On Wed, Sep 7, 2016 at 12:15 PM, Linus Torvalds <[email protected]> wrote: > On Wed, Sep 7, 2016 at 11:36 AM, Kees Cook <[email protected]> wrote: >> >> - move page-spanning check behind a CONFIG since it's triggering false >> positives > > Hmm. I pulled this, but looking at it I realized that > > + depends on !COMPILE_TEST > > doesn't make any real sense to me. > > All it does is make sure that "make allmodconfig" doesn't actually > test that the PAGESPAN code compiles. > > It's not like that is a big cost for allmodconfig builds, but it does > mean that it gets less coverage. > > And it really makes no sense to me. We *don't* want to run with that > option enabled normally. > > I think what you actually meant was something like > > + depends on EXPERT > > which means that it does *not* get enabled in normal user builds. > > Hmm?
I guess that's true -- I was trying to think of a way to make sure it didn't get tested by 0-day syscall fuzzer on a randconfig, since I didn't want the noise. But now that I double-check this, yeah, it looks like randconfig doesn't set COMPILE_TEST. Hmpf. I will send another patch to flip this to EXPERT, and if 0-day finds issues, I can add them to the __GPF_COMP hit-list. :P -Kees -- Kees Cook Nexus Security
