1/*- 2 * Copyright (c) 2011, David E. O'Brien. 3 * Copyright (c) 2009-2011, Juniper Networks, Inc. 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY JUNIPER NETWORKS AND CONTRIBUTORS ``AS IS'' AND 16 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18 * ARE DISCLAIMED. IN NO EVENT SHALL JUNIPER NETWORKS OR CONTRIBUTORS BE LIABLE 19 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25 * SUCH DAMAGE. 26 */ 27 28#include <sys/cdefs.h> 29__FBSDID("$FreeBSD$"); 30 31#include "opt_compat.h" 32 33#include <sys/param.h> 34#include <sys/file.h> 35#include <sys/systm.h> 36#include <sys/buf.h> 37#include <sys/condvar.h> 38#include <sys/conf.h> 39#include <sys/fcntl.h> 40#include <sys/ioccom.h> 41#include <sys/kernel.h> 42#include <sys/malloc.h> 43#include <sys/module.h> 44#include <sys/mutex.h> 45#include <sys/poll.h> 46#include <sys/proc.h> 47#include <sys/queue.h> 48#include <sys/syscall.h> 49#include <sys/sysent.h> 50#include <sys/sysproto.h> 51#include <sys/uio.h> 52 53#if __FreeBSD_version >= 900041 54#include <sys/capability.h> 55#endif 56 57#include "filemon.h" 58 59#if defined(COMPAT_IA32) || defined(COMPAT_FREEBSD32) || defined(COMPAT_ARCH32) 60#include <compat/freebsd32/freebsd32_syscall.h> 61#include <compat/freebsd32/freebsd32_proto.h> 62 63extern struct sysentvec ia32_freebsd_sysvec; 64#endif 65 66extern struct sysentvec elf32_freebsd_sysvec; 67extern struct sysentvec elf64_freebsd_sysvec; 68 69static d_close_t filemon_close; 70static d_ioctl_t filemon_ioctl; 71static d_open_t filemon_open; 72static int filemon_unload(void); 73static void filemon_load(void *); 74 75static struct cdevsw filemon_cdevsw = { 76 .d_version = D_VERSION, 77 .d_close = filemon_close, 78 .d_ioctl = filemon_ioctl, 79 .d_open = filemon_open, 80 .d_name = "filemon", 81}; 82 83MALLOC_DECLARE(M_FILEMON); 84MALLOC_DEFINE(M_FILEMON, "filemon", "File access monitor"); 85 86struct filemon { 87 TAILQ_ENTRY(filemon) link; /* Link into the in-use list. */ 88 struct mtx mtx; /* Lock mutex for this filemon. */ 89 struct cv cv; /* Lock condition variable for this 90 filemon. */ 91 struct file *fp; /* Output file pointer. */ 92 struct thread *locker; /* Ptr to the thread locking this 93 filemon. */ 94 pid_t pid; /* The process ID being monitored. */ 95 char fname1[MAXPATHLEN]; /* Temporary filename buffer. */ 96 char fname2[MAXPATHLEN]; /* Temporary filename buffer. */ 97 char msgbufr[1024]; /* Output message buffer. */ 98}; 99 100static TAILQ_HEAD(, filemon) filemons_inuse = TAILQ_HEAD_INITIALIZER(filemons_inuse); 101static TAILQ_HEAD(, filemon) filemons_free = TAILQ_HEAD_INITIALIZER(filemons_free); 102static int n_readers = 0; 103static struct mtx access_mtx; 104static struct cv access_cv; 105static struct thread *access_owner = NULL; 106static struct thread *access_requester = NULL; 107 108#if __FreeBSD_version < 701000 109static struct clonedevs *filemon_clones; 110static eventhandler_tag eh_tag; 111#else 112static struct cdev *filemon_dev; 113#endif 114 115#include "filemon_lock.c" 116#include "filemon_wrapper.c" 117 118#if __FreeBSD_version < 701000 119static void 120filemon_clone(void *arg, struct ucred *cred, char *name, int namelen, 121 struct cdev **dev) 122{ 123 int u = -1; 124 size_t len; 125 126 if (*dev != NULL) 127 return; 128 129 len = strlen(name); 130 131 if (len != 7) 132 return; 133 134 if (bcmp(name,"filemon", 7) != 0) 135 return; 136 137 /* Clone the device to the new minor number. */ 138 if (clone_create(&filemon_clones, &filemon_cdevsw, &u, dev, 0) != 0) 139 /* Create the /dev/filemonNN entry. */ 140 *dev = make_dev_cred(&filemon_cdevsw, u, cred, UID_ROOT, 141 GID_WHEEL, 0666, "filemon%d", u); 142 if (*dev != NULL) { 143 dev_ref(*dev); 144 (*dev)->si_flags |= SI_CHEAPCLONE; 145 } 146} 147#endif 148 149static void 150filemon_dtr(void *data) 151{ 152 struct filemon *filemon = data; 153 154 if (filemon != NULL) { 155 struct file *fp = filemon->fp; 156 157 /* Get exclusive write access. */ 158 filemon_lock_write(); 159 160 /* Remove from the in-use list. */ 161 TAILQ_REMOVE(&filemons_inuse, filemon, link); 162 163 filemon->fp = NULL; 164 filemon->pid = -1; 165 166 /* Add to the free list. */ 167 TAILQ_INSERT_TAIL(&filemons_free, filemon, link); 168 169 /* Give up write access. */ 170 filemon_unlock_write(); 171 172 if (fp != NULL) 173 fdrop(fp, curthread); 174 } 175} 176 177static int 178filemon_ioctl(struct cdev *dev, u_long cmd, caddr_t data, int flag __unused, 179 struct thread *td) 180{ 181 int error = 0; 182 struct filemon *filemon; 183 struct proc *p; 184 185#if __FreeBSD_version < 701000 186 filemon = dev->si_drv1; 187#else 188 devfs_get_cdevpriv((void **) &filemon); 189#endif 190 191 switch (cmd) { 192 /* Set the output file descriptor. */ 193 case FILEMON_SET_FD: 194#if __FreeBSD_version < 900041 195#define FGET_WRITE(a1, a2, a3) fget_write((a1), (a2), (a3)) 196#else 197#define FGET_WRITE(a1, a2, a3) fget_write((a1), (a2), CAP_WRITE | CAP_SEEK, (a3)) 198#endif 199 if ((error = FGET_WRITE(td, *(int *)data, &filemon->fp)) == 0) 200 /* Write the file header. */ 201 filemon_comment(filemon); 202 break; 203 204 /* Set the monitored process ID. */ 205 case FILEMON_SET_PID: 206 error = pget(*((pid_t *)data), PGET_CANDEBUG | PGET_NOTWEXIT, 207 &p); 208 if (error == 0) { 209 filemon->pid = p->p_pid; 210 PROC_UNLOCK(p); 211 } 212 break; 213 214 default: 215 error = EINVAL; 216 break; 217 } 218 219 return (error); 220} 221 222static int 223filemon_open(struct cdev *dev, int oflags __unused, int devtype __unused, 224 struct thread *td __unused) 225{ 226 struct filemon *filemon; 227 228 /* Get exclusive write access. */ 229 filemon_lock_write(); 230 231 if ((filemon = TAILQ_FIRST(&filemons_free)) != NULL) 232 TAILQ_REMOVE(&filemons_free, filemon, link); 233 234 /* Give up write access. */ 235 filemon_unlock_write(); 236 237 if (filemon == NULL) { 238 filemon = malloc(sizeof(struct filemon), M_FILEMON, 239 M_WAITOK | M_ZERO); 240 241 filemon->fp = NULL; 242 243 mtx_init(&filemon->mtx, "filemon", "filemon", MTX_DEF); 244 cv_init(&filemon->cv, "filemon"); 245 } 246 247 