lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Thu, 9 Dec 2021 16:07:19 -0800
From:   Kees Cook <keescook@...omium.org>
To:     Arnd Bergmann <arnd@...db.de>
Cc:     Masahiro Yamada <masahiroy@...nel.org>,
        Linux Kbuild mailing list <linux-kbuild@...r.kernel.org>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Re: question about all*config and COMPILE_TEST

On Thu, Dec 09, 2021 at 08:45:30AM +0100, Arnd Bergmann wrote:
> On Thu, Dec 9, 2021 at 6:07 AM Kees Cook <keescook@...omium.org> wrote:
> >
> > tl;dr: is there a way to force a config default to "off" under
> > all*config builds, but still leave it configurable? (i.e. not "depends
> > on !COMPILE_TEST")
> >
> > I'm trying to understand a Kconfig behavior with regard to
> > COMPILE_TEST. I'm able to use an "all*config" target, followed by specific
> > additional config changes (e.g. turning off KCOV), but I can't enable
> > things like DEBUG_INFO because of their "depends on !COMPILE_TEST".
> > Whenever I want to examine debug info from all*config build I need to
> > patch lib/Kconfig.debug to remove the depends. I was hoping I could,
> > instead do:
> 
> This would be a minor hassle for my randconfig testing because I really
> want to have DEBUG_INFO disabled when building randconfigs in order
> to keep down compile times. I could however just force DEBUG_INFO=n
> the same way as forcing COMPILE_TEST=y at the moment.

Right, yes, I want the default for DEBUG_INFO to be off for the
COMPILE_TEST=y case (for savings on speed, storage, etc), but I want to
be _able_ to turn it on when I'm doing whole-build binary comparisons or
pahole archaeology. :)

> 
> > I then thought I could use:
> >
> >         default !COMPILE_TEST
> >
> > since this works:
> >
> > config WERROR
> >         bool "Compile the kernel with warnings as errors"
> >         default COMPILE_TEST
> >
> > but I think the above is a no-op: it's the same as not having
> > "default COMPILE_TEST" when doing an all*config build: it'll be enabled
> > not because of COMPILE_TEST but because of the all*config pass.
> 
> Correct. One trick that works here is to use a 'choice' statement, as those
> still honor the 'default' value even for allmodconfig -- Kconfig has no
> idea which one of them is the 'all' version.
> 
> > How can I make DEBUG_INFO configurable, but default off under
> > all*config?
> 
> I'd try generalizing the "DWARF version" choice to offer 'none' as a
> default, like
> 
> choice
>        prompt "Debug information"
>        default DEBUG_INFO_NONE  if COMPILE_TEST
>        default DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT if DEBUG_KERNEL
> 
> config DEBUG_INFO_NONE
>        bool "Turn off all debug information"
> 
> config DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT
>        bool "Rely on the toolchain's implicit default DWARF version"
> 
> config DEBUG_INFO_DWARF4
>        bool "Generate DWARF Version 4 debuginfo"
> 
> config DEBUG_INFO_DWARF5
>         bool "Generate DWARF Version 5 debuginfo"
>         depends on !CC_IS_CLANG || (CC_IS_CLANG && (AS_IS_LLVM ||
> (AS_IS_GNU && AS_VERSION >= 23502)))
>         depends on !DEBUG_INFO_BTF
> 
> endchoice

Ooooh! Yes, that's excellent. I will give that a try. Thanks!

-Kees

-- 
Kees Cook

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