2

I am trying to create a kernel module that changes the PID of a process. I searched in google and came across many articles that references this github

https://github.com/gravit0/changepid/blob/master/module/main.c

For the above github i took the following parts that should be responsible for the PID change.

static void* find_sym( const char *sym ) {  // find address kernel symbol sym 
   static unsigned long faddr = 0;          // static !!! 
   // ----------- nested functions are a GCC extension --------- 
   int symb_fn( void* data, const char* sym, struct module* mod, unsigned long addr ) { 
      if( 0 == strcmp( (char*)data, sym ) ) { 
         faddr = addr; 
         return 1; 
      } 
      else return 0; 
   }; 
   // -------------------------------------------------------- 
   kallsyms_on_each_symbol( symb_fn, (void*)sym ); 
   return (void*)faddr; 
} 

static asmlinkage void (*change_pidR)(struct task_struct *task, enum pid_type type,
        struct pid *pid);
static asmlinkage struct pid* (*alloc_pidR)(struct pid_namespace *ns);

 change_pidR = find_sym("change_pid");
 alloc_pidR = find_sym("alloc_pid");

On compilation i get the following error on the kallsyms_on_each_symbol() function

MODPOST /home/anastasis/projects/Module.symvers
ERROR: modpost: "kallsyms_on_each_symbol" [home/anastasis/projects/change_pid.ko] undefined!

How do i fix this?

PS. As a potential fix i installed a new kernel on a vm and i made sure that the option about kallsyms is enabled, but i still get the same ERROR.

Anastasisxr
  • 31
  • 2
  • Do you include the header ? – n5c Apr 11 '22 at 20:48
  • yes there is no include missing i have made sure of that – Anastasisxr Apr 12 '22 at 10:55
  • then, I would check if the related CONFIGs were not enabled in the kernel I used. Maybe you need to check CONFIG_KALLSYM or CONFIG_LIVEPATCH? or maybe kallsyms_on_each_symbol is in the scope of any other CONFIGs? – n5c Apr 12 '22 at 13:11
  • where do i check those configs? I have tried to find the CONFIG_KALLSYM with no success. – Anastasisxr Apr 12 '22 at 14:51
  • Why not link your module with change_pid and alloc_pid? – stark Apr 12 '22 at 19:17
  • How do i do that? How do i link my module with those 2 functions? – Anastasisxr Apr 13 '22 at 09:58
  • Since Linux kernel 5.7, the function `kallsyms_on_each_symbol` is no longer accessible for modules (that is, it is not EXPORT-ed). See e.g. [that answer](https://stackoverflow.com/a/40513836/3440745). A functionality which allows to circumvent restriction of non-EXPORTed symbols has gone away: https://lwn.net/Articles/813350/. – Tsyvarev Apr 13 '22 at 13:54

0 Answers0