Is there any way to disable ASLR for Linux kernel modules?
For example:
adb shell cat /proc/modules | grep module_name
module_name 8134656 27 - Live 0xffffffec11589000 (O)
Can we get the same address for all subsequent reboots?
Not possible without disabling KASLR altogether. There is no special KASLR flag for modules, it's either enabled or disabled globally, modules included (as you can see from the source code). If CONFIG_RANDOMIZE_BASE=y then the kernel image address as well as module addresses will be randomized, and this can be disabled only by using the nokaslr kernel command line parameter at boot.
Related
I have setup Linux Kernel debug environment with VMware Workstation. But When I tried to connect with gdb that connects correctly but I can't set any breakpoint or examine any kernel symbol.
Target Machine (debugee) Ubuntu 18:
I have compiled linux kernel 5.0-0 with the following directives:
CONFIG_DEBUG_INFO=y
# CONFIG_DEBUG_INFO_REDUCED is not set
# CONFIG_DEBUG_INFO_SPLIT is not set
CONFIG_DEBUG_INFO_DWARF4=y
CONFIG_DEBUG_FS=y
# CONFIG_DEBUG_SECTION_MISMATCH is not set
# CONFIG_DEBUG_FORCE_WEAK_PER_CPU is not set
Also my VMX file configuration:
debugStub.listen.guest64 = "TRUE"
debugStub.listen.guest64.remote="TRUE"
After that I transfered vmlinux to debugger machine and use gdb:
bash$ gdb vmlinux
gdb-peda$ target remote 10.251.31.28:8864
Remote debugging using 10.251.31.28:8864
Warning: not running or target is remote
0xffffffff9c623f36 in ?? ()
gdb-peda$ disas sys_open
No symbol "do_sys_open" in current context.
First you need to install kernel-debug-devel, kernel-debuginfo, kernel-debuginfo-common for corresponding kernel version.
Then you can use crash utility to debug kernel, which internally uses gdb
The symbol name you're looking for is sometimes not exactly what you expect it to be. You can use readelf or other similar tools to find the full name of the symbol in the kernel image. These names sometimes differ from the names in the code because of various architecture level differences and their related header and C definitions in kernel code. For example you might be able to disassemble the open() system call by using:
disas __x64_do_sys_open
if you've compiled it for x86-64 architecture.
Also keep in mind that these naming conventions are subject to change in different versions of kernel.
I cannot load kernel module when the system boots up. I found one article that suggests me to try the following steps:
(a) Create directory for kmodule(the module I created):
# mkdir -p /lib/modules/$(uname -r)/kernel/drivers/mymodule
(b) Copy kmodule to that directory:
# cp kmodule.ko /lib/modules/$(uname -r)/kernel/drivers/mymodule/
(c) Edit /etc/modules file and add a line to it that consist your module name. In my case, it's kmodule as per the following:
# vi /etc/modules
1 # /etc/modules: kernel modules to load at boot time.
2 #
3 # This file contains the names of kernel modules that should beloaded
4 # at boot time, one per line. Lines beginning with "#" are ignored.
5 kmodule
(d) Reboot the system to see changes. Use lsmod command to check if the module is loaded or not.
# lsmod | grep kmodule
My Problem: it's not loaded when I reboot the system and when I debug using cmd $ cat /var/log/syslog | grep kmodule.
I found this:
May 20 15:40:14 SARATHI kernel: [17499.486762] kmodule: loading out-of-tree module taints kernel.
May 20 15:40:14 SARATHI kernel: [17499.486800] kmodule: module verification failed: signature and/or required key missing - tainting kernel
May 20 19:31:46 SARATHI systemd-modules-load[243]: Failed to find module 'kmodule'
What does that mean? How to resolve it?
NOTE: I'm new to kernel module and I'm using Ubuntu 16.04. Also, note that when I loaded manually using insmod cmd, it's successfully loaded.
Do Kernel builtin modules need to be loaded using modprobe or they get loaded at boot-up?
They are compiled into the kernel binary. The kernel will call their init function during startup.
I am working on academic project that modifies some Kernel Networking code as well as include a new Kernel module.
I am using QEMU to load modified kernel and test.
However, i find that a complete OS is required in some .img to debug.
Is it possible without it ?
Or, which is the distro that can be used with Kernel 2.6 for system. The distro need not have any features, except ability to run programs, including networking support.
The easiest way in my opinion is to use buildroot
http://buildroot.uclibc.org/
clone it, configure it to use your custom kernel (default userspace is fine for a start, you might want to change it later).
it will build your kernel and root filesystem. the entire process takes about half an hour, twenty minutes of which is compiling the monster
my run line looks something:
qemu-system-i386
-hda rootfs.ext2
-kernel bzImage
-m 512M
-append "root=/dev/sda console=ttyS0"
-localtime
-serial stdio
and some more options regarding a tap device
Minimal fully automated QEMU + GDB + Buildroot example
QEMU + GDB on non-module Linux kernel is covered in detail at: How to debug the Linux kernel with GDB and QEMU? and building the kernel modules inside QEMU at: How to add Linux driver as a Buildroot package Get those working first.
