Date: Tue, 9 Jun 2020 09:13:51 +0200 From: Jacek <wampir990@...il.com> To: lkrg-users@...ts.openwall.com Subject: Re: RE: Please also share your .config file. HI Partial success ;) I changed the name of the ttwu_do_wakeup function to ttwu_do_wakeup.isra.0 in file: LKRG-main / src / modules / exploit_detection / syscalls / p_ttwu_do_wakeup / p_ttwu_do_wakeup.c and the module is built and loading. I don't know yet if it works properly, in any case nothing exploded. xD modprobe -v p_lkrg smep_enforce=1 insmod /lib/modules/5.7.1-g2/extra/p_lkrg.ko smep_enforce=1 Dmesg after loading: 24800.276104] [p_lkrg] Loading LKRG... [24800.276107] [p_lkrg] System does NOT support SMAP. LKRG can't enforce SMAP validation :( [24800.288409] Freezing user space processes ... (elapsed 0.002 seconds) done. [24800.291377] OOM killer disabled. [24800.291405] [p_lkrg] 4/23 UMH paths were whitelisted... [24805.094183] [p_lkrg] LKRG initialized successfully! [24805.094186] OOM killer enabled. [24805.094186] Restarting tasks ... done. Thanks W dniu 09.06.2020 o 05:20, Adam Zabrocki pisze: > Hi, > > So my presumptions was right. Second part of my previous message applies and > you can use temporary workaround: > > https://www.openwall.com/lists/lkrg-users/2020/06/08/4 > > Thanks, > Adam > > On Tue, Jun 09, 2020 at 02:07:08AM +0200, Jacek wrote: >> Hi >> >> Linux domek 5.7.1-g2 #1 SMP PREEMPT Mon Jun 8 10:17:00 CEST 2020 x86_64 >> Intel(R) Core(TM) i5-4590S CPU @ 3.00GHz GenuineIntel GNU/Linux >> # root ~> cat /proc/kallsyms |grep ttwu_do_wakeup >> ffffffffb5dcf350 t ttwu_do_wakeup.isra.0 >> >>> As you can see this function is normally visible in all kernels (including >>> 5.7). >>> Please also share your .config file. >> The same configuration as in kernel 5.7.0 in this message: >> >> https://www.openwall.com/lists/lkrg-users/2020/06/08/1 >> >> Current - linux-5.7.1 - gentoo-sources-5.7.1 >> >> Linux version 5.7.1-g2 (root@...ek) (gcc version 9.3.0 (Gentoo Hardened >> 9.3.0 p2), GNU ld (Gentoo 2.33.1 p2) 2.33.1) >> >> patches from Gentoo: https://pastebin.com/uYBXBkhf >> >> patches locally: >> >> 001_v3_jump_label-_Provide_CONFIG-driven_build_state.patch >> 002_v3_init_on_alloc-_Unpessimize_default-on_builds.patch >> 003_v3_stack-_Optionally_randomize_kernel_stack_offset_each_syscall.patch >> 004_v3_x86_entry-_Enable_random_kstack_offset_support.patch >> 005_v3_arm64-_entry-_Enable_random_kstack_offset_support.patch >> (Mikhail Morfikov uses the same patches, I have these patches from him ) >> >> zcat /proc/config.gz: >> >> https://pastebin.com/raw/0xmig8sW >> >> >> ### <lkrg-users@...ts.openwall.com>: >> ### ezmlm-reject: fatal: Sorry, I don't accept messages larger than >> 204800 bytes (#5.2.3) >> >> >> () >> >> Thanks >> >> Jacek >> >> >> W dniu 08.06.2020 o 22:55, Adam Zabrocki pisze: >>> Hi, >>> >>> I believe I've replied to your private email which you've sent to me. >>> However, I'm pasting it here as well: >>> >>> --- CUT --- >>> Hi, >>> >>> It looks like you have very non-standard kernel. LKRG can't find the >>> function >>> "ttwu_do_wakeup" (which is not normal). You can manually verify >>> availability of >>> that symbol by running the following command: >>> >>> # uname -a >>> Linux pi3 5.7.0-050700-generic #202005312130 SMP Mon Jun 1 01:33:12 >>> UTC 2020 x86_64 x86_64 x86_64 GNU/Linux >>> # cat /proc/kallsyms |grep ttwu_do_wakeup >>> ffffffff912ddd50 t ttwu_do_wakeup >>> # >>> >>> As you can see this function is normally visible in all kernels >>> (including 5.7). >>> Please also share your .config file. >>> >>> Thanks, >>> Adam > > > Download attachment "signature.asc" of type "application/pgp-signature" (229 bytes)
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.