| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 14 Jan 2016 19:43:50 +0100 From: Borislav Petkov <bp@...e.de> To: Michal Marek <mmarek@...e.cz> Cc: Måns Rullgård <mans@...sr.com>, Markus Trippelsdorf <markus@...ppelsdorf.de>, Thomas Voegtle <tv@...96.de>, linux-kernel@...r.kernel.org, x86-ml <x86@...nel.org> Subject: [RFC PATCH] x86/kconfig: Sanity-check config file during oldconfig From: Borislav Petkov <bp@...e.de> Thomas Voegtle reported that doing oldconfig with a .config which has CONFIG_MICROCODE enabled but BLK_DEV_INITRD disabled prevents the microcode loading mechanism from being built. Add a short script which hooks into the "make oldconfig" handling and sanity-checks the config file for that discrepancy. It issues a message which should hopefully sensitize the user to that issue and point her into the right direction. The other useful thing with this solution is that it can be extended to other config file sanity-checking, should the need arise. Reported-by: Thomas Voegtle <tv@...96.de> Cc: Markus Trippelsdorf <markus@...ppelsdorf.de> Cc: Måns Rullgård <mans@...sr.com> Signed-off-by: Borislav Petkov <bp@...e.de> --- arch/x86/scripts/check-configs.sh | 44 +++++++++++++++++++++++++++++++++++++++ scripts/kconfig/Makefile | 3 +++ 2 files changed, 47 insertions(+) create mode 100644 arch/x86/scripts/check-configs.sh diff --git a/arch/x86/scripts/check-configs.sh b/arch/x86/scripts/check-configs.sh new file mode 100644 index 000000000000..775d07e37df5 --- /dev/null +++ b/arch/x86/scripts/check-configs.sh @@ -0,0 +1,44 @@ +#!/bin/bash + +if [ "$1" != "oldconfig" ]; then + exit 0 +fi + +srctree=$2 +ARCH="$3" +UNAME_RELEASE=$(uname -r) + +CONFIGS=".config /lib/modules/$UNAME_RELEASE/.config /etc/kernel-config /boot/config-$UNAME_RELEASE" + +if [ "$ARCH" = "X86_32" ]; then + CONFIGS="$CONFIGS $srctree/arch/x86/configs/i386_defconfig" +else + CONFIGS="$CONFIGS $srctree/arch/x86/configs/x86_64_defconfig" +fi + +for c in $CONFIGS; +do + if [ -e $c ]; then + OLD_CONFIG=$c + break + fi +done + +if [ -z "$OLD_CONFIG" ]; then exit 0; fi + +# Check optimal microcode loader .config settings +if ! grep -v "^#" $OLD_CONFIG | grep -q MICROCODE; then + exit 0 +fi + +MSG="\nYou have CONFIG_MICROCODE enabled without BLK_DEV_INITRD. The preferred\n\ +way is to enable it and make sure microcode is added to your initrd as\n\ +explained in Documentation/x86/early-microcode.txt. This is also the\n\ +most tested method as the majority of distros do it. Alternatively, and\n\ +if you don't want to enable modules, you should make sure the microcode\n\ +is built into the kernel.\n" + +if ! grep -v "^#" $OLD_CONFIG | grep -q BLK_DEV_INITRD; then + echo -e $MSG + read -p "Press any key... " +fi diff --git a/scripts/kconfig/Makefile b/scripts/kconfig/Makefile index d79cba4ce3eb..136ae9744efc 100644 --- a/scripts/kconfig/Makefile +++ b/scripts/kconfig/Makefile @@ -81,6 +81,9 @@ simple-targets := oldconfig allnoconfig allyesconfig allmodconfig \ PHONY += $(simple-targets) $(simple-targets): $(obj)/conf +ifneq ($(wildcard $(srctree)/arch/$(SRCARCH)/scripts/check-configs.sh),) + $(Q)$(CONFIG_SHELL) $(srctree)/arch/$(SRCARCH)/scripts/check-configs.sh $@ $(srctree) $(ARCH) +endif $< $(silent) --$@ $(Kconfig) PHONY += oldnoconfig savedefconfig defconfig -- 2.3.5 SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg) --
Powered by blists - more mailing lists