* [RFC PATCH] x86/Kconfig: Disable KASLR on debug builds @ 2023-11-30 12:05 Borislav Petkov 2023-11-30 12:08 ` Peter Zijlstra 2023-11-30 18:10 ` Nathan Chancellor 0 siblings, 2 replies; 11+ messages in thread From: Borislav Petkov @ 2023-11-30 12:05 UTC (permalink / raw) To: X86 ML; +Cc: LKML From: "Borislav Petkov (AMD)" <bp@alien8.de> Having KASLR enabled makes debugging a kernel completely useless because virtual addresses are not stable, leading to people poking at kernel internals to have to go and rebuild with RANDOMIZE_BASE=off. Just disable it on debugging builds where it is not needed anyway. Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de> --- arch/x86/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index c456c9b1fc7c..da94354b1b75 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -2159,7 +2159,7 @@ config RELOCATABLE config RANDOMIZE_BASE bool "Randomize the address of the kernel image (KASLR)" - depends on RELOCATABLE + depends on RELOCATABLE && !DEBUG_KERNEL default y help In support of Kernel Address Space Layout Randomization (KASLR), -- 2.42.0.rc0.25.ga82fb66fed25 ^ permalink raw reply related [flat|nested] 11+ messages in thread
* Re: [RFC PATCH] x86/Kconfig: Disable KASLR on debug builds 2023-11-30 12:05 [RFC PATCH] x86/Kconfig: Disable KASLR on debug builds Borislav Petkov @ 2023-11-30 12:08 ` Peter Zijlstra 2023-11-30 12:49 ` Borislav Petkov 2023-11-30 18:10 ` Nathan Chancellor 1 sibling, 1 reply; 11+ messages in thread From: Peter Zijlstra @ 2023-11-30 12:08 UTC (permalink / raw) To: Borislav Petkov; +Cc: X86 ML, LKML On Thu, Nov 30, 2023 at 01:05:52PM +0100, Borislav Petkov wrote: > From: "Borislav Petkov (AMD)" <bp@alien8.de> > > Having KASLR enabled makes debugging a kernel completely useless because > virtual addresses are not stable, leading to people poking at kernel > internals to have to go and rebuild with RANDOMIZE_BASE=off. > > Just disable it on debugging builds where it is not needed anyway. Works for me, but I have "nokaslr no_hash_pointers" on all my machines by now. It goes right along with "debug ignore_loglevel sysrq_always_enabled earlyprintk=serial,ttyS0,115200" :-) > Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de> > --- > arch/x86/Kconfig | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig > index c456c9b1fc7c..da94354b1b75 100644 > --- a/arch/x86/Kconfig > +++ b/arch/x86/Kconfig > @@ -2159,7 +2159,7 @@ config RELOCATABLE > > config RANDOMIZE_BASE > bool "Randomize the address of the kernel image (KASLR)" > - depends on RELOCATABLE > + depends on RELOCATABLE && !DEBUG_KERNEL > default y > help > In support of Kernel Address Space Layout Randomization (KASLR), > -- > 2.42.0.rc0.25.ga82fb66fed25 > ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [RFC PATCH] x86/Kconfig: Disable KASLR on debug builds 2023-11-30 12:08 ` Peter Zijlstra @ 2023-11-30 12:49 ` Borislav Petkov 2023-12-04 10:42 ` Mark Rutland 0 siblings, 1 reply; 11+ messages in thread From: Borislav Petkov @ 2023-11-30 12:49 UTC (permalink / raw) To: Peter Zijlstra; +Cc: X86 ML, LKML On Thu, Nov 30, 2023 at 01:08:31PM +0100, Peter Zijlstra wrote: > Works for me, but I have "nokaslr no_hash_pointers" on all my machines > by now. It goes right along with "debug ignore_loglevel > sysrq_always_enabled earlyprintk=serial,ttyS0,115200" :-) Bah, there's cmdline switches. Lemme add them to all my scripts starting guests and grub too. Thanks for the hint! I guess we could still do the Kconfig dependency when we're on new machines, without the scripts. Btw, I'm not the only one who's walked right into this one: config KCOV bool "Code coverage for fuzzing" ... If RANDOMIZE_BASE is enabled, PC values will not be stable across different machines and across reboots. If you need stable PC values, disable RANDOMIZE_BASE. -- Regards/Gruss, Boris. https://people.kernel.org/tglx/notes-about-netiquette ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [RFC PATCH] x86/Kconfig: Disable KASLR on debug builds 2023-11-30 12:49 ` Borislav Petkov @ 2023-12-04 10:42 ` Mark Rutland 2023-12-04 15:49 ` Borislav Petkov 0 siblings, 1 reply; 11+ messages in thread From: Mark Rutland @ 2023-12-04 10:42 UTC (permalink / raw) To: Borislav Petkov; +Cc: Peter Zijlstra, X86 ML, LKML On Thu, Nov 30, 2023 at 01:49:09PM +0100, Borislav Petkov wrote: > On Thu, Nov 30, 2023 at 01:08:31PM +0100, Peter Zijlstra wrote: > > Works for me, but I have "nokaslr no_hash_pointers" on all my machines > > by now. It goes right along with "debug ignore_loglevel > > sysrq_always_enabled earlyprintk=serial,ttyS0,115200" :-) > > Bah, there's cmdline switches. Lemme add them to all my scripts starting > guests and grub too. Thanks for the hint! > > I guess we could still do the Kconfig dependency when we're on new > machines, without the scripts. > > Btw, I'm not the only one who's walked right into this one: > > config KCOV > bool "Code coverage for fuzzing" > > ... > > If RANDOMIZE_BASE is enabled, PC values will not be stable across > different machines and across reboots. If you need stable PC values, > disable RANDOMIZE_BASE. IIUC that's no longer necessary, and the Kconfig.debug wording is stale. That wording was introduced in March 2016 as part of the original KCOV support in commit: 5c9a8750a6409c63 ("kernel: add kcov code coverage") Later, in December 2016 we made KCOV adjust the address to remove the KASLR offset in commit: 4983f0ab7ffaad1e ("kcov: make kcov work properly with KASLR enabled") ... so I think that's been stale for ~7 years, and we just forgot to clean up the Kconfig.debug text. Mark. ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [RFC PATCH] x86/Kconfig: Disable KASLR on debug builds 2023-12-04 10:42 ` Mark Rutland @ 2023-12-04 15:49 ` Borislav Petkov 2023-12-04 17:20 ` Mark Rutland 0 siblings, 1 reply; 11+ messages in thread From: Borislav Petkov @ 2023-12-04 15:49 UTC (permalink / raw) To: Mark Rutland; +Cc: Peter Zijlstra, X86 ML, LKML On Mon, Dec 04, 2023 at 10:42:15AM +0000, Mark Rutland wrote: > Later, in December 2016 we made KCOV adjust the address to remove the KASLR > offset in commit: > > 4983f0ab7ffaad1e ("kcov: make kcov work properly with KASLR enabled") Neat trick, I should remember that. Might come in handy. > ... so I think that's been stale for ~7 years, and we just forgot to clean up > the Kconfig.debug text. Ok, I guess you'll clean it up then. Thx. -- Regards/Gruss, Boris. https://people.kernel.org/tglx/notes-about-netiquette ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [RFC PATCH] x86/Kconfig: Disable KASLR on debug builds 2023-12-04 15:49 ` Borislav Petkov @ 2023-12-04 17:20 ` Mark Rutland 0 siblings, 0 replies; 11+ messages in thread From: Mark Rutland @ 2023-12-04 17:20 UTC (permalink / raw) To: Borislav Petkov; +Cc: Peter Zijlstra, X86 ML, LKML On Mon, Dec 04, 2023 at 04:49:54PM +0100, Borislav Petkov wrote: > On Mon, Dec 04, 2023 at 10:42:15AM +0000, Mark Rutland wrote: > > Later, in December 2016 we made KCOV adjust the address to remove the KASLR > > offset in commit: > > > > 4983f0ab7ffaad1e ("kcov: make kcov work properly with KASLR enabled") > > Neat trick, I should remember that. Might come in handy. > > > ... so I think that's been stale for ~7 years, and we just forgot to clean up > > the Kconfig.debug text. > > Ok, I guess you'll clean it up then. Sure; done: https://lore.kernel.org/lkml/20231204171807.3313022-1-mark.rutland@arm.com/ Mark. ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [RFC PATCH] x86/Kconfig: Disable KASLR on debug builds 2023-11-30 12:05 [RFC PATCH] x86/Kconfig: Disable KASLR on debug builds Borislav Petkov 2023-11-30 12:08 ` Peter Zijlstra @ 2023-11-30 18:10 ` Nathan Chancellor 2023-11-30 19:34 ` Borislav Petkov 1 sibling, 1 reply; 11+ messages in thread From: Nathan Chancellor @ 2023-11-30 18:10 UTC (permalink / raw) To: Borislav Petkov; +Cc: X86 ML, LKML On Thu, Nov 30, 2023 at 01:05:52PM +0100, Borislav Petkov wrote: > From: "Borislav Petkov (AMD)" <bp@alien8.de> > > Having KASLR enabled makes debugging a kernel completely useless because > virtual addresses are not stable, leading to people poking at kernel > internals to have to go and rebuild with RANDOMIZE_BASE=off. > > Just disable it on debugging builds where it is not needed anyway. > > Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de> I know Peter pointed out that there is a runtime switch for this, which should make this patch obsolete but in case there is more reasons needed for why this might be a bad idea, most distribution configurations have CONFIG_DEBUG_KERNEL enabled because CONFIG_EXPERT selects it: archlinux/x86_64.config:CONFIG_DEBUG_KERNEL=y debian/amd64.config:CONFIG_DEBUG_KERNEL=y fedora/x86_64.config:CONFIG_DEBUG_KERNEL=y opensuse/x86_64.config:CONFIG_DEBUG_KERNEL=y > --- > arch/x86/Kconfig | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig > index c456c9b1fc7c..da94354b1b75 100644 > --- a/arch/x86/Kconfig > +++ b/arch/x86/Kconfig > @@ -2159,7 +2159,7 @@ config RELOCATABLE > > config RANDOMIZE_BASE > bool "Randomize the address of the kernel image (KASLR)" > - depends on RELOCATABLE > + depends on RELOCATABLE && !DEBUG_KERNEL > default y > help > In support of Kernel Address Space Layout Randomization (KASLR), > -- > 2.42.0.rc0.25.ga82fb66fed25 > ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [RFC PATCH] x86/Kconfig: Disable KASLR on debug builds 2023-11-30 18:10 ` Nathan Chancellor @ 2023-11-30 19:34 ` Borislav Petkov 2023-12-01 16:16 ` Nathan Chancellor 0 siblings, 1 reply; 11+ messages in thread From: Borislav Petkov @ 2023-11-30 19:34 UTC (permalink / raw) To: Nathan Chancellor; +Cc: X86 ML, LKML On Thu, Nov 30, 2023 at 11:10:51AM -0700, Nathan Chancellor wrote: > I know Peter pointed out that there is a runtime switch for this, which > should make this patch obsolete but in case there is more reasons needed > for why this might be a bad idea, Bad idea? Why? Because they'd have EXPERT enabled and thus disable KASLR by accident this way? -- Regards/Gruss, Boris. https://people.kernel.org/tglx/notes-about-netiquette ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [RFC PATCH] x86/Kconfig: Disable KASLR on debug builds 2023-11-30 19:34 ` Borislav Petkov @ 2023-12-01 16:16 ` Nathan Chancellor 2023-12-01 16:24 ` Borislav Petkov 0 siblings, 1 reply; 11+ messages in thread From: Nathan Chancellor @ 2023-12-01 16:16 UTC (permalink / raw) To: Borislav Petkov; +Cc: X86 ML, LKML On Thu, Nov 30, 2023 at 08:34:28PM +0100, Borislav Petkov wrote: > On Thu, Nov 30, 2023 at 11:10:51AM -0700, Nathan Chancellor wrote: > > I know Peter pointed out that there is a runtime switch for this, which > > should make this patch obsolete but in case there is more reasons needed > > for why this might be a bad idea, > > Bad idea? Why? > > Because they'd have EXPERT enabled and thus disable KASLR by accident > this way? Right, this is the diff of Fedora's configuration before and after this change: diff --git a/.config.old b/.config index d5fe0c930725..d409b1738c0f 100644 --- a/.config.old +++ b/.config @@ -520,12 +520,8 @@ CONFIG_ARCH_SUPPORTS_CRASH_HOTPLUG=y CONFIG_ARCH_HAS_GENERIC_CRASHKERNEL_RESERVATION=y CONFIG_PHYSICAL_START=0x1000000 CONFIG_RELOCATABLE=y -CONFIG_RANDOMIZE_BASE=y -CONFIG_X86_NEED_RELOCS=y CONFIG_PHYSICAL_ALIGN=0x1000000 CONFIG_DYNAMIC_MEMORY_LAYOUT=y -CONFIG_RANDOMIZE_MEMORY=y -CONFIG_RANDOMIZE_MEMORY_PHYSICAL_PADDING=0xa CONFIG_ADDRESS_MASKING=y CONFIG_HOTPLUG_CPU=y # CONFIG_COMPAT_VDSO is not set ^ permalink raw reply related [flat|nested] 11+ messages in thread
