lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <ZPN8KR0y8Lt9qdU0@fjasle.eu>
Date:   Sat, 2 Sep 2023 20:17:13 +0200
From:   Nicolas Schier <nicolas@...sle.eu>
To:     Kees Cook <keescook@...omium.org>
Cc:     Masahiro Yamada <masahiroy@...nel.org>,
        Michael Ellerman <mpe@...erman.id.au>,
        Christophe Leroy <christophe.leroy@...roup.eu>,
        Randy Dunlap <rdunlap@...radead.org>,
        linux-kernel@...r.kernel.org, x86@...nel.org,
        linux-arm-kernel@...ts.infradead.org,
        linuxppc-dev@...ts.ozlabs.org, linux-riscv@...ts.infradead.org,
        linux-s390@...r.kernel.org, linux-kbuild@...r.kernel.org,
        linux-hardening@...r.kernel.org
Subject: Re: [PATCH v3] kbuild: Show marked Kconfig fragments in "help"

On Thu, Aug 31, 2023 at 12:13:39PM -0700 Kees Cook wrote:
> Currently the Kconfig fragments in kernel/configs and arch/*/configs
> that aren't used internally aren't discoverable through "make help",
> which consists of hard-coded lists of config fragments. Instead, list
> all the fragment targets that have a "# Help: " comment prefix so the
> targets can be generated dynamically.
> 
> Add logic to the Makefile to search for and display the fragment and
> comment. Add comments to fragments that are intended to be direct targets.
> 
> Cc: Nicolas Schier <nicolas@...sle.eu>
> Cc: Michael Ellerman <mpe@...erman.id.au>
> Cc: Christophe Leroy <christophe.leroy@...roup.eu>
> Cc: Randy Dunlap <rdunlap@...radead.org>
> Cc: linux-kernel@...r.kernel.org
> Cc: x86@...nel.org
> Cc: linux-arm-kernel@...ts.infradead.org
> Cc: linuxppc-dev@...ts.ozlabs.org
> Cc: linux-riscv@...ts.infradead.org
> Cc: linux-s390@...r.kernel.org
> Cc: linux-kbuild@...r.kernel.org
> Cc: linux-hardening@...r.kernel.org
> Signed-off-by: Kees Cook <keescook@...omium.org>
> Co-developed-by: Masahiro Yamada <masahiroy@...nel.org>
> ---

Reviewed-by: Nicolas Schier <nicolas@...sle.eu>


> v3:
> - Use Makefile logic from Masahiro Yamada
> - Use "# Help: " prefix, but only on desired fragment targets
> v2: https://lore.kernel.org/all/20230825194329.gonna.911-kees@kernel.org
> v1: https://lore.kernel.org/all/20230824223606.never.762-kees@kernel.org
> ---
>  Makefile                                   |  1 -
>  arch/arm/configs/dram_0x00000000.config    |  1 +
>  arch/arm/configs/dram_0xc0000000.config    |  1 +
>  arch/arm/configs/dram_0xd0000000.config    |  1 +
>  arch/arm/configs/lpae.config               |  1 +
>  arch/arm64/configs/virt.config             |  1 +
>  arch/powerpc/configs/disable-werror.config |  1 +
>  arch/powerpc/configs/security.config       |  4 +++-
>  arch/riscv/configs/32-bit.config           |  1 +
>  arch/riscv/configs/64-bit.config           |  1 +
>  arch/s390/configs/btf.config               |  1 +
>  arch/s390/configs/kasan.config             |  1 +
>  arch/x86/Makefile                          |  4 ----
>  kernel/configs/debug.config                |  2 ++
>  kernel/configs/kvm_guest.config            |  1 +
>  kernel/configs/nopm.config                 |  2 ++
>  kernel/configs/rust.config                 |  1 +
>  kernel/configs/tiny.config                 |  2 ++
>  kernel/configs/x86_debug.config            |  1 +
>  kernel/configs/xen.config                  |  2 ++
