1/*-
2 * Copyright (c) 2011, David E. O'Brien.
3 * Copyright (c) 2009-2011, Juniper Networks, Inc.
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 * 1. Redistributions of source code must retain the above copyright
10 *    notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 *    notice, this list of conditions and the following disclaimer in the
13 *    documentation and/or other materials provided with the distribution.
14 *
15 * THIS SOFTWARE IS PROVIDED BY JUNIPER NETWORKS AND CONTRIBUTORS ``AS IS'' AND
16 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18 * ARE DISCLAIMED. IN NO EVENT SHALL JUNIPER NETWORKS OR CONTRIBUTORS BE LIABLE
19 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25 * SUCH DAMAGE.
26 */
27
28#include <sys/cdefs.h>
29__FBSDID("$FreeBSD$");
30
31#include "opt_compat.h"
32
33#include <sys/param.h>
34#include <sys/file.h>
35#include <sys/systm.h>
36#include <sys/buf.h>
37#include <sys/condvar.h>
38#include <sys/conf.h>
39#include <sys/fcntl.h>
40#include <sys/ioccom.h>
41#include <sys/kernel.h>
42#include <sys/malloc.h>
43#include <sys/module.h>
44#include <sys/mutex.h>
45#include <sys/poll.h>
46#include <sys/proc.h>
47#include <sys/queue.h>
48#include <sys/syscall.h>
49#include <sys/sysent.h>
50#include <sys/sysproto.h>
51#include <sys/uio.h>
52
53#if __FreeBSD_version >= 900041
54#include <sys/capability.h>
55#endif
56
57#include "filemon.h"
58
59#if defined(COMPAT_IA32) || defined(COMPAT_FREEBSD32) || defined(COMPAT_ARCH32)
60#include <compat/freebsd32/freebsd32_syscall.h>
61#include <compat/freebsd32/freebsd32_proto.h>
62
63extern struct sysentvec ia32_freebsd_sysvec;
64#endif
65
66extern struct sysentvec elf32_freebsd_sysvec;
67extern struct sysentvec elf64_freebsd_sysvec;
68
69static d_close_t	filemon_close;
70static d_ioctl_t	filemon_ioctl;
71static d_open_t		filemon_open;
72static int		filemon_unload(void);
73static void		filemon_load(void *);
74
75static struct cdevsw filemon_cdevsw = {
76	.d_version	= D_VERSION,
77	.d_close	= filemon_close,
78	.d_ioctl	= filemon_ioctl,
79	.d_open		= filemon_open,
80	.d_name		= "filemon",
81};
82
83MALLOC_DECLARE(M_FILEMON);
84MALLOC_DEFINE(M_FILEMON, "filemon", "File access monitor");
85
86struct filemon {
87	TAILQ_ENTRY(filemon) link;	/* Link into the in-use list. */
88	struct mtx	mtx;		/* Lock mutex for this filemon. */
89	struct cv	cv;		/* Lock condition variable for this
90					   filemon. */
91	struct file	*fp;		/* Output file pointer. */
92	struct thread	*locker;	/* Ptr to the thread locking this
93					   filemon. */
94	pid_t		pid;		/* The process ID being monitored. */
95	char		fname1[MAXPATHLEN]; /* Temporary filename buffer. */
96	char		fname2[MAXPATHLEN]; /* Temporary filename buffer. */
97	char		msgbufr[1024];	/* Output message buffer. */
98};
99
100static TAILQ_HEAD(, filemon) filemons_inuse = TAILQ_HEAD_INITIALIZER(filemons_inuse);
101static TAILQ_HEAD(, filemon) filemons_free = TAILQ_HEAD_INITIALIZER(filemons_free);
102static int n_readers = 0;
103static struct mtx access_mtx;
104static struct cv access_cv;
105static struct thread *access_owner = NULL;
106static struct thread *access_requester = NULL;
107
108#if __FreeBSD_version < 701000
