| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20260111012350.GA1267883@ax162>
Date: Sat, 10 Jan 2026 18:23:50 -0700
From: Nathan Chancellor <nathan@...nel.org>
To: Mikko Rapeli <mikko.rapeli@...aro.org>
Cc: Nicolas Schier <nsc@...nel.org>,
Anders Roxell <anders.roxell@...aro.org>,
linux-kbuild@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2 1/3] scripts: kconfig: merge_config.sh: refactor from
shell/sed/grep to awk
Hi Mikko,
Thanks for the update! Just a heads up, please start a new thread for
newer patch revisions, preferring a link back to the earlier revisions
like b4 does. Sending it as a reply to the previous revision makes it
hard to follow in an mbox, as you might be able to see at the bottom of
the lore thread:
https://lore.kernel.org/linux-kbuild/20251229114447.45236-1-mikko.rapeli@linaro.org/
On Wed, Dec 31, 2025 at 10:40:48AM +0200, Mikko Rapeli wrote:
> From: Anders Roxell <anders.roxell@...aro.org>
>
> merge_config.sh shell/sed/grep loop scales poorly and is slow.
> With Yocto genericarm64 kernel and around 190 config fragments
> the script takes more than 20 minutes to run on a fast build machine.
> Re-implementation with awk does the same job in 10 seconds.
> Using awk since it is likely available in the build environments
> and using perl, python etc would introduce more complex runtime
> dependencies. awk is good enough and lot better than shell/sed/grep.
>
> Signed-off-by: Anders Roxell <anders.roxell@...aro.org>
> Signed-off-by: Mikko Rapeli <mikko.rapeli@...aro.org>
> ---
> scripts/kconfig/merge_config.sh | 168 ++++++++++++++++++++++++--------
> 1 file changed, 128 insertions(+), 40 deletions(-)
>
> v2: remove unused sed variables, awk from ${AWK} variable,
> curly brace syntax fix after rebase, triple check that
> correct revision of patches are used in testing with
> yocto/bitbake
>
> v1: https://lore.kernel.org/linux-kbuild/20251229114447.45236-1-mikko.rapeli@linaro.org/T/#t
>
> diff --git a/scripts/kconfig/merge_config.sh b/scripts/kconfig/merge_config.sh
> index 79c09b378be8..4cefe3cdfc2f 100755
> --- a/scripts/kconfig/merge_config.sh
> +++ b/scripts/kconfig/merge_config.sh
> @@ -16,8 +16,8 @@
> set -e
>
> clean_up() {
> - rm -f $TMP_FILE
> - rm -f $MERGE_FILE
> + rm -f "${TMP_FILE}"
> + rm -f "${TMP_FILE}.new"
...
> +if [ -z "${AWK}" ]; then
Small nit: This file seems to prefer $VAR over ${VAR} when not using
bash parameter expansion (and that is a little easier for me as a fish
user to read longterm).
> + # Normalize: strip trailing comments, convert "is not set" to "=n"
> + function normalize(line) {
> + if (line == "") return ""
> + sub(/[[:space:]]+#.*/, "", line)
> + if (line ~ / is not set$/) {
> + sub(/^# /, "", line)
> + sub(/ is not set$/, "=n", line)
> + }
> + return line
> + }
I think this normalization makes it a little harder to read when the
value is changed from "n" to "y".
Prior to this change:
$ make -j"$(nproc)" ARCH=arm64 CROSS_COMPILE=aarch64-linux- clean defconfig hardening.config
...
Value of CONFIG_SLAB_FREELIST_HARDENED is redefined by fragment kernel/configs/hardening.config:
Previous value: # CONFIG_SLAB_FREELIST_HARDENED is not set
New value: CONFIG_SLAB_FREELIST_HARDENED=y
...
After this change:
$ make -j"$(nproc)" ARCH=arm64 CROSS_COMPILE=aarch64-linux- clean defconfig hardening.config
...
Value of CONFIG_SLAB_FREELIST_HARDENED is redefined by fragment kernel/configs/hardening.config:
Previous value: CONFIG_SLAB_FREELIST_HARDENED=n
New value: CONFIG_SLAB_FREELIST_HARDENED=y
...
Linus has complained about moving from "is not set" to "n" in the past:
https://lore.kernel.org/CAHk-=wgxcu9DFkXAOAFdDtLWwuv6qb5iV1E69yWE-JEVsd-NFg@mail.gmail.com/
I do like the alignment change for the "new value" line but I think
keeping "is not set" would be a little easier to quickly parse than
"=n".
Value of CONFIG_SLAB_FREELIST_HARDENED is redefined by fragment kernel/configs/hardening.config:
Previous value: # CONFIG_SLAB_FREELIST_HARDENED is not set
New value: CONFIG_SLAB_FREELIST_HARDENED=y
Might just be a personal preference though.
> + function warn_builtin(cfg, prev, new) {
> + if (warnoverride == "true") return
> + print cfg ": -y passed, will not demote y to m" > "/dev/stderr"
> + print " Previous value: " prev > "/dev/stderr"
> + print " New value: " new > "/dev/stderr"
> + print "" > "/dev/stderr"
> + }
> +
> + function warn_redefined(cfg, prev, new) {
> + if (warnoverride == "true") return
> + print "Value of " cfg " is redefined by fragment " mergefile ":" > "/dev/stderr"
> + print " Previous value: " prev > "/dev/stderr"
> + print " New value: " new > "/dev/stderr"
> + print "" > "/dev/stderr"
> + }
> +
> + function warn_redundant(cfg) {
> + if (warnredun != "true" || warnoverride == "true") return
> + print "Value of " cfg " is redundant by fragment " mergefile ":" > "/dev/stderr"
> + }
The use of /dev/stderr seems to introduce a change in behavior when
using 'make -s'.
Prior to this change:
$ make -sj"$(nproc)" ARCH=arm64 CROSS_COMPILE=aarch64-linux- clean defconfig hardening.config
After this change:
$ make -sj"$(nproc)" ARCH=arm64 CROSS_COMPILE=aarch64-linux- clean defconfig hardening.config
Value of CONFIG_COMPAT_VDSO is redefined by fragment kernel/configs/hardening.config:
Previous value: CONFIG_COMPAT_VDSO=y
New value: CONFIG_COMPAT_VDSO=n
Value of CONFIG_RANDOMIZE_KSTACK_OFFSET_DEFAULT is redefined by fragment kernel/configs/hardening.config:
Previous value: CONFIG_RANDOMIZE_KSTACK_OFFSET_DEFAULT=n
New value: CONFIG_RANDOMIZE_KSTACK_OFFSET_DEFAULT=y
...
These should probably just be /dev/stdout?
Cheers,
Nathan
Powered by blists - more mailing lists