I want to use the LSM framework with kernel ubuntu 2.6.36.
When I compiled the kernel module, it wrote:
WARNING: "register_security " undefined!
After a lot of googlings, I found the reason is that the register_security() symbol is no longer exported in the 2.6 kernel.
So I added EXPORT_SYMBOL(register_security) in the ../security/security.c file, and recompiled the kernel.
After booting with the new kernel, I added extern int register_security(struct security_operations *ops) in my kernel module file, and compiled the module again.
However, the WARNING information still existed. If I continued to insmode the module, the dmesg told me that
Unknown symbol register_security
What should I do? How can I register a Linux Security Module?
Make sure newly loaded kernel is the one, which is compiled by you.
Check the Licence of your module (Ref: http://lists.jammed.com/linux-security-module/2004/08/0053.html)
In modern kernels register_security symbol does not exported. It means that you can't register LSM module as a module. But if you really wish to do that you can do that :) Look at the exported LSM-symbols like security_sb_copy_data. They are simple wrappers over the security_ops->some_lsm_method. So, you can use their code to determine security_ops pointer value. It needs disassembler though.
Unknown symbol register_security
Happened at the line that you unregister your LSM.
So add unregister_security() in security.c and export it:
/**
* unregister_security - allows security modules to be moved
* #ops : a pointer to the struct security_options that had been registered before.
*/
int unregister_security(struct security_operations *ops)
{
if (ops != security_ops)
{
printk (KERN_INFO "%s: trying to unregister "
"a security_opts structure that is not "
"registered, failing.\n", __FUNCTION__);
return -EINVAL;
}
security_ops = &dummy_security_ops;
return 0;
}
EXPORT_SYMBOL(unregister_security);
And recompiled the kernel.
Related
I'm using Linux on an MMU-less ARM platform, so normal ELF files won't work and I should use FDPIC_ELF executable. but my kernel couldn't execute fdpic executables (error -8 (ENOEXEC)).
I have ecided to put some printk() calls in binfmt_elf_fdpic.c ->init() function to trace it. but it won't work.
static int __init init_elf_fdpic_binfmt(void)
{
printk(" Mahyar: elf_fdpic: init started\n"); // delete me later!
register_binfmt(&elf_fdpic_format);
printk(" Mahyar: elf_fdpic: init finished\n"); // delete me later!
return 0;
}
static void __exit exit_elf_fdpic_binfmt(void)
{
unregister_binfmt(&elf_fdpic_format);
}
core_initcall(init_elf_fdpic_binfmt);
module_exit(exit_elf_fdpic_binfmt);
For seeing the complete code on github click here!
I've enabled the fdpic ELF support in menuconfig->executable-formats as built-in feature (not a kernel module). Also my kernel log level is 15 (the highest level (should print everything)).
When I change something in binfmt_elf_fdpic.c file, and run the make command, it compile that file again. so it means this file should work.
but why it won't load into kernel while startup?
I am working on 32bit to 64bit kernel module porting project. The old kernel version is 2.6.18 and the target is 2.6.32.
The old kernel modules were creating files under /proc/sys/net// path via the following function:
if (create_proc_read_entry("/sys/net/<module_name>/<proc_file_name>", 0, NULL, read_proc, NULL) == NULL){ ...}
I set CONFIG_PROC_FS as "y" in .config file before building 2.6.32 kernel.
However, although proc_fs.h for kernel version 2.6.32 has "create_proc_read_entry" same as kernel version 2.6.18, and "CONFIG_PROC_FS=y" in .config file, the return value is always NULL and it crashes the module when I load it with modprodbe command. If I comment out the subject function call, module is loaded without any problem and it works without any problem.
Did I miss something ? Should I stick with CONFIG_PROC_FS flag ?
I have a kernel module which was probably written for the 2.6xx kernel version. Now I currently want to plug that module onto kernel version 3.1x and above. I have tweaked and changed the code and apparently now there is compilation error except the below mentioned warnings.
WARNING: "do_mmap_pgoff" [/home/abdullah/Downloads/my_mod.ko] undefined!
WARNING: "putname" [/home/abdullah/Downloads/my_mod.ko] undefined!
WARNING: "get_task_cred" [/home/abdullah/Downloads/my_mod.ko] undefined!
Now when I checked my kernel Module.symvers I did not find all three of the functions in it for exports. Which results in a fatal error when inserting the module. Now my question: Does anybody know the alternative to these functions? Any help will be really appreciated. Below is a sample function which illustrates the scenario as the complete function is to long.
int function_1(const char *fname)
{
struct cred *task_cred;
struct filename *filename = NULL;
filename = getname(__user(fname));
task_cred = (struct cred *)get_task_cred(current);
putname(filename);
filename = NULL;
return 1;
}
Well, there is another way also which is bit unsafe, any body who is not on a production system he can export these function in the kernel source file as I did
I have a simple Kernel module:
void GPIO_LED(void) {
printk(" GPIO: set PC8: '0');
at91_set_gpio_value(AT91_PIN_PC8, 1);
}
//
int init_module(void) {
GPIO_LED();
return 0;
}
MODULE_LICENSE("GPL");
When using it with mdev device management. everything works just fine. But using it with a udev device management, while executing insmod
insmod /usr/modules/measurement_gpio.ko
the following message appeared:
insmod: can't insert '/usr/modules/measurement_gpio.ko': invalid module format
Another test showed that when using a device table instead of mdev/udev leads to the same Error. Every setting stayed the same (especially the kernel version) but the device management changes during this Test, so actually the module should be fine.
How can that be and how to solve it?
[Edit:] after making the kernel be able for load modules for multiple versions i receive the following message, which confuses me even more:
measurement_gpio: version magic '2.6.39 mod_unload modversions ARMv5 ' should be '2.6.39 mod_unload ARMv5
[Edit2:]
The way I build my module is:
with Buildroot I'm generating an Image, on the way a Linux
2.6.39 is installed.
Afterwards I'm compiling the kernelmodule with the path to the Linux 2.6.39, that buildroot has downloaded.
When the module is created I'm putting it into a fs-overlay
directory, so it will be included into the image on next build.
I hit another "make" on buildroot and i got everything together and a bootable Image.
I change nothing, that's why it confuses me even more
The linux/shed.h contains the following forward declaration:
extern rwlock_t tasklist_lock;
But where is tasklist_lock defined?
tasklist_lock is references in sched.h, and defined in fork.c
I use "gid" as a tool to spelunk through the kernel source. I simply:
1) Install idutils
2) Run "mkid" (to generate a searchable index) from the root of my kernel source
3) run "gid MYVARIABLE | less" any time I want to look something up
"idutils" is freely available on most Linux distros, and on the Internet.
Here's the documentation:
http://www.gnu.org/software/idutils/manual/idutils.html