From 7d153696e5db1e37387c2f7ec06ffc8d4aac70a4 Mon Sep 17 00:00:00 2001 From: Masahiro Yamada Date: Tue, 14 Dec 2021 11:53:52 +0900 Subject: kbuild: do not include include/config/auto.conf from shell scripts Richard Weinberger pointed out the risk of sourcing the kernel config from shell scripts [1], and proposed some patches [2], [3]. It is a good point, but it took a long time because I was wondering how to fix this. This commit goes with simple grep approach because there are only a few scripts including the kernel configuration. scripts/link_vmlinux.sh has references to a bunch of CONFIG options, all of which are boolean. I added is_enabled() helper as scripts/package/{mkdebian,builddeb} do. scripts/gen_autoksyms.sh uses 'eval', stating "to expand the whitelist path". I removed it since it is the issue we are trying to fix. I was a bit worried about the cost of invoking the grep command over again. I extracted the grep parts from it, and measured the cost. It was approximately 0.03 sec, which I hope is acceptable. [test code] $ cat test-grep.sh #!/bin/sh is_enabled() { grep -q "^$1=y" include/config/auto.conf } is_enabled CONFIG_LTO_CLANG is_enabled CONFIG_LTO_CLANG is_enabled CONFIG_STACK_VALIDATION is_enabled CONFIG_UNWINDER_ORC is_enabled CONFIG_FTRACE_MCOUNT_USE_OBJTOOL is_enabled CONFIG_VMLINUX_VALIDATION is_enabled CONFIG_FRAME_POINTER is_enabled CONFIG_GCOV_KERNEL is_enabled CONFIG_LTO_CLANG is_enabled CONFIG_RETPOLINE is_enabled CONFIG_X86_SMAP is_enabled CONFIG_LTO_CLANG is_enabled CONFIG_VMLINUX_MAP is_enabled CONFIG_KALLSYMS_ALL is_enabled CONFIG_KALLSYMS_ABSOLUTE_PERCPU is_enabled CONFIG_KALLSYMS_BASE_RELATIVE is_enabled CONFIG_DEBUG_INFO_BTF is_enabled CONFIG_KALLSYMS is_enabled CONFIG_DEBUG_INFO_BTF is_enabled CONFIG_BPF is_enabled CONFIG_BUILDTIME_TABLE_SORT is_enabled CONFIG_KALLSYMS $ time ./test-grep.sh real 0m0.036s user 0m0.027s sys m0.009s [1]: https://lore.kernel.org/all/1919455.eZKeABUfgV@blindfold/ [2]: https://lore.kernel.org/all/20180219092245.26404-1-richard@nod.at/ [3]: https://lore.kernel.org/all/20210920213957.1064-2-richard@nod.at/ Signed-off-by: Masahiro Yamada Reviewed-by: Nicolas Schier --- scripts/setlocalversion | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) (limited to 'scripts/setlocalversion') diff --git a/scripts/setlocalversion b/scripts/setlocalversion index 6b54e46a0f12..d06137405190 100755 --- a/scripts/setlocalversion +++ b/scripts/setlocalversion @@ -111,9 +111,7 @@ if $scm_only; then exit fi -if test -e include/config/auto.conf; then - . include/config/auto.conf -else +if ! test -e include/config/auto.conf; then echo "Error: kernelrelease not valid - run 'make prepare' to update it" >&2 exit 1 fi @@ -125,10 +123,11 @@ if test ! "$srctree" -ef .; then fi # CONFIG_LOCALVERSION and LOCALVERSION (if set) -res="${res}${CONFIG_LOCALVERSION}${LOCALVERSION}" +config_localversion=$(sed -n 's/^CONFIG_LOCALVERSION="\(.*\)"$/\1/p' include/config/auto.conf) +res="${res}${config_localversion}${LOCALVERSION}" # scm version string if not at a tagged commit -if test "$CONFIG_LOCALVERSION_AUTO" = "y"; then +if grep -q "^CONFIG_LOCALVERSION_AUTO=y$" include/config/auto.conf; then # full scm version string res="$res$(scm_version)" elif [ "${LOCALVERSION+set}" != "set" ]; then -- cgit v1.2.3 From 129ab0d2d9f38b9d43df35235fc66c6740d6928b Mon Sep 17 00:00:00 2001 From: Masahiro Yamada Date: Tue, 14 Dec 2021 11:53:53 +0900 Subject: kbuild: do not quote string values in include/config/auto.conf The previous commit fixed up all shell scripts to not include include/config/auto.conf. Now that include/config/auto.conf is only included by Makefiles, we can change it into a more Make-friendly form. Previously, Kconfig output string values enclosed with double-quotes (both in the .config and include/config/auto.conf): CONFIG_X="foo bar" Unlike shell, Make handles double-quotes (and single-quotes as well) verbatim. We must rip them off when used. There are some patterns: [1] $(patsubst "%",%,$(CONFIG_X)) [2] $(CONFIG_X:"%"=%) [3] $(subst ",,$(CONFIG_X)) [4] $(shell echo $(CONFIG_X)) These are not only ugly, but also fragile. [1] and [2] do not work if the value contains spaces, like CONFIG_X=" foo bar " [3] does not work correctly if the value contains double-quotes like CONFIG_X="foo\"bar" [4] seems to work better, but has a cost of forking a process. Anyway, quoted strings were always PITA for our Makefiles. This commit changes Kconfig to stop quoting in include/config/auto.conf. These are the string type symbols referenced in Makefiles or scripts: ACPI_CUSTOM_DSDT_FILE ARC_BUILTIN_DTB_NAME ARC_TUNE_MCPU BUILTIN_DTB_SOURCE CC_IMPLICIT_FALLTHROUGH CC_VERSION_TEXT CFG80211_EXTRA_REGDB_KEYDIR EXTRA_FIRMWARE EXTRA_FIRMWARE_DIR EXTRA_TARGETS H8300_BUILTIN_DTB INITRAMFS_SOURCE LOCALVERSION MODULE_SIG_HASH MODULE_SIG_KEY NDS32_BUILTIN_DTB NIOS2_DTB_SOURCE OPENRISC_BUILTIN_DTB SOC_CANAAN_K210_DTB_SOURCE SYSTEM_BLACKLIST_HASH_LIST SYSTEM_REVOCATION_KEYS SYSTEM_TRUSTED_KEYS TARGET_CPU UNUSED_KSYMS_WHITELIST XILINX_MICROBLAZE0_FAMILY XILINX_MICROBLAZE0_HW_VER XTENSA_VARIANT_NAME I checked them one by one, and fixed up the code where necessary. Signed-off-by: Masahiro Yamada --- scripts/setlocalversion | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'scripts/setlocalversion') diff --git a/scripts/setlocalversion b/scripts/setlocalversion index d06137405190..af4754a35e66 100755 --- a/scripts/setlocalversion +++ b/scripts/setlocalversion @@ -123,7 +123,7 @@ if test ! "$srctree" -ef .; then fi # CONFIG_LOCALVERSION and LOCALVERSION (if set) -config_localversion=$(sed -n 's/^CONFIG_LOCALVERSION="\(.*\)"$/\1/p' include/config/auto.conf) +config_localversion=$(sed -n 's/^CONFIG_LOCALVERSION=\(.*\)$/\1/p' include/config/auto.conf) res="${res}${config_localversion}${LOCALVERSION}" # scm version string if not at a tagged commit -- cgit v1.2.3