xref: /freebsd/sys/dev/filemon/filemon.c (revision d940bfec8c329dd82d8d54efebd81c8aa420503b) 
1 /*-
2  * Copyright (c) 2011, David E. O'Brien.
3  * Copyright (c) 2009-2011, Juniper Networks, Inc.
4  * All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  * 1. Redistributions of source code must retain the above copyright
10  *    notice, this list of conditions and the following disclaimer.
11  * 2. Redistributions in binary form must reproduce the above copyright
12  *    notice, this list of conditions and the following disclaimer in the
13  *    documentation and/or other materials provided with the distribution.
14  *
15  * THIS SOFTWARE IS PROVIDED BY JUNIPER NETWORKS AND CONTRIBUTORS ``AS IS'' AND
16  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18  * ARE DISCLAIMED. IN NO EVENT SHALL JUNIPER NETWORKS OR CONTRIBUTORS BE LIABLE
19  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25  * SUCH DAMAGE.
26  */
27 
28 #include <sys/cdefs.h>
29 __FBSDID("$FreeBSD$");
30 
31 #include "opt_compat.h"
32 
33 #include <sys/param.h>
34 #include <sys/file.h>
35 #include <sys/systm.h>
36 #include <sys/buf.h>
37 #include <sys/condvar.h>
38 #include <sys/conf.h>
39 #include <sys/fcntl.h>
40 #include <sys/ioccom.h>
41 #include <sys/kernel.h>
42 #include <sys/malloc.h>
43 #include <sys/module.h>
44 #include <sys/mutex.h>
45 #include <sys/poll.h>
46 #include <sys/proc.h>
47 #include <sys/queue.h>
48 #include <sys/syscall.h>
49 #include <sys/sysent.h>
50 #include <sys/sysproto.h>
51 #include <sys/uio.h>
52 
53 #if __FreeBSD_version >= 900041
54 #include <sys/capability.h>
55 #endif
56 
57 #include "filemon.h"
58 
59 #if defined(COMPAT_IA32) || defined(COMPAT_FREEBSD32) || defined(COMPAT_ARCH32)
60 #include <compat/freebsd32/freebsd32_syscall.h>
61 #include <compat/freebsd32/freebsd32_proto.h>
62 
63 extern struct sysentvec ia32_freebsd_sysvec;
64 #endif
65 
66 extern struct sysentvec elf32_freebsd_sysvec;
67 extern struct sysentvec elf64_freebsd_sysvec;
68 
69 static d_close_t	filemon_close;
70 static d_ioctl_t	filemon_ioctl;
71 static d_open_t		filemon_open;
72 static int		filemon_unload(void);
73 static void		filemon_load(void *);
74 
75 static struct cdevsw filemon_cdevsw = {
76 	.d_version	= D_VERSION,
77 	.d_close	= filemon_close,
78 	.d_ioctl	= filemon_ioctl,
79 	.d_open		= filemon_open,
80 	.d_name		= "filemon",
81 };
82 
83 MALLOC_DECLARE(M_FILEMON);
84 MALLOC_DEFINE(M_FILEMON, "filemon", "File access monitor");
85 
86 struct filemon {
87 	TAILQ_ENTRY(filemon) link;	/* Link into the in-use list. */
88 	struct mtx	mtx;		/* Lock mutex for this filemon. */
89 	struct cv	cv;		/* Lock condition variable for this
90 					   filemon. */
91 	struct file	*fp;		/* Output file pointer. */
92 	struct thread	*locker;	/* Ptr to the thread locking this
93 					   filemon. */
94 	pid_t		pid;		/* The process ID being monitored. */
95 	char		fname1[MAXPATHLEN]; /* Temporary filename buffer. */
96 	char		fname2[MAXPATHLEN]; /* Temporary filename buffer. */
97 	char		msgbufr[1024];	/* Output message buffer. */
98 };
99 
100 static TAILQ_HEAD(, filemon) filemons_inuse = TAILQ_HEAD_INITIALIZER(filemons_inuse);
101 static TAILQ_HEAD(, filemon) filemons_free = TAILQ_HEAD_INITIALIZER(filemons_free);
102 static int n_readers = 0;
103 static struct mtx access_mtx;
104 static struct cv access_cv;
105 static struct thread *access_owner = NULL;
106 static struct thread *access_requester = NULL;
107 
108 static struct cdev *filemon_dev;
109 
110 #include "filemon_lock.c"
111 #include "filemon_wrapper.c"
112 
113 static void
114 filemon_dtr(void *data)
115 {
116 	struct filemon *filemon = data;
117 
118 	if (filemon != NULL) {
119 		struct file *fp = filemon->fp;
120 
121 		/* Get exclusive write access. */
122 		filemon_lock_write();
123 
124 		/* Remove from the in-use list. */
125 		TAILQ_REMOVE(&filemons_inuse, filemon, link);
126 
127 		filemon->fp = NULL;
128 		filemon->pid = -1;
129 
130 		/* Add to the free list. */
131 		TAILQ_INSERT_TAIL(&filemons_free, filemon, link);
132 
133 		/* Give up write access. */
134 		filemon_unlock_write();
135 
136 		if (fp != NULL)
137 			fdrop(fp, curthread);
138 	}
139 }
140 
141 #if __FreeBSD_version < 900041
142 #define FGET_WRITE(a1, a2, a3) fget_write((a1), (a2), (a3))
143 #else
144 #define FGET_WRITE(a1, a2, a3) fget_write((a1), (a2), CAP_WRITE | CAP_SEEK, (a3))
145 #endif
146 
147 static int
148 filemon_ioctl(struct cdev *dev, u_long cmd, caddr_t data, int flag __unused,
149     struct thread *td)
150 {
151 	int error = 0;
152 	struct filemon *filemon;
153 	struct proc *p;
154 
155 	devfs_get_cdevpriv((void **) &filemon);
156 
157 	switch (cmd) {
158 	/* Set the output file descriptor. */
159 	case FILEMON_SET_FD:
160 		if ((error = FGET_WRITE(td, *(int *)data, &filemon->fp)) == 0)
161 			/* Write the file header. */
162 			filemon_comment(filemon);
163 		break;
164 
165 	/* Set the monitored process ID. */
166 	case FILEMON_SET_PID:
167 		error = pget(*((pid_t *)data), PGET_CANDEBUG | PGET_NOTWEXIT,
168 		    &p);
169 		if (error == 0) {
170 			filemon->pid = p->p_pid;
171 			PROC_UNLOCK(p);
172 		}
173 		break;
174 
175 	default:
176 		error = EINVAL;
177 		break;
178 	}
179 
180 	return (error);
181 }
182 
183 static int
184 filemon_open(struct cdev *dev, int oflags __unused, int devtype __unused,
185     struct thread *td __unused)
186 {
187 	struct filemon *filemon;
188 
189 	/* Get exclusive write access. */
190 	filemon_lock_write();
191 
192 	if ((filemon = TAILQ_FIRST(&filemons_free)) != NULL)
193 		TAILQ_REMOVE(&filemons_free, filemon, link);
194 
195 	/* Give up write access. */
196 	filemon_unlock_write();
197 
198 	if (filemon == NULL) {
199 		filemon = malloc(sizeof(struct filemon), M_FILEMON,
200 		    M_WAITOK | M_ZERO);
201 
202 		filemon->fp = NULL;
203 
204 		mtx_init(&filemon->mtx, "filemon", "filemon", MTX_DEF);
205 		cv_init(&filemon->cv, "filemon");
206 	}
207 
208 	filemon->pid = curproc->p_pid;
209 
210 	devfs_set_cdevpriv(filemon, filemon_dtr);
211 
212 	/* Get exclusive write access. */
213 	filemon_lock_write();
214 
215 	/* Add to the in-use list. */
216 	TAILQ_INSERT_TAIL(&filemons_inuse, filemon, link);
217 
218 	/* Give up write access. */
219 	filemon_unlock_write();
220 
221 	return (0);
222 }
223 
224 static int
225 filemon_close(struct cdev *dev __unused, int flag __unused, int fmt __unused,
226     struct thread *td __unused)
227 {
228 
229 	return (0);
230 }
231 
232 static void
233 filemon_load(void *dummy __unused)
234 {
235 	mtx_init(&access_mtx, "filemon", "filemon", MTX_DEF);
236 	cv_init(&access_cv, "filemon");
237 
238 	/* Install the syscall wrappers. */
239 	filemon_wrapper_install();
240 
241 	filemon_dev = make_dev(&filemon_cdevsw, 0, UID_ROOT, GID_WHEEL, 0666,
242 	    "filemon");
243 }
244 
245 static int
246 filemon_unload(void)
247 {
248  	struct filemon *filemon;
249 	int error = 0;
250 
251 	/* Get exclusive write access. */
252 	filemon_lock_write();
253 
254 	if (TAILQ_FIRST(&filemons_inuse) != NULL)
255 		error = EBUSY;
256 	else {
257 		destroy_dev(filemon_dev);
258 
259 		/* Deinstall the syscall wrappers. */
260 		filemon_wrapper_deinstall();
261 	}
262 
263 	/* Give up write access. */
264 	filemon_unlock_write();
265 
266 	if (error == 0) {
267 		/* free() filemon structs free list. */
268 		filemon_lock_write();
269 		while ((filemon = TAILQ_FIRST(&filemons_free)) != NULL) {
270 			TAILQ_REMOVE(&filemons_free, filemon, link);
271 			mtx_destroy(&filemon->mtx);
272 			cv_destroy(&filemon->cv);
273 			free(filemon, M_FILEMON);
274 		}
275 		filemon_unlock_write();
276 
277 		mtx_destroy(&access_mtx);
278 		cv_destroy(&access_cv);
279 	}
280 
281 	return (error);
282 }
283 
284 static int
285 filemon_modevent(module_t mod __unused, int type, void *data)
286 {
287 	int error = 0;
288 
289 	switch (type) {
290 	case MOD_LOAD:
291 		filemon_load(data);
292 		break;
293 
294 	case MOD_UNLOAD:
295 		error = filemon_unload();
296 		break;
297 
298 	case MOD_SHUTDOWN:
299 		break;
300 
301 	default:
302 		error = EOPNOTSUPP;
303 		break;
304 
305 	}
306 
307 	return (error);
308 }
309 
310 DEV_MODULE(filemon, filemon_modevent, NULL);
311 MODULE_VERSION(filemon, 1);
312