Skip to content

Instantly share code, notes, and snippets.

@paranlee

paranlee/lkdtm-as-ko.md

Last active February 12, 2023 13:30
Show Gist options
  • Save paranlee/5affce946d30eeffc7d0fd822e014371 to your computer and use it in GitHub Desktop.
Save paranlee/5affce946d30eeffc7d0fd822e014371 to your computer and use it in GitHub Desktop.
Download ZIP
LKDTM as lkdtm.ko Module build. https://elixir.bootlin.com/linux/v5.15/source/drivers/misc/lkdtm edit Makefile
Raw
lkdtm-as-ko.md

Edit Makefile.

# SPDX-License-Identifier: GPL-2.0
KERNEL_PATH ?= /lib/modules/$(shell uname -r)/build

obj-m		+= lkdtm.o

lkdtm-objs		+= core.o
lkdtm-objs		+= bugs.o
lkdtm-objs		+= heap.o
lkdtm-objs		+= perms.o
lkdtm-objs		+= refcount.o
lkdtm-objs              += rodata.o
lkdtm-objs		+= usercopy.o
lkdtm-objs		+= stackleak.o
lkdtm-objs		+= cfi.o
lkdtm-objs		+= fortify.o
#lkdtm-$(CONFIG_PPC_BOOK3S_64)	+= powerpc.o

KASAN_SANITIZE_rodata.o		:= n
KASAN_SANITIZE_stackleak.o	:= n
KCOV_INSTRUMENT_rodata.o	:= n
CFLAGS_REMOVE_rodata.o		+= $(CC_FLAGS_LTO)

#OBJCOPYFLAGS :=
#OBJCOPYFLAGS_rodata_objcopy.o	:= \
#			--rename-section .noinstr.text=.rodata,alloc,readonly,load,contents
#targets += rodata.o rodata_objcopy.o
#$(obj)/rodata_objcopy.o: $(obj)/rodata.o FORCE
#	$(call if_changed,objcopy)

all:
	make -C $(KERNEL_PATH) M=$(PWD) modules

clean:
	make -C $(KERNEL_PATH) M=$(PWD) clean

Make and insert module.

ubuntu@ubuntu:~/lkdtm$ sudo insmod lkdtm.ko
ubuntu@ubuntu:~/lkdtm$ lsmod
Module                  Size  Used by
lkdtm                  65536  0

Check Crash type in LKDTM Modules.

ubuntu@ubuntu:~/lkdtm$ sudo cat /sys/kernel/debug/provoke-crash/DIRECT
Available crash types:
PANIC
BUG
WARNING
WARNING_MESSAGE
EXCEPTION
LOOP
EXHAUST_STACK
CORRUPT_STACK
CORRUPT_STACK_STRONG
REPORT_STACK
CORRUPT_LIST_ADD
CORRUPT_LIST_DEL
STACK_GUARD_PAGE_LEADING
STACK_GUARD_PAGE_TRAILING
UNSET_SMEP
CORRUPT_PAC
UNALIGNED_LOAD_STORE_WRITE
SLAB_LINEAR_OVERFLOW
VMALLOC_LINEAR_OVERFLOW
WRITE_AFTER_FREE
READ_AFTER_FREE
WRITE_BUDDY_AFTER_FREE
READ_BUDDY_AFTER_FREE
SLAB_INIT_ON_ALLOC
BUDDY_INIT_ON_ALLOC
SLAB_FREE_DOUBLE
SLAB_FREE_CROSS
SLAB_FREE_PAGE
SOFTLOCKUP
HARDLOCKUP
SPINLOCKUP
HUNG_TASK
OVERFLOW_SIGNED
OVERFLOW_UNSIGNED
ARRAY_BOUNDS
EXEC_DATA
EXEC_STACK
EXEC_KMALLOC
EXEC_VMALLOC
EXEC_RODATA
EXEC_USERSPACE
EXEC_NULL
ACCESS_USERSPACE
ACCESS_NULL
WRITE_RO
WRITE_RO_AFTER_INIT
WRITE_KERN
REFCOUNT_INC_OVERFLOW
REFCOUNT_ADD_OVERFLOW
REFCOUNT_INC_NOT_ZERO_OVERFLOW
REFCOUNT_ADD_NOT_ZERO_OVERFLOW
REFCOUNT_DEC_ZERO
REFCOUNT_DEC_NEGATIVE
REFCOUNT_DEC_AND_TEST_NEGATIVE
REFCOUNT_SUB_AND_TEST_NEGATIVE
REFCOUNT_INC_ZERO
REFCOUNT_ADD_ZERO
REFCOUNT_INC_SATURATED
REFCOUNT_DEC_SATURATED
REFCOUNT_ADD_SATURATED
REFCOUNT_INC_NOT_ZERO_SATURATED
REFCOUNT_ADD_NOT_ZERO_SATURATED
REFCOUNT_DEC_AND_TEST_SATURATED
REFCOUNT_SUB_AND_TEST_SATURATED
REFCOUNT_TIMING
ATOMIC_TIMING
USERCOPY_HEAP_SIZE_TO
USERCOPY_HEAP_SIZE_FROM
USERCOPY_HEAP_WHITELIST_TO
USERCOPY_HEAP_WHITELIST_FROM
USERCOPY_STACK_FRAME_TO
USERCOPY_STACK_FRAME_FROM
USERCOPY_STACK_BEYOND
USERCOPY_KERNEL
STACKLEAK_ERASING
CFI_FORWARD_PROTO
FORTIFIED_OBJECT
FORTIFIED_SUBOBJECT
FORTIFIED_STRSCPY
DOUBLE_FAULT

