lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Thu, 27 Sep 2007 13:35:06 +0200
From:	Sam Ravnborg <sam@...nborg.org>
To:	Jan Beulich <jbeulich@...ell.com>
Cc:	linux-kernel@...r.kernel.org
Subject: Re: [PATCH 1/2] strip generated symbols from *.ko

(private reply)

Being occupied by non-linux stuff lately but will review your patches soon.
non-linux stuff includes too little sleep because my baby girl having
yet another new teeth and it hurst...

I hope to go over it during the weekend so Ican include it in next merge window.

	Sam

On Wed, Sep 19, 2007 at 03:57:07PM +0100, Jan Beulich wrote:
> This patch changes the way __crc_ symbols are being resolved from
> using ld to do so to using the assembler, thus allowing these symbols
> to be marked local (the linker creates then as global ones) and hence
> allow stripping (for modules) or ignoring (for vmlinux) them. While at
> this, also strip other generated symbols during module installation.
> 
> One potentially debatable point is the handling of the flags passeed
> to gcc when translating the intermediate assembly file into an object:
> passing $(c_flags) unchanged doesn't work as gcc passes --gdwarf2 to
> gas whenever is sees any -g* option, even for -g0, and despite the
> fact that the compiler would have already produced all necessary debug
> info in the C->assembly translation phase. I took the approach of just
> filtering out all -g* options, but an alternative to such negative
> filtering might be to have a positive filter which might, in the ideal
> case allow just all the -Wa,* options to pass through.
> 
> Signed-off-by: Jan Beulich <jbeulich@...ell.com>
> 
> ---
>  Makefile                    |   15 ++++++------
>  scripts/Makefile.build      |   51 +++++++++++++++++++++++++++-----------------
>  scripts/Makefile.modinst    |    2 -
>  scripts/genksyms/genksyms.c |   23 ++++++++++++++-----
>  scripts/mksysmap            |    6 +----
>  scripts/strip-syms.lst      |   19 ++++++++++++++++
>  6 files changed, 78 insertions(+), 38 deletions(-)
> 
> --- 2.6.23-rc6-strip.orig/Makefile
> +++ 2.6.23-rc6-strip/Makefile
> @@ -542,19 +542,18 @@ MODLIB	= $(INSTALL_MOD_PATH)/lib/modules
>  export MODLIB
>  
>  #
> -#  INSTALL_MOD_STRIP, if defined, will cause modules to be
> -#  stripped after they are installed.  If INSTALL_MOD_STRIP is '1', then
> -#  the default option --strip-debug will be used.  Otherwise,
> -#  INSTALL_MOD_STRIP will used as the options to the strip command.
> -
> +# INSTALL_MOD_STRIP, if defined, will cause modules to be stripped while
> +# they get installed.  If INSTALL_MOD_STRIP is '1', then the default
> +# options (see below) will be used.  Otherwise, INSTALL_MOD_STRIP will
> +# be used as the option(s) to the objcopy command.
>  ifdef INSTALL_MOD_STRIP
>  ifeq ($(INSTALL_MOD_STRIP),1)
> -mod_strip_cmd = $(STRIP) --strip-debug
> +mod_strip_cmd = $(OBJCOPY) --strip-debug --strip-symbols $(srctree)/scripts/strip-syms.lst --wildcard
>  else
> -mod_strip_cmd = $(STRIP) $(INSTALL_MOD_STRIP)
> +mod_strip_cmd = $(OBJCOPY) $(INSTALL_MOD_STRIP)
>  endif # INSTALL_MOD_STRIP=1
>  else
> -mod_strip_cmd = true
> +mod_strip_cmd = false
>  endif # INSTALL_MOD_STRIP
>  export mod_strip_cmd
>  
> --- 2.6.23-rc6-strip.orig/scripts/Makefile.build
> +++ 2.6.23-rc6-strip/scripts/Makefile.build
> @@ -176,30 +176,38 @@ cmd_cc_o_c = $(CC) $(c_flags) -c -o $@ $
>  
>  else
>  # When module versioning is enabled the following steps are executed:
> -# o compile a .tmp_<file>.o from <file>.c
> -# o if .tmp_<file>.o doesn't contain a __ksymtab version, i.e. does
> -#   not export symbols, we just rename .tmp_<file>.o to <file>.o and
> +# o compile a .tmp_<file>.s from <file>.c
