- And how it can help fight linux kernel ABI breakages

Samikshan BairagyaBy,

{#,@}samikshan

Introducing 'spartakus'

Content available under Attribution-ShareAlike 3.0 Unported (CC BY-SA 3.0)

Topics to cover

● What is kernel ABI● Why does kABI matter● How to track kABI breakages● Static code analysis using genksyms

● Issues with genksyms● Semantic code analysis using sparse (spartakus)

What is ABI?

● ABI == Application Binary Interface● Like API, but at binary level● Interface for application to use external library,

OS at binary level.● If ABI does not change, applications compiled

against that ABI do not need recompilation

Linux kernel ABI?

Binary interface exported by linux kernel and accompanying kernel modules

EXPORT_SYMBOL

~/r/k/linux-3.14> grep -Rn "EXPORT_SYMBOL" .

./kernel/async.c:303:EXPORT_SYMBOL_GPL(async_synchronize_cookie_domain);

./kernel/async.c:316:EXPORT_SYMBOL_GPL(async_synchronize_cookie);

./kernel/gcov/base.c:52:EXPORT_SYMBOL(__gcov_init);

./kernel/gcov/base.c:62:EXPORT_SYMBOL(__gcov_flush);

./kernel/gcov/base.c:68:EXPORT_SYMBOL(__gcov_merge_add);

./kernel/gcov/base.c:74:EXPORT_SYMBOL(__gcov_merge_single);

./kernel/gcov/base.c:80:EXPORT_SYMBOL(__gcov_merge_delta);

./kernel/gcov/base.c:86:EXPORT_SYMBOL(__gcov_merge_ior);

./kernel/tracepoint.c:395:EXPORT_SYMBOL_GPL(tracepoint_probe_register);

./kernel/tracepoint.c:439:EXPORT_SYMBOL_GPL(tracepoint_probe_unregister);

Why strive for kABI stability

● kABI instability does not provide a welcoming third party environment to the hardware manufacturers

● Stable kABI means– Third party modules don't break and recompilation

against the changed ABI won't be needed– Specially important for enterprise Linux vendors

How to track kernel ABI

● ABI checksum information (modversions) for exported kernel symbols

– Information stored in Module.symvers file– Generated during kernel build process using genksyms

Module.symvers

$ cat /usr/src/kernels/4.0.4-303.fc22.x86_64/Module.symvers

0x00000000 iscsi_host_add drivers/scsi/libiscsi EXPORT_SYMBOL_GPL

0x00000000 mpt_deregister drivers/message/fusion/mptbase EXPORT_SYMBOL

0x00000000 tm6000_set_reg_mask drivers/media/usb/tm6000/tm6000 EXPORT_SYMBOL_GPL

0x00000000 kvm_get_cs_db_l_bits arch/x86/kvm/kvm EXPORT_SYMBOL_GPL

0x00000000 ipv6_chk_custom_prefix vmlinux EXPORT_SYMBOL

0x00000000 sata_pmp_error_handler vmlinux EXPORT_SYMBOL_GPL

0x00000000 __cleancache_invalidate_page vmlinux EXPORT_SYMBOL

0x00000000 pcmcia_reset_card vmlinux EXPORT_SYMBOL

0x00000000 unregister_vt_notifier vmlinux EXPORT_SYMBOL_GPL

0x00000000 kmem_cache_alloc vmlinux EXPORT_SYMBOL

0x00000000 replace_page_cache_page vmlinux EXPORT_SYMBOL_GPL

0x00000000 __cond_resched_softirq vmlinux EXPORT_SYMBOL

genksyms

● Generates checksums for exported kernel symbols during build process

● Static code analysis● Part of the linux kernel source code

● tools/genksyms/

genksyms - issues

Strict string processing of kernel symbol definition prototypes leads to false positives at times

genksyms generates different checksums for structs/unions for declarations which are semantically same

genksyms – issues (contd)

genksyms – issues (contd)

● 2 semantically same struct declarations should not lead to a change in kABI

● But due to strict string processing in genksyms, checksums generated for these 2 declarations are different

struct list_head {

struct list_head *next, *prev;

};

struct list_head {

struct list_head *next;

struct list_head *prev;

};

Misleading checksums generated for variables specified as unsigned/signed of no particular data type.

● Both declarations above are semantically similar● genksyms fails to identify this

genksyms – issues (contd)

'unsigned foo' and 'unsigned int foo'

Possible solution?

spartakus - Using sparse for semantic processing of linux source code

Using spartakus to generate checksums through semantic processing of source code eliminates such issues

● ‘unsigned foo’ is converted to ‘unsigned int foo’ and then processed to get the corresponding checksum

● Semantically similar struct/union declarations are treated as same and different checksums are not generated

Wait, but what is spartakus?● A fork of sparse

– 'semantic parser of source files– creates a semantic parse tree for further

analysis● Provides additional binary 'check_kabi'

– Generates checksums for exported kernel symbols like genksyms during kernel build time

Is spartakus ready yet?

$ git clone https://github.com/samikshan/spartakus.git

– Contribute– License: GPLv2

Some URLs for reference:● Sparse:

– http://kernelnewbies.org/Sparse● Kernel ABI

– http://kernelnewbies.org/ABI– http://www.jonmasters.org/blog/2007/06/16/ludi

crously-technical-kernel-abi-tracking/

Questions?

Content available under Attribution-ShareAlike 3.0 Unported (CC BY-SA 3.0)

samikshan@gmail.comContact:

Thanks