| Message ID | 20240928-fix-randstruct-modversions-kconfig-warning-v1-1-27d3edc8571e@kernel.org (mailing list archive) |
|---|---|
| State | Mainlined |
| Commit | dd3a7ee91e0ce0b03d22e974a79e8247cc99959b |
| Headers | show |
| Series | hardening: Adjust dependencies in selection of MODVERSIONS | expand |
On Sat, 28 Sep 2024 11:13:13 -0700, Nathan Chancellor wrote: > MODVERSIONS recently grew a dependency on !COMPILE_TEST so that Rust > could be more easily tested. However, this introduces a Kconfig warning > when building allmodconfig with a clang version that supports RANDSTRUCT > natively because RANDSTRUCT_FULL and RANDSTRUCT_PERFORMANCE select > MODVERSIONS when MODULES is enabled, bypassing the !COMPILE_TEST > dependency: > > [...] Applied to for-linus/hardening, thanks! [1/1] hardening: Adjust dependencies in selection of MODVERSIONS https://git.kernel.org/kees/c/dd3a7ee91e0c Take care,
On Sat, 28 Sept 2024 at 11:13, Nathan Chancellor <nathan@kernel.org> wrote: > > MODVERSIONS recently grew a dependency on !COMPILE_TEST so that Rust > could be more easily tested. However, this introduces a Kconfig warning > when building allmodconfig with a clang version that supports RANDSTRUCT > natively because RANDSTRUCT_FULL and RANDSTRUCT_PERFORMANCE select > MODVERSIONS when MODULES is enabled, bypassing the !COMPILE_TEST > dependency: Argh. I should have checked, but I didn't think anybody would 'select' MODVERSIONS. That's such an odd thing to do in general, but I guess for RANDSTRUCT it actually makes sense (since a plain version check is nonsensical). Now that 'select' statement is truly crazy and another level of odd duck, but I guess it still makes perfect sense ("give me the build coverage, but this is never going to be run, so don't bother with MODVERSIONS"). So Ack on the patch. And now I did check that there doesn't seem to be anything else with odd MODVERSIONS Kconfig rules. Linus
On Sun, Sep 29, 2024 at 08:35:44AM -0700, Linus Torvalds wrote: > On Sat, 28 Sept 2024 at 11:13, Nathan Chancellor <nathan@kernel.org> wrote: > > > > MODVERSIONS recently grew a dependency on !COMPILE_TEST so that Rust > > could be more easily tested. However, this introduces a Kconfig warning > > when building allmodconfig with a clang version that supports RANDSTRUCT > > natively because RANDSTRUCT_FULL and RANDSTRUCT_PERFORMANCE select > > MODVERSIONS when MODULES is enabled, bypassing the !COMPILE_TEST > > dependency: > > Argh. I should have checked, but I didn't think anybody would 'select' > MODVERSIONS. > > That's such an odd thing to do in general, but I guess for RANDSTRUCT > it actually makes sense (since a plain version check is nonsensical). > > Now that 'select' statement is truly crazy and another level of odd > duck, but I guess it still makes perfect sense ("give me the build > coverage, but this is never going to be run, so don't bother with > MODVERSIONS"). Yeah, I came to the same conclusion on both fronts (perhaps I should have actually put that in the patch description). > So Ack on the patch. And now I did check that there doesn't seem to be > anything else with odd MODVERSIONS Kconfig rules. Thanks, it looks like you'll get this via Kees soon. Cheers, Nathan
diff --git a/security/Kconfig.hardening b/security/Kconfig.hardening index 2cff851ebfd7e13b955693be9f5818ac6f8bbf03..c9d5ca3d8d08de237102f1ffe3f310636ae0d6ff 100644 --- a/security/Kconfig.hardening +++ b/security/Kconfig.hardening @@ -340,7 +340,7 @@ choice config RANDSTRUCT_FULL bool "Fully randomize structure layout" depends on CC_HAS_RANDSTRUCT || GCC_PLUGINS - select MODVERSIONS if MODULES + select MODVERSIONS if MODULES && !COMPILE_TEST help Fully randomize the member layout of sensitive structures as much as possible, which may have both a @@ -356,7 +356,7 @@ choice config RANDSTRUCT_PERFORMANCE bool "Limit randomization of structure layout to cache-lines" depends on GCC_PLUGINS - select MODVERSIONS if MODULES + select MODVERSIONS if MODULES && !COMPILE_TEST help Randomization of sensitive kernel structures will make a best effort at restricting randomization to cacheline-sized
MODVERSIONS recently grew a dependency on !COMPILE_TEST so that Rust could be more easily tested. However, this introduces a Kconfig warning when building allmodconfig with a clang version that supports RANDSTRUCT natively because RANDSTRUCT_FULL and RANDSTRUCT_PERFORMANCE select MODVERSIONS when MODULES is enabled, bypassing the !COMPILE_TEST dependency: WARNING: unmet direct dependencies detected for MODVERSIONS Depends on [n]: MODULES [=y] && !COMPILE_TEST [=y] Selected by [y]: - RANDSTRUCT_FULL [=y] && (CC_HAS_RANDSTRUCT [=y] || GCC_PLUGINS [=n]) && MODULES [=y] Add the !COMPILE_TEST dependency to the selections to clear up the warning. Fixes: 1f9c4a996756 ("Kbuild: make MODVERSIONS support depend on not being a compile test build") Signed-off-by: Nathan Chancellor <nathan@kernel.org> --- security/Kconfig.hardening | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- base-commit: 3efc57369a0ce8f76bf0804f7e673982384e4ac9 change-id: 20240928-fix-randstruct-modversions-kconfig-warning-013be4a0f673 Best regards,