lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 18 Jun 2021 13:28:36 +0200
From:   Mauro Carvalho Chehab <mchehab+huawei@...nel.org>
To:     Linux Doc Mailing List <linux-doc@...r.kernel.org>,
        Greg KH <gregkh@...uxfoundation.org>
Cc:     Mauro Carvalho Chehab <mchehab+huawei@...nel.org>,
        linux-kernel@...r.kernel.org, Jonathan Corbet <corbet@....net>,
        Jonathan Cameron <jic23@...nel.org>
Subject: [PATCH RFC 0/1] get_abi.pl: add support for ABI valitation in runtime

Hi Greg,

I was talking today with Jonathan Cameron today about how to ensure that
the ABI is not missing something.

While it would be doable to validate the ABI by searching __ATTR and similar
macros around the driver, this would probably be very complex and would
take a while to parse.

Yet, there's one way that should be quick and easier to implement:

Read the symbols from the current system in runtime, and check if
everything is declared under Documentation/ABI.

As you know, scripts/get_abi.pl has already a search command, that would
allow seeking for a symbol inside the ABI. Using a logic similar to that,
but checking for all symbols under /sys is not hard to implemenent.
That's what patch 1 does.

Right now, the results aren't exaustive (I opted this way for the RFC
version, as otherwise there will be too many symbols that won't match
the regexes generated from the What:  fields).

It basically reports results where the sysfs nodename matches one or
more What, but doesn't match the regex.

This implementation runs very quick on my desktop: it takes less than
2 seconds to run. So, it sounds a good start to help identifying what's
missing.

One of the problems with the ABI definitions is how to define wildcards
there. Different ABI declarations use different notations. For this first
RFC version, it all the above as wildcards[1]:

	<foo>
	{foo}
	[foo]
	/.../
	*

and convert them into:

	.*

[1] perhaps the better would be to just use regex on What:, as this would
    avoid extra heuristics at get_abi.pl, but this is somewhat OOT from
    this patch.

One of the first results is that some /sys symbols that are present
on *lots* of sysfs nodes, but they aren't properly defined at ABI:

	 /sys/.*/(initstate|bind|unbind)

(there are definitions, but those aren't covering all occurrences)

Another problem it caught is that slab definitions are like:
	 /sys/kernel/slab/cache/alloc_calls

Instead of using a wildcard, like:
	/sys/kernel/slab/*/alloc_calls
or:
	/sys/kernel/slab/<cache>/alloc_calls

So, they don't  match the actual symbols found at the system.

What do you think?

Regards,
Mauro

Mauro Carvalho Chehab (1):
  get_abi.pl: Check for missing symbols at the ABI specs

 scripts/get_abi.pl | 72 ++++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 70 insertions(+), 2 deletions(-)

-- 
2.31.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