LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software > Linux - Kernel
User Name
Password
Linux - Kernel This forum is for all discussion relating to the Linux kernel.

Notices

Reply
 
Search this Thread
Old 12-29-2008, 07:17 PM   #1
marquisdesade
LQ Newbie
 
Registered: Oct 2005
Posts: 6

Rep: Reputation: 0
Compile and install modules without kernel recompile.


Hello,

I am developing a new module using the Linux Security Modules (LSM) framework, using functions defined in security/security.c. My test framework is an Ubuntu intrepid running the stock 2.6.27-9-generic, and I'm planning to test the module on a VMware virtual machine, again running the same config (userspace and kernel version). My idea was to test and compile the kernel module on the host, copy only the .ko to the guest (VM), and insmod/modprobe it.

I created a simple test LSM module that uses the register_security call (defined in security.c). My Makefile contains the standard stuff:

Code:
TARGET := test
obj-m := $(TARGET).o
KERN := $(shell uname -r)
KDIR := /lib/modules/$(KERN)/build
PWD := $(shell pwd)

all:
  make -C $(KDIR) M=$(PWD) modules
When I make, I get this warning:

Code:
make -C /lib/modules/2.6.27-9-generic/build M=/home/.../scratch/test1 modules
make[1]: Entering directory `/usr/src/linux-headers-2.6.27-9-generic'
  Building modules, stage 2.
  MODPOST 1 modules
WARNING: "register_security" [/home/.../scratch/test1/test.ko] undefined!
make[1]: Leaving directory `/usr/src/linux-headers-2.6.27-9-generic'
When I try to insmod 'test.ko', I get:
"insmod: error inserting ./test.ko: -1 Unknown symbol in module"
and dmesg says:
[929671.918294] test: Unknown symbol register_security

I've heard that modprobe does a more intelligent job of inserting a module, so I tried modprobe as well (after copying the .ko to /lib/modules/somewhere and doing a depmod -a), but the result is the same as when using insmod.

My problem seems pretty similar to the one in this thread:

http://www.linuxquestions.org/questi...kernel-582439/

but the solution there seems to be rebuilding the module with the rest of the kernel, and installing and rebooting into the new kernel. I'm a newbie, but it seems weird that I need to build my module as part of a full kernel compile in order to get it to work.

So my question is: Isn't there a way I can build and test my module separately from the kernel source? What am I doing wrong above?

Thanks in advance,
marq
 
Old 12-29-2008, 08:58 PM   #2
jschiwal
Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654
Look for the README files in the kernel source. Here are some instructions from the README.SUSE file.
Code:
The first method involves the following steps:

  (1)  Install kernel-source.$ARCH.rpm.
  
  (2)  Change to the /usr/src/linux directory.  Configure the kernel
       (for example, ``make oldconfig'' or ``make cloneconfig'', see
       HOW TO CONFIGURE THE KERNEL SOURCES).

  (3)  Create files required for compiling external modules:
       ``make scripts'' and ``make prepare''.

  (4)  Compile the module(s) by changing into the module source directory
       and typing ``make -C /usr/src/linux M=$(pwd)''.

  (5)  Install the module(s) by typing
       ``make -C /usr/src/linux M=$(pwd) modules_install''.


The second method involves the following steps:

  (1)  Install kernel-source.$ARCH.rpm.

  (2)  Install kernel-syms.$ARCH.rpm. This package is necessary for
       symbol version information (CONFIG_MODVERSIONS).

  (3)  Compile the module(s) by changing into the module source directory
       and typing ``make -C /usr/src/linux-obj/$ARCH/$FLAVOR M=$(pwd)''.
       Substitute $ARCH and $FLAVOR with the architecture and flavor
       for which to build the module(s).

       If the installed kernel sources match the running kernel, you
       can build modules for the running kernel by using the path
       /lib/modules/$(uname -r)/build as the -C option in the above
       command. (build is a symlink to /usr/src/linux-obj/$ARCH/$FLAVOR).

       Starting with SuSE Linux 9.2 / SLES9 Service Pack 1, the
       modversion information for the running kernel is also
       contained in the kernel-$FLAVOR packages, and so for building
       modules for the running kernel, the kernel-syms package is no
       longer required.