filemon->pid = curproc->p_pid; 248 249#if __FreeBSD_version < 701000 250 dev->si_drv1 = filemon; 251#else 252 devfs_set_cdevpriv(filemon, filemon_dtr); 253#endif 254 255 /* Get exclusive write access. */ 256 filemon_lock_write(); 257 258 /* Add to the in-use list. */ 259 TAILQ_INSERT_TAIL(&filemons_inuse, filemon, link); 260 261 /* Give up write access. */ 262 filemon_unlock_write(); 263 264 return (0); 265} 266 267static int 268filemon_close(struct cdev *dev __unused, int flag __unused, int fmt __unused, 269 struct thread *td __unused) 270{ 271#if __FreeBSD_version < 701000 272 filemon_dtr(dev->si_drv1); 273 274 dev->si_drv1 = NULL; 275 276 /* Schedule this cloned device to be destroyed. */ 277 destroy_dev_sched(dev); 278#endif 279 280 return (0); 281} 282 283static void 284filemon_load(void *dummy __unused) 285{ 286 mtx_init(&access_mtx, "filemon", "filemon", MTX_DEF); 287 cv_init(&access_cv, "filemon"); 288 289 /* Install the syscall wrappers. */ 290 filemon_wrapper_install(); 291 292#if __FreeBSD_version < 701000 293 /* Enable device cloning. */ 294 clone_setup(&filemon_clones); 295 296 /* Setup device cloning events. */ 297 eh_tag = EVENTHANDLER_REGISTER(dev_clone, filemon_clone, 0, 1000); 298#else 299 filemon_dev = make_dev(&filemon_cdevsw, 0, UID_ROOT, GID_WHEEL, 0666, 300 "filemon"); 301#endif 302} 303 304static int 305filemon_unload(void) 306{ 307 struct filemon *filemon; 308 int error = 0; 309 310 /* Get exclusive write access. */ 311 filemon_lock_write(); 312 313 if (TAILQ_FIRST(&filemons_inuse) != NULL) 314 error = EBUSY; 315 else { 316#if __FreeBSD_version >= 701000 317 destroy_dev(filemon_dev); 318#endif 319 320 /* Deinstall the syscall wrappers. */ 321 filemon_wrapper_deinstall(); 322 } 323 324 /* Give up write access. */ 325 filemon_unlock_write(); 326 327 if (error == 0) { 328#if __FreeBSD_version < 701000 329 /* 330 * Check if there is still an event handler callback registered. 331 */ 332 if (eh_tag != 0) { 333 /* De-register the device cloning event handler. */ 334 EVENTHANDLER_DEREGISTER(dev_clone, eh_tag); 335 eh_tag = 0; 336 337 /* Stop device cloning. */ 338 clone_cleanup(&filemon_clones); 339 } 340#endif 341 /* free() filemon structs free list. */ 342 filemon_lock_write(); 343 while ((filemon = TAILQ_FIRST(&filemons_free)) != NULL) { 344 TAILQ_REMOVE(&filemons_free, filemon, link); 345 mtx_destroy(&filemon->mtx); 346 cv_destroy(&filemon->cv); 347 free(filemon, M_FILEMON); 348 } 349 filemon_unlock_write(); 350 351 mtx_destroy(&access_mtx); 352 cv_destroy(&access_cv); 353 } 354 355 return (error); 356} 357 358static int 359filemon_modevent(module_t mod __unused, int type, void *data) 360{ 361 int error = 0; 362 363 switch (type) { 364 case MOD_LOAD: 365 filemon_load(data); 366 break; 367 368 case MOD_UNLOAD: 369 error = filemon_unload(); 370 break; 371 372 case MOD_SHUTDOWN: 373 break; 374 375 default: 376 error = EOPNOTSUPP; 377 break; 378 379 } 380 381 return (error); 382} 383 384DEV_MODULE(filemon, filemon_modevent, NULL); 385MODULE_VERSION(filemon, 1); 386