|
Message-ID: <20191127201055.GA29638@pi3.com.pl> Date: Wed, 27 Nov 2019 21:10:55 +0100 From: Adam Zabrocki <pi3@....com.pl> To: lkrg-users@...ts.openwall.com Subject: Re: lkrg-0.7 implicit declaration of 'stack_trace_print' Hi, Do you have compiled in KPROBES ? Can you execute: cat /boot/config-$(uname -r) |grep -i 'kprobe\|kretprobe' Thanks, Adam On Wed, Nov 27, 2019 at 08:37:24PM +0100, Michael de Lang wrote: > Hey, > > I did compile my own kernel, yes. I can give you the config file if > that would make it easier. > > The output is as follows: > > $ cat /proc/kallsyms|grep -i execve > 0000000000000000 t audit_log_execve_info > 0000000000000000 t __do_execve_file.isra.0 > 0000000000000000 T do_execve_file > 0000000000000000 T do_execve > 0000000000000000 T do_execveat > 0000000000000000 T __x64_sys_execve > 0000000000000000 T __ia32_sys_execve > 0000000000000000 T __x64_sys_execveat > 0000000000000000 T __ia32_sys_execveat > 0000000000000000 T __ia32_compat_sys_execve > 0000000000000000 T __x32_compat_sys_execve > 0000000000000000 T __ia32_compat_sys_execveat > 0000000000000000 T __x32_compat_sys_execveat > > > Met vriendelijke groet, > Michael de Lang > > On Wed, 27 Nov 2019 at 20:35, Adam Zabrocki <pi3@....com.pl> wrote: > > > > Hi, > > > > It looks like LKRG can't find function execve in the kernel. Do you have some > > kind of non-standard kernel compilation? Can you show me the output of the > > command: > > > > cat /proc/kallsyms|grep -i execve > > > > Thanks, > > Adam > > > > > > On Wed, Nov 27, 2019 at 08:31:46PM +0100, Michael de Lang wrote: > > > Hey Adam, > > > > > > Thanks! It seems to compile now, but now I get the following error > > > message when trying to start it with systemctl. Am I missing another > > > kernel feature perhaps? > > > > > > nov 27 20:29:26 oipo systemd[1]: Starting Linux Kernel Runtime Guard... > > > -- Subject: A start job for unit lkrg.service has begun execution > > > -- Defined-By: systemd > > > -- Support: http://www.ubuntu.com/support > > > -- > > > -- A start job for unit lkrg.service has begun execution. > > > -- > > > -- The job identifier is 4822. > > > nov 27 20:29:26 oipo kernel: [p_lkrg] Loading LKRG... > > > nov 27 20:29:26 oipo kernel: Freezing user space processes ... > > > (elapsed 0.007 seconds) done. > > > nov 27 20:29:26 oipo kernel: OOM killer disabled. > > > nov 27 20:29:26 oipo kernel: [p_lkrg] Verifying 21 potential UMH paths > > > for whitelisting... > > > nov 27 20:29:26 oipo kernel: [p_lkrg] 5 UMH paths were whitelisted... > > > nov 27 20:29:26 oipo kernel: [p_lkrg] [kretprobe] register_kretprobe() > > > for <__x64_sys_execve> failed! [err=-38] > > > nov 27 20:29:26 oipo kernel: [p_lkrg] ERROR: Can't hook execve syscall :( > > > nov 27 20:29:26 oipo kernel: [p_lkrg] Can't initialize exploit > > > detection features! Exiting... > > > nov 27 20:29:26 oipo kernel: OOM killer enabled. > > > nov 27 20:29:26 oipo kernel: Restarting tasks ... done. > > > nov 27 20:29:26 oipo modprobe[27242]: modprobe: ERROR: could not > > > insert 'p_lkrg': No buffer space available > > > nov 27 20:29:26 oipo systemd[1]: lkrg.service: Control process