3rd-party/linux-kernel-module-cheat
1
0
Fork 0
mirror of https://github.com/cirosantilli/linux-kernel-module-cheat.git synced 2026-01-28 04:24:26 +01:00
Code Issues Releases Wiki Activity

build: -c to enable a single linux kernel config

Browse Source 
Disable CONFIG_FORTIFY_SOURCE=y by default as it might incur overhead,
enable CONFIG_FRAMEBUFFER_CONSOLE_ROTATION=y as it should not.
This commit is contained in:
Ciro Santilli
2018-05-05 11:50:22 +01:00
parent 149ab9302b
commit c735790099
4 changed files with 39 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
README.adoc
View File

@@ -2134,6 +2134,14 @@ If you want to just use your own exact `.config` instead, do:
Beware that Buildroot can `sed` override some of the configurations we make no matter what, e.g. it forces `CONFIG_BLK_DEV_INITRD=y` when `BR2_TARGET_ROOTFS_CPIO` is on, so you might want to double check as explained at <<find-the-kernel-config>>. TODO check if there is a way to prevent that patching and maybe patch Buildroot for it, it is too fuzzy. People should be able to just build with whatever `.config` they want. Beware that Buildroot can `sed` override some of the configurations we make no matter what, e.g. it forces `CONFIG_BLK_DEV_INITRD=y` when `BR2_TARGET_ROOTFS_CPIO` is on, so you might want to double check as explained at <<find-the-kernel-config>>. TODO check if there is a way to prevent that patching and maybe patch Buildroot for it, it is too fuzzy. People should be able to just build with whatever `.config` they want.
==== Modify a config option
Only effective for the current build:
....
./build -c 'CONFIG_FORTIFY_SOURCE=y' -l
....
==== Find the kernel config ==== Find the kernel config
Ge the build config in guest: Ge the build config in guest:
@@ -2887,15 +2895,15 @@ Stop the cursor from blinking:
echo 0 > /sys/class/graphics/fbcon/cursor_blink echo 0 > /sys/class/graphics/fbcon/cursor_blink
.... ....
Rotate the console 90 degrees! Rotate the console 90 degrees! https://askubuntu.com/questions/237963/how-do-i-rotate-my-display-when-not-using-an-x-server
.... ....
echo 1 > /sys/class/graphics/fbcon/rotate echo 1 > /sys/class/graphics/fbcon/rotate
.... ....
Requires `CONFIG_FRAMEBUFFER_CONSOLE_ROTATION=y`. Relies on: `CONFIG_FRAMEBUFFER_CONSOLE_ROTATION=y`.
Documented under: `fb/`. Documented under: `Documentation/fb/`.
TODO: font and keymap. Mentioned at: https://cmcenroe.me/2017/05/05/linux-console.html and I think can be done with Busybox `loadkmap` and `loadfont`, we just have to understand their formats, related: TODO: font and keymap. Mentioned at: https://cmcenroe.me/2017/05/05/linux-console.html and I think can be done with Busybox `loadkmap` and `loadfont`, we just have to understand their formats, related:
@@ -2995,17 +3003,25 @@ Looks like a recompile is needed to modify the image...
* https://superuser.com/questions/736423/changing-kernel-bootsplash-image * https://superuser.com/questions/736423/changing-kernel-bootsplash-image
* https://unix.stackexchange.com/questions/153975/how-to-change-boot-logo-in-linux-mint * https://unix.stackexchange.com/questions/153975/how-to-change-boot-logo-in-linux-mint
=== Hardening === LInux kernel hardening
Make it harder to get hacked and easier to notice that you were, at the cost of some (small?) runtime overhead. Make it harder to get hacked and easier to notice that you were, at the cost of some (small?) runtime overhead.
==== CONFIG_FORTIFY_SOURCE ==== CONFIG_FORTIFY_SOURCE
Enable:
.... ....
insmod /strlen_overflow.ko ./build -c 'CONFIG_FORTIFY_SOURCE=y'
.... ....
detects the overflow: Test it out:
....
./run -F 'insmod /strlen_overflow.ko'
....
Detects the overflow:
.... ....
<4>[ 3.136382] strlen_overflow: loading out-of-tree module taints kernel. <4>[ 3.136382] strlen_overflow: loading out-of-tree module taints kernel.

