Handling discrepancies between /lib/modules and /boot

README.md

@@ -17,7 +17,7 @@ out-of-tree is for automating some routine actions for creating development envi
     $ curl -fsSL https://get.docker.com | sh
 	$ sudo usermod -aG docker user && newgrp docker
     $ curl -L https://nixos.org/nix/install | sh
-    $ nix-env -iA nixpkgs.out-of-tree
+    $ nix-env -iA nixpkgs.out-of-tree # Note: may not be up to date immediately, in this case consider installing from source
 
 Note that adding a user to group *docker* has serious security implications. Check Docker documentation for more information.
 
@@ -25,45 +25,25 @@ Note that adding a user to group *docker* has serious security implications. Che
 
     $ brew cask install docker
     $ open --background -a Docker && sleep 1m
-    $ brew tap jollheef/repo
+    $ brew tap out-of-tree/repo
     $ brew install out-of-tree
 
 Read [documentation](https://out-of-tree.readthedocs.io) for further info.
 
 ## Examples
 
-Run by absolute path
+Generate all Ubuntu 22.04 kernels:
 
-    $ out-of-tree --path /path/to/exploit/directory pew
+    $ out-of-tree kernel genall --distro=Ubuntu --ver=22.04
 
-Test only with one kernel:
+Run tests based on .out-of-tree.toml definitions:
 
-    $ out-of-tree pew --kernel='Ubuntu:5.4.0-29-generic
+	$ out-of-tree pew
+
+Test with a specific kernel:
+
+    $ out-of-tree pew --kernel='Ubuntu:5.4.0-29-generic'
 
 Run debug environment:
 
-    $ out-of-tree debug --kernel='Ubuntu:5.4.0-29-generic
+    $ out-of-tree debug --kernel='Ubuntu:5.4.0-29-generic'
-
-Test binary module/exploit with implicit defined test ($BINARY_test)
-
-    $ out-of-tree pew --binary /path/to/exploit
-
-Test binary module/exploit with explicit defined test
-
-    $ out-of-tree pew --binary /path/to/exploit --test /path/to/exploit_test
-
-Guess work kernels:
-
-    $ out-of-tree pew --guess
-
-Use custom kernels config
-
-    $ out-of-tree --kernels /path/to/kernels.toml pew
-
-Generate all kernels
-
-    $ out-of-tree kernel genall --distro Ubuntu --ver 22.04
-
-## Development
-
-Read [Qemu API](qemu/README.md).

go.mod

@@ -1,27 +1,50 @@
 module code.dumpstack.io/tools/out-of-tree
 
-go 1.14
+go 1.17
 
 replace code.dumpstack.io/tools/out-of-tree/qemu => ./qemu
 
 replace code.dumpstack.io/tools/out-of-tree/config => ./config
 
 require (
-	github.com/BurntSushi/toml v1.2.1 // indirect
 	github.com/alecthomas/kong v0.7.1
 	github.com/go-git/go-git/v5 v5.6.1
-	github.com/kylelemons/godebug v1.1.0 // indirect
 	github.com/mattn/go-sqlite3 v1.14.16
 	github.com/mitchellh/go-homedir v1.1.0
-	github.com/naoina/go-stringutil v0.1.0 // indirect
 	github.com/naoina/toml v0.1.1
 	github.com/natefinch/lumberjack v2.0.0+incompatible
 	github.com/olekukonko/tablewriter v0.0.5
-	github.com/otiai10/copy v1.9.0
+	github.com/otiai10/copy v1.10.0
 	github.com/remeh/sizedwaitgroup v1.0.0
 	github.com/rs/zerolog v1.29.0
 	github.com/zcalusic/sysinfo v0.9.5
 	golang.org/x/crypto v0.7.0
 	gopkg.in/logrusorgru/aurora.v2 v2.0.3
-	gopkg.in/natefinch/lumberjack.v2 v2.2.1 // indirect
+)
+
+require (
+	github.com/BurntSushi/toml v1.2.1 // indirect
+	github.com/Microsoft/go-winio v0.5.2 // indirect
+	github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8 // indirect
+	github.com/acomagu/bufpipe v1.0.4 // indirect
+	github.com/cloudflare/circl v1.1.0 // indirect
+	github.com/emirpasic/gods v1.18.1 // indirect
+	github.com/go-git/gcfg v1.5.0 // indirect
+	github.com/go-git/go-billy/v5 v5.4.1 // indirect
+	github.com/imdario/mergo v0.3.13 // indirect
+	github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
+	github.com/kevinburke/ssh_config v1.2.0 // indirect
+	github.com/kylelemons/godebug v1.1.0 // indirect
+	github.com/mattn/go-colorable v0.1.12 // indirect
+	github.com/mattn/go-isatty v0.0.14 // indirect
+	github.com/mattn/go-runewidth v0.0.9 // indirect
+	github.com/naoina/go-stringutil v0.1.0 // indirect
+	github.com/pjbgf/sha1cd v0.3.0 // indirect
+	github.com/sergi/go-diff v1.1.0 // indirect
+	github.com/skeema/knownhosts v1.1.0 // indirect
+	github.com/xanzy/ssh-agent v0.3.3 // indirect
+	golang.org/x/net v0.8.0 // indirect
+	golang.org/x/sys v0.6.0 // indirect
+	gopkg.in/natefinch/lumberjack.v2 v2.2.1 // indirect
+	gopkg.in/warnings.v0 v0.1.2 // indirect
 )

