Linux server.thearyasamaj.org 4.18.0-553.56.1.el8_10.x86_64 #1 SMP Tue Jun 10 05:00:59 EDT 2025 x86_64
Apache
: 103.90.241.146 | : 216.73.216.222
Cant Read [ /etc/named.conf ]
5.6.40
ftpuser@mantra.thearyasamaj.org
www.github.com/MadExploits
Terminal
AUTO ROOT
Adminer
Backdoor Destroyer
Linux Exploit
Lock Shell
Lock File
Create User
CREATE RDP
PHP Mailer
BACKCONNECT
UNLOCK SHELL
HASH IDENTIFIER
CPANEL RESET
CREATE WP USER
README
+ Create Folder
+ Create File
/
usr /
src /
file_protector-1.1-1529 /
[ HOME SHELL ]
Name
Size
Permission
Action
common
[ DIR ]
drwxr-xr-x
syscall_hooks
[ DIR ]
drwxr-xr-x
transport
[ DIR ]
drwxr-xr-x
Kbuild
3.71
KB
-rw-r--r--
Makefile
2.2
KB
-rw-r--r--
compat.c
5.74
KB
-rw-r--r--
compat.h
6.94
KB
-rw-r--r--
debug.h
3.56
KB
-rw-r--r--
dkms.conf
146
B
-rw-r--r--
memory.h
529
B
-rw-r--r--
module.c
1.86
KB
-rw-r--r--
module_ref.h
421
B
-rw-r--r--
module_rundown_protection.c
3.6
KB
-rw-r--r--
module_rundown_protection.h
743
B
-rw-r--r--
rundown_protection.c
4.2
KB
-rw-r--r--
rundown_protection.h
2.83
KB
-rw-r--r--
stringify.h
261
B
-rw-r--r--
task_info_map.c
17.1
KB
-rw-r--r--
task_info_map.h
1.76
KB
-rw-r--r--
tracepoints.c
3.02
KB
-rw-r--r--
tracepoints.h
299
B
-rw-r--r--
Delete
Unzip
Zip
${this.title}
Close
Code Editor : task_info_map.c
/** @file @brief Process (aka task) info storage @details Copyright (c) 2017-2021 Acronis International GmbH @author Ivan Matveev (ivan.matveev@acronis.com) @since $Id: $ */ #include "task_info_map.h" #include "transport.h" #include "compat.h" #include "debug.h" #include "memory.h" #include <linux/mutex.h> #include <linux/mm.h> // get_task_exe_file() static struct mutex global_task_info_maps_mutex; static task_info_map_t* global_task_info_maps[MAX_TASK_INFO_MAP_SIZE] = {0}; const char *task_status_to_string(task_status_t status) { switch (status) { #define CASE_TS_RETURN(t) case TS_##t: return #t CASE_TS_RETURN(UNKNOWN); CASE_TS_RETURN(IGNORE); CASE_TS_RETURN(WHITE); CASE_TS_RETURN(BLACK); CASE_TS_RETURN(GREY); #undef CASE_TS_RETURN default: return "?"; } } static task_info_t *task_info_init(task_info_t *task_info, pid_t pid) { DPRINTF("task_info=%p pid=%i", task_info, pid); RB_CLEAR_NODE(&task_info->rb_node); task_info->pid = pid; atomic_set(&task_info->ref_cnt, 1); spin_lock_init(&task_info->spinlock); task_info->status = TS_UNKNOWN; /* struct path { struct vfsmount *mnt; struct dentry *dentry; }; */ task_info->exe_key = (file_key_t){}; task_info->is_exe_path_changed = true; return task_info; } static task_info_t *task_info_new(pid_t pid) { task_info_t *task_info = mem_alloc0(sizeof(task_info_t)); if (task_info) { task_info_init(task_info, pid); } return task_info; } static task_info_t *task_info_ref(task_info_t *task_info) { atomic_inc(&task_info->ref_cnt); return task_info; } static void task_info_free(task_info_t *task_info) { DPRINTF("task_info=%p", task_info); mem_free(task_info); } static void task_info_unref(task_info_t *task_info) { DPRINTF("pid=%d ref_cnt=%d", task_info->pid, atomic_read(&task_info->ref_cnt)); if (atomic_dec_and_test(&task_info->ref_cnt)) { task_info_free(task_info); } } static int task_info_map_init(task_info_map_t *map) { spin_lock_init(&map->spinlock); map->root = RB_ROOT; atomic_set(&map->refcount, 