| Message ID | 20240928-fix-randstruct-modversions-kconfig-warning-v1-1-27d3edc8571e@kernel.org (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | hardening: Adjust dependencies in selection of MODVERSIONS | expand |
On Sat, 28 Sep 2024 11:13:13 -0700, Nathan Chancellor wrote: > MODVERSIONS recently grew a dependency on !COMPILE_TEST so that Rust > could be more easily tested. However, this introduces a Kconfig warning > when building allmodconfig with a clang version that supports RANDSTRUCT > natively because RANDSTRUCT_FULL and RANDSTRUCT_PERFORMANCE select > MODVERSIONS when MODULES is enabled, bypassing the !COMPILE_TEST > dependency: > > [...] Applied to for-linus/hardening, thanks! [1/1] hardening: Adjust dependencies in selection of MODVERSIONS https://git.kernel.org/kees/c/dd3a7ee91e0c Take care,
diff --git a/security/Kconfig.hardening b/security/Kconfig.hardening index 2cff851ebfd7e13b955693be9f5818ac6f8bbf03..c9d5ca3d8d08de237102f1ffe3f310636ae0d6ff 100644 --- a/security/Kconfig.hardening +++ b/security/Kconfig.hardening @@ -340,7 +340,7 @@ choice config RANDSTRUCT_FULL bool "Fully randomize structure layout" depends on CC_HAS_RANDSTRUCT || GCC_PLUGINS - select MODVERSIONS if MODULES + select MODVERSIONS if MODULES && !COMPILE_TEST help Fully randomize the member layout of sensitive structures as much as possible, which may have both a @@ -356,7 +356,7 @@ choice config RANDSTRUCT_PERFORMANCE bool "Limit randomization of structure layout to cache-lines" depends on GCC_PLUGINS - select MODVERSIONS if MODULES + select MODVERSIONS if MODULES && !COMPILE_TEST help Randomization of sensitive kernel structures will make a best effort at restricting randomization to cacheline-sized
MODVERSIONS recently grew a dependency on !COMPILE_TEST so that Rust could be more easily tested. However, this introduces a Kconfig warning when building allmodconfig with a clang version that supports RANDSTRUCT natively because RANDSTRUCT_FULL and RANDSTRUCT_PERFORMANCE select MODVERSIONS when MODULES is enabled, bypassing the !COMPILE_TEST dependency: WARNING: unmet direct dependencies detected for MODVERSIONS Depends on [n]: MODULES [=y] && !COMPILE_TEST [=y] Selected by [y]: - RANDSTRUCT_FULL [=y] && (CC_HAS_RANDSTRUCT [=y] || GCC_PLUGINS [=n]) && MODULES [=y] Add the !COMPILE_TEST dependency to the selections to clear up the warning. Fixes: 1f9c4a996756 ("Kbuild: make MODVERSIONS support depend on not being a compile test build") Signed-off-by: Nathan Chancellor <nathan@kernel.org> --- security/Kconfig.hardening | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- base-commit: 3efc57369a0ce8f76bf0804f7e673982384e4ac9 change-id: 20240928-fix-randstruct-modversions-kconfig-warning-013be4a0f673 Best regards,