18
build
View File

@@ -2,10 +2,13 @@
set -eu set -eu
. common . common
set -- ${cli_build:-} "$@" set -- ${cli_build:-} "$@"
br2_cli_file="${out_dir}/br2_cli"
mkdir -p "${out_dir}" mkdir -p "${out_dir}"
br2_cli_file="${out_dir}/br2_cli"
rm -f "$br2_cli_file" rm -f "$br2_cli_file"
touch "$br2_cli_file" touch "$br2_cli_file"
kernel_config_fragment_cli_file="${out_dir}/kernel_config_fragment_cli"
rm -f "$kernel_config_fragment_cli_file"
touch "$kernel_config_fragment_cli_file"
configure=true configure=true
config_fragments="${root_dir}/br2" config_fragments="${root_dir}/br2"
extra_make_args= extra_make_args=
@@ -16,20 +19,23 @@ post_script_args=
qemu_sdl='--enable-sdl --with-sdlabi=2.0' qemu_sdl='--enable-sdl --with-sdlabi=2.0'
suffix= suffix=
v=0 v=0
while getopts 'a:B:b:CGgj:hIiK:klp:qSs:v' OPT; do while getopts 'a:B:b:Cc:Ggj:hIiK:klp:qSs:v' OPT; do
case "$OPT" in case "$OPT" in
a) a)
arch="$OPTARG" arch="$OPTARG"
;; ;;
b)
config_fragments="${config_fragments} $(common_abspath "${OPTARG}")"
;;
B) B)
echo "$OPTARG" >> "$br2_cli_file" echo "$OPTARG" >> "$br2_cli_file"
;; ;;
b)
config_fragments="${config_fragments} $(common_abspath "${OPTARG}")"
;;
C) C)
configure=false configure=false
;; ;;
c)
echo "$OPTARG" >> "$kernel_config_fragment_cli_file"
;;
g) g)
extra_make_args="${extra_make_args} gem5-reconfigure \\ extra_make_args="${extra_make_args} gem5-reconfigure \\
" "
@@ -142,7 +148,7 @@ BR2_ROOTFS_POST_SCRIPT_ARGS=\"${post_script_args}\"
else else
d=../kernel_config_fragment d=../kernel_config_fragment
f="${d}/min" f="${d}/min"
printf "BR2_LINUX_KERNEL_CONFIG_FRAGMENT_FILES=\"${f} ${d}/default\"\n" >> "$config_file" printf "BR2_LINUX_KERNEL_CONFIG_FRAGMENT_FILES=\"${f} ${d}/default ${kernel_config_fragment_cli_file}\"\n" >> "$config_file"
if "${linux_reconfigure}"; then if "${linux_reconfigure}"; then
# https://stackoverflow.com/questions/49260466/why-when-i-change-br2-linux-kernel-custom-config-file-and-run-make-linux-reconfi # https://stackoverflow.com/questions/49260466/why-when-i-change-br2-linux-kernel-custom-config-file-and-run-make-linux-reconfi
touch "$f" touch "$f"

7
build-usage.adoc
View File

@@ -10,14 +10,15 @@
|=== |===
|Name |Argument name |Description |Name |Argument name |Description
|`-a` |`ARCH` |Build for architecture `ARCH`. |`-a` |`ARCH` |Build for architecture `ARCH`.
|`-b` |`BR2_FILE` |Also use the given Buildroot configuration fragment file.
Pass multiple times to use multiple fragment files.
|`-B` |`BR2_CONFIG` |Add a single Buildroot option to the current build. |`-B` |`BR2_CONFIG` |Add a single Buildroot option to the current build.
Example: `-B 'BR2_TARGET_ROOTFS_EXT2_SIZE="512M"'` Example: `-B 'BR2_TARGET_ROOTFS_EXT2_SIZE="512M"'`
|`-c` |`BR2_FILE` |Also use the given Buildroot configuration fragment file. |`-b` |`BR2_FILE` |Also use the given Buildroot configuration fragment file.
Pass multiple times to use multiple fragment files. Pass multiple times to use multiple fragment files.
|`-C` | |Skip the Buildroot configuration. Saves a few seconds, |`-C` | |Skip the Buildroot configuration. Saves a few seconds,
but requires you to know what you are doing :-) but requires you to know what you are doing :-)
|`-c` |`CONFIG_SOMETHING` |Also use the given Linux kernel configuration, example:
`./build -c 'CONFIG_FORTIFY_SOURCE=y'`
Can be used multiple times for multiple configs.
|`-g` | |Enable gem5 build or force its rebuild. |`-g` | |Enable gem5 build or force its rebuild.
|`-h` | |Show this help message. |`-h` | |Show this help message.
|`-I` | |Enable initramfs for the current build. |`-I` | |Enable initramfs for the current build.

5
kernel_config_fragment/default
View File

@@ -77,7 +77,7 @@ CONFIG_VIRTIO_BLK=y
CONFIG_VIRTIO_NET=y CONFIG_VIRTIO_NET=y
# Misc # Misc
#CONFIG_FRAMEBUFFER_CONSOLE_ROTATION=y CONFIG_FRAMEBUFFER_CONSOLE_ROTATION=y
## Networking ## Networking
@@ -197,6 +197,3 @@ CONFIG_ARM64_PTDUMP=y
# For record and replay. # For record and replay.
CONFIG_8139CP=y CONFIG_8139CP=y
# Hardening
CONFIG_FORTIFY_SOURCE=y