109static struct clonedevs *filemon_clones;
110static eventhandler_tag	eh_tag;
111#else
112static struct cdev *filemon_dev;
113#endif
114
115#include "filemon_lock.c"
116#include "filemon_wrapper.c"
117
118#if __FreeBSD_version < 701000
119static void
120filemon_clone(void *arg, struct ucred *cred, char *name, int namelen,
121    struct cdev **dev)
122{
123	int u = -1;
124	size_t len;
125
126	if (*dev != NULL)
127		return;
128
129	len = strlen(name);
130
131	if (len != 7)
132		return;
133
134	if (bcmp(name,"filemon", 7) != 0)
135		return;
136
137	/* Clone the device to the new minor number. */
138	if (clone_create(&filemon_clones, &filemon_cdevsw, &u, dev, 0) != 0)
139		/* Create the /dev/filemonNN entry. */
140		*dev = make_dev_cred(&filemon_cdevsw, u, cred, UID_ROOT,
141		    GID_WHEEL, 0666, "filemon%d", u);
142	if (*dev != NULL) {
143		dev_ref(*dev);
144		(*dev)->si_flags |= SI_CHEAPCLONE;
145	}
146}
147#endif
148
149static void
150filemon_dtr(void *data)
151{
152	struct filemon *filemon = data;
153
154	if (filemon != NULL) {
155		struct file *fp = filemon->fp;
156
157		/* Get exclusive write access. */
158		filemon_lock_write();
159
160		/* Remove from the in-use list. */
161		TAILQ_REMOVE(&filemons_inuse, filemon, link);
162
163		filemon->fp = NULL;
164		filemon->pid = -1;
165
166		/* Add to the free list. */
167		TAILQ_INSERT_TAIL(&filemons_free, filemon, link);
168
169		/* Give up write access. */
170		filemon_unlock_write();
171
172		if (fp != NULL)
173			fdrop(fp, curthread);
174	}
175}
176
177static int
178filemon_ioctl(struct cdev *dev, u_long cmd, caddr_t data, int flag __unused,
179    struct thread *td)
180{
181	int error = 0;
182	struct filemon *filemon;
183	struct proc *p;
184
185#if __FreeBSD_version < 701000
186	filemon = dev->si_drv1;
187#else
188	devfs_get_cdevpriv((void **) &filemon);
189#endif
190
191	switch (cmd) {
192	/* Set the output file descriptor. */
193	case FILEMON_SET_FD:
194#if __FreeBSD_version < 900041
195#define FGET_WRITE(a1, a2, a3) fget_write((a1), (a2), (a3))
196#else
197#define FGET_WRITE(a1, a2, a3) fget_write((a1), (a2), CAP_WRITE | CAP_SEEK, (a3))
198#endif
199		if ((error = FGET_WRITE(td, *(int *)data, &filemon->fp)) == 0)
200			/* Write the file header. */
201			filemon_comment(filemon);
202		break;
203
204	/* Set the monitored process ID. */
205	case FILEMON_SET_PID:
206		error = pget(*((pid_t *)data), PGET_CANDEBUG | PGET_NOTWEXIT,
207		    &p);
208		if (error == 0) {
209			filemon->pid = p->p_pid;
210			PROC_UNLOCK(p);
211		}
212		break;
213
214	default:
215		error = EINVAL;
216		break;
217	}
218
219	return (error);
220}
221
222static int
223filemon_open(struct cdev *dev, int oflags __unused, int devtype __unused,
224    struct thread *td __unused)
225{
226	struct filemon *filemon;
227
228	/* Get exclusive write access. */
229	filemon_lock_write();
230
231	if ((filemon = TAILQ_FIRST(&filemons_free)) != NULL)
232		TAILQ_REMOVE(&filemons_free, filemon, link);
233
234	/* Give up write access. */
235	filemon_unlock_write();
236
237	if (filemon == NULL) {
238		filemon = malloc(sizeof(struct filemon), M_FILEMON,
239		    M_WAITOK | M_ZERO);
240
241		filemon->fp = NULL;
242
