Received: by 2002:a05:7412:b10a:b0:f3:1519:9f41 with SMTP id az10csp1180563rdb;
        Fri, 1 Dec 2023 08:58:39 -0800 (PST)
X-Google-Smtp-Source: AGHT+IE9aYz2YcTwdKMPiEppfKEDh+ZwFbb6cNX+i/y4vFCNWBM720Jb0pcHCd+Iry7YJBp82nl2
X-Received: by 2002:a05:6a20:734d:b0:18b:5390:293a with SMTP id v13-20020a056a20734d00b0018b5390293amr26975563pzc.3.1701449919642;
        Fri, 01 Dec 2023 08:58:39 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1701449919; cv=none;
        d=google.com; s=arc-20160816;
        b=rdTIAoddaOb+xHqBEHMWvpjy8OXX4jRCXBydxr5kmMz27jtwYZRgSnANsi0jBQRYtT
         5jiOzoBHtPw7GlmPc6QkSHqsM2nammThLPIxfPBYmFVYanGeTuWFKLg562+3niL9IU+o
         VsbVDIejVPUt8MhUmUtQCz/2TMHghchnRS1BbHPymeWG5fpYoPsbHyrZDqiqi5iwnhaF
         WxY/dKC0ZFY6rlkqAlQK86KAWi30sM0YQ6xnOfrZzEwp/5nXDMQ+F2eMSBQIFIioRN+a
         lPk85xMJiYvmBAK6H9fueKtVMjvIJGss75PPa/amybUxpwbXuhGtxayrYwQzx8m8aibS
         HGWg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:in-reply-to:content-disposition:mime-version
         :references:message-id:subject:cc:to:from:date:dkim-signature;
        bh=5ub5HIf820Qlg1XjJJ1rdtR/XeLrr+4MH4J17B73JDk=;
        fh=GKTWQdtsTNcMx6J5Gq8P9YvHh7TJJnxHNtaIndOIzIU=;
        b=S9JL+mkxBrhVIzcdCeimsCOnT0FJfmttdiuA+Ntni9NNn/jEpGBd35yZ2Y3eh2msvs
         gsvizusxcJ5aWQlvlbOhnWPyixACzHjukiHVD4wWQKzNxml2RG0XVRjWHKqPEozKxEJn
         bz5cacqnMmLV0IzFrabsFaulbhmEMl0uZyPbM3UMaxeUa1Z5RXAIMP5ThLeTYXtWDWhd
         ZiGb/3r3oXaa4DvDoMNG/GfePzhXHe4nbArmDa2D17VMXlHArUa83brUseDpS5mA8ZSn
         4C5bbB7LnAnpfYtuZPJkXiL+dfAlat7UI3/2Q3Jhq28aFRe4ejMVhLQ8fm0wn+TMxM+M
         TCTw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=sRLRGRrl;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:1 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from morse.vger.email (morse.vger.email. [2620:137:e000::3:1])
        by mx.google.com with ESMTPS id d15-20020a65620f000000b005b8eaeabf49si3701290pgv.178.2023.12.01.08.58.39
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 01 Dec 2023 08:58:39 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:1 as permitted sender) client-ip=2620:137:e000::3:1;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=sRLRGRrl;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:1 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0])
	by morse.vger.email (Postfix) with ESMTP id 7069A80AFE93;
	Fri,  1 Dec 2023 08:58:37 -0800 (PST)
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.103.11 at morse.vger.email
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S230207AbjLAQ6Y (ORCPT <rfc822;abelvesa@gmail.com> + 99 others);
        Fri, 1 Dec 2023 11:58:24 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56074 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S229888AbjLAQ6U (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 1 Dec 2023 11:58:20 -0500
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7B403173B
        for <linux-kernel@vger.kernel.org>; Fri,  1 Dec 2023 08:58:18 -0800 (PST)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id DBCD1C433C9;
        Fri,  1 Dec 2023 16:58:17 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=k20201202; t=1701449898;
        bh=g6SxzACtr+rLXraxPSFcLrZbpvVcT8akURcyTpfXFm0=;
        h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
        b=sRLRGRrlLfd1e1SvG5DMc9yvLGFHvtVKvMU5JQrHnDLbNvwdwPgXUwZNPMPJJb2x+
         bVb54PNV8djtst2Ay9XgHjLNYZBrgCp/fyHQyWRjMHI3rZ3TIPtiex+YFh2jt4RD6W
         Q6QfmB/Uab76eu7KLa5G5A48cMSKmPTfG9PzDLy2ZfJkRs0CDxnSgBC4NCOaXz5D0h
         ALORRZNgrQLB+KQE/H4EXmHrioloqtkoVPXahAJU50kZKV0stbmWqsraRTWMrtgjSP
         6chtXX+gZIafMm1YbuuUBwfMs/IBGVQvhsGwy0P7vuRzajijyUZgGQx49IYeYteSrK
         T0c1e74d4sodQ==
Date:   Fri, 1 Dec 2023 09:58:16 -0700
From:   Nathan Chancellor <nathan@kernel.org>
To:     Borislav Petkov <bp@alien8.de>
Cc:     X86 ML <x86@kernel.org>, LKML <linux-kernel@vger.kernel.org>
Subject: Re: [RFC PATCH] x86/Kconfig: Disable KASLR on debug builds
Message-ID: <20231201165816.GA2968051@dev-arch.thelio-3990X>
References: <20231130120552.6735-1-bp@alien8.de>
 <20231130181051.GA3357088@dev-arch.thelio-3990X>
 <20231130193428.GNZWjjxKJ38Ruh7puz@fat_crate.local>
 <20231201161610.GA2948377@dev-arch.thelio-3990X>
 <20231201162443.GBZWoIywsIqB+SNh9n@fat_crate.local>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20231201162443.GBZWoIywsIqB+SNh9n@fat_crate.local>
X-Spam-Status: No, score=-1.2 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI,
	SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable
	autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on morse.vger.email
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (morse.vger.email [0.0.0.0]); Fri, 01 Dec 2023 08:58:37 -0800 (PST)

