ERROR: modpost: "kallsyms_lookup_name" [/home/joaomanoel/git/tyton/tyton.ko] undefined!

Question

ERROR: modpost: "kallsyms_lookup_name" [/home/joaomanoel/git/tyton/tyton.ko] undefined!

jmanoel7 opened this issue 5 years ago · 5 comments

make -C /lib/modules/5.7.2-arch1-1/build M=/home/joaomanoel/git/tyton modules
make[1]: Entrando no diretório '/usr/lib/modules/5.7.2-arch1-1/build'

CC [M] /home/joaomanoel/git/tyton/src/core.o
CC [M] /home/joaomanoel/git/tyton/src/util.o
CC [M] /home/joaomanoel/git/tyton/src/proc.o
CC [M] /home/joaomanoel/git/tyton/src/module_list.o
CC [M] /home/joaomanoel/git/tyton/src/syscall_hooks.o
CC [M] /home/joaomanoel/git/tyton/src/network_hooks.o
CC [M] /home/joaomanoel/git/tyton/src/netfilter_hooks.o
CC [M] /home/joaomanoel/git/tyton/src/interrupt_hooks.o
LD [M] /home/joaomanoel/git/tyton/tyton.o
MODPOST 1 modules
ERROR: modpost: "kallsyms_lookup_name" [/home/joaomanoel/git/tyton/tyton.ko] undefined!
make[2]: *** [scripts/Makefile.modpost:94: __modpost] Erro 1
make[1]: *** [Makefile:1642: modules] Erro 2
make[1]: Saindo do diretório '/usr/lib/modules/5.7.2-arch1-1/build'

make: *** [Makefile:19: module] Erro 2

HELP-ME!!!

PS: i use updated blackarch linux

Answer 1 · 2020-06-14T05:09:31.000Z

Mail Discussion: https://lwn.net/ml/linux-kernel/20200222084438.37a0ff99edbe32acdb666c79@kernel.org/

Commit: torvalds/linux@0bd476e

They recently unexported kallsyms_lookup_name and unfortunately, this project is slow to receive updates. Feel free to submit a PR that grabs the needed symbols and works for your kernel!

Answer 2 · 2020-06-15T13:17:03.000Z

This message says that Kprobe could be used to find the address associated with a kernel symbol. I wrote the following PoC that seems to work. Can we consider using this technique?

static struct kprobe kp;

unsigned long kprobe_lookup_name(const char *name) {
    kp.symbol_name = name;

    if (register_kprobe(&kp) < 0)
        return 0;
    unregister_kprobe(&kp);

    return (unsigned long) kp.addr;
}

Answer 3 · 2020-06-15T15:24:14.000Z

@v14dz Yeah that code looks good! I did some looking and register_kprobe is just a really roundabout way of calling kallsyms_lookup_name.

Do you know if there are any limitations across kernel versions for kprobes?

Answer 4 · 2020-06-17T18:09:59.000Z

@nbulischeck Hi! I suggest to use kallsyms_lookup_name() for kernel versions anterior to 5.7.0, and use the kprobe workaround only for recent kernels. This way we don't care about kprobe limitations across previous kernel versions. I'll soon propose a patch that should fixes this issue.

Answer 5 · 2020-06-17T20:33:35.000Z

Fixed in ae7988b. Please reopen if this is not the case.