Skip to content

Commit 7d15369

Browse files
masahir0ymasahir0y
committed
kbuild: do not include include/config/auto.conf from shell scripts
Richard Weinberger pointed out the risk of sourcing the kernel config from shell scripts [1], and proposed some patches [2], [3]. It is a good point, but it took a long time because I was wondering how to fix this. This commit goes with simple grep approach because there are only a few scripts including the kernel configuration. scripts/link_vmlinux.sh has references to a bunch of CONFIG options, all of which are boolean. I added is_enabled() helper as scripts/package/{mkdebian,builddeb} do. scripts/gen_autoksyms.sh uses 'eval', stating "to expand the whitelist path". I removed it since it is the issue we are trying to fix. I was a bit worried about the cost of invoking the grep command over again. I extracted the grep parts from it, and measured the cost. It was approximately 0.03 sec, which I hope is acceptable. [test code] $ cat test-grep.sh #!/bin/sh is_enabled() { grep -q "^$1=y" include/config/auto.conf } is_enabled CONFIG_LTO_CLANG is_enabled CONFIG_LTO_CLANG is_enabled CONFIG_STACK_VALIDATION is_enabled CONFIG_UNWINDER_ORC is_enabled CONFIG_FTRACE_MCOUNT_USE_OBJTOOL is_enabled CONFIG_VMLINUX_VALIDATION is_enabled CONFIG_FRAME_POINTER is_enabled CONFIG_GCOV_KERNEL is_enabled CONFIG_LTO_CLANG is_enabled CONFIG_RETPOLINE is_enabled CONFIG_X86_SMAP is_enabled CONFIG_LTO_CLANG is_enabled CONFIG_VMLINUX_MAP is_enabled CONFIG_KALLSYMS_ALL is_enabled CONFIG_KALLSYMS_ABSOLUTE_PERCPU is_enabled CONFIG_KALLSYMS_BASE_RELATIVE is_enabled CONFIG_DEBUG_INFO_BTF is_enabled CONFIG_KALLSYMS is_enabled CONFIG_DEBUG_INFO_BTF is_enabled CONFIG_BPF is_enabled CONFIG_BUILDTIME_TABLE_SORT is_enabled CONFIG_KALLSYMS $ time ./test-grep.sh real 0m0.036s user 0m0.027s sys m0.009s [1]: https://lore.kernel.org/all/1919455.eZKeABUfgV@blindfold/ [2]: https://lore.kernel.org/all/[email protected]/ [3]: https://lore.kernel.org/all/[email protected]/ Signed-off-by: Masahiro Yamada <[email protected]> Reviewed-by: Nicolas Schier <[email protected]>
1 parent b8c96a6 commit 7d15369

File tree

3 files changed

+31
-36
lines changed

3 files changed

+31
-36
lines changed

scripts/gen_autoksyms.sh

Lines changed: 3 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -16,20 +16,15 @@ case "$KBUILD_VERBOSE" in
1616
;;
1717
esac
1818

19-
# We need access to CONFIG_ symbols
20-
. include/config/auto.conf
21-
2219
needed_symbols=
2320

2421
# Special case for modversions (see modpost.c)
25-
if [ -n "$CONFIG_MODVERSIONS" ]; then
22+
if grep -q "^CONFIG_MODVERSIONS=y$" include/config/auto.conf; then
2623
needed_symbols="$needed_symbols module_layout"
2724
fi
2825

29-
ksym_wl=
30-
if [ -n "$CONFIG_UNUSED_KSYMS_WHITELIST" ]; then
31-
# Use 'eval' to expand the whitelist path and check if it is relative
32-
eval ksym_wl="$CONFIG_UNUSED_KSYMS_WHITELIST"
26+
ksym_wl=$(sed -n 's/^CONFIG_UNUSED_KSYMS_WHITELIST="\(.*\)"$/\1/p' include/config/auto.conf)
27+
if [ -n "$ksym_wl" ]; then
3328
[ "${ksym_wl}" != "${ksym_wl#/}" ] || ksym_wl="$abs_srctree/$ksym_wl"
3429
if [ ! -f "$ksym_wl" ] || [ ! -r "$ksym_wl" ]; then
3530
echo "ERROR: '$ksym_wl' whitelist file not found" >&2

scripts/link-vmlinux.sh

Lines changed: 24 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -34,6 +34,10 @@ LD="$1"
3434
KBUILD_LDFLAGS="$2"
3535
LDFLAGS_vmlinux="$3"
3636

37+
is_enabled() {
38+
grep -q "^$1=y" include/config/auto.conf
39+
}
40+
3741
# Nice output in kbuild format
3842
# Will be supressed by "make -s"
3943
info()
@@ -80,11 +84,11 @@ modpost_link()
8084
${KBUILD_VMLINUX_LIBS} \
8185
--end-group"
8286

83-
if [ -n "${CONFIG_LTO_CLANG}" ]; then
87+
if is_enabled CONFIG_LTO_CLANG; then
8488
gen_initcalls
8589
lds="-T .tmp_initcalls.lds"
8690

87-
if [ -n "${CONFIG_MODVERSIONS}" ]; then
91+
if is_enabled CONFIG_MODVERSIONS; then
8892
gen_symversions
8993
lds="${lds} -T .tmp_symversions.lds"
9094
fi
@@ -104,21 +108,21 @@ objtool_link()
104108
local objtoolcmd;
105109
local objtoolopt;
106110

107-
if [ "${CONFIG_LTO_CLANG} ${CONFIG_STACK_VALIDATION}" = "y y" ]; then
111+
if is_enabled CONFIG_LTO_CLANG && is_enabled CONFIG_STACK_VALIDATION; then
108112
# Don't perform vmlinux validation unless explicitly requested,
109113
# but run objtool on vmlinux.o now that we have an object file.
110-
if [ -n "${CONFIG_UNWINDER_ORC}" ]; then
114+
if is_enabled CONFIG_UNWINDER_ORC; then
111115
objtoolcmd="orc generate"
112116
fi
113117

114118
objtoolopt="${objtoolopt} --duplicate"
115119

116-
if [ -n "${CONFIG_FTRACE_MCOUNT_USE_OBJTOOL}" ]; then
120+
if is_enabled CONFIG_FTRACE_MCOUNT_USE_OBJTOOL; then
117121
objtoolopt="${objtoolopt} --mcount"
118122
fi
119123
fi
120124

121-
if [ -n "${CONFIG_VMLINUX_VALIDATION}" ]; then
125+
if is_enabled CONFIG_VMLINUX_VALIDATION; then
122126
objtoolopt="${objtoolopt} --noinstr"
123127
fi
124128

@@ -127,16 +131,16 @@ objtool_link()
127131
objtoolcmd="check"
128132
fi
129133
objtoolopt="${objtoolopt} --vmlinux"
130-
if [ -z "${CONFIG_FRAME_POINTER}" ]; then
134+
if ! is_enabled CONFIG_FRAME_POINTER; then
131135
objtoolopt="${objtoolopt} --no-fp"
132136
fi
133-
if [ -n "${CONFIG_GCOV_KERNEL}" ] || [ -n "${CONFIG_LTO_CLANG}" ]; then
137+
if is_enabled CONFIG_GCOV_KERNEL || is_enabled CONFIG_LTO_CLANG; then
134138
objtoolopt="${objtoolopt} --no-unreachable"
135139
fi
136-
if [ -n "${CONFIG_RETPOLINE}" ]; then
140+
if is_enabled CONFIG_RETPOLINE; then
137141
objtoolopt="${objtoolopt} --retpoline"
138142
fi
139-
if [ -n "${CONFIG_X86_SMAP}" ]; then
143+
if is_enabled CONFIG_X86_SMAP; then
140144
objtoolopt="${objtoolopt} --uaccess"
141145
fi
142146
info OBJTOOL ${1}
@@ -161,7 +165,7 @@ vmlinux_link()
161165
# skip output file argument
162166
shift
163167

164-
if [ -n "${CONFIG_LTO_CLANG}" ]; then
168+
if is_enabled CONFIG_LTO_CLANG; then
165169
# Use vmlinux.o instead of performing the slow LTO link again.
166170
objs=vmlinux.o
167171
libs=
@@ -189,7 +193,7 @@ vmlinux_link()
189193
ldflags="${ldflags} ${wl}--strip-debug"
190194
fi
191195

192-
if [ -n "${CONFIG_VMLINUX_MAP}" ]; then
196+
if is_enabled CONFIG_VMLINUX_MAP; then
193197
ldflags="${ldflags} ${wl}-Map=${output}.map"
194198
fi
195199

@@ -239,15 +243,15 @@ kallsyms()
239243
{
240244
local kallsymopt;
241245

242-
if [ -n "${CONFIG_KALLSYMS_ALL}" ]; then
246+
if is_enabled CONFIG_KALLSYMS_ALL; then
243247
kallsymopt="${kallsymopt} --all-symbols"
244248
fi
245249

246-
if [ -n "${CONFIG_KALLSYMS_ABSOLUTE_PERCPU}" ]; then
250+
if is_enabled CONFIG_KALLSYMS_ABSOLUTE_PERCPU; then
247251
kallsymopt="${kallsymopt} --absolute-percpu"
248252
fi
249253

250-
if [ -n "${CONFIG_KALLSYMS_BASE_RELATIVE}" ]; then
254+
if is_enabled CONFIG_KALLSYMS_BASE_RELATIVE; then
251255
kallsymopt="${kallsymopt} --base-relative"
252256
fi
253257

@@ -312,9 +316,6 @@ if [ "$1" = "clean" ]; then
312316
exit 0
313317
fi
314318

315-
# We need access to CONFIG_ symbols
316-
. include/config/auto.conf
317-
318319
# Update version
319320
info GEN .version
320321
if [ -r .version ]; then
@@ -343,7 +344,7 @@ tr '\0' '\n' < modules.builtin.modinfo | sed -n 's/^[[:alnum:]:_]*\.file=//p' |
343344
tr ' ' '\n' | uniq | sed -e 's:^:kernel/:' -e 's/$/.ko/' > modules.builtin
344345

345346
btf_vmlinux_bin_o=""
346-
if [ -n "${CONFIG_DEBUG_INFO_BTF}" ]; then
347+
if is_enabled CONFIG_DEBUG_INFO_BTF; then
347348
btf_vmlinux_bin_o=.btf.vmlinux.bin.o
348349
if ! gen_btf .tmp_vmlinux.btf $btf_vmlinux_bin_o ; then
349350
echo >&2 "Failed to generate BTF for vmlinux"
@@ -355,7 +356,7 @@ fi
355356
kallsymso=""
356357
kallsymso_prev=""
357358
kallsyms_vmlinux=""
358-
if [ -n "${CONFIG_KALLSYMS}" ]; then
359+
if is_enabled CONFIG_KALLSYMS; then
359360

360361
# kallsyms support
361362
# Generate section listing all symbols and add it into vmlinux
@@ -395,12 +396,12 @@ fi
395396
vmlinux_link vmlinux "${kallsymso}" ${btf_vmlinux_bin_o}
396397

397398
# fill in BTF IDs
398-
if [ -n "${CONFIG_DEBUG_INFO_BTF}" -a -n "${CONFIG_BPF}" ]; then
399+
if is_enabled CONFIG_DEBUG_INFO_BTF && is_enabled CONFIG_BPF; then
399400
info BTFIDS vmlinux
400401
${RESOLVE_BTFIDS} vmlinux
401402
fi
402403

403-
if [ -n "${CONFIG_BUILDTIME_TABLE_SORT}" ]; then
404+
if is_enabled CONFIG_BUILDTIME_TABLE_SORT; then
404405
info SORTTAB vmlinux
405406
if ! sorttable vmlinux; then
406407
echo >&2 Failed to sort kernel tables
@@ -412,7 +413,7 @@ info SYSMAP System.map
412413
mksysmap vmlinux System.map
413414

414415
# step a (see comment above)
415-
if [ -n "${CONFIG_KALLSYMS}" ]; then
416+
if is_enabled CONFIG_KALLSYMS; then
416417
mksysmap ${kallsyms_vmlinux} .tmp_System.map
417418

418419
if ! cmp -s System.map .tmp_System.map; then

scripts/setlocalversion

Lines changed: 4 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -111,9 +111,7 @@ if $scm_only; then
111111
exit
112112
fi
113113

114-
if test -e include/config/auto.conf; then
115-
. include/config/auto.conf
116-
else
114+
if ! test -e include/config/auto.conf; then
117115
echo "Error: kernelrelease not valid - run 'make prepare' to update it" >&2
118116
exit 1
119117
fi
@@ -125,10 +123,11 @@ if test ! "$srctree" -ef .; then
125123
fi
126124

127125
# CONFIG_LOCALVERSION and LOCALVERSION (if set)
128-
res="${res}${CONFIG_LOCALVERSION}${LOCALVERSION}"
126+
config_localversion=$(sed -n 's/^CONFIG_LOCALVERSION="\(.*\)"$/\1/p' include/config/auto.conf)
127+
res="${res}${config_localversion}${LOCALVERSION}"
129128

130129
# scm version string if not at a tagged commit
131-
if test "$CONFIG_LOCALVERSION_AUTO" = "y"; then
130+
if grep -q "^CONFIG_LOCALVERSION_AUTO=y$" include/config/auto.conf; then
132131
# full scm version string
133132
res="$res$(scm_version)"
134133
elif [ "${LOCALVERSION+set}" != "set" ]; then

0 commit comments

Comments
 (0)