From: "Borislav Petkov (AMD)" <[email protected]>
Having KASLR enabled makes debugging a kernel completely useless because
virtual addresses are not stable, leading to people poking at kernel
internals to have to go and rebuild with RANDOMIZE_BASE=off.
Just disable it on debugging builds where it is not needed anyway.
Signed-off-by: Borislav Petkov (AMD) <[email protected]>
---
arch/x86/Kconfig | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index c456c9b1fc7c..da94354b1b75 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -2159,7 +2159,7 @@ config RELOCATABLE
config RANDOMIZE_BASE
bool "Randomize the address of the kernel image (KASLR)"
- depends on RELOCATABLE
+ depends on RELOCATABLE && !DEBUG_KERNEL
default y
help
In support of Kernel Address Space Layout Randomization (KASLR),
--
2.42.0.rc0.25.ga82fb66fed25
On Thu, Nov 30, 2023 at 01:05:52PM +0100, Borislav Petkov wrote:
> From: "Borislav Petkov (AMD)" <[email protected]>
>
> Having KASLR enabled makes debugging a kernel completely useless because
> virtual addresses are not stable, leading to people poking at kernel
> internals to have to go and rebuild with RANDOMIZE_BASE=off.
>
> Just disable it on debugging builds where it is not needed anyway.
Works for me, but I have "nokaslr no_hash_pointers" on all my machines
by now. It goes right along with "debug ignore_loglevel
sysrq_always_enabled earlyprintk=serial,ttyS0,115200" :-)
> Signed-off-by: Borislav Petkov (AMD) <[email protected]>
> ---
> arch/x86/Kconfig | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
> index c456c9b1fc7c..da94354b1b75 100644
> --- a/arch/x86/Kconfig
> +++ b/arch/x86/Kconfig
> @@ -2159,7 +2159,7 @@ config RELOCATABLE
>
> config RANDOMIZE_BASE
> bool "Randomize the address of the kernel image (KASLR)"
> - depends on RELOCATABLE
> + depends on RELOCATABLE && !DEBUG_KERNEL
> default y
> help
> In support of Kernel Address Space Layout Randomization (KASLR),
> --
> 2.42.0.rc0.25.ga82fb66fed25
>
On Thu, Nov 30, 2023 at 01:08:31PM +0100, Peter Zijlstra wrote:
> Works for me, but I have "nokaslr no_hash_pointers" on all my machines
> by now. It goes right along with "debug ignore_loglevel
> sysrq_always_enabled earlyprintk=serial,ttyS0,115200" :-)
Bah, there's cmdline switches. Lemme add them to all my scripts starting
guests and grub too. Thanks for the hint!
I guess we could still do the Kconfig dependency when we're on new
machines, without the scripts.
Btw, I'm not the only one who's walked right into this one:
config KCOV
bool "Code coverage for fuzzing"
...
If RANDOMIZE_BASE is enabled, PC values will not be stable across
different machines and across reboots. If you need stable PC values,
disable RANDOMIZE_BASE.
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
On Thu, Nov 30, 2023 at 01:05:52PM +0100, Borislav Petkov wrote:
> From: "Borislav Petkov (AMD)" <[email protected]>
>
> Having KASLR enabled makes debugging a kernel completely useless because
> virtual addresses are not stable, leading to people poking at kernel
> internals to have to go and rebuild with RANDOMIZE_BASE=off.
>
> Just disable it on debugging builds where it is not needed anyway.
