On Wed, Feb 28, 2018 at 06:26:03PM +0000, Luis R. Rodriguez wrote: > On Wed, Feb 28, 2018 at 01:07:23AM -0800, Josh Triplett wrote: > > On Wed, Feb 28, 2018 at 01:32:37AM +0000, Luis R. Rodriguez wrote: > > > On Tue, Feb 27, 2018 at 03:18:15PM -0800, Kees Cook wrote: > > > > On Fri, Feb 23, 2018 at 6:46 PM, Luis R. Rodriguez <mcgrof@xxxxxxxxxx> wrote: > > > > > Since we now have knobs to twiddle what used to be set on kernel > > > > > configurations we can build one base kernel configuration and modify > > > > > behaviour to mimic such kernel configurations to test them. > > > > > > > > > > Provided you build a kernel with: > > > > > > > > > > CONFIG_TEST_FIRMWARE=y > > > > > CONFIG_FW_LOADER=y > > > > > CONFIG_FW_LOADER_USER_HELPER=y > > > > > CONFIG_IKCONFIG=y > > > > > CONFIG_IKCONFIG_PROC=y > > > > > > > > > > We should now be able test all possible kernel configurations > > > > > when FW_LOADER=y. Note that when FW_LOADER=m we just don't provide > > > > > the built-in functionality of the built-in firmware. > > > > > > > > > > If you're on an old kernel and either don't have /proc/config.gz > > > > > (CONFIG_IKCONFIG_PROC) or haven't enabled CONFIG_FW_LOADER_USER_HELPER > > > > > we cannot run these dynamic tests, so just run both scripts just > > > > > as we used to before making blunt assumptions about your setup > > > > > and requirements exactly as we did before. > > > > > > > > > > Signed-off-by: Luis R. Rodriguez <mcgrof@xxxxxxxxxx> > > > > > > > > Cool. Nice to have it all in one test build now. :) > > > > > > Now what about we start discussing one kernel config only for the future? The > > > impact would be the size of the fallback mechanism. That should be a bit clear > > > in terms of size impact after this series. > > > > > > Wonder what Josh thinks as he help with tinyconfig. We could target v4.18 if > > > its sensible. > > > > Having any of these unconditionally compiled in seems likely to be a > > significant impact, both directly and because of what else it would > > implicitly prevent compiling out or removing. And the firmware loader, > > for instance, is something that many kernels or hardware will not need > > at all. > > Oh sorry, I did not mean always enabling the firmware loader, that would add > an extra 828 bytes, and 14264 bytes if the fallback mechanism is enabled as > well. > > I meant having only CONFIG_FW_LOADER=y, and removing > CONFIG_FW_LOADER_USER_HELPER so that we just always compile it in if we have > CONFIG_FW_LOADER=y, so a penalty of 13436 bytes for those who enabled the > firmware loader but hadn't before enabled the fallback mechanism. > > I'll note CONFIG_FW_LOADER_USER_HELPER is actually known to be enabled by most > distributions these days. We have an extra CONFIG_FW_LOADER_USER_HELPER_FALLBACK > but this is now just a toggle of a boolean, and actually Android is known to > enable it mostly, not other Linux distributions. Since Android enables > CONFIG_FW_LOADER_USER_HELPER_FALLBACK we know they also enable the fallback > mechanism with CONFIG_FW_LOADER_USER_HELPER_FALLBACK. > > So for folks who enable CONFIG_FW_LOADER=y, they'd now be forced to gain an > extra 13436 bytes broken down as follows: Ah, I see. If you have CONFIG_FW_LOADER and not CONFIG_FW_LOADER_USER_HELPER, then you only have the in-kernel firmware loading mechanism? Given the *substantial* size difference between the two, it seems useful to have that option. What would it gain to combine the two?
