lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <49479EDE.76E4.0078.0@novell.com>
Date:	Tue, 16 Dec 2008 11:28:14 +0000
From:	"Jan Beulich" <jbeulich@...ell.com>
To:	<sam@...nborg.org>
Cc:	<linux-kernel@...r.kernel.org>
Subject: [PATCH 1/2] strip generated symbols from *.ko

This patch changes the way __crc_ symbols are being resolved from
using ld to do so to using the assembler, thus allowing these symbols
to be marked local (the linker creates then as global ones) and hence
allow stripping (for modules) or ignoring (for vmlinux) them. While at
this, also strip other generated symbols during module installation.

One potentially debatable point is the handling of the flags passeed
to gcc when translating the intermediate assembly file into an object:
passing $(c_flags) unchanged doesn't work as gcc passes --gdwarf2 to
gas whenever is sees any -g* option, even for -g0, and despite the
fact that the compiler would have already produced all necessary debug
info in the C->assembly translation phase. I took the approach of just
filtering out all -g* options, but an alternative to such negative
filtering might be to have a positive filter which might, in the ideal
case allow just all the -Wa,* options to pass through.

Signed-off-by: Jan Beulich <jbeulich@...ell.com>

---
 Makefile                    |   16 ++++++------
 scripts/Makefile.build      |   55 ++++++++++++++++++++++++++++----------------
 scripts/Makefile.modinst    |    3 +-
 scripts/genksyms/genksyms.c |   21 ++++++++++++----
 scripts/mksysmap            |    7 +----
 scripts/strip-symbols       |   22 +++++++++++++++++
 6 files changed, 85 insertions(+), 39 deletions(-)

--- 2.6.28-rc8-strip.orig/Makefile
+++ 2.6.28-rc8-strip/Makefile
@@ -601,19 +601,19 @@ MODLIB	= $(INSTALL_MOD_PATH)/lib/modules
 export MODLIB
 
 #
-#  INSTALL_MOD_STRIP, if defined, will cause modules to be
-#  stripped after they are installed.  If INSTALL_MOD_STRIP is '1', then
-#  the default option --strip-debug will be used.  Otherwise,
-#  INSTALL_MOD_STRIP will used as the options to the strip command.
-
+# INSTALL_MOD_STRIP, if defined, will cause modules to be stripped while
+# they get installed.  If INSTALL_MOD_STRIP is '1', then the default
+# options (see below) will be used.  Otherwise, INSTALL_MOD_STRIP will
+# be used as the option(s) to the objcopy command.
 ifdef INSTALL_MOD_STRIP
 ifeq ($(INSTALL_MOD_STRIP),1)
-mod_strip_cmd = $(STRIP) --strip-debug
+mod_strip_cmd = $(OBJCOPY) --strip-debug --strip-symbols \
+		$(srctree)/scripts/strip-symbols --wildcard
 else
-mod_strip_cmd = $(STRIP) $(INSTALL_MOD_STRIP)
+mod_strip_cmd = $(OBJCOPY) $(INSTALL_MOD_STRIP)
 endif # INSTALL_MOD_STRIP=1
 else
-mod_strip_cmd = true
+mod_strip_cmd = false
 endif # INSTALL_MOD_STRIP
 export mod_strip_cmd
 
--- 2.6.28-rc8-strip.orig/scripts/Makefile.build
+++ 2.6.28-rc8-strip/scripts/Makefile.build
@@ -171,30 +171,42 @@ cmd_cc_o_c = $(CC) $(c_flags) -c -o $@ $
 
 else
 # When module versioning is enabled the following steps are executed:
-# o compile a .tmp_<file>.o from <file>.c
-# o if .tmp_<file>.o doesn't contain a __ksymtab version, i.e. does
-#   not export symbols, we just rename .tmp_<file>.o to <file>.o and
+# o compile a .tmp_<file>.s from <file>.c
+# o if .tmp_<file>.s doesn't contain a __ksymtab version, i.e. does
+#   not export symbols, we just assemble .tmp_<file>.s to <file>.o and
 #   are done.
 # o otherwise, we calculate symbol versions using the good old
 #   genksyms on the preprocessed source and postprocess them in a way
-#   that they are usable as a linker script
-# o generate <file>.o from .tmp_<file>.o using the linker to
-#   replace the unresolved symbols __crc_exported_symbol with
-#   the actual value of the checksum generated by genksyms
+#   that they are usable as assembly source
+# o assemble <file>.o from .tmp_<file>.s forcing inclusion of directives
+#   defining the actual values of __crc_*, followed by objcopy-ing them
+#   to force these symbols to be local to permit stripping them later.
+s_file = $(@D)/.tmp_$(@F:.o=.s)
+v_file = $(@D)/.tmp_$(@F:.o=.v)
+tmp_o_file = $(@D)/.tmp_$(@F)
+no_g_c_flags = $(filter-out -g%,$(c_flags))
+
+cmd_genksyms =	$(CPP) -D__GENKSYMS__ $(c_flags) $<			\
+	| $(GENKSYMS) -A -a $(ARCH)					\
+		      $(if $(KBUILD_SYMTYPES),-T $(@D)/$(@F:.o=.symtypes))
+
+cmd_cc_o_c = $(CC) $(c_flags) -S -o $(s_file) $<
 