  (4)  Install the module(s) with
       ``make -C /usr/src/linux-obj/$ARCH/$FLAVOR M=$(pwd) modules_install''.


Whenever building modules, please use the kernel build infrastructure as
much as possible, and do not try to circumvent it. The
Documentation/kbuild directory in the kernel sources documents kbuild
 
Old 12-29-2008, 09:09 PM   #3
Quakeboy02
Senior Member
 
Registered: Nov 2006
Distribution: Debian Squeeze 2.6.32.9 SMP AMD64
Posts: 3,238

Rep: Reputation: 121Reputation: 121
Since you're using Ubuntu, see if this will work for you:

http://www.linuxquestions.org/questi...0/#post3305427

Added:
There is help for "make M=" in the Makefile.

Last edited by Quakeboy02; 12-29-2008 at 09:10 PM. Reason: Addn'l info
 
Old 12-29-2008, 09:21 PM   #4
Quakeboy02
Senior Member
 
Registered: Nov 2006
Distribution: Debian Squeeze 2.6.32.9 SMP AMD64
Posts: 3,238

Rep: Reputation: 121Reputation: 121
After looking through your post again, I see that my response wasn't that helpful, as you are already using "M=". May I suggest that you download madwifi and take a look at how they did it in their makefile? Could it just be that you need to run depmod? It appears that madwifi runs "depmod -ae" in the install-modules section.
 
Old 12-30-2008, 04:30 PM   #5
marquisdesade
LQ Newbie
 
Registered: Oct 2005
Posts: 6

Original Poster
Rep: Reputation: 0
jschiwal, Quakeboy: thanks for your suggestions.

jschiwal, I already tried the first method, namely, compiling the module with the full kernel. I added my module sources as a subdir of security/, compiled the full kernel, and saw that my test module works as expected. The problem with this method is the turnaround time, as I've got to wait for the compilation, creation of huge .deb files, installing them, etc.

As for the second method, that is very similar to what I'm already doing. IMHO, I don't think it's a problem with my environment or Makefile, because I can compile and insmod non-trivial modules (such as the "chardev" module here http://tldp.org/LDP/lkmpg/2.6/html/lkmpg.html#AEN680) by only changing the "TARGET" variable in the Makefile above.

Next, I tried Quakeboy's suggestion, by downloading the madwifi driver and looking through its Makefiles. There's a lot of cruft there, but I think my Makefile is basically the same. I could compile and modprobe the madwifi modules all right, so to test whether it was my build environment screwup, I added *my* code to one of the madwifi source files -- essentially just the register_security call and a printk. Apparently, that code makes the modprobe fail.. this is for a module that loads successfully without my code.

So, I'm now wondering if my problem is specific to LSM and not for kernel modules in general. I have looked at other projects that use LSM (e.g., dazuko), and indeed, unless they are compiled with the kernel, the same problems arise. It's been reported here before (http://www.linuxquestions.org/questi...roblem-283940/ ) but the "solution" there isn't very useful.

Any help would be great. Here's my test LSM program if that helps (it's harmless; it basically outputs a message to dmesg whenever there is a mkdir).

Code:
#include <linux/kernel.h>
#include <linux/init.h>
#include <linux/module.h>
#include <linux/security.h>

static int test2_mkdir (struct inode *dir,
    struct dentry *dentry, int mode)
{
  printk (KERN_INFO "Got call for mkdir in inode %ld "
        "to mkdir %s with mode %d\n", dir->i_ino,
        (dentry->d_name).name, mode);
  return 0;
}

static struct security_operations test2_sec_ops = {
  /* Use the capability functions for some of the hooks */
  .inode_mkdir = test2_mkdir
};

static int __init test2_init (void)
{
  /* register ourselves with the security framework */
  if (register_security (&test2_sec_ops)) {
    printk (KERN_INFO
      "Failure registering Test 2 module with the kernel\n");
      return -EINVAL;
  }
  printk (KERN_INFO "Test2 module initialized");
  return 0;
}

static void __exit test2_exit (void)
{
  printk (KERN_INFO "Test2 unregistered\n");
}

module_init (test2_init);
module_exit (test2_exit);

MODULE_LICENSE("GPL");
 
Old 12-30-2008, 06:31 PM   #6
Quakeboy02
Senior Member
 
Registered: Nov 2006
Distribution: Debian Squeeze 2.6.32.9 SMP AMD64
Posts: 3,238

Rep: Reputation: 121Reputation: 121
Do you have SYSFS and SECURITY enabled?

