packages/secDetector
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
secDetector/Backport-rm-kmodule_list-in-mc-and-fix-param-ringbuf-desc.patch
zgzxx cb647d168f backport some patches
2023-11-29 20:37:35 +08:00

166 lines
5.8 KiB
Diff
Raw Permalink Blame History

From 71409081fc4c642412d7b7fb1812bee12b6af6b9 Mon Sep 17 00:00:00 2001
From: zcfsite <zhchf2010@126.com>
Date: Mon, 27 Nov 2023 22:27:06 +0800
Subject: rm kmodule_list in mc and fix param ringbuf desc
---
kerneldriver/cases/Makefile | 2 +-
.../secDetector_mc_kmodule_list.c | 55 -------------------
.../secDetector_mc_kmodule_list.h | 12 ----
.../secDetector_memory_corruption.c | 16 ------
kerneldriver/core/secDetector_main.c | 2 +-
5 files changed, 2 insertions(+), 85 deletions(-)
delete mode 100644 kerneldriver/cases/memory_corruption/secDetector_mc_kmodule_list.c
delete mode 100644 kerneldriver/cases/memory_corruption/secDetector_mc_kmodule_list.h
diff --git a/kerneldriver/cases/Makefile b/kerneldriver/cases/Makefile
index 0af72ba..5a94e50 100644
--- a/kerneldriver/cases/Makefile
+++ b/kerneldriver/cases/Makefile
@@ -8,7 +8,7 @@ obj-m += secDetector_kmodule_baseline.o
# obj-m += secDetector_lsm_example.o
obj-m += secDetector_program_action.o
-secDetector_memory_corruption-objs := memory_corruption/secDetector_memory_corruption.o memory_corruption/secDetector_mc_kmodule_list.o
+secDetector_memory_corruption-objs := memory_corruption/secDetector_memory_corruption.o
#secDetector_task_block-objs := task_block/secDetector_task_block.o
#secDetector_file_block-objs := file_block/secDetector_file_block.o
secDetector_kmodule_baseline-objs := kmodule_baseline/secDetector_kmodule_baseline.o kmodule_baseline/secDetector_mc_kmodule_baseline.o
diff --git a/kerneldriver/cases/memory_corruption/secDetector_mc_kmodule_list.c b/kerneldriver/cases/memory_corruption/secDetector_mc_kmodule_list.c
deleted file mode 100644
index 283590b..0000000
--- a/kerneldriver/cases/memory_corruption/secDetector_mc_kmodule_list.c
+++ /dev/null
@@ -1,55 +0,0 @@
-/*
- * SPDX-License-Identifier: GPL-2.0
- *
- * Author: yieux
- * create: 2023-09-28
- * Description: the main implement of the kmodule list corruption.
- */
-#include <linux/module.h>
-#include <linux/list.h>
-#include <linux/spinlock.h>
-#include "secDetector_mc_kmodule_list.h"
-#include "secDetector_response.h"
-#include <linux/slab.h>
-
-#define MODULE_LIST_MAXSIZE 0x10000
-#define MC_KMODULE_REPORT_WORD_LEN 55
-
-// 3 ways for get kernel module list.
