packages/secDetector
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: packages:7f5bf7188c00b76eefbb2d1dcae2fddddc84bc01
Branches Tags
packages:main
...
compare: packages:048b57b052729009f66708cf47a29b9174cb4722
Branches Tags
packages:main

11 Commits
7f5bf7188c ... 048b57b052

Author SHA1 Message Date
openeuler-ci-bot
048b57b052
!36 backport patchs to master 
From: @hurricane618 
Reviewed-by: @chenjingwen6, @zcfsite 
Signed-off-by: @zcfsite
 2024-02-20 12:39:25 +00:00
hurricane618
03e5265ea6 backport patch to fix compile error in v6.6 kernel 
Signed-off-by: hurricane618 <hurricane618@hotmail.com>
 2024-02-20 15:00:18 +08:00
hurricane618
5ed2d22ec2 backport patchs to fix memory leak 
backport patchs to fix memory leak

Signed-off-by: hurricane618 <hurricane618@hotmail.com>
 2023-12-21 19:41:36 +08:00
openeuler-ci-bot
ce69908d14
!32 回合上游社区补丁 
From: @zcfsite 
Reviewed-by: @yieux 
Signed-off-by: @yieux
 2023-12-15 03:01:30 +00:00
zcfsite
45ee54d25f backport some bugfix patches 2023-12-15 09:45:30 +08:00
openeuler-ci-bot
650a1f7375
!30 backport patch for modify README 
From: @zgzxx 
Reviewed-by: @yieux 
Signed-off-by: @yieux
 2023-12-11 13:43:13 +00:00
zgzxx
bab8b8fdde backport patch for modify README 2023-12-11 21:31:06 +08:00
openeuler-ci-bot
ec18580616
!28 backport some patches 
From: @chenjingwen6 
Reviewed-by: @zcfsite 
Signed-off-by: @zcfsite
 2023-12-11 13:25:06 +00:00
chenjingwen
22d40eb3b3 backport patches to fix issues 
backport patches to fix issues such as
grpc hangs.

Signed-off-by: chenjingwen <lhchenjw@gmail.com>
 2023-12-11 21:08:06 +08:00
openeuler-ci-bot
942f0a2a53
!25 backport some patches 
From: @zgzxx 
Reviewed-by: @zcfsite 
Signed-off-by: @zcfsite
 2023-12-09 08:27:32 +00:00
zgzxx
bc0768fa81 backport some patches 2023-12-09 15:58:09 +08:00
16 changed files with 1685 additions and 1 deletions
Show Stats Expand all files Collapse all files

48
Backport-add-lock-limit-publish-API.patch Normal file
View File

@ -0,0 +1,48 @@
From b6705fe2d5b4aefdc0db16ae6ec9d75b69e8f421 Mon Sep 17 00:00:00 2001
From: hurricane618 <hurricane618@hotmail.com>
Date: Wed, 6 Dec 2023 22:12:27 +0800
Subject: [PATCH] add lock limit publish API
call publish too quick, so add lock to limit it.
Signed-off-by: hurricane618 <hurricane618@hotmail.com>
---
observer_agent/service/main.cpp | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/observer_agent/service/main.cpp b/observer_agent/service/main.cpp
index bd01690..8c24345 100644
--- a/observer_agent/service/main.cpp
+++ b/observer_agent/service/main.cpp
@@ -80,6 +80,10 @@ static void sig_handler(int sig)
}
static bool debug = false;
+static std::string server_address("unix:///var/run/secDetector.sock");
+PubSubClient client;
+std::mutex pub_mutex;
+
static void push_log(int type, const std::string &content)
{
if ((topic_mask & type) == 0)
@@ -92,8 +96,7 @@ static void push_log(int type, const std::string &content)
}
// push to grpc
- std::string server_address("unix:///var/run/secDetector.sock");
- PubSubClient client(grpc::CreateChannel(server_address, grpc::InsecureChannelCredentials()));
+ std::lock_guard<std::mutex> lock(pub_mutex);
client.Publish(type, content);
}
@@ -179,6 +182,7 @@ int main(int argc, char *argv[])
std::thread thread_grpc = std::thread(RunServer);
std::thread thread_ebpf_process = std::thread(StartProcesseBPFProg, ebpf_cb, ringbuf_size_bytes, topic_mask);
std::thread thread_ebpf_file = std::thread(StartFileBPFProg, ebpf_cb, ringbuf_size_bytes, topic_mask);
+ client.init(grpc::CreateChannel(server_address, grpc::InsecureChannelCredentials()));
while (exiting == 0)
{
--
2.33.0

87
Backport-bug-fix-memory-leak-in-sc-analyze-unit.patch Normal file
View File

@ -0,0 +1,87 @@
From 2ff0256c1ca0bfb1e119fc419d2a9c3e7a48fc22 Mon Sep 17 00:00:00 2001
From: yieux <yangxy79315@sina.com>
Date: Wed, 20 Dec 2023 15:31:22 +0800
Subject: [PATCH] bug fix memory leak in sc analyze unit
---
.../analyze_unit/secDetector_save_check.c | 24 +++++++++++++------
1 file changed, 17 insertions(+), 7 deletions(-)
diff --git a/kerneldriver/core/analyze_unit/secDetector_save_check.c b/kerneldriver/core/analyze_unit/secDetector_save_check.c
index 4a5f689..788de3e 100644
--- a/kerneldriver/core/analyze_unit/secDetector_save_check.c
+++ b/kerneldriver/core/analyze_unit/secDetector_save_check.c
@@ -38,6 +38,11 @@ static int init_analyze_status_data_sc(analyze_status_t *analyze_status_data, in
return 0;
}
analyze_status_data->sc_data.data = kmalloc(sizeof(unsigned long long) * len, GFP_KERNEL);
+ if (analyze_status_data->sc_data.data == NULL) {
+ pr_err("kmalloc failed");
+ return -ENOMEM;
+ }
+ analyze_status_data->sc_data.data_type = ANALYZE_STATUS_SAVE_CHECK;
analyze_status_data->sc_data.len = len;
return 0;
}
@@ -51,6 +56,7 @@ void free_analyze_status_data_sc(analyze_status_t *analyze_status_data)
static int analyze_save_check_init(struct list_head *collect_data_list, analyze_status_t *analyze_status_data, response_data_t *response_data)
{
+ int ret = 0;
int data_index = 0;
struct collect_data *cd;
list_for_each_entry(cd, collect_data_list, list) {
@@ -58,7 +64,9 @@ static int analyze_save_check_init(struct list_head *collect_data_list, analyze_
continue;
data_index++;
}
- init_analyze_status_data_sc(analyze_status_data, data_index);
+ ret = init_analyze_status_data_sc(analyze_status_data, data_index);
+ if (ret < 0)
+ return ret;
data_index = 0;
list_for_each_entry(cd, collect_data_list, list) {
@@ -89,7 +97,7 @@ static int analyze_save_check_normal(struct list_head *collect_data_list, analyz
unsigned long long measure_value;
struct collect_data *cd;
char *timestamp = NULL;
- int timestamp_len;
+ int timestamp_len = 0;
char **response_arrays;
int response_array_index = 0;
char int_str[MAX_DIGITS];
@@ -124,7 +132,7 @@ static int analyze_save_check_normal(struct list_head *collect_data_list, analyz
break;
}
if (measure_value != analyze_status_data->sc_data.data[data_index]) {
- pr_warn("[save_check]%s: original: %llu; now: %llu.!\n",
+ pr_debug("[save_check]%s: original: %llu; now: %llu.!\n",
cd->name, analyze_status_data->sc_data.data[data_index], measure_value);
response_arrays[response_array_index] = kzalloc(strlen(cd->name) + REPORT_MORE_CHAR_LEN, GFP_KERNEL);
if (response_arrays[response_array_index] == NULL) {
@@ -162,15 +170,17 @@ static int analyze_save_check_normal(struct list_head *collect_data_list, analyz
ret = -ENOMEM;
goto end;
}
- if (timestamp_len > 0) {
- strncat(response_data->report_data.text, timestamp, timestamp_len);
- kfree(timestamp);
- }
+
for (i = 0; i < response_array_index; i++)
strncat(response_data->report_data.text, response_arrays[i], strlen(response_arrays[i]));
strcat(response_data->report_data.text, "\n");
}
+
end:
+ if (timestamp_len > 0) {
+ strncat(response_data->report_data.text, timestamp, timestamp_len);
+ kfree(timestamp);
+}
for (i = 0; i < response_array_index; i++)
kfree(response_arrays[i]);
kfree(response_arrays);
--
2.33.0

110
Backport-createfile-check-f_mode-and-fix-typo.patch Normal file
View File

@ -0,0 +1,110 @@
From bb4b1875241741b0329555342f82ab820cf12187 Mon Sep 17 00:00:00 2001
From: zgzxx <zhangguangzhi3@huawei.com>
Date: Sat, 9 Dec 2023 15:29:01 +0800
Subject: createfile check f_mode and fix typo
---
include/secDetector_topic.h | 2 +-
observer_agent/ebpf/file_ebpf/file_fentry.bpf.c | 5 ++++-
observer_agent/ebpf/file_ebpf/file_fentry.c | 2 +-
observer_agent/ebpf/file_ebpf/test_file_fentry.c | 2 +-
observer_agent/ebpf/test_fentry.c | 2 +-
observer_agent/service/ebpf_converter.cpp | 2 +-
6 files changed, 9 insertions(+), 6 deletions(-)
diff --git a/include/secDetector_topic.h b/include/secDetector_topic.h
index 7320042..93a6872 100644
--- a/include/secDetector_topic.h
+++ b/include/secDetector_topic.h
@@ -17,7 +17,7 @@
#ifndef SECDETECTOR_TOPIC_H
#define SECDETECTOR_TOPIC_H
/* file */
-#define CREATFILE 0x00000001
+#define CREATEFILE 0x00000001
#define DELFILE 0x00000002
#define SETFILEATTR 0x00000004
#define WRITEFILE 0x00000008
diff --git a/observer_agent/ebpf/file_ebpf/file_fentry.bpf.c b/observer_agent/ebpf/file_ebpf/file_fentry.bpf.c
index f4e7e44..941b785 100644
--- a/observer_agent/ebpf/file_ebpf/file_fentry.bpf.c
+++ b/observer_agent/ebpf/file_ebpf/file_fentry.bpf.c
@@ -13,6 +13,7 @@
#define O_CREAT 100
#define LOOKUP_CREATE 0x0200
+#define FMODE_CREATED 0x100000
char LICENSE[] SEC("license") = "Dual BSD/GPL";
@@ -112,12 +113,14 @@ int BPF_PROG(do_filp_open_exit, int dfd, struct filename *pathname, const struct
return 0;
if (!S_ISREG(ret_file->f_inode->i_mode))
return 0;
+ if (!(ret_file->f_mode & FMODE_CREATED))
+ return 0;
e = bpf_ringbuf_reserve(&rb, sizeof(*e), 0);
if (!e)
return 0;
- e->type = CREATFILE;
+ e->type = CREATEFILE;
struct task_struct *parent = NULL;
struct task_struct *task = NULL;
diff --git a/observer_agent/ebpf/file_ebpf/file_fentry.c b/observer_agent/ebpf/file_ebpf/file_fentry.c
index bf445ab..daec6e3 100644
--- a/observer_agent/ebpf/file_ebpf/file_fentry.c
+++ b/observer_agent/ebpf/file_ebpf/file_fentry.c
@@ -44,7 +44,7 @@ static void DisableProg(struct bpf_object_skeleton *s, const char *prog_name)
static void DisableProgBasedOnMask(struct bpf_object_skeleton *skel, int mask)
{
- if ((mask & CREATFILE) == 0) {
+ if ((mask & CREATEFILE) == 0) {
DisableProg(skel, "do_filp_open_exit");
}
diff --git a/observer_agent/ebpf/file_ebpf/test_file_fentry.c b/observer_agent/ebpf/file_ebpf/test_file_fentry.c
index a9ea778..c22d2ef 100644
--- a/observer_agent/ebpf/file_ebpf/test_file_fentry.c
+++ b/observer_agent/ebpf/file_ebpf/test_file_fentry.c
@@ -9,7 +9,7 @@ static int handle_event(void *ctx, void *data, size_t data_sz)
printf("timestamp:%llu event_name:%s exe:%s pid:%u tgid:%u uid:%u gid:%u comm:%s"
" sid:%u ppid:%u pgid:%u pcomm:%s nodename:%s pns:%u root_pns:%u",
e->timestamp, e->event_name, e->exe, e->pid, e->tgid, e->uid, e->gid, e->comm, e->sid, e->ppid, e->pgid,e->pcomm, e->nodename, e->pns, e->root_pns);
- if (e->type & (CREATFILE | DELFILE | SETFILEATTR | WRITEFILE | READFILE))
+ if (e->type & (CREATEFILE | DELFILE | SETFILEATTR | WRITEFILE | READFILE))
printf(" filename:%s", e->file_info.filename);
if (e->type & SETFILEATTR)
printf(" name:%s value:%s old_value:%s", e->file_info.name, e->file_info.value,e->file_info.old_value);
diff --git a/observer_agent/ebpf/test_fentry.c b/observer_agent/ebpf/test_fentry.c
index 0616958..330e82a 100644
--- a/observer_agent/ebpf/test_fentry.c
+++ b/observer_agent/ebpf/test_fentry.c
@@ -24,7 +24,7 @@ static int handle_event(void *ctx, void *data, size_t data_sz)
" sid:%u ppid:%u pgid:%u pcomm:%s nodename:%s pns:%u root_pns:%u",
e->timestamp, e->event_name, e->exe, e->pid, e->tgid, e->uid, e->gid, e->comm, e->sid, e->ppid, e->pgid,
e->pcomm, e->nodename, e->pns, e->root_pns);
- if (e->type & (CREATFILE | DELFILE | SETFILEATTR | WRITEFILE | READFILE))
+ if (e->type & (CREATEFILE | DELFILE | SETFILEATTR | WRITEFILE | READFILE))
printf(" filename:%s", e->file_info.filename);
printf(" exit_code: %u\n", e->process_info.exit_code);
return 0;
diff --git a/observer_agent/service/ebpf_converter.cpp b/observer_agent/service/ebpf_converter.cpp
index 27a2e37..4d8d8ba 100644
--- a/observer_agent/service/ebpf_converter.cpp
+++ b/observer_agent/service/ebpf_converter.cpp
@@ -158,7 +158,7 @@ static std::map<int, convert_func_t> convert_funcs = {
{CREATPROCESS, convert_creat_process},
{DESTROYPROCESS, convert_destroy_process},
{SETPROCESSATTR, convert_set_process_attr},
- {CREATFILE, convert_common_file},
+ {CREATEFILE, convert_common_file},
{DELFILE, convert_common_file},
{SETFILEATTR, convert_set_file_attr},
{WRITEFILE, convert_common_file},
--
2.33.0

33
Backport-creatfile-check-op-intent-value.patch Normal file
View File

@ -0,0 +1,33 @@
From b3108cabb7ff97f8bb8b8398842cb2e8c623664c Mon Sep 17 00:00:00 2001
From: zgzxx <zhangguangzhi3@huawei.com>
Date: Wed, 6 Dec 2023 16:13:13 +0800
Subject: creatfile check op intent value
---
observer_agent/ebpf/file_ebpf/file_fentry.bpf.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/observer_agent/ebpf/file_ebpf/file_fentry.bpf.c b/observer_agent/ebpf/file_ebpf/file_fentry.bpf.c
index 7afb7e2..f4e7e44 100644
--- a/observer_agent/ebpf/file_ebpf/file_fentry.bpf.c
+++ b/observer_agent/ebpf/file_ebpf/file_fentry.bpf.c
@@ -12,6 +12,7 @@
#define S_ISREG(m) (((m) & S_IFMT) == S_IFREG)
#define O_CREAT 100
+#define LOOKUP_CREATE 0x0200
char LICENSE[] SEC("license") = "Dual BSD/GPL";
@@ -107,7 +108,7 @@ int BPF_PROG(do_filp_open_exit, int dfd, struct filename *pathname, const struct
struct ebpf_event *e = NULL;
RETURN_ZERO_IF_OURSELF();
- if (op && !(op->open_flag & O_CREAT))
+ if (op && (!(op->open_flag & O_CREAT) || !(op->intent & LOOKUP_CREATE)))
return 0;
if (!S_ISREG(ret_file->f_inode->i_mode))
return 0;
--
2.33.0