On Fri, Dec 01, 2023 at 05:24:43PM +0100, Borislav Petkov wrote:
> On Fri, Dec 01, 2023 at 09:16:10AM -0700, Nathan Chancellor wrote:
> > Right, this is the diff of Fedora's configuration before and after this
> > change:
> 
> Sorry, but what's the point of a .config which has EXPERT, DEBUG_KERNEL
> *and* KASLR enabled?

I am not really here to argue whether or not this is a "valid"
combination of configurations, I am just pointing out that your patch
will change the status quo for more people than just the x86
maintainers.

> Debugging the kernel with KASLR enabled is a futile exercise in time
> waste. You should either enable KASLR and disable DEBUG_KERNEL or the
> opposite. Both make very little sense to me.

I agree that debugging the kernel with KASLR enabled is useless but
isn't that the point of having the ability to opt out of it at runtime
so that you could debug the exact same binary that a user is running,
rather than having to manage two different builds?

> Or, if there really is a valid reason for having DEBUG_KERNEL *and*
> KASLR enabled, I can probably suggest another option under DEBUG_KERNEL
> which says "Do stable virtual addresses" and which disables KASLR. At
> least we'll have it explicit.

That does not seem unreasonable to me. Another alternative would be to
add a simple config fragment in arch/x86/configs so that it could
easily be flipped during a build like:

$ cat arch/x86/configs/nokaslr.config
# CONFIG_RANDOMIZE_BASE is not set

$ make -skj"$(nproc)" ARCH=x86_64 defconfig

$ grep CONFIG_RANDOMIZE_BASE .config
CONFIG_RANDOMIZE_BASE=y

$ make -skj"$(nproc)" ARCH=x86_64 nokaslr.config

$ grep CONFIG_RANDOMIZE_BASE .config
# CONFIG_RANDOMIZE_BASE is not set

Cheers,
Nathan