| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAGXu5jKXtGgyP8zh0Gg1k-U=A4KYEuyPsxiXxtFeaNJPn+metg@mail.gmail.com>
Date: Wed, 28 Mar 2018 04:53:39 -0700
From: Kees Cook <keescook@...omium.org>
To: Masahiro Yamada <yamada.masahiro@...ionext.com>
Cc: linux-kbuild <linux-kbuild@...r.kernel.org>,
Sam Ravnborg <sam@...nborg.org>,
Linus Torvalds <torvalds@...ux-foundation.org>,
Arnd Bergmann <arnd@...db.de>,
Ulf Magnusson <ulfalizer@...il.com>,
Thomas Gleixner <tglx@...utronix.de>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Randy Dunlap <rdunlap@...radead.org>,
"Luis R . Rodriguez" <mcgrof@...nel.org>,
Nicolas Pitre <nico@...aro.org>,
LKML <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH v2 16/21] kcov: imply GCC_PLUGINS and GCC_PLUGIN_SANCOV
instead of select'ing them
On Mon, Mar 26, 2018 at 10:29 PM, Masahiro Yamada
<yamada.masahiro@...ionext.com> wrote:
> As Documentation/kbuild/kconfig-language.txt notes, 'select' should be
> used with care - it forces a lower limit of another symbol, ignoring
> the dependency. In this case, KCOV can select GCC_PLUGINS even if
> 'depends on HAVE_GCC_PLUGINS' is unmet.
>
> 'imply' is modest enough to observe the dependency, and this makes
> sense. If you enable KCOV, you will probably want to enable
> GCC_PLUGIN_SANCOV, but it should not break the dependency.
>
> I also remove unneeded code, I just happened to notice.
>
> Signed-off-by: Masahiro Yamada <yamada.masahiro@...ionext.com>
> - Drop depends on GCC_VERSION
>
> ---
>
> Changes in v2: None
>
> lib/Kconfig.debug | 7 +++----
> 1 file changed, 3 insertions(+), 4 deletions(-)
>
> diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug
> index 5be22e4..8243c9d 100644
> --- a/lib/Kconfig.debug
> +++ b/lib/Kconfig.debug
> @@ -743,8 +743,8 @@ config KCOV
> bool "Code coverage for fuzzing"
> depends on ARCH_HAS_KCOV
> select DEBUG_FS
> - select GCC_PLUGINS if !COMPILE_TEST
> - select GCC_PLUGIN_SANCOV if !COMPILE_TEST
> + imply GCC_PLUGINS
> + imply GCC_PLUGIN_SANCOV
> help
> KCOV exposes kernel code coverage information in a form suitable
> for coverage-guided fuzzing (randomized testing).
Actually, I think this can be improved, as KCOV should depend on either:
-fsanitize-coverage=trace-pc support (in gcc 6+, see scripts/Makefile.kcov)
or
GCC_PLUGIN_SANCOV (which provides the trace-pc support via the plugin
for gcc before 6)
> @@ -758,7 +758,6 @@ config KCOV
> config KCOV_ENABLE_COMPARISONS
> bool "Enable comparison operands collection by KCOV"
> depends on KCOV
> - default n
> help
> KCOV also exposes operands of every comparison in the instrumented
> code along with operand sizes and PCs of the comparison instructions.
Similarly, this depends on -fsanitize-coverage=trace-cmp
> @@ -768,7 +767,7 @@ config KCOV_ENABLE_COMPARISONS
> config KCOV_INSTRUMENT_ALL
> bool "Instrument all code by default"
> depends on KCOV
> - default y if KCOV
> + default y
> help
> If you are doing generic system call fuzzing (like e.g. syzkaller),
> then you will want to instrument the whole kernel and you should
> --
> 2.7.4
>
-Kees
--
Kees Cook
Pixel Security
Powered by blists - more mailing lists