go.sum

@@ -80,14 +80,10 @@ github.com/natefinch/lumberjack v2.0.0+incompatible/go.mod h1:Wi9p2TTF5DG5oU+6Yf
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
 github.com/olekukonko/tablewriter v0.0.5 h1:P2Ga83D34wi1o9J6Wh1mRuqd4mF/x/lgBS7N7AbDhec=
 github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY=
-github.com/otiai10/copy v1.9.0 h1:7KFNiCgZ91Ru4qW4CWPf/7jqtxLagGRmIxWldPP9VY4=
+github.com/otiai10/copy v1.10.0 h1:znyI7l134wNg/wDktoVQPxPkgvhDfGCYUasey+h0rDQ=
-github.com/otiai10/copy v1.9.0/go.mod h1:hsfX19wcn0UWIHUQ3/4fHuehhk2UyArQ9dVFAn3FczI=
+github.com/otiai10/copy v1.10.0/go.mod h1:rSaLseMUsZFFbsFGc7wCJnnkTAvdc5L6VWxPE4308Ww=
-github.com/otiai10/curr v0.0.0-20150429015615-9b4961190c95/go.mod h1:9qAhocn7zKJG+0mI8eUu6xqkFDYS2kb2saOteoSB3cE=
+github.com/otiai10/mint v1.5.1 h1:XaPLeE+9vGbuyEHem1JNk3bYc7KKqyI/na0/mLd/Kks=
-github.com/otiai10/curr v1.0.0 h1:TJIWdbX0B+kpNagQrjgq8bCMrbhiuX73M2XwgtDMoOI=
+github.com/otiai10/mint v1.5.1/go.mod h1:MJm72SBthJjz8qhefc4z1PYEieWmy8Bku7CjcAqyUSM=
-github.com/otiai10/curr v1.0.0/go.mod h1:LskTG5wDwr8Rs+nNQ+1LlxRjAtTZZjtJW4rMXl6j4vs=
-github.com/otiai10/mint v1.3.0/go.mod h1:F5AjcsTsWUqX+Na9fpHb52P8pcRX2CI6A3ctIT91xUo=
-github.com/otiai10/mint v1.4.0 h1:umwcf7gbpEwf7WFzqmWwSv0CzbeMsae2u9ZvpP8j2q4=
-github.com/otiai10/mint v1.4.0/go.mod h1:gifjb2MYOoULtKLqUAEILUG/9KONW6f7YsJ6vQLTlFI=
 github.com/pjbgf/sha1cd v0.3.0 h1:4D5XXmUUBUl/xQ6IjCkEAbqXskkq/4O7LmGn0AqMDs4=
 github.com/pjbgf/sha1cd v0.3.0/go.mod h1:nZ1rrWOcGJ5uZgEEVL1VUM9iRQiZvWdbZjkKyFzPPsI=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=

kernel.go

@@ -513,32 +513,34 @@ func installKernel(sk config.KernelMask, pkgname string, force, headers bool) (e
 	return
 }
 
-func genKernelPath(files []os.FileInfo, kname string) string {
+func findKernelFile(files []os.FileInfo, kname string) (name string, err error) {
 	for _, file := range files {
 		if strings.HasPrefix(file.Name(), "vmlinuz") {
 			if strings.Contains(file.Name(), kname) {
-				return file.Name()
+				name = file.Name()
+				return
 			}
 		}
 	}
 
