On Sat, Jan 19, 2019 at 11:27 AM Joel Fernandes <joel@xxxxxxxxxxxxxxxxx> wrote: > > On Sat, Jan 19, 2019 at 09:25:32AM +0100, Greg KH wrote: > > On Fri, Jan 18, 2019 at 05:55:43PM -0500, Joel Fernandes wrote: > > > --- /dev/null > > > +++ b/kernel/kheaders.c Thanks a ton for this work. It'll make it much easier to do cool things with BPF. One question: I can imagine wanting to probe structures that are defined, not in headers, but in random implementation files. Would it be possible to optionally include *all* kernel source files? If not, what about a hash, so we could at least do precise correlation between a candidate local tree and what's actually on device? BTW, I'm not sure that the magic constants you've defined are long enough. I'd feel more comfortable with two UUIDs (16 bytes each). I'd also strongly consider LZMA compression: xz -9 on the kernel headers (with comments) brings the size down to 5MB, compared to the 7MB I get for gzip -9. Considering that this feature is optional, I think it's okay to introduce a dependency on widespread modern compression tools. (For comparison, bzip2 -9 gets us 6MB.)
