search

LWSS / Cartographer

Linux Kernel Module to spoof /proc maps
65 stars 8 forks source link

AUR issues, compilation issues, insmod issues. #10

Open noche-x opened 3 years ago

noche-x commented 3 years ago

Hello, I wanted to check this out and firstly I tried to install from AUR but it kept failing with [code block 1]

So I tried to compile it myself and the same errors occured. I swapped FTRACE_OPS_FL_RECURSION_SAFE with FTRACE_OPS_FL_RECURSION, changed ftrace_thunk's last parameters type from pt_regs regs to ftrace_regs fregs and added struct pt_regs *regs = ftrace_get_regs(fregs); (solution from) and lastly I changed h33p's kallsyms thing from livepatch to kprobes. It compiled successfully but when I tried to insmod it, I got invalid module format

I can successfully compile and insmod h33p's kallsyms-mod.

:: Proceed with installation? [Y/n]
(1/1) checking keys in keyring                                                                                                                  [----------------------------------------------------------------------------------------] 100%
(1/1) checking package integrity                                                                                                                [----------------------------------------------------------------------------------------] 100%
(1/1) loading package files                                                                                                                     [----------------------------------------------------------------------------------------] 100%
(1/1) checking for file conflicts                                                                                                               [----------------------------------------------------------------------------------------] 100%
(1/1) checking available disk space                                                                                                             [----------------------------------------------------------------------------------------] 100%
:: Running pre-transaction hooks...
(1/1) Remove upgraded DKMS modules
==> Unable to remove module cartographer-dkms-git/r16.78a704a for kernel 5.11.11-arch1-1: Not found in dkms status output.
:: Processing package changes...
(1/1) reinstalling cartographer-dkms-git                                                                                                        [----------------------------------------------------------------------------------------] 100%
:: Running post-transaction hooks...
(1/3) Triggering wallpaper regeneration...
(2/3) Arming ConditionNeedsUpdate...
(3/3) Install DKMS modules
==> dkms install --no-depmod -m cartographer-dkms-git -v r16.78a704a -k 5.11.11-arch1-1
Error! Bad return status for module build on kernel: 5.11.11-arch1-1 (x86_64)
Consult /var/lib/dkms/cartographer-dkms-git/r16.78a704a/build/make.log for more information.
==> Warning, `dkms install --no-depmod -m cartographer-dkms-git -v r16.78a704a -k 5.11.11-arch1-1' returned 10
==> depmod 5.11.11-arch1-1

The build error at /var/lib is:

DKMS make.log for cartographer-dkms-git-r16.78a704a for kernel 5.11.11-arch1-1 (x86_64)
Fri Apr  9 10:42:32 PM +03 2021
make: Entering directory '/usr/lib/modules/5.11.11-arch1-1/build'
  CC [M]  /var/lib/dkms/cartographer-dkms-git/r16.78a704a/build/cartographer.o
  CC [M]  /var/lib/dkms/cartographer-dkms-git/r16.78a704a/build/kallsyms.o
/var/lib/dkms/cartographer-dkms-git/r16.78a704a/build/kallsyms.c:5:24: error: array type has incomplete element type ‘struct klp_func’
    5 | static struct klp_func funcs[] = {
      |                        ^~~~~
/var/lib/dkms/cartographer-dkms-git/r16.78a704a/build/kallsyms.c:12:24: error: array type has incomplete element type ‘struct klp_func’
   12 | static struct klp_func failfuncs[] = {
      |                        ^~~~~~~~~
/var/lib/dkms/cartographer-dkms-git/r16.78a704a/build/kallsyms.c:18:26: error: array type has incomplete element type ‘struct klp_object’
   18 | static struct klp_object objs[] = {
      |                          ^~~~
/var/lib/dkms/cartographer-dkms-git/r16.78a704a/build/kallsyms.c:28:15: error: variable ‘patch’ has initializer but incomplete type
   28 | static struct klp_patch patch = {
      |               ^~~~~~~~~
/var/lib/dkms/cartographer-dkms-git/r16.78a704a/build/kallsyms.c:29:3: error: ‘struct klp_patch’ has no member named ‘mod’
   29 |  .mod = THIS_MODULE,
      |   ^~~
In file included from ./include/linux/linkage.h:7,
                 from ./include/linux/kernel.h:7,
                 from ./include/linux/list.h:9,
                 from ./include/linux/module.h:12,
                 from ./include/linux/livepatch.h:12,
                 from /var/lib/dkms/cartographer-dkms-git/r16.78a704a/build/kallsyms.c:3:
./include/linux/export.h:17:21: warning: excess elements in struct initializer
   17 | #define THIS_MODULE (&__this_module)
      |                     ^
/var/lib/dkms/cartographer-dkms-git/r16.78a704a/build/kallsyms.c:29:9: note: in expansion of macro ‘THIS_MODULE’
   29 |  .mod = THIS_MODULE,
      |         ^~~~~~~~~~~
./include/linux/export.h:17:21: note: (near initialization for ‘patch’)
   17 | #define THIS_MODULE (&__this_module)
      |                     ^
/var/lib/dkms/cartographer-dkms-git/r16.78a704a/build/kallsyms.c:29:9: note: in expansion of macro ‘THIS_MODULE’
   29 |  .mod = THIS_MODULE,
      |         ^~~~~~~~~~~
/var/lib/dkms/cartographer-dkms-git/r16.78a704a/build/kallsyms.c:30:3: error: ‘struct klp_patch’ has no member named ‘objs’
   30 |  .objs = objs,
      |   ^~~~
/var/lib/dkms/cartographer-dkms-git/r16.78a704a/build/kallsyms.c:30:10: warning: excess elements in struct initializer
   30 |  .objs = objs,
      |          ^~~~
/var/lib/dkms/cartographer-dkms-git/r16.78a704a/build/kallsyms.c:30:10: note: (near initialization for ‘patch’)
/var/lib/dkms/cartographer-dkms-git/r16.78a704a/build/cartographer.c: In function ‘cart_startup’:
/var/lib/dkms/cartographer-dkms-git/r16.78a704a/build/cartographer.c:291:32: error: assignment to ‘ftrace_func_t’ {aka ‘void (*)(long unsigned int,  long unsigned int,  struct ftrace_ops *, struct ftrace_regs *)’} from incompatible pointer type ‘void (*)(long unsigned int,  long unsigned int,  struct ftrace_ops *, struct pt_regs *)’ [-Werror=incompatible-pointer-types]
  291 |     show_map_vma_hook.ops.func = ftrace_thunk;
      |                                ^
/var/lib/dkms/cartographer-dkms-git/r16.78a704a/build/kallsyms.c: In function ‘init_kallsyms’:
/var/lib/dkms/cartographer-dkms-git/r16.78a704a/build/kallsyms.c:40:10: error: implicit declaration of function ‘klp_enable_patch’ [-Werror=implicit-function-declaration]
   40 |  int r = klp_enable_patch(&patch);
      |          ^~~~~~~~~~~~~~~~
/var/lib/dkms/cartographer-dkms-git/r16.78a704a/build/kallsyms.c: At top level:
/var/lib/dkms/cartographer-dkms-git/r16.78a704a/build/kallsyms.c:28:25: error: storage size of ‘patch’ isn’t known
   28 | static struct klp_patch patch = {
      |                         ^~~~~
/var/lib/dkms/cartographer-dkms-git/r16.78a704a/build/kallsyms.c: In function ‘kallsyms_lookup_name’:
/var/lib/dkms/cartographer-dkms-git/r16.78a704a/build/kallsyms.c:36:1: error: control reaches end of non-void function [-Werror=return-type]
   36 | }
      | ^
At top level:
/var/lib/dkms/cartographer-dkms-git/r16.78a704a/build/kallsyms.c:18:26: warning: ‘objs’ defined but not used [-Wunused-variable]
   18 | static struct klp_object objs[] = {
      |                          ^~~~
/var/lib/dkms/cartographer-dkms-git/r16.78a704a/build/kallsyms.c:12:24: warning: ‘failfuncs’ defined but not used [-Wunused-variable]
   12 | static struct klp_func failfuncs[] = {
      |                        ^~~~~~~~~
/var/lib/dkms/cartographer-dkms-git/r16.78a704a/build/kallsyms.c:5:24: warning: ‘funcs’ defined but not used [-Wunused-variable]
    5 | static struct klp_func funcs[] = {
      |                        ^~~~~
cc1: some warnings being treated as errors
/var/lib/dkms/cartographer-dkms-git/r16.78a704a/build/cartographer.c:293:37: error: ‘FTRACE_OPS_FL_RECURSION_SAFE’ undeclared (first use in this function); did you mean ‘FTRACE_OPS_FL_RECURSION’?
  293 |                                   | FTRACE_OPS_FL_RECURSION_SAFE
      |                                     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
      |                                     FTRACE_OPS_FL_RECURSION
/var/lib/dkms/cartographer-dkms-git/r16.78a704a/build/cartographer.c:293:37: note: each undeclared identifier is reported only once for each function it appears in
make[1]: *** [scripts/Makefile.build:279: /var/lib/dkms/cartographer-dkms-git/r16.78a704a/build/kallsyms.o] Error 1
make[1]: *** Waiting for unfinished jobs....
cc1: some warnings being treated as errors
make[1]: *** [scripts/Makefile.build:279: /var/lib/dkms/cartographer-dkms-git/r16.78a704a/build/cartographer.o] Error 1
make: *** [Makefile:1809: /var/lib/dkms/cartographer-dkms-git/r16.78a704a/build] Error 2
make: Leaving directory '/usr/lib/modules/5.11.11-arch1-1/build'`
LWSS commented 3 years ago

tell me ur kernel versionnnnnnnnn

noche-x commented 3 years ago

5.11.11-arch1-1

noche-x commented 3 years ago

The "patch" that I did resulted in this message in dmesg: [51429.873131] cartographer_module: module is marked as livepatch module, but livepatch support is disabled

noche-x commented 3 years ago

After disabling the livepatch of the source file: [51500.274637] cartographer_module: Cartographer Loading complete.

So I tried a command but:

Cartographer : master ✘ :✹ ᐅ  sudo echo "settarget libtestsfaa.so" > /proc/cartographer
zsh: permission denied: /proc/cartographer

But when I used sudo su to do the command it succeeded and the example command works!

I could open a pull request but my knowledge about linux driver development is limited, if I knew the cause of this I would've made a pull request.

Anyways my patch is: in cartographer.c change FTRACE_OPS_FL_RECURSION_SAFE to FTRACE_OPS_FL_RECURSION, add struct pt_regs *regs = ftrace_get_regs(fregs); to the function ftrace_thunk and change the parameter from pt_regs* regs to ftrace_regs* fregs

in kallsyms.c change it to kprobes instead of livepatch aka copy and paste the kallsyms_kp.c from h33p's repo.

LWSS commented 3 years ago

Yeah i'm on 5.10 and it still works, something probably changed but it looks like you figured it out.

But when I used sudo su to do the command it succeeded and the example command works! yeah ur supposed to use | sudo tee or something like that to redirect it.

I'll probably get around to it when I update distro, thanks for the info. Also I didn't even know this was on the AUR lol.

remove module cartographer-dkms-git/r16.78a704a for kernel 5.11.11-arch1-1: oops brainlet moment, was up for like 24 hours lol