> +# o if .tmp_<file>.s doesn't contain a __ksymtab version, i.e. does
> +#   not export symbols, we just assemble .tmp_<file>.s to <file>.o and
>  #   are done.
>  # o otherwise, we calculate symbol versions using the good old
>  #   genksyms on the preprocessed source and postprocess them in a way
> -#   that they are usable as a linker script
> -# o generate <file>.o from .tmp_<file>.o using the linker to
> -#   replace the unresolved symbols __crc_exported_symbol with
> -#   the actual value of the checksum generated by genksyms
> +#   that they are usable as assembly source
> +# o assemble <file>.o from .tmp_<file>.s forcing inclusion of directives
> +#   defining the actual values of __crc_*, followed by objcopy-ing them
> +#   to force these symbols to be local to permit stripping them later.
>  
> -cmd_cc_o_c = $(CC) $(c_flags) -c -o $(@D)/.tmp_$(@F) $<
> +cmd_cc_o_c = $(CC) $(c_flags) -S -o $(@D)/.tmp_$(@F:.o=.s) $<
>  cmd_modversions =							\
> -	if $(OBJDUMP) -h $(@D)/.tmp_$(@F) | grep -q __ksymtab; then	\
> -		$(CPP) -D__GENKSYMS__ $(c_flags) $<			\
> -		| $(GENKSYMS) $(if $(KBUILD_SYMTYPES),			\
> -			      -T $(@D)/$(@F:.o=.symtypes)) -a $(ARCH)	\
> -		> $(@D)/.tmp_$(@F:.o=.ver);				\
> -									\
> -		$(LD) $(LDFLAGS) -r -o $@ $(@D)/.tmp_$(@F) 		\
> -			-T $(@D)/.tmp_$(@F:.o=.ver);			\
> -		rm -f $(@D)/.tmp_$(@F) $(@D)/.tmp_$(@F:.o=.ver);	\
> +	if grep -q __ksymtab $(@D)/.tmp_$(@F:.o=.s); then		\
> +		if $(CPP) -D__GENKSYMS__ $(c_flags) $<			\
> +		   | $(GENKSYMS) -A $(if $(KBUILD_SYMTYPES),		\
> +				 -T $(@D)/$(@F:.o=.symtypes)) -a $(ARCH) \
> +		   > $(@D)/.tmp_$(@F:.o=.v)				\
> +		   && $(CC) $(filter-out -g%,$(c_flags)) -c		\
> +			    -Wa,$(@D)/.tmp_$(@F:.o=.v)			\
> +			    -o $(@D)/.tmp_$(@F) $(@D)/.tmp_$(@F:.o=.s)	\
> +		   && $(OBJCOPY) -L '__crc_*' -L '___crc_*' -w		\
> +				 $(@D)/.tmp_$(@F) $@;			\
> +		then							\
> +			: ;						\
> +		else							\
> +			rm -f $@; exit 1;				\
> +		fi;							\
>  	else								\
> -		mv -f $(@D)/.tmp_$(@F) $@;				\
> +		rm -f $(@D)/.tmp_$(@F:.o=.v);				\
> +		$(CC) $(filter-out -g%,$(c_flags)) -c			\
> +		      -o $@ $(@D)/.tmp_$(@F:.o=.s);			\
>  	fi;
>  endif
>  
> @@ -209,7 +217,12 @@ define rule_cc_o_c
>  	$(cmd_modversions)						  \
>  	scripts/basic/fixdep $(depfile) $@ '$(call make-cmd,cc_o_c)' >    \
>  	                                              $(dot-target).tmp;  \
> -	rm -f $(depfile);						  \
> +	if [ -r $(@D)/.tmp_$(@F:.o=.v) ]; then				  \
> +		echo >> $(dot-target).tmp;				  \
> +		echo '$@: $(GENKSYMS)' >> $(dot-target).tmp;		  \
> +		echo '$(GENKSYMS):: ;' >> $(dot-target).tmp;		  \
> +	fi;								  \
> +	rm -f $(depfile) $(@D)/.tmp_$(@F:.o=.?);			  \
>  	mv -f $(dot-target).tmp $(dot-target).cmd
>  endef
>  
> --- 2.6.23-rc6-strip.orig/scripts/Makefile.modinst
> +++ 2.6.23-rc6-strip/scripts/Makefile.modinst
> @@ -17,7 +17,7 @@ __modinst: $(modules)
>  	@:
>  
>  quiet_cmd_modules_install = INSTALL $@
> -      cmd_modules_install = mkdir -p $(2); cp $@ $(2) ; $(mod_strip_cmd) $(2)/$(notdir $@)
> +      cmd_modules_install = mkdir -p $(2); $(mod_strip_cmd) $@ $(2)/$(notdir $@) || cp $@ $(2)
>  
>  # Modules built outside the kernel source tree go into extra by default
>  INSTALL_MOD_DIR ?= extra
> --- 2.6.23-rc6-strip.orig/scripts/genksyms/genksyms.c
> +++ 2.6.23-rc6-strip/scripts/genksyms/genksyms.c
> @@ -42,7 +42,7 @@ static FILE *debugfile;
>  int cur_line = 1;
>  char *cur_filename;
>  
> -static int flag_debug, flag_dump_defs, flag_dump_types, flag_warnings;
> +static int flag_debug, flag_dump_defs, flag_dump_types, flag_warnings, flag_asm;
>  static const char *arch = "";
>  static const char *mod_prefix = "";
>  
> @@ -415,8 +415,11 @@ void export_symbol(const char *name)
