Various spelling and grammar corrections (#7)

* Various spelling corrections by codespell 1.17.1
* Various grammar corrections

Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Co-authored-by: Solar Designer <solar@openwall.com>
This commit is contained in:
Vitaly Chikunov 2020-08-19 00:18:56 +03:00 committed by Solar Designer
parent 671b079eb9
commit 2648a1d607
9 changed files with 24 additions and 24 deletions

View file

@ -3,7 +3,7 @@ LKRG benchmarks with Phoronix Test Suite
Michael Larabel of Phoronix published an article on his benchmarks of LKRG as
packaged for Whonix as of February 25, 2020. This means a development version
inbetween LKRG 0.7 and 0.8. The benchmark system was a "Core i9 9900KS desktop
between LKRG 0.7 and 0.8. The benchmark system was a "Core i9 9900KS desktop
running an Ubuntu 20.04 snapshot and using the Linux 5.4 Ubuntu kernel":
https://www.phoronix.com/scan.php?page=article&item=linux-lkrg-performance&num=1

2
README
View file

@ -252,7 +252,7 @@ The sysctl's are (with default values specified in braces):
(potentially deviating from any of the profiles).
Higher-numbered enforcement profiles provide higher likelihood of mitigating
a compromise or stopping an attack, but also a higher risk of interferring
a compromise or stopping an attack, but also a higher risk of interfering
with normal system behavior and to a worse extent in case of false positives.
lkrg.profile_enforce=0 can be used for safe testing of LKRG, where any

View file

@ -6,9 +6,9 @@
* => submodule for checking system configuration regarding CPUs
*
* Notes:
* - Some of the critical data may exists per logical CPU (core)
* - Some of the critical data may exist per logical CPU (core)
* and need to be independently verified / checked.
* Additionally, it is strongly dependend from the architecture.
* Additionally, it is strongly dependent on the architecture.
* Linux kernel defines different types of CPUs:
* => online CPUs
* => possible CPUs
@ -16,20 +16,20 @@
* => active CPUs
*
* This module will keep information about how many 'active CPUs',
* 'online CPUs' and 'present CPUs' exists in the current system.
* Additionally Linux kernel exports global CPU id count ('nr_cpu_ids')
* 'online CPUs' and 'present CPUs' exist in the current system.
* Additionally, Linux kernel exports global CPU id count ('nr_cpu_ids'),
* which is initialized per boot time. If over the time any of the
* CPU will be hot plugged / activated this information will be
* visible for us!
*
* - x86 (and amd64) arch: following informations are critical and need
* to be verified (checking integrity):
* - x86 (and amd64) arch: the following pieces of information are
* critical and need to be verified (checking integrity):
* => IDT base and/or entire table
* => MSRs
*
* - Since Linux 4.10 there isn't CPU_[ONLINE/DEAD] notifiers :(
* Hot CPU plug[in/out] notification logic has completaly changed. More information
* Can be found here:
* Hot CPU plug[in/out] notification logic has completely changed.
* More information can be found here:
* => https://patchwork.kernel.org/patch/9448577/
* On new kernel (4.10.+) we use modern hot CPU plug[in/out] logic.
*

View file

@ -45,7 +45,7 @@ typedef struct p_cpu_info {
int online_CPUs; // Might be active (because it's online) but it is NOT
// yet, so does NOT execute any task
int possible_CPUs; // Physically possible CPUs handled by this kernel
int present_CPUs; // Currently availble CPUs, but doesn't need to be used
int present_CPUs; // Currently available CPUs, but doesn't need to be used
// by kernel at this time. Value is dynamically updated
// when CPU is hotplug
int active_CPUs; // Currently active CPUs - can execute tasks
@ -108,7 +108,7 @@ struct p_jump_label {
};
/*
* Main database structure conatining:
* Main database structure containing:
* - memory hashes
* - Critical addresses
* - CPU specific information

View file

@ -1938,7 +1938,7 @@ int p_ed_pcfi_validate_sp(struct task_struct *p_task, struct p_ed_process *p_ori
}
/*
* Validate if stack is comming from the valid range (CONFIG_VMAP_STACK)
* Validate if stack is coming from the valid range (CONFIG_VMAP_STACK)
*/
// TODO