Next, I have also fully automated GDB module debugging at: https://github.com/cirosantilli/linux-kernel-module-cheat/tree/1c29163c3919d4168d5d34852d804fd3eeb3ba67#kernel-module-debugging
These are the main steps you have to take:
Compile the kernel module with debug symbols:
ccflags-y += -g -DDEBUG
as mentioned at: kernel module no debugging symbols found
Stop GDB with Ctrl + C and run:
lx-symbols path/to/parent/of/modules/
This amazing command, which is defined in a GDB Python script inside the Linux kernel source tree, automatically loads symbols for loaded modules present under the given directory recursively whenever GDB stops.
The best way to make that command available is to use:
gdb -ex add-auto-load-safe-path /full/path/to/linux/kernel
as explained at: GDB: lx-symbols undefined command
insmod the kernel module.
This must be done before setting breakpoints, because we don't know where the kernel will insert the module in memory beforehand.
lx-symbols automatically takes care of finding the module location (in host filesystem and guest memory!) for us.
Break GDB again with Ctrl + C, set breakpoints, and enjoy.
If were feeling hardcore, you could also drop lx-symbols entirely, and find the module location after insmod with:
cat /proc/modules
and then add the .ko manually with:
add-symbol-file path/to/mymodule.ko 0xfffffffa00000000
I am trying to compile the linux kernel (3.0.0-13) with the Xen dom0 config flags which are not exposed via menuconfig. (Yes, I know that ubuntu provides a 'virtual' flavoured kernel that supports Xen paravirtualization, but that kernel does not seem to boot on my hardware. So, I am trying to compile the 'generic' flavoured ubuntu kernel with the extra Xen config flags since I know that the 'generic' flavour runs on my hardware). Every time that I try to compile my config flags are ignored based on the .config file that is generated and packaged with my kernel binary.
I have tried the following the following:
Downloaded the kernel source using apt-get source linux-image
I have then followed all of the steps from this guide: How to compile a new Ubuntu 11.10 (Oneiric) kernel and performed the following extra steps:
put my own config flags in the config.flavour.xxx file then compiled the linux-image package
Paused the 'debian/rules editconfigs' command immediately after the it runs 'menuconfig' and replaced the build/.config file with my custom .config file then compiled the linux-image package
I have also used the following howto How To Compile A Kernel - The Ubuntu Way and run the following commands on kernel source code that I already had:
edit the .config file to have my config flags
run 'make oldconfig'
run 'make-kpkg clean && fakeroot make-kpkg --initrd --append-to-version=-custom kernel_image kernel_headers'
After every time I have compiled the kernel I have installed the newly compiled linux-image package and have discovered that my config flags are not in the /boot/config-xxx file as I expect.
What am I doing wrong to cause my config flags to be ignored?
What can I do to make sure that my kernel config flags are used when compiling?
Is there some other option than recompiling the kernel to get a Xen dom0 kernel that work for my hardware?
For question 3: Is there another way to get a xen dom0 kernel for my hardware?
Yes.
Although all of the xen documentation says that all stock kernel support xen dom0, what they mean is that the source for all stock kernels now support xen dom0 but that support is turned off in their precompiled binaries.
On debian there is the following package which is a prebuilt linux kernel with the xen dom0 support turned on. Package: linux-image-xen-686
For anyone else who is really looking to compile their own xen dom0 kernel the following site has a good guide: Compiling a Xen Dom0 Kernel for Ubuntu Jaunty
What am I doing wrong to cause my config flags to be ignored?
The root of the issue lies in the first portion of your problem; the Xen dom0 config flags are not exposed via menuconfig
Simply setting them in the .config doesn't mean they'll be activated. You have to consider the dependencies for the config options.
From the linux 3.0 tag at github: https://github.com/torvalds/linux/blob/02f8c6aee8df3cdc935e9bdd4f2d020306035dbe/arch/x86/xen/Kconfig
config XEN_DOM0
def_bool y
depends on XEN && PCI_XEN && SWIOTLB_XEN
depends on X86_LOCAL_APIC && X86_IO_APIC && ACPI && PCI
Are all these depends flags met?
What can I do to make sure that my kernel config flags are used when compiling?
In the beginning stages of the kernel compile process, the .config file is re-written if there are any discrepancies. A good test to make sure your edits will persist is checking if they still exist in your .config file after doing a make menuconfig and saving changes. If after that your flags are still there, you can be sure that your flags are being used.
Is there some other option than recompiling the kernel to get a Xen dom0 kernel that work for my hardware?
Not unless another distribution ships with XEN_DOM0 enabled.