[PATCH] Process Events Connector

This patch adds a connector that reports fork, exec, id change, and exit events for all processes to userspace. It replaces the fork_advisor patch that ELSA is currently using. Applications that may find these events useful include accounting/auditing (e.g. ELSA), system activity monitoring (e.g. top), security, and resource management (e.g. CKRM). Signed-off-by: Matt Helsley <matthltc@us.ibm.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
author: Matt Helsley <matthltc@us.ibm.com> 2005-11-07 03:59:16 -0500
committer: Linus Torvalds <torvalds@g5.osdl.org> 2005-11-07 10:53:35 -0500
commit: 9f46080c41d5f3f7c00b4e169ba4b0b2865258bf (patch)
tree: e2c029ef7f0cd5fb8ea9b78db3f7be5badaf59b1 /drivers
parent: 49364ce2534418462d681ad99e52e79a00b0f40b (diff)
3 files changed, 231 insertions, 0 deletions
diff --git a/drivers/connector/Kconfig b/drivers/connector/Kconfig
index 0bc2059c1e08..e0bdc0db9640 100644
--- a/drivers/connector/Kconfig
+++ b/drivers/connector/Kconfig
@@ -10,4 +10,12 @@ config CONNECTOR
          Connector support can also be built as a module.  If so, the module
          will be called cn.ko.
+config PROC_EVENTS
+        boolean "Report process events to userspace"
+        depends on CONNECTOR=y
+        default y
+        ---help---
+          Provide a connector that reports process events to userspace. Send
+          events such as fork, exec, id change (uid, gid, suid, etc), and exit.
 endmenu
diff --git a/drivers/connector/Makefile b/drivers/connector/Makefile
index 12ca79e8234d..1f255e46e916 100644
--- a/drivers/connector/Makefile
+++ b/drivers/connector/Makefile
@@ -1,3 +1,4 @@
 obj-$(CONFIG_CONNECTOR)         += cn.o
+obj-$(CONFIG_PROC_EVENTS)       += cn_proc.o
 cn-y                            += cn_queue.o connector.o
diff --git a/drivers/connector/cn_proc.c b/drivers/connector/cn_proc.c
new file mode 100644
index 000000000000..fcdf0fff13a6
--- /dev/null
+++ b/drivers/connector/cn_proc.c
@@ -0,0 +1,222 @@
+/*
+ * cn_proc.c - process events connector
+ *
+ * Copyright (C) Matt Helsley, IBM Corp. 2005
+ * Based on cn_fork.c by Guillaume Thouvenin <guillaume.thouvenin@bull.net>
+ * Original copyright notice follows:
+ * Copyright (C) 2005 BULL SA.
+ *
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ */
+#include <linux/module.h>
+#include <linux/kernel.h>
+#include <linux/init.h>
+#include <asm/atomic.h>
+#include <linux/cn_proc.h>
+#define CN_PROC_MSG_SIZE (sizeof(struct cn_msg) + sizeof(struct proc_event))
+static atomic_t proc_event_num_listeners = ATOMIC_INIT(0);
+static struct cb_id cn_proc_event_id = { CN_IDX_PROC, CN_VAL_PROC };
+/* proc_counts is used as the sequence number of the netlink message */
+static DEFINE_PER_CPU(__u32, proc_event_counts) = { 0 };
+static inline void get_seq(__u32 *ts, int *cpu)
+{
+        *ts = get_cpu_var(proc_event_counts)++;
+        *cpu = smp_processor_id();
+        put_cpu_var(proc_counts);
+}
+void proc_fork_connector(struct task_struct *task)
+{
+        struct cn_msg *msg;
+        struct proc_event *ev;
+        __u8 buffer[CN_PROC_MSG_SIZE];
+        if (atomic_read(&proc_event_num_listeners) < 1)
+                return;
+        msg = (struct cn_msg*)buffer;
+        ev = (struct proc_event*)msg->data;
+        get_seq(&msg->seq, &ev->cpu);
+        ev->what = PROC_EVENT_FORK;
+        ev->event_data.fork.parent_pid = task->real_parent->pid;
+        ev->event_data.fork.parent_tgid = task->real_parent->tgid;
+        ev->event_data.fork.child_pid = task->pid;
+        ev->event_data.fork.child_tgid = task->tgid;
+        memcpy(&msg->id, &cn_proc_event_id, sizeof(msg->id));
+        msg->ack = 0; /* not used */
+        msg->len = sizeof(*ev);
+        /*  If cn_netlink_send() failed, the data is not sent */
+        cn_netlink_send(msg, CN_IDX_PROC, GFP_KERNEL);
+}
+void proc_exec_connector(struct task_struct *task)
+{
+        struct cn_msg *msg;
+        struct proc_event *ev;
+        __u8 buffer[CN_PROC_MSG_SIZE];
+        if (atomic_read(&proc_event_num_listeners) < 1)
+                return;
+        msg = (struct cn_msg*)buffer;
+        ev = (struct proc_event*)msg->data;
+        get_seq(&msg->seq, &ev->cpu);
+        ev->what = PROC_EVENT_EXEC;
+        ev->event_data.exec.process_pid = task->pid;
+        ev->event_data.exec.process_tgid = task->tgid;
+        memcpy(&msg->id, &cn_proc_event_id, sizeof(msg->id));
+        msg->ack = 0; /* not used */
+        msg->len = sizeof(*ev);
+        cn_netlink_send(msg, CN_IDX_PROC, GFP_KERNEL);
+}
+void proc_id_connector(struct task_struct *task, int which_id)
+{
+        struct cn_msg *msg;
+        struct proc_event *ev;
+        __u8 buffer[CN_PROC_MSG_SIZE];
+        if (atomic_read(&proc_event_num_listeners) < 1)
+                return;
+        msg = (struct cn_msg*)buffer;
+        ev = (struct proc_event*)msg->data;
+        ev->what = which_id;
+        ev->event_data.id.process_pid = task->pid;
+        ev->event_data.id.process_tgid = task->tgid;
+        if (which_id == PROC_EVENT_UID) {
+                ev->event_data.id.r.ruid = task->uid;
+                ev->event_data.id.e.euid = task->euid;
+        } else if (which_id == PROC_EVENT_GID) {
+                ev->event_data.id.r.rgid = task->gid;
+                ev->event_data.id.e.egid = task->egid;
+        } else
+                return;
+        get_seq(&msg->seq, &ev->cpu);
+        memcpy(&msg->id, &cn_proc_event_id, sizeof(msg->id));
+        msg->ack = 0; /* not used */
+        msg->len = sizeof(*ev);
+        cn_netlink_send(msg, CN_IDX_PROC, GFP_KERNEL);
+}
+void proc_exit_connector(struct task_struct *task)
+{
+        struct cn_msg *msg;
+        struct proc_event *ev;
+        __u8 buffer[CN_PROC_MSG_SIZE];
+        if (atomic_read(&proc_event_num_listeners) < 1)
+                return;
+        msg = (struct cn_msg*)buffer;
+        ev = (struct proc_event*)msg->data;
+        get_seq(&msg->seq, &ev->cpu);
+        ev->what = PROC_EVENT_EXIT;
+        ev->event_data.exit.process_pid = task->pid;
+        ev->event_data.exit.process_tgid = task->tgid;
+        ev->event_data.exit.exit_code = task->exit_code;
+        ev->event_data.exit.exit_signal = task->exit_signal;
+        memcpy(&msg->id, &cn_proc_event_id, sizeof(msg->id));
+        msg->ack = 0; /* not used */
+        msg->len = sizeof(*ev);
+        cn_netlink_send(msg, CN_IDX_PROC, GFP_KERNEL);
+}
+/*
+ * Send an acknowledgement message to userspace
+ *
+ * Use 0 for success, EFOO otherwise.
+ * Note: this is the negative of conventional kernel error
+ * values because it's not being returned via syscall return
+ * mechanisms.
