7d153696e5
Richard Weinberger pointed out the risk of sourcing the kernel config
from shell scripts [1], and proposed some patches [2], [3]. It is a good
point, but it took a long time because I was wondering how to fix this.
This commit goes with simple grep approach because there are only a few
scripts including the kernel configuration.
scripts/link_vmlinux.sh has references to a bunch of CONFIG options,
all of which are boolean. I added is_enabled() helper as
scripts/package/{mkdebian,builddeb} do.
scripts/gen_autoksyms.sh uses 'eval', stating "to expand the whitelist
path". I removed it since it is the issue we are trying to fix.
I was a bit worried about the cost of invoking the grep command over
again. I extracted the grep parts from it, and measured the cost. It
was approximately 0.03 sec, which I hope is acceptable.
[test code]
$ cat test-grep.sh
#!/bin/sh
is_enabled() {
grep -q "^$1=y" include/config/auto.conf
}
is_enabled CONFIG_LTO_CLANG
is_enabled CONFIG_LTO_CLANG
is_enabled CONFIG_STACK_VALIDATION
is_enabled CONFIG_UNWINDER_ORC
is_enabled CONFIG_FTRACE_MCOUNT_USE_OBJTOOL
is_enabled CONFIG_VMLINUX_VALIDATION
is_enabled CONFIG_FRAME_POINTER
is_enabled CONFIG_GCOV_KERNEL
is_enabled CONFIG_LTO_CLANG
is_enabled CONFIG_RETPOLINE
is_enabled CONFIG_X86_SMAP
is_enabled CONFIG_LTO_CLANG
is_enabled CONFIG_VMLINUX_MAP
is_enabled CONFIG_KALLSYMS_ALL
is_enabled CONFIG_KALLSYMS_ABSOLUTE_PERCPU
is_enabled CONFIG_KALLSYMS_BASE_RELATIVE
is_enabled CONFIG_DEBUG_INFO_BTF
is_enabled CONFIG_KALLSYMS
is_enabled CONFIG_DEBUG_INFO_BTF
is_enabled CONFIG_BPF
is_enabled CONFIG_BUILDTIME_TABLE_SORT
is_enabled CONFIG_KALLSYMS
$ time ./test-grep.sh
real 0m0.036s
user 0m0.027s
sys m0.009s
[1]: https://lore.kernel.org/all/1919455.eZKeABUfgV@blindfold/
[2]: https://lore.kernel.org/all/20180219092245.26404-1-richard@nod.at/
[3]: https://lore.kernel.org/all/20210920213957.1064-2-richard@nod.at/
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Reviewed-by: Nicolas Schier <n.schier@avm.de>
|
||
|---|---|---|
| .. | ||
| atomic | ||
| basic | ||
| clang-tools | ||
| coccinelle | ||
| dtc | ||
| dummy-tools | ||
| gcc-plugins | ||
| gdb | ||
| genksyms | ||
| kconfig | ||
| ksymoops | ||
| mod | ||
| package | ||
| selinux | ||
| tracing | ||
| .gitignore | ||
| Kbuild.include | ||
| Kconfig.include | ||
| Lindent | ||
| Makefile | ||
| Makefile.asm-generic | ||
| Makefile.build | ||
| Makefile.clang | ||
| Makefile.clean | ||
| Makefile.compiler | ||
| Makefile.debug | ||
| Makefile.dtbinst | ||
| Makefile.extrawarn | ||
| Makefile.gcc-plugins | ||
| Makefile.headersinst | ||
| Makefile.host | ||
| Makefile.kasan | ||
| Makefile.kcov | ||
| Makefile.kcsan | ||
| Makefile.lib | ||
| Makefile.modfinal | ||
| Makefile.modinst | ||
| Makefile.modpost | ||
| Makefile.package | ||
| Makefile.ubsan | ||
| Makefile.userprogs | ||
| adjust_autoksyms.sh | ||
| as-version.sh | ||
| asn1_compiler.c | ||
| bin2c.c | ||
| bloat-o-meter | ||
| bootgraph.pl | ||
| bpf_doc.py | ||
| cc-can-link.sh | ||
| cc-version.sh | ||
| check-sysctl-docs | ||
| check_extable.sh | ||
| checkdeclares.pl | ||
| checkincludes.pl | ||
| checkkconfigsymbols.py | ||
| checkpatch.pl | ||
| checkstack.pl | ||
| checksyscalls.sh | ||
| checkversion.pl | ||
| cleanfile | ||
| cleanpatch | ||
| coccicheck | ||
| config | ||
| const_structs.checkpatch | ||
| decode_stacktrace.sh | ||
| decodecode | ||
| depmod.sh | ||
| dev-needs.sh | ||
| diffconfig | ||
| documentation-file-ref-check | ||
| export_report.pl | ||
| extract-cert.c | ||
| extract-ikconfig | ||
| extract-module-sig.pl | ||
| extract-sys-certs.pl | ||
| extract-vmlinux | ||
| extract_xc3028.pl | ||
| faddr2line | ||
| file-size.sh | ||
| find-unused-docs.sh | ||
| gcc-goto.sh | ||
| gcc-ld | ||
| gcc-x86_32-has-stack-protector.sh | ||
| gcc-x86_64-has-stack-protector.sh | ||
| gen_autoksyms.sh | ||
| gen_ksymdeps.sh | ||
| generate_initcall_order.pl | ||
| get_abi.pl | ||
| get_dvb_firmware | ||
| get_feat.pl | ||
| get_maintainer.pl | ||
| gfp-translate | ||
| headerdep.pl | ||
| headers_install.sh | ||
| insert-sys-cert.c | ||
| jobserver-exec | ||
| kallsyms.c | ||
| kernel-doc | ||
| ld-version.sh | ||
| leaking_addresses.pl | ||
| link-vmlinux.sh | ||
| makelst | ||
| markup_oops.pl | ||
| min-tool-version.sh | ||
| mkcompile_h | ||
| mksysmap | ||
| mkuboot.sh | ||
| module.lds.S | ||
| modules-check.sh | ||
| nsdeps | ||
| objdiff | ||
| pahole-flags.sh | ||
| parse-maintainers.pl | ||
| patch-kernel | ||
| profile2linkerlist.pl | ||
| prune-kernel | ||
| recordmcount.c | ||
| recordmcount.h | ||
| recordmcount.pl | ||
| remove-stale-files | ||
| setlocalversion | ||
| show_delta | ||
| sign-file.c | ||
| sorttable.c | ||
| sorttable.h | ||
| spdxcheck-test.sh | ||
| spdxcheck.py | ||
| spelling.txt | ||
| sphinx-pre-install | ||
| split-man.pl | ||
| stackdelta | ||
| stackusage | ||
| subarch.include | ||
| syscallhdr.sh | ||
| syscallnr.sh | ||
| syscalltbl.sh | ||
| tags.sh | ||
| test_fortify.sh | ||
| tools-support-relr.sh | ||
| unifdef.c | ||
| ver_linux | ||
| xen-hypercalls.sh | ||
| xz_wrap.sh | ||