I use clock_gettime to record the time and found that in all cases, getpid() takes much longer than syscall(). What's the reason of it? Thanks
This is my environment:
Linux stu 5.4.0-125-generic #141-Ubuntu SMP Wed Aug 10 13:42:03 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
This is my code:
(Abbreviate clock_gettime)
int main()
{
int pid1 = getpid()
printf("(pid: %d) is running\n");
int pid2 = syscall(SYS_getpid);
printf("(pid: %d) is running\n");
}
Related
I tried to use ftrace to hook kernel functions in arm64 kernel, but failed. Some important parts of my code are as follows:
static void notrace ftrace_hook_handler(size_t ip, size_t parent_ip, struct ftrace_ops *ops, struct ftrace_regs *fregs)
{
pr_info("ftrace hooking");
return;
}
int my_ftrace_hook {
struct ftrace_ops fops;
fops.func = ftrace_hook_handler;
fops.flags = FTRACE_OPS_FL_SAVE_REGS_IF_SUPPORTED;
pr_info("symbol: %s, addr: %px\n", "security_path_unlink", addr_security_path_unlink);
err = ftrace_set_filter_ip(&fops, addr_security_path_unlink, 0, 0);
if (err)
{
pr_err("ftrace_set_filter_ip() failed: %d\n", err);
return err;
}
}
but got an error:
# dmesg
[ 945.791221] ftrace_module: loading out-of-tree module taints kernel.
[ 945.791464] ftrace_module: module verification failed: signature and/or required key missing - tainting kernel
[ 945.820649] [ftrace_module] symbol: security_path_unlink, addr: ffffa13fc4fafd10
[ 945.820663] [my_ftrace_hook] ftrace_set_filter_ip() failed: -22
system information is:
# uname -a
Linux ubuntu2204 5.15.0-43-generic #46-Ubuntu SMP Wed Jul 13 06:42:04 UTC 2022 aarch64 aarch64 aarch64 GNU/Linux
# cat /etc/os-release
PRETTY_NAME="Ubuntu 22.04 LTS"
NAME="Ubuntu"
VERSION_ID="22.04"
VERSION="22.04 (Jammy Jellyfish)"
VERSION_CODENAME=jammy
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=jammy
How can I fix this? Is there an open source project to reference?
Any help will be appreciated.
In arm64, use ftrace, before calling function: ftrace_set_filter_ip
Below is sample code:
faddr = ftrace_location_range(hookaddr, hookaddr + AARCH64_INSN_SIZE);
ret = ftrace_set_filter_ip(hook->fops, faddr, 1, 0);
I have the following BPF program:
#include <uapi/linux/bpf.h>
#include <linux/version.h>
#include "bpf_helpers.h"
#include "bpf_map.h"
struct bpf_map_def SEC("maps/sock_ops") sock_ops = {
.type = BPF_MAP_TYPE_SOCKMAP,
.key_size = sizeof(int),
.value_size = sizeof(unsigned int),
.max_entries = 2,
.pinning = 0,
.namespace = "",
};
SEC("cgroup/sock_ops/sock_map_update")
int sock_ops_sock_map_update(struct bpf_sock_ops *ops)
{
int op;
op = (int) ops->op;
if (op == BPF_SOCK_OPS_ACTIVE_ESTABLISHED_CB || op == BPF_SOCK_OPS_PASSIVE_ESTABLISHED_CB) {
uint32_t idx = 0;
bpf_sock_map_update(ops, &sock_ops, &idx, BPF_ANY);
}
return 0;
}
char _license[] SEC("license") = "GPL";
u32 _version SEC("version") = LINUX_VERSION_CODE;
All it does is adds established TCP sockets to the sock_ops sockmap. I then load this program as a BPF_PROG_TYPE_SOCK_OPS program, attach it to a v2 cgroup and run a shell in that cgroup.
However, this seems to break SSL:
$ curl https://www.google.com/
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to www.google.com:443
HTTP works as expected:
$ curl http://www.google.com/
<!doctype html><html...
Why is this?
uname -a: Linux ubuntu-bionic 4.18.0-16-generic #17~18.04.1-Ubuntu SMP Tue Feb 12 13:35:51 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
I am doing my own alsa project.
Having changed OS (fresh installation / no upgrade) from
PRETTY_NAME="Raspbian GNU/Linux 7 (wheezy)"
NAME="Raspbian GNU/Linux"
VERSION_ID="7"
VERSION="7 (wheezy)"
ID=raspbian
ID_LIKE=debian
4.1.19-v7+ #858 SMP Tue Mar 15 15:56:00 GMT 2016 armv7l GNU/Linux
to
PRETTY_NAME="Raspbian GNU/Linux 9 (stretch)" NAME="Raspbian GNU/Linux"
VERSION_ID="9"
VERSION="9 (stretch)"
ID=raspbian
ID_LIKE=debian
4.14.93-v7+ #1191 SMP Wed Jan 16 11:53:33 GMT 2019 armv7l GNU/Linux
I have additionally downloaded / installed
alsa-lib-1.1.8.tar.bz2
without any errors!
Project wasn't touched inbetween - all alsa sources did compile fine under wheezy before!!!
Using the same "Makefile" under stretch I now face the following 'invalid storage class' error when compiling the project with alsa library / sources (included from /usr/include/alsa) again:
In file included from /usr/include/alsa/asoundlib.h:54:0,
from IPI2Cserver.c:3764:
/usr/include/alsa/pcm.h:507:23: error: invalid storage class for function ‘snd_pcm_abort’
static __inline__ int snd_pcm_abort(snd_pcm_t *pcm) { return snd_pcm_nonblock(pcm, 2); }
^~~~~~~~~~~~~
In file included from /usr/include/alsa/asoundlib.h:54:0,
from IPI2Cserver.c:3764:
/usr/include/alsa/pcm.h:1030:20: error: invalid storage class for function ‘snd_pcm_pack_audio_tstamp_config’
static inline void snd_pcm_pack_audio_tstamp_config(unsigned int *data,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/usr/include/alsa/pcm.h:1038:20: error: invalid storage class for function ‘snd_pcm_unpack_audio_tstamp_report’
static inline void snd_pcm_unpack_audio_tstamp_report(unsigned int data, unsigned int accuracy,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from /usr/include/alsa/asoundlib.h:58:0,
from IPI2Cserver.c:3764:
/usr/include/alsa/control.h:237:23: error: invalid storage class for function ‘snd_ctl_abort’
static __inline__ int snd_ctl_abort(snd_ctl_t *ctl) { return snd_ctl_nonblock(ctl, 2); }
^~~~~~~~~~~~~
In file included from /usr/include/alsa/asoundlib.h:58:0,
from IPI2Cserver.c:3764:
/usr/include/alsa/control.h:558:23: error: invalid storage class for function ‘snd_hctl_abort’
static __inline__ int snd_hctl_abort(snd_hctl_t *hctl) { return snd_hctl_nonblock(hctl, 2); }
^~~~~~~~~~~~~~
Question now - what has changed when having migrated to stretch without any further project change?
Changes in alsa ?
Changes in stretch?
Thanks in advance - any help is very appreciated!
I am not a professional / expert, so I do not feel capable to change alsa source code headers to adapt to the new situation!
Thanks for answering!
Just an example from the calling main program (at line 3764, when the error comes up):
#include <alsa/asoundlib.h> // <- line 3764
int display_alsa() {
int val;
printf("ALSA library version: %s\n",
SND_LIB_VERSION_STR);
printf("\nPCM stream types:\n");
for (val = 0; val <= SND_PCM_STREAM_LAST; val++)
printf(" %s\n",
snd_pcm_stream_name((snd_pcm_stream_t)val));
...
Regards
#include <stdio.h>
#include <unistd.h>
int main()
{
int id;
printf("here comes the date.\n");
if (id = fork() == 0) {
printf(“%d”, id);
printf ("PID is %d and ID is %d\n", getpid (),id);
execl ("/bin/date", "date", 0);
}
printf ("that was the date.\n");
}
OUTPUT:
here comes the date.
that was the date.
PID is 1414 and ID is 1
Tue Feb 10 14:03:02 PST 2015
Because you are setting it equal to the result of fork() == 0 which is a logical test.
Fork will succeed (return zero) inside of the forked thread. The outer thread will have the PID.
I am doing some reverse engineering with a binary executable without sources. On Windows what I can do is load an executable file (EXE) with LoadLibrary, just as it was a DLL file. If the loaded file is not relocatable I can simply relocate my loader code to "make space" for the other module. When I have the binary loaded, I can call it's functions (assuming I where where they are, of course), and do other stuff.
Is there some way to do the same or similar on Mac? I have a mach-o executable, and I'd like to load it as it was a dynamic library (DYLIB). Or is there some way to convert an executable into a DYLIB? What are the real differences between an executable and a DYLIB?
OK, so I did some experiments, and see this. File "bin1.c" contains:
#include <stdio.h>
int main() {
printf("I am bin1.\n");
return 0;
}
and "bin2.c" is:
#include <stdio.h>
#include <dlfcn.h>
int main() {
printf("I am bin2.\n");
void *l = dlopen("bin1", RTLD_NOW);
if (l == NULL) {
printf("dlopen failed: %s\n", dlerror());
return -1;
}
void *f = dlsym(l, "main");
if (f == NULL) {
printf("dlsym failed: %s\n", dlerror());
return -1;
}
int (*main)() = f;
main();
return 0;
}
On my Mac, all compiles fine and indeed loads the other executable as it was a loadable library, and I can call the main function in the other binary:
Johanka:Desktop newacc$ uname -a
Darwin Johanka.local 11.3.0 Darwin Kernel Version 11.3.0: Thu Jan 12 18:47:41 PST 2012; root:xnu-1699.24.23~1/RELEASE_X86_64 x86_64
Johanka:Desktop newacc$ gcc bin1.c -o bin1 && ./bin1
I am bin1.
Johanka:Desktop newacc$ gcc bin2.c -o bin2 && ./bin2
I am bin2.
I am bin1.
Not sure though, whether there are limitations on this and if this can be done with non-relocatable binaries. But this example show that at least in some cases, it's possible.