How are the knowledge-v*.json files generated?

[adrianherrera]

Hi there! Really great paper.

I wanted to understand how config/knowledge-5.12.json and config/knowledge-6.1.json are generated. How would I make new knowledge files if I wanted to port to other kernel versions? Are these automatically generated or manually written?

Any pointers would be greatly appreciated!

[ZHYfeng]

Hi,

Those files currently are generated manually.

In most case, the knowledge is not changed. For example, 5.12 works for most 5.x versions.
You can test the knowledge file first on your target version. If it does not work well, some manually efforts are needed.

If you are working on latest Linux kernel and find the knowledge can not work well, you can open a issue for that and I can help when I am available.

In fact, I was trying to develop a tool to automatically update those files but I have not finished the tool.

[adrianherrera]

Cool! Thanks for the reply. Currently, I am using a combination of grep on the .ll file (disassembled llvm) and weggli on the C source to check if anything is different with my target. I have found some slight differences in offsets, but more automation would be very helpful! Happy to help out and test if needed :)

[adrianherrera]

Btw,

You can test the knowledge file first on your target version. If it does not work well, some manually efforts are needed.

How do you "test" this? Do you just look out the output syscall descriptors and check if they look reasonable?

[ZHYfeng]

How do you "test" this? Do you just look out the output syscall descriptors and check if they look reasonable?

Yes.