268
Backport-fix-6.x-kernel-compile-error.patch Normal file
View File

@ -0,0 +1,268 @@
From 0583e13c466bf0be32ccbfbb854e4aff41fb32ff Mon Sep 17 00:00:00 2001
From: hurricane618 <hurricane618@hotmail.com>
Date: Mon, 19 Feb 2024 23:31:59 +0800
Subject: [PATCH] fix 6.x kernel compile error
---
kerneldriver/cases/Makefile | 2 +
.../secDetector_mc_kmodule_baseline.c | 5 ++
.../secDetector_program_action.c | 41 +++++++++++++
.../response_unit/secDetector_ringbuffer.c | 12 +++-
observer_agent/CMakeLists.txt | 4 +-
observer_agent/grpc_comm/Makefile | 59 +------------------
6 files changed, 63 insertions(+), 60 deletions(-)
diff --git a/kerneldriver/cases/Makefile b/kerneldriver/cases/Makefile
index 5a94e50..146fbee 100644
--- a/kerneldriver/cases/Makefile
+++ b/kerneldriver/cases/Makefile
@@ -26,8 +26,10 @@ ifndef KDIR
KDIR=$(KERNEL_SRC)
endif
+ifneq ($(VERSION), 6)
KBUILD_EXTRA_SYMBOLS += $(PWD)/../core/Module.symvers
export KBUILD_EXTRA_SYMBOLS
+endif
all:
$(MAKE) -C $(KERNEL_SRC) M=$(PWD) modules KCPPFLAGS="${cflags-y}"
diff --git a/kerneldriver/cases/kmodule_baseline/secDetector_mc_kmodule_baseline.c b/kerneldriver/cases/kmodule_baseline/secDetector_mc_kmodule_baseline.c
index 9a051ca..b799f9f 100644
--- a/kerneldriver/cases/kmodule_baseline/secDetector_mc_kmodule_baseline.c
+++ b/kerneldriver/cases/kmodule_baseline/secDetector_mc_kmodule_baseline.c
@@ -10,6 +10,7 @@
#include <linux/list.h>
#include <linux/spinlock.h>
#include <linux/slab.h>
+#include <linux/version.h>
#include <time.h>
#include "secDetector_mc_kmodule_baseline.h"
#include "secDetector_response.h"
@@ -123,7 +124,9 @@ void check_kmodule_baseline(void)
if (module_kset == NULL)
return;
+#if LINUX_VERSION_CODE < KERNEL_VERSION(6, 0, 0)
mutex_lock(&module_mutex);
+#endif
spin_lock(&module_kset->list_lock);
list_for_each_entry(k, &module_kset->list, entry) {
if (k->name == NULL)
@@ -137,7 +140,9 @@ void check_kmodule_baseline(void)
break;
}
spin_unlock(&module_kset->list_lock);
+#if LINUX_VERSION_CODE < KERNEL_VERSION(6, 0, 0)
mutex_unlock(&module_mutex);
+#endif
report_kmodule_baseline();
free_kmodule_baseline();
diff --git a/kerneldriver/cases/program_action/secDetector_program_action.c b/kerneldriver/cases/program_action/secDetector_program_action.c
index f571c08..facd3b2 100644
--- a/kerneldriver/cases/program_action/secDetector_program_action.c
+++ b/kerneldriver/cases/program_action/secDetector_program_action.c
@@ -38,6 +38,7 @@
#include <linux/ctype.h>
#include <linux/cred.h>
#include <linux/kthread.h>
+#include <linux/version.h>
#include <string.h>
#include "secDetector_manager.h"
@@ -84,6 +85,46 @@ struct process_info {
int umask;
};
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 0, 0)
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 7, 0)
+struct file *get_mm_exe_file(struct mm_struct *mm)
+{
+ struct file *exe_file;
+
+ rcu_read_lock();
+ exe_file = get_file_rcu(&mm->exe_file);
+ rcu_read_unlock();
+ return exe_file;
+}
+#else
+struct file *get_mm_exe_file(struct mm_struct *mm)
+{
+ struct file *exe_file;
+
+ rcu_read_lock();
+ exe_file = rcu_dereference(mm->exe_file);
+ if (exe_file && !get_file_rcu(exe_file))
+ exe_file = NULL;
+ rcu_read_unlock();
+ return exe_file;
+}
+#endif
+struct file *get_task_exe_file(struct task_struct *task)
+{
+ struct file *exe_file = NULL;
+ struct mm_struct *mm;
+
+ spin_lock(&task->alloc_lock);
+ mm = task->mm;
+ if (mm) {
+ if (!(task->flags & PF_KTHREAD))
+ exe_file = get_mm_exe_file(mm);
+ }
+ spin_unlock(&task->alloc_lock);
+ return exe_file;
+}
+#endif
+
char *get_process_path(struct task_struct *p, char *pathname, int len)
{
char *process_path = NULL;
diff --git a/kerneldriver/core/response_unit/secDetector_ringbuffer.c b/kerneldriver/core/response_unit/secDetector_ringbuffer.c
index b367d74..27e8640 100644
--- a/kerneldriver/core/response_unit/secDetector_ringbuffer.c
+++ b/kerneldriver/core/response_unit/secDetector_ringbuffer.c
@@ -17,6 +17,7 @@
#include <linux/module.h>
#include <linux/kmemleak.h>
#include <linux/fs.h>
+#include <linux/version.h>
static unsigned long rb_datasz;
static unsigned long rb_mask;
@@ -287,7 +288,11 @@ static int ringbuffer_mmap(struct file *flip, struct vm_area_struct *vma)
vma->vm_end - vma->vm_start != PAGE_SIZE)
return -EPERM;
} else {
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 0, 0)
+ vm_flags_clear(vma, VM_MAYWRITE);
+#else
vma->vm_flags &= ~VM_MAYWRITE;
+#endif
}
/* remap_vmalloc_range() checks size and offset */
return remap_vmalloc_range(vma, g_rb, vma->vm_pgoff + RINGBUF_PGOFF);
@@ -366,8 +371,11 @@ int __init secDetector_ringbuf_dev_init(unsigned int rb_sz)
ret = major;
goto error_free;
}
-
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 0, 0)
+ class = class_create(MODULE_DEVICE);
+#else
class = class_create(THIS_MODULE, MODULE_DEVICE);
+#endif
if (IS_ERR(class)) {
ret = PTR_ERR(class);
goto error_class_create;
@@ -398,4 +406,4 @@ void __exit secDetector_ringbuf_dev_exit(void)
class_destroy(class);
unregister_chrdev(major, MODULE_DEVICE);
ringbuf_free(g_rb);
-}
\ No newline at end of file
+}
diff --git a/observer_agent/CMakeLists.txt b/observer_agent/CMakeLists.txt
index f110b49..297fcc0 100644
--- a/observer_agent/CMakeLists.txt
+++ b/observer_agent/CMakeLists.txt
@@ -1,7 +1,7 @@
cmake_minimum_required(VERSION 3.22)
add_subdirectory(ebpf)
-set(CMAKE_CXX_STANDARD 11)
+set(CMAKE_CXX_STANDARD 17)
project(observer_agent VERSION 1.0 LANGUAGES CXX)
set(GRPC_PATH ${CMAKE_CURRENT_SOURCE_DIR}/grpc_comm)
add_custom_target(grpc_demo ALL
@@ -16,5 +16,5 @@ target_include_directories(secDetectord PUBLIC service grpc_comm ${CMAKE_SOURCE_
target_link_libraries(secDetectord ${CMAKE_CURRENT_BINARY_DIR}/ebpf/.output/fentry.o)
target_link_libraries(secDetectord ${CMAKE_CURRENT_BINARY_DIR}/ebpf/file_ebpf/.output/file_fentry.o)
target_link_libraries(secDetectord ${GRPC_PATH}/comm_api.pb.o ${GRPC_PATH}/comm_api.grpc.pb.o)
-target_link_libraries(secDetectord protobuf grpc++ grpc absl_synchronization uuid)
+target_link_libraries(secDetectord protobuf grpc++ grpc absl_synchronization absl_log_internal_message absl_log_internal_check_op absl_cord absl_cordz_info absl_cordz_functions absl_cordz_handle gpr uuid)
target_link_libraries(secDetectord z elf bpf)
diff --git a/observer_agent/grpc_comm/Makefile b/observer_agent/grpc_comm/Makefile
index 3c87ad8..0556a16 100644
--- a/observer_agent/grpc_comm/Makefile
+++ b/observer_agent/grpc_comm/Makefile
@@ -17,8 +17,8 @@
HOST_SYSTEM = $(shell uname | cut -f 1 -d_)
SYSTEM ?= $(HOST_SYSTEM)
CXX = g++
-CPPFLAGS += `pkg-config --cflags protobuf grpc`
-CXXFLAGS += -std=c++11 -fPIC
+CPPFLAGS += `pkg-config --cflags protobuf grpc` -std=c++17
+CXXFLAGS += -fPIC
ifeq ($(SYSTEM),Darwin)
LDFLAGS += -L/usr/local/lib `pkg-config --libs protobuf grpc++`\
-pthread\
@@ -38,7 +38,7 @@ PROTOS_PATH = ./protos
vpath %.proto $(PROTOS_PATH)
-all: system-check client_pub_demo client_sub_demo server_demo
+all: client_pub_demo client_sub_demo server_demo
client_pub_demo: comm_api.pb.o comm_api.grpc.pb.o client.o client_pub_demo.o
$(CXX) $^ $(LDFLAGS) -o $@
@@ -58,56 +58,3 @@ server_demo: comm_api.pb.o comm_api.grpc.pb.o server.o server_demo.o
clean:
rm -f *.o *.pb.cc *.pb.h server_demo client_sub_demo client_pub_demo
-
-# The following is to test your system and ensure a smoother experience.
-# They are by no means necessary to actually compile a grpc-enabled software.
-
-PROTOC_CMD = which $(PROTOC)
-PROTOC_CHECK_CMD = $(PROTOC) --version | grep -q libprotoc.3
-PLUGIN_CHECK_CMD = which $(GRPC_CPP_PLUGIN)
-HAS_PROTOC = $(shell $(PROTOC_CMD) > /dev/null && echo true || echo false)
-ifeq ($(HAS_PROTOC),true)
-HAS_VALID_PROTOC = $(shell $(PROTOC_CHECK_CMD) 2> /dev/null && echo true || echo false)
-endif
-HAS_PLUGIN = $(shell $(PLUGIN_CHECK_CMD) > /dev/null && echo true || echo false)
-
-SYSTEM_OK = false
-ifeq ($(HAS_VALID_PROTOC),true)
-ifeq ($(HAS_PLUGIN),true)
-SYSTEM_OK = true
-endif
-endif
-
-system-check:
-ifneq ($(HAS_VALID_PROTOC),true)
- @echo " DEPENDENCY ERROR"
- @echo
- @echo "You don't have protoc 3.0.0 installed in your path."
- @echo "Please install Google protocol buffers 3.0.0 and its compiler."
- @echo "You can find it here:"
- @echo
- @echo " https://github.com/protocolbuffers/protobuf/releases/tag/v3.0.0"
- @echo
- @echo "Here is what I get when trying to evaluate your version of protoc:"
- @echo
- -$(PROTOC) --version
- @echo
- @echo
-endif
-ifneq ($(HAS_PLUGIN),true)
- @echo " DEPENDENCY ERROR"
- @echo
- @echo "You don't have the grpc c++ protobuf plugin installed in your path."
- @echo "Please install grpc. You can find it here:"
- @echo
- @echo " https://github.com/grpc/grpc"
- @echo
- @echo "Here is what I get when trying to detect if you have the plugin:"
- @echo
- -which $(GRPC_CPP_PLUGIN)
- @echo
- @echo
-endif
-ifneq ($(SYSTEM_OK),true)
- @false
-endif
--
2.21.0

