Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Linux - Harden mountinfo API and several related fixes #1545

Merged
merged 12 commits into from
Jan 30, 2025
Merged

Linux - Harden mountinfo API and several related fixes #1545

merged 12 commits into from
Jan 30, 2025

Conversation

gcmoreira
Copy link
Contributor

@gcmoreira gcmoreira commented Jan 13, 2025
edited
Loading

In the context of #1516 and related issues, this PR addresses several issues in the mountinfo API code and its associated functions.

This PR includes:

  • Fix container_of(). Since object() can create and return an invalid object, we ensure this method will return a valid one checking it address using the layer.
  • Ensure _get_tasks_mountpoints() will always return valid mountpoint checkin all the pointers involved.
  • Ensure do_get_path() will always return a valid string.
  • Fix struct_file by removing invalid members. The f_dentry and f_vfsmnt members were incorrectly included, though they were never part of struct file. These were preprocessor macros used as shortcuts within kernel code but should not be present in the structure itself.
  • Docstring improvements

@atcuno atcuno requested a review from ikelos January 13, 2025 20:06
@gcmoreira gcmoreira mentioned this pull request Jan 16, 2025
Merged
ikelos
ikelos reviewed Jan 16, 2025
View reviewed changes
Copy link
Member

@ikelos ikelos left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Generally happy with all of this, although not sure why the function signature for one bit changed (and without that change, there's no need for version bumps that I can see). Needs a response to some of the points raised but no showstoppers at least...

volatility3/framework/plugins/linux/mountinfo.py Show resolved Hide resolved
volatility3/framework/symbols/linux/__init__.py Show resolved Hide resolved
volatility3/framework/symbols/linux/__init__.py Outdated Show resolved Hide resolved
volatility3/framework/symbols/linux/extensions/__init__.py Outdated Show resolved Hide resolved
volatility3/framework/symbols/linux/extensions/__init__.py Outdated Show resolved Hide resolved
@gcmoreira
Copy link
Contributor Author

@ikelos thanks for the review. All the observations were addressed

@gcmoreira gcmoreira mentioned this pull request Jan 19, 2025
Merged
@gcmoreira
Copy link
Contributor Author

gcmoreira commented Jan 29, 2025
edited
Loading

@ikelos hold on with this as it seems there's a commit missing

@gcmoreira
Copy link
Contributor Author

@ikelos no worries, it's all good! Turns out it was just how GitHub was displaying the changes, pretty confusing at first

ikelos
ikelos approved these changes Jan 30, 2025
View reviewed changes
Copy link
Member

@ikelos ikelos left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok, looks good, let's go for it. 5:)

@ikelos ikelos merged commit 8125b0d into volatilityfoundation:develop Jan 30, 2025
13 checks passed
@gcmoreira gcmoreira mentioned this pull request Feb 1, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ikelos ikelos ikelos approved these changes

Assignees

@gcmoreira gcmoreira

Labels
awaiting-author-fixes parity-release
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@gcmoreira @ikelos @atcuno