-cmd_cc_o_c = $(CC) $(c_flags) -c -o $(@D)/.tmp_$(@F) $<
 cmd_modversions =							\
-	if $(OBJDUMP) -h $(@D)/.tmp_$(@F) | grep -q __ksymtab; then	\
-		$(CPP) -D__GENKSYMS__ $(c_flags) $<			\
-		| $(GENKSYMS) $(if $(KBUILD_SYMTYPES),			\
-			      -T $(@D)/$(@F:.o=.symtypes)) -a $(ARCH)	\
-		> $(@D)/.tmp_$(@F:.o=.ver);				\
-									\
-		$(LD) $(LDFLAGS) -r -o $@ $(@D)/.tmp_$(@F) 		\
-			-T $(@D)/.tmp_$(@F:.o=.ver);			\
-		rm -f $(@D)/.tmp_$(@F) $(@D)/.tmp_$(@F:.o=.ver);	\
+	if grep -q __ksymtab $(s_file); then				\
+		if $(cmd_genksyms) > $(v_file)				\
+		   && $(CC) $(no_g_c_flags) -c -Wa,$(v_file)		\
+			    -o $(tmp_o_file) $(s_file)			\
+		   && $(OBJCOPY) -L '__crc_*' -L '___crc_*' -w		\
+				 $(tmp_o_file) $@;			\
+		then							\
+			: ;						\
+		else							\
+			rm -f $@; exit 1;				\
+		fi;							\
 	else								\
-		mv -f $(@D)/.tmp_$(@F) $@;				\
+		rm -f $(v_file);					\
+		$(CC) $(no_g_c_flags) -c -o $@ $(s_file);		\
 	fi;
 endif
 
@@ -217,7 +229,12 @@ define rule_cc_o_c
 	$(cmd_record_mcount)						  \
 	scripts/basic/fixdep $(depfile) $@ '$(call make-cmd,cc_o_c)' >    \
 	                                              $(dot-target).tmp;  \
-	rm -f $(depfile);						  \
+	if [ -r $(@D)/.tmp_$(@F:.o=.v) ]; then				  \
+		echo >> $(dot-target).tmp;				  \
+		echo '$@: $(GENKSYMS)' >> $(dot-target).tmp;		  \
+		echo '$(GENKSYMS):: ;' >> $(dot-target).tmp;		  \
+	fi;								  \
+	rm -f $(depfile) $(@D)/.tmp_$(@F:.o=.?);			  \
 	mv -f $(dot-target).tmp $(dot-target).cmd
 endef
 
--- 2.6.28-rc8-strip.orig/scripts/Makefile.modinst
+++ 2.6.28-rc8-strip/scripts/Makefile.modinst
@@ -17,7 +17,8 @@ __modinst: $(modules)
 	@:
 
 quiet_cmd_modules_install = INSTALL $@
-      cmd_modules_install = mkdir -p $(2); cp $@ $(2) ; $(mod_strip_cmd) $(2)/$(notdir $@)
+      cmd_modules_install = mkdir -p $(2); \
+			    $(mod_strip_cmd) $@ $(2)/$(notdir $@) || cp $@ $(2)
 
 # Modules built outside the kernel source tree go into extra by default
 INSTALL_MOD_DIR ?= extra
--- 2.6.28-rc8-strip.orig/scripts/genksyms/genksyms.c
+++ 2.6.28-rc8-strip/scripts/genksyms/genksyms.c
@@ -42,7 +42,7 @@ static FILE *debugfile;
 int cur_line = 1;
 char *cur_filename;
 
-static int flag_debug, flag_dump_defs, flag_dump_types, flag_warnings;
+static int flag_debug, flag_dump_defs, flag_dump_types, flag_warnings, flag_asm;
 static const char *arch = "";
 static const char *mod_prefix = "";
 
@@ -415,8 +415,11 @@ void export_symbol(const char *name)
 		if (flag_dump_defs)
 			fputs(">\n", debugfile);
 
-		/* Used as a linker script. */
-		printf("%s__crc_%s = 0x%08lx ;\n", mod_prefix, name, crc);
+		/* Used as assembly source or a linker script. */
+		printf(flag_asm
+		       ? ".equiv %s__crc_%s, %#08lx\n"
+		       : "%s__crc_%s = %#08lx ;\n",
+		       mod_prefix, name, crc);
 	}
 }
 
