1 /*- 2 * Copyright (c) 2011, David E. O'Brien. 3 * Copyright (c) 2009-2011, Juniper Networks, Inc. 4 * Copyright (c) 2015, EMC Corp. 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY JUNIPER NETWORKS AND CONTRIBUTORS ``AS IS'' AND 17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19 * ARE DISCLAIMED. IN NO EVENT SHALL JUNIPER NETWORKS OR CONTRIBUTORS BE LIABLE 20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26 * SUCH DAMAGE. 27 */ 28 29 #include <sys/cdefs.h> 30 __FBSDID("$FreeBSD$"); 31 32 #include "opt_compat.h" 33 34 #include <sys/param.h> 35 #include <sys/file.h> 36 #include <sys/systm.h> 37 #include <sys/buf.h> 38 #include <sys/condvar.h> 39 #include <sys/conf.h> 40 #include <sys/fcntl.h> 41 #include <sys/ioccom.h> 42 #include <sys/kernel.h> 43 #include <sys/lock.h> 44 #include <sys/malloc.h> 45 #include <sys/module.h> 46 #include <sys/poll.h> 47 #include <sys/proc.h> 48 #include <sys/queue.h> 49 #include <sys/sx.h> 50 #include <sys/syscall.h> 51 #include <sys/sysent.h> 52 #include <sys/sysproto.h> 53 #include <sys/uio.h> 54 55 #if __FreeBSD_version >= 900041 56 #include <sys/capsicum.h> 57 #endif 58 59 #include "filemon.h" 60 61 #if defined(COMPAT_IA32) || defined(COMPAT_FREEBSD32) || defined(COMPAT_ARCH32) 62 #include <compat/freebsd32/freebsd32_syscall.h> 63 #include <compat/freebsd32/freebsd32_proto.h> 64 65 extern struct sysentvec ia32_freebsd_sysvec; 66 #endif 67 68 extern struct sysentvec elf32_freebsd_sysvec; 69 extern struct sysentvec elf64_freebsd_sysvec; 70 71 static d_close_t filemon_close; 72 static d_ioctl_t filemon_ioctl; 73 static d_open_t filemon_open; 74 static int filemon_unload(void); 75 static void filemon_load(void *); 76 77 static struct cdevsw filemon_cdevsw = { 78 .d_version = D_VERSION, 79 .d_close = filemon_close, 80 .d_ioctl = filemon_ioctl, 81 .d_open = filemon_open, 82 .d_name = "filemon", 83 }; 84 85 MALLOC_DECLARE(M_FILEMON); 86 MALLOC_DEFINE(M_FILEMON, "filemon", "File access monitor"); 87 88 struct filemon { 89 TAILQ_ENTRY(filemon) link; /* Link into the in-use list. */ 90 struct sx lock; /* Lock mutex for this filemon. */ 91 struct file *fp; /* Output file pointer. */ 92 pid_t pid; /* The process ID being monitored. */ 93 char fname1[MAXPATHLEN]; /* Temporary filename buffer. */ 94 char fname2[MAXPATHLEN]; /* Temporary filename buffer. */ 95 char msgbufr[1024]; /* Output message buffer. */ 96 }; 97 98 static TAILQ_HEAD(, filemon) filemons_inuse = TAILQ_HEAD_INITIALIZER(filemons_inuse); 99 static TAILQ_HEAD(, filemon) filemons_free = TAILQ_HEAD_INITIALIZER(filemons_free); 100 static struct sx access_lock; 101 102 static struct cdev *filemon_dev; 103 104 #include "filemon_lock.c" 105 #include "filemon_wrapper.c" 106 107 static void 108 filemon_dtr(void *data) 109 { 110 struct filemon *filemon = data; 111 112 if (filemon != NULL) { 113 struct file *fp = filemon->fp; 114 115 /* Get exclusive write access. */ 116 filemon_lock_write(); 117 118 /* Remove from the in-use list. */ 119 TAILQ_REMOVE(&filemons_inuse, filemon, link); 120 121 filemon->fp = NULL; 122 filemon->pid = -1; 123 124 /* Add to the free list. */ 125 TAILQ_INSERT_TAIL(&filemons_free, filemon, link); 126 127 /* Give up write access. */ 128 filemon_unlock_write(); 129 130 if (fp != NULL) 131 fdrop(fp, curthread); 132 } 133 } 134 135 static int 136 filemon_ioctl(struct cdev *dev, u_long cmd, caddr_t data, int flag __unused, 137 struct thread *td) 138 { 139 int error = 