersson@...aro.org,
jewalt@...innovations.com, LKML <linux-kernel@...r.kernel.org>,
"linux-fsdevel@...r.kernel.org" <linux-fsdevel@...r.kernel.org>
Subject: Re: [PATCH v2 11/11] test_firmware: test three firmware kernel
configs using a proc knob
On Wed, Feb 28, 2018 at 01:07:23AM -0800, Josh Triplett wrote:
> On Wed, Feb 28, 2018 at 01:32:37AM +0000, Luis R. Rodriguez wrote:
> > On Tue, Feb 27, 2018 at 03:18:15PM -0800, Kees Cook wrote:
> > > On Fri, Feb 23, 2018 at 6:46 PM, Luis R. Rodriguez <mcgrof@...nel.org> wrote:
> > > > Since we now have knobs to twiddle what used to be set on kernel
> > > > configurations we can build one base kernel configuration and modify
> > > > behaviour to mimic such kernel configurations to test them.
> > > >
> > > > Provided you build a kernel with:
> > > >
> > > > CONFIG_TEST_FIRMWARE=y
> > > > CONFIG_FW_LOADER=y
> > > > CONFIG_FW_LOADER_USER_HELPER=y
> > > > CONFIG_IKCONFIG=y
> > > > CONFIG_IKCONFIG_PROC=y
> > > >
> > > > We should now be able test all possible kernel configurations
> > > > when FW_LOADER=y. Note that when FW_LOADER=m we just don't provide
> > > > the built-in functionality of the built-in firmware.
> > > >
> > > > If you're on an old kernel and either don't have /proc/config.gz
> > > > (CONFIG_IKCONFIG_PROC) or haven't enabled CONFIG_FW_LOADER_USER_HELPER
> > > > we cannot run these dynamic tests, so just run both scripts just
> > > > as we used to before making blunt assumptions about your setup
> > > > and requirements exactly as we did before.
> > > >
> > > > Signed-off-by: Luis R. Rodriguez <mcgrof@...nel.org>
> > >
> > > Cool. Nice to have it all in one test build now. :)
> >
> > Now what about we start discussing one kernel config only for the future? The
> > impact would be the size of the fallback mechanism. That should be a bit clear
> > in terms of size impact after this series.
> >
> > Wonder what Josh thinks as he help with tinyconfig. We could target v4.18 if
> > its sensible.
>
> Having any of these unconditionally compiled in seems likely to be a
> significant impact, both directly and because of what else it would
> implicitly prevent compiling out or removing. And the firmware loader,
> for instance, is something that many kernels or hardware will not need
> at all.
Oh sorry, I did not mean always enabling the firmware loader, that would add
an extra 828 bytes, and 14264 bytes if the fallback mechanism is enabled as
well.
I meant having only CONFIG_FW_LOADER=y, and removing
CONFIG_FW_LOADER_USER_HELPER so that we just always compile it in if we have
CONFIG_FW_LOADER=y, so a penalty of 13436 bytes for those who enabled the
firmware loader but hadn't before enabled the fallback mechanism.
I'll note CONFIG_FW_LOADER_USER_HELPER is actually known to be enabled by most
distributions these days. We have an extra CONFIG_FW_LOADER_USER_HELPER_FALLBACK
but this is now just a toggle of a boolean, and actually Android is known to
enable it mostly, not other Linux distributions. Since Android enables
CONFIG_FW_LOADER_USER_HELPER_FALLBACK we know they also enable the fallback
mechanism with CONFIG_FW_LOADER_USER_HELPER_FALLBACK.
So for folks who enable CONFIG_FW_LOADER=y, they'd now be forced to gain an
extra 13436 bytes broken down as follows:
-------------------------------------------------------------------------------------------
allnoconfig with no firmware loader (with procfs enabled):
$ size vmlinux
text data bss dec hex filename
1135188 272012 1219736 2626936 281578 vmlinux
$ du -b vmlinux
1745556 vmlinux
-------------------------------------------------------------------------------------------
CONFIG_FW_LOADER=y
$ size vmlinux
text data bss dec hex filename
1137244 267984 1219716 2624944 280db0 vmlinux
$ du -b vmlinux
1746384 vmlinux
-------------------------------------------------------------------------------------------
CONFIG_FW_LOADER=y
CONFIG_FW_LOADER_USER_HELPER=y
$ size vmlinux
text data bss dec hex filename
1140554 272464 1219716 2632734 282c1e vmlinux
$ du -b vmlinux
1759820 vmlinux
Luis
Powered by blists - more mailing lists