@@ -440,9 +443,10 @@ void error_with_pos(const char *fmt, ...
 
 static void genksyms_usage(void)
 {
-	fputs("Usage:\n" "genksyms [-adDTwqhV] > /path/to/.tmp_obj.ver\n" "\n"
+	fputs("Usage:\n" "genksyms [-aAdDTwqhV] > /path/to/.tmp_obj.ver\n" "\n"
 #ifdef __GNU_LIBRARY__
 	      "  -a, --arch            Select architecture\n"
+	      "  -A, --asm             Generate assembly rather than linker script\n"
 	      "  -d, --debug           Increment the debug level (repeatable)\n"
 	      "  -D, --dump            Dump expanded symbol defs (for debugging only)\n"
 	      "  -T, --dump-types file Dump expanded types into file (for debugging only)\n"
@@ -452,6 +456,7 @@ static void genksyms_usage(void)
 	      "  -V, --version         Print the release version\n"
 #else				/* __GNU_LIBRARY__ */
 	      "  -a                    Select architecture\n"
+	      "  -A                    Generate assembly rather than linker script\n"
 	      "  -d                    Increment the debug level (repeatable)\n"
 	      "  -D                    Dump expanded symbol defs (for debugging only)\n"
 	      "  -T file               Dump expanded types into file (for debugging only)\n"
@@ -471,6 +476,7 @@ int main(int argc, char **argv)
 #ifdef __GNU_LIBRARY__
 	struct option long_opts[] = {
 		{"arch", 1, 0, 'a'},
+		{"asm", 0, 0, 'A'},
 		{"debug", 0, 0, 'd'},
 		{"warnings", 0, 0, 'w'},
 		{"quiet", 0, 0, 'q'},
@@ -481,10 +487,10 @@ int main(int argc, char **argv)
 		{0, 0, 0, 0}
 	};
 
-	while ((o = getopt_long(argc, argv, "a:dwqVDT:h",
+	while ((o = getopt_long(argc, argv, "a:dwqVADT:h",
 				&long_opts[0], NULL)) != EOF)
 #else				/* __GNU_LIBRARY__ */
-	while ((o = getopt(argc, argv, "a:dwqVDT:h")) != EOF)
+	while ((o = getopt(argc, argv, "a:dwqVADT:h")) != EOF)
 #endif				/* __GNU_LIBRARY__ */
 		switch (o) {
 		case 'a':
@@ -502,6 +508,9 @@ int main(int argc, char **argv)
 		case 'V':
 			fputs("genksyms version 2.5.60\n", stderr);
 			break;
+		case 'A':
+			flag_asm = 1;
+			break;
 		case 'D':
 			flag_dump_defs = 1;
 			break;
--- 2.6.28-rc8-strip.orig/scripts/mksysmap
+++ 2.6.28-rc8-strip/scripts/mksysmap
@@ -37,9 +37,6 @@
 
 # readprofile starts reading symbols when _stext is found, and
 # continue until it finds a symbol which is not either of 'T', 't',
-# 'W' or 'w'. __crc_ are 'A' and placed in the middle
-# so we just ignore them to let readprofile continue to work.
-# (At least sparc64 has __crc_ in the middle).
-
-$NM -n $1 | grep -v '\( [aNUw] \)\|\(__crc_\)\|\( \$[adt]\)' > $2
+# 'W' or 'w'.
 
+$NM -n $1 | grep -v '\( [aNUw] \)\|\( \$[adt]\)' > $2
--- /dev/null
+++ 2.6.28-rc8-strip/scripts/strip-symbols
@@ -0,0 +1,22 @@
+<*>
+*.h
+__compound_literal[$.][0-9]*
+__crc_[a-zA-Z_]*
+__exitcall_[a-zA-Z_]*
+__func__[$.][0-9]*
+__FUNCTION__[$.][0-9]*
+gcc[0-9]_compiled[$.]
+__initcall_[a-zA-Z_]*
+__kcrctab_[a-zA-Z_]*
+__kstrtab_[a-zA-Z_]*
+__ksymtab_[a-zA-Z_]*
+__mod_[a-zA-Z_]*[0-9]
+__module_depends
+__param_[a-zA-Z_]*
+__pci_fixup_*PCI_ANY_IDPCI_ANY_ID*
+__pci_fixup_*PCI_ANY_IDPCI_DEVICE_ID_*
+__pci_fixup_*PCI_VENDOR_ID_*PCI_ANY_ID*
+__pci_fixup_*PCI_VENDOR_ID_*PCI_DEVICE_ID_*
+__PRETTY_FUNCTION__[$.][0-9]*
+__setup_[a-zA-Z_]*
+____versions


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