• R/O
  • SSH
  • HTTPS

akari: 提交


Commit MetaInfo

修訂688 (tree)
時間2022-09-10 00:24:05
作者kumaneko

Log Message

(empty log message)

Change Summary

差異

--- branches/kportreserve/probe.c (revision 687)
+++ branches/kportreserve/probe.c (revision 688)
@@ -996,3 +996,19 @@
996996 }
997997
998998 #endif
999+
1000+#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 8, 0)
1001+
1002+/**
1003+ * probe_copy_to_kernel_nofault - Find address of "copy_to_kernel_nofault()".
1004+ *
1005+ * Returns address of copy_to_kernel_nofault() on success, NULL otherwise.
1006+ */
1007+void * __init probe_copy_to_kernel_nofault(void)
1008+{
1009+ void *ptr = probe_find_symbol(" copy_to_kernel_nofault\n");
1010+
1011+ return check_function_address(ptr, "copy_to_kernel_nofault");
1012+}
1013+
1014+#endif
--- branches/kportreserve/probe.h (revision 687)
+++ branches/kportreserve/probe.h (revision 688)
@@ -57,3 +57,7 @@
5757 #else
5858 void * __init probe_d_absolute_path(void);
5959 #endif
60+
61+#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 8, 0)
62+void * __init probe_copy_to_kernel_nofault(void);
63+#endif
--- branches/tasktracker/probe.c (revision 687)
+++ branches/tasktracker/probe.c (revision 688)
@@ -996,3 +996,19 @@
996996 }
997997
998998 #endif
999+
1000+#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 8, 0)
1001+
1002+/**
1003+ * probe_copy_to_kernel_nofault - Find address of "copy_to_kernel_nofault()".
1004+ *
1005+ * Returns address of copy_to_kernel_nofault() on success, NULL otherwise.
1006+ */
1007+void * __init probe_copy_to_kernel_nofault(void)
1008+{
1009+ void *ptr = probe_find_symbol(" copy_to_kernel_nofault\n");
1010+
1011+ return check_function_address(ptr, "copy_to_kernel_nofault");
1012+}
1013+
1014+#endif
--- branches/tasktracker/probe.h (revision 687)
+++ branches/tasktracker/probe.h (revision 688)
@@ -57,3 +57,7 @@
5757 #else
5858 void * __init probe_d_absolute_path(void);
5959 #endif
60+
61+#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 8, 0)
62+void * __init probe_copy_to_kernel_nofault(void);
63+#endif
--- trunk/akari/lsm-4.12.c (revision 687)
+++ trunk/akari/lsm-4.12.c (revision 688)
@@ -38,6 +38,10 @@
3838 static union security_list_options original_task_alloc;
3939 static union security_list_options original_task_free;
4040
41+#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 8, 0)
42+long (*my_copy_to_kernel_nofault) (void *dst, const void *src, size_t size);
43+#endif
44+
4145 #ifdef CONFIG_AKARI_TRACE_EXECVE_COUNT
4246
4347 /**
@@ -1165,11 +1169,14 @@
11651169 {
11661170 int i;
11671171 #if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 17, 0)
1168-#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 8, 0)
11691172 struct hlist_head *list = &hooks->capable;
11701173
1174+#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 8, 0)
11711175 if (!probe_kernel_write(list, list, sizeof(void *)))
11721176 return true;
1177+#else
1178+ if (!my_copy_to_kernel_nofault(list, list, sizeof(void *)))
1179+ return true;
11731180 #endif
11741181 for (i = 0; i < ARRAY_SIZE(akari_hooks); i++) {
11751182 struct hlist_head *head = akari_hooks[i].head;
@@ -1211,7 +1218,11 @@
12111218 struct list_head *list = &hooks->capable;
12121219 #endif
12131220
1221+#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 8, 0)
12141222 return !probe_kernel_write(list, list, sizeof(void *));
1223+#else
1224+ return !my_copy_to_kernel_nofault(list, list, sizeof(void *));
1225+#endif
12151226 }
12161227 #endif
12171228 #endif
@@ -1231,6 +1242,11 @@
12311242 akari_hooks[idx].head = ((void *) hooks)
12321243 + ((unsigned long) akari_hooks[idx].head)
12331244 - ((unsigned long) &probe_dummy_security_hook_heads);
1245+#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 8, 0)
1246+ my_copy_to_kernel_nofault = probe_copy_to_kernel_nofault();
1247+ if (!my_copy_to_kernel_nofault)
1248+ goto out;
1249+#endif
12341250 #if defined(NEED_TO_CHECK_HOOKS_ARE_WRITABLE)
12351251 if (!check_ro_pages(hooks)) {
12361252 printk(KERN_INFO "Can't update security_hook_heads due to write protected. Retry with rodata=0 kernel command line option added.\n");
--- trunk/akari/probe.c (revision 687)
+++ trunk/akari/probe.c (revision 688)
@@ -996,3 +996,19 @@
996996 }
997997
998998 #endif
999+
1000+#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 8, 0)
1001+
1002+/**
1003+ * probe_copy_to_kernel_nofault - Find address of "copy_to_kernel_nofault()".
1004+ *
1005+ * Returns address of copy_to_kernel_nofault() on success, NULL otherwise.
1006+ */
1007+void * __init probe_copy_to_kernel_nofault(void)
1008+{
1009+ void *ptr = probe_find_symbol(" copy_to_kernel_nofault\n");
1010+
1011+ return check_function_address(ptr, "copy_to_kernel_nofault");
1012+}
1013+
1014+#endif
--- trunk/akari/probe.h (revision 687)
+++ trunk/akari/probe.h (revision 688)
@@ -57,3 +57,7 @@
5757 #else
5858 void * __init probe_d_absolute_path(void);
5959 #endif
60+
61+#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 8, 0)
62+void * __init probe_copy_to_kernel_nofault(void);
63+#endif
--- trunk/akari/test.c (revision 687)
+++ trunk/akari/test.c (revision 688)
@@ -51,6 +51,12 @@
5151 goto out;
5252 printk(KERN_INFO "d_absolute_path=%lx\n", (unsigned long) ptr);
5353 #endif
54+#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 8, 0)
55+ ptr = probe_copy_to_kernel_nofault();
56+ if (!ptr)
57+ goto out;
58+ printk(KERN_INFO "copy_to_kernel_nofault=%lx\n", (unsigned long) ptr);
59+#endif
5460 printk(KERN_INFO "All dependent symbols have been guessed.\n");
5561 printk(KERN_INFO "Please verify these addresses using System.map for this kernel (e.g. /boot/System.map-`uname -r` ).\n");
5662 printk(KERN_INFO "If these addresses are correct, you can try loading AKARI module on this kernel.\n");
Show on old repository browser