| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 26 Dec 2023 23:33:59 +0900
From: Masahiro Yamada <masahiroy@...nel.org>
To: linux-kbuild@...r.kernel.org
Cc: Ben Hutchings <ben@...adent.org.uk>,
Masahiro Yamada <masahiroy@...nel.org>,
Nathan Chancellor <nathan@...nel.org>,
Nick Desaulniers <ndesaulniers@...gle.com>,
Nicolas Schier <nicolas@...sle.eu>,
linux-kernel@...r.kernel.org
Subject: [PATCH] kbuild: deb-pkg: use build ID instead of debug link for dbg package
There are two ways of managing separate debug info files:
[1] The executable contains the .gnu_debuglink section, which specifies
the name and the CRC of the separate debug info file.
[2] The executable contains a build ID, and the corresponding debug info
file is placed in the .build-id directory.
We could do both, but the former, which 'make deb-pkg' currently does,
results in complicated installation steps because we need to manually
strip the debug sections, create debug links, and re-sign the modules.
Besides, it is not working with module compression.
This commit abandons the approach [1], and instead opts for [2].
Debian kernel commit de26137e2a9f ("Drop not needed extra step to add
debug links") also stopped adding debug links.
Signed-off-by: Masahiro Yamada <masahiroy@...nel.org>
---
scripts/package/builddeb | 32 +++++++++++++-------------------
1 file changed, 13 insertions(+), 19 deletions(-)
diff --git a/scripts/package/builddeb b/scripts/package/builddeb
index 436d55a83ab0..cc8c7a807fcc 100755
--- a/scripts/package/builddeb
+++ b/scripts/package/builddeb
@@ -49,7 +49,7 @@ install_linux_image () {
${MAKE} -f ${srctree}/Makefile INSTALL_DTBS_PATH="${pdir}/usr/lib/linux-image-${KERNELRELEASE}" dtbs_install
fi
- ${MAKE} -f ${srctree}/Makefile INSTALL_MOD_PATH="${pdir}" modules_install
+ ${MAKE} -f ${srctree}/Makefile INSTALL_MOD_PATH="${pdir}" INSTALL_MOD_STRIP=1 modules_install
rm -f "${pdir}/lib/modules/${KERNELRELEASE}/build"
# Install the kernel
@@ -110,25 +110,21 @@ install_linux_image () {
install_linux_image_dbg () {
pdir=$1
- image_pdir=$2
rm -rf ${pdir}
- for module in $(find ${image_pdir}/lib/modules/ -name *.ko -printf '%P\n'); do
- module=lib/modules/${module}
- mkdir -p $(dirname ${pdir}/usr/lib/debug/${module})
- # only keep debug symbols in the debug file
- ${OBJCOPY} --only-keep-debug ${image_pdir}/${module} ${pdir}/usr/lib/debug/${module}
- # strip original module from debug symbols
- ${OBJCOPY} --strip-debug ${image_pdir}/${module}
- # then add a link to those
- ${OBJCOPY} --add-gnu-debuglink=${pdir}/usr/lib/debug/${module} ${image_pdir}/${module}
- done
+ # Parse modules.order directly because 'make modules_install' may sign,
+ # compress modules, and then run unneeded depmod.
+ while read -r mod; do
+ mod="${mod%.o}.ko"
+ dbg="${pdir}/usr/lib/debug/lib/modules/${KERNELRELEASE}/kernel/${mod}"
+ buildid=$("${READELF}" -n "${mod}" | sed -n 's@...Build ID: \(..\)\(.*\)@\1/\2@p')
+ link="${pdir}/usr/lib/debug/.build-id/${buildid}.debug"
- # re-sign stripped modules
- if is_enabled CONFIG_MODULE_SIG_ALL; then
- ${MAKE} -f ${srctree}/Makefile INSTALL_MOD_PATH="${image_pdir}" modules_sign
- fi
+ mkdir -p "${dbg%/*}" "${link%/*}"
+ "${OBJCOPY}" --only-keep-debug "${mod}" "${dbg}"
+ ln -sf --relative "${dbg}" "${link}"
+ done < modules.order
# Build debug package
# Different tools want the image in different locations
@@ -176,9 +172,7 @@ for package in ${packages_enabled}
do
case ${package} in
*-dbg)
- # This must be done after linux-image, that is, we expect the
- # debug package appears after linux-image in debian/control.
- install_linux_image_dbg debian/linux-image-dbg debian/linux-image;;
+ install_linux_image_dbg debian/linux-image-dbg;;
linux-image-*|user-mode-linux-*)
install_linux_image debian/linux-image ${package};;
linux-libc-dev)
--
2.40.1
Powered by blists - more mailing lists