Linux rise in rizin: SLUB dumping, Kernel build configuration

[rockrid3r]

DO NOT MERGE IT'S STILL UNTESTED

• There is no legitimate way to test the functionality now. I will tell you later why exactly.
• Firstly the rizin is slow and OOMs when using large ELF with debug symbols (vmlinux) #4385 should improve

Addresses #4257

SLUB dumping

• Dumping of lockless freelist
• Dumping of other freelists: regular(locking), partial, node freelist
• Handle different kernel version & .config configuration
• Add integration tests(is not suitable)

Vmlinux(TODO: Separate PR)

• Add support to rebase kernel binary (KASLR)
• Add unit tests

Kernel version handling

• Use 6.7 kernel as default kernel version
• Add flag to change kernel version: -e linux.version=5.6.11
• Add rizin shell command to change kernel version.
• Add tests

Kernel configuration handling

• Add defconfig configuration file. It will contain all the default flags used while building kernel.
  It will be the presumed kernel configuration if user does not supply more. (User should set it up in ~/.config/rizin/defconfig)
• Add CLI flag to support user-supplied kernel build configuration flags. For example, this:

rizin vmlinux --add-vmlinux-flag CONFIG_FREELIST_RANDOM=y

should open vmlinux file and handle the fact that kernel was built with configuration defconfig + CONFIG_FREELIST_RANDOM=y

• Add rizin shell command user-supplied configuration: > set_config CONFIG_FREELIST_RANDOM=y (same as before, but in shell)
• Accept user-supplied config file. For example, this:

rizin vmlinux -e linux.config=.config

implies that rizing will use .config instead of defconfig.

• Add unit tests & integration tests

Basic checklist

• I've read the guidelines for contributing to this repository
• I made sure to follow the project's coding style
• I've documented or updated the documentation of every function and struct this PR changes. If not so I've explained why.
• I've added tests that prove my fix is effective or that my feature works (if possible)
• I've updated the rizin book with the relevant information (if needed)

[rockrid3r]

The PR is very far from over.

• Buggy.
• Has hardcoded member offsets.
• Does not process kernel build configuration .config
• Does not reflect Linux Kernel version
• etc.

Will add todo later.
All comments are appreciated.

[ret2libc]

Maybe I'm wrong but can't we just do the following?

Suggested change

	#define call_handler(fun, ...) \
	{ \
	if (core->rasm->bits == 64) { \
	return fun##_64(core, ##__VA_ARGS__); \
	} else { \
	return fun##_32(core, ##__VA_ARGS__); \
	} \
	}
	RZ_IPI RzCmdStatus rz_cmd_debug_slub_dump_freelist_handler(RzCore *core, int argc, const char **argv, RzCmdStateOutput *output_state) {
	call_handler(rz_cmd_debug_slub_dump_freelist_handler, argc, argv, output_state);
	}
	RZ_IPI RzCmdStatus rz_cmd_debug_slub_dump_freelist_handler(RzCore *core, int argc, const char **argv, RzCmdStateOutput *output_state) {
	if (core->rasm->bits == 64) {
	return rz_cmd_debug_slub_dump_freelist_handler_64(core, argc, argv, output_state);
	} else {
	return rz_cmd_debug_slub_dump_freelist_handler_32(core, argc, argv, output_state);
	}
	}

[rockrid3r]

I will add more functions. Macro will come in handy.
See librz/core/cmd/cmd_linux_heap_glibc.c

[ret2libc]

are these dwarf changes related to the linux heap changes?

[rockrid3r]

Nope, all the dwarf changes are for the sake of debugging the functionality.
I will remove them as soon as I am finished.

It speeds up rizin startup: takes 1 minute instead of 10+.

[ret2libc]

If you can, please split them in a separate PR that we can merge sooner then! It would be great to have such an improvement :)

[XVilka]

But only if it's general enough, currently it just skips everything except specific file. cc @imbillow

[rockrid3r]

@ret2libc of course it's not a problem for me. But you probably don't want to have it.
It's not an optimization. @XVilka is right, it just skips everything.

[ret2libc]

Thanks @rockrid3r ! Please also add a short description of what you are trying to achieve so people reviewing know immediately and a better title for the PR

[rockrid3r]

Thanks @rockrid3r ! Please also add a short description of what you are trying to achieve so people reviewing know immediately and a better title for the PR

My bad. I've pinned the issue link and changed PR title.

[rockrid3r]

Currently PR is in much better state. It's almost ready for merge.

• Code is clean. No debug output.
• Uses struct offsets from dwarf (not hardcoded)
• Does processes kernel configuration
• Does processes kernel version

Only tests are left.

[wargio]

maybe before parsing, you should check if the string is empty and if the file exists.

[rockrid3r]

Hello. I am verifying it inside the function vmlinux_parse_apply_config_file

[wargio]

Suggested change

	RZ_LOG_INFO("Parsingconfig file '%s'\n", apply_config_file);
	RZ_LOG_INFO("Parsing config file '%s'\n", apply_config_file);

[rockrid3r]

fixed, thanks

[rockrid3r]

I've added basic tests for version handler and configuration handler

[XVilka]

I've added basic tests for version handler and configuration handler

There are merge conflicts, please rebase and solve them.

[XVilka]

@wargio @thestr4ng3r @ret2libc @Rot127 please take a look too, mostly at where things are located architecturally.

[XVilka]

Broken indentation

[rockrid3r]

ran clang-format

[XVilka]

1. SPDX
2. Doxygen comments for added structures and the purpose of this file

[wargio]

please don't use #pragma once but use proper #ifndef XXX #define XXX also add the c++ guards.

[rockrid3r]

added doxygen & spdx. usnig #ifndef now.

[rockrid3r]

@wargio could you please elaborate more on c++ guards? what should be added?

[XVilka]

I am not particularly happy about adding the vmlinux config directly in the RzAnalysis; honestly, it looks out of place. @wargio @ret2libc @Rot127 @thestr4ng3r any ideas?

[Rot127]

The proper way would be to have it in it's own plugin IMHO. Because the logic is very much contained. But it is good how it is currently. Wouldn't know a place where the config fits else.
Added it #4334 as code which should be move to it's own plugin after refactoring. Please remove it if you disagree.

[wargio]

i wonder if this should be a bin+io plugin with, like we have for dmp

[XVilka]

Doxygen for every new or changed RZ_API function except obvious ones like _free()

[rockrid3r]

added doxygen.

[XVilka]

If you add assert, please also add attributes like RZ_NONNULL

[wargio]

also add rz_ prefix for any new functionality that is RZ_API

[rockrid3r]

added both prefix and NONNULL

[XVilka]

RZ_NULLABLE

[rockrid3r]

ok

[XVilka]

SPDX and Doxygen for file description

[rockrid3r]

added.

[XVilka]

SPDX

[rockrid3r]

ok

[XVilka]

2024

[rockrid3r]

ok.

[XVilka]

Wrong SPDX, put yours

[rockrid3r]

fixed, thanks.

[Rot127]

Please put your copyright here.

[rockrid3r]

fixed, thanks.

[Rot127]

Please, remove debug code when done.

[rockrid3r]

fixed, thanks.

[Rot127]

Looked briefly. And in general LGTM. Please though, resolve comments from @XVilka. Especially the doxygen is important.
If you find the time it would be nice, if you could quickly run the unittest with valgrind --leak-check=full.