| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <28cf8d51-7530-41d5-a47b-cad5ecabd269@t-8ch.de> Date: Tue, 3 Feb 2026 13:55:05 +0100 From: Thomas Weißschuh <linux@...ssschuh.net> To: Petr Pavlu <petr.pavlu@...e.com> Cc: Nathan Chancellor <nathan@...nel.org>, Arnd Bergmann <arnd@...db.de>, Luis Chamberlain <mcgrof@...nel.org>, Sami Tolvanen <samitolvanen@...gle.com>, Daniel Gomez <da.gomez@...sung.com>, Paul Moore <paul@...l-moore.com>, James Morris <jmorris@...ei.org>, "Serge E. Hallyn" <serge@...lyn.com>, Jonathan Corbet <corbet@....net>, Madhavan Srinivasan <maddy@...ux.ibm.com>, Michael Ellerman <mpe@...erman.id.au>, Nicholas Piggin <npiggin@...il.com>, Naveen N Rao <naveen@...nel.org>, Mimi Zohar <zohar@...ux.ibm.com>, Roberto Sassu <roberto.sassu@...wei.com>, Dmitry Kasatkin <dmitry.kasatkin@...il.com>, Eric Snowberg <eric.snowberg@...cle.com>, Nicolas Schier <nicolas.schier@...ux.dev>, Daniel Gomez <da.gomez@...nel.org>, Aaron Tomlin <atomlin@...mlin.com>, "Christophe Leroy (CS GROUP)" <chleroy@...nel.org>, Nicolas Schier <nsc@...nel.org>, Nicolas Bouchinet <nicolas.bouchinet@....cyber.gouv.fr>, Xiu Jianfeng <xiujianfeng@...wei.com>, Fabian Grünbichler <f.gruenbichler@...xmox.com>, Arnout Engelen <arnout@...t.net>, Mattia Rizzolo <mattia@...reri.org>, kpcyrd <kpcyrd@...hlinux.org>, Christian Heusel <christian@...sel.eu>, Câju Mihai-Drosi <mcaju95@...il.com>, Sebastian Andrzej Siewior <bigeasy@...utronix.de>, linux-kbuild@...r.kernel.org, linux-kernel@...r.kernel.org, linux-arch@...r.kernel.org, linux-modules@...r.kernel.org, linux-security-module@...r.kernel.org, linux-doc@...r.kernel.org, linuxppc-dev@...ts.ozlabs.org, linux-integrity@...r.kernel.org Subject: Re: [PATCH v4 15/17] module: Introduce hash-based integrity checking On 2026-01-30 18:06:20+0100, Petr Pavlu wrote: > On 1/13/26 1:28 PM, Thomas Weißschuh wrote: > > Normally the .ko module files depend on a fully built vmlinux to be > > available for modpost validation and BTF generation. With > > CONFIG_MODULE_HASHES, vmlinux now depends on the modules > > to build a merkle tree. This introduces a dependency cycle which is > > impossible to satisfy. Work around this by building the modules during > > link-vmlinux.sh, after vmlinux is complete enough for modpost and BTF > > but before the final module hashes are > > I wonder if this dependency cycle could be resolved by utilizing the > split into vmlinux.unstripped and vmlinux that occurred last year. > > The idea is to create the following ordering: vmlinux.unstripped -> > modules -> vmlinux, and to patch in .module_hashes only when building > the final vmlinux. > > This would require the following: > * Split scripts/Makefile.vmlinux into two Makefiles, one that builds the > current vmlinux.unstripped and the second one that builds the final > vmlinux from it. > * Modify the top Makefile to recognize vmlinux.unstripped and update the > BTF generation rule 'modules: vmlinux' to > 'modules: vmlinux.unstripped'. > * Add the 'vmlinux: modules' ordering in the top Makefile for > CONFIG_MODULE_HASHES=y. > * Remove the patching of vmlinux.unstripped in scripts/link-vmlinux.sh > and instead move it into scripts/Makefile.vmlinux when running objcopy > to produce the final vmlinux. > > I think this approach has two main advantages: > * CONFIG_MODULE_HASHES can be made orthogonal to > CONFIG_DEBUG_INFO_BTF_MODULES. > * All dependencies are expressed at the Makefile level instead of having > scripts/link-vmlinux.sh invoke 'make -f Makefile modules'. > > Below is a rough prototype that applies on top of this series. It is a > bit verbose due to the splitting of part of scripts/Makefile.vmlinux > into scripts/Makefile.vmlinux_unstripped. That looks like a feasible alternative. Before adopting it, I'd like to hear the preference of the kbuild folks. > diff --git a/Makefile b/Makefile > index 841772a5a260..19a3beb82fa7 100644 > --- a/Makefile > +++ b/Makefile > @@ -1259,7 +1259,7 @@ vmlinux_o: vmlinux.a $(KBUILD_VMLINUX_LIBS) > vmlinux.o modules.builtin.modinfo modules.builtin: vmlinux_o > @: > > -PHONY += vmlinux > +PHONY += vmlinux.unstripped vmlinux > # LDFLAGS_vmlinux in the top Makefile defines linker flags for the top vmlinux, > # not for decompressors. LDFLAGS_vmlinux in arch/*/boot/compressed/Makefile is > # unrelated; the decompressors just happen to have the same base name, > @@ -1270,9 +1270,11 @@ PHONY += vmlinux > # https://savannah.gnu.org/bugs/?61463 > # For Make > 4.4, the following simple code will work: > # vmlinux: private export LDFLAGS_vmlinux := $(LDFLAGS_vmlinux) > -vmlinux: private _LDFLAGS_vmlinux := $(LDFLAGS_vmlinux) > -vmlinux: export LDFLAGS_vmlinux = $(_LDFLAGS_vmlinux) > -vmlinux: vmlinux.o $(KBUILD_LDS) modpost > +vmlinux.unstripped: private _LDFLAGS_vmlinux := $(LDFLAGS_vmlinux) > +vmlinux.unstripped: export LDFLAGS_vmlinux = $(_LDFLAGS_vmlinux) > +vmlinux.unstripped: vmlinux.o $(KBUILD_LDS) modpost > + $(Q)$(MAKE) -f $(srctree)/scripts/Makefile.vmlinux_unstripped > +vmlinux: vmlinux.unstripped > $(Q)$(MAKE) -f $(srctree)/scripts/Makefile.vmlinux Maybe we could keep them together in a single Makefile, and instead have different targets in it. (...) > @@ -98,70 +44,15 @@ remove-symbols := -w --strip-unneeded-symbol='__mod_device_table__*' > # To avoid warnings: "empty loadable segment detected at ..." from GNU objcopy, > # it is necessary to remove the PT_LOAD flag from the segment. > quiet_cmd_strip_relocs = OBJCOPY $@ > - cmd_strip_relocs = $(OBJCOPY) $(patsubst %,--set-section-flags %=noload,$(remove-section-y)) $< $@; \ > - $(OBJCOPY) $(addprefix --remove-section=,$(remove-section-y)) $(remove-symbols) $@ > + cmd_script_relocs = $(OBJCOPY) $(patsubst %,--set-section-flags %=noload,$(remove-section-y)) $< $@; \ > + $(OBJCOPY) $(addprefix --remove-section=,$(remove-section-y)) \ > + $(remove-symbols) \ > + $(patch-module-hashes) $@ cmd_script_relocs -> cmd_strip_relocs (...)
Powered by blists - more mailing lists