>  scripts/kconfig/Makefile                   | 15 ++++++++++++---
>  21 files changed, 36 insertions(+), 9 deletions(-)
> 
> diff --git a/Makefile b/Makefile
> index 4739c21a63e2..91c90ce8e0e3 100644
> --- a/Makefile
> +++ b/Makefile
> @@ -1674,7 +1674,6 @@ help:
>  	@echo  '  mrproper	  - Remove all generated files + config + various backup files'
>  	@echo  '  distclean	  - mrproper + remove editor backup and patch files'
>  	@echo  ''
> -	@echo  'Configuration targets:'
>  	@$(MAKE) -f $(srctree)/scripts/kconfig/Makefile help
>  	@echo  ''
>  	@echo  'Other generic targets:'
> diff --git a/arch/arm/configs/dram_0x00000000.config b/arch/arm/configs/dram_0x00000000.config
> index db96dcb420ce..8803a0f58343 100644
> --- a/arch/arm/configs/dram_0x00000000.config
> +++ b/arch/arm/configs/dram_0x00000000.config
> @@ -1 +1,2 @@
> +# Help: DRAM base at 0x00000000
>  CONFIG_DRAM_BASE=0x00000000
> diff --git a/arch/arm/configs/dram_0xc0000000.config b/arch/arm/configs/dram_0xc0000000.config
> index 343d5333d973..aab8f864686b 100644
> --- a/arch/arm/configs/dram_0xc0000000.config
> +++ b/arch/arm/configs/dram_0xc0000000.config
> @@ -1 +1,2 @@
> +# Help: DRAM base at 0xc0000000
>  CONFIG_DRAM_BASE=0xc0000000
> diff --git a/arch/arm/configs/dram_0xd0000000.config b/arch/arm/configs/dram_0xd0000000.config
> index 61ba7045f8a1..4aabce4ea3d4 100644
> --- a/arch/arm/configs/dram_0xd0000000.config
> +++ b/arch/arm/configs/dram_0xd0000000.config
> @@ -1 +1,2 @@
> +# Help: DRAM base at 0xd0000000
>  CONFIG_DRAM_BASE=0xd0000000
> diff --git a/arch/arm/configs/lpae.config b/arch/arm/configs/lpae.config
> index a6d6f7ab3c01..1ab94da8345d 100644
> --- a/arch/arm/configs/lpae.config
> +++ b/arch/arm/configs/lpae.config
> @@ -1,2 +1,3 @@
> +# Help: Enable Large Physical Address Extension mode
>  CONFIG_ARM_LPAE=y
>  CONFIG_VMSPLIT_2G=y
> diff --git a/arch/arm64/configs/virt.config b/arch/arm64/configs/virt.config
> index 6865d54e68f8..c47c36f8f67b 100644
> --- a/arch/arm64/configs/virt.config
> +++ b/arch/arm64/configs/virt.config
> @@ -1,3 +1,4 @@
> +# Help: Virtualization guest
>  #
>  # Base options for platforms
>  #
> diff --git a/arch/powerpc/configs/disable-werror.config b/arch/powerpc/configs/disable-werror.config
> index 6ea12a12432c..7776b91da37f 100644
> --- a/arch/powerpc/configs/disable-werror.config
> +++ b/arch/powerpc/configs/disable-werror.config
> @@ -1 +1,2 @@
> +# Help: Disable -Werror
>  CONFIG_PPC_DISABLE_WERROR=y
> diff --git a/arch/powerpc/configs/security.config b/arch/powerpc/configs/security.config
> index 1c91a35c6a73..0d54e29e2cdf 100644
> --- a/arch/powerpc/configs/security.config
> +++ b/arch/powerpc/configs/security.config
> @@ -1,3 +1,5 @@
> +# Help: Common security options for PowerPC builds
> +
>  # This is the equivalent of booting with lockdown=integrity
>  CONFIG_SECURITY=y
>  CONFIG_SECURITYFS=y
> @@ -12,4 +14,4 @@ CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y
>  
>  # UBSAN bounds checking is very cheap and good for hardening
>  CONFIG_UBSAN=y
> -# CONFIG_UBSAN_MISC is not set
> \ No newline at end of file
> +# CONFIG_UBSAN_MISC is not set
> diff --git a/arch/riscv/configs/32-bit.config b/arch/riscv/configs/32-bit.config
> index f6af0f708df4..16ee163847b4 100644
> --- a/arch/riscv/configs/32-bit.config
> +++ b/arch/riscv/configs/32-bit.config
> @@ -1,3 +1,4 @@
> +# Help: Build a 32-bit image
>  CONFIG_ARCH_RV32I=y
>  CONFIG_32BIT=y
>  # CONFIG_PORTABLE is not set
> diff --git a/arch/riscv/configs/64-bit.config b/arch/riscv/configs/64-bit.config
> index 313edc554d84..d872a2d533f2 100644
> --- a/arch/riscv/configs/64-bit.config
> +++ b/arch/riscv/configs/64-bit.config
> @@ -1,2 +1,3 @@
> +# Help: Build a 64-bit image
>  CONFIG_ARCH_RV64I=y
>  CONFIG_64BIT=y
> diff --git a/arch/s390/configs/btf.config b/arch/s390/configs/btf.config
> index 39227b4511af..eb7f84f5925c 100644
> --- a/arch/s390/configs/btf.config
> +++ b/arch/s390/configs/btf.config
> @@ -1 +1,2 @@
> +# Help: Enable BTF debug info
>  CONFIG_DEBUG_INFO_BTF=y
> diff --git a/arch/s390/configs/kasan.config b/arch/s390/configs/kasan.config
> index 700a8b25c3ff..84c2b551e992 100644
> --- a/arch/s390/configs/kasan.config
> +++ b/arch/s390/configs/kasan.config
> @@ -1,3 +1,4 @@
> +# Help: Enable KASan for debugging
>  CONFIG_KASAN=y
>  CONFIG_KASAN_INLINE=y
>  CONFIG_KASAN_VMALLOC=y
> diff --git a/arch/x86/Makefile b/arch/x86/Makefile
> index fdc2e3abd615..c4b2a8a19fc8 100644
> --- a/arch/x86/Makefile
> +++ b/arch/x86/Makefile
> @@ -335,9 +335,5 @@ define archhelp
>    echo  '			  bzdisk/fdimage*/hdimage/isoimage also accept:'
>    echo  '			  FDARGS="..."  arguments for the booted kernel'
>    echo  '			  FDINITRD=file initrd for the booted kernel'
> -  echo  ''
> -  echo  '  kvm_guest.config	- Enable Kconfig items for running this kernel as a KVM guest'
> -  echo  '  xen.config		- Enable Kconfig items for running this kernel as a Xen guest'
> -  echo  '  x86_debug.config	- Enable tip tree debugging options for testing'
>  
>  endef
> diff --git a/kernel/configs/debug.config b/kernel/configs/debug.config
> index e8db8d938661..4722b998a324 100644
> --- a/kernel/configs/debug.config
> +++ b/kernel/configs/debug.config
> @@ -1,3 +1,5 @@
> +# Help: Debugging for CI systems and finding regressions
> +#
>  # The config is based on running daily CI for enterprise Linux distros to
>  # seek regressions on linux-next builds on different bare-metal and virtual
>  # platforms. It can be used for example,
> diff --git a/kernel/configs/kvm_guest.config b/kernel/configs/kvm_guest.config
> index 208481d91090..d0877063d925 100644
> --- a/kernel/configs/kvm_guest.config
> +++ b/kernel/configs/kvm_guest.config
> @@ -1,3 +1,4 @@
> +# Help: Bootable as a KVM guest
>  CONFIG_NET=y
>  CONFIG_NET_CORE=y
>  CONFIG_NETDEVICES=y
> diff --git a/kernel/configs/nopm.config b/kernel/configs/nopm.config
> index 81ff07863576..ebfdc3d8aa9a 100644
> --- a/kernel/configs/nopm.config
> +++ b/kernel/configs/nopm.config
> @@ -1,3 +1,5 @@
> +# Help: Disable Power Management
> +
>  CONFIG_PM=n
>  CONFIG_SUSPEND=n
>  CONFIG_HIBERNATION=n
> diff --git a/kernel/configs/rust.config b/kernel/configs/rust.config
> index 38a7c5362c9c..2c6e001a7284 100644
> --- a/kernel/configs/rust.config
> +++ b/kernel/configs/rust.config
> @@ -1 +1,2 @@
> +# Help: Enable Rust
>  CONFIG_RUST=y
> diff --git a/kernel/configs/tiny.config b/kernel/configs/tiny.config
> index 00009f7d0835..60a4b6d80b36 100644
> --- a/kernel/configs/tiny.config
> +++ b/kernel/configs/tiny.config
> @@ -1,3 +1,5 @@
