[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 27 Nov 2019 20:37:24 +0100
From: Michael de Lang <kingoipo@...il.com>
To: lkrg-users@...ts.openwall.com
Subject: Re: lkrg-0.7 implicit declaration of 'stack_trace_print'
Hey,
I did compile my own kernel, yes. I can give you the config file if
that would make it easier.
The output is as follows:
$ cat /proc/kallsyms|grep -i execve
0000000000000000 t audit_log_execve_info
0000000000000000 t __do_execve_file.isra.0
0000000000000000 T do_execve_file
0000000000000000 T do_execve
0000000000000000 T do_execveat
0000000000000000 T __x64_sys_execve
0000000000000000 T __ia32_sys_execve
0000000000000000 T __x64_sys_execveat
0000000000000000 T __ia32_sys_execveat
0000000000000000 T __ia32_compat_sys_execve
0000000000000000 T __x32_compat_sys_execve
0000000000000000 T __ia32_compat_sys_execveat
0000000000000000 T __x32_compat_sys_execveat
Met vriendelijke groet,
Michael de Lang
On Wed, 27 Nov 2019 at 20:35, Adam Zabrocki <pi3@....com.pl> wrote:
>
> Hi,
>
> It looks like LKRG can't find function execve in the kernel. Do you have some
> kind of non-standard kernel compilation? Can you show me the output of the
> command:
>
> cat /proc/kallsyms|grep -i execve
>
> Thanks,
> Adam
>
>
> On Wed, Nov 27, 2019 at 08:31:46PM +0100, Michael de Lang wrote:
> > Hey Adam,
> >
> > Thanks! It seems to compile now, but now I get the following error
> > message when trying to start it with systemctl. Am I missing another
> > kernel feature perhaps?
> >
> > nov 27 20:29:26 oipo systemd[1]: Starting Linux Kernel Runtime Guard...
> > -- Subject: A start job for unit lkrg.service has begun execution
> > -- Defined-By: systemd
> > -- Support: http://www.ubuntu.com/support
> > --
> > -- A start job for unit lkrg.service has begun execution.
> > --
> > -- The job identifier is 4822.
> > nov 27 20:29:26 oipo kernel: [p_lkrg] Loading LKRG...
> > nov 27 20:29:26 oipo kernel: Freezing user space processes ...
> > (elapsed 0.007 seconds) done.
> > nov 27 20:29:26 oipo kernel: OOM killer disabled.
> > nov 27 20:29:26 oipo kernel: [p_lkrg] Verifying 21 potential UMH paths
> > for whitelisting...
> > nov 27 20:29:26 oipo kernel: [p_lkrg] 5 UMH paths were whitelisted...
> > nov 27 20:29:26 oipo kernel: [p_lkrg] [kretprobe] register_kretprobe()
> > for <__x64_sys_execve> failed! [err=-38]
> > nov 27 20:29:26 oipo kernel: [p_lkrg] ERROR: Can't hook execve syscall :(
> > nov 27 20:29:26 oipo kernel: [p_lkrg] Can't initialize exploit
> > detection features! Exiting...
> > nov 27 20:29:26 oipo kernel: OOM killer enabled.
> > nov 27 20:29:26 oipo kernel: Restarting tasks ... done.
> > nov 27 20:29:26 oipo modprobe[27242]: modprobe: ERROR: could not
> > insert 'p_lkrg': No buffer space available
> > nov 27 20:29:26 oipo systemd[1]: lkrg.service: Control process exited,
> > code=exited, status=1/FAILURE
> >
> >
> > Met vriendelijke groet,
> > Michael de Lang
> >
> > Met vriendelijke groet,
> > Michael de Lang
> >
> >
> > On Wed, 27 Nov 2019 at 20:15, Adam Zabrocki <pi3@....com.pl> wrote:
> > >
> > > Hi,
> > >
> > > I've just pushed a new commit which should address this issue. LKRG should be
> > > able to compile and run on the kernels without CONFIG_STACKTRACE:
> > >
> > > https://bitbucket.org/Adam_pi3/lkrg-main/commits/196266c5eda079022f3876fa625089a7063269ef
> > >
> > > Thanks,
> > > Adam
> > >
> > > On Sat, Nov 23, 2019 at 06:44:25AM +0100, Adam Zabrocki wrote:
> > > > Hi,
> > > >
> > > > I believe your kernel might not be compiled with CONFIG_STACKTRACE option. This
> > > > specific call is sueful for debugging purpose and it is not critical. It is
> > > > recommended to have kernel compiled with CONFIG_STACKTRACE however as a
> > > > temporary fix you might just comment call to this function.
> > > >
> > > > Thanks,
> > > > Adam
> > > >
> > > > On Thu, Nov 21, 2019 at 07:38:48PM +0100, Michael de Lang wrote:
> > > > > Hello,
> > > > >
> > > > > When compiling lkrg-0.7 on ubuntu 19.10 and kernel 5.40-rc7 I get the
> > > > > following error:
> > > > >
> > > > > $ make
> > > > > make -C /lib/modules/5.4.0-rc7-custom/build M=/home/oipo/Downloads/lkrg-0.7
> > > > > modules
> > > > > make[1]: Entering directory '/usr/src/linux-headers-5.4.0-rc7-custom'
> > > > > CC [M]
> > > > > /home/oipo/Downloads/lkrg-0.7/src/modules/exploit_detection/p_exploit_detection.o
> > > > > /home/oipo/Downloads/lkrg-0.7/src/modules/exploit_detection/p_exploit_detection.c:
> > > > > In function ???p_ed_enforce_pcfi???:
> > > > > /home/oipo/Downloads/lkrg-0.7/src/modules/exploit_detection/p_exploit_detection.c:1092:7:
> > > > > error: implicit declaration of function ???stack_trace_print???; did you mean
> > > > > ???acpi_trace_point???? [-Werror=implicit-function-declaration]
> > > > > 1092 | stack_trace_print(p_trace.entries, p_trace.nr_entries, 0);
> > > > > | ^~~~~~~~~~~~~~~~~
> > > > > | acpi_trace_point
> > > > > cc1: some warnings being treated as errors
> > > > > make[2]: *** [scripts/Makefile.build:266:
> > > > > /home/oipo/Downloads/lkrg-0.7/src/modules/exploit_detection/p_exploit_detection.o]
> > > > > Error 1
> > > > > make[1]: *** [Makefile:1652: /home/oipo/Downloads/lkrg-0.7] Error 2
> > > > > make[1]: Leaving directory '/usr/src/linux-headers-5.4.0-rc7-custom'
> > > > > make: *** [Makefile:91: all] Error 2
> > > > >
> > > > > including linux/ftrace did not seem to resolve this.
> > > > >
> > > > > Met vriendelijke groet,
> > > > > Michael de Lang
> > > >
> > > > --
> > > > pi3 (pi3ki31ny) - pi3 (at) itsec pl
> > > > http://pi3.com.pl
> > > >
> > >
> > > --
> > > pi3 (pi3ki31ny) - pi3 (at) itsec pl
> > > http://pi3.com.pl
> > >
>
> --
> pi3 (pi3ki31ny) - pi3 (at) itsec pl
> http://pi3.com.pl
>
Powered by blists - more mailing lists
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
