269 lines
8.7 KiB
Diff
269 lines
8.7 KiB
Diff
From 0583e13c466bf0be32ccbfbb854e4aff41fb32ff Mon Sep 17 00:00:00 2001
|
|
From: hurricane618 <hurricane618@hotmail.com>
|
|
Date: Mon, 19 Feb 2024 23:31:59 +0800
|
|
Subject: [PATCH] fix 6.x kernel compile error
|
|
|
|
---
|
|
kerneldriver/cases/Makefile | 2 +
|
|
.../secDetector_mc_kmodule_baseline.c | 5 ++
|
|
.../secDetector_program_action.c | 41 +++++++++++++
|
|
.../response_unit/secDetector_ringbuffer.c | 12 +++-
|
|
observer_agent/CMakeLists.txt | 4 +-
|
|
observer_agent/grpc_comm/Makefile | 59 +------------------
|
|
6 files changed, 63 insertions(+), 60 deletions(-)
|
|
|
|
diff --git a/kerneldriver/cases/Makefile b/kerneldriver/cases/Makefile
|
|
index 5a94e50..146fbee 100644
|
|
--- a/kerneldriver/cases/Makefile
|
|
+++ b/kerneldriver/cases/Makefile
|
|
@@ -26,8 +26,10 @@ ifndef KDIR
|
|
KDIR=$(KERNEL_SRC)
|
|
endif
|
|
|
|
+ifneq ($(VERSION), 6)
|
|
KBUILD_EXTRA_SYMBOLS += $(PWD)/../core/Module.symvers
|
|
export KBUILD_EXTRA_SYMBOLS
|
|
+endif
|
|
|
|
all:
|
|
$(MAKE) -C $(KERNEL_SRC) M=$(PWD) modules KCPPFLAGS="${cflags-y}"
|
|
diff --git a/kerneldriver/cases/kmodule_baseline/secDetector_mc_kmodule_baseline.c b/kerneldriver/cases/kmodule_baseline/secDetector_mc_kmodule_baseline.c
|
|
index 9a051ca..b799f9f 100644
|
|
--- a/kerneldriver/cases/kmodule_baseline/secDetector_mc_kmodule_baseline.c
|
|
+++ b/kerneldriver/cases/kmodule_baseline/secDetector_mc_kmodule_baseline.c
|
|
@@ -10,6 +10,7 @@
|
|
#include <linux/list.h>
|
|
#include <linux/spinlock.h>
|
|
#include <linux/slab.h>
|
|
+#include <linux/version.h>
|
|
#include <time.h>
|
|
#include "secDetector_mc_kmodule_baseline.h"
|
|
#include "secDetector_response.h"
|
|
@@ -123,7 +124,9 @@ void check_kmodule_baseline(void)
|
|
if (module_kset == NULL)
|
|
return;
|
|
|
|
+#if LINUX_VERSION_CODE < KERNEL_VERSION(6, 0, 0)
|
|
mutex_lock(&module_mutex);
|
|
+#endif
|
|
spin_lock(&module_kset->list_lock);
|
|
list_for_each_entry(k, &module_kset->list, entry) {
|
|
if (k->name == NULL)
|
|
@@ -137,7 +140,9 @@ void check_kmodule_baseline(void)
|
|
break;
|
|
}
|
|
spin_unlock(&module_kset->list_lock);
|
|
+#if LINUX_VERSION_CODE < KERNEL_VERSION(6, 0, 0)
|
|
mutex_unlock(&module_mutex);
|
|
+#endif
|
|
|
|
report_kmodule_baseline();
|
|
free_kmodule_baseline();
|
|
diff --git a/kerneldriver/cases/program_action/secDetector_program_action.c b/kerneldriver/cases/program_action/secDetector_program_action.c
|
|
index f571c08..facd3b2 100644
|
|
--- a/kerneldriver/cases/program_action/secDetector_program_action.c
|
|
+++ b/kerneldriver/cases/program_action/secDetector_program_action.c
|
|
@@ -38,6 +38,7 @@
|
|
#include <linux/ctype.h>
|
|
#include <linux/cred.h>
|
|
#include <linux/kthread.h>
|
|
+#include <linux/version.h>
|
|
#include <string.h>
|
|
|
|
#include "secDetector_manager.h"
|
|
@@ -84,6 +85,46 @@ struct process_info {
|
|
int umask;
|
|
};
|
|
|
|
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 0, 0)
|
|
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 7, 0)
|
|
+struct file *get_mm_exe_file(struct mm_struct *mm)
|
|
+{
|
|
+ struct file *exe_file;
|
|
+
|
|
+ rcu_read_lock();
|
|
+ exe_file = get_file_rcu(&mm->exe_file);
|
|
+ rcu_read_unlock();
|
|
+ return exe_file;
|
|
+}
|
|
+#else
|
|
