lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1c1c0a3b-10d0-ef9c-e96c-a415bbe0bf33@infradead.org>
Date:   Tue, 21 Feb 2023 16:17:43 -0800
From:   Randy Dunlap <rdunlap@...radead.org>
To:     Hanasaki Jiji <hanasaki@...il.com>,
        LIST - Linux Kernel <linux-kernel@...r.kernel.org>
Cc:     Linux Kbuild mailing list <linux-kbuild@...r.kernel.org>
Subject: Re: .config and "make" / turning off all debug

Hi--

On 2/21/23 08:16, Hanasaki Jiji wrote:
> Is there a command line parameter to Make that will disable anything
> that results in a debuggable kernel?

No.

> Is there a tool that will modify .config removing anything that will
> result in a debuggable kernel?

We don't have a nice, clean, packaged way to do this.

It also depends on what you mean by DEBUG. I would first disable
CONFIG_COMPILE_TEST, then decide if you want TRACE/TRACING features
disabled or enabled.  Also decide whether you want DEBUGFS
options enabled or disabled.

There are a couple of things that you can try. YMMV.

Neither of these is a complete solution; option 2 requires
the user to update the list of config options that should be disabled
as needed.

(1) Use a script to convert all occurrences of
/CONFIG.*DEBUG=y/ to /# CONFIG.*DEBUG is not set/.

This misses a few CONFIG options where "DEBUG" is toward the middle
of the CONFIG option, like CONFIG_DEBUG_RSEQ, CONFIG_DEBUG_TEST_DRIVER_REMOVE,
CONFIG_C710_DEBUG_ASSUMPTIONS, CONFIG_DM_DEBUG_BLOCK_MANAGER_LOCKING,
CONFIG_DRM_DEBUG_xyzzz (a few like this), CONFIG_DEBUG_KERNEL_DC,
CONFIG_NOUVEAU_DEBUG_xyzzz (a few), CONFIG_DRM_I915_DEBUG_xyzzz (a few),
CONFIG_SND_SOC_SOF_xyzzz (several), CONFIG_HFI1_DEBUG_SDMA_ORDER,
CONFIG_AFS_DEBUG_CURSOR, CONFIG_DEBUG_NET, lots of entries in the
Kernel Hacking menu. Then there are several SELFTEST config options,
but they are not always spelled "SELFTEST"; they might just be spelled
TEST or TESTS.

I'll attach a Perl script (from 2009) that begins the work on option 1,
but I haven't used it since forever.

(2) Make a "mini.config" file that contains a list of all the options that you
want to have set in a certain way (can be either enabled or disabled).
Then use
$ KCONFIG_ALLCONFIG=your.mini.config make allmodconfig

This is the documented and supported way. It is documented in
Documentation/kbuild/kconfig.rst:

<begin quote>

KCONFIG_ALLCONFIG
-----------------
(partially based on lkml email from/by Rob Landley, re: miniconfig)

--------------------------------------------------

The allyesconfig/allmodconfig/allnoconfig/randconfig variants can also
use the environment variable KCONFIG_ALLCONFIG as a flag or a filename
that contains config symbols that the user requires to be set to a
specific value.  If KCONFIG_ALLCONFIG is used without a filename where
KCONFIG_ALLCONFIG == "" or KCONFIG_ALLCONFIG == "1", `make *config`
checks for a file named "all{yes/mod/no/def/random}.config"
(corresponding to the `*config` command that was used) for symbol values
that are to be forced.  If this file is not found, it checks for a
file named "all.config" to contain forced values.

This enables you to create "miniature" config (miniconfig) or custom
config files containing just the config symbols that you are interested
in.  Then the kernel config system generates the full .config file,
including symbols of your miniconfig file.

This 'KCONFIG_ALLCONFIG' file is a config file which contains
(usually a subset of all) preset config symbols.  These variable
settings are still subject to normal dependency checks.

Examples::

	KCONFIG_ALLCONFIG=custom-notebook.config make allnoconfig

or::

	KCONFIG_ALLCONFIG=mini.config make allnoconfig

or::

	make KCONFIG_ALLCONFIG=mini.config allnoconfig

These examples will disable most options (allnoconfig) but enable or
disable the options that are explicitly listed in the specified
mini-config files.

<end quote>

Note that this only works with "make allyesconfig/allmodconfig/allnoconfig/randconfig"
variants.  You could try it and see if it works for you.

I'll also attach a sample "disable.all.debug.config" file for this option.
You will need to update this CONFIG options list continually.

HTH. Good luck.

-- 
~Randy
View attachment "config.debug.off" of type "text/plain" (575 bytes)

Download attachment "disable.all.debug.config" of type "application/x-config" (6970 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