An In-Kernel x86 Disassembler For Linux Kernel
Patches for an x86 disassembler for the Linux kernel have been proposed. An in-kernel disassembler could prove useful for developers in cases of kernel panics and other happenings.
Masami Hiramatsu, the developer behind this x86 disassembler patch-set writes on the mailing list, "Here is a series of patches of the in-kernel x86 disassembler for the latest tip tree. This will show you a pretty disassembled code instead of just a digital code sequence when you gets a kernel panic etc. (I know, we also have script/decodecode for the panic use) This feature is not for users, but mainly for kernel developers who can understand disassembly code of x86 ;)."
This implementation provides a debugfs-based disassembler interface to disassemble a running Linux kernel, panic dumps show disassembly code instead of the instruction byte stream (a more human-friendly report to debug), a disassemble command for the KDB kernel debugger, and a user-land disassembly tool.
Right now though only common x86 instructions are supported but not items like SEE, MMX, and AVX.
Ingo Molnar has already responded with some feedback and ideas, including the idea of now introducing a built-in x86 assembler for the Linux kernel. "Another very interesting usecase would be to invert it and create a simpler parser and an in-kernel *assembler*: a GAS replacement in essence. We could build the kernel using its own assembler. That could also be used for safe sandboxing: the disassembler could be combined with the assembler to ensure that binary code submitted to the kernel is 'safe' to execute - even in kernel-space. A sha1 hash could be used to cache already checked, 'safe' modules of code."
It's now past the Linux 3.4 kernel merge window but this disassembler could be a potential feature for the Linux 3.5 kernel.
Masami Hiramatsu, the developer behind this x86 disassembler patch-set writes on the mailing list, "Here is a series of patches of the in-kernel x86 disassembler for the latest tip tree. This will show you a pretty disassembled code instead of just a digital code sequence when you gets a kernel panic etc. (I know, we also have script/decodecode for the panic use) This feature is not for users, but mainly for kernel developers who can understand disassembly code of x86 ;)."
This implementation provides a debugfs-based disassembler interface to disassemble a running Linux kernel, panic dumps show disassembly code instead of the instruction byte stream (a more human-friendly report to debug), a disassemble command for the KDB kernel debugger, and a user-land disassembly tool.
Right now though only common x86 instructions are supported but not items like SEE, MMX, and AVX.
Ingo Molnar has already responded with some feedback and ideas, including the idea of now introducing a built-in x86 assembler for the Linux kernel. "Another very interesting usecase would be to invert it and create a simpler parser and an in-kernel *assembler*: a GAS replacement in essence. We could build the kernel using its own assembler. That could also be used for safe sandboxing: the disassembler could be combined with the assembler to ensure that binary code submitted to the kernel is 'safe' to execute - even in kernel-space. A sha1 hash could be used to cache already checked, 'safe' modules of code."
It's now past the Linux 3.4 kernel merge window but this disassembler could be a potential feature for the Linux 3.5 kernel.
11 Comments