packaged unkillable kernel module

2024-08-15 11:50:25 +02:00
parent 2c9a84636b
commit def6f557d5
2 changed files with 185 additions and 0 deletions
--- a/mods/unkillable-process-kernel-module.nix
+++ b/mods/unkillable-process-kernel-module.nix
@@ -0,0 +1,167 @@
 { stdenv
 , lib
 , fetchFromGitHub
 , kernel
 , kmod
 }: let 
 # from: https://ortiz.sh/linux/2020/07/05/UNKILLABLE.html
 srcCode = ''
  #include <linux/init.h>
  #include <linux/module.h>
  #include <linux/kernel.h>
  #include <linux/types.h>
  #include <linux/proc_fs.h>
  #include <linux/sched.h>
  #include <linux/sched/signal.h>
  #include <linux/pid.h>
  MODULE_LICENSE("GPL");
  void unkillable_exit(void);
  int unkillable_init(void);
  /* device access functions */
  ssize_t unkillable_write(struct file *filp, const char *buf, size_t count, loff_t *f_pos);
  ssize_t unkillable_read(struct file *filp, char *buf, size_t count, loff_t *f_pos);
  int unkillable_open(struct inode *inode, struct file *filp);
  int unkillable_release(struct inode *inode, struct file *filp);
  struct file_operations unkillable_fops = {
    .read = unkillable_read,
    .write = unkillable_write,
    .open = unkillable_open,
    .release = unkillable_release
  };
  /* Declaration of the init and exit functions */
  module_init(unkillable_init);
  module_exit(unkillable_exit);
  int unkillable_major = 117;
  int unkillable_init(void) 
  {
    if (register_chrdev(unkillable_major, "unkillable", &unkillable_fops) < 0 ) {
      printk("Unkillable: cannot obtain major number %d\n", unkillable_major);
      return 1;
    }
    printk("Inserting unkillable module\n"); 
    return 0;
  }
  void unkillable_exit(void) 
  {
    unregister_chrdev(unkillable_major, "unkillable");
    printk("Removing unkillable module\n");
  }
  int unkillable_open(struct inode *inode, struct file *filp) 
  {
    return 0;
  }
  int unkillable_release(struct inode *inode, struct file *filp) 
  {
    return 0;
  }
  ssize_t unkillable_read(struct file *filp, char *buf, size_t count, loff_t *f_pos) 
  { 
    struct pid *pid_struct;
    struct task_struct *p;
    /* interpret count to read as target pid */
    printk("Unkillable: Got pid %d", (int) count);
    /* get the pid struct */
    pid_struct = find_get_pid((int) count);
    /* get the task_struct from the pid */
    p = pid_task(pid_struct, PIDTYPE_PID);
    /* add the flag */
    p->signal->flags = p->signal->flags | SIGNAL_UNKILLABLE;
    printk("Unkillable: pid %d marked as unkillable\n", (int) count);
    if (*f_pos == 0) { 
      *f_pos+=1; 
      return 1; 
    } else { 
      return 0; 
    }
  }
  ssize_t unkillable_write(struct file *filp, const char *buf, size_t count, loff_t *f_pos) 
  {
    return 0;
  }
 '';
 srcMakeFile = ''
 obj-m := unkillable.o
 all:
 ${"\t"}$(MAKE) -C $(KERNEL_DIR) M=$(PWD) modules
 unkillable.o:
 ${"\t"}$(CC) unkillable.c -o unkillable.o
 install:
 ${"\t"}$(MAKE) -C $(KERNEL_DIR) M=$(PWD) modules_install
 '';
 srcMakeFileFull = ''
  obj-m += unkillable.o
  all:
    make -C /lib/modules/$KERNELRELEASE/build M=$(PWD) modules
  clean:
    make -C /lib/modules/$KERNELRELEASE/build M=$(PWD) clean
  install:
    sudo insmod unkillable.ko
  uninstall:
    sudo rmmod unkillable
  mknod:
    sudo mknod /dev/unkillable c 117 0
    sudo chmod 666 /dev/unkillable
 '';
 in stdenv.mkDerivation rec {
  name = "unkillableKernelModule-${version}-${kernel.version}";
  version = "0.1";
  src = stdenv.mkDerivation {
    name = "unkillableKernelModule-source";
    dontUnpack = true;
    dontPatch = true;
    dontConfigure = true;
    buildPhase = ''
      mkdir -p $out
      echo '${srcCode}' > $out/unkillable.c
      echo '${srcMakeFile}' > $out/Makefile
    '';
  };
  #preUnpack = ''
  # mkdir -p source/linux/unkillableKernelModule
  # '';
  #sourceRoot = "source/linux/unkillableKernelModule";
  hardeningDisable = [ "pic" "format" ];
  nativeBuildInputs = kernel.moduleBuildDependencies;
  makeFlags = [
    "KERNELRELEASE=${kernel.modDirVersion}"
    "KERNEL_DIR=${kernel.dev}/lib/modules/${kernel.modDirVersion}/build"
    "INSTALL_MOD_PATH=$(out)"
  ];
  meta = with lib; {
    description = "A kernel module that makes a char-device /dev/unkillable, from which you can read($your_pid) from, which then makes your process unkillable. code from: https://ortiz.sh/linux/2020/07/05/UNKILLABLE.html";
    homepage = "https://ortiz.sh/linux/2020/07/05/UNKILLABLE.html";
    license = licenses.gpl2;
    maintainers = [ ];
    platforms = platforms.linux;
  };
 }
--- a/random-pkgs.nix
+++ b/random-pkgs.nix
@@ -4,10 +4,14 @@
 }: let
  pkgs = import nixpkgs { inherit system; };
 in rec {
  zephyr = inputs.zephyr-nix.packages.${system};
  one = inputs.zephyr-nix;
  two-shell = pkgs.mkShell {
    packages = with pkgs; [
      (zephyr.sdk.override {
@@ -27,13 +31,18 @@ in rec {
      export ZEPHYR_BASE=${inputs.zephyr-nix.inputs.zephyr};
    '';
  };
  three = inputs.zmk-nix.legacyPackages.${system}.fetchZephyrDeps {
    name = "testing-deps";
    hash = "";
    src = self;
  };
  four = inputs.zephyr-nix.packages.${system}.buildZephyrWorkspace;
  keyboardRight = inputs.zmk-nix.legacyPackages.${system}.buildKeyboard {
    name = "firmware-right";
@@ -48,6 +57,7 @@ in rec {
    zephyrDepsHash = "sha256-/ECQR3x0hzVGB7icGuWeyyNC9HuWmCgS5xA8r30gCAw=";
  };
  keyboardLeft = inputs.zmk-nix.legacyPackages.${system}.buildKeyboard {
    name = "firmware-left";
@@ -62,6 +72,8 @@ in rec {
    zephyrDepsHash = "sha256-/ECQR3x0hzVGB7icGuWeyyNC9HuWmCgS5xA8r30gCAw=";
  };
  keyboardBoth = inputs.zmk-nix.legacyPackages.${system}.buildSplitKeyboard {
    name = "firmware";
@@ -76,6 +88,12 @@ in rec {
    zephyrDepsHash = "sha256-/ECQR3x0hzVGB7icGuWeyyNC9HuWmCgS5xA8r30gCAw=";
  };
  unkillableKernelModule = mypkgs.callPackage ./mods/unkillable-process-kernel-module.nix {
    kernel = self.nixosConfigurations.main.config.boot.kernelPackages.kernel;
  };
  usbip-kernel = self.nixosConfigurations.main.config.system.build.kernel.overrideAttrs (prev: {
    kernelPatches = prev.kernelPatches or [] ++ [ {
      name = "usbip";