From c5ea57aa2b11835dfc2f4dc50a8813c750b569ef Mon Sep 17 00:00:00 2001
From: Coleman Kane <ckane@colemankane.org>
Date: Thu, 4 Nov 2021 22:49:43 -0400
Subject: [PATCH 1/2] Compile eBPF programlets with -fno-stack-protector

The eBPF programlets cannot be built with -fno-stack-protector, as they
won't be linked to the supporting code, as it doesn't make sense in
their context. Add -fno-stack-protector to the build_ebpf line so that
they won't be built with this feature when the feature is enabled for
the userland parts of the project.
---
 CMakeLists.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 2d614e7..d2ed99f 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -399,7 +399,7 @@ set(CLANG_INCLUDES
 function(build_ebpf ebpfsrc)
     add_custom_command(TARGET sysinternalsEBPF
                        PRE_BUILD
-                       COMMAND "${CLANG}" -nostdinc -isystem `gcc -print-file-name=include` ${CLANG_INCLUDES} ${CLANG_DEFINES} -O2 ${CLANG_OPTIONS} -emit-llvm -c "${CMAKE_SOURCE_DIR}/ebpfKern/${ebpfsrc}.c" -o -| "${LLC}" -march=bpf -filetype=obj -o "${ebpfsrc}.o"
+                       COMMAND "${CLANG}" -nostdinc -isystem `gcc -print-file-name=include` ${CLANG_INCLUDES} ${CLANG_DEFINES} -O2 ${CLANG_OPTIONS} -emit-llvm -fno-stack-protector -c "${CMAKE_SOURCE_DIR}/ebpfKern/${ebpfsrc}.c" -o -| "${LLC}" -march=bpf -filetype=obj -o "${ebpfsrc}.o"
                        COMMENT "Building EBPF object ${ebpfsrc}.o"
                        DEPENDS ebpfKern/${ebpfsrc}.c ${EBPF_DEPENDS}
                        )

From 0afa24bab3d024da782a955c66d2a30b473e8e34 Mon Sep 17 00:00:00 2001
From: Coleman Kane <ckane@colemankane.org>
Date: Thu, 4 Nov 2021 22:52:09 -0400
Subject: [PATCH 2/2] Replace the labs(...) attempts with an unsigned-safe
 approach

The compiler complains that the value inside the labs(...) calls in both
places in this commit is an unsigned value, and always unsigned. Move
the value being subtracted to the right-hand-side as an addition, and
remove the labs(...) calls that would always return true.
---
 discoverOffsets.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/discoverOffsets.c b/discoverOffsets.c
index dc28a01..eb53ea4 100644
--- a/discoverOffsets.c
+++ b/discoverOffsets.c
@@ -172,7 +172,7 @@ void memDumpCloseAll()
 //--------------------------------------------------------------------
 bool isPointer(uint64_t ptr)
 {
-    if (labs(ptr - memAddrs[task]) < MAX_POINTER_DIFF) {
+    if (ptr < (MAX_POINTER_DIFF + memAddrs[task])) {
         return true;
     } else {
         return false;
@@ -189,7 +189,7 @@ bool isPointer(uint64_t ptr)
 //--------------------------------------------------------------------
 bool near(uint64_t a, uint64_t b, uint64_t range)
 {
-    if (labs(a - b) <= range) {
+    if (a <= (range + b)) {
         return true;
     } else {
         return false;