[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20180719092926.GA22190@pi3.com.pl>
Date: Thu, 19 Jul 2018 11:29:26 +0200
From: Adam Zabrocki <pi3@....com.pl>
To: lkrg-users@...ts.openwall.com
Subject: Re: LKRG 0.3: ERROR: No buffer space available
Hello,
Thanks for your emails and reporting these issues, but I would like to point
out that any emails sent to this mailing list MUST be in English. This is an
official mailing list for the LKRG project and many subscribers are
international (don't speak and understand Polish).
Both of your problems might be completely different (but don't need to be), but
to be able to better understand them I need more information:
1) Are you using custom compiled kernel or default one from the distro package?
2) What is exact kernel version which you use?
a) Krzysztof Kulesza is using Linux 4.14.55 - did you copy Slackware 14.2
kernel configuration by hand and manually recompile / compile the kernel or did
you use standard kernel package?
b) Krzysztof Ciechanowski is using 4.17.7-041707-generic SMP but is it custom
compilation? If not which distro kernel are you using?
LKRG module has a parameter p_init_log_level (which looks like you are aware
of) which defines default log_level which is going to be used during
initialization. You can read more about log_level option (and in general about
communication channel) here:
http://openwall.info/wiki/p_lkrg/Examples#Communication-channel
In short it might be a number between 0-4 or 0-6 (if debugging compilation was
used). As far as I see you've been using number 3, can you please use at least
number 4? It will give more information about the root of the problem. If debug
option is enabled number 5 and 6 is also available but you need to be carefully
using it to not spam the kernel with too many logs.
If you try to load kernel with log_level at least 4, can you forward me what
kernel logs says so I could find out what is the place of failing
initialization process?
a) Krzysztof Kulesza - in you case it looks like LKRG can find an "execve"
syscall:
[p_lkrg] [kretprobe] register_kretprobe() failed! [err=-38]
[351270.013461] [p_lkrg] ERROR: Can't hook execve syscall :(
[351270.013537] [p_lkrg] Can't initialize exploit detection features!
Exiting...
If you see in the logs failure like that (can't hook specific syscall), can
you please run the following command:
# cat /proc/kallsyms | grep
<name_of_the_function_which_faild_during_init_process>
so in your case would be:
# cat /proc/kallsyms | grep execve
I would be happy to take a look what's going on.
<-- in Polish -->
Witam,
Jezeli angielski jest problematyczny na tyle ze uniemozliwa komunikacje, bylbym
wdzieczny jesli maile po polsku nie bylyby wysylane na oficjalna liste
mailingowa projektu - prosze uzyc mojego prywatnego maila.
Mam nadzieje ze moja odpowiedz po angielsku jest zrozumiala i bedziecie mogli
dostarczy dodatkowych informacji, ktore potrzebuje ;)
<-- Done -->
Thanks,
Adam
On Wed, Jul 18, 2018 at 10:20:13AM +0200, Krzysztof Kulesza wrote:
> W dniu 18.07.2018 o 02:06, krzysztof ciechanowski pisze:
> > Witam, pierwszy raz na grupie, mój angielski nie jest najwyższym
> > poziomie więc nie będę silić się na jego używanie. proszę więc o
> > wyrozumiałość.
> > Mam problem z zainstalowaniem LKRG zarówno w wersji 0.3 jak i 0.2.
> > Instalacji próbowałem dokonać zarówno za pomocą gita jak i za pomocą
> > udostępnionych na stronie projektu paczek.
> > Niestety efekt za każdym razem jest podobny, mianowicie LKRG się
> > kompiluje jednak próba jego zainstalowanie kończy się błedem jak w
> > temacie.
> >
> > /~/Pobrane/lkrg-0.3 $ *modinfo output/p_lkrg.ko*/
> > /filename: /home/krzysztof/Pobrane/lkrg-0.3/output/p_lkrg.ko/
> > /license: GPL v2/
> > /description: pi3's Linux kernel Runtime Guard/
> > /author: Adam 'pi3' Zabrocki (http://pi3.com.pl)/
> > /srcversion: 7A8F37A00C10B94C369A1D1/
> > /depends: /
> > /retpoline: Y/
> > /name: p_lkrg/
> > /vermagic: 4.17.7-041707-generic SMP mod_unload /
> > /parm: p_init_log_level:Logging level init value [1 (alive)
> > is default] (uint)/
> > /
> > /
> > /~/Pobrane/lkrg-0.3 $//*sudo insmod output/p_lkrg.ko p_init_log_level=3*/
> > /insmod: ERROR: could not insert module output/p_lkrg.ko: No buffer
> > space available/
> >
> > Instalacji próbowałem dokonać z różnymi wersjami kernela, niestety bez
> > zmian. Sam komunikat błędu niewiele mi mówi, google tez niewiele pomaga.
> > Proszę o pomoc w rozwiązaniu problemu.
>
> Witam
> Mam taki sam błąd.
> Kernel 4.14.55 na Slackware 14.2 (domyślny konfig ze Slackware)
>
> Linux 4.14.55 #1 SMP Wed Jul 11 19:33:43 CDT 2018 x86_64 Intel(R)
> Xeon(R) CPU E3-1230 V2 @ 3.30GHz GenuineIntel GNU/Linux
>
> # modprobe p_lkrg p_init_log_level=3
> modprobe: ERROR: could not insert 'p_lkrg': No buffer space available
>
> # dmesg [351270.009351] [p_lkrg] Loading LKRG... [351270.013460]
> [p_lkrg] [kretprobe] register_kretprobe() failed! [err=-38]
> [351270.013461] [p_lkrg] ERROR: Can't hook execve syscall :(
> [351270.013537] [p_lkrg] Can't initialize exploit detection features!
> Exiting...
>
> --
> Krzysztof Kulesza
>
--
pi3 (pi3ki31ny) - pi3 (at) itsec pl
http://pi3.com.pl
Powered by blists - more mailing lists
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
