lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <87jzs26zl1.fsf@oracle.com>
Date:   Wed, 04 Oct 2023 10:56:42 -0700
From:   Stephen Brennan <stephen.s.brennan@...cle.com>
To:     Randy Dunlap <rdunlap@...radead.org>, Arnd Bergmann <arnd@...db.de>
Cc:     linux-arch@...r.kernel.org, linux-kernel@...r.kernel.org,
        linux-debuggers@...r.kernel.org
Subject: Re: [PATCH 1/1] kernel/config: Introduce CONFIG_DEBUG_INFO_IKCONFIG

Randy Dunlap <rdunlap@...radead.org> writes:
> Hi,
>
> On 10/4/23 09:58, Stephen Brennan wrote:
>> The option CONFIG_IKCONFIG allows the gzip compressed kernel
>> configuration to be included into vmlinux or a module. In these cases,
>> debuggers can access the config data and use it to adjust their behavior
>> according to the configuration. However, distributions rarely enable
>> this, likely because it uses a fair bit of kernel memory which cannot be
>> swapped out.
>
> x86_64 allmodconfig is 91 KB gzipped... oh well.

Yeah, and info like BTF is much larger, yet this is the config setting
that gets trimmed out by distros :(

(This is not a criticism of BTF, just an observation)

Unfortunately I don't control it and am just trying to work around it :)

> Reviewed-by: Randy Dunlap <rdunlap@...radead.org>

Thanks!
Stephen

>> This means that in practice, the kernel configuration is rarely
>> available to debuggers.
>> 
>> So, introduce an alternative, CONFIG_DEBUG_INFO_IKCONFIG. This strategy,
>> which is only available if IKCONFIG is not already built-in, adds a
>> section ".debug_linux_ikconfig", to the vmlinux ELF. It will be stripped
>> out of the final images, but will remain in the debuginfo files. So
>> debuggers which rely on vmlinux debuginfo can have access to the kernel
>> configuration, without incurring a cost to the kernel at runtime.
>> 
>> Signed-off-by: Stephen Brennan <stephen.s.brennan@...cle.com>
>> ---
>>  include/asm-generic/vmlinux.lds.h |  3 ++-
>>  kernel/Makefile                   |  1 +
>>  kernel/configs-debug.S            | 18 ++++++++++++++++++
>>  lib/Kconfig.debug                 | 14 ++++++++++++++
>>  4 files changed, 35 insertions(+), 1 deletion(-)
>>  create mode 100644 kernel/configs-debug.S
>
>
> -- 
> ~Randy

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