lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 17 Feb 2020 15:22:01 +0000 From: Matthias Maennich <maennich@...gle.com> To: Quentin Perret <qperret@...gle.com> Cc: masahiroy@...nel.org, nico@...xnic.net, linux-kernel@...r.kernel.org, linux-kbuild@...r.kernel.org, kernel-team@...roid.com, jeyu@...nel.org, hch@...radead.org Subject: Re: [PATCH v4 1/3] kbuild: allow symbol whitelisting with TRIM_UNUSED_KSYMS On Wed, Feb 12, 2020 at 08:21:38PM +0000, Quentin Perret wrote: >CONFIG_TRIM_UNUSED_KSYMS currently removes all unused exported symbols >from ksymtab. This works really well when using in-tree drivers, but >cannot be used in its current form if some of them are out-of-tree. > >Indeed, even if the list of symbols required by out-of-tree drivers is >known at compile time, the only solution today to guarantee these don't >get trimmed is to set CONFIG_TRIM_UNUSED_KSYMS=n. This not only wastes >space, but also makes it difficult to control the ABI usable by vendor >modules in distribution kernels such as Android. Being able to control >the kernel ABI surface is particularly useful to ship a unique Generic >Kernel Image (GKI) for all vendors, which is a first step in the >direction of getting all vendors to contribute their code upstream. > >As such, attempt to improve the situation by enabling users to specify a >symbol 'whitelist' at compile time. Any symbol specified in this >whitelist will be kept exported when CONFIG_TRIM_UNUSED_KSYMS is set, >even if it has no in-tree user. The whitelist is defined as a simple >text file, listing symbols, one per line. > >Acked-by: Jessica Yu <jeyu@...nel.org> >Signed-off-by: Quentin Perret <qperret@...gle.com> >--- > init/Kconfig | 13 +++++++++++++ > scripts/adjust_autoksyms.sh | 5 +++++ > 2 files changed, 18 insertions(+) > >diff --git a/init/Kconfig b/init/Kconfig >index cfee56c151f1..58b672afceb2 100644 >--- a/init/Kconfig >+++ b/init/Kconfig >@@ -2210,6 +2210,19 @@ config TRIM_UNUSED_KSYMS > > If unsure, or if you need to build out-of-tree modules, say N. > >+config UNUSED_KSYMS_WHITELIST >+ string "Whitelist of symbols to keep in ksymtab" >+ depends on TRIM_UNUSED_KSYMS >+ help >+ By default, all unused exported symbols will be un-exported from the >+ build when TRIM_UNUSED_KSYMS is selected. >+ >+ UNUSED_KSYMS_WHITELIST allows to whitelist symbols that must be kept >+ exported at all times, even in absence of in-tree users. The value to >+ set here is the path to a text file containing the list of symbols, >+ one per line. The path can be absolute, or relative to the kernel >+ source tree. >+ > endif # MODULES > > config MODULES_TREE_LOOKUP >diff --git a/scripts/adjust_autoksyms.sh b/scripts/adjust_autoksyms.sh >index a904bf1f5e67..93f4d10e66e6 100755 >--- a/scripts/adjust_autoksyms.sh >+++ b/scripts/adjust_autoksyms.sh >@@ -38,6 +38,10 @@ esac > # We need access to CONFIG_ symbols > . include/config/auto.conf > >+# Use 'eval' to expand the whitelist path and check if it is relative >+eval ksym_wl="${CONFIG_UNUSED_KSYMS_WHITELIST:-/dev/null}" >+[ "${ksym_wl:0:1}" = "/" ] || ksym_wl="$abs_srctree/$ksym_wl" >+ > # Generate a new ksym list file with symbols needed by the current > # set of modules. > cat > "$new_ksyms_file" << EOT >@@ -48,6 +52,7 @@ cat > "$new_ksyms_file" << EOT > EOT > sed 's/ko$/mod/' modules.order | > xargs -n1 sed -n -e '2{s/ /\n/g;/^$/!p;}' -- | >+cat - "$ksym_wl" | In case the whitelist file can't be found, the error message is cat: path/to/file: file not found I wonder whether we can make this error message a bit more specific by telling the user that the KSYMS_WHITELIST is missing. With the above addressed (and your amend for the absolute path test), please feel free to add Tested-by: Matthias Maennich <maennich@...gle.com> Reviewed-by: Matthias Maennich <maennich@...gle.com> Cheers, Matthias > sort -u | > sed -e 's/\(.*\)/#define __KSYM_\1 1/' >> "$new_ksyms_file" > >-- >2.25.0.225.g125e21ebc7-goog >
Powered by blists - more mailing lists