Fix a gentle bug when compiled with P_LKRG_TASK_OFF_DEBUG

P_LKRG_TASK_OFF_DEBUG introduces extra lines of code which was not taken into account for seccomp() and namespace API. This commit fixes it. Additionally, we are adding extra information in case of corruption (dump_stack()).
2023-12-13 21:30:29 +01:00 · 2020-12-03 15:07:40 -05:00 · 2020-12-03 15:07:40 -05:00 · 47804120c3
commit 47804120c3
parent d051bc2802
3 changed files with 6 additions and 2 deletions
--- a/src/modules/exploit_detection/p_exploit_detection.c
+++ b/src/modules/exploit_detection/p_exploit_detection.c
@ -920,6 +920,7 @@ inline void p_validate_off_flag(struct p_ed_process *p_source, long p_val, int *
             p_val, p_global_cnt_cookie);
 #ifdef P_LKRG_TASK_OFF_DEBUG
      p_debug_off_flag_dump_ring_buffer(p_source);
+      dump_stack();
 #endif
      // kill this process!
      rcu_read_lock();
@ -946,6 +947,7 @@ inline void p_ed_is_off_off(struct p_ed_process *p_source, long p_val) {
             p_val, p_global_cnt_cookie);
 #ifdef P_LKRG_TASK_OFF_DEBUG
      p_debug_off_flag_dump_ring_buffer(p_source);
+      dump_stack();
 #endif
      // kill this process!
      rcu_read_lock();
--- a/src/modules/exploit_detection/syscalls/override/overlayfs/p_ovl_create_or_link/p_ovl_create_or_link.c
+++ b/src/modules/exploit_detection/syscalls/override/overlayfs/p_ovl_create_or_link/p_ovl_create_or_link.c
@ -49,11 +49,12 @@ notrace int p_ovl_create_or_link_ret(struct kretprobe_instance *ri, struct pt_re
      // Update process
      p_tasks_write_lock(&p_flags);
      if ( (p_tmp = p_find_ed_by_pid(task_pid_nr(current))) != NULL) {
-         if (p_verify_ovl_create_or_link(p_tmp))
+         if (p_verify_ovl_create_or_link(p_tmp)) {
 #ifdef P_LKRG_TASK_OFF_DEBUG
            p_debug_off_flag_override_on(p_tmp, 30, p_regs);
 #endif
            p_set_ed_process_override_on(p_tmp);
+         }
      }
      p_ed_validate_current();
      if (p_ed_enforce_pcfi(current, p_tmp, p_regs)) {
--- a/src/modules/exploit_detection/syscalls/p_seccomp/p_seccomp.c
+++ b/src/modules/exploit_detection/syscalls/p_seccomp/p_seccomp.c
@ -122,11 +122,12 @@ int p_seccomp_ret(struct kretprobe_instance *p_ri, struct pt_regs *p_regs) {
                  p_print_log(P_LKRG_INFO, "Updating ED pid[%d]\n",p_threads->pid);
                  p_update_ed_process(p_child_tmp, p_threads, 0);
               }
-               if (p_threads != p_father)
+               if (p_threads != p_father) {
 #ifdef P_LKRG_TASK_OFF_DEBUG
                  p_debug_off_flag_on(p_child_tmp, 34);
 #endif
                  p_set_ed_process_on(p_child_tmp);
+               }
            }
            put_task_struct(p_threads);
         }