ERROR: modpost: "do_exit" [/home/aaa/KoviD/kovid.ko] undefined!

[opensesamedoors]

OS: Linux fedora 5.17.5-300.fc36.x86_64 #1 SMP PREEMPT Thu Apr 28 15:51:30 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux

Error Info:
CC [M] /home/aaa/KoviD/src/whatever.o CC [M] /home/aaa/KoviD/src/vm.o LD [M] /home/aaa/KoviD/kovid.o MODPOST /home/aaa/KoviD/Module.symvers ERROR: modpost: "do_exit" [/home/aaa/KoviD/kovid.ko] undefined! make[2]: [scripts/Makefile.modpost:134: /home/aaa/KoviD/Module.symvers] Error 1 make[2]: Deleting file '/home/aaa/KoviD/Module.symvers' make[1]: [Makefile:1756: modules] Error 2 make[1]: Leaving directory '/usr/src/kernels/5.17.5-300.fc36.x86_64' make: [Makefile:30: all] Error 2

[carloslack]

Hi @opensesamedoors , KoviD has not been ported to Fedora kernel 5.17, The current tested systems are described in the README file.

However I wrote a short hack so you can test the compilation.

Please try commit https://github.com/carloslack/KoviD/commit/1987bcf538a821da858628040f629c6a24411e4b

brief explanation of the problem you are seeing: do_exit() is a kernel function that ceased to be exported at some point, and is evident in the kernel you are testing.

Notice that the branch I've just made available is just for your test, it is unstable and unsafe to use (run on a VM only) If your feedback is positive I may consider properly porting KoviD to Fedora, let's see. Good luck

[carloslack]

You can clone again from that branch as I included a temporary fix for a crash during rmmod

[carloslack]

do_exit issue with KoviD is related to newer kernels 6+ I can make it work with do_exit however there are other issues related to porting the rootkit to this kernel, eventually I can work on that but no timeline just yet. This is why I am closing this issue for now. Please use the kernel/system versions described in README , if the issue persists, please open another issue and include details like: kernel version, Linux system version/variant and how your local tests are conducted.

thank you