1); return 0; } static task_info_map_t* task_info_map_alloc(void) { task_info_map_t *map = mem_alloc(sizeof(task_info_map_t)); if (map) { task_info_map_init(map); } return map; } static void task_info_map_clear(task_info_map_t *map); static void task_info_map_free_deferred(struct rcu_head* _map) { task_info_map_t *map = container_of(_map, task_info_map_t, rcu); task_info_map_clear(map); mem_free(map); } static task_info_map_t* task_info_map_get(int idx) { task_info_map_t *map = NULL; if (idx >= MAX_TASK_INFO_MAP_SIZE) { return NULL; } rcu_read_lock(); map = rcu_dereference(global_task_info_maps[idx]); if (map) { if (atomic_inc_not_zero(&map->refcount)) { DPRINTF("task_info_map_get: %d", idx); } else { map = NULL; } } rcu_read_unlock(); return map; } static void task_info_map_put(task_info_map_t *map) { if (atomic_dec_and_test(&map->refcount)) { call_rcu(&map->rcu, task_info_map_free_deferred); } } void task_info_maps_init(void) { unsigned char i = 0; mutex_init(&global_task_info_maps_mutex); DPRINTF("task_info_maps_init"); for (i = 0; i < MAX_TASK_INFO_MAP_SIZE; i++) { global_task_info_maps[i] = NULL; } } static void task_info_map_clear(task_info_map_t *map) { struct rb_node *node; node = map->root.rb_node; while (node) { task_info_t *task_info; task_info = rb_entry(node, task_info_t, rb_node); rb_erase(&task_info->rb_node, &map->root); node = map->root.rb_node; if (atomic_read(&task_info->ref_cnt) != 1) { DPRINTF("task info [%d] ref_cnf[%d] is not equal to 1 when clearing", task_info->pid, atomic_read(&task_info->ref_cnt)); } task_info_unref(task_info); } } // Called on module shutdown void task_info_maps_clear(void) { unsigned char i = 0; DPRINTF("task_info_maps_clear"); for (i = 0; i < MAX_TASK_INFO_MAP_SIZE; i++) { task_info_map_t *map; mutex_lock(&global_task_info_maps_mutex); map = global_task_info_maps[i]; rcu_assign_pointer(global_task_info_maps[i], NULL); mutex_unlock(&global_task_info_maps_mutex); if (map) { task_info_map_put(map); } } synchronize_rcu(); rcu_barrier(); } // Assume that each transport only use it's unique valid map_id after acquiring unsigned char acquire_task_info_map(void) { unsigned char map_id = MAX_TASK_INFO_MAP_SIZE + 1; unsigned char i = 0; mutex_lock(&global_task_info_maps_mutex); for (i = 0; i < MAX_TASK_INFO_MAP_SIZE; i++) { task_info_map_t* map; if (global_task_info_maps[i]) continue; map = task_info_map_alloc(); if (!map) { EPRINTF("Failed to allocate task_info_map"); mutex_unlock(&global_task_info_maps_mutex); return 0; } rcu_assign_pointer(global_task_info_maps[i], map); map_id = i; break; } mutex_unlock(&global_task_info_maps_mutex); if (map_id < MAX_TASK_INFO_MAP_SIZE) { DPRINTF_LEVEL(LOG_LEVEL_DEBUG1, "Acquire task_info_map ok: %u", map_id); } else { EPRINTF("Failed to acquire task_info_map"); } return map_id; } void release_task_info_map(unsigned char map_id) { task_info_map_t *map; if (map_id >= MAX_TASK_INFO_MAP_SIZE) { return; } mutex_lock(&global_task_info_maps_mutex); map = global_task_info_maps[map_id]; rcu_assign_pointer(global_task_info_maps[map_id], NULL); mutex_unlock(&global_task_info_maps_mutex); if (map) task_info_map_put(map); } static task_info_t *task_info_lookup(task_info_map_t *map, pid_t