Add a new logic to the integrity verification routine verifying if the
kprobes are enabled and correctly run.
This commit makes kprobe verification functionality as an independent
module invoked by integrity verification routine as well as during
initialization to make sure kprobes are enabled and run as intended
(otherwise, initialization fails).
The original logic was hooking 'ovl_create_or_link' function but it could be
inlined. This commit changes it by hooking 'ovl_dentry_is_whiteout' when
possible.
Fixes#215
Since kernel 5.10 tracepoints don't use JUMP_LABEL engine for .text kernel
modification.
Linux kernel introduced 'static_call' as a replacement for global function
pointers. It uses code patching to allow direct calls to be used instead of
indirect calls. Related Linux kernel commits:
e6d6c071f21e7e478838 (diff-d7873f00dcd8c46df3e1e57b3225ff91036c83d5d7339d410b468418fc9a32a4)
Currently, only x86(-64) architecture has implementation for static calls.
This commit should address #69
Since kernel 5.8 function search_binary_handler is not exported anymore.
On the aggressively optimized kernels it is possible that
`search_binary_handler` can be inlined. However, GCC can splits the
function to put the big part in its own function, which receives as a name
the original function name plus .part + .<some number>, and inlines the
rest in other functions.
This is a very problematic behavior from the LKRG point of view and was
reported as #41 and #45. This commit fixes the problem by replacing the
'search_binary_handler' (or 'do_execveat_common') hook with
security_bprm_committing_creds and security_bprm_committed_creds.
Additionally, this change is desired from the security point of view.
Current LKRG's architecture has small benefits from validation waking-up
tasks. However, it might have noticeable performance impact. After this
commit, 'pint_validate' option 2 has the same meaning as option 1.
Mikhail Klementev created an amazing framework which allows to automatically
verify LKRG under various kernel versions. Let's integrate LKRG's code-base
with it. We also have a simple configuration file to run it under simulated
Ubuntu 18.04 environment.
1) We are hooking into FTRACE's internal functions to be able to monitor when new modifications are executed and react accordingly.
2) Linux kernel has bugs in FTRACE code. The LKRG may highlight them.
3) We are introducing 'p_state_init' variable to track when full LKRG's initialization is complete.
1) This is necessary for future FTRACE support. FTRACE is not fully synchronized with JUMP_LABEL (which I think is a buggy logic in the kernel). However, we can manually add such logic. The way how text_mutex is used by both subsystems makes it prone to deadlock if 3rd system wants to sync with both of them.
2) New lock efnorces changes in p_text_section_(un)lock API which we do in the same commit
3) Introduce new LKRG's counter lock API - trylock
4) Add a few minor changes:
- notrace attribute (probably, we need to add such attributes to majority of our functions)
- add information about module name in case of KMOD notifier activity
a) By default, only verify currently executed process
b) Introduce a paranoid mode of process verification.
This mode verifies all tasks in the system
(like LKRG's old logic). This mode is executed from the
CI verification routine.
[2] Add new hooks to verify process credentials:
a) cover that cases where various capabilities are checked
b) before any task changes the state to TASK_RUNNING
[3] Create multiple RB-trees for tracking ED process. Until now
we had only 1 root RB-tree. new logic change can improve
performance when system is overloaded.
[4] Introduce a new ED API which enforces process to crash itself
when SIGKILL can't be delivered
[5] Enforce CPU metadata verification (like SMEP) in more places
[6] Fix some minor issues
[1] Mask exporting global CFLAGS since it might be incompatible when LKRG is part of the bigger build project
[2] Add default path for UMH when CONFIG_STATIC_USERMODEHELPER is used
[3] Mask the most noisy STRONG_DEBUG output - doesn't have as much value. It can be always unmasked if needed.
[4] Add support for the kernels without enabled CONFIG_DYNAMIC_DEBUG
[5] Add support for the kernels without enabled CONFIG_ACPI
[2] Fix 'colors' issue when systemd service installation fails
[3] [CI] Fix race condition with *_JUMP_LABEL engine resulting potential deadlock when LKRG is initialized parallel with other heavy kernel module (un)loading events
[4] [ED] Rewrite internal logic how LKRG synchronizes with the task's resources - big change
[5] [ED] Filter our kernel threads and system-init process when validation is performed bypassing threads iteration
[6] [ED] Disable IRQ in most cases when ED's pids DB lock is taken. Otherwise, we might have potential race and deadlock with kprobe engine itself, and SoftIRQs might deadlock with pCFI
[2] Add beta version support for ARM64
[3] [ED] Fix FP (race condition) in pCFI in glitching scenario during process update and add memory barrier
[4] [ED] Fix potential FP during LKRG unloading procedure and add memory barrier
[5] [ED] Create own version of user_access_begin() function compatible across various kernel versions and leverage it for argument extraction for *init_module/delete_module
[6] [ED] Fix logic for *init_module/delete_module for kernel with CONFIG_ARCH_HAS_SYSCALL_WRAPPER
