| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 18 Jan 2016 14:36:09 +0100 (CET) From: Thomas Voegtle <tv@...96.de> To: Borislav Petkov <bp@...e.de> cc: Michal Marek <mmarek@...e.cz>, Måns Rullgård <mans@...sr.com>, Markus Trippelsdorf <markus@...ppelsdorf.de>, linux-kernel@...r.kernel.org, x86-ml <x86@...nel.org> Subject: Re: [RFC PATCH] x86/kconfig: Sanity-check config file during oldconfig On Thu, 14 Jan 2016, Borislav Petkov wrote: > From: Borislav Petkov <bp@...e.de> > > Thomas Voegtle reported that doing oldconfig with a .config which has > CONFIG_MICROCODE enabled but BLK_DEV_INITRD disabled prevents the > microcode loading mechanism from being built. > > Add a short script which hooks into the "make oldconfig" handling and > sanity-checks the config file for that discrepancy. It issues a message > which should hopefully sensitize the user to that issue and point her > into the right direction. > > The other useful thing with this solution is that it can be extended to > other config file sanity-checking, should the need arise. > > Reported-by: Thomas Voegtle <tv@...96.de> > Cc: Markus Trippelsdorf <markus@...ppelsdorf.de> > Cc: Måns Rullgård <mans@...sr.com> > Signed-off-by: Borislav Petkov <bp@...e.de> > --- > arch/x86/scripts/check-configs.sh | 44 +++++++++++++++++++++++++++++++++++++++ > scripts/kconfig/Makefile | 3 +++ > 2 files changed, 47 insertions(+) > create mode 100644 arch/x86/scripts/check-configs.sh > > diff --git a/arch/x86/scripts/check-configs.sh b/arch/x86/scripts/check-configs.sh > new file mode 100644 > index 000000000000..775d07e37df5 > --- /dev/null > +++ b/arch/x86/scripts/check-configs.sh > @@ -0,0 +1,44 @@ > +#!/bin/bash > + > +if [ "$1" != "oldconfig" ]; then > + exit 0 > +fi > + > +srctree=$2 > +ARCH="$3" > +UNAME_RELEASE=$(uname -r) > + > +CONFIGS=".config /lib/modules/$UNAME_RELEASE/.config /etc/kernel-config /boot/config-$UNAME_RELEASE" > + > +if [ "$ARCH" = "X86_32" ]; then > + CONFIGS="$CONFIGS $srctree/arch/x86/configs/i386_defconfig" > +else > + CONFIGS="$CONFIGS $srctree/arch/x86/configs/x86_64_defconfig" > +fi > + > +for c in $CONFIGS; > +do > + if [ -e $c ]; then > + OLD_CONFIG=$c > + break > + fi > +done > + > +if [ -z "$OLD_CONFIG" ]; then exit 0; fi > + > +# Check optimal microcode loader .config settings > +if ! grep -v "^#" $OLD_CONFIG | grep -q MICROCODE; then > + exit 0 > +fi > + > +MSG="\nYou have CONFIG_MICROCODE enabled without BLK_DEV_INITRD. The preferred\n\ > +way is to enable it and make sure microcode is added to your initrd as\n\ > +explained in Documentation/x86/early-microcode.txt. This is also the\n\ > +most tested method as the majority of distros do it. Alternatively, and\n\ > +if you don't want to enable modules, you should make sure the microcode\n\ > +is built into the kernel.\n" > + > +if ! grep -v "^#" $OLD_CONFIG | grep -q BLK_DEV_INITRD; then > + echo -e $MSG > + read -p "Press any key... " > +fi > diff --git a/scripts/kconfig/Makefile b/scripts/kconfig/Makefile > index d79cba4ce3eb..136ae9744efc 100644 > --- a/scripts/kconfig/Makefile > +++ b/scripts/kconfig/Makefile > @@ -81,6 +81,9 @@ simple-targets := oldconfig allnoconfig allyesconfig allmodconfig \ > PHONY += $(simple-targets) > > $(simple-targets): $(obj)/conf > +ifneq ($(wildcard $(srctree)/arch/$(SRCARCH)/scripts/check-configs.sh),) > + $(Q)$(CONFIG_SHELL) $(srctree)/arch/$(SRCARCH)/scripts/check-configs.sh $@ $(srctree) $(ARCH) > +endif > $< $(silent) --$@ $(Kconfig) > > PHONY += oldnoconfig savedefconfig defconfig > My problem was, CONFIG_MICROCODE got dropped silently, and yes that is fixed for me with this patch. But I think this is a little bit odd way to fix it, but I don't have a better idea. What's with olddefconfig and silentoldconfig ? btw that patch has to go to stable 4.4, too Thomas
Powered by blists - more mailing lists