lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Fri, 28 Jan 2022 16:39:49 -0700
From:   Nathan Chancellor <nathan@...nel.org>
To:     Kees Cook <keescook@...omium.org>
Cc:     Andrew Morton <akpm@...ux-foundation.org>,
        Masahiro Yamada <masahiroy@...nel.org>,
        Nick Desaulniers <ndesaulniers@...gle.com>,
        Miguel Ojeda <ojeda@...nel.org>,
        Peter Zijlstra <peterz@...radead.org>,
        Tetsuo Handa <penguin-kernel@...ove.sakura.ne.jp>,
        Isabella Basso <isabbasso@...eup.net>,
        linux-kernel@...r.kernel.org, linux-hardening@...r.kernel.org
Subject: Re: [PATCH] Kconfig.debug: Make DEBUG_INFO always default=n

On Fri, Jan 28, 2022 at 01:41:31PM -0800, Kees Cook wrote:
> While trying to make sure CONFIG_DEBUG_INFO wasn't set for COMPILE_TEST,
> I ordered the choices incorrectly to retain the prior default=n state.
> Move DEBUG_INFO_NONE to the top so that the default choice is disabled,
> and remove the "if COMPILE_TEST" as it is now redundant.
> 
> Reported-by: Nathan Chancellor <nathan@...nel.org>
> Link: https://lore.kernel.org/lkml/YfRY6+CaQxX7O8vF@dev-arch.archlinux-ax161
> Cc: Andrew Morton <akpm@...ux-foundation.org>
> Cc: Masahiro Yamada <masahiroy@...nel.org>
> Cc: Nathan Chancellor <nathan@...nel.org>
> Cc: Nick Desaulniers <ndesaulniers@...gle.com>
> Cc: Miguel Ojeda <ojeda@...nel.org>
> Signed-off-by: Kees Cook <keescook@...omium.org>

Reviewed-by: Nathan Chancellor <nathan@...nel.org>

Another fallout of the original change is that defconfigs that do enable
CONFIG_DEBUG_INFO without any of the DWARF version configs will not have
debug info anymore.

Mainline:

$ make -sj$(nproc) ARCH=arm64 LLVM=1 mrproper defconfig && rg DEBUG_INFO .config
9296:CONFIG_DEBUG_INFO=y
9297:CONFIG_DEBUG_INFO_REDUCED=y
9298:# CONFIG_DEBUG_INFO_COMPRESSED is not set
9299:# CONFIG_DEBUG_INFO_SPLIT is not set
9300:CONFIG_DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT=y
9301:# CONFIG_DEBUG_INFO_DWARF4 is not set
9302:# CONFIG_DEBUG_INFO_DWARF5 is not set

next-20220128:

$ make -sj$(nproc) ARCH=arm64 LLVM=1 mrproper defconfig && rg DEBUG_INFO .config
9299:CONFIG_DEBUG_INFO=y
9300:CONFIG_DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT=y
9301:# CONFIG_DEBUG_INFO_DWARF4 is not set
9302:# CONFIG_DEBUG_INFO_DWARF5 is not set
9303:# CONFIG_DEBUG_INFO_NONE is not set
9304:CONFIG_DEBUG_INFO_REDUCED=y
9305:# CONFIG_DEBUG_INFO_COMPRESSED is not set
9306:# CONFIG_DEBUG_INFO_SPLIT is not set

next-20220128 + this patch:

$ make -sj$(nproc) ARCH=arm64 LLVM=1 mrproper defconfig && rg DEBUG_INFO .config
9299:CONFIG_DEBUG_INFO_NONE=y
9300:# CONFIG_DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT is not set
9301:# CONFIG_DEBUG_INFO_DWARF4 is not set
9302:# CONFIG_DEBUG_INFO_DWARF5 is not set

I guess there is not really a way around that other than having people
regenerate their defconfigs (which should really be done each release
anyways) since DEBUG_INFO is no longer a user selectable symbol and it
is probably better to have this choice default to no debug info rather
than debug info. Is there any precedent to updating defconfigs due to a
change like this or some other way to let people know about it?

Cheers,
Nathan

> ---
> Andrew, this is a fix for kconfigdebug-make-debug_info-selectable-from-a-choice.patch
> ---
>  lib/Kconfig.debug | 13 ++++++-------
>  1 file changed, 6 insertions(+), 7 deletions(-)
> 
> diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug
> index a7b657d67318..a1262358d55a 100644
> --- a/lib/Kconfig.debug
> +++ b/lib/Kconfig.debug
> @@ -234,7 +234,6 @@ config DEBUG_INFO
>  choice
>  	prompt "Debug information"
>  	depends on DEBUG_KERNEL
> -	default DEBUG_INFO_NONE if COMPILE_TEST
>  	help
>  	  Selecting something other than "None" results in a kernel image
>  	  that will include debugging info resulting in a larger kernel image.
> @@ -245,6 +244,12 @@ choice
>  	  Choose which version of DWARF debug info to emit. If unsure,
>  	  select "Toolchain default".
>  
> +config DEBUG_INFO_NONE
> +	bool "Disable debug information"
> +	help
> +	  Do not build the kernel with debugging information, which will
> +	  result in a faster and smaller build.
> +
>  config DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT
>  	bool "Rely on the toolchain's implicit default DWARF version"
>  	select DEBUG_INFO
> @@ -283,12 +288,6 @@ config DEBUG_INFO_DWARF5
>  	  config if they rely on tooling that has not yet been updated to
>  	  support DWARF Version 5.
>  
> -config DEBUG_INFO_NONE
> -	bool "Disable debug information"
> -	help
> -	  Do not build the kernel with debugging information, which will
> -	  result in a faster and smaller build.
> -
>  endchoice # "Debug information"
>  
>  if DEBUG_INFO
> -- 
> 2.30.2
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