243		mtx_init(&filemon->mtx, "filemon", "filemon", MTX_DEF);
244		cv_init(&filemon->cv, "filemon");
245	}
246
247	filemon->pid = curproc->p_pid;
248
249#if __FreeBSD_version < 701000
250	dev->si_drv1 = filemon;
251#else
252	devfs_set_cdevpriv(filemon, filemon_dtr);
253#endif
254
255	/* Get exclusive write access. */
256	filemon_lock_write();
257
258	/* Add to the in-use list. */
259	TAILQ_INSERT_TAIL(&filemons_inuse, filemon, link);
260
261	/* Give up write access. */
262	filemon_unlock_write();
263
264	return (0);
265}
266
267static int
268filemon_close(struct cdev *dev __unused, int flag __unused, int fmt __unused,
269    struct thread *td __unused)
270{
271#if __FreeBSD_version < 701000
272	filemon_dtr(dev->si_drv1);
273
274	dev->si_drv1 = NULL;
275
276	/* Schedule this cloned device to be destroyed. */
277	destroy_dev_sched(dev);
278#endif
279
280	return (0);
281}
282
283static void
284filemon_load(void *dummy __unused)
285{
286	mtx_init(&access_mtx, "filemon", "filemon", MTX_DEF);
287	cv_init(&access_cv, "filemon");
288
289	/* Install the syscall wrappers. */
290	filemon_wrapper_install();
291
292#if __FreeBSD_version < 701000
293	/* Enable device cloning. */
294	clone_setup(&filemon_clones);
295
296	/* Setup device cloning events. */
297	eh_tag = EVENTHANDLER_REGISTER(dev_clone, filemon_clone, 0, 1000);
298#else
299	filemon_dev = make_dev(&filemon_cdevsw, 0, UID_ROOT, GID_WHEEL, 0666,
300	    "filemon");
301#endif
302}
303
304static int
305filemon_unload(void)
306{
307 	struct filemon *filemon;
308	int error = 0;
309
310	/* Get exclusive write access. */
311	filemon_lock_write();
312
313	if (TAILQ_FIRST(&filemons_inuse) != NULL)
314		error = EBUSY;
315	else {
316#if __FreeBSD_version >= 701000
317		destroy_dev(filemon_dev);
318#endif
319
320		/* Deinstall the syscall wrappers. */
321		filemon_wrapper_deinstall();
322	}
323
324	/* Give up write access. */
325	filemon_unlock_write();
326
327	if (error == 0) {
328#if __FreeBSD_version < 701000
329		/*
330		 * Check if there is still an event handler callback registered.
331		*/
332		if (eh_tag != 0) {
333			/* De-register the device cloning event handler. */
334			EVENTHANDLER_DEREGISTER(dev_clone, eh_tag);
335			eh_tag = 0;
336
337			/* Stop device cloning. */
338			clone_cleanup(&filemon_clones);
339		}
340#endif
341		/* free() filemon structs free list. */
342		filemon_lock_write();
343		while ((filemon = TAILQ_FIRST(&filemons_free)) != NULL) {
344			TAILQ_REMOVE(&filemons_free, filemon, link);
345			mtx_destroy(&filemon->mtx);
346			cv_destroy(&filemon->cv);
347			free(filemon, M_FILEMON);
348		}
349		filemon_unlock_write();
350
351		mtx_destroy(&access_mtx);
352		cv_destroy(&access_cv);
353	}
354
355	return (error);
356}
357
358static int
359filemon_modevent(module_t mod __unused, int type, void *data)
360{
361	int error = 0;
362
363	switch (type) {
364	case MOD_LOAD:
365		filemon_load(data);
366		break;
367
368	case MOD_UNLOAD:
369		error = filemon_unload();
370		break;
371
372	case MOD_SHUTDOWN:
373		break;
374
375	default:
376		error = EOPNOTSUPP;
377		break;
378
379	}
380
381	return (error);
382}
383
384DEV_MODULE(filemon, filemon_modevent, NULL);
385MODULE_VERSION(filemon, 1);
386