Added:

You should get a response to the following if things are configured correctly in your running kernel.
Code:
grep register_security /boot/System.map-`uname -r`

Last edited by Quakeboy02; 12-30-2008 at 06:37 PM.
 
Old 12-30-2008, 07:55 PM   #7
jcliburn
Member
 
Registered: Dec 2003
Location: Mississippi, USA
Distribution: Fedora
Posts: 435

Rep: Reputation: 33
register_security is not an exported kernel symbol. Your program, if built as a module, will not be able to use it.

To see how kernel symbol exporting is done, grep EXPORT_SYMBOL in security/security.c.
 
Old 12-30-2008, 11:08 PM   #8
marquisdesade
LQ Newbie
 
Registered: Oct 2005
Posts: 6

Original Poster
Rep: Reputation: 0
jcliburn: very interesting; thank you. I hadn't realized that separately compiled modules could access only explicitly exported symbols (indeed, I'd confirmed that register_security was present in my System.map and /proc/kallsyms). I suppose LSM-based modules are meant to be built-in then. Any idea why this is so? (if it were a GPL-issue, there's the EXPORT_SYMBOL_GPL macro that exports only to GPL-compatible modules...)

I will try adding some EXPORT_SYMBOLs to security.c (and report back if the hack works).

Thanks again to all for replying.


EDIT: Apparently, until 2.6.24, register_security (among other functions in there) used to be exported. Here's the interesting portion of the 2.6.24 changelog:

security/ cleanups

This patch contains the following cleanups that are now possible:
- remove the unused security_operations->inode_xattr_getsuffix
- remove the no longer used security_operations->unregister_security
- remove some no longer required exit code
- remove a bunch of no longer used exports


Still no reason as to why the exports were removed, but at least one person out there knows

Last edited by marquisdesade; 12-30-2008 at 11:28 PM. Reason: Followup
 
Old 01-22-2009, 02:40 PM   #9
hidehawk
LQ Newbie
 
Registered: Jan 2009
Posts: 1

Rep: Reputation: 0
hi! did you get this running? i have exactly the same problem, but my Symbol.map contains all of these functions. (kernel 2.6.26-1-686)
 
Old 02-20-2010, 07:19 AM   #10
abirvalg
LQ Newbie
 
Registered: Feb 2010
Posts: 1

Rep: Reputation: 0
Quote:
Originally Posted by marquisdesade View Post

EDIT: Apparently, until 2.6.24, register_security (among other functions in there) used to be exported. Here's the interesting portion of the 2.6.24 changelog:

security/ cleanups

This patch contains the following cleanups that are now possible:
- remove the unused security_operations->inode_xattr_getsuffix
- remove the no longer used security_operations->unregister_security
- remove some no longer required exit code
- remove a bunch of no longer used exports


Still no reason as to why the exports were removed, but at least one person out there knows
The reason why EXPORTing of register_security might have been removed is that malicious rootkits would have been able to register such an LSM and take over the system without being detected. Apparently kernel devs didn't want to court criticism for leaving wide open such an invitation.
So, apparently (I'm just guessing), the kernel has to know during compile-time which LSMs will be used.
Also [GUESS] changing kernel sources to allow EXPORTing register_security might work [/GUESS].
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[Compile kernel] How to compile/install the modules ? frenchn00b Linux - General 1 09-06-2009 03:18 PM
Need to recompile kernel modules joe2748 Linux - Newbie 5 11-14-2007 09:25 AM
Modules problems after kernel recompile (2.6.9) magoseitor Linux - Software 2 02-20-2005 12:12 AM
Kernel Recompile Filesystem modules ftgow Linux - Software 2 08-25-2003 01:46 AM
lost modules after kernel recompile ArnaudVR Slackware 2 07-07-2003 03:41 PM


All times are GMT -5. The time now is 12:30 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration