cccc98ab2c
Since the commit 8dbec27a242cd3e2816eeb98d3237b9f57cf6232 [1] (kernel version v5.3+ [2]) the sensitive CR0 bits in x86 is pinned, we need to use the inline asm [3][4] to bypass it. commit 8dbec27a242cd3e2816eeb98d3237b9f57cf6232 : > With sensitive CR4 bits pinned now, it's possible that the WP bit for > CR0 might become a target as well. > > Following the same reasoning for the CR4 pinning, pin CR0's WP > bit. Contrary to the cpu feature dependend CR4 pinning this can be done > with a constant value. Also, getting "sys_call_table" [8] from the symbol lookup by using the address of "close_fd" does not work for v5.11+ [5][6]. The reason is the entry of "sys_call_table[__NR_close]" is not the address of "close_fd", actually it is "__x64_sys_close" in x86. Two solutions were proposed: using "kallsyms_lookup_name" [7] or just specifying the address into the module. The symbol "kallsyms_lookup_name" is unexported since v5.7; the address of "sys_call_table" can be found in "/boot/System.map" or "/proc/kallsyms". Since v5.7, the manual symbol lookup is not guaranteed to work because of control-flow integrity (or control-flow enforcement [9][10]) is added [11] for x86, but it is disabled since v5.11 [12][13]. To make sure manual symbol lookup work, it only uses up to v5.4. Reference: [1]8dbec27a24[2] https://outflux.net/blog/archives/2019/11/14/security-things-in-linux-v5-3/ [3] https://patchwork.kernel.org/project/linux-kbuild/patch/20200903203053.3411268-3-samitolvanen@google.com/ [4] https://stackoverflow.com/questions/58512430/how-to-write-to-protected-pages-in-the-linux-kernel [5] https://lore.kernel.org/bpf/20201120231441.29911-21-ebiederm@xmission.com/ [6] https://lore.kernel.org/bpf/87blj83ysq.fsf@x220.int.ebiederm.org/ [7]0bd476e6c6[8]8f27766a88[9] https://lore.kernel.org/lkml/20200204171425.28073-1-yu-cheng.yu@intel.com/ [10] https://lore.kernel.org/linux-doc/20201110162211.9207-1-yu-cheng.yu@intel.com/T/ [11]5790921bc1[12]20bf2b3787[13] https://lore.kernel.org/bpf/20210128123842.c9e33949e62f504b84bfadf5@gmail.com/
The Linux Kernel Module Programming Guide
This project keeps the Linux Kernel Module Programming Guide reasonably up to date, with working examples for recent 5.x kernel versions. The guide has been around since 2001 and most copies of it on the web only describe old 2.6.x kernels.
The book can be freely accessed via https://sysprog21.github.io/lkmpg/ or latest PDF file. The original guide may be found at Linux Documentation Project.
Getting Started
Compile on Local Machine
To prepare for build this book on your local machine, we're going to install TeXLive (MacTeX). On various Unix/Linux operating systems, this can be done simply by:
# Debian / Ubuntu
$ sudo apt install make texlive-full
# Arch / Manjaro
$ sudo pacman -S make texlive-most texlive-bin
# macOS
$ brew install --cask mactex
$ sudo tlmgr update --self
Now we could build document with following commands:
# download project
$ git clone https://github.com/sysprog21/lkmpg.git && cd lkmpg
# run commands
$ make all # Generate PDFdocument
$ make html # Convert TeX to HTML
$ make clean # Delete generated files
Compile with Docker
The compilation could be completed flawlessly using Docker. **Using Docker is recommended, as it guarantees the same dependencies with our GitHub Actions wokrflow.
After install docker engine on your machine, pulling the docker image twtug/lkmpg and compile with it.
Execute followings
# download project
$ git clone https://github.com/sysprog21/lkmpg.git && cd lkmpg
# pull docker image and run it as container
$ docker pull twtug/lkmpg
$ docker run --rm -it -v $(pwd):/workdir twtug/lkmpg
# run commands
$ make all # Generate PDF document
$ make html # Convert TeX to HTML
$ make clean # Delete generated files
License
The Linux Kernel Module Programming Guide is a free book; you may reproduce and/or modify it under the terms of the Open Software License.
Use of this work is governed by a copyleft license that can be found in the LICENSE file.
The complementary sample code is licensed under GNU GPL version 2, as same as Linux kernel.