lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20231027171756.1241002-2-stephen.s.brennan@oracle.com>
Date:   Fri, 27 Oct 2023 10:17:56 -0700
From:   Stephen Brennan <stephen.s.brennan@...cle.com>
To:     Arnd Bergmann <arnd@...db.de>
Cc:     linux-arch@...r.kernel.org, linux-kernel@...r.kernel.org,
        linux-debuggers@...r.kernel.org,
        Mike Christie <michael.christie@...cle.com>,
        Geert Uytterhoeven <geert+renesas@...der.be>,
        "Christian Brauner (Microsoft)" <brauner@...nel.org>,
        Petr Mladek <pmladek@...e.com>, Marco Elver <elver@...gle.com>,
        Randy Dunlap <rdunlap@...radead.org>,
        Douglas Anderson <dianders@...omium.org>,
        Maninder Singh <maninder1.s@...sung.com>,
        Luis Chamberlain <mcgrof@...nel.org>,
        Nick Desaulniers <ndesaulniers@...gle.com>,
        Zhen Lei <thunder.leizhen@...wei.com>,
        Kees Cook <keescook@...omium.org>,
        Zhaoyang Huang <zhaoyang.huang@...soc.com>,
        Stephen Brennan <stephen.s.brennan@...cle.com>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Sami Tolvanen <samitolvanen@...gle.com>
Subject: [PATCH v3 1/1] kernel/config: Introduce CONFIG_DEBUG_INFO_IKCONFIG

The option CONFIG_IKCONFIG allows the gzip compressed kernel
configuration to be included into vmlinux or a module. In these cases,
debuggers can access the config data and use it to adjust their behavior
according to the configuration. However, distributions rarely enable
this, likely because it uses a fair bit of kernel memory which cannot be
swapped out.

This means that in practice, the kernel configuration is rarely
available to debuggers.

So, introduce an alternative, CONFIG_DEBUG_INFO_IKCONFIG. This strategy,
which is only available if IKCONFIG is not already built-in, adds a
section ".debug_linux_ikconfig", to the vmlinux ELF. It will be stripped
out of the final images, but will remain in the debuginfo files. So
debuggers which rely on vmlinux debuginfo can have access to the kernel
configuration, without incurring a cost to the kernel at runtime.

The configuration is enabled whenever DEBUG_INFO=y and IKCONFIG!=y. The
added section is not large compared to debug info sizes. It won't affect
the runtime kernel at all, and this default will ensure that
distributions intending to create useful debuginfo will get this new
addition for kernel debuggers.

Signed-off-by: Stephen Brennan <stephen.s.brennan@...cle.com>
---
 include/asm-generic/vmlinux.lds.h |  3 ++-
 kernel/Makefile                   |  2 ++
 kernel/configs-debug.S            | 18 ++++++++++++++++++
 lib/Kconfig.debug                 | 15 +++++++++++++++
 4 files changed, 37 insertions(+), 1 deletion(-)
 create mode 100644 kernel/configs-debug.S

diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h
index 9c59409104f6..025b0bfe17bf 100644
--- a/include/asm-generic/vmlinux.lds.h
+++ b/include/asm-generic/vmlinux.lds.h
@@ -824,7 +824,8 @@
 		.comment 0 : { *(.comment) }				\
 		.symtab 0 : { *(.symtab) }				\
 		.strtab 0 : { *(.strtab) }				\
-		.shstrtab 0 : { *(.shstrtab) }
+		.shstrtab 0 : { *(.shstrtab) }				\
+		.debug_linux_ikconfig 0 : { *(.debug_linux_ikconfig) }
 
 #ifdef CONFIG_GENERIC_BUG
 #define BUG_TABLE							\
diff --git a/kernel/Makefile b/kernel/Makefile
index 3947122d618b..ab28e7d9aa15 100644
--- a/kernel/Makefile
+++ b/kernel/Makefile
@@ -138,8 +138,10 @@ KCSAN_SANITIZE_stackleak.o := n
 KCOV_INSTRUMENT_stackleak.o := n
 
 obj-$(CONFIG_SCF_TORTURE_TEST) += scftorture.o
+obj-$(CONFIG_DEBUG_INFO_IKCONFIG) += configs-debug.o
 
 $(obj)/configs.o: $(obj)/config_data.gz
+$(obj)/configs-debug.o: $(obj)/config_data.gz
 
 targets += config_data config_data.gz
 $(obj)/config_data.gz: $(obj)/config_data FORCE
diff --git a/kernel/configs-debug.S b/kernel/configs-debug.S
new file mode 100644
index 000000000000..d0dd5c2f7bd5
--- /dev/null
+++ b/kernel/configs-debug.S
@@ -0,0 +1,18 @@
+/* SPDX-License-Identifier: GPL-2.0-only
+ *
+ * Inline kernel configuration for debuginfo files
+ *
+ * Copyright (c) 2023, Oracle and/or its affiliates.
+ */
+
+/*
+ * By using the same "IKCFG_ST" and "IKCFG_ED" markers found in configs.c, we
+ * can ensure that the resulting debuginfo files can be read by
+ * scripts/extract-ikconfig. Unfortunately, this means that the contents of the
+ * section cannot be directly extracted and used. Since debuggers should be able
+ * to trim these markers off trivially, this is a good tradeoff.
+ */
+	.section .debug_linux_ikconfig
+	.ascii "IKCFG_ST"
+	.incbin "kernel/config_data.gz"
+	.ascii "IKCFG_ED"
diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug
index fa307f93fa2e..c43a874ea584 100644
--- a/lib/Kconfig.debug
+++ b/lib/Kconfig.debug
@@ -429,6 +429,21 @@ config GDB_SCRIPTS
 	  instance. See Documentation/dev-tools/gdb-kernel-debugging.rst
 	  for further details.
 
+config DEBUG_INFO_IKCONFIG
+	bool "Embed KConfig in debuginfo, if not already present"
+	depends on IKCONFIG!=y
+	default y if IKCONFIG!=y
+	help
+	  This provides the gzip-compressed KConfig information in an ELF
+	  section called .ikconfig which will be stripped out of the final
+	  bootable image, but remain in the debuginfo. Debuggers that are aware
+	  of this can use this to customize their behavior to the kernel
+	  configuration, without requiring the configuration information to be
+	  stored in the kernel like CONFIG_IKCONFIG does. This configuration is
+	  unnecessary when CONFIG_IKCONFIG is enabled, since the data can be
+	  found in the .rodata section in that case (see
+	  scripts/extract-ikconfig).
+
 endif # DEBUG_INFO
 
 config FRAME_WARN
-- 
2.39.3

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