CONFIG_TRIM_UNUSED_KSYMS and CONFIG_MODULES not in sync

Question

CONFIG_TRIM_UNUSED_KSYMS and CONFIG_MODULES not in sync

Churam opened this issue 3 years ago · 2 comments

It seems there is a problem with the current stable kernel (5.15.14 at the date of this issue).

The kernel option TRIM_UNUSED_KSYMS is defined in my config as:

Symbol: TRIM_UNUSED_KSYMS [=n]
Type  : bool
Defined at init/Kconfig:2301
Prompt: Trim unused exported kernel symbols
Depends on: MODULES [=n] && !COMPILE_TEST [=n]
Visible if: MODULES [=n] && !COMPILE_TEST [=n] && EXPERT [=y]
Location: 
(1) -> Enable loadable module support (MODULES [=n])

Or the script (with the setup above) outputs me:
CONFIG_TRIM_UNUSED_KSYMS | y | my | cut_attack_surface | FAIL: not found

But as the hardening requires to have MODULES = n (is not set) it is impossible to set TRIM_UNUSED_KSYMS through menuconfig.

Answer 1 · 2022-01-21T15:53:06.000Z

@Churam thanks for your report!

Fixed.

The output for your case now:

CONFIG_TRIM_UNUSED_KSYMS   |   y   |   my   | cut_attack_surface |  OK: CONFIG_MODULES "is not set"

Answer 2 · 2022-01-24T11:04:59.000Z

Fix OK
Output is now as expected, closing issue