search

lkrg-org / lkrg

Linux Kernel Runtime Guard
https://lkrg.org
Other
404 stars 72 forks source link

Can't find '__put_seccomp_filter' #225

Open sandikata opened 1 year ago

sandikata commented 1 year ago 
#( 08/25/22@ 7:20 )( root@aleksandrov ):~
   cat /etc/gentoo-release
Gentoo Base System release 2.8

#( 08/25/22@ 7:20 )( root@aleksandrov ):~
   uname -a
Linux aleksandrov.internal.tech 5.19.3-gentoo #1 SMP PREEMPT Tue Aug 23 10:27:07 EEST 2022 x86_64 AMD Ryzen 7 5800X 8-Core Processor AuthenticAMD GNU/Linux
#( 08/25/22@ 7:20 )( root@aleksandrov ):~
#( 08/25/22@ 7:18 )( root@aleksandrov ):~
   modprobe lkrg
modprobe: ERROR: could not insert 'lkrg': No buffer space available
[135766.894024] LKRG: FATAL: Can't find '__put_seccomp_filter'
[135766.894024] LKRG: FATAL: Can't initialize exploit detection features
[135766.894025] LKRG: DYING: Not loading LKRG (initialization failed)
[135766.916897] OOM killer enabled.
[135766.916898] Restarting tasks ... done.
#( 08/25/22@ 7:18 )( root@aleksandrov ):~
sandikata commented 1 year ago

All needed drivers are available in running kernel.

#( 08/25/22@ 7:21 )( root@aleksandrov ):~
   zgrep CONFIG_STACKTRACE /proc/config.gz
CONFIG_STACKTRACE_SUPPORT=y
# CONFIG_STACKTRACE_BUILD_ID is not set
CONFIG_STACKTRACE=y
#( 08/25/22@ 7:21 )( root@aleksandrov ):~
   zgrep SECCOMP /proc/config.gz
CONFIG_HAVE_ARCH_SECCOMP=y
CONFIG_HAVE_ARCH_SECCOMP_FILTER=y
CONFIG_SECCOMP=y
CONFIG_SECCOMP_FILTER=y
# CONFIG_SECCOMP_CACHE_DEBUG is not set
#( 08/25/22@ 7:21 )( root@aleksandrov ):~
   zgrep KPROBE /proc/config.gz
CONFIG_KPROBES=y
CONFIG_HAVE_KPROBES=y
CONFIG_HAVE_KPROBES_ON_FTRACE=y
# CONFIG_SAMPLE_KPROBES is not set
#( 08/25/22@ 7:22 )( root@aleksandrov ):~
solardiz commented 1 year ago

The issue here is we're relying on this kernel-internal symbol, which modern compilers/linkers with some options optimize out. See also #135 and #163. While we need to arrive at a real fix, you can use our scripts/add-exports.sh on your kernel tree as a temporary workaround. Alternatively, if you were overriding your kernel build options enabling more aggressive optimizations than upstream's default, then you can try and revert that.

sandikata commented 1 year ago

Actually, I have -O3 optimization on cachyos kernel. I can try to rebuild with -O2 to see if it make sense.

sandikata commented 1 year ago

It loads now, but i see another issue.

[ 70.577995] LKRG: ISSUE: IOMMU table can't be found (skipping)

sandikata commented 1 year ago 
#( 08/26/22@ 7:27 )( root@aleksandrov ):~
   zgrep IOMMU /proc/config.gz
CONFIG_IRQ_MSI_IOMMU=y
CONFIG_GART_IOMMU=y
CONFIG_VFIO_IOMMU_TYPE1=y
CONFIG_VFIO_NOIOMMU=y
CONFIG_IOMMU_IOVA=y
CONFIG_IOMMU_API=y
CONFIG_IOMMU_SUPPORT=y
# Generic IOMMU Pagetable Support
CONFIG_IOMMU_IO_PGTABLE=y
# end of Generic IOMMU Pagetable Support
# CONFIG_IOMMU_DEBUGFS is not set
# CONFIG_IOMMU_DEFAULT_DMA_STRICT is not set
CONFIG_IOMMU_DEFAULT_DMA_LAZY=y
# CONFIG_IOMMU_DEFAULT_PASSTHROUGH is not set
CONFIG_IOMMU_DMA=y
CONFIG_IOMMU_SVA=y
CONFIG_AMD_IOMMU=y
CONFIG_AMD_IOMMU_V2=m
CONFIG_INTEL_IOMMU=y
CONFIG_INTEL_IOMMU_SVM=y
CONFIG_INTEL_IOMMU_DEFAULT_ON=y
CONFIG_INTEL_IOMMU_FLOPPY_WA=y
CONFIG_INTEL_IOMMU_SCALABLE_MODE_DEFAULT_ON=y
CONFIG_HYPERV_IOMMU=y
CONFIG_VIRTIO_IOMMU=y
CONFIG_IOMMU_HELPER=y
# CONFIG_IOMMU_DEBUG is not set
#( 08/26/22@ 7:27 )( root@aleksandrov ):~
solardiz commented 1 year ago

[ 70.577995] LKRG: ISSUE: IOMMU table can't be found (skipping)

Please open a separate issue for that.

tuxruffian commented 3 weeks ago

Just an FYI, same error on Arch when running the pre-compiled CachyOS kernel:

uname -r; zgrep -v '^#' /proc/config.gz |rg 'FIG_CC_OP|FIG_LTO'
6.9.3-3-cachyos
CONFIG_CC_OPTIMIZE_FOR_PERFORMANCE_O3=y
CONFIG_LTO_NONE=y