Re: [PATCH v2] scripts: headers_install: Exit with error on config leak

From: Siddharth Gupta
Date: Tue May 05 2020 - 21:46:11 EST

Next message: Po-Hsu Lin: "Re: [PATCH] selftests/ftrace: mark irqsoff_tracer.tc test as unresolved if the test module does not exist"
Previous message: Alistair Francis: "[PATCH] spi: sun6i: Add support for GPIO chip select lines"
In reply to: Masahiro Yamada: "Re: [PATCH v2] scripts: headers_install: Exit with error on config leak"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 5/4/2020 12:18 AM, Masahiro Yamada wrote:

On Sun, May 3, 2020 at 12:29 PM Siddharth Gupta <sidgup@xxxxxxxxxxxxxx> wrote:

Misuse of CONFIG_* in UAPI headers should result in an error as it exposes
configuration of different targets to userspace.

Sorry, I missed to point out this.

This statement is not precious; it does not expose the kernel
configuration at all.

include/generated/autoconf.h is not available from userspace.
So, all the CONFIG options are undefined.

Could you reword the commit somehow?

Sure. I just meant that if a CONFIG_* is present in the UAPI header it can be set in a
userspace application that includes the header to manipulate the control flow in a
kernel that might support multiple targets.

I'll update the commit text and send out an updated patch.

Thanks,
Siddharth

Signed-off-by: Siddharth Gupta <sidgup@xxxxxxxxxxxxxx>
---
scripts/headers_install.sh | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/scripts/headers_install.sh b/scripts/headers_install.sh
index a07668a..94a8335 100755
--- a/scripts/headers_install.sh
+++ b/scripts/headers_install.sh
@@ -64,7 +64,7 @@ configs=$(sed -e '
d
' $OUTFILE)

-# The entries in the following list are not warned.
+# The entries in the following list do not result in an error.
# Please do not add a new entry. This list is only for existing ones.
# The list will be reduced gradually, and deleted eventually. (hopefully)
#
@@ -98,18 +98,19 @@ include/uapi/linux/raw.h:CONFIG_MAX_RAW_DEVS

for c in $configs
do
- warn=1
+ leak_error=1

for ignore in $config_leak_ignores
do
if echo "$INFILE:$c" | grep -q "$ignore$"; then
- warn=
+ leak_error=
break
fi
done

- if [ "$warn" = 1 ]; then
- echo "warning: $INFILE: leak $c to user-space" >&2
+ if [ "$leak_error" = 1 ]; then
+ echo "error: $INFILE: leak $c to user-space" >&2
+ exit 1
fi
done

--
Qualcomm Innovation Center, Inc. is a member of the Code Aurora Forum,
a Linux Foundation Collaborative Project

Next message: Po-Hsu Lin: "Re: [PATCH] selftests/ftrace: mark irqsoff_tracer.tc test as unresolved if the test module does not exist"
Previous message: Alistair Francis: "[PATCH] spi: sun6i: Add support for GPIO chip select lines"
In reply to: Masahiro Yamada: "Re: [PATCH v2] scripts: headers_install: Exit with error on config leak"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]