exited, > > > code=exited, status=1/FAILURE > > > > > > > > > Met vriendelijke groet, > > > Michael de Lang > > > > > > Met vriendelijke groet, > > > Michael de Lang > > > > > > > > > On Wed, 27 Nov 2019 at 20:15, Adam Zabrocki <pi3@....com.pl> wrote: > > > > > > > > Hi, > > > > > > > > I've just pushed a new commit which should address this issue. LKRG should be > > > > able to compile and run on the kernels without CONFIG_STACKTRACE: > > > > > > > > https://bitbucket.org/Adam_pi3/lkrg-main/commits/196266c5eda079022f3876fa625089a7063269ef > > > > > > > > Thanks, > > > > Adam > > > > > > > > On Sat, Nov 23, 2019 at 06:44:25AM +0100, Adam Zabrocki wrote: > > > > > Hi, > > > > > > > > > > I believe your kernel might not be compiled with CONFIG_STACKTRACE option. This > > > > > specific call is sueful for debugging purpose and it is not critical. It is > > > > > recommended to have kernel compiled with CONFIG_STACKTRACE however as a > > > > > temporary fix you might just comment call to this function. > > > > > > > > > > Thanks, > > > > > Adam > > > > > > > > > > On Thu, Nov 21, 2019 at 07:38:48PM +0100, Michael de Lang wrote: > > > > > > Hello, > > > > > > > > > > > > When compiling lkrg-0.7 on ubuntu 19.10 and kernel 5.40-rc7 I get the > > > > > > following error: > > > > > > > > > > > > $ make > > > > > > make -C /lib/modules/5.4.0-rc7-custom/build M=/home/oipo/Downloads/lkrg-0.7 > > > > > > modules > > > > > > make[1]: Entering directory '/usr/src/linux-headers-5.4.0-rc7-custom' > > > > > > CC [M] > > > > > > /home/oipo/Downloads/lkrg-0.7/src/modules/exploit_detection/p_exploit_detection.o > > > > > > /home/oipo/Downloads/lkrg-0.7/src/modules/exploit_detection/p_exploit_detection.c: > > > > > > In function ???p_ed_enforce_pcfi???: > > > > > > /home/oipo/Downloads/lkrg-0.7/src/modules/exploit_detection/p_exploit_detection.c:1092:7: > > > > > > error: implicit declaration of function ???stack_trace_print???; did you mean > > > > > > ???acpi_trace_point???? [-Werror=implicit-function-declaration] > > > > > > 1092 | stack_trace_print(p_trace.entries, p_trace.nr_entries, 0); > > > > > > | ^~~~~~~~~~~~~~~~~ > > > > > > | acpi_trace_point > > > > > > cc1: some warnings being treated as errors > > > > > > make[2]: *** [scripts/Makefile.build:266: > > > > > > /home/oipo/Downloads/lkrg-0.7/src/modules/exploit_detection/p_exploit_detection.o] > > > > > > Error 1 > > > > > > make[1]: *** [Makefile:1652: /home/oipo/Downloads/lkrg-0.7] Error 2 > > > > > > make[1]: Leaving directory '/usr/src/linux-headers-5.4.0-rc7-custom' > > > > > > make: *** [Makefile:91: all] Error 2 > > > > > > > > > > > > including linux/ftrace did not seem to resolve this. > > > > > > > > > > > > Met vriendelijke groet, > > > > > > Michael de Lang > > > > > > > > > > -- > > > > > pi3 (pi3ki31ny) - pi3 (at) itsec pl > > > > > http://pi3.com.pl > > > > > > > > > > > > > -- > > > > pi3 (pi3ki31ny) - pi3 (at) itsec pl > > > > http://pi3.com.pl > > > > > > > > -- > > pi3 (pi3ki31ny) - pi3 (at) itsec pl > > http://pi3.com.pl > > -- pi3 (pi3ki31ny) - pi3 (at) itsec pl http://pi3.com.pl
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.