Merge branch 'master' of github.com:deurzen/rootkit-programming-dev - linux-rootkit - Feature-rich interactive rootkit that targets Linux kernel 4.19, accompanied by a dynamic kernel memory analysis GDB plugin for in vivo introspection (e.g. using QEMU)

commit 46b15f021cc630c4979159542406abe9a865b39e
parent 4fee4ff8a9ad076a004aae6efba43acaa1cbb8e3
Author: deurzen <m.deurzen@tum.de>
Date:   Sun, 29 Nov 2020 18:55:33 +0100

Merge branch 'master' of github.com:deurzen/rootkit-programming-dev

Diffstat:
M src/read.c  | 10 +++++++++-

1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/src/read.c b/src/read.c
@@ -121,7 +121,15 @@ handle_compare(char *buf, pid_t pid, size_t size)
 void
 handle_pid(pid_t pid, __user char *buf, size_t size)
 {
-    char *str = kzalloc(size, GFP_KERNEL);
+    //Sometimes (e.g. when installing packages), kalloc fails
+    //To avoid being limited by the page size, we use kvzalloc,
+    //which allocates chunks bigger than the page size if necessary
+    //https://lwn.net/Articles/711653/
+    char *str = kvzalloc(size, GFP_KERNEL);
+
+    if(!str)
+        return;
+
     copy_from_user(str, buf, size);
 
     //Early return on exact match, avoiding more expensive operations

	linux-rootkit Feature-rich interactive rootkit that targets Linux kernel 4.19, accompanied by a dynamic kernel memory analysis GDB plugin for in vivo introspection (e.g. using QEMU)
	git clone git://git.deurzen.net/linux-rootkit
	Log \| Files \| Refs