[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Proposal for consistent Kconfig usage by the hypervisor build system

  • To: Jan Beulich <jbeulich@xxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
  • Date: Thu, 2 Feb 2023 15:51:14 +0000
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=EZqStkqnQ+mR7F3QJ1g3SimZ7kMr6Edjvzbno+Xi1kE=; b=MBmaazjReMnVZ9iN9bQtAvKGCwZkGoJYb5DacjEwCsLvKScICmAamwEGKxqRsfD/6ek6MlQmkTnxiznXdKzuXBKyYH9BZUFR7bNIBgOvxHE+TmFBtCuP3T/Cml4Ff6ydehSKI5qBmJs4TWAbkvBFmBUZOga5RUSHAowGDF3OitT+t2rFEMiBhQDYvOuQfPzVpIA22vf8UoRlvK523qiKPGKKqjVVaaFhsQgUHte/mQGiVoQiKeYAVwHPX3nUcRP6JEWvwGyoK5IiMphLUEp6rjM8pBU/eJLfsrx0vRupNnr1DiOfuk/5f3FfVj3OAyan37dhgee0DkAbIJXOOnBFtQ==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=L2S+lt0o7rkZ7WZcr7KvrXJenaPyUhHiTpanwrvjB4hT9arm/FtKbVoppWBNAp5j20awxsC1hJ4UU4WZxzYRN86EbCFRtj400gyOBmddjpwOS8WzK3C6Lhj9TrXlY2+bOsK3jAFBh5Ou1uCRvx6ayNAGpW8HiRA8Tup8NbevEQ+xYK79kCwwsjtQKSJpVUsWipbWpFvsL9P9xvWDh503X0lri87W0wz9fqjrxwCejYvbtm0xx9Zf0ngO0y44aeAxctwBvTPGl4MSLDDlj+2FQkXPNRcgwDF9xUX99+AzCQZGpNALWGJXiJtwKN0Q6YkIGM3i97WRr4QJ6EfnycHe8w==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;
  • Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>
  • Delivery-date: Thu, 02 Feb 2023 15:51:53 +0000
  • Ironport-data: A9a23:F9L4pKtmCR/dZptNgoE52UNaXufnVJxfMUV32f8akzHdYApBsoF/q tZmKTqAOf7eZzCnKIggaYvk9B9TvJWAztBhQAFkrCk0FS4W+JbJXdiXEBz9bniYRiHhoOCLz O1FM4Wdc5pkJpP4jk3wWlQ0hSAkjclkfpKlVKiffHg0HVU/IMsYoUoLs/YjhYJ1isSODQqIu Nfjy+XSI1bg0DNvWo4uw/vrRChH4bKj51v0gnRkPaoQ5AWGzSFPZH4iDfrZw0XQE9E88tGSH 44v/JnhlkvF8hEkDM+Sk7qTWiXmlZaLYGBiIlIPM0STqkAqSh4ai87XB9JFAatjsB2bnsgZ9 Tl4ncfYpTHFnEH7sL91vxFwS0mSNEDdkVPNCSDXXce7lyUqf5ZwqhnH4Y5f0YAwo45K7W9yG fMwE3cmdw+j29yKxuineLU1rcoxPOq3BdZK0p1g5Wmx4fcOZ7nmGv+PyfoGmTA6i4ZJAOrUY NcfZXx3dhPcbhZTO1ARTpUjgOOvgXq5eDpdwL6XjfNvvy6Pk0osgf60bou9lt+iHK25mm6xo G7c8nu/KRYdLNGFkhKO8262h/+JliT+MG4XPOzlqqYw3wXIroAVIB0pa0Pmmf+ysFe/CtREI E8Q03VtlpFnoSRHSfG4BXVUukWsvBQRRt5RGO0S8xyWx+zf5APxLngJSHtNZcIrsOcyRCc2z RmZktXxHzttvbaJD3WH+d+8ry62OCUTBX8PY2kDVwRty8L4vIg5gxbLT9BiOK24lNv4HXf32 T/ihDc6r6Uei4gMzarTwLzcqzelp5yMQgtr4AzSBzih9lkgOt/jYJG041/G6/oGNJyeUlSKo HkDnY6Z8fwKCpaO0ieKRY3hAY2U2hpMCxWE6XYHInXr32/FF6KLFWyI3AxDGQ==
  • Ironport-hdrordr: A9a23:LeZi/q2lwWLftGmDQsu4wAqjBHYkLtp133Aq2lEZdPU0SKGlfq GV7ZEmPHrP4gr5N0tOpTntAse9qBDnhPxICOsqXYtKNTOO0AeVxelZhrcKqAeQeBEWmNQ96U 9hGZIOcuEZDzJB/LvHCN/TKadd/DGFmprY+ts31x1WPGVXgzkL1XYANu6ceHcGIzVuNN4CO7 e3wNFInDakcWR/VLXBOpFUN9KzweEijfjdEGc7OyI=
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 12/01/2023 4:52 pm, Jan Beulich wrote:
> (re-sending with REST on Cc, as requested at the community call)
>
> At present we use a mix of Makefile and Kconfig driven capability checks for
> tool chain components involved in the building of the hypervisor.  What 
> approach
> is used where is in some part a result of the relatively late introduction of
> Kconfig into the build system, but in other places also simply a result of
> different taste of different contributors.  Switching to a uniform model,
> however, has drawbacks as well:
>  - A uniformly Makefile based model is not in line with Linux, where Kconfig 
> is
>    actually coming from (at least as far as we're concerned; there may be
>    earlier origins).  This model is also being disliked by some community
>    members.
>  - A uniformly Kconfig based model suffers from a weakness of Kconfig in that
>    dependent options are silently turned off when dependencies aren't met.

