Message ID | 20231130120552.6735-1-bp@alien8.de |
---|---|
State | New |
Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org> Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:bcd1:0:b0:403:3b70:6f57 with SMTP id r17csp333166vqy; Thu, 30 Nov 2023 04:06:35 -0800 (PST) X-Google-Smtp-Source: AGHT+IHDLhW25bkdFBZ8VFgCU5ad2qe43DCWsJx642h7WzAyunJF1i4hrWQoYGjDf8lfa5t2dIiT X-Received: by 2002:a05:6a00:3922:b0:6cb:4c84:43ce with SMTP id fh34-20020a056a00392200b006cb4c8443cemr26137890pfb.34.1701345994817; Thu, 30 Nov 2023 04:06:34 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1701345994; cv=none; d=google.com; s=arc-20160816; b=IgbaITEe8xZfHGTPdWaDA/IuHAxkLJgjgrUC8zEGHaxEFvAEErrgE+fXQxj6BX9k17 DQhr+pXUnr+/5pgsC0hdfkNHXh3JXk2tZUOyXPE826tpuXGKXJtZt7W9PVsE4mMAFw2Q t8gSsevJuv8Ee8LUxul9VLrONANzwgYEX9qyDiwSiRfIekgVGFa+Xcy49QKU6nvI6trO Ev6quSHqx8/zNSgFgBBE/i24M4lVjHF7MORgTKgrXzEVHhCIN6twl5PhMU8X/MFnxVu5 3sUkCi7rul6r8Eu5s29nRnzHlkxPLQFswZRhYS8uGv8xWsiZrpp6nLWP4obF7NVzWYWK ZQpg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=WmXbJPLu4rD4lHwr/W70R2ftl+Sc9syKdfXB0i0Pdb8=; fh=yRofEPOsMYSFYi/7/f3tXB782BWAy0107oR1j5aafGk=; b=AdMGELKa2G4IqgXoyGDGmtcZD9YgHgk53aNjrkNrzN2NvMuJZToWqlMsoEJOZRHKGw BJSa9mqkdYrbL+EAhiHNTObxEjWH7n9h4ffNSjM1qIaB2xH3mV6sWeh9vRWteA46tcI7 00xXYz30hiQWv9vBwEHeX+vKWaaQJlEKQjBmqA38uqkFOFmv67UjM7dd74ALBBjcAkp4 rJ4TISG6g3x+JE+DPlJSe6Yud+/91qH8G8r9Wyw9YDdAR2j5t8msNk4ZJBQI5g6zUD+o ZoLFY01HrKhwax8uscfUbBQJGqhVZC9PLwjLhsCxaAZF1Idl8yEcndwrQALdGXfPYAgx vSGA== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@alien8.de header.s=alien8 header.b=d+EtK9Ab; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alien8.de Received: from groat.vger.email (groat.vger.email. [23.128.96.35]) by mx.google.com with ESMTPS id m3-20020a632603000000b005644a9be955si1266239pgm.179.2023.11.30.04.06.25 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 30 Nov 2023 04:06:34 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) client-ip=23.128.96.35; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@alien8.de header.s=alien8 header.b=d+EtK9Ab; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alien8.de Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by groat.vger.email (Postfix) with ESMTP id 481DD8028BBC; Thu, 30 Nov 2023 04:06:21 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at groat.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345262AbjK3MGK (ORCPT <rfc822;ruipengqi7@gmail.com> + 99 others); Thu, 30 Nov 2023 07:06:10 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60666 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345246AbjK3MGD (ORCPT <rfc822;linux-kernel@vger.kernel.org>); Thu, 30 Nov 2023 07:06:03 -0500 Received: from mail.alien8.de (mail.alien8.de [65.109.113.108]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EE77510E0 for <linux-kernel@vger.kernel.org>; Thu, 30 Nov 2023 04:06:09 -0800 (PST) Received: from localhost (localhost.localdomain [127.0.0.1]) by mail.alien8.de (SuperMail on ZX Spectrum 128k) with ESMTP id 54A8740E0030; Thu, 30 Nov 2023 12:06:08 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at mail.alien8.de Authentication-Results: mail.alien8.de (amavisd-new); dkim=fail (4096-bit key) reason="fail (body has been altered)" header.d=alien8.de Received: from mail.alien8.de ([127.0.0.1]) by localhost (mail.alien8.de [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id bpf7qVXMcwnS; Thu, 30 Nov 2023 12:06:03 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alien8.de; s=alien8; t=1701345962; bh=9dP0TJJ/LppPdb/yXwY5SKXW1CExGOh+BdZLgiaBTbM=; h=From:To:Cc:Subject:Date:From; b=d+EtK9AbBkaBLtMgxJc07DZcfspYT50ovqdM8WcqFicXGq+MYRMnQTCBZhJhZqGCs fL74vxDeceFITqOzsrAkPd2PwVYi42IFQ0U+JCT8J3tZCppH7Nkhck9PL3/OooDMEB xpoK+eOFR/kYOP/ZTjw6fr/0f9K2mljpLSAx5z+XlBW7TH9QlfQrzon/nHNv5Wyatc scYj/d5nCWUp7HIRj9X3hfAhwAO6o4uaI2bzxb8xuHVM/jlpm+iJ99ZcGvq+7UexUL