diff --git a/1_Livepatch/1.0_livepatch_sample/Makefile b/1_Livepatch/1.0_livepatch_sample/Makefile new file mode 100644 index 0000000..45db611 --- /dev/null +++ b/1_Livepatch/1.0_livepatch_sample/Makefile @@ -0,0 +1,9 @@ +obj-m := livepatch-sample.o +KDIR := /lib/modules/$(shell uname -r)/build +PWD := $(shell pwd) + +default: + $(MAKE) -C $(KDIR) M=$(PWD) modules + +clean: + $(MAKE) -C $(KDIR) M=$(PWD) clean diff --git a/1_Livepatch/1.0_livepatch_sample/README.md b/1_Livepatch/1.0_livepatch_sample/README.md new file mode 100644 index 0000000..8a8c2a6 --- /dev/null +++ b/1_Livepatch/1.0_livepatch_sample/README.md @@ -0,0 +1,14 @@ +# Linux Kernel Hacking + +## 1.0: Livepatch + +Patching kernel functions in memory on a live machine. Taken from [samples/livepatch](https://github.com/torvalds/linux/tree/master/samples/livepatch). + +This livepatch kernel module creates a replacement for `cmdline_proc_show()` from [`fs/proc/cmdline.c`](https://github.com/torvalds/linux/blob/master/fs/proc/cmdline.c) to simply print a message out instead of the usual cmdline. + +To use: +* Check the output of `cat /proc/cmdline` +* Build with `make`, and load into the kernel with `insmod livepatch-sample.ko` +* Check the output again of `cat /proc/cmdline` +* Disable the livepatch with `echo 0 | sudo tee /sys/kernel/livepatch/livepatch-sample/enabled` +* Unload from the kernel with `rmmod livepatch-sample.ko` diff --git a/1_Livepatch/1.0_livepatch_sample/livepatch-sample.c b/1_Livepatch/1.0_livepatch_sample/livepatch-sample.c new file mode 100644 index 0000000..cd76d7e --- /dev/null +++ b/1_Livepatch/1.0_livepatch_sample/livepatch-sample.c @@ -0,0 +1,70 @@ +// SPDX-License-Identifier: GPL-2.0-or-later +/* + * livepatch-sample.c - Kernel Live Patching Sample Module + * + * Copyright (C) 2014 Seth Jennings + */ + +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt + +#include +#include +#include + +/* + * This (dumb) live patch overrides the function that prints the + * kernel boot cmdline when /proc/cmdline is read. + * + * Example: + * + * $ cat /proc/cmdline + * + * + * $ insmod livepatch-sample.ko + * $ cat /proc/cmdline + * this has been live patched + * + * $ echo 0 > /sys/kernel/livepatch/livepatch_sample/enabled + * $ cat /proc/cmdline + * + */ + +#include +static int livepatch_cmdline_proc_show(struct seq_file *m, void *v) +{ + seq_printf(m, "%s\n", "this has been live patched"); + return 0; +} + +static struct klp_func funcs[] = { + { + .old_name = "cmdline_proc_show", + .new_func = livepatch_cmdline_proc_show, + }, { } +}; + +static struct klp_object objs[] = { + { + /* name being NULL means vmlinux */ + .funcs = funcs, + }, { } +}; + +static struct klp_patch patch = { + .mod = THIS_MODULE, + .objs = objs, +}; + +static int livepatch_init(void) +{ + return klp_enable_patch(&patch); +} + +static void livepatch_exit(void) +{ +} + +module_init(livepatch_init); +module_exit(livepatch_exit); +MODULE_LICENSE("GPL"); +MODULE_INFO(livepatch, "Y");