| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <ZPtlxmdIJXOe0sEy@google.com>
Date: Fri, 8 Sep 2023 11:19:50 -0700
From: Sean Christopherson <seanjc@...gle.com>
To: Rasmus Villemoes <linux@...musvillemoes.dk>
Cc: Masahiro Yamada <masahiroy@...nel.org>,
Nicolas Schier <nicolas@...sle.eu>,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2] scripts/setlocalversion: also consider annotated tags
of the form vx.y.z-${file_localversion}
On Fri, Aug 04, 2023, Rasmus Villemoes wrote:
> Commit 6ab7e1f95e96 ("setlocalversion: use only the correct release
> tag for git-describe") was absolutely correct to limit which annotated
> tags would be used to compute the -01234-gabcdef suffix. Otherwise, if
> some random annotated tag exists closer to HEAD than the vX.Y.Z one,
> the commit count would be too low.
>
> However, since the version string always includes the
> ${file_localversion} part, now the problem is that the count can be
> too high. For example, building an 6.4.6-rt8 kernel with a few patches
> on top, I currently get
>
> $ make -s kernelrelease
> 6.4.6-rt8-00128-gd78b7f406397
>
> But those 128 commits include the 100 commits that are in
> v6.4.6..v6.4.6-rt8, so this is somewhat misleading.
>
> Amend the logic so that, in addition to the linux-next consideration,
> the script also looks for a tag corresponding to the 6.4.6-rt8 part of
> what will become the `uname -r` string. With this patch (so 29 patches
> on top of v6.4.6-rt8), one instead gets
>
> $ make -s kernelrelease
> 6.4.6-rt8-00029-gd533209291a2
>
> While there, note that the line
>
> git describe --exact-match --match=$tag $tag 2>/dev/null
>
> obviously asks if $tag is an annotated tag, but it does not actually
> tell if the commit pointed to has any relation to HEAD. So remove both
> uses of --exact-match, and instead just ask if the description
> generated is identical to the tag we provided. Since we then already
> have the result of
>
> git describe --match=$tag
>
> we also end up reducing the number of times we invoke "git describe".
Dropping "--exact-match" is resulting in unnacceptable latencies for me. I don't
understand what this is trying to do well enough to make a suggestion, but something
has to change.
E.g. on my build box, a single `git describe --match=v6.5` takes ~8.5 seconds,
whereas a complete from-scratch kernel build takes <30 seconds, and an incremental
build takes <2 seconds. When build testing to-be-applied changes, I compile each
commit ~15 times (different x86 configs plus one for each other KVM architecture),
which makes the ~8.5 second delay beyond painful.
And for actual testing, I can do an incremental build and boot into a VM in under
20 seconds, a multi-second delay is extremely painful there as well.
Powered by blists - more mailing lists