lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 28 Feb 2018 16:00:58 -0800
From:   Josh Triplett <josh@...htriplett.org>
To:     "Luis R. Rodriguez" <mcgrof@...nel.org>
Cc:     Kees Cook <keescook@...omium.org>,
        Greg KH <gregkh@...uxfoundation.org>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Shuah Khan <shuah@...nel.org>,
        Martin Fuzzey <mfuzzey@...keon.com>,
        Mimi Zohar <zohar@...ux.vnet.ibm.com>,
        David Howells <dhowells@...hat.com>, pali.rohar@...il.com,
        Takashi Iwai <tiwai@...e.de>, arend.vanspriel@...adcom.com,
        Rafał Miłecki <zajec5@...il.com>,
        nbroeking@...com, Vikram Mulukutla <markivx@...eaurora.org>,
        stephen.boyd@...aro.org, Mark Brown <broonie@...nel.org>,
        Dmitry Torokhov <dmitry.torokhov@...il.com>,
        David Woodhouse <dwmw2@...radead.org>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        Abhay_Salunke@...l.com, bjorn.andersson@...aro.org,
        jewalt@...innovations.com, LKML <linux-kernel@...r.kernel.org>,
        "linux-fsdevel@...r.kernel.org" <linux-fsdevel@...r.kernel.org>
Subject: Re: [PATCH v2 11/11] test_firmware: test three firmware kernel
 configs using a proc knob

On Wed, Feb 28, 2018 at 06:26:03PM +0000, Luis R. Rodriguez wrote:
> On Wed, Feb 28, 2018 at 01:07:23AM -0800, Josh Triplett wrote:
> > On Wed, Feb 28, 2018 at 01:32:37AM +0000, Luis R. Rodriguez wrote:
> > > On Tue, Feb 27, 2018 at 03:18:15PM -0800, Kees Cook wrote:
> > > > On Fri, Feb 23, 2018 at 6:46 PM, Luis R. Rodriguez <mcgrof@...nel.org> wrote:
> > > > > Since we now have knobs to twiddle what used to be set on kernel
> > > > > configurations we can build one base kernel configuration and modify
> > > > > behaviour to mimic such kernel configurations to test them.
> > > > >
> > > > > Provided you build a kernel with:
> > > > >
> > > > > CONFIG_TEST_FIRMWARE=y
> > > > > CONFIG_FW_LOADER=y
> > > > > CONFIG_FW_LOADER_USER_HELPER=y
> > > > > CONFIG_IKCONFIG=y
> > > > > CONFIG_IKCONFIG_PROC=y
> > > > >
> > > > > We should now be able test all possible kernel configurations
> > > > > when FW_LOADER=y. Note that when FW_LOADER=m we just don't provide
> > > > > the built-in functionality of the built-in firmware.
> > > > >
> > > > > If you're on an old kernel and either don't have /proc/config.gz
> > > > > (CONFIG_IKCONFIG_PROC) or haven't enabled CONFIG_FW_LOADER_USER_HELPER
> > > > > we cannot run these dynamic tests, so just run both scripts just
> > > > > as we used to before making blunt assumptions about your setup
> > > > > and requirements exactly as we did before.
> > > > >
> > > > > Signed-off-by: Luis R. Rodriguez <mcgrof@...nel.org>
> > > > 
> > > > Cool. Nice to have it all in one test build now. :)
> > > 
> > > Now what about we start discussing one kernel config only for the future?  The
> > > impact would be the size of the fallback mechanism. That should be a bit clear
> > > in terms of size impact after this series.
> > > 
> > > Wonder what Josh thinks as he help with tinyconfig. We could target v4.18 if
> > > its sensible.
> > 
> > Having any of these unconditionally compiled in seems likely to be a
> > significant impact, both directly and because of what else it would
> > implicitly prevent compiling out or removing. And the firmware loader,
> > for instance, is something that many kernels or hardware will not need
> > at all.
> 
> Oh sorry, I did not mean always enabling the firmware loader, that would add
> an extra 828 bytes, and 14264 bytes if the fallback mechanism is enabled as
> well.
> 
> I meant having only CONFIG_FW_LOADER=y, and removing
> CONFIG_FW_LOADER_USER_HELPER so that we just always compile it in if we have
> CONFIG_FW_LOADER=y, so a penalty of 13436 bytes for those who enabled the
> firmware loader but hadn't before enabled the fallback mechanism.
> 
> I'll note CONFIG_FW_LOADER_USER_HELPER is actually known to be enabled by most
> distributions these days. We have an extra CONFIG_FW_LOADER_USER_HELPER_FALLBACK
> but this is now just a toggle of a boolean, and actually Android is known to
> enable it mostly, not other Linux distributions. Since Android enables
> CONFIG_FW_LOADER_USER_HELPER_FALLBACK we know they also enable the fallback
> mechanism with CONFIG_FW_LOADER_USER_HELPER_FALLBACK.
> 
> So for folks who enable CONFIG_FW_LOADER=y, they'd now be forced to gain an
> extra 13436 bytes broken down as follows:

Ah, I see.

If you have CONFIG_FW_LOADER and not CONFIG_FW_LOADER_USER_HELPER, then
you only have the in-kernel firmware loading mechanism? Given the
*substantial* size difference between the two, it seems useful to have
that option. What would it gain to combine the two?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