add support in procmon for linux kernel with version more than 6

tklengyel · Nov 2, 2023 · 07153a2 · 07153a2
1 parent 5c0b269
commit 07153a2
Show file tree

Hide file tree

Showing 4 changed files with 17 additions and 7 deletions.
diff --git a/src/libdrakvuf/linux-offsets-map.h b/src/libdrakvuf/linux-offsets-map.h
@@ -113,6 +113,8 @@ static const char* linux_offset_names[__LINUX_OFFSETS_MAX][2] =
     [_TEXT] = {"_text", NULL},
     [INIT_TASK] = {"init_task", NULL},
     [CURRENT_TASK] = {"current_task", NULL},
+    [PCPU_HOT] = {"pcpu_hot", NULL},
+    [PCPU_HOT_CURRENT_TASK] = {"pcpu_hot", "current_task"},
     [TASK_STRUCT_FLAGS] = {"task_struct", "flags"},
     [TASK_STRUCT_COMM] = {"task_struct", "comm"},
     [TASK_STRUCT_CRED] = {"task_struct", "cred"},

diff --git a/src/libdrakvuf/linux-offsets.h b/src/libdrakvuf/linux-offsets.h
@@ -114,6 +114,8 @@ enum linux_offsets
     _TEXT,
     INIT_TASK,
     CURRENT_TASK,
+    PCPU_HOT,
+    PCPU_HOT_CURRENT_TASK,
     TASK_STRUCT_FLAGS,
     TASK_STRUCT_COMM,
     TASK_STRUCT_CRED,

diff --git a/src/libdrakvuf/linux-processes.c b/src/libdrakvuf/linux-processes.c
@@ -176,7 +176,14 @@ addr_t linux_get_current_process(drakvuf_t drakvuf, drakvuf_trap_info_t* info)
         gs_base = VMI_GET_BIT(info->regs->gs_base, 47) ? info->regs->gs_base : info->regs->shadow_gs;
     }
 
-    addr_t addr = gs_base + drakvuf->offsets[CURRENT_TASK];
+    addr_t current_task_offset = drakvuf->offsets[CURRENT_TASK];
+    // for kernel 6.2+ need use new structure
+    // https://elixir.bootlin.com/linux/v6.2-rc1/source/arch/x86/include/asm/current.h
+    if (!current_task_offset)
+        current_task_offset = drakvuf->offsets[PCPU_HOT] + drakvuf->offsets[PCPU_HOT_CURRENT_TASK];
+
+    addr_t addr = gs_base + current_task_offset;
+
     addr_t process;
     if ( VMI_SUCCESS == vmi_read_addr_va(drakvuf->vmi, addr, 0, &process) && process >= MIN_KERNEL_BOUNDARY )
         return process;

diff --git a/src/plugins/procmon/linux.cpp b/src/plugins/procmon/linux.cpp
@@ -367,12 +367,11 @@ event_response_t linux_procmon::send_signal_ret_cb(drakvuf_t drakvuf, drakvuf_tr
 event_response_t linux_procmon::send_signal_cb(drakvuf_t drakvuf, drakvuf_trap_info_t* info)
 {
     /*
-    static int __send_signal(
+    int do_send_sig_info(
         int sig,
         struct kernel_siginfo *info,
-        struct task_struct *t,
-        enum pid_type type,
-        bool force
+        struct task_struct *p,
+        enum pid_type type
     )
     */
     PRINT_DEBUG("[PROCMON] Callback: %s\n", info->trap->name);
@@ -688,10 +687,10 @@ linux_procmon::linux_procmon(drakvuf_t drakvuf, const procmon_config* config, ou
         return;
     }
 
-    signal_hook = createSyscallHook("__send_signal", &linux_procmon::send_signal_cb, "send_signal");
+    signal_hook = createSyscallHook("do_send_sig_info", &linux_procmon::send_signal_cb, "send_signal");
     if (nullptr == signal_hook)
     {
-        PRINT_DEBUG("[PROCMON] Method __send_signal not found.\n");
+        PRINT_DEBUG("[PROCMON] Method do_send_sig_info not found.\n");
         return;
     }