From patchwork Mon Aug 26 17:45:43 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Guinevere Larsen X-Patchwork-Id: 96512 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 89DC1385DDD9 for ; Mon, 26 Aug 2024 18:02:33 +0000 (GMT) X-Original-To: gdb-patches@sourceware.org Delivered-To: gdb-patches@sourceware.org Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by sourceware.org (Postfix) with ESMTP id 373B03858D26 for ; Mon, 26 Aug 2024 18:02:02 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 373B03858D26 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=redhat.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 373B03858D26 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1724695324; cv=none; b=Py9WfDv5Nf6WLbrc9NkiZetoeCReKbLydY056qo9/wMJ21oZLzhCZiOrwZqxXJs4mHTUq+ASSBTXHNgIVjLaqwEUxkCCPRhHHK39FJs5xee9NaH+YKfRTO2z3hbLdZ38HwhsuYmBImXSOHUEGYmic53DSGLvSFBcXvGjr8/ak1c= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1724695324; c=relaxed/simple; bh=f737sezQNQwh0fEY7SlDDMmrude03JGT+bR+rciqF30=; h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version; b=eIT5r+mZKIIfrEYekhNin5hGoZRu70CQm9dL9yTwI8eDbeYnAl15A4RrBL5XBYtV1sG9WyDcnu7uTx55cT90kSKTbRvM4x4lbaXMHMos9ztBz0ZfSuKSk+09Nmm6Vw39a8aZmG0x7O0W7c1x6wPgOO969QIlpGdUpcWDvZRDLMk= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1724695321; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=2jpG5ixbxhS6l6PKDy3uzdfgaMD2XgiTMLOrqGzwVX4=; b=RMCs5q80wcaqkCKqXs/UF6UMHrLzkIk60dN7lfFlywwZYL8WQ6Y6QmeW7sNwsWVKUxD8Tz zRo8guXdhXyXpwdxtylE688YopeJvO4Ai+irZ/yF2INhn984y5LAjZtFF4eJctC0vztt8i deGy874CglrtMskf5qBzMiPTCpCHFdk= Received: from mx-prod-mc-05.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-199-YJWlOSERMGefAhkN5_H1Tg-1; Mon, 26 Aug 2024 14:02:00 -0400 X-MC-Unique: YJWlOSERMGefAhkN5_H1Tg-1 Received: from mx-prod-int-04.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-04.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.40]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id A5ECF1955BF2 for ; Mon, 26 Aug 2024 18:01:59 +0000 (UTC) Received: from fedora.redhat.com (unknown [10.96.134.120]) by mx-prod-int-04.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 2AB1319560A3; Mon, 26 Aug 2024 18:01:57 +0000 (UTC) From: Guinevere Larsen To: gdb-patches@sourceware.org Cc: Guinevere Larsen Subject: [RFC][PATCH] gdb, configure: Add disable-readers option for configure Date: Mon, 26 Aug 2024 14:45:43 -0300 Message-ID: <20240826174542.546970-2-blarsen@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.0 on 10.30.177.40 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com X-Spam-Status: No, score=-11.5 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, KAM_SHORT, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE, SPF_NONE, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: gdb-patches@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Gdb-patches mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: gdb-patches-bounces~patchwork=sourceware.org@sourceware.org This is a proof-of-concept of a feature we've discussed internally for a bit of time, where users would be able to select debug information formats to not be readable by GDB. This comes from a security concern, since some readers are pretty old and haven't been touched in a while, but if they have vulnerabilities, they would make every GDB vulnerable. This makes it so downstreams don't have to scramble to fix every security issue, even for things that are extremely unlikely to be used. I'm not sure I like the way this selection works yet. The ideal way this features works for me is if we could say --disable-readers=foo,bar, however autoconf will always treat --disable-option as being an alias for --enable-option=no, so its impossible to do it that way. The choices then become either using --enable-readers (the approach of this patch) or adding a switch for every reader that can be disabled, which could pollute the help text. If anyone has opinions on which is best - or knows of an even better way to do this - I'm all ears. This is my first patch dealing with autotools after all... I'm also sending this as an RFC to see if people think this is a useful feature, before I go on to disentangle the many readers and allow for separate compilation, just in case this turns out to be a doomed project :-) --- GDB has support for many debug information formats, some which might be very unlikely to be found in some situations (such as the COFF format in linux). This commit introduces the option for a user to choose which formats GDB will support at build configuration time. This is especially useful to avoid possible security concerns with readers that aren't expected to be used at all, as debug info is one of the simplest vectors for an attacker to try and hit GDB with. This change also can reduce the size of the final binary, if that is a concern. In this patch, most readers are still considered mandatory as there is interdependence between what should be independent formats, but future patches should remove this interdependence and allow all the listed debug format to be independently enabled or disabled. The only reader that can be safely disabled at this point is xcoff, which shows no regressions in my fedora 40 machine. --- gdb/Makefile.in | 76 ++++++++++++++++++++++++-------------------- gdb/README | 3 ++ gdb/configure | 50 +++++++++++++++++++++++++++-- gdb/configure.ac | 37 +++++++++++++++++++++ gdb/configure.reader | 51 +++++++++++++++++++++++++++++ 5 files changed, 181 insertions(+), 36 deletions(-) create mode 100644 gdb/configure.reader diff --git a/gdb/Makefile.in b/gdb/Makefile.in index 13f512f5cad..c593afed92b 100644 --- a/gdb/Makefile.in +++ b/gdb/Makefile.in @@ -908,6 +908,46 @@ ALL_TARGET_OBS = \ xtensa-tdep.o \ z80-tdep.o +# Object files for reading specific types of debug information. +READER_OBS = @READER_OBS@ + +# All files that relate to GDB's ability to read debug information. +# Used with --enable-readers=all. +ALL_READER_OBS = \ + coff-pe-read.o \ + coffread.o \ + ctfread.o \ + dbxread.o \ + dwarf2/abbrev.o \ + dwarf2/abbrev-cache.o \ + dwarf2/ada-imported.o \ + dwarf2/aranges.o \ + dwarf2/attribute.o \ + dwarf2/comp-unit-head.o \ + dwarf2/cooked-index.o \ + dwarf2/cu.o \ + dwarf2/die.o \ + dwarf2/dwz.o \ + dwarf2/expr.o \ + dwarf2/frame-tailcall.o \ + dwarf2/frame.o \ + dwarf2/index-cache.o \ + dwarf2/index-common.o \ + dwarf2/index-write.o \ + dwarf2/leb.o \ + dwarf2/line-header.o \ + dwarf2/loc.o \ + dwarf2/macro.o \ + dwarf2/read.o \ + dwarf2/read-debug-names.o \ + dwarf2/read-gdb-index.o \ + dwarf2/section.o \ + dwarf2/stringify.o \ + mdebugread.o \ + mipsread.o \ + stabsread.o \ + xcoffread.o + # The following native-target dependent variables are defined on # configure.nat. NAT_FILE = @NAT_FILE@ @@ -1063,8 +1103,6 @@ COMMON_SFILES = \ c-varobj.c \ charset.c \ cli-out.c \ - coff-pe-read.c \ - coffread.c \ complaints.c \ completer.c \ copying.c \ @@ -1074,11 +1112,9 @@ COMMON_SFILES = \ cp-namespace.c \ cp-support.c \ cp-valprint.c \ - ctfread.c \ d-lang.c \ d-namespace.c \ d-valprint.c \ - dbxread.c \ dcache.c \ debug.c \ debuginfod-support.c \ @@ -1086,31 +1122,6 @@ COMMON_SFILES = \ disasm.c \ displaced-stepping.c \ dummy-frame.c \ - dwarf2/abbrev.c \ - dwarf2/abbrev-cache.c \ - dwarf2/ada-imported.c \ - dwarf2/aranges.c \ - dwarf2/attribute.c \ - dwarf2/comp-unit-head.c \ - dwarf2/cooked-index.c \ - dwarf2/cu.c \ - dwarf2/die.c \ - dwarf2/dwz.c \ - dwarf2/expr.c \ - dwarf2/frame-tailcall.c \ - dwarf2/frame.c \ - dwarf2/index-cache.c \ - dwarf2/index-common.c \ - dwarf2/index-write.c \ - dwarf2/leb.c \ - dwarf2/line-header.c \ - dwarf2/loc.c \ - dwarf2/macro.c \ - dwarf2/read.c \ - dwarf2/read-debug-names.c \ - dwarf2/read-gdb-index.c \ - dwarf2/section.c \ - dwarf2/stringify.c \ extract-store-integer.c \ eval.c \ event-top.c \ @@ -1162,7 +1173,6 @@ COMMON_SFILES = \ maint.c \ maint-test-options.c \ maint-test-settings.c \ - mdebugread.c \ mem-break.c \ memattr.c \ memory-map.c \ @@ -1170,7 +1180,6 @@ COMMON_SFILES = \ memtag.c \ minidebug.c \ minsyms.c \ - mipsread.c \ namespace.c \ objc-lang.c \ objfiles.c \ @@ -1212,7 +1221,6 @@ COMMON_SFILES = \ source.c \ source-cache.c \ split-name.c \ - stabsread.c \ stack.c \ std-regs.c \ symfile.c \ @@ -1884,7 +1892,6 @@ ALLDEPFILES = \ windows-tdep.c \ x86-nat.c \ x86-tdep.c \ - xcoffread.c \ xstormy16-tdep.c \ xtensa-config.c \ xtensa-linux-nat.c \ @@ -1906,7 +1913,8 @@ COMMON_OBS = $(DEPFILES) $(CONFIG_OBS) $(YYOBJ) \ $(SUBDIR_CLI_OBS) \ $(SUBDIR_MI_OBS) \ $(SUBDIR_TARGET_OBS) \ - $(SUBDIR_GCC_COMPILE_OBS) + $(SUBDIR_GCC_COMPILE_OBS) \ + $(READER_OBS) SUBDIRS = doc @subdirs@ data-directory CLEANDIRS = $(SUBDIRS) diff --git a/gdb/README b/gdb/README index d85c37d5d17..01754f61aea 100644 --- a/gdb/README +++ b/gdb/README @@ -403,6 +403,9 @@ more obscure GDB `configure' options are not listed here. specified list of targets. The special value `all' configures GDB for debugging programs running on any target it supports. +`--disable-readers=READER,READER,...' + Configure GDB to be unable to read some formats of debug information. + `--with-gdb-datadir=PATH' Set the GDB-specific data directory. GDB will look here for certain supporting files or scripts. This defaults to the `gdb' diff --git a/gdb/configure b/gdb/configure index 53eaad4f0e2..9855fecf781 100755 --- a/gdb/configure +++ b/gdb/configure @@ -760,6 +760,7 @@ HAVE_NATIVE_GCORE_TARGET TARGET_OBS AMD_DBGAPI_LIBS AMD_DBGAPI_CFLAGS +READER_OBS ENABLE_BFD_64_BIT_FALSE ENABLE_BFD_64_BIT_TRUE subdirs @@ -933,6 +934,7 @@ with_relocated_sources with_auto_load_dir with_auto_load_safe_path enable_targets +enable_readers enable_64_bit_bfd with_amd_dbgapi enable_tui @@ -1644,6 +1646,9 @@ Optional Features: --disable-nls do not use Native Language Support --enable-targets=TARGETS alternative target configurations + --enable-readers=DEBUG_READERS + enable the chosen debug information readers (default + 'all') --enable-64-bit-bfd 64-bit support (on hosts with narrower word sizes) --enable-tui enable full-screen terminal user interface (TUI) --enable-gdbtk enable gdbtk graphical user interface (GUI) @@ -11499,7 +11504,7 @@ else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<_LT_EOF -#line 11502 "configure" +#line 11507 "configure" #include "confdefs.h" #if HAVE_DLFCN_H @@ -11605,7 +11610,7 @@ else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<_LT_EOF -#line 11608 "configure" +#line 11613 "configure" #include "confdefs.h" #if HAVE_DLFCN_H @@ -24833,6 +24838,20 @@ esac fi +all_readers= +# Check whether --enable-readers was given. +if test "${enable_readers+set}" = set; then : + enableval=$enable_readers; case "${enableval}" in + yes | "") as_fn_error $? "enable-readers option must specify debuginfo readers or 'all'" "$LINENO" 5 + ;; + no) enable_readers= ;; + *) enable_readers=$enableval ;; +esac +else + all_readers=true +fi + + # Check whether --enable-64-bit-bfd was given. if test "${enable_64_bit_bfd+set}" = set; then : enableval=$enable_64_bit_bfd; case $enableval in #( @@ -24966,6 +24985,33 @@ if test x${all_targets} = xtrue; then fi fi +READER_OBS= + +for reader in `echo $enable_readers | sed 's/,/ /g'` +do + if test "$reader" = "all"; then + all_readers=true + fi + + . ${srcdir}/configure.reader +done + +if test "$all_readers" = "true"; then + READER_OBS='$(ALL_READER_OBS)' +else + # These are objfiles for debuginfo readers we hope to be able to disable + # at compile time some day, but we can't yet because of assumptions in the + # codebase. + required_readers="coffread.o coff-pe-read.o ctfread.o dbxread.o dwarf2/read.o mdebugread.o mipsread.o stabsread.o" + for req in $required_readers; do + if ! echo "$READER_OBS" | grep -wq "$req"; then + as_fn_error $? "\"$req is required to build GDB but it was not requested in: $READER_OBS\"" "$LINENO" 5 + fi + done +fi + + + # AMD debugger API support. diff --git a/gdb/configure.ac b/gdb/configure.ac index 8368fea0423..9d37568825c 100644 --- a/gdb/configure.ac +++ b/gdb/configure.ac @@ -187,6 +187,16 @@ AS_HELP_STRING([--enable-targets=TARGETS], [alternative target configurations]), *) enable_targets=$enableval ;; esac]) +all_readers= +AC_ARG_ENABLE(readers, +AS_HELP_STRING([--enable-readers=DEBUG_READERS], [enable the chosen debug information readers (default 'all')]), +[case "${enableval}" in + yes | "") AC_MSG_ERROR(enable-readers option must specify debuginfo readers or 'all') + ;; + no) enable_readers= ;; + *) enable_readers=$enableval ;; +esac], [all_readers=true]) + BFD_64_BIT # Provide defaults for some variables set by the per-host and per-target @@ -256,6 +266,33 @@ if test x${all_targets} = xtrue; then fi fi +READER_OBS= + +for reader in `echo $enable_readers | sed 's/,/ /g'` +do + if test "$reader" = "all"; then + all_readers=true + fi + + . ${srcdir}/configure.reader +done + +if test "$all_readers" = "true"; then + READER_OBS='$(ALL_READER_OBS)' +else + # These are objfiles for debuginfo readers we hope to be able to disable + # at compile time some day, but we can't yet because of assumptions in the + # codebase. + required_readers="coffread.o coff-pe-read.o ctfread.o dbxread.o dwarf2/read.o mdebugread.o mipsread.o stabsread.o" + for req in $required_readers; do + if ! echo "$READER_OBS" | grep -wq "$req"; then + AC_MSG_ERROR("$req is required to build GDB but it was not requested in: $READER_OBS") + fi + done +fi + +AC_SUBST(READER_OBS) + # AMD debugger API support. AC_ARG_WITH([amd-dbgapi], diff --git a/gdb/configure.reader b/gdb/configure.reader new file mode 100644 index 00000000000..745e38fc931 --- /dev/null +++ b/gdb/configure.reader @@ -0,0 +1,51 @@ +# Copyright (C) 2024 Free Software Foundation, Inc. +# +# This file is part of GDB. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +# This file is used to decide which files need to be compiled to support +# a given reader + +case $reader in + coff-pe) READER_OBS="$READER_OBS coff-pe-read.o";; + + xcoff) READER_OBS="$READER_OBS xcoffread.o" ;; + + coff) READER_OBS="$READER_OBS coffread.o" ;; + + ctf) READER_OBS="$READER_OBS ctfread.o" ;; + + dbx) READER_OBS="$READER_OBS dbxread.o" ;; + + dwarf) READER_OBS="$READER_OBS dwarf2/abbrev.o dwarf2/abbrev-cache.o \ + dwarf2/ada-imported.o dwarf2/aranges.o \ + dwarf2/attribute.o dwarf2/comp-unit-head.o \ + dwarf2/cooked-index.o dwarf2/cu.o dwarf2/die.o \ + dwarf2/dwz.o dwarf2/expr.o dwarf2/frame.o \ + dwarf2/frame-tailcall.o dwarf2/index-cache.o \ + dwarf2/index-common.o dwarf2/index-write.o \ + dwarf2/leb.o dwarf2/line-header.o dwarf2/loc.o \ + dwarf2/macro.o dwarf2/read.o dwarf2/section.o \ + dwarf2/read-debug-names.o dwarf2/read-gdb-index.o \ + dwarf2/stringify.o" ;; + + mdebug) READER_OBS="$READER_OBS mdebugread.o" ;; + + mips) READER_OBS="$READER_OBS mipsread.o" ;; + + stabs) READER_OBS="$READER_OBS stabsread.o" ;; + + all) ;; +esac