>  		if (flag_dump_defs)
>  			fputs(">\n", debugfile);
>  
> -		/* Used as a linker script. */
> -		printf("%s__crc_%s = 0x%08lx ;\n", mod_prefix, name, crc);
> +		/* Used as inline assembly or a linker script. */
> +		printf(flag_asm
> +		       ? ".equiv %s__crc_%s, 0x%08lx\n"
> +		       : "%s__crc_%s = 0x%08lx ;\n",
> +		       mod_prefix, name, crc);
>  	}
>  }
>  
> @@ -440,8 +443,10 @@ void error_with_pos(const char *fmt, ...
>  
>  static void genksyms_usage(void)
>  {
> -	fputs("Usage:\n" "genksyms [-dDwqhV] > /path/to/.tmp_obj.ver\n" "\n"
> +	fputs("Usage:\n" "genksyms [-aAdDwqhV] > /path/to/.tmp_obj.ver\n" "\n"
>  #ifdef __GNU_LIBRARY__
> +	      "  -a, --arch            Specify target architecture\n"
> +	      "  -A, --asm             Generate inline assembly rather than linker script\n"
>  	      "  -d, --debug           Increment the debug level (repeatable)\n"
>  	      "  -D, --dump            Dump expanded symbol defs (for debugging only)\n"
>  	      "  -w, --warnings        Enable warnings\n"
> @@ -449,6 +454,8 @@ static void genksyms_usage(void)
>  	      "  -h, --help            Print this message\n"
>  	      "  -V, --version         Print the release version\n"
>  #else				/* __GNU_LIBRARY__ */
> +	      "  -a                    Specify target architecture\n"
> +	      "  -A                    Generate inline assembly rather than linker script\n"
>  	      "  -d                    Increment the debug level (repeatable)\n"
>  	      "  -D                    Dump expanded symbol defs (for debugging only)\n"
>  	      "  -w                    Enable warnings\n"
> @@ -467,6 +474,7 @@ int main(int argc, char **argv)
>  #ifdef __GNU_LIBRARY__
>  	struct option long_opts[] = {
>  		{"arch", 1, 0, 'a'},
> +		{"asm", 0, 0, 'A'},
>  		{"debug", 0, 0, 'd'},
>  		{"warnings", 0, 0, 'w'},
>  		{"quiet", 0, 0, 'q'},
> @@ -477,10 +485,10 @@ int main(int argc, char **argv)
>  		{0, 0, 0, 0}
>  	};
>  
> -	while ((o = getopt_long(argc, argv, "a:dwqVDT:k:p:",
> +	while ((o = getopt_long(argc, argv, "a:dwqVADT:k:p:",
>  				&long_opts[0], NULL)) != EOF)
>  #else				/* __GNU_LIBRARY__ */
> -	while ((o = getopt(argc, argv, "a:dwqVDT:k:p:")) != EOF)
> +	while ((o = getopt(argc, argv, "a:dwqVADT:k:p:")) != EOF)
>  #endif				/* __GNU_LIBRARY__ */
>  		switch (o) {
>  		case 'a':
> @@ -498,6 +506,9 @@ int main(int argc, char **argv)
>  		case 'V':
>  			fputs("genksyms version 2.5.60\n", stderr);
>  			break;
> +		case 'A':
> +			flag_asm = 1;
> +			break;
>  		case 'D':
>  			flag_dump_defs = 1;
>  			break;
> --- 2.6.23-rc6-strip.orig/scripts/mksysmap
> +++ 2.6.23-rc6-strip/scripts/mksysmap
> @@ -36,9 +36,7 @@
>  
>  # readprofile starts reading symbols when _stext is found, and
>  # continue until it finds a symbol which is not either of 'T', 't',
> -# 'W' or 'w'. __crc_ are 'A' and placed in the middle
> -# so we just ignore them to let readprofile continue to work.
> -# (At least sparc64 has __crc_ in the middle).
> +# 'W' or 'w'.
>  
> -$NM -n $1 | grep -v '\( [aUw] \)\|\(__crc_\)\|\( \$[adt]\)' > $2
> +$NM -n $1 | grep -v '\( [aUw] \)\|\( \$[adt]\)' > $2
>  
> --- /dev/null
> +++ 2.6.23-rc6-strip/scripts/strip-syms.lst
> @@ -0,0 +1,19 @@
> +<*>
> +*.h
> +__compound_literal[$.][0-9]*
> +__crc_[a-zA-Z_]*
> +__exitcall_[a-zA-Z_]*
> +__func__[$.][0-9]*
> +__FUNCTION__[$.][0-9]*
> +gcc[0-9]_compiled[$.]
> +__initcall_[a-zA-Z_]*
> +__kcrctab_[a-zA-Z_]*
> +__kstrtab_[a-zA-Z_]*
> +__ksymtab_[a-zA-Z_]*
> +__mod_[a-zA-Z_]*[0-9]
> +__module_depends
> +__param_[a-zA-Z_]*
> +__pci_fixup_[A-Z]*
> +__PRETTY_FUNCTION__[$.][0-9]*
> +__setup_[a-zA-Z_]*
> +____versions
> 
> 
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