From: Kees Cook <keescook@chromium.org>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Christoph Hellwig <hch@infradead.org>,
Cristina Moraru <cristina.moraru09@gmail.com>,
ksummit <ksummit-discuss@lists.linuxfoundation.org>,
Michal Hocko <mhocko@kernel.org>
Subject: Re: [Ksummit-discuss] [TECH TOPIC] is Kconfig a bit hard sometimes?
Date: Tue, 27 Jun 2017 13:53:00 -0700 [thread overview]
Message-ID: <CAGXu5jKeORY3Djv1EFNitdc=7X9rdvRekBiu2mRTER_Z6nJ=Mw@mail.gmail.com> (raw)
In-Reply-To: <CA+55aFyvssxg63UoQ-rOaf1TMacJ6T5jyLkWECosQJ_N=9gaaQ@mail.gmail.com>
On Tue, Jun 27, 2017 at 12:27 PM, Linus Torvalds
<torvalds@linux-foundation.org> wrote:
> No. The defconfigs are useless. They are fundamentally broken, excatly
> because there is never one config that can work.
>
> They do need to be of the "kvmconfig" type, but for sane subconfirurations.
>
> So I'd look for something like
>
> make modernpcconfig # enable minimal modern PC workstation stuff
> make f25config # enable minimal stuff required for F25
> make amdconfig # enable the core modern AMD stuff
>
> or something like that.
>
> But it's not going to happen, because everybody thinks *their* code is
> so supremely important, so the "minimal config" is literally a doomed
> concept ;(
I'd be curious to see someone try this anyway, just to see how it
turns out. It's been suggested to me before for hardening features,
(e.g. "make hardenedconfig") and I think it would turn out better than
trying to encode it directly in Kconfig itself. Each kernel release
can have its "make *config" targets updated as the individual CONFIGs
change... though I suspect it might bitrot... But it would be nice to
add "make paranoidconfig" to the above set of make *config runs.
I know I won't have time to do this in the near future, though, so the
best I've done is spew paranoid default suggestions into the KSPP wiki
instead[1]. My plan for spending time on Kconfig currently is to try
to get the compiler feature detection[2] working sanely.
-Kees
[1] http://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project/Recommended_Settings
[2] http://www.spinics.net/lists/linux-kbuild/msg15070.html
--
Kees Cook
Pixel Security
next prev parent reply other threads:[~2017-06-27 20:53 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-06-27 13:58 Sergey Senozhatsky
2017-06-27 17:18 ` Linus Torvalds
2017-06-27 18:44 ` Luis R. Rodriguez
2017-06-27 19:27 ` Linus Torvalds
2017-06-27 20:53 ` Kees Cook [this message]
2017-06-27 21:16 ` Olof Johansson
2017-06-27 21:36 ` Linus Torvalds
2017-06-27 23:10 ` Serge E. Hallyn
2017-06-28 0:09 ` Luis R. Rodriguez
2017-06-28 0:14 ` Linus Torvalds
2017-06-28 0:26 ` Luis R. Rodriguez
2017-06-28 3:54 ` Stephen Hemminger
[not found] ` <CAFhKne-o0S8fMo_XD_aUk2Rf7VbDhgO+PT_bjnM-9WpKfnWBvw@mail.gmail.com>
[not found] ` <CAFhKne8FE=17wNdp=Svf2Z2tADok6htfYqTABEiZUrCOyeMaYg@mail.gmail.com>
2017-06-28 13:35 ` Matthew Wilcox
2017-06-28 17:56 ` Geert Uytterhoeven
2017-06-29 10:02 ` Mauro Carvalho Chehab
2017-06-28 0:11 ` Linus Torvalds
2017-06-29 10:23 ` Mauro Carvalho Chehab
2017-06-28 12:58 ` Dan Carpenter
2017-06-30 17:11 ` Steven Rostedt
2017-06-30 17:52 ` Darren Hart
2017-06-30 17:58 ` Darren Hart
2017-07-01 17:24 ` Hannes Reinecke
2017-06-27 20:41 ` Kees Cook
2017-07-06 14:40 ` Dan Carpenter
2017-07-06 14:41 ` [Ksummit-discuss] [PATCH 1/2] kconfig: add a silent option to conf_write() Dan Carpenter
2017-07-06 15:08 ` Steven Rostedt
2017-07-06 14:42 ` [Ksummit-discuss] [PATCH 2/2] kconfig: new command line kernel configuration tool Dan Carpenter
2017-07-07 5:55 ` Krzysztof Kozlowski
2017-07-07 9:02 ` Dan Carpenter
2017-07-09 3:56 ` Linus Walleij
2017-07-09 8:31 ` Geert Uytterhoeven
2017-07-09 17:03 ` Randy Dunlap
2017-07-09 19:43 ` Geert Uytterhoeven
2017-07-09 17:32 ` Frank Rowand
2017-07-10 9:44 ` Geert Uytterhoeven
2017-07-10 11:15 ` Dan Carpenter
2017-07-06 16:41 ` [Ksummit-discuss] [TECH TOPIC] is Kconfig a bit hard sometimes? Linus Torvalds
2017-07-06 17:11 ` Randy Dunlap
2017-07-07 11:36 ` Dan Carpenter
2017-07-10 17:15 ` Luck, Tony
2017-07-10 17:33 ` Alexandre Belloni
2017-07-10 18:28 ` Linus Torvalds
2017-07-10 19:44 ` Randy Dunlap
2017-07-11 6:21 ` Valentin Rothberg
2017-07-06 21:19 ` Laurent Pinchart
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAGXu5jKeORY3Djv1EFNitdc=7X9rdvRekBiu2mRTER_Z6nJ=Mw@mail.gmail.com' \
--to=keescook@chromium.org \
--cc=cristina.moraru09@gmail.com \
--cc=hch@infradead.org \
--cc=ksummit-discuss@lists.linuxfoundation.org \
--cc=mhocko@kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox