lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20240928-fix-randstruct-modversions-kconfig-warning-v1-1-27d3edc8571e@kernel.org>
Date: Sat, 28 Sep 2024 11:13:13 -0700
From: Nathan Chancellor <nathan@...nel.org>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: Kees Cook <kees@...nel.org>, linux-kernel@...r.kernel.org, 
 linux-hardening@...r.kernel.org, llvm@...ts.linux.dev, 
 patches@...ts.linux.dev, Nathan Chancellor <nathan@...nel.org>
Subject: [PATCH] hardening: Adjust dependencies in selection of MODVERSIONS

MODVERSIONS recently grew a dependency on !COMPILE_TEST so that Rust
could be more easily tested. However, this introduces a Kconfig warning
when building allmodconfig with a clang version that supports RANDSTRUCT
natively because RANDSTRUCT_FULL and RANDSTRUCT_PERFORMANCE select
MODVERSIONS when MODULES is enabled, bypassing the !COMPILE_TEST
dependency:

  WARNING: unmet direct dependencies detected for MODVERSIONS
    Depends on [n]: MODULES [=y] && !COMPILE_TEST [=y]
    Selected by [y]:
    - RANDSTRUCT_FULL [=y] && (CC_HAS_RANDSTRUCT [=y] || GCC_PLUGINS [=n]) && MODULES [=y]

Add the !COMPILE_TEST dependency to the selections to clear up the
warning.

Fixes: 1f9c4a996756 ("Kbuild: make MODVERSIONS support depend on not being a compile test build")
Signed-off-by: Nathan Chancellor <nathan@...nel.org>
---
 security/Kconfig.hardening | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/security/Kconfig.hardening b/security/Kconfig.hardening
index 2cff851ebfd7e13b955693be9f5818ac6f8bbf03..c9d5ca3d8d08de237102f1ffe3f310636ae0d6ff 100644
--- a/security/Kconfig.hardening
+++ b/security/Kconfig.hardening
@@ -340,7 +340,7 @@ choice
 	config RANDSTRUCT_FULL
 		bool "Fully randomize structure layout"
 		depends on CC_HAS_RANDSTRUCT || GCC_PLUGINS
-		select MODVERSIONS if MODULES
+		select MODVERSIONS if MODULES && !COMPILE_TEST
 		help
 		  Fully randomize the member layout of sensitive
 		  structures as much as possible, which may have both a
@@ -356,7 +356,7 @@ choice
 	config RANDSTRUCT_PERFORMANCE
 		bool "Limit randomization of structure layout to cache-lines"
 		depends on GCC_PLUGINS
-		select MODVERSIONS if MODULES
+		select MODVERSIONS if MODULES && !COMPILE_TEST
 		help
 		  Randomization of sensitive kernel structures will make a
 		  best effort at restricting randomization to cacheline-sized

---
base-commit: 3efc57369a0ce8f76bf0804f7e673982384e4ac9
change-id: 20240928-fix-randstruct-modversions-kconfig-warning-013be4a0f673

Best regards,
-- 
Nathan Chancellor <nathan@...nel.org>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