WVtlpbzlttlNvmxCL1Dnu6akTQyQeI+5f3vNahs8nxZMMol9nQoVwcJur1JfuiLRnD P4X52x5cGmoLBl296uxLdRgEHkClbgFNMor1S7A/Bl96But+ofS6GG4qmDAV9s1q8P ll/pcstH9Fg0d930IN1YKoLqLKmuNSKCt3c63DV4xPSctnxIGO0QNVrOwj+dqQVmf9 x53G933ObPGEFGaVhP3mkQ4NEQUQh7Z1WqVLGBsmCes7c87xO7/i9BTZ/zYqAN6rWi aKHv9VCEMI8DvK7haLg10k4h6Ks2YszxABLiCtL1cJgTRGLGhnBP6w08Ujhgen0L7C gkVDeySsQYgrpK8wqp/vVJS8pajQl2eCicmqDpqRN2PMfNo2Qghkja5PGuVgaFNa4Q 8Af7ci/xwICI2u51nf7NV/7k= Received: from zn.tnic (pd95304da.dip0.t-ipconnect.de [217.83.4.218]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail.alien8.de (SuperMail on ZX Spectrum 128k) with ESMTPSA id 4840440E0173; Thu, 30 Nov 2023 12:06:00 +0000 (UTC) From: Borislav Petkov <bp@alien8.de> To: X86 ML <x86@kernel.org> Cc: LKML <linux-kernel@vger.kernel.org> Subject: [RFC PATCH] x86/Kconfig: Disable KASLR on debug builds Date: Thu, 30 Nov 2023 13:05:52 +0100 Message-ID: <20231130120552.6735-1-bp@alien8.de> X-Mailer: git-send-email 2.42.0.rc0.25.ga82fb66fed25 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-0.6 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on groat.vger.email Precedence: bulk List-ID: <linux-kernel.vger.kernel.org> X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (groat.vger.email [0.0.0.0]); Thu, 30 Nov 2023 04:06:21 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1783990578203122477 X-GMAIL-MSGID: 1783990578203122477 |
Series |
[RFC] x86/Kconfig: Disable KASLR on debug builds
|
|
Commit Message
Borislav Petkov
Nov. 30, 2023, 12:05 p.m. UTC
From: "Borislav Petkov (AMD)" <bp@alien8.de> Having KASLR enabled makes debugging a kernel completely useless because virtual addresses are not stable, leading to people poking at kernel internals to have to go and rebuild with RANDOMIZE_BASE=off. Just disable it on debugging builds where it is not needed anyway. Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de> --- arch/x86/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
Comments
On Thu, Nov 30, 2023 at 01:05:52PM +0100, Borislav Petkov wrote: > From: "Borislav Petkov (AMD)" <bp@alien8.de> > > Having KASLR enabled makes debugging a kernel completely useless because > virtual addresses are not stable, leading to people poking at kernel > internals to have to go and rebuild with RANDOMIZE_BASE=off. > > Just disable it on debugging builds where it is not needed anyway. Works for me, but I have "nokaslr no_hash_pointers" on all my machines by now. It goes right along with "debug ignore_loglevel sysrq_always_enabled earlyprintk=serial,ttyS0,115200" :-) > Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de> > --- > arch/x86/Kconfig | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig > index c456c9b1fc7c..da94354b1b75 100644 > --- a/arch/x86/Kconfig > +++ b/arch/x86/Kconfig > @@ -2159,7 +2159,7 @@ config RELOCATABLE > > config RANDOMIZE_BASE > bool "Randomize the address of the kernel image (KASLR)" > - depends on RELOCATABLE > + depends on RELOCATABLE && !DEBUG_KERNEL > default y > help > In support of Kernel Address Space Layout Randomization (KASLR), > -- > 2.42.0.rc0.25.ga82fb66fed25 >
On Thu, Nov 30, 2023 at 01:08:31PM +0100, Peter Zijlstra wrote: > Works for me, but I have "nokaslr no_hash_pointers" on all my machines > by now. It goes right along with "debug ignore_loglevel > sysrq_always_enabled earlyprintk=serial,ttyS0,115200" :-) Bah, there's cmdline switches. Lemme add them to all my scripts starting guests and grub too. Thanks for the hint! I guess we could still do the Kconfig dependency when we're on new machines, without the scripts. Btw, I'm not the only one who's walked right into this one: config KCOV bool "Code coverage for fuzzing" ... If RANDOMIZE_BASE is enabled, PC values will not be stable across different machines and across reboots. If you need stable PC values, disable RANDOMIZE_BASE.
On Thu, Nov 30, 2023 at 01:05:52PM +0100, Borislav Petkov wrote: > From: "Borislav Petkov (AMD)" <bp@alien8.de> > > Having KASLR enabled makes debugging a kernel completely useless because > virtual addresses are not stable, leading to people poking at kernel > internals to have to go and rebuild with RANDOMIZE_BASE=off. > > Just disable it on debugging builds where it is not needed anyway. > > Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de> I know Peter pointed out that there is a runtime switch for this, which should make this patch obsolete but in case there is more reasons needed for why this might be a bad idea, most distribution configurations have CONFIG_DEBUG_KERNEL enabled because CONFIG_EXPERT selects it: archlinux/x86_64.config:CONFIG_DEBUG_KERNEL=y debian/amd64.config:CONFIG_DEBUG_KERNEL=y fedora/x86_64.config:CONFIG_DEBUG_KERNEL=y opensuse/x86_64.config:CONFIG_DEBUG_KERNEL=y > --- > arch/x86/Kconfig | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig > index c456c9b1fc7c..da94354b1b75 100644 > --- a/arch/x86/Kconfig > +++ b/arch/x86/Kconfig > @@ -2159,7 +2159,7 @@ config RELOCATABLE > > config RANDOMIZE_BASE > bool "Randomize the address of the kernel image (KASLR)" > - depends on RELOCATABLE > + depends on RELOCATABLE && !DEBUG_KERNEL > default y > help > In support of Kernel Address Space Layout Randomization (KASLR), > -- > 2.42.0.rc0.25.ga82fb66fed25 >
On Thu, Nov 30, 2023 at 11:10:51AM -0700, Nathan Chancellor wrote: > I know Peter pointed out that there is a runtime switch for this, which > should make this patch obsolete but in case there is more reasons needed > for why this might be a bad idea, Bad idea? Why? Because they'd have EXPERT enabled and thus disable KASLR by accident this way?
On Thu, Nov 30, 2023 at 08:34:28PM +0100, Borislav Petkov wrote: > On Thu, Nov 30, 2023 at 11:10:51AM -0700, Nathan Chancellor wrote: > > I know Peter pointed out that there is a runtime switch for this, which > > should make this patch obsolete but in case there is more reasons needed > > for why this might be a bad idea, > > Bad idea? Why? > > Because they'd have EXPERT enabled and thus disable KASLR by accident > this way? Right, this is the diff of Fedora's configuration before and after this change: diff --git a/.config.old b/.config index d5fe0c930725..d409b1738c0f 100644 --- a/.config.old +++ b/.config @@ -520,12 +520,8 @@ CONFIG_ARCH_SUPPORTS_CRASH_HOTPLUG=y CONFIG_ARCH_HAS_GENERIC_CRASHKERNEL_RESERVATION=y CONFIG_PHYSICAL_START=0x1000000 CONFIG_RELOCATABLE=y -CONFIG_RANDOMIZE_BASE=y -CONFIG_X86_NEED_RELOCS=y CONFIG_PHYSICAL_ALIGN=0x1000000 CONFIG_DYNAMIC_MEMORY_LAYOUT=y -CONFIG_RANDOMIZE_MEMORY=y -CONFIG_RANDOMIZE_MEMORY_PHYSICAL_PADDING=0xa CONFIG_ADDRESS_MASKING=y CONFIG_HOTPLUG_CPU=y # CONFIG_COMPAT_VDSO is not set
On Fri, Dec 01, 2023 at 09:16:10AM -0700, Nathan Chancellor wrote: > Right, this is the diff of Fedora's configuration before and after this > change: Sorry, but what's the point of a .config which has EXPERT, DEBUG_KERNEL *and* KASLR enabled? Debugging the kernel with KASLR enabled is a futile exercise in time waste. You should either enable KASLR and disable DEBUG_KERNEL or the opposite. Both make very little sense to me. Or, if there really is a valid reason for having DEBUG_KERNEL *and* KASLR enabled, I can probably suggest another option under DEBUG_KERNEL which says "Do stable virtual addresses" and which disables KASLR. At least we'll have it explicit. And the distro configs do get re-checked periodically so "it is already in the distro config" is not really an argument I'd say. Thx.
