mirror of
https://github.com/sysprog21/lkmpg.git
synced 2024-11-22 08:10:48 +08:00
cccc98ab2c
Since the commit 8dbec27a242cd3e2816eeb98d3237b9f57cf6232 [1] (kernel version v5.3+ [2]) the sensitive CR0 bits in x86 is pinned, we need to use the inline asm [3][4] to bypass it. commit 8dbec27a242cd3e2816eeb98d3237b9f57cf6232 : > With sensitive CR4 bits pinned now, it's possible that the WP bit for > CR0 might become a target as well. > > Following the same reasoning for the CR4 pinning, pin CR0's WP > bit. Contrary to the cpu feature dependend CR4 pinning this can be done > with a constant value. Also, getting "sys_call_table" [8] from the symbol lookup by using the address of "close_fd" does not work for v5.11+ [5][6]. The reason is the entry of "sys_call_table[__NR_close]" is not the address of "close_fd", actually it is "__x64_sys_close" in x86. Two solutions were proposed: using "kallsyms_lookup_name" [7] or just specifying the address into the module. The symbol "kallsyms_lookup_name" is unexported since v5.7; the address of "sys_call_table" can be found in "/boot/System.map" or "/proc/kallsyms". Since v5.7, the manual symbol lookup is not guaranteed to work because of control-flow integrity (or control-flow enforcement [9][10]) is added [11] for x86, but it is disabled since v5.11 [12][13]. To make sure manual symbol lookup work, it only uses up to v5.4. Reference: [1] |
||
|---|---|---|
| .. | ||
| other | ||
| .clang-format | ||
| bottomhalf.c | ||
| chardev.c | ||
| chardev.h | ||
| chardev2.c | ||
| completions.c | ||
| cryptosha256.c | ||
| cryptosk.c | ||
| devicemodel.c | ||
| example_atomic.c | ||
| example_mutex.c | ||
| example_rwlock.c | ||
| example_spinlock.c | ||
| example_tasklet.c | ||
| hello-1.c | ||
| hello-2.c | ||
| hello-3.c | ||
| hello-4.c | ||
| hello-5.c | ||
| hello-sysfs.c | ||
| intrpt.c | ||
| ioctl.c | ||
| kbleds.c | ||
| Makefile | ||
| print_string.c | ||
| procfs1.c | ||
| procfs2.c | ||
| procfs3.c | ||
| procfs4.c | ||
| sched.c | ||
| sleep.c | ||
| start.c | ||
| stop.c | ||
| syscall.c | ||