lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <f2556f4c-9036-4b79-a4b0-4e4c82a93abc@oracle.com>
Date: Tue, 30 Sep 2025 08:25:06 +0200
From: Vegard Nossum <vegard.nossum@...cle.com>
To: Kees Cook <kees@...nel.org>,
        Linus Torvalds <torvalds@...ux-foundation.org>
Cc: Masahiro Yamada <masahiroy@...nel.org>,
        Nathan Chancellor <nathan@...nel.org>, Petr Vorel <pvorel@...e.cz>,
        linux-kernel@...r.kernel.org, linux-kbuild@...r.kernel.org,
        linux-hardening@...r.kernel.org
Subject: Re: [PATCH] kconfig: Avoid prompting for transitional symbols


On 30/09/2025 06:53, Kees Cook wrote:
> The "transitional" symbol keyword, while working with the "olddefconfig"
> target, was prompting during "oldconfig". This occurred because these
> symbols were not being marked as user-defined when they received values
> from transitional symbols that had user values. The "olddefconfig" target
> explicitly doesn't prompt for anything, so this deficiency wasn't noticed.
> 
> The issue manifested when a symbol's value came from a transitional
> symbol's user value but the receiving symbol wasn't marked with
> SYMBOL_DEF_USER. Thus the "oldconfig" logic would then prompt for these
> symbols unnecessarily.
> 
> Check after value calculation whether a symbol without a user value
> gets its value from a single transitional symbol that does have a user
> value. In such cases, mark the receiving symbol as user-defined to
> prevent prompting.

Sorry for not catching this issue.

> diff --git a/scripts/kconfig/symbol.c b/scripts/kconfig/symbol.c
> index 760cac998381..9cc2fd5bc016 100644
> --- a/scripts/kconfig/symbol.c
> +++ b/scripts/kconfig/symbol.c
> @@ -411,7 +411,7 @@ bool sym_dep_errors(void)
>   void sym_calc_value(struct symbol *sym)
>   {
>   	struct symbol_value newval, oldval;
> -	struct property *prop;
> +	struct property *prop = NULL;
>   	struct menu *choice_menu;
>   
>   	if (!sym)
> @@ -520,6 +520,22 @@ void sym_calc_value(struct symbol *sym)
>   		;
>   	}
>   
> +	/*
> +	 * If the symbol lacks a user value but its value comes from a
> +	 * single transitional symbol with an existing user value, mark
> +	 * this symbol as having a user value to avoid prompting.
> +	 */
> +	if (prop && !sym_has_value(sym)) {
> +		struct symbol *ds = prop_get_symbol(prop);
> +		if (ds && (ds->flags & SYMBOL_TRANS) && sym_has_value(ds)) {
> +			if (sym->type == S_BOOLEAN || sym->type == S_TRISTATE)
> +				sym->def[S_DEF_USER].tri = newval.tri;
> +			else
> +				sym->def[S_DEF_USER].val = newval.val;

sym->def[S_DEF_USER] and newval are both 'struct symbol_value', can we
just unconditionally do this instead?

     sym->def[S_DEF_USER] = newval;

> +			sym->flags |= SYMBOL_DEF_USER;
> +		}
> +	}
> +
>   	sym->curr = newval;
>   	sym_validate_range(sym);

I have to run, will take a closer look later. Thanks,


Vegard

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