add-export.sh broken as static export check is enforced in newer kernel.

[SorenEricMent]

https://github.com/torvalds/linux/commit/6d62b1c46b1e6e1686a0cf6617c96c80d4ab5cd5 https://github.com/torvalds/linux/commit/31cb50b5590fe911077b8463ad01144fac8fa4f3

the scripts/add-exports.sh is causing compilation failure on newer kernels due to them check and fail on exported static symbol, I observed such failure starting from 6.8.10 and 6.9. I haven't tested other versions but this should have a wide impact.

I wrote a patch to see if I can fix it by removing this single check (It's dirty but the whole add-exports.sh thing is dirty already)

In the future we might need a more sophisticated patch directly on the kernel.

Example of such build failure:

[SorenEricMent]

still trying to make it pass the build at least, looks like more than 2 checks need to be disabled

However that "57712 writable function pointers" warning is still very scary, I'm not really sure about the implication of simply disabling checks that error on scripts/add-exports.sh

[SorenEricMent]

Disabling checks that cause error result in this

I'll keep looking into it

[solardiz]

Thank you for reporting this, @SorenEricMent! If you don't use the add exports script, does LKRG loading fail on your system? Somehow for typical distro kernels it just works anyway. What compiler/options are you building the kernel with?

Disabling checks that cause error result in this

The actual errors must be somewhere earlier, you need to scroll up to see it.

Also, instead of screenshots, please be posting copy-pasted text from the terminal, wrapped in triple backticks.

[solardiz]

I think we should modify our add exports script so that it removes the static keywords from those symbols. It doesn't actually need to export them, just removing static should be sufficient for LKRG. Adding exports felt less invasive (adding lines rather than finding and changing existing lines), but it looks like we need to reconsider.

If the script would no longer be adding exports, I guess we could also want to rename it.

[SorenEricMent]

does LKRG loading fail on your system

Yes, LKRG fail on both linux-zen and linux-cachyos-hardened on both version 6.8.x and 6.9.x. Zen kernel is Arch Linux official, CachyOS kernel is from aur. The error message of insmod would be "no kernel buffer available", which leads me to an earlier issue mentioning scripts/add-exports.sh, which worked earlier. For the cachyos one, I've tried disabling O3

[solardiz]

The error message of insmod would be "no kernel buffer available"

Right. What is seen in dmesg? That should tell us the specific symbols LKRG could not find.

For the cachyos one, I've tried disabling O3

Did this help?

[SorenEricMent]

This is the error generated by linux-zen 6.9.2 sudo dmesg | grep LKRG [ 23.004944] LKRG: ALIVE: Loading LKRG [ 23.018013] LKRG: FATAL: Can't find 'put_seccomp_filter' [ 23.019123] LKRG: FATAL: Can't initialize exploit detection features [ 23.020406] LKRG: DYING: Not loading LKRG (initialization failed) [ 23.381953] LKRG: ALIVE: Loading LKRG [ 23.497194] LKRG: FATAL: Can't find 'put_seccomp_filter' [ 23.497970] LKRG: FATAL: Can't initialize exploit detection features [ 23.498715] LKRG: DYING: Not loading LKRG (initialization failed) [ 23.873933] LKRG: ALIVE: Loading LKRG [ 24.089909] LKRG: FATAL: Can't find '__put_seccomp_filter' [ 24.090643] LKRG: FATAL: Can't initialize exploit detection features [ 24.091301] LKRG: DYING: Not loading LKRG (initialization failed)

I can't test on cachyos yet because of a dkms triggering a kernel BUG, I'll post it when I fix it

Did this help?

no

[solardiz]

I think we should modify our add exports script so that it removes the static keywords from those symbols.

@SorenEricMent Would you like to implement, test, and contribute this change?

[ 24.089909] LKRG: FATAL: Can't find '__put_seccomp_filter'

@Adam-pi3 We could make seccomp protection optional, disabled (with an ISSUE logged) when symbol lookup fails.

[SorenEricMent]

Would you like to implement, test, and contribute this change?

I'll give it a shot!