summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNathan Chancellor <nathan@kernel.org>2024-09-28 11:13:13 -0700
committerKees Cook <kees@kernel.org>2024-09-28 13:56:03 -0700
commitdd3a7ee91e0ce0b03d22e974a79e8247cc99959b (patch)
tree42987997fec506ada95a06252ad99ca6e534bd45
parent886d518ca9a6b433736f74723813d8917e407f40 (diff)
hardening: Adjust dependencies in selection of MODVERSIONS
MODVERSIONS recently grew a dependency on !COMPILE_TEST so that Rust could be more easily tested. However, this introduces a Kconfig warning when building allmodconfig with a clang version that supports RANDSTRUCT natively because RANDSTRUCT_FULL and RANDSTRUCT_PERFORMANCE select MODVERSIONS when MODULES is enabled, bypassing the !COMPILE_TEST dependency: WARNING: unmet direct dependencies detected for MODVERSIONS Depends on [n]: MODULES [=y] && !COMPILE_TEST [=y] Selected by [y]: - RANDSTRUCT_FULL [=y] && (CC_HAS_RANDSTRUCT [=y] || GCC_PLUGINS [=n]) && MODULES [=y] Add the !COMPILE_TEST dependency to the selections to clear up the warning. Fixes: 1f9c4a996756 ("Kbuild: make MODVERSIONS support depend on not being a compile test build") Signed-off-by: Nathan Chancellor <nathan@kernel.org> Link: https://lore.kernel.org/r/20240928-fix-randstruct-modversions-kconfig-warning-v1-1-27d3edc8571e@kernel.org Signed-off-by: Kees Cook <kees@kernel.org>
-rw-r--r--security/Kconfig.hardening4
1 files changed, 2 insertions, 2 deletions
diff --git a/security/Kconfig.hardening b/security/Kconfig.hardening
index 2cff851ebfd7..c9d5ca3d8d08 100644
--- a/security/Kconfig.hardening
+++ b/security/Kconfig.hardening
@@ -340,7 +340,7 @@ choice
config RANDSTRUCT_FULL
bool "Fully randomize structure layout"
depends on CC_HAS_RANDSTRUCT || GCC_PLUGINS
- select MODVERSIONS if MODULES
+ select MODVERSIONS if MODULES && !COMPILE_TEST
help
Fully randomize the member layout of sensitive
structures as much as possible, which may have both a
@@ -356,7 +356,7 @@ choice
config RANDSTRUCT_PERFORMANCE
bool "Limit randomization of structure layout to cache-lines"
depends on GCC_PLUGINS
- select MODVERSIONS if MODULES
+ select MODVERSIONS if MODULES && !COMPILE_TEST
help
Randomization of sensitive kernel structures will make a
best effort at restricting randomization to cacheline-sized