link time analysis for the kernel.

link time analysis for the kernel.

[Carter Cheng]

Hi,

There are some detaills about the current procedures for linking the kernel
that I am unfamiliar with. My understanding is that GCC and Clang both have
the ability to do link time analysis and transforms on code but is it
possible to write link time passes that will run on the kernel since the
linking phase is a bit different (i.e. doesnt produce an ELF file)?

Regards,

Carter.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kernelnewbies.org/pipermail/kernelnewbies/attachments/20181011/64f37698/attachment-0001.html>

Fwd: link time analysis for the kernel.

[Carter Cheng]

[-- Attachment #1: Type: text/plain, Size: 1006 bytes --]

---------- Forwarded message ---------
From: Carter Cheng <cartercheng@gmail.com>
Date: Thu, Oct 11, 2018 at 9:45 PM
Subject: link time analysis for the kernel.
To: <kernelnewbies@kernelnewbies.org>


Hi,

There are some detaills about the current procedures for linking the kernel
that I am unfamiliar with. My understanding is that GCC and Clang both have
the ability to do link time analysis and transforms on code but is it
possible to write link time passes that will run on the kernel since the
linking phase is a bit different (i.e. doesnt produce an ELF file)?

Are there other tools that are used for the purpose of analysing the kernel
and patching it? I have encountered a tool called Coccinelle but I am
uncertain if CTL can be used to simulate the analysis I would need for
adding and eliding runtime checks on various pointer operations.

I assume from previous discussions that the gcc would be best since clang
still doesn't correctly compile the kernel without patches.

Regards,

Carter.

[-- Attachment #2: Type: text/html, Size: 1536 bytes --]

Re: link time analysis for the kernel.

[Kees Cook]

On Thu, Oct 11, 2018 at 9:38 AM, Carter Cheng <cartercheng@gmail.com> wrote:
> There are some detaills about the current procedures for linking the kernel
> that I am unfamiliar with. My understanding is that GCC and Clang both have
> the ability to do link time analysis and transforms on code but is it
> possible to write link time passes that will run on the kernel since the
> linking phase is a bit different (i.e. doesnt produce an ELF file)?

I think you'd need to build with LTO for this to work. I'm not sure
what the state of gcc and LTO against the kernel is right now, but it
works under Clang[0] with some patches[1].

For gcc, once you get LTO working, I assume you'd want to write a
linker plugin[2].

>
> Are there other tools that are used for the purpose of analysing the kernel
> and patching it? I have encountered a tool called Coccinelle but I am
> uncertain if CTL can be used to simulate the analysis I would need for
> adding and eliding runtime checks on various pointer operations.

Coccinelle isn't a linker, but rather a static analysis and semantic
patching tool. It's possible it might be able to do what you need,
though. What are you working on, specifically?

> I assume from previous discussions that the gcc would be best since clang
> still doesn't correctly compile the kernel without patches.

Building the kernel for arm64 works well with Clang. Doing x86 builds
requires a little more work, but that should be solved soon only
asm-goto support lands (it's under development now...)

-Kees

[0] https://llvm.org/docs/LinkTimeOptimization.html
[1] https://android-review.googlesource.com/q/topic:android-4.14-lto
[2] https://www.cleancss.com/explain-command/gcc/79600

-- 
Kees Cook
Pixel Security

link time analysis for the kernel.

[o at goosey.org]

An HTML attachment was scrubbed...
URL: <http://lists.kernelnewbies.org/pipermail/kernelnewbies/attachments/20181011/1fba1b03/attachment.html>

Re: link time analysis for the kernel.

[Carter Cheng]

[-- Attachment #1: Type: text/plain, Size: 2279 bytes --]

Thanks for the detailed reply. I actually am exploring whether it's
feasible perhaps in the coming months for me to look at implementing some
kind of automatic solution to the memory safety issue. I posted about this
briefly before earlier this month on the mailing list. I am currently
reviewing the relevant papers I have found and doing some exploratory
thinking about the problem.

