lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <202112082057.C993DC6881@keescook>
Date:   Wed, 8 Dec 2021 21:07:51 -0800
From:   Kees Cook <keescook@...omium.org>
To:     Masahiro Yamada <masahiroy@...nel.org>,
        Arnd Bergmann <arnd@...db.de>
Cc:     linux-kbuild@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: question about all*config and COMPILE_TEST

Hi,

tl;dr: is there a way to force a config default to "off" under
all*config builds, but still leave it configurable? (i.e. not "depends
on !COMPILE_TEST")

I'm trying to understand a Kconfig behavior with regard to
COMPILE_TEST. I'm able to use an "all*config" target, followed by specific
additional config changes (e.g. turning off KCOV), but I can't enable
things like DEBUG_INFO because of their "depends on !COMPILE_TEST".
Whenever I want to examine debug info from all*config build I need to
patch lib/Kconfig.debug to remove the depends. I was hoping I could,
instead do:

diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug
index 0e2de4b375f3..e8533ffc92c3 100644
--- a/lib/Kconfig.debug
+++ b/lib/Kconfig.debug
@@ -212,7 +212,8 @@ menu "Compile-time checks and compiler options"
 
 config DEBUG_INFO
 	bool "Compile the kernel with debug info"
-	depends on DEBUG_KERNEL && !COMPILE_TEST
+	depends on DEBUG_KERNEL
+	default n if COMPILE_TEST
 	help
 	  If you say Y here the resulting kernel image will include
 	  debugging info resulting in a larger kernel image.

Which would turn this off when COMPILE_TEST was enabled, but I assume it
doesn't work because an all*config target turns everything on first, and
therefore this "default" gets ignored since DEBUG_INFO already has a
value set.

I then thought I could use:

	default !COMPILE_TEST

since this works:

config WERROR
        bool "Compile the kernel with warnings as errors"
        default COMPILE_TEST

but I think the above is a no-op: it's the same as not having
"default COMPILE_TEST" when doing an all*config build: it'll be enabled
not because of COMPILE_TEST but because of the all*config pass.

How can I make DEBUG_INFO configurable, but default off under
all*config?

Thanks!

-- 
Kees Cook

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