On Fri, Dec 01, 2023 at 05:24:43PM +0100, Borislav Petkov wrote: > On Fri, Dec 01, 2023 at 09:16:10AM -0700, Nathan Chancellor wrote: > > Right, this is the diff of Fedora's configuration before and after this > > change: > > Sorry, but what's the point of a .config which has EXPERT, DEBUG_KERNEL > *and* KASLR enabled? I am not really here to argue whether or not this is a "valid" combination of configurations, I am just pointing out that your patch will change the status quo for more people than just the x86 maintainers. > Debugging the kernel with KASLR enabled is a futile exercise in time > waste. You should either enable KASLR and disable DEBUG_KERNEL or the > opposite. Both make very little sense to me. I agree that debugging the kernel with KASLR enabled is useless but isn't that the point of having the ability to opt out of it at runtime so that you could debug the exact same binary that a user is running, rather than having to manage two different builds? > Or, if there really is a valid reason for having DEBUG_KERNEL *and* > KASLR enabled, I can probably suggest another option under DEBUG_KERNEL > which says "Do stable virtual addresses" and which disables KASLR. At > least we'll have it explicit. That does not seem unreasonable to me. Another alternative would be to add a simple config fragment in arch/x86/configs so that it could easily be flipped during a build like: $ cat arch/x86/configs/nokaslr.config # CONFIG_RANDOMIZE_BASE is not set $ make -skj"$(nproc)" ARCH=x86_64 defconfig $ grep CONFIG_RANDOMIZE_BASE .config CONFIG_RANDOMIZE_BASE=y $ make -skj"$(nproc)" ARCH=x86_64 nokaslr.config $ grep CONFIG_RANDOMIZE_BASE .config # CONFIG_RANDOMIZE_BASE is not set Cheers, Nathan
On Thu, Nov 30, 2023 at 01:49:09PM +0100, Borislav Petkov wrote: > On Thu, Nov 30, 2023 at 01:08:31PM +0100, Peter Zijlstra wrote: > > Works for me, but I have "nokaslr no_hash_pointers" on all my machines > > by now. It goes right along with "debug ignore_loglevel > > sysrq_always_enabled earlyprintk=serial,ttyS0,115200" :-) > > Bah, there's cmdline switches. Lemme add them to all my scripts starting > guests and grub too. Thanks for the hint! > > I guess we could still do the Kconfig dependency when we're on new > machines, without the scripts. > > Btw, I'm not the only one who's walked right into this one: > > config KCOV > bool "Code coverage for fuzzing" > > ... > > If RANDOMIZE_BASE is enabled, PC values will not be stable across > different machines and across reboots. If you need stable PC values, > disable RANDOMIZE_BASE. IIUC that's no longer necessary, and the Kconfig.debug wording is stale. That wording was introduced in March 2016 as part of the original KCOV support in commit: 5c9a8750a6409c63 ("kernel: add kcov code coverage") Later, in December 2016 we made KCOV adjust the address to remove the KASLR offset in commit: 4983f0ab7ffaad1e ("kcov: make kcov work properly with KASLR enabled") ... so I think that's been stale for ~7 years, and we just forgot to clean up the Kconfig.debug text. Mark.
On Mon, Dec 04, 2023 at 10:42:15AM +0000, Mark Rutland wrote: > Later, in December 2016 we made KCOV adjust the address to remove the KASLR > offset in commit: > > 4983f0ab7ffaad1e ("kcov: make kcov work properly with KASLR enabled") Neat trick, I should remember that. Might come in handy. > ... so I think that's been stale for ~7 years, and we just forgot to clean up > the Kconfig.debug text. Ok, I guess you'll clean it up then. Thx.
On Mon, Dec 04, 2023 at 04:49:54PM +0100, Borislav Petkov wrote: > On Mon, Dec 04, 2023 at 10:42:15AM +0000, Mark Rutland wrote: > > Later, in December 2016 we made KCOV adjust the address to remove the KASLR > > offset in commit: > > > > 4983f0ab7ffaad1e ("kcov: make kcov work properly with KASLR enabled") > > Neat trick, I should remember that. Might come in handy. > > > ... so I think that's been stale for ~7 years, and we just forgot to clean up > > the Kconfig.debug text. > > Ok, I guess you'll clean it up then. Sure; done: https://lore.kernel.org/lkml/20231204171807.3313022-1-mark.rutland@arm.com/ Mark.
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index c456c9b1fc7c..da94354b1b75 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -2159,7 +2159,7 @@ config RELOCATABLE config RANDOMIZE_BASE bool "Randomize the address of the kernel image (KASLR)" - depends on RELOCATABLE + depends on RELOCATABLE && !DEBUG_KERNEL default y help In support of Kernel Address Space Layout Randomization (KASLR),