1 #include <linux/module.h>
2 #include <linux/moduleparam.h>
3 #include <linux/types.h>
4 #include <linux/kernel.h>
5 #include <linux/version.h>
6 #include <linux/fs_struct.h>
9 #include <linux/reboot.h>
10 #include <linux/delay.h>
11 #include <linux/proc_fs.h>
12 #include <asm/uaccess.h>
13 #include <linux/sysrq.h>
14 #include <linux/timer.h>
15 #include <linux/time.h>
16 #include <linux/lglock.h>
17 #include <linux/init.h>
18 #include <linux/idr.h>
19 #include <linux/namei.h>
20 #include <linux/bitops.h>
21 #include <linux/mount.h>
22 #include <linux/dcache.h>
23 #include <linux/spinlock.h>
24 #include <linux/completion.h>
25 #include <linux/sched.h>
26 #include <linux/seq_file.h>
27 #include <linux/kprobes.h>
28 #include <linux/kallsyms.h>
29 #include <linux/nsproxy.h>
31 #include <linux/magic.h>
32 #include <linux/slab.h>
33 #include <linux/module.h> /* Specifically, a module */
34 #include <linux/kernel.h> /* We're doing kernel work */
35 #include <linux/proc_fs.h> /* Necessary because we use the proc fs */
37 #define VERSION_STR "0.0.1"
40 #error "This code does not support your architecture"
43 static char *aclpath = "procprotect";
45 static struct qstr aclqpath;
47 module_param(aclpath, charp, 0);
48 MODULE_PARM_DESC(aclpath, "Root of directory that stores acl tags for /proc files.");
50 MODULE_AUTHOR("Sapan Bhatia <sapanb@cs.princeton.edu>");
51 MODULE_DESCRIPTION("Lightweight ACLs for /proc.");
52 MODULE_LICENSE("GPL");
53 MODULE_VERSION(VERSION_STR);
55 struct procprotect_ctx {
64 struct hlist_node hlist;
68 Added by Guilherme Sperb Machado <gsm@machados.org>
69 According to recent changes in the kernel, the nameidata struct
70 became opaque. So, let's declare it in our implementation.
71 Source: https://github.com/torvalds/linux/commit/1f55a6ec940fb45e3edaa52b6e9fc40cf8e18dcb
77 struct inode *inode; /* path.dentry.d_inode */
82 char *saved_names[MAX_NESTED_LINKS + 1];
85 #define HASH_SIZE (1<<10)
87 struct hlist_head procprotect_hash[HASH_SIZE];
89 struct proc_dir_entry *proc_entry;
91 static int run_acl(unsigned long ino) {
92 struct acl_entry *entry;
93 hlist_for_each_entry_rcu_notrace(entry,
94 &procprotect_hash[ino & (HASH_SIZE-1)],
96 if (entry->ino==ino) {
104 Entry point of intercepted call. We need to do two things here:
105 - Decide if we need the heavier return hook to be called
106 - Save the first argument, which is in a register, for consideration in the return hook
108 static int lookup_fast_entry(struct kretprobe_instance *ri, struct pt_regs *regs) {
110 struct procprotect_ctx *ctx;
111 struct nameidata *nd = (struct nameidata *) regs->di;
112 struct dentry *parent;
113 struct inode *pinode;
116 parent = nd->path.dentry;
118 if (!parent) return ret;
119 pinode = parent->d_inode;
121 if (!pinode || !pinode->i_sb || !current || !current->nsproxy) return ret;
123 if (pinode->i_sb->s_magic == PROC_SUPER_MAGIC
124 && current->nsproxy->mnt_ns!=init_task.nsproxy->mnt_ns) {
125 ctx = (struct procprotect_ctx *) ri->data;
126 ctx->inode = (struct inode **)regs->dx;
127 ctx->flags = nd->flags;
134 /* The entry hook ensures that the return hook is only called for
139 static int lookup_fast_ret(struct kretprobe_instance *ri, struct pt_regs *regs)
141 struct procprotect_ctx *ctx = (struct procprotect_ctx *) ri->data;
145 /* The kernel is going to honor the request. Here's where we step in */
146 struct inode *inode = *(ctx->inode);
147 if (!run_acl(inode->i_ino)) {
156 static int lookup_slow_entry(struct kretprobe_instance *ri, struct pt_regs *regs) {
158 struct procprotect_ctx *ctx;
159 struct nameidata *nd = (struct nameidata *) regs->di;
160 struct path *p = (struct path *) regs->si;
161 struct dentry *parent;
162 struct inode *pinode;
165 parent = nd->path.dentry;
166 if (!parent) return ret;
167 pinode= parent->d_inode;
169 if (pinode->i_sb->s_magic == PROC_SUPER_MAGIC
170 && current->nsproxy->mnt_ns!=init_task.nsproxy->mnt_ns) {
172 ctx = (struct procprotect_ctx *) ri->data;
174 ctx->flags = nd->flags;
182 /* The entry hook ensures that the return hook is only called for
185 /*static int print_once = 0;*/
187 static int lookup_slow_ret(struct kretprobe_instance *ri, struct pt_regs *regs)
189 struct procprotect_ctx *ctx;
193 if (!ri || !ri->data) {return 0;}
194 ctx = (struct procprotect_ctx *) ri->data;
