OSDN > 浏览软件 > System > Operating System Kernels > Linux > AKARI > SCM > SVN > 提交

AKARI

akari: 提交

(empty log message)

--- branches/kportreserve/probe.c (revision 687)

+++ branches/kportreserve/probe.c (revision 688)

		@@ -996,3 +996,19 @@
996	996	}
997	997
998	998	#endif
	999	+
	1000	+#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 8, 0)
	1001	+
	1002	+/**
	1003	+ * probe_copy_to_kernel_nofault - Find address of "copy_to_kernel_nofault()".
	1004	+ *
	1005	+ * Returns address of copy_to_kernel_nofault() on success, NULL otherwise.
	1006	+ */
	1007	+void * __init probe_copy_to_kernel_nofault(void)
	1008	+{
	1009	+ void *ptr = probe_find_symbol(" copy_to_kernel_nofault\n");
	1010	+
	1011	+ return check_function_address(ptr, "copy_to_kernel_nofault");
	1012	+}
	1013	+
	1014	+#endif

--- branches/kportreserve/probe.h (revision 687)

+++ branches/kportreserve/probe.h (revision 688)

		@@ -57,3 +57,7 @@
57	57	#else
58	58	void * __init probe_d_absolute_path(void);
59	59	#endif
	60	+
	61	+#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 8, 0)
	62	+void * __init probe_copy_to_kernel_nofault(void);
	63	+#endif

--- branches/tasktracker/probe.c (revision 687)

+++ branches/tasktracker/probe.c (revision 688)

		@@ -996,3 +996,19 @@
996	996	}
997	997
998	998	#endif
	999	+
	1000	+#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 8, 0)
	1001	+
	1002	+/**
	1003	+ * probe_copy_to_kernel_nofault - Find address of "copy_to_kernel_nofault()".
	1004	+ *
	1005	+ * Returns address of copy_to_kernel_nofault() on success, NULL otherwise.
	1006	+ */
	1007	+void * __init probe_copy_to_kernel_nofault(void)
	1008	+{
	1009	+ void *ptr = probe_find_symbol(" copy_to_kernel_nofault\n");
	1010	+
	1011	+ return check_function_address(ptr, "copy_to_kernel_nofault");
	1012	+}
	1013	+
	1014	+#endif

--- branches/tasktracker/probe.h (revision 687)

+++ branches/tasktracker/probe.h (revision 688)

		@@ -57,3 +57,7 @@
57	57	#else
58	58	void * __init probe_d_absolute_path(void);
59	59	#endif
	60	+
	61	+#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 8, 0)
	62	+void * __init probe_copy_to_kernel_nofault(void);
	63	+#endif

--- trunk/akari/lsm-4.12.c (revision 687)

+++ trunk/akari/lsm-4.12.c (revision 688)

		@@ -38,6 +38,10 @@
38	38	static union security_list_options original_task_alloc;
39	39	static union security_list_options original_task_free;
40	40
	41	+#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 8, 0)
	42	+long (my_copy_to_kernel_nofault) (void dst, const void *src, size_t size);
	43	+#endif
	44	+
41	45	#ifdef CONFIG_AKARI_TRACE_EXECVE_COUNT
42	46
43	47	/**

		@@ -1165,11 +1169,14 @@
1165	1169	{
1166	1170	int i;
1167	1171	#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 17, 0)
1168		-#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 8, 0)
1169	1172	struct hlist_head *list = &hooks->capable;
1170	1173
	1174	+#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 8, 0)
1171	1175	if (!probe_kernel_write(list, list, sizeof(void *)))
1172	1176	return true;
	1177	+#else
	1178	+ if (!my_copy_to_kernel_nofault(list, list, sizeof(void *)))
	1179	+ return true;
1173	1180	#endif
1174	1181	for (i = 0; i < ARRAY_SIZE(akari_hooks); i++) {
1175	1182	struct hlist_head *head = akari_hooks[i].head;

		@@ -1211,7 +1218,11 @@
1211	1218	struct list_head *list = &hooks->capable;
1212	1219	#endif
1213	1220
	1221	+#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 8, 0)
1214	1222	return !probe_kernel_write(list, list, sizeof(void *));
	1223	+#else
	1224	+ return !my_copy_to_kernel_nofault(list, list, sizeof(void *));
	1225	+#endif
1215	1226	}
1216	1227	#endif
1217	1228	#endif

		@@ -1231,6 +1242,11 @@
1231	1242	akari_hooks[idx].head = ((void *) hooks)
1232	1243	+ ((unsigned long) akari_hooks[idx].head)
1233	1244	- ((unsigned long) &probe_dummy_security_hook_heads);
	1245	+#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 8, 0)
	1246	+ my_copy_to_kernel_nofault = probe_copy_to_kernel_nofault();
	1247	+ if (!my_copy_to_kernel_nofault)
	1248	+ goto out;
	1249	+#endif
1234	1250	#if defined(NEED_TO_CHECK_HOOKS_ARE_WRITABLE)
1235	1251	if (!check_ro_pages(hooks)) {
1236	1252	printk(KERN_INFO "Can't update security_hook_heads due to write protected. Retry with rodata=0 kernel command line option added.\n");

--- trunk/akari/probe.c (revision 687)

+++ trunk/akari/probe.c (revision 688)

		@@ -996,3 +996,19 @@
996	996	}
997	997
998	998	#endif
	999	+
	1000	+#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 8, 0)
	1001	+
	1002	+/**
	1003	+ * probe_copy_to_kernel_nofault - Find address of "copy_to_kernel_nofault()".
	1004	+ *
	1005	+ * Returns address of copy_to_kernel_nofault() on success, NULL otherwise.
	1006	+ */
	1007	+void * __init probe_copy_to_kernel_nofault(void)
	1008	+{
	1009	+ void *ptr = probe_find_symbol(" copy_to_kernel_nofault\n");
	1010	+
	1011	+ return check_function_address(ptr, "copy_to_kernel_nofault");
	1012	+}
	1013	+
	1014	+#endif

--- trunk/akari/probe.h (revision 687)

+++ trunk/akari/probe.h (revision 688)

		@@ -57,3 +57,7 @@
57	57	#else
58	58	void * __init probe_d_absolute_path(void);
59	59	#endif
	60	+
	61	+#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 8, 0)
	62	+void * __init probe_copy_to_kernel_nofault(void);
	63	+#endif

--- trunk/akari/test.c (revision 687)

+++ trunk/akari/test.c (revision 688)

		@@ -51,6 +51,12 @@
51	51	goto out;
52	52	printk(KERN_INFO "d_absolute_path=%lx\n", (unsigned long) ptr);
53	53	#endif
	54	+#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 8, 0)
	55	+ ptr = probe_copy_to_kernel_nofault();
	56	+ if (!ptr)
	57	+ goto out;
	58	+ printk(KERN_INFO "copy_to_kernel_nofault=%lx\n", (unsigned long) ptr);
	59	+#endif
54	60	printk(KERN_INFO "All dependent symbols have been guessed.\n");
55	61	printk(KERN_INFO "Please verify these addresses using System.map for this kernel (e.g. /boot/System.map-`uname -r` ).\n");
56	62	printk(KERN_INFO "If these addresses are correct, you can try loading AKARI module on this kernel.\n");