>
> Signed-off-by: Borislav Petkov (AMD) <[email protected]>
I know Peter pointed out that there is a runtime switch for this, which
should make this patch obsolete but in case there is more reasons needed
for why this might be a bad idea, most distribution configurations have
CONFIG_DEBUG_KERNEL enabled because CONFIG_EXPERT selects it:
archlinux/x86_64.config:CONFIG_DEBUG_KERNEL=y
debian/amd64.config:CONFIG_DEBUG_KERNEL=y
fedora/x86_64.config:CONFIG_DEBUG_KERNEL=y
opensuse/x86_64.config:CONFIG_DEBUG_KERNEL=y
> ---
> arch/x86/Kconfig | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
> index c456c9b1fc7c..da94354b1b75 100644
> --- a/arch/x86/Kconfig
> +++ b/arch/x86/Kconfig
> @@ -2159,7 +2159,7 @@ config RELOCATABLE
>
> config RANDOMIZE_BASE
> bool "Randomize the address of the kernel image (KASLR)"
> - depends on RELOCATABLE
> + depends on RELOCATABLE && !DEBUG_KERNEL
> default y
> help
> In support of Kernel Address Space Layout Randomization (KASLR),
> --
> 2.42.0.rc0.25.ga82fb66fed25
>
On Thu, Nov 30, 2023 at 11:10:51AM -0700, Nathan Chancellor wrote:
> I know Peter pointed out that there is a runtime switch for this, which
> should make this patch obsolete but in case there is more reasons needed
> for why this might be a bad idea,
Bad idea? Why?
Because they'd have EXPERT enabled and thus disable KASLR by accident
this way?
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
On Thu, Nov 30, 2023 at 08:34:28PM +0100, Borislav Petkov wrote:
> On Thu, Nov 30, 2023 at 11:10:51AM -0700, Nathan Chancellor wrote:
> > I know Peter pointed out that there is a runtime switch for this, which
> > should make this patch obsolete but in case there is more reasons needed
> > for why this might be a bad idea,
>
> Bad idea? Why?
>
> Because they'd have EXPERT enabled and thus disable KASLR by accident
> this way?
Right, this is the diff of Fedora's configuration before and after this
change:
diff --git a/.config.old b/.config
index d5fe0c930725..d409b1738c0f 100644
--- a/.config.old
+++ b/.config
@@ -520,12 +520,8 @@ CONFIG_ARCH_SUPPORTS_CRASH_HOTPLUG=y
CONFIG_ARCH_HAS_GENERIC_CRASHKERNEL_RESERVATION=y
CONFIG_PHYSICAL_START=0x1000000
CONFIG_RELOCATABLE=y
-CONFIG_RANDOMIZE_BASE=y
-CONFIG_X86_NEED_RELOCS=y
CONFIG_PHYSICAL_ALIGN=0x1000000
CONFIG_DYNAMIC_MEMORY_LAYOUT=y
-CONFIG_RANDOMIZE_MEMORY=y
-CONFIG_RANDOMIZE_MEMORY_PHYSICAL_PADDING=0xa
CONFIG_ADDRESS_MASKING=y
CONFIG_HOTPLUG_CPU=y
# CONFIG_COMPAT_VDSO is not set
On Fri, Dec 01, 2023 at 09:16:10AM -0700, Nathan Chancellor wrote:
> Right, this is the diff of Fedora's configuration before and after this
> change:
Sorry, but what's the point of a .config which has EXPERT, DEBUG_KERNEL
*and* KASLR enabled?
Debugging the kernel with KASLR enabled is a futile exercise in time
waste. You should either enable KASLR and disable DEBUG_KERNEL or the
opposite. Both make very little sense to me.
Or, if there really is a valid reason for having DEBUG_KERNEL *and*
KASLR enabled, I can probably suggest another option under DEBUG_KERNEL
which says "Do stable virtual addresses" and which disables KASLR. At
least we'll have it explicit.
And the distro configs do get re-checked periodically so "it is already
in the distro config" is not really an argument I'd say.
Thx.
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
On Fri, Dec 01, 2023 at 05:24:43PM +0100, Borislav Petkov wrote:
> On Fri, Dec 01, 2023 at 09:16:10AM -0700, Nathan Chancellor wrote:
> > Right, this is the diff of Fedora's configuration before and after this
> > change:
>
> Sorry, but what's the point of a .config which has EXPERT, DEBUG_KERNEL
> *and* KASLR enabled?
I am not really here to argue whether or not this is a "valid"
combination of configurations, I am just pointing out that your patch
will change the status quo for more people than just the x86
maintainers.