* Re: [RFC PATCH] x86/Kconfig: Disable KASLR on debug builds 2023-12-01 16:16 ` Nathan Chancellor @ 2023-12-01 16:24 ` Borislav Petkov 2023-12-01 16:58 ` Nathan Chancellor 0 siblings, 1 reply; 11+ messages in thread From: Borislav Petkov @ 2023-12-01 16:24 UTC (permalink / raw) To: Nathan Chancellor; +Cc: X86 ML, LKML On Fri, Dec 01, 2023 at 09:16:10AM -0700, Nathan Chancellor wrote: > Right, this is the diff of Fedora's configuration before and after this > change: Sorry, but what's the point of a .config which has EXPERT, DEBUG_KERNEL *and* KASLR enabled? Debugging the kernel with KASLR enabled is a futile exercise in time waste. You should either enable KASLR and disable DEBUG_KERNEL or the opposite. Both make very little sense to me. Or, if there really is a valid reason for having DEBUG_KERNEL *and* KASLR enabled, I can probably suggest another option under DEBUG_KERNEL which says "Do stable virtual addresses" and which disables KASLR. At least we'll have it explicit. And the distro configs do get re-checked periodically so "it is already in the distro config" is not really an argument I'd say. Thx. -- Regards/Gruss, Boris. https://people.kernel.org/tglx/notes-about-netiquette ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [RFC PATCH] x86/Kconfig: Disable KASLR on debug builds 2023-12-01 16:24 ` Borislav Petkov @ 2023-12-01 16:58 ` Nathan Chancellor 0 siblings, 0 replies; 11+ messages in thread From: Nathan Chancellor @ 2023-12-01 16:58 UTC (permalink / raw) To: Borislav Petkov; +Cc: X86 ML, LKML On Fri, Dec 01, 2023 at 05:24:43PM +0100, Borislav Petkov wrote: > On Fri, Dec 01, 2023 at 09:16:10AM -0700, Nathan Chancellor wrote: > > Right, this is the diff of Fedora's configuration before and after this > > change: > > Sorry, but what's the point of a .config which has EXPERT, DEBUG_KERNEL > *and* KASLR enabled? I am not really here to argue whether or not this is a "valid" combination of configurations, I am just pointing out that your patch will change the status quo for more people than just the x86 maintainers. > Debugging the kernel with KASLR enabled is a futile exercise in time > waste. You should either enable KASLR and disable DEBUG_KERNEL or the > opposite. Both make very little sense to me. I agree that debugging the kernel with KASLR enabled is useless but isn't that the point of having the ability to opt out of it at runtime so that you could debug the exact same binary that a user is running, rather than having to manage two different builds? > Or, if there really is a valid reason for having DEBUG_KERNEL *and* > KASLR enabled, I can probably suggest another option under DEBUG_KERNEL > which says "Do stable virtual addresses" and which disables KASLR. At > least we'll have it explicit. That does not seem unreasonable to me. Another alternative would be to add a simple config fragment in arch/x86/configs so that it could easily be flipped during a build like: $ cat arch/x86/configs/nokaslr.config # CONFIG_RANDOMIZE_BASE is not set $ make -skj"$(nproc)" ARCH=x86_64 defconfig $ grep CONFIG_RANDOMIZE_BASE .config CONFIG_RANDOMIZE_BASE=y $ make -skj"$(nproc)" ARCH=x86_64 nokaslr.config $ grep CONFIG_RANDOMIZE_BASE .config # CONFIG_RANDOMIZE_BASE is not set Cheers, Nathan ^ permalink raw reply [flat|nested] 11+ messages in thread
end of thread, other threads:[~2023-12-04 17:20 UTC | newest] Thread overview: 11+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2023-11-30 12:05 [RFC PATCH] x86/Kconfig: Disable KASLR on debug builds Borislav Petkov 2023-11-30 12:08 ` Peter Zijlstra 2023-11-30 12:49 ` Borislav Petkov 2023-12-04 10:42 ` Mark Rutland 2023-12-04 15:49 ` Borislav Petkov 2023-12-04 17:20 ` Mark Rutland 2023-11-30 18:10 ` Nathan Chancellor 2023-11-30 19:34 ` Borislav Petkov 2023-12-01 16:16 ` Nathan Chancellor 2023-12-01 16:24 ` Borislav Petkov 2023-12-01 16:58 ` Nathan Chancellor
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox