| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20160111194311.GF4686@pd.tnic> Date: Mon, 11 Jan 2016 20:43:11 +0100 From: Borislav Petkov <bp@...e.de> To: Michal Marek <mmarek@...e.cz> Cc: Markus Trippelsdorf <markus@...ppelsdorf.de>, Måns Rullgård <mans@...sr.com>, Thomas Voegtle <tv@...96.de>, linux-kernel@...r.kernel.org Subject: Re: x86/microcode update on systems without INITRD On Fri, Jan 08, 2016 at 03:48:37PM +0100, Michal Marek wrote: > The comments are printed during make oldconfig if a symbol in the > current menu needs updating. Which is probably not the case here, both > MICROCODE and BLK_DEV_INITRD are existing symbols. Right, and the problem is that "make oldconfig" sees that BLK_DEV_INITRD is not enabled in that case and disables CONFIG_MICROCODE too. So by the time the comment gets evaluated, CONFIG_MICROCODE is off so no workie. I tried a different thing, see below. It is a bit lengthly but it does what it should and we can always extend it for other stuff later as it might turn useful, according to my suspicion :-) With Thomas' config it says: $ make oldconfig You have CONFIG_MICROCODE enabled without BLK_DEV_INITRD. Enable it and make sure microcode is added to your initrd as explained in Documentation/x86/early-microcode.txt scripts/kconfig/Makefile:85: recipe for target 'oldconfig' failed make[1]: *** [oldconfig] Error 1 Makefile:531: recipe for target 'oldconfig' failed make: *** [oldconfig] Error 2 It needs to be made to look at CONFIG_MODULES and make that warning just a hint. I'll have to think about it more... Thoughts? --- arch/x86/scripts/check-configs.sh | 41 +++++++++++++++++++++++++++++++++++++++ scripts/kconfig/Makefile | 3 +++ 2 files changed, 44 insertions(+) create mode 100644 arch/x86/scripts/check-configs.sh diff --git a/arch/x86/scripts/check-configs.sh b/arch/x86/scripts/check-configs.sh new file mode 100644 index 000000000000..51ae9bde6965 --- /dev/null +++ b/arch/x86/scripts/check-configs.sh @@ -0,0 +1,41 @@ +#!/bin/bash + +if [ "$1" != "oldconfig" ]; then + exit 0 +fi + +srctree=$2 +ARCH="$3" +UNAME_RELEASE=$(uname -r) + +KCONFIGS=".config /lib/modules/$UNAME_RELEASE/.config /etc/kernel-config /boot/config-$UNAME_RELEASE" + +if [ "$ARCH" = "X86_32" ]; then + KCONFIGS="$KCONFIGS $srctree/arch/x86/configs/i386_defconfig" +else + KCONFIGS="$KCONFIGS $srctree/arch/x86/configs/x86_64_defconfig" +fi + +for k in $KCONFIGS; +do + if [ -e $k ]; then + OLD_CONFIG=$k + break + fi +done + +if [ -z "$OLD_CONFIG" ]; then exit 0; fi + +# Check optimal microcode loader .config settings +if ! grep -q MICROCODE $OLD_CONFIG; then + exit 0 +fi + +MSG="You have CONFIG_MICROCODE enabled without BLK_DEV_INITRD. Enable\n\ +it and make sure microcode is added to your initrd as explained in\n\ +Documentation/x86/early-microcode.txt\n" + +if ! grep -v "^#" $OLD_CONFIG | grep -q BLK_DEV_INITRD; then + echo -e $MSG + exit 1 +fi diff --git a/scripts/kconfig/Makefile b/scripts/kconfig/Makefile index d79cba4ce3eb..136ae9744efc 100644 --- a/scripts/kconfig/Makefile +++ b/scripts/kconfig/Makefile @@ -81,6 +81,9 @@ simple-targets := oldconfig allnoconfig allyesconfig allmodconfig \ PHONY += $(simple-targets) $(simple-targets): $(obj)/conf +ifneq ($(wildcard $(srctree)/arch/$(SRCARCH)/scripts/check-configs.sh),) + $(Q)$(CONFIG_SHELL) $(srctree)/arch/$(SRCARCH)/scripts/check-configs.sh $@ $(srctree) $(ARCH) +endif $< $(silent) --$@ $(Kconfig) PHONY += oldnoconfig savedefconfig defconfig -- 2.3.5 SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg) --
Powered by blists - more mailing lists