lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1369317700.3469.256.camel@deadeye.wl.decadent.org.uk>
Date:	Thu, 23 May 2013 15:01:40 +0100
From:	Ben Hutchings <ben@...adent.org.uk>
To:	Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc:	Jiri Slaby <jslaby@...e.cz>, jirislaby@...il.com,
	linux-kernel@...r.kernel.org,
	Andrew Morton <akpm@...ux-foundation.org>,
	Linus Torvalds <torvalds@...ux-foundation.org>,
	Jeff Mahoney <jeffm@...e.com>,
	Alexander Shishkin <alexander.shishkin@...ux.intel.com>,
	linux-usb@...r.kernel.org,
	Florian Tobias Schandinat <FlorianSchandinat@....de>,
	linux-geode@...ts.infradead.org, linux-fbdev@...r.kernel.org,
	Richard Cochran <richardcochran@...il.com>,
	netdev@...r.kernel.org,
	"Keller, Jacob E" <jacob.e.keller@...el.com>
Subject: Re: [PATCH] build some drivers only when compile-testing

On Wed, 2013-05-22 at 19:23 -0700, Greg Kroah-Hartman wrote:
> On Wed, May 22, 2013 at 11:18:46AM +0200, Jiri Slaby wrote:
> > Some drivers can be built on more platforms than they run on. This
> > causes users and distributors packaging burden when they have to
> > manually deselect some drivers from their allmodconfigs. Or sometimes
> > it is even impossible to disable the drivers without patching the
> > kernel.
> > 
> > Introduce a new config option COMPILE_TEST and make all those drivers
> > to depend on the platform they run on, or on the COMPILE_TEST option.
> > Now, when users/distributors choose COMPILE_TEST=n they will not have
> > the drivers in their allmodconfig setups, but developers still can
> > compile-test them with COMPILE_TEST=y.
> 
> I understand the urge, and it's getting hard for distros to handle these
> drivers that just don't work on other architectures, but it's really
> valuable to ensure that they build properly, for those of us that don't
> have many/any cross compilers set up.
> 
> > Now the drivers where we use this new option:
> > * PTP_1588_CLOCK_PCH: The PCH EG20T is only compatible with Intel Atom
> >   processors so it should depend on x86.
> > * FB_GEODE: Geode is 32-bit only so only enable it for X86_32.
> > * USB_CHIPIDEA_IMX: The OF_DEVICE dependency will be met on powerpc
> >   systems -- which do not actually support the hardware via that
> >   method.
> 
> This seems ripe to start to get really messy, really quickly.  Shouldn't
> "default configs" handle if this "should" be enabled for a platform or
> not, and let the rest of us just build them with no problems?

Debian aims to provide a consistent feature set across all supported
architectures so far as possible, and I would expect other distributions
to do the same.  I don't believe anyone is coordinating defconfigs
across architectures to ensure that.

Distributions may also have particular requirements from userland that a
distribution-agnostic defconfig obviously doesn't cover.  (Isn't that
why we had the discussion about 'configure for my distribution' some
months back?)

For the driver configuration, what we provide in Debian is closer to
allmodconfig, only with some attempt to exclude those useless drivers.
Dependencies like this would make it easier to do that.

> What problems is this causing you?  Are you running out of space in
> kernel packages with drivers that will never be actually used?

On most x86 systems this isn't going to be an issue.  But if packages
are built natively (as they are for most distributions) then building
useless drivers for some architecture which doesn't have fast processors
available is a waste of precious resources.

This is particularly bad where the architecture doesn't support generic
kernels that boot on a wide range of machines and therefore we must
build many times over.  These unfortunately tend to be among those with
slower processors (ARM[1], MIPS, SH, ...).  Currently, Debian's linux
package takes ~48 hours to build for armel (ARM processors without FPU)
- and that's without building many of the PCI drivers we could for those
platforms which have PCI support.  So that's a minimum of 2 days to
provide a security update across all architectures[2].

[1] I'm aware that ARM is getting better in this regard and most ARMv7
machines are likely to be supportable by a single kernel image soon.
That doesn't mean the whole problem is solved.

[2] We don't always wait for all builds before releasing/announcing an
update; for example <http://www.debian.org/security/2013/dsa-2669>.  But
that's no comfort for those using the slower architecture.

> > +config COMPILE_TEST
> > +     bool "Compile also drivers which will not load" if EXPERT
> 
> EXPERT is getting to be the "let's hide it here" option, isn't it...

This little detail seems likely to reduce the usefulness of randconfig
as many drivers will become dependent on both EXPERT and COMPILE_TEST
being selected.

> I don't know, if no one else strongly objects, I can be convinced that
> this is needed, but so far, I don't see why it really is, or what this
> is going to help with.

Ben.

-- 
Ben Hutchings
friends: People who know you well, but like you anyway.

Download attachment "signature.asc" of type "application/pgp-signature" (829 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