kbuild: do not include include/config/auto.conf from shell scripts

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Richard Weinberger pointed out the risk of sourcing the kernel config
from shell scripts [1], and proposed some patches [2], [3]. It is a good
point, but it took a long time because I was wondering how to fix this.

This commit goes with simple grep approach because there are only a few
scripts including the kernel configuration.

scripts/link_vmlinux.sh has references to a bunch of CONFIG options,
all of which are boolean. I added is_enabled() helper as
scripts/package/{mkdebian,builddeb} do.

scripts/gen_autoksyms.sh uses 'eval', stating "to expand the whitelist
path". I removed it since it is the issue we are trying to fix.

I was a bit worried about the cost of invoking the grep command over
again. I extracted the grep parts from it, and measured the cost. It
was approximately 0.03 sec, which I hope is acceptable.

[test code]

$ cat test-grep.sh
#!/bin/sh

is_enabled() {
grep -q "^$1=y" include/config/auto.conf
}

is_enabled CONFIG_LTO_CLANG
is_enabled CONFIG_LTO_CLANG
is_enabled CONFIG_STACK_VALIDATION
is_enabled CONFIG_UNWINDER_ORC
is_enabled CONFIG_FTRACE_MCOUNT_USE_OBJTOOL
is_enabled CONFIG_VMLINUX_VALIDATION
is_enabled CONFIG_FRAME_POINTER
is_enabled CONFIG_GCOV_KERNEL
is_enabled CONFIG_LTO_CLANG
is_enabled CONFIG_RETPOLINE
is_enabled CONFIG_X86_SMAP
is_enabled CONFIG_LTO_CLANG
is_enabled CONFIG_VMLINUX_MAP
is_enabled CONFIG_KALLSYMS_ALL
is_enabled CONFIG_KALLSYMS_ABSOLUTE_PERCPU
is_enabled CONFIG_KALLSYMS_BASE_RELATIVE
is_enabled CONFIG_DEBUG_INFO_BTF
is_enabled CONFIG_KALLSYMS
is_enabled CONFIG_DEBUG_INFO_BTF
is_enabled CONFIG_BPF
is_enabled CONFIG_BUILDTIME_TABLE_SORT
is_enabled CONFIG_KALLSYMS

$ time ./test-grep.sh
real 0m0.036s
user 0m0.027s
sys m0.009s

[1]: https://lore.kernel.org/all/1919455.eZKeABUfgV@blindfold/
[2]: https://lore.kernel.org/all/20180219092245.26404-1-richard@nod.at/
[3]: https://lore.kernel.org/all/20210920213957.1064-2-richard@nod.at/
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Reviewed-by: Nicolas Schier <n.schier@avm.de>

Masahiro Yamada 4 years ago 7d153696 b8c96a6b

+31 -36

3 changed files

expand all

scripts

gen_autoksyms.sh

link-vmlinux.sh

setlocalversion

+3 -8

scripts/gen_autoksyms.sh

··· 16 16 ;; 17 17 esac 18 18 19 - # We need access to CONFIG_ symbols 20 - . include/config/auto.conf 21 - 22 19 needed_symbols= 23 20 24 21 # Special case for modversions (see modpost.c) 25 - if [ -n "$CONFIG_MODVERSIONS" ]; then 22 + if grep -q "^CONFIG_MODVERSIONS=y$" include/config/auto.conf; then 26 23 needed_symbols="$needed_symbols module_layout" 27 24 fi 28 25 29 - ksym_wl= 30 - if [ -n "$CONFIG_UNUSED_KSYMS_WHITELIST" ]; then 31 - # Use 'eval' to expand the whitelist path and check if it is relative 32 - eval ksym_wl="$CONFIG_UNUSED_KSYMS_WHITELIST" 26 + ksym_wl=$(sed -n 's/^CONFIG_UNUSED_KSYMS_WHITELIST="$.*$"$/\1/p' include/config/auto.conf) 27 + if [ -n "$ksym_wl" ]; then 33 28 [ "${ksym_wl}" != "${ksym_wl#/}" ] || ksym_wl="$abs_srctree/$ksym_wl" 34 29 if [ ! -f "$ksym_wl" ] || [ ! -r "$ksym_wl" ]; then 35 30 echo "ERROR: '$ksym_wl' whitelist file not found" >&2

+24 -23

scripts/link-vmlinux.sh

··· 34 34 KBUILD_LDFLAGS="$2" 35 35 LDFLAGS_vmlinux="$3" 36 36 37 + is_enabled() { 38 + grep -q "^$1=y" include/config/auto.conf 39 + } 40 + 37 41 # Nice output in kbuild format 38 42 # Will be supressed by "make -s" 39 43 info() ··· 84 80 ${KBUILD_VMLINUX_LIBS} \ 85 81 --end-group" 86 82 87 - if [ -n "${CONFIG_LTO_CLANG}" ]; then 83 + if is_enabled CONFIG_LTO_CLANG; then 88 84 gen_initcalls 89 85 lds="-T .tmp_initcalls.lds" 90 86 91 - if [ -n "${CONFIG_MODVERSIONS}" ]; then 87 + if is_enabled CONFIG_MODVERSIONS; then 92 88 gen_symversions 93 89 lds="${lds} -T .tmp_symversions.lds" 94 90 fi ··· 108 104 local objtoolcmd; 109 105 local objtoolopt; 110 106 111 - if [ "${CONFIG_LTO_CLANG} ${CONFIG_STACK_VALIDATION}" = "y y" ]; then 107 + if is_enabled CONFIG_LTO_CLANG && is_enabled CONFIG_STACK_VALIDATION; then 112 108 # Don't perform vmlinux validation unless explicitly requested, 113 109 # but run objtool on vmlinux.o now that we have an object file. 114 - if [ -n "${CONFIG_UNWINDER_ORC}" ]; then 110 + if is_enabled CONFIG_UNWINDER_ORC; then 115 111 objtoolcmd="orc generate" 116 112 fi 117 113 118 114 objtoolopt="${objtoolopt} --duplicate" 119 115 120 - if [ -n "${CONFIG_FTRACE_MCOUNT_USE_OBJTOOL}" ]; then 116 + if is_enabled CONFIG_FTRACE_MCOUNT_USE_OBJTOOL; then 121 117 objtoolopt="${objtoolopt} --mcount" 122 118 fi 123 119 fi 124 120 125 - if [ -n "${CONFIG_VMLINUX_VALIDATION}" ]; then 121 + if is_enabled CONFIG_VMLINUX_VALIDATION; then 126 122 objtoolopt="${objtoolopt} --noinstr" 127 123 fi 128 124 ··· 131 127 objtoolcmd="check" 132 128 fi 133 129 objtoolopt="${objtoolopt} --vmlinux" 134 - if [ -z "${CONFIG_FRAME_POINTER}" ]; then 130 + if ! is_enabled CONFIG_FRAME_POINTER; then 135 131 objtoolopt="${objtoolopt} --no-fp" 136 132 fi 137 - if [ -n "${CONFIG_GCOV_KERNEL}" ] || [ -n "${CONFIG_LTO_CLANG}" ]; then 133 + if is_enabled CONFIG_GCOV_KERNEL || is_enabled CONFIG_LTO_CLANG; then 138 134 objtoolopt="${objtoolopt} --no-unreachable" 139 135 fi 140 - if [ -n "${CONFIG_RETPOLINE}" ]; then 136 + if is_enabled CONFIG_RETPOLINE; then 141 137 objtoolopt="${objtoolopt} --retpoline" 142 138 fi 143 - if [ -n "${CONFIG_X86_SMAP}" ]; then 139 + if is_enabled CONFIG_X86_SMAP; then 144 140 objtoolopt="${objtoolopt} --uaccess" 145 141 fi 146 142 info OBJTOOL ${1} ··· 165 161 # skip output file argument 166 162 shift 167 163 168 - if [ -n "${CONFIG_LTO_CLANG}" ]; then 164 + if is_enabled CONFIG_LTO_CLANG; then 169 165 # Use vmlinux.o instead of performing the slow LTO link again. 170 166 objs=vmlinux.o 171 167 libs= ··· 193 189 ldflags="${ldflags} ${wl}--strip-debug" 194 190 fi 195 191 196 - if [ -n "${CONFIG_VMLINUX_MAP}" ]; then 192 + if is_enabled CONFIG_VMLINUX_MAP; then 197 193 ldflags="${ldflags} ${wl}-Map=${output}.map" 198 194 fi 199 195 ··· 243 239 { 244 240 local kallsymopt; 245 241 246 - if [ -n "${CONFIG_KALLSYMS_ALL}" ]; then 242 + if is_enabled CONFIG_KALLSYMS_ALL; then 247 243 kallsymopt="${kallsymopt} --all-symbols" 248 244 fi 249 245 250 - if [ -n "${CONFIG_KALLSYMS_ABSOLUTE_PERCPU}" ]; then 246 + if is_enabled CONFIG_KALLSYMS_ABSOLUTE_PERCPU; then 251 247 kallsymopt="${kallsymopt} --absolute-percpu" 252 248 fi 253 249 254 - if [ -n "${CONFIG_KALLSYMS_BASE_RELATIVE}" ]; then 250 + if is_enabled CONFIG_KALLSYMS_BASE_RELATIVE; then 255 251 kallsymopt="${kallsymopt} --base-relative" 256 252 fi 257 253 ··· 316 312 exit 0 317 313 fi 318 314 319 - # We need access to CONFIG_ symbols 320 - . include/config/auto.conf 321 - 322 315 # Update version 323 316 info GEN .version 324 317 if [ -r .version ]; then ··· 344 343 tr ' ' '\n' | uniq | sed -e 's:^:kernel/:' -e 's/$/.ko/' > modules.builtin 345 344 346 345 btf_vmlinux_bin_o="" 347 - if [ -n "${CONFIG_DEBUG_INFO_BTF}" ]; then 346 + if is_enabled CONFIG_DEBUG_INFO_BTF; then 348 347 btf_vmlinux_bin_o=.btf.vmlinux.bin.o 349 348 if ! gen_btf .tmp_vmlinux.btf $btf_vmlinux_bin_o ; then 350 349 echo >&2 "Failed to generate BTF for vmlinux" ··· 356 355 kallsymso="" 357 356 kallsymso_prev="" 358 357 kallsyms_vmlinux="" 359 - if [ -n "${CONFIG_KALLSYMS}" ]; then 358 + if is_enabled CONFIG_KALLSYMS; then 360 359 361 360 # kallsyms support 362 361 # Generate section listing all symbols and add it into vmlinux ··· 396 395 vmlinux_link vmlinux "${kallsymso}" ${btf_vmlinux_bin_o} 397 396 398 397 # fill in BTF IDs 399 - if [ -n "${CONFIG_DEBUG_INFO_BTF}" -a -n "${CONFIG_BPF}" ]; then 398 + if is_enabled CONFIG_DEBUG_INFO_BTF && is_enabled CONFIG_BPF; then 400 399 info BTFIDS vmlinux 401 400 ${RESOLVE_BTFIDS} vmlinux 402 401 fi 403 402 404 - if [ -n "${CONFIG_BUILDTIME_TABLE_SORT}" ]; then 403 + if is_enabled CONFIG_BUILDTIME_TABLE_SORT; then 405 404 info SORTTAB vmlinux 406 405 if ! sorttable vmlinux; then 407 406 echo >&2 Failed to sort kernel tables ··· 413 412 mksysmap vmlinux System.map 414 413 415 414 # step a (see comment above) 416 - if [ -n "${CONFIG_KALLSYMS}" ]; then 415 + if is_enabled CONFIG_KALLSYMS; then 417 416 mksysmap ${kallsyms_vmlinux} .tmp_System.map 418 417 419 418 if ! cmp -s System.map .tmp_System.map; then

+4 -5

scripts/setlocalversion

··· 111 111 exit 112 112 fi 113 113 114 - if test -e include/config/auto.conf; then 115 - . include/config/auto.conf 116 - else 114 + if ! test -e include/config/auto.conf; then 117 115 echo "Error: kernelrelease not valid - run 'make prepare' to update it" >&2 118 116 exit 1 119 117 fi ··· 123 125 fi 124 126 125 127 # CONFIG_LOCALVERSION and LOCALVERSION (if set) 126 - res="${res}${CONFIG_LOCALVERSION}${LOCALVERSION}" 128 + config_localversion=$(sed -n 's/^CONFIG_LOCALVERSION="$.*$"$/\1/p' include/config/auto.conf) 129 + res="${res}${config_localversion}${LOCALVERSION}" 127 130 128 131 # scm version string if not at a tagged commit 129 - if test "$CONFIG_LOCALVERSION_AUTO" = "y"; then 132 + if grep -q "^CONFIG_LOCALVERSION_AUTO=y$" include/config/auto.conf; then 130 133 # full scm version string 131 134 res="$res$(scm_version)" 132 135 elif [ "${LOCALVERSION+set}" != "set" ]; then