Re: [PATCH -tip perf/probes 00/10] x86 insn decoder bugfixes
From: Ingo Molnar
Date: Tue Nov 03 2009 - 02:25:30 EST
* Roland McGrath <roland@xxxxxxxxxx> wrote:
> > Thirdly, i think we should expose the build-id of the kernel and the
> > path to the vmlinux (and modules) via /proc/build-id or so. That way
> > tooling can find the vmlinux file and can validate that it matches
> > the kernel's signature. (maybe include a file date as well - that's
> > a faster check than a full build-id checksum, especially for large
> > kernels)
> You seem to be confused about what build IDs are. There is no
> "checksum validation". Once the bits are stored there is no
> calculation ever done again, only exact comparison with an expected
> build ID bitstring. The size of an object file is immaterial.
> As Frank mentioned, the kernel's and modules' allocated ELF notes (and
> thus build IDs) are already exposed in /sys. Tools like "eu-unstrip
> -nk" use this information today.
Ah, i didnt realize we link with --build-id already, unconditonally,
since v2.6.23 (if ld supports it):
| From 18991197b4b588255ccabf472ebc84db7b66a19c Mon Sep 17 00:00:00 2001
| From: Roland McGrath <roland@xxxxxxxxxx>
| Date: Thu, 19 Jul 2007 01:48:40 -0700
| Subject: [PATCH] Use --build-id ld option
| This change passes the --build-id when linking the kernel and when
| linking modules, if ld supports it. This is a new GNU ld option that
| synthesizes an ELF note section inside the read-only data. The note in
| this section contains unique identifying bits called the "build ID",
| which are generated so as to be different for any two linked ELF files
| that aren't identical.
So we have an SHA1 build-id already on the vmlinux and on modules, and
it's exposed in /sys/*/*/notes. Just have to make use of it in
The other useful addition i mentioned isnt implemented yet: to emit an
ELF note of the absolute path of the output directory the kernel was
built in as well. This information is not available right now, and it
would be a place to look in to search for the vmlinux and the modules.
What do you think? Also, if we do this, is there a standard way to name
it , or should i just pick a suitably new, Linux-specific name for that?
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/