YJN/selfpatch-slr
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added module randomization

Browse Source
This commit is contained in:
York Jasper Niebuhr 2026-04-11 11:57:34 +02:00
parent 30be283e15
commit ffad62e9d6
3 changed files with 70 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
selfpatch/include/spslr.h
View File

@ -17,6 +17,9 @@ struct spslr_module {
const void* dpins; const void* dpins;
}; };
void spslr_init(void);
void spslr_selfpatch(void); void spslr_selfpatch(void);
void spslr_patch_module(const struct spslr_module* m);
void spslr_cleanup(void);
#endif #endif

81
selfpatch/src/spslr.c
View File

@ -6,19 +6,25 @@
#define SPSLR_SANITY_CHECK #define SPSLR_SANITY_CHECK
static void spslr_selfpatch_patch_dpins(void); static void spslr_patch_dpins(const struct spslr_dpin* dpins, spslr_u32 cnt);
static void spslr_selfpatch_patch_dpin(void* addr, spslr_u32 target); static void spslr_patch_dpin(void* addr, spslr_u32 target);
static void spslr_selfpatch_patch_ipins(void); static void spslr_patch_ipins(const struct spslr_ipin* ipins, spslr_u32 cnt,
const struct spslr_ipin_op* ipin_ops, spslr_u32 op_cnt);
static void reorder_object(void* dst, const void* src, spslr_u32 target); static void reorder_object(void* dst, const void* src, spslr_u32 target);
static spslr_s64 spslr_calculate_ipin_value(spslr_u32 start); static spslr_s64 spslr_calculate_ipin_value(const struct spslr_ipin_op* ipin_ops, spslr_u32 op_cnt, spslr_u32 start);
static void* reorder_buffer = NULL; static void* reorder_buffer = NULL;
static void allocate_reorder_buffer(void); static void allocate_reorder_buffer(void);
static void release_reorder_buffer(void); static void release_reorder_buffer(void);
void __init spslr_selfpatch(void) { static int initialized = 0;
void __init spslr_init(void) {
if (initialized)
return;
if (spslr_randomizer_init() < 0) if (spslr_randomizer_init() < 0)
spslr_env_panic("failed to initialize randomizer"); spslr_env_panic("failed to initialize randomizer");
@ -43,11 +49,43 @@ void __init spslr_selfpatch(void) {
#endif #endif
allocate_reorder_buffer(); allocate_reorder_buffer();
spslr_selfpatch_patch_dpins();
initialized = 1;
}
void __init spslr_selfpatch(void) {
if (!initialized)
spslr_env_panic("tried to selfpatchpatch with uninitialized spslr context");
spslr_patch_dpins(spslr_dpins, spslr_dpin_cnt);
spslr_patch_ipins(spslr_ipins, spslr_ipin_cnt, spslr_ipin_ops, spslr_ipin_op_cnt);
}
void __init spslr_patch_module(const struct spslr_module* m) {
if (!initialized)
spslr_env_panic("tried to patch module with uninitialized spslr context");
if (!m || !m->ipin_cnt || !m->ipins || !m->ipin_op_cnt || !m->ipin_ops || !m->dpin_cnt || !m->dpins)
spslr_env_panic("tried to patch module with incomplete spslr data");
spslr_u32 module_ipin_cnt = *(const spslr_u32*)m->ipin_cnt;
const struct spslr_ipin* module_ipins = (const struct spslr_ipin*)m->ipins;
spslr_u32 module_ipin_op_cnt = *(const spslr_u32*)m->ipin_op_cnt;
const struct spslr_ipin_op* module_ipin_ops = (const struct spslr_ipin_op*)m->ipin_ops;
spslr_u32 module_dpin_cnt = *(const spslr_u32*)m->dpin_cnt;
const struct spslr_dpin* module_dpins = (const struct spslr_dpin*)m->dpins;
spslr_patch_dpins(module_dpins, module_dpin_cnt);
spslr_patch_ipins(module_ipins, module_ipin_cnt, module_ipin_ops, module_ipin_op_cnt);
}
void __init spslr_cleanup(void) {
if (!initialized)
spslr_env_panic("tried to clean up uninitialized spslr context");
initialized = 0;
release_reorder_buffer(); release_reorder_buffer();
spslr_selfpatch_patch_ipins();
spslr_randomizer_clear(); spslr_randomizer_clear();
} }
@ -74,10 +112,10 @@ static void __init release_reorder_buffer(void) {
reorder_buffer = NULL; reorder_buffer = NULL;
} }
static void __init spslr_selfpatch_patch_dpins(void) { static void __init spslr_patch_dpins(const struct spslr_dpin* dpins, spslr_u32 cnt) {
for (spslr_u32 dpidx = 0; dpidx < spslr_dpin_cnt; dpidx++) { for (spslr_u32 dpidx = 0; dpidx < cnt; dpidx++) {
const struct spslr_dpin* dp = &spslr_dpins[dpidx]; const struct spslr_dpin* dp = &dpins[dpidx];
spslr_selfpatch_patch_dpin((void*)dp->addr, dp->target); spslr_patch_dpin((void*)dp->addr, dp->target);
} }
} }
@ -98,7 +136,7 @@ static void __init reorder_object(void* dst, const void* src, spslr_u32 target)
} }
} }
static void __init spslr_selfpatch_patch_dpin(void* addr, spslr_u32 target) { static void __init spslr_patch_dpin(void* addr, spslr_u32 target) {
#ifdef SPSLR_SANITY_CHECK #ifdef SPSLR_SANITY_CHECK
if (target >= spslr_target_cnt) if (target >= spslr_target_cnt)
spslr_env_panic("dpin refers to invalid target %u", target); spslr_env_panic("dpin refers to invalid target %u", target);
@ -111,11 +149,12 @@ static void __init spslr_selfpatch_patch_dpin(void* addr, spslr_u32 target) {
spslr_env_poke_data(addr, reorder_buffer, t->size); spslr_env_poke_data(addr, reorder_buffer, t->size);
} }
static void __init spslr_selfpatch_patch_ipins(void) { static void __init spslr_patch_ipins(const struct spslr_ipin* ipins, spslr_u32 cnt,
for (spslr_u32 ipidx = 0; ipidx < spslr_ipin_cnt; ipidx++) { const struct spslr_ipin_op* ipin_ops, spslr_u32 op_cnt) {
const struct spslr_ipin* ip = &spslr_ipins[ipidx]; for (spslr_u32 ipidx = 0; ipidx < cnt; ipidx++) {
const struct spslr_ipin* ip = &ipins[ipidx];
spslr_s64 value = spslr_calculate_ipin_value(ip->program); spslr_s64 value = spslr_calculate_ipin_value(ipin_ops, op_cnt, ip->program);
switch (ip->size) { switch (ip->size) {
case 1: case 1:
@ -138,19 +177,19 @@ static void __init spslr_selfpatch_patch_ipins(void) {
} }
} }
static spslr_s64 __init spslr_calculate_ipin_value(spslr_u32 start) { static spslr_s64 __init spslr_calculate_ipin_value(const struct spslr_ipin_op* ipin_ops, spslr_u32 op_cnt, spslr_u32 start) {
spslr_s64 res = 0; spslr_s64 res = 0;
spslr_u32 pc = start; spslr_u32 pc = start;
while (1) { while (1) {
#ifdef SPSLR_SANITY_CHECK #ifdef SPSLR_SANITY_CHECK
if (pc >= spslr_ipin_op_cnt) if (pc >= op_cnt)
spslr_env_panic("ipin op %u out of bounds", pc); spslr_env_panic("ipin op %u out of bounds", pc);
#endif #endif
int end_flag = 0; int end_flag = 0;
const struct spslr_ipin_op* op = &spslr_ipin_ops[pc++]; const struct spslr_ipin_op* op = &ipin_ops[pc++];
switch (op->code) { switch (op->code) {
case SPSLR_IPIN_OP_PATCH: case SPSLR_IPIN_OP_PATCH:
end_flag = 1; end_flag = 1;

11
subject/main.c
View File

@ -71,7 +71,7 @@ static int do_module_test_access_pid(const char *path, const struct task_struct
return -1; return -1;
} }
// TODO -> Patch module spslr_patch_module(&mod);
module_test_access_fn fn = (module_test_access_fn)dlsym(handle, "module_test_access_pid"); module_test_access_fn fn = (module_test_access_fn)dlsym(handle, "module_test_access_pid");
@ -112,7 +112,9 @@ void arr_test() {
int main(void) int main(void)
{ {
spslr_init();
spslr_selfpatch(); spslr_selfpatch();
print_layout(); print_layout();
struct list_head task_list; struct list_head task_list;
@ -145,11 +147,12 @@ int main(void)
printf("Second global: pid=%d comm=\"%s\"\n", second_pid(), second_comm()); printf("Second global: pid=%d comm=\"%s\"\n", second_pid(), second_comm());
printf("Subsecond global: pid=%d comm=\"%s\"\n", subsecond_pid(), subsecond_comm()); printf("Subsecond global: pid=%d comm=\"%s\"\n", subsecond_pid(), subsecond_comm());
arr_test(); arr_test();
int module_pid = do_module_test_access_pid("./subject/libspslr_module.so", &global); int module_pid = do_module_test_access_pid("./subject/libspslr_module.so", &global);
printf("module_test_access returned %d (should be 42)\n", module_pid); printf("module_test_access returned %d (should be 42)\n", module_pid);
spslr_cleanup();
return 0; return 0;
} }