pid) { struct rb_node *node; task_info_t *task_info = NULL; DPRINTF("pid=%d", pid); spin_lock(&map->spinlock); node = map->root.rb_node; while (node) { task_info_t *node_task_info = rb_entry(node, task_info_t, rb_node); pid_t node_pid = node_task_info->pid; if (pid < node_pid) { node = node->rb_left; } else if (pid > node_pid) { node = node->rb_right; } else { task_info = task_info_ref(node_task_info); break; } } spin_unlock(&map->spinlock); DPRINTF_RATELIMITED("task_info=%p pid=%d", task_info, pid); return task_info; } static task_info_t *task_info_map_insert(task_info_map_t *map, task_info_t *new_task_info) { pid_t pid = new_task_info->pid; struct rb_node *parent = NULL; struct rb_node **link; DPRINTF_RATELIMITED("new_task_info=%p pid=%i", new_task_info, pid); spin_lock(&map->spinlock); link = &(map->root.rb_node); while (*link) { task_info_t *node_task_info; pid_t node_pid; parent = *link; node_task_info = rb_entry(parent, task_info_t, rb_node); node_pid = node_task_info->pid; if (pid < node_pid) { link = &parent->rb_left; } else if (pid > node_pid) { link = &parent->rb_right; } else { // collision DPRINTF_RATELIMITED("collision"); task_info_ref(node_task_info); spin_unlock(&map->spinlock); return node_task_info; } } // do 'inc' for 'map->root' task_info_ref(new_task_info); rb_link_node(&new_task_info->rb_node, parent, link); rb_insert_color(&new_task_info->rb_node, &map->root); DPRINTF_RATELIMITED("inserted"); spin_unlock(&map->spinlock); return new_task_info; } // Warning: May block! static task_info_t *task_info_add(task_info_map_t *map, pid_t pid) { task_info_t *task_info; task_info_t *new_task_info; DPRINTF_RATELIMITED("pid=%d", pid); task_info = task_info_lookup(map, pid); if (task_info) { DPRINTF_RATELIMITED("pid=%i is already in the map (task_info=%p)", pid, task_info); return task_info; } new_task_info = task_info_new(pid); if (!new_task_info) { DPRINTF_RATELIMITED("out of memory"); return NULL; } task_info = task_info_map_insert(map, new_task_info); if (task_info != new_task_info) { // collision DPRINTF_RATELIMITED("collision"); task_info_unref(new_task_info); } return task_info; } static int task_info_map_del(task_info_map_t *map, pid_t pid) { task_info_t *task_info; DPRINTF("pid=%d", pid); task_info = task_info_lookup(map, pid); if (!task_info) { // task info may be deleted in task_info_map_clear_exited_list() // so here no need to print warning DPRINTF("pid=%d is missing in the map", pid); return -ENOENT; } spin_lock(&map->spinlock); if (map->root.rb_node != NULL) { rb_erase(&task_info->rb_node, &map->root); } spin_unlock(&map->spinlock); // undo 'inc' done for 'map->root' task_info_unref(task_info); // undo 'inc' done in 'task_info_lookup()' task_info_unref(task_info); DPRINTF("pid=%d", pid); return 0; } static void task_info_map_remove(task_info_map_t *map, task_info_t *task_info) { spin_lock(&map->spinlock); if (map->root.rb_node != NULL) { rb_erase(&task_info->rb_node, &map->root); } if (atomic_read(&task_info->ref_cnt) >= 2) { // undo 'inc' done for 'map->root' task_info_unref(task_info); } spin_unlock(&map->spinlock); } int task_info_map_del_by_map_id(unsigned char map_id, pid_t pid) { task_info_map_t *map; int ret = 0; if (map_id >= MAX_TASK_INFO_MAP_SIZE) { return