> Debugging the kernel with KASLR enabled is a futile exercise in time
> waste. You should either enable KASLR and disable DEBUG_KERNEL or the
> opposite. Both make very little sense to me.
I agree that debugging the kernel with KASLR enabled is useless but
isn't that the point of having the ability to opt out of it at runtime
so that you could debug the exact same binary that a user is running,
rather than having to manage two different builds?
> Or, if there really is a valid reason for having DEBUG_KERNEL *and*
> KASLR enabled, I can probably suggest another option under DEBUG_KERNEL
> which says "Do stable virtual addresses" and which disables KASLR. At
> least we'll have it explicit.
That does not seem unreasonable to me. Another alternative would be to
add a simple config fragment in arch/x86/configs so that it could
easily be flipped during a build like:
$ cat arch/x86/configs/nokaslr.config
# CONFIG_RANDOMIZE_BASE is not set
$ make -skj"$(nproc)" ARCH=x86_64 defconfig
$ grep CONFIG_RANDOMIZE_BASE .config
CONFIG_RANDOMIZE_BASE=y
$ make -skj"$(nproc)" ARCH=x86_64 nokaslr.config
$ grep CONFIG_RANDOMIZE_BASE .config
# CONFIG_RANDOMIZE_BASE is not set
Cheers,
Nathan
On Thu, Nov 30, 2023 at 01:49:09PM +0100, Borislav Petkov wrote:
> On Thu, Nov 30, 2023 at 01:08:31PM +0100, Peter Zijlstra wrote:
> > Works for me, but I have "nokaslr no_hash_pointers" on all my machines
> > by now. It goes right along with "debug ignore_loglevel
> > sysrq_always_enabled earlyprintk=serial,ttyS0,115200" :-)
>
> Bah, there's cmdline switches. Lemme add them to all my scripts starting
> guests and grub too. Thanks for the hint!
>
> I guess we could still do the Kconfig dependency when we're on new
> machines, without the scripts.
>
> Btw, I'm not the only one who's walked right into this one:
>
> config KCOV
> bool "Code coverage for fuzzing"
>
> ...
>
> If RANDOMIZE_BASE is enabled, PC values will not be stable across
> different machines and across reboots. If you need stable PC values,
> disable RANDOMIZE_BASE.
IIUC that's no longer necessary, and the Kconfig.debug wording is stale.
That wording was introduced in March 2016 as part of the original KCOV support
in commit:
5c9a8750a6409c63 ("kernel: add kcov code coverage")
Later, in December 2016 we made KCOV adjust the address to remove the KASLR
offset in commit:
4983f0ab7ffaad1e ("kcov: make kcov work properly with KASLR enabled")
... so I think that's been stale for ~7 years, and we just forgot to clean up
the Kconfig.debug text.
Mark.
On Mon, Dec 04, 2023 at 10:42:15AM +0000, Mark Rutland wrote:
> Later, in December 2016 we made KCOV adjust the address to remove the KASLR
> offset in commit:
>
> 4983f0ab7ffaad1e ("kcov: make kcov work properly with KASLR enabled")
Neat trick, I should remember that. Might come in handy.
> ... so I think that's been stale for ~7 years, and we just forgot to clean up
> the Kconfig.debug text.
Ok, I guess you'll clean it up then.
Thx.
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
On Mon, Dec 04, 2023 at 04:49:54PM +0100, Borislav Petkov wrote:
> On Mon, Dec 04, 2023 at 10:42:15AM +0000, Mark Rutland wrote:
> > Later, in December 2016 we made KCOV adjust the address to remove the KASLR
> > offset in commit:
> >
> > 4983f0ab7ffaad1e ("kcov: make kcov work properly with KASLR enabled")
>
> Neat trick, I should remember that. Might come in handy.
>
> > ... so I think that's been stale for ~7 years, and we just forgot to clean up
> > the Kconfig.debug text.
>
> Ok, I guess you'll clean it up then.
Sure; done:
https://lore.kernel.org/lkml/[email protected]/
Mark.