63
Backport-fix-invalid-TUF-8-data-in-memory-corruption-module.patch Normal file
View File

@ -0,0 +1,63 @@
From b1a7122cfd360a9a3012555bc7e5821e1fbe7a34 Mon Sep 17 00:00:00 2001
From: yieux <yangxy79315@sina.com>
Date: Thu, 14 Dec 2023 17:02:34 +0800
Subject: [PATCH 4/4] fix invalid TUF-8 data in memory corruption module
---
.../analyze_unit/secDetector_save_check.c | 22 +++++++++----------
1 file changed, 11 insertions(+), 11 deletions(-)
diff --git a/kerneldriver/core/analyze_unit/secDetector_save_check.c b/kerneldriver/core/analyze_unit/secDetector_save_check.c
index 72c4948..0ab40ce 100644
--- a/kerneldriver/core/analyze_unit/secDetector_save_check.c
+++ b/kerneldriver/core/analyze_unit/secDetector_save_check.c
@@ -124,25 +124,25 @@ static int analyze_save_check_normal(struct list_head *collect_data_list, analyz
break;
}
if (measure_value != analyze_status_data->sc_data.data[data_index]) {
- pr_debug("[save_check]%s: original: %llx; now: %llx.!\n",
+ pr_debug("[save_check]%s: original: %lld; now: %lld.!\n",
cd->name, analyze_status_data->sc_data.data[data_index], measure_value);
- response_arrays[response_array_index] = kmalloc(strlen(cd->name) + REPORT_MORE_CHAR_LEN, GFP_KERNEL);
+ response_arrays[response_array_index] = kzalloc(strlen(cd->name) + REPORT_MORE_CHAR_LEN, GFP_KERNEL);
if (response_arrays[response_array_index] == NULL) {
- pr_err("kmalloc failed");
+ pr_err("kzalloc failed");
ret = -ENOMEM;
goto end;
}
- strcpy(response_arrays[response_array_index], "[save_check]");
+ strcpy(response_arrays[response_array_index], " secswitch_name=");
//应该有 workflow的名字
strncat(response_arrays[response_array_index], cd->name, strlen(cd->name));
- strcat(response_arrays[response_array_index],": original: ");
- sprintf(int_str, "%llx", analyze_status_data->sc_data.data[data_index]);
+ strcat(response_arrays[response_array_index]," old_value=");
+ sprintf(int_str, "%lld", analyze_status_data->sc_data.data[data_index]);
strncat(response_arrays[response_array_index], int_str, strlen(int_str));
- strcat(response_arrays[response_array_index],"; now: ");
- sprintf(int_str, "%llx", measure_value);
+ strcat(response_arrays[response_array_index]," new_value=");
+ sprintf(int_str, "%lld", measure_value);
strncat(response_arrays[response_array_index], int_str, strlen(int_str));
- strcat(response_arrays[response_array_index],".!\n");
+ strcat(response_arrays[response_array_index],".\n");
response_data_char_len += strlen(response_arrays[response_array_index]);
ret = RESPONSE_REPORT;
@@ -156,9 +156,9 @@ static int analyze_save_check_normal(struct list_head *collect_data_list, analyz
timestamp_len = get_timestamp_str(&timestamp);
response_data->report_data.type = event_type;
response_data->report_data.len = response_data_char_len + timestamp_len;
- response_data->report_data.text = kmalloc(response_data->report_data.len + 1, GFP_KERNEL);
+ response_data->report_data.text = kzalloc(response_data->report_data.len + 1, GFP_KERNEL);
if (response_data->report_data.text == NULL) {
- pr_err("kmalloc failed");
+ pr_err("kzalloc failed");
ret = -ENOMEM;
goto end;
}
--
2.33.0

64
Backport-fix-memory-leak-in-program_action.patch Normal file
View File

@ -0,0 +1,64 @@
From aaed2290507cac0878c93aa550664875d5875a6b Mon Sep 17 00:00:00 2001
From: hurricane618 <hurricane618@hotmail.com>
Date: Wed, 20 Dec 2023 20:17:33 +0800
Subject: [PATCH] fix memory leak in program_action
1. free path data
2. free pi in error branch
Signed-off-by: hurricane618 <hurricane618@hotmail.com>
---
.../cases/program_action/secDetector_program_action.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/kerneldriver/cases/program_action/secDetector_program_action.c b/kerneldriver/cases/program_action/secDetector_program_action.c
index 1f0749a..f571c08 100644
--- a/kerneldriver/cases/program_action/secDetector_program_action.c
+++ b/kerneldriver/cases/program_action/secDetector_program_action.c
@@ -177,6 +177,9 @@ static struct process_info *get_common_process_info(struct task_struct *tsk, str
if (get_task_root(tsk, &root) == 0) {
pi->root = d_path(&root, pi->rootbuf, PATH_LEN);
}
+
+ path_put(&root);
+
if (IS_ERR_OR_NULL(pi->root)) {
pi->root = "invalid";
}
@@ -184,6 +187,9 @@ static struct process_info *get_common_process_info(struct task_struct *tsk, str
if (get_task_cwd(tsk, &cwd) == 0) {
pi->cwd = d_path(&cwd, pi->cwdbuf, PATH_LEN);
}
+
+ path_put(&cwd);
+
if (IS_ERR_OR_NULL(pi->cwd)) {
pi->cwd = "invalid";
}
@@ -258,6 +264,7 @@ static int ptrace_attach_pre_handler(struct secDetector_workflow *wf,
#endif
if (!attach_task) {
pr_err("ptrace_attach input task_struct error or arch don't support\n");
+ put_common_process_info(pi);
return 0;
}
@@ -269,6 +276,7 @@ static int ptrace_attach_pre_handler(struct secDetector_workflow *wf,
if (!log.report_data.text) {
pr_err("log.report_data.text kzalloc failed!\n");
kfree(timestamp);
+ put_common_process_info(pi);
return 0;
}
snprintf(log.report_data.text, BUF_SIZE,
@@ -304,6 +312,7 @@ static int do_pipe2_pre_handler(struct secDetector_workflow *wf,
if (!log.report_data.text) {
pr_err("log.report_data.text kzalloc failed!\n");
kfree(timestamp);
+ put_common_process_info(pi);
return 0;
}
snprintf(log.report_data.text, BUF_SIZE,
--
2.33.0

65
Backport-fix-the-memory-leak-in-collect-unit.patch Normal file
View File

@ -0,0 +1,65 @@
From fb0b9eeccc697b2b8935ed5a643ef30efaad19f7 Mon Sep 17 00:00:00 2001
From: yieux <yangxy79315@sina.com>
Date: Mon, 18 Dec 2023 09:28:15 +0800
Subject: [PATCH] fix the memory leak in collect unit
---
.../core/analyze_unit/secDetector_save_check.c | 13 +++++++------
.../core/collect_unit/secDetector_collect.c | 1 +
2 files changed, 8 insertions(+), 6 deletions(-)
diff --git a/kerneldriver/core/analyze_unit/secDetector_save_check.c b/kerneldriver/core/analyze_unit/secDetector_save_check.c
index 0ab40ce..4a5f689 100644
--- a/kerneldriver/core/analyze_unit/secDetector_save_check.c
+++ b/kerneldriver/core/analyze_unit/secDetector_save_check.c
@@ -124,7 +124,7 @@ static int analyze_save_check_normal(struct list_head *collect_data_list, analyz
break;
}
if (measure_value != analyze_status_data->sc_data.data[data_index]) {
- pr_debug("[save_check]%s: original: %lld; now: %lld.!\n",
+ pr_warn("[save_check]%s: original: %llu; now: %llu.!\n",
cd->name, analyze_status_data->sc_data.data[data_index], measure_value);
response_arrays[response_array_index] = kzalloc(strlen(cd->name) + REPORT_MORE_CHAR_LEN, GFP_KERNEL);
if (response_arrays[response_array_index] == NULL) {
@@ -136,13 +136,13 @@ static int analyze_save_check_normal(struct list_head *collect_data_list, analyz
strcpy(response_arrays[response_array_index], " secswitch_name=");
//应该有 workflow的名字
strncat(response_arrays[response_array_index], cd->name, strlen(cd->name));
- strcat(response_arrays[response_array_index]," old_value=");
- sprintf(int_str, "%lld", analyze_status_data->sc_data.data[data_index]);
+ strcat(response_arrays[response_array_index], " old_value=");
+ sprintf(int_str, "%llu", analyze_status_data->sc_data.data[data_index]);
strncat(response_arrays[response_array_index], int_str, strlen(int_str));
- strcat(response_arrays[response_array_index]," new_value=");
- sprintf(int_str, "%lld", measure_value);
+ strcat(response_arrays[response_array_index], " new_value=");
+ sprintf(int_str, "%llu", measure_value);
strncat(response_arrays[response_array_index], int_str, strlen(int_str));
- strcat(response_arrays[response_array_index],".\n");
+ strcat(response_arrays[response_array_index], ".");
response_data_char_len += strlen(response_arrays[response_array_index]);
ret = RESPONSE_REPORT;
@@ -168,6 +168,7 @@ static int analyze_save_check_normal(struct list_head *collect_data_list, analyz
}
for (i = 0; i < response_array_index; i++)
strncat(response_data->report_data.text, response_arrays[i], strlen(response_arrays[i]));
+ strcat(response_data->report_data.text, "\n");
}
end:
for (i = 0; i < response_array_index; i++)
diff --git a/kerneldriver/core/collect_unit/secDetector_collect.c b/kerneldriver/core/collect_unit/secDetector_collect.c
index c04dd33..2240577 100644
--- a/kerneldriver/core/collect_unit/secDetector_collect.c
+++ b/kerneldriver/core/collect_unit/secDetector_collect.c
@@ -32,6 +32,7 @@ struct collect_data *init_collect_data(const char *name)
cd->name = kmalloc(nl + 1, GFP_KERNEL);
if (cd->name == NULL) {
pr_err("kmalloc failed");
+ kfree(cd);
return NULL;
}
strncpy(cd->name, name, nl);
--
2.33.0