ENOENT; } map = task_info_map_get(map_id); if (!map) return ENOENT; ret = task_info_map_del(map, pid); task_info_map_put(map); return ret; } static task_info_t *get_task_info_by_map_id(unsigned char map_id, pid_t pid) { task_info_map_t *map = NULL; task_info_t *task_info = NULL; if (map_id >= MAX_TASK_INFO_MAP_SIZE) { return NULL; } map = task_info_map_get(map_id); if (!map) return NULL; task_info = task_info_lookup(map, pid); task_info_map_put(map); return task_info; } // Warning: May block! int task_info_status_set_by_map_id(unsigned char map_id, pid_t pid, task_status_t status) { task_info_t *task_info = NULL; task_info_map_t *map = NULL; DPRINTF_LEVEL(LOG_LEVEL_DEBUG1, "map_id:%u pid=%i status=%i/%s", map_id, pid, status, task_status_to_string(status)); if (map_id >= MAX_TASK_INFO_MAP_SIZE) { return ENOENT; } map = task_info_map_get(map_id); if (!map) return ENOENT; task_info = task_info_add(map, pid); if (!task_info) { WPRINTF("'%s(pid=%i)' failure", "task_info_add", pid); task_info_map_put(map); return -ENOMEM; } spin_lock(&task_info->spinlock); task_info->status = status; spin_unlock(&task_info->spinlock); task_info_unref(task_info); task_info_map_put(map); return 0; } void task_info_map_on_exit_event(pid_t tgid, pid_t pid) { unsigned char i = 0; task_info_t *task_info = NULL; (void) tgid; for (i = 0; i < MAX_TASK_INFO_MAP_SIZE; i++) { task_info_map_t *map = task_info_map_get(i); if (!map) continue; task_info = task_info_lookup(map, pid); if (task_info) { task_info_map_remove(map, task_info); task_info_unref(task_info); } task_info_map_put(map); } } static inline bool file_key_equal(const file_key_t* k1, const file_key_t* k2) { return k1->ptr == k2->ptr && k1->ino == k2->ino && k1->dev == k2->dev && k1->gen == k2->gen; } static inline void make_key_from_inode(file_key_t* key, const struct inode *inode) { key->ptr = (uint64_t) inode; key->ino = (uint64_t) inode->i_ino; key->gen = (uint64_t) inode->i_generation; key->dev = (uint64_t) inode->i_sb ? inode->i_sb->s_dev : 0; } static inline void make_key(file_key_t* key, const struct path *path) { return make_key_from_inode(key, path->dentry->d_inode); } int check_exec_with_task_info(pid_t tgid, struct path exe_path) { unsigned char i = 0; task_info_t *task_info = NULL; bool is_exe_path_changed = false; file_key_t exe_key = (file_key_t){}; if (exe_path.dentry && exe_path.dentry->d_inode) make_key(&exe_key, &exe_path); for (i = 0; i < MAX_TASK_INFO_MAP_SIZE; i++) { task_info_map_t *map = task_info_map_get(i); if (!map) continue; task_info = NULL; task_info = task_info_add(map, tgid); if (task_info) { spin_lock(&task_info->spinlock); if (file_key_equal(&task_info->exe_key, &exe_key)) { } else { task_info->is_exe_path_changed = true; task_info->exe_key = exe_key; } if(task_info->is_exe_path_changed){ is_exe_path_changed = true; } spin_unlock(&task_info->spinlock); task_info_unref(task_info); } else { EPRINTF("Failed to add task info"); } task_info_map_put(map); } if (is_exe_path_changed) { return 1; } return 0; } static bool msg_should_skip(task_info_t *task_info, msg_type_img_t msg_type) { bool ret = false; task_status_t status; if (msg_type == MT_EXEC) { } else if (msg_type == MT_EXIT || msg_type == MT_FORK || msg_type == MT_FILE_PRE_CREATE || msg_type == MT_FILE_CREATE_EX || msg_type == MT_PRE_RENAME_EX || msg_type == MT_RENAME_EX || msg_type == MT_RENAME || msg_type == MT_PRE_UNLINK_EX || msg_type == MT_UNLINK_EX || msg_type == MT_UNLINK) { // for event in EXIT, FORK, CREATE, RENAME and UNLINK, always send } else { spin_lock(&task_info->spinlock); status = task_info->status; spin_unlock(&task_info->spinlock); // For event not in EXIT, FORK, CREATE, RENAME and UNLINK, check status is TS_WHITE or TS_IGNORE if (status == TS_IGNORE || status == TS_WHITE) { ret = true; } } return ret; } bool is_exe_path_changed(task_info_t *task_info) { struct file *exe_file; file_key_t exe_key = (file_key_t){}; bool ret = false; exe_file = get_task_exe_file_compat(current); if (!exe_file) { return false; } if (exe_file->f_path.dentry && exe_file->f_path.dentry->d_inode) make_key(&exe_key, &exe_file->f_path); fput(exe_file); spin_lock(&task_info->spinlock); if (!file_key_equal(&task_info->exe_key, &exe_key)) { ret = true; } spin_unlock(&task_info->spinlock); return ret; } bool sys_call_fs_events_should_skip(pid_t pid, uint64_t events_mask) { unsigned char i = 0; task_info_t *task_info = NULL; bool ret = true; for (i = 0; i < MAX_TASK_INFO_MAP_SIZE; i++) { task_info_map_t *map; msg_type_img_t msg_type; map = task_info_map_get(i); if (!map) continue; task_info = task_info_lookup(map, pid); if (!task_info) { task_info_map_put(map); return false; } if (is_exe_path_changed(task_info)) { task_info_unref(task_info); task_info_map_put(map); return false; } for (msg_type = MT_EXEC; msg_type < MT_MAX; msg_type++) { uint64_t event_mask = MSG_TYPE_TO_EVENT_MASK(msg_type); if (event_mask & events_mask) { if (!msg_should_skip(task_info, msg_type)) { ret = false; break; } } } task_info_unref(task_info); task_info_map_put(map); if (!ret) { break; } } return ret; } static bool should_send(unsigned char map_id, msg_type_img_t msg_type) { bool ret = true; task_info_t *task_info = NULL; task_status_t status; task_info = get_task_info_by_map_id(map_id, current->tgid); if (task_info == NULL) { return false; } if (msg_type == MT_EXEC) { spin_lock(&task_info->spinlock); if (task_info->is_exe_path_changed) { task_info->is_exe_path_changed = false; } else { ret = false; } spin_unlock(&task_info->spinlock); } else if (msg_type == MT_EXIT || msg_type == MT_FORK || msg_type == MT_FILE_PRE_CREATE || msg_type == MT_FILE_CREATE_EX || msg_type == MT_PRE_RENAME_EX || msg_type == MT_RENAME_EX || msg_type == MT_RENAME || msg_type == MT_PRE_UNLINK_EX || msg_type == MT_UNLINK_EX || msg_type == MT_UNLINK) { // for event in EXIT, FORK, CREATE, RENAME and UNLINK, always send } else { spin_lock(&task_info->spinlock); status = task_info->status; spin_unlock(&task_info->spinlock); // For event not in EXIT, FORK, CREATE, RENAME and UNLINK, check status is TS_WHITE or TS_IGNORE if (status == TS_IGNORE || status == TS_WHITE) { ret = false; } } task_info_unref(task_info); return ret; } void get_should_send_task_info_map_ids(bool *should_send_map_ids, msg_type_img_t msg_type) { int i; for (i = 0; i < MAX_TASK_INFO_MAP_SIZE; i++) { should_send_map_ids[i] = false; if (should_send(i, msg_type)) { should_send_map_ids[i] = true; } } }
Close