+ */
+static void cn_proc_ack(int err, int rcvd_seq, int rcvd_ack)
+{
+        struct cn_msg *msg;
+        struct proc_event *ev;
+        __u8 buffer[CN_PROC_MSG_SIZE];
+        if (atomic_read(&proc_event_num_listeners) < 1)
+                return;
+        msg = (struct cn_msg*)buffer;
+        ev = (struct proc_event*)msg->data;
+        msg->seq = rcvd_seq;
+        ev->cpu = -1;
+        ev->what = PROC_EVENT_NONE;
+        ev->event_data.ack.err = err;
+        memcpy(&msg->id, &cn_proc_event_id, sizeof(msg->id));
+        msg->ack = rcvd_ack + 1;
+        msg->len = sizeof(*ev);
+        cn_netlink_send(msg, CN_IDX_PROC, GFP_KERNEL);
+}
+/**
+ * cn_proc_mcast_ctl
+ * @data: message sent from userspace via the connector
+ */
+static void cn_proc_mcast_ctl(void *data)
+{
+        struct cn_msg *msg = data;
+        enum proc_cn_mcast_op *mc_op = NULL;
+        int err = 0;
+        if (msg->len != sizeof(*mc_op))
+                return;
+        mc_op = (enum proc_cn_mcast_op*)msg->data;
+        switch (*mc_op) {
+        case PROC_CN_MCAST_LISTEN:
+                atomic_inc(&proc_event_num_listeners);
+                break;
+        case PROC_CN_MCAST_IGNORE:
+                atomic_dec(&proc_event_num_listeners);
+                break;
+        default:
+                err = EINVAL;
+                break;
+        }
+        cn_proc_ack(err, msg->seq, msg->ack);
+}
+/*
+ * cn_proc_init - initialization entry point
+ *
+ * Adds the connector callback to the connector driver.
+ */
+static int __init cn_proc_init(void)
+{
+        int err;
+        if ((err = cn_add_callback(&cn_proc_event_id, "cn_proc",
+                                   &cn_proc_mcast_ctl))) {
+                printk(KERN_WARNING "cn_proc failed to register\n");
+                return err;
+        }
+        return 0;
+}
+module_init(cn_proc_init);
author	Matt Helsley <matthltc@us.ibm.com>	2005-11-07 03:59:16 -0500
committer	Linus Torvalds <torvalds@g5.osdl.org>	2005-11-07 10:53:35 -0500
commit	9f46080c41d5f3f7c00b4e169ba4b0b2865258bf (patch)
tree	e2c029ef7f0cd5fb8ea9b78db3f7be5badaf59b1 /drivers
parent	49364ce2534418462d681ad99e52e79a00b0f40b (diff)

diff --git a/drivers/connector/Kconfig b/drivers/connector/Kconfig index 0bc2059c1e08..e0bdc0db9640 100644 --- a/drivers/connector/Kconfig +++ b/drivers/connector/Kconfig
@@ -10,4 +10,12 @@ config CONNECTOR
10	Connector support can also be built as a module. If so, the module	10	Connector support can also be built as a module. If so, the module
11	will be called cn.ko.	11	will be called cn.ko.
12		12
		13	config PROC_EVENTS
		14	boolean "Report process events to userspace"
		15	depends on CONNECTOR=y
		16	default y
		17	---help---
		18	Provide a connector that reports process events to userspace. Send
		19	events such as fork, exec, id change (uid, gid, suid, etc), and exit.
		20
13	endmenu	21	endmenu


diff --git a/drivers/connector/Makefile b/drivers/connector/Makefile index 12ca79e8234d..1f255e46e916 100644 --- a/drivers/connector/Makefile +++ b/drivers/connector/Makefile
@@ -1,3 +1,4 @@
1	obj-$(CONFIG_CONNECTOR) += cn.o	1	obj-$(CONFIG_CONNECTOR) += cn.o
		2	obj-$(CONFIG_PROC_EVENTS) += cn_proc.o
2		3
3	cn-y += cn_queue.o connector.o	4	cn-y += cn_queue.o connector.o


diff --git a/drivers/connector/cn_proc.c b/drivers/connector/cn_proc.c new file mode 100644 index 000000000000..fcdf0fff13a6 --- /dev/null +++ b/drivers/connector/cn_proc.c
@@ -0,0 +1,222 @@
		1	/*
		2	* cn_proc.c - process events connector
		3	*
		4	* Copyright (C) Matt Helsley, IBM Corp. 2005
		5	* Based on cn_fork.c by Guillaume Thouvenin <guillaume.thouvenin@bull.net>
		6	* Original copyright notice follows:
		7	* Copyright (C) 2005 BULL SA.
		8	*
		9	*
		10	* This program is free software; you can redistribute it and/or modify
		11	* it under the terms of the GNU General Public License as published by
		12	* the Free Software Foundation; either version 2 of the License, or
		13	* (at your option) any later version.