+struct file *get_mm_exe_file(struct mm_struct *mm)
|
|
+{
|
|
+ struct file *exe_file;
|
|
+
|
|
+ rcu_read_lock();
|
|
+ exe_file = rcu_dereference(mm->exe_file);
|
|
+ if (exe_file && !get_file_rcu(exe_file))
|
|
+ exe_file = NULL;
|
|
+ rcu_read_unlock();
|
|
+ return exe_file;
|
|
+}
|
|
+#endif
|
|
+struct file *get_task_exe_file(struct task_struct *task)
|
|
+{
|
|
+ struct file *exe_file = NULL;
|
|
+ struct mm_struct *mm;
|
|
+
|
|
+ spin_lock(&task->alloc_lock);
|
|
+ mm = task->mm;
|
|
+ if (mm) {
|
|
+ if (!(task->flags & PF_KTHREAD))
|
|
+ exe_file = get_mm_exe_file(mm);
|
|
+ }
|
|
+ spin_unlock(&task->alloc_lock);
|
|
+ return exe_file;
|
|
+}
|
|
+#endif
|
|
+
|
|
char *get_process_path(struct task_struct *p, char *pathname, int len)
|
|
{
|
|
char *process_path = NULL;
|
|
diff --git a/kerneldriver/core/response_unit/secDetector_ringbuffer.c b/kerneldriver/core/response_unit/secDetector_ringbuffer.c
|
|
index b367d74..27e8640 100644
|
|
--- a/kerneldriver/core/response_unit/secDetector_ringbuffer.c
|
|
+++ b/kerneldriver/core/response_unit/secDetector_ringbuffer.c
|
|
@@ -17,6 +17,7 @@
|
|
#include <linux/module.h>
|
|
#include <linux/kmemleak.h>
|
|
#include <linux/fs.h>
|
|
+#include <linux/version.h>
|
|
|
|
static unsigned long rb_datasz;
|
|
static unsigned long rb_mask;
|
|
@@ -287,7 +288,11 @@ static int ringbuffer_mmap(struct file *flip, struct vm_area_struct *vma)
|
|
vma->vm_end - vma->vm_start != PAGE_SIZE)
|
|
return -EPERM;
|
|
} else {
|
|
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 0, 0)
|
|
+ vm_flags_clear(vma, VM_MAYWRITE);
|
|
+#else
|
|
vma->vm_flags &= ~VM_MAYWRITE;
|
|
+#endif
|
|
}
|
|
/* remap_vmalloc_range() checks size and offset */
|
|
return remap_vmalloc_range(vma, g_rb, vma->vm_pgoff + RINGBUF_PGOFF);
|
|
@@ -366,8 +371,11 @@ int __init secDetector_ringbuf_dev_init(unsigned int rb_sz)
|
|
ret = major;
|
|
goto error_free;
|
|
}
|
|
-
|
|
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 0, 0)
|
|
+ class = class_create(MODULE_DEVICE);
|
|
+#else
|
|
class = class_create(THIS_MODULE, MODULE_DEVICE);
|
|
+#endif
|
|
if (IS_ERR(class)) {
|
|
ret = PTR_ERR(class);
|
|
goto error_class_create;
|
|
@@ -398,4 +406,4 @@ void __exit secDetector_ringbuf_dev_exit(void)
|
|
class_destroy(class);
|
|
unregister_chrdev(major, MODULE_DEVICE);
|
|
ringbuf_free(g_rb);
|
|
-}
|
|
\ No newline at end of file
|
|
+}
|
|
diff --git a/observer_agent/CMakeLists.txt b/observer_agent/CMakeLists.txt
|
|
index f110b49..297fcc0 100644
|
|
--- a/observer_agent/CMakeLists.txt
|
|
+++ b/observer_agent/CMakeLists.txt
|
|
@@ -1,7 +1,7 @@
|
|
cmake_minimum_required(VERSION 3.22)
|
|
|
|
add_subdirectory(ebpf)
|
|
-set(CMAKE_CXX_STANDARD 11)
|
|
+set(CMAKE_CXX_STANDARD 17)
|
|
project(observer_agent VERSION 1.0 LANGUAGES CXX)
|
|
set(GRPC_PATH ${CMAKE_CURRENT_SOURCE_DIR}/grpc_comm)
|
|
add_custom_target(grpc_demo ALL
|
|
@@ -16,5 +16,5 @@ target_include_directories(secDetectord PUBLIC service grpc_comm ${CMAKE_SOURCE_
|
|
target_link_libraries(secDetectord ${CMAKE_CURRENT_BINARY_DIR}/ebpf/.output/fentry.o)
|
|
target_link_libraries(secDetectord ${CMAKE_CURRENT_BINARY_DIR}/ebpf/file_ebpf/.output/file_fentry.o)
|
|
target_link_libraries(secDetectord ${GRPC_PATH}/comm_api.pb.o ${GRPC_PATH}/comm_api.grpc.pb.o)
|
|
-target_link_libraries(secDetectord protobuf grpc++ grpc absl_synchronization uuid)
|
|
+target_link_libraries(secDetectord protobuf grpc++ grpc absl_synchronization absl_log_internal_message absl_log_internal_check_op absl_cord absl_cordz_info absl_cordz_functions absl_cordz_handle gpr uuid)
|
|
target_link_libraries(secDetectord z elf bpf)
|
|
diff --git a/observer_agent/grpc_comm/Makefile b/observer_agent/grpc_comm/Makefile
|
|
index 3c87ad8..0556a16 100644
|
|
--- a/observer_agent/grpc_comm/Makefile
|
|
+++ b/observer_agent/grpc_comm/Makefile
|
|
@@ -17,8 +17,8 @@
|
|
HOST_SYSTEM = $(shell uname | cut -f 1 -d_)
|
|
SYSTEM ?= $(HOST_SYSTEM)
|
|
CXX = g++
|
|
-CPPFLAGS += `pkg-config --cflags protobuf grpc`
|
|
-CXXFLAGS += -std=c++11 -fPIC
|
|
+CPPFLAGS += `pkg-config --cflags protobuf grpc` -std=c++17
|
|
+CXXFLAGS += -fPIC
|
|
ifeq ($(SYSTEM),Darwin)
|
|
LDFLAGS += -L/usr/local/lib `pkg-config --libs protobuf grpc++`\
|
|
-pthread\
|
|
@@ -38,7 +38,7 @@ PROTOS_PATH = ./protos
|
|
|
|
vpath %.proto $(PROTOS_PATH)
|
|
|
|
-all: system-check client_pub_demo client_sub_demo server_demo
|
|
+all: client_pub_demo client_sub_demo server_demo
|
|
|
|
client_pub_demo: comm_api.pb.o comm_api.grpc.pb.o client.o client_pub_demo.o
|
|
$(CXX) $^ $(LDFLAGS) -o $@
|
|
@@ -58,56 +58,3 @@ server_demo: comm_api.pb.o comm_api.grpc.pb.o server.o server_demo.o
|
|
clean:
|
|
rm -f *.o *.pb.cc *.pb.h server_demo client_sub_demo client_pub_demo
|
|
|
|
-
|
|
-# The following is to test your system and ensure a smoother experience.
|
|
-# They are by no means necessary to actually compile a grpc-enabled software.
|
|
-
|
|
-PROTOC_CMD = which $(PROTOC)
|
|
-PROTOC_CHECK_CMD = $(PROTOC) --version | grep -q libprotoc.3
|
|
-PLUGIN_CHECK_CMD = which $(GRPC_CPP_PLUGIN)
|
|
-HAS_PROTOC = $(shell $(PROTOC_CMD) > /dev/null && echo true || echo false)
|
|
-ifeq ($(HAS_PROTOC),true)
|
|
-HAS_VALID_PROTOC = $(shell $(PROTOC_CHECK_CMD) 2> /dev/null && echo true || echo false)
|
|
-endif
|
|
-HAS_PLUGIN = $(shell $(PLUGIN_CHECK_CMD) > /dev/null && echo true || echo false)
|
|
-
|
|
-SYSTEM_OK = false
|
|
-ifeq ($(HAS_VALID_PROTOC),true)
|
|
-ifeq ($(HAS_PLUGIN),true)
|
|
-SYSTEM_OK = true
|
|
-endif
|
|
-endif
|
|
-
|
|
-system-check:
|
|
-ifneq ($(HAS_VALID_PROTOC),true)
|
|
- @echo " DEPENDENCY ERROR"
|
|
- @echo
|
|
- @echo "You don't have protoc 3.0.0 installed in your path."
|
|
- @echo "Please install Google protocol buffers 3.0.0 and its compiler."
|
|
- @echo "You can find it here:"
|
|
- @echo
|
|
- @echo " https://github.com/protocolbuffers/protobuf/releases/tag/v3.0.0"
|
|
- @echo
|
|
- @echo "Here is what I get when trying to evaluate your version of protoc:"
|
|
- @echo
|
|
- -$(PROTOC) --version
|
|
- @echo
|
|
- @echo
|
|
-endif
|
|
-ifneq ($(HAS_PLUGIN),true)
|
|
- @echo " DEPENDENCY ERROR"
|
|
- @echo
|
|
- @echo "You don't have the grpc c++ protobuf plugin installed in your path."
|
|
- @echo "Please install grpc. You can find it here:"
|
|
- @echo
|
|
- @echo " https://github.com/grpc/grpc"
|
|
- @echo
|
|
- @echo "Here is what I get when trying to detect if you have the plugin:"
|
|
- @echo
|
|
- -which $(GRPC_CPP_PLUGIN)
|
|
- @echo
|
|
- @echo
|
|
-endif
|
|
-ifneq ($(SYSTEM_OK),true)
|
|
- @false
|
|
-endif
|
|
--
|
|
2.21.0
|
|
|