Merge pull request #728 from bytedance/b1_7_file_ref

FIXME: building errors with new kernels after 6.13

Author: driftli

driver/LKM/Makefile

@@ -98,6 +98,10 @@ endif
 ifneq ($(FS_OP_ITERATE_SHARED),)
 ccflags-y += -D SMITH_FS_OP_ITERATE_SHARED
 endif
+FS_FILE_REF := $(shell sh -c "grep -s file_ref_t $(FS_H_FILES)")
+ifneq ($(FS_FILE_REF),)
+ccflags-y += -D SMITH_FS_FILE_REF
+endif
 
 PROCFS_H_FILES := $(shell find -L $(K_I_PATH) -path "*/linux/proc_fs.h") /dev/null
 PROCFS_PDE_DATA := $(shell sh -c "grep -s PDE_DATA $(PROCFS_H_FILES)")

driver/LKM/src/smith_hook.c

@@ -391,6 +391,14 @@ static struct files_struct *smith_get_files_struct(struct task_struct *task)
     return files;
 }
 
+/* only inc f_count when it's not 0 to avoid races upon exe_file */
+#ifdef SMITH_FS_FILE_REF
+#define smith_get_file(x) (file_ref_read(&(x)->f_ref) && \
+                    atomic_long_inc_not_zero(&(x)->f_ref.refcnt))
+#else
+#define smith_get_file(x) atomic_long_inc_not_zero(&(x)->f_count)
+#endif
+
 #ifdef SMITH_HAVE_FCHECK_FILES
 #define smith_lookup_fd          fcheck_files /* < 5.10.220 */
 #else
@@ -410,7 +418,7 @@ static struct file *smith_fget_raw(unsigned int fd)
 	file = smith_lookup_fd(files, fd);
 	if (file) {
 		/* File object ref couldn't be taken */
-		if (!atomic_long_inc_not_zero(&file->f_count))
+		if (!smith_get_file(file))
 			file = NULL;
 	}
 	rcu_read_unlock();
@@ -432,9 +440,6 @@ static char *smith_d_path(const struct path *path, char *buf, int buflen)
     return name;
 }
 
-/* only inc f_count when it's not 0 to avoid races upon exe_file */
-#define smith_get_file(x) atomic_long_inc_not_zero(&(x)->f_count)
-
 /*
  * query task's executable image file, with mmap lock avoided, just because
  * mmput() could lead resched() (since it's calling might_sleep() interally)
@@ -821,15 +826,6 @@ struct execve_data {
     int free_ld_preload;
 };
 
-struct update_cred_data {
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 5, 0)
-    uid_t old_uid;
-#else
-    int old_uid;
-#endif
-};
-
-
 /*
  * Our own implementation of kernel_getsockname and kernel_getpeername,
  * resuing codes logic of kernel inet_getname and inet6_getname.
@@ -3798,45 +3794,36 @@ static int do_init_module_pre_handler(struct kprobe *p, struct pt_regs *regs)
     return 0;
 }
 
-static int update_cred_entry_handler(struct kretprobe_instance *ri,
-                              struct pt_regs *regs)
-{
-    struct update_cred_data *data;
-    data = (struct update_cred_data *)ri->data;
-    data->old_uid = __get_current_uid();
-    return 0;
-}
-
-static int update_cred_handler(struct kretprobe_instance *ri, struct pt_regs *regs)
+static int update_cred_pre_handler(struct kprobe *p, struct pt_regs *regs)
 {
-    int now_uid;
-    int retval;
     char *exe_path = NULL;
     char *buffer = NULL;
     char *pid_tree = NULL;
-    struct update_cred_data *data;
+    struct cred *cred;
+    int new_uid, old_uid;
 
-    now_uid = __get_current_uid();
-    retval = regs_return_value(regs);
+    cred = (void *)p_regs_get_arg1(regs);
+    if (IS_ERR_OR_NULL(cred))
+        return 0;
+
+    new_uid = _XID_VALUE(cred->uid);
+    old_uid = __get_current_uid();
 
-    //only get old uid ≠0 && new uid == 0
-    if (now_uid != 0)
+    // only report if old uid ≠0 && new uid == 0
+    if (new_uid != 0 || old_uid == 0)
         return 0;
 
-    data = (struct update_cred_data *)ri->data;
-    if (data->old_uid != 0) {
-        buffer = smith_kzalloc(PATH_MAX, GFP_ATOMIC);
-        exe_path = smith_get_exe_file(buffer, PATH_MAX);
+    buffer = smith_kzalloc(PATH_MAX, GFP_ATOMIC);
+    exe_path = smith_get_exe_file(buffer, PATH_MAX);
 
-        pid_tree = smith_get_pid_tree(PID_TREE_LIMIT);
-        update_cred_print(exe_path, pid_tree, data->old_uid, retval);
+    pid_tree = smith_get_pid_tree(PID_TREE_LIMIT);
+    update_cred_print(exe_path, pid_tree, old_uid, 0);
 
-        if (buffer)
-            smith_kfree(buffer);
+    if (buffer)
+        smith_kfree(buffer);
+    if (pid_tree)
+        smith_kfree(pid_tree);
 
-        if (pid_tree)
-            smith_kfree(pid_tree);
-    }
     return 0;
 }
 
@@ -4043,11 +4030,9 @@ static struct kprobe do_init_module_kprobe = {
         .pre_handler = do_init_module_pre_handler,
 };
 
-static struct kretprobe update_cred_kretprobe = {
-        .kp.symbol_name = "commit_creds",
-        .data_size = sizeof(struct update_cred_data),
-        .handler = update_cred_handler,
-        .entry_handler = update_cred_entry_handler,
+static struct kprobe update_cred_kprobe = {
+        .symbol_name = "commit_creds",
+        .pre_handler = update_cred_pre_handler,
 };
 
 static struct kprobe security_inode_create_kprobe = {
@@ -4554,7 +4539,7 @@ static void unregister_prctl_kprobe(void)
 static int register_update_cred_kprobe(void)
 {
     int ret;
-    ret = smith_register_kretprobe(&update_cred_kretprobe);
+    ret = register_kprobe(&update_cred_kprobe);
     if (ret == 0)
         update_cred_kprobe_state = 0x1;
 
@@ -4563,7 +4548,7 @@ static int register_update_cred_kprobe(void)
 
 static void unregister_update_cred_kprobe(void)
 {
-    smith_unregister_kretprobe(&update_cred_kretprobe);
+    unregister_kprobe(&update_cred_kprobe);
 }
 
 static int register_mprotect_kprobe(void)