fix some kerneldriver errors

2023-11-27 10:35:47 +08:00 · 2023-11-27 10:35:47 +08:00 · 25059da6ed
commit 25059da6ed
parent 991e0dc1a7
5 changed files with 159 additions and 2 deletions
--- a/Backport-fix-printf-error-in-main.cpp.patch
+++ b/Backport-fix-printf-error-in-main.cpp.patch
@ -0,0 +1,26 @@
+From ac917ecc5abc25a69821ab6a9be323ed1dd39172 Mon Sep 17 00:00:00 2001
+From: lihengwei <lihengwei@uniontech.com>
+Date: Tue, 21 Nov 2023 14:57:34 +0800
+Subject: [PATCH 1/4] fix printf error in main.cpp
+
+Signed-off-by: lihengwei <lihengwei@uniontech.com>
+---
+ observer_agent/service/main.cpp | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/observer_agent/service/main.cpp b/observer_agent/service/main.cpp
+index f177645..bd01690 100644
+--- a/observer_agent/service/main.cpp
+++ b/observer_agent/service/main.cpp
+@@ -164,7 +164,7 @@ int main(int argc, char *argv[])
+         r = daemon(0, 0);
+         if (r == -1)
+         {
+-            printf("daemon failed, r:%d\n");
+            printf("daemon failed, r:%d\n", r);
+             exit(EXIT_FAILURE);
+         }
+     }
+-- 
+2.33.0
+
--- a/Backport-fix-register-kpobe-mutiple-times.patch
+++ b/Backport-fix-register-kpobe-mutiple-times.patch
@ -0,0 +1,40 @@
+From 7db0bbb70c7b4148eafa9d44b8b04c80e6b7e78e Mon Sep 17 00:00:00 2001
+From: zcfsite <zhchf2010@126.com>
+Date: Sat, 25 Nov 2023 17:58:26 +0800
+Subject: [PATCH 4/4] fix register kpobe mutiple times
+
+---
+ kerneldriver/core/hook_unit/secDetector_hook_kprobe.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/kerneldriver/core/hook_unit/secDetector_hook_kprobe.c b/kerneldriver/core/hook_unit/secDetector_hook_kprobe.c
+index fb6de05..5acce03 100644
+--- a/kerneldriver/core/hook_unit/secDetector_hook_kprobe.c
+++ b/kerneldriver/core/hook_unit/secDetector_hook_kprobe.c
+@@ -77,6 +77,8 @@ int insert_kprobe_hook(struct secDetector_workflow *workflow)
+ int delete_kprobe_hook(struct secDetector_workflow *workflow)
+ {
+ 	struct kprobe *kp = NULL;
+	const char *tmp_sym = NULL;
+	kprobe_pre_handler_t tmp_handler;
+ 
+ 	if (workflow == NULL)
+ 		return -1;
+@@ -94,7 +96,14 @@ int delete_kprobe_hook(struct secDetector_workflow *workflow)
+ 		if (!kp)
+ 			return -1;
+ 
+		tmp_sym = kp->symbol_name;
+		tmp_handler = kp->pre_handler;
+
+ 		unregister_kprobe(kp);
+		//register mutiple times
+		memset(kp, 0, sizeof(struct kprobe));
+		kp->symbol_name = tmp_sym;
+		kp->pre_handler = tmp_handler;
+ 	}
+ 
+ 	return 0;
+-- 
+2.33.0
+
--- a/Backport-fix-report-api-function.patch
+++ b/Backport-fix-report-api-function.patch
--- a/Backport-fix-system-crash-caused-by-registration-exception.patch
+++ b/Backport-fix-system-crash-caused-by-registration-exception.patch
@ -0,0 +1,85 @@
+From 4b28444ed29d730de3b2e145dbd43d9d508deb41 Mon Sep 17 00:00:00 2001
+From: yieux <yangxy79315@sina.com>
+Date: Thu, 23 Nov 2023 14:40:02 +0800
+Subject: fix system crash caused by registration exception
+
+---
+ .../core/analyze_unit/secDetector_analyze.c     |  1 +
+ kerneldriver/core/secDetector_manager.c         | 17 +++++++++++++----
+ 2 files changed, 14 insertions(+), 4 deletions(-)
+
+diff --git a/kerneldriver/core/analyze_unit/secDetector_analyze.c b/kerneldriver/core/analyze_unit/secDetector_analyze.c
+index 688a5e0..226e245 100644
+--- a/kerneldriver/core/analyze_unit/secDetector_analyze.c
+++ b/kerneldriver/core/analyze_unit/secDetector_analyze.c
+@@ -17,6 +17,7 @@ analyze_func_t analyze_units[NR_ANALYZE] = {
+ 	[ANALYZE_PRESET_SAVE_CHECK] = analyze_save_check,
+ };
+ 
+// 不使用analyze_status_data的时候，data_type 为0，因此free_analyze_status_data不处理对应的 ANALYZE_STATUS。
+ void free_analyze_status_data(analyze_status_t *analyze_status_data)
+ {
+ 	switch (analyze_status_data->data.data_type) {
+diff --git a/kerneldriver/core/secDetector_manager.c b/kerneldriver/core/secDetector_manager.c
+index 9304877..4c88386 100644
+--- a/kerneldriver/core/secDetector_manager.c
+++ b/kerneldriver/core/secDetector_manager.c
+@@ -35,12 +35,14 @@ void secDetector_module_unregister(struct secDetector_module *module)
+ 	mutex_lock(&g_hook_list_array_mutex);
+ 	ret_id = idr_remove(&g_module_idr, (unsigned long)module->id);
+ 	if (ret_id == NULL) {
+		pr_err("[secDetector] remove module id failed\n");
+ 		goto error;
+ 	}
+ 
+ 	for (i = 0, wf = module->workflow_array; i < module->workflow_array_len;
+ 	     i++, wf++) {
+ 		if (wf == NULL) {
+			pr_err("[secDetector] invalid workflow\n");
+ 			goto error;
+ 		}
+ 		ret = delete_callback(wf);
+@@ -48,15 +50,20 @@ void secDetector_module_unregister(struct secDetector_module *module)
+ 			pr_err("[secDetector] delete callback failed, return %d\n", ret);
+ 			goto error;
+ 		}
+-		// workflow在被卸载的时候，需要释放analyze status等申请的内存,特别是使用默认的response list。
+-		free_analyze_status_data(&wf->analyze_status);
+-		if (wf->response_array_len == 0) {
+		if (wf->workflow_type == WORKFLOW_PRESET) {
+			// workflow在被卸载的时候，需要释放analyze status等申请的内存,特别是使用默认的response list。
+			free_analyze_status_data(&wf->analyze_status);
+			if (wf->response_array_len == 0) {
+ 			kfree(wf->response_array);
+			}
+ 		}
+ 	}
+ 
+ error:
+-	list_del_rcu(&module->list);
+	//secDetector_module_unregister 的执行流可能来源于 失败的register，因此module此时还未被list_add_rcu
+	if ((module->list.next != NULL) && (module->list.prev != NULL) &&
+		((module->list.next != &module->list) || (module->list.prev != &module->list)))
+		list_del_rcu(&module->list);
+ 	synchronize_rcu();
+ 	mutex_unlock(&g_hook_list_array_mutex);
+ 
+@@ -125,6 +132,7 @@ int secDetector_module_register(struct secDetector_module *module)
+ 	for (i = 0, wf = module->workflow_array; i < module->workflow_array_len;
+ 	     i++, wf++) {
+ 		if (wf == NULL) {
+			pr_err("[secDetector] invalid workflow\n");
+ 			ret = -EINVAL;
+ 			goto error;
+ 		}
+@@ -148,6 +156,7 @@ int secDetector_module_register(struct secDetector_module *module)
+ 					 param->proc_ops, param->data);
+ 		if (!param->entry) {
+ 			pr_err("[secDetector] create proc failed\n");
+			ret = -EINVAL;
+ 			goto error;
+ 		}
+ 	}
+-- 
+2.33.0
+
--- a/secDetector.spec
+++ b/secDetector.spec
@ -5,7 +5,7 @@
 Name         :  secDetector
 Summary      :  OS Security Intrusion Detection System
 Version      :  1.0
-Release      :  4
+Release      :  5
 License      :  GPL-2.0
 Source0      :  %{name}-v%{version}.tar.gz
 BuildRequires:  kernel-devel kernel-headers
@ -15,9 +15,12 @@ BuildRequires:	grpc-devel grpc-plugins protobuf-devel c-ares-devel libuuid-devel
 Requires     :  kernel
 Requires     :  protobuf grpc libuuid libbpf

-Patch0001: 0001-fix-report-api-function.patch
+Patch0001: Backport-fix-report-api-function.patch
 Patch0002: Backport-service-fix-power_of_2-bug.patch
 Patch0003: Backport-check-value-for-topic.patch
+Patch0004: Backport-fix-printf-error-in-main.cpp.patch
+Patch0005: Backport-fix-system-crash-caused-by-registration-exception.patch
+Patch0006: Backport-fix-register-kpobe-mutiple-times.patch

 %description
 OS Security Intrusion Detection System
@ -91,6 +94,9 @@ rm -rf %{buildroot}
 %attr(0644,root,root) /usr/include/secDetector/secDetector_topic.h

 %changelog
+* Mon Nov 27 2023 zcfsite <zhchf2010@126.com> 1.0-5
+- fix some kerneldriver error
+
 * Wed Nov 22 2023 zhangguangzhi <zhangguangzhi3@huawei.com> 1.0-4
 - add patch to check value for topic