0; 140 struct filemon *filemon; 141 struct proc *p; 142 #if __FreeBSD_version >= 900041 143 cap_rights_t rights; 144 #endif 145 146 devfs_get_cdevpriv((void **) &filemon); 147 148 switch (cmd) { 149 /* Set the output file descriptor. */ 150 case FILEMON_SET_FD: 151 error = fget_write(td, *(int *)data, 152 #if __FreeBSD_version >= 900041 153 cap_rights_init(&rights, CAP_PWRITE), 154 #endif 155 &filemon->fp); 156 if (error == 0) 157 /* Write the file header. */ 158 filemon_comment(filemon); 159 break; 160 161 /* Set the monitored process ID. */ 162 case FILEMON_SET_PID: 163 error = pget(*((pid_t *)data), PGET_CANDEBUG | PGET_NOTWEXIT, 164 &p); 165 if (error == 0) { 166 filemon->pid = p->p_pid; 167 PROC_UNLOCK(p); 168 } 169 break; 170 171 default: 172 error = EINVAL; 173 break; 174 } 175 176 return (error); 177 } 178 179 static int 180 filemon_open(struct cdev *dev, int oflags __unused, int devtype __unused, 181 struct thread *td __unused) 182 { 183 struct filemon *filemon; 184 185 /* Get exclusive write access. */ 186 filemon_lock_write(); 187 188 if ((filemon = TAILQ_FIRST(&filemons_free)) != NULL) 189 TAILQ_REMOVE(&filemons_free, filemon, link); 190 191 /* Give up write access. */ 192 filemon_unlock_write(); 193 194 if (filemon == NULL) { 195 filemon = malloc(sizeof(struct filemon), M_FILEMON, 196 M_WAITOK | M_ZERO); 197 sx_init(&filemon->lock, "filemon"); 198 } 199 200 filemon->pid = curproc->p_pid; 201 202 devfs_set_cdevpriv(filemon, filemon_dtr); 203 204 /* Get exclusive write access. */ 205 filemon_lock_write(); 206 207 /* Add to the in-use list. */ 208 TAILQ_INSERT_TAIL(&filemons_inuse, filemon, link); 209 210 /* Give up write access. */ 211 filemon_unlock_write(); 212 213 return (0); 214 } 215 216 static int 217 filemon_close(struct cdev *dev __unused, int flag __unused, int fmt __unused, 218 struct thread *td __unused) 219 { 220 221 return (0); 222 } 223 224 static void 225 filemon_load(void *dummy __unused) 226 { 227 sx_init(&access_lock, "filemons_inuse"); 228 229 /* Install the syscall wrappers. */ 230 filemon_wrapper_install(); 231 232 filemon_dev = make_dev(&filemon_cdevsw, 0, UID_ROOT, GID_WHEEL, 0666, 233 "filemon"); 234 } 235 236 static int 237 filemon_unload(void) 238 { 239 struct filemon *filemon; 240 int error = 0; 241 242 /* Get exclusive write access. */ 243 filemon_lock_write(); 244 245 if (TAILQ_FIRST(&filemons_inuse) != NULL) 246 error = EBUSY; 247 else { 248 destroy_dev(filemon_dev); 249 250 /* Deinstall the syscall wrappers. */ 251 filemon_wrapper_deinstall(); 252 } 253 254 /* Give up write access. */ 255 filemon_unlock_write(); 256 257 if (error == 0) { 258 /* free() filemon structs free list. */ 259 filemon_lock_write(); 260 while ((filemon = TAILQ_FIRST(&filemons_free)) != NULL) { 261 TAILQ_REMOVE(&filemons_free, filemon, link); 262 sx_destroy(&filemon->lock); 263 free(filemon, M_FILEMON); 264 } 265 filemon_unlock_write(); 266 267 sx_destroy(&access_lock); 268 } 269 270 return (error); 271 } 272 273 static int 274 filemon_modevent(module_t mod __unused, int type, void *data) 275 { 276 int error = 0; 277 278 switch (type) { 279 case MOD_LOAD: 280 filemon_load(data); 281 break; 282 283 case MOD_UNLOAD: 284 error = filemon_unload(); 285 break; 286 287 case MOD_SHUTDOWN: 288 break; 289 290 default: 291 error = EOPNOTSUPP; 292 break; 293 294 } 295 296 return (error); 297 } 298 299 DEV_MODULE(filemon, filemon_modevent, NULL); 300 MODULE_VERSION(filemon, 1); 301