On Fri, Oct 12, 2018 at 12:59 AM Kees Cook <keescook@chromium.org> wrote:

> On Thu, Oct 11, 2018 at 9:38 AM, Carter Cheng <cartercheng@gmail.com>
> wrote:
> > There are some detaills about the current procedures for linking the
> kernel
> > that I am unfamiliar with. My understanding is that GCC and Clang both
> have
> > the ability to do link time analysis and transforms on code but is it
> > possible to write link time passes that will run on the kernel since the
> > linking phase is a bit different (i.e. doesnt produce an ELF file)?
>
> I think you'd need to build with LTO for this to work. I'm not sure
> what the state of gcc and LTO against the kernel is right now, but it
> works under Clang[0] with some patches[1].
>
> For gcc, once you get LTO working, I assume you'd want to write a
> linker plugin[2].
>
> >
> > Are there other tools that are used for the purpose of analysing the
> kernel
> > and patching it? I have encountered a tool called Coccinelle but I am
> > uncertain if CTL can be used to simulate the analysis I would need for
> > adding and eliding runtime checks on various pointer operations.
>
> Coccinelle isn't a linker, but rather a static analysis and semantic
> patching tool. It's possible it might be able to do what you need,
> though. What are you working on, specifically?
>
> > I assume from previous discussions that the gcc would be best since clang
> > still doesn't correctly compile the kernel without patches.
>
> Building the kernel for arm64 works well with Clang. Doing x86 builds
> requires a little more work, but that should be solved soon only
> asm-goto support lands (it's under development now...)
>
> -Kees
>
> [0] https://llvm.org/docs/LinkTimeOptimization.html
> [1] https://android-review.googlesource.com/q/topic:android-4.14-lto
> [2] https://www.cleancss.com/explain-command/gcc/79600
>
> --
> Kees Cook
> Pixel Security
>

[-- Attachment #2: Type: text/html, Size: 3080 bytes --]

link time analysis for the kernel.

[Carter Cheng]

Actually I have compiled and installed kernels before. I am wondering
however if LTO still works for compiling kernel images on clang or gcc
since my understanding is the kernel code includes a kernel loader which
loads the ELF format but the image of an OS kernel is loaded either
directly or via a bootloader which my understanding is cannot read ELF(is
this correct?).



On Fri, Oct 12, 2018 at 2:02 AM <o@goosey.org> wrote:

>
>
> 11.10.2018, 17:48, "Carter Cheng" <cartercheng@gmail.com>:
>
> Hi,
>
>
>
> Hello,
>
> I want to ask pardon me and have you ever compiled a linux kernel?
> In my opinion you should first examine gcc ld and make process :)
>
> The elf format executable format and  the process after compiling the c
> code.
> Please read:
>
> http://www.ntu.edu.sg/home/ehchua/programming/cpp/gcc_make.html
>
> keep calm and go step by step and continue to learn c, gcc, ld, make, c
> code compile to machine code.
>
> Ozgur
>
>
>
>
> There are some detaills about the current procedures for linking the
> kernel that I am unfamiliar with. My understanding is that GCC and Clang
> both have the ability to do link time analysis and transforms on code but
> is it possible to write link time passes that will run on the kernel since
> the linking phase is a bit different (i.e. doesnt produce an ELF file)?
>
> Regards,
>
> Carter.
> ,
>
> _______________________________________________
> Kernelnewbies mailing list
> Kernelnewbies at kernelnewbies.org
> https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kernelnewbies.org/pipermail/kernelnewbies/attachments/20181012/bcf8c058/attachment.html>

link time analysis for the kernel.

[Ozgur]

An HTML attachment was scrubbed...
URL: <http://lists.kernelnewbies.org/pipermail/kernelnewbies/attachments/20181011/82e4aecf/attachment.html>

link time analysis for the kernel.

[Ozgur]

An HTML attachment was scrubbed...
URL: <http://lists.kernelnewbies.org/pipermail/kernelnewbies/attachments/20181011/b4401ed3/attachment.html>

link time analysis for the kernel.

[Carter Cheng]

sorry not a kernel loader but an ELF loader.

On Fri, Oct 12, 2018 at 2:55 AM Carter Cheng <cartercheng@gmail.com> wrote:

> Actually I have compiled and installed kernels before. I am wondering
> however if LTO still works for compiling kernel images on clang or gcc
> since my understanding is the kernel code includes a kernel loader which
> loads the ELF format but the image of an OS kernel is loaded either
> directly or via a bootloader which my understanding is cannot read ELF(is
> this correct?).
>
>
>
> On Fri, Oct 12, 2018 at 2:02 AM <o@goosey.org> wrote:
>
>>
>>
>> 11.10.2018, 17:48, "Carter Cheng" <cartercheng@gmail.com>:
>>
>> Hi,
>>
>>
>>
>> Hello,
>>
>> I want to ask pardon me and have you ever compiled a linux kernel?
>> In my opinion you should first examine gcc ld and make process :)
>>
>> The elf format executable format and  the process after compiling the c
>> code.
>> Please read:
>>
>> http://www.ntu.edu.sg/home/ehchua/programming/cpp/gcc_make.html
>>
>> keep calm and go step by step and continue to learn c, gcc, ld, make, c
>> code compile to machine code.
>>
>> Ozgur
>>
>>
>>
>>
>> There are some detaills about the current procedures for linking the
>> kernel that I am unfamiliar with. My understanding is that GCC and Clang
>> both have the ability to do link time analysis and transforms on code but
>> is it possible to write link time passes that will run on the kernel since
>> the linking phase is a bit different (i.e. doesnt produce an ELF file)?
>>
>> Regards,
>>
>> Carter.
>> ,
>>
>> _______________________________________________
>> Kernelnewbies mailing list
>> Kernelnewbies at kernelnewbies.org
>> https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kernelnewbies.org/pipermail/kernelnewbies/attachments/20181012/cd08d696/attachment-0001.html>

link time analysis for the kernel.

[valdis.kletnieks at vt.edu]

On Thu, 11 Oct 2018 21:45:16 +0800, Carter Cheng said:

> There are some detaills about the current procedures for linking the kernel
> that I am unfamiliar with. My understanding is that GCC and Clang both have
> the ability to do link time analysis and transforms on code but is it
> possible to write link time passes that will run on the kernel since the
> linking phase is a bit different (i.e. doesnt produce an ELF file)?

The fact that the kernel gets linked is an existence proof that it is possible
to do link time processing on the kernel.

There's no LTO support in the stock 4.19 tree, but Andi Kleen did a patchset
for 4.15, and there's another patchset to enable LTO when using Clang rather
than gcc. (I haven't tried either one, don't use on a production machine, as
the resulting kernel may crash, eat filesystems, and/or turn your dog green...)

Note that 'vmlinux' is a statically linked ELF binary. That  plus a bootstrap
code gets merged to create a bzImage or similar thing that can be loaded by
Grub2 or whatever boot loader.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 486 bytes
Desc: not available
URL: <http://lists.kernelnewbies.org/pipermail/kernelnewbies/attachments/20181011/c8de1582/attachment.sig>

link time analysis for the kernel.

[Carter Cheng]

I managed to find some information on this from Prof John Criswell who did
something similar for his dissertation but I do wonder how complicated the
make files for building the kernel are since the method he used would
require using llvm-link to stitch together all the different object
files(bitcode) into a single file and then convert them into machine code
at one go.

On Fri, Oct 12, 2018 at 10:20 AM <valdis.kletnieks@vt.edu> wrote:

> On Thu, 11 Oct 2018 21:45:16 +0800, Carter Cheng said:
>
> > There are some detaills about the current procedures for linking the
> kernel
> > that I am unfamiliar with. My understanding is that GCC and Clang both
> have
> > the ability to do link time analysis and transforms on code but is it
> > possible to write link time passes that will run on the kernel since the
> > linking phase is a bit different (i.e. doesnt produce an ELF file)?
>
> The fact that the kernel gets linked is an existence proof that it is
> possible
> to do link time processing on the kernel.
>
> There's no LTO support in the stock 4.19 tree, but Andi Kleen did a
> patchset
> for 4.15, and there's another patchset to enable LTO when using Clang
> rather
> than gcc. (I haven't tried either one, don't use on a production machine,
> as
> the resulting kernel may crash, eat filesystems, and/or turn your dog
> green...)
>
> Note that 'vmlinux' is a statically linked ELF binary. That  plus a
> bootstrap
> code gets merged to create a bzImage or similar thing that can be loaded by
> Grub2 or whatever boot loader.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kernelnewbies.org/pipermail/kernelnewbies/attachments/20181012/2a86a44a/attachment.html>

link time analysis for the kernel.

[Ozgur]

An HTML attachment was scrubbed...
URL: <http://lists.kernelnewbies.org/pipermail/kernelnewbies/attachments/20181012/fe1c71aa/attachment.html>