Geforce File Manager

NAME	SIZE	ACTIONS
📁 common		[ DEL ]
📁 ftrace_hooks		[ DEL ]
📁 lsm_hooks		[ DEL ]
📁 syscall_hooks		[ DEL ]
📁 transport		[ DEL ]
📄 Kbuild	10,535 B	[ EDIT ] \| [ DEL ]
📄 Makefile	2,282 B	[ EDIT ] \| [ DEL ]
📄 compat.c	8,577 B	[ EDIT ] \| [ DEL ]
📄 compat.h	12,265 B	[ EDIT ] \| [ DEL ]
📄 debug.h	3,649 B	[ EDIT ] \| [ DEL ]
📄 dkms.conf	146 B	[ EDIT ] \| [ DEL ]
📄 file_contexts.c	54,239 B	[ EDIT ] \| [ DEL ]
📄 file_contexts.h	2,926 B	[ EDIT ] \| [ DEL ]
📄 file_contexts_priv.h	5,463 B	[ EDIT ] \| [ DEL ]
📄 file_handle_tools.h	2,287 B	[ EDIT ] \| [ DEL ]
📄 file_key_tools.h	950 B	[ EDIT ] \| [ DEL ]
📄 file_path_tools.h	2,140 B	[ EDIT ] \| [ DEL ]
📄 hashtable_compat.h	2,798 B	[ EDIT ] \| [ DEL ]
📄 hook_trampoline_common.h	4,395 B	[ EDIT ] \| [ DEL ]
📄 interval_tree.h	779 B	[ EDIT ] \| [ DEL ]
📄 memory.c	3,393 B	[ EDIT ] \| [ DEL ]
📄 memory.h	3,059 B	[ EDIT ] \| [ DEL ]
📄 module.c	2,739 B	[ EDIT ] \| [ DEL ]
📄 module_ref.h	421 B	[ EDIT ] \| [ DEL ]
📄 module_rundown_protection.c	3,731 B	[ EDIT ] \| [ DEL ]
📄 module_rundown_protection.h	743 B	[ EDIT ] \| [ DEL ]
📄 path_tools.h	5,980 B	[ EDIT ] \| [ DEL ]
📄 rundown_protection.c	4,301 B	[ EDIT ] \| [ DEL ]
📄 rundown_protection.h	2,899 B	[ EDIT ] \| [ DEL ]
📄 safe_kobject.h	1,315 B	[ EDIT ] \| [ DEL ]
📄 si_common.h	4,331 B	[ EDIT ] \| [ DEL ]
📄 si_fp_properties.h	858 B	[ EDIT ] \| [ DEL ]
📄 si_fp_properties_x.h	17,177 B	[ EDIT ] \| [ DEL ]
📄 si_fp_value_types.h	515 B	[ EDIT ] \| [ DEL ]
📄 si_fp_value_types_x.h	1,279 B	[ EDIT ] \| [ DEL ]
📄 si_size.h	4,253 B	[ EDIT ] \| [ DEL ]
📄 si_templates.h	2,452 B	[ EDIT ] \| [ DEL ]
📄 si_writer.h	7,101 B	[ EDIT ] \| [ DEL ]
📄 si_writer_common.h	12,561 B	[ EDIT ] \| [ DEL ]
📄 stringify.h	261 B	[ EDIT ] \| [ DEL ]
📄 task_info_map.c	14,965 B	[ EDIT ] \| [ DEL ]
📄 task_info_map.h	6,481 B	[ EDIT ] \| [ DEL ]
📄 task_info_map_common.h	4,248 B	[ EDIT ] \| [ DEL ]
📄 task_tools.h	1,370 B	[ EDIT ] \| [ DEL ]
📄 tracepoints.c	3,668 B	[ EDIT ] \| [ DEL ]
📄 tracepoints.h	299 B	[ EDIT ] \| [ DEL ]
📄 write_protection.h	2,257 B	[ EDIT ] \| [ DEL ]

[ CLOSE ]

EDIT: task_info_map.h

/**
@file
@brief    Process (aka task) info storage
@details  Copyright (c) 2017-2021 Acronis International GmbH
@author   Ivan Matveev (ivan.matveev@acronis.com)
@since    $Id: $
*/

#pragma once

#include "compat.h"
#include "memory.h"
#include "transport_id.h"
#include "transport_protocol.h"

#include <linux/path.h>
#include <linux/rbtree.h>
#include <linux/spinlock.h>
#include <linux/types.h>  // bool

// Per transport context of the task
typedef struct {
	// If pid version of task is changing, MT_EXEC is expected to be sent to the client
	// Under transport spinlock this field is checked against the pid_version of the task_info_t
	uint64_t sent_pid_version;
	uint64_t listening_mask;
} task_context_t;

typedef struct {
	transport_id_t transport_id;
	task_context_t data;
} transport_task_context_t;

typedef struct task_info_s {
	struct rb_node rb_node;

atomic_t ref_cnt;
	spinlock_t spinlock; // protecting exe_file_key, pid_version and artificial_start_time_us

// Used as a primary key in the map currently
	pid_t pid;

// 'pid' might be reused in the system, 'unique_pid' should be unique in the current session
	// generally composed to process start time for boot in seconds in high 32bit + 'pid' in low 32 bits
	uint64_t unique_pid;
	// Saved exe file key to check if exec occured. If it is changed, 'pid_version' should be raised
	file_key_t exe_file_key;
	// 'pid_version' that is raised every time 'exe_file_key' is changed.
	// 'pid_version' reading not requiring spinlock might cause some fuzzyness but it exe_file being updated during syscall
	// will cause the same amount of fuzzyness so it is not a big deal.
	uint64_t pid_version;
	uint64_t artificial_start_time_us;

transport_task_context_t contexts[MAX_TRANSPORT_SIZE];
} task_info_t;

typedef struct task_info_map_s {
	rwlock_t lock;
	struct rb_root root;
	atomic64_t next_pid_version;
} task_info_map_t;

#ifdef __cplusplus
extern "C" {
#endif

// init and deinit for module
int task_info_maps_init(void);
void task_info_maps_init_fail_free(void);
void task_info_maps_deinit(void);
void task_info_maps_clear(void);

// invoked from hooks to get information about the current task group
// Avoid calling this too often, it is recommended to call it once at the start
task_info_t* task_info_map_get(struct task_struct* tsk);
task_info_t* task_info_map_get_by_pid(pid_t pid, uint64_t unique_pid);
task_info_t* task_info_map_get_with_exe(struct task_struct* tsk, const struct path* exe_path);
// nowait variant cannot use 'get_task_exe_file' so 'exe_path' is assumed to be always provided
// exe_path==NULL can be used, in this case file key will be empty on new or not updated
task_info_t* task_info_map_get_with_alloc_flags(struct task_struct* tsk, const struct path* exe_path, bool nowait);

task_info_t *task_info_map_add(pid_t pid, uint64_t unique_pid, const struct path* exe_path, uint64_t start_time_us);
task_info_t *task_info_map_add_with_alloc_flags(pid_t pid, uint64_t unique_pid, const struct path* exe_path, uint64_t start_time_us, bool nowait, bool force_advance_pv);

task_info_t *task_info_lookup(pid_t pid, uint64_t unique_pid);
task_info_t *task_info_get(task_info_t *task_info);
void task_info_put(task_info_t *task_info);
// invoked from exit tracepoint to trigger cleanup
void task_info_map_on_exit_event(struct task_struct* tsk);

// If pid_version==0, it will not be checked
int task_info_set_listening_mask(task_info_t *task_info, transport_id_t id, uint64_t listening_mask, uint64_t pid_version);

// The usual order of checking whether particular event needs to be sent:
// 1. Find task_info using 'task_info_map_get*' variants, refresh in userspace if needed using 'refresh_task'
// 2. Find all the transports that are currently registered and save them in 'transport_ids_t' using 'transport_global_get_ids'.
// 3. Call 'task_info_can_skip', if it returns true, the event can be skipped.
// 4. Compose the event and check for 'task_info_need_to_make_exec_event'. If 'exec' has occured, the EXEC event needs to be composed.
// 5. Under the spinlock for global transport contexts (that is important to ensure ordering), verify that EXEC event indeed needs to be called using 'task_info_wants_exec_event'
// 6. Send exec event that will be guaranteed the first event for the task.

// Checks if current hook can skip the event because it is whitelisted/ignored
// If pid version mismatch occurs for any transport ('task_info_need_to_make_exec_event' path), the event will not be skipped
bool task_info_can_skip(task_info_t *task_info, const transport_ids_t *ids, uint64_t mask);

// Checks if the task_info needs to make an exec event. This happens when at least one transport pid version is mismatched
bool task_info_need_to_make_exec_event(task_info_t *task_info, const transport_ids_t *ids);

// Check if given transport id wants to receive exec event. Will update the pidversion and expected to be called under global transport spinlock
bool task_info_wants_exec_event(task_info_t *task_info, transport_id_t id, uint64_t pid_version_to_be_sent);

static inline uint64_t make_unique_pid(struct task_struct* tsk) {
	// Main goal of this unique pid is to ensure it can be acquired from the userspace in a similar manner
	// This is needed because it is nice to be able to match processes acquired from fanotify and from fileprotector
	// Ideally pidversion should match too but currently there is no good way to do it...
	// Notice that userspace gets the values based on
	uint64_t start_time_10ms;
	if (tsk->group_leader)
		tsk = tsk->group_leader;

// !!! Userspace sees this time in ticks so to have matching upids, it will need to convert ticks to seconds
#ifdef HAVE_TIMESPEC_REAL_START_TIME
	// From ancient times to 3.16
	start_time_10ms = tsk->real_start_time.tv_sec * 100 + tsk->real_start_time.tv_nsec / 10000000;
#else
#ifdef HAVE_REAL_START_TIME
	// From 3.17 to 5.5
	start_time_10ms = tsk->real_start_time / 10000000;
#else
	// From 5.6 to 5.10; from 5.11 to now is using time namespace (timens_add_boottime_ns)
	// but I do not care about it so I use the same code as in 5.6+.
	// Even if 'current' is in a namespace, client service should be
	// still outside of the time ns so it matches the requirement of
	// unique pid being generated the same way from fileprotector and userspace.
	start_time_10ms = tsk->start_boottime / 10000000;
#endif
#endif

return ((uint64_t)(start_time_10ms << 22)) | ((uint64_t) tsk->tgid);
}

#ifdef __cplusplus
}
#endif