-// struct module->list
-// struct module->mkobj->kobj->entry
-// struct module->mkobj->kobj->kset
-void check_kmodule_list(void)
-{
- struct module_kobject *mobj = NULL;
- struct kobject *k = NULL;
- struct module *m = NULL;
- struct kset *module_kset = __this_module.mkobj.kobj.kset;
- response_data_t log;
-
- if (module_kset == NULL)
- return;
-
- spin_lock(&module_kset->list_lock);
- list_for_each_entry(k, &module_kset->list, entry) {
- if (k->name == NULL)
- continue;
- mobj = container_of(k, struct module_kobject, kobj);
- if (mobj == NULL || mobj->mod == NULL || (unsigned long)mobj->mod->name < MODULE_LIST_MAXSIZE)
- continue;
-
- mutex_lock(&module_mutex);
- m = find_module(k->name);
- if (m == NULL) {
- pr_err("[secDetector] mc kmoudle list find! module_name=%s.\n", k->name);
- log.report_data.len = MC_KMODULE_REPORT_WORD_LEN + strlen(k->name);
- log.report_data.text = kmalloc(log.report_data.len, GFP_KERNEL);
- sprintf(log.report_data.text, "[secDetector] mc kmoudle list find! module_name=%s.\n", k->name);
- secDetector_report(&log);
- kfree(log.report_data.text);
- }
- mutex_unlock(&module_mutex);
- }
- spin_unlock(&module_kset->list_lock);
- return;
-}
\ No newline at end of file
diff --git a/kerneldriver/cases/memory_corruption/secDetector_mc_kmodule_list.h b/kerneldriver/cases/memory_corruption/secDetector_mc_kmodule_list.h
deleted file mode 100644
index 737ca47..0000000
--- a/kerneldriver/cases/memory_corruption/secDetector_mc_kmodule_list.h
+++ /dev/null
@@ -1,12 +0,0 @@
-/*
- * SPDX-License-Identifier: GPL-2.0
- *
- * Author: yieux
- * create: 2023-09-28
- * Description: the kmodule list corruption head file.
- */
- #ifndef SECDETECTOR_MC_KMODULE_LIST_H
- #define SECDETECTOR_MC_KMODULE_LIST_H
-
-void check_kmodule_list(void);
- #endif
\ No newline at end of file
diff --git a/kerneldriver/cases/memory_corruption/secDetector_memory_corruption.c b/kerneldriver/cases/memory_corruption/secDetector_memory_corruption.c
index 5b487ac..f4a1c9f 100644
--- a/kerneldriver/cases/memory_corruption/secDetector_memory_corruption.c
+++ b/kerneldriver/cases/memory_corruption/secDetector_memory_corruption.c
@@ -10,35 +10,19 @@
#include <linux/seq_file.h>
#include "secDetector_manager.h"
#include <secDetector_module_type.h>
-#include "secDetector_mc_kmodule_list.h"
#define TIME_INTERVAL 10
DEFINE_MUTEX(case_mc_mutex);
#define KERNELKEYDATATAMPER 0x00008000
-static void check_all_watching_memory(void)
-{
- mutex_lock(&case_mc_mutex);
- check_kmodule_list();
- mutex_unlock(&case_mc_mutex);
-}
-
static struct secDetector_collect collect_array[] = {
{
.collect_type = COLLECT_GLOBAL_FUNCTION_SWITCH,
},
};
-
static struct secDetector_workflow workflow_array[] = {
- {
- .workflow_type = WORKFLOW_CUSTOMIZATION,
- .workflow_func.func = check_all_watching_memory,
- .hook_type = SECDETECTOR_TIMER,
- .interval = TIME_INTERVAL,
- .enabled = ATOMIC_INIT(true)
- },
{
.workflow_type = WORKFLOW_PRESET,
.hook_type = SECDETECTOR_TIMER,
diff --git a/kerneldriver/core/secDetector_main.c b/kerneldriver/core/secDetector_main.c
index 878d4a3..3931229 100644
--- a/kerneldriver/core/secDetector_main.c
+++ b/kerneldriver/core/secDetector_main.c
@@ -22,7 +22,7 @@ MODULE_PARM_DESC(log_size, "log size");
static unsigned int ringbuf_size = MIN_RINGBUF_SIZE; /* unit is Mb */
static unsigned int ringbuf_size_bytes; /* unit is bytes */
module_param(ringbuf_size, uint, 0400);
-MODULE_PARM_DESC(log_size, "ringbuffer size");
+MODULE_PARM_DESC(ringbuf_size, "ringbuffer size");
static bool ringbuf_size_check(void)
{
--
2.33.0
Reference in New Issue View Git Blame Copy Permalink