lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20190703165020.GV19023@42.do-not-panic.com>
Date:   Wed, 3 Jul 2019 16:50:20 +0000
From:   Luis Chamberlain <mcgrof@...nel.org>
To:     Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc:     Christoph Hellwig <hch@....de>,
        Brendan Higgins <brendanhiggins@...gle.com>,
        Cristina Moraru <cristina.moraru09@...il.com>,
        "vegard.nossum@...il.com" <vegard.nossum@...il.com>,
        Valentin Rothberg <valentinrothberg@...il.com>,
        Hannes Reinecke <hare@...e.de>,
        Sam Ravnborg <sam@...nborg.org>,
        Michal Marek <mmarek@...e.com>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        Tom Gundersen <teg@...m.no>, Kay Sievers <kay@...y.org>,
        Rusty Russell <rusty@...tcorp.com.au>,
        Andrew Morton <akpm@...ux-foundation.org>,
        backports@...r.kernel.org, Guenter Roeck <linux@...ck-us.net>,
        "rafael.j.wysocki" <rafael.j.wysocki@...el.com>,
        Dmitry Torokhov <dmitry.torokhov@...il.com>,
        Takashi Iwai <tiwai@...e.de>,
        Mauro Carvalho Chehab <mchehab@....samsung.com>,
        Johannes Berg <johannes@...solutions.net>,
        Hauke Mehrtens <hauke@...ke-m.de>,
        Paul Bolle <pebolle@...cali.nl>,
        Paul Gortmaker <paul.gortmaker@...driver.com>,
        Alexey Khoroshilov <khoroshilov@...ras.ru>,
        Sathya Prakash Veerichetty <sathya.prakash@...adcom.com>,
        "Martin K. Petersen" <martin.petersen@...cle.com>,
        Laurence Oberman <loberman@...hat.com>,
        Johannes Thumshirn <jthumshirn@...e.de>,
        Tejun Heo <tj@...nel.org>,
        Jej B <James.Bottomley@...senpartnership.com>,
        Theodore Ts'o <tytso@....edu>,
        Daniel Jonsson <danijons@...dent.chalmers.se>,
        Andrzej Wasowski <wasowski@....dk>
Subject: Re: [RFC PATCH 0/5] Add CONFIG symbol as module attribute

On Wed, Jul 03, 2019 at 09:40:48AM +0200, Greg Kroah-Hartman wrote:
> On Tue, Jul 02, 2019 at 08:51:06PM +0000, Luis Chamberlain wrote:
> > On Sat, Jun 29, 2019 at 10:42:57AM +0200, Greg Kroah-Hartman wrote:
> > > On Fri, Jun 28, 2019 at 11:40:22AM -0700, Luis Chamberlain wrote:
> > > > On Wed, Jun 26, 2019 at 9:51 PM Christoph Hellwig <hch@....de> wrote:
> > > > >
> > > > > On Wed, Jun 26, 2019 at 03:21:08PM -0700, Luis Chamberlain wrote:
> > > > > > On Tue, Feb 5, 2019 at 2:07 PM Luis Chamberlain <mcgrof@...nel.org> wrote:
> > > > > > > In lieu of no Luke Skywalker, if you will, for a large kconfig revamp
> > > > > > > on this, I'm inclined to believe *at least* having some kconfig_symb
> > > > > > > exposed for some modules is better than nothing. Christoph are you
> > > > > > > totally opposed to this effort until we get a non-reverse engineered
> > > > > > > effort in place? It just seems like an extraordinary amount of work
> > > > > > > and I'm not quite sure who's volunteering to do it.
> > > > > > >
> > > > > > > Other stakeholders may benefit from at least having some config -->
> > > > > > > module mapping for now. Not just backports or building slimmer
> > > > > > > kernels.
> > > > > >
> > > > > > Christoph, *poke*
> > > > >
> > > > > Yes, I'm still totally opposed to a half-backed hack like this.
> > > > 
> > > > The solution puts forward a mechanism to add a kconfig_symb where we
> > > > are 100% certain we have a direct module --> config mapping.
> > > > 
> > > > This is *currently* determined when the streamline_config.pl finds
> > > > that an object has only *one* associated config symbol associated. As
> > > > Cristina noted, of 62 modules on a running system 58 of them ended up
> > > > getting the kconfig_symb assigned, that is 93.5% of all modules on the
> > > > system being tested. For the other modules, if they did want this
> > > > association, we could allow a way for modules to define their own
> > > > KBUILD_KCONF variable so that this could be considered as well, or
> > > > they can look at their own kconfig stuff to try to fit the model that
> > > > does work. To be clear, the heuristics *can* be updated if there is
> > > > confidence in alternative methods for resolution. But since it is
> > > > reflective of our current situation, I cannot consider it a hack.
> > > > 
> > > > This implementation is a reflection of our reality in the kernel, and
> > > > as has been discussed in this thread, if we want to correct the gaps
> > > > we need to do a lot of work. And *no one* is working towards these
> > > > goals.
> > > > 
> > > > That said, even if you go forward with an intrusive solution like the
> > > > one you proposed we could still use the same kconfig_symb...
> > > > 
> > > > So no, I don't see this as a hack. It's a reflection as to our current
> > > > reality. And I cannot see how the kconfig_symb can lie or be
> > > > incorrect. So in fact I think that pushing this forward also makes the
> > > > problem statement clearer for the future of what semantics needs to be
> > > > addressed, and helps us even annotate the problematic areas of the
> > > > kernel.
> > > > 
> > > > What negative aspects do you see with this being merged in practice?
> > > 
> > > I'm trying to see what the actual problem that you are wanting to solve
> > > here with this.  What exactly is it?
> > 
> > The problem is that there is no current maping of a module to respective
> > kconfig symbol.
> 
> That's because it is not just "one" symbol per module.

