backport to 4.14 (#59)

kernel/arch.h

@@ -15,7 +15,11 @@
 #define __PT_SP_REG sp
 #define __PT_IP_REG pc
 
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 16, 0)
 #define PRCTL_SYMBOL "__arm64_sys_prctl"
+#else
+#define PRCTL_SYMBOL "sys_prctl"
+#endif
 
 #elif defined(__x86_64__)
 
@@ -32,8 +36,11 @@
 #define __PT_RC_REG ax
 #define __PT_SP_REG sp
 #define __PT_IP_REG ip
-
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 16, 0)
 #define PRCTL_SYMBOL "__x64_sys_prctl"
+#else
+#define PRCTL_SYMBOL "sys_prctl"
+#endif
 
 #else
 #error "Unsupported arch"

kernel/ksu.c

@@ -175,7 +175,11 @@ extern void enable_sucompat();
 
 static int handler_pre(struct kprobe *p, struct pt_regs *regs)
 {
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 16, 0)
 	struct pt_regs *real_regs = (struct pt_regs *)PT_REGS_PARM1(regs);
+#else
+        struct pt_regs *real_regs = regs;
+#endif
 	int option = (int)PT_REGS_PARM1(real_regs);
 	unsigned long arg2 = (unsigned long)PT_REGS_PARM2(real_regs);
 	unsigned long arg3 = (unsigned long)PT_REGS_PARM3(real_regs);

kernel/sucompat.c

@@ -236,7 +236,11 @@ static int read_handler_pre(struct kprobe *p, struct pt_regs *regs)
 }
 
 static struct kprobe faccessat_kp = {
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 17, 0)
 	.symbol_name = "do_faccessat",
+#else
+	.symbol_name = "sys_faccessat",
+#endif
 	.pre_handler = faccessat_handler_pre,
 };
 
@@ -248,9 +252,11 @@ static struct kprobe newfstatat_kp = {
 static struct kprobe execve_kp = {
 #if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 9, 0)
 	.symbol_name = "do_execveat_common",
-#else
+#elif LINUX_VERSION_CODE >= KERNEL_VERSION(4,19,0) &&  LINUX_VERSION_CODE < KERNEL_VERSION(5,9,0)
-	.symbol_name = "__do_execve_file",
+       .symbol_name = "__do_execve_file",
-#endif
+#elif  LINUX_VERSION_CODE >= KERNEL_VERSION(4,14,0) &&  LINUX_VERSION_CODE < KERNEL_VERSION(4,19,0)
+        .symbol_name = "do_execveat_common",
+#endif	
 	.pre_handler = execve_handler_pre,
 };