199 struct path *p = ctx->path;
200 if (!p || !p->dentry || !p->dentry->d_inode /* This last check was responsible for the f18 bug*/) {
203 inode = p->dentry->d_inode;
204 if (!run_acl(inode->i_ino)) {
219 static struct file *do_last_probe(struct nameidata *nd, struct path *path, struct file *file,
220 struct open_flags *op, const char *pathname) {
221 struct dentry *parent = nd->path.dentry;
222 struct inode *pinode = parent->d_inode;
223 /*struct qstr *q = &nd->last;*/
226 if (pinode->i_sb->s_magic == PROC_SUPER_MAGIC && current->nsproxy->mnt_ns!=init_task.nsproxy->mnt_ns) {
227 /*if (!strncmp(q->name,"sysrq-trigger",13)) {
228 printk(KERN_CRIT "do_last sysrqtrigger: %d",op->open_flag);
230 op->open_flag &= ~O_CREAT;
236 static struct jprobe dolast_probe = {
237 .entry = do_last_probe
240 static struct kretprobe fast_probe = {
241 .entry_handler = lookup_fast_entry,
242 .handler = lookup_fast_ret,
244 .data_size = sizeof(struct procprotect_ctx)
247 static struct kretprobe slow_probe = {
248 .entry_handler = lookup_slow_entry,
249 .handler = lookup_slow_ret,
251 .data_size = sizeof(struct procprotect_ctx)
256 static int init_probes(void) {
258 dolast_probe.kp.addr =
259 (kprobe_opcode_t *) kallsyms_lookup_name("do_last");
261 if (!dolast_probe.kp.addr) {
262 printk("Couldn't find %s to plant kretprobe\n", "do_last");
266 if ((ret = register_jprobe(&dolast_probe)) <0) {
267 printk("register_jprobe failed, returned %u\n", ret);
271 (kprobe_opcode_t *) kallsyms_lookup_name("lookup_fast");
273 if (!fast_probe.kp.addr) {
274 printk("Couldn't find %s to plant kretprobe\n", "lookup_fast");
279 (kprobe_opcode_t *) kallsyms_lookup_name("lookup_slow");
281 if (!slow_probe.kp.addr) {
282 printk("Couldn't find %s to plant kretprobe\n", "lookup_slow");
286 if ((ret = register_kretprobe(&fast_probe)) <0) {
287 printk("register_kretprobe failed, returned %d\n", ret);
291 printk("Planted kretprobe at %p, handler addr %p\n",
292 fast_probe.kp.addr, fast_probe.handler);
294 if ((ret = register_kretprobe(&slow_probe)) <0) {
295 printk("register_kretprobe failed, returned %d\n", ret);
298 printk("Planted kretprobe at %p, handler addr %p\n",
299 slow_probe.kp.addr, slow_probe.handler);
303 static void add_entry(char *pathname) {
305 if (kern_path(pathname, 0, &path)) {
306 printk(KERN_CRIT "Path lookup failed for %s",pathname);
309 unsigned int ino = path.dentry->d_inode->i_ino;
310 struct acl_entry *entry;
311 entry = kmalloc(GFP_KERNEL, sizeof(struct acl_entry));
315 printk(KERN_CRIT "Could not allocate memory for %s",pathname);
319 hlist_add_head_rcu(&entry->hlist,&procprotect_hash[ino&(HASH_SIZE-1)]);
320 printk(KERN_CRIT "Added inode %u",ino);
323 printk(KERN_CRIT "Did not add inode %u, already in list", ino);
331 static void __exit procprotect_exit(void)
333 struct acl_entry *entry;
336 unregister_kretprobe(&fast_probe);
337 unregister_kretprobe(&slow_probe);
338 unregister_jprobe(&dolast_probe);
340 for (i=0;i<HASH_SIZE;i++) {
341 hlist_for_each_entry_rcu(entry,
342 &procprotect_hash[i],
348 remove_proc_entry("procprotect",NULL);
349 printk("Procprotect: Stopped procprotect.\n");
354 ssize_t procfile_write(struct file *file, const char *buffer, size_t count, loff_t *data) {
356 pathname = (char *) kmalloc(count, GFP_KERNEL);
359 printk(KERN_CRIT "Could not allocate memory for pathname buffer");
363 if (current->nsproxy->mnt_ns!=init_task.nsproxy->mnt_ns)
366 if (copy_from_user(pathname, buffer, count)) {
369 if (count && (pathname[count-1]==10 || pathname[count-1]==13)) {
370 pathname[count-1]='\0';
373 pathname[count]='\0';
379 if (init_probes()==-1)
380 printk(KERN_CRIT "Could not install procprotect probes. Reload module to retry.");
382 printk(KERN_CRIT "Length of buffer=%d",(int)strlen(pathname));
387 static const struct file_operations procprotect_fops = {
388 .owner = THIS_MODULE,
389 .write = procfile_write
393 static int __init procprotect_init(void)
398 printk("Procprotect: starting procprotect version %s with ACLs at path %s.\n",
399 VERSION_STR, aclpath);
401 for(i=0;i<HASH_SIZE;i++) {
402 INIT_HLIST_HEAD(&procprotect_hash[i]);
405 aclqpath.name = aclpath;
406 aclqpath.len = strnlen(aclpath, PATH_MAX);
408 proc_entry = proc_create("procprotect", 0644, NULL, &procprotect_fops);
415 module_init(procprotect_init);
416 module_exit(procprotect_exit);