2 * Copyright (c) 2011, David E. O'Brien.
3 * Copyright (c) 2009-2011, Juniper Networks, Inc.
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
15 * THIS SOFTWARE IS PROVIDED BY JUNIPER NETWORKS AND CONTRIBUTORS ``AS IS'' AND
16 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18 * ARE DISCLAIMED. IN NO EVENT SHALL JUNIPER NETWORKS OR CONTRIBUTORS BE LIABLE
19 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
28 #include <sys/cdefs.h>
29 __FBSDID("$FreeBSD$");
31 #include "opt_compat.h"
33 #include <sys/param.h>
35 #include <sys/systm.h>
37 #include <sys/condvar.h>
39 #include <sys/fcntl.h>
40 #include <sys/ioccom.h>
41 #include <sys/kernel.h>
42 #include <sys/malloc.h>
43 #include <sys/module.h>
44 #include <sys/mutex.h>
47 #include <sys/queue.h>
48 #include <sys/syscall.h>
49 #include <sys/sysent.h>
50 #include <sys/sysproto.h>
53 #if __FreeBSD_version >= 900041
54 #include <sys/capability.h>
59 #if defined(COMPAT_IA32) || defined(COMPAT_FREEBSD32) || defined(COMPAT_ARCH32)
60 #include <compat/freebsd32/freebsd32_syscall.h>
61 #include <compat/freebsd32/freebsd32_proto.h>
63 extern struct sysentvec ia32_freebsd_sysvec;
66 extern struct sysentvec elf32_freebsd_sysvec;
67 extern struct sysentvec elf64_freebsd_sysvec;
69 static d_close_t filemon_close;
70 static d_ioctl_t filemon_ioctl;
71 static d_open_t filemon_open;
72 static int filemon_unload(void);
73 static void filemon_load(void *);
75 static struct cdevsw filemon_cdevsw = {
76 .d_version = D_VERSION,
77 .d_close = filemon_close,
78 .d_ioctl = filemon_ioctl,
79 .d_open = filemon_open,
83 MALLOC_DECLARE(M_FILEMON);
84 MALLOC_DEFINE(M_FILEMON, "filemon", "File access monitor");
87 TAILQ_ENTRY(filemon) link; /* Link into the in-use list. */
88 struct mtx mtx; /* Lock mutex for this filemon. */
89 struct cv cv; /* Lock condition variable for this
91 struct file *fp; /* Output file pointer. */
92 struct thread *locker; /* Ptr to the thread locking this
94 pid_t pid; /* The process ID being monitored. */
95 char fname1[MAXPATHLEN]; /* Temporary filename buffer. */
96 char fname2[MAXPATHLEN]; /* Temporary filename buffer. */
97 char msgbufr[1024]; /* Output message buffer. */
100 static TAILQ_HEAD(, filemon) filemons_inuse = TAILQ_HEAD_INITIALIZER(filemons_inuse);
101 static TAILQ_HEAD(, filemon) filemons_free = TAILQ_HEAD_INITIALIZER(filemons_free);
102 static int n_readers = 0;
103 static struct mtx access_mtx;
104 static struct cv access_cv;
105 static struct thread *access_owner = NULL;
106 static struct thread *access_requester = NULL;
108 #if __FreeBSD_version < 701000
109 static struct clonedevs *filemon_clones;
110 static eventhandler_tag eh_tag;
112 static struct cdev *filemon_dev;
115 #include "filemon_lock.c"
116 #include "filemon_wrapper.c"
118 #if __FreeBSD_version < 701000
120 filemon_clone(void *arg, struct ucred *cred, char *name, int namelen,
134 if (bcmp(name,"filemon", 7) != 0)
137 /* Clone the device to the new minor number. */
138 if (clone_create(&filemon_clones, &filemon_cdevsw, &u, dev, 0) != 0)
139 /* Create the /dev/filemonNN entry. */
140 *dev = make_dev_cred(&filemon_cdevsw, u, cred, UID_ROOT,
141 GID_WHEEL, 0666, "filemon%d", u);
144 (*dev)->si_flags |= SI_CHEAPCLONE;
150 filemon_dtr(void *data)
152 struct filemon *filemon = data;
154 if (filemon != NULL) {
155 struct file *fp = filemon->fp;
157 /* Get exclusive write access. */
158 filemon_lock_write();
160 /* Remove from the in-use list. */
161 TAILQ_REMOVE(&filemons_inuse, filemon, link);
166 /* Add to the free list. */
167 TAILQ_INSERT_TAIL(&filemons_free, filemon, link);
169 /* Give up write access. */
170 filemon_unlock_write();
173 fdrop(fp, curthread);
178 filemon_ioctl(struct cdev *dev, u_long cmd, caddr_t data, int flag __unused,
182 struct filemon *filemon;
185 #if __FreeBSD_version < 701000
186 filemon = dev->si_drv1;
188 devfs_get_cdevpriv((void **) &filemon);
192 /* Set the output file descriptor. */
194 #if __FreeBSD_version < 900041
195 #define FGET_WRITE(a1, a2, a3) fget_write((a1), (a2), (a3))
197 #define FGET_WRITE(a1, a2, a3) fget_write((a1), (a2), CAP_WRITE | CAP_SEEK, (a3))
199 if ((error = FGET_WRITE(td, *(int *)data, &filemon->fp)) == 0)
200 /* Write the file header. */
201 filemon_comment(filemon);
204 /* Set the monitored process ID. */
205 case FILEMON_SET_PID:
206 error = pget(*((pid_t *)data), PGET_CANDEBUG | PGET_NOTWEXIT,
209 filemon->pid = p->p_pid;
223 filemon_open(struct cdev *dev, int oflags __unused, int devtype __unused,
224 struct thread *td __unused)
226 struct filemon *filemon;
228 /* Get exclusive write access. */
229 filemon_lock_write();
231 if ((filemon = TAILQ_FIRST(&filemons_free)) != NULL)
232 TAILQ_REMOVE(&filemons_free, filemon, link);
234 /* Give up write access. */
235 filemon_unlock_write();
237 if (filemon == NULL) {
238 filemon = malloc(sizeof(struct filemon), M_FILEMON,
243 mtx_init(&filemon->mtx, "filemon", "filemon", MTX_DEF);
244 cv_init(&filemon->cv, "filemon");
247 filemon->pid = curproc->p_pid;
249 #if __FreeBSD_version < 701000
250 dev->si_drv1 = filemon;
252 devfs_set_cdevpriv(filemon, filemon_dtr);
255 /* Get exclusive write access. */
256 filemon_lock_write();
258 /* Add to the in-use list. */
259 TAILQ_INSERT_TAIL(&filemons_inuse, filemon, link);
261 /* Give up write access. */
262 filemon_unlock_write();
268 filemon_close(struct cdev *dev __unused, int flag __unused, int fmt __unused,
269 struct thread *td __unused)
271 #if __FreeBSD_version < 701000
272 filemon_dtr(dev->si_drv1);
276 /* Schedule this cloned device to be destroyed. */
277 destroy_dev_sched(dev);
284 filemon_load(void *dummy __unused)
286 mtx_init(&access_mtx, "filemon", "filemon", MTX_DEF);
287 cv_init(&access_cv, "filemon");
289 /* Install the syscall wrappers. */
290 filemon_wrapper_install();
292 #if __FreeBSD_version < 701000
293 /* Enable device cloning. */
294 clone_setup(&filemon_clones);
296 /* Setup device cloning events. */
297 eh_tag = EVENTHANDLER_REGISTER(dev_clone, filemon_clone, 0, 1000);
299 filemon_dev = make_dev(&filemon_cdevsw, 0, UID_ROOT, GID_WHEEL, 0666,
307 struct filemon *filemon;
310 /* Get exclusive write access. */
311 filemon_lock_write();
313 if (TAILQ_FIRST(&filemons_inuse) != NULL)
316 #if __FreeBSD_version >= 701000
317 destroy_dev(filemon_dev);
320 /* Deinstall the syscall wrappers. */
321 filemon_wrapper_deinstall();
324 /* Give up write access. */
325 filemon_unlock_write();
328 #if __FreeBSD_version < 701000
330 * Check if there is still an event handler callback registered.
333 /* De-register the device cloning event handler. */
334 EVENTHANDLER_DEREGISTER(dev_clone, eh_tag);
337 /* Stop device cloning. */
338 clone_cleanup(&filemon_clones);
341 /* free() filemon structs free list. */
342 filemon_lock_write();
343 while ((filemon = TAILQ_FIRST(&filemons_free)) != NULL) {
344 TAILQ_REMOVE(&filemons_free, filemon, link);
345 mtx_destroy(&filemon->mtx);
346 cv_destroy(&filemon->cv);
347 free(filemon, M_FILEMON);
349 filemon_unlock_write();
351 mtx_destroy(&access_mtx);
352 cv_destroy(&access_cv);
359 filemon_modevent(module_t mod __unused, int type, void *data)
369 error = filemon_unload();
384 DEV_MODULE(filemon, filemon_modevent, NULL);
385 MODULE_VERSION(filemon, 1);