2 * Copyright (c) 2011, David E. O'Brien.
3 * Copyright (c) 2009-2011, Juniper Networks, Inc.
4 * Copyright (c) 2015, EMC Corp.
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * THIS SOFTWARE IS PROVIDED BY JUNIPER NETWORKS AND CONTRIBUTORS ``AS IS'' AND
17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 * ARE DISCLAIMED. IN NO EVENT SHALL JUNIPER NETWORKS OR CONTRIBUTORS BE LIABLE
20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 #include <sys/cdefs.h>
30 __FBSDID("$FreeBSD$");
32 #include "opt_compat.h"
34 #include <sys/param.h>
36 #include <sys/systm.h>
38 #include <sys/condvar.h>
40 #include <sys/fcntl.h>
41 #include <sys/ioccom.h>
42 #include <sys/kernel.h>
44 #include <sys/malloc.h>
45 #include <sys/module.h>
48 #include <sys/queue.h>
50 #include <sys/syscall.h>
51 #include <sys/sysent.h>
52 #include <sys/sysproto.h>
55 #if __FreeBSD_version >= 900041
56 #include <sys/capsicum.h>
61 #if defined(COMPAT_IA32) || defined(COMPAT_FREEBSD32) || defined(COMPAT_ARCH32)
62 #include <compat/freebsd32/freebsd32_syscall.h>
63 #include <compat/freebsd32/freebsd32_proto.h>
65 extern struct sysentvec ia32_freebsd_sysvec;
68 extern struct sysentvec elf32_freebsd_sysvec;
69 extern struct sysentvec elf64_freebsd_sysvec;
71 static d_close_t filemon_close;
72 static d_ioctl_t filemon_ioctl;
73 static d_open_t filemon_open;
74 static int filemon_unload(void);
75 static void filemon_load(void *);
77 static struct cdevsw filemon_cdevsw = {
78 .d_version = D_VERSION,
79 .d_close = filemon_close,
80 .d_ioctl = filemon_ioctl,
81 .d_open = filemon_open,
85 MALLOC_DECLARE(M_FILEMON);
86 MALLOC_DEFINE(M_FILEMON, "filemon", "File access monitor");
89 TAILQ_ENTRY(filemon) link; /* Link into the in-use list. */
90 struct sx lock; /* Lock mutex for this filemon. */
91 struct file *fp; /* Output file pointer. */
92 struct proc *p; /* The process being monitored. */
93 char fname1[MAXPATHLEN]; /* Temporary filename buffer. */
94 char fname2[MAXPATHLEN]; /* Temporary filename buffer. */
95 char msgbufr[1024]; /* Output message buffer. */
98 static TAILQ_HEAD(, filemon) filemons_inuse = TAILQ_HEAD_INITIALIZER(filemons_inuse);
99 static TAILQ_HEAD(, filemon) filemons_free = TAILQ_HEAD_INITIALIZER(filemons_free);
100 static struct sx access_lock;
102 static struct cdev *filemon_dev;
104 #include "filemon_lock.c"
105 #include "filemon_wrapper.c"
108 filemon_comment(struct filemon *filemon)
115 len = snprintf(filemon->msgbufr, sizeof(filemon->msgbufr),
116 "# filemon version %d\n# Target pid %d\n# Start %ju.%06ju\nV %d\n",
117 FILEMON_VERSION, curproc->p_pid, (uintmax_t)now.tv_sec,
118 (uintmax_t)now.tv_usec, FILEMON_VERSION);
120 filemon_output(filemon, filemon->msgbufr, len);
124 filemon_dtr(void *data)
126 struct filemon *filemon = data;
128 if (filemon != NULL) {
131 /* Follow same locking order as filemon_pid_check. */
132 filemon_lock_write();
133 filemon_filemon_lock(filemon);
135 /* Remove from the in-use list. */
136 TAILQ_REMOVE(&filemons_inuse, filemon, link);
142 /* Add to the free list. */
143 TAILQ_INSERT_TAIL(&filemons_free, filemon, link);
145 /* Give up write access. */
146 filemon_filemon_unlock(filemon);
147 filemon_unlock_write();
150 fdrop(fp, curthread);
155 filemon_ioctl(struct cdev *dev, u_long cmd, caddr_t data, int flag __unused,
159 struct filemon *filemon;
161 #if __FreeBSD_version >= 900041
165 if ((error = devfs_get_cdevpriv((void **) &filemon)) != 0)
168 filemon_filemon_lock(filemon);
171 /* Set the output file descriptor. */
173 if (filemon->fp != NULL)
174 fdrop(filemon->fp, td);
176 error = fget_write(td, *(int *)data,
177 #if __FreeBSD_version >= 900041
178 cap_rights_init(&rights, CAP_PWRITE),
182 /* Write the file header. */
183 filemon_comment(filemon);
186 /* Set the monitored process ID. */
187 case FILEMON_SET_PID:
188 error = pget(*((pid_t *)data), PGET_CANDEBUG | PGET_NOTWEXIT,
201 filemon_filemon_unlock(filemon);
206 filemon_open(struct cdev *dev, int oflags __unused, int devtype __unused,
207 struct thread *td __unused)
209 struct filemon *filemon;
211 /* Get exclusive write access. */
212 filemon_lock_write();
214 if ((filemon = TAILQ_FIRST(&filemons_free)) != NULL)
215 TAILQ_REMOVE(&filemons_free, filemon, link);
217 /* Give up write access. */
218 filemon_unlock_write();
220 if (filemon == NULL) {
221 filemon = malloc(sizeof(struct filemon), M_FILEMON,
223 sx_init(&filemon->lock, "filemon");
226 devfs_set_cdevpriv(filemon, filemon_dtr);
228 /* Get exclusive write access. */
229 filemon_lock_write();
231 /* Add to the in-use list. */
232 TAILQ_INSERT_TAIL(&filemons_inuse, filemon, link);
234 /* Give up write access. */
235 filemon_unlock_write();
241 filemon_close(struct cdev *dev __unused, int flag __unused, int fmt __unused,
242 struct thread *td __unused)
249 filemon_load(void *dummy __unused)
251 sx_init(&access_lock, "filemons_inuse");
253 /* Install the syscall wrappers. */
254 filemon_wrapper_install();
256 filemon_dev = make_dev(&filemon_cdevsw, 0, UID_ROOT, GID_WHEEL, 0666,
263 struct filemon *filemon;
266 /* Get exclusive write access. */
267 filemon_lock_write();
269 if (TAILQ_FIRST(&filemons_inuse) != NULL)
272 destroy_dev(filemon_dev);
274 /* Deinstall the syscall wrappers. */
275 filemon_wrapper_deinstall();
278 /* Give up write access. */
279 filemon_unlock_write();
282 /* free() filemon structs free list. */
283 filemon_lock_write();
284 while ((filemon = TAILQ_FIRST(&filemons_free)) != NULL) {
285 TAILQ_REMOVE(&filemons_free, filemon, link);
286 sx_destroy(&filemon->lock);
287 free(filemon, M_FILEMON);
289 filemon_unlock_write();
291 sx_destroy(&access_lock);
298 filemon_modevent(module_t mod __unused, int type, void *data)
308 error = filemon_unload();
323 DEV_MODULE(filemon, filemon_modevent, NULL);
324 MODULE_VERSION(filemon, 1);