-	log.Fatal().Msgf("cannot find kernel %s", kname)
+	err = errors.New("cannot find kernel")
-	return ""
+	return
 }
 
-func genInitrdPath(files []os.FileInfo, kname string) string {
+func findInitrdFile(files []os.FileInfo, kname string) (name string, err error) {
 	for _, file := range files {
 		if strings.HasPrefix(file.Name(), "initrd") ||
 			strings.HasPrefix(file.Name(), "initramfs") {
 
 			if strings.Contains(file.Name(), kname) {
-				return file.Name()
+				name = file.Name()
+				return
 			}
 		}
 	}
 
-	log.Fatal().Msgf("cannot find initrd %s", kname)
+	err = errors.New("cannot find kernel")
-	return ""
+	return
 }
 
 func genRootfsImage(d containerImageInfo, download bool) (rootfs string, err error) {
@@ -640,16 +642,29 @@ func listContainersKernels(dii containerImageInfo, newkcfg *config.KernelConfig,
 	}
 
 	for _, krel := range moddirs {
+		log.Debug().Msgf("generate config entry for %s", krel.Name())
+
+		var kernelFile, initrdFile string
+		kernelFile, err = findKernelFile(bootfiles, krel.Name())
+		if err != nil {
+			log.Warn().Msgf("cannot find kernel %s", krel.Name())
+			continue
+		}
+
+		initrdFile, err = findInitrdFile(bootfiles, krel.Name())
+		if err != nil {
+			log.Warn().Msgf("cannot find initrd %s", krel.Name())
+			continue
+		}
+
 		ki := config.KernelInfo{
 			DistroType:    dii.DistroType,
 			DistroRelease: dii.DistroRelease,
 			KernelRelease: krel.Name(),
 			ContainerName: dii.Name,
 
-			KernelPath: c.Volumes.Boot + "/" +
+			KernelPath:  c.Volumes.Boot + "/" + kernelFile,
-				genKernelPath(bootfiles, krel.Name()),
+			InitrdPath:  c.Volumes.Boot + "/" + initrdFile,
-			InitrdPath: c.Volumes.Boot + "/" +
-				genInitrdPath(bootfiles, krel.Name()),
 			ModulesPath: c.Volumes.LibModules + "/" + krel.Name(),
 
 			RootFS: rootfs,

kernel_linux.go

@@ -37,7 +37,7 @@ func genHostKernels(download bool) (kcfg config.KernelConfig, err error) {
 	}
 
 	kernelsBase := "/boot/"
-	files, err := ioutil.ReadDir(kernelsBase)
+	bootfiles, err := ioutil.ReadDir(kernelsBase)
 	if err != nil {
 		return
 	}
@@ -55,20 +55,35 @@ func genHostKernels(download bool) (kcfg config.KernelConfig, err error) {
 		return
 	}
 
-	for _, k := range strings.Fields(string(rawOutput)) {
+	for _, krel := range strings.Fields(string(rawOutput)) {
+		log.Debug().Msgf("generate config entry for %s", krel)
+
+		var kernelFile, initrdFile string
+		kernelFile, err = findKernelFile(bootfiles, krel)
+		if err != nil {
+			log.Warn().Msgf("cannot find kernel %s", krel)
+			continue
+		}
+
+		initrdFile, err = findInitrdFile(bootfiles, krel)
+		if err != nil {
+			log.Warn().Msgf("cannot find initrd %s", krel)
+			continue
+		}
+
 		ki := config.KernelInfo{
 			DistroType:    distroType,
 			DistroRelease: si.OS.Version,
-			KernelRelease: k,
+			KernelRelease: krel,
 
-			KernelSource: "/lib/modules/" + k + "/build",
+			KernelSource: "/lib/modules/" + krel + "/build",
 
-			KernelPath: kernelsBase + genKernelPath(files, k),
+			KernelPath: kernelsBase + kernelFile,
-			InitrdPath: kernelsBase + genInitrdPath(files, k),
+			InitrdPath: kernelsBase + initrdFile,
 			RootFS:     rootfs,
 		}
 
-		vmlinux := "/usr/lib/debug/boot/vmlinux-" + k
+		vmlinux := "/usr/lib/debug/boot/vmlinux-" + krel
 		log.Print("vmlinux", vmlinux)
 		if exists(vmlinux) {
 			ki.VmlinuxPath = vmlinux