Commit Graph

85 Commits

Author SHA1 Message Date
linD026
eef2bc4395
Enforce Linux kernel coding style (#88)
The only exception is to indent with four spaces rather than tabs
for sticking to compact layout of source listing.

Close #87
2021-09-02 15:15:07 +08:00
linD026
cccc98ab2c
Fix disallowed cr0 write protection and close_fd (#80)
Since the commit 8dbec27a242cd3e2816eeb98d3237b9f57cf6232 [1]
(kernel version v5.3+ [2]) the sensitive CR0 bits in x86 is pinned,
we need to use the inline asm [3][4] to bypass it.

commit 8dbec27a242cd3e2816eeb98d3237b9f57cf6232 :
> With sensitive CR4 bits pinned now, it's possible that the WP bit for
> CR0 might become a target as well.
>
> Following the same reasoning for the CR4 pinning, pin CR0's WP
> bit. Contrary to the cpu feature dependend CR4 pinning this can be done
> with a constant value.

Also, getting "sys_call_table" [8] from the symbol lookup by using the address
of "close_fd" does not work for v5.11+ [5][6]. The reason is the entry of
"sys_call_table[__NR_close]" is not the address of "close_fd", actually
it is "__x64_sys_close" in x86.

Two solutions were proposed: using "kallsyms_lookup_name" [7] or just specifying
the address into the module. The symbol "kallsyms_lookup_name"  is unexported
since v5.7; the address of "sys_call_table" can be found in
"/boot/System.map" or "/proc/kallsyms".

Since v5.7, the manual symbol lookup is not guaranteed to work
because of control-flow integrity (or control-flow enforcement [9][10]) is added
[11] for x86, but it is disabled since v5.11 [12][13]. To make sure manual symbol
lookup work, it only uses up to v5.4.

Reference:
[1] 8dbec27a24
[2] https://outflux.net/blog/archives/2019/11/14/security-things-in-linux-v5-3/
[3] https://patchwork.kernel.org/project/linux-kbuild/patch/20200903203053.3411268-3-samitolvanen@google.com/
[4] https://stackoverflow.com/questions/58512430/how-to-write-to-protected-pages-in-the-linux-kernel
[5] https://lore.kernel.org/bpf/20201120231441.29911-21-ebiederm@xmission.com/
[6] https://lore.kernel.org/bpf/87blj83ysq.fsf@x220.int.ebiederm.org/
[7] 0bd476e6c6
[8] 8f27766a88
[9] https://lore.kernel.org/lkml/20200204171425.28073-1-yu-cheng.yu@intel.com/
[10] https://lore.kernel.org/linux-doc/20201110162211.9207-1-yu-cheng.yu@intel.com/T/
[11] 5790921bc1
[12] 20bf2b3787
[13] https://lore.kernel.org/bpf/20210128123842.c9e33949e62f504b84bfadf5@gmail.com/
2021-08-31 11:07:01 +08:00
Jim Huang
d3bde7daed print_string: Validate tty before accessing its operations
Close #81
2021-08-30 01:41:57 +08:00
linD026
06b75942cc
Fix incorrect major number registration in chardev (#77)
chardev2.c demonstrates the ioctl operation with static major
number MAJOR_NUM, but there also exists "Major," the dynamic
one, which results in registration and deregistration on different
device. Once the module remove, it cannot insert again:

  $ sudo insmod chardev2.ko
  $ sudo rmmod chardev2
  $ cat /proc/devices
  Character devices:
  ...
  100 char_dev
  $ sudo insmod chardev2.ko
  insmod: ERROR: could not insert module chardev2.ko: Device or resource busy

This patch removed the use of dynamic major number.
2021-08-26 03:16:17 +08:00
Tucker Polomik
a183cc72f0 Fix: errno assignment should be comparison. 2021-08-24 11:16:25 -04:00
fennecJ
870b26fa2d Update several example code for newer kernel
Known issues with current example code:
If you using newer kernel(e.g linux 5.11.x) to compile the example code,
you may meet following error:
1. syscall.c:83:50: error: ‘ksys_close’ undeclared;
2. cryptosk.c:17:24: error: field ‘sg’ has incomplete type
3. cryptosk.c:143:9: error: implicit declaration of function
‘get_random_bytes’
4. error: macro "DECLARE_TASKLET" passed 3 arguments, but takes just 2

Solutions/workaround:
1. In syscall.c, replace #include <linux/syscalls.h> with
#include <linux/fdtable.h> and replace  ksys_close with close_fd
if the kernel version >= 5.11. [1][2]
2. Add #include <linux/scatterlist.h> into cryptosk.c
3. Add #include <linux/random.h> into cryptosk.c
4. In bottomhalf.c and example_tasklet.c, replace DECLARE_TASKLET
with DECLARE_TASKLET_OLD and dispose third argument(0L). [3]

[1] - https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1572bfdf21d4d50e51941498ffe0b56c2289f783
[2] - https://www.mail-archive.com/meta-arago@arago-project.org//msg11939.html
[3] - https://patchwork.kernel.org/project/kernel-hardening/patch/20200716030847.1564131-3-keescook@chromium.org/
2021-08-23 21:30:43 +08:00
gagachang
9827e32e4d Update some file path to kernel v5.x+ in example/kbleds.c
1. drivers/char/vt_ioctl.c -> drivers/tty/vt/vt_ioctl.c
2. drivers/char/keyboard.c -> drivers/tty/vt/keyboard.c
2021-08-21 14:51:37 +08:00
Cyril Brulebois
d85944d107 Mention pr_info() rather than KERN_INFO
The latter might have been used along with printk() in an earlier
version, but pr_info() is getting used consistently so adjust the
#include comments accordingly.

For the avoidance of doubt, pr_info() actually comes from printk.h,
which gets #include'd by kernel.h.
2021-08-16 21:53:22 +02:00
Jim Huang
b497b6a34e Remove never implemented MODULE_SUPPORTED_DEVICE
MODULE_SUPPORTED_DEVICE is remove from upstream since March 17, 2021.
See linux.git commit 6417f03

Reported by Niklas Lantau <niklaslantau@gmail.com>
Close #61
2021-08-16 20:19:35 +08:00
Benno Bielmeier
8ba0b0085d
Fix typo: concurent -> concurrent 2021-08-12 07:43:38 +00:00
ChinYikMing
ad4ac48eec Fix init message 2021-08-10 00:48:19 +08:00
Jim Huang
8c12c8dce1 Make program style consistent again 2021-08-08 01:50:42 +08:00
Hsin-Hsiang Peng
8f32341bee
Fix alignment problem in code block (#45)
In rendered HTML, the line number should be right aligned, and
code should be left aligned accordingly.

In addition, this patch added the basic build instructions, so that
someone can generated the PDF and HTML files.

Close #44
2021-08-08 01:29:50 +08:00
Jim Huang
10c7a9433a Apply editorial changes
This patch makes source listing shorter and more compact, that helps
when browsing.
2021-08-08 01:24:59 +08:00
Jim Huang
d43259c553 Drop the deprecated init_module() and cleanup_module() 2021-08-08 00:29:24 +08:00
Jim Huang
a26d93037e Enforce consistent style
Execute "make indent" before submitting patches.
2021-08-07 23:33:37 +08:00
Jim Huang
1ac7bacfb8 Shorten chardev 2021-08-07 18:29:39 +08:00
Jim Huang
40e83aa14b Tidy section: The Device Model 2021-08-07 10:59:15 +08:00
Jim Huang
f8adcdb3c1 procfs4: Shorten and indent 2021-08-07 10:54:19 +08:00
Jim Huang
466e8a00fd cat_nonblock: Use canonical name scheme and fix unintended assignment 2021-08-05 14:28:12 +08:00
RinHizakura
5940dd9faa
Revise hello-5 and its output (#38)
For the example module hello_5, the book showed the incorrect output
in corresponding with its execution results.

In addition, this patch changes from myintArray[2] = {-1, -1} to
myintArray[2] = {420, 420}, which help the readers distinguish from
the kernel messages.
2021-08-04 23:42:10 +08:00
demonsome
50e9d9176f
chardev: Revise comment on device node (#23)
The device file create in this example is "chardev". 
So input command "sudo cat /dev/chardev" will get a valid message
"I already told you %d times Hello world!"
2021-07-31 23:03:16 +08:00
linD026
c7a7a667cf
Avoid strlen by assigning explicit length of string for proc_read (#18)
Since the address of buffer is userspace address, it may trigger an unexpected fault on strlen(buffer).

On Ubuntu 20.04.2 LTS ( 5.8.0-63-generic ), using strlen(buffer) will result in the following:
[ 2168.010930] /proc/buffer1k created
[ 2177.014347] BUG: unable to handle page fault for address: 00007fbbc2a17000
[ 2177.014355] #PF: supervisor read access in kernel mode
[ 2177.014358] #PF: error_code(0x0000) - not-present page
[ 2177.014361] PGD 80000003c61d0067 P4D 80000003c61d0067 PUD 3ee6c5067 PMD 40e1ff067 PTE 0
[ 2177.014369] Oops: 0000 [#1] SMP PTI
[ 2177.014376] CPU: 7 PID: 4750 Comm: cat Tainted: P        W  OE     5.8.0-63-generic #71~20.04.1-Ubuntu

[ 2177.014387] RIP: 0010:procfile_read+0xb/0x20 [procfs2]
[ 2177.014393] Code: Unable to access opcode bytes at RIP 0xffffffffc1253fe1.
[ 2177.014396] RSP: 0018:ffffbc84412cbe78 EFLAGS: 00010286
[ 2177.014400] RAX: ffffffffc1254000 RBX: 0000000000020000 RCX: ffffbc84412cbef0
[ 2177.014403] RDX: 0000000000020000 RSI: 00007fbbc2a17000 RDI: ffffa057d2708f00
[ 2177.014406] RBP: ffffbc84412cbe80 R08: 0000000000000001 R09: 0000000000000000
[ 2177.014409] R10: 0000000000000000 R11: 0000000000000000 R12: ffffa0581de8ccc0
[ 2177.014411] R13: ffffa057d2708f00 R14: ffffbc84412cbef0 R15: 00007fbbc2a17000
[ 2177.014415] FS:  00007fbbc3bfa580(0000) GS:ffffa0582dbc0000(0000) knlGS:0000000000000000
[ 2177.014418] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2177.014421] CR2: ffffffffc1253fe1 CR3: 00000003c611c004 CR4: 00000000003606e0
[ 2177.014424] Call Trace:
[ 2177.014435]  proc_reg_read+0x66/0x90
[ 2177.014441]  vfs_read+0xaa/0x190
[ 2177.014446]  ksys_read+0x67/0xe0
[ 2177.014451]  __x64_sys_read+0x1a/0x20
[ 2177.014458]  do_syscall_64+0x49/0xc0
[ 2177.014464]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 2177.014467] RIP: 0033:0x7fbbc3b18142
[ 2177.014472] Code: c0 e9 c2 fe ff ff 50 48 8d 3d 3a ca 0a 00 e8 f5 19 02 00 0f 1f 44 00 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 0f 05 <48> 3d 00 f0 ff ff 77 56 c3 0f 1f 44 00 00 48 83 ec 28 48 89 54 24
[ 2177.014476] RSP: 002b:00007ffcf2d20d78 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 2177.014479] RAX: ffffffffffffffda RBX: 0000000000020000 RCX: 00007fbbc3b18142
[ 2177.014482] RDX: 0000000000020000 RSI: 00007fbbc2a17000 RDI: 0000000000000003
[ 2177.014485] RBP: 00007fbbc2a17000 R08: 00007fbbc2a16010 R09: 0000000000000000
[ 2177.014487] R10: 0000000000000022 R11: 0000000000000246 R12: 0000560f8ff081f0
[ 2177.014490] R13: 0000000000000003 R14: 0000000000020000 R15: 0000000000020000

[ 2177.014635] CR2: 00007fbbc2a17000
[ 2177.014639] ---[ end trace b71ff05c1b0a10f6 ]---
[ 2177.184174] RIP: 0010:procfile_read+0xb/0x20 [procfs2]
[ 2177.184176] Code: Unable to access opcode bytes at RIP 0xffffffffc1253fe1.
[ 2177.184177] RSP: 0018:ffffbc84412cbe78 EFLAGS: 00010286
[ 2177.184178] RAX: ffffffffc1254000 RBX: 0000000000020000 RCX: ffffbc84412cbef0
[ 2177.184179] RDX: 0000000000020000 RSI: 00007fbbc2a17000 RDI: ffffa057d2708f00
[ 2177.184180] RBP: ffffbc84412cbe80 R08: 0000000000000001 R09: 0000000000000000
[ 2177.184180] R10: 0000000000000000 R11: 0000000000000000 R12: ffffa0581de8ccc0
[ 2177.184181] R13: ffffa057d2708f00 R14: ffffbc84412cbef0 R15: 00007fbbc2a17000
[ 2177.184182] FS:  00007fbbc3bfa580(0000) GS:ffffa0582dbc0000(0000) knlGS:0000000000000000
[ 2177.184182] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2177.184183] CR2: ffffffffc1253fe1 CR3: 00000003c611c004 CR4: 00000000003606e0
2021-07-29 16:10:52 +08:00
25077667
00f7e7018f Fix trivial tweak for missing comma 2021-07-26 03:08:27 +08:00
Jim Huang
faf3aa7c22 Make each source file more consistent
It is vital to denote the file name and summary for each source,
otherwise readers could not figure out the corresponding files.
2021-07-22 11:25:32 +08:00
Jim Huang
1c93f2f5ef Shorten sample code 2021-07-22 10:55:14 +08:00
Jim Huang
52dfb6744d Use American English words 2021-07-22 10:54:24 +08:00
Jim Huang
2e30e181f8 Drop duplicated copyright notice 2021-07-22 10:53:45 +08:00
Jim Huang
b76e5d378e Reduce header inclusion 2021-07-22 10:31:24 +08:00
Jim Huang
08e7b6efc3 Emphasize on 5.x kernel 2021-07-22 08:31:47 +08:00
Jim Huang
675c002b15 Remove linux-2.6 specific checks 2021-07-22 07:33:27 +08:00
Jim Huang
760bbe70cb Drop duplicated module author information 2021-07-22 07:29:07 +08:00
Jim Huang
64f791f274 Improve the compatibility with kernel version < 5.6 2021-07-22 07:17:31 +08:00
Jim Huang
50b8dfe6c2 Enforce the customized style for example code
Instead of using tab for indention, the style defaults to 4 spaces for
the sake of compact layout.
2021-07-22 06:58:13 +08:00
Jim Huang
2246e20809 Add LaTeX script and sample code 2021-07-22 06:35:24 +08:00