> +# Help: Size-optimized kernel image
> +#
>  # CONFIG_CC_OPTIMIZE_FOR_PERFORMANCE is not set
>  CONFIG_CC_OPTIMIZE_FOR_SIZE=y
>  # CONFIG_KERNEL_GZIP is not set
> diff --git a/kernel/configs/x86_debug.config b/kernel/configs/x86_debug.config
> index 6fac5b405334..35f48671b8d5 100644
> --- a/kernel/configs/x86_debug.config
> +++ b/kernel/configs/x86_debug.config
> @@ -1,3 +1,4 @@
> +# Help: Debugging options for tip tree testing
>  CONFIG_X86_DEBUG_FPU=y
>  CONFIG_LOCK_STAT=y
>  CONFIG_DEBUG_VM=y
> diff --git a/kernel/configs/xen.config b/kernel/configs/xen.config
> index 436f806aa1ed..6878b9a49be8 100644
> --- a/kernel/configs/xen.config
> +++ b/kernel/configs/xen.config
> @@ -1,3 +1,5 @@
> +# Help: Bootable as a Xen guest
> +#
>  # global stuff - these enable us to allow some
>  # of the not so generic stuff below for xen
>  CONFIG_PARAVIRT=y
> diff --git a/scripts/kconfig/Makefile b/scripts/kconfig/Makefile
> index af1c96198f49..4eee155121a8 100644
> --- a/scripts/kconfig/Makefile
> +++ b/scripts/kconfig/Makefile
> @@ -93,11 +93,13 @@ endif
>  %_defconfig: $(obj)/conf
>  	$(Q)$< $(silent) --defconfig=arch/$(SRCARCH)/configs/$@ $(Kconfig)
>  
> -configfiles=$(wildcard $(srctree)/kernel/configs/$@ $(srctree)/arch/$(SRCARCH)/configs/$@)
> +configfiles = $(wildcard $(srctree)/kernel/configs/$(1) $(srctree)/arch/$(SRCARCH)/configs/$(1))
> +all-config-fragments = $(call configfiles,*.config)
> +config-fragments = $(call configfiles,$@)
>  
>  %.config: $(obj)/conf
> -	$(if $(call configfiles),, $(error No configuration exists for this target on this architecture))
> -	$(Q)$(CONFIG_SHELL) $(srctree)/scripts/kconfig/merge_config.sh -m .config $(configfiles)
> +	$(if $(config-fragments),, $(error $@ fragment does not exists on this architecture))
> +	$(Q)$(CONFIG_SHELL) $(srctree)/scripts/kconfig/merge_config.sh -m .config $(config-fragments)
>  	$(Q)$(MAKE) -f $(srctree)/Makefile olddefconfig
>  
>  PHONY += tinyconfig
> @@ -115,6 +117,7 @@ clean-files += tests/.cache
>  
>  # Help text used by make help
>  help:
> +	@echo  'Configuration targets:'
>  	@echo  '  config	  - Update current config utilising a line-oriented program'
>  	@echo  '  nconfig         - Update current config utilising a ncurses menu based program'
>  	@echo  '  menuconfig	  - Update current config utilising a menu based program'
> @@ -141,6 +144,12 @@ help:
>  	@echo  '                    default value without prompting'
>  	@echo  '  tinyconfig	  - Configure the tiniest possible kernel'
>  	@echo  '  testconfig	  - Run Kconfig unit tests (requires python3 and pytest)'
> +	@echo  ''
> +	@echo  'Configuration topic targets:'
> +	@$(foreach f, $(all-config-fragments), \
> +		if help=$$(grep -m1 '^# Help: ' $(f)); then \
> +			printf '  %-25s - %s\n' '$(notdir $(f))' "$${help#*: }"; \
> +		fi;)
>  
>  # ===========================================================================
>  # object files used by all kconfig flavours
> -- 
> 2.34.1

-- 
epost|xmpp: nicolas@...sle.eu          irc://oftc.net/nsc
↳ gpg: 18ed 52db e34f 860e e9fb  c82b 7d97 0932 55a0 ce7f
     -- frykten for herren er opphav til kunnskap --

Download attachment "signature.asc" of type "application/pgp-signature" (834 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