Check KDUMP enabled status

##################################################
>> cat /proc/cmdline
##################################################
BOOT_IMAGE=/boot/vmlinuz-5.15.0-58-generic root=UUID=691a71d2-9a70-4c1a-9267-6da1b66338ef ro console=tty1 console=ttyS0 crashkernel=2G-4G:320M,4G-32G:512M,32G-64G:1024M,64G-128G:2048M,128G-:4096M
##################################################
>> dmesg | grep -i crash
##################################################
[    0.000000] crashkernel reserved: 0x00000000de000000 - 0x00000000fe000000 (512 MB)
[    0.000000] Kernel command line: BOOT_IMAGE=/boot/vmlinuz-5.15.0-58-generic root=UUID=691a71d2-9a70-4c1a-9267-6da1b66338ef ro console=tty1 console=ttyS0 crashkernel=2G-4G:320M,4G-32G:512M,32G-64G:1024M,64G-128G:2048M,128G-:4096M
[   39.918358] pstore: Using crash dump compression: deflate
[ 1970.469182] lkdtm: No crash points registered, enable through debugfs
##################################################
>> cat /proc/iomem | grep 'Crash kernel'
##################################################
  de000000-fdffffff : Crash kernel
##################################################
>> cat /sys/kernel/kexec_crash_loaded
##################################################
1
##################################################
>> kdump-config show
##################################################
DUMP_MODE:		kdump
USE_KDUMP:		1
KDUMP_COREDIR:		/var/crash
crashkernel addr: 0xde000000
   /var/lib/kdump/vmlinuz: symbolic link to /boot/vmlinuz-5.15.0-58-generic
kdump initrd: 
   /var/lib/kdump/initrd.img: symbolic link to /var/lib/kdump/initrd.img-5.15.0-58-generic
current state:    ready to kdump

kexec command:
  /sbin/kexec -p --command-line="BOOT_IMAGE=/boot/vmlinuz-5.15.0-58-generic root=UUID=691a71d2-9a70-4c1a-9267-6da1b66338ef ro console=tty1 console=ttyS0 reset_devices systemd.unit=kdump-tools-dump.service nr_cpus=1" --initrd=/var/lib/kdump/initrd.img /var/lib/kdump/vmlinuz
root@ubuntu:/home/ubuntu# ls -ahl /var/lib/kdump/
total 17M
drwxr-xr-x  3 root root 4.0K Feb 12 12:54 .
drwxr-xr-x 38 root root 4.0K Feb  7 14:00 ..
drwxr-xr-x  5 root root 4.0K Jan  7 02:15 initramfs-tools
lrwxrwxrwx  1 root root   43 Feb 12 12:54 initrd.img -> /var/lib/kdump/initrd.img-5.15.0-58-generic
-rw-r--r--  1 root root  17M Feb  7 14:39 initrd.img-5.15.0-58-generic
-rw-r--r--  1 root root  234 Feb 12 12:54 latest_sysctls-5.15.0-58-generic
lrwxrwxrwx  1 root root   31 Feb 12 12:54 vmlinuz -> /boot/vmlinuz-5.15.0-58-generic

Test Crash Type

echo EXEC_DATA > /sys/kernel/debug/provoke-crash/DIRECT
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment