kernel-livepatches/Makefile at master · hackman/kernel-livepatches · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
obj-m := filter-functions-ftrace.o filter-functions-livepatch.o \
         ptrace-fix-ftrace.o ptrace-fix-livepatch.o \
         tcp-connect-logger.o udp-send-logger.o \
		 loadavg-lxd-livepatch.o

KDIR ?= /lib/modules/$(shell uname -r)/build
PWD  := $(shell pwd)

# Note: when insmod'd, ".ko" files with '-' in their names register
# under module names where '-' is replaced by '_'.
FT_MOD          := block_functions
LP_MOD          := livepatch_filter
PTRACE_FT_MOD   := ptrace_fix_ftrace
PTRACE_LP_MOD   := ptrace_fix_livepatch
TCL_MOD         := tcp_connect_logger
USL_MOD         := udp_send_logger
LP_LXD          := loadavg_lxd_livepatch

all:
	$(MAKE) -C $(KDIR) M=$(PWD) modules

clean:
	$(MAKE) -C $(KDIR) M=$(PWD) clean

# --- Generic blockers (configurable list) ----------------------------
load-ftrace: all
	sudo insmod filter-functions-ftrace.ko

unload-ftrace:
	sudo rmmod $(FT_MOD)

load-livepatch: all
	sudo insmod filter-functions-livepatch.ko

unload-livepatch:
	echo 0 | sudo tee /sys/kernel/livepatch/$(LP_MOD)/enabled
	@echo "Waiting for livepatch transition to complete..."
	@while [ "$$(cat /sys/kernel/livepatch/$(LP_MOD)/transition 2>/dev/null)" = "1" ]; do sleep 1; done
	sudo rmmod $(LP_MOD)

# --- ptrace exit_mm() dumpability mitigation (commit 31e62c2ebbfd) ----
load-ptrace-ftrace: all
	sudo insmod ptrace-fix-ftrace.ko

unload-ptrace-ftrace:
	sudo rmmod $(PTRACE_FT_MOD)

load-ptrace-livepatch: all
	sudo insmod ptrace-fix-livepatch.ko

unload-ptrace-livepatch:
	echo 0 | sudo tee /sys/kernel/livepatch/$(PTRACE_LP_MOD)/enabled
	@echo "Waiting for livepatch transition to complete..."
	@while [ "$$(cat /sys/kernel/livepatch/$(PTRACE_LP_MOD)/transition 2>/dev/null)" = "1" ]; do sleep 1; done
	sudo rmmod $(PTRACE_LP_MOD)

# --- tcp_v4_connect logger (LIVEPATCH.md tutorial) -------------------
load-tcp-logger: all
	sudo insmod tcp-connect-logger.ko

unload-tcp-logger:
	echo 0 | sudo tee /sys/kernel/livepatch/$(TCL_MOD)/enabled
	@echo "Waiting for livepatch transition to complete..."
	@while [ "$$(cat /sys/kernel/livepatch/$(TCL_MOD)/transition 2>/dev/null)" = "1" ]; do sleep 1; done
	sudo rmmod $(TCL_MOD)

# --- udp_sendmsg logger (sister to tcp-connect-logger) ---------------
load-udp-logger: all
	sudo insmod udp-send-logger.ko

unload-udp-logger:
	echo 0 | sudo tee /sys/kernel/livepatch/$(USL_MOD)/enabled
	@echo "Waiting for livepatch transition to complete..."
	@while [ "$$(cat /sys/kernel/livepatch/$(USL_MOD)/transition 2>/dev/null)" = "1" ]; do sleep 1; done
	sudo rmmod $(USL_MOD)


# --- sysinfo loadavg patch -------------------------------------------
load-loadavg-lxd-livepatch: all
	sudo insmod loadavg-lxd-livepatch.ko

unload-loadavg-lxd-livepatch:
	echo 0 | sudo tee /sys/kernel/livepatch/$(LP_LXD)/enabled
	@echo "Waiting for livepatch transition to complete..."
	@while [ "$$(cat /sys/kernel/livepatch/$(LP_LXD)/transition 2>/dev/null)" = "1" ]; do sleep 1; done
	sudo rmmod $(LP_LXD)


.PHONY: all clean \
        load-ftrace unload-ftrace \
        load-livepatch unload-livepatch \
        load-ptrace-ftrace unload-ptrace-ftrace \
        load-ptrace-livepatch unload-ptrace-livepatch \
        load-tcp-logger unload-tcp-logger \
        load-udp-logger unload-udp-logger