265
Backport-grpc-fix-coredump-in-Publish.patch Normal file
View File

@ -0,0 +1,265 @@
From 8dd0f6984ef002e30f3d7aa133a1a439fc5d0f95 Mon Sep 17 00:00:00 2001
From: chenjingwen <lhchenjw@gmail.com>
Date: Thu, 14 Dec 2023 21:55:10 +0800
Subject: [PATCH] grpc: fix coredump in Publish
fix coredump in Publish
Signed-off-by: chenjingwen <lhchenjw@gmail.com>
---
observer_agent/grpc_comm/server.cpp | 165 +++++++++++-----------------
1 file changed, 62 insertions(+), 103 deletions(-)
diff --git a/observer_agent/grpc_comm/server.cpp b/observer_agent/grpc_comm/server.cpp
index 938d09c..b858853 100644
--- a/observer_agent/grpc_comm/server.cpp
+++ b/observer_agent/grpc_comm/server.cpp
@@ -33,16 +33,21 @@ using grpc::ServerWriter;
static bool killed = false;
+class Subscribers {
+public:
+ int topic;
+ ServerWriter<Message> *writer;
+
+ Subscribers(int t, ServerWriter<Message> *w) : topic(t), writer(w) {}
+ Subscribers() : topic(0), writer(nullptr) {}
+};
+
class PubSubServiceImpl final : public SubManager::Service
{
public:
void CloseAllConnection(void)
{
- std::lock_guard<std::mutex> lk(wait_mutex);
-
- for (int i = 0; i < MAX_CONNECTION; i++) {
- connect_status[i] = false;
- }
+ std::lock_guard<std::mutex> lk(wait_mutex);
killed = true;
cv.notify_all();
@@ -55,50 +60,21 @@ class PubSubServiceImpl final : public SubManager::Service
std::string cli_name = request->sub_name();
Message msg;
Message keepalive_msg;
- int i = 0, tmp_index;
+ sub_mutex.lock();
if (connection_num >= MAX_CONNECTION) {
msg.set_text("over max connection number!");
- if (!writer->Write(msg))
- {
- std::cerr << "Failed to write the initial message" << std::endl;
- return grpc::Status(grpc::StatusCode::INTERNAL, "Failed to write the message");
- }
- return grpc::Status(grpc::StatusCode::INTERNAL, "over max connection number, Failed to Subscribe the topic");
- }
-
- for (auto iter = suber_topic_[cli_name].begin(); iter != suber_topic_[cli_name].end(); iter++)
- {
- if ((*iter & cli_topic) != 0)
- {
- msg.set_text("this client name already subscribe the topic");
- if (!writer->Write(msg))
- {
- std::cerr << "Failed to write the initial message" << std::endl;
- return grpc::Status(grpc::StatusCode::INTERNAL, "Failed to write the message");
- }
- return grpc::Status(grpc::StatusCode::INTERNAL, "this client name already subscribe the topic");
- }
- }
-
- sub_mutex.lock();
-
- for (tmp_index = 0; tmp_index < MAX_CONNECTION; tmp_index++)
- {
- if (!connect_status[tmp_index])
- break;
+ writer->Write(msg);
+ sub_mutex.unlock();
+ return grpc::Status(grpc::StatusCode::INTERNAL, "over max connection number");
}
- if (tmp_index == MAX_CONNECTION)
- {
+ auto iter = suber_topic_.find(cli_name);
+ if (iter != suber_topic_.end()) {
+ msg.set_text("this client name already subscribe the topic");
+ writer->Write(msg);
sub_mutex.unlock();
- msg.set_text("multi-process max connection number!");
- if (!writer->Write(msg))
- {
- std::cerr << "Failed to write the initial message" << std::endl;
- return grpc::Status(grpc::StatusCode::INTERNAL, "Failed to write the message");
- }
- return grpc::Status(grpc::StatusCode::INTERNAL, "multi-process max connection number, Failed to Subscribe the topic");
+ return grpc::Status(grpc::StatusCode::INTERNAL, "this client name already subscribe the topic");
}
msg.set_text("topic: " + std::to_string(cli_topic) + " Subscribe success!");
@@ -109,65 +85,50 @@ class PubSubServiceImpl final : public SubManager::Service
return grpc::Status(grpc::StatusCode::INTERNAL, "Failed to write the message");
}
- suber_topic_[cli_name].push_back(cli_topic);
- suber_writer_[cli_name].push_back(writer);
- suber_connection_[cli_name].push_back(tmp_index);
- connect_status[tmp_index] = true;
+ std::cout << "Subscribe " << cli_name << " ok" << std::endl;
+ suber_topic_[cli_name] = Subscribers(cli_topic, writer);
connection_num++;
-
sub_mutex.unlock();
- keepalive_msg.set_text("keepalive");
- while (connect_status[tmp_index])
+ /* loop until connot write */
+ while (!killed)
{
- if (!writer->Write(keepalive_msg))
- {
- for (auto topic_item : suber_topic_[cli_name])
- {
- if (topic_item == cli_topic)
- {
- sub_mutex.lock();
- suber_topic_[cli_name].erase(suber_topic_[cli_name].begin() + i);
- suber_writer_[cli_name].erase(suber_writer_[cli_name].begin() + i);
- connect_status[suber_connection_[cli_name].at(i)] = false;
- suber_connection_[cli_name].erase(suber_connection_[cli_name].begin() + i);
- connection_num--;
- sub_mutex.unlock();
- break;
- }
- i++;
- }
+ sub_mutex.lock();
+ if (suber_topic_.count(cli_name) == 0) {
+ sub_mutex.unlock();
+ return grpc::Status::OK;
+ }
+
+ keepalive_msg.set_text("keepalive");
+ if (!writer->Write(keepalive_msg)) {
+ DeleteSubscriberByCliName(cli_name);
+ sub_mutex.unlock();
return grpc::Status(grpc::StatusCode::INTERNAL, "writer is lose!");
}
+ sub_mutex.unlock();
WaitKeeplive();
}
+
+ std::cout << cli_name << " is dead" << std::endl;
return grpc::Status::OK;
}
grpc::Status Publish(ServerContext *context, const PublishRequest *request, Message *response) override
{
+ std::lock_guard<std::mutex> lock(sub_mutex);
int cli_topic = request->topic();
std::string cli_data = request->data();
- int i = 0;
Message msg;
msg.set_text(cli_data);
for (auto iter = suber_topic_.begin(); iter != suber_topic_.end(); iter++)
{
- i = 0;
- for (auto topic_item : iter->second)
- {
- if ((topic_item & cli_topic) != 0)
- {
- auto &subscriber = suber_writer_[iter->first][i];
- if (!subscriber->Write(msg))
- {
- std::cerr << "Failed to write to a subscriber" << std::endl;
- return grpc::Status(grpc::StatusCode::INTERNAL, "Failed to write the message");
- }
- break;
+ Subscribers subscriber = iter->second;
+ if ((subscriber.topic & cli_topic) != 0) {
+ if (!subscriber.writer->Write(msg)) {
+ std::cerr << "Failed to write to a subscriber: " << iter->first << std::endl;
+ return grpc::Status(grpc::StatusCode::INTERNAL, "Failed to write the message");
}
- i++;
}
}
@@ -177,8 +138,7 @@ class PubSubServiceImpl final : public SubManager::Service
grpc::Status UnSubscribe(ServerContext *context, const UnSubscribeRequest *request, Message *response) override
{
std::string cli_name = request->sub_name();
- int i = 0;
- int unsub_flag = 0;
+ std::lock_guard<std::mutex> lock(sub_mutex);
if (connection_num <= 0) {
response->set_text("connection_num <= 0, don't UnSubscribe!");
@@ -186,20 +146,7 @@ class PubSubServiceImpl final : public SubManager::Service
return grpc::Status(grpc::StatusCode::INTERNAL, "connection_num <= 0, Failed to UnSubscribe topic!");
}
- std::lock_guard<std::mutex> lock(sub_mutex);
-
- std::unordered_map<std::string, std::vector<int>>::iterator iter = suber_topic_.find(cli_name);
- if (iter != suber_topic_.end())
- {
- suber_topic_[cli_name].erase(suber_topic_[cli_name].begin() + i);
- suber_writer_[cli_name].erase(suber_writer_[cli_name].begin() + i);
- connect_status[suber_connection_[cli_name].at(i)] = false;
- suber_connection_[cli_name].erase(suber_connection_[cli_name].begin() + i);
- connection_num--;
- unsub_flag = 1;
- }
-
- if (!unsub_flag)
+ if (!DeleteSubscriberByCliName(cli_name))
{
response->set_text("don't exist the reader");
return grpc::Status(grpc::StatusCode::INTERNAL, "Failed to UnSubscribe reader!");
@@ -209,19 +156,31 @@ class PubSubServiceImpl final : public SubManager::Service
}
private:
- std::unordered_map<std::string, std::vector<int>> suber_topic_;
- std::unordered_map<std::string, std::vector<ServerWriter<Message> *>> suber_writer_;
- std::unordered_map<std::string, std::vector<int>> suber_connection_;
+ std::unordered_map<std::string, Subscribers> suber_topic_;
std::mutex sub_mutex;
std::mutex wait_mutex;
std::condition_variable cv;
int connection_num = 0;
- bool connect_status[MAX_CONNECTION] = {false};
void WaitKeeplive(void)
{
- std::unique_lock<std::mutex> lk(wait_mutex);
- cv.wait_for(lk, std::chrono::seconds(CHECK_TIME), []{ return killed; });
+ std::unique_lock<std::mutex> lk(wait_mutex);
+ cv.wait_for(lk, std::chrono::seconds(CHECK_TIME), []{ return killed; });
+ }
+
+ /* Must called with sub_mutex */
+ bool DeleteSubscriberByCliName(std::string &cli_name)
+ {
+ bool exist = false;
+ std::cout << "UnSubscribe " << cli_name << " ok" << std::endl;
+
+ auto it = suber_topic_.find(cli_name);
+ if (it != suber_topic_.end()) {
+ suber_topic_.erase(it);
+ connection_num--;
+ exist = true;
+ }
+ return exist;
}
};
--
2.33.0

224
Backport-modify-for-code-review.patch Normal file
View File

@ -0,0 +1,224 @@
From ea375b56fb92a954fcf16901773b3b8442128a5c Mon Sep 17 00:00:00 2001
From: zgzxx <zhangguangzhi3@huawei.com>
Date: Wed, 13 Dec 2023 15:34:53 +0800
Subject: [PATCH 2/4] modify for code review
---
.../cases/file_block/secDetector_file_block.c | 16 ++++++++--------
.../secDetector_kmodule_baseline.c | 5 ++++-
.../secDetector_mc_kmodule_baseline.c | 4 ++--
.../cases/task_block/secDetector_task_block.c | 16 ++++++++--------
.../core/analyze_unit/secDetector_analyze.c | 4 ++--
kerneldriver/core/secDetector_manager.c | 4 +++-
lib/secDetector_sdk.cpp | 6 +++---
7 files changed, 30 insertions(+), 25 deletions(-)
diff --git a/kerneldriver/cases/file_block/secDetector_file_block.c b/kerneldriver/cases/file_block/secDetector_file_block.c
index 7e0963d..b4972ee 100644
--- a/kerneldriver/cases/file_block/secDetector_file_block.c
+++ b/kerneldriver/cases/file_block/secDetector_file_block.c
@@ -35,7 +35,7 @@ static int file_write_check(struct secDetector_workflow *wf, struct file *file)
char *pathname = NULL;
response_data_t log;
bool matched = false;
- struct file_block_rules_item *item;
+ struct file_block_rules_item *item = NULL;
int ret = 0;
buf = kzalloc(BUF_SIZE, GFP_ATOMIC);
@@ -87,7 +87,7 @@ static struct secDetector_workflow workflow_array[] = {
static int proc_show(struct seq_file *m, void *v)
{
- struct file_block_rules_item *item;
+ struct file_block_rules_item *item = NULL;
mutex_lock(&rules_mutex);
list_for_each_entry (item, &file_block_rule_list, list) {
@@ -104,8 +104,8 @@ static int proc_open(struct inode *inode, struct file *file)
static void clear_file_rule_list(void)
{
- struct file_block_rules_item *item;
- struct file_block_rules_item *tmp;
+ struct file_block_rules_item *item = NULL;
+ struct file_block_rules_item *tmp = NULL;
mutex_lock(&rules_mutex);
list_for_each_entry_safe (item, tmp, &file_block_rule_list, list) {
@@ -121,10 +121,10 @@ static void clear_file_rule_list(void)
static ssize_t proc_write(struct file *file, const char __user *buffer,
size_t len, loff_t *offset)
{
- char *data;
- char *str;
- char *rule;
- struct file_block_rules_item *item;
+ char *data = NULL;
+ char *str = NULL;
+ char *rule = NULL;
+ struct file_block_rules_item *item = NULL;
ssize_t r = -EINVAL;
data = memdup_user_nul(buffer, len);
diff --git a/kerneldriver/cases/kmodule_baseline/secDetector_kmodule_baseline.c b/kerneldriver/cases/kmodule_baseline/secDetector_kmodule_baseline.c
index 85411c0..4f59c14 100644
--- a/kerneldriver/cases/kmodule_baseline/secDetector_kmodule_baseline.c
+++ b/kerneldriver/cases/kmodule_baseline/secDetector_kmodule_baseline.c
@@ -17,7 +17,10 @@ DEFINE_MUTEX(case_kmodule_mutex);
static void check_watching_kmodule(void)
{
- mutex_lock(&case_kmodule_mutex);
+ if (mutex_trylock(&case_kmodule_mutex) == 0) {
+ pr_warn("[secDetector case kmodule baseline] check cann't getlock, ret\n");
+ return;
+ }
check_kmodule_baseline();
mutex_unlock(&case_kmodule_mutex);
}
diff --git a/kerneldriver/cases/kmodule_baseline/secDetector_mc_kmodule_baseline.c b/kerneldriver/cases/kmodule_baseline/secDetector_mc_kmodule_baseline.c
index cff1ff5..9a051ca 100644
--- a/kerneldriver/cases/kmodule_baseline/secDetector_mc_kmodule_baseline.c
+++ b/kerneldriver/cases/kmodule_baseline/secDetector_mc_kmodule_baseline.c
@@ -43,7 +43,7 @@ static int add_kmodule_baseline_name(const char *name)
return -1;
}
- name_len = strlen(name) < NAME_LEN ? strlen(name) : NAME_LEN;
+ name_len = strlen(name) < NAME_LEN ? strlen(name) : NAME_LEN - 1;
memcpy(module->module_name, name, name_len);
list_add(&module->list, &chkrkatt_module_list);
return 0;
@@ -86,7 +86,7 @@ static void report_kmodule_baseline(void)
list_for_each_entry_safe(get_module_name, get_module_name_next, &chkrkatt_module_list, list) {
if (get_module_name != NULL && get_module_name_next != NULL) {
/* 2: ', ' */
- if(sizeof(module_name_all) + sizeof(get_module_name->module_name) < NAME_LEN - 2 - header_msg_len) {
+ if(strlen(module_name_all) + strlen(get_module_name->module_name) < NAME_LEN - 2 - header_msg_len) {
strcat(module_name_all, get_module_name->module_name);
strcat(module_name_all, strtmp);
}
diff --git a/kerneldriver/cases/task_block/secDetector_task_block.c b/kerneldriver/cases/task_block/secDetector_task_block.c
index 94859e4..a46c5f5 100644
--- a/kerneldriver/cases/task_block/secDetector_task_block.c
+++ b/kerneldriver/cases/task_block/secDetector_task_block.c
@@ -37,7 +37,7 @@ static int task_bprm_check(struct secDetector_workflow *wf,
char *pathname = NULL;
response_data_t log;
bool matched = false;
- struct task_block_rules_item *item;
+ struct task_block_rules_item *item = NULL;
int ret = 0;
buf = kzalloc(BUF_SIZE, GFP_ATOMIC);
@@ -88,7 +88,7 @@ static struct secDetector_workflow workflow_array[] = {
static int proc_show(struct seq_file *m, void *v)
{
- struct task_block_rules_item *item;
+ struct task_block_rules_item *item = NULL;
mutex_lock(&rules_mutex);
list_for_each_entry (item, &task_block_rule_list, list) {
@@ -105,8 +105,8 @@ static int proc_open(struct inode *inode, struct file *file)
static void clear_task_rule_list(void)
{
- struct task_block_rules_item *item;
- struct task_block_rules_item *tmp;
+ struct task_block_rules_item *item = NULL;
+ struct task_block_rules_item *tmp = NULL;
mutex_lock(&rules_mutex);
list_for_each_entry_safe (item, tmp, &task_block_rule_list, list) {
@@ -122,10 +122,10 @@ static void clear_task_rule_list(void)
static ssize_t proc_write(struct file *file, const char __user *buffer,
size_t len, loff_t *offset)
{
- char *data;
- char *str;
- char *rule;
- struct task_block_rules_item *item;
+ char *data = NULL;
+ char *str = NULL;
+ char *rule = NULL;
+ struct task_block_rules_item *item = NULL;
ssize_t r = -EINVAL;
data = memdup_user_nul(buffer, len);
diff --git a/kerneldriver/core/analyze_unit/secDetector_analyze.c b/kerneldriver/core/analyze_unit/secDetector_analyze.c
index 226e245..f345412 100644
--- a/kerneldriver/core/analyze_unit/secDetector_analyze.c
+++ b/kerneldriver/core/analyze_unit/secDetector_analyze.c
@@ -33,7 +33,7 @@ int get_timestamp_str(char **ret_str)
{
struct timespec64 ts;
struct tm stm;
- char *stm_str;
+ char *stm_str = NULL;
int stm_str_len = 0;
ktime_get_real_ts64(&ts);
@@ -65,4 +65,4 @@ int get_timestamp_str(char **ret_str)
kfree(stm_str);
return stm_str_len;
}
-EXPORT_SYMBOL_GPL(get_timestamp_str);
\ No newline at end of file
+EXPORT_SYMBOL_GPL(get_timestamp_str);
diff --git a/kerneldriver/core/secDetector_manager.c b/kerneldriver/core/secDetector_manager.c
index 4c88386..07b45d8 100644
--- a/kerneldriver/core/secDetector_manager.c
+++ b/kerneldriver/core/secDetector_manager.c
@@ -115,13 +115,15 @@ int secDetector_module_register(struct secDetector_module *module)
int i;
int module_id;
unsigned int callback_id = 0;
- struct secDetector_parameter *param = module->parameter;
+ struct secDetector_parameter *param = NULL;
if (module == NULL) {
pr_err("[secDetector] register module is null\n");
return -EINVAL;
}
+ param = module->parameter;
+
module_id = idr_alloc(&g_module_idr, module, 0, INT_MAX, GFP_KERNEL);
if (module_id < 0) {
pr_err("[secDetector] alloc module id failed\n");
diff --git a/lib/secDetector_sdk.cpp b/lib/secDetector_sdk.cpp
index 6b00953..a431377 100644
--- a/lib/secDetector_sdk.cpp
+++ b/lib/secDetector_sdk.cpp
@@ -34,7 +34,7 @@ extern "C" {
void *secSub(const int topic)
{
- PubSubClient *cur_client;
+ PubSubClient *cur_client = nullptr;
if (topic <= 0 || topic > ALLTOPIC) {
printf("lib secSub failed, topic:%d is error\n", topic);
return NULL;
@@ -64,7 +64,7 @@ void *secSub(const int topic)
void secUnsub(void *reader)
{
- PubSubClient *cur_client;
+ PubSubClient *cur_client = nullptr;
if (!reader)
return;
@@ -84,7 +84,7 @@ void secUnsub(void *reader)
void secReadFrom(void *reader, char *data, int data_len)
{
string msg("");
- PubSubClient *cur_client;
+ PubSubClient *cur_client = nullptr;
if (!data || data_len <= 1)
return
--
2.33.0

29
Backport-modify-for-secReadFrom-error.patch Normal file
View File

@ -0,0 +1,29 @@
From 2ed3096cab89564b1e7b95318260517b51573709 Mon Sep 17 00:00:00 2001
From: zgzxx <zhangguangzhi3@huawei.com>
Date: Thu, 14 Dec 2023 18:21:30 +0800
Subject: [PATCH 3/4] modify for secReadFrom error
---
lib/secDetector_sdk.cpp | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/lib/secDetector_sdk.cpp b/lib/secDetector_sdk.cpp
index a431377..5bc189e 100644
--- a/lib/secDetector_sdk.cpp
+++ b/lib/secDetector_sdk.cpp
@@ -86,8 +86,10 @@ void secReadFrom(void *reader, char *data, int data_len)
string msg("");
PubSubClient *cur_client = nullptr;
- if (!data || data_len <= 1)
- return
+ if (!data || data_len <= 1) {
+ printf("lib secReadFrom data or data_len error\n");
+ return;
+ }
(void)memset(data, 0, data_len);
--
2.33.0

107
Backport-secDetectord-fix-a-grpc-hang-bug.patch Normal file
View File

@ -0,0 +1,107 @@
From f531f56ee36aecd3bb9eae527551eb8eff8c9457 Mon Sep 17 00:00:00 2001
From: chenjingwen <lhchenjw@gmail.com>
Date: Mon, 11 Dec 2023 19:52:42 +0800
Subject: [PATCH 2/2] secDetectord: fix a grpc hang bug
break connection loop before shutdown
so that shutdown won't hang.
Signed-off-by: chenjingwen <lhchenjw@gmail.com>
---
observer_agent/grpc_comm/grpc_api.h | 1 +
observer_agent/grpc_comm/server.cpp | 30 ++++++++++++++++++++++++++---
2 files changed, 28 insertions(+), 3 deletions(-)
diff --git a/observer_agent/grpc_comm/grpc_api.h b/observer_agent/grpc_comm/grpc_api.h
index 4bde109..27a9139 100644
--- a/observer_agent/grpc_comm/grpc_api.h
+++ b/observer_agent/grpc_comm/grpc_api.h
@@ -26,6 +26,7 @@ class PubSubServiceImpl final : public SubManager::Service
grpc::Status Subscribe(ServerContext *context, const SubscribeRequest *request, ServerWriter<Message> *writer);
grpc::Status Publish(ServerContext *context, const PublishRequest *request, Message *response);
grpc::Status UnSubscribe(ServerContext *context, const UnSubscribeRequest *request, Message *response);
+ void CloseAllConnection(void);
private:
std::unordered_map<std::string, std::vector<int>> suber_topic_;
diff --git a/observer_agent/grpc_comm/server.cpp b/observer_agent/grpc_comm/server.cpp
index cce5131..b47b1aa 100644
--- a/observer_agent/grpc_comm/server.cpp
+++ b/observer_agent/grpc_comm/server.cpp
@@ -16,6 +16,7 @@
#include "comm_api.grpc.pb.h"
#include <grpcpp/grpcpp.h>
#include <sys/stat.h>
+#include <condition_variable>
using data_comm::Message;
using data_comm::PublishRequest;
@@ -30,9 +31,23 @@ using grpc::ServerWriter;
#define MAX_CONNECTION 5
#define CHECK_TIME 60
+static bool killed = false;
+
class PubSubServiceImpl final : public SubManager::Service
{
public:
+ void CloseAllConnection(void)
+ {
+ std::lock_guard<std::mutex> lk(wait_mutex);
+
+ for (int i = 0; i < MAX_CONNECTION; i++) {
+ connect_status[i] = false;
+ }
+
+ killed = true;
+ cv.notify_all();
+ }
+
grpc::Status Subscribe(ServerContext *context, const SubscribeRequest *request,
ServerWriter<Message> *writer) override
{
@@ -124,7 +139,7 @@ class PubSubServiceImpl final : public SubManager::Service
}
return grpc::Status(grpc::StatusCode::INTERNAL, "writer is lose!");
}
- sleep(CHECK_TIME);
+ WaitKeeplive();
}
return grpc::Status::OK;
}
@@ -203,21 +218,30 @@ class PubSubServiceImpl final : public SubManager::Service
std::unordered_map<std::string, std::vector<ServerWriter<Message> *>> suber_writer_;
std::unordered_map<std::string, std::vector<int>> suber_connection_;
std::mutex sub_mutex;
+ std::mutex wait_mutex;
+ std::condition_variable cv;
int connection_num = 0;
bool connect_status[MAX_CONNECTION] = {false};
+
+ void WaitKeeplive(void)
+ {
+ std::unique_lock<std::mutex> lk(wait_mutex);
+ cv.wait_for(lk, std::chrono::seconds(CHECK_TIME), []{ return killed; });
+ }
};
-std::unique_ptr<Server> server;
+static std::unique_ptr<Server> server;
+static PubSubServiceImpl service;
void StopServer()
{
+ service.CloseAllConnection();
server->Shutdown();
}
void RunServer()
{
std::string server_address("unix:///var/run/secDetector.sock");
- PubSubServiceImpl service;
ServerBuilder builder;
builder.AddListeningPort(server_address, grpc::InsecureServerCredentials());
--
2.33.0

31
Backport-secUnsub-del-topic-in-README.patch Normal file
View File

@ -0,0 +1,31 @@
From afb0176a27e64325de49155348cf3e189685a960 Mon Sep 17 00:00:00 2001
From: zgzxx <zhangguangzhi3@huawei.com>
Date: Mon, 11 Dec 2023 21:12:52 +0800
Subject: [PATCH] secUnsub del topic in README
---
README.md | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/README.md b/README.md
index 9658879..6a06586 100644
--- a/README.md
+++ b/README.md
@@ -109,11 +109,11 @@ secDetectord 默认会在后台运行,从探针中取得数据并转发给订
参数 “topic”:注册的事件类型,具体可见” /usr/include/secDetector/secDetector_sdk.h”中定义
输出 返回读取事件的指针
-接口名称 void secUnsub(const int topic, void *reader)
+接口名称 void secUnsub(void *reader)
接口描述 注销订阅接口
-参数 “topic”:注销的事件类型, “reader”:注销的读事件指针
+参数 “reader”:注销的读事件指针
输出 无
-注意事项 当前会全部取消不支持指定reader取消
+注意事项 当前会取消reader的全部订阅
接口名称 void secReadFrom(void *reader, char *data, int data_len)
接口描述 读事件信息接口
--
2.33.0

189
Backport-secUnsub-del-topic.patch Normal file
View File

@ -0,0 +1,189 @@
From 4a58573122e2c677c427cb43bb02e6f055fdf391 Mon Sep 17 00:00:00 2001
From: zgzxx <zhangguangzhi3@huawei.com>
Date: Mon, 11 Dec 2023 20:57:58 +0800
Subject: [PATCH] secUnsub del topic
---
examples/python/client.py | 4 +--
lib/secDetector_sdk.cpp | 8 ++----
lib/secDetector_sdk.h | 2 +-
observer_agent/grpc_comm/client.cpp | 3 +--
observer_agent/grpc_comm/client_sub_demo.cpp | 2 +-
observer_agent/grpc_comm/grpc_api.h | 2 +-
.../grpc_comm/protos/comm_api.proto | 3 +--
observer_agent/grpc_comm/server.cpp | 27 ++++++++-----------
8 files changed, 20 insertions(+), 31 deletions(-)
diff --git a/examples/python/client.py b/examples/python/client.py
index 312384d..3fb95b4 100644
--- a/examples/python/client.py
+++ b/examples/python/client.py
@@ -31,7 +31,7 @@ g_cli_reader_lock = threading.Lock()
secDetectorsdklib.secSub.argtypes = [ctypes.c_int]
secDetectorsdklib.secSub.restype = ctypes.c_void_p
-secDetectorsdklib.secUnsub.argtypes = [ctypes.c_int, ctypes.c_void_p]
+secDetectorsdklib.secUnsub.argtypes = [ctypes.c_void_p]
secDetectorsdklib.secUnsub.restype = None
secDetectorsdklib.secReadFrom.argtypes = [ctypes.c_void_p, ctypes.c_char_p, ctypes.c_int]
secDetectorsdklib.secReadFrom.restype = None
@@ -66,7 +66,7 @@ def thread_func_unsub(num=0):
g_cli_reader_lock.acquire()
try:
g_read_flag = False
- secDetectorsdklib.secUnsub(1, g_cli_reader)
+ secDetectorsdklib.secUnsub(g_cli_reader)
finally:
g_cli_reader_lock.release()
print("client thread_func_unsub end")
diff --git a/lib/secDetector_sdk.cpp b/lib/secDetector_sdk.cpp
index 6f47f41..6b00953 100644
--- a/lib/secDetector_sdk.cpp
+++ b/lib/secDetector_sdk.cpp
@@ -62,13 +62,9 @@ void *secSub(const int topic)
return ret_reader;
}
-void secUnsub(const int topic, void *reader)
+void secUnsub(void *reader)
{
PubSubClient *cur_client;
- if (topic <= 0 || topic > ALLTOPIC) {
- printf("lib secUnsub failed, topic:%d is error\n", topic);
- return;
- }
if (!reader)
return;
@@ -77,7 +73,7 @@ void secUnsub(const int topic, void *reader)
Readmap::iterator iter = g_reader_map.find(reader);
if (iter != g_reader_map.end()) {
cur_client = iter->second.second;
- cur_client->UnSubscribe(topic);
+ cur_client->UnSubscribe();
g_reader_map.erase(iter);
reader = NULL;
delete cur_client;
diff --git a/lib/secDetector_sdk.h b/lib/secDetector_sdk.h
index abf112b..92ef5b4 100644
--- a/lib/secDetector_sdk.h
+++ b/lib/secDetector_sdk.h
@@ -18,7 +18,7 @@
#define SECDETECTOR_SDK_H
void *secSub(const int topic);
-void secUnsub(const int topic, void *reader);
+void secUnsub(void *reader);
void secReadFrom(void *reader, char *data, int data_len);
#endif
diff --git a/observer_agent/grpc_comm/client.cpp b/observer_agent/grpc_comm/client.cpp
index 0dd02f9..5cf8cf2 100644
--- a/observer_agent/grpc_comm/client.cpp
+++ b/observer_agent/grpc_comm/client.cpp
@@ -87,10 +87,9 @@ void PubSubClient::Publish(const int topic, const std::string &content)
}
}
-void PubSubClient::UnSubscribe(const int topic)
+void PubSubClient::UnSubscribe(void)
{
UnSubscribeRequest request;
- request.set_topic(topic);
request.set_sub_name(uuid_str);
ClientContext unsub_context;
diff --git a/observer_agent/grpc_comm/client_sub_demo.cpp b/observer_agent/grpc_comm/client_sub_demo.cpp
index fbf27ad..550b503 100644
--- a/observer_agent/grpc_comm/client_sub_demo.cpp
+++ b/observer_agent/grpc_comm/client_sub_demo.cpp
@@ -34,7 +34,7 @@ int main(int argc, char **argv)
some_data = client.ReadFrom(cli_reader);
std::cout << "loop whz: " << some_data << std::endl;
}
- client.UnSubscribe(std::stoi(argv[1]));
+ client.UnSubscribe();
return 0;
}
diff --git a/observer_agent/grpc_comm/grpc_api.h b/observer_agent/grpc_comm/grpc_api.h
index 27a9139..c5b43cc 100644
--- a/observer_agent/grpc_comm/grpc_api.h
+++ b/observer_agent/grpc_comm/grpc_api.h
@@ -48,7 +48,7 @@ class PubSubClient
void init(std::shared_ptr<Channel> channel);
std::unique_ptr<ClientReader<Message>> Subscribe(const int topic);
void Publish(const int topic, const std::string &content);
- void UnSubscribe(const int topic);
+ void UnSubscribe(void);
std::string ReadFrom(std::unique_ptr<ClientReader<Message>> &reader);
private:
diff --git a/observer_agent/grpc_comm/protos/comm_api.proto b/observer_agent/grpc_comm/protos/comm_api.proto
index 6c84865..cf1e445 100644
--- a/observer_agent/grpc_comm/protos/comm_api.proto
+++ b/observer_agent/grpc_comm/protos/comm_api.proto
@@ -13,8 +13,7 @@ message SubscribeRequest {
}
message UnSubscribeRequest {
- int32 topic = 1;
- string sub_name = 2;
+ string sub_name = 1;
}
message PublishRequest {
diff --git a/observer_agent/grpc_comm/server.cpp b/observer_agent/grpc_comm/server.cpp
index b47b1aa..938d09c 100644
--- a/observer_agent/grpc_comm/server.cpp
+++ b/observer_agent/grpc_comm/server.cpp
@@ -176,7 +176,6 @@ class PubSubServiceImpl final : public SubManager::Service
grpc::Status UnSubscribe(ServerContext *context, const UnSubscribeRequest *request, Message *response) override
{
- int cli_topic = request->topic();
std::string cli_name = request->sub_name();
int i = 0;
int unsub_flag = 0;
@@ -189,27 +188,23 @@ class PubSubServiceImpl final : public SubManager::Service
std::lock_guard<std::mutex> lock(sub_mutex);
- for (auto topic_item : suber_topic_[cli_name])
+ std::unordered_map<std::string, std::vector<int>>::iterator iter = suber_topic_.find(cli_name);
+ if (iter != suber_topic_.end())
{
- if (topic_item == cli_topic)
- {
- suber_topic_[cli_name].erase(suber_topic_[cli_name].begin() + i);
- suber_writer_[cli_name].erase(suber_writer_[cli_name].begin() + i);
- connect_status[suber_connection_[cli_name].at(i)] = false;
- suber_connection_[cli_name].erase(suber_connection_[cli_name].begin() + i);
- connection_num--;
- unsub_flag = 1;
- break;
- }
- i++;
+ suber_topic_[cli_name].erase(suber_topic_[cli_name].begin() + i);
+ suber_writer_[cli_name].erase(suber_writer_[cli_name].begin() + i);
+ connect_status[suber_connection_[cli_name].at(i)] = false;
+ suber_connection_[cli_name].erase(suber_connection_[cli_name].begin() + i);
+ connection_num--;
+ unsub_flag = 1;
}
if (!unsub_flag)
{
- response->set_text("don't exist the topic: " + std::to_string(cli_topic));
- return grpc::Status(grpc::StatusCode::INTERNAL, "Failed to UnSubscribe topic!");
+ response->set_text("don't exist the reader");
+ return grpc::Status(grpc::StatusCode::INTERNAL, "Failed to UnSubscribe reader!");
}
- response->set_text("topic: " + std::to_string(cli_topic) + " UnSubscribe success!");
+ response->set_text("UnSubscribe success!");
return grpc::Status::OK;
}
--
2.33.0

68
Backport-set-cmake-minimum-required-to-VERSION-3.22.patch Normal file
View File

@ -0,0 +1,68 @@
From 0a89d59f076bd9de9e997f76fd5088cf600bb685 Mon Sep 17 00:00:00 2001
From: zcfsite <zhchf2010@126.com>
Date: Wed, 6 Dec 2023 10:14:56 +0800
Subject: [PATCH 1/4] set cmake minimum required to VERSION 3.22
---
CMakeLists.txt | 2 +-
lib/CMakeLists.txt | 2 +-
observer_agent/CMakeLists.txt | 2 +-
observer_agent/ebpf/CMakeLists.txt | 2 +-
observer_agent/ebpf/file_ebpf/CMakeLists.txt | 2 +-
5 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 1f44e4a..56c31c9 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -1,4 +1,4 @@
-cmake_minimum_required(VERSION 3.1)
+cmake_minimum_required(VERSION 3.22)
project(secDetector)
add_subdirectory(observer_agent)
add_subdirectory(lib)
diff --git a/lib/CMakeLists.txt b/lib/CMakeLists.txt
index b3f61f1..6b1ee78 100644
--- a/lib/CMakeLists.txt
+++ b/lib/CMakeLists.txt
@@ -1,4 +1,4 @@
-cmake_minimum_required(VERSION 3.14.1)
+cmake_minimum_required(VERSION 3.22)
project(secDetector_sdk)
diff --git a/observer_agent/CMakeLists.txt b/observer_agent/CMakeLists.txt
index 8465044..f110b49 100644
--- a/observer_agent/CMakeLists.txt
+++ b/observer_agent/CMakeLists.txt
@@ -1,4 +1,4 @@
-cmake_minimum_required(VERSION 3.1)
+cmake_minimum_required(VERSION 3.22)
add_subdirectory(ebpf)
set(CMAKE_CXX_STANDARD 11)
diff --git a/observer_agent/ebpf/CMakeLists.txt b/observer_agent/ebpf/CMakeLists.txt
index 6b97de4..a5c9bbe 100644
--- a/observer_agent/ebpf/CMakeLists.txt
+++ b/observer_agent/ebpf/CMakeLists.txt
@@ -1,4 +1,4 @@
-cmake_minimum_required(VERSION 3.16)
+cmake_minimum_required(VERSION 3.22)
project(ebpf)
add_subdirectory(file_ebpf)
add_custom_target(ebpf
diff --git a/observer_agent/ebpf/file_ebpf/CMakeLists.txt b/observer_agent/ebpf/file_ebpf/CMakeLists.txt
index 9517832..e9e073a 100644
--- a/observer_agent/ebpf/file_ebpf/CMakeLists.txt
+++ b/observer_agent/ebpf/file_ebpf/CMakeLists.txt
@@ -1,6 +1,6 @@
# SPDX-License-Identifier: GPL-2.0 OR BSD-3-Clause
-cmake_minimum_required(VERSION 3.16)
+cmake_minimum_required(VERSION 3.22)
project(file_ebpf)
add_custom_target(file_ebpf
COMMAND mkdir -p ${CMAKE_CURRENT_BINARY_DIR}/.output
--
2.33.0

35
secDetector.spec
View File

@ -5,7 +5,7 @@
Name : secDetector
Summary : OS Security Intrusion Detection System
Version : 1.0
Release : 8
Release : 14
License : GPL-2.0
Source0 : %{name}-v%{version}.tar.gz
BuildRequires: kernel-devel kernel-headers
@ -32,6 +32,21 @@ Patch0014: Backport-add-handle-cleanup-and-refactor-Subscribe-UnSubscrib.patch
Patch0015: Backport-lib-modify-for-unsub.patch
Patch0016: Backport-add-nullptr-check-in-Subscribe.patch
Patch0017: Backport-modify-for-multiple-sub-in-the-same-process.patch
Patch0018: Backport-creatfile-check-op-intent-value.patch
Patch0019: Backport-createfile-check-f_mode-and-fix-typo.patch
Patch0021: Backport-add-lock-limit-publish-API.patch
Patch0022: Backport-secDetectord-fix-a-grpc-hang-bug.patch
Patch0023: Backport-secUnsub-del-topic.patch
Patch0024: Backport-secUnsub-del-topic-in-README.patch
Patch0025: Backport-modify-for-code-review.patch
Patch0026: Backport-modify-for-secReadFrom-error.patch
Patch0027: Backport-fix-invalid-TUF-8-data-in-memory-corruption-module.patch
Patch0028: Backport-set-cmake-minimum-required-to-VERSION-3.22.patch
Patch0029: Backport-grpc-fix-coredump-in-Publish.patch
Patch0030: Backport-fix-the-memory-leak-in-collect-unit.patch
Patch0031: Backport-fix-memory-leak-in-program_action.patch
Patch0032: Backport-bug-fix-memory-leak-in-sc-analyze-unit.patch
Patch0033: Backport-fix-6.x-kernel-compile-error.patch
%description
OS Security Intrusion Detection System
@ -105,6 +120,24 @@ rm -rf %{buildroot}
%attr(0644,root,root) /usr/include/secDetector/secDetector_topic.h
%changelog
* Tue Feb 20 2024 hurricane618 <hurricane618@hotmail.com> 1.0-14
- backport patch to fix compile error in v6.6 kernel
* Thu Dec 21 2023 hurricane618 <hurricane618@hotmail.com> 1.0-13
- backport patchs to fix memory
* Thu Dec 14 2023 zcfsite <zhchf2010@126.com> 1.0-12
- fix secReadFrom error,invalid TUF-8 data in mc module,publish coredump
* Mon Dec 11 2023 zhangguangzhi <zhangguangzhi3@huawei.com> 1.0-11
- backport patch
* Mon Dec 11 2023 chenjingwen6 <lhchenjw@gmail.com> 1.0-10
- backport some patches to fix issue such as grpc hangs
* Sat Dec 9 2023 zhangguangzhi <zhangguangzhi3@huawei.com> 1.0-9
- backport some patches
* Tue Dec 05 2023 hurricane618 <hurricane618@hotmail.com> 1.0-8
- backport some patches