Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp4681570imu; Sat, 19 Jan 2019 15:50:42 -0800 (PST) X-Google-Smtp-Source: ALg8bN5Ax+8awULjT/JhvX+yNoENW3Q30MIZR3YSiNl7TnTfOTkjxXV6A/LKdxSxrAJLQ0K4erpx X-Received: by 2002:a63:151f:: with SMTP id v31mr22597656pgl.34.1547941842686; Sat, 19 Jan 2019 15:50:42 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1547941842; cv=none; d=google.com; s=arc-20160816; b=Qwt9kZf3IvoYC0Z7CVdJPeA8CZjEllAe1+XmiIEBZgDAFoNI0qWLZXlPoXzyrnDj42 X8wOjcrJp5JdXDRiBgvvO7UPGGuYawRmMDOjjyzHt7AmTJyJDWFDxRMMATgtpVUoMW5V YTUVVU6us2DwDLirYt+6zobId0Ajd/2FIbNHDohfliKZY3zaygHSwuqJZjhRB1eoy1VO 8cUeUjT/p/NW8yeLgdsGlyKiO5FN+6SD5oWAFuqH0vlu3R+yes8Gj4ebh6aLqzDQmhj6 q3Gog6SjK69Wcrfpr7zzDzA9vUinh9Wd/+miFt/M2xDOQePVX5qAxXdDFeutB1RDEKyp hvMA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:from:cc:to:subject :content-transfer-encoding:mime-version:references:in-reply-to :user-agent:date; bh=JWow9HxKmpye7tJnRVzlAw+tT1PknWxWQefuZnaPbY8=; b=SqR7WHDzU099gRvqh6Md4/IRuYn2kKTkEWl5O+F9lLwEqL7i0Dh1dqyfzqFwdc58NR Hqp+eZv6CaUH2BblCYZvCsXvyr8sYMrqlhy2UrVr9hXinrh0yvnxIQ7/jiXJItaV0Jz8 /nIfBCwEEtFa/NiBH1ptkeMB6tq8iH1MwSXf5QQraEzJC4foToeZy0hi0QtTLYU9Sy2Z +XeoXpMFBO55PZHVy8l5HMBHuaZjqmzp2+L1fueOTC3uBtmO9a2a3wqNJxZ5qALd5KCT ohGdUVtYcWey+T8x/ayB99RtpOuXDMld6vS6ComrCuUZgGvQE9NW7idAD37yRu6ZMeSn jD7g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d3si8315590pla.122.2019.01.19.15.49.56; Sat, 19 Jan 2019 15:50:42 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729906AbfASXqP convert rfc822-to-8bit (ORCPT + 99 others); Sat, 19 Jan 2019 18:46:15 -0500 Received: from terminus.zytor.com ([198.137.202.136]:58327 "EHLO mail.zytor.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729803AbfASXqO (ORCPT ); Sat, 19 Jan 2019 18:46:14 -0500 Received: from [IPv6:2607:fb90:2843:591a:6d1d:ce2f:69d2:7e68] ([172.56.41.105]) (authenticated bits=0) by mail.zytor.com (8.15.2/8.15.2) with ESMTPSA id x0JNiuYi1819236 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Sat, 19 Jan 2019 15:44:57 -0800 Date: Sat, 19 Jan 2019 15:44:48 -0800 User-Agent: K-9 Mail for Android In-Reply-To: <20190119232503.GA149403@google.com> References: <20190118225543.86996-1-joel@joelfernandes.org> <20190119082532.GA9004@kroah.com> <20190119162754.GC231277@google.com> <20190119232503.GA149403@google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8BIT Subject: Re: [RFC] Provide in-kernel headers for making it easy to extend the kernel To: Joel Fernandes , Daniel Colascione CC: Greg KH , linux-kernel , Andrew Morton , ast@kernel.org, atishp04@gmail.com, Borislav Petkov , Ingo Molnar , Jan Kara , Jonathan Corbet , karim.yaghmour@opersys.com, Kees Cook , kernel-team@android.com, "open list:DOCUMENTATION" , Manoj Rao , Masahiro Yamada , Paul McKenney , "Peter Zijlstra (Intel)" , Randy Dunlap , rostedt@goodmis.org, Thomas Gleixner , "maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT)" , yhs@fb.com From: hpa@zytor.com Message-ID: <78AACAF1-8EBF-4DF3-BE94-5B14E78BA791@zytor.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On January 19, 2019 3:25:03 PM PST, Joel Fernandes wrote: >On Sat, Jan 19, 2019 at 12:43:35PM -0500, Daniel Colascione wrote: >> On Sat, Jan 19, 2019 at 11:27 AM Joel Fernandes > wrote: >> > >> > On Sat, Jan 19, 2019 at 09:25:32AM +0100, Greg KH wrote: >> > > On Fri, Jan 18, 2019 at 05:55:43PM -0500, Joel Fernandes wrote: >> > > > --- /dev/null >> > > > +++ b/kernel/kheaders.c >> >> Thanks a ton for this work. It'll make it much easier to do cool >> things with BPF. > >You're welcome, thanks. > >> One question: I can imagine wanting to probe >> structures that are defined, not in headers, but in random >> implementation files. Would it be possible to optionally include >*all* >> kernel source files? > >That would be prohibitively too large to justify keeping it in memory, >even >compressed. Arguably, such structures should be moved into include/ if >modules or whatever is extending the kernel like eBPF needs them. > >> If not, what about a hash, so we could at least >> do precise correlation between a candidate local tree and what's >> actually on device? > >That would make a tool too difficult to write wouldn't it, since they >you have to >correlate every possible hash and keep updating eBPF tools with new >hashes - >probably not scalable. I think what you want is to use the kernel >version to >assume what such internal structures look like although that's still >not >robust. > >> BTW, I'm not sure that the magic constants you've defined are long >> enough. I'd feel more comfortable with two UUIDs (16 bytes each). > >Ok, I'll expand it. > >> I'd also strongly consider LZMA compression: xz -9 on the kernel >> headers (with comments) brings the size down to 5MB, compared to the >> 7MB I get for gzip -9. Considering that this feature is optional, I >> think it's okay to introduce a dependency on widespread modern >> compression tools. (For comparison, bzip2 -9 gets us 6MB.) > >Ok, I'll look into LZMA. Thanks for checking the compression sizes. > >- Joel Don't use lzma, use xz if you are going to do something. However, it seems unlikely to me that someone not willing to spend the space in the filesystem will spend unswappable kernel memory. It would seem that a far saner way to do this is to use inittmpfs or perhaps an auxiliary "ktmpfs" so it can at least be swapped out if you have swap. -- Sent from my Android device with K-9 Mail. Please excuse my brevity.