On Wed, Feb 28, 2018 at 01:07:23AM -0800, Josh Triplett wrote:
> On Wed, Feb 28, 2018 at 01:32:37AM +0000, Luis R. Rodriguez wrote:
> > On Tue, Feb 27, 2018 at 03:18:15PM -0800, Kees Cook wrote:
> > > On Fri, Feb 23, 2018 at 6:46 PM, Luis R. Rodriguez <mcgrof@xxxxxxxxxx> wrote:
> > > > Since we now have knobs to twiddle what used to be set on kernel
> > > > configurations we can build one base kernel configuration and modify
> > > > behaviour to mimic such kernel configurations to test them.
> > > >
> > > > Provided you build a kernel with:
> > > >
> > > > CONFIG_TEST_FIRMWARE=y
> > > > CONFIG_FW_LOADER=y
> > > > CONFIG_FW_LOADER_USER_HELPER=y
> > > > CONFIG_IKCONFIG=y
> > > > CONFIG_IKCONFIG_PROC=y
> > > >
> > > > We should now be able test all possible kernel configurations
> > > > when FW_LOADER=y. Note that when FW_LOADER=m we just don't provide
> > > > the built-in functionality of the built-in firmware.
> > > >
> > > > If you're on an old kernel and either don't have /proc/config.gz
> > > > (CONFIG_IKCONFIG_PROC) or haven't enabled CONFIG_FW_LOADER_USER_HELPER
> > > > we cannot run these dynamic tests, so just run both scripts just
> > > > as we used to before making blunt assumptions about your setup
> > > > and requirements exactly as we did before.
> > > >
> > > > Signed-off-by: Luis R. Rodriguez <mcgrof@xxxxxxxxxx>
> > >
> > > Cool. Nice to have it all in one test build now. :)
> >
> > Now what about we start discussing one kernel config only for the future? The
> > impact would be the size of the fallback mechanism. That should be a bit clear
> > in terms of size impact after this series.
> >
> > Wonder what Josh thinks as he help with tinyconfig. We could target v4.18 if
> > its sensible.
>
> Having any of these unconditionally compiled in seems likely to be a
> significant impact, both directly and because of what else it would
> implicitly prevent compiling out or removing. And the firmware loader,
> for instance, is something that many kernels or hardware will not need
> at all.
Oh sorry, I did not mean always enabling the firmware loader, that would add
an extra 828 bytes, and 14264 bytes if the fallback mechanism is enabled as
well.
I meant having only CONFIG_FW_LOADER=y, and removing
CONFIG_FW_LOADER_USER_HELPER so that we just always compile it in if we have
CONFIG_FW_LOADER=y, so a penalty of 13436 bytes for those who enabled the
firmware loader but hadn't before enabled the fallback mechanism.
I'll note CONFIG_FW_LOADER_USER_HELPER is actually known to be enabled by most
distributions these days. We have an extra CONFIG_FW_LOADER_USER_HELPER_FALLBACK
but this is now just a toggle of a boolean, and actually Android is known to
enable it mostly, not other Linux distributions. Since Android enables
CONFIG_FW_LOADER_USER_HELPER_FALLBACK we know they also enable the fallback
mechanism with CONFIG_FW_LOADER_USER_HELPER_FALLBACK.
So for folks who enable CONFIG_FW_LOADER=y, they'd now be forced to gain an
extra 13436 bytes broken down as follows:
-------------------------------------------------------------------------------------------
allnoconfig with no firmware loader (with procfs enabled):
$ size vmlinux
text data bss dec hex filename
1135188 272012 1219736 2626936 281578 vmlinux
$ du -b vmlinux
1745556 vmlinux
-------------------------------------------------------------------------------------------
CONFIG_FW_LOADER=y
$ size vmlinux
text data bss dec hex filename
1137244 267984 1219716 2624944 280db0 vmlinux
$ du -b vmlinux
1746384 vmlinux
-------------------------------------------------------------------------------------------
CONFIG_FW_LOADER=y
CONFIG_FW_LOADER_USER_HELPER=y
$ size vmlinux
text data bss dec hex filename
1140554 272464 1219716 2632734 282c1e vmlinux
$ du -b vmlinux
1759820 vmlinux
Luis
