Linux – How to know which files will be included in a linux kernel before I build it

compilingkernellinuxSecurity

I am working on a project that includes building an old kernel version of linux. This is fine, but I still need to patch the kernel of all previously found security vulnerabilities based on CVEs. I have the CVEs and have extracted the names of the vulnerable files mentioned in them, along with the kernel versions it affects.

So far, I have found about 150 potential vulnerabilities that could affect my build, but obviously some of them affect files relevant to graphics drivers that I don't use. So far, I have just gone through the list manually, checking if the files are included by using make menuconfig, and cating Kconfig in relevant folders. This has worked alright so far, but these methods don't show the actual file names (e.g. ipc/sem.c) so it takes more work than necessary.

Ideally, I would like to somehow print a list of all the files that will be included in my build, and then just write a script to check if vulnerable files are included.

How can I find the names of ever source file (e.g. ipc/sem.c) that will be included in my build?

Best Answer

Do the build, then list the .o files. I think every .c or .S file that takes part in the build is compiled into a .o file with a corresponding name. This won't tell you if a security issue required a fix in a header file that's included in the build.

make vmlinux modules
find -name '*.o' -exec sh -c '
    for f; do for x in c S; do [ -e "${f%.o}.$x" ] && echo "${f%.o}.$x"; done; done
' _ {} +

A more precise method is to put the sources on a filesystem where access times are stored, and do the build. Files whose access time is not updated by the build were not used in this build.

touch start.stamp
make vmlinux modules
find -type f -anewer start.stamp

Related Solutions

Linux – How to Generate Initramfs Image with Busybox Links

It's not the kernel that's generating the initramfs, it's cpio. So what you're really looking for is a way to build a cpio archive that contains devices, symbolic links, etc.

Your method 2 uses usr/gen_init_cpio in the kernel source tree to build the cpio archive during the kernel build. That's indeed a good way of building a cpio archive without having to populate the local filesystem first (which would require being root to create all the devices, or using fakeroot or a FUSE filesystem which I'm not sure has been written already).

All you're missing is generating the input file to gen_init_cpio as a build step. E.g. in shell:

INITRAMFS_SOURCE_DIR=/home/brandon/rascal-initramfs
exec >initramfs_source.txt
echo "dir /bin 755 0 0"
echo "file /bin/busybox $INITRAMFS_SOURCE_DIR/bin/busybox 755 0 0"
for x in sh ls cp …; do echo "slink /bin/$x busybox 777 0 0" done
# etc …

If you want to reflect the symbolic links to busybox that are present in your build tree, here's a way (I assume you're building on Linux):

( cd "$INITRAMFS_SOURCE_DIR/bin" &&
  for x in *; do
    if [ "$(readlink "$x")" = busybox ]; then
      echo "slink /bin/$x busybox 777 0 0"
    fi
  done )

Here's a way to copy all your symbolic links:

find "$INITRAMFS_SOURCE_DIR" -type l -printf 'slink %p %l 777 0 0\n'

For busybox, maybe your build tree doesn't have the symlinks, and instead you want to create one for every utility that you've compiled in. The simplest way I can think of is to look through your busybox build tree for .*.o.cmd files: there's one per generated command.

find /path/to/busybox/build/tree -name '.*.cmd' -exec sh -c '
    for x; do
      x=${x##*/.}
      echo "slink /bin/${x%%.*} busybox 777 0 0"
    done
' _ {} +

Linux – Find out which kernel source files were used when kernel was compiled

Compiling my comment as answer:

Run the following command on one shell. You can make a shell script of it or demonize with the -d option.

inotifywait -m -r -e open --format '%f' /kernel_sources/directory/in_use/ -o /home/user/kernel_build.log

On other shell, execute make
The log file /home/user/kernel_build.log will have a list of the files that have been opened(read operation) during the build process.

Best Answer

Related Solutions

Linux – How to Generate Initramfs Image with Busybox Links

Linux – Find out which kernel source files were used when kernel was compiled

Related Question