On 2016-06-12 20:18, Emese Revfy wrote:

On Sun, 12 Jun 2016 15:25:39 -0700
Kees Cook [off-list ref] wrote:

quoted

I don't like this because it means if someone specifically selects
some plugins in their .config, and the headers are missing, the kernel
will successfully compile. For many plugins, this results in a kernel
that lacks the requested security features, and that I really do not
want to have happening. I'm okay leaving these disabled for compile
tests for now. We can revisit this once more distros have plugins
enabled by default.

You are right. Your patch is safer.

Why not make it so that if COMPILE_TEST is enabled, the build warns if 
it can't find the headers, otherwise it fails?  That way, people who are 
doing all*config builds but don't have the headers will still get some 
build coverage, and the people who are enabling it as a security feature 
will still get build failures.