Skip to content

Commit 11daf70

Browse files
backslashxxbackslashxx
committed
kernel: kp_ksud: add sys_reboot kp hook
its not like sys_reboot is performance sensitive, so better offer this too on kprobes. you normally only use reboot once. Signed-off-by: backslashxx <[email protected]>
1 parent df387a1 commit 11daf70

File tree

2 files changed

+27
-0
lines changed

2 files changed

+27
-0
lines changed

kernel/arch.h

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -20,8 +20,10 @@
2020

2121
#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 16, 0)
2222
#define SYS_EXECVE_SYMBOL "__arm64_sys_execve"
23+
#define SYS_REBOOT_SYMBOL "__arm64_sys_reboot"
2324
#else
2425
#define SYS_EXECVE_SYMBOL "sys_execve"
26+
#define SYS_REBOOT_SYMBOL "sys_reboot"
2527
#endif
2628

2729
#elif defined(__arm__)
@@ -52,6 +54,7 @@
5254
#define __PT_IP_REG uregs[12]
5355

5456
#define SYS_EXECVE_SYMBOL "sys_execve"
57+
#define SYS_REBOOT_SYMBOL "sys_reboot"
5558

5659
#elif defined(__x86_64__)
5760

@@ -71,8 +74,10 @@
7174

7275
#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 16, 0)
7376
#define SYS_EXECVE_SYMBOL "__x64_sys_execve"
77+
#define SYS_REBOOT_SYMBOL "__x64_sys_reboot"
7478
#else
7579
#define SYS_EXECVE_SYMBOL "sys_execve"
80+
#define SYS_REBOOT_SYMBOL "sys_reboot"
7681
#endif
7782

7883
#else

kernel/kp_ksud.c

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -284,6 +284,25 @@ void kp_ksud_transition_routine_start()
284284
}
285285
#endif // security_bounded_transition
286286

287+
// sys_reboot
288+
extern int ksu_handle_sys_reboot(int magic1, int magic2, unsigned int cmd, void __user **arg);
289+
290+
static int sys_reboot_handler_pre(struct kprobe *p, struct pt_regs *regs)
291+
{
292+
struct pt_regs *real_regs = PT_REAL_REGS(regs);
293+
int magic1 = (int)PT_REGS_PARM1(real_regs);
294+
int magic2 = (int)PT_REGS_PARM2(real_regs);
295+
int cmd = (int)PT_REGS_PARM3(real_regs);
296+
void __user **arg = (void __user **)&PT_REGS_SYSCALL_PARM4(real_regs);
297+
298+
return ksu_handle_sys_reboot(magic1, magic2, cmd, arg);
299+
}
300+
301+
static struct kprobe sys_reboot_kp = {
302+
.symbol_name = SYS_REBOOT_SYMBOL,
303+
.pre_handler = sys_reboot_handler_pre,
304+
};
305+
287306
static void unregister_kprobe_logged(struct kprobe *kp)
288307
{
289308
const char *symbol_name = kp->symbol_name;
@@ -329,6 +348,9 @@ static void register_kprobe_logged(struct kprobe *kp)
329348

330349
void kp_ksud_init()
331350
{
351+
// dont unreg this one
352+
register_kprobe_logged(&sys_reboot_kp);
353+
332354
register_kprobe_logged(&vfs_read_kp);
333355
register_kprobe_logged(&input_event_kp);
334356
// register_kprobe_logged(&sys_execve_kp);

0 commit comments

Comments
 (0)