View file

@ -2,10 +2,10 @@
* pi3's Linux kernel Runtime Guard
*
* Component:
* - Red-black tree for keeping track user-mode process pid structure
* - Red-black tree for keeping track of usermode processes
*
* Notes:
* - Make sence with own kmem_cache_* allocation
* - Makes sense with own kmem_cache_* allocation
*
* Timeline:
* - Created: 07.IX.2017

View file

@ -2,10 +2,10 @@
* pi3's Linux kernel Runtime Guard
*
* Component:
* - Red-black tree for keeping track user-mode process pid structure
* - Red-black tree for keeping track of usermode processes
*
* Notes:
* - Make sence with own kmem_cache_* allocation
* - Makes sense with own kmem_cache_* allocation
*
* Timeline:
* - Created: 07.IX.2017

View file

@ -173,7 +173,7 @@ void p_check_integrity(struct work_struct *p_work) {
/*
* First allocate temporary buffer for per CPU data. Number of possible CPUs
* is per kernel compilation. Hot plug-in/off won't change that value so it is
* safe to prealocate buffer here - before lock and before recounting CPUs info.
* safe to preallocate buffer here - before lock and before recounting CPUs info.
*/
/*
@ -244,7 +244,7 @@ void p_check_integrity(struct work_struct *p_work) {
* *) http://blog.pi3.com.pl/?p=549
* *) http://lists.openwall.net/linux-kernel/2016/09/21/68
*
* on_each_cpu() might mitigate this problem a bit becuase has extra
* on_each_cpu() might mitigate this problem a bit because has extra
* self-balancing code for performance reasons.
*/
on_each_cpu(p_dump_CPU_metadata,p_tmp_cpus,true);
@ -855,7 +855,7 @@ void p_check_integrity(struct work_struct *p_work) {
/*
* We found as many modules in module list as in sysfs
* Let's validate if our databse has the same information as we gathered now
* Let's validate if our database has the same information as we gathered now
*
*/
@ -905,7 +905,7 @@ void p_check_integrity(struct work_struct *p_work) {
/* OK we found which module is in DB module list but not in current module list... */
p_tmp_flag_cnt++;
// TODO: Module dissapeared and we didn't notice it! We shouldn't dump it becuase
// TODO: Module disappeared and we didn't notice it! We shouldn't dump it because
// most likely module doesn't exists anymore...
// But we can try to poke that page where modules used to be to find out scratches
// of information about it (e.g. name? symbols table?)
@ -1323,7 +1323,7 @@ void p_check_integrity(struct work_struct *p_work) {
/* OK we found which module is in KOBJ DB but not in the current KOBJ list... */
p_tmp_flag_cnt++;
// TODO: Module dissapeared and we didn't notice it! We shouldn't dump it becuase
// TODO: Module disappeared and we didn't notice it! We shouldn't dump it because
// most likely module doesn't exists anymore...
// But we can try to poke that page where modules used to be to find out scratches
// of information about it (e.g. name? symbols table?)
@ -1676,7 +1676,7 @@ void p_check_integrity(struct work_struct *p_work) {
/* if ( (p_module_list_nr_tmp != p_module_kobj_nr_tmp) || (p_module_list_nr_tmp != p_db.p_module_list_nr)
|| (p_module_kobj_nr_tmp != p_db.p_module_kobj_nr) ) {
printk(P_LKRG_PRINT P_LKRG_SIGNATURE
"ALERT !!! MODULES NUMBER ARE INCONSISTEN! IN DB: LIST[%d] KOBJ[%d], found LIST[%d], KOBJ[%d]\n",
"ALERT !!! MODULE NUMBERS ARE INCONSISTENT! IN DB: LIST[%d] KOBJ[%d], found LIST[%d], KOBJ[%d]\n",
p_db.p_module_list_nr,p_db.p_module_kobj_nr,p_module_list_nr_tmp,p_module_kobj_nr_tmp);
p_hack_check++;

View file

@ -475,7 +475,7 @@ int p_kmod_hash(unsigned int *p_module_list_cnt_arg, p_module_list_mem **p_mlm_t
* Allocation logic should be changed! Should preallocate memory once, and if there
* there is not enough space, reallocate it multiplying the size, and so on... At some
* point allocation won't happen at all since we will have enough room to always store
* all necessary informations.
* all necessary information.
*/
if (!p_flag || 1 == p_flag) {