This is true. But it is not the case for all modules.  In fact it seems
its true that most modules do have *one* main symbol.

On at least Cristina's system of of 62 modules 58 *did* have one symbol.
For the modules evaluated where this was not the case, it did seem wise
to actually revise the symbol definition for the other modules.

> If it were, you can just parse the Makefiles and get that single config
> option for most modules, right?

The heuristic essentially does this and only provides the module
attribute where this was true.

> But even then, multiple options can
> influence a single module as to what actually gets built into that
> module.

Yes. For example one hardware device driver may support different
families of chipsets, and so it could have sub-options for each
family.

> So, I would say, "who really cares"?

For most visible modules it would seem we do have a one config symbol
mapping which could enable it. And I noted who would care. The defaults
of a module, for instance sub-options to enable / disable different
support for different chipsets, *should* suffice for most users.

> > > Who needs to determine the
> > > "singular" configuration option that caused a kernel module to be built
> > > at the expense of all other options?
> > 
> > Folks wanting to slim down their kernel build, and users of backports.
> 
> People who want to "slim" down things are rare, 

It is basic math though:

Users of 'make localmodconfig' +  backport users > Users of 'make localmodconfig'

And yet we already support 'make localmodconfig'. So what is being
proposed can help enhance 'make localmodconfig' and yet provides more
users outside of those users, without requiring kernel sources.

> and it's usually worth
> it to work backwards anyway (see what functionality is needed and then
> go from there, not look at the modules themselves).  Or use a tool like
> 'make localmodconfig' and trim.

And I am noting we can further enhance a feature which we already
do support, and enable *more* users requiring similar information.

> > > What can that be used for and who will use it?
> > 
> > Without a mapping there is no clean way to let you slim down your kernel
> > using a distro kernel as a base, enabling only those things you really
> > need.
> 
> It's hard to determine "what you really need" :)

Right, but at least for device functionality, the above would help
significantly. It also poses the question whether or not device drivers
*should* strive towards having one kconfig symbol to help with this.

There is a lot of research over the lack of proper semantics on use of
kconfig, and issues this causes. It is so bad that some researchers have
tried define our semantics through *reverse engineering*. The question
of whether or not we *should* strive to have *one* symbol per a driver
for an actual hardware component is worth evaluating long term, for the
sake of helping with semantics of kconfig use. I see there being gains
with this, and I find it hard to find counters to where quite the
opposite is true. Can you?

> Use localmodconfig and you have a great start, then prune from there.

This thread poses the question if we can do better, and suggests one
small area where we can start.

> Trying to put _all_ configuration dependencies in a single module isn't
> going to work, our configuration language does not distill down to that.

The question we should be evaluating if we *should* strive to buckle up
on this and have at least one config symbol per module associated with
hardware. I'm suggesting there are gains for this, and am providing two
groups of users that would benefit from this clearly. And I'm also
suggesting that it could help with kconfig semantics, long term.

  Luis

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