		14	*
		15	* This program is distributed in the hope that it will be useful,
		16	* but WITHOUT ANY WARRANTY; without even the implied warranty of
		17	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
		18	* GNU General Public License for more details.
		19	*
		20	* You should have received a copy of the GNU General Public License
		21	* along with this program; if not, write to the Free Software
		22	* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
		23	*/
		24
		25	#include <linux/module.h>
		26	#include <linux/kernel.h>
		27	#include <linux/init.h>
		28	#include <asm/atomic.h>
		29
		30	#include <linux/cn_proc.h>
		31
		32	#define CN_PROC_MSG_SIZE (sizeof(struct cn_msg) + sizeof(struct proc_event))
		33
		34	static atomic_t proc_event_num_listeners = ATOMIC_INIT(0);
		35	static struct cb_id cn_proc_event_id = { CN_IDX_PROC, CN_VAL_PROC };
		36
		37	/* proc_counts is used as the sequence number of the netlink message */
		38	static DEFINE_PER_CPU(__u32, proc_event_counts) = { 0 };
		39
		40	static inline void get_seq(__u32 ts, int cpu)
		41	{
		42	*ts = get_cpu_var(proc_event_counts)++;
		43	*cpu = smp_processor_id();
		44	put_cpu_var(proc_counts);
		45	}
		46
		47	void proc_fork_connector(struct task_struct *task)
		48	{
		49	struct cn_msg *msg;
		50	struct proc_event *ev;
		51	__u8 buffer[CN_PROC_MSG_SIZE];
		52
		53	if (atomic_read(&proc_event_num_listeners) < 1)
		54	return;
		55
		56	msg = (struct cn_msg*)buffer;
		57	ev = (struct proc_event*)msg->data;
		58	get_seq(&msg->seq, &ev->cpu);
		59	ev->what = PROC_EVENT_FORK;
		60	ev->event_data.fork.parent_pid = task->real_parent->pid;
		61	ev->event_data.fork.parent_tgid = task->real_parent->tgid;
		62	ev->event_data.fork.child_pid = task->pid;
		63	ev->event_data.fork.child_tgid = task->tgid;
		64
		65	memcpy(&msg->id, &cn_proc_event_id, sizeof(msg->id));
		66	msg->ack = 0; /* not used */
		67	msg->len = sizeof(*ev);
		68	/* If cn_netlink_send() failed, the data is not sent */
		69	cn_netlink_send(msg, CN_IDX_PROC, GFP_KERNEL);
		70	}
		71
		72	void proc_exec_connector(struct task_struct *task)
		73	{
		74	struct cn_msg *msg;
		75	struct proc_event *ev;
		76	__u8 buffer[CN_PROC_MSG_SIZE];
		77
		78	if (atomic_read(&proc_event_num_listeners) < 1)
		79	return;
		80
		81	msg = (struct cn_msg*)buffer;
		82	ev = (struct proc_event*)msg->data;
		83	get_seq(&msg->seq, &ev->cpu);
		84	ev->what = PROC_EVENT_EXEC;
		85	ev->event_data.exec.process_pid = task->pid;
		86	ev->event_data.exec.process_tgid = task->tgid;
		87
		88	memcpy(&msg->id, &cn_proc_event_id, sizeof(msg->id));
		89	msg->ack = 0; /* not used */
		90	msg->len = sizeof(*ev);
		91	cn_netlink_send(msg, CN_IDX_PROC, GFP_KERNEL);
		92	}
		93
		94	void proc_id_connector(struct task_struct *task, int which_id)
		95	{
		96	struct cn_msg *msg;
		97	struct proc_event *ev;
		98	__u8 buffer[CN_PROC_MSG_SIZE];
		99
		100	if (atomic_read(&proc_event_num_listeners) < 1)
		101	return;
		102
		103	msg = (struct cn_msg*)buffer;
		104	ev = (struct proc_event*)msg->data;
		105	ev->what = which_id;
		106	ev->event_data.id.process_pid = task->pid;
		107	ev->event_data.id.process_tgid = task->tgid;
		108	if (which_id == PROC_EVENT_UID) {
		109	ev->event_data.id.r.ruid = task->uid;
		110	ev->event_data.id.e.euid = task->euid;
		111	} else if (which_id == PROC_EVENT_GID) {
		112	ev->event_data.id.r.rgid = task->gid;
		113	ev->event_data.id.e.egid = task->egid;
		114	} else
		115	return;
		116	get_seq(&msg->seq, &ev->cpu);
		117
		118	memcpy(&msg->id, &cn_proc_event_id, sizeof(msg->id));
		119	msg->ack = 0; /* not used */
		120	msg->len = sizeof(*ev);
		121	cn_netlink_send(msg, CN_IDX_PROC, GFP_KERNEL);
		122	}
		123
		124	void proc_exit_connector(struct task_struct *task)
		125	{
		126	struct cn_msg *msg;
		127	struct proc_event *ev;
		128	__u8 buffer[CN_PROC_MSG_SIZE];
		129
		130	if (atomic_read(&proc_event_num_listeners) < 1)
		131	return;
		132
		133	msg = (struct cn_msg*)buffer;
		134	ev = (struct proc_event*)msg->data;
		135	get_seq(&msg->seq, &ev->cpu);
		136	ev->what = PROC_EVENT_EXIT;
		137	ev->event_data.exit.process_pid = task->pid;
		138	ev->event_data.exit.process_tgid = task->tgid;
		139	ev->event_data.exit.exit_code = task->exit_code;
		140	ev->event_data.exit.exit_signal = task->exit_signal;
		141
		142	memcpy(&msg->id, &cn_proc_event_id, sizeof(msg->id));
		143	msg->ack = 0; /* not used */
		144	msg->len = sizeof(*ev);
		145	cn_netlink_send(msg, CN_IDX_PROC, GFP_KERNEL);
		146	}
		147
		148	/*
		149	* Send an acknowledgement message to userspace
		150	*
		151	* Use 0 for success, EFOO otherwise.
		152	* Note: this is the negative of conventional kernel error
		153	* values because it's not being returned via syscall return
		154	* mechanisms.
		155	*/
		156	static void cn_proc_ack(int err, int rcvd_seq, int rcvd_ack)
		157	{
		158	struct cn_msg *msg;
		159	struct proc_event *ev;
		160	__u8 buffer[CN_PROC_MSG_SIZE];
		161
		162	if (atomic_read(&proc_event_num_listeners) < 1)
		163	return;
		164
		165	msg = (struct cn_msg*)buffer;
		166	ev = (struct proc_event*)msg->data;
		167	msg->seq = rcvd_seq;
		168	ev->cpu = -1;
		169	ev->what = PROC_EVENT_NONE;
		170	ev->event_data.ack.err = err;
		171	memcpy(&msg->id, &cn_proc_event_id, sizeof(msg->id));
		172	msg->ack = rcvd_ack + 1;
		173	msg->len = sizeof(*ev);
		174	cn_netlink_send(msg, CN_IDX_PROC, GFP_KERNEL);
		175	}
		176
		177	/**
		178	* cn_proc_mcast_ctl
		179	* @data: message sent from userspace via the connector
		180	*/
		181	static void cn_proc_mcast_ctl(void *data)
		182	{
		183	struct cn_msg *msg = data;
		184	enum proc_cn_mcast_op *mc_op = NULL;
		185	int err = 0;
		186
		187	if (msg->len != sizeof(*mc_op))
		188	return;
		189
		190	mc_op = (enum proc_cn_mcast_op*)msg->data;
		191	switch (*mc_op) {
		192	case PROC_CN_MCAST_LISTEN:
		193	atomic_inc(&proc_event_num_listeners);
		194	break;
		195	case PROC_CN_MCAST_IGNORE:
		196	atomic_dec(&proc_event_num_listeners);
		197	break;
		198	default:
		199	err = EINVAL;
		200	break;
		201	}
		202	cn_proc_ack(err, msg->seq, msg->ack);
		203	}
		204
		205	/*
		206	* cn_proc_init - initialization entry point
		207	*
		208	* Adds the connector callback to the connector driver.
		209	*/
		210	static int __init cn_proc_init(void)
		211	{
		212	int err;
		213
		214	if ((err = cn_add_callback(&cn_proc_event_id, "cn_proc",
		215	&cn_proc_mcast_ctl))) {
		216	printk(KERN_WARNING "cn_proc failed to register\n");
		217	return err;
		218	}
		219	return 0;
		220	}
		221
		222	module_init(cn_proc_init);