This is deliberate behaviour of Kconfig, and not related to toolchain
dependences.

Exactly the same thing happens for a change that edits a regular
dependency, or inserts/removes an option.

>   This
>    has the undesirable effect that a carefully crafted .config may be silently
>    converted to one with features turned off which were intended to be on.

The Makefile model does exactly the same.  It *will* check feature
availability of the toolchain, and *will* modify code generation as a
result.

The programmer just doesn't get to see this because there's no written
record of it happening when it's not encoded in Kconfig.

>    While this could be deemed expected behavior when a dependency is also an
>    option which was selected by the person configuring the hypervisor, it
>    certainly can be surprising when the dependency is an auto-detected tool
>    chain capability.  Furthermore there's no automatic re-running of kconfig 
> if
>    any part of the tool chain changed.  (Despite knowing of this in principle,
>    I've still been hit by this more than once in the past: If one rebuilds a
>    tree which wasn't touched for a while, and if some time has already passed
>    since the updating to the newer component, one may not immediately make the
>    connection.)
>
> Therefore I'd like to propose that we use an intermediate model: Detected tool
> chain capabilities (and alike) may only be used to control optimization (i.e.
> including their use as dependencies for optimization controls) and to 
> establish
> the defaults of options.  They may not be used to control functionality, i.e.
> they may in particular not be specified as a dependency of an option 
> controlling
> functionality.  This way unless defaults were overridden things will build, 
> and
> non-default settings will be honored (albeit potentially resulting in a build
> failure).
>
> For example
>
> config AS_VMX
>       def_bool $(as-instr,vmcall)
>
> would be okay (as long as we have fallback code to deal with the case of too
> old an assembler; raising the baseline there is a separate topic), but instead
> of what we have currently
>
> config XEN_SHSTK
>       bool "Supervisor Shadow Stacks"
>       default HAS_AS_CET_SS

Yes.  This is very intentional, and is AFAICT an example of something
which cannot be encoded in the existing Makefile scheme.

There is a tonne of stuff we can only do with proper toolchain support. 
CET (both shstk, and ibt) are examples, and plenty more to come, where
playing around with .byte in older toolchains simply will not work.

There are also plenty of cases where it would be technically possible,
but the cost of doing so is so large that it's not going to happen.

> would be the way to go.
>
> It was additionally suggested that, for a better user experience, unmet
> dependencies which are known to result in build failures (which at times may 
> be
> hard to associate back with the original cause) would be re-checked by 
> Makefile
> based logic, leading to an early build failure with a comprehensible error
> message.  Personally I'd prefer this to be just warnings (first and foremost 
> to
> avoid failing the build just because of a broken or stale check), but I can 
> see
> that they might be overlooked when there's a lot of other output.  In any 
> event
> we may want to try to figure an approach which would make sufficiently sure 
> that
> Makefile and Kconfig checks don't go out of sync.

This is a brand new feature request.  But it looks like you're trying to
reinvent ./configure